From 84f0b4f1874a9c3a5f2da4056f974df8273093d9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 7 Feb 2021 08:27:35 +0100 Subject: [PATCH 001/441] persistent replay env setup --- include/afl-fuzz.h | 2 +- include/envs.h | 1 + include/forkserver.h | 3 +++ src/afl-forkserver.c | 2 +- src/afl-fuzz-state.c | 7 +++++++ src/afl-fuzz.c | 6 ++++++ 6 files changed, 19 insertions(+), 2 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index c3a8c2ee..3b6f2285 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -390,7 +390,7 @@ typedef struct afl_env_vars { *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, - *afl_testcache_entries, *afl_kill_signal; + *afl_testcache_entries, *afl_kill_signal, *afl_persistent_replay; } afl_env_vars_t; diff --git a/include/envs.h b/include/envs.h index 210b34a6..f82bb803 100644 --- a/include/envs.h +++ b/include/envs.h @@ -123,6 +123,7 @@ static char *afl_environment_variables[] = { "AFL_MAX_DET_EXTRAS", "AFL_PATH", "AFL_PERFORMANCE_FILE", + "AFL_PERSISTEN_REPLAY", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", diff --git a/include/forkserver.h b/include/forkserver.h index ac027f81..a0a60e0f 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -55,6 +55,9 @@ typedef struct afl_forkserver { u32 init_tmout; /* Configurable init timeout (ms) */ u32 map_size; /* map size used by the target */ u32 snapshot; /* is snapshot feature used */ + u32 persistent_replay; /* persistent replay setting */ + u32 persistent_replay_idx; /* persistent replay cache ptr */ + u32 persistent_replay_cnt; /* persistent replay counter */ u64 mem_limit; /* Memory cap for child (MB) */ u64 total_execs; /* How often run_target was called */ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 9ee59822..7968f69c 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -126,7 +126,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->last_run_timed_out = 0; fsrv_to->init_child_func = from->init_child_func; - // Note: do not copy ->add_extra_func + // Note: do not copy ->add_extra_func or ->persistent_replay* list_append(&fsrv_list, fsrv_to); diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 5040e3ef..075aef1e 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -292,6 +292,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_autoresume = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_PERSISTENT_REPLAY", + + afl_environment_variable_len)) { + + afl->afl_env.afl_persistent_replay = + get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_CYCLE_SCHEDULES", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a579a8f5..77e6e2ce 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1239,6 +1239,12 @@ int main(int argc, char **argv_orig, char **envp) { } + if (afl->afl_env.afl_persistent_replay) { + + afl->fsrv.persistent_replay = atoi(afl->afl_env.afl_persistent_replay); + + } + if (afl->afl_env.afl_crash_exitcode) { long exitcode = strtol(afl->afl_env.afl_crash_exitcode, NULL, 10); From 81442ba3f953c939e2cde9c16b9cd0d5fe7f12b5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 15:48:49 +0100 Subject: [PATCH 002/441] implementation without testing --- include/forkserver.h | 11 +++++-- src/afl-forkserver.c | 68 ++++++++++++++++++++++++++++++++++++++++++++ src/afl-fuzz.c | 3 +- 3 files changed, 78 insertions(+), 4 deletions(-) diff --git a/include/forkserver.h b/include/forkserver.h index a0a60e0f..ddbc36ef 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -55,9 +55,6 @@ typedef struct afl_forkserver { u32 init_tmout; /* Configurable init timeout (ms) */ u32 map_size; /* map size used by the target */ u32 snapshot; /* is snapshot feature used */ - u32 persistent_replay; /* persistent replay setting */ - u32 persistent_replay_idx; /* persistent replay cache ptr */ - u32 persistent_replay_cnt; /* persistent replay counter */ u64 mem_limit; /* Memory cap for child (MB) */ u64 total_execs; /* How often run_target was called */ @@ -97,6 +94,14 @@ typedef struct afl_forkserver { char *cmplog_binary; /* the name of the cmplog binary */ + /* persistent mode replay functionality */ + u32 persistent_replay; /* persistent replay setting */ + u32 persistent_replay_idx; /* persistent replay cache ptr */ + u32 persistent_replay_cnt; /* persistent replay counter */ + u8 * persistent_replay_dir; + u8 ** persistent_replay_data; + u32 **persistent_replay_len; + /* Function to kick off the forkserver child */ void (*init_child_func)(struct afl_forkserver *fsrv, char **argv); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 7968f69c..05aba2e5 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -364,6 +364,21 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!be_quiet) { ACTF("Spinning up the fork server..."); } + if (unlikely(fsrv->persistent_replay)) { + + fsrv->persistent_replay_data = + (u8 **)ck_alloc(fsrv->persistent_replay * sizeof(size_t)); + fsrv->persistent_replay_len = + (u32 **)ck_alloc(fsrv->persistent_replay * sizeof(u32)); + + if (!fsrv->persistent_replay_data || !fsrv->persistent_replay_len) { + + FATAL("Unable to allocate memory for persistent replay."); + + } + + } + if (fsrv->use_fauxsrv) { /* TODO: Come up with some nice way to initialize this all */ @@ -998,6 +1013,29 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { + if (unlikely(fsrv->persistent_replay)) { + + *fsrv->persistent_replay_len[fsrv->persistent_replay_idx] = len; + fsrv->persistent_replay_data[fsrv->persistent_replay_idx] = afl_realloc( + (void **)&fsrv->persistent_replay_data[fsrv->persistent_replay_idx], + len); + + if (unlikely(!fsrv->persistent_replay_data[fsrv->persistent_replay_idx])) { + + FATAL("allocating replay memory failed."); + + } + + memcpy(fsrv->persistent_replay_data[fsrv->persistent_replay_idx], buf, len); + + if (unlikely(++fsrv->persistent_replay_idx >= fsrv->persistent_replay)) { + + fsrv->persistent_replay_idx = 0; + + } + + } + if (likely(fsrv->use_shmem_fuzz && fsrv->shmem_fuzz)) { if (unlikely(len > MAX_FILE)) len = MAX_FILE; @@ -1208,6 +1246,36 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { + if (unlikely(fsrv->persistent_replay)) { + + char fn[4096]; + u32 i, writecnt = 0; + for (i = 0; i < fsrv->persistent_replay; ++i) { + + u32 entry = (i + fsrv->persistent_replay_idx) % fsrv->persistent_replay; + u8 *data = fsrv->persistent_replay_data[entry]; + u32 *len = fsrv->persistent_replay_len[entry]; + if (likely(len && *len && data)) { + + snprintf(fn, sizeof(fn), "%s/replay_%u_%u.bin", + fsrv->persistent_replay_dir, fsrv->persistent_replay_cnt, + writecnt++); + int fd = open(fn, O_WRONLY, 0644); + if (fd >= 0) { + + ck_write(fd, data, *len, fn); + close(fd); + + } + + } + + } + + ++fsrv->persistent_replay_cnt; + + } + /* For a proper crash, set last_kill_signal to WTERMSIG, else set it to 0 */ fsrv->last_kill_signal = WIFSIGNALED(fsrv->child_status) ? WTERMSIG(fsrv->child_status) : 0; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 77e6e2ce..f3aea2c7 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1239,9 +1239,10 @@ int main(int argc, char **argv_orig, char **envp) { } - if (afl->afl_env.afl_persistent_replay) { + if (unlikely(afl->afl_env.afl_persistent_replay)) { afl->fsrv.persistent_replay = atoi(afl->afl_env.afl_persistent_replay); + afl->fsrv.persistent_replay_dir = alloc_printf("%s/crashes", afl->out_dir); } From 4a0d4c50fc8bec11a090156ab970414d4897ea6c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 19:12:25 +0100 Subject: [PATCH 003/441] complete implemenation, still no test --- include/afl-fuzz.h | 2 +- include/forkserver.h | 13 ++++----- src/afl-forkserver.c | 63 ++++++++++++++++++++++++++++---------------- src/afl-fuzz-state.c | 4 +-- src/afl-fuzz.c | 22 +++++++++++++--- 5 files changed, 69 insertions(+), 35 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 3b6f2285..b1fba884 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -390,7 +390,7 @@ typedef struct afl_env_vars { *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, - *afl_testcache_entries, *afl_kill_signal, *afl_persistent_replay; + *afl_testcache_entries, *afl_kill_signal, *afl_persistent_record; } afl_env_vars_t; diff --git a/include/forkserver.h b/include/forkserver.h index ddbc36ef..850c5b0d 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -95,12 +95,13 @@ typedef struct afl_forkserver { char *cmplog_binary; /* the name of the cmplog binary */ /* persistent mode replay functionality */ - u32 persistent_replay; /* persistent replay setting */ - u32 persistent_replay_idx; /* persistent replay cache ptr */ - u32 persistent_replay_cnt; /* persistent replay counter */ - u8 * persistent_replay_dir; - u8 ** persistent_replay_data; - u32 **persistent_replay_len; + u32 persistent_record; /* persistent replay setting */ + u32 persistent_record_idx; /* persistent replay cache ptr */ + u32 persistent_record_cnt; /* persistent replay counter */ + u8 * persistent_record_dir; + u8 ** persistent_record_data; + u32 **persistent_record_len; + s32 persistent_record_pid; /* Function to kick off the forkserver child */ void (*init_child_func)(struct afl_forkserver *fsrv, char **argv); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 05aba2e5..78e5efe7 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -126,7 +126,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->last_run_timed_out = 0; fsrv_to->init_child_func = from->init_child_func; - // Note: do not copy ->add_extra_func or ->persistent_replay* + // Note: do not copy ->add_extra_func or ->persistent_record* list_append(&fsrv_list, fsrv_to); @@ -364,14 +364,14 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!be_quiet) { ACTF("Spinning up the fork server..."); } - if (unlikely(fsrv->persistent_replay)) { + if (unlikely(fsrv->persistent_record)) { - fsrv->persistent_replay_data = - (u8 **)ck_alloc(fsrv->persistent_replay * sizeof(size_t)); - fsrv->persistent_replay_len = - (u32 **)ck_alloc(fsrv->persistent_replay * sizeof(u32)); + fsrv->persistent_record_data = + (u8 **)ck_alloc(fsrv->persistent_record * sizeof(size_t)); + fsrv->persistent_record_len = + (u32 **)ck_alloc(fsrv->persistent_record * sizeof(u32)); - if (!fsrv->persistent_replay_data || !fsrv->persistent_replay_len) { + if (!fsrv->persistent_record_data || !fsrv->persistent_record_len) { FATAL("Unable to allocate memory for persistent replay."); @@ -1013,24 +1013,24 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { - if (unlikely(fsrv->persistent_replay)) { + if (unlikely(fsrv->persistent_record)) { - *fsrv->persistent_replay_len[fsrv->persistent_replay_idx] = len; - fsrv->persistent_replay_data[fsrv->persistent_replay_idx] = afl_realloc( - (void **)&fsrv->persistent_replay_data[fsrv->persistent_replay_idx], + *fsrv->persistent_record_len[fsrv->persistent_record_idx] = len; + fsrv->persistent_record_data[fsrv->persistent_record_idx] = afl_realloc( + (void **)&fsrv->persistent_record_data[fsrv->persistent_record_idx], len); - if (unlikely(!fsrv->persistent_replay_data[fsrv->persistent_replay_idx])) { + if (unlikely(!fsrv->persistent_record_data[fsrv->persistent_record_idx])) { FATAL("allocating replay memory failed."); } - memcpy(fsrv->persistent_replay_data[fsrv->persistent_replay_idx], buf, len); + memcpy(fsrv->persistent_record_data[fsrv->persistent_record_idx], buf, len); - if (unlikely(++fsrv->persistent_replay_idx >= fsrv->persistent_replay)) { + if (unlikely(++fsrv->persistent_record_idx >= fsrv->persistent_record)) { - fsrv->persistent_replay_idx = 0; + fsrv->persistent_record_idx = 0; } @@ -1148,6 +1148,23 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, } + // end of persistent loop? + if (unlikely(fsrv->persistent_record && + fsrv->persistent_record_pid != fsrv->child_pid)) { + + fsrv->persistent_record_pid = fsrv->child_pid; + u32 idx, val; + if (unlikely(!fsrv->persistent_record_idx)) + idx = fsrv->persistent_record - 1; + else + idx = fsrv->persistent_record_idx - 1; + val = *fsrv->persistent_record_len[idx]; + memset((void *)fsrv->persistent_record_len, 0, + fsrv->persistent_record * sizeof(u32)); + *fsrv->persistent_record_len[idx] = val; + + } + if (fsrv->child_pid <= 0) { if (*stop_soon_p) { return 0; } @@ -1246,19 +1263,19 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { - if (unlikely(fsrv->persistent_replay)) { + if (unlikely(fsrv->persistent_record)) { char fn[4096]; u32 i, writecnt = 0; - for (i = 0; i < fsrv->persistent_replay; ++i) { + for (i = 0; i < fsrv->persistent_record; ++i) { - u32 entry = (i + fsrv->persistent_replay_idx) % fsrv->persistent_replay; - u8 *data = fsrv->persistent_replay_data[entry]; - u32 *len = fsrv->persistent_replay_len[entry]; + u32 entry = (i + fsrv->persistent_record_idx) % fsrv->persistent_record; + u8 *data = fsrv->persistent_record_data[entry]; + u32 *len = fsrv->persistent_record_len[entry]; if (likely(len && *len && data)) { - snprintf(fn, sizeof(fn), "%s/replay_%u_%u.bin", - fsrv->persistent_replay_dir, fsrv->persistent_replay_cnt, + snprintf(fn, sizeof(fn), "%s/RECORD:%06u,cnt:%06u", + fsrv->persistent_record_dir, fsrv->persistent_record_cnt, writecnt++); int fd = open(fn, O_WRONLY, 0644); if (fd >= 0) { @@ -1272,7 +1289,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, } - ++fsrv->persistent_replay_cnt; + ++fsrv->persistent_record_cnt; } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 075aef1e..514414f3 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -292,11 +292,11 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_autoresume = get_afl_env(afl_environment_variables[i]) ? 1 : 0; - } else if (!strncmp(env, "AFL_PERSISTENT_REPLAY", + } else if (!strncmp(env, "AFL_PERSISTENT_RECORD", afl_environment_variable_len)) { - afl->afl_env.afl_persistent_replay = + afl->afl_env.afl_persistent_record = get_afl_env(afl_environment_variables[i]); } else if (!strncmp(env, "AFL_CYCLE_SCHEDULES", diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index f3aea2c7..afaa8f5f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1239,10 +1239,26 @@ int main(int argc, char **argv_orig, char **envp) { } - if (unlikely(afl->afl_env.afl_persistent_replay)) { + if (unlikely(afl->afl_env.afl_persistent_record)) { - afl->fsrv.persistent_replay = atoi(afl->afl_env.afl_persistent_replay); - afl->fsrv.persistent_replay_dir = alloc_printf("%s/crashes", afl->out_dir); + afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); + afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir); + + if (afl->fsrv.persistent_record < 2) { + + FATAL( + "AFL_PERSISTENT_RECORD vallue must be be at least 2, recommended is " + "100 or 1000."); + + } + + if (!getenv(PERSIST_ENV_VAR)) { + + FATAL( + "Target binary is not compiled in persistent mode, " + "AFL_PERSISTENT_RECORD makes no sense."); + + } } From 99b4c3f3624db9300c175936aff22535db6eef67 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 22:19:56 +0100 Subject: [PATCH 004/441] fix --- src/afl-forkserver.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 78e5efe7..a6128220 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -42,6 +42,7 @@ #include #include #include +#include #include #include #include @@ -367,7 +368,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (unlikely(fsrv->persistent_record)) { fsrv->persistent_record_data = - (u8 **)ck_alloc(fsrv->persistent_record * sizeof(size_t)); + (u8 **)ck_alloc(fsrv->persistent_record * sizeof(u8 *)); fsrv->persistent_record_len = (u32 **)ck_alloc(fsrv->persistent_record * sizeof(u32)); @@ -1265,7 +1266,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, if (unlikely(fsrv->persistent_record)) { - char fn[4096]; + char fn[PATH_MAX]; u32 i, writecnt = 0; for (i = 0; i < fsrv->persistent_record; ++i) { From 7f062524c97ab18306d42e59ab0223e04ff78f24 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 23:01:13 +0100 Subject: [PATCH 005/441] fixes --- include/envs.h | 2 +- include/forkserver.h | 2 +- src/afl-forkserver.c | 14 ++++++------- src/afl-fuzz.c | 50 ++++++++++++++++++++++++-------------------- 4 files changed, 36 insertions(+), 32 deletions(-) diff --git a/include/envs.h b/include/envs.h index f82bb803..6ba69f26 100644 --- a/include/envs.h +++ b/include/envs.h @@ -123,7 +123,7 @@ static char *afl_environment_variables[] = { "AFL_MAX_DET_EXTRAS", "AFL_PATH", "AFL_PERFORMANCE_FILE", - "AFL_PERSISTEN_REPLAY", + "AFL_PERSISTENT_RECORD", "AFL_PRELOAD", "AFL_PYTHON_MODULE", "AFL_QEMU_COMPCOV", diff --git a/include/forkserver.h b/include/forkserver.h index 850c5b0d..c894ad80 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -100,7 +100,7 @@ typedef struct afl_forkserver { u32 persistent_record_cnt; /* persistent replay counter */ u8 * persistent_record_dir; u8 ** persistent_record_data; - u32 **persistent_record_len; + u32 * persistent_record_len; s32 persistent_record_pid; /* Function to kick off the forkserver child */ diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a6128220..e6738a71 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -370,7 +370,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, fsrv->persistent_record_data = (u8 **)ck_alloc(fsrv->persistent_record * sizeof(u8 *)); fsrv->persistent_record_len = - (u32 **)ck_alloc(fsrv->persistent_record * sizeof(u32)); + (u32 *)ck_alloc(fsrv->persistent_record * sizeof(u32)); if (!fsrv->persistent_record_data || !fsrv->persistent_record_len) { @@ -1016,7 +1016,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { if (unlikely(fsrv->persistent_record)) { - *fsrv->persistent_record_len[fsrv->persistent_record_idx] = len; + fsrv->persistent_record_len[fsrv->persistent_record_idx] = len; fsrv->persistent_record_data[fsrv->persistent_record_idx] = afl_realloc( (void **)&fsrv->persistent_record_data[fsrv->persistent_record_idx], len); @@ -1159,10 +1159,10 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, idx = fsrv->persistent_record - 1; else idx = fsrv->persistent_record_idx - 1; - val = *fsrv->persistent_record_len[idx]; + val = fsrv->persistent_record_len[idx]; memset((void *)fsrv->persistent_record_len, 0, fsrv->persistent_record * sizeof(u32)); - *fsrv->persistent_record_len[idx] = val; + fsrv->persistent_record_len[idx] = val; } @@ -1272,8 +1272,8 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, u32 entry = (i + fsrv->persistent_record_idx) % fsrv->persistent_record; u8 *data = fsrv->persistent_record_data[entry]; - u32 *len = fsrv->persistent_record_len[entry]; - if (likely(len && *len && data)) { + u32 len = fsrv->persistent_record_len[entry]; + if (likely(len && data)) { snprintf(fn, sizeof(fn), "%s/RECORD:%06u,cnt:%06u", fsrv->persistent_record_dir, fsrv->persistent_record_cnt, @@ -1281,7 +1281,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, int fd = open(fn, O_WRONLY, 0644); if (fd >= 0) { - ck_write(fd, data, *len, fn); + ck_write(fd, data, len, fn); close(fd); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index afaa8f5f..4ee71120 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -986,6 +986,21 @@ int main(int argc, char **argv_orig, char **envp) { } + if (unlikely(afl->afl_env.afl_persistent_record)) { + + afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); + afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir); + + if (afl->fsrv.persistent_record < 2) { + + FATAL( + "AFL_PERSISTENT_RECORD value must be be at least 2, recommended is " + "100 or 1000."); + + } + + } + if (afl->fsrv.qemu_mode && getenv("AFL_USE_QASAN")) { u8 *preload = getenv("AFL_PRELOAD"); @@ -1239,29 +1254,6 @@ int main(int argc, char **argv_orig, char **envp) { } - if (unlikely(afl->afl_env.afl_persistent_record)) { - - afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); - afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir); - - if (afl->fsrv.persistent_record < 2) { - - FATAL( - "AFL_PERSISTENT_RECORD vallue must be be at least 2, recommended is " - "100 or 1000."); - - } - - if (!getenv(PERSIST_ENV_VAR)) { - - FATAL( - "Target binary is not compiled in persistent mode, " - "AFL_PERSISTENT_RECORD makes no sense."); - - } - - } - if (afl->afl_env.afl_crash_exitcode) { long exitcode = strtol(afl->afl_env.afl_crash_exitcode, NULL, 10); @@ -1531,6 +1523,18 @@ int main(int argc, char **argv_orig, char **envp) { check_binary(afl, argv[optind]); + if (unlikely(afl->fsrv.persistent_record)) { + + if (!getenv(PERSIST_ENV_VAR)) { + + FATAL( + "Target binary is not compiled in persistent mode, " + "AFL_PERSISTENT_RECORD makes no sense."); + + } + + } + if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); } afl->start_time = get_cur_time(); From 517db1b8dc1b310b82a73e3878285ca03249f3e4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 6 Mar 2021 23:12:44 +0100 Subject: [PATCH 006/441] fixes --- src/afl-forkserver.c | 2 +- src/afl-fuzz.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index e6738a71..2ab1304e 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1278,7 +1278,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, snprintf(fn, sizeof(fn), "%s/RECORD:%06u,cnt:%06u", fsrv->persistent_record_dir, fsrv->persistent_record_cnt, writecnt++); - int fd = open(fn, O_WRONLY, 0644); + int fd = open(fn, O_CREAT | O_TRUNC | O_WRONLY, 0644); if (fd >= 0) { ck_write(fd, data, len, fn); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 4ee71120..267ab075 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -989,7 +989,6 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(afl->afl_env.afl_persistent_record)) { afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); - afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir); if (afl->fsrv.persistent_record < 2) { @@ -1533,6 +1532,8 @@ int main(int argc, char **argv_orig, char **envp) { } + afl->fsrv.persistent_record_dir = alloc_printf("%s/crashes", afl->out_dir); + } if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); } From d3f69ab4c6d4f1e2eb3349eec3f1cb9313081151 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 7 Mar 2021 08:43:01 +0100 Subject: [PATCH 007/441] documentation for AFL_PERSISTENT_RECORD --- docs/env_variables.md | 9 +++++++++ src/afl-fuzz.c | 1 + 2 files changed, 10 insertions(+) diff --git a/docs/env_variables.md b/docs/env_variables.md index 4c3b1cfb..41733f1b 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -400,6 +400,15 @@ checks or alter some of the more exotic semantics of the tool: - Setting `AFL_FORCE_UI` will force painting the UI on the screen even if no valid terminal was detected (for virtual consoles) + - If you are using persistent mode (you should, see [instrumentation/README.persistent_mode.md](instrumentation/README.persistent_mode.md)) + some targets keep inherent state due which a detected crash testcase does + not crash the target again when the testcase is given. To be able to still + re-trigger these crashes you can use the `AFL_PERSISTENT_RECORD` variable + with a value of how many previous fuzz cases to keep prio a crash. + if set to e.g. 10, then the 9 previous inputs are written to + out/default/crashes as RECORD:000000,cnt:000000 to RECORD:000000,cnt:000008 + and RECORD:000000,cnt:000009 being the crash case. + - If you are Jakub, you may need `AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES`. Others need not apply. diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 267ab075..b2c81580 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -218,6 +218,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PATH: path to AFL support binaries\n" "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n" "AFL_QUIET: suppress forkserver status messages\n" + "AFL_PERSISTENT_RECORD: record the last X inputs to every crash in out/crashes\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" From 1ab125de63627855752d28abf847b3cc0bdf8582 Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Mon, 15 Mar 2021 14:18:41 -0400 Subject: [PATCH 008/441] afl-cmin: Allow @@ to be part of an arg The previous implementation of "@@ handling" in afl-cmin differed greatly from how it was handled in afl-fuzz and how the documentation presented it. It used to require that the @@ be its own argument separated by whitespace and could not be used in situations like "--file=@@". This change standardizes it to just look for @@ to be *in* an argument in the same manner that afl-cmin.bash does, so that it will have the expected and documented behavior. --- afl-cmin | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-cmin b/afl-cmin index 778d7487..a1fc6f21 100755 --- a/afl-cmin +++ b/afl-cmin @@ -243,7 +243,7 @@ BEGIN { if (!stdin_file) { found_atat = 0 for (prog_args_ind in prog_args) { - if ("@@" == prog_args[prog_args_ind]) { + if (match(prog_args[prog_args_ind], "@@") != 0) { found_atat = 1 break } From 70403f7e1b586bf23eebb131d5db2397d708abf0 Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Mon, 15 Mar 2021 14:09:54 -0400 Subject: [PATCH 009/441] triage_crashes.sh: Allow @@ to be part of an arg --- utils/crash_triage/triage_crashes.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh index bf763cba..42cf8158 100755 --- a/utils/crash_triage/triage_crashes.sh +++ b/utils/crash_triage/triage_crashes.sh @@ -90,8 +90,9 @@ for crash in $DIR/crashes/id:*; do for a in $@; do - if [ "$a" = "@@" ] ; then - use_args="$use_args $crash" + if echo "$a" | grep -qF '@@'; then + escaped_fname=`echo $crash | sed 's:/:\\\\/:g'` + use_args="$use_args `echo $a | sed "s/@@/$escaped_fname/g"`" unset use_stdio else use_args="$use_args $a" From b289e7ad073d4affae76de3da5d1faeba0f8a07e Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Mon, 15 Mar 2021 14:09:03 -0400 Subject: [PATCH 010/441] triage_crashes.sh: Fix error reporting --- utils/crash_triage/triage_crashes.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh index 42cf8158..c9ca1f79 100755 --- a/utils/crash_triage/triage_crashes.sh +++ b/utils/crash_triage/triage_crashes.sh @@ -60,12 +60,12 @@ if fi if [ ! -f "$BIN" -o ! -x "$BIN" ]; then - echo "[-] Error: binary '$2' not found or is not executable." 1>&2 + echo "[-] Error: binary '$BIN' not found or is not executable." 1>&2 exit 1 fi if [ ! -d "$DIR/queue" ]; then - echo "[-] Error: directory '$1' not found or not created by afl-fuzz." 1>&2 + echo "[-] Error: directory '$DIR' not found or not created by afl-fuzz." 1>&2 exit 1 fi From 27c048086659808bc1e6742023d4e89330283e02 Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Mon, 15 Mar 2021 13:12:11 -0400 Subject: [PATCH 011/441] afl-showmap: Allow @@ to be part of an arg The previous implementation of "@@ handling" in afl-showmap differed greatly from how it was handled in afl-fuzz and how the documentation presented it. It used to require that the @@ be its own argument separated by whitespace and could not be used in situations like "--file=@@". This change standardizes it to use detect_file_args() like everybody else does, so that it will have the expected and documented behavior. --- src/afl-common.c | 27 ++++++++++-------------- src/afl-showmap.c | 54 +++++++++++++++++++---------------------------- 2 files changed, 33 insertions(+), 48 deletions(-) diff --git a/src/afl-common.c b/src/afl-common.c index 9f6eb564..55564554 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -70,31 +70,26 @@ void detect_file_args(char **argv, u8 *prog_in, bool *use_stdin) { *use_stdin = false; - if (prog_in[0] != 0) { // not afl-showmap special case + /* Be sure that we're always using fully-qualified paths. */ - u8 *n_arg; + *aa_loc = 0; - /* Be sure that we're always using fully-qualified paths. */ + /* Construct a replacement argv value. */ + u8 *n_arg; - *aa_loc = 0; + if (prog_in[0] == '/') { - /* Construct a replacement argv value. */ + n_arg = alloc_printf("%s%s%s", argv[i], prog_in, aa_loc + 2); - if (prog_in[0] == '/') { + } else { - n_arg = alloc_printf("%s%s%s", argv[i], prog_in, aa_loc + 2); - - } else { - - n_arg = alloc_printf("%s%s/%s%s", argv[i], cwd, prog_in, aa_loc + 2); - - } - - ck_free(argv[i]); - argv[i] = n_arg; + n_arg = alloc_printf("%s%s/%s%s", argv[i], cwd, prog_in, aa_loc + 2); } + ck_free(argv[i]); + argv[i] = n_arg; + } i++; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 0fc76193..2627f491 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -72,8 +72,7 @@ static u8 *in_data, /* Input data */ static u64 total; /* tuple content information */ static u32 tcnt, highest; /* tuple content information */ -static u32 in_len, /* Input data length */ - arg_offset; /* Total number of execs */ +static u32 in_len; /* Input data length */ static u32 map_size = MAP_SIZE; @@ -738,7 +737,7 @@ int main(int argc, char **argv_orig, char **envp) { // TODO: u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ - s32 opt, i; + s32 opt; u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; char **use_argv; @@ -986,7 +985,7 @@ int main(int argc, char **argv_orig, char **envp) { if (getenv("AFL_DEBUG")) { DEBUGF(""); - for (i = 0; i < argc; i++) + for (int i = 0; i < argc; i++) SAYF(" %s", argv[i]); SAYF("\n"); @@ -1012,12 +1011,30 @@ int main(int argc, char **argv_orig, char **envp) { } + if (in_dir) { - detect_file_args(argv + optind, "", &fsrv->use_stdin); + /* If we don't have a file name chosen yet, use a safe default. */ + u8 *use_dir = "."; + + if (access(use_dir, R_OK | W_OK | X_OK)) { + + use_dir = get_afl_env("TMPDIR"); + if (!use_dir) { use_dir = "/tmp"; } + + } + + stdin_file = at_file ? strdup(at_file) + : (char *)alloc_printf("%s/.afl-showmap-temp-%u", + use_dir, (u32)getpid()); + unlink(stdin_file); + + // If @@ are in the target args, replace them and also set use_stdin=false. + detect_file_args(argv + optind, stdin_file, &fsrv->use_stdin); } else { + // If @@ are in the target args, replace them and also set use_stdin=false. detect_file_args(argv + optind, at_file, &fsrv->use_stdin); } @@ -1042,14 +1059,6 @@ int main(int argc, char **argv_orig, char **envp) { } - i = 0; - while (use_argv[i] != NULL && !arg_offset) { - - if (strcmp(use_argv[i], "@@") == 0) { arg_offset = i; } - i++; - - } - shm_fuzz = ck_alloc(sizeof(sharedmem_t)); /* initialize cmplog_mode */ @@ -1160,30 +1169,11 @@ int main(int argc, char **argv_orig, char **envp) { } - u8 *use_dir = "."; - - if (access(use_dir, R_OK | W_OK | X_OK)) { - - use_dir = get_afl_env("TMPDIR"); - if (!use_dir) { use_dir = "/tmp"; } - - } - - stdin_file = at_file ? strdup(at_file) - : (char *)alloc_printf("%s/.afl-showmap-temp-%u", - use_dir, (u32)getpid()); - unlink(stdin_file); atexit(at_exit_handler); fsrv->out_file = stdin_file; fsrv->out_fd = open(stdin_file, O_RDWR | O_CREAT | O_EXCL, 0600); if (fsrv->out_fd < 0) { PFATAL("Unable to create '%s'", out_file); } - if (arg_offset && use_argv[arg_offset] != stdin_file) { - - use_argv[arg_offset] = strdup(stdin_file); - - } - if (get_afl_env("AFL_DEBUG")) { int j = optind; From 62f067ec71aff384a197511b33142002ca284c66 Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Mon, 15 Mar 2021 14:04:10 -0700 Subject: [PATCH 012/441] afl-showmap: Unwind a change to keep it pre-C99 compatible --- src/afl-showmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 2627f491..29b8456f 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -737,7 +737,7 @@ int main(int argc, char **argv_orig, char **envp) { // TODO: u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ - s32 opt; + s32 opt, i; u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; char **use_argv; @@ -985,7 +985,7 @@ int main(int argc, char **argv_orig, char **envp) { if (getenv("AFL_DEBUG")) { DEBUGF(""); - for (int i = 0; i < argc; i++) + for (i = 0; i < argc; i++) SAYF(" %s", argv[i]); SAYF("\n"); From ee5078f43c44a022831cf83b6963930975188168 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 11:22:37 +0100 Subject: [PATCH 013/441] v3.13a init --- docs/Changelog.md | 3 +++ include/config.h | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 5b7d6ab6..6b7ebf15 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,6 +8,9 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . +### Version ++3.13a (development) + - ... + ### Version ++3.12c (release) - afl-fuzz: - added AFL_TARGET_ENV variable to pass extra env vars to the target diff --git a/include/config.h b/include/config.h index c93a6d51..8ac74c45 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++3.12c" +#define VERSION "++3.13a" /****************************************************** * * From 958436be4ba057e8409787e7ff4ddcfa095c46da Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 18:18:05 +0100 Subject: [PATCH 014/441] ifdef for record --- include/config.h | 9 +++++++++ src/afl-forkserver.c | 8 ++++++++ src/afl-fuzz.c | 30 +++++++++++++++++++++++------- 3 files changed, 40 insertions(+), 7 deletions(-) diff --git a/include/config.h b/include/config.h index 60872785..f6dbfae0 100644 --- a/include/config.h +++ b/include/config.h @@ -60,6 +60,15 @@ /* Now non-cmplog configuration options */ + +/* If a persistent target keeps state and found crashes are not reproducable + then enable this option and set the AFL_PERSISTENT_RECORD env variable + to a number. These number of testcases prior the crash will be kept and + also written to the crash/ directory */ + +#define AFL_PERSISTENT_RECORD + + /* console output colors: There are three ways to configure its behavior * 1. default: colored outputs fixed on: defined USE_COLOR && defined * ALWAYS_COLORED The env var. AFL_NO_COLOR will have no effect diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 2ab1304e..4e4f92d6 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -365,6 +365,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!be_quiet) { ACTF("Spinning up the fork server..."); } +#ifdef AFL_PERSISTENT_RECORD if (unlikely(fsrv->persistent_record)) { fsrv->persistent_record_data = @@ -379,6 +380,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } } +#endif if (fsrv->use_fauxsrv) { @@ -1014,6 +1016,7 @@ u32 afl_fsrv_get_mapsize(afl_forkserver_t *fsrv, char **argv, void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { +#ifdef AFL_PERSISTENT_RECORD if (unlikely(fsrv->persistent_record)) { fsrv->persistent_record_len[fsrv->persistent_record_idx] = len; @@ -1036,6 +1039,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { } } +#endif if (likely(fsrv->use_shmem_fuzz && fsrv->shmem_fuzz)) { @@ -1149,6 +1153,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, } +#ifdef AFL_PERSISTENT_RECORD // end of persistent loop? if (unlikely(fsrv->persistent_record && fsrv->persistent_record_pid != fsrv->child_pid)) { @@ -1165,6 +1170,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, fsrv->persistent_record_len[idx] = val; } +#endif if (fsrv->child_pid <= 0) { @@ -1264,6 +1270,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { +#ifdef AFL_PERSISTENT_RECORD if (unlikely(fsrv->persistent_record)) { char fn[PATH_MAX]; @@ -1293,6 +1300,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, ++fsrv->persistent_record_cnt; } +#endif /* For a proper crash, set last_kill_signal to WTERMSIG, else set it to 0 */ fsrv->last_kill_signal = diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index b2c81580..d622db71 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -218,7 +218,9 @@ static void usage(u8 *argv0, int more_help) { "AFL_PATH: path to AFL support binaries\n" "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n" "AFL_QUIET: suppress forkserver status messages\n" +#ifdef AFL_PERSISTENT_RECORD "AFL_PERSISTENT_RECORD: record the last X inputs to every crash in out/crashes\n" +#endif "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" @@ -249,7 +251,13 @@ static void usage(u8 *argv0, int more_help) { SAYF("Compiled with %s module support, see docs/custom_mutator.md\n", (char *)PYTHON_VERSION); #else - SAYF("Compiled without python module support\n"); + SAYF("Compiled without python module support.\n"); +#endif + +#ifdef AFL_PERSISTENT_RECORD + SAYF("Compiled with AFL_PERSISTENT_RECORD support.\n"); +#else + SAYF("Compiled without AFL_PERSISTENT_RECORD support.\n"); #endif #ifdef USEMMAP @@ -259,27 +267,27 @@ static void usage(u8 *argv0, int more_help) { #endif #ifdef ASAN_BUILD - SAYF("Compiled with ASAN_BUILD\n\n"); + SAYF("Compiled with ASAN_BUILD.\n"); #endif #ifdef NO_SPLICING - SAYF("Compiled with NO_SPLICING\n\n"); + SAYF("Compiled with NO_SPLICING.\n"); #endif #ifdef PROFILING - SAYF("Compiled with PROFILING\n\n"); + SAYF("Compiled with PROFILING.\n"); #endif #ifdef INTROSPECTION - SAYF("Compiled with INTROSPECTION\n\n"); + SAYF("Compiled with INTROSPECTION.\n"); #endif #ifdef _DEBUG - SAYF("Compiled with _DEBUG\n\n"); + SAYF("Compiled with _DEBUG.\n"); #endif #ifdef _AFL_DOCUMENT_MUTATIONS - SAYF("Compiled with _AFL_DOCUMENT_MUTATIONS\n\n"); + SAYF("Compiled with _AFL_DOCUMENT_MUTATIONS.\n"); #endif SAYF("For additional help please consult %s/README.md :)\n\n", doc_path); @@ -989,6 +997,8 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(afl->afl_env.afl_persistent_record)) { +#ifdef AFL_PERSISTENT_RECORD + afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); if (afl->fsrv.persistent_record < 2) { @@ -999,6 +1009,12 @@ int main(int argc, char **argv_orig, char **envp) { } +#else + + FATAL("afl-fuzz was not compiled with AFL_PERSISTENT_RECORD enabled in config.h!"); + +#endif + } if (afl->fsrv.qemu_mode && getenv("AFL_USE_QASAN")) { From 836aeef595462a37f6be4665a5a6123002423b41 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 18:22:50 +0100 Subject: [PATCH 015/441] changelog info --- docs/Changelog.md | 7 ++++++- docs/env_variables.md | 1 + 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 6b7ebf15..caa06ffd 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,7 +9,12 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.13a (development) - - ... + - afl-fuzz: + - added patch by @realmadsci to support @@ as part of command line + options, e.g. `afl-fuzz ... -- ./target --infile=@@` + - add recording of previous fuzz attempts for persistent mode + to allow replay of non-reproducable crashes, see + AFL_PERSISTENT_RECORD in config.h and docs/envs.h ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/env_variables.md b/docs/env_variables.md index de6b4bd8..6d3d1714 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -432,6 +432,7 @@ checks or alter some of the more exotic semantics of the tool: if set to e.g. 10, then the 9 previous inputs are written to out/default/crashes as RECORD:000000,cnt:000000 to RECORD:000000,cnt:000008 and RECORD:000000,cnt:000009 being the crash case. + NOTE: This option needs to be enabled in config.h first! - If you are Jakub, you may need `AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES`. Others need not apply, unless they also want to disable the From 55224e5150b3acfc4c1db3975ef6a2b5e173f626 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 18:24:52 +0100 Subject: [PATCH 016/441] AFL_PERSISTENT_RECORD not a default --- include/config.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/config.h b/include/config.h index ab4c49f2..4691624a 100644 --- a/include/config.h +++ b/include/config.h @@ -71,16 +71,16 @@ /* Maximum allowed fails per CMP value. Default: 128 */ #define CMPLOG_FAIL_MAX 96 +/* -------------------------------------*/ /* Now non-cmplog configuration options */ - +/* -------------------------------------*/ /* If a persistent target keeps state and found crashes are not reproducable then enable this option and set the AFL_PERSISTENT_RECORD env variable to a number. These number of testcases prior the crash will be kept and also written to the crash/ directory */ -#define AFL_PERSISTENT_RECORD - +//#define AFL_PERSISTENT_RECORD /* console output colors: There are three ways to configure its behavior * 1. default: colored outputs fixed on: defined USE_COLOR && defined From e1384b5086e918350426cd0ece7dbe9c451f771f Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 18 Mar 2021 09:11:00 +0000 Subject: [PATCH 017/441] Add support for FRIDA mode --- .gitignore | 1 + frida_mode/.gitignore | 5 + frida_mode/Makefile | 310 +++++++++++++++++++++++++++ frida_mode/README.md | 48 +++++ frida_mode/inc/instrument.h | 7 + frida_mode/inc/interceptor.h | 4 + frida_mode/inc/prefetch.h | 5 + frida_mode/inc/ranges.h | 6 + frida_mode/src/instrument.c | 265 +++++++++++++++++++++++ frida_mode/src/interceptor.c | 16 ++ frida_mode/src/main.c | 149 +++++++++++++ frida_mode/src/prefetch.c | 121 +++++++++++ frida_mode/src/ranges.c | 395 +++++++++++++++++++++++++++++++++++ frida_mode/test/testinstr.c | 105 ++++++++++ frida_mode/test/testinstr.py | 32 +++ include/envs.h | 7 + include/forkserver.h | 2 + src/afl-analyze.c | 50 ++++- src/afl-fuzz-init.c | 7 +- src/afl-fuzz.c | 54 ++++- src/afl-showmap.c | 47 ++++- src/afl-tmin.c | 49 ++++- 22 files changed, 1668 insertions(+), 17 deletions(-) create mode 100644 frida_mode/.gitignore create mode 100644 frida_mode/Makefile create mode 100644 frida_mode/README.md create mode 100644 frida_mode/inc/instrument.h create mode 100644 frida_mode/inc/interceptor.h create mode 100644 frida_mode/inc/prefetch.h create mode 100644 frida_mode/inc/ranges.h create mode 100644 frida_mode/src/instrument.c create mode 100644 frida_mode/src/interceptor.c create mode 100644 frida_mode/src/main.c create mode 100644 frida_mode/src/prefetch.c create mode 100644 frida_mode/src/ranges.c create mode 100644 frida_mode/test/testinstr.c create mode 100755 frida_mode/test/testinstr.py diff --git a/.gitignore b/.gitignore index 3f440730..2aaaf9ef 100644 --- a/.gitignore +++ b/.gitignore @@ -82,3 +82,4 @@ libAFLDriver.a libAFLQemuDriver.a test/.afl_performance gmon.out +afl-frida-trace.so diff --git a/frida_mode/.gitignore b/frida_mode/.gitignore new file mode 100644 index 00000000..956b9911 --- /dev/null +++ b/frida_mode/.gitignore @@ -0,0 +1,5 @@ +build/ +frida_test.dat +qemu_test.dat +frida_out/** +qemu_out/** diff --git a/frida_mode/Makefile b/frida_mode/Makefile new file mode 100644 index 00000000..73a4142c --- /dev/null +++ b/frida_mode/Makefile @@ -0,0 +1,310 @@ +PWD:=$(shell pwd)/ +INC_DIR:=$(PWD)inc/ +SRC_DIR:=$(PWD)src/ +INCLUDES:=$(wildcard $(INC_DIR)*.h) +SOURCES:=$(wildcard $(SRC_DIR)*.c) +BUILD_DIR:=$(PWD)build/ +CFLAGS:= $(CFLAGS) \ + -fPIC \ + -D_GNU_SOURCE + +FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ +FRIDA_TRACE:=$(FRIDA_BUILD_DIR)afl-frida-trace.so + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" +ARCH:=arm64 +TESTINSTR_BASE:=0x0000aaaaaaaaa000 +endif + +ifeq "$(ARCH)" "x86_64" +TESTINSTR_BASE:=0x0000555555554000 +endif + +ifeq "$(shell uname)" "Darwin" +OS:=macos +AFL_FRIDA_INST_RANGES=0x0000000000001000-0xFFFFFFFFFFFFFFFF +CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations +TEST_LDFLAGS:=-undefined dynamic_lookup +endif +ifeq "$(shell uname)" "Linux" +OS:=linux +AFL_FRIDA_INST_RANGES=$(shell $(PWD)test/testinstr.py -f $(BUILD_DIR)testinstr -s .testinstr -b $(TESTINSTR_BASE)) +CFLAGS:=$(CFLAGS) -Wno-prio-ctor-dtor +TEST_LDFLAGS:= +endif + +ifndef OS +$(error "Operating system unsupported") +endif + +VERSION=14.2.13 +GUM_DEVKIT_FILENAME=frida-gum-devkit-$(VERSION)-$(OS)-$(ARCH).tar.xz +GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(VERSION)/$(GUM_DEVKIT_FILENAME)" +GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) +GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a +GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h + +TEST_BUILD_DIR:=$(BUILD_DIR)test/ + +LIBPNG_FILE:=$(TEST_BUILD_DIR)libpng-1.2.56.tar.gz +LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz +LIBPNG_DIR:=$(TEST_BUILD_DIR)libpng-1.2.56/ +LIBPNG_MAKEFILE:=$(LIBPNG_DIR)Makefile +LIBPNG_LIB:=$(LIBPNG_DIR).libs/libpng12.a + +HARNESS_FILE:=$(TEST_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(TEST_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +PNGTEST_FILE:=$(TEST_BUILD_DIR)target.cc +PNGTEST_OBJ:=$(TEST_BUILD_DIR)target.o +PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" + +TEST_BIN:=$(TEST_BUILD_DIR)pngtest + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)test/testinstr.c + +TEST_DATA_DIR:=$(PWD)build/test/libpng-1.2.56/contrib/pngsuite/ + +TESTINSTR_DATA_DIR:=$(BUILD_DIR)testinstr_in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)test.dat +FRIDA_OUT:=$(PWD)frida_out +QEMU_OUT:=$(PWD)qemu_out + +.PHONY: all frida test clean format test_frida test_qemu compare testinstr test_testinstr standalone + +all: $(FRIDA_TRACE) + +frida: $(FRIDA_TRACE) + +$(BUILD_DIR): + mkdir -p $(BUILD_DIR) + +############################# FRIDA ############################################ +$(FRIDA_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) + wget -O $@ $(GUM_DEVKIT_URL) + +$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) + tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + +$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) + tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(SOURCES) Makefile | $(FRIDA_BUILD_DIR) + $(CC) -shared \ + $(CFLAGS) \ + -o $@ $(SOURCES) \ + $(GUM_DEVIT_LIBRARY) \ + -I $(FRIDA_BUILD_DIR) \ + -I .. \ + -I ../include \ + -I $(INC_DIR) \ + ../instrumentation/afl-compiler-rt.o.c \ + -lpthread -ldl -lresolv + + cp -v $(FRIDA_TRACE) ../ + +############################# TEST ############################################# + +test: $(TEST_BIN) + +$(TEST_BUILD_DIR): $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(TEST_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) -o $@ -c $< + +$(PNGTEST_FILE): | $(TEST_BUILD_DIR) + wget -O $@ $(PNGTEST_URL) + +$(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) + $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< + +$(LIBPNG_FILE): | $(TEST_BUILD_DIR) + wget -O $@ $(LIBPNG_URL) + +$(LIBPNG_DIR): $(LIBPNG_FILE) + tar zxvf $(LIBPNG_FILE) -C $(TEST_BUILD_DIR) + +$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) + cd $(LIBPNG_DIR) && ./configure + +$(LIBPNG_LIB): $(LIBPNG_MAKEFILE) + make -C $(LIBPNG_DIR) + +$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) + $(CXX) \ + -o $@ \ + $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ + -lz \ + $(TEST_LDFLAGS) + +############################# TESTINSR ######################################### +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< + +testinstr: $(TESTINSTBIN) + +############################# CLEAN ############################################ +clean: + rm -rf $(BUILD_DIR) + +############################# FORMAT ########################################### +format: + cd .. && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i + cd .. && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i + cd .. && ./.custom-format.py -i $(TESTINSTSRC) + +############################# RUN ############################################# + +# Add the environment variable AFL_DEBUG_CHILD=1 to show printf's from the target + +png_frida: $(FRIDA_TRACE) $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-fuzz \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +png_qemu: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-fuzz \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +compare: $(FRIDA_TRACE) $(TEST_BIN) + cd .. && \ + ./afl-fuzz \ + -V30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + cd .. && \ + ./afl-fuzz \ + -V30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + cat frida_out/default/fuzzer_stats + cat qemu_out/default/fuzzer_stats + +testinstr_qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + make -C .. + cd .. && \ + AFL_QEMU_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ + ./afl-fuzz \ + -Q \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +testinstr_frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + make -C .. + cd .. && \ + AFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ + AFL_FRIDA_INST_NO_OPTIMIZE=1 \ + AFL_FRIDA_INST_NO_PREFETCH=1 \ + AFL_FRIDA_INST_STRICT=1 \ + ./afl-fuzz \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +standalone: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + cd .. && \ + AFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ + AFL_DEBUG_CHILD=1 \ + AFL_FRIDA_DEBUG_MAPS=1 \ + AFL_FRIDA_INST_NO_OPTIMIZE=1 \ + AFL_FRIDA_INST_NO_PREFETCH=1 \ + AFL_FRIDA_INST_TRACE=1 \ + AFL_FRIDA_INST_STRICT=1 \ + LD_PRELOAD=$(FRIDA_TRACE) \ + DYLD_INSERT_LIBRARIES=$(FRIDA_TRACE) \ + $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + +tmin_qemu: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-tmin \ + -Q \ + -i $(TEST_DATA_DIR)basn0g01.png \ + -o $(QEMU_OUT)/qemu-min-basn0g01.png \ + -- \ + $(TEST_BIN) @@ + +tmin_frida: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-tmin \ + -O \ + -i $(TEST_DATA_DIR)basn0g01.png \ + -o $(FRIDA_OUT)/qemu-min-basn0g01.png \ + -- \ + $(TEST_BIN) + +showmap_qemu: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-showmap \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +showmap_frida: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-showmap \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +analyze_qemu: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-analyze \ + -Q \ + -i $(TEST_DATA_DIR)basn0g01.png \ + -- \ + $(TEST_BIN) @@ + +analyze_frida: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-analyze \ + -O \ + -i $(TEST_DATA_DIR)basn0g01.png \ + -- \ + $(TEST_BIN) @@ \ No newline at end of file diff --git a/frida_mode/README.md b/frida_mode/README.md new file mode 100644 index 00000000..c5436e8b --- /dev/null +++ b/frida_mode/README.md @@ -0,0 +1,48 @@ +# FRIDA MODE +The purpose of FRIDA mode is to provide an alternative binary only fuzzer for AFL +just like that provided by QEMU mode. The intention is to provide a very similar +user experience, right down to the options provided through environment variables. + +Additionally, the intention is to be able to make a direct performance comparison +between the two approaches. Hopefully, we should also be able to leverage the same +approaches for adding features which QEMU uses, possibly even sharing code. + +## Limitations +The current focus is on x64 support for Intel. Although parts may be architecturally +dependent, the approach itself should remain architecture agnostic. + +## Usage +FRIDA mode requires some small modifications to the afl-fuzz and similar tools in +AFLplusplus. The intention is that it behaves identically to QEMU, but uses the 'O' +switch rather than 'Q'. + +## Design +AFL Frida works by means of a shared library injected into a binary program using +LD_PRELOAD, similar to the way which other fuzzing features are injected into targets. + +## Testing +Alongside the FRIDA mode, we also include a test program for fuzzing. This test +program is built using the libpng benchmark from fuzz-bench and integrating the +StandaloneFuzzTargetMain from the llvm project. This is built and linked without +any special modifications to suit FRIDA or QEMU. However, at present we don't have +a representative corpus. + +## Getting Started +To build everything run `make`. + +To run the benchmark sample with qemu run `make test_qemu`. +To run the benchmark sample with frida run `make test_frida`. + +# Configuration options +* `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` +* `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` +* `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. +* `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. +* `AFL_FRIDA_INST_RANGES` - See `AFL_QEMU_INST_RANGES` +* `AFL_FRIDA_INST_STRICT` - Under certain conditions, Stalker may encroach into excluded regions and generate both instrumented blocks and coverage data (e.g. indirect calls on x86). The excluded block is generally honoured as soon as another function is called within the excluded region. The overhead of generating, running and instrumenting these few additional blocks is likely to be fairly small, but it may hinder you when checking that the correct number of paths are found for testing purposes or similar. There is a performance penatly for this option during block compilation where we check the block isn't in a list of excluded ranges. +* `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. + +# TODO +* Add AARCH64 inline assembly optimization from libFuzz +* Fix issues running on OSX +* Identify cause of erroneous additional paths diff --git a/frida_mode/inc/instrument.h b/frida_mode/inc/instrument.h new file mode 100644 index 00000000..ff71bed4 --- /dev/null +++ b/frida_mode/inc/instrument.h @@ -0,0 +1,7 @@ +#include "frida-gum.h" + +void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, + gpointer user_data); + +void instrument_init(); + diff --git a/frida_mode/inc/interceptor.h b/frida_mode/inc/interceptor.h new file mode 100644 index 00000000..5ed3cf49 --- /dev/null +++ b/frida_mode/inc/interceptor.h @@ -0,0 +1,4 @@ +#include "frida-gum.h" + +void intercept(void *address, gpointer replacement, gpointer user_data); + diff --git a/frida_mode/inc/prefetch.h b/frida_mode/inc/prefetch.h new file mode 100644 index 00000000..b7f25a97 --- /dev/null +++ b/frida_mode/inc/prefetch.h @@ -0,0 +1,5 @@ +void prefetch_init(); +void prefetch_start(GumStalker *stalker); +void prefetch_write(void *addr); +void prefetch_read(GumStalker *stalker); + diff --git a/frida_mode/inc/ranges.h b/frida_mode/inc/ranges.h new file mode 100644 index 00000000..b9394dbc --- /dev/null +++ b/frida_mode/inc/ranges.h @@ -0,0 +1,6 @@ +#include "frida-gum.h" + +void ranges_init(GumStalker *stalker); + +gboolean range_is_excluded(gpointer address); + diff --git a/frida_mode/src/instrument.c b/frida_mode/src/instrument.c new file mode 100644 index 00000000..042fdab8 --- /dev/null +++ b/frida_mode/src/instrument.c @@ -0,0 +1,265 @@ +#include "frida-gum.h" +#include "config.h" +#include "debug.h" +#include "prefetch.h" +#include "ranges.h" +#include "unistd.h" + +extern uint8_t *__afl_area_ptr; +extern u32 __afl_map_size; + +uint64_t __thread previous_pc = 0; +GumAddress current_log_impl = GUM_ADDRESS(0); + +static gboolean tracing = false; +static gboolean optimize = false; +static gboolean strict = false; + +#if defined(__x86_64__) +static const guint8 afl_log_code[] = { + + 0x9c, /* pushfq */ + 0x50, /* push rax */ + 0x51, /* push rcx */ + 0x52, /* push rdx */ + + 0x48, 0x8d, 0x05, 0x27, + 0x00, 0x00, 0x00, /* lea rax, sym._afl_area_ptr_ptr */ + 0x48, 0x8b, 0x00, /* mov rax, qword [rax] */ + 0x48, 0x8b, 0x00, /* mov rax, qword [rax] */ + 0x48, 0x8d, 0x0d, 0x22, + 0x00, 0x00, 0x00, /* lea rcx, sym.previous_pc */ + 0x48, 0x8b, 0x11, /* mov rdx, qword [rcx] */ + 0x48, 0x8b, 0x12, /* mov rdx, qword [rdx] */ + 0x48, 0x31, 0xfa, /* xor rdx, rdi */ + 0xfe, 0x04, 0x10, /* inc byte [rax + rdx] */ + 0x48, 0xd1, 0xef, /* shr rdi, 1 */ + 0x48, 0x8b, 0x01, /* mov rax, qword [rcx] */ + 0x48, 0x89, 0x38, /* mov qword [rax], rdi */ + + 0x5a, /* pop rdx */ + 0x59, /* pop rcx */ + 0x58, /* pop rax */ + 0x9d, /* popfq */ + + 0xc3, /* ret */ + + /* Read-only data goes here: */ + /* uint8_t** afl_area_ptr_ptr */ + /* uint64_t* afl_prev_loc_ptr */ + +}; + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumX86Writer *cw = output->writer.x86; + + if (current_log_impl == 0 || + !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || + !gum_x86_writer_can_branch_directly_between(cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_x86_writer_put_jmp_near_label(cw, after_log_impl); + + current_log_impl = cw->pc; + gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); + + uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; + uint64_t *afl_prev_loc_ptr = &previous_pc; + gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, + sizeof(afl_area_ptr_ptr)); + gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, + sizeof(afl_prev_loc_ptr)); + + gum_x86_writer_put_label(cw, after_log_impl); + + } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -GUM_RED_ZONE_SIZE); + gum_x86_writer_put_push_reg(cw, GUM_REG_RDI); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDI, area_offset); + gum_x86_writer_put_call_address(cw, current_log_impl); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RDI); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + GUM_RED_ZONE_SIZE); + +} + +#elif defined(__aarch64__) +static const guint8 afl_log_code[] = { + + // __afl_area_ptr[current_pc ^ previous_pc]++; + // previous_pc = current_pc >> 1; + 0xE1, 0x0B, 0xBF, 0xA9, // stp x1, x2, [sp, -0x10]! + 0xE3, 0x13, 0xBF, 0xA9, // stp x3, x4, [sp, -0x10]! + + // x0 = current_pc + 0xc1, 0x01, 0x00, 0x58, // ldr x1, #0x38, =&__afl_area_ptr + 0x21, 0x00, 0x40, 0xf9, // ldr x1, [x1] (=__afl_area_ptr) + + 0xc2, 0x01, 0x00, 0x58, // ldr x2, #0x38, =&previous_pc + 0x42, 0x00, 0x40, 0xf9, // ldr x2, [x2] (=previous_pc) + + // __afl_area_ptr[current_pc ^ previous_pc]++; + 0x42, 0x00, 0x00, 0xca, // eor x2, x2, x0 + 0x23, 0x68, 0x62, 0xf8, // ldr x3, [x1, x2] + 0x63, 0x04, 0x00, 0x91, // add x3, x3, #1 + 0x23, 0x68, 0x22, 0xf8, // str x3, [x1, x2] + + // previous_pc = current_pc >> 1; + 0xe0, 0x07, 0x40, 0x8b, // add x0, xzr, x0, LSR #1 + 0xe2, 0x00, 0x00, 0x58, // ldr x2, #0x1c, =&previous_pc + 0x40, 0x00, 0x00, 0xf9, // str x0, [x2] + + 0xE3, 0x13, 0xc1, 0xA8, // ldp x3, x4, [sp], #0x10 + 0xE1, 0x0B, 0xc1, 0xA8, // ldp x1, x2, [sp], #0x10 + 0xC0, 0x03, 0x5F, 0xD6, // ret + + // &afl_area_ptr_ptr + // &afl_prev_loc_ptr + +}; + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumArm64Writer *cw = output->writer.arm64; + + if (current_log_impl == 0 || + !gum_arm64_writer_can_branch_directly_between(cw, cw->pc, + current_log_impl) || + !gum_arm64_writer_can_branch_directly_between(cw, cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_arm64_writer_put_b_label(cw, after_log_impl); + + current_log_impl = cw->pc; + gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); + + uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; + uint64_t *afl_prev_loc_ptr = &previous_pc; + gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, + sizeof(afl_area_ptr_ptr)); + gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, + sizeof(afl_prev_loc_ptr)); + + gum_arm64_writer_put_label(cw, after_log_impl); + + } + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + gum_arm64_writer_put_ldr_reg_u64(cw, ARM64_REG_X0, area_offset); + gum_arm64_writer_put_bl_imm(cw, current_log_impl); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); + +} + +#endif + +static void on_basic_block(GumCpuContext *context, gpointer user_data) { + + /* Avoid stack operations in potentially performance critical code */ + static char buffer[200]; + int len; + guint64 current_pc = (guint64)user_data; + if (tracing) { + + /* Avoid any functions which may cause an allocation since the target app + * may already be running inside malloc and it isn't designed to be + * re-entrant on a single thread */ + len = snprintf(buffer, sizeof(buffer), + "current_pc: 0x%016" G_GINT64_MODIFIER + "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", + current_pc, previous_pc); + + write(STDOUT_FILENO, buffer, len + 1); + + } + + current_pc = (current_pc >> 4) ^ (current_pc << 8); + current_pc &= MAP_SIZE - 1; + + __afl_area_ptr[current_pc ^ previous_pc]++; + previous_pc = current_pc >> 1; + +} + +void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, + gpointer user_data) { + + const cs_insn *instr; + gboolean begin = TRUE; + while (gum_stalker_iterator_next(iterator, &instr)) { + + if (begin) { + + prefetch_write((void *)instr->address); + if (!strict || !range_is_excluded((void *)instr->address)) { + + if (optimize) { + + instrument_coverage_optimize(instr, output); + + } else { + + gum_stalker_iterator_put_callout(iterator, on_basic_block, + (gpointer)instr->address, NULL); + + } + + } + + begin = FALSE; + + } + + gum_stalker_iterator_keep(iterator); + + } + +} + +void instrument_init() { + + optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); + tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + strict = (getenv("AFL_FRIDA_INST_STRICT") != NULL); + +#if !defined(__x86_64__) && !defined(__aarch64__) + optimize = false; +#endif + + OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); + OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); + OKF("Instrumentation - strict [%c]", strict ? 'X' : ' '); + + if (tracing && optimize) { + + FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); + + } + + if (__afl_map_size != 0x10000) { + + FATAL("Bad map size: 0x%08x", __afl_map_size); + + } + +} + diff --git a/frida_mode/src/interceptor.c b/frida_mode/src/interceptor.c new file mode 100644 index 00000000..ba05a80a --- /dev/null +++ b/frida_mode/src/interceptor.c @@ -0,0 +1,16 @@ +#include "frida-gum.h" +#include "debug.h" + +#include "interceptor.h" + +void intercept(void *address, gpointer replacement, gpointer user_data) { + + GumInterceptor *interceptor = gum_interceptor_obtain(); + gum_interceptor_begin_transaction(interceptor); + GumReplaceReturn ret = + gum_interceptor_replace(interceptor, address, replacement, user_data); + if (ret != GUM_ATTACH_OK) { FATAL("gum_interceptor_attach: %d", ret); } + gum_interceptor_end_transaction(interceptor); + +} + diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c new file mode 100644 index 00000000..444c9583 --- /dev/null +++ b/frida_mode/src/main.c @@ -0,0 +1,149 @@ +#include +#include + +#ifdef __APPLE__ + #include + #include +#else + #include + #include +#endif + +#include "frida-gum.h" +#include "config.h" +#include "debug.h" + +#include "interceptor.h" +#include "instrument.h" +#include "prefetch.h" +#include "ranges.h" + +#ifdef __APPLE__ +extern mach_port_t mach_task_self(); +extern GumAddress gum_darwin_find_entrypoint(mach_port_t task); +#else +extern int __libc_start_main(int *(main)(int, char **, char **), int argc, + char **ubp_av, void (*init)(void), + void (*fini)(void), void (*rtld_fini)(void), + void(*stack_end)); +#endif + +typedef int *(*main_fn_t)(int argc, char **argv, char **envp); + +static main_fn_t main_fn = NULL; +static GumStalker * stalker = NULL; +static GumMemoryRange code_range = {0}; + +extern void __afl_manual_init(); +extern __thread uint64_t previous_pc; + +static int on_fork() { + + prefetch_read(stalker); + return fork(); + +} + +#ifdef __APPLE__ +static void on_main_os(int argc, char **argv, char **envp) { + +} + +#else +static void on_main_os(int argc, char **argv, char **envp) { + + /* Personality doesn't affect the current process, it only takes effect on + * evec */ + int persona = personality(ADDR_NO_RANDOMIZE); + if ((persona & ADDR_NO_RANDOMIZE) == 0) { execvpe(argv[0], argv, envp); } + + GumInterceptor *interceptor = gum_interceptor_obtain(); + + gum_interceptor_begin_transaction(interceptor); + gum_interceptor_revert(interceptor, __libc_start_main); + gum_interceptor_end_transaction(interceptor); + gum_interceptor_flush(interceptor); + +} + +#endif + +static int *on_main(int argc, char **argv, char **envp) { + + on_main_os(argc, argv, envp); + + stalker = gum_stalker_new(); + if (stalker == NULL) { FATAL("Failed to initialize stalker"); } + + gum_stalker_set_trust_threshold(stalker, 0); + + GumStalkerTransformer *transformer = + gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + + instrument_init(); + prefetch_init(); + ranges_init(stalker); + + intercept(fork, on_fork, stalker); + + gum_stalker_follow_me(stalker, transformer, NULL); + gum_stalker_deactivate(stalker); + + __afl_manual_init(); + + /* Child here */ + previous_pc = 0; + prefetch_start(stalker); + main_fn(argc, argv, envp); + _exit(0); + +} + +#ifdef __APPLE__ +static void intercept_main() { + + mach_port_t task = mach_task_self(); + OKF("Task Id: %u", task); + GumAddress entry = gum_darwin_find_entrypoint(task); + OKF("Entry Point: 0x%016" G_GINT64_MODIFIER "x", entry); + void *main = GSIZE_TO_POINTER(entry); + main_fn = main; + intercept(main, on_main, NULL); + +} + +#else +static int on_libc_start_main(int *(main)(int, char **, char **), int argc, + char **ubp_av, void (*init)(void), + void (*fini)(void), void (*rtld_fini)(void), + void(*stack_end)) { + + main_fn = main; + intercept(main, on_main, NULL); + return __libc_start_main(main, argc, ubp_av, init, fini, rtld_fini, + stack_end); + +} + +static void intercept_main() { + + intercept(__libc_start_main, on_libc_start_main, NULL); + +} + +#endif + +__attribute__((constructor)) static void init() { + + gum_init_embedded(); + if (!gum_stalker_is_supported()) { + + gum_deinit_embedded(); + FATAL("Failed to initialize embedded"); + + } + + intercept_main(); + +} + diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c new file mode 100644 index 00000000..64633c1c --- /dev/null +++ b/frida_mode/src/prefetch.c @@ -0,0 +1,121 @@ +#include +#include +#include + +#include "frida-gum.h" +#include "prefetch.h" +#include "debug.h" + +#define TRUST 0 +#define PREFETCH_SIZE 65536 +#define PREFETCH_ENTRIES ((PREFETCH_SIZE - sizeof(size_t)) / sizeof(void *)) + +typedef struct { + + size_t count; + void * entry[PREFETCH_ENTRIES]; + +} prefetch_data_t; + +static prefetch_data_t *prefetch_data = NULL; + +static int prefetch_shm_id = -1; + +/* + * We do this from the transformer since we need one anyway for coverage, this + * saves the need to use an event sink. + */ +void prefetch_write(void *addr) { + + /* Bail if we aren't initialized */ + if (prefetch_data == NULL) return; + + /* + * Our shared memory IPC is large enough for about 1000 entries, we can fine + * tune this if we need to. But if we have more new blocks that this in a + * single run then we ignore them and we'll pick them up next time. + */ + if (prefetch_data->count >= PREFETCH_ENTRIES) return; + + /* + * Write the block address to the SHM IPC and increment the number of entries. + */ + + prefetch_data->entry[prefetch_data->count] = addr; + prefetch_data->count++; + +} + +/* + * Read the IPC region one block at the time and prefetch it + */ +void prefetch_read(GumStalker *stalker) { + + if (prefetch_data == NULL) return; + + for (size_t i = 0; i < prefetch_data->count; i++) { + + void *addr = prefetch_data->entry[i]; + gum_stalker_prefetch(stalker, addr, 1); + + } + + /* + * Reset the entry count to indicate we have finished with it and it can be + * refilled by the child. + */ + prefetch_data->count = 0; + +} + +void prefetch_init() { + + g_assert_cmpint(sizeof(prefetch_data_t), ==, PREFETCH_SIZE); + gboolean prefetch = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); + + OKF("Instrumentation - prefetch [%c]", prefetch ? 'X' : ' '); + + if (!prefetch) { return; } + /* + * Make our shared memory, we can attach before we fork, just like AFL does + * with the coverage bitmap region and fork will take care of ensuring both + * the parent and child see the same consistent memory region. + */ + prefetch_shm_id = + shmget(IPC_PRIVATE, sizeof(prefetch_data_t), IPC_CREAT | IPC_EXCL | 0600); + if (prefetch_shm_id < 0) { + + FATAL("prefetch_shm_id < 0 - errno: %d\n", errno); + + } + + prefetch_data = shmat(prefetch_shm_id, NULL, 0); + g_assert(prefetch_data != MAP_FAILED); + + /* + * Configure the shared memory region to be removed once the process dies. + */ + if (shmctl(prefetch_shm_id, IPC_RMID, NULL) < 0) { + + FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); + + } + + /* Clear it, not sure it's necessary, just seems like good practice */ + memset(prefetch_data, '\0', sizeof(prefetch_data_t)); + +} + +__attribute__((noinline)) static void prefetch_activation() { + + asm volatile(""); + +} + +void prefetch_start(GumStalker *stalker) { + + gum_stalker_activate(stalker, prefetch_activation); + prefetch_activation(); + +} + diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c new file mode 100644 index 00000000..fc14710f --- /dev/null +++ b/frida_mode/src/ranges.c @@ -0,0 +1,395 @@ +// 0x123-0x321 +// module.so + +#include "ranges.h" +#include "debug.h" + +#define MAX_RANGES 20 + +typedef struct { + + gchar * suffix; + GumMemoryRange *range; + gboolean done; + +} convert_name_ctx_t; + +typedef struct { + + GumStalker *stalker; + GArray * array; + +} include_range_ctx_t; + +GArray * ranges = NULL; +gboolean exclude_ranges = false; + +static void convert_address_token(gchar *token, GumMemoryRange *range) { + + gchar **tokens; + int token_count; + tokens = g_strsplit(token, "-", 2); + for (token_count = 0; tokens[token_count] != NULL; token_count++) + ; + + if (token_count != 2) { + + FATAL("Invalid range (should have two addresses seperated by a '-'): %s\n", + token); + + } + + gchar *from_str = tokens[0]; + gchar *to_str = tokens[1]; + + if (!g_str_has_prefix(from_str, "0x")) { + + FATAL("Invalid range: %s - Start address should have 0x prefix: %s\n", + token, from_str); + + } + + if (!g_str_has_prefix(to_str, "0x")) { + + FATAL("Invalid range: %s - End address should have 0x prefix: %s\n", token, + to_str); + + } + + from_str = &from_str[2]; + to_str = &to_str[2]; + + for (char *c = from_str; *c != '\0'; c++) { + + if (!g_ascii_isxdigit(*c)) { + + FATAL("Invalid range: %s - Start address not formed of hex digits: %s\n", + token, from_str); + + } + + } + + for (char *c = to_str; *c != '\0'; c++) { + + if (!g_ascii_isxdigit(*c)) { + + FATAL("Invalid range: %s - End address not formed of hex digits: %s\n", + token, to_str); + + } + + } + + guint64 from = g_ascii_strtoull(from_str, NULL, 16); + if (from == 0) { + + FATAL("Invalid range: %s - Start failed hex conversion: %s\n", token, + from_str); + + } + + guint64 to = g_ascii_strtoull(to_str, NULL, 16); + if (to == 0) { + + FATAL("Invalid range: %s - End failed hex conversion: %s\n", token, to_str); + + } + + if (from >= to) { + + FATAL("Invalid range: %s - Start (0x%016" G_GINT64_MODIFIER + "x) must be less than end " + "(0x%016" G_GINT64_MODIFIER "x)\n", + token, from, to); + + } + + range->base_address = from; + range->size = to - from; + + g_strfreev(tokens); + +} + +static gboolean convert_name_token_for_module(const GumModuleDetails *details, + gpointer user_data) { + + convert_name_ctx_t *ctx = (convert_name_ctx_t *)user_data; + if (details->path == NULL) { return true; }; + + if (!g_str_has_suffix(details->path, ctx->suffix)) { return true; }; + + OKF("Found module - prefix: %s, 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x %s", + ctx->suffix, details->range->base_address, + details->range->base_address + details->range->size, details->path); + + *ctx->range = *details->range; + ctx->done = true; + return false; + +} + +static void convert_name_token(gchar *token, GumMemoryRange *range) { + + gchar * suffix = g_strconcat("/", token, NULL); + convert_name_ctx_t ctx = {.suffix = suffix, .range = range, .done = false}; + + gum_process_enumerate_modules(convert_name_token_for_module, &ctx); + if (!ctx.done) { FATAL("Failed to resolve module: %s\n", token); } + g_free(suffix); + +} + +static void convert_token(gchar *token, GumMemoryRange *range) { + + if (g_strrstr(token, "-")) { + + convert_address_token(token, range); + + } else { + + convert_name_token(token, range); + + } + + OKF("Converted token: %s -> 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x\n", + token, range->base_address, range->base_address + range->size); + +} + +static gboolean include_ranges(const GumRangeDetails *details, + gpointer user_data) { + + include_range_ctx_t *ctx = (include_range_ctx_t *)user_data; + GArray * array = (GArray *)ctx->array; + GumAddress base = details->range->base_address; + GumAddress limit = details->range->base_address + details->range->size; + + OKF("Range for inclusion 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x", + base, limit); + + for (int i = 0; i < array->len; i++) { + + GumMemoryRange *range = &g_array_index(array, GumMemoryRange, i); + GumAddress range_base = range->base_address; + GumAddress range_limit = range->base_address + range->size; + + /* Before the region */ + if (range_limit < base) { continue; } + + /* After the region */ + if (range_base > limit) { + + GumMemoryRange exclude = {.base_address = base, .size = limit - base}; + OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER + "x", + base, limit); + gum_stalker_exclude(ctx->stalker, &exclude); + return true; + + } + + /* Overlap the start of the region */ + if (range_base < base) { + + /* Range contains the region */ + if (range_limit > limit) { + + return true; + + } else { + + base = range_limit; + continue; + + } + + /* Overlap the end of the region */ + + } else { + + GumMemoryRange exclude = {.base_address = base, + .size = range_base - base}; + OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER + "x", + base, range_base); + gum_stalker_exclude(ctx->stalker, &exclude); + /* Extend past the end of the region */ + if (range_limit >= limit) { + + return true; + + /* Contained within the region */ + + } else { + + base = range_limit; + continue; + + } + + } + + } + + GumMemoryRange exclude = {.base_address = base, .size = limit - base}; + OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "x", + base, limit); + gum_stalker_exclude(ctx->stalker, &exclude); + return true; + +} + +gint range_sort(gconstpointer a, gconstpointer b) { + + return ((GumMemoryRange *)a)->base_address - + ((GumMemoryRange *)b)->base_address; + +} + +static gboolean print_ranges(const GumRangeDetails *details, + gpointer user_data) { + + if (details->file == NULL) { + + OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER "X", + details->range->base_address, + details->range->base_address + details->range->size); + + } else { + + OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER + "X %s(0x%016" G_GINT64_MODIFIER "x)", + details->range->base_address, + details->range->base_address + details->range->size, + details->file->path, details->file->offset); + + } + + return true; + +} + +void ranges_init(GumStalker *stalker) { + + char * showmaps; + char * include; + char * exclude; + char * list; + gchar ** tokens; + int token_count; + GumMemoryRange range; + + int i; + + showmaps = getenv("AFL_FRIDA_DEBUG_MAPS"); + include = getenv("AFL_FRIDA_INST_RANGES"); + exclude = getenv("AFL_FRIDA_EXCLUDE_RANGES"); + + if (showmaps) { + + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges, NULL); + + } + + if (include != NULL && exclude != NULL) { + + FATAL( + "Cannot specifify both AFL_FRIDA_INST_RANGES and " + "AFL_FRIDA_EXCLUDE_RANGES"); + + } + + if (include == NULL && exclude == NULL) { return; } + + list = include == NULL ? exclude : include; + exclude_ranges = include == NULL ? true : false; + + tokens = g_strsplit(list, ",", MAX_RANGES); + + for (token_count = 0; tokens[token_count] != NULL; token_count++) + ; + + ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), token_count); + + for (i = 0; i < token_count; i++) { + + convert_token(tokens[i], &range); + g_array_append_val(ranges, range); + + } + + g_array_sort(ranges, range_sort); + + /* Check for overlaps */ + for (i = 1; i < token_count; i++) { + + GumMemoryRange *prev = &g_array_index(ranges, GumMemoryRange, i - 1); + GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumAddress prev_limit = prev->base_address + prev->size; + GumAddress curr_limit = curr->base_address + curr->size; + if (prev_limit > curr->base_address) { + + FATAL("OVerlapping ranges 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x", + prev->base_address, prev_limit, curr->base_address, curr_limit); + + } + + } + + for (i = 0; i < token_count; i++) { + + GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumAddress curr_limit = curr->base_address + curr->size; + OKF("Range %3d - 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "x", + i, curr->base_address, curr_limit); + + } + + if (include == NULL) { + + for (i = 0; i < token_count; i++) { + + gum_stalker_exclude(stalker, &g_array_index(ranges, GumMemoryRange, i)); + + } + + } else { + + include_range_ctx_t ctx = {.stalker = stalker, .array = ranges}; + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, include_ranges, &ctx); + + } + + g_strfreev(tokens); + +} + +gboolean range_is_excluded(gpointer address) { + + int i; + GumAddress test = GUM_ADDRESS(address); + + if (ranges == NULL) { return false; } + + for (i = 0; i < ranges->len; i++) { + + GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumAddress curr_limit = curr->base_address + curr->size; + + if (test < curr->base_address) { return !exclude_ranges; } + + if (test < curr_limit) { return exclude_ranges; } + + } + + return !exclude_ranges; + +} + diff --git a/frida_mode/test/testinstr.c b/frida_mode/test/testinstr.c new file mode 100644 index 00000000..2c3d5144 --- /dev/null +++ b/frida_mode/test/testinstr.c @@ -0,0 +1,105 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +TESTINSTR_SECTION void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/frida_mode/test/testinstr.py b/frida_mode/test/testinstr.py new file mode 100755 index 00000000..8f5fe886 --- /dev/null +++ b/frida_mode/test/testinstr.py @@ -0,0 +1,32 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, section, base): + with open(file, 'rb') as f: + for sect in ELFFile(f).iter_sections(): + if (sect.name == section): + start = base + sect.header['sh_offset'] + end = start + sect.header['sh_size'] + print ("0x%016x-0x%016x" % (start, end)) + return + + print ("Section '%s' not found in '%s'" % (section, file)) + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--section', dest='section', type=str, + help='elf section name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + process_file (args.file, args.section, args.base) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/include/envs.h b/include/envs.h index d7578045..1e383b0c 100644 --- a/include/envs.h +++ b/include/envs.h @@ -50,6 +50,13 @@ static char *afl_environment_variables[] = { "AFL_EXIT_WHEN_DONE", "AFL_FAST_CAL", "AFL_FORCE_UI", + "AFL_FRIDA_DEBUG_MAPS", + "AFL_FRIDA_EXCLUDE_RANGES", + "AFL_FRIDA_INST_NO_OPTIMIZE", + "AFL_FRIDA_INST_NO_PREFETCH", + "AFL_FRIDA_INST_RANGES", + "AFL_FRIDA_INST_STRICT", + "AFL_FRIDA_INST_TRACE", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_GDB", "AFL_GCC_ALLOWLIST", diff --git a/include/forkserver.h b/include/forkserver.h index ac027f81..4709f6a5 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -77,6 +77,8 @@ typedef struct afl_forkserver { bool qemu_mode; /* if running in qemu mode or not */ + bool frida_mode; /* if running in frida mode or not */ + bool use_stdin; /* use stdin for sending data */ bool no_unlink; /* do not unlink cur_input */ diff --git a/src/afl-analyze.c b/src/afl-analyze.c index e106cd31..6ff119ac 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -83,6 +83,7 @@ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_timed_out; /* Child timed out? */ static u8 *target_path; +static u8 frida_mode; static u8 qemu_mode; static u32 map_size = MAP_SIZE; @@ -717,9 +718,11 @@ static void handle_stop_sig(int sig) { /* Do basic preparations - persistent fds, filenames, etc. */ -static void set_up_environment(void) { +static void set_up_environment(char **argv) { - u8 *x; + u8 * x; + char *afl_preload; + char *frida_afl_preload = NULL; dev_null_fd = open("/dev/null", O_RDWR); if (dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } @@ -824,6 +827,26 @@ static void set_up_environment(void) { /* afl-qemu-trace takes care of converting AFL_PRELOAD. */ + } else if (frida_mode) { + + afl_preload = getenv("AFL_PRELOAD"); + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + if (afl_preload) { + + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + + } else { + + frida_afl_preload = alloc_printf("%s", frida_binary); + + } + + ck_free(frida_binary); + OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); + + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); + } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); @@ -831,8 +854,18 @@ static void set_up_environment(void) { } + } else if (frida_mode) { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); + ck_free(frida_binary); + } + if (frida_afl_preload) { ck_free(frida_afl_preload); } + } /* Setup signal handlers, duh. */ @@ -872,6 +905,7 @@ static void usage(u8 *argv0) { " -f file - input file read by the tested program (stdin)\n" " -t msec - timeout for each run (%u ms)\n" " -m megs - memory limit for child process (%u MB)\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine " @@ -914,7 +948,7 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n"); - while ((opt = getopt(argc, argv, "+i:f:m:t:eQUWh")) > 0) { + while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) { switch (opt) { @@ -1008,6 +1042,14 @@ int main(int argc, char **argv_orig, char **envp) { break; + case 'O': /* FRIDA mode */ + + if (frida_mode) { FATAL("Multiple -O options not supported"); } + + frida_mode = 1; + + break; + case 'Q': if (qemu_mode) { FATAL("Multiple -Q options not supported"); } @@ -1062,7 +1104,7 @@ int main(int argc, char **argv_orig, char **envp) { atexit(at_exit_handler); setup_signal_handlers(); - set_up_environment(); + set_up_environment(argv); target_path = find_binary(argv[optind]); detect_file_args(argv + optind, prog_in, &use_stdin); diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 70a49a6b..cb0190a0 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2692,7 +2692,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { #endif /* ^!__APPLE__ */ - if (!afl->fsrv.qemu_mode && !afl->unicorn_mode && + if (!afl->fsrv.qemu_mode && !afl->fsrv.frida_mode && !afl->unicorn_mode && !afl->non_instrumented_mode && !memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) { @@ -2720,7 +2720,7 @@ void check_binary(afl_state_t *afl, u8 *fname) { } - if ((afl->fsrv.qemu_mode) && + if ((afl->fsrv.qemu_mode || afl->fsrv.frida_mode) && memmem(f_data, f_len, SHM_ENV_VAR, strlen(SHM_ENV_VAR) + 1)) { SAYF("\n" cLRD "[-] " cRST @@ -2757,7 +2757,8 @@ void check_binary(afl_state_t *afl, u8 *fname) { } - if (memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) { + if (afl->fsrv.frida_mode || + memmem(f_data, f_len, DEFER_SIG, strlen(DEFER_SIG) + 1)) { OKF(cPIN "Deferred forkserver binary detected."); setenv(DEFER_ENV_VAR, "1", 1); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d70ffd31..34e9d420 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -109,6 +109,7 @@ static void usage(u8 *argv0, int more_help) { "maximum.\n" " -m megs - memory limit for child process (%u MB, 0 = no limit " "[default])\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine " @@ -320,6 +321,8 @@ int main(int argc, char **argv_orig, char **envp) { u8 *extras_dir[4]; u8 mem_limit_given = 0, exit_1 = 0, debug = 0, extras_dir_cnt = 0 /*, have_p = 0*/; + char * afl_preload; + char * frida_afl_preload = NULL; char **use_argv; struct timeval tv; @@ -363,7 +366,7 @@ int main(int argc, char **argv_orig, char **envp) { while ((opt = getopt( argc, argv, - "+b:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNo:p:RQs:S:t:T:UV:Wx:Z")) > 0) { + "+b:B:c:CdDe:E:hi:I:f:F:l:L:m:M:nNOo:p:RQs:S:t:T:UV:Wx:Z")) > 0) { switch (opt) { @@ -755,6 +758,18 @@ int main(int argc, char **argv_orig, char **envp) { afl->use_banner = optarg; break; + case 'O': /* FRIDA mode */ + + if (afl->fsrv.frida_mode) { + + FATAL("Multiple -O options not supported"); + + } + + afl->fsrv.frida_mode = 1; + + break; + case 'Q': /* QEMU mode */ if (afl->fsrv.qemu_mode) { FATAL("Multiple -Q options not supported"); } @@ -1085,6 +1100,7 @@ int main(int argc, char **argv_orig, char **envp) { if (afl->non_instrumented_mode) { if (afl->crash_mode) { FATAL("-C and -n are mutually exclusive"); } + if (afl->fsrv.frida_mode) { FATAL("-O and -n are mutually exclusive"); } if (afl->fsrv.qemu_mode) { FATAL("-Q and -n are mutually exclusive"); } if (afl->unicorn_mode) { FATAL("-U and -n are mutually exclusive"); } @@ -1289,6 +1305,26 @@ int main(int argc, char **argv_orig, char **envp) { /* afl-qemu-trace takes care of converting AFL_PRELOAD. */ + } else if (afl->fsrv.frida_mode) { + + afl_preload = getenv("AFL_PRELOAD"); + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + if (afl_preload) { + + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + + } else { + + frida_afl_preload = alloc_printf("%s", frida_binary); + + } + + ck_free(frida_binary); + OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); + + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); + } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); @@ -1296,6 +1332,14 @@ int main(int argc, char **argv_orig, char **envp) { } + } else if (afl->fsrv.frida_mode) { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); + ck_free(frida_binary); + } if (getenv("AFL_LD_PRELOAD")) { @@ -1479,7 +1523,8 @@ int main(int argc, char **argv_orig, char **envp) { } - if (!afl->fsrv.qemu_mode && !afl->non_instrumented_mode) { + if (!afl->fsrv.qemu_mode && !afl->fsrv.frida_mode && + !afl->non_instrumented_mode) { check_binary(afl, afl->cmplog_binary); @@ -1513,7 +1558,8 @@ int main(int argc, char **argv_orig, char **envp) { } - if (afl->non_instrumented_mode || afl->fsrv.qemu_mode || afl->unicorn_mode) { + if (afl->non_instrumented_mode || afl->fsrv.qemu_mode || + afl->fsrv.frida_mode || afl->unicorn_mode) { map_size = afl->fsrv.map_size = MAP_SIZE; afl->virgin_bits = ck_realloc(afl->virgin_bits, map_size); @@ -2074,6 +2120,8 @@ stop_fuzzing: } + if (frida_afl_preload) { ck_free(frida_afl_preload); } + fclose(afl->fsrv.plot_file); destroy_queue(afl); destroy_extras(afl); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 558665a2..aea90b3b 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -555,8 +555,10 @@ static void handle_stop_sig(int sig) { /* Do basic preparations - persistent fds, filenames, etc. */ -static void set_up_environment(afl_forkserver_t *fsrv) { +static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { + char *afl_preload; + char *frida_afl_preload = NULL; setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" @@ -600,6 +602,26 @@ static void set_up_environment(afl_forkserver_t *fsrv) { /* afl-qemu-trace takes care of converting AFL_PRELOAD. */ + } else if (fsrv->frida_mode) { + + afl_preload = getenv("AFL_PRELOAD"); + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + if (afl_preload) { + + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + + } else { + + frida_afl_preload = alloc_printf("%s", frida_binary); + + } + + ck_free(frida_binary); + OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); + + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); + } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); @@ -607,8 +629,18 @@ static void set_up_environment(afl_forkserver_t *fsrv) { } + } else if (fsrv->frida_mode) { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); + ck_free(frida_binary); + } + if (frida_afl_preload) { ck_free(frida_afl_preload); } + } /* Setup signal handlers, duh. */ @@ -655,6 +687,7 @@ static void usage(u8 *argv0) { "Execution control settings:\n" " -t msec - timeout for each run (none)\n" " -m megs - memory limit for child process (%u MB)\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use Unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine mode)\n" @@ -723,7 +756,7 @@ int main(int argc, char **argv_orig, char **envp) { if (getenv("AFL_QUIET") != NULL) { be_quiet = 1; } - while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqCZQUWbcrsh")) > 0) { + while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqCZOQUWbcrsh")) > 0) { switch (opt) { @@ -857,6 +890,14 @@ int main(int argc, char **argv_orig, char **envp) { at_file = optarg; break; + case 'O': /* FRIDA mode */ + + if (fsrv->frida_mode) { FATAL("Multiple -O options not supported"); } + + fsrv->frida_mode = 1; + + break; + case 'Q': if (fsrv->qemu_mode) { FATAL("Multiple -Q options not supported"); } @@ -943,7 +984,7 @@ int main(int argc, char **argv_orig, char **envp) { shm.cmplog_mode = 0; setup_signal_handlers(); - set_up_environment(fsrv); + set_up_environment(fsrv, argv); fsrv->target_path = find_binary(argv[optind]); fsrv->trace_bits = afl_shm_init(&shm, map_size, 0); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index fc974262..68e61109 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -640,9 +640,11 @@ static void handle_stop_sig(int sig) { /* Do basic preparations - persistent fds, filenames, etc. */ -static void set_up_environment(afl_forkserver_t *fsrv) { +static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { - u8 *x; + u8 * x; + char *afl_preload; + char *frida_afl_preload = NULL; fsrv->dev_null_fd = open("/dev/null", O_RDWR); if (fsrv->dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } @@ -755,6 +757,26 @@ static void set_up_environment(afl_forkserver_t *fsrv) { /* afl-qemu-trace takes care of converting AFL_PRELOAD. */ + } else if (fsrv->frida_mode) { + + afl_preload = getenv("AFL_PRELOAD"); + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + if (afl_preload) { + + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + + } else { + + frida_afl_preload = alloc_printf("%s", frida_binary); + + } + + ck_free(frida_binary); + OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); + + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); + } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); @@ -762,8 +784,18 @@ static void set_up_environment(afl_forkserver_t *fsrv) { } + } else if (fsrv->frida_mode) { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); + ck_free(frida_binary); + } + if (frida_afl_preload) { ck_free(frida_afl_preload); } + } /* Setup signal handlers, duh. */ @@ -804,6 +836,7 @@ static void usage(u8 *argv0) { " -f file - input file read by the tested program (stdin)\n" " -t msec - timeout for each run (%u ms)\n" " -m megs - memory limit for child process (%u MB)\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" " -Q - use binary-only instrumentation (QEMU mode)\n" " -U - use unicorn-based instrumentation (Unicorn mode)\n" " -W - use qemu-based instrumentation with Wine (Wine " @@ -859,7 +892,7 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-tmin" VERSION cRST " by Michal Zalewski\n"); - while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeQUWHh")) > 0) { + while ((opt = getopt(argc, argv, "+i:o:f:m:t:B:xeOQUWHh")) > 0) { switch (opt) { @@ -971,6 +1004,14 @@ int main(int argc, char **argv_orig, char **envp) { break; + case 'O': /* FRIDA mode */ + + if (fsrv->frida_mode) { FATAL("Multiple -O options not supported"); } + + fsrv->frida_mode = 1; + + break; + case 'Q': if (fsrv->qemu_mode) { FATAL("Multiple -Q options not supported"); } @@ -1054,7 +1095,7 @@ int main(int argc, char **argv_orig, char **envp) { atexit(at_exit_handler); setup_signal_handlers(); - set_up_environment(fsrv); + set_up_environment(fsrv, argv); fsrv->target_path = find_binary(argv[optind]); fsrv->trace_bits = afl_shm_init(&shm, map_size, 0); From d319b4a3819052de5bf576c560da6e4687c31de9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 24 Mar 2021 20:02:58 +0100 Subject: [PATCH 018/441] support libraries for find_afl_binary --- src/afl-common.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/src/afl-common.c b/src/afl-common.c index 1f9839a2..087aa113 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -282,12 +282,19 @@ u8 *find_binary(u8 *fname) { u8 *find_afl_binary(u8 *own_loc, u8 *fname) { - u8 *afl_path = NULL, *target_path, *own_copy; + u8 *afl_path = NULL, *target_path, *own_copy, *tmp; + int perm = X_OK; + + if ((tmp = strrchr(fname, '.'))) { + + if (!strcasecmp(tmp, ".so") || !strcasecmp(tmp, ".dylib")) { perm = R_OK; } + + } if ((afl_path = getenv("AFL_PATH"))) { target_path = alloc_printf("%s/%s", afl_path, fname); - if (!access(target_path, X_OK)) { + if (!access(target_path, perm)) { return target_path; @@ -311,7 +318,7 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { target_path = alloc_printf("%s/%s", own_copy, fname); ck_free(own_copy); - if (!access(target_path, X_OK)) { + if (!access(target_path, perm)) { return target_path; @@ -330,7 +337,7 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { } target_path = alloc_printf("%s/%s", BIN_PATH, fname); - if (!access(target_path, X_OK)) { + if (!access(target_path, perm)) { return target_path; @@ -340,7 +347,15 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { } - return find_binary(fname); + if (perm == X_OK) { + + return find_binary(fname); + + } else { + + FATAL("Library '%s' not found", fname); + + } } From ab394836a9fe3faadb9d1af3a7d377bbcf5b5eee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 08:40:33 +0100 Subject: [PATCH 019/441] remove warnings --- include/afl-fuzz.h | 3 ++- include/config.h | 5 +++-- include/forkserver.h | 16 +++++++++------- src/afl-forkserver.c | 4 ++++ src/afl-fuzz.c | 13 +++++++++---- src/afl-showmap.c | 1 - 6 files changed, 27 insertions(+), 15 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 691ba148..046b0177 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -390,7 +390,8 @@ typedef struct afl_env_vars { *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, - *afl_testcache_entries, *afl_kill_signal, *afl_target_env, *afl_persistent_record; + *afl_testcache_entries, *afl_kill_signal, *afl_target_env, + *afl_persistent_record; } afl_env_vars_t; diff --git a/include/config.h b/include/config.h index 4691624a..75f363f7 100644 --- a/include/config.h +++ b/include/config.h @@ -77,8 +77,9 @@ /* If a persistent target keeps state and found crashes are not reproducable then enable this option and set the AFL_PERSISTENT_RECORD env variable - to a number. These number of testcases prior the crash will be kept and - also written to the crash/ directory */ + to a number. These number of testcases prior and including the crash case + will be kept and written to the crash/ directory as RECORD:... files. + Note that every crash will be written, not only unique ones! */ //#define AFL_PERSISTENT_RECORD diff --git a/include/forkserver.h b/include/forkserver.h index c894ad80..808f6bd2 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -95,13 +95,15 @@ typedef struct afl_forkserver { char *cmplog_binary; /* the name of the cmplog binary */ /* persistent mode replay functionality */ - u32 persistent_record; /* persistent replay setting */ - u32 persistent_record_idx; /* persistent replay cache ptr */ - u32 persistent_record_cnt; /* persistent replay counter */ - u8 * persistent_record_dir; - u8 ** persistent_record_data; - u32 * persistent_record_len; - s32 persistent_record_pid; + u32 persistent_record; /* persistent replay setting */ +#ifdef AFL_PERSISTENT_RECORD + u32 persistent_record_idx; /* persistent replay cache ptr */ + u32 persistent_record_cnt; /* persistent replay counter */ + u8 * persistent_record_dir; + u8 **persistent_record_data; + u32 *persistent_record_len; + s32 persistent_record_pid; +#endif /* Function to kick off the forkserver child */ void (*init_child_func)(struct afl_forkserver *fsrv, char **argv); diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 979d7e9e..0037d2d5 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -380,6 +380,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, } } + #endif if (fsrv->use_fauxsrv) { @@ -1073,6 +1074,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { } } + #endif if (likely(fsrv->use_shmem_fuzz && fsrv->shmem_fuzz)) { @@ -1206,6 +1208,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, fsrv->persistent_record_len[idx] = val; } + #endif if (fsrv->child_pid <= 0) { @@ -1336,6 +1339,7 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, ++fsrv->persistent_record_cnt; } + #endif /* For a proper crash, set last_kill_signal to WTERMSIG, else set it to 0 */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index f89c1938..23343ade 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1034,7 +1034,7 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(afl->afl_env.afl_persistent_record)) { -#ifdef AFL_PERSISTENT_RECORD + #ifdef AFL_PERSISTENT_RECORD afl->fsrv.persistent_record = atoi(afl->afl_env.afl_persistent_record); @@ -1046,11 +1046,13 @@ int main(int argc, char **argv_orig, char **envp) { } -#else + #else - FATAL("afl-fuzz was not compiled with AFL_PERSISTENT_RECORD enabled in config.h!"); + FATAL( + "afl-fuzz was not compiled with AFL_PERSISTENT_RECORD enabled in " + "config.h!"); -#endif + #endif } @@ -1520,6 +1522,7 @@ int main(int argc, char **argv_orig, char **envp) { check_binary(afl, argv[optind]); + #ifdef AFL_PERSISTENT_RECORD if (unlikely(afl->fsrv.persistent_record)) { if (!getenv(PERSIST_ENV_VAR)) { @@ -1534,6 +1537,8 @@ int main(int argc, char **argv_orig, char **envp) { } + #endif + if (afl->shmem_testcase_mode) { setup_testcase_shmem(afl); } afl->start_time = get_cur_time(); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 558665a2..bedf7806 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -955,7 +955,6 @@ int main(int argc, char **argv_orig, char **envp) { } - if (in_dir) { /* If we don't have a file name chosen yet, use a safe default. */ From 90e7543038350fab1496b474c5aabd0b89644bad Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 08:54:47 +0100 Subject: [PATCH 020/441] update dynamic list --- README.md | 2 +- dynamic_list.txt | 1 + src/afl-fuzz-state.c | 2 +- src/afl-fuzz.c | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 084971f3..2de35d11 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ sudo apt-get install -y build-essential python3-dev automake git flex bison libg # try to install llvm 11 and install the distro default if that fails sudo apt-get install -y lld-11 llvm-11 llvm-11-dev clang-11 || sudo apt-get install -y lld llvm llvm-dev clang sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/.* //'|sed 's/\..*//')-plugin-dev libstdc++-$(gcc --version|head -n1|sed 's/.* //'|sed 's/\..*//')-dev -git clone https://github.com/AFLplusplus/AFLplusplus && cd AFLplusplus +git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplus make distrib sudo make install diff --git a/dynamic_list.txt b/dynamic_list.txt index f0e54d92..d1905d43 100644 --- a/dynamic_list.txt +++ b/dynamic_list.txt @@ -21,6 +21,7 @@ "__afl_coverage_interesting"; "__afl_fuzz_len"; "__afl_fuzz_ptr"; + "__afl_sharedmem_fuzzing"; "__sanitizer_cov_trace_pc_guard"; "__sanitizer_cov_trace_pc_guard_init"; "__cmplog_ins_hook1"; diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 10a0b869..f65ff1bb 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -102,7 +102,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->stats_update_freq = 1; afl->stats_avg_exec = 0; afl->skip_deterministic = 1; - afl->cmplog_lvl = 1; + afl->cmplog_lvl = 2; #ifndef NO_SPLICING afl->use_splicing = 1; #endif diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 23343ade..75f97719 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -126,7 +126,7 @@ static void usage(u8 *argv0, int more_help) { "it.\n" " if using QEMU, just use -c 0.\n" " -l cmplog_opts - CmpLog configuration values (e.g. \"2AT\"):\n" - " 1=small files (default), 2=larger files, 3=all " + " 1=small files, 2=larger files (default), 3=all " "files,\n" " A=arithmetic solving, T=transformational solving.\n\n" "Fuzzing behavior settings:\n" From 447d232caf9fcd9e6e40c24d17000ff9b98ab693 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 08:55:41 +0100 Subject: [PATCH 021/441] update changelog --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index caa06ffd..87ac858e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,6 +15,7 @@ sending a mail to . - add recording of previous fuzz attempts for persistent mode to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h + - default cmplog level (-l) is now 2, better efficiency. ### Version ++3.12c (release) - afl-fuzz: From 2d662ace87cf4b55ac2a74e333247503a15072b3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 10:25:32 +0100 Subject: [PATCH 022/441] try to trigger github actions --- .github/workflows/build_aflplusplus_docker.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build_aflplusplus_docker.yaml b/.github/workflows/build_aflplusplus_docker.yaml index be8d795d..89e95177 100644 --- a/.github/workflows/build_aflplusplus_docker.yaml +++ b/.github/workflows/build_aflplusplus_docker.yaml @@ -1,4 +1,5 @@ name: Publish Docker Images + on: push: branches: [ stable ] @@ -8,6 +9,7 @@ on: branches: [ stable ] paths: - Dockerfile + jobs: push_to_registry: name: Push Docker images to Dockerhub From 236a67621b82e3f8b809cb4e51975e466c2147d0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 10:27:30 +0100 Subject: [PATCH 023/441] try to trigger github actions --- .github/workflows/build_aflplusplus_docker.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build_aflplusplus_docker.yaml b/.github/workflows/build_aflplusplus_docker.yaml index 89e95177..ab3bfeee 100644 --- a/.github/workflows/build_aflplusplus_docker.yaml +++ b/.github/workflows/build_aflplusplus_docker.yaml @@ -3,12 +3,12 @@ name: Publish Docker Images on: push: branches: [ stable ] - paths: - - Dockerfile +# paths: +# - Dockerfile pull_request: branches: [ stable ] - paths: - - Dockerfile +# paths: +# - Dockerfile jobs: push_to_registry: From c89264205779635ec43f2913a94fa3ae5e6a5186 Mon Sep 17 00:00:00 2001 From: Jiangen Jiao Date: Thu, 25 Mar 2021 12:29:27 +0800 Subject: [PATCH 024/441] android: support host and target 32bit build --- Android.bp | 144 +++++++++++++++++- custom_mutators/Android.bp | 6 + .../libprotobuf-mutator-example/Android.bp | 6 + include/android-ashmem.h | 29 ++-- src/afl-cc.c | 6 +- 5 files changed, 168 insertions(+), 23 deletions(-) diff --git a/Android.bp b/Android.bp index ee076d1e..64794e19 100644 --- a/Android.bp +++ b/Android.bp @@ -1,8 +1,5 @@ cc_defaults { name: "afl-defaults", - sanitize: { - never: true, - }, local_include_dirs: [ "include", @@ -23,18 +20,45 @@ cc_defaults { "-DBIN_PATH=\"out/host/linux-x86/bin\"", "-DDOC_PATH=\"out/host/linux-x86/shared/doc/afl\"", "-D__USE_GNU", - "-D__aarch64__", "-DDEBUG_BUILD", "-U_FORTIFY_SOURCE", "-ggdb3", "-g", "-O0", "-fno-omit-frame-pointer", + "-fPIC", ], + + target: { + android_arm64: { + cflags: [ + "-D__aarch64__", + "-D__ANDROID__", + ], + }, + android_arm: { + cflags: [ + "-D__ANDROID__", + ], + }, + android_x86_64: { + cflags: [ + "-D__ANDROID__", + ], + }, + android_x86: { + cflags: [ + "-D__ANDROID__", + ], + }, + }, } cc_binary { name: "afl-fuzz", + sanitize: { + never: true, + }, host_supported: true, compile_multilib: "64", @@ -128,7 +152,6 @@ cc_binary_host { ], cflags: [ - "-D__ANDROID__", "-DAFL_PATH=\"out/host/linux-x86/lib64\"", "-DAFL_CLANG_FLTO=\"-flto=full\"", "-DUSE_BINDIR=1", @@ -199,6 +222,7 @@ cc_library_headers { export_include_dirs: [ "include", + "instrumentation", ], } @@ -268,6 +292,116 @@ cc_binary { ], } +cc_binary { + name: "afl-fuzz-32", + sanitize: { + never: true, + }, + host_supported: true, + compile_multilib: "32", + + defaults: [ + "afl-defaults", + ], + + srcs: [ + "src/afl-fuzz*.c", + "src/afl-common.c", + "src/afl-sharedmem.c", + "src/afl-forkserver.c", + "src/afl-performance.c", + ], +} + +cc_binary_host { + name: "afl-cc-32", + compile_multilib: "32", + static_executable: true, + + defaults: [ + "afl-defaults", + ], + + cflags: [ + "-DAFL_PATH=\"out/host/linux-x86/lib64\"", + "-DAFL_CLANG_FLTO=\"-flto=full\"", + "-DUSE_BINDIR=1", + "-DLLVM_BINDIR=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin\"", + "-DLLVM_LIBDIR=\"prebuilts/clang/host/linux-x86/clang-r383902b/lib64\"", + "-DCLANGPP_BIN=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin/clang++\"", + "-DAFL_REAL_LD=\"prebuilts/clang/host/linux-x86/clang-r383902b/bin/ld.lld\"", + "-DLLVM_LTO=1", + "-DLLVM_MAJOR=11", + "-DLLVM_MINOR=2", + ], + + srcs: [ + "src/afl-cc.c", + "src/afl-common.c", + ], + + symlinks: [ + "afl-clang-fast-32", + "afl-clang-fast++-32", + ], +} + +cc_library_static { + name: "afl-llvm-rt-32", + compile_multilib: "32", + vendor_available: true, + host_supported: true, + recovery_available: true, + sdk_version: "9", + + apex_available: [ + "com.android.adbd", + "com.android.appsearch", + "com.android.art", + "com.android.bluetooth.updatable", + "com.android.cellbroadcast", + "com.android.conscrypt", + "com.android.extservices", + "com.android.cronet", + "com.android.neuralnetworks", + "com.android.media", + "com.android.media.swcodec", + "com.android.mediaprovider", + "com.android.permission", + "com.android.runtime", + "com.android.resolv", + "com.android.tethering", + "com.android.wifi", + "com.android.sdkext", + "com.android.os.statsd", + "//any", + ], + + defaults: [ + "afl-defaults", + ], + + srcs: [ + "instrumentation/afl-compiler-rt.o.c", + ], +} + +cc_prebuilt_library_static { + name: "libfrida-gum-32", + compile_multilib: "32", + strip: { + none: true, + }, + + srcs: [ + "utils/afl_frida/android/arm/libfrida-gum.a", + ], + + export_include_dirs: [ + "utils/afl_frida/android/arm", + ], +} + subdirs = [ "custom_mutators", ] diff --git a/custom_mutators/Android.bp b/custom_mutators/Android.bp index 89abc3e9..5c7e06e3 100644 --- a/custom_mutators/Android.bp +++ b/custom_mutators/Android.bp @@ -10,6 +10,8 @@ cc_library_shared { "-fPIC", "-fpermissive", "-std=c++11", + "-Wno-unused-parameter", + "-Wno-unused-variable", ], srcs: [ @@ -77,6 +79,8 @@ cc_library_shared { "-O0", "-funroll-loops", "-fPIC", + "-Wno-unused-parameter", + "-Wno-unused-function", ], srcs: [ @@ -99,6 +103,8 @@ cc_library_shared { "-O0", "-funroll-loops", "-fPIC", + "-Wno-unused-parameter", + "-Wno-pointer-sign", ], srcs: [ diff --git a/custom_mutators/libprotobuf-mutator-example/Android.bp b/custom_mutators/libprotobuf-mutator-example/Android.bp index 01f1c23e..4f579735 100644 --- a/custom_mutators/libprotobuf-mutator-example/Android.bp +++ b/custom_mutators/libprotobuf-mutator-example/Android.bp @@ -8,6 +8,7 @@ cc_library_shared { "-O0", "-fPIC", "-Wall", + "-Wno-unused-parameter", ], srcs: [ @@ -29,4 +30,9 @@ cc_binary { srcs: [ "vuln.c", ], + + cflags: [ + "-Wno-unused-result", + "-Wno-unused-parameter", + ], } diff --git a/include/android-ashmem.h b/include/android-ashmem.h index 91699b27..44fe556a 100644 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -2,32 +2,31 @@ #ifndef _ANDROID_ASHMEM_H #define _ANDROID_ASHMEM_H + #define _GNU_SOURCE + #include + #include #include #include #include #include - - #if __ANDROID_API__ >= 26 - #define shmat bionic_shmat - #define shmctl bionic_shmctl - #define shmdt bionic_shmdt - #define shmget bionic_shmget - #endif #include - #undef shmat - #undef shmctl - #undef shmdt - #undef shmget #include - #define ASHMEM_DEVICE "/dev/ashmem" +int shmdt(const void* address) { +#if defined(SYS_shmdt) + return syscall(SYS_shmdt, address); +#else + return syscall(SYS_ipc, SHMDT, 0, 0, 0, address, 0); +#endif +} + int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { int ret = 0; if (__cmd == IPC_RMID) { - int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); + int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); struct ashmem_pin pin = {0, length}; ret = ioctl(__shmid, ASHMEM_UNPIN, &pin); close(__shmid); @@ -78,6 +77,6 @@ void *shmat(int __shmid, const void *__shmaddr, int __shmflg) { } - #endif /* !_ANDROID_ASHMEM_H */ -#endif /* !__ANDROID__ */ + #endif /* !_ANDROID_ASHMEM_H */ +#endif /* !__ANDROID__ */ diff --git a/src/afl-cc.c b/src/afl-cc.c index 80fc0742..2ee840d7 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -588,9 +588,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (instrument_mode == INSTRUMENT_PCGUARD) { #if LLVM_MAJOR > 10 || (LLVM_MAJOR == 10 && LLVM_MINOR > 0) - #ifdef __ANDROID__ + #if defined __ANDROID__ || ANDROID cc_params[cc_par_cnt++] = "-fsanitize-coverage=trace-pc-guard"; - instrument_mode != INSTRUMENT_LLVMNATIVE; + instrument_mode = INSTRUMENT_LLVMNATIVE; #else if (have_instr_list) { @@ -2023,7 +2023,7 @@ int main(int argc, char **argv, char **envp) { if (!be_quiet && cmplog_mode) printf("CmpLog mode by \n"); -#ifndef __ANDROID__ +#if !defined(__ANDROID__) && !defined(ANDROID) ptr = find_object("afl-compiler-rt.o", argv[0]); if (!ptr) { From 0029c1a83ef03825c2d19c73151189f159458496 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 15:35:06 +0100 Subject: [PATCH 025/441] remove InsTrim --- GNUmakefile.llvm | 5 +- README.md | 1 - docs/Changelog.md | 2 + docs/PATCHES.md | 43 --- docs/env_variables.md | 27 +- docs/perf_tips.md | 3 - instrumentation/LLVMInsTrim.so.cc | 599 ----------------------------- instrumentation/MarkNodes.cc | 481 ----------------------- instrumentation/MarkNodes.h | 12 - instrumentation/README.instrim.md | 30 -- instrumentation/README.llvm.md | 17 +- instrumentation/README.snapshot.md | 2 + src/afl-cc.c | 50 +-- src/afl-ld-lto.c | 20 +- test/test-llvm.sh | 21 - 15 files changed, 29 insertions(+), 1284 deletions(-) delete mode 100644 docs/PATCHES.md delete mode 100644 instrumentation/LLVMInsTrim.so.cc delete mode 100644 instrumentation/MarkNodes.cc delete mode 100644 instrumentation/MarkNodes.h delete mode 100644 instrumentation/README.instrim.md diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 111a847d..4b5ac520 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -304,7 +304,7 @@ ifeq "$(TEST_MMAP)" "1" endif PROGS_ALWAYS = ./afl-cc ./afl-compiler-rt.o ./afl-compiler-rt-32.o ./afl-compiler-rt-64.o -PROGS = $(PROGS_ALWAYS) ./afl-llvm-pass.so ./SanitizerCoveragePCGUARD.so ./split-compares-pass.so ./split-switches-pass.so ./cmplog-routines-pass.so ./cmplog-instructions-pass.so ./afl-llvm-dict2file.so ./compare-transform-pass.so ./libLLVMInsTrim.so ./afl-ld-lto ./afl-llvm-lto-instrumentlist.so ./afl-llvm-lto-instrumentation.so ./SanitizerCoverageLTO.so +PROGS = $(PROGS_ALWAYS) ./afl-llvm-pass.so ./SanitizerCoveragePCGUARD.so ./split-compares-pass.so ./split-switches-pass.so ./cmplog-routines-pass.so ./cmplog-instructions-pass.so ./afl-llvm-dict2file.so ./compare-transform-pass.so ./afl-ld-lto ./afl-llvm-lto-instrumentlist.so ./afl-llvm-lto-instrumentation.so ./SanitizerCoverageLTO.so # If prerequisites are not given, warn, do not build anything, and exit with code 0 ifeq "$(LLVMVER)" "" @@ -382,9 +382,6 @@ endif instrumentation/afl-llvm-common.o: instrumentation/afl-llvm-common.cc instrumentation/afl-llvm-common.h $(CXX) $(CFLAGS) $(CPPFLAGS) `$(LLVM_CONFIG) --cxxflags` -fno-rtti -fPIC -std=$(LLVM_STDCXX) -c $< -o $@ -./libLLVMInsTrim.so: instrumentation/LLVMInsTrim.so.cc instrumentation/MarkNodes.cc instrumentation/afl-llvm-common.o | test_deps - -$(CXX) $(CLANG_CPPFL) -DLLVMInsTrim_EXPORTS -fno-rtti -fPIC -std=$(LLVM_STDCXX) -shared $< instrumentation/MarkNodes.cc -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o - ./afl-llvm-pass.so: instrumentation/afl-llvm-pass.so.cc instrumentation/afl-llvm-common.o | test_deps ifeq "$(LLVM_MIN_4_0_1)" "0" $(info [!] N-gram branch coverage instrumentation is not available for llvm version $(LLVMVER)) diff --git a/README.md b/README.md index 2de35d11..3ba05777 100644 --- a/README.md +++ b/README.md @@ -370,7 +370,6 @@ There are many more options and modes available however these are most of the time less effective. See: * [instrumentation/README.ctx.md](instrumentation/README.ctx.md) * [instrumentation/README.ngram.md](instrumentation/README.ngram.md) - * [instrumentation/README.instrim.md](instrumentation/README.instrim.md) afl++ performs "never zero" counting in its bitmap. You can read more about this here: diff --git a/docs/Changelog.md b/docs/Changelog.md index 87ac858e..730791da 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -16,6 +16,8 @@ sending a mail to . to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h - default cmplog level (-l) is now 2, better efficiency. + - afl-cc: + - Removed InsTrim instrumentation as it is not as good as PCGUARD ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/PATCHES.md b/docs/PATCHES.md deleted file mode 100644 index b2cff43a..00000000 --- a/docs/PATCHES.md +++ /dev/null @@ -1,43 +0,0 @@ -# Applied Patches - -The following patches from https://github.com/vanhauser-thc/afl-patches -have been installed or not installed: - - -## INSTALLED -``` -afl-llvm-fix.diff by kcwu(at)csie(dot)org -afl-sort-all_uniq-fix.diff by legarrec(dot)vincent(at)gmail(dot)com -laf-intel.diff by heiko(dot)eissfeldt(at)hexco(dot)de -afl-llvm-optimize.diff by mh(at)mh-sec(dot)de -afl-fuzz-tmpdir.diff by mh(at)mh-sec(dot)de -afl-fuzz-79x24.diff by heiko(dot)eissfeldt(at)hexco(dot)de -afl-fuzz-fileextensionopt.diff tbd -afl-as-AFL_INST_RATIO.diff by legarrec(dot)vincent(at)gmail(dot)com -afl-qemu-ppc64.diff by william(dot)barsse(at)airbus(dot)com -afl-qemu-optimize-entrypoint.diff by mh(at)mh-sec(dot)de -afl-qemu-speed.diff by abiondo on github -afl-qemu-optimize-map.diff by mh(at)mh-sec(dot)de -``` - -+ llvm_mode ngram prev_loc coverage (github.com/adrianherrera/afl-ngram-pass) -+ Custom mutator (native library) (by kyakdan) -+ unicorn_mode (modernized and updated by domenukk) -+ instrim (https://github.com/csienslab/instrim) was integrated -+ MOpt (github.com/puppet-meteor/MOpt-AFL) was imported -+ AFLfast additions (github.com/mboehme/aflfast) were incorporated. -+ Qemu 3.1 upgrade with enhancement patches (github.com/andreafioraldi/afl) -+ Python mutator modules support (github.com/choller/afl) -+ Instrument file list in LLVM mode (github.com/choller/afl) -+ forkserver patch for afl-tmin (github.com/nccgroup/TriforceAFL) - - -## NOT INSTALLED - -``` -afl-fuzz-context_sensitive.diff - changes too much of the behaviour -afl-tmpfs.diff - same as afl-fuzz-tmpdir.diff but more complex -afl-cmin-reduce-dataset.diff - unsure of the impact -afl-llvm-fix2.diff - not needed with the other patches -``` - diff --git a/docs/env_variables.md b/docs/env_variables.md index 6d3d1714..572fad01 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -130,16 +130,15 @@ Then there are a few specific features that are only available in instrumentatio PCGUARD - our own pcgard based instrumentation (default) NATIVE - clang's original pcguard based instrumentation CLASSIC - classic AFL (map[cur_loc ^ prev_loc >> 1]++) (default) - CFG - InsTrim instrumentation (see below) LTO - LTO instrumentation (see below) CTX - context sensitive instrumentation (see below) NGRAM-x - deeper previous location coverage (from NGRAM-2 up to NGRAM-16) GCC - outdated gcc instrumentation CLANG - outdated clang instrumentation - In CLASSIC (default) and CFG/INSTRIM you can also specify CTX and/or - NGRAM, seperate the options with a comma "," then, e.g.: - `AFL_LLVM_INSTRUMENT=CFG,CTX,NGRAM-4` - Not that this is a good idea to use both CTX and NGRAM :) + In CLASSIC you can also specify CTX and/or NGRAM, seperate the options + with a comma "," then, e.g.: + `AFL_LLVM_INSTRUMENT=CLASSIC,CTX,NGRAM-4` + Note that this is actually not a good idea to use both CTX and NGRAM :) ### LTO @@ -173,24 +172,6 @@ Then there are a few specific features that are only available in instrumentatio See [instrumentation/README.lto.md](../instrumentation/README.lto.md) for more information. -### INSTRIM - - This feature increases the speed by ~15% without any disadvantages to the - classic instrumentation. - - Note that there is also an LTO version (if you have llvm 11 or higher) - - that is the best instrumentation we have. Use `afl-clang-lto` to activate. - The InsTrim LTO version additionally has all the options and features of - LTO (see above). - - - Setting `AFL_LLVM_INSTRIM` or `AFL_LLVM_INSTRUMENT=CFG` activates this mode - - - Setting `AFL_LLVM_INSTRIM_LOOPHEAD=1` expands on INSTRIM to optimize loops. - afl-fuzz will only be able to see the path the loop took, but not how - many times it was called (unless it is a complex loop). - - See [instrumentation/README.instrim.md](../instrumentation/README.instrim.md) - ### NGRAM - Setting `AFL_LLVM_NGRAM_SIZE` or `AFL_LLVM_INSTRUMENT=NGRAM-{value}` diff --git a/docs/perf_tips.md b/docs/perf_tips.md index fbcb4d8d..c5968206 100644 --- a/docs/perf_tips.md +++ b/docs/perf_tips.md @@ -69,9 +69,6 @@ If you are only interested in specific parts of the code being fuzzed, you can instrument_files the files that are actually relevant. This improves the speed and accuracy of afl. See instrumentation/README.instrument_list.md -Also use the InsTrim mode on larger binaries, this improves performance and -coverage a lot. - ## 4. Profile and optimize the binary Check for any parameters or settings that obviously improve performance. For diff --git a/instrumentation/LLVMInsTrim.so.cc b/instrumentation/LLVMInsTrim.so.cc deleted file mode 100644 index 62de6ec5..00000000 --- a/instrumentation/LLVMInsTrim.so.cc +++ /dev/null @@ -1,599 +0,0 @@ -#include -#include -#include -#include - -#include "llvm/Config/llvm-config.h" -#if LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR < 5 -typedef long double max_align_t; -#endif - -#include "llvm/ADT/DenseMap.h" -#include "llvm/ADT/DenseSet.h" -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) - #include "llvm/IR/CFG.h" - #include "llvm/IR/Dominators.h" - #include "llvm/IR/DebugInfo.h" -#else - #include "llvm/Support/CFG.h" - #include "llvm/Analysis/Dominators.h" - #include "llvm/DebugInfo.h" -#endif -#include "llvm/IR/IRBuilder.h" -#include "llvm/IR/Instructions.h" -#include "llvm/IR/LegacyPassManager.h" -#include "llvm/IR/Module.h" -#include "llvm/Pass.h" -#include "llvm/Support/raw_ostream.h" -#include "llvm/Support/CommandLine.h" -#include "llvm/Transforms/IPO/PassManagerBuilder.h" -#include "llvm/Transforms/Utils/BasicBlockUtils.h" -#include "llvm/IR/BasicBlock.h" -#include -#include -#include -#include -#include - -#include "MarkNodes.h" -#include "afl-llvm-common.h" -#include "llvm-alternative-coverage.h" - -#include "config.h" -#include "debug.h" - -using namespace llvm; - -static cl::opt MarkSetOpt("markset", cl::desc("MarkSet"), - cl::init(false)); -static cl::opt LoopHeadOpt("loophead", cl::desc("LoopHead"), - cl::init(false)); - -namespace { - -struct InsTrim : public ModulePass { - - protected: - uint32_t function_minimum_size = 1; - char * skip_nozero = NULL; - - private: - std::mt19937 generator; - int total_instr = 0; - - unsigned int genLabel() { - - return generator() & (MAP_SIZE - 1); - - } - - public: - static char ID; - - InsTrim() : ModulePass(ID), generator(0) { - - initInstrumentList(); - - } - - void getAnalysisUsage(AnalysisUsage &AU) const override { - - AU.addRequired(); - - } - -#if LLVM_VERSION_MAJOR < 4 - const char * -#else - StringRef -#endif - getPassName() const override { - - return "InstTrim Instrumentation"; - - } - -#if LLVM_VERSION_MAJOR > 4 || \ - (LLVM_VERSION_MAJOR == 4 && LLVM_VERSION_PATCH >= 1) - #define AFL_HAVE_VECTOR_INTRINSICS 1 -#endif - - bool runOnModule(Module &M) override { - - setvbuf(stdout, NULL, _IONBF, 0); - - if ((isatty(2) && !getenv("AFL_QUIET")) || getenv("AFL_DEBUG") != NULL) { - - SAYF(cCYA "LLVMInsTrim" VERSION cRST " by csienslab\n"); - - } else - - be_quiet = 1; - - if (getenv("AFL_DEBUG") != NULL) debug = 1; - - LLVMContext &C = M.getContext(); - - IntegerType *Int8Ty = IntegerType::getInt8Ty(C); - IntegerType *Int32Ty = IntegerType::getInt32Ty(C); - -#if LLVM_VERSION_MAJOR < 9 - char *neverZero_counters_str; - if ((neverZero_counters_str = getenv("AFL_LLVM_NOT_ZERO")) != NULL) - if (!be_quiet) OKF("LLVM neverZero activated (by hexcoder)\n"); -#endif - skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); - - if (getenv("AFL_LLVM_INSTRIM_LOOPHEAD") != NULL || - getenv("LOOPHEAD") != NULL) { - - LoopHeadOpt = true; - - } - - unsigned int PrevLocSize = 0; - char * ngram_size_str = getenv("AFL_LLVM_NGRAM_SIZE"); - if (!ngram_size_str) ngram_size_str = getenv("AFL_NGRAM_SIZE"); - char *caller_str = getenv("AFL_LLVM_CALLER"); - -#ifdef AFL_HAVE_VECTOR_INTRINSICS - unsigned int ngram_size = 0; - /* Decide previous location vector size (must be a power of two) */ - VectorType *PrevLocTy = NULL; - - if (ngram_size_str) - if (sscanf(ngram_size_str, "%u", &ngram_size) != 1 || ngram_size < 2 || - ngram_size > NGRAM_SIZE_MAX) - FATAL( - "Bad value of AFL_NGRAM_SIZE (must be between 2 and NGRAM_SIZE_MAX " - "(%u))", - NGRAM_SIZE_MAX); - - if (ngram_size) - PrevLocSize = ngram_size - 1; - else -#else - if (ngram_size_str) - #ifdef LLVM_VERSION_STRING - FATAL( - "Sorry, NGRAM branch coverage is not supported with llvm version %s!", - LLVM_VERSION_STRING); - #else - #ifndef LLVM_VERSION_PATCH - FATAL( - "Sorry, NGRAM branch coverage is not supported with llvm version " - "%d.%d.%d!", - LLVM_VERSION_MAJOR, LLVM_VERSION_MINOR, 0); - #else - FATAL( - "Sorry, NGRAM branch coverage is not supported with llvm version " - "%d.%d.%d!", - LLVM_VERSION_MAJOR, LLVM_VERSION_MINOR, LLVM_VERISON_PATCH); - #endif - #endif -#endif - PrevLocSize = 1; - -#ifdef AFL_HAVE_VECTOR_INTRINSICS - // IntegerType *Int64Ty = IntegerType::getInt64Ty(C); - int PrevLocVecSize = PowerOf2Ceil(PrevLocSize); - IntegerType *IntLocTy = - IntegerType::getIntNTy(C, sizeof(PREV_LOC_T) * CHAR_BIT); - if (ngram_size) - PrevLocTy = VectorType::get(IntLocTy, PrevLocVecSize - #if LLVM_VERSION_MAJOR >= 12 - , - false - #endif - ); -#endif - - /* Get globals for the SHM region and the previous location. Note that - __afl_prev_loc is thread-local. */ - - GlobalVariable *AFLMapPtr = - new GlobalVariable(M, PointerType::get(Int8Ty, 0), false, - GlobalValue::ExternalLinkage, 0, "__afl_area_ptr"); - GlobalVariable *AFLPrevLoc; - GlobalVariable *AFLContext = NULL; - LoadInst * PrevCaller = NULL; // for CALLER sensitive coverage - - if (caller_str) -#if defined(__ANDROID__) || defined(__HAIKU__) - AFLContext = new GlobalVariable( - M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_ctx"); -#else - AFLContext = new GlobalVariable( - M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_ctx", - 0, GlobalVariable::GeneralDynamicTLSModel, 0, false); -#endif - -#ifdef AFL_HAVE_VECTOR_INTRINSICS - if (ngram_size) - #if defined(__ANDROID__) || defined(__HAIKU__) - AFLPrevLoc = new GlobalVariable( - M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage, - /* Initializer */ nullptr, "__afl_prev_loc"); - #else - AFLPrevLoc = new GlobalVariable( - M, PrevLocTy, /* isConstant */ false, GlobalValue::ExternalLinkage, - /* Initializer */ nullptr, "__afl_prev_loc", - /* InsertBefore */ nullptr, GlobalVariable::GeneralDynamicTLSModel, - /* AddressSpace */ 0, /* IsExternallyInitialized */ false); - #endif - else -#endif -#if defined(__ANDROID__) || defined(__HAIKU__) - AFLPrevLoc = new GlobalVariable( - M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc"); -#else - AFLPrevLoc = new GlobalVariable( - M, Int32Ty, false, GlobalValue::ExternalLinkage, 0, "__afl_prev_loc", 0, - GlobalVariable::GeneralDynamicTLSModel, 0, false); -#endif - -#ifdef AFL_HAVE_VECTOR_INTRINSICS - /* Create the vector shuffle mask for updating the previous block history. - Note that the first element of the vector will store cur_loc, so just set - it to undef to allow the optimizer to do its thing. */ - - SmallVector PrevLocShuffle = {UndefValue::get(Int32Ty)}; - - for (unsigned I = 0; I < PrevLocSize - 1; ++I) - PrevLocShuffle.push_back(ConstantInt::get(Int32Ty, I)); - - for (int I = PrevLocSize; I < PrevLocVecSize; ++I) - PrevLocShuffle.push_back(ConstantInt::get(Int32Ty, PrevLocSize)); - - Constant *PrevLocShuffleMask = ConstantVector::get(PrevLocShuffle); -#endif - - // this is our default - MarkSetOpt = true; - - ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); - ConstantInt *One = ConstantInt::get(Int8Ty, 1); - - u64 total_rs = 0; - u64 total_hs = 0; - - scanForDangerousFunctions(&M); - - for (Function &F : M) { - - if (debug) { - - uint32_t bb_cnt = 0; - - for (auto &BB : F) - if (BB.size() > 0) ++bb_cnt; - DEBUGF("Function %s size %zu %u\n", F.getName().str().c_str(), F.size(), - bb_cnt); - - } - - if (!isInInstrumentList(&F)) continue; - - // if the function below our minimum size skip it (1 or 2) - if (F.size() < function_minimum_size) { continue; } - - std::unordered_set MS; - if (!MarkSetOpt) { - - for (auto &BB : F) { - - MS.insert(&BB); - - } - - total_rs += F.size(); - - } else { - - auto Result = markNodes(&F); - auto RS = Result.first; - auto HS = Result.second; - - MS.insert(RS.begin(), RS.end()); - if (!LoopHeadOpt) { - - MS.insert(HS.begin(), HS.end()); - total_rs += MS.size(); - - } else { - - DenseSet> EdgeSet; - DominatorTreeWrapperPass * DTWP = - &getAnalysis(F); - auto DT = &DTWP->getDomTree(); - - total_rs += RS.size(); - total_hs += HS.size(); - - for (BasicBlock *BB : HS) { - - bool Inserted = false; - for (auto BI = pred_begin(BB), BE = pred_end(BB); BI != BE; ++BI) { - - auto Edge = BasicBlockEdge(*BI, BB); - if (Edge.isSingleEdge() && DT->dominates(Edge, BB)) { - - EdgeSet.insert({*BI, BB}); - Inserted = true; - break; - - } - - } - - if (!Inserted) { - - MS.insert(BB); - total_rs += 1; - total_hs -= 1; - - } - - } - - for (auto I = EdgeSet.begin(), E = EdgeSet.end(); I != E; ++I) { - - auto PredBB = I->first; - auto SuccBB = I->second; - auto NewBB = - SplitBlockPredecessors(SuccBB, {PredBB}, ".split", DT, nullptr, -#if LLVM_VERSION_MAJOR >= 8 - nullptr, -#endif - false); - MS.insert(NewBB); - - } - - } - - for (BasicBlock &BB : F) { - - if (MS.find(&BB) == MS.end()) { continue; } - IRBuilder<> IRB(&*BB.getFirstInsertionPt()); - -#ifdef AFL_HAVE_VECTOR_INTRINSICS - if (ngram_size) { - - LoadInst *PrevLoc = IRB.CreateLoad(AFLPrevLoc); - PrevLoc->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); - - Value *ShuffledPrevLoc = IRB.CreateShuffleVector( - PrevLoc, UndefValue::get(PrevLocTy), PrevLocShuffleMask); - Value *UpdatedPrevLoc = IRB.CreateInsertElement( - ShuffledPrevLoc, ConstantInt::get(Int32Ty, genLabel()), - (uint64_t)0); - - IRB.CreateStore(UpdatedPrevLoc, AFLPrevLoc) - ->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); - - } else - -#endif - { - - IRB.CreateStore(ConstantInt::get(Int32Ty, genLabel()), AFLPrevLoc); - - } - - } - - } - - int has_calls = 0; - for (BasicBlock &BB : F) { - - auto PI = pred_begin(&BB); - auto PE = pred_end(&BB); - IRBuilder<> IRB(&*BB.getFirstInsertionPt()); - Value * L = NULL; - unsigned int cur_loc; - - // Context sensitive coverage - if (caller_str && &BB == &F.getEntryBlock()) { - - PrevCaller = IRB.CreateLoad(AFLContext); - PrevCaller->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); - - // does the function have calls? and is any of the calls larger than - // one basic block? - has_calls = 0; - for (auto &BB2 : F) { - - if (has_calls) break; - for (auto &IN : BB2) { - - CallInst *callInst = nullptr; - if ((callInst = dyn_cast(&IN))) { - - Function *Callee = callInst->getCalledFunction(); - if (!Callee || Callee->size() < function_minimum_size) - continue; - else { - - has_calls = 1; - break; - - } - - } - - } - - } - - // if yes we store a context ID for this function in the global var - if (has_calls) { - - ConstantInt *NewCtx = ConstantInt::get(Int32Ty, genLabel()); - StoreInst * StoreCtx = IRB.CreateStore(NewCtx, AFLContext); - StoreCtx->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); - - } - - } // END of caller_str - - if (MarkSetOpt && MS.find(&BB) == MS.end()) { continue; } - - if (PI == PE) { - - cur_loc = genLabel(); - L = ConstantInt::get(Int32Ty, cur_loc); - - } else { - - auto *PN = PHINode::Create(Int32Ty, 0, "", &*BB.begin()); - DenseMap PredMap; - for (PI = pred_begin(&BB), PE = pred_end(&BB); PI != PE; ++PI) { - - BasicBlock *PBB = *PI; - auto It = PredMap.insert({PBB, genLabel()}); - unsigned Label = It.first->second; - // cur_loc = Label; - PN->addIncoming(ConstantInt::get(Int32Ty, Label), PBB); - - } - - L = PN; - - } - - /* Load prev_loc */ - LoadInst *PrevLoc = IRB.CreateLoad(AFLPrevLoc); - PrevLoc->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - Value *PrevLocTrans; - -#ifdef AFL_HAVE_VECTOR_INTRINSICS - /* "For efficiency, we propose to hash the tuple as a key into the - hit_count map as (prev_block_trans << 1) ^ curr_block_trans, where - prev_block_trans = (block_trans_1 ^ ... ^ block_trans_(n-1)" */ - - if (ngram_size) - PrevLocTrans = - IRB.CreateZExt(IRB.CreateXorReduce(PrevLoc), IRB.getInt32Ty()); - else -#endif - PrevLocTrans = IRB.CreateZExt(PrevLoc, IRB.getInt32Ty()); - - if (caller_str) - PrevLocTrans = - IRB.CreateZExt(IRB.CreateXor(PrevLocTrans, PrevCaller), Int32Ty); - - /* Load SHM pointer */ - LoadInst *MapPtr = IRB.CreateLoad(AFLMapPtr); - MapPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - Value *MapPtrIdx; -#ifdef AFL_HAVE_VECTOR_INTRINSICS - if (ngram_size) - MapPtrIdx = IRB.CreateGEP( - MapPtr, IRB.CreateZExt(IRB.CreateXor(PrevLocTrans, L), Int32Ty)); - else -#endif - MapPtrIdx = IRB.CreateGEP(MapPtr, IRB.CreateXor(PrevLocTrans, L)); - - /* Update bitmap */ - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - - Value *Incr = IRB.CreateAdd(Counter, One); - -#if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) // with llvm 9 we make this the default as the bug in llvm is - // then fixed -#else - if (!skip_nozero) -#endif - { - - /* hexcoder: Realize a counter that skips zero during overflow. - * Once this counter reaches its maximum value, it next increments to - * 1 - * - * Instead of - * Counter + 1 -> Counter - * we inject now this - * Counter + 1 -> {Counter, OverflowFlag} - * Counter + OverflowFlag -> Counter - */ - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); - - } - - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - - if (caller_str && has_calls) { - - // in CALLER mode we have to restore the original context for the - // caller - she might be calling other functions which need the - // correct CALLER - Instruction *Inst = BB.getTerminator(); - if (isa(Inst) || isa(Inst)) { - - IRBuilder<> Post_IRB(Inst); - StoreInst * RestoreCtx = - Post_IRB.CreateStore(PrevCaller, AFLContext); - RestoreCtx->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); - - } - - } - - total_instr++; - - } - - } - - if (!be_quiet) { - - char modeline[100]; - snprintf(modeline, sizeof(modeline), "%s%s%s%s%s", - getenv("AFL_HARDEN") ? "hardened" : "non-hardened", - getenv("AFL_USE_ASAN") ? ", ASAN" : "", - getenv("AFL_USE_MSAN") ? ", MSAN" : "", - getenv("AFL_USE_CFISAN") ? ", CFISAN" : "", - getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); - - OKF("Instrumented %d locations (%llu, %llu) (%s mode)\n", total_instr, - total_rs, total_hs, modeline); - - } - - return false; - - } - -}; // end of struct InsTrim - -} // end of anonymous namespace - -char InsTrim::ID = 0; - -static void registerAFLPass(const PassManagerBuilder &, - legacy::PassManagerBase &PM) { - - PM.add(new InsTrim()); - -} - -static RegisterStandardPasses RegisterAFLPass( - PassManagerBuilder::EP_OptimizerLast, registerAFLPass); - -static RegisterStandardPasses RegisterAFLPass0( - PassManagerBuilder::EP_EnabledOnOptLevel0, registerAFLPass); - diff --git a/instrumentation/MarkNodes.cc b/instrumentation/MarkNodes.cc deleted file mode 100644 index b77466d9..00000000 --- a/instrumentation/MarkNodes.cc +++ /dev/null @@ -1,481 +0,0 @@ -#include -#include -#include -#include -#include - -#include "llvm/Config/llvm-config.h" -#if LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR < 5 -typedef long double max_align_t; -#endif - -#include "llvm/ADT/DenseMap.h" -#include "llvm/ADT/DenseSet.h" -#include "llvm/ADT/SmallVector.h" -#include "llvm/IR/BasicBlock.h" -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) - #include "llvm/IR/CFG.h" -#else - #include "llvm/Support/CFG.h" -#endif -#include "llvm/IR/Constants.h" -#include "llvm/IR/Function.h" -#include "llvm/IR/IRBuilder.h" -#include "llvm/IR/Instructions.h" -#include "llvm/IR/Module.h" -#include "llvm/Pass.h" -#include "llvm/Support/Debug.h" -#include "llvm/Support/raw_ostream.h" - -using namespace llvm; - -DenseMap LMap; -std::vector Blocks; -std::set Marked, Markabove; -std::vector > Succs, Preds; - -void reset() { - - LMap.clear(); - Blocks.clear(); - Marked.clear(); - Markabove.clear(); - -} - -uint32_t start_point; - -void labelEachBlock(Function *F) { - - // Fake single endpoint; - LMap[NULL] = Blocks.size(); - Blocks.push_back(NULL); - - // Assign the unique LabelID to each block; - for (auto I = F->begin(), E = F->end(); I != E; ++I) { - - BasicBlock *BB = &*I; - LMap[BB] = Blocks.size(); - Blocks.push_back(BB); - - } - - start_point = LMap[&F->getEntryBlock()]; - -} - -void buildCFG(Function *F) { - - Succs.resize(Blocks.size()); - Preds.resize(Blocks.size()); - for (size_t i = 0; i < Succs.size(); i++) { - - Succs[i].clear(); - Preds[i].clear(); - - } - - for (auto S = F->begin(), E = F->end(); S != E; ++S) { - - BasicBlock *BB = &*S; - uint32_t MyID = LMap[BB]; - - for (auto I = succ_begin(BB), E = succ_end(BB); I != E; ++I) { - - Succs[MyID].push_back(LMap[*I]); - - } - - } - -} - -std::vector > tSuccs; -std::vector tag, indfs; - -void DFStree(size_t now_id) { - - if (tag[now_id]) return; - tag[now_id] = true; - indfs[now_id] = true; - for (auto succ : tSuccs[now_id]) { - - if (tag[succ] and indfs[succ]) { - - Marked.insert(succ); - Markabove.insert(succ); - continue; - - } - - Succs[now_id].push_back(succ); - Preds[succ].push_back(now_id); - DFStree(succ); - - } - - indfs[now_id] = false; - -} - -void turnCFGintoDAG() { - - tSuccs = Succs; - tag.resize(Blocks.size()); - indfs.resize(Blocks.size()); - for (size_t i = 0; i < Blocks.size(); ++i) { - - Succs[i].clear(); - tag[i] = false; - indfs[i] = false; - - } - - DFStree(start_point); - for (size_t i = 0; i < Blocks.size(); ++i) - if (Succs[i].empty()) { - - Succs[i].push_back(0); - Preds[0].push_back(i); - - } - -} - -uint32_t timeStamp; -namespace DominatorTree { - -std::vector > cov; -std::vector dfn, nfd, par, sdom, idom, mom, mn; - -bool Compare(uint32_t u, uint32_t v) { - - return dfn[u] < dfn[v]; - -} - -uint32_t eval(uint32_t u) { - - if (mom[u] == u) return u; - uint32_t res = eval(mom[u]); - if (Compare(sdom[mn[mom[u]]], sdom[mn[u]])) { mn[u] = mn[mom[u]]; } - return mom[u] = res; - -} - -void DFS(uint32_t now) { - - timeStamp += 1; - dfn[now] = timeStamp; - nfd[timeStamp - 1] = now; - for (auto succ : Succs[now]) { - - if (dfn[succ] == 0) { - - par[succ] = now; - DFS(succ); - - } - - } - -} - -void DominatorTree() { - - if (Blocks.empty()) return; - uint32_t s = start_point; - - // Initialization - mn.resize(Blocks.size()); - cov.resize(Blocks.size()); - dfn.resize(Blocks.size()); - nfd.resize(Blocks.size()); - par.resize(Blocks.size()); - mom.resize(Blocks.size()); - sdom.resize(Blocks.size()); - idom.resize(Blocks.size()); - - for (uint32_t i = 0; i < Blocks.size(); i++) { - - dfn[i] = 0; - nfd[i] = Blocks.size(); - cov[i].clear(); - idom[i] = mom[i] = mn[i] = sdom[i] = i; - - } - - timeStamp = 0; - DFS(s); - - for (uint32_t i = Blocks.size() - 1; i >= 1u; i--) { - - uint32_t now = nfd[i]; - if (now == Blocks.size()) { continue; } - for (uint32_t pre : Preds[now]) { - - if (dfn[pre]) { - - eval(pre); - if (Compare(sdom[mn[pre]], sdom[now])) { sdom[now] = sdom[mn[pre]]; } - - } - - } - - cov[sdom[now]].push_back(now); - mom[now] = par[now]; - for (uint32_t x : cov[par[now]]) { - - eval(x); - if (Compare(sdom[mn[x]], par[now])) { - - idom[x] = mn[x]; - - } else { - - idom[x] = par[now]; - - } - - } - - } - - for (uint32_t i = 1; i < Blocks.size(); i += 1) { - - uint32_t now = nfd[i]; - if (now == Blocks.size()) { continue; } - if (idom[now] != sdom[now]) idom[now] = idom[idom[now]]; - - } - -} - -} // namespace DominatorTree - -std::vector Visited, InStack; -std::vector TopoOrder, InDeg; -std::vector > t_Succ, t_Pred; - -void Go(uint32_t now, uint32_t tt) { - - if (now == tt) return; - Visited[now] = InStack[now] = timeStamp; - - for (uint32_t nxt : Succs[now]) { - - if (Visited[nxt] == timeStamp and InStack[nxt] == timeStamp) { - - Marked.insert(nxt); - - } - - t_Succ[now].push_back(nxt); - t_Pred[nxt].push_back(now); - InDeg[nxt] += 1; - if (Visited[nxt] == timeStamp) { continue; } - Go(nxt, tt); - - } - - InStack[now] = 0; - -} - -void TopologicalSort(uint32_t ss, uint32_t tt) { - - timeStamp += 1; - - Go(ss, tt); - - TopoOrder.clear(); - std::queue wait; - wait.push(ss); - while (not wait.empty()) { - - uint32_t now = wait.front(); - wait.pop(); - TopoOrder.push_back(now); - for (uint32_t nxt : t_Succ[now]) { - - InDeg[nxt] -= 1; - if (InDeg[nxt] == 0u) { wait.push(nxt); } - - } - - } - -} - -std::vector > NextMarked; -bool Indistinguish(uint32_t node1, uint32_t node2) { - - if (NextMarked[node1].size() > NextMarked[node2].size()) { - - uint32_t _swap = node1; - node1 = node2; - node2 = _swap; - - } - - for (uint32_t x : NextMarked[node1]) { - - if (NextMarked[node2].find(x) != NextMarked[node2].end()) { return true; } - - } - - return false; - -} - -void MakeUniq(uint32_t now) { - - if (Marked.find(now) == Marked.end()) { - - for (uint32_t pred1 : t_Pred[now]) { - - bool StopFlag = false; - for (uint32_t pred2 : t_Pred[now]) { - - if (pred1 == pred2) continue; - if (Indistinguish(pred1, pred2)) { - - Marked.insert(now); - StopFlag = true; - break; - - } - - } - - if (StopFlag) { break; } - - } - - } - - if (Marked.find(now) != Marked.end()) { - - NextMarked[now].insert(now); - - } else { - - for (uint32_t pred : t_Pred[now]) { - - for (uint32_t x : NextMarked[pred]) { - - NextMarked[now].insert(x); - - } - - } - - } - -} - -bool MarkSubGraph(uint32_t ss, uint32_t tt) { - - TopologicalSort(ss, tt); - if (TopoOrder.empty()) return false; - - for (uint32_t i : TopoOrder) { - - NextMarked[i].clear(); - - } - - NextMarked[TopoOrder[0]].insert(TopoOrder[0]); - for (uint32_t i = 1; i < TopoOrder.size(); i += 1) { - - MakeUniq(TopoOrder[i]); - - } - - // Check if there is an empty path. - if (NextMarked[tt].count(TopoOrder[0]) > 0) return true; - return false; - -} - -void MarkVertice() { - - uint32_t s = start_point; - - InDeg.resize(Blocks.size()); - Visited.resize(Blocks.size()); - InStack.resize(Blocks.size()); - t_Succ.resize(Blocks.size()); - t_Pred.resize(Blocks.size()); - NextMarked.resize(Blocks.size()); - - for (uint32_t i = 0; i < Blocks.size(); i += 1) { - - Visited[i] = InStack[i] = InDeg[i] = 0; - t_Succ[i].clear(); - t_Pred[i].clear(); - - } - - timeStamp = 0; - uint32_t t = 0; - bool emptyPathExists = true; - - while (s != t) { - - emptyPathExists &= MarkSubGraph(DominatorTree::idom[t], t); - t = DominatorTree::idom[t]; - - } - - if (emptyPathExists) { - - // Mark all exit blocks to catch the empty path. - Marked.insert(t_Pred[0].begin(), t_Pred[0].end()); - - } - -} - -// return {marked nodes} -std::pair, std::vector > markNodes( - Function *F) { - - assert(F->size() > 0 && "Function can not be empty"); - - reset(); - labelEachBlock(F); - buildCFG(F); - turnCFGintoDAG(); - DominatorTree::DominatorTree(); - MarkVertice(); - - std::vector Result, ResultAbove; - for (uint32_t x : Markabove) { - - auto it = Marked.find(x); - if (it != Marked.end()) Marked.erase(it); - if (x) ResultAbove.push_back(Blocks[x]); - - } - - for (uint32_t x : Marked) { - - if (x == 0) { - - continue; - - } else { - - Result.push_back(Blocks[x]); - - } - - } - - return {Result, ResultAbove}; - -} - diff --git a/instrumentation/MarkNodes.h b/instrumentation/MarkNodes.h deleted file mode 100644 index 8ddc978d..00000000 --- a/instrumentation/MarkNodes.h +++ /dev/null @@ -1,12 +0,0 @@ -#ifndef __MARK_NODES__ -#define __MARK_NODES__ - -#include "llvm/IR/BasicBlock.h" -#include "llvm/IR/Function.h" -#include - -std::pair, std::vector> -markNodes(llvm::Function *F); - -#endif - diff --git a/instrumentation/README.instrim.md b/instrumentation/README.instrim.md deleted file mode 100644 index 99f6477a..00000000 --- a/instrumentation/README.instrim.md +++ /dev/null @@ -1,30 +0,0 @@ -# InsTrim - -InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing - -## Introduction - -InsTrim is the work of Chin-Chia Hsu, Che-Yu Wu, Hsu-Chun Hsiao and Shih-Kun Huang. - -It uses a CFG (call flow graph) and markers to instrument just what -is necessary in the binary (ie less than llvm_mode). As a result the binary is -about 10-15% faster compared to normal llvm_mode however with some coverage loss. -It requires at least llvm version 3.8.0 to build. -If you have LLVM 7+ we recommend PCGUARD instead. - -## Usage - -Set the environment variable `AFL_LLVM_INSTRUMENT=CFG` or `AFL_LLVM_INSTRIM=1` -during compilation of the target. - -There is also special mode which instruments loops in a way so that -afl-fuzz can see which loop path has been selected but not being able to -see how often the loop has been rerun. -This again is a tradeoff for speed for less path information. -To enable this mode set `AFL_LLVM_INSTRIM_LOOPHEAD=1`. - -## Background - -The paper from Chin-Chia Hsu, Che-Yu Wu, Hsu-Chun Hsiao and Shih-Kun Huang: -[InsTrim: Lightweight Instrumentation for Coverage-guided Fuzzing] -(https://www.ndss-symposium.org/wp-content/uploads/2018/07/bar2018_14_Hsu_paper.pdf) diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 2705ce0d..adce6c1d 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -101,8 +101,7 @@ instrumentation by either setting `AFL_CC_COMPILER=LLVM` or pass the parameter The tool honors roughly the same environmental variables as afl-gcc (see [docs/env_variables.md](../docs/env_variables.md)). This includes AFL_USE_ASAN, AFL_HARDEN, and AFL_DONT_OPTIMIZE. However AFL_INST_RATIO is not honored -as it does not serve a good purpose with the more effective PCGUARD, LTO and - instrim CFG analysis. +as it does not serve a good purpose with the more effective PCGUARD analysis. ## 3) Options @@ -116,26 +115,20 @@ For splitting memcmp, strncmp, etc. please see [README.laf-intel.md](README.laf- Then there are different ways of instrumenting the target: -1. There is an optimized instrumentation strategy that uses CFGs and -markers to just instrument what is needed. This increases speed by 10-15% -without any disadvantages -If you want to use this, set AFL_LLVM_INSTRUMENT=CFG or AFL_LLVM_INSTRIM=1 -See [README.instrim.md](README.instrim.md) - -2. An even better instrumentation strategy uses LTO and link time +1. An better instrumentation strategy uses LTO and link time instrumentation. Note that not all targets can compile in this mode, however if it works it is the best option you can use. Simply use afl-clang-lto/afl-clang-lto++ to use this option. See [README.lto.md](README.lto.md) -3. Alternativly you can choose a completely different coverage method: +2. Alternativly you can choose a completely different coverage method: -3a. N-GRAM coverage - which combines the previous visited edges with the +2a. N-GRAM coverage - which combines the previous visited edges with the current one. This explodes the map but on the other hand has proven to be effective for fuzzing. See [README.ngram.md](README.ngram.md) -3b. Context sensitive coverage - which combines the visited edges with an +2b. Context sensitive coverage - which combines the visited edges with an individual caller ID (the function that called the current one) [README.ctx.md](README.ctx.md) diff --git a/instrumentation/README.snapshot.md b/instrumentation/README.snapshot.md index c40a956a..c794c2fd 100644 --- a/instrumentation/README.snapshot.md +++ b/instrumentation/README.snapshot.md @@ -1,5 +1,7 @@ # AFL++ snapshot feature +**NOTE:** the snapshot lkm is currently not supported and needs a maintainer :-) + Snapshotting is a feature that makes a snapshot from a process and then restores its state, which is faster then forking it again. diff --git a/src/afl-cc.c b/src/afl-cc.c index 80fc0742..d134f013 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -66,7 +66,6 @@ enum { INSTRUMENT_CLASSIC = 1, INSTRUMENT_AFL = 1, INSTRUMENT_PCGUARD = 2, - INSTRUMENT_INSTRIM = 3, INSTRUMENT_CFG = 3, INSTRUMENT_LTO = 4, INSTRUMENT_LLVMNATIVE = 5, @@ -639,10 +638,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = "-load"; cc_params[cc_par_cnt++] = "-Xclang"; - if (instrument_mode == INSTRUMENT_CFG) - cc_params[cc_par_cnt++] = - alloc_printf("%s/libLLVMInsTrim.so", obj_path); - else cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path); @@ -1252,8 +1247,7 @@ int main(int argc, char **argv, char **envp) { strcasecmp(ptr, "CFG") == 0) { - compiler_mode = LLVM; - instrument_mode = INSTRUMENT_CFG; + FATAL("InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD (default in afl-cc).\n"); } else if (strcasecmp(ptr, "AFL") == 0 || @@ -1319,10 +1313,7 @@ int main(int argc, char **argv, char **envp) { if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || getenv("INSTRIM_LIB")) { - if (instrument_mode == 0) - instrument_mode = INSTRUMENT_CFG; - else if (instrument_mode != INSTRUMENT_CFG) - FATAL("you cannot set AFL_LLVM_INSTRUMENT and AFL_LLVM_INSTRIM together"); + FATAL("InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD (default in afl-cc).\n"); } @@ -1409,17 +1400,7 @@ int main(int argc, char **argv, char **envp) { if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 || strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) { - if (instrument_mode == INSTRUMENT_LTO) { - - instrument_mode = INSTRUMENT_CFG; - lto_mode = 1; - - } else if (!instrument_mode || instrument_mode == INSTRUMENT_CFG) - - instrument_mode = INSTRUMENT_CFG; - else - FATAL("main instrumentation mode already set with %s", - instrument_mode_string[instrument_mode]); + FATAL("InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD (default in afl-cc).\n"); } @@ -1428,7 +1409,7 @@ int main(int argc, char **argv, char **envp) { lto_mode = 1; if (!instrument_mode || instrument_mode == INSTRUMENT_LTO) instrument_mode = INSTRUMENT_LTO; - else if (instrument_mode != INSTRUMENT_CFG) + else FATAL("main instrumentation mode already set with %s", instrument_mode_string[instrument_mode]); @@ -1642,11 +1623,6 @@ int main(int argc, char **argv, char **envp) { " - CALLER\n" " - CTX\n" " - NGRAM-{2-16}\n" - " INSTRIM no yes module yes yes " - " yes\n" - " - NORMAL\n" - " - CALLER\n" - " - NGRAM-{2-16}\n" " [GCC_PLUGIN] gcc plugin: %s%s\n" " CLASSIC DEFAULT no yes no no no " "yes\n" @@ -1697,9 +1673,7 @@ int main(int argc, char **argv, char **envp) { " CTX: CLASSIC + full callee context " "(instrumentation/README.ctx.md)\n" " NGRAM-x: CLASSIC + previous path " - "((instrumentation/README.ngram.md)\n" - " INSTRIM: Dominator tree (for LLVM <= 6.0) " - "(instrumentation/README.instrim.md)\n\n"); + "((instrumentation/README.ngram.md)\n\n"); #undef NATIVE_MSG @@ -1791,19 +1765,15 @@ int main(int argc, char **argv, char **envp) { " AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen " "mutator)\n" " AFL_LLVM_INSTRUMENT: set instrumentation mode:\n" - " CLASSIC, INSTRIM, PCGUARD, LTO, GCC, CLANG, CALLER, CTX, " - "NGRAM-2 ..-16\n" + " CLASSIC, PCGUARD, LTO, GCC, CLANG, CALLER, CTX, NGRAM-2 ..-16\n" " You can also use the old environment variables instead:\n" " AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n" - " AFL_LLVM_INSTRIM: use light weight instrumentation InsTrim\n" - " AFL_LLVM_INSTRIM_LOOPHEAD: optimize loop tracing for speed " - "(option to INSTRIM)\n" " AFL_LLVM_CALLER: use single context sensitive coverage (for " "CLASSIC)\n" " AFL_LLVM_CTX: use full context sensitive coverage (for " "CLASSIC)\n" " AFL_LLVM_NGRAM_SIZE: use ngram prev_loc count coverage (for " - "CLASSIC & INSTRIM)\n"); + "CLASSIC)\n"); #ifdef AFL_CLANG_FLTO if (have_lto) @@ -1951,11 +1921,7 @@ int main(int argc, char **argv, char **envp) { "(requires LLVM 11 or higher)"); #endif - if (instrument_opt_mode && instrument_mode == INSTRUMENT_CFG && - instrument_opt_mode & INSTRUMENT_OPT_CTX) - FATAL("CFG instrumentation mode supports NGRAM and CALLER, but not CTX."); - else if (instrument_opt_mode && instrument_mode != INSTRUMENT_CLASSIC) - // we will drop CFG/INSTRIM in the future so do not advertise + if (instrument_opt_mode && instrument_mode != INSTRUMENT_CLASSIC) FATAL( "CALLER, CTX and NGRAM instrumentation options can only be used with " "the LLVM CLASSIC instrumentation mode."); diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index 0a978653..8928ddc9 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -73,8 +73,7 @@ static u32 ld_param_cnt = 1; /* Number of params to 'ld' */ so we exploit this property to keep the code "simple". */ static void edit_params(int argc, char **argv) { - u32 i, instrim = 0, gold_pos = 0, gold_present = 0, rt_present = 0, - rt_lto_present = 0, inst_present = 0; + u32 i, gold_pos = 0, gold_present = 0, rt_present = 0, rt_lto_present = 0, inst_present = 0; char *ptr; ld_params = ck_alloc(4096 * sizeof(u8 *)); @@ -186,17 +185,16 @@ static void edit_params(int argc, char **argv) { } - if (getenv("AFL_LLVM_INSTRIM")) - instrim = 1; - else if ((ptr = getenv("AFL_LLVM_INSTRUMENT")) && - (strcasestr(ptr, "CFG") == 0 || strcasestr(ptr, "INSTRIM") == 0)) - instrim = 1; + if (getenv("AFL_LLVM_INSTRIM") || + ((ptr = getenv("AFL_LLVM_INSTRUMENT")) && + (strcasestr(ptr, "CFG") == 0 || strcasestr(ptr, "INSTRIM") == 0))) + FATAL("InsTrim was removed because it is not effective. Use a modern LLVM and PCGUARD (which is the default in afl-cc).\n"); if (debug) DEBUGF( - "passthrough=%s instrim=%u, gold_pos=%u, gold_present=%s " + "passthrough=%s, gold_pos=%u, gold_present=%s " "inst_present=%s rt_present=%s rt_lto_present=%s\n", - passthrough ? "true" : "false", instrim, gold_pos, + passthrough ? "true" : "false", gold_pos, gold_present ? "true" : "false", inst_present ? "true" : "false", rt_present ? "true" : "false", rt_lto_present ? "true" : "false"); @@ -230,10 +228,6 @@ static void edit_params(int argc, char **argv) { if (!inst_present) { - if (instrim) - ld_params[ld_param_cnt++] = - alloc_printf("-mllvm=-load=%s/afl-llvm-lto-instrim.so", afl_path); - else ld_params[ld_param_cnt++] = alloc_printf( "-mllvm=-load=%s/afl-llvm-lto-instrumentation.so", afl_path); diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 3ef36b37..eae76643 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -166,27 +166,6 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } rm -f test-instr.plain - # now for the special llvm_mode things - test -e ../libLLVMInsTrim.so && { - AFL_LLVM_INSTRUMENT=CFG AFL_LLVM_INSTRIM_LOOPHEAD=1 ../afl-clang-fast -o test-instr.instrim ../test-instr.c > /dev/null 2>test.out - test -e test-instr.instrim && { - TUPLES=`echo 0|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.instrim 2>&1 | grep Captur | awk '{print$3}'` - test "$TUPLES" -gt 1 -a "$TUPLES" -lt 5 && { - $ECHO "$GREEN[+] llvm_mode InsTrim reported $TUPLES instrumented locations which is fine" - } || { - $ECHO "$RED[!] llvm_mode InsTrim instrumentation produces weird numbers: $TUPLES" - CODE=1 - } - rm -f test-instr.instrim test.out - } || { - cat test.out - $ECHO "$RED[!] llvm_mode InsTrim compilation failed" - CODE=1 - } - } || { - $ECHO "$YELLOW[-] llvm_mode InsTrim not compiled, cannot test" - INCOMPLETE=1 - } AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1 test -e test-compcov.compcov && test_compcov_binary_functionality ./test-compcov.compcov && { grep --binary-files=text -Eq " [ 123][0-9][0-9] location| [3-9][0-9] location" test.out && { From 1725e6be316b57e89df2a077710b66b684b55242 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 25 Mar 2021 17:41:14 +0000 Subject: [PATCH 026/441] Fix support for afl-cmin and updated README --- afl-cmin | 11 +++- afl-cmin.bash | 9 ++- frida_mode/Makefile | 40 ++++++++++++ frida_mode/README.md | 145 ++++++++++++++++++++++++++++++++++--------- src/afl-analyze.c | 2 - src/afl-fuzz.c | 2 - src/afl-showmap.c | 3 - src/afl-tmin.c | 2 - 8 files changed, 172 insertions(+), 42 deletions(-) diff --git a/afl-cmin b/afl-cmin index a1fc6f21..3f3a7517 100755 --- a/afl-cmin +++ b/afl-cmin @@ -106,6 +106,7 @@ function usage() { " -f file - location read by the fuzzed program (stdin)\n" \ " -m megs - memory limit for child process ("mem_limit" MB)\n" \ " -t msec - run time limit for child process (none)\n" \ +" -O - use binary-only instrumentation (FRIDA mode)\n" \ " -Q - use binary-only instrumentation (QEMU mode)\n" \ " -U - use unicorn-based instrumentation (unicorn mode)\n" \ "\n" \ @@ -140,7 +141,7 @@ BEGIN { # process options Opterr = 1 # default is to diagnose Optind = 1 # skip ARGV[0] - while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eCQU?")) != -1) { + while ((_go_c = getopt(ARGC, ARGV, "hi:o:f:m:t:eCOQU?")) != -1) { if (_go_c == "i") { if (!Optarg) usage() if (in_dir) { print "Option "_go_c" is only allowed once" > "/dev/stderr"} @@ -180,6 +181,12 @@ BEGIN { extra_par = extra_par " -e" continue } else + if (_go_c == "O") { + if (frida_mode) { print "Option "_go_c" is only allowed once" > "/dev/stderr"} + extra_par = extra_par " -O" + frida_mode = 1 + continue + } else if (_go_c == "Q") { if (qemu_mode) { print "Option "_go_c" is only allowed once" > "/dev/stderr"} extra_par = extra_par " -Q" @@ -275,7 +282,7 @@ BEGIN { target_bin = tnew } - if (!ENVIRON["AFL_SKIP_BIN_CHECK"] && !qemu_mode && !unicorn_mode) { + if (!ENVIRON["AFL_SKIP_BIN_CHECK"] && !qemu_mode && !frida_mode && !unicorn_mode) { if (0 != system( "grep -q __AFL_SHM_ID "target_bin )) { print "[-] Error: binary '"target_bin"' doesn't appear to be instrumented." > "/dev/stderr" exit 1 diff --git a/afl-cmin.bash b/afl-cmin.bash index 5b2c3894..f4bd269d 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -53,7 +53,7 @@ unset IN_DIR OUT_DIR STDIN_FILE EXTRA_PAR MEM_LIMIT_GIVEN \ export AFL_QUIET=1 -while getopts "+i:o:f:m:t:eQUCh" opt; do +while getopts "+i:o:f:m:t:eOQUCh" opt; do case "$opt" in @@ -83,6 +83,10 @@ while getopts "+i:o:f:m:t:eQUCh" opt; do "C") export AFL_CMIN_CRASHES_ONLY=1 ;; + "O") + EXTRA_PAR="$EXTRA_PAR -O" + FRIDA_MODE=1 + ;; "Q") EXTRA_PAR="$EXTRA_PAR -Q" QEMU_MODE=1 @@ -118,6 +122,7 @@ Execution control settings: -f file - location read by the fuzzed program (stdin) -m megs - memory limit for child process ($MEM_LIMIT MB) -t msec - run time limit for child process (none) + -O - use binary-only instrumentation (FRIDA mode) -Q - use binary-only instrumentation (QEMU mode) -U - use unicorn-based instrumentation (Unicorn mode) @@ -209,7 +214,7 @@ if [ ! -f "$TARGET_BIN" -o ! -x "$TARGET_BIN" ]; then fi -if [ "$AFL_SKIP_BIN_CHECK" = "" -a "$QEMU_MODE" = "" -a "$UNICORN_MODE" = "" ]; then +if [ "$AFL_SKIP_BIN_CHECK" = "" -a "$QEMU_MODE" = "" -a "$FRIDA_MODE" = "" -a "$UNICORN_MODE" = "" ]; then if ! grep -qF "__AFL_SHM_ID" "$TARGET_BIN"; then echo "[-] Error: binary '$TARGET_BIN' doesn't appear to be instrumented." 1>&2 diff --git a/frida_mode/Makefile b/frida_mode/Makefile index 73a4142c..efae5ebf 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -306,5 +306,45 @@ analyze_frida: $(TEST_BIN) ./afl-analyze \ -O \ -i $(TEST_DATA_DIR)basn0g01.png \ + -- \ + $(TEST_BIN) @@ + +cmin_qemu: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-cmin \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +cmin_frida: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-cmin \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +cmin_bash_qemu: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-cmin.bash \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +cmin_bash_frida: $(TEST_BIN) + make -C .. + cd .. && \ + ./afl-cmin.bash \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ -- \ $(TEST_BIN) @@ \ No newline at end of file diff --git a/frida_mode/README.md b/frida_mode/README.md index c5436e8b..bc260e3e 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -3,46 +3,133 @@ The purpose of FRIDA mode is to provide an alternative binary only fuzzer for AF just like that provided by QEMU mode. The intention is to provide a very similar user experience, right down to the options provided through environment variables. -Additionally, the intention is to be able to make a direct performance comparison -between the two approaches. Hopefully, we should also be able to leverage the same -approaches for adding features which QEMU uses, possibly even sharing code. +Whilst AFLplusplus already has some support for running on FRIDA [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) +this requires the code to be fuzzed to be provided as a shared library, it +cannot be used to fuzz executables. Additionally, it requires the user to write +a small harness around their target code of interest, FRIDA mode instead takes a +different approach to avoid these limitations. -## Limitations -The current focus is on x64 support for Intel. Although parts may be architecturally -dependent, the approach itself should remain architecture agnostic. +# Current Progress +As FRIDA mode is new, it is missing a lot of features. Most importantly, +persistent mode. The design is such that it should be possible to add these +features in a similar manner to QEMU mode and perhaps leverage some of its +design and implementation. -## Usage -FRIDA mode requires some small modifications to the afl-fuzz and similar tools in -AFLplusplus. The intention is that it behaves identically to QEMU, but uses the 'O' -switch rather than 'Q'. + | Feature/Instrumentation | frida-mode | + | -------------------------|:----------:| + | NeverZero | | + | Persistent Mode | | + | LAF-Intel / CompCov | | + | CmpLog | | + | Selective Instrumentation| x | + | Non-Colliding Coverage | | + | Ngram prev_loc Coverage | | + | Context Coverage | | + | Auto Dictionary | | + | Snapshot LKM Support | | -## Design -AFL Frida works by means of a shared library injected into a binary program using -LD_PRELOAD, similar to the way which other fuzzing features are injected into targets. +# Compatibility +Currently FRIDA mode supports Linux and macOS targets on both x86/x64 +architecture and aarch64. Later releases may add support for aarch32 and Windows +targets as well as embedded linux environments. -## Testing -Alongside the FRIDA mode, we also include a test program for fuzzing. This test -program is built using the libpng benchmark from fuzz-bench and integrating the -StandaloneFuzzTargetMain from the llvm project. This is built and linked without -any special modifications to suit FRIDA or QEMU. However, at present we don't have -a representative corpus. +FRIDA has been used on various embedded targets using both uClibc and musl C +runtime libraries, so porting should be possible. However, the current build +system does not support cross compilation. ## Getting Started To build everything run `make`. -To run the benchmark sample with qemu run `make test_qemu`. -To run the benchmark sample with frida run `make test_frida`. +To run the benchmark sample with qemu run `make png_qemu`. +To run the benchmark sample with frida run `make png_frida`. + +## Usage +FRIDA mode requires some small modifications to the afl-fuzz and similar tools +in AFLplusplus. The intention is that it behaves identically to QEMU, but uses +the 'O' switch rather than 'Q'. Whilst the options 'f', 'F', 's' or 'S' may have +made more sense for a mode powered by FRIDA Stalker, they were all taken, so +instead we use 'O' in homage to the [author](https://github.com/oleavr) of +FRIDA. + +Similarly, the intention is to mimic the use of environment variables used by +QEMU where possible (although replacing `s/QEMU/FRIDA/g`). Accodingly, the +following options are currently supported. -# Configuration options * `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` * `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` -* `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. -* `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. * `AFL_FRIDA_INST_RANGES` - See `AFL_QEMU_INST_RANGES` -* `AFL_FRIDA_INST_STRICT` - Under certain conditions, Stalker may encroach into excluded regions and generate both instrumented blocks and coverage data (e.g. indirect calls on x86). The excluded block is generally honoured as soon as another function is called within the excluded region. The overhead of generating, running and instrumenting these few additional blocks is likely to be fairly small, but it may hinder you when checking that the correct number of paths are found for testing purposes or similar. There is a performance penatly for this option during block compilation where we check the block isn't in a list of excluded ranges. -* `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. + +# Performance + +Additionally, the intention is to be able to make a direct performance +comparison between the two approaches. Accordingly, FRIDA mode includes a test +target based on the [libpng](https://libpng.sourceforge.io/) benchmark used by +[fuzzbench](https://google.github.io/fuzzbench/) and integrated with the +[StandaloneFuzzTargetMain](https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c) +from the llvm project. This is built and linked without any special +modifications to suit FRIDA or QEMU. We use the test data provided with libpng +as our corpus. + +Whilst not much performance tuning has been completed to date, performance is +around 30-50% of that of QEMU mode, however, this gap may reduce with the +introduction of persistent mode. Performance can be tested by running +`make compare`, albeit a longer time measurement may be required for move +accurate results. + +Whilst [afl_frida](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) +claims a 5-10x performance increase over QEMU, it has not been possible to +reproduce these claims. However, the number of executions per second can vary +dramatically as a result of the randomization of the fuzzer input. Some inputs +may traverse relatively few paths before being rejected as invalid whilst others +may be valid inputs or be subject to much more processing before rejection. +Accordingly, it is recommended that testing be carried out over prolongued +periods to gather timings which are more than indicative. + +# Design +FRIDA mode is supported by using `LD_PRELOAD` (`DYLD_INSERT_LIBRARIES` on macOS) +to inject a shared library (`afl-frida-trace.so`) into the target. This shared +library is built using the [frida-gum](https://github.com/frida/frida-gum) +devkit from the [FRIDA](https://github.com/frida/frida) project. One of the +components of frida-gum is [Stalker](https://medium.com/@oleavr/anatomy-of-a-code-tracer-b081aadb0df8), +this allows the dynamic instrumentation of running code for AARCH32, AARCH64, +x86 and x64 architectutes. Implementation details can be found +[here](https://frida.re/docs/stalker/). + +Dynamic instrumentation is used to augment the target application with similar +coverage information to that inserted by `afl-gcc` or `afl-clang`. The shared +library is also linked to the `compiler-rt` component of AFLplusplus to feedback +this coverage information to AFL and also provide a fork server. It also makes +use of the FRIDA [prefetch](https://github.com/frida/frida-gum/blob/56dd9ba3ee9a5511b4b0c629394bf122775f1ab7/gum/gumstalker.h#L115) +support to feedback instrumented blocks from the child to the parent using a +shared memory region to avoid the need to regenerate instrumented blocks on each +fork. + +Whilst FRIDA allows for a normal C function to be used to augment instrumented +code, to minimize the costs of storing and restoring all of the registers, FRIDA +mode instead makes use of optimized assembly instead on AARCH64 and x86/64 +targets. + +# Advanced configuration options +* `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage +instrumentation (the default where available). Required to use +`AFL_FRIDA_INST_TRACE`. +* `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will +report instrumented blocks back to the parent so that it can also instrument +them and they be inherited by the next child on fork. +* `AFL_FRIDA_INST_STRICT` - Under certain conditions, Stalker may encroach into +excluded regions and generate both instrumented blocks and coverage data (e.g. +indirect calls on x86). The excluded block is generally honoured as soon as +another function is called within the excluded region and so such encroachment +is usually of little consequence. This detail may however, hinder you when +checking that the correct number of paths are found for testing purposes or +similar. There is a performance penatly for this option during block compilation +where we check the block isn't in a list of excluded ranges. +* `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. +Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. # TODO -* Add AARCH64 inline assembly optimization from libFuzz -* Fix issues running on OSX -* Identify cause of erroneous additional paths +As can be seen from the progress section above, there are a number of features +which are missing in its currently form. Chief amongst which is persistent mode. +The intention is to achieve feature parity with QEMU mode in due course. +Contributions are welcome, but please get in touch to ensure that efforts are +deconflicted. \ No newline at end of file diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 6ff119ac..8e5a1772 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -842,7 +842,6 @@ static void set_up_environment(char **argv) { } ck_free(frida_binary); - OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); setenv("LD_PRELOAD", frida_afl_preload, 1); setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); @@ -859,7 +858,6 @@ static void set_up_environment(char **argv) { u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); setenv("LD_PRELOAD", frida_binary, 1); setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); - OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); ck_free(frida_binary); } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 34e9d420..ba8feb53 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1320,7 +1320,6 @@ int main(int argc, char **argv_orig, char **envp) { } ck_free(frida_binary); - OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); setenv("LD_PRELOAD", frida_afl_preload, 1); setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); @@ -1337,7 +1336,6 @@ int main(int argc, char **argv_orig, char **envp) { u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); setenv("LD_PRELOAD", frida_binary, 1); setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); - OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); ck_free(frida_binary); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index aea90b3b..38d03d80 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -617,7 +617,6 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { } ck_free(frida_binary); - OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); setenv("LD_PRELOAD", frida_afl_preload, 1); setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); @@ -634,7 +633,6 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); setenv("LD_PRELOAD", frida_binary, 1); setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); - OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); ck_free(frida_binary); } @@ -996,7 +994,6 @@ int main(int argc, char **argv_orig, char **envp) { } - if (in_dir) { /* If we don't have a file name chosen yet, use a safe default. */ diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 68e61109..bad5d71b 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -772,7 +772,6 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { } ck_free(frida_binary); - OKF("Frida Mode setting LD_PRELOAD %s", frida_afl_preload); setenv("LD_PRELOAD", frida_afl_preload, 1); setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); @@ -789,7 +788,6 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); setenv("LD_PRELOAD", frida_binary, 1); setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); - OKF("Frida Mode setting LD_PRELOAD %s", frida_binary); ck_free(frida_binary); } From c169cb3911b33fbc3974005788ade1c9218ade98 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 20:10:09 +0100 Subject: [PATCH 027/441] integrate frida_mode, code-format --- GNUmakefile | 3 +++ docs/Changelog.md | 2 ++ docs/env_variables.md | 5 ++-- frida_mode/Makefile | 32 +++++++++++------------ frida_mode/{inc => include}/instrument.h | 0 frida_mode/{inc => include}/interceptor.h | 0 frida_mode/{inc => include}/prefetch.h | 0 frida_mode/{inc => include}/ranges.h | 0 frida_mode/src/main.c | 8 +++--- include/forkserver.h | 2 +- qemu_mode/qemuafl | 2 +- src/afl-cc.c | 18 ++++++++----- src/afl-common.c | 11 +++++++- src/afl-ld-lto.c | 15 ++++++----- 14 files changed, 60 insertions(+), 38 deletions(-) rename frida_mode/{inc => include}/instrument.h (100%) rename frida_mode/{inc => include}/interceptor.h (100%) rename frida_mode/{inc => include}/prefetch.h (100%) rename frida_mode/{inc => include}/ranges.h (100%) diff --git a/GNUmakefile b/GNUmakefile index ac8fe796..963004bd 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -593,6 +593,7 @@ distrib: all $(MAKE) -C utils/afl_network_proxy $(MAKE) -C utils/socket_fuzzing $(MAKE) -C utils/argv_fuzzing + -$(MAKE) -C frida_mode -cd qemu_mode && sh ./build_qemu_support.sh -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh @@ -603,6 +604,7 @@ binary-only: test_shm test_python ready $(PROGS) $(MAKE) -C utils/afl_network_proxy $(MAKE) -C utils/socket_fuzzing $(MAKE) -C utils/argv_fuzzing + -$(MAKE) -C frida_mode -cd qemu_mode && sh ./build_qemu_support.sh -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh @@ -648,6 +650,7 @@ install: all $(MANPAGES) @if [ -f afl-fuzz-document ]; then set -e; install -m 755 afl-fuzz-document $${DESTDIR}$(BIN_PATH); fi @if [ -f socketfuzz32.so -o -f socketfuzz64.so ]; then $(MAKE) -C utils/socket_fuzzing install; fi @if [ -f argvfuzz32.so -o -f argvfuzz64.so ]; then $(MAKE) -C utils/argv_fuzzing install; fi + @if [ -f afl-frida-trace.so ]; then install -m 755 afl-frida-trace.so $${DESTDIR}$(HELPER_PATH); fi @if [ -f utils/afl_network_proxy/afl-network-server ]; then $(MAKE) -C utils/afl_network_proxy install; fi @if [ -f utils/aflpp_driver/libAFLDriver.a ]; then set -e; install -m 644 utils/aflpp_driver/libAFLDriver.a $${DESTDIR}$(HELPER_PATH); fi @if [ -f utils/aflpp_driver/libAFLQemuDriver.a ]; then set -e; install -m 644 utils/aflpp_driver/libAFLQemuDriver.a $${DESTDIR}$(HELPER_PATH); fi diff --git a/docs/Changelog.md b/docs/Changelog.md index 730791da..6ae42b04 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,8 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.13a (development) + - frida_mode - new mode that uses frida to fuzz binary-only targets, + thanks to @WorksButNotTested! - afl-fuzz: - added patch by @realmadsci to support @@ as part of command line options, e.g. `afl-fuzz ... -- ./target --infile=@@` diff --git a/docs/env_variables.md b/docs/env_variables.md index 572fad01..899b36cc 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -372,7 +372,8 @@ checks or alter some of the more exotic semantics of the tool: may complain of high load prematurely, especially on systems with low core counts. To avoid the alarming red color, you can set `AFL_NO_CPU_RED`. - - In QEMU mode (-Q), `AFL_PATH` will be searched for afl-qemu-trace. + - In QEMU mode (-Q), Unicorn mode (-U) and Frida mode (-O), `AFL_PATH` will + be searched for afl-qemu-trace. - In QEMU mode (-Q), setting `AFL_QEMU_CUSTOM_BIN` cause afl-fuzz to skip prepending `afl-qemu-trace` to your command line. Use this if you wish to use a @@ -605,7 +606,7 @@ optimal values if not already present in the environment: override this by setting `LD_BIND_LAZY` beforehand, but it is almost certainly pointless. - - By default, `ASAN_OPTIONS` are set to: + - By default, `ASAN_OPTIONS` are set to (among others): ``` abort_on_error=1 detect_leaks=0 diff --git a/frida_mode/Makefile b/frida_mode/Makefile index efae5ebf..822f1c6a 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -1,41 +1,39 @@ PWD:=$(shell pwd)/ -INC_DIR:=$(PWD)inc/ +INC_DIR:=$(PWD)include/ SRC_DIR:=$(PWD)src/ INCLUDES:=$(wildcard $(INC_DIR)*.h) SOURCES:=$(wildcard $(SRC_DIR)*.c) BUILD_DIR:=$(PWD)build/ -CFLAGS:= $(CFLAGS) \ - -fPIC \ - -D_GNU_SOURCE +CFLAGS+=-fPIC -D_GNU_SOURCE FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(FRIDA_BUILD_DIR)afl-frida-trace.so ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" -ARCH:=arm64 -TESTINSTR_BASE:=0x0000aaaaaaaaa000 + ARCH:=arm64 + TESTINSTR_BASE:=0x0000aaaaaaaaa000 endif ifeq "$(ARCH)" "x86_64" -TESTINSTR_BASE:=0x0000555555554000 + TESTINSTR_BASE:=0x0000555555554000 endif ifeq "$(shell uname)" "Darwin" -OS:=macos -AFL_FRIDA_INST_RANGES=0x0000000000001000-0xFFFFFFFFFFFFFFFF -CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations -TEST_LDFLAGS:=-undefined dynamic_lookup + OS:=macos + AFL_FRIDA_INST_RANGES=0x0000000000001000-0xFFFFFFFFFFFFFFFF + CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations + TEST_LDFLAGS:=-undefined dynamic_lookup endif ifeq "$(shell uname)" "Linux" -OS:=linux -AFL_FRIDA_INST_RANGES=$(shell $(PWD)test/testinstr.py -f $(BUILD_DIR)testinstr -s .testinstr -b $(TESTINSTR_BASE)) -CFLAGS:=$(CFLAGS) -Wno-prio-ctor-dtor -TEST_LDFLAGS:= + OS:=linux + AFL_FRIDA_INST_RANGES=$(shell $(PWD)test/testinstr.py -f $(BUILD_DIR)testinstr -s .testinstr -b $(TESTINSTR_BASE)) + CFLAGS:=$(CFLAGS) -Wno-prio-ctor-dtor + TEST_LDFLAGS:= endif ifndef OS -$(error "Operating system unsupported") + $(error "Operating system unsupported") endif VERSION=14.2.13 @@ -347,4 +345,4 @@ cmin_bash_frida: $(TEST_BIN) -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TEST_BIN) @@ \ No newline at end of file + $(TEST_BIN) @@ diff --git a/frida_mode/inc/instrument.h b/frida_mode/include/instrument.h similarity index 100% rename from frida_mode/inc/instrument.h rename to frida_mode/include/instrument.h diff --git a/frida_mode/inc/interceptor.h b/frida_mode/include/interceptor.h similarity index 100% rename from frida_mode/inc/interceptor.h rename to frida_mode/include/interceptor.h diff --git a/frida_mode/inc/prefetch.h b/frida_mode/include/prefetch.h similarity index 100% rename from frida_mode/inc/prefetch.h rename to frida_mode/include/prefetch.h diff --git a/frida_mode/inc/ranges.h b/frida_mode/include/ranges.h similarity index 100% rename from frida_mode/inc/ranges.h rename to frida_mode/include/ranges.h diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 444c9583..7505c2f9 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -22,10 +22,10 @@ extern mach_port_t mach_task_self(); extern GumAddress gum_darwin_find_entrypoint(mach_port_t task); #else -extern int __libc_start_main(int *(main)(int, char **, char **), int argc, - char **ubp_av, void (*init)(void), - void (*fini)(void), void (*rtld_fini)(void), - void(*stack_end)); +extern int __libc_start_main(int *(main)(int, char **, char **), int argc, + char **ubp_av, void (*init)(void), + void (*fini)(void), void (*rtld_fini)(void), + void(*stack_end)); #endif typedef int *(*main_fn_t)(int argc, char **argv, char **envp); diff --git a/include/forkserver.h b/include/forkserver.h index cc759545..48db94c7 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -77,7 +77,7 @@ typedef struct afl_forkserver { bool qemu_mode; /* if running in qemu mode or not */ - bool frida_mode; /* if running in frida mode or not */ + bool frida_mode; /* if running in frida mode or not */ bool use_stdin; /* use stdin for sending data */ diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 0fb212da..ddc4a974 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 0fb212daab492411b3e323bc18a3074c1aecfd37 +Subproject commit ddc4a9748d59857753fb33c30a356f354595f36d diff --git a/src/afl-cc.c b/src/afl-cc.c index d134f013..1b4edbb9 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -638,8 +638,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = "-load"; cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/afl-llvm-pass.so", obj_path); + cc_params[cc_par_cnt++] = alloc_printf("%s/afl-llvm-pass.so", obj_path); } @@ -1247,7 +1246,9 @@ int main(int argc, char **argv, char **envp) { strcasecmp(ptr, "CFG") == 0) { - FATAL("InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD (default in afl-cc).\n"); + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and " + "PCGUARD (default in afl-cc).\n"); } else if (strcasecmp(ptr, "AFL") == 0 || @@ -1313,7 +1314,9 @@ int main(int argc, char **argv, char **envp) { if (getenv("AFL_LLVM_INSTRIM") || getenv("INSTRIM") || getenv("INSTRIM_LIB")) { - FATAL("InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD (default in afl-cc).\n"); + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD " + "(default in afl-cc).\n"); } @@ -1400,7 +1403,9 @@ int main(int argc, char **argv, char **envp) { if (strncasecmp(ptr2, "cfg", strlen("cfg")) == 0 || strncasecmp(ptr2, "instrim", strlen("instrim")) == 0) { - FATAL("InsTrim instrumentation was removed. Use a modern LLVM and PCGUARD (default in afl-cc).\n"); + FATAL( + "InsTrim instrumentation was removed. Use a modern LLVM and " + "PCGUARD (default in afl-cc).\n"); } @@ -1765,7 +1770,8 @@ int main(int argc, char **argv, char **envp) { " AFL_LLVM_CMPLOG: log operands of comparisons (RedQueen " "mutator)\n" " AFL_LLVM_INSTRUMENT: set instrumentation mode:\n" - " CLASSIC, PCGUARD, LTO, GCC, CLANG, CALLER, CTX, NGRAM-2 ..-16\n" + " CLASSIC, PCGUARD, LTO, GCC, CLANG, CALLER, CTX, NGRAM-2 " + "..-16\n" " You can also use the old environment variables instead:\n" " AFL_LLVM_USE_TRACE_PC: use LLVM trace-pc-guard instrumentation\n" " AFL_LLVM_CALLER: use single context sensitive coverage (for " diff --git a/src/afl-common.c b/src/afl-common.c index 087aa113..0fb1462e 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -336,7 +336,16 @@ u8 *find_afl_binary(u8 *own_loc, u8 *fname) { } - target_path = alloc_printf("%s/%s", BIN_PATH, fname); + if (perm == X_OK) { + + target_path = alloc_printf("%s/%s", BIN_PATH, fname); + + } else { + + target_path = alloc_printf("%s/%s", AFL_PATH, fname); + + } + if (!access(target_path, perm)) { return target_path; diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index 8928ddc9..d0113af9 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -73,7 +73,8 @@ static u32 ld_param_cnt = 1; /* Number of params to 'ld' */ so we exploit this property to keep the code "simple". */ static void edit_params(int argc, char **argv) { - u32 i, gold_pos = 0, gold_present = 0, rt_present = 0, rt_lto_present = 0, inst_present = 0; + u32 i, gold_pos = 0, gold_present = 0, rt_present = 0, rt_lto_present = 0, + inst_present = 0; char *ptr; ld_params = ck_alloc(4096 * sizeof(u8 *)); @@ -185,10 +186,12 @@ static void edit_params(int argc, char **argv) { } - if (getenv("AFL_LLVM_INSTRIM") || + if (getenv("AFL_LLVM_INSTRIM") || ((ptr = getenv("AFL_LLVM_INSTRUMENT")) && - (strcasestr(ptr, "CFG") == 0 || strcasestr(ptr, "INSTRIM") == 0))) - FATAL("InsTrim was removed because it is not effective. Use a modern LLVM and PCGUARD (which is the default in afl-cc).\n"); + (strcasestr(ptr, "CFG") == 0 || strcasestr(ptr, "INSTRIM") == 0))) + FATAL( + "InsTrim was removed because it is not effective. Use a modern LLVM " + "and PCGUARD (which is the default in afl-cc).\n"); if (debug) DEBUGF( @@ -228,8 +231,8 @@ static void edit_params(int argc, char **argv) { if (!inst_present) { - ld_params[ld_param_cnt++] = alloc_printf( - "-mllvm=-load=%s/afl-llvm-lto-instrumentation.so", afl_path); + ld_params[ld_param_cnt++] = alloc_printf( + "-mllvm=-load=%s/afl-llvm-lto-instrumentation.so", afl_path); } From 22c696ff1c64025398504e87f3112da82857d901 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 25 Mar 2021 20:24:47 +0100 Subject: [PATCH 028/441] update README --- README.md | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 3ba05777..b0ed8634 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,11 @@ For comparisons use the fuzzbench `aflplusplus` setup, or use `afl-clang-fast` with `AFL_LLVM_CMPLOG=1`. -## Major changes in afl++ 3.00 + 3.10 +## Major changes in afl++ 3.00 onwards: + +With afl++ 3.13-3.20 we introduce frida_mode (-O) to have an alternative for +binary-only fuzzing. It is slower than Qemu mode but works on MacOS, Android, +iOS etc. With afl++ 3.10 we introduced the following changes from previous behaviours: * The '+' feature of the '-t' option now means to auto-calculate the timeout @@ -81,21 +85,21 @@ behaviours and defaults: ## Important features of afl++ afl++ supports llvm up to version 12, very fast binary fuzzing with QEMU 5.1 - with laf-intel and redqueen, unicorn mode, gcc plugin, full *BSD, Solaris and - Android support and much, much, much more. + with laf-intel and redqueen, frida mode, unicorn mode, gcc plugin, full *BSD, + Mac OS, Solaris and Android support and much, much, much more. - | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | qemu_mode | unicorn_mode | - | -------------------------|:-------:|:---------:|:----------:|:----------------:|:------------:| - | NeverZero | x86[_64]| x(1) | x | x | x | - | Persistent Mode | | x | x | x86[_64]/arm[64] | x | - | LAF-Intel / CompCov | | x | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | x86[_64]/arm[64] | | - | Selective Instrumentation| | x | x | x | | - | Non-Colliding Coverage | | x(4) | | (x)(5) | | - | Ngram prev_loc Coverage | | x(6) | | | | - | Context Coverage | | x(6) | | | | - | Auto Dictionary | | x(7) | | | | - | Snapshot LKM Support | | x(8) | x(8) | (x)(5) | | + | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | + | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| + | NeverZero | x86[_64]| x(1) | x | | x | x | + | Persistent Mode | | x | x | | x86[_64]/arm[64] | x | + | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | + | CmpLog | | x | | | x86[_64]/arm[64] | | + | Selective Instrumentation| | x | x | x | x | | + | Non-Colliding Coverage | | x(4) | | | (x)(5) | | + | Ngram prev_loc Coverage | | x(6) | | | | | + | Context Coverage | | x(6) | | | | | + | Auto Dictionary | | x(7) | | | | | + | Snapshot LKM Support | | x(8) | x(8) | | (x)(5) | | 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in llvm <= 8 2. GCC creates non-performant code, hence it is disabled in gcc_plugin @@ -140,6 +144,7 @@ behaviours and defaults: time when we are satisfied with its stability * [dev](https://github.com/AFLplusplus/AFLplusplus/tree/dev) : development state of afl++ - bleeding edge and you might catch a checkout which does not compile or has a bug. *We only accept PRs in dev!!* + * [release](https://github.com/AFLplusplus/AFLplusplus/tree/release) : the latest release * (any other) : experimental branches to work on specific features or testing new functionality or changes. From 2c5844f6657861cfc881adf2f38aa5d3da3ccf9d Mon Sep 17 00:00:00 2001 From: Yong-Hao Zou Date: Fri, 26 Mar 2021 15:41:19 +0800 Subject: [PATCH 029/441] Update custom_mutators.md --- docs/custom_mutators.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 61d711e4..62e01f83 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -89,10 +89,10 @@ def queue_get(filename): def queue_new_entry(filename_new_queue, filename_orig_queue): pass -``` def introspection(): return string +``` ### Custom Mutation From 1006abffade85df1108112b728e09a666d8388a8 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 26 Mar 2021 16:19:07 +0100 Subject: [PATCH 030/441] fix compilation for llvm 3.8.0 --- instrumentation/afl-llvm-common.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 74943fb2..24498f3e 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -104,7 +104,8 @@ bool isIgnoreFunction(const llvm::Function *F) { for (auto const &ignoreListFunc : ignoreSubstringList) { - if (F->getName().contains(ignoreListFunc)) { return true; } + // hexcoder: F->getName().contains() not avaiilable in llvm 3.8.0 + if (StringRef::npos != F->getName().find(ignoreListFunc)) { return true; } } From 3439d641c0e79d2bb3229a04c7e78c45e0b1e3f5 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 26 Mar 2021 16:56:57 +0100 Subject: [PATCH 031/441] pass lib -ldl only on Linux platforms --- test/test-llvm.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/test-llvm.sh b/test/test-llvm.sh index eae76643..06d0a0f8 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -46,7 +46,8 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { ../afl-clang-fast -DTEST_SHARED_OBJECT=1 -z defs -fPIC -shared -o test-instr.so ../test-instr.c > /dev/null 2>&1 test -e test-instr.so && { $ECHO "$GREEN[+] llvm_mode shared object with -z defs compilation succeeded" - ../afl-clang-fast -o test-dlopen.plain test-dlopen.c -ldl > /dev/null 2>&1 + test `uname -s` = 'Linux' && LIBS=-ldl : + ../afl-clang-fast -o test-dlopen.plain test-dlopen.c ${LIBS} > /dev/null 2>&1 test -e test-dlopen.plain && { $ECHO "$GREEN[+] llvm_mode test-dlopen compilation succeeded" echo 0 | TEST_DLOPEN_TARGET=./test-instr.so AFL_QUIET=1 ./test-dlopen.plain > /dev/null 2>&1 @@ -81,6 +82,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } rm -f test-dlopen.plain test-dlopen.plain.0 test-dlopen.plain.1 test-instr.so + unset LIBS } || { $ECHO "$RED[!] llvm_mode shared object with -z defs compilation failed" CODE=1 From a50d95b8313cfc85191778f71fb74481675ff807 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 26 Mar 2021 17:42:54 +0100 Subject: [PATCH 032/441] typos --- frida_mode/README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index bc260e3e..8abee0dd 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -44,11 +44,11 @@ To run the benchmark sample with qemu run `make png_qemu`. To run the benchmark sample with frida run `make png_frida`. ## Usage -FRIDA mode requires some small modifications to the afl-fuzz and similar tools +FRIDA mode requires some small modifications to `afl-fuzz` and similar tools in AFLplusplus. The intention is that it behaves identically to QEMU, but uses the 'O' switch rather than 'Q'. Whilst the options 'f', 'F', 's' or 'S' may have made more sense for a mode powered by FRIDA Stalker, they were all taken, so -instead we use 'O' in homage to the [author](https://github.com/oleavr) of +instead we use 'O' in hommage to the [author](https://github.com/oleavr) of FRIDA. Similarly, the intention is to mimic the use of environment variables used by @@ -73,7 +73,7 @@ as our corpus. Whilst not much performance tuning has been completed to date, performance is around 30-50% of that of QEMU mode, however, this gap may reduce with the introduction of persistent mode. Performance can be tested by running -`make compare`, albeit a longer time measurement may be required for move +`make compare`, albeit a longer time measurement may be required for more accurate results. Whilst [afl_frida](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) @@ -92,13 +92,13 @@ library is built using the [frida-gum](https://github.com/frida/frida-gum) devkit from the [FRIDA](https://github.com/frida/frida) project. One of the components of frida-gum is [Stalker](https://medium.com/@oleavr/anatomy-of-a-code-tracer-b081aadb0df8), this allows the dynamic instrumentation of running code for AARCH32, AARCH64, -x86 and x64 architectutes. Implementation details can be found +x86 and x64 architectures. Implementation details can be found [here](https://frida.re/docs/stalker/). Dynamic instrumentation is used to augment the target application with similar coverage information to that inserted by `afl-gcc` or `afl-clang`. The shared library is also linked to the `compiler-rt` component of AFLplusplus to feedback -this coverage information to AFL and also provide a fork server. It also makes +this coverage information to AFL++ and also provide a fork server. It also makes use of the FRIDA [prefetch](https://github.com/frida/frida-gum/blob/56dd9ba3ee9a5511b4b0c629394bf122775f1ab7/gum/gumstalker.h#L115) support to feedback instrumented blocks from the child to the parent using a shared memory region to avoid the need to regenerate instrumented blocks on each @@ -132,4 +132,4 @@ As can be seen from the progress section above, there are a number of features which are missing in its currently form. Chief amongst which is persistent mode. The intention is to achieve feature parity with QEMU mode in due course. Contributions are welcome, but please get in touch to ensure that efforts are -deconflicted. \ No newline at end of file +deconflicted. From fa349b4f4ceaa3e8309e7b01ddee6b6f895175f6 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 26 Mar 2021 17:49:20 +0100 Subject: [PATCH 033/441] simpler argument processing --- utils/crash_triage/triage_crashes.sh | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh index c9ca1f79..4d75430e 100755 --- a/utils/crash_triage/triage_crashes.sh +++ b/utils/crash_triage/triage_crashes.sh @@ -90,13 +90,15 @@ for crash in $DIR/crashes/id:*; do for a in $@; do - if echo "$a" | grep -qF '@@'; then - escaped_fname=`echo $crash | sed 's:/:\\\\/:g'` - use_args="$use_args `echo $a | sed "s/@@/$escaped_fname/g"`" + case "$a" in + *@@*) unset use_stdio - else + use_args="$use_args `printf %s "$a" | sed -e 's<@@<'$crash' Date: Fri, 26 Mar 2021 19:06:30 +0100 Subject: [PATCH 034/441] -m32 support for docker container --- .github/workflows/build_aflplusplus_docker.yaml | 4 ---- Dockerfile | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/build_aflplusplus_docker.yaml b/.github/workflows/build_aflplusplus_docker.yaml index ab3bfeee..8aa5b8f7 100644 --- a/.github/workflows/build_aflplusplus_docker.yaml +++ b/.github/workflows/build_aflplusplus_docker.yaml @@ -4,10 +4,6 @@ on: push: branches: [ stable ] # paths: -# - Dockerfile - pull_request: - branches: [ stable ] -# paths: # - Dockerfile jobs: diff --git a/Dockerfile b/Dockerfile index 1cb00d5d..8f89b9aa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,7 @@ RUN echo "deb http://ppa.launchpad.net/ubuntu-toolchain-r/test/ubuntu focal main RUN apt-get update && apt-get full-upgrade -y && \ apt-get -y install --no-install-suggests --no-install-recommends \ - gcc-10 g++-10 gcc-10-plugin-dev gcc-10-multilib gdb lcov \ + gcc-10 g++-10 gcc-10-plugin-dev gcc-10-multilib gcc-multilib gdb lcov \ clang-12 clang-tools-12 libc++1-12 libc++-12-dev \ libc++abi1-12 libc++abi-12-dev libclang1-12 libclang-12-dev \ libclang-common-12-dev libclang-cpp12 libclang-cpp12-dev liblld-12 \ From eda1ee0807fdc17e52b44202e58da70ada92c4d2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 27 Mar 2021 12:24:18 +0100 Subject: [PATCH 035/441] restructure havoc --- src/afl-fuzz-one.c | 896 ++++++++++++++++++++++++--------------------- 1 file changed, 484 insertions(+), 412 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4e8154cd..e0d961ba 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -1997,16 +1997,19 @@ havoc_stage: /* We essentially just do several thousand runs (depending on perf_score) where we take the input file and make random stacked tweaks. */ +#define MAX_HAVOC_ENTRY 59 /* 55 to 60 */ + u32 r_max, r; - r_max = 15 + ((afl->extras_cnt + afl->a_extras_cnt) ? 2 : 0); + r_max = (MAX_HAVOC_ENTRY + 1) + (afl->extras_cnt ? 4 : 0) + + (afl->a_extras_cnt ? 2 : 0); if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { /* add expensive havoc cases here, they are activated after a full cycle without finds happened */ - r_max++; + r_max += 4; } @@ -2015,7 +2018,7 @@ havoc_stage: /* add expensive havoc cases here if there is no findings in the last 5s */ - r_max++; + r_max += 4; } @@ -2069,7 +2072,7 @@ havoc_stage: switch ((r = rand_below(afl, r_max))) { - case 0: + case 0 ... 3: { /* Flip a single bit somewhere. Spooky! */ @@ -2080,7 +2083,9 @@ havoc_stage: FLIP_BIT(out_buf, rand_below(afl, temp_len << 3)); break; - case 1: + } + + case 4 ... 7: { /* Set byte to interesting value. */ @@ -2092,63 +2097,77 @@ havoc_stage: interesting_8[rand_below(afl, sizeof(interesting_8))]; break; - case 2: + } + + case 8 ... 9: { /* Set word to interesting value, randomly choosing endian. */ if (temp_len < 2) { break; } - if (rand_below(afl, 2)) { - #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16"); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16"); + strcat(afl->mutation, afl->m_tmp); #endif - *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = - interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]; - - } else { - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16BE"); - strcat(afl->mutation, afl->m_tmp); -#endif - *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = SWAP16( - interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]); - - } + *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = + interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]; break; - case 3: + } + + case 10 ... 11: { + + /* Set word to interesting value, randomly choosing endian. */ + + if (temp_len < 2) { break; } + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING16BE"); + strcat(afl->mutation, afl->m_tmp); +#endif + *(u16 *)(out_buf + rand_below(afl, temp_len - 1)) = SWAP16( + interesting_16[rand_below(afl, sizeof(interesting_16) >> 1)]); + + break; + + } + + case 12 ... 13: { /* Set dword to interesting value, randomly choosing endian. */ if (temp_len < 4) { break; } - if (rand_below(afl, 2)) { - #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32"); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32"); + strcat(afl->mutation, afl->m_tmp); #endif - *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = - interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]; - - } else { - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32BE"); - strcat(afl->mutation, afl->m_tmp); -#endif - *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = SWAP32( - interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]); - - } + *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = + interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]; break; - case 4: + } + + case 14 ... 15: { + + /* Set dword to interesting value, randomly choosing endian. */ + + if (temp_len < 4) { break; } + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " INTERESTING32BE"); + strcat(afl->mutation, afl->m_tmp); +#endif + *(u32 *)(out_buf + rand_below(afl, temp_len - 3)) = SWAP32( + interesting_32[rand_below(afl, sizeof(interesting_32) >> 2)]); + + break; + + } + + case 16 ... 19: { /* Randomly subtract from byte. */ @@ -2159,7 +2178,9 @@ havoc_stage: out_buf[rand_below(afl, temp_len)] -= 1 + rand_below(afl, ARITH_MAX); break; - case 5: + } + + case 20 ... 23: { /* Randomly add to byte. */ @@ -2170,139 +2191,165 @@ havoc_stage: out_buf[rand_below(afl, temp_len)] += 1 + rand_below(afl, ARITH_MAX); break; - case 6: + } - /* Randomly subtract from word, random endian. */ + case 24 ... 25: { + + /* Randomly subtract from word, little endian. */ if (temp_len < 2) { break; } - if (rand_below(afl, 2)) { - - u32 pos = rand_below(afl, temp_len - 1); + u32 pos = rand_below(afl, temp_len - 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16_-%u", pos); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16_-%u", pos); + strcat(afl->mutation, afl->m_tmp); #endif - *(u16 *)(out_buf + pos) -= 1 + rand_below(afl, ARITH_MAX); - - } else { - - u32 pos = rand_below(afl, temp_len - 1); - u16 num = 1 + rand_below(afl, ARITH_MAX); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16_BE-%u_%u", pos, - num); - strcat(afl->mutation, afl->m_tmp); -#endif - *(u16 *)(out_buf + pos) = - SWAP16(SWAP16(*(u16 *)(out_buf + pos)) - num); - - } + *(u16 *)(out_buf + pos) -= 1 + rand_below(afl, ARITH_MAX); break; - case 7: + } - /* Randomly add to word, random endian. */ + case 26 ... 27: { + + /* Randomly subtract from word, big endian. */ if (temp_len < 2) { break; } - if (rand_below(afl, 2)) { - - u32 pos = rand_below(afl, temp_len - 1); + u32 pos = rand_below(afl, temp_len - 1); + u16 num = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+-%u", pos); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16_BE-%u_%u", pos, + num); + strcat(afl->mutation, afl->m_tmp); #endif - *(u16 *)(out_buf + pos) += 1 + rand_below(afl, ARITH_MAX); - - } else { - - u32 pos = rand_below(afl, temp_len - 1); - u16 num = 1 + rand_below(afl, ARITH_MAX); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+BE-%u_%u", pos, - num); - strcat(afl->mutation, afl->m_tmp); -#endif - *(u16 *)(out_buf + pos) = - SWAP16(SWAP16(*(u16 *)(out_buf + pos)) + num); - - } + *(u16 *)(out_buf + pos) = + SWAP16(SWAP16(*(u16 *)(out_buf + pos)) - num); break; - case 8: + } - /* Randomly subtract from dword, random endian. */ + case 28 ... 29: { + + /* Randomly add to word, little endian. */ + + if (temp_len < 2) { break; } + + u32 pos = rand_below(afl, temp_len - 1); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+-%u", pos); + strcat(afl->mutation, afl->m_tmp); +#endif + *(u16 *)(out_buf + pos) += 1 + rand_below(afl, ARITH_MAX); + + break; + + } + + case 30 ... 31: { + + /* Randomly add to word, big endian. */ + + if (temp_len < 2) { break; } + + u32 pos = rand_below(afl, temp_len - 1); + u16 num = 1 + rand_below(afl, ARITH_MAX); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH16+BE-%u_%u", pos, + num); + strcat(afl->mutation, afl->m_tmp); +#endif + *(u16 *)(out_buf + pos) = + SWAP16(SWAP16(*(u16 *)(out_buf + pos)) + num); + + break; + + } + + case 32 ... 33: { + + /* Randomly subtract from dword, little endian. */ if (temp_len < 4) { break; } - if (rand_below(afl, 2)) { - - u32 pos = rand_below(afl, temp_len - 3); + u32 pos = rand_below(afl, temp_len - 3); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32_-%u", pos); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32_-%u", pos); + strcat(afl->mutation, afl->m_tmp); #endif - *(u32 *)(out_buf + pos) -= 1 + rand_below(afl, ARITH_MAX); - - } else { - - u32 pos = rand_below(afl, temp_len - 3); - u32 num = 1 + rand_below(afl, ARITH_MAX); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32_BE-%u-%u", pos, - num); - strcat(afl->mutation, afl->m_tmp); -#endif - *(u32 *)(out_buf + pos) = - SWAP32(SWAP32(*(u32 *)(out_buf + pos)) - num); - - } + *(u32 *)(out_buf + pos) -= 1 + rand_below(afl, ARITH_MAX); break; - case 9: + } - /* Randomly add to dword, random endian. */ + case 34 ... 35: { + + /* Randomly subtract from dword, big endian. */ if (temp_len < 4) { break; } - if (rand_below(afl, 2)) { - - u32 pos = rand_below(afl, temp_len - 3); + u32 pos = rand_below(afl, temp_len - 3); + u32 num = 1 + rand_below(afl, ARITH_MAX); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+-%u", pos); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32_BE-%u-%u", pos, + num); + strcat(afl->mutation, afl->m_tmp); #endif - *(u32 *)(out_buf + pos) += 1 + rand_below(afl, ARITH_MAX); - - } else { - - u32 pos = rand_below(afl, temp_len - 3); - u32 num = 1 + rand_below(afl, ARITH_MAX); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+BE-%u-%u", pos, - num); - strcat(afl->mutation, afl->m_tmp); -#endif - *(u32 *)(out_buf + pos) = - SWAP32(SWAP32(*(u32 *)(out_buf + pos)) + num); - - } + *(u32 *)(out_buf + pos) = + SWAP32(SWAP32(*(u32 *)(out_buf + pos)) - num); break; - case 10: + } + + case 36 ... 37: { + + /* Randomly add to dword, little endian. */ + + if (temp_len < 4) { break; } + + u32 pos = rand_below(afl, temp_len - 3); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+-%u", pos); + strcat(afl->mutation, afl->m_tmp); +#endif + *(u32 *)(out_buf + pos) += 1 + rand_below(afl, ARITH_MAX); + + break; + + } + + case 38 ... 39: { + + /* Randomly add to dword, big endian. */ + + if (temp_len < 4) { break; } + + u32 pos = rand_below(afl, temp_len - 3); + u32 num = 1 + rand_below(afl, ARITH_MAX); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " ARITH32+BE-%u-%u", pos, + num); + strcat(afl->mutation, afl->m_tmp); +#endif + *(u32 *)(out_buf + pos) = + SWAP32(SWAP32(*(u32 *)(out_buf + pos)) + num); + + break; + + } + + case 40 ... 43: { /* Just set a random byte to a random value. Because, why not. We use XOR with 1-255 to eliminate the @@ -2315,21 +2362,155 @@ havoc_stage: out_buf[rand_below(afl, temp_len)] ^= 1 + rand_below(afl, 255); break; - case 11 ... 12: { + } + + case 44 ... 46: { + + if (temp_len + HAVOC_BLK_XL < MAX_FILE) { + + /* Clone bytes. */ + + u32 clone_len = choose_block_len(afl, temp_len); + u32 clone_from = rand_below(afl, temp_len - clone_len + 1); + u32 clone_to = rand_below(afl, temp_len); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u-%u", + actually_clone ? "clone" : "insert", clone_from, clone_to, + clone_len); + strcat(afl->mutation, afl->m_tmp); +#endif + u8 *new_buf = + afl_realloc(AFL_BUF_PARAM(out_scratch), temp_len + clone_len); + if (unlikely(!new_buf)) { PFATAL("alloc"); } + + /* Head */ + + memcpy(new_buf, out_buf, clone_to); + + /* Inserted part */ + + memcpy(new_buf + clone_to, out_buf + clone_from, clone_len); + + /* Tail */ + memcpy(new_buf + clone_to + clone_len, out_buf + clone_to, + temp_len - clone_to); + + out_buf = new_buf; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + temp_len += clone_len; + + } + + break; + + } + + case 47: { + + if (temp_len + HAVOC_BLK_XL < MAX_FILE) { + + /* Insert a block of constant bytes (25%). */ + + u32 clone_len = choose_block_len(afl, HAVOC_BLK_XL); + u32 clone_to = rand_below(afl, temp_len); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u-%u", + actually_clone ? "clone" : "insert", clone_from, clone_to, + clone_len); + strcat(afl->mutation, afl->m_tmp); +#endif + u8 *new_buf = + afl_realloc(AFL_BUF_PARAM(out_scratch), temp_len + clone_len); + if (unlikely(!new_buf)) { PFATAL("alloc"); } + + /* Head */ + + memcpy(new_buf, out_buf, clone_to); + + /* Inserted part */ + + memset(new_buf + clone_to, + rand_below(afl, 2) ? rand_below(afl, 256) + : out_buf[rand_below(afl, temp_len)], + clone_len); + + /* Tail */ + memcpy(new_buf + clone_to + clone_len, out_buf + clone_to, + temp_len - clone_to); + + out_buf = new_buf; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + temp_len += clone_len; + + } + + break; + + } + + case 48 ... 50: { + + /* Overwrite bytes with a randomly selected chunk bytes. */ + + if (temp_len < 2) { break; } + + u32 copy_len = choose_block_len(afl, temp_len - 1); + u32 copy_from = rand_below(afl, temp_len - copy_len + 1); + u32 copy_to = rand_below(afl, temp_len - copy_len + 1); + + if (likely(copy_from != copy_to)) { + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE_COPY-%u-%u-%u", + copy_from, copy_to, copy_len); + strcat(afl->mutation, afl->m_tmp); +#endif + memmove(out_buf + copy_to, out_buf + copy_from, copy_len); + + } + + break; + + } + + case 51: { + + /* Overwrite bytes with fixed bytes. */ + + if (temp_len < 2) { break; } + + u32 copy_len = choose_block_len(afl, temp_len - 1); + u32 copy_to = rand_below(afl, temp_len - copy_len + 1); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE_FIXED-%u-%u-%u", + copy_from, copy_to, copy_len); + strcat(afl->mutation, afl->m_tmp); +#endif + memset(out_buf + copy_to, + rand_below(afl, 2) ? rand_below(afl, 256) + : out_buf[rand_below(afl, temp_len)], + copy_len); + + break; + + } + + // increase from 4 up to 8? + case 52 ... MAX_HAVOC_ENTRY: { /* Delete bytes. We're making this a bit more likely than insertion (the next option) in hopes of keeping files reasonably small. */ - u32 del_from, del_len; - if (temp_len < 2) { break; } /* Don't delete too much. */ - del_len = choose_block_len(afl, temp_len - 1); - - del_from = rand_below(afl, temp_len - del_len + 1); + u32 del_len = choose_block_len(afl, temp_len - 1); + u32 del_from = rand_below(afl, temp_len - del_len + 1); #ifdef INTROSPECTION snprintf(afl->m_tmp, sizeof(afl->m_tmp), " DEL-%u-%u", del_from, @@ -2345,206 +2526,46 @@ havoc_stage: } - case 13: - - if (temp_len + HAVOC_BLK_XL < MAX_FILE) { - - /* Clone bytes (75%) or insert a block of constant bytes (25%). */ - - u8 actually_clone = rand_below(afl, 4); - u32 clone_from, clone_to, clone_len; - u8 *new_buf; - - if (likely(actually_clone)) { - - clone_len = choose_block_len(afl, temp_len); - clone_from = rand_below(afl, temp_len - clone_len + 1); - - } else { - - clone_len = choose_block_len(afl, HAVOC_BLK_XL); - clone_from = 0; - - } - - clone_to = rand_below(afl, temp_len); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u-%u", - actually_clone ? "clone" : "insert", clone_from, clone_to, - clone_len); - strcat(afl->mutation, afl->m_tmp); -#endif - new_buf = - afl_realloc(AFL_BUF_PARAM(out_scratch), temp_len + clone_len); - if (unlikely(!new_buf)) { PFATAL("alloc"); } - - /* Head */ - - memcpy(new_buf, out_buf, clone_to); - - /* Inserted part */ - - if (likely(actually_clone)) { - - memcpy(new_buf + clone_to, out_buf + clone_from, clone_len); - - } else { - - memset(new_buf + clone_to, - rand_below(afl, 2) ? rand_below(afl, 256) - : out_buf[rand_below(afl, temp_len)], - clone_len); - - } - - /* Tail */ - memcpy(new_buf + clone_to + clone_len, out_buf + clone_to, - temp_len - clone_to); - - out_buf = new_buf; - afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); - temp_len += clone_len; - - } - - break; - - case 14: { - - /* Overwrite bytes with a randomly selected chunk (75%) or fixed - bytes (25%). */ - - u32 copy_from, copy_to, copy_len; - - if (temp_len < 2) { break; } - - copy_len = choose_block_len(afl, temp_len - 1); - - copy_from = rand_below(afl, temp_len - copy_len + 1); - copy_to = rand_below(afl, temp_len - copy_len + 1); - - if (likely(rand_below(afl, 4))) { - - if (likely(copy_from != copy_to)) { - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " OVERWRITE_COPY-%u-%u-%u", copy_from, copy_to, - copy_len); - strcat(afl->mutation, afl->m_tmp); -#endif - memmove(out_buf + copy_to, out_buf + copy_from, copy_len); - - } - - } else { - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " OVERWRITE_FIXED-%u-%u-%u", copy_from, copy_to, copy_len); - strcat(afl->mutation, afl->m_tmp); -#endif - memset(out_buf + copy_to, - rand_below(afl, 2) ? rand_below(afl, 256) - : out_buf[rand_below(afl, temp_len)], - copy_len); - - } - - break; - - } - default: - if (likely(r <= 16 && (afl->extras_cnt || afl->a_extras_cnt))) { + r -= (MAX_HAVOC_ENTRY + 1); - /* Values 15 and 16 can be selected only if there are any extras - present in the dictionaries. */ + if (afl->extras_cnt) { - if (r == 15) { + if (r < 2) { - /* Overwrite bytes with an extra. */ + /* Use the dictionary. */ - if (!afl->extras_cnt || - (afl->a_extras_cnt && rand_below(afl, 2))) { + u32 use_extra = rand_below(afl, afl->extras_cnt); + u32 extra_len = afl->extras[use_extra].len; - /* No user-specified extras or odds in our favor. Let's use an - auto-detected one. */ + if (extra_len > temp_len) { break; } - u32 use_extra = rand_below(afl, afl->a_extras_cnt); - u32 extra_len = afl->a_extras[use_extra].len; - - if (extra_len > temp_len) { break; } - - u32 insert_at = rand_below(afl, temp_len - extra_len + 1); + u32 insert_at = rand_below(afl, temp_len - extra_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " AUTO_EXTRA_OVERWRITE-%u-%u", insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA_OVERWRITE-%u-%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); #endif - memcpy(out_buf + insert_at, afl->a_extras[use_extra].data, - extra_len); - - } else { - - /* No auto extras or odds in our favor. Use the dictionary. */ - - u32 use_extra = rand_below(afl, afl->extras_cnt); - u32 extra_len = afl->extras[use_extra].len; - - if (extra_len > temp_len) { break; } - - u32 insert_at = rand_below(afl, temp_len - extra_len + 1); -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " EXTRA_OVERWRITE-%u-%u", insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); -#endif - memcpy(out_buf + insert_at, afl->extras[use_extra].data, - extra_len); - - } + memcpy(out_buf + insert_at, afl->extras[use_extra].data, + extra_len); break; - } else { // case 16 - - u32 use_extra, extra_len, - insert_at = rand_below(afl, temp_len + 1); - u8 *ptr; - - /* Insert an extra. Do the same dice-rolling stuff as for the - previous case. */ - - if (!afl->extras_cnt || - (afl->a_extras_cnt && rand_below(afl, 2))) { - - use_extra = rand_below(afl, afl->a_extras_cnt); - extra_len = afl->a_extras[use_extra].len; - ptr = afl->a_extras[use_extra].data; -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " AUTO_EXTRA_INSERT-%u-%u", insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); -#endif - - } else { - - use_extra = rand_below(afl, afl->extras_cnt); - extra_len = afl->extras[use_extra].len; - ptr = afl->extras[use_extra].data; -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA_INSERT-%u-%u", - insert_at, extra_len); - strcat(afl->mutation, afl->m_tmp); -#endif - - } + } else if (r < 4) { + u32 use_extra = rand_below(afl, afl->extras_cnt); + u32 extra_len = afl->extras[use_extra].len; if (temp_len + extra_len >= MAX_FILE) { break; } + u8 *ptr = afl->extras[use_extra].data; + u32 insert_at = rand_below(afl, temp_len + 1); +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " EXTRA_INSERT-%u-%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); +#endif + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len + extra_len); if (unlikely(!out_buf)) { PFATAL("alloc"); } @@ -2554,103 +2575,154 @@ havoc_stage: /* Inserted part */ memcpy(out_buf + insert_at, ptr, extra_len); - temp_len += extra_len; break; - } - - } else { - - /* - switch (r) { - - case 15: // fall through - case 16: - case 17: {*/ - - /* Overwrite bytes with a randomly selected chunk from another - testcase or insert that chunk. */ - - /* Pick a random queue entry and seek to it. */ - - u32 tid; - do { - - tid = rand_below(afl, afl->queued_paths); - - } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); - - /* Get the testcase for splicing. */ - struct queue_entry *target = afl->queue_buf[tid]; - u32 new_len = target->len; - u8 * new_buf = queue_testcase_get(afl, target); - - if ((temp_len >= 2 && rand_below(afl, 2)) || - temp_len + HAVOC_BLK_XL >= MAX_FILE) { - - /* overwrite mode */ - - u32 copy_from, copy_to, copy_len; - - copy_len = choose_block_len(afl, new_len - 1); - if (copy_len > temp_len) copy_len = temp_len; - - copy_from = rand_below(afl, new_len - copy_len + 1); - copy_to = rand_below(afl, temp_len - copy_len + 1); - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " SPLICE_OVERWRITE-%u-%u-%u-%s", copy_from, copy_to, - copy_len, target->fname); - strcat(afl->mutation, afl->m_tmp); -#endif - memmove(out_buf + copy_to, new_buf + copy_from, copy_len); - } else { - /* insert mode */ - - u32 clone_from, clone_to, clone_len; - - clone_len = choose_block_len(afl, new_len); - clone_from = rand_below(afl, new_len - clone_len + 1); - clone_to = rand_below(afl, temp_len + 1); - - u8 *temp_buf = afl_realloc(AFL_BUF_PARAM(out_scratch), - temp_len + clone_len + 1); - if (unlikely(!temp_buf)) { PFATAL("alloc"); } - -#ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), - " SPLICE_INSERT-%u-%u-%u-%s", clone_from, clone_to, - clone_len, target->fname); - strcat(afl->mutation, afl->m_tmp); -#endif - /* Head */ - - memcpy(temp_buf, out_buf, clone_to); - - /* Inserted part */ - - memcpy(temp_buf + clone_to, new_buf + clone_from, clone_len); - - /* Tail */ - memcpy(temp_buf + clone_to + clone_len, out_buf + clone_to, - temp_len - clone_to); - - out_buf = temp_buf; - afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); - temp_len += clone_len; + r -= 4; } - break; - } - // end of default: + if (afl->a_extras_cnt) { + + if (r == 0) { + + /* Use the dictionary. */ + + u32 use_extra = rand_below(afl, afl->a_extras_cnt); + u32 extra_len = afl->a_extras[use_extra].len; + + if (extra_len > temp_len) { break; } + + u32 insert_at = rand_below(afl, temp_len - extra_len + 1); +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " AUTO_EXTRA_OVERWRITE-%u-%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); +#endif + memcpy(out_buf + insert_at, afl->a_extras[use_extra].data, + extra_len); + + break; + + } else if (r == 1) { + + u32 use_extra = rand_below(afl, afl->a_extras_cnt); + u32 extra_len = afl->a_extras[use_extra].len; + if (temp_len + extra_len >= MAX_FILE) { break; } + + u8 *ptr = afl->a_extras[use_extra].data; + u32 insert_at = rand_below(afl, temp_len + 1); +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " AUTO_EXTRA_INSERT-%u-%u", + insert_at, extra_len); + strcat(afl->mutation, afl->m_tmp); +#endif + + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len + extra_len); + if (unlikely(!out_buf)) { PFATAL("alloc"); } + + /* Tail */ + memmove(out_buf + insert_at + extra_len, out_buf + insert_at, + temp_len - insert_at); + + /* Inserted part */ + memcpy(out_buf + insert_at, ptr, extra_len); + temp_len += extra_len; + + break; + + } else { + + r -= 2; + + } + + } + + /* Splicing otherwise if we are still here. + Overwrite bytes with a randomly selected chunk from another + testcase or insert that chunk. */ + + /* Pick a random queue entry and seek to it. */ + + u32 tid; + do { + + tid = rand_below(afl, afl->queued_paths); + + } while (tid == afl->current_entry || afl->queue_buf[tid]->len < 4); + + /* Get the testcase for splicing. */ + struct queue_entry *target = afl->queue_buf[tid]; + u32 new_len = target->len; + u8 * new_buf = queue_testcase_get(afl, target); + + if ((temp_len >= 2 && r % 2) || temp_len + HAVOC_BLK_XL >= MAX_FILE) { + + /* overwrite mode */ + + u32 copy_from, copy_to, copy_len; + + copy_len = choose_block_len(afl, new_len - 1); + if (copy_len > temp_len) copy_len = temp_len; + + copy_from = rand_below(afl, new_len - copy_len + 1); + copy_to = rand_below(afl, temp_len - copy_len + 1); + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " SPLICE_OVERWRITE-%u-%u-%u-%s", copy_from, copy_to, + copy_len, target->fname); + strcat(afl->mutation, afl->m_tmp); +#endif + memmove(out_buf + copy_to, new_buf + copy_from, copy_len); + + } else { + + /* insert mode */ + + u32 clone_from, clone_to, clone_len; + + clone_len = choose_block_len(afl, new_len); + clone_from = rand_below(afl, new_len - clone_len + 1); + clone_to = rand_below(afl, temp_len + 1); + + u8 *temp_buf = afl_realloc(AFL_BUF_PARAM(out_scratch), + temp_len + clone_len + 1); + if (unlikely(!temp_buf)) { PFATAL("alloc"); } + +#ifdef INTROSPECTION + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " SPLICE_INSERT-%u-%u-%u-%s", clone_from, clone_to, + clone_len, target->fname); + strcat(afl->mutation, afl->m_tmp); +#endif + /* Head */ + + memcpy(temp_buf, out_buf, clone_to); + + /* Inserted part */ + + memcpy(temp_buf + clone_to, new_buf + clone_from, clone_len); + + /* Tail */ + memcpy(temp_buf + clone_to + clone_len, out_buf + clone_to, + temp_len - clone_to); + + out_buf = temp_buf; + afl_swap_bufs(AFL_BUF_PARAM(out), AFL_BUF_PARAM(out_scratch)); + temp_len += clone_len; + + } + + break; + + // end of default } From 1edc3ece6172be28802f1856bee758ff5acfd91c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 27 Mar 2021 12:50:57 +0100 Subject: [PATCH 036/441] add introspection --- src/afl-fuzz-one.c | 20 +++++++++----------- src/afl-fuzz.c | 7 +++++++ 2 files changed, 16 insertions(+), 11 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index e0d961ba..28ec0c46 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2376,8 +2376,7 @@ havoc_stage: #ifdef INTROSPECTION snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u-%u", - actually_clone ? "clone" : "insert", clone_from, clone_to, - clone_len); + "clone", clone_from, clone_to, clone_len); strcat(afl->mutation, afl->m_tmp); #endif u8 *new_buf = @@ -2416,9 +2415,8 @@ havoc_stage: u32 clone_to = rand_below(afl, temp_len); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u-%u", - actually_clone ? "clone" : "insert", clone_from, clone_to, - clone_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " CLONE-%s-%u-%u", + "insert", clone_to, clone_len); strcat(afl->mutation, afl->m_tmp); #endif u8 *new_buf = @@ -2485,8 +2483,8 @@ havoc_stage: u32 copy_to = rand_below(afl, temp_len - copy_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE_FIXED-%u-%u-%u", - copy_from, copy_to, copy_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), " OVERWRITE_FIXED-%u-%u", + copy_to, copy_len); strcat(afl->mutation, afl->m_tmp); #endif memset(out_buf + copy_to, @@ -2600,8 +2598,8 @@ havoc_stage: u32 insert_at = rand_below(afl, temp_len - extra_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " AUTO_EXTRA_OVERWRITE-%u-%u", - insert_at, extra_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " AUTO_EXTRA_OVERWRITE-%u-%u", insert_at, extra_len); strcat(afl->mutation, afl->m_tmp); #endif memcpy(out_buf + insert_at, afl->a_extras[use_extra].data, @@ -2618,8 +2616,8 @@ havoc_stage: u8 *ptr = afl->a_extras[use_extra].data; u32 insert_at = rand_below(afl, temp_len + 1); #ifdef INTROSPECTION - snprintf(afl->m_tmp, sizeof(afl->m_tmp), " AUTO_EXTRA_INSERT-%u-%u", - insert_at, extra_len); + snprintf(afl->m_tmp, sizeof(afl->m_tmp), + " AUTO_EXTRA_INSERT-%u-%u", insert_at, extra_len); strcat(afl->mutation, afl->m_tmp); #endif diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a7edb924..9bd7fca0 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1980,6 +1980,13 @@ int main(int argc, char **argv_orig, char **envp) { } + #ifdef INTROSPECTION + fprintf(afl->introspection_file, + "CYCLE cycle=%llu cycle_wo_finds=%llu expand_havoc=%u queue=%u\n", + afl->queue_cycle, afl->cycles_wo_finds, afl->expand_havoc, + afl->queued_paths); + #endif + if (afl->cycle_schedules) { /* we cannot mix non-AFLfast schedules with others */ From 7ca51fab19adfcda211282d4a1134eada7b60d2b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 27 Mar 2021 12:53:09 +0100 Subject: [PATCH 037/441] ensure one fuzzer sync per cycle, cycle introspection --- docs/Changelog.md | 1 + include/afl-fuzz.h | 1 + src/afl-fuzz-run.c | 1 + src/afl-fuzz.c | 22 +++++++++++++++------- 4 files changed, 18 insertions(+), 7 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 6ae42b04..91d1a8cc 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -18,6 +18,7 @@ sending a mail to . to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h - default cmplog level (-l) is now 2, better efficiency. + - ensure one fuzzer sync per cycle - afl-cc: - Removed InsTrim instrumentation as it is not as good as PCGUARD diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 046b0177..40a7fc85 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -572,6 +572,7 @@ typedef struct afl_state { blocks_eff_select, /* Blocks selected as fuzzable */ start_time, /* Unix start time (ms) */ last_sync_time, /* Time of last sync */ + last_sync_cycle, /* Cycle no. of the last sync */ last_path_time, /* Time for most recent path (ms) */ last_crash_time, /* Time for most recent crash (ms) */ last_hang_time; /* Time for most recent hang (ms) */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 83133dad..832f17bb 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -712,6 +712,7 @@ void sync_fuzzers(afl_state_t *afl) { if (afl->foreign_sync_cnt) read_foreign_testcases(afl, 0); afl->last_sync_time = get_cur_time(); + afl->last_sync_cycle = afl->queue_cycle; } diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a7edb924..9688c84f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1867,6 +1867,14 @@ int main(int argc, char **argv_orig, char **envp) { runs_in_current_cycle > afl->queued_paths) || (afl->old_seed_selection && !afl->queue_cur))) { + if (unlikely((afl->last_sync_cycle < afl->queue_cycle || + (!afl->queue_cycle && afl->afl_env.afl_import_first)) && + afl->sync_id)) { + + sync_fuzzers(afl); + + } + ++afl->queue_cycle; runs_in_current_cycle = (u32)-1; afl->cur_skipped_paths = 0; @@ -1980,6 +1988,13 @@ int main(int argc, char **argv_orig, char **envp) { } + #ifdef INTROSPECTION + fprintf(afl->introspection_file, + "CYCLE cycle=%llu cycle_wo_finds=%llu expand_havoc=%u queue=%u\n", + afl->queue_cycle, afl->cycles_wo_finds, afl->expand_havoc, + afl->queued_paths); + #endif + if (afl->cycle_schedules) { /* we cannot mix non-AFLfast schedules with others */ @@ -2031,13 +2046,6 @@ int main(int argc, char **argv_orig, char **envp) { prev_queued = afl->queued_paths; - if (afl->sync_id && afl->queue_cycle == 1 && - afl->afl_env.afl_import_first) { - - sync_fuzzers(afl); - - } - } ++runs_in_current_cycle; From 84a99f49b84b5380b9b2d79354bd9892216b180d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 29 Mar 2021 19:07:47 +0200 Subject: [PATCH 038/441] remove unneeded var --- instrumentation/afl-compiler-rt.o.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index f241447a..36b9c2f2 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -99,12 +99,10 @@ int __afl_selective_coverage_temp = 1; PREV_LOC_T __afl_prev_loc[NGRAM_SIZE_MAX]; PREV_LOC_T __afl_prev_caller[CTX_MAX_K]; u32 __afl_prev_ctx; -u32 __afl_cmp_counter; #else __thread PREV_LOC_T __afl_prev_loc[NGRAM_SIZE_MAX]; __thread PREV_LOC_T __afl_prev_caller[CTX_MAX_K]; __thread u32 __afl_prev_ctx; -__thread u32 __afl_cmp_counter; #endif int __afl_sharedmem_fuzzing __attribute__((weak)); From 0709d00b10e6d23245d076120402c2c3b567edd9 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 30 Mar 2021 09:44:51 +0200 Subject: [PATCH 039/441] add parallel builds --- TODO.md | 1 + 1 file changed, 1 insertion(+) diff --git a/TODO.md b/TODO.md index b8a091ff..bde328e7 100644 --- a/TODO.md +++ b/TODO.md @@ -11,6 +11,7 @@ - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - cmplog: too much tainted bytes, directly add to dict and skip? + - parallel builds for source-only targets ## Further down the road From 89eb285a232e4e5b421a98434d9c67444129bb97 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 30 Mar 2021 09:48:21 +0200 Subject: [PATCH 040/441] add parallel builds --- TODO.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/TODO.md b/TODO.md index b8a091ff..dc765ec4 100644 --- a/TODO.md +++ b/TODO.md @@ -11,7 +11,7 @@ - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - cmplog: too much tainted bytes, directly add to dict and skip? - + - parallel builds for source-only targets ## Further down the road From 049ace8a4062a7b91b5750305bbf090113090bef Mon Sep 17 00:00:00 2001 From: "R. Elliott Childre" Date: Tue, 30 Mar 2021 10:54:04 -0400 Subject: [PATCH 041/441] Add network_proxy build targets to gitignore (#852) All other build targets in utils/ are ignored except for these due to the lack of file extension. --- .gitignore | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitignore b/.gitignore index 2aaaf9ef..c8d29e50 100644 --- a/.gitignore +++ b/.gitignore @@ -83,3 +83,5 @@ libAFLQemuDriver.a test/.afl_performance gmon.out afl-frida-trace.so +utils/afl_network_proxy/afl-network-client +utils/afl_network_proxy/afl-network-server From 221616a1b78ed5bf77b880a7e9e10a671a0340d9 Mon Sep 17 00:00:00 2001 From: "R. Elliott Childre" Date: Tue, 30 Mar 2021 10:58:29 -0400 Subject: [PATCH 042/441] Fixes: 6d2ac3e3140 ("fix grammar download script") The git submodle entry point is "grammar_mutator" not "grammar-mutator" The build script fails without this --- .../grammar_mutator/build_grammar_mutator.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/custom_mutators/grammar_mutator/build_grammar_mutator.sh b/custom_mutators/grammar_mutator/build_grammar_mutator.sh index ef145dfe..b6cef66f 100755 --- a/custom_mutators/grammar_mutator/build_grammar_mutator.sh +++ b/custom_mutators/grammar_mutator/build_grammar_mutator.sh @@ -106,23 +106,23 @@ git status 1>/dev/null 2>/dev/null if [ $? -eq 0 ]; then echo "[*] initializing grammar mutator submodule" git submodule init || exit 1 - git submodule update ./grammar-mutator 2>/dev/null # ignore errors + git submodule update ./grammar_mutator 2>/dev/null # ignore errors else echo "[*] cloning grammar mutator" - test -d grammar-mutator || { + test -d grammar_mutator || { CNT=1 - while [ '!' -d grammar-mutator -a "$CNT" -lt 4 ]; do - echo "Trying to clone grammar-mutator (attempt $CNT/3)" + while [ '!' -d grammar_mutator -a "$CNT" -lt 4 ]; do + echo "Trying to clone grammar_mutator (attempt $CNT/3)" git clone "$GRAMMAR_REPO" CNT=`expr "$CNT" + 1` done } fi -test -d grammar-mutator || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } +test -d grammar_mutator || { echo "[-] not checked out, please install git or check your internet connection." ; exit 1 ; } echo "[+] Got grammar mutator." -cd "grammar-mutator" || exit 1 +cd "grammar_mutator" || exit 1 echo "[*] Checking out $GRAMMAR_VERSION" sh -c 'git stash && git stash drop' 1>/dev/null 2>/dev/null git checkout "$GRAMMAR_VERSION" || exit 1 @@ -134,7 +134,7 @@ echo echo echo "[+] All successfully prepared!" echo "[!] To build for your grammar just do:" -echo " cd grammar-mutator" +echo " cd grammar_mutator" echo " make GRAMMAR_FILE=/path/to/your/grammar" -echo "[+] You will find a JSON and RUBY grammar in grammar-mutator/grammars to play with." +echo "[+] You will find a JSON and RUBY grammar in grammar_mutator/grammars to play with." echo From 1004fb9a41df364818c5034e8b95b4c00583335f Mon Sep 17 00:00:00 2001 From: Jiangen Jiao Date: Wed, 31 Mar 2021 15:44:27 +0800 Subject: [PATCH 043/441] fix #if A == B always evalutes to true --- Android.bp | 1 - utils/afl_frida/afl-frida.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Android.bp b/Android.bp index 64794e19..bf37757d 100644 --- a/Android.bp +++ b/Android.bp @@ -32,7 +32,6 @@ cc_defaults { target: { android_arm64: { cflags: [ - "-D__aarch64__", "-D__ANDROID__", ], }, diff --git a/utils/afl_frida/afl-frida.c b/utils/afl_frida/afl-frida.c index 711d8f33..e49d6f42 100644 --- a/utils/afl_frida/afl-frida.c +++ b/utils/afl_frida/afl-frida.c @@ -111,7 +111,7 @@ inline static void afl_maybe_log(guint64 current_pc) { } -#if GUM_NATIVE_CPU == GUM_CPU_AMD64 +#ifdef __x86_64__ static const guint8 afl_maybe_log_code[] = { @@ -177,7 +177,7 @@ void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, if (instr->address >= range->code_start && instr->address <= range->code_end) { -#if GUM_NATIVE_CPU == GUM_CPU_AMD64 +#ifdef __x86_64__ GumX86Writer *cw = output->writer.x86; if (range->current_log_impl == 0 || !gum_x86_writer_can_branch_directly_between( From e20f0bf0ea555eb60a393377d6bfe8d379e15135 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Apr 2021 12:33:45 +0200 Subject: [PATCH 044/441] try to avoid CI build failure by updating apt packages --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 31cfceaf..a5f3429e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -16,6 +16,8 @@ jobs: - uses: actions/checkout@v2 - name: debug run: apt-cache search plugin-dev | grep gcc- ; echo ; apt-cache search clang-format- | grep clang-format- + - name: update + run: sudo apt-get update && sudo apt-get upgrade -y - name: install packages run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools - name: compiler installed From 3ff4ca348c344bded53f53b0d0c4b020a188f26e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 2 Apr 2021 14:39:56 +0200 Subject: [PATCH 045/441] fix k-ctx --- src/afl-cc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 3f75c549..b354077e 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1442,9 +1442,11 @@ int main(int argc, char **argv, char **envp) { } - if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0) { + if (strncasecmp(ptr2, "ctx-", strlen("ctx-")) == 0 || + strncasecmp(ptr2, "kctx-", strlen("c-ctx-")) == 0 || + strncasecmp(ptr2, "k-ctx-", strlen("k-ctx-")) == 0) { - u8 *ptr3 = ptr2 + strlen("ctx-"); + u8 *ptr3 = ptr2; while (*ptr3 && (*ptr3 < '0' || *ptr3 > '9')) ptr3++; @@ -1480,7 +1482,7 @@ int main(int argc, char **argv, char **envp) { } - if (strncasecmp(ptr2, "ctx", strlen("ctx")) == 0) { + if (strcasecmp(ptr2, "ctx") == 0) { instrument_opt_mode |= INSTRUMENT_OPT_CTX; setenv("AFL_LLVM_CTX", "1", 1); From 565f61a6abc30dfb4df0269384466589690fbae5 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Fri, 2 Apr 2021 20:09:16 +0400 Subject: [PATCH 046/441] Initialalize the autodict-ql Initialalize the autodict-ql add codeql scripts --- utils/autodict_ql/litool.ql | 10 ++++++++++ utils/autodict_ql/memcmp-str.ql | 8 ++++++++ utils/autodict_ql/strcmp-str.ql | 8 ++++++++ utils/autodict_ql/strncmp-str.ql | 8 ++++++++ utils/autodict_ql/strtool.ql | 24 ++++++++++++++++++++++++ 5 files changed, 58 insertions(+) create mode 100644 utils/autodict_ql/litool.ql create mode 100644 utils/autodict_ql/memcmp-str.ql create mode 100644 utils/autodict_ql/strcmp-str.ql create mode 100644 utils/autodict_ql/strncmp-str.ql create mode 100644 utils/autodict_ql/strtool.ql diff --git a/utils/autodict_ql/litool.ql b/utils/autodict_ql/litool.ql new file mode 100644 index 00000000..b7f4bf33 --- /dev/null +++ b/utils/autodict_ql/litool.ql @@ -0,0 +1,10 @@ +import cpp + +class HexOrOctLiteral extends Literal{ + HexOrOctLiteral(){ + (this instanceof HexLiteral) or (this instanceof OctalLiteral) + } +} + +from HexOrOctLiteral lit +select lit.getValueText() \ No newline at end of file diff --git a/utils/autodict_ql/memcmp-str.ql b/utils/autodict_ql/memcmp-str.ql new file mode 100644 index 00000000..830c9cac --- /dev/null +++ b/utils/autodict_ql/memcmp-str.ql @@ -0,0 +1,8 @@ +import cpp + +/// function : memcmp trace + +from FunctionCall fucall, Expr size +where + fucall.getTarget().hasName("memcmp") +select fucall.getArgument(_).getValueText() \ No newline at end of file diff --git a/utils/autodict_ql/strcmp-str.ql b/utils/autodict_ql/strcmp-str.ql new file mode 100644 index 00000000..83ffadaf --- /dev/null +++ b/utils/autodict_ql/strcmp-str.ql @@ -0,0 +1,8 @@ +import cpp + +/// function : strcmp + +from FunctionCall fucall, Expr size +where + fucall.getTarget().hasName("strcmp") +select fucall.getArgument(_).getValueText() \ No newline at end of file diff --git a/utils/autodict_ql/strncmp-str.ql b/utils/autodict_ql/strncmp-str.ql new file mode 100644 index 00000000..dbb952e5 --- /dev/null +++ b/utils/autodict_ql/strncmp-str.ql @@ -0,0 +1,8 @@ +import cpp + +/// function : strncmp + +from FunctionCall fucall, Expr size +where + fucall.getTarget().hasName("strncmp") +select fucall.getArgument(_).getValueText() \ No newline at end of file diff --git a/utils/autodict_ql/strtool.ql b/utils/autodict_ql/strtool.ql new file mode 100644 index 00000000..f78aabbb --- /dev/null +++ b/utils/autodict_ql/strtool.ql @@ -0,0 +1,24 @@ +import cpp +import semmle.code.cpp.dataflow.DataFlow +class StringLiteralNode extends DataFlow::Node { + StringLiteralNode() { this.asExpr() instanceof StringLiteral } +} +class MemcmpArgNode extends DataFlow::Node { + MemcmpArgNode() { + exists(FunctionCall fc | + fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and + fc.getArgument(0) = this.asExpr() + ) + or + exists(FunctionCall fc | + fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and + fc.getArgument(1) = this.asExpr() + ) + } +} + +from StringLiteralNode src, MemcmpArgNode arg +where + DataFlow::localFlow(src, arg) + +select src.asExpr().(StringLiteral).toString() \ No newline at end of file From a26ed3b7580e31b6f6f174169528fc0bebe20ad6 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:02:45 +0400 Subject: [PATCH 047/441] update the codes, readme - add readme - add required qlpack.yml --- utils/autodict_ql/autodict_ql.py | 188 ++++++++++++++++++++++++++++++ utils/autodict_ql/build-codeql.sh | 17 +++ utils/autodict_ql/litan.py | 86 ++++++++++++++ utils/autodict_ql/qlpack.yml | 3 + utils/autodict_ql/readme.md | 81 +++++++++++++ utils/autodict_ql/strtool.ql | 6 +- 6 files changed, 378 insertions(+), 3 deletions(-) create mode 100644 utils/autodict_ql/autodict_ql.py create mode 100644 utils/autodict_ql/build-codeql.sh create mode 100644 utils/autodict_ql/litan.py create mode 100644 utils/autodict_ql/qlpack.yml create mode 100644 utils/autodict_ql/readme.md diff --git a/utils/autodict_ql/autodict_ql.py b/utils/autodict_ql/autodict_ql.py new file mode 100644 index 00000000..69d11f48 --- /dev/null +++ b/utils/autodict_ql/autodict_ql.py @@ -0,0 +1,188 @@ +#!/usr/bin/env python3 +import os +import string +import binascii +import codecs +import errno +import struct +import argparse +import shutil +import subprocess + +from binascii import unhexlify + +def ensure_dir(dir): + try: + os.makedirs(dir) + except OSError as e: + if e.errno != errno.EEXIST: + raise + +def parse_args(): + parser = argparse.ArgumentParser(description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) + + #parser.add_argument("tokenpath", + #help="Destination directory for tokens") + parser.add_argument("cur", + help = "Current Path") + parser.add_argument("db", + help = "CodeQL database Path") + parser.add_argument("tokenpath", + help="Destination directory for tokens") + + return parser.parse_args() + +def static_analysis(file,file2,cur,db) : + with open(cur+"/"+file, "w") as f: + print(cur+"/"+file) + stream = os.popen("codeql query run " + cur +"/"+ file2 + " -d " + db ) + output = stream.read() + f.write(output) + f.close() + +def copy_tokens(cur, tokenpath) : + subprocess.call(["cp " + cur + "/" + "arrays-lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "strstr-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "local-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "global-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "arrays-lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "arrays-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["cp " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + #strtool-strs + + +def codeql_analysis(cur, db) : + static_analysis("litout.out","litool.ql", cur, db) + static_analysis("strcmp-strings.out","strcmp-str.ql", cur, db) + static_analysis("strncmp-strings.out","strncmp-str.ql", cur, db) + static_analysis("strstr-strings.out","strstr-str.ql", cur, db) + static_analysis("memcmp-strings.out","memcmp-str.ql", cur, db) + static_analysis("global-values-strings.out","globals-values.ql", cur, db) + static_analysis("local-strings.out","locals-strs.ql", cur, db) + static_analysis("strtool-strings.out","strtool.ql", cur, db) + static_analysis("arrays.out","array-literals.ql", cur, db) + start_aflql(0,cur) + #command1 = [ + # 'codeql','query', 'run', + # cur + '/litool.ql', + # '-d', + # db, '>','fff.txt' + # ] + #with open("litool2.log", "w") as f: + # stream = os.popen("codeql query run litool.ql -d " + db ) + # output = stream.read() + # f.write(output) + # f.close() + #worker1 = subprocess.Popen(command1) + #print(worker1.communicate()) + + +def start_aflql(tokenpath, cur): + command = [ + 'python3', + cur + '/litan.py', + cur+'/lits/', + cur+'/litout.out' + ] + worker1 = subprocess.Popen(command) + print(worker1.communicate()) + + command1 = [ + 'python3', + cur + '/strcmp-strings.py', + cur + '/strcmp-strs/', + cur + '/strcmp-strings.out' + ] + worker2 = subprocess.Popen(command1) + print(worker2.communicate()) + + command2 = [ + 'python3', + cur + '/strncmp-strings.py', + cur + '/strncmp-strs/', + cur + '/strncmp-strings.out' + ] + worker3 = subprocess.Popen(command2) + print(worker3.communicate()) + + command3 = [ + 'python3', + cur + '/array-lits.py', + cur + '/arrays-lits/', + cur + '/arrays.out' + ] + worker4 = subprocess.Popen(command3) + print(worker4.communicate()) + + command4 = [ + 'python3', + cur + '/array-strings.py', + cur + '/arrays-strs/', + cur + '/arrays.out' + ] + worker5 = subprocess.Popen(command4) + print(worker5.communicate()) + + + command5 = [ + 'python3', + cur + '/memcmp-strings.py', + cur + '/memcmp-strs/', + cur + '/memcmp-strings.out' + ] + worker6 = subprocess.Popen(command5) + print(worker6.communicate()) + + command6 = [ + 'python3', + cur + '/globals-strings.py', + cur + '/global-strs/', + cur + '/global-values-strings.out' + ] + worker7 = subprocess.Popen(command6) + print(worker7.communicate()) + + command7 = [ + 'python3', + cur + '/strstr-strings.py', + cur + '/strstr-strs/', + cur + '/strstr-strings.out' + ] + worker8 = subprocess.Popen(command7) + print(worker8.communicate()) + + + #strtool-strings.out + + command8 = [ + 'python3', + cur + '/stan-strings.py', + cur + '/strtool-strs/', + cur + '/strtool-strings.out' + ] + worker9 = subprocess.Popen(command8) + print(worker9.communicate()) + + command9 = [ + 'python3', + cur + '/local-strings.py', + cur + '/local-strs/', + cur + '/local-strings.out' + ] + worker10 = subprocess.Popen(command9) + print(worker10.communicate()) + +def main(): + args = parse_args() + ensure_dir(args.tokenpath) + #copy_tokens(args.cur, args.tokenpath) + codeql_analysis(args.cur, args.db) + copy_tokens(args.cur, args.tokenpath) + #start_aflql(args.tokenpath, args.cur) +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/utils/autodict_ql/build-codeql.sh b/utils/autodict_ql/build-codeql.sh new file mode 100644 index 00000000..ccff932e --- /dev/null +++ b/utils/autodict_ql/build-codeql.sh @@ -0,0 +1,17 @@ +cd ~ +if [ -d "codeql-home" ]; then + echo "Exist !" + exit 1 +fi +sudo apt install build-essential libtool-bin python3-dev automake git vim wget -y +mkdir codeql-home +cd codeql-home +git clone https://github.com/github/codeql.git codeql-repo +git clone https://github.com/github/codeql-go.git +wget https://github.com/github/codeql-cli-binaries/releases/download/v2.4.6/codeql-linux64.zip +unzip codeql-linux64.zip +mv codeql codeql-cli +export "PATH=~/codeql-home/codeql-cli/:$PATH" +codeql resolve languages +codeql resolve qlpacks +echo "export PATH=~/codeql-home/codeql-cli/:$PATH" >> ~/.bashrc \ No newline at end of file diff --git a/utils/autodict_ql/litan.py b/utils/autodict_ql/litan.py new file mode 100644 index 00000000..18c04c34 --- /dev/null +++ b/utils/autodict_ql/litan.py @@ -0,0 +1,86 @@ +#!/usr/bin/env python3 +# Autodict-QL - Optimal token generation for fuzzing +# Part of AFL++ Project +# Author : Microsvuln - Arash.vre@gmail.com +import string +import os +import binascii +import codecs +import struct +import errno +import argparse +import re +import base64 +from binascii import unhexlify +def parse_args(): + parser = argparse.ArgumentParser(description=( + "Helper - Specify input file to analysis and output folder to save corpdirus for constants in the overall project ------- Example usage : python2 thisfile.py outdir o.txt")) + parser.add_argument("corpdir", + help="The path to the corpus directory to generate files.") + parser.add_argument("infile", + help="Specify file output of codeql analysis - ex. ooo-hex.txt, analysis take place on this file, example : python2 thisfile.py outdir out.txt") + return parser.parse_args() +def ensure_dir(dir): + try: + os.makedirs(dir) + except OSError as e: + if e.errno == errno.EEXIST: + #print "[-] Directory exists, specify another directory" + exit(1) +def do_analysis1(corpdir, infile): + with open(infile, "rb") as f: + lines = f.readlines()[1:] + f.close() + new_lst = [] + n = 1 + for i, num in enumerate(lines): + if i != 0: + new_lst.append(num) + str1 = str(num) + print ("num is " + str1) + str1 = str1.rstrip('\n\n') + #str1 = str1.replace("0x",""); + str1 = str1.replace("|","") + str1 = str1.rstrip('\r\n') + str1 = str1.rstrip('\n') + str1 = str1.replace(" ","") + #str1 = str1.translate(None, string.punctuation) + translator=str.maketrans('','',string.punctuation) + str1=str1.translate(translator) + str1 = str1[1:] + str1 = str1[:-1] + print("After cleanup : " + str1) + if (str1 != '0') and (str1 != 'ffffffff') and (str1 != 'fffffffe') or (len(str1) == 4) or (len(str1) == 8): + print ("first : "+str1) + if len(str1) > 8 : + str1 = str1[:-1] + elif (len(str1) == 5) : + str1 = str1 = "0" + try: + #str1 = str1.decode("hex") + with open(corpdir+'/lit-seed{0}'.format(n), 'w') as file: + str1 = str1.replace("0x",""); + print (str1) + str1 = int(str1,base=16) + str1 = str1.to_bytes(4, byteorder='little') + file.write(str(str1)) + file.close() + with open (corpdir+'/lit-seed{0}'.format(n), 'r') as q : + a = q.readline() + a = a[1:] + print ("AFL++ Autodict-QL by Microsvuln : Writing Token :" + str(a)) + q.close() + with open (corpdir+'/lit-seed{0}'.format(n), 'w') as w1 : + w1.write(str(a)) + print ("Done!") + w1.close() + except: + print("Error!") + n = n+1 + +def main(): + args = parse_args() + ensure_dir(args.corpdir) + do_analysis1(args.corpdir, args.infile) +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/utils/autodict_ql/qlpack.yml b/utils/autodict_ql/qlpack.yml new file mode 100644 index 00000000..c037a344 --- /dev/null +++ b/utils/autodict_ql/qlpack.yml @@ -0,0 +1,3 @@ +name: automate +version: 0.0.0 +libraryPathDependencies: codeql-cpp diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md new file mode 100644 index 00000000..77a15f8e --- /dev/null +++ b/utils/autodict_ql/readme.md @@ -0,0 +1,81 @@ +# Autodict-QL - Optimal Token Generation for Fuzzing + +## What is this? + +Autodict-QL is a plugin system that enables fast generation of Tokens/Dictionaries in a handy way that can be manipulated by the user (Unlike The LLVM Passes that are hard to modify). This means that autodict-ql is a scriptable feature which basically uses the CodeQL (A powerful semantic code analysis engine) to fetch information from a code base. + +Tokens are useful when you perform fuzzing on different parsers. AFL++ `-x` switch enables the usage of dictionaries through your fuzzing campagin. if you are not familiar with Dictionaries in fuzzing, take a look [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/dictionaries) . + + +## Why CodeQL ? +We basically developed this plugin on top of CodeQL engine because it gives the user scripting features, it's easier and it's independent of the LLVM system. This means that a user can write his CodeQL scripts or modify the current scripts to improve or change the token generation algorithms based on different program analysis concepts. + + +## CodeQL scripts +Currently, we pushed some scripts as defaults for Token generation. In addition, we provide every CodeQL script as an standalone script because it's easier to modify or test. + +Currently we provided the following CodeQL scripts : + +`strcmp-str.ql` is used to extract strings that are related to `strcmp` function. + +`strncmp-str.ql` is used to extract the strings from the `strncmp` function. + +`memcmp-str.ql` is used to extract the strings from the `memcmp` function. + +`litool.ql` extracts Magic numbers as Hexadecimal format. + +`strtool.ql` extracts strings with uses of a regex and dataflow concept to capture the string comparison functions. if strcmp is rewritten in a project as Mystrcmp or something like strmycmp, then this script can catch the arguments and these are valuable tokens. + +You can write other CodeQL scripts to extract possible effective tokens if you think they can be useful. + + +## Usage +The usage of Autodict-QL is pretty easy. But let's describe it as : + +1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system, so : + +` # chmod +x codeql-build.sh` + +` # codeql ` + +Then you should get : + +` Usage: codeql ... +Create and query CodeQL databases, or work with the QL language. + +GitHub makes this program freely available for the analysis of open-source software and certain other uses, but it is +not itself free software. Type codeql --license to see the license terms. + + --license Show the license terms for the CodeQL toolchain. +Common options: + -h, --help Show this help text. + -v, --verbose Incrementally increase the number of progress messages printed. + -q, --quiet Incrementally decrease the number of progress messages printed. +Some advanced options have been hidden; try --help -v for a fuller view. +Commands: + query Compile and execute QL code. + bqrs Get information from .bqrs files. + database Create, analyze and process CodeQL databases. + dataset [Plumbing] Work with raw QL datasets. + test Execute QL unit tests. + resolve [Deep plumbing] Helper commands to resolve disk locations etc. + execute [Deep plumbing] Low-level commands that need special JVM options. + version Show the version of the CodeQL toolchain. + generate Generate formatted QL documentation. + github Commands useful for interacting with the GitHub API through CodeQL. +` + +2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . + - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: + - `./configure --disable-shared` + - `codeql create database libxml-db --language=cpp --command=make + - Now you have the CodeQL database of the project :-) +3. To run the Autodict-QL, the final step is to just create a folder named `automate` in the project you want to fuzz. + - `mkdir automate` (inside the libxml directory) +4. The final step is to update the CodeQL database you created in the step 2 inside the automate dir you created at step 3 : + - `codeql database upgrade ../libxml-db` +5. Everything is set! :-), now you should issue the following to get the tokens : + - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` + - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` + - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. +6. Done! \ No newline at end of file diff --git a/utils/autodict_ql/strtool.ql b/utils/autodict_ql/strtool.ql index f78aabbb..253d1555 100644 --- a/utils/autodict_ql/strtool.ql +++ b/utils/autodict_ql/strtool.ql @@ -3,8 +3,8 @@ import semmle.code.cpp.dataflow.DataFlow class StringLiteralNode extends DataFlow::Node { StringLiteralNode() { this.asExpr() instanceof StringLiteral } } -class MemcmpArgNode extends DataFlow::Node { - MemcmpArgNode() { +class CmpArgNode extends DataFlow::Node { + CmpArgNode() { exists(FunctionCall fc | fc.getTarget().getName().regexpMatch(".*(str|mem|strn|b)*(cmp|str)*") and fc.getArgument(0) = this.asExpr() @@ -17,7 +17,7 @@ class MemcmpArgNode extends DataFlow::Node { } } -from StringLiteralNode src, MemcmpArgNode arg +from StringLiteralNode src, CmpArgNode arg where DataFlow::localFlow(src, arg) From 6088a0d4c2aeada7d952ce05bc1e683b858b1ade Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:04:17 +0400 Subject: [PATCH 048/441] update readme update readme --- utils/autodict_ql/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 77a15f8e..a610afb7 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -40,7 +40,7 @@ The usage of Autodict-QL is pretty easy. But let's describe it as : Then you should get : -` Usage: codeql ... +' Usage: codeql ... Create and query CodeQL databases, or work with the QL language. GitHub makes this program freely available for the analysis of open-source software and certain other uses, but it is @@ -63,7 +63,7 @@ Commands: version Show the version of the CodeQL toolchain. generate Generate formatted QL documentation. github Commands useful for interacting with the GitHub API through CodeQL. -` +' 2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: From cabde32140d6b781fea3c81e535b717bd01b1ec7 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:06:18 +0400 Subject: [PATCH 049/441] Update readme Update readme --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index a610afb7..82aa0a23 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -68,7 +68,7 @@ Commands: 2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: - `./configure --disable-shared` - - `codeql create database libxml-db --language=cpp --command=make + - `codeql create database libxml-db --language=cpp --command=make` - Now you have the CodeQL database of the project :-) 3. To run the Autodict-QL, the final step is to just create a folder named `automate` in the project you want to fuzz. - `mkdir automate` (inside the libxml directory) From 01658fb2e8d923c2d3df225249d9e8e0931511e8 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:07:24 +0400 Subject: [PATCH 050/441] Update readme Update readme --- utils/autodict_ql/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 82aa0a23..e8d3c761 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -70,8 +70,8 @@ Commands: - `./configure --disable-shared` - `codeql create database libxml-db --language=cpp --command=make` - Now you have the CodeQL database of the project :-) -3. To run the Autodict-QL, the final step is to just create a folder named `automate` in the project you want to fuzz. - - `mkdir automate` (inside the libxml directory) +3. To run the Autodict-QL, the final step is to just create a folder named `automate` in the project you want to fuzz. (inside the libxml directory) + - `mkdir automate` 4. The final step is to update the CodeQL database you created in the step 2 inside the automate dir you created at step 3 : - `codeql database upgrade ../libxml-db` 5. Everything is set! :-), now you should issue the following to get the tokens : From 7a383342de6687a09b46151c1f3cf0d44810995a Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:07:52 +0400 Subject: [PATCH 051/441] rename python file rename python file --- utils/autodict_ql/{autodict_ql.py => autodict-ql.py} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename utils/autodict_ql/{autodict_ql.py => autodict-ql.py} (100%) diff --git a/utils/autodict_ql/autodict_ql.py b/utils/autodict_ql/autodict-ql.py similarity index 100% rename from utils/autodict_ql/autodict_ql.py rename to utils/autodict_ql/autodict-ql.py From 67989e9f2acb5e39e9ef422c27f0fe9db3f7da95 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:09:38 +0400 Subject: [PATCH 052/441] update update --- utils/autodict_ql/readme.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index e8d3c761..b368002c 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -40,7 +40,8 @@ The usage of Autodict-QL is pretty easy. But let's describe it as : Then you should get : -' Usage: codeql ... +" +Usage: codeql ... Create and query CodeQL databases, or work with the QL language. GitHub makes this program freely available for the analysis of open-source software and certain other uses, but it is @@ -63,7 +64,7 @@ Commands: version Show the version of the CodeQL toolchain. generate Generate formatted QL documentation. github Commands useful for interacting with the GitHub API through CodeQL. -' +" 2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: @@ -74,7 +75,7 @@ Commands: - `mkdir automate` 4. The final step is to update the CodeQL database you created in the step 2 inside the automate dir you created at step 3 : - `codeql database upgrade ../libxml-db` -5. Everything is set! :-), now you should issue the following to get the tokens : +5. Everything is set! Now you should issue the following to get the tokens : - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. From c4f418c3b27bad3cc61eb61e7b9cf6fb7bbe6868 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:12:24 +0400 Subject: [PATCH 053/441] Add shell command Add shell command --- utils/autodict_ql/readme.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index b368002c..c9c0d2d0 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -40,7 +40,7 @@ The usage of Autodict-QL is pretty easy. But let's describe it as : Then you should get : -" +```shell Usage: codeql ... Create and query CodeQL databases, or work with the QL language. @@ -64,7 +64,7 @@ Commands: version Show the version of the CodeQL toolchain. generate Generate formatted QL documentation. github Commands useful for interacting with the GitHub API through CodeQL. -" +``` 2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: @@ -76,7 +76,7 @@ Commands: 4. The final step is to update the CodeQL database you created in the step 2 inside the automate dir you created at step 3 : - `codeql database upgrade ../libxml-db` 5. Everything is set! Now you should issue the following to get the tokens : - - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` - - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. + - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` + - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` + - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. 6. Done! \ No newline at end of file From bc99b5ba03815e2cfd2a6314a2fa9da78baa6fb6 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:13:18 +0400 Subject: [PATCH 054/441] update readme update readme --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index c9c0d2d0..c8e5556f 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -2,7 +2,7 @@ ## What is this? -Autodict-QL is a plugin system that enables fast generation of Tokens/Dictionaries in a handy way that can be manipulated by the user (Unlike The LLVM Passes that are hard to modify). This means that autodict-ql is a scriptable feature which basically uses the CodeQL (A powerful semantic code analysis engine) to fetch information from a code base. +`Autodict-QL` is a plugin system that enables fast generation of Tokens/Dictionaries in a handy way that can be manipulated by the user (Unlike The LLVM Passes that are hard to modify). This means that autodict-ql is a scriptable feature which basically uses the CodeQL (A powerful semantic code analysis engine) to fetch information from a code base. Tokens are useful when you perform fuzzing on different parsers. AFL++ `-x` switch enables the usage of dictionaries through your fuzzing campagin. if you are not familiar with Dictionaries in fuzzing, take a look [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/dictionaries) . From 920e9402a4d6101bbbed2ef7584d85a3c3de0eaa Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Fri, 2 Apr 2021 22:23:11 +0000 Subject: [PATCH 055/441] Add support for standalone leak-sanitizer, introducting the environment variable AFL_USE_LSAN. AFL_USE_LSAN introduces the macro __AFL_CHECK_LEAK() which will check for a memory leak when the macro is run. This is especially helpful when using __AFL_LOOP(). If __AFL_LEAK_CHECK() is not used when AFL_USE_LSAN=1 is set, the leak checker will run when the program exits. --- GNUmakefile | 4 ++-- README.md | 2 +- docs/env_variables.md | 20 ++++++++++++++++---- docs/notes_for_asan.md | 7 +++++++ include/config.h | 4 ++++ include/envs.h | 1 + src/afl-analyze.c | 19 +++++++++++++++++++ src/afl-as.c | 7 ++++--- src/afl-cc.c | 16 ++++++++++++++-- src/afl-forkserver.c | 17 +++++++++++++---- src/afl-fuzz-init.c | 17 ++++++++++++++++- src/afl-showmap.c | 4 ++++ src/afl-tmin.c | 18 ++++++++++++++++++ test/test-pre.sh | 1 + 14 files changed, 120 insertions(+), 17 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index f885f998..a6314a8b 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -517,7 +517,7 @@ code-format: ifndef AFL_NO_X86 test_build: afl-cc afl-gcc afl-as afl-showmap @echo "[*] Testing the CC wrapper afl-cc and its instrumentation output..." - @unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_ASAN AFL_USE_MSAN; ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-cc test-instr.c -o test-instr 2>&1 || (echo "Oops, afl-cc failed"; exit 1 ) + @unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_LSAN AFL_USE_ASAN AFL_USE_MSAN; ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-cc test-instr.c -o test-instr 2>&1 || (echo "Oops, afl-cc failed"; exit 1 ) ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr0 ./test-instr < /dev/null echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr @rm -f test-instr @@ -525,7 +525,7 @@ test_build: afl-cc afl-gcc afl-as afl-showmap @echo @echo "[+] All right, the instrumentation of afl-cc seems to be working!" # @echo "[*] Testing the CC wrapper afl-gcc and its instrumentation output..." -# @unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_ASAN AFL_USE_MSAN; AFL_CC=$(CC) ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-gcc test-instr.c -o test-instr 2>&1 || (echo "Oops, afl-gcc failed"; exit 1 ) +# @unset AFL_MAP_SIZE AFL_USE_UBSAN AFL_USE_CFISAN AFL_USE_LSAN AFL_USE_ASAN AFL_USE_MSAN; AFL_CC=$(CC) ASAN_OPTIONS=detect_leaks=0 AFL_INST_RATIO=100 AFL_PATH=. ./afl-gcc test-instr.c -o test-instr 2>&1 || (echo "Oops, afl-gcc failed"; exit 1 ) # ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr0 ./test-instr < /dev/null # echo 1 | ASAN_OPTIONS=detect_leaks=0 ./afl-showmap -m none -q -o .test-instr1 ./test-instr # @rm -f test-instr diff --git a/README.md b/README.md index 2528e1d1..41d55e9c 100644 --- a/README.md +++ b/README.md @@ -601,7 +601,7 @@ Every -M/-S entry needs a unique name (that can be whatever), however the same For every secondary fuzzer there should be a variation, e.g.: * one should fuzz the target that was compiled differently: with sanitizers activated (`export AFL_USE_ASAN=1 ; export AFL_USE_UBSAN=1 ; - export AFL_USE_CFISAN=1 ; ` + export AFL_USE_CFISAN=1 ; export AFL_USE_LSAN`) * one should fuzz the target with CMPLOG/redqueen (see above) * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV (see above). Important note: If you run more than one laf-intel/COMPCOV diff --git a/docs/env_variables.md b/docs/env_variables.md index c6ad0aa4..682ab7f1 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -55,7 +55,7 @@ make fairly broad use of environmental variables instead: overridden. - Setting `AFL_USE_ASAN` automatically enables ASAN, provided that your - compiler supports that. Note that fuzzing with ASAN is mildly challenging + compiler supports itt. Note that fuzzing with ASAN is mildly challenging - see [notes_for_asan.md](notes_for_asan.md). (You can also enable MSAN via `AFL_USE_MSAN`; ASAN and MSAN come with the @@ -64,6 +64,13 @@ make fairly broad use of environmental variables instead: there is the Control Flow Integrity sanitizer that can be activated by `AFL_USE_CFISAN=1`) + - Setting `AFL_USE_LSAN` automatically enables Leak-Sanitizer, provided + that your compiler supports it. To perform a leak check within your + program at a certain point (such as at the end of an __AFL_LOOP, + you can run the macro __AFL_CHECK_LEAK(); which will cause + an abort if any memory is leaked (you can combine this with the + LSAN_OPTIONS=suppressions option to supress some known leaks). + - Setting `AFL_CC`, `AFL_CXX`, and `AFL_AS` lets you use alternate downstream compilation tools, rather than the default 'clang', 'gcc', or 'as' binaries in your `$PATH`. @@ -628,7 +635,12 @@ optimal values if not already present in the environment: msan_track_origins=0 allocator_may_return_null=1 ``` - Be sure to include the first one when customizing anything, since some - MSAN versions don't call `abort()` on error, and we need a way to detect - faults. + - Similarly, the default `LSAN_OPTIONS` are set to: +``` + exit_code=86 + fast_unwind_on_malloc=0 +```` + Be sure to include the first ones for LSAN and MSAN when customizing + anything, since some MSAN and LSAN versions don't call `abort()` on + error, and we need a way to detect faults. diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md index 2b3bc028..26f34fad 100644 --- a/docs/notes_for_asan.md +++ b/docs/notes_for_asan.md @@ -28,6 +28,13 @@ Note that ASAN is incompatible with -static, so be mindful of that. (You can also use AFL_USE_MSAN=1 to enable MSAN instead.) +When compiling with AFL_USE_LSAN, the leak sanitizer will normally run +when the program exits. In order to utilize this check at different times, +such as at the end of a loop, you may use the macro __AFL_CHECK_LEAK();. +This macro will report a crash in afl-fuzz if any memory is left leaking +at this stage. You can also use LSAN_OPTIONS and a supressions file +for more fine-tuned checking, however make sure you keep exitcode=23. + NOTE: if you run several secondary instances, only one should run the target compiled with ASAN (and UBSAN, CFISAN), the others should run the target with no sanitizers compiled in. diff --git a/include/config.h b/include/config.h index 29225f6b..6490a5fe 100644 --- a/include/config.h +++ b/include/config.h @@ -393,6 +393,10 @@ #define MSAN_ERROR 86 +/* Distinctive exit code used to indicate LSAN trip condition: */ + +#define LSAN_ERROR 23 + /* Designated file descriptors for forkserver commands (the application will use FORKSRV_FD and FORKSRV_FD + 1): */ diff --git a/include/envs.h b/include/envs.h index 2ce50be7..d1856c50 100644 --- a/include/envs.h +++ b/include/envs.h @@ -172,6 +172,7 @@ static char *afl_environment_variables[] = { "AFL_USE_TRACE_PC", "AFL_USE_UBSAN", "AFL_USE_CFISAN", + "AFL_USE_LSAN", "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", "AFL_EXPAND_HAVOC_NOW", diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 86b0f7e9..90305714 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -781,6 +781,19 @@ static void set_up_environment(void) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "exit_code=" STRINGIFY(LSAN_ERROR))) { + + FATAL("Custom LSAN_OPTIONS set without exit_code=" STRINGIFY( + LSAN_ERROR) " - please fix!"); + + } + + } + setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" @@ -818,6 +831,12 @@ static void set_up_environment(void) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(MSAN_ERROR) ":" + "fast_unwind_on_malloc=0", + 0); + + if (get_afl_env("AFL_PRELOAD")) { if (qemu_mode) { diff --git a/src/afl-as.c b/src/afl-as.c index 7de267a3..dfae44f2 100644 --- a/src/afl-as.c +++ b/src/afl-as.c @@ -517,11 +517,12 @@ static void add_instrumentation(void) { } else { char modeline[100]; - snprintf(modeline, sizeof(modeline), "%s%s%s%s", + snprintf(modeline, sizeof(modeline), "%s%s%s%s%s", getenv("AFL_HARDEN") ? "hardened" : "non-hardened", getenv("AFL_USE_ASAN") ? ", ASAN" : "", getenv("AFL_USE_MSAN") ? ", MSAN" : "", - getenv("AFL_USE_UBSAN") ? ", UBSAN" : ""); + getenv("AFL_USE_UBSAN") ? ", UBSAN" : "", + getenv("AFL_USE_LSAN") ? ", LSAN" : ""); OKF("Instrumented %u locations (%s-bit, %s mode, ratio %u%%).", ins_lines, use_64bit ? "64" : "32", modeline, inst_ratio); @@ -585,7 +586,7 @@ int main(int argc, char **argv) { "AFL_QUIET: suppress verbose output\n" "AFL_KEEP_ASSEMBLY: leave instrumented assembly files\n" "AFL_AS_FORCE_INSTRUMENT: force instrumentation for asm sources\n" - "AFL_HARDEN, AFL_USE_ASAN, AFL_USE_MSAN, AFL_USE_UBSAN:\n" + "AFL_HARDEN, AFL_USE_ASAN, AFL_USE_MSAN, AFL_USE_UBSAN, AFL_USE_LSAN:\n" " used in the instrumentation summary message\n", argv[0]); diff --git a/src/afl-cc.c b/src/afl-cc.c index 5251465b..e0478503 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -758,7 +758,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) have_instr_list = 1; - if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory")) + if (!(strcmp(cur, "-fsanitize=address") && strcmp(cur, "-fsanitize=memory"))) asan_set = 1; if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; @@ -817,6 +817,10 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (getenv("AFL_USE_LSAN")) { + cc_params[cc_par_cnt++] = "-fsanitize=leak"; + } + if (getenv("AFL_USE_CFISAN")) { if (!lto_mode) { @@ -914,6 +918,13 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (getenv("AFL_USE_LSAN")) { + cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; + } + + cc_params[cc_par_cnt++] = + "-D__AFL_CHECK_LEAK()=__lsan_do_leak_check()"; + cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " "1;"; @@ -1740,7 +1751,8 @@ int main(int argc, char **argv, char **envp) { " AFL_USE_ASAN: activate address sanitizer\n" " AFL_USE_CFISAN: activate control flow sanitizer\n" " AFL_USE_MSAN: activate memory sanitizer\n" - " AFL_USE_UBSAN: activate undefined behaviour sanitizer\n"); + " AFL_USE_UBSAN: activate undefined behaviour sanitizer\n" + " AFL_USE_LSAN: activate leak-checker sanitizer\n"); if (have_gcc_plugin) SAYF( diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 68995388..fa89713a 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -483,7 +483,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!getenv("LD_BIND_LAZY")) { setenv("LD_BIND_NOW", "1", 1); } - /* Set sane defaults for ASAN if nothing else specified. */ + /* Set sane defaults for ASAN if nothing else is specified. */ if (!getenv("ASAN_OPTIONS")) setenv("ASAN_OPTIONS", @@ -500,7 +500,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, "handle_sigill=0", 1); - /* Set sane defaults for UBSAN if nothing else specified. */ + /* Set sane defaults for UBSAN if nothing else is specified. */ if (!getenv("UBSAN_OPTIONS")) setenv("UBSAN_OPTIONS", @@ -538,6 +538,14 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, "handle_sigill=0", 1); + /* LSAN, too, does not support abort_on_error=1. */ + + if (!getenv("LSAN_OPTIONS")) + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0", + 1); + fsrv->init_child_func(fsrv, argv); /* Use a distinctive bitmap signature to tell the parent about execv() @@ -1210,8 +1218,9 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, if (unlikely( /* A normal crash/abort */ (WIFSIGNALED(fsrv->child_status)) || - /* special handling for msan */ - (fsrv->uses_asan && WEXITSTATUS(fsrv->child_status) == MSAN_ERROR) || + /* special handling for msan and lsan */ + (fsrv->uses_asan && (WEXITSTATUS(fsrv->child_status) == MSAN_ERROR || + WEXITSTATUS(fsrv->child_status) == LSAN_ERROR)) || /* the custom crash_exitcode was returned by the target */ (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 82c1799e..24f5c5b5 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2466,6 +2466,20 @@ void check_asan_opts(afl_state_t *afl) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "exit_code=" STRINGIFY(LSAN_ERROR))) { + + FATAL("Custom LSAN_OPTIONS set without exit_code=" STRINGIFY( + LSAN_ERROR) " - please fix!"); + + } + + } + + } /* Handle stop signal (Ctrl-C, etc). */ @@ -2711,7 +2725,8 @@ void check_binary(afl_state_t *afl, u8 *fname) { } if (memmem(f_data, f_len, "__asan_init", 11) || - memmem(f_data, f_len, "__msan_init", 11)) { + memmem(f_data, f_len, "__msan_init", 11) || + memmem(f_data, f_len, "__lsan_init", 11)) { afl->fsrv.uses_asan = 1; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 7bf5a9c7..bf076683 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -570,6 +570,10 @@ static void set_up_environment(afl_forkserver_t *fsrv) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0", + 0); setenv("UBSAN_OPTIONS", "halt_on_error=1:" diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 7ef8b9bf..a2741a07 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -712,6 +712,19 @@ static void set_up_environment(afl_forkserver_t *fsrv) { } + x = get_afl_env("LSAN_OPTIONS"); + + if (x) { + + if (!strstr(x, "exit_code=" STRINGIFY(LSAN_ERROR))) { + + FATAL("Custom LSAN_OPTIONS set without exit_code=" STRINGIFY( + LSAN_ERROR) " - please fix!"); + + } + + } + setenv("ASAN_OPTIONS", "abort_on_error=1:" "detect_leaks=0:" @@ -749,6 +762,11 @@ static void set_up_environment(afl_forkserver_t *fsrv) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", + "exitcode=" STRINGIFY(LSAN_ERROR) ":" + "fast_unwind_on_malloc=0", + 0); + if (get_afl_env("AFL_PRELOAD")) { if (fsrv->qemu_mode) { diff --git a/test/test-pre.sh b/test/test-pre.sh index 85ac320b..174f2f7f 100755 --- a/test/test-pre.sh +++ b/test/test-pre.sh @@ -71,6 +71,7 @@ unset AFL_HARDEN unset AFL_USE_ASAN unset AFL_USE_MSAN unset AFL_USE_UBSAN +unset AFL_USE_LSAN unset AFL_TMPDIR unset AFL_CC unset AFL_PRELOAD From 6514e33ab6733dd4e7ae0d3eeec83db06b3f451f Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Fri, 2 Apr 2021 22:32:38 +0000 Subject: [PATCH 056/441] Replace __AFL_CHECK_LEAK with __AFL_LEAK_CHECK to be more proper. Fix spelling mistakes. Correctly call LSAN_ERROR not MSAN_ERROR. --- docs/env_variables.md | 8 ++++---- docs/notes_for_asan.md | 2 +- src/afl-analyze.c | 2 +- src/afl-cc.c | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index 682ab7f1..85c2efd7 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -55,7 +55,7 @@ make fairly broad use of environmental variables instead: overridden. - Setting `AFL_USE_ASAN` automatically enables ASAN, provided that your - compiler supports itt. Note that fuzzing with ASAN is mildly challenging + compiler supports it. Note that fuzzing with ASAN is mildly challenging - see [notes_for_asan.md](notes_for_asan.md). (You can also enable MSAN via `AFL_USE_MSAN`; ASAN and MSAN come with the @@ -66,8 +66,8 @@ make fairly broad use of environmental variables instead: - Setting `AFL_USE_LSAN` automatically enables Leak-Sanitizer, provided that your compiler supports it. To perform a leak check within your - program at a certain point (such as at the end of an __AFL_LOOP, - you can run the macro __AFL_CHECK_LEAK(); which will cause + program at a certain point (such as at the end of an __AFL_LOOP), + you can run the macro __AFL_LEAK_CHECK(); which will cause an abort if any memory is leaked (you can combine this with the LSAN_OPTIONS=suppressions option to supress some known leaks). @@ -637,7 +637,7 @@ optimal values if not already present in the environment: ``` - Similarly, the default `LSAN_OPTIONS` are set to: ``` - exit_code=86 + exit_code=23 fast_unwind_on_malloc=0 ```` Be sure to include the first ones for LSAN and MSAN when customizing diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md index 26f34fad..f55aeaf2 100644 --- a/docs/notes_for_asan.md +++ b/docs/notes_for_asan.md @@ -30,7 +30,7 @@ Note that ASAN is incompatible with -static, so be mindful of that. When compiling with AFL_USE_LSAN, the leak sanitizer will normally run when the program exits. In order to utilize this check at different times, -such as at the end of a loop, you may use the macro __AFL_CHECK_LEAK();. +such as at the end of a loop, you may use the macro __AFL_LEAK_CHECK();. This macro will report a crash in afl-fuzz if any memory is left leaking at this stage. You can also use LSAN_OPTIONS and a supressions file for more fine-tuned checking, however make sure you keep exitcode=23. diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 90305714..f961f13a 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -832,7 +832,7 @@ static void set_up_environment(void) { "handle_sigill=0", 0); setenv("LSAN_OPTIONS", - "exitcode=" STRINGIFY(MSAN_ERROR) ":" + "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0", 0); diff --git a/src/afl-cc.c b/src/afl-cc.c index e0478503..975b28d1 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -923,7 +923,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } cc_params[cc_par_cnt++] = - "-D__AFL_CHECK_LEAK()=__lsan_do_leak_check()"; + "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()"; cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " From b418c31479f5d5e1d10c75eafec9ead9351453cb Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:39:09 +0400 Subject: [PATCH 057/441] Some updates on readme Some updates on readme --- utils/autodict_ql/readme.md | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index c8e5556f..45f685c6 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -79,4 +79,19 @@ Commands: - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. -6. Done! \ No newline at end of file +6. Done! + + +## More on dictionaries and tokens +Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. +On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. + +I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` is working based on the target. +In overall, fuzzing with dictionaries and well-generated tokens will give better results. + +There are 2 important points to remember : + +- If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs. +- Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++. + + \ No newline at end of file From b7d12c8532da0a094aa2504e90f84a1530d569a9 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 02:45:46 +0400 Subject: [PATCH 058/441] Update readme Update readme --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 45f685c6..39857f69 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -83,7 +83,7 @@ Commands: ## More on dictionaries and tokens -Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. +Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system. On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` is working based on the target. From 8f9d1fd7b05f916d8c43d5872be54d9074bdf8db Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 03:16:13 +0400 Subject: [PATCH 059/441] Updates update --- utils/autodict_ql/readme.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 39857f69..3e4655c8 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -34,10 +34,11 @@ The usage of Autodict-QL is pretty easy. But let's describe it as : 1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system, so : -` # chmod +x codeql-build.sh` - -` # codeql ` - +```shell +# chmod +x codeql-build.sh` +# sudo ./codeql-build.sh +# codeql ` +``` Then you should get : ```shell @@ -93,5 +94,3 @@ There are 2 important points to remember : - If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs. - Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++. - - \ No newline at end of file From 4291c3db5dca5082aed123f3a353f8af4a0f4785 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 14:04:06 +0400 Subject: [PATCH 060/441] finalize 1 commit final things --- utils/autodict_ql/autodict-ql.py | 87 ++++++-------------------------- utils/autodict_ql/readme.md | 6 ++- 2 files changed, 20 insertions(+), 73 deletions(-) diff --git a/utils/autodict_ql/autodict-ql.py b/utils/autodict_ql/autodict-ql.py index 69d11f48..ddc95435 100644 --- a/utils/autodict_ql/autodict-ql.py +++ b/utils/autodict_ql/autodict-ql.py @@ -1,4 +1,14 @@ #!/usr/bin/env python3 +# AutoDict-QL - Optimal Token Generation for Fuzzing +# Part of AFL++ Project +# Developed and Maintained by Arash Ale Ebrahim (@Microsvuln) +# Usage : python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH] +# CURRENT_DIR = full of your current Dir +# CODEQL_DATABASE_PATH = Full path to your CodeQL database +# TOKEN_PATH = Folder name of the newly generated tokens +# Example : python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens +# Just pass the tokens folder to the -x flag of your fuzzer + import os import string import binascii @@ -42,47 +52,25 @@ def static_analysis(file,file2,cur,db) : f.close() def copy_tokens(cur, tokenpath) : - subprocess.call(["cp " + cur + "/" + "arrays-lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "strstr-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "local-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "global-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "arrays-lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "arrays-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - #strtool-strs + def codeql_analysis(cur, db) : static_analysis("litout.out","litool.ql", cur, db) static_analysis("strcmp-strings.out","strcmp-str.ql", cur, db) static_analysis("strncmp-strings.out","strncmp-str.ql", cur, db) - static_analysis("strstr-strings.out","strstr-str.ql", cur, db) static_analysis("memcmp-strings.out","memcmp-str.ql", cur, db) - static_analysis("global-values-strings.out","globals-values.ql", cur, db) - static_analysis("local-strings.out","locals-strs.ql", cur, db) static_analysis("strtool-strings.out","strtool.ql", cur, db) - static_analysis("arrays.out","array-literals.ql", cur, db) - start_aflql(0,cur) - #command1 = [ - # 'codeql','query', 'run', - # cur + '/litool.ql', - # '-d', - # db, '>','fff.txt' - # ] - #with open("litool2.log", "w") as f: - # stream = os.popen("codeql query run litool.ql -d " + db ) - # output = stream.read() - # f.write(output) - # f.close() - #worker1 = subprocess.Popen(command1) - #print(worker1.communicate()) + start_autodict(0,cur) -def start_aflql(tokenpath, cur): + +def start_autodict(tokenpath, cur): command = [ 'python3', cur + '/litan.py', @@ -110,23 +98,6 @@ def start_aflql(tokenpath, cur): worker3 = subprocess.Popen(command2) print(worker3.communicate()) - command3 = [ - 'python3', - cur + '/array-lits.py', - cur + '/arrays-lits/', - cur + '/arrays.out' - ] - worker4 = subprocess.Popen(command3) - print(worker4.communicate()) - - command4 = [ - 'python3', - cur + '/array-strings.py', - cur + '/arrays-strs/', - cur + '/arrays.out' - ] - worker5 = subprocess.Popen(command4) - print(worker5.communicate()) command5 = [ @@ -138,26 +109,7 @@ def start_aflql(tokenpath, cur): worker6 = subprocess.Popen(command5) print(worker6.communicate()) - command6 = [ - 'python3', - cur + '/globals-strings.py', - cur + '/global-strs/', - cur + '/global-values-strings.out' - ] - worker7 = subprocess.Popen(command6) - print(worker7.communicate()) - command7 = [ - 'python3', - cur + '/strstr-strings.py', - cur + '/strstr-strs/', - cur + '/strstr-strings.out' - ] - worker8 = subprocess.Popen(command7) - print(worker8.communicate()) - - - #strtool-strings.out command8 = [ 'python3', @@ -168,14 +120,7 @@ def start_aflql(tokenpath, cur): worker9 = subprocess.Popen(command8) print(worker9.communicate()) - command9 = [ - 'python3', - cur + '/local-strings.py', - cur + '/local-strs/', - cur + '/local-strings.out' - ] - worker10 = subprocess.Popen(command9) - print(worker10.communicate()) + def main(): args = parse_args() @@ -183,6 +128,6 @@ def main(): #copy_tokens(args.cur, args.tokenpath) codeql_analysis(args.cur, args.db) copy_tokens(args.cur, args.tokenpath) - #start_aflql(args.tokenpath, args.cur) + #start_autodict(args.tokenpath, args.cur) if __name__ == '__main__': main() \ No newline at end of file diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 3e4655c8..f8d23098 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -67,7 +67,7 @@ Commands: github Commands useful for interacting with the GitHub API through CodeQL. ``` -2. Compiler your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . +2. Compile your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: - `./configure --disable-shared` - `codeql create database libxml-db --language=cpp --command=make` @@ -87,10 +87,12 @@ Commands: Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system. On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. -I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` is working based on the target. +I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` and `dict2file` is working based on the target. In overall, fuzzing with dictionaries and well-generated tokens will give better results. There are 2 important points to remember : - If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs. - Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++. + +Thanks are going to Marc Heuse, the AFL++ main developer, Antonio Morales and Stefan Nagy \ No newline at end of file From 7f6d256014ae6728bc938e33b7038105a5714c9b Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 14:06:12 +0400 Subject: [PATCH 061/441] space space --- utils/autodict_ql/readme.md | 1 + 1 file changed, 1 insertion(+) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index f8d23098..0449233b 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -30,6 +30,7 @@ You can write other CodeQL scripts to extract possible effective tokens if you t ## Usage + The usage of Autodict-QL is pretty easy. But let's describe it as : 1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system, so : From 7a3dfbce71d45742a6b571e41f07ae6b104e3a6b Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 14:07:13 +0400 Subject: [PATCH 062/441] remove things remove things --- utils/autodict_ql/readme.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 0449233b..9e6a7292 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -36,9 +36,9 @@ The usage of Autodict-QL is pretty easy. But let's describe it as : 1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system, so : ```shell -# chmod +x codeql-build.sh` +# chmod +x codeql-build.sh # sudo ./codeql-build.sh -# codeql ` +# codeql ``` Then you should get : From 8d894eec90ef738702d42274cda0d6a4e5494627 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 14:11:33 +0400 Subject: [PATCH 063/441] Add python scripts Add python scripts --- utils/autodict_ql/memcmp-strings.py | 64 ++++++++++++++++++++++++++++ utils/autodict_ql/stan-strings.py | 60 ++++++++++++++++++++++++++ utils/autodict_ql/strcmp-strings.py | 60 ++++++++++++++++++++++++++ utils/autodict_ql/strncmp-strings.py | 64 ++++++++++++++++++++++++++++ 4 files changed, 248 insertions(+) create mode 100644 utils/autodict_ql/memcmp-strings.py create mode 100644 utils/autodict_ql/stan-strings.py create mode 100644 utils/autodict_ql/strcmp-strings.py create mode 100644 utils/autodict_ql/strncmp-strings.py diff --git a/utils/autodict_ql/memcmp-strings.py b/utils/autodict_ql/memcmp-strings.py new file mode 100644 index 00000000..e948fba4 --- /dev/null +++ b/utils/autodict_ql/memcmp-strings.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python3 +# Autodict-QL - Optimal token generation for fuzzing +# Part of AFL++ Project +# Author : Microsvuln - Arash.vre@gmail.com + +import os +import string +import binascii +import codecs +import errno +import struct +import argparse +import re +from binascii import unhexlify + +def ensure_dir(dir): + try: + os.makedirs(dir) + except OSError as e: + if e.errno != errno.EEXIST: + raise + +def parse_args(): + parser = argparse.ArgumentParser(description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) + parser.add_argument("corpdir", + help="The path to the corpus directory to generate strings.") + parser.add_argument("infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + + return parser.parse_args() + + +def do_string_analysis(corpdir, infile1): + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() + new_lst1 = [] + n = 1 + for i, num1 in enumerate(lines): + if i != 0: + new_lst1.append(num1) + print("num : %s" % num1) + str11 = str(num1) + str11 = str11.replace("|","") + str11 = str11.replace("\n","") + str11 = str11.lstrip() + str11 = str11.rstrip() + print("all strings : %s" % str11) + str11 = str(str11) + if ((" " in str11 ) or (")" in str11) or ("(" in str11)): + print("Space / Paranthesis String : %s" % str11) + else : + with open(corpdir+'/memcmp-str{0}'.format(n), 'w') as file: + file.write(str11) + print("Hahaha : %s" % str11) + n=n+1 + +def main(): + args = parse_args() + ensure_dir(args.corpdir) + do_string_analysis(args.corpdir, args.infile) +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/utils/autodict_ql/stan-strings.py b/utils/autodict_ql/stan-strings.py new file mode 100644 index 00000000..c35d8a65 --- /dev/null +++ b/utils/autodict_ql/stan-strings.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python3 +import os +import string +import binascii +import codecs +import errno +import struct +import argparse +import re +from binascii import unhexlify + +def ensure_dir(dir): + try: + os.makedirs(dir) + except OSError as e: + if e.errno != errno.EEXIST: + raise + +def parse_args(): + parser = argparse.ArgumentParser(description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) + parser.add_argument("corpdir", + help="The path to the corpus directory to generate strings.") + parser.add_argument("infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + + return parser.parse_args() + + +def do_string_analysis(corpdir, infile1): + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() + new_lst1 = [] + n = 1 + for i, num1 in enumerate(lines): + if i != 0: + new_lst1.append(num1) + print("num : %s" % num1) + str11 = str(num1) + str11 = str11.replace("|","") + str11 = str11.replace("\n","") + str11 = str11.lstrip() + str11 = str11.rstrip() + print("all strings : %s" % str11) + str11 = str(str11) + if ((" " in str11 ) or (")" in str11) or ("(" in str11)) or ("<" in str11) or (">" in str11) : + print("Space / Paranthesis String : %s" % str11) + else : + with open(corpdir+'/seed-str{0}'.format(n), 'w') as file: + file.write(str11) + print("Hahaha : %s" % str11) + n=n+1 + +def main(): + args = parse_args() + ensure_dir(args.corpdir) + do_string_analysis(args.corpdir, args.infile) +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/utils/autodict_ql/strcmp-strings.py b/utils/autodict_ql/strcmp-strings.py new file mode 100644 index 00000000..412b70ae --- /dev/null +++ b/utils/autodict_ql/strcmp-strings.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python3 +import os +import string +import binascii +import codecs +import errno +import struct +import argparse +import re +from binascii import unhexlify + +def ensure_dir(dir): + try: + os.makedirs(dir) + except OSError as e: + if e.errno != errno.EEXIST: + raise + +def parse_args(): + parser = argparse.ArgumentParser(description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) + parser.add_argument("corpdir", + help="The path to the corpus directory to generate strings.") + parser.add_argument("infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + + return parser.parse_args() + + +def do_string_analysis(corpdir, infile1): + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() + new_lst1 = [] + n = 1 + for i, num1 in enumerate(lines): + if i != 0: + new_lst1.append(num1) + print("num : %s" % num1) + str11 = str(num1) + str11 = str11.replace("|","") + str11 = str11.replace("\n","") + str11 = str11.lstrip() + str11 = str11.rstrip() + print("all strings : %s" % str11) + str11 = str(str11) + if ((" " in str11 ) or (")" in str11) or ("(" in str11)): + print("Space / Paranthesis String : %s" % str11) + else : + with open(corpdir+'/strcmp-str{0}'.format(n), 'w') as file: + file.write(str11) + print("Hahaha : %s" % str11) + n=n+1 + +def main(): + args = parse_args() + ensure_dir(args.corpdir) + do_string_analysis(args.corpdir, args.infile) +if __name__ == '__main__': + main() \ No newline at end of file diff --git a/utils/autodict_ql/strncmp-strings.py b/utils/autodict_ql/strncmp-strings.py new file mode 100644 index 00000000..2c07718e --- /dev/null +++ b/utils/autodict_ql/strncmp-strings.py @@ -0,0 +1,64 @@ +#!/usr/bin/env python3 +# Autodict-QL - Optimal token generation for fuzzing +# Part of AFL++ Project +# Author : Microsvuln - Arash.vre@gmail.com + +import os +import string +import binascii +import codecs +import errno +import struct +import argparse +import re +from binascii import unhexlify + +def ensure_dir(dir): + try: + os.makedirs(dir) + except OSError as e: + if e.errno != errno.EEXIST: + raise + +def parse_args(): + parser = argparse.ArgumentParser(description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) + parser.add_argument("corpdir", + help="The path to the corpus directory to generate strings.") + parser.add_argument("infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + + return parser.parse_args() + + +def do_string_analysis(corpdir, infile1): + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() + new_lst1 = [] + n = 1 + for i, num1 in enumerate(lines): + if i != 0: + new_lst1.append(num1) + print("num : %s" % num1) + str11 = str(num1) + str11 = str11.replace("|","") + str11 = str11.replace("\n","") + str11 = str11.lstrip() + str11 = str11.rstrip() + print("all strings : %s" % str11) + str11 = str(str11) + if ((" " in str11 ) or (")" in str11) or ("(" in str11)): + print("Space / Paranthesis String : %s" % str11) + else : + with open(corpdir+'/strncmp-str{0}'.format(n), 'w') as file: + file.write(str11) + print("Hahaha : %s" % str11) + n=n+1 + +def main(): + args = parse_args() + ensure_dir(args.corpdir) + do_string_analysis(args.corpdir, args.infile) +if __name__ == '__main__': + main() \ No newline at end of file From 6c88b6b362ddc06effd8d99c32375ab34028665c Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 14:13:55 +0400 Subject: [PATCH 064/441] Update python scripts Update python scripts --- utils/autodict_ql/memcmp-strings.py | 2 +- utils/autodict_ql/stan-strings.py | 6 +++++- utils/autodict_ql/strcmp-strings.py | 6 +++++- utils/autodict_ql/strncmp-strings.py | 2 +- 4 files changed, 12 insertions(+), 4 deletions(-) diff --git a/utils/autodict_ql/memcmp-strings.py b/utils/autodict_ql/memcmp-strings.py index e948fba4..fb892aff 100644 --- a/utils/autodict_ql/memcmp-strings.py +++ b/utils/autodict_ql/memcmp-strings.py @@ -53,7 +53,7 @@ def do_string_analysis(corpdir, infile1): else : with open(corpdir+'/memcmp-str{0}'.format(n), 'w') as file: file.write(str11) - print("Hahaha : %s" % str11) + print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) n=n+1 def main(): diff --git a/utils/autodict_ql/stan-strings.py b/utils/autodict_ql/stan-strings.py index c35d8a65..e9f6f0d0 100644 --- a/utils/autodict_ql/stan-strings.py +++ b/utils/autodict_ql/stan-strings.py @@ -1,4 +1,8 @@ #!/usr/bin/env python3 +# Autodict-QL - Optimal token generation for fuzzing +# Part of AFL++ Project +# Author : Microsvuln - Arash.vre@gmail.com + import os import string import binascii @@ -49,7 +53,7 @@ def do_string_analysis(corpdir, infile1): else : with open(corpdir+'/seed-str{0}'.format(n), 'w') as file: file.write(str11) - print("Hahaha : %s" % str11) + print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) n=n+1 def main(): diff --git a/utils/autodict_ql/strcmp-strings.py b/utils/autodict_ql/strcmp-strings.py index 412b70ae..a1b7e27c 100644 --- a/utils/autodict_ql/strcmp-strings.py +++ b/utils/autodict_ql/strcmp-strings.py @@ -1,4 +1,8 @@ #!/usr/bin/env python3 +# Autodict-QL - Optimal token generation for fuzzing +# Part of AFL++ Project +# Author : Microsvuln - Arash.vre@gmail.com + import os import string import binascii @@ -49,7 +53,7 @@ def do_string_analysis(corpdir, infile1): else : with open(corpdir+'/strcmp-str{0}'.format(n), 'w') as file: file.write(str11) - print("Hahaha : %s" % str11) + print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) n=n+1 def main(): diff --git a/utils/autodict_ql/strncmp-strings.py b/utils/autodict_ql/strncmp-strings.py index 2c07718e..2652f66e 100644 --- a/utils/autodict_ql/strncmp-strings.py +++ b/utils/autodict_ql/strncmp-strings.py @@ -53,7 +53,7 @@ def do_string_analysis(corpdir, infile1): else : with open(corpdir+'/strncmp-str{0}'.format(n), 'w') as file: file.write(str11) - print("Hahaha : %s" % str11) + print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) n=n+1 def main(): From 70e975704465672f49273da9f4a8f7e56f745e20 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 15:47:22 +0400 Subject: [PATCH 065/441] new commit - change strings new commit - change strings --- utils/autodict_ql/autodict-ql.py | 1 + utils/autodict_ql/build-codeql.sh | 4 ++-- utils/autodict_ql/memcmp-strings.py | 3 +-- utils/autodict_ql/readme.md | 11 ++++++++--- utils/autodict_ql/stan-strings.py | 3 +-- utils/autodict_ql/strcmp-strings.py | 3 +-- utils/autodict_ql/strncmp-strings.py | 3 +-- 7 files changed, 15 insertions(+), 13 deletions(-) diff --git a/utils/autodict_ql/autodict-ql.py b/utils/autodict_ql/autodict-ql.py index ddc95435..7bba57fc 100644 --- a/utils/autodict_ql/autodict-ql.py +++ b/utils/autodict_ql/autodict-ql.py @@ -57,6 +57,7 @@ def copy_tokens(cur, tokenpath) : subprocess.call(["cp " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["cp " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["find "+tokenpath+" -size 0 -delete"],shell=True) diff --git a/utils/autodict_ql/build-codeql.sh b/utils/autodict_ql/build-codeql.sh index ccff932e..450207f6 100644 --- a/utils/autodict_ql/build-codeql.sh +++ b/utils/autodict_ql/build-codeql.sh @@ -3,7 +3,6 @@ if [ -d "codeql-home" ]; then echo "Exist !" exit 1 fi -sudo apt install build-essential libtool-bin python3-dev automake git vim wget -y mkdir codeql-home cd codeql-home git clone https://github.com/github/codeql.git codeql-repo @@ -12,6 +11,7 @@ wget https://github.com/github/codeql-cli-binaries/releases/download/v2.4.6/code unzip codeql-linux64.zip mv codeql codeql-cli export "PATH=~/codeql-home/codeql-cli/:$PATH" +echo "export PATH=~/codeql-home/codeql-cli/:$PATH" >> ~/.bashrc codeql resolve languages codeql resolve qlpacks -echo "export PATH=~/codeql-home/codeql-cli/:$PATH" >> ~/.bashrc \ No newline at end of file +codeql \ No newline at end of file diff --git a/utils/autodict_ql/memcmp-strings.py b/utils/autodict_ql/memcmp-strings.py index fb892aff..2814da5b 100644 --- a/utils/autodict_ql/memcmp-strings.py +++ b/utils/autodict_ql/memcmp-strings.py @@ -46,9 +46,8 @@ def do_string_analysis(corpdir, infile1): str11 = str11.replace("\n","") str11 = str11.lstrip() str11 = str11.rstrip() - print("all strings : %s" % str11) str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11)): + if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : print("Space / Paranthesis String : %s" % str11) else : with open(corpdir+'/memcmp-str{0}'.format(n), 'w') as file: diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 9e6a7292..ccc9b0e3 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -31,13 +31,18 @@ You can write other CodeQL scripts to extract possible effective tokens if you t ## Usage +Before proceed to installation make sure that you have the following packages by installing them : +```shell +sudo apt install build-essential libtool-bin python3-dev python3 automake git vim wget -y +``` The usage of Autodict-QL is pretty easy. But let's describe it as : -1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system, so : - +1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system. +Do the following : ```shell # chmod +x codeql-build.sh -# sudo ./codeql-build.sh +# ./codeql-build.sh +# source ~/.bashrc # codeql ``` Then you should get : diff --git a/utils/autodict_ql/stan-strings.py b/utils/autodict_ql/stan-strings.py index e9f6f0d0..5a863f80 100644 --- a/utils/autodict_ql/stan-strings.py +++ b/utils/autodict_ql/stan-strings.py @@ -46,9 +46,8 @@ def do_string_analysis(corpdir, infile1): str11 = str11.replace("\n","") str11 = str11.lstrip() str11 = str11.rstrip() - print("all strings : %s" % str11) str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11)) or ("<" in str11) or (">" in str11) : + if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : print("Space / Paranthesis String : %s" % str11) else : with open(corpdir+'/seed-str{0}'.format(n), 'w') as file: diff --git a/utils/autodict_ql/strcmp-strings.py b/utils/autodict_ql/strcmp-strings.py index a1b7e27c..1852b947 100644 --- a/utils/autodict_ql/strcmp-strings.py +++ b/utils/autodict_ql/strcmp-strings.py @@ -46,9 +46,8 @@ def do_string_analysis(corpdir, infile1): str11 = str11.replace("\n","") str11 = str11.lstrip() str11 = str11.rstrip() - print("all strings : %s" % str11) str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11)): + if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : print("Space / Paranthesis String : %s" % str11) else : with open(corpdir+'/strcmp-str{0}'.format(n), 'w') as file: diff --git a/utils/autodict_ql/strncmp-strings.py b/utils/autodict_ql/strncmp-strings.py index 2652f66e..f00fa3da 100644 --- a/utils/autodict_ql/strncmp-strings.py +++ b/utils/autodict_ql/strncmp-strings.py @@ -46,9 +46,8 @@ def do_string_analysis(corpdir, infile1): str11 = str11.replace("\n","") str11 = str11.lstrip() str11 = str11.rstrip() - print("all strings : %s" % str11) str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11)): + if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : print("Space / Paranthesis String : %s" % str11) else : with open(corpdir+'/strncmp-str{0}'.format(n), 'w') as file: From d5fc03b71819ed75bd7134584e8f00a7f1010149 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 15:49:17 +0400 Subject: [PATCH 066/441] update qlpack name update qlpack name --- utils/autodict_ql/qlpack.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/qlpack.yml b/utils/autodict_ql/qlpack.yml index c037a344..28892f24 100644 --- a/utils/autodict_ql/qlpack.yml +++ b/utils/autodict_ql/qlpack.yml @@ -1,3 +1,3 @@ -name: automate +name: autodict version: 0.0.0 libraryPathDependencies: codeql-cpp From 050f331c54a7af2fdb2eb1ca33e9dacd9257dbb0 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:04:14 +0400 Subject: [PATCH 067/441] remove unessential things remove unessential things from scripts --- utils/autodict_ql/autodict-ql.py | 10 +++++----- utils/autodict_ql/memcmp-strings.py | 2 +- utils/autodict_ql/stan-strings.py | 2 +- utils/autodict_ql/strcmp-strings.py | 2 +- utils/autodict_ql/strncmp-strings.py | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/utils/autodict_ql/autodict-ql.py b/utils/autodict_ql/autodict-ql.py index 7bba57fc..b51fbb90 100644 --- a/utils/autodict_ql/autodict-ql.py +++ b/utils/autodict_ql/autodict-ql.py @@ -52,11 +52,11 @@ def static_analysis(file,file2,cur,db) : f.close() def copy_tokens(cur, tokenpath) : - subprocess.call(["cp " + cur + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["cp " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["mv " + cur + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["mv " + cur + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["mv " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["mv " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["mv " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["find "+tokenpath+" -size 0 -delete"],shell=True) diff --git a/utils/autodict_ql/memcmp-strings.py b/utils/autodict_ql/memcmp-strings.py index 2814da5b..d1047caa 100644 --- a/utils/autodict_ql/memcmp-strings.py +++ b/utils/autodict_ql/memcmp-strings.py @@ -40,7 +40,7 @@ def do_string_analysis(corpdir, infile1): for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - print("num : %s" % num1) + #print("num : %s" % num1) str11 = str(num1) str11 = str11.replace("|","") str11 = str11.replace("\n","") diff --git a/utils/autodict_ql/stan-strings.py b/utils/autodict_ql/stan-strings.py index 5a863f80..65d08c97 100644 --- a/utils/autodict_ql/stan-strings.py +++ b/utils/autodict_ql/stan-strings.py @@ -40,7 +40,7 @@ def do_string_analysis(corpdir, infile1): for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - print("num : %s" % num1) + #print("num : %s" % num1) str11 = str(num1) str11 = str11.replace("|","") str11 = str11.replace("\n","") diff --git a/utils/autodict_ql/strcmp-strings.py b/utils/autodict_ql/strcmp-strings.py index 1852b947..88128dbb 100644 --- a/utils/autodict_ql/strcmp-strings.py +++ b/utils/autodict_ql/strcmp-strings.py @@ -40,7 +40,7 @@ def do_string_analysis(corpdir, infile1): for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - print("num : %s" % num1) + #print("num : %s" % num1) str11 = str(num1) str11 = str11.replace("|","") str11 = str11.replace("\n","") diff --git a/utils/autodict_ql/strncmp-strings.py b/utils/autodict_ql/strncmp-strings.py index f00fa3da..0ad0e697 100644 --- a/utils/autodict_ql/strncmp-strings.py +++ b/utils/autodict_ql/strncmp-strings.py @@ -40,7 +40,7 @@ def do_string_analysis(corpdir, infile1): for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - print("num : %s" % num1) + #print("num : %s" % num1) str11 = str(num1) str11 = str11.replace("|","") str11 = str11.replace("\n","") From 05c13588d7f6a0c8e34623eeed0b2920737ba377 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:22:51 +0400 Subject: [PATCH 068/441] remove dirs remove dirs --- utils/autodict_ql/autodict-ql.py | 2 ++ utils/autodict_ql/readme.md | 3 +-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/utils/autodict_ql/autodict-ql.py b/utils/autodict_ql/autodict-ql.py index b51fbb90..0fe7eabf 100644 --- a/utils/autodict_ql/autodict-ql.py +++ b/utils/autodict_ql/autodict-ql.py @@ -57,6 +57,8 @@ def copy_tokens(cur, tokenpath) : subprocess.call(["mv " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["mv " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) subprocess.call(["mv " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) + subprocess.call(["rm -rf strcmp-strs memcmp-strs strncmp-strs lits strtool-strs"],shell=True) + subprocess.call(["rm *.out"],shell=True) subprocess.call(["find "+tokenpath+" -size 0 -delete"],shell=True) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index ccc9b0e3..16a2a20b 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -93,7 +93,7 @@ Commands: Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system. On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. -I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` and `dict2file` is working based on the target. +I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` and `dict2file` are working based on the target. In overall, fuzzing with dictionaries and well-generated tokens will give better results. There are 2 important points to remember : @@ -101,4 +101,3 @@ There are 2 important points to remember : - If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs. - Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++. -Thanks are going to Marc Heuse, the AFL++ main developer, Antonio Morales and Stefan Nagy \ No newline at end of file From c4ad4681cf0aa3ff66f98053345ed7856692f25d Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:28:42 +0400 Subject: [PATCH 069/441] Update readme Update readme --- utils/autodict_ql/readme.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 16a2a20b..d8a3b014 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -78,15 +78,13 @@ Commands: - `./configure --disable-shared` - `codeql create database libxml-db --language=cpp --command=make` - Now you have the CodeQL database of the project :-) -3. To run the Autodict-QL, the final step is to just create a folder named `automate` in the project you want to fuzz. (inside the libxml directory) - - `mkdir automate` -4. The final step is to update the CodeQL database you created in the step 2 inside the automate dir you created at step 3 : - - `codeql database upgrade ../libxml-db` -5. Everything is set! Now you should issue the following to get the tokens : +3. The final step is to update the CodeQL database you created in the step 2 : + - `codeql database upgrade /home/user/libxml/libxml-db` +4. Everything is set! Now you should issue the following to get the tokens : - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - - example : `python3 autodict-ql.py /home/user/libxml/automate /home/user/libxml/libxml-db tokens` + - example : `python3 /home/user/AFLplusplus/utils/autodict_ql/autodict-ql.py `pwd` /home/user/libxml/libxml-db tokens` - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. -6. Done! +5. Done! ## More on dictionaries and tokens From 2b4e93faba3877aeb49ac873b77a930ebd6f0801 Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:30:58 +0400 Subject: [PATCH 070/441] Add note Add note --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index d8a3b014..a8d252e4 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -78,7 +78,7 @@ Commands: - `./configure --disable-shared` - `codeql create database libxml-db --language=cpp --command=make` - Now you have the CodeQL database of the project :-) -3. The final step is to update the CodeQL database you created in the step 2 : +3. The final step is to update the CodeQL database you created in the step 2 (Suppose we are in `aflplusplus/utils/autodict_ql/` directory) : - `codeql database upgrade /home/user/libxml/libxml-db` 4. Everything is set! Now you should issue the following to get the tokens : - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` From a7141b6a6ea045a20c0be7031bab0767064915ea Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:31:51 +0400 Subject: [PATCH 071/441] Add ` Add ` --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index a8d252e4..6beba871 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -82,7 +82,7 @@ Commands: - `codeql database upgrade /home/user/libxml/libxml-db` 4. Everything is set! Now you should issue the following to get the tokens : - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - - example : `python3 /home/user/AFLplusplus/utils/autodict_ql/autodict-ql.py `pwd` /home/user/libxml/libxml-db tokens` + - example : `python3 /home/user/AFLplusplus/utils/autodict_ql/autodict-ql.py ``pwd`` /home/user/libxml/libxml-db tokens` - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. 5. Done! From d35a90101f1ae51fa022332828209139a7e070ad Mon Sep 17 00:00:00 2001 From: microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Sat, 3 Apr 2021 16:33:56 +0400 Subject: [PATCH 072/441] change cur change current dir --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 6beba871..8c24d65c 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -82,7 +82,7 @@ Commands: - `codeql database upgrade /home/user/libxml/libxml-db` 4. Everything is set! Now you should issue the following to get the tokens : - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - - example : `python3 /home/user/AFLplusplus/utils/autodict_ql/autodict-ql.py ``pwd`` /home/user/libxml/libxml-db tokens` + - example : `python3 /home/user/AFLplusplus/utils/autodict_ql/autodict-ql.py $PWD /home/user/libxml/libxml-db tokens` - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. 5. Done! From afc4da47f78a24d5e441e3815e5b322d1b27fd56 Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Sat, 3 Apr 2021 14:50:35 +0000 Subject: [PATCH 073/441] Fix typos, Use symbolize=0 for LSAN, Remove syntactic sugar. --- README.md | 2 +- docs/env_variables.md | 3 ++- src/afl-analyze.c | 8 ++++---- src/afl-cc.c | 2 +- src/afl-forkserver.c | 3 ++- src/afl-fuzz-init.c | 5 ++--- src/afl-showmap.c | 4 +++- src/afl-tmin.c | 3 ++- 8 files changed, 17 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 41d55e9c..4d3f8aa9 100644 --- a/README.md +++ b/README.md @@ -601,7 +601,7 @@ Every -M/-S entry needs a unique name (that can be whatever), however the same For every secondary fuzzer there should be a variation, e.g.: * one should fuzz the target that was compiled differently: with sanitizers activated (`export AFL_USE_ASAN=1 ; export AFL_USE_UBSAN=1 ; - export AFL_USE_CFISAN=1 ; export AFL_USE_LSAN`) + export AFL_USE_CFISAN=1 ; export AFL_USE_LSAN=1`) * one should fuzz the target with CMPLOG/redqueen (see above) * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV (see above). Important note: If you run more than one laf-intel/COMPCOV diff --git a/docs/env_variables.md b/docs/env_variables.md index 85c2efd7..5f9233d7 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -639,7 +639,8 @@ optimal values if not already present in the environment: ``` exit_code=23 fast_unwind_on_malloc=0 -```` + symbolize=0 +``` Be sure to include the first ones for LSAN and MSAN when customizing anything, since some MSAN and LSAN versions don't call `abort()` on error, and we need a way to detect faults. diff --git a/src/afl-analyze.c b/src/afl-analyze.c index f961f13a..38a40556 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -785,10 +785,9 @@ static void set_up_environment(void) { if (x) { - if (!strstr(x, "exit_code=" STRINGIFY(LSAN_ERROR))) { + if (!strstr(x, "symbolize=0")) { - FATAL("Custom LSAN_OPTIONS set without exit_code=" STRINGIFY( - LSAN_ERROR) " - please fix!"); + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); } @@ -833,7 +832,8 @@ static void set_up_environment(void) { setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" - "fast_unwind_on_malloc=0", + "fast_unwind_on_malloc=0:" + "symbolize=0", 0); diff --git a/src/afl-cc.c b/src/afl-cc.c index 975b28d1..650e4e43 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -758,7 +758,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strncmp(cur, "-fsanitize-coverage-", 20) && strstr(cur, "list=")) have_instr_list = 1; - if (!(strcmp(cur, "-fsanitize=address") && strcmp(cur, "-fsanitize=memory"))) + if (!strcmp(cur, "-fsanitize=address") || !strcmp(cur, "-fsanitize=memory")) asan_set = 1; if (strstr(cur, "FORTIFY_SOURCE")) fortify_set = 1; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index fa89713a..f102b73b 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -543,7 +543,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!getenv("LSAN_OPTIONS")) setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" - "fast_unwind_on_malloc=0", + "fast_unwind_on_malloc=0:" + "symbolize=0", 1); fsrv->init_child_func(fsrv, argv); diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 24f5c5b5..6f663021 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2470,10 +2470,9 @@ void check_asan_opts(afl_state_t *afl) { if (x) { - if (!strstr(x, "exit_code=" STRINGIFY(LSAN_ERROR))) { + if (!strstr(x, "symbolize=0")) { - FATAL("Custom LSAN_OPTIONS set without exit_code=" STRINGIFY( - LSAN_ERROR) " - please fix!"); + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index bf076683..2b7d200b 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -570,9 +570,11 @@ static void set_up_environment(afl_forkserver_t *fsrv) { "handle_sigfpe=0:" "handle_sigill=0", 0); + setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" - "fast_unwind_on_malloc=0", + "fast_unwind_on_malloc=0:" + "symbolize=0", 0); setenv("UBSAN_OPTIONS", diff --git a/src/afl-tmin.c b/src/afl-tmin.c index a2741a07..c257b67c 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -764,7 +764,8 @@ static void set_up_environment(afl_forkserver_t *fsrv) { setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" - "fast_unwind_on_malloc=0", + "fast_unwind_on_malloc=0:" + "symbolize=0", 0); if (get_afl_env("AFL_PRELOAD")) { From fee74700836c3694c2037c1e708846150e52d5bd Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Sat, 3 Apr 2021 14:57:52 +0000 Subject: [PATCH 074/441] Remove check for exit_code on LSAN and replace it with check for symbolize=0. --- src/afl-tmin.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/afl-tmin.c b/src/afl-tmin.c index c257b67c..3a196e2e 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -716,10 +716,9 @@ static void set_up_environment(afl_forkserver_t *fsrv) { if (x) { - if (!strstr(x, "exit_code=" STRINGIFY(LSAN_ERROR))) { + if (!strstr(x, "symbolize=0")) { - FATAL("Custom LSAN_OPTIONS set without exit_code=" STRINGIFY( - LSAN_ERROR) " - please fix!"); + FATAL("Custom LSAN_OPTIONS set without symbolize=0 - please fix!"); } From 99819cf5d1cbc262810f26098a5796c9d1262bc5 Mon Sep 17 00:00:00 2001 From: Joshua Rogers Date: Sun, 4 Apr 2021 12:45:52 +0000 Subject: [PATCH 075/441] Move definition of __AFL_LEAK_CHECK inside ifguards, use LSAN_OPTIONS=print_suppressions=0 --- docs/env_variables.md | 1 + src/afl-analyze.c | 3 ++- src/afl-cc.c | 10 +++------- src/afl-forkserver.c | 3 ++- src/afl-showmap.c | 3 ++- src/afl-tmin.c | 3 ++- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index 5f9233d7..83bc487f 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -640,6 +640,7 @@ optimal values if not already present in the environment: exit_code=23 fast_unwind_on_malloc=0 symbolize=0 + print_suppressions=0 ``` Be sure to include the first ones for LSAN and MSAN when customizing anything, since some MSAN and LSAN versions don't call `abort()` on diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 38a40556..f4436980 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -833,7 +833,8 @@ static void set_up_environment(void) { setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" - "symbolize=0", + "symbolize=0:" + "print_suppressions=0", 0); diff --git a/src/afl-cc.c b/src/afl-cc.c index 650e4e43..e2dd06e2 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -819,6 +819,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (getenv("AFL_USE_LSAN")) { cc_params[cc_par_cnt++] = "-fsanitize=leak"; + cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; + cc_params[cc_par_cnt++] = + "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()"; } if (getenv("AFL_USE_CFISAN")) { @@ -918,13 +921,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { } - if (getenv("AFL_USE_LSAN")) { - cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; - } - - cc_params[cc_par_cnt++] = - "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()"; - cc_params[cc_par_cnt++] = "-D__AFL_COVERAGE_START_OFF()=int __afl_selective_coverage_start_off = " "1;"; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index f102b73b..ac7a1600 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -544,7 +544,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" - "symbolize=0", + "symbolize=0:" + "print_suppressions=0", 1); fsrv->init_child_func(fsrv, argv); diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 2b7d200b..df91a4c2 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -574,7 +574,8 @@ static void set_up_environment(afl_forkserver_t *fsrv) { setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" - "symbolize=0", + "symbolize=0:" + "print_suppressions=0", 0); setenv("UBSAN_OPTIONS", diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 3a196e2e..eb5e0dcf 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -764,7 +764,8 @@ static void set_up_environment(afl_forkserver_t *fsrv) { setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" - "symbolize=0", + "symbolize=0:" + "print_suppressions=0", 0); if (get_afl_env("AFL_PRELOAD")) { From f7179e44f6c46fef318b6413d9c00693c1af4602 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 4 Apr 2021 19:19:26 +0200 Subject: [PATCH 076/441] revert Heiko's commit --- TODO.md | 1 - 1 file changed, 1 deletion(-) diff --git a/TODO.md b/TODO.md index bde328e7..b8a091ff 100644 --- a/TODO.md +++ b/TODO.md @@ -11,7 +11,6 @@ - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - cmplog: too much tainted bytes, directly add to dict and skip? - - parallel builds for source-only targets ## Further down the road From 845c584b9cee7092772305912508b825155142fa Mon Sep 17 00:00:00 2001 From: begasus Date: Sun, 4 Apr 2021 17:41:43 +0000 Subject: [PATCH 077/441] Fix Haiku references, no and missing defines for USEMMAP --- instrumentation/afl-compiler-rt.o.c | 4 +++- utils/afl_network_proxy/afl-network-server.c | 5 +++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index f241447a..fa53263c 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -34,8 +34,10 @@ #include #include -#include #ifndef __HAIKU__ + #include +#endif +#ifndef USEMMAP #include #endif #include diff --git a/utils/afl_network_proxy/afl-network-server.c b/utils/afl_network_proxy/afl-network-server.c index 0dfae658..60f174ee 100644 --- a/utils/afl_network_proxy/afl-network-server.c +++ b/utils/afl_network_proxy/afl-network-server.c @@ -45,7 +45,6 @@ #include #include -#include #include #include #include @@ -53,7 +52,9 @@ #include #include #include -#include +#ifndef USEMMAP + #include +#endif #include #include From 3c846859eef4d17d2587ea28db83c680b51723a7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 4 Apr 2021 20:05:02 +0200 Subject: [PATCH 078/441] cleanup --- GNUmakefile | 38 ++++++++++--------- GNUmakefile.gcc_plugin | 12 +++--- GNUmakefile.llvm | 8 ++-- docs/Changelog.md | 3 ++ include/android-ashmem.h | 16 ++++---- .../afl-llvm-lto-instrumentation.so.cc | 2 +- src/afl-analyze.c | 3 +- src/afl-cc.c | 5 ++- src/afl-forkserver.c | 7 ++-- src/afl-fuzz-init.c | 1 - src/afl-tmin.c | 2 +- 11 files changed, 55 insertions(+), 42 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index fdbcd542..d5fb570d 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -36,6 +36,11 @@ SH_PROGS = afl-plot afl-cmin afl-cmin.bash afl-whatsup afl-system-config MANPAGES=$(foreach p, $(PROGS) $(SH_PROGS), $(p).8) afl-as.8 ASAN_OPTIONS=detect_leaks=0 +SYS = $(shell uname -s) +ARCH = $(shell uname -m) + +$(info [*] Compiling afl++ for OS $(SYS) on ARCH $(ARCH)) + ifdef NO_SPLICING override CFLAGS += -DNO_SPLICING endif @@ -82,7 +87,7 @@ endif # endif #endif -ifneq "$(shell uname)" "Darwin" +ifneq "$(SYS)" "Darwin" #ifeq "$(HAVE_MARCHNATIVE)" "1" # SPECIAL_PERFORMANCE += -march=native #endif @@ -92,7 +97,7 @@ ifneq "$(shell uname)" "Darwin" endif endif -ifeq "$(shell uname)" "SunOS" +ifeq "$(SYS)" "SunOS" CFLAGS_OPT += -Wno-format-truncation LDFLAGS = -lkstat -lrt endif @@ -119,11 +124,10 @@ ifdef INTROSPECTION CFLAGS_OPT += -DINTROSPECTION=1 endif - -ifneq "$(shell uname -m)" "x86_64" - ifneq "$(patsubst i%86,i386,$(shell uname -m))" "i386" - ifneq "$(shell uname -m)" "amd64" - ifneq "$(shell uname -m)" "i86pc" +ifneq "$(ARCH)" "x86_64" + ifneq "$(patsubst i%86,i386,$(ARCH))" "i386" + ifneq "$(ARCH)" "amd64" + ifneq "$(ARCH)" "i86pc" AFL_NO_X86=1 endif endif @@ -141,27 +145,27 @@ override CFLAGS += -g -Wno-pointer-sign -Wno-variadic-macros -Wall -Wextra -Wpoi -I include/ -DAFL_PATH=\"$(HELPER_PATH)\" \ -DBIN_PATH=\"$(BIN_PATH)\" -DDOC_PATH=\"$(DOC_PATH)\" -ifeq "$(shell uname -s)" "FreeBSD" +ifeq "$(SYS)" "FreeBSD" override CFLAGS += -I /usr/local/include/ LDFLAGS += -L /usr/local/lib/ endif -ifeq "$(shell uname -s)" "DragonFly" +ifeq "$(SYS)" "DragonFly" override CFLAGS += -I /usr/local/include/ LDFLAGS += -L /usr/local/lib/ endif -ifeq "$(shell uname -s)" "OpenBSD" +ifeq "$(SYS)" "OpenBSD" override CFLAGS += -I /usr/local/include/ -mno-retpoline LDFLAGS += -Wl,-z,notext -L /usr/local/lib/ endif -ifeq "$(shell uname -s)" "NetBSD" +ifeq "$(SYS)" "NetBSD" override CFLAGS += -I /usr/pkg/include/ LDFLAGS += -L /usr/pkg/lib/ endif -ifeq "$(shell uname -s)" "Haiku" +ifeq "$(SYS)" "Haiku" SHMAT_OK=0 override CFLAGS += -DUSEMMAP=1 -Wno-error=format -fPIC LDFLAGS += -Wno-deprecated-declarations -lgnu @@ -236,24 +240,24 @@ else BUILD_DATE ?= $(shell date "+%Y-%m-%d") endif -ifneq "$(filter Linux GNU%,$(shell uname))" "" +ifneq "$(filter Linux GNU%,$(SYS))" "" ifndef DEBUG override CFLAGS += -D_FORTIFY_SOURCE=2 endif LDFLAGS += -ldl -lrt -lm endif -ifneq "$(findstring FreeBSD, $(shell uname))" "" +ifneq "$(findstring FreeBSD, $(ARCH))" "" override CFLAGS += -pthread LDFLAGS += -lpthread endif -ifneq "$(findstring NetBSD, $(shell uname))" "" +ifneq "$(findstring NetBSD, $(ARCH))" "" override CFLAGS += -pthread LDFLAGS += -lpthread endif -ifneq "$(findstring OpenBSD, $(shell uname))" "" +ifneq "$(findstring OpenBSD, $(ARCH))" "" override CFLAGS += -pthread LDFLAGS += -lpthread endif @@ -485,7 +489,7 @@ unit_clean: @rm -f ./test/unittests/unit_preallocable ./test/unittests/unit_list ./test/unittests/unit_maybe_alloc test/unittests/*.o .PHONY: unit -ifneq "$(shell uname)" "Darwin" +ifneq "$(ARCH)" "Darwin" unit: unit_maybe_alloc unit_preallocable unit_list unit_clean unit_rand unit_hash else unit: diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index aa93c688..b0f90f1b 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -41,6 +41,8 @@ CXXEFLAGS := $(CXXFLAGS) -Wall -std=c++11 CC ?= gcc CXX ?= g++ +SYS = $(shell uname -s) + ifeq "clang" "$(CC)" CC = gcc CXX = g++ @@ -75,25 +77,25 @@ ifeq "$(TEST_MMAP)" "1" override CFLAGS_SAFE += -DUSEMMAP=1 endif -ifneq "$(shell uname -s)" "Haiku" -ifneq "$(shell uname -s)" "OpenBSD" +ifneq "$(SYS)" "Haiku" +ifneq "$(SYS)" "OpenBSD" LDFLAGS += -lrt endif else CFLAGS_SAFE += -DUSEMMAP=1 endif -ifeq "$(shell uname -s)" "OpenBSD" +ifeq "$(SYS)" "OpenBSD" CC = egcc CXX = eg++ PLUGIN_FLAGS += -I/usr/local/include endif -ifeq "$(shell uname -s)" "DragonFly" +ifeq "$(SYS)" "DragonFly" PLUGIN_FLAGS += -I/usr/local/include endif -ifeq "$(shell uname -s)" "SunOS" +ifeq "$(SYS)" "SunOS" PLUGIN_FLAGS += -I/usr/include/gmp endif diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 4b5ac520..61c17e92 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -30,7 +30,9 @@ BUILD_DATE ?= $(shell date -u -d "@$(SOURCE_DATE_EPOCH)" "+%Y-%m-%d" 2>/dev/nul VERSION = $(shell grep '^$(HASH)define VERSION ' ./config.h | cut -d '"' -f2) -ifeq "$(shell uname)" "OpenBSD" +SYS = $(shell uname -s) + +ifeq "$(SYS)" "OpenBSD" LLVM_CONFIG ?= $(BIN_PATH)/llvm-config HAS_OPT = $(shell test -x $(BIN_PATH)/opt && echo 0 || echo 1) ifeq "$(HAS_OPT)" "1" @@ -275,13 +277,13 @@ CLANG_LFL = `$(LLVM_CONFIG) --ldflags` $(LDFLAGS) # User teor2345 reports that this is required to make things work on MacOS X. -ifeq "$(shell uname)" "Darwin" +ifeq "$(SYS)" "Darwin" CLANG_LFL += -Wl,-flat_namespace -Wl,-undefined,suppress else CLANG_CPPFL += -Wl,-znodelete endif -ifeq "$(shell uname)" "OpenBSD" +ifeq "$(SYS)" "OpenBSD" CLANG_LFL += `$(LLVM_CONFIG) --libdir`/libLLVM.so CLANG_CPPFL += -mno-retpoline CFLAGS += -mno-retpoline diff --git a/docs/Changelog.md b/docs/Changelog.md index 91d1a8cc..24877f9a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -11,6 +11,8 @@ sending a mail to . ### Version ++3.13a (development) - frida_mode - new mode that uses frida to fuzz binary-only targets, thanks to @WorksButNotTested! + - create a fuzzing dictionary with the help of CodeQL thanks to + @microsvuln! see utils/autodict_ql - afl-fuzz: - added patch by @realmadsci to support @@ as part of command line options, e.g. `afl-fuzz ... -- ./target --infile=@@` @@ -20,6 +22,7 @@ sending a mail to . - default cmplog level (-l) is now 2, better efficiency. - ensure one fuzzer sync per cycle - afl-cc: + - Leak Sanitizer support (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD ### Version ++3.12c (release) diff --git a/include/android-ashmem.h b/include/android-ashmem.h index 44fe556a..1bfd3220 100644 --- a/include/android-ashmem.h +++ b/include/android-ashmem.h @@ -13,12 +13,14 @@ #include #define ASHMEM_DEVICE "/dev/ashmem" -int shmdt(const void* address) { -#if defined(SYS_shmdt) +int shmdt(const void *address) { + + #if defined(SYS_shmdt) return syscall(SYS_shmdt, address); -#else + #else return syscall(SYS_ipc, SHMDT, 0, 0, 0, address, 0); -#endif + #endif + } int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { @@ -26,7 +28,7 @@ int shmctl(int __shmid, int __cmd, struct shmid_ds *__buf) { int ret = 0; if (__cmd == IPC_RMID) { - int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); + int length = ioctl(__shmid, ASHMEM_GET_SIZE, NULL); struct ashmem_pin pin = {0, length}; ret = ioctl(__shmid, ASHMEM_UNPIN, &pin); close(__shmid); @@ -77,6 +79,6 @@ void *shmat(int __shmid, const void *__shmaddr, int __shmflg) { } - #endif /* !_ANDROID_ASHMEM_H */ -#endif /* !__ANDROID__ */ + #endif /* !_ANDROID_ASHMEM_H */ +#endif /* !__ANDROID__ */ diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index 50306224..6eb19060 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -176,7 +176,7 @@ bool AFLLTOPass::runOnModule(Module &M) { } - if (debug) { fprintf(stderr, "map address is 0x%lx\n", map_addr); } + if (debug) { fprintf(stderr, "map address is 0x%llx\n", map_addr); } /* Get/set the globals for the SHM region. */ diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 7d7519fa..aabdbf1a 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -833,14 +833,13 @@ static void set_up_environment(char **argv) { "handle_sigfpe=0:" "handle_sigill=0", 0); - setenv("LSAN_OPTIONS", + setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" "symbolize=0:" "print_suppressions=0", 0); - if (get_afl_env("AFL_PRELOAD")) { if (qemu_mode) { diff --git a/src/afl-cc.c b/src/afl-cc.c index d4c0a6b7..3af31b3c 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -820,10 +820,11 @@ static void edit_params(u32 argc, char **argv, char **envp) { } if (getenv("AFL_USE_LSAN")) { + cc_params[cc_par_cnt++] = "-fsanitize=leak"; cc_params[cc_par_cnt++] = "-includesanitizer/lsan_interface.h"; - cc_params[cc_par_cnt++] = - "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()"; + cc_params[cc_par_cnt++] = "-D__AFL_LEAK_CHECK()=__lsan_do_leak_check()"; + } if (getenv("AFL_USE_CFISAN")) { diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index cd04e23d..2c502621 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -560,7 +560,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, /* LSAN, too, does not support abort_on_error=1. */ if (!getenv("LSAN_OPTIONS")) - setenv("LSAN_OPTIONS", + setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" "symbolize=0:" @@ -1314,8 +1314,9 @@ fsrv_run_result_t afl_fsrv_run_target(afl_forkserver_t *fsrv, u32 timeout, /* A normal crash/abort */ (WIFSIGNALED(fsrv->child_status)) || /* special handling for msan and lsan */ - (fsrv->uses_asan && (WEXITSTATUS(fsrv->child_status) == MSAN_ERROR || - WEXITSTATUS(fsrv->child_status) == LSAN_ERROR)) || + (fsrv->uses_asan && + (WEXITSTATUS(fsrv->child_status) == MSAN_ERROR || + WEXITSTATUS(fsrv->child_status) == LSAN_ERROR)) || /* the custom crash_exitcode was returned by the target */ (fsrv->uses_crash_exitcode && WEXITSTATUS(fsrv->child_status) == fsrv->crash_exitcode))) { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 48f3289d..e505abd4 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2502,7 +2502,6 @@ void check_asan_opts(afl_state_t *afl) { } - } /* Handle stop signal (Ctrl-C, etc). */ diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 6aad748c..6656712a 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -763,7 +763,7 @@ static void set_up_environment(afl_forkserver_t *fsrv, char **argv) { "handle_sigfpe=0:" "handle_sigill=0", 0); - setenv("LSAN_OPTIONS", + setenv("LSAN_OPTIONS", "exitcode=" STRINGIFY(LSAN_ERROR) ":" "fast_unwind_on_malloc=0:" "symbolize=0:" From 96b743094dc5a158b8588c4bdf58057161a99e8e Mon Sep 17 00:00:00 2001 From: begasus Date: Sun, 4 Apr 2021 19:25:04 +0000 Subject: [PATCH 079/441] Add -lnetwork to dependencies for Haiku --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index ac8fe796..542097a3 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -164,7 +164,7 @@ endif ifeq "$(shell uname -s)" "Haiku" SHMAT_OK=0 override CFLAGS += -DUSEMMAP=1 -Wno-error=format -fPIC - LDFLAGS += -Wno-deprecated-declarations -lgnu + LDFLAGS += -Wno-deprecated-declarations -lgnu -lnetwork SPECIAL_PERFORMANCE += -DUSEMMAP=1 endif From f2efd940358374b9693e3f4323c159a6c6e7d20a Mon Sep 17 00:00:00 2001 From: begasus Date: Sun, 4 Apr 2021 20:16:41 +0000 Subject: [PATCH 080/441] fix conflict --- TODO.md | 1 - 1 file changed, 1 deletion(-) diff --git a/TODO.md b/TODO.md index bde328e7..b8a091ff 100644 --- a/TODO.md +++ b/TODO.md @@ -11,7 +11,6 @@ - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - cmplog: too much tainted bytes, directly add to dict and skip? - - parallel builds for source-only targets ## Further down the road From a02d84a11cb28bc620bf24bda322e14701ad726f Mon Sep 17 00:00:00 2001 From: begasus Date: Mon, 5 Apr 2021 11:56:04 +0000 Subject: [PATCH 081/441] Fix undeclared SYS_write on Haiku --- instrumentation/afl-compiler-rt.o.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index fa53263c..9bb6114b 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1740,7 +1740,11 @@ static int area_is_valid(void *ptr, size_t len) { if (unlikely(!ptr || __asan_region_is_poisoned(ptr, len))) { return 0; } - long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); + #ifndef __HAIKU__ + long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); + #else + long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); + #endif // HAIKU if (r <= 0 || r > len) return 0; From 43b1a0d46bd7fb55e2baeadd5d105e60aecdee9c Mon Sep 17 00:00:00 2001 From: begasus Date: Mon, 5 Apr 2021 13:02:26 +0000 Subject: [PATCH 082/441] Declare private api __kern_write for Haiku --- instrumentation/afl-compiler-rt.o.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 9bb6114b..50ecba80 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -78,6 +78,10 @@ #define MAP_INITIAL_SIZE MAP_SIZE #endif +#if defined(__HAIKU__) + extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); +#endif // HAIKU + u8 __afl_area_initial[MAP_INITIAL_SIZE]; u8 * __afl_area_ptr_dummy = __afl_area_initial; u8 * __afl_area_ptr = __afl_area_initial; From 5ab14f22a5da4e7c9379f75fa043a8f242ba87d4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Apr 2021 08:12:09 +0200 Subject: [PATCH 083/441] better MacOs msg --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index 76a698a4..a87b2f7b 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -550,7 +550,7 @@ all_done: test_build @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode for 'afl-cc' successfully built!" || echo "[-] LLVM LTO mode for 'afl-cc' failed to build, this would need LLVM 11+, see instrumentation/README.lto.md how to build it" @test -e afl-gcc-pass.so && echo "[+] gcc_plugin for 'afl-cc' successfully built!" || echo "[-] gcc_plugin for 'afl-cc' failed to build, unless you really need it that is fine - or read instrumentation/README.gcc_plugin.md how to build it" @echo "[+] All done! Be sure to review the README.md - it's pretty short and useful." - @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD. You can also use VirtualBox\n(virtualbox.org) to put AFL inside a Linux or *BSD VM.\n\n"; fi + @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecific for MacOs.\n\n"; fi @! tty <&1 >/dev/null || printf "\033[0;30mNOTE: If you can read this, your terminal probably uses white background.\nThis will make the UI hard to read. See docs/status_screen.md for advice.\033[0m\n" 2>/dev/null .NOTPARALLEL: clean all From 19690b606d00b3c32958df07d1b87a3ce8cd8903 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 6 Apr 2021 19:03:53 +0000 Subject: [PATCH 084/441] Haiku: create directory for debug_server, if not present --- afl-system-config | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/afl-system-config b/afl-system-config index ae37a062..2b945d7a 100755 --- a/afl-system-config +++ b/afl-system-config @@ -98,7 +98,9 @@ if [ "$PLATFORM" = "Darwin" ] ; then DONE=1 fi if [ "$PLATFORM" = "Haiku" ] ; then - SETTINGS=~/config/settings/system/debug_server/settings + DEBUG_SERVER_DIR=~/config/settings/system/debug_server + [ ! -r ${DEBUG_SERVER_DIR} ] && mkdir ${DEBUG_SERVER_DIR} + SETTINGS=${DEBUG_SERVER_DIR}/settings [ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \ echo We change the debug_server default_action from user to silently kill; \ [ ! -r ${SETTINGS} ] && echo "default_action kill" >${SETTINGS} || { mv ${SETTINGS} s.tmp; sed -e "s/default_action\s\s*user/default_action kill/" s.tmp > ${SETTINGS}; rm s.tmp; }; \ From 2e6e1e566b6b58081969d179c67398fa1316c49b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Apr 2021 22:16:56 +0200 Subject: [PATCH 085/441] add missing env --- include/envs.h | 1 + 1 file changed, 1 insertion(+) diff --git a/include/envs.h b/include/envs.h index 887e2c4f..466ab087 100644 --- a/include/envs.h +++ b/include/envs.h @@ -26,6 +26,7 @@ static char *afl_environment_variables[] = { "AFL_BENCH_UNTIL_CRASH", "AFL_CAL_FAST", "AFL_CC", + "AFL_CC_COMPILER", "AFL_CMIN_ALLOW_ANY", "AFL_CMIN_CRASHES_ONLY", "AFL_CMPLOG_ONLY_NEW", From 7181112233f119b4dfda93b594b0f1bacdd3139a Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 6 Apr 2021 20:43:26 +0000 Subject: [PATCH 086/441] better understandable directory creation logic --- afl-system-config | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-system-config b/afl-system-config index 2b945d7a..5ad9d937 100755 --- a/afl-system-config +++ b/afl-system-config @@ -99,7 +99,7 @@ if [ "$PLATFORM" = "Darwin" ] ; then fi if [ "$PLATFORM" = "Haiku" ] ; then DEBUG_SERVER_DIR=~/config/settings/system/debug_server - [ ! -r ${DEBUG_SERVER_DIR} ] && mkdir ${DEBUG_SERVER_DIR} + [ ! -d ${DEBUG_SERVER_DIR} ] && mkdir -p ${DEBUG_SERVER_DIR} SETTINGS=${DEBUG_SERVER_DIR}/settings [ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \ echo We change the debug_server default_action from user to silently kill; \ From 28878c69e0c275e42b40bc2ab17bdca7dd1a989e Mon Sep 17 00:00:00 2001 From: Jiangen Jiao Date: Wed, 7 Apr 2021 11:28:19 +0800 Subject: [PATCH 087/441] android: disable sigaction inside debuggerd check https://github.com/google/AFL/blob/master/docs/INSTALL#L173 --- instrumentation/afl-compiler-rt.o.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 1f003c1e..552bbea8 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1144,6 +1144,18 @@ void __afl_manual_init(void) { __attribute__((constructor())) void __afl_auto_init(void) { +#ifdef __ANDROID__ + // Disable handlers in linker/debuggerd, check include/debuggerd/handler.h + signal(SIGABRT, SIG_DFL); + signal(SIGBUS, SIG_DFL); + signal(SIGFPE, SIG_DFL); + signal(SIGILL, SIG_DFL); + signal(SIGSEGV, SIG_DFL); + signal(SIGSTKFLT, SIG_DFL); + signal(SIGSYS, SIG_DFL); + signal(SIGTRAP, SIG_DFL); +#endif + if (getenv("AFL_DISABLE_LLVM_INSTRUMENTATION")) return; if (getenv(DEFER_ENV_VAR)) return; From bfe7e3fd55cc4cfc8ae334b68095e7b26b8ec8a5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 7 Apr 2021 14:20:50 +0200 Subject: [PATCH 088/441] fix forkserver timeout error msg --- src/afl-forkserver.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 2c502621..727e7f8d 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -821,7 +821,9 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (fsrv->last_run_timed_out) { - FATAL("Timeout while initializing fork server (adjusting -t may help)"); + FATAL( + "Timeout while initializing fork server (setting " + "AFL_FORKSRV_INIT_TMOUT may help)"); } From 9c517199b25e5fb43c38737021002249fd506ad7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Apr 2021 10:03:36 +0200 Subject: [PATCH 089/441] removed -lc++ linking for lto --- src/afl-cc.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 3af31b3c..1f89bac5 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -430,9 +430,6 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-Wno-unused-command-line-argument"; - if (lto_mode && plusplus_mode) - cc_params[cc_par_cnt++] = "-lc++"; // needed by fuzzbench, early - if (lto_mode && have_instr_env) { cc_params[cc_par_cnt++] = "-Xclang"; From 019b26de58a4e7eb4b95aab6425beba4efb853f4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 9 Apr 2021 11:19:40 +0200 Subject: [PATCH 090/441] fix afl_custom_queue_new_entry when syncing --- docs/Changelog.md | 3 +++ instrumentation/afl-llvm-lto-instrumentation.so.cc | 2 +- src/afl-fuzz-queue.c | 6 +++++- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 24877f9a..072320dc 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -21,9 +21,12 @@ sending a mail to . AFL_PERSISTENT_RECORD in config.h and docs/envs.h - default cmplog level (-l) is now 2, better efficiency. - ensure one fuzzer sync per cycle + - fix afl_custom_queue_new_entry original file name when syncing + from fuzzers - afl-cc: - Leak Sanitizer support (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD + - Removed automatic linking with -lc++ for LTO mode ### Version ++3.12c (release) - afl-fuzz: diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index 6eb19060..f6cdbe9e 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -92,7 +92,7 @@ class AFLLTOPass : public ModulePass { uint32_t afl_global_id = 1, autodictionary = 1; uint32_t function_minimum_size = 1; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; - uint64_t map_addr = 0x10000; + unsigned long long int map_addr = 0x10000; char * skip_nozero = NULL; }; diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index e5f51a6c..811e805c 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -478,7 +478,11 @@ void add_to_queue(afl_state_t *afl, u8 *fname, u32 len, u8 passed_det) { u8 *fname_orig = NULL; /* At the initialization stage, queue_cur is NULL */ - if (afl->queue_cur) fname_orig = afl->queue_cur->fname; + if (afl->queue_cur && !afl->syncing_party) { + + fname_orig = afl->queue_cur->fname; + + } el->afl_custom_queue_new_entry(el->data, fname, fname_orig); From c19d1f0c7519fe7d1234e695c497a78f24aaf8b7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 9 Apr 2021 12:22:16 +0200 Subject: [PATCH 091/441] update grammar-mutator, show better fuzzing strategy yields --- TODO.md | 1 + .../grammar_mutator/GRAMMAR_VERSION | 2 +- .../grammar_mutator/grammar_mutator | 2 +- docs/Changelog.md | 1 + src/afl-fuzz-stats.c | 72 ++++++++++++------- 5 files changed, 49 insertions(+), 29 deletions(-) diff --git a/TODO.md b/TODO.md index dc765ec4..96b24521 100644 --- a/TODO.md +++ b/TODO.md @@ -2,6 +2,7 @@ ## Roadmap 3.00+ + - align map to 64 bytes but keep real IDs - Update afl->pending_not_fuzzed for MOpt - CPU affinity for many cores? There seems to be an issue > 96 cores - afl-plot to support multiple plot_data diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index a3fe6bb1..c7c1948d 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -b3c4fcf +a2d4e4a diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index b3c4fcfa..a2d4e4ab 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit b3c4fcfa6ae28918bc410f7747135eafd4fb7263 +Subproject commit a2d4e4ab966f0581219fbb282f5ac8c89e85ead9 diff --git a/docs/Changelog.md b/docs/Changelog.md index 072320dc..4139a9b3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,7 @@ sending a mail to . to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h - default cmplog level (-l) is now 2, better efficiency. + - better fuzzing strategy yields for enabled options - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing from fuzzers diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 2c814d90..b9a94ac3 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -861,9 +861,9 @@ void show_stats(afl_state_t *afl) { " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); - if (afl->skip_deterministic) { + if (likely(afl->skip_deterministic)) { - strcpy(tmp, "n/a, n/a, n/a"); + strcpy(tmp, "disabled (default, enable with -D)"); } else { @@ -881,7 +881,7 @@ void show_stats(afl_state_t *afl) { " levels : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->max_depth)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_FLIP8]), @@ -897,7 +897,7 @@ void show_stats(afl_state_t *afl) { " pending : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_not_fuzzed)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_ARITH8]), @@ -913,7 +913,7 @@ void show_stats(afl_state_t *afl) { " pend fav : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->pending_favored)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_INTEREST8]), @@ -929,7 +929,7 @@ void show_stats(afl_state_t *afl) { " own finds : " cRST "%-10s" bSTG bV "\n", tmp, u_stringify_int(IB(0), afl->queued_discovered)); - if (!afl->skip_deterministic) { + if (unlikely(!afl->skip_deterministic)) { sprintf(tmp, "%s/%s, %s/%s, %s/%s", u_stringify_int(IB(0), afl->stage_finds[STAGE_EXTRAS_UO]), @@ -974,35 +974,52 @@ void show_stats(afl_state_t *afl) { : cRST), tmp); - if (afl->shm.cmplog_mode) { + if (unlikely(afl->afl_env.afl_python_module)) { - sprintf(tmp, "%s/%s, %s/%s, %s/%s, %s/%s", + sprintf(tmp, "%s/%s, ", u_stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]), - u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON]), - u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), - u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR]), + u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON])); + + } else { + + strcpy(tmp, "unused, "); + + } + + if (unlikely(afl->afl_env.afl_custom_mutator_library)) { + + sprintf(tmp, "%s%s/%s, ", tmp, + u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON]), + u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); + + } else { + + strcat(tmp, "unused, "); + + } + + if (unlikely(afl->shm.cmplog_mode)) { + + sprintf(tmp, "%s%s/%s, %s/%s", tmp, u_stringify_int(IB(4), afl->stage_finds[STAGE_COLORIZATION]), u_stringify_int(IB(5), afl->stage_cycles[STAGE_COLORIZATION]), u_stringify_int(IB(6), afl->stage_finds[STAGE_ITS]), u_stringify_int(IB(7), afl->stage_cycles[STAGE_ITS])); - SAYF(bV bSTOP " custom/rq : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", - tmp); - } else { - sprintf(tmp, "%s/%s, %s/%s", - u_stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]), - u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON]), - u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR]), - u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR])); - - SAYF(bV bSTOP " py/custom : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", - tmp); + strcat(tmp, "unused, unused "); } - if (!afl->bytes_trim_out) { + SAYF(bV bSTOP "py/custom/rq : " cRST "%-36s " bSTG bVR bH20 bH2 bH bRB "\n", + tmp); + + if (likely(afl->disable_trim)) { + + sprintf(tmp, "disabled, "); + + } else if (unlikely(!afl->bytes_trim_out)) { sprintf(tmp, "n/a, "); @@ -1015,12 +1032,13 @@ void show_stats(afl_state_t *afl) { } - if (!afl->blocks_eff_total) { + if (likely(afl->skip_deterministic)) { - u8 tmp2[128]; + strcat(tmp, "disabled"); - sprintf(tmp2, "n/a"); - strcat(tmp, tmp2); + } else if (unlikely(!afl->blocks_eff_total)) { + + strcat(tmp, "n/a"); } else { From ef33193d77cf82e892fe0b807f0433839155315c Mon Sep 17 00:00:00 2001 From: Ujjwal Kirti <64329707+ujjwalkirti@users.noreply.github.com> Date: Fri, 9 Apr 2021 17:09:53 +0530 Subject: [PATCH 092/441] Update ideas.md Hey, I noticed there was a spelling error in above documentation for GSOC '21. I have corrected it, you can have a look at it if you want. --- docs/ideas.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ideas.md b/docs/ideas.md index 0130cf61..11c78e49 100644 --- a/docs/ideas.md +++ b/docs/ideas.md @@ -16,7 +16,7 @@ This might look like the afl-fuzz UI, but you can improve on it - and should! Schedulers is a mechanism that selects items from the fuzzing corpus based on strategy and randomness. One scheduler might focus on long paths, -another on rarity of edges disocvered, still another on a combination on +another on rarity of edges discovered, still another on a combination on things. Some of the schedulers in afl++ have to be ported, but you are free to come up with your own if you want to - and see how it performs. From 0c06371cda94e916f62b6456e86b849333acb338 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Apr 2021 11:16:12 +0200 Subject: [PATCH 093/441] display dictionary usage in havoc only mode --- src/afl-fuzz-stats.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index b9a94ac3..ed4787ea 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -939,6 +939,14 @@ void show_stats(afl_state_t *afl) { u_stringify_int(IB(4), afl->stage_finds[STAGE_EXTRAS_AO]), u_stringify_int(IB(5), afl->stage_cycles[STAGE_EXTRAS_AO])); + } else if (unlikely(!afl->extras_cnt)) { + + strcpy(tmp, "n/a"); + + } else { + + strcpy(tmp, "havoc mode"); + } SAYF(bV bSTOP " dictionary : " cRST "%-36s " bSTG bV bSTOP From 50bb931ea604a83784609dc71934a4a8f8feb156 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Apr 2021 11:26:27 +0200 Subject: [PATCH 094/441] ui custom mutator only display --- include/afl-fuzz.h | 1 - src/afl-fuzz-stats.c | 8 ++++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 40a7fc85..325168f2 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -483,7 +483,6 @@ typedef struct afl_state { no_unlink, /* do not unlink cur_input */ debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ - python_only, /* Python-only mode */ is_main_node, /* if this is the main node */ is_secondary_node; /* if this is a secondary instance */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index ed4787ea..e0e24a18 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -861,7 +861,11 @@ void show_stats(afl_state_t *afl) { " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); - if (likely(afl->skip_deterministic)) { + if (unlikely(afl->custom_only)) { + + strcpy(tmp, "disabled (custom mutator only mode)"); + + } else if (likely(afl->skip_deterministic)) { strcpy(tmp, "disabled (default, enable with -D)"); @@ -939,7 +943,7 @@ void show_stats(afl_state_t *afl) { u_stringify_int(IB(4), afl->stage_finds[STAGE_EXTRAS_AO]), u_stringify_int(IB(5), afl->stage_cycles[STAGE_EXTRAS_AO])); - } else if (unlikely(!afl->extras_cnt)) { + } else if (unlikely(!afl->extras_cnt || afl->custom_only)) { strcpy(tmp, "n/a"); From be880f2476963b8ebebe9d8cc196e4e74104c7a6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Apr 2021 13:01:50 +0200 Subject: [PATCH 095/441] add AFL_EXIT_ON_SEED_ISSUES --- docs/Changelog.md | 3 +++ docs/env_variables.md | 3 +++ include/afl-fuzz.h | 3 ++- include/envs.h | 1 + src/afl-fuzz-init.c | 8 +++++++- src/afl-fuzz-state.c | 7 +++++++ 6 files changed, 23 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 4139a9b3..14a0bdaf 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -24,6 +24,9 @@ sending a mail to . - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing from fuzzers + - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in + -i dir crashes the target or results in a timeout. By default + afl++ ignores these and uses them for splicing instead. - afl-cc: - Leak Sanitizer support (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD diff --git a/docs/env_variables.md b/docs/env_variables.md index 8d482e20..1f4dfef9 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -284,6 +284,9 @@ checks or alter some of the more exotic semantics of the tool: normally indicated by the cycle counter in the UI turning green. May be convenient for some types of automated jobs. + - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour + which does not allow crashes or timeout seeds in the initial -i corpus. + - `AFL_MAP_SIZE` sets the size of the shared map that afl-fuzz, afl-showmap, afl-tmin and afl-analyze create to gather instrumentation data from the target. This must be equal or larger than the size the target was diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 325168f2..f201782a 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -384,7 +384,8 @@ typedef struct afl_env_vars { afl_dumb_forksrv, afl_import_first, afl_custom_mutator_only, afl_no_ui, afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one, afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast, - afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new; + afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new, + afl_exit_on_seed_issues; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, diff --git a/include/envs.h b/include/envs.h index 466ab087..ebe98257 100644 --- a/include/envs.h +++ b/include/envs.h @@ -49,6 +49,7 @@ static char *afl_environment_variables[] = { "AFL_DUMB_FORKSRV", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", + "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL", "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS", diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index e505abd4..b6bfbc29 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -881,7 +881,7 @@ void perform_dry_run(afl_state_t *afl) { case FSRV_RUN_TMOUT: - if (afl->timeout_given) { + if (afl->timeout_given && !afl->afl_env.afl_exit_on_seed_issues) { /* if we have a timeout but a timeout value was given then always skip. The '+' meaning has been changed! */ @@ -1036,6 +1036,12 @@ void perform_dry_run(afl_state_t *afl) { } + if (afl->afl_env.afl_exit_on_seed_issues) { + + FATAL("As AFL_EXIT_ON_SEED_ISSUES is set, afl-fuzz exits."); + + } + /* Remove from fuzzing queue but keep for splicing */ struct queue_entry *p = afl->queue; diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index f65ff1bb..28d3339a 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -306,6 +306,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->cycle_schedules = afl->afl_env.afl_cycle_schedules = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_EXIT_ON_SEED_ISSUES", + + afl_environment_variable_len)) { + + afl->afl_env.afl_exit_on_seed_issues = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_EXPAND_HAVOC_NOW", afl_environment_variable_len)) { From 1fabfd5a32ce850912ce623eeabd369b59c70494 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Apr 2021 17:59:11 +0200 Subject: [PATCH 096/441] afl-whatsup -d --- afl-whatsup | 45 ++++++++++++++++++++++++++++++++++----------- docs/Changelog.md | 1 + 2 files changed, 35 insertions(+), 11 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index e92b24bd..ee20fc2d 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -21,29 +21,37 @@ echo "$0 status check tool for afl-fuzz by Michal Zalewski" echo test "$1" = "-h" -o "$1" = "-hh" && { - echo $0 [-s] output_directory + echo "$0 [-s] [-d] output_directory" echo echo Options: echo -s - skip details and output summary results only + echo -d - include dead fuzzer stats echo exit 1 } -if [ "$1" = "-s" ]; then +unset SUMMARY_ONLY +unset PROCESS_DEAD - SUMMARY_ONLY=1 - DIR="$2" +while [ "$1" = "-s" -o "$1" = "-d" ]; do -else + if [ "$1" = "-s" ]; then + SUMMARY_ONLY=1 + fi - unset SUMMARY_ONLY - DIR="$1" + if [ "$1" = "-d" ]; then + PROCESS_DEAD=1 + fi + + shift -fi +done + +DIR="$1" if [ "$DIR" = "" ]; then - echo "Usage: $0 [ -s ] afl_sync_dir" 1>&2 + echo "Usage: $0 [-s] [-d] afl_sync_dir" 1>&2 echo 1>&2 echo "The -s option causes the tool to skip all the per-fuzzer trivia and show" 1>&2 echo "just the summary results. See docs/parallel_fuzzing.md for additional tips." 1>&2 @@ -160,7 +168,12 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do fi DEAD_CNT=$((DEAD_CNT + 1)) - continue + + if [ "$PROCESS_DEAD" = "" ]; then + + continue + + fi fi @@ -257,8 +270,18 @@ echo "=============" echo echo " Fuzzers alive : $ALIVE_CNT" +if [ "$PROCESS_DEAD" = "" ]; then + + TXT="excluded from stats" + +else + + TXT="included in stats" + +fi + if [ ! "$DEAD_CNT" = "0" ]; then - echo " Dead or remote : $DEAD_CNT (excluded from stats)" + echo " Dead or remote : $DEAD_CNT ($TXT)" fi echo " Total run time : $FMT_TIME" diff --git a/docs/Changelog.md b/docs/Changelog.md index 14a0bdaf..bd14e293 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,6 +31,7 @@ sending a mail to . - Leak Sanitizer support (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode + - add -d (dead fuzzer stats) to afl-whatsup ### Version ++3.12c (release) - afl-fuzz: From 36c7c49738ae659868f70ea7d1b85804158b532f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 13 Apr 2021 18:21:33 +0200 Subject: [PATCH 097/441] fix alive count in afl-whatsup --- afl-whatsup | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index ee20fc2d..941b0e34 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -265,11 +265,6 @@ fmt_duration $TOTAL_LAST_PATH && TOTAL_LAST_PATH=$DUR_STRING test "$TOTAL_TIME" = "0" && TOTAL_TIME=1 -echo "Summary stats" -echo "=============" -echo -echo " Fuzzers alive : $ALIVE_CNT" - if [ "$PROCESS_DEAD" = "" ]; then TXT="excluded from stats" @@ -277,9 +272,15 @@ if [ "$PROCESS_DEAD" = "" ]; then else TXT="included in stats" + ALIVE_CNT=$(($ALIVE_CNT - $DEAD_CNT)) fi +echo "Summary stats" +echo "=============" +echo +echo " Fuzzers alive : $ALIVE_CNT" + if [ ! "$DEAD_CNT" = "0" ]; then echo " Dead or remote : $DEAD_CNT ($TXT)" fi From ae9087b3909a1d6dc631e59df9f200b11c60e0a2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Apr 2021 17:30:08 +0200 Subject: [PATCH 098/441] update havoc --- src/afl-fuzz-one.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 28ec0c46..d72d4145 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2002,7 +2002,7 @@ havoc_stage: u32 r_max, r; r_max = (MAX_HAVOC_ENTRY + 1) + (afl->extras_cnt ? 4 : 0) + - (afl->a_extras_cnt ? 2 : 0); + (afl->a_extras_cnt ? 4 : 0); if (unlikely(afl->expand_havoc && afl->ready_for_splicing_count > 1)) { @@ -2587,7 +2587,7 @@ havoc_stage: if (afl->a_extras_cnt) { - if (r == 0) { + if (r < 2) { /* Use the dictionary. */ @@ -2607,7 +2607,7 @@ havoc_stage: break; - } else if (r == 1) { + } else if (r < 4) { u32 use_extra = rand_below(afl, afl->a_extras_cnt); u32 extra_len = afl->a_extras[use_extra].len; @@ -2636,7 +2636,7 @@ havoc_stage: } else { - r -= 2; + r -= 4; } From 5e72568a455bde8ac389b8b234cbdbbb0d33e015 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Apr 2021 17:52:43 +0200 Subject: [PATCH 099/441] ui update --- docs/status_screen.md | 11 +++++++++-- src/afl-fuzz-stats.c | 2 +- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/docs/status_screen.md b/docs/status_screen.md index 0329d960..e3abcc5f 100644 --- a/docs/status_screen.md +++ b/docs/status_screen.md @@ -251,8 +251,9 @@ exceed it by a margin sufficient to be classified as hangs. | arithmetics : 53/2.54M, 0/537k, 0/55.2k | | known ints : 8/322k, 12/1.32M, 10/1.70M | | dictionary : 9/52k, 1/53k, 1/24k | - | havoc : 1903/20.0M, 0/0 | - | trim : 20.31%/9201, 17.05% | + |havoc/splice : 1903/20.0M, 0/0 | + |py/custom/rq : unused, 53/2.54M, unused | + | trim/eff : 20.31%/9201, 17.05% | +-----------------------------------------------------+ ``` @@ -268,6 +269,12 @@ goal. Finally, the third number shows the proportion of bytes that, although not possible to remove, were deemed to have no effect and were excluded from some of the more expensive deterministic fuzzing steps. +Note that when deterministic mutation mode is off (which is the default +because it is not very efficient) the first five lines display +"disabled (default, enable with -D)". + +Only what is activated will have counter shown. + ### Path geometry ``` diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index e0e24a18..009cebf6 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -1074,7 +1074,7 @@ void show_stats(afl_state_t *afl) { // //} else { - SAYF(bV bSTOP " trim : " cRST "%-36s " bSTG bV RESET_G1, tmp); + SAYF(bV bSTOP " trim/eff : " cRST "%-36s " bSTG bV RESET_G1, tmp); //} From 92a308133797a1926507361e71b84f8b1eacc754 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Apr 2021 18:24:05 +0200 Subject: [PATCH 100/441] fix aflpp qemu hook --- docs/Changelog.md | 1 + utils/aflpp_driver/aflpp_qemu_driver_hook.c | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index bd14e293..155eec66 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,6 +31,7 @@ sending a mail to . - Leak Sanitizer support (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode + - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode - add -d (dead fuzzer stats) to afl-whatsup ### Version ++3.12c (release) diff --git a/utils/aflpp_driver/aflpp_qemu_driver_hook.c b/utils/aflpp_driver/aflpp_qemu_driver_hook.c index 823cc42d..dc58d852 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver_hook.c +++ b/utils/aflpp_driver/aflpp_qemu_driver_hook.c @@ -3,8 +3,8 @@ #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) -#define REGS_RDI 7 -#define REGS_RSI 6 +#define REGS_RDI 4 +#define REGS_RSI 5 void afl_persistent_hook(uint64_t *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_len) { From 6069cac313f4f8f4e696e815d4fe2f8bcaccccf4 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Wed, 14 Apr 2021 18:24:55 +0200 Subject: [PATCH 101/441] qemu driver new api --- utils/aflpp_driver/aflpp_qemu_driver_hook.c | 21 +++++++++++++++------ utils/qemu_persistent_hook/read_into_rdi.c | 2 +- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/utils/aflpp_driver/aflpp_qemu_driver_hook.c b/utils/aflpp_driver/aflpp_qemu_driver_hook.c index 823cc42d..d3dd98b0 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver_hook.c +++ b/utils/aflpp_driver/aflpp_qemu_driver_hook.c @@ -1,21 +1,30 @@ +#include "../../qemu_mode/qemuafl/qemuafl/api.h" + #include #include +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) +#define h2g(x) ((uint64_t)(x)-guest_base) -#define REGS_RDI 7 -#define REGS_RSI 6 + // In this example the register RDI is pointing to the memory location + // of the target buffer, and the length of the input is in RSI. + // This can be seen with a debugger, e.g. gdb (and "disass main") -void afl_persistent_hook(uint64_t *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_len) { + memcpy(g2h(regs->rdi), input_buf, input_buf_len); + regs->rsi = input_buf_len; - memcpy(g2h(regs[REGS_RDI]), input_buf, input_len); - regs[REGS_RSI] = input_len; +#undef g2h +#undef h2g } int afl_persistent_hook_init(void) { + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) return 1; } diff --git a/utils/qemu_persistent_hook/read_into_rdi.c b/utils/qemu_persistent_hook/read_into_rdi.c index f4a8ae59..c1c6642f 100644 --- a/utils/qemu_persistent_hook/read_into_rdi.c +++ b/utils/qemu_persistent_hook/read_into_rdi.c @@ -5,7 +5,7 @@ void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { -\ + #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) From f0d300b32a8a5b3adccc8209c151382244135082 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Apr 2021 18:36:22 +0200 Subject: [PATCH 102/441] add readme --- utils/aflpp_driver/README.md | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 utils/aflpp_driver/README.md diff --git a/utils/aflpp_driver/README.md b/utils/aflpp_driver/README.md new file mode 100644 index 00000000..2c339d12 --- /dev/null +++ b/utils/aflpp_driver/README.md @@ -0,0 +1,25 @@ +# afl++ drivers + +## aflpp_driver + +aflpp_driver is used to compile directly libfuzzer `LLVMFuzzerTestOneInput()` +targets. + +Just do `afl-clang-fast++ -o fuzz fuzzer_harness.cc libAFLDriver.a [plus required linking]`. + +You can also sneakily do this little trick: +If this is the clang compile command to build for libfuzzer: + `clang++ -o fuzz -fsanitize=fuzzer fuzzer_harness.cc -lfoo` +then just switch `clang++` with `afl-clang-fast++` and our compiler will +magically insert libAFLDriver.a :) + + +## aflpp_qemu_driver + +aflpp_qemu_driver is used for libfuzzer `LLVMFuzzerTestOneInput()` targets that +are to be fuzzed in qemu_mode. So we compile them with clang/clang++, without +-fsantize=fuzzer or afl-clang-fast, and link in libAFLQemuDriver.a: + +`clang++ -o fuzz fuzzer_harness.cc libAFLQemuDriver.a [plus required linking]`. + +Then just do `AFL_PRELOAD=/path/to/aflpp_qemu_driver_hook.so afl-fuzz -Q ... -- ./fuzz` From fd8dc1455278bca16e852eb08ddac9a3e466b5c7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Apr 2021 18:49:02 +0200 Subject: [PATCH 103/441] update readme --- utils/aflpp_driver/README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/utils/aflpp_driver/README.md b/utils/aflpp_driver/README.md index 2c339d12..01bd10c0 100644 --- a/utils/aflpp_driver/README.md +++ b/utils/aflpp_driver/README.md @@ -22,4 +22,9 @@ are to be fuzzed in qemu_mode. So we compile them with clang/clang++, without `clang++ -o fuzz fuzzer_harness.cc libAFLQemuDriver.a [plus required linking]`. -Then just do `AFL_PRELOAD=/path/to/aflpp_qemu_driver_hook.so afl-fuzz -Q ... -- ./fuzz` + +Then just do (where the name of the binary is `fuzz`): +``` +AFL_QEMU_PERSISTENT_ADDR=0x$(nm fuzz | grep "T LLVMFuzzerTestOneInput" | awk '{print $1}') +AFL_QEMU_PERSISTENT_HOOK=/path/to/aflpp_qemu_driver_hook.so afl-fuzz -Q ... -- ./fuzz` +``` From 4a0e0270adafbc583d491dfad74d9378a4c06bf7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Apr 2021 22:23:16 +0200 Subject: [PATCH 104/441] allow aflpp_qemu_driver_hook.o to fail --- utils/aflpp_driver/GNUmakefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/utils/aflpp_driver/GNUmakefile b/utils/aflpp_driver/GNUmakefile index c1a087d7..8ac054a6 100644 --- a/utils/aflpp_driver/GNUmakefile +++ b/utils/aflpp_driver/GNUmakefile @@ -26,17 +26,17 @@ debug: ar ru libAFLDriver.a afl-performance.o aflpp_driver.o aflpp_qemu_driver.o: aflpp_qemu_driver.c - $(LLVM_BINDIR)clang $(CFLAGS) -O0 -funroll-loops -c aflpp_qemu_driver.c + -$(LLVM_BINDIR)clang $(CFLAGS) -O0 -funroll-loops -c aflpp_qemu_driver.c libAFLQemuDriver.a: aflpp_qemu_driver.o - ar ru libAFLQemuDriver.a aflpp_qemu_driver.o - cp -vf libAFLQemuDriver.a ../../ + -ar ru libAFLQemuDriver.a aflpp_qemu_driver.o + -cp -vf libAFLQemuDriver.a ../../ aflpp_qemu_driver_hook.so: aflpp_qemu_driver_hook.o - $(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so + -$(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so aflpp_qemu_driver_hook.o: aflpp_qemu_driver_hook.c - $(LLVM_BINDIR)clang -fPIC $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c + -$(LLVM_BINDIR)clang -fPIC $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c test: debug #clang -S -emit-llvm -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -funroll-loops -o aflpp_driver_test.ll aflpp_driver_test.c From ab0f13ed068a7ef47cc84e6871428e1812382688 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 00:11:32 +0200 Subject: [PATCH 105/441] fix writing stat file on exit --- src/afl-fuzz-stats.c | 43 +++++++++++++++++++++++-------------------- src/afl-fuzz.c | 1 - 2 files changed, 23 insertions(+), 21 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 009cebf6..fa1f3c70 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -355,18 +355,18 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, double eps) { - if (unlikely(afl->stop_soon) || - unlikely(afl->plot_prev_qp == afl->queued_paths && - afl->plot_prev_pf == afl->pending_favored && - afl->plot_prev_pnf == afl->pending_not_fuzzed && - afl->plot_prev_ce == afl->current_entry && - afl->plot_prev_qc == afl->queue_cycle && - afl->plot_prev_uc == afl->unique_crashes && - afl->plot_prev_uh == afl->unique_hangs && - afl->plot_prev_md == afl->max_depth && - afl->plot_prev_ed == afl->fsrv.total_execs) || - unlikely(!afl->queue_cycle) || - unlikely(get_cur_time() - afl->start_time <= 60)) { + if (unlikely(!afl->force_ui_update && + (afl->stop_soon || + (afl->plot_prev_qp == afl->queued_paths && + afl->plot_prev_pf == afl->pending_favored && + afl->plot_prev_pnf == afl->pending_not_fuzzed && + afl->plot_prev_ce == afl->current_entry && + afl->plot_prev_qc == afl->queue_cycle && + afl->plot_prev_uc == afl->unique_crashes && + afl->plot_prev_uh == afl->unique_hangs && + afl->plot_prev_md == afl->max_depth && + afl->plot_prev_ed == afl->fsrv.total_execs) || + !afl->queue_cycle || get_cur_time() - afl->start_time <= 60))) { return; @@ -531,7 +531,8 @@ void show_stats(afl_state_t *afl) { /* Roughly every minute, update fuzzer stats and save auto tokens. */ - if (cur_ms - afl->stats_last_stats_ms > STATS_UPDATE_SEC * 1000) { + if (unlikely(afl->force_ui_update || + cur_ms - afl->stats_last_stats_ms > STATS_UPDATE_SEC * 1000)) { afl->stats_last_stats_ms = cur_ms; write_stats_file(afl, t_bytes, t_byte_ratio, stab_ratio, @@ -543,7 +544,8 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_statsd)) { - if (cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000) { + if (unlikely(afl->force_ui_update && cur_ms - afl->statsd_last_send_ms > + STATSD_UPDATE_SEC * 1000)) { /* reset counter, even if send failed. */ afl->statsd_last_send_ms = cur_ms; @@ -555,7 +557,8 @@ void show_stats(afl_state_t *afl) { /* Every now and then, write plot data. */ - if (cur_ms - afl->stats_last_plot_ms > PLOT_UPDATE_SEC * 1000) { + if (unlikely(afl->force_ui_update || + cur_ms - afl->stats_last_plot_ms > PLOT_UPDATE_SEC * 1000)) { afl->stats_last_plot_ms = cur_ms; maybe_update_plot_file(afl, t_bytes, t_byte_ratio, afl->stats_avg_exec); @@ -564,14 +567,14 @@ void show_stats(afl_state_t *afl) { /* Honor AFL_EXIT_WHEN_DONE and AFL_BENCH_UNTIL_CRASH. */ - if (!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 && - !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done) { + if (unlikely(!afl->non_instrumented_mode && afl->cycles_wo_finds > 100 && + !afl->pending_not_fuzzed && afl->afl_env.afl_exit_when_done)) { afl->stop_soon = 2; } - if (afl->total_crashes && afl->afl_env.afl_bench_until_crash) { + if (unlikely(afl->total_crashes && afl->afl_env.afl_bench_until_crash)) { afl->stop_soon = 2; @@ -583,7 +586,7 @@ void show_stats(afl_state_t *afl) { /* If we haven't started doing things, bail out. */ - if (!afl->queue_cur) { return; } + if (unlikely(!afl->queue_cur)) { return; } /* Compute some mildly useful bitmap stats. */ @@ -602,7 +605,7 @@ void show_stats(afl_state_t *afl) { SAYF(TERM_HOME); - if (afl->term_too_small) { + if (unlikely(afl->term_too_small)) { SAYF(cBRI "Your terminal is too small to display the UI.\n" diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9688c84f..d9bf2b28 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2130,7 +2130,6 @@ int main(int argc, char **argv_orig, char **envp) { stop_fuzzing: - write_stats_file(afl, 0, 0, 0, 0); afl->force_ui_update = 1; // ensure the screen is reprinted show_stats(afl); // print the screen one last time From 61a918f820da0d4c6285e8a9fe32fe2ab4c08510 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 10:43:18 +0200 Subject: [PATCH 106/441] remove duplicate plot file write --- src/afl-fuzz.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index d9bf2b28..a61a817a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2125,7 +2125,6 @@ int main(int argc, char **argv_orig, char **envp) { } write_bitmap(afl); - maybe_update_plot_file(afl, 0, 0, 0); save_auto(afl); stop_fuzzing: From cd40fa1745de1aba6549dd37d1d94b0e26cce442 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 11:04:39 +0200 Subject: [PATCH 107/441] fix warnings --- src/afl-fuzz-stats.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index fa1f3c70..d1e5e9f8 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -427,7 +427,7 @@ void show_stats(afl_state_t *afl) { u32 t_bytes, t_bits; u32 banner_len, banner_pad; - u8 tmp[256]; + u8 tmp[256], tmp2[256]; u8 time_tmp[64]; u8 val_buf[8][STRINGIFY_VAL_SIZE_MAX]; @@ -991,31 +991,31 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_python_module)) { - sprintf(tmp, "%s/%s, ", + sprintf(tmp, "%s/%s,", u_stringify_int(IB(0), afl->stage_finds[STAGE_PYTHON]), u_stringify_int(IB(1), afl->stage_cycles[STAGE_PYTHON])); } else { - strcpy(tmp, "unused, "); + strcpy(tmp, "unused,"); } if (unlikely(afl->afl_env.afl_custom_mutator_library)) { - sprintf(tmp, "%s%s/%s, ", tmp, + sprintf(tmp2, " %s%s/%s,", tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON]), u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); } else { - strcat(tmp, "unused, "); + strcat(tmp2, " unused,"); } if (unlikely(afl->shm.cmplog_mode)) { - sprintf(tmp, "%s%s/%s, %s/%s", tmp, + sprintf(tmp, "%s %s/%s, %s/%s", tmp2, u_stringify_int(IB(4), afl->stage_finds[STAGE_COLORIZATION]), u_stringify_int(IB(5), afl->stage_cycles[STAGE_COLORIZATION]), u_stringify_int(IB(6), afl->stage_finds[STAGE_ITS]), @@ -1023,7 +1023,7 @@ void show_stats(afl_state_t *afl) { } else { - strcat(tmp, "unused, unused "); + sprintf(tmp, "%s unused, unused", tmp2); } From 71f3d82d430cc82c0654083b8cd1d78d59f88ca9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 11:23:46 +0200 Subject: [PATCH 108/441] afl-whatsup -d fix --- afl-whatsup | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/afl-whatsup b/afl-whatsup index 941b0e34..be259829 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -141,7 +141,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do sed 's/^command_line.*$/_skip:1/;s/[ ]*:[ ]*/="/;s/$/"/' "$i" >"$TMP" . "$TMP" - RUN_UNIX=$((CUR_TIME - start_time)) + RUN_UNIX=$run_time RUN_DAYS=$((RUN_UNIX / 60 / 60 / 24)) RUN_HRS=$(((RUN_UNIX / 60 / 60) % 24)) @@ -168,6 +168,7 @@ for i in `find . -maxdepth 2 -iname fuzzer_stats | sort`; do fi DEAD_CNT=$((DEAD_CNT + 1)) + last_path=0 if [ "$PROCESS_DEAD" = "" ]; then From b815c32f0ef789dd6d33f5de4d0b524664d41195 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 12:22:05 +0200 Subject: [PATCH 109/441] fix ui --- src/afl-fuzz-stats.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index d1e5e9f8..a1559eac 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -1003,13 +1003,13 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_custom_mutator_library)) { - sprintf(tmp2, " %s%s/%s,", tmp, + sprintf(tmp2, "%s %s/%s,", tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON]), u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); } else { - strcat(tmp2, " unused,"); + sprintf(tmp2, "%s unused,", tmp); } From f2a83c4a508cb6c81f9a7f387b693d057af3a726 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 13:20:57 +0200 Subject: [PATCH 110/441] update readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c94872be..e7582aff 100644 --- a/README.md +++ b/README.md @@ -606,7 +606,8 @@ For every secondary fuzzer there should be a variation, e.g.: * one should fuzz the target that was compiled differently: with sanitizers activated (`export AFL_USE_ASAN=1 ; export AFL_USE_UBSAN=1 ; export AFL_USE_CFISAN=1 ; export AFL_USE_LSAN=1`) - * one should fuzz the target with CMPLOG/redqueen (see above) + * one or two should fuzz the target with CMPLOG/redqueen (see above), at + least one cmplog instance should follow transformations (`-l AT`) * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV (see above). Important note: If you run more than one laf-intel/COMPCOV fuzzer and you want them to share their intermediate results, the main From 9d3a2b693a8725983a809af3799b190781130c30 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 14:10:04 +0200 Subject: [PATCH 111/441] qemuafl --- qemu_mode/QEMUAFL_VERSION | 2 +- qemu_mode/qemuafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/qemu_mode/QEMUAFL_VERSION b/qemu_mode/QEMUAFL_VERSION index 8d95c359..0fb33ae2 100644 --- a/qemu_mode/QEMUAFL_VERSION +++ b/qemu_mode/QEMUAFL_VERSION @@ -1 +1 @@ -ddc4a9748d +d73b0336b4 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index ddc4a974..d73b0336 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit ddc4a9748d59857753fb33c30a356f354595f36d +Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 From d0390f3b7651efefeecf80ebf2b1a740c077f21f Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 14:42:54 +0200 Subject: [PATCH 112/441] fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index d70bba91..8346c5b9 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -20,22 +20,29 @@ // solution: echo -ne 'The quick brown fox jumps over the lazy // dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest +#include "../../include/config.h" + #include #include #include #include -int main() { - - char buffer[44] = {/* zero padding */}; - fread(buffer, 1, sizeof(buffer) - 1, stdin); +int main(int argc, char**argv) { + + static char buffer[MAX_FILE] = {/* zero padding */}; + + FILE* file = stdin; + if (argc > 1) + file = fopen(argv[1], "r"); + + fread(buffer, 1, sizeof(buffer) - 1, file); if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || strncmp(&buffer[20], "jumps over ", 11) != 0 || strcmp(&buffer[31], "the lazy dog") != 0) { - + return 1; - + } uint64_t x = 0; @@ -50,18 +57,18 @@ int main() { fread(&z, sizeof(z), 1, stdin); switch (z) { - + case 0xBEEF: break; default: return 4; - + } printf("Puzzle solved, congrats!\n"); abort(); return 0; - + } - + From 43e16cf13dfffa27f9cde49a3bba026cef96b1c4 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 15:05:14 +0200 Subject: [PATCH 113/441] fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 8346c5b9..6fe501c0 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -29,7 +29,7 @@ int main(int argc, char**argv) { - static char buffer[MAX_FILE] = {/* zero padding */}; + char buffer[44] = {/* zero padding */}; FILE* file = stdin; if (argc > 1) From 45b5e3622e4339b806a8f3d44bcde5c89f58677e Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 15 Apr 2021 15:12:32 +0200 Subject: [PATCH 114/441] fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 6fe501c0..69c6aa09 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -46,15 +46,15 @@ int main(int argc, char**argv) { } uint64_t x = 0; - fread(&x, sizeof(x), 1, stdin); + fread(&x, sizeof(x), 1, file); if (x != 0xCAFEBABECAFEBABE) { return 2; } uint32_t y = 0; - fread(&y, sizeof(y), 1, stdin); + fread(&y, sizeof(y), 1, file); if (y != 0xDEADC0DE) { return 3; } uint16_t z = 0; - fread(&z, sizeof(z), 1, stdin); + fread(&z, sizeof(z), 1, file); switch (z) { From 4f93220c4bfbffc51e18159d30e08884a4d7dfc1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Apr 2021 16:50:44 +0200 Subject: [PATCH 115/441] cmplog -l3: disable trimming, forcing input2stage for all --- src/afl-fuzz-redqueen.c | 26 +++++++++++++++++++++++++- src/afl-fuzz.c | 8 ++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 9bfbf95b..cf1e5ea5 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -437,7 +437,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, if (taint) { - if (afl->colorize_success && + if (afl->colorize_success && afl->cmplog_lvl < 3 && (len / positions == 1 && positions > CMPLOG_POSITIONS_MAX && afl->active_paths / afl->colorize_success > CMPLOG_CORPUS_PERCENT)) { @@ -1749,6 +1749,12 @@ static u8 cmp_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, #endif +#ifdef _DEBUG + if (o->v0 != orig_o->v0 || o->v1 != orig_o->v1) + fprintf(stderr, "key=%u idx=%u o0=%llu v0=%llu o1=%llu v1=%llu\n", key, + idx, orig_o->v0, o->v0, orig_o->v1, o->v1); +#endif + // even for u128 and _ExtInt we do cmp_extend_encoding() because // if we got here their own special trials failed and it might just be // a cast from e.g. u64 to u128 from the input data. @@ -2365,6 +2371,24 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, status = 0; +#ifdef _DEBUG + int w; + fprintf(stderr, "key=%u idx=%u len=%u o0=", key, idx, + SHAPE_BYTES(h->shape)); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", orig_o->v0[w]); + fprintf(stderr, " v0="); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", o->v0[w]); + fprintf(stderr, " o1="); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", orig_o->v1[w]); + fprintf(stderr, " v1="); + for (w = 0; w < SHAPE_BYTES(h->shape); ++w) + fprintf(stderr, "%02x", o->v1[w]); + fprintf(stderr, "\n"); +#endif + if (unlikely(rtn_extend_encoding( afl, o->v0, o->v1, orig_o->v0, orig_o->v1, SHAPE_BYTES(h->shape), idx, taint_len, orig_buf, buf, cbuf, len, lvl, &status))) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a61a817a..2b035a23 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -855,6 +855,14 @@ int main(int argc, char **argv_orig, char **envp) { break; case '3': afl->cmplog_lvl = 3; + + if (!afl->disable_trim) { + + ACTF("Deactivating trimming due CMPLOG level 3"); + afl->disable_trim = 1; + + } + break; case 'a': case 'A': From c8e96e52536d47ee41967657202574d8e61562ee Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 15 Apr 2021 23:56:58 +0200 Subject: [PATCH 116/441] autoformat with black --- frida_mode/test/testinstr.py | 49 ++++-- .../helper_scripts/ida_context_loader.py | 84 ++++++---- utils/autodict_ql/autodict-ql.py | 152 ++++++++++-------- utils/autodict_ql/litan.py | 126 +++++++++------ utils/autodict_ql/memcmp-strings.py | 64 +++++--- utils/autodict_ql/stan-strings.py | 64 +++++--- utils/autodict_ql/strcmp-strings.py | 64 +++++--- utils/autodict_ql/strncmp-strings.py | 64 +++++--- 8 files changed, 408 insertions(+), 259 deletions(-) diff --git a/frida_mode/test/testinstr.py b/frida_mode/test/testinstr.py index 8f5fe886..f648808b 100755 --- a/frida_mode/test/testinstr.py +++ b/frida_mode/test/testinstr.py @@ -1,32 +1,49 @@ -#!/usr/bin/python3 +#!/usr/bin/env python3 import argparse from elftools.elf.elffile import ELFFile + def process_file(file, section, base): - with open(file, 'rb') as f: + with open(file, "rb") as f: for sect in ELFFile(f).iter_sections(): - if (sect.name == section): - start = base + sect.header['sh_offset'] - end = start + sect.header['sh_size'] - print ("0x%016x-0x%016x" % (start, end)) + if sect.name == section: + start = base + sect.header["sh_offset"] + end = start + sect.header["sh_size"] + print("0x%016x-0x%016x" % (start, end)) return - print ("Section '%s' not found in '%s'" % (section, file)) + print("Section '%s' not found in '%s'" % (section, file)) + def hex_value(x): return int(x, 16) + def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--section', dest='section', type=str, - help='elf section name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) + parser = argparse.ArgumentParser(description="Process some integers.") + parser.add_argument( + "-f", "--file", dest="file", type=str, help="elf file name", required=True + ) + parser.add_argument( + "-s", + "--section", + dest="section", + type=str, + help="elf section name", + required=True, + ) + parser.add_argument( + "-b", + "--base", + dest="base", + type=hex_value, + help="elf base address", + required=True, + ) args = parser.parse_args() - process_file (args.file, args.section, args.base) + process_file(args.file, args.section, args.base) + if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/unicorn_mode/helper_scripts/ida_context_loader.py b/unicorn_mode/helper_scripts/ida_context_loader.py index 31d47a90..d7984c77 100644 --- a/unicorn_mode/helper_scripts/ida_context_loader.py +++ b/unicorn_mode/helper_scripts/ida_context_loader.py @@ -34,13 +34,11 @@ import ida_segment class ContextLoaderError(Exception): - """Base "catch all" exception for this script - """ + """Base "catch all" exception for this script""" class ArchNotSupportedError(ContextLoaderError): - """Exception raised if the input file CPU architecture isn't supported fully - """ + """Exception raised if the input file CPU architecture isn't supported fully""" def parse_mapping_index(filepath: str): @@ -51,13 +49,16 @@ def parse_mapping_index(filepath: str): """ if filepath is None: - raise ContextLoaderError('_index.json file was not selected') + raise ContextLoaderError("_index.json file was not selected") try: - with open(filepath, 'rb') as _file: + with open(filepath, "rb") as _file: return json.load(_file) except Exception as ex: - raise ContextLoaderError('Failed to parse json file {}'.format(filepath)) from ex + raise ContextLoaderError( + "Failed to parse json file {}".format(filepath) + ) from ex + def get_input_name(): """Get the name of the input file @@ -68,19 +69,21 @@ def get_input_name(): input_filepath = ida_nalt.get_input_file_path() return Path(input_filepath).name + def write_segment_bytes(start: int, filepath: str): - """"Read data from context file and write it to the IDA segment + """ "Read data from context file and write it to the IDA segment :param start: Start address :param filepath: Path to context file """ - with open(filepath, 'rb') as _file: + with open(filepath, "rb") as _file: data = _file.read() decompressed_data = zlib.decompress(data) ida_bytes.put_bytes(start, decompressed_data) + def create_segment(context_dir: str, segment: dict, is_be: bool): """Create segment in IDA and map in the data from the file @@ -90,23 +93,30 @@ def create_segment(context_dir: str, segment: dict, is_be: bool): """ input_name = get_input_name() - if Path(segment['name']).name != input_name: + if Path(segment["name"]).name != input_name: ida_seg = idaapi.segment_t() - ida_seg.start_ea = segment['start'] - ida_seg.end_ea = segment['end'] + ida_seg.start_ea = segment["start"] + ida_seg.end_ea = segment["end"] ida_seg.bitness = 1 if is_be else 0 - if segment['permissions']['r']: + if segment["permissions"]["r"]: ida_seg.perm |= ida_segment.SEGPERM_READ - if segment['permissions']['w']: + if segment["permissions"]["w"]: ida_seg.perm |= ida_segment.SEGPERM_WRITE - if segment['permissions']['x']: + if segment["permissions"]["x"]: ida_seg.perm |= ida_segment.SEGPERM_EXEC - idaapi.add_segm_ex(ida_seg, Path(segment['name']).name, 'CODE', idaapi.ADDSEG_OR_DIE) + idaapi.add_segm_ex( + ida_seg, Path(segment["name"]).name, "CODE", idaapi.ADDSEG_OR_DIE + ) else: - idaapi.add_segm_ex(ida_seg, Path(segment['name']).name, 'DATA', idaapi.ADDSEG_OR_DIE) + idaapi.add_segm_ex( + ida_seg, Path(segment["name"]).name, "DATA", idaapi.ADDSEG_OR_DIE + ) + + if segment["content_file"]: + write_segment_bytes( + segment["start"], PurePath(context_dir, segment["content_file"]) + ) - if segment['content_file']: - write_segment_bytes(segment['start'], PurePath(context_dir, segment['content_file'])) def create_segments(index: dict, context_dir: str): """Iterate segments in index JSON, create the segment in IDA, and map in the data from the file @@ -117,9 +127,10 @@ def create_segments(index: dict, context_dir: str): info = idaapi.get_inf_structure() is_be = info.is_be() - for segment in index['segments']: + for segment in index["segments"]: create_segment(context_dir, segment, is_be) + def rebase_program(index: dict): """Rebase the program to the offset specified in the context _index.json @@ -128,20 +139,21 @@ def rebase_program(index: dict): input_name = get_input_name() new_base = None - for segment in index['segments']: - if not segment['name']: + for segment in index["segments"]: + if not segment["name"]: continue - segment_name = Path(segment['name']).name + segment_name = Path(segment["name"]).name if input_name == segment_name: - new_base = segment['start'] + new_base = segment["start"] break if not new_base: - raise ContextLoaderError('Input file is not in _index.json') + raise ContextLoaderError("Input file is not in _index.json") current_base = idaapi.get_imagebase() - ida_segment.rebase_program(new_base-current_base, 8) + ida_segment.rebase_program(new_base - current_base, 8) + def get_pc_by_arch(index: dict) -> int: """Queries the input file CPU architecture and attempts to lookup the address of the program @@ -153,13 +165,14 @@ def get_pc_by_arch(index: dict) -> int: progctr = None info = idaapi.get_inf_structure() - if info.procname == 'metapc': + if info.procname == "metapc": if info.is_64bit(): - progctr = index['regs']['rax'] + progctr = index["regs"]["rax"] elif info.is_32bit(): - progctr = index['regs']['eax'] + progctr = index["regs"]["eax"] return progctr + def write_reg_info(index: dict): """Write register info as line comment at instruction pointed to by the program counter and change focus to that location @@ -167,17 +180,19 @@ def write_reg_info(index: dict): :param index: _index.json JSON data """ - cmt = '' - for reg, val in index['regs'].items(): + cmt = "" + for reg, val in index["regs"].items(): cmt += f"{reg.ljust(6)} : {hex(val)}\n" progctr = get_pc_by_arch(index) if progctr is None: raise ArchNotSupportedError( - 'Architecture not fully supported, skipping register status comment') + "Architecture not fully supported, skipping register status comment" + ) ida_bytes.set_cmt(progctr, cmt, 0) ida_kernwin.jumpto(progctr) + def main(filepath): """Main - parse _index.json input and map context files into the database @@ -193,5 +208,6 @@ def main(filepath): except ContextLoaderError as ex: print(ex) -if __name__ == '__main__': - main(ida_kernwin.ask_file(1, '*.json', 'Import file name')) + +if __name__ == "__main__": + main(ida_kernwin.ask_file(1, "*.json", "Import file name")) diff --git a/utils/autodict_ql/autodict-ql.py b/utils/autodict_ql/autodict-ql.py index 0fe7eabf..f64e3fae 100644 --- a/utils/autodict_ql/autodict-ql.py +++ b/utils/autodict_ql/autodict-ql.py @@ -11,7 +11,7 @@ import os import string -import binascii +import binascii import codecs import errno import struct @@ -21,6 +21,7 @@ import subprocess from binascii import unhexlify + def ensure_dir(dir): try: os.makedirs(dir) @@ -28,109 +29,118 @@ def ensure_dir(dir): if e.errno != errno.EEXIST: raise + def parse_args(): - parser = argparse.ArgumentParser(description=( - "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) - - #parser.add_argument("tokenpath", - #help="Destination directory for tokens") - parser.add_argument("cur", - help = "Current Path") - parser.add_argument("db", - help = "CodeQL database Path") - parser.add_argument("tokenpath", - help="Destination directory for tokens") + parser = argparse.ArgumentParser( + description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" + ) + ) + + # parser.add_argument("tokenpath", + # help="Destination directory for tokens") + parser.add_argument("cur", help="Current Path") + parser.add_argument("db", help="CodeQL database Path") + parser.add_argument("tokenpath", help="Destination directory for tokens") return parser.parse_args() -def static_analysis(file,file2,cur,db) : - with open(cur+"/"+file, "w") as f: - print(cur+"/"+file) - stream = os.popen("codeql query run " + cur +"/"+ file2 + " -d " + db ) + +def static_analysis(file, file2, cur, db): + with open(cur + "/" + file, "w") as f: + print(cur + "/" + file) + stream = os.popen("codeql query run " + cur + "/" + file2 + " -d " + db) output = stream.read() f.write(output) f.close() -def copy_tokens(cur, tokenpath) : - subprocess.call(["mv " + cur + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["mv " + cur + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["mv " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["mv " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["mv " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."] ,shell=True) - subprocess.call(["rm -rf strcmp-strs memcmp-strs strncmp-strs lits strtool-strs"],shell=True) - subprocess.call(["rm *.out"],shell=True) - subprocess.call(["find "+tokenpath+" -size 0 -delete"],shell=True) + +def copy_tokens(cur, tokenpath): + subprocess.call( + ["mv " + cur + "/" + "strcmp-strs/*" + " " + cur + "/" + tokenpath + "/."], + shell=True, + ) + subprocess.call( + ["mv " + cur + "/" + "strncmp-strs/*" + " " + cur + "/" + tokenpath + "/."], + shell=True, + ) + subprocess.call( + ["mv " + cur + "/" + "memcmp-strs/*" + " " + cur + "/" + tokenpath + "/."], + shell=True, + ) + subprocess.call( + ["mv " + cur + "/" + "lits/*" + " " + cur + "/" + tokenpath + "/."], shell=True + ) + subprocess.call( + ["mv " + cur + "/" + "strtool-strs/*" + " " + cur + "/" + tokenpath + "/."], + shell=True, + ) + subprocess.call( + ["rm -rf strcmp-strs memcmp-strs strncmp-strs lits strtool-strs"], shell=True + ) + subprocess.call(["rm *.out"], shell=True) + subprocess.call(["find " + tokenpath + " -size 0 -delete"], shell=True) - -def codeql_analysis(cur, db) : - static_analysis("litout.out","litool.ql", cur, db) - static_analysis("strcmp-strings.out","strcmp-str.ql", cur, db) - static_analysis("strncmp-strings.out","strncmp-str.ql", cur, db) - static_analysis("memcmp-strings.out","memcmp-str.ql", cur, db) - static_analysis("strtool-strings.out","strtool.ql", cur, db) - start_autodict(0,cur) - +def codeql_analysis(cur, db): + static_analysis("litout.out", "litool.ql", cur, db) + static_analysis("strcmp-strings.out", "strcmp-str.ql", cur, db) + static_analysis("strncmp-strings.out", "strncmp-str.ql", cur, db) + static_analysis("memcmp-strings.out", "memcmp-str.ql", cur, db) + static_analysis("strtool-strings.out", "strtool.ql", cur, db) + start_autodict(0, cur) def start_autodict(tokenpath, cur): - command = [ - 'python3', - cur + '/litan.py', - cur+'/lits/', - cur+'/litout.out' - ] + command = ["python3", cur + "/litan.py", cur + "/lits/", cur + "/litout.out"] worker1 = subprocess.Popen(command) print(worker1.communicate()) - + command1 = [ - 'python3', - cur + '/strcmp-strings.py', - cur + '/strcmp-strs/', - cur + '/strcmp-strings.out' - ] + "python3", + cur + "/strcmp-strings.py", + cur + "/strcmp-strs/", + cur + "/strcmp-strings.out", + ] worker2 = subprocess.Popen(command1) print(worker2.communicate()) command2 = [ - 'python3', - cur + '/strncmp-strings.py', - cur + '/strncmp-strs/', - cur + '/strncmp-strings.out' - ] + "python3", + cur + "/strncmp-strings.py", + cur + "/strncmp-strs/", + cur + "/strncmp-strings.out", + ] worker3 = subprocess.Popen(command2) print(worker3.communicate()) - - command5 = [ - 'python3', - cur + '/memcmp-strings.py', - cur + '/memcmp-strs/', - cur + '/memcmp-strings.out' - ] + "python3", + cur + "/memcmp-strings.py", + cur + "/memcmp-strs/", + cur + "/memcmp-strings.out", + ] worker6 = subprocess.Popen(command5) print(worker6.communicate()) - - command8 = [ - 'python3', - cur + '/stan-strings.py', - cur + '/strtool-strs/', - cur + '/strtool-strings.out' - ] + "python3", + cur + "/stan-strings.py", + cur + "/strtool-strs/", + cur + "/strtool-strings.out", + ] worker9 = subprocess.Popen(command8) print(worker9.communicate()) - def main(): - args = parse_args() + args = parse_args() ensure_dir(args.tokenpath) - #copy_tokens(args.cur, args.tokenpath) + # copy_tokens(args.cur, args.tokenpath) codeql_analysis(args.cur, args.db) copy_tokens(args.cur, args.tokenpath) - #start_autodict(args.tokenpath, args.cur) -if __name__ == '__main__': - main() \ No newline at end of file + # start_autodict(args.tokenpath, args.cur) + + +if __name__ == "__main__": + main() diff --git a/utils/autodict_ql/litan.py b/utils/autodict_ql/litan.py index 18c04c34..7033d363 100644 --- a/utils/autodict_ql/litan.py +++ b/utils/autodict_ql/litan.py @@ -4,7 +4,7 @@ # Author : Microsvuln - Arash.vre@gmail.com import string import os -import binascii +import binascii import codecs import struct import errno @@ -12,75 +12,101 @@ import argparse import re import base64 from binascii import unhexlify + + def parse_args(): - parser = argparse.ArgumentParser(description=( - "Helper - Specify input file to analysis and output folder to save corpdirus for constants in the overall project ------- Example usage : python2 thisfile.py outdir o.txt")) - parser.add_argument("corpdir", - help="The path to the corpus directory to generate files.") - parser.add_argument("infile", - help="Specify file output of codeql analysis - ex. ooo-hex.txt, analysis take place on this file, example : python2 thisfile.py outdir out.txt") - return parser.parse_args() + parser = argparse.ArgumentParser( + description=( + "Helper - Specify input file to analysis and output folder to save corpdirus for constants in the overall project ------- Example usage : python2 thisfile.py outdir o.txt" + ) + ) + parser.add_argument( + "corpdir", help="The path to the corpus directory to generate files." + ) + parser.add_argument( + "infile", + help="Specify file output of codeql analysis - ex. ooo-hex.txt, analysis take place on this file, example : python2 thisfile.py outdir out.txt", + ) + return parser.parse_args() + + def ensure_dir(dir): try: os.makedirs(dir) except OSError as e: if e.errno == errno.EEXIST: - #print "[-] Directory exists, specify another directory" + # print "[-] Directory exists, specify another directory" exit(1) + + def do_analysis1(corpdir, infile): - with open(infile, "rb") as f: - lines = f.readlines()[1:] - f.close() + with open(infile, "rb") as f: + lines = f.readlines()[1:] + f.close() new_lst = [] n = 1 for i, num in enumerate(lines): if i != 0: - new_lst.append(num) + new_lst.append(num) str1 = str(num) - print ("num is " + str1) - str1 = str1.rstrip('\n\n') - #str1 = str1.replace("0x",""); - str1 = str1.replace("|","") - str1 = str1.rstrip('\r\n') - str1 = str1.rstrip('\n') - str1 = str1.replace(" ","") - #str1 = str1.translate(None, string.punctuation) - translator=str.maketrans('','',string.punctuation) - str1=str1.translate(translator) + print("num is " + str1) + str1 = str1.rstrip("\n\n") + # str1 = str1.replace("0x",""); + str1 = str1.replace("|", "") + str1 = str1.rstrip("\r\n") + str1 = str1.rstrip("\n") + str1 = str1.replace(" ", "") + # str1 = str1.translate(None, string.punctuation) + translator = str.maketrans("", "", string.punctuation) + str1 = str1.translate(translator) str1 = str1[1:] str1 = str1[:-1] print("After cleanup : " + str1) - if (str1 != '0') and (str1 != 'ffffffff') and (str1 != 'fffffffe') or (len(str1) == 4) or (len(str1) == 8): - print ("first : "+str1) - if len(str1) > 8 : + if ( + (str1 != "0") + and (str1 != "ffffffff") + and (str1 != "fffffffe") + or (len(str1) == 4) + or (len(str1) == 8) + ): + print("first : " + str1) + if len(str1) > 8: str1 = str1[:-1] - elif (len(str1) == 5) : + elif len(str1) == 5: str1 = str1 = "0" try: - #str1 = str1.decode("hex") - with open(corpdir+'/lit-seed{0}'.format(n), 'w') as file: - str1 = str1.replace("0x",""); - print (str1) - str1 = int(str1,base=16) - str1 = str1.to_bytes(4, byteorder='little') - file.write(str(str1)) - file.close() - with open (corpdir+'/lit-seed{0}'.format(n), 'r') as q : - a = q.readline() - a = a[1:] - print ("AFL++ Autodict-QL by Microsvuln : Writing Token :" + str(a)) - q.close() - with open (corpdir+'/lit-seed{0}'.format(n), 'w') as w1 : - w1.write(str(a)) - print ("Done!") - w1.close() - except: - print("Error!") - n = n+1 + # str1 = str1.decode("hex") + with open(corpdir + "/lit-seed{0}".format(n), "w") as file: + str1 = str1.replace("0x", "") + print(str1) + str1 = int(str1, base=16) + str1 = str1.to_bytes(4, byteorder="little") + file.write(str(str1)) + file.close() + with open(corpdir + "/lit-seed{0}".format(n), "r") as q: + a = q.readline() + a = a[1:] + print( + "AFL++ Autodict-QL by Microsvuln : Writing Token :" + + str(a) + ) + q.close() + with open( + corpdir + "/lit-seed{0}".format(n), "w" + ) as w1: + w1.write(str(a)) + print("Done!") + w1.close() + except: + print("Error!") + n = n + 1 + def main(): - args = parse_args() + args = parse_args() ensure_dir(args.corpdir) do_analysis1(args.corpdir, args.infile) -if __name__ == '__main__': - main() \ No newline at end of file + + +if __name__ == "__main__": + main() diff --git a/utils/autodict_ql/memcmp-strings.py b/utils/autodict_ql/memcmp-strings.py index d1047caa..270a697c 100644 --- a/utils/autodict_ql/memcmp-strings.py +++ b/utils/autodict_ql/memcmp-strings.py @@ -5,7 +5,7 @@ import os import string -import binascii +import binascii import codecs import errno import struct @@ -13,6 +13,7 @@ import argparse import re from binascii import unhexlify + def ensure_dir(dir): try: os.makedirs(dir) @@ -20,44 +21,63 @@ def ensure_dir(dir): if e.errno != errno.EEXIST: raise + def parse_args(): - parser = argparse.ArgumentParser(description=( - "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) - parser.add_argument("corpdir", - help="The path to the corpus directory to generate strings.") - parser.add_argument("infile", - help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + parser = argparse.ArgumentParser( + description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" + ) + ) + parser.add_argument( + "corpdir", help="The path to the corpus directory to generate strings." + ) + parser.add_argument( + "infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt", + ) return parser.parse_args() def do_string_analysis(corpdir, infile1): - with open(infile1, "r") as f1: - lines = f1.readlines()[1:] - f1.close() + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() new_lst1 = [] n = 1 for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - #print("num : %s" % num1) + # print("num : %s" % num1) str11 = str(num1) - str11 = str11.replace("|","") - str11 = str11.replace("\n","") + str11 = str11.replace("|", "") + str11 = str11.replace("\n", "") str11 = str11.lstrip() str11 = str11.rstrip() str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : + if ( + (" " in str11) + or (")" in str11) + or ("(" in str11) + or ("<" in str11) + or (">" in str11) + ): print("Space / Paranthesis String : %s" % str11) - else : - with open(corpdir+'/memcmp-str{0}'.format(n), 'w') as file: - file.write(str11) - print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) - n=n+1 + else: + with open(corpdir + "/memcmp-str{0}".format(n), "w") as file: + file.write(str11) + print( + "AFL++ Autodict-QL by Microsvuln : Writing Token : %s" + % str11 + ) + n = n + 1 + def main(): - args = parse_args() + args = parse_args() ensure_dir(args.corpdir) do_string_analysis(args.corpdir, args.infile) -if __name__ == '__main__': - main() \ No newline at end of file + + +if __name__ == "__main__": + main() diff --git a/utils/autodict_ql/stan-strings.py b/utils/autodict_ql/stan-strings.py index 65d08c97..81cb0b97 100644 --- a/utils/autodict_ql/stan-strings.py +++ b/utils/autodict_ql/stan-strings.py @@ -5,7 +5,7 @@ import os import string -import binascii +import binascii import codecs import errno import struct @@ -13,6 +13,7 @@ import argparse import re from binascii import unhexlify + def ensure_dir(dir): try: os.makedirs(dir) @@ -20,44 +21,63 @@ def ensure_dir(dir): if e.errno != errno.EEXIST: raise + def parse_args(): - parser = argparse.ArgumentParser(description=( - "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) - parser.add_argument("corpdir", - help="The path to the corpus directory to generate strings.") - parser.add_argument("infile", - help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + parser = argparse.ArgumentParser( + description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" + ) + ) + parser.add_argument( + "corpdir", help="The path to the corpus directory to generate strings." + ) + parser.add_argument( + "infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt", + ) return parser.parse_args() def do_string_analysis(corpdir, infile1): - with open(infile1, "r") as f1: - lines = f1.readlines()[1:] - f1.close() + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() new_lst1 = [] n = 1 for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - #print("num : %s" % num1) + # print("num : %s" % num1) str11 = str(num1) - str11 = str11.replace("|","") - str11 = str11.replace("\n","") + str11 = str11.replace("|", "") + str11 = str11.replace("\n", "") str11 = str11.lstrip() str11 = str11.rstrip() str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : + if ( + (" " in str11) + or (")" in str11) + or ("(" in str11) + or ("<" in str11) + or (">" in str11) + ): print("Space / Paranthesis String : %s" % str11) - else : - with open(corpdir+'/seed-str{0}'.format(n), 'w') as file: - file.write(str11) - print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) - n=n+1 + else: + with open(corpdir + "/seed-str{0}".format(n), "w") as file: + file.write(str11) + print( + "AFL++ Autodict-QL by Microsvuln : Writing Token : %s" + % str11 + ) + n = n + 1 + def main(): - args = parse_args() + args = parse_args() ensure_dir(args.corpdir) do_string_analysis(args.corpdir, args.infile) -if __name__ == '__main__': - main() \ No newline at end of file + + +if __name__ == "__main__": + main() diff --git a/utils/autodict_ql/strcmp-strings.py b/utils/autodict_ql/strcmp-strings.py index 88128dbb..9c2520c9 100644 --- a/utils/autodict_ql/strcmp-strings.py +++ b/utils/autodict_ql/strcmp-strings.py @@ -5,7 +5,7 @@ import os import string -import binascii +import binascii import codecs import errno import struct @@ -13,6 +13,7 @@ import argparse import re from binascii import unhexlify + def ensure_dir(dir): try: os.makedirs(dir) @@ -20,44 +21,63 @@ def ensure_dir(dir): if e.errno != errno.EEXIST: raise + def parse_args(): - parser = argparse.ArgumentParser(description=( - "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) - parser.add_argument("corpdir", - help="The path to the corpus directory to generate strings.") - parser.add_argument("infile", - help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + parser = argparse.ArgumentParser( + description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" + ) + ) + parser.add_argument( + "corpdir", help="The path to the corpus directory to generate strings." + ) + parser.add_argument( + "infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt", + ) return parser.parse_args() def do_string_analysis(corpdir, infile1): - with open(infile1, "r") as f1: - lines = f1.readlines()[1:] - f1.close() + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() new_lst1 = [] n = 1 for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - #print("num : %s" % num1) + # print("num : %s" % num1) str11 = str(num1) - str11 = str11.replace("|","") - str11 = str11.replace("\n","") + str11 = str11.replace("|", "") + str11 = str11.replace("\n", "") str11 = str11.lstrip() str11 = str11.rstrip() str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : + if ( + (" " in str11) + or (")" in str11) + or ("(" in str11) + or ("<" in str11) + or (">" in str11) + ): print("Space / Paranthesis String : %s" % str11) - else : - with open(corpdir+'/strcmp-str{0}'.format(n), 'w') as file: - file.write(str11) - print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) - n=n+1 + else: + with open(corpdir + "/strcmp-str{0}".format(n), "w") as file: + file.write(str11) + print( + "AFL++ Autodict-QL by Microsvuln : Writing Token : %s" + % str11 + ) + n = n + 1 + def main(): - args = parse_args() + args = parse_args() ensure_dir(args.corpdir) do_string_analysis(args.corpdir, args.infile) -if __name__ == '__main__': - main() \ No newline at end of file + + +if __name__ == "__main__": + main() diff --git a/utils/autodict_ql/strncmp-strings.py b/utils/autodict_ql/strncmp-strings.py index 0ad0e697..6206b4c4 100644 --- a/utils/autodict_ql/strncmp-strings.py +++ b/utils/autodict_ql/strncmp-strings.py @@ -5,7 +5,7 @@ import os import string -import binascii +import binascii import codecs import errno import struct @@ -13,6 +13,7 @@ import argparse import re from binascii import unhexlify + def ensure_dir(dir): try: os.makedirs(dir) @@ -20,44 +21,63 @@ def ensure_dir(dir): if e.errno != errno.EEXIST: raise + def parse_args(): - parser = argparse.ArgumentParser(description=( - "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" )) - parser.add_argument("corpdir", - help="The path to the corpus directory to generate strings.") - parser.add_argument("infile", - help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt") + parser = argparse.ArgumentParser( + description=( + "Helper - Specify input file analysis and output folder to save corpus for strings in the overall project --------------------------------------------------------------------------- Example usage : python2 thisfile.py outdir str.txt" + ) + ) + parser.add_argument( + "corpdir", help="The path to the corpus directory to generate strings." + ) + parser.add_argument( + "infile", + help="Specify file output of codeql analysis - ex. ooo-atr.txt, analysis take place on this file, example : python2 thisfile.py outdir strings.txt", + ) return parser.parse_args() def do_string_analysis(corpdir, infile1): - with open(infile1, "r") as f1: - lines = f1.readlines()[1:] - f1.close() + with open(infile1, "r") as f1: + lines = f1.readlines()[1:] + f1.close() new_lst1 = [] n = 1 for i, num1 in enumerate(lines): if i != 0: new_lst1.append(num1) - #print("num : %s" % num1) + # print("num : %s" % num1) str11 = str(num1) - str11 = str11.replace("|","") - str11 = str11.replace("\n","") + str11 = str11.replace("|", "") + str11 = str11.replace("\n", "") str11 = str11.lstrip() str11 = str11.rstrip() str11 = str(str11) - if ((" " in str11 ) or (")" in str11) or ("(" in str11) or ("<" in str11) or (">" in str11)) : + if ( + (" " in str11) + or (")" in str11) + or ("(" in str11) + or ("<" in str11) + or (">" in str11) + ): print("Space / Paranthesis String : %s" % str11) - else : - with open(corpdir+'/strncmp-str{0}'.format(n), 'w') as file: - file.write(str11) - print("AFL++ Autodict-QL by Microsvuln : Writing Token : %s" % str11) - n=n+1 + else: + with open(corpdir + "/strncmp-str{0}".format(n), "w") as file: + file.write(str11) + print( + "AFL++ Autodict-QL by Microsvuln : Writing Token : %s" + % str11 + ) + n = n + 1 + def main(): - args = parse_args() + args = parse_args() ensure_dir(args.corpdir) do_string_analysis(args.corpdir, args.infile) -if __name__ == '__main__': - main() \ No newline at end of file + + +if __name__ == "__main__": + main() From e41d1183cca02fb4d6398df4fc3e028dfd9c5f72 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 00:41:32 +0200 Subject: [PATCH 117/441] fix nits --- GNUmakefile | 2 +- docs/env_variables.md | 4 ++-- qemu_mode/build_qemu_support.sh | 2 ++ src/afl-fuzz-stats.c | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index a87b2f7b..804bfe08 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -550,7 +550,7 @@ all_done: test_build @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode for 'afl-cc' successfully built!" || echo "[-] LLVM LTO mode for 'afl-cc' failed to build, this would need LLVM 11+, see instrumentation/README.lto.md how to build it" @test -e afl-gcc-pass.so && echo "[+] gcc_plugin for 'afl-cc' successfully built!" || echo "[-] gcc_plugin for 'afl-cc' failed to build, unless you really need it that is fine - or read instrumentation/README.gcc_plugin.md how to build it" @echo "[+] All done! Be sure to review the README.md - it's pretty short and useful." - @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecific for MacOs.\n\n"; fi + @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecifically for MacOS.\n\n"; fi @! tty <&1 >/dev/null || printf "\033[0;30mNOTE: If you can read this, your terminal probably uses white background.\nThis will make the UI hard to read. See docs/status_screen.md for advice.\033[0m\n" 2>/dev/null .NOTPARALLEL: clean all diff --git a/docs/env_variables.md b/docs/env_variables.md index 1f4dfef9..0100ffac 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -382,8 +382,8 @@ checks or alter some of the more exotic semantics of the tool: may complain of high load prematurely, especially on systems with low core counts. To avoid the alarming red color, you can set `AFL_NO_CPU_RED`. - - In QEMU mode (-Q), Unicorn mode (-U) and Frida mode (-O), `AFL_PATH` will - be searched for afl-qemu-trace. + - In QEMU mode (-Q) and Frida mode (-O), `AFL_PATH` will + be searched for afl-qemu-trace and afl-frida-trace.so. - In QEMU mode (-Q), setting `AFL_QEMU_CUSTOM_BIN` cause afl-fuzz to skip prepending `afl-qemu-trace` to your command line. Use this if you wish to use a diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 38085389..6436d43a 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -360,6 +360,8 @@ if ! command -v "$CROSS" > /dev/null ; then make -C unsigaction && echo "[+] unsigaction ready" echo "[+] Building libqasan ..." make -C libqasan && echo "[+] unsigaction ready" + echo "[+] Building qemu libfuzzer helpers ..." + make -C ../utils/aflpp_driver else echo "[!] Cross compiler $CROSS could not be found, cannot compile libcompcov libqasan and unsigaction" fi diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a1559eac..52d9de87 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -866,7 +866,7 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->custom_only)) { - strcpy(tmp, "disabled (custom mutator only mode)"); + strcpy(tmp, "disabled (custom-mutator-only mode)"); } else if (likely(afl->skip_deterministic)) { From 950648c513d031b5c829565255a7c157a33ba7c3 Mon Sep 17 00:00:00 2001 From: Your Name Date: Fri, 16 Apr 2021 07:06:37 +0100 Subject: [PATCH 118/441] Changes following code review --- frida_mode/src/instrument.c | 8 +++++++- frida_mode/src/ranges.c | 3 +-- frida_mode/test/testinstr.c | 7 +++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/frida_mode/src/instrument.c b/frida_mode/src/instrument.c index 042fdab8..22910062 100644 --- a/frida_mode/src/instrument.c +++ b/frida_mode/src/instrument.c @@ -174,7 +174,13 @@ void instrument_coverage_optimize(const cs_insn * instr, static void on_basic_block(GumCpuContext *context, gpointer user_data) { - /* Avoid stack operations in potentially performance critical code */ + /* + * This function is performance critical as it is called to instrument every + * basic block. By moving our print buffer to a global, we avoid it affecting + * the critical path with additional stack adjustments if tracing is not + * enabled. If tracing is enabled, then we're printing a load of diagnostic + * information so this overhead is unlikely to be noticeable. + */ static char buffer[200]; int len; guint64 current_pc = (guint64)user_data; diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index fc14710f..49ef5a62 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -29,8 +29,7 @@ static void convert_address_token(gchar *token, GumMemoryRange *range) { gchar **tokens; int token_count; tokens = g_strsplit(token, "-", 2); - for (token_count = 0; tokens[token_count] != NULL; token_count++) - ; + for (token_count = 0; tokens[token_count] != NULL; token_count++) {} if (token_count != 2) { diff --git a/frida_mode/test/testinstr.c b/frida_mode/test/testinstr.c index 2c3d5144..37d47f91 100644 --- a/frida_mode/test/testinstr.c +++ b/frida_mode/test/testinstr.c @@ -78,6 +78,13 @@ int main(int argc, char **argv) { } buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + n_read = read(fd, buf, len); if (n_read != len) { From 624c1dce465ffd8d3971282cf136c3df259f62ec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 11:38:37 +0200 Subject: [PATCH 119/441] fix nits --- qemu_mode/libcompcov/compcovtest.cc | 157 +++++++++++++++------------- 1 file changed, 83 insertions(+), 74 deletions(-) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 69c6aa09..b446ebfa 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -1,74 +1,83 @@ -///////////////////////////////////////////////////////////////////////// -// -// Author: Mateusz Jurczyk (mjurczyk@google.com) -// -// Copyright 2019-2020 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// https://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - -// solution: echo -ne 'The quick brown fox jumps over the lazy -// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest - -#include "../../include/config.h" - -#include -#include -#include -#include - -int main(int argc, char**argv) { - - char buffer[44] = {/* zero padding */}; - - FILE* file = stdin; - if (argc > 1) - file = fopen(argv[1], "r"); - - fread(buffer, 1, sizeof(buffer) - 1, file); - - if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || - strncmp(&buffer[20], "jumps over ", 11) != 0 || - strcmp(&buffer[31], "the lazy dog") != 0) { - - return 1; - - } - - uint64_t x = 0; - fread(&x, sizeof(x), 1, file); - if (x != 0xCAFEBABECAFEBABE) { return 2; } - - uint32_t y = 0; - fread(&y, sizeof(y), 1, file); - if (y != 0xDEADC0DE) { return 3; } - - uint16_t z = 0; - fread(&z, sizeof(z), 1, file); - - switch (z) { - - case 0xBEEF: - break; - - default: - return 4; - - } - - printf("Puzzle solved, congrats!\n"); - abort(); - return 0; - -} - +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy +// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include "../../include/config.h" + +#include +#include +#include +#include + +int main(int argc, char **argv) { + + char buffer[44] = {/* zero padding */}; + + FILE *file = stdin; + + if (argc > 1) { + + if ((file = fopen(argv[1], "r")) == NULL) { + + perror(argv[1]); + exit(-1); + + } + + } + + fread(buffer, 1, sizeof(buffer) - 1, file); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + + return 1; + + } + + uint64_t x = 0; + fread(&x, sizeof(x), 1, file); + if (x != 0xCAFEBABECAFEBABE) { return 2; } + + uint32_t y = 0; + fread(&y, sizeof(y), 1, file); + if (y != 0xDEADC0DE) { return 3; } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, file); + + switch (z) { + + case 0xBEEF: + break; + + default: + return 4; + + } + + printf("Puzzle solved, congrats!\n"); + abort(); + return 0; + +} + From 89d4565092367753c70849bb85b220db48ed2710 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 11:45:22 +0200 Subject: [PATCH 120/441] update docs --- README.md | 10 +++++----- TODO.md | 1 - docs/Changelog.md | 6 ++++-- docs/ideas.md | 43 +++++++------------------------------------ 4 files changed, 16 insertions(+), 44 deletions(-) diff --git a/README.md b/README.md index e7582aff..583db85f 100644 --- a/README.md +++ b/README.md @@ -99,15 +99,15 @@ behaviours and defaults: | Ngram prev_loc Coverage | | x(6) | | | | | | Context Coverage | | x(6) | | | | | | Auto Dictionary | | x(7) | | | | | - | Snapshot LKM Support | | x(8) | x(8) | | (x)(5) | | + | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | - 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in llvm <= 8 + 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin 3. (currently unassigned) - 4. with pcguard mode and LTO mode for LLVM >= 11 + 4. with pcguard mode and LTO mode for LLVM 11 and newer 5. upcoming, development in the branch - 6. not compatible with LTO instrumentation and needs at least LLVM >= 4.1 - 7. automatic in LTO mode with LLVM >= 11, an extra pass for all LLVM version that writes to a file to use with afl-fuzz' `-x` + 6. not compatible with LTO instrumentation and needs at least LLVM v4.1 + 7. automatic in LTO mode with LLVM 11 and newer, an extra pass for all LLVM version that writes to a file to use with afl-fuzz' `-x` 8. the snapshot LKM is currently unmaintained due to too many kernel changes coming too fast :-( Among others, the following features and patches have been integrated: diff --git a/TODO.md b/TODO.md index 96b24521..c828d214 100644 --- a/TODO.md +++ b/TODO.md @@ -11,7 +11,6 @@ - intel-pt tracer - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - - cmplog: too much tainted bytes, directly add to dict and skip? - parallel builds for source-only targets ## Further down the road diff --git a/docs/Changelog.md b/docs/Changelog.md index 155eec66..9c9a3976 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,8 @@ sending a mail to . to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h - default cmplog level (-l) is now 2, better efficiency. + - cmplog level 3 (-l 3) now performs redqueen on everything. + use with care. - better fuzzing strategy yields for enabled options - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing @@ -28,11 +30,11 @@ sending a mail to . -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. - afl-cc: - - Leak Sanitizer support (AFL_USE_LSAN) added by Joshua Rogers, thanks! + - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode - - add -d (dead fuzzer stats) to afl-whatsup + - add -d (add dead fuzzer stats) to afl-whatsup ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/ideas.md b/docs/ideas.md index 11c78e49..e25d3ba6 100644 --- a/docs/ideas.md +++ b/docs/ideas.md @@ -3,42 +3,6 @@ In the following, we describe a variety of ideas that could be implemented for future AFL++ versions. -# GSoC 2021 - -All GSoC 2021 projects will be in the Rust development language! - -## UI for libaflrs - -Write a user interface to libaflrs, the upcoming backend of afl++. -This might look like the afl-fuzz UI, but you can improve on it - and should! - -## Schedulers for libaflrs - -Schedulers is a mechanism that selects items from the fuzzing corpus based -on strategy and randomness. One scheduler might focus on long paths, -another on rarity of edges discovered, still another on a combination on -things. Some of the schedulers in afl++ have to be ported, but you are free -to come up with your own if you want to - and see how it performs. - -## Forkserver support for libaflrs - -The current libaflrs implementation fuzzes in-memory, however obviously we -want to support afl instrumented binaries as well. -Hence a forkserver support needs to be implemented - forking off the target -and talking to the target via a socketpair and the communication protocol -within. - -## More Observers for libaflrs - -An observer is measuring functionality that looks at the target being fuzzed -and documents something about it. In traditional fuzzing this is the coverage -in the target, however we want to add various more observers, e.g. stack depth, -heap usage, etc. - this is a topic for an experienced Rust developer. - -# Generic ideas and wishlist - NOT PART OF GSoC 2021 ! - -The below list is not part of GSoC 2021. - ## Analysis software Currently analysis is done by using afl-plot, which is rather outdated. @@ -65,6 +29,13 @@ the current Unicorn instrumentation. Mentor: any +## Support other programming languages + +Other programming languages also use llvm hence they could (easily?) supported +for fuzzing, e.g. mono, swift, go, kotlin native, fortran, ... + +Mentor: vanhauser-thc + ## Machine Learning Something with machine learning, better than [NEUZZ](https://github.com/dongdongshe/neuzz) :-) From 846a46e06052c13e3036fbee05866d165adb19cc Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 16 Apr 2021 12:12:52 +0200 Subject: [PATCH 121/441] review --- utils/autodict_ql/readme.md | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 8c24d65c..31a20352 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -2,13 +2,13 @@ ## What is this? -`Autodict-QL` is a plugin system that enables fast generation of Tokens/Dictionaries in a handy way that can be manipulated by the user (Unlike The LLVM Passes that are hard to modify). This means that autodict-ql is a scriptable feature which basically uses the CodeQL (A powerful semantic code analysis engine) to fetch information from a code base. +`Autodict-QL` is a plugin system that enables fast generation of Tokens/Dictionaries in a handy way that can be manipulated by the user (unlike The LLVM Passes that are hard to modify). This means that autodict-ql is a scriptable feature which basically uses CodeQL (a powerful semantic code analysis engine) to fetch information from a code base. -Tokens are useful when you perform fuzzing on different parsers. AFL++ `-x` switch enables the usage of dictionaries through your fuzzing campagin. if you are not familiar with Dictionaries in fuzzing, take a look [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/dictionaries) . +Tokens are useful when you perform fuzzing on different parsers. The AFL++ `-x` switch enables the usage of dictionaries through your fuzzing campaign. If you are not familiar with Dictionaries in fuzzing, take a look [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/dictionaries) . ## Why CodeQL ? -We basically developed this plugin on top of CodeQL engine because it gives the user scripting features, it's easier and it's independent of the LLVM system. This means that a user can write his CodeQL scripts or modify the current scripts to improve or change the token generation algorithms based on different program analysis concepts. +We basically developed this plugin on top of the CodeQL engine because it gives the user scripting features, it's easier and it's independent of the LLVM system. This means that a user can write his CodeQL scripts or modify the current scripts to improve or change the token generation algorithms based on different program analysis concepts. ## CodeQL scripts @@ -16,7 +16,7 @@ Currently, we pushed some scripts as defaults for Token generation. In addition, Currently we provided the following CodeQL scripts : -`strcmp-str.ql` is used to extract strings that are related to `strcmp` function. +`strcmp-str.ql` is used to extract strings that are related to the `strcmp` function. `strncmp-str.ql` is used to extract the strings from the `strncmp` function. @@ -24,18 +24,18 @@ Currently we provided the following CodeQL scripts : `litool.ql` extracts Magic numbers as Hexadecimal format. -`strtool.ql` extracts strings with uses of a regex and dataflow concept to capture the string comparison functions. if strcmp is rewritten in a project as Mystrcmp or something like strmycmp, then this script can catch the arguments and these are valuable tokens. +`strtool.ql` extracts strings with uses of a regex and dataflow concept to capture the string comparison functions. If `strcmp` is rewritten in a project as Mystrcmp or something like strmycmp, then this script can catch the arguments and these are valuable tokens. You can write other CodeQL scripts to extract possible effective tokens if you think they can be useful. ## Usage -Before proceed to installation make sure that you have the following packages by installing them : +Before you proceed to installation make sure that you have the following packages by installing them : ```shell sudo apt install build-essential libtool-bin python3-dev python3 automake git vim wget -y ``` -The usage of Autodict-QL is pretty easy. But let's describe it as : +The usage of Autodict-QL is pretty easy. But let's describe it as: 1. First of all, you need to have CodeQL installed on the system. we make this possible with `build-codeql.sh` bash script. This script will install CodeQL completety and will set the required environment variables for your system. Do the following : @@ -45,7 +45,7 @@ Do the following : # source ~/.bashrc # codeql ``` -Then you should get : +Then you should get: ```shell Usage: codeql ... @@ -73,29 +73,29 @@ Commands: github Commands useful for interacting with the GitHub API through CodeQL. ``` -2. Compile your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard . - - First you need to create a CodeQL database of the project codebase, suppose we want to compile the libxml with codeql. go to libxml and issue the following commands: +2. Compile your project with CodeQL: For using the Autodict-QL plugin, you need to compile the source of the target you want to fuzz with CodeQL. This is not something hard. + - First you need to create a CodeQL database of the project codebase, suppose we want to compile `libxml` with codeql. Go to libxml and issue the following commands: - `./configure --disable-shared` - `codeql create database libxml-db --language=cpp --command=make` - Now you have the CodeQL database of the project :-) -3. The final step is to update the CodeQL database you created in the step 2 (Suppose we are in `aflplusplus/utils/autodict_ql/` directory) : +3. The final step is to update the CodeQL database you created in step 2 (Suppose we are in `aflplusplus/utils/autodict_ql/` directory): - `codeql database upgrade /home/user/libxml/libxml-db` -4. Everything is set! Now you should issue the following to get the tokens : +4. Everything is set! Now you should issue the following to get the tokens: - `python3 autodict-ql.py [CURRECT_DIR] [CODEQL_DATABASE_PATH] [TOKEN_PATH]` - example : `python3 /home/user/AFLplusplus/utils/autodict_ql/autodict-ql.py $PWD /home/user/libxml/libxml-db tokens` - - This will create the final `tokens` dir for you and you are done, then pass the tokens path to afl `-x` flag. + - This will create the final `tokens` dir for you and you are done, then pass the tokens path to AFL++'s `-x` flag. 5. Done! ## More on dictionaries and tokens -Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system. -On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. +Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extract useful tokens, in addition with LTO instrumentation mode, this dict2file is automatically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. In addition it's independent from LLVM system. +On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. For example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionaries, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generate dictionaries based on the target. -I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` and `dict2file` are working based on the target. +I've personally prefered to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manually generated dictionaries as `Autodict-QL` and `dict2file` are working based on the target. In overall, fuzzing with dictionaries and well-generated tokens will give better results. There are 2 important points to remember : -- If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chance to discover new bugs. -- Do not remember to set the `AFL_MAX_DET_EXTRAS` to the number of generated dictionaries, if you forget to set this environment variable, then AFL++ use just 200 tokens and use the rest of them probablistically. So this will guarantees that your tokens will be used by AFL++. +- If you combine `Autodict-QL` with AFL++ cmplog, you will get much better code coverage and hence better chances to discover new bugs. +- Do not forget to set `AFL_MAX_DET_EXTRAS` at least to the number of generated dictionaries. If you forget to set this environment variable, then AFL++ uses just 200 tokens and use the rest of them only probabilistically. So this will guarantee that your tokens will be used by AFL++. From 523aaaebefb34737cbc0964a284b0ca67f477ad3 Mon Sep 17 00:00:00 2001 From: Microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Fri, 16 Apr 2021 15:39:45 +0430 Subject: [PATCH 122/441] Add newline Add newline --- utils/autodict_ql/build-codeql.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/build-codeql.sh b/utils/autodict_ql/build-codeql.sh index 450207f6..6ae4b362 100644 --- a/utils/autodict_ql/build-codeql.sh +++ b/utils/autodict_ql/build-codeql.sh @@ -14,4 +14,4 @@ export "PATH=~/codeql-home/codeql-cli/:$PATH" echo "export PATH=~/codeql-home/codeql-cli/:$PATH" >> ~/.bashrc codeql resolve languages codeql resolve qlpacks -codeql \ No newline at end of file +codeql From 2019b42ceda386ce63e36312ea0606b216019bac Mon Sep 17 00:00:00 2001 From: Microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Fri, 16 Apr 2021 15:41:12 +0430 Subject: [PATCH 123/441] Update readme fix typo in readme --- utils/autodict_ql/readme.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/readme.md b/utils/autodict_ql/readme.md index 8c24d65c..3402a210 100644 --- a/utils/autodict_ql/readme.md +++ b/utils/autodict_ql/readme.md @@ -88,7 +88,7 @@ Commands: ## More on dictionaries and tokens -Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automtically generates token extraction. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system. +Core developer of the AFL++ project Marc Heuse also developed a similar tool named `dict2file` which is a LLVM pass which can automatically extracts useful tokens, in addition with LTO instrumentation mode, this dict2file is automatically generating tokens. `Autodict-QL` plugin gives you scripting capability and you can do whatever you want to extract from the Codebase and it's up to you. in addition it's independent from LLVM system. On the other hand, you can also use Google dictionaries which have been made public in May 2020, but the problem of using Google dictionaries is that they are limited to specific file format and speicifications. for example, for testing binutils and ELF file format or AVI in FFMPEG, there are no prebuilt dictionary, so it is highly recommended to use `Autodict-QL` or `Dict2File` features to automatically generating dictionaries based on the target. I've personally prefer to use `Autodict-QL` or `dict2file` rather than Google dictionaries or any other manully generated dictionaries as `Autodict-QL` and `dict2file` are working based on the target. From 98989f1088d04dd4c0d21834c38b7683f1cfb42d Mon Sep 17 00:00:00 2001 From: Microsvuln <55649192+Microsvuln@users.noreply.github.com> Date: Fri, 16 Apr 2021 15:45:22 +0430 Subject: [PATCH 124/441] Add new line Add new line --- utils/autodict_ql/litool.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/autodict_ql/litool.ql b/utils/autodict_ql/litool.ql index b7f4bf33..76f429c1 100644 --- a/utils/autodict_ql/litool.ql +++ b/utils/autodict_ql/litool.ql @@ -7,4 +7,4 @@ class HexOrOctLiteral extends Literal{ } from HexOrOctLiteral lit -select lit.getValueText() \ No newline at end of file +select lit.getValueText() From b03424073e45097c89028977b6a0b3589914568a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 13:49:26 +0200 Subject: [PATCH 125/441] fixes --- GNUmakefile | 10 +++++----- src/afl-fuzz.c | 14 +++++++++++--- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 804bfe08..5569825f 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -247,17 +247,17 @@ ifneq "$(filter Linux GNU%,$(SYS))" "" LDFLAGS += -ldl -lrt -lm endif -ifneq "$(findstring FreeBSD, $(ARCH))" "" +ifneq "$(findstring FreeBSD, $(SYS))" "" override CFLAGS += -pthread LDFLAGS += -lpthread endif -ifneq "$(findstring NetBSD, $(ARCH))" "" +ifneq "$(findstring NetBSD, $(SYS))" "" override CFLAGS += -pthread LDFLAGS += -lpthread endif -ifneq "$(findstring OpenBSD, $(ARCH))" "" +ifneq "$(findstring OpenBSD, $(SYS))" "" override CFLAGS += -pthread LDFLAGS += -lpthread endif @@ -489,7 +489,7 @@ unit_clean: @rm -f ./test/unittests/unit_preallocable ./test/unittests/unit_list ./test/unittests/unit_maybe_alloc test/unittests/*.o .PHONY: unit -ifneq "$(ARCH)" "Darwin" +ifneq "$(SYS)" "Darwin" unit: unit_maybe_alloc unit_preallocable unit_list unit_clean unit_rand unit_hash else unit: @@ -550,7 +550,7 @@ all_done: test_build @test -e SanitizerCoverageLTO.so && echo "[+] LLVM LTO mode for 'afl-cc' successfully built!" || echo "[-] LLVM LTO mode for 'afl-cc' failed to build, this would need LLVM 11+, see instrumentation/README.lto.md how to build it" @test -e afl-gcc-pass.so && echo "[+] gcc_plugin for 'afl-cc' successfully built!" || echo "[-] gcc_plugin for 'afl-cc' failed to build, unless you really need it that is fine - or read instrumentation/README.gcc_plugin.md how to build it" @echo "[+] All done! Be sure to review the README.md - it's pretty short and useful." - @if [ "`uname`" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecifically for MacOS.\n\n"; fi + @if [ "$(SYS)" = "Darwin" ]; then printf "\nWARNING: Fuzzing on MacOS X is slow because of the unusually high overhead of\nfork() on this OS. Consider using Linux or *BSD for fuzzing software not\nspecifically for MacOS.\n\n"; fi @! tty <&1 >/dev/null || printf "\033[0;30mNOTE: If you can read this, your terminal probably uses white background.\nThis will make the UI hard to read. See docs/status_screen.md for advice.\033[0m\n" 2>/dev/null .NOTPARALLEL: clean all diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 2b035a23..3606533d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -176,6 +176,14 @@ static void usage(u8 *argv0, int more_help) { #define DYN_COLOR #endif +#ifdef AFL_PERSISTENT_RECORD + #define PERSISTENT_MSG \ + "AFL_PERSISTENT_RECORD: record the last X inputs to every crash in " \ + "out/crashes\n" +#else + #define PERSISTENT_MSG +#endif + SAYF( "Environment variables used:\n" "LD_BIND_LAZY: do not set LD_BIND_NOW env var for target\n" @@ -223,9 +231,9 @@ static void usage(u8 *argv0, int more_help) { "AFL_PATH: path to AFL support binaries\n" "AFL_PYTHON_MODULE: mutate and trim inputs with the specified Python module\n" "AFL_QUIET: suppress forkserver status messages\n" -#ifdef AFL_PERSISTENT_RECORD - "AFL_PERSISTENT_RECORD: record the last X inputs to every crash in out/crashes\n" -#endif + + PERSISTENT_MSG + "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" From 3c68208dd3f19567239cba8f5ae781f79f64e99c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 14:53:11 +0200 Subject: [PATCH 126/441] fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index b446ebfa..92e3864c 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -77,6 +77,9 @@ int main(int argc, char **argv) { printf("Puzzle solved, congrats!\n"); abort(); + + if (argc > 1) { fclose(file); } + return 0; } From c30999562e0a0e03d1412b16fb33b5874ed96914 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 15:02:36 +0200 Subject: [PATCH 127/441] fix compcovtest --- qemu_mode/libcompcov/compcovtest.cc | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/qemu_mode/libcompcov/compcovtest.cc b/qemu_mode/libcompcov/compcovtest.cc index 92e3864c..3c975e15 100644 --- a/qemu_mode/libcompcov/compcovtest.cc +++ b/qemu_mode/libcompcov/compcovtest.cc @@ -50,17 +50,28 @@ int main(int argc, char **argv) { strncmp(&buffer[20], "jumps over ", 11) != 0 || strcmp(&buffer[31], "the lazy dog") != 0) { + if (argc > 1) { fclose(file); } return 1; } uint64_t x = 0; fread(&x, sizeof(x), 1, file); - if (x != 0xCAFEBABECAFEBABE) { return 2; } + if (x != 0xCAFEBABECAFEBABE) { + + if (argc > 1) { fclose(file); } + return 2; + + } uint32_t y = 0; fread(&y, sizeof(y), 1, file); - if (y != 0xDEADC0DE) { return 3; } + if (y != 0xDEADC0DE) { + + if (argc > 1) { fclose(file); } + return 3; + + } uint16_t z = 0; fread(&z, sizeof(z), 1, file); @@ -71,6 +82,7 @@ int main(int argc, char **argv) { break; default: + if (argc > 1) { fclose(file); } return 4; } From 6e75832082c331b6191db2df970f5088b8773214 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 20:55:19 +0200 Subject: [PATCH 128/441] code format for frida mode --- GNUmakefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/GNUmakefile b/GNUmakefile index 5569825f..9d98aa00 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -513,6 +513,9 @@ code-format: ./.custom-format.py -i qemu_mode/libcompcov/*.h ./.custom-format.py -i qemu_mode/libqasan/*.c ./.custom-format.py -i qemu_mode/libqasan/*.h + ./.custom-format.py -i frida_mode/src/*.c + ./.custom-format.py -i frida_mode/include/*.h + -./.custom-format.py -i frida_mode/src/*/*.c ./.custom-format.py -i *.h ./.custom-format.py -i *.c From 495cbd42b7e4e9d873178a09b7183be893fffb1d Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 16 Apr 2021 21:57:44 +0200 Subject: [PATCH 129/441] reworked formatting in order to avoid gcc 8.3.0 warnings --- src/afl-fuzz-stats.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 52d9de87..22c0cbd2 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -427,7 +427,7 @@ void show_stats(afl_state_t *afl) { u32 t_bytes, t_bits; u32 banner_len, banner_pad; - u8 tmp[256], tmp2[256]; + u8 tmp[256]; u8 time_tmp[64]; u8 val_buf[8][STRINGIFY_VAL_SIZE_MAX]; @@ -1003,27 +1003,32 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_custom_mutator_library)) { - sprintf(tmp2, "%s %s/%s,", tmp, - u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON]), - u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); + strcat(tmp, " "); + strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON])); + strcat(tmp, "/"); + strcat(tmp, u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); + strcat(tmp, ","); } else { - sprintf(tmp2, "%s unused,", tmp); + strcat(tmp, " unused,"); } if (unlikely(afl->shm.cmplog_mode)) { - sprintf(tmp, "%s %s/%s, %s/%s", tmp2, - u_stringify_int(IB(4), afl->stage_finds[STAGE_COLORIZATION]), - u_stringify_int(IB(5), afl->stage_cycles[STAGE_COLORIZATION]), - u_stringify_int(IB(6), afl->stage_finds[STAGE_ITS]), - u_stringify_int(IB(7), afl->stage_cycles[STAGE_ITS])); + strcat(tmp, " "); + strcat(tmp, u_stringify_int(IB(4), afl->stage_finds[STAGE_COLORIZATION])); + strcat(tmp, "/"); + strcat(tmp, u_stringify_int(IB(5), afl->stage_cycles[STAGE_COLORIZATION])); + strcat(tmp, ", "); + strcat(tmp, u_stringify_int(IB(6), afl->stage_finds[STAGE_ITS])); + strcat(tmp, "/"); + strcat(tmp, u_stringify_int(IB(7), afl->stage_cycles[STAGE_ITS])); } else { - sprintf(tmp, "%s unused, unused", tmp2); + strcat(tmp, " unused, unused"); } From b6643a8ad155d8e9002e456260f83d2d369ac4bf Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 16 Apr 2021 22:20:01 +0200 Subject: [PATCH 130/441] add idea of thread-safe target feedback --- TODO.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/TODO.md b/TODO.md index 7e420d23..5a5e7c4e 100644 --- a/TODO.md +++ b/TODO.md @@ -36,4 +36,5 @@ qemu_mode: up edge numbers that both following cmp paths have been found and then disable working on this edge id -> cmplog_intelligence branch - use cmplog colorization taint result for havoc locations? - + - new instrumentation option for a thread-safe variant of feedback to shared mem. + The user decides, if this is needed (eg the target is multithreaded). From 00e54565ef109a6c697db77b19d1618e37092125 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 17 Apr 2021 21:29:50 +0200 Subject: [PATCH 131/441] use atomic read-modify-write increment for LLVM CLASSIC --- instrumentation/afl-llvm-pass.so.cc | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 0f773aba..70480ff9 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -388,7 +388,6 @@ bool AFLCoverage::runOnModule(Module &M) { #endif // other constants we need - ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); ConstantInt *One = ConstantInt::get(Int8Ty, 1); Value * PrevCtx = NULL; // CTX sensitive coverage @@ -628,6 +627,10 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ +#if 1 /* Atomic */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); + +#else LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); @@ -651,6 +654,7 @@ bool AFLCoverage::runOnModule(Module &M) { * Counter + OverflowFlag -> Counter */ + ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); auto cf = IRB.CreateICmpEQ(Incr, Zero); auto carry = IRB.CreateZExt(cf, Int8Ty); Incr = IRB.CreateAdd(Incr, carry); @@ -660,6 +664,8 @@ bool AFLCoverage::runOnModule(Module &M) { IRB.CreateStore(Incr, MapPtrIdx) ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); +#endif /* non atomic case */ + /* Update prev_loc history vector (by placing cur_loc at the head of the vector and shuffle the other elements back by one) */ From ec49c7fbf5b5dd2259ebfd4a92f6aad5b333c328 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 17 Apr 2021 22:32:33 +0200 Subject: [PATCH 132/441] Change other LLVM modes to atomic increments --- instrumentation/SanitizerCoverageLTO.so.cc | 6 +++++- instrumentation/SanitizerCoveragePCGUARD.so.cc | 8 +++++++- instrumentation/afl-llvm-lto-instrumentation.so.cc | 6 ++++++ 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 6dd390e6..cd6b1939 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1496,7 +1496,11 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } /* Update bitmap */ +#if 1 /* Atomic */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); +#else LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); @@ -1512,7 +1516,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, IRB.CreateStore(Incr, MapPtrIdx) ->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); - +#endif // done :) inst++; diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 09cda9e2..dd2e1459 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -1080,6 +1080,12 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, /* Load counter for CurLoc */ Value * MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); + +#if 1 /* Atomic */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); + +#else LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); /* Update bitmap */ @@ -1095,7 +1101,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } IRB.CreateStore(Incr, MapPtrIdx); - +#endif // done :) // IRB.CreateCall(SanCovTracePCGuard, Offset)->setCannotMerge(); diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index f6cdbe9e..5ed13ff0 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -839,6 +839,11 @@ bool AFLLTOPass::runOnModule(Module &M) { /* Update bitmap */ +#if 1 /* Atomic */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); + +#else LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); @@ -855,6 +860,7 @@ bool AFLLTOPass::runOnModule(Module &M) { IRB.CreateStore(Incr, MapPtrIdx) ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); +#endif // done :) From 2bd7206ec561207ad37687a7aed5c0eb323c9fd8 Mon Sep 17 00:00:00 2001 From: veritas501 Date: Mon, 19 Apr 2021 10:49:28 +0800 Subject: [PATCH 133/441] fix-typo: "WIn32" -> "Win32" --- qemu_mode/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu_mode/README.md b/qemu_mode/README.md index a14cbe64..4aa2133e 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -141,7 +141,7 @@ To enable it you must pass on the command line of afl-fuzz: ## 9) Wine mode -AFL++ QEMU can use Wine to fuzz WIn32 PE binaries. Use the -W flag of afl-fuzz. +AFL++ QEMU can use Wine to fuzz Win32 PE binaries. Use the -W flag of afl-fuzz. Note that some binaries require user interaction with the GUI and must be patched. From 86a8ef168dda766d2f25f15c15c4d3ecf21d0667 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Apr 2021 22:58:54 +0200 Subject: [PATCH 134/441] fix custom trim for increasing data --- src/afl-fuzz-mutators.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index a47b4f5f..c99d9a4d 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -397,8 +397,14 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (likely(retlen && cksum == q->exec_cksum)) { - q->len = retlen; + if (afl_realloc((void **)&in_buf, retlen) == NULL) { + + FATAL("can not allocate memory for trim"); + + } + memcpy(in_buf, retbuf, retlen); + q->len = retlen; /* Let's save a clean trace, which will be needed by update_bitmap_score once we're done with the trimming stuff. */ From 3b5fa3632b0e482b2915709d7fbec827e1d997b9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 19 Apr 2021 11:05:42 +0200 Subject: [PATCH 135/441] drop support for llvm < 6.0 --- GNUmakefile.llvm | 8 ++++---- README.md | 4 ++-- docs/Changelog.md | 1 + instrumentation/README.llvm.md | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 61c17e92..2d50badc 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -36,7 +36,7 @@ ifeq "$(SYS)" "OpenBSD" LLVM_CONFIG ?= $(BIN_PATH)/llvm-config HAS_OPT = $(shell test -x $(BIN_PATH)/opt && echo 0 || echo 1) ifeq "$(HAS_OPT)" "1" - $(warning llvm_mode needs a complete llvm installation (versions 3.4 up to 12) -> e.g. "pkg_add llvm-7.0.1p9") + $(warning llvm_mode needs a complete llvm installation (versions 6.0 up to 12) -> e.g. "pkg_add llvm-7.0.1p9") endif else LLVM_CONFIG ?= llvm-config @@ -45,7 +45,7 @@ endif LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' ) LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) -LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^3\.[0-3]|^[0-2]\.' && echo 1 || echo 0 ) +LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^[0-5]\.' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[3-9]' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_10_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[1-9]|^10\.[1-9]|^10\.0.[1-9]' && echo 1 || echo 0 ) @@ -61,7 +61,7 @@ ifeq "$(LLVMVER)" "" endif ifeq "$(LLVM_UNSUPPORTED)" "1" - $(error llvm_mode only supports llvm from version 3.4 onwards) + $(error llvm_mode only supports llvm from version 6.0 onwards) endif ifeq "$(LLVM_TOO_NEW)" "1" @@ -346,7 +346,7 @@ no_build: test_deps: @echo "[*] Checking for working 'llvm-config'..." ifneq "$(LLVM_APPLE_XCODE)" "1" - @type $(LLVM_CONFIG) >/dev/null 2>&1 || ( echo "[-] Oops, can't find 'llvm-config'. Install clang or set \$$LLVM_CONFIG or \$$PATH beforehand."; echo " (Sometimes, the binary will be named llvm-config-3.5 or something like that.)"; exit 1 ) + @type $(LLVM_CONFIG) >/dev/null 2>&1 || ( echo "[-] Oops, can't find 'llvm-config'. Install clang or set \$$LLVM_CONFIG or \$$PATH beforehand."; echo " (Sometimes, the binary will be named llvm-config-11 or something like that.)"; exit 1 ) endif @echo "[*] Checking for working '$(CC)'..." @type $(CC) >/dev/null 2>&1 || ( echo "[-] Oops, can't find '$(CC)'. Make sure that it's in your \$$PATH (or set \$$CC and \$$CXX)."; exit 1 ) diff --git a/README.md b/README.md index 583db85f..4a0f3574 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ behaviours and defaults: ## Important features of afl++ - afl++ supports llvm up to version 12, very fast binary fuzzing with QEMU 5.1 + afl++ supports llvm from 6.0 up to version 12, very fast binary fuzzing with QEMU 5.1 with laf-intel and redqueen, frida mode, unicorn mode, gcc plugin, full *BSD, Mac OS, Solaris and Android support and much, much, much more. @@ -293,7 +293,7 @@ anything below 9 is not recommended. | v +---------------------------------+ -| clang/clang++ 3.3+ is available | --> use LLVM mode (afl-clang-fast/afl-clang-fast++) +| clang/clang++ 6.0+ is available | --> use LLVM mode (afl-clang-fast/afl-clang-fast++) +---------------------------------+ see [instrumentation/README.llvm.md](instrumentation/README.llvm.md) | | if not, or if the target fails with LLVM afl-clang-fast/++ diff --git a/docs/Changelog.md b/docs/Changelog.md index 9c9a3976..520b13b1 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -30,6 +30,7 @@ sending a mail to . -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. - afl-cc: + - We do not support llvm versions prior 6.0 anymore - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index adce6c1d..0937a328 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -6,7 +6,7 @@ ## 1) Introduction -! llvm_mode works with llvm versions 3.4 up to 12 ! +! llvm_mode works with llvm versions 6.0 up to 12 ! The code in this directory allows you to instrument programs for AFL using true compiler-level instrumentation, instead of the more crude From 4e402ba9fc9ce7431ec8671ba0a82024e9cf3fdf Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 22 Apr 2021 10:15:17 +0200 Subject: [PATCH 136/441] Create FUNDING.yml --- .github/FUNDING.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 00000000..d92c9bb2 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,12 @@ +# These are supported funding model platforms + +github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +patreon: # Replace with a single Patreon username +open_collective: AFLplusplusOrg +ko_fi: # Replace with a single Ko-fi username +tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: # Replace with a single Liberapay username +issuehunt: # Replace with a single IssueHunt username +otechie: # Replace with a single Otechie username +custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] From ade1d2819e9c74c81395a8ca40160a69ba94e8d9 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 22 Apr 2021 11:03:10 +0200 Subject: [PATCH 137/441] Update FUNDING.yml --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index d92c9bb2..102722a4 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -2,7 +2,7 @@ github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] patreon: # Replace with a single Patreon username -open_collective: AFLplusplusOrg +open_collective: AFLplusplusEU ko_fi: # Replace with a single Ko-fi username tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry From 3d830daa46da9412f475310afabf1b965156f3e1 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sat, 24 Apr 2021 10:54:39 +0200 Subject: [PATCH 138/441] sync (#886) * Create FUNDING.yml * Update FUNDING.yml --- .github/FUNDING.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 00000000..102722a4 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,12 @@ +# These are supported funding model platforms + +github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +patreon: # Replace with a single Patreon username +open_collective: AFLplusplusEU +ko_fi: # Replace with a single Ko-fi username +tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: # Replace with a single Liberapay username +issuehunt: # Replace with a single IssueHunt username +otechie: # Replace with a single Otechie username +custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] From a3f8fc5d1ccabc455e28157ee86211f0c11c81a3 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 26 Apr 2021 16:03:08 +0200 Subject: [PATCH 139/441] moved custom_mutator examples --- custom_mutators/README.md | 8 ++++++++ .../custom_mutators => custom_mutators/examples}/Makefile | 0 .../examples}/README.md | 0 .../examples}/XmlMutatorMin.py | 0 .../examples}/common.py | 0 .../examples}/custom_mutator_helpers.h | 0 .../examples}/example.c | 0 .../examples}/example.py | 0 .../examples}/post_library_gif.so.c | 0 .../examples}/post_library_png.so.c | 0 .../examples}/simple-chunk-replace.py | 0 .../examples}/simple_example.c | 0 .../examples}/wrapper_afl_min.py | 0 docs/custom_mutators.md | 4 ++-- docs/life_pro_tips.md | 2 +- qemu_mode/README.md | 4 ++-- test/test-custom-mutators.sh | 4 ++-- 17 files changed, 15 insertions(+), 7 deletions(-) rename {utils/custom_mutators => custom_mutators/examples}/Makefile (100%) rename {utils/custom_mutators => custom_mutators/examples}/README.md (100%) rename {utils/custom_mutators => custom_mutators/examples}/XmlMutatorMin.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/common.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/custom_mutator_helpers.h (100%) rename {utils/custom_mutators => custom_mutators/examples}/example.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/example.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/post_library_gif.so.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/post_library_png.so.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/simple-chunk-replace.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/simple_example.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/wrapper_afl_min.py (100%) diff --git a/custom_mutators/README.md b/custom_mutators/README.md index b0444c85..5e1d0fe6 100644 --- a/custom_mutators/README.md +++ b/custom_mutators/README.md @@ -3,6 +3,14 @@ Custom mutators enhance and alter the mutation strategies of afl++. For further information and documentation on how to write your own, read [the docs](../docs/custom_mutators.md). +## Examples + +The `./examples` folder contains examples for custom mutators in python and C. + +## Rust + +In `./rust`, you will find rust bindings, including a simple example in `./rust/example` and an example for structured fuzzing, based on lain, in`./rust/example_lain`. + ## The afl++ Grammar Mutator If you use git to clone afl++, then the following will incorporate our diff --git a/utils/custom_mutators/Makefile b/custom_mutators/examples/Makefile similarity index 100% rename from utils/custom_mutators/Makefile rename to custom_mutators/examples/Makefile diff --git a/utils/custom_mutators/README.md b/custom_mutators/examples/README.md similarity index 100% rename from utils/custom_mutators/README.md rename to custom_mutators/examples/README.md diff --git a/utils/custom_mutators/XmlMutatorMin.py b/custom_mutators/examples/XmlMutatorMin.py similarity index 100% rename from utils/custom_mutators/XmlMutatorMin.py rename to custom_mutators/examples/XmlMutatorMin.py diff --git a/utils/custom_mutators/common.py b/custom_mutators/examples/common.py similarity index 100% rename from utils/custom_mutators/common.py rename to custom_mutators/examples/common.py diff --git a/utils/custom_mutators/custom_mutator_helpers.h b/custom_mutators/examples/custom_mutator_helpers.h similarity index 100% rename from utils/custom_mutators/custom_mutator_helpers.h rename to custom_mutators/examples/custom_mutator_helpers.h diff --git a/utils/custom_mutators/example.c b/custom_mutators/examples/example.c similarity index 100% rename from utils/custom_mutators/example.c rename to custom_mutators/examples/example.c diff --git a/utils/custom_mutators/example.py b/custom_mutators/examples/example.py similarity index 100% rename from utils/custom_mutators/example.py rename to custom_mutators/examples/example.py diff --git a/utils/custom_mutators/post_library_gif.so.c b/custom_mutators/examples/post_library_gif.so.c similarity index 100% rename from utils/custom_mutators/post_library_gif.so.c rename to custom_mutators/examples/post_library_gif.so.c diff --git a/utils/custom_mutators/post_library_png.so.c b/custom_mutators/examples/post_library_png.so.c similarity index 100% rename from utils/custom_mutators/post_library_png.so.c rename to custom_mutators/examples/post_library_png.so.c diff --git a/utils/custom_mutators/simple-chunk-replace.py b/custom_mutators/examples/simple-chunk-replace.py similarity index 100% rename from utils/custom_mutators/simple-chunk-replace.py rename to custom_mutators/examples/simple-chunk-replace.py diff --git a/utils/custom_mutators/simple_example.c b/custom_mutators/examples/simple_example.c similarity index 100% rename from utils/custom_mutators/simple_example.c rename to custom_mutators/examples/simple_example.c diff --git a/utils/custom_mutators/wrapper_afl_min.py b/custom_mutators/examples/wrapper_afl_min.py similarity index 100% rename from utils/custom_mutators/wrapper_afl_min.py rename to custom_mutators/examples/wrapper_afl_min.py diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 62e01f83..9d5381e8 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -285,8 +285,8 @@ afl-fuzz /path/to/program ## 4) Example -Please see [example.c](../utils/custom_mutators/example.c) and -[example.py](../utils/custom_mutators/example.py) +Please see [example.c](../custom_mutators/examples/example.c) and +[example.py](../custom_mutators/examples/example.py) ## 5) Other Resources diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md index 50ad75d4..f9ac1c53 100644 --- a/docs/life_pro_tips.md +++ b/docs/life_pro_tips.md @@ -83,5 +83,5 @@ You can find a simple solution in utils/argv_fuzzing. ## Attacking a format that uses checksums? Remove the checksum-checking code or use a postprocessor! -See utils/custom_mutators/ for more. +See `afl_custom_post_process` in custom_mutators/examples/examples.c for more. diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 4aa2133e..38cb5ba6 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -190,8 +190,8 @@ handlers of the target. ## 13) Gotchas, feedback, bugs -If you need to fix up checksums or do other cleanup on mutated test cases, see -utils/custom_mutators/ for a viable solution. +If you need to fix up checksums or do other cleanups on mutated test cases, see +`afl_custom_post_process` in custom_mutators/examples/example.c for a viable solution. Do not mix QEMU mode with ASAN, MSAN, or the likes; QEMU doesn't appreciate the "shadow VM" trick employed by the sanitizers and will probably just diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index bae4220f..a5d666ff 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -29,8 +29,8 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { } } # Compile the custom mutator - cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../utils/custom_mutators/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 - cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../utils/custom_mutators/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 + cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 + cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 test -e test-custom-mutator -a -e ./libexamplemutator.so && { # Create input directory mkdir -p in From 5c705fbb9277be14d31e917264424c82faa042dd Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 26 Apr 2021 16:03:46 +0200 Subject: [PATCH 140/441] unicorn speedtest makefile cleanup --- unicorn_mode/samples/speedtest/c/Makefile | 10 +++++++--- unicorn_mode/samples/speedtest/python/Makefile | 11 +++++++++-- unicorn_mode/samples/speedtest/rust/Makefile | 12 +++++++++--- 3 files changed, 25 insertions(+), 8 deletions(-) diff --git a/unicorn_mode/samples/speedtest/c/Makefile b/unicorn_mode/samples/speedtest/c/Makefile index ce784d4f..46789954 100644 --- a/unicorn_mode/samples/speedtest/c/Makefile +++ b/unicorn_mode/samples/speedtest/c/Makefile @@ -29,7 +29,11 @@ MYCC = $(__CC:$(_UNIQ)$(CROSS)=$(CROSS)gcc) .PHONY: all clean -all: fuzz +all: ../target harness + +afl-fuzz: ../../../../afl-fuzz +../../../../afl-fuzz: + $(MAKE) -C ../../../../ afl-fuzz clean: rm -rf *.o harness harness-debug @@ -49,6 +53,6 @@ harness-debug: harness-debug.o ../target: $(MAKE) -C .. -fuzz: ../target harness +fuzz: all afl-fuzz rm -rf ./output - SKIP_BINCHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./harness @@ + SKIP_BIN_CHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./harness @@ diff --git a/unicorn_mode/samples/speedtest/python/Makefile b/unicorn_mode/samples/speedtest/python/Makefile index 4282c6cb..c0c64269 100644 --- a/unicorn_mode/samples/speedtest/python/Makefile +++ b/unicorn_mode/samples/speedtest/python/Makefile @@ -1,8 +1,15 @@ -all: fuzz +.PHONY: all fuzz + +all: ../target + +afl-fuzz: ../../../../afl-fuzz +../../../../afl-fuzz: + $(MAKE) -C ../../../../ afl-fuzz + ../target: $(MAKE) -C .. -fuzz: ../target +fuzz: all afl-fuzz rm -rf ./ouptput ../../../../afl-fuzz -s 1 -U -i ../sample_inputs -o ./output -- python3 harness.py @@ diff --git a/unicorn_mode/samples/speedtest/rust/Makefile b/unicorn_mode/samples/speedtest/rust/Makefile index fe18d6ee..46934c93 100644 --- a/unicorn_mode/samples/speedtest/rust/Makefile +++ b/unicorn_mode/samples/speedtest/rust/Makefile @@ -1,4 +1,10 @@ -all: fuzz +.PHONY: all fuzz + +all: ../target ./target/release/unicornafl_harness + +afl-fuzz: ../../../../afl-fuzz +../../../../afl-fuzz: + $(MAKE) -C ../../../../ afl-fuzz clean: cargo clean @@ -12,6 +18,6 @@ clean: ../target: $(MAKE) -c .. -fuzz: ../target ./target/release/unicornafl_harness +fuzz: all afl-fuzz rm -rf ./output - SKIP_BINCHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./target/release/unicornafl_harness @@ + SKIP_BIN_CHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./target/release/unicornafl_harness @@ From 4d40afe54f8365453dc3be5d1c2db5d06d42e448 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 26 Apr 2021 16:12:25 +0200 Subject: [PATCH 141/441] fixed example location --- docs/life_pro_tips.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md index f9ac1c53..13ffcea0 100644 --- a/docs/life_pro_tips.md +++ b/docs/life_pro_tips.md @@ -83,5 +83,5 @@ You can find a simple solution in utils/argv_fuzzing. ## Attacking a format that uses checksums? Remove the checksum-checking code or use a postprocessor! -See `afl_custom_post_process` in custom_mutators/examples/examples.c for more. +See `afl_custom_post_process` in custom_mutators/examples/example.c for more. From bd38fb672211b571667eeb6d760114dd2ab0c9ec Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 26 Apr 2021 20:19:00 +0200 Subject: [PATCH 142/441] fix qdbi --- utils/qbdi_mode/template.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/qbdi_mode/template.cpp b/utils/qbdi_mode/template.cpp index b2066cc8..888ecb58 100755 --- a/utils/qbdi_mode/template.cpp +++ b/utils/qbdi_mode/template.cpp @@ -25,7 +25,7 @@ #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) #define INC_AFL_AREA(loc) \ asm volatile( \ - "incb (%0, %1, 1)\n" \ + "addb $1, (%0, %1, 1)\n" \ "adcb $0, (%0, %1, 1)\n" \ : /* no out */ \ : "r"(afl_area_ptr), "r"(loc) \ From 8da5cba4012080afca5e7f7da9aaa6aa6e263f3e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 26 Apr 2021 20:20:47 +0200 Subject: [PATCH 143/441] update util readme --- utils/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/README.md b/utils/README.md index 336b6b6c..b157424f 100644 --- a/utils/README.md +++ b/utils/README.md @@ -32,7 +32,8 @@ Here's a quick overview of the stuff you can find in this directory: with additional gdb metadata. - custom_mutators - examples for the afl++ custom mutator interface in - C and Python + C and Python. Note: They were moved to + ../custom_mutators/examples/ - distributed_fuzzing - a sample script for synchronizing fuzzer instances across multiple machines (see parallel_fuzzing.md). From 976969dce56cb7d8349706962eb774a0ab0a0931 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 28 Apr 2021 00:29:15 +0200 Subject: [PATCH 144/441] work in progress: not working correctly yet --- instrumentation/afl-llvm-pass.so.cc | 79 ++++++++++++++++++++++++++++- 1 file changed, 78 insertions(+), 1 deletion(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 70480ff9..6c898c48 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -409,8 +409,14 @@ bool AFLCoverage::runOnModule(Module &M) { if (F.size() < function_minimum_size) continue; + unsigned extra_increment_BB = 0; for (auto &BB : F) { + if (extra_increment_BB) { + // increment BB + --extra_increment_BB; + continue; + } BasicBlock::iterator IP = BB.getFirstInsertionPt(); IRBuilder<> IRB(&(*IP)); @@ -628,7 +634,78 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ #if 1 /* Atomic */ - IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); +#if LLVM_VERSION_MAJOR < 9 + if (neverZero_counters_str != + NULL) { // with llvm 9 we make this the default as the bug in llvm is + // then fixed +#else + if (!skip_nozero) { + +#endif + /* hexcoder: Realize a counter that skips zero during overflow. + * Once this counter reaches its maximum value, it next increments to 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter + */ + + // C: unsigned char old = atomic_load_explicit(MapPtrIdx, memory_order_relaxed); + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setAlignment(llvm::Align()); + Counter->setAtomic(llvm::AtomicOrdering::Monotonic); + Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + // insert a basic block with the corpus of a do while loop + // the calculation may need to repeat, if atomic compare_exchange is not successful + BasicBlock::iterator it(*Counter); it++; + BasicBlock * end_bb = BB.splitBasicBlock(it); + + extra_increment_BB = 2; + // insert the block before the second half of the split + BasicBlock * do_while_bb = BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + + // set terminator of BB from target end_bb to target do_while_bb + auto term = BB.getTerminator(); + BranchInst::Create(do_while_bb, &BB); + term->eraseFromParent(); + + auto saved = IRB.saveIP(); + IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); + + PHINode * PN = IRB.CreatePHI(Int8Ty, 2); + + auto * Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); + + Value *Incr = IRB.CreateAdd(Counter, One); + + auto * Select = IRB.CreateSelect(Cmp, One, Incr); + + auto * CmpXchg = IRB.CreateAtomicCmpXchg(MapPtrIdx, PN, Select, + llvm::AtomicOrdering::Monotonic, llvm::AtomicOrdering::Monotonic); + CmpXchg->setAlignment(llvm::Align()); + CmpXchg->setWeak(true); + CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + Value * Success = IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); + Value * OldVal = IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); + + PN->addIncoming(Counter, &BB); + PN->addIncoming(OldVal, do_while_bb); + +// term = do_while_bb->getTerminator(); + +// BranchInst::Create(/*true*/end_bb, /*false*/do_while_bb, Success, do_while_bb); + IRB.CreateCondBr(Success, end_bb, do_while_bb); +// BranchInst::Create(end_bb, do_while_bb); +// term->eraseFromParent(); + IRB.restoreIP(saved); + + } else { + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); + } #else LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); From 39ad3b89467d6de12cbb9d08ccd77d331c0d1f9e Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 28 Apr 2021 09:25:26 +0100 Subject: [PATCH 145/441] Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name --- frida_mode/GNUmakefile | 88 ++++ frida_mode/Makefile | 349 +------------ frida_mode/README.md | 101 ++-- frida_mode/include/complog.h | 9 + frida_mode/include/instrument.h | 17 +- frida_mode/include/interceptor.h | 2 + frida_mode/include/lib.h | 8 + frida_mode/include/persistent.h | 26 + frida_mode/include/prefetch.h | 9 +- frida_mode/include/ranges.h | 2 +- frida_mode/include/stalker.h | 8 + frida_mode/include/util.h | 6 + frida_mode/src/complog/complog.c | 72 +++ frida_mode/src/complog/complog_arm.c | 15 + frida_mode/src/complog/complog_arm64.c | 15 + frida_mode/src/complog/complog_x64.c | 363 +++++++++++++ frida_mode/src/complog/complog_x86.c | 15 + frida_mode/src/instrument.c | 271 ---------- frida_mode/src/instrument/instrument.c | 150 ++++++ frida_mode/src/instrument/instrument_arm32.c | 23 + frida_mode/src/instrument/instrument_arm64.c | 97 ++++ frida_mode/src/instrument/instrument_x64.c | 93 ++++ frida_mode/src/instrument/instrument_x86.c | 23 + frida_mode/src/interceptor.c | 19 + frida_mode/src/lib.c | 167 ++++++ frida_mode/src/main.c | 59 ++- frida_mode/src/persistent/persistent.c | 68 +++ frida_mode/src/persistent/persistent_arm32.c | 70 +++ frida_mode/src/persistent/persistent_arm64.c | 113 +++++ frida_mode/src/persistent/persistent_x64.c | 337 +++++++++++++ frida_mode/src/persistent/persistent_x86.c | 53 ++ frida_mode/src/prefetch.c | 23 +- frida_mode/src/ranges.c | 477 ++++++++++++------ frida_mode/src/stalker.c | 49 ++ frida_mode/src/util.c | 66 +++ frida_mode/test/cmplog/GNUmakefile | 66 +++ frida_mode/test/cmplog/Makefile | 12 + .../get_section_addrs.py} | 0 frida_mode/test/png/GNUmakefile | 106 ++++ frida_mode/test/png/Makefile | 12 + frida_mode/test/png/persistent/GNUmakefile | 54 ++ frida_mode/test/png/persistent/Makefile | 12 + .../test/png/persistent/get_symbol_addr.py | 36 ++ .../test/png/persistent/hook/GNUmakefile | 70 +++ frida_mode/test/png/persistent/hook/Makefile | 12 + frida_mode/test/testinstr/GNUmakefile | 50 ++ frida_mode/test/testinstr/Makefile | 12 + frida_mode/test/{ => testinstr}/testinstr.c | 4 +- include/envs.h | 3 + instrumentation/afl-compiler-rt.o.c | 15 +- .../afl-llvm-lto-instrumentation.so.cc | 8 +- qemu_mode/qemuafl | 2 +- src/afl-forkserver.c | 3 +- src/afl-fuzz-cmplog.c | 2 +- src/afl-fuzz-init.c | 8 + src/afl-fuzz.c | 3 +- 56 files changed, 2874 insertions(+), 879 deletions(-) create mode 100644 frida_mode/GNUmakefile create mode 100644 frida_mode/include/complog.h create mode 100644 frida_mode/include/lib.h create mode 100644 frida_mode/include/persistent.h create mode 100644 frida_mode/include/stalker.h create mode 100644 frida_mode/include/util.h create mode 100644 frida_mode/src/complog/complog.c create mode 100644 frida_mode/src/complog/complog_arm.c create mode 100644 frida_mode/src/complog/complog_arm64.c create mode 100644 frida_mode/src/complog/complog_x64.c create mode 100644 frida_mode/src/complog/complog_x86.c delete mode 100644 frida_mode/src/instrument.c create mode 100644 frida_mode/src/instrument/instrument.c create mode 100644 frida_mode/src/instrument/instrument_arm32.c create mode 100644 frida_mode/src/instrument/instrument_arm64.c create mode 100644 frida_mode/src/instrument/instrument_x64.c create mode 100644 frida_mode/src/instrument/instrument_x86.c create mode 100644 frida_mode/src/lib.c create mode 100644 frida_mode/src/persistent/persistent.c create mode 100644 frida_mode/src/persistent/persistent_arm32.c create mode 100644 frida_mode/src/persistent/persistent_arm64.c create mode 100644 frida_mode/src/persistent/persistent_x64.c create mode 100644 frida_mode/src/persistent/persistent_x86.c create mode 100644 frida_mode/src/stalker.c create mode 100644 frida_mode/src/util.c create mode 100644 frida_mode/test/cmplog/GNUmakefile create mode 100644 frida_mode/test/cmplog/Makefile rename frida_mode/test/{testinstr.py => cmplog/get_section_addrs.py} (100%) create mode 100644 frida_mode/test/png/GNUmakefile create mode 100644 frida_mode/test/png/Makefile create mode 100644 frida_mode/test/png/persistent/GNUmakefile create mode 100644 frida_mode/test/png/persistent/Makefile create mode 100755 frida_mode/test/png/persistent/get_symbol_addr.py create mode 100644 frida_mode/test/png/persistent/hook/GNUmakefile create mode 100644 frida_mode/test/png/persistent/hook/Makefile create mode 100644 frida_mode/test/testinstr/GNUmakefile create mode 100644 frida_mode/test/testinstr/Makefile rename frida_mode/test/{ => testinstr}/testinstr.c (95%) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile new file mode 100644 index 00000000..51107910 --- /dev/null +++ b/frida_mode/GNUmakefile @@ -0,0 +1,88 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)..)/ +INC_DIR:=$(PWD)include/ +SRC_DIR:=$(PWD)src/ +INCLUDES:=$(wildcard $(INC_DIR)*.h) +SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) +BUILD_DIR:=$(PWD)build/ +CFLAGS+=-fPIC -D_GNU_SOURCE -Wno-prio-ctor-dtor + +FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ +FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so +FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(shell uname)" "Darwin" + OS:=macos + CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations +endif + +ifeq "$(shell uname)" "Linux" + OS:=linux +endif + +ifndef OS + $(error "Operating system unsupported") +endif + +GUM_DEVKIT_VERSION=14.2.17 +GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz +GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" +GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) +GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a +GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h + +TEST_BUILD_DIR:=$(BUILD_DIR)test/ + + +.PHONY: all clean format + +############################# FRIDA ############################################ + +all: $(FRIDA_TRACE) + make -C $(ROOT) + +$(BUILD_DIR): + mkdir -p $(BUILD_DIR) + +$(FRIDA_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) + wget -O $@ $(GUM_DEVKIT_URL) + +$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) + tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + +$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) + tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(SOURCES) $(QEMU_INC_API) Makefile | $(BUILD_DIR) + $(CC) -shared \ + $(CFLAGS) \ + -o $@ \ + $(SOURCES) \ + $(GUM_DEVIT_LIBRARY) \ + -I $(FRIDA_BUILD_DIR) \ + -I $(ROOT) \ + -I $(ROOT)include \ + -I $(INC_DIR) \ + $(ROOT)instrumentation/afl-compiler-rt.o.c \ + -lpthread -ldl -lresolv -lelf + + cp -v $(FRIDA_TRACE) $(ROOT) + +############################# CLEAN ############################################ +clean: + rm -rf $(BUILD_DIR) + +############################# FORMAT ########################################### +format: + cd $(ROOT) && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i + cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i + +############################# RUN ############################################# diff --git a/frida_mode/Makefile b/frida_mode/Makefile index 822f1c6a..b6d64bff 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -1,348 +1,9 @@ -PWD:=$(shell pwd)/ -INC_DIR:=$(PWD)include/ -SRC_DIR:=$(PWD)src/ -INCLUDES:=$(wildcard $(INC_DIR)*.h) -SOURCES:=$(wildcard $(SRC_DIR)*.c) -BUILD_DIR:=$(PWD)build/ -CFLAGS+=-fPIC -D_GNU_SOURCE +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake -FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ -FRIDA_TRACE:=$(FRIDA_BUILD_DIR)afl-frida-trace.so - -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" - ARCH:=arm64 - TESTINSTR_BASE:=0x0000aaaaaaaaa000 -endif - -ifeq "$(ARCH)" "x86_64" - TESTINSTR_BASE:=0x0000555555554000 -endif - -ifeq "$(shell uname)" "Darwin" - OS:=macos - AFL_FRIDA_INST_RANGES=0x0000000000001000-0xFFFFFFFFFFFFFFFF - CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations - TEST_LDFLAGS:=-undefined dynamic_lookup -endif -ifeq "$(shell uname)" "Linux" - OS:=linux - AFL_FRIDA_INST_RANGES=$(shell $(PWD)test/testinstr.py -f $(BUILD_DIR)testinstr -s .testinstr -b $(TESTINSTR_BASE)) - CFLAGS:=$(CFLAGS) -Wno-prio-ctor-dtor - TEST_LDFLAGS:= -endif - -ifndef OS - $(error "Operating system unsupported") -endif - -VERSION=14.2.13 -GUM_DEVKIT_FILENAME=frida-gum-devkit-$(VERSION)-$(OS)-$(ARCH).tar.xz -GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(VERSION)/$(GUM_DEVKIT_FILENAME)" -GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) -GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a -GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h - -TEST_BUILD_DIR:=$(BUILD_DIR)test/ - -LIBPNG_FILE:=$(TEST_BUILD_DIR)libpng-1.2.56.tar.gz -LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz -LIBPNG_DIR:=$(TEST_BUILD_DIR)libpng-1.2.56/ -LIBPNG_MAKEFILE:=$(LIBPNG_DIR)Makefile -LIBPNG_LIB:=$(LIBPNG_DIR).libs/libpng12.a - -HARNESS_FILE:=$(TEST_BUILD_DIR)StandaloneFuzzTargetMain.c -HARNESS_OBJ:=$(TEST_BUILD_DIR)StandaloneFuzzTargetMain.o -HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" - -PNGTEST_FILE:=$(TEST_BUILD_DIR)target.cc -PNGTEST_OBJ:=$(TEST_BUILD_DIR)target.o -PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" - -TEST_BIN:=$(TEST_BUILD_DIR)pngtest - -TESTINSTBIN:=$(BUILD_DIR)testinstr -TESTINSTSRC:=$(PWD)test/testinstr.c - -TEST_DATA_DIR:=$(PWD)build/test/libpng-1.2.56/contrib/pngsuite/ - -TESTINSTR_DATA_DIR:=$(BUILD_DIR)testinstr_in/ -TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)test.dat -FRIDA_OUT:=$(PWD)frida_out -QEMU_OUT:=$(PWD)qemu_out - -.PHONY: all frida test clean format test_frida test_qemu compare testinstr test_testinstr standalone - -all: $(FRIDA_TRACE) - -frida: $(FRIDA_TRACE) - -$(BUILD_DIR): - mkdir -p $(BUILD_DIR) - -############################# FRIDA ############################################ -$(FRIDA_BUILD_DIR): | $(BUILD_DIR) - mkdir -p $@ - -$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) - wget -O $@ $(GUM_DEVKIT_URL) - -$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) - tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) - -$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) - tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) - -$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(SOURCES) Makefile | $(FRIDA_BUILD_DIR) - $(CC) -shared \ - $(CFLAGS) \ - -o $@ $(SOURCES) \ - $(GUM_DEVIT_LIBRARY) \ - -I $(FRIDA_BUILD_DIR) \ - -I .. \ - -I ../include \ - -I $(INC_DIR) \ - ../instrumentation/afl-compiler-rt.o.c \ - -lpthread -ldl -lresolv - - cp -v $(FRIDA_TRACE) ../ - -############################# TEST ############################################# - -test: $(TEST_BIN) - -$(TEST_BUILD_DIR): $(BUILD_DIR) - mkdir -p $@ - -$(HARNESS_FILE): | $(TEST_BUILD_DIR) - wget -O $@ $(HARNESS_URL) - -$(HARNESS_OBJ): $(HARNESS_FILE) - $(CC) -o $@ -c $< - -$(PNGTEST_FILE): | $(TEST_BUILD_DIR) - wget -O $@ $(PNGTEST_URL) - -$(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) - $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< - -$(LIBPNG_FILE): | $(TEST_BUILD_DIR) - wget -O $@ $(LIBPNG_URL) - -$(LIBPNG_DIR): $(LIBPNG_FILE) - tar zxvf $(LIBPNG_FILE) -C $(TEST_BUILD_DIR) - -$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) - cd $(LIBPNG_DIR) && ./configure - -$(LIBPNG_LIB): $(LIBPNG_MAKEFILE) - make -C $(LIBPNG_DIR) - -$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) - $(CXX) \ - -o $@ \ - $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ - -lz \ - $(TEST_LDFLAGS) - -############################# TESTINSR ######################################### -$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) - mkdir -p $@ - -$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) - echo -n "000" > $@ - -$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< - -testinstr: $(TESTINSTBIN) - -############################# CLEAN ############################################ clean: - rm -rf $(BUILD_DIR) + @gmake clean -############################# FORMAT ########################################### format: - cd .. && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i - cd .. && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i - cd .. && ./.custom-format.py -i $(TESTINSTSRC) - -############################# RUN ############################################# - -# Add the environment variable AFL_DEBUG_CHILD=1 to show printf's from the target - -png_frida: $(FRIDA_TRACE) $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-fuzz \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - -png_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-fuzz \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -compare: $(FRIDA_TRACE) $(TEST_BIN) - cd .. && \ - ./afl-fuzz \ - -V30 \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - cd .. && \ - ./afl-fuzz \ - -V30 \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - cat frida_out/default/fuzzer_stats - cat qemu_out/default/fuzzer_stats - -testinstr_qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - make -C .. - cd .. && \ - AFL_QEMU_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ - ./afl-fuzz \ - -Q \ - -i $(TESTINSTR_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TESTINSTBIN) @@ - -testinstr_frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - make -C .. - cd .. && \ - AFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ - AFL_FRIDA_INST_NO_OPTIMIZE=1 \ - AFL_FRIDA_INST_NO_PREFETCH=1 \ - AFL_FRIDA_INST_STRICT=1 \ - ./afl-fuzz \ - -O \ - -i $(TESTINSTR_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TESTINSTBIN) @@ - -standalone: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - cd .. && \ - AFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ - AFL_DEBUG_CHILD=1 \ - AFL_FRIDA_DEBUG_MAPS=1 \ - AFL_FRIDA_INST_NO_OPTIMIZE=1 \ - AFL_FRIDA_INST_NO_PREFETCH=1 \ - AFL_FRIDA_INST_TRACE=1 \ - AFL_FRIDA_INST_STRICT=1 \ - LD_PRELOAD=$(FRIDA_TRACE) \ - DYLD_INSERT_LIBRARIES=$(FRIDA_TRACE) \ - $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - -tmin_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-tmin \ - -Q \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -o $(QEMU_OUT)/qemu-min-basn0g01.png \ - -- \ - $(TEST_BIN) @@ - -tmin_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-tmin \ - -O \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -o $(FRIDA_OUT)/qemu-min-basn0g01.png \ - -- \ - $(TEST_BIN) - -showmap_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-showmap \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -showmap_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-showmap \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - -analyze_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-analyze \ - -Q \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -- \ - $(TEST_BIN) @@ - -analyze_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-analyze \ - -O \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -- \ - $(TEST_BIN) @@ - -cmin_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -cmin_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - -cmin_bash_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin.bash \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -cmin_bash_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin.bash \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ + @gmake format diff --git a/frida_mode/README.md b/frida_mode/README.md index 8abee0dd..0d655d0f 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -10,23 +10,23 @@ a small harness around their target code of interest, FRIDA mode instead takes a different approach to avoid these limitations. # Current Progress -As FRIDA mode is new, it is missing a lot of features. Most importantly, -persistent mode. The design is such that it should be possible to add these -features in a similar manner to QEMU mode and perhaps leverage some of its -design and implementation. +As FRIDA mode is new, it is missing a lot of features. The design is such that it +should be possible to add these features in a similar manner to QEMU mode and +perhaps leverage some of its design and implementation. - | Feature/Instrumentation | frida-mode | - | -------------------------|:----------:| - | NeverZero | | - | Persistent Mode | | - | LAF-Intel / CompCov | | - | CmpLog | | - | Selective Instrumentation| x | - | Non-Colliding Coverage | | - | Ngram prev_loc Coverage | | - | Context Coverage | | - | Auto Dictionary | | - | Snapshot LKM Support | | + | Feature/Instrumentation | frida-mode | Notes | + | -------------------------|:----------:|:---------------------------------------:| + | NeverZero | x | | + | Persistent Mode | x | (x64 only)(Only on function boundaries) | + | LAF-Intel / CompCov | - | (Superseded by CmpLog) | + | CmpLog | x | (x64 only) | + | Selective Instrumentation| x | | + | Non-Colliding Coverage | - | | + | Ngram prev_loc Coverage | - | | + | Context Coverage | - | | + | Auto Dictionary | - | | + | Snapshot LKM Support | - | | + | In-Memory Test Cases | x |(x64 only) | # Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 @@ -40,8 +40,9 @@ system does not support cross compilation. ## Getting Started To build everything run `make`. -To run the benchmark sample with qemu run `make png_qemu`. -To run the benchmark sample with frida run `make png_frida`. +Various tests can be found in subfolders within the `test/` directory. To use +these, first run `make` to build any dependencies. Then run `make qemu` or +`make frida` to run on either QEMU of FRIDA mode respectively. ## Usage FRIDA mode requires some small modifications to `afl-fuzz` and similar tools @@ -58,32 +59,32 @@ following options are currently supported. * `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` * `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` * `AFL_FRIDA_INST_RANGES` - See `AFL_QEMU_INST_RANGES` +* `AFL_FRIDA_PERSISTENT_ADDR` - See `AFL_QEMU_PERSISTENT_ADDR` +* `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` +* `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` + # Performance Additionally, the intention is to be able to make a direct performance -comparison between the two approaches. Accordingly, FRIDA mode includes a test -target based on the [libpng](https://libpng.sourceforge.io/) benchmark used by +comparison between the two approaches. Accordingly, FRIDA mode includes various +tests target based on the [libpng](https://libpng.sourceforge.io/) benchmark used by [fuzzbench](https://google.github.io/fuzzbench/) and integrated with the [StandaloneFuzzTargetMain](https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c) -from the llvm project. This is built and linked without any special -modifications to suit FRIDA or QEMU. We use the test data provided with libpng -as our corpus. +from the llvm project. These tests include basic fork-server support, persistent mode +and persistent mode with in-memory test-cases. These are built and linked without +any special modifications to suit FRIDA or QEMU. The test data provided with libpng +is used as the corpus. -Whilst not much performance tuning has been completed to date, performance is -around 30-50% of that of QEMU mode, however, this gap may reduce with the -introduction of persistent mode. Performance can be tested by running -`make compare`, albeit a longer time measurement may be required for more -accurate results. +The intention is to add support for FRIDA mode to the FuzzBench project and +perform a like-for-like comparison with QEMU mode to get an accurate +appreciation of its performance. Whilst [afl_frida](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) claims a 5-10x performance increase over QEMU, it has not been possible to -reproduce these claims. However, the number of executions per second can vary -dramatically as a result of the randomization of the fuzzer input. Some inputs -may traverse relatively few paths before being rejected as invalid whilst others -may be valid inputs or be subject to much more processing before rejection. -Accordingly, it is recommended that testing be carried out over prolongued -periods to gather timings which are more than indicative. +reproduce these claims. It is thought that `afl_frida` was running a test case +in persistent mode, whereas the qemu test it was compared against was not and +this may account for the differences since it isn't a like-for-like comparison. # Design FRIDA mode is supported by using `LD_PRELOAD` (`DYLD_INSERT_LIBRARIES` on macOS) @@ -102,12 +103,19 @@ this coverage information to AFL++ and also provide a fork server. It also makes use of the FRIDA [prefetch](https://github.com/frida/frida-gum/blob/56dd9ba3ee9a5511b4b0c629394bf122775f1ab7/gum/gumstalker.h#L115) support to feedback instrumented blocks from the child to the parent using a shared memory region to avoid the need to regenerate instrumented blocks on each -fork. +fork. Whilst FRIDA allows for a normal C function to be used to augment instrumented -code, to minimize the costs of storing and restoring all of the registers, FRIDA -mode instead makes use of optimized assembly instead on AARCH64 and x86/64 -targets. +code, FRIDA mode instead makes use of optimized assembly instead on AARCH64 and +x86/64 targets. By injecting these small snippets of assembly, we avoid having +to push and pop the full register context. Note that since this instrumentation +is used on every basic block to generate coverage, it has a large impact on +performance. + +CompLog support also adds code to the assembly, however, at present this code +makes use of a basic C function and is yet to be optimized. Since not all +instances run CompLog mode and instrumentation of the binary is less frequent +(only on CMP, SUB and CALL instructions) performance is not quite so critical. # Advanced configuration options * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage @@ -116,20 +124,11 @@ instrumentation (the default where available). Required to use * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. -* `AFL_FRIDA_INST_STRICT` - Under certain conditions, Stalker may encroach into -excluded regions and generate both instrumented blocks and coverage data (e.g. -indirect calls on x86). The excluded block is generally honoured as soon as -another function is called within the excluded region and so such encroachment -is usually of little consequence. This detail may however, hinder you when -checking that the correct number of paths are found for testing purposes or -similar. There is a performance penatly for this option during block compilation -where we check the block isn't in a list of excluded ranges. * `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. # TODO -As can be seen from the progress section above, there are a number of features -which are missing in its currently form. Chief amongst which is persistent mode. -The intention is to achieve feature parity with QEMU mode in due course. -Contributions are welcome, but please get in touch to ensure that efforts are -deconflicted. +The next features to be added are x86 support, integration with FuzzBench and +support for ASAN. The intention is to achieve feature parity with QEMU mode in +due course. Contributions are welcome, but please get in touch to ensure that +efforts are deconflicted. diff --git a/frida_mode/include/complog.h b/frida_mode/include/complog.h new file mode 100644 index 00000000..094b7b93 --- /dev/null +++ b/frida_mode/include/complog.h @@ -0,0 +1,9 @@ +extern struct cmp_map *__afl_cmp_map; + +void complog_init(void); + +/* Functions to be implemented by the different architectures */ +void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); + +gboolean complog_is_readable(void *addr, size_t size); + diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index ff71bed4..1b6c6bba 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -1,7 +1,18 @@ #include "frida-gum.h" -void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, - gpointer user_data); +#include "config.h" -void instrument_init(); +extern uint64_t __thread previous_pc; +extern uint8_t *__afl_area_ptr; +extern uint32_t __afl_map_size; + +void instrument_init(void); + +GumStalkerTransformer *instrument_get_transformer(void); + +/* Functions to be implemented by the different architectures */ +gboolean instrument_is_coverage_optimize_supported(void); + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output); diff --git a/frida_mode/include/interceptor.h b/frida_mode/include/interceptor.h index 5ed3cf49..49c0630a 100644 --- a/frida_mode/include/interceptor.h +++ b/frida_mode/include/interceptor.h @@ -1,4 +1,6 @@ #include "frida-gum.h" void intercept(void *address, gpointer replacement, gpointer user_data); +void unintercept(void *address); +void unintercept_self(void); diff --git a/frida_mode/include/lib.h b/frida_mode/include/lib.h new file mode 100644 index 00000000..1dc426a2 --- /dev/null +++ b/frida_mode/include/lib.h @@ -0,0 +1,8 @@ +#include "frida-gum.h" + +void lib_init(void); + +guint64 lib_get_text_base(void); + +guint64 lib_get_text_limit(void); + diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h new file mode 100644 index 00000000..14c8a268 --- /dev/null +++ b/frida_mode/include/persistent.h @@ -0,0 +1,26 @@ +#include "frida-gum.h" + +#include "config.h" + +typedef struct arch_api_regs api_regs; + +typedef void (*afl_persistent_hook_fn)(api_regs *regs, uint64_t guest_base, + uint8_t *input_buf, + uint32_t input_buf_len); + +extern int __afl_persistent_loop(unsigned int max_cnt); + +extern unsigned int * __afl_fuzz_len; +extern unsigned char *__afl_fuzz_ptr; + +guint64 persistent_start; +guint64 persistent_count; +afl_persistent_hook_fn hook; + +void persistent_init(void); + +/* Functions to be implemented by the different architectures */ +gboolean persistent_is_supported(void); + +void persistent_prologue(GumStalkerOutput *output); + diff --git a/frida_mode/include/prefetch.h b/frida_mode/include/prefetch.h index b7f25a97..110f717f 100644 --- a/frida_mode/include/prefetch.h +++ b/frida_mode/include/prefetch.h @@ -1,5 +1,6 @@ -void prefetch_init(); -void prefetch_start(GumStalker *stalker); -void prefetch_write(void *addr); -void prefetch_read(GumStalker *stalker); +#include "frida-gum.h" + +void prefetch_init(void); +void prefetch_write(void *addr); +void prefetch_read(void); diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index b9394dbc..a021f35c 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -1,6 +1,6 @@ #include "frida-gum.h" -void ranges_init(GumStalker *stalker); +void ranges_init(void); gboolean range_is_excluded(gpointer address); diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h new file mode 100644 index 00000000..1962eec9 --- /dev/null +++ b/frida_mode/include/stalker.h @@ -0,0 +1,8 @@ +#include "frida-gum.h" + +void stalker_init(void); +GumStalker *stalker_get(void); +void stalker_start(void); +void stalker_pause(void); +void stalker_resume(void); + diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h new file mode 100644 index 00000000..5b4ea76b --- /dev/null +++ b/frida_mode/include/util.h @@ -0,0 +1,6 @@ +#include "frida-gum.h" + +guint64 util_read_address(char *key); + +guint64 util_read_num(char *key); + diff --git a/frida_mode/src/complog/complog.c b/frida_mode/src/complog/complog.c new file mode 100644 index 00000000..3b679a5c --- /dev/null +++ b/frida_mode/src/complog/complog.c @@ -0,0 +1,72 @@ +#include "frida-gum.h" + +#include "debug.h" +#include "cmplog.h" + +extern struct cmp_map *__afl_cmp_map; + +static GArray *complog_ranges = NULL; + +static gboolean complog_range(const GumRangeDetails *details, + gpointer user_data) { + + GumMemoryRange range = *details->range; + g_array_append_val(complog_ranges, range); + +} + +static gint complog_sort(gconstpointer a, gconstpointer b) { + + return ((GumMemoryRange *)b)->base_address - + ((GumMemoryRange *)a)->base_address; + +} + +void complog_init(void) { + + if (__afl_cmp_map != NULL) { OKF("CompLog mode enabled"); } + + complog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); + gum_process_enumerate_ranges(GUM_PAGE_READ, complog_range, NULL); + g_array_sort(complog_ranges, complog_sort); + + for (guint i = 0; i < complog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(complog_ranges, GumMemoryRange, i); + OKF("CompLog Range - 0x%016lX - 0x%016lX", range->base_address, + range->base_address + range->size); + + } + +} + +static gboolean complog_contains(GumAddress inner_base, GumAddress inner_limit, + GumAddress outer_base, + GumAddress outer_limit) { + + return (inner_base >= outer_base && inner_limit <= outer_limit); + +} + +gboolean complog_is_readable(void *addr, size_t size) { + + if (complog_ranges == NULL) FATAL("CompLog not initialized"); + + GumAddress inner_base = GUM_ADDRESS(addr); + GumAddress inner_limit = inner_base + size; + + for (guint i = 0; i < complog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(complog_ranges, GumMemoryRange, i); + GumAddress outer_base = range->base_address; + GumAddress outer_limit = outer_base + range->size; + + if (complog_contains(inner_base, inner_limit, outer_base, outer_limit)) + return true; + + } + + return false; + +} + diff --git a/frida_mode/src/complog/complog_arm.c b/frida_mode/src/complog/complog_arm.c new file mode 100644 index 00000000..82cc2557 --- /dev/null +++ b/frida_mode/src/complog/complog_arm.c @@ -0,0 +1,15 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "complog.h" + +#if defined(__arm64__) +void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + FATAL("Complog mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/complog/complog_arm64.c b/frida_mode/src/complog/complog_arm64.c new file mode 100644 index 00000000..e4dbf322 --- /dev/null +++ b/frida_mode/src/complog/complog_arm64.c @@ -0,0 +1,15 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "complog.h" + +#if defined(__i386__) +void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + FATAL("Complog mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/complog/complog_x64.c b/frida_mode/src/complog/complog_x64.c new file mode 100644 index 00000000..253ec041 --- /dev/null +++ b/frida_mode/src/complog/complog_x64.c @@ -0,0 +1,363 @@ +#include "frida-gum.h" + +#include "debug.h" +#include "cmplog.h" + +#include "complog.h" + +#if defined(__x86_64__) + + #define X86_REG_8L(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define X86_REG_8H(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK) >> 8; \ + \ + } + + #define X86_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define X86_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + + #define X86_REG_64(LABEL, REG) \ + case LABEL: { \ + \ + return (REG); \ + \ + } + +typedef struct { + + x86_op_type type; + uint8_t size; + + union { + + x86_op_mem mem; + x86_reg reg; + int64_t imm; + + }; + +} complog_ctx_t; + +typedef struct { + + complog_ctx_t operand1; + complog_ctx_t operand2; + +} complog_pair_ctx_t; + +static guint64 complog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { + + switch (reg) { + + X86_REG_8L(X86_REG_AL, ctx->rax) + X86_REG_8L(X86_REG_BL, ctx->rbx) + X86_REG_8L(X86_REG_CL, ctx->rcx) + X86_REG_8L(X86_REG_DL, ctx->rdx) + X86_REG_8L(X86_REG_BPL, ctx->rbp) + X86_REG_8L(X86_REG_SIL, ctx->rsi) + X86_REG_8L(X86_REG_DIL, ctx->rdi) + + X86_REG_8H(X86_REG_AH, ctx->rax) + X86_REG_8H(X86_REG_BH, ctx->rbx) + X86_REG_8H(X86_REG_CH, ctx->rcx) + X86_REG_8H(X86_REG_DH, ctx->rdx) + + X86_REG_16(X86_REG_AX, ctx->rax) + X86_REG_16(X86_REG_BX, ctx->rbx) + X86_REG_16(X86_REG_CX, ctx->rcx) + X86_REG_16(X86_REG_DX, ctx->rdx) + X86_REG_16(X86_REG_DI, ctx->rdi) + X86_REG_16(X86_REG_SI, ctx->rsi) + X86_REG_16(X86_REG_BP, ctx->rbp) + + X86_REG_32(X86_REG_EAX, ctx->rax) + X86_REG_32(X86_REG_ECX, ctx->rcx) + X86_REG_32(X86_REG_EDX, ctx->rdx) + X86_REG_32(X86_REG_EBX, ctx->rbx) + X86_REG_32(X86_REG_ESP, ctx->rsp) + X86_REG_32(X86_REG_EBP, ctx->rbp) + X86_REG_32(X86_REG_ESI, ctx->rsi) + X86_REG_32(X86_REG_EDI, ctx->rdi) + X86_REG_32(X86_REG_R8D, ctx->r8) + X86_REG_32(X86_REG_R9D, ctx->r9) + X86_REG_32(X86_REG_R10D, ctx->r10) + X86_REG_32(X86_REG_R11D, ctx->r11) + X86_REG_32(X86_REG_R12D, ctx->r12) + X86_REG_32(X86_REG_R13D, ctx->r13) + X86_REG_32(X86_REG_R14D, ctx->r14) + X86_REG_32(X86_REG_R15D, ctx->r15) + X86_REG_32(X86_REG_EIP, ctx->rip) + + X86_REG_64(X86_REG_RAX, ctx->rax) + X86_REG_64(X86_REG_RCX, ctx->rcx) + X86_REG_64(X86_REG_RDX, ctx->rdx) + X86_REG_64(X86_REG_RBX, ctx->rbx) + X86_REG_64(X86_REG_RSP, ctx->rsp) + X86_REG_64(X86_REG_RBP, ctx->rbp) + X86_REG_64(X86_REG_RSI, ctx->rsi) + X86_REG_64(X86_REG_RDI, ctx->rdi) + X86_REG_64(X86_REG_R8, ctx->r8) + X86_REG_64(X86_REG_R9, ctx->r9) + X86_REG_64(X86_REG_R10, ctx->r10) + X86_REG_64(X86_REG_R11, ctx->r11) + X86_REG_64(X86_REG_R12, ctx->r12) + X86_REG_64(X86_REG_R13, ctx->r13) + X86_REG_64(X86_REG_R14, ctx->r14) + X86_REG_64(X86_REG_R15, ctx->r15) + X86_REG_64(X86_REG_RIP, ctx->rip) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +static guint64 complog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { + + guint64 base = 0; + guint64 index = 0; + guint64 address; + + if (mem->base != X86_REG_INVALID) base = complog_read_reg(ctx, mem->base); + + if (mem->index != X86_REG_INVALID) index = complog_read_reg(ctx, mem->index); + + address = base + (index * mem->scale) + mem->disp; + return address; + +} + +static void complog_handle_call(GumCpuContext *context, guint64 target) { + + guint64 address = complog_read_reg(context, X86_REG_RIP); + guint64 rdi = complog_read_reg(context, X86_REG_RDI); + guint64 rsi = complog_read_reg(context, X86_REG_RSI); + + void *ptr1 = GSIZE_TO_POINTER(rdi); + void *ptr2 = GSIZE_TO_POINTER(rsi); + + if (!complog_is_readable(ptr1, 32) || !complog_is_readable(ptr2, 32)) return; + + uintptr_t k = address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = 31; + + hits &= CMP_MAP_RTN_H - 1; + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, + 32); + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, + 32); + +} + +static guint64 cmplog_get_operand_value(GumCpuContext *context, + complog_ctx_t *ctx) { + + switch (ctx->type) { + + case X86_OP_REG: + return complog_read_reg(context, ctx->reg); + case X86_OP_IMM: + return ctx->imm; + case X86_OP_MEM: + return complog_read_mem(context, &ctx->mem); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + +} + +static void complog_call_callout(GumCpuContext *context, gpointer user_data) { + + complog_ctx_t *ctx = (complog_ctx_t *)user_data; + + guint64 target = cmplog_get_operand_value(context, ctx); + complog_handle_call(context, target); + +} + +static void complog_instrument_put_operand(complog_ctx_t *ctx, + cs_x86_op * operand) { + + ctx->type = operand->type; + ctx->size = operand->size; + switch (operand->type) { + + case X86_OP_REG: + gum_memcpy(&ctx->reg, &operand->reg, sizeof(x86_reg)); + break; + case X86_OP_IMM: + gum_memcpy(&ctx->imm, &operand->imm, sizeof(int64_t)); + break; + case X86_OP_MEM: + gum_memcpy(&ctx->mem, &operand->mem, sizeof(x86_op_mem)); + break; + default: + FATAL("Invalid operand type: %d\n", operand->type); + + } + +} + +static void complog_instrument_call_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand) { + + complog_ctx_t *ctx = g_malloc(sizeof(complog_ctx_t)); + if (ctx == NULL) return; + + complog_instrument_put_operand(ctx, operand); + + gum_stalker_iterator_put_callout(iterator, complog_call_callout, ctx, g_free); + +} + +static void complog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand; + + if (instr->id != X86_INS_CALL) return; + + if (x86.op_count != 1) return; + + operand = &x86.operands[0]; + + if (operand->type == X86_OP_INVALID) return; + if (operand->type == X86_OP_MEM && operand->mem.segment != X86_REG_INVALID) + return; + + complog_instrument_call_put_callout(iterator, operand); + +} + +static void complog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, + guint64 operand2, uint8_t size) { + + guint64 address = complog_read_reg(context, X86_REG_RIP); + + register uintptr_t k = (uintptr_t)address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_INS; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = (size - 1); + + hits &= CMP_MAP_H - 1; + __afl_cmp_map->log[k][hits].v0 = operand1; + __afl_cmp_map->log[k][hits].v1 = operand2; + +} + +static void complog_cmp_sub_callout(GumCpuContext *context, + gpointer user_data) { + + complog_pair_ctx_t *ctx = (complog_pair_ctx_t *)user_data; + + if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); + + guint64 operand1 = cmplog_get_operand_value(context, &ctx->operand1); + guint64 operand2 = cmplog_get_operand_value(context, &ctx->operand2); + + complog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); + +} + +static void complog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand1, + cs_x86_op *operand2) { + + complog_pair_ctx_t *ctx = g_malloc(sizeof(complog_pair_ctx_t)); + if (ctx == NULL) return; + + complog_instrument_put_operand(&ctx->operand1, operand1); + complog_instrument_put_operand(&ctx->operand2, operand2); + + gum_stalker_iterator_put_callout(iterator, complog_cmp_sub_callout, ctx, + g_free); + +} + +static void complog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand1; + cs_x86_op *operand2; + + switch (instr->id) { + + case X86_INS_CMP: + case X86_INS_SUB: + break; + default: + return; + + } + + if (x86.op_count != 2) return; + + operand1 = &x86.operands[0]; + operand2 = &x86.operands[1]; + + if (operand1->type == X86_OP_INVALID) return; + if (operand2->type == X86_OP_INVALID) return; + + if ((operand1->type == X86_OP_MEM) && + (operand1->mem.segment != X86_REG_INVALID)) + return; + + if ((operand2->type == X86_OP_MEM) && + (operand2->mem.segment != X86_REG_INVALID)) + return; + + complog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); + +} + +void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + if (__afl_cmp_map == NULL) return; + + complog_instrument_call(instr, iterator); + complog_instrument_cmp_sub(instr, iterator); + +} + +#endif + diff --git a/frida_mode/src/complog/complog_x86.c b/frida_mode/src/complog/complog_x86.c new file mode 100644 index 00000000..df7b7cc1 --- /dev/null +++ b/frida_mode/src/complog/complog_x86.c @@ -0,0 +1,15 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "complog.h" + +#if defined(__arm__) +void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + FATAL("Complog mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/instrument.c b/frida_mode/src/instrument.c deleted file mode 100644 index 22910062..00000000 --- a/frida_mode/src/instrument.c +++ /dev/null @@ -1,271 +0,0 @@ -#include "frida-gum.h" -#include "config.h" -#include "debug.h" -#include "prefetch.h" -#include "ranges.h" -#include "unistd.h" - -extern uint8_t *__afl_area_ptr; -extern u32 __afl_map_size; - -uint64_t __thread previous_pc = 0; -GumAddress current_log_impl = GUM_ADDRESS(0); - -static gboolean tracing = false; -static gboolean optimize = false; -static gboolean strict = false; - -#if defined(__x86_64__) -static const guint8 afl_log_code[] = { - - 0x9c, /* pushfq */ - 0x50, /* push rax */ - 0x51, /* push rcx */ - 0x52, /* push rdx */ - - 0x48, 0x8d, 0x05, 0x27, - 0x00, 0x00, 0x00, /* lea rax, sym._afl_area_ptr_ptr */ - 0x48, 0x8b, 0x00, /* mov rax, qword [rax] */ - 0x48, 0x8b, 0x00, /* mov rax, qword [rax] */ - 0x48, 0x8d, 0x0d, 0x22, - 0x00, 0x00, 0x00, /* lea rcx, sym.previous_pc */ - 0x48, 0x8b, 0x11, /* mov rdx, qword [rcx] */ - 0x48, 0x8b, 0x12, /* mov rdx, qword [rdx] */ - 0x48, 0x31, 0xfa, /* xor rdx, rdi */ - 0xfe, 0x04, 0x10, /* inc byte [rax + rdx] */ - 0x48, 0xd1, 0xef, /* shr rdi, 1 */ - 0x48, 0x8b, 0x01, /* mov rax, qword [rcx] */ - 0x48, 0x89, 0x38, /* mov qword [rax], rdi */ - - 0x5a, /* pop rdx */ - 0x59, /* pop rcx */ - 0x58, /* pop rax */ - 0x9d, /* popfq */ - - 0xc3, /* ret */ - - /* Read-only data goes here: */ - /* uint8_t** afl_area_ptr_ptr */ - /* uint64_t* afl_prev_loc_ptr */ - -}; - -void instrument_coverage_optimize(const cs_insn * instr, - GumStalkerOutput *output) { - - guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - area_offset &= MAP_SIZE - 1; - GumX86Writer *cw = output->writer.x86; - - if (current_log_impl == 0 || - !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || - !gum_x86_writer_can_branch_directly_between(cw->pc + 128, - current_log_impl)) { - - gconstpointer after_log_impl = cw->code + 1; - - gum_x86_writer_put_jmp_near_label(cw, after_log_impl); - - current_log_impl = cw->pc; - gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); - - uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; - uint64_t *afl_prev_loc_ptr = &previous_pc; - gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, - sizeof(afl_area_ptr_ptr)); - gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, - sizeof(afl_prev_loc_ptr)); - - gum_x86_writer_put_label(cw, after_log_impl); - - } - - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - -GUM_RED_ZONE_SIZE); - gum_x86_writer_put_push_reg(cw, GUM_REG_RDI); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDI, area_offset); - gum_x86_writer_put_call_address(cw, current_log_impl); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RDI); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - GUM_RED_ZONE_SIZE); - -} - -#elif defined(__aarch64__) -static const guint8 afl_log_code[] = { - - // __afl_area_ptr[current_pc ^ previous_pc]++; - // previous_pc = current_pc >> 1; - 0xE1, 0x0B, 0xBF, 0xA9, // stp x1, x2, [sp, -0x10]! - 0xE3, 0x13, 0xBF, 0xA9, // stp x3, x4, [sp, -0x10]! - - // x0 = current_pc - 0xc1, 0x01, 0x00, 0x58, // ldr x1, #0x38, =&__afl_area_ptr - 0x21, 0x00, 0x40, 0xf9, // ldr x1, [x1] (=__afl_area_ptr) - - 0xc2, 0x01, 0x00, 0x58, // ldr x2, #0x38, =&previous_pc - 0x42, 0x00, 0x40, 0xf9, // ldr x2, [x2] (=previous_pc) - - // __afl_area_ptr[current_pc ^ previous_pc]++; - 0x42, 0x00, 0x00, 0xca, // eor x2, x2, x0 - 0x23, 0x68, 0x62, 0xf8, // ldr x3, [x1, x2] - 0x63, 0x04, 0x00, 0x91, // add x3, x3, #1 - 0x23, 0x68, 0x22, 0xf8, // str x3, [x1, x2] - - // previous_pc = current_pc >> 1; - 0xe0, 0x07, 0x40, 0x8b, // add x0, xzr, x0, LSR #1 - 0xe2, 0x00, 0x00, 0x58, // ldr x2, #0x1c, =&previous_pc - 0x40, 0x00, 0x00, 0xf9, // str x0, [x2] - - 0xE3, 0x13, 0xc1, 0xA8, // ldp x3, x4, [sp], #0x10 - 0xE1, 0x0B, 0xc1, 0xA8, // ldp x1, x2, [sp], #0x10 - 0xC0, 0x03, 0x5F, 0xD6, // ret - - // &afl_area_ptr_ptr - // &afl_prev_loc_ptr - -}; - -void instrument_coverage_optimize(const cs_insn * instr, - GumStalkerOutput *output) { - - guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - area_offset &= MAP_SIZE - 1; - GumArm64Writer *cw = output->writer.arm64; - - if (current_log_impl == 0 || - !gum_arm64_writer_can_branch_directly_between(cw, cw->pc, - current_log_impl) || - !gum_arm64_writer_can_branch_directly_between(cw, cw->pc + 128, - current_log_impl)) { - - gconstpointer after_log_impl = cw->code + 1; - - gum_arm64_writer_put_b_label(cw, after_log_impl); - - current_log_impl = cw->pc; - gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); - - uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; - uint64_t *afl_prev_loc_ptr = &previous_pc; - gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, - sizeof(afl_area_ptr_ptr)); - gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, - sizeof(afl_prev_loc_ptr)); - - gum_arm64_writer_put_label(cw, after_log_impl); - - } - - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), - GUM_INDEX_PRE_ADJUST); - gum_arm64_writer_put_ldr_reg_u64(cw, ARM64_REG_X0, area_offset); - gum_arm64_writer_put_bl_imm(cw, current_log_impl); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, - GUM_INDEX_POST_ADJUST); - -} - -#endif - -static void on_basic_block(GumCpuContext *context, gpointer user_data) { - - /* - * This function is performance critical as it is called to instrument every - * basic block. By moving our print buffer to a global, we avoid it affecting - * the critical path with additional stack adjustments if tracing is not - * enabled. If tracing is enabled, then we're printing a load of diagnostic - * information so this overhead is unlikely to be noticeable. - */ - static char buffer[200]; - int len; - guint64 current_pc = (guint64)user_data; - if (tracing) { - - /* Avoid any functions which may cause an allocation since the target app - * may already be running inside malloc and it isn't designed to be - * re-entrant on a single thread */ - len = snprintf(buffer, sizeof(buffer), - "current_pc: 0x%016" G_GINT64_MODIFIER - "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", - current_pc, previous_pc); - - write(STDOUT_FILENO, buffer, len + 1); - - } - - current_pc = (current_pc >> 4) ^ (current_pc << 8); - current_pc &= MAP_SIZE - 1; - - __afl_area_ptr[current_pc ^ previous_pc]++; - previous_pc = current_pc >> 1; - -} - -void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, - gpointer user_data) { - - const cs_insn *instr; - gboolean begin = TRUE; - while (gum_stalker_iterator_next(iterator, &instr)) { - - if (begin) { - - prefetch_write((void *)instr->address); - if (!strict || !range_is_excluded((void *)instr->address)) { - - if (optimize) { - - instrument_coverage_optimize(instr, output); - - } else { - - gum_stalker_iterator_put_callout(iterator, on_basic_block, - (gpointer)instr->address, NULL); - - } - - } - - begin = FALSE; - - } - - gum_stalker_iterator_keep(iterator); - - } - -} - -void instrument_init() { - - optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); - tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); - strict = (getenv("AFL_FRIDA_INST_STRICT") != NULL); - -#if !defined(__x86_64__) && !defined(__aarch64__) - optimize = false; -#endif - - OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); - OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); - OKF("Instrumentation - strict [%c]", strict ? 'X' : ' '); - - if (tracing && optimize) { - - FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); - - } - - if (__afl_map_size != 0x10000) { - - FATAL("Bad map size: 0x%08x", __afl_map_size); - - } - -} - diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c new file mode 100644 index 00000000..81080bee --- /dev/null +++ b/frida_mode/src/instrument/instrument.c @@ -0,0 +1,150 @@ +#include + +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "complog.h" +#include "instrument.h" +#include "persistent.h" +#include "prefetch.h" +#include "ranges.h" +#include "stalker.h" + +static gboolean tracing = false; +static gboolean optimize = false; +static gboolean strict = false; +static GumStalkerTransformer *transformer = NULL; + +uint64_t __thread previous_pc = 0; + +__attribute__((hot)) static void on_basic_block(GumCpuContext *context, + gpointer user_data) { + + /* + * This function is performance critical as it is called to instrument every + * basic block. By moving our print buffer to a global, we avoid it affecting + * the critical path with additional stack adjustments if tracing is not + * enabled. If tracing is enabled, then we're printing a load of diagnostic + * information so this overhead is unlikely to be noticeable. + */ + static char buffer[200]; + int len; + guint64 current_pc = (guint64)user_data; + uint8_t * cursor; + uint64_t value; + if (unlikely(tracing)) { + + /* Avoid any functions which may cause an allocation since the target app + * may already be running inside malloc and it isn't designed to be + * re-entrant on a single thread */ + len = snprintf(buffer, sizeof(buffer), + "current_pc: 0x%016" G_GINT64_MODIFIER + "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", + current_pc, previous_pc); + + write(STDOUT_FILENO, buffer, len + 1); + + } + + current_pc = (current_pc >> 4) ^ (current_pc << 8); + current_pc &= MAP_SIZE - 1; + + cursor = &__afl_area_ptr[current_pc ^ previous_pc]; + value = *cursor; + + if (value == 0xff) { + + value = 1; + + } else { + + value++; + + } + + *cursor = value; + previous_pc = current_pc >> 1; + +} + +static void instr_basic_block(GumStalkerIterator *iterator, + GumStalkerOutput *output, gpointer user_data) { + + const cs_insn *instr; + gboolean begin = TRUE; + while (gum_stalker_iterator_next(iterator, &instr)) { + + if (instr->address == persistent_start) { persistent_prologue(output); } + + if (begin) { + + prefetch_write((void *)instr->address); + if (!range_is_excluded((void *)instr->address)) { + + if (optimize) { + + instrument_coverage_optimize(instr, output); + + } else { + + gum_stalker_iterator_put_callout(iterator, on_basic_block, + (gpointer)instr->address, NULL); + + } + + } + + begin = FALSE; + + } + + if (!range_is_excluded((void *)instr->address)) { + + complog_instrument(instr, iterator); + + } + + gum_stalker_iterator_keep(iterator); + + } + +} + +void instrument_init(void) { + + optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); + tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + + if (!instrument_is_coverage_optimize_supported()) optimize = false; + + OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); + OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); + + if (tracing && optimize) { + + FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); + + } + + if (__afl_map_size != 0x10000) { + + FATAL("Bad map size: 0x%08x", __afl_map_size); + + } + + transformer = + gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + + complog_init(); + +} + +GumStalkerTransformer *instrument_get_transformer(void) { + + if (transformer == NULL) { FATAL("Instrumentation not initialized"); } + return transformer; + +} + diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c new file mode 100644 index 00000000..c2d720a7 --- /dev/null +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -0,0 +1,23 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "instrument.h" + +#if defined(__arm__) + +gboolean instrument_is_coverage_optimize_supported(void) { + + return false; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + FATAL("Optimized coverage not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c new file mode 100644 index 00000000..fa3afb48 --- /dev/null +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -0,0 +1,97 @@ +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "instrument.h" + +#if defined(__aarch64__) + +static GumAddress current_log_impl = GUM_ADDRESS(0); + +static const guint8 afl_log_code[] = { + + // __afl_area_ptr[current_pc ^ previous_pc]++; + // previous_pc = current_pc >> 1; + 0xE1, 0x0B, 0xBF, 0xA9, // stp x1, x2, [sp, -0x10]! + 0xE3, 0x13, 0xBF, 0xA9, // stp x3, x4, [sp, -0x10]! + + // x0 = current_pc + 0xe1, 0x01, 0x00, 0x58, // ldr x1, #0x3c, =&__afl_area_ptr + 0x21, 0x00, 0x40, 0xf9, // ldr x1, [x1] (=__afl_area_ptr) + + 0xe2, 0x01, 0x00, 0x58, // ldr x2, #0x3c, =&previous_pc + 0x42, 0x00, 0x40, 0xf9, // ldr x2, [x2] (=previous_pc) + + // __afl_area_ptr[current_pc ^ previous_pc]++; + 0x42, 0x00, 0x00, 0xca, // eor x2, x2, x0 + 0x23, 0x68, 0x62, 0xf8, // ldr x3, [x1, x2] + 0x63, 0x04, 0x00, 0x91, // add x3, x3, #1 + 0x63, 0x00, 0x1f, 0x9a, // adc x3, x3, xzr + 0x23, 0x68, 0x22, 0xf8, // str x3, [x1, x2] + + // previous_pc = current_pc >> 1; + 0xe0, 0x07, 0x40, 0x8b, // add x0, xzr, x0, LSR #1 + 0xe2, 0x00, 0x00, 0x58, // ldr x2, #0x1c, =&previous_pc + 0x40, 0x00, 0x00, 0xf9, // str x0, [x2] + + 0xE3, 0x13, 0xc1, 0xA8, // ldp x3, x4, [sp], #0x10 + 0xE1, 0x0B, 0xc1, 0xA8, // ldp x1, x2, [sp], #0x10 + 0xC0, 0x03, 0x5F, 0xD6, // ret + + // &afl_area_ptr_ptr + // &afl_prev_loc_ptr + +}; + +gboolean instrument_is_coverage_optimize_supported(void) { + + return true; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumArm64Writer *cw = output->writer.arm64; + + if (current_log_impl == 0 || + !gum_arm64_writer_can_branch_directly_between(cw, cw->pc, + current_log_impl) || + !gum_arm64_writer_can_branch_directly_between(cw, cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_arm64_writer_put_b_label(cw, after_log_impl); + + current_log_impl = cw->pc; + gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); + + uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; + uint64_t *afl_prev_loc_ptr = &previous_pc; + gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, + sizeof(afl_area_ptr_ptr)); + gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, + sizeof(afl_prev_loc_ptr)); + + gum_arm64_writer_put_label(cw, after_log_impl); + + } + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + gum_arm64_writer_put_ldr_reg_u64(cw, ARM64_REG_X0, area_offset); + gum_arm64_writer_put_bl_imm(cw, current_log_impl); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c new file mode 100644 index 00000000..901f3bd0 --- /dev/null +++ b/frida_mode/src/instrument/instrument_x64.c @@ -0,0 +1,93 @@ +#include "frida-gum.h" + +#include "config.h" + +#include "instrument.h" + +#if defined(__x86_64__) + +static GumAddress current_log_impl = GUM_ADDRESS(0); + +static const guint8 afl_log_code[] = { + + // 0xcc, + + 0x9c, /* pushfq */ + 0x51, /* push rcx */ + 0x52, /* push rdx */ + + 0x48, 0x8b, 0x0d, 0x28, + 0x00, 0x00, 0x00, /* mov rcx, sym.&previous_pc */ + 0x48, 0x8b, 0x11, /* mov rdx, qword [rcx] */ + 0x48, 0x31, 0xfa, /* xor rdx, rdi */ + + 0x48, 0x03, 0x15, 0x13, + 0x00, 0x00, 0x00, /* add rdx, sym._afl_area_ptr_ptr */ + + 0x80, 0x02, 0x01, /* add byte ptr [rdx], 1 */ + 0x80, 0x12, 0x00, /* adc byte ptr [rdx], 0 */ + 0x48, 0xd1, 0xef, /* shr rdi, 1 */ + 0x48, 0x89, 0x39, /* mov qword [rcx], rdi */ + + 0x5a, /* pop rdx */ + 0x59, /* pop rcx */ + 0x9d, /* popfq */ + + 0xc3, /* ret */ + 0x90, 0x90, 0x90 /* nop pad */ + + /* Read-only data goes here: */ + /* uint8_t* __afl_area_ptr */ + /* uint64_t* &previous_pc */ + +}; + +gboolean instrument_is_coverage_optimize_supported(void) { + + return true; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumX86Writer *cw = output->writer.x86; + + if (current_log_impl == 0 || + !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || + !gum_x86_writer_can_branch_directly_between(cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_x86_writer_put_jmp_near_label(cw, after_log_impl); + + current_log_impl = cw->pc; + gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); + + uint64_t *afl_prev_loc_ptr = &previous_pc; + gum_x86_writer_put_bytes(cw, (const guint8 *)&__afl_area_ptr, + sizeof(__afl_area_ptr)); + gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, + sizeof(afl_prev_loc_ptr)); + + gum_x86_writer_put_label(cw, after_log_impl); + + } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -GUM_RED_ZONE_SIZE); + gum_x86_writer_put_push_reg(cw, GUM_REG_RDI); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDI, area_offset); + gum_x86_writer_put_call_address(cw, current_log_impl); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RDI); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + GUM_RED_ZONE_SIZE); + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c new file mode 100644 index 00000000..5b8cbbba --- /dev/null +++ b/frida_mode/src/instrument/instrument_x86.c @@ -0,0 +1,23 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "instrument.h" + +#if defined(__i386__) + +gboolean instrument_is_coverage_optimize_supported(void) { + + return false; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + FATAL("Optimized coverage not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/interceptor.c b/frida_mode/src/interceptor.c index ba05a80a..8d41b075 100644 --- a/frida_mode/src/interceptor.c +++ b/frida_mode/src/interceptor.c @@ -1,4 +1,5 @@ #include "frida-gum.h" + #include "debug.h" #include "interceptor.h" @@ -14,3 +15,21 @@ void intercept(void *address, gpointer replacement, gpointer user_data) { } +void unintercept(void *address) { + + GumInterceptor *interceptor = gum_interceptor_obtain(); + + gum_interceptor_begin_transaction(interceptor); + gum_interceptor_revert(interceptor, address); + gum_interceptor_end_transaction(interceptor); + gum_interceptor_flush(interceptor); + +} + +void unintercept_self(void) { + + GumInvocationContext *ctx = gum_interceptor_get_current_invocation(); + unintercept(ctx->function); + +} + diff --git a/frida_mode/src/lib.c b/frida_mode/src/lib.c new file mode 100644 index 00000000..326d4819 --- /dev/null +++ b/frida_mode/src/lib.c @@ -0,0 +1,167 @@ +#include +#include +#include +#include +#include +#include + +#include "frida-gum.h" + +#include "debug.h" + +#include "lib.h" + +#if defined(__arm__) || defined(__i386__) + #define ELFCLASS ELFCLASS32 +typedef Elf32_Ehdr Elf_Ehdr; +typedef Elf32_Phdr Elf_Phdr; +typedef Elf32_Shdr Elf_Shdr; +#elif defined(__aarch64__) || defined(__x86_64__) + #define ELFCLASS ELFCLASS64 +typedef Elf64_Ehdr Elf_Ehdr; +typedef Elf64_Phdr Elf_Phdr; +typedef Elf64_Shdr Elf_Shdr; +#else + #error "Unsupported platform" +#endif + +typedef struct { + + gchar name[PATH_MAX + 1]; + gchar path[PATH_MAX + 1]; + GumAddress base_address; + gsize size; + +} lib_details_t; + +static guint64 text_base = 0; +static guint64 text_limit = 0; + +static gboolean lib_find_exe(const GumModuleDetails *details, + gpointer user_data) { + + lib_details_t *lib_details = (lib_details_t *)user_data; + + memcpy(lib_details->name, details->name, PATH_MAX); + memcpy(lib_details->path, details->path, PATH_MAX); + lib_details->base_address = details->range->base_address; + lib_details->size = details->range->size; + return FALSE; + +} + +static gboolean lib_is_little_endian(void) { + + int probe = 1; + return *(char *)&probe; + +} + +static void lib_validate_hdr(Elf_Ehdr *hdr) { + + if (hdr->e_ident[0] != ELFMAG0) FATAL("Invalid e_ident[0]"); + if (hdr->e_ident[1] != ELFMAG1) FATAL("Invalid e_ident[1]"); + if (hdr->e_ident[2] != ELFMAG2) FATAL("Invalid e_ident[2]"); + if (hdr->e_ident[3] != ELFMAG3) FATAL("Invalid e_ident[3]"); + if (hdr->e_ident[4] != ELFCLASS) FATAL("Invalid class"); + if (hdr->e_ident[5] != (lib_is_little_endian() ? ELFDATA2LSB : ELFDATA2MSB)) + FATAL("Invalid endian"); + if (hdr->e_ident[6] != EV_CURRENT) FATAL("Invalid version"); + if (hdr->e_type != ET_DYN) FATAL("Invalid type"); + if (hdr->e_version != EV_CURRENT) FATAL("Invalid e_version"); + if (hdr->e_phoff != sizeof(Elf_Ehdr)) FATAL("Invalid e_phoff"); + if (hdr->e_ehsize != sizeof(Elf_Ehdr)) FATAL("Invalid e_ehsize"); + if (hdr->e_phentsize != sizeof(Elf_Phdr)) FATAL("Invalid e_phentsize"); + if (hdr->e_shentsize != sizeof(Elf_Shdr)) FATAL("Invalid e_shentsize"); + +} + +static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { + + Elf_Shdr *shdr; + Elf_Shdr *shstrtab; + char * shstr; + char * section_name; + Elf_Shdr *curr; + char text_name[] = ".text"; + + shdr = (Elf_Shdr *)((char *)hdr + hdr->e_shoff); + shstrtab = &shdr[hdr->e_shstrndx]; + shstr = (char *)hdr + shstrtab->sh_offset; + + OKF("shdr: %p", shdr); + OKF("shstrtab: %p", shstrtab); + OKF("shstr: %p", shstr); + + for (size_t i = 0; i < hdr->e_shnum; i++) { + + curr = &shdr[i]; + + if (curr->sh_name == 0) continue; + + section_name = &shstr[curr->sh_name]; + OKF("Section: %2lu - base: 0x%016lX size: 0x%016lX %s", i, curr->sh_addr, + curr->sh_size, section_name); + if (memcmp(section_name, text_name, sizeof(text_name)) == 0 && + text_base == 0) { + + text_base = lib_details->base_address + curr->sh_addr; + text_limit = lib_details->base_address + curr->sh_addr + curr->sh_size; + OKF("> text_addr: 0x%016lX", text_base); + OKF("> text_limit: 0x%016lX", text_limit); + + } + + } + +} + +static void lib_get_text_section(lib_details_t *details) { + + int fd = -1; + off_t len; + Elf_Ehdr *hdr; + + fd = open(details->path, O_RDONLY); + if (fd < 0) { FATAL("Failed to open %s", details->path); } + + len = lseek(fd, 0, SEEK_END); + + if (len == (off_t)-1) { FATAL("Failed to lseek %s", details->path); } + + OKF("len: %ld\n", len); + + hdr = (Elf_Ehdr *)mmap(NULL, len, PROT_READ, MAP_PRIVATE, fd, 0); + if (hdr == MAP_FAILED) { FATAL("Failed to map %s", details->path); } + + lib_validate_hdr(hdr); + lib_read_text_section(details, hdr); + + munmap(hdr, len); + close(fd); + +} + +void lib_init(void) { + + lib_details_t lib_details; + gum_process_enumerate_modules(lib_find_exe, &lib_details); + OKF("Executable: 0x%016lx - %s", lib_details.base_address, lib_details.path); + lib_get_text_section(&lib_details); + +} + +guint64 lib_get_text_base(void) { + + if (text_base == 0) FATAL("Lib not initialized"); + return text_base; + +} + +guint64 lib_get_text_limit(void) { + + if (text_limit == 0) FATAL("Lib not initialized"); + return text_limit; + +} + diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 7505c2f9..f712a8c0 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -10,13 +10,17 @@ #endif #include "frida-gum.h" + #include "config.h" #include "debug.h" -#include "interceptor.h" #include "instrument.h" +#include "interceptor.h" +#include "lib.h" +#include "persistent.h" #include "prefetch.h" #include "ranges.h" +#include "stalker.h" #ifdef __APPLE__ extern mach_port_t mach_task_self(); @@ -30,16 +34,15 @@ extern int __libc_start_main(int *(main)(int, char **, char **), int argc, typedef int *(*main_fn_t)(int argc, char **argv, char **envp); -static main_fn_t main_fn = NULL; -static GumStalker * stalker = NULL; +static main_fn_t main_fn = NULL; + static GumMemoryRange code_range = {0}; -extern void __afl_manual_init(); -extern __thread uint64_t previous_pc; +extern void __afl_manual_init(); -static int on_fork() { +static int on_fork(void) { - prefetch_read(stalker); + prefetch_read(); return fork(); } @@ -70,37 +73,46 @@ static void on_main_os(int argc, char **argv, char **envp) { static int *on_main(int argc, char **argv, char **envp) { + void *fork_addr; on_main_os(argc, argv, envp); - stalker = gum_stalker_new(); - if (stalker == NULL) { FATAL("Failed to initialize stalker"); } + unintercept_self(); - gum_stalker_set_trust_threshold(stalker, 0); - - GumStalkerTransformer *transformer = - gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + stalker_init(); + lib_init(); instrument_init(); + persistent_init(); prefetch_init(); - ranges_init(stalker); + ranges_init(); - intercept(fork, on_fork, stalker); + fork_addr = GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); + intercept(fork_addr, on_fork, NULL); - gum_stalker_follow_me(stalker, transformer, NULL); - gum_stalker_deactivate(stalker); + stalker_start(); + stalker_pause(); __afl_manual_init(); /* Child here */ previous_pc = 0; - prefetch_start(stalker); + stalker_resume(); main_fn(argc, argv, envp); - _exit(0); } -#ifdef __APPLE__ -static void intercept_main() { +#if defined(EMBEDDED) +extern int *main(int argc, char **argv, char **envp); + +static void intercept_main(void) { + + main_fn = main; + intercept(main, on_main, NULL); + +} + +#elif defined(__APPLE__) +static void intercept_main(void) { mach_port_t task = mach_task_self(); OKF("Task Id: %u", task); @@ -119,13 +131,14 @@ static int on_libc_start_main(int *(main)(int, char **, char **), int argc, void(*stack_end)) { main_fn = main; + unintercept_self(); intercept(main, on_main, NULL); return __libc_start_main(main, argc, ubp_av, init, fini, rtld_fini, stack_end); } -static void intercept_main() { +static void intercept_main(void) { intercept(__libc_start_main, on_libc_start_main, NULL); @@ -133,7 +146,7 @@ static void intercept_main() { #endif -__attribute__((constructor)) static void init() { +__attribute__((constructor)) static void init(void) { gum_init_embedded(); if (!gum_stalker_is_supported()) { diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c new file mode 100644 index 00000000..fe3a1d20 --- /dev/null +++ b/frida_mode/src/persistent/persistent.c @@ -0,0 +1,68 @@ +#include + +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "persistent.h" +#include "util.h" + +int __afl_sharedmem_fuzzing = 0; +afl_persistent_hook_fn hook = NULL; +guint64 persistent_start = 0; +guint64 persistent_count = 0; + +void persistent_init(void) { + + char *hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK"); + + persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); + persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); + + if (persistent_count != 0 && persistent_start == 0) + FATAL( + "AFL_FRIDA_PERSISTENT_ADDR must be specified if " + "AFL_FRIDA_PERSISTENT_CNT is"); + + if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; + + if (persistent_count != 0 && persistent_count < 100) + WARNF("Persistent count out of recommended range (<100)"); + + if (persistent_count > 10000) + WARNF("Persistent count out of recommended range (<10000)"); + + if (persistent_start != 0 && !persistent_is_supported()) + FATAL("Persistent mode not supported on this architecture"); + + OKF("Instrumentation - persistent mode [%c] (0x%016lX)", + persistent_start == 0 ? ' ' : 'X', persistent_start); + OKF("Instrumentation - persistent count [%c] (%ld)", + persistent_start == 0 ? ' ' : 'X', persistent_count); + OKF("Instrumentation - hook [%s]", hook_name); + + if (hook_name != NULL) { + + void *hook_obj = dlopen(hook_name, RTLD_NOW); + if (hook_obj == NULL) + FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name); + + int (*afl_persistent_hook_init_ptr)(void) = + dlsym(hook_obj, "afl_persistent_hook_init"); + if (afl_persistent_hook_init_ptr == NULL) + FATAL("Failed to find afl_persistent_hook_init in %s", hook_name); + + if (afl_persistent_hook_init_ptr() == 0) + FATAL("afl_persistent_hook_init returned a failure"); + + hook = (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook"); + if (hook == NULL) + FATAL("Failed to find afl_persistent_hook in %s", hook_name); + + __afl_sharedmem_fuzzing = 1; + + } + +} + diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c new file mode 100644 index 00000000..10dab3b2 --- /dev/null +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -0,0 +1,70 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "persistent.h" + +#if defined(__arm__) + +struct arm_regs { + + uint32_t r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10; + + union { + + uint32_t r11; + uint32_t fp; + + }; + + union { + + uint32_t r12; + uint32_t ip; + + }; + + union { + + uint32_t r13; + uint32_t sp; + + }; + + union { + + uint32_t r14; + uint32_t lr; + + }; + + union { + + uint32_t r15; + uint32_t pc; + + }; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16]; + uint32_t vfp_xregs[16]; + +}; + +typedef struct arm_regs arch_api_regs; + +gboolean persistent_is_supported(void) { + + return false; + +} + +void persistent_prologue(GumStalkerOutput *output) { + + FATAL("Persistent mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c new file mode 100644 index 00000000..5a18ac2c --- /dev/null +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -0,0 +1,113 @@ +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "instrument.h" + +#if defined(__aarch64__) + +struct arm64_regs { + + uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; + + union { + + uint64_t x11; + uint32_t fp_32; + + }; + + union { + + uint64_t x12; + uint32_t ip_32; + + }; + + union { + + uint64_t x13; + uint32_t sp_32; + + }; + + union { + + uint64_t x14; + uint32_t lr_32; + + }; + + union { + + uint64_t x15; + uint32_t pc_32; + + }; + + union { + + uint64_t x16; + uint64_t ip0; + + }; + + union { + + uint64_t x17; + uint64_t ip1; + + }; + + uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; + + union { + + uint64_t x29; + uint64_t fp; + + }; + + union { + + uint64_t x30; + uint64_t lr; + + }; + + union { + + uint64_t x31; + uint64_t sp; + + }; + + // the zero register is not saved here ofc + + uint64_t pc; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16 * 16]; + uint8_t vfp_pregs[17][32]; + uint32_t vfp_xregs[16]; + +}; + +typedef struct arm64_regs arch_api_regs; + +gboolean persistent_is_supported(void) { + + return false; + +} + +void persistent_prologue(GumStalkerOutput *output) { + + FATAL("Persistent mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c new file mode 100644 index 00000000..0cabbf24 --- /dev/null +++ b/frida_mode/src/persistent/persistent_x64.c @@ -0,0 +1,337 @@ +#include "frida-gum.h" + +#include "config.h" + +#include "instrument.h" +#include "persistent.h" + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +typedef struct x86_64_regs arch_api_regs; + +static arch_api_regs saved_regs = {0}; +static void * saved_return = NULL; + +gboolean persistent_is_supported(void) { + + return true; + +} + +static void instrument_persitent_save_regs(GumX86Writer * cw, + struct x86_64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + /* Should be pushing FPU here, but meh */ + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 1), + GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 2), + GUM_REG_RCX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 3), + GUM_REG_RDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 4), + GUM_REG_RDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 5), + GUM_REG_RSI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 6), + GUM_REG_RBP); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 7), + GUM_REG_R8); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 8), + GUM_REG_R9); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 9), + GUM_REG_R10); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 10), + GUM_REG_R11); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 11), + GUM_REG_R12); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 12), + GUM_REG_R13); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 13), + GUM_REG_R14); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 14), + GUM_REG_R15); + + /* Store RIP */ + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX, + GUM_ADDRESS(persistent_start)); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 15), + GUM_REG_RBX); + + /* Store adjusted RSP */ + gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP); + + /* RED_ZONE + Saved flags, RAX, alignment */ + gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, + GUM_RED_ZONE_SIZE + (0x8 * 3)); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 16), + GUM_REG_RBX); + + /* Save the flags */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 17), + GUM_REG_RBX); + + /* Save the RAX */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 0), + GUM_REG_RBX); + + /* Pop the saved values */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void instrument_persitent_restore_regs(GumX86Writer * cw, + struct x86_64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX, + (0x8 * 2)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX, + (0x8 * 3)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX, + (0x8 * 4)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX, + (0x8 * 5)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX, + (0x8 * 6)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX, + (0x8 * 7)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX, + (0x8 * 8)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX, + (0x8 * 9)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX, + (0x8 * 10)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX, + (0x8 * 11)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX, + (0x8 * 12)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX, + (0x8 * 13)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, + (0x8 * 14)); + + /* Don't restore RIP or RSP */ + + /* Restore RBX, RAX & Flags */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + (0x8 * 1)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + (0x8 * 0)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + (0x8 * 17)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_popfx(cw); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, + GUM_RED_ZONE_SIZE + 0x10); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + /* Place holder for ret */ + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE); + +} + +static int instrument_afl_persistent_loop_func(void) { + + int ret = __afl_persistent_loop(persistent_count); + previous_pc = 0; + return ret; + +} + +static int instrument_afl_persistent_loop(GumX86Writer *cw) { + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); + gum_x86_writer_put_test_reg_reg(cw, GUM_REG_RAX, GUM_REG_RAX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void persistent_prologue_hook(GumX86Writer * cw, + struct x86_64_regs *regs) { + + if (hook == NULL) return; + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RCX, + GUM_ADDRESS(__afl_fuzz_len)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); + gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); + gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RCX, GUM_REG_RDI); + + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, + GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, + GUM_ADDRESS(__afl_fuzz_ptr), GUM_ARG_REGISTER, GUM_REG_RCX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +void persistent_prologue(GumStalkerOutput *output) { + + /* + * SAVE REGS + * SAVE RET + * POP RET + * loop: + * CALL instrument_afl_persistent_loop + * TEST EAX, EAX + * JZ end: + * call hook (optionally) + * RESTORE REGS + * call original + * jmp loop: + * + * end: + * JMP SAVED RET + * + * original: + * INSTRUMENTED PERSISTENT FUNC + */ + + GumX86Writer *cw = output->writer.x86; + + gconstpointer loop = cw->code + 1; + // gum_x86_writer_put_breakpoint(cw); + + /* Stack must be 16-byte aligned per ABI */ + instrument_persitent_save_regs(cw, &saved_regs); + + /* Stash and pop the return value */ + instrument_save_ret(cw, &saved_return); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8)); + + /* loop: */ + gum_x86_writer_put_label(cw, loop); + + /* call instrument_prologue_func */ + instrument_afl_persistent_loop(cw); + + /* jz done */ + gconstpointer done = cw->code + 1; + gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, done, GUM_UNLIKELY); + + /* Optionally call the persistent hook */ + persistent_prologue_hook(cw, &saved_regs); + + instrument_persitent_restore_regs(cw, &saved_regs); + gconstpointer original = cw->code + 1; + /* call original */ + gum_x86_writer_put_call_near_label(cw, original); + /* jmp loop */ + gum_x86_writer_put_jmp_near_label(cw, loop); + + /* done: */ + gum_x86_writer_put_label(cw, done); + + instrument_jump_ret(cw, &saved_return); + + /* original: */ + gum_x86_writer_put_label(cw, original); + + gum_x86_writer_flush(cw); + +} + +#endif + diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c new file mode 100644 index 00000000..4daa61a9 --- /dev/null +++ b/frida_mode/src/persistent/persistent_x86.c @@ -0,0 +1,53 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "persistent.h" + +#if defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +typedef struct x86_regs arch_api_regs; + +gboolean persistent_is_supported(void) { + + return false; + +} + +void persistent_prologue(GumStalkerOutput *output) { + + FATAL("Persistent mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 64633c1c..65c09fba 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -3,9 +3,12 @@ #include #include "frida-gum.h" -#include "prefetch.h" + #include "debug.h" +#include "prefetch.h" +#include "stalker.h" + #define TRUST 0 #define PREFETCH_SIZE 65536 #define PREFETCH_ENTRIES ((PREFETCH_SIZE - sizeof(size_t)) / sizeof(void *)) @@ -49,8 +52,9 @@ void prefetch_write(void *addr) { /* * Read the IPC region one block at the time and prefetch it */ -void prefetch_read(GumStalker *stalker) { +void prefetch_read(void) { + GumStalker *stalker = stalker_get(); if (prefetch_data == NULL) return; for (size_t i = 0; i < prefetch_data->count; i++) { @@ -68,7 +72,7 @@ void prefetch_read(GumStalker *stalker) { } -void prefetch_init() { +void prefetch_init(void) { g_assert_cmpint(sizeof(prefetch_data_t), ==, PREFETCH_SIZE); gboolean prefetch = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); @@ -106,16 +110,3 @@ void prefetch_init() { } -__attribute__((noinline)) static void prefetch_activation() { - - asm volatile(""); - -} - -void prefetch_start(GumStalker *stalker) { - - gum_stalker_activate(stalker, prefetch_activation); - prefetch_activation(); - -} - diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index 49ef5a62..6fcbd258 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -1,9 +1,11 @@ -// 0x123-0x321 -// module.so +#include "frida-gum.h" -#include "ranges.h" #include "debug.h" +#include "lib.h" +#include "ranges.h" +#include "stalker.h" + #define MAX_RANGES 20 typedef struct { @@ -14,15 +16,11 @@ typedef struct { } convert_name_ctx_t; -typedef struct { - - GumStalker *stalker; - GArray * array; - -} include_range_ctx_t; - -GArray * ranges = NULL; -gboolean exclude_ranges = false; +GArray *module_ranges = NULL; +GArray *libs_ranges = NULL; +GArray *include_ranges = NULL; +GArray *exclude_ranges = NULL; +GArray *ranges = NULL; static void convert_address_token(gchar *token, GumMemoryRange *range) { @@ -159,90 +157,6 @@ static void convert_token(gchar *token, GumMemoryRange *range) { } -static gboolean include_ranges(const GumRangeDetails *details, - gpointer user_data) { - - include_range_ctx_t *ctx = (include_range_ctx_t *)user_data; - GArray * array = (GArray *)ctx->array; - GumAddress base = details->range->base_address; - GumAddress limit = details->range->base_address + details->range->size; - - OKF("Range for inclusion 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x", - base, limit); - - for (int i = 0; i < array->len; i++) { - - GumMemoryRange *range = &g_array_index(array, GumMemoryRange, i); - GumAddress range_base = range->base_address; - GumAddress range_limit = range->base_address + range->size; - - /* Before the region */ - if (range_limit < base) { continue; } - - /* After the region */ - if (range_base > limit) { - - GumMemoryRange exclude = {.base_address = base, .size = limit - base}; - OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER - "x", - base, limit); - gum_stalker_exclude(ctx->stalker, &exclude); - return true; - - } - - /* Overlap the start of the region */ - if (range_base < base) { - - /* Range contains the region */ - if (range_limit > limit) { - - return true; - - } else { - - base = range_limit; - continue; - - } - - /* Overlap the end of the region */ - - } else { - - GumMemoryRange exclude = {.base_address = base, - .size = range_base - base}; - OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER - "x", - base, range_base); - gum_stalker_exclude(ctx->stalker, &exclude); - /* Extend past the end of the region */ - if (range_limit >= limit) { - - return true; - - /* Contained within the region */ - - } else { - - base = range_limit; - continue; - - } - - } - - } - - GumMemoryRange exclude = {.base_address = base, .size = limit - base}; - OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "x", - base, limit); - gum_stalker_exclude(ctx->stalker, &exclude); - return true; - -} - gint range_sort(gconstpointer a, gconstpointer b) { return ((GumMemoryRange *)a)->base_address - @@ -250,8 +164,8 @@ gint range_sort(gconstpointer a, gconstpointer b) { } -static gboolean print_ranges(const GumRangeDetails *details, - gpointer user_data) { +static gboolean print_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { if (details->file == NULL) { @@ -273,62 +187,75 @@ static gboolean print_ranges(const GumRangeDetails *details, } -void ranges_init(GumStalker *stalker) { +static void print_ranges(char *key, GArray *ranges) { - char * showmaps; - char * include; - char * exclude; - char * list; + OKF("Range: %s Length: %d", key, ranges->len); + for (int i = 0; i < ranges->len; i++) { + + GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumAddress curr_limit = curr->base_address + curr->size; + OKF("Range: %s Idx: %3d - 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x", + key, i, curr->base_address, curr_limit); + + } + +} + +static gboolean collect_module_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { + + GArray * ranges = (GArray *)user_data; + GumMemoryRange range = *details->range; + g_array_append_val(ranges, range); + return TRUE; + +} + +static GArray *collect_module_ranges(void) { + + GArray *result; + result = g_array_new(false, false, sizeof(GumMemoryRange)); + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, + collect_module_ranges_callback, result); + print_ranges("Modules", result); + return result; + +} + +static GArray *collect_ranges(char *env_key) { + + char * env_val; gchar ** tokens; int token_count; GumMemoryRange range; + int i; + GArray * result; - int i; + result = g_array_new(false, false, sizeof(GumMemoryRange)); - showmaps = getenv("AFL_FRIDA_DEBUG_MAPS"); - include = getenv("AFL_FRIDA_INST_RANGES"); - exclude = getenv("AFL_FRIDA_EXCLUDE_RANGES"); + env_val = getenv(env_key); + if (env_val == NULL) return result; - if (showmaps) { - - gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges, NULL); - - } - - if (include != NULL && exclude != NULL) { - - FATAL( - "Cannot specifify both AFL_FRIDA_INST_RANGES and " - "AFL_FRIDA_EXCLUDE_RANGES"); - - } - - if (include == NULL && exclude == NULL) { return; } - - list = include == NULL ? exclude : include; - exclude_ranges = include == NULL ? true : false; - - tokens = g_strsplit(list, ",", MAX_RANGES); + tokens = g_strsplit(env_val, ",", MAX_RANGES); for (token_count = 0; tokens[token_count] != NULL; token_count++) ; - ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), token_count); - for (i = 0; i < token_count; i++) { convert_token(tokens[i], &range); - g_array_append_val(ranges, range); + g_array_append_val(result, range); } - g_array_sort(ranges, range_sort); + g_array_sort(result, range_sort); /* Check for overlaps */ for (i = 1; i < token_count; i++) { - GumMemoryRange *prev = &g_array_index(ranges, GumMemoryRange, i - 1); - GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumMemoryRange *prev = &g_array_index(result, GumMemoryRange, i - 1); + GumMemoryRange *curr = &g_array_index(result, GumMemoryRange, i); GumAddress prev_limit = prev->base_address + prev->size; GumAddress curr_limit = curr->base_address + curr->size; if (prev_limit > curr->base_address) { @@ -342,31 +269,283 @@ void ranges_init(GumStalker *stalker) { } - for (i = 0; i < token_count; i++) { + print_ranges(env_key, result); - GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); - GumAddress curr_limit = curr->base_address + curr->size; - OKF("Range %3d - 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "x", - i, curr->base_address, curr_limit); + g_strfreev(tokens); - } + return result; - if (include == NULL) { +} - for (i = 0; i < token_count; i++) { +static GArray *collect_libs_ranges(void) { - gum_stalker_exclude(stalker, &g_array_index(ranges, GumMemoryRange, i)); + GArray * result; + GumMemoryRange range; + result = g_array_new(false, false, sizeof(GumMemoryRange)); - } + if (getenv("AFL_INST_LIBS") == NULL) { + + range.base_address = lib_get_text_base(); + range.size = lib_get_text_limit() - lib_get_text_base(); } else { - include_range_ctx_t ctx = {.stalker = stalker, .array = ranges}; - gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, include_ranges, &ctx); + range.base_address = 0; + range.size = G_MAXULONG; } - g_strfreev(tokens); + g_array_append_val(result, range); + + print_ranges("AFL_INST_LIBS", result); + + return result; + +} + +static gboolean intersect_range(GumMemoryRange *rr, GumMemoryRange *ra, + GumMemoryRange *rb) { + + GumAddress rab = ra->base_address; + GumAddress ral = rab + ra->size; + + GumAddress rbb = rb->base_address; + GumAddress rbl = rbb + rb->size; + + GumAddress rrb = 0; + GumAddress rrl = 0; + + rr->base_address = 0; + rr->size = 0; + + /* ra is before rb */ + if (ral < rbb) { return false; } + + /* ra is after rb */ + if (rab > rbl) { return true; } + + /* The largest of the two base addresses */ + rrb = rab > rbb ? rab : rbb; + + /* The smallest of the two limits */ + rrl = ral < rbl ? ral : rbl; + + rr->base_address = rrb; + rr->size = rrl - rrb; + return true; + +} + +static GArray *intersect_ranges(GArray *a, GArray *b) { + + GArray * result; + GumMemoryRange *ra; + GumMemoryRange *rb; + GumMemoryRange ri; + + result = g_array_new(false, false, sizeof(GumMemoryRange)); + + for (int i = 0; i < a->len; i++) { + + ra = &g_array_index(a, GumMemoryRange, i); + for (int j = 0; j < b->len; j++) { + + rb = &g_array_index(b, GumMemoryRange, j); + + if (!intersect_range(&ri, ra, rb)) { break; } + + if (ri.size == 0) { continue; } + + g_array_append_val(result, ri); + + } + + } + + return result; + +} + +static GArray *subtract_ranges(GArray *a, GArray *b) { + + GArray * result; + GumMemoryRange *ra; + GumAddress ral; + GumMemoryRange *rb; + GumMemoryRange ri; + GumMemoryRange rs; + + result = g_array_new(false, false, sizeof(GumMemoryRange)); + + for (int i = 0; i < a->len; i++) { + + ra = &g_array_index(a, GumMemoryRange, i); + ral = ra->base_address + ra->size; + for (int j = 0; j < b->len; j++) { + + rb = &g_array_index(b, GumMemoryRange, j); + + /* + * If rb is after ra, we have no more possible intersections and we can + * simply keep the remaining range + */ + if (!intersect_range(&ri, ra, rb)) { break; } + + /* + * If there is no intersection, then rb must be before ra, so we must + * continue + */ + if (ri.size == 0) { continue; } + + /* + * If the intersection is part way through the range, then we keep the + * start of the range + */ + if (ra->base_address < ri.base_address) { + + rs.base_address = ra->base_address; + rs.size = ri.base_address - ra->base_address; + g_array_append_val(result, rs); + + } + + /* + * If the intersection extends past the limit of the range, then we should + * continue with the next range + */ + if ((ri.base_address + ri.size) > ral) { + + ra->base_address = ral; + ra->size = 0; + break; + + } + + /* + * Otherwise we advance the base of the range to the end of the + * intersection and continue with the remainder of the range + */ + ra->base_address = ri.base_address + ri.size; + ra->size = ral - ra->base_address; + + } + + /* + * When we have processed all the possible intersections, we add what is + * left + */ + if (ra->size != 0) g_array_append_val(result, *ra); + + } + + return result; + +} + +static GArray *merge_ranges(GArray *a) { + + GArray * result; + GumMemoryRange rp; + GumMemoryRange *r; + + result = g_array_new(false, false, sizeof(GumMemoryRange)); + if (a->len == 0) return result; + + rp = g_array_index(a, GumMemoryRange, 0); + + for (int i = 1; i < a->len; i++) { + + r = &g_array_index(a, GumMemoryRange, i); + + if (rp.base_address + rp.size == r->base_address) { + + rp.size += r->size; + + } else { + + g_array_append_val(result, rp); + rp.base_address = r->base_address; + rp.size = r->size; + continue; + + } + + } + + g_array_append_val(result, rp); + + return result; + +} + +void ranges_init(void) { + + GumMemoryRange ri; + GArray * step1; + GArray * step2; + GArray * step3; + GArray * step4; + GumMemoryRange *r; + GumStalker * stalker; + + if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { + + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, + NULL); + + } + + module_ranges = collect_module_ranges(); + libs_ranges = collect_libs_ranges(); + include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); + + /* If include ranges is empty, then assume everything is included */ + if (include_ranges->len == 0) { + + ri.base_address = 0; + ri.size = G_MAXULONG; + g_array_append_val(include_ranges, ri); + + } + + exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); + + /* Intersect with .text section of main executable unless AFL_INST_LIBS */ + step1 = intersect_ranges(module_ranges, libs_ranges); + print_ranges("step1", step1); + + /* Intersect with AFL_FRIDA_INST_RANGES */ + step2 = intersect_ranges(step1, include_ranges); + print_ranges("step2", step2); + + /* Subtract AFL_FRIDA_EXCLUDE_RANGES */ + step3 = subtract_ranges(step2, exclude_ranges); + print_ranges("step3", step3); + + /* + * After step3, we have the total ranges to be instrumented, we now subtract + * that from the original ranges of the modules to configure stalker. + */ + + step4 = subtract_ranges(module_ranges, step3); + print_ranges("step4", step4); + + ranges = merge_ranges(step4); + print_ranges("final", ranges); + + stalker = stalker_get(); + + for (int i = 0; i < ranges->len; i++) { + + r = &g_array_index(ranges, GumMemoryRange, i); + gum_stalker_exclude(stalker, r); + + } + + g_array_free(step4, TRUE); + g_array_free(step3, TRUE); + g_array_free(step2, TRUE); + g_array_free(step1, TRUE); } @@ -382,13 +561,13 @@ gboolean range_is_excluded(gpointer address) { GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); GumAddress curr_limit = curr->base_address + curr->size; - if (test < curr->base_address) { return !exclude_ranges; } + if (test < curr->base_address) { return false; } - if (test < curr_limit) { return exclude_ranges; } + if (test < curr_limit) { return true; } } - return !exclude_ranges; + return false; } diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c new file mode 100644 index 00000000..5ee519ba --- /dev/null +++ b/frida_mode/src/stalker.c @@ -0,0 +1,49 @@ +#include "debug.h" + +#include "instrument.h" +#include "stalker.h" + +static GumStalker *stalker = NULL; + +void stalker_init(void) { + + stalker = gum_stalker_new(); + if (stalker == NULL) { FATAL("Failed to initialize stalker"); } + + gum_stalker_set_trust_threshold(stalker, 0); + +} + +GumStalker *stalker_get(void) { + + if (stalker == NULL) { FATAL("Stalker uninitialized"); } + return stalker; + +} + +__attribute__((noinline)) static void stalker_activation(void) { + + asm volatile(""); + +} + +void stalker_start(void) { + + GumStalkerTransformer *transformer = instrument_get_transformer(); + gum_stalker_follow_me(stalker, transformer, NULL); + +} + +void stalker_pause(void) { + + gum_stalker_deactivate(stalker); + +} + +void stalker_resume(void) { + + gum_stalker_activate(stalker, stalker_activation); + stalker_activation(); + +} + diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c new file mode 100644 index 00000000..f42afd64 --- /dev/null +++ b/frida_mode/src/util.c @@ -0,0 +1,66 @@ +#include "util.h" + +#include "debug.h" + +guint64 util_read_address(char *key) { + + char *value_str = getenv(key); + + if (value_str == NULL) { return 0; } + + if (!g_str_has_prefix(value_str, "0x")) { + + FATAL("Invalid address should have 0x prefix: %s\n", value_str); + + } + + value_str = &value_str[2]; + + for (char *c = value_str; *c != '\0'; c++) { + + if (!g_ascii_isxdigit(*c)) { + + FATAL("Invalid address not formed of hex digits: %s\n", value_str); + + } + + } + + guint64 value = g_ascii_strtoull(value_str, NULL, 16); + if (value == 0) { + + FATAL("Invalid address failed hex conversion: %s\n", value_str); + + } + + return value; + +} + +guint64 util_read_num(char *key) { + + char *value_str = getenv(key); + + if (value_str == NULL) { return 0; } + + for (char *c = value_str; *c != '\0'; c++) { + + if (!g_ascii_isdigit(*c)) { + + FATAL("Invalid address not formed of decimal digits: %s\n", value_str); + + } + + } + + guint64 value = g_ascii_strtoull(value_str, NULL, 10); + if (value == 0) { + + FATAL("Invalid address failed numeric conversion: %s\n", value_str); + + } + + return value; + +} + diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile new file mode 100644 index 00000000..c203fc5e --- /dev/null +++ b/frida_mode/test/cmplog/GNUmakefile @@ -0,0 +1,66 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../)/ +BUILD_DIR:=$(PWD)build/ + +TEST_CMPLOG_DIR:=$(ROOT)qemu_mode/libcompcov/ +TEST_CMPLOG_OBJ=$(TEST_CMPLOG_DIR)compcovtest + +TEST_BIN:=$(PWD)../../build/test + + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +CMP_LOG_INPUT:=$(TEST_DATA_DIR)in +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(CMP_LOG_INPUT): | $(TEST_DATA_DIR) + truncate -s 64 $@ + +$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc + make -C $(TEST_CMPLOG_DIR) compcovtest + +qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -c 0 \ + -l 3AT \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + +frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -c 0 \ + -l 3AT \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + +clean: + rm -rf $(BUILD_DIR) \ No newline at end of file diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/cmplog/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr.py b/frida_mode/test/cmplog/get_section_addrs.py similarity index 100% rename from frida_mode/test/testinstr.py rename to frida_mode/test/cmplog/get_section_addrs.py diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile new file mode 100644 index 00000000..c381f5ab --- /dev/null +++ b/frida_mode/test/png/GNUmakefile @@ -0,0 +1,106 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +LIBPNG_BUILD_DIR:=$(BUILD_DIR)libpng/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ + +LIBPNG_FILE:=$(LIBPNG_BUILD_DIR)libpng-1.2.56.tar.gz +LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz +LIBPNG_DIR:=$(LIBPNG_BUILD_DIR)libpng-1.2.56/ +LIBPNG_MAKEFILE:=$(LIBPNG_DIR)Makefile +LIBPNG_LIB:=$(LIBPNG_DIR).libs/libpng12.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +PNGTEST_FILE:=$(PNGTEST_BUILD_DIR)target.cc +PNGTEST_OBJ:=$(PNGTEST_BUILD_DIR)target.o +PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" + +TEST_BIN:=$(BUILD_DIR)test + +TEST_DATA_DIR:=$(LIBPNG_DIR)contrib/pngsuite/ + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) -o $@ -c $< + +######### PNGTEST ######## + +$(PNGTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PNGTEST_FILE): | $(PNGTEST_BUILD_DIR) + wget -O $@ $(PNGTEST_URL) + +$(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) + $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< + +######### LIBPNG ######## + +$(LIBPNG_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPNG_FILE): | $(LIBPNG_BUILD_DIR) + wget -O $@ $(LIBPNG_URL) + +$(LIBPNG_DIR): $(LIBPNG_FILE) + tar zxvf $(LIBPNG_FILE) -C $(LIBPNG_BUILD_DIR) + +$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) + cd $(LIBPNG_DIR) && ./configure + +$(LIBPNG_LIB): $(LIBPNG_MAKEFILE) + make -C $(LIBPNG_DIR) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) + $(CXX) \ + -o $@ \ + $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ + -lz \ + $(TEST_LDFLAGS) + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida: $(TEST_BIN) + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile new file mode 100644 index 00000000..25ddc782 --- /dev/null +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -0,0 +1,54 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../..)/ +BUILD_DIR:=$(PWD)build/ + +TEST_BIN:=$(PWD)../build/test +TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/test/png/ + +$(BUILD_DIR): + mkdir -p $@ + +qemu: | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida: | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +clean: + rm -rf $(BUILD_DIR) \ No newline at end of file diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/persistent/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/png/persistent/get_symbol_addr.py b/frida_mode/test/png/persistent/get_symbol_addr.py new file mode 100755 index 00000000..6458c212 --- /dev/null +++ b/frida_mode/test/png/persistent/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) \ No newline at end of file diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile new file mode 100644 index 00000000..2457287d --- /dev/null +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -0,0 +1,70 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_DIR=$(ROOT)utils/aflpp_driver/ +AFLPP_DRIVER_HOOK_OBJ=$(AFLPP_DRIVER_HOOK_DIR)aflpp_qemu_driver_hook.so + +TEST_BIN:=$(PWD)../../build/test +TEST_DATA_DIR:=../../build/libpng/libpng-1.2.56/contrib/pngsuite/ + +AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/test/png/persistent/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) + truncate -s 1M $@ + +$(AFLPP_DRIVER_HOOK_OBJ): | $(AFLPP_DRIVER_HOOK_DIR) + make -C $(AFLPP_DRIVER_HOOK_DIR) + +qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)/afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +clean: + rm -rf $(BUILD_DIR) + diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile new file mode 100644 index 00000000..9aa24ee5 --- /dev/null +++ b/frida_mode/test/testinstr/GNUmakefile @@ -0,0 +1,50 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/testinstr/Makefile b/frida_mode/test/testinstr/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/testinstr/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr.c b/frida_mode/test/testinstr/testinstr.c similarity index 95% rename from frida_mode/test/testinstr.c rename to frida_mode/test/testinstr/testinstr.c index 37d47f91..5e26fc46 100644 --- a/frida_mode/test/testinstr.c +++ b/frida_mode/test/testinstr/testinstr.c @@ -22,7 +22,7 @@ #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) #endif -TESTINSTR_SECTION void testinstr(char *buf, int len) { +void testinstr(char *buf, int len) { if (len < 1) return; buf[len] = 0; @@ -37,7 +37,7 @@ TESTINSTR_SECTION void testinstr(char *buf, int len) { } -int main(int argc, char **argv) { +TESTINSTR_SECTION int main(int argc, char **argv) { char * file; int fd = -1; diff --git a/include/envs.h b/include/envs.h index ebe98257..cd23ca3f 100644 --- a/include/envs.h +++ b/include/envs.h @@ -59,6 +59,9 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_STRICT", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_PERSISTENT_ADDR", + "AFL_FRIDA_PERSISTENT_CNT", + "AFL_FRIDA_PERSISTENT_HOOK", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_GDB", "AFL_GCC_ALLOWLIST", diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 552bbea8..2089ce78 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -79,8 +79,9 @@ #endif #if defined(__HAIKU__) - extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); -#endif // HAIKU +extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, + size_t bufferSize); +#endif // HAIKU u8 __afl_area_initial[MAP_INITIAL_SIZE]; u8 * __afl_area_ptr_dummy = __afl_area_initial; @@ -1754,11 +1755,11 @@ static int area_is_valid(void *ptr, size_t len) { if (unlikely(!ptr || __asan_region_is_poisoned(ptr, len))) { return 0; } - #ifndef __HAIKU__ - long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); - #else - long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); - #endif // HAIKU +#ifndef __HAIKU__ + long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); +#else + long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); +#endif // HAIKU if (r <= 0 || r > len) return 0; diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index f6cdbe9e..68bd2fa5 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -89,11 +89,11 @@ class AFLLTOPass : public ModulePass { bool runOnModule(Module &M) override; protected: - uint32_t afl_global_id = 1, autodictionary = 1; - uint32_t function_minimum_size = 1; - uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; + uint32_t afl_global_id = 1, autodictionary = 1; + uint32_t function_minimum_size = 1; + uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; unsigned long long int map_addr = 0x10000; - char * skip_nozero = NULL; + char * skip_nozero = NULL; }; diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index d73b0336..d1ca56b8 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 +Subproject commit d1ca56b84e78f821406eef28d836918edfc8d610 diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 727e7f8d..d533fd4a 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -416,7 +416,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, struct rlimit r; - if (!fsrv->cmplog_binary && fsrv->qemu_mode == false) { + if (!fsrv->cmplog_binary && fsrv->qemu_mode == false && + fsrv->frida_mode == false) { unsetenv(CMPLOG_SHM_ENV_VAR); // we do not want that in non-cmplog fsrv diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 27c6c413..c2e9c80f 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -35,7 +35,7 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) { if (fsrv->qemu_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } - if (!fsrv->qemu_mode && argv[0] != fsrv->cmplog_binary) { + if (!fsrv->qemu_mode && !fsrv->frida_mode && argv[0] != fsrv->cmplog_binary) { argv[0] = fsrv->cmplog_binary; diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index b6bfbc29..547311c7 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2774,6 +2774,14 @@ void check_binary(afl_state_t *afl, u8 *fname) { WARNF("AFL_PERSISTENT is no longer supported and may misbehave!"); + } else if (getenv("AFL_FRIDA_PERSISTENT_ADDR")) { + + OKF("FRIDA Persistent mode configuration options detected."); + setenv(PERSIST_ENV_VAR, "1", 1); + afl->persistent_mode = 1; + + afl->shmem_testcase_mode = 1; + } if (afl->fsrv.frida_mode || diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3606533d..58b0a5c2 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1697,13 +1697,14 @@ int main(int argc, char **argv_orig, char **envp) { // TODO: this is semi-nice afl->cmplog_fsrv.trace_bits = afl->fsrv.trace_bits; afl->cmplog_fsrv.qemu_mode = afl->fsrv.qemu_mode; + afl->cmplog_fsrv.frida_mode = afl->fsrv.frida_mode; afl->cmplog_fsrv.cmplog_binary = afl->cmplog_binary; afl->cmplog_fsrv.init_child_func = cmplog_exec_child; if ((map_size <= DEFAULT_SHMEM_SIZE || afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->unicorn_mode) { + !afl->fsrv.frida_mode && !afl->unicorn_mode) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; From dde0538b484df627dac14ff030dd09f55c78558e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 10:59:34 +0200 Subject: [PATCH 146/441] nits --- docs/Changelog.md | 1 + qemu_mode/qemuafl | 2 +- utils/aflpp_driver/aflpp_qemu_driver_hook.c | 10 +++++----- utils/qbdi_mode/template.cpp | 2 +- utils/qemu_persistent_hook/read_into_rdi.c | 10 +++++----- 5 files changed, 13 insertions(+), 12 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 520b13b1..90a1d140 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,7 @@ sending a mail to . ### Version ++3.13a (development) - frida_mode - new mode that uses frida to fuzz binary-only targets, + it currently supports persistent mode and cmplog. thanks to @WorksButNotTested! - create a fuzzing dictionary with the help of CodeQL thanks to @microsvuln! see utils/autodict_ql diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index d1ca56b8..d73b0336 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit d1ca56b84e78f821406eef28d836918edfc8d610 +Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 diff --git a/utils/aflpp_driver/aflpp_qemu_driver_hook.c b/utils/aflpp_driver/aflpp_qemu_driver_hook.c index d3dd98b0..2979fadc 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver_hook.c +++ b/utils/aflpp_driver/aflpp_qemu_driver_hook.c @@ -3,12 +3,12 @@ #include #include -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + // In this example the register RDI is pointing to the memory location // of the target buffer, and the length of the input is in RSI. // This can be seen with a debugger, e.g. gdb (and "disass main") @@ -16,11 +16,11 @@ void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, memcpy(g2h(regs->rdi), input_buf, input_buf_len); regs->rsi = input_buf_len; +} + #undef g2h #undef h2g -} - int afl_persistent_hook_init(void) { // 1 for shared memory input (faster), 0 for normal input (you have to use diff --git a/utils/qbdi_mode/template.cpp b/utils/qbdi_mode/template.cpp index 888ecb58..182a014b 100755 --- a/utils/qbdi_mode/template.cpp +++ b/utils/qbdi_mode/template.cpp @@ -25,7 +25,7 @@ #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) #define INC_AFL_AREA(loc) \ asm volatile( \ - "addb $1, (%0, %1, 1)\n" \ + "addb $1, (%0, %1, 1)\n" \ "adcb $0, (%0, %1, 1)\n" \ : /* no out */ \ : "r"(afl_area_ptr), "r"(loc) \ diff --git a/utils/qemu_persistent_hook/read_into_rdi.c b/utils/qemu_persistent_hook/read_into_rdi.c index c1c6642f..14b2ed85 100644 --- a/utils/qemu_persistent_hook/read_into_rdi.c +++ b/utils/qemu_persistent_hook/read_into_rdi.c @@ -3,12 +3,12 @@ #include #include -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + // In this example the register RDI is pointing to the memory location // of the target buffer, and the length of the input is in RSI. // This can be seen with a debugger, e.g. gdb (and "disass main") @@ -19,11 +19,11 @@ void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, memcpy(g2h(regs->rdi), input_buf, input_buf_len); regs->rsi = input_buf_len; +} + #undef g2h #undef h2g -} - int afl_persistent_hook_init(void) { // 1 for shared memory input (faster), 0 for normal input (you have to use From da65eef57279dae7b652c40bdb31bc6cd749f63d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 12:57:29 +0200 Subject: [PATCH 147/441] fix frida mode --- frida_mode/GNUmakefile | 6 +++--- frida_mode/include/persistent.h | 7 ++++++- frida_mode/src/lib.c | 2 +- frida_mode/src/persistent/persistent.c | 3 --- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 51107910..6b193806 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -5,7 +5,7 @@ SRC_DIR:=$(PWD)src/ INCLUDES:=$(wildcard $(INC_DIR)*.h) SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) BUILD_DIR:=$(PWD)build/ -CFLAGS+=-fPIC -D_GNU_SOURCE -Wno-prio-ctor-dtor +CFLAGS+=-fPIC -D_GNU_SOURCE -Wno-prio-ctor-dtor -fcommon -Wl,--allow-multiple-definition FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so @@ -71,8 +71,8 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(SOURCES) $(QEMU_INC_A -I $(ROOT) \ -I $(ROOT)include \ -I $(INC_DIR) \ - $(ROOT)instrumentation/afl-compiler-rt.o.c \ - -lpthread -ldl -lresolv -lelf + $(ROOT)instrumentation/afl-compiler-rt.o.c +# -lpthread -ldl -lresolv -lelf cp -v $(FRIDA_TRACE) $(ROOT) diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index 14c8a268..017c26c7 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -1,5 +1,9 @@ -#include "frida-gum.h" +#ifndef _PERSISTENT_H + +#define _PERSISTENT_H + +#include "frida-gum.h" #include "config.h" typedef struct arch_api_regs api_regs; @@ -24,3 +28,4 @@ gboolean persistent_is_supported(void); void persistent_prologue(GumStalkerOutput *output); +#endif diff --git a/frida_mode/src/lib.c b/frida_mode/src/lib.c index 326d4819..6e27c170 100644 --- a/frida_mode/src/lib.c +++ b/frida_mode/src/lib.c @@ -1,6 +1,6 @@ #include #include -#include +#include #include #include #include diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index fe3a1d20..34e4093e 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -9,9 +9,6 @@ #include "util.h" int __afl_sharedmem_fuzzing = 0; -afl_persistent_hook_fn hook = NULL; -guint64 persistent_start = 0; -guint64 persistent_count = 0; void persistent_init(void) { From f112357e6165b583924b9b4e44b5b6ef522f722f Mon Sep 17 00:00:00 2001 From: Dmitry Zheregelya Date: Wed, 28 Apr 2021 18:42:20 +0300 Subject: [PATCH 148/441] Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads --- utils/libdislocator/libdislocator.so.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index 1b247c86..7c651afd 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -144,7 +144,7 @@ typedef struct { /* Configurable stuff (use AFL_LD_* to set): */ -static u32 max_mem = MAX_ALLOC; /* Max heap usage to permit */ +static size_t max_mem = MAX_ALLOC; /* Max heap usage to permit */ static u8 alloc_verbose, /* Additional debug messages */ hard_fail, /* abort() when max_mem exceeded? */ no_calloc_over, /* abort() on calloc() overflows? */ @@ -154,7 +154,7 @@ static u8 alloc_verbose, /* Additional debug messages */ #define __thread #warning no thread support available #endif -static __thread size_t total_mem; /* Currently allocated mem */ +static _Atomic size_t total_mem; /* Currently allocated mem */ static __thread u32 call_depth; /* To avoid recursion via fprintf() */ static u32 alloc_canary; @@ -172,9 +172,9 @@ static void *__dislocator_alloc(size_t len) { if (total_mem + len > max_mem || total_mem + len < total_mem) { - if (hard_fail) FATAL("total allocs exceed %u MB", max_mem / 1024 / 1024); + if (hard_fail) FATAL("total allocs exceed %zu MB", max_mem / 1024 / 1024); - DEBUGF("total allocs exceed %u MB, returning NULL", max_mem / 1024 / 1024); + DEBUGF("total allocs exceed %zu MB, returning NULL", max_mem / 1024 / 1024); return NULL; @@ -500,19 +500,20 @@ size_t malloc_usable_size(const void *ptr) { __attribute__((constructor)) void __dislocator_init(void) { - u8 *tmp = (u8 *)getenv("AFL_LD_LIMIT_MB"); + char *tmp = getenv("AFL_LD_LIMIT_MB"); if (tmp) { - u8 *tok; - s32 mmem = (s32)strtol((char *)tmp, (char **)&tok, 10); - if (*tok != '\0' || errno == ERANGE) FATAL("Bad value for AFL_LD_LIMIT_MB"); + char *tok; + unsigned long long mmem = strtoull(tmp, &tok, 10); + if (*tok != '\0' || errno == ERANGE || mmem > SIZE_MAX / 1024 / 1024) + FATAL("Bad value for AFL_LD_LIMIT_MB"); max_mem = mmem * 1024 * 1024; } alloc_canary = ALLOC_CANARY; - tmp = (u8 *)getenv("AFL_RANDOM_ALLOC_CANARY"); + tmp = getenv("AFL_RANDOM_ALLOC_CANARY"); if (tmp) arc4random_buf(&alloc_canary, sizeof(alloc_canary)); @@ -549,4 +550,3 @@ void *erealloc(void *ptr, size_t len) { return realloc(ptr, len); } - From 3a0d4fe0d0a585d152a59ca4601d1981cedbf113 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 28 Apr 2021 18:26:19 +0100 Subject: [PATCH 149/441] Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 64 ++++++++++++++++++---- frida_mode/include/complog.h | 5 ++ frida_mode/include/instrument.h | 11 +++- frida_mode/include/interceptor.h | 5 ++ frida_mode/include/lib.h | 5 ++ frida_mode/include/persistent.h | 8 +-- frida_mode/include/prefetch.h | 5 ++ frida_mode/include/ranges.h | 5 ++ frida_mode/include/stalker.h | 5 ++ frida_mode/include/util.h | 8 +++ frida_mode/src/complog/complog.c | 3 + frida_mode/src/complog/complog_x64.c | 50 ++++++++--------- frida_mode/src/instrument/instrument.c | 9 ++- frida_mode/src/interceptor.c | 2 +- frida_mode/src/main.c | 7 ++- frida_mode/src/persistent/persistent.c | 3 + frida_mode/src/persistent/persistent_x64.c | 2 +- frida_mode/src/ranges.c | 19 ++++--- frida_mode/test/png/GNUmakefile | 1 - 19 files changed, 153 insertions(+), 64 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 6b193806..e317237a 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -3,9 +3,25 @@ ROOT:=$(shell realpath $(PWD)..)/ INC_DIR:=$(PWD)include/ SRC_DIR:=$(PWD)src/ INCLUDES:=$(wildcard $(INC_DIR)*.h) -SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) BUILD_DIR:=$(PWD)build/ -CFLAGS+=-fPIC -D_GNU_SOURCE -Wno-prio-ctor-dtor -fcommon -Wl,--allow-multiple-definition +OBJ_DIR:=$(BUILD_DIR)obj/ +SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) +OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) +CFLAGS+=-fPIC \ + -D_GNU_SOURCE \ + -D_FORTIFY_SOURCE=2 \ + -Werror \ + -Wall \ + -Wextra \ + -Wpointer-arith \ + -g \ + -O3 \ + -funroll-loops \ + +LDFLAGS+=-shared \ + -lpthread \ + -lresolv \ + -ldl \ FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so @@ -36,7 +52,8 @@ GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h -TEST_BUILD_DIR:=$(BUILD_DIR)test/ +AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c +AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o .PHONY: all clean format @@ -49,6 +66,9 @@ all: $(FRIDA_TRACE) $(BUILD_DIR): mkdir -p $(BUILD_DIR) +$(OBJ_DIR): | $(BUILD_DIR) + mkdir -p $@ + $(FRIDA_BUILD_DIR): | $(BUILD_DIR) mkdir -p $@ @@ -61,18 +81,40 @@ $(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) $(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) -$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(SOURCES) $(QEMU_INC_API) Makefile | $(BUILD_DIR) - $(CC) -shared \ +$(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) + $(CC) \ $(CFLAGS) \ - -o $@ \ - $(SOURCES) \ - $(GUM_DEVIT_LIBRARY) \ - -I $(FRIDA_BUILD_DIR) \ -I $(ROOT) \ -I $(ROOT)include \ + -Wno-unused-parameter \ + -Wno-sign-compare \ + -Wno-unused-function \ + -Wno-prio-ctor-dtor \ + -Wno-unused-result \ + -o $@ \ + -c $< + + +define BUILD_SOURCE = +$(2): $(1) GNUmakefile | $(OBJ_DIR) + $(CC) \ + $(CFLAGS) \ + -I $(ROOT)include \ + -I $(FRIDA_BUILD_DIR) \ -I $(INC_DIR) \ - $(ROOT)instrumentation/afl-compiler-rt.o.c -# -lpthread -ldl -lresolv -lelf + -c $1 \ + -o $2 +endef + +$(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))))) + +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) + $(CC) \ + -o $@ \ + $(OBJS) \ + $(GUM_DEVIT_LIBRARY) \ + $(AFL_COMPILER_RT_OBJ) \ + $(LDFLAGS) \ cp -v $(FRIDA_TRACE) $(ROOT) diff --git a/frida_mode/include/complog.h b/frida_mode/include/complog.h index 094b7b93..1c1adb6d 100644 --- a/frida_mode/include/complog.h +++ b/frida_mode/include/complog.h @@ -1,3 +1,6 @@ +#ifndef _COMPLOG_H +#define _COMPLOG_H + extern struct cmp_map *__afl_cmp_map; void complog_init(void); @@ -7,3 +10,5 @@ void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); gboolean complog_is_readable(void *addr, size_t size); +#endif + diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 1b6c6bba..03fd33e5 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -1,10 +1,13 @@ +#ifndef _INSTRUMENT_H +#define _INSTRUMENT_H + #include "frida-gum.h" #include "config.h" -extern uint64_t __thread previous_pc; -extern uint8_t *__afl_area_ptr; -extern uint32_t __afl_map_size; +extern __thread uint64_t previous_pc; +extern uint8_t * __afl_area_ptr; +extern uint32_t __afl_map_size; void instrument_init(void); @@ -16,3 +19,5 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); +#endif + diff --git a/frida_mode/include/interceptor.h b/frida_mode/include/interceptor.h index 49c0630a..0ff754a4 100644 --- a/frida_mode/include/interceptor.h +++ b/frida_mode/include/interceptor.h @@ -1,6 +1,11 @@ +#ifndef _INTERCEPTOR_H +#define _INTERCEPTOR_H + #include "frida-gum.h" void intercept(void *address, gpointer replacement, gpointer user_data); void unintercept(void *address); void unintercept_self(void); +#endif + diff --git a/frida_mode/include/lib.h b/frida_mode/include/lib.h index 1dc426a2..237aecb0 100644 --- a/frida_mode/include/lib.h +++ b/frida_mode/include/lib.h @@ -1,3 +1,6 @@ +#ifndef _LIB_H +#define _LIB_H + #include "frida-gum.h" void lib_init(void); @@ -6,3 +9,5 @@ guint64 lib_get_text_base(void); guint64 lib_get_text_limit(void); +#endif + diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index 017c26c7..e58c5301 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -1,6 +1,5 @@ #ifndef _PERSISTENT_H - #define _PERSISTENT_H #include "frida-gum.h" @@ -17,9 +16,9 @@ extern int __afl_persistent_loop(unsigned int max_cnt); extern unsigned int * __afl_fuzz_len; extern unsigned char *__afl_fuzz_ptr; -guint64 persistent_start; -guint64 persistent_count; -afl_persistent_hook_fn hook; +extern guint64 persistent_start; +extern guint64 persistent_count; +extern afl_persistent_hook_fn hook; void persistent_init(void); @@ -29,3 +28,4 @@ gboolean persistent_is_supported(void); void persistent_prologue(GumStalkerOutput *output); #endif + diff --git a/frida_mode/include/prefetch.h b/frida_mode/include/prefetch.h index 110f717f..8f0cee68 100644 --- a/frida_mode/include/prefetch.h +++ b/frida_mode/include/prefetch.h @@ -1,6 +1,11 @@ +#ifndef _PREFETCH_H +#define _PREFETCH_H + #include "frida-gum.h" void prefetch_init(void); void prefetch_write(void *addr); void prefetch_read(void); +#endif + diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index a021f35c..f652eb8a 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -1,6 +1,11 @@ +#ifndef _RANGES_H +#define _RANGES_H + #include "frida-gum.h" void ranges_init(void); gboolean range_is_excluded(gpointer address); +#endif + diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h index 1962eec9..1f1abb6b 100644 --- a/frida_mode/include/stalker.h +++ b/frida_mode/include/stalker.h @@ -1,3 +1,6 @@ +#ifndef _STALKER_H +#define _STALKER_H + #include "frida-gum.h" void stalker_init(void); @@ -6,3 +9,5 @@ void stalker_start(void); void stalker_pause(void); void stalker_resume(void); +#endif + diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h index 5b4ea76b..afd0b9c1 100644 --- a/frida_mode/include/util.h +++ b/frida_mode/include/util.h @@ -1,6 +1,14 @@ +#ifndef _UTIL_H +#define _UTIL_H + #include "frida-gum.h" +#define UNUSED_PARAMETER(x) (void)(x) +#define IGNORED_RERURN(x) (void)!(x) + guint64 util_read_address(char *key); guint64 util_read_num(char *key); +#endif + diff --git a/frida_mode/src/complog/complog.c b/frida_mode/src/complog/complog.c index 3b679a5c..1857ea3b 100644 --- a/frida_mode/src/complog/complog.c +++ b/frida_mode/src/complog/complog.c @@ -2,6 +2,7 @@ #include "debug.h" #include "cmplog.h" +#include "util.h" extern struct cmp_map *__afl_cmp_map; @@ -10,8 +11,10 @@ static GArray *complog_ranges = NULL; static gboolean complog_range(const GumRangeDetails *details, gpointer user_data) { + UNUSED_PARAMETER(user_data); GumMemoryRange range = *details->range; g_array_append_val(complog_ranges, range); + return TRUE; } diff --git a/frida_mode/src/complog/complog_x64.c b/frida_mode/src/complog/complog_x64.c index 253ec041..28010e7f 100644 --- a/frida_mode/src/complog/complog_x64.c +++ b/frida_mode/src/complog/complog_x64.c @@ -4,6 +4,7 @@ #include "cmplog.h" #include "complog.h" +#include "util.h" #if defined(__x86_64__) @@ -148,7 +149,27 @@ static guint64 complog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { } -static void complog_handle_call(GumCpuContext *context, guint64 target) { +static guint64 cmplog_get_operand_value(GumCpuContext *context, + complog_ctx_t *ctx) { + + switch (ctx->type) { + + case X86_OP_REG: + return complog_read_reg(context, ctx->reg); + case X86_OP_IMM: + return ctx->imm; + case X86_OP_MEM: + return complog_read_mem(context, &ctx->mem); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + +} + +static void complog_call_callout(GumCpuContext *context, gpointer user_data) { + + UNUSED_PARAMETER(user_data); guint64 address = complog_read_reg(context, X86_REG_RIP); guint64 rdi = complog_read_reg(context, X86_REG_RDI); @@ -179,33 +200,6 @@ static void complog_handle_call(GumCpuContext *context, guint64 target) { } -static guint64 cmplog_get_operand_value(GumCpuContext *context, - complog_ctx_t *ctx) { - - switch (ctx->type) { - - case X86_OP_REG: - return complog_read_reg(context, ctx->reg); - case X86_OP_IMM: - return ctx->imm; - case X86_OP_MEM: - return complog_read_mem(context, &ctx->mem); - default: - FATAL("Invalid operand type: %d\n", ctx->type); - - } - -} - -static void complog_call_callout(GumCpuContext *context, gpointer user_data) { - - complog_ctx_t *ctx = (complog_ctx_t *)user_data; - - guint64 target = cmplog_get_operand_value(context, ctx); - complog_handle_call(context, target); - -} - static void complog_instrument_put_operand(complog_ctx_t *ctx, cs_x86_op * operand) { diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 81080bee..3806136a 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -11,17 +11,18 @@ #include "prefetch.h" #include "ranges.h" #include "stalker.h" +#include "util.h" static gboolean tracing = false; static gboolean optimize = false; -static gboolean strict = false; static GumStalkerTransformer *transformer = NULL; -uint64_t __thread previous_pc = 0; +__thread uint64_t previous_pc = 0; __attribute__((hot)) static void on_basic_block(GumCpuContext *context, gpointer user_data) { + UNUSED_PARAMETER(context); /* * This function is performance critical as it is called to instrument every * basic block. By moving our print buffer to a global, we avoid it affecting @@ -44,7 +45,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", current_pc, previous_pc); - write(STDOUT_FILENO, buffer, len + 1); + IGNORED_RERURN(write(STDOUT_FILENO, buffer, len + 1)); } @@ -72,6 +73,8 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, static void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, gpointer user_data) { + UNUSED_PARAMETER(user_data); + const cs_insn *instr; gboolean begin = TRUE; while (gum_stalker_iterator_next(iterator, &instr)) { diff --git a/frida_mode/src/interceptor.c b/frida_mode/src/interceptor.c index 8d41b075..d2802752 100644 --- a/frida_mode/src/interceptor.c +++ b/frida_mode/src/interceptor.c @@ -10,7 +10,7 @@ void intercept(void *address, gpointer replacement, gpointer user_data) { gum_interceptor_begin_transaction(interceptor); GumReplaceReturn ret = gum_interceptor_replace(interceptor, address, replacement, user_data); - if (ret != GUM_ATTACH_OK) { FATAL("gum_interceptor_attach: %d", ret); } + if (ret != GUM_REPLACE_OK) { FATAL("gum_interceptor_attach: %d", ret); } gum_interceptor_end_transaction(interceptor); } diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index f712a8c0..11cf041c 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -21,6 +21,7 @@ #include "prefetch.h" #include "ranges.h" #include "stalker.h" +#include "util.h" #ifdef __APPLE__ extern mach_port_t mach_task_self(); @@ -36,8 +37,6 @@ typedef int *(*main_fn_t)(int argc, char **argv, char **envp); static main_fn_t main_fn = NULL; -static GumMemoryRange code_range = {0}; - extern void __afl_manual_init(); static int on_fork(void) { @@ -55,6 +54,8 @@ static void on_main_os(int argc, char **argv, char **envp) { #else static void on_main_os(int argc, char **argv, char **envp) { + UNUSED_PARAMETER(argc); + /* Personality doesn't affect the current process, it only takes effect on * evec */ int persona = personality(ADDR_NO_RANDOMIZE); @@ -97,7 +98,7 @@ static int *on_main(int argc, char **argv, char **envp) { /* Child here */ previous_pc = 0; stalker_resume(); - main_fn(argc, argv, envp); + return main_fn(argc, argv, envp); } diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 34e4093e..fe3a1d20 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -9,6 +9,9 @@ #include "util.h" int __afl_sharedmem_fuzzing = 0; +afl_persistent_hook_fn hook = NULL; +guint64 persistent_start = 0; +guint64 persistent_count = 0; void persistent_init(void) { diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 0cabbf24..5b8493b2 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -231,7 +231,7 @@ static int instrument_afl_persistent_loop_func(void) { } -static int instrument_afl_persistent_loop(GumX86Writer *cw) { +static void instrument_afl_persistent_loop(GumX86Writer *cw) { gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -(GUM_RED_ZONE_SIZE)); diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index 6fcbd258..e3f09f9e 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -5,6 +5,7 @@ #include "lib.h" #include "ranges.h" #include "stalker.h" +#include "util.h" #define MAX_RANGES 20 @@ -167,6 +168,7 @@ gint range_sort(gconstpointer a, gconstpointer b) { static gboolean print_ranges_callback(const GumRangeDetails *details, gpointer user_data) { + UNUSED_PARAMETER(user_data); if (details->file == NULL) { OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER "X", @@ -190,7 +192,7 @@ static gboolean print_ranges_callback(const GumRangeDetails *details, static void print_ranges(char *key, GArray *ranges) { OKF("Range: %s Length: %d", key, ranges->len); - for (int i = 0; i < ranges->len; i++) { + for (guint i = 0; i < ranges->len; i++) { GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); GumAddress curr_limit = curr->base_address + curr->size; @@ -345,10 +347,10 @@ static GArray *intersect_ranges(GArray *a, GArray *b) { result = g_array_new(false, false, sizeof(GumMemoryRange)); - for (int i = 0; i < a->len; i++) { + for (guint i = 0; i < a->len; i++) { ra = &g_array_index(a, GumMemoryRange, i); - for (int j = 0; j < b->len; j++) { + for (guint j = 0; j < b->len; j++) { rb = &g_array_index(b, GumMemoryRange, j); @@ -377,11 +379,11 @@ static GArray *subtract_ranges(GArray *a, GArray *b) { result = g_array_new(false, false, sizeof(GumMemoryRange)); - for (int i = 0; i < a->len; i++) { + for (guint i = 0; i < a->len; i++) { ra = &g_array_index(a, GumMemoryRange, i); ral = ra->base_address + ra->size; - for (int j = 0; j < b->len; j++) { + for (guint j = 0; j < b->len; j++) { rb = &g_array_index(b, GumMemoryRange, j); @@ -453,7 +455,7 @@ static GArray *merge_ranges(GArray *a) { rp = g_array_index(a, GumMemoryRange, 0); - for (int i = 1; i < a->len; i++) { + for (guint i = 1; i < a->len; i++) { r = &g_array_index(a, GumMemoryRange, i); @@ -535,7 +537,7 @@ void ranges_init(void) { stalker = stalker_get(); - for (int i = 0; i < ranges->len; i++) { + for (guint i = 0; i < ranges->len; i++) { r = &g_array_index(ranges, GumMemoryRange, i); gum_stalker_exclude(stalker, r); @@ -551,12 +553,11 @@ void ranges_init(void) { gboolean range_is_excluded(gpointer address) { - int i; GumAddress test = GUM_ADDRESS(address); if (ranges == NULL) { return false; } - for (i = 0; i < ranges->len; i++) { + for (guint i = 0; i < ranges->len; i++) { GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); GumAddress curr_limit = curr->base_address + curr->size; diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index c381f5ab..7de3e85a 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -80,7 +80,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) -o $@ \ $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ -lz \ - $(TEST_LDFLAGS) clean: rm -rf $(BUILD_DIR) From dedeb01ffa94e9179a88c684c7cfa615982e1f8a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 21:05:21 +0200 Subject: [PATCH 150/441] nits --- frida_mode/GNUmakefile | 1 - frida_mode/src/lib.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index e317237a..8983ff86 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -89,7 +89,6 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) -Wno-unused-parameter \ -Wno-sign-compare \ -Wno-unused-function \ - -Wno-prio-ctor-dtor \ -Wno-unused-result \ -o $@ \ -c $< diff --git a/frida_mode/src/lib.c b/frida_mode/src/lib.c index 6e27c170..feeb6541 100644 --- a/frida_mode/src/lib.c +++ b/frida_mode/src/lib.c @@ -129,7 +129,7 @@ static void lib_get_text_section(lib_details_t *details) { if (len == (off_t)-1) { FATAL("Failed to lseek %s", details->path); } - OKF("len: %ld\n", len); + OKF("len: %ld", len); hdr = (Elf_Ehdr *)mmap(NULL, len, PROT_READ, MAP_PRIVATE, fd, 0); if (hdr == MAP_FAILED) { FATAL("Failed to map %s", details->path); } From 6a134e4a263ce0488a71a79964b4b7665de2dfe4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 21:35:27 +0200 Subject: [PATCH 151/441] frida mode - support non-pie --- frida_mode/src/lib.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/frida_mode/src/lib.c b/frida_mode/src/lib.c index feeb6541..e50163ac 100644 --- a/frida_mode/src/lib.c +++ b/frida_mode/src/lib.c @@ -64,6 +64,7 @@ static void lib_validate_hdr(Elf_Ehdr *hdr) { if (hdr->e_ident[2] != ELFMAG2) FATAL("Invalid e_ident[2]"); if (hdr->e_ident[3] != ELFMAG3) FATAL("Invalid e_ident[3]"); if (hdr->e_ident[4] != ELFCLASS) FATAL("Invalid class"); +/* if (hdr->e_ident[5] != (lib_is_little_endian() ? ELFDATA2LSB : ELFDATA2MSB)) FATAL("Invalid endian"); if (hdr->e_ident[6] != EV_CURRENT) FATAL("Invalid version"); @@ -73,6 +74,7 @@ static void lib_validate_hdr(Elf_Ehdr *hdr) { if (hdr->e_ehsize != sizeof(Elf_Ehdr)) FATAL("Invalid e_ehsize"); if (hdr->e_phentsize != sizeof(Elf_Phdr)) FATAL("Invalid e_phentsize"); if (hdr->e_shentsize != sizeof(Elf_Shdr)) FATAL("Invalid e_shentsize"); +*/ } From 97dbf5b671b334d8edbfcea8dab9031a14a0b5e5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 21:41:04 +0200 Subject: [PATCH 152/441] nits --- frida_mode/GNUmakefile | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 8983ff86..65a7a1c3 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -10,10 +10,7 @@ OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) CFLAGS+=-fPIC \ -D_GNU_SOURCE \ -D_FORTIFY_SOURCE=2 \ - -Werror \ - -Wall \ - -Wextra \ - -Wpointer-arith \ + -Wno-pointer-arith \ -g \ -O3 \ -funroll-loops \ From 423c32969c0111f5fdc666a159497dff805bff89 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 22:48:43 +0200 Subject: [PATCH 153/441] nit --- frida_mode/src/persistent/persistent.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index fe3a1d20..5aad3724 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -30,9 +30,6 @@ void persistent_init(void) { if (persistent_count != 0 && persistent_count < 100) WARNF("Persistent count out of recommended range (<100)"); - if (persistent_count > 10000) - WARNF("Persistent count out of recommended range (<10000)"); - if (persistent_start != 0 && !persistent_is_supported()) FATAL("Persistent mode not supported on this architecture"); From aeb68835328d52722e21c62e4a124f486378897e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 28 Apr 2021 23:29:13 +0200 Subject: [PATCH 154/441] update grammar mutator --- custom_mutators/grammar_mutator/GRAMMAR_VERSION | 2 +- custom_mutators/grammar_mutator/grammar_mutator | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index c7c1948d..3df8150e 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -a2d4e4a +b79d51a diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index a2d4e4ab..b79d51a8 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit a2d4e4ab966f0581219fbb282f5ac8c89e85ead9 +Subproject commit b79d51a8daccbd7a693f9b6765c81ead14f28e26 From 26b84e3521936ec11b7615bb833310d62795020e Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 29 Apr 2021 08:06:14 +0100 Subject: [PATCH 155/441] Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 28 +++-- frida_mode/src/complog/complog.c | 5 +- frida_mode/src/complog/complog_arm.c | 6 +- frida_mode/src/complog/complog_arm64.c | 6 +- frida_mode/src/complog/complog_x86.c | 6 +- frida_mode/src/lib/lib | Bin 0 -> 4144 bytes frida_mode/src/{ => lib}/lib.c | 79 +++++++------ frida_mode/src/lib/lib_apple.c | 82 ++++++++++++++ frida_mode/src/main.c | 4 + frida_mode/src/persistent/persistent.c | 4 +- frida_mode/src/persistent/persistent_arm32.c | 2 + frida_mode/src/persistent/persistent_arm64.c | 2 + frida_mode/src/persistent/persistent_x86.c | 2 + frida_mode/test/exe/GNUmakefile | 50 +++++++++ frida_mode/test/exe/Makefile | 12 ++ frida_mode/test/exe/testinstr.c | 112 +++++++++++++++++++ frida_mode/test/png/GNUmakefile | 4 + 17 files changed, 354 insertions(+), 50 deletions(-) create mode 100755 frida_mode/src/lib/lib rename frida_mode/src/{ => lib}/lib.c (72%) create mode 100644 frida_mode/src/lib/lib_apple.c create mode 100644 frida_mode/test/exe/GNUmakefile create mode 100644 frida_mode/test/exe/Makefile create mode 100644 frida_mode/test/exe/testinstr.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 65a7a1c3..d2f5ba4b 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -10,16 +10,29 @@ OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) CFLAGS+=-fPIC \ -D_GNU_SOURCE \ -D_FORTIFY_SOURCE=2 \ - -Wno-pointer-arith \ -g \ -O3 \ -funroll-loops \ +RT_CFLAGS:=-Wno-unused-parameter \ + -Wno-sign-compare \ + -Wno-unused-function \ + -Wno-unused-result \ + LDFLAGS+=-shared \ -lpthread \ -lresolv \ -ldl \ +ifdef DEBUG +CFLAGS+=-Werror \ + -Wall \ + -Wextra \ + -Wpointer-arith +else +CFLAGS+=-Wno-pointer-arith +endif + FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded @@ -31,7 +44,11 @@ endif ifeq "$(shell uname)" "Darwin" OS:=macos - CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations + RT_CFLAGS:=$(RT_CFLAGS) -Wno-deprecated-declarations +else +ifdef DEBUG + RT_CFLAGS:=$(RT_CFLAGS) -Wno-prio-ctor-dtor +endif endif ifeq "$(shell uname)" "Linux" @@ -81,17 +98,14 @@ $(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) $(CC) \ $(CFLAGS) \ + $(RT_CFLAGS) \ -I $(ROOT) \ -I $(ROOT)include \ - -Wno-unused-parameter \ - -Wno-sign-compare \ - -Wno-unused-function \ - -Wno-unused-result \ -o $@ \ -c $< -define BUILD_SOURCE = +define BUILD_SOURCE $(2): $(1) GNUmakefile | $(OBJ_DIR) $(CC) \ $(CFLAGS) \ diff --git a/frida_mode/src/complog/complog.c b/frida_mode/src/complog/complog.c index 1857ea3b..ce8a3f62 100644 --- a/frida_mode/src/complog/complog.c +++ b/frida_mode/src/complog/complog.c @@ -36,8 +36,9 @@ void complog_init(void) { for (guint i = 0; i < complog_ranges->len; i++) { GumMemoryRange *range = &g_array_index(complog_ranges, GumMemoryRange, i); - OKF("CompLog Range - 0x%016lX - 0x%016lX", range->base_address, - range->base_address + range->size); + OKF("CompLog Range - 0x%016" G_GINT64_MODIFIER + "X - 0x%016" G_GINT64_MODIFIER "X", + range->base_address, range->base_address + range->size); } diff --git a/frida_mode/src/complog/complog_arm.c b/frida_mode/src/complog/complog_arm.c index 82cc2557..1b8eb8f1 100644 --- a/frida_mode/src/complog/complog_arm.c +++ b/frida_mode/src/complog/complog_arm.c @@ -3,10 +3,14 @@ #include "debug.h" #include "complog.h" +#include "util.h" -#if defined(__arm64__) +#if defined(__arm__) void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (__afl_cmp_map == NULL) { return; } FATAL("Complog mode not supported on this architecture"); } diff --git a/frida_mode/src/complog/complog_arm64.c b/frida_mode/src/complog/complog_arm64.c index e4dbf322..ce62f6fd 100644 --- a/frida_mode/src/complog/complog_arm64.c +++ b/frida_mode/src/complog/complog_arm64.c @@ -3,10 +3,14 @@ #include "debug.h" #include "complog.h" +#include "util.h" -#if defined(__i386__) +#if defined(__aarch64__) void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (__afl_cmp_map == NULL) { return; } FATAL("Complog mode not supported on this architecture"); } diff --git a/frida_mode/src/complog/complog_x86.c b/frida_mode/src/complog/complog_x86.c index df7b7cc1..b2e5ddcf 100644 --- a/frida_mode/src/complog/complog_x86.c +++ b/frida_mode/src/complog/complog_x86.c @@ -3,10 +3,14 @@ #include "debug.h" #include "complog.h" +#include "util.h" -#if defined(__arm__) +#if defined(__i386__) void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (__afl_cmp_map == NULL) { return; } FATAL("Complog mode not supported on this architecture"); } diff --git a/frida_mode/src/lib/lib b/frida_mode/src/lib/lib new file mode 100755 index 0000000000000000000000000000000000000000..8f09a3b1be87dd83dd0150c152db5c6bb2857769 GIT binary patch literal 4144 zcmX^A>+L^w1_nlE1_lN;Am#<)1xySKtqcM{76XGM5YGVO`1lalh!Btn8h|K62txU+ zKoJmTgv!Lnm!wvdAe3R4hr=AW4i<(6I2*_Sxyu8HVvbZEQSI -#include -#include -#include -#include -#include +#ifndef __APPLE__ + #include + #include + #include + #include + #include + #include -#include "frida-gum.h" + #include "frida-gum.h" -#include "debug.h" + #include "debug.h" -#include "lib.h" + #include "lib.h" -#if defined(__arm__) || defined(__i386__) - #define ELFCLASS ELFCLASS32 + #if defined(__arm__) || defined(__i386__) + #define ELFCLASS ELFCLASS32 typedef Elf32_Ehdr Elf_Ehdr; typedef Elf32_Phdr Elf_Phdr; typedef Elf32_Shdr Elf_Shdr; -#elif defined(__aarch64__) || defined(__x86_64__) - #define ELFCLASS ELFCLASS64 +typedef Elf32_Addr Elf_Addr; + #elif defined(__aarch64__) || defined(__x86_64__) + #define ELFCLASS ELFCLASS64 typedef Elf64_Ehdr Elf_Ehdr; typedef Elf64_Phdr Elf_Phdr; typedef Elf64_Shdr Elf_Shdr; -#else - #error "Unsupported platform" -#endif +typedef Elf64_Addr Elf_Addr; + #else + #error "Unsupported platform" + #endif typedef struct { @@ -50,13 +53,6 @@ static gboolean lib_find_exe(const GumModuleDetails *details, } -static gboolean lib_is_little_endian(void) { - - int probe = 1; - return *(char *)&probe; - -} - static void lib_validate_hdr(Elf_Ehdr *hdr) { if (hdr->e_ident[0] != ELFMAG0) FATAL("Invalid e_ident[0]"); @@ -64,22 +60,14 @@ static void lib_validate_hdr(Elf_Ehdr *hdr) { if (hdr->e_ident[2] != ELFMAG2) FATAL("Invalid e_ident[2]"); if (hdr->e_ident[3] != ELFMAG3) FATAL("Invalid e_ident[3]"); if (hdr->e_ident[4] != ELFCLASS) FATAL("Invalid class"); -/* - if (hdr->e_ident[5] != (lib_is_little_endian() ? ELFDATA2LSB : ELFDATA2MSB)) - FATAL("Invalid endian"); - if (hdr->e_ident[6] != EV_CURRENT) FATAL("Invalid version"); - if (hdr->e_type != ET_DYN) FATAL("Invalid type"); - if (hdr->e_version != EV_CURRENT) FATAL("Invalid e_version"); - if (hdr->e_phoff != sizeof(Elf_Ehdr)) FATAL("Invalid e_phoff"); - if (hdr->e_ehsize != sizeof(Elf_Ehdr)) FATAL("Invalid e_ehsize"); - if (hdr->e_phentsize != sizeof(Elf_Phdr)) FATAL("Invalid e_phentsize"); - if (hdr->e_shentsize != sizeof(Elf_Shdr)) FATAL("Invalid e_shentsize"); -*/ } static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { + Elf_Phdr *phdr; + gboolean found_preferred_base = FALSE; + Elf_Addr preferred_base; Elf_Shdr *shdr; Elf_Shdr *shstrtab; char * shstr; @@ -87,6 +75,23 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { Elf_Shdr *curr; char text_name[] = ".text"; + phdr = (Elf_Phdr *)((char *)hdr + hdr->e_phoff); + for (size_t i = 0; i < hdr->e_phnum; i++) { + + if (phdr[i].p_type == PT_LOAD) { + + preferred_base = phdr[i].p_vaddr; + found_preferred_base = TRUE; + break; + + } + + } + + if (!found_preferred_base) { FATAL("Failed to find preferred load address"); } + + OKF("Image preferred load address 0x%016lx", preferred_base); + shdr = (Elf_Shdr *)((char *)hdr + hdr->e_shoff); shstrtab = &shdr[hdr->e_shstrndx]; shstr = (char *)hdr + shstrtab->sh_offset; @@ -107,8 +112,8 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { if (memcmp(section_name, text_name, sizeof(text_name)) == 0 && text_base == 0) { - text_base = lib_details->base_address + curr->sh_addr; - text_limit = lib_details->base_address + curr->sh_addr + curr->sh_size; + text_base = lib_details->base_address + curr->sh_addr - preferred_base; + text_limit = text_base + curr->sh_size; OKF("> text_addr: 0x%016lX", text_base); OKF("> text_limit: 0x%016lX", text_limit); @@ -167,3 +172,5 @@ guint64 lib_get_text_limit(void) { } +#endif + diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c new file mode 100644 index 00000000..8f863861 --- /dev/null +++ b/frida_mode/src/lib/lib_apple.c @@ -0,0 +1,82 @@ +#ifdef __APPLE__ + #include "frida-gum.h" + + #include "debug.h" + + #include "lib.h" + #include "util.h" + +extern mach_port_t mach_task_self(); +extern void gum_darwin_enumerate_modules(mach_port_t task, + GumFoundModuleFunc func, + gpointer user_data); + +static guint64 text_base = 0; +static guint64 text_limit = 0; + +static gboolean lib_get_main_module(const GumModuleDetails *details, + gpointer user_data) { + + GumDarwinModule **ret = (GumDarwinModule **)user_data; + GumDarwinModule * module = gum_darwin_module_new_from_memory( + details->path, mach_task_self(), details->range->base_address, + GUM_DARWIN_MODULE_FLAGS_NONE, NULL); + + OKF("Found main module: %s", module->name); + + *ret = module; + + return FALSE; + +} + +gboolean lib_get_text_section(const GumDarwinSectionDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + static size_t idx = 0; + char text_name[] = "__text"; + + OKF("Section: %2lu - base: 0x%016" G_GINT64_MODIFIER + "X size: 0x%016" G_GINT64_MODIFIER "X %s", + idx++, details->vm_address, details->vm_address + details->size, + details->section_name); + + if (memcmp(details->section_name, text_name, sizeof(text_name)) == 0 && + text_base == 0) { + + text_base = details->vm_address; + text_limit = details->vm_address + details->size; + OKF("> text_addr: 0x%016" G_GINT64_MODIFIER "X", text_base); + OKF("> text_limit: 0x%016" G_GINT64_MODIFIER "X", text_limit); + + } + + return TRUE; + +} + +void lib_init(void) { + + GumDarwinModule *module = NULL; + gum_darwin_enumerate_modules(mach_task_self(), lib_get_main_module, &module); + gum_darwin_module_enumerate_sections(module, lib_get_text_section, NULL); + +} + +guint64 lib_get_text_base(void) { + + if (text_base == 0) FATAL("Lib not initialized"); + return text_base; + +} + +guint64 lib_get_text_limit(void) { + + if (text_limit == 0) FATAL("Lib not initialized"); + return text_limit; + +} + +#endif + diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 11cf041c..5c64d192 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -49,6 +49,10 @@ static int on_fork(void) { #ifdef __APPLE__ static void on_main_os(int argc, char **argv, char **envp) { + UNUSED_PARAMETER(argc); + UNUSED_PARAMETER(argv); + UNUSED_PARAMETER(envp); + } #else diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 5aad3724..918ff153 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -33,9 +33,9 @@ void persistent_init(void) { if (persistent_start != 0 && !persistent_is_supported()) FATAL("Persistent mode not supported on this architecture"); - OKF("Instrumentation - persistent mode [%c] (0x%016lX)", + OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_start == 0 ? ' ' : 'X', persistent_start); - OKF("Instrumentation - persistent count [%c] (%ld)", + OKF("Instrumentation - persistent count [%c] (%" G_GINT64_MODIFIER "d)", persistent_start == 0 ? ' ' : 'X', persistent_count); OKF("Instrumentation - hook [%s]", hook_name); diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index 10dab3b2..bc021ff3 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -3,6 +3,7 @@ #include "debug.h" #include "persistent.h" +#include "util.h" #if defined(__arm__) @@ -62,6 +63,7 @@ gboolean persistent_is_supported(void) { void persistent_prologue(GumStalkerOutput *output) { + UNUSED_PARAMETER(output); FATAL("Persistent mode not supported on this architecture"); } diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 5a18ac2c..c198da69 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -4,6 +4,7 @@ #include "debug.h" #include "instrument.h" +#include "util.h" #if defined(__aarch64__) @@ -105,6 +106,7 @@ gboolean persistent_is_supported(void) { void persistent_prologue(GumStalkerOutput *output) { + UNUSED_PARAMETER(output); FATAL("Persistent mode not supported on this architecture"); } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 4daa61a9..9d39c4e9 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -3,6 +3,7 @@ #include "debug.h" #include "persistent.h" +#include "util.h" #if defined(__i386__) @@ -45,6 +46,7 @@ gboolean persistent_is_supported(void) { void persistent_prologue(GumStalkerOutput *output) { + UNUSED_PARAMETER(output); FATAL("Persistent mode not supported on this architecture"); } diff --git a/frida_mode/test/exe/GNUmakefile b/frida_mode/test/exe/GNUmakefile new file mode 100644 index 00000000..7719ad2b --- /dev/null +++ b/frida_mode/test/exe/GNUmakefile @@ -0,0 +1,50 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< -no-pie + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/exe/Makefile b/frida_mode/test/exe/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/exe/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/exe/testinstr.c b/frida_mode/test/exe/testinstr.c new file mode 100644 index 00000000..5e26fc46 --- /dev/null +++ b/frida_mode/test/exe/testinstr.c @@ -0,0 +1,112 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 7de3e85a..515728c4 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -21,6 +21,9 @@ PNGTEST_OBJ:=$(PNGTEST_BUILD_DIR)target.o PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif TEST_DATA_DIR:=$(LIBPNG_DIR)contrib/pngsuite/ @@ -80,6 +83,7 @@ $(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) -o $@ \ $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ -lz \ + $(TEST_BIN_LDFLAGS) \ clean: rm -rf $(BUILD_DIR) From 29dbe665a7a7dc6b2232487dbc6c1ebecbbdfb06 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 29 Apr 2021 09:12:21 +0200 Subject: [PATCH 156/441] nits --- src/afl-fuzz.c | 2 ++ utils/libdislocator/libdislocator.so.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 58b0a5c2..1b3e303c 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1358,6 +1358,7 @@ int main(int argc, char **argv_orig, char **envp) { afl_preload = getenv("AFL_PRELOAD"); u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); if (afl_preload) { frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); @@ -1383,6 +1384,7 @@ int main(int argc, char **argv_orig, char **envp) { } else if (afl->fsrv.frida_mode) { u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); setenv("LD_PRELOAD", frida_binary, 1); setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); ck_free(frida_binary); diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index 7c651afd..dde78f7b 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -145,7 +145,7 @@ typedef struct { /* Configurable stuff (use AFL_LD_* to set): */ static size_t max_mem = MAX_ALLOC; /* Max heap usage to permit */ -static u8 alloc_verbose, /* Additional debug messages */ +static u8 alloc_verbose, /* Additional debug messages */ hard_fail, /* abort() when max_mem exceeded? */ no_calloc_over, /* abort() on calloc() overflows? */ align_allocations; /* Force alignment to sizeof(void*) */ @@ -504,7 +504,7 @@ __attribute__((constructor)) void __dislocator_init(void) { if (tmp) { - char *tok; + char * tok; unsigned long long mmem = strtoull(tmp, &tok, 10); if (*tok != '\0' || errno == ERANGE || mmem > SIZE_MAX / 1024 / 1024) FATAL("Bad value for AFL_LD_LIMIT_MB"); @@ -550,3 +550,4 @@ void *erealloc(void *ptr, size_t len) { return realloc(ptr, len); } + From 17b860d811cbd7695ab9756671c3f2d876ab25e8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 29 Apr 2021 15:09:20 +0200 Subject: [PATCH 157/441] nits --- frida_mode/src/util.c | 10 +++++----- frida_mode/update_frida_version.sh | 13 +++++++++++++ 2 files changed, 18 insertions(+), 5 deletions(-) create mode 100755 frida_mode/update_frida_version.sh diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c index f42afd64..bd13781d 100644 --- a/frida_mode/src/util.c +++ b/frida_mode/src/util.c @@ -14,22 +14,22 @@ guint64 util_read_address(char *key) { } - value_str = &value_str[2]; + char *value_str2 = &value_str[2]; - for (char *c = value_str; *c != '\0'; c++) { + for (char *c = value_str2; *c != '\0'; c++) { if (!g_ascii_isxdigit(*c)) { - FATAL("Invalid address not formed of hex digits: %s\n", value_str); + FATAL("Invalid address not formed of hex digits: %s ('%c')\n", value_str, *c); } } - guint64 value = g_ascii_strtoull(value_str, NULL, 16); + guint64 value = g_ascii_strtoull(value_str2, NULL, 16); if (value == 0) { - FATAL("Invalid address failed hex conversion: %s\n", value_str); + FATAL("Invalid address failed hex conversion: %s\n", value_str2); } diff --git a/frida_mode/update_frida_version.sh b/frida_mode/update_frida_version.sh new file mode 100755 index 00000000..7d938712 --- /dev/null +++ b/frida_mode/update_frida_version.sh @@ -0,0 +1,13 @@ +#!/bin/sh +test -n "$1" && { echo This script has no options. It updates the referenced Frida version in GNUmakefile to the most current one. ; exit 1 ; } + +OLD=$(egrep '^GUM_DEVKIT_VERSION=' GNUmakefile 2>/dev/null|awk -F= '{print$2}') +NEW=$(curl https://github.com/frida/frida/releases/ 2>/dev/null|egrep 'frida-gum-devkit-[0-9.]*-linux-x86_64'|head -n 1|sed 's/.*frida-gum-devkit-//'|sed 's/-linux.*//') + +echo Current set version: $OLD +echo Newest available version: $NEW + +test -z "$OLD" -o -z "$NEW" -o "$OLD" = "$NEW" && { echo Nothing to be done. ; exit 0 ; } + +sed -i "s/=$OLD/=$NEW/" GNUmakefile || exit 1 +echo Successfully updated GNUmakefile From c9d066038fe0bbf8e0ab0a481ca320ca1c31b1bf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Apr 2021 10:27:43 +0200 Subject: [PATCH 158/441] fix PCGUARD, build aflpp_driver with fPIC --- docs/Changelog.md | 5 +- instrumentation/SanitizerCoverageLTO.so.cc | 15 ++- .../SanitizerCoveragePCGUARD.so.cc | 102 ++++++++---------- utils/afl_proxy/afl-proxy.c | 6 ++ utils/aflpp_driver/GNUmakefile | 4 +- 5 files changed, 64 insertions(+), 68 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 90a1d140..5c0f2a9e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -32,10 +32,13 @@ sending a mail to . afl++ ignores these and uses them for splicing instead. - afl-cc: - We do not support llvm versions prior 6.0 anymore + - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode - - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode + - utils/aflpp_driver: + - aflpp_qemu_driver_hook fixed to work with qemu_mode + - aflpp_driver now compiled with -fPIC - add -d (add dead fuzzer stats) to afl-whatsup ### Version ++3.12c (release) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 6dd390e6..2f4337eb 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -60,15 +60,14 @@ using namespace llvm; #define DEBUG_TYPE "sancov" -static const char *const SanCovTracePCIndirName = - "__sanitizer_cov_trace_pc_indir"; -static const char *const SanCovTracePCName = "__sanitizer_cov_trace_pc"; -// static const char *const SanCovTracePCGuardName = +const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir"; +const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc"; +// const char SanCovTracePCGuardName = // "__sanitizer_cov_trace_pc_guard"; -static const char *const SanCovGuardsSectionName = "sancov_guards"; -static const char *const SanCovCountersSectionName = "sancov_cntrs"; -static const char *const SanCovBoolFlagSectionName = "sancov_bools"; -static const char *const SanCovPCsSectionName = "sancov_pcs"; +const char SanCovGuardsSectionName[] = "sancov_guards"; +const char SanCovCountersSectionName[] = "sancov_cntrs"; +const char SanCovBoolFlagSectionName[] = "sancov_bools"; +const char SanCovPCsSectionName[] = "sancov_pcs"; static cl::opt ClCoverageLevel( "lto-coverage-level", diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 09cda9e2..8878d3b1 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -52,49 +52,39 @@ using namespace llvm; #define DEBUG_TYPE "sancov" -static const char *const SanCovTracePCIndirName = - "__sanitizer_cov_trace_pc_indir"; -static const char *const SanCovTracePCName = "__sanitizer_cov_trace_pc"; -static const char *const SanCovTraceCmp1 = "__sanitizer_cov_trace_cmp1"; -static const char *const SanCovTraceCmp2 = "__sanitizer_cov_trace_cmp2"; -static const char *const SanCovTraceCmp4 = "__sanitizer_cov_trace_cmp4"; -static const char *const SanCovTraceCmp8 = "__sanitizer_cov_trace_cmp8"; -static const char *const SanCovTraceConstCmp1 = - "__sanitizer_cov_trace_const_cmp1"; -static const char *const SanCovTraceConstCmp2 = - "__sanitizer_cov_trace_const_cmp2"; -static const char *const SanCovTraceConstCmp4 = - "__sanitizer_cov_trace_const_cmp4"; -static const char *const SanCovTraceConstCmp8 = - "__sanitizer_cov_trace_const_cmp8"; -static const char *const SanCovTraceDiv4 = "__sanitizer_cov_trace_div4"; -static const char *const SanCovTraceDiv8 = "__sanitizer_cov_trace_div8"; -static const char *const SanCovTraceGep = "__sanitizer_cov_trace_gep"; -static const char *const SanCovTraceSwitchName = "__sanitizer_cov_trace_switch"; -static const char *const SanCovModuleCtorTracePcGuardName = +const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir"; +const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc"; +const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1"; +const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2"; +const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4"; +const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8"; +const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1"; +const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2"; +const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4"; +const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8"; +const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4"; +const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8"; +const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep"; +const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch"; +const char SanCovModuleCtorTracePcGuardName[] = "sancov.module_ctor_trace_pc_guard"; -static const char *const SanCovModuleCtor8bitCountersName = +const char SanCovModuleCtor8bitCountersName[] = "sancov.module_ctor_8bit_counters"; -static const char *const SanCovModuleCtorBoolFlagName = - "sancov.module_ctor_bool_flag"; +const char SanCovModuleCtorBoolFlagName[] = "sancov.module_ctor_bool_flag"; static const uint64_t SanCtorAndDtorPriority = 2; -static const char *const SanCovTracePCGuardName = - "__sanitizer_cov_trace_pc_guard"; -static const char *const SanCovTracePCGuardInitName = - "__sanitizer_cov_trace_pc_guard_init"; -static const char *const SanCov8bitCountersInitName = - "__sanitizer_cov_8bit_counters_init"; -static const char *const SanCovBoolFlagInitName = - "__sanitizer_cov_bool_flag_init"; -static const char *const SanCovPCsInitName = "__sanitizer_cov_pcs_init"; +const char SanCovTracePCGuardName[] = "__sanitizer_cov_trace_pc_guard"; +const char SanCovTracePCGuardInitName[] = "__sanitizer_cov_trace_pc_guard_init"; +const char SanCov8bitCountersInitName[] = "__sanitizer_cov_8bit_counters_init"; +const char SanCovBoolFlagInitName[] = "__sanitizer_cov_bool_flag_init"; +const char SanCovPCsInitName[] = "__sanitizer_cov_pcs_init"; -static const char *const SanCovGuardsSectionName = "sancov_guards"; -static const char *const SanCovCountersSectionName = "sancov_cntrs"; -static const char *const SanCovBoolFlagSectionName = "sancov_bools"; -static const char *const SanCovPCsSectionName = "sancov_pcs"; +const char SanCovGuardsSectionName[] = "sancov_guards"; +const char SanCovCountersSectionName[] = "sancov_cntrs"; +const char SanCovBoolFlagSectionName[] = "sancov_bools"; +const char SanCovPCsSectionName[] = "sancov_pcs"; -static const char *const SanCovLowestStackName = "__sancov_lowest_stack"; +const char SanCovLowestStackName[] = "__sancov_lowest_stack"; static char *skip_nozero; @@ -320,12 +310,12 @@ std::pair ModuleSanitizerCoverage::CreateSecStartEnd( Module &M, const char *Section, Type *Ty) { GlobalVariable *SecStart = new GlobalVariable( - M, Ty->getPointerElementType(), false, GlobalVariable::ExternalLinkage, - nullptr, getSectionStart(Section)); + M, Ty->getPointerElementType(), false, + GlobalVariable::ExternalWeakLinkage, nullptr, getSectionStart(Section)); SecStart->setVisibility(GlobalValue::HiddenVisibility); GlobalVariable *SecEnd = new GlobalVariable( - M, Ty->getPointerElementType(), false, GlobalVariable::ExternalLinkage, - nullptr, getSectionEnd(Section)); + M, Ty->getPointerElementType(), false, + GlobalVariable::ExternalWeakLinkage, nullptr, getSectionEnd(Section)); SecEnd->setVisibility(GlobalValue::HiddenVisibility); IRBuilder<> IRB(M.getContext()); if (!TargetTriple.isOSBinFormatCOFF()) @@ -573,7 +563,7 @@ bool ModuleSanitizerCoverage::instrumentModule( } // True if block has successors and it dominates all of them. -static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { +bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { if (succ_begin(BB) == succ_end(BB)) return false; @@ -588,8 +578,7 @@ static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { } // True if block has predecessors and it postdominates all of them. -static bool isFullPostDominator(const BasicBlock * BB, - const PostDominatorTree *PDT) { +bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT) { if (pred_begin(BB) == pred_end(BB)) return false; @@ -603,10 +592,10 @@ static bool isFullPostDominator(const BasicBlock * BB, } -static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, - const DominatorTree * DT, - const PostDominatorTree * PDT, - const SanitizerCoverageOptions &Options) { +bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, + const DominatorTree * DT, + const PostDominatorTree * PDT, + const SanitizerCoverageOptions &Options) { // Don't insert coverage for blocks containing nothing but unreachable: we // will never call __sanitizer_cov() for them, so counting them in @@ -636,8 +625,7 @@ static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, // A twist here is that we treat From->To as a backedge if // * To dominates From or // * To->UniqueSuccessor dominates From -static bool IsBackEdge(BasicBlock *From, BasicBlock *To, - const DominatorTree *DT) { +bool IsBackEdge(BasicBlock *From, BasicBlock *To, const DominatorTree *DT) { if (DT->dominates(To, From)) return true; if (auto Next = To->getUniqueSuccessor()) @@ -651,8 +639,8 @@ static bool IsBackEdge(BasicBlock *From, BasicBlock *To, // // Note that Cmp pruning is controlled by the same flag as the // BB pruning. -static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, - const SanitizerCoverageOptions &Options) { +bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, + const SanitizerCoverageOptions &Options) { if (!Options.NoPrune) if (CMP->hasOneUse()) @@ -1046,7 +1034,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (IsEntryBB) { - // Keep static allocas and llvm.localescape calls in the entry block. Even + // Keep allocas and llvm.localescape calls in the entry block. Even // if we aren't splitting the block, it's nice for allocas to be before // calls. IP = PrepareToSplitEntryBlock(BB, IP); @@ -1221,17 +1209,17 @@ ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass( } -static void registerPCGUARDPass(const PassManagerBuilder &, - legacy::PassManagerBase &PM) { +void registerPCGUARDPass(const PassManagerBuilder &, + legacy::PassManagerBase &PM) { auto p = new ModuleSanitizerCoverageLegacyPass(); PM.add(p); } -static RegisterStandardPasses RegisterCompTransPass( +RegisterStandardPasses RegisterCompTransPass( PassManagerBuilder::EP_OptimizerLast, registerPCGUARDPass); -static RegisterStandardPasses RegisterCompTransPass0( +RegisterStandardPasses RegisterCompTransPass0( PassManagerBuilder::EP_EnabledOnOptLevel0, registerPCGUARDPass); diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index aa7a361a..a80d8a0b 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -70,12 +70,18 @@ static void __afl_map_shm(void) { char *id_str = getenv(SHM_ENV_VAR); char *ptr; + + /* NOTE TODO BUG FIXME: if you want to supply a variable sized map then + uncomment the following: */ + + /* if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) { u32 val = atoi(ptr); if (val > 0) __afl_map_size = val; } + */ if (__afl_map_size > MAP_SIZE) { diff --git a/utils/aflpp_driver/GNUmakefile b/utils/aflpp_driver/GNUmakefile index 8ac054a6..556f6420 100644 --- a/utils/aflpp_driver/GNUmakefile +++ b/utils/aflpp_driver/GNUmakefile @@ -7,7 +7,7 @@ ifneq "" "$(LLVM_BINDIR)" LLVM_BINDIR := $(LLVM_BINDIR)/ endif -CFLAGS := -O3 -funroll-loops -g +CFLAGS := -O3 -funroll-loops -g -fPIC all: libAFLDriver.a libAFLQemuDriver.a aflpp_qemu_driver_hook.so @@ -36,7 +36,7 @@ aflpp_qemu_driver_hook.so: aflpp_qemu_driver_hook.o -$(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so aflpp_qemu_driver_hook.o: aflpp_qemu_driver_hook.c - -$(LLVM_BINDIR)clang -fPIC $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c + -$(LLVM_BINDIR)clang $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c test: debug #clang -S -emit-llvm -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -funroll-loops -o aflpp_driver_test.ll aflpp_driver_test.c From 765f3e5169dc0b69c806b2b10a29250fa162ada7 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 30 Apr 2021 09:28:20 +0100 Subject: [PATCH 159/441] Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name --- .gitmodules | 4 ++ frida_mode/GNUmakefile | 37 +++++++++++++- frida_mode/frida | 1 + frida_mode/test/exe/GNUmakefile | 2 +- frida_mode/test/fuzzbench/GNUmakefile | 61 +++++++++++++++++++++++ frida_mode/test/fuzzbench/Makefile | 12 +++++ frida_mode/test/fuzzbench/fuzzer | Bin 0 -> 1703936 bytes frida_mode/test/fuzzbench/src/Dockerfile | 36 +++++++++++++ frida_mode/test/fuzzbench/src/run.sh | 10 ++++ frida_mode/test/libxml/GNUmakefile | 13 +++++ frida_mode/test/libxml/Makefile | 12 +++++ frida_mode/test/libxml/xml | Bin 0 -> 1849872 bytes frida_mode/test/testinstr/GNUmakefile | 2 +- 13 files changed, 186 insertions(+), 4 deletions(-) create mode 160000 frida_mode/frida create mode 100644 frida_mode/test/fuzzbench/GNUmakefile create mode 100644 frida_mode/test/fuzzbench/Makefile create mode 100755 frida_mode/test/fuzzbench/fuzzer create mode 100644 frida_mode/test/fuzzbench/src/Dockerfile create mode 100644 frida_mode/test/fuzzbench/src/run.sh create mode 100644 frida_mode/test/libxml/GNUmakefile create mode 100644 frida_mode/test/libxml/Makefile create mode 100755 frida_mode/test/libxml/xml diff --git a/.gitmodules b/.gitmodules index c787ec0e..0b8ccd97 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,3 +7,7 @@ [submodule "qemu_mode/qemuafl"] path = qemu_mode/qemuafl url = https://github.com/AFLplusplus/qemuafl +[submodule "frida_mode/frida"] + path = frida_mode/frida + url = https://github.com/WorksButNotTested/frida.git + branch = x64_stalker_fix diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index d2f5ba4b..8199b337 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -5,6 +5,7 @@ SRC_DIR:=$(PWD)src/ INCLUDES:=$(wildcard $(INC_DIR)*.h) BUILD_DIR:=$(PWD)build/ OBJ_DIR:=$(BUILD_DIR)obj/ + SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) CFLAGS+=-fPIC \ @@ -62,17 +63,24 @@ endif GUM_DEVKIT_VERSION=14.2.17 GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" + GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h +FRIDA_DIR:=$(PWD)frida/ +FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile +FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gum-1.0.a +FRIDA_GUM_DEVKIT_DIR:=$(FRIDA_DIR)build/gum-devkit/ +FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gum.h +FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) + AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o - .PHONY: all clean format -############################# FRIDA ############################################ +############################## ALL ############################################# all: $(FRIDA_TRACE) make -C $(ROOT) @@ -83,11 +91,32 @@ $(BUILD_DIR): $(OBJ_DIR): | $(BUILD_DIR) mkdir -p $@ +############################# FRIDA ############################################ + +$(FRIDA_MAKEFILE): + git submodule update --init --recursive $(FRIDA_DIR) + +$(FRIDA_GUM): $(FRIDA_MAKEFILE) + cd $(FRIDA_DIR) && make gum-linux-$(ARCH) + +$(FRIDA_GUM_DEVKIT_HEADER): $(FRIDA_GUM) + $(FRIDA_DIR)releng/devkit.py frida-gum linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ + +$(FRIDA_GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_HEADER) + cd $(FRIDA_GUM_DEVKIT_DIR) && tar cJvf $(FRIDA_GUM_DEVKIT_TARBALL) . + +############################# DEVKIT ########################################### + $(FRIDA_BUILD_DIR): | $(BUILD_DIR) mkdir -p $@ +ifdef FRIDA_SOURCE +$(GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_TARBALL)| $(FRIDA_BUILD_DIR) + cp -v $< $@ +else $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) wget -O $@ $(GUM_DEVKIT_URL) +endif $(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) @@ -95,6 +124,7 @@ $(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) $(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) +############################## AFL ############################################# $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) $(CC) \ $(CFLAGS) \ @@ -104,6 +134,7 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) -o $@ \ -c $< +############################# SOURCE ########################################### define BUILD_SOURCE $(2): $(1) GNUmakefile | $(OBJ_DIR) @@ -118,6 +149,8 @@ endef $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))))) +######################## AFL-FRIDA-TRACE ####################################### + $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) $(CC) \ -o $@ \ diff --git a/frida_mode/frida b/frida_mode/frida new file mode 160000 index 00000000..59457cf8 --- /dev/null +++ b/frida_mode/frida @@ -0,0 +1 @@ +Subproject commit 59457cf83f8411c62988f93da1dfe8b04e228249 diff --git a/frida_mode/test/exe/GNUmakefile b/frida_mode/test/exe/GNUmakefile index 7719ad2b..c543cca8 100644 --- a/frida_mode/test/exe/GNUmakefile +++ b/frida_mode/test/exe/GNUmakefile @@ -40,7 +40,7 @@ qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ -frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) $(ROOT)afl-fuzz \ -D \ -O \ diff --git a/frida_mode/test/fuzzbench/GNUmakefile b/frida_mode/test/fuzzbench/GNUmakefile new file mode 100644 index 00000000..38d8b91e --- /dev/null +++ b/frida_mode/test/fuzzbench/GNUmakefile @@ -0,0 +1,61 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +SRC_DIR:=$(PWD)src/ +BUILD_DIR:=$(PWD)build/ + +FUZZBENCH_DATA_DIR:=$(BUILD_DIR)in/ +R2_DICT:=$(BUILD_DIR)fuzz-target.dict +R2_DICT_URL:=https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/regexp.dict + +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ASSETS_DIR:=$(BUILD_DIR)assets/ +ASSETS_SRC:=$(ROOT)frida_mode/build/afl-frida-trace.so \ + $(R2_DICT) \ + fuzzer \ + $(SRC_DIR)run.sh + +ASSETS_DEST:=$(foreach asset,$(ASSETS_SRC),$(ASSETS_DIR)$(notdir $(asset))) + +.PHONY: all clean frida + +all: $(FUZZBENCH_DATA_DIR) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(ASSETS_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(R2_DICT): | $(BUILD_DIR) + wget -qO $@ $(R2_DICT_URL) + +$(FUZZBENCH_DATA_DIR): $(R2_DICT) + mkdir -p $@ + split -l 1 -d -a 4 $(R2_DICT) $(FUZZBENCH_DATA_DIR)file + +define COPY_ASSET +$(2): $(1) GNUmakefile | $(ASSETS_DIR) + cp -v $(1) $(2) +endef + +$(foreach asset,$(ASSETS_SRC),$(eval $(call COPY_ASSET,$(asset),$(ASSETS_DIR)$(notdir $(asset))))) + +clean: + rm -rf $(BUILD_DIR) + +frida: | $(FUZZBENCH_DATA_DIR) + AFL_QEMU_DRIVER_NO_HOOK=1 \ + AFL_FRIDA_PERSISTENT_CNT=1000000 \ + AFL_FRIDA_PERSISTENT_ADDR=0x55555599f6c0 \ + $(ROOT)afl-fuzz \ + -O \ + -i $(FUZZBENCH_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(PWD)fuzzer + +docker: $(ASSETS_DEST) + docker build -t fuzzbench-frida-mode -f $(SRC_DIR)Dockerfile $(PWD) + docker run --rm -ti fuzzbench-frida-mode /run.sh \ No newline at end of file diff --git a/frida_mode/test/fuzzbench/Makefile b/frida_mode/test/fuzzbench/Makefile new file mode 100644 index 00000000..e71185cc --- /dev/null +++ b/frida_mode/test/fuzzbench/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +docker: + @gmake docker \ No newline at end of file diff --git a/frida_mode/test/fuzzbench/fuzzer b/frida_mode/test/fuzzbench/fuzzer new file mode 100755 index 0000000000000000000000000000000000000000..5e8b7f70b3f04bebb98a9834642e6cc1c2c1eb52 GIT binary patch literal 1703936 zcmeFa3wTu3)jvFeAVIAYQIvYA@j?q;gO`d@UxP9_C~4y*8gET71VOn(k_g(S2E%A3 z<6yK}X{~KqeQUI~jaD#H69dvDTC4G%Dz)Q%kD^9INVS#!@3+>u>`8J&{rf%N^F7ap zkD0yJ+I#J_*IIk+>pAD@$jnnlWMzfiehIC_<_hfohC+D)vm9k@TdnlA)s=#Gf9n(sO}tj=ZaIp_ay|R*D*1c%y*%SL*OA}- zb=$|b@&B_O`q?8201+XHABm_P60?;d@`{Mm=ipSQ4P>0wK!eD|>L9({P#qQj4r zc9TEzp8EY_W)Hb~%o9lMzY=NJF3Yn+P+eUeaX)wR-1eH;<=XzA{dnsUqc%FIAwQ49 zk;V?ehC=kW;qX6%Aj9GR3q=lx-ys11LI9uF0_3?c0Dofuem6MzaPr&^BM*n462ND5 zfc&oq;P(yS|GNPEJpuLZ62O1w0KJ_Q!2i+!{u5#IykYEqYyh5}csRXn43P7v06BLG z;Pb}-e>*&Ye|12+ZVbr(Eb1Muy%PfD`C$NlQvm-*1N`l@0Q{W+^4A5_`+fkQp9bJ# z0dj7GeTTE-eF1#N1ju=6fPFgy>fI2)zbl}<^#S>B3-FVJ0_r^?fd9?`eqIt#@Am@u zKM=rwb%1^j3gCZS0G~Sp>ODO`{%HYxZVJHfA7I~00_rUfkpIGf{LcpD?+L&k9Dv_B z06#xK{&4~A{WQQX-wMe8N`Swe5g<=h0ROWC_!I}|ZC-#p`vl~#3CMp;fSf-G;PXy^ zKA#D|zZ8Jq9Dsj5ApZP4K%S0(cKth`U1J0A>jLoY0sQv~$bWeN{`Ud$-xtu{Hv;%P z6ri_d0seD)0H5pt{LcgU7X|2HVF11;fKOk59&QNe7wG`~91_spx&S`!2IQ{^kaI>r zyKWDV|J;E5ivr}I8leAJK>oD>a-I?(PfGy*KLp76;{g6k1NdAIysp?Fu=Ve=0C{!~ z!2czH|83wo+&pAm0RFQ8`L7GWUmD;Kc>(^jDnM^N0el_~XxCi<{7(qrb5a1GJp%H- z9?;(R0_y#KfL$&K;8PxeH_*?np>Sx*t24zLP@VjHGC*(dJNc(M`N3BIVck1>zOHji zXPjMFI=f%lFIqUebjd7>r(iB#ylB?!@>x}WRa&}w@s$}>33gU>_2SYDxqNh0MRoO+ zl@)`82*^CV#DlR_70|jX|DuKEKJ!Z|s;eq1%ID3QSMFti07Gz>Ra{wG4vSU$MWxkM z^DbF9Yra=haMkk`RLmZ#pus|2x@ewnz1bDjv&!d&7S39@sA_&iMJ0XYlJfG>DtgG| zP-*ePCG(*6Gb^fU7Qh=F@YIUxnX?vNQZwt4inE+nOrKRf%cj#y7cD%Ce(Ryns;Hh( z)i7wVI`vEnTdocc|EXS7Gk<>R{LqpG6$_xs z(40B*YpUjku9#I-xp>~f>N!FvUr-rB-Z|72@**D{8XaxH#bB_cJT$LrN%_L+#bh*R zQDp@*wWw;|(o*o8H6J<$eb)TSxwFWmdeIzKS6)@UX#Q;HmoNwmF4o#AuLR>N;anA} zfjekrFz9?Fl?lqux_A-PBrNC8523Eb<#QLiFzP5RWmiW8m@{i0gsxs(zDSxnud1qY z7Q9MI&eoqfY{Kk$m&~h{g5~t-Qn*{`f{RPbYZjL-n6=d59I7gxTQR%z%6SzK0fm;j zrJxW;y7^GRoW&Kc+zTrhDX6Z}((^7)IZoHnC0 z>_TDZR9E0P1jeo?5K-EGF@sYG8mNF!sFPAam=LOQIU)GE>Yj~8fQehBXcm6Of=lNt zUI6NxC5z{wJ3=k9L~Y^^z&p*EPsXUN3T#|azy&odT3jl%(6&%nWzE8J+6Y94bJdkq zR6SII--UC)z!d|$J(G)-)V;t+YIVF1E-ubU?ibIWweT`VP(!0tW&^1mIB-ob;IgIN9}HXDBxgP|B{;uO}hgvdd;5;rn58W=aP zTMz4IKK>;S{mcBsk>g1D>vH9S%{Uw#8=zHnUYex17(%txbRVSKBZW zXDY7DStyMO6#ix5zY6?vKRpls*X%WKObFaRW<&9h^q)g%F1_g6SMJ0UlC04#eMG1R zNz(K2|Ke}5e0FFI=)@_%kruz~&?%Vgkj8&E-}p1sG$u68$zLVqM~Ctpc(-};a8R*B z=+F#)BRqb6`{{WJ#oa?V>YtQ_=bpd&&scc(9DuZb3xAE98NUM-{udU0e4f?|v7jOU zU!H|`=YXV6wD8_s5BPiwkEy8lZ;FM-6xjP$VBsAT2`y^jDU-dO%~qu8Io68czYez zY~k(oQ;UV)&Enr`;di(2Z5DoJqJ{6b@C6orz`{?n@Sy{I|3AsX z=UDiYEqtzppKjsDTlk2D&$IBSSonz+{!|N}Z{edBeu{;kVc`ob{Am_GYTVv_$mwEWZ|nV{7MVY`M3M8*}`ApBJtZ|;g?wWRtvw>!naxY zD=mDdg}=(e_gMHJS@>QH|6>c^XW?rte9FTA#KId3f3=10xA1iqe!#*nv+$vVeE+Yv z@HrNKxrNWQ@G%QN-ojsN;qxr~bryc2g>SI%`4&EI;ip*mMhjnH;S&}W9@I@9r zY2iyO{0a+SX5nwJ@N+GElZCIe@Hblcr564s3twm9e`?_yEd0$DzRAMhV&PX>_@7z$ zW($9-g^$*6%!wvOMYiULqOs2EQRd_^p-{Abea@p+CM35Vb0)HEn{YP%hW9H#im*hc zbZQ&^O*oBk7P6*$1wM%|mwM?=fsZFVl5nfQM-t8^+$`|Hghvr>68HeZI}olDcrU`E z30Dd{mT(T?GJ$s_4B68Le#yAtjdcpc%fggXUZLwGmBtpeXqcz43h0^dV;9N{K` ze@mE4_jH}WzaYFP;YxvTBFv>$x=i3k!dzmdiv+%gFqc;80)ek0%q3MiU*N@rxs*!h z34AHxeF^6Zd@*4zozfwJ&nL_!Q@a1ZZ2y^r^9ZK|K8^7HgnI=(i7=N&=}v)(0?Jdtpjz&jG2M7T)c5rhvWTp;i# z9|JywaK6Bs2p>u~PvCb5A4WJ=;MWKrPB!0QMf zNw`zsHH42M+$!+>gpVfNEbu*qk0IP7@NWr!mvEiHzaV@p;YxvTBFrU7x=i3k!d!Z! ziv+%gFqa(Z0)ek0%%w&;U*N@rxx`5434AHx6A0%Dd@Jb^DId=cSX zfiEV^sdhRf@cD!}#ZLGCTkKD`jBrZe(+JNZ+$-=&ggKQ?cM5zw;c~*Q0v}0uHsNN0 z4<=kexJlpx2+tv0C-7c`FCknh@L0kefYN0G??`wa;Ua-Y5WbXffxw@91o$$-`2ueu zJfCo$!0!-VKsZ<6*9b2p91{2?!ixy^4~YEO(*n*{zX;VTH&3H%GfO9)pAd=p_#P19upHxlNQG+iX{HH0}8O&17! z6=6<6)A<4~Cd{d4I#1wB3D*+N75HMpoNA^+0-sNqQ_OV#RIS|Pb0jHaIe58 z5x$0Sr@+S(t|#0o@R5X<6K)pxV8SuNO#&Z4_*%ks0`EomI>MC#k0sndxJ=+33C9T+ z2|R*uBjEypKiLF0K{#LFO@yx}oG0)*gp-7G1%8e23c?|QUm|=1;r=aRf5J_KQvyFu z_(sCL0&jXRKQyOl+k{W#w|LsQ)6SW8_F0XiC%?D6GaS1O8Kdz}qsbG_95pRu+A+k& zfF}RxjpbR>wyYmfy?5fW>_^rBGr7}jKp&hD@0xzx$KmBS12r>wLOOd|D4INMEXp^Y zoYgX-dhE{G4JT*KjBks^-#3R~(0cdn$?ttHtNH+Ps|mZTZgg11tFpUJ&Kl94MNyI` zJPvl|O_8G}FK#ZFcHy)iPAk3WQIPJtXJ_O%rVKw2W&fX#Vg3gddAcHZR^%B9eYSE; z=-me z^BmThJYjD|h7>u?5#&5i5M;TReD_qo-|Id(8#)U)!jMCf1;|q1DFHTYl`=02@Sp;33viPH9|^EPfo%dr71#-WvSrkP3hXJsXIq5Zfdc$P zfg=QXK!K?O+@Qdz07@Q>CQj%94|CZc$AI0vk zaDoy(rvD~RC?MeuA?&P#v=YK3Gz#J6kEx>N|5U;&fXwAWxJL<3E8!0$lnCKUCHz$h zKPKTsAw-q%kP=P@RFa+mN_fBN*w5cGs#6r;_`_`qJSY~tLIL%MGZavNI8*`khtUeC zKfER_im5-eE1>?cQUUdcDh1RZzOR7#!z2aNAF>rtfB2U)BR!i7q3{GpVDtAucf5*&XxoP=3I_++yU|#{Yio#-(1b9Y)V+8nv0@DCU zgn9uInaA#?w=gWA19xk$`(F}Tg}|@?!e5k7O~S20U|0a*Pf9qMgr5k3VF83YlrWZr z3L!8ofN-l4UIk=k3V~q(1dg4EH&lQ*N(c-KAY844t4Y{P2n-7#R4L*6BxDI;FC|=} zgndacEo@*~+P?e(C2Ry_o)SWv5@fJWobVSCRtw=eC7i4!8cDca2wgNI|3gJ;D?52b+5{?tXO-dN8gj-0+6T&Pde2U=~x|&VG zXd&b);R7WcMZ)`cvE|z~N#(CAVFU@!3*kv6yr_hy0hxz|aJv%zri5k^?hwL!B|M^p zMSx1uaZu*CBR1o+m_Mfd@iqmtKVG4L_D79dG3}3sDnOoL z1++g_DWLt4?tmGC_Qy#IXn)LBK>Opr#9A@!k82dr{&hwoLKYm#V4=BOuj}MZtP6+i%aQfr5B-|~8GnL@<$6^wi zgs{I7oc?$a2}^{~|Dkj{r$2rK$oxdA|*Kev5bV> zgm9=5oc?$Oppx{z@5tMuxB1iETo%Abjo4NOnj5!&aux!`K^5MEb+4Lu*sH(L^CqGqSRJ=ENg!MU%BX z=6q&AV)7RAYb3)DM&7DVWz`Ra!pnCdOOQH%51HQxwdSq*w?;huKGD&5dozX$(?Sjj zNrxXKJ$vo@Bh3ASu{mqsA88&QjLlv9ezxfvjLlp7{wUKs7+bLR{T<9p7It;bTWjAR zZQiy}5Mb^5IrVR4nGXkJ#}La04lQBVzP}@}qec>2*dMK5J0cn{?38q(*hI6Q2G|x& z)Bsi7hE_MD)h%rGCSkOS>1eXOm#F=~B~7gZkrMnW;-ksp9`pL1nKW|}GB>PkNd6i* zq)=mw$rcPGqrf74x$^5Q(2ksD%YNX!Ke9MpQGysAR41rFP zV7j(9nyg8|*Za(9=}kZ+kO95OoI^zY`uvL?75mh0%=5~_NYQwNJo?SA)k$GE6OH5e z6sU)NR6Lpk9(lGk=cv8wH|7dI$YCx+H(~I)x$~f`@aj&KfLSu_5BdH2Rep$BVMUlmd&V*BZDKqUmtgVxsg=P-$9ijo@caI_0(@}MP9F;^C(lAI!j`D#H7FB zViq|VQHV6%^KUvg+U2%i+vD;-c3A#rkS$d0^DlKUgZXFZ6L~OpL@_2{{0xO}$c0$hj-3Np(Un2=b>vCZaogPXHqSlkDk|mOmB^!yls-CJ69rbFOk}1KSjAonpmiF_H1LfIFkd^@Oh- zBZjMOGgt0D3RTsn_6*k}{8KQFe<^dh!^NzWl99f2v653}wO>K6nZbcE-iAFTDTbicVrGJ{m#nFW?;A=qlV zFWn>7tnKTHJcWU)<|*@I=B{5~1ic0O4<=F>boD=QhHV1;Z&3a`Pyg(L6!So>cu)Xw zkJg=Adb2Q2!akAKBKXF#LUB=A&3+;Rg*)XdK$#PFMcY-xe`FY=0wv zR9o8*qf7YdjtuMpt*4Jx)q{rqS}NrY)h@HnJ;O210yKPxH4w)cyW!uA>w}`T<*(X) zjvs^cg+Ay9Yd?Pa`Z`^Q66EvkX~%Qn2mL@q^8<0qLI@P4K4A-2KST9d-y_X3dwXSu zj5e11L(8+ie~B`rz6^V~V)_#-iK?c1Ram>K(r#E4@I8h^yTkK{7XX?ju=jsF`f0ff(* z0VAj7ppjcD+A;7>C4o?MO+n8LNtx$ah(w)<7xu>^8%>cS`^{aiVN4muzD|EIr;=I5 zc$DdH@mlx^V$9V$BU0089_n>Ps9y`yIL>GJt8cH%ehSGx$A7+vJz*breqFQqA!>3B zB15SDv#jv+$KyHmwVOwTZ(b{N@@yLz1z=?O7NzX)#V7y1`Cb33%!s$~+E&D;9N=2a zr)+BU3_TY7>vVk^UC>Cb(FXl~^H>rfD3_1p%(pM2q=}CXBfy zMUQa%gG)n?OaXiIn;T(CjI(siWG~Q~>O;!JaKXZnSV}|_ zN#bQzEsgBNGPaF5Z$r*#VinU|!SP2_+1^R&--W6owcsz~7R=IY z@)wDy6bx{aY4xq^3Z7@CjtPaJ^yCA`B^pSqVv+@5wPy2a*GP!B7Ak9Tb3_xaj)=lw zQ4+0RS`rG!!m^HWh;?-oZff>~BJ2o-W48l(WIXD!uUb;wCKZotFh2+X^mEt~aGi$YL$^02+vhT3Cszr6?T&7BiFTF;o@8?+E)OZ!r9Rho zraN9`t^a^0DZSF8C)*2zGqisETAwX5fGug}0I+piCx{Psg@3C^=1omg7v^rN;anQW z>CB@4V+JGW3w92$61Kmv*sieHo=LWREmM@f{lOdDI?JuDF~+3l zh1elOezz~O2>N1Kda{jPT4K(-(^XZ0%g8T96id0@pE$J)K{KCN4hV&wny2_>+l8En z5f#nqj6QTuvHpv0O-JJ|_}jha`#X(rTy3IX+!dH8R6Q5LV=e;3-=Q;C3RXQ9ckbBw z@35ezq8~#?|(sO;f-3L=Z zo0|9iKG+WgI)&g*80}Vevp|)EV z>broi<=xW56Ya{)3aEP}5Kw1|4?08Km2=H8r6a|dTfx-PhSbxTBt~XFOO-bYY7ajN zB4M+XBRj87aXcdilSFfC-{ARR@cd@)aw(+qn_uCe!>Qhy-wa&rWU=NqZwStr-z?ea z7Ss97cW|-JXXDOqF30se#eTv0O{+{tF~7M>6D{UfnlNV7i}w7cej_@ivwz6>d%U(& zCmq;*n5x1Pk!L#6t_av20fzIpW;5Q+;!r+6V|XmXly#>ZaanpWt!Q}*F+ z^V(X!zHIneTZ%AB3t!{t*R==?*8ppwb)5JJdgxbtr zr{((XBJ#|O#*-AArrOLlGuh4JHM7&~>*6r|mz~uoyhh3WnQJlUu>xD)Xau;M3) znBqo+m%riS7y%jkcSk8N)NxbSoo=Kg%(u7UXH6sdpC(NdgxQ5wm8n%H=#GoFGu`nB zyZI|+E}e%VE?p}8DM%FaUYC$q#U$imROuUnQz{X?G zv5b?YnOS&$Ku$u^V~{x!*<9a~7mwhuLEE_zdDzaKl=zLC5l}7idkz`%vyjhVgq7o6 zJBP~!FUYXDylv<4#K^I@ylLm~xa4MVdDY3|G03tQyfGYuI!JBhNe!2WXFOJ(4R#){ zrd;HJ>JSd;XmWN$b(W_BoVzdbMd$Xraj`Ol=Efl2DWC-ZQOvlt?r;h|}{vmnC8 z>E?@I$prVJbi%F!$U-kizd2x;c)Y; zHnsbI89EQb2#Q8py*R+_#0?lI>j!3slg_q(OOy-wJ)osDrY0N?`f&`=wPrS3`oZtB z)cp&4;>B2W*7ku{Gu9G4=8ZDR%;L>!{04 zWk*tWBqagaGzfC1TGNaj=_*Z&_g|vv9f-d`)95Rq^ba%*j}N6!)-?SleXOP_dHN7d z)3MXsqlOGSGrgOpxr3P|Ge18sJG!)&!EXRL9X&%T8skfUd_RNgOisjADl!>@frVCCD&IC_NQ_pkn1} z%|KV8a@mM?e8};Gf=Wb}0l&O>@60mtz)sP!_4IL>X&Uog!D6O)*prz7*4_Utk|3qM zJ_Wxj!|e|~V}h29SP2JQe3p zvc0l=Prrf^^HZ+^VA%xJ3p?^`hgVUYaM@>Wqk|+6;jXzFCXs9fbCD18CM#dB8HqO` zBVVsM-_J*d^ zzL|(A)8mCt2&;HIAC5LF{;A{W(_&n~$x#2@v#r(5??H6O*ER|L?R=7Y&EBZP%ty{> zLJ%e&=jS?t&IR4kL_5udXv41;%ftOZ4pa4&p4fur`gAfw4x z6NP|;%hu*Hw8xWCLBxtgxOVx8w@(3NMv5V0Ok=Z9^3`|dV(!JK$Z=YS6tjn8>$%T-w#kokhsna?1jD`ya%x+ie z2%eC95OpH!jVJT@BZ0AuMH4YWByJ(M=-St^**snXOy)}d*m(Y6!%d*}9Q>Gx-kc<% zxe_trqimlvjG4o+E;h{JAD0FIVmr`uwpI<6Xjj2>5$fB`tXqn)MNab>H{-DotKc1x zI37-hM3n-sB09cydLr`1%tVsh6QZBV&&0D2GC#p=o3ZgQZ7OR8rvYxDi3%8^!HNiT zCh8O4=%Q)GBbMt{tls*3jn&3u+_Mug?iU#MNfb4y2a3bh3?2uUazkvE`6DA%CYvo(Ly1xp5aWqb)?3Yn59_=7Qa^I&gqE zp@gJ_%R|y~F-Iavdi~n0X!&E&wXbGJv*?^lsjCF08RbI8T8P+QR+nfe(Y$)DD5TFq zy-$>Lq?1@hN_?Hn&xabJhsA6o5Mlm)g=2(ikWV6n$}F9bVy364S2?Ea9L$9XbDeU@ zYK&~t(6?+o1D>qA>0xFMbUN!kf_N8=Y*RO`2mp93*a@6i5qcN ziwsjEsc`*DDU16}9oP}LFdSR#z=#`i6~)iVKuicZ|*Y!0vBTAN)mvRR7xf21m>+VuJ0%*`2@fjHx1FMFYT zO$8>6CS|WLBlg!hp^QH`6%?qwlI}H{%E6E&l%(X-*e@$t36ae1#D30sZUHDh{sa^4 z{JU#-#TdvhA*o4%0yQ0*3lcpm>Wpi*Jx>_((rd7r2{}lQubr8c{mMj)oUqp9xEz_> zIX%9PVUhRmj`qFKt7a0bNlLiGVHX#q=9gGr;<%h?)B%DOR~+ltYEd>3*qILQk}leIiCev>ba*GKQE6xC+ig!iJm1o;S&LHUV96_E`QDPNqb(^@YaJ#ylkL)bi9h>W< zq_KW$|8=<Dne z!6HLu#>rLew&;tjBZBD`#?@%|^n`P*THw)>dZ$1&Wd8P> zEGL8}+L;HOL*)EZkMk6-WTKtvj`Cf=`J(;dC6`B~6a3tFE!;62!0TV?jp zG!<%If{5vPunM#%GY)@9N>3Xe{jFiqU@nqBgl~?z75zceQqkqC=;!<5&v6Ky!<)Dt z6LOe156xJ!geIQJW+nt-ay?~Ew3^JcnmBcmtCI0P-8OL#xSPhmxu#6E_p!RnFy`03iJ1qSNj9ygxST^?NnAJ~ zXEAZE$9ceVKc+jHY2tpE$2GAqJn>!8yoi02rm0Y~6^ykd(t!DmrfvdKZPq)py6x_`n z*cEh@)4=MIs|0@;?piB8(a!R~lWY$3;zys)wVi1-bG=tEM}hMaqhI}On0oNna6wmLAw8iQ(O!F(6d&iv}v&^1Qr5-O>_oj-ogP`Xxg z3Khc$mSmj6O>4_y3v}R^{MgL+lhYa1?a^Zjo?GEyTbuo5Mvo}ot_GiLgvnIpPg-%7UgB>$$w;3w8*OHC{}dAp7`@ACL_a#m4Pi{ z;-zTDnwx3jUD!-aF@Z48culUen#{DC__yD4RZ{8GZ4>i#b7tmWT~j98`93-*T=2WU z;^MLMit@mdY@R?@QOB91kb-8Hc=%z9HyEMkBBhNP)b^AJS*x=bt;tyJbx(e+kEMXYG) zI5Alp$4TB^co%!T-pu+Mga&su*n*pG=+6ac(3+Jr_Wo=zCQ(3`H@(J3t;RFm@gW<( z3S8aBlaYCj+BlGrXUHrFp;ofo$1MNY-5J~-L1K6>T)9~U%co$!q+kuG41y71W_p56 zu>@mUy>K7ql|VDmr`ujw3GSwAo$GB___Dg>D#5RK*~R170Of%v*_`49l02VlJJafg zzdO#Yb-YK%?R@1dUU<;0z85kNIFoEPdc7*wD~YSZ=>|78Eoxrb4g>T?r%qvEL71I9g@!DJGOZ5uGS0cxf%;KiRg1@Yq&vwqoIG$hF+Ba} zsy(08VWc9y@E!Ks$Mydo4QC9edD$-uNoP_qe)zAgunik|+LU(sJR zEfvLC(S2|MXEB>T4g2g{WI+y3+1d4!*U)pO%0fJR!&dl$>nbaP9b*7b%D^!?(fBny z!8Z7UDjkCevx#Ym96gqzm{!MFcZ^GK^Xax@^n$yY-{Cp{#y3`n@s0SSabeqWrgoMG zo@BGpbH`SnYdh2G7&EU5+6Ywf)nt=w3}rMU|{*O`ZxS}Q#|9?VkC z;zTi=0J-kTJm5^SDfBqc^-AIlh@8cV{&1w*o-&KhwC_(T3f#XQY2V&_Wv}VoUXz6X(T!p2HFpqjIFR@zA zv|9S7%qy0T`gGgU`QUC&SmRn0Pq(o;j2Fa@de+6`014%RC)u=n;h@0h+Rn6EdS9>B zDIPu9K3+MCrEgo|Tbg;mnPgM$anAQjV$Ma*V(CZo-S$kh=uGQo${nD)mKKJa{vnnY zvER}(6>9E*h+mhbrJ}f1QLRSg@We<@$RSKTmWy=ya3ynzjwQX4 zg{P4HDUoiB!`uAH(QAO}+hylGy!?3p!w04TyeJBz+jy8{jiI|19U<;YgxTFQU!G+? zrqx~FfPCt%xjx-?*IsZpD;{*+5~CZd!{|o*IlV3(b61oHo@BF&7kF}fuI)^#yDs!< z4S95oZpvBQbz{PJSLOj{lFb8N_ZzVG9hp{l-QDBdZ_%0VDCFq28P{A~cNK;wzo>%_ znIEfZD%5-mMqih^N<}Zd;8*mdrlq2rSkW3BN`2mlHZxJ!s|RgR1f7V-?G1QO8kcyh z#A$d;0^rx;Z~g)1>xTxd1M%=0+$IIpta*=a^G&D*QH}`nPo^b`8B2{!cU(j@{sCNF zHMW3}d4hTkUI#ME-OTbd=5*38A4Ec)#`b1-6vFLc|Ahm&le}QhU-_;yp_fhIYvjy1 z5DQHp!tCWWq0edp)9U%}9O5>y$EVw#UkUE!<_BC4$BL2FVZ})Ng@1SP*pftf;7PXn zTc^*pooV&_YOmHdkB$|iau(0u)ZlwQ^MEtSW(|9_n55M!iHESrSpxN59_JQ|&UD9> zG}$Ky`z8~HGoBNN6tPdxG!<&HXxn*oqajQBFTY|W!_>2WMbBwkDq0DN)1BLy%MI)K zf5hI-c0E5mDZulic-j-5zY?lhGeEc552}IN5Mf?tTGZTZsgdc9Mym18;Ocrl8JTCO z*FevgEPrB_7e_jt-;P8&*r})BSxrdSK6W2JNJoT;c+xdl(lM=0J&t)r`Z}L( zJ9RF&n@8?*oj2K@$Lf-+1b-cFNNd|L&qR6PNj4{XU1_P$wVi2o>R(TEYpwL?$@T#} zjR_9o)caoRJ2mqFPqKNF9aiL>>y^Yjlbpq=BOd26i_Ub%U9`po&|PZ?!|JES*F@~O znx;a{p-{}%<otSPk3}avt#?DC5D2?Lz2-AITw)dB__~pD8v!Fj zA0?~jOqcgZ@g^2&GUjM0Brr$Q0TR!e0!+wX-bzW%V5PVu1gu=Cm^H!SP@ZH?_iAb) z$sBmI3tqv1gzzI>F1j$0Zo!2vq8~hbRbJTU zIT~+lHL!@@*lNKl~^T|@?P_B zA1*s)qjq(P-Gp7O>9`OH6UOFB`ZYoMrdxA>Wx9t!bWOLEmBrh0@w4V~nyw!?Q6mxN z0jNloKOUfKI;J}emA{;M#W*=W9m@aDBo`m@@p9=NoSD^}hLXxJsrSO?(Hi)l{N$K6 zL-~}_oWd-H$RaTbb4Vv9g;@&Q%<$iEN52VgK>L9L&hI7ZyKt*xQ1@o{l?#}x%1rqg zyZ3Sybo+Pi2#RC%?_uuqmeIcM1zUYn4>|%F9!n)SS4$H~$*1>uOISqi^Ug)ey3hMp zJX}2VKJU&D2v3AjuJjcU8BOgszqm)L?If#2On&0As6e3JD^x}nLCMv8#xUIWYsC*) z!RJ;YX+FdXw_9$~3fAE@HOB1W>#n2*5`0%*vVi6F3UM6^mfY=lgcga%j+P9l{WDNt z#e`t+goECxrPRAqE*wT7XX2JA%+H4~^kQ)Qt?BU{FmoVtTsp?~UN2JSL+p<6Io%Th zh*cY7Oj;L_G5X>4C+v!j=PU&sw-oW$ZRGbJgG-zuZEnIqAhzsZl?#}9w%@xb}0SBVOj|Nc`Z!b(uSw&#G4U8LdH@S8+8*y#&j=U)QJ;X@dERKXwvaG>-n!1$`u!bqBpSl zh`=JqNSVFFn8p-H@@dRyCPrcgvs*FaMm(!5YI_*?`gZ=cp8;qPg~&+LKo<6s{OFKX z7|$SrlH{>;c?y8`NyNy@zy3e>X}x1U1{@^-V-|<9c*giA`%41eQG=Jy^09{`8K7g6 zgLw+a<$MeIHfv@@P07m!taz*MyXn;TL13Pw?}h1#e1Q9In24dOe)A}X0C;@ibLwk} z+RjAbb6Jl?%Re;cDaX2aP!y8EV0eV1O-lU%tz@Z(r4(j2iNc4`qm%!jy}*_a(%g+a zd^+|)$SS8wWLhPere$(E-pTZU zlj#A;bbfe6j>T!5lj+Y+raw!j{7g>$PzeRU-^p~pWI8UqqQesWZ%(HBoJ{vgrqb~8 zpIe!J=VWSiGPNSpggRu9fU?NS`C}*NpPZb35_agR*uSH)Iy*{vpP&ZWBu9FdgLgu- zyxYqB?on9m3b%yJU8=kiKznNchEv@ig&FxbM*hg5etJfBSe!ipuUrnn@8CFDTkyZ$ z!eSwF3@X$~fxOg+Q}dHn;IRvRU*@unGT*hvdwC>Frt$+|=sci327-zIpFENhwkrvD z%8$JR!;bS9(FXT1q78gDKZ&~IawS8vuakyxe0x~5?6*vIFt@TSJ!AwFvhQ6QSE zX~OI3`q_gP>?1Wv`to&b!;s?bb1};|vn>uS7)u3t1WV&!h#8KO(lJ)9x6*%u)^x{a zgGPm8ZGhC&NMATv4=`H3im=FkC0K_$a@uG~^qm_{8$>@(=x~**!Z%>~mr?cvEnB}f z)sU0kl|&t>3mf8*<>@!FoMvn763kd_dLjQHH>HmvZ6eshM>?PB^URktsfsi0m8a5#-w+ZrbKF^_NAEl^Zvd` zs8C_@D;JsW8Ppb6xF@jhhO^z*DELjY372xL=%!OWd%4EhFf3>u+M}-+#hiz1S+MdZ@MV@Zg(sjTp*LaFh<#P zd{5SNnx}Bu;$l+3w3v1m!wIxs)@|)8kNB;9M$&Ne$28GtI*~}jSla&kUG&{V(-*8! zf&Gu8Yi)zMrxE>f@cWGOWil>97~goYvbHI zbS85&Lx()4i7go&O^rDbNKspx_q--IA$rkd%#znZEJCtnvA(``{e|J>qbTZ1hv0~( z*<;{Ezs38ZN8t5L{AU(@%L%Yg3oV0HOjvPlo2XrHYU-WIuFoakaQ`t5+w?eK^!eo=ez?e|h5^3> z*qx{PwB-l8O!-}2=xeysxm5aobh$LBaM-7? zr`4MkzJ3xQl?!ua(M z9==|tBT}ef1T)`TG};dbKO{mdI1^cj`c-!xR)7*f1Vi3T>x=#OP9=&SC@^ zMxiH)oLDv{@cd?Zaj&_(4%0K?Ia-_0-xWFx9N}7py)yfs3QFerYVm*M#1 z)AszmmAr@Z_g~2(T?UhWdF&qQ_dND0lrletfI~aN9x(hD>j>XN`LClRWbD`J_m-^w zEu9q6GFc4$Z!mo4EUoG_g+nkD*BcE#(uu*V*Xozp4;a!fo$dABIWqXA<_zhYm?zlr zaC`Ec>r6a7c?ukP!Vi9Z;w%SGXMbXQ^1O(LqB8V@tC*^vm4meNIRU*_l{1`f{OO!K zp2>X98PD|f7g&mW_Bs}BIIKMJ!Rq6aKE7D93G`+ieVJ6yLo;_5HjEheD+ z*U>Fp{eFIXg8M(8Ow!3@Q2+n&a1Gr8@xNgINBOU#p@aH=9_;7Mq3~*v1V3+AXeK`s z@IEW9${H}Sl}Qyx&UbNwml`xJ*vejzY|oWhA!Y`T30$~QAIUP8W8+hdKlewjPPRne z#c&`q2uu^OWRrDV&Q;sCeH1>wb5nTNScoGB_5skn{0w{kWZO2Eh@D$m7zRxzE=F0i z1spTAcsf}QnrR&ioJzzYbW=E2YTpD&5c^Ueg?A0fF`-K!5>jMN9ha@Asu6wMUNP8PLeO3L+>*-ANtCyGd=6vPyXz$gA=q z(XU({?cFJ}@E5UfOJ_U$8Y;>)=IPX(ZV) zEXiy7&E=dY3Zcyb_3jY~4YpwSsdiKj6-hLiEcRTc5w?iMh9r|wD zq3^yO`nc`T_t*}7&*ACb_bJ65*bUN;9GFEo2jhv6Y@?f9FZF#Q7k0Jxd-CDE`1k?M z2@h9CCL5%C&D?CqOJQsCBL#3&!7Zm=^C@|(h6LH)!1{wQMvJ^X`1B`-|Q ze(TroRj9EbF^1byh5d~)vh^E>3XBq9lma^lumgc;Vg}*{K3*+Fa)pqqz^(%9s=!zQ z#wxIz0J|x$y8yc@FiwDR3hW`k9t!L!0KU@gM{u{jxuP_UhyC5$dy}4T7RX62LP>W4 z7j5)$s@@y%-13&bv`Jx3;_F!6NENl2Ur#9v-^Vm*Xb`_e01MOs`49i zD=uib0mYaZsMy=nJcNzl0ndT7WxTs9vK4FGnysb^$8IFZRod?Y;58o2+S9;hAnO)p z-D0A4)*q25{=iYR(_{SEA|OexK*h=5*f3_P=LZWKKJ94DM%)7-Pxf_*1mJVCP}&1G@V? z(_-wa->y9+oA0xQd3 z3Os+|p_zPlR{CA1Gw%0DNR!=o%w#TEMhE8cEPzG=xDx{ZK`wkY26qW&#PNNXpNk(A z*dh<=kL+-P?V;`QN@T>cEcra~atfX4kFI|+mY#KlYZsfN=KlivaqPiwK$I754tHdW z0S5WMUEi~Rk>+JYFSmapeiStHQ>6`&tcQl6iM?M&=FErTi4|WG|^zYcOF*Ibj*YU!o7i0~| z;LK-Leptf1jJ-h#UN?72W~a@A_Tw_zYnHIg=jg|)f7I~xlMY?Si!l@S!XK|mu$$ZN z>iL^D{z(~jg=rYidA|-UcHP$NiVi0lru>($&(lwbtSC=GPgBJV)*qa+KiZMElXJu1 zB4nprn6y@!y#3`v9T{E1DW6ZL78^@vfNLUuGi$-M$7uIxgLD39_ouEqg0Fez zbWB9rJd8Z<&^sg}=FZrdu75Juyy<0=k;|Q78!ngRWSG@BSEY#bn-Im@8O`s01j(6& zVx5;KfH9RALWXOIv zjK*M&-n}z^HJR0oZez@Ugt;v1?D0zc!`COiKX!l$9c}A(Y=hMbtU4M^Dlq3@6Gp;E zcLDEZ;nZ_8zgaqDx#;H4wO}5NnwWW7zOuV59X{V94ylto(U#7S9nbF?i zb$HS*7*(N!EB8aK^^BB*tKoY&NyNgXUKS0hjUlHZz z86S?}AqCtE*nk!4;N1H&w|-xYp9PXHQe#<+O$W%+>UJYnz!q_=i>^dVMaUL;={G+5 z!>_zybdvi#ck-RD-vJNl!imV8@&QM7NFRYW4ObEIBmBWfs(SDfO4s9$2%RJI%t@pr z@U_l%EG3vg4J%DA0jYeYR^Fo*WSH@2KVy^O0z@-5xf!t+L)YmAqaMBSW9e;ATy6yNF`D7FtVujnt!62U$ z%a!JP#eNuAY&MJChhmOm;S;Jl=Q<-aHh@;t8S-~D*kJgEegJjoO%0g)Lm_R^k(@|G zOU(VCSu#W&(S=W}lI~UMv5GAv+%IrDY0<qtpQf*!X0*vLV1&)*+%2`qYwg< zQ-yqDz#cFy{^&Lw$YgCUUC@{hvLT*0n6bNH%HXvG4go?%OTa&sC@6DPE}ffG;~$7% z_@dd=X(i$MV^o7EK}+-+d@Y;G2OQ}$cugIFURVMRqa{*eg+rZ81{bc~+&yLsu_9QH z2*&eBvNE?L7w;c^j10Wm_ze)mBg{zL+3@aR7BF_zf#$ZqjB%d#2UG=pP83R+jU(Nf zQnm{E%(ET=@=^tOeBnfuk(TK-V+n|iy;3q4y+ZDSK4F&NKr&JL1iaxQ$my-6XFwkE zQ3bV`epVqc!r`L|v_V0gsvwNk>)>c`)zPRbQM=I`;k5b>!U#9FXcOr|v3#JI<$7uk zJR2epno6*2EX3mp{|5YnJ=FJ<=e(2*u{BHJM*YNCl^`t2K37k|+1A9BN&W60z!<}U0Wh?fc#I6TB7 z5$0RsP#RIt;(tNj!THJ_P@(z`;E`}%pwYe1A8r{qNo?+A(VZr0+&HpV1## zC{eQ#b1_~jZpCC1U#G8aHGlOqzcQK_Bg42KKj^EjCd{YU23H$FZ-sC-&I?-*Fk29* zQ{w*mpi6|-C_$6yeg7+sYbVI3JFZ1_G$4m_l6L^val2*f>1&zsK;~;)s1)R9hGTDj zmtqF`cRd9H1} z1+=^9isnKt19gwbZwkM8+b!=c*rNH!KhY^a1?Bwtqc1PxJ_~n1l8(a9 z5MKP6Jq_vlNbAOfPj37hX8!;;kIuMv=njIe|10Kz9<^*sQthkfr~!~1S!PJ#OQ5BbJ>LtB40cj*jR{?C&4GX5L6Ic7UwtQ zNTE-#@^bq2puXqzA6LKJ5BU^lBHZ<=Pkp9~nqmCcx!;cdj(*KOW$Y0qQ5IW3{^-q- zLV7+^TSk|0?N=o6OxJI%X7n2<8t?Adn@<3}!M8zW!9hMDlFr3 z*}eF-7P*_36BrBmm@d@U+7-$YWEYT7VUax2(`#Nlhl}SrWOC0M%^I5Zlas z9-$49vxJ4r37Gjw>3F2c;ef#rI}~>++ZJdVgyNNWV!)U`0V&_`hAvbFUDHf+WH3*% z3SAD?nOA+@4Z^d?=UE4y4dB^lE+9`)KN8v!*00?P3gE}iuM-N?uxx!Dl6FiVydPxV z#Y9CrjvY_YFD)OJ{dB^d-(%2DV#dKWFGL4IJCs>RgzR4VJuo1?i2oPkjsZ4^cmU;2 zIPkq?j{9O~o|2T}Z7e=BTfTw}`SjeR7nbjVNd4y21)^5WZzLhBuEP| z0jHXjIYXsvGfSl;9#$<@a?1S7A)$g^Gl>ySrcIb{c4e8gPeh|&iir{eg{$T`)kmbv zRRG*Uf)Asa@N!&#pcpKT?-5I8^b`NVF|15vzSo!T!4S%vd>RAhddghL+`2FC+rt^p zt??w+vk&d@BDu&A>*^Q%-I{+<40#%2NDtTez&%@u-OjvhQcvc5&yBAf4-ym*>*nsr zMzj)JMH@$k>p3DZoMX>A+MV4)0+u6aByKRI|Dn<$uDbDE@5jUDaBa@PG_K;~Zdk)7 zi~G#E^F%AY@Bgk*;u}U(r+;bt)Gtv6IyhNGK={Sw8gmK(X>4HrN7)k?{+Yka>lTt9 z`hc!|{oC@YtSK2nN>Pp1w}8oYl!8vo&bQGlv@@7aO2sOBqo=RWY3~4J z7?Azx!TK01|4{h3@d zQwO-M44JdBv&RVHJfDlaT_#U7g918h@c9jG-|+o`^LMvDBzBF)bEAnfFr6;S!4)F3 zh^uAvntyPThM1+xIX2ce*=>syVzBVCH;E`l^;M&nRE3!hz#WwOfxK|cc?7Z_X9k#xN1E+*P&3vz%~%T5$%2oIk}U3lH7Iu+ z1I_^EDYT%;yp75!Jz-bS;$3+9*#Iir_L&+&-}HNCvUh5 zH#3A2t_+6e?h%f@F@Gl!Ms>ILRY00yIT)l<5|3fEE=(1AnvR1rs!#N#* z^Fy3OajRKJ##1A$`Zz33#`>MYDo;M-QFYeWwxK)^%2Bp0+)?}#?7q_7LjAqWgPcPd z`m^rX-gyz!hA$V11+cwP+-A;@mT-&vyVWuCJU8X&Hl-RHMk~-6v~n-a5UdqG80`pO z+bdV^K4k&z$P%0TLcWV<`WWI~{LVJB!C*!sK9eE@rAV~wa z`0;?@W6qH`3)Zn9_SCd*3_Jcs`N*5UE9Z|N&UotFFTfQGGmgG7D0KVzo$&_y#pCVC znzi4Q=SOB|J>c#mabv5@9bUZoaK1cDh~cnCx5#J=43Jpx$|c4<#CvrC28aK^9OEq@ zhFkBtqXPAtz}|11qXRC=%06(!*fM91M~E*0^8qLvyaM*0>o*qI_rGLFfotHvp#38Z z<2*T-4eO`_^?Lp)H^dmB8T-2xoy3fN*!g=EI|fvO_>e^ zLt6o!J{|vp8atXMEkhOXoDc8db^Od5U*3GzmcMqOu@KkTMu$5-+*UNj^C{o{gZyPl z-cE3tYqrRmj*A6vwD;n70ki@AGt}`H1Hwn=SuTDQ>0j%b2 z(@bFoZFo5T66oKu-{iXYkp9l~fCyEPtCn!}@AH$fwPw5f$w!g4_j{Rkh zm4Ydaxtf}Xe6lxBe_lw$(Dj59Z{S&4A7G?y{$Bm8$8@VZpu(a2Uq5phaH5eXC2&u<>40`6uGb^gb&Q!BLohsc$=CC!gu>&>cpK? zx9_7^O~2Yp@_Rc5zr=@5hUq_E`^*J0zPTNFi2h~$F6$xb>6vtQy>ctX8ivmK)$d7z zO@8X-@x}4?dwhR&_j{c9Ze+&km~c4%|D5>h+1K?q%JY|MH>~*f9>yOSpRMwP<&*vq zUHjG!dTP1lKknq&>mvs~!#?892Rwa?KK1OV+ib%JCRA^k+ZUN#PLs`E$hky*zUFKj03I^}{a7v{S5jpN8fEdpZyi!9+zSTeTz442E z{4QaU!;p#j8h;UhF+@su1v80fvX6&xYS^)yOUzm1BDv7phs~w?Cf@91*!ikE{{A2K z-UU9+s@fY)Xn}B%2^U`~phOU9ElRj3m5Kym=v0Xmv4S8{tbhVaIaon3l8_9|bQp+7 zs#V|^1vCms6bj+eG68Jj0cE%dIa+0ade{R!FlvP$9QytLYwf+C{mdl^i0}J;-*@=^ zXy)0^zO1$Oy6v^s-p`&2bSzxx=v_H~*0u%sss3SKv`1SW6ZkrQfBH$}kq|{m4-&F| zpUD)?rpQb?{T=BuT{F;rBEEUFtB;4j@Ig!!yev3K596eoHRc{;?~e(;!r#vzunj1) z$&I~Ru0@(N%-(64d7GU!G7op8<6kDUjm&EXE%=wayy$ae2C_d`X5O(s#(gXdJ%Oq>2>(mj$}T}Dtn6sRhVvV$fWN>g>ExF(Q_u? zka4oMY@0+6PWQ#jc1rXtab>0Z@e2u1L=Oy$Ns`OIWy`mR=iRX49>P2G;+HTN_V;_9 zYr>~Ms~Qfn56S-ARvWUwyqA?v4Jvn^KLh8m=;Ps*V;%QvGt6mt7RW7`LWl-@#}*%yY?R7s5k$0z1wzpz zux{aPaT|gzPCN+dH1)2)^zv5?-)n^L(mbFDI{Pf(i2zAcQ10d|n#~Ppi;w}2r)~u( z0A2wfH5Z5-eu{E%ai@nKi)t*Ij@cj3H+2s;W|~Sk%qVoJLUA8dQl&aJ(nuPfHqtg7 zKt(h=gD`4(?s!RKVac)6vZ?8(q3hE!sp%jW)HeRFQooUZ*cK@Z+$QGdD=mk`qp?2z zei^F}fT_6f_;t1c89m5P>gqt&5+{2vMG9A#Z4@{vr>_CH+58&bGq(`|$)ICKAI8i+ z?6~~_gn1$;&Ic6sbZ4?)G2O%w2sl|+E=mK(7L0@xWeFMPZy^7|>qnXh{X)i*a7um9 zhf&(nB1U1dX_4TOHr2v%7LykQ^n66#TG8VwL`^2y-Z)5lu0uag*^W^Y=ymCLFid9- zMaCCIoc9fxX~TTU$Z|g(tsYs;-)pX>x_#ts_r5Q9&)+)UlIf>NdZeW!z(Z~X|nuzyH0VF=xO7@d`;78<6bbyV!mU%lm!*7Y(=5K*av)nLB zL8v^77w7ct^ieb%WJ$MN6pv{UqIPLrz6ls@dnuKQ<_pj__ISQ@5Kb{haV=%0-xsuN zvDf6Oc1FBO>*~gef`Zu-(kcqvP#0WEvt(K6DA1U=OjV)106*O;Xn?bNtZ`t0Y5tSb z+n904C5^SLM$?_XzSa3GFpI`XwbkcTius zoJPp=n3$n75xu(w|CqO;JF6yuZcAxI$RhQc5|`d0Pq=dWuo>C;GjN^bJ4c0hSJ_%{ z`dS#ILp*V~*qB;*JN0|&r6-}`5`Fp92zUg5Cfdf$jZeqM8A+~3O<>LItk=&yY(^qC z)Axy>-{OVqvpaoLOfxPS&g|5ST9U=E-ezjpwY%7xt)wM{b_j#WEXhAusgL2DZYq0Z zOZMY4G7ol-G-kdrBenQf=&n+wMfzQHFz+Tb=J=GB>#)k&bP7Tnum&;vYR3K%7^IM{$?!8hU_c=x-6k5Hjv=;I3>iQG+=N9TRwz z4zbic0Ly~u8DgNEXB@b-qVjTWjXqF~reXm(5?=l9_nj2K0gTZ- zzGZ;lttgoYzqQ3W_-#of#$Z3})XPzz0KX1FC%|vR>?z`R07zO3zgONjDSo3EqkDX- z0KdmjG7*0N`9vN3$m3=lR~FU5?`lCOz;D~B;&&`aS_{8jYv9+lp$Ir|1#hMUw>B>| znT6}Ief)0~ix*kB9Bk<8&=nW;Wo)P1Fk{5!?>T;GKwgSN-f0MbM z194}Ql6x|66)d|t){BpI+1DWUSxjGHb2_k@hf*t3U(7dlHgu+jO-tsUOd;3PByWa? zOS=z`CmKgH$y=1Hhy5X#wv;F90+MyBnsV zSEVvLjiMVd6jzn5=fL>tw2U82;^zQ`{Le4KR)wR$00rfZ(fC&qen}c7Lj$4)^ zITlqj<>gO z?Cft_R9`3QlfR25sU1dBTmgW+W*hWjPJ7-@kR;!V$6Bt!Q)1>7(+cW`8y;%|c14!#8ueE5Qcg81|Q2tY*l1QAAm;~H9J zb1!0vb&SRr1R?=ZjsD~B5)f(h6~tmDwHtFu;Q=VHMQ`CTkOC`Sz*`hpoR8d_;Z47v z*&6y&O(CEK1yuYgXw(L?O91E?s5Ui!>I(Kr@}7x-BNlM~_c{x0insLn+xV z7z@Y-lu5RHcA-(ba4B~39oc{?1a|~2F%oJ9lk`>$Ut$_4dWZef4KaW|hr65O^yb<0 zQa|YC;h<0m9CVO_(sMRD2ZIixWnm=w0LmfL572AKeF(n+LILx^i_ss*9@uMkgwuof zBF_($uo(h*=J|jC$R!xGq){2+Qk7MA!CKL@zT4lQ&}R8dNp#%f0f|E9XSl$85j(q% zM3_yQrFM30+#(t8$lCg*OBCm+nit^QDuM0exqomxEXx=Q*{L$uA_7g3s%rPyA z?dLZqwr|8hmy|MASHuRICHVkaH5-HgDiO*5! znQ!*UY;q=G;J8+aM@9fXBp6f7&mME_zZDuG!qrgvfqiT4eo9woKrW~Os*hG9<=N16LG>K(WZFzDTsm1k^Jd5ujxYTiIuPLB>fox*v&#Z23;heb zTNK6X)N!)vf%1@N0RG?5F~HBA%~9~XVR@QA>mu=8Q~|+AC@_e6bEUUa4{&a7dnah0 z9O&*Ca6ygFqCPx>?)+=1#b8`67UguTxdByE_N1&pUY2SIlax(g@Q(W?1leTU2fByR z%b(3R@mgRlT?_w+aaT)Xf#I)s>%*^I_w@q+F+M|P)*hAi8sGZ`BYF8C`)ovD-A2o) zb^pXieD`t)D1wWk&wLyUn=UhQFKY1n7mQFb0@H1FN-Vny>dr-3veSQA*!HM~O+|?i z@9NrJF9Y2`(s7`x@R(iAM{GOGm03PI7~D zy_vBeH3al*pUp8|=LY}23@)4XB>c@R*fvL1OSf&lYTD@IQ(4;$t2! zH}s~pkE0y|voHvj0}K;MCvVedi9vCU68Zs4>HAeuytsh1$7bgH@6a4zdX^eOTM!PFUZ6xQ8z$l!* zU0er0l@6A;4z83A_=pbv_#PpNbnq}3Ix}oZavt6%(kD8Se1HR`&vJe2jmK<`k8T>Y zK8h8`cT4>*xcWQu5je6yaO_R9!E*Um$#W(Jgw)+enl5rpUj>Bv30ybS>3Ee$ODZ?( zzk&)}ytxL?$up1TOOYLpjh3hRuMYPrxIl(mM+&4r>01AqkARc~!EF56Rp)!?q@plJ zULVHrP&AK7M@MN#W9B|QW^;UWa371`iS+N3L`8Er{n|{rRT~t|j`B>nr3iVn!{gIX zq0RNUgEpAso}Uu0Q@@3q)o<+1x+gXK_i4DlhGMDXo#Dp2nbkA))3k^yU8B!4-T3zX z4ENlv-Rtw}7AamOwRIF(Z2xT6h~YWjav4=gOcm}T@1ty1#`cQDv(emOwlk^+(Ksf2PC4P-0 zHv&6yRuNmusqBHj%)jd#+~0d6v4uk?d)kqA?e^3CdDN9UL_fVp$!-IOO3wUBo8DV8x4;J6=gy!L_Yet66qE_s!bcnP;4Z+=vaO7iCT1=Abk z+F)t??3vN!6gu!1erD&S-FY$=qOT-~_qBx^zZsA5@zuW^j0*oCEpU=o1IU#itZ^Wu-$s%hVe=L0jsHS? z{65HFG}I1Y$Exw)%R)Gnb;jRLUc-aiJT`vUhJr8ynVrcSI5I4$F!22lkiiTX^GPZR z-s^$@(%MFhfmE3h${Id_2)nm=;4(F<^MF9kqkM1X!%bF~HQ9^%k`lKq*g_na%8N9~B0fTb7j>|WfZ zTcJo)QLk9wsBgfK2MT$Nfs3iS&9p=hj}!<+ar8h^Ft+1h_+NWCQf+wN{3pa68nOj1 z%zH2?5X=hBnGAhJER89nDCF%nzLiG%N=HE_e{A8*j1Z}3B_ z^a^bHsqetTEPKqqP@a^MDf?UK$v$Z%lyJ&ljykKjo5 z40G$B*nwPE1Bm1`uF`Hf&TCA^H6I!^&m!UgkjU%ieHer6MzB`MrCFU%HTE`p&WzYF z*M<6c%q07jKl|NYG1hG8Lk7Sr4DiK2GV;+cgzUGG%nk^eg<<$fgp08dOQ(QE;>7&1Mwkj))q;qADSiE&*CV7SVHHIp+2!>pJaziox8N{ypsA|M; ztTY$x6dLs$vuYld8#JuyCWZPw!>gYAoT+yPFmOI(iq06?mvwXd7qz8-lfl4||PQ{B%t;=>8urNbV1D)Z1bO_?U> z$Wx+G9yP0R6Neq8zzM|g9Hn3$wJ-cA@NXv@(-;8r&Qc7RH{a4{(hM^`YIY?3xmlA#L?pL#$UKY+y;!fjINaEq-W}C!e#7Ak z_NdvOglXC@Kev5@t#J9?c*lTodRrL==TbIs7<&9HnS0pu#J^$f#@?38zdj$u&)0U) z$r1v+?AeF{7NrKX14`Y`Hv%ir8n6zStrZcz1Kb1V4w|FvYKz#QIanY__M75 zTt}zbQPJc(VAW~vg$YY}w0q6re6NS|P`@{olM58htElFYKTVPEHAfQgw&{vluQ|v* zrZ*^Ny=E_#7%ZIILQN*)S~%!WZycP^`hEML`Wr3X+PtHggpZz5vWr^2Weu zc+^DMn^RdUlU^W`uJ^R%R`JO^7a}OWh1l_&hO17(TO#VRHW#r;iiNp#9I-BPYGYJM zr?UD9@-_vc4SkdlB1UVg6wGXVRCKs;TB?bkO;B+xgqVtQK1R{v3t%cmpVb~`qO)H4 zEIMONK@^N?55eK;eA`yhr!FS#(x^|C?!c~G$nVeLB(qRdPSN}s#=*0~fyxTT%tbZI z!K2_BW8Nz;c8q10KAK%H-F)NkgcarQN6)3}h;v2Koz3TIBRq26Pqu9eN`&O7Y#44t z7e(_4F>a!4ie__tC;&iXdig*cR5^~Bc_?rP@C~G} zx?2x+Z&;%CM}X^BE4sto!6w3h-SRL;z3i=HN57Tcve`muIR?V^oBu#=7r>QO8AP#Q zR-(WY_RAv9uusAUkbJJ)9zzWh`3iX&<_Q@Z|OqW}snf22|D~oAcB1YPn-$64+9A)Qk zQGEX3QeyiC+UZh}sB^%ESd?Fo$Q=yq@aq(x`8r@tc8R_xMjE)CW^Q)-#ydDKk35@s zXwS%Cq2&pQ+(FvMVTqh*TC`E)U&3-oyP!Rebpgv7Y7}f)D|P$9U%b5x{DtwF8_a*9 zOHLAKSv39nfVl;e?TH+a7?b@11%B29&E*`Q+7NDp>bNTiHl4s{8HzqC@A!B|)aw7$d-H>1AuzT^p*?h2f;SiQlv)c<^ zg_N+Gqogge_t_xcjTwkoShX&YMhxhDR5kAwfYk@bDCR|d<~tsa=dDG1qR1*_sb}`L zNMv$eVW({F3L=Zr5^ll^?B ziT*NANp!275evE>iyeHWp9rqeCN5{!>_j=Z0HLLkk%qZI*9rg5D+Cq7ofucTLX&$lS4Jq z;ZQfu@-%;XI$VZ^h-hTe`=C_Dywi8w>e^&i$=j^B_Sx-uOKlE%XM5BPY1VJ{#T2@d zQFD&(sm1l=EL053FFM+nc1OLgj$1_1FMlsVTS`K#)H(XWwo&h#qm}0Fy7Up3zL^{~ zlI&CBF#RGu10$eE%%A19tQH{_+}6yF5MXj4wSBy@i{_eRAw~Vqo4TIFuW3jpNKKEP zQqym5XxP4CwwiIm@Nd*0?vty~D`V!WEko@Y#WRslkXnrYho6}STFfw?yq(sCrkIOY zC}3n4p4$m26s{;DbOU+ z5IsUybi!gvZ76|R65QrzIXC?`{r_2ISn8^as#t%&B$fJ zJ@)qe5N?~l9m=KQyDz;g&J+l<7&)~^jABW!A(6u#3bOXcprD0jz{suQK@}-S2XOk6 z>q;U<{A3-@oGo5BHh20%iQG19j*rCS^;Y;P8;Y0*t82arv>D)XeqZRpxO|aToqt(B zi#;+sLOL@e=Icx~lVn~X=O+0$l1g_~3g$f+5)bsQD8*xjmx*|VB*84QdbhM;3(5NDMK%gG?Z6&O*)750v=|sBeUGNcQZ}!q?zB^GReO>$MWXly*W|L)>b| z2WY;&1KcouLB7=j!9VhM5yAzWn!<$d2`(gxBj!-~i_6o#3hn__PzwQ~JI=>O2>;{# zjYs8h_Wzk2Q6@9p)qke%ps)%N<*Y$yabwP0cXc1wt4=>7`U7F z)`r^j6@MA;Z)@8uUcu%=b!}K+{R{8Hr@0LTe+@1mlmobTW8$_votmB;9@qQ=Bu(Yy zFc*A~A=JHN1G+FL(FWOrX^odtNsp`<=04Q=93QyZ&TSzzTDnC97tVa(?a}@dSAr&q zeqtv*#!#9`KZ<|tux1ZdIR?N0N*r)#C3zMnH$v~?N3C4{;hU+F;k5~Fs)XgIp6A&D zik@VUy(WKS=Xa{Z(;aqSO%` zQ#995z?}h`i`!wk5xqcLC=njbpN%A=){6k$d!!V6$~u=IL}cq6Bpj`|v1W@-)Wjt*m{TsUhmYlls_Sfy@cTm^U-NrP zOa(uM=f4U6GcX_ue_wM9{`hAQeSV`IAI5G5j9v7xM37)Y{?z?Cle)cf7+?ZkfJsH1 z+;M2xG<*{*!fE>Ppai6i*-nvZnczN1;i!H;6j_9hH5`>XcP=?AK&b3f`x6ZYutyQr>z@1*t1>S)*u#vOl*{>6vkrLR!D z`+tmtK?J92K0;dKE5$f?*~Az~YI@~;G9mmoLxd0XUt)%aK?-J^9KuTSYjAGoPx%;Q=nk$I4=2-qlRI3-RIzMH^K*de+9;=Im zq&mE5-(NHJs;AH11aT_#k@y?h%`r!u&L#|@0ChTCqT{VU64LWd@+sS1FCkB<%@pbFS3r{kCX4lz0zSa& z$}fS1A`Sb^zucie00bZs@3hanoqiQpwAhTLM~$5s^t{rnxYJhVzCa3F%xWFEar1XR z?ZRHI9Q)jjBHwJmH{CXxH)OVbITYy{_?>tUM{;cF=+{z#U(x#`zrR~X1_t7fbPFU@ z^8ZT4r1=N49Enafzl3kj58gb$;VS);a6a$0$j-k^_#Z zS=}kMg&LiJGH#FU+QZDd+JbJ{|LZlna1d&Zx56{oV7`FJ5^**sFRO`<_kRwk?0+)&CLh1zy2^_2(Y~UBwQn9icqpOwD-U%uGC0<%`P@u$DXu;>SYF3|2Z_bwd}!_Aetj# z)qILCf%Vvyi!h<4AG=NplW2Dd>mc3}tg(!_0rnn5HsRYYL8(< z(WaLFgYiT~MDo&%`Fg$e;S9~w4 zf`!1a=QjglsLAu2_5M0aExgXXFq-gJ30{j$;-DVsxTvJXcB(xA=n5hOIAslzXM5O3CO2ji2<$-Q(iR1B)$@hy~_oz9~a>M4pb z{)VA?Ck@q|*bY)sXe;wOsTmD`WhRi}0AH*aIxo)*)#*JyVo4Ce0(@!_H(kZJR@Bu^ zcvtFI7UG5dImX_7u9U%p`3y#vY;A?fTg$9oWN5x2uOku-9;c-1d=00)|*yMeOw3v3cl5M zirCOFq@zg_w!fs9wvt;q@!RRk_@@bVWxytl$8chqV+syY-Gv{5Ico)yD8c_K2tJ z55F^vIR@s{@V?&ptk%z-ekMyOh7G=f81BDD_P^48%KE>;en$KUYm}!R^$t^Pe^l)? z>Z~0%kBp05!kk5wBmJ-AJN~o&jqo1=S9pnyv^{tQitJkJCib+g8AuYyq8=STg#DF` z^ha%(rnJlV>P-~hdYe$B2#VkXpBPCQSR)R~e}b>XubOf0zbOb{IsVk~$bWJBx4E@{ zKXgjpi~Q42yb=D<{M6D%mHOv&LQEcfo)?M8@*aZv5WN(I-+qVgeXicEa(#?^F~YOs zW>Eh?6$(i*%>8@P|gt=`t0XnPM&w=SUuk#NNCO3pKz|z=KOl zD41JN$n*I6*#dm6z-K6^l9YJrV2Zo-zmoQJnTOOUVWZz%%R-)SfwR+u;pL6KW}8)b ztwqZfi&687zXOXAP(T`vn*E7yH-!0;q%9KcGs%AQxF2!Ajo1%X8%SmMQ_+3QB5Z!` z#~Ev_&Lw{~gF z9t83h7atpM!1p9DKVV$O%#r8zIFelPfb{`9$MafJ!_RM-%E<)@Me#FntDHFim~cX# z5R8{6pYRjnWh7t1S!+-o_s`J(%;M*K7`MoNNqz=CuaK2w*0R|otiVX7+fbkn`tnx< znOM9b4)2x@UJOC|$%WI7z6_2rO^eUSfkwqr2MlJ;#(1^B)|fWeLxjFK5y(eXfgCB5 zV82i0Gqf*3R`G@*&?qN;A&Qyf2*M%Gxco9xG34k($ zFkYX|x8^26fyMf*v@f8Ku0g=&XtQ*x-?s#PJrK41Ew1-QiXuN{^RsW(iI**Mq6-o%nKS9FUecmdj`+1{jb5 zev3EwF+g?uX>^85$83tWhWr*`5+nKr>nBWmo%r1cpm5B8f06y_YGoLnC6`6VaanXN zURZUm@wK zhWphIvw$3Houin3YXN_t9i~1Dw9yV7p)gT;}VlWXf_Ab=Cx09vah}jbR0Z=M40P2EJ`kepaWr^~K0U)lE>^CnG{2YB? za{xDlJ2_-7ypppa?m*uBCd-GVU|LuRHAqI*w_2fSzNA!jegf`KMu9t}mVDeEQ9D2x zcGP@XtAj^nH0v)2LBXs12sd&kzKG`o@oo9XmnR?hJdeZ`AjT*P?#0pv7|Q2a8f|QY zt7Sei_#%_cA59tjz6^9$d_B_Y@sA(AE?{4;h$Vqt=oAdLbTI-vFNFNM*S5%()*Jvx zz^p1KOk)BYXph-*enC-mAq##iz6L%EL;g8f&=tOG_4!@R5&u|yxF_75diF{6z4GVm z<(MLzAz;@}D3Qq0A`|}HZGSc75oLTK}E%N+Iea0IyBwW#?7DIL>il)fTLVNJZ z{8i})3xHE1-_|#jw=pxHQ0d9i0$>?6$19kFD(TIJ>)TB7zV43uAPMv)v&s8-dA<)- z&rRZZ0KMOlBphof{&&h?z?yF^v2W08LupH`g@4h@t3Z;L$9n@Y`Wf;Wa6`Tn4mRRp z3{V!$*0KdEOb77G<^+M(JE^O*gj4Z~MEDBt^{O{GQz2GB6v z@dir(C5kKlw?-|3FOqHO4b+7j1sn0N%FPw>>+Ffhj+ZfMQ`7$o{Ld-HtNi@bp;y<2 zLE^(D5mTbL4#koO8Fn@Ecx+1=4E3UIS#2Pz_a zHvzBex6eG(fL=%SIlE$!Jm<7{Y3KY*9;ELxJ#+)~PE$D$!~Xqg-ad03JI{6iE;(wO z%C69}UBl*n-f6)eekkJ$csvl-XC9I^uz5TVoYB*^e~>acW{YCX`ofzGzkb2FWtLRe zeWVO{riQ*%doXt^)VB8E?q+FOX%9k{tBm)U6S>TW!RyAS&Gto-J2(lpq;kBrnEa?t z8a0Q0OKFK&7&8|uzO<-g&?7T2QR*O)*r#%JXw51QpLE~TV$MOC=kAXwL*vaHG}h}6 zFo|+e8dV&ZkTTt4_GBYBSLjqU$sc(&UK&O(rSD2t7_`g~mJEt+#g-S%S>d3c@PjgQ zxn~b;h|0*3d7AU+M;47cR@zN!ghQjUgk#1_j8c@;MF=av48Vh#$(Q)Qp#<%w{P#I* zjp{m}0t+BCj#+4{3#a)}~j&3p*sxxV_$8a%CSYib1SjW6Q=L|O=^@c{s3 zvtkCBuX`~WOk#nA`zzE7S*1*HTj8L&@S$*p5v^ZAWU%?vo-6$&Nw^^S=^jD(x~LU@ zwox?$6u2qkzVh&s-73s9nX8!(1ZEX3-%~1rM9ZXe|7mgW@z zWCB%{e%ppgM6LGGw{7iqghz9E`wI#jWx11# zVc}DHM>g8wYs`hh$lS}h2L`V!&nh5-A5l5}6o#UE*q!Tdfy|%l&#MEW;}Dpp40`5; za<4Ens+P5AUegDtSFlne1EX%Snq4@GsVY!JUslW)MEc0lNBn(J7>+cKpFBU9UHM+< z7V=AkKi4PhY$wfzxo{(|htA!=3<&PB6 z26M0wa{$Hbh7Ysx{>I4Cwn9d z?L%<{3&Fp(W;a<_-Zq2rmnXtag)ub&%X$8N%Lac3|RcnJ5alP%RvX~Af{RHU5l!M&u4rkw-uBe zaFuEhC282Qbh#Vj5Hu$u?{)>-`u?1YlkC_2K#N29l2rUpqAXNg=|EfQM)jZ#`$~Gl z5GJQDsH8pJg)U2LKoRi>sNC#FTNBfuI!RwX+F3+PVt{Ea5l4%#VR zL{4gF>0#2q^Di7cMAxHb)lO1Nd{J}&9>T7G`pj%WUlJ{5kc?T~XVH-uW807K@K~1k zkj{>GL4JFDnC}|H2h;D+v3S5v5iRj~u|l;Aa{jcc$@^6WJwG>(y#l|zG5 zAymQO77rO)P^g%H>SI-;Xhht3dn!y$Eq#9GIuNVMp8;Vx2#8tF-v9;Br}K|my}w4_ z7z2|$K)7Kl<(L?mprS!|o|97)YcJ~ZtwJ(1$@@jMF+!mV@8A0uq5mQbMqS&4t#9kB zU^LDe#)fmnK)_n$1gm~4TCqe}hCX5rF9QDSmJbywKxC#lpm6o zOQrp*e2&3uC(rutaGRpZbN;*Tr;lL{3!oeRitAA@yE6bFTNi7c|4+m3g+FTF63s{8 zZ$0snlEDTVDp;pBe@t!uJ-=YwvUwb-9HhN@{wsC%FBdrY;`^6C7p;2lw)>Z9<&3gf z%bSR0|I*r4L}e=WFRwY*?O%?XWmv3($3{WC0+@e>^m;M-fF_r+_B^!53=nom-W|zz zSSsKK4LED-49<5!s&Tgi^y^P?Kdo*$E^zr?Q`&F*ER?RvA%Qk!_ZyG-H~|=0^9}Ad z9*7spiaFhHJQi=Kw%<65{n-7+FAay$fN1_beSt3Ik!Xti0c{ZYHd-v8c9Hx=tm{V` z6o0|F`aX-jNe(Pvd+om7GTZ(MkqN|$D(lgMQzwKMyF9r4cwKPbAj@lRY@9t}ES{PTIz)r~Cv`kNd7+<{6* z^b3gE1O%-W8n-hDP3`2N7vX(^TW1pMz3~;-8yB@J>B}Gn_%t5hJWfhu@y#QoD2i`Rm*+Xk2Ce3; z_%a|s7&F^qElj_7%JIz$nNvXsBvj}8troGLijy%fNu4OZ`3#?5M|@N2%K#BQWBy}R z{(+7!F%H-SwJ}ApEmsmj5d%C+Oo!2wKjFG2TRKU6^Y=JNN85A&*-(+L;oo?DC+nN< zP}v0VSI)n}2Zf_PDBv{aUQtk-L+;SsW4iI|cE;h9Rm3Cf<9ng@gFbY>pDw8Dr==o4 zVygZ$^?O9yGG-sE8SHl2z5CGRll5LbdmwXY{muW2;=Nz^*gp{O-R2qchd9KD_cH%j zqn2Z4d%k(y@m`7NR>_y=FEg9=UwA9@k0XAd3@Tqu8t)y%^-`3PDBimrcIDAI_@sj0 zqVenb-~SWut%x80gYn***9-R`-pf@e7{Uc$@6Z=RP!z8>-phO)HHNbNNws!XDvZ|n z^>Z8aIaJ6L;=j1&cS|U}CbLHy;FNx&1z_EH|K$8c9hq$iRZGb4Q)-XK&OZ720xC>G zOh4DtSCl2@cU9I8%|Z6%h@SSKF37=27B-a!5xtBO}_`rK68w?y+1 z#4GM*`^cr9QoLfe=e3AGEWg#|?`nP|JY`uQApnGA0!^KLlk%4)wdeKnr)~nn`4yJU zD8*u9()=mcALn#e(kH{k2^N2n&&dMLx{x=B9|LdHmynuUk49Bv@;7f z?{%k(cl@g?6oY)PVQCYOcl=t);_;6Ekg}=9JI>sW{HXDcv-w-6WL|;va93Y@i_j zYadN4>H}B>ppX17u8l!NZVNofmttna_{Z-=?tK0i_usq}G5*2#b>kn~qDyPC5i?wa zr#CzPfzP)_4qvohkMnn{x2OMD{NqNXrBF@9;~(FV(pdbXM~b5O$Gb%T%n@!te%D)z zLbNe+mehM4@sIl%Pap&n#6RSG3KsRMP|Ic>2N}VNteyGxLhDBl5q{vDB9>W%v_` z$?Kb4c>+vmQIj90wBPCc6Ur9(3+&15<_YuBk4=Lz5u{Jv8)f7;%yU%07# zjjt1F2ODpGQ}g+L&v9fvHJ^{qb}_;@22`u*{op?k-^3&<{CR>YJ#)GkrgAoPS(?fuBE#OHLX;T5=Df zMQ3)DTQynmAwE{DiK^D$b@_Q{q5ijdxa6-JKWMF?@37vZJApNV`1Aii&lf!RVd2iA zIYTz-VFPTw;05{u-u{~rKicO5|495uED+ZAjLW;sZVe&D^lSBcIO6|$@krXhdhw$- z*k9nU`|(8|R>p@a`>%WsQzbqWdMCV&Uudc z=L@8N=4aqNe$#pwbCH5J#Knf37s8L|==x#s#C-fgqJtyJakOYCy-(V?r1GVs2yPY3 zX0k$)o(twwdUZTffhPC~0!Tm*K2zXJLKbC0u0mTsJqvbj7U4Y0xY!J>k3 z^Q0m_h9;02xL$0s4`&goZ~EVa>;88nxUzHL8q%E9M=kL9F_YHiVi4Ha} z=I$F9Lm3%U4-*O-5($VKi9gwW11Ci6*jlll?)_)1e-1~s?8NsCjDsfQ<~fpr7u*E$ z=4FxdT_fIX<+rYXqx#0mgZT2mPs8h&?PvD}KmAN1bxHPeAM;s5b^x={l zaA1PXzEU9ys^~K-Fn|I&H<`Q2>|+jxGfQHWB3HaNyN*63zm5w%b`{+dr-%2K1P<`^ z9JA4e%4DmX8e16J>*qz%pUem2Ej;rohn*z)!nE(S-L3$UlB4bdjIwE$XdFFd{GZ{j z1pb%iHnAEdWRkqQlmgEZyUe3z9xrf0F*ydj;fr+e;)|$Rsu@*^%zXx)_&(=D!QM%m zP|6--)HHG#nWs+VvMgy*D3G=`REm%iwIVvS$6xKkkW{@+sNkJ~}YiJo6;cc87n3Ee4h;(Q!>@><;Hi7Q#+>F(6FgEICk9edD@jV_yH92izo z(=x}?z#q>X(7v{RH7nnL4h(mU3Nzho>n~5uU^jB?kH5xol%kwSTXGPJapC9}laC_- zdq`Ht9k^$r=SKa>NwIUU2QKMw2D2#5<~jiYHW+%MqpPGesR2JKaQ`(N0 zX#lx&HzusKDmH6JM|8sIXs}#+QV=?9>lK2qn>AduRb$#PXI_GUFm=kCFm10q5KWuT zteZBOM5m{eSDz4MpuzuyR@KvX6Z_I>>#s3w{h)roOk2*)N^LCO<6e702ebA)83cqp zOd;1@Mzdx)08O`$rX%JZAb)U{=mPlQfhbm7ZW8+cv=>kv)a@c4%DL1g zxRUsIf=@j#7eAywOnlk=9GMyiMpRRgLiyL2!GSY1rN?A>#7=mSN2GOJElcEdhWTwV z!!WMQFm@O~%;Z(|*JfA#M%c!9xfS^^LNw3x#9{&nSgWnM52 z3>L!|*q`981O8&!RCV+GyYWH^>DRUgyo)Prjc>ws$JQ6&`c-4n;y(b#QJINlKO~>( zI#$+)x*0}JGUo3;k*u^abBsVEpJDPl3ND`564-b4ZKU6QrC&UZ5EGzMc^!=R5A1w^ zc2ij|Iec8~MD{PBOE56*(@~$84|)6jBfjA(IUilpXv|ZDNE?ls_g^j)u=PfxdS!PX z82c+2n&qQN9X4cUC{sV^65>OH^BeQ#ONu6(=vwFB)o-)@&j)n;vYDj-m(3FUgJ`6( zyr18gOSKlB;V)+HF}tyj(lL@h=bv(J?OFJW`6qpq9pS6ZR3PD@Rp(=A{)ctn>cvOA z|HpL@=1lfiNClcw_x&Vg{2*Thp$@wGbhPf@A`Zz_9`>K7HWYJL=cC+;?$^qeAJ z5l^!8aquaTK_J&(YXyH}KE!3fF4E5$tr+LzF&INx#}NG8b9b3sH;t}P{LWK7qh%T)>n%_$_Ap1>-aukf-4 z1|VoTUeYQf@KLpe;@?3NW|IBr zrC_dQc+1^pDd&^%4L7uc8+VVPy0rN4WJY^IZ&JlyUJ3Op^rdgv^M&F@>&3i^q5odn zBEG_gm^nTB8kngQy;kpkO-0^9{i3dPnPEAR`1wt`uAubeH}&E0Q`1t751|;$Y30Aw z(^L2lW>Hr@=!d$F>n{L@ACMZ&w?CZEA`Z3rJJbhWw{gh=SA%!B#__G-f5@yG_j-|5 zS_i-p-7!(Y4{d-SZ6GrmZyPn|az>>S%<9}^F>%ROiovLv^8tPi6Zt~lmoU04@qibW zlf$J(ezfmm=li3B@luPlL#^RrBMKO|;Y4G-E=6qZt0Lwu+V-w&V#&ayAw6$^%`$VLwITZ`uph1-}N^(?C~CkPR7l#EVA zYbv_{qk!3Px3D>xNj}uFRPMYKc#SJS0<CxRo{aSyncw!2lEH+W&c$UT(v%-kB@o~{g6Mw9kjvLzRG@ZWDn$f6=8kWb>|m$ z4-H%me`PBA%k_1U*GI$;^FVo4zW~%4H#glBtm3SUV)CbuKdbZaf-|K@RD*V*52K4zGgD&AXt zTGM|}+(0+rg?NE*7DZFU8(vii%@OtZN%XHVcZ*S{?ltl)Q;BQ@_aFU0RvtVLGtJ(A z#1boeF@6p4X{tIO;O#?0J@|Zk^9uD&75}z+{p9s4)e-cNek@c)8pkulj5O`{aB9|H zyd8w%;}wCI`S`Zp8vt7go&VG{)6^qaVa7dw$K+4vhlY(~g6_|7z9fnVK5GK&8uO?x zD*LGj_@~XouR5w=p4NSs0wFh#MGtvX@(&ejrlR?oe}zj|hy4TV1#2eovwMXv3Ik23 zn|6b%wL~Y{mD1s?Qe_ZouV1VA(a)EBZ>vI|g!wv@bMdESvOvSy>ysG0sS})kUBS^# z-;p0cXzCB=OW0^}{QFp65;sr1i^}g~{opU66`&^8nzuqLh)-AXeXNsqiU;W3_!0h; zZw3sMXRGAf+{sa@_<2bMKMa_|MK84v$Qo|G`-TWSn{wh}8=Ap85M~!T+miH(JvDQe zA~8VTG%s8v7~uhD9YL4IwdO9})8+e>=0SNM^NayUzd1@ftK68_WL=Sh&F~p$x zJjc@Y!KgW}?CEN@A^B0u0g9GtNk-AzD4G;YH>z6Z7q!~+ndDti5M$;Ma+oMsKK+tV zNIVat<;{^7$r31ne?bNOdAL{2kmR!TCH91&bNanK$0^Kt(@A$l7i?qZ-WLSsA#yis z#9(&TZ>+Q`fYmR}Zex89>rdFf+#ms13+8*@2xl}FUwEDCW8qN^O~uy>)Hk6mmxYd= zRffig28pe5nnbne9Xcw1-rnF9Lzl7~3G9{aKhXDW5xqG!&^-Kkp&#ZD`uPLVL*C5y z4^{ekJNJqZdneqO7yrw5HfrX7ebXkyu)r@^9s~;7#jt+D%A%QFJfUkt0bJJ$?oy?f zS-76tRZpXbGH&)=fQ7m__M2?Q3wzSMyvluePQFW*S)D?aJNi*>u52PGQeaNr3cqpV z$+f)k;gW=Z`fth_c1tNE6zd1Qj%4&X~LqhnRJ`{ zTxzll*P~`Xp3Ik}(rS5=TO~!ihV2lneua2s(krF0{e!X7y-@)|Kiy_iB7LM2#Z)%O zakGc*)Scgy!N1tw%DtCtn-$`$o!8u$%B~8#SgiVf%j_)=tXl6K5fCJmTC=IZ=ruPy_G1$)be4g|yg)XB{TjJ_gIwT|-0ZZK0wng_i z_Q!UWvYZg0dw3^14i?ojN(-v1Uv^Nu>~@f|A@$OenASue(nazBcT+0SHg4|OhZpcT zxTQZ-b!set0iF`SKmghiE_1?pG9l;Vw}pkFw`@*W%eznFX)G!VB~5tN;X z%l=j2)8>K|!W7-5#?<0p=_l`U`f7zBy!aDMskzf1N~BMeW-=j;0=y6?8}A`|V6RML z3qw7YS$wV3;`vRPolrq%B-JF}ByK8696iRVa}>7#Mz&354;*!k7c_%~k0&{*jkA(wzTz(xT2+7YQWYZV?I77JxHA0@aOnF(VLbzr?99jvo z+_;20WH?tWFdv`Y6jSt893fWsT_)3~;)&<4@R{w?++NFy6j0LtMW@TxJB#(=;wU#e z^}LJCR#12>Is%x^kEMKxoBi2bP$!de{0xNcbZkOYfY;u4-A5%yw?V&(xj&|(mcJlt zJ44lHHVLqZKfuNv%ind@$5!9-E-NmdsGKFgma>s;-;had>x8l1`lQ-EbnA` zfjycg6NsgZyLh>cHq-m-M9kZ>t_{uPQZa)xXRA{{)I20T$Zx<=HpA>%zZ!M%M`T!i z#}Degx03~#c`fGmgbwzCY6R{(u{A*v<76w*QK?A))sdd*i`rz;Z5;f*ULs5F!$+<* zyKjodG=Gwy4hY!ueko1Mc$xGZ8MdRmhVYp0V@D3KNFhUi{Lsa7XjxLX%{6L`H9A8Z zNg>IfTRLVg(J~>+->-;(6$A@r%NT+Ma~pJcX%96K(&j}5rW*60MnCojSAy8QgQ_2W zuQUfgAMY|%+Z#^%B%^G%6vt>SCki^U=mC(OjNt@M8_;ZI4=y_?liuKSX%h6va7@!$HO#@;zAfNnRkMN3idc4+xt1rhy z&3jNw2SHP_j`ei5^ zVRS76m43$B_WSGS<98Ydjr^TSk5iu!xak-GeaSPlOPa4a@U|>xg*^#@q$cp`t?o%F*L5ES zP;?pbF{hnd;orAG+wuaL8t@6b=lwG3aj>@8yJd^_TkHJEy@pec_ zL+ZP!mtIyzkWmm^Wg zH|AwmNpW_?627%E`3M%ae!O!S^yxQG0CX#lmMrIhyE=N!+UNy8LV#}_kVyssvaPP5 zkZEVDfC=s))9x56kC^rq-WjK;m_u2|9zo{-M{65Z3u{e*Rat%>%419Rm6_xf^5!JI zIRT^!;W95>ta!UA$sI4ef^UkyrHAy9Z;42dVPV<)T_!>&kI8cK(LwxmpArGPtu&`D z;SSglJ{}3K0~2a24Cg_mS1#><+Wcl0)03!4$nCEEw^F{j3@pA(o$61w- zf5ZK{k;(`TyzskTn*b;5IMBuEr@AbD@s|RBRr%W~TgJ8)v*#*~R{yP%pWC6Q+dG}& zO|KWV$B+L|TMJv6Bep_!VroTmKtFe%FB1nFHIwhM>;QivajLJSAtZ4X4HXa5OOSkOKlcBGbmn_9d||g8sitTyb zRl%YsGziwevFkh8dyf`)5CN>bYJE@E<^P2-Mqxv2M`M(X(#o*JqEWvDsApt0SMJlup4Oog^xvmVb4wrqru1l-@tD9rxk#t`fm77ic9oVB6^qsRuOZZ3u-x;>F zwt)XPs#M#fzD2pY90^gPJ0Z zmpge-f6SQ2r4I8t045>@BYYkqWvN+^>QV7Mrb_;wg8h>3wMQg~*{@!#A>Ks$l_Aef z#eOx1<4$P5KJ`cPJ1sH^RGi3ui5S&l_=}lWBUakluWyo9l*WPmVt$z|4OsnDfND#v z{d!s^r^0^yCMt|L{B~PtT4+H7_LiVg*4wXdvL4x+(cs$b{SLlah{q;TezpFUIZjL-rvfYsFK(VZW4*~(AytVn2l}G2 zS`w_3gZ+8+*U10e&)u1oML^tm@%MYze=qmdRKIVHt#=+5U?@m)!u+H*Of}&L9$5Bk ze$oT13Ub!WPuhJc2P)g9Oa5m39Z*tpPfNDr^XL!1kt}(YbdG=v%_+i|56CmN zUgsvq5Bwq$L7X2G=bwd}1EGKueX-A7FA-t{0dVEy?9;WZyTj_+62JJ0NM z6F}v|b#i??NAln5#B-cJ_VWj#@>?%H*QKbZ=`PV7CrQA=Y8r86rn8hzV%iQxffHR%}7x;X)%{AX`y9+1FcdMI^KLm}#|F#TS%*vLqkPiI- z{ro9?&>5P~hd@7XMTUs!=UVeyQ(wH7O(h>JY4-b7YSu$eKPa<7>iOL#t4DtDX{$%9 z^5{fkw_dD(U-sn2z*7YQ|F$m)#0Bol-6_9e(87GnBLxo4xBMu7TXgJt&heME?|=&N z6RidruC0Hdw*vkQ=3ig~W+3Z7nlE`MVG!S@X1?SS>{xP~C|~k7EV1MZ^oPTbvW^%U z(Fa~pe3bm`_@`F>Z8g77JRh1PfNT@YhvWw{cPN~X(+GsUQ{xN;2pbI(*o(>O8|ac~ z!Yuz+!#{=oCcHnq+4)y>=^5vb*H^z9-q+VYobTU5CsfXNX#c3Mc;EH0tS3?rmW%AM znJeY6?69tq?qkzV(4>VkCm|U4yM7iU>ihW&;9e#H)g{*4*cN$ znF;9ge|diBubKHM5)Fd#Gur2417id;fY|Um&$KfDsrl0xcIUMsKlBiM5H=*R(~q7% zWIci9zLjz3pZoVF%TX%izm`6C_IkEVvbEPL6UV?sSpZ+_81#xnmF)Z(%+rm|z;C>%E(v|o7d|Ey80Sq+Al$E#Pd5ZV@yibRR&jBkf>9E0hHN}tF zG9sC>9>MyqgEv-uT#+c~`CQR?V7axsfqRjUf|tAuz~}qRvX}lXfuHO?n_UQ#!UI;X zo8QW%>lE&@fgIrcC7})UEA?ftw#&9n2dBqBAQM|}1p3;XDShR4tJNQ&298{GA)t0e zUhZ)X#ntE-q0c63Uu{3yls-PtFbW1Oo14@olD9FLSd@O2 z#86%yH(e)MUZ!`W=lIIzhT~W`Vy@szrei^*&)473_DhR;=JnfBB0ShulU}Wnya^w& ztznD-b&V{$&kU97%8=xC|X4xpgDVZbj}bkI2$o`Ac_e5Rj$%;9jR z6+U6anZ#<%(>3*><1gU{Np`D@SJ?R%-x!8{j=5zu`W8c27SE#M{vcZ)_)d0y{La(S zQN{eLe*^ur6w@Yp3RVT=lKZzbCRH^1EAq5An7(_AB#t8b+`DibjmpdMr^5Jnf2Nv$ zT7?_&jZ2jbU2$ImBsZRjJgjDr!S49*ep z6l8{ng~fUn^gNI|S|G#a*Cy}A=sYigs9$=KoojQj1cngMk_cJ9*@Xcwy#S(9s%MhD z;Iw}8q(+c1hP^*MGi=_%GQM2TA5i%igkL}GH#;&8%k$Z}j+ICNPl=(YcJ|^VhGKC@1w>x63mMu^&Gx18u`Z~T(xX2HRZpBs<%~|1~ zpYVgqB`SN^QH3=QkBuys54^eGC;XSIKs>v+q&}d}&nYGMll7sPT)fT2W07%~fd&G9 zIEj~N3N+=?PqDLPac%Mma6w0rfl}m8lC>CEWlmX+_ld|{?Rt1Mg#9F1mrz5Wx8FD9RWNuG)N zx|P7=_V!8uo{=$&$shK@rGB#zPZ+%y8`qs^A_3XF+5M=vx;r8suLI*&`=g{tYIv4ZB19&Fmv$i=+m|O+`&LnH#SpN5goN3-^?Y(9_?MQpO_DkQ6PL9w~}c z`L*9;!#UCq?$=+%3>2#P8_0vA-WyfV#@uNSzt^`$&qrAI!M|^j8CQSTnBzo-X)Fm0 z_CNUSk%Vfi*slxhwcfAK`hkB^z5XDVfhgdtS6J7sm~4y}d~n?*K&zJGjQLN1*F5)0 z)*LZ^y#Rk@%xE>?_}jr3#(!+Qw>i{Kwtlph;i;GxK=W~#&rH+u_7~*NtV!=9aQGQ> zqHrE;1l94KT2ZSQfkAD8dwr%O> zu%5m5^{3c>G@q)Y-q8KplJy{KyGg&_7SWHwpK;%tf0t-%XGukYi4D8tXb_c-AXWos z@b?5CmcKyWQ-jv^H*51V><+yf@pqvM;P2j~hjGU+EFDF&JHeaK#nt(kg1`BBc0DD3 zQ}6eU{LSS`qXJrY0$Ml)*55pb$4PnPPT+4|J&rQEmtWDdrjfsSjnt0&n`g^0^tiuy zrPQ0)-<;gPSS6dS{a3)1w6AIIn8zLO(Z{+ z`sYIS6SMcV_A|7-%6iefG)U|qUQ@VAkH;M=?5laS%D%SMun*+eQ49lr2f=du0PC(b z5`PHq&%5IU*_C-C_vgLv37Mt;7u=t>DkT(vW?^JFxC`Qc?$68oNqyxy_7CgW|G7W! z&A&hIT@O))eSBX12k(!zio(h-k*h41cAy+bX$@Ylez^=mY4Ni}Pad%Y(9dGw$+~>tA>?58p zSD;B_=uSe2_C7CGg%YfpFZX?BQiu)YGOp`4b@Sya)*sItC2+&w;QlD}Ul2jcH(BKW z>GwzNEd0fgtonn2zfXQN2UWbU_D2JLQ2&^8`)B7vEILjsujWIDoUUO>E&oCF1LnK# z`eF!v2>+{<4-u!w8_7qSeEj(OsnzKyIddTTf#QT9lF!kj=S7#Sh;YyAyN~Mp4+@nS z8FKR-%pYhZ{2;L&jEQ;NQe=-}hP998yKWTOaFXX}?&Ztl3;t=YaX(p`$4_Mt=h?+$ z;3LnLo|K(l<*P&G0SM>;Y>i_Zks?6-y zq#wvqly4LAPxid}`4CPYF|?);L;SIc;?n>eI<@hx*nClQI(vs@WT>#6eIh@VC7$kM zMm7i;zt8FqK{TK;UtxPvh#4c$QfUxWyy}X4h1{>=D-1V&$PW|WXEj^rp)UO<-5;VZ zt%w(OZ&(oVo4v0IM|X8^?gTX~gGTUk_tCyf*SmS)|CdUF`49-5=UV4_F^5UU~YduXjHNPx+H>6_Wb%xx31;;AP>fT;1B@-4|*T%x3w?6 zTxs4WFJrfEnH4fu5*p|S3I+4Yzo7@cZwmJnDn584iPPpg;5WDG>;vP$3mJy-!C&4- zyOo=3EX?!fPKr`@&HHHkRmz6U;|J0=>O`+P|FjqM&2;TIZiA=F;qx&NEjZ)j_#MmS zjrhIQ)5rCpd+zAd#XpUZh+478IXVD?1J2f3@?hKaqGRgH_9qT(mr$mkk@!9tEAa5Bryd+*K_>;(y-73bF(Z?|Q?&0Ww#g6`V9VHx{&YlFj z97C2z8vYwC?2O>LABcTqe}nl5NKKjQ~UD|0CD2-h2z5mdNoqZz^j< zY!Mn;+DUCw`Zg9L-al`pJps+SIyUHl_GC^ui?1vWaYznuEq-{30E8$klGC)wJXVwR zHvPzr`#Rv4SxydI+`fT#>bOtfKvAMkk{oZbHWs+bB_s?%mBO0mI@XzABSH;>1!Xfg zxuK#Z$;<>xHg+hMOQ%S4;3~G+tv{M+FEUFvLO+jZmu@tIo_KNLY#ib3S7rTEXUUQV z4nytwI)4%$!qDn7AYbQhw4$lwBIgr)V1R*;cL7xPW_o~*AHR+Bq5d@E zduR$PA(t86hdzwioF&8Ap%+x4N)-LW3>Abty! zD6EX$VwYGmo$gTq*Bo{~i)-y3PORB>`&hT1L;rwu3=_CsIcZcL=O%Fr)?xN#Vh!rF z7ZPi>inV<=UOSc& z4R^e)tM+)@`UCU7w46bT7jvo@Il|UEQWNmK6_RHq?gZScbNizj5-T*PQH3{%FGlk% z`AFbsgxll-!b?>W+evZ&0~Z$by`)*FuATDQyR^;%D$PkvBaeYPK(vwf=mMZ-{nI3W zTLck{&7W9fmiy_90Fub@D!_(d1RT$=w+r7CUvyh-!WVTl5 zACgrX#N{}#BixOg+FmE#KRs`P~lN>$`ODO?@&#yE3Fno;6=nUW~jj1-2AqR;QC}pUc4dP5=or$3YeebBMRQK6X$0( z)>4sJ+DfWr$c~tZR{SYK9+@o2RN(b@(HbPnS(g?Xu4gOraa{bKR*`avrJK2#M4Vv# z8Lo$U33tzaO7(G7)J7F`TKs&6t0iF%uWZyk3rXkqlRlSpG_*Ww7pb;0@Dc^D_y4( z1T>N>g*=iPiS$UV&%b$ivavKK|rHG`GpUTLb44$yJ-yflU@S+h(toQH7 zX>V=32d8_0V7uk$=+r>y543vurbl#8IR5gA@%4Gq@gXT-MJEp}F?paAIUn$T5=MLr z@U@;P2L!7sN_o{0Q*^XH8$X&-|2Tg2y8BoE2=s%zO(cJ~IEy+4?pQpY=;f`5E--Pl zyX~WpH^>^TC^VzU+Ysb!2=Znf2h@baZ-WWoawttJmRYdo+~iOq7pp1DTdK`$J9;WL zs_#jOWKaE;<;nVFTYB2=iiP9=x`VjIy8D()bO&I>MI_y8QC}`3S!o8aqZk)8;cJT8Y2C7^@du7kt-!C><}&iModLN!NYg-(KW}W0-}#CRsJaFEDQNelYG-K#U?&x&UGLj%-~Wn!*D9>Gny_Ga3Wk>sPTKnIs- z((_oGe6YbRl#fu_ak;i!STLvHrK;y#vVdAh@qQ3W?tLuQrL-lIeijYh?Oo=OW2ZHg z#HUvz%swc<)p{f&)E=kJ=6WCSj%feBYr~@HkfhLL=F)jA(81ZpoqJ3)Hzu}+Sz29` z7Ym6Q>#S)&TeEQ&EcnuQ@s&31Ud;zMNc#fb)M9;g2u9w_S=p`$~_=;FYe#jRTveGdOik77ouVz#8{s*@NKIuXHw(!(ICA(VQ zFJ8qa5C?~m*}E<>Ji(wt&J`FExi+H5z-)Gv_NKT@2QHwy6lKx_93Z?+oCT%h;E%Rm#k($=Vb|awP;&Mw*$Ek!Grp&%9bjnt7d!H1kFoY33>!Y36E< z1VL2MTcx6Rql(_C5WSNidJFp@f`bsjJSZo_W^*D@_NwLVDv>0;H5ig;p+;&J6-Jx< zSv5!gtZ0=#?GQm&%AA!?sOnr2BABcYLC&A~;q?;#z(iX4dy?4XgLx)Y!DZGYS?MFJ8)(Bnoy^WD*a>HYFbN5?fPdMy!1c zAc%N{mnvlrjNq9r7{WB#A$Hv+>mn57RYyVwI!o{)nzcb+kFbA3}`1RYp2UGV~ zdX3xR034{QzIf8q&lkV;&sF$hap^x-;Y&rH4x6;`$x%ACxEme$Cn}s+-1N^?xL905 z9FNpkZR{EvLi%!LY%K@Ejb>HpXj&Ty%U*otv@##t)c8=cF9XjN|8-ZGHyln!*!EPe z3ZFq0E!lw*b}SxF4ODu~9E;4X>Y~_CtR_r=GNX2FF z0?+M%y8(8n&PF2#R?!+#*L2UUPqwIbOqFGmQHIGwg)2+Je1_W)4g z!yCzRDT97)pO@R0*n^`(x9avls&#us?0Y%9cO-5N4BIP-@d^wNE5G=kuul3a=3uL+ z;ywHmOD~G#C-e7na+~*F0*e9Z90qZ#Y%ji@#Ucma1l$Sdpxoyo0L=Ahprg92zcN#e zepMDf3~)p;mOh%raC)xq$T{^DX4#Ky`X^1czOVlCr-oaPLZHBbdw^XRQ z0aRUW?W~7pMI%BSe?SS*WPsZF(@CJ$gm{fwM|76KGpsQ1Cq7HcQ?!G3aI}%e*tC1) zC1D2Qb8!~%B>X=ayKHe9m=*ar4S&AI`J0a?`GeO6eO+!}oAh<1{#+)hvfK;Sk9CT# ztQ&z#ya7y#`4Zu@Q8RA3u_}NTXqRD)p z@Fl@4yA{ts$IH@6vZ6;;DSZW0H%FqZrYaz_02O5O z=t7*&jjKBkC6;-!6~7Q_*ls&0rcOMr;AD#@t&5k|A(V&JZA=f!24WyCP0^orR+E3u zN>7CL7gurzt^e67H2|IA6F?`5pG7Ni zr#SfPJmD*BP0(|`y(|s0ry339GS#`U#AufTc{F(+?yuWRWaix3Zsr zvc;YR)Z&pS;wQFv>6w6*#wv%tRDtG864Y3%{dA^@7Q**hq*WP^d#D!7-AE8>-^)(I z_IN)im`~8i78+Iniuy03) zi!-QyIE*8N)juzX-IQy8;7IWV60IayuqYYJW+X!Xvj&x~F6PNOl{%1hIeN=NVB$O>Rv!`sI+=wDExJ6Kj`dsif%&t%{92_gHk8FL1}6xIo?3um= zU}-JEV9uGF=1jv7`jVLX%lI*aVT{_5LT%K3v04e%<`Q<<1RhDW@(Nx< zWs+}RwVz#%2dZ?zNW6P2SVSCzV!QD~iXA zjgNOEp5YA#__d)PYqrvG5c>(tHEv$5p45KQ^TUfXxy3%+OSCO?=Yp3b)CNwgDL2TF$zfJYe)T!a&^R97JV92zoE3~15)$`Eqa3# zJ&8U2G1DRA5*sA#WRL_ZCRyj#*LcbKfoG_G1D1rs$_vD3UhWIC=Txop*s_gd5+5OvEP7WDlDXi73uBE!!GLNvyH+7H!&VKbHY)Uv_g z3tb3DNG`_`W%<-!4$bt~B?|EJk`0)%4Op8j$J%7tynW`guf8HEql2>ENv2wo@Nq## z3t6$K1HF~PE8@v}Ag3l@2pwC}N*t}k(Mpn6TBDUJ+e$uuSp|jAe%Dk_{342Q)4upz z2q2w&AkIBPDMo&P%oJXSaoqljiR2~Pg?u-%1ir5AH@7oXefi#T%s0%tVu$nuFq)Ox z-2l=Jt=S@G0Mc6}ohnX}z;{=l?|ScJcROq^h4$En*e2a(FG9dDk+hU#R4+xzgd$43#hKaG*|5(l9*d|GjZOXFfQt!Eh_m*QDOp@%d7BvF$H}?2+}9}# zj}UH{n-Cck7wa+PgW&H14P+_Rb^}XMHH#Me!A&dPy<#EdX)ItPDQgOPeF0lsE#_KNa-1-%Q6|Q*b+t z>#xg?SC!^M1WbNDi_-z85N_poLVn`dLc1(5^9BlOoIZOS7J-#}Z4_pJj~gF=X=^zU z4$foH*PccAvmmiIb}bnM@y8#DT}vAHiM;=gJooJ8D!21kW(F2vC!LLuL&7ndfU??DIjzI~;(UyJivs?VMue%;%cnO% zA|9-MY+~bMu5s%pDwtnmHO5x3Wdja}OQtv*uevQFjTU2>hGh!(pG0i@^%7Q^gF4#8mNbRZw4XFSTgQF_MF69^aa zt;jDq9(5}Qmdu6McZvFhmxxa|zhog{=a-zy0?3T>Rj;w* z@)fJB`mMI1dJNQ7TD1OB7)|)iF8qu6`9VROi9$YpDyw4%K>@2A>MY$pG0d z0Nen2Y(Tfyo8fsOPF=v0(L@ZhW}#U6*A5SH4Q z8cG$9)oy`S^XWsbADNDa}bM~2N^|A-E^(=WmKJiFg;&k$w_|KVI_O_E;U z_-vqPHz0Iqz&o|o(|{r#zH*n~YHU{uC0!|)jAYCHNz!~2vjUZj`S=-xU#flr{zI$5 z{Kb68u?GweTM?fR^m9{l%$M(U9FyY& z$N!-cju{d&A<8k}tV9p`f#JXxrGE6bkYi{=V=3r3rYGPSNJ=i95TZnHc$8xfdP!IT z1%ws4O6b>RlEjYv;GtD6y*RuJ9YX+HWe9^KA?8SwEyBA>GBwc*1EqVwkY(p5YJv7B zBHeQ*UXE3QVGuDc|HZoGWq4iD)|ed`w|}-8D{Qo_8Up!XNiIu8H~=q*7T#w_GnSFp z$S^1Xs=*RH*k*__u)MS0@PpVWGFB{Tc>s&ov44S*1?S_4>Ilver^XJ9rI(@{v^JIT zvz0I-(iE#w2ymq9F8%uB`(DvIlWV zxMAF^Kpm(YfzwTS!H+jReHzA@e(A6Z?1&B0%mz~@RYt`Q?eZJ3Wr-?3MirDMK`{vf z`%1KY7@Hc{AR#|bpm#UGU<^d#>iu)U0*f9Mc zRlwJVWw>k?XYELJ+xt~exKZH(jTQ(y?6X+8){LNa+{ZFrNff&2fUUnXG6b~BdoT)q zV~<&jW8!}EowOAYlTGqm14U-Z19lDOe*^EpBn4UxSE{=)(CA!iP7%Eb4n5uM!cjPj zXwDo1Lq~dbuOgbWh~lWD2;g~-dA~6`UllYZPsVl_OE<(=n=8OY`x3jcuoedfeBcaF zQ@2IIyKu0Ic2!~vWP1PZO0yAc3BM_L+{e}#JMzFOV2wqSx6Jzzt~if_qzgev;vAH2O`@;`5d2&9?A|wu%+Q=9ilxwB=#411Wh8MA_Doi5HhW%GI_9i z0(@bnF5nWfTpR=r_{fsI%P<5-$UZEc$3{LTe1-Wrh8h|w)w&}bqb}1*{~$T<$0(!Z z)(wsXni96!;n=Ei6yoT#S1K#~)*U4IS@2r0KRl8%RD|*%p(fPAF{{VSOE@R3wMgX| zQV|wrPDE0o%dg+z)!(8l3KiKcd;sSNruhc*CzSS^ZxKPzBO}X@K|3ax!O_)Oxc;i6 zJOz`IW9{X{{{@DE@g=8D9g`N!H|WnM0p6n>DA;a~I40d^ZepJ~Yj*mrBkXw+z7)S1 zgX!e7`A~>bT@@a@{AVG_-#jd?rp3J4O zYtGlSOJiAV?ZQtpa;av0Ew)w@%-4_rS}ee_@>&fPVOs(|HLxi4{H4Grb^oH&A1^iM zqp2c_>nz)DC+f@>NW1Nv5sf@)GiKg0HyBP#1S@Z4{OC{6AskjJ?Ger~sa7n0+z<|% zd#FuFCCh`*e?leWI2Ws|PSAzg!)e$8kFl`zTi`0N%*2s%`ZaDx%eHSv=?jyzKV;5y z?H_@Oro=CAA9LXGzY7Z!@-PDj*AM51mHhrV4dZ58RU1Oc}r$WyFk4NY&U&_?)qtJPAF&7OAH5c2|{1V~^_jM#*B(LE9 zB-I6&UT`?HTf0$+B+?I~4@0bAe)l|v+}d248~+5mP6-K@186X4-i4mZ{y+}l{_rk% z$xm=lCtOGp^tU0zcQn(uCsY4C@%=OK#Ue)7AeU-6ep;-Zt9GRD4aV(7_DyU@F-c>a z>i6`tAsHNgEj<^As(k)E_wixvN%)K2=Q`^t1lh(f7S_w3@~CrTp2t9I_r3COBk5rcLfuu@bq}s zka;^20*)4Ozzc-Ffm9!RV!-14uZ1qcw&+fT8r?2onDn(K5tmmmpCXj{E!feCglB@o z0{K=;#)$Y7Q!Pyu!Tys$c#)TEDqf%n$X8G+%ojPP@UxLS>~Y$JvD{dM4Ck<5usEgM zvf&X#nfZ--%}aY_J^}71;ObH)dY)2rH90fh1QLPoF=a?i2Ek<(A-7>tXP#rC=F8 zJuqH)oO7)#uO5Opa(6_e$$o2EAsTBy>LaDmM2~Xrp^8F}c@G*bcA^%pnt))3hBk-* zz6?)XIP!bpa?b#o*cH3>EG8#*vAL`bOMzjJ4(SFM3_Bw_Y2FPd6G+TNBz5wiZ z1JtVe!hsS$`gj3DMN^7P$DI;>0Iu*Gccxw#Kju+P+V=mDUhO>&2ZiZ?(FxBUpksRv zY1|p~?Q&&*<{Z+zv#fg;BD1&*NC0bqT9DWoYqt|hLD3vfjgB94KQvkZ@~r_#myH9# zA-jyTe=h+)p_wI|D&s;iMqR0sd#_2~!^y(Qz5^2y-^<{8KN!2mtKXha3<5@lE_gqH zr+i{76A*~cX#QX85=?GtlY;*7~&Fm(dD34 zX{hf>TAeY#=5v3T(tiqX0lXFHQ~}gA($KZhhD5YG`?C(dw6MIKcjq1daI&|Px**B$ zKm|X1G-eJ4rSVP&5>^b(Kg9LAtna9t{)Bu$gCmN{>26U@i#bU6kLig7D5t>O7N~c> z1=+usrWhB1b=^ou;!mojdj6vHDL#Pw;0B=D$qW0g@D0q*w(f@f88I*3EpuiA6ejGx z-LU(1Bk=GNEz8qj6xXmmJ9t;-RPC755_2 zpY-p45=`ML$pTdFujZ2*n5#x`@Cf?kIL>j=tE+#+Ll zOYtYv1s^JFDE$qjN?Yy8W?5bvO*hHoM$PQxo4H=dpI$9F`a>K9 zHqnrW;yPp(w;#x{v|Uawml_!NFFu2qqELo(V0v78(9z@xzux5pDLS< z71xx2YH*-VjDT7-2`Cn{phg_1ca?xjI#4^G4za481QZKeP?c6X75@a=QCKs*IPu)7ALxQ$hkk`=}_| zEK!2?Poep2+)%2QfPgQ>B<5Eg-jKx@mg2dRWVu?BkWbf01324H;WRc}tkPm^Pv)6k5iV_-<)ds$p66}bOncsY*jxaopiML<@|m;qm?|P4 zlteoyS#&HjU2?&?Cz5oYJ@VUIgEr0aSd|2;LyB^ziYuV@5OlmAwA=g^NKJF{D&Yhs znCJN{lCKM|P8IXH?-HuwzR!lLn1IYvTAAWZH00<0+hYD{5y%=TKL)ecOJjSKQBG3r zN2pdjk41b%w-ZcbI|>Du{wvCwc@&;D|G)nrJv4;jr{xEM!f4eM*d+xhNhOsF0dm$p z0R=4#Z#^2wvZhA8RK~7Fn@AIAsg^3lzJQA>iXQ%SNHt=zJ8UsEe^KmOWq*Z3XXb)M zRk5{mN&qd2T_ekJ+nSU@q#ER3#el$bJ+*E7b?%{|szVB>+Fm3wUOOvy1j}RbWe%Y7 zgn5;mL`H!p2~fcbTZ%eQ-3r?Y_Tq1(gp+#1(k+y~2IVa@UN*In8RiZ*uYVwwg#S7| zI9Hsg{1{)wK7?Q;Mor9d;#W({v4~iUw%l%~8_z2(2mY-PYtxpy&y_o=v>Y^GMGp(x zayPnim0`KQ8swW+m$MshwqJd<%vs@beuXzT83xHgUT+(IHshj)3Uky-AqNx8vwW7x zkin~)41DhU3Ma$QKJD^b!hDc)#&0R%yzG};s=twsz=q|_ANScamzWG}-`u2a26O17 z=j@;!$3Ez0aJFO)NwtroTG4J4@`4eXKoY0NqUQQ1xknuM$7*R^fUA=}t*VN@~|axoTL>r(k3jD=>m}JU}STN6Nknv?d!w!P_7mS@6}MpgfWmS$u~G zZDdIbSj`3{AZrC*y&D6~Q4^X&u>iJ&-UvgObApBa`dcb-W~WoiJcx;`G$^>10F2K7 zO>+m82-^JYHmi*GCDuX0L*a3>%L#Ha$UTr)4{l3KWfxW~BUGTmwA}WECcqhF5P0)nlU%v+$qQI5r=C>nva2jaHd5GvM`5q zbJcIaIS^rkuDrjIj})lPegckh0babC6)j1w6QfaDnCvk+Z&_Yi&SRKADC94PaqO+PsH!`;g0VxNW3?D#NuQ1e@kF)n_<= zg7Uv(Zz0qoCxBP7&4s^-It&7T_-cv;*>9v98cora-&%msIYNifLQyf$QP<&@tZP-#M&>$j1Cjt7;AsjB^3Wgc|;IL?oi>n_GFiG z4uJB&z_-3n^~A`55%@Nf+#L8IdJv5HsM4%pe)~8IuAe%X>ZGd~OhwB^Bo8egrUA)`x(cQzksm8z~+QjpC#Qm zdO5fkxeG?#__dyliZbilqs;my2kKM~*M6Aw8}PR&v&v9)2kb#A??LD229f4_Z1Z44 zd+JHpnI2itTgU)EEDCXz8gTRoKFSnu^wEMf-L{i(G`$|S^>qUCa>7i&aRT@UkRpET zI!314Z{7?+G=ZbLN;ta9ypcU)-Fwh#DM#Odl#rvB5=97rH9QPmDgd5_X*d~2w+Z0Y zsOTlGk>@WxB?z|p&DQ|Iectb&*WE$>4`~)d4g=H-KB9hs^fA%Yk3;^72g917!?@i8 zTt%7=8%6;GJnA>pG4=%~Mr(b<|Kia*ZzgX1s6$B<1@w3SSvDiJsi&T`FR7L|EL5>U z1We29zKV*P3NsU}+AuOo&qZ--tgcv!IAWYXIEhX)>}*R&iZxA*wxzwHS#Ac9qv#Pe z1Q6%rvu&XQ>W?9>)Sp}feFTqSGib(r42iv(hv+nzwKY+3;r!PV%4@*Ps|Z-pDrNqD zYY#iE7qNuT9U>)R%T7a-Ds2dQLR5>T`RJuD!(U(i!YM!v%+gg&${}8MEL6~)eD*i8 z5Klr_6XC1yjtIce;)M7G7zS3W@tN(Vt!Hk9ZL1}Hy%y1zYt)>%DP=xNzZ+Py#Qw8a zDrOr11?Uw_Vm)}96jxib)c9VEQsks!6-A&mzMGKfr7tD`i}$6E0dGX{&>VmP{|(e| zSs!`<#RLh+2xm>&>mAi~<);Og{h6f4>~KH^BS82Ji%U&XXMfp#!9eAcxdYabr4x-- zN&9OwO}T;2z@V5W-4!I+PA=n0S9+3*Ai-xKA@*BJj^BX*r3QOI#QQ*(zHjTkQ8lr< z=ORmcn4bc{dp4QvJerin(a8KF&YFsO+ZN$OPgXA7lav38dNBAHjo+B18H@J5G%I1L zpt{^%YNr;eEKoV8&j#ON#(g^#!@R@nA)|95<|A7y^!ERwVht z?0X1SWK_P@a=tR2f+5+MvRFi8)*6!~Ib{hRjd!r|{Stp6AwCA%;RuRlz_>ri$+C;i zoP?S2D1!ZM^>&iU$x~@hP-8^TJwqTj|Jm~a_fguJ>%Ku%ng?dad=hpCCKzy|2u@ZH z#A{HvG}wPae=K|~d@;cY;RV~-AL5Ht7x`}YTJwTKK907^<-f`&5XSro;u}>V z#lrSpqrTqT?`$DR5}s5Z!&xL7za7tv;qWZta?~{leSa+@#F)@snflvDGKp7XYcH@V zJ(uF4yvWz22&pDe_)uQtOesR8g@_{9N0&$d-K!mmSLyA`$(CxU?;`!hRVwBE)$zwb z;4Be+I#dx?yanYbhY@21f{&TA!hOct3H#d$KhO^tk_S*+Fma7d;1}wWQS%VNT6dAO z^E)=I`UmY;eI4R|Gp-Tgg+|k{+05Tnd@mcnlJBcQlhK@4U7wRScO#e#iNof-Pz6Xq zE;bA|&v#s#mHWhp%(c>1qL7i}5BPq$ZTo8B8JyslBL2Yg51hai?jU8!c-Z_7CD26u ziF_LiC6Q0FrE&@V>Z1F@`T+{Vc$WW2PqLzwcs&n0t`bT^{a!+=LOU!v{t6lqjH z>$e!jxRd-6N2a6xC33UO0G$W3ex?1 zCBVaYpt$r$PK;0?icA;+?FNAo;%mPoVgRP|fccX=i{oHe@crylJbVS4UN#%bLPnjv z8>JV{qroT>;+KBEmzUJCJ+uqZ`u$#RkBfa%Z!D`3KZy|;Hg995k`sOF|4{h--u?II z#9xQ~IYsCm>Cbm}y8bX{ivH+$xH%=_8FYGN2jOCQp_*0MJsiu({y+`rt@3>`{sM1J z!jJ!KdF4-jzw~PD33Rv{j}U)r0D-1}52pF3(o|HKo1YQ+0M?#uzM^F!@Yo+WA4bj9 z%%`A%XU_j${T`~sPs+l#fOQ+VsHFxNL&LSym`i1(^?Rsu@GSgP_C3_r3!{@SoFCf1 zsQx}KplNh~)!q|YM80Rhchtq0PDOu^3bqBmU(RW5HeKmV@IYez{(|uS^T>Ei`F&)} z;YfSo_;CCvLcpApjo<5n2i`5?&$>Wec2FM`g@vrqtkw3X;GSjgU|XbNYO= zfXPXg?2Zka-^&YzP%P>?6<<%EUphP``)!W@@I9X|$owvtpAd+UFse_J<==x*d55MT z1}N`d()vS`cmI%Q2qdxfAfGz|EC)e?zUf>Df z@_OV$IlnpnP<|aXPjKxv#dtr-{!P$tA^sR^Lvf~pd0e3Cc)p;UH_~$j8nMVq*Ml6N3G!Fl zno9moO8@flf30_SUOj9dgM-B;Z}!Zdu~cQy+rKtJ23_*OC^18O%JCcLKIgr78o=*w z!#0>D>{Ro^ENFFQLU?ON;v5y*4LCCBrNKQ?)!5(Rh+~^eQv8-`a|BD$=Dg|=Z+BGIuXQGrlC4mL#4LdUg!TnvWtwxhN}pqvmVOjWn=X280cKrmX3l zyvOGPL25WNqs&6P-g@4*#(izm=4b zFawq~r`;Rf4lCDBpubrK57B<+vwlB#>iKSjfA^Db?E_4faJ(YpulxzUudMI%T`)hu zA9MGse}0USorr&3#J(sPnU5k8oKYwe1wx=AIekfO5&^srA*1FCB%#QX#OOVZc$xQD z@+CwRa5n@3rV0ivEzOcldXrZ@SjT|!K!|*L8Fg9p%~5to^R?4vl1?uiq=b!Rthyha&8z(78U{LViEYmu z8nlJAd_N{lwYnicr5%ReEB8Oh`0g&FhvN^`N6^#Fqvo$cnb)?TpkM6w4!Oq0Q6i12 zF?3yG?oW%Q;CO(mnAf4xu|`^%+cXm*!|t{hWIxu@ao9Yk1u_10o5>sI2d<{U!{l2f z!Vwekb^YV~n?hfM=%GDE{s1i|(>La3G#(k9G7aM9Q*B^xmFo|chx8PN^E2c}Si?Eu z5vZgIV!&I?9hKV)I3e zu@GWue-z%R!lN{m8Ax$SVhC*TOQ0G;+(Y`l*7&>j9KAm6IPGDEaJY%hXan|CsKpc8a)Yz*@(tqU z&r6PD*B7w2CNqfI#Vh$iX0`hqwng7{2Vk(WN7%o2g(yRi>pHLQlK?r&Xiph z2uM#(eA9zGWcDHv5iRw3(MuhPe6X$gLFtSLpKdrP3uXp30@PsZQ6&ZkqS-~DxcZmk z#h}-cquH$UBC<89Lwhl3zRlp`Jb){D=2&V;PWG!3Hc5K#CA!R;gBCZq7Q4WD8~?drLS=$vr;7VS^Y`Q6v6rt~+OdH&V)~x6+t*$_qeCLbZ93 zvGi7WP3C{73FI-nBKx(6zdkUTJ=}!)wom+p^wwo_kHeSZJZC;HA^ma|36qa9zTe1t z#>#v1Ir2Y^VEtV1u;KN38Qd3-$nQ+z33~Q+EH3Z%B1RTawG+BGnUgl`W3%mrLDYd`rg8q95^wsl! zpaYbaMge|6F~)s9(gHLmT*j$^T5)kQ426j4_A|8}2*5*YB0UODuH#*{Gz!H#L|4G= zzonLZ~pge9-v@K?(`<(4VP(1_bmog0+B#K#B5aO$om&AqpaN zoV+DHO6Qzi*`ROe2i#VVD@D*zPy(a$9lSg2>eyIBUPR=9IYipZ)t0tbJ4t(NXVk3H zcF+bcgoQP6N~9f3PNA2>Rpz_MhSKqM`C{8rI9G`5SWp@Jwj5>8mEp_sli1fx)4C8R zxO&*t4F$wRf6wc--xYSLv?u;E^8C3ja|j(LIp(Dd>$??#`seoyP5* zvvAA;o({%S0LqZLUyQEwN@qt&zAvW(5kIcU&239P8V~EtVl^IefUsI>0KUB^o7ssf z;On;nuZ^1B*&=l5H>=nTi=4$GiXNkD*O|+u4rETYHG@Fv<)~m6`>Dtb}P^4sAwHFA6I-Sk%qAd zosD_qjMG6g#~JjPjJ#MWb$_jyhqORmp34EG*&|zIT;2lku=$k?0>qpIy^$Wna*`bL zV;E@|?`rvxksK@bqh9eQtvqP>F$=O9KZ&ifuwYJ&HhO;0sJPmWwXKRz?}Cz+MKBKA zFSkaU24w8}Q^?awx3}m<3k*r-TxQ~bMG;3Pg=Xe{L+t39DeDDN#xMeLPI}enYeu?I z75u$UKKZ71t4Di-Gr*(`#25mnfEimexFU$_10*3C z9~(xzs5w;<&=5UFxUgBaRhATp-KF8EQJKDl zmqNkV<#!Cg>tzm^0RI}`I)(~k=A-n7q7fCVu79;IAHT-jC}p?+BQn^(W*K`I-L389E1mDrcqQ5d!Sn_qrLjxK+|1(`s_6>mt+KYK zxCHC`Kn`lyU?$$533lU@ld~NXsZ>rM((?$;_X+$H^4BTMpP(Ow1{m6!`A~bdE*=$NNxk4A6P`9Z`2m zAkR>rQwECL!+ohDXvLTt*6~0^5w6yABD8aoStD3V=F`OSe{FseSq3E%4o1`-dR_HV zc>@26ZE+CjpggSk|3myD@aux{#2m)6-uKJ#(xC&t$($^ho5dPsC_A`~rvlnF%otS~ zgdJ%w86zjm%d|~|e)J%0v#3)rZV| z;&P@NVZhY~+fG)$Hl%-Ket*-tTCIs!Hn~Imah?k18Lwgd!CZMVl|#PocJBOMiVUTGR`-S5n5%p- zR{TG-0qiy{cXz!sKh2P|MH^AH_#H7D(!@qx1?fR~PwC}Jz zX$=Dhp-Ai(@dHz1aO)f)X<2C_)qkX=6vY1A;sI(Ev-hs}+L2NaK(ZSIocefXM?J&z zu}+b4ILFe%LC0lU{E-lVCWR;oekY+tKbDZ~lJe;d{J~dt<*j!;e#|99!C@3F<)@i0 zs+ONmkUFvSfQT$@(2|0k6Age96ar9h0?DDH%DCoipj~{{v5DoC2;p#kaD`B(m((#| zx{)&_9S_Hg&M-f#q+5C*%$MxxD8CP%{fo8Vr#&XgB}!xMPc%WR%TPe`y7PxskS1Bp z>XcDhaej4jLDi!=ku8I{Ve=7R;ZFhq=gI}Qjrs$Qh0ICM5Ans6bTyMJp!WSv$@FHS zb)7rOYOEq)4HWHw4U=->^GmOjN85d6C4q5y#gR*UE!RMS+mrSOJ72 zUb6VFSZQ0b%M6-y>KJWTsG=PXSV0(9H?(@0U=BYQ{DQJhtb}5z_!P+$zTd=m)=xu_RTNii14>LtvF|b) zuAa!qq*~?%%R!q_Hdb)eV4#X(AX^rfPdq2xbVmQ};Ps0=1}(E@E42ofxf*>_x&D=L zXK#QvXa_LHHKLD>mZ73b8F2AhwNvUdqEzB@r<6z4gAj_12?>%A@{*ZQ@Uu+kb|%1N zOXZI=8F`V#vI;C!e4)Nmf0D&d?3E$&!>0wp5M-b+R~7IgB%UGEg)Y9rJ}46K^?z#@ z%81oY*B)$%HFDEJ-h4*y2mlOehRtu8a$`K@mtpoXls;1>}_M8%#ulxX8>Zf6grbzuN{QXWzb@x)tmu6c>`?z;& zeh5DX;7TIb;=Go34{8=KDXCOfQt9(rNfJr=EIx$Lp=s=txsqcN?ck8{BT3v?zn3EU zSp2c&%zx4fsLX*HU5Myk4?@#A=mPBZ=J_|2!jo$rO!YHisvi0?2{9$yg%7nv8U)JX zQ!A^)r|Eiq7ff&Fc-grqW5p9@Nw&91>hzMebr1aosko8lAbFS$cx^DXYVc^Punt8J zsTkL=|y0a~S(91FL0TnlP?=`Z1L@ix|-kjx$#uLgC$C9st>v&|dKE{GzF zE0-)7jSaF*y1gX5#-`VpyTf!d#%JgXN5B3`(BCMClA$kE;U!u*t2>fOA;Bm!PO!@_pyjd-?2-?3gc9oJm zOp~o|2JTQWh?v85Z*rSY__b2&`sK!J3l!pNtneGE5$tdZYRFeh?l9o06mu?n47bSF$@ps1)l6NhG{~`d}7GXOV0TroUdeGZI{te z$PZbg>+VRuK`n6ro4X!nL3fklY67?O@^Sk8Tzi*;!CJe_GeF(WNsGwk;4s`TGZ1Fb zi40#g*`^yP+v17}8TS;OWYUi);~rj;9y0DfUs`FLAx(e2h6C33yjYWbQy1xXxuA61}f z>y$?S`~3Vh*YrQf&sT_mex3Y$)j_Y5pPzbYDt^|>5*^zrKgY-o7_qh? z5g?Ze<5X@sZmtUi@{!x7V&JocDs0V4($XSI zQKnrRCWajQRhwvXVw~xYJK1tbGOT4bV9w(!(|Muz5|XnB=`VlUi) z>ck;A6DKVq%vvFAS;4zt6?s_|(ycpoMA`mV`TV6?v&M$CuiSlW{~ze1KXQ2$N{ZKOUrlEz? zY<`GMXN;9i>Bw~cn23nU?5itYA&63a^i7PtWgM5GlloI(Mr2Yqa5<=q8roM6>DqLH zef9H_^l*0H9Hz_nL8AI-kLEdjw3@G+;BQ7K$>bCK6%?7Mk1nEQhzyCF<~8PHzbu{N zN6p|Uluz-z%!$`9xo*2^fOplZun{q=hpoHG6OaF`f!_&qk!)KY^+%q?*m`GNkrj^)VS zjK`duz2C|lx@Q7h%-1m&0&2U3gX*ug`$bADmsOQ69(sl3P<2x(t0z;@<#Q>&TKmde zBq|ThavcgQZi&1@o6zG&)7F?Xf}~N^Bv>g&_6MPT?0SUfuiwnVGC^E>rTHgLoiFhw z6Z7i=_&l%sgdoF-#IT!p>v)WsIEI?|%M#Y!udtm(!Mw1~ER7q{NA6(3gZRjOAgK5R zsFp5$Q+U6EwioC`%=_u2v^W`nz&;sy8eSkxkuMQX!&mt(P@R9#-JjSDa@rj~AEfpY zUD)~nX%ZWh)ZFrxZQC5+;TiFZaz6yW!a#KjGlBPHqR>!sL1H-8p3<&&nS^4OLA@cf zJVzmzSceK@=3L1k0oFSLtOw+ED4CHjX-TTh0$dGy7?QegLtV}GbR{p*Soj|4-GWOU zv*jifVkSPmHCx+&k}O(#Ow*cI#$Q)FZ1jBfRQ{Z^b#McJ&R^NDDf~GT<8!byhETQZ zVyagOqrOV_ped*^Gz=N#_qlIs3NYjBAq|n(0l$~~i=+6fEriN4kisG4H~IeY zRQM8Jz-yRu5^SciQC!sHlmwVI^y5fA><}1cZhn>VtLy=QR3Q$A@!C-?<@cDU!pFr= zQJ-->m&aq<{zDB$ZNtz%5#-Z=u7!fm~FAqF#BaUR={Jd!LK>%S2P~&{elM=YN!*lp!jIUXy=nv7yO!lKs1)&UG%4Q3U-8+h>13Hu-mSw8K_jPVDdg$K(J1@qw>BAEDPG^5LH=Kat-5T>a>H zKS@iZY`mlLfc(aIINoZnv)-x#)rDq(q)!?TS4&nB7YyuOWvjC7qO$qLw&3ov=eZ}| zHzf0q`g}g8Ah&MJk^K(+{hX(a^q1!qr-ZM4b@$g;|G!;$S@*x)FDsMhkOwwCZVG+M z`7jEbBx1+Vrv;;E!J?X2y9UW3SoBx;io32>Ad7emB61(qqZ{oAKuC4sSuM$*>-d4N zw7LI0qcpKoN9E6?`dUMI^$U!D|8gi}BL1)_zpoi- zg7vw`!{^`97sAi7)Eo6T@?jagiSmvy?&T9sWsv>kZqUFB*t-%rYP7|8Tj&R?5v7I> z!87RfHX+Y^xrzc`%jK6epu6xFELm=Uo8&i@Uyb6cS$qkKTZ`SohDGaLy@A!%qt3#!pB4lTC`d+sa!r4mJZ0m=%S$KugH369>#bwG15nSlpr!C7D`s=KB9U4w z>>{-U{6Je1EJ}R-aR`4a@^QF4a5HfWqD0eQz?0~YST%#LWH%nwE&TLcJUh+z25e_z zk1czAB!4BIeM#|>GmFO(nB9gO=9l~ibipi36G`|U6R57b4sy-SE&~Tg8I!z6a5~2O zi}z}F=H*^;Wzx?m3H#S`E8EjI+L-U&-0y)i7_{6KyDXT$0w;T+H;X0Qh<1xSlqd?cIPjOdq7AVf zXteov9GJzgh6BS?GaVh$fhkOAb-sC1(3#;dx0BBk2BwA3=A0i64B=s5B>fH3!hw;5 zoj;O+5fr+BQ*>ZH#3f#Is!TF40_4UBkdLxsA3;sMw0Y;T8V!o?(u9bo`3%9qPfW>7 zdl%)GOl*Ei%5jutXPM+ZjH_tPp7#V&#SNsC@sbVN+UJATdO|q*l}rSOy4D84o!VM= zSgKdEvrN*~)=X?o%6Q4;$rbUH_drZkBwu=#8b1$@3Az%Cj~PEep(_OLuw@eVgPO1( zM2#RpDoP7Is7Co?JV3Aq1AEzx=n$C82p(Zr9OOD6i09RO{saaV&!P>M%QI}4qmdQ0 z))xoshq$gE-8w(sfaPvMgTU<7v<35*g#-^JJ$4M+*xEjMJgX}KXY z6qaj3xj`*AL*^q+e?BYOK&u5Qc8n2UqYB5YP$*cZi6Ja{xSuJ-eLwInsDR%pKD6j>H|oQPvNWKqzKLgKEyz*1VpG znXjM?sist8*{wlRikugjrBY)KBv>({ln>DACaU>F50W{aJwTg2zJmFM^nuYD>m)i5 z{X_v=i@?my%=FpEOv!*|Oiir~ffZl~K0=wE;%&r-6@S2r5r^Kex%P8Y@gqzV-hIQd z09rJ`n@0x{d+@!AF~}r*e*MTf^}qs3`Rj1kTH0D3!gpLWcxxEHT~g@FK_PeH4KwOD zNLbw6N*22GhW&Zwvnb1fxz!HLt--)xy0FdezDo|S$A$ixLG$o=PCE4vA^t;~h2puk zq#K7JFR|UM`N1^ZTqX=%^`pTVeQTjb@y+?gnVh*Yg!gYVBJc#TF50Wux#C+vRM4YR z@9>&on=@}k6H0u!S%=QsQ!b0r*x9>Hlh9XpknJrGz_9N-K#c#)iLXG0^XiKp{I5u! znHY7KL9ke-D^|f`?`JV+@Cn71PS*~Z-@c4u5=zXk$$Qw)__uvjG?+uM_H z#bulT0OOxGv+ow$DQRe3P@N3Hjr@m?f@mWSjljVUWRrNm2hGPni-FYf3-CyTtzV^ z)mtTZ-@78YXCpV&x&sF+WYG+^_v?4)SqK^5_M=b$sKP9kEbl>>US8u4e5)y6l>xC4 ztqLYYF6c3zjlc9sibULM1Uj38Kc!28Z=hg07i;G?I(5YKW6TEqs3U^-kI&|^nA~ag z+p@IW%S`^({Y;)~+e5#n$J+lBNo-xHAlyhY!M>6BMbdWwk<}DhIEe%BltSrdTZuUG z=GX54&46IbLx@=aU<(T8NFK&h98Z2?*BpGwN4_1@{x&U$X{Di*qM5mLN@6vLrp#q; zImk{=o)tO*V<7z`f_@GDlGfhC_#m6tOoDo|$Wz_s*Pq}gi>hL2#2x__QhpEo4oN_; zVT$1OZYgkplM6z6^9%$6`#@IYk$gs$M->;TlFCt{<%-wAYSB@zl_ttZJv{@-^1XE| z?slYFhwN>4uKTzXUaF_hM7dP!E@VfDAt3@$Vlcs6@~)nm>-u zbZcsdny}0@BEaoXBS6Ach9)fxuo27)1Lp>ID9TETfK~+q2C*X5~BBMXgGqV@<7o zCUe$iar`3N+-=&B5Kv9F+K^)&l-fFk8u})I82QAVwQLV7zYRE6DwB;tCp-lM#lHgo zxfhq}pPgI*0m{X6<)dCbzL(d=6|`S}d#b+{GeFjCM++nk@W@L(AkhvPLqHUDC*Y<4)RfY1n}{fA&o1*UJ{V4Rv5hFlGB2mM&vv<9pB-r zyO?T|73O1bOVA<={s4mwA8vit98 za~%ZnWv?dpVRd6`LzFS~JD`AVsEkKc86#W^iKsLUm5Oh+Z;@jD85#2~<{=9cd_=V7 zNb!dx@Pr)!=g(_!Mxoa@BB7FKRgCU<6MhT%#7=?M2;>q4zka6`X**SM6C6F-b4LhK%*hi>8Pm1YC-1HP18JtVEU zAJGXsD7t9GthxjhRca2IEAgW1f|NNZcJ(_|0_AYk?k{U#DU272$0DhCl%&I$doRQm zHtr|uQ<1C)jE2maQx}qf_$m;5+6UYg&JvoG`ok{u}d|( zhw5LoyHZy*FbQZiupqLIy_*7C*<~WOHv`+_5=K9zIb^OO^1$G3Vo>Y4^#1)oLYayp zju(?#8lsysp}dNo7lZ${It0yo%?Z}Jnf z{X~u9dW3zj7mLB_%k(lgvOmTMz4=?$H%EX_jb z&F7FE^rqG#whtexZWq3OyOzfNeQ2b3xV*91`XPUY$Iqz3+}dt37YmE$05@lD#tSU$ z`a8v1`XE5si7pB4H1>jo+$&P(hkV~L^OB(0|TJDpX|qcbLxv~vPgI7(pUpi0{yfE(6iEs;em?E zRBMeB222(F_482io649l;v@Pq!jF(&U>1xXJ{Xl6mA_g zsvA=cNF|BX6GZAUGz2Zl1akus6r>s=Nb$Mvej@d$2vP)O(yZW+xe7XU~;ILtBK@} z>t%5#4221Y239wipK)&wt@-hp{ieoCUnB73ea<-66*yUq6kq;&>2^Hl(`^Kge=z6| zj-}srMXl<;PTX&pNq-Zy=H+a?O!{qj zjkO=fh7!ACo5sx7*Nu;Ba))HH&Xp+CA%EpY$c`+5;9{rPrfpPPvm$8LYTI%$+u?)0 zhduSP>}l#RRWr4-stmD1K$5)%105PB&drqG}agxQXT5J>A zyBkY=g^B|(D7;S^g`N=7Nzxm*Ds{OeSy^ta%Z+r@?<6quFMG%;+I`DvA)D5s1ljb_ zQ!JY@LD;lYn9}Q9%>-Y6yjf7=0b_y(xT2x>6K6Z8tEv9*g!31e4(fE23iJVa_@-nv zNHgEeK-VF4B|^m6qgtN8agtl^va!YsT~qVTzp#q9spgw=X403P809^63MO>P2l{>@ zymqx9=#4tl90+(aiLG6ssofxmreY8+irf?*h6F8%A6qlBnyNe6Mf*t(8a&$o#$H^8 zwyJT~5OG;MEBr zKKC8`CdjoamK6!i4MUgD=e|1T?|RPVb6?Hn=kV;7i*G!UH13scH*df^{^jYaG_%}% zbrtyB_dWvr4ghLuws#n*=D!46>7MRASLzKR>K@Ee7kTOJ_zP_#71p3a@di*jpC%iT z<|(-t2Y$&$4uG$pIYF=1^cR@0qLT%&daL3I+B|57!~---)ESnf$Qs1GEwmhcfy?!f zJQTlAyUC$+L|yWHsK9E!p~g?nGCj|uvhX^mhGoq(p8>9*p~Pt)$hetBHsAbfPN|~`A=fh1 z>_oy8^Cn3)zw?>03J(zi6g;{Y?lBhOLn%oBj|=$kv9wAajtJx%gZH2KZ=@c|Dtz0< zw>R)jg)3<%KI>uglMAA}7wosWc%(=?AvZw0`xkrt=Chc`?xJPL*ibk|*K-m13^@%u z8Q)hHYt(ztoHR9nfL|umNBi|De8f9z+2BigTvy{?znyy_X@pV=4$``Yl2~@XlzerLH3OJ^A`cNAeh^ zbi|L1ZF(&A94)KVvz3eS@qk6CLZx~CR1LWOt-4UTAx_;5>pj;L3?nh5*k=1o@J!sKK%Sf$^B$$)O4?7wPRMrz=F*vtsZ zN)pOm^&OOT!ben=Cvjn$mmCNgbkmcRYm#6-#*crBC|eD1R+LEuLf>T+Kc}IrrrL|( zmdV#b@j)f>J4F0k`Ebzk$hw7cr}Xl;*{D-|KZ~II`{Kt!3_syIbE?=4=_c2iBds0b zYZA?II;!#_o$-LDyU~Cw@3RibZrB2`zBqO`u*e9DV+?F@B3t~hE8b&^&!Nue8sVb$ zh}R*k4}op#SJa|Db*AD0D!L3j34Qd>ukk8l)GX$X1Ov(#eNx_`7d2_W-J<3YAa#N# ze0}@t)pA#QnwAba^(_Pv1g@a}n@*ttJ94#9%Q{;uH_tb>V7!7>xVfYXQxgF;&I$l zJzi1#C~>q_W(o64@gq>YxD-V!Xxrgx6$Qz;Uo~bO685Vr zYqnCVh+!zY{jg>3zOUeZ@KFiT#U~=<6X5g-aU%~tUO-Rm!0sF54X$U$3V8-FlBwH5 zN#!>q7DT*PgQnvt=^yK)#!!+LBTMEJTV)!(S1Qy4?pGU3FWA9$j4j0*&|({r-xmk7 zw9^xaH{{GW-#$kiiP>+!3YIFmH>>wA6r&|)V>*JKS-H3f5WrJ>v?ZAUgwYB%%H-O7 zYygrrAD6)Ae#W`sysK9zEcO z`|c^oBnQ=10-jkNOCKW`ao2(lqj4YilP9aABs+w_SOug*Tt!KhJGIK4WmSezGN0JM z%zWZ@yugupyErnlw-E?BFUb3Ke&g-t54?z9Itur@>!@C&z+KH$>w0vtR_f8=zrm}& z-mkx2n+&@ANzGpmTfZQe7KxCBEduY&hFA34WPajy?pDr3BCx|u9WNe^XC2SP?XvfC zdl6AEakLM?aV4lh>B2dI4%WbpOr|N0$pGthTmU^#2`ge?HTwx5 zbwI{^LOdc_KC86j)epU^nY9!^EpJML_?8uMSl5vdT(0X#JjM5KV_a%sxnM678#3abO?vmI&=|q&1cYYHl|{c zj0Upfdu&0`*^#1rwnb%Xg}8iCD(YBS(rkKBN%Lk0pd-ykkTHD;e)lE1A)IuxXEOTK z3dH&z+n(!5<_f}hJ)y!~>$*C$Yyd{;I05*gra>CSSC?Hv#*l^jo_+CYAR@Njh(Det=?SU= zjUKh4ZJ?sC<$WuGm|3^)K+0GETW6USn964!{)V&+wobtEJ;r-D5NT-HhvwmySw7w} zG;)?D1m5vY3gmUEP%r6;@St5RcjLNeLbj;@f))<@Q#q002d#n+?60=}1si6kuQ88>J z?0~#}pD7?ALz}e)>@32uPX~QAu=f(ebMTtX?4ygkqt)$)g=jbw6kO?ip{9rjcvW1nB|{F z1sBdHJu-iV9hd3vuH=WlG&{`^#iW^rFC}SGhh(rDTLu#MG7s}o(Yv=&d@NGjZk;RK zdjXdsSCr);(v^E*D-CnX3Re##He-|}-sw$9+n2Z(rM2K@SI`atLVe6b*wN&qaM$=a{94Aj z0dy~_c7!DVLYN2u%ViMtZkCdP+d?2hq4vANwzPq>B>}-SIF{s?U^c<}8}%IsoivCj z1%4sv5psvD&=Hm6RU?=ShDY&2hhuJs;5c942*|ht`5(;kH%gWeUvezqHuL2WaGLUfZ7#Y0-1T(4kPENG4(Q`6>pPO@nQ#ErV-%Jx0YaHsY z;6-Vg=A*W26No}E_TQd}$uey~$LP~2jNYvb;AJHR_kBvnMlMq`x-p{k1Y=5nzKoHU z28(ZF6B9Vc4d?0P5Zkpk!oVng3B{$NFGC@FE2MRCmBYb}HnKpQF(&_m3u-%{x1eP& z@p8z!F5>|*pKa=n8GMGT?etx!Zq0y#spT7ItDkron~2CKP+W^V!R|N7Q)bpqc{Vv;a=0Mo092MZDs`ASR3Whne1v%il zZuHYGIl9dlzM~*SvI2rq%{)F(Dm6GMO`l6d&qbVORRm@`WzJ^nyUmZ`Iuc-*scdCH z0+XRpME;tYSb37Ce(LDok>(?jeK(Mmn!0v49u0zG6~$|yD(#SCC7QUscyoEe8YI~D zhnNX52?_>5OdpRIm?wsuu!BETleW4fT^t0B9ZgU=$tl&nERe27g8Xt3oEHq^z@qPR4?T!EX7HvGzi_~Munwf68zsyQR!5qTfpo#hR1}W~UIXcIq{E}i*@{F+S9wBKEK5g-Wj)&$zmvJ<1$#lZmu|$B`H@emZpU;aui_gJCLBrR+2#!kv=lDsaoI;V%iJ4J-Mq~ zK2RsPsS*-_Mf8j0vVGEVOcfyoeYCbHxk-xhq4<4~UofVBieL^5ukxwD2O0&F8GHq* zX|E-oFHgdYHvqLL)7*!hKpp><2+8;y;YGpa;#L)0U}lc+5w=SJ~SU=X1_rLcZ(&kZ2!#oPe$B|3n_ zlml2$J*@+H_L<=TvI3L`hbTIL#F}53kv)eU@g5X0ht;AmfMCe6@s!;-$i$JYkV$qgX7sbuB+py~2@y=I zNoFoJSgBkD2r#FkXG9z7MHdi4Ptp>;1f;wD(OS|M_64qwgBt)L@A-t0 zj?msn?3DnGn_l``a>Xc?ej```7<25VN`~iSQ?%AcM8*t8p4LX2ijH56j30oR1@Ox` zi^Ywv#m9O@ZL~||{y&?K54ubRKY~BV2To}NR$PtTD zsbVB`GHs@Brv#-E@fMXMRjNcK5Go1NTAKk2OaUdFQ(=G#d!)(;Sb`S&JiO{FL!RYCxFGua6TvBgF&% zlJqM{P>5b4f&*HfOUt@MKlV#%KU2<+d;eq0Rc<` zmn_gh-(#LTn~k9)JFBI;%q6soye*OEA~1^Rk)?4T|8BEwVIKMF#}8H9RH&bA!7qt5 zTis%pld`6jIdJ5O?*fS@_M6k1D)mFc@r&~N`}3td7*w4<|6+caKL=5ed^xcEX)L2h z0e7L-vzmE#E9;XUxZ4NOpM8}cC;*{+1i;;E_L}m^3j`gCX@HN@4~R0#6?l@_LH*?H zgOv~JmyZd6NPmLyCIIxB#^`v{u|oMm=dgWJ?`5>_t%vA^e&Rl)kB|iTxF#eV)$x(? zPs*$xn@$o3rxQmwX=<;;AMMM2(a9i`_)YeF0XBzD1{H_A1xKX+F7GxSVSYrQWh1~J z|3VKtU)*rkE^k8T z)a>-}cuz2vY?M6S-2`36*FopQJj|bPGY(Eok8fopH2#cTfbv&1!a6Z*kFb9(oE7k2 z?^{wFWwE2M7$>hVbaZbuWDD(2GkI)W#$4PUD$}%$obdza*gbXi$m2{~RDPNMipa0I z10g4+;TLG zCFX7M7cizYyo?YpaZV=^bYhEqv0l`x>R48o9?!-)7S}O|{UWOUjA-eZ+u>O1yZ9yO z%6t_~qi1pBEoj0R$x3@u)|vGai0zPB&iA(6T_@T2rZic zh)wTPI?fs$#M2Vq1;P@Y0!%=&xQT_3&acIRQpB!Wa%`#0?Giv<&U`?fcYAYgF~`b-9e#q3=AHlfq|vjoA~DSW&$w)8{%3A4ewNIG?A9|Ug|J3wuKOLwT; zb`&4P$V7$=N?%RfEs2n9IoA(;GXt)cuW!x;RA?kzzyduchh6}cfgGBf(pr4jBf|leepeMQNzeZ8+nGD00Uhp4ZNpQg( zss)$YLm0h2VrUM;{8k1z)8yPv9TmX{qg04;@ecxUD2ezD|3LBBH$rv5L*`cspk6%e zT2b^i@vyCKkin10F5cUFl+dH&zO>N|7Mvesp&cwF<9=>v9PwL(K$gJYFWsv;0{+ab z$^rX&m>@p#ugc339J8&Vw)kDqrSQnjqQIJs9J%}U1|yfLW)l)%f(HM{k$d-DWx0qhLXs5V-^Od%AlZ3+7^Zo#;Ysel9NQ1)VAxxtD(K-N}A z2jK~*6O>spL70oN*ath~kHu|($+0K{4ug%|Oe7bzLQDTqo1@?$f``@k-$?@Uz2;UB zx}WsMiYDnd6;#FUV0@wsLh}5AR_K8!7Yaf<5o!>xjWAM z5J|}qT!}*Bq0iD5mZ3vMR-j2V&!lwfc4lPy_{Z#q455{xA;CX3Rm4p;s^BdpE45iD zz(%i5R+wb5=Fr33ej+=+TGrfPXY8CCb+Feuzhb_Py}`B?(AyCZ0)FW}i8TBKc>P$u zMhd8i6r9V^q)8i^8*wP;Q2c)w&j3v(z@cUuUlOu_TGL=Sn3Z4_{$jEiUGVnj2Qt@Y zyC4vn##Hha7ZeG0yZG~;MwyR_zb+vR_|IqpdaeN1vSeQ15AoTpzYX5oK5CtQ^s$6N zo<$YBmvjz_!_u2;X3M>E$i?yOHLW;+%l{A#8=jqs=gl*mwIgQIi8EAO?mI#14VeR& zp3K&x$=2u$C!jCd#X(sA=AJ5{yYPGnDwJ^@`1k+%IANE^CxZOn&#IO$^pW|YOi_$P z#OiR!K|_62?}^&9Nh7CfEiu#ES>f9wg&WLgWL=LVk+X=zBt1PvwhzTiBqHcNJ^orO zBYqT{kXujYl!oeVz7zjpd~)uIpPl@P(i{WvQgOW-0EDgEDwVUL_<_5xS9!~^4v7VS z#c>-)4wB245oKwa77Ah$&MufUm@P6>A#Zm4XzO7HTX{sjjpt$b7>Vg&evKhr!?QKg zsMmxJbN2jN`ox8 z^Vt*qB#1o)6;tt0Jk6IEIUXo$&6TN6;b93PF@NE-z|-X!ls(VakFp(K(z4??GZb%~7K z0&i;k78GGo4GeO+LpcZ2%Tq1~t!>obXOI{h%{|AjIXj*Bt0Cp-0|4u4K)F>B9yah)HAq$eO48AEZ*&hMy_% z=KC&7LtyrDE4-iW(lL`YvoPXj)43%;Y%$Z&5S0Jg!kAgLS#t^t%PkZxzKs3>*MMG; z`_x4Nfqyb4Arcsu)8i)AaUy%k<;XAd!v+`Nm2MZ2qIE*^D&$#$4#qdl5EDOds{QY&h|97bVsP742 zEc)ebeGwkmTkI?!E~B572in7FW)XWGl?R&-`@o%nni;0QpATY|43>dGOpuJm)ybb$ zipHaC|1sURFrB>n@T#^~PM;7xgq}-PVj$2CUTYxFcA*cqAnH=wGL^+%a~Y=uddp40 zT&F*>kcpDH{z3Y-ZEB`*0PY*pCA4FtU~~ zut65zW{w+1Mu8jt;-JG9L3IT}!xJyWmW%^Ak)1Om>&EEErR2P5GKNaw0Ix09%2`Z= zHc9g`Uk|Nv;XoT{J8W5`#pdV*}K}@l^n~ zXwH~EuNl3AxR<>bdN_q6JtQXjMeWaPyq< zy<}vc73T*qC{OxuAb@nsL=fxExrkH{2bR(IH-XPV3{qN??&GiWthi(SK+vGWISq5r zQ&lcXCaW5TvIlY4gQ%GMSybF4V@Eg!3^#Z1WbWsg>6^5D?r`%r=kK9Cb2XvE;E6qh zlWRW9$A0Mf>8htO2Y!eN^u!9b35q@e!{=kw{-01CbO2BleSo!B7RAsF%Ugr+i~SwV zKK8>%@xRl<9QXYfzy2=T52Y{dcUWKOq3V)ZdW5)odGhHy#8+=qqtj19;=WZ$RAxV< z9crrLZ-xDX=ly<%1-3$8a(t=3D>QQU%Fve~?2Ng9JCt?GF>F2({K%S%{U2pC zFPQiGS)ln;|3?|kjoGH`0GWg7$E6=Boa60G~RP^O600xYhIx1Vv4mmT!ns3wj zg9>}8^dT>8cneUub5u!oOfE0X~L}tmc-D7-ye$4*z<^PvGAm-y!(Rb_ITeFt2zhFCM5vcWlb{D(9a&r^oeN5#+uE@cRb&4)Nok z2>T1aWkF^Xe(xNA(5p&3Li;i%+rN4D^!VaR!UwM0=ZKVBoz`s{x4YjYv_OYWW zP_Z(%hJh)W7C@0XiMtwa!PKpT^rp?Pe2<+G%94Or?yWtE3}15)bp`!Q7w) zMw1uumn!X3lZ>ALzhRRk9P9H~BVo)6O$5@k91Z4pZLEpDZ^%C@r)T-^Fg?oc;YStZ zX!cO&Cl&hqt@ZY$$U;TDfdsB5hR`xHzXZm~LgO84{jC0zX z-zsS#h)o< zbH9-c&gS%;5wJFo8aeX~WH^TCgv7(Ua}N0^Sb15CzD+Hu)pR}OAMPm)wZ)ByLFD;<7H5EJm7!&G*>!^mtx2jt=5306@Xb z0RGbcwXV_;ti&)|YL+Hpzo5Xu20=>ybsCPvj|B}fW}xl(p1co9_aQILAuKXtb{~te zax4JZ0YkqD=wd_N2^b-g=!R0(yrJ#DO_vy4YgKzi`IZ6_1f{P~CBC5Xl1b)CLX3=` zCZB(LbF~Br-Tl&2rN__%PCwvtK9)}~^GU}yqx%I9E-Vy<*E+$x8(S^V6NfESePHaW z_~S;YNgqjEP6T#)^vzal$?O&zK{+6th9&8{ha({hUoT!{H{_egNZ z#FzZc37R<}lzA~S-OCl^Ym1SsCwMjuT~+qaZ`thCb+RfamhKRTnrORiAyI+^^a{(b3U51rx%pp%$R~!5`0GP7BRU!ys=*7}lU>oT;qu3z zQO8ZEAH(_T@7p2~{~IC*JF}Dc5>TzQS69Dlr}qAB`wzR;UygU!b;fzYSe>>M%(>WM zh)xW{kLMz*`8;U>yWNR_gRvJJTk%7Ju0M@{CpK2tBI5{7#G?}h9vawSE}(0|U>ymx z1P25e5=P_8#>obadbKMGZ}HYfu@Dx;G~!AU1s|9P#+xY;V_-lY*f*I|1+ZiR*Sxt+ zvg5f8@gWWq8jOi*VDeD;IrFnf`Cg>;n*C*ojD77#m3~y&%&zlILJV`HijC>7(d(CD z9pY7UC2KEPVNo-a?@WCP_{BO7le)-#*24IG%klcmhQu&*?{7w9TRqm|-Ph&X+d|CuBGYE*O7Gc8YPbSMo zY=h1qQ7$uMCL4VL_=vg+7%iTl6}{@0$Enqx{16iCF*fOD_cGT}~|gkHsB zj`*UE*mR}=?O5s2LFY*luE;ib(XAmsCn|f709Bnm=-@j}6M7>D$~x2Wjs&IbE+AUG zU#MI z=5F&xsWW6&NS4(lP*3)#It-~hv|b~`2U^d|ILydz3uOUo%aR-R;UUC=w%RP<56WM; zghkTh($F;f-aLKLoY_Z5_B^%#h52=Dpd=d&>WjLH7wV63{n7QsjQqBk>@LlPJ3wR_ zq*2?uc)wi_gy!XO4P5v*gj+FCY>E`)Ype2PAMWrdpeb{{@ImfBK`{mwhs=AWs9J`_ z>#4LQZrN!*IIupYID5kq)}H^iTWK(!6)Iro2Y zB+0d)2*vC1#jdH3nTd)tT$4FnDBNv6APH^V&?c~F@gDOSgp(5zPM){@T|low$%6T* z2vV@yVHRpyDFz&#QXoKiEmFw6Hop>pIPYnw8uEDTI{apw<+{HLBu+cc^y_mOYI}H9_o>Bj2!@z-1Bf z2jIJNpVbnb2e(d$7;fS{UXM)?{_#d?85Vd7i zwdIJ(Atr=A=88SYC46%^$0oJT&XK&|BAE@4yq{=g9gNh7_B>R0Ne}|TcpBj#}D_9?jbPXeJWYZ>#U>WT1ezVAWpx9+L!r>l#k4> z6+Y)U5>EteT%hevwk57`fm13daLWF>PH+x#A?hGkn~w^U#&Xz5n-%lt&b%AlJZ|(d zx&TsQww$hC*7CA?-wYPCgKdu9qv31JbRC`r$~L#Q^S6@=1jT59O-IH0RFlIX)PD#U z#7*g7%;Dme2m7s_*Z#a^{NP`HzXN*{j^9xyYCFd8{Fj|}$XWTa{R9j4#!AK2ZKX+r z;CGGL#GlIQiuq21lb2EFXZ=6Z|Hg+WsH5ud>hy8@OYC}6o^FB8KdGQ)y$M1Cak-ow zDQcY~h{>m(n9K+|UQU)jX*bbB^wqWXL(n~W}+5Kz0K~n}xk6FWD5um=G zQ0Vvsq8>MAx{bkdDZ7N%k>{ zOqU{)M>_i_NEJ6J;h5MD(#ov=6a4KKMwif$NZV)!e366FELcM9` z3Q3dOF3~2ETN}*bs0T>P;y3v|4G#oZX8VDLVu#~|z=Aa(A@K)2TR;7HhdX~8w)_*h&4mm-wod`^wOxbc*18yVwbr(&{7?v`uV^_OeSO`v;v zZGSWRfvZNd_(VcY;_(6qSOR_s_QY`OvK(VmA}vOs zb1mT*N$24%Ok~3Apu?t#St3EWzgwFrGbhc?-Zezp3+;y)CBE1gEiXg!E$vG~y{v?D zzuH(eG1oA~>cS3?&bPmc5Bfg3eSw_tze7g1FNxSdHjykvc0fk_hn>NPU8owb+!cKo zId37#aM;K`pDO(O4*DSRj{7BTxsq8El*^lk@ne+z zl4E(6=yN`es`fj;5+ zvbmN03FJ}aojyDrE9_@`NejzxtTO*n{FKN*-_fVZA3w@N@B_Vy%C^AP}{0yUrgS zpCOsVNFyQOrByl4aj(!@R4AXwMcKUhfV!#Vn_KVSweuW0aLdng*x{TtGT(a#=Q)x( zzcdCHjjLBc<~K#oa~vWeIL`YaY&_5LHJ5-zE1TG0uCj@ySABQL62{Pc9sC6f$XTu$ zU7*l;j%Q#5Q5cF~gZZX|a%!E^2qAe8k z66b!c&xeSrJJ0ch?P%ZMYdd3MaGoO=AAx;=tkXG1LwCF?CL~Y1f6w_?`T2$=iivc7 znGR4`>QH|gg7K$g+5A|GQHlBPVJIFX<=Ovta=xKb-!%s9tA8N<3eR`xe#p+25H^8+ z3Dqb5yXNmT{u_ZT&@b@!zQz=3X0-Y1X!bJ!11JAg^Y=pf7xenyoo^V$exuJ}e=sU9 z73T-Wsz`FPJWZj0egLBwj~CKWA0GAmz*sY_AXI_``SvYBe|x^W28}?rA)mV69V3*y z)$;?~<*JjUk~B!xR>-5uSA&uB2V(A=y=V^PMfINfqAY)KOE%6oUmpC(nlJl5%6yc9 z`LLe_ALTs%2g`+g6l3;xSyj&$h-dORmxIc7&${sfc?Yec{zQ~tI{wgKa|{hxnST(L zAMg5lBk`sPJ^cEh3+^Kn;v#~Gxfo(HdcUCpwf;hcUt$CP@0>6A6ScUFmImhwz;&E2 z(DgGl(J2sAr?)ci@O56xg6Iyo3i~MfW@rA*G0F$%t$^NP`iZ_0`q0lSQ*UMd0Qqq> zb!%0AfV{F@0`mDs>f9!T>~VkQW`0A^Bm8L%@=t1lm4?}J)^3O1Ev!_13 zfLky};Q{l z_#}#H70?smX>RDj)=3)-E|?!Y8x&CINbO^}e+5~H*q_Sy4?9qAE=6zLIFv5oX*eXI zhjXx>VBuDCO}K!`N)}f&U~-?AAG`pajvBkqw3t(uTgqlu~ht5oM$4CYW`P~ z@YBtAC|sNXI{)`pt)Hj=`yKg~Oi&RsL-BX*+RF-s5A4eHUszu1%~BQv`VSD68i`2x za{8)$5qmJ2e;A>E_4??OEKWc_a)ukRA3lEO1|O&Jc=Gc>Cujeu05(*`C&GWBCAclq z!!HUKDZ-o?H5n&r`g=jWxu2+knogfU!9X%CBOpYL<~AW7XE?)Fmgr`}1YC;@CtaxK z;&)QsmzddCh9$=LFa7@6^-W4i18C~}K|f#Q_b?;a|K$VuPfHS zILEN@j!$S?qs2R_(!ZSlZ}q#feK1GP6VwIg2_Cz-BF3=e@-Q*0%L~W-0hR`jVqv(N zyodZJ^FOz^G6B5BTYCjUXg?^7H^O8&jzEZHJGZNfF_(uw#L00>D!m)xcR|D8rz{GI zIB<`~VWRfsJxmdwS2!V0r>;~1%xS*2Qnq7x8BJc;&Qrg9s!h%pFe2%8ngM>WYtAf` z89VWkw@wrK&@b$&k^7`UI(IeaC>lVfw$sGFUX>Pp^q%hpf)oQIj0kayNtw>=!xrEYq!z;cPbw-I~&70 zCcfe|5B(bh*dIp)tFP?>C0Ho=*ieUNdN3|@V99zV#+Er22sl_><`?+Ijd#EuyXhV+ z+f9ew>l}oyqMA=rzz$SicbN-iHlmbSyuJs?vZ1cmeCN^dhPvwhOxS)g9wzY(nYWPB zSkVDE(utqVx~fB$pTBX*ka)H#i$?al(wC$ZA1;+Zf&+9S0bl?kgT&NH5@sZ1J<C z3C=XYG_;c+tfT9T^zGO%$GC>>*@RfY*9ay6mG;V9Efw4_cJ{0h{2l>7_yllaUX(J7 zdlDJ=2mI}KlB>8dKcVeA_H@d>j}T%?l6t$^K$>d@mKvt z@NgmStK)#GPS5|V`^#>SflH@f_m}avDg=K%*7>Q5`B-a&U%vVi-?QKHEh~IGhHItj zITXylMS)3_d)Q3XRa6wmWvkwt9B7uON_sej8%JxT_fA-JO|8}dQKPu&+`gm~jqmxyJ z^PCS*e$gRk2Ma><%L5@d|6lG;8%@4S5G4o<^ugn=L#{Y+`I#(`)L0oCHvg>|6sw$( zeYJK2Z99mf@fz``;O}GZPY`fqF&&03;E`1)`!N5UGA{o_*yZ;1eY4a}V$iN%mZx})Nc&v zuk>Ko&C7DuSof>KZ&EiUG`pVZk1tX>4A3mz07{mV|oq2WDE2t1>?2`}+_*3E@x#xfDMce{-f2 zdIEr$Fjr*rdL&pmpluTmOmKSSxBte|2kDmeey-QD9^v7kX3X^HYB%72Tv9UB%!v#C zHp*Z4W68B>tfiOR8z)^v6H008w{W<}vZX)$h{;4+mTEwW&m2xO&wk8R^S8Jn9Z%>! zVm=nBhO&Kr*=`?Il%x;Ee|>cE z)&|+V0bv!_L|&zpIk9`}on$WFkJ%Yc#z@MoT8|idK1b}tTGEw#gZY#Zwwg-82-mQ9{kDDhx?`Z;;Jhx*@)J# z6mAUc_^Wtl`l>G87s3szEvtc~w-EEiK^ykZ%nbqHH=64KoqEirC_=Ve=n8l#ehQ8W zd?d{tv89KRJzk2x@odrWYWAO9v!mb`kWI($FD?NRgFQ%3WCprWY)u=eYaW~J;%S;{ zZf>#TBh!pRwnqc}9=sEk&1I;d^qCgq1Izmc6w4D`s@KO)(3$1TZT~Z-MypMB1(3z> z!K?64fEizo#}wdE{Jsc)N)bC@Q8yEq$=5H2;t2NeN%`e~1P{5Ucr&YzY?HA;jby{E zn64X0eZNg@bg5p71-uLs$SZDwtb{t2_?5667@P6iG+twYi)Df<=(=CvO00=*ESzGZOl)=Mx z=~O)ugev>m!hAYLnCnTNmtn$A`j2L%cyUjB38en}mEnj9I7s{yN}S+u`=%{a;}`1V zr;MGm-sfPVbWKq%ln{Bhb+*HFSrqvh1$?S4#D{XUP#-@9@ZWIQK#?V2LG~D1{58LL zil0%KyW2t~zfd1P1?FuLn8n?QF`>&pq80Rl?cU;3n9Y&q@$G?B3WzJd4^;OiM${Y^ z^B3(MALm=Vo~lk_Ls@g4p4 zFX7J-gnn#^y!p?d#43e>bvN0zevtriz8y6$yaS0d<|3`+%w&aOfIv2ql{J652Cw@9 z5YW**N=0;*^2Z?NTyqZMWA?{nGlM_W`}ch&^|u#qZRV(>+XH_iJ!dO+lOfuUjj0mJ zL~4rc!DzraY+*=NO#xGf;!h|7js!VxAztvs)dj86dOYW~Jdu7Vxvn-n=LtT)wD#FL z9+Q_xjqC9z%LVIX+Y{I!bd`XW8hAM_-4ZTuZ9;NU9Uke{I4i9LuVA^B)M_7PsC_?yrU!XSqthsasv2^RS=iWIw8&Ksbpn7u_J z)pdl*mCEKhh7(cR^sz$Db3y3G_I$UCC}i)nL>wmHzZfEo%;hKhFM zWA|9v)}x^5hFiHaxGbb_Y5h2Qi+2j1%H%0n{<91poyoULA)m=bi4s{3jQ|_OFOz@Y zacEBTtqjtHHX#E2lRk?tEs;#FcZRQ+D+*FZEF$sEFc7$SJ=GplHsjYu-2t#V>gPl23`(1l#r1(RdXNObEa60~kS@%+HP4PDt5H`)Ve2NN5 z!{)$y%J+vY-Z~E}4rphl7jFQiLDz+_ZgUFq0_-z9wfr<}PhLr#D&bs^&PHff<;mc! z2&^Huz@?EiEQm9l+|iYu1w}}?NvX1>U6oQOB#{WN;>rXghrj&*V+-_HFsp!euZIgU zyg5CXubNe8j0PizvFcQHmq`9V0jRC{4${qj(3cP-CYXC66{?C2ep>rH!0*A$RH#dv zUH-72Ps|@pxb(cA?)C8-kXh7Z{^V43E+{d;@4;`4Z>cfI`H-`IJ|X`O#)B^U{Vvt( z<0rtfoVol_2e#K0Ko-9TUnbZ;p6(D^733ob`d%O5o*=!C->A-_X7gqTxjQH^z;8wP zt3KqeARmw?T7;LoRIiVp0LyZw?~yUq@3E7q^@DHn+OeAAV+epdv(yPDrBfYbl`Zx? z6f0&~1m;`dO%r+X{ecg1ppar`in&d-OCcci0c(CS|78*#cwZVn6$LmK0$2%fUj?|x z0UYB4l%xp2y`lhL1erU<<3MGMk=Q+(mbE-19}kY(lzgKmwsNfw9ZtxfLTSHwc>b=h z8{$vbBHB|6>Bfn&I^q!W$FwuYKm=5~~KGQI%H74FEDXmrh8l=0YyAqJi#n8*1o z?#2S-I~nKq;BK5|{`f;Ke_kk`-`>Io^N)=I|JaPV9pHq2`;H%le^RUs#fmj7qKJDf z4QrpRO(!NSYk8U!NHj<{QsVq;5yZNn~G^wu^>ZPIRFk4Y2m6RCh?a<&@xw&h{^0+#xnQ`^0B`c zLO0=?NhTrRRvyb6`3;_Ultz9vlZ~Y2qQ+1PF&Fu7DAkHDpao#y>Iz#1RF*nllix&a zE|VZ*OQyQApGIEjK~+LTxC8&j?in%v`18Ma$m(WV8W7-96*!~|2;kc`n_>bGYjur| z^Ba{UG@4@c+mkxU+-_<4DC*`5S3BWqzjUUfr6i&D(!&L1DM^HrBjfc2S_iS#LPRmL z+2YgeAb#72C`sk`jJLJVi`1UxYJbA7ElH@IJS-@Q$8Iao852ThCdYLCMg3_teSTZA0n#f2!a|4=lf_oDRB?njtQ{Gh=Wg;h2&JaNrHrNq? z2wWeFnLqtZ=15J1>kaUa`3sVg**8U%Oa_8UGuEFb@i(VQ?Xa3V3QjLIa@$dQU=lLd za5itQKLss%l3=Evs`7)|+mP?{62AuzqF&mQWu>u(P`+R?517zMPH-7`Kp3BZ%%WyS zF3?#-!IS{1cn1_C;K?*7VsE6#!z|JY|JCURB{8NP}7rR0t;!LQ;__1Nwzv=rSd|wSt5O2y=t`D;!7gP%7!FbO&0zk z{`UPycf@XxCG!CTY}Oo3VvnCD#Abqdgx^BU5`H>j^Ly}g68rlnyZk~ZU%Id#+9R zlo%Zt$$r{f#543tWHk*}!5oPD$_F9>eU^2=AGDU&OGy&d#*>0ZM#r~Rl==$y^u=r; z*3l;=tUSmthYa=tq}R>@>D2uW{AURs&L8voBo#X|tX7?}&U|z^2cPyhIY7aJqmA_i zUv|@l)u5R~PH9o&>xmPM3{cT-Dbk)StH|tA^pST_ zy_aFR*^1(9?DV!V_jk&o1@ zYJUmMKJpnMd0MQf>S$*^ExowmUOtO!WdE0<(g~PIujfd!*!@A1YM7K6keo~(e;E%s zzIS&l(bjzPjXk7uN~|XHJR#VuqtMqPR%8G^BFG&-l+J92@?mGZ6u+j&8)BIo2^gUW zQA=3ZnlD+n0UDt@ENCw#jlGpDzVl&ylLO)XBSS616IATR!%Vyl?7Q1CF=JBZ= zv6b1`Aem0uU!0lV19zUzBoQoBy%!uD=2G&a{(mP2F*HzV+QxP#?{e< zWRYniStO77^nXFJgrDXjsBG$rDvxH{cu^DhHv%*vaBahS0m#r<6kaU*hVB93!&MJy z=z<%jCPN$x<_%mZ0lxSLxDlB_@XMdn)kDUx%YwAAenyKt5A-8}17W=nFSwVVzY~1q zO=v~Q+_Epp+cIn)hhD*${mx(5KI3C{F2oHS7(%*7I>~wxaOd_>L~Q4`*2yDahyM`s z6l82`o(#J<%@)Ix##p%a;#=hHZQa%_VX-a#L)%+8?6J7bLn>DI7|)lL5NvUXtfssd zIN35-;b7n8oe9dHGIBg%(GwQtB=`-qLE5>Zc=|5Pz;)Br*I?euhKjAH&bZ>c$JG(~3SoM+O3w^j1Z_cw(5uWb>)v(Op7CAHyME}J!&vv8{gm?ClxVud>_7U3ev$F_b9LB;S$iy^9v zIN54PrrYn=p!xxs2++(0)lsM+v>&b!`6W~aAsEzbUq!&!IHYTZsdMr30T}TbGvRzU zDho0ycN)&P(JzdFBF~KCFVH@S&?S1x9ZA?6*eUJFcp{3@hsI$4t6dnh(QoLu`0!AC z3xEI$Rmv6#dM6YrgWg-XRw3Qtx30+B7`bUcR#u=NiXZ_Pv13(0NZIbwFn1>JZe`#Y%&Xn>yO zG)}j&8FM1M5d47c!=@LWDt;BYzBC=hqFj4^Q#@Ff><26RVV%X@)GM5&jcv^h(3dpg zaL%|4;bs{fCkJVeh)(%Mg7?d#$9#KUxBtlE1@`3O{&@f|eh+5HDkIy8mVWMoxm%Vg z?=~MtXdn2jLZ4Qd&*2AWVO+XP8X$6-a{)YA&P$pxv5rU3v_N!ey8&U$q9o1D6T4}F z)3P|X=2QSN&rOkeL;~sNCr8uu8XEi>CxvNd$fU6qc@|aR^6YJ#_YN=-`|2LY`l6O< z4od0nm^7iB2`E}OGr+dZr_n~Si?cuL6qc;8~rElI?7cCqMSID8Z!o5+Ne;lq6VY->c%l)r;18bCI0G3gqBLwomap z9T!bisu26s0FQAngD^j5^k#I!acSLFGK&ootMC2+>vtMg7qr z$L?hx8EgUO8+MQ&)}iC;yCG`YS$xNplIB_fCE;>-Ktkp!JUsFBkGxfh)alhq5RL_c z$5`z3$W<$Wd3EV+U}9(bdJynhWvICgRDMN$!g4POu>1qfYtmo z7a-YZiqGmxWTtByXfnTW(EfpsfYo;h8evvr-xjd0k!??wZ3tN{V4FVe_wmIdkjxg> z0N;ly{z~9NJU@aD3sN`fP(O<+&OvOR{C4#Ih4A@R_+aLGSxiQ+VKBKB_X_z90>O}h zP8qatp`QfhPM2EDTi{QzEVs8?|Ah7$_89-uA2^xo`hjaf!(Da%yxXkH{n1JE;6yvM zP+K3^C&gdk^9%snc$|yw;&T+#ur~?bTO~PclmlPN_ivnimi~&jXfy!EZ`mz2F|kcH^|lJD{%Xxzu{S>s{J zH9`$MR?w724r}sIlQg@bowT2kL-CH z+OE)m^XFHTmk_-IeJT2Zwh;2R_JulqYx16Ro%1ca9j?83{)n)Cd3*eUyrAtse#`7T z2!i`TIFk~c4gDc^+rTJ8e0YQoanfUO#;O?!MO~4xWtOOt;@oO~^i@!{x~hPNu`VX+%XWOi1)UV>I9n0(y^Dv$@m&&f~mHpOj~(S4S1?WtlO z5SN)haP}A20F#Y6#+l!3nt~Cu24)#cd0LZupL27p5}2-pla3c)k$QFo`pcWV@W&&sOW7E zn}2Xllw3bgsF*b;-6SE{nZAG24E#&7t4)JjIkO+}7DXoHG+ObkON3bBrhq$`mB21TlHS38i*K z|4w$*sB{pnKwA*bdUJv-LUQ40gPHH3jE9CmcQ9~6_M}PhS6zVnH(7)*zNbuofW1pWn&+ zg#MPykED!`uYVtHEbKt|^Q!c1-Y!$$L8_hAL}iT1D2 z?;qua++)9R{F%xG-NBHvL5MImGkt!A>I>~kgkkVVlwTiaVTq`q2VUEqi#Le4_F%=5 z?co05I=wRD-%PP%xw<@{zyG`YgRiF2DU+va<5BJ)&>=YviaIn3b)d>&tS9A96g zJRn#iyw-S=tglKESZ7%s(x=Tn{;E^+X8tRbbFT5?F0GFRKeFa3{|6<9Zz5P@Sun@@ zS-5X_hX12%&T7o=F01N&!!lF-t=)QBL{)JG@W0PKBtdy`(<2 z^B0(<@Q88oD9Qr}y$~`$(?&JHbvww!^cfAY4w=MqF~`2&i<|LQ!g=kpYWRpL>FXT`wf2osXxl~y_=6wzkfpM+)%z=6`g-o%Ey`5T;a>d zNx_e-ndSeekdM7x7Dt9JH^yw!3k>q0RL)F6A;d6p0zD)koGdYh@lzHSUos>Q5?`Ra zV;BU${rG7k>0#HXIZQk_HZYd+=e(9a@n$Ysb6HSVljk>?dog~zIY<%Jh@ib!kCj3< zY^w2_^eJ0E&YNCgARJ=yKHZXYEihc})~j`$8+kI+>djY`>GXRW43}9I2~dX85mXev zPi7Yp?>f-`VrxdF2jv6K2>-Y5Uj$$v3PBe`@?Y}hSyT;34e{o+e!6ghw#p{2A^k%7 z+xoVWj2|*gD@FVRj$I#rNJ{zrUFG?dq_MEZ(943ajQt?qQqdpWX93r+?5t1al50EW zkIA;pSp4Y%BV>0|2QB^JFc$n0nSrdBzkvlPwubuE+_)G01W7Pw^7TGCnwdq&w~qV( zzXxCBdf|R3tEmdeydM>0>%(e#vv$p}A5ElFce5c|Y)=#`-i9JT9}}*0su!8b0scEC zmKhH;h9n6c#2435@qw*${F*K~v5fdr^Ywh>P{;4Muoe`OU2iO19D;i=l;R0&&E;1a z2qq-}qQ(co6x}$74*?;{4W=iZF)S^MMS4~>Gr$yc;Hjel{QG_aklWHRQn21G zzX?#1A^=A?m9qeg?+Rf^)r;vXxq*u8LBi|oWsoJEDd?|N`fC`!yu`uj%o9xBt%o(z zshpHS>t`x9S@-(_{oRk>8&Y@SU&5E%bc);vev!TS#nx~PIkie4xT3xKOa4qx5n3$y z4VgFDrZdcn4USvZ}!71iYsuNZ5fzIk*XTp%Sh_8arVD#yL@oK`St})^wuhsJYsaLq zQ?hv?c20q*YYSr-q=2`(xNWO>6M!=kY{8y;K!hD$z?+s=DaK^t>^_=UQpx1R#iq~Rdcdbp#A2DZ1Q3mbcC*yydu=W;iNo24TaqwIy5czI54fqy@ zSfZIruh-pVIIX4`ULQZD;*Sv+3KxdxX4T|=~R}9?9Rh}om{AnWP2GV$)@u4 z^%M+&L5uzwfd%yE%Z*)LT_?5+N?KbEKDyo^ZXT0pEFDq~PTTbqzkv=Y$5Wj6SNesM z7D&hOOC(I6F)^08jGe-%O+uZYVe$}6JT0mg60N}GVwOd$_qqt*>C|;h9tY2~G8uht zH?uB6ei8D9ee;4xE#XSm3T6?b4XFzN1xjx=|KLAwrR_CDEW<<$MzCVo(;srZ%Sxt` zTQhSML0EgK9b0iFyt0H2EY@)l9!YN4k?vy|Z)R=;2V?lv$A3-V7Z~&;@p?nV<2Q)c z%w_^Os0`=lG)Wv_p1BpZL6XdBSJzANQ{eUBLvCVugl<1C*g2f zA$%y_r=*i^*h+qe zflbVLD;+S)XRxeRSq46*FU-{ym&&?jN!xU7OQ8NvwCI|R0 zuGzW|o%Uo%b2s^N@%+|s;w5R=l*xWYHGn6H7?IMlAaSL9DiSwdt6aPeX>I^A-|J%q zFT-^9{mPBSH3r)!pc<$U# z=B;FU6iE8Q&N{gt-%GLhbg620Y`z9{5RgiHDzqjp#W4a)Irbjg(8idpS9(d6o(34XJQ8A)?lIyDIeaTy-|O{XTvH~*b3 z>E%3SPQcT8{K8&v%TxYRp0ZTH4yG$l>-Z&OB*fDiNn}=(r%aCm3GtN0r^~r5%hN{8 zAj3Q*3c^!<6sPbXP^YGNMTl!VuF>&$tRoF%1)n@Yud^}B-6w6i$$q&EKl>X2@bQ9^ zO{%8i2a)82B5SK1;a8Iz2P5T0tDufw=@Xw*oErT~ef-1_Z#OT)i=?JM#N{nZ@iVHS z51^}Q5#QSao8&5ZEBX1hl`5w+zD5z0Dg0`bYrTvrWf{VF@7?cG(HpT;2OF;hb>NO- zB}6`pJMjLRYPrDAyR=aclcX~Z4q?>fH{B~ZiuiwFPHV;Pq8FYw)3M-#{=fm#s}5yo z!eu25>QU2tg+P5{p9Lg33M_9hi-9knmJ0!qM*nXFY33+PwmOG}*Y_II0fkk75=(g* zX47&^>@*9xDk%1xQ4oF*G`6f(Cu{MU{CIG#e@Z&*@T$%g2WWA z1TPR4!5wAQaF>{1?l^>95`6RJ1(;x#pa7?4h~5DOG*(l*R!9P8$HtVxKy$2fegHIE z4wMOIsum#S`pXM2!8B;A@X}nX2}V#E&j4XMQUEu&tU4^`-!MnPv|yh^ns))tss}q8bO|7Vtt`!rK)zx}T(`vBlix$QW?9k^R@{DtT*TC}MP!zTo<{bMrH%`#5gHb|8Bp3+D-D}_ zf51z%uwmkF2M6aLjme&9L)upUW#!8hua%MS?)d)bo8j#!I)At4;beUw$;&8Hd$FmZ z_z3>g6g#EeFye6&y9Yt8iLumYTwZcfBT$^%UE)e>=_5E~Pb`YK3fd_347Hu3aIedSD!3Y>& z#G*!X!UD<}{Oh!$t*K94Llm(f$iv>7AsLwC#c`$(3-+J-z?(ZBpyZfa4x$QZfjS#X zr2mPNaJ~Ac-`i&pmJs(H9q-l``1BN5@8N_b8b+s!2MZFoG+XCsdcWIY?*=a~38UBb zd7_82&@YD3J5|xk0ll30kVP-wKLcgB?x;eHKv0xQ=1_#; zI(g3(!FMM3CyVV;jbKX&x0-Ow<8Pv|x7HoaUm#nuhRv;4l%F4Iw)zbrDMADGIXjXI zI`(vPDc6x@AgjR2HFpvx6AuisEMhh`)^VU9X@A#+Rz9v*1`n4N)ZgKP=V-w~?B3=v zNrVn@$}D#8tTD-FYat zWatf~JLDaOhneOrm}KgySH6hKL-9Oe(DETZH+{yWScWSK;D(eHip_7ydpHOD1V#$V z(F2U1wn8HhZ;g=_d!N$zWw?e>G)>gg&1hdW?R(5;54zDB-9N}M$w!<2bqrn z&L$qczKQH9s|5Ot2;r$M%c|7IGBi$Jd^4|`CL4G;1MY;Bb{`BdgyLa3utOvnML(*% zD9L8Xq$qlo_>p2gQLtJcaIgv6#dr0rIFuN#Of*TeBi8X43ab)e0%p2bgc4}Ln)Nyy zSLQfKDw602*(B)0meSZ6fVjPQ7m|S@Q;w;1WK8}OCPjO>m4z60cXh*M924uiIrM8bB-7Qo?~k%fS(%$sDRR>|ZrY;WQ$RN8ieJ94bE+Z|!1fyX8T-mvtKY zAlOcE7cK+AJw%=_2E!Ra>1aiQTCYFuSEl1vLC4D_$^E>|w#Ll4O4a=RO74aC^DfUU zlreSx?V32}cHrAPIFaT1jtX=?%v!vl?OY@6z(T$O_+9#^+pKEw3-hvMZoNq~g2>#v z3>}V+)Ibu=d1y{L!sr)<+4xuoi7FLfz2S3ubGDlA5SVH`Zlu>6>*d1KO=!HxbA>9$7GL)kcsm_>S=7ry&SKRJEx;rI*Xc0mjY~qIZ61y{b!d(Dd6yFZ0ZSj|(W^LySN)t}~Bb_e{lHP{VBuS5U-ue4s`W7603-c^}&lEbs_}6ni z3&XJ;5D$Zo2I3addkm7!W*x>2FCmTVExj*6IMVgY;xCn9L%n9cg|bz!ar?)TTjz!N zokxqbM5fi@GZnwk5HmzGoNP1X8X@46A7sG6Fsi1l?}HJgEZn-c({$hty;=C;SiOQr zpHoeDHD)kiP0L2B={EA<#UC$KO?S7|bhs-4Qwq^^zsJcHJ2v3FfZ^IshqPlgU5{$I zRc0{Z7v@PJPGRVjP)ZgxPTjU<9MR_etn3{$4$`4ZFTBLH5H>@Jo!V0ijuW+8{nd} z&!yw*%{f4`I_-02-%o({ZamJz<=2+rbTbjrh|nC9a(G-6a>$OXhOjv7Xj;r6^hXO4kQT8&&4>AoGLv1G+%jw*#}Rbd~K&ZomLM2EC>H(AV&D3 z@$?$_Dn3tV>{*ScbA|_L|IG!5lyOy!QJyh8Sp~)yB+7Am3m=dI_EkB(2Y0Zhl!dIkyT(g!IW*fTIii0Y)fi9&@aD%8JtZ6rMSAcCgjzoP*|ub&lQN+AQ=? zTI6(yzn{oTxYkBkFj7g2VMmJ@IM!lu#?f@nYc;@D!YmWk59~+BHvcuiKrJ!AD9#2u zDa>kV1!E_POH%@Sw19&V@>9a!{y{=REGe(Mr2EZ~29-c47wjXQ7ll(bOkjftpOPGy z`@P{vCPxm4rDkgi;(r$~1rdWIz#uee%wHsBq95)vW>``t#8Q9O;aZ3UAvzwFR0PX< zQ4W1;xtmw!@_{2aSwg~uSjUYhC-m~-NI(Nzt|~57n2~_NM4_ggtSdKe#~CkQ;r2ND z_B1ZGcVe?jS&(Ryzv7@v{J{n=D2gkyv3v5#=W5NzT=(C^D|zgG>TKygc!-JsU=VlU zpK6s4MCIZ~lw80hq;8)9lErD z*4*{U(0(;NGr$~SdUqry+ihNL6@}AnK2AzSqAZNTOt5XyU~=mc$pmKa1+6CL;~Zcj zMWW?A31h(^@GoOitSe~(L#kS@w||gZ2F)?zdPZ+t)3{g8`~at5gWz@8-);_#zr5|C zo3kFOL@Jrq^Q4P;ScKnUVEa}c9+dUAzP6i;Sqw2dX0tkGa~QMWT8+sZ7*HMUa2d$D z%pdp*mLseYMXiup8MiyQO5Y0<%MWsO%e)UP#ne~_bioW=P#(`~&^L+U(bJB;ikc(z z+2_1wuEzDE+v2ank!CDL9tPuGgg4QjK?DfTf4y6qVuj>}8Ogt0hHA-mGm?L~%p8x( zIwddD=cJ$07kOhRhK`U}44{6nK`by)LWov3*r0yFyn-|I4E}dm1CH8@CJka!L5+Fx zVs@U7XMSyxocnwM31Yy1Cb)|4Sio9Gg9;XB)D%?cg!=(if@FC*GV$T$qDk-(TD2PF za!;1h3Ft3Tlq43-z2!xn@(GXwB!?Tn00ThpxGspi4kPj^Q#{G}(7}X3^C9gM*07mt ztm_)`K*74O{57il(I#S4T>npMZwdy6NgAOt#=iXCA@uvlcMGaU$ukKf09w*FOX8EPcz$~CgghviIx)QTezv?{eryqid;pf?CqRF zvwp2zkZ%5$mM&fHC3e3YH`yarygN#P3=6^d4fUv9f|c1ly^gOqnE#wD%h|B|AkkH> z?JuDR64OPGKMv?>6T50cHWAY?x>H$i&Sq70Kbq*PI+-ZCYZl>?TJ6U39p=2lo0+UrqZ9 zCka$lDJT_tb!dPD39c;wiGmFBlKC`BiD_1S7&k*Tu&hKAh9Nsi2y})c&lnw@>n9Px)B1usE&y6J8^Co}%;(QQ|xQ1kg;v1zf56eArHgUpe_#l#! zZ5!)i8C{rZ8S&y9)9d6>xsBL+o1XoRb|w8SxD;o_|(+^vkooz&;Tz|o@S*gbNxd&0HbS>7%aO#SHX%JWe15t$^!fx*}! z-5MA;b_P6~vdLyyKMV~mXym=X3GQaDCV&`M4{=n+dMSA}*M)j?oR-R>EbwY33FD7Ok~JsIQ5C#aSM-nRPcrk)^Z16pSF* zILP}bzfMK04a?g;a!2JRrqu(|;NHK|W9!oTaFI#--{`LeynBbI9evqXlf=JR)s^guc2W6UG!* zkmITqGOJJ!=X>yPA|uDjOgCy3zs4f6!bz={>Sn$WMz1BNu;Z8slTAIsw?IL@S5pg} zpmj&ebRfvSFl%+-NJs}>d6whr``OCk^&E|yy$ujIbMe{mBFp@r20K{g41o2uO0q@W zh;Fk7!fkwM@m9GSLIX^QciLLcsRo(WnOnF^m+fJJPzi2)B$<;8nt zB_NH0L-Ey8w`DbMKW=%VGxd9{=fpB}9r0Kp)9!X@hbUa^W^P%H&8$!r{aE5#J-zN` z-h?a_m&w1rLf)HD@GK?QNLLrTp`GM~$`wk5)mXnRP6Opd996#A$&L23)GJbZz1Ol4 zlYgoWPWWucFw`dI_>J+NmOZ))bI>1hVxmuq@t))-a5bhm2GKI~x{HH0zTCq*gYosT z%wYknyKHu5z`c&B`MaL21pAY=!R%U zOLd}%`86ULXtz6oH#G5EZRYWk$S_+q%z=~RbA~eo@SHcWFbD~E6SG=S49w$#vn?vP zt}i|VreUsu)z7HxKv3FQawzpx^hWB)mq^l6AbmoQ6hw0}E%>d3&afWoV~#-B6T?zg zK$30ka3__7ShMl^m};H_p?%hK7E_$>nCsbAH(J&nh73)6+uVIlaKo;zAIC^vIfp>j zralQAu)i4pPM6kVnNx#qFj>0sCT5SgM$Yz5lG78hd6k)nt|-AoAe0SwP*mkW$_e(wu{a50 zSxp*(^B4Bu1@*~L9U)(cdK8L`oiae4=e9jBq1DK1*2vOG7pwa1R;du{}F=b zn7xmm_O_Y52?1XiiOImuT+qY~7hp73esnkSbio^2X<1A(UWS=C-H-#(86$&A=O6PW z#Bpd+*JGeqn(yWSqF&U`(Vu&1%VoE}?b-Qv7z&$qOmhud~ z$H*F8F2j>gZzW5@eB)o&n=`;Q=}3`R%{e#5pv0PW$THt}#D#1#dW`$LN1c<>>7WB2 zeh)U&i8&M%lzHu;eC0pl8bs@>F2n2NC#tikx#*HHbWd>lW`Qe!EPm^AkV6kU$X5pW zeIj5PeNy%8p*9jc(b4lVI_U!MEsu;?cPAuDZ_K2vpGm zlpMcA$^F>>35rMx!X6F>mJ+ph#)quGZUdtwFT*@;L4v12o7m_|Xrx3GqhEc$@#t@; zZ<;Zh*P_@7gIKV54k)4hQFl>qiKbU6ekupI`Q_=`cZB0XT;GR(iY0B3a|A9!0lQ-c zp?%@si~j4a#VaeF@xR16IH_c&tTsQ0OpRV6Z&~~=j3~aeE&dWhh!>+Af`;Q`H=T>G ze!9B6it?rzE?q2B0;}eXKDKPt1z&E($9ACcu@$sik~;^YvQ<}o&ql7!%76gmp~fUE z0)mzUHm5Z8LGyiTF0QZ#sb<;HkVuJ!h2l-~tbcBM-a8a8p%y)5BY$;*Ucl2w$+iM$ zaF^S{h(!x|?+8165cYj!c*l+tcOZLN{4U>@Ia}J7=o+R03^2)7LPk|nh|E!NxQlW3 zvDo|?FY%xuJhu{giC@|}DuErvHgp}Od+idl4LtP9B%47~ZlO~{`h5@vo~KSRsy^NM zO+0?Ufk|+@yT$etkwiWtU*6weg!+3GUkud#KK-Qj_ZQ3JzwrC}o1OIcD#-)Uwwyw} zAd_|Jylh5WpKM!?$K6g+0Px6l24Y^{jfLs!U<3OT!Atjaz2fVWS$NUw^zME8(ggk@ZY#H8>iEO^&g7TIb94yGey$at z2Y6@MhQ%F_8Sk1iP~7}-2v!9T&mr9`%+bOO4Stn|Y%VgiUzq{cGS?%wSc9eu9-vKy9QVy`nwo6KrQp2w?R-n5!9GtNN7l%gxt@tC<@}yX>krLY- zsY^7OQYZQF?@%Eqh0bazCW}TEfQ(O<1N4isv!ep^n~eelJY`lNYkMo13ndBrV(t(d zWcyVon&h?OOyu)9IPgGh0A;}Z{FLa5m)l>}3}NJ+Rx0^+G-S5mQ8z02=*fp~D-I>I z^8c{+F7Q!%$hZ8)~s2xX3guVZAgaGT|I`?op|oI306;Jbz{8i>_}~v^M0Dk6%o6r8ExCX z3euTlHq%7ojieO>;no!F)bC!Xc5RH7R38K$j=~|ftx&)XPcn#n;zh$KCW~Ofnw}f) zpor-Yf~XHYWKc2Q)~VQsELVbUJ2UN>C_U4$m-Mi*Dm&B%j& z=V(=ov`9=05-QrzkI0G67_TZSZ-hq2uP|(h86;dnIl}bR6XY3gOvUCP@N=D+g6MFC zh}%1ck=5(2j?_|;0oQ0I5e*(80^Y?aYB4%Jr>Iix(Ne@x{l?xd-qL|g3(an{veWQu z;7R#(bP@bX9-UWGZR{b+Ikqvi#{6@49A_s;JwWSYC*&Vev*!fJfx4A(O(BcF0TfX^ zSq=)7Df|mm?P|6>e3E{_h1F=D!v~lqVCO4Xr^&GHa=UcB&{tzFp-iTuHA-KS8@lM9 zAsOsQ&F0L<2_Q5qF}wFd!!AIs3Wro4DJ3K(ImUcJzo+n<>AMN{mr6Q^V|559yJW+t z`J0Hho3l6Sc2n1s2Y?#3)x4v%RhFRR#eh=8>j#kpEwy7CkBqjlGi9(Hne{in;BbL2 z(?CX82SdDph8MW3jxxu@t4<6tF@q1sM4is_`s$_32xl48kJ$)}fIulw_1mCu*mc;K zY8mD9%OvU-IZvhQHMsv;MlgD{vA}sMKd_|`?EdyZy;P+34CF>LAeS_WF}Vta(G=_L zc{r6CT`#wxB?>L%+_9g)bdS_pon-ie(XAL8Cnps5S8xobbSij?1vuG_yF}{$FD4!?_wY&2>3&_io$*SdG4kfU=Wpx zBW9_JO{sDN0|tHbF2viX&v14RHc+RWiUASeGc_<36f9Rfdlp$f8m`dr_xF-{>2hPf zkDZg3?A(p-D(l)C$3*0zQKYod?k*z9YPDa z)6VhXXw~QPju&_d0jsVzd(-vGjq=cxz``|~9J3v5C0(7FF&5xF12U(Y>`ZCCn<*Kc zDcx={FTm2{{JQ9T&XoSRHTp-)ltz<&l(mX;q|{%{2Df=D>uUNXaD)@e{O8fIalgaP z%dh3Z)_CwVgJ+JG`nzzMeg&cTmyUTS(4$2b@dxVHZ;|um8z&a*PJ(F_iz3U1+yKA1 z^>x!KM6%yLNFJJuznM#pF4v1BT~i{dESV=}$DJrc0*kzP5a5>Rty=J{e#4!URWKT= z;?@)L*G4i2Bc37>l*&fD6@GhL=*dB$nu2RhT$#5@;8ySFD06Q0ojjTvnQteP#K;C@ zr1_-NHXsyL4N8VNJmei(Hg=TZ`Yxqs zhg>0nRHV!@Of|p4G6eMpPikdvb1HHA0_(@b8&bizToOn+O*QC2CkMIsXk5c8fw+)S zw+R5wbg?vdXtxplpt>^&scaP8dD1G;J&3>vJP8^^s{dPb6)E8dQUdOU^id50VP+6j zjiRanswINz-Ian05wn((7M0Slx`{Ai%5)&(-6n$rAKA+EP-Kurr8eWSb3o}P$@i^(C$3*6dTYNY%0lyG#Mx~d zEMp)%6C`gd4xp|Wg;@08`6>Kj;cQG~{?7!(omh<;fMqowk@D`EM&WO#c^m;!I`7*7 z+V@cuD24hFv?oOGj?6#I$4g5f9qj|}5kM!z+Zx~=j3IZ?~2-D%(uaIy#R!2q^OuqApYsF%hq1jnR_u9Es##U&NP zg-J6Z85Dst0hMY>%Xe-o+5!MUl`f-BX5++RH4vFr;0%cl(X<8YVc8YP0K}U`ajd?( zTCX&US1)o1_`p&&tMn)|O4={0q)nhb)CCrsx*jEcnYd7sqGN1*Df@igGGZf?=HFVj zT!dI$ZLEuT1e<~gy%!>v{v+3RPf5v9Y+m6QCS72qAH@lvME%Z>8tkHe?nklr3sj9C zHN-_-=0|b;SD?<6C>U>O&K$G$Sk|1zn_lK2)4*Ux@>~Pu+s#PY+>E5&Tq#OJj9=)M zdh>hW0s7!P2p0H(KV`P87w_k;GqZwD#JwUCKF;+J~}I?t_ya2tkbu3>~rfntZ?b zL%J7#gXD$Fw}e0)^vztT=-Sk{57E!&MYlvTFXdrr)ek_!f3#H^)_3B<+ z=s3N^L{!BfKUDb1Ku9)w`=T8CGBA%+u?g``EgLvw>rN;8%j|eOcav}{G=6bNMn1M>JzLKWLS(n-YMx`-9)Y+q2w`N4Md#267Ih?LaEiGni5`5?y#dIoqId zFt%m`PHMtOZkwaa?PlK_{$@R_N)k_3Egj3@C6y_mF2T)sG5qQ=t9;<#3eyC{sG`)1 z-WmvED&ezc>S#Z80fQidnDpS)ci(beKU~qoM9j){A6|hFqKAPpMUsTAc$tw1nG^Sh zX@~|uMI{3D#XLS%M0Tl!U93a6G4~=sl{HU$bu|U^?_j7f4^vI*iy+%^l1-`(mgM4S z8V24Rb1RwW7U3`#*S7A@+2Em+U;vn!MGEad{y=#t397c5bdj!^rdeVw|Jvw1h+wM;*D5>JssYRztnrhg)SofD57#X`I za6Z-6u6i`SM?g`U%&rC&pBBx}pYq31b=cP>hid-ylF4-Oces$&10_ z+Ya|I;0E(WM9c+1LnSv)s~{}D0Ts3#G4Tt_1+B&vF6H=0Votz25|kb#5}TH5E!xe~ z;3Yc>9r=mINbS*p*6t)XhlxX&Q{1dLJlRZX6jR#k5Z@^Xzj3o=$`623;N>6T!ta(_ z@>_%&A^$m4NytAtl2~G+mHZVh1x~#Evr=wzDe&9vykavqqTx`nf}Ry)RQHN$Tvo*f zxr(iXq7ZeJz>pKJm{px*s@dXEgXlo&97A^Jy#?ce%`2fN#Q6j5aUsY^^C<#ja1O{@ zs7u6C5o_)`LVBk7yf7N!@dP*{7BDH6DQ`84yR`H8@;J;<_?mDlRN(j`D6THdy3-kE zPi1mgs$46Y%H%U_^~_C&OOXP)RDc#RIn`u#eGSxoq%WKqvwo>6HG8EHR6i|llaTDV zwu3&Oh5E7B{A`ouoVARthKvEnR_HkE=B5UP;xY&0?F;A6lZWv1u>8fcWmAs3!c>u| zfo|iVC@R7`h$hJIMcrxR_|Gn1g$^-;kzU^-gSJoo0%K!m}vdIjlhII z9Qcl}*^X7w;?UC!y=?T>sSzSQQd3-W@n~xWf#Cr}-IU%|(dK+@oMQ``DrkDZ9 zF9_&sMb#R;o6u;)i1JWY({^rfxt2B|oN(xuIo|C-4mzR%$a5f)!ME|2m<8ytP>V~< z`a@6v{nhd6#XVe|oYH`QZ1pAPxA<_bP91k-womQ4#Qdk20M+$y4}MF79Vi&>9$kzF z#_0!rZ4=!c+dv(rMsyU41*87Yxtlu3PG`TU-NGHQsHKVVW-h2~xtR-2ES%})05J_7 z9T_-JVTI{JJQxK_L&9E_7>qaNkOEOcBO?h>H2_p4bev21W~BBOWN^!htt>XxFaA%G#l4!zE_&9-F)pnt8nRFW;*J69_lZ3h4Nfy zqqVN%T*`@&glw)R!fybft}-RxN5{nKg1j~XYPo_MtT9XmoL>ccU2wzCp*Va+K^=@V zQJsGlTO+9F?xc1SWhXMkmC>me;@H^cgAhPNqDOmMr zHXr?2lx(i|Z9yeGZcfZcPF(0Xk3Y1WlL#~?;{2?WpV5K+RSMY=4(UmWZ}CkQhQ$axGH_#Mc}+Y0gG}WcdPIOgU%O_Lnjdre<>&D%fcFE zkZgTPOGLaCn^Va&@4#MA&^7Ad@S=slQ6E2Ch=0t5-O;{;*j}k9Ab4?i@CafZ_5zE2 zVP7aph+^x(JE;h62^IpmM(i^IY9q(1$3H46xmHv>Ofu2vdfZ^inr^~Mo~jV#dQg3S z_zy6Ze9W{;wu<1P-$*fs3r-PCyhs3^rV60=p(%K&7L-4xuj&Cz1%RRr>9{aQpl-ex zmJCNn8A~x_uh?-9dwgOfzo`M<*6&d+{bhcqmrAct{d zEZd#I(MR?GPzjsg@7MFZLXiwkG$kH{MwdP`7{rSjxC?=n=qCJ&k!=&N+b7)50SC8O zbOVYDFuUIEkIdMX zgN2U6WvQ6k6N-?{9I?Op4rMvTmVe_-=vRpCWBq-wthu%)TQJqC6A5o=J&}|wATCL z@NN+U5WyPe0n)^9;*fJA|JrgmXI%}q06@vG#BM}e6PSI&vV%dgW8MOmE06d#e2>+% zbJ^G{oH(R1mj+oFlmSB=N%q8Ri@1r!Q=D)2xox2< zh_f9{db_$XVoHEv6dUa)4g*k5M+B^|*T6?s=`5GMF2NuTvc~mdGETy0+)VM8R`|`O zm8tvd%K>~Wx#6e~pF3VwK2LBc(+LK5#^?3>kk5()EZTmr^7-2iLtTQw{`mY0VDU=u zk94Su&?Ibb4*M!04GgLoz85+0W9^-6MJr~t=)8nGF@R%G>~)#xE1cS^ zH=`-Y%M%=MU4lU|Zoi4kFa$4_o~=BtzydbGc{7_3SeIb1zgjNADDRz#f25Xim<=Rw zv_q0^U~qK~hJ3RXb5tgd@)PAscBy65Qe)10P|4sctCkD~`y=CUk}(ZPtcVV$fbDae z(+W^&sHa4B;y^0v`IVpm21Ax!AHA;`8ymv1u3Y{N9(R>kuL9}9gs<2t937OvV1HGp zl>E{Y6!ob->W?rG3F-k4EAdAKs2S`J^={o!Z@kk{eY->5Wu^Sc05yaCp@aBi z2HZ;YLYlw8pr`22RI;+kV1I>iKPtv6b!0-Htp1&%IV?cKV1H;%1sbmt9jQgUjx;U3 z{qT=|axnL3$LQx^gd!tl%*N2&3G~g0xA8By7OM3I48m5VL02;bpZ&AQ(FM0Rf~um5 z;VEb00e)hFLFv2~V{~#V>J^|Q-0%R7LBh?O2%;<;bo~clIk`E^LDnT0boz^agz?wwc9ZGlO1fmBZl=F^G~?y&U8KQ6+5Pb-<#7VS&Tr z>b25O>Vh4gRrYOuQm3DkUP=sjiH*>(bC`1Y6F}CEXmhsf*|BtkmcLZuYdK^HZ9RwW zahUM9V%eT%@^2imJh$VLIFOnX{Ukb`U6SNF*iUNrlhX1WA&6Bsb%rTItmHVz5u08* z1jr-HG880UTOe9>fdCzEwZ{t%X*Q-e8-C2CfTJk=H7K1ymVN=)X&F#mzxrx?nXmjo``=#zXa@VEwHfXVTf9o* z?{0TG<4hzqCmseVfIv^0gVBhcfXAYw@U)ze(w_7-_WUzZj?}QR?J*k;_Tip%Gtd*R z)kh+aQ})u6?tvl2>bE$^x&(vSJ&Dw1_oRQi;n4|*^noH)l_wr20^j`zLIP&xD{=_{^B zwW2WFqn2QZ5E1+B{K=8Tb=~pbW#MN9@C+Vx zK5hbtEW_j(9dmEn^=Ae!4ED#=CkF?0k;&m7Z*g7!TuB1zBt~X3bh<-r&uWUF{bQWF zW8$TLVuC?oXdP$iR^09YUcy}%z%eKcJwJd`{j&_*Cxd?Efa?+r3WG``iK)UMC_QwA z9FtnC;#3&`GuU6v*TSxFttd6W_gAjw7le{HJvE0~dT_m@N=;pYL80fW5IrzPbIgZ# zDLuGu+5t1zA3dd^LWQ1#eR}=^i^!2G^!x(MB!6&0v@3!^q34tkJ>sUm$kKCu0L);2 z^xPXNROq?kmySQtP?FFy(9&~WPy~ZQ&vzmTo?~+K3#wCnRA87(GBt>$h@9=PV1|vL z=;yBmD9jWKHzj~$P(*2VfDeY)e}IML(_{x(mtaun!m_h0ONKki~_ z?bUHV5JLf@N4V(pQU)<4$G_&nfvS><{L}>u#?lSMtGj=`_qc626e^|Z6*x-UAfLA3 z4h1qZESGX+3K242#YPR~Yg!_JXdzpkn}JCBcP)(=a1;(kCNWqr-GR|znQb0@LItJ3 zhfXlaJsCej+etxbiIS}gT*b|b!`6lS8TTj~I^Cdr)J;9~2%4d&lJ^PqtgA>U@q-7D z*dd8>;39j*nDALgp39G`mHE9D`$?>acCmvWYT+!fM@!cEFup$tiPi=_^nNFNouNz&BU1-| zSaSVfEqRlJQQ=ELQInwcE;_xG!E^)R%*FvKeC>Yf0tUf$;#J{$q1mwn&$u&DS7?;B zy89e$Z4L!8GpxdgQ#^RT6lK}EW*7mfN;=`QK{=9~SfYvbl9*V5uQZd1~N%yTNH!T>X$kn$h7TA9d3xoY(@fqX9mD58A0cQ&C$qj01s2Gamr(1$5!C1{X}QghgDxbji~txjJcH z*#0r@Dy~7@+<7yu_jCs5&3K9h$04y92GWBPvEu`Gnz!AcOI>>P*p0iuY$r44VN+P4%`BP zZ$Rl{`pV$0w0a;!#=q(iOQaN}E74!qhTdIFY2+wGF5zthPcAnVaSsR}-L4pOjc z)*%m`Peqt?@kAG1?HR@GOxX3u+Pr+7aGn!}HuGwJ=wus~hk9h<@itmKQe9w|HMtJm zVPsXg2$v--Sf9gt>~`sLTVy`Di@ic4~xF~p#UzBi9j-!=CQuKJn_-v3zoMYqn(%yp6(`|D((L^Cgw z%s2`^Dq^o^b%(rf%|g3}MH{G^g(%G)pd=yYC}4NHmT|4=yh8#CzY|84!bKR3Ta-v{ zxO=%S`ZDzrjOQHh>-c9bE);y_{aqs0`b$#v6mDi&Y=1`lL zBNj{K+1nQN)yH6ezMQSceVHW%;lr_hI{H&;7A_>+wi}<&>e+rsM`FBlhdZwZeD>`b zdA~B8NABbG*YbHfl?NE*ZA)yR!_yUEV0VALrEl(R7z=ym!0BMSU$^uYFa+E$f#6f< zeERME#CHDx%9KTaZsmZM5^c$OJetdxqmRaQO$_|-53qvhd?S6lLo^<`kJ<4Hh4}SB z7f+WQl}&w_Kc1<4yZ0PCKlN-*kpU5Y1OF-hMsbA+Rww(EpOP*52{`0%Sbrt56gqJhsbDk z*J@07@xCSVc6*)7$yZ1}t%i}8V}9ZThwhhdi=`-9?V`%GsUbS(*XCWCC@9Ac;br6UafbnZ zcHu40yI9z=oN&%F@XLZq0hC@xK9?hPgu^~6#&g8knRKqdruFs_uc^LYyv@G$=IZ|A zlaYdEYKKrv>d`+(Nh8}X)jTMtd0a03^6)nxr)8Wdpq6paR!~RdXsF=_PE7tla`;1o z2S40Rf}JGeisU!mG7@;(&7f;&Ct+_+%ebkM&@%2q`#atK($55WeY?i&@B8Dau3Bmq zq5UPXrH0Q!+u#xx6x|Qx5L2DmbmAIOlSoL3oo2#&;St)`CnZ{6t2^VfXJa}mcCV<& zlBudjIZnZ{hCH7(8+Xi4-LY0pReMQ6N4UrsDr@#YvEF}5E~?s+3l)!AgFc=M9Uj)j znkodB`bm!yCC-776*KL3I^8YTbYl-Zz3Vo)&8+m3g;zk(ng!8nZWajepEO=v3)Z-| z89L2N_zZ?XcOO(e%T6`S#*nM`rq>9=L__J>do;GECuJ}>e54b-ypD@@*Fw^%RG}Y zydY)nqofkXm~D7oPM}vQha;pfgd#|Q+1Fux3j_<+e8GyH^WfZ=ugWj9tyqH*(DRSBr=m^S1`jAo_HXWm9yK zNP*t;RfCd@S?2>K9S{=G4A>l4i_S`xv}0qk9M#9Z$5!*Dx6t2-Hp5o5nIw$nqmsjh zH8wBrn9kt5Q6A3iJH9VAGcnIV!S(3{0+ec6-3V0@J+=`KVVMu8WWWQq%wqHS2x$;* zxt3jdxHrWtW#QQNiULy2W;twSO90Y-zsa5?uvSW=xmjXh9a1aEP~whJ0=y2W(0+2p zMv&kRZ=t&ZoZn&m{a@aZ%xqh_4NBenUbhIL_6wj^w5TPB3b8St{Pxly6HSx56@NN| zCI^g%^U5G=C{G5vBMkDgYfyI8yi|K`DJf*WxHddJGXQ=AS zmjLC8^yLL6dR)XJx#0{9s?AXJrBM7B{M;NN_#vx1YWQ^3(D6mDOXWeZ+_8jK1E+bMI2EP`WZAhl{ zjdqFY1cULefiT+@Wt|}QCpSFj!Im@kf@Wr=GfL{4mTe2vQWpz)9j_>=!rk-G0^SLj zAh9|mt*yv!2Gs9-i;kNO6`k96*ly0iaWczNK*lW1BYnsOgB&#yo0YmH<~WOPL;%EK zh+SXCXAgEgWgNSPyNqBL!@{nok<2;|b&2T&gN|K9S(o6yKD$OZc3oqsE)23V=-8!q zTP&dk&eoo3p}Eh*a)Uu(WXx$YNw9o@G-^L@^thBJfD@nc8Js2OgB${ZDqi8_oDMCE zPH$7@{pfO+nC?qquQ<|&?h3S?Ca2}(pvXBd4+h_;ABlj9`=<1)o6KczIQG){;L1`r zh}_hkG-p~CZ*TzVr3?zGr{P$=%>*}O36QZd=&F!dc*hYGIXFhyo-{{Vbo6;B&{B1O zpe{SQY+QhI(?1nwyAPgVP;gF`&WnPV+k&}u!QzxXI9g$o1P&dUS{(p7GsEc2HE7HyM98MG`jr}`McZC7KxmQlBG14)f3v9vzmVA2T&xiFV_Nb6r?cC#fd34j

ojD7Bv9fZnk{ivu7APvTtEu8q1DUpgBNZ>B;i(`SB{%TSkK z(C->*HoCLa&tY08%=ETMiB@=K)tKQH&+h^}4ElIhDZG?<)a%-QiyUk^!JzQu#t_^V z3wLV($Dpv~;t<^WiOQLU0UU$EnUh0s>nz+&0UU#tIoUNe(1BW0AP9w|t7#`*=)r7N znLh%8Lx((=K*tD0O^}?;2ikqOvNIC{Og! zcb*lOAE|xIk)#qEH@o22ZFjhV5xKl8EAOC4?Y%DV>Q)$2G2P;a0hmI(>Rlw7b7s&e zln8Th6~bb`H9DptiQ(1jklnm-p3t1lln0Gor1h$y4dQOxwE#<7$a`=sM?thh?I%?$pV4i*P(26rLJ_1MoHh|9G}5yp7;-?yDtra*8=zT3)x( zuxfzPZuPUbN@<4%_!|Y_79Rkono&97;@<F%0W zawE$g=PV_g6ciNd+9a`~P_%{*Rs@O>uV!vmf7bWee1D?M;td{q!Hw1#u6fL@-XcnO z{=QNj9HO1uQiCAoYw^vwW+cWbLgNzQBE-(cr4;yy%;#<+a5sSNG@np!h|93&dR`Y> z0&)uf1_wUemfakE8_seAG|p#EFE>y`GT%oWFA?lGNGfTkKA5O&XxhGu`6pn+rx|Up zt9TnLO&gLo6)a*F_}Iumye!^|m&V~`YcddH6WmAmD>Wh7Bg>Mv1B*N~J2W zF)Hj5R)30lqf#$&THqYnfkVOhlb!DuUgh#FO|J~t4gOwu=iU6ei2dFAFA+3mCfShJH^ zQ!VDgo6x1jgVby;l`t}CO_e@Jn-Cv=<)BsIQ_l0RvL+wy5}Wq;ZbOr)p-DQ`bi9#? z7Nl~Q8o>4BmtR+aOe^1l$B26Pg?k2rW@s16Xw1QV_}T9yGFySX=Uw zOu${%(tcaKzoGrCe_#0%Vv6)2=r_4xfNIg0FSA@dO^EwY`9X&w@15nYtW=Zv?tYjS z_bLyuxtr=KNul$E_R0u7JJ@cnZGkND<_NuBnO$CnnIo8uLwHp3i!-CmByrRWkgc$y z+5owF#Yh=EIcj3?tijJJ`W;QtC2U8DFdG<_!83_;56M8>!0_r;WH%37?9yk4(iuh_ zJI!PF`5q1(j2|Grcy&9xKc@&Tcdx-quQLnWkIc3iA6e^(G6>6E;IWJ%x&(;2kE?k6 z$sV5nHD;&4))BMk+t0ZS#oDy<_NE^K6Z_fNhQSdwG_I20vMk90&E$V{-+wTPjbYoj zv1WEIs$o@7quK8+vI2|KXR>0L!vJ=Pc@OC*Z3*hds}$FmFF`#DN6S}OcH$mf-p9&W zPZWt+H--AM+9R35(?l5b_F_*lp_Ozy|O_cW&gGyvv)b*+Ldo%={t#sAGbE;CKG=~!I6ZTw*klp zugS9ol8Ws;fYG}&MgLmlc;wU^G?as=MfIm%Pz^WR3UhMs;zNR|b@H#GvRi(HA6@Or z4^a*29H}i;HLvf)`XCsjm-x5!0vB*)fIxDYCkIWFO3>~@1IY`2?0zB?X&e0^qh)1C zqNQ`MaX`Yz2k<4)e?-7_={Dd*mtKgURp%n!l>Z2%+o$sOypYwPJaES1x-`S9*RxB% zQt8s`L+K1-c1cD=mW?u-;Mdfw8QC3RUP1{%2Mq_Hm-h);0i8<7jMIWW05BdU3*XA; zrX0E*;nf#m%)0SR^|xI#Gs|&)Np-lU&)qah^jk14IR>5Ea zP8}41K2Znn!Z=3T@|)^l(P6sy2nTyft`c*SBj!5Ho|~gj0vyQR_zM{sZET6s4S;U` z5Ue1)Wv<%cTcn#e_)IHDe10n+p#?Em1>cMDy%^7(EK#c#h;uz!kHUSRlOgvZ?+$2< ztw@U`&O%~~z3G#;rv{~2%bnN}FQqL6kqga@ARSkG3aUHh`fc*uuh}#?odq`E119KB z$3-bM_;5=XIg&~g3S&^=ucN~BUmSo4D>sNOv9b9sHobts^iqOB=$PGHjk6Lqi{jHO z7wbt(Wcl=gW`8o1e)1dEk*jiozC~^)MV)bCX(sK)P=&vXSY@YOe;C?|Hl%X`@3IN7 zylBS|>n{1_)@@Lv^$P7^%%IBNihRLXue`xU`5erCp^uWDMh74T;UCYF zWSE&6gDV1k^^(uqd zaAYEwvc);(ySzCA$gTz@H^j?Q)Wo|~5_zW=l%c)&Ocz?-eU6)w;5x&IgZ!FCP9G&% z?02F~=mT%B0le~7qC&i#LfY>qE5p3KQI1vt-+Jl-woVN&z$u{>mQ4S_7~Fl!I8KgF z5K;g-OF&ygpwlcU;|SWF>Ytz#ZNZDKbuGAr`SAdYpaIq$YqbR*MMThT1`B3516^!- z0fX>RO1=hWH)Zay2{{5tc+o=uP0rWm2-8*}5BJMD!N{Sp{lZKUL6x)sj5D9-k z24p?UrsI}w`MnbL@$QsF*N!pf!F5N(eFSia+fmZkjz5$vc2Ol!FO`8rl^lSr{Qk%A zRN_|o0DE$T$_7H}X}0tNreSU%8&q}wtt<8s=n+)51SHssFenv~DI6R87$|A*f2>d| zKNeJCNMj=!+>MnZsik25qsUdfQrHxo%OdniybTP?SeZn+Z9IK!?@JsjANYYwpBGILH}*bl1#s2Qh~{ zv4xZ7uIIAtb=)t@KA`g_%v$CBT?0dsr*`nL0VYB^)x*$!mXwRPT{oC|H`uL(cGC9` ze6Z00SjvqYypvSBKxLd=z~0b0Mfl1aTBjnEuGpZPk!IW+s46C)vY7Pno!U)i-)G5r z%mXsd2p2*lE4E$fv)P$b$TsdFT#UY<&td5pE6-@TG4pY0e7XJ&?I#=AIhQbZfJAQ> zQR+Z(fuN9DuflG0i%rYIgq#oQLb+fj1DSaQ`bn8a$2G3~0sE#Rq*cGAx{SSt+BsQ z!^h1Qiwz>J;mnR_v^BK+P;2bNN?rlxNN0c=C(e042T{_(%?nwkG|x-YJXqqgmm}Sj zj^4yOl`>y*z`s;rOf(ll*vy$=oy~i@pZ6v)gKqL3COz@$C1}FkB|jG6P-$gszi%k6RcrT?kPRfKhm# z>gR#bF+n7mleKVn^<>H$>c5UTx8?=qPDQz%&cz$Fu#kk^4^r$#HV8HPF$9!qlbX@G z5T-x<@s7}b#ZD2um;OdRaGDCG{14c({xaAFpi!%N#ZOsHG%)V;boZAYhewM*Z+W{) zbOm*rJxwtCM!&`wP^nUW%j&`vz^-}btqEi%)~LY*OVvD?~>laCd-2d+q)Hpq^jmhE^#SiWhrK zc-bpWQtpOkFov*rRn`B40<^8$@w}L6Vc8r$ZhJC&L8v6lpBl%0>0q;TWiWrV{?NIz zF+B9PpBnpJOOl3WCpS)(7ImHD~_}MC&%$0AFZ-EC*q;TpAV5(Umbc8u%Zs zf-PkIx^1xa=l?~Hzt-v8g^iLWCr40Ad4s{Ml&&-pb4H*jf{VD@`Ua4LO8U2D$7v7$ zwx2Ha!JEn^=rli_14dflS|QZ-52c4a2+I_)l{HXfp=vxl3LoaYt0|h00Cb!~5Wz_s z8V!8Ib%G^@j?%vO9}B&``{Ql-lsQcDTL#sOzXF4p)vhQ7yY)ew(XESitTbj5O+t3% zJ4l`I3N)HS&c1FL9<0ApxZZ_-6Sk}vt8(|>yWjCb|cS6_3=Jpm|vY{GJ1U1{I*n+F4#H1|xs`FE+Km-0F8XlmE%<&66P2B)+bb9`oxg79^%>V5 z)aOWYPv4=?`mB1{)kpaHXh~Q^9DbF5@=JLIn!u;GUm#w{d<)ybig%dZR{yDd>G;;0 zd_g|5{p)A1tguhcayw7=?s*a@YDky`6F=rHBf zoDdg|O|nKcyATvZJIpRL=dlEc4W*d+P~^$OEn*xnMrr@}_2l0Bht@Al@0Wd^_N15k z1#*ElRC%%b#{ahK-68%%7G{}P(?18SqL#^%-VJ z=|MnhMl*UMyN-I^yBNknz=Hv6UOLUOBBKZRJ`%{F0ND-2Mfhtk>Q;24e3y&_fsH~S zfNFKGw`{vH2hF0L5}^7sGI)zrgg620<@n$nlT?(pl;)s6Qg6dV2`hKsJ_z*}^My}Q-e&9M;j&|w}H9Ply6>9^X7O)vKH zQBE&p&c%LPtDDgfg*}Bb^$v8hIab2Ncsc$shdJ3(y*C|CIW2QdwFk&r+y? zK#sWn+ns+P8;_MVFU*da=X6pU4qQQk=NrJRgn0PPAwN^Lvk4={9DIG#y01*T2(4`m@!H zlcu3N0>xg%V#PN>n+9fmF+3(nX~PHandrb2qs?qVB=#Pcx5&6u7j5x<6%(a0po7jt zfSbYMOQW~MZT!H&l?_D7?IAFZj5~dxV;u9mk7W7s>a-TE=01yUJD~F);+W)e0#*G|JnC{+S0+{PTtik_Sh?h~#*hwIa5TBu8K z%*zc~oOnI&;$#vS?Fi8z_BCw!R|e=)Kv2=*nr|~dg{=C5=hth6H&W{bKuYcsz=!dr z5#!eh6_z@!kUEu%@I#E!u1-7a-{JA=6yzKoKEd9zz5V_d=-=M$0jIB0^nR6MsBIh- zOW_wSB-5Lf^tZ%*8T;TvcsnZG{vcA#VHv$2paQLKvrZJ8P`6 z(}X$FQ@@^2S`hNF1@@0WHqj2^5l|4w!625!f^2weGYNb)UVp&&m*#i$A*C??p}q)+ z2>R#TO}t7m34Le*v1x^t#>)^|SepW3)ym{henQ1V> z%sWMA8h3K0aXAuHuVi!{QqNSGNy0^ZIgAbHFqsx`Hj(|-&;F-VuwGbYXupJ)B4+M|2isL{UlUn6V2*YS#Kx-C> zLFbt7;9}FpLk|rFh@_-r1+ufe!27OJ84}t;AtFqsWKI*mMJulzjRKr`NZBKKGD{`u zB8ueE7_}`wE#*B0$s&slw|FN=wIsF-1WIk3@Bm~w%5$PIPq(^T4B$p8Q9!cUWNwPj z2y^KLSV=(@T_>@<6P;{LCwU!w&)_%nyR9Yc5*V$zyq|><+x0GuEPkrI~{)vU+orv8VW~11i(9UxorS=maLnEs+{yz8^vc?Z*zsmS0YXXLv z(d-a7-!`$+uri#C~<-ZwmW?%&H=nTMt3TfR@BL!v;}l6Z(ySE>5(XWerirLIo?lZUv}y|N zy|}?JH?GKhQ*0y~4~>GFP6$P1uuyv|kaz_`q?YpWyX1>4MYhkF6>qYlR7bLf2D_W$ z^h8-G6=Y$foxt9XKSzNa>0%hW zEU6DkTmcF|z2zI4CBtM`?jj@?{oKiP#4fmBRYZ1#_SF@ zPPE3nkJ?Zq($Sh2cRs!=!=B#0!5IPKu2q%?aly(56oaTaYt^Q$%HTf%*62ZfCRW)|RM1@M+0{%)-4Re-If;qK|WnzHp2 zQjAx&q!tL-Wf;C`ign6po9&nE^KE7sZU;t-I$+^3y$y*AnZ3y%mpmw9-jdTX_KDsF z)0t}f<@2(zYs`uu*0DK!)*rZIu&fvV zHTNrw`6oq@lTTD_d|}ptT3DQ2{{H3p5LW$vN1m^8MSnJVt`Y_PDdqW}2Y*U={vuB9 z#N3n9S@JBeoVxyFSPl_^4#H%7Pf0q5uYW)kji&ho=?e&59ImC zAm03#;gCH4Ow*h^=kSyAd=~<}%X5Y)mvxutVXtq}R(ij~ zwpZzuSXIR*1hFB}Jp?SWu%Lo+dj~Bok`xx&c|l|#u~*ti(7u%$m)2 z_{sP#1bP?Oe=z03KwQDZOJ26J%0|gpL502F(q(GMi;%G9h*&l#j4!NzK!s%-=M*#E z1X03omNGVXQW@8hRq9WRZz}QSmG+4Ebt%7?-sr}gcEUp4cYs&z<^vWSukM7&Zm*WZ ze2B$zi2$-bMy!cws|N+4%O|al*=-;V6PrPp{E92gIaz6kjDv;1*v`Q9+GwtpaksqD zpY((W1na+cea+cY{rUUC^GTP-*^_x}rbZcr<|7+%SO9PW$s2U-*>c(K(_bdb6*pWI4$VJ8ED33~g@($0cZ| zt_%`Foq7_dgDR+jef6ZyO?%i^_h-ciz5A9R-t1sFG#L4{M`+o>hvlQ-{nYjU;)@GC$D_&A41x0YyLqAc_4@2C{>8y;h3;LvMfyZPCRg5XdW=Uf{LPazPoQ?Q z_eT^-|JU_FV_py#E(n24cnVth-9pYHD}31MW(n-M?(+XB#;-duPYAIfYy3(w?cXsa`>kmzb=(-)SJLx!}Uce&5mC;P*#-3q4DeLAT}iGJU(t= z?fCVYG)}ki>zN=jknoi@(iCw74T*Q5jHv$jbpzoj-tyu?ui||ma(Hyl__Ua-(HDGf zyNQF2UyZoZ0m7_Sl};WSq^U8~^*LCba9eo#?Ch%|f4rhhPnIDM#d01BD{h>8V>IEs znySQ@(SB5?jwF~V`}5=Q`V;s64I{905LcesbL<~XKdkR`xu~OO`lwL<>NGD1G3-cV zF@zqk?a^sU(A1<~rm%K@=u-rRs(^iFd5rPd?GKH-0EYUzgqn^C_J?YDzRwdp8Xz4G zb7L}StF$}~FR%tjEm*AYX}FT#f;F&DYe*w5A&2u4{s(@)+0?V5l%dxqON?uFvK7Sg$_(IX&$YOpT#b z?M73YD)P?xwfiXl3>eZS))|~7=EIx0!IxbDOY_#g5{>Q4yY(0O{^IccD$-||IiQ{L zW_V(;FM1t+T-{|VkJbGGkO0cDiVUF*{5TS;SIxWr)j$7u>M1OxJENz2f0p}ZL;cy- zAH!R=yR6LG!+tsq=mOi^A$u>B&Mi$U4x#jL`(ft-?8vTu_Wx$0Qt9&IDYuUevU*8y@BJ>Z&SoUSp3=L+x>K&-Un9UZ{Wd!QYTB31;k8{{JO>c%!6Hc2m-Zw><48FSG^eazHZVBxui` z<@L{hjDx*DA@=W?(LYsD{FKhgz^8l;ErxQ-BGN|WZJT@mtJU88e3)~IFm$lKU zk)?48 zJf9=-7aAYJ>Gc0|YN@6Ie(c2Sf95>R(_HNpzYG{!4iy_ZPqQbUyOS1xlKRV2cDqNn z^EBln!n+RxeeBDZ%onaTt654nc@68IUdLP&ydlsrwmZ-F$mU!cmy9qt+I{~UvX(OT57+!3=14u_nTi>}ShF=zQ{gv{WJ z+j4Ig@Ve;j{_eh~0bU9m#m>CTYZ*Bp!^ItO%i?f~6dR6cER^ zqg%}>h|wMPGX7yJugQ6gViR2i_DvU)eTjMNQAXhw{``9SIDP$4;wp{v!)WLZWJ5QL zw&IjOjzYIYt$!1;_#mEcvKKd%x5=$d2fHZ?u54<=InW&)7T)7tsCf1IJo}cbY;2u9 zJhpl%s?7h)_Lq5$Qaeoj9PdT^1KTrgn|B@yJ;$CI}}T(6f^;5vpB@sfkUk8wIvcUEWS%)pbvu5uciG~ z$V@_#G{lW)c`U>58~e!~yYL9TK1=c{qZ(ZG6aN7H=K~&BAm&FhVngHpeaT6VwmHDF z30SO%HCguajTJ}`aw2YsW-u2TlBOC?4-Ji8DrE(T%*EYZwG072D46pVDBA1y>fO)FoAYd7)gxr-egB4qY_ zHl=JsOUo9uEJA(-8q(2qav{Y!Zx)6R@B|{;gD02mVWl?qcaVMvvh@de5COMAyZNMJ zuUjfpBt+sqz=z?21Yz=x)neXd`_#ekov+S`cg=|;jt^H_at?Pn6Pi=LHD|144M^W% zKK={JT#THn|AID*W#ptAH^Lz6s{0Uc9v>#`V1&sGN0{!DOd&o!B!gDDC~WoX$ZpOd ztfc3J(i!%vG#%$badnaA)#A(BOi)J=j{RGH}ttI`o!)< z|H7dtaYeUW7Zkl)|3w#kilR5Xh@zXsIU4GgKJ||wS!z8YRCGO6^UiCXLB9TKeG!X3 zRf{5wZ z96Hju5Q1SQuSSWNa2T;WnzF=2Kt>a!Bj48gP!^cjBugSFe+)mNEf@i9(F>{V4s;Xl z0|u$v9H})F<&<2WW;!nvQWbV7?^83M;Gl?;Y=WA*8$ic{>?XaDDj+F>d`(CVbBh<3 zNt0bf5)yj37>K_LpXmks#G^d9M_CqLsC2cFh$%{!B3LR>7lh~{s2R#azuXsH0`ks7 z0QohBPutB=Hs7~$edfE+nEgo4M3@2nNzajhu^S#kf_v$%R(B3zvd7WRX><1G!KgO> zGjF|sditk>tEx1sJ=CVyS z5ByXWzilPGJ4}rTzcoq(yI?cxp!QI}6e&P|+{Jqe@Vo$U8`}zY1nz%4z8g1j2O+Yj zM*&6xlk&~c%27cp4iZW6ekqeYtxhVj#PzH{<5nAvR=6J4l`$k#r$!uw%4*zcZbbhH z2Tj=_9hORe9GJ{xnK8O#F@hGma)+_pbc1|P!z+D3HIF`_QR#{;YOPgW3r+V2ByEkphr#N+vO@8*voP`*{c64}CeS{NSX}oL=eIi6S`G+0>D@%iF8(`Nsgx)zSSn&>e=| zM*||)9w#FMo;k=F0PcvF46gv^4OMpjwbJb z!L7$hM%j5kyqTRJRn!Rc3aBiGG7Om?kc zEK9-QSN0>b%^)T_=7*6N3i86fkmn2X1NuS^(tun@>kavEL0%9b7v&3-zCY8-H&3Tq z=MjATRx07QGz0L&$vW&ihbsx(>Yy~@b6qb&x?Vw)p@0X|EvuO!jahzlJ%wsLX6z!Q z>ulpPBYZ51I9<*#;qVm7dJ)p~R!E5xc?U!#1D{G+M>ybZ7a?u8LMp{Y*AF1k?cK|T zkfK}>(w&wIAw{_&q&qDaLW*)lNVCdC<@*)V)+`}~KP&$+lP#peYA2*VPtgXJ_T!{6 zNCJhl-AaOE%evz%tJaB-uCqewT4DWhmP6}BNY`5-b@*$RVUaE<)NH za*zh(BBZ?`hmZof2&p1hA(czuObXhElGMSK=s=tL_CiavF}Dx{PD`{^1|A%bu)mnC zNPLI=HS(K@HXi$U>WNrW3-;o+?2f;a@OND7x|h%eR-m92sVJYE$3}{D^nq}Z{`$eO zJK$tH>~f;ZS(TGhm}B0pf-^{NdBk3Yhh3W4m=gE3j09ylI$q%X+M);?XWN+DcD@x1 z#}bYD5Qy4G*dHQ$G$#}F!v#z2tYFF&L`g@%uE=99!sz9VVD3yq=eeCbj@`N{2k1@H zYF+OwZ_E@TH zMB#+g#__4YPe{Ep;czb&|8SScwQ?tT{KEqy^R9xGIzIL6__c4B=e`}A`=P=2oGW8Z zUf#DdqYs~u`{9Jt+Y?eBm8Uu;q=$?!oAPsVO6w}{chJ}uBiGLo-8^SRp<9n1U;N3; zOCrl6SXbCF_HWglrOEP~i@mZM$Ekv~E~w zT{+MnFkNgTEmoRsb@`yBZv`@Z&Sl+|s%s0FGQg4`~yMJ8(`9 zL?R&%_IqU6lpSMVobzLhFS+B3n`gc44M$=igU2?qh$DcoG`FhZ!g3ml!0dPUcxO6#ga zrB~KRmKBn;lCdvT45wnmkCV`oe@r*^bh>F|qh#5bHNx{>ZX3(HLt`;CsNIxi~jqh4{lG z%O;}y7L@-^HOl|!Cx42i{(_d8xi=UCzKmU4Js3@j3Zs-ng5Tkt&DsPk+qGpDx$SJCZv%il7M3hl$i;K!`J>!43b&g zT795milv8+FgQa3QXT^iNbg(TN&L)I=K`N3=iz&NYO}YO{sM2Lb|Avu7+U+8U1oeV z2#;?KNyc)UcDzzrcPf}so--D{Y|aKslTrMgw!_<%A9eVsD~BANv14pgB$GrdvSl~n zS6lql9o{RDJe5oeTtyx+agsK6O(e6y0(u(}7@wI1Ij_hYpD7Q;$<6~a zcKBJPXP2H+`h(JQ&+&fK17r0RVte0Vqk177l>|&yZf@d6D~BbmEwIq0If-mm0Cah2AcCVbeeamc{>%Llnuo(tSV zw4Cz1RO`mPRGZ5}&m17~m_=ENvcRc3G&fKo&9=k*5JovKsg2Sbdhm0=gyMH+p1TrK zlvB6=*hi|ry>TDvzsRyYbQj3TyOCv#9vw?P6Nq$WeQC1nYnaJw&z-qXX=GX1*S6!- z<&LqB%z0x%?&giVRMt;OZB8B-%go4~P`q{4ec3I975bdAx;@J3hLzRrABE)a6&?Fz z^{HjagUXV7iGtWT`PfFpMKY{QS@OWL zDbczD$+dRQ7dQSen);h9tzqK;bXGsHdOYw&lZ9n#<Enjb8|emzTje?&@&O zd7v!Sc~hrsQoE+~;Mm_@Ha1Ysau9ho;5{NbM9rZ>Nd zL%^~4tJ^1JPOJdya@0)vbp$5M_4LcdGB|0LXpBY1V=C~YUVf^6{C^Q9N^5eysTE$TfUQM9ifH z2zYnkA6MVf^sv%2)OLFGh+^1F#ecQ-Qfd~4U~4aJtPPqJW>J1A#-ie|y>y7$OK8!Y z^z?1T@6MSHnJs^Ld#9qOZOte+DobZQ^n+TG3})f(LRvd zZ6SLpeH9vGO@8qQz@ND|zdrqaE$_W*l=s9>8hz_19RU}LVI8HU?!eiHb@UOcr`Az^ zU>&`V$ZYHAESftzv5xj;di*iq5bNj|erBrkoprPYn=)w~#vjgNFWq~?rm(1l_hu^q)alJ-4yoA(+-Qst21 zRZ&1pw2q3Q3B@`BptFwhF`5^^IvN7&Xj`Aw5rsS(WAzkb6YGfBXdRJ`3kjI2$S1*$ zR?<01;@KF{eD4%|6w^8qz-R&b%Ec<2<@p<@60cZCeyX*OqHp^u*E z!OtPIj?P;-1aRrE7B^RyZ`?=c8)=$H5R!K#`s=aOvq9gW{ZyJNI|(XpM?UPMblFMp z!?kQHZk}T%nD$X>SQ!%1);>z_87)@(C>1G70o2+@z`jRW3jYW8k$}QJO6^sa z8Vo>SCK00*tV{@F#HD3|iuO^upp3bE`$$W(_K{13eUus;O%;}4^}~Nf6NL+3Xy&k*I4+ws~)(3#g5ROFSpz)X_wA zz{YLncql{fIV6Vgo=?2Ak${&r5)e^5#CtB3_?Lf%M)OvVIn$~Ef_Y^ zJ`Sc0W5g3LzN<#H9QW3F^fG2DnX%mdc*elkN;0jqs{_;xwPVA%4{YB7s zpZkmc|LQOLEshC&?k^Jm&gcH3&;3RJ+y0^>Uk}?tpZkkwrF`x$`k(X{{SVkf*YvY~ zR`p+7Kda*US^U$kpIy`U`q_+~ub;*HUO$WXw|*A?cdegQbzeW5@!!0D2K+l+Kdb6} z{jBQ$$okoumwUH|;{C0k#qIi8Ts%awV%q!qS)3js_{!trAp)TD5dEv`XH{H3i;IVd z*zEdQypQ#>crWW`RiX8>s_gZ%xOj+U8BW&E;{C0k#dorPR@M9ZS-g++v-ln06qorz z>t}JUIk_dXZtG{=(f3?GtLlCItm;#)pUwDJ*3YWAepc1n`kBu2$-^|LsAL$cTf7fsLgvv@D-XYn5EXYs7{ zvv~LQvuk>+pT$4j`dPfM^|N>{>u1-{3ER*5S=DD>Kb!Gc*Ux5z*3YWCub)+g*3YUw z+xppz&$NEF9qVUU8tG;IY%M%rTt3?ks~A{5J1H{nL4?MqTE;iM{mt>YE#u>FY}aM8 zX9scFj220F*{tb9EZL5hGbUJ;AD)Wclb3 zm2j?~Q^^%B?%xI~EI#?mXx^1@uW?%uK!*@Ca{aA(aYxR-k(?Q3(bLL=~ zDvv8@n?1gw>-!InZ4~rh0V-e~gFh^xMV3eKXBW{bxr)Yz#gJCc;)iWK1pihrNHDvU z#_}_7z;{as{9&yRzTq5i9ivjQ?TE7LY21zztfxhmhZod9FBjDEKos{M&E6haei2rA z$;-{$fAnnC9+jzMDzT>4to}@FE%OGT2whJjXJ;JX{U;*qdRk>_|H`ZtHMAIfo!Ezl zEl6eH`SPpKGHX!a2eSVtFT5Nf>EE~IzsLPYPx$+fhLcNV68KZSTcu@9-^*-qa9x+# zaCx%Zg!CVX%wA?2-On=HCSGn5e+)QenXN#V+49^n+tYTL?eF?4%WP}8%oayuVAsPv ze+_Hx$nsOSqZ(*cy7hV91g#Y1Kc{W?zJpIBVhsrpl(93=2ymOpkugDj)l*vkZ*9SXzZ*PRKEeTtaDzNxgJ`f9U+xuL2dlA4r@m60dI1lx4 zj$(*p{nAF|Ni|4})H|d6P)5$fsim7aVTsLB4KKIzFnd7^FCp5=1X2Og1jY- zXtH}OCe6x3ZOR2%C3x3nefC-)nqnZ=?0&FvAb=ywzgme^yV%CPBFjZ_aX*vB!5|AQ z+0}z8U9iiWITYoWorLA+7Sy_V&g)#V8-Ql5lm)vyF4*1MZ9`LKeOYAr9{3xEzx^w@ zI<^n~eX{zDO03%9&o0|t0yTx`NJcn}^*JQ%iY)u$PuK2{{9^SuL=VH?frz&2cai0L zBI$`aU-vkhL|O!Y%%KU)osB{ZEdX#kvD31R+HYuH-UbWO*+Bc16C{>aPM}9tqI$2Uc>q z@3=}KHxH$QbJRbFRH9g2_1gz3NOnbqkk7fp-xyU9-VYU9>u-tr3Y5d*=dzVU3AArS z}cVBM=;QB@63hsTCE$)04u^ae3Z6fkpwm`Z243Jtaa4 zKpio>aejH)~` z$8gDTpzOceUg<9wPQij9`f>BjD0kTrv=7Ca!?_F=sqDiU|C)VRCH7%eANFB*eOM*-p^AAQ_MvizYU96R zA6AKd81HT$#=F~x;*;O0eHib{K8*KfAI7`ehwk`4?o|3j{)oR{r8{mzo%nx%bKum z|9t=b=lkzJ-+ym6=l}2RzrW()tWNp){(HFBKHq=;Kehk<{~7z}n!e5_R{a;xCsy%% zqV7k-%BsJx+Q<3CU_V;-^NBP1IiDEs`+Q=&zw?Rlf6w{Es_y3#XZ$yxPXzv~^NCfx zpHHm%KXN`Xe^r($_RlBA`#YZ~yU#eUmEC9mAA8>dA60SoorMJg0%t)2Q4mv!LIgEY zR3e~RNXS{)1r#sTE3Hbs;4QmJPy~g9%d)ObZEJ7V)?T%(R;#7nO$ZRc8)!>`h+MpI zmMsvVB>|Cq|Nk@R?4GmP1#I8<`}+NUqDjsGmhqYy*x`_9xCij{S+jFSS3h;!EyNtg!7*45sc+4BGZ5 z2EW|?L|gRPaqUlRL;M*I7D*F-*3gFAI2eGI%>cA{2U~$g?UASWl6r&#J@Mud4#hZh zRC}1{wa22lR^t?hwzQ`>co2r>!!CaxP6=QT+AJ&=t79CJ?U#5oT@G|;(;1KELpYiq zzAPI{uGt6`z##qG}1EG8eL zypS_Xj>%W~qh;B?2+kIQG(Ak6Ea7NZBF+h(CY&#UJMGbqeGlA=D6ec4k2VU4wsJWW)!7-xGcB|+!z>w&(9xD0_$8D)2u--GH&$ig2&pu%E*_EII zoJ@P3v*~MJWI`KROJ^X{NM!IKBFYz@)D|1c7o75dRPfSOz&*mwqLd2~_W&Lg)hD#Y z4uks?f0FI4^awDroeqs0-DPHtF&qQ|XE^2IN)H0gauIOWmNDS$<&H4tTrcoCF@?4i zgLb7cTrb3zY_{8KvNV_Cq)ul%#9X z=grmwOm^&7@t`ugql}*^HNSkyVeJt0RtVO8jIiUPG4yAizNT z%(RsCLZ2BT7-U=DJ7^l1S@JIUl&GR1uJpaKT9>4_i{0D!ePe7gj;16s5FtVz+ zF+%U{595CoG!_W2Q(5Qe_~Z|FM@B$qwvj5EY8XFY%pxd+hy^0qQi|t4+z|+GG;34w z{fWdmQvfdz_V^<%Kn);}<}8005udmw5_K@zXAU$Hn$k&+^wuK-s1Z)n!R6ZG;J4JCWBN9b`xFm*5zHmvK9Jr-|!EhP`AVnubQ0v=_VNj>B6FXLO zuT;Zr1FVMpFCSb25+_Q8aY;Hg2A9QrDhR!$ZV=e@e}eL zm@LnZJt~=@Rr1Zu3HXfkH{tst0KibN6Ywo|qa<{birJ8&M9ImNO0zMQH^nZH1gXb@ z5Is%40cS)FkCfmo@azI19h5Gyj{?am^zirCEiQjT-mSjY^1v;Gf+>MKNk=GHd1Aax zjR(_JJXm(9zm5|mAbu;+A7?z6o`?s#8u4I|L&SsWa)Jb!vsaI>2F8Pl$`N$T`8wOl zj*tn!DZ(YCM5}Z_xQa*RNeAP@X`5K#V1sQvS#W{GgCzlfsd%veHhXRUaoB6Y|IA(s zPNy{`9UoCP2$0hVy`*l z!EE+g@c$Qk?e5UGqO?uLZ?ktLb2`Nqkp2d#xs& zy%x0FYrzzIttQo8t2w5tI1@q)ugl6YK~^FrKu#1y%s!*y_Oo^mBC)) ze#|dzuLWtZ1=HDU;txw_uLaZEYxIY8u-AfV?X_U4y%tQh*Me#6HTc7l_L}JrOW0Sz zRC_I$YOe)T?X}?1?6r#Hw%7jtONYEB>@|tc!swd8UJHu7CelJfDviBXW7%usf)C6DFUi(t< zS^sVJ+E@NH&MP?kU>N^@Y_G}wPP@Hk?(h6xv)5#Q=TYo6=l)Kcz4rf)f9{A+9ei~MVK4tY)3YhU@-bep~Q zm4B_{dgyaMwO{j`pq;%+Tl6fJ zxBcORIB$gUYP0dZ57vMWYiF;i+KsGzu0+;8-VWCg@y0s6c(b-(8y;c@@T-m>6>#nB z20rx5uet+pw1q!G`%GAX=r#k_f>=>bhFszPBOIE>VmW9<;z2KZCZ zuC>~tIqa`_Em17yMmo<|DXN#s1_3OZd?G9CnU6x92{fRh*a&&yA^6akN-Xp_AwG=H z0X|DkGp-JO&=#&`PUK+@G#hacIL1bO(+~4wKXp&hJdla!swIN|*dC;#+T=GhMOqEW zRX8tp%Hd>^#P1>fGMoZK+^?(N2X9}n7wYbdA6NVZ(kJ}4*n0^3vfW=aI5rEdG0$5w zGj~TQnqK^Yu9a?N=MnOzE-@m>FO?gN&;Y>476E$$(B5SI%c@v^)ib!#2t*E@OhEVv zWC4FwJyDTDoeFxJ=nv!8&p@~}5dKW~ZMPn|E+63qn~a#S?9^<}l61j7Fegpc?myft(|3&Pb>uQ@{a5EvK$Aw0(KnIU=4Q6pcidybeM!3SP+ z^tk#9_*!ipo@3h?z!L5C`z5w9gw&Zp8meAt3tvYjk`!ITZ`^qF2lau%!dz~XtFJn& zE&K%-L70sv2{AjQ1i!JnpxP`1enO!#6k5fHE3>tQPf4L=+QNcFq1gF&M08x*eFhL% z=b2q{mzziVf_PZAjQi$A;*lGsC!UWOZB_ErAe$t;bmuPc5uvY_VaTh$Ld zQZ*Gt2C$d}^~S$Nr3q5MD6Q_(A1R%Xxi@|WNDkn0} zy5Wa~I+=x5ReA6Q)uSRvL>35TmZ`d)AMxX2cKr0FPGJ?28y~DjYYTa991;XLV)lp= z6Su3X^JDV_?lKc@wK}-No~P=YQVr0`v4i#XU|kpDD=O~O9Ul@67=;h14X7H5k7niW zxOKXly@u*1Z1H@_%Pu*RzW`d}zRP~lI};b$^iFugwT-A4`1F*EcF;UmLpl76ogpQP z$@8F5tXwg_r{plRv*F97Ip~gl*o1<{d2pte8g4N-F62SbBBrOBV9?q=C6Ybeg-;tX zoTP0~)dSKPp0z8D;li|h`I`E2wHu$yl}6xs8_a|s-T_q(L8#Xj@GOxSPkfi=bX9{g zib?a)>_pSGg)udvlEtvW68MptF6mg)Irf@J2VE(SrvM;kwv6;5N?>*{1`u!3*2&Zr zX5%XFj#b&Kv_ZN-eV;7tRCogf8%&-y;(%!@{53X%x9375S$L@JiH}9AUoq7JFxF62 zX2zd~*V_e}V9gt(a)2N64k=36XFL(kU5ERlkfk@S!>l=&9je9^(Y!%QtNk5_hyqX? z%b;6Y@W@)Ke;(g#YDN=F^Ce%O$)XsAtI$nwp;C)CtJHE57FiU_X$u4Dv%&yrLk&g( zf3Hy}mF($){-AN}6y$eSdjh`17r}l>Jul8~54XV{Zs}+bn|nDbXb)R^InGUI5`Q09 zH%(%-mxF>}H;I$J%Z^s@5S-Mv58PCiwGSrj42YVxs0nn2S)3%0x}S44a?n0*L#{Pd zyHE;4|2`PV9X5452LNIq@5Mu`8PgT#ip>%)i*5rY}_vZ~vKTF`|PS%1%b zl>F^IpwtjNSHmdX4x^-XW%N7H0}BGqKB zLn3NTb^VP>dV0XVX0*)t=BNyp2fh07$r7he z6pP~>%w7VCU@=Gzeq;Z{qh>L%6f&2w*eX6<>CqN4v=8qX85yaqipd?GnKqSlG@HjC z1$<2c{0&L)ci>SqwaxlS$wLpNebP$RIc?#3Gl#Uj4|bf;o>mQ}^(YON!q|c(z2_l) zsvG=`{Ur?WQU%(rBu4>;W;zOdXnwG&M51RBB^}~Nt3ko#Z{XI#nvew5u@O~$1)kIr zK(k;)yYYLO9S{R11&~JpVp@PDJkk*u(pED>EA7_8ickSF;-}da0263WgSpow@{EH)ZN+P`-O8TM4h>=BN^=lYzf2HSy`2WN zLu1mOhMdx#Mg)8sdm5E=#gB%@tis>ERk&9b7WGvqG=K$_Ma}b)gt#|aDDVPAK)+1CSS+q4v| z64U|Q!m?q5@NhNs2!#=^&?7#I2rcYsN>)52Z7d*-2RhLp^hs|s0ik)G$q7X^1&Zv4 z3KA6A*(M|wD3Jo`_RuWH7?i11^AfG%zBXyqNqA5V!CaoA!F`z5{je$aH|iAo8~fjYF>?nFaMMuzDGhM!<2!;Zmi_$z>~C(s z(Q22VA{3zg4PDfNN2#p(XYmg$rD~z=M#(o^BUH1^wyfT`X5(sY;S&%dK#@W`dJimm z4;p3BJJBAJdgGd^J<_JCr`S_v*K4&Ope^7&uwbl;aKKull}&$TJe!SNP+xfzfB0&k zE@9ncAEH?IFXAJt`_fc@_`?v`RO|i%yFYw1Gt{gA9I@_i#4C(>fKl?I)fVGRY(H2U zM!!dPiqq(Kt9-E>7LWG&S1>Vps&egHmFRn$?*i%B)s4HW3u3#`{}b>usLf65GxXqDW96QRvP*Z6VEIRcNrSQ0(+X0oeE0Fn(notieKT8i#ja zPaxdlk94%}&qK?c;H&Obptsn>HTD@_HVW}Y0(rZMDHv$kT=vxy8-S0h?3--hGDwYQ zV?BQ7p&%3hC*2#@h%8Z}JTZFpRRLOU9Sg)$3w(qRNqHm;V$p1tDU9@eZQda8{|rW# z>evX%(g+b{vr+L8j`K2m=BE{b3QOJEJAe`ZVe!c_xITmzxqY1?P+sOj| z0>4`y&A*)+9r$zD<8GTh{_5QcjnclA=1TM39zpfpkbB;ipycIbVRE)4MsKy3qZbHL zeOjy>0&SMzSG5qJ3el~s2<64dMBvKg#+LP~^RQ(Js-nKdpeNQ@aaE-%&zne8dASQn zee43D8<#ad2%&0z&=mBI{I&-Cuo~ZCU4f%vB**2Rl#R30VSp_T*Q(C@k==IK??j#fiF!n+fjLIY$CEG*p9VZ045Nw z)gZwE8Iyptg*>7?2`pKL*9F9WBbdQZXZE$0d)Z+?i|h_#>#7FFhbK9pj-&fBNN!8B zq*iO9Xzb??IsMzsV{rb;5l?79^UMn&%quC(anuLfx*NxP*wl)I$vhv5V zS2_F(L0OEezoia@73O`yjM(}qR(sR4KLM`UL|TUf_^-+8;nM@e~ljAsIQAf zMlRtI1FdUy*9N`#h^~#t%7cH28xP3QsKZA1pfrN*lki?H&%V}so%aUsjc8%}O0A}g z29PgznY7i-|8-<(-R29g^)(n>1GjD9;;Fx2i|A8-^!zjL>}KNhBZD5% z!|&>?>vh*ky?9F?8hQkkPuT0%CLl|TzTiOR`~GOJINBX3c-Pl(q?13Ia|+&))J1>F zBV(QqxVFfxRKD=xI&b8GC5N$quQ%+@3*n%Rwxaj-*4DUY;ir^eT3gve?T=f0#ap!R zEz^tJv`6dx;T=A0T)Q@ZV=pXsBcXOJ9?;AsXi5l&eh8@j@qUi_6}G+IVn|#GhTCK)fqLGU%K#0@Jk`FpX|G!N zo2}saGsEku`ukWKcudmfKVXM9T)~@^8J^kS32ERddW^8cYwjWay&^L_vwa6X@7Q0} zz7LU-=x;>9o92Yq-^MS3zmsCWL8&CCD9k--hvZd|uE`8ZdU{gqItL`xN8JvowY&83 zhRl%6HuZHtQf)eN$kw}O6r`IoLlSJA6kCN-$=)eEy=aGYlY(^nF(J)O1L<}~h+ znVBJ(cpB+|r0|qyhxA^y;He@rB(rxr4|eR`dVEW8!2$)TDl;S#<3D#mQW$^O4r#Q4 zG%GVCvv*fHAgSJsvqRe3O?o#sGbFQjJspq~?b_OGy~B|g(1{c0gQ@lIO39{S@D(VM zWC7K+=j~voD=>>QfH7M$*8xVg=5{-nlN1xpf_lVTS-!0@9se~2B-`|w|( zQ{T$~#-vwEYsXG~h;IqXM--UHGJr9O^|S+wBG&iqU`iF3A7=n#w&t4-Fbc(!>|nlt z4+@=nJOdcBH3J=BRBO7~!7No^ex3o0*_yu|=!lzod`sZwZUyG43}8%3MIB%irS7wX z8K%HIn*of;HxnFS6yKa{2eS?C9N^|p8NisGYX4WqPQ~#p(WxIRFfU~QW47ic2N>0w zU)jM-RbXDp0LG-$y$&#nQrFwT^i*Kp$N49g?9QMY$B|DKRH%W)%ZW!i*hL+6xn&KqN>)A zz332Cboa4}s=gN6i*mkazqsv3M`udT1osG|QoR#8=JW3p(d3N;=$RxwrM z!?t3VpoqWw2ARmHM*3R!$FqeX-q!u*lt!CB4P|`V9~*u18aemm)Mdd_=rm?@@w1Xs z9r4$}KVMrPIx&8cIiJ$Q2aye)?Sk6(L#M-q>nf`E)f_3*zE}S;U}gEW(!D-cy*aIo zMNw64Jw6_cZEpc?qGM0Ev0Ijb0gFp0rI;^XHFb(FeB@0Jz8I%Q+?a4T>ft8%wT&Wt z(xc~J^qt}OlXD*K_J(iWcolhkm_6dL1dsl3tMSA2hcMl%MfR+$se1TxV*vPEk9OHm zhmzul?92(j>?g41`@V21szs*#k64+y9q8%`bqz!w^u*o1nkJV&+-{6rcL?rx1iH^U z$+&lsw9X&KByoCnQwf_4_>DMJak)#m{r%zX#-(VDFMI=njBIXza3dRf&P>&Z9e-nk zA7c3q?YSx09vwwqTbpb^%fjPoz-mCx(12&}Pz{)YEDHa?z}{#A1A1fvRy)hHTWU($ zTtHcg;8Tx0h(iXMGG3*;1hcTcMQbQ;tEq3F)kRmnm?pzGTTle|3V?r!>P#_qm(yXtN=vSh;dz+`)fZ@;Yp4=p$@e1AQ211>fjaNq+QzMp>h ze+=JmNDG1QIt$mt0&Lu)1Z)Vdc zE>6hXT4X014?}OP`W*3}qXOX-zVKfmSlZH44>Uq3LiyR1*XrxAl(ofI(5lUMp&5bV z9dz{g!&~(NE^7Ao7aN*fBYJ7nJ=|XaH)8!xtV3_m7BLo04_}uLhonD0&ljBpkpBGK z*ZZS0u^RmHMQ*_UD+T-4$ZW#)Mb6f1K0RVq;W7ZRU25^lNYHNtYtjqW;=9Y&)U*fe ztT!!_KLtB^bl!Yk&YG+l3v%r^?pKVMIHtQ|IH^_F#=$G7 zV?lBo7D3wvc;6g=M*6k!P@19qLTZ%ZHNsRl4HP>;7SxAujOrFW63Wk2+hKaXf2duh zq1(g!(UG|Ey_M-uIy;TsP)9tG90xDEd$NE>FIW~jE#Sgtno@v>j?DJEuwMuMx(|#7 zW)5$X{Cdq7{X;oA_T=O;X`wViCHVooP>;;aALa|+!fU%Bz@`0sRChCg82 zx4$FJximWFOuuV8;xzo>L&iJ&h>b;_K*6Uz*JdwNf>!$~pv7yrbX=;FPQ|OLMq@b? zG&_yYBLfRQ37w>1L*eS-cZ`JsJ4QSS0zi!LI{;Z$^hvxAipIP98Bw`acQqhE*iv_W zgr=M==sIMSnE=9@Rcp}t(}}HY-G!}6@3Q@;A&ae*3%0=X7eBGAXqWxt8hjidEj=sC zySS_0wQFS=qZz;o%SX{8d_8@_*UM0FGyF=FB|kk+i3nJpA54ezm2gSxHUG%fo9cIi z(e#2Ay?CuQpW#G-@Y{iKlOEoGpc{k%Ev)Pcr?)HamSbSU?tDs!$Jew%xcQ|dt2S2W z>#j{e=s++y7RD+x_154i9h48Oztt}k@g-}LaU+1{1zvoY2#&$Xe^@W2B_bWK&-rm{OM z92b;L9HZ5Z_`wnnx6F09rIi1l?B4}*zEuCZnf*HlKBpw|9qsdl-}8n4DI;ySr(BiY1y}2gIF1CL zkR6CrdGzQth?!Z76`~Ck;o+A3zMwf&2>uKWR_Hin9BKqI!Pi{D+U9rdkN4D(rzf8H z)nBkb-p%B6ijj>yq&?6=m99q0TC512wCOLH_3uITTdh2&Tc=&l55pGRCpp7(jcHsW?DaejM+L=F0ACjQEO=O_iIl zN1giBODwL}!~X(1YfFhp$i@oax?OR%KXM1|)7YiW=Q-t&7Ol1#56Cg*C0ZZ;0>fY2 zqSa{lSPC`lhW3NaA%@FFZP6|GEMKA%#bn8TlZE2f>X8#*8(`jX9~ijJ0sC`ncIpK?xqP<+y4&x9-iJ(mg+MP5Ht zi--@+jmoaLb_T;IU`KOAZq?m$4?HO<@ZtCS5S@s6C)sWE-W$Q z9ISN6g)$h0Pw*8qg>V@A9^JJ?@BBdi6umR|SG(TQ!yj>+?Toy>n!^cPe*l=uKzj!U z8d%MN4w@1!IHT&oRTN1LR;X)bR;QB1MJr+RLO@}ZHkB~YBFp-gqEC*%4rmEZ7yBK9 z%b@|mzEIlvFk~pRu(>Kvj~Dr(G{()rW%?{O322kCWpE%o1JVQkU8@W#+l>?!CuS`Xo&d>xP>08j4T+QnV%O3e*u+%yB*40@iU>Xv|8@fc*>N_6k~3q*B87W>Lao|GT&GQ>5{L3=$L*Gc=BH!P1rw50-3R3f2eN&wpnKy zbr7OW#&?m%p*nuNd|9BaV?Ku=Z_#+dKVf><1XqR zG%?!q9L%$P+Jtxf#k&!i5QDg1Z0u-YgHSKBVUq0+!xMMNSck8E*XIYyvY>WhmM$*K zf)yLS9?(C8y_XLWq8cA&Gx;Dc#+meZ;cs93ol#c`N_!8~yDIyUb9~?;)3jQ!x-zHH zFPCV5e-a-Kd#Utdg!bHE{6p7hq1?pv@l#fIbYc zs^Z9=XPXU@a*6WJX;0j!6x2-zfOLOAw3ASq2=gUCaSC+>1ynQ zO0wyq<<(zPW8DUrkd1a-l$a~VIM!WTp~gD;Y>yC0mqM&%;8KcYV9+sc(J{HQ^c2`a zqkPf3TtG6&fh*DO@(|y>fg}^m3$Gt)my9w33caP98=)$ z;^d-I>Hpq%>0dQN1yIHN>9`k###c>4yI#CEI7u!~Dc-AV<=6*030iI&Ic}v2gJ-&mhezt zcoz&!F(#>ZD=z|FaUs!7p66ZA7jExgXhg+t7dw>c7}CePR2ma5)gzcrsYdvsbD^bL zg58XF?r~?uyBI6+N9^rf8e=7Eca>;M|JGER??&UZ%8KB(&?8f`tq-ge)#>faD*Khy zwpX715bU_D(0OH9yGj=ik7I%l+Cp)!Fz%vogbid0HFLDVr_uM4{)QB(e21ojujXAe z9cKC+P)Xx~R)-}HV8#wgs^fF)ib}Wm=acxN{{xydF~uoVgSqHDI^1NSu7EQLgDykV zIq2>|_X1$6*iJma2}t)K9f6!4B+3Ne#-N08{h$v0rp9&Hsv-;wBz+3v6w3EF?Lthj zO`Vqz5xsat^$-qG(5l5v7@M0MLXuE;9IU~!JB*^cDG6c~!l44I5LW;~UQT|4!(beS zEQd(g%7=_@_#_@XB|;le5Uw~;XMyk;9ED+MO~5$0B0ekt(LsNPv)p@-8H}hRF&t50 zyD5>OYc1)EvfI%#99PAX_A~6UuHgCJVvnt@Kpgia|BKgFV7iZ)C0r?Vbs_-L zg}KwRX|ZxRVvI)tWkwy=U*K+O)0Pf6u#E13b+G)`RCx8`O>o3)lEDQcKQMl#9+?6& zWKG2xR#K!yR6rlywF))@0|bGbFJ2?VG1L=mQ-~T8?lEPj3U>^KtC=m1`-?xWcz{bc z@m@Z7fcSbR*K_;@AM3?$p~V}aMO%X3!0!RUJ_5L~Eisg5uL6GsADCHc2O2Q&N6)AVPAwq^2Nr11wp zKbw`G0ZRMU?e;zdwZDKHCZG@8f#?JIE>S*S864u{eUTCQ0h!vF8pc<=TU)?m(IC5f zwAz=fk~|5^8hjnE6X%pSLREHOaBE3jg0>gGZYLE3_izyrtn*kAdel(H}U5BUBt=~@o5 znfZfjFOBwuUVhJCumkQ7TA2QV&k$>^&F4Y`YD%4|hp&K%oa*W3Or6sxOw${nb8su1 z7fen!_rU>zQRo4K9RK8P34IK$o1CSGUvkd8zYfe({hE>io3x*Ftad0`D3%MOR!`*e79=+6b?5%>mLmxIQ z18;lDsE|etQMt?VF3b9Dl73T^DuBi;S)xo3)23Vonl-lN0xNM{Ikt_ zpb0Zr>{>;bJ{?Ju;9c0O&6m?^pq^%9xM{EK3;rGGU0I5w8%nYcco$y~zX@Lk_}1-# zBit3o^%xU8E8T?I@8 zIL_Rc$e14p&!yvR45skld%H)!)!4bs-lr+JrAAxYpMy0Zd&Xr#Ksv<0#IT-K;kLjX>T=pJO}X!uLRZy<#S-xVBNNdrb0tdr^lh7 z@LEbeq%^v}ct1$v)5_P=i2=)qPI_Y`v^bdGQ?wfC+7B8eapd@LaRCgz3si39e7S4UOad0NWMmSlLE*IfKn$Jq3!Qf~UhGN(w?;1Y` zvLS)6D2dS<8q>G!hDKx2)`Wk{X0O22jHPk9nzy|e+HPSEb5$CVL|*Ij7V?nAhP9t~i&502Y$>`(3~&ET&CxdCVEk!89DF!>$%Y1^E%_Z{>&f?Kn(6&xb~ zND9q%vCJd}Q@?2o)=}d}uto=~7zZKY5Q?rbE{RBL?GB{+BeTVnwOkMgn_l!8zjLYu z$!$Qag>oD@T@d40A={boCt-e3ou|9%5t`=9II*IFr=7C#8!{-6A+Vx}<$Cd-H$n|@ zK>5ix9g`=e8B52)8B5EKP3H91SJU3Vdb+7U2}$#DPR+AV4;ixnYW&L5i(OfAtPi;W zYTMS!g(qX2V{-^y+JTzQc8o@0m{_PV?)OE@>ABe$yaM%&czpyK0O{R>*(r<*Wrp`e zXB@ouIV=hoHqMC|E63ZfPaaMnfaK2 zxO@e>flcp2?J%~vI#UYwCj31A@Tw)VQj#YCJ228&_=_%&sE%l!gW7^8t?WQ*i&oo8 ze0DSko2pL-;$84@rd=O%SlQ7V#hWFox5*2UpSqGIfrEQ!theKA>DE8{`xdocI4SsdE#(tL~TNS^ybts-qRnRosA?cf;YOjFq>S6HEBeCtCSS$!(8JZ)(;T~jK|k0BtF)y(IDdtGKz}f~VVU>@ zaF7~a!3~##8?b2EfIEgEuB)cSW+3dun76UR`~i_GK5nRli{M`vGQbGuc)2V*7M`#G zrUV85(B}UE+5nzQ>@EBd{lu6D)!=@Eo-2QGTSYm7z;IL{hEPPg;QSe$GXNJzwpIGB zWNBaI0v!uGCJ+}4AqIi91BurRX~wvu#=x_$yh2lWSsvrwa-pCW?q5E8ap$#%kfM8 z;`f7>A&v>f)>i4T<9^JC^Ert<#VWtak7-S|vHvMRfFm5&l;c%*ZJr$M_lhLJ*ehy| z!%%`xA4j?L!`2$+08~`>5~}+lsxw|dc`3@q6{uyL=$NO_M7HnyNCg}$0f~ywwJb-( zGugg}45}L`JFdyi`K+mSQl~JF{asXuL*6BR39g5ixNwGlm(ZnC@R2NMbN;9TndsX_ z08_P_0Zi2%Jq)MV8)nebsaT{FI*SXfx>&-OdLn!YR_M5Om4b2DW)H z&JGJU^?k6AR&^oKvB zEJR~v9PxOFZ$j?ZnVW0j;hn~jCsV?l&HypZ3{nSg1Bg04IX@1g=^W?=hney5TTlsN7g( z3tb+$=J4q29ywgOv#8m!{}>;2Vr1sYC_4VIcl3yX80Q~65red-KJvCnHbZmum#1H&$ z_OI>gFV(-VKcV`!_kCOcRKN$u98*}}_Eo}?AztcCz2W0d;$LYFjr2xBgAWTf4jH2% z(O{gzbj{$r!ToTKLwmz481w``BLGQn_`Fjlzhj*(Udjcs+5BtpKfa@OC79uijFmzg z<1m`Z)re(8tkg6vX>cx-{90A&i;j4VI;)6{)*H5W(hEK?<0}x|AkNpF#{8e7;g~2O zUTOu{zVR^PrF!@a{-rm3(Fx`jW2McxwP{lbeQomtZ}@Fl+2+Wtu$WCt74eqvd0?HT zIIhiq3k-;#u-&~bb$SgvZB=nBGftBd*XTgt)O7!jgAy`>38jhOuS*dL=r{EnBVr4Dl2~b zufWmi7Dv2Ir6T@76l?^?VihVkURi4w=p;VW`qUBqbvi2X591qs3=*iTW<4s(=wC9z z(shY3E)ivvSZY1hR}7aa#`)^=aRLs*l)0W{1?YlMTV;fMnFAc0FRNs-P>fmbJK7>D zZ>yum`&UqTA*u^ON8nY7w*ZEWOMe1vz=l9Xp!-Ay9i7GjeTpyI^Kq1&C#y+F`XR7b z#{uwU_-EcX|G276&EglegA6SOKG%mUWTD1fg}f?le%Y*|q2#udjKv9@f<6rxvBWUAem z@s5RGOaYSdJMQC--|wd)8XPko+j_mSUsW)VIawL%J+RzWS>#&>ZMhu^OqC#qi`}f~ZPt23gD!rtageJ#I~a@?ku|hTtVqj5PH{`wfDH zc`<#j2;P>N$~Nf2K=`0hfkjtp!BR+bzjz7NstRr?@W&SFGqc3IYe(#7X7pp=2-8&t5pjBiuy zT4tp^aKv3T1IsCN=^rC-1Zsz~5D6Sn6IDi(K=c?m;!XsPoQB3^3LKfR#==)}e1ScH z6;mu8tHqi#&3F;9zyY^%EG%e5DLdmu(TbtMT;rFhH3>C5R}Y5&ape!l&a8Dv6H0 zumYpcT&{^m#}4On1)s4paR23iS2SQbJhIj+fZ@J@_K>sq*z+&D+&ft27F875uz>mZy?O033kwM4S2VyKnGK@Uo!FLcYd)k+jCjjfLo;|SI;76LL{ zilyfMR&HmKP#(2mLE<$qq9R`7b8UVUeZ$I-JFdx^5WZE+k)?h{+L=)swwYaH@LQNo zcd>Ya|7mIN?Q5M@<`oIacf4*9nY-KUVaCis!H)VP)`^L|{i6RGbgLDzwt4oY^W= z{P|ML7_vuqpr@rOmSx3{l9*7!l8Ep49d>FYQ6TzU7C)`{j{Cm@#_bT_@lTj6iS<%N zf2@C@j2W7Z$qi;9a4)OL4dx7${o_~rB4wD|NPsDEO4rqR-4^VD=}odJ!e3;=Jj~Bd z!Te0ZKYju^GUsQZ?VO7F!XIL8lO(SlfbySUr1yADWlK-WiD=jB)Uz-1*BE!GfBYhD z+`x{IWc=Vel_T{g1S#VmW6GhfwqP~J7hc7A%6be`7YCA0p29oqc}ZiTSxk@ z4k5(jvctt84a?8#DtA+!pcIM1QZxQ?Dq|niaJobYEcVAZZRx6n2?8%R)(8`Lq7{O9 zQo;%`DV?xJjDKQLQ{43@P}b;Bf++$HQKks|i4ZKBA~PSu@=sH#xE#~kA~tDD$P3RS zbOYh=DtP5+|QcZqCdxF+!BVgp5%J z9GG6jnDH}XCRJpH0D~qsuS2j;o0Su+)mR9XXw(1bkN6A{iXXlVZT=dRm7xk-N$Ebo zCt7SO#P9=C^&^bn;u6MJ^upMTo`^_tsOZhcC&V%8ehgu8T+A)r6dVGx`BcOf3QJ?} z?!iE~jl=I$;|4?!k|E>ch`6x=xGVi>aW|tau$%QYG6BZ2eh*_7?AjuhZ%SN6=5Bu* z3(j`+0{%a2>0>EM=S@FuM zU>-`_{26d#Vbu!sUm_jTmYzU6QcZ=%B=k_~ROl?560)X3HOuD=4sO#-XWde}L0}wk`MpeKj~LfevWpe5O$Z zsk_2B#cUOQI!TKNJ`*Sva^B_zXbZNlabqcm4Q`*r*b<(RJ-(?_R%VUHNCAXf;A~)h-7fEI zBwfivaP^i$NEzMmEwHGVD$14qXJ$a>j2X~b@k`-X@L0tejd2s0SZzRIj6?C(%9m+O z(ipZZVu_#F76`Y{sBBzdvUqsdNJc&&p2CWJ zaKjV!LW+7Y{jJJARyHxXLX5o2lvRxRWbkg`F06N}vqdbnIEE422klix@a19zL)BsP z5x^AzQmB&gKVaxo!@A-R@pnLLsWA(o9A%3yj{9hNSu5yVQjf!HkYt~vL47d>(4!jE z=zh|gro9M5F*QB|+_OyP|0+HM+=KWGgbCOKG_HgpWNiIQdwY^!)OrTIAQ*wa(5|k> z9YA_hxd+sQj%hW{gOowE5H*LWFdmMDpmv^?h0b&q3p4*z1npu+d_)S<9A@K&EI zPT?|y6yM2h7S8?9r$T#6VDy2~e2*&xmq?W-el`YmjEd@Dh%ZLd5rjj9%JAuJY<#{2 zrYm;u!Y{EjzMOkE5b=er1zfmjfYTA{CqR+Y9l6KYv6MQ$(aSx1q3*uO9FI{uhJd#i z*MYN>1B`Y4ittlOV$!g(G(V5KrM?yn-F+KgPS4WuHj1c$<2%$Q_WGSj=%*%$8WyQv9F zW!eI+rU5m1F0~d@XuJz_ATS7BEJ@6%a8}cRzBrp7`x6iZf}Os`s*zb)>Oi%3#|rxR z8MDnM>G-eY|IV*HKf{Hc!vXfOfvz7(KOE1;K; za{#@AuhE=;oT`Aj70^4KKnEv)=BEI?LIIuQ1p1f)`U4Z_A5kdYHQqhmDUL(P8sjHW z_oD|x@f~=}M)0wqukv(~`rgGL4fbN>8jCKHbl`PIya&oC95*wu(6}9m%svj;|5JW& z8#6H=Wa5X1I`Bhzk{@_YGWnq!?;SoGPrOo`mM1!U9OQfPT#F}OQ6iP#iJi|0Pn_s= zkZ%NEqd8{{R^%(AxI}ZF&>TQ-OaQ$l1?cw`(2GkPK(FR&G-typ3TO)pMRUIH1ll73 z)RO|VL;=0c33R>!T4MtJ2@0j-i4*a?BTrmUttLDX9CZ|)xC)8niL;SCsV%5~ZT=aD zzR0G&=nj1`6Z)c;=!-m1w1d9z*L38MJX2qk%%@>v*B9rJKk}e2LUS!$A$?N%A=h~J zLPi#K&=0M>6xoIe(T%4HEnavQyaVp!=V8!MRpCo`jnF4g(9|Y+A zV;n%g%hza5KNIK(08ORaQvlSFZu@{8irOe68@*NCPpID{-Qpt^-5QZSF(2(X9%uJ3 z<*RZA9(v8pEMYqz%uKPl9Vm7z3G<_QX(a6XJse1#aF#_Wzp!Ca!XEg&AobUy9Y}qH zuhE=0a}}lj&O*_gLMPC@h!F;k=_z%8Nuw*h$Ea$yqJcTV{QDob+-V7tPH~ue*@u)QHC`Vc)|I<7w!&Iom-u zoV{wI_JNxCh6TIjZ`*n#4%3dP+9D7u|WxgD~isV_KPqN=h;B{SgT2REozEvPEa5CDz)`4r0wa!@}z#;lw1d z{_-m!*4B{@ydLChH0MwsMXbIgMl|ORC(scIpy#Fl{iXtXf)i-I0{Uwc=<6tyN~~gh z>qx8`vbhlJM9Dz&2K_J`$)(lO-my)> z;J@lme#_gB3+nTG8bi>){kU;DAMw`9b#Y-|k7JZ_?#NPjE##!jV+7b4t?Cl*FcAK^tsPQpK(e0EH>$5IZ)94R2n@vEIo~yj&ub^;0#hUn)NjcpL0P} zJ3gQNnc(y9=h*SNmv7OWeLWS8dH{ELy~znPKLPX16qwg2n4KLkPf;+RFkvo5nN%8` zi*Fri^Z=P!X!PjNqtK`liKI~g*^}aA&A*)VO1L&|PUG6J$#4w$nNFz2SgeDFbfpS-Ju^*0`K5pZoJJZwW)^8>0GuEPyR?GV<93H_G zI&J$}dO8)f+357)$rhcqgRFKs_5G31X>@^|PFM0RnsZfGMW?&Krb4F`tu~m86EGi1 zf%(P{1?IPg*+_1AJg2&GUDn^g|LCvNtp8Xoe$#Lr*@GuTwrSTs9J3Ksk zxgXX+F9s;{Jh@x(yMMJuj;Q46gSdpGvLHShfq~e3q>gnsA1hWoSzPubB|>nKG1M9VQg30TPqE9yh<*UfF?!_R9Vh{K!O1}J8WSfzoZNH#7#V_nQj*K^(qc9v>%S{pxt|5x?VD_&E53qvHddD`yxQS#*QpW-60t z_w#T{a5m`|PZIJC=cj+T2=aW92=e(-1R8e{gJ7w>7JxwA7i7jmDJyjQWnl)kw` zlFfbWcGcXHFVWsdA3H{SUH?{lPdJ|TeufdB=>0P7-Tr;HHxVAhpm$N97!57;*~L1k zC#gQWLVb1-^{LMAIoSOe>NCFAral9RJl4>owbP>_9~u55(k=P(00v@$@cahb^Gj>^P#gZYesDRIfAYW@vYnj_fi+ zn_fRd`v!jQ@{jC}x7B#VPsP?;{MwegUwhE~9Dezq^GJbSjskts7ASoVt^$-OMA#i9 zsi{-tcNwEsWYuWaWY#M+C8~AQh)p zR^AOIgAz+5k(P}`2N*gyKmI)D`%AwoDx}o5e+T@MXYz|}crlqG&G2HS9D8_)?Xjy< zlVz;o<+UWwgg@@cF?VO=nDf(e%rjW2NyjnWQaI+*qjL<;8P32l||b0yytPU$`8pZg#h3Nc$Bl%cpRKEh@65U6ZAbgf8-@2 z6%~I(nQy3I2?<@k{? zPaI!35Ndfxxt?Xob&eTCn;Z(pq!sMHVl^in;d(1T7zFk~W@!)CY{MXM83uv%dc$rE z0zCfteXaJeh%_!fQG)0-RtC zhoBjNy+aNiFM8j&1Iwh^QtpXDXebZSjUx=5r|`&P6YhJMneW=KT~jY^bG)AZ@uyuu zDoo7wph#i7AZZ=S{2}}i4g-W25uiOLXqB~#ILh>B5KfTo;?>Q4&Si|al3QzLjlx0| zcUJ8W-k=&&c|Nz06*pEtyRvkUD+^KIxRj7d0<7|d_)=wW=&oj3qh=4@qBjg%|2Amz zgWQ*cHylNn3rR-DV)t;1&eERw+}MH(qHy@&ULI&T5*nl)(BnhZZ7;aWL*qSZ;T`CM z|ChLx6Q?E$ph5s* z@`OKaSeGZacFm%eeWf4C8Ez^%V7vh!P2;EF9UpeQF#vzjogZRjNk$QME4^!1xnti1 zWMB9bMaI5%g^S(IK#@|ahZ0J4z!V|ri55vKJn>&oapUX5)vE3ke67Iee+yrJ!NC?I|EiAovg-?lv5T>GWpZ2|IPRQ} zh%s=VjpZf+kcBc)DJIhmk%l90T9widSi1$#xcXtLlpbO~lE0if;}CSl(tseWZ-T+J z_%O$KoZzoNtTHv3LfCWh7c8NE6e$TI)`p>FNgg|fj1CYqY%%s+VOO=%UY@67w9W~4LjZbrfwNqAmI4>Jw{|QqpMcPEkGyA**y4I zr9Lt^VN!JDaBLWF3C`BTBl7Xozq(BJsNsqy+D@`r6@W}f_5*0Ld3VPSbwun=V;VfE z9gj=IW;EcijkqKQ$cP#e+OFZ2*fMacWJBw^w`$ha&pxe0oA#|FX(zxu`!zZhf zyQSO~V3{)A)WKiqpRy?Q+Ly-Lil#HQymVYYw?W zIS9(uva%k;&3IdkayUukV4gRzNh8a6%FS2Y**vVvDFB6gn>A0D@$yuHJ;Pmw$zxVi z$*C0;cUP<|8KMd+dM)Ylyl-??Z9VRZjCOefk2vrqI`*e{FrE|JBD6z~p0WV%tocp` zi$%K}*l;FZyWGvM(XqPPh~S$5a>EbM9n6WZ*AT={fNtcUfM>Em3D4Wvi!MdZ#V*Ed zV=iJfkvx>(YU(}0D0cOlntw0@d81ug|DG{_>~pNwBth{0s?UubvWBze+Sm=iR5Fq6 z;d#4y|M`yi6&@Ebn%aM%s zJLL0o|4pCKOYg#&5x3%8%c}cy7q++KKG1P1^p{~w@SlduBK6nRbNi_{pxDqOv#0r^ zV>pFJ^N$$QFdTAI|2MFlO*ejc{4^Z$Hr-deXAVvVb$`KpILHCc`n7trA3WR3;Njlh zhVlC@9VNqe+#1KB{y`~(1+0KJ?h72CJ{_kTeg>=FesN%Ad|u5eS9pBhg7Nv#AWdDi zO&Cq+WSUKQjK2rQ9J>kP_F^aaN`?N3{ng+UtH1uye|!j~w1xZ)7Pu8%y63q1ZtwSW zXesvl=0v~mLBD4mN58Ae+3(-8cImp5OLl$M@pOH6S)%JZ@F-m$w-H@`8MMb>q4bN; zo9F4Qhb{&NaEGFfD=nawyu6i2TR4vxaJ_FGVVa;iu5@rveJ4;f3P;Qc)s0&)qND4T zy(1IzYF4|#6Y~~K%&)u}q=z)kEHT~l^9C%$O)KNG*b`5Sh zEW!CoOOUQB(#x?{AnL6f(6cQ7X=iuJBhG_>5Q6?YKd_Vr=7l$k?42^B4m-IaZ<9pc ziZBWsNC?}fzUbUSS#*&9lE>@{{G{uAAAeBbJRXT+WMA~K>m?;etd85eY7 zp0U40QR5Y{Ekb{$9fx-YBvlU;5Lqk~?s6Y1h>pEnbaBp9Y}cfapGcOCj=h;6eho~- z?nS4;_*6~bLNlqV-t>2{7jQ|zFrWa-cHgT<_nXS|(XXtg^6XAIL;$?E&DK>9h3W zS06$Z!J(4nW`d9`mAOVYgin#OV zLr^?Ze4|VA^&qBYvqu@ZKp#%L6bUj;keAsdJSInnJWN3+%Zd)@P2+X;)Q5}R^{mh( zsrMoKFuwzUo(&Ks>|^h_j2}uOJ#lXE)RJ(|`51}TJu5T>k~^*F{TX$zvDV@e005dg9f}>Wr%v~cz9N5m z#ix3t<{=az_*ub$0Dq5h0l-7xv9(b3J=&#BmGW>cU(S&n0%z8eUpm?Z#xY#=m0GS`Ff3SrH2U z6b0=X%yu7BWI}ehJX`bNwjRhsWI`UqB{CsDTn@Klxdgy-+{eOmq0#!JFwZDVx<>(d zaZ<`8W}$g=_KSdl|FGg(kD#^UrtBjJxIIo*>C~CkiZq>lVIsh#t$M+BIUVw&&4}_ zCgeuYr%8F?$$8-kd6Dw`$fW%60tbc(~(ZJ+=};G@qR1bZxu8}CV>wpDs)B0&qDevyw5`VEQ{kKk30k{>fs3g z_`=G{s8J_@D9=b@{Fw64PPnR4^uW96ylmM!H+l&+d@Eq|2k&;9IhIYy^LB zUZ0FdKj4tS@o3UPj7N1zhMQ3rd#epgeF>XZ<^K!5N&dmipGc(r#PO9{wzxHPxtz#{ zcnjmVxQ7P$F`62P_QJ5akio`~Xa4a<7S`cUxQ4%x>ka7GEF**>Ub6G}{75hlpN;KO z>4qeCJ%oH&vEgajH^6G&+_vLtU$_g4d!XWba6S}{aoNxNS9wMa%(V6GQ?SI?NcF`TS2tCf z_#T8u?AudEEMYz=_0_D*Ha`Ao`uPB^zK)dSwr{okQ}Ujd@;=P|-afrB$pf$#A;9H% zxH%~3#&NSaEwx+w^ic`^mHI`)lfAwMS4-HGpdvb7wK z*xwRcf1rSh%RQmKC8O?Xuf%dI&g>4C3skwTSMpEmn7@=JZhksj> z6^i_T-Z^U=JYoFpC$Lv|CeQdn{N&-sqvprTUZvVZsV%D=rJ&!lje(DM!XaQX3XF%x z#xsG1^Y}nW(EsWfGRyw7!9!{Cqj3;*9}Pm-CUfcZIdpM0bTNLCx_AL#n!5PM@+i9a z+w!=_sK#H=)dO7!tv}HNT?oxTJ{RxM`V({U4w{e8!#hNOVjkY}@IDOh!|*-~@5At3 zi1$Lg7vjAT?=;+#x;?%A)Nfj;yUKGD{*=`DE{?^veVS1RTeN8ziD;fT+VS0%9r9IF z?|e^=e+WW&9K$lnfhb{wz?11w&8P9n+0l~GZze_S4z<>~YOlivT zF78Ip8IE8==;!}o?@QpDDz^U{+Co?p_JRr#tF(gBDrzgB4Q=U-O`!@3Dr$dE#j2<% ziJ)x7w#X$!ap$?~b9A^ReK9sPuE&Xq#GTA|g~TEkS8IG} z@O$L<;dqb;55uE_VyShhQ!)UH2FB&s&IuizpM^u%F;!3B9}WhZ|AD5;dnJdOKP4mh zR;c-NuxlLl;?giEr8;*o1Mp$p6d2zmoF*{>G(u9P%G!|L*c1dFt|?FQxqFOUQrxf;Rpt`M-2i zGi?mO{6M8c=|*DM8Ro#CkU-;ue4oMkX}re}GXcZS$Sitq5`~gp|J?DSYmtB8V>Dp+ zlV+GkjO)xJ#z2f1#HQhbvcahFx;ARGI#nAro}&4ZAuDuP^bxmTUk}kl9aF-gSn=iv=p|_HMJrlE0?X|ihf|?w8ZUnNzP|pP znu=3tVMPB8#x<>rXa=HB^g3 zm74OooHev+<&Q^Xt!W?DZ|C)z=$Rd^eL(*i&pBlF3K02$f^s1E=( zz?}$iX{F@$mEdZtxEcp~o#U$*Ko}SLW}iU6=cu#gy;{NdgYlkl&&7NC9gO#UkN5N| z`$F!j9M(Rb-*A2CER2=d3jjUO?HSnI=V|W1j(;7?S7R?pX{Ug?I?xi$!-=WBcc>x? zbVA8u2$YBw8*G(HtV~QwRX`!my1f1^?Y4^DNJWRllcQ#>IGVPJ_Mi58KWUHq5TgN{ z0O2$sI?N$WHGP{SaPme{8f~h1Y=AmHRO30u@~d)#tzt4&fM#?UvvC}(whrT&-WB?D zPg~6MDynYj7|fRIE4f%xDyk-8em)HTC{=ZNPK$$1#@2FrNYAO5s_WLsK-hhp2Ukp83Lt%0ZIlUq9yy!ndn?bdoPSVa{voiCA6!r}#* z^i590x&xEn45}`criohDCi*;ysH{Z{LS@OIZWY4|fh8}U5D0ZC;>A`5vBf>Mf1sDA z<0UcVl3*eLM=le=F}0%SPVCxx;`fOOL7bgaEgZO_KAw9TDFbUn&MGKRwuU;7@Ym+! zS`PKl3xrJp<$9A^&LuQ_&-PA$6Ou;UBukBNY@&m7rR5(c1-=1YkTNGkqFu$m4l_8E zx_ok?Bf(a=45>)tnX)(uSAj?H2lFF31Rb*|6MmRr(Ski0bc7u}2~MW4(X^U#4H%l` zfw%0rIM4NhjG308!`xiRAKSv+F0it?ufCXP^Em7`mwE>nqHleZTcd+e+JIpWZw2RF zjCaB5i%6+NXR`Q9!F!Xe3ATKsHoC7h8Vg_mJ?FI2R^(gx83fxlPeTC7LvZ`1q{Ye6?2^M3xo1@XE zJiG$FXKnBrA{;~_{efP%$O{)Ou zxe%XiI^u-Dj%jY6-Hou&HmF19x*~Otv;I6R*eLa0AEh=RAPR2n!Nw-HZeb9>U=0Y@ zE*9e>BHZLaVghvXZOFPxxyw>p=5+)nPR7InOfEyJ;6vg$#-dsjotl(1W>G>J9N3x%k5UFDlqDog)*shTuxnVeRZcT)}sqXySM}&5h_n_jfcMKkqY#sFdEfjH*N`) z(hP};z4}P$>#Y4ceetPi5%l%)Mh0Z<2|9gUMk7vihKovH(`M@QMP_qQ81lUUo*Tn9k0_{!W}W;HOn)28IU~db$fJrdwx?)bnIfs z42jNZ-^D|3cOn(g`J7Ry7G=04boQSl(RsY8X?ly~zYl(jiHGwm#^WEUIv%@c$At$A zGrQ=3rZtpGZN!7Mjo|ThrNra-Z{xvZ8d3p|Rg6Qm7>8TJL-dt+%z5X?@pv1im>Bet zxqHTgO+11%Io{<+`e=rxMZ;qjadmX=v5OBYBp#hN$AiZWNCi9=F%H$D1h<68 z=Y1p|WlN46j~8HPih;+mUoswpd+B(r;o+-EJg}1zkN@S-@wk=PFcuz*@ez;z-^7E* zWk>})o?{#^{^OSLSaqVrW8C5+$K&C>G4W{s1>r-5pK9a5W7sCfV=m)REpl*6cq~enc$B<-8bm*z$@i>ndP2w?1;<2nOIv(c`8^*%JkBQj>;W4+j z#3Sd;BgbPblpQhXMaSbzV#8Q?OuEekEEE#5Yw7a);UeO`>=mR5^) zct$Orkt$n!@*9!!QPPLX#kAN14Fy#$5z$Dp1K=8bX_x|&{Jo(-q)!ZgSLjM;O$p`j z7V;B&YaLU?2%-wyj^$Aki}RW#tv*p_^V+Ci~QCqwqaYpJD@ zKB-bkH5uus1F_VJ z-SH+}_^(3m7FsiRAdKARe*=$ne}M2FZcjRyt|9dV`$uT{nMs*D^0I{I7DAKOJUHJ} zx^7r;d=-=_Ce@3lo38fZ6MV8aO+G5<)a`pjHT1RiYD$_;F;crGY0Xwi;cCI@OKANc z?6R2DH`D^Z7pDQgYs>%1xe}X3M37n)7#MAyn#3=e<;>3DR3Jrp)`)`7W0T!HyklS4 z;KP)S2!25%S1sOp<+L8KagL=prf(T~P8m6C4-6j3>+y-0n?MFzdI`){au5?z2(6fk|szu2ciH)L{h`6#JD;UFbm4gKj*W=1hE2t7L&jV zE)G#U=~E3nW66VgtGPe(Qe=OQ=20-BKOqn9ofw}y7>jh&p|ABc%YzZaohlAz)XuaG zQ_e!mY5BCgKl7Sr3r zLcHS;n80iJ%D__W{8Tdk{q!w*sa+4r{0m>!^=%rxL}xye3f;z1n>#dwc~^1CHVtz_ zi%#(pMl8)VSN3Y}B_RqWdCWEl4eIux5ji2)QQBh&0StS#3N~aA6nWYEJ-0@K(_4io z5Z`!=3&Eaxe;GqO#5=lJ9dFIcKH$m2fyq$URvT z;OKHP?F~%S6z=UlVtO#RFp4CQ{Q7Il;!{d4`%vVXeFH~J^u z`OrlsxtJnWkP=+VMbms}KsfraV5Gs3n=KgXip;w5U+Qyg_pY=wm;?2O%rNFaGytt! z8>@Zo#ffN(oF}n-S|F}QgJ}e6uQgIVN;Wd{CF~E((-$pNC)TvVMq=V$AJ*5)(bPrm zqah+p5ucNuS~iwb$jKj$$Cl+Mhpf9a-dx#W^mK0#mR&V`th0WvWY`qY%sqIxA(?sawawT7a3UK?ba^OtN@%h;G5Ifk^dkQn_=v>@;in0$C*@kV? z%QQg58HSrpAa2q@3|tBk#zX|4bk55A`VyM&1oG(xsAcX)u~4*$LwLt12D&1(7{mZp zi!JmCfV`xe1Ty&rW4>?!#uj6)q6ptuo1=WoFQGAp4TUg<-GoSVy%FeOvJYX%Nhe@O z;uY+IrneeDpGDv32DA`~brfE*RY^1@byZ0qVeLjN3#1vj+}iWV<+c?>JTifZe++yup7?vW@*!Mi4 zQ3i|?wDpp-4adY{%zH-lNqT8m^dT$?@hU17r_eXr`~x#MGa6Ts!rqL=5(AA?1C0<4 z{{jX}&>qa07>Iia2%NiIBc^`X7!aHAHgGusaRQS=wOEZO1jLZ85{RAuj^r;B9+1>9 z1IunFp9N8ZkoC+RAwd>uQfF~5Y1w6yGIz)>hLC{(VNph24K>`884!~gC*IW3@>qZ( zf=^O&=6`_dQ6^EAgB?+IDK3_ak=&ovqMp*DITO0b=Jbqc4(7)pe~iN@pNAhyjng+8 zo)|dpxcvPjS4|BeOU}3#n>xuMmerEq0XuKN?V!0M!PCZ+7Do$DZjPl(i_8s~b$lG| zf2<&<`eFy~R<~aJ(&Zo6+}RqX!7KmRRUB51qfF&^C%s3g-EX{~2v-dhr3h!ayPaGI z!{4Jh7Q$UbH?;CC8VgLtKQ4xIS5}Lk@hxF6zO%&OsOQXGs_h>ivA&f(i`fYnADliD z2$=fA=LV<0>uFK`Zj$<85NkDKq1jQqxY0-|J2^`eh?vsTs#gOcO%>&h@}gu*ND#U|z!q9fWFd`*nzF0U3zTC*p2lFd$i)--<(i(l0{-Dk9S?nRjBGC{ zFW9*yKL4^uP?O){U-n?5{$*!VJLB*#o3Nbls1@&YFw-ipXT#Jp;9vG4D?oaEerhl= zzc~qSLepdT!x{c%9c3982X0;7lz*A1=IUG=7#5cF*ZP;WgqZwe{mZod`s|2kjpbz4 z83J3X4@NsVge>qRS{dPHM!Tz$n;GrdCta*UZf3m4F5Jxgqe+iZD;B&1ko>0&Y)R|h zT5-iV>1f7UiD$14xtbOE#wMjv2xOPQV#q8E=J1NnO~Dge1sT=hU76wM(nDM zN92))zJtt#Y|=f_Y!&1HfZf}n4<_#)9t$Sh$Scj|d)pTBN_&%=(gG=2U5at21&u?R zQySt%Sm0scX#p3y7VMSw>{9d{?Iov+V#qT1z?~ySS}ruMEghbLq6Bt_iYja~r3q|p z>Z;`oZ+qZ%5hv^>cmz!q5FqbJ!P?&2_ixFqt2Q!T-s5$$*R z+QELHuB<<|DR;O^&KkpcV(_;3+~LL%%j>gwbfUdFes{PlkQVN6FQR{`C(p+%_2h?b zWKVh@)A->?{gn=p2N?Jxia%WYw^%|APK1PFi*D7mV7}&I{NWr}3&cRuDlSJ^gyg&`MzRTi zxMbiBB!@DB(Es2gLh|}n63H%)Kv1x}Z3@pwf1HQO11vgyy#hxpz_~d=r>_zWdvVa0 z<_~wi_UOS>Fb97)9LGX^@m$TbkEc61{`Y@KbJ^EbC<+JXOAEi z5Z%g1R*O4uONchNNqJkC3$6%QVlArMoQ zJa`Oylku3#IAHw8E#a{!QQ}c@|B>VIeIx!~uQDE|9Mti6nMa@|@lYfl>n@It$3?`3 zvG8~V9}yl~7R7_d*+32SF_UqC{}*lvkLQ|6Jc{o-ay-6j#Q*DM#-rB(9goL(_-PUk z%^z;rMbYs%huAO{9)5g8czpUsJb3g2YQSS6;{g9J+!7vhEfSBMdygEC4;u0Rn$LK2 z*stR;hewPi@zDI?UcE3n9%m98#=>I?J|a9;EQ|+_ov{Q;CvBOG@hIUX;-b124qcj=3a$KIcGJjP)#j4{14&p%2f9(Rw7jz{-b8o}cd zd_;IW{aQSD)FTz}P#6cqf8dtzC_OCku-|nA{%{_Xo;yXH4>Hjv3v9rUnv(N1Ww&O1 zN1Pgm{HOTRVETpAli>sxgdLoX;w$jNyN$D8d!K0n(i#g)(H1f(WKcmLzOVpoh+zV; zqkWuJ@DVWr1VeNDLzEtE_WUB-eDoaij1>C?Me~P4xDpfOuknYQH;<{JKT!qTn@01f zY4U#=CH>*{s~1K_}DEtZ_l#==vG*hs!2^I12uPkZ8&uj@3SJN5P3_vHaoaRXqN1 z-86R!vp-x7c~zPxxJ+L!f``eSrG-;_ulKvA6~3gJY9yU5GGB>JdiUX-w7%W1 zDU*n+P!-+2tNV90?H?CFo{|1>MGgGpRv}fme_WjUyz7Zxc6-K#`Nu)6Hf1K}G z?$1tpWPc9iQ8A)F!TFwZa+8r9 zutfKeJG-HW+%x1`8$8yqUtmv5(8I_SVk_x8SqO!Bq>Efj$d%Ttp9;y7(;!UXU{r`B z4!@alo*wE~EHLJDOv4tu2x=bb@IGc}aVcqVE^BfF$G|3_4=qw_uMJT+FOcjnaHgqla>Tl06i>-P}WS z;*KAxob&?o=qsL!g``ca!aGJX&=ILcOD2?R@d|wcFw^%+FxOVV zzmn!J@%hUQe#!vA+ z5b?aHnX~+Gz4xJD2jG&2eankSIn|Z?>~``OyNys8`fO~MlUCwoybX*bNa`30#DC)n zLDFT9gk%XkdP35b{pB_H6Sic>^q)K7U(v8(|GCz96&0JkPck;VXo&Eidn4p*CKqNQ z|GC}Z{QZh{5;HsF62u%;F-oCc?55zFX6WgMYZtZ2|<#$TS7ALHZvr;{4~5& z%>Hu@v?!MU+;_DGLciXB?uMsh5q%r+G2Th>v0QZ3+VT#iM_bO=CEHRv-P{(#UqSA# zbfo@s9nhlR)qn1r$7A`=O?av?|G6*lwxR!ANAAaJ@fO|^2B*T7N-VOW%#1-?{&NZ{ zW*V>?^Pl_WYa^+o++XECxBjsZYv}9g8gb*lVpDPp@iE@QpX_Mv@@lahx76%`J7lxJ zn-;(S+$btun;MZfY$N`2Z5wNE-2QXh9*x%C=}$J+-f!_1?d{9mTP;4pEw$JEy=?D~ zQ^Wk{-2Mqx?4Nd)C(^$STPp7pS5bp&c!O%pF|cnMZK73=|1^yT#b;5v#~z`2){1RG zWBnP$pUoPWfOOIP*{p#}@Ww1)b$>Ri$d!3t9C-eb#{Jo>B1KO+Ei7pSKWjeV4fjWL zK}`K&{%gZ&OEeW=OV3*ASlbMnKGOzWZ#UQ7oRUQ@)aok}Es^Kd42OKj$M_#kNad5Q zaAPXQ58R|&b$M2}F%3pe;(k~Z;K_74Pg=CZJ|yNT18?4Sl=+p(nQ8LFw5>D=f?khf zA^Zsb1b5MG^<*NLKfvF}v_U>?Q>N`ph8+n|Sz0+_zcSigYb{8QCL&=wl=UE8yRkzV zg{^KR@2VDa@z{TwvWeE<+r%Qp*c9#;r=gT}`}-!keODx=`6?1=OFMG0AB5zzY5vLw zID^Z+kr_-t2820+UL8dFdeG~9Ezzdw!wM zc8Oaa1#46Oauc;LA&tcrJPXdFWxxh{3!WSr}MFd3&FhT)&c z3(^SuA0=Hj<8NnYJe*^bmPf?x!Z6R<#i@@`IBLs3%s)n;UaXeK8RA_k{ID z5uI(ywrj|s!{St#*9WzFUYmzR=@c#{1sTh3xt;ea^dTQ-`FH0yanQ2U_QqBwo@VYb(C><%!_-B0oE_F@ zb}@)Q+$B~#9M)$iK){MjNUPw#sn2@jiu&xat+LMwZXw<)1Bprff!<$7%r861sgGjw%l$Hge$>%mxB_GljbElAHxs|)+um3So(bodj9BPz zW}YOn+7BPNrun4<3Jc?xrTp10;d&?x`{yxQh}ZE<^2vO3iv^^6C4>EN{Lv|S&&MrwZuSdSp^ICws!u!Oj zGolzs8z7SyYsfEZzY&MW^wElmAo7w!4OUE-hr z4C}9hkeed;L7i8Arnl&?@!!h+I_l=w{nZ%1tU-S@7+;pWpm!MUv1p7h&)&ryCBBg4 zK5DSRFOLi`by94886z{O|59eq6&Zy0jTHIAkeiubRP6m2FS{&YmLzt0cc0z?jSVl~ zo*4$eRou;=?GoMRhQUASLBKx)&m_A{rni9q$8RM34|~k;kCE$#c;yxQ6q_05EK<@p zlvlmyF#e^VOZYyAyw^5;JqE472V@a&`%^K#k4-d>?`QG&zEy0!lQWp6b>IU$5;Yv( zKg!neuSnGfcwJcSL^NZOy1S9l;uPjU>HwuKdIyk0IL3F)CHx;KjOgEB`1bgWX4U_^ zKdb`|VsayrAJ9ACXL?KYze%J2@#YTrjrcDi<5WZZpS^?O6Q61Hk5Nv;|BH zs9&$qKQf3)|Hw_!e{B3?ju)>oj}iW>evAkI&1Xd5e-}O@{JY&3hX1V?heRcwNd}li zZ-M_08zue^-S|7=f7WwR@$cUyYLy) z|J`Bu-->}nRN|RN|MZsVe}hK<*GIvB1cm%K8d+U@iP4u&GsjlC<^f<3Yu;%KYFc0z z1Mms6xC5?QC-GYksjo@VqtOb30S3lc;2joQRL)?k)`R!+u+fkKR-dYO0MCs0DD*aT z6uQf2%!07Y!=fQ4RyXuvUZshUbGP0N4#T_}>=Hf*T!I2kOkfvn@DX*wy>r4k;itRN z2?=+h6JDeRLmjZ&n5N`UTbCm6aG1%{|#eP#{oD6)c)Z;Fo4VeEP^O3TJ`|epefkzmHXiGj{qS*SPR*&O&(H2Cp4xJ zKFH-yXkEQw24~};uH+Ff~_2)sHfwhvB(nf=FQMidS9AYngoTzth z^@sJ&22Ab5Ry>nS>96Q5dS}FX**k}>HuuhNou57`HQ$l!aeF0Wy6Qto-B}pfwDDm| zKU25Fo}Uhp8Pu+p8SLXxC8A5P&hCfYni?N)=0NoE`EF)GVvgs6dKZK*5U2}6^V4M~ zhjoBe+=$Pp0}lAYI^ZIVJL1aO`uK1$uBZb({#16rq*8MSuss^~6*{AULU|Ek$*duj zf3zu33v4{ljY!2R61c$K(7JFvrP25YM2DKxrfr}};qGA53q@7#!=Vedil@O`Zr?OS z=3-}{=Ws(C9<-x)L_XgY{wmACW>JrR_=o=7(}8w&>Jp}(Ci+$>{?>47g5Ay7_N&93 z$o;-L>zR4sza&2`4&H{1Q*4!8p->MF@J-;L(jUQ=fn-v#N3RsTC$!48)bl|Vc((@L zbAisPU4MOKTaaT7%Kv~AaB z1c*Yg|5NyPH_&&t(sx&C-(80rO1R}?+1vgx=H4d%7yUSjh_2T3yxyxKbtVHynQu(N zuyX_Z_rMN(5;WnVqo-(J#*CbqX~7e4N+HxP@bIC4&?uT$iy)&=n%+SG9Qw0)~rJ3fMDcdjSL9RqWm>|F1dQvh|gw1 zmwv7aOcA(PBPLu)4%{oShor88IbP5wyTpq~Nd2kla@%156W!>$`83Sia7F0ezD}as z5BZp>(eO{xj{JzgI0u{Ew4g&RIO5YPUfvd}r!=E!+d%r>P7E0$-h{q|ISR47o|On} zU&a;GdxC<_Y3Gaj;u7qP#g zFw7#w{vldCy0+sTg`m?63EgU=!yJ4gfY~}vi@IgW-iw1LC?;^M;t^;=;QcCt(J5`B zgVG^{91-TInzk#5EIW-h1c^eCNuqf<^~5&OW2@dHS|~Z`l0iY+L=wNj{ugWD31}Rj zLE{%6@M0&&O|TB^Cr48Kjik|Tr22}wlZ=!abTO-6aGR|DWn0YEzogoz{SbapD^`DG zu08wb#N5AwjxI9Jh1!A=n%cKR+V^CBZfVb4Ju<32^8u=F9QMqQ%BVfHqARMc>EFYs z2mD4Shz6cTy6E;yKi-78E3`ic&cBd(!`c>o#4!l#ln+J#J+6HpG#<&EL5PBUe`G(BuIuwmd3 z-ETveu_@DzD`Ll)@5`Ye<5DcV*}*Rk`{ggu@V@>n9q*|2%Xe;J*zC&y8#nLz6D9I| z^U85y*h~9m2z!^=AhT19mw6pB^6G`W8gv3@JPH|W-GEHPY?muxyR3parb@G2LJ>im zzQEE<9Td}Y`OIY5L3S}aPRr#dy~4W4E{1EC%hr%VrWwjuh*B{D&*XCJI(myP+VZY8 z{~K){t#$wBc@{Zv{d$$M3r!5?kW3~fddviFDjNav5wCU6Fq zEtMJEjtm-f4F=(Njx{<)+AbybWauaOW2&NiGyf8QwEY-%={5yupCOU;Vh4$^2cL0GiB2ct4svdvu}RUt#>Q&%^zsESBW`90mb&Z9;{yx%#hQM_Zze=lXv^8Y7XHHr5~lw;C$ zTE%CYDe{hqVR-Mtv`!qvGfn=}Tay3FH2Hu2Z^e5k#cnsG?`Ov`T>BSEyhmZU((rzy zdt7*rks0jzkIbMeGH4*`A!mjmw?^nYrs?qwW*@@)kssp0dt0{%yvN`(qVFCP!tkDk zfkMo}Gl_Q@y#?O;t0dl!5C5%rZ+tl_-e=svc+Y%8!X+^JXn3E5n#V!kb=PwS)3gqI z78yjtyEdg!yknXg3z+{1@00e%gZBiK6Gq>4nyK+6Zy4S-3=E?C%{tz8ToK+g-;sD{ zoTuY$wr@rCUi=i&JDPp*y7@ZbVfMw9*D+pQ7fQeyg%Js-io5`4Mi*nL}X(i8FVwx7$Fc;ChW#Mie_SmMyW+=-9x?N1i zM?~b=o-oiK#NZ&F#xrT&dWhZv^o~m;=x-I9=Pa6ki5Y*h0zb@qH=2EM$BR1tVH1`i zV;TPkUX%FmgA~{BAJ`=>{F7w{cf2k$SjfXbL;QDkHt>h?oTrKsbO$kPew3H z63L&rt7+_Kpd1tSR*{U42>Zo1g<;NpyL8Sh_Ne0+=x+0n*pSV*E%)Y4`=fyWM7;lvq_?^?6HrbVJJe~W#FuUe1Kfsj zMRXr$$bVe1{Qr+8|J?`c&FUZQDSOzY{)TNmWI%-IzRNHlns%zi(GlSWMB0ym)cGO% zA)5@p0`uU=1K1D0vsKjMCLhOoNc$lIs&ipKT!Cn>0&MMzqrF=pyqZFuv7VEQAZ<(2 z4sP{lZ>K;dKG*j%)Fj7f7p{?>2x&iWZvVg6)F3bQq1S6TqydGws;jBQc7OA+A z21xYWdd>WJXZTmUA%n%wcosNb`)Vg{h(gA^At|KYIpG2m=NmO)f4nx*{#ZzH=f)IR zw|c?;m}%G_=@c4@s?Shq9~^I55O$*$>P}c7aXK6xG>rbRh)%@Pao8X~nDOgukgpNP zhuI*{8%z3c{E;@uACyQN z(y9qIPYPKzJx_~egpgG0<#72x7t6i zXZN<)=G%DfpP(D6e!sBlo9v%mwA!zJ)m(dhe}duiz(&P41Vb`Lt)ZZ62pY9bi_obw zFoyCL;fng1_#DN-7&?Hcnf@D$Yf^@STtK};pjFAWWAki>%*CCE8*F%$h)1Aj&KTE2 zGANncu-weQhW!*y0?9)MMcPkO^eWN(Xc)D-ru=cL1pccjC&wD91wLJHrv7Pbh{sYz zElh#0O%4@`?zN&|*tI!o^y~QRESul zr|cP)RaARy0o(|NqFaaIAG()}+Oi+9-0+ov;kSw}AUXap`)s6r><8L+-=BQn>FAyE zD!ZcQACD=w*Ic@C=GU$(k{@C%!tFw~%6PMb89_6@d3W}-MeYqu0 zwV*`t=Q`_hb8z6{a!-=mcR2)8p&e&cdOEt(zj6D9r?`EEj-vF`a}?jT(CqA>54X5|xfyQX#aTt^n~KuE4R%&)R>%*l61g~Feq^3dk5W`L`mozS#922a$KqD2Wb@FK z_9ArcNv`yz3c6PDO>!vd%arsQ9Dj$ttHb0deI@!0eK$PIm0s;iUlu%7ktYplE;TbK(9x*;%zEsVVkzndy1h21$bWqfSH^Q8(QB5=H?`OeB38)SnxoL9 z*sZ!#)7-cMild3T;XE!pm&umf-I#fR7U``I=@eXL5ER&m02#Oej)EOp;PQplL_Vk} zAE9yW^ApC@SvFAh~)VF@M``K~W6YPqe@pOo&lY3Z26$HA)}bZhLlM90!yI9xgek16#PRY!6Kk9{L8{WjlR&gL_;8#gGoeRQn_&$ z^yTtj3i_LzicI+Zmv~R~2wJN}(6ZQ0_aLuz{JTxO$G_xtIm#64s!^C#%)@J|AeYv>4!629>c?LNny4zDIpYL?qK zi99zw1B=qvgTFvlXlwc!>RM}2`kLSXr6w;mhh+gSvh<4#y3oG$F4vBaqNG-O;i_RF zf-*;Cu7gm3^jHTGA<4^oqT-)wDZ*Gxgnptc{ea7NJq{Nc0z&^qQOAOE()UyOj^GJI zgIY@OXF6S@lr$=ZigVC~+kbHmNQTaaA%dN#sBfp10U%FTSNbo=JOi0$aprwfkvAd( zq^whFl2TD>w)U1xOy1#O2$og)R4_hn%SK|XpDA-l=c!p>6GPPE zfqw0}IL!6ej%b}MyRKBaQTDV8;E^;*=X zFBZ<%qB0oCWMvXEt4L_OEt`oQ50RW-MiSiZznlZy!9iQaLzZSZUwSH7YHX^)A>@a} z?Rci}!X29lut=9SI)1%Xl+tSmbR_2yU?T4EN|exZu+k{}f@2lGhnRF9XYg7o&GuLk zc3AY*GSFH049)=hDlLPq^gDeyv0pgLlE*2J42t+6fhqwpAOduSVl$t^{ENgtogwAM zU`$iIx9bjrgmXtBD;nvavwHgDRKj+3OD))VX>Gu5*+W~nx%?McXpbRgX+^Psn+r!N z>Tp1g(LpVAJZHC6&<+mpDLTtpSA%2STx)kha$h&0!}X{@^XDwkJJ12GYef*#s$9kG8;>t`yVda-_?Jc z`#Ab7RAlbA{>iT`^V?}*1rfd}dhIKyf`ow|PzeoQrcwrzU8M#rkY^;9zd1~eFSw#i`jje7I zFBF+|N@bO&CD;b*g^~637_;cWF}ghyw;{Y~Kf&^86B9fwAxx-8E~!>OE#Hg*zI<7I z`N07bwu9Lef7@PnVRr2wG^HPob-%pR0}8f0-;BpM3~Zhd#D?Q-yPb-QVYp~T7ejE- znJxz5;^$Lv(H|GrJ(iph?1PJ4^rROq{8Mm&=!v$Q=m}==ZCBAn3tX(jg`#3t*wy0m zM@X-bI}uH?Rh$o!SLc!F$f;Y=45yQ-HSnM&b`hH%K2VQVcfoXTqNsinAJybe#EXOg z4RCVZP7MsTe#{&bel!imz;m-bh@C-KS_CN`qriC(H88;$#BC@;JwI#tdv@`7^bGzJ zp272B8EEyP?<4DTZuIP~3D550uT58J$hkQHvzWldbqW5Bv$ZcTx$d8}E$H7G0y4B;T)py~ZCX!z~ zLF820^gEZUV(=l+38l%{*f0zC&8)F;06j|ASaN4E~QQZFA5`2g$(gpaPREl{=DelMNejI)$ z;&-CryN7^ssrS>5+wUX6jfeDuhuR%=9`5MJcMq|ZQ@x*leD~0SXt<%DS@%3nH#6_2 zpIP@jA#dns);-h#cq98^I96BdJU5{gm@0ne_IILHs4`%9DdspeST5{Et26K~4U;6S zXohDfeej888S0xc#NyG-%cb8ws76pK=6iCj6TAlk44s3?@@~blUrq(-)euL(3t16j zXnnqce$52qNSy=*r3n)$+~jzgm;9#*ppWl)Xg&%EzVh@uPT*k{&o-FDa2$<0Q5z{v}Ym&w{?Hp;P)m#QQ`o1S3&! z*Ylyyy&Hdm_p%wfRvdpJjcNPDi=9%Ch{!+XTjR~NB#t`&Eq`BI*W8a8)eta-H9tjp5%iMsnBx}%O|(lpFY z$M6gl;s}BR@y~V4n>2wv$d}t_+pArCxl63aFM5xZh!ARp$Y+Qh_gMZ6rP&@^Lw?>alwW(wuZV>KN>rBxyHQb{@Cq6s6ysJ4bGQQPYAj5!KEV8S50!z10Tt`A ztiz(b7-f|p_Y%A*!Q&F#m*Tz@_mB=lARThY;eH(M$Kf7QB6lM0C*po0?jbE$&boYe zlz}J})ki-rbq3%0%2{am?qH#zvLwMfDMDEO<2w=|_)ZFx87xqEBR;3^4iYG;PfC{= zEM3Z3y7=y(AJr#C%?uVbtgdy=y5n)Yndzgy&Y3glXI44OomqF#&rBcR%$z|#vv?H1 zHzb5+`lLjfK|k*7T)XEA{7v(6k3-;QxznrM&(*OaMh@XSEM`4p>ukckf3I;8fgzH=!aN4#mNGW;8#RcVN-xO5*SmniVdCET%PNF4(7Vq8o!p`avX6 zY`JT|Kax3^9c0}eqnt4#y+xn1P;l>ks0xN}MM=az{{s0DR+B!gMp5)If16X>iNnXa zeLYDFh60yj3_8zQk9K2PQ@%gZ+YW2V98{th3p{%eqY4y8?!@tSif?R(XXr+nmMm-@ zOy*vaU6NgB_jbT=VrMEz1d-TL6O3rOElZT()*z-~oU8!ERG<^nJBXXZSmGBVKot$q*Kn8gb4kH0GT)Z#c$0e`hz{VNe}W zln5V$97$%9*83_xWSTw9KE4;JDtpx3PLjm#ZJv{LW4*VX;&);iSCEo3^Tv90cQu$B zx5H90tHS2{Vfy1V&e&FgJvlJb`4PNS$Mv;)rGf?2T9fNQA)uYy5}f+l@}|)`L0$zl zKu+*#(%zvvFkBR7Am*jsGYvKcZx_X%2MrNe!3I{yz&{9?+^oEr$D)fNi10{mERRl4D zH4}3?daDsJAaYw)DZYMg{|KnC2?4ADoaYtOCX=8t@K>6W4XwYeq8e4k_HLMuILm)Y zv{lTe`|@8bw%h;BjTuX&V6McB{)<-i?c&b+Q15JEt1Q>jd&iT0961xl0G0%~wmiTz z%R^PBo(AqA(Kd5N%_`w3R3GdO6Hi8D;T>e*-d1jkc?x`p zIgSJ{+_WLOBUUUlf7A);ddW^8r~(Hnj}C)LiU_J#nPe*u3LOT)vkF5B5iS}u3=JyC z3Z}!FWw0Tspb9_`!=M*jDrp>1<|-1X!?Gl|5j|kAsGwr>^Bj!BIAk@j%qze$ufSgR z&f}EIJT>iJ5Or#rh{qt25~xaB-qa&!);tmhGzZS7RU9Z|e9lT~X$>Bykla+U^r^`$ zA$HeZXdhAfw3R%VYpc%EU?ELoGlmfF=W6*_kk0!#inFrFaM^|dmPzBN$hIi0RLdb~ z7yI-1JM9S~?J@T9s(?;13UvjKpCSG)2D{^ogfi3*lW$waEL=EMoM`c*oD;jG!AB{d z1no#$PzhYCJV)nO?wHmU=Rc?dBa|%0*b!A>l`5vwnLFT>`IWQ0zS#sQd?!tGQPj`; zP4w7p8@dIv+C253xbbdMS9o8e6k^1k2j~E9#W#-zgy3W1V}w)@e^B@b^mRsUNLO<_ zcPGg!SykkMUF9cD#LO8g$Znjkr!!RWa5OPhlYC9w>c6OfBK2@^bGSXN7#?GqJbVCL z?NSe!(OHj2PG3bTPc`h`Qy|VOuA^jlMpHdSO-gl^y`3tDh>GP@2JuNzA5UsZ;9K0f zFigQg3}y#U5Ar8*E~Xg-RLo20S8j)3t2i2Y7Wt(%*`;oii9&ri#|3`JbXb}uTu|=w zh(qSdx*~OdeQ_EF6<^;}ILA;jHAC|GAlsx7(l(CW@g9 zovreIybs)gKN=|@BZZn%>`Gq^B@|DCDR+mf4+NrGrP$^}A-g(r183vfw-MEO6D>&) zv*)l*$|@TY%&FMm!4^_UsV=pGHRgm$jtgduV)~;vYb3<@RI_qJin_=|Lr>5{h#`xh zx+3I|QUqKbwhF}Y!NbCYP*EQmhu|WhZmoy2@Z6$A5A27DRA&0h1(tvtABfWZL~6Rc zxL~+kmdU1LWNxXR3C`aq+V94yOXXF9#>vu67TXO=HB3&{3eWj0U_yGNSv-TUsPZ@~ z-Ze{^*9IqQ6Z)AfH6W%T)e6T!gqKJe@C3D3=2ptx6M0){^d(H6@G*1!3aKRk+NBMRm)Ht8L5XBlb((VU~G1*9Cyy9WAD zc2FotsVf)-12zgQ6)#c={^ZX(>kD{H`~8y~;&=h<%7bOJlnk1UTk*jjJk$XCs8d+ZLplRD6lnYwXZgOemILJ+;TsAfAR{WZ)_UTPXs*-7HUqvZf}GHU+2#u)u=&VQ85e|lv8YrZ2Q$KY8r zNTcwRkunOsh4uILNPNpzP6UA5!DwXLYq$~;P&+!pKIr31q{v=@?-KF*)KhD+3h*<*_g zL3X>mtg(wOa6RW{4 zu>0EdYMCqb#q1V*%^q#o&m1{({k|R$t$wn9iFwg~n^Qvk+(foLWwzpW zj)#O_X{hCj|FM@t_{mH7=6xm|z%LFAidsL$uU9A+;1?~IImiXo5c|&z>&OdH9YcPZ z@LSukp)yyAA73+mR&lyszekXD!~PA!@7DOUt!0nwT2X*pP53=`W(dDP;YDVaWc!#n z1JAfSry`}fIyq3-E%ltt>na(apk(j$oB*SIo^4^vysVEVcXwtTnB0ZzbF_kXWv}vn z4Z~&jXSVyQs`>1@unE7}Uknqh!;1R8lK!z${`2nfV_oV8m`3Be%Y^p+q@$cOo5Od@ zQk1>Tn~qJ${MXu*@-4f`YIPtB4$vw&I^ofWa3DO{rCw@9LQi|Ctya`8#V5C8{%-l& zxiTLMVs&@K9F2N)^Mb?Bk8@=`IWD4Z`fsQR0nPpt4^hyU^R97PZ~XiCg-$QoIiOS zrWxcR1s`Z_!Qi5u;Sdqy=_?gdw9cTbVoC<>z5PE7+SWIGU8fC-tEc zvs^9`p0-`sT?l-nolod>*3Sxnd zI%58^k#p3`62u9*e4F zo(RyPJTIdxP(ON#jIlQ(W$eOJaJM*?oH2dvS;qLs9FD81O z{yhmHkSw|TDJyW=y;a0-_b%faV!Kc*vl24aAkvQ+P^;~67$niqZ=r_SO*z^syFlgy z`-O6&^Hw1dxIRDvX}QeM2U`x4Xo2nok_ty|z_%|Y@GhPi@(z+EmGXwD$Kgciz7s>a zvwfEX9Lqtk)D;LjT#kMW*edSDH_ozwsTQwbALXu!Ki>k|OkPI4Ub?4iFpcVG4}a|K zs8z^jTe7oh{inN{Px*S0V}0e*Jy^AoRH;7^?j1Bh1*B7MHqcwno<-Z1q}R14#h ztQI_QErCn%6!ZqpO0{t3Q*$6qKr6P2ccH^|`Ob!_6?8xWlb}iH6>&^29aKn%^HL>T z{!V>$GKM9qneDc_@ST~Ufp>_QZ521+b=g_XyxTRZ?f|NGV}kQ#u)RLtBzmStpl3+# z74^X-M3Jzq$UY|BbA}h>qxT{RitA#lcm)W9JU}N9THcfZ>9{g?@CWjlt>RytL?hax z!ibhL!H2ersYpa+COOO6HG@fx#-$WbH*GyrmemZWAeXNMhXRr8J>H#223sPDQmEWp zW9$=-X(X7wAcNoZi7j(qr4DFn$MS*{ymvFAnz3QQ@B6+oYwM9=Xg4l@6Vw> zR&QtLVmm$#b_CA_+c_7L<~rEixwsX6Nko>=fPrCQMCv#aYOw4er={Y{Yo(eh9mHh} zygbaX&nOhK0s*Tekw&o?CtvpVo@6372T7$YxBqQcp}OG@odN#pi}Df>yUX%M5+1Zj zh)M+M<6=Or10+ww7H#W`{`WS^+&~?csuPJ9!-t7J&?)%1Q=lJOKW8yz&O>7l79HRP zNDWV_-C4KN;>~oe-C5{w)1Um6PSs13%!{ps17x}kVaxR+`byD0@qVZvpaEKwV4=VN z>11ZXNV^LFY+DT{T_nWxM*7M!5R1A{Rcv`Q$ws1ONYntJA`A9AfP+2FEFpKHB9sW& z*id7jkY`&0Q=4tc{ydfT7oxEoumVczsBt{y$tre^q`OhY;<sA^r3>q14U?H`d6`v z00L{Fl>P2>%x?E5+h+3w$6s*Bm0j-{uU;gfE=gXLvpdcCsyO@-UAv0WEug(T%i##M{J|TUl7-~437M4$(4;CZ-iB z3LN6JzC8Ovd=pQ{ibX0OkZhj5oS5D$fGRh5mj{;^B89W@+VGQO@pdC|^6o7(v!R(* zZ67_?ZSrTs3*K6Ax&9vl2=EDtR;O(x&9i+-3jc^5%i1ambsSkm%2u-;6r?uaq|rZr9{Z zlj7#xXv?YB=%KcpI*V35*{0>xnE%!F)RrE)WYFd}pWwl-lsC7G)#c5dMy{H?naa7= ziVKkBuaY<2FKSBOq%HX$mp8p}KvR?Yn`TJ#=g1q;^{aUYG&!69vyjk?0|8aTq#-cdn&D}`!=g6Ch9sf#s z^WL|A%bVX_-XwR4kT*Ye{?+p4pO@?MW`3s_&`nNc(`cvJolbE#B}c}+4mN`EyF_CXkF+~cEDvldh;DsKvpc~E1-ny! z%!CuLBW4>5{RH<=p9!-y(LND~^&(@Fq8podFXL9hQ#51KiDi>h+aySv z6O3W7IelZcIbnAVX>-bwHm4l&#)Byvwz%y=-9!Qe_DgIqpFkET*qBTfCs=<%7N_;p zIWTpg3|O2tNsH4mddN$pL!Lr+_NJS$y@z3Oim(SZZhul}7Fir=e}W|p_NPs-Ke2Vy zMMa$6i2Z3f>`%+b!`NiDKlM-bd>q{X1^2MH3{aq97@#i8+(5*PnD3~>EbUKaMG4KA zf^_@S>+PBI;UdrLrBUK3JUGJni=x?|T$kzc;Tg(3CuJ zyz)OMPfmI{4tZilqCZQXe1%^6i{(knuQhps0~7w1C$SCMzeS#0*)~F+jKG6mDNhbu zq{|bVk*g+84!5CPYsF_s@_WmZyK|e8Cu?5#pOYtF&x=EzEJC6`OPxMEydO zCmXVwn4Rbf+_2e6NP&BZ{9!g7i9gI=Js;_=lm2(Kg+OVMx?HYrD83VpbBGj&Q#!8<*eM&EzI~e{o!ryh{?jH5B`5dS zWT3G>dFC7BMqZIRm*%Ain0=f+#D6aANl94111l7itYEKwtfw4scF#aIaCSei8uW%q zyhGUfk+b`dn9lAWH$wrw$>d9p0Pz)khY+LFYPKgMhYPxspV>HytHq2tO*{c(J+~(* zm6}7ogsA2=-3xH@v!vCz0;@4NnbVR54yAB5^(50o-A>mIw_moAmS<`Dij3S-`Uh>s z{^GnJWmEouG=*(qJx0r~u=UtaR9~zU99WO_P37g-u~?2NDt6Hf(1Ofx-}2l@3o zLeOGmL-0F_)J^%==Gs_-WfVIv(ER+WXn`sH{7h@FH^bImSPIhGi`FF$C4DFQ3$BP~ zaIINMjvS~diYBEY<7O*#fMfg+Cw`#nRzkf`<8|WF?oDN@EtMXP4Jd~(3*43 zOc0ZXQ-Hdyq8~Zl`cIotl$`L+J3Zk#yiV*s2kfpUKY?UO{UoOzaiBf`&aB5l^Bk6d zQu_vTgDDh}w@CqVy2ZE2 ze48Aw$=l|9+dPmUZ(Hzfi@+XK2#KwHYYl9cw=Ma$W#D6Z+lp^n1(wU()_mJK@VdNh z!?$e$&&b=heA_ngfV^$Tx9tM7BLoVvVdrrFBwKJYuCc8SuI<5bxNgta?Sog~x&vQ# z2#&&aN51YDbmO`cUv~=T;JPzkcMkT)br-(w5=_H&SHA8VJQ~+2e4P@syldb5@^7<}Qjz-MWz%9uMvy!r0 z{`1h|?VafI@&pU@w;SPT>7RK%f!k`cX{()Ox7KHPYqZY9cS(`o(Km<(I3EGK%JlEo z01*yo!(Q6tOAO|RP6fL_U?+n!c*AO2I`*Ehr9(4kOMf`E4C!s@QlDl^e@+^@rYE?uDvMHZnZdUhIS?smbrauJD- zGMhDW&~cIfHsam5k)7*S$|-;%+F;QBHSun*^@O0pTm>DnQJldQl<{tbR075>baHa- zOOX|1$9!#$619SDWChPRDtPS)DCk$jyLF@rVor%VV(j|;k~8-Wdv&D5ILNW2>Y zPqEdH7VidceY+O)rYzQj-ms|)_FDPn%9{}6vrFXW6PFObs!Qn?;Vu|8`$DtG(}T2IMY z4|b$@HwtxgXM-Ybl{EZlk#1)%uu#AbCPrF})A2sEgg)vWsvgCQ;SqK|^7aajV|xIF zKVjK~r$olZuJW_7yFH4UfvsHGWiAicGJIE^z z*HVB&DAo5o0hBRrc`A;a$O?RhM^gXcR)d&$r$Vsu)RqIntjJT3FQWKviX%(Gp&u&{ z1hoRt2IZ!HWm6I?-he!U1Dl=aCk^)Hy?jV7*OL-F4)uYAvWGqQwk6unQG7N!6EDk| zUE_TSd-oZUZLe4`>~Lh;9YLIFmv1#5*eY?{Z#^o+fo&-u14sr8$!sd@8q=;x`eA^TFC|Z0Q6R)k}HoPv& zjx)XuqOrUh@okb05ws`ikOS5{9YH^x`I0ChHNcB}COuG{ggZoe+I@)nl6+R2*0q?t1?sJkOJX;CGHdb!C63#kYY|l7*tscDpq2 zMg+A%mVlSM8-w43$k$eREjprNgQ-Y=@J{i_Ar>*k+|GJ+!TqhKU@*&Ul4p zV!U%eQ!2c+|0EUO=-8ocFQjflxin&DpgeE^Z#x+LYA8xbT6L({;5|CfnM97>-_jll zxl;Kv>Phr&j)%kg*NBJ1>Q}3s2PNF9^$*dg5&!nJjC(_TFvcq^pmsgbgtm_oy@y1a zwl5SIXvCrDVNkO}4bKA+U!m5Z;5M;i-Okt6z_a_1yy93lhu#2N$338jyJ765a5q}WNaN!#9{6Vp>7V%> zJynAE;TefM#LykR-&AbN*8KwCnVyJX&^4sv>NafSXXX)}O&&W=bPp5KrwW2kW{I|%b zVW%`DpFX_vZ}}8kKFz-)4*4_-iT*hG96=CrI;P2|1r!y5`I8Sx;+0QxrTs1x@Ap%<9d0y* zmmxZe_nB;VR8zvHY>E^%B^tYg$NOPJ#HZNnh@4OjV;n;L+EKipEfnwfXWQeBi*Aq8 z!vo142j>ODA5{+z4B6vu_9X;v!8$_sM>XODb#GL^VUfFJavTyT3yB&)sKp0n=@uRD ztdRMJEOMh^Rv(4Uh2dC?qv%GY+O+6E?9Ql12li)Qq#P|eu%vjnSlyka4@C!>taB5? zt#da@>s&O$oH;zOofaOL(J(wPihXV$87|2_C$4!8gbTZ;5gwQm79OaW!vn)Nq}(Je zbfFC?4|xWX1O6Gbg!@ri=zjhB&4>qteeQRS2mEX7bN3+1K?)3A|4m^JynZ7w5TAYS z$7r{1ZJpeg1<7JpVzGKScgC z>(G?^Df9d-f0~d#myC}?{$wH1pCf-(xBu(qPpc<1`6I&*8<9TY`XO!h6Y@_wME*&e zq<@k&`}r;YNq_$Q=NR3-c0Bx(&Io3QCb&jSqRB@IXI;u25pQk%(t~SsNuf=A zR6K|(cnn`XEvS)QojflEUk*kKO4PUO?%qR}Nf|~-noR1+CDn?3#~A*UVeyC)dHu!l zh%4bl34d^Hf)gbkarg(sIfzBVnKtV?OCSGn@bUk7s`T-nNRfzTnDo+rj2w9!rt|Dy zQ7N!v6S<8$5QH$7KKFON@qXaIafr9q;i?fI|Bi?zgIksshluDd+)*6j*{>!e2Z}?S zjq_m=66%Xf*qv2$+10GEP{ffp$PK0%4Mp^%jth%J47O$eZ}@A{Nu}fy?m-x;;ql!C z4sJ(}nG@-+8S=tq5~*hYZ*p-v-5{Sf_|iE4!k_^{Px@IRM-F6kU)6I1SAjjy-}l^e&ONW|_$$5%+680GiXU*5JM~v&mchtEmo{^jv(Szw%sEYPiu)A_*Y;9zlrC7qnBR=i>e++SR`vQ9vt(@V&Up1x?eN7#c!7(IVRp^^>NzMG_bwDa#ykwgcwn&d zV>}vG*Vq~>2e=MS#r=UH61kiEal{p`;Kz92Ncb`C#SC`p$M}3&f#0bgLf#sJ&{>HL_l{22rA{$p~0@@EXdxsS<0<qDf1y#B7p4_Z6m*n7zp-%i7afu=P8lP5vjcZ-M#uE-INXJGO z1U>YxVTbrNmWC3~%H>}N;QVY%N0f3sd4eBa_dboTb}(;;+g$;+p7O|s6@M{FoX6Q7 zSeB#>9&ffw8yxB@n)?cVx%pN_zH+}~7I&oIR>M}3F`fNTt-}d2;?YxGZ-xoFhR%1c|c@(+t z9XJBl!qD-#Ok7~-yHiZ(}KAil0aEV=9r`lC=0J@ zBy-L0sU*Crk?b!1+V~2uY9xDzzc!Naszx$T{I!vUS2dD7#a|mqcvU0WOYj?#@Tx|# zx8OGv}WKLe%5#%WKG30{H*a@Xidg5 z{H*bOgcZi~V0j*FRpR+bc|Ot_h36siJj5!-^H6ynY7N2jFnJzk<>UD%c|OX@L2U?{ z(Bk-OA9Z7QdxcX&@BCA4R@IU|WAxNz+i}Ng_RJA@f=kDK-<&ZaxYy%mPi@J$ZS}8T zwxoak8w<)dMpx^pvjEXqRg3#t`D?S`P3XXQ)nb6Psu^&+zTx%Dw3XR`rf6lK`o-A< z;#09D6of~*6T0C;s_tkS7UHHww7mBmca=Utc>N<-UMO*RBClN&a4Ij*ZViBe2sUK< zRD+rLGL(2Glz5R&qjdc>&S+F;0^qw5&-YXq2|+xDzdMuIaw^UWz?Ssv28&eU7QINf^^Vjv$R2UdHf&MnE)563c6HY$#Kq`* zP55IYNM;S$n*Wjc``WzmWICi@_aIicO}|Fwx%6w&4-b`oeb7S|+n1qVJ5{evN%ty@UUd#89n-HwJNlJ4n0~#8n2{aOuhVB^c>?(3 z(yzZFCpq1p_D$2T;6$NdIw=^)7_UIXnwR2kVMW2N>x_b3?NYF7Ot@rZjRE1);wb>P zy}fU6h}V4X`_eSY@er>cbxgd>tMOhim05=;mvo(vRJxut=_+qmi+Q{h63P`L<*E&U zaD@`9&D%k30&_u%!l}9(bBUxtT#(8$=SvFY0;xXc4zsbXKU@n+uq>9Zxk^;|+)CuNin76=Ou*^u6 zntLP#jv1*@LYx9~!7w9LX1*Zb$|Y59u9Z}!q$*ANx(4P}Nvg{Hi==c(>E<1h3QH<% z-Xf`5N!6P5k^=9H7A9KJz+AA-c${oq9heKw8IMz}%K~%3IODO-ni!Z1z8Q~Gtx#a@ zGe${$f83S51c5Jb)h<~1>HeP9aKubdZz8)Srhs+0<4=w28xa$MwhGLD^aev) z-l+R<5NhnH2i72p#5L|&ROE?h79k0EaP+kz2hLeIY(2~X2zv6IQhm%hWw?(ybsnPo zOu#|Q`kl9U6*NN2_c)BkG)fp_^T58DbMePGTAcbexl`Y4+<2`79U%)+WV~l<%s2O- zc!)7a^6c=vg~rPH9hf6!#ig;d{!A@ z)T3wtGE`!Gw>34so?E|uveo_mYpv}2r|O9-?^~?b-A;8C=VCpQb zVcVWi;@waQ?sYz}B=`N#0tf?ylf4#uRaU!T6W-{lnhoIu!WisD;53N)?g7OJU$L#m zcVNjmdG)W~SCe?BejlLowaDoDefiN5!6jP#z7dh!`hCYoyVs=V_^hD~t=aPn>i3mK z^Mgyq`T7)<0|Dbpw$-gB@tKY*r5l#OB~6<5bethSiA7a6_YU@g{=cq}y@({4zw|#@r@vxEmb`C#zQ&sYfYtyYfCg zb>$|{!5Ukj8wO|my}J?uYDx(BaF#0s{KjXvDLIk*!l#^riWl)?{2hyHz6Bv5gDtV? ztuL!pZ^=#T3+zSAw-<2GlI}6w8fyjC_BdW|Xz|&rXs+#nRc!I`EAD?sz!hgdKvsbF z+HyoDTpa%6WV&w@SE(>3S?BBs>w2Hs*F;wvD@`Toh_(@}%QP+5)XgV%th$TbOfI82brB1^3Sfv;f@qLX&PFKobv(-u6A%KA){- zw!cZWKQi6^IBDO(_6N7W0{aX1O|$*CwAf#eqQIUw9xcCvGa2!9{@pkROu;q9K#r5O zSONDW@G>HEAkNX@OeHSO3NGnUK7!ebBR#^2&&rRF;)so?_G9N~33`@kTkO8YNc}xmVA*oNVg|frhe^rTA5Q=aw!DjlOQIg zw!Duowmwn;+8+!&6&>yEH)CLEi~I35=6p)+z$AnbbO{m*6JclC5N9*k@G@F{3&W2R z6gjg8O-;jUV0{&PDE>VlJ6SYNLoM%#<}xBWhVI)GPDZoBfjyDyLaEuPdo70pNhVHX zvuEh3K7-Mu&+R?rkJ|De=4;^M^V)D~Z&-`@3i6tF2vKIf#mb-+7SW0p-zfov*gXIO zPkETU_mz;grsT7b50^6_JMKAmTEu>5=dizdtP5#XuY~|nGMi2iiy!<0TdHC8G!JSw zp7<`fFXsaIjNFyX4Mwami|9JWt=koS*1sfazN#f_`XLeL?9V68lRj=woX6lzd*ZBp zf|dQ+iSu=T>ykMC5}imB=f|i~?~FL_d9X9$eAQl%+kS1W5^2;X&O`R)q$7)C}T$rmf6B4usqV+5a^^7X8Bf*mpi^zvMdJv|sWet^bWBU&Juvo%3UV zLMPHo{=_p~EcvJZ=xoVneTXF=_G!kFmwfCl`A!?a`FJ*s4SwnY zaP~*l|Ihcgz1Ux1e@8!Pzu1@HP5Z?@Y43kyv48RBE*JX|bRxajuR_<}>Hf~Yzq7?& z^gb4Q_5IQi+v%oVX-GmZmem>VtD2fW&+R6{f zuH|PQwKTG6{lHS^;H)*kI)cgmaBk?w(-z*PPg{v67QT^#lh49W_!ow!;B&P&0nFjY z)u}7E7$;~DRq|kkOLBkv9#>V1Q9q_93l<|uCaRW!sPk72L-G53#>F4ffMTe2%Lhm= z$^E`v=5{GFdZJwh(tpI9d|%5)%P3Th-kCI{2eCQvxP_mP`^E|3lbq-=nLRqoD$0CO zZE2Y=#x2$%;&MB^eUIw2ikn#QJd#z(vH1sg{C6Kn$8S7+N$zsH%rUCdzeO?$wi07) z*YA|rB26Th_*}Gy@yv7C2pp}#3|`S1PK`QAohr#|myzioMUMZ3B{f-TmLDR&sLvY0 zL#55@SKDVwe88D9lt57KiHQ9Q7P+(v?3q85*s8_{X+fdxYcuYCueA-5Sf1jbS3Jzn z(F+}ty&2%5!Vp-1F+mvJ&y1xA>m5!|w++Q(7;9Fk;_EURGy-OBHWtWez?>K_uIE0O zNL~rq;h-~A+imss3Eg&+$D^}RwEa`a^C!Sl?Y*m;g?8Zcw)nFZutuS0U-7T13%h2$2rYQ zrpOliH1EwDdEu&-9w#1$!+bUi0r2FIpS4(1=li~LzF!~RT_IcdsD{>@=qNN=>56d9 zl18WXSw7&hv%xwErLCSL@i1Tt$j^B!2a=J6pZNfnt0Y z;lKtUJO~Fa?d&{1wR6dmg|h*CbBl5wS?l?~xugi32>kbI(Bds^R>O!+TBYyEtw`TzMYU z@B`)OuC9Q~rlzu1yP2|_V12p2REs~&M~Hw0RcrB;GRIO`59cuNtqNz^2rMR5a|kYr z)BNgeZ-!6+mY7o!qPXEBRE0VGY)6jx^J&X-OSY4MMM@Bmd>|enRG${oR`&7ltGte6$Q)2kcy0GwF$N;!p6o89N4Qa(7H*Vg3O8QN8o3kj0HKY77ea#v>LAsC zsK-|mIH1KLtry8g5vL;`!UKV2NH)SggJlBi)Mh$GNluz(k2pIu3OIVLSN?Mr>HMI^O@n9d!Rp^WR(U@r#W3D`UeqH*UeSYw=srN}8oz zn-v!QM-Vy>qU<^%+|nhv1Kv?w?F7Y&fBJSHYfHHwW&rqHOh&cNWy+!ESYy~sc`t0I zCAlvlI~n==6o30TOT(BDHLz%@@a8CWFV4Z{Ds)G<^0k%O;s2B~M?8La47GMIUXcx7 z5I~Zgc~|53^j*cHpS2{nzg=1k6OyC%za>0+N5e2a29pKwDFyf_v3UGBEr!bzfMyVv zS#Qs&7k+6@oj6=4lU{B!>2*};36tLK9WRrfZ~Q@SIJm=KkLk7fbnGzU(~V!ceEMYa z>9sDO4*qYm@v;mE5vz?63@nVHO(s696+XS3I}DUv`1DJEpUJ1kcL3|+d$HovXEP~$ zIzijBTVCA+@^IgqAP<)y3n!I)@lV06^2_MDcU<=Ri8lqW&qHREna?tl!0)h(`5n7J z#g%-W@2RQ}FpX4I;HheXs;X2~HIij|IaO^zRmKl+2NfC_#4oEX#jKZ;g-(rr`fayM zr>c64H>67@evDOU+w3Pm^(gI&By6~Dz(y!8zk(VtcEzesKt|2eZNX1zF*S+6wi ze6&5YUTib#*MsDeS?`4g?QrM9tQQ-tLX5W>lkuCD-+Iscw_{Pli8WyU20)KV*01a; zpqnAkvV!XxK7(7iH@e5IJV$M!4__zgo(cs!;HGfp0IA{KP{P1=ZhVX4mezAqCzL~Y zUgRh|cM;riI?a!kE`jhqeKLg+NyLA&HH=5ofmB2F1H*H)=sV@pF;sZILxhn>&J(Em zHDko>khMVk4#sgr6S_jqX);v$FP^Pb`gP<6r=e4TT5xI5SSwBt%q>ssKn{R);Z7@l z#Nw%fbH2kRN0c+;@>O{1)BgL(Z3XqZx*NMV@tDzh1;Gw;J z#bA$p1!f(T4n~CSj4S@|bFPFku6PLTImQ*|gbvlX;yUSc!77-IDdUPwja{?k2V{92 zmVB3_XmC(Zqk?wE6@@ge!2Jr~mTQJ+ZgQ zA+J>+OcG}j_2k?{Ym0%_<%xC51S6FbgZirv(ee3&krwvDF|dFG*?BoMut@l|>0l-p& zPjSsGZj`cHjSKJ%Dm#p4(!ur>YyKDZ70HY9nyj7;Z~DTiSsfTx{Ona?olxQhE%vUg zZ^1mg@yd6JaK>*V!ZB)mp9VQ=VqQUPgH81%%_~wlul@_|!P0|<79}`i!_MN$Mq0Mf z&f@Q2U^|lQZ>OEbM1!0a)(QG)7(2YboY1K3EIcL_RmqyCjM;LG?8waGj(=mLk9%8f z^ju|TasF0!qd)p@+343G8#ek6BsUhR=T;x827jP*uVD8SbVM}xxsP?N!9P7igI}7~;9n};IAjg} zH&y%BrrVE$e7dLngEjbIb37V+vaKC!@I?>IQ&OoGdq5~6#S=o1h?(!lt8n559Nnw4 z%12OzzYB7JZ{XnJsPHF;Ada>5)j$c8vS=JkdgjsNe>DI6ATGNpjh=&gl(06Kp~wd} zCN=hA$FVd*AnA-RI& z1wN2k!%hG^l=$E;W-U%RU2jPqu9k50Zk6dEC7`2^88j`cEX>k{@< zmY>9+4w-ORmV7)aBU>Z@ihlqG5VK1|sZsxjqjHWrc%Ju?XB|lPOI&aO%g&6cvvTay z@;iE9E2OX>8}QKp5{C)I;ntDilHI8Oap#qz$N%F`u(8_d@w4^L^!Rg`8~C6WOhN`e zAeRnp3xKvJ0SE18fp0^JPpg0&Fp=wMSJDK#lB8Y;Dp=B_YvVUl0#ou4j2dqotT%m% zZ`FWz*r09atOX1$ZW0B?w`jMB-~Ng{n0)*@Lk~1-4R7EZaY_+vfOBW{P30W97{rQP zU>|D~Kr=^w?10L@KtFnoo+|$v3S=3ZmtybI_>)_$;c1w>OjjIXK8zxAU>|{XGv39=>Nr6|R$Jdm+3&+|Uj|jn( z*)BmQE%6Bo!Tu%ME7WpUA)B#q)fTQ%h11RIVh_tE468A*Hz-9rYP<&n;X15)&BK3n zPLKb4_7tB(jPqVGQ{M?OHUV@U+dOI* zrt!$D8N_(a%PuiK=|v&N+g=c2{5pP&N3gaT#Mt_~TJ+~ZxPc%4*Zf!1wx{@b1-+ta*?C~3Av9pj3%(hQ*V@)&m zcW<@~r2fGswZFacmC2y2!32!gpNDZKB@_Q;dy4TJxUgw^iZUcgogfGC*i-a+KEs~k zNV|+}PmyDn!I{@`XuO^%!?Tt`W_nu<+HF0NKc7+fzKlq{wLr zvKh=wMXzVDN&blp2ia3RvccUd{%2&Xy!fzE^4L=x=c(j2RY|p~l~T|D8MRRwh}aR76FZ%-)$`%x z34SG$?Vuw+P#t+F>~!R5kW%;DUW4-yq<9|7{|V9&C70D=)sm7snNc~Np?T&jt4W-$ z4&;>cO{R8!hohZGg-WA1xh8d`t(}MO`am4d5=L4(KZV-)S1^&bcK%sDy4v|hnPLbj zp!>D8^Ei-B!S)xutE$gc(KB0HEzaqVie6<11$J=4@*EZYh)bT%$yy5ic;X2nMA6UB z#$$$l9Qyh5D6A0u{M*paS0aTKorH`=7I+npetsA9^EW&pd+S8jld3q0x$*#d)X%Hd zXU&$LBP7YcpUTO)itYDAF1!7`>)W-Tr^Pk`W4P@%5+lL?2N{j}=MHNB)AiE+-&s$p z;$G%jj9yxQkXEUpFQkh87Qt(97ZK39nJwUoU1;g^BB!Ob^m(&Sq*e;TQrOr#`i(EB zp9kQV@(7=Yh;q1+SZg3H8@V%-SOal}dt$$8si^AqoN`XjCLz2DgbxOen% z^z}hFVI$@TtvtA_z{sUannC%paz-ff>gyX`qyU8y94xE?A;Ly-Af*|hL|+OsTErKj zCa^<`UxV|pz_fretoM?AxuMihD6$v;!SoZ6Z$bYK&jJV{Hq1U2FCWqyR^uX(hfrb%D|J>QK9jOVTZ4}fkd6kQaLm4d zpuj~58vHuwJ)l0GR!LVJ2t7 zM42xV2(@RMwxNAd=mS$ip>OJe?V(hkTXn5!9X0xi-Z=Re+RFK2n~m9c$?q`#lIR&i0b{=NdquJqoy>ofHC z1MSijgzCxBZEHH#-|xne|7+CWFGaItUv2&Ubx3}m{=Q;eT7Q4OUE0>)k3kYVVMqG= zVhrQIrN4*j+-3^Pm8n9SDLiwnmnqCQ-uNSlV229)V-cIq;R`!d;4e=r@TdOaYe2FibwWqt ztV{jwVx`8@soIp`iY(QM+P zWWgvTJJa81t>Fp(Yt`RhgV_5d_0-?L*M#|lESLKGg5wWafBz2_PZcE3Cn|YTC?mou;}ZAdp1jAuRDRJ_Gp_5lZ zkl57~ECCw7iGefwTBC*E8M%c~GE1CbsL{R|0Z{uJ4ixwcxpe0cOyL>PcE>>kB=Yb(L!yWfL}HRYv|?!o#`tD_epW42_RtZITf!OdBf zfIsS*ZYW@lav4hS+cjCS^>h0$B4|D>aEqejo#95V*Oq5lH=O zTlp%GI#d)y@-W=ST-AUTLZY}fI3d_}zAjSHM6-DVu>f>`X?`pect(p+Zw({P*mK%q z#+YG*2{P4tt7_5wtLBgS&Y9>?vX5VsneVopSBTzwW~i;UFj%&RH*Kipk&Z;*xZjA= z6kefPleQc3o=c45T9&!pQ+uuC*~B~vXqmPk62K@u@idx>d?EY2+HkNy*JDDvm&f7=&W~Sl2civH>Nq(cwIkm`b*RG#v1324Pi#}5pZK~ zRnP}t8>fI4y9#W1dYI6D#jn5%b2k2r+>&viSPF=a_=62MV8Uaiu=lbCITOJ_YSx*a zWCV`QHlX)U_d~9-2b6Cnlpkr;WK1UOcv201R40QU!olYT85Ne4yDVNn`C8q{0VCH6~pz@hS!`ne1e|H5kXg8DDg&Z@O$8`(;oB&I^-$RBGsIfq&V2|8RG@q0z<--55hF< zUy3jR&E?MbE5ukv#8`>3V<%K&hd7315Y0fyLd;mqry^j+5*AMtygx=^#v&sRw7+x0 zq%Go^3rLy7X{Q$ZrKE@n@4F2c6|(`2KH>=MZUY)`)>DgXv4>l7{L&X7cZgYF%e)FE zcr}TA#{4rd=_Q-=it)&`paKfqZu-N2{fqjiYxl0x9~mC{iJ$*b#rrWdCmZx8;|zV{ zcHgR0&Wo(IWR-7YFmWz+muOs9>z)}kepTWDjlSq1Nz&e?w0%*U9@W+)o|4IaTIAn* z_2f7h)VJhw7*OtJ3?s2s)bFbhGlheA=yVRkum@589}EI+L#y*V-T%Vyuo@w}9e9}h zunP~k1z35(seM;r}E>cvuEKz84;9^Atc(=F=%ae80j5 zh%=CDL7=0#w87)J41gd!G`*3X$~nKJ3BZ7D*#R)za;yg!e72c^`FMx?NvH6@VGtm^ z!)ON(e=N5FLIzRxB?r+S7zF>P&F>p_R0?`nEzA>Qm)Mr4&loEt=r@>FNX5brk!ga@ zBXC1qk%9%U3z8Q%I2eIw0k{Fkrs6OZ2Q0jVh&*Ik3ymHBN3N+F{BSMct-WE=Y_O^} z(|Va=TJN9@0a-dFbfMkZ3X)Ny`7p>H5H}qjt*ONudSqp#mQKgthSsTC&4z~7YAw8R z;i}tUa34%u0Mk=&7uXt=>8;UhtQwwP%RFPWZK^PICD!sp=kUS!xfe_T;syprG=E@h zxR0$0C)V42I0Jpy+bt)0^yl?ppxTz-Zf>_9$-iP`&7s88Vv7Rica%RJd|7lF&ln}s z6%Shq9`><+DjpVdo4awCS`M$s*~7z%xVe&;+Tms^7N9g%Lx;aHSEJ1MwvalkbXSaQ z&+cAyy+0RL((07X6)H78xg{HHV{=2}mWI}e+D+5&T~8f0{hVCv`J9EiZ(Z9qkY*tD z7L2s5&AW-I+7_rwqjd6c`B!HdcOhyjX{n%gZUXJr*RkwhY9q+vC-i*tx2z%YE*q00 zS>hE0?hguuHzK_eW2^VxrW`GPBC_G!a?3aI+t7NHcI!}YL?+cF?-5kS&pe5quu%sJlKVEOoY<*bPnX%(>ds#+|J=7 z#-Uzw((tJ#4ZqF|VuCwc=bL+`8$Ao98e02kw^r~0p?uU5=bLj>bvB!4N^HAMz^1~j z?qjst&^qYG$>vTxAxglI8q9YgxkYEbhnf$PxOGz3dwJ=u{S`G31pgp)qKm)8gWbP8 z^JOLuTJ)K~e&(a{>7Zr8fU=AqyY(|Be?x1zcI%nxdVOX+pH~dOXvFYqMhu^-Ft`mU zMYJRb<3%V#AYd8?=E+vAog@LTI~bBc#xOJq1gXWrRc3XKBo#>44lws|iqNh)xVCQ) zoU*y4<4FXlWf}Ki76hoGS69&0alsY#v<)$r;k$R|)^h9O=mP~zT$qlHhWXQut42jx z#(C+gwT9O23*hP|D520gyJ3A!qPI0xG3@Ys#O&z4HEO!70_QcR&ie(ki1L$ajgs9q za!BAjk;MNE85}6iM0wisbHrXh7g3!MCOdgf5%6jhJwQwKc{$cPJ%!kY8QAm{AOZ)Q zUO38bfh{IOdBCdC!yESXK`cSkkl#{?WrBU*kHF@`Uv4graSi)=Yq!!}vZ1MujcoGF z%aAsb!%&wJ(UcmWF>WyU;dhoh{BURVQXo(RUQ&xQAl`UmK9K8z-a#lRglGMBvrMCt zaO4x6&|j(VanKr7AL<&^d0j3=U)p8=u1(ix_peXqb$(9&1Q?G>*VkVGW2d7{%O|?* z9~AcXcn=5STF@6rtMloLaZNkrUu6Ckr0c`{jp=->-uZL*N5rXgqL+V+=yNfn0wQk>~J<&z$5N@2BDcmUb zl-A1Ec={A5UsE1^=WB3@v-F2Y{LL-AI89kDX zRKh6R^Cb%27I3S(VoS(z&!Zf7C_&loPy`1OC8V^50_?h57vXP?HNoko4fYYd=x_uO zws8b7PUxh^N3(0~Alf_D=vofxP3u(`zCpeUt8i@WgTs(O_=mg~p&c55F$?xZu{Fi% zsbB>)p$O_?Re2hDi+6&70}CO-fglp^Cgt2k5tiFU8N(FHI2xdjzMqIa>-ic5bIoZ5 z;($cG213ydd#ld#y5^?jv`KZM;_=hpado?SU{$Rsjb+w?V3c^5Nhh3o)+H zf&!liM_XwroD&^n&7nM&FB>o|Fhd}gjeN&hlL*m9^kQq43ymK6EwQCDFQ-`J?Rl~M zZf1oK?dCl#M1MnYd@FLKXZA8toLsurux10ggFE$*7g2?4lBdGbt55d)YfINfz8^}S zg?T@#D59xZJ;K}u)eg?nP5?^Gq_+4eyz|bc7JCG5Qd9nhY#9@$t!zx404tI7YH9JY zM98lpJ7S%TKoh& z2=`N;mu((}L_7Ja=%0!l{nJO(KY^!&>l|E#seQV33Qz7sc=^$Xce%=^LQNgqzqs;g zIZET;e(N{Y!M)VDYmry^)Lx9DExH!?%Z<=_IZ}G^4pBaZlMmX;CtMbE`T|$?6bihi z#s0|iT52q=Zi0YUlu+&A1-l+GC#peatBWEdae3RR-W*xZm5-y9q9L{=a;bSLDs@CE zB29*DSI9Z;b#s(h1{D}jf;|V=fPUwp;=?Gf@~W=@YY&q+AyUP@(q=8T6--PpiA|o? zGEJktDnutEd$f9BlNLklt*j)FtD8-!t$I;yrNyZNLYX|tTY$a>le2M^i<=v&D}=-b zom*plKbRb7e_EMU#2~YUu|}t{$jMhh-+{oTksE@^3vy5<=b*gN*Q|&;Vcf53DiLU$ z#H&`8B6rH#@YO^z5Wrf zSN2j4m9`?^#2uie=BJozZv`3a8~yiHOC7M$;?2nFbT~c3`N@2%(5*n`4<``96I23f z&D@32Vn6d#qQ!U1eul`B1)x#e3I8p;GRFzKXTOIjnOzZFrW4IBfFT)Zj^Z${CNbTo zvz$4W1rNLi^7I`?t7T~!>M-_KZA0v~NV%;SyBiKU)=BA^u663!W({`g;d=HrmtZuW zH<25hzC?1cUvM0Bh9F8a&)uq*rdQ(|p1V~Ytr$JJyjrn#d#ndw@`2~n&yVj@C2c8aux~osiAtRd_vbbY~TG7D@wRZB_&h=@r3tat4-ZEfo zPQrXlxjwB9dVVlyhony%atRjk>(r;6)7OR) zYIs)8RbcYRKRWUQ&-#9OecFW=a}fVieOhFq3lFWocHv=2k3)ushgm#T@RMNsG`1NecI`LJiu`OYy}LzxKn^3hEaI! zef|@D+F6rrfRI7_xAke$&R4KNecFy+x%#yHTm=h5rDKz*)yoJXQUD%5uKTmfK$MZBogaQN}4)O>wxX^a-X4jHM> z_#u8pr8bQv*)^)v?nc5Zm`62^-G?L7K6pU0CVB>>RBCms^gmIlVNiwUVAcZdCoDcBb8z4PokeIgnq8)E*sMTpm3DnpG@x=2;{ob z(B)G@*W%UCDQxCw=!l;08gIA3)jLQ-SLkTy7EDjK>U@Ih(lfV=X{ZzFA( z*{Dlt=xU8A*C;|<^()%cS9Yxr8V?lrRqE&3Kw;AI_^&`ecW=7BuSP$2S-QTjMn9*e z>-%c-bB|-MrswZJ($AgofDf^6qTlew-W7R|l3h?=r?OCEXY0@gD8Wr(sNoD;8`o?N zB>X5bIE2el!xpP%=<6byT?jIPVU%CvyaD?$TizEnmj)lhX3fIaOFYutNKc4$AnvOo zZl##L16fYwI8OmBUL_(M%Eq0ZYwIy|7 zL#?CSF>Z9n7~Ke2W_yi>cW{tSLQ?XYwapbzG5$$fLG-og@2)xLf2qGainNwSQ&H%T zzXJW;v%uu(`o04F-2&A2<@9%_%YN~|&(R8ghI`-#iUg&ui})dZJI;lgEgq=ZLa`@Q zbk<;ZC)m=tM#!;EfJ{FRU`Gy1mRkL&l2hbP?FL66NtXM}hTz(Rwq^m{hi zad)bcP)3eT&-7b(PV4d7&-Lc?T)!3FjJX~Sy&dOTr1!uip1FPCeTC|(vTdF2B`enHkB`KHo5Cg5F;#enOPtCT{t3z4=%nWuthg7A;r zY2M}3T3e~Dq^?%M)+IK+vk}xl1z>|6Y+DWyd>S7T-@apy)H=pRFphkGTw$sQ8M~INltJ$M#!tgqpFD z9zX#=I||>(nI4cHYJI~6>1RD4Lx2{Z4oq5h2kKh~jMQWRfS$KDyVIY6-vQr{KRn5J zlVu2M4)~@%u$adT9B3t4_Dja4l}hwLf3)`!O7u_*(L?SBAblt~nQj+#B#{}S2T;T+ zII`kAsq+bZf5ihR4bj8=UP|;(Y5W8il6NI_*bFd)5TBPe?$lyW3Q*qTUxubAcE~qQ zhX0q2`%+@`>4UVNycTOlcI2elpPSV>X(_Zz>JDCQ zIh_B;mxjiSFN=f`Z2)&lT!;&N&F=#;5QGtZtig<9B*m~9Kuymk`uGudcpZEm|SLZrux<|0P~mvm1L>}XF;MB9V>p|#yv!&_XMrZUue z+4yiT0826b`NnrIS4{u-TQj9^z$au!c-?EgEKd{SG%bk<5Wrxy&+w|nVgF$WQrH(M z4L)I!o=63cNT$V1V-w!aw^Ij+AVP7M8u66gex4m#nP}J&}o7Q)mx`>9(E(D z!jSy*08xdra@Nb_C%xmr>_;BA8ae2NtJy&b!tC*;Lj9BK2?ZIG9P=jtYE={4wzDhBJcQfWEgI-}jOZ?a} zh!y?b4GrzSy`gU|hif`O41s7W@)vPKOT4MvQM(V`(4JdZJJ`_A#brbPwY#&So37%9 zR=2Q*lILO)XJ^EMF|h;PTVS^!Mdji$%p12sp>g?TaKVQD@hvzRA{a&tAMh#gsuue- z^5X7IWhx=q7h89dT$qCBzd5*%0zrb1IVfhhw5O0v-klr9bo@QjL<%ja{&hk_rYi(KC8yrzi-?7_oR0FH{aR6hyuj@I|=)DbvUt; z12d09<+OH!Pq`CT+S$X~BtuVRAT^@xpccCc-9=wu9H%Y=pU9rrv8rM2L}U%Hohn(z zBMZDW%RnIMp9Iocz0(+ibuwLZ(uP?yI8FQr3YVvM4)!*Qx;6w)}VQ&K`!Ci4}j$d}S zkJ~vLyStmayYa5dpIt*rk-{?IVkp5!j4Cicfemgevn0GwC^;-#vR`l74{zifvWx?Z zRMZIycyZx0gg}g@x*TtTJ;^rZv6h#ZZrI-zDMU2d-x6Cm2x&_2QbvY{e7fQWxCK9`|zjO zvKe#9{bPSGHNMg1cirgL<@Y+{%@rNipBy(gqd&=U^E1;o)nk#H)Aa8Pk7riL?WM;v zq08^O@vSbu*BOU*{QXeJ11>OgyyFIBq|@v3hle_xzw~$>_;**|b>pX9ey=lTb^QHn z8_)C0yXtSL@g@TDbPkWY(cIAXXv0|h;q~gFiG&~PnDZbX>kXrW^b5{AM@sK(LRe+1~ z+=E!hZ{UOY2Tx!tD*Cc?s^Db^R;W_VH+EhE#-)oui*Tt%rH<)J45=_!mQfgooJgvZ zFw+z_rzzCGL%|mY12YIg)?Q}sao9%CCn%%g+7LW{LhYpB1Y-+pY*<~&m_QNKL!;Ko z`ijz#Cx2_y=u=LWK4Um%oLa`NPV}ECR&?lW83VP0w}8XMd%UfU1_QJjC}sfolHGbk z+ZEc)qO!vsoNf0htgYx83HS!NvnSwFXMSIUD`h<^JsQ z;k=Y;Kp3qTa6AKf$?PC&DDhdi?4_ngNi4DR>A0W3`qK^1_OH6J!<+y3FP{|(Ds#MHhj|b*h$`|;@9Cgeg zJDqhj;w^J*;Ai|JtinnYH)Di>Q|jf-L<*;H{V_MsH+V7fG2ztB{$==v%|ZA1_kt59 zf#E;j_(vgXYgk>RCu9C?+@y(^p9eP@sBdB#?>F!l<@eydo_f#^LrCOvq9|cbyC?4O z11n{zyLFJ*COLCo1h6m^%}(xbOe_2z#VX%A4Vq+bxuEWA(gROw@nidY8Th4c>+p&f zVOPWc94+>jd`jdHcoIuBByDwj3|2pSsX(lA-c|O{A#09p5AE9I^5}Rt>u{Q2;UeqY zkbPR=m6>YfgsD^Q@{Zwd6lUi=0A~=hp&}0v_kl(UUDc2> z+#Rgl1V=A`@L}`&V%I9ae4_QdHXJnfchlkvpt>|yqeM7ykKe!~QfJX$aeBeowjb{*UKQL8%t0{7aQrRp_(d3> z4{t-sa`?>JBJ{(76HBXOd#@|BMmp=E#J-S6&k%W3>2iJTkV|?Sw&y z1`73nsm1#Or6{>V31aXdoR5VylNc5{Vt46e;Q4O>!e#3%jeOL#v710{`|+NJ0F78; z$}Radqc5loTaELD`MrLuIcDz`Jl-rD2-lcK4%6-RQYIPBR!WxXh*z3Ap{E{SFUJ#f z0TFSY)E{BH_=jF>)LWYPh+e=}`miLU8U^$`#EVMoGE&z|2cj35?*Zf}QJWW0U5aht zi-tGhIs#w8CW%^vC|%?OlDXghUI{XDCj!gmRV7LgZYzfnb_Fn=QRYsC&a6b~y0zRe@~s$qY&_M;}uF=gd(VkLQXTO$b4m@MsQO+`(;ZWdfqzYkRJGO$o0 z1gu&j_^-+z4DMa!3qpUQ#r`DF07Ps48c*8toBj3pO*~Qm1`NO+#iNwuIxa>+TMl%Z zu>d~beEIYf;HHy#r~Ru4&X|i*mi6qbf0|cLJT$b z95pm5VxB5A2g<_Bipr|9wD=NkIXW&GKnA?1S5NRO03!CBv!oastF|XtMFA1LDqYZu zF?-xN3M+)t(ayA3-*)qg3-JWT#?!ahsoR1FJ&h2YG@SkP)T91J^xOF1W1qHJ$9d5m z=(VQ~Z{BL;bx-%mUOTPyEI>;P=8zb7|*T|go3eh2}2L^5B(SL>N zQO+DLAi^4VG;?e4#amd5cNcizM45baW=jl7iQ@9%&j)BSaTkT7LBNJX+z7}`+RPDH zTat3Bp5*OJz9mt}XeD+$N(<|0A^}i89xw2tEOl`T$#>ZRhZ8Y8 zoCp|#K$FXifML#!eSq0e%*Z?F6?uV$*oMN4@P%n{M-dY*kzLqbkg&N}ZRmrhI{q^( zfO+eOoMIxBB_68iB7QC24J5@Nsmz`7l$`a^(_-Z0RY%8_0@vF!_hf$*;a| z^EbT&WxNgkX0z}&aLBZo44cWhuC49aW$r*k z!cZLaN!H~aMCC%nRah9aH>TO)ujK?1=^`8^IGU3Iw_aF`9L22%It5y!hv*S5mT;Pn~%}e~DW+RY3MrFpsMVJE2hQIxQ5CbdA8m@`` z4X30VGPIwPf4h|MEy2?cO-S<)xGUlbeBtE?pfJKj2AU$nyi=#emID^hnkh#R^fx_W z$$(zc3K-`p!^5gKds+1jnR|2_0|^C!d6E9yo^Sj>vFZa&gkr;n-EC}`W`pu+e38Lt zKXxf$7kst=H?A@e7Td#LXY@LLwnNVmXM$Hhz!+oTVjrlCA6EU?4zS`NULOxH@$p4k zd=N1(cUvv9fCId>AGbdwxb`L#WRZyj+9OjfelKysKLi)Bs)NdSIKFt_y~ul?lNVwq zaD+?3;H;mZVZA zY=g3DaR2JRKo4MD1A!q^Jvqzh4Q=ny-FhHi;WgTMh&V0uaxHt_an%MeA113C!i3K?>WDEt2IfE<+ zAJ&*jwwSuv|2ura>)DlLbrajIZ@Lh>lo!E(5lCH!qrzuCT;cjGuYw5&R?X_KEgzY> zv8}Sc?S?s<11Cpbgn)gyFQvED@4G>}=_J%0Oy)H-wFR2AA05q>u&32(oBfeA&aBGL zGAj6|jDNm`Ka|k^>Hy@v2-*#cfZWTrqnL;}QZXg7Bx_(DVGXeQTlrRBtB=*o%Cov# zIaaoX(#>fQI#Gep7zYHR)e3~pPlFI5-YDCY==ZGer{O4dqytB56dcXx3kQz=m4>4$ zRX)Jc-xVB9RQb5{zQ~7uvT!`s;*rAcyFr&6d0mG7iZoMP?$_X! z83|L%xRp~Vw-Av}?k?U!AnaF40z2j-5Z4;#$T>(+ zdBu>AP+k>fRRhl|<<)cw$pIM@pcezJzM!M~5MeQxed4nk$jHy1R67C6t6>~pgHm2G z_(M2(r@$2*b$!wNt8fFbUvy1HS<%6kSik14#pb{m!L8a~V3w@RaA}HwAQmc`z46>V zSRVC(^MMZ}h&Zx9dXLMPz)3tatKZVH?$JJqZGJEMfe7&5HCheKNOA~-;oiFm+>q^@ z)ZWZMI?&I$+Ofx>(xxo}#}5@5q+OKyv8+xUETnEgd!g~0G6jx#Ts0Yyqp!iin<$PD z;z4oL*ECuGGTwRmvo>q6QpSAJO5lZT)vm!hhFedzOQBIA4G@@|&+G-T=vH7+w6WXh zeU*a!2T%>p_a69c*nykYo}#^PDY^V&M0F=Yu1A+>K{W$Wz-YXB4WS}6;>b%0jL;yY zatm7&EJ~x?I4&$guDOkn2#~d55`bK>b&5dZQYaS5z7!gN#9^{aNCf8hK%%6&aZt6B zgL1<+5|BvX#<&Z=T0d~`>AV1t>HfJSqLH3@ z@`ijva|$5Bj1)&D5~WmreU$`sjyh!m|?1b+Ki@w>EP+{k6|N=b!9lCFMFTT7KJBNSL3cIX8w=9o?RdH=T%GG#pJkmEz``E#bf53m z*4cD>mfG*+?r5pOU*9a!Yg{APu)55%A&n_deCAPLUbPe|8m%VrWN4!m1i23gi{xQ%UG4>_o|a;A4p~g z6K5W%O5hy2>Od%UCae>m3nf;~d=rfw#U`o|H5{#>Q5p#2IJO|a26xm3_RQ&R;R1Wy zH;1ZAL%#jEfF5Xt=dKGe5(r_m@t*+ufqz!>pcsWaQkZpl$S-K3fu|{vTgm^_@wqP2z~`xao~p%Wkw-^*n)y9Efe8TX z^{;nx@bjnu3#>GXF0rjNUIp-g6m#0wNpPr&L&6w$$W~ks)p`^z=LwqHpu6YIyC4hC~-cn*jo-?rO zh3F*CG|D`qNRj(?CmLoG`bo=?Tj2fmck6y*`x>#;xb1_SEaTfa6dMW9_)J@kXTR;* zYHZmO&;b)){;F zC3V=TuR;fu8lAH%2lmOtM`h{<3>TCd5_VAhD6Ddv2f6z|#c`ED0B6=m5vSh_V$oqd zuk-`FDOiMvI19@2KG3{!gx2L{IP^Y~{Mr3b^9Z(z@y{rBbj|8uA_KEMAnkPB$Y>+jgV z3eJ-QJD5*|O0)$(;yYR8I8Tlw_$V;KTtH$#siyY$S)_!8_yqK~YRo+X(PigMr<;8 znoAp6bfjTvuU;80)qx}+_^lR`3&>#S3@PpqRkIf7JM&$DHI2=>PmuPs*i(2x0m?Sn zdbF7MV4RZVh8o^IfFShF#OjF?!`)8fCC`aRW!iZ}sij_h6N{#FKw00aL~#%*63mfj zl@Smga$4&W8eZc(lsw;V`VuzX@b-Za8o_^1hR7siH{%SMJ6*bg0Xa=nC*UH~um)Bi zdowB*dkc|lnuTI|fn5OOi&b0_MNs0Dk<0GL2HgMwx+HCZu?Jto0;3g!s9XZ;*2H^Y z^t9Vnk&NJ2_Nkt#0`}0VjE<}?R-m|w$q#5)jD*LALA9D;eSwi_u`$>N=6z0&V1Mxx zFp_sfv3>xrWR{tapRT(UN?02kHoYJR$j|HN=S+t61%xB8ebC~+!7o4Iic*+j zG$Ca!gjzxM`yk5;C7JhFUPz}GIlJS1bjsM12RO{_JJTnVd+W77P;o7a=)W3i^N{j3pK)3Faj zg#|8h(L}%V72wagVm`q+!$4H5VKOA`@c%i;Jb}Gz~ zXrOY#E~wg`ab6aS$&3rU!e6#$KzTh4;7Fa55LLj&Ej_TCdwxayK>=ksH~R~80Sq@xo&&@T2e!bf&!UxNc2JcO4+;s|@0nDUo}tWND+oAZwMz~aD;gZz9Jz#}p` zUEo47<7ihPQegfP7zJ#)r%?1sXPcU1SqS{Zn6qtuqCn8i!TbbRnA~A!DANkv;Ud5p z3;_vLOe1CddD<;csR>alQUc5L#w9yb4651Y?y5JYAkQk`()ua_a*_??*;BvOnL z$9eGmKgi`TKqidYGxyO=YIlr@$pK7@Pia>V%_r2_C~m%12Dcz+n@?=x<^+O{og+Kn zId+X+yDbOt2w_s;1z2FTCZV0Mr+6HlsQf46K0(Fdz$xN0S^eA+HvQrGeG(_8QoC&p zkM9#bGt&n}`lsQs-3-Z90F`ApncahadWIc24#iGb>Y1N=U>K*x-I35a6_dnun1Ft-~6_;thVeZrBwqb}!z7(_ZrCs47JNgejMC_#=I&HUA~kM)qt;+CpNgYat=T6Inb%hzxT; z*3$#;tJ-X%35R)jF1kgmBrM4C$jNwUhC3K;q+feXAso_9i7X}oB2#qK z0)Ao*-eHoC$074^4KY-9MZa`y90YDCZ>|+{3P|Ok&4*A+SSFLwNI<68ir7bw*dkB~ zX)>Iek@Fa7k~P%bJ;e9+-i6V*eWHS^3G~W$`=SHDupmYO^w&q2r=zINZwB+^rMBoe zyu+jhACfJK`LIa|_gi0QzsVRWpU`5zlXaric0(DgIc{sgM%7}=WNFe-Z@9lbJTCn2 zGclU%*I-!-)qJ&7_~nBmL`U@GY3UBkN@hVRB!&_?;!cdo`7^G<$jk%FJO_wt%`7~+ z{bdJR&?$---_qiB_*fmo6sOyZZ^Jj4=ya3Olp3d-OLaht&qHzZdi=pOg&B9|0ThNI z?H96J_!N10(XL~%uoG#VK@WriI~{uk)4Q5gKqFtqUIFfF9(#qIbNtqo1R4jr60cgb z5v{`dp=-RbbM{!e=;jWI5@B2PH#2Z_OtTgKFR0K%A0&)+XHzFcb>v) z@2pU|b32I)##{MHYg>l?2zvLf?IB(R3oRIqdJ8B+)*3rLqLyFTL(DjXx+7%|aogS8 zMu%h%F_Oho1-%-T!l=?HDx$&&MhzX_<*O~aU2ukD53vL(+Cyx^@0YcQ_>IRN;{O0& zw1+?^ByhPeimT-j69})ff`}eM{SM3`hFXYG1)Q%?QV2P~XF_VkkBsj}<+KE8fNoqu z$QTd*t({@STBJkm|SvB2*a2>JdMO9YRolv`KyuLeh6C7}4XY8Kbt*;l zlz3Nx1k9NEgC)5|fj|}ouqI_o~|+|fm_seht?jGe_lxjBGnywXX5dj@~O6shIS_*Ev4DXd92b%%^W zTMqj&ShwtDqf%FOVD}BMgoW;>a&L=| zC${C8;A<1zh94_mXcEtTTR(+Xmcc>|a+bJ&rKa08k1T*Joej9t6zK1ar??!L+wPIsqR2*1*7UB=Ch z8L(ZEBbQlokig_dk5%*efDAkOSh^s@uJ$-nsLvWezH5KEJ^hi5){j^jI*@N%it8YF zmY|{Cdqmi3A<{Hg>k}r{W_$JS|pKp+-AAY^|9N=eY%uz~`in?3_o+cwv;gZgdrz^bcPn+iYyW-Ae{IJh8dTk{cwV|*16N~Xy12= zB`GiL*mlydy8iY9PS^JzPTt_GP7etiNEFgW)2k$v?mGL`S=Tw|=sGWhH&wpcU?O9P zW$qAZ;R=J*Z|~r?067oY2CJ}eJv56|56SQ6RCW-_SKJ${Rnw-mZ(HexU0YA{A2Pg- zyDh`ByZtA(w6e23Vm7eY8kj1k#~9cnT8!O z?SU~=FagaOqC9>Cp-CfVAZ#O7$`Xn0!^u1TAA4^C9#xUOji-||1X*rSA`tSW!axx! z)g85;D=-RM2C>P-hqD)6!a=pL!6AU1GB8y9NC`N&3#}c-kQ|hlNROhvp^MOR!FS8* zBtgaUx^s=gh)uXxUK9{;Dj3JE4rG6WH7j2wlpbi(qIQ0Bg+@_8fjw59;=)Owf zb9^W`0au7eMf_E+je9r`?G`+bZ%UeTYx8yZDU^-@h?hZA*|i991+r}gp9#GR+lL32 za;*(2Ted56!{js;TY#GL2o$_f7PTx~GxZ#C5DHe_xy3&7J1eX0C4Yx5|

H_m^I<%l>_B1 zF}NFMb(e2u0ywaPKmFGxme{PD9D`pl7)!Lv@vRdG2jhm?8<=r(t19ocg-IMD*K9HA zs5x#6Mnee~4s8MyC|VP)A6+v0hHE(Ep&T5>f$rk)?TGW7pTYeHF8{gCz$8JbSU4^_ zGLL$9ryX_p{)h`_IVlHAK!$&WHGX4$W0RKeX#C98l=3+40_-i3`^byQ1Wy-73GRD9 z%j1@QhgeUcJWVeE=Y1-|f}*F^!Hjlh!5oH%zF;LROUzt_VFimIFq%)f5Q~yF_1V;QF#Cd+Ly>X$rX|F1Kf$0x=x*3)C99aRCSy~m4^IQn z*i@(eDT~mQeJjA|tDS*-LD%NKS#s@7xHf0LOicBDx}$iBM0TZ?aFjCmjk(ApTO)14m#9GQhw6 zJx9UOL{EEsrg(8jQ!|Q07#X-Uz&#(nl}?LJ8Ma?phM-c=!})<< zn7U;B+Fd9+AHFR$hD2>m%jn9^a-rUY{m?(claPj-98y>Jo;4tLQW}SXP)pI1Jy=g0 znpgr-fC_Lv>WN5bj#$!_Gc%436UFq5wF*zZI5A7)QwpNjnWoVV9E*yWka21zwsDOF zCr^fFWS|iJSb;K*)3I1F9lL=Wy57O!6sKc3m=3uID~m3p7t71J-} zWGr1w&jwQ??W-(;WJ0g=4#GWEp+P{CAfrCK#W`-X85>JTi0w?6zyURmOMHpsVu_-pW5%-sqA9& zF0ptn&h=lLkc%A_AzXX@QR)Ju7i&Fc6z>l%O0Erifd4BByotHCqny;mDNDzv!dG8T z>X?#~x@Yl?NnNg5Gm6yC7N6b3=fqJrh&f#WqHs=Eif?>vz?bI3`XMMS=5)-0b2`c< zNCA5DbL+riPAaErDi%Z`u`%J0hd;lM?j>g&SK%ws=5>f^2+z>qoTkH1ROL8Ph>7Lw zhxS%>982fo>ul{eY#bCBc$P6BMXQnlm?16e%*k49PYY(j2~@hxb9+dUryqs` z#4IXXd(+5B%%W1XXTlkIGG(3SAVAh>yp0)FYS&*D1|?=u={7HCQ2_I~0OQ3<2q9$Y z(YqizXHg6BEh}Trq7t8$d9Q|p$2o& zGNq-8tt(k)DbOLxd_O!TryVG9{dz`3T9lAK&~l zB%`oXRWalgcB)Uh2>JNL>ry_ZYyaX60a2D+C?7FB=S3fw{ZT%0P@$a)_i%7!L1>J% zBggXm_SRy6_^-`Wg#>`!iSB4IQ$Z#khfJ)}tyCCC+<`)2hN1@?g>{a)OE*;U{3l9A z=eQSy|6We!!80^e{pL*D7Pd;A(op3L43~x~XQ0(^X{dTl8Xtv?io%Yb(lq)^I*$%( z+T&d)_*TJQC5=^=gAMM$Yl6{eCe+|c5!(UrCyZ6s23oxb{g4JcSP2L=EZM5~8Pqp>PR8mlt8n8vE-FQTBcyAch_ zM6QV41IDT?!dSIO^T%Tac@93Lm~GfjH6&c!u$`)pwWg+>3Z0#@LYj-hcB(y%uv7iA zUD~PkX`?WH3K1M(r&@?bbY?rTj-4uy26Q0JMD2W}i?maRk4bM-<>X$T6(U7tL z0+!;J3TD_A95z$QO=++fLzRY0CS5H8gT#*nD#U@FJ#iFPs1ui3X?ehIIrX3vM3o-OPt<`${nF&1T+Dq z@D9W%;PIw6GOC<#b_@QBI3<|VDn*?{4(`+hnv{6IY_J1Da{ZUN0z=~AH8GVYrTy5| z>h6!3s<0nV?v6+Od_O<@tmQN-CV|r|UYXYt6YO|r|65a2CRO?5fi*G8yq%<3=0Ro7 zXyh*zoLAs%weK)ia?o>wx}>Ta^k1$D5(fT?N$)MNP6&Gt4rKf;|0ibbQk&Bd_~>~e z8-?TEd?XAO0B#tzXS~yYGnOj1d&Ws45$2=qUPLU6zx%Z03n54Y@$%WGAwz?gfu3_0 zLao$U9=x5tn6xn{g`t_@=#T3*tH`2yEFxf;?0v3?y7HLN0=MM5dBX z>8J%*CvtfZXa=%F%M4tZCuk3;IPS&)I~Q{I)O?43@NvK5P;-x~IKlv@?*s;8yZZ?! zCX>W^SpjlG+uHaMoP*z^g-VjsXeefBMSDI0#bT5ZTO2qoKW(GKceJ@OyECZ>6GyJP z+U2XN$y4qx%~K|p!lpQ~#>w3c`>?UR!ls_|?Lzr~^qt&1W0SDRIepbN&LfqP2A1rY zgUZbK$MBK!Sfcn$5ufSeGh2L)6rW?o=R|xKK1K}U2l*&|EC~O2FZ`o4{9{A-M^*U8 ze*C~m0NJP~&UU5)Ar3JD9kF2m!HLeYU3Qw%sIrRebNcN^A@ThXKgF4O(z|8jUogO>T`lp?p(e#=??CcA~PhTgWaV2qV@7@DKD4I*xXavy^6t*3wLv zt8nmQIkH4Q%KX*)9gL}XcU6v>Agxt6_siQww^o(XT9sfEdBRxreyEFC{k-|KS2+`= zJTJaM`>NyKv`~Leiv9P& zfOWzqqNLN{mIZoRAPSCJzdvn#R3UWi@A7 zVakH^rTIcdvWRmg8q$Ae?RKJ@HDJ$@QxBT7)~z#5TGu600n)omz&?2vS`nsXOTaiz z+)DAyKV#x1Oj>M@tlU_dw8rum=73qvnN=XE3J!48hZ42JHTV@pAKEJ9LD;0V8c&8v zi$c&aX~jpFwET5US~tT!A2w;pbxGZ-HI{a)iL8ASty*L2S+#Hk0*)b|RqJNcsx{YQ z)w=%w2CLS5vdy$=T_GlT@3)VzYz>7ZqP_c_1b{}5Hc1s*B9t*!qnrnn7PKx}M~I_(xfsHN)?5U0yootzeyxPWMdxkHgUey!G6Hkd<=WUJc7Sr! zRID$%Dh4M4DKf9n?B@a__7rsmu`~9V1IB#b+1iUrly59VDQb($VZFb~_8<(VDOwQw zP-)=yt?XuPJnAa3JnvOx{ZhHI@sAFu0T=2QB8|*MqgTl)`5R}h(vJEpUNZJX#C8S- zT#1wZ$bgf{CT`8R8~Cc4sBCil`QNV5e|@FQ9L2-uf=&pGapibdi}!L9vSg`W%n{#_>}Io3U=# z8q>wzHVmIQK8Kb^gx`#z(v6!7A%_!iR2*AEiZB~dK#Z#0AkC+-N}+HO1d|hZ4MpKA zXthFRpNv*{$QUn`rCun%eon&;D@;Qi*L4?Yh}MfGX~IN{dje@_ zpq)p58W`PjZNCfeaXgvLFK<3i?uJFH%AK~~6&R6%+N5Bk=$DYwDJI3->H$G6(rPT6 z$Y`WY!F{J&9M@UsC0y+Q3%K_yg)>l)n6qGK@8qtz>Q;~}2P451Z0t|ZB(=hm8Z6og zUL0^|R!weA&nV2-%Y%0s1bZeZS~KV)xT=UO&N$jkl z{QVq$i!BUSh5FD-Tks$US(^O^a<3PA#O)ly*nhkzKypM2wKEbaMm;vMCuM6R5RK`& zBAvt+(Vr%?t=FG|YvEgNGGIRMbJG?h4AOW^@Z@UiOUfsn56P1w0`@=uE8I&ky~1nUYin8n zpKHSu_F;&En8O(}H5mu|yb)RcPjA*K|3bt>`DrM>4Swq7Pm|?qJ8?vmr5>q3hTQkG zM()o-7@{87gVN`XM6(`kWj&T73SzEc%okAO&`Tz{^5zHq$kz;z^vjoJjR`KTu)bvd zgJT+qKQtVFUj6u&HW0skIR5SR;~(2)EmGE}8exK;z3Rn}7~h;w-a-0&tasX<_$SDV znR6f?Qfh7rm8Zb9>E+^=%^jEkrTtoTZ1{*e)uAaI4ciV)$A32dN8*1h{wFGJ=N6zt z;A_78S|GouDIu^_eo+I$QD_xc+Dn#?>@H%b6~abdCWiEfUaKI-s9$p93#%r%y-PYG+vu0DWr# zR4xGx$37rLk$~d23D*Sw^q>yt9gzvH3`U4(BlZ>TSiJqqR}DP>LP)v&6MV*$*lz{7 z>BIhZd$7}QA57}|v+sdCcw8jx={MNfG}xmgA4z}7$IIypXY%o4WKTYZb~Xz3^=dTO zi$o?8HuxAi$KYeD*A3ho5eh!Ob%uPLB>71COF(yW7&ie;LiPmIp>cqG#nAx$f<3K^Y?ft+AgOpvRaF=U*Fu(y11hP3~ny0t)`v zC_vX0M&r;&A`=79XymOoxnX9L8;DSFDESNlRmBTHE>Ko-=nf2@7C=?d0?DD|#sQk; ziw0=t58`cD0zQkpbwD5g!)S6d5SmwEFTz)^9&)_%;Ws2^u@S##CaZl04bmpz-U7Ny zxDzqBTHxAH1mUKMnx0lZK0Z4d+~2WaZV~v~p#AD_JD6~nQ8ixD3om-$A3|{{0wnCu z_^QHQW~A$RUEG<$?!a_`q;cSmg#91}Gz;v0D1xvr7d1XD?B{1igM9+)`WDz{8`ZbJ z`nJL4npUh)Pc`Pu0R4&S0!gI51oS4xA`77BkUat2De7`sKwlI@1JolD(4UaE&d22@ zpsOUH)wO-ksA0}$xM0d;B|pg9jm1EhT;-iAegF7nnn^tuV?3JECw3;}(4 zTmX6)l$C&ZvuK>XsA7BA3HNZ!lX{fPTY(V*zv>vL}b$+R`XM=R^hM6`2@-&N2ZF|Ip||`-O(uv+R#E1Eew?&i^m~ zr9=XH4A~RVwyzrn=$eP3ap*OXi2=xkymb!!VOZPkmq|b|X9#HZQ2{6ul$9L17K5LK zLmQxH5>P_p06p+vG(ej-i??B+P>j5FK>soU-7i$`o&#C2Gw4IjC7^piSqW$c20sfR zMF(`1sLN^l(1NMa0L4ZEs(`ks1G?D+^p4O$d(NmiGeAR_E|ByLC@TTIgTc=NXauq+ zhw?VDrl$q8K0g|u43UY^VniH7Y4k%@tA81mMcHO<79Zer^rv2{H|Yh79ZvXXc8}NaOVginl=y#yj68#YjH|}xc5?ok+q7As( zCgJ}FOXrPfw#nXltR3c`zC$;eJ|r?}GeTuZh5bLsTfkR)F2K(cdq32Mn1@Kr7Yj`G zC-DxL|6*dEBtklk`aO&}&}G8y_08YWp(inQAZZtBETJFAz~meUUm$7yZjD0Ns25@- zzY)kgd+H&F^*d}VE)ba*jNgKJl4QL7#&-=?ekx{9omv^N>X@mb$biDwAtD*1CO#x@IoUPSK1 zlhimoGbTmDQ}v~ID~G(u?T1(>dF4Rg7%lhM5#iYH;K5#jJ~tnVGftsce&7g~^(G@4 zVtYjF<40~ey@m{mCAtif5_5*!(IU- z|L%9Q^c^2H)HlTYI&RqT)o zWL<$NmbP@QEhcywylP~a!mzg(hHLoruJsuZNw_uptavY=j+w?yX(Uuvd++%?#_zut$xs|1j(>GwX&agNm>_djlVAwu% zdP##v8Fnwjcq)Vp8_uvB8O9UfWLR^CUBfW?VaTwZP$IQn41384TgI>s4D%ad&oitU z!a@(pgby*`5Ejxyf0Y3)2K>x`n`J;Z25e@)P#Msi0m~V1r3}~##Z7yk0bOLkLIx~g zKsy=mBm*90KpX?$aFBkufUBG~ZwKyO#>sA%a!o&7>yAk5!q*)^|6x3*e@QkXYIpvN z-H}l}TU_eH@NR$$0FFaJoWA8851D#5*14Iw9a3wTA%zUyq6eQid?fO`;fVEM__~~c zi!HkCO%V9@g1L~wa8nKp6|19IP+gpYir_iCF3d&K6s!ls?IZtxcTE@tp!{W|7~$E| zPSlpzui7hz#;M#<<+mr}5j)T6t1}Ufro2)O2W)9A#*+$z5t5sX`#?N>KSd@uCnwY% z`|;K9;77`P$IDK}iNh1NPC>E(8%X7y+PVreY3S=^bQse9cpYruVSCvL!tXa=pEyU3 zR$L3s4cu)zTqGEayRzs{vyjXSAIC%B;Eetz{!?_+Np=JVyqaZ zwGKz!7#X#sUeu9o5H+23eVtLk8J#$J71@dUdIB8BDzc^LLcm_BbHb^{HB1?;^(up< z2aMdEk-1wf_&C&no*aWv%Ajy5YwDHafyd83*^EJav}$eWYNM1#aM97SVq*9SV~@3U zP2x>Dk|}qCAu`hEbs}{-$B19 zp+_B^~}S4^{(>_c%vaFWTXjoB2{)UB7KecvT+Y% zB!d90kBRj~Ym0TAAC7uKWYlhA<<1(lb4L_V#}71+^`3^YZP0I07xVDa_CTjpOjDLp z&Vsty-0cWcJ55DAQ0W1FsrE_YDQhwl_lCL^>?cz8*;a%NJ8HFC{X^S#7u@vV?ptvk z@(J`gVZPa-zj;T#xo?h<=2QL66L`bDzJaW^EMW{w-~lJ_#5)hSHz(m8FX8pzhIsl! z#sfNs=9P30e4~tm=)O=^s88sMkjMro9z!T@m%AvG66zf4$h;A_dnvL!TYs3q2fLBr zy_b;yhj*;x5RFl#F9#KG@Hx~%6jZI8aRr2N(>5n7E zrV@AO*a2H2q zy5rgB;pZ6Kteq9W4=rUMn~0|x&BKm)jL|&q*(RFDXv9JDxQ<_{eUy00x}FJ>_Or(J zZ2U%UkduL|0SuqRa4_K#R6^gs=D5jmqvHn0^`qdVpN=C8;QNc>-u;<*ic^&Bw_M9c zNxjAN35!07oXFIHq>XuiE?mN@%Rx!Q9sn<|*O%Ea@;{7&UIybIYQ`x&!fLg%{z5gb zxy2(a8P}K^;Jq;Bo6d;BU$Q~`OLtoE zk7z3X0;UFjR9wfusxE%;veEeOii#gOH3C0k3H;DG8iRj`mH)X-#h;+_9~IZ}udIvz z^CsXQ7ZpEpY6O1768J-n!+)if|L&&ZulY&x9~IZ}uc(XvvnJsGb5#7usS)@QOW^;t zarkc}f^h#I-cio0f3R`*^LAM94{Iv^ZcL5- zkBaN~G3-RjzfYQge{59z$f*(d5li6L8i#*Ml?A`6srdUcHSnY2I(`m*5%T}zCg8s# zDt_eD2>gg8@K-ku|I?Kg{LZH0znQ6l9~IZ}WB7^0zoZHHZ;y%}IW+=5VhQ}a8i#+* zj~4txn~LAb)WDC5>-aJJMB;}nuF?Jfwy5}#QzP&rmcai@sevCA*YRWciNyb56Y!6YiXS;O0zYC2{5u-L&pllhGj4F6G*7~mD~vru zld)B&8~*#^---X5@qdrLNp_0ZBwLOhKhv-|rcxV!kq!IXZg<>)3(?9C55kt*iw@)J zBk!e$2Vv7%Z!y)(V#LWGfF_ulJYU7R+O&z<2ajV58=`u);PGbdRq==|bYJ2zTYD0Z zOzgqYw$r+4MR;T`JwK4S+<;ufe!Yh0bMwA2`B~ypfA=hpWd z&(D50MdRlS$m#U_oPt<{e|u#k`1x|+zu>1kt&#kE^*zanwLj|o{Aqp!KR1gkV_PPuG?br^OJ#1<>!2+4kTrO5t5%nF+4`_vl*(<*zx(^8=~>^ z%l|ZnpRXep;m`Y_5&Rte$bZ4l{y6O54j%*SvS!OtsEjmGlx?^we`4?Kmv<@h^| z;pbMwBK)P>8^O=E{{MoX?!JxWXB?_Td3!0UB;@Tife3zHAs!8WrsC1kKa=oCK%f6x z=JLyTQTe%Uqsh+>1DeXu`Ai*1dJK$^{Coq$R|G%vP>sg&^NT-4<7W@#bb5K)46z7* z@3w~cS>Jy6;|2@<{!PWdfT@B1Is-pPIqUo}@9iew9~l)ta%u#A#1in-^E zH5LDRObz^CoX&p?caiwtY6AXiqvA(Sjlhps0{=Jl@ZU(wF^u+yBbBK5@kXZ>nv%;; zP01CQVhbZnTXJgnlgr#n#D`3>tsx34q#^HATW@+XC<14+Muu#!K`Ici(mXZf3r z=TG+$(fIQSaymVK@(_#AM{I2@f9|?BOzq~U;LqjjBKh-OK{$n#Ka2im@aKVHl0PmG zv<`o^&b9F8K`hyjKQC`NC4WYIW%B2{E1SxnM5YcT{RxDX{JEQ>u$4buQH93J&k}bu z{_N)R|7q7B$`OnFdH3sj{AqCg;r1^r`1>>!e+p9rf3AW5ox1o@pGM;!9u+^<&l-Ur zu>}6jb@5Ao8Z19y3RW>R>>+aHU1)3Yr11|)c3wIJ2hQV=1#YnS)pY*6GZ#sfp_)8u zL2Rc>gTqb5&=kBtD$QA@Whq5iaz`sXf-~7V=bz&YOiM5KrCUD1^?z=`(wn zfGd1A6|#Cb$9o#ia)`&W^`I12pvQoW!*2B_?Yl475AK6E&8z9iz!g}`FD84>exlZ$ zdCY?)EZ$jg6PCn}XltFw3zr|@UO?eJ(+{>E;XQMn(Erq5E&ek+Jt)F|X5MRN;?UPz z%fd|ZHe9)KMEh_CjyqB-97621b^1TeM!wp^sJZZv(jA?y00tbLGbr7eS>e4Je69OKwhc+f`xzj3ANr7$)K1>ezTww&kVYHK$+0%86pAyX{X@W&8xd5lbs1_B8a_@+QGfUr zIS#K(Pzv8gYUwVJJ)6zK>bbP&&ae!m=h6flHAJ{0dE(gu!UNmU)od`j&r(O>vsCGX z&(dQ*)z-?4t7p~C_(e;`LhX#t^-qvFB7ZpWyk^aGhwv5>nGV>Aa}^J-v?+y80Jij7 zD%P_P`$8-cE0`jB>z~7Q7+0?jX=J3>8Xg5)M{7MMoAvmJ87G2t+F8ul^q;uT$6R%% z2-KlmQ-2B9p|U{G!32zzatZf_F>FTm*F|EUG=)=0;C2Ek4&N0n=w+rh3p!A*pp@!x z)G3is2Nu??(;*}3@W`l-)QkEB{Bb4Hl*p*t>P3AiD42sQ$8leX?uQeaDS01e&a^#T z%oorm?nchSH>kW$q^`WbT}C>8Z#dG+bs}xtZ$#pK?=q+9bs|kaU_^T0H&HvBoCP-w z-LWcHkFJyTRE|}1EX}oEKcKtALO7M`75+PjAicKs&ydi=JhSYK#x-B`s~QZys=?h* z8#4a^OCfcei1zy{Mgf`da7Guvl~xJt0>Y80s7_Hh-*OUoE*zO~qKxolLJx(zmF~&p z35qgr^H^fp-(*GDlO^dBK|7g!*LvBfPPQbhpS`z6WPi2S602_Z?=yS&D#d6O4@b6< zXMQ)B_Q=6-q*v-hI{UB@sX5N41VvIjH_C>Z&!}Ol2U>TViCRQ-$tg%Hqq-xb-cT>< zaCroy^=Lb{`rGG}xo{Cpu0Oshb6%sPlI|l~slD|gDx(jOp$$;+lkYT~k$PoI6|z|` zlB>@E^G!Sb&F-G!&0FT1KL*M)oA3tCO6hP`>Vff2jFVlZv(ilfg^SXYgnN=ge_}Mz zKmQ%^;hv;F?tB4pFpm-Mw!-Hq)DpSHBR8lKBCsuUf$Qa}(CrA}Xes2Ee>g^!$r$VD zj`Sji3`vXHP%`~X=+I~QBXPX1nev_KkMu4I4PPJ}`Wjhltsp%Qi=j++NlKA^P;^PE z)UIZH)IE*;tejZ8pX9h{>C;!oRs3r%_q_o7;n58>Ro)-oG1Jgtp*Z z-~?=1?4cB5dXDDWY3eemwL^)tr*=n>P(a`{m4br6Bk47j#-no~QpE9D{7`X;V<4+P z69B z97<)`VU;X0X){b6j~!NlPVX-@VdbVZ5tfIE14*m0C9EG7;CtK{c+201gZt{B3MzBD z00-_I{uXz+{HzqV=Mxm|{O1g^8>loMwS^9)?u9qHJZh`zYDNpA3hGB~ZPPu)t`V7F zx6xhOYH%uT4<74`>tdP#P@vNd7S{b015lG#mn>Pg14Je3j=m%@x&!0tV#EoP%A6tM z=&teKO3wA=6FB$8vvo1zbjAFOc|JZ|hz*R#vkZ*G0`WWQV7y&q(gu5JfjZD>f`xNW zT+&2TmrKsI)KOimqdFDmyzuiiId?aoz`4(#sf!954(fBRtBDE|u)3Tp7MV!S0oBK! zo9*%Qu1!QWor!V(1)2(ZmHUtA?eR6ZMw_Uf<`Ym=Kiw!)BL^6~Y5>&-A`=5uoCQ^N zmnNbr|4g8|17sws{1>C6+6)JA6V)m{0ae?^p?au)G*sU|CEki&243Z|VsIp*NNn3w zREZLm3NjMa%N)d_$d2X_sE)$(ov8YY3Po;}ZlDFe)-M{WW|64w{?tU(KedUx>dwT0 zqz^$xqFT#QI0~x%#9>Ipo;s?(Jjv>w7S+1UXsFUfCPoW<{}U6{UoLJUDi0F}l70Xg ziRuuBkZ7nTVDo~B>P|j^SC3*2+Xz%OSo1lxoWDh6VxW5dV-wY*7c~*p?Mxg!NCK^t$It162cZ{tJfuA>?yDs)lUL9138>z{YI-A3B}PRxNn~Q6I`)By>J4tYYRcqmDH8{hF3?e3g@G{|ueM<) zq={-RpMYxPBaK4U5BBL(k6tf`Obk?gET}eO-&vDT)x0lIxj;tp>P`%d(NLWofht}{ zb9(+Q3bchO_R(8B~nSrW-(W{k271rk$zH6d#V9R8a+T&Cv4kUdHG7{BB zj6=~--Jf7ZHI`36bsv`c8zDQs?iCHyl_C?Pm+gDUM0KCAq%@%ge!#?mq@5rmQ60k& z5)IWW*j{e(>PbEU)lzFu@Gzvr|#``c#662{PVtWc< zL!WQKCrCtlJ&X-X#QQHbFg73&Hx!AtVTrirEfbZ!si+=d;y}{FASzKkg<&!p=Z0ft z(rk}ed_sG?OjPK!67kvY2C4=m;vZNtw`jg`7F3tP0?{O1mH$hidIMx6s%035qM@3J z=3%0GfKNa*T2$z?sFtTiLzNndDvK4Yf(W?rzagjS!hc^fEXD{9BsqgKwG`y|6$u3FE(+IFPglL?uSMj`38z>+RgkJU%R*NDrHrUG&OpFcmvU^1)#;o~b3#ymIkrGXi`n%o`sM_nOF2gVxjdO9p zVRG&e7CFedHCV!mMAhJ|`SMGmaqdZxi7xdc&(hLr&czjL2l=s=A3=Wn%#TWbe8-P1 z{Mf*cwfrdOM;Sjp`0*S+p5(`){3zi^5kCs}F^wNn`0)Tg z#`EKDe1xtH^$rch@?)=1k5G54G+3(8ohUsSiC*uN@wP8SZM5>XP$d-fw_P+pDWd?ooV~& zE~TG;uo>%DC-w6Wkg=XkXbYDcUqrrKJUrFmN?*-n``)J=dWQ>+mcy0e$15lR_DR^c3oc=|jbA|eBawigbJ5BBN6?t8dpT8z)6BlYd9ayKY z5sgh)gy0N@T5UN(9ESysY@Svw|I%!r);_z9^}*p>NZ1DyPId)`(0R?1qP>h)p$m~k z_&vIZ@!ngdGYoY-qIE^yT+$x#cBK0n?&G3=<@KY`m~h;O@KHweOAs9!w!jdb336Q( zt8@9OuE6!Fl49aUBJ_W73m%U8euxcDbvVwS7*NFuCun=7iPd)N{?}q8*fmI-4CD?u_ae&a^+AWq-tp+Xk0U z>Fo5!SI}#ECp*u5%pMnsF_X|nr@CJE9$=G`K7ylf)nlN>=Ud(Xnrm0%Rj9e{CWuN3 z47UZpnP!X8&j&H;`)a@cnfiW;yrb9mUt>;L-+6dtt*_RTxf%7IfY&DJgumrTCsvuA z*0uBBrnCeB_mhCJqgQBeC*msfUg7I6aUWQq)3ca3EhQ_+wqsAwt)|oN1soaezu;@k z3Tyll`woQR{1&(yWR)|Pn)Qu{+-U>8v`-&m4Zjtqx-4eEuz!hDT{fbi%d7=GE(`LB zwD#%zQtc0mr>q%FI1mje^mjBZcnkcE0gDm9D&G7iH=`7y!nhEz#Qs;j)6bK+5kE!A zH!%JN#N&A~+E8&*pFJIcC?kVkfvn3JWjiY8^xHe*clhL(4h(neMeTVbvV+CYaks>N z_$5&!2%WVZKb>m-F~Q{z0(d|?Yd6Z0tF*6pU3kF0NJO$P=2swV3BGVzA4|@9A)MUD zlJ-@^PRX(435HTMesT#;Pb%X&G;3j2k+z4JHG#Ftrs)(_t&n( zH!mVn<9N}lkY=~95bebrf4HrIcU2aC2(r4=-!U958%dFsb~6&w0jOI0@nzJ?SF>O7 z!I?-@*H_bi^4Wp-^NZtC-GT9tBt_f3-9uM8)gQ#cyuM%db2!~~6SG)FjWf~d`wH@= z2kryCl{Y)W0dg1ade>IGex%k>o+IqDyC6T|16uH(+FIe(ByLqq)Cy3MT=i-S*Bhn+ zn2)oJ=E3Dfl1|owHNB{|r`$6zP3ZI37%?3{SISPK% z2Kq};b@CCN^SJAu6Twl7E`*GlIU|oJE_I!mS{kLtGo{ zR52)@kW^lAqa>04d=lEbAWZ0w1UD*ja1SPKrvi5?WbGufbgO^E|2}Qg6u|qj}%^%%mO>LG&>uiPLRLFItV_$fy{s^y}FVQxt0 z@nApJi*2n^yH;erPrF29UI0o)$^RNNf0w@*znVC^egj@RO*`P2lptYC*YCk>tZLn@~> zPwUWC&W)OU@Zu)L*8lLp=aI=AOE}O#m8@9K(=oNu9!Jkh!+t6?sJ6FA&<=IY))$KK>lVyZr>e0$C^VrM&?H2g@kfg}DBe zVI9%J*y27%VN?Svv~j(8YpIYlOD2=2mD&QlgmeKnx`7*R|5Z+OYI=%P!v-L`sksW! z41}!pbZO9eE-9}AbKJ#Dr*XU;HwYePBjJ5Tr5Fd4N`F3XwrK10O)sm7QJyLVUi8)5 zS7aE!#CdF}O*-1F6Z;0Rk-~nfUKQ)|?)Pp)n0%&hGKWXR>y1d6Za2SmT zI{jCo(Pkb|3jJtOIm)6(+4$V*8e9YJI9z6P`k(15>bk+HuhB<3SC^8y?d+m$AL6lsj){l;+J>7CqUV zDf_i+raZaA`wSQd0+e~HLys`dTsN9>x93H_cydM1OGOGHb27sB2~*x_&rBpca6j;m zBO?{kYzUI(wPO=Zd4wib_H^Hvk5OdIex)qIS7uYMO;`cpDfPLqyh59Vyh0l?P8;ri z85DA{U88w;=gG{cd891#T~PQe(cA=)C?(KPf7B*ihCUcbdgBTye3CN`Ypr%d9{YLK zgBusDC&nmg@u|WUpAO^P&jBFS+7x{2Tl&21AykrW-k#JM-kl(2?A902-Nm_(yD`5O z5j>TlvzUaDJupE`$GzC=@si2%^<*z08R9VLE+hNx|MPRP?S!2w8Wr4QR1;&-YO|DQ6x)>@V{CU`x{H}whqz(=Q3-Rw*|==2?f z20Io_Fqc-2FP-WZjK&B(mr^i0{~YSGVFk;TxyO4|Xb29uPwmS&w98k$pA0-FSEoA| z?((gN(<(+c-VNSY*pZRU(^jZhdr7HZ(1l#KA9-XZv^00xPFaUtY;P!6nfnj?lEuQ- zGCuXf+|1)lAJ&flDboLtQ^FziaD~myagXi1g-aQH(osGbcjZE-JB-VPvEH0cd3>Q$ z8GMK~tZW>0ov3XFI~_RFbcGF)5bE0%s6TU(2S#?mQ^uOXa6*2nYzYTu#Rc)U(ix#& z-v`xF>htHirLqc{oi6oxT)0l$-B53(C3#>Y# z-7}meh}j2NwGOP}o${cdsB$8bdD?;`IN+D8>W6wbZ9kBtqMmM28SgxHp=@xB&EV{0 z`QwNu=0Y2V)L4aw_LKVsa(c!%FdNF1v!OlSk(kx=glJY4wM&)2?QAB=hnL$tH@NT% zLpIdz(4U-Y$f~}7Fig4{T$`p~g_tntrF4WlO-1sZH zyN%W5$;ItZ+X%8>0iw`ISogGEYVCKgI$q0J$Q}5u%dTUn7TLA=Sqd3pZ=yz1UtWKb zW=NQ@yk0*)y1ZVNCggRWUZ%Xh^#@epwDP(fJ8l}1*C+ofC1O`pR?6!Es6OZb8Qp-q zz5p-Tw=48y`<^l6^+$Tp_Xx7eBdO0|w4ruwk*}Y1Gti$xzAk^XVflJhPeZ;ct)zUd zrY;&OUp+31d~J`)ktYKqDrc3iJ7l;n~jhN^hXX7qA7K=_B@21qqZ_k~}8@1Gv!g7GgZEofXZ~xFO zyk;1Jc3iy6_w(^#fdT(S=Zew(InQsdDuV4tm#;kDQNeivG!i$2mim<&f->8kwnr(hWvE%d{F{ubp`mb=-O-i#)u{?- zS+4+LaTq3=n`mj?VHC$5Lrx4IKvhjtpR*>~`XL6YZs9QmO$mZrR1&3nOG5vm=!}+Sal;$wmphX4-yvQ_KWscx?Ln8f%6zO}OfJm=fg!jeJ0?PDwL#F2nnLaWAna(Qc zyc!G2H6YT#;-{BMfj$r4br^i9Aa|t}hms-Bg+5=wRWj=HZSc~RcI3bBkD2*BU?f+! zs0T~zOG|_u6c&2>+xY49XWyd+^NKn;<$N0?OnjD6!WD%&T}l zE+G@__cDV()_shb16GFKVtFG=?4uC^`)+F#GK6tZ$Y|#2V9ebZ*O2E<g?cMVyg^oR1pkQNR|Lxm78g1x5*j%vN`x%a1CqOA7RS898%%V-74A zrFjn6U%^?IuOgO9T_b({XXb0lBK!M@jC!_1A^*Tn*3&tzrLs8Q8CuKH)FG={B}PNJ z?R%*zpif{ih>?pbhDzPE3Sz#e+juP2ckm}{AEPFl`Gsc&I-Gh4SB~`-HSKc5kD9hK zSvFtP6t%pLwLE}Ywv@HR{L)@iY}7KZsE5D z7WF+^*NY`)>uN5GTf$_4tdAMUr3uqMc@4iAbRCQ5D=zi=Z!ZXshRd z#^{eP#u5M2Ee{^2>SvUd~7`*(~hAaA*ayzOP}RwEW;ybcVZ*ClzO zKZ>PMt^%^Zn)H1|kUb7pRw+sSC$oV)$q`>^K0`to9SnrdxUU|~>67`bwaz#l-u@NQaW^VAL4GXlI z<+hc&fG@2y!=j-pOMCZKdw+~VY_7~2?|!GcVMPWG3xJ*M>Cj5}A8eR)l0cPf%0>GP z)AP@;gSynsuCx^{--_ePqBSnxv5v~@o(wJv#e%BOqSEp1%@5@u}!)nAh{7?8j z9AP6OY{ko+`2PtJHX#E3@7^Q-D^bzV3H<(9{#S0m^Vdi`V?bYiUf(w!g^phWo}p;) zXu=lej93$XL(T{EqW2=_!^j!`6PQ{=VBP-Ei>@~7W)zM3hYneaW>t=}P!AdszNYtW z6>cL+(Q(+_9Z10fxO7<3-{2spps2C!->e>PdhzmQ};3sVrJsVvNV5SkaRhcmZiUAhotY z$}bR*x-nfKD~&N@3F$-FQ+0nBeY~70$IE7j0(rh>HstxGR)(Qm`;M8ic&DyV=~RxGD-j72eFNq7J+f9SEhFYHGewP_Ml8ngfEA(F>W`Rt^G*CB zLy2EjU}7YG1ZpQS5Qp)j?&0w=UzXO5>42XxV_D*<@goZH&uS3=41s@Qbo_{9;Fqb=F!*Q$!ByI}`*eMsg;2%V{LHKx`%vb{k zDKNLe`j2r8N0Q+9kqr>pM^h#z49?gd3_?ics%u@oomH;Dm`VTh5F zp3N|v^p%s5&9IRS8_O`9`jwM0mSGc}zP$w~Jl^|eF4&mu4zx?hW1`cBako6tRaRw> z7`vcPIgm}i{rGIv57}J3UuoOwYDmKr4rV(cc9g=F5FHrLI(n|iRaawlKRzPR&IS_$ z%-unlfb#^-qon>G-%cJrNQgBf(ue@D1sHR}j)2lE1PF(i`F1 zf6yg)=%7QHnVQbe@#%?3dVM-axm(lIo07p@NF;KAj4#hdYm8NjCJN5LFpz`%TCrBw zvsP2KBV*L+E{;*Z;#(hkM9mPseT!bRUn6Sf&Rnk)t`fsvS+eK8ToAuJ= zN~}w^DHy1vzA&R*UzGD5%E36deKYd@78Ljn3AT3Z3w|WHGXL;?o16KCQZ#_g;?MZV zI4s6kVaN~7aoTEJwwhovUT}R1*51Cli;=lH*Q%X4R#glY3u)y;lW{%u^A8ERo&~{L zjGy6Q3d5VjND`+@&co3C-+qXaV^9j0oj}KxeYs{0sWu9UwUe`j{QHpd|6z;#6KU+- zm_OtnW5yOj;`qg?gIhhU{pB2CSx!rqmgN+z1jceL;MzA*^&M7Rxezi{HOU|AT_Qus7Pf;irYZJB%c8j#Hd@di8@Qu?KuBjm5W2g|A@H&XS zV46wnvqT#Er-%Y#f5wMi+i7rOnaVX}@6m8YRs3^|IYa6CQobai%s3lJzN0PH8)hQ230J}^=AlB^`zOSoSC{ffr)k|8?` z4o9q)&wxJwd&%om2ShLV489VlTz`29FR3mJ)ssy?GPDr}_11%KMUY8wqrcQ!e{m;< zTZ%mIm;UIH>)Y2%VdnMMw+FTp4VX)Tj~`0lED>o31!$kLtIj%d$ZE8E^OG!nCN zR(<+&#i)*0PdOwc7VbZgDaQm~Lw+2;g#B#PNQb&r_&*#ek4b^QMyrfHM^?mS<5$N} zFP^=b1ERi<=2cXhtvt0#zVoyTzqtvGhfYDjR+Voz0>fG>8VomC`NYt zj_2=JO9 z7(y4oF=x;PUYf+=$vzTM5c5xr*?l^Onnj3~OZU~9u=!DL)>sktAK>}Qw2z1FVz7}z zu!j`*OH1P?)Mn5*$A9sWRWT_sG2ymdt=%eMDnnPfccQ{Qg)_n7{ zY;;8*%T&nPd{?69_@aD={%5}HtmimOzC(YMhb!k`)I1uQf!Ua!N80n1!V7>+ ztT~XL7v#+k=awpvcwh$;#$~1OARrm^^?s|<5-ozlt6KX=v=Z+IK}REWgrJr86T~JB zjqo8Ncke3*C;g1@A7w5j2q*1y0a&dq65&eG{b*x&NBSA>9@5`khj)U8#+%ZKq7@eP zm8nQa<6XN4b<{)xl>o&!1|bxKif;A^IwI?jmn=(eefcJOV%r(8`cgXhmyf1ESeT=rzcUR zrs9P@4BWQDl#f(ng_j+Dt1yGSi9S0jJY9e~H*N3Wj9M&IVgCZWhObe3EP)WTK>&I# z9i%KBp9P^uow}D%=4)sHvdphoW)fb6R&bdY?l2sJpt%}50n8zo^591Jl5f>9{0Op2 z3?G4O77VNK!grz;tGeaN;8mD%+=e+Q=T9acvE-r-z&5k3p4)QOa;$S>HoPO0Y8J=! zEM}6k+fm$0^aNOiU73}h?*2=iejI!0pPH!Mf}*e&0(49lb;vE+<5@$8dIw&FmeGkn zyhoz}MAVP9OXQ;bnBe^|`&*08#>fJCx>T$WCoI9(5fh=E0?+B*BdJWMk6*%F+mgw9 zHp>I>(jhf%qZ>zxUsDE~K}_BFLZA1QgX;M-X=XJy^q>-Z!FVxs;ll3U@RMh!3+v@Q zc+k#~0)-1@7fmo{ACHU|LqZng2ePha%=T!G$fCQEg-H=<|7+Mk>4RoQRl;_(%aD0A z{rCdA(2s99%hZoQThbW)xa-!2_2b*civ1C74%@kC@h^0Vq94!1ODe;c=*g}{GF?Az zrw0u{Py~ML2a+b*<#q$F8zQE}Zo5yAKh530&)$3c#_&S!X^Gkx2toF+74TKSx31j< z<54sS{uLr>Q&9#+{R*&V?%zz-{C2Nk%`1q4n6EPCbcmVIOV;|B{R#5HnF}`@75zfG zk$?n+sl{ltZhRNuTVLevi0`oeAov4?yj5tKCG`QsKw9N-6vfmX;^D?^r~lug(n{e*j*UL}mWyAxSeK9ERvG;3cu+&S z{^20IOIS@fBEfnF6J7ac8;_!UXI6*_pP%8EDlG#;p{_e{1*ylJ|ILDcMIoWs{*!GWosjZfH8+o@r)tElVda$^*7KrUX;^6 z!TVmQXBZJ%3-)fHa$+xs)iswVO2mZNPDNyhei5(@@;IWu^%eaM&bQ*A>#gi|DRg;G zB#|bH-uA1fGn5SzPl4Xw&;ouSy+Ry7rixC7eB5d}oYa)U)+o=FxmPKSXOo1JYBD=q z3d#@nw{(|UNx$1}xoJn}e3!O|y-tiqVpPnzPZwqAbo9*)lYtQ3wyFJKX174}$%l)~wtlUe2lA+T0_f>;!* zuoE(Uil+TV)Wzs=Zz3K$Q&C4fzo|}N3|J&HMi+uRVmhb>3Wy3Qg@3S32>sy{^z(NU zblZY>q+8JzDB(eh0p@Cw7o_Os?w>BDS0Q^FJ=xOXgAkU7x$0h4Kqf=3bbg~mWZn9w zdv1rAbEgS6a4;F#$M=6dLZD*Q*hkHb;_aw*=q?JLRR)z8A{zYNJPY6lcM@fIuE&pB z&p?-LZ|I3I^3ZwmmzthYnwz;Rq{wF1(uK)eDPf6*3Ind8$Asg{h(8&RR_t=6?RN)y_eNWdn{<0dDaD`Azgj}c z^qh+X4w} zKEcE$1}^M}wg3D%LJ2O#`z4sg)PnJLp#!`8GsN2OrP^yE?JBKfp2&l315#w4_6Wkc zqwJVXd9qZb5%d+m$WOTcnZl&5JnCjhpya_BKZ{|Tn~$+JrWC$~AJVFVSB_<}k3zQ< z!?~HIJMAD_5jFy%ao38-?3&^|f@;UW8{1R2)-_5ImG-@hunU2#kRqPSEH zk8&YE^ha99`?=H>T-u2BWMV&CXH{nR_;Z^L({4^E)GzRAji$_vkmEN$?~-bb8LJ zt;G>?`F(T!=OLCmZJX%gk9?09>d~@bvw}6HuD~GH#!=idI1j;QTOl5#{|4!^t?7Z{ z1wDPMf;Ctu4yRXZ%Cu&w16vg!wkt54upGs4!M=!$e72)fbGd`Z1<{|jR?q}qLh;HY z4n)XN7LSh2QMb?98FL)bkHvhC=tY;}4W-(p=g|{hd89qdttqQIt4qvrB}PQA#k9?7 zTj89w0;jXY2r=f)+^o!{CdYL}r+SvCm#<2JCy82C8jLMivp?6L;R@W28lLAUZc|nj z@2g5DJz{-3lon+LYYGG}Zsz;qgtF>*Uv+wp`Yq5Qmlidx@VW)%ic8HbwmAxR4s;Z( zl}Q9IbBdEgV?<46)y7oC#7r7zGRb!|Zu*@pillP}^dbz(iHt{!a&4r4c0u*P?1J@{ z%(IIzY;*md$k;??YtX$iC`?v}GQ|(jDTY7(x7)kWm&_)g9`E*d@N~x_xI67zZ19Pj z-q}&mf1fwmQ83N+skbe@VwZW(!siD)h<_N4`954+RFS~EOfZjwxjXHDvw-_P~6>vzWghVEYS}t z5jt2|G}(rH??dxFh$wqJx8k$PJEmY~Rl%_Zo;!jc$h5yJb6>?TnO+wOY}DKcfJ~;@ zm{Tl1#>63m-#z2;x!*g*5tuMByWm9nq-jC;na3d4P+Y;z(t=|JO3}>-P(!|*rL&Gn zG_Z8UD2pqcWmT;lzFh-dWxJZWT9o^K8R%|tNLhTsBxPqr%v00IiC{Gdk)s|f*ts8> zdfEj~gr8+0d&T2HODX7^?0lAxFAzeBnzmMU)Ma>9YkXDBQIoTgH%VKzvz4>OiX8P2 zs^cvCrJ1wE4-SO8Tl}C`Yl|{>F4Fm`o9D1Ypi{;L;+K?FHFNl?m22=5%Q$8G&>7=w zHTKehF)^)Uz9kBbIJ*=FpyH^9&UQ);bk10G&OFr-iv|gh@wz;et&Y71!ild$`j_4M4(RFY+I#Ab*L9!82=dLx96#LZ^1&IUL7XsaX|mKe zoN5g=C&znwpk+AIV9u%m4dbSFDi{dwoEmRZ!A#qy{L#u87#deFGj4a6Tq3fD}Ww-$+}Iy4k|&#~InT;{sRN4lw4Yfw?WdaAB4;_aTI%uvnw8u?P@N z7Fo-F<4j}L=r`DH%B*j;F@K7EMA_rH8=qC)JiXuC8^pPGtQPtWTPx;UZjl};Y8&wk zYB4`_p_3pgvYM#phn(Y>&~q<7_j|`X0{6=<^ta&Gh#Ap^Fl?YLTLHe05J%aLRt{zH zHa1XK*-mt#?Go#E0xPE$z>1|PLD)%CLo?C&(SbtE#5X&RcRaF{9o2iMwYPXjfqczD zzO(f%+A6ojI_B;w`>9!Oivuh(x5Z{x=GuJpPo7^Uy&%CsTx4h*RU!3baDO)T=hvpy zpuM8C!me*MVhVle5-jb*HU<0V+5eOJP@=r*>$LjNnd(~$xQ*{L`qqEnA0IjnUoL~F z4bra~>+FJlz1r5LA62tNX=diXF{O|$=x)sV)7Epx#ktUcm3id|a};OL>pb+4(8o>+eXbjnNsMT3h-}LC zHG_&!>L||4F4zTaVO@cv_yP3!ve-}o3#9%><#YNpiqBSvTZOp%jdW7Ia1=jivm{0z zE{h9hLs3V%`00Zf_iUuwuct#EX1cl=#ac2#2PumW9zi9fx(BPHdX`jEz`44=G2bzi z=fsATXNrx+DbKM&EYbi$4kd)H49jn;wmc7{L4HDK6KWOaH?VZ6GI1qd`unO!XYC-D z#E>xSsALt{BGmBD@dH};ls9!fJKd@$gF)P;USH1+r}&s1DH2tdZDHn|5An4kUfn0? zuVO|_y&oD_d;=O-79<5Uu(0X{^(H2CKx$wik^aAz_mTS7f2DqL7A@q=X8e#R*+2$AX236^)eoU)TzwT2J3A?|Kbb)zbf-_sDZB3pef=M%7*l>JVtIn{}RHH z`WF>FoOTiu93Zo;qkDCg+1Am$ZbtdmMoEVP1ffwL1`~{Gp;2-QUq{zM8)00}SbXmH z-k~?jJA$7gYDA-?l`2x%dKMv3m96{-g`$j_YbCCTrVxk*}^6 z3-hBN=M<|jq|>M!>G5K&=l>VwxuE?ty1b^!XRH(81lHsn|IidCu98*Pxw&1XEO-}A zD51VvGBhPMzEq3Fpb&`9hISUw9kZ#gP{B)~-i<}H{KUgUlVd%pZuLiZ+Bz|CV8;q3 zoEpSTo})WP`eWH%^r3ao(=*CK&0t`JebG@o8ale6cMBa|r0t8eLa%}0 z0#Y0HRch8~3-Ip~?Ty4q0b$}j7mL%sHwepI`+|P^yk{3Y1iKt83)jRIJVeXF|6%W2 zz?-VFwv%44K=Bl%SOlao@&&;qu283nH>3RMJ73?QJEBGCTtTI-zTq)id#n|Yr9|G(jRXwF{mzVEfy zUi-Fo{syYgEUK49*robf@pMO=TumAHpei@a1fc)0arRZu;pcSE9cG#tdjOh6w^y&kUGQ`dXP^FG@?K+HuBR znq#+UE<2(XR&l)j1N==5hmCn!9{O0#hP*)Yfl0ce`S6Y9A+#WUm>RKQ4etrj_^;yr zlIKs{a--7htMCz{e<;gysQs|LiiPA(_?F|ZM;enCIa=>8%H1fP3S%!$@ggxF{P6Js#EO>n zz!`}-an3BXDq_W|4x05dcxm3O&{-qPqVB?c|JFzb+_`90<;^-{fyEJ7U_s+e??TE2 zvM}Rh;aA=qMwQLqM&thm?nLJDmltNl$fLxj@`&$8cy=9wyoEioIPyJBI|$<{$1HD; zV?1doy&LeZ{4u9@y!(h*3rTs>Gy@6#wb)^zRhL5~ z{wMK|XLIyO_*i{c8uW9q*EljdMkuj=PE{zIkPDo>z!;ZW<= z(i&QiE?rB1tHLQIA8sl;EwAh@tA8!Iwk4K)2%`;mC6-NqxUWtMT?diZH;Q~e#P^5 zI3Tt&SSBgU2Vu&VqAb6{imeVTKpjS|c>&60!^{w$5YsS|k-KF&PHn77u+#Pj&e!Db zpMF_*0?s=bqC08MH6&*JM_^N^^a#mzccHTU#>A>^ZD*RR(57IM}r6)$dsPs&j(*d<-2u-~Lb)iW+>dxTk zMkl6Go@cr4MrGJ(CWjRS3{?ZA{-&Y+8d|Eq=@6&WZx-pc78N%svc3|LYDsg7l;yJ% zXaG7~dWh?9FfChG?Pvon#9V({Rciwbl+x}dMca`kEJe9%XSAc04a(*G>rr`-Rdk-z zq%T=3o2p9~kDKaC(wn-;x}&Zy(aPc)6qod+#s(VhNL7;cA?``UQGr3k|IwbLcu8pU zIDH2`oc_(u><^=hT89$m+>F7K)Fo1QlETYH-qP~@oH71GRpB=NEu}lSKW!Uo{Y83G zX*KmHds(NdJt;WxgZmN0u#8B39l3|5_vUFszsXfK zFzFHLH8gfKApG?AbrES^NgpRmxdx)IcawgA_f2RB$>JHn9}gipJcN)&<_um9G5CYx znGFZjuR;0#2G5Rq9!N?XFnn5EH_(Iti+?<#I9neg34aL<9D4f5Jq;iUh-StBL_8x0 zGX`2wtXG3~B$OWFNKS_4tq)1RsQ%v(#|)^HH4xChhxId@iz+f9A7~(b0(PLFf1}Q>ZU(iI*kDoJk=4L z4!wE}EGkU@FndEJ|0aEsrQ1uT@@4@_aMm*m7r@=wo z%n=8Te}*Gk0fxPhD1W7!RFu{wgK+MYrfsCW3187FbcC-Sg@b2o%@|AZ-p#=b<~mj9 ztr^5yru5DHHH!G_B4zn>Yf}b0Nty*Bx*30+j;XIMuw?4X*_?lQ9DPJMFPb>%Xa7F_ ziz_~lf&Zpi%?xOhk`DZL@n3WOTV&k-Lj4=dCx0wFVbB>%Ch_#|wEwO8x2#?qqrjEt zbeihlY5x!D-;w$3G3npZoBmho-_85eap~VifBIjif49`1;tn8x+@Jn$*T4UuKOOse zTTA;X*-$i&dHw4W9H=_l@$TVtBJY@vcb}@_=%J?r{PW6|t}o+y#G9Wuu|B$>5gM20 z;JjH~qi2WdfOj>>p)mf){Gs%qobQf$qAMKtd;kxA{d{-ika1`p1v9N?Lcc_KI^R8r z!{hj-em<`pKL7ZLa;Pu7A%@LZ8d>lIs*z82Z{~>)PIjj#_nZe0`GIjs`Tp-pxAR)l z5jogRn+i_cOzD%2i!#_$rZW&#-?u6KUe0xI>M6&%tJKme)3I(;%XV%p+-LNk%4b|+ zk99i&oz&n>I6j?S*7iSfs{0a|`y8~?;#Bu|uC({mY&>OfByrB=Mukn`^iv{7aQIC3 z4NQz|;2@~^;1Q1faFK{7=GV)4ZmfQRIV@NbQ1AxscsxiuSuj%fe+_Vs@v#%x3l$TPL9v-(D`moC?T{CpNP>oDnT(~N2wN6+;yC;NRldw1{@eIBsNBZQS&Za&fk<6k<=3ygq9*(9S`qgz4{_b_VBS%y32u+4Z z(>8|UyMjWRj^8Lgydr?p65Ar%RCJOD$5c0CcI0gROSEK}@W&-f4E+Qi;xnoG;chzE z!EQO+y^rDOHkjD2G3|>fzK`K0a<&_tT29PviX867Y(9Fp8|%Tw;chI9tF4VA=Qv$Vc49>^Ns?Kjq4t^a5w(o$qdG|JsI!_GEwK5B9H*ef(-^|Hl8}aqQn5 zhx}+Mz1ANeM|#IQKW=Hi=<^LmeManuIPP1ZW8wUGzaL{22-q)&u>`Hgz)y^iKWE^3uyJheu6pSW}n<$zs9qm)}fr%oP1g_y614NZw5T8-HN`+H>&E;r4(KO^x!a zhfj{1-f9UyE;PAmdSAp%?>;@f^NjTFYL;GkVVY@)adHJ-KaO#i7q*Xa2MRmHxH-R` z>J06(No4B{4|T>V58W&^~}qhksr4jS@%hx*6BvA@}4NC*gjO z&0f|DoBT;dz8~Fv!?*;$ja4u6vm;Y#Nt1=8J3Io52So9DJC0ewsvZnzHQ*gpZBsA2 z|5}qodxJD_h}iRo5ADivhfTK$XulNYZG-YozIy5mux;{n<`Uz44!=L#usRcQX+LkJ z(%}yG@H8bW`Rd9E_P+=-yloYv259fjH_);UV7xLOzhUQ!^dLeUGe2$eH#z0+0rsYJ?T^T z&|3H4ewM)Ync*k&B5cwA{4O#ZOy9l+EltJ3efXcJ9g8ua%kRbb7W*34j_+`;8Rvc^+^2?1BAJMPCgwqPV|FFgM=q) z{|D-`{Pfd83#;D}h}f+%EcYJzhFBe36~pS=L8aWh%Y0p zwHLY4JoS056Fv1QZe<0T&!A_mR;19!3c7z0y>B$8Jb7Uz+tq?Ot>nA#$tKO_;zP?r zo?tg?r&fp{$W&!_GJ2MLIWQQ^x`MonAX$fZt|XivmY{}QNc5E~Mqw`&BH5fldLQfk z)5X3hS+s=z8!6V{fU8$0TC@{gXyxFLTZME9kq*sZl1oSqB56XpT}T%Y=?fvq{oD$5vf>6PYLO3 zA`KDJvqJiSNM{J?1tGly(%4W(p}h>6M*W*a!S^@-iMkkp>U3KMQFZk-$ zLaHRv(?aSZq<4u_A*Aj?dYeddh15$(ZxZQ7A@vc`>mZE{T`IJ*K+}GLJT zt90R}%%aW{O!uF{?R(K_O#B5!*SL&Pksv+ z+V^ep5+Fq_ko>HK*Sp;~V60mymoydX7k63#nX4j}WO^ zNcRaTNTk<<^nj4OL|QDQM}%}ck%B^cLP)m~=?)=1Eu`y+biI(421!cBD5bs(~6*o5Odl@_}q)W{&rph3!mwom=FId z!ekS-_E5+P*^X#$ZR6jDDXb-e~8YQK3x%@L2|$>UTZ4KRhhTu6h2bQSp;E~KGC znnI*M2`OJlbBUBGB!`g7iPTO=BZc%=BK;oZGK~?^QX=gX(pVuqPo&ReJA@P<(qtjc6H*zG#t6wPBp;FT zgya{}d?KAGqKBXln8&W!YA|RyZF%ZII*bw%%oiTlOF*F{(O|YjG)0ckbJjKkQPvd+Jc$381g#j*G46#U(0YTWtwB`L@+N_V^6o~1i;^n({Z`Lq^gM<3R*%wXoO*khIZA z0WmI>7`Y}^5Pc2NQ4`l-ESLJO0$ET03Gp2q@*;Vyg%^^4NZ$uH61#CZ(tmyzD}HBV zq6E@SjHJ(@^oL6N(Sgje;Ebd$huPUJ@_`t|1i-nq619o$I2>#J1$7o_~7IQG#FAk^VrU zuOT|MeO8ocyPf~uK3k?XLOi211N`I)NzZWEJ zBQg*E`v~7g`kRP;p`QLWNIq%*??KknUnRa_7n!_HjHds0xRL(ZuTc5_A>|**3?hUirONcyE9>*-Gr-@zd_lh;~!(aT=|H_~s#A*#}@bM};|g zB#xDC%5%#3?vb#g>Blg2yTn_#IsvN`DGW|P9?jVS4eu-WAwkhGRsM1we!>OHiCGiDTsMYhatgU!e zWJXzD0Cu0PIB;IQF5hm=RD3%*D7@9=+q&S}VyvZO9T(P{$f_~UXRDNLm^`j0)0bVe zv#DT^>wT^SQhEpv?^x#br<8kA%Fke*15`TAt=u;il}d=6ka8d)x{<{9@5s1uTHNH= z_;5}nxwT2uw(mLnOtlSklpYxhrGMV-k>my-Qc$}g6Uu%0_)Exzlw4;@ZYU_S{z>#q zq9;-aQ~{p1N6qdr_{ov`E1s}HTB`pyWqB*?F_cyET*GbU%5rZBEh9Hs1XY$>mRQ}V zs~a_{o-Ac~IXa|;9^LJw2Fl6oziM6YK0Q2(VKp#+F-TEg?r+qMA^31z)^a7}P@PYV zR00-bENUMzM(U|QYhJfV@z1@2JI|_VRI+S1Lb&IMzK*(;=2ptc_O{XFDTd2&G2Y( zT2U3??K*E2v9#6QPYotjsmaXWu$+M!^H$#8H#7yYD694&0qsu2O>GdmoE9Gg-l{3o zhU8Bvvr}R^o2Dq2*`H*O?Ti!vVT5unuz)De*;U!bl^njBiV2)u}(D|Z8Syh=I?5lDth>fi7wezgS zeUGWODcHVozoO>m+lpN$VcQu@^qxIf@Vlq}yqW3YQ6=aiu%wM%rxRxlR)g*KJOhb+ zO;RaZy|Fe@^|QxH)z3mEw42}v6=8pkD#eI!9kyMjQoVSu$6q+wVXf31?QQ4kF-O*XdS#o z^0@(?$l<0`*1{3`yBU5(haChzL-5^Zc##ehqi8;YuQ$UpbXX;LGQp}DzF3Dz+-ijc zXPe;xI$T6>7Qt=Ia7P^;LvU+?!#GqCDcFHarC_%c{1Y6ZkIe8U9lnv^4+(ye;k|0< zIvR3J8)@OBa6*{GBEJyWn(RGmoz{{x*{bcsFo^e4XhZrEY)Px7yVfJZBL62&c|XBr z!!w0PV4#~V4Lh_q|e?-e_L*pWiD}LPg z=N&3qBf*2dFn=JeG-L7EP^yVD5)$puM*#?iDPq%4>0b5867-*X2^qC)O>ME82t zib1E&aVUgv&fHHCltaJ_CxAn!qf;f{VF`-g|{NZ9rXQvX;gY}qRKU_WKe<| zk1glq)m2;F>FUNk>iI64>e`HlgN*S{4NOZB>U-4*sM+@#!z<0{lils>X<%U^`l>Xy z?_7*F;bLddWt-R^+M=1~eD^?VQvq?H!qtQQb9Uvy@sgFy8xU-ZP*CW@VVuzbGf9bv zm)KA^8SDr9J_0`^r7|74H7-0ql26TiL4xZ%v^-iL?*`y0+}-w)R9g}q7dR2U4*fw( zI}!Z@cEC&5QHL}2R(kNvx7ocZ{G%iqo1XiDa34>#DZM9{SvDxVZ?^xaHNrT#L3Xg|faD`lzjvP_+Ft(uiljO`&O{av}SO zKF;w9x$)|O;vLos`EIH!?^e7WL05xamckkU$BCu}kE>9VofvO}Wuhk2YazihQIkoJ zP8KaWpS0xRIQN}z8>2hq%~=XZm7-;H*Uwp7H)V{G1-Y z(|@fk1yz`aILvA_%Cv=88)^jG)rVfKkzSpq-H526OQ_l3sij9)tL_sSs74|apptx> zH;<@x%Gy9sLp?~hr1zsJJ^d&Q)c2H#`p)`vRwS83Btx(A^qE8YbR+B27eo@;ejDl2 zjiOJ#!qQvUr#}P|TB=j7rsUru$}_}7XfJ5NW~CT9^3jxHbfp%R;+9L2MY0%5v0h=h zNl3a6l5V0DcSpXcK&%vZpiDM$woySbjSW?b#+yK28=WYE1y^W-dZPmJ|HPc2crT9v z^q68}@f0YT^)xmm**!I)Wh!1eCr%?>hJ6*Xg(|tyRvaTgAh)ATV~(H9BkKw4@ed28 zu4WB%Ff`Db4SG^|`v=Fnt8wvq8%|=lUm_J09621pA?$JVd0mLj`Jm*JsCiDs)|IZj zH^S|xYK&Fh@#J;VJgU*0h}M2#jMknM#*t~R5ItXmdn!H;qKa_Ko7fbJIQ{`gc!r_L z2cV%xD^ohvoub6ME;bbS@SmYBr|B=iY8WoQhB+$_(AOfi8`&vOw4n0XVkH9qSW`q^~ zp$uVMy_WR%LQ?8y^@aX^;-m5O_Z7ED@mYU=0gmt!_R>bt*KLR!4${{ZUuTHnNIlKh zL$S{8hJ%g1MBr<5n3e5I2_9|^ov*{JY@bJPZ!_FehgsRqAUMSgx6)yi806s1fI}F; zBWdphg&ZWwwQmUizzna~VOF-^A@~I|{Jajcvi%sr_n6^w9cE>FF2OgO;hS`rmF)=x zk7SsXZ5j_v!#CEYFMS*ff=eE2XbiU%)tmbs#wFsGj5>=IN&tQFb0!sUqKjZyo08nZ z`q6rnw~0R9R2g@e=e?B zTq~zrFS=H~2d^N8dqjDb^mC|u|Ehitb-Kt`Np%ACya>sVstWb|Li!{n4(fS+`RlrV zj+GU9y(&gO&ktl3cN)1e!h(k3-?4XE;5gZ+ogR=_397!-#&~ z|ET);ZAaD5(cEVJT-rOLpHH<-ERc8bqLV^jDKET$QJ|l*e_cQKqij+A{C>DtKWA=Y zFS=(i7puul^z%--em>U{QPAIG1$`GQ==4_4i4ZcRpx>H6x@3F>9sWo`=Tw^{=)OOE z2B&Q5FL;v804cjsk9ajMq^)C*tCt~K^6Q3QN(Q5i1!1C|Io5|H)=cs_ zLSl{j;ON{EofK$`)=Q5LVj@m-szitC-J%_KaweNZ*Gr(nw>1r(8WcD8zB18z-Ji z^t4ms#(1uHf|*~AapwprFQzkbVr(s*AJ$`h8=hlI!42}`5vr8cd3uZw!jmKT@@zB+ zL^fFB&c9&JhxNOB==(4#A8B!H3ylZlB;Im@PaZ=&YVh4!jG<&^LAq}}NZboKLM&`>@6T9qfcaVNEXlM?&Gu-u7jZRY zwTr0+!*haorX_Q%ziY3-GaaVIdHjaAuc5kufE`P$-f0I`frC%dEYDuIfPSp5R7YU- zCVXitu?Zq0JYKt1(x4eC?eWT+9?x{H<^2co=utrr?r=E`N$i z^oS55`7;qoW4Qp;LLc--^yyJyN&Hh_*_~h3hgQz;u-*xZw?BG8K9m5pD3D~6ULAbQ zX5oakg1LUbpV}Xj1?|E^U>YN4np8v6A8gY;tS4St%c}s?4phgrN7kzx z*p!1-;Mvi@H@k9wn`s*naPCUOfpRr_zj6K?;|yNEarocY24nHpUXCpUcRH^Y1XEwc z6af0w!7kH>g*#M?2;}3LZ8P;uHP~SZ6~d(k&v^-{;64i#3$Ls#TEo`eH=%oY@!HM? z>Z~Xzirir-2K8weF9ZGk*sOtpM4Gtde&GJOh8hCx-^%JfInS~i4_k*#26HP$_^0kl zYoYE-7a4V5eK2m_k2=tD-6sNL9aMj1ya%}>b-(dMOo4)h=;7z&jRZ7(?~?UwO&l#_~j7J`D~_y2xD7`Qh}*RR6zb z#E{Rt$f*B|TBv`Lq*VVE_~rUXh(D$&skKSvrwKhs61z2Bt&`kn9B2(xjYqckX$`g^uri=nyPq5>+&?Og+9IPUZYR% z|1EBxzVnxs`}A3iMdj%za!2~~kv1lIT3Stur^CvG};iUr#BO+W5PBQ?_#_e5%BJ!9p2*v}>QZ7sj&0)jzT!y!6evR84yY{u*9E*XOMQkOxBh7J3YZkGo5fNLuR&SDD^(Hx) z1?_NilXPw_UwffFex>$kNyJ``gK;ckd#FuC?8V`p(YoOI8QSAlYLDX-xer2MPP&>k#rsq2sOFXhbZA~#j>ZJ{N&GoWB_e$?ZXm;aTw&E@Su)M!NBe)j*FyuBat z7Fy>(@GPbzNqAx!8(Mm&ZK|(oPwZ{diL+Qo?Y)OOF>c>pDe7q!v2cp0teEX@+O79v z{Y~b2a%1C4eb-O`6z^il^`hYGHk#|$%f0*ysVZFmN%OGmyW8^p7Pugy{Om(n=j6{bNZnA-evtv{pw*|5yV310!xk|Hy^v zfgQn`68KSreU|{$wGTeOV$wglV!U>CMQ%j_`4PJq6>9EA7gp}OJOJu6bPCi+)wHM# ztO%Tpr_jl^66@z*$LQxN7|aWxpQjZ0mvVCv-^pZ_`R>KLTjIN3#9-#Rk?`Hi;iK~1 zM8JHLR_D7Ca(i%2$9pz4Ik=4`%fxN;E8NzYH1p`(c0jmo1w!C?cau&Y<+dzLy<@no z5!~j|xvi3t##4jdYlPe0g*@Tuk}{vHdl}re0^GJT4!5O{AA{Q>3bfiCkGOmW3%}sI z2DNGrROf1|f4}Dkd^8f@HHJ#5xjj3e|8D7TKC+*czmoWGC9wneZv~os1@YfXo&Q!Y zW*~nB@!tyKzm+=wt*q1$;=dKde=BwVTUo0k#D6Qme>LF0YSw>0CH)sAE3GbpAF$#I zpy0nBlKb!0`LEwz=!^ZJFG6u_pNaz+q%Z#D-VXMASk3*~g$ZPr$8`2X6`9!&_BD>q ze~krY7ZCrgv{3_+CXSiaj>!557P&&&`&(&o<1w2oka+pm>T2f*th8-HAng&Hb)%Jq zOjTbZNz<1|I4Wa_#G}U|Yb0KqERt|6yh<|WsIeHUBt!IA>XER$&TFGzJukda((b6S z7z-r_wn&L&rNoP^!ALB;R#NkLyb_hJqxF#3{h@Pl2udrP-w-)3Y}n(;;SYj)UB5pXv<_7z-)16o5slMr|LT15f^74gfYg zLm(EPv$X3qiX>TWie%8Kk5p{NW?FFgqd%2`lG2{TSp}T)&cVTGybXiRA|Y?U`XOHp zH&%-j-#C;IF0NL^cfGi{sTAJ~aq$9~;-gI^_#{bTReS+)JuI$=#8o1$r^PizTrZ2O zSX}RjYoNGl#FZ(o&%~7?uC3zQiyx#H7S|?m9S~QgxDpWnIa?wwMO+o)>MSl==R_>M z#Whh}e-f7}uA$<}5!VQDWr*uCanY(3V!1|K8YB^1w~C9_YT&w4Tr0%2KwOK(g_SPK zXPLO36xTFyy&x`9+z|`zLXl5etc7c>xU$6ciMVL78Q5lV)kBuRwNqTR;`&8gv<45X zQCuXu;A#u*L<$d!>lAU7h^q&?3a7x^S@Kzo&w=te5TADW%*5wK@|l9qG5B-@hH7tb zucOUg?ayFZtg3PcoBSvzCv4_@1S%I0?!Zn#gypFDSEVNvgRK`IFOKoDV9?`T106S7PYVO?*5AQK7siy*?r z-dsUcLgomPiErfKOhIx8nIuSxAl(JYAVd{JSlyd0h=q`Tf(YC5x(Dh&0~=}`1d%S_ zJ%T|L$Ob}wN25l%gLj`GD+s9-M7oA|yC91RsTM@KiT7(k$_QC1h;$k6KLwda$Ra_c z`*^Da8B54)L2~eoI(S2nJVGW2k|D_Rf@BerFNj5u#|23vATnEw(y|)Xpo{(<^kuK@IS&(IftPw=Ir}t_>9wuaoAktO6Sa77eE+OPz zL8RMy9fC|D#3hJyVeb$@iV3+wkSu(ocKQo4kdQn<(gf)#NG2h@1gYl^>g^;*3L&Y2 z)C$s0kiBqe`~SjqAl=_<6=V}3n*Dd|j`)q=GqA~JWIi(D zyK6cBmo`OWNBp5!Hj$zIjn~a1J}yIDdk1aWv1Y;7p{|t^>)PM~w6>uTti~>06NO+r zx*Vj3NNV2=;;Lnt<#UT`y|_xnB~sWI6xYLoJtD3Was6FfB4K^6h)blZj~=B$dLl`E z?~6;Mr|%1KiNy4MFRs1#!DzEvT${voP+XPbN=C8~3FvDtt_s1ric2J&FI!w9-FySY zB@)eN7neveUy-;(a``S7mq;t$b>h;v-}-J7*9LLT6_-dN9~KrUXCi%k*!m<_nfQE4 zTq0$BFN#Yfi|;LQi8S%OCoYj7zK!A%sp0!hTp}raA#v4mul4;VE?pt8^3c6NR|wjP zOM1SqlekJGTu*kfLeO76Ng)^{pQI2BlTUPGpHn_lV8YN5n3thV#W`&1xzBu8*BJUU zK!_Sv3B~|G;f2w>56Pg%DnYIw!gSt%AbXK_t(zdifZln6Y$7CC5Mf5|3_&Uh2`}Vy zgfYF>3$lceje-c1ddCS;LCBke2*Y|u2{N0I#|07Q^$rtcA|W0@2I3o%>pVeJLT(Tw zQ;36ep`06~P=y(bG|A*8b)!uZ}31ku3UnpF_#1l~g;@HY^$6M{O@ zA-q2evVxF*3L>4uyG@YAguEt*bQJGbf|L>Rh#=BwydMfOjgWbQNC)z+7Gx|T*9nq? zZ`96fg5(i0LXZqWo)aXCkp6;L1o^8VX@s02h;%sbeS*}}aCijL7$ud?=k*9uOUO1s zq$7G~39_D$_XUwo>AgviWrVyeh;&fzRf0TB$b*7NXZ4N|q=b+=1(A;HEfi!5Ay*3` zo!EQ6AjO0f3X+9y)XrIg3?$@CLDB^2AxI`6CkrAS-Fu24DTExnm+L?}y|=9(d(oA( zt%B$(K_ic@t2Ytyo*>J(!+U=bq>_*q1QEgD-6;sG1PcWzkuaMDLCaXQS&Xns@ClQl z5?muRQVFVsHc=ZTG*SuP6`HD@FEq#!@9RR#(RvGwW*N_c7J7jIws4kWbz|;)K-*4( zF6PP^+97Nq5alyau>WL?=UA-3jp9b_+cgMk8m;g7tm$Zd(Um+XKfS2wXuT1u2+%1O z-P~lf&d_Q$>5*t>zR2TnW|Nusm;ar4Gf#@l@cnn@{U4cm=Y1*K@g}gNG0g5N=ZdeF zA;vuO{#1}!LCiDn6@si6#60tULJ)nJHP5`gf;=o?%royB1t}54Jo7FVL?33&Gw*W+ z(T7>{%)5&q`Y>yrc_#>>53}Z(w}z9a7!>qj);#n6SdhIk#F%H^uM4tC5IS*y8s%a3 zQ9&vNG0(h91X&`8dFDM?kP1P}GjFFL`Y>yrd7mwabeWi$cZMMPFl(N9H7j^y+PRaBL6PR)Y1$j`&a>+- z&zfh~`up&(P@<2=EzGZne`L(BU1QCo^_CCyftD81N1s5mUw!fXoUeFr{_Q#=ANo`} zLpy`A!pq_ne>V@#m?RIqDRz=PRONdr+9~InCdsE_f9k)Jz62!|0>8d6HZ!h(3CoC&|@<=%crJlDt$9ee^a@ zk{1c0kKX1<@@zr$(c3&po*;-mdYdQ7`GV-9w|SC$h9LUrZJs2j38IhQ=1Fp0Dc6BM zdYdQ7-wINhz*8;rBzcV>`si(*Brg#}AHB_!FYl5`@=KsZM{_!VpxfVa`0L0DcuipnGLBI; z`LPMczb;C=O&N#L3uFCFIl zD>rKPx=O1%2e<40?DSXROn?8nXqie@o_7%bd*avyj)dgybML{`$)Lj;K2HtYXTf@; z>U-aHx*B+hmLB`pRg?@qyQixI+3C;SH*0^mP5(Of-I{K>-A8_cms*uosqH;g&v_1J zDhnpz+!h@fy9!0SCbe9(ZfyMCQ=LFrQhYC?LzrTYDyaQk~{1A5O;a}3jzj3ti_r`>u50_pe{{1-Q zq}+`SMo`|QGDq`(`ss+g(=koHWVmtGp0L}$KQx~`bA{@`>8gLT;FI<6_fcu-k|M%~ z4m1nflpvMm-ZLrc7L`_zsfyYRbe} zv6-ml!b#tpZbc^G`6G^-8{J(%ZSeu3Z_?gasWYYj6s7-V=tKEwi|}xLDlU2}GA7Nt z`CO#P3>FxZ4S^BD%Ti7Jc4P|67xt?}{5Ej(T=A#)_Y?DWfM3*!z1-Q}8u|sWo^0r| zW?n;}M7%y_@>&}8dLlJuCEO0&I0<($%CHy4dlc^y(48XFkfRk~G8n(%Cd6v1B}9+s z`M>1MwaKk^&E+UyjY#@9Md7-^6dbI|!LN0X36JrAiT4`efkdtvSU@7AJT+$p8q`v9 z@OIaq_$%Dg@YX%n8|r|)rIH$gughHtc+J7Ee{!7i-?Q?~!^m4x`JdF1{PzrgwYmIH z3dhL*K8Y%cznBKsu%zs0X{{|EBhGsmCwKau}>_*4=3`R^J0 zm;aIcm+;3f|Hc3D%l{KXiU*guq|9Eg%MCMWd zqeR{S_f97HugCwNk^jW6$0Ps6|1rvc%K5R&f6w4oj!FLO^>M87pS&Nt{6{AKNdD{T z|C{7L3yfow|LpfzV~sCvWICc!>ITm&kulto)B_-}sajH1%lNzVQj8VRj*y{wU6IVp4%q zxz8q%{T~&#dSRAFNrSbsBpY3LZjZaod1*+W<|$g*=~z>YW8Zl8YMDo+Y4_fC6#K@v z0i-#M1Ky$hcqv+Aesxs)#_F52`q|9B@#ag-_KolVldM(V)IE|(!@hC-G)Z{Fs=7wh z7YrdBat6*TPhPhCJeWasWjfCv@Hjqc!gap>z*i_~CCcQXw*|?T@(>?zEe9FLWNrhk zl)jZ9?|0#Gz2}!xZ6{v=FYq~ze4bNT*BD+x^GDNta+sl(O;=-vIE@05B}p=DLx+%H z*k;$;6xmws9Hei)>-IV5j==aVdjHN<#Bbk?H*Q~3rT&U0hiNLB8$Qob#J+v^gSPe! zjyUr6oriqk?YrrH?A3*7^ALAVUU{E9?{4>{i04qF>m+;GRptnKhF$j3!)ImU6+Aq0cX%;kbNeXi%xEgE z(Oj^R=7M#O7Hk7j;%h}X;4NQ}OqoyGcHSHF>}9v&oj&(KESzU( zOIySKLcpC_6ucgmuXbvW!3}d+1*7}FKX{%}uwGeJW%n1(wwKJk6bu2Mc?hOzZg>l) z(I*=J(8D9L?jVZk`R-k1p?_$lwqU39OOW`ZD3SMZt z05!fv``F2XqkIem2hkupZn7MU==h>*v{#~=Q4uEH9PaK#09|e^3f=(osI-#e2#f|#!$Oet%OzGv z5DOQoQqbU33Vy;p)I>G6Uhx(nkRwHq10eJX4VfC0Lw{*9`CjoSJHwd$u#*LL+0^}s>F+&^O33$L9b z65O-OhKX^-_aq`y{d+^-;FmLHO@MI^s)GbexR5_AiQx+*zt->x{E=j3&gn(f&+O*5 zQ!@tDM$7y5vex$MB&#JvGkFQ0M819XNY?59WK|}m$YYN2aA@e=BM=(kRY$-98z03G z@uO47+_WXM7J<~@@W%Y|;ShJ#2@s4l-l+cl%JS37#^d9Nn*Ey^oRElGQ?vKL57r)G zSX>$Pi|YSE&8>ESmR|!)pZx)$EWO zyae&>R!`x!WbSUoH`C1LwCX^%y>SO6hR>5M3B<5q9Pe^?VGd^{7M@Rsx;WnJxbajffqRphUO?as>j3|MrVBZD%~Tcfh}QY(W9cy zmsx(&vl+4aO67}?$yD7>fq`{>W$>#!`fA?SV)Ydp=tt96@|Q*Qm4mNP6ixM&lPNKi zUhx_E`j_>U2PF*}3vWcqrg-lJ^6%7FZhARVu*|px8?-dGV80_jqOZ`xZ&Q8cFosuX zAsL3gvI}l|prE*!x^ksiU8#nzh`QpefFklbg)5mm-mI=HHhfKly3&h$-3yAYuFTjG zRaeH6Mshi6Bv(RRVaCz!$6akhW4VIxafFW-jYYgngBP>XGVMB1T9$B$<0~z@PrPWh~~d~s1!X<2^Y&@s$+GSizWEiYahPic7wR8m@Q z<<3x}U60>pO3QR3C@C#}=VETvhQMdccx9R|l(99xK zlZx~f>WQWdR_;>KhrFKx9WVN3(Tlzp(QWBG@E7N^1}upFOZx8|4y<=R+|tj3nnxQ_ z4?NG2M%4O?$sZmIo_VsprXUTXVjiN-LDcS(!{g}kE7TUKMoemw+U3#IPHZ8yUQJTl zL7kscYlGA}P-@{6JrR0L7^?hS*p9yz$6LR}07+%zNvb1Im?_q4QL?}30tCj?^7vQ` z86im1jS&2-jR8zD%+QHvklTZctlqgeM^hBME(eNQj$8t7NSf&|n;gh+kYNM_*3Du$ za_eT|26_?9@9&Sf0lp1YtQ%(Pk&2G&|CSAhba0SWV_06~-ADH+p|NOa*zwIXNMddn z*XilV8fxNT7iGS}13n4^+XKs>rM!+2Jx|U3!fbmWObr~h@Zs>(!hrG=Tms+IY`8Yu{u(p*U)D0C&DOBmL9pzV~Se7h`YW8~2a8!6O$e zR`rFkqxVn~si=jjyl4-q2wY+zg9GpB1_wg!Jv5nx8bE@`-5T!z6qKD~3nvx%-2hbe_7&wB#->e- zujc+Tvj-R-ODf-(7$55ZI@h0x`7h=>=td{1!2)_Uzez-Rch`A7}6?*c#Md%KLzUurtG6B_3Yo0g34!WcDkLAACdh#CHvE0&{gr? z0teXe@6mpG9w=nNk^1Rk^wVeJ^ix`JH~J~r2=V+--;$9K#d9X|4MQOh;m0r(@@ZuK zjO=?+e|>=ZYX$ll87s?wfch)!eziB7DJwxWz_NoFG6O>WRm_wv))BqGR#1O6nJGhm zt#kEFYGh4L5GBWhL6RbR}pr-`i%^ph8VdX$mS-^I#`Obv1~V#LKQT5`j=_Ek3|RC<)v`PTx0oyFDDn&j z4q-s$$AYq6B+agyB8xOI>ItoVkM<*u*+PuaYSSoMZ7QVIrcsyDK$zM8Q!?h9q0ubg z;n_`#PNQhisgM?(Mq$wjmP%oPU!wy=@>(6QI^}3Dk3;1`&)NAbX-nJEa?_A4d1%m_yaxLIl)i29T}|H^ z^ofe#57RGs2i@>OOfjDo6Vq zJ~=!O$yzd%5G8#a0ivS|_$jKNMb?){KhxKjV0aOxi@<`8z_66iqxdkbFVTVmt#T}e z#HD$^_cdA-2_zN;XC(QnO24P=Z(3E#AAtu9MnIVwlLDSvs4DsOSYg`d2o6u>6{a}| zhWF~yc!g;Y+90yR1Z!X8;kE}_*#jd}?fw(({^79XIvnxgB`^O-JYFz7Ei{;hk>+bl zxRe`RTcSN;%(?G{U(=ksz`~15bSTkY4F~?1R+lP}G|zSEg9=J!8^TwTPb~Ztn3k8y z4WF;-KFMf1=B8K$O$zzr$9}dEhCV2Ex^v25u)cJO9){D2E-(=TbB^eP!t^x4V1cPS zzOle`I8b=lnZ4iDjn|jzoc_)E{x2}tCus|xu4{zSnPm6>R3WHTL(hv=TVi|0goz zll>*;0%}z_!5RE>D&2s!sM%kuo`zJ4(xHrkiQvy@S?8mCe**FxS_~gtLHfc~0WDlz zB-NZ4w)01#EL;^>^@Xccln`nW84%4kEnKy=*Ccrmoh1}T5hMy(yV?x5)4w&|+LaY| z0H_}jGt1i5m=t<7g5!A_;jp?^M9Xe3fMV#M&Y+4~$b${oX}HMt0oIRxLHW;S7XL=Y zv7f3v32N{rqx}1@uFB=dGSqKSLYx?QP<~h_9$SxS>e=j+|LbTMhVl}y_^}*SuV(M1 zMP1UCgSVv8Vk+trLvcOgOZp4q!~0lRm)b<}!3ORoXYMcPUgl213Q@4#+}x&}#I!Q? z4x;7dB-%b9Ui3YM4?g2X9Ro{K=8mDSIk`tm6(@u~foJl^UCmfhQoJNen6X8sxQp38 z)__Jei_|p&9$llbIMpXSDS{eNxo+fWsBPhcR;SPh6T>O^wZvbZ0v9z|p27yAEKlV$ z@bVO5NZ{qE0;|3}1@@BVsRC>4@>C?~Z=Lr-TPp4e*DOjB+J)o-!CQ|I66Nr1wH=!__@c)C(n= z%#RakrTf40V={~Of6e?jP#Ck$$kXF1k1{oI2EmZrzG)HzMlV+(ob>G9xyWqRCt z5Ol%ASXRM&U_7SBX%OLNRyR+NAJmg>f!T)xHcyWylbffa%3O6P$>-W7R_tZ!OP~=l9`R@&&LxYRr3@>|xlU zo%J$!C}F%PCTG4v>n`Ga1S$4`l8+kXqtKL(S1LFkli&q8zJ`1brhGgZoo&c{V6C^r zJuY+$VvVAdU$WPwonYW2o8i&&yn05H^6a}WQl2gN)XOvCL1~lMZip$*uMRHHyYQ$@ zd6?^!$}?+Gv|hizkIS&t!gqZR~^K*LB{9KI?di{>Xr=Fj89+3R>h|SNn zlAkjvl}+dI>mllB>XZ=^mhz^7gxFWfKnak9i|@Y}_R8KvwBkJ@^$q+TCi z;gY4X_h-MC+h>1}>*E*vXdj{G;?&2R*X#AsP#Cwo4;lED`1mXXUlkv}%)pj<}6om`|bn{eREu>UvvK-#_|8A;lE+HIWnWaVU;#ROYEx0SsoJs zrN{WTE{tn88F9Tzaa9l&TCkoTcQ3)D8EsaWxi-pj6>4z7G-x7NzLEVjxR*gMHM?t@ zxa*s^$r`WOe^#u!Fs(^?6Pu*BxJi5)nz*$lZcA+Z3o^{^NPP@DU9Ybzt~1wZ1n(iZ zc0OQktN8_y`nv3&|7+??mj^Q9jVg~wfWi3GCBXA6*S2cyujQIDB*35ZiJOLWhDWV> zQA7fKfmi4a2{5#rCBR-kOMrd&(LR7UF-w4$^gn?QT_Ufy~cJt(%1F|_L= z{&z5`Y?QlD(ycG!bPwW3`xH40KZpGz<2*NM7+Znp<^2esdV0B%p7zwFnDYK`A*cHS z#dfKrOC!*ArgT3k88L7e6}W^KOl$A%KP(zNO`}-r=Ffe($ikKI;On)?VRpA@Tg6e zbg8^1?es%pEpvvrt-2pzD!~s7kUD5MundtU$yfL{I2-;DF!~F86G+` z(Hx~N|3MS^-^@SDpJ4JAgCm1)UExHlyK~(z)#|p@4a>2*&#W7kVRfI&5j;*Y1@4@t z{g{WnE%K0A@2HJqUV>_jo%3Rjvdob^YfKfX!& zEtdZ(qx?f-%g@ee`PmsQKb%tjt6C`kcjw2}e~aapn6z|6B;_XpmmeSI^0PBqes;E8 z{_RcDZ?XInjPhR)TYh#%%g@ee`QeoEPiUe1*ELDM#qvu`S~?<<@)Lo}j}LSC*%>WA zJ6kUQ%}vs8vHatW@(+nEKRcu4XJ@qha7y{dw^07wgO0KNB_=H$5lQ)pz~#q>x%}*m zmYaQczB}~aX1HlT8r#qg|Cf&Jx+4DpeuX~JO$`*L(Iyx639Ak!I&wdm*^3X|JYm6F zpMQJ`ZY|)f##+}bv;}tBw2#lHirf;u)#3lVDBwZ4#&)^>Jyx~^$z928ue{#!qGnk z_7c>0<-4()s$8hy{J2`B4RPOylkTU@%CMKb%h9`WdS`s5o|qMz|G~k#DH$sApCE4LhoK;w1mi{juZyyY`oPwEq2Fk^h#I5Z!j{Ux`Y}U8}HZ zC)Cz=6iC}J&|(=G?2GFRT{hteo*vWgn3$XtQ{Y@j;L;SFs6r8O*6*&iR7s1VTmUKZ z_j4c_hkpVrqtv;2ICFQna2n%4Y_*2+(JXrYv8)?&MxIXE72viXRFuD6nPAaE*r$)2 zhr(0hY5*0UtK!y#ns|HK5-aXJ1#rqEKc%s;mh}mYm+p*+ykh(4>0a<~FuCp&gWSwM z`Zg3E%%F`M%fI77e*+<6?=2V;Uz+xwhjl*fOvASezDZw*;SX4iIN-X??*GU^?{pv0 zp5#z#@g{r?Rk)=*x!ql?;a#T&+WkHkTA6)()prK7vDLkWVMtG&B*s7^(lGmT&cZiosmIGZ70kW-8yQ6mO(_&w!8q1Lb>n z4st!k7b)K?JmX@_GQOX~AO2~ueGJQd!u<>`Rb6yMvGZmrmxd|Oojjne}iH!y%WW}4BStf=5z%FjXntmPK-+V=uWPbx$p+xcd>6&U#JjX zWBEB+AH>ov)y1XS+u&Rf>~(kAZrD)S4<}s4r6?aNijKZ#-!4hxX&Q)>Cvq zDu!3n{mWx6|6TFQk64ZJb2_H-8gv4 zp!7I##{&LJmhOi%lAqXQjtci21VtgosDbpZ92snP(h!q^6563qK?bKgbMb(cyOXE> zboXg`GltXc{=PN_T(}>>A|DDA8a9niWAZ&RWbD&fD8^hc3!-@(+_X$PseEcwEb?A zPW>7;Fk>62KV|bRaBdX7W}WA>hRF9>crJ0T;u%ApJ&hfe1(k?qSTJd58Lmn=ak!$rGk2Tf`vTO^ z_mqNvpEEn;%sn`x$B1BuvtrNKJN=;|zgE!yeeF3|wwGh}CsF1w<$zYR4UZ&NLVcyP zt2#yTzDxv9W2Q3yetbD|YiFeM8=v1etv{&N57gXmlm)i~De~9jPCzYQ5wBJG74c*& z+(%v!pQw1skUN|jptF~b;H|hZvVAXEFW7x1+?e8EoX%7||HL`Lsq`Ws4Cy07uJ*j| zi~CW(YwN%)Mb;y9pbnQLF1DrBt+BdN)c}rHtAUGc8Q~OlBOd;Ap+=yt-u><&+9OWG z>ELAKj&@HowX6G~mgu}XE(&DRbN0sZh27B>u29mF`Y376K4~~#e+HfJKVz|ymft6n zXgNe%Mzl(z!NzdkN{@7vLy=A9`%uY2B@&fjw37 z@TZBxkbeH4y-Hf@AjFYNapWRA=8O&Q?M`cDQEt7fo6~CAkWiMlEyENEw|_lrt&ZGp z-FvFh8rGlfu#!mU)%n3ioL9dKr#tteM`SfQK%S;OiYE;)9&&Ywxr0pYTr>+w#uK59 zL@OsMpDwYpgaZG673KfW9ofHv|9kU2jSVsUpR|hfWT$_-T6F|-s;_6B8J^7Eo^P=m zL_N3gZU+_XssN zG@~cp`*vD?YN=2B@PoqU)hhY7Tbj&gPI)bTwA$+YYcu>ON?o92`@6OQKT-=>$2mek#nA;h2CpqwJ z=taT7Zve7r@0=0oF&Pfe$CzxA1#0dG+;?&hx$tcHR2$AUZ$}n?JZ$u#AG8uE5)SKb z2X1T8c~kmFT`48fl`^O+rA4|@Ds`n7zU8izg06HJ0puV;$3CcDn$n}7&!do$uJkGT z&;95F_osn>7gnHOEL;qhzCV*_IYe7Vv`V7o5v`bL8;Dj*w24HUMzp=){e|c(5DTXM zlX^e(8Z@IL*n!Yy9SD)2+oYxDA`Wz<_Njv+{Rcv=q$qctt1D*Z9%H{S(AH1g2iIZN zCOLAq8t>(zhe{91v+TCx$y}V|zoms9l%kD&#^^zKc8Cw9WN5!;OAq=8BW1J)$^5l$ z0Y3n$__D#tbspM}#5v^w?4Zp`IPB~Y8_K>ScF?vakjvTeusFy7Vx6Z%9JjGU>>>N0 zN&_ht#Ltd_;&_l9nc|?E<#ishZR~rI9eeQ?>A>I)kWJ!vj~$ib*vO70;`ojo*fpmx zA$DL`CC6{INGrzM;x8lks%JcFHq;Phy#ae;1K)4z9H<`fNp`PaZeA( z3USa~ggVb+aa_#~u?6hAnH|#vxt$$j#o=Q|o;Vh=L+twc9%lzH<0!u8*-;NZN1|`A zqgEVM>{u_3f3kzt*Wm4Ic04SO?d&KK$3Ailn*u*a_zPBceWXm*4TEi6pTb|6_@e#b zx?$*WzV7&fjihm*9n+zn1m4MnTYI!Ol~_tl26b6Ku zysrtciGWcI2xEDl6QGiSa~TjO^Zr$UB?NS3Kp4(@p8ypEBrzb&=f$;g%GGQF!o4WF z!ie5k0!$>}Qw9d&6QboN0aOCsVjxq1s|3g)U@-$J0*nzLgMbAL2;+JS1+Wls3j@N$ z-tz?@qbJ%W36iz>iphBrrtSQ+sGucwT)BBNb}B#+A1bN9C-H$N!4CpQYJ{6 zkaDz#nM5Np&M#8H49y1;ONy1Z{CB*8=mhN9&Z}DQOP$6U>%p7d3cTFSUIuEgs)z+q z418ap60!96BL=f9Z7fl7E= zqsP91*V2|0v;CBRnP0JCm|8q)w>MGj*-Dkf>M$dF!xb;}!f?&_&i@yMEKK z@VNl%FgSmj+?^aKZw0N7ApIe=63^9$r-Iyj#66na=A|2|pU{V$&1InYD0t*NYUqV# z_$Ou@{#$o9Hc?MlTM@dmng3Ut__xORAJNSJLbHGUyw~H=FxbCM;T`k6N>yRKr?PQ& zYt+)X5RBF0c3F+49XyrmZCr@V7U|)~A0_G%A@D!Y&}008Tsjcl>E&7 zm!I@sE_R|-o~LBz+lrNJr){E=eX(ttlKq&i1gMhzjEyEDO7>FQV*Y*IMgxtKz0y{R zUlq%US*rhHTMpTzhG8uj`*7k*RRdj@j3I&E7Lx2uB)#hYuy!W!Q54zZ&x8a51Scpc zoy z%-`qvVzmX^6)2`+eG77UELN|a-NixAk&S^!v+;jdh-Z1q;tr%3f9AzF@iKZ4Y-cTB zu!j>+HwS&a9qkvPXDYu^-!(rhm7U14i@Ur^Z)c^CNT0sN67iGLr#D&Y2c=I}uC4Iz zyRK>LpJ|nUFMawrEB(3j>BFq_yV9qhV5Lt?pWe<&AJHmZ?5%I$&>ZjG_4Gld^s+7r zw|Y;_Z{2rXolK~m30q}pR_zk2I0jjYb-jR}%DxCWaX8Cak$M$r5hvkFiExum#Uecj z<)w%fZ{6rgTGa716$NK8vs;iae~L-*;q=2K(%w&Kjtw|rXt_|`TPr4rFhg&x932}jhx+B3`sE`$af5Gib`oa~diKuElo@FbOR0QM@QHlc zQazw7{7a_yjs`ya8#ZP6JzH6p=|&XL0I7I<*&9;8ss8v|9H_>rWfn&5OpK^wyQ-st z`%%0V?OYz*cV`MT z4d{IhsP7t(RiL^#Kz*3#5T1@eWeG53lC$rV;X_IJQu?HCLu($E*DZJi$D$B<7@f{B zFH>@i%P^jG#B$!WUxQ$+Fu=^RIJ01O2t^iLBB4@*80`0xiqg^Xc6>B!iMG~ zmZ1^C^%m5^R0)T;KrgAk%v|oP7A=krh0oa!Rh^I#9IV##8(8x--cq~h!+*zUg zh#w`U=JK52f5`po;i`>ilDo3+HeKLmvp_M2j>yJ(w7RXXuZ*zVGUAu=B5&I&+NNSy;a%?{A?5^Pul@8G$Y z$qA{eyi6~lKF5KX*rFyE$an>!B2E1p1s@SWktWK%smsE@WpN3DQWg8^I41BK-l(&y zZs(o4sy~}m_0&~)YtK?;(p0yM>TFpQf+nJ@VwA8O|j^3 z_b}rTovvp;%v{#oV8aq0fSVWF@Yz{q~C=uW+U$S1#I?q{zR!=Qw4AXh zLIUK;A{jyyA-H$=j@cUU6n^@yOZJ{qP3YY@hAfY^`0_%i z;s`3M=D(k&oShTQ?Yl1Wi8eErBjF?R=~ehIsXn^<#>7|BKbZDrpQ-1s`Vsct=y_T5 zP^{0TmK+S;gNfdzCFyA)a;$&#p^6&+<_8wMB_GB1 zD;C7E|ImTM!Nf-(=kYq{Ir5{7z(YE7Fi#nQ8Jw-AZNOz@-qTfqy^hSvl@OzGgPFgS z%T>yvBl993@A~-I_ez_Ww+kJ)YxS|Kn;S-_A-{GyJWLhA47IEj>ec}Y%P9MX z0#KZ|2$!fDX~57r;rSw;mdQ*Tgj(5BU5IZqz!UIR{E#S8kHKzK%abo7)Qz7(o=|6g zN~pi%QWS4=vB$_f^xv-_)10!?C@=;dV+f* zBTjWxuKHVd{AWdEnTqcIScjO2V^S%iCNcIBUtfD2L*1BXkec~n~H`l^zt`QF+Q%XrNp2ucn{^+ktk#j9NlZc?>4Pj^>DC*V2Z964Q-gT!f) zWuAa%r|ky41B(H=EfCpP7BP^Nvhc5XLl=O8zu}uKq8*4e(m3QqxfV6tSU5K`)Df%) zu|U!v9JGU!IL*mVMrx{-ipW={Bb0;>ggoECOAB(mh#;kFZXdy^C*P>Xlq2hwQ}wz( zsxVHx483x^b#ik8wVukvu*e{!J2ftGWq5BO@`OA!4I98uhB{QH^i@xDxkPRS_(ZHq zUSJ?GVczgyUO6vqSU|{CNqw9pw@2JcoH*S7+z$Tet!%W|5#GQh3%fm9-pj(PL=|WQ zyGkn1n;gX7#C$6?@>rD-yq}*yMz9Vn*#VWOF~}@?1@xxVby8^s9bZO#kCaeeC2>wC z$Ln}KFnZNXK~1k$nH=6!bvnWdS(pm%2s! z|7HR)o5^AGax{DeH+i@Q2Q3>wB`0)7cse%mRFF9}aZ*{h#SJDoRO6qp2MVC_fedGo;|orQZjgoP-s#hdW}iJEykDCLc!qWCiQx1 z)49c1uD*w^N#H4&tvthQWvDt(GCe;yn7@U=(;50O*EBsXmS!Uo-N`B;+0xuYC~#_` zQ(1VQC)Cbtt_Y;C?mNR2DjkEUhsjO^j{WD@RmbWh9Oy%^n_@ zU0zj|^L|;*atYSU3Gc<`zpR9^cY&{ABVEt8#KqC|kQj*FP?$K!Ht&qzD{vvQRG8nJ zbQHYi7HGRk{nQFjJ+?0N&Kn-^&a>*W>~PNHv(-4ZqIM;>R8PlRp3z*Hml-;kYf)5x z%oJo>zIcK?v|hMPH4a=CX>*5oQ0!{W7Ei^j>4CDE&HPTTO0h7$$a(k;<<>Y`{D$D6 ziO-_tmd8-8JO+G)<>BeL4fVo`#B0vxI_06dBJ!@{HoL#p`XiiP`m;6>D}!fAzb`$k z5(y(`gz{%kA=tReQ&n;eaxe>8@fz^Z9_8SaF>4V#zbssdhcn*l%!5oEOgATNIH!Bw zyXpd^y@AMA2$oyvS~gTgZq2WZ$R;vi2zX>Vcv#|CZX3}Jl*Ee2cA6c+5Z_7*F~pU> zp}k4@KMz~T?RLn%gy&kV?B*+J62WJ(3J=HVQKecrCPBoa9_5BE6v6kEOvnjUIfOpQ zZl~SBqea*geN!es6w-$#jFxxXuK^h7Ka)}nv9HZ)UbASTQv@NObSxsI=X6G z2C9wONZLgzep54bH_&J^z0R+3n(Us*P`xr&p|PI>>G{MP&`n>ky`-V{Oxyp?R`+?TUR$m8=4`_i61<%DlM0d>E~E0r?u zE>kGb`t*RLsP-BIzt;5b1HBnM2oU-WD5;9w>L?cc01;-(3w$(rah8}p&5NLbiS@6{ zR=hY=-r&WTWUz@L@>y-1k)-Dfu+r!SyDWa3v))NN&5w?5`Z)PJ$13klQ~v9K z6Xu*$esIKb{1d9M{E_(Y@FO+9FLJu8|HOW#zO&Of$G5Ooukv9d0_AibEA-rYtx!67 ze%g%2KlA1bf6cat^~T6{nT$iZETukpluY2sn9#Vgobc`NcQtw>rf$kK9@-#;ZZi5G z#7wQMCs(uNS!0ZBpP4aA$^20y*c=!;r+RS>^%y_3%~bOd`qt4>BCbohgrKyV|E2sd z=08*HrFq;)dQqcsI<=VoUi{~rOb5U@$@xL%2F-mv#Wyp83cFC8TwHN0)IVk7f z823ueDw-l#Bw`XRAKgmGLWf1m2h`P1>%|IvqXra&$5hpzdYbCYR zlQYB|Z#i?QZLP27Yt8i0p3oryCU?QKMj&iQhysxxgcCWQ&_Bt?v`;-Juf!JBKuvAH z-zHNcEOh@13y1O>;nzWbrs~<6@iS0voaG4}0hId$N;WkpcB-oCfC4)yJ=}y+&M*E9 z_MJ2Gr2x*S`lW~SL5_HilP9Y~Oa+(bUDPP1!sagL8Cmn&#!H+wZ-%I38|u`(bdenpH2|SKzOYfFsU)?0+1@F8QlFyN z`JDMEGsPd#Zj?crl*e?v-rBeMO0S@1yD~5$`!z0s$W1xh{o$drJpR{hQcoMrEZ-ay zKhJoc&XNcABYmzO3jHiLvq!9aw2{T(`U>Az_IOoa`L*;~Myw1|5uH5R*hGw)f5v8E zK~>4-P|xV_0ZjgX<_)Y4FY!dq8z6@klzhr?H8Q-|7wIPYm>>=XUG(y*MPCgo8jTW# zMU%0bzR}eGW-&o$`lFY#uWMbfhiJh5Wp^b4ipo5KgqSK7pC_N9x2-U4Fky#)Ed;-T zUt2ttd_PS~lv;(SAi7@r%4#WUoQ;d7IJ7dWwoCU=m^)b_j(G+~a}*az8x=T`&EOC_Zv-H*pR zf2B-_`)2HEQT4FO6FjZ&%Dxf@GVhSc$KlPl`##t#IeqQXnTB??Yo=}XdDi^=cqhS9!R>VuIQ}I$(AiK&>(T6~QI4E4&4OTjYEQU;DiRu(Y;$+9ug- zIzaBIWo1zIWAckFxV~T%L$}?smvEG98H{|LIK*a&+)8oB1(3}*kXRXS_-r2WO)4V$ zjLtL`dYEr*)EgIstF)gGHGiaDq;wS6)hGKu@4S9CdP_iWw}l?d&17b^Woop_^CR0~ zCx?}mZi1JAHjqp)>P6l}Flj&o2gelQ%g7}vx#10MVa3(HC~I`#`g}bT&9bJC>7?*i z-UUY=B@BK`wfO@!1#j}sH^Sd|IMYZ%fAXP1Z{<&d>^j+HTW!*l%StLUB1^&>A?QYC z1;ChL0UWA_o=r=z8Z9KuErsPDa*rOr)$s&7GU=t$PGqz^V3qzR~}Pu(IR(faEpFevC|t z0IUiY`#sB0hWInA<_ZD`s4V;(E`!o;Ngt}TTT^MFm}NQ#N#IRX9m{>KWA0gK!usnm zvaPu)GL$vWqu};><91FDcae%SVWQynM(P+ zDc@{xTrJW^2Nf9i!*wOn690qxMyIVXDnDpxFw707>7!xGBUBaZnWn` zt}gA%!RwJmCiwEJu#Jz%f_HrtoLJ!>Q&E6Zfd2WBMMb7FxjYkj6&lb`OIx;g%z_0mesVhgrL(dW2h9SJ3ty8oAt%N z;qD~M8tMMxBhwmfHg4YK0TdG+D}##!J8V0hyD#>~(bA7}Gp^hYP*0+^URaeAyeLp& z$k`LuA}W&HPm-N_7wV`o2Jo}AbTYqMQv?68iEGsn18T08Ll(X=E`T`};E*rYXWI|Q zBgD({qFLINDN2!9r!^GC*8Sg3&8~wf^3D~JHCBJrK!3DKB!COwrhT0Vm3il9Bqo$aGvbd6gw)bw z=lo`QyF;t&yN=~7F>3U7s#p7fiY#nHN5;=ZyZzq9(uhp!v$u92U%Bu-G>Dc259R;| z`RyRi2Yc(i;;pM6Mr!KUKSs)DS>;1Z;}V!-k8mNfBCBi64*vtg=lKceW>4Rh72f$9%EFsGa;={-b-bBxK~ zL79g+=z8oNTN;SxjBKC5xpO~dPd$D{i}wVM@A8FP#&~D814g)|y?5rVJe1Zn6_?H$ zAP#FIt83#|M+R=bfbnt3_?;PF{gfTqQ?vshD<2p*b$HE^;#ql;F>!ubWcO*JmOal^Nnl+*KF{M+V)99W5e&j7@{s}v;p3$-e z|I0gbHZ4$C7wr%yJ=Qf>;hTFlrI{P3Z__xV<@UedN6s)gz4Lc+J>2+ah3V8GEUX~fg+eqboI*AbK1P)v1b2kk zigwgCB3awmIsV8_pDAEPrhwh51ng(%p#)5>6A}R{n{|etxrRVwRim6RS%2fsJC9@b zw@DM(xA52ZuB`1m^_^!VbZFOC2-Fedmx%NgHO<&7g6o~RS3vGXc)t?i-HY&!XS4x( z%4QubpyNm4)ghG&O{wHe%XpvhtCdvlE?PCCMN4HfU@WQpR;024038$niSYF;yl~nf zFP?nO6D3JZPGRJq(V!9bKEK3Q)TGe(Uf}~8GP-x5u?i^O`ArQ*=J`?Rq>}N=aC`KJe|~z%D7T_Nv5>dJAX;Kx}Ji#zhBoi zt?Fu_TtqbZY?Y)MCQQ$aH^N46=%U!`^TThZOeR35amEOKxP zvn)2Di{}V`6b|0`E1cp)OGhgRgM@`=SkeXBLwFyOL|a<;mTqCOjTJ3i;%Z?!{q$)C zMI8{r1x}@-mCp7DVx2zRr0n*oBGdh##P}V`a0@-K##+=f#ZJ1IE{0l4oSh}a1EVF$ z%x%$5dY*bF`spTIO(#zmKc)VVL#xNHQWc42CChdwTAQMu$%=BNBADBh%zO|GW~ygZ zqX!e7ol85wHxuwmQsYk{J)CM7>$LOhBu`aJ;$jDBKXN3}io`ho_ic$o;@$EVaD6=egn4 zTkvG3PJJ*_*1ZT-QNSdSQ-%`0rerSlCG?q(ATk)xGCJRuF8Iy*r7CfVqlEqDBJ9Gv&Xb8{>$T{e+Z)c&34J&v<)^U^c z3NLF3b~FBdybLVY8}F$+AtIL8{c;)Y)VFqA7Vp|yhCIwqh<+?kFIu0(M`#)ctTm2N%5}y8}_2z9wJMuE}l49f)=~J9a8w?(!Dju1|c&ZfC<=py)kL z^qV5dKFn$n%O|pzT#c8FBYLU0oJ`j5WBr@gXJ#+}ADO2}2tBGf|4Gu3Fl|pBB)g3O z=fSFgbY{BPE+FHipHEcaO4XZMmN7ojRPXDHT`Hr;T})dTclT^=k#iW=8%GpSU|XnH zq>)IGBjJpMd|cKTS(fNV1_g81aa>Z;L3Hz7phvy{(R@Mld*fNJbGB3L-81BH;79z2 zMo70WSGRA96jS_;znz-@X=KH2uU`1@dpi#+!}9qr3n7Rj^fB$F@nMl__L0(} zX@F#MsL&FxvdiNiajG9!-}|K^?=FHQ#OUZe#sU(harLir?kMZS=jp>`_xU1&3YJTN zf-yxyKfA2vwow_uUjEqSEDUW?_C?OG-)H<3_Ym+)V(2?Hl~=ZW=qMr<69=gWpG@;@ z1cpgn0%|~}gGS~$SHy;zZ~57H0`{QyS$(%94y~C!Dx;JgLlRpxiutqk#=U@2dzeIt zY+?&O%HB6=h963PTFol*X`n~JOX8Oa60!b&{zB2=dox0!X;E^%N7K7H4ZT@-8jWVV zcjPANf4;6#(SJA3DfGX9fe7^;rt6(by$<>hAW`UF3L55mvjlT8wQk&iaH=&HL>pG* zp=m9Kp*5l|0yga08Z8^)juA6?jGyb-59iY;WyWryM`S`{*r-H6Qn&cSx5K?t{jnbkwyd~FGHUfm}7iM8-$hr;MeA$#N#4WO=h2jf zAxv+NlD7091aWlVZPM~wneaT;U-DkCUE&CyLtRzlz0!ExfKf!>j3&ZeD!YQpWZx0$ zZTDwXcCS*oP#<5od{hhbdm<^P2!c)JqiKK;$v95lwZd>d-Dbs3-#XRcxwKNI4Qm#f z{FD8I$@m~#{i!E&zHUG11L(9QzOhdr)^j!=1F=4r@M9BT4inD=QF1<5GIMaNFFY`V z4ZE?yCzCfhPZa-)0BmX_Y$ELtspB?2At7ZgAG1ZwBNZT43(+O=NiQp}7fZ3&;Epa> zJ>?@!=tSTFMVFtXi{7S-3Js)acU^Q9sm2c^8PBQcj7DRmidUe2ll*|0vH-3s`+lCD zyv_bhJQS>dlX1rDJjVKW{8CNge!fV#F2=vepyV-@{phx&FNa^5vLBwf(#T$i&Lb=z zC|{wQZ{T@3-n$zHwxO%YUxA~i`_q!!H>T9F({O}oD6p3>p%NIux0TbCGS0A95?{^1Ec=z_n z6Ie^;;jqbFV-vr#_>Z&k4`}?Cm*#{0u{QRZt+A)Smi{yH!;F23LIY-J z4+0$&pbtN_^`QYEd!itFkG4UqK4f2~o6?cbq~`LID4(7EV=q(gDV~#@|6Gvj1mHU1$x_!}Z)!iCrP2!B<=wWOSW(kjgMLIF|ZT;pMykdNf`B#}| z@LH$K{`~`Z&R9TH#GBWq%-gxG>Zsdbp%HD-M+O#4^L4N;ipE zr7q=Smu6)Zh#%l#5h8SA;kL>mH2x`*0~PB zCiz>VhuJ74*j;s_Y@I0(ED&6iO~u9`x>bSANx^0(7V~Co@78i%c7+UR9ip92)Usf^ z@Muf4-+$i%niOp+P@-LIyhNg8pG|h#A#$z%(MH+K68VX+9lMoC`N(dTl*?{w#pN;>jI!s#E_c4VyGD;!thci$Ut4O8-AQ|?p1LrR;rE2O?yw&xp5;wzcvzafte zGA1pPn+}yJG7O(3^N>`G2GPfgvRB}Jh|m-pp=2FN%2J=AY&S!<5Bo=UbG(eH_!uH6 zVcEajx9rjF>Lz^IIW$G?JyNGbk$12-NwZGel$4Oj1WQ2BVw~=Dg8!fxD5bbBQeMGp zE%<*I(BLqU%(iTZzZhTlQtSD!CccsVlKADaUg|jDqm=lMk+|l~kzW_*BPqrWO6VGA zXIB)cj{8KMyuLhAI`SP`8jXJ_*7m>kYZ?{ndKW&l;L$9_VuQWpG;RSWyqx7U{Tyj} zBzyaDs#o5@k1-pXC!Q8}kYeYk+P*iQIwGmR4p&y$^HhH~{@^>#Cd`RPdB<`C{0Hi*mF)pUJa3=0o-4 ziKBec{u^181H!=?LM;${v2YDU(>+4;5`9vUc*8_$>kd=YfqsB1ql{DdPFz@SMkpJ7 zOk_zQJ>ZtEhC~t$!4^N}VN|qPut=F_PTra*b?TYF*x(`W6EC5*<*<{GMtB5;X#cY{ zUgwgEQu00iG8D4tQ4Jd&PzAG(C8Kfub58OxzgH(R`mylQTiL|i*bfI$B}W^Y_Ee`o zDV@Gfe><73=;GOw4OGYg3`($RT>xb`2@JQ}#pJ#Q;R}7;@ z#UIn7&QWpynUaq$89wu2%a!KCNzARNq-9JvsfTwCF&`##l$ZK)B4@6thZ&r2ryk~V z@Sl44=h5cFp+)Ay;1kVccVRGAOHbIphDBh81?Mwt(9Tw*>{Ty8%6Y(4ZCZGKs3QKNc{`Q>yqApym{ z(-T0W;@4R88H78j+CGM9T=npp^>8IY3hGOtMX|Fi`n2UVSe0}`5A&hmIP+n+coV{% zNj=Sn`;Rvt@-1TS>Sca;&Z6o^eatUMF=kW6Kd>IYwW#{2Mb)`yn0dap9!3r}zr-vW zR-9vgSyyd7EV;mZ@Ly;?(2Cfw0@>Y$`OboBQ#w$4IW{gHRk$>1UOd;KHGdbFzbnk&Pt0G#{M~K-<^WmBcQbzr&EEm$ zuh0CINjAZxMt&m}Mt>@hvwhWfWdr_HFir9o)vA2*JI8#NQ-kIG1@pJw{9R@KZZLnh zo4*otEBW)x-+c48*!(Ruf2+;k(dO?>{0ctz$uD@;n7^~k?~J+C_c{D3x|zQcTrBSk z%->IotJ2mMn`|!%eGH+pQ>4>niW>7m* zNk8GmvQtkzufa{mg$kPflK2QJAtT3#uuN}*gmjTwxrWCf zA;*m66NDx(8E!r#8KTfj0)%0}r@o>FT!T*DJHi5F0MKrchiRUxymdFJr_AfUbz{|2 zn;X4#m#U|%G2S{k@26&3_5^R8Se}|`Z7F-EdTKY`tK#x&rsYiZ)~P7IY3--zn}Tbm zbpVPI?`a(=E1Q*SrsZDat;^&o5F6bIaVaR}C_KG4u55O0!7Mg1h*0D*|IY2kV2{Yl zFsJd?_@VI|$QoRGEHht~l3|6B^OCUXBguyD1Swu(CPj5Q7dJZ`}fUP^5cK zJ+Dsj1Ru^(g4jD>7?D0w@0q|f^%#~lBt83sEhv*9zVAaSD4)9fpGk4v0)h?M|7OK(k` zM1ldy=wO^KDTN?U&ho6h3|U117UN1LU*tf{qY9*JtsBP-L3}KK)HS9`Q;{V3c&?f| z7<|ZD)t{fNemY&m&udp97{=PRtPSjZ49@6y>r$huvPSETXTiidAhXub0FZhjdt%9LG zB-YAIALBIJpTX_;IovLj!Dk@av-0QTVKOoh>pxOauj_gIa7bajadEC}s-2j}c4<7E z=HLK1H$|Txd`>&Y46Frp@4L+!@2JFlNM-bsLi@gIh(Splz`qukP z@V*`aLKWvw&GiJkiUtH(29f3U{sh}6*3y1eJ6>&u@mGYxZb~h0(v;&lYR#^JcvER? zzU04(9A)e#uNZhrC@w7mzPI*#=x)}rdMA>2J@2h>?<%-IhKH_js0qK=W+q6g< z5}j2|>htbw^;vyjphJJEKI~J&GUo|U70&%5Nq+7MMEivH2tRK{ruyIcktjvi2l-L_ zoDCjT(Q)u|YPYKB?fL#_C_}TeMyi1ZjtCaoPpWReq}u$%&~S)QWQ$OD?T!}J2pnB~ zR-^F*9=j^4@IN6f{{AR^Y;5rE4_U*KZ9Mu+>*?*8pm-@ceoiB=(!P6kC)@WVL~_Hmn|Lm3y~ z{FutP@&nbl-TbJ=y-Vq;=xuqG(J8sM@HVy44Li&!uP@0*XM0+Lr<#&_g59190^06V zjX@|Cvu=@cZT5*@p|*M%Gj{_7g1Z zy$bs&>{vcsOWZ*w;zuX>ElEn;e#o@Y->Q|ZIe4O46#3G)_Iu3^$*WLqlDroEO{9r4 z8vM{27tZ;D^Kx6e#eVEZzWS>+DE%1<5ajC(eiRGN7ORz3e@X?7{pwGTWP_AFbn4H& z-=)geHOws7`m@F3XkT(N)|9UW+z04j%s^~PEBTTD04I<7T<}v;f5uXt_U+_HweLCr zh=^51$6_C*x(Q} z(KE7%ClDRni(O(`ng>%1LT%uOW|UKkaZq0LJWeV;tB7q9{fFq3B2to~*&9U4!fjC} z2}-ffcXRPW?AbE5keT-SW0@_Cb-hD?N&ov9#wESHt!nw{H~8_Aq&n$k+v^jyrpnt- z=Q-tVsubNH^?cyxpx)c4@bAi7&u?~0`;>ptEHj6(uFnESwQnx~_TyiCzfU(Xt$(pb z67BY-@h@H=#{v5nH-nb34;^*ehXeF4J|e0(#lPrB?Y4<7Fq^V}|00tdzv*AxOdaX{ zi&x(T_aWe(;$J-ftMIXve{rAwZ2K28)rZvnOU?i9$3Ax5k(AftsT_WO%a7vciQti5 zUh}1z{o0RANwxXuw2xEcsq$LM6s&C@n|_gYrs8kf$NS!K$?K6AoK$&r*~Y;o+bxYB zPEne6wAHk8D2qw7`>zpFF)d2df1M&psyVItuek(}E4i}zuXaxS9sSoAOu0K$Z8Wwd zeg9?q4;Yi4)4oqCTLcKSU>prm%!vU4#}EJEcFdOL$Itv(H^b#WOp=dIel!PfGVSda z;=gqRfS}BHC7Eq_r(5v)Zc`sshu*^tuM+S4EIBrlqqPMQWw!V2rOwvA$476u=r9WN z6#qXN@Wci`NCP2+{w`)qp6WaojKUf=9?(rYbm3Z9c*OXQ=I{x-c%cfwQjx<@j%rq}h%2Rjt* zd-T#tuPS%)Dw5OF%e=6Gb!u^oeUYE&;x`f^Wp?pDG%2bH@fdE>$2S8hzzMdT?aILg za#SgkAJNJ}ezIm)_9kYa4WEnUGsednudUjp$;vkAWE8w}4`Y^>q0HoEyd7=Iv{^8*IT zY9dF?ILUs>s@SPZ_4vNZL1|=h$8!3x+prOKW9;$$QpWdHB|qx%y+7Jpt_A2y@FGWb zNI1!t#syy|`(LXuFEu+G^Do{+Waxh#HOP30{Hi^7kfSWz#Q1)o9^V6BkMGSoc5F=c zzbUx)7u=Vi#Ag2sNHvf@St_;rU+Z%>{h84+^JQ7a;lrUWyR}&xT5nuB!lbcc$agNB0EN}GM=)y#)G^k56B z8eh$%qM2OjPF_KB;!#kt<|EwwY1|OOm+|1wOO@RJ19B;A(LzC2f4c8S-NH2e>DQ8^ zn%Am79rcyfICDHWU-DZ1fTKT+QNN>Ed4l)vj|ZiT=&9PE{MXZTBQ`+;)rd1xBht=~ zooqHIt^ay(vO)WsAKU)Jf8oEr*oX|CiCIghKfgOa)|HJ~DgNsuYPY+nt9di^XFu~} zL&(wE-Z^`Xi^_i{XbhCtqXKm zK1$l-{(m5H%+I#ISpTc3o=)rp7>jkl9FGGP4k~A|x)KwP&BZR~^FnzE$ucc*ezbA` z@42%p2VtN)`lF}mNsSW01~olG?3a91=H)oPTIS_jv6E`Gc$_lF%7p#(OG}DR)7E&$ z4q<=^bQ3QE^thDxjU@a=$zbb;rT*Sp*&i$>pkFHdzc}I7n($9h#@?2pB>XXCu+06p zDdzsP#md^3l0~dN(LSse#g(=1E!MsdXW-j0^0?koIiTQ1@?_0gK4^zl# z-zS^4H}pkPK27R;u-!qO<-7=WPHNJIuPTBlANPm@gWx;#%E-xKun9*GlLGu{re7PwfZ6wXjzkFGD zsI8%-@Nd%RT0V5Qk!x(k+Df<4QM!$uKB3!b+KXQBy^cs79ol zFDo`%lYTz^;ADf8{kP}Ke&&V?xsb@5FZ&F`p}Z6&PoHly-;_YT$D0zUH2%O#lBNh| z&NtfgWhbz?#qAB$NoI>;sq}267Qq4&hbGXck&A)ryn1<$Db?KC+YR+B1NxaG)>X#3qZ7{*V=^HKIeS@68Y%l zw@t6pKS`z6J!H1&HPeFUq}QZWcs9MZtaZRs^s1E1t?6|X&2dQ1KQT;Bdj0yEE4hZ` z1EJS_Y}GR5>)${?z8;70ieAqGqBXsq`Zf){{wg2S)2p4ceM;@FA+t@d3oUp~dJRd1 zXVYsw@ts=Vtci}UlDRd#wsOa!gI+gcBAoPk*PUEV@`2Fn+Aosy`Xdma*KP1c(d$+~ zw5He8cp7?LB_Gq%Yb{&2lI>IU>Q82yUME=aob)<46`oD6nNE00zP>Ti((CmFE_$7X z9dXj@A$M{<$p=EO0iP%7^r`|xYkCb6?8M$U^|7CPOi!<;K1`)oHkoaD z?b>3(bJA<0e00LI>2;wKo}$;QlDV~f{b|07US6!6lU_HtleeSPY3b!2-?d*Sfets8o2FZzG%59V#GCRK!kuVoZ zzu`qBEG2wf#uw&#X`|#&;-ToL8FB;&=%Dnw0iIlxx>xdAy}hDe(tl9>xtl&kpIY=8 z$U&{p=N;Ir_Yv@eu3cp{!171>liAki6D)X6 zeLgr9o~_R_o$$2%`&v;Xby5EHmt6!o3oGK(=ZD+XEi=ft`Ex+LjSc%k_`n2 zB-;k>71PfKiYy^iMQ=3YM`*P2MoR@r$maHUNzF&bjUJNfq#uDl|7OzAoYVdrdr{nd z$c~Lp8h*{205=Dy_WYLxe+e0^0cz@eBze>b^fy zZ!4z8IlfUS{(ijCGB&cL%%}8lHK&W&oc*r{?))mi(h%;0p($D{y%}GE1mu%2}=l|A=v>sr5+>6h{^E0t2wzS&w=f6My$1biE zd7VVNITi5)b{%p%@llqV< zuPO6?N&6=JykJezzKx}F?Avg}S_$QK;IW^0ge#;Th>(__LnP6*Z)xHY^2u?){QT-! zXfhEi@jvmi@~u|6c^ce%fP0EO{uz*I&91_Y{f%7waii|8mHz9vdL`2+x3a2 zfouM5qkOd6FAjhe4{@Oro^HQncC}xz<4<#43hKr1IQ``t+{xQf^R)i5+y1nF$Fe_1 zQl75l5>!P|OYEJ?{v2aAERFqXlWbn=@h`_Iy8N59YgOx7kAFF=)?t5&1^)vW|GsVE ze+lKm|9R9!;eQ1HT=-uu6{okK<&u=%elFmIMi>5v?FavDPrC5G37e3LzdrxP5p5iO z%fkL4N`rl-U|(-MPT?}5q-Awv?a8t_Von}B@UbZx816=O|Cn>IICx+ZUX_OT8Y%$1 z^BnMII^mt|f|n*x~C#i=LFoEl{%(H%ei9Rw99B zCWa(uB`&2_8^aMMhH62pMg~(VEuROYpBq23^&!?5^^8O&SgG7fVY4K6t1dt7deZ$X zERH|(FGb2G)K1Ck^Wf@|*XKUe6ilOUf0Ly2@|x3-BCq2luZ5hWzaLEf4m#JP!fEBz z8Be^f$-;iy;|lx31p9j92MVXe6YnGgDW8&(l-|!jkX|rdJTYgkIM=raPfAu)t1EgF z?dC=hAkG9LOWLe&U(hWOWnWpeiVa*kzDU-&IgjNdz0@6HOBUPGeC<~S`w9+foIeU2 z#0ne^H2J95U9J#YM)*vxkXqkPw5f>pDucuvMkcw`0Q_ijsfE{s$V#mD))(0J#g!b1 zgh&3KF(Lk6C;&~F;=vh$~4`DkKsLRLd)YfGWbqSEs@maq$XY$q;3__ zKV9n5er_OobwN&oJD$y?qjZvJoJtCD4$LNfn{~2HyH`8fl;B0$bd==}nC6#6b#d#Aqh);^%U}w{jDA?<0_JCdwb5l!myU zOX_%16AeiUezqz}+yp+2N!O+ND;7;QAtJ;a{9$zGhy%%?EX-pnhd6QWRdJcholZRt zo3{&nkM@fHhgpsN*z>MSllJ_0%F^xJge_3Ybt35Q$6xO*D8S3K{(7b)+V(un_;JJg z!qEeq4|w#SknSWJ@;~|O*{`?q*RP^>+wz~!n>1zr{(3)h{O0)aQI1+n@2`LJFt|^` zRHXRp>)*3k@0h<@p+DQ5$$a(UH~jTh^E;JGlKdP=r@DA!^V4U~m0 zPt2#6DYS_(OzMLehr8B)_-F;3nEM5ZC%hjeGnL}e*R)b7nLU;Lwci>Odzd|_vTfVn zby9pIZ&FDQX9N)XWQ`A&NV+XQ;vbJN=T=WQYqBYHk7TxbG{<_sav#P%o|qp4ccKo$a&76Bn`} zSUZ^3c;Zzu+x&UTg6Eun|7$8ddpyz32~Qc1Yb0~)@x&mSWA_!tVpP~Uo;cc_{0PZu z#}lpQ-}}6}SV*SgO_o2XNLGQFQTF96prqelQUA6ko7-Qs;zJ*kR44uH{XmCtKZ?)~ zNi_Fwe!~GWD(FPDew-9dBQ0wG<^b?>&|nd2pSr)o-9G%`J|DfAY~SVwwEe_hsrG#f z0QR0S#AKZ8+JCm;t>0?j5=nKnPhS>j?omBuz9l0NM5)(bD4^P?e21_J+!bKwj1Rsl z6+W?9Pb+O!JB&Y=mkPhH3;uDx2R}0vesk~!Q-7yAVJnV&wDLDN^5p$4juc^t;vUtz zDu&H;CwGwKA$Ib$?&JiPB5{X%eXtcjduG3pRPjS8kNtcBE1~V@;Z*S3_OqR|Ce?oK zT=6^h^U7C~QY#noiTyn3Xs7*r0SLAcc#OB-vY&TIx>J5^`?>2Ci?`SpMgI#Va~h3M z2J-m(T=f4pw!>*Z+qsixlbmWl&HV#Tf4=`?i-g1yulmZpiozFRT{MN~1Hu)riVv^$ z5ZFPhxckN0vu9_)?8;IiR@)`x5@$AP(sUDfH{%f}^UdnM?0D6D28L$$wee+EqBtlo zM_XPq-fn{;>*4A_;yR;) zE6JZ6p1!f%QT+?N2*;0g#mk%Z|4kBg{VD#l8O=J0461_d+JF89|M}F^K-PhO$5UB> z=34!qB8EL?k$BcB#{JfL1e48C_!FE6Xs)-Iglpr(ym^_%oOsrh`xcY@`G72HbY+dV z6t0(|$7U5ns3L7V>&$z=xeGYE<5};JI$OoFUa!AOpecvRtT(P#9fKKYdX7qL?NUo9 z>9N$}=obEkipSqghLW~%r`{>4UfgX8et$Ow?fHiZB;kvXCQ;@?ZGW8cu5*9Q;5!zG zen=R~-9W$s4Z{#IQenJ%FEB(u80(tbYdCwv4Cj_0Z?&-|M@9;&E10%aQ~z*vUW7Tm z8N)}{_=dVFi@u|};Z!H_nmYsP2<{W9OhBnVrVpi(aPv*L-EEf~eKX;=kwm9HFj>Tu z>0nWXsV}%x0hHyG&$4cg(aq9E;hwO_2RO^pCVc!-F$;lD(JYy2T5h9jXd z8F!+ULf7ukJM6mR*R3wtH=3~1j@SMmiFSWs88E%yW*NskYP)Fl7{^KWGz?Nb#*cq- zacC;GATFWl=6v2q?&MJ<|HgisKfY=yLX>jw?E;LHa;^R>Ce68j^{xh+c(o8k3sgS8 z#$-vd8P`Ae?P%6|A)Uy(Lw|96gR z#J{i@+W!U0e*E8h-J1RQzmjV6%elY!Ftb6n|J#+gE{FdsMXmNZMoZfN1wV(OTZA5` z^?&X8IgTr*iECa?Hu38}t0ulBhJ^D&fuI9y#-Uuplyb>~rCh_5xymn_J!}BI_(A-Z z@Jq-Uj;+$V1&cKudZ+B=(CbOoc;K((+F!g3dDL{>MDnOPq-}`AIk7=9hg2+^!0ZNN zUrqykqY-t+Uh4i&=9H>R_UZi`Rng<={tgv_)BULfW1f75?(dT%K1%g6smpG|k8kQW zqy)TarYHejBRO3B^wwUfx<6G#IaS0bnr^KN-I;eu{|CBe|3_ohtlbO&Xs=FNpRd!O z6>196i}+w8I$V;mKgsnvi@yCN!NyPQ0~=$oKChb&&ZAFTYD5tQx#bNfT1y&i@lgSAcX1KVN(ufUWuYfc`8V z4d=nFHy$`t@1ya`ON9ZZ~lh#vm}NNv%dePg%E*|&3jj@8v|SfmBQZQn>$`mjV&o%CxC4zuQe=4wgf z;%l|$^AvmJdFF6-)_-_bRj3x!08>YcSEI0rxz6TV`#)Qa5Bq%cT+-Mz z&sOc-j?qx<-77XG?RhiXUrX0sOTX4gs@-0D|I8vPaO|IXz_Ke!#r{DlTY2v?Ye;wA z%p^B_=>VGofO?4^*)*9qTVH#iT(Aj=6FE$uRSOI zC#hm#K;Q@c9qXp|+usQg;#c$NRVl-W*y?BTXm58+>`q)@wb&Zp+5Y7pNOSp@YD4FP zVq^89N5j7?DM3Y*@O7t%t^1u4 zIyL!aDXwVh9uO!^uAS+kX*=wkIn}O`uW=_E7=^@Nw12%He=Yl&q<$YtVHtg49+f;D z0r2$llqV>v(Lu8L4td%+&((gXJdJxiRi3Wtm1M6!SLzzPRkYMwv0LC6;~<>L`5c+{Ivv2O0wrY&Uv-+eXLyt9 zTKOk`l>}Q~t?`RJI`TYb$uB4>$XB=^pKC%+kzcDl{oL@K>k&^q>VT}wR<>kLBdyAQ zeq8I~*hN?ib9AJV=ev{7AUS0|%^k0E(Ok>IPM{=wd`ax6n7$h+>KY$Sd_@y4P5i)l zlBCGjDqd&BBUbZFqkMwowdBz;KKeE6YFG^hA?^6cjsN{mS@=IgdGP-Q^QQ2B9sn-< zpL=<~`2S6k(&L|#ivKvtn+E^EZv5*J%T)YZ^>6E*w6NcHhr-@3*c1Oi;hO2WBJx{D zNW$PfqGd|tPd7qPFxkg_@{+5MOB#=)zvZUa_+*XKb&VUaP>No+Q>Tkww*gs{B@MsF zNK$%wee!S$zfYIEY3S97`W=qI95g8F;(qae zT$0k`-z^pYsggGh{#DfPz<(7=n-+h!|0jdpZ~i51Q2s`9jcP;??kXni1xota+snc zq^D<&YMcu0I$SsI@j4~b-D#TXvjw8lnT)@LPGL}iIxMg&IT8C`0FRfhZr1zEn3(14 z!nZ%KVlkPk5-?{~d%=d&sBn}ZjdrSD%;;lsbDZT_`s1^-GH z{PTVfe!o=s_ImD9_c?Ia{*PqdAJ0CX?&8@+STE;#?tFLh8ItT+&%Mu`d?d-O)^p{0 z*tNL1HMdJxTF=w}Dcm&UL9dYV_Ik`Z6gn}4?Ul+Ul#QzXXN2z7B*j49gziay)0&^? zAqlp=h#{;j+Qm4xBNbFc_Hw&b-+F6QX*b4<4k}3W4N)3w=~Mi+{?PUKW2rDZFGU69Db4EXKVgl!Z6%3*M(843%V#n>Tj} zOp|0ms&<0XOo7l|vM|6ivs|Dd{OYa!Lo!Q-8%jS7CCgiTax%-RKf0iJCCjemKa=jQ zZJ*3FUvddL@e}!GYk!g-x_{Rq0~=L&%XFzscZDO`Kl_1cQR8q8Z6uIPq?jBmLZDdbXq=Wz`Vhjj15LZ!$eo(wQ077{ou( z>7A45dqiR6BmiXr;tO>84ldTx_3v<}->1`8C)4AS&T6h%ej4ePztM_c4^j$3sZjl; zAnf5U(sWv|uhW!z&Al~I=%yQH=bNw8X52xE~ zjeqqd=XcrjL0tQHA5Fk9_C>g`CJ?*6fb(LnFW|!S>kCHvVq6kMvP_6vYhG`4liY|@ zBOjyB-$yfiv6<|x|yd4L`TRn5^@~vOeejmz$(^06iz!{n57m=m;*>Xz*{?? zY%wD;!|UJft7|S>gjvrBct?CGH;?RE@AC$B50Cc#&=;2)zmUCiRANpgraAilMN7-jzWVbJx3$Utg{*s@)wcDhv(Gm%L=*~fK zO9ieEv5RsGVbKm>!=5(2*fj2!d3(|_U&*S;hsIy!JP7X{nRKqh1$IPJ%j9k3Enm?R zZ|&XWDV<#$yKRjR^lNB9W=3gEOW&ynm3rsVvd4e+-fZu(UA#h5*{zyhB_fb{^-bV{$3;Vgne?GE>{YT zWJQ?!f9R3o|6<^%#qtS?c;EDS!h8PUtvv*0h4+lqAZ=mn+iY~f+{rDV!stm9L5K8} zHp4NP$(y}S)c1KE_6VvZIbRcYMw0h=L2W6duk$i5@e0HSb@Ydu^5inFF8VUB!kaLJ za+w!KWg#7bJm>RVZ$8tE>pK?5zf*0f=f3&2C}pr)&44N1yVZ5_Gf|M*dT-rIawHD! zyH1p5via>*zNvS-7+b&oDX>fxsa@x-eFdf(871i1D&ccdEulmQBFf}mX=&fJ6f^C@ zO9)v*a0Ft52o(QcC4bNOzxJ`)79%)^PdyC~9tf|#b||e`&gXrHPd!}Y&Y_C{^3LOe zr+Nh_5?qY9?jj4C#t3*|Pp;&`Q4x+DpW!Uwnr?QCWNq1u?FL&SF1mlM7hLR-Dxc8 z8K*&uJgpL@S%rUR)3Mu(f6^?a4C{?jV7-WfjqLcf&Nzor7I<9OPWza3*vrPIYSJGUFs`{XGyPdwqSLHJNuKa z>@PX9FOuvDH;0Dx)A|!3qhN5l`Tj@ieYaD0#yG)kJq2+85OB;hcpt-^h%A*`?-j3~ zQQr+^?Hhj0^v80yvZsr5qQW90U|c0Pcn#&+^&2d$5(UVv8BiI#QSdmYP*hKhQ1Al6 z$-4OmPRtLj^vk+Q5f>DH=kw5$H~P4uZ-BRMx^zMmn*E?D<9(=IDeku5LE6QZwUD<_ zfvU*ZJheigoRGK-?QAiV^|E5)l@m3=^TmX610ixI7#(eX_NkI~Zy`NHDPS_V`z$Ae z8wR-oEhBia6j7`}YD=XVCyMn@Lf!`|iUq4H5OQiER~HB(-|=G*3#^CSqgO5Q8QlK) zjBtDYT=^&ji#(%%MV?VbVqxV>L=-R~$S64k6^~)GuV`oR4CBs+C=%60R4O=< zr26&5(azcvrv%`WSu(V|Z#}NoGHTE8c??>h5!ASGryJz@fW9O^r$1wHdGwnEvNyk;(k+#wn*8?GFe_kie$H1AhOY@`-e!;M6RFQAo%zje#tyL zmirBPIW8z(6}x&F_Ij+6@)Sw&b5Wy`dVi!hTZP*CONQof6!5%^tTluBdS{-36np2@ z<8$C09nT9b(-PSOWe{HGn-YohC%cVAG)sN4yR~=6HG>I%7&N%q&cpaw!|2A1h#h@Vx$ce|5zppE z#LYamB$fmsUnkzMry!j8ee91gwfnrf?=E^7ZcDj!A!!lFYtQ8}nk{-cHV`SaZXxwY zW-6~`otPd9`6HD%BVvPkiPwT1G48()3H59s)Vr*y;%L)}={jZ{Vu0A^7 zAE`LH&>smLU5qT-Z8Kv1+!H1lYQ4Y==cm*@pLtt%AbNr?dIcKs30}FkR%}_B_suQ^ zv9lM4_mp^N9wnwV*1z%s_&6r_E}v&d%U6AyYxYhGbzO)-!J_QWoYbRi_W1=K)z$W0 zS+jSf_wEMI4t(B{RZ|a=KgT34R&P^w_H8b!8PsKXsrT;X9xh^(EK|-bo86^L&EBEj z+7AF&v$rDDJF-%)q{K*1Iks$eR&LgdgNmjeCgQ5<^axJg#~ZwNJSKX87M;}3lOcmw zF=p!4%>;2BHG9jvbsKr8LcTmzku$}3(kqHx!^1yBQoL`T9Ph*f+k44zyuez6O50sv zR%dCyIY8PnkZR6Tc2w@SHS!d(xKXojeYoMp@SY;?%#ZoTtn;tuD|+c`$pz~F^`hun ziaKh#)>YF3s-#)d(Syhy2UV*dFwj6u`O`H_?3IjrM832ulfY+Eppqrv_ZOl zdcj@Bb7up7DW4tKd?t#E-fQvuVAN(j!WwR>^Jhmm)%8bsQuSv&I4I9M z^A=ta!G#_!$5hf6zLqb7OZDkV^wqTBDj_W67~%H7hX?Qzy1gp;oZPJ$C`$Nacgppe zer6Z)eX&!I#Mm2WVziV)bEmq1ld~O9jc-$28+4>`?BC2TVx7R15yCpM&FhrSLDyq{ zHLJf=5ZbRVpD#Bj)9H4^$54Z=c52Yo_3<&{%bzcUuCCoCpcOpR?yiTK&xP^FC1ytJ z-)|yvxP{0E6!`BEIl_U+`D(@Tg>Oec+LSLa@!n}A_M*>L~g&*rpQj_5-l0o zVLlheZ|`_u6#41TCL+&M;J>Fx^Jp89F%Cp7O(N3V;lL2N-a_Q~{|S*B9Efa{L7S;H z-b@f!{hk+1JEDe@2n{(FjSy27T&h2v~QMw!or@lCjO2O_K&TZnY|pAfmkfym>N zZA2b0p9|xc93UdAVpDe{i_Tp0g9}heX98t-ZcmP{|xJ1&tUUMEc`rhf!*s*=h*0f zS6>&H4?v;T96-8SfP6p=+z|uP%>l?tT81EkN_(fy*5++C}zB8h+1q;Nvo!C(l-%fS%es4pr*zLm{$h8Z+AO zgBdz6u68jmg<;43WI2Y&3}HuVKkAJ~)n)emskpCK%iG^Mi?m~rc6O1>WJQL;ABlLw_jPcKd^_?d6&a&OV1{B6r9UEQ6Ft4A7$h2yqM4Jxp(l3`P{J^m1kgg=?(wjjy#&r z&Aq#Dw>uijr|tlr2}Wowwp!3K4}-=$b{G>@)XO3Hl#NwZ;k`MBy=Aw%aq}({D=VMM z#W%iCY4}K*8#XE&y-nkKVyjkj5?<>rQhA55c{}ZJj)wsW%ri5Qh~I))H^5#KljJXzsTKzwD~6ou1od#yTM?dZY&o);&o{r zSZXkfRWYS9+J@Im zE7ziIYei}*Ckr$hqFUP-JF_Rh++;qEZ$MxCETb$u4Sm_@>$R#)fadUb08F4}tp9jd za3iqVF<(Nq-o#T>n3*QP%A*(bqZISsxUy(dQZ71~s%R+O-e^06k82ZVzQVpK=A4sq$>7rWa@D*+{D# z1SOxjp1WMTGlH4SR9E3PrAoV-9Ue5^sQeQzu21zDm7J?6fyvepWOuiQT&(_pd^hNJ zp@#fK3-Z4UN*yAw4LNKGgnUG%)9kM_P%Tb8M<5rof97P09Lnrpi)qj6g6ec?S*^JR z;y@oU530}O)Vja2-qZ@^3LtS^n=6|2IeJ5j3=p?PT~@opH_Jr!hJOX=L;D73F?XSU z6Xe0f{Dih3fvj7ku0puJkmT2JK4Df3cxndPr5n5%EA+}ySj_NFhZlT2m#r^ zVC8UJx}#&jEwJ1be{6(20CiPriQ5k^m#xBg;kYdOrZe!Sd{tptbmCiq0~yAOlSn<9 z^}8ZWq+0o^FMVq&3wOpy(Cn8Pi_rGY;rLmGz?zWM>ALbj2HMOY5O7Ns26 z;_#~SqTEx|aD95osVSqvb(G{1>tKp~;Dci|IVRx|3!`5p;5mz6M zVjtP1t4UQ0d^A3()?KgBFqF;IM?=Em;FwecJPl5&I3Cb6h$#UN-yeY0+?H(MFiBLn z1QnGl@RFACo)%0GQ$vBZNtr!h85gt1m6&qgu)?J|7iGv(CY`Lif0}I9rTdkVaxT1` z3u+}D*-if8*Zbj0E67SwUxU)fj<0DPSAV=toq z$bqZycA5Df*U+z^u0#k2e;G(E4vO@r=qH2BAN2DpxMN*G@L0SvXQ7L$Fb@x<8lm7!RB#6@u*U{8$_)VC z?Tr2R6iqr?I3$$4>e6^7_^Ej;7#3-Hx`GY65n>V2w4!BDq0sVuAa!r}MK$FUYF$%K42x|e>qC~k*qjt04qp$58qa`PJ z$82RWxK3q4T@t#u1Nz5M5|4T8Za4 z99{}H`mp)!8$3M9cR}zlr0+qX#o*z|esSg1!xNiUs44Y4QYu2=+=C&w86g*L1H};4 zi*RAGCH~PR-Brzr--t98clTT>6=#tMYOz%j94E=4+B@FW{(!AB!7O0@L4NJ|?3Z`?DMg zQo@EmZT{KtiNC;KicVt^2z|%C$60J#p^l3q&u0K}{x+5*jBt$giHL)XcU@Gr90G*c zvxeziV`&1_CPtk#N?})AqbO`lLlmagA8xigVza$bi0ecpTuv9_vKWUj3|DxY=>djf zPi2w5bbRz)SL8mm=eKswBB$GqXJ5}#P>f1gdX?iDcKq>uv*o#gP?wfm5L+uMudvKE z2z_Y_O()MPiS-2pj(8j9zl@xRq?VWFdc)ti3*UEdIF#-#{?%CC4yb|)9GyZjkNWR% z7yeQfotke1zxvS=S*sl85cv|#=%RL1#_}NOgr7q#`~Hmwf8z3929^Q_x;@rKb;St% zDj#ivX4w@^cU6sm=+1U9UHRd6vY&w;r5vT;_g2qRGyapgnyl8~Yfsq0X*4#-Xmn{; z>g(?CbnF+plA%F8tSa*z2RP`K`2$GQjXv}2$#{o%%`b(2CgMUezH^6}&*vk23KDbX zy@6-s@#kWz94%Tij6c~uarb-}+o;&{a{ym-$N`VM{gRBu#^T;W3=Y#bFL-eyCblq(Yv;R;uZKjN!Ega<5#-n6A4 z(o(WsutT5%>@adB^Cy5zIO$I>i*zYpl?J}tF87!eX#As{g0QQ=Kd~M5xxRLJ?(pJv z1!W+fc6~8t+m)7ur?zudtSoQmsWbOtpCazl)=;eGSvaofqRf}YT{wMk?05j{irfI5 z@1{Ig@pfO!DP|5h!IVu3A2J_+0J=6t27o=~dZNofm&2f^^$m1~2Y8BWee+yYzMP$j zcz$p%P#zRUxJRc(1Kcqno)Nf4Sjz|%It$}Lt?#(lgIJ^BKIjcE|~$u{4fH zG|(R3fY|4tO)runN6vIbuw~XB%6Uf4h)nbzErL+RKWfB4Hlij{zxBW>#*VKS=oT&g zPV)I(-?22~YBj$vY!++|-cga=12fl?RHhg8}HhiV}Isv}FwmJ&jd~}S{?;_`M(Rk0S@?jI^gS-48HS^2ENc0zXyMJ46^a}7sPj3^mnhm zPQc%PS~&1$uRr4;T+uzeY)z`Cc!v>sLe}Slfq|F#ukj#84+>Xr@lNE#z;hTe;WmDV zQo#B&nUh=ONS_<<4pQ0GDKQ`M4fpZA<(Jdia1kp*IO=L70CwR}8=n6IlNb#W?Ol<+ zuIS}(6Q2YbcsstTtzImV77V#?w%o0emSHB0^;$ot(Op2x3FNKZ}qq2B#MH0Ki#bp-g15yVC$%JOfoj@?m}c zym|KT!QTf1Z2T3_1fcO(uCEjDR|7>{JpRAA>qq|Yf^UEWzGsKn@I9}u6W}}lXy6OY z`aSr&qsYczdk1{SC4=ujDGvPgTffO3Zsa>|>K^gUjsiNqM)F7PgUAH_36W+-uBY%T zdSfhuRI~^(LB-meWnw2+u?tDzt37I+W;K)okw@g<8qoaeqEJv52g&3=mSq2ku!^kX& zH|{HCnW~J;K9|qw!&WlT3MAP&Xl$vZvIGRmBcSfq!%ox*zRW9+Pry&Y`gwwcR~3I{ zgmSPP1qQ=VOaBStE_x-n^yygld@ajYElCkmX>9BzAo@rOeD2<&RX)u>Ko&+ZyDv$> zn)8^fIaEn?cSj_q!97@l4~)>`Tz?`1&4-9#>o`4QT?Hdug6r=K?mxy@5oPgc_Jb#3 z#@a?jU7a&N+_J>!P=$RL%49S`_e1lUz-klX!zt&3T3_eZ4pymlQ0lGn!UEcNamPT- zAmiqxcn~dnxulD66a0G#7!{C-3lz$#-ZcWwWfnLcn+?u$KzoY07=N47Kr5?(r$sO6 zSXvtF?{lyNq?pGyvw;U@YJ_5!+DwE#hrXtm&vOKufuahlfu9JGb8&3A2N|fldTMiO z-#J5r|EK2Hj*g~4rBEo#ZuUP%l0ml(kH~_;j0tbwqxS@C=M$kmb|=L67?sDNm1J=~ zMu;{P>bYp*I~OZPLaYy5b@1BUjX%)mo2zLv0O~+?{niI+ikG!E*1QS*1`Xi$-8D=4C(ma$G7uk-2$` zn35uEsJC|&zUkU<7z*A!Mlcf};!vFpnP#dKK^W4V(*>DWAL@l5Z3i75VF;4>5Udrk zZ)?D)>gY3&@Afk4O9zjH{4EJD=*RdA=$86q(QLZHtx7|?REAi0WCc|O2&QC=uY2$c z#wGhb?&z%&$PAU_@yHMYN5xMrCf?;^ELr}pW-07<{c2+yr)eVTD|W_&+QL#B>MBL0 zuIM;u4gRb`iNVxY@F8k+@dpW<-MvPFvy|tLb4N#FMJvxQ6(F~PUKyL4=Z-!>klfJ~ zD(Ja9-{pdSygHlttRzX3flgwvb))NAk=hPV#2LkfVB1nwnv39Vs1z!4_y=FB4k1t* zC$vD-558AtCz5nEds3`OM@-u!{Owfwi?@)4Rb0~M!oZWCyk0`P>+kGEi(UIk&bNx z*SAUaXM@$zlHlL9_3SoC0JPWF!~WDJ3H5#3#P8dx@7)`|P4Bnf{+8p5mYu1 z!PY<1UA&d`w@$5Yqt73L43GdtZ$UPWh}dIk^Fyo zeuOshcm^YXfPW>=9A<1Y|$f z9DPDN-IJrxCn(eOkgn39hV==aJ6P)kha<8aktMxL*(l zW$0*A0!yIXQof$iF%X#Py!MI_D#R;0w1-~QuBwd?2x`Gl!9&u?QenS}Px z3QLuu?bwSa3T+v}^OJc1?xG75iqZWK_L4ri`HDwg+(YcxeR8~EU!OcT-V~roI0BdV z>5Dd>$^Qu0@eY0_e+Pbz%DsSu&L$Kg+=XEGAy_2QQ$#t0DCNQ@XaLFUdvI>IawHRJ z1NNTE`|#d;4}VroObKk<7C3;gDy1FVf*ewqd*9gv3H*Ed%QtW81T}4??G^eBlc4??CeYUYPpu z+|0xE!}_{F^54SSWk77IYRWemgTh4(IbOg9kmF@f?C; zjBD5igpY+*)(CxtM{rGlH7`&Dufq5Ffu$ec9%D2s7BeIC5}uRGLK87~1Y~n=@@eg_ z{D&%l>e4-t7t|a zzN_LsBJedv=CW*LCu~Xg0pw@$%?=D4?!N@R1@Dpkj0-*hx{J5@us48@!F%q=<7z<@ z@yud6H>w4#)j0~GnDGwUjqjYdn3KR#v5%}yM|1Uc7_m#gKa7Bz0Q%^Nw?Y5o{wjqV zd^a#3TKyMFn?nLL)A3(`o*&oyw)aph7Bznsz=YKk7!I=l6BNJ#CSH3!KCU<>- zXC#3S8h0~ESCIOqCeT0={OdF|sdkF`d4l#&gJ=UEroRH4^*m!@L%vI#G0Ohyi7eA< z10p+%i#fybzk>p|P?$qhp7#`bd zqFKE^fRGwFFL#rsSMx4fE8_-_M1AiJt(4U&=LR*h2;yp3Bl|EowpMQsqegZ%RI-Bx zQ6Zal#0uHNu|)KhVn0IfgjTgP`>Ot#uhY6|_s3NQZ3GBDVt5ep_9T)MZS)qt=9^w- ziA{^fBP@E62m2g_pVakOAOfy%OK;^nzSG=MH`uWO4Q+c@DuQqj5{=ZIRE8L9+GFi^ z!!qX%BUe+K`CF=6>G!lDIQ#x5{|-`VM5U>0)WM7Gp-p zUV`=je_{0nvf-KSQ4GqHAmz*c^%2mmH{8Rq({b!Ku)2)}rL=TK>8OFVB%B`K0&I#s zx$|(XZGXeD9{*Bn4kBu>8M3yp@PRt4*yN7U3W^Io;XG^Iu~LS@y>K%N(U~n1%WYSB zYjaO=yqDRx_G1m|s+arhkGgUV@^po$wzw-xbOk$)TQ0>6*9oA>c#ID$%S-XK?DuN; zl_{Ix%d&N3UMk0Y)yUQ*X@0~pwyMnuZ`e8_FNGfW%d7 z1r&DByMiYz0awzgJQkJ;rC3PXEKOog$tN7 zP7UtBIORsr3MZl@DV94L|Bq7zqogbN8*N6xuwsh8tZ-zZhb3w zc*H`Z`pka2;Aq_k^WUT#!=Bv-92F)H7btIWAZ zJ}rzlwS2+#OGPh=Hj9$h!0d~h(kc;kwe_8 zF2q+lAfBnO;byZqd!YFhv}uxZ{lHc5qQpKlc;H&2@--^l^!Tzze-#Cso;RUKamS}Y z{Z!H69lV3EYt!MM%0P!ql^3VO$AUE{8Y||?m!1A5T%-P+IefBE(*gXLCTvs$k27xL z+TekFV?{qHUG!#aQgK33c$slKROwGy`VlFu=j(mJnq!R>KQkl?^Hoagw$Yb59P8Dy z9Y8-WljnI=a6u-Utq=4z)$HqRw!ahTXMzU`j1`NebkQGLB?tOxRr+z3-iwG_@I~;u zau#xoLI>Vk+$(e{?l=mE5MO0;gB<;Ir+(U32=M^#;$!1NmQxJ>?%2jr7@*vCj=nw} ztU1+K@uqy7r>ZlJwObnTS2pMD4;qftI9+ z1<*C*7hr_VJ1~*rv~pLl2KMt23Y5(mNkCy2YMptOD<923hq6(GV$U-!%p%cXtB`=R zFf0xkt)Y+rZytmwh-wuyG`J%)Oku+sj|X_6t*i{OZ{Gw;$(H^O2q-Q_reT9NEziHf z8(9KPF|-mek`6|Mf>Fscv$+*JX}F%(k4n_FBOE|>3>RbCLuH;LdtGbb8^u`lICk{) zk%=80lRT!oZtO!79eohYo*2G*DA2}^J||IH&FW}zneON&V2kXPdroXq_15V6@+2L_ z3iR9w80BcEr}1O%hR)f-0bV_*Ufs`E?bA zD52nS!$tFnbZ~`bXdMf<2+!BQY6`8zg_A-z*Qd~HG=&C+>49q_aMT^R4Ip5l(DV7d zEdczjn+)8Y_%R2_S|68yZdI?seATs8GN~%-G-$FvjcqAK(~*?D<&)uWiD2%!JbBis z$qGMlQUaMg+g$+pH-5~=(3%A!@v-?|YJ5ca3+?wp(^r#XPBAE!R#6#rJ^C4lwKwp>hXYu817`G^h77- z;Hf+KE^i`&G69FZ6dunzjvBH25c z@O~DY<|v3d*L9RSpTmzioUfweAoWkA7qSr=i3fo}*vAZ2g`l+*>1491Z#?U3hsDa# z)OqUFxqP)J@zu%dRX4u+2r`jn$^3Fn1?r52UZUkkwaH75bWmPI7<-+`XkZfW(^pw7I`XkGaQRSg@mOUPgs(G=3*Q~BPQhDu;od`NMdnAtIjxN%- zPw-=2?|=nh{;0TpHM#wa#8)4vSKIii!ntvd7QLWeJ}p3Z^E>#1l4Xd}TLi zg!VB1m_-Bs7>TOvQ!vyH`97RbZ2@S6HsX8M@>iX=Okw{~tCskV^HoavZzcA%&cvDo zigR}LY+a@5>iJfcZ0+?5)OKTHZLyXPz<{{|7I0v0Up#jk*;E^;uBf8D19QK!)?RgL zU7t|wUEGx-THiv^f1oi>i7iGV3UiNRj0xi+oVRV`=}r{n(`$5f3Qr;4B`hXyv#NhN zs>1Lt%n|yVhaXf?2Wvm(Ct@u}H=wX~GVYx4_IowePXFs>XpLrVS0+*jWIJfCM)&FMoMiZdESgtforMja-mB~*ELkG zsO#!4SJZX&lq>4G^5m+`^+si9Tw#dfx~^}kt&VXO~WhaHoTAvrur%2=g-%^j$vZtJ`^m!4b z;N1!5MO;20;k*cKIKBT^F`U*rF9Ld)iMceDmUn}xw8bcWT?#W{T;aJXR39$n}X^lN;)J z($W@(b{g>&?2S0hvhaU>A3`0+b3)V^Azw1*Byv3Dv%DasH^D|qt;&<7GJ4yhAV>*z zPkg;I_S+amDCu}lv;=FAw{CA|tV1x-|A1elp-RI^ZadUvI;wgfm&p8);bmjdqWx{j z`xvqA2rxE(!HiJ#AqCe1tPk?ky}G^&jLOxjl5|!=I5yt`+!ODM_`*&!a2alyXrOWi zF6c)?-yKr+xw!X6=OW`2j+H6?9OI7%FM&G);w33_{Mi_O2s0V^6s%I*sk`N{jV>%@ ztUD{#vA+Y~MktlFbBkN!+V{3A^<#kE?^AcQ;|Yu{V`@0bb@fFjd}XXVh7ord1Ql`j z@pEj{Rk)wsWdgP5@KxXdKz;%j@F74QD&IvN1FB_2*G?cC`)QGT6ri%}+w60gc2ZeKis*P$a>R-$r6Q*8nicq-F4=X`Aa( z7UFi8Kpt90TWGX`@)0;Ro&2TfAi6D&nadzj;D&1{5!;(61Q=HpjQQrZ}NC6rcy zi{?|>>lz`NjWAz|jj)ad8e!(Ss4oFi*Wp2v zn3}*+#MD?0q>ZT(fvzbg)`ed+iK(Aqybw%%hl}Q8>QHZusV#MlAI-+psM=G6oZw;A z;{FQB-YiV)FSs^OM70SBbKyag2s@djh_LP)NE=~o1<0ll7K0I_X@qUWSAsCwOq!3d zH+pG=-NsgqitBedY$I$uRqc8%dT?$22m?U^!j45dO(JX$OA%qaIG#4bKEd;*=i*v^ z)g*=e0bdEiR^p=h2)nDNM%cvy%h52e*l#w%x}@6(J092O%P=$~AnaQ_XcA!?Sc(XH zk>hD2>>)gF8euo_t0oaP6JH6!&cj9X5q3qPMi}!rA036QJ!m8B>$Ucj`~=tLEihOl zAnaK@XcA$oS&9gYa6D~UBWxnSY7$|m<10bfskmr9!iozt!cqm6qoJ^y4%i5L zf0K={H*jrEqge%xiN^8>t|(t$WmE=m2>}wKFha!68%!kVjmYJAgnVt&=+z)r$fGO%7;G=E@co~j47KwvqV zfqiVhJ+L1iwg>iYT$>@-ZY+ewCG7Ub@_*oY?EW4^M}mZXGoCvo?8W-tlCZDR_m+e` zRo`0@wnyJv5_XBcwpRMmd)A#N4 z{Tuq;(DyIud+bJK2l1%BZ?Es~=6!VTF>wh$f(J^%zmczkRUMj^@bAjkgLpBD9EpVQ zRucYTjG);CbEMu#buyM8faM`pb4tCD`V!BbBlV8Hw?=BCzPCo|DSdB^)c@&wYoz|D z@2!zquJ5gpny>Gzk-A9VTO)O@zPCndxW2bW>I{8vjnql{-WsW6^u0AwY5Lw8sXZ_* zu)oLXk^55LchL9m==+ZPexttcr0<{NeROW;_(=a957bEinXiIX$2L9E|2|2N^mQn5 zBqKdajr4}S80ph-T81^!q9!;Nl{Lx4_O#GUY}d)81*YMFTE+-{g6B;$v9+#8*oG!A0{Cc14~>*ck%L(I9N?9vflTA+Eqe*j!wjw?My?Kw;0~ zL6Znu%~B%&a6D~UBWxnSY7$|m<0~cq;G+2mD?ULZOwPAGsx8S)KiLR-YoCp< z*Kuu5gT5>QVIe$d5@9n~iU_-a<7p#oB%U{ouzY^iB*L(WD}?=ui{>LNv%5yvHrgnT z3Skp}v=MeYV(TmlyA#)DZ&aIru<>}%B*JJg5rh?TJZ*$^79gA2^!`kpW|Ii}FTN5A z+e{s6vsIlRcGU=zsK28^SpIGsVZ$(77QzPUYk0(8m95+)tD$#?l`k%P);eP*#NS_^U!5ZnN=RC>2)+wHx(boDcz^l=Lyj7$ya02~e2DlN z3`@`7cyUAOJfrdsxk`hT_hwu{jSM9<54^FGmm`y7bU0!MoF|X`>v)Z?T+VxEb`q^s zc?XWFQcQ9?W_5s~99qo|R*vF-eJ{xBK$Xg*8bMYE>V?PX>jLv}%nt!Hr~&ma@kDQc za=j$qTf7g)9pgQ$7xQ_-kcJp3zxjra=Xf&-MvY(bKul0M?+>2}4hjctm_+z0Dz@D$mxT5E4(*v@);!Jo0 znK+C>oTR)HCD9GEXoNl$;9zrk2Nzb$b_(oCn#!D~X_R%*RQ8nA<48%bj~eN0#_cEN!al^GcKhwzM9&(pn9?^dJU{_dl)^9SXv*m^9^!EU~rv} zPTT`wC_%GMMUIeVbw@ zK6AL%5l=DB6**QN)3woePGHb%zeiHJj$%9#Jwk_+uR5^|&a}@2YEE6$*I4tD>*X?Z zod0pG_Pzz(+%LZjN4a6RcfY$EqmOiiZC!g!=&I=;pS-;t3;`+S2R^E*z2 z>(j6HhwZ z|Aui6(LVcBO?&X8`uCv|8~EUT^}*Y03g#)RlC^=FlZ_RBQe{HSg}^F`vYzMwu>gC7aqv!bu zxr@Q*`pi_1rtr}&z>7!azX;NY;m7<$J=(uZ9{r3Tvr0WWQ+;(Bzj{VJ>Z~5+@X_DZ zqaEter+jpadi0!n^fZ2|m!i29>i$OF&%you2c)fg@KZe<_ifetmV7@3_rJl(1T?W1 zKh;BVf1-NdmG4i(y;s3H5s6WIg4peGou!chsl z*jg6cnOYY3?Ob0={Pp;I@tfzZZ!VXB4J7)ngcW~-+bDn23kL_Ie1|*yCSnU=C$8v+ z{MnB22V*;5)!kl&!C}-dy7{hp z=DVJOf(f0l?8v$k*LP5zxTxVyNVJTz6DnG!(-U?lu3{%}J_Nf1G3t`+fk_e|#2$a# zDH}1rOf5AV2liFV>u?i7#sHWKq#-1 zQ^x0l3T5tO)prO0G{9&^M>Be0FhJ?&fS@PhNW{hJUY*Y6TV=w$&~a2l0L(vj1_zMp~JNnfg)P^N~|G{cw)uhCyXx(zgdP<8{uDE zNi#zg;$#Gc*%z`EtXPBMc{E+&1SSYv*-X%l1*RfYYut{BSrOVxo;XO&-1Y)`eCFbV zLb5`zlWCh`zdU#}{G_`EZk_`;HxHDABMC+FX7Ill@u~PRURk`Nr@)J0S7-=ejz;qzkr}rMlFnHI;uMS_bk+B<0RR4=t_{)FTU?RHF`j z3m=M`7BwTg7HVZ8V$($$5pRgv6kTf!5nCSBh`1MDb4E6bh!5LnL_E@n4jZez^u&RP z-EqZr;yG5x7m~a|V>vR*Xjj&YtVRbk(x~|&zDHnvnQ_||e=&$&iMc9+)#?nZg zRtT4$0GCb$30P+6YAnE9BWyC*%t^$Ys4w6G-@|ad?qRNHR;clFT(je6yYGzs?ccJR zvr2OX${=nm%0bbM`XX#}^h`&i3#A5|_I!QOpud-D?3{$gM%QWVOf&|D}CWYtS0&W39%j(b0w)v#8DKr>i;f&M)H(9YZgpuFv69;;RMK zTjvW@zWFloEDdo2lhDV=Rko1sbLZMPgRuAj8HI-CdAbHWdUGRn=?t=tY#SVI6M7bj2TeoCV52oC|IvS5hlw{=MrJzD@3;M1&UXDHzL-8%3y`L4S>+w4($Fn!*4o&NkGRriN`Fh_ij zqd#15(4UITQCedKb$xcOM|J0a|C8=yvpd=B4zeOME1-FQBIeIutAPsRxyF1a1*q@3 zhOw^qUezgz1g9Jg#^2nL9OJ2V^g5^B4Js7*SMp6ZZAF{&(3l8=+3zG2AFRr%0s;OM7aMyLb6^uVHm&>??H%tb;7Z-5*HGuS+s zR8GNu9=?PTd{Dg0KgIkSfY7(_8$9O|x2dc`TT=V2=T|mMUv0JUG>SkhL_~C?AM>cH zSeO6d5>5SpN{kRS$I7QC#E-8gXcgyI;}z%WL{Cm8mX3fw*# z+)EwvD=yLL063XoW1{(3t2Se;8o&EHUtpJ>+ zTVGFjN1ShLicLk{Lwh)!`Hqw32Q!ur5O(+*Hzb$(3%O%4Dsf&3rJFjt7Gt^CS#nC( zaQf_BH5o~BFDx}~s|p-IfY%QosldTS*aaTE5aC|9D_yxbzb(vhHaE~nL#X0K-F_k+=L>kK}s6l*g@Hm{c#qp=K?lH3~-rm%8Y>yY7lhVL?p0k1u! zrwcV~pcr=~ewHh;w?L3|q;JVpC#_S(cJXgQct+@5L0CMKrp{{e4-A-O(lp0&QL#ls zDw=X)w@0+13F%9be{_}xfyeU*2o|LF7I8>m;5`38jK}5vGh9f~3E2d>L@DVacC0~s z0*mI$tQ1|I0a@CAfdxvPO`^737|YXv1x2ej9@IVjNf7fL&OJ_GZjNQ&d>3tqyD{Az z2FB@cnk48NDEwrTJ$`>fg;d7bXI~%0z5yQ~r>Hy1!?=;p%pE@6%{_rNV(J9m=g|;R z){)yW%=;+N#Zk)jBD;>{+d)25Z{cp9A@9K%@)$Abe8FS(#r}Oj_vb|E&n7uP9IGT) z1kVrObLbaP8IBJyFO&k(Uop^7at>c=|Juxv9rSWS2;}WZ->iJO}F@7%9)s zT3O!KwW>V7Eq>kR4lZ$Z=^z>=Y#?nMx|<-6Tb3j(kN;Yu*xcm}jR2TjsgiN)LE1VF zDPW>Bi$FA7fyq(#j;lOg;r6PwkZ>2bEj3GlfY?d5gL7E1)AgTmf=qxhBid=MzSdcg zW7pgUd%c4nWA{*BL29vNd-rhXeudiU36Li!NP!z$r1c6>p5=}V<(}sZwUAUw2e5v7 z1id2G0+l#oH11CD&YvuNHgvw81)D8zAKs^6o0kBaW8$f`%?7TXeJJZ)Vpi!#PlZ33 zWgqIPuQg@?aH4%EAJ8_nKd2AynBNWW)OT!nS0L%V1@BGzx*>Rde^l_=@)6fJnhQUf zA)Er)Fl5ybj`V@0UhE*xWC~2phtjVC!akO69E3C=FmMiLCfsbImtk8E6HRfo4@+~E zl9BRBHE}1n%I#PLs1xc$tu=QG;Vrz)#vfPsb2xW^qoGIy|)pK))Ip$F9!9`554kwyDGm zX6l8xi5txL+P3JId_LuMTH!_~@<18#oy<-*BtXsnzgDgC>S4psC`0)OxK zsWF1@(ExWYS|d|tI(_wLL4`GI?&EcD|1SjhRl3?Px=D7b6ka=D=U@@ zC#d)JVRN}XmVw2GdfzY-W+CzJT=OM>$$0hPmNXkXvsdepF+vxkLI{{%2$(raz#Ik1 zb%zo#tIcx0#v<_OFB-b5Q6D!S$}+|?uxJ_Eg>C~8IXwABPKy__-48I^0TgeZ$qb*s z1LN$Cl6mxA=Iw$G13-)xq`G3fD18Cz+-J)fh-0$|&5V;U@O>Et)^qKVMms z(R_P7$@p2u35T&ZxSv9QoQzM-e?CbtP_*?8YdyhQk*9Z2=UD9@LB5J5dlVQ)lCR=F z0A1;ousiN%CHnvQy;DGM6O!et_~-j1MU}7OPJNBx*zZ_8ZjX|^mBXDZ>G{<4@wfS> zqr%@=3V(OJp9FvH0YkIpfpXpc(a8f_Wz|yhz#XsJ^1$u-TCW1pPFFztW61+E^tB}q zTzGSX@YcuIZ9gh}HTMi1YyY02*8lf0x`ZQ#vY$n8J0i|}-p$bmw$o4?jemvGBow{A z%{g@S{VPTTD4T&Qc}bm@>S-$9_`KZ;M@N)z{1J4iPQLNW)^jQ}ns5A{tB#P~-}~XH z=)FwQ`%Q6rbMT830Yd}yUY~v@99{dvRr?E*wf}dVEerpbNwD=p{1&}}KFusgFBgSS z0jWjz{avd2t_IW~kQ2f5Z5>EOB`o{dxg!+y{uu)T>dnr9)jzu{*d+}5C!=+(-)IiM zo}d9ZLVjJY`v1WOC(&wt{r8m`|4LqNIv@VF?~j5$+hXAA(B~^JHA$Z>0Gse*hrD^? z_bahn^Ke<7gX50eBu4{7?nrlUWKJdx2;$a{U|pVV8W=ng`LijDjYuuI$X5aH z&=CDq=p6eeicjLBKGa)$2#Rc0W2`$p_7G7`S9hM|UbzOJQwQ$N=W72_q;bEurI)SDoM!7+cg5u%>FG;nCfbLgaXV3T<0 z59N8GkO{?si6+qmE&1ST85AS*vzW;p%F+0FE^%wKwK=3L(@K$M$%~q?V#8N0kmDp z#U~4DiXq^B*fZc%1_DM+Z6#fDO$Nbn5Fo$etW)6spDfk@{y*~+S7ZF~MI8VB>p4m+ z+!*d(HZ|@Su{oz8)i~~ZE8IW1PUD_hfjr8G1=N$fZrn`l#HEvIH~?X{D|L5loYh<= znnSO(Yz+%3PS5@>_6JN)Z+M*`Vgu#sjP1aS%#LW*Zg=<=B2>~*Bcmj?EqCyhD~z)> z&qm_hv%$Zh4T_$PwV!TfIBJOJU(*(}572m`r&Mi7g$qFSIov*M!K@a%qZsWZ%JA=$ z>32h>$GFUao@q>8zfWCo#zP!}IO93%z6*5+1|quVkGP=I;ry1yno_YB80&s~9vuZ8 z?TpPr23e}3=6VXT<=9{An@xwnTag-tK6`}V9ui0d%?+ND=l_G72W&gHJ#gN$wkWM* zdekb?QMHz(&*F?(}M18qBx6+>%KiN}U6qR`~G`FCC{XTWb3+&d)ak7h%Zt*xeZ)7&q zZ?p6K3%rq~Io`tGpnS_`w(A^U7wT^ZlJ~$`AC|$uQJ^tSSyXg_!kQ8KP#!=d_cb#^ zLnC+C6aF$b^E(dWbm&xeC{^KaX``Z9UwNYWo4n!Kdf>Q0mXTv@FuQ}(r;N}<;6}0< zc!(s?y0rx8Q1!)*gOel&CH$^8aw-6ZVPvPTBRFgC{MZQfBp@eAo`l&6jozQ1 zzJSg@v~r29Y>&AyA+VT*faB)x zkN&}CF=3BTUa1h=7Cj)V689$#dGV)Z3GzyFF3hvJ^mj40-(l+dlKm!sjgG%Ga1z@ukDb)q8R46^Rx{TpJx}hH7 zA+fOw!S0!7SNOnS@+uVFnvn@z)Dj30RiNf2ndAsycDXR3_$FX|2UkMfjn>=RS?^ci z3{qeGD6LVLRPJ;h77Ilk9CwkGvFSRW#l()odaJH;YsNr$K2~I+{PeuQ;5mNyDkOHk zk92-4I#J**L{3Ok5VS-P1QYl$c4Q8}F{5~s1V=-h?H()b3XV{*jUy~@d2E8JvEr&S zM2uAwJ12Gds z=}k=-I@mJ7MfayI^72zf9_lDGMIQM{S{ZJ);>(M-AZHt_Knw2FX%dYfjx?KM&n%`u zU7BLvm0++``>(*VEHH-_{g%@|DOc%a7BHwI$c|duLx2KR0gM8148@Y04hHN#`5&JYGTBe^?c&K`o^z z2T)0CrtEBk@5g80`*ZrOw`y7+%~+qZjW1g8MV*RDQ$Ae316Ax_SuUkVv;@#){c081 zH2p?9)~0Mk@e!?zwOM8RHW0oFqx_Y!lnrRSJmod^fZb^83jfIQHr9-(HP+;;oK(9K zJYzkUf-zt_aAFDV{QLYz}Hqy09DccwWTR<0%12`{IjlC z2vg&)M(ue`1=}!irR%>1@;|`wn?eQS(;y;XlqU6i)f&DH(X3Zf-sbRu4*E}0?X1&P z{D`va|A!iWTIm4=80$u7GzQUVP(a5~YG~t7q`c+;f&?@ghub#XtI;5X#_MRyIx-ur zqjghtWU-Dm$?7NpcHiRLwn^%cIlvC>1WrDrcS1Hl%|b=x{JdXnnS-$7Rb?lsDxsEk ztfd{iXYiq`?&NrlFAcB(moNd&4GK~1%2Hm9PY`1jEJ&Ov7$?JCyG7q%tjRRiV6u#< zU5Q0I>3qpE3NdN+$XvlZIe48lPdJA#Pr7_^#Peh!=RyPXO&;zmj5OTygm#5y=t8suoB8=5F_Cf1pCV4~EoBR<(MQ|j>#&f8-WX56u? z2th#xaKy8AJr=|yvo;U=##qLu@mV`rX6=~^MBi&3 zzdCWgDti;O3)m|_-y(}@S)&Kcx}{m3mx|zGeZcHVCDsA67$&-~V$b`#PO<$OJVKvh z+sSHV=tl1mbtP`0p5?#IxTr^2^}F(-mASIwG|UVQjqgMwI72%d#-92rYu#~?#LT%{#x_e9rm!SQyeOTf_EY84&6JS?E|E51` z=`a{NV%|kaH84bVo{ef=Hje72-qWxwY}s5?qq#V$J3QPts!w6938-c&i#n*@jlmOC zpMo{mfodE;m|}iG1-YYlOwOYTiI!#|y~60LY3VV zRmL9FRA~o3R;O$4$0WLOtLOc!W`D(KV({zrd>&>?<2{G|txpb!QaoLGF5yU^42upj z$+#nMc69f`0s@s@KJ*FCA!v)QI!dEQC|_AU&gIrN8p>B@ zkF7@NS3o6)973(@`jA8b<+@@+!c1DAfcYEABu)t@;(Rq>CEpOvB>0$#8QVBMJgEpg z+=6YMg^ONw+$ihtqsO=DCgpfzr$NN#M{#SE)9JIT8u_IU$jDRg2d7U{&fXBHXW=M3tB(ib%<970o!=_G!)3{s|> zbcJ%0-XtemDqBX3e9?B3#<_3UhCAG(VV1mvdUw!5$y*xZGPC=96qFU9zn+j;fo<)RB8@GlB?MUi{? zlRX7@&!0$T_pSd$N1{XaJtVKMQm;>b*ix0x<7-P34udQDx;-`;lf<#V8fVEf4e9Vt zP5_pg->L#v@qS-x9L+x2ydAYo#tay;K*12ZM?ky}cS>FV{Tt5aobhf=+vocden^E! zbLL!l^{h)^UV{{T0~Orhy*G%0+Z$P!>n%L&^Fm*HmJ4|~;?>U}e%BGGJn!h2%#FjqY33$UQ^|2}HAo2u+{@=$@*2le6&P`?jEj*JnRsago0 zcBxbPg+GTmIOKd{`Tt-~4qosJuoM}Y1x2r~S8#u-ubg7wA)vquJsT8iP)oQOz5v^R z>;NjrD5@{5|2CZnI8WYQSO2Y)UBI`dSXCXS1yt^il;p=+pkItyl|lFe7n_JNyDB3y ze?s+THcH)L>-+b?faBj^sJ`D?o|!g56=LLgO7)q^O5Wux*~8J&nCHODanMhzvdGyv zq=mz{g~r8qMR)`3#q0k2hWckuKI$`>MsDA?t_|O%M>CFzW(2}-6;_o7-s%hWQrC{K z&_Rt}gQ@oRq7T3cm9wrJ+*9KfF%eK819vc!0JG5jLkpx)jzn|CKP_;}i>s6M;6>0H0#j-I4-Gx*0Gc_`xdK~_fjmBFXRlv0XjU!JT>^KmE5Nn% z)*IW?F*J)IUFg}FunZ_DW1B9P{kHb!RQqe{kR5&Uq3QTuxd8fUmH(&|3)5kl-?ckd zn^(fTYLnn<_NN}ZvqvEbySr0X6~*pu0*UL9n058Mt1e_%of?S}83`<$kPqlA9edjP zl)P(<^nu$Y$iEW?>u*8E+}{l_SyJFTTnxd zigexKAb`BU4Xsn_k_6=c;w?sK5~MANhR_uxz*zDA32^o=U6(Kldy=6^_QO|Q|#c4a3gtkG&FS>pqyYIa9oVh_y#hT{Ax zLepb{{@lVll#aUx@z$%U60|+>s*Sb-8g1_A(j0Inncs*9{v!4X(;iaf zQFNf#9Oy8as5ISCA#IjI3mKV1r97Nhkmd|4NFBhE&{OAlJ>WQ`CwLKv7z2irry0)h zhTuw4-_}>Gj`}+3`rsY|u_(@7%BPb&OH-2aOQqgqpOe&mg7Imb#Y;|Oa##EPCyresM_e*$60C8&iW2g#}rcaC6rzW7M!)d}u=^;EZb zf(6PUA2!uozOy-|PLf5IZ0jVcO>Mm`gu|Cuku>`h~yo?!uz1ES&GpN+do&Nb3Zi(x}GvolY-#S zp4t(4qI19uk>OfwA4&{AlS7G!uoQ^J1!aMyeN+5X>j~>d@CTtU>~oF*g$p&-5xBdd zBk@@`1uA5B1St|k=62NW`v+a9WWz9lDl{z>HZ%?E?itjq?~|_sOhHPFd{&PEm{G@>>ZU>#>eA(Nk@!nd+p{h8E< zchJR9GlgjerV|?{MUS9&FM}B3y*osGa~!*>VKAE`sBWIKy2lf$lfkNwtZeK%6Or{F zDhNS4=Eoe!B>btZvk|v6vIHMuBliWJvpksB-t;9Y-tZDgp^!hu!h4Nda_kKo8Rus= zI56=u_0JejDJ(QR5THAlcLrrIRa;>)7%z3!_D`wJnLTBc`uu!obqZ7nqQ8Ib*O{t36D>Y0dx1r-pAx|Sil*=JN#*7}jcU@GE%+seo} zI16``M(`zTS^NYSD1>OJ|KW-u-YL~xoGWw+f{x1=eY8P}IBF7+qrHfMMRtjV{kA3A zJ_j0%kNE9YMS9;&;Wn*|HWiF}Jqgzc-5^L%Y8Xnn<`sO9gmIs1x8j3%K(1o%ibaM_ zhh&>kh9#|Q1>3X4J}Z^nzt1@gS9cV|Hy-O7WB|S#72Es48|Ea8ALTI}A1CrYZ2FP& z@}OWuWDHb|ss356;%&a;5zvhTB<|oT0$pjOfAO3zY=$-RuSJM=8es21R$=Xnah@|~lWC#A`02nBN;)sB^FQ5jbz#5a8s`}bNj znobk-3y`<|BAG)qkO@_<*lFa#%#W^@mXr^0TofYtW#q6Z|8& z0df@|_Wz*vWe&tS_RQ9J42U=HJI;$Hhi}bDffWvfV@(2))}I*Tq-`aiN3L`}v*mMy zJAvRmkxO&HohJ<<7=Ng@b;c723yEr>MQ z!<0GMBysacceX#fj`wDd(YG zh;=rpY-nD6ciQ!J(DkXQskhL_p;vZ?%!3IQMVXI?53l1N*eEY5j5lb6UcqoDcEYg; zH_7r84Upv}!P7<%qQ=uKHo^72Q1ewAQ{V4wKBnf`H73Q>k8Y0tY$v*$_z7rzEp#%l zpITOfhL(o(cwa7zhPJ-c?@rr%rGKi3O@(AOUY2@vQxvsyS`&%lq zB0sdObe1tI_JqrcJI()TW_0MkDepM)!4{9q^j)$lrKH?9w`2mc+rcBE5Y`Z?zOIB% z5l^uIi}DP9VIY2t%6oxHBtb2}4U)vUqQO#Jxr?{>Mo7ZA@a|aTDPn6ga!B$c)Z-s- z2FaAdj&!VdxX}cfnsdH1<-Z-qm+JAOqb0*)qaOw9LF?zD63H+JXBM4dZuJvjjp6%Q zuOs{2=xEk&-e?J0j1We+WkPxg5^DH9;T%8*U%z#v6BmM?1o<7yVGpc^ShEgNrfFHW zs&_sjws*xAJ_ev73>|uZZ}~Zh?7z$vJP4^fAFY(F%E}Ma;Os8)@<0s|>9*t3z~cN= zq;X8cHEc>ax$jiO$r>TVXEF-`4pw89br&-bJcUQl(Z^s{0_NcR1g8P|KAO+s4_~~3 zUp@`}gBSD}ZRsv%lrAHZC24n5eTj_kZ@>>ozP%QYP#Z$}ohf)Nf3BV?!1jxW1=&Vu zx>S&7=bF+1?i@*^BydCM&O|nztlU$S*W<5$60gUs9PCrFkaMsrl2UF$CQYQ^HB(TR z>b}2~?mEvB+z05U)0L4uk-ajr*IPXSg{Yq3!umSJ>We;w#jC=Fx!4n^#5@Tdtgie? z(CIkLA>I}7l%*r^sHlqemF&B^M<=TuG5aoZfHU!Kfl19AXu&)Uzer4GjaUd`76@@) z>~uVr?#MpP(H$z!r8_Ge-RU=456yNw1Y#RaJy8CT9+}PfxQWyQO!uIBG3}33lOT1K zN;wcMX^T@J>CxD>paDwIX@TE+P))nZj7;7gLSYs{J&`VLnu{UXIAOYlI#(YZe zIjxnqwr9tbWAZuWPgqxmc_TQwuyDT-x(ujX)hc6KNo!-pRH8Ll_4YdaA~(mYHv3}! ztOJsLZIO(1oW1@GY&|xI7D${as!1EF>N>il@am;DmAT^+sO2 z@${S=^)Eg0Z{y1*Mjo3kSp3&Z@-m(9WAwG809YOn1d(0|?=wbN<2p-UO9~2`CpJzM z>mE>4;cl8L9O=0=BpViyDkMGkRXRO)^-Zz1!<{_XTHovB$F%0QozJYlhU7@?F&dU4 zz*5g16DZU67)$l?{t$M@~7kp6iE4c|m2NrbhN8`#SOE_zELI0xEi7fGt z(q1+*`|5bwM_|abCx|-lYy3D5LKM)prx2MJ-a!m$nX&HJe(Qr9?+YI2WUSbTC)&v+ zTGVD9h~(mqceqmb)FNR`4VJaPsS;z6jykyEsbEc>vEo)1iFUeY0YA<{T*uqB{{w5m zy4HC5n#KRn)O-aTG>@E`m-uaJp0wPi=JEQvz}zbV7KHjcT%n%|>W2mDkNGm%>8$zn zp@u%^I#gml!j4I=A7=T$veavh%KLEHoZj7gzwX`5g3%*Q&U2s7?p<$3?|R02m&*fJNJngU}5k3>T6hRjXcyF1xCZ@l~)_?W%(8&{0|T; z*gGWK{)$$vX7ujMzw6#@V=YJAyRYWky;}`nEIxayzAiAQQrMB+(eM`U-ECZSRt)3I zXr~ip@+HnE^lsHM^sarpcR8y3$kgEeu|}vrY&yaH*BGIpaxvGa{E=oZ)nycZjD;t} z8-Eus(KrkHjF1b$S#UoNWqr{uQ*SwPp3?Bb-!z&YVvR?PrWdcV(bOM+S!g;#Ul*7~ z07RjwP(i9D@MA%qUYpC8$X1n{2)eMR%ps)8o4`jL&1-`-`NoQm@CfCPOJ2SP=?~0@ zs3aX|;HH_6#kt8;RT;aTbAb^CnFI!h8JFBJ9_?b>3_M5d{^q0aC5I_JD+-ZOw;_w)HYet&#<@tW6ppZ9sc&N;8Mz0ST; z_VrHY>&@1XtIY1~Bdv00pKB|*8TCH|>Xzf(uy@RIhYiIc7@s*(JggohS1)>4Rg={w z536zXAzifYX5X8vE_?X6o~+oR|E>Z!ovc3fa5a;xl010rTmh@+JY3a~)gx}JT-UtFoKJXWMlGyEn`)D=8gLQ#*$?NZ!36>4pTB-+50XVyOp?rur>HhSOgBXntIl^+wW%5KzxsS@O8qfev;csIQjE$ z4<`X+^`wVY7+JANNLK*;VdWX;@7$q0nwD-2d9h{f8bh zJVgNyce}SYa{mT`9KSDRJEYL%p7z+EVxNyT&#f#ryMFJ6W4X0d zBk@(|7{p*}4OjEEhFG@8m#S(p+AJzX=W%;i1jRl7)^NLrzN(miOKa);RNW)22D{1q zFOSlKrc3CqMu;;J!(tY-y#Hkw%>Yb5p>xjP(}D! zbH3>LfAX;1h=XE6`47@+z+VgKk7;b9+(sl^dOFjjr7UlEIkeigx ze;)c%@@dZ+$6*&(H^oan(Fns$$tP2U;ilwM1)+M$M_~#+~n~84jtxC9>v_HyNZ{`SG?wz_->PC!uKv}BoV%;jl*{kyG<-T zdul0&*ff2UK@39>-J!#LxT8KzY12%2Z#dx6)g9g@23%ZAQd%|OQZz^z8iY^mzi_(7 zTShewuQ(5%p9k3N7!u7>vy(otM1XCipgC@u7H4zDe8FHdQ{%Uy4wNUYGw3t-RQpQg zc{*$kDdAe`AkUH8g5BeM%K4(-T-IovSHvk}ywNeoW4f}L^tj>tWF=}Oo`2Nqz9yXt z15y9&8kHty&w9GNu`ZLx+4{|CcAU+7=Z|YJ&mEU0JlTudL6ik~%972^$@@bSW0lgQ z{M;S;72G-8Q-1C>&}D11k~NqXopz#9I0`0p`4%RuHjYD}Y=x9q$;Q_Y4R!?u$Fq{& zSv3>WAhf%X#H*RpR9W}yk`s__RQ2*{Uj4Mjq5Hey z8yXJx`UZ;*8`l)xp_|`j!}vhImq+_pSiQ)Dn#?y+HB(nby1ez8Le(ZxPM|5&n;UU0 z9H2}-I{(IFPPMu8ypcGUKj;=`@t;gMS8ny!qo!zX&RebUi7w7%B@YwTTFfc4m7fp^ zzHKZL@04g=KH2nWy88iHI#!ccX;>llfzncw?FVQ9MeA4&aT}mRzDA|kJIlICh&wJ# z)aR%ED#yht*XJIKb&C2brA77m6q>g5T0g=1J2$yMtd#jIcI4Yx4apYH|M&aDJd#Xa zv+L*fj#krgudrNEx%CR$3)t2x*U<}JE6bZ?ynQ1{kj2B=i}Q2s$U0q3%81o#M^@K9 zkf3WnWqn_d%O*W6tm1FXs{5c_uj1QskwyG^bcz?BgpI`y@zMk5s-7)#{D8mMXa7 zRz4P9vDSw|?plv@8`c67r?aJ4p4cX}awh3c(6+Ho-!_ij6UiFi&vEd;S$Tz0X9aJY z;EfgjPz@AcW4Q>+bxjl$kA&vh#@qL~h0s&5Oyyf$S(#K(-F3RInZ;jCFf3Itq?v8j zHqmxPv`L8a{6>|!R{<}_9x?U0zcv?zCd#_X<)by1d_$!hO&5d&8`@_cfWo;MNc*Y9;jx~HedKEh*pod;Wi9NSY_TT=ZQ zGFEBxXWE|xR}j?eGG(piPpx^sq4M-el^j#~oO0;ZP@ZB?>icQOvJP*nlqXjKb9>i> zU~^sGSy!{N;PPsu%d3{k1Z8TfER;JBn(*opr4&1qu<1r`nU)4y)*)+Qeqc^wQ|Z;> z`i#G?<6}dAa(%{w)5Saw9l-Cp|0_z||3&K+`FeFKJX}3%X&pElGT`gLW0c!X#Nqot zRgz3n`0}mQtd>t_OI+h{(q;-t)uA)SFO?P;&EFnS{iH{V$1W@<<+b*z~T9{=t%LV z6zx1l5~g63LA{O^BPtg4tIJ=PzoNc*6Owsvy+Sg1th}+c_&PT5Ag(2#a~tGv+)Xzc zIeg)=32rNu+&a0rHF1Fd5**;~wFjKGBVbQD-;Qtxi`B9wJn5|TWG9QCa*SkFMYG!x zG8xa}CV1|@$0Y_j4M^}~d!z#yKO43;*sxTToiioEXxY&Or{xMxXw#W6F$?6m<=}h- zmBA#*@pXb{`D5ojpui*(|Tyh-teDARzz$J|USFczRAXz)QjN}s4 z-z2JODeittsZVSzu$W2zK+$bHI&s5=St;Gc__Sj{Yr^Lq4{ky;n(YdodR+ygOkvdT z$hk9hGt}IU_dvZIv}F!xl_fc# zlQ6v;Ok@r&2nX#^i+DMRXAZ_u6$B31%{f>o9IR{XU@+tGh;Z-{QP&g ziM913y+gBbS6ljgW|N=yR(#Hu;Iq$PW1mk5)PdC|Vb;Q2F3cL37YZ-*dq(FL7%XG7 zW3VJAaLlfWGI;zse_b+DoerdRt3NAf*%!rop#Kw!4wZwfS9G;Z?|^l z^{+k`nY%hHjI9{#fc*R(o;tH9mb)9De}P$0ukiusDmZ1df%dCdlUsY@S=L%Aj{#Ut zZncOL&sOsj&#G3?w7N4>hby=A{r1xhEm%0;x(hn4mASY^&^K)2fZZW8el^~>Z)mZ0 z67A0%%vvhqL$?i}6=p;2~m2_;DWvAUGd|VnF{|WB6 zD}P%vXTM(cmcFt*H;ek5)!%Y!#*Vh~+?K|5X0TOmp_Q}HAjC#)*Vz5g@S0Tgk*Le( z7#3iw8ar3gUz~~JIk@4mEl<%*$jm=kBQy6tSF+10Okv*KxsnxbX7ag`^VlK@F-+&* zQEor#F_Wl}xAHtC_jCapUUmzGjWf#O?&kJtk-jR6%?Z#cN^DL52ep!hf+l?Yi`0bU zHEY7f1VA$^4id`0`8fX#H@RJy zkf{o^PQ(}qK0a*wwSJ=g#B#-FR$Ts;q2lYI;lN7Q8MGzW>_fQkgs#6&J@%@6SC8fL zb*i!}*=gztzq8Fj)NNJD-?iSO@%>}21$8*Yp6{P|Vkv@w52;6Y`^sALF zMWBi4(?;X2H&lz_JVML#*$|HzRd&9jOMjqUM_hmSKIMN?f1v)Ey8H(ELnw35jhb5M z54VDPDHz;Af8l@*)bMf;#yCt84swV#Y5_}D$i+&%ZV_CxPJf_HNR4^*Qt*o6ywI91 z!^EJM{&11%>_$O3LB)|W4i_vaOm``@vSkQpCfis{#S3?Z;H~4uCYfwjFyRAJ z(1#ckQ>nFnKx1Fct`DrmZXeC1R??Q>W1z)oDB2YY&+5lF{yN_MHTt6P%7icJ3sPYG zWuMKgKfNoABBf~G|E~6E-{;*)`Au%$7qX|O+xIC0l?8BP`RWL#^%k62hV2!&{-JKk zKp4izUo>A)7uYnzPhAY<@tYg*3vu()+!Vh^Mfm#2;o|}8(ljGn)p=<@m46nV8+@;A z=6ifxMuKbUdz^~dl%&6szjsvi_eeiw`|9dG@+l*CW617ll-t)mRL6^=@)klw`VNMX z#qN4{1N%d*=p$FWYn=mLWh+(AF}ATZ4$oDOvlgy(u%Ua#9V;^Dy0}{l1ZQL+XjIhL zd7b`9+E#r$HX^!DgtYwHxSRyJS;~huj!|s3M+f|#P$~>ezK%s6)1&hEERI4&v)t@j zmJ6(-DG$Zb>Asn4rnITX;Q~{6oX17`%+E7*ucxW^n6Q-n_gb%X!;#dkOI!_Diae4^ z8X?t0)VrraTh~}#tEP+>hPdR@c>RxOc-eTx$r|@~MR(8lP3AXhP5ANYP3WPMZE}9I z-ob#(koh3}QWVR`PBqeAl)EZg6%R>-atKQkIE+3j#?{b4l2I&8L%!qE> zp;Bl|c<=q}F+KzRzQRc-lHy!n5nsJ^ z8xC9jOTiYSKTsiP*h;&^jAO4&Z2SXVvp^&94r09htkYV{d!mB(S=70Lx5bDC-;^s4 ziCH=C4HHL?_ObRDtx{KbO%F1?w>u@{2!+pVLD5jMz0F;D%7caPFP4R6T}j{26s@)o zJIcO(aAW6>yPe}|S2khf(?@)Rwfs;)=v<)rI$BqPtI<5yl{8gby3TU=F@Tr9!9~-;4^ z+n0X?=^j$AqjFF-VhXf2_Zu|h@9F!!r7ypNJ*qTTSKpp4IZ#**U|&s8SI|WJhD>x% zvCHouDuS{rI99@jd{lO2sk(wzbWMQ#$y+2u3QEOv+*mYSqp!Pyj5V#7CcWAgQ$Nq0 zTTnmK{Wh11slI;)pP(ke;S2t3C*K!zCp_Jzg9}Z*MYPaMaOkTe-r>f29L}oMvwMM3 zaAf^0G*7|~UO?o7=w|qJr3hCV4*b~jG45m`wp2*iu?F+Hq>h@Wwbi9pt%!!y;4-=pJ8uH{3%ypTtc)Up(fbE%a*B@ z(M<+iJ}gOkk{m}&R9AF`L0_GTgv4=$3GZ3M%0|w1yQP?%IU-{68zjw-PQ^KMS|)RN z30XscBs7{CAz8b^k#NY?y?!O>yK=%SURiT-L2ucWCDtFyuB6yzIN}fxm;R5_P3*If z{b@{3P9GyAtFN^4^ttAP>$^^;Ru9B`N|6+tkCuY@Ae`XoP7>SW{J1(F%OG5sSax}; zRa18Pc3V%#BgGcsm`gH%QN3;s`R!WG#PY{!`=yUWyjc&K&KD^{3KnT?e@(A4A_Y(2 zG9kU{xAcVb>I!zv5Yq7Je36Dc)p2UcDRE;H&T{+3e!_$jUAao*7)og<(t~9DSOlIa z?Ke=4BfpTZMx_K=S0Pi`mdWBvuX>puTY@IJ(NP~UvfrZ-o3u)u`_z&O`Y8Tgx(th* zT7ttRst2O@zN5kZpYSdkeq6;Dx6%HC3E>zJnj5ZlJdd*-alT*W5e&Sco9IUX??h~cMq6sI-#KR%p>e{fz0ZjyU! z3himc^f%1^6y_L*hK`~{ZGsbW98Z(XM9l(W(v@!-`-bz^k$Z5t+tEe=Rqo?GmnQ;B zhlSrnK-+Seb%4xRK+`Zp1r29qNX!J(x1o*_I#wPDjC&vI+i(M`oLu4iz z8NMWOev3GOB#Vd7x~TcECFz+EJ3xqUF(IlYNUYl5o+%3v2SlQ1K!hxSbjg?wR-v#N zF=4$mWHi5w3Xe$+bb*}q)y`{*#+Ayi=XpT-Ds>uKbuFNr0{|>ri7`abPs8g?_iv~AH{1}r^nA0l{rS?0NTE6c(M#WE|yiqo*9!is8sBeGM zS5IpTY0*WlD^<8naNttpk0YrGC?AL#4h!s7wjb`%Bs2tD-cG9?*cKP}Vd>R-Y5jiD zC;Xzmn{JbHoFr!GFQ!(8^A-w$we~Jcm|8K z;`~wdy4zq*<>&2qT}|1a4}CthK;)+*?5oD-?NG%|#Rcc>s9zl)v>_|x0Cp4m=Hq&> zuIs0Tbw|Rj;RzR}K@}So!8R771;Wnb{Tjy+#6P|A14Ue4XEwj4s(!^`N~mve`wwO1 z@@qlryRSh6bcPEyR+GMnzPIlJbp;6qM!!4N72j~9f3CXXV{Qy6QCA$`#x@pp#cSLc z2o5{AG03W}c!nE;VfzS-`sxliQ|2u!&*+q1nU99%8qSZ2L?|}2D|_om*%cgKqsCL} z#c$K9{g$R){33-ambc2c9sb>VXoPRZ(@raGWkeW=H8`E}eq!tURwj=+HR{?OFQ z9+VZ@hUit-C?~+h+v;`C!)Ns?-H{bi>CjOiWrt@)b_j8h)=LSQL{$aVt&}U-B$0AE zI4*rt)(1c4i1gEt5S!f&j!7q4k-`&&wuAfd`e0fHD|2D!f8w|#y2vpGrwoPZ>bq08 z(<@J;RUS|4XV)j#OS`96Wa`_(gqj3lG0_ zS~Ew}(A9?3$vSp&mB*Py!8`)Dq_ajKlpR`y^PUPrq5Tzx>KrrCV%d!i*SNk&{lnJo zkK35dM0#`kQx78^Ui;(L>nLbx5frotEn*M>*`D#37I^21GJN8^eGGC$@#D+bHCVWY zOno<9Fj+PVy5&|ftWYgcS3FKdyYeaquzk`hZzaua9nI>ds9%XoF1r@5zL!)$m=e}R z*;kR2s{%1SW1^$VOvo!}h)^FoXbv5Y#NkHByjTz$K{pTDw;dGq$x!Cefg4{bIcL7e zhn?Wsqwc@KGzv|ibY%8(cYUvlh5_$V|3I*3BS&ap*1S%r%S zMxleCUPsqFmeKJ{RWP9GLIuk1PPCsqAYy=dUx*5`t&jEcQ~_8?5|{KoJWs@68nIEH zkkPsr%uaK~U?sI&m;!P%APTZfQxlF^yP{eM!3Ev0!>rb1OqHF05$)=+8;9-MToE=} zqjfW36KA+wi*hF^mc4QSzq}By}6Iv_=xFa*RkpLqd1RSj8}TJ&&Zm%841G< z?5t)V%WzygZHvd@L}izaJX4olE>*Al32`sGY_oOdA!?IW9h-}_B5BpV4IuRaxUVWD z{uG@$=foLxj~o?=zZRcCu}V)kVO^41^#acT?C3eUDiTfMKj#P`((${q?PxZ;cb7GI@mR2E`2Xt;toxlQ!JNLKcc!1Qj7mRI`xD zldn|p5dMKEc!~+wIe#csM0vc>Ydx%-A>8s?H=E1P;1N;}`5`}0pTH$Qs?_{hmKgT) zWXck<$Z&v7;aKV$OvB`Gb;kl>)`_(QyU!zp^8Ak&&ulS#Kh64Y!Z*=7e4mYRhwoEi zmc!SziST)i@858sF##FY zJjdsnx<8N)&(iEo6XX4NQ1ij&moW2+nIFD9kyf44@kP1TMvabCC)vGa_b=^Mn{??Dr??U}9 zGfa0gRE*Dy2@V>XkGYwl`S}XY=SbH;P+9sn8k&!(xrw3qHVU?n3AQ&FnvbcuiJ|%J zsDfo-&}b$F8N8btnja_+&C?xw3?#x zU#DQ|8tuo*GH8UMT*d``FmPvQr-M7O@#VJaer?$k}5?*t8M)7Zbe!M>APv=MM-9X7m95{+fM)Ub`G{Wglp8OW|WuYshV#Ufgly{Hx z3}E-oV*OYfT0Az-I-YIf=G(z7yrOjN`=;akqHc31-6taHNP}iMnoS5mH>25!7WSqe z&2;mjc{%zXeAr<+d|}Q1T*5DM`DMk1V&)Ie{j@kp)Pzvb#iB9$Hzz#h>v+xQzsL{2 zrSklc>(MK};rId8L=WFEgAE^qt)HeCJ?OYLfwBfh9w~ol8&_4)2>M2(cb6Nrw;t(F z_b|~l;t&Ns3SPI*8jFUuEiBpksX*+wpj{kz7lLzM4Z(^AR@S6X zqMDY~;{9@wSJmx^smFGe*0Fe6!JoG|JmP1h%O`6$mSLd3_ornk z{7`jY(OSLqBUKn4_feDNl|p29AT=Sx49a$u-#If$h{=j(pVwf`s1yH6M_%GxSNR-F zey0(o5OJ(ZiUC*A>f@xXwg}-yM}xO=+BsMoLbZ_DDumH=SND$o z>v0K;UoVdiTH}uTbj8;%v9CjWQAd3=6?9WxY89B3AH)>X=w4}6r6^u=v}yg$S<^9m z8s*WtDF)c&+U_zceI7;Y9L9*w&cFt}uk2$d;f-$uE~1XWECt;-D9VP=mYQJpteaW5 zV76n7gRc6t#~&koSuy^%hHkMB##MjVA;9uxqP}XeJ8%BZ@@7AM!sphA_)pTR{lD!; z_e=V98aL99YJHmP#RZe6ZVHK?Fz3S5-qB0*b?(o6{nKbf5(yv|C&B*+GjHn^@QW{NiJzvF?R6_z3LK85V;io zCbF<&q8vx-U~#0&YZ%p(()!hln>hPUfD4={lYC%egljfLzQEjscfE^1smMX#cNJ^`XzDRjm+JRs)^9)4Hv@ z<5(EkhG0_q6kB)KkE7(7k4=K?%$?m|Aq28K9gniPQd~94#}~5Dhj}_<7*?(ft3w*w zUmt(oi96Yns}eWB*8ah0D);*_a$xKCCi1)VhK5|Rxp<5wK!Mp`m6$`{S01qMNMzqe zV@?u#d#e+l7^cF;Ci}yv_wY25KUMLkbpEsoPww0S{VWqMJMi$tlTQPActWcZucQx? zW;sSvfT|P6^Uue4eV)X=KLVGCPc(g>hOCOf`^=&Mjp1Jf;ww4+nRdE(pepe(e1pl| zQ(*6Mp30qniK=X)?4H%%70%>0NEm7Al#BXwfbA zMVB+IAFSg)k;mgI_p4t`@<~lNV2QMjQolL`E#6Lj-OoN~zw~Rb(_L$}uj9Y2pD>}{ znf%J}KI&KZp~)=AD$fa()^e=vjVQ-L0l)fQ>Q{aB6`xrB^DBMo!{G{i)*>YTP8%lW zAB2d=6{4{c&-R5B4fzJI`HBr6uJIPyA7tO0OwK6t;0h8hg+%&%8S>}`7qLGWOOowAsKQk77ckcuiI*PvM_+kZ z{c0+$wzl-MCaYf^h1JV@^mQj8kMHzrom?J>$G@i_Ae#^n$Yy50y8Oy15Y4*~O%+5_ zIiZRqQ&q2JQn^4<36Q07H>C0ezE(;lpSayd(W*Qae}S^V`2;2+UIg7Cbm{Xb|7q2U z^YL9;f>V8W8N`G21{p}&w1gi^typ|>6`>3#zNrvnT9to)nA4GI64MioTSq`4sH{VI zQNOwvK^?s_E#ac|HubA3uBTS}y+Nxk@IWieu{ii1ecf>%eIkoG77O}2CJ&R6`|V4H z9P?8u1JWvoeFU5ObkcC#db;Bmc#DO3*Yj1#ILSWsv8s#tl`F1OCg}h!PcbeBl94Zw zl?K;`gU>y%gSYv~IH#aG@isgu8ODR5cl_bRBmPKEkND%gJvE8PALjp=_@_3CKWrMu zAKu<5{)~%P{9&hvKb}0|4~82ZUytx;4;>9-J)SemRtHKb5>>>s6AC(!_Mkd z603mi8+u{=32x?yS4n7TR?-vbv`;9%9ki!`y0aVh$Cv-wg|VEk-<|A0E*n%Z8%uEX z>a_RtdtUnc=Y8xUacyb8!Np%_>1myPEOrZYV+S)#!vY-BThegj+c>p_*5jZF9*z~M zINo6fayPP~fBB_iTPMV^3kC6ER}fEPPYNt{!vaD2lAb_!e$0co4b;^h$^A8cFKx-o?M( zb48i~Unxd$%~n*v2p^rtQKd%3x*8?=5K=TqzbEUCM>h}JH9^u} z{6Sy$ONcUAu_B8twW|D)^|z@Kz-bV+QRkiImz=g>`)i0{`3OJj&q!t**^#xuf2V$! z1Z6e|mB14)vZnrV80`C4`)@sovR^^ZIwp$5wPgMTV#WtW`~zC^o@gTb@yPy^3_n2> zG@gt0e;8fLWPd=>5)XSLj!ET}20)6OPZy_XlEuo$X|5 z)fh_jVA|oNwNJ;SEbHFEsv}upt*>i{!*MI#DxUXai6AXrCDn zv$PJnTvT7Z0+PBltshPZJ(^nQ^h-t0R$p1CuXBu6SFi=gIAM$Zsnh!XLEAg(uKVfh zu3@m_9ULrb*Y6Uq+vpRp8G5{f7U=fTW6MF^NxyWcg3~d>m|l5?_riy&QrBz-|g}aREfg|*FC;arPcQPt_jmW5+Fd{HjbrAR2U>D8zeyROFKwGmq1RDj= z9k=@;N2XOS!s3h-T7BiBnDmMZ)=rSBEN9;RaJ&wWJ+1cJ5B+@ErSEyji)-OHCwbIN zjTH+-2SZAMkW!#y4<%96sI-1pQn4=q5l^j75fVzojl3j7Swd0Rxd72XK824Y`)JJVfiW%70dp=CUoI3!Ms+Vc7XRBbDu>!9R}ZvfrF0-9;hWm;eUe05 zv%M!SE1CyUAH7Kh)&4I` z=c#AzQ@6zl5lI>##Oymqkr!Ec!z67KP4l45IA&i%&)Hd zZ>(cIwofUDk9C%P2%%{Fk1`|L^?kFj#)S2B-qeymxo&^fbARCaJFMHD~^RXz8gLUn{2DO4|WBZcY_W+di%7ju@V zA7HLf#QrTBJ!_!@&f#hO;}6 zloW?xCCe<)eyknmYCno$WbH>04E8d#=Flq8end{kGv%;Es=2HEf9pw8DgI;0wmPv3 z&Ig3<-?cwkerNwuM@>s&e`2u+?IPTFf|=(>WHq#i=%+SR4n<1`r8ouDFI}`@B#;=#U?RYG*rhQ=Z_oHv) z@kJ67)G>P(Xd-g{bTquL?BO!~!G02UtlWg-3%9n$_6K5uCnwNt$Hoi98Cz-9OHut@ zw0FUhl?&rbRJJj$Q@1dJpwU;O8M4=7J{Xk&_V!IF@ki^GL}L8MAG~yh<4c5I!@DJK z(x{HT8-5TIVtg8FLCE<`rURAX1@=45$f~@?v-n1qQ}=K1e=~`tU|%G{voPY5%HQmN zLn%k&{izo6s_y8A27*{cP^WZ^k&uNmr=cT@7R2MT$mHX*OqFn>() ziiNyX_Q;D)Cv?fr2T;q5J!#+BM>TNKeF`StqB}-W=A!#Iy{7mgEbi3f{b4a5fjlUu z;0#5G`0znmRW7pFN&7$+oS$quw9%*-uiHn#0zvbWlkzZbyd%kt=izak1jQ2*m;1;e z>M26BVTdwBZhZ--e!0SP0E?pWGvx3*=1b!F$#$z8p6#%(UqF6>m|p1b5>tmO zJXp_y6R*7a0aZL$uh7mTE~qMU070D_%=B!zDG*sZ5pR{T{q`(l%Q?<>WZ<=1x>R1| z^wwg)flGHNCI)&1vYl(Eu}40+YEns!pG{vAXzQC=ot>0g`Lmk?+7n*-E8tJ^g-IoT z*5B$Q%a317uAEdtQvMbkh#jW9F^}rRz$9fMc4SW~9e;u%*TudJQ_g4;ZQaUH03|5K zn2oSMg)b3oaaJ)?YO3c_#e>@Bx_vr*0x1+hnh;Dq?kvj(1)@4TjkNS^qE~6-&J&v07V3Ig=F|4#ZwNrJ-V1Z1F z<0>4~8XZ$@+9qX!<{V5a;o*R0r|dtWg_%XuIH;aSp(}ME39U;%%IX^CoQB_7?yPpg zQ)Kn9^s1p48J|d7bk=mFo{)VokHakaXu1vl{~SrpgnAwAj0CF~KTuTm%VAA@PE>Ko z@U*=r#{Ler+tT9*deqqSXL&WoCn&Pjkr~}6lKT~`m9C|H_+~RPx13iJ4BpVI_TvJ2+Yqob>}0`hh5qh(791rUbrwl?jbhjSS=qYK6Cu z73m4vN8@EBcW;je+l?sPV`*FV|7N@WD;E9@Z{*)P zw|`xQe|1nw-1Wq;dfP87E$6v53~qE6h;#c(WKRb!C zzhn_~wV)dW{fD6c67+dN_Xv7G&`$*YPS9Tjy&$Mh4)=$7CY4Et$WPqKO?n$=k|rXty(H8OTiL%RUn1p zZs5AeR%+EQK+2oNCkvKq4ca`@LKCjJun@yWUyBfzYJ2DLlr4n|`ojwg`~4y$jnU(Wk{CVm9;etw z$Npq0yOR#{_gX>i!TkGKf=`*C8bQ7N)4k4Z%2FmW|8@u}`y*4?-A3{Lh@cr+)*;#1 z@$m@@45g;rY&zi-*@T~Snwp!Dg;#WJd$!eLFj-4eb5l}am*A?=$RZ^LK3}@P!?96> zQ}&Mq3O~C-dA#deTDi>`k8& z_H)~L@{{?tmOd-|zasb?7F1N?R5+;~znvFTDsg#q$enq)5ru7>ArHkM--ukFOI5I~ z*s7J{sO|@{PYa~+hGP0EncB20+X5|`1n|UO29ywU2~`1{_sEeci*1HN6nIpltdL7K zw@YpzR}#k3TtkUbTS^rQe0EhHl=BSWY|-WxqB3mGUTZNFFEmO;CX`H6ar0cJeiCI{ z)&$L^V4&f#6`@3<&afb&B}S{sin5Gw^ZSrp9w^?i)^`CDO!MyXePLrR)2B_09pU0x zY$$?=5K*hmV&qk(knK`K;Uc3Y)>K>=S0JHk&t1f-LSs>h6%9y+t!O;|sB|WCIC5lG z0W^adrc%^&xhRTgJTr)S%g%%ga(x44sO`=ovvZ zW4XOn(2OC-J@L0TibRUU-VEoNWjK#ns)^Ml=HZAD_B?cwBtIV) z{w5{yaAXSV9lnx-sq&|co)P@Y28(#z#_173y}v(xJAcpPm(Ya#dA%fu`-tE#hg0^v zpe>J2<`B*=rqH%(9Z(a43UhtRw70r-yZg1TXGXl}S=QtLWVYhI) zThQoU{P}!uPN((ZbiAPbqxmz{4GYjRFogsa%VhHcEgq1C&CrkX(U`}1))3Geji?l; zENWSWLk83ui&BeAts**jADzzm4;OUTRQ~Ln$>~qRK0Sj!9~HExa91Q~gmAY#i@Qs^ zjnlgY^_j+>`wRLnL0=d2c0unFbhG$wir_1!qqaRy#~s5szog-uYNv3zIZZrI=Jbr9 zEdPuc&s1fjCB>C)8o_U$psfBD8Z%Yk@)sjVjyIPq7u7(tlwszTVJV4}s!vgKri;2U z*8trbuUwyNr2-?W@`2i=W=kRJ5h|`;g%S<^(1{kqLe|jB<#Ll8E+GIpoEz^H@e@>9 z#GiG7<_Id6zwnRvdzt?9A%AuV`nq`UZGTL>7v5)6KFrHEkZ4GSHbbd1=WC0MMP|$L zk=hcAc_HgZX?qtILiaNkF@w~*w0EAAEzOc*dYAN*wE2aGg^9gyStd=ubRN^ONmjSp zikW$8@wnwyqeK-WWpOCAjbADn!%{SgCPQJfPAQl?d`La$!qna(Y|v<_lT=!SiXG*E zsiPLNxrnt{=qQlKP(E3RvJ5C=qW6KX(4>`OOCcIk-aVLRTxQjpN?BuKLYE|u{3y1< zHcpzzI$iXUq1aHk{4Vy9#VUX58RzN6XzUlE_2L~Jts$S<5yeS zOEQ_N7xQPcu$SrO5>I}+Yh-WPbR(d`pLCf=}1}3+B~z7 zi=X6fKz1SFyQ)1nEJmk-btn@X*OHXIN~xvS=9(DX&rE;8-7mp>1y-uV`Pep@_0B%Vob=3-+B z^;xNU;#wj)(^}6?DQRA|VncB*A_mE_xKn=4@SVW&h2Ni~Z}{-<{~!JDFb#eQ(H*S|Lt)7U-AF-79Q`1MZTo^lm=CeT-hteh%qTN zd^A(hkv5m0RiJ)5bp)w7&!mr-b}(`zGiRc2IuVLZse~46qPZ~7n0Gt%m!U1>+Tga7 z=^I5h8s|(dUe1^m7?+8WG-+<0GzcG?eC=Ov2J-Tu^8zUc@ck#@u47rI1^?jchcJTe^)4EryZ;Zs|7CsG)^hx{W0m z%d&Dyx3R=loGV+pjHM-pTqAesHev)`=IJ&iaBGd(!>Uy9=4_w!`ydfMm3za{qp_>yEuG9!7(RFc*}u0c$uk`#rfHOyVKw3@lo zg3@2KG)NjLB}sFn9BBpYf;Kjcs_YZpUFBANmD_@(u__yS~){Fo87Uc79Fa9mLf76Tq#unsr z$cukV?mzM3zgh5au73O0i+@Y*BSZ!B$SAJg91!%Zpjo52{aQg^5cEHSUKZ3`LIa1G zxWjC^RU12ortnsZN7ji{+AY91P480eoZh;@%VOzg9)BwhGD*2&03P2nE)wfU^KLYT zeuO1s8BP3)F{!~F(%^^GJ1$$I++~sb`8#xdPePe#j z`QvS0GtZNc$X3$k7~UT5$mj2m2%03~v02cP8T|c5LHW4-&@59?Nueo!IiG*P*ttAj zzh3Yy>Bsq#K3*yuQ<}>k%0pt9MZ%y5hC66-OddCK55X|!H0~{b*ZfqD>;f9SCp&zd zZYab63e6+Y3>CTrO%B**X6dr!i4=LfHdDkymYW=}vV~kO#|1qjsHTA1CkZN#*FN(k zxA&$yg}qF_6VDs}CFI@=4H5R<{QleL_@}tPnSw4C^bvBWQ}C#{^w1_zir4e>Xu;wV-na?I5U}ZW{;i z{Ft+Ye^(}GrjYj$Ay0W8Zijd;^7}M%7MtL2l;4*LzVbYgc8=A8-Vp|y^X6f+bEGsj zbF?&PKCQ2box5yBye=PqtJtf4tTMEUr2|wrs6U!-!niVIKHJMI+~9AeCsZe$w2#q`3>Ex#M7=$JjQnL1}0;rr(NHbLRCQFm`3!{9bdVIrHYn z&Xwj`q`6jUZm~2sUz)p&>UoeAy_c<$g$0@nBu!rnGyv}e9*6R|2$YbPdKQ9OfMj0^ zN*D?S*$R4>uzwkp@FWz6eW0HMwZJcc-w88qg(G}361+fv0us*?po9~(lJqkuU3*0K zmq4!zGj-+&mjfmEjSZVbq`~;1`+>=vfFC^&pE@UlE(PLWT81COdtkpDbTyFNtN|tb z4;FxyffDYA`?a8ibcEa8pcO#;OMk%+;fFBa1G*kad@4aV06&0z73jUf{ytE`sj$Bv zl<+;6H-Zu#hWW3ce*+Sq2S5pl58Z`8_z}zxf)W~F{s$-_opSIHDB;I2{}c3KApWIC z@I&|%%yir^A-Si`zJ#B_`~)cB-7s$gC8RXl3`&<0;$PZ=AHuI--U?a+q;PHnB_#W2 zL7xNSUwR%tgk=8$=nf#c-wFC6@Jrag1p11we-)JQYuN7sr7I%vFTIYRy~6w^DB%d$ zzYR)=f9W0k5EB0bpoB<9=Rr_HvOfe$h=1u_{1B3x_dp5pFCE4YA-R7al#twf0Q!xv z{}z;RC+xoiJq^Ua^gDhC>D#lQg!q@v;fIj;oCo~_h=1t7z^_vP{ND- zB*_d)NcM|C39rH40!lal_BK$${xGisB|Hf?WuSz8U|$YONappRgk-J+C43F$4WL!P zzA)blN=Q3Z{{~9f8|D;r76@r4c?l@p)JL*i0=iU~SAebp-VOV|fD-nBc|GU`U~ic3 z1tm;^`99G5fn#C*E9jFzEzD1W5=O!NH0X9=|12osR|wB@pf3QwhIuC_;c=K>1SRZ& zZ(joax3GU1lrRbQuYkTP?010@c7^?JP(punX!d{-4u}0~poGN#bx^{~*n7Gclva9^ z{XS5_PHkXF&bFL49XDZD=;?ziT^cv52X4*@`DV3 znXuP@4gzXn)`3n1lB_a8vw;+b9MH8u;pGP^K?)`GS37hB=c-gLdrjL zKnck_50sG1*`S1E&H-Hrq;CsA&BDF}bTM!;>@A=+;0&0TfG!2*!MqG~Ij{`oyFga} zOJH6Jx(c`&<}%QGfW&`2=>0(QcO&RS!v3G2n}q#l(5=G02J{7CzXNoquzv}ZFbF(% zf$jzp&pn{80bhanbx=a=<#4_MN_fwYPUn75Li+X)=wTq0srNw%$^8+~kAW2CFF?Np z692D2zXm=A^KsDcf#l`{C?SO0ZRB2zRdwO15r$*63{ik zGq5iQT?d5G`ARR8M_@O&IRfec{tSC*AlhD_4)!|G`9La>ONt3lTQ>)@sg^hY4MsR#WHNN&!8o)h*`EZRWeX5@{&poCP6R|3heRiK1dZ3r9aJwS3_1$r-#+*E@SesKrN1?U4n zau zQm1$SXC3V6+rNMk%Ke{vU?#a#f^GnQ07q4zgk*moC}B(epT7$C4}cO9A7%gNAFv~A zs?YOJ*yF$1e$FPmBqZ5w27Q_wBQ9G&38}BL6_k*|O#K={vZuZcA^scnZK!`k?stMJ z`!+9g_etJ;n_b+V^=+tsgMU|l25O>5f94=w5|X{L5Az=E2+961=+{8}CsCi|Hz59! zs6RqTZm2&({SUIg07|$CVfOBO^dQG@qXi|D`yPXZy?5V(`X3bc=K3Dg-ykG6<3R~q z>ThJg4TVA0m1%6D1o_?qBzw}82`M`Nt$r-)#7h0LDP0iNxJws23A3yVl0GEsg1^8_ z`rmINoU;B$I-;!qQC%$Sd~d@n>wNoQCY_HE#zs0H>3tO6*64gWeyH<+_)8+)?hRqy z2TCaGb|1hDo=K$7^?}|-?v?snYjil$)&35oZ)KhA0K)IBlU)~X0;Ak|SQnThfzcm}NcYpD@e1OAXAjzOoDE z-9X~gl3vn)Hs%oAHl>Sv0sAinAEo|bhh0m0#wED93@k$!TGB0^Qs@@R$K1Nb9+;K7 zg;Jj&9fA<-J#+}A-axtnA?3H$=nAA0EaL8y{)|pQdI9-GIsqYt&08n<0rvPyBAwtA z5bl#mCm^J6sl6`*l9Af`e+VeDHjC$YfOe>DR~LjB7=^@PRwE~6ovu2TJdW&ERx0jTc;3iZ41RmwgOWgEhaVOfoXQ~0<#7C`!KK!I}3R;9!pL0 zrSS!ZMMVZ8MffpV%!`ahtdOTg@lF@8gNMV?S#Z~4)>?DGn z8E-)>M&lxBlI>1xU$UBDuoT%A6__MFTmu){3W?Z?&1Ok&T!1Z-lHP;`_V8CqEy9{3 zEE~^;K#L6Em0FAlVFzU%Or^ON6GCK$0J1X;1%-wsrbf0FgaF=5HXs@#_bJ%72d}4K zL9QXs0Ez@4kER%w8w#@1@CLgC%%ug)Q9+T>BBdG3K&z=(N;8&V4}p|sDq3K}Z!xx) zW{-oR6iCX=58w19S;_oMpno>_R**lCp}VEHnNs1_Tb70lczo5F$&= ztmTDft0_Cfun^fZ3t88YD@{YjDKsx6y1-Dp)BpqIVPs?)$$_3{n2@!n85ZHQX@(+G zp)}1{Xj^EL;D9m%2ws>L7%8aJOf+}1ut1tlrGT>a47{Cfg5G{dp>#)ybO%k4$bSKT z0RaIa0bv2%0wMrC0NQ}D0m%WA17-wd2izH84pRyf_@D8IjAA%7oU0`|M=MW&GCEaoNf1?1~LWS4m1O$7-x*st$Vi~-J-fB zbE4N0-e$D(MJN_8$iJ*V=H% zVQA6+w#bXX;lS}gsdjj6Qf+!|X6@|SxwYA~o7?`$48<06*_5dkvRNR?C4TCU{s|x@G>a;qY?pEDs-B{hDy2o^z0S&sVx{dLh z;`hb>7_S|iJ$TLFj|R^g;vBLs-I*?Jjo!L`>xQkmnuMBvi4r z+pkZ%o`1dI`Xb~K=XI4+>m21wa?WuYoh5)LoSU4-oj*J6&flDuo!6X_N+tOKasRk9 z1b8cOEN~<6QQ#5aRUiz~A3*72mDC5=510?U6G-{49Jmg6FK`?1dEmD|=~I<71DFF` z43z$ZIt4fb_!#gB;3nX|1U>`01-K3PEbw{YZs2PI_k!*Rz613C4B-X_1H*tFfSrI5 zz#hN^;3(i2U=nZwaH7D;pqaqifzN!dl4^j5kE)~(fli=wMkNgZ>VOXbHv^vs?gYL8 ztOI@o{1|u)NS*RvpavKR)BzU(OMs66e+D{%DsPzM|a zycM_-SO$CmxEc61@Br{V;Bnv?APoeJ0VW9?2YL~B8F&>)laz_TB;a^pCU7CJ0Z4-f zDZr_~GT=Kvn!GFpdet_mI7UWfk-D{ zpuk|zVZd8~BY>j?js+!@{MPy1$ za)a`NmIf^kS`&1eF5|*4U8M88#sTU&Q~Q(2A24i`r3S#`rhTc%6A>$ zFM##F8+`8t+~@nG?^C|t`=0T2`u2(JA2~155Sbr&XXKjzDXL>sm#D}nZB$B>J}Nyb zGiqkkY``4AJV18Ts;IK4e@DF%^>);Os86FlkNP_5+o;n~XQR$XU5L6K)hD`7G|4py zWqkvc_fL=~fNO)xgDZlogYOUiYw!cXHNmyPJAz*feku6n;N8Km2fq`1F!{xSIH;NOFl>7xqv4fYQX4ps+ig4+kj1osct1rH7$5l;-o>J4f5Cd>)HUKb^UZBbfa|A(3jJt zjQ2N5my52HT>0_}_t!`IdG0 za|W*-oU?7^HtE@?j_x>m;OOC_4M#US-*CR=Jm`GS`H}Mz=TYZZ&TpLB&O^~wV=mVJ zp#Ks7U;NMbpZAY!7~U|VVRXY7KvF|;!}x{?4HFxtHYDr*p?h4niH7SX)ee*)ARDYh z`A$L}pAMV}%%=SAYxb@1`-|U{faw7xfZKv@4>}U@NyL95jz|0uVUIWkI1ktt`E%se zNM~fIHcWd&dq&$|7pr?%_lQoquD-6l-p8dcUPIauF8o*}nSd*RcLOVcRlr){b3jQI zj&%;LTf^6LthGgIdpgE>!ELl9tb@Y`d;VR80ZfS0EPnF13Lmc z1G@r;07n2v0>=U;0W*QKfMuP(?R>nmqw|^0mpdQt>g+1-r>K=`F&_W2veu9qitIuzM66hIAMEPu7HvjOw=)2Z$1L`lXm(FH-DbFuw{k7;5 z6tn)orvaY=@V$&Vo&@hp_yr{dB?2-5vw{pki$z`7oF2P3XfHI_4~72vebAYp--B*c zM&ekjDT|glr0VD&*;qnvmL%=Rbg#&F-?KdD9~K%G9;OLv7dA315s(4M2{VM< z6}Bd0-?e9D?eA|-I=8ArVJCB^ zHJ#RWdZg3lPQP@LI)`=+@7%VtwsU;vq|Uc>&gop(xwvyl=d#W(bv_FC2B7V-v`bl+ znl7~f>O)|YY1hoIMO{m}TDz8Y-QKmX>%p#4w@%%(-KKTh3h?hfqz62=t0p5(W9fsMyEulMrQ!Z zqcJNh+UA^rKMkxO_}jp<(0i0^w=Q;JtQpW6-C$7Mpg4c%`tiD9Xt_q~-zTavaEZ&?GKX!Dj6TRLxz+S(Jn zfvTDH80hit+@#8sG%l!TkmbU zZ46Yz5FE4908_tx$Myao8W z_S@RywZGJ!tvz4cl+Lqn`w!cd?WwDMZU|_gzIh}dsv)MKf0OO!POmYM2G^KKv~whm zA-uzx-$eWDY9FAnh5*BWeSk5*k-*WwMBrFpIxrJB4_F4gLKJ=B$AGSWF?6vWK+?;S zfa8Fvz%thpHOCy&@zJYee*+bbr^p748Js3ds zeoplI=$wIT2KL-~k5`@Q+$y2|lItKT;?{^!5vi;#bJsmEp-t3w9ne+RbyU|Rz=W<- zY5An$@6XjwN1k>*O-yJHFzKnsn0`vbH!77cz#q^C5CjMTgaOomwt)74j)2a9u7K`< zNI(=I8gL7sH=r+|A7B6=7BC194;TU%2DnuZ|k1_A>x-0Y<<=fC;b& zPy{do76VEFHo#KAa=;3}D!>}RT0j+`8gM`0uYd;t4+0(nJPddg@Hk)-;7Pz!fM)<( z0owrE0nY(m0PF<31b7+nDquI@HNalLn}D|fZvzeh4guZ+ybt)$?<2pD0iOas0~`f> z3HTcDE#Mg7d%%x?6M&Nd2cRBs3UC_mJK!AP55PshWk3Vq8o&vl!s`p5zczp%KnNfV zpa!%Bv+y=-3Ob5&a%m&N>%mZWt41ipK5wH+o0xSX)0nC8KfKq@BuoSQy zumZ3Oum-ReP!6a7+ykftQ~|01_XGY4cmVKVkH>p#0z3(L3h)eID_|R7JK#CM3xJ(~ zmjEvVUIpw1yaw0{coR?u*bjIIa1ikSvG*=;QPuhX|DfcJQP^U=!N#DVqG${Zia2>m zG)+`W>`INm3`!1{VDM68WOlKrtmw{`wdR$|jI1`+wCql0#kRGv)wb4JQCYIB6*B+l z`&?#*1ISeS-S7YR`2BeK_IW;^&-?Q^pL5RV+&<@X&b)$NL$9MZ(Oc*p^k?)J^gj9k z{SAGD{*L~EK1KgTpQA6)SLhq`Ejoh!h5n6xKtG{l$a`|%m)-E$B9MJGv9yjqXLiNB5%#&>zr4XbakgcA$sRqv$d8IC=s-iJnH!pg*B! z(LVG%dI7zJUO}&+*U_8kE%XlhGx`g9AANxShCV`nNB`h{umydMju`F6OG(5a!WiKjS|o}G#;I@#kwU0rJ_k_GMa);Mbpp>G!xB2r=z)O9-5C9qBGGV zv>2U(&O;ZV3y}lmqI~2+OHm zX2OB@8LtqQdky7&LtEgTy*l?%%Cpc*(Rn->m*<|+n!2KFIdLQmmr`nIHhs*NWT z($6z<=**$gce9HAnM9r~$TOIG>6;0>Uam~MJW={R)IN<9v_6d~^m*S$Uq*YhQ(U3+QIu{erI+G5`X+wZBK-}e+e_(1_}lg)^dacaC4Kjh`o@IPFDuve z&xAY^vNz=UkeXgKz5M;D>NtzQKGmN3Q>7pEczvg3|F7><>A(Na^_|Z8Reh(wwBJ;o zwH=H2@As9e{iLT2&G;F8rN{3lUD=_ZG&MFYR{9-->2s8^1$M2k@qV61NnfM)xP6V0 z8wV@>jsK>QZzof^0#b&Kv@w=bZulP&*6ZPjzT|Mvf zAA)|_{ra!%Pt5wiyg$*`kH}cB|2OW9{>2{p)%5oILdXjtFQeDccj&s9n`7>Zxj$xW z%%d?4s1dax-Cz38)aRWa%D`#qq6i5^eNaC%0GZJs6oF1ek!Ua)iiV?T#4Tos1&u&) zXcQWQ#-cI`l}$qalxlJRb4{dNSmxkOs6Ly@XyxucJ57Tj(A1 zXY?2JKKcNCh(1Q2po8c$bO?QcTF}?%Thxla4>=n0BWgqKi005s{z6e7)DI0nW;6&z zpc7Ff8jOab;V2rNj4WsbibJE&7&I0oq6sJoC8P9SQ+l1+Yih3(H>GoBEN`k;P@ zfjB3a(I6CoPDGJtFp`0f!%;Mnjv@;hf#T38B;y$ZpGEVIkTj!{Ly-)6?uP~-Ga7^< z(1|D#4Msx|gI-ULM)GGtBTyU~g~p(S&C)?0Ol!nrg9Zf~k(P=0H%|>(3 z87LDiKw0Q4l#R|t=c4mb4!Q^}L3zlD3eYliF><3~REo-w2dzM>(50vntwB|2En0`J zLD!+{Q8l^=Z9uo88gw7ph#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09cFM1B`M=zq6 z(W|Hty@3v(w^0*%7rlr6iki`f=wtK=I*2|)htLWLL1Pns0Q7E?n3vVT67=Uh#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09c zFM1B`M=zq6(W|Hty@3v(w^0*%7rlr6iki`f=wtK=`VxJGzC+V_!hagdK(o;tbOy>q z3s4q13uU9T(Yfe+l!GopOHdwiq5`xGU5wnQ3av%!&^72fbUms@H=zyaR#b!TKqDAk z5Qj#gF=#B3j<*RY8QIW8l!nrg9Zf~k(P=0H%|>(387LDiKw0Q4l#R|t=c4mb4!Q^} zL3zlD3eYliF><3~v>IK8F5j|dOBGs+)}d?A4d_O+0o{r=q6g6?v>9zh+mSrWljrvG zuC|Oz9){Vl`Pee-N=(Km2Rlyr349M=pJSo)3mtEKavJHuj8AsscQv*Vdm3xPzQX#^ zmlTWHvBg*^wjPsl%<_Eu6HK0KN7G*<&$G|Q^ROrBrAs+oSDqF)bM7;_-w5TOsUsS)5{o?zL?w8PSe82PhU7)-JW9r|#e|mp= z|Ec{K_CK@#IsNk(%Pa3-G@w1c_bpym-naOKcP(T*X;))LO9x!SXwixRGG4U-?Fks0 z`U&GwL&AE8+0oRnjIh(g=7h})n;&*|*g0W&VfkTe(Vnp9!d?t}IqcQ2*TepTLd?C* zQ_UIX+2%RsGtBeNi_K@7^UV2X8SmJD_87)De!|$sUITj%oH{UL;Ov2O2A(l+{=jok z-oX5UYX@F6@KyBYz@~xkqW1=VH1NBDM+RC4SqIq$r4KrN(1Jmaq547cyt`qLJm(%7 zJ}f*HO+u5=)bMHHmxQkizb5?J@EgPL48J?PA^b%&E@EoL*%9YOTokb+A}_)ju{5G6 z;*tnY#M+1(BW_0bMEpMD!jl{)oj4?NNHSws&*GhvvLWR|>W93;NXWkp2^%_a=r*K3 zv)(yu@35DLy)tYF@2D&ue$ntH!z+hhflN`MQMRazsO3@RQB_fEqaKKQIO;Rrn~CE& zxH?`{9jp3Xz*toor}|Cew~1Gbzhb4@dNIvikT~ZfiP?BMm1m zaNMYj9W^mVrWclm&BkO5>{@Im_D9UbSeahfXiVO7slwJ`k7IkW9fKLqgPqCPm^IkV z*sYlBEp>cu5iG;H8>f33W3V$YeY~!;v5w;y_4c+vX>UttZv_J@2CimI<8=11i;%u= z3wyJ_O+i!pPwzjse`fy$?00L~-}dz1tG(OQsO)RK+0Uj9n9kmG75ma&MtRFP@5TYW z*pH^7=}6s=GTDpHVgGqHY@cr*YV_?xGuVe@pV@=?>~$e9O0wNV~rRjf+T(u%a|HCBjadKgZYJuZma~acxAk*4}F)b`RM-WY3TnhP*W7 zCZox_WUmkkf4ou{HH=+vkgQ8Q`t zYnAr?K-A`_Em7N19c}-g=!>Y9sISp?%6>2|+7_Lvyf^e6?+nQp^O0NQXw7`ozohkkt+d~N(S8r^_-w~NcYLn2h19frk};6UDnYi#U8;P#dd3^w^M1K1(@DG z^)_@J=YqdkKDK;fIcOC$GzUjsJM$S0){xkZ|=|3O&&pTHt=be3=cV0*8`KFh0zL{ZoN5Ox-S*x6H z_9^F^mw6N7^#PwK=bI4ad^0UCi|Cb3=amt|Mh_b^EE!E^Ow^F!LpifV4L=*5 ztDIk!49`QZ;qKw(zH?1)&Na5EiBaiMc61t2&pTH}Js9;+)YhnNQ9ICQ=up(>QD32N zqP~qvj82K3=sO>E{rAS5TWwiasy8)FSVIuC`QJ)?2b-*T!BQyFPYF+`VyM#ChXZjJ|F3vBYDET>NV9DWxaf zYQ3FzI1`fRBri-plXp3*lGi6cmi%n8Wpl#j&o+OvIcaO^)&pDL-)h>{UwPL?-i?*x zX@qx}SAQ>4-pg8r$-7x%7RDTp#AawF?~aMRh5Z@Z$UV(A>|Dke%X>zHIR-~z)48UR z_hBx_)?oU3KKlDVO9rX$o9pi@AEv$hfXVy2)35{B``BK#{VSL$PJQoBf4|fB{^Ymn z`;fBzy4q%e+v~HiZUU@es;7{7p5~WRC7aQ0HWIKzSY)22)-FDO0r(R@W z+n07OZTm27TiSIgZF($iS=z9?&-7R7)Uj=j?2WLfJA)m`r|7g21?p|--8=2O}*-N`#LYut;)5o>TeO-6&8`%x_dg{AJ z`C$dDLw$Bt>?1O6UvC$&d=)g_G?q{2$nWM%;e7#l|NKJb_lhp#7j!O151=h*2ik3V zl6TVOt@LM2^8UHJdwxFOBUsP32=<`8=y~)aI>I}H{re2yt@MG)d+8_hUi!s-iuyDm zQ{RDo|K0b8zDfP2D%b4tj(RCNJmBzv)`6`97YmL$te%Ph;8mPM9}ESK}% z`;EN!-fv{s$b^w&M=l#(G5UqkFOL3f^f#lgO1LZGy@U@E+7gZ>{E*m|*v|XGrQ=J- z%df;I@xFUVQg7aK|4mY4QVj39CncSV)c4$fN@{0p^T5sFo6FG}^c~-3@N8YV^^L7> zZaup7$E_21|IdN;@h+mghbZ3-_;CA2+YfL5cKeq*zT6@2zx&^P&uz~~%h1KV10Uk; z?LEOez-#t~dxv|YyfMoA@TYpGp$pK3$ichudV4U@?&W>>`)O-p2Q-uSHN|2$hKfzo zOn+;=)XRror54I1R&arbQ_5$`YW_({-eurtAWx6FBrL^1H=eI9x zm%8fp8_$Ol}C4364=+y99+R1FoY_{$iw(d=q{v-Rdg~QmwV@DQ_E*!la6`>Mz2`Wbw z=tcBT^f~$xeTBY3>k`%_T!XGd*Q0856WV}oMK$OSbQgLbeSnUkkrPHvh)1JQ0_vaC zKZ(}|lLn%2^c(bBGz2lgJ}C;FOnaKf_8;0lw0$B)D(MW2a)jqp@ZhK~Xmhw%F zbJ`v4xrXCPUydwtY%zNW1sq@OUb{CJIpw(WzkECy!y9lHAUSuXbJnnb&~4~;bSHWb{S~#L5fesCh(n{$7}Sq51)m8>G9zBWP2%>H^G0OSU^EmB zN54Z;k4-%`q2QqbcZAG!4x_GtuejJahrN5cTu+4NXL8 zXixYH;V*?ZhQAU1X1ILo=05JJHt;Qr4~Bd&MBYvMkoVtnqb`o}@I9nI#r!Ge*_eGX zugAQ}cOgEC`HF8t9OJtX8I}yoS?E%JZR&bUwMG5rO-O9-*gmoSV*AHNqQS94c|~Ak zY&;sRd<`c-4w13xu~TBF$7aNyp?nu-A>YL5JJLLI%*b&g{olr^jpHlF@$!9~rK4*` z?;rir=ubx<9=$flA>Ypl<@-4&CY{9Bb1X>{`F_q+ z?fW?!thZS2(7v4`-*_0Ce0p*gTEbU!u20^XyjS_ofch<+4VzxvWZE)#i-m9Mtmm6L zW44alI+5?{tlYkOJG1|37vJb=>bPOI-_@Z{cm^il=nyl#qkd;+-@9CAU>|7q6BPR` z&wIpDHCqV9N;F#!#kOhoJQVYNZ|m^S`yS5mzJv3B()VvnJgbsx@+$g$-rycxjt38# z9x};(EBmbMpFe5)=MP~&gvmZB`kd+ zhkk6-kBM?Dd<^NwKsnCI@y&P~8Okw3jt%qBhS-|edt&d6-H85xHls(-8?kT3zKxnt zYpi#KWn}EgN_6kY$454g{QJl!;th6#%_vzD0WNi!?BOXz8-rZ z_N~}=(4S+EaCs}o{Fsp=l;i$oBQGC$&&c|bAB_B@(>Y*w{8RCJK z`Z?j*(aJaT#+@>5*0|Zq_tSzs7yR7wfO_no#L-_p{>wMj4tfvrt+YelulQb?9Mk{X z$8*#Ft;bz$|Ioivp!d^NMLioO{Szk6)6!=W&KQIFeHZpszh4sR`)-Lm(wFjg*x+AfNH^yH z!Qg+L=C3bLwIS>^_}BDM{t2gbTt6E%|Bf5kU#o!z|MxV1J{{lX-(Z8k(dn?Ee!nyN z&*@k{WBz!9f2iiKuWzIO1cSf1hw=v`cAS5N<}Y6`mA@=4thW!Fq5P^I>NCgSua@fn z|2jkc78?9F^icj;2LFwkzge5b0WHku`IW!L27fKuhr@>XW_q{5KOjk&v}^hG<$1v1pQWX%KjmP| z&F_~O{EZ$?L;3p*{-s*F#h6hGziRM5toe5sR1}c+9fNhkIjn3iZ^ zeg6!Zsiy18Q>CSMcl_^X@PA74*Yg|e6k+h+tNF`sTy^y~#NdBW^Vhf6VMEwr@b6S+ zR>$paHTXwp=_hI#muO*q|C(a(H)Y7{<{#;`4H`b>?%dc;b zRR;e9T6%Zex60rjai+Td^y5jQ7S_vOZ}7Jn(v9`I)!=VTpRVQC_vham{HwHdz5N>V z*M)a%&l@!VGOfZ(&Qa6l_kQH>4~Fth7pUoadr-an|8Ft)XKDT?`&~LrJ#6rQS@Z91 z`_>!$Ki2%aJKp}$;NM~963FSe{hl}Yr)lZ>_B7^y+2B82^OxUjmA@q}wS0b7QTcn# z;Gb2Xrl)A>(M#2^KEF2%{z+Q;$(qB?<*NT;E&p2v|0Tt0dWVnvYQBOdgZ~E2f4Wxx z4J+0B7A?tpA5S_;1ww_2bvsuXfD8Q%kSc=1_H+nm$wue`+XydZn7K zAJ2Ui(*o{W@|-NjKQ_$Ybd6dc{dkvW@K4gx^#M8?wXl9Za~b?2u2swHu0G2R z{*gWSdkp@@<+Et{_3d{>5B^C8{~LPnpKhq%?|bl{WANW<@XylH_4Q|5o<|J+#`Fz_ z`tLUQZ`9J)Xc;%ISGR|LJbB9CZ@FGg?{0s2#^66)^Y89@c#pxqO7ov%To5h1&)~oD z2DLujonQ7F{9o4myK8T+8~lycIH2X%+s}Ij|Btow?vDQ-82lru)%vf}W_0+*j_dzJ zgMaBwYWf+*ifQ4$8~pFOS@qZJYs_}Y;J>j4|3AH~mZz`3otpp6di`%v)6=x@*M{FE;pB zY5w~8(^&sy>->Ic{cYMCi;D1>2@9unbv%!DNJ!*UDZu{P0 z@K4nI_4Z|4o_h`c(=~tn`pD@22ZMi(=HFfWsWbQ+%PTe1?+Jr{m6qP!@;+_wUuP)K zIKKvi{|3!pzyCJ+?=krA?4dsU4F2^!`0qFP@74UfTmRQ<6?f5Uq9 zIqE$pOtnG%k9tqTuE6rJMVQf~UYQ0W8>Ya#{V`pPG4O4CDkfYvp z*u&V{*y!J>_TliO-V>vadKY5JSn&wePPZKOIQ&r1MVLsS>*elqf$*P?>>8N)D_8#^OHg%e6 zzde=uVHaRk*q={R?bhi>y)R?S$D!y(6%BSSj|xJk{3DJ?hU|3P2R7imqu!S zsJ8@r0=o-yI8_^-NBLMjc0D#{nQFUSl#itrP(Joik!trWr+n-m*Z?^1CBOm-4E_Q~-{&JnU-$+=wmpXHk7Busu- zNcwZ64?7-9z{X*xU~(NW1v?d+iJgwk#TH_Vu=B87%!Mt*mSaWOCD;|%RoHs$2JCk1 zPVD#CAFwUh!`S246WFuZKI{eTCF~tcj(h*D`mSbP#yZP&Xjk>#Mtor1pCN3l|69a4 z9L26x9tS^mTja8otZ0#kfufhpZm zTw=*DDW;@yeu$PZzo2Rtz zOv_nS4{Omr$i0vgJ47Rj7|lCO*YF;}Y2l`-JMJ=>{{F8MOt0P}O{Bx0e*Yx-n~h2E1#J-w>-Z4W19P+^`RqQx_*T#-&3Nk6P!#|`Hw%zA%DjE z(2C;nQdd5|$m()h3QJg>uG}I=ey+#0w4`jc#Z^{DVZ=M~a?4%m>G^JcqE~6NQs+=i z&Z}}QWWlCmRoL+yc9JajVlo6z){tHflO4i=*wN@W&>AHJQrQ3X~T-m95EI!S* zHaWr_Z-Ln=lXKnf686%PvW^?is&75=|B6!dsuvuu8vZ6@)%;6>_1CsjL804qyk@g< zoGEvlX=R=%H_ueYzj1k{l~^ujI{f61-hVy)-?O48e)RsnUY%cvHt*A)Qo|0yI}G)? zcX#KyZNMjtJXr?cDfl|O@DE%*eg5y^H-@^1>FIjC4r}$1_z33lljbv8TTg?vdFb)t zHxGM*d~2}yw}14`Z2Iq+`^_J{_q?IbFY+ywRazacA^f2hr`M_OK?JznzPM%qc(KI(Prw?BF_ z|MjEyq1GS0Cinp1J}3R;-97jxuNk`-8$vjH;!oZU*hg5*q@TQY?9X$4^7ftklXo=c zz%Ii$g;fO_fvP|ghd`4{2>DYlI@D|3NrdHEBL?Ht)pE!CCYJJ^SSZ;S)GNnZJYi@7fWZ-4%rIdqMaF z&QIol`eSY0MOY>FDE0{!Ro~`yV|QUsV6(8xo^SJBhwZ{X!-nr~^H#su=KTmWztrX( zi#^G-zMCXjlT&P|6DOrj&dtkrx(a5THZx<^>{aKE8(*4LIJbC#si>sbwc4@N<&krTPwCHFj>Z7cFUT!^nM^enR!%e_%P_eorgJMvZ+=N7r_a@97K%kU1d z7Ph8DRiI^0w8+9FT8g*@lojMrmMYM*`|1?ry31Xr;)etM0a0` z!O`wtE<;N9MZ_1K67M`EezhrnPI~@K zY-vr}>gc{~tyvY9cr4`=rKKfhG%Qp64CY{pKg|@Mrk3l3aW-OqGUMX@t? zwP}8dg6s-cxdhK~Ig8b)>}3^YO4RJKLP=Sa>!~PHCMt?0mx(OmZo<)ok2sjl$StnO zEn97x?aC`tCg$gs zE}&~diO6u}s}qzeB~n0{6eWd78B&Dgmz&kvZE{wPVG8xUtqw`e{}EwyQ5 zdE96#XL`BEmI=9k*YCqEOi#m17SnX%_*etC`Tat1!qXgTmT_j%y-Sc80qc0-waIl2gxVvL)xkQ>HhjWqz?Kr%e>@IkCQyQpOhzl zOEt>+mvt$BvRsl^<|lD7E&G7fTc)KB^0yF^I*O097i0PYEq(>;u8a&VP0H!cCvd&u zrfdiCmHEk^z7F(y1+FVe*OyLhGx^l1{*CC_4ry|6ohcXI#ECY|gGLn-zEJ>Pd30WNfvUcN< z5wJSCa|u|T`hG*Ncu}cuhp^f@-bqMjqP_>Q{ghjez_?ES0rm9x2gGUnWk9LcWNp7x z?q@ob-7zJglr;T%I?&x88Q^J6)m^pAu969aNiBBNYZtG%?73)PNKIwu{49#@&# z(b}muTp z;-8G}%qC!KSyO%0Q19}8&4OCf0+y<)6F=_@{9KhTQ*wL5~Zc%>l!9uiReuW54~iVvuLT9K=~oa3eP@L0cO zu%_s-9UG$GIiLhB~h>huLRzdo|zL zwfmcc&c4UF1K{%3chaDzt2D6PT014my5ll)Rjy+x{bx=`ZvG_|g=Ma;;w(;=hY=+7 zCYQPL>8mST;j$DK7kUbF-G!ItdSpaSe0f0spH`HmsKVn~)iJ5e#bA+gmzESbe=Vh> zdtO;dt}{QE-n&58+&nriP4w@rVw4KiaxBX&cDh|<7Jrm`HFc#Mv6yZ{uGNYPi={vK zSNVCCmAO`0a*HjlRrz!!%2H=By2P@gu*_4D>$Vg~zcH~EdhY3YkEN5)&3bco?@;b> zrlpbiy&FaCSwEe zO-|~j5Nootq$szr*r5*Zp&+ZfWGTZ#eBp_O#Vgq2QiY`zMXqAHR6W*YwHAJ_WQJxr zN(vn6&@3rNnescNlvNZf?bKJWO&=oWcS@ztSRFQ|#ral_(i(grxy3JZ$~sUU8x$57 zln`Llgp=_~(&_85DhsUnxeN31$BoO)D@?bT7RdEN{;E}kR#@fcxO`b*k;7LER}dW> zxbe+*=a!cr*P~RfCcF3G%Dl9su$Ttft&dz9>Mf~zr@(?r97Rg!b)dJ>Q_}fAeJosu zB}-0G=IG>6Qn4r39azi?Qx^Z`(cev57n{d_d8RD>&12YwDT{yeR?=ma#lLy^^sQy_ zZ{9LG+_LyLFPC1(EdI?ar%Nk~fAc)_wPo>dUZLq?Qx^Z`T};ng7XRkC=@QH0-@GEz zDpMB!=B=W0EsKBiR?`ERC9^N4TP%xz^GZw^%t>q>{}q_B_&2YBPR%U-&2!T8mBqh# zF1q8g_&0Bo_Zw{3z(s?um~xez<(5&DHN!D8bJmOni?bYAb7m}>C9V9Z z*06Q9YvDFSyq?|@yUVZdQGDpxnv|TBl4MItRX&25mNeO#WVKq8ttnQUHPt%NI?0-5 zot&JMY)wv1PD!>UrzTHKo|K%HJUJyP#hQ|wl9FOeNllrUGASi3WwI^FX0;{TQfxL` zs%@fek}b_PIW;NOnwp%Nl4?s$O`VuJDK#y1^2DTx)``gzQzqIbrcRtVani)JiIXQK zO|ni(o|H1lHYs(|#7UDTrA?ZgmXu~qOHNBkv!$h`O-!4VmX?c$7WU@^r zilgI19>U2f)PD+5&N3@qxyv1;jHA`MSgpx&NY!I~cUN-jU(O>}3dk?vu!L{%P ztOol%ww$=l&;u{W9%cF(cr$hv_7vfL*sIt(STpu1_BHkZ>D#e?GyOO;r5yA2$4A!P$|>8owwzNk&N!jL*OUed(&Z&#V5#or8fYtx^=czhnh&LXewtLHr)Z+e9D>7&QI8?l6) z$Gp3+DUVSGHhjpP%+I|0nD=(<^9 zv_s5Hz21JNqrLLSj$vbZSK)WHJU>7)w^Xg=5~_zj1AXeTbd;p-P$7ZC4j@l6KNZ zejf>6LiotPdba-GQ}_RXZSJ9rh91(ps>9n_o``?5Ph$<(_gKtPwayRy;IDh1ACGx6 zu(jAT*bmsGpN@IAV4q^iZO6Q`;Hp-?earVy^>CD_-8Zer35SGqj<*w6NBN1Q_hjw8 z+k5nx8``r^;CyQE-=*cbQ>()#-INh>Lc8}l)>GAy&URsY=eVx?x{F&CWd7&7@%xbY zRcy+NpZ|1T-0 zo_ud&=gGFG9>G{9?M3{q)_6c;S9#mCv>jcPo!qP4yAG3lZ^EUr?Y}v`MN-!Yj!WV< zPGeVjW|Q_l<+||;v`W@_U^v+6I|K6V3Yb1#{@1(lJJd~lU)pFi$GBY0EF9PL>0iQ; z(e2(FB7!TURGZgZ@C)*!{HEROJh9z7D6-w#tFKzdlz#1AcYlr*1Jv-*-?n=bhO~Rn zAIf}&b)3&jVeQ_dW`A76aC`^h8{Y1{E2iChG4?+89cHnp;RPBcO*ap5Ph;&^RBXF< zE+%Qq;bLqA(?+{+MCUl8&wnC(SvT`3BEB#6z2;=q9-yB3^nZ&V1dxhMl~4RkyV||6*lAckwhns;8}mobY1qZs4OkuaI+m4N zR_-dBFuSB|C68OPc|I%e@SMflH4~WjtR9mPRIj|#Rm3+B+%Ba{UfxczjP2M7FJ1S# z(-`IbA?2kQ=~!3Y6D``CJ;cxvFWu|$x$>Qb+)PuFWz;CkhzhOiQkj$V`V~uG|8hG2 zNAy@neb%SU_2d>8RupCE^<8FKQBvr%jL9u7DPCPvQc-S^mzT;*8MB*^o?fVW`)Zz^ zzJPhAr>`h1FZ7I=U7Voy6I(8r%_9wq^7xMzlU!x4;(V85Wm#@1Pb=)*l%2slJ!eZf zC1q1DL<_%>?pah(P*AwaG$MY&*zyskvt7l`lCoK= zJZJKRH=90DlT7enf=7!ob#@6Gk@u{Wz*+R9(~Ime@vB`Xe6+7sETn2OR#3^F#mFYg zm%Pg76_m(XZh4|jYj8?%QK_pyiC)0^Q6^^O6=vryo#CN7epYdAp4&CIKnX0&yLe_+ zS&64aJb5mrJXut7(5%#T(=jxUO_-jZd3LUwH)?!7YV28RtX@jVeC45{I)7PJ%G7M_ z8Fz;O1HR3)2**?(@fU-*&bP8;?HOWWj!rW9(X8|nevvMy7CHFx!h+fpUF^`ZPDst z&oY;%FkjzM*?n`16xR+h>bg_1bP>;r=q^e3HpRQ$6*Nf2QIAw+#yduClOCh9bBYp^ zm7Bj@@mE5OIw+GEU+x*&1A8U1gUhT{rMbn*H&r?xnA8@;-a_j-hnElaI#61<>2!BV zUas5Mj+HgD$m8r7p_J})IknZlNIuO{=&4Y~PWa>0b?EzefytN>_z8qgiL%SF>5X}` zvAUh&wSk45;`PshC~YQ#cB3p1uU@)Li;Ig{0m`naM9y@Vlr!!_HmtVP@`5HY&ePbv zsEiWJG_R+z0(g;3b{|>x{IbGQj}oOF29#-z6i&v{$fH&ztnPTqB$-O`R1$IGK;;maFsHt??Fmt-vLD1_5DXM#dj_P zell6DYQ_?`Q<=zK#v2F9)Z)c+GZq#olc$xGsB>SWY#eR3G-c)%m*g@dnsBb$lvz@|G^3<~Jy?%9t&9_fI&XFIEcpbGQYgby?>sNg<_U!Czb;858m7yetkhBB+9oiMSWrew% zJ=IZ07SA$Hn)0%(NrnmKI>$3l#sq0+CQBKEVhW43%pE*Bj-%@6$eD7yKDx+117*0D zMVUYAMXe8;RNY%GvWT2Z_)L#1IxqWbFA&RGS)m*Y)dWtVrrZioiHT8bZdu+jCQeC9 zi+T1pM$N_JLe6qd^~kFRCX6)|YlmgLc(5l!SxQ+2YO=g^%YY$ugpSfG@sf*;k^+7- zmT6_Zat$CWi4Q_)FUQKmROZY`DY-!Lhsu|!!@RUa-cl%LyipqO=(^qVXnJ+2r`R-F z*}CK1YJ(YVip$QXp_O|qv8P&Q7nU(0S2Qy@y0GI|@;EAvNwBaklxr@F`eCHl5vFX* zsBW$vI$xP&EzDR{M1kt*qPwe(|6D$~NRi98w5jsHjdz;0#ke4wYoY(~YImId0%mEu z(6=Y?3$4ntVrAFpV#Q~bl$OehH>~cTcPaS4zrssPN*TSXw4MLOl|I_796=ddCASje zr|KtUSn&&Y_I{IYtEfK)6*B_my~i^)(+{)I*^4-PhZnb3hU;A490n^;7Ic`_M2b4 zD9U1WKPTfNU1*xin8#HXJNGy0mXsrxv#g}_G_~dB=N6CVgAsDY=H!rd8OPMiIg%EZ zn=ZJ}()Fe_v5J(Nk5Qxilm4kweUttv?nCuViN2{dzA456%c#~1F7(BW^-XDMzVIpj zDS!DF`64g!N1p1RoEk9ca}AiC-Jfo^`yA|n(Z1O6{waU1vHr>Neg_L9Y6IpH>vxLv z6(T;qKxL(W(m&#>T{Upn~L{O`7=%Rdrl2lQ}$E+@gqi9 zOtd$>!6HayIt$Uuhrd`TzTg?Z0!mr(dY1By)-U zD;us}mNe3oFwj(Dhp`JHX%aK=!llvU*%nG^Bm}t|d0wPnAeUTGQa+FO;c6gKt-egcG(xC6=PHy!Q z)T5Dh`$Q@W#r-g^=vbJ~Ql-PfcYo)b(9Q{COr_FArrj}Jzb$daaa#024Mofz2hGM9ESw_w&U z%jf)s`CLKeOIZ}ysT52NQw=?MLF7rE*nJ0ZFxjorfI8foNbhVgIceZscLfKNIaQyf zPUWsB*jZaU7xTke~v=B_TB!4G* zFz%^_j`m>kBnLh&2qHuBWW$3;|Mrr;{UA!PS_2-c1mQnPdo&V+t2L#=qnBWEq*DLD zr#ivpN$K#oCzu?Q7b%_V%E3sE*TJr;6yFU*ke5@Feb0Gv#a1a@-6BijC2?voWIVqre%6sNY(++020!K##F(@xl9Rh0(i24e0zz+SABgv*Wp^`SgMRBDOWov91eLIy|mQfahE%!gIfC?7e=co zFP!tm5}r6~S$JIGTE$mMJp9lQW5JH=>nPyrm<(Dq@_A5CHuZ75rCj~Rn|#Z1m-_5n zhSeEorRBWTRaT<>1d*1P&tg=lPvX1Gq+bd+^oRE8=_~n-m2~whD2%T2&>NJ$oR^mK zJGolKQ-Arnb8>pR@*1?_6+s|OwN$X$P4AOg6IaW_l3RdT#6qf5&;?+VK0Z~@ylIM!@;Y_7Gea6h8 zlq)m7isW>7a?6*i1*x-;_pF(8f3{ihVN)9$5QN5?kxt3q3;zQHX zy^nZnn9eaD@!B8lWx9Ug5$`&9(x4;WdRPZTm-jL?L>%$P!NwDhcr#$m;3Hl)Y#By= z7(E<+m*99RphVS}W@X4nSXU}h}&ug4GCVI9nY&9D-- z!CII&g8VQOHp3j)1}kASKQdPh?XV8!z-Cwp+h8rs8A*Ov9Y=mx3)^5FjIO3$&<>kn z4m8J;AKGCpbi)Q%3!5c<6!|3`M&C&J&mH2(Kk^p zw8I9N0~=u_Y=O0~4K~2&G31AdunlIyXtr-1jN3qZ0_704!yH%%D`73Hg$=L)Ho^@2 zGsn_S9;3W*v>RaxOz?P*86n{Fi@HcI?t=6f5(eW&Cm&>H;^CZz)i3g?uU)=AT-}X{#xb-<6t$+ zfDOPY=oir zQIFfn4>Mr~tb|V30N24bxCz?tAU|}&YT8*HbkYvZcj71Q7jA-fxF1%+O4?cGUCfWL z8*U=p3`1|BTo?zV?`FQx4xKOuu7j0u6Rd^%VFNq}n_(#JxDCcZ`#t1`)zAqW;5t}& zFZm=44?=S-`EFxItjPIbujby%okR}{jdRMJkI)t2MH(MM>#e4!8lk6 zov;=jgpDwR_TM7$(0o7T!bG?U*24X;0Um_SFqHkkypen`5jtTeTn8)RCRhje!{`Ud zC+RSh{i71b$^HT}U?W@yTi_;Wevo|74nt+XfpM@JX2|{nov=;P*)J0RK>2LvOc;7U zez2{c@Fwy}7-qm`=!Eu%m>+b*O_C1x!#a2nHp0-2)O$1eVIs_cZs>%ya2;&iMt(`( zPJZDI^23HY@;$+P9;KWIXdf^R*1`SEwQwDbew_T04);quJO~?M=qAdq zKjO_~d0JqcgrA@sn6sO5U?p4!8=(ik=qD*p;^BT+_Y~#91{nGf%K_t{`Dx05iO>lv z;X2p=H^COTA4dO?{4f#LQhpr_-Ap+!4%(lg9O#BlSP9p`TDS=|!2Pfp9)vA0bPMYd z#zA`n`C%q>LN{CotKlYC2lvAUcn~(i(5;jw@zf{hPn1Kr8fL&2=!DUGCeX!VKvMkz79Gi{RPT}cDM<;;eJ>R55fi*x`X+@NO{l>GhhyM!b&0KnqQ(ENr#)D z8}5g-@SucWrkpy$Fb+1r4A=sz$)ETNtH3^1Z&}b*bEQC78v?4%Ln6N;;URg zkiQvbNIZ1H=+`I*+TkYXhWlYHJO~?L=p$@D7zbNm25f^)Xl~?sgmN?CI>ME36Rd^% zVI4dOn_=jatgqMMqr}5F*a$OV3v|NhHz)^Y!cEW(_rpqf5Z1!bo#cmcumL7gZX3)X zocJc?z)ZMK{NN^NKR`Lq4G+Rf82T9XfpM@IX28U^xQ>!~!uo+BCigq+pM>jRJv29Q z{UTu)`4sd2GybsdUDgBsIq%~~xcaY@KPbdx{($Y*xzM-w&`ezBlCfImFtJk)daGzFhHgxxG_14Jxg{`ta`;pH2vO^Da!x~wi zun9K8R@efwSs&&Bq_ezm@V4}dSD%_fz7ZLw!uiYQ*fS@uwMLN6Ey#h`M^vV`2ytGFR zg!QluHo@qV$qzGOq#&!%FCZwXg;@z@blSO=S6BW#s)82Jk6apZ?}FdH^P4{U}tum#pbb3FN>9k#+882KvO6WU-i%!Y}h z$PY7NCiSa^HH7P6y`+yOo%p&jlt;J`))KBvpj=5GOS!L6KD0qM%!bv_16yDXG>@Y^ zXopQO2e!g$7}?1BfHv3yv!OYW{Ll_-VCH!C2j<%X>j_6spd6S3TVXYfe4Tu!P!6=i zY#5zHITD67uo2e7HrNCct>lN9F!BwyC$zx^m<`*Y2Sz88A7;XOm;;+&HEfZ3!B)bJ zDU|aj{x-^ic9;#Tp$FE%8rTf$VPY!fz#P~Lt6}5;{Gbgsz--tIJtQWyf(@`0Hp9rbsh^$vFb8HsH}t?- zSOXiOo%uzdN;!n9VH2!_t&$ES-=UnTlmjziHgrP|tb{eN8P>xV*aQ=&kssP&WD|bS z2Ag3vG*2f#%z-t~4eMbwY=U*L6*j`iKa&sIU>nSa<{7PCC-u(Bpd7-Lum;w`de{i7 zNw1wnd4zLjQ=a(2$anFBHrN2OVI%ZF`|0E-Un8s`+$>?(0-Ip;9Lj+?F!C>y18uMY zX2VA4fo-rx;^(${o28y-P!8c{*aXd)lmqQB@;%low82W44cq3odP9FpJ6K40gmYjG zjLxDQXopR(61Kux82LW)gEnYBlX9RPdSDK$fpxGRw!kK6K8yS?8buHum(26dKkT!{4f!=LN|tQ2og3YiMw!z51v3%!{A11EDyB7I+zU`p$9g@8kl);t2cTu_f4>#a0_gL z(aT%C8N|C`E8$8Qd5H3$4K~7TXm(Q`%!D=24eMbwY=X7071lvFH=+hi=#;>9AGOVdR(O zhc(ovvW#*F*TQUxhaOnBigcK`nsQ(cY=X_OfqeE$DUWa_jBLRl+F%RJhUUvC2S&ph z*a+)kVkPCkOxOzDF!C$v2W_wxX2VA4fi18GnlC3mjD}6n4qKrcMt)6xc#wLT*H8{& zJIsce&^(0eHs~Q-2WwyhtcT6eMtbEHT#v(?D#|Cm61Ku>82JtLfi@U@CFR0I=z*EA z23Es*iC;^8*aBN&-Bn!IQ*QJ+uDfMEF!C_*&;}b}Hf(_&*amB0^wpFH?XU@E!d93A zBflj-v_bPVFE%4Vz#iY=w!}lK(r(gEr`f*{~XVU>mHF^y|nkVb}!C z>&XwJVdN3!2W`*|vtcc4lI6UfawHwrz#P~n>-7e%?}u`~2{U13HGVMhM&=`aunAVe zR@eX|TiHI)23ue@tiFlsYw}g!Mt;JLum+lIClo1v5V#0RXhwn8_IJj(Jw8*GHx(EKp@VKl6Pc32N{U=yr`t*{P8{=od84Msmg zerSgtm;-BI9jur1N68N>VXMT$$REiMZLkey!x#*aXf0A7S?bXURF|kAE`L5|={I2nsz?gxXmyC^GWCYf6$=l_0Yj_EV|`kx-J z*X}z{eV*t0T&m9L(>*=Or;KOJ$<}%~&5X0mInO>9*>ai5r;TUIJ?wDuQqLc!Sut_n z(q(nDJDg{ii>$fKK3AE1MnC;a?g`g9d71j3RgWFcGUq(ITx5^Sq5U~^7=7M&rkorY z$7vRvWyyK=xyY8wjJ{wz6YgQg$xXh#ahhGuGWw#=Y1UbBUc1l5aQ#c_FySgQ?qSKv zfSV zzOGKlxraSYZc(4pjQ>L&rkrPoi_E#qnyc({591Z%C)DLMbI!8lJZmnp&t znQ-!Q=HoO=&NBX{@l3cFaxSyrD!bn@-hPU2Q@h8>_TSbr{tem_%}U9PgnJ?wMRpAU3@uAct=pmxhy#=lUP2^ZO8N5A}6Ubmrt z-`7XBtXTfq*Bd6k@pb0<*6~|khnaGQIpS;xgbf3Us8`#0mg&XXk#r5~dQ$giS4;}i9By=22aJFZ7p*Z-#OFLM^xxOh;oWEq?^ zj@31dV|*=jZ{|F&Z5$hBjIU!ndn_1T&$w_sHjW)8H+TK|`m=ijbxzT~q3cYTv0~2p z#_F(h6YF3)r5+0|JizsvsvFvjZlOODMmN`Ao}8+lc9$jd+c`hii#r;p9pA;cTU!6! zv>B)R-^%mAoL#p1*Y~mx?Us>qOHb2}J?5-guwlvQbp4!D!i*V9`|pSA_T4gPdT-;H zvt*AoYc|a8qhDAz3l^+dGO^y4Sy=aseoR@g!;)Rr>@l+biV6E65BuTN1NFbJe%d)3 z_82AB!GsMnM)#xsUCy)5-1YSS7Y};cC5zDS0qQej&72LpjBc$y6PCD*|KKzVEq|$@V^_VhahdH}kHa>c|I@$?KW~`aBVf+Yn?qEC<=FHe- z&Un`Nkh5gQnjJPQ7)@Ir6ZV-gdZh8}uwcoOHTz+|k5WfFWy6XS57s_Yy*nDmL_2v5 zwOeLP9;+@>7NH+YR;<})!{~A9+(~~X>@Z`&oD~c9Su*Pw&zublMt9bJyzwlUF@A#a z%vi9?l0DXJ*f4sc@psXW33F!bF=xqweU@xlGdjz7CXDWCJQH@AvB#Vx3-+I6JfkNY z&*CY*&N#RJoI2VKqr2(bl%UxH$WTIU$W5b-uv(;hFJ^EEIP*1yM&Ca}fq0Q)C&f$d@58_O{ zbJWvrnK6FJ#e=W-OVrV!@UrmN~{#mCfR_HoxAuI?v1H^%k2!0J=xalK*5^wSJE zSA(BX_YuzFv-ZJ?t?TjUjnnS1V2>sHtQmj7ydh^aD`&z!Gsa&uo?RA9zvTLM`~0fU zEiAt7^9r+X_*}vCTk3`Wj2`Lw_q4>S+iurn$ym)_?7Wn zU1!2RGp2oY*kQpgOZHf^V#9`s`y2n-IOfdRV;QdhMt`PE+}|FvaKBkF`K_Ee8y1Y* zw~|xNxA!M?oO{JO+^0XQ6V97Cdn_3LML%Y&L(YZ;Bj?|3%*#G=wk(+a)i~yCSTTCE z^>NO9%>LJW+7&bQnTMPO@Z`_oFxlJ2aIRJni(7B zj2>_NLE~94W1o3wx5l%_k`-$zXU&!knKFKj*AE-*9-}84&xAEIMwh!}Fr#0|JX~kN zhGoc)SC26pri`9q-Aq_8V~;s27OYvaAFjW~xu2kpcFKl1qdD_jUL8hPP=^U~_E@lH z$?S^8v&$yrjJz*bOjusYc-G9r`!x&3k?~B}Fk|#I^D|+=j6LS8Sg_BM4QobMHl8t~ zryI|N6&LNVxQ05~JyzQNN%gcF7L2Z`9uwBgudNw?@yr=5 zI9F!c$xYM=*IBS&$sTKFQ|ho}^c>@uuwlmNrp7a7!Hgwy)-2et$LP8C!-NepMmM`; zFl{{r^N_P(&5rBQ&DGORSTkkAmeDr-Pq}2UpkHzeb+rp-;W~5nS+Hfv=$7g*W5bfs z^UTMD4Kqf!GM)(wW-QrZ&6*A4#Q5i17ZWzj*fM8yYvY-)WX76ZHY~&Su>RYq^8z^& z=FHe*&WZ&au7>lv?InYj`KiXcUb1G(hVkvxo3~yjY&rE>?c1xX-DS=m3zjU|xq~{) z*|5vZxR%iit#evE7R*>NXU&2QOSY^T-BBGTj9z4aOxWeTy2+i?3D=o3XAyFiELpS9 zhApEPt9xg47&BwSo_by8+9eCtEZN>gozU;D>afG;9Chz@$zUa{BUMj3WyY2{<9n#X z4oh}fv&V)FqnGG+Pve;~W5Jv?3pOm-vSxBGkU`5<7fE# z!IBf|#Lx6PVvjSdILFSjjAx%qjB?|cuxsAtdB&e>p646Sj5F+VjwKh^aw+65Fh6sy zg`5-CU2}>JXBf>J&zKABaEV>6vB!xw8pql?k{24UU2rB`=Nua@u;miV7nz^Yi`8Mm zi8omnrU3jAzV=!u~nMoHH!AC)}r(s1tH7Fk}2qIhV9cuCU@7 zYfijbzn7|`U-mN36-!RJUUM;w@5;54m#fc)mFvA%m`A(wO7*mBE`^*cY{PY?+s*S9 z>*W*+&amVhD@O0KzgMZJopOmCuCU8B_BioY<2c3W)#@PTNoSb?StiE3CK{`f=jz z>bzbZ7Mx+jId;!ghdnN_<_e=X7|)awUSAzfvCA12?3lO5_}%)y&Fe-xXD?i5#pvz& z%d_`;ooZKX*=O#0e!lmKe|BCU@cPznI3LHW^Hvfh6(|Cg;-JO3KBdz{sdYW1|E?^{2MA38VJ;~%N7-Lhoz zWA)knsru~vOx^dX&xF~}-7n*kU#X|vGH3cbby)r0czO9J^|ZTx@wyH3>{2iEXVf$Q zZujqe=N|1H~-X5>6- zCgGfzGrorYVSP-(Jj_CU7OXOK-{s*n|6zgQgob@e?XTu__$(DhUI`uontv(hear=NCo z`@MrT?f9){k@&ah#rf9F1X{k=u!#yQvHnZ1KnyWm3T$0a8BRhJpp z*x|&#sn01EoMFj1_PM~8OHA%(JUg8Ff}CsG(f!r=hw-F1f~<6CYEbQ|vuh9afwR*SWx! zOCisU4>{LZbK>LX;S{5X7|)b*>~Mhvm)PeDlZP75j4RgF<3y=0r`un4eQDIKz^2>~n$9tno~_!VXjObRVORcEySR zXaAgH@3HEz@ffb8z{YmO-7hKj(=G52ju&>>Jn)+ef)7Af^a}0jT{XN_3 zkJU5H=X#$rjGwjF-+xu_+2#w^xxki7A%BkgOxe}1{Nu;v{5 zTnPE|^k;`FEV;&-6aVgc;1r|h8_$Gu>~MiSF0tYYTdpyBf$^WxpHs{@!-8|{ae*b5 z7|k2cglo(=@oD`y#ps2`Gv{2m&IOiSV#5_?FEXAvCzj2}DfT$SmUE0=Y&oMUv3@l3eHlq>9TjWs7eYaFK-zr=VZoMXlXcDclowfmO5RGpA> zjX5X6`!1(garVo6nfHgvyf1hEwL7o(eyv@c>-l5DY1flC?)CSh)#0S;C8t?)HuU2v z<2UKYl#|BgTw?oX>tS`C^@MtFv!1WWImMPU?7Z9iE{pf*&***Xv3tI+2VXVs2dtOL zlDaHD>g&c1bw8#K(@$6rd!O=khV`edi`i$*_ch}xUzgbXvU6j;!#lXZ);@o4SN-em8%%whH`+HSnBREcV2PcZ?(_F>^_$-3@7v1nxX<6iwGT$$ zb)6YIciK1Tx!&b6D;BP2ciuOsS##C(h7FUu82>%z&naeH{Dbu|)o$)?JmY)p8}!*S zs_pBZ=3{a%^D*Ztqtn#+zVYm^tMqrCJ%NVtXNrZlkFSC7h1nGO1c~)Fxd6xAvezNoUDW76ptXQ%$XFPkH{+aqu_1v*$#XeWreVX?{1ooCz6FOB1zbLc$R{P7kmU+j4{Z+4D#{@Oa3 zvv`SqtXMODsr~#${g+uMqptM@Uv9tbGybh}e}#21ex-8@Zr?XpVTaKl)p?cmu=^V4 zz}{=EgW2oN|6kU9uKlolqjBsM#{IW>-r`(Xz16(T-?neC#^fE&?|^#}~jPv}9{+~6EaV_a)4l@>$C5~Clh!<1_wXJuUHC(ieZn>QstRri3L)9i4TUCzjx zpQ)?eva8+xTz&267tTpL`=xopIQF$Wzfxa2XLKe1Ue&&H(5{(k*S~fi+I{BQ{ogp3 zgVxKQcJo{7(Qa95w>zy%JNljHT08o^^U{u)MEM*^?_^X=t@6L_+ zF7vUw+xl7Tv2J!Qw%!wYiG4HMs}9qB&c`}>Y_y~O`fJCWZ0(B)GtMyQ9D7^{`2q7^ z&AA=4Z>E>pXXww>(4Tu)a9Q47rtYQAb6`I0Xw&{dq8&57y7e8me=wt+GtG`^Q>4y^?ilXKb~zXurRo=Xql?X}wprzTj1?*Y$#hc63$a z*+0?vYs#;--@jkM>*ebE2a8OuVI6EH<=1kbuB8t1Ya7qbN&5#Y>|MutuI;{G*ZNss z&$`)*tv7gm`(|+ibxv~MZ>SFYoVT8a1zRpLKG}INWuG})Hk=+fha2f{e92kuiaGn? zI$JJ>d2V7|*RhYA>c{eC>a%mo{=pvhZ{a>(SNm4>%YL$duol|4G0*k1Z@Yi6z|QTQ zQ)u6Q|6np!ciQ^d-qHPKb7%L5*3pOkn9j6YbZeZML&X>*U?h`xrvHlyXd*A*3{*v+c zQ;*I4ozuzk2RbL#4{}aSGwWmZ5bL>-_8HED^;YW-?T6d%jXe*u>al*LeKLKt=gvC1 zTn+6rt?MS%&CK=UG0t5(daQkE$6RE>k||f%VV_;L>@nVK9;WO(&i>RX9Y1Y9$^Wf9e#l>G94p3`H}7`m&Wbr(7R+8{9D7_1*V!_CwQ;@<7Mx+9 zb4*|3{@&C$&M@a3D|W;61Zcw3%(`A`eZR6V?UHNS=}xZ~?TiaA zQ*X_Bv}-0^`Jc=ia;|FEe>MK)+Pj=r=(oo?zQTN$SobZ=x8HN1T^y7%xl~=(i%kax z$t$gY^MOH^(Zm72H?9BW4h*W0AFs{qgad=gTUsZR?bdmv1A_(ju6$t7XK~d7gXvc} zm#ZD{`>NJ^P5tyQuXSKB!~EI@25YXj@qt15YV8{x7%Z}TlLLb$v~Q~4Yn;=~4-9(D zZ*^d>hi&5eg8OkB*V#YSb=J2(;P+&#_s$0fORUlZgO`nkqG#5nDinRb8Hxo9Vkw2sh^Numzt z7(dE7nRAsDqg(5LrtxgJ$n-G>{Jk^h#);b)&xFzA4)}Xz#y#G?-(cP+n=f2{ih4}B zhhd)+r=6SmF*RHvw-JWfncJ>VCtliz_oI=j&Q;mO~`IvKw75j{y?|$FT zIWc4N0(Du=tH+kn?bUsu`B^Y$^CIWS`X%Ojlli*l(@tM*zB_ncI8&&*{lK839lgqV zu+Kgl?qSPl+WKC7U@*m$DLb5H&YWE?uwaipF0*9Kifin%Wy{Gss{0z}&4e>d*mQ>~rEy_OW1{jF~dwEK}ypxWEp3>~fhs)~vY3h7)(TPR5L0>)aSK zW5PM6?6SiiyR6t_pA}oyoV<&5GGW6Rw(Kx^o&7T5A~P;C=PC>CVUN*WohzqUF=fqJ z_L;L~!T9x_1E#FmVZ)pgce7r`EI7>`GnSlV%>_1GVs!3-!3q zy*=jDuGnMEWj0)8ez9}Ar*(6h(IwWwggH|#u)`(htXQzm9`~?fYrcB&;9&OM_ILe* z{{8E6*1;Pb98A84H#|7#1W%R+Z*TUYeoWbY^1;CzOD?d_RsHg(sLMX%4>hUB<2WO)o~k~hr#UaC zPdCp8od;*xveiF6TR-iBtBjwi{%PuPmhrRfKeQSBtLGy(uXglobwkcRQ_jfK=Qs}* zTw?NE>y~#odAjRd4gH?y9G293zW%`%92_jOn0K!FRh(tRHP`zuay}n&{T%CYz0XBv zFR>1mTw~{@2M1I4wm;6X_cH4UZLYA>)i1Oe-$(o9>at=dv|phvbCxV$XmM3-IurUe#Uc#{kM9K*nOLIuztJyaDV+4&C8fMbN1NfGHb4} zW%K~+c&GlXxxmi5ynfkb!yYFdXkUz3bDDi-Y&gf3T}JP=FBY8rFyCWd?fAXs4cB|d zKgd4bZ$1|1n~%{4tpCCKF=6yU=fsRX=B!w=Vdq26BeO2fviyj14s9;6X2m{N*|K5w zar=0P@tkItv+Q$$X=%O8ShK@5=4@GT@}bU!2`grd{-1MT@k!^vh9#3v8PAk0GftkN zE)#Y+!*bdEV#Njaxy0nN_Q8S;dz{#+KVw#$W}g`w&av}3=f;|=A!ieEPCU$cFlPLD zQ_guD?6AjqmMlVh#eHDK6?VR1JkxJ_ejceV zQ+7DZoH<)AF#eWxu;NPa+t$yTlaI15CTuvv?su$%JdP&i&uCxhij%YG=Q*55|Acj|KP0Yfe5vJvOfAYn~hJ{vTcch;jer9JH(d zR!2MeA9b`le|E0gHH$F5p?3aP>(Xwxtljxv=cL_dKeYemyg#bVgq@4*E40}S?Z11j zLYsAH@3PL&X8bYdwcC0a?Xg~UV|KOc1NO`2GIc+0-0`j7H?z+xwu6Z$>VMUCFw5-Z zcF=ddzIi)X(vDAQ2a~07w`~U*vpctg71z65(2nob4k}h$bG^E6J7|LsZU>F)-K-tN zpD>=2XPNgQ>S)(nsU1D49rUz|$LP=GDeYj{_44f2?~j@9`NlsMF=Ni01q=4L#EL7d*=NI+(TmML zrw&u5oMpzG9WF3uk6kXaV9g%aSh8is$)}o!3HzL3!wy@{Gdjom7;}j!SJ>eibGGbq z@@eK{!X9T>vcrn=tXZ(nB{rwJyzx&19zFB>i~eXah?xyI~u&g0qk_j+}i zo@+d_HyHmMzR`IH-((!)!nr(GJ-j(F&;I%5`K11wzd-#D zxX;=hPHN{&*ySQC&ah^OeJ-~GhxaZX6&%TdFCwG~WPP z8#atSrQW})$CNYda*h=jShL4yNgZbFvtS!?#-Emd$n(RD9Tx1e$3>PbS#gCm`)t^< z<>azDAGRLGoMFm2X6%OR|7JZ*xEylUA?F%9Y}sY}8S^t`#SZ)IvSp9)N9>C!`|Pk~ zm+@zfXUdYZteCUr0{iT-_^5S+>s({}F?HDGG}J->le6x>~V?p zzq?<-PpK2~Ppk6<`((oUv+6MVobwIWS+e(e{k~`)U$9>0Us5l$E3daN**8<>U$)Ll ze|EG>Mqjoc&TBU;LVqqX`igU6%vC0Am~uj$mea;3UsYc_Wk);btag_<3ofw79!oB> zV$C|_VI3i76LLm7w7+5>tl15^Ua?`#3D?uFX|v!oOJ=MXeO3N->tpmE=3&OU(4R}8 zz2drdhpXBZ+u%2h+hKp-v=3%nWX>vF|F(WCeqjEu>3^Yl*)V7NBkO19$L{ynW2Kk)MLuY?^qubb~wW>=UA}I{J*U$T<045ocOLf|6@L;Oxa^6T>q2#*ku{6 zvu4GG@2UG|&l@{`@tm>O*jKInSL2!fujhuv-|Q<~zeqphb54ZuOup~j{%(Hlgegc78Y+;Nuaw|px<7IK+LsRI7@uT4%&ub`yVo`Dr`CBrb=i;A zWpo2M(;LcvWIvV z>fc6Pwp?a)TREdsFC9$%N?p#fyq)pPZ|^)7Xvka|1SeXw<~$gG16S6M&A zxZkONhJ7&JYX58=W_`c6?uQ%4{1Mi{K3CYARre3-KGHgwK1$AtHRDHLI%wHtvSu7R zOdoUUpk(woIZLL0bp7#{4hptUxOC8G{Y2ybOMaI6%${Uicut>vso!@s4=d)+QHSxX ztn0tc^ET`LAN3ZkhZR>s`(3X8NxyeHA7)$#?e|zOE4J*s*SvqW4tCi4C+lMRKJzjD z=Sv6CU-W0n&c9d>TbAs--};%JuU}&xPO-z3IcM2r&g28?GUX~WHtcZXulj$`{@G=R z(Z9KVgDrmUW-6hWqzO2b=EA8yKE3$V%+A- z{GO(HCN3K+v2(f0{QLK<=lIJ8Q+w_6gv$nVtgm#Lf4{zUM3)WL7++bw&vnkRdllmu zU;Q%w-hAUYwO_q!$l2#2i^@nK3Wm9=C>tb}8`^lJ#Ojt5I{W8DDy^iOpO5_p9`0$&3}}!u5x!AFgxmWaG}TAMKodW)Ht?5N~mv(<~lgKkTt!JL|j| zJ<@$*pOX_?HZ@GxKFYorJ=!>CXSz@9ux9=k^)F{!$NgmU1nXh`MDsH~OMbj_;51V% zTW9`E`_S&Q%Z7_Ao@L)ma_cz3zBt3|*`5>DTxR|p=g;W5>Rw(y&NJO6XU3Whqbt}4 zr&v7CIkCqsOD?keeESbMTUIZy|0|l0Gb~Vr`g$?_xUT$5H`kV^B!n)XJm)-5okp)*6y~;dnUt_;l)?RRaY}jSX#c=(##xdp! zOHN$He2iJV&N%is$L<@9W66>gSHkr-nvVset6CSQ*}Ta(w(PPjjAO+WcHe9q>pUlUYd)RrO^-ju}vHJo2SbWI- zn0#2hYwG_|=fTd$teXw@u=jD}uVw$GeX`F*mY>j%75nV|KlkI>>T-%brYt$j=#$Qe z?Y}$c(EgNjX7*|OI?23Dm@RugLz@fivd12mS+QpG8LtPnoV<>DpEaHZJ4`-jT)6&u z{TXvDw7;PLb+wtWV$PZi?6b#)%Z$Hd922&znO;xMS*Bk$j(skN>#T!c@w~*=$7#l2 zb^ffr=6PfJb>|n_?6c4AjkH&cXZa21A96-Mr={OCFEd6r)}IOEZ>h_SIlC;_`?hmt z^&R&)_+8^~!tcphbBTRcOls>0*V(f3ef_6AH=Jdc^Q^eYmdlKPV7(#d;?2}!qaFQF zUG19DO`Qj)7+t6?)BiL-vmefqBVa-+jqhB~5?Ut=}_m}RIcJeFhIz@lB+C664 zC6im}&pGX^?>=a!zi~b+xfa^L^*kh=PcDRU%(PoBX-7M)H;m^RyPUAjic{>ftAF-8 z>*3_4!~Z+(r4Qe9+&L#6cfII@%b$1L2`7f@vH#oo_FaQp4*LZD|NC#+G$jlDx4&%H z;M6PlhpU`;zpI?|psQZ##h2f{>0Z~p`z`M*D{d^}jZ`yRO`!h3|zj8gFl7C))v(fxX>-miQ+w$9w z=FeWw=j8t*zsYF+g!OzuzE6I}XukPDhdP93a7lj3yLSz)GMYbdef*02B>A}UYw`!k zZ!22#!e)G}sPhKBCBR|{t>y74*TF>W(`MC8j4C{{@zckFp zjbD+6{f%4y+AzP#==w&^e`4bB{tmqt{Nwd|#`^lFhWW!s$8Ubfp$_5x%*fwk{#$y^ zjyzvmZhBnk5b`g&&Qnn^YSN;*5Ca2Bj>juzx;d0uWw0yl6>s`hxxemt;tU@ ze%$MG;&{)GeBAgc`I++Tj;{Za>*q5w%&#+=&#vcl!+hNO7mkrH4fCsw*3Z`KuN-6i z+AtsY`k6T4@czfGZ)%v28$Tnz%LeynZkUf7zaS6yXYAL%VSeW5{x?73$n&!z|GDvF zU;o2A9UcGT_4AwXb$Z_h>z_JCJ~Pb6?JrDw+)KA+hdz;<;Ir2QH*Gomx#aNYj4Am8 z-n47*Veiuu^AF#;{vPtq%~pAObo_~j-bXV1wtF2tgA?bC^wSRSGqrVWw~rV4=OZ;X zZ#!~Mjr_FZcMl$MRQ}K-dE|4>cKL~;`GeQbDUolJkGoIVFu&L6_?NDa&*f*GuzPUz z(fsh+=%Mu&@(bnT>X*mJ>tp22G4jY8=tlD=$H=o|F#N3*|GT`N-$2LcZw=D)gSl#Hu7y7 z)Q_UWd3c?zzkcq2q<$hl-}rIopUHQ~Z!tQ4?$GeV`np+<(S+?*F6L_m>RwxzT*{6OYWF$uHbs{(P99G&=t9m$Ad|f5Uv-=d@CO-XC@i z?tIke%-bLNoLS4m^EYrvtC5HE8}~Ul^5E>WzBe58 zd@US#z7qM?zw8>^V6^^Y*3Ty!<_{XpHy{2+Cft);zTNl-9+l6m?_YkA=V#pdOZj=m zZ#`=K;SVUGel6dzLEeP=@*f;E{yRtJkGwIS-}pYm=ddHM|1H-FpTQ2DUlQ{F-8J~{ zqsIUK$oNdY?QhQSsC?l_p38U2&pj%C&5^v2Z@p;O;I&8P+mGa>e8&cPEkE_|)iW0#+Ijn4n9L(?DLzkG-ME=N5dcR2EVWb&Q6cMa|^I{rE9<8%3@J>&C2 ze)0x+DL-w4yq2FOAGiKSzHNi?kskn@w?UrBFW4Z@EiL{Q_4@? zAg|@8$;a+rzIB7~kvG0=8{~=nybbb9e!&Lw=kgsJj4$LnH^@u*rc1`3Pc1)LK6d}| zQ#TkNd1K$YL7vFBZIEa3^EQ}2m!H4E_(Hy8gS?dQ+#s*zoAz$7fBA{>JLq=g{cYs+ z8C~1?Y>+4NtsCT-eA@=|=kn7gb`MS-o&Ry`?+?W=ztd>`y!E`4pM1I9{(JNO_m7{` zJ$F5?!+80)uRo1^oBZLU<41mu7x`dzf&7%w{3+}86ZsDLQJ*hHKEGwh$n#-7?&lQ6 zFu(uk{G0E6XaQl)Qht&7eH*jB|NE`4ua@tWkNbSy$T#`^ecb*cKfpRs?vJ_F>u+>W0^O5u4y#DipOn#Pp|55p#BkRxQ;q%p7kNW!Y#v@-p3i+v58UOuB zIn2jBAGLhz2IHG!c+-^kDTGx;|2-*Pm6>iYf3<=Zz{Uop(be*Tf4 zx54=O79&4-@N|)aVEdO`0(?rBhSa-Z;uW= zKe>E|+{f_s{O})h9LkH~_?wRAXRV)KIUGMbnr}Y*gZe|C|Kyvlx_j*B(`J~D`~D+R zXH!{302HkBbi zarfYMqj|o5KDB(O{ANeJzHW5n_0`BPy4v`kFGSZroR9nYOd{WQ_3`V=(AH7&*7V4KJNZRzOlK;{HKkMAN~1<{KU!K zV?SSH@{>2nbNQ)qKZaXh-^icy6!P=s!pTkEdAD(~g{*RGo!+hNQxjd|YTwcg`$j6;eDL>Wy8~1$F^3&wwo{vVp zT|Vylh;HQT%LdO!A`j!ooliE*$E`n?Z`+`LAwNq#?*5d+eBAu?Fn`b{|NF=1!;zmq zH1du17kOh3`+LYyUVHrcmcxA9>#LTZcHIqr z{x{5@e$@UB|9~odeTlrWo@e~num8i`F|MC)XZ`C>CO_YJKW13ZNB(>#ALhwu{`B?n zh5Q2JPan+>|9I}u=YvwdQ+~72{7LKMYxza;anDCH%*U-S^1)^M^>z=&ef~(~=gG(Y z{5q4LFUR`+M?e1vE|7n7G~fKSLmLR^U&zmj$Ja0A+vMY3AN4S|&Gq?5e$Szi?=XJs z>)*yN+@O9k%*UN?Hq7rbI{ypS?@unjNd2+zfAXF3aql1Hu>QF7ujS`me}m6|!+hNN zMINj$eq5dm^Ks{!$6)1@dv{R}AxU=Ti>rj~ibP^Ks)FdD!2$Jn~@dkdJ#l z62XNVtUnv(0kZ-@i`1@B5^Ktj5K1SXQ^Ktht@`d$0^N(9!B0pa~?)$#~M)TpH zFMI3T6h2?VPe&IvF`n-GeJLz@1244yN@{xHD{Vu_Jzu1Fv znm=!PN9dQ1)_dJi^=9-t`}Mm9Tej%8eWc!&=BRz-`fdC3u0yZiiEN}^_!>BJ-xl>d z<&C=r_Y3Dzj@G-&QS~bQ&M$TiPB>1#YNX%h{YMIh^IOyJ+&2&VT{ym9r1J%D@q2!k zQ*Ujg-`lUvqvF`h9z}-*t~#-)gA$&0T|6g!Szl z?YHfy^|kt)|Lt9acZGQ`8tr%PQS(k&|GEBLZHMV6IwSXObNJ!!`tuS#U!3RX%P$G@ z&X4rlG9TtO`ta{l&FlB`%XSUE5b6~p{WgF6sCqs9wjOu*^XA0)BmL%&bUXCiuY~pa zxpnxt(8L8J{Wgam?yaw{(eFgRe{-ncj`95_eI4HC=cNAg8=EFB9O<{^qv2;YNA5?e z-==8y;2MXXgGZ0tx62)M&U2yOm3JTdbJ2--q~D?6L0?~A_?0ZN7e1t} z_gmKQOh3oDYv`Ab^b0?0I^6B>`=5T>{Jdl-^vg#2ZGQKWjvj$c6TTpw;`^R^gn#ag z^!q>Wr-^UXGKKGN_1)SK1sT;C@hs@EOqH&QQrz3Sgqz3Ytsez=uif63>B2L{e;!QbVSHzF{N}^IFcQXhBkSAT9vNTB!}_qEkNkOUUvQSsYkwNeH?JKT-^zCw@9k@S{K)qUu^%*s z`lpTNBR>yI<>#O5`<>DCZMk81h7X-zXE^?9qvJ<@Z?!wj$9+H63;8L#$NpY!CEqE( z{b>D>pU3y*n{F|Fd@DaM**$pr==jY~K5{;>!rQiv|GbwD^Kt9%4D-hxRsZl0)DPW% z`335Se?D@5M}FU^H_T5S%}4&ctQzJo9L-05-?J}2@nPeCUewBWPLKcdoH+bJq4DE> z9+1kn-f8z>-1qYx`A+-0`{?>ce&4M-tUvDc*OQ-Y{;Q3SA9;SNVLtBjcz>9uqvKzE z==L6ZK3n-|>fd-YANhTm*bf@F%E$dYEtQ`qA6LI4zhHyi6WE9zOo(DV6-h zyN^HLzWhAn$9=!i4#!Vi&OHD4dD)gh_*#GX{m+frX8gGKhg80OgS;aT^N;&^Kv#aj z2J7n$^IMMIpOHULtK>V3_vK)H{fA$^ht}VhU${Zu%6H078y!FL{uYNH=zk+i`=m5+OURq~6}pF67l;U74K z`TO$I?lu1YweoGJ?H-(e)cg1Qj=X=zcRqYR%nBQ}B{+F!3zB=-7e&b%BUHJ}q z_+yD9&)>-Jll6vq_m$!!D?fjO`xE;B81ivH4@u=`IiGR&uQSZY zJwM%HKJNSdo_y;D_qQ76VKJM#d{}_3DjQVl-!fpO>_0wbIonz$PVLtZxKgRg#7~}iL z7~c-_hmD^9=EEN_!s|Cqy?@&O*w?>&tNi{)jlcJi*H=frT|V~tALb{Hjvx7bjGp|& zM~#1ftK{3{NBz7!)bhXB|Mlf($xjLw{_*vF6m(Lf*k2}9~ zn2#IZk?%Bq?EZ)Oxca?eKCXTx-}Kn=>+2sQZ;z43r)^w69p*RC?a1qEv5&xaYek-)a1~`K#ghcN{hUTaL`%mv4RC_~)Y?=Hu$e_xAp8{J1=opDG`B z{+(ey?){-VtbeW1^^g2}A9}-l-1$`Uu)q6`j^BLR`u^qH<>P*zp_N}Czy9d>k=kt92|NVaFxuN(g_gUNf$Y1PR`U%G$to7CYSqeUk{&||K{vqQy z+s2jlqwYJ-!pG2Oo3+BP_Oizt-}CSZxE22jd>Vd^)>rpAcO19oH|emi@?wV7j`)jW53${Pi=hK=;#O~Z9ry(LX8M`f3b*zj67Xrb)&5dW|4()N>b)Zw_y+m~%_H9r z(l-k~a$xuKT(A7$t8lA*t~hSx-wwR>CHDHJ9Yx_*`%1t&;8y>df)Bzwb^6r)K?Xhy ze~9L~{lmxLR{xuK+{*tIXWv@C?KplxsC_>uXy5IZ6aP!?`kR1Hz|YqHU*r{^*FUA4 z{so$={ke?Oe`6^A@gV+Lc=yZg`jv-w)Zr`e);fF#-T=>O|016b>Rd=Y)CePgW7(?Um$w*AHIQotA4J)8(v}O-_9QT?N9ghAEx71 z`x6QHF!o=idBlGp*c<=hN8nceWgNHa_pIYXA^ZLU)=NKp1N)Z#isLb@?>{c!)z2Nr zt@hJCK>vdMl-5`0dkJ{QEA9ME!CT>MvsdcJb(Q*&fp^!@pLO;VT3?-Cj(-XG5xABADaWn;C$oqCtm9Vs386R#D9(E>b*?uT(s(bja|PJ@Qyk>1#g90{Zq#2a|~ChfBy8&YoD|5Ui2TO z`Dms6-{kK6kx+exH(#`v%%yXnd=T zuNio2+8$qL;T>?x|Gd+;+V_gnx5n2U`0{IQ`|WIuF2b$xF##Wbo!!5u9Jj{D415B8 ztNqS8ZjFz5$4N$|{;2VB1%3qkR{h(7FV=~_{W(5onxyPk=HChU2Kv34tNC>b-a2mA z&y3?%`Od-{(0{15f3>Rrd+4t?eKY+|-x}ZBSs0HI|EqNTYJ5+?7va|Uo^sr3pBcxk z@qHHF@OnG{@{U{M`-*;2rR|&L1_tr{KMH^fS)BHNMZn z2hq32_dI+V&N9AIKiz#-Z~TWh++_Q|1K&X3Dxdb}`TSnmzPf*raNN>QId0`&2EI!C zX8U*C($B*s{g(cU`}VE)6Yxdix5m#De6CLZXW-ND$LRdk;~)G;9iE3T z!yl#f)%dsq-+-Ixcibx9_A7jSGyU*Y>@$t3)W1mOd8rh<^$m9am4SD_E&W;eAiP`K zSNGfU@L~9cnydFot-#0N*7&jGxHW#Z(=kod(N8#TKSe`Mf;H{0>g!h7L4UA}64o`Y9}ZUUxr)yEAT~lTGNpVfX+j$8T}_;9`S!w2iw&pU4A&&nQr$8pQQ_F?*8;+n2$5N^#MSDbx|@4%h(<5vD=;B(l& zTLYi+{Q-4E8xeeanxcm4|>gIo4f@Co?qLi*QN${*hQ&N}rU-VL|L z-@L>Rf3&u*?$52jr{QM(cigQ1FTsEGKd$XZ4hQ}x;H|fvDlv_$@u%Ptzm>j><5v5f zb@na)^6+KsKUn9Vx_`0)Uxi!#?Z8{7?fTLFGM`)e33vngmVYVu#9!FMVKe^0>&-*u|= z8Lc1rWYB&x@C|rA#J>>mS@>|)F5f(S3~trW700de*>U{tI)3#&!SmPK_OSzBgj@O3{)+lM;kcE) z6kOtel=e^U&t>4taBKcD3vYdo?O)z;YkXXB+$x_P$6u}ei})9Gyz%dqlt1xvOsx9% z%KQEj@M-uRA^xGD{-)p^@3qIb47?R?<=-s40dAE~-f^pcUvc)$@`umWvEM%Gb1VN6 z@Ug$N>sJas0k`^>jN?z%`R8As^y|OGkA9ox>i&M-aV!5;;M3@TQ0qr#g7Vpcx882A zAKE$i>4sbNHvu1nTlQ1%Ww_;E20na;-G9%*r{VY3{;TJs^6-w2+5WA-SLf~W*@2IJ z!tS5jX&9{w_Wi7c@K4+0d&==AX#dsypbUKOZ|wFp3txtt^?wh(vIpOR_kPCiU)!%E ze?Dv1--P4V_?v>yp>Ori8Tcx^Mdy#YpD+twhFj~`JbVLgwVxGuYtF7;JMdn(mA~y{ zKDYYUgyUBGOzpulj$8fHEPN3EtooCOkHIbfRvfqHFFWvQ^sW4Fe+~Uto%~5SZpEK+ z+=@Q~pQ{u9EWDn7d1rq}*B`z9hc9B^>c4j!x8^tP*Zca<2-&ZkZzbRx*k>A{#z+5x zoQ$6-c<<-x)PMK{+$?|iG~6nmywiV_j$h3$R^W5!TlupCUxi!w(|&``t^7$iZuysj zFJs?q|M1q&+v%HyH^8m^+dRCZj{b_XpV0ZE_HTFK-RPU?Py5_TUji=iTly)-E&U9< zZu;Spe#?H|am)S+e4|eJ?l{gikgC7_3lOCKw%Q+fjXM6fvvIWwH_PAgRc&8AUy*{(;oo$K zSN0Dx@YXNd`-ije4!9M6-th~xeRaQl1>Rjpf5-9tT3?$zt1>s*`M7*Kkv8|{|a34?~sl^qV|8`ymvQ_#+P?ZehFSPD_O0~g;S=yHLi*1M);BBgMffj5d^O-ZV*ksw{q~!%54Y|w zB;XrgvGr5%Rd_BG|EGiaGh+X%_WEJg@h50~wSLIM=g_zEf5maD|Js2sqi^+}?Qg*U zIy?d2fIm$8r=AZ;!3V!)&%ZP93AnXCI_vnk+P*r!&pZA+%_Eib=@s}Q_AUJ#$75Pw zolm!Ce0{6_CE!P}pVInj|0xCEfLr<*_$oZE_0{?GEWBaS*3Ucp39YZ@H!JW~^m{Z{ z`r38dB@Mw zT%8}SIBxmBU?AtJ_pZ-c;$Q~4?prv zyZ>E*Z@{he?MVFJvdgdi&+GGq<5v1oaEaeqpJ(8$#6J{DU*-9>S@OV4YiT}ac|EntNgIV}8+_Il{-12W_5B;4z z^xNM|{(aj%e@(#0;FoCs)%cWx&%y7nxw=1_alA)!H9wh!FQWe!nydRWdC~uloj)s% zTlur&xLN+UQa`cJF{$dG`~~`cf@FTN{0+X3dLQq#ol@_iZTz}C!yLTFH_AABocADm z-|s%JRn^^L{zdgFBf)! z3)K6A?-}y%FmfZ`b@oo$_Lh+A_@0y7w&jZAA99b25^wX6iuYmBvV)S|_M7qV2X~fk zmvrxp^hmc-O|VgOc9n3C62`y0er! z3%NxtcZb|L3gV3;H~*76Oa0n39V~CsB!a|1Go+zIXS2 zlHMLA*Vq(F?*MYce1C3M@_9hZ-5Sd0G;;F|{<=GQNXbP$7K&Hq7aI}xzUdh)_r8$a zG317#?mgl2N-iCUdHXr*$TghheUqLv&5cT@sQzgj~~I{rCJvx3!#H_Ndrf5dVuGr{2>o`Lh2Y{_+0u2k%3!N69tb zJ6!(A$@lwlZGrMva^5q`m3Y(0ZQr~6zHud26|c-M{G#@8}!_XHUz_D&+#cI~Osi$rc&%gJ6`r9L;mh5Gl>Qzf>Y8ltOOPBy(N za&hE(Ugp~GhLWplzbUbY-222{LrT@FN`l3|L&&v_oGSg3$Te%Z&xhh&K(1rd^?w~& zP7W0+{uPiLL2gLwb!$1fyjGFhL2mIiuAl7Ha^Ze*|0Ltf^`}Zju{WsYei^bifL!+t zZd^E^<-+4a8o3eVz9jb2T5cg^Zx*?R^r_OvMDCE5lRH9{bR0u&?Z#83-$#*~R&tHM z361yb$Zhbv;`^n4IjrU08tPwSZ>2xDnfe?-Zc)p8=G|Pvgt*Y`cl;{bI8pg=f&HmNWSFc93T)19kkXwGg zYv&m)Cx^6^@;xl}Zg=f`O3Q`Y`4Vy)clh5&5uMd?r$Y9M$Tj_y%jY9Xt}36~88{{u zoV`UQ7YWJ$cMzdS6>gnkE74Bu%drcP-P_4^J5CRj<268{X_!F`{}f!(cZudQmE>=){Nb`6_`#5W zGl73gV*l^#_hGEV$KY1^HP28!b@aR7N8r|e(Exl7{w(c(r1JfAqwwWA`cv@5I{FLn z4fx}<{p&0FvjlHtzwE`K{CQ!JKkM+0@181sA;dou@aDfH{_olSKo`7qd3XCVUawE% zAMt+|`_ZK8j~c%wad-oclw%q@oqx}Jl^8dJdfxaY88f|d&ccuXz+{iOFF{eHc|{RSuLNWhnWbjtfa z!3zJ!KtBaP@=My2wtuCEy>wt*_o6-2MUDBlcet;{F9gFa7WhxMe@J2hYHle{!ny8|I5a{xz=2T+vUzaKpZo zbL!p1PdPtF%6VLu^F={9i`*gPnkc8|kg?IJkX#dSdG%7{7Le=y`Ki(|v6t6!pAGCu zy5qCV*YWG#{2utN?xiOkzgqK%KTwH&8a|KyM2O4e$S?OSeC^z#d9Irij{es}`uRY= z;Pjsz;{L^>cEXDA&h}!-I+uujkntXVuGUxgF5-LeB)tFM?R!UQ_)&PLwtubXzTf`g z+oa!$KLWVidxY$Jdzqg7H2nB)?R!gEc+&>wh9Ui~z`q>4^FQtU zEx>2svcFwP--UsG5k7xs)qG67w>x$_@tzhg|MDRIB7742Jz8I#JH_V6 zAGlRN|(;3v*5mY%BhBNqk!6@}lwXy#vxiY5HM zTHl{0d-2EN$Fct(nn!*W*iXWbqW>qF%MlcRd*u(GxqGp6YlMKn|679m&%&Epily&_ z_%{QdgO6k1N?!p!Unl;et@OnmxBO4SkJquEh98An`I~jzia+PL zReuZc@dp&m{ko##R{XJ#`}$V?#Ni{@x9V@w>0AD#;gjfF>B~B9#h-KbEna|&e-;cD{`HW)+W&yh?=PDByhZp? zxK)0!Px<;*{f;|+MJRrMg72jtzJ`5EKkc|xK3VuS`d0hSId0XT0=(%VMf1JkMR*(B zia+*g@*i%^FXN7ngwpSC;CShWkE3t(KWWFU_LX&fHDtfCzRbaU9$GZ-l@=VI4(V5( zJ1oNI(SNw+>KrFV$8;2KwZAz0INVBK((!(6U!60h;oEievyS&_eZBsLw_Q*t{f>8P zeYL+f-~N8h)pLgm{5bYgT3BOuK=a| z((n^?;?Kg5!>#e)J!u`Dms6#oeDb2AdCwsU@4VQa-=~FNYWGiB$F2T52S0jQ(R^;I0AGV!^|!bOkA1PeejGm3 zZ?6xM@X5>V`AORGOLY0DdmdT%QS{CJ555hz>PG>-2Dj>W5#IE)qWRva*q10DxaD6Q zJ_NV&H|e<5KcyXS)9HV1rF~`h;5o;w_FaIF;NKIpeLeoeC*hWVu`m0)N9(Keu{eAl zeJlTy@R>UKlXl#SKkK*^e-3`MPW%OUJ^zZ%{_}MD)O!PBdB!K~pR2h(|8_j4xfE@F93Aq<=-wKjz>waI^g3^Kh$tica6^-(z1Pf6*Tb#qU?p zcEaNDZMc;`Nyn}HNjq-&mxZrkKNX5!r61loV5hGDZ-bljA9zn4{n%H1`w1Ptp8vr6 z(KplYxRt&%T;jL%vyNN(Ie6Xl!zKNe{i5TR{n*#2pLO)(j$8ASBzy>ctA9*8Zmqww z@DcPa|8jfSFF4+<%kPzy{c0Zza8HCFk9Bu9Qaxx$ZXhxuxD8QgT(#YaK>zp7UDSuZzwoIoWgb&3XB< zgxoaeJ~FOE=apR5^I9^$=x2ZY7LhxuOZ#Zgb03*~@@Jim+;Jt>_~f(8F^gOu za%=1-y;s`DnwEQWqm~;*Zn>-IKUWjIx>64s!_U>o{9^o(MgRGhb}bivz9o-b$D@n> zb2V`-7k;khByzHz^YU*%$yMcFGvn?wa^7<_DJ56+TumIgk)EReTuoZbg`cZQAvgTQ zqTep3lw8&G8HbSDMy^5X!K{`GKUcGW+{9D;ds)#VTCUQ5+bNIuH!0t@+2d={aghz~ zclgs6|NP%^bN=hNbv~1WkJpL6um>+XesArcS|7*0<=eOXk2`+8)>rp~lJLpr(2nW% zgY-AvD1E-4e)tgnTl2%L&|So$sHS+W1?%Kb06luwWLPpw~y@DaE*|A-y; z({Ifm;_ylIt@}Gk_ze8XI)3$D?=<`<{9Mh|`XVdwzuo3J$1VQ~@JaMvsO_u$mm>T) z{7*Dj_tRp3=X1-yxZ_s+NIKr3?O!RS@9*!V9q-g!olj)pM=9TfntRW>`uaKH`2R4? z)&6k7+3(Zbf9;`H|BCQ!^sV!=*tbbP@jozvf%5&V#`fU;T^zoK{%f^;^}R4jc>k2W zzD~nuhKePo;T8LlFM1gyd76dyyr5`4ua$#0VSgy3Us<0OT>Jweepz6@D15kBdW7a9 zmGX&whxUp6$7=qX3Xj8k(6{n8xrcrlK8}5>eq|lMpN?PMzs|u&t|^w5G>?2MNM8Zo zcC9}i1?8vC--_`019kTQFnk>TXl-A;7cCB7gIoJcNqEysY@UX9*5O%re;uBKkH9Ve z3h+s|x&DRE!_EDV?~*=vPN!d;KgES-i={Tr{p#nnucYHv`$)t4uea-07Cr+1Tjo1K z`86)eT*tGYgEzgWSdzI>z}5L=LE?YC-9HrJ+xTzwpRw=x_HWSk)&1-^e1!NPsJVI$ zF$o`sTlG7=2hTeGYi&RBi=ckz;61k#&F2#e@Xq%ZOUaPFzd>9&YvTIe6Rqir#xbg7Wv)M81Co z_z2vZUlkp1(edl^?`8Tw^sV^gaItTWe~zE0?W_CMX~#dPx%ys?EPM_7chg+mkIlh{ zX6o$!iG8>=KPx(JrvLAK`xcMG`>}7;@1*0Fej46`{y92*>iLDN<5vFV9Jk^xINq)8 z>-`_N_;2M;>>uiV8N8ejI*@=IVT< z2;YX^U-P8byuJQ4_5+`r<3GIZ{YCS=Y)SYG{4?6Vdaq*|-t&Q?`Ci8?e16u>pPb`X z{uUg!`nTd9_G1M1^TgnB!A#$`NP-XX8Ik!P}`R+1pfBMKWE?SpR(|# z+wJ<3gP(v~@fRGo^0x>-I%nUnkNt@L1O7bizd9d_!<#;A^CY|duJ`Rs-eRaR30H1-I>4%?yTj`6Pp#Fcv){i@Gjn7GVQyu;E9z5&#eRcZO z^Jh87t@sP@ZPI7)B76;Q*PRH%l|aIvrhb3$F2O&Is518^r`)`g5y^FMQ7jAkFEIrS^9B! z8~$572_LG%)9`-y1=@f0d{Wlw-x%8891He0bMT{w?e#~&ajX1_j$f-?Mc7sQ2s?gfH0bvj`vgq|IZi z)F1fy+P*s9i0{FZj`xK2j~^54AE)8tpZ3pxgZ+!~%KR`3pMgK1flqn=Sv_BqbKI(* z1;?%WQ{02ce(J~n1fmb(SNF%_@T2%=mn_)H!Dl8#&YY4{}iR{mw-C*Y&n|A<_&aOZ#U&d=HP zy8s`DTkX3DKMJ?@Ph!6$ez;XXo=~w%sImfO3 zz2Lazf6;NPd}9Ab`4GRgKM{wEe`fo4+=@T#xD|ia#c!oA=eV^#C^-9;e?@rP7wq;K zTcdu#E&t;1A-I*kq~n%;8s3k-wLhALufg-W{3Bne)PMN)QG5I-z`jS!>#;@ z{i;5XJ8q>f377b-{lzqV2yXU&@EN$3zd6Uv{?BnMeMQHu{mIy`>&G8=+)O`w68~Qv zD!LiQ{Bmj(C?`ghY@ogWq9lW@!b*uT?%!ma#|J8tD~ z(s8T*NW&$5YkbVY+rC^U{f=Ay6&!z%PQQA;P7&UTeM>*K?(;`#{Z~}R?>PKu-adax z!cV|2(fV(y=%?XLU$NJxS;wvUR}S8Z{$FVO>U(htqW@Jp|B8;A>Hm$dZ`F@De4F?` z6^j4kLI0G5PZGbSpN5aat@@dTufaRDeRV%5C-K9r{-Xfz`I^1IQiS)zE&pQw;p$nwv&hZO%{;2bX0{jH_t?{$yxD|iwx4wRhwy(~|0AD#;cMty>B~B9#h-KbEna|&e-3+xy39 zcn|ynoxghj58e;Ao*&P_x4&VhuK-_z=d^uwf2RnaJZ9IA*nj%mT>r!8(YNYP(((K2 z_|^Gx+VMfn)&4*heggYe{mQ}D>cn4gygy|BlAwPo!rT7V?!RMqQa*6A{2jOIR}$Wd zzSV!F_t4KeeKY+||6w|P`u-z)hWKBldBop-=Nz}#t^I`}`~?14`mrs>54hF-;&9P_jLv`c{CpC=4S$s8>V8EU-gewB z->lXkN6X){e;QfDGaes(Y|(#@d0xx) zh2#d1n|LwLJ=_(0IhEeVAKz8`C-aN7C-7WM6uE-7cU9=QyIJJApHeLSD1zL!mis%| zD-G(wF|l`1(R*Kiv{}ddsgT^d_}5n~os{%;Yq@_6r6b1pE6>l%d*7o2T5d(|_y+MN zkQ;m^@4=ONI-=#i5~`;MklRjjA6Vi&q~-1rigyaRiBa-d>cP5_i^$@*Qf@N87=Lxq z{~nngEhmFSMQ#PTv9Y56eJ;%hRQ(G-=M|Ol7CEjRG(_99+~-5~x{zBu_r6Fy&0ufiCigtkfR>ZRLdD);o<~e6xvJ+8mynx7Zbs5E zs^lVaI8?DG^NY5Oe|`|nC^@-<>5F;ovYm0b^-V?Z`z)eUN>0|=O0EyNwp*Nkvr4YY zzft5Ck((3$7L;7%-GM>L7nxs-9CXhk=9OHf*gXI8$aV0X&Ud6gSWptx2UqZ=MJx?d|i|zSxz0z{wdbNXG>tDO}ku=IzQ!}o1M~fFA3$}EOHH;qa7A| zvs&(bA-QAXALmIIiQIyct0cp#FYCy)vhVLbZ<<$fRnMEo7@z0a|C9AebXmz&)q@0b z)9fR~MQ&Be$x(=E9|w?={ghioZbQkb=S^kazy5pL?<)5)sHc^4u}-O@-o3=;64~)n zd*0IppJQIb@kvELvMTDH{s6q=XZCYdqwsF{ts(te0{tnm4<8Nj%DK-1d;|Xa5SK#m z<6nXg{@h;ItULa}kbdR8L(M!Ox{SVMzYE@d(q7jOzW)bYn_?iZiu{}g-<{d;S!?gcIE!I$>n>yBIV=H|%0hH2t| zvW{Opx7h_h0>78$YTY#;`jr3uG*{=Yqt3py?wNADQ|qgJ&jonHzuV`UOYmO!qqV-e z7rqW3hFkGBH~QS#*X)81qW^JiU){?dfUm+|7~=lHrPR++c*nYZt~uqnwJ)*YxaI$n z;}TcU{`_nCUj15k+${en?F;|9wZ6<*_*-mt!NvdcHCOk71{}Bi8+F`@f6B#grr&XE zUvw>Sst@I5zZt0K0m(jQC*A#paexuG`)qgI)C;r3E z|0Q_uZ|!rDb+HfsOvwHxy#kiGZ36 zQ%ms0I{CK_Uxr)$H}l1h^>~-#mVX0qiT_dBKeg{O3SWg==T=kjj#IXO3yxdk&ywR- z`&@V28sD1lO8p{!Yy9qV{M9;rk;=LD0DKz#fe^1e*EtGbgx?Y3m2>MU_+ZiQ9~LBj zxRw7)@NT$OzUz)#{d@D>eEU}W>w+)Wu|MFrmH(rTTmDbM7qM^6PZ!|5o5fOx&c7>F z`*-}gntSg?^2e`r_yqd5h4|Yl{omd9HEh(e-{ts2wf@zW_y^z(TlV~86y5>1=BHEe zZn)LIEjZqx$zMDpb@a`QhbmcA(Qu4%dX&_0LEFIK-_ zEPYSnUC?r03B_APZu=*0|Dxe#m3;P|A*#dCBbE}pM?_cyG*U7rc+rQ{g za#i~mqsTS&zcZ~JjbrSEGmJ9Fi#gUt5o#E|sOlZ0AK1T{Una|uH_NKL5 zWgkZ7H78r}kA9bJ)XKd0B3$E7;n90iKYwShEB3>W!yl;i)%y`Z%WDxrY z;3G|&=6TE^_)++7>n16$KE~~F#?7(2;Om@9XXA_SQqEwJ8hSc&v_Xp`f>Pp^JeM)Qr!aHSd=#4`a?Q3Yl z|9fiwG|#-3zPRxF*yWjoufboe^&|d5N$jWLow3c*J3@Ri@IMQmdHwG7LG*KuTjO*A zK7ZckuIFE(UxZI${{cFF^?XI_-qdIGpBT!&#|Gsahi{+1S$d|{kN6j4#C{Uq*|AxA zSBSqONM9O051$M14+K05Kl-3e^ZNyJ@SY1cOI=#u-zM|Qry%-|+Vsxtg8CUb9oR3z zXCA#-x|wk>;EgxQ80hK8?nC}OZnN}5Z9lRc=*QvxJ$C#__z=9mQQN;n&UQTeX|eyr z%~By`|NDXctk_R%di`YJU&OzF=aoNv2A&D&zb?=(z)w77v-JHC|8~HO5`XVzDZzLb z*l&ECjCFqcW0cROo255|%Kx>M@`rCfW7GSd>x%yIfG6SouiG@&$!U1!^EXQ?A^(09 z_?LyR!6!rfV8CG=3u_w~pK}{q8}Dw_nLc zq;IXn8)G~^O8@)k_#Yioa*b(8gC{8INFdj7FY-y`#TX)@Fmg@Zl$)euNXuOxO2-m%bM$NfEOMh-ZYd-u^NY2MH%q^jbL&G| z?x$z#c-t9=C!W4pdY{N0)^fLo>{N;PkEeK@r}RW`3moQ|rjsIX;*66y#6i&m|AN{E5RS ziQii1C*dc?H_i74q~RmzTm5%d;y<)mYNMW2;=hm7F)#j{@LM;{bE*P-2>XxF=~K^N z7vcTrvrMblkCeOu^2+~QIQrH;UfgkOpC}36#{O>ed9j~{chQ*z zzcLEnfLrZ;3f?+vx2pyCk+<9Z(h_`lYSVn~ejP6Ub!z{wt<70DKs3#XstJD1R=kLZle;v2Z z&ze~-XZ;d;n@Qpfr3f^%0rn$ep;PlzftJEL$T*eZ-1AQz1*B!U? zn;%H~L*Gol}p^}V@E@WBt;@vl2>)z9V!Q-9I7%C8G9_TL?f|D9d~mi}!3z6`hg zA9dWaKLuZ`6aNDI2>c;Be)YY%OHSWv-|H@ZYhKd4-}m3jpDy?+@n5RrSKpgE0B`-s zrun_Oqwrq1HNH;4r{PxqEja$BQ2hP{70Lf4_}Jl1^Zv}b#Q)LF($_=!mG8}MehB>& z+#27z;0+(M>&Jl8x9az(<5z^@uY7Or6ucYzmi~g{R{1Q!d(pSr_qyX&{b_zE^&9<% zYX7dTj89$gVYn6l0DKH?jqjuI=}&B$&kan$kHD?@(*k@M{z2`ZdT;C!d~m@opLO`^ zr#H>}Tg?|xe~;Mt-vyuhjJ+-!fDeDp&Yw~E#uqlt`xjI2>7#c0UJ(9eyL^`%e}c{* zxth%1(mvMV9berv&!?L^$v?Q&e|PP{2ln8j@I~xDL;I(`7iE4+%)e;tiy-lR{z`lFwzfyjJE&kO8#}h$KX%aT-}cwfKS6M|3=}9a4UbO9Jlrz z7aX_NolAT0b;qst+x&3a7yeoGrwhITxBMG$yhrDcdhgySy!GpL{!hUh;8y-DIBvzi zlU|J2+?`r%gl=z@#>qqKc>zh?m60Uy#_z1L?HJ`A_=XUcIa ze-<3K{9A$#V&6U@)H$Q^)E8H4?y5Mtl^atQ#KcUm_AItdbU-%KYnSRGD{}x>Q zmj06Cmi{`tZua|53-S{GD>#sy_?x3GDBdKG|0rmGPf_zqis%qYHW; zY&_Tp6S*vMvY#jOsOT{z7rBkTq_Y2(M{bOBtnbNwe?iGLekHWue-gPK_US$;_STe~ z_nkErd(ARFbFO|@xyP`hh7T#$T!S@gEerkCQ^K_14W2+0qc5 z&~laieo5~k>2lI}a8AWPUNszWv`Lz|NVN4TJDli z{_P+)ft=h&i!N)qr-tPAGcLEWujk#1S=DmagyaU0>wd?kf8S+8%e^!tmqzXca!-y!H~sICJFexz z-y_#0<2UPIcDL5aBDoy!^hy(e#VO9R)4z#?`6I58tQ)#f8(h1mEL&W{%7Rhw>L{{8!7&P zfG6O~-`Ok;g9H7De~>2WOTk<5&)RR#z&qgg(fZQW@VDsCI{rY-)xEPk{0Q+ULjFC@ z^H1tYhVg!wa@gVbXi}HMFM!8?Ayy(7#A_Fr4cj|F%y{Oy`YZuJBX5VizA z0)G+xfaqV`(spr6$Hgt37q@g@)Y8+}GI;PVQ)j>9tanClYrHkm_>snzo{L(#J&qKz ztrxX4UD`6(`0jnX5s9@y=BDw-aX;q7W{F`h_{d$P0m2vmX|wb?mws$s)Y5S<`c8@M zx=1+&Pe=UCAm6&OS$fr(`Fq6l_dWIfJxM%mKdtq5hw$#7ZI*7_&EHqm`rFk*|9X^XS^Dvr)rVi1 z_2Ikq>qC)vj{a`5G*(rAo1Z{^+}SK0->p6@*4Bpv@<)FE$M^Rz@pMMFYW&R;K5^F8 z8T-4Ad`HvPAHBULpNPNr*sAFtMhWk2**fF)HjDgp>mT3WC+eGS`kN!3{`0mzSiFr@%IU5?r-x` z@b^hurJK2Lat8B<$47UYCCL2YyvT0EtE)19NE1)nC0pLTMlX>6jAQWqz@Oz23{VN?$v(^bDKn zd0hSU^!3tzJY%agLH3nDlAaXd4bR#tU0R) ztPwXPnGqhEDOjUZi2w!}`R%y+Rk3spQR7x5fecvPh?FC-u{qGmd z^S$4n*CO-#1phMF8%}MNZn`IbF#BY_$b9vpmQH4+2hW;f-gsLi@+|q&O;0Zt1K#eG zw?4?Dzwyeg;5mtdkt;mgSo662+;`L9z;hb*jkn(A1Mhj5_TB{2NB! zTW`MoP5Z=$i~Kojqc_KgOMTscG4qAdE&ux-`CC4+9!LLNjzdN)`z{Ztx~tt|Gn2y_uh51zNlqT>~-<)0QP!bvsL?>HkGP7O=O9J#YPM_z`(S*b%8WC(-M ziNEF3$G;uIy9s}v1k{%EMJ>I$-b8NMZBUc^?t3cvgPjv+R$o3{ufB-AEcV)N+$xoJ z_p53hANlcae!1%BwVRXJJB~f?UX0k}>TrJQ{x@;izJ`w1GERs- z`S(Jv_j|VYzoa7t?}h)~%9mlCzl}dM@?}`ed+i^48?R%Wl>qmVc#aW1G`>}ObYt{Z7(^g5Q@#T-i(?xhM;W7=~yS_A@Z=|PJY|7Y^!Cv

NrRT|$t-m3c0c!d$K*B`ZGuZX?vH*N*z_&0db zN^JhP7Q3AK_ol7Vums@O!AKgk)UdfGm~{0{xy`ZsC63HU1f0%yPC*Og^gy!<|Z+!}J;`0u$J z+Lx`WCz15-{dup%;?>t2_Qv15RhpN8aDLoWj+hGneD%BM$2xi&=>6c#%KdZo%H2!< zGuVH6Oa1gqdq05OBytytzoh@Qs(htB9)cf*Uw3AHJ$o;|3fMa_S&7eIVzKTZZdM}V zg*SiSL9XGgyVtv<$UKwr4gTxh{i+f!jME( z551;$*3K_egf|fW0kOAtyMOa;?OyWxFm{HpbN24_rMmxE+szI_;)UP;W3TPDE$@A~ zyZBXIuTSr8&l_gE`BLArnNMKvkzNe`e^Spaga?o3ub)zr!`J}`* zvsHS9=(~^9za7FC315(~z;0E(eJGr7UizQMdipQ7O5YZ}ApK=Mw{Q0urKje5QZLi! zA4mT`>**hoHY)Wp^7P#-iT`=*w0@w{zf|U5k(a2sPtClrh~5Z#9}dM|Qy<@=axzFk zJ38^_Qy%E=)-Or=lJGUS+y^uB=b7bp7wHS9Pn7(AdKNo_vs8F{_Ruh6_v@_GLi@mPye)AK1sc99%8+8`&RJYl)w%N47am?t7&IaF9y&boZG#hl<{K}-tiUo70zh< zh@9Nb&+@*G*vn&Y6?=C%Gkd?>%U<&fSkHd-f6rbDd&6II`vkT1w`#nMykjr_7O=PY zzi4jrb36O5WWM;#ti2g zyV}v|`t#lF1nJ6QXZ!g7%#O6z9qbJMVE6N*{o?aEybnF;&WAp6VAu1Z1IUdcxBW8a z52P#lZscm~dUap@U%S`!-hti1iNc#l6^Lhy{qHIMjy~P@$M2)6#@=1d2E@)Dr!pXZ;6pN$>H9Jcp>;i&YZ8RA)EUhDb!^K0$%r(OK?`Ze_X89$@q=NHhg&Clw- z>S+7&WBAq zv)GwuocXAv@9lfpd53A|Bz9Uq%sfNv?3u3jn0C4zz_nCI`*y;bM^XKV%*|GhJ@*wDuk2!yyxR)K|zD&^UUI(MZfdYF8)(>^o{se(4RT7RmzJ0|6WI* zon01IUKc5ADLLZx(%(V;{moWsR`h>fM}L?6ll~-yekbGVH%0$n(61R2^;kB&>sTgs z4rAxY-)@yYFLpk?mz@dI&bs)+xcU{bb8t61UjOFi9=GmhXH5KwKalU=U|f~+|L7IF z+0p4bdpA3SVkd*0nZI-6;Uo936WI#ab8jl-_uI#?Gx6=M(xb$myX>zC+Hu2%KcTq9(6A5VI{{h>HRXa7>|{e%I+dv^&xKzI+~{?0QQ#D}iC zAwzgK;a5rkZRlXczetl|k6QRFd<;Gs@aOpZ9$a$~o`)~ONuJXm4&8rQfiD|e_62s} zt8jhJDRyHoVSP(@`8oW9k%7Q&7d-CxMf~pCzT3CDRTh%81{#|%K4R|x^5fst_67qk zejIY#d#+WK_{cn9mhcJm)+He5W6Uy}x5`Y^#ojvhI=;76IxPWv+xu)idkIV=UP}IA z@9#tQ%5yQdCG&;qKB!xy{qjeDaD)}t=HtYCJ>3iO z|J%=x0^ui^*M35RywV8P`FE7p`O;2zkQ**+l{h}%V_x4~+t$T4AMvw~1Iv*gR?_kG z^5&o82kLOI{2lk6>l34Vyz~=3tnBJ~DE^;(2>liP!<+a$dhS&<{cvTW6nQ~-YvCey zi_G7T>v|~jRqC0X|3-iEqN;g*i{0g7nRqVNsmwv*xiKjX|LAb=>?AP8{7W3w3S>$Gr`+~FQuW|i-!_YoTWUgk+mvj`+Z~Mpacq`%S zgtrnd-Cg-3;n7j{{|S$l1NkZ8?SwZF&SPQ0N5bQTZ{uHe_yFM>gv&L=@<-$k5WZFw zo*+C!_$uLlBf@_D_3tgwJ*mFy_Hf@N!mj^Ee;EICJ(Kb(5I#h>cQ2vbZuluRN&G3o zN2>J1pXOKj_CCVzb^MvO{24%hxyr7We!`CvuIs({nQ`(`H+E~^v+z~)%JoI}vAebJ zCFD1duk?4}_Py?Sb$f`un({%fI=r25iN88LPWTDJb-qhF2MCw+vwabKBy9(r{L>`V zE033Z?K|oH&kbpUMSlvph98CXCHyeqO@!Zv-^(8f&lBECc(s28C-2Q0oPx-&6W)Qm zm)|NpdL8pq!aH1;{1Ewe!h5UiOS#3Jywx8h;r;0C)gNS#8$+&KzE*#57`aL0{(t*} zljt{{*eW$k!rVvFw?lXX;rA#9@>9ZNW3+GLtCsH~e1q_6`98we2(Ru}QiQJ(Ufr*x z2|q!2b^kF%`0_5{hY3GUcy+&$Cw#FgT-tGg@S}wP|Mn}f*H9nG7hS)l+`9@Ke6jcKjFH)dFdxyGx7nZA? zzfM4IcxUhWc?h|t|E{f{vxGMgUR^(Pgl}WFx_&M>d8>Y|J8sp_<{KGLi0==rpMB_! zH=M4ipDDt}2)F8IrVf{SI169hcRIALk?eIcWMdhH*%;Rl|s8Mk7uWBy2Zb-n8%e30cmAa@<=V zdG(lQXvB9uQqK=NZk69LxcL8v^xKk8JLt7ueY*5mseo1a)Y!Ezlu>a+y52zlbj|6~ zd->gLr?-aNspuU*ZxX#*>*>9=R&N%))ju#k$*%%>{nwH%iO{3*gm z;6=yF^Tt~v&+wY3cU08Db5+t--Bz~P?c%}4?gOWT_x~P@j0JXu55R}vyTvPf6h2|- zOLeY)p@*5+k)q1zGf82-6isMg|g@a$d!Tv&M zAEj}BW6eg2M8YS*zx{7yee=rGrD5lnzYcfz6>p0){)S5e+#&7fuHN&?R~J1`+3Jp= ze*pcaSD*I34@`{mk?;)RgM>@k{c`fdvxJWjE@>!#Qv9+&_#ELc6+gV(pec6*=K*~! z;pe zZ+H9rr&Rr=&I}-$LT>}TPx5<3FYveePRLV@End;~%3%R}gV&$--|rZdXW0+8e&|(x zlnViU@n;?VG4z{u&%Y{v8h3vS1yY#u?n5MQrah!j`}a8gd@44}GX{^G74M-VpkHIJ5*9#A|o5)Mc%|_(b zky}OXb+vM@)N(N%_4u4g%#5e?D;-J_9d5r&;c=xVQPLay*j0CFC}clk#ZlV3bFRQV`;OUjKe?FN&ZW_5uM9xds8$)(d@I|=yKGbkN4wMaf=|^t6 zjz5RtZLimu&|aQ@XGdY`U|=e;@}kxwB% z#QE0~M84Lqq0plHTLsjpL5NN#r~IT(-tr0L=h;8>F_gWXA8ivApV>S?)8 z)@Rh1DdHUVnxYyjr{SWlNBK1k?tKTm4 z+@X5xd!BXgQRV|F?8$!I8^r$)1omiCm1j6!P@V`mKN84h(Hlh1tJgOKdiW7ehrIr! z>f%zj=oio*X1^{Y@m^``M|Q~vR2yQKa$b)9UrRn*sP+A`HFXK{Dzz8uQh)(I;ztTQ zP3!}{U+kQ(?Np`X;@Wgb|1pdH2>XRU;rHmD`1-2+r*!#CelH>4#y;ZD%JTFd`Yb3i z?R9IF$uV-`XY{Gu*F^7$;^#ey$JbN&?dD9EtL%1jCW*IC^x3DptLRIqRrROLQmVUC zuRqP8H_tw1MD$MkdMbTrc@^I4ge5-~ke_6K^XuYsjlBOTi)#*Ex>k_yWZ!dBdnxXV_o$^ndV&>3ijm{yh7zS4;fg z@cl36593;Bd`%&b_)5X zJDvP>d&}pMUn|Ssu($j=^2bj(`>)$uzMX^E`J$75!`|`($WLxM`J4Ba&mcdt<>U|U zEx&+#|7j=xmc8Xyknh}f@^9Z;zL^VR+sGHG>(Seg50AGW)BTb34+)X~zwZ4_PJY+% zmRnU+b`SaYYyI&ygMQEN-2GUouX~TTSJoSEm#}yAzx?;qL@x{MRoW+$hAYbLQ}t8P z0TRPGiPx^r5Ac%k#b z-SKceEpIcytx!&4fRFgGgq`ER=Xrgx^BrxcYP@|?Z92NpZ+-^#g>#r6^Lz9gzJ9sC zCF|a<%U}A#1o9`4_r_b1Kg01hjo$RW)1{|~pI;92RDRbVZ*!s_VLwasKM|xe=ufTj zb{)O(M$SP*?~a=E)r`08&tyKyInmc8KWgM_$J+tqw~_b8+uQ4;%NTE`&_Bxg)4IfW zTaYf5FZIXUCGDhG2ekRDE4yL8{@p}<6`d; z!(Mog?=eQdF)a3?gN)Cdvw8kqX4nhA6We-6kLO3!}Q*{hr0zGpWyEOL(M<=++mb9-6rZQRS* zyYhc-?)o*WA{eIX^^>Y*zJIAoIc)!#Bb1rY#%^&ai2fy=>NAF1KZw_{JQKjdJ+y}PsK@xESvziAfz?Q>3-o-O*W zpQk_a=D&S37pWISt5lKuyrF6Bi3 z3xU6t`2+L&>GJ$R&F}lrn?vt2qW8Wa-zs`I8|b-tM;Edg^v2I~{q5`g`0Dky3&?Mu z@A_NUZg=Z%3*t`)`{0sqXVjlXc6L8g81(w@{m-L*aejV>*gLcS>=8!)`>~%cY z`FBSBS$+SGVXt@pY5#kzt^O?B-(FbHzu5E1zlWUm-ZK?Fqy8*nJg4jD-vR6`KGdc6 zjQX?s>CItp^#W(_jQX?s_M%r%86W2CRrhDRw)^__lGy8bxU=`Npgnj!j(aCX)p&2) zlm7NF_IfXL{n9I|?A7$QXYJO%dHwA=cE-C-d*5RcmG)M*zol!d?I%4uaSjHKJmPfe zHfawBceA7WTVC>2Ysc$vGuYYwQJa*K zao6vDC(y6-pGLo%N3ZkGT)*qa2m1Spp3(0X(d&Ke>C(-_T^^Sz{ch-8fqwt@LfYHo zIDeLWwd!-YfB9Fdf1zt`NMmpD@uy2q5_=a^)t_>Eo8A|C>FGUpecV;*Z%aog?y59Y*y*|KwD*3e=t1mMuNM!N_h;n^D*q$(<1l*5=v~F{(d&ZvDQEX0ByLM# z%8RMPSM%--Q&);Z|(3U!W#&`x5&~5=;y^^1g$%Mv2geC)(IctycfN9N|^3D z{JgC?8{pDM51HdN^v)1_C@ zUj6zK@n2UT>GhVnjZ^!)pI3YT^Oju1L@z!^eaW6KeV*T4zEfu}YuVW6>g~tMlS!(s z$ncT+If~vQdQ4|MJ^yLmH+eFWZ&UEG*|47yewgs>x!UkN;S(RN4KEPh^w+iF>x55# zsy00OVe<2{wc+iA&wZgbJWhC1zBYV-@Ug{kxa8LX!bkp&^^ld%eBTs@A+6VV|MT`& zbVm6%i{9XOPnV|Y_iFkSP6@qk2E`6e41(YN`z78e)X_+HT_IdfQh$t=|G+jM@w53O zr1uBhbE?GW@6nVOG>wtQ@+O@ZL8o8e`_SuIarZ?$YyQ4nitre;(eM7((`ZoSmuAn*um8v1`@rWl-v9sCIrn|HX(VYnQQc%@lTKMg zOi*N`L>mOLrW8SFQ3OFoQ4<cbDuj&vwl9`{l1UydARlD_5O3culM!7-q&@mbIx_H_S2JzYc@j&mZiMU z)69u1nu*^F;G4GdV3^ww9=^&58$o(VPCLeE`wto7w`6Ke`(kB2gpA^-Td|`L2l7z%1OM{ zAXkOlUYxt*;hcz{^?FDve0A{UkL;iC`}s%u?SRN<4Tc}J^RcJjdavPL@$*k)A3Dh& z1rL({a%1yHDR>Sz%>q+OPMN*YpX7J3V+r(p=;sQ3^!|S2X!&C``nvY~&+|uG6aLxz zKhGbf=*ie;^!!l`-{Snu&mZl`)grgK`C|aNrg4;)#ln0Ca+{k!79zI>xy{WV^~m*a zX8k08bR(BAYcRZY}uNB{hh#sf0*5B$&bM=5%`(6hPivl6*=n<*#xW3@ckbI|Dd zV*tKs@EtRmTX2xewFd3kJjQk12ly8sl8za<{@72dmMy_>jTylLF|8oQ#8W zQX2Gpnni+pBJ*joyzp>HecO>!hYp6h4dBU_W^^!;JiZpb!JqNnv>FE439s#edBEoP+LQE%WzU3&k^C#=W`c`7UOW%H z*T?=6@HIYoIe3>(y{c_~ul@D5elOk%F7_mQ>|Aa0d+W8<*6+1{6S&yp#nT?;eN!Ji z3%tVzF92@?_u5%%^Lz11TfY;R>%$swvF9gJFUG^Aa?91Oqi%obe*W$R7k_)}(PQiL z;sfA*^-FrpzkZqEe)Y?<`JMF;J4?VtzY~}Gm4lB|zZ&R%^=kz8t6#gV&s)E4a4A1% z`%eB5yZXST{hYYi6{M#|>!)>A9oOOGcneJt}Rwx8612WgdHlzY%;sxVPTz z;Ke@t-Qa~DT-wh3J&>(_3kevj@Xp31A<3{sTT^ z#g-{Y^i`v;>E^-kzGJgHeI&a@UpM;demxkj3-O1aAF4d}3POHYcvgi)U*=Qf$NRUO zeU<2IY8nhb6VE<(JKZ&cdAglC(YNRc`#O{Q@}XFb_kj05IT)T|RYm__+I0YY5L{oE zI{1^GX1(W`SpH1#Y2adRS5E1?w_{%7# zI)hrh$eu5R!)a6h|r{cXCpK1t6o-i#oZWz)TK1>j91$St(#Ub!XU z4RPc$sb4+x{vQp6erlTa?q+`6ab+z3!kdW$QoZ{3{E3OXg5GMN3%!6Mq(fH-SfZg(7y9f;WKwQ~+1| zN4FHzLwY}LTaP^TBJY4*6p0HKN2AZpOL0=49^{I58Pd<$ zi~mH(G>_Bkw-Rrg#6IZDMZmHzqBk0#=oPBgm-Q^;L)K8-xGJ*g-uc)<@R`VMt2J5w z6Z@8c=VTB0?(Zk`deH}6Y!&;L@;Yb4$3kz1Uc5(q`5x$H(BsK(68(Go*GFX1pR?%Y zQvPgb{GApFtCwFb;BIB$YE$efg1-uV+}70gTDwu0`l2-ts2q9+^!tQvUFZ6&YnnVo zs$u(Pg)m$96Pl6FnK=}`T>$(MUAME>MeV0ZuXV^rZzxFleaP32Q(o$q#S0ky$jkj& zt38Gv3Dxz7p0kgC{Uwgep;th!7x`%YXUYAK;qN{3)krS>t^2BYPV_b+w+6X*<#s}! zwr~7$*Fv8UeRIl{ex2S>p>5b-(O{-UNN`DE&MaeJ%7=(Ea=; z?Goh0xP$|S!gq;$ymq-hwq5d&t3WQE-csl-o2gg)xDvT(`LTX)22TaQ#N+o)@Wr!+ zT>Es0-+I6+z$XviceFkQ2u}WSCG}Yd|Fqe$dX|7^fR9Cw*xL+$?;QVpmIr+`^nU1d;-6@K zi1aTzJ3QuSN3sK54`ypUKIsMW=^?~{OFrKHx4?4WXJNE9`~D~T8V((@_7{%YV?DFv zc#w8)=Q?8~VM%@Jk#9L{NWV`oT%Q)NJI1I-`g=M2z3@loox}5)Gb7`PUUysx-#YlJ#XhIsBF_-H zpB+2PZ}u*6+Jl~)!-vBA4(qYw^lCo4C-sbY%UbVDdXant|JB3%*7&p;&%sEXmY`=j zdLsSC`y5WCP4~{rYrt!f^Wu%*b>Nf4F8h#nX}9^k^Nns>zc+99fmfl&yKWeKN!AaB zTv7{}g@g=qvukP`EkXI=uTj>X&iW;VV$3<1XoC`b!DvM#QQEg2J^ko$wqpT! zEBHF_uQ~ViqwASHv&*l4NPpafp4y{_qTd~j^vCPX=zVQHPGokHFW~cwXNiLXn_epR zSaD##%Xx0fOx`}_BX-em(B;BX3I7`O)k?cr{4$vjEH>>Oex@7sUFjTJ(W? z{Z$X1M+rg{Aoqo{mZ}U6jM%t~<=3mJ9@VrM-h`tSa zVam*dbh4W3xE(5TnXi-2DQ9!!#Ew$r`jPY2vl4urPkm~@dwuXm@HOBP`;kNRx7+-> zy=;QSLAR}cdwU!sPwMw?a>Ne2fjJ&A##1l zb#11c*pc}r`QfbCdgp;FaBsa!zy~SEiw<+1fiTFv|i+-r9xc#{X0I^=;jfd7?q zDVN2yzc{ZSOQBbs?Viu-_6J`KJ}7d-8(Xin;4{Fz z_1XlU;lZU|X>T$9gU72^F7$QKo%3|5R}pwW_-#@z%O7kA#tF;f*8i>et%Pq;#ZY*S z@KJwj9ZQcN_6sF%M5ZOt3u$S$X5>=Oi>+TLcmlY$em&sI2Oj_*r2OSlzI}-Pq_=4= z_`UVY1YZn(i||_Yx;RoJXT6Hx>xWOrt8cy5`qrx&xwi9T>s1fl0`9F>D|nL+z8bs% z+*_};;L|RMt=A^-4DiwVSLQqT3%;@TuM+szRL0h)9J~wMTc2w1RUTa8upYbvJYF2O zL$Cd1Y`wa{>%d3rUz^~oxNz+C%Icy&UKCre0`Nj`Z@o&v^F6rKs}g)Bc)WV8gr2b2 zU9Vi^n!!`SH#hIEMXnGzz5YnR+Ici^2J<34@0ZIA=Luy=dFk)s-%B>Xyb|PAA-B2L z9W}^RT^8%#M)1YpUjMd(SNP!F;ETY;*O5c|cc0Dg9A~7S!S^ivo9ov+QqbLzq&vu*NSx@2Vw)JaV=j-A7vO*sig`U=J*%wbfcLch$Z;4Hp zxk=;@yd1oYdWcUWhuBjMz8riP0kyru&wUBK5qcf;pGE2Ak!gmt{tvxv1o^elSH+PR zyMiAOkI;jn-#!FS2k-U4bHUg6;6>nF9$f5S2rlIh`_uh=RrLsTv7^yRx9t;9wqEk7 z%s1tJtUi^s8?mnxzOF0dx7!lvwO9GmrTlv6Ezoz8a_mF&wt~;RdMJFlJ>Lza8G0XT zVG(*a^ucBE=>yQ)uHn9^ef_@F47?lBAo6J+qQ53SJr{c0^^7M{An{5xvb(nYVU=G3 zefbUkbg5S*^l7)a@0S;W*ML_&JQS{yKt!)KFO1%Q&~HsSAK+OS^jq0OmP7RQps(ez zq3}$Z(D~_W2)P~zN}b}TZ&peJ4=#vbveqzPS~X<7kEQ#myeJ5PL+C}&t3LF&ZgD^N zC#9U&dUH$PRqbbe*M()*yg&Nh;X$50jq1EVF#ehw!k3M$oNauUv!$HQ_~l3rZKRwT zQ#M%Z$u2)cA5(}t7Nf75y5V08e>Jl9^;M*Q#ym$O?H2rqd0_y%__GB5!4d4O9EHAe6ng6@ z^zKpU10&F-Kc@9q_B*<%)&If! z2QLS2@xiOXo4~zx)`K_r@VA0XfAHGB8obsAUkkq62j2u<<%6evO8)TR(oR|672xsO zsmP|sYo~IX?ro=P@I~m2sXus`#|~+~R`B^g_-gQCAABu%p%1>7`(`}o$lEQMS5?H0nn2L7??UkU$=t;epv6aGc;k43-4@c{g7 z@W&fZ(*8IyJ$D4U#Ak_3cgBg7TMphbLb)|I{d{<>JjZtlm|0%JBunI*p{J&8u)b5I z^B{XC*fUR|uZCU$J)V3Y^sW))lm0|}ZxdfW3wkZ|3!?V9%P)f7KZ1NY^x~=Uk{)By~-LmoQo6P{?Kdh z_ort{`$MmKus^&^78Zz)z&;4dzjMsUG+hbb0DS8n8ktYZOJ7TSJ=!16=3Mlhq_tU( zhzUIpdRZKL5%f~%y~M*c!}lfh6B9f)kuys!HQe*?v*OQ!t@(B{`ZBiNVBNpP9?$iW zSKrTk^)cTr^1sZ<$7DSZNc)2PKW#&J2LbFu>YD|g5AOH8oY0G)S3s8>Z1vya>v8c% zIrJ*%AKLVh?Kge*WzZKN$cw&q^re1(%jrw{lK4Ykl7D-7-;4L%Hz4v}yl#K=mHl8t zI5;+a%l(_BSiGg{+l;=9?KXtN0>rkz*SrYSHtuD0ccQ#-0n}+9UZQa~<=o%njj% zazh$WZOjGt$puw8sF z(%t)n4WPG*eLmL&(R-G!UcE`t=xZpm*vkk*#a4br4_fKFgE-GA_tdb7lBwH0_XB?X{$PWKifdf;P2WF?#1`bK-H|N3gi)=X? z`gezZ^Tcd*xaK&R#4PspVc$CT#nkq_HsI$^>ivJtzM3ZXe`X&`ZQtDgKKrtM!+y0h zZ2La@=YO65R%73M_IK3&JL|vCzVe6Y&+N~r?OXrNf0h3l=^sfCvmYhlB8~RrBk6cPCphqTd}i& z{TQ{K6aRbdENy20WAwQ%ITh`WdLVmtl}KEnQ%`>zl0 zCw5LAlbzDq$MQQQTg}f_l9%leI6GUNmaWdsRprTq%mho2R{T;QuW zW}H04_g;g0oUBA|M-kth6}<<=(aWYIj`7!=Z4H!HYTugpmwt0zwmM7(%2jl(E;`v7 z{_UlMbp&v+NxKAgAs`lw(!n|c$2bB)#>uqDu&>y*@BP2~`Ew41{2#NgRqQLV?OX8Q zXJ1JR_RY8L`{&>O>-;w$_LbW9E&cDaZ{_3IS7zI{^?#Rrjr5P)C$Mkf`tYgJfA8bz z9OpHIH7{qMU046G^ZHd*_od@n-S^1soa5|nJ3D0^UAUhvJjgg%6+8qD(v4-D97{Lu za&==RcJ^Rr9pC-ccJB1wYiBhZI#rbO-BR)A!+rld{xoNeH1u=@4$@5(9d2Zt%xYyk zsNnnOV&`sg>}+whyNr_za57FFZ;g|eSRrtM9w*P&<78P%8_nK9^IMtxkd&4H+1nZ? zO-vw#k2p}a1V$Yvi?F{B`;s3qJf8KR5FTh%rml{raxV2f6rp$pB?_= znN<0zbjVt^IN9;22ul_Rrj!LPFx=Rzlrj`@h~8@S=2Wi_e=T;tY3aS%JScg>;lo3$ zd40AznLuLlc4)RL&Q3jD589_EO-z`TG$A!INg{0IYS+@+gWg5U_>Qy0>k6m6(Pt$J zWb-t~JR`8m_vSkjcl$bD?9F{fsf-ot!z>H&eaSfXuGoBgYtY+PWBXydIC{t7hqdS} zzTUR?shOenIAqGXMHBJjw1eDiQcMP)`zd;#z^oi zU%dsgt(>#n@_jcynFX6fgB1^b=xw{5eflLH4)fI;^X$yWaqO*bcCY+zl;e&X7% zudy2v^P(-`*GBaAK5W~&ERNoB*t-e6iyyK3?;J~SO#iKQjpu=Q{a5cjj&H@kB}^8| z9$z1RO#1J(zItQw?%8qruQTs9qqps8yZ^5L($OEH@x^ACZhPbP-v;}kTCq3yJNoZ) z>%$Xeo%yvmdOKX}qJf*@1Xzci7aGx9ir(ezd`Cz6!wtTAz1QV)8RBF$fyok+WTr>V zlNj=tEt~YgvXnaGK!&11uI9~rJrc4uAZIWz^f5`gn7;`H){sm66HKkaq5^X&YnasS z6?`6JUtAwPQ}>5Bc6#2qW-|ic{8fbxImEA}=xuvxy?*{O_|6x8?NyNC(VIJp-U9Tt zqPL=ReRxN)_g3^qpIIdi^gRpx{h8~mO-sLV-?QMM1Ez0k06m+~)AY*v@JAESbMBbz zE7c95OqLAD3^YkW%5q~K&2b17(KB6Kd!z@ZK`+ftg}?;nA{5|ySu{M7-<<4J{t|>1 zH%qcpk42x{tvDEcAd~~)a$1u=3bRv>%jP8^i$h9`bBD6ZIKyKCvw5q{o2mD}3;3^l zeRvP)pSP~{Zx{D^k;El;9^`7wqzbIRu*k*~jMX;m!xaRf4o{gW>F^{RO_}|3nNgIj zPSx?riBy^eGV?$})jxu24U8r1Va6>IM~xli>pw)|GmgEUI2ucQZbI*(k0bH(Mj+Q@*=1QQ|X>eGRU8#R<5!n4cp)n~2XA;H&_wsFd`bERGdTFz5XS>uliSeUGs)N`L~a|{()oS%-5Xb$N+ka|G{^YO#FJx z*z{gLieBkgMK6=@Hm(o9A3*O8zIwg)*Q~@Y?ZutnLGx5@_|4*m0U3Z_9aqHG4TH1w zaA5Z9i)QIn^hN%mkHztCzqBFU$LewXpFxBM1S!;)N2-L}xe0p*zvFvgQ?d7jKl=HX zbxzl_-z;-yEKXS!nw8QOV!@SPZ-@ogkohN!Vxnk1$dBAwdQ+>5Wx^z=J}wWyz0$h4MF9%Y-O(7H)~{0=*z$p2DecOR2Y6r4Yzu zCSsrUb<{_cF&LUp+kfJLvp7YVWeGT~|H~z%f1q}R0{deJV$uJkPEKKZ6eihz%~Zth zEA;;~YajPu0KdAPeS?9ck>3*d3gNp`;_xrM{{HWG^>0a?lx@e0LA;p63%^=^b!@oO zz?R}}zDE5#DmyT!4$D<-agWgB>4)WEKg`4_9_-C+HLZG?*Xg|3-8mVYkgM*<9dPLSZY z^RgA8&e%w>axUEfR4Ug6)73B`bULSroZ1Y;x`eoiGZyg=K`h>*$%IaIX+?9X72t$F zBQEkZEA4ASI+cHDZF4QZS^TUttOD0lz)|iHKgvJEyF$^>woc4tF``t$3JHnZ+*RCv z{Mlf*MdJ3{&-~-IA?Un5cg1Z}@YIx+;H;E3ejWT)1rJQ=V!^i|Xwt6Ki%!o3052jo zV%#lL4+Er8l?$d(N~@Pvn#~lLnH8vL-?q zm#3`3@LqoFFuq?_tAplBnGw=z#RX93L1j&wpHK(ktRnQ66ZW;CIVpAg8aVF?B0+f2 z;sh4;{zaTN3eq$zh?243!%O^0XdI{i&-tmk#Uwq_QkY8+(OzU;xb@M)|NCAi-yA#` z-aUvv4*1l+-Q3qXl%x}_RGmATzf4(0p6TMZhFsH2uIVt%XEhI%Ud7ktyLf124ZmJ~ z>)`9>Hwa%PcpuZtx4F!P_R4K%EVhdy!Drz}d@h9q0X%=A;brt4b6p>P|PO22>?} zgSSkgUL!O(nHq1zZ*Xbvo;P{k;%LSpY3~<6X2m=UiBYaRDD8bJKdJg5(%#Dn+FE{f z~eR;8WGgsE{ZFU#sBhTh`)jK>d#H%MOl@MC{}HMrIRxYkZRF{OzB zZz13tOtLdAd!d!PXUio~lXc-k~h#5b6_XVb+QsA&kC0kaj}dOqBYeQhW4 zeT?m~?{r`LVy>sNf8d``s^~9rh#!M*GrnIo7%ocSeCe3{IAemp+Okaam59Ep2E!MN z?wzcDxYV@1;%6SN9}d>fFD`*^6?{CwqJmq&7jvCdHoTXb`LfS-e3{nMiJq#fZ9N}i z|2Xv|y+iviv-R9Jemy1V>5u3+cl>(l(bKftwr9Wb>sgDQvTJNT6UVP7tBdCwueJ5O zPyCJ3&z0!uis-p}{Ce8avz-0qb^M$)em%i=`Mzt7t!MA?>nTFdU_?(~{CZZRr{y}^ zo_9VPx1W2^v*>zT&mH5_lS|*se2?py8wSG+C*+-|9(h;PT4F19Z2<+B^?Y(Ea&5@z z_Sr8gXFc1m*Xc&@-%@@fdMaw|@+U_1j9PvVatSxu<$wH#arsf#|9zf!K##8fgHb)B zmS2k8{G06ZFOAA=e*Mvt%6AWR`E#OrMlHVwIr(0K_WyQKxy>rS0RLxplRsA4dcImS zEz={z;&k-wgrA&tMf7>rVXqx!Ub7IrJ?I_$-C+1YeVt1D$LjUI3$(&_e#pB(1^)A$ z{5;Ajzy-Z842G}gJh+>)pUu+uBO;&0HBWQgl(plNDywSb)k}kVKdRtHtNu&PMS7x? z38@i!1@r}?U-}>Qh|H%hvZhn|eXZ5-wZT^@d~Zhhcn8{gH&DL;DD5`@U)jri2TS7M znK=G-@16X(fAx!%^v42JWOUl=T{rND6`#@kbb4fX;B8VVzY>;w__L(^bK{iniXXGv zzx*=&ozG4w|CPb;u~P3j9(}I3KHnYH2dCsn`vqyTeB_Ul^KD0xzra_%0QoB9PZRmC zaIU9+4o_k)bI20_l%I=CHS#UU*Xs6&%HuzI8%Pha0Xk#`IZkUPvE_?gJ92fa_})yU zKYRRc-ajmm0lyp~H-KFK>x1C|&V$R`etQ#rQGd%TWxAbW{3iZbh+NJ)wm%-T zETl`%w{9oGs-pJrJ zMt^rBm;aUR@6Rl`c>b1hf?Rs${KGEig|U~Dhg{oUL*ZYDj{BnJNZwn)!(iRe5iL-)%*_?zHAPWX58 z@?Y*`*Zn7*B|`b02-_cWeLg08cO1#ya`esT`yS;|{%75~J%{s$d6d%t$v5@zC*%!T zT!pZ|C6G`RMFne&)U<@MQgw{0aYK^1R4KE-qvH zFAJWo^})aeaVEZ9pd^db8}S=y*=n{n>!Rot^Wp6C;HE{`dL$#L+s7{6T{PS?87JaULHrU$KESPu{RgJHRxT$KBkw5y$7K; zHs6~oJrfg=>qJg184AB8ay$CVJ?$g63AwtZL*WvUo9vde=UwJGF1dU?F6DksdtEye zzDeZ%&LWG$&WPNl9yy7(a^&XUG!(vr^WevpoMT)%!WnSFUl0GPyX<&=!NDIVo>z(82E$&qe6p1b;%qQ23kx_AG-xHlDrD!yg;xF$n$qdeK_iuW2ZJf#^GZO!`iY zr%&Rn9({G}b9eJ3^v&_r#|33I6e0ORUNvdI!*3_8j{!i{9PFruY6)^ol== zzF>WWee1q4(Yvj$Uhn;gc#l(-iN1RDt@+)|O_k8W!IQ}dvKwqEOcLMu# z$awysN1y9D$$ZFhp`v#kAO-3};xhM3rM^SYHJk@;u=GU6akd>V)N!n(ta-;m_>VcU zKYX3=UlhY%}ZOKQ*~taQj2Y3HXdS zaym|+7mh$*2wmdOuUwI@hQ53RdL#6v5$K)JSB*el3w>Q2y7)7gMf`me8<*+e3fvnX zx!{B7^TtyVct5z4U+T9IT+06*=T^H6?=LCkSKIVR8w;D@_29ie<+OsY@hN9Dc-IK! z^x1T0IbvUMSId8|O2O9LQorBA#h$h!6Z&EwKjeW|fZHiUq^{? zd~iSi2)%I>dgmzgwWH93*&~;qISRdC6#BwZ=+&dp8%Ll^oOIgsBxwNq5WEMx7{4;i zMi0RUzzcowq}>>Az@2(zT+9TY3I3>Pam)!T?Av5_JLZIF9ZL11mxc$ey!lk!6W-0d*1Ds<=I#3DBo*$Tc^}7m_vRU z7z&>!ShRk2<)VwcmOv%{w=};&6JzEeklBfAf9p^Wxn9moHNIbh`7{y6Z%@vS1thhB6A(~u|9Hm&YmGu z&7ZY9`3?S^WB~X0DKOD+Ey`xXQY!p|LwY^d)-UsJ*(dw!h<@Gv@U0pe3ZEne*@td_ z@YD_N?;waDTEVA*Uo3&mIOl19&pudzGT%!yM>)Zt(I5WJKG8NN|48}i;1%G`I9>>z z3tk6aAbyA~-xGhtfX^Ex2d3nkzV}{GDMuc^ddjK#ZYbO?fU_L;oVMA~y39_6*wL=T z0Z$FY)_VXv!3R&;lRyD?&JRR?CitL_{ygx0AG`!y>~ZRme6aGL+)pBYe#Ck3)|Yh* z&DP6*>~~B&0qb?ZcKGTdd@JJft%a|HcGvnYkI$DhzZ9asOqaJ!8^_(O0ohZ5gg@Zrzr?|QjN{z#I7NnKckaK4Py8nHjo@c5 z+CDuiYF7#LUg+&Y{}B2JZIlU5wdlj&zYzWxEPW(>sU}Y6|KNH2n&E4MFD!fyJM~6# zpZ!^^KRI%reV<+Y)rb6I+HHZzFSF!_$MRoA>a6!X7Q52dQy%;o!hf!1m-Q55)GXZ( z3*c*kPueVayv4^il%3{l`wR9V-r;-FfDx)S9%H*>?}Wev!(qH$L@9$?&*!R|k|Fv}0Dr*$}d=FsW7 zUuN~|X6(peU+WW*iyYF&I>8sSukudfKl>282fUX3Op^t}4~Nmy1s?!k4(`l9f+z7o z&nj?d-WEI)d@;ClT}k3754-|gk3{r^h@Y?L84tUQ>h@S@%l{A=v16&pXV~SOL)xp_ zrcV(-(~peOrTj*lzOB&hL*&}Q#a^++k~`5Q*8{ybVmEq)O~?NR`U|+uKYxGTlh1_9 z@^^Y3^JDm&ev)!?!JEMSu2;q05}O{WV?s><@DM5oN|H(f9|g@9bEJs6xBCZ>mws-eR-DcVvu|KSi$IrhEHuE4bL}jLTg3SA&baOGN?t$iw@ESHkDS-;a`0mC?ZiI&5WB0v zo4_v=%xB(vY{YJR%o8^0$L+}VBlj}_Tyaw#jTNzHEqsOSbG)PQ*@wjDCh!*aD_$g6 z)L(MlkF)s1j!tQIa0!3OcZ`R$V=?E!m!I?GjguldPmiZt*+D+WhGAcn>&+TJ5uZ?XNT@7&+8emp3uEabi0(Z2=EIjrM+qL_EQj&QzV@^?Avo4??MX>I_;q;0A4q{(zxz8WeKy@$P7$oZ1L@D``^c8_ ztS9iUaDww?8}n)Z0lq^*MdGaleRb$_<|T=Ta&Xy?dY)Yl-;1>-8!QJ4y#{(0bQzb# zerry~)dPQu-e%}(`&hl5;DgA`wdK%j%`(v|zFrG`CUUhxca76#X(VV#6hhU0Ogjks z;rFvc?97F}3c9}T(SANUI_?U+WCXg@qZ0a}>F)fc>knQA9&cQ2hTad|o4-53*MWQE zqzAm$Q;w8B0KUe9=SsayzW+eIx;PJB^o%PPMecv!@5)8_dR?p>Iq}DvA~)BPV+@no zudH=Bp8qOS1@P3vzi0>Yg7mNbqUAW&5S{ycd=RrJDEoX!{#%QlvWyMkXQkZ9=%FoS z@yj&NmO+$>da<6LCk6N(3Vgp8zKu_7K1bfDSZeQYX7U&(aiB?-e1*;jMab9vh`b^8 zzVDQG%vasd?U`Tr_mRkBdwSe&L~rent$p5uw?_5qF{{i@!xa&K>-v=GdiNkVe@DKn zAoaPxDQ5`*>p1Q?n22EC_K6ZOR^02p9J#Nt33@+ti3#zY{3GXSv*}OZ-xt6>1kVCj z#Elb|b|?T(0526@^bF5m%%dX%5ua{Qs z6f)n)-Vpvo0C&EtooC}+bLp8|tBPX9dm-z6EL!R~3z*D~KwW5qe^!1>x zB4^Cs$GG3W%jSzZtuN~k0(bW^Y|>U<`KX|gj%=8Lq}S9GYUGWOv5 zYfSCOm+42)C*yWK`cy90`%(aLL_Cli?fX(Ck=rdow8~!%e-8Xxsy^w5u^x!NEftUD z=*!=0%h;#eAAMcudqNx#ZNIU#zsPSwzIbo0U%l<+j=#6##a~_#^_e-U{D<-6mmr_B z&-mn}f43u_vF`@`UiWbQqw(v#5B5NuXQ+zBed3R#!|`X{`1~pM6d_;y^DP%I^)40UxIuu@}uM*-~6HbKk{9NZV1aT;nP1n<5ystIQ=6ZX{-Mqg}$Qk)kpV# zo=_|fr?e8=4J`9sJ5T=GxJ_~f&s{>XPAf27pkJHI*DJ--qDX83!@$S?8O1HYQb zICu|Cl+_d|K+8Rf4{w$6w!awK;r{ucPl#y0-#zz;X>aK5l z>iMMDS1S4zZU{d&HhuBlQH{<|o6*;B>iGJf*wcr6#%WtFKJw<%KhgKi*!=(8X#KMW zePw5E2>($U#5o>V&ue+|mHC*z`}0Lww`ULf)LC0*zM6&3tYgW)=o@SPDuq9_e9QT} z8GQ}tll`21{Ns(!siVc`CiHcjz2)pHI*$H*&W7-+vDsHSl6{g7>(SSB?)c(e`oMlBr^2zm#2qm4TM2UOkQ+-s5&mlUr(H01{#N)4$H*^!SquMS_+@Wg zpMK-XD}g|qxXedd=at+OcwV4#%Z!WC?$zi^xNt+bUJ7vLJ@-6#xqBWg%$7Z!$S*?v zN>}|N?PRY5Ryx|rT18~j3+LSq?p@mY(oW=l^hF!O&$#r(oi|pG=C6h5n|85vUun30 z9{Zeos95&#%CpNrU0=Bm(Tcu0^sUi|^*@Q%)!=29Y|#7o#4YDKw^H$c@FetIy&-&y zsIuna(R)#j=gNy6{*T^?7x@C@2a&&TWceCD`A%f2kzcfIL%2z9{CUckq#k{oK5)d8 zn44h-rxY*t15X_@cwP)AH_qn8fE45lN~NthEGi@4-o|=%Du6SNBhOpA*Q?4W`w!q{ zqHhVmdh~VthP=Qq?xWAsZ`owqXFA3fKYV7)kAnCdKO6~)lf0CEGWqXeSNY_Z#o{ynP(AqVvak^kqD_cA*`gRe3 z_E~D4qVK)Y-SmCgq*L%W^i@LlUXSuNr-l-!uX(KF4_=k92qLBZR)U_wM>m9T6~L=! zd4%2aoA|jJ{X)g=#%D;9DXj3Ji%+gQ^7BaF!Qh2 z(Fnd6yg_iw4!`*sce*tkwM+V^$gf3y4f3)-$FO{4{%K#wTpiQjgkYTP zmBd;ecnA0*F+MhKJbP@M;6FT9@T8^hyrsfyj6;YsZK()+)=&Sh7l|TIY?Fzqk z68U=Mdy#Jz1EYTO^jq!@`ORxYz6bf@u=l#oBVQF?KK*R^x4Ch&>+)p|`(4lHlp>!I z*f=ixWgMwTz83i_<%NaOWp|);|I# z8*U5%v4KOz+pKeG&yGd_9oU)Fi7 z2P3cZc5Hik{Wr^Z*pr8sMHjy%=*#&2#_;6=c>Pxq>%V6BE8ri`xF_ZHA>Tj7@`OMA zd{gEBU~KIx{6+A0z+c6AOnp4-CDNWt;7{Fdqi5aC)1D*b=XT^PkRQ*yPVC);d>8U# z@xSnAT|j%KkDb31{tEanL)Py9cK_i08moQvc#$Ex`PIPRF-HC3zjpXjfA}BNA9*!> zZ1s`yvML!*;dif-j=jCgk#9l1e#E>SxXScNU^2ySMm}}MM%Q(N_^lH>0sLCdW8&^o zcRvz61Mn~M(UbH`@&owa?dwSW4nw}Y!w~q4t4Q7BN$>emjOfXOKVz3zdrH8kfp2Ti z@3bDhw_jjlU|0{MucfCN{)Am)_0)qa@H?G)^!_1%>l}J?J`sCX!(WjTt7k3vBJk&> zKyRLTEY?417czc&^rR!21>UvKM!hes#Pem5)kDrDK8m1c>^uH=tU=6ma3{j)=$7=X{(Q|+Ro_4N`xKC&t5-*$J@AoM;Z87)nz~2%^cex$ja&uuRfPeY^ zn_urG$kig}Tn8vZ-%4Ab>|;Oryvh8_Nb^x?x3%aiJYZw^1kUYtJRE|jgI9q&?UVS*1z!xVpPRJ&%sj@E2fuTNmvwi|(p!oA{Cu}wY3~~FV(_Bj z{A0&Y-~dPd$$(Y2cRTzQvo>1$Ogn7QlB6bJw-& z+!eB?#-g_X`Q-<>^-6t8!K=WlIQPb*>6s7c`orG^|C4_FjgbJxCD5hZcKFK*HpZ;G zc7x9cceYyr{C(iX;JxzVWVGF^>jL+Ewh1Ah>+Wd2&b^fWaj09r*i!^vTja*YzYD>a zgTL#|M{+$9$w%!m`6vfbUC&13XB-);w;enKT)%JOsgGk3;d``P%msniy9xQ!;#j?D zOBj#9%SMWa!{Wz73Gy?Ja_g1$EeFp4e^n}G*(>pFeQW5M*!Hc5zr#mQD|j1t>acxL zJpqHBqIFvrVp7kw@YnsqZI86eCh%JD-Tm~WIQ7IXaEji%%aEVz)>{N#0=^vFv5xO| zox>e@XS0wY%ro2&@ge#e(N|cqQSawFdOi%yjdR_Rk1Bl~Ie@-J$6&WB9<6@hh?`&e z#f`LM?yp$CI(BURTE{>9%i+IQ4Dh!57}k*+ksn0fyN=ur-Vg5V=VD(s__T!^!>8Nj z4UfZe8DcwVSh{=b}j0l!m^*qshu3_hOg3z08HzGa;9QjdD%Q%@cH{CqY1W$=&3 zUMVk$O~yMmqr5!$Q%@UTdE%cX$XEOa^6kiX{Ri@!kk2`NWAwdn*ZXB`6CX_@vE5(C zP2LrZZ^(P&rUZO3_|4QYCf=Rb^>OsBM1GBr-e&MF@TGowt^FGGdP%(dF@4BqEQ;+% z!7J%6;Lds!QARp=D)=kI<@x2YU&kb^BixAGDV2O#j=ow?ITCl(;LE{x^vlC(&OB`O z*H+;_!)>p`(`xW4@K!%PH#+siI$rEcT1rAZD^_nN_~4lv!%zF^y?J!K3z1)3?$#^y zUIJbL-pzSToV?p9Vfw{|yNLIc`1Tzocr~8+`BKdeYvrtaa1K zJmtsn$NeIaKi92S>bVd+0sNie@n(3u?l4^ym3pp(zv(=;9L%!^Mw_dR?coq2{yl%MO!}eX{Y+tJ#a^YWfL9Cu4@DA{*Vf&(byz^b1 z|KLxp+!*c~_KQ#d3VguKP~*{rM3ux(?NZ)_v37KWw}I>D<49t&hQFb=Dl+~>R<=b? z@M`7*7rFHao(^6H?!8}}3qIe&FZC$`F9u)1c}zUBCDv&9v!+YzGS1`UlDPA2%ZZ* z2=2_6qQ3~dAG}>Sz4M$$V(nZ4f7PXKJ(-BE1YZn(i0Hwp0*o{-w70a#I8>iVdF}8u zz_*o8+?tzW%j=W!mbl9kJ;CLa2Oinqc-SxIJs!7c|K`F!=%c3yydV52vD;h!ha>g~ z(VB-Yfxqgq@!jWfq01Fd)1AAxiI;-mon zx~kYXDFtrIHH~8SeYsqKePCF$o(!o2xC)x2e><5W1S9j6+i{Nj#(yb>KJqy9>z>nkH z+fGX&VL?xfj>@o!z4cN)a^87=D|nly9Pz7`KZk6_xjSBlw7!pPwX5UEbtPvd@9c<$c*2=>qY*KSiP;_Gr+%=3RrO#qn9ts#=Q<0Kz@x!ulP6V zM&bk9xxba*nc%{&_tld!IRwuG@Acr)-X-Acz-Ppan}O{NPlJn|YT>Vsz5h@z`oX>N z)C#@^d@T2^r5)D7KjY5v&9kIFnKuz1$m@M|y#1OhifH=I3@Rh@QV%tB?^Fda$Ahx^&L zKauEYIN?uP$^7Y_VLKdo>c&Xe>dL??e$0bE<6d`tioi?2r-A>2^SJeSDW*PgpRaF3 z-zrZzQhqyl2e`A|;?HiI|L);@784(`dzfE>$VEQw7TV+f;W%~pVQ$0^G_<)a@(0?* zo+9LWk#qJ}!54zB0e9Ld_!97zCO5yd!%FZbaQz${Bqu~`jo$wEO^pt=HdEv2Z z%~1Gro*xVzf12N1i2VR}a!p=peJ4W)!-hf*(OZh%I`-{(dn@#A8%J-K;nJI(=s$bt zlGx-By{+g~*K7!X%e*ZZKGo0On7za)`eoYDhU)F+Id&!xL3xUU@|epLy^guD z``PD%eV-}iNoHxUh3L!S`Qv30UoZITBfi{m@O2!89ga9?NAGf;oBV){UxO>grgxri z+|HtS4CT=EKgLk`JWul=Snx1ky`DL5Al^Ib`JL!oh(38f;Ky8`1}8i9&63>0y_`LMPa~7{vPuEJ|5O99{0z7@k-}yG8pYiw#WXllMOm zzZ|o`FD|@(c{tv)s*-<~pl=;{`OlmOcSN5jhq04+bmTF4q9pnU{OSBw-p+X2Xy4}` zMtRPLO`5F^D)d(9P0%CzUbE{xJBUKy5PCQCRnTV$fEc?VTf#Pd0Qwr}I;BC0Du*t8 zE$t5G7tqrrb}()@{|Ay7HId*p3nV#&zW{#8@7vh?wCV6XU@Ii73Tl3d!%Fy9J+M)K z@51&?%=l#9?r1{m>16X@Hx$*^iN3`TZW(=PXickU{PT<_f@gtecyRG|`EiDt2428< z@UWA$&#j&Et@fyaUI<;@2Mx}F&VnXyBhV-r)^p9!S3$ojLf8J1ycFq2_B%Q!x*b55 zvBp2_n)Vy_I4XAafTx1%?>5kCk#AZ+(s8m0x`Muk0MM73L=yi-=;p8%J?bbVGrZ+pnrt5FMY z2Ji6TWF6HBz6xAlZ|LY0-$iq}r|+5@{6=EldM@z85!Mz++-BXyeDY!Y`MlA~`J+NdG|4YzU+&t`urRGV|ekFdYhh7F<&aL+0aXWfCZq$Bix9O3-C~VR$-Qe?)bK=rZ z`|R>^g>jCvU!M}`)d#=)wh*oHx8MZEOZrtQe+OS+Hwzsj)~@6gb|jQQD~C_wyF>Wy zgD+nEUKJC+1#TpASH`MGJrmeo{OzoV*xm}h2E0Y`jkd|WLYuQ#|DR3GC5lb!V>TxC z!X`fKL$3Idjn?<>9CeZGDt=39Al@I1?MIp5)4=2HOI~2pWw|YKWO7mp-rr*9X;&U) zF_!Wri%NZ};TwE>WB7a#wtN@OpXWrfCkU;isR;*J^X+!g{{-uDB8NWtN9xfHUihTl z?*-)0^#`v7KTH5!e?CNLJ6GsQ_mB^svFGW~Ax6g)(VGRm7`o0UqJu-~SpZ%LF7r9D ze|WrzersNrUk+axe7g#tF8}mM@tR%(y&|GV)6aF$o1xc2_iG1c`7;;I^?et`AbKTFN>8IyYo)wdVzTVtH>V~m8U3irS-U4oy%^^pOwh9JhoB4S04PS zTTXw2*!VxvFd5?4mGF1Kzg+m2I{Am=;TJysS&iH@`t6Y-cf7a0XS(Vrc5Q-x zeuRJTk@>|R!TT96S~toSr}pIyCf>L{fWNN`GK$uO3R7~fo=})FbLqsxQ}WN(!y2B_ zW2{|6op*}RQ-vPg0YsO5gu}+R>J~1#ZVAk|Kd4>`9NQjLcLZ06FQFw#r^*Z+rgqNP ze^1^ubUPn5*zI9M-Cz`1JSV8xO3et>7zx`>U8>ZjN3bKu>qZ~#@l>7M_a697X$wA>sy3v}>zk^&x0$-_1mdCwi7*Hr!Q#ULB0FKc`xsv9^QWLM?0wRwqFDO`;6%~{zz@i zz?pyl(Sj#3)rUWx_j;y!e8;)HnW{Ro8I>(RS@6#ps&1!w*Y2#o*=g=QJF8b_@Vtw9 zeU}9_yQ;^3I`6(+)rzdS&+V!{&1wO^ezyhh?yml|+q`wVtFD~6OmgqrT`m9zf41Pa zd#c_&=DoM4dMC(@nOnD?YTx%>^n98({kEU0 zr9YPjyJ!CeYxC7L2h7`;uRcFu?oG4Q)A_=)=D_JUAEf?$AOp?64qEW+Z1riuysp`* z?cljz%~mUB3(F&g)7KTM_X=O*oOa$`Nu8R_JB`l*>h%B3MU~DwM!+u=_E1r*0>X>BG>cR*wWu{NsC#q9yNdL*1@&Df4_{sK@ zJ}`}}yUj06<4to8VHXI!7*Mwc_EzfcKtNTIe*6xYD~5Fd^{-`qw|HZV%cr}_+l4S77N<2pG#fvUFCottcF|mn{%A9TaTk^!%u-z4t z&hsTdEje1L_l!hb(PMPso91BX=@3cjWzGjCgg&0Ah9*4kXtx}`C6#!Eq4w3IhGhpA zl6xdxZ>XQ28?nP{>$X;W9IXn@QtB}yaigK0HDsNadL$_(hPx&nr}mzu|DK{Si{IP9 zRfhU3q~9tMzEt%P3r-Iu<_sjNk6;(<`-+=HJ zr}9yw%aXsRouFnBuRedLs(-Vn_wR{2|29EAkie7#o)op4QoDs-H&pJQv?D~W@XgSA zL)|<9PYBOsb&67_%xEywwZ^Z72`pKirsxm61%1|D5qpvq-S7gsl3Hx%UcXq$Omz2y zG*@3sQU@|zC!V2-2zecw+lA&v<40mOCwVxQ+ORe#Z$mT*d3nZOid!U5gJH)e#xvNJSu;@#0cBkk_3#~xc98Iiz$sj7zJ zYK-|jzO&Xi*{*BWr2Ht4F6V{N^AjS7UC#cOyc{h@{JZD&OQU~#%N)2u?QX|}lF-HK*!}U5)VUhpRvSAq z(m!bY%=WD}E_O*RcIk7*iRico9rqa9zR6{gK{#7^(h-YcV^UdYxuH(Ab9~sqhDvqp z;o622*)(Wj;&k?-CLBtIKcPX{mV3aQ6Jf1wnyd5T&?PFiEmygn$~ zLkQ}F^Q=P@f0grB%{~7bP#evE+x+5ZXAF7u#*_cEL*D5p=^sm2`#l&hyl9Y_u}R8s z`bz#DsV&8qccK3-BSgx(&mf0u9d0}Qd1fZN+i0X15IdZj3I`_Nb);`Hr_T)bF1 z)0K=n?-{IQY&7OFJu$yFIe#W}GllB5{-4a@e(~p>zc_PGoSYv@OSr<7f1EP$a(>~& z-$iA{nQMc4CR`lNLt*0wimAt`iClP{D_h+CEwuFu6Vw$G-kxCldRr#W%>M()PlePI z!HZXi)WiQ5=GT@TX=;H|3-U?AO-2@7 zx!d@aF87CYb;WP`21C7Xd_uo$nK*s@MD@W$mJ)2+QWd@NHz5esg2S(1vXn2Ab@Wc}yH7-^wOuaY; z-(Jkxc?i$=%KRdz-VFYm&a`UcLH8%96$$c$LvQLyA52j%OpyuKTU(#>QkrT`YtnZm zko~^m+UxivhUC*Fk$h!b!s#FNXs>NZIB?<_>X7~ISWgQ%^T!k=Mg7|>{ye};lK9Z} zZElq;AEV(4bn#g{kQ&s*!x-EX7 z*BtkK##B#yC!Rh4Z0v5FE4TWk`elysa`YWArwo`6m=g(-Df5~6Ht$szm4M4 z^jt3SaYG%%sPk(h#LW5*gYZLFlHz95o{8tG1CG#tPeGDJG&9s3P*0eT5to+kWOas8 zXC$&_b^+@f7M7|y;q5dNdrjtF)*8wb^({H`+hFO2ka{=7$Y=9TSGR1%ptaSrfh&^L z`zcMvQ>m&db?eosYT1-xpbw`o9N4_c3R{jyJV(uc*v`L_pIArbcc1Yk?hU*^!P?$* z)>>q}rRd6_y31tU?Hx08cTjbkcTk-6)g#a!F{WQ(!u1NEB{y6BT&bT=y3JIj13zI2 z_s=_>(zuKIY(_HY*X$g6aTj&}&P@US_$up^)w`*lU4?LUcIfNf)SKB)3gNrm=~23j zRP_X9JYmdWl={e+ud%IeG(xW$IGd_iijg8ORqLA z*K*T-R%5X4{|6(rmK9|4WX``eC2DkA(LeX!?mTrY%OCtbS?8bXWL8z%lJhNFrl{v& ze$F`TZc|-l)^i@gSw>XLjDlsRdeeA5iYKXql{z@7LLEhxK__cM`23;Zq1T7hK+swf zO4ji?oq@cJ3r$O3uKI!|_`=MmiS7?P#ra2}o!3ubOudbEte=$sLZa%Kv=RKnq|)Cf zt0$8Q8}!eym&FsWGPycqk&GUc_-H`g7GSwcJs3>9S=P#=6E2-t@Y_jh^~4*D)sxi6 z3A03N;5>(RBXD&(_u8JDO1(nP=X$Rp{BR)O}k?ettSB^lp;+ZPK6YF-r1V8u#+I+EeYo^&&Bouy5!>b-!Gl}!J&Fx$oeC4H2-hs#+#u3cjzvjwa>T&23##BC+w2F&suHTcN52$|_ zQ=bi}Wv0M)n!pd4$qWRqnp2+&s2&Y}BXHPEelkD`oyzF-ctCGuB>J8Z7sW%2xhseEUB!6O3m$I z-;T;P8&hxQazy0bF_J$s)nAOMADQY3Q{Y=guF*`!fDUsirT#uD_rG1x`+?@;eQ$6gz1o-26LpDl0+nN9}yvm?{@qBG+vsujN4(L+%`2Z3>J_n0T7v z=2y(AADimqsN7w~RPJH6irkAv@;fGXGp4>_s&6#BT;ynsRXlfYPGwc_)uv%yHa!pAQI8usyvEjRTilYbLnluvwEx=`YS0YXmNqq zow6J@%T4Dt4$aT2JAX71c~S2#4mx9g(G*_pfPRZiG3CXjzZnPF@~KJ|HLfw{eJZzr z(slh4ijvM!^MArQxsG+;a~-Kp>`hTSD7C}3EF$c+0%0xlL)KaPd49lNc9J06~xlJbHWj7ckYFuW3s;2KY74ZOAWd6Oj)}dnftNuZItYAonc(S(qyv{ zYBSX128)Qll|^2ogEZ;P#^L&1jUSm>v5tdzw$=F_r9~(yg-o1u#kqk+9nxT75b-x*U z!ZaRo7o%nVgK|EXa@J9fEYnZ|6HzAX&zZ&(Td17z*!KTq#uq!A@3&ofpn*6(o2yQv z;#3*>Lm$byeCW>x5$+0Tt6wFl>1@sV!!y)@vW{54Cl{15|G3ZKE8oUHjlf?_<6nkc z!Zrj#_Xku{AoNtgcqHJ~M4z^M&iDvtVcStw6JBJZ)q>Dm|>s)dO{3_LRSm zu`A1p+^8@Dzc-C5%|MrFyl4iP3w4?#v+Dw(n;7K-p?d?y?QSE)_MPmD@W6YfakZAc zMzZ0*&Crzrb(P2(*Se*|R`D6GIyG>UVJzZ`h70G{4E2T)`p_`miS?Q0U%=w%B<>BC zGrf4l2)$u28Nt)Wd%pZXV!TuQruQ4hCz4+8GDBR7KVXKQG>wPd9n;E7+{|EX4ZLU= z&lp^Q_ZcBBg$9h!6{a!dF2dq(g1^Z~c+N0dg#Qa^aP?Osw81dG@$&D?V#SF($Pl>L zIGI%5XoOf|ZZ<;C8ph*ZUh&PzELuz<=be8VHv^5(C-RU)=&y$Hg_~LDVc|c6g@BX? zNkLrczGH;C4Thi4TEpo1&-t03yT$>zmo%B>^%~_x z6@@_(g`wo4m`FkxBq8-(`|Q_BXSwrs-#&kSkKgxe9*9vb#`w`S8O_}p;*G>^4GpBvur_~>e7 zt;hF?$NIp%$zSINowNU~KJG6+e=gVh*u0)5D|+Wy*1xFVqN9?gcz$I0wpiB2-yfU1 z`}9lHv3f4gp67-iopS@7A-2&$riZ3|G(_`+*Y}*)S|~c$-_8yF)Uh;A%yn*fL?5Ib z9@R%!{&NHS-{ah{&O;Y|`V8@k$GgU3y{3o2r+9sIfqbvm_lVb;=?=nmZg|~ejq-R` z>N5mgU~l*Mex>VqukSXmb(4E5(+}+DOq%fCVOf{Zx#0z8)b3S_MlP*4exI{Hb#7Qn z8C+@|xYeR89HVbveGhu*=G?c)L%o`-YchTPLegJo6~1O!OD#It{-Aq#^{eH(MV~P1 z(0_#VAF*tD>NsDY8#e3Co9^;_ztT)NcNO$l#Q&eq4F}lAt2QCM-}bV~j%hK#>PMaY z6~1AvdypBYTE`ygo8hrewNoDJ?24HlYl2luSK@bD``+)NGk!xV|77{@_E_ER3~ zoQk;~D`AyV2Q%H;caFz;->RT;oSuw$teZTi(ll_7?_)jKL;L7ckMBE=^+nzL=qTSk z+9vJbb1G&zHtB+vY*HJ@SdFQ?!}3wfxKZ1D+vEFC-&>Q-4Ibau9(qvY>a6%U3hQgK z-X+u=&u@_SSko*&wbI$v{?F+ICOUUz)KTJ4xql? z>s#qnFL-GPi6%`GT`hy&HG{5WL%wkyYta6;)2)xy@;l4gOwYK~&(1BtE{o=Y&~5$G z9(o2xbzkc7y{hk%exJ{d)`6$$IgCRNq=}%@EE<=2&hpXI$(QuFRz_dUTknW-06lwh z=J=N1uV2OR-KS@2wWa)Ou5TO4iHx>&O-eeH4+*G9D5$^!S!}thqW)x?`om@sT>t@m}9uUh9s0aZb_sd|2m`jzl_-(cL!X zla9GJta2)UZ}}$a-k0*Z(&MA?;Ec}a`yStCx~2ZUy*T;ITlZB~gFjpM|95R3rLQ$k z)7Kj3=xYt?cj??keI)h9YprrB|KeP0#C0E8-)oJdd~{cOnoT?S92(x$HXn0rQX5!h zHKOv5mXBJ-4vTEQ?(w}x&$jh`U+3{r54EB0{T`;-2-NS=#liUvmN@uzU=j_@mjBW^~!g>zPk&obzT~F{>AH~c}wvE>iTXg&~##fJ8Ja1 zw^6^_Vxq@dVYS?5SzC0!yVLUBr27-uy%K|dh)!JJ;A4o)#!o_^zeVFuW(VZT2^S!FIKM=o%B?(nry#BCP}ZA zGpDh^-8Rj*IOtxRnrY`5w#s_XqVn{jj?-+KIiP10{NJwITAiZQDGjz4sb{PMcNWp3 zqs}{u=q|ZGmESFR$MbWMn&%{fa`q>5bB3Fs(5?Z^)^F`7=)4bE4sp>@<^|~&bry##IYZA9s``S z-9tKO{!C9gJw7Ub@9|N2yQe91XcTPM4t3^ zL_4GTS~Rl#jHksrUg|0J`&lLz&1nolk0bQ^qDZ9+O6Z{Z*jGqXFK;YrM2FGjq9MDt zUqst4^0auHUR~W|`+RmAkZxW2E!2FPS2MrBN8fl$7X)skW1`@I?~2q-z9!TMO!p-z z8oiG?)7==2NqGvhCG;xufghKsjfF)YmZoLB@BG=!O-S0hxx0R~2x9x;do$Fgm)hOG0XQ_I; zxSYth#f5j2s=G>BQu*24xqgrAzvtxob0^n7Ik|q!*SPLnf2VUjfolGk*GJ{~$o1ap z8l|qOdf!&JTd&ZJs&{N3mEX4;qwVdjVoJrTXwu18x|VWAeyIG8N35q=IAbmSC&B1S zmCA4Lv3@Ykjjp2k%A>8DX#F^kkIJ|2v7Rn$uB&?4uO?cLmC@yx-$&(_{lD3#qhLtY zeI+ziY(gc zU-69h{kC4emr-?(k3P>Zj`r9zpO4D-VEv4ft?&{4aYayr(?c zPEGP1zo;F($L@WqoqD;%OXa7_y~IaX?DJqdwWK1jq@CJYG17XvoqDu^mloDEnrJ=V zPTkqW`%pWzY_ETk?%I8xw{9Y}eV2HjXs2E};4u%uSqILy9%-i%t&4tbYkl6fWPUsK zecO`R?bQ1A1)sOKHnev~<{WQgo?TDth_3#%1=Mh=HWkn_j0x7p0`;w@bX5U8sJ34# zP|ta5h|Df1c%#62xxhzCV|+!Eeb#M0VSJa#--{WgbnGM_!D1< z%F7B1?kTdqE%edaZG~l&@sUM7`V`^&MZV99tdD+|M|w^Dc56hhPutRg()AXqTS3<; z?P%g_)wFi>*RQ=)o?hOF`0Db?oo&_6Qd9TN0=>f9oLl0KeZ{AQv*X7?>r4y*ZdXAk`q$c`?t<&$o`-tx>^o^qTaEkO~7PC#4 z5zV(0Q)6%SSuqVCpZ8n|UE2M9VX^wj=XS*3G|)Dq9Jj})m{zU#g(Qi&oT@ySKLyNlG_#-r}%ud!)H&<~bP&y0Vys6Qdr z<}T~t=`{V>ve)?3N^d)QY4U*r`#zuARZvC;=&imon!7aBcQMEOwdY<>)us53ADY{@)~M|*ba{D8`^T>8)dO{T>OuA=UDe&K zba`_t`^~QE%htO5bQ^m~SM^F;U7p;|ez2>W*UG|?hUkGt%T%W3kKe`t*TIOR``|$tTh$GU3cP6yR=(2x=7U=YeSP4mQg z{3FY)Tj&KLTBt4b$IGox3ma4U*FyhJzjaHIEzx7?2z0hy{TvoZjZ;kicPx`G%{>qf!n&Y=0BTfCK8}(SZZ%euQrrh^gg|)Su zF2;!QZ`X_&UTeH}ja7PUSGCR4B+=FS*lX{swq7sL<;6bx+iL5HLS3FwWPej_-E8af zceediwY9!jmsgZfUu4ZM)#ZE3?9Z#MaeiIi>bF0uwmvG?<<~0gPpau%Z+t8)x_RVZB1{g%VVnS_0`t5Rl2-xFZ;b}>y^EA z`N@6kcdD&>n(6Y`eeKoN*7y7B@`wA`Z&q8c?yt)Wg7(U4>(K*rd0KPoC#_K}bouKR z_FL7~do6W&*@5=!)z;$&>GIvJ>{qL;n_BB~uC@Jgwe>+8U0&YSexcfWzMU>V+}?hr z+M0Z@F2_4ie`|f&L6_GaVn1JPy%5snc^&N~)z<7obve<=ezw~BrIRji>TEwdVzw-*?s5_j~Le=NM>_poUnWKg>gq-YtC>x6WfP)%S85 zFZGVm8_=<0A7x*ojyL0r_Ti1LQh%pmO3hpPdZ{+Ltmh(k@SP{dC0jV(kg>nF)TQ(w z>rTs0^O%$L7NuHiY51X~k4CanrmB>x@^?`Ows4kPIAe?UT^@CVehz0f8l^``X^zZK zRtdpT9X>XZ73Qdt}FX52WWl^z7g_NcJ0d_iwP&sSTf{_s1=p-h#Tty3}dzj&Hi_ z+2cKzvQsMmr7pAwsXFHP$<>&MXgF&>-dE!^&* zLunlC1pP%dtpB&Zg|BAxz|whW`4&9}_2|9$inoNyZ|RRmIk8|py=C%(=N~lu;kBvw zqF$}n)9i8oN{?D%HKd6$TP%C4o*JoZO6wXtXI0YlmW*ZB(zgelJ?QZNB))&AYai-6 zT6HyX?mN|M)4cU>z5dMwYNxj$-F!S=U@t0Aiwfw3YvQqwu}@V!jXu3wbb>k>+uq}` z>1~;%&dWBhdK%KK{+~TIO;a7|{cYQx_Sx!GY`eQH@7b>ZOu69z)%AEMCw9yK{&EB7 zUD5{hLefAxreY^>9?I0oN}X(dZV}5(sJq^O4D@N z=Y7-rT)FzZsKw%P^{PG1qJ@bi_A}*be#u9A&BXFE+2(vt;qA6s?A3!$?-zM*w$=I~ z3RkzMhR$~YE9v^{SpQ5*o$^Sz;rlt?Nvx!9qMx7My1wc%db&n82^IAE_2=|J$Jw^h zY)j|%WBvbBr`)7B)i(E2$I|zt{4^){6hBS9?R%X5sE_@1IXyhty{-T3%CYnvD|?6< zqI)4{yZYv~%>?hz59n3Pg3@J$>i&YZ%L~=ZKL64}^|r5JQon*}-&&|{E!=&7Li$6p zg=%C$>8ph*SrA%TNIS&;LZN!s*Kl^B8e3>53RU7a{caC?N;Xx}2PJ+f*;%Qc2~>Vu zsXhvH++3-aH1NM)sa7;-_*|v>xk1U?N;SH&Y-6QLR92DZ+)Bz4)n9MF#cV&iq28Xh z{3y_sK5Y0x1An$sz0siIvPu=NEP1R_-BMZhMWvcjSw)(UVSD=K0F9PB;I-HK)WcqS z$7pwc=)*(waT|MDq58qA$KvRx=gb8!E!{>RiaAHmM{Z2>>^55E-&u4ENY4cC@HC#Y zXE#dvjjiId8sA8ByZ7C*({=c{jc=lP^}pk`*oxR=^50uo~D(?N#2& zYU}IjUQct>ET3%^(u2f+Z?FIPb$-jPwEt%9O+(9c-)(Y3%;zh!N+^citbtXwpQo$U z(mvX1PY3I6PP!$&E3Ar3_F((cJbyF4(6h***$npc7JbQt9++Y)oqw{ox9?!9h26z! z_uCrH{razQ^rkQOSZ7mXG@I<2L4GXymPR4IB0D`#{n4V?YIHu_y^ic3 zMBl(V#6H*R+I|o2*r~D#_m-@YRoG+?b_Tt4Jdi#F;JcizeSLIg@q<-DpAebkIpMYf zdcqLgNiSOKQx6R^Q*nWwxATIx2^Bx}?nN4t3Vin$Sa*p>$-14}?d{I0b3>DZf_CM* zzcFWWPuC9&q`m<9A4hT-DdRrOy(h0;SxQRM^9tv z4FGEBG((ggMgL58_PB_k`26ZBrLMB+U4ws|W!i)8?^-C;qVjP|b@7j)j!QqG)pcn~ z@21iD->Rf9WYUx@I_1u`^y59fuDod_-K@0n4^`E)iD3;D?TYr5&(OQNetOP&k~6~Y z*rC^V)nu#D0uOa}e)?j|LYlAwJNsACKJG|;4tzZ{IKIMt3p#WheWoru3Y~|8!IJWYJW;@N~d_qN#czKo>-6X9IgaRibhOseabT zUer{5(}>=4)bZ0-rKsOn=(Rua)41UxIu?v?ySe8G)spf-I(Bn!H@^OJmG}0xQTx*M zq1I{Y4XVAViHmZ{$-Zqqb=rI%?Cz`XqCVj++um4CpAgdD>dF<{o66~Z$cvp-#YJ>jA8WAatDy}};fh(4F_01Xn;a+5ZN%f0Hj z;uT(X`gHw0%df4^IG>H0>qi(z>QS*Xhf!&z?gX9rvL(K5R^tYpt%J(Dx!cvgRz;*_ z0=*m4;AYGEM>&-oV@{Tgf9HFR_SLHE-<@TlPCeZ>d(SO&ysEiU%}e{L zgXzTWEcc~vxR(r21N5j|`!=A4(&0MCi=(5zZP4i|b(PU6GvAw_(<3j_S@gIr z*Qx8wawF#(iiIy(beU+=!-tnJhs|#|HOH&E{ARnWQe8`qQOB5V?Q;82)ugkIpWZ1N zQSrXly49+nx$Spbr|DNo=>1=sX-yZLTRikdSnFGlf2#NQIic>WSIL>`OpfnDdX1)J zn7WMWM)k3qmUdIk4|bQ4(!a!C8Tcy$e`VmW4E&XWzcTPw2L8&xUm5sc%Rnj|c6=ou zrQ_C%Vh+lENEh7t_mPp2S9_Xe{9gq<^@&*@hn&03Y`NmSbNUdkM(EH)c5q8G;N$ zMj)e*G00HPY!`-%LB=6N-qW6X3AuQ&$zv8$+P9aQ^{M@6@R@#DNVdz8_0m|c z_BZ-fPn+$-kaP#_`h{RWew@)yL2gIqW6X z30Vuf>KRiH8ZvPGg3ls9HyHalNUkU6hxO7}ABY?M&8R0!*2_RI1ic#gpN9IRAvZ$? z5XV^PMIkxZ+80cmi93wn^hD$%X=G%EkEDkBT)|; zfm0s($NqI$|JaXyH%9;B&i}vtSM$8t5Apj=yU9TsN<(WnE?6)6fYHlB#<8B|ZoQeX z2N}b0QS+R!oPw-{REVQBi8le+1NCCbdReRwJ!tg9 z*ggeW3po%{`r|lcz1R;+*2`C~BcC_@7VD)%z0!Q%K%5!K2^@4LvePWPR*nTWz z3Np;g!XLLU*$&wcOV-QR4lhT&SdaJPJ>Y4aSJ-{@Ez>TOV|q9!aYTpWp+=P8|D%GRC*umQ5cz{$jw|q%@e_m0KxQFxkn|@h zom~=y@Ij$I% z(;pxo>x>LRh9M)6F-VSU@t=&#e$5?MXqWNJasAo$#r?@T#KrBHkH5I^8xem0?0#au zJK>kx1N+@B{Kkae|7v}MZ<+o{);EUpBlo`v;rG8<-@n1HtZ#6Y*}r^Vj!tu*N8)Hl zIc`tu&Hj%;#vv1sDM)U2BjLBc{TlC|0oabO8+iXrL%f`)oQO9A|G5uMobjxY3CJX5 z3Nrk$S-f*{zwD7AwGj`NwBLkls8H5Z$hI#o5x8GfP{0@g- z-oKH%-Fc3{P7X5jrLmiZ%t5Lxh9@97&%w9rKK^pTZ%p`2!A|5WV>j}(kx|GPWE?W^ zjakorkImzE;G6Dtl@NYIuoKD|d*N^4A2JFV+|1rooWCAh?nTBM)U%@Y* zPnZW*n|99EyUdTx!w&)OA^qg3pCM_xEGK^Y!=gdYk=B!*+cC&HPDlzQ16; z3S8E2Lms{jobMCaPQx`OPkg_}=NZmJ2IDMQ$lcdH7LQC^1p z-8jT*cfXJn?IwkBi|~A7Kefon;8G(KX(QFkM#f$>GW)ubp|_2UuQf9BzL9)?atrdp z`*kRmb$;}CeiHFNj%_y}Ig`Ks_9%d;FJp$6ddys9&m; zi6_~{$Z$s^L!FEab}=&0)yTxLMyeBx6K8S-uW4&Mhpk4#T zcD#L`weEVU8SZ{H&=YZNH2hs;6pJ3WD`jb37ikvWXxvi$_cX(E1;r$nWZu_lmBAsaz9 zHj?*m#adjyV17VzEc1SRZIAlvXGh#W^0+|_>dDJJu&e@{2_yT|ntVi%hp5O$VyvlO z5;6lB9)~>LYGm{_BeS;~xjP@QA1gKW%T*W|Z-`~&BZqwCkdK_m$2d{{?pW5fs8{_F zhphkH_e}lcTyK^WaeaX0$bZ-#GT1H)nS)gKn0f~wgODLe&Kt)S29H2SA!Cqn$OL2( zlG{<$yQUrSd2l=O7Dv6gJw38VK6RVncFgT30e$^0=$^mY_f7s%@SEW{kiQ%+|A*~I z-HSXy1|dU`VaNz%6q57DamB#nkO{~nWC}73nStbdU5EV1d>ss~bK&F*?Tho3MqXsT zA|IH1W$!cf%fcUDF9aSi#}DtnkKl**)7`?aJnqA=FWdQI@J!P9jlw_s&CSMfjDC3Q zpY#)4=dND_{@4%KkMnz2t!bZ}7j9bvVTa=l-*4h(I~*_D83Q|9Pqw4hn|SzsAT8{~ z9yIliLna_okQvAvq?&8=1CT*T-e2D!4&Gm@vCQp6?ynr`$?b;Yo-5+cinv4Y8-|QP z#vl`rDabTr1~LoDaTdI1_QQV~XXHb7eiiP2cJC+nQ4b++kRiwjWDGJ1nSxA1a-6|G z8RvEpXGp}EfuAg74l?kti8}-tfs8{YAd`?BXSY8YXYwPH&j{knh&WU5lZMPd<{$%) zAYRA_WE3(6$;V9}juY*T+h6M};+ScUy9^}n*EsAXAd`@3$SkCqXW|J$h9JX`9LM#D zgWEmFk>WUJAr456BLX{7$QWb-G6k7|%t5M0(HaG7{H8y5`yVI#{|(F9Ze9Lu_+h^+rwRWF;Xn0_@f+Of z_P<&9f8Y=NkIm!1>JxYUQ^J4LW3C%>0V6s8Cw$<}zlG(z^@ks>H_N2(pAr7Ujg8+J zWLAH8n0_3`FcC-e58_C`pFBTRZFJ`$C*n{|jo%QJKEbNAa-F)?7yU)We=Y{P?KSjU6^@rqsBd`>Cf~@cJW%j!ce)%~z`>loF zIQ*%7j34&%~N-^K77gujsR`)8jcv)?D-m!DU&-P_`>)PtV*ek)KhK|H|F!VX^PDom|NrznCywtI#K-flIKIW7qy4{P@{)s8 zE6g(MWrSW3>qA0spwLUgUJ8=?_4ObAcKxn>B*k`V=w~3g9$#QP_QQNf9$x&B@x%4x z`b57l^$sKcIAmJXXZV*!F9ROHdo%L=nc>1-6nbor@T$n?FljinT3qu_}{%9 z{PK3WJllodFm^et`1F$LmwjJBGK1z3#kh z)K&Ov~3wykt?Ony&!`={HhP{lica5;e>)GCQ zyglrV;APkg=G^tYLD=K^;QGu$L0{<_UYe zp6#W0d)RxDmtjwR=dSNl!XB?@dr$NBu(yPlVJ{-=Jtyq(dbal>Zx4IRcp3JR!rm*w z9RrihneFC*-g3VXbs?FD#y#Mh9QVK4ZDyS`0@JzmfDn(_9q zw?8k#UQF0)A?)p55B=@X=j(&O>*hK@URQ+0^+9Xcoc|&%VRGFd$|p!-k}eTjJ|0k$5(^rW^6C<2lf=~W!D)yDcIxd ztIH5K$H{(@!cXcC{NxaCw$}KGWQ=4#i9CMzdX(#v$>S&emOBqYv43-UwhO=Q-Yz1x z3n1?qas3)v>)tMob{_JW?;b=T`8vPqQ*%6X{uV<&3%wj_g6o&nDG_KkdkEdXl>&f=# z{%rEf_A{`r{3iZ<_5)bY_E*6^$IJHZU)=Vyu%E{Ep>pF#et#n)?0=KT{#e-0yo`7u zbC7De;Q`1rWCk)cSbzPO-W$grq$D59QN}1>*e<6X;^oAv3J$4esS2#=P!AR+uz}N{0*b1j`BQ`3{;tmBueP540rqg@`o%8$_w@_ox`y}PTY3B~ zuBX2U?B%OpXo$Oh-X?Xom)5@e)h`Tt`TXUEy8RuJ$KSMi`cuRHeLl0-y8T_6$DdtT zzxw51FJJwF|8V=eE04e7_4F5ly?p)>*SY$Mm+kfR zmw-Lqf5EB7KJUK}mbreX-WcVixZw!eP$3&CE#`o)rNe=p_nH@u$y;;@&`Uu34+-}ia^ZLX)k zDD36)7oFwyx8L4%x0gQU^~+}r_VW1)%yIjR)USR? z*vscH{;=EM!aV-w*3(}C_VW2l3V&bc@mCe7U;R>l;4l1$yMDoa>TWM%>*+57d->`Y zoagp;avp!%>*+59d+aapxUtXYzc7}$KO2$9-@pd-%Vz}k*x&EYe<^qUmgezSTTg#6 z*vscH{)F4#S9$#PsH|W860n!gU-(J4zh=$qZZC`L=`S_k*vscHy1?!4%sl>DH>_X% zVz9^latn=pZZE+_Zhxcl_?rfQA?U{;Gmyc>#!eJ62`Sr47M$DXl05!w`um~v8L!L1 z9@kI$Q_r~T_f;N$!|UlU0DJ5&hGouYT=?5>-@4n&=6d=|2!FvP?)?|SGUxNGJpTGL zu3tXGu*db2`HTpEfV1Z=kZt5#MCbY{Vbkag|V#gTqDBE&l*2`g_mq@4)@*ZZAFdGWE+rKk&ZUE(FQ>j9@wbfm#2%e1dcTa&8`fi{bB& zj)(L*<0oJJlIz{|yE%`))_d1)|D|9rufGr7{+8tNHx2$G9~u29WKKLEkAcS_Wj<3` zx4$p)__Oyh^^0yW`g}Y{e{rnOd~Ecjzt|^ke@%mRx0m7Y_ec9L4tx3X8Qmy&}@%N?M-!pmqt$@Ej%4Y=j z^5rul{B6nO&)(P6FZ_#%F9Ipw=Q#2}v;XD$C=qO*^_lrJfkGo=Y)6@8?gx6qj+_US zf*qa*6M>z?b`w{=c`!+=XZtbO=Xo$Z4^qnh&Q;=Xe^GUqSf)P&@BDbXAuUhNDMcU`HMhkL?WD4+8` z{T+n{VW(7x<+&cST!Q85B2y^EGJoczF_u}N8uUk5&3@)sV+S zo(VYs@*2o7kW(P%KrVz_4!IU`6XZ6?!glZvc@ShZ10b(~90NH8at`D|$mNi0AvZy8gDgB4{vi*7tcE-u z@=VA9kk>$tft&(42XZ0ga>%uin;^GA7IuJt$b%rOA&-YV6LJ9LHIQQ0Xgj^1}7IG8hHps#d{6iiDSq*tS z` z2<0S6&Goq^i+?1XzXhbZJ{N4Df8U^-AgQ@N*X8g}>%{4w<~IHNmi~QD|CmppatZz0 zihq3GrbXwMT7N7T9hno$p%2~bV`4camUCh`^pV(JEZ@7Y$v?*xKggVad3m&0)_+-A zU!CmQ6)FG$;PjtP}SzZj8g|ur74?*^Uj6=?a%s_633?62->j4>qoCcYO+zgrH zdCFBMI&s|fnW^6ifBW0v!PaM7H0+9@!-8EpbnXy3xO$kg)bU>(t2=}`cj$O%8?z#K zXsBa#s5*3*x_Iz~S6mXjrvKGL23>hYu;ZZ}LLEZE)&qwQjSV^ckV7sRG<4vwi#l9< z<>iMA9(;}Y@8HEvUHbRy(!c9r9c$W1N1f{L=#b!rT{|CkQNOO$oet}Kaj45hoew4B)tx(4ck0x! zrl$Wzp~D7rIc&g1{mDyg=)kM{U)WDIrk$nRC$(5A>1)S9TF~#G^e?@zyHj3C|9d9W ze@E*=NwGK6$}|n{-w6~%=|82Y5%|s~`8fTvLWTE}u&ts+S`^uA=?J~@OvheXvFDEA zTWHx+zKQ;)Lt~NgcB`ZFnO@WIBl^FT^ol6D-Al1DXK6dFE9;AmTGB#s!5z8hk7=M+ z?pI9z)8V;;{__?1^r5J~+3D?2_%)S^Z2zw${2oGu4^yeo+M_1P3a#A0IR zD^Npqpy^0beCD+QN%LR(PtHI@~OvsMJ4uV-@b)*2VYU)N-cba1AX3eeExHM&Fn*H zX((ww;3=i>|JRPVx+-`G!9#`(9W;1|E>ZnW)zvWr2KT%oHf-pz!v?5fR}2|+$rb(k z1uq_W;nivwC9LLxq3VJQjydhLW6r+d^q%J&cR}y7Bgb8EfllF`3B15b?*)UjA$9qM zgRW46)!-|sd)aM~Y^foGuIo?sF1-4Zi}ioksD8sPzx*HAO7DSx_w&-8tMPeXX09 zsub>T+`LR>JBIf}PT8ycDpw~jSA3tm=SE&tp>nu?cJqLmbl}N*BG_-Bvh(WVm1^i| zkvjAnD!w1zbEQ``qFy+*CxZRPYDJyAiOST;o2t6*7rpfH%-a1;XTGNsucAH&_up>5 zw@S6FOMf2~#!11g&!Y!>QvE&Iecb>{UbSByzJDGb%)<}(9oOAqf%=xNS=_%eTC~*f z^GO+?qs6ZR;jn81Jzk=DMDPya^6wh!vzn!T%a4vj|4yfWRvr8II^x=XO4uLc=>NW* z%qCt}z2-am`=}_cyIRw-{^?Vnjwb{ja;Q>0oxm#9*xBy(c`o>3!7m5T2z~?cy5hNo zxUN_9VRN0xd-Ma?X>_aG@7LhH1-JAWM^&m3f;R%6D|jpLHG&@wuEx9lo($ez@F;j6 z!H0m47JLkNN^mo7SE<$sK9BUBcGBiXXOHN62>p8vyhiX%uy5byj{hg{?t+&&18bFP zwBY-L&lCJm@O6S82VQo&+ixH6Zh~J1K3MR7fzJ^94)9fi&jQ~r_#*I@6WsB<1|AW7 zJ@|ORbKoh#y#;zNRH`+CHv!)+cpLC$33oi*z`F~63V2_^F9IJe_%QGpf{z7XAoz6f zRf0bTzE$uSz}w&9j(-h!Z^1tUA1e6I;4=jGI|Ig*YJuQE@O6TB0?!G4Jh(m49p~BL zLBR)u*9d+CcvSF-;L`-34W1T!F?d$+mEh`5cbp%B2L=BYJS=zt-DK!?7!|xJcwF#y z;7P%c22TrqI(Sy_OTg76cl_6b2L+!19u|BicvSF3;3>gZg7=#2_WKcdU%|fzpDTEg z^Pr$oZ5MnW@M%-r_74HyDEQyNgHzr5XMy(?{4(%_;5UFT6Z}r_TEQPAuFnh6PUgH2 z(9M8;pMb{%-=9t#T0agRbhMSa2s|nDXMm>!-vpi(c0$F*epcvT51tczIk@WVj=z!y z!*rYh!OsT|f`<_QbnuAawcv4Kr#szoYx@boQ{YL#o6&`!)=vpO7CbHZD)5Zp0YCC1 zcyI8W;M2fW7k7RN%aI?!hk^$M{}?jFt2FUMg#MAl_4Q}w z&K{1U`CqArh&$Jlce&$v7Cd&ho4>{Sf`1C05d0_bS%Ui;8o!GLKLC7{;9bD8f;;0s zl+Ue#p9g(=x;y@>z?%tv6L?7QyTH2({wR1K!CwF$EciR%altabce*(Ol;4gzm1b+{_pWt7C z4;S2W9;jEU@q#x7Um$oJ@Z>%2dL0QKzR%511s^DQf8x5|h>GLx4(JaR`m>=Q6Z)@! z4;1_}*og}}zkrVyyrPLYzLJ8s0AC?^SMXZFPXbp-cOEVP4+uU4JSh0h;32`MgZCBu zaqyVnFM*F2{9W)Ff`17-zQ*ez!qC)86fOFB+KB_QRdSdP90{ zlPz_}`84#i@XK+2KwQV!N5uIJ+wb6xvmp(MI_<4G>;%Yhb|9|f>>=VA2p$$Z2|H=O ziL)i@`wZ*DZy0<%aUEwr5$CtikB8iGHlZO}9cQ%0#CfwbKB81d;yTVgBA&~@BZALl zI{|l`&p|%{zZ~bs#C4o85$87OXAX78*^Gvab)2~)+;P?r*KrOM@x;KRg3o~+g}t;VaGba*hvaIjfrbJwZhJE;AvrJ2<*%gc5a6Lc421`cvjf?6m}L1 zJ3m3c3jG-G_cqN|g`HPnCnM~vhkhSn$KS%l6Bc%k zAg<$CC+wU8{o%sS4d78>=TX?%EbP1hzE$vdz{_U3&r_d+Hxv9<@ZN$qXlde)34S2> zT)__mUncm;;Ohjx5M0f2$2knVO7L;u-2}e}JR25p6BhIQb-TZ9uzJgy4-d^xH_)x(ofsYq_E_hP# z%Po^nTkxgOPYKTB18KqezAqy<-^Uf4<*qN^$2Ai?1HbJB=lhp#g7bY!FTwe~ps(N? zVSljLFF!ID`lYQ*entq+&#k(N`tA??1)@FhbE~-U%g?QP2|FEOXP(gK=TJ)p=jTuv z!MnrGM#0YluM(V}6BYD!@2^47ZzecDKbm!hTc4j3tq`1_`(y&7J)~=`TY1Mai?E;B<$$z<8g%g9z1-3;qM!)4kUwGKm4HK z3&DF3*M6hIet+;jf{%h7HQ(5&agIa!J6_=N^9_Fv_E&;u&NKXe@T_CMLZym&Iivu* zVVk=9J?^i@i}uX@%v{0wIdxj_eaXH)UuOglfloWz-5$Dw&lNoCE z>}(W%F9Tm8^lt#K6`Y@&Zx?p%g#Kos&*QY)1?TZt`y6+DAB3H;61o~A%|3~olf|s^4`=y)U`-ArqoX-neh2Kul?<@3A051^j{~Yj`(7ysaF8E0B zM#9cy@PyER2s|nHv*0Pg-vUny{wa7%;deWDM(CHdH~Gv89t6(`-Wgo=b?@IE;AMjM z1rG`y0}ly48ayWAp9&rp`j3D|1b-g9pWv&(hYJ1~_-Mg@0Z#~Caj?nTEWulVrv>i{ zUMu)X;5orB0JqO`=XnTtmEbpnhXkJv-b3)m!TSjQ68K=j-vu8b_?O`01>XfeL-2;q zfJ~)I3Em1kE%*`OHKINI9ej<@zX*Jz;Mag}75ojdZP#w~*L^Yk5p^K;&^s5^ds9@0_zc0n1aB?c!%py&(C2xc-GqMSp(dZ} z#Bssr_r5}(=k<*cyd~Mu{X^d?@2TKB1n2w5 zvVQJ(c-~Hx;5?6|z2H2LrJLY9f1sD(Jb$3C;QbNjV8Qiil`QCE{=Xu&o1?TzL3qC(eZKzOE;!GBE)#aPk{#U-t6$yy zVQCj!XM&%qn;-o`;6d+pTlGSScP zO$Ps6Kdc70+dq#Jt`htJC$LJTE^+Jg{OW+}o1m}76_N8w7 zJT5(4=yN+s2+rfNa|P$|&t-!1`%`NK=W)?3g7bS%YLGil9&ch{-V2^;YW%JPe-k|VtFb=obTB0 zFW_6j%V59s2pwmIQu`bI0Qf%Oor8w6emn3mILChkcn@&)dlGmrp?@xTZ^17E?#RNC^wUsI^IQNH>1TUrd^?5KHHtpOQ_NTVO=db7~hBra` z=?MK8^ta)-xCmUGX!P#~AD1UTe4jf{#KY&=Wr9y8JG%c&UFPn$9|BJc{w#P#@VCIT zf`1C06Z|J|HQ4Rff24^gAou~`Ed}TE>1I){F3|5R^m~GL7yLZ%K7wBbzC+j_4L(rl z^LsQS1n2wfX@YZm>n!ra^IlRypWlC3AvnLck`@>&QV4`H_zxdhyFt1b;a{q9=?vaK3^nynDYYnliz_S!9&KavX3_U8So(Z ze&CII8aoBxoxy|P0q_&SSM_r1N5R8=4X-LT8(ae(?Qi&I*clHV8DRJ-@CU$~U1B)b zYcY5Td^iGq13Yz^(VvU+@<#CJ6^6Hl{hz@T;0kdD!pP^fMxT=F{0;(-k1%{GcsKCy zzYHI4)YWO=X>iWlK=9xVM&I_D4gLil8fkc~!DX-()ylo;klXcow`F z_*!r^#^`e%wt$DgW6<{;WAcy`yb3&ci?LG${SM$^a5C%sx`W5TgO=gvfG2Nt#}fn3 zg13jAG2nsmMn4NXGr)7V8P55C5_dMAc=}Gm&C#dShv3mkh7X3{t>77OzK$(9 z*5oHO+35Fyeh@q`#qbpTR)eRf8a@!b7x?JA4d-@#5!(mn<8e6n0>N)*`{2CaXMu-K zG4|Ud&L!Yc@F4ix;ObnX-vj(}@C@1&$D`TaCHjp+z-!Pyu$>cFAIAl^ zs|&!}!#?NdTJW(am^j%^0(?9;>puiON$?lJ%g`UPoe#i+e>e6=AP-x?li++@`@16# zry70c2Z2YBPi~(_gJ;2=(;WHe10J~9U9YRy4tNdXxdl8q!RT{+XEMLb9nVtm6nGeR z-T}`XXY{!}e*+#m-ta24+v4L)eRIes*S7`uSaCi&lJ&t^|19tj+DR1luL4h;X#9pe zCeT~K(>U*xA^zFmRoE|_hv&iLXy=@__t*}2OW64yd}+k^Wjp@kO?_8jf3e?I;ECaG z{bRtB;9TEx!KaD+H4MBL_6yse06rL;<9P@?2hR0+3B0v99@m4%#Qxe2o&;w*4e0@y za~~>>iw@v9R#O-(C$KK|ZTs=XUToxDEa=cr7^Z z_vPRP;yC&kJRq*qc7g|yfA0VH?rG{91CPURHFyp@2!0xP3dd1r@GDp!JPdvd_(tqs z8+;DygLD30Wc%3fT;C7D1L!|F{-43ygR_18Ia1v|JA-q(Iuu;t{KD<(@8FHlPFVj^ z@D;e;U_J&sDvrkoz~kWDZ$Ae4W+shEA|6~(?2zg*T2ZQ$j=k{|lxWay6{j0#U;=W)qcv#f;8SuF12R4BBL;g8G z#eX+(=3t+BNAQG*=N#~);G@9<@Y@Y}mpY5at=l6+L3C{EVY6agXQn%j$PQ$BI z8-+f<2eDP~gUF5^hir6(Q^4L*il6Va7M$lP^%k7x^9&UHFxVd<_{rd_1UJ)!==%Uy zy5r$_LA?bZ20P;g9|yin@O!{_2+s41I>+38pMd^g!CwZSB{+X4ZJprnLBG*eZu?(> z_Y&N4CKAwh6b0w+tt}P2G4!_z-iEk7?}VN)?YTAfa1Zb(coO^)*lB;YJI?FDdk8)O zyr1AR!Q+B20#6FQ5f!^b8b)!>L?*H3?X9VZ>)V2!0 ze~12Np??*4PH=vnu7@DspWUh9tYT=33u*)dkfCb*P?>+d)z|>pNjk}75owKErLG}9=y&S&uZ}Af`0}+ zR&ajaw^VR`e>^8RKL>1iz1#0Eu-`}Uir%Ijju*TIcv|qT;9CVh3B2_Px8DoE`wBh; zJR$ha;Az39gJ%SP9Nhk=+b=)gtP=bs=!XS=7d#^Pm*C?C-vz!*@P^I=C;FbA;H|)0 z{>vTb5#YTAKLvcW;QW1n1%mUuzO3LE!%pA^x8G~Q!-Dg724aHW3jGm+-v>TTaDIWvE8vp^{{Vcm;5=Wk+l_8J-#|YhIDaR0qu@Nhv1X*(4!_SbUT}U7IxD!B z?iciVu=6Ol9saKDSi$+bvg-ur@5*)??Y1*2WbBU?oab9E7JMr7GlKJb*_#FD@5gQx zoab8xZgR)-2<-P0yeaaqSnzh>WnS+KQp`u zINyIQ7It`^Nk(w4*G9p4-kSZOyFKvVaR>^|^VwTHwG^j9XHbDZl}rLF~!Z!^3H#^oLW&-`e3CAf8tu@ixQ zbJUBEueldXG}P zZ~ip&75)xjBcra?=du4a^rO)43;q46p#7%7&3gh$jRH@!qz7d5TZwp@o@eyKXBqw^ z?92vN7aINw^p7|n^}5dRccK3}c(|3D_rJjCXIs1Nd!n$@-f)g*GI;V3w|=V&jeay_ zIM3@_0-n|nDCx)i#EW3Rli@$(xL(h^+HF5Z9kR|_>{z#*UEs;Txp|_W(N7#_cvIx3 zV}HZrCmYW7S_K|C#cY`kkL<^XLujPzY9EfzT5t^OO1XoYB=xrwwJ;0C5D^l7D_z_9=y!0 z-)peZS24pkAfEN$!K)4DIIp_g=%_{oAfK`ti1gw}Jh( zLkv%~Go16V7(9UEh5hy%YV^|`-1gUlCpsF=?c~~Fu;0~iZl9IcAfCev?}z7!4}s^p z8P0h-`dZjI(r}LdE%5A7hO^(xha3Gs*v+kf7#=>x%_o9qx*N`ZTVDsi$GiD5@Yo4% zI~QMX^piadKN0Nm=>K1+d(?ms@&;d?Ay3BTd9f|Axr6w8uxs`@L0v@^3@R`s*^;X2w!tnLreEr;8 zTyMMt{bbze&w&2kFo%%qL}N2pix zgyD&0Zu=|1Lod7e6?Y(>iH1)$Zq=9Ik(Ugg1U_}5(a(W%{72pit|unZkNL;o5y8ij zK^=eMdAEKC3PAG^>cw`}fTvz`>t8p;=trJ0{5s@82jJxAX~W}AR7yRX99TY4P)mB z^c#W|$2mQ<|;K|j7bNjhEY4n40jQu#`-1~mSxxwfUY-CnU z0#AKt^x00Q2aJAvwA;=)@Z7t`&H;%3T6@g*fkU^Z!HF zxyMg6egFTwyQ#!`lJ3#yo}wwYt~#Z3Q5p(e#2_guA>rXsmiQ$m#d*4nSv`aPPX@BHDd=lk`3?X}lld!K#IoH=v0BvyUA8HM~a^7MJ& zn@1giuxQht86(XR;SX^Q>2L%6H+ z6AIg1M4kxL=T`cJ)2O#@^tnzpJUWhv^T8(`hhH2dkKY4cn#b!&uQ1Q|gV!k!eT`QU zPd?CYU*YN>-GcGGk?lTDo*^$szMVWvZuzey6UWsjxh!k$bsc%~Tlg~^?>X`mx%qrW zo+iJOK36S=fBZZ6bRoC<0WyK{`iS}r^`VFCqT4@6o>{e5~Dz-lxx5;1++L zJajg=_4oGG&`0QF{&hZ}e=X=`yX9W*lP6Cp^dIse^tr0wHh=#j&(;T*>F-{tkDyOB zDD>$f2PUnP5PhVZ?zM?L(G>c5s5TaS4W`zP)q>C1TflKV#r`3&JM5A-qr7N5c= z9ng;;5C2=}vrxEOSJ|&|Y`0^U>v_q-c{)nC>hm`u{si?6H!%KEh59SV(}DRug*;rQ zP`{Eq8Q?#Yd&d>(Py0**kni7I7-b~*agK03KE?z3A;Mk!;}Cz59rvlv1@v`4hu#|x z{RplDi-oIys$5|_yU0W33wh0r&?f@?a`JqDPbQBYU+D8Lc{afRAonX2>f3&ScGCeK zCl3eq4|B=A6AOL5B9907317lL8yNQ<(qCcyWSM*{ovI$yEfzl2;yp*~5TAm7XS|H<_F zfhKvGe}m2NPmot-{f{S4^(xfAMV=;qiu%f1;1lg#sK1mvMlOd@_j;Z@%yF@Jwg`9g zIxvp4zXgv3#%myXw5V_#pC-=*e72Bh0(!e|t!-d@Pu-Ay1MIV7uLN@XwRCB!7WCa&4i{59B`iIO;Fh2A>Rh zd-CVVz3T!#f%e}^sM}~pZ#(R<6CpVw1~$YYGZ zCwX#Aq5f|26#0h;$6H4pzpGGxm^?uqqJQ*fw3{4TsGmfhB5zLpCh{Ej8F5rax;BcxpzWegk>z(L!$bLkmOKv{zlIO@DrM}8O_#_^KkLi1nC&}-nem;447W6hQ`^Y2Y=5ywL#!3DG zeeNa?%`R+r8F`qzF6*lNZ}5rEDb!y`9wUF1`p3w_PZa9cl1IpwQ(yZ4{PRy1>id#= zPl3y})4djw=g6(UIrAa6_%HY!{^7ZW{!_>!&c_!b{s$TZ}^877wRu1kC1O+ ze_tUFErtFxwp;2De0*{nmu}=yayy><3cLH2a@N=E&nsf^W^22|DELC%EErt zk`rz950Uq0yCcctyd?FPm4d$?;LFIPjRofilAHRRdqg+4QcyZYRW_-!9@URm()7VsI2bCYoO57#X8sVar4JQ?5@k$bfY z^%KbB0lrGO#uNVx?bZgq?blPqtz-N&A zJw`l;l3 z^6J!oPagUP`WoctoXGwL_+;`Zc_YU8C3%8%B0FjKs$b0hl3V>>E?ny&7O1!B)Mr>% zU(sg=dFtE3e$|o_1Ra+&xooH1YZ!To@7G(qDdF0#U!$RX)*pTzft`qAV`a*O8+@-+Eeu9FQa!zcP9d~94sll!|0{g;@Y z-25w4flr+L3-{~zjS2lTCKqQ507p}#HZe~05$yt2Gr zZT>G)-#Vb*P5r2VzHu%1-x|fjh{vYbkr{3~&PFUNm;tk<-ev4;_s z)LT72LH(wH{!{9oq2A_i$TqX$Y(R^+c2L!9k1fe4(Joq-$=dn_Z8~P^8G&Z-%0(PfWCTN^mkN1-_7x2Z%rWn z(bVq>=oe6bAfW%6`o4T0(BcWn0aVw?a8=~T)`u>ROZ^A*W2o;Ra-r-|y{K==diaj|A$)(+;yI}y{3lXx`RVMqtp5Rhg8JpupGW^Usqf17L(P8= z^}7T9r^!Z9=i`cizMtd8Uajhd{e77FMtuL&{6C~VN_}(2bBOxc0ey$Y=|4b(5Ez9r*7p(*_52lN*>UhM4&_>ZQ( z8s9HA|Ao|tYofnr(0?=alLGn^&p$E zH{yMa=Kl)y_fp@I{oPCb?0~+01o?cEdaJhqj!XUXK3nroQooye%g+bYj|%8Z$Qv%Y zKA(CD`rC@}w0B(UKcF8){T0-oL;cIt_vQVu7SA5)rw06+v_L-B1oSb-i@gu1xAXBty~Xo6^^*en(Ami6 zWa=%SJsp?&59sfq{=I(me7bsmdnH}$_!Z}m|39Q1cnKtIs&Vy}K}^!Hqj*DUJ0 z^8DTWKcapB^>%#xllm0_eY11X--*=Q`gVikRlG(#FE;b)J39hH5*xzNs-SvuJ zab9far(3C?6wsGw4SkOKhV(f@__5mUAY7l^?pu*z9{M&O@YX!J{ z?@yxu*X|x`yzX-2QqhZFTIfI7@ygzs#n0aINzFVWlGy3?=;!x?^=cUt#^Bc zt3LGeg-&VLKQC(s?hgX5OrIx(pQL&|PsY}My{YK>_7SV0)u99Y#eVvP-t`@^eN+V> z@np+%cihIMp>Q3S>|2H7a;I>OCwed5@x=EydfpE5$V=e1Ue)S=e&uH&e%s&95U%4D zo{2b@6d}-c)Q6X0yy^mbH*|zgx(@Pbe6e!z@l(jB9q;xFSO4hG$mhTGIq3rUq?$o* z{q3$?<9Qg|t{dD(?(f6+R;ABM;T2^cyY#yrj+{*X8TFAG=$F;W0p&8jxtq~1yAIZ> z6M0YHIrOE^0O1;cp5tQkVx;PoKY}<-e~3Pji{NuDeY$ssKJ+d0N%CqJVtiBIVSH`> z&|Y{&8TUr77xIC^U7m*^|F-Y?pYW6DdGwF1j!QnDMgDF69@hmv@sX&95BNs|luLeM z!x5*=$CJAv&NVs2ga3M78{w+=Vukv9$WwPB&$a3Q8F@4TZZS9LhCGL!^PTdslK6vZ z!nMDl^H9%iSkQZnw@14n`k&Yx`s4-h!RUKl1LfMUp9}ap28{ENa_Lv>OvGb(sNREdt_44p`f=o`%h02BbA(Jbe{-gcIOL;X1!Y{fbHsQ-6^9NFME$VSYMaqV-?w)mw#i#?D_x3DRR9eBir(+j=HJr#%fcs0eVNNq4~gFk>)}M<+OO~o)WgHn-$b4(0UujeCkl7txT0{~ z$O%8KL=7+5;1=glmOh77ul2)uQHH$973}XVz9Vz$;}_SHN3Tad|6;?B3)gmYoWGXO zwZgT|=l>7=iowRqt6thohmfDs$WQ1?el6jyVPfw(wTK$s~`Fmxu|eGxlXx`%bD;A)BjH4+HT}J-;oO$ z&_wz~%b-rIZkLe9pDtWaPUsJx=+lVD^!3P7>k9R)$$dUA(dyw+;W{qiPmu??%WY39EX^%VxdC%MKi@Ht($%fnLSEzSuuPW2K` zhU>Y_iwmxVKKulHns8xS;W!&R>c`i@HJ;po!uhgIxcaC6?BLWR_&1jfgunMA;%Q3$ zAbDE9AW2?KkGDX$`b3_BK0+MI%Wqh+W3+v}k>NCSo54Qhoe+~5M zlIX9k!vlm{?J*ShW1R5QN>uS$?n3@;oqXEqWxrGr{8w@&%Ow5<1(2%b}QPoedapT zkH>gf-)jxh_-lHh(%bZG=}sQ) zf^oEc%M|6}<8KDHyww^Eo*#ic#EW1QRj&0=3H@zM|J%rOPh#CDOa2LcqBlTq`}vMH zz(02qxb4UK3D?}*ja@8lt_dv?BAWeEJ!oe_T(`g9krbu#}K z)Rp!38tQZX5s&SYzgI5pde0(1HjnBJg@1`xQNe{ezAB zA?nj3P!Cq0y>En1d@uTI_49;qofp|35&sbO>n+u*|8UepeexzZ!6)+!;;BJCUAgGJ z*U;{j)bl!JLtItxy(XMwd+O_!G3fDX&e?uPZ zy2|yc7w!+ie6jpYA@^#aU0Z+FlExF?>oDp#x_KclGl#;<0gDq+Hs~ z_JGea$h`yP;X%m5!{lvmrhjSVtt|boFYKJ2YLGCu8!cho>xyMrp6zw4{{mxkMQ zXI?~ptR4mmcl&|8h%?N74Wd5P814SVcs@`rd5-UcPlWp7+Yx{ML#&h5-_yvw9q5&Z^STZB&-6)tgh-f9?+EqrACWgyk>`Cj z8vgm`5&yIFX*~w<_|HRGfqZ~)T?hK=gFxkF<37sqV(;CrF;DAKKUcWM?_FQG{`~6v zDLU#$(OqaadK2Qe^QLpjy=92!0RN`1aP?0-g!xs5>-j^be+7D5_kLEr)K4N%Kdr{X zC&}ZK9XGcq7rnpEcP(1I{YIV+>`Nz(llVm+&EvT6FXK#;=eMC>De`i6v%fn~pD%LY z&mxbMM?FNTA1GY=8?A)?KF$H2MScDU_}e~YG4+WlsOMMdGiW^e6~74e(35dpt*F4`)xQ_ixpGZ&Sc|ZTCT>|=W;QIDR^7x;qhu+kGpj`5nx({*su25b|{c_>%xLghE;Uw}#_rTxZ4!s@6M+w*Q@;ENrso$ua|9|w4pUh_) z@@78Io?Ygc`pCVAC%+Z_I*Volglqg>AU_W)*ZTR+cghI$rSF4JbPIeg<+wK#uKL(R zh4IWF&%c1WvU=DhT-X25&zQfB=zoO%;lmima^x4@f9yOAaQp->oJBmVsDDVf>sMEd z@2(Q~#YW{4XOjD8%iG8YppSix@w$`xH-)?7ax3u5>Ay|&;*-A?{j&KubRu||`vF`3 z-%u`j4$VQ`!p-x37q0$3uMZT{zw9KeZ^qGY?E|el4C|vs$<#Ayg^Kd_TY$e*Yx?OBO zb>I`@`qp$Rd~!VBp^ev;JU#&RGluP6M(*>u?zVp(A>8F>4l>+|`pLqz&R6`2OtvIn zN}uR+i1SJEFVsisD)a~PV|lJUjs3k6@l2+Ev~b-&obdyWcTBVQDD~kG*6nrF|1I3b zsb8=zua4x6r^7$CAIFRP$?qqR&PSYf9s5c0@F|G1RB8Odd%`vTNH5<3tN$||Lc3wk zqY(Y0!Zkm;0_Tq{dX|#${qJjt=yjb;9z>jFDS1@=h39TU{%u}=rFyB8;QLueT)V~I zu)zMOS`zu}#p{zS6R);#_0Rr={?=u?cTzu+daKXz#nOtwjC&|GWv;ag6+odSLp!@yaDmkJo7nq4&VL;BV}x+cPhuYGe;|MN26=|>``frQ zdJOSL%VXWJJWp4ydA=0$!sge0@?1ys*Ww&F3;F4>4*9WlW{mJ-)%nB1)!%;xGqgG5 z+@oCb6I%)1mc0FJ@bpHsYv(nyg=;?JC7`$KR0~xv{`p!>+ z=%^nn=#ziLcQnG^?NA@hLn-*5Mt(@Ru48+6e@F%L<5S?X1ILSo!ZjZMG4v}*eZyzq zpWfj+VtM{dxb`cN2EU*B!>SjaoP>3z40)etRsY}DP~jSX;!KQ)&6gu`f06p<+WYR0 zPUoL~CVHJ;`4HA0%kzHcFZ1_&27J4d*VORhJ3Y<}HKefoRM(=tT}XuWdL2k(nG zq&^aVdOPx9$NiZL;GgI5w=Vm&SGcZAF`ma+U6ou&pW*Pa^UWN2;w8lS5PfPaf`76- zxSbbVqg>+2PC=cRex-0%=Nr(kk`@nn;v@L9DuG|rT#Pzg7ub)TCfwDbkMSza{Pa^U z`H7zl9~-Yn$C6H6Nw}^v4{X9Z(~~}})9_Cf;W%5CytibySnzmfYt`;Oc|-rzNiOX3fVi^X%1 zaE&M43_ciT&l{>-+6|4we6f61Tn>F`0P-`B{>y~B`FJ_%>Lv1>+nhO z{XW~D4->9FQI1z>>cWXz zlgD}8%<8=18)(;Sjq%-h9R8q#aBVksEBa-1`=xS;KhNte=5xYIwCn$b`rplVqvRQ$ z4_be360SapN8oSkfAO1WH{S$xczP)qO;axV)N0=W+t0ipT=SL=BYvL^yiK3X9_Smw z#@j}p9QOkje~q``AG;CxwDYxo!c9X9_hXpjQa=@-x974>Rv)da{oqabN8i#v_X&?9 z)tl{WFAI6zrp;}S_S{)gNWxb z`rN2od{VqlV&lGwJT@KUW$VVp@4zR;_rGj>FB7ioWMY5eIyq3du9MjlP@i^P{XzO< z24mejt^@+wqk73h*ke5~&QRvq!5neUTPhqqIIp>U0->xRPhVYqP3b2P9&oTpsk zjGTvYJfA)X$^ALVv+YA#z6*W)AoRAL+#_7$k8!?REzK0J$H8{*pl&1d|DXDZKJ*=Y z?j!H>9(az|;WgHybQm`xWK=+qcqxx^RutZ-wzaLY^k~ zK1BVzM*b;z^eyDM9Qg^W;UAs{pStAXu%37P_cd7b+OGGS?|y0PK$1LoUG8=DSN$y1 z3I6MOXMCXjm31I+{?%2u_SfhA9yTsd3fJ@K$d{;xMhtB^eOfl*dP2TIeWcykK;)qz z^Zdt$%-av>?^mqbb|0bL)OL)c&6f$}i8h6Nsc@|aZzb9-%XWVkuKjAX9lQ>C%{7Q8 zHyh(_`?On?OMjC*?pV8D3)ej7YN6dW^!d|#-u4}_F$(<;`b0gSeJ@25JQ zKJ%y#^L`2QS+9D{+g#-B4(gk&CBLh19G_P%@h1ZJbN(P)$1CwQ#w$dhBh*K_qYn3z zcVCD2)8AoSY@XibI7LVOctp6i8{_@Gwr*GX7;#1hcXnzSA@}O9T=dZa$fq5beKEEIQOzI~HSO0WFpJY;fV_?30d+U^saxP+6~3PUu8TMvpOy{y+(~DIAY_{ zU%2*bC+DN>Lq-YL_@mR2&t~*_%jxC*&yO&^G4k(KFLB0yM!PnDuiK#hav#g5(A$1* zvT*ee^Y~?XZuc4TAAiGl&c?4N_ufT3PZpu!SB0xjem3|l#^ZespZrNUetk(kLb&Qv zmmp4CPadM)Z;kOff&OXgBO}4>I9qBX`kQzj<8Jf!CgE=WcE)@h!}<6K_32ZfH=p(7 zdDcUH##!?VO)teU8}=$zC@fM?)PlI zT&7(7W3A!SqbveiEL_{oz3)3<@t^t?^N>V5R)>!(mw0k7W8Jt#P7U>S_9nEO44emb z7w+`U3-?_K^2BWLt6}54BV6ltW)|zM^=l{f(ccPvdVGyIy&)LK2z{n2*ZSdc>Ryg} z(Kq1PtKnmH*h;zNA#^wTYvaD3-2bAGM>oSK#m@(s{$t@9e_yUAbr{cn;aWct?$1k- zH{JrC4(w0b3wQBP#_?rT3H-ra;p)FSaGYJKJ`%q_3FB+^wv9gC0nDRzY`5mO@XvMf z9kF@cS-JS6dHuoaVFLBZ?Wq63^qFY-E0CY2dv8c3;LxVIYdSUwL3cl*-7x>qv? z{}4a#Hkol=CtUqgz0srf9G82k&)x!mi}OwLH0#9rRcagk`(EIjEzg$w>;cgw6UKoGT4)~{@K|cSczMF83 zGr1MK4*6^3+0v+!LFARbhfnSW_}hM|FL^Yuk9tYC`lsJOonZ7mZ?o#9PP`|Of6Hgf zAE5UG{p}-M^AkQB`5D7_rc$4J5dKYz@QVei7yszvh~JLaS@KLfj8|*=blb@|dB3IA z|8>H3zZBk5czk?SxW*H`7VGDbQZTCgBjc=vcuLd%Lg8AUsXTnbz2- zp-*}b`fEPxsgJ$@ZtGsjU5Gzi4*hLG|N6pRUGe>k>&SZu*LWIzf_P%&w@@E@5b@Y? z=QZJ)htxZT@&8M`|Ca9@def)IPeops|9|w4#=>ra63U-uXX+=Xjn{m;Up}W8BXhKSCbo`=>S^`}_i*5bNCdEa95BP5iu%?U$BO zpM0UP-u@Bp>i;vuIgRl&_!W7`P6M}i+AG(3cog%iJoOKgC-?b|SUkTA*LYe6?w2dS z8{A)m@v?c^Lb&=TS#P!uOe4>BLc8X_+W8cFhg;z|&NBCQP#^ynGuqByTJ3?q|1kKq zjDLl2%|keFKhJ06{&Cm`j-){T@EX+x&@f%yM5%8}D-AF3)LyCp z`ItC}e#NSR+xz~jg=^i84eTek2-mtw1nTfN^7Kl?Gl2zE>o3F^OQ64YJeooteh7Mt zr`F%dTaNx8GXB$rYyJ~+P=|KCYmVxvIr_&E)l2?Ud_Tpm1C%<%{*FW?$C=R9%5}VW z|1f5a99D#Df0GM*XK(Aq%k+t!g?`yQ+CZM1jeO$2p7$qxGJoUx!zcz@=P>+Jyf38& z`T4@#yuK0nv32`8?P?C%oH zqZjEjP`I|6Jm5QJL+Xz^0v_)LA6v)z2-m!MMW}yU=f|sF$FUE_F;D*-eR7-N-;@58 z{uLi-*W-2RvgGZBt55g{e44X?PgJk%z5$;I^?wR?`z}8B#`1rqJg7>2ve%*>ZlnG& z<kBNPU#!Zh6>D|2U7!7Jn1@qG$EVR>D3Z%6MYJ zHGY3?Cl|TZ&rao{550`}cs~2pyA0!8h<@2Ve3)<-XW;WekCA5|!HRT%J}XWC6Y_Q` z`8SU9A4mNtk~eNNp6o4X_YTH?j&MC*G&)$gue(9G>u*o=Yc#zcP#^8@#l9m$$rsW; z%{sBXeMo&eu>N-{tN#CeT`gSwQ!k=^>Qb`aIL|w5+}o8yoj)AdUv(C){f%`%f8V9g zSmolM9E>`#dT3Q1{f)fgJEa{@2MX8g|D^)=H;xmoKB2*dbsjn%JaP^EEzT9>KA$sl z3gf9z0s3eXdA8%rSn}{Ag>k+uT*oC=7raUljJA?T+hG3wO8?>$#9#CYzF%zD>+V)A z@#mjGelYr;w}w3Oh3_0}j7pq{cGEpkZ=W282CfyZ^^;f&hiYthl5kxoXKyR4tIveH zI_v>|tCOn5h$nsp>U=+a?kCTki~ibv@=J2BYGMA53n9*EQ_Q>7%+CPfuD|`^Q=k5i zk>@T4x8r`}iik78`%$e9Ul*?RP_|+Z=YU>#-j}MEe5QGxGJ*bWPl8XTT;Y7bMY-s` zz`pkgxzGDK?YKXn5`6N3{qQv5S`X1@P(Qb@zpI2-l+Qi7rE&b{*-8 z8sM39VV)mTE_ujJN4rfqAB$>&XO^NKeEJVmF8;A6Fn=w!`-SWLjRo!pm`Z*0BIMcD zjcw$qPml*2ujaLo|L~t^@f+r$lW^UKL<9HFUn5-OPaT4fop-DduJbF)`(5q4brbbo zZN$@@{W^E5?)OggzUSwFh`lDT<1~zNz4?vOzmD@ zQ6Gw-9<1IPoC;{Wze>`pxo~~XMyBxuN30I}QSYsX&-K*bDqQmxJ`MHu6!Y^c zd2$xc7apMg2z}yP&@Q{>opTy|yfcsotDoNF=~I#Ca`c%fT_v;IA*upcU@n`OX3NhFPtk}^Kfxs9`zQktW+^FPCQ)uGQL>LYPx zczwp+Z`w@%>_YfkJ)hYS?S}vGokK7Bj3@VaebwUMOrGQCr;MM~2<@g{Ks_5@pj`40 zy$|c;gC)>F*~ZX&cVI;77J)ZcF8c5w`1p+H3FCYYn8m+axaQ}A4ah@X>Q6phxxAmg z2ghZbcQu6T`jdPX^W`e)+X~mbh4x}x7>;)jd2Br9qt9RLGd+(Nh}QG2ZG!kS(~)PJ zcL&H*TfyzTsY_F|o9F$vCo`T2!o&RkqklX`y|7EryZ#GZg7q0ow{9PD-J$7N=t$$s5zqDXc~pHQ&wjVU zJbx=(>$wxxpHkHSMty|y$o3W8T4=lfeO=|aoTt}?zs-vW$b-)Zn-ld z7Ua|B*HglewVto0K6|n6oGt#X=EME7ttXeA1OLow=m#;L=gG6rqi*jeKPX)5{21?ku3kcg=>DYr7-Voy`4;bwmb4^$FK>$Yv6Zto?p z%HyNWuc^W{4-izyucUcvlbC{XFT=Vz~AozekS=X z%GE#c+?7@2$uh`*_2F00FN^aCd3p)z#PZO|*F609 zb*1BS-0bVSUv8%4CE?ny%+St`*!kT)3fJTH+)7v{!{i54uXQ*8{j&G_ zT6KoM|1-G7vqHJ(Q&Uk_XE2^!)MtAm&UN(faUp!tUEpJJ-XmP=KXDo6T_0Wt=+^Vt z&tX^~dL5S(pTlN(`;b222JoLz5)J>vc0;2vE{`&vE?p2$cyeLC-Y3uSK2NLLrd<(d z@cK+A;hKkB1*|7^=zo`T8OMC!{)d_L$@NFwPNsf0^|>_i@E&=UZtzd@er9A<_J_hX z56O+F%tqAD6|VUV-rxQac_^^1=E(DWKCsQf!@@QG>~n?Vbw+o@lYJ5URnuRsT=bc} zh57uDJogKZYw;ok`mb=U!wl=t#@WZmpjf*9`)nK|AUVcuJbFj4*7}k zZ{`WtIAgpI*6O)p5A-YZf$x-dTx%j+eIoq)yT#dDxb>aZ?nl&dnHT4w-p=GNZ&H70 z*XQR1t=;G89}0Y)VkLcIe2&@i^x2?3GQR0Ak>|6?PwffrH^;ch?O5(Lo;>{!=Bd38 z@{(}fSIi82F7*}RT0iN)eP5r@C(rfPe5zl}e(}1NU1w;cTzulE7anKh!nNIh*shK5 zo%D(SgMK~Ce!Wef6hEIHA#d6X?M6mGZ~0sxT>ZZaoY%jsdWk1=KJ=H+XFYj#7V=}` z`ww}T&pG^=`btr>n_mPUJAMr$kKBwpxA#F72-kc@{)K*R5scm^Pw_cLmWMyoNAq?g z)(3kZr|l(ZH_p$w_hdW|ktaLC-`3T&r%gyJjZ!$*D-2c%69qwsU0^jRxWj$ z=KUnLPfH1R`^ha>uWWyKgg)8v823tSw@q*OB=-1@v?9M&__5~E7}ZN2vb;ax8S1a> z10Sy;{Ox_!*Mz&{$R4a4lc@iT`rJ~)`7e31%cy7m%aPwoo@4#n{F*9U*MV%{^Kp-o zhXbG6eVjbc{lC>!O1Snby$$2?1KaI?Ir<4{_ z`-F+)mns*1b`yMT9z88w-(MKgXo6E(-gZ%+$ND_3d`@B+uV%?z|ve+s$r|J7=4ZdDTmvLnW}j*>SDe zK=Aan;P!sa+sY-*%#Ros{8l~(aTV%66!;#89*)cB0s`xKZ{gZ*ZY+E({^PDjK4Xh9 zPm4<+5zU0FKJqN|mbW{}Lx1>AXyg7deWJY28E&3eD~9#If8aWEE8*I&e1pKeP%iC; z1NXarMxXh|VV_)tFuk9s&v6|_w4N8a2JLR-{VFyt7YcXl(i}u+$F=8#YrE;6;9&h~ zb}iye^M2q5*zR@0)hDw8^)r_Ny-a;JisKHl%em*upVAY-cq>6 z<8{S|+jWe)s1L{BQ?exfU>5cMM#MjqKG8w&58fxgM7XY>slau=*Mw`kF<$Qq(`UDG z>2Gu_X0+`aW7lKfc;G9H3$o#P3xvCT_Vk^D<#P@7tpd-5s6H6u)ibdFsqJ_bFB7Qq z7Q)rvpI10u_tB>vzaOnCO+ywF}yAjqW%ow>hEvIyz5Qw3)g<-zQuZl|H^ZIgu8KUfjYGD{enKR z!1>E=>JvPVvwk(W5kA>pkO%XbC|u)72A(6mlsvo(`FV%y(s4IIpWx?_?YP-NxW<{_ z`<1r7{iR&|6F>N_r+b*6e#5}iyg#`V^Y93H@;21@H)ZgPf5`L85WgKy+YN`0KMlMe zeSRem^E&_eVW|KC?_ z$E8l*M&_TR|8U{zpW*(n9RGB_a>-}BFZ}nDSBXO(=5yWak`GfZ`sjmaf5lrxFaE*zG0zvS_oc)F_oZAfT;qw1fKPe)JfS|)-!Sh7 zW|-bm;adL*evZcK|5N(-t2#Ibi@Ex3@K3bHys-V!-O9z^+k-sYetrdc>Pz4G)L=Z@ zg_|dl`%&h0_k!^t`Y8zgBi?}YSf=}m-xsy#smA|j^wex^EXB*m-zD+`p%&jebx%sagTpi=>H4# zq0@%%#5p#w@4ZR5<{{A^{u%l|DO}sl?n2$#xbL7(JaC`$A=Qgd@-XV5G<~ia z2cO6i#M6NMUE$hp=yKHm9&+z)aQ|KK!{j018jt@M;<5QPh&=lo*45jnpGu#w2fdxA zte`&1^OU~S|4JTNgg7JQ{bk}GYyG)PxQmC+!LU4^mO%XZUof*u(x;zr)yM8azYvw@ zJ>~Qi9rfc~>XTi3M;r2Y)hECw!_S+W&sgEdTK}J;K0XLan@1h*LH&ex7uL^>!Zpq$ z?=v_3`{bdnh{yO2^4MdYT!hB!-wU7kTIerj{KLqTe4c~l?MLNO51CHT+jGs#da&-5C0^uqoNhhn<`xI%j(MSpDLpM1=HV#ymjU;es}=! zWN*MY+WOOHBK`TCMjQ7>luJG%1w}CwNCVU>CPtg?im+xEIesUFgg4b#7dRo;75l`^G zf)>Kvyn7J&xBPrTp5yv&`9Dma%0X{+)pIKRb6+7&8{Y?n>+!KZ&)=CgZ-H=aH~brX zY@f4DxUSn}`Tfy$TsTa9WGVEvj>V@T|6U69+?M%SEnM@T;`g@HCI3$Ky3T}=;Tomz zi-FVO6W-xFVC!D_hfpWEzC>V@a|TuRGxg(Q5^?3ejm zA>7qZ;5qFtQ=jE?Yi%Fc@?qp{KA#WJlKs6}xV9TxjCx~tz1hNbT++oj??$gZZ@Kd+ z_Bsacm)oK~(%%g0p#=R8(m(NAXGfZnpZSQ!|KC?v;o9!$-=JNq+v}ZP<`>Tgt={et zuI=V|zm1)zeCd4Tygu-J>2i;vzdoYZ*zp{PNr>1`h`=2r_pfa-u}H$@bN!Fp6_6P7YNt<=Vl>qW9gqI4}Kme@+8{z zu1C9#seh3?{j=|gtz$o$eoJ9I=RL)7=W(z#ePZMh-gji_5I3+rSbd7Pg+v;B7M`DizC7?G5u z|E1*NwP?3J`HjN$IG#Tq6_p@QQ=bdy*EvqnQ9rf`*F0n&!noM+sNDj@lV9jN^?Lrz z4Z>BQn_j5@Sh&u|)QY%MMydaoyxIZQM4NBDor`rj{H z*Wq*r+9Po@XzWDM)A)=TJbhR?&Xd`=+G@w$r7rsfD& zfA12ktCQ$cVF~Q7ioAD%zj`Q6pRbzJ&x!uZ-e znooUt7<>|p^N4b3H#QXcwE6Nx8a%Na`7~bZW$<*BLj5($C2#T1(cdUi4I^@Up^F4*@bp!A8 z3C;wkdnN6?>6{+e)|U!wx?d?H-e$rL{~6o!qrQMk4np4iC|J6^YV z13bs?3&W^+-W9^NU*QADb7QtUoIKH@qw_hN^>z<^lH8}A!**XVA3m?RH2He+4C}<^ zMX8m@Ta4FBZ9m*gxM^tNehgN<#>sjp%U_P8Pj;K{h}F+|Z$h8o^ZW-;e}!@xujmT& z>ss=UjE_RzEQXqIAwS8$bFI%2?&>^=Iv-7+%gH0dF^(;m&*$iq@!E5qlx-Cqj7D7^|iaS7(N?ei1L#U~W_p4nf8 zyLq%3@ib?i6raoYA>(OF9t}L-;}YfSQy=l$@oNh8@teU*v)wPLkALYqV&h)%UG%ro zMywC^epUa6K*z3cOEL=0o@-_&%mY=3Zgt;uEcf{+48cwh^xD zaHGKcT>XT*{5LHe_YdhGyuP%V{+Uf!hb{hgA2AQyC*&B%znQ|D%6=PJJwXp~E)r$Ndle@&=<$tge#6wcXTm-|1~%w4C}F z@6)#Y|4N?Y=VBskywzIzyn=bUvJ9kcMqch?9GBy~{!oqlJmIR(HpaNyb@jQz z)j!7b^jg%vNqv<2Qp-=#Cx|o6^CO!Vrzscz{K@dQb@fW&F8*G=bKXq<5!5H2Lf*{( zL*crwNb-BP?fm7$_3+O;i2mAs@*3glpUt7&X&jd+)aUMpz9HM)LLT3VIMuzw7b?^DzzulG6plN|Rb`BddPj{IIT)Bhk`eSQdx%WnE)_&lFk z^f`B<_Upf|9{&fwM!5Dj%ypaT@g7kw@npCUwE8Uj1@wvG7#E9kh;Yqw@N;u-P@m@g zz?fz7F-+y+ALe}~=6~v!@K2o&f1J(9_ga$2KJs1XDzl3>D;J+6KR@1t{N%65D_`J< zosVB3{8;%JPQ8Bv^fq61IKA|Xb#D1NOnr#+%l2c>Z$ch|&prD_xaQgC{d;yDsrT35 z9>0IH9OGXg+|93FvEyw)o>9H@H#Q0R@yQ#010LtNSp3%tSD)0`n7=J~;G9i;g2xxj z&u;4T{2cwg^slfP{%O9SV)y&qAzas`zVG2UV)4wRJ`#A|-Pg(`p6rPjS<7epE#Q6x z>!cmuuMmE$@k*#(^5FA63LE!-onHK3!EtJK5js%sTg;&+9FA99b<~<4_RE-|UxM>^OP4&Sz z?q}YX3fKI!U};J-Oi_WlE=m%e)GBi2eccy z9=sppyke*3r`VhPC64cP$j1rSJY>1gvHpH7+{Lp2dA^eR@Q)bZ^v8wu-$A(Qqn(i- zyFY)3aP`kWk9f@gW#bDA*Wre{#7FD%0kk`v?e>dV!x)q-`0l)snM8dr;d-3y&gUDPMt-|+Z8vunTKs{0sng5;FmT=J zQ`Kv|jl}%2wX5FG@P9IJKGo52@d@1jIY7Ajgg!vK{W)Pa3fKH(cpr<^TcuyXJ$|2p z?R(D=my5?*;Bx`Q34O{zl;ai1NEtFYjZ1fI77C3JX_%pWoAj>hipcg=>E!yzj{7 z``5yCUc@V)Ul@JQtGx&M=sv`6{aU45{KNM^nPdDn?u9=5C-QJI`IF?aXE9#4lK)Dc zNI`G&;*vb#k3Nq2Y)bvD!rgfBxk(n!Vd1*&h57zbg8JtBsDB0iHtu(k$5w$qSOR~r zUbyBh^*S=<^90~W>eCNEZ~K{>_rpKR^9zgTRq|L}__Sj@o5|C^z{m8L{f2h4WiT)9 zD#9PEAkVz&J7C9)oNyiYB*(oG{r?uO;}YZboJ!>99)NyR;CcH49WVB-VZD{4evojR zn?&x%ox;^W#Or3JneOy*oH_^fa3BBZIqLo4;FpnC|DAc;<2zE9{5Ij{N#uS^qCOo) zK1cAEKPs1a@`3xKPW=P(Xlh_RX)9doJi_Ne*}8X=aILHGiHH-U;CUY_7k~duaLeb9 z)MxGox4NzSC-NL!jrka5oNa}>yiLXNw+zR3qH<|B%j;UU-^)?&b-_NcYzY`$a1cHz z-WNd|?@r-b|GNVBV=q#@_~&?k)JVqjJ9&uL4Q!uN?JxL8C!#(r{zrwo^(yc^;Jbut zyQ$aF-vs?n`5Qhy?;|>cytQ!6|4hDb(wzKe)k~boZfMu$#dGw@FdnOuGY>%@3*7g0 zuW(&ITL#w8$&SnWGJI}8nC(7HpXhSz|Ig+GIB5RdZ`k;DK8*NV@_CZBue(mTj&F+3 z?Rky<(^W6utGku;X8V?r&H&j&8#glK1 zb}i1kgdc02nI>H8vxxU=p% zdjAyk>o)SC;cw$Ul018n@0>0E zjB<%5QiO4|b-2NCh%@^E`n81dv=y%P5aII#!sMM)uW|l?{bWhTGe@|_A9)LL+J5z< zvdmiu{ar_&(Zba~8n};oj&SFbz&c?4+N)gRkIqG$FVUxUIn;BK_xYf8&$~~!>chOB z8KdlZN0dvP`9R)!mq(oOav1kJ=s!WY>SH|bv-Rg2;aZ|Iqsn5>CJhgE@<#_e~ z@2k0R^-niKgf?EEDA)e-`CU8sr+<;hc)b3UyjBJ1^C9dfyOzQ)7Lup=IUw_|bOPpS zl=mI^^l2*Gt&`K>WAmc3aE&t?I3A_Q<4KH{-S=4OM8uN}T%T_t-1)CZ9sbC6A0bci z{cBX0=Pja7b{s}_8TALrJ-&Z^33;_*^eYv(pQ^cVjX%ZXtnF`KCl7TgobRPVh(FX1 z<8mwgA0*E_f_Q99-x03;ihqv!wD)1Zpg#J6?;PxSx{vzAe&qQe{o7YWUB#RBaAc}1 znfmH4T;tEZhWXwX*qcrLnm`>crQSP?OwOl%n{b`K!S72gbrR-Lv@zPXI;kt%jeCc} z`n*QD_V+U6!S2hNNqxRG@{r*AuwHnWF&zD47xhuj7t3>~65E_#pir8IpO z3)giu6nMXNE%mWyFpev!Z&?*S;r59CQS#x+rC;$cd`GO#=L>iFX$<|<)Mv=kf5QI@ z^77T-ljQSkZCrYg=lQwXp45*KuKtm)(ceFqhiA=aSz#V_2-p3_3O<*tC4HJyN4x%m z(A#`}fjqPX-1Zxx8fZ6s5x7sEj>0t$9-kj>=ll1O=lQwFF!dYBGd++8JAO5;DL&G# z1g{hJqJEHY?XUMc+Fe%$zgVk!X*Yc`eC++uKk1Vx1%57lD%XNO!T0g4UssW51J7j| zBV5~!zverKv*w$CuitfG2B%+kW^;lxhuZYN&UYEM8^KhKfppGQ2U7|#*qS`WOB%jQMxu=@Y^b++Sj9N&R;z9c2r3Rj;L&#!G> zzeye$iukR5nx2OBITW}bufK4O-{?P)VSYBF z4nHREM;;5@FC7=I^Dac61obPZ&+-0t%SleStLFj8!+z>dt&8|`@A;0{{-LFE%})Y# zwS?pKBK6U|7#GWDPB`ir{!cRz$Jc{T?n30#j%!ndt3KTk`q7N%dFo?}p||U4mFh#E zEP?zyM}1@An*V$Y)Th1ga5eS0pRfa<`$N9VhYxi^Viee2V<+Er|wxp+3U8vihmo5I)}d@Ui(ag*?vlT-)C+5pHA0(A|&Ks+V>%t>M#> zIT=N{|=f#@StS5PP6Y^>MnZd$czy87amZts*a{nvekz(=>%!lVw z49D9cT=(ajc)xKK>iRJty>GvwK3}mo>7Tg=ddtsO^oezXztzv*nq8aS`ns$ApbzGwh_4pAQ;i*_v!>1NP-7hyi;+24v0@Niq?VJm&QDwlTC zf#u06QO=9eX_l9o@M?0i~4Xk=*v@IuQ}R{PR2Z%OFm4wwCl$)UN*j;2-p0i zI)aa2{J)X=MK~|OS-gC`U<>%C`963h`nOju{;ArC$MSO*c_e|nHKBeTdHe(4k-Fsd z&Vo<27(VsL$0(OLqc+qXX^T;umHKz2l@L-x!~JY~%7Y_4)0-3&iSh@Hx=uQs|e})tAEcye#tt z=HoDg?=?Rc@ehBeF#hYwd$V75{d2Z(jVBRBo^5T}pdq=qX zB-=pGzw#=y1o!y72-{zMq+I+%(~zIxjQ_q?;PI2tU)w)Ftz7$iGxS!6Td4Q{!nh3Q zL_NMWd^|pPr6m2^2-k7<58*u5=JgfSho_#@J{sgH4=e?IwY)k{24-p^ylBfkyW zjonmOZ#N3p_3G8YdG`aV7a#u_^w;WtKYfz?{G+{J)~2n-|KC?1;Vz&3v2NIPzbV4C zo+k%BpZ=n7J@1eH5^zqNc2--e#vvP?udotp*eMP7pc2{w++&d0c9`8`T@ec&?T+HU+NjIZTqiE^#aQSi6=d7?e^;iibw{7d`b-n|$X zJFgre{8;(CkNVtD_*~1BSLy(t{1t`cHBh+jZzu8l_(If=5w7(XE{T<}i2Nz~WOKeF z4avKAM4c?=a~(^O-z;4F8|Qfks?_t|RxbI;k3qkBQh&k)(1#n~_+sZ--GysB@$aBN zoBBIcuX*M?we!1u^!a~uoq4=fwkhG7{~;aaccWoSox9`r4F z>OpW@2cFUjekL0r{+4eY$n)IaV(tEpa?#IZeOFV9!>O&|fA$OL>?%Ycnh96?!~jHi z2pjA%^6(hMEy=hIxeEUHE5L2O*gzf&?4N1d2Kv#St5>Y2(9Q)tB}S zf8aZX40Re_%lPnl*6ZX0$diqbht}_=2zTRE;JvezYA^b^$?(Ve-3c9FAA29;gT+50 zTY^|-0WKTWA`B!D3^LgJ0m_e-d=Vic)kGK;*cWGY(xH-eWjb=PoC#s zSf9OIxR#p?oR2q9xVCRRTfBW|&_1#o`E29NE@xlC8@~tZVTRK?DqQnC!TSmLE6)qx z4FCOo@YCkCgmSS@|A~lIV?3V~?)oWp>XE-m`^e+4x9jL@JHh`@;9R5og}eND0V7Oz z>a3-`AK0g{-gw|Ucb^DXe^Pwksw{QBQ+?&rP*ZD{wzt4O6nM{Tf^hXmE|8ppjsHhz zALn`FHa?%(8TI-;a9%_M;Vw^lLuVBInX6p<@pyl}DtU!2@F&ZC0@sqCFI??o2Yg4& z|Ka4}BE;<;Htn{W{H2J4t#3nJ;lCHSe^N!bmK%Q$`C$F-3*j2)?AIV? zvD_NnP~R-?7ukH;UAfr%r4WbxoYz2Y6*-KRzE^)}zN4fo}^9%K( zfp!dchfaJR^46{&y9w8Fqdb?x{7DMeb{uj(#xc8}@G|*5-1lPZhfS(4{v-qMPZjil zes(3s&jkIvNVxO=L*&C9h4{sIR6yh?lqof!R`E?n!I zZUFmrv++tA6nNO7+O|Jil=p?S~52c287C zyEHGrFBa3@FM;}AS`z#Z+Gidt?tj}}Qm*)!=l930uMHBe{-?G;$L9TaluNl;-XF8} z-A#M{Tx5ui^F!~3eT?TOAzS2g0KLH@{7#~+e+CQJew_-u7oVVgJn)|TQ_989>;lxw z^1ReN)DPT8x>UI4Rg8I6iSdlmKF0H+?LOxO<)Rhc zs**Pn?sP6iJS{#0gloG;xDTf@?H{Loek$e{YnRu^!=0dWGwr=T&`+L#INV5HL>@T@ zewzO?$-NfPvH9*J;o85-a9m>gcpKGT^YeY*Dc7L>e(Ly>P_EtgySy*z75%yR`2VPI z)rs&uIE%x2;o9z@1L$`l>VK^E5`T~TvaDa9)ekzU*{z)AXSBbYJk0NI-$lNdJT?{e z-N1y~uUzzV^AI0fSKJwgzQ_8?jN<-H5U%Z&D1eUbe|Vkt@t-iFUQ`11z52sG7Pzl6 zi9ERk>zT!cuwNitXCE#I!Z4?H&yehx0c zA513q8=zdfzjsKv=%)uDuU?@3sQaOl7zzDz$W!F`=EdW)S-9p^nC~}Pe>|-A8i&C1 zvdROY@A11-WvPFUaE-$b#-TcSQtd^@=lzx#`IpXK)+d2=(Ko_1Zt?5T?slCxbP#kR zpJP0?@h~S`?Q^gDPTB77l^x7>=liM*r&pUiN^bFQVLb4Cir&Wiqg~#h{|^h-dL`x{ zo-dLAMV{;eKXYlgr+UlDvK?Z=X*GN^AKR&0rI*Dk!D6QTV^+Gi?5rwR2#4=@h< z;HO>3ohMxVjAneNu#7rwl}jFGc7R_){)E%v|M}aGxzq`DXzu82{_bb;cinrv;yq2w4X>G;`4gTs~3f9+>*RrwtAHvAv(fyTqm$u zybFcveal9H`QI))jX>NFAP6Z|C{s$h{j7{~FY9 zJreOubVEF^qoc!xYrCYE`OfnH>q{Qpj(N&r{;6>7?}q~SAHJl0@Oz!V3fDZ0J%n=C zmViTkg8t8dpSI3?k375-^|g7k)F{|THX?4;e{WDO`pIjcvzql?Py6r-u($RKjfQ=E z0{l5d`*!3}o_{rod?2|u5jvNXpE?Hq#Ac#gYnOy_@h7|5cb3g)|CVr#bNEff)5`sc z_Nl=4Q^I4Rlj3{IHaHKxNf?d`Y))x&M$#=X|;!7pRZ7S9=uw(`k9yn|7%gF zr*J)oEqCrHM@o{9rhSUz`6BWS)XyG5d(|QTOYOynBe$@@N(c`{)eRx1a!j&{4RyW9q2yz?0Oui}s-e?CrXE zwsP?^HUWMX(Z2k6wlDYpSU+kfT-!G~2|D#z?t|pvi{bxwP%id)ez(ZhnL~uD zPH_LsIJ3VV^|j~4tI0FG-!-cc4po?leCr)pPgWML<$B*?UfaQWt(9;s*ISQz*?ihl z?WJA9qu{^Yw|Sj9v1#z?!gHpUc}g*5+~8=RQC@ zFQU$1;o6UG;{7q}7thc>%6;RevtRhX-OoQgi8w?DV!pQPg&yRoIq=`|@O9y?T>{?? z`N4DwQ7?wmJ8LrhkMxF4b^3psa*1=I5OKEg*R+s2xv8+Xaq<{-GFj-` z{odFUDA(T#ZgKd8JUamGZuwR;1@@`q=ywtNIZnCw>AwzcIzP}p&V3`6&mEtHeQ-b0 zv&NrBoZqJY55hH`@v7*Lw*D;j6t2_f@Z33g>v`9Zds)m2m8f&4aF?Ie5g+{4^L8oM zeCB;W%b!c1Cg;BW`>4~OJQUb(|CDmce}6CHY3=o!aP>bt68=vq2ce>8ke_D-(RqC z(wl{PWlJE#@1|=-9vyn&)UCO0v%|1)bP;=tpttoTgm-%?+@-F_jqm$qU3p3Kacoi7lGJ)iJ8hpC&T%| z`rTf$zZWg|82uSBTm6*#4}s^}bA)UBJ+7ad(tfXU(T}(B9jQoOI7j32&wte%mwf&K zqGn0GZ@DZZF$T@`<{Vw08W{UdgTWf zkLLp8yuVbAaV|d(^L{jN9@GuOwSW0vApR3+|A=sHuh{9}w*FjA`}ju~C-)cN54HE6OnCI47oD1ed$G;r)dY$@>g=@K~_2{7`$Oq6q&;1*wlOc~hf%@9`dG-S6do$su ztuG8+;D3kvfS5$hT|h&tclnz0h~W;#1~jl$%`#K85xj$diHf z;funx+$g`NS&H_{)n5JF4xMx8XW>Hd=o9dNI_<9|_Zf!)))UTTh$T&qepNhZtK7Xufd-P*9q1x9fYgB z$9DYxd4xQDUGaE&i{YogANgSUe}i!KCm!%;811tqpkwQq$!afgi~a|B-h=VXsJ-aq z`5XjMlILhkP;PV&;=GjhJIP}_*BV~Q`gtk!1N&a$!c{-a=b=T^*+QOv0ON_}$@$Az z?zQm0AMNA9_4=jJR?IIp?>s_#e-J#WOZ$!FA?|0h+&iLNxYG_ zpSh2qbDTP9wHNM9K|6L}fW9YB)-2w?&Rhwda9P;DNu4IbwZ8rk#M9zGM7iiE?m)SH zXn)lz*hjX(Pa6+MDOZ1fFCPER!qxvU_tVB3bf)fMygtEHgxqi`J$9|~OG9dKOkUvXbV4CY>y zwa`hwQM}zp2zUEf_+9u$v|q3G((bXq`EqqKDEFqo{=?S7)z1*u`Q@lHTDZ1vawqcS z3G#X5F@C3s;qi8n=XoCW&$O?(4*o;~?^X39PnAZ!?7HcF;WoBV!u|M)_K`yP6Xq|g zyv6!HhjG}}`L`<<|I^&Zf^6};>EyAAXqTb_2$g>u^^I}AnZ=>KaE)iK0m`-O$B)eZ z8kEagct5JWlpCFj5y0Zs>>cQ&_&$z}V{a+f`1eGv#_|I6O?PaaKCp0`uPFvJzh6)*zjt6jC!Sf#MAPjHF@rKaBHtV!u2|0Kd&Qd zP=AVWjYBf`&-Np4{cT5-(!8FOkRI0k?J9 z+vJ&v$iqu$|CewrH^uY8E+((>DR@3`{_`cmHJ*OpJB+<)@2AlpUuC|n6t2&el7V*I zpgIztcq_D*_0#H~K|k{nxZP)n3s*n0_qT8!hS*@s$n%xZe@D>&oz#i*eH@GPQRDmI zr(H+a&%&S7O0=)d<70(uxv>LSCtIGRh3j>3o0HqS63ze5Xdj&Key4t#+kk$T z{I>Z0hnR4UPb>|8Y`m)aIpULLz0PNS?^G`K(ZG5Bt7xAO>=WB0T=Ol&wEdHaWO zt#33i?_97^{XD}v61dKKK)5USIWTa; zB!8Ut>0fBUA#n+Qll#4%+ zb%?V)&)Oqg%ME$R!olf7!PgN z{5joQ9ynj79_`zUem+E=<^4v>pQ>M?UinJxoTc@?%rgOsATJAspo$0uYKUEN)VKlj1 zxcU=*4tZ!g3&_1w!O=RNcg_yfE5~uw?n^Wlt~!|n@~{^5A1BXlMY%R^Y!j||elU>d zJ819oxu@yW+sSyohB(YEKmj9!Yq{wK&^Q0zCr@^O|5k2M4mz1L&@Q{nK&PQ_>(P z70;`ig*$!vZ~89@*F3D9D{lXZ(`V)X_TwAsB<91PzWm+&yWmeau%4MDT=OBj9r@Oz zB>vzqd2);IK!`eLeFOVgD{%bR^X?U{{VRBW!ehd9JS-cS*S1h6Tp4~AQUCPah(n0` zdo9PBDi{4!Z}{1d?b4t2sfNYlzsl@ShW!HCAEABhN3^50*Y)2r4xeK@vHe=3m211# zfxfkiw+B2mxVX-%!Zi-LACaHmvfPcrwZHe`JZS62gQ_F;ab6ET!#G^~9rW`V=-Ya1 zws4CHP2G>>YA-teT=;3@aQ(gDY3{qW>xC$J^c>{5y+8Goa;a~Q{joO-d5=8RzIYre zeh>ZFW6-gF+KJph1pWqfo>VUSS$@}k9r+UB8n?^`&_Bw!9imQx-%YUVqpClk+#L6P zMXB?!a?y`Jhq!ekUr+l8pNrXjrz$_9e@$J3{$)DDgu8a(eW$_H$toB9NMN65t$pA* z-tV%!>M8u++G{ZF)8`kD=PKozKivOw3(GD46XFxxKUQ71i|2LFnM3<~gzLDmZ9D2^ z*W;_zUi6dgeP?O&&Ti@?*pDpFYy6Dyb3x#K>7~L|C(re*EMwfilyZqrqFwQN?Iuso zLcg$>T=EO-GdZ-Em3tp~I`F*aQ{ncvC=vhtM!44Z$d2OmE!+=3Q+epyyw*~=_?dg( zcLKJ~f1LK=pJ2a-gO=s|DasPy%z%ez>k^!^C;KWX*VB& zzP|wZGl%+b3DiAD04!An-yehxZpTK_UX2Ny+-^+a|=Kn3iwcIGzMdexU zH02WK&@Pl{{UY=`c%J!oE$w@gXX_$v=aN6ITVd1RJg9Ajs)JfIwV~EOm{^F9z=D$hJUC(|NPh1acN(^U)hr;lgU%V(C+t@z%SMa zSN&|@{^2&`Pa{6oFRu76?7bz3vyBf^g=>9h^4y;KEcYX|m-b5VeIm<~D^ zFzxFe`}cTu6t3e&Y!AjmTW=)PUUYJI`c9z?`}+&z5xy^G_d~Xk`#hhp9Lqi9Pt?or z0e>t%KUFUJ@hiY<)Bb1L$6F&mE0TBk3;x79_>K%DA4=|xM?01!f1Esc-(b0LZI?uI z=v$l{9S4u!h4`DF!s+86P$em79Kwu`qN_H|jnMA|2L-ksf-{!Y2rCw_sB&F@zhLML+s zakG4$BwX#I%qwfhx5%?EAwG-gXO$ALkKB*(&Ej^OaP>3E`_k2DKa)JpbCzuU{FFM$ zwZ5}#O#7U2X|E)&XDvS~mMrPwJf7pE-Pda1cx5lgdC>Bzr*PFt@%&qBuT{#$&-ml0 zm#w3^l!E^`=G&L_r;l*84-LD@5%hY`+d=NtL;DV7y9_H0`@{|4wr=09T>J^MU)cOI zrVMztKCVZs9lug8xj`|Fg8|9L*wwsB)V?Xy3^zB=u9k|()u zzYclpli_E04eB+PypM2=L-JO%m)+-l!`aj5Z$Ca3?$!z1M`z>Auc{+{=D6-U#J{=e z6qK9$6Xo_Ke^I#FM|r)_kbIqT@h9~)+QsJmil@Rpv;_PL+7A$}>*3I;xYHFPe^|J- zS7ayRkN!qZ(kM;)vJPbOddgGYSYg)!c{-Qeo>SBd1o)*r{;Y>rnxs?_`j_`zoJeea6MkP zD(dC&evyq=4=a~)J+8Mc&%M*YbBz#B;~mITTnE~?IzhO$W3CnY*U&Pkz!KW$)6nU{ zdL5^IqI5e)Y+OC-bmUbk@EpGu`6W5zn~hgj3)g&(^SdFHsQ-j;^(PWI=lM(^6F{wk-}ZM+<#kze7bP$zgd3w&DuS!IuifP$yhI4 zz&!kcJkI+Gc7OY#YVapJ4CCH|)E^~W%Z*nlKEAz7p17=~v$THkzUoN1;RnENeh;4s zoor>a*AVJoAzbaFFQUE=kWZ$4FrEu&ALmxf%e=hpPFzOstd-31j0(-mf7e7n< z(fIradBSewO;@h=f$P~N$S1MRX@gc=0N)Ms&F0u z8}T~A#-$IOJ&peM<40#N&!Kp}L72ZgDBShmB=Ua@d7Bz2H+X#%7q0eEo>Nzv_6wCu zee>hdE=A;pMc_W4zgzp>p~Fnc+NQe)g{go|pvx?Rsi~a`7{9JK_^5fI}yo10H-&v$Jr$?@>GO zoZ^1r+Fq*z?_EwH-xnBfr;yJLJa3vN+~q^yod1u7>%2dY*EQB({-AxD?^(wf&yMFp zC)*csE8qk$K)BX7&3W)#+CNGATp`A{j^r!UUgGKTe75f7;o9Jls}N6X_dd!+KX)AC z-oQfq!D8|h``2sK*)LqjflT0ht=}D&^JxR`N1s#&_S*vICN&nWex|PWowBw25aDio z_z>-TI{isHoeJKHK>VLp9nIURh#N)~&wHEtUf}!nzmwmi<5o+B4xxhD#DaaaQXnLgeC^4PP8XK&iC7Owdj2z_@)xb;SP&_gO_~ z-{=DP8T}mn`Wn`EgmCpI|9f$Nz7?+J=Dx#t9-~gh`p}PZU#pF`cL{g*nFIawA@bva z^EVaA8#_^(2l%v1pcR9!btTF{b?y&>+AD<{Av}!DA(5c$CYc|_CdKeZr|JhJU0{eQfJpapG1pE9dX_xQeVa9DzeTv_+i!dxVfR~pH~YZ%STDE){%6Y}{&xT85#{24nBT=S|9_@^ zu1oRw48Iih$~W+xC${cQI!@>Q_Twem=du{_K4d=sDBR_33h}h@?aD^*C&v9naoP_O zuKlq#&jqr$EfB78j`MzC36{N;I+@>~Z}Ua9%U~Z3>=SDv+~pg;r)=ZiV&$Tr-i`iZ z@p(_U=Iyw^cdWjrPK@7QuzHPd4EqefKVo@4PPqD?TZn%23hTR7xcU?3InS1#b(_GS zR2$^aG}gDDaJ@e~jOXMRkv~oQSRuxlM_7SBgloC^%h4`lX@BzN&`-n>w={W7x%iV@ zfjIPJLO(?N)Sd9BH5(vHo_rAb_7HW#O`(%3UpxF4i=!|k-cLAdHVx(8`05z!E=@@fBFhn|2y%$DrA=&Yarb9 zqrJW>@zg>Td|q4V_@5$wm{#8X!qq;*_X4ckOWMKz5ec~S2TYGgD?&8Du6AP%{mpsjLkIkR)%7m z8O5TGslDda6Npa(@_N^zy<$9fq9l1Q;c6cb+?SY0p5^#&dGfaEXufqt{tu5m@nFjt8id=6UinnTMlgUeLJp z+8lTGwdv1{|1n=I7OwMDD)8O;kA!O+qC0%2VB>S;>)>aS_hT)8dXq=^UWT>xQsFwk zXL;WqYI6B3+}&pzgPwII{V&-O`mtX*|FU6580Y+MaoeO^{LJ2q_OgT>Z_l;uCejwEwc|i$2=fh+dakcY99S;d?R!sJZHwn;TOm=(~yT1 zX}?Ff`XBiid29Cv{v;1|Lw|pw4E~_oO^m}G&^ettBb94E{n&S;Hu-wtE;vc3RJsNA3VwI*0`hztv~Q07M1^Z!d3^82;xJmdl$&ac za;MOKtJC5C`P+|u)QNY3|4-8YvpXX`e+Ax0Xhohq1#$DKb&GIU?jI=E`o&AawY@T& zFCw&mi}o?@->^7e-UaoF%(=>0E-u6$yeM49f!X}N61?@i{c11ujdno$+Bnm=D|C`P z#|GIb->nv|I@?Zw|28ii7Os9K0_VP-(G5JBLOvX${}&6_{<1Bw&!>mlYy7`Lp4&Qe zjc_;4@VxHo)cHfW=3ym1Co+Eat+0>toEaM@7bq9~aC_e=G^EZk@)+L}vFEehZi9Wk z7yP&9<7wsEE`fD#PPmTeQ@J0Y7xjM=?)vpkQeLKoc1m0g5DO~HDVts9X zd6o9Dz&^Aiv`_HFWBM`5w3B_e%ahvn$7~@>QDGQaG&MAOZ(I~a2uC8^n`uz z{pFFuRX-NEeo50l$M0pApr1dGC)mE7$xph2`s>k8SCU^Y-1)!RcjP?s2ZU?CSQxmk z_#|~=2N7qxzWabW9^X5wMx8QuLgxgY>s5+8BwWi)Tm^sbCGW3X;ugQR`1rqt_K{Ao zxBgi7F4%ibk^kRN=MLqfA6xT=W3SfMSlYO+hgSUUwo%*dH$qw@zbAx zcI?V>BX>h5)D3=G`>qjgIZspfW0TqQIi}6y<$FUv+7J3RkNCnhukv#c{}L3tjrJbz zpIdx>R<3bw3V*D>+a~}z37BL zD?TsJ5w8025?oOfK zv`;Mnw|4)}{m=*B4-C7!7rzO%G^xN;D9obzUH>O7)cf~QRKQezV z9s)nJd{5cN(zeQ_zB!)5WA>|PA39XLUMD^Po%|Wdx1Z=w7vbtp7d}5NN!~;4ML*pF z^@@-$CQlWir(3zdkcWOkxua=cV<^_W$xwSo@LSKjQn*|1{T6rJ^01e1ja#@b%H2Sn zCxoj%ncGpWwaZV&>5t`k?P1V~1ojuT6z<~2?@pTiI@%{{qTEyg3jUGyv3V%h=7pxi z5zlN5#M9bwsB-bs{~bCOpZ91VkAt5}{Spt-pG6oSjb*nvx zdV@U9e)k%64pAq>=ioLDUpEpu(fiUkH85*@LR-UglhWgs+OxL!9MS%Lg1OZ}{HH_lv% zc-p?5rlY}AE5Pl($5`R!GbP-QX^zV{!0)-+KK$2JNBqg~+?&qq81=@0`#cZ9^5+rq zXa)3NtMA+7`C;(K_+R8OdO1pS{2@QcrcJALj~v31~Y)QLQca%)qk<0H_CzEr$FzAjvKQY(FD zY3rrkw9oQ>=9MhB-ZZx3Gl7Vwsr_(+(0`=`qKif^9PGDXAfp8tSQ{3+tqx~Ir@0^OAa#}sSO0U| zM_rZtfO7FO#_^;B`PoVMnGbw7}=gse6&n7Pl&s zsUJstEI;Gq`T5YtDCBw7o`8Lf`}Ay_x!(99wEH%WGy8>WJ_ny?Rh@!3M6>W`a3P%S zCS2Pw(-QuSWgQY~uW{h@c$j=8?ZcDM?n$=qHrmJ9!G9Zvt30XgF6ZC!K3j}Bt%Pg4 zq?7Q+uGi)YSAUW}LEq~8747r=(7%RJr^8bix7YJLSi24#EnIc-k3z@dKi%2O^;+P4 z=T*Wr-?D*xdt121!RI~!Yp)?sqyNSO`%6a(*Lr0F_jMNux4DL{yC0irpPqtxP3AA} zeFpw#7x|7nO8$&+^~dA7)arG~RFs>Yj(iwG`$5Xp|A75=;X3~01N#hj3D>yAINp|^ zPQ_`^k5ofEtuC#EYurk5JTd$B!c`~oy6+Ss)ES~W>JRTnSv*&ghq>OcdFO;@q2s-e za=TI|DqQ0n9)|0q_2ko(i+&_f-@m96<^8Unv~NEh_L;!-=33#Jw^8md4b%Q-;aaaS z?-SM}KWPU2{2qRmX1};axcZakbNR>E@0OA0H~CKC66$OfuI&=xew#4)4(exkPNS83 zoH}8?zlLbYIi)k?IB!_ivd0 zR|wa9XcM?D>q7hF%@`kS{Xa{%#xs}4`13OpXtmmlKcT7U7q(8Q{v3F!F7n)CoQIM} zxxdKr^IhTEj#C5suPUaX6XkO~%eTJ5HU81S_ebuhee5atW9ymUl&k-rfcIlOuXvvR zUx)GS2J#8yDPGrDoHr;Joye7_*J0Y1n+=`JOz4>Xt;)qd83nibZUpTkbD?8#UP&I$ z!cWu53wQbaCi3AB%RPM#^kW{{Ybkjb^7M7 z^Iu2dY9HbL0b5TlQZD+jz`pu-oQ|x20{iHGqfRW)uWP*s{qS{&!#Q+epz$u?HZGm{ z63R_KjW}OH`-#Fe&pUEIw%xB-p!VW_j{7%E$DfP%q~1c@N)$ml4E%KK9j)V30zK%Q7=T^eqp6Q7-Y!-GzFUr~OIuVV~kU z$NU+oT;tF8Aga)QweWvy#|^@@-_7IxAC&HS2mgnC*#*##G((=8!uVXNT>TH^|I_4= z?r5(%^rzm-un%=XK0inPs&er^^ff#=kNO=JqFoZ}5y?fgzeBi|8=r#sSR69s;S6+a z94PY&bfSC@s4{h03fDM<*)BuKhX_}H!WY8-8sxJ~X94tW++L^l;!i4Y9q}i1@|*{o zQK$VP*!z4QQHuO!;hMKz;5#Wxg#TMRzNb3kXM*2Hw)y=i_2XB;Pm53VRoKUQ4y5Jh z67ukV)YtlTwKV*U^#Hf=YAU(M{ixQD_L@DfM~n}C4RMZhzrDq6z3_jl*LLBqUL`TU z+5GjJa2@~Cf$yRoQ+v%r_R}K9^TEZ?N#6t=>v!vwYySL&dRcrbEMd7@kmuGe1Ia@J zaHVPQHGeDI&5wcoMaOBMy9?#ob>eGF;eTzOlUAF4t`n~QM7}_K8Q&vZuNQKBzx9C< z_=9H4kSEmw>$=v$HExl5@Uv`5*gr}81kdRz%W_{8uKxRfpxlB2{Ng>;k#b}0;eS)w zd#|&;)eyHP!^CH1o~uYp;NQ?o7nl{JfVu5jdx4x^UNC+@Hy?c^S1A{S^D7 z<#YFy(9aA-K3IRxDi`}a_iftx|Lj%ZxdXoQ{9O9~33)8Af2_)C_>=q-@nm{>QQ@i| ziGqJbou%Z_Le#f5`F`pI&m$`TCj1Y6&+ZE0Iu0cH-If@2deS~K0rj0hzSVeOzx__- z;-|;wmF7>CHRxaSdA(`%I?H(A+_1}pyZH0E$>Kj&x#UUmFGSwPlNGf0e)gS*HO)`q z+P?W^;I{59T#NO_&aJrfP>J?u2v_|SzvEMyyd8PI8sco@_Auc(zpM(>YqW4JH})#Z z9Y>u-sw45q^@fh+?G+h}=Vf=ton?sjU4%RP+2}8W$zLW9KZ9|@)?=5igMEzW-Pyjc zmCChVoJTC4?cPEhss`fFL%5ck?TCD{em$2wzZlmq=Kr6&)@APmf35K1Y9!lY8I#j#wO) zzN_tchL^1~%5jVT*TU7$NH5ga)<3P*gQxjDvc?=Z7Aw~{?1%mfPR;Y~dk;MJ8~nGt zdQG^?la=6esB>JnuA`D)ARnqyr|5m?L@t8;S_*X(u6fupa6hLr`J_O8-Y#6r4Rifw z_nBuq&cgooVl;PDvpycO%!?nC5Tq7M2U{>t<27Ors) zy$4d{)I9H1^8B{ujzq|hlV^SbxBl4tBl@!#{3Y5yMV_F(tyk0J(F(1dAYA>AHiSQR-7!tL#w`>$fA2H37yZOo^miK{s&7Evp3D0@ z41?EFxZ39i!`{~CQ-y0g4%t_{|1J{l`rYrS*LDi6bM_UyRAB$uH{`qc{-DiM{}rzF zig!djZ5>trbMX8r7$0n$ykEKa>HUUsEpPXc=lC3as*ARK$7dtjch^qzQ~68x?^faJ ze`2}s{=dzq4++=tD!l^r4Z+-7PJ4eC+V=()`~!I=3Z0{6@CRpZQvHAayI8o!v)9|u zxB2vX;Ti{z`y|KmPe&V1qyJt+zQpNE{shi9-mLZ#pAh#Mq8E7H<(t`Fd~Sj)^1MF6 zwcIrKSDZ}!N0e)v`JIB==>B(E5lh_aChP1y$xc09@fpI%V`|LRMT)Y4F znQ-?Ug!{P4Qs+0d7k{!b=v#kzek*uBus`qz{GDsOMkWs*LEBiIQQcid5q`wglS*t3&y`J{IPkw1$kyK%6*ykG2xnr z*Nxt;ZzjW{o%{Q~6@&*Zb{@79n0qFkMjPQ*~f%y`*vdgviun+T%XG?-Hd)`8 zw}pjp=)$kyPig@Ag{^0vRxUcRm*Kz73#){yeyp$W1oEuc_tXjTxwegaBff@y_9xhz z{xsoEXDjmI5OwCMz369n{*U?pChgN-BhC%1T$ycHBZI_=GnW1tDouXkq?&VyM()S;}+!qJnEmfOLXMi-Fbh2+x&Q) za2NmEp;JWr%R{dZG}DQ~C#v$T(MpL{v; zt->|V*Yf=li^E@PFFKj$&|hqP=<+RimhWFYNu3wT(<#JrKKXv(+Ah7mDjt7-58{)G zz<-|=p_+B3*A{O+MWS2|3dnp(WR z9rr>%#ylUxdQBt`{Rw~UI&_C{ZTB$0H}MwjL*LW?z<$ME!qwjU3UR=w<#}VteV!L; z<3ox(_6h9GpN*<7I>GluO8fxsZH1qg)1Tqwk#E5Z3h;|de`I~H1)od%k;1Kwh}@5- zh3mMze;fLXt>|3xgM(LU8b!`oJSlq1$( z#t8p6e_j&q;=u2ZkD$&j@?15H^FNVa@DuEl{SZ&f|DScLSZa>P+XHl-js-bWfpJpicR}RFtE0=QPy%7hSUzX86#`n}LKL5$n{sFYtIrOKO za?NM%H?w~6C3*J0DA)3&&H>n`8$rj)ZAKpEcNy$CR43))XO8El-ob|1N*>yayfr^B zI|%(K-{UJwKcm96-(}xMeQ#vD+^6;$hh}I;^XCA$&-aV1UHbnD{lq+!Yxik$%2g+D z4)*znV4n)y54oE>b`Q$6d4GX$^)t%r)|&Kxz1oX@q%GR_Ao(eWp`Y!Al}taz=RxIS zpXB@0$ZF3k{TsN?b3UzJ!^v}ezr)sPpOL5QA>VBLto=Lu%#_2t(~JJxAYAhy#dYJ; zCGd-dv`-&HCXc249^pD)ObvXmx&9I8_l~sir>wwO@6{(@Y8=7es(9nSGcxUgyW~>`B?IN7uZ{z zX9-t-7Oz21!Efa?7PXgh6C6)$Jz4WO@^&8YTUve&6s~cLy@dE6i{uy$XMct_Brva4 z_e!~WXL+CXk;h{ydET7U$c@vumJZ*ViM+qr(xmq3kc8DwlGz zf$#NPPzF57^`!YTNVxhF4ZOGVgxYJIUqyZG`ga3)cqHbLk&I9EvanC}fjwUbkfpa(q2-k9RU7>ID z>15Rrp5pr~XdTbHRX#kb8IGF#t1AY9|02%NjJLAmH8EDU z$5{ zV8?{3KMC#=wPR)Kz$`$lYBx>C93C+B@@uP24O_yoSMy@Wh<8v2FJr=L(i!|xg( zs-8EuDs<9Gka29APsrne?=1W-T;q^gjP@#`{SBvKUGYB8N9sjBL%7UhW5KNym6O~a+YOjU(NB#Ui>5U zM{C~}!Zn_`#?ZHV-6mY)AD#n0hf`+>?IZ7E-dt0FUu>a$p63Qwzl&DG_|q$JALb_E zIxmE>XfNwWD}`&hX+8(BdhJp!ex~>y1k=_#`ApbHzkr{1pZPK2_P2E1{di8e=53t! z|81Py>+GezJRjTg@T9ZQzLC|4TWyLp7p{ILlZb=$-+ReJ+;`EP_TMQN|6`ZKPyE;O zjtl=cKTkay?UHW}{n=J7d1^@;N9vNtgsVT9mQc3%KSiGU$#<5uX#XK~g8P@grG5Sp z=-9fkZy5TqXbY!c^WgK!rCymf;0>w&BkjXSpkw3J{nc5oz&Zc3jBiD~tiOLDT=l)C zSQm|E!_=t(9zEE~m55b}Tt|?{Mxk7LpZB36_#fi@ZsTO#n&7d(I&+|K?HAd1;7^MJ zRBVab3(vm^ebn0Xs@8%|WFj)k;(VWQ)ro!%%i9>A*~+E8a$h0;TT=hOrgJsQJxKdD z=RiOE3hYbL{z2h-T@&Vc)QxDrnD(*qh@0KNYH%+6iT#E3n6=lf!gZZ+A)l9ps53yg z);F2KJjn2SUntjnptOdZ&V0@sOM$^Fi-FQWYra&MpSi1m>t zg{z-K0@tmtsJ-~}0MfdYyA9(@ovYO={Rxb65v?(5c|9seoA4ME4 zVfm}%@e;1>N~m+LYv4#f$vWpCy$jw zKAg*PFRI6UTL}Nlk>4m>{fuo#d@K&nE0=P^^}vVG{;+VDR~s?zCCHmz0Q+oD*k4Zm zVUq&)esu2gQ6%{Bm)L8)()@l%$+fE#hzOHD9^dXMRB5rWuFE5%7E;l-q!% zyr5j_mF0TO>UESnG7a%J9&G@f_y@)F`E}uzV}Gx}hmK1>ea&}xFMoNII*|p%bxvvc z?>e=FtDote(6Q^LG%AJ}y@acN?g6yd%?0?yIN`d^j|R@4PpXd8H{1mE zvg?JT!u2`Jk#k2m0UKvdxfu4bsi@ajmV2RaEjPRX`8?Asu|nuC;(&POrSLz|54Rp4Z(;BT zIWGN(_y4Wj=g2ej5r4ZswvPI7&YRYM>ota-S)R96mW8wvuK5sJk9@Ovd5mzEKYUId zru_u!#JOLtEBWWDBlXSlInK4@4V!>xh9V9&F8xZLAAxqU^>(An;b-V)^p|%zE-e(U zex`OpXEycEZ3^x!hrQKzBzd?l+Hn=_mkW1!dp7L9B;Q2)SOfHzu@(6L;7>tm8frgJ^Zgu-dMQW$9djb8S=QZm+vKgfcY*)K9%;F+3;sE zd0`8U+duzR7Owiy!1ug*I{Sa#FB(gGZxZGaWU1W$C(l2GJY346(k&66Fz37B#_=0fhTz`rM2%J$|Y{G9}$7O>E|rk``5!C)2Y-3_7U!juyL<5dG-p} zW7P7z`fU-P?9(8xuwLDTJ3qN@EMmD2lE=rR|5|b2DI z&@P+F-x99lPlof9<=gkP4_-$fCl8))d|L$9_^S7>>F<@Ty@fXPE?Ne50Z!Y9$Y8#jB@cO!S{V^Jzwbt z@XS8skL7I#;nt>R=H-NN&7XAOe(b}- zHEtoE=g^gLxVQ`3@ngito(FXjuJ-Z3{hTGrH4aas9r0J5SF0=SHz017SDneTkAfGm z+|PvT{fB5^pZRIspp)K)2-Kkcz2tH3m$r5}NS@=luXdm6>|3D|X8*PEaG`SXKOQ)b zD@Xg>bEucKOVisB=jDMo-zr?=6PsN;Pv(+`1NS8gW3bOmM7!U}dRW?=b{i`hP`>MUhpYgQ$aVB*lf#=r; zsT17qeZrm4Pv)Rsg8G+{hk4y?_dRYCuImv0U5vC*+9!l-y;8i7XXDideEF+bY% z!hi09eUj(e&8N;Va&G|QV|o5x<)V}1dqAaVe||6ML=O6nSi3wy?(;dU>6~yk{Lcr@ zBRW;M>Zkd9#K!7I!v8HFZl`^C4C>Xi5DvYpT;kvlM?PD*vEI=%=Ns$BGg=b;^Cd)x#4;J)jT!nM9W&v`)BdEU3e^}742 zFLB*!`&tX`g-)F3kKIpyDht>8#`s*LJNdh`PyC8{m1YM%r4P!@&q90#)4siN-Vg6b zzF4^CTP|=e*-GIWxBMrFPxV6l!7l0qzXSM(v#03aew@;m{si9d=qlW`dtm?GAhnnJ zW?wDdzU!zHeda2sj#_(Oq#yJ{TYblCvh1jG(aG?+Lv8YYAiJx#;Ak!rty1{7Cy~1=QD`Yt+3D_6d#~ww@fK zTd%ir5Ji_&x=`2&O{v1U7ZT){h^`+bpzr$tYQq4gq*FOq>Y`xS% zxRx8@JZ1MQ-c>I8@&1U+3|BkPYc!ZTyso!)>_+Z|(Z4#D#UG3y5B-34G(X=FZn34b z`>{>!)gN9LH{&n&J9{~wFp#(9hQOaV_n$CLyyn8SUfI6I*FQ689|@d`o>qIQZ-o82 zI?Mf;IzG>JJe~a4!3B~J|NM9T1MnwW8F9Fcd6E{c<5D>A++jI+p6BP=^+is&`ky)p zI+iERhl1yCZte=dfG$i`F8=3lMgEUqxpxhNePX}wEG>WD75;DY!hYfEXCwMkmHJhO zL*J{0cC@;;RjzT~2!HIl;6dYE!AnzTnelz_$HuE4s2^Ja`v$Z>X$0b#<9&Xc$Ilb) z+Uo@P^9FzMt#a`vGPkW$Fh5H_2%X?Q=d*VJW~mL5#v)XfpYVKavKWQI6TX9Kk!$cH%z#T1HX?ml=^Qd z7e7-kBMvqW6pmt?ze2lMf4o$<+t1ABvzF&0g}Zj-xNZ41nL6nvh+BgK6ud;alpAFp zmf!`_r>djz|J8SfwjO?9H2m>6o}57cCkfa3KKvC%Y@0{c2-p0N@w>)h+OH?~0_(s} zg{%L`ixCIAF8hVtKS=86ATW1J&?Rz>h=P>Ozkw@40 zj@bCndMx4){s_Dp?WYOX>*(b9sISF&soIPGkvq}iHt!#yPJTb?HJ>^yAA)}NIdB_K z`U+S76TA;*W=!hW1^h(F#HLR#JqC}%bh4(_5IE8^YsG!VvgEN zyC+_Oj?KS~9|6zZ2X6O==L=Vz_)h3NNc}ABz3!-&<#Vrb$cIGWd+2?IYq`-qXqOcw zAyocR_@85Z?7FzWa`ltf*VeCB(ca_xT$Sk0m%`Q0(0urLN+Eu6-gxNeZ$i0)7>8Sh zYrpV6$N2CF?H8!M@bo~`%kC%K_!xM+o$rLLzO%?9+*fAf-df@6PjJ8D7v#a~-+~G7 zC-MpWF`e^;t3TdO_+!^!oz-6Sqi?_;yUrb<_QDfygEw*BdfwyYeqfyZmim#F7=I4Z zzWPMQfzO>S4+jX>a{cAS%YBMGxNmtWd4}u!hSdL5_0@mwZ#;+Gn*@FD1^9CX+v^aTY?^1ct} zBX%QikJ?LolABR(C)%I>1bFxtaLb=NgzNZLm+y&~&Pd_fzPZjQ_fhI>RUP4xPzy&a zJ{L>@PyP!1#k3zJTy?_h(T>B(=aWY_K&Lx-R=Cb1ow%Re;`5v8OT8lBL*Lr{z9&&` zd=~tCo;q)l`y;{Ukym;O{sf=nTp(Qa!*iiOnf3$7{fCfO7XOdPJ-!EF<9WTO8MiFz zTbepO$fL{P&%y%yVySQ~*W>wYwoX3n8PqHK0?Hjy2>U_8HJ+IZ!FN+@VjQrN_jfHFbdhf!%6#Y**dwDL;b7NxU>xHX7A-?xv*GGG) z6FCbyx6}TTX|RuML%ZAkiUGpa|5RXq<{H|kxNq6kw_mBfl6F(||AJ?+PH4pY z$(BDi3RnAhEBM2(d5RO@J@>Jk zM}KP1guQ>zcf{uR_mpcMa=(H3(_j|tQ-g|^`=#)I8xQxZz3BLX`=TwM0}qdcj*UOB zk;ktBw{nk?=ZBzuEe=68e6#pp{5*J$?QY}P zRN<-<<@)(%>a0*MI_Ylc*Ha4ci*2eS_UT_yE`IBIr_6@FKMD1+@v5(KvCj;Ly^X7D zg#TMScTp$D>sE_f>p9TRE`q-0ZBn`D`@FAf@jUSb+8_3v;}*{r%Edm}ubCW&7HExmjP_IR_|F7u>_N}#k5&n1?taEyn#vj~69uK_#wNAO{ zdl#U-KJ~ZIKF9kER^J*gQNJhbEpFck|F<|7&V_xR_i1hXZ%dxO1v>V(4=ERa(q)T} zlPiV0>#Y4(I}eZ3&wa|(|JRVulQ^Ci&eL(Df>)mJIof!2mT=A6EZ-}yL7hIrRVO{) zccdNp6Xdbi!7n6VqWUua{Fm2jXOeHCee^rTzZCheYA^oO8`mlc#z8Se82D$n)(mf7K^nC0y&9;e8mp9z1gac$oM3tzTay+&wo8oD<%Q_KAzo zUX~9_$i4X(2dqCgU`0 z?w8i?N%GvU#raLIA#S_a7IoaqthLUUt8|&SJzfc+O{Y;p$Ja z8uH5gd5k<0I4{dv0v(U<^I9FN33qXO9{tyNQ}XbS7?*4x=2GRFx1-Qr7U$!%j~+rC z?Ed-arO*!r-VZ9X3_78m(C<^|!s?AyF7?WOUA*6I7p~VA;{y9wzM)Qx?*p3uC%=yR z=F34R!aQjy+_mEbaLfPQ%B5cEz84bCG_KaeWz^v7V><1G2iJhh=2R>3GJ5!@@+Hqy*-GJT?hTBT>KBcigvNQYO`9)t?YS$eaL-;t9^7~ zar?dGnYW>D@$d2`>Kpt{*--N24)n(wtiyN0HExMX;N!^~u0gqBuIuc2bFgrYPiATH z>$oRr?{U3t@jquR^y4}B*@^mFh3mNbE#LD+@Akav8S!808+;CagK!r&?vp8^&T8Qr zw_bdo-TKQe)scFozQ=fF<4nnQ(1~ory69Z?_om9lKK&K^wCkGpg{z<6Z!g}z_E5)< zV0^IoxB6Su-wz%0XPR*JC(m=$O40viYA@X9^IXXQ_ivwYEq5TF*Hpx#m^i`R2-SZF<>vZ;TfWT^uJNzR z_q%O;TOnNi$^DLXLUsDHO?5O5GZ6pF$-BL)_W%4hLb$ej_HD%3+Wix?SN<{Dm(A!M zp?&Nd--%h?j$99&NNcPs4zj3~!qrc2H}c>1Eo@MG;o1A)r=2TO>pkeim?!W`&XrZJ zI-{Xue68`J$nYEK=wa%3ufo#mb@lt`UtjM)zS+FcRk+3>{a5k4eM-3cAH1*oCUu7L zoSB-eZ>O#Q{yz8~)fb&i5BOv4JN5&V>vJESjaMgp2>aZ3#r^LoT*rqScz=)S4K0>*<`WW}>(f(ud6z|WQKcSE5{};ZqTtWNVFr?(x0p$>i?}*LcRif&BpTUZ0}eDBu6G`T7uf zygJIAL;Jd)q1@P7s+gE>(5~yYk~YZpE|S1v*WA){h5A_6z=-hYV)G;xOkd#$fOQ1BYVP}{>@0!k?|tF_~MH%zB{=6$EE)m?KIA_U&i!yAno5O{U7>+%c^B4?eCQS z>H0r^Deccl{LEDPzxo#$p69P#QZ4$NJ}T``OCFqV|HW@0c(Q-~DfI`Oci+VDgM!tc z|E9-(p5fe)_D}pJ?qB#l?*Bg0K9lyA+=D~G&(Bah@b;Y8S2YYD_uskwiJ!crM%a~c zo~Cxd^U(jp?f+5QzfIa-csI|h_xJ5G&fN*03vGA$q+jN79_}*TYQOClqn+fdSIYZz zA0*>{lk~szyFC8)N&7FMUGbCDd&i~cdHhkx_|g38N6}9GTYtvz|E7%dJoN`2Uid9; z*Le7I8Ruca=X*;3#;N1t3|JJW^|4SprgC74Gw3D3nZ=_DU zmM8yj>HpBX86M3~KKIuIPKg)N=j$%o)w)uC)n7n6;q!8;{`v3IIDoV8XN;e(5jb0K z<8jjVibH9?`==~7o=X3(l=dfnmCx_*O8bxLarz9umh)f!cEQ7^^Sqk=|2^6X{-^(( z&tq4{dH-Lh_UxZmqn+S?_NRCpjkmYX>HqE2ANzah4;Y@$lOfyh;Pz+U^NMQuNNN8( z-7a=@4d;(adr{;cP3N`WVE79!<8ie7{6@6Xyw6MgzuvEZhIZPQ?@qpYs!F zr+vBf%e=q01V4Ww?azM$@7JeG```F2zF*2IKXM)IgolSD4^-3hKSw)_|E$=-zFfxn zF=>BJ-V69NY5yY`=UJ)$ug~?Hf1C077eB)i4xh3@;rr1}^R}d})O*P|FZ~^Ee^~Nc zwY+gC?azHV@1x%LpP+WY`S4$3JZQVYUrGCOf1mNp+^K+fOc@XVN6P+iigp_3uJF}A z5qN$?^~XC4zsdKhrsuaw|7X9O;nDkB{XK^Nxqrs@pw=Hh6Yc68{afCbx61fmO8wQm zOjo=L$bovCcXIo_^zXkQeCeGwJYRrzh0lM@eEW?;KYxLCn)i9J^S@HY`M`H^|4Skd zT$lDcXjgXoU$@8qI<(U`&wM4r|K8I7hiDuc|5e(N9+`mIR;W@3J{%7gm`hBJcEnjW^A&>vC#LsIyJSFYVr0lW(1MQ@5z9FS=e&8R; zdN&x)T0XB)JK(>2joUSU_-1K;THYfr2_Ak9?TXIDzN**zM`)*cAO0!k1DZd7#2@p# z4`1c+eHrH;p`FGldVIc~lJ*~<{($F&UB*LE+ADv;?M2b=K0(^Qi`p^H=yQ3TBWZv5 zPx%}@k$MmGHE5^tA8zsZTD}@kJH~lR{FPdMc*UP_`?J5pbk3)sP`FC%wC|EH{6?Ag z%h0ayBj@oY(*CV7&fUMx96;~yd;U4~&;I!^v{RkH_xUsXoPH|W3C_FMnGeilf(i8p z{)-PY{)IghzKr?<&ZjT&dJkl(pOSGN{zhKc>!kfvf5GsNewg{&%ccF}(N5zOUc&QU zk$JyX`al0Q-2bzr|6S@&`9?Sr`0buaU`IjKXd$N6R5|KIVvA0r#~ zq3_A_7B_6VeN5Uf{WPDKPmlxoGicW|Z;(&n9cU*w3#s?(e+TXAzWxEGpO$=7doLOX za$U&qe6zHlqMh*n#Lr(+E!uAXgJ`Go@(C&X!;e#c;tvx4qxa=i@6F@f{Wj*Syt+c+ zS9H77b=B~{!b4XZ~sun{|;&g-kuWsgTCMY z677VycZ&U4ulIxBkNdyyO2&`Qm-#HTE4@`E^QC|w3qY# zKJg}A>4yuPeYC6ny2^B`{UcvU?STL3xAJIu&pWi6`AO6)#Y5+~Q-B&W5Ohq5j`1$*2C-_IV?R)dPsU7%# zLDr@1qA!1l+wcA;kN>cmrBHYr?L-eBlzNB#Gtus{Gk-pfgL$9(I>y`oDdYU4jQ_%~ z@%S45pZ|fp-se;D=a-<6pRfNQ?O%g-T2~2vpU z)DHLyAI|r}(*n>NKA8JodX(|-Q3B6*N&6F5?e;&={hLfD8gDm0gvY-mb@n_N=X=qv z_~fTBJRc%>`w{97JUnro$Jh7EuS$DM;u5tT{?)Hy{CrL79DO|6X`F({6}s3=jWrq44d}{*2fyHJpD)?ZD?#uV8xkdRbTW zq1@gQd+)x?d;P<>{dtK8j?aa(Kk@e&PA%vE&A-O|i@(e5e7XyTe?skqw{3<{%ZX}LE2RHpXeanbAIp3|pZ9-3{Q>{86~^aVrT-67f3&|KaWz^$eV2^$ zP>u1U>3rjF@c7ROKiBQQP3;)x;eWz>;NxZd`bTj8!mnIXEt;O+A?;878n^3tpZ=Sm zALs>lrS3PM%0l6L(N62Sn~F#JIkeNdo)WoK_kRcVNBgBs9$&-x(8G+kVhV3hP&@iR zE%9lZpMN{rX`JWf{XreC@*kxCbKk}@{ynw2LgAOtPW=42l)dY1XeT-6S*dTM@6DHg zq`>dYd^b{98Q! zGh)Be{=|;7Kl=$huWtW7v=jgQ)f9jD_tYQrJ}2)&ex%^xSERl0TBbvNpT6p&`2H%U z>}j8gb{gk}uVVW7ei`RGrM>mRd_uJx`y?xx~@J`3$c4-fqt#&c2N`BoYK+3#dLYy5oBtGWN^L;2p(euUSdo#1@_ z3m8tlUtdA(7=QHN7|(Bz@&Ajozwp^S{trp}$GnF7KlNTVK0ia+pZ`j3|HPN_2VX7i z={U)sk@kllV|@O+jQ_~TFr3evF`OSI?O!A9FZ=|LujTw#y_WIz=2Tqkr>OQ<6`o1i z8~3FD7yLByx4$LhzXk1zFa0*3qkk;zKPv6TcQBkoxfovYvE0A-$Lue7AL)OHcG};& z|L;h(==1eY(N1`7NqrT~lYdmkx%<7m-cOWq-X{H@c&Ux&5BuAUpXbD%uJ`>8+6n$A zdJO0Od+owGUNZ=E&W^nn(0Bqf8*mYKGAt9U+)<0q%XWy z;<`0Gf2FklXL;XH%hlhFcA~@Qev{#8$=vVt@eF6-r40Y8rTx{?-ufzr=Xq&=8`=q; zyT8Qe^wXvN1O5)<;RUI)`ci3s6zw$c6Mw|x==1ya(*L>N;(gcr_U+UkczgI`dHm0L zZyxA_AK`JH`ZD|6eVMcuQ}%&Bm-b6?&t4LE{^9F*{3rf|$N$2Y@DD#q?SS)nc~4yH zDceO}*InTQT7Hy_V+b1{uiR1`0b@sp7NJde~e%J$Bc)Mmj1u5`oFU9p%Uk* z{gvmxR=;|}jPV95|e#{KV#pGD)Ri*|x@ z^f<3quj|XHKiZ%FcBT`}55G;uX-OQ*YXzX6mi8wkUt9CNYjvLYVX1Rfl>Selo$k}O zr1Y#Wkp3@7{@_6R{}HtVo@eDf4ms|H*EG2OiLYlkzf1ZbOZ(^tE~yqR=YKV|<9t0M zc5h9GZn z^G4Es8SMnm(_$C;+tU6O)F17w)IIWl$vAgk#^>Fa{y!(HizhuFlJ+^Z0L(@xM>TX{GGC zdzYmD5AnHvtMva4v@86}xzOkFdFlVczr3V+e!ld7-^)DC)8EJK`hF>*o$mL4F7YZi zrT^zj`-a3PGZhsI{|W6hZ$b2NJ#Y64ulI#_@w)Uq`z_M`%-^x;@aL%=<6M&bbj{~K zc|+R2g7K;8^Z%3fr=;GahW}GGd0pvv;5VV2#((O^cwX)2{V&pf_jCAsY4{&%a{t1+ z7(W`Ge~EUrUy=`{*Y(G`y~^Xf_9cwChpzHCPo(VaPokap>TgJ%mzKM}MEZ|pAN6{F znA$-<1*!A@NwP0H*96WlX8e4twEwWQKlDC~|3?I#zd}2~|H9k2{Rf3^AAXd_zxz6S zUml}&;O%*-+oSo+^V0um$rIOn=8Lwtf9p>e9*xiE&`$HF^Xc9p?ZsCzAJBLxbjH)k zbars?NT(14*Ee>8?XBItASiUhad;R_rr|i4_JdAuI0z@`(H#bdz2Sbl7j&n?@g!)^ zP79r3f7A=7VfT?*rBQZw3J#({6tu_V_E``PrsK21!MNQIgYK-~Kf@=+-vacUT3tJ* z?ci|M9(NzSgUtO98;GVR7wVFBk&IU^E_{o?#t9WjX_vx31sDf2Y>$0e|f~VXz+! zx=r=xxOJSF&2xa1g~=;rKdfY%YT2enrpeC^?`Mbiv%~w@;r#}->)PXQyv0bW0!Khz z^SD_Zhm%=vieKmdmfng|78Rv(2K-VMuu>MVQg+?t?7GX@b(gclm$So{v%^=i!&kDy zSF#JLR5NR=)U!?58LQbDtA6IgY8HrUc0twb@U`rA)Uq?yvNP7QD6D1ISjz%Y%PzZ? zg{z*0tDc3co`tKP#Y8>39rY~q^(^%DEcEp(^z|(CjVut2?2L`<@Qv(Po{KGb*-t&s z@vVamcn&_`IS!Xs&TfJ4Wmn-lVDY^yntTU*zMtJd-vOWRXSdMzvm54vRizn@@8CFo zDZ4?wgXj3Ay20FR)?e;}@6+v2>kNCn_B7n;G@DO0n>%~KUNLBv_Gbs@`1a)d-&Q)) zvyqy0bFd#zyypdbe%|S2hzm@PMR&u_@pP-x@o)$B_i?dL!(e*;WyB+$tZbys$?ArR zRyWjSbG9m6ZASMzR(&w*k7k1ow($I$mVA5>+QH1hVTg%Io@zkS9f$2c&PxzM=50f` zcrWF-}$h2gbMv91Vqz`$fUVZ1;hNWw!f7#l~#+fsX6b2x{+r zVm!%Y_hHv~vir1Y$z=Cq&-&qH(mo8;1#n*GUynb|-clJcvEtiWF53rconCt~iAdY^ zV5UhFUH-We1W|wF`6LTME7o1}34c{{jQKa4bW1}b+PE#0`jEw@N8{m1FrEz*xrgKN zaNOLvp-dP1Z7e0gy%Y@&-FGayHDCaNZA4webPZ-DYKMO7R~(vwL+SM^S_KXwcD>bG?$uV z9S;56cPQw-Lqqo+D!T8`(S3)K?mM(}-=U`a4n5s>Xyv{`E%zOIx$jWSeQ4(MPOPU+ zEZb9Yw$*{numtGrmf?%fYdsJ

jv!gnw$zcj86|?q^QZcJ9mx@`6C>665 zQ7UFByHw1c#!@j$#U;-%ua{j%$zcm9IcxzXhh3uNumzMHwt$ku7Ep3nEla**9S)9E za&V-QgIkmw+@b_ZgiW07qT60+Ha+mF!E_klKkCiajp?oz?BL(l(QXOMu4SKGXxZ+s;$?fhY}dN&pXM*z7B06v_jhwv{s=D6e0z?& z2g>R6h&H{-|E0ER*{-|4OCdmytVYy3$P3Xw#gk^Y9^OgAiKH=*`EVWza6{%n!AaA- zlsDd5jDmUJ#VGKZ1~j}D4pP4@KteTzgn3`i!-9v4GY=Zn>2LRgQJ+q~`VR&1VkEe~ zic!FaRYtWCVEv-!%aQ;Y(-S|UW*TWQ$-SIC{f~HHka?D_&T@K8=xvLa?*1xXx*S*6 z+U=j_E*`pzy?FO`b2q-Mk+*mqohJO)rzDvoWMJv4&EA>qf)-q{(m_KAu^udg`t`iet`uQ+u0ibIF5ICS`mLpQHD^ze#9 z53e|!;}wSp3DByhe67-=XD{idl1=!|z@yWfi27 zLqW=}tDJ3eSRu0ub(r|FDk+q+tCEv>)ci+`7OD4V}+RJx@d-;ywE?3w|BMV(A3tY(&23T@L_mmt_Hm*bB z2y7{3slDVN_mab^T6S=pvcrZ}c7RfLMdCSZZDq&pRd%qGiUR``$8sx^RR`j$ z4wIpS0ahKHsOm7wR2{3WI_`9bi=gVbs%sA3S#ubAYYqc$&0)Z;IfAchj;h6BqDhwrH2kWU?l zz5yibyT&WsQFkNXGR93+8;1u$zdcHBw))<1)O_=--D|dRhw6(JH)A|lLwyt9-r922 z7}4c*65-zK3=x<qO%bn8o?sCUN(|!V(I`Y@I>Eq^ ze%l1%x~90N=qCOAfj$InH&-q1BWeF|=g|Yb!f$%d*42RCf56%8mn3cC5GT zh#@UI?w+zkmMtS*G|dCcjyPHeOD#KGfXcZfGU(Ri@}P4BS3dF#S|+6%0$@pZf&@8+ z05`AOVAkuk+SAU_HYhAPNnRNl4~Ib=lv+H%pX8SsM6?|ojAk-fV{3A2c#{Sp(Y1UP zPKRcpd(d`~mFI9qE4h*l9Fe~z2U{#TZlscflb0Mi zb=jepl^q_`vO{hxJ7NvW4#}tNIz`9|N>gOTfxn8wt6FiKj*0`mii7H_j#ESlN}6pJ zNmIBP_J?Cu6_}g)#YfwdqiUIX>g%KF(QX)m-l2&+8Gl>5ayAWHQ|MJU66K_^8B!k9 z=GDvU8Yt0!;0vCP{^pghwkOlwussIZ4{>GSaDdQ#ZfUiV5;Z|q5&xC)t;}!hts#Pd zpc*NH-)RpH!v&n)b8&hv!|8YHLDcl>r2aH})17b>PNQjro2W3DbBr8&={v+&-$CPG z;xX**d z*gM;3kES!E1~s3g%goYI%a^;|Pg6V8*i}m5Za6iVN^KXZW0Qlk=93(-WC4W13hEmd zi-D*eLs-Nl+bWcpWdg6dfk5I7iq5(+i+V_}Ynr;aw>5dZ-HW=9?OmgKE}TrnDRhzlW=3>7W8q256@a_BFT6~)$?kveK_Hc z+0`tDP<`K=blM}=Os&ZAwE?KFKHnNlp_=2!5iTr9TSi~n-K#?&xEmi47&WrUH%X?# z2yBJp-drRmTU(Xh!%1|SqkGMubeLJ_29x#LYgn|ybs-O-YPDew>P%p)GmMW7B8u}^ z4y9kb**@D36`m6=;6(MVpGdWpt;wTEs!Y&dd2EnsXb;X1MG`|+!QV@M^7lIaey9jH z?$W>x3bCrK&Td}IBIr4ES{PwF#mZzdj|ySLOCV5xHy~1fFQtAjr~Y0^{oPz4jbBUs zUQhkKk^H@?;3=jX3<$Z00U|dTFmi(dBsUmPa)SXTHvmqOw@mza#Jcu|pEe6;d{&)Y z((_yRZg0rMtq7$|E$Y9FFXCOTZB1BGqdkqg7K8E@)ShNxf)LhTba3Y4tDfU-_Z+ej zd1updhUc)dd5+jj&mmWN4lTiR$W^{0(#>~h4t_D~uW?A0J|a}6!->-Utc~$m!Q0p% zZbpc{H!UwYwd&4<>bS8H^UQl3Iy<&;8Q$aA`-K^^HKa*T!UOPn!jf)N%*2)!iW{9^ zO!AV+h`i#)!J<}^Nulr1*;iUqeJ8HI+r34t_6Xa3XJ2Ve^>sqF?SyQ5>Ku2rsMVhB zrW2F8HPttCjeB#jsMQ|fR@c>6x2F0!@q0^JQ+=H{yXC}L%emr~6S9_b#VseDwIbKr zT29DxtG$Yrlg@UX@b2Dm&9>{LGu>*>w(EpUx7vOGu5)c~bneg_M=r?T=vtfiXxl|R zNwWoox7~Ju?A^NKY<|4$0@??wbs@=z)xvdb{F{-U)dI%fJ93U+y3+0=5i!f1%pa_g z@WZt2+Rf6H*-_*o%hI(mLNHx(7(du^+&Jo^@P`AcZRkd>JwRm)Bu~1&xP9oxVCnWa zI%~VWfQXC)5y#|v?K@-HBpcklc0Y0vSNZZ7H9}ltS-)6=m9LE3M}5~c<&E|@(iCWa z11h=Gm&K%h8TJvb=U7d7!}ulr%?QOyT;E(9PLK32_BS{hhchP*9u4=$A#!mt7hw4Y zl3I_PE8Px9og>%gl()}1b8xVI)}8aqPWU7ycR{dw28=pax`*Sk?P90py|6bsbdg#a zXRJMNL0!3g9Kt>=+h8HCas^&rXxy`*pxp~$e^pT(JfbjOD57o*=la*bFkMUeK@c8N2 zy^EFIXmHf-IU(F@1BI~KI>6YA_QM$S7Vy=}<9;}ZC$oRMf-OPCAs6neSB9fue|X?R zWA)1HaPD^-N8xyQCv=Xv0YdEcoJg)VaY%+E_ixw2;rMXQ8m`Tr1fHiZ(yCsYjr+4Z z`taFne>8#}+fB$-`!{Rvs@L1c?Rhx6L6^pyG40>%F>kcb+DE~*a}C?TG-&S%Z@c~7 z?Ow2P6y0%t*E)h3DQLMUsR~NkZx2r9{1yc`;;!2g-$lXWkv?@cKKCLNpK2c-Imom6 z*dcg&%xtYS)HYzMi4KNinb7`mYXEA3eb05_)>1#(U*5zaI>W!Nb<}PS2ZzI+o1kEr z#95Err>V9(1DBYy{q@ZdqyeJR*QbS``Zd_~Flmei`_~)b7Q@Mr`=+Sh?sbE$DNd_! zaciyW*S*>Jj{Dcv(GUz^&V5qfZO_Iq#G~|rW8)gPaHXj`V&*!}4FU`1yh)5n6D}CL zLfGk}05&g|VB{Bfk-rk`qOKV(hb(#H_p{y*2m4n0(1lUIyoE1uv-JW9ApMwkTQHPw zf*UEEZ_EJau`I*tQ=w(-4rkLN8ff3WnA!%mR$aZ9_lM&M{15YHII&-E9-cw0z$N%- zgqaU}XQLw#vaLDmFxUrE1Teq1Y zHntu8q|NGg)6q}btbVr~{iMz6*K+ieHml#Rqo1@{{oa`LI|8MX72~+w14#{(MWcPt z8;ycDhy7X59fLr|sL^-%ptm(Zj{OxB_CZ(d_w=Z*>c{a2Tpv#xhV06C5C~9J4sweQ z%5!zAVe+U$QG40|g(1^MHHSCZa|8x?4!fA=$N=>mwldEVK;${>XPzSf4^;p&AbSqq zr{{?9@*Mt9557t`b{Ji#JQq!eZ6uBa!Dx7b|C2qP_j46y*)#$@hX>Phc#l1Yf8TR> z);x#z*mK0;d5Doa4m(I>Q#2C|VJK51lVrqrHMFW?I54ll;i8j)o+H}8b3_?>j#xL(5t-#VBC|Y4IHKps9Pk|RYMvub&T~X6 zc#haP&yiu^IU*W7N3gBui2U~)L2;g=3ZLhQZ1Ww#DZV2(#dmN!-w~taJ2;^4;C8+v zZpn9eTYQJN#dk!d`i?*&-w}`K1AkQM^$6;252Bkoywq?Uji(5$Q-8{iq!BDleAs|fyDafK)a2p zn7b-IMJ=2V%h=Lb#0_VzdE58n-%(X2gy~`w98mDR*9aaPoIp+pcEa`q#;pxFJXNOTD$`5LN<=481OF_WLV48reK{^LCG!4XZ zKn!(d3Qr>oOV(VThZu!H5FSw#Ur7>5Nm2AW*PNZ;4$_Oh+@Tw1--U*jSJAyF(j`2d zW)V|I^|@|yK(63!izyAEb2pBTGF|<0vMrNQ*a6{b;_J}|^C+-&?1C*byjNDWhe7F_ zKGJk9sQ~NX7y+xt8i{G)r?Uw~WIEZN!L^Iy0wF?r>f0YBgQyBtFd0!!3x!cN%lHq9 zc@jZuyN6HKuRawVJ#t*%KnTAautv#Z;A1mwTkrXTS*U0^9Bn zD#y_znxYaZ`*tZp8b(kmV0|)fBP@ALMM^zy6T?1EJrP4ne~$N5EQutAdaln>)7wLI zdRy0t;1TVXfy*n=N-k5$aTO+p=@bl9vi!<)1vEEDw|B3+ zcrevBv2qo?vkuUB74W03iuXh0`sqmR$pgoc=QU9;Q-=$z1)ge;%8|=gHN&K1eFvOXdA6HhUwb?Six_gF_M2K$h>>&x6 zN~I&#wcTGEjQK?k*X8ly435!hizMH5V4FULUn4{u@~DF8bkrWum9rMWdA@-+Bu}h? zkmr}L4#y{Wu0}%^^Z4}uuSi5sc`X_~P~4het_CR-=AW=jj1~T~-5F~7M^hvot_!&# zz-%M4%Y^z z`UX6OYXgl}bI~I}F0#Ux- z?2+paN}rP3AY2}-jb>UWDROO~LGs^zgdoiIvDuYw??1VL%);q#eZ=jCwj&NvJpiuY zwb?$uxOoQk1W$!%AMDy#sJyBcnv|Q9#NBmZqFzO=JZ(T<52!p*fY*lReQyKag~!#~ zw(AC)SBmePwZWHHyoHpLu)970Ra(($*jqQdtVg_48={mtwHbDLYjFsDxWbjwVNJn9 zjZd~@>;GRf^m!IsWIA4(t@TQ_Nqa4Bq6R-*zJ|Q4x;yQzAy_Cgv8GmHpDxRFi}iq! z5fzb$->%K21VbZ=f2@ms?=^O#w}it3#T&%cwH}cRHKaSO51NWCgmD(6QA37r<&?BCz()!0!xIqtf8geQRu zywK1u9)xCLfSQflNVDz~^kC+AU6USgF{FQPaR}}f*T0|2Wkwlp-ttg%?AZ23Pv+=Y zFXG+l@l%Bwc`9V>!3ko%JFd^7ft}05kRIF(?%`Qi*fq3P_+SkN`4HxjWbxoIW}NS| zpF&~J+TOL1&UDxvC16_+t_31fxx5yDiXSE&lwIM$0WIgn%C5T4nx255Lqt>x+I`kh zgwLusd8p(-%rC!S;Kj$bCViv(D_b1m z3|7Hl+LX2m;7X|TN!6Fyrz%|L!b`P0;|&$ovK<~w?-h4NHPTLWcy!N0d06Qcyh*6; zr(CzBwWiG?s|`yDX^u}d2Tqo<{S(L~2? z8Jf<;U>c*@yUzz#ac~-K*dxdZ8EA4TJCrieibDVtPNrHg$*Kgc`BSWd*5{AzyDuk?QW_VJR_1lkGN-69=yNuMzSu?Rc&yIhJHVQ~Z6wU{>{n>Kw zX&hw@8TS)S9DHol{JPJWlGB>X)4bn6aEeY`&F_9s&#^~Z{eQsznCzc)&l5)Aa7AE@yI3u0bI_wY55mPEFv#<{3kqTN5_RuBxN^9M&i*o0(AMDoC zm*oSYy;K7C_02&l7W2Woj~3&WoUEo0vQD^lR)biRQ}|bFIDDWIxN%k%fJrRofr2UKRHNkm`fRUNUf!|4>u_?@52LMf_6fL*RHC<#nU!)L zeD0uKOK0uDH7m4Rz^(_0+K(cT7@ihw*6FfN6-`+`d|GenS>QQ?Y0cA=#|oG(ACK!b z&u7`{DJZV=;I3w)D8GfG)QPy*%22W9!dM9(99EKt6Rtz?)Ny2@V8uQHF%;k*0DSABM5TFHm1q&M00^6;k0Mydw!eTKiZ z+Zm1!7G}NxO4UzQj(_H+s~2-Ft7r(0IX|)Fal*pVIGOYlO*uj_mW4{BhtvTQOJRx0 zeFZ?oW96RRS(9}IkT}P^7pS_;7YC|t^Io6|UnHo)b3kS5%d5bWJ)+&Ea(=zw6$y-RA8(h$`fPdBy+tndrJTx3Uzw|*we*;|PvatD zTLEB;hR+Y9o1Aihw{$abP+X6_tS0QwJ$C+O&pn1KS^3=2SF`xJ!{=ZBd_J%W1SG{v z(*R~yTQ)AY^bERq`!&HRA40rb` zU@?Zv4@262z6wCnW9Em(^2)CQ6l=iTa4d23uK=(mGvtQUGlL0M0GBmhZYXqk!U_P; zL*<@3mBg_E5K<%Nhok~oxQmJh!vP+kLNTpXz>*#_KQwkM$0}g4N6Zh2D{X2O@VLg! z50xD{vI=j``s*ibSmf3S+q3FwChOv;uJEjGP;?q%h+OfJp|+J-@SpS`JW_9t!8c z7dQ;gaq=&(WSPiUT;wNJLe5)JWuNr0t1IV|9(h$Yd{X1Cgnm*xw~A^#DKPU>kyZ3B z$Lf}|QXLgYPf_HC!*`bF%>mES)9N1i0>{-oQ0^6anS#lySY3A13#=?VNbXg+OWEdF z*)lqE51bn=&w3ba1@PDd=7%Fwcz4x|Iy=D%nQCV69GF~sA`u@t8+1tF(+_B`B-SE3 zZ0=o39_G%mzGak~3?}pE@P>K*tzmfD2}e_^`kFJr%`a}Ap*&~QX{s-Q&vSh2`Fazy z<0%K2b$Uzf9R0o8ibi$)2jxriDy`@= zl#1C3S!?G5vhZX8*?V9W&}2u=4N-iPt(Z`gaaW`3@;8ZX!7LSfQ>#iz&^ctyu388HWT zm(qMP+DeE%87}``dCuo%b8VaR(-rTabBm71aKJyL=uVm5J z%i&DYPC+_*%V)FuFCX80r6cEpGM_A;W&ZODIp-=o_Y;pa7oYUC- zmyhqP3XpTI`QKh>UMV5AoH8Br%C{Gqm&=dkI1!F{<=Y(d+8O+LG3@v%$6VAV0e_&Uejb2F6lPQQ4791zUU=FJPjk`Z#i;7+T}JO6^O zm(QKap3OO{`@0dmybU$ zF*N6N3qM~zyO{=>bH>akd1grxJ#){J`egYmaW-epDeV5a#y840F2DCNzR`dA_~}&4 zoXc>2mSZ*};WF<`=}&UZVkbA|oyhUk^10&ls+_af{g;nFFY_tqbPGRUK6@s`Dd)8A z?{duN$~($C=iF~|%xh#U<()45Nsd_@$wPT(oA+ssS&cNIytAc0$uUbh2Pp4U&hK)} zXC?aNoh+ko{))JUS^S=i;pH%STV;+vJ?Y^;M3! z()l!bXLEj+V?H})Chu&HuX4=g%7@822{q&`?agPFdP zbB@d>%V$}bK9Y0VOztrFoHH)?c=^oPF!h|X&iQcp zjP4-xoU<Na8)be>jCmkiKm0mIM5Q7sP^kG@JyOFl_ETxzjT+oq|Hml^L-&X|}G~ z!|Yb*WP%g41KE}k#6H3nhl6RtJ!q!VIP}X%I6JJU{pM58YxJ>aone184kwea8;sh~ zI0$=Te+v(sE#2Xk8o9K2^>Sr*3hHj+`8V3Z?Wow?-Y+(rl|W$uTt>kOto5S-ItEAW zLAMu%KKk7vXXRmMf z?u267tpNpr(%YILdZecl$@+u3BpxAw&&XuHhA@tu0!CqA5IK3O37 z1qTxd%y$m!8Zj3*h*T?K&M9p9Q&7hVGnRN4YW?9LJR4CKZ;Y7jeUE^}nVudEXA{uw zB$$LF6CeF(tHsBmLC99efk?&+WaqIvyEX8a%{^qb_PW!9Q9xJ4!$JwO6#6l$YMd4(Jk)(xGmTL)y^YQo#Qt=YYh6E*M&S&|%h{nlQT- zqW44qD%fqXI zhl=lN!VH25$QJmY(MVfS>TuE{lU@xA(1J%B{BF=~wxVQ#a}T<#Oz%p}s&HsG2l~t^ zZZ!@e5e!cP6p-(?$GALoDsnPQ^*HR%HNZQs$Fx}qP!D+R(^HwwM!j(B`fd9|>b7;A zJ|OO?IB1ie&{SMRkW=BK72id3uAoghlDoT8uQCIh8XxqqmT){CDy}O`r{2d#K(?H0 zoiyu2H7Lm+HjV4a;E5UXChCq!0z?<;dk74!5*S?97^Ksz$Gwamp2<#hId@qxb~<%K zZS{%zAhPu#MY6;p>gUt#BVf&S;;+(es*C;>u(C*}S_M?qqU0C4+X!7i4uZ|~ z9%Z>^hw0bs7Rx}jgLc$|uxy|4oN%LF)J47d!s1qgeTD?1Yu}Z zW=cQlbG11lj)|7b!Pa&Bg?MJOaMFP$)$3lmbZvX<%0}Qn;y+SJwz$@T7~46XZf#CB zXS8$ueeg$IkJDy~AVE>x@XZi&iGRx;&Sm2JnV+4LWoXeoO-o$yY)a_aHe)LnoUJa z9L6_7e6PCoA>e@|8GK1{k*!m7pdMQCYLz9&t*D7te@ACc1%O^=?e>T&ounkgn3Q+2 zbe86KtnPu^&ZD@xNdq)5WOAiSwul9IXi+o@_2nQsW#|~o6?H;0hjST)q)vL8JY14U zrPB-BW0R_4?oNl)x_$b5_qeaFKG-ryj4!6XzLru%M=ENQMkS@26+d(8@XaDX0tV($ z2@@go8N#WFiWX4<{-t}nx818(FbQ~PiWodksY3x-nM6s`x=V33h=?POrdk*>X5vMY zL>Ai*V%ZJCQ)-1uT!Jb?g1a(L&A(!p%|Ntbp*eG~T<0po5RGd&CS8C;;Hs-sAzF)? z8F10lW~J0%Z+fJfVzF(39mG%DL9h)A4u{E(g}LMxNPREZ(3j^Pdl`SGw$~qcCLV;yLbPU_p45@s?C2y4W z2huqh>W;FKG*``By0|z@y_ty01i4B)5QN(A16P_yc`0K@^7kDW#oALP^=J((!kNUa zTSS@3NqAMUGmNwM`0lhp@{IzT2G&G?^@?;D%%%rkb!#(X`xY)z2y#1?xJVjz1?;pE zv^FCmdi+bH?`i=cW$~M1%%S-OVM~p%Db^1B`G(yA*lNUr@)l0_b^Hq}bn}=%YwZQ3 zW3skG1Caz%LWRSG-46+UH#!mQ`!P_lEMFQzl1SPwCYF*yqi*sxx{tckq_Q4_*dB;j%Md^Nm5L0Vu((O|Ws+ZMShONxA^g5Eaw82}u ze&HS?(+;MCUos4aW7zYojU#(dv=0Yy0H0MjhR3ZJ^~r13Q{1uyf12u#nnU_dfeHbq zAZ&uuAzf(sU;yck}gjBp{|Q5hdZWU7T%hPFF_r!2<~>r+lr z`f>M=fFW3t+ng2BI`Xg{k0x}iK}h;qC%e|Z{zO?O!D@{=%kw+xde{CH5+YVbu-E}M z2D4QtBL~{_4qXeVHdV)jEk-bD*^0JJ|30P?m$HpBT>@f>Tj~7XOdPnAFuY?q<|+!6 zFdHXcC9g<_mM|Q38DwQgCy&+~o{fPg!|}ATMJE*eOxa}HZJ4O=?~{;8AO^($SY~jM zp|p&~GvV`tOE1XE)RlN%I8<+XL2OlkYOKEpvXG4C#Bz z5J(Ld)n03{_R1~~(D#9`SUJVYHdeaU8}7Gzkjj;Z7U%cg%wjOv7Xv=U=B_jgBMImL z{Y_ALHadtpY18i>uC!S~9%ax+EGXj~ckYl)HaLOWYf$jv3@-^oEQQk~g-s$2!W2n6?qOLl0fqJa52-oszSD|_j$CrC>kHa|*i(0cq9%6M%q;(XHtrWY|8kQDf zQrw7nXxg3aEpTVsD}$N{b<@SO#K863GL)%gM!wL;BVZz{)Wj&86wCru#MjIcV$mA)fX4$j6F@^ zMSYHgnGvPPKbiJgX{g9S^CF#AGBE1XXGz_1$Q)2D^Q9TWBQ3z@4q(n~-4k~jNmi_% zS%+U{PfLurJkH%1H(KGi$0iQOkzqfluj8vO zR_HC~oMtF1vDr8oh?ntbJN1QT^>hMN4ZQJ2$M8?y&6=`Y56?i1Yys8F$5nT4 z4uY70C-2o+_H{_hC6ofIJ;+twe?01gFkF^`&fMR!p=wRy&d~LLD97mS@ zeFaf*P^e)$pB`EI3(;2!g)0nv1dev#Km(58ztKEe+45@pXW-p%NdS3r?{(UYv?^$| zUf&l>1pw3FmO_`}(N1)g$>^`tabsVUT5y|)ARB{%xE>A)xy|=kEWRjt-z6Q%0+Jw7 zMWE*jtMxos-UwkNeo@o}{-Mh{7MT#!P0^%uaL-LfC2VJVFc_*>BW&q3I-DWMloZiv zI~u^y2c8JEk^f0}gG5D=dTIGWZ3{Tn=0N!z!Kt(xNTluyS@>{>wY^=L_!L=E z+%!cO18Is2n)1QY6SG3jr!x&S=Yt(w1SDcQqRRr)`2CpAAcEs8!;`K5*jyrN5{o86 zQ9+3&m#nfe!Y{&W(1le&g|5NYPI0oLPt$cP{6>e}kQqQCZy={6d#{-kOavxF1Jv_e zxthxfqm{VT{NIzM6pTrcI04FjDFg*U>YIjFaHrkmJ58I~oa6~`QfU*t!DXY1PFGnOL1)w%t z9d@i~d^x2317-nmCwN7rnKsq>DcJddC<3=pH#}(1dQ-(YR5-X2oP-@={e(o<*-)#> zeMPa*VB9oph9_?v^lw)jP2N|8 z^W_90GlGJelo6({kJ!4da6Rd?2SGGxPAOfXWbgs_bw*hqADwC=ycvHpmQ25Ks4W&x z3?r6+$ot)h4fP4L$t~KOYPq?vCyj;OLrxX>J>(unEISOPgF_BA*$QFwQkOFRH+?Tl z$dTM=xSX6`FD>oNqqD@{gaeCz*v%w^x#w6)Gq0%Lhdo1+Cm4xW%o!3bo;t);5`8_55F?$3k0H&dM z&7*LU<4W-n?PKsB`%Ew!Ah}wJ)G9Srh5eBueG7cL9EeGp79IyWVi3B`5^p>D85daG z&Xzso+p6e6xJh=e@x9gTV_|Xd&ESO69H$M4f-3LCj6gA`%@|LZt>rbCNPMLh2sBl= z_DHeaa~Z`_cvTiG(+jk4wlq33O5bwinw*ZE7B1-^rqjB5n+@)MlP5bcK{j%ehZ37G z0$fwMQMlKL1uwnVG_&`0C<;lAlq;*!yN`KXk07GF8dLVtfcJjpoAX zcU%kxei`0Sb_M1NkW2BH3(09UD^HZKyaqY3l|M%x5rN7)gS5Rk`iZwe9Tme*WRPmy z$>swlL1{r2lq04!GS|{1%1o=1ddaoEg;pOVn(!eEtMD335L(ej$~0v#y#b1HlL+f@ zIP3;v=p)EPI^cvn2*TDB;$5y(XK;#x_43?Kul;+{)+x3XVFSKnGgGe8P-(-^j z!TF)X<7bhA=^A45@-6K27Jf^l-ZWPOJs1*APA!&JVI_KGt}cLkPL@EY7=O&$(=6&i zXPfF|aCCw$yMam6sWW@3HT2+*NCL7w_=YJsCBW0Bi1q6t;7C~ufz2+zyQ@NAp^hC4 zmH7#(LL68ng00usQOP&ksHXu@oRuZGnGm=@An?xn?uf$bY=F>1@_@!YwU)8ikyk}< zFyddEJr95|FF}p6bSKMDQ4sbS z7D8bjqVusj%5DRn;SFM!q%wORqJa(((V(^j*M6fD-~FKC6t(-I8>mA66%*bC1QJ5 zgJS^quI>?a7I8~(0|GPJeOqvLpAG~=c@$*~G24nV=Dkwpp9>RJGs35GLy{-#7IXpH zFl`>Hig`%ih=dI?po${B+Xh+Hc2I+X7_!01SKwLIwiCHE<01_>2T);nGGQxewd`E# zYST_MqXZ!2lp>a&97*wkmYInDbmR~POiL;d#6POHF&j*dqJwEV7pOxD7XF1!1tcm8D_9buXH*IFjwS2-)nTez{j(iU<- z$X&rn*-;c37ct91V?+_J zRGC31QpdSa!UAG<19W7n>V^6~b0h~tEz7@u(<$~3|62Q}rH2b?30{@54FcR4B&AJ* z;Q@t@v0GBEJEy?{vfUU;bsH5X*qWhO&fdxc>v4-4kts2HJ;!ChDW3|jie(^4Pv_rz z*zzf5t{_W}E=N?*Qo=f~Fh1ca8!Hp9=Cn)BB{Zm{7K7drD2XONMB$7ksrS8ba5z0m zGeVUVX{wkG8ed{&1Ht3Zd97=S&Fmf=|CDx<&+$KJ@8}|*Q$R}4=`xY9zo*kOO(_|* zpX&CUM5y}KRNZ*jLDoj_8xc7NzbVg&gum_V?_g-UolfpK0Imr$B89-IG^C(2nFTm` zq6m6kZ+HlHp)OPs)Kw-PUA08Fun2NdxYkv;+)0Wg`fhOPwcT)9i@lQy?w`yfs`6<9H-K#}O3qq8$NctCIo+c`hA+Ku1Q6k#%>SBHc%ob(m$c!4G zIF}@1gr~^YQa67cewI}IP6fFqR!uSv(0yCs5}~ZWF=5Lw>BMncL@i!*1924_#Qd(z zq8_s2>X*A+eZ?o5iOZZr7`qUD45iGva|s}ABQe6URdH4hK~!?)f~s6|GrY=F7toZo zQ>xZ-@x)TE7^7rkb~{BaQ&?>GhehfX8OWsm?k@C$<~m8VCAzu>(F(Lg7?D)43x>Zz zuF<{SrRVirQh)kHvzN*!<6`V!mE$57WaRAaY0Ww1ws7a9sZ%99I+3F01Wj5Suo`DS zc!Z&=Wun$IB5fL3nZ(5$I=WwjFO;&^`}-2yHk$4Ca3c`!USxSZHcW~0EqWI|!S`-N zCbO>+F;z&}`U2Vx;^StJO*td{VHlHrJE|Vm8Dz#-;5YgU3nL14f-5 z5zAaATVuP65@iRLSm_L=V~R--b3UZtYde+|-%!D3CC_=~K<(QcD9>HW!d-*C4!Zh4 z8!ZrQ;AsPHZaWMyCyNKAWfx*d{Aalhm@AdX5rMf<)eW(Lwq!wlNfY@t88YfYZR`W& zV-lCOJV_-vnyNaI7@?HGy`U8I+{6WLXJ$X9pi$Ws&^)c!N*TL+0E_k(p**Rw**TUP z6>*^?v*dFp$#B)1W^yk3CSxr#5b>|)2hQ;L(a2aAj;`z1-Dn3N!17;CZe$= zZtMVC<&5x4<#=Yd5lq21kaVK29#Il1DoxYnlTj`Mvq+V?D}6IcSkXF3307nXy2)cX)PU}+esY@LMTEqZycp|$xyvw zbf@fJ@C1;rhTbj^8<=?z=iVh+0E*)Uv*C=yeVk4ZKI8Yba1cnjC66(r!nUO9`|x0q ztkSea6LBhI?{G9wA_3`{2?^w<9*W%@%}@-9?=mWNJ!(%?>?TpyG470HSb7D4>eK7>iRc=@)>qhXUfU8z4bpYz(NuVlze1l5u~{S43lP=Uz6mFN8(JvBu3btrft~#Dj zPD7Spg`Z)26gO1i*hz+?-nu26k_2v606^5Luc>b;W1^&#c#T^ysC75mBYL`L!l@pL zl&#B6N_iQaiLB7N7DGJSh165m!BLDUi8~-pk*g{^gpqVvVA;JnQAI%L0s)TCR#rhE zyIh#idw$^|RGgx9Lg@&^SUexEK_JIbTDXIWKa`*y+`W(ntP4%l9cHiRQt9)Av|KT+PA}&j z@5~U_p?z-IvNA!5vBTymSXpwrP+K<|8;2xO?JmqomuqlbR#s>P2S72A6{eb)RX!6+ zq}UDP9VUo@>6?lgY>nfdX$wOxh*dC(cna;&BLLZa9I~;g2i?j^TxWc4NlZ?yETc;~ zb$&DURgVUiZaAG$iWiC@y)=azW>F>H6PRYD5U=GzWLL|ei)#Ss*1g1$m=aSthD~I~ zi?L?YPE0Y07qJslK~-%h7Q#vUFB!FlT)UXbD=ob~8jh6ctb_xOYBYSd2CoP8NmVVx z8Ig-l$yj!sEmgw{RlM%S2&eq~QVopa8c`aod0hoKD#4kHcL5nJ7eW4GsK^hDN?)7u z6=2n1=QJbpyd$%bBxT$-T~p3O)w1U#a&KNHkO47!)?$>L^e8o)nR!@V6=zqc=cy z870%2VfF+O%S?Ro+JBjO9e~vnMaxuGKOLZ(oM3~c)lpnLRe_A;{%lqifq-(uMu5_- zY(42JN-0C3Lt4AB=Ea#z5AcquNz@hVD1x41yE`0_{{{&IvDRi+9dx#@3=gGL=$cd)0&_oR4Oz3mxiV%p8;hG`{EKX14)|m|YUEx`mok zkOL`Ybkm^c{LyyZE@A=juNiF@`xxahLY0igj}fxgH)PXJt~W46X!GoX-Eyxc2Dx-i zUiF#ghf6Ov;_&(nva}4L^p`mXXjdf2lJGO^Udp#;$|pjs%SZtFx#=;9u18Yq2RY@Y z%S0m}o6n#qIu(!Ktb(KBfbhAIZ^g8xo`ivE4M&IUnnseomC(T@E8quE@x}*uJacN6 zx0_=#%W_6-KU3Bl;~*xiFfl-g$xCXSB3A_k-~G+uPK0t;Fp9&clL}QZ69h>R=EB<$ z{E&P@btv}DQUe#$4@jN?GTB{hz84i+!GI|OODV7jPJ^x(Az^fUh{D?gBVA^`%9s&; z=a_cA%;>s`R_q}G4#?t+WDAtGqmu)}Mmj={pZ>KY82Q- z^IpQ4)xon=9N*eQ=n0v(WV-I)mz;0O@Je#t$LWhblenEcej|rSJK^E2a)XHo2fRI@ z2qJ}gF#3=P*2X;DUP;VB^$;n1U8>G#y*9YE7qq?q^DUhj5?^TSJy*T9niOo}xFOq+ zTUCbKc|rmbSMYd-qlydoy8b41Xz_bzI0JmU(C-PUrSw@Y9GJR(GJ2RzY}RYRb<3m^ za~i=maT;IMR_CJ(AD1|o2r41e*k)qH84ASnw~6i&Tjg*Pxy=cbNWE}B^Q7NqZ1xm| zNAQ6EDr1^yvsHqVz13EX(C&?M+U&QK>X>XQ2byM$7xQy|T%JB9nL@pZNSufI!4;B{ zSzJPgx#WBqa`tY}_ZDWT0oQ^uVJhCUWfp}tMHVe%xDBfmv0ldILPg4g$ytAY$ZSp% z9Bq`Lwy-4z(Jp3Of#u*Q4K0Zk1QOrNIqA|$@Xikv?jI9OosHce|eIqSJ2!@6x% zq=6{njKC8%OqOW#u@Q<9RZro>4^WxzSVgT+&sSWx#niVPS^Y{N(M9WF51sd}h88?H z6h|veFc+(gm^qg!(#I^_fAO_+Fm8A7g#96?!_+V+rRc&|dYx(nn~GU&)6inm3IyoV zbfC_8+&rabrMZ)RrZF|y2vTu#MifRy2^61Pv^efY%rSt45o7aNI`VKH#2L zix`VwCL;F&xuugA8J2A`$NH&Ys`T?(#??E*BVBke?EueHi^0t1gyzPiWOJ_kOt+Sb zFi-{GIQK-kG)n3z!dL*McO0-Kv|h7d`DCn&ZK%{c8bPv?7p{|Ng*|*!QDPWOJe)m= z!f*J8t^>+6pI0~{dFV5)r=fgYTKOVo9qTD21UM38tft5{Y22ZvaYg&IgyY0cfpiR< zozRXkTX7nDtOj}c?qD-$*pDrBKxX0qiQk)5mymvZvc@qfs4<2LE5imw znZ%`%pI9lhYNR7IgjtFoI+qcXXoSo`-S$~#J1C>3@o*RnK71y?F~mHECm3ipm{isVKH3>p8FH}B86s!oThaP{@Ma&>TlL2kAg-_XQ=zAl2;QJ&(z*=%d6`|{w zf3%JM76P`ms5~S75DcogDZ!dmBw-$)A1rkVKuPe|KD$(M3Wb=Afb+P^l_OS7X~ z;E7(B@PI)mA!;~-_x28peyCk*^J#yIBtOqaM6^bRxDKvmCULKCgP|ynGM1YfRT46I zewFGxeAh~YQ(2Pzh&X}bMlcQFzYY4NU$_7=*+uY2TiG-tHDmisX34@VxC)-Ww#r|n zL&`JnNnsLQ3@hd-F6&r0WA6w;dTle7YT=YwRx;fdd3(3Du~H$zX8hWMC^x+Q7={vT zmAZ?-CVo7So*P!;A;Bs?O-XcA8D2_rQoE}q7*H9-TT{3-{hNp{@Uogd8XpWJ(OM~F zaX%cVyasx^FT9i5MkM&2fAg=ZJRZE{;~`3}0BOuK^-eE!>9T3rII*19WSB~{%AAcn zby8omJc^-UMB1KDm3!a?um_nDzEv&IBXwDsBDdhHRm?<7AS5Y}VgUFO#y%gj_e8(+ zG3X>4{hh1UC24$IMneLGFIcSbdVoyjWUaBujDrKtBUj5CVR67gEG}EG&k5Pv944nA z1EUg^4Tu8`Vr?fI0%dS{mx(^hJJK>6Ns!o~SjJOP*h`~=%+%RfjL(|YHzTF}nLwV; zI-U{cEo(W7p|Z7HRYkogYq>nZ=?JciQw=JTYM_!(jzS{?MbsDs8Vq|~5sogj@y*u! z+bJjQG~!$$MMGNOOcz^;IKr`Pr`jigUsq$U@~5tvgK!=3;f$w}~r! zkAy$t`XH`t9yPt2;E78lZ+zLpt+0cCTR=x|yXX0Jb=yN_VXhyu7yI=r^RT)vJRN0` zwoIuo3#>|ol36!rUBWz2bFHa84!uZd@M0$=VdXLF%BZIqIV{6Y2*IMX(mhM|93I&1 zwAP}C>nir{>F^lmUa0{@2q`T%?>WSmaY9w9FlNO1YWid>H;4fkO9EBUIeZ$LG>H6g zvEWZi2EPn)Y?v~5LzxW8Y#`5uxUOR7(lI#XU$}YkEp|>l2(Yi%n#f4aC-FW2x5TBF zI5fu$Qt6<0mx6T%rox-D{pNe{_NMFd!vf}E%9u-CH+sl;X+qWBz|-aVXK92uI#I%ha5 zV&YSoEAtFPNNh>qp#!5xM>Q-Q@{V0i z-myz5pF{`?O6X;!QSr?XrMG)0?Xw9q3Rq~5nKa?mP=QJm^A>fryduZfeGwW~JZzom zw81)zYn-_*9K4j~eK5xBh;SO~n}%eD_^4I)@eaoL%(#Oseb4jz?K?0lQ?X}yYR!bZo;tS)z6Zi%DuD)3K#2Q+ zg#pQHW(9)=o{eK0n0ilHOSDT57?_1k54fnXN2x=l%o(v@n_QX`N2v^%dQN`vf(=s> z!*i`)fgq(v1Rt-ofqX$cE4d3xYtO={1aV*;%kzXxU&uMcTV)lt#94O1=u_g-I5Hx! z3(J-cqV2#^A^z&#{0i~Ro8~KC>cRt+U)09CNDUKuTzuhUVW?MircJuI15z(MYrnI# z$5!UOd1~ga6iAKtaj}Jkj*=w;P=jqv<}J&L+ETWQQc9JGWI~qWx6aGK-g!#TdCmK+hlInX};ms;wXw7Mo~WwO%|8^wb1g%Fiwi8`Hd7OUQ^Z8O;VAL|#c= zV4SPUW!WqtmTE=eZ9zO>p_02uB9G+?r)mMVYl!U^m)}=aiMs>H-ax5-hvjW8D$|c#SIZ}%30tsu`pjtq24UzCn%Q0ab zAh8QlobdU%sMgL*sV!3tV3X>?i-(swQV==SURUQGjLq17gH(ttFC?GYBc?<;8udat zEb2fLI7GH8GD|_Ns$f`rnz$EeUd1pQT2Y$a8~8_w4CftX9~`BWXMx`fwE73(2_`IE zI+6h}u$dugvPNlZ5Ih*{o~GULixeWL6O_nEaX`+tq;A(;yB%_}9 zT^()I0#0%Y{3_-UtF9mni9{v*9n+I0Le`k%vFiAZ3AxTZ5;kBehO&8@&Hh?Jpk|Wa zp#?tctU~&k<3ub(sOqOK+BxN+wHUU-vP5*Alwy@QpVXu9@r$^00#N)*r7Z{sUFtB= z@{;3y@h!I0XnpNfbck;(mJkfiBp$bfjROOp8=jw)2tN#LS~86UH9AKsfyXZrZSm!g z+V+DELY46@f|;c;FVi8)l_f_rIV;p@5kjv%TPJtHqj5yk5-6;K!N}E0ug9ndJ4UD| zLgj7X#X-IqJqsP{s)|cwO7D6lN_`9Vhcnbrg3Z<7_sY_*!y~6S2=H5~JLQ0?dS%MI z315|{8&N;>^|#Qp4pUNMT6f`u-%eV9lleBndvZl68gvEiEG^lXaPQ1nlIr*dcg zop%n$IqKvc@O6}qL1nzQ$zC4uX;`8=L3|@FpPZ*`a^@7W&~YATBxGW)04uIEmQ)8d!?zQ*EM!3L$Hs<#D{-lb%JJWFWS zAh12E4(_d9LUo3k@ma7o;a-nN>|^JmrOr4F2aL4U+K>1mB~9mFSuMb;Na_!pxFCfb zL}NUuZ1O_TE<9#<7U@W_SL3I87v}@FhkDuFOQ#-XWV@8QLKYdXqEnTS)}_)V5tisx zx)G&Dp|Tf0k416f_=m3WxHNs%PLzo?v(qMX7=DCd#Xa4IBu3bBBR;>4%y)y1Sf{Nq z#9xwj=hc74Z+7kH_&O^gr--jKBegDd&6DwqLXI$>y77T*FKFDPw>xg&T@$lD&b&mp zOr)ToM`cTstd(TNLARkFHC^jHr4BH2;x&|nvBZ99e2`N@&df^Pmne5H{6bjVi zlM7d+aO?Ur1fN{L_Y|8Tsu)XSJCQ`CWaARRRZkDb{W{~+gMAE z^gF5QUhygtK_#ynbe<%6C&Xq)w&6Sw<)obrG+-Q(SZ@yG@im15L!Qvp%rS&i?b6qr zs1vyV&5A_nP6kzl6d@&MyxMLvo^gUwCybrUI01B3 zciIvfq&bB)DAUt|6jkDQ2wu9rD5iYFnT43F)2$ZCtk?@qWkgm0`QPE4$Kzb!!uSV9 z8H3UJK*nJ>2*>(;%Q$U6`(VU9S>p&bu;Wp(!9L+PzQ`oWEN%IMEMgxPC8H4J>g?+z z6-l#oz6r3mp=}nZNJQ`bUPO#-76}erHySSnt28=^4l$TaF1}ixoPc~N9@qF1ml(n! zptw@)!4)m}#|Vx$f;Nn4BJ+)QPhWErVB zgRCa?sKjw(9JrW<>qzrHiBYbv0w%hcViYpdg%7oRO5d{%QwW`$>CtdDX%D&+1Z4^T zaokE&Xr@`Fly!MpBcZbMNfV3w#Bt#-Acx$#@fBIQNmfWa@i8XR@3Da@cpCpo7e1~i zzHiLxKZaOH_$Jd18M4(wzgrS%H> zgj*a^`S~8wR#8)Cj5_DauHVM0_A|*vOQA5mbZHQjn-0p*#&7^mkL1WbxVR_n&NLbh zNWvn^yuktBM$wE|Z-|^^GM&aoUAlUPW0bgr2@w*a9kdAtyc$EBevu}kL^({OURXXIO0d9`0)&qUFitW5MHV{vd!4D3T9f!R$gQ4+Jd0X5!8fP zI@4N7U1oe?(GM&tpm*uvB|m6KhQU#uDH8Hu7K6i!OJ}P4wtL+xZVkHO>ErF*ETq$E z))}#KCP?{JMv7HBP)cgV1M=H|z!bY8hlv@Rlgr^>o}3LVDxZ7*U^iB00idnT!6R)MBbFp-QY3kUDqnDFP$a+k3@fj;6n1p#z36aK;BManNHC>Y<-jwje z%pu1^=h|1KBvi=!IuA{;#7vD3uJ3BhknxKFX;NQW$x>Wl+7P1VE9_)Qqs?|3eZWld zV_cm=Ki6d;ol|J7@Col8lrU{%(R-KEV^ls&<;~Ae%e)smh^d)5AET$5PQ(gg{q3Ie z-Atyk?8>3jSEmOZiT=qFix|kn5XYoxC6`!*K{Ea@C5oQQD~sqB}U0Lsz12&&EFsHPyrT@v? zmuGH~?}!{ChXWjdboZ?#bz3Bc zJeiR(?AQ^(FRZEx_{#V${Mvmlbz@asNCPDz6-mnt-^|Qt0pv5UHrSntt6FoX5q#4YW$B0s?Eeb50>zn-2h^` z4^IFr#7qltj~4bBQof~x5lCp{S?H#;q+1$!r$Tjpz*tJfO*EM18e5=W#qqY038--W zZ+G_biviOZFBqIrPThp&HYhfbqfdy{%KlVb_iCAd=d-?n3NNS@<%!F8ODamkG5 z_J5;o@vR@xQl~#a|3X!H={U^b!^?fQh#vrtB}PV!>`bSR)8g%k516ec1~XJ3!!~m~ zrD;LZUhNw-U?jZ71#iFJqjbHd4l4GlO};~{Pt1QDxqmrlFk`X+Je6OdqrTv#(aLiY#LN6`HC#&X+#M?* zpp7#!iX-ms{_Zt%0|eolw{&D+wbbS+7A9=)($mDm-rRNNJ{r-Ms}pyjnJVg(Hu{BI z-tDf)rEoMMs975kxI!r!yPNL}anBK7>iD8vHFcKrLOibP9EPKj%)_DFoaXZ}d?cc_ zHMZ~1teynNO^hGm1USwQpe0eBwO&e@2VC{+vPZ?k2apTnCJ^96Bj%p2(z9F}CIoHn zUU*Pw(m9uLhr%u+mkbqT#L?0b4mli-!bgl*CNpflCZ2(Jyrl`$EcGfnDi_|KjOSev z);M`YhuA*d>KR50(j;#zH>r~^z_)D@4bStSH>j6qC#|aHHtiVGMvYvh;DP5H5(++@ zFly}9it9-V{tsy}-#{@6elvE32Dk;jmAj1q%8m!#Uze5R|7`KWBlRi%q5XasRQ;!NaseUzN@3T$d?2X*1Z*@uDPsz3}W4el~oW=O`$< zf(U;{@y-06I$i_EtUb}37Hl<^Q3FzR;}hR7rUHf^$43 zJJn+)kT;~RWlNJFo3SZp{<^v=Zap4tJ`fL*#u9|L*HBJfHYatTc6WPa3w;}U zJF0X#-VZh)y|(xPHWiG8n9Xr(ED{3M{pp?kSc5b&rwbu-M7PM6Q$pLFI75_Ynv|Ox z(t!;Qu`;&YrEl8+_+t5TKbhSlBP@9ehuF)7a*sgsUG)Le9ZUfb?++r5!i``YVNi*~ zv?_xkMtfcv*bl7S;4)gvbbY#f3Eyg0R@%`OAp=8e2R+lvPd|&l(?05o`arJCSPFkY zyTTN8(D%*h$BfLS&&X&iD<{r7^PMer$@GB5)mJQ=2G|*blF58}BekcAWv!ZtVxO^< z85Li*G~NC@{IPYtw#Y_kNKEQbCnp1#l!g)6A{HEoLE;MmdN(?Xa=B&Dz%KIs=jf zV`j}-jU|}|hG{xL}>l#_H(~)7uw0%?fd(} zPZ4s;NgveX?(@XHsnI`z93F_=5x8?TY`8~06oC8?8cqj#V<$Qu+fGe&dOP%VYNM2R zA$_C>M-0Q3-BbuBFwje^caz|;kkJXE)f@apCkHeSbr};hwK!hApw+`{th8ajc}|*g zzj=}=F31zXquC5AH5NE$ZekO*4R72ov*pz;L@SlwJQ~m18OKNLbS+~V&*3=J`-OmY z?Z2Ic9J1dZ6(;7m1TEd`(O`~pG#`1rr|VfrIr$HxU_9d%qka#aK9XUEySyUGOoXIv z;6@0Bq7rw$L}-B_fBjcT4BM#$a(<7p8veyGLKL_LIW0V|Qt?Te%JiGnPx70Dgho9c zNf{F!gIahTQOsBlIidhy&D_ELbU6RB(01+-pc9Hh*LPDvAkz##VWj3}w`xH}v18e_ z%PzhG2heO+bD*x0q4@3!A>H%5`%=eyD(X_Ft({O+i5~}eNC7bSeZD*dcof0Dca-6B zr;;Wcl5}Es@CfO3&yh1hmU=k5pFF*wmJGF+_fwQa((I}?gHZp0EfMiUG}hXH9D)Im z*RQt3*HpX6R6d8GyNn!ks#B}_i2IKSIAMAaaczUi_)7&joQ94Wn020kxr7~b$(I|1G7y#*!nJw} zQpJDBm8P-aT`xCN!XgnNe-RGxiSf{rwTz0hUdv(5rCbME|E~Zzj2g&dpSl<@_7R$a zwW@?-D|N3)Gg*<=_FSAID8TM2)F`U^WWa1r;Nz4pN?ajad$`rHS7pK zPI8v10Gu3xVYD0n>+uiAsT2;{dc8m?+RHujkl>)1&GqvAfyG2;yes2>sX)-XJ^$QW zgOKe&?4%*7b=kN1x`#;=c8lqrI$8)jU3N*l-CPRIgG$is(tpJ0rH13MC&c}h{7zh} zSAL~}YN7gU5%vz=Xl8d28V7!p%4&iDbUGrX7$|v~rjo{I?|(fv z%|)as(5eBz%go9Ju90^ptA#hH4tBjB;)13pCQL4Tl?V(Iji|O#;!Sf~)u}@<$f|Wt zVAda3!_h!!IBVU9zDR=b2iPN8 zSp2=dS|^M#uxD=YuEt zmV6H^T@1H4fh!#af{pqnrbCOhYuP8`+HlXFU6T{6uHY7}EyO(`HU_ct%gELZMjB zhCjh;auKr8_FAVN#J8D4SZ! z5dA+Qu4ylo$Gn${+tPRCq@hR{?FzYnd;TlPHe$s{iZrU)M8{bIFnY*2{F{VuROb(a zxAE{#!fkPzY0`|arxIx!jqe17rHR!-hoVXMS$pdmH9~sVaxLkRceo1>0bURY*Ll+(~q)9%O zI2rvc5uTLTRfd^*m0ma#HDAJNCWg)3A<74g5Fh?{g2X0$7*xbU^~u$IYspBZY+E{A zLWrcRWtMg@mpQZaN%1#8C01GU2&Xf)vgAE3>JB`KL(j@= zD%zYLg&|51P$*Jn6IZLnYOu(i9q_Th3ugL0 z&5;QAt@QdoZCqf}eN|m^1UC?$@jQ7fNE;(s75t6663sV)Tt6u9>IE-AikD{ou5aM= zfYpe`jyOVFZr@f|rHf&UQg{hb+6It-`YHFp;+=S-hKjucAaSQ(HzTP7mLb{LC|W@r zO*s+F?qNZXyvpa;1})+ilU}x}4Dvq3(2*r$z8os86mg%}D(I#6W5tJAH$xGC5YG@M z_C#Rg=L*q;8YI4#O5s2ig-A;ay5{ z>2?rWysXxAXBY{TgTwfg1kU_e=P!5kF#tYwwPDuva5bE*d2eD^uYM4l@w$Yt$7g#jU#di;IPMx@%081t>?zVU&^EO z75_My8e>+d4kLvfHGS6gDlC+)mCTNLZlw=ARWTVr6yj~vzgi*_g*bg`J0zAD zqCx$cZ*dy1{jI~4Kt4fr=I#Lsx_)JiHpYYh%7<57npU*P_{3981sku>KJiWIrj+~J zYg-mng{$aK8#PnOml6s(Fm_h6vVBucD@}tic`Xx&+VmjjDE?f$5fFh*99;`$?L{}E zJEZmvE3h&o`SPsao|7Z^b?kc|+Y4|*%zGtE`+5W30NI~|R$ZPQt3bFyd{3%0+NOq$ z{kK)FLVUE&LFWI|?;iahHy?SAB&u$z@f4w-(xRJcMpe`tTB=`u!Qd2yALGNAz0I{2 zKHb6*SuE$mhESRlfxP(P72W`xg7**@O{5Yq0i5Yao9e9~L(-R`4Zw6sLM7;mW5tbK z7=JpH_ctuevsvHNwSj&wx^x0Y(RbE#;D;T)IIh|NyYkb$F#6h^JYHFr(#DDI4lf!nCb+u9idzXrqoZs6*HZg zT-T0|b!I0(BU>Uw9-2{6jpbBE25_azl>e>ZWq$X4SpaWeoEkCW)QEp3O7kFxC)Djh zoJ7^!az*H@_2k4ciawmSkuR|ekx2z4w{8+*Yaz*hAc>eX2G^z%W556PLh>+7fvz)a zIO)g$-h15+&d@{WCJTwt?(BO}$m)u9nw#^7p$k~Q*(%e;(9Hw?JdbdrwbcVo45c^*5P>>J zYZ~|~=-sEmNS_I6O?+k%53_j)VKm|C#?8mvC4wH8@?5VvXMCMcK1?LMk)B%R#AQZ0 zm#eWGxQu1E5a`v#KlnZVP>j9QZC81D+I&5FhQ;_f8BZS?a>T*z63t2I`X4loL{JKs z=}4->;9Fth(F20WIp(OwguBbD1@EVMR;F=+%$>-w7t6m5WENX#lz(C3ZmB(yZ*oV_ zK*@kMP4A`%5?c^v{R~2k$^HIl$E}2uTUNWFgas~MG9fb~Cv-aFe=&V6C)Jxw!W^{K z8)pux&t48eYbY?MdEbAyeMelz=^AEND}FL(p~g|w0Xrj~2GcqaDau{fKu)wZ+ zJ)izf7vgyZRo$)QiNwh%PUTI~0~z9tozd*`9bQ_du^4w1FF=M z_^lJ#VPv~34oA-Vk|kFrlXxEotIcNV?T@l;QLA1~n>-9IL8&yXL)yl5XPy{Gf#@jQhEj<;?m#3O-yrd+ zaE!MmP*=vKzd-kBZf+={==i=LhuAJTCa)K5w4pN#rDl;cM*#!Q?ia2~*T25m>tnQm zAjQp`OSSJoyH8_CgvPcKjXO}m-gn4f)^}YrCY;W2Q2RF%xBUi@7nZV4+65^G_KAQ* zO;d9p4bH#I{8r&ncz@dZjVeKbrsCRSMM9hiP+%VDR_kpD3A^KGB&Mj{-N6aDAG_&* z`C2ld?kON3*@`pVNX|jO-2+hG#}Ur;CpH&mwcxf`8@j=4fSQTZ`|*<>nao`cvGXZt z+%M9~Ked-?9H;m!9)KU*#!Zkz0ifpnjmmP3Eyxz5;~F3-lR3b`$pa`QjNC%VrB%KD z=GHF=SRdXo;9A_eFaI`t9c%Iy8XPPeYvj3ZU8mU@c@pEb5Za4+#HN1=YS#XTLjTZw zx1LIp;{W^n4f)5xm5wy>bBPh)ef~T+{;wk=e>9XCbV$^YV5!LYu0g!2Gt&j}{jG2) z6T4%>G#r9ikvSBpqQY{F-gR7C&pfP9>~|he67!|RX~7Wv2xn$fl#}%~oNQuAQ+%FCQb|-lb>}aT7LCz4W0nL))jSY`cgc+g--Sx-a-O5QoZFfGe&SXZv z`qXHWTY$~nK8vVW0BAP}kv#^4h>Afut3%}JO{ABGK*bbpZS#ALPH|T_*x)8-DR5vU z96~oj4-h24_D==r-e3)st4csFo-+a;-Zd zO)SexC@6Beg-1Nczv6AuZzm2aQ^ddu3f5v$F+=I%7( zfbF9kYqltx_>Yo?TMI&s>svx=#PJ^!h(CTAnl}~Q8YpZ5MAZf;?Xwj$(2=yQ%h<}R z#A>LSu%a#DAv;O@H?bf5ceQk7oGN9Z1ujAeK5VFk;RbkXoBXf@TT9&wo5@w7yDjYJ zFGhUIj$(B;@)E}9Z8n_$Oggk_9T!%HEtWdw3HJ;529%OiF(cy^MYVGp>C3a1&G?6H zY@0Z`zyJ=Q9|$eCTE#k!i}3eF^@P{tcm$)>)WhiFp<20&B|5WkLr3MZsf^yQnam)^A&qzxEJp zSz!i@GG{oa5z_yu*Y59@aoKIa?L5XtzLJl(^yq_C;r&Qry+ixPH{)PU^|($5OUUH} z*HpV!>r0F((SR?8{yAY+yU|9KP?F2sx7Go0zsI=?BZR^_TTBy(NXw$8WrcK^n8x9J z)4$iMlPIypW5nW#+zU0#04RcA@fWgRqag%~*XaCt~j|4arb{=hh#mjz2V4l4 zvZV4K`ZH}uPCpk2UqcVT{d@S-*J$vc>>g#uAti$}z_!9vQMGF%!g)FB_ZV;$El*G@ zQP<_Qr(&S|mR7JYQ%S#hM&DudFacj1%{Vp9pb~ff`^)UJ#%F7t2QS|q2KiK-6Su~& z+jz<_8$Q+jZGBWoBUU8^dcgS5I5omB-Tyk}euNdl#-o-M{Y?p}BEq23!!BgvaPszy zE((dmf;XB;!TVpho=z-wyXPb=%RM*v1W_?(YNq=7RFp{XG33!Vi!^$Vc>jkkMP`H|J`)%^szNBUDGK&_p+la`N~p6=a?q^En{SC)GHlMA9*0G{ z_q96Ill9NJ15y%Lnyyzi%hOF%@Z}jFp-;uyrOWj(W?kM<8Ht_?l#$SSrmr+3b~V7R z1xJH7UJa{2IO>H2tD6rS&H3xz3=@QC1fbCk0g40)G>F@tiQmvj4FUw&No2~Mp5Kl- z>*<6|+R->?*9g*?SX3sjE`@jXw;|BmByFXK5RAcY1<6N;KUkumB$2lt{o8Clgq%8G zV<<95zOhjuKnp^x)A44Uv@CpsPjQXE_Xw@<)s{RP+|7IvTxOMOL50*W)=13Nvq<%p zK*dp0ZUJCz)Wbb(WvJ3Lq}n`DIS43|w8S30_s$-NQ2)tHt*BTX*)SW6w>9U4z&qxg zykEZsWqUI;t8i=uGsu~ioPn9$mb&ur+;F#;_tcjiL#eP_f~qJ03BA$v*Y0M9I25rm z51;m`Q-&nooO%6DE1HzT^vgagEy6Q|=~r`#5QNzm*oCB4!j40}Tm#FPp;LE5IUR|M zMt|L?=|*Lk;Xd;01|9RIjINMQxbDn0fNBNU=P{3u`~uy%I)|uXd8eE4bgFTndtb92 zRGGs5QP@?m$AK6gcuqEgaGCXg3Y+F9KXF)&`_aCN5e3yAccB5ht7xDwE zUAK0yL$eyGebq~z^stk4gru%GxbR4VgWHGAQ+K1Oe;r)e9W59#QzimY(KR35j)C}f zXvctm_;w7?LVq3HUh$@qt$Z19n5cr7zwrGYF?eYHIG7S{z9uZ8XxWD`n`9EnkTe2649~5_ z(!`|j0{Y&d^J2Q%5DhNCYwG=zx}Ol$(_(=}WYDBwVLWO<4R<0auc#nRGGM|-{`HB4i*gUmT>GCMybyv47N$=1+y70Pf0KE-&=?5Fcd!PeJ-Ms zPL1*&Zj7_7L^Q%PSew}~6MvM6S(X(5&O%ZCdfec6xr$mCSV+pRWDWFK&P$Q#EZOAz z4WlYGVMnnaNHO9mxU}ed^6S--GJzLE;P{Ut{>#e(3AOA_(K!=NuS|LyG<2qDK0YjD zSENMefT}8-DxTy9OTv%nc=EFQYnnw5)%Z>U1n)V&zp+~9=-cAyH`?PNUi$q; z3-Fs^YbG4|Pnb@GPpdI4o;JbZo&>^p=jazw$#2-_0=LL>ZiPbxc%n@7_^pQ`&4axE z)0}R=wWG0u7qb5VZPR`8?z4Yb56&G_Q*tEcD8G_YN@%4YccfO?1^v84`yC_)Nj4(% zSH}XV$~ska#5ZR^88(|UfOdmFX`GKAV=4Y=+r_AFD|l6K8r}q}(@PNW73x**1WJhL z)2vPHM59Bdw$T7W4h@3J-2!q4_a{CFB($6c^5X}TDE?Nbf%pw*i6VePJN|R=_}Ke_ z#|?hI{Pbb663TDTfU)J29N%6^I#CbK5Fh5FcaAweb|9?&0rFFD^=8IjZ!}Bp7(=-Y z?vuKOO~)8s33XRbNtuIn_6!GGt+aEe;ifgZr3ln81WRJeQmEhz5g>0r1Ucg35Vwe5 z59e--Y!@1yz{sl${T(i3l%s9CV>}e`w>mnYsf53seFZ3fK$#KoFKuYzI*r{6itCyu z^!~W{<3@ktXgPqmc)vT=TYtO$@+vp!=KAgSH}iPD1p_E_vt`m!qQY5lmG(+Nid)nv zc$zs)(_o>#SaqRE!3KSXN!vz3OMIyA99)L3q!#z^e%yDQ5#7HDPU%SgMvibGFvLB? z^P%CKPTf%b)+`F*Xk=)zVdnP{o_3?B<|BDJ111w5i)w7UAxZq8*pkIn8)C7pfxXiR z|B=}=vh{o>$AYsp?ic;_Z^PA};}uO#t-w7pR7bs(Kagp!swKmRnp;J*HXsb9yR6p= z*>6Qc~k(p+QKB<~t6 z`UXnR4gT`My=ljei~S5}m7HAysHpsSYAOvVUz4QRpdP5_r@aTqmC)VFgrM!!Be7bB zLcOWO!28CC_xxtOoU->N7SO=y1A910ydZ=pL}@O!1ohC2Adr@A8;o^1+AIcd>U--c z`x6O1Gd@YRwWXcrF!CPxAAImWs zt4Zrj?p_GJJm-TybSHYI6hDl0IpO~T`g1fejV*&vmsvzdDA}pKs<^T{!HV{9TNX*y z*&ay&a0tC{L};QlO`2%^*D(%;ohxUEojWKJewwq&Xkgkwhp0iNpqh}9t6*`XwzYQ> z7a!IQY z47?t$JJ;iNh@hTm;1_vTc>*p&tFQ3^Qmg`bpMINOoc1!s5v}=KcskJnzkm7E>3l|y zV8>5In>Q!^A(A}E@SMZ!h-#V5X5u!Qy|#Wx=S=$UeE$5|_bznW@YXaCx+c-v4X){G zGaeE~UbMkLW=K$MKwTH8S>dX7j(W4@=I8&&sBj3*x%@Nf>T_UH=3=>6YTC$Vz~0f4 zfG(v53o@2#{Ln|V%dlVmq+vhe2Enzw3g4+P_1YK>uEN;Fqu$oD-gA_l;Jzn5RySkt zF#OpxW))r}FNxE0)|`y-^Wge-x=Evy_?F15(CFQTF0J^Csk7D~CfTLTw5)bnvKdCX z^axJA%ETyt`xCmc;VNVwCrbMS%^HR_Nb+HsCumhY1nrJ>{Wi^;V8ymly2(}W>cV@ObN8vi2~T&SIR;MxN9;-J7xM?HA0R(z<5P47IzpQM zHe72DS3!kgm-#8My6Rs9dQ#l5#`R`Ag2Fw(xA|{!B%^bKAUIvtMrCJTq&gcbpUqqV zvgOLI*LY_9tzX&g?&h2H$ElUbzImr(582wVeXP(82wJ4Kp#( z%JLS2=bnf1K2F5}ClUZ7}UJzeXK|1R-33jD;Iw=F9uVVmh2IpNF)J zaLq3eZ4Y0bo(=0?HprHMRvZ=Qy@47Npy7VZnMONDh?=krx1Vu)(Tj@0 z)5$PFJiT?F)D#n(?@L06n^V95-hWNQ{4jWtEdi=BiIQOUv{_GnpkEpKxBgI(bbE!P z+$@HGmS4_J@IQJp9dHzWtB-WJ(zMShfxbGA@8BCk?%>Q5XX@Ym2K;}8%q6-=uI_&O zjBya-JDMMEgg!z$+X9&RXME2w@%eAFBiC~~!%V7*B|T7iP^fKz-;aepAh#48ls<_i zc(n%uJ&(ZU9B!1b6EurZ3XYXhz=p1DS_Tb)Nf&Xsji%*#Qq=)INUR$Tqd}?`BWZ8t zcNq;>pthX@lsXwz2Qu9*qPu8~ZSE3H^p>P;3qRR(*QJ)eyaqAk`5Oe~^a>J#+!vM* z>xz2H#|s>Upddwu`385P+fX3r&8qwG+Yd00qLI(LENt8e}=aY1-$pilhD3X*f zG!(S5vo=I3Xmf*!Rt4UMQbv_=Ti;VUl2`BlqAhV?nJRU}>0pp1%b3auSnD?AnfPCEE_5mjqQW``S9q`h&osKQcUOi#QL6Y@uCi_36u zA*?dK6C*4~(p(_ElC1Z9{MP@KRK4q0veKe0h*_YPOD}h#IAh9sI~!Q`&TS*Rf8+Y^ zFlYxl2NV}J_mUr6e>E^ZiNCIAjzhHIylI0CLR)v@Hy@+p1gwbQ?o0GC8@x_do0p-X zrgR#!*$(y7AlD0_)%b2)$q7_<(fn0?4W5)Zv{FS7u~$)w{&&q?qI*kM>>&m#$Rh3# zI=Bai#;2d8uTP?~B|{u)?j1}K_1e`!8);S~lJe-gfnK9Aa6Ssp$2sDSTttGSjNhuc zB&`$mS<@@O?>KCeNsAS@I~vEd#Ca~)AW)G5KkBKZIbX54BHdiagjSv<>e7R&W#vMb zuzOMv$iQ+t<241zu~f0K~)KDUcSO=dI{I4FHs2!-cBea>kI-0^;q@vp$suAcOipWy zQ*8UY!^>m($|kzn;_>b1U-$aBl=gD*dT5grckD6W>Fq=CG?3WN9jyZG#e*se*`5x` zSlA3(@PMk9lXrwsp`laxgU4;8BqvR7` zyE#UFZ^RNpZ0hsRB{W;uq-sD+JPWP#cQHxDvjI9Wz~sw&H2fPp4%bPS!fMuBWyjyo zQno-=&}-u|;p}ZDO+H5q=?T)N<7T4dqFQQ;_yN|6rP5B<0ci>tEMja zn{OyActJ(TEl4nv$I0jlSx2bF*aY1@>CQ?H+;ePeP#JqE$`o6;0lSyuiv`H{Dlmtz z1(#p}jUoxmy}?06R%r5Zz7sz!5}()}TfuIeYv#e3`PH#{`vQ!zXzh ze{y@@VefmnV>!qPg@eV#;Dq6l@}UOIQ~xqtkNf|`oNq`|n=yIJnGJe6{QI$wMkRfK zBe*&E6XnLMXxXe?Rrra@Og9^uKcK%E9Jn9mwl-zW*~T{CZ9onL0%0+x=n~c7@y%s4GSl>b@TokDV2wa{8}G199$+MYr*Z0Q`?=N>-5DT&P}dA za_=VizrKj#YMld4p@F-QFRnt{_Ny1qO0fzTYRDjy7i?D<>`x?$o_%_F2mtQi@4j3B z!Zl#Fun_9Kk-QnfnHW(jK)iW)yG zUdRrMDQv#TJ+r61Qyjk_FofT6D*X2!OF)qG&4hLw-vRAr@bH$?iBq$K%{-U<=(YjH zN_NqHH`=a+i;ahTVGsEms3UV=5pv9sd+WC_Av$LAB9yR*$T+dj>TIiut#|6{Y^5h& zaJM^om!=fppcMwv!rqHPpR?Jzj$ zB!!dc(+Qk}Tek%*s?=_W3^bdHyTlnRpu>%|>lkd`xGx@{3mSYNd-*U1F%?O`Ima$C zS;#J%BjK#w&MC6e#{qHr6L)#FTC7Bl-TPA<%7<|&K)~`=2EOz{=Q$+aOZA2I^^j~sgTuBp zP$}uU5efP0prNPj42Nz5=q5c*Hx@(yB+Zx;_!R;6I#nNAr&uPmj3DFQbyqi?_U`p)FbBBe^-JcBRuLdyz7gEeW*3Xr1H6OL zUmg+4kBUsF*`d=Fie#Ob^2fo?_87RkC#|AH3+-f=MyOg+(n3k7sV_O;jEr#*_#g^w z@e1|?%41OQs-PCB{ePLPA0|(YZI#~X4&s7Ntp9fg|1aquS7SjrLM!P_j~F^Qko6^v zA%lx8qw2(^(&P2AQ;<9IexSyexSS3D9HXbvWYxcc*CaX;2NKyeI2kvm6LekZmJwzo zBZ;QB>v!y-I59lncXe{3_LIJ%XNx5RcB^;FJ|*FsztUA80HzKjTs!pYl;Hs3 z3dKs;G}uZ-q{+eJ-E&V_v8)f z3h!~L%Te+2i;d^LS0h-$27C1K#}TX+3l!0~;!wYoj~Eq!rlJ27-E?=$Tf}UvDYMK@ zx}{R##J?eGG1=>Du@WQ!xXJJlaWZrc?GH9p00FPL5jq`MiG>T{w*~G1Pq0E16TR=w z559tLa3^ysG2wQ;#xiHjA30U)8?%U`mUKyUDpw>@iQ}E_@8dVt{=2?1)UolOTZYEh zKv?!JG@fTJk#NIp-6&-8={yLXveVfYzzR(!o$L~Sqp?4BIO#3^XBv&G{P<4X|3uThmjgYOg>X9gCZ&ctzK^!s|FmrONYe+9XEO9Tn zj{e+2l2J~qnq;h=B|dKl&DE5LUm|8fw29EmHTS*#`oml`*g$PSz!$xsi9B+Lq}mDK zLEhxgd`hO=GCoh1LF9*euQ|+%=ar~FSashh1Nh`Td%D@3J#`|NlkNHSM_xuB#_#3k z1PD>!@yhe-GJIL1Sl1|E*tkyOkMC~jt7SO;;X)A1IJznsso)7@qi7!QISwco>yE3K zUZ`l`|H7x-CpHh-J@9{ktq&)gJlV?=fJzSWT4^Pn(_t7sK*#6>f*qsIhqSV%^QOFp zWRpvJxxL5mfw_RKZId;$&H}0P0&W ziEx88I9vZYS-#otYz9LGC&ED@MV$L+{;+VjvUV&Sa>flZC$wj86TF?(uJ7(&yyOld#fV-Cd@TXOK89x#!?6NyxSK;Vj~E z%y3PlA8YX2>>Okp*t%5833>s!T)QS}y@f9@-2H7*0EfJ|+32k>x0yDi7{S8}g0m$* z=gQaNC{4#hKU_Cf4!fpE=TmosE!@j+^Lae_bMUkR3xYPWcAiz+lpZi`dhhxVmc;(y zXN=R`W;cb}=%UPXsVeW@DJ!a$4W0SD_&X)#>1Wcw6W*=Dac<`uh2Vc3jl_l%jI{ZT z22=_DJGR)h8Z0i9_neP69!b)h<${Ywd^HUac+Kh%>*)aI2EQ(H@aeJBCJEmk_s-T6 zcqnK4>}HST>(Y&5rg1No8+2N11RBX~;g(W?BfIpv3G>H=DiBzq)FLxqos3S46TqiM zcP{xN1iBM`7Q&46n1iZ~zA_rSxVMRUy>Rz+Z2R5^>(!mi&4&uB_IZUqRf>lxiHV2a z>BOIm%sYJgSE>#qod5?4lHibhW3rRmU_PM+=RJyUrC?ZtliDPwwzFGX)eAku8oAfD5j1X2|4JV0T98YqQP(^9nRvrr96p!@P?!-uE^Ak zu58M3OJItQ1>z(qGD3609KO{|EeRqbv8qXx=Eon@&0KXaHTQr>*`ldhuwyNEsnHK2qivgnIBU<~|H>{hzk|o$=O8rs-zEv~ zu^TTpB(I8lo48gEHkNcI%>UgWMi%~Z>@0svl;DF35&MOg?ZRWon2M=O4Y}=i2%>1F zcbB7)CK5q)*H253MN$0aC}ikCbUfHpnj_HZ@SD=I9Orb2Fx6cveqT&)9V4t#fQUcu zc7GfGya(HBwH{xOSJTg*dl>4t96J=xm_eEdca<6fvChr|%e+lul2u>_y|Kq{^uJ~2k6mhH*M#_5=n}c&_Qh8fe|GOvA%c<1ty)c5Mbb? zEwv&X4Y`pyZ7#{-Z1pDGceM!t1maFRSOo@Fz0U_eT+1}H--i?GZH`VZG9mV|CWDGK zmd)$q?R9~B%Wpl?@u?B6#QKZH8s~N^>9CSH#K#qbE?{Ob_+c~B=L?d4alHT`40SNl zkSVYL-(D)Xd&Qp;*XEO0)x?231Nsbv?uV2w9#eEZ4Obv zO8^Ybi;Zpw>?V!0od=Lmg6d(SqQ6yk)0?RhMxYa5Sb-Iz*AWF?R9UtPGAIJ3;x7gNa} z*S$;#9aGVBPk_;_Zq)Oozgm8yni+HOP*Vg5YgwxhChgNAwcYK{u05a_%~uEaTS3gm z1W09y3*9o*mJ9tiK$<~OiYV>hAJiKF7w+E=P~zPX-oI_E%h{JI$DC&fbIulHgENn(y?$Kp-h&T=vyjotZulL?qZ_+wFv_*@^?_pdv^sty5wlN z$JGLyKx8xr(l%Pu-0YrxtU*iqk$d*M;){62$^EndKm}5uw@}O*kUL3N(Ls&pR~#F@ za7`5Wi_V1`8u&YM=xc3800A}mW#1!TY`sVS+i+0gY+r&4VL(rZ6iJ`QPW#kKwHU^> zqh%P%oUB4=o3ujS+BM|GP(-KmLbTA7Sin@JxYbFak=*#;`nT2tT2l0>R#N0`OP#gC z6G_W&s`0exLK866+{>u@L*_w4M)Uk}IGKXW?@feX;>WNjenf-hgvaMKCs_xMZT@b! zww0tfFT;VlR71?|s=;)@P3j@sHibY=HoO|hH5`TT9qWjf0Z-eV>&X%<3wvwdMHTWP zo0o)4`xK#irt}1U%!bs65=sl$QZ-|=X7Tws`#Lq8)$L7}g#0N#189pDvhBbt(l_gJ z%(bM$=Gr6SbE}2%eB1!ucTUKb{^jRpeEahFIQh|ge!e%#?JShiL|0r?bJmG;dq&GS zb~U{+$&?5Y=tPvAd*X>SqJ<*Co93-e-AiP4=;xiR-%zdC)~$J!U@AS?2$m(pl<~h5 zKP5#`G_)iJ_aFAq19Q*Y3+8kPi`63S*B)LnmG zYhZ9fYe4I#eLgT;v?&WOCq%pOw??K2cxjFtK%x;7ha{-Bo1pa+I)SyHhYveVFKJCh z<0(G4z<}x;{tjb62`#j~FBOdju{w7x_JCbWzcwikB%25xpz&#ZYUbnci^BDCnb>6X zT^DY1ENiEb-E&&!&n2crV+>yBY&4t$CC8Yo0U9x2RJrg)g~_^po@C9-3K3lFuH26A z$sDSx4z*I-fczV+sF8tD3d(`~Q(d%awi=G8CEW{w zFMHPEaJ~BQ&Z+1R7CWbgW?>}%-2Qdo#^yOYv_Cnxxb;3=4{K$3^mtC!DU-i%&$3aL z_U~Az(rl;@TnS+0%82E=l^!m)m&e;5V<#HYphYU7dOE!eOsAO4?tzO6z1v}EShNEa?gxOEB93rupGMQW+g%h; zKDCWVRCQ2avuv7GNE^{07~1Xy1;&eqJBDsbYtA>72X90Lx4CC;oDV)K9_>ueBb(@& zG-vhit^!pmatFE?cFh9F3AUt=7oI_=%K{Z+CM0UQGz(mq2QD3?ELzn_uqFSboal(EKCGvY;736Q|^Ah z{g#-8&#VlOW2Drv2Pl@d5R?R7t&j*DSxpQ zPvu%t_q>SLv8B5qS9_1(LEsc{|4Eo(<+RqX`Ad8V{*Z`kM9C7Bmhe@pof8_kB*hlU zrl^($z`9RMAnX<2T-8(X9&lXv^;STgX)4#8HDYZERekk&5`K^AK6mB@?Vw$e1Q?Dq#Ix|CUzXD`u#e%RjQRdPktsavOVG?me-e(5lyc`w zCEY8JuNMCpufX&hPJhV*ltYxznYOA5Xp%lgbNY~xSEJIJ;c^6(h0+FX`_V;_l3r7RStc)*#K^ooJDtKgM|Xd_yV9R7ZIV zTFlR@b~;}ArfITaS>%Y^RMI5*FgtnX`V>gsA>m0^9z+J~&c{!fVt{_7>{e=Zrec&Rxk$ZTUG*aL7z7Ryh^n{fg|OmUB{Sv_Q6h!6)#k)v;$ z6Gw-rX)ytzi!yh^kZyUqqX)rbBG(cROSNG;4A(lU9OS+_0q}Kg?g|Edv*il9*2=J5 z4rsnsr;SX9hcSBql5$1^Nvx7*f-2R20o#TE;srblOlC!6^Wm7|D|@|vl58l1#>L`c zumTWHnwoqGFBl6iT$bj%cBc(VH9CO0@8|*-xm!Ee)g84jC(|sK3X)oKEm`BPqGP#Mm*+ z>>MG?2qRLwjXk*m-)n;Ic9^QmJRPjg`zk`N@2|3c)L1hp;O~8FOw&u@~RC3-Hk)u4Y$+b-cR(@QaSTSKEF1XZ>kq7x#p5K{Fs%&pmikJa%v z*T?`@xH^o>EJ-guZ+M`ND5#TYvTMld4S^aga{6uB>0b1D51L){Vpnk;cC^P-4QZ3R zQ9t9;1Rx?6X~t6f3%K5$GiX$<-J53FXx5V?ZI2hK7m`Ar22Vf}?KHYs#tzSlpPI`` zJ8Wz0ciRJ6azoE+B*P(XC(* zwUsxkw3E_H`W>Q~pO=x9J?(6JpuhOiHh7ZZ=~z?z3x)0=Q;flI+f8x2HLdBirm4d2 zj4IA5iwewPC@7m*x=v0JkcxQ}oH5G6pjd5~<;CPoh)}hp?_~K0+1b zHW0XF%vP}lRD@fI!_5}h1t~uGsWjC<-VmKVCAiq2v(y^RC~%snloU|MHzRMNM&jh+ zg>N5DtU;-~#$Ovwc&Y24=>wCfQsl}H_c|?b)jKEOP;~xfvHBmBG_s$Okvi^i3#XiS zp6&yBySjE3{FXfV?s``kqN<>VY{tlt{DRJnmhIXN!s4=CWCQs3Gx7Tm zT{sPClBzO!@hCJv7=b{3+6M$s|L_Rc5^RIuIqg#e!0-Ql@iuY0L(||) zQ1Em_xYyFh*d?f)CUGBQ>|-lj z0bSsY6GSE<3|y^+0Zpp^O%hlFq6i~kM~L4@(}@CaPEpQzcRY~m@y>aFKAm8MrKW?v zEx=R2k)kDLnjpHr7g9?~;e%DFw3+UnBi{>LXE?i`JiWloVo=Nd6t|VmmC6fpH4i`W z0{jr&$vC6_ae*``iNMg-*8Qh3Ms7uVXlIF)EqmEH1_J=4BuJ`ooT4?FzISVDSUGo5 zusg@TT@8H|`EPd@($9)~xceHY3fAyMONz3Kc~X;nb~Cou*J$r!+lziO-N7+RcFyje z*`JvpZy&hnkAFxZD88dPqA%kWZ2}Ghdn7UcU0+;XIAIFrm8?1uNO!dw9sEM;+I� zOMzS>A!Tb_leC(_e6`w*$B72?47WHV2Frckt=Rk`Jr1hbDt+Doy2sGZIT?r)y4bHsxsU>{eTmw9AKRbg@X2btXS zq`RvV$J6ysP`zgnrZ*SUZ^dGpPu^qShpI<1k~}M~dtG>T%=+>mlP=UL3FO<#%GLtQ zPy-TcNb=p6{BIduSDY%b@z$3kG4*r}gmTmqwuj%wkoex7Q(T6eV#sfGYON=@Yq!^5 zbxN@lG-tsa)6ppmUrV4O;<0TkyD%3aWU;on*t$a0te(j}R?^PIRc!fz;3MEr$#|^} z)H%{WE98)*N(RHL`xtcQhJ8eE7-wpnv(8!n3XBZ*Dm~0=)+KyHjCl4*23v{DMfKK$ zwvDL{lbAX2oFe!*Ec_1L5S>JWTnr4*0CDpY> z3PhE~>Z?RIH_>#`^me4l6w(Jpx0U~b=E1QTpFxd?MCXJN4;rVUix_>CR?{m|;TDyK zm?RJ>eeW}bDy@; z%^~5|rxxLs>O-H^U99WmBR{r_h2~dMjL5Td(tPYaOK)JeZcQecZTCf_7H#Sho9OR# z<}i2!6J4SwGpI80mE;lzC7!nj&rM$D_|%hEnZ-+HAZ^p^ii{#rKS4X+nD#>yh)560 zE%w^Rda~TbBH-C@hxht zgh)kK>;k!%;VUVNDzwJ(A2SbA3S_%#;t<5ynw<<4sG8_h;<>~~Z%iiqrgGczvvgT+ zrb>_Tx||t$OKG*9D)(@X&TavlXPK9urK%Fu7;R<_vlk^PP5VUnf((!CF>^Jc6cWav zAII@@f!=Tcq-J#R3eV;Q`EjHU;kXpeOT4w>W|>MM?g@x&&%iqc=DJTxmiTOr04IBM zz8r4oH1%%YkfxX4re{-C*6BG5po_O&4%o-;6aFuepwIIE0Ra6vz@Hm?@!||=P|G`< z&g7?ONc_dCdr8;h4M|1b+COHPjG<2ItuUyZZM<}|a~F?p_G(A#2g4zCQVpL08`pP$ zH?>O0U1F+xAz={rwro4F3Wl@6a;6t8MD%;iZT4!yT30u8yuJg3WICNsbjBSpBbVIw zaVo6?w4hgf&R*jGkyKHapouXxL9KsJBdM)Q8qQU&q`f7i|LB1&<$F==pdm5hDpG6v zu+86Q#~_kIm0^Q5w6WJ4?+_O>aCyWrZQ+4Z+4Cz)9~K90^Qw3Ol?Ahe6@Aa2BEn-m z5F8AUik#)_w^=10`VeJ3h`h)a&1gg?>{ToQousW8gU?85Fy0NKUcC)=J2I2gQWXI=MZM|u zNJzi%u|r*oyA_?2Tg;@JP9A?M&8SAzDfBH)uYrzuni*zjL$=&9&V}elIsUF~qG_Kr zbYK&z(_>PN&a@{n{Lq<6kK5}{z?F`M>= zdpUoYj#n5Z`6>_Mwg(bC2gHxUWzY;9&+WL2#$G9<+v{0CN$QswdzK@Lb^E(bwR029 z{sZQRhN(3$NEmP~N?B~h`&g+wyFj%5vXsr-E{g2d~Bnoa-!l^2Y+1OL2>xhW$?vW1xfOE0T0O zou{<*&FLKJ`lPo-=)k6SYoWTc6;;_659wo>`f<4Kr+^edAj z6F)1xEIh+1_X{uG^U7q%c`){}&b^*MI!z*8f)Re1vrcI&rF&qJ=%2#;r%g@pK;ln- zU~^nEPQwdmise_mw%#$D?@5-yTa@EZtEbMH`X)L7WAHpi9Y{6>BT&n(igdX1F>W{K z^Mw>Is8iADg61+9Q zGBb*)pl?nRAf?kOYk^SC-37pbQO5H%=r%LHuw78sUd^=7U8zouen(1T{TxZGJ|fK- zG5b5?*+Gjh4m)c}G;Y7AGV3{oIVE*4WA49_VPMSvyXj;&d;M=Wg-l7O zZoe9!u{R<&u*sX}wJuYxIiRbHPY(}L-h-_-NK}OffAZ~lY zi@HXXX`!nunykAd6ia?t5lu!utBPLOwo|Dzlx2IP(}-a4lMi!4HHNA~UwBSnX!z`H zjZvV;E2OfqD`B=ekhF)zujBJYH0 za|iwWEB@k#WY@)3L~g_1(=>#}iO$;_S_Y$Y2q>w@!nNrh@?qhpw}H_H1UI0Mn9jwX z3E#Yx8HD|`CB!^)_f^L?<44gAcRC^5D^tDdlc3Nku1SiEcRRz4K42S62}kT=N1AhD z9kLL!bHwUoV8AFR$CMh0LQka{03hc40i`kvJDS)VtL>fxZofudx+Cw1rHBF2p{6^8 zZ4BC?HGMS^GFU-L4ZxLuTrUz#=wB0G0mMw|BRLhFkEkCjGUV66Q3?Pwm zxc)l9bq1)7+F@~*t4Z?Q9}%Y;<^P~z3Y+@7T2JKA*`~lf5`FT#bLM6PMI(F_iuqWOr>w9LrdnGXjmV0C;!PQ zzL*O_%0|K^U-<4aR8BFRqNn!g&t09(T=@V*I6FW`b}~Rk!qUTjR*Fiz)Vd`c=0_=E zLA!*z)7)ji(m)Lc(B}{PcrX}e^vykGgG3YVmzlIHC1O^_5V}>g%1v+tkztfb0Kl5g z$r?$@M+E54=vhH3grr#`f(*Nk9vE0FYfxpOqUIR-|IcFe=f4c~IOZr@xy!~|=QVie zoLnu#4T}3v{n-%D(Y0rLiNvd@*wiA1RNtFdFfg9Bfby=>y6tA*&UmK_odv7et&v#O z6xn#m`43cj=c$>Uy(o%3BONDBg^0jbQJ<<$(P-M!J)mT#+BP#T>kGDnvy4jn!o_4a93m=-&UpVMp>&Tqtup~6PUPaCbZWW1Ua`14ie^}F< z>W8Z2r22s|vGHW|G}`;I#@UC!DK*-iXo*3IOy%W2A$RNJ1Mh!(ia}L5_2^6pfxtOb z5k!&K@0SFFQl{(q6CGtwn&1<4A)_*agC3ZD=;F4*=yHJbqL;jT(zy`-!GD}#luM(CH;9FUS@ZR&Bl8MelL=AnR!sFvhT3s_g;=m(g5~VDW zNCY_sU0bG)MawB49BdEKDo#WD15-4!*IU-6St6f}cv`gd>t7x>V{k=_HR|5)w`D2< zIZ~Lx-L9#Z(;hp$O$*rOIE0qc;f4mIKNx~|gtoLiyu2s0+Yz}jxMbc4n|KJMx5dYcy$SLw8 zxU&jJAO&laByQiaRqqSWp?w`U-+f{$9d2D>x=LO>&Pb5wi$ z7=MvG4H`^U+zC`+VY>2sEEU&5y&Eo&yw^S6yCNV&nRHNQlQ}w-wGDxa2(NAn_quG* zfKc@T{H^%k?GqASOKKh>ySJZHB=rMiLp%zp8J6CaqO^iCHZy!>m#V{s8}=_omCl8> z>9Fq6)#4lA^J|1j^WPC_E;pF}oM=oR&U5FC<4#?~&8}rN0j_sCN!U7>5W5dT*oE4D z8iO?GyV%8^C+1qfWtmRyN6RHj3YO?cxOp6)Jmh+G%^U*?(UAXUH&UQ-K!yIzH|B0z zPP`I#Z#aD${#>IOBn-u?KC078J6&JZab_2w_b3@0>mEBmxlhCL%TleKiu5>Dqy!R0 zk{6&ilrBfo2;pp{EwC6k_($?7;I`!Q*|W1O@XnG3cjVFNdxFAtW&(#DVg zZ_6AzhA{gNhpFgfhOKHA(z7I9??+9b!>>Ur;mv8Ln@(b4x>Jc%39sWu5O!D`d}Cqc z(^Y6l41tAfBICR6Zin$e&Fz_ld?H33^A$8?PD`EsH_-KlV$t|vfu*9xcu`^eSGNuO z6zTUJX$8lz43meH-?(enQd|nV(6Dj)bv8bd)B^lij65-9%NmuqnFFK8Y8J@Vr6-Sb zN}M(VAI@ou{A2HpOA}Ja&`&7dKMS|q=CHX=j4#4)g)j=rg~7p|c^x5h7>tGAwciE= zYToRF-y!8U+Aa7+N2QYx4m7O07mI5NgFg&EWL`RoL_ycGWEPfmJ*rAVJb=WxpN@Z^+Q}D+in^rvws@~AN(*Y)9a<>gE^kDk3q=wVmlBtTiPkBZ#&mk; z=^e#FlsM*7J+fWf3k|SO75;fi!>v1b=WCGVmWwqLnALd{!kS19hN0gS>B{1QY9xWx zp8xW5GyZMpMlQJ>Y#?1@;%G{`R{!T+JwL!^gaY9siHPv72^t&cXdvjV98MSo7EMIZ zDLjb-I9`;xiHuH?s}2ctEa_YaY|$Ff4Je>&n)au*%Vn&RYPBZY#nYtlp^ZCAQR<9c z$6E687ka8Q#g2U~T9&hg!*1&^KEhcVql=j9=V#mkF=?O@AJGp0Ka9U=}&$ewe2)6coKS8&IJ3si76*KRIA z!r9c*+?H6hi{BmWm+Bmv+s{`3G7T3MC&CM^9+&L}7h=^$LYotk&WR^;YD4za!W{~5 zTafU~mU3vXb1a*RQHTYZV)R-ukPaH^MSAymes5{z#lbMbYX@6S+9&o(KHQ`LB2y8lI^vu&}drMFxmJon@lXM!5KGH=mLa?|PMF+PWaW2dpq zsrDcPo7*tS9;e%L{>0+Xm*r>ZgfENf1IS6(`HS#R?OMaj?XLBi!iU^e#{lbe`J+Bs zZ=x3@;0wBM-GuSd7X7;snoLuZW6SHbBoHpnC{sv>tqF5%5UU?{N-VET;u7%(X=G6Z zAJ8mHPqUdDZqjl%S@pjHgTO0VPwKuwq7?V|_uH?@tnOc`xu2FeqiZBKg2$ttTxaAjPwG?qJoU_kn1( zNa4TM-T6=qTB#IIK(YoEr;)nd5&1IuT0 z_tc=Jrtfi{0fW+ToxH9S^GxcVmTAHBSWUY{A9V0x|!@cRlt8;z<%$`J{s;pu@ef^sJQWd5L3k zqbu@pAZ*)gZnn#dVCn9Z_K}9nQ9}?rnd7`M6JoM?o{ce7yZ^J{gc(lcunFhxcAynu z%g8=K7_?cGBrP=qUMdPZnduX8URQCoU{wJ=}z10P3XdOm}kc$`(pN zJAzjdCL6Beb$27D>;(n3!*pl6fYy<5c4#{CJb5gJ#*BEm@s|qAeL@%U)BVfnPkikZ zGJ+C@P|iSK&8StmpNI&8`|N=n^?JgOo4jgV-XfQhkq(gbNNX(*1Nu8%0WJaLu%8H& z`kOkg&ePaV11wxNUx4T#d0bs)K|^fG z!}VZB^20QO;L8q|0lqsCGDNhB+G2Zw)k8Co$tDOhngfP81D44aMm$K%Am2MT;&i89bT}5|(QK?66FG&-ODO z1$1LWCh=Wo#y7*SEHmb?r@K2mR8+1TrXq5!zAeh;(F<}Vro=o@JS_F}_VOVT*S&db zr~(d@XHgjSt(n-3L4csiJNEnR<2MlXkHW5{X)?{Jw=K!MSPXqP+Zmkrt4T(h^%+-Z zlSA%ye+Rp{!$49>M6Y4CM3A~h4S*=wto2e33rk2<1DK(lWF{H>(%~b9Wgqpj-oyfy z!JNQPDnP5w2hf9{t4vb_`sWv)@oW<`Jw5lV9mtr1PI)f9d*ohwx47Zx!S$G=ahZA_ zU`~c{_R7>4IgLPHu8bUy>K3+^f&LKOVr)sPO{Gb(kx%z!~JLw2GjK>696gfv}6Mf zQ_O05w!igoz5c1PAyWMriR#bH!B(WYh|B6xsHYvNz{Gkc`TT|^d-QT8cs+AHk5*%J zvm4Jx04zcO$ZMNA6`-PXgt}0)t0pQT4+Iq=R{^lNum{=0+x6}?W`W+8!bFc~Cgz(l zv#!7&gFZ*&Jq)?&ODTo>8#?mGxjyhH;WFuR5YTCJ?1o`p?$;y<)&Y zwxd^;m>E@Rnk|cp+gzgPLKKJ+br{5T@cK4zM*V*_{o^V=lQGKDA0JSiij&T#&Dm za=#l~2;LHd1QzUtN#@((%z7Cze|Jlx6%HmyT@`)SEi`toxF0qN$s~l$GP<4L-W8}F zlZV&d89SeCob)>2jxI2<0z9_iYWh>Z+q}}ExSbQQz1QP#OTD3!u<&{^9s!GHno^*e zt_2Aw4j5r@C8g84A<^t8ZWLg(<}M+sB&>lt_Q_JZ68LY6kwRuVH&S5<*@+higa^t- z$8Y;4bQI6OsSvW_D;hL|DRg&Tt-OtbRfHK>AS!>kM`Vul^U2!~#J0qZ#fvf(t&MIH zh@-r2x;pO|VQGXw@Uph}o`jGvOOKNkn7CX~#1aZ6wl2m2Q=zMnG{?oo68RK$7+`N& zCyAMwI;C!Tk63&I2Z=u?X z*Sd55`^(JvTNPjH9Y{~=Rg!4-06+xu8`amz%b#mEfLEB0e(Lc(I6jc+HC?05>BEE# zl<9H`{jdjU4uA0a?ipP32l$4=(Fh@XfDH5Lj7i)3Y`K-2A}iU8tA}?OJ27mWvC zGUFO!AiKCmgFkflvwFX!EAOp^50p~mvtZ!44gW-kuNG_M%7NzTC$9 z(QH{T&8<=E+K40B_sV0dr0zvVN(BLT7b~rtvg;xA^;xm~EL1qWi4fyn7Zb!LLQsPm zaN7B}Y1INzKb;@zFW}a0b?ghqbQ$LaPrpqsPK6kUZ^6H#4sX<(4pK9L0uHkl9NgWG z(~mpASHMT(KU^0!o-^(rAq<40H3*{`Jf|lsBIqCte+6q2lv=CwGgN#l(y`q=F&tGs z*%r?S*4X&G`gSbBun<#Jn*j!-1sxZu|9*?CTyH(6$2y=jD`y@of)3B?r zH%Q$fJiony;9nUbkKLY-qjg0odbXJavb(g_v1cZVet;9CH) z!VcWg=EmC?>gmHkpQHt>39iK!Rm)GSRth4W1=nqA+|L~cS>RUmm;{ALD{I`d!$B;7 zUk`)2m$VIaZA-}}BqShDog?kS#8ROu_T;_#jM7pToF3> zHPsva@Pdf_46AjGzcnKE|0!vr(cnNa)k6e@7Y;-mtjj0%K#aM%=`?8UWKutKsv+s_ zfA-h$2DLNreegsJo@GO{D=L`DlYEF2RhSIkq3;W-J^$nxu5wn2lXwrc?nHzjn zLjO{b0L99%dOF5r6n-7dk<7dN`4d+HfA47`P6t-?_#>jI8B;{J#K!n08B*O2btH`K zPd^UM7(TG#OJrKVs&dnhVs^$`GN&4gn56nKU@>9#4g9RMEuW`Mu;B_j1;Cu}=y?VX zXh@)@^WTO)@5e~KfLMPk08f*W7$5XH(Hl3GEZ$5hh2)|=;JIrsjZV6ue`bD?KNuFsF$efHMn z9npP{!)+e)<|)eWib=g=&n_So&pyEwrqL;RliG5E%uUn>#pA=_W? zh}XdNw<;mMW@;HY1`AnKgay@lrW`Atsq=9ha)sXjucf%|f1=gV3Wy9Y00Q&;s>Rqb zn?Ft;%U+{Y_v#G~PeF{)+1PI_>M4|MMd5&3W^;O+O0G!MoC~WFVvC$&`-M z%Y5=LjPIs~0pW7Z(c5&~P7r);JEOj4<9-JRpl%EP)_1X5M7c&Qn! zngM)~5n|ef&bjcqCF_Ec^BTE32qQ!RyQ9^sl47O9LjkGgP}UZkJbV6=Wg=ru7-o+3u7zKlU4vFT~SDk49cDGFIXcyW!5oO;DHpH2seUn zO1R64BI0z2PmE|_r42kP?ROGn3@X5tFQ8sVgv-|sOD*81)oS=t^2p@A1y&n6!j11= zo<2X1G2~`0)oJrhGK*^~Fas+m*Ee*=!GkqVWC>UmRJMCvS&8pXV>#U~?;6gIvm2#; zUCOgyXD$K(T8vSPlZ1NTT5t+ke8!ceDM4EvagCM9<^RvUmOF;sST~8n;e% zDa|rgRr?Nr?;RkuhiNk{u{-5a)d2qfd#9=TFg)@1+9~9xy{Ksd(1!*b;M{dpuVJj( zU@_XT2tU-n+O!GV+pH%=XBzgixp9ql{cCrrqL*QPS)Txb-}4W*7Y&VB-PLqX zrgk;NC7R5Z=jb7V)lLzkA(!sI*0aXwDab^~zo08Mob0zz8PU44ERD^iCq*suUah`T zW;$I>pn^Du(1?CxqQ{Qra8Dbz$+!6P8W{~q-NZttDq@ndkdjpTa3{-q0^{beoP;G= z3oT2nYXhw+_F^%(AOb$T-_GW;=Dd~5>oXXX;Lcf~XUW9a@v1{|a`>V2k>Jr-0jATI z=KY-Qi87k|NmZ&_Y|MPA33h1EzpfT9OJVlvHS?kcQ8j){=dAB~ejkIU$zBMqjyIt* z6}}JnYe#r}i*ioq?rn7@d0kScSbmb&gQ^pNml;>w^AdJDrlz22Grsj~S)RQmY-=EKyqYgdR zWY<^Khb@M|HTiq&1^pQX2YBy zmPlN|&JptMZ;BT69^xW6akJ>VuS^u}v_-D^kfAmZfc%FWPQuYKbQD!GieOY4io;=jkMg=<3@)vq?&%Q8c)sFX`>FByFgtlAf)!=jC; z5u$l-bx7Nk$o?l(Q(s$!y12u>^MDoYR7bamo^Y9QM=bV~4o&BcV&Z_g7tKUCX?RZ& zFyVM6g5Y&*Ysd(P!YCAYC}QU}Qvaj-o+O0315@Zk=6b?D$pl;y#xmelTi8;Uz%`R^ z2>!Kqo`ZemYelKRBd=w-E32{|65fr?)|j?|iy*Hkxd{K?`furAtE$$2s0aLeX?^PX z8Rj$mlpadbK=pC4nn}+j(w(5$|A2f#Z%L>W3MzZ|8aknJ}JIX(PgaF`I{EHnD`ISOUc)<$bGCWMcW$*v`&-GHw zKY#xPujaoc-D6aOd0c+TZdV}YWQ@BMl1ELAb2Zl!vuIu`1k{~1?9>WVFknEnRrn!~ z)$tnm2z*JkO{5R@8@le7*4mkMNIah1?1Y+bB>qv}r1sPaQGmMSI#x*p4HtD+8!&dc z25Ms?YX$Y^52*N@1Coh-lX-jr;VF92r5Ydp!TVU*&KGb9i^Mq;l*2B343MO!*zdSu zJZX0|@H35#(0uCV_LD(@fQWFs7#?d#YgatnGh#c~X|@f{XQ-fNo&dSF#uH)%%5>#!F&S=28D)^yX* zbgn>+p67MXhLACX{T>3A*`mf%hd-GD4F_HEf~I$YTnLbCbk@z-*1_Zi#6c3hR{!%vQ%gvVSERhvi`BxAWS(?@t%{7W zX3Ly1?VQ2?lInvY%JgZw;TL=@{9m>2(E&g%5lR1|~FRK@Y2|d?ezhkw#Tzbe} zywGx=e}~LPhdzE$=RIsPwD0+jJH$`3TXT%0<8X>LAS5pd4y^T0kNDp*QOvmZJ6kXm z3OpN~V5g>@VQMPyXXtYj*qpP#Cc=l#UhD*@GB>^_4(i(o*~r;_t_hu@O&B4N(f4=+ z+?wco!$zWZY&`r^2)Xgpd?&(p#6y`fLfc}+j_g5p0bz$}H^_aBXZILEDpEa}KQ27@ z=uNT7h3uE!fmVN6a_X4P7Z}}NsL~?dtDwldCYntygaCFc=acd)5X=M^X}bBJ46#XK0K5^bimQzRKOSajh7*|%F+R?Rsl(vW6Bt;k}Ex#zs(S|bwo*$ z={VTH|J+<6ka=dt$gs%X)8NvmXMEe)9Aj+QOvOiuK9SD&v8y?4Wp_nAgA*+WCeDz3 zyvE;c0~0HCEbaZH6ceCltQZ4x16!-UGpQ7y)+;IFDh8=%-%v02h)+oFcCo%V4Z;CF z?}OF%X}anCA&$QLnB75gW=FE6NtW~!-04lFuT97F!H^~0y&etbm@n!bdmo*=j{%;6 z2H8eY8^%~hwjSOq&lOBNj!Fl!VfZ+<8aqI`0y1pwt(mW=+`_UeLfVqZs_LC}^L-Yo zh{{Fi;tS~fapPF49UxEUz`gw9J6*&G=r=tOietVJWloLAaV@HND}sub^;qdo(RHw8 zg}b6xNX;IRq6uoxeNZc8rDug5CYEQ^*E|B+-;9&Qry&Qz?*ofn!rIP&R@O zfnPD6Av4d#IoE}wHsOnUNEBdRG{;MsqBW^+L@6fsBb3qEmLr}21RCr$7H_ep<qZsAw3O$(wuDQ!u5-X|^NcV0g1r?chY?DXuDQyVdmc~*taS^X?*;pzi z8YRaPQ3V_`LgkDYn_kfJDa#8tJHfN7o0GrOfqAKuILbUa=T z0M9B`aE5*|i}~W>;bjHfXff~qzzLtq|L%XAc6#`GKj!@Rx)Q|e?#~KPB!-n1@l7$hJ!NU4jZ1jo#aQ~0FcWG`c zOVY$bEvY4$9;VsNjASyIX)_z85q#6MsmKUKH8P_z*d(jEb{G%@No3){0zfjNw9;-& zE3LGYjcGN@{t5aKTFi15^8?zn&{D1Mb3YG1j|*G?%&v}#sEh!Ci+j)Uf0si-`qC!6Im&=!%9vgefBwQ@pIuCBcTN9)dbrF{t*(fP7 z)QW;OXci8iW|=4qPF8nP{H8Q7aTn@98_jhxY8*DPxu7aN?R@8k&MC1F9i z7+vg}{B%o)*rm*e9UX>lB{#hR7utIt?ilSb<|{4fXNo9TIac)Zg!^yF>}*wgr7KMT z`(#1?yZcHV5_81uTK|iUg#t8ZXnX#;KRAA^Tzao;EFEHTan%~~db&Tqn7U9hZxpAz zBBd-ZaIm8I8eSLv0#iyB+vSg#n>MscMN>GwwO((1 z1r+l^T@uxa5FsaIPeyGOkOFO2w$;Ku_h@H>t9&|rOF4hIpI7a>X z;%?-yO22@q(r&vQOoDKB@DwAx<){ax;We}mN`x@CA?Ot)o~UNVOhUTLD5x2wyL!9b zljUgihX-a>j_;q~VpHp*ERdXw{z_cno8Bl&WOKNl0nce{F8rPxU(G=M`u+KcS1uol z*iJu=*n2Cn`aIwmjR8+-IDek4GKj)@*6+0wMjO*z7&$fMSg!VS0j2906o|(UoHY5A zPu)G-wwgZc665rTed;2ffF#)xBR&&k&-pkQcIC571+zx=ADc&A<&sw;+7#bwx@Ei!ss_`_SLO5`wDE9016%> z$2tPjc?P~B`imq&S|DY0sXtpjqYJ=lD4#V31-{G^$F%xVUPlx4`l*f^p*2p2li}_c zgCSaSKcJs>a!;@YMS;?&x^8U?l>CnWVy>4--MIuxqv}i@R0>G7a2zrXBZeQl_UbhG zekfWJ21`zfa+fxV7emE{vv+7h{>SI>V)PE(4xhoILO>ePTS-e$mnp7~^z`4%7k~KU zmzf|65J6-_8IV?I1ljQO16Xr-Hx z_NDh}JTf>!Amohi*Jg{w|M4Q5Bm9nWS{u~T9%*0?hD-dZAr0&15}~dlIT@97nv5l@ zN>J;8Wp*sW-Qe=2NJ$a&%WF z;voO1m>U(Z-L1WPAu|A@yACWN>n-;x?iqDTU?Ly= zoEGoj=y&q83jA<8m~aL}e{hdtBUl>tQPm+N)!a9Boy}8{Y>tbFedp!|vM}QSig{sU zW0Oj!-D(!^@?{s3hyI_o{H-?i%o9Kmt4lQI?xDEL>X`^mqx)3m)7Nh~?Z4_Yt)mTW zWc2UmKb?BMun8fLrsJ6mZo)oGcU*0a!-7FtTeQcu?QuNWu8p53%1mvIk~8WOkqR`S zTN(4rPbaz&F{=hpT~t`bSck=#HjS<})-uYhzJk5R^-Be_S!-p-FjrjSaQL(3HnUOj zHl^%CZHu9U0l3$ZDxPrLN48zG-=iy39-BDN~51Y%!h=nH!<2SNSMEY24zib ziZjsO?WtN1h15^c=KHO}hnZ-x-QS7U+DERd$rz)MQ-5 zMxJ^e=d7WrpMa(grw@)QXzHgaO?{IZRdFeDcI!ZyH3HSKFbqW|u|6V0iD$l-RMC>* z0zrr+OiiF1({u<>F~(A(7leVeg%AwL65vi8e%;3QMI{KM+&sJG0!dP}+Fg3CA=t6p z0y)zvs3bc)&oK6K0&EXdhr#fXeGf2^E=pnEGNtZHrTk!%H>o`__rSxmzD?YEuN9v# zXN8|nx0$EWv}EzAGBYDj7FkRKTv_vY8yOHDBy}s+6csv!5R{-aa}LwvtO2*>2{fiz zZ!o>PxO1NByF-r6>@>gV36&V6w1D@CXs7PhX{CI%SW}ucqO1mJi2<8h#;S`8mb_y0!0-_ojGI}kLifswU_@fpp1t)Vg0I2efvJub&(f2Z zUtB2anw~z4)6f*5rf;^U-|43c=EFru2TF2{mY6Onb0xWqosMfjO^yX2H`V|6u6P*N z9)jWtLkpK=Oe+V9Sw}DP#8o|eY87t7e5anP(hqNlfh}Z^T}X)S@g!cvikx7xI!A%$ z&)Om7P1z8lhBo1#A(-cxLDdl_cCKGp+?8W4p~VzFq_sj={1eEAV_gr0^TLMd^)evK?H{VzQ@iaS3gdr(*`*F2vXr5Kre6y6AcJRlRPnB zwIT!NyO+5C-_BkEI`_j*rOXIH$);i}F%5(&_ymwAW`D$p zL({yXs&P7h85PGWv|{k7E#Gl^lP{B;8hm~5V_2%fi3m~9^-@j=6?p+Oe|}aEdr55&gdS)Ay(Rf+=;{8ceJ^Rn{ri-P;VK*?mmEk6~a)zXu786B}Jp z#eGrr{<%eY^=Mjp%6FW9KgO&oWWP_fG^b`eadd8PL$SMl=Z?OKp#%Ea;G&pQdoDC7 z8%{6*>X;Hz^sICV7jgK=7@nWuF8N*$uAf)Q)|M@e`G*haM;1glp)`pDAmx|P28(;> zF?BV(j@Jb-eZd^4UplAMe(tvoU zQNHN-%WQOsc%(1$1nA=+8e=P<+=TcArNj8T7(B`JZ`UPwD+H(O`BVD+h;(=YSZVS6 zWSbmsRz=wcrcWx?9-~@VZwnmc8Eg(6!HA-0%cPl(E2KN*B}JQkyqS)Nle^XZQ=iE( z40x4)9Jqfu#gnyRV2cW3rx=GK9p{YDWcmIoirGcJUpsX8eReqM8v5FPNoFiu8U}<+ zjoT`w&o`EMb2}L)oL~LTXN0YzFjs>=2s*2Cgf8j*a}F51$1goZQgw2lmYJeFt03IxYNAvX6{W$^! zGN_$SO%}%bnbmkk&3QnTB%C$Y-X+FNM1vhm<7Sl5Lp|EKIcMvt^4VtOOdeOQZBfmW z;P!f-o?u5VL!UZGuR^Y6=d=%e#IOs74NUg>g{zvna(Ku!Nb&}K(VAEp1q~q5|IQu4BQ6sHE967ct zb@F8!4P%=SyURxJhDd0v*y@^?0F{?^t=Ac zc(KA%cXPgSJyMp>yAFchy~s(BTesA6+Zr8jH+8HY@_6ZUUr)Su=XOb^v2u7CM*;UF zWdx0!(c;S>w1p_bVEpEyiL>DY=L>KPUJ*iPMfDv;%k7Lt`5gN!u!~>^y{s2d!!oW3 z{YCE3d={YL`0|AgYt--uuDdBc=D1;$fhvtMJ-VWtoXab74Rgmwb)W&FsJkfDn$h72 z=&yk3_@}-IoQTt(Mh}1u>@mW}NJ5|@-K2Z@mMSHcaE-J@cBE$7{VJ(h01_HDpX$^* zF*Xya4SY>(i7omiAI0s&5X%X-a&ULY6mlV1uoX81lDG;^WE!ST;24OTU4a|CzMM9DX?IKu@7G|%HplHmC`(V&HRdr>LayrE<19P5E-XS< zswDdoNZVNL@YK76XTz2qI2#xCY;@|}Vph-zCm3lLR+(V_+`~-$*$oq!HP&#ZALxwW zC4g2IP1$yiPIrZHx@M&ILZL@L3DPyYL(}@@_)qA53ki9-e3^cHN<2M$CeyJ>r$|W> zo0T1vEF_gOEhMdy-;x{+=@IDqS79FJM`*yZf7K>kn`Rk#PU`A*yBd;I-6HE)Z(`-7 z-<@jjjq@;d5-W)LJL)Y2GY; zNY`~u2ytdYi0?DCka&FUbeNN$7CI5i2y2T5JGXenU*3 z3C+1W8zY%ffI>TvZRkias{>*-I+-*D=ukw_c5FHt{%#f8YB(2LxgpVxdH29uL4t{9 zxhVBVP#>5@HM)8!N+m%!u)r_VVzz1G+0;}!RSR9;c*cm6 z1eG6NZgMhsL}9IOp8?n+(ucW<_NMS$sx)jpEsw{I> z6!gKqkv+`?po;$^flWN|F%QqpD}mz;c_ zoS)!}uqM2;-~Eag;pT1DguwYYF5!GUV_{spQR5?Tm*7dqT?ZhvbL>WBAOw1tFTT~k zYV9EHq+nLgc%<0-a5r`M<_`O)1FR?a6P(`U05xFxRuQE7384Y@p;TvOB%nJHdTcP~ z5o+)mE?1i9>%*jt$M!jI5|v$fp|Ki3F#oIt`>}7qeveZ7I|G5PgE=J@_ug}@1Zz^? z3+2aUema{?>1EX{+q}`WQxRVrcr~=ioGXRmmr5123Mt=x* z3K=>_G}!^8QkhKbh@VwW2gJc1@vz4GZ2%Rs({j#wluuw9@r#(7pUp|_myT&oNvHyM zs&C{Odri!dTVvz35G%{8cjJXryOb@P`6PT=InSMg-V)`}GR?T_+JO*3U5DVbj1;J@ z6ZJ0NYAl9xPh-Us`E(Zr&8YEKGB2SqOhshJD@zpYn0iig!J6E`5VD$5!bRTliBGnattqVUZBKYDXP67LB{*7X1)Tih=Tj^HeMbY1@3lY8*UO?86q(wf`CpG#0n@gEWUC|m$dvk!q_tHG z7||L#Rrr;wMIW`*OF4y=M*Ud?7)EkvCQ?p&suA{)QYIS1H_U(Oo2K6@>E zquLr{5AZ`(TR3lCZJqRc_zBJ*15&WvCg9qF7(4zWs&v@38buPz-njLo;V(SOKV7q3 zGX5fecd7Ea$p8$_AEbsRRIJ~U(p662Aw*05HC;!~;YA8oXR!A$R-)QLGz}-5F6Ni- zWO!L@@4^Zl14-eIIj`gU=ZQiN-WzD?MusM^Lz8r!5nGVcvkgfIEn;+x5LP#G2jN0> zffO6Dc4uO~HeU{UoSpj)T_GsP8;)tVRZU*~;gke0MFO$b7>oO)>S=emfc#3zb_M1m z8W*jg|e}ZZ@t61HQUUlkTFenX951wED8~jTm)dTC{~w-;>omjcI@GpRU%%{By2uvbF&sF;mPb)p`nB z{Afa!TyDixs>*HMiNf$Q6>rll1+rb4$lqk4ISGV5p)g`K(TViYa{O)U$%<{VDuXARlak^XJ zgxPtBCBukAv{y8vg?QW&%wj7?I8&RF^7B!oyM?#Cc#t=>z1(1*6goW6q!9B#k`tN_ zF*dwF^>#BXr>LhOO<-!eG&NJY_g=$oO;2r%9vaq#A6%L9m^ubqI^DSV_`r3eKJj+0lj1|k)w^(iyXOvjJUKpu64ejx%s*)ewYqD0Gf-&9$$aQeg{~$oH$o=SahGu z;2kc7;8yOq>a2&=GdhN(sio>1DBoUgecMW3o#eiv#>+t-hrFCM8MPW&A<$TQrBv<} z=@N@vFTSP~jBDn5=~6%{w{3TO_v2-@-H@|FU0*5InkzHjvGd;nxgyJc(0?n>9bj8o zB$-bBc2VK|crt3Na_gRqr?(Jqxh;3Ay!n{?gucq!Zs^a!;WNE7Lvk3aBmxsK_<$w|iw|fSlu&Dva;~9h$&5tKMV1*t>{NsbJ>*LleSDO03|2}i^Ou)3T}gWs}f6}nsSF;5XNg$f`Q2VW)6u!Fn2wugq2 zcndiy#AU4r#E~=OJLz_vq@JNIq)0=$!las7FT!y@%o&{|#R6-1BOBcQ(WW>#Hr>4)u7Sk$)b?rfMr(( zCJ*8XrdSMQ52H2BD^v1X8e>*BQ{b`#m&5wnDE%O1!D)eWqxz)JN)PG?iaww5scJ@M z-0a~MVWk4V{}Wta3bIc+YHb#p#D495k-CvE$tBB)G|0F*rxJ^%Ko{*jzDOG{mOMOf z@8@Q#>tR`L({b}z7$dKwr;IP<^$U0{KX%ag+c}J}q8C)fWEfKUh_a)z(F0lUQ>hnw zat2mvdIqZ%NQk2q6YUM^zd0L}sxS3I>WOLWH17XyIuUF9i@wNn+=lWCG(5td#n#*q%L;fA3nljRf04kB&4xS%zhTjtqI5AgSsi8RY{ z{R{o+^`M1BKe0GX9Gjg9d6}uIv5&ttBq`|E`jm<Gy4Rn$8a=-M@a|bYGPl** z=Rt}@N?v{FlkAvU(ZMEk4`EHB$y=ia=wO)WFdRyNN_q61ZEjssPgbMJp#Dz}`G8 zjH|dCyGTBn*g?2yYE@iR%lx%QwY5~_W;L0qf?Q<^t^?Zq2aitPEC#dXV7MC3XK>gq zeZQQT;h@)O`n*_oqPA*$LIUu=;OuH&2=Zjoo;tB z+Q&M1;NCqeJ1dc}iduU(aOkY`!IeeFWj~ps{l?&7wDgX$>%8Srt$liZaSw}$)f?t> zCHuaU@MkeI^@l^Pec#+mWB`32@7*Z)_is(a?3@TXIY+q}I`5))g0;G)JaTQ#;`w;i zAG~O#)$0(m@}AA0NH!wJ5(lPKbu%$xayVNpCJl7E+-t3yhcggxWTc&$PS)%=ne zSycT7)z7?UNOiAahHkbmt(B)gMBe_evIYeZ$_)Z_dqLqzef%UsV-!QhEGpWu)fhq z$Qa*1YiK5kP@yK}xb`D#>E@{<`(HM)GsMc-c>}K$X(QnY9PEZB$ zcYMbx$MdSzY*ulynpfrgnk37)lV(k3M~Q=a^X6@2Ad_qjso_3*6g|8XwU>=wi0Q68 zPtVK{z2em)T0EfR42Y&9x3u1A-09&-jV5(i_;xObm?(5F3F`?$$Lvn5M2}p8p$Ag& z7aj0(3=?a9kc-h`k}Hh-pCTEwKXOr-chYG5=h z(PT7w=}kwoRqyxEP56e$@RLTx2s4=(g6g(mU!##q*GX>Jn4TVANOKjnqs3g9$(O)z z@N>|*l9Y%Pda8^Zv6-(IloYWE>O~P7D4XH*sYrrRcbxnNU0c3(4zAFQYP9%_UdAG& zH$9`4gOz1vlHMwp4sFE+UvF!{p_Fu*iCDH_S)iHtPsaUhwhXllDhVFA?*!5G{oep6xtd4>e-5l^tY z-RMq>q1c8Tq5W#PoZrA#YWT9t!3uVgtD8y9VoKt8f{YBgX-RGu67* z?Fxhq$jVRGy-@9zZ1v6Wu2<)5+Q4qOW-W2dWMb^)5XmX_n}eWqxC8PYOZ#B`cBMZ} zXQu|d*OqYy0gn?*_%%{RE7QrOB|KCB8k&-FrN4!A1(bk}pdtEsCTyIO8OwWY0MnZd z7bDkpyx7O`AR+A#+td=35ZMqvq-fC(-DSzKokIukYqMF`o^wfd&v@BgX@5>GwBAOI z=&GbSkJz~PrM9=~D`RQQktH++kWC6Iktf6#8%0K=Jf0yoL4D3vU!3S%B za9Pi;7^@DYh6hHTNd_rwb{~D}OjD%%DB>zN0$|= z!b4(qfRR&dli(#v3I*PCY#jhE+{w{TpWdI|2yGFLQp&By^%9@nhlauUh^ELon6cr% z*^!|6Iwu(OG{kvWJpw1W8_%_;LorehBO6f+MDv54yr1uMCcSoTYwURf45)4_cm-Ck z5dv$a)cB}&y;RpF#+ zOgth*VC(A(fYz3lm|U28dnA>WTd5+^)QW{yyL+`O7wPtkY9BQf%as>lfF zT1#UQ%zgHS@HS5X`uD9KrH-xP7${=PDJP9f&!Zbm#EJi z4<^5n`KDB6d$`;U7*3Y5te>$Nm{=N3byG-~z%@qDQ5~$o|Hq)%UsUny6H)tUNBF z-%v6h*t6S~U<%5EDY=PpLA+QpRx+LoPJ7mH6>BWn@HMw;Nn@t6Bb55$D?;8QV0C=4 zMX<`ZC5}FnjH~uoOTM@D7m=chD?v07KuT4o`bG)|Iad!p`w}xOG)b}!9!r;vn$qhe zcO{$z0fjd{u$OaUx#iQE#!K>3e_7wpoF0-y?-7B zZ)iy@b$#Ob7PGh4c{z34Qqz~2z`(|+bt+18OvN2%Cccl&%*u1bC^))3Te-Db6ob7_ z-P$1d`V0*<7;D8BxyV>P#G_X>B?4n#TEV*6RWKRI#se4`W6<>C;hCsY8pnj&qQpRs zBzF|V)63ol_7)y?UD^Kk_P(8Gh*O?5$nFyrqZep24{s_t=zO83AnbWbp)55%*2idH z81WT-6)y3oD2&i{n;)O2DImL-m4tgvE9vG5ZMKunUEKZ579F4LJ7Bw+V-lo@0>ghe6xf0I@%&OPpxnYFauoB#<@Yp%>3o&vMnX}` zuK=#yT+{PCLeRhFrSVHzDsaE6Q;CILVWeocSQ&|0hgTbowtSkPClSi1(YMs`w~Rx8 zEuf?tJE(zRMhI~(+zxpI50Sbn)N|Y3q~^CGu@>>lxVLViX9&Ao_gb`WMHf=G-?Ycy zN2#7&T#uEcBvX{?nwD1dfnw+DPKV8WU6;r1*yJ07lT-L!Sn9Q|3xqJbT*V|u0R(iC zV{JzK2wW9G1xM-7`Very-a}EzB*DSz5qw0Mkf%-BJg6>fpe1I~@C>t`R;$qhsn;RT zIS<87>Y{u7sjt7Ur1~#ygwNF9hzWs!XUaivBJAVD?XlTRtR)_arJK$^p1@ya-U+je9|}@GBk1u3KDbQTOrvwW7@;~3g9~SvP&;z6T6|;SsH{`{ zF`du~7yzupfP-m^n`@~pq-4kDfrVEu?ECD}RpTj`gEX^0GVpALi_rk^=NS;(u*5f%;#?5drtbO+6s3~#Q`eD(o(M(S*_1Q{4LDe*Gr0TtdAYhDk0y7#yAYSho>*=pyzSGFWxfuSVP3~f z3~wL(P0={?5`U8DPrumpjo4ZFB7i|Akfw*1Sle|%i~Zd5BF1@Za;NhJZmzFa7eU$k z{qlXfI!K5wP#RpB+j8TNjZ;VK_d;Zjk|60j9oXqY0o!(tbmiOIOZd~`hsy^5Y0Ws=l9Urj=CB^5AV55vgaRe_2}kG?u` zweo-D$1dS|AM{T~FL;EoY3_?r=(fVN-*IXx6$6+me_@I{iC@!W$V$`i4ZmIfmH8}a6yLf#A2VTCqf9kizyZJ@e%{f`ub=ayqTbV$r`?EmNA zwl)+hMPp}O#m2^)!z$BTEAOV_o9qNPLn~lfX+Q0CS3hQlJZ3#~d0x!?88b}h2IKph zL-LsyRgXs40GtcBCKhoA%4cDAXbPW))PQUi7;cjD5316QZfCS2PG*(tRd+wJ$>t=Ph?c8~IA{~FoYmAi+269{83!ts zJoj&592_k-J>g9M$o5y+@O8n^rl$BL&o+axu$0~5<&WU74NZ}>_ZqlGCfv7Gsck%h zr2nH6-}Nb9bkd$<2CyymF3?i$1{IaCC|xK58B1U)3ZAd0!J>M?Sn8AE%35J2DJPLf z^RQ~3j38)XQsi9VI{_OG2hR_WtN!TgaP-7dtEHuMg)lI$fJ}%=q0d33vj22baZ|QM zIQ-cF*MyOl3{H14ikp znvm#&^2ovc8pO9*p(pT@>-A}ze1CL8XMmG1cB6kssvRJ6M{~qKu&Esh>M34*;XcX= zNX!Wm=DQ#n;T5mxfJKhO^!sB9YqM5r6VD7%zH1GDCr1Xum|DV&gvZe#|+tN(0xV&l6?3 zap_0kJ#T)*=; zhtC2bhs$q3d!~w0fD?m7>>RlEsU#(dt}|`DWoP-O-O#ou5>gA4HRDpEF{I)6ehjqK zwRi~zIC`LJpK7eACi^50;$4bEK)nwm3<|~ROk2fTGu@2S?D71PC#**`Kh}-ATZa|h@4X@aX!uFFu8{WwA zJZ7+2s948&)fmJBLhY`$tF?-Mo>)TX#H_*D$ zvtCs%I1)y^Gd(H6Bx0syf|iHOiwNF)SY08S`7q@74x|VKj)DyPL)>|bpqchY4#p*8 z`OnZOhrjuQ^3O78;OrhnyXY;A{YN58#WYit-Wf2@LQR2lvd%A|N^GZ1eZ7?iq8S&> ze|e3$ZzyjVG7{VILCSuKg1^DE|1?e9Y+%U+t^d9%N39xH1mLFX3p#uwnKNTMt}{L{ zTO@|4-ZUXN1K7XDT2N^O3uR%w0Wan%TS3WI6>LLSg%lj_q;?uQNF{L15Z!t@v)OmD zOCm|0#*{-ap6w>;7lqbBFS|n>o72{Nay85`e79OYZOb zI*+8gT;?%&epABa7e}6w!~ri*~F~!+p)7?wB6G2K(~jh+oBV?TgSEMiC0b?!|Dy-yYNm5Wiai{ z-7QdrMJ2);V-^CRy~IoWCY<}b5emrfu;0QlfOFGlYR*j>M4>I-K;H+QauE{^klSE! zB`c=8gmxe1^Sl0nXu@K2FISK==AJao?F{K(!*{V%f_9FFHJ4;N!X=&J;Es5;C{w0^ zfozb|ilWct`1iO)cz8DNwCNWUySOx*S56r!UH2GRPcVwNVf^KsRGHGyaeoCJZZyLE z;g6-mxtn>LW_sBJZaRi_dvxa80s+XtlH%}z3U7-Cx9D?)t+LM1B`zhGgQ`T&tMe0V zSTY?Xac%aV7Szu9$;6-@(f5Wui{bNRuyC|T?bDb0>If!y2rYTn_$i_W zx5_@HiqBw`u2)rEv0gkeU&OfAM#MCa*)WO9RA({1w8W{$RVM4wTWd~{7qLLz+8Q$M z6X5RT?t>Rf_EwK*em>cg0frAgMl?EZ8b~S&;v>A>q!0Gsa~+)Gq>t0I#JkZ=rd|xl zxOUYjly}QXT{vqvlJ+PzerpzL=gXr75-2GxFInvb@U1SVZF*gXpz^S@7!98n%kj%d z_-%K68Afmpe;d3W*ImV%e97Rs9wZS@$dV3bT_G?KL&Cd*yF1Oc4hQI_JYIdX>m}IM zaydsa-SaKD`d~L49@F~3k;8mx@QB@+w8l3yH?6zU01PC}TTY~T zi+}?>Y78Z9S^ReSXm5X=Hmx{go_SVr#*W2vyF@JT0;0d*v>{EvNE{0c-z}ySTsfdF{u%}Ckb|o=F^B%l`v{>t6ywBF0XS0J11^b)Xn@_x&S3zWuc**h6iOAqvqHr=I~@ThY);Y0y{SWBHQQOhB0X% zuoH_h$A8HVo`?anqLc1M)o7->!F&z#d4OtO(KuH69mO6!Q~Yvi9H*=m=1p>qoet>k zKA$RyJgEqY=W37gae2190n~W;1+7FpGv))^&fw(1wElMXO3e^{1UZeVbxj&Eq`1{i zNZW&ccBMDP@43g5nA6Y;&BXAzO;sOuH*@c6NHc|VM$qUMjzzLChu&&Yt;r*X!xOT+ zYoi4_SMcrAN{FPtste_A%S8$o2qoE$7Y-?$&4YgW%o)7Z@+A0)$-)xW#_c@Wos&y| zY-8}0hC^g~(f?O-FbQMZD#bUDH6}qrHjM#$C0_UYWHpn^_;D!h{bDfe-;EzowyUnB zZ!diATSbGLWjEY$nOuu7)NVdKjTT)t3dUhhP9Xrudyv#bB?Uuhk4J^8MAPUEQ?SHq zY_|qcCUn8)6X=&0Oc7f~`kF+xn5!X6G{!5bR)mc*CET>Tj7o|!Aa1!HvA_bOE|rou zR!mEa{gtR|xd-gm;Q{;K4cNvD{Z!83IGNC z4*a-iF@e`id_njPA>NQ5d>j1A)P}Y6C`i(7zTbBI8jZn-aNC>h9GC$)PncwB z8)F10N)&>5bn$cHqA?Dx)VC1g33ZjRp{N5ev7wxpxvr=uU1<5XWH1abA(?9kKyt>D zVkqrE*Vtv3x{oAHUsr-iVbz~alGVWhT*G$V6fl>v(ei}m@OYY}3Wpc^rY&Mo1jCT1 zkU})qL9}VSy;${Pw4V>`QXe4QGF4O1Dg!84P~IdrqspY?8xV(0q!8s@cqOO99~2}b znG0-gr*TQkc`J6m!ov%n2c8PVIcmJdi}IFmz$4I0w?Z58KsSb$UDdbIIGQ6e-zoZlIw~-G+J;ovd+uLd;xS=oX3EDQ>X1XO}u1ktF^=7 zc3-;jdwaf3s(AQvtLM>ucrTcUP=Mp|-=^T_aAf_PdWX0U05H~dCWAknNxQg~eE;=m z)j81dI5dArXhe@EgT~kxEOOxU*a#lcQ6R{Z7HOojk>{DA&K2-!jDxTEQf!RzlRKFy z8K)%8Cef@h2f4a}rM9^@B#0BGTJfHmhszYEnscA5ZWSBJ0cM9v# z`WMk^8Wpcq1KW9f;pAIoyMd)9$84*FNa9xq6r*9m*X&?waN<}QkDT0LKEv=a!X`T5 z!^=^2!mHYX%(My_q{f~VW}>kmjk_Z5_68?f#3w|4GP#>C<@N`!ndK1=ga-%8v9^(Z zrOijiIgb$qxZyab{4T~GzOc;69|C(Z0+}~#%%1tG;)n!&4xsdyRt=Z40S-y8euJ^WQS2oX;BZ8#v?u0Y`&B2=zQF zS>yZ`&XaW{#B*qJgfY`7IKtMkI)Bf`?$^(^iH+EVx=;+W$|M9qw%aa!6U<5xKjeu4 z+M&2!A&1aVHu-UBQ?h%tsP)3)40dF#j5Cg7wMl|AL}$LOFuZ*9aTY|-#JQzYSXVJ8 z&!8u~CbnnO5{oWq;mCy}CYfOMnJ&D~#G^~s@BHd-J|p!uT6E5POZnT~r}^S<&;lHK zM{i3`dC}w?RY`YuS1c{~q`VEDHjls_T#{R;KcFPP9Q0?X{P4%o0cjvc}k0;sdJ>tB%IVJ^T;nXe>iZt{=#c13;gs1WJ?_`di1!2kn}Iykb^ITE*l zEIY=}dsKCr7+*qy{CnUjCLkuhhbQUXx-yV*Nwxu3Pz~qSuLfUa9t$v6ygi;%0i39GI z9?W9=doG!&6YB~}_R0--t?q9)8M+X=Teu&4e+FNfeXzo;iU*NGm7ZSVHbJ@KClurG z);07h$>Ljll*~U~8J2NtPAUnmn>eXXC3)Qb8Qx0;xA%(6EKQ$1hkZN4md-#4HH!aiT0eXMP_Yp9@kfMeEbvhH@CbMa4Tf*Z2lX zQOJXYOV1bFZ}aVP@!Xo?IoHt}t^0j*EtQiA-+^CE08f(|k@RqQ2FV3keK5TpKRjbV z8*roB36dUsv$_zl8@3Q$d;49!SRf9v>XVPyn9eC0j0$DOYjZCOS%M4Zp;Jq6d25lA zDhtaEKZEgzSv$wys_vYONAF;o3tG`EK)4qlWPtHyuFyc|+TG=`elT)xqe`frXGk0& zPmk#^Mvh}Z>=a`LE>trpHkye_1c{n^8QBKDi7*`URyMVgqzx*}$!~a9v-~Qp3LYIN zaU+}MC`_G`&+~`hXqD}!0S4-b#bmRl`7mE|IRfYwIDHyJ4;&u;7L7E9kE1&l;(h;Z zHM&N}QSi1NA8)M~rqvQfhaBqIIFF|$OmLb(Mzd6$i(ut=NQ0Y#!${hZxOL7RI&Y?P z4ENSfwnz{`>^)7pD0tkCBI45VDpf}iY1q4(Bo1d9t;d-rjcTRRsvsGf_pmGaDQ$F}9;7a;>Oo;r4Oy_@pd z#RI!sr+a6Jjy~q`eKD1k9a{{F2L%W3qLSrb>vZfFX zd*Ge3;7!K}7*%F+f`h~8Z4N94j|x=Ra&*_14kyi!JR#sq5z;J_0+p#O>U|l z>j+B2tMGCQ?UCK5&K;rPPjqftX5b?6T7ZGvf#=TF ze0bw~@8C5RQ9YA0zH&xXPc3vmW$2DFnY-`j==nZae5(veBeb|2=blt&m)V8x5uFLa z_T=N{%A$$9Bn}6`S52sTVD+J^c*2PzgaSeKPEYS=Hdbfx0}51rrtyp(cDr=7_3gum zP7SVV?Of`r31mg+K|leF)w9Yf^sOdJ~R$# z=m1C~1a&vfT9`I^SJ)xrtL4FAq2>a3X_dXMg6FfyHTJHX*r6zn9n6U|MGMki^X2xb z(0eP+Oj##02}(x%BCHTFO9W{cnh z)3~$_0z{;Cz-aIgkr}-k zy|8RrsQfK)YI6_U8buKg{{c6 zWmirFwXrphw8v>0B^f)cDkL@ z(yc|qIyF=g&&i=#$t2+Z>1Lv+HqrtjsW45Vh44ac>^7>=BhS?Ooudz3%t?P5U27c| zS@@Sq#NS_1BuSugj1RULW3`K5%yBB>_FVd7`v-xR_+ZWol}X!k)Va7)0?pZ8O14>& z7N|++9D$sHPQ9V6w$dHZa#5y+`DkIIV^SClv9VDAlnI;@dElD>Vm0^}kTvZv40H^= z_@hFngqgg;Im%r8zPgPI=3mf?)m%z7fTSh-&2atraXn0kA6bQblFU;>Hobd^KR@d{ zHJBUy4bt?zw4ZJ`nd__%f7Svx=V5Hat@Z{B#6IK zJf}IS5)pKd=nN;GuAjBDgCoaXr?0D(VhvNJ@j%A$Z4@`?jg5X>8k{;OZ5>M3%%*Fs zz%?sY=r%gTSr%Vcwbqn?-c6AxNgxxyeDW@AiYHdNer~S|WSEM6Za{_3{J^Y0SFKXf z*XkNm^-NQcVY1bkc-SEBUJFbUjvqa}902CzITX(O%2`u&wnneL!fCw3pNd{12zdFU zwA~HJnD@p%7W2ZA=Jc2n=?9c8jYBSG_wZ`;F#0Ol@#iI|N+|n4NfzYOae;EZgLcLx zIk{txp17ycJ~W;Ix57a&?G^Me#%rg3eALq-=xJJm+7jd|aEKbi-~(vmEA8nHK7zwB zl8ROd9}fDb?`4c30-S^Xh0Kuukv+OOoapk_?}~?r@X+V>dnJ60D<2Te%;M8yZ_|^S zw8q6qn1C{N+cj;jaTc|oLHz3KDJwLL8=Z5FHkK@#DyIN6Rji`U-x@KqPLz62KII-Y=ByJ{tj)>- z)|p(~%a(4I`B=6=MBKXE=4$t7!ujP;Hox3SGkgu^ZI5T~=z1L#GpXAVFRdjmyws25 zu1yJZ6{ojLZfc*R0|7M7ZxKbU73Dmn(iA_Is^lppqZmRYwSA(d7T|o_9N;*k`HP*_ z+;7_+j>y+ingM0uX-tkm2bfTV6sM(TXQO6nG)HB9W)|E9*9+KKNtd9ASY#BpvRr7V znXt;}+dumD#8Upy7DHg1S|MMA9)poD#*k)FSTg7Ljg}gC!gNYR0ZJ8vwEG54akHf* z8`O#gh0%zYpJYSTso?kzEuSSLQn#pHvY#RjzGQcPkDFT4F?^0%-^P?ds?Nk`F#|h- z>7-Xt@oWRM{B{%|e5J3|gdzu(QSB_`NIax=X}>ElFYr5xJE^3WP`SNWqzeW2(dqqC znZ@yGoy4m={(xaF*a)~ZxG_ofX8bF2zy5h+H>J&6P)1Ww-x}jS83fC1T1P8Z#DJfX zN$}APW%X`#vx;b8Zuyp0=(}}yMEur8cxpKfMp9xh$>}fb6E2=@WH8|6MsDO_2IA~? zhB3PXv5WK|NG?<-M4!{PmX#&XQWxxuTptgV8=S(6$?eITtb%pOGG9B1pbz^$z<0#? zsYcM1VuS!kl};(e8*4*Z4etsLM!{CrV{4Q7Bz$shp?0>eL--!g(6SDJ#UWXrx6UDQ zMVJsXTiyfUWOHjxwmEkXqmRCpEC6=^@QK&K;*M^v=bUM`wza%#2wF@Na)Z1kIQk3* z3YQtGU>2Zk1s1(JBVE9lY1kqC^!keh5#Z_v}{86hB11Q?1s zpi%IyQO1&n z_IEe87xU-CZc~4kOn`-y+{CC{yFZnj_imEV%pA~rZ8U>B%N}--gQ$ZejenD!C9$nr z=FE|-A3QjcoIVAGVQSb9^g5z{BbSk`fp^xJIEMbkZ{u%N;6Of~cSG8_UHF8x0r>oe zpuF`Gp2Zx!#~BfRFsLCJlh0xF+41G%8FCISM)=72Ik7VLcSY5`w#LePigh|NMoee6 zWl9d3z(eSvTx{=&Vse!D9K=Zu4}KazCurIWy7|`&v_{jOYR*CgzSj|)TOyVKTG41v z+9|SJWPFD?4h}WeHS%iY=y?X#=x70zgU^*lbr+;34ijCYtx#!$JkS<^1KpyuKMM>g zyl8t?cGCa8>z;xvZbd!8ODYBPa?OAMyS{{Vy>Ggh+iDM-1DW*A^6Bo?@1~b8m!Dqf z1jQrR(9bxtmgx~we2}FV^$yU01Sn6TI3zo(+I`0;jy6FJ~Y!39= z5t+R(x)bctN!eY~G%Ax0ak4XfQ+HxJHC==cE=HpzF()y&XsB0M!&XDhrt_=>OnIId zFohj!?xj$?A#Ri(g?n_b`;etKc+Pcl$)KdpId#b9k10u-wI$J zvzfuv*xF>HIvQP+%(uq21!kLdI`&#Oot_FkD!oesURNunjib~>aD6(!laI(d67Eqx z7dR|N>`$xM@LZ9v_7&39hLVNq9J3hqx0on4L=s};(&Nti+G&5EJ`>wfB%5E;Id_y5 z+VQ3K%`{vW?7er$#>#lv;cOFk2#E*wHk%Tlycc;fr^-N-UUM)}Xp{gXBk7sxB_anB za)px#n5fV0IrvNE6oULxZLygeGLi>Ybz2-}^aM|-OM^-EE?yQ=key>NfCK{jGGnbK z?LsJw76a~9!mL$s<2HX6sq{mRIFXtn zba`E=u4ZQ!HB8dK%J+CVWRDl{jb6q8=)NJb@`Q>&)9vLwP#{;jdC8V`dI{o6U=F)s zRus33_fJogZ=dE9q_NquAL;@9g7{CVY}(LtZhKZCf`SB1Y*_`8a$3_~GYN`!1{4n{ zxE8~mv&mAdPxR{JNV4Vu!!C16)H`>hL56@Ocb>$62~cO^){$vi%a?RhA2O0d4Te{miWNbZ3n9=FZWTfn-KvC~_?g znHdacc?GQ&8^WD0u%s=lsnZj4j1E3`^^~XFYnDez*He;Em-g;bcd!~#rk7yJ!&#hY zkq#xVHN#%lSfr8<30$#8o{JY1teMG>gwL(Xkf1pWf8qAgm;-H9Ong^~my6}(qo0hY zx6gn%XyshIMhzKsZP6*KK5KqMASMxfDt2OKQ%ZLLSpgT;2J$wBPU()ymqDuqOhQV% z;CQI$hnE|n3Kw{xY{v#(F5cK^@+6+f8~v>xpqAL`^U!%px*KZ;O&rp-b`zO&mvu#{=%aP&dpo*?-07sA zD&IgXC*Kfaf7r*fS za@JzFhE(i&jgiNFW)J-!2mkhB7Knz+wW5@&I>Tz`?xPu->#=bEZSY+T-RK-_Bh1mn z-Hm2=8BS1QjPoi8o%i9ZAfk?_v>Y~w2ePC4mN%x@RlA7t3_jXqjEPZ~!wJI>w*uZZ z68YV`R=J5y=xlmRjpZ~`Q27;8;iF5B3dNd2XgX!FCk^o3AuHQFG-wUCI_qwD%LG%< z<`pGc@gcYddnj#u+^9TojA`4VH%A`2Km^pzqdE15GrLL32`u9nu?9{1v0$QaJY)uW{#f}EAAT*JqS1)8u4ruUmoAeHx zo$?#vZfi?lb$0=4<=0vX^X=Wfm&54g2WrGvuGkCEmyO5*q;zN*SN?HK3J3nglN}=< zG#^mM5b_k%uk#nN-0W$SxTW6nd2&D7Qp?#Uo46SVQ_VG8YV zg3xK2lELt8(j)N)AIPUin-ASN(x$A4+oqV|&?7SqFMEF2N7t3#;geSmnbajudSfS- z#uah|^_Ojo9kBY&f%ICsACCZ$awRFh!$vb}*4k>J_u5!(KQDlN;clPNG9CaOd}u_^ z5ia8b#eW5hrurr+QQj#y!Re5!68=vE46Z_?Y(f7r20alDmyx&gJKQI7TfoMFXW$*3 z6OY1@bBO7DM7ujDcVlw&;Hc|t*)F6m5j^h}-=no<i_c(5+$%R{YLL)VzWbcq$O*lui&XwooS!0d$)kL@*kmST53 zT2ef4j5o3AAXMF6!#l8Arp2<7znX`4^jx=QAsK`Ns>#)(TjbIRK?{RQ<3BEEK1Z-~ z=I082cpNO;R8?%HSLWtWXVsQx7+>2T&F}4`4!h8hc!*&zzm@2xy?cA$$Y<)+W;@cU z49Y#`^kSV8-+7*m|A;B;q;&Eo-1uB;8_aDNunPQ~v?T#Y#~5tVd{$)3;Jf^2=AOlv z!t-6I8IqOd0XbR1+{{pbD>1Hhkq-e{xbjD~r=5Z_&UpC}J9||4*_463i(h>5~ z0E8@>n7cj2!`r-SdcNU5abe&Ml&pR2E5D|5a*W%f53qgChmmXW0c1!v=TQ6ycG`=%?O>EoP*XZf%DF;Bn`4K<03J+U2j74wc|;c1Mzq zIKnyxP6i%(<$9I#uLEF53#5NvV43tccU3gwk%p*95+jH8iB`QKzyzZ;Ik95jQ6(Ln z5V3xMC|UPQ@1KVbz?wbCOc92IjOO}knRzq%wHMNuQW}C?d9V`?8~b&Dw)8v`sB|&9 z$0-~RzQz3cPuQ#;ljxcY2OA7X?H4?7{DO(=Ayz(0@g(XlWJttKKalA)q|^I$Ay-A+ z7ZEY^BcA9ja;3~ZD>TeHXi6$FRdmY;J_QpLBS8Hb&anKNALA-z58cx9 zVY9>W3;^C3d0CXuVZyt2{v3hWiUN5ZxeJyeVa=E+x9a-@(g`{z_s_ov-bE6YD|3 zL5%0S?cnCli67bR%XIUeM5p)9tLMe2_u^}SB60-dPACnyk;r}OA0Bh^#^GeXojafh z*2oJs7hCKh0;ey-kpm3l(l|Vc#c5k}J|Q+d!lGh$7R4%maQ*$yP$mh&nCrK$Um7;e zr}5prG@}(J#%6?5Jd_12f@T}9<^$^8qeJ|q`}3u3=aPy-HK~(+4>$abQR?DlWCsCb z{fb^kU%$fj#h*&AqhS6^KszwDoK1=3P4%|sa0%594eF^rOA2>tRZJ_2cg)nN7we@X zSVl|%R`^~^8FIZ4oZ?#ZQR%x%m8u1ek`nS|e7eKojIjZDnXElxZ-E*8!r62XSNzRzVY{o&<=Kk%kPkXDNt+*W zJ>F}}tj)2fpSkm5>0$~EdduP800o1V15~u$z`36wW+_J(c1{szx$bLrhZ?X0ho0#b zFHo9_IAb}#@BNrtO(+16j$M#W@$@BOodeg88na-q&**_HTgta+t}BoFTKV-R>Y{6p z4jVu-{)CCWr+&zV9jBH!%)pZYSWa}@W!}s~g6DLw&6?wCY*CYW#&{mUg{~;Awl1s_ zFze#>E~mrzEz=*zyn2k|!x@P^xq1#uX7Bge2#Gsl)tt7n$-#oLxJVg&FFzXJc^u7W<3`PrD-S<$95aPT%Vlqnhsq-w2=KH$BMUM|7`#zC2vnaATtr3MVnc^v&ku z?BOi(xRj|JDOXuH1QT8#`e>UnAPE%`WKzq?*fMBSsud$w{g0*HncAadTDSVgKCic`A}yvm_uAdW833 zQ*Q+e&@xpLCC1Q-jjbRE;)g|H9-adfJpe0EGm})HVG@@FY#2WG&E|nKU;?2I0T}Odj zsR=q%KzCp<0qIFhPVT>BVlcA#tUq@<}W9_ z94UH-0A_7oz2$Y*(i6lt>k)dVND%`HKwijVbRdi==(&t7y)Km_7(DU_6Syd;B1_MWIi%ah19&r-(yPu3U{os>&_h zdv2DGM6zATPha{$XQ^9daZ%$dztq~nNkx8#aeC=`$cnafqB)n^cWFu&0JPJ3qe^E%cXO07n~T^J$B zCKWdLRb+|J&XuVs<4)(}{4<92fm#-Nv|6sZxmQ1UsE{X|LEr^Eo~N#weKB&JzL=5! z;tnM5LnvC3g1g}8dFcm`2ojF@evN^mn+xTnG=_Q!E-FsUBl^{zYhtL5Mu&W#JJf}3 z9cLoW^{IEHDE6zWR=B+qeCm@(Uq*UiGM>=~-ocDYen;5y+>s0SD6Jcm!~`lt6ODl- zVL-TJ^f1SK*QjTVSrXyes_G~y1wb7?R;bpB(&;`%`}~; zox0PnG*>S+ZFE}g+PK}8_?mtbL)C~O_)w&1AgZP#(v`9bMNqfXlE>zVl1^pj(Nx7R zeK@gdYeLbDnY9cz$?D9v7p3&}U=1NlNi5`jfPZu=!3d2*XZuf>sQL2lUJ841TAaW8 za?Y!mf^9HpGo@Wc&H!T~3m%vtg{`-jcsN)s88AoZZH-n}PtIr+g{e&&2zMgiBHF)r znm;)Q$7t3vT(6s3p{FLTO#(P^`ZWgOVe7WUe+$nSOS5Gt!?CgWmE*gGqO6&!s!|kb zSWjt9JVfn)38~u10zeRB>l54VfyCVqk!S_@uv((>MOV}cyW9lEiZZ5SP%F4&8q(HJlV7^blhGqt^<~x}tqq`MsdF62 zncK%ooMjn#|8QzeHLP2cod zx_B;L!3QXt0VN73Z|Pb=M{G#ViO9A&gnqb{Q{7a?ZDJ%$jPT>wrfiBWRU1tTBE@t} zh+SKw3ak@^(>_rDWjuOq2z*LgoY9f0{$m$i@UA4cY9Z-ENFMmX4>KSI_lwa8DV!BB z2b|zru<~K=DDPrY*xH0SccgcIo-)cuh+;&@*Jxv<`4RU}9GN9OQIN%2Dh+e6!j4Or z?0+VMnhFV{sSPc`_(dTlc&I5s$Mi^(g8oex`ko|f7-K3zXD;gr9@+GXtk-wY9bX5! z2yp^Hm{+F{?0la$XsgkE2e^UoO(9nL9S-v*r0}EgJF%j%ySJI1C!6yDcn>P`7N`{G zC@nWe6$0oj2>z-rfZ3eDg?M(az7o zBZ|7aAQ{72@Md*6j@X}CgRTfHQ}wkO+y)%dx|cP4Z2N#Gx5*Om7?wqlwg5nt%vgEA zWCJfQ5$mtnJ|7EMRMtsx~L1RQ4^HRwjLdx0Gdp^vRr}n{x52VN! z0^b=L%+Ft0G55T>KgWR}pTbCa!Zh&K-`fW$E#ut89tAD-%iluDR}lZ5=Xob5%;qK9 zr!W1m;#&GLBMH?5Kfu(p)#4lP-Gv@*jrIWD2q^=uW2T!D5F*L$t8l#B7X%465Bz-Boz6Qai5rKq^wbJF3U+mpUa`r9Ij?`A!=n0PEVa*YAK;oh^>4dbHjz-X7C)eKEat zcI%*3Zrn;7I_Mz8>JOts5O~o7-uc*oEyS+@)B)Vno9DSCUVsfo){L3*EWI2Jy?Vxqe-VP(E?lZ&xwO-yw z>*aatRDq3L+hFk;=F4#dH&QFsHEfBwqV+U5&HV#QVE~S*4rGM;w=kc7(30I~A&z2I z<^cU!&G|lwy#)lmIES+&5JsXdVZkIcf5R!y?oh<=0FSXmLl1xpucN^qV9}nzWr%lb zdPyE0!%J|C%mJ#qG#fwqivAg!biBl)I0m8ls;jVe${@U4mhB71K(5gCjeU?;y#7G8 z=SJdwT#b~L>*8B4WL3n?t0{bsQMKwh{3CLIYAAtsZz?u3tM&J`+yNblM%8|Egprht zJ^;WdeY&YyL4t%T#BWwmqhS$T_pH^h*D#)Hvb~-4+RZ7${AeBXWKu#$q>Mz#uJ~^{ zdf8u(+A^mHM=RGfg&!1s(cxzz>6!d{`j+dFpt1^-bpK@gi4lYql}|(yn_7#GmiC&`mFGHm49y3g-2Rj z-9qP}H@h2s{oP=K?snPv5v)c7Rv16+j^IJCW&eqtpE$Q6Zl~};`9Qn5!we4`IgTvn zpCGA#1p;66)bT}ApF(05RfB*!pNFgT$6=$-?g!%us_*v<<<%{*bLZpZXOCTt%F`t# z;}R;F!Um7=)$oFi9^-;;2&_Vdo5%1dp&eE*1ZtV6gQbXx*QGw%^Lxt0-Z^5kn%B`T zDhMbBUkIlXcsft+EXjcg@jIjBO?gkSk7XHw+^kIo)bjv%n^{Y_v+^+^#c*-)x)VQ2 zzLq7hSJ)UysSkJsX*^eD7L3*Yb1)K&3=is+S*>4Gs{886P!q*v9#js+uB{}X&dGY< zKv1*FF_#R03I&x8U{gQj0YJ*V7dIxJ4!ZjQ-A@vZ{^KKna{T#OIr?BV>+d8GYXB>D zQZkTv4ihDP8aqo#s8tk7&a}GWIdotTlvli|Pn`;&+WW#DWvZi^no2K3NtT0wi9T+? zjw`8P%T+#DodA(>2-CpaWdKBb9O`&uH1AkFFVE?A5^3Qf={SE&fAoQ`Qd~lFfo7K* zxSpgo(KTy5w1nh$91X^7RZ!an-;*~Rnt*vCx%wdqP%KwKDrBF)(iUoNJbo5L$r$#mUq*oXK?_HXn$X+f`GG=Gp(zhUH6EI z5mU}do=v6Qgb!A8l^{5GmCgp6A^O#(w&UYg?ds1z!>;1bCc9eJE*~9+9#PQfiNIU$ zq|yX$^Sly>{RT%?PDUH2&eyFvWRmAK)+c}P^~oPhaI#KU)z4{R$FoC=_$2WfNnBE| zF{oa+8}M^gWjeQeelgzrB71<2ohK?CIyTdD~o7I_Mx>}DXgmr$-}{YbL(AKKO2h^)bv>$C+-^gX=_6I-PeM;mY+^^I1avs^tc;D z$y7OB(YZFTba#xVz*V|5jiKqQ4&n`Z3Qa{3g=$NE4YrO>QM!vhs2ZB>Z)p_i5>C)th0z#fOoHm;mmML(MTTyKOq^htB z9FoQ*sSBjuPF-8U8NyYu%6WOStbB;TwB0Xmse$2B6dBfi?K2L&$2d1${P-S!=?O67 zXV1X#HHs(-;P#0PVc$^#<#b8oaz1HJe=53sq-JQys>ppbn%%8R(gbu-((^gvj$Uxd z`XG;yPx1UjTHUNK{^4>5LPd9crBEH%5~cw!@)f9w^&z>k!KEs2{;i10#jc|zr;gF# zfa&RA@dqub^*Xx&^7DxGFT_tOq+QWEob@=y%=;OYJ9Nh{GH)|?2`M<7Mtd#yxIs^= ze9oZ<@=mYyV}R^IBO%WW{tiL>$&+x?1;$#l)P)`?KFTHm?)%fcA*E}FUU4O=`6dEqZkymgkFU_#@uq-q~>sS-J!9eh0Q!I8P zsv#~hVuL`S*pgR)=d@7cM?0^iIn*47=n^saM+}P)Of)#rKIV3+q@EgM8^Oy@juQZ| zKq@;HBb+*l zX>NOgKTz@?^9afZJmsI|q3(&~UBj`a_h|5Gy>;*+VDygCU?98QS8G zP!8BBFuXyZM@<3x@15pg(lkUkz#Sy!^1@Z>e)jjg3W=>_BNXjofM@w-fDKW6`o`HntlK*v=)k_!GpBWnl&- zjNiR>;?czt>VSExq2k@%m3WI4DO00uZ7)G3>R9gs`K0~q^1q;O38rX z2(0aWC*ftNr%<)wRE_2r(f^j#Za3p&-3Mnv_qY}l+&{3#F~*!JsIl1ue|(}R4-@>s z3^${I@N~P(#py@p``y?NxAoD(G$TR0qt|X};h(KIO(dNaZB7iA;;kGQ&zy#PBJ9SH zJg}>h^IZ=_ zMgrXdZYX(Hq+nvtqcZjQPwqsdVxlpjnsx6K&u3tCfJ`&H>;0fVf8nrUm&-~TI!5P1 z@|1@r!^jRiF&NK}yZ1$Nl(m31O1i$3wcf z`17v++u187Y4@*2OZd$|MLvA!AANTa1*RcioXThpDKO`VO=(6CJto5j$^F~Kd~nB+ zoe`8d`tC5^f}*Fbk6y0tpb|)~dSkGa?O_VA6$9ZU*?_i(i{azqw*w3AY7+L+x;CDd ztNPOC;1MA`x_Yh)@#y3K&P^4-8;U7a5ILmE&$H#X_ z*a1r=2)-$~AuSg|N=<-5d_*0PYCElZbOap%1K}#+WKcA;zH&`_qm31Dm;)rGPS$jo z9=V;PkMs8v4k1SO^SNt$u3PK+p0mVKGGRaqq>#qCSx_l*wNwCO z>CjF*IJrn55;8V|YLME4#2aEj%%&Ky_axM5IW()*I{nKZ(dj!MQ_d`6C9(2G9ny^to(0xKf;q)QxX4zjkgeOH?eP6$AS1z=VvAbJM$C z9ZD%RS~Cp3q51i%1B9X_GRsl~B^HaaO9m(D2Tc)F`#sew3X$pZ)*)DBM}1Q3@!DNC zWuXP2OFfsmUD#NIaPzi>Bs2No_LYC$( zb%0+YSQg7ef^0fR~D#ZZAijTV@YB?Xy!&;As9HwFF)C2TmE14ODHx3wq|#zyO~Jh<7($X#QID4Q{F!F*z6jxWJ#vh{*uRLgdo)&Rf|WT-D6)1tDaY z>AhXJp>Hw0moX!qs3ki(`RW-fYK=Zb7D^RLi`qPL&msT#8ojXbgM33T`U;;GgNI0- z-9YitRBz1?RFfXK6*zET<@>4R?YOTBKttapQ#ge<=mQ&K3Lbb%HRL*X!Zp4^og&75 ziRR;z{1hommWWZR@+dF?$HrS~*5( zjO?UhZBUo+HeFC>=*XvEBOjS(hpf&sHy^Ph744JxgMwDeu5BdLL|fh|v*XYS`WqEG zf@|PEU*Et#m4VKYOF%adcE;H(IrgESm4^9eze8pfINb2l^Gs-8hdnpVI)l}42Do&9 z^^O%+`~BeVGjqPjfcZXQ`h&ydfP=Ev91u7}`&46Sw5_kvT@%mak|W_hL;ak{-(s*M zo$iS-2!l%Z@*k$IH?+a`NAw?nxQVI{l%c?i8{gy?H=u@Kebck<1HM^%PDlE#Y*vhH zc^I*i%-LUJ*C(GRox}5P_bI8PZM1l8tO5|+D{4SbS= zSt8)7Gq-}bN?gV^N2*OPXwBvbC{2glss7VwG0{E{TKMfWGfdz1t<6*aJrj|t%aZO2 zc^Ze9qD0GzeK@Ai_KYD~Pov>#bZ3rVYre_2A!4Rq=T~eK-=vY6;Uy#3Ug;P1LyKT#tR!`IB0)~ppga}qVPPRIUs;ZINIw}XjQy$vZ457+14A|-Qj zt3J!2%+q?Sa!4H{Kg!(Yr%=zG##c*yx8%Be&#sX&|md1)=yobD+%qh zx|q$CMPoWfd2N#~WqNFMCH;1&1f`P@T$Y-CvN*AJKB!wbAEb=C=a-9->zfJ_Kfbgy z$epx4QYV}V+MNnBhSo|T)6O9a#uuZP(E`(zQlCyU7Qw_-Q?Xqxv$M)x2C;cSHl8sh zi4z|RBe1S<{5~)yg+>BQoiW+~zoj^R&2MEV3uC3k7Q?FSK^wGQELXl5YSTaZ>C^ku z8|jXM99mIv+vq5WOfoXOV2%Iiuh7)mMZy5zUb0NY|!0?Y|wNx9X=USf9F_KDB0$*OSLCqK}W*wtkaa~p^&G73CuUi~# z)#!=S4%KW=tGkp9a8zCm>TEG{tP%w^u#1|<0;uyV1Jhk4F5+DtSBWj2V2|0SMKmZc zittofmmKSZtI8P3{u1!s0CS!R@BE&GFex9I&+qyRXkhkskt>K<^xC|kNn%u$vm6!0>%FP(4SRy*D9WNvVF5$%4Q38@#+u17$xi-?oT&7Xb` zql4!qF$>(!(I202z*h5~SPx7Hca$_-7{5W82cUDq^L%)UDnaxM?hl4T`2C^a7wPo} zH?TDLwO*2y@E-5LYiUwtDSk=ALCUlbg4_)wWD)o^xNiK=+X+*<;$p7o0{tH0nTeJzQi+#~3>x~%jb6KBU}W)$$})nw$cNNi z+v3taoG_9Hp*>wcYN~*c2gKO;D-)ZUxS_=c6vC_&XXia2R>QK~^h_vP(|Y_Kf8c+i za!U~%o71QV(?3Dyky?ui(<;R`P+o9eiF#p4QzotlgXje|hwLbZGN1~>o4o3&x2lWh zb`?(hxTMf^^hI%sJ}xQSiK{`An{^vVa_+lfcBg|S6aL+)DG4(H9QUxQC)KS;LiT+; z4Ju^SxD3Tu?TlZrv|>0*{wCV$+h|dG|3`4*{Bn+mx}A(9Uvf2=J&b64bO1@=l452> zVi_Td^eoJo6yXGyQtN6rY)bo~EZ()oF-(UXXv^2i5c_DT-9hLJ*RO}5?gsgwAyWrB zl*$iF5=1^PR!75tIh+ukMQux-s$Lx=Af>k8h14r(eb9?V#b$4|XQ!}d$UyQ}CCJL5 z%OcRq{KOn&ls1_V@d}igC>$OG*Uw%S-F39Ty1g2b9(ddz?%mVAi`~P8c=Ek$6w+D~ z)_hqR3<{(roC(42k`Q;Niyr4m=SC+2;$RL>u^-s;wP;J@b+er-E{u&nOj--p8w)!4 zL2%5}12%V!jt;4EJ&nQnYB69vZ2Fjds;m(QI&zQ27GGbQWNU$eYh1G-{GbW z2r`8PN17Ue9^i&3NvborsN&qyM-5lnW$IviE$@4{=^4lE$UNxph0K-qo+bXU9OvfE z+m<7oH?ao;cJ z=ubad0N7)q0Nn8&(Wb1}1ML8!oO)l*C-&-Ie2O_f*7MBXN&;4_rvEY z4@CC|RO?CAp8Wd<7)%uJ;eR~7wEDdte!qO;O=>U(^Qoj}B5Jq_>L(BQ!}!*YdoO%g z{#06kFz8BxlTFHlx18Eofl{JQ5D!1)sD@#x+C|~4%2C}(({uG0Ww93jN-W95|qGK z?n@aRlOlt#!6SNU(zJ0ryPvmr44s=-3sHWqABdJA3Z?4YPs#MQPf1EgLD)V6Z<3|q z*$%IgU}PKTo9Jm$x z;Qs_132#=2qBzc+OMCaqQ@^3a)~}$-71E3$%r@L%*``Q#Zya^ zOKKJhpSSScRcg(l!M#HkZBE-S#XbPb5g;O!Xfd!chsQIa{BAA){uL6Cod$mu8!Kea zxU1G*EoLKcpVRS9j(hHK_~g!`UZyM3X8bQcznIUJ;SPZ59y^O#Ou+3OnS4!C*IzY} zS=zZ}#BoJp{HTCEz*D=JsUmEval@oOox8$ii=&3n5CUhmKfY6G@UoSDQ_C>pgj^yg zR?c+SfE4OTBjEHn>q9S9ElHaxvkCz_K7vvT2aZaKCHS2)9rgXpS$o3;*v4O_`AeGH zw$Vdz1Sv@F4A6qmT?;m>IbzgvYFnhbB`{?|6{f>kJ5|HG zr^-1<-5d!8IR1rhd(7+kU<)g-hDe#Mm)TmUyJ8y-f5Fz-5YybxAHDVMwQG%Q{3quQ z7q1>1%Akx9*1mbhH*xKKRZdJ9NwycFr|AxcX&3z^kVVXoS|KndH5a*atZlsV+w49Z z91Do(VqZcujGXPEf0`LI_Zt{A#P8jP2m0y9Wv$R&3i?vUGHyP6nsHbP3_GJQr{Alr z@=ZEoZJX8=N&lb2(@*G5J71WR@2e3A9?S6yVDwA!3X2XRNs}o=26kZAA?9YR!1AFs zA#~+_C_@b;JYegCI}DFRY2FJfB>>!u2|f|FCm%MtAnnRHk_F1VJT_A8Ff+H9KRbVWq)7gM3mL5Zd7 zv~1u83I*ztO&IYG)?V+I?@(s@T~2KGm#xF@-fPOBTEZ;r+n8j@F6xt)X@Lkjmk8p( zXD-;UA}apu<#UHqJhZb##XOf2N-tNZoVutGD{n>=qzohM9JqdWlBJFU6dX8)c1hw) zRjgmTwE^5#?1W>MarQ(5^ZubJBxDc#4zdaO10Tx^f5A}B)~ss zu4XoA@4H6rNx$X6FYza-)Aj3Ry{%%I`9dlM9@WB6T0&*mDjX}62PM;C8y685HcrYGcjT8BsuN2| zN<)%PszMEl2qa>@FG%2VJ4NFKq5@(82rr&7e?~ogT=n2Hm&foh$|KUSO~v8`RLg1S zaHUP$3gRG1{ zv?bFGS#PIGY>cH=@#~K<;9>0UV5fMhdpVUYb?4~Zl;wL$&14L(U7n^5zr>2Y;DYgH z+X+nGh$MsNs+JpfXHFY2KrzcWvr`gVeZ?9R^yYo4*&;5%C^1PZvOF+>|w3UriMjq=}eS*9XS^Wdt1*!G69T~ z$Rlxe17h_9!VV{IG658oa`76SkJ7H>hm8ll#wnHeb&k_wk>d~Zr*8>R8^zGvS%#si z2a&D~SqYE;DXHf*oYiUe)*UyXo?)575x_F*7kT0U7vAW2i5ocTAmFk7OW6xbVHa&O zPYE#}q%k;0x#eIucIf@hweSS>6ddD{l8)n)na~Rr{Rvi&(N6ato(G_ouSQ5`r&rfy zG0GP>#|bCxyj!1_i7&`qUg!lGn?+Q`$;XON*QhjdLVrY4b7X z?5R2#&ysZ2W}HbwEwjSvja@v=pZaCzZY=MH@_h)oElFVCCTS81R0^g1=O?j}-z^}C zFTTTIQj!V)nGL}>?&6+UDY_EBTj#j1qq|H8(1(-4ryf$=O*P-Oy^#x@+UoF0Y z@R3%_n1hikYctbAH&(>af>1_~JZ4ngby@!C@Mfqw?MaJ;aZwbRJv?wy*=F$kAa+q* z`6_>-wPvG-q{`oERd)8NG?dQHx>#3Bg&GV%hU#$o5j#@{y-ZrNVL>eyopb*lWnvTl z)Y80+Cv}CVauL|eL4S653`3(3Un^wNZ@yoPR6A79ZK@p@!oajn5tss>RT={~PYc2i zx=bl+fu@FLRv759MFZ`c+6Ek|TD`|`30rAQazp-^fG*=g7#)DfSZm?43qq0kNRp9{Ba?|Vxs71%=@s#5N*p)I*kT3!0Aaz*eQH*1;p+WG$adQ)DB^b#ZKLLhZNv*+`$%9 zXC*tq;VEXno!{Zi4rW8`>)WcG1!RbKeBxCaZa_HVV3Kw)teK7AM!2AsRa1}KNs@vU z+Kd@Ap9NU=$YKg@T&mDW5<;EN=&tu|WB$?|1>1*&$J^|(wbFoSP^aTmwUgCNV$))K z`Igj1RrLVxBvg+%tSAA@WWX5Ito1+XcAL!VdH;EJ-#P7lT((XLa6JN(^7v*kp6ZtA z^Bc!$Uu!}$NMVR6&=Ze`1{X%NQ0r`3C6FxTzESnLLlw~upLlPo9|-R(+qk$bio9L8 zY}g%ynF&Xrt3m3^E(McoF?q#Oe7Yk^(nD9f?(iOn8or@J7X&*SxTt}iSe`k1~(-+bkp$( zb1;hU<_l@KS0EC&XH6vwamO{laGoB4bUy{6h*nz6fw1#nTtz)ZB=Z-|u$7Sce0lfo zJG8z)-+TNQ-QeWEkN$5`0P*zhJ8&RI-@X67_dlY5|J`>Fv*+)4NZx&S_ics`>wi}Z z{fR4){J6y#73s)Zw9WJCz`}JaIERDizy@vn$&qI8W7vnA9x^laN>3E2X%vbz&{qei+ zZkNk<-*LhmJ5zsmH$s1xTfA~Nx_y2CqvD<)mA?;eZ_z%=|BKL#|2tOh-P`>7Z*ZCa z0Du0%UGDrZekFf9cQ5?6?sfkkzSsWxAMlU=1b_VJZ~o#}_}9C4H|~Z1Uj7yT?>~xv zmA`fH|Nrmb|NY#5{_9`-N?!l!UO13{y?f_B_n*3d`~Un;_{)EeKmPOo<}ZGQf4zJ6 zZ`=$2>c5hIzWa~yAKttF{6E!~-+jP;|3m!opFj8~zmlIE{1f@lyHh@#`ISHakNDZ& zoBO~2r@xYS-@7k3bszBe@4v_Y_xE`B|7Sk`um72T{$Kwyxy-x&OaCMH&ujSmcQ3zt zz+d>fzuv$6=f9F4{mXwY|9SUS|5L1=yS;aR#LxNp@7??Ut^54Hb)Wy+|5AUz_wbhd z_xsQP&v=cG_?P&@U;pY~{L1}T{`1aVM*o5T=XLBaXolqTf9pQ~xBo)lb?~3rcfWi0 zU%P+$|Nbx8=l@;jSMrX3N5R4`|33X!ynp}i{}q3+_y2e9^MB_)|Ns2ol&<(Izuy0b zAKB0U`@j4wZ~pgx`CrI?v)eD8|9^L%_xtyE?(=`=KL3CIcf5N1m4E;Lfgk<KpwzG5KNIOSf;!(h()@j z@dX4yu+W+P_cxo-U>1_u*`06xo!i@6jUeAF9r@s92^&|t8L`^4&%Y&OF+Xg9AGW|Z z@0l5Sxc~5+>lnU~9{Z_Aij{Ux7zu0jGa1$+s%KE!Q|B^R@K(?IFA_a3Kl0tccRSPZ zLt(Xk@>$@sDfw5!_X6Jw{KuIDM9r@MP3H9M{OITPL^_w{7rk8wk6*uE+Q_3i=dNWe zUVpy;zFz=e@zm&#Jng69T@k!1f`2d@MvgWo;<0`^0pCu*-;TdNzs}>Vz?zHo@0G!C zm%-mHvr^PB?#bQ<{jE`nzDHiy7dN`JE7Hl;zAh}kTY*07WDat)Ytmt#F>3b%ziK9p z>#7s@({<>#USoSTv}-Z!G6B4+8btt(|zZg!z+*)yBr) z_qf>GV}~F-T40P}Tq5!uGDX{GrNqW!Bk>%C|Ft6&P&*Znf+ox?G z+s6MFoA`@IBoJaa!G|fm@MK#4)&J*;`Fzj6ah!znZ=4l*F1}QPG5fUnETtYhjAHX})5bu_Xcx-J&)yD{{!+-u&AG7-C-Z$jWzGd)VZ&)~UUe!5& z+y8?p-<)*Vq(9{>S!hD%_iPmSFHYFLRsw-i@LnV+1>aQ$etwzqk1PW}6y?P6zxZ!t zne<;N1HZHk{{L16esY;|PAikXyG;6}K)h7{{IU%Eq%!4yw@mt#Wzs)g2A{4n>2EBP z{(EKMXOw|^W#Hc~ga5QL_CKY`SnHRdq_`wV*8@_#Go(C zU#$AUoaql7OMI?uXqdB{=_fL@Y{gaAE|@o;;hNa;1xx0mkgMh_xc1s5OXn*Dh%I1mH!`g$+wqERHoSU9x0B!wQzwpja$l+Hm!P6|sd27q47?Rc!f+Ya5nb z7hAAu(TdnrE0!)uhYVe{boq)au3It>?LnyF zlk;N>KY8t<6$@euIU2D==+#fm(X!crXp=!tvPiT^v~(Goh+N2K+PHY$70Zd=HA_E% z@)&>S>Ff*bbB>cCv}@*}%N7D75XL7Knx?WSv|trzaRu_tm~lzn`&M3m{eo+!FIlu= z(Y(cru3r#4f5!Cl-aF^CQ%*bOjPU(E;oHR1G51E`-$?x9Q$u{yf1@Nu<1CD+3-6=w zJ`x%=AyK$3i`I~)Kg2vWr9uliX^#}jb>C1xtOEZQ;7Pqbj{hr(}yM2N+ma_!oEJrl}HF?ZB-)!iX9NP8-(#)jDu% zlQAygz=@OnOF3}YZmW0TmX|ZnEC-H(3IFCg@UbB@7Q4!Uzuti_bKta1?B6N}j)4pR znjH8WLTD`3>cBk*zSem60$AQ1e zf%iG^H#_it2d);lMh-Y|NVo7W@4$}=q3{8l)g+<}jC;Kw@fxC1}Vfmb{5cR27G2R`0`*E;YC4m{z&k9XiH2mVe6UhlxE ztJ}X>4*UcQ#B;6#f0qNl%7LHgz?V7jlN|Ue2mT=k-sHefap0{E{8R_N)`8bJ@bwOS zq66=A;HNq84G#R>4t%2nr*yG@T@Jk70`cr|;Ac4SJ_mlL1Mhd>)Ya|ZfCHalfq3Q} zc&!8X9rz>%KIp*Da^OP_e6jB?!f0d@b^3LRC-@!DmVJbEt6uY zOwWqZ{sWLosq~J@2b@HB-G9aiB-uY<6n?$8C-BDbRZJA*_v3HE-|s`1A~Wch@Shl_ zs0?}}{4B#1g~3J%Kf^FZV9+Vy#~G&R3)V{bQHCkpqvOc58xQ$_ouwd{7 z04ChbFhy68m+O+ONx@nPU&t^; zQP3pe_cKfp6fBeQc??tZ1al>P7Q+-dLA``eW0;~QNJ#iy3{%7eH4;9KVTzU@F5#mX zrbr2@B>XQ7QZj%!CVQS#V}cDP%q)r7$)ls5)ytF!(^F3jf9V5n5;60OZX^;&t|wv!vDfBS!NKE z@K}b)Ducm)$oMmyU^p+~zkd&5vc{la!hd3zEHUVj@Usk)6$Tq6{0zfnfkCH)A7?np z@LCB!$}m}B&?Mo97$yr0mPvR!!(@HITnTSsm@F@-m+*O;CdC%6MOgkO{%(5qk&mXb z&!p0O2kS4M-rH04#hI~G@3zi6`RJ{}!@m^+{oF$D?ZB$*DL6Q0rcNHfBb6R{Ln`~9 zpLlB*iz1smeD?i}*q=w@7Ab%B1LTSePqE={#?MSO|6U5%_QFUMkjf6Gw)y9#Dt4wG zd11woVQH_orFn0U&3-`ZZ#w(7ehlWy!)GF+zXTmVd*|pI0jl`3)O3Fy3rwl>xv`a_ zfBPBa3k&-rGwko59bAt*1$+oiWgCZ5*_DH+W37bK`{EWhu_xP`>h5`KLR#Y=1IC@o zA$cx2nBAG$G7X)@KP20hoY>>vxo$)(l}-AobfX{hTF7>h-1qQG9(Qh($GRSQwD-#+lgDF5wtY|@nISw<*>>{f zRCZmZJT{SQr?Oke;nC9Lwaf!bUUg;}^H;Y^P1WnxO6X3hsrv4X68fgpRK2NRLR(oA zFr*9thI8fd&1Ldf(Bz#kd#!iE%uerwx{clm$(~d$Bh}{GS#2t(xa2koX1T4zb4D&R z$VWDlVv_9EggiFY%41!PJnAqm$-z{5%7psouLIs0%9T`Z)C8KTsq82Lr`j`dNuA86 z+LKktG0>abO%BwX?AHuu-~A-ycy8rjs(og^UyFI0YTm&Bd121mz%UCoGAAaCikQOy^ICk5k?( z^o1=Xg?G0RhJMitAW~^V%VLXcdQ~M*Agi5$E@VSeIqg|(OFcB6HizxM=6#)n znrWHJ&g6XJaEKc8W++RFa3YSu&YSmf9QahOE{}OOxo)5}b0vtvyM>YgDe~Ut%8eE2 zzm09pEF`>z8i>>7m2C+j}&kO`b*~+IZWLqzhQGI&jq{ewiLQCm95LSff^Ns?DkZ8J7DXGP-`WM zLL0Kl-N77$O`@I5Uxz8z=%?D(Ndvks{L3XMHWu3$+y6+(#^vgEPwbgo*Wa3HKuKPj zv{Gs$KV%b7?KBlizs5Wc4>PyPZ`dB{FK)syUJF(35ZSnS)6tM-1{7u%Y`dYIP2L&% zXqXX29H5opYMrPC3?afln)k&ax4^vzA;`hKW5Ub7StXCV8>G!ke0PtV6KTk zw2ayhk|iqf?i-db?3vh7I#Vb~Iu$_5dLVHW9A=q?J{ZR=_g`;hh=0tIvCP>O91h{! zn_Q2<-GBeTBF+9ICd4VQ5Qj!}0kvlV?M>dn$mYg7Vt)s^?T@fD!@t_wJ4puFR8^|I zZZ4jcy@^pZ%oO7+ zuboz5F1dbk@^&K<=4oU$xn8`M9l;m@+>!2?j}ZH(MntdHzrP=C zY6Wk!G(uAw9o#D2a2(K*qHQ;GIPYSLbYmPjnl&*;qZS!90=y9^Xx^X<1S#?}M%47B zS0yUE4%)JaWS$hbNndVyA{~rKH9QE^`kX@Iwh$fZI19`rPR}N*^{qCWtXH&H*yveQ zjY0N79fl5g^Z*a;CNh|w#@8I?43I#KA*>!CkpQ{1qAoxywaOlp)7hI@jK&iV;j@+R zkllYE18W~IK&iuktYX!J23H7EX3926A2Q`QvIz>gL^W#Y$w>{ACGry7jyh0iCwi=w zNwp0$eP0&hCf{33KEWs>Y7Uz3eJ`;LJ(zB+MsqpT&5hM;rDp_mV~_ufMI&QK;tYGP zafAPvQJ|{2-N0l+wh}B#UQ(klfL(kgeS>)^vV9UCst5kSts~vuG5L|4I%05a$vj_)<_X>|sgj*S&pDxIzkX4q*QNKQcG|(Mz6uJYbE^ppbse%Zcl-yv|?8XhLZYvu72gxW@ zG8iQs0tISYZsi8p8h0salFy0ZB6d?|o^;q0ku2!H3$@dXK!e!;fk-(j=9-aVxuy+F z1^Y1&BP#?`R1*x8`_Rpmc=v-Ofm#=RP2|#IAc^@YLe%hOa!5b0B8_IL0FVa`A?DOV zgr0xOa96A*!H8IDQgYC1p=T-8wd~yqf((o@Ce@WcGeMAn$xwF9JhR|jR(gmEGaVd>|ttAsG5 zRV|aGRDy9~06aTVh7Vz~CeU^%4atOKuf*4)e zwgnH4^%o^VZBgxfVfW$#629J>q^od$z}<@|4WzfK(x141b5!hC0>=4q1q_%J)xM_y zb_!F}_%F3;RYeq{nMpW;R{f%YpCl;~F`(0*lt68*{q+OJGd zqF*b&R&V^~_` zO)(mI@f1$QcVJM*p62^Fy!V^;YP|QE_ZqzSnD<(YAt@l2d>%xQ5EBcGNBkSj`+6|2 zuwD|-IALFjNpr$C=St}AW%9U_MhUDJS|hMtsGGui*@y@HcRljR^x*;fs$U-K2IL{8 z5Zq%vLbR_w1{`2tB@l%Fu3jGN=E~#FW%9VYNgnDxtlrcqp{=Y57{)<{z)+2+Zzd#k zcfCCBq|^k4RE6QlgHtcL7P2spj4-WOKOA|2R8E|N5TryHrd1Cg*^K!5vRkW=Kb757 zDUWqAc^F3?CpXw9ETcU863+p7s<-qCf;b|o%;v#L^Pt!B6pWxKv+p*kRGFP%BgOe6 zc~clQzgVfwV^Zh+C-<=tMUJfQ&uq99rC2{f9}q6KIr@Q0KTvrZsd|&U)aKZwHb);| zsrF=Ns$JZ$ASW6eaKJeR2N)|_*4Ph&V;2}V+>mvh{+IUB+StLo>Bb$Qsj*{na+ftV z`X(oLL`;nx*<_!H8O@=l#ttzxc4d>hjH$6pObyf&ni^6wIGdPHLzW{Ok=6xpe{dq2 ztrD!bgK{(bqf)^11{VQYhjQ@7ew42RIbEBZ_h0xe`a9h?fUYw(*MNT+VZ~K+e{Z`g zWAxRarw057kWA5O-oe@B`d9yNzWx7XzAXt#jrDIFk1;$d|F7oT#Hat)&$kYL_Jj4*nGPPS^saoy~^?}*Er}u-Y^#C{BHQ^;CtC5oDnKZ-EQ@{c-^Ba(?e%@Eni?v z8969!d)JfWM?5(cn5Bgte2s^4L#LM+V_EVO|7pj07!UrjJ1<9RPGk$H%=T&+jFV3>%c)GHE^1EGi%!%X#? zaA^9W5Ws_PrCk#n@qhZ|E731G|1O&=^Uut!<>*sPMGVa%yg}R4saOH`XE+rZHg2x6Y_=8f78p!)avZPYoDXWIY)Rj9BCu zfCbWz(I!vRhiD^!b}@)&r+KcIr{m!GBDUOtreL7x8U`4NaTtMK%*F(@N#NN?jH8MT zIvUC);^0sEHj1o`Fvy1;3aZK`zriVJo!`Q&`K12*Q(u z4rm-e_RdsJwiI-h*ivvNlBOGX0U>T(gEfPO=)wdobj@CRdqIHovEZ}#L5paVaqnEA z)|vgex?RN^80I61)<##B)Mgghb{uXO*>+UfMYbJSZXez@eb?KH5{{xROIH;&+l8H0P&59_hFXg{)> z4(a}6r{jm?dFDdY3r@+wlt@&oo9oy})EGDFkVw><+^FAj@`Px-&5i1hL>=!&ZHh#l z=tg}$5_N_fbyFlN(&YJ(s3~r)>5-^uZqzA}s2Oh58zWI4b)$wb{Dmejaie}2iMq*+ z+8&Aev>SDAB{EkFacU~$?}E!3YL2?BU1iP-SQ_!qMmf4-c&XUbIHeCS|SOs zkFI?dh57ARXpMOtvWfzKQLgUxbWo7s*!-faD3+68`%q*ri1l&jmC-Od;^U4-(6PHn zQd@rG;0(mbWWTJ4b;2W$(q<0$Q=WkENjI)XT(iW1kqW0RW{%*m!W`ENbNokGH1}J* z1m?J2nB%A~IV=Iy#n2)YY;f5KSuY$3jO>hs#~mXx+{nW(-x+P}S-eJB9Qu+qmjkm=CmsR^&0oI2GY zu$?WV2N4z56tV`(q`^ZlEfl8vsoJH0^(Og8qq)&sgGc*1mKH?=IsnDK>#o=Roflzq z|Eg@`bKFwLy=6uhz=)23G$m6|msJbU<-!PdggiGRH+ujgZD8Vq6Ca(v<#xkwQ`v`8 z*`K7c5A}}X#R0M2Y2z!gI}M7%wDI)$5ipL=8QIIn#|h<9k3`cS#^_q}Oz=4)d-3>G zDm!g_{l=I-br1T3lh5M7O{Umc*7cp2TRSU`v-}swfR(3E`3}%=r1IQsEE3Hgn32P7 z7}F17>$69XM-99paJI}A!G?zQ?_0Ib= z=e^c>KgoHIJMTw0?_8L-<#UzAz7IO@d!6?I=Y5y+-s8M~*LmOIyx-xxuXWxz+iks^ zb@qL+^FG&kzu0+C={tU70T+0YSKc|v?fZD=eVp@tDBgujn}k?k5@I1f;eO;|dSoVB z@EtS^Kyb1nagmpy$3w%3iuBOQUW@Dmvk9h`NN`@51A9eRl}K=`n_!lgVSl<+WJDb& z(WiSx$h5K5P4!kE877t;xR@=0&C61Hi{_1+hI0BuV?i41MY zr^0PKwtZ$Nt1tU-!w!gHEARLUZ*xyJ`FzlPh}Hs>@<^eZVGAhPO~F9vmmx|7a=R-~ z+7qIrITfWnZOJ{z(3bpVF-m!Zl5P!Vg%D6acGtq8G|F3jwzk;;R(fkpo3#RnWp`w^ zW4dFMF*#zvX1qsB9O1RQiPxC~W@D;dcb3f8xpANfH{WbqFodw}Co_bKR82U98lL2> zL6%t1H_8z1fqV9eQa$^4$)0_@E%|tB@`<+O6ECl4&He&3wYY~g<{5CwXv}DDwK1Zj zqah9ZIz)IhId)yTUG^@tJZv=hzloEseuEoV)YX5o1;5;`o{fxZTON>ze^IKd2TFGJ zKwEO4HTjFSDIE7c>rOZLd_w&d>ClYKYN)yVx&gCz(Fg$4wq)`CJ(~@0$mi* z36odwO}u9t03SIDLpyM|E*HQ_pO*rggi zJ}tHF*CV-}!EK+YOLoCP*IboCKk@t^RY;f=JN<#*dJOpf+pDUiXtp4in06oLN9=Qd z{hO4KXHC6HA0YM|SAYUK8q5&DjAAW0S%?};HB3*WvPZzX3Gt`3*Rlb*sfp}%oaM+~ zkbrpBtu%30W7qvu+<7nk64kpqQ5{Qz#TxV0L~MbKiOQuC>23S7sYIBr<9HKgaT8xA zy#?5W00gCLYR!f|1bP#-$e`Wewk9{K&q&2+D|<)vne;FuX$_06A0F`&|MRf%wi1Im z19d}TKohfckT3UE&leOT<2qM5aQfvK^i;zi?chSiP$#rHC(Vc+@~jsQ67^tY&6}p8 z7}5@l$)+xsKw{S9Q4^YQ5Z=4x0!fSnO{ZhS}2m#F`-!^0vcRYD@nH zbwBtEO}5^qD#VaBEQ!#S0mq1?4%7}JZJ0i*h&t+}aZ_g*>X=oUI*dIh_B%J+WmoRw z>5OdM9y5*TOJ>$(G`=;e)@1d=m zOYWKY=+tcg)caWA#7AdjduL>K&d6>zHZKJ8aGUo4_VzS50%~C_Cy-CgePiukghf?@ z)2S>I2=yjtCzuBHNP{xEpoq98wvaHLfN8Oo&H2?Aoj# zA)&P_la!fDqT?)<%y!wXen&Hqeg~im2wgxiUxkXxm$k8K zXpi+WV2^?hYljz?$3Jm)7WfeWIl}%4jAkIPT&h+Q)glp1W!hVQF8LhZvdQNNw8q?laqVBHT025BzooxKZjE>S^{Y}X+6I>e)SlqdOgTk`3!!nou?h1=z&xWeF0 z)Dt#e8=4-P5N?1O@_AFEAkqvp@b0z04<*^2$RDUD@XL5fm_#9ripGQ2QElPVu zJ6SOibM=W-_v^o^a@lOA9Q5z`3pyp+>z{LoQSi94!FCSB`$;GporY;_$?FI(AvVBh zw%A8;Av(4-x!)2rwIC^@4P&|A+nls6$WZlh{hczOt@>DEcv^(z&N)OUR8G_g&I+uL z*7c|T!@XP0RPUz)v--<)U#CHE-kZ~~9g5PMtT?GFb zH3q-O4>aGQZZcrWatGrcW89+>M@qaMk?17m7t$17gxFZ{EtAIf1q=k35OJ@C_C>Ur zsfv*KsH)~tE_03bI&{_-M;vAkaur7aC&8i`zk$5HP4L0w_~CCvr62Nlp=IDQg9XYt zPEaeR9BjDizS<=l)xX~?iP1sSM5Kd01@a6wk1B2+h-I>uxmDn(KPmMCVL5SnM%Wur zySjQ1f@&7WuXYh0O+6CQQy^Ht8kCJ#!pEYj+Z5KIKKZ9j0XUO@Gqc((4%ceH(KWU+ z(_OTf05}%E9BfMAZt?zXxxuv9UkOD~mOEsCyXYeZinIg-#dOyOg&Z#sQ^s2v2+NSe zIQ|UuSP-eHRH`#U0xY<vi&!1%!Y^s39@d@($Rq0wIE?h%5H3Edz?V_S;Y z0O>p|T=d?;B50LBsq3*JHti^Zo>c_J4o8%r+#Vye>S%h4HjW}|Otoe}Z)qmU7BXGb9;;o45MH}2^MRmc2%)`L(U(8Wi( zI*4U%<$!58wMwDIoHelV0Z)u7S8^E8y+z-J#>wiX&WAa z;a%)yK0Z8Rv~ax-4U0&PJ`mSKE^xgP><|%$IU@VB$AEy3mcq@{lap{;K5wV*X0Uvb zvid^-z`pBd(ZaQUh(VXQVi{b*KF5XwYoCjK@p=$MfqiDRjdY~cf<;WXK~jq@^wZ=m zalwian6l_E@3QcJOvrPw@Lwty1UfIjpu)&AQQgP88PG@+1rBic@3^gRFOn5ZT~d%W z!_PNp7S9!f6wX7_E-yP*27L<1Tyn2#m%H*E>Ze)HEHi8Lyrr@-YO95*IgV2kdT^?_ zaj@xM*T=kDg*i1h`VzWjsiLk~MV!obA-P!UzWOVt0faH1l&bVv&N0!&J`Bsdjq~E{ zE>)8Juj=|4n6dZ>LjBRILSugEXxiyjag6#DQ$<1U3ttLZTtSc8wa4gDAV8r>e=K#e zG%td3^gs6BU~h6C5@F1IeeC6fLmH{(crWuYWn2!Nll&cC=7Ql7I>~Dhq4Y1swbC}h zMJw=C>T6gDNKC+DZb$`Uw2aKAz($KODQMN854Nf}0Va}R`Y6eE=awg;Ju>JIJ!f=e zCEqAFw~c&J3cVHw{+%W|3hrdDC6D%E3Yj~4{PfTfUI$OonZABS75@#+P%S{{CuANR zz2IExW_%mgIdC)^Icb|nqfETX$02<#xo=y3lshfG&12F*O+{Zexi9#2sS@XTtL;3G zP|QMa&8bKat?3A_eM0%N=T-Ejd&aW(n@bgsrGS#fzwad$KQ$~~xHni=_aUf9`11q^ zKtuk)=>STX$xm}5&g@meHOaK-6yb6(M}CEgg%K6g*$*nY`=^-vppeo-ZQ-un`mGEQ;C+AoM;ye z6i>7@xZfm1?x01%n7=!vLqHnM+=QBkdKTL7UC3p!I62$zHiB57h6rNV^7OFR0v3xY@pV;o_ z-9l5Ri(YBTb)3n?*?a4e2+;52$xSFSkDm{if+`Fg@ZDqhz9nHbx+8ELt+0L;m6sQ# zn)g)#H_A-21dwW%n+b7hzZvEDmwXMBq7MFdN*z>-=rD)uHikz*PXdRI1^RbWc;DSyP(AQniTLko=3pzwVLoVpgA)p2qbew>4E{LCYNp)>@LEPGt z>Uz=z1p*qi)j@)+E!Fi-7bF+>bk(__jgqR(1#xRYs_U~Zs7*jWa6$Y;Q>yD}7c^f$ zl<^M?e?5pw9?si3@5H(Cseh8Ufwof-V!#!!Agapsr_K5LK2`*HJwVs>cfGJQpN( zP1na95O`D`Eb(}zRSpJ8G|=6|@D{uA9J_HB-VKo}B@RoKF~uQO0;vqwE4QqPExh>| z?dy2q1Jt7Y%U{|&n2pS5 zf(Wevb{Gw9vk(J?IQz8{{WJ7 zoUNILZAefQVM0)iNo{%kHl2F@p1)!|?GEwVOy*Rst55sgXn@P&xtV+Xxi1_B9l~tV zw8jG!@&;@uV0fhJ?5euw3=j^Ek*Qj$={k8i)u_b4j@jwA_ld6{k79=cYG+0zg~4*g z8AxY#h^QCJ(sS{C2HrOL^0b$SiNk?6G(Rl(aWE)t)5AGF0-a^l`;*(nD)Td@MCO0c7(nmbNvkfX$j zlFP@Zc&wzJCp%_AN<8~j;dlduwTB=p2ocrtNEuNqZ5^c)M5Ph3F-sxZM|R#{YYoIBD(xl7QqN!xFT01D8laaT3 zYg6mdZfcybZa-d~^vj^N3}^%?#l?{NQHAdkDDA)1%NR8iXUw`twpEa+-mPx)s#y;H zJ3rKdx<3q%xO6Z4y?AiY3vjI1JM-*)iB*`dSkVcoZ-^J8@M=XfpKHSTtZV(Dy2s*D zTRM!<Z~4l2nxm! zA?vCtf9%m?W9gpJGH{^bQ4^~5HfLUc#tR>0-elN4p;q|GZfb>LWAifAs58U@)e@2e zJ7aOwFt9UGF@aCa9&|`Ba_6YZ$xe6#!jjI!S0K!4P;2i9#c){_wj?6&v!nfGxIP=e ze5$Z_K<_|A@qp^RhxVPt_S>D_H556ik#Z>_6IN>mZb0Fl4sK(Le%~RkuxS#(`~{gT|<=2Nit#$Y>YQR`x`F`$PVBeqp@wfhrkT z{jLSRG8KDqiD`58~XY(_E0l6?(Ij^;s2;7Qi>sCp_BY`Ne&#wxo7 z>;z;w@)9FzDM0&b6J~nXrH{TbgWL z3s9F7`~2<_B!KN3J*K3>{Ng-1$IFx9T<=Y;!M7enw{-7A39~U?}WD;J4SdW6|U%H}V8+N^1H!S||a-W^cY0TG2u;Efu=FTbh4YZdTLqWeO%Psre!mSB6YSe z*Dg=_F| zt*G`o%q$oj zn`b^Xv1igF7JLFyEBHwlOq)H2?>KC(tAcvTFSoFiHu()HqrH*~Rd-l4Z`2@`d^aIC z5!OAP*lh6?0RZQAY{1!pboOErbM+6ddmY)>lUsSa|54t1pwCZALh7gUU>ne%Ka5~OS2|9RDAtv5YNz{$;dUd{lccd%z8+PmYWHnKsxGAJG73kF_!AN4 z;X(ZzQ&(FR67)ka1P%WrmEH+KdET)p^gd#4)FEY9P z&5Nh8$SRLQe;+LgBmK=3(%)AxM|vwCw!eP|ibf$4qx~)AaTcg2I@G^6q6ou7gY&gB zI)UALw0qHy(DKJu;no}Z)&y_`h*zs+%(98;g@^R3R5N>^gdZ>6(9nK4@q&39PVZIP z!`j+td{(|)1e6oZRA~2jX-K5qOd;(~F==`$AGY29MbCs;q1JXwd2Bc8j-|H}Cvfhm zf{C`l4r@DGRBmMLH#f{@I)eXT-60LQt)DD4>Ccfs2OI|)#7STS!f|8+aSK14_)<7d z)z?&Mw1*djAwFE#_a zl~Mk;&%mE!4^?3X_G=5>8CWA@n~_I>67|xU2qiLwP+~1}q_^^6De-D4HzP4hiBjH+ z%s>)p@Hi>8aXq9)9B&ZPt=kKv=CT`ecbAo|cleXJ;u6Z%T-|!)gQoMKDmqlp9rjd$ z*T>n8oPI&F(DF`TQN-(+P+DHi9OrW#|wfg15Pnot#cDNi2$>v%=_XD1QiERcf@eAF%$J z8tZ>CH}u=j=c%5lg`u129=Cg?QFAPqDzgzWIZoF+%Fc6Z{8Km|^i+BXYDm4(9*@%N zmeq3$0JZ=1!an3RN9l{oz#g;Tqb4m7OP%Ax0QPgy^o92X8z-UUJ!N)F4g_n%G+5E4 z%AvWjFY>6O40a3TKtM}WlVQ=dkO!L`i}TohjRQfrT@0dMjhQ;!WM#TAcn^RDN`Oz* z-Pbt4&&$y(L*K63bHQlPnIeMyjP$^{$%21`Xrgm}WMae4-BL&n%Wv3tpf9fv^P?}R z25MF4OWGAzCkMtxdNOR`>kupE+STw`*cP4);7e}Tbq8!$SP^tzt!RW)^gM#fE~G1= zkC4dxRJIZolZL(Y8AxF^ybah5Z)k?u@HP?7wM5 zV#`M!P+{$VMe^G(s#J#MHkxupvjn}>G8_HGoT@@V@4`GFt2Hc(&QUrabx^}{&KQQD zvzSu_BOe|8UM)NC|MdhgL@-};QXe`=J;CK_peoAM`kz8SF*F6!BWG+5ev4FJX^_Zr z;5w;>X)p?Ml_HjDI4cFh&!Ne7hU=gjuViaNMC^g#f}yR5>qzkXB%Bz9&if}NyKN6yf}rsHA-dh|3KU37*H zEv?I&Gjy;2t|5VmPr=!9wB#UmNFX?D2@|aC)Uk(Q&}VJIDY&~XFq(HCY`T%*IXx{x z%G)yD*74&fk$j|z44}#7{6oFWsfs4^ zxjtZmy4H8Ljm)j8*A=!qN7xm%NUcI~TRv%PeKTuS>P+_K5|^iYo=^J~-mOe#M$Yt@ zu)Qtcwi%zq{r7sZ6Db|xA(>3h7ols=B|Y{Ddh9W0&HBnR`s=eRpOgD9^;>L|aZFsi zYXSgv^L}H{gC(-BXwH${;A%`}vb!eghH!C)oMew|Et|f@Ua%V8pE2zqFVMhxHhBow zwG(_suFQNxma3T`XJ`T+?xMAATGoSxfUFJI#EBp72_{VYGQDG2sr?4HF0_6cZtaGr zuWlFAJNWo!;!^_Hf-;!nMwH}$`1KkG;MBu*ltJUrYn}P4*1BhKd>t6U$K3*3fISDc z9lh2jspuga3~ph2T=B(qJe?IFE`FvIdqlF^b9H;C;Wh#szE9$IyJ_C$K5+71)Y+r+=L?e@c~VpFX%5KKk|MK0|Df$@2^OH9KORa zkNG&gL!O}>P>>&g#^?a%YLO+S$lgaHQiS?#iPG*ir4_Iw(=N~I&#*&7R^Qcw5XLc% zU!a7Hcr^7$hzkV5@L4e#KH|f9Q^blL-8_M>N{^H}z_i!;tXMix4 ze#46Gd1pPVym1fvjCaYfZvIg+8_vvA$aj%%ohR@lnJW$sJFFI;CqCBXL0{V{Ubjg{ zRI8{%6^2i-9xCE!G3p7qR?$cqX$-Us*D8E#&*fhUs}Grr`^^;N*#wdM;kmrVimVEDg1Yb5C(iWT>!Wy;kx-l^;9QHqb8?0jpl=rVca&m%uoYzNl|EUtTh z!m-46vnHQ25)Sj{1?lyLg7W^q{7`)W?MG@61Adj0^cqP@qCLptcYj9lL<~yfZvPXo zNW~83EJ@X3Z`0(ud~5PYUgodb^#F67I29-Tq1PnI`>UBGy&FlIu~2}~@Y>&xfKlfA z3)hnL<64r3^h?IPxTF6t24#@D;>f_y!|?LZhuV@4nfp0*1hmo3krtH1wSbKksD?Uz zYw`iF<9!mJ*W878D*6)7F`w9T9|@SBj8AUYE67*`Pq?tY?QO~JNZXctz}CuZ{vj&4 z{`8}^7>yMkL%cl%qDBVoYqGUpU`rHAHw9XxAp$z0gVL5|P`J9N5- zd?_S^*G(zV%zUc`htpPv%B)5guDy{Vbg#V;K+&}~CXu=J1}!W!7-Qe?XsY57vrH~2 zQB_&@Q~^3v6$8(*dFIqiXR-Q!~l+bNaQfm1SH^L4=^I6{OM z2^k|f8Q07@7pmxX2rx**;wpm4Q>(q3l^bDC@C)~$X|(4;dZ)xG(7P_^^<%~Ti-42R zy_VaVB90$YdB-hy2`(Ur^MxR}7|#&4*RfEd^3fxN%wW!L{<3>o@R@To$gaGgXP>d2DK%m6-EtlY{c)+}qPzPi1fWO^j-duC0WtE=RHBRbkla-~Ks>DQjTPJA^T^I+JRb zMY2?bVCnyId8AiP0XBL@LObd#S(PQUEyLfi?X)@+Nt{qN-PCcN07(N8%ypSmYj4=Z zXk3=44M;GM-pU7t{6uMh)kGu%)kfo0-M-#w5pO)UD>d2=W+dRImTt+l%Ygg@3uD<$ zG9V2P%IeqwN8^t#$bel%v>K!YdU6WcDQ^Cs!-Q53!%PwV6v59~2S4q8?Q752~!t~Y*@Yr%{Y5)gt{sZKy0r+JLF*tg& zK8(S+n_L*cxAksBfa99VZK@|i?dzuC;n!1)$Z|!qu45pX*Dm~ZDyp0;QOZwsp#zoB zJKZ&}WGs-Qp)6*C&0B?(TKLcL=5_o5zg+`P_CkWcNP?d*!B8PV$5yu@{rn<*n zqaEj8aPb?|@AY{kaa%z3c480bP7^aTOfZwmZJRV0--h9v<_;wdb}dOMnT z{PFXAKbtj7@n$qd%;kyQ5aaAfq?~mSYeoYAJR8)II5+% z&#(vWRIZ4Ca-0)2hCC;XQC4%f#*o>BG5ewYdmVoT2n8$~>BP{H?{)lAV{UR|_P?Dm z4`|GxaVO7V40L=|W0tuwYmQ~i8jXpa8;~b5j7#95%VFa@FBy>=fnQC_2fhJgAkgZ4X_n9Z z-wN5MSU$dg%w0lU+y%#bJD>7eR${~?c#Z@Y+Tf`Y9zb7)FVNh4n@$nL7X5(@E10CiUc2$Aja@} zz(OEhfFRt1u(#S8<3h5G?)aQWE7gY4q+5x;UZa(C!)Ow(M1Mr1V?w22^il*RdWuFX zd56&?aEU%fqm{tqOXb2>=wFKM*S zh%lOSLZWZhXq^^ew7M|RYYis1%#ARbvqN%E(`cO_VYE6pkb456C-$Ievyp1I(-P!3e1<1jxV2i~S{kOTAya}@CK+G*o-O~sE~%Uciv&l5hc2o8aP z!7~~tukj^&Ls2RT9%K|}loVy6R1|!RQJhVT>gdEvK&N%Caj&CqK0V#&n@xxc5hRyT zWpfeUWR**mO{acUGpB1d)iG(ubcv4Xq*LwkSVW;uAm84sZ;)>hKD`sh*#D^Eelw1( z3K5Et!R^2+VGctHuzY%t*RmAM$?|Cg=h`6nG=di(7shin-98Atv33D3g7 zhmqjwh#bYp9%Ppx4yQQBU*h*xAU-64Fkbm8^3$`pvEn|Vgu11Ts z#IoBU0RAQ=XLzqj*Z`{X8!IM0_?KDm-%F?Qw!=1&(~}u5;Wm5H_)ENU$1PR=i4hXlzfkd2XE$87yPYIZBmC~0cx=;P9hwvA0m6;H#o-Tk> zXFLke2~zX}vww^qn6K~y&luelOkh7XNF?qTZc0`38srbX(~FJNO!8~yz;ODI5{$|6 zGFN%lvF{GT-0A;PWKQZ3ocL)w1nI5peoW4rUcKHun-@-qW1y5>{{&0|mmKc8t$+(V zd%m}t_X6l3h!0vkzXk8P1Yd&p{F0j;w~^ewX1(Vto8UTUUH+FZC#oS8UWAH;3fFCUod3F&`YF0B38> z{XVm;NAdY@6Om$%w`F$klD=T+k^0lgbRe(U{Sc_3H%k0e z;RNNnf|;O&=Rt@3pE^}1e6hq-ZR)VoBe+Ob zMAd!Q(9QvXli#M{D!3J}i zSe0M-(=oDwhl$Uf@02yA&a=zilHd&?X&Nuyp&&9`p$RYEKS2X{gZ0L3N_d0y#?6&@ z3%z*zV3a+mu+WRQ4_>@Y3WJ|TjkM-I*WnG? zfvAQpi#5=LR#=OD-_IH7xKLxL?}ssekr-b8i~^|VhcW8#ew5Zsy0f;j;Cylt-jCe zn2nIJ)%Q8J`Wa^#Tm5Xrvn_ad?FC!?cxHPq$~U%pp%S&#dE*7LsjZH_vvyb^o!aV8 zA}TEY7^bVik0AXnynvWN*7xD9fMaNV-8RYK_&H4p!d|0qAoh&DVJdt|-!K(Ej<>L~ zLR+|eRVY3*u1>SXpXFww6^Sx*>cp9o&f#1mIxjS+hH4ctdpi*NA|@X=6J-hGk1&iW z-f0qd_gdQf+^}DCS-5$@SP|x~LY$PCkIdjqJuC#zE_sH&VWXfQr(ZwVnSA)TAjyQq z3EmkdcxUi-NdQ?%%~1B#|D595a=(9!2KriyUDn6OBcqk@#7Scw+?Pa8fs6b*{hil2 z`pEZ@pY`kg`0$YzurY^A4|>yB_g$3c<+n<5`@C(&>4F9}%>*Ks#cJyJ4{e3aN$zfL z+^rTKMt zYYqvC%9F4QQOYYOAS&DyCZ(;JE+AmUePJwr&3gcWd5)7b4|50qn-SCjHCy90GL>_H zT6Ixw8v9~f@{6GjpP+Vw?@INIo}9#2eLpIt;;>T%w--VuGUvndsfLvpUsZ5$`&hbh z1IAZ14Ku#K{-mqgG`ijVV=#Llw*gyR^4M?$dxPW!?BzsW9=9N>7PE4XQDMj+K{%)t zUqFHKg6)6zu7&23++)9mrES%XP_muo6>cKK9t~@+q~b4eDP_evqp*}Pcq-wSqZ{ka zaA!C_Fg#oy;EqP}+0JmffW6lEfA;Kr}QDlIX%SJS9#t4a3+Feyn1x@i>n5 zR2bH?el0&S0G>m-i#g3cY?La!(B)H{p_)z*Z6_@3s;~suI@tGpw1gW6F_Z40`mkhEP5=@9SX#yT1;OIXSN> z%6Vb`jbgJ&wg9!Spi7Yo1$m`1RY1>e_yI(O_6pR zYhG|~*rd%r!2UiX^8UQc6?w%~kxPJ<66{*N=OH8rwdP5Klz_5#smx|SYt1WWO2)M2 zg?>MSsdLcudk=+!&~GqTw+w0>;g&&cwUc?ushq|3TitENU8@={?@f_n5|;RO67U zlNB6vXFT^A=?oMSZgd|PHq#T|y@9*VaSzlJdf}5qwOm<<;!0(_HFF8Gw9xQno#uMgQXTwwP5ZPGZ+IAl22VJ}Cjd1Rk1AedG}r2Awjwb{ zvo*w8-`Nt2bAb|bb$!fsw%jTE;y1jD<+7#Eo)kQb2aT*zctfS3i{MvaaYpYcP{>T7 z5VAlZ!r?AZh(xt;H<^i|5daDi_-cnj2*1g|*EkeH`0)mA@7LAwo+7*0Sx}o47om#i zfEQ-4P)akXCyB}V0RS0R?9VF~%wVpE^#aR`#PYbZfJWC`+>F~Kw3(m#pP zN#qz_7{*V)#iTc_oyl5PK+_*as~3>)(k1z#M3vx+0x!WA1zv(LYB>>FRldlGwhVtm z`n=S#HzWU|JW@#S)ZwHzm*f3PNG}18ffk?+x2OTjjaDE%t;Hq1$-_xc67e&px;tH& zpDZm}DL&HfTYoK>-#fbla0gdhZAx6o{X62Y%%oXU7{OSflMFNfg#1wG}J4fv6gS;p8Xv1+B2FC-zp^2 zuU$(r`?c#q|I^SUY$u>2^qei$8Mq=s6U)DCkr&&UeC)X3g9b}u9B4``ID{#$)RfN3 z17($%EtgZ3uyS}Tsx-u4-4*Z?+m#0#zn9A}B3_Ca^BgaQ99Tn7sM#YLDt$Y=mgoqW z^ZK2jVSfKT*6+V3^!x8A_WSQ?P2O+({vQMC#_x}u>i6F>%WHG0D*i7oUxV zo)CDrFXBtq`?T1S4H-yHHnGd6`k@+Cja)t}8uc(`kZy_}~4Ya~nuWf|gwFtuUciL^6jQ|UGZ|B`;~KoU2jvSB zTIYHlQ^)d}+Oh$i>!(Q+s%1eoN-llq(4{;~$CHpo7~n^sRET9SJoW7P^g7Zh7dql2 z*Ynu>7ONmHhL8~dSJnFGUm>{=a2Cxl9o6%uiMs!e8vSeL7GJskb=<25cR&1M!|zKe zDUZzMeH?BpmgJU(aE`u4V?V;EZ;?j2@~EPL^61HzAdenHe<5Wld9;f+LRopl&3Z3W z9{u1lM;`r6R6;9{sxScTHQNCC;N+r9Z}Xv}V~Z{YJ;<_RuP)i}Vns-TCygZNZA_dtjo7yuJ~HRM3%rtsED4#7*213dL*1|Q1KS1@r( z4jvafGFwcahjXCD0L)ldJ35&vTbzwvLD~Ax8-<4z1l?;iiMC?1_^@UKpHw3=MbtE%86VT4q)VZlzk;!hxB}J5XS-+%0vAm-&>=N7NtbBhC>&C|3DXryZk9zN71u-+J~V)Yc8Ta;0nw3HhH52nHb zH3a7t3?4fHK=K0|K2S;1l+pe7&SaMzrB#Jv8nVaW5g@16p8{dERyDIMBfL5UGsh*E z*oXxL=z;$TNfc!X@z`frUI6C zuvc9YWoh#;m9S<+xX;y&NNL(Lo+GIR{iUXA+-sSkO>*Eb{!ycG!}7>#Pv*}>aBzUW z;--V6qOO&FAl-=%`sYK>I7s4W2?s^|n(?I*zox{Oskl;^FNDaV149vJ7>q5720AlQ zNuu;jw0!5|xYG=+DHL9!Ds--lv5N558Q0}sF!F{oMrjOXDfh!krA3-GoJCjaJ%Y;dJ_wJ8H$?u$bks;3AVi*gtkV3D9`RUvmNX!#}@5 z0XOXvwgBV%6!dR0gJD(LNWY!|8+Mf(M6>|%a)=H9GqeS+Ezy0HQYp->=2E~LLh845NR zbWtLJ_sVjjsO?5ZRN%<9HUXs=*bC8X?Jq$o;u6eohqBqr3(pRZ*|vYuw4dARyv?I3 zsSLDyC;~jRzcX z&GKcXPe$QNw-(yBs25FKRi)2FJ#HPW^4mT=3Z677=FoOb0qm(@9)8tl;uiY>i-{?u zHe|a~ycT1iq7uh&Eo#bGi&qW^q*skYt#&&~Bpc@0gb-(295)i48ls74d@m47; z7-!$IPgjle7naJ%WyFH6V2%;!Hu9S2`IF{-bJAS$&p9fPqo9V(U4CAeQPHD}28xQ^Tjs;>(U4h4;51J*N zdVCh33)JHyh3FRwurex1usZrJ7A1F6S>Ry?DDzugL7EkpSxE9W`PH-4nGMJve1Vm) zzR9K%Y6Z9`R4S2+HZu20JtPwK7nMjzzfr46NM*|I5N~IzTQm2tgf(0nGv%5KL?xn4 zel>TSl;Pl)6D+A)z?&@n)F!{7CxIW}&>n#vR}kFp{6WOIsG2lXm~ckXJ01~Y_vi}Z zpM`t6dfyGJ4A)6-<)DUpJEdVbj!IfJ$5Htz*An*N#qRACVEa~rWN#<)`JaUUW~647 z-{!4Mb`nOxTP+f`LBKm(Ml+vcE-E`uV(46$fy9{bzZHPc9FykOu^?zhwb!YmB49pnU$;TE%Ep5$s17h4RBCg;){ z^y7lxTw5%zZ z3y(@#=nq4}({MOOO(J>)#8->2_=q|1zl-=}RF&7DtFA;>x!igxs4K#)4+FsPYOjME znlu3IfD_&2&K++BAZTC#E+?j*S>VH7$A3wJe1TOL5~$yPw+lG88<2zNB8zh13(yyP8SX(Z zioh43lU`=&@CbYXy3Whc*JZg6FtDF&KBVx;W`h^_M|vB;cp6;AX>o{tve`i%jViE{ zLI3D^LL|`y5JUw{*nYBk`}?9xHG_T(+eRGZtc*qt@$j?EPQe8mf;x#sGh}iwBWg;) zF~KxFe7;keV9R}Wso)P^AoB2r--0db@^bc5cq!agZ&&=g>39;q&kfjR73>FNA69?8 zmw9FwoI^d+%RD$d0z-YCm)STx0z*B+%Y1ft1crLLm$`9x1cv&(UWV5uIKBDm5A{U& z&4#tQ32Zr6x1~ zy-$!F!tYdsR1nVmn-?1rwyhgLa_Cw3Z(TOi!t)*VG+xmsgQ$#sdX z_F(dVfaxM|vXEoLPfi**Fs4G)Bv_OWWdh()~oEos7A}d>*iq ziY@0DRS*)URuK{ai;xhQ2#HZDBplQtLSo4OtIW9~^|!z|kkJZ>I}=gPG2}n-;R5G) z&29cAWdG=d;^}3Z#_5Ika?@+b|DB3Mo1Uv>{U}f=^JT7hh4k$dpetS^9!rH%6<11< zJHm7)dmTj+3!cjFc^zlyh$}V)cP7FzO>xcJ_q^4S*{<%)@3ker7tTJjb`xU9Pkivy z&5i(@aeRA%O-Kl zn9M+3S`JoW4uU)6kt!BsB`ww>MoQro*plyiH_J&h9zIs+d_1|EMyfRj-ofx!qH42u ztqWCmVRD@;#f3W-2DuJl5cy4QF(Q8$CEe78k_QcCL7yIp-HIVES{6^?yLJ9s-zZar zr(N<$%><~wF3+7xniD%WIrI9Rb$~4Eo1}* z&hi?q{D0%|SIEImoNWs*t_-^AibiCcxWx+m+%!&m4s+%#jYrr_qSqAwx}bVnI4!vX zH=kSFt(HF2eHm-qGRcsIKOI|Y9d2jE)5y}|3E(2}H1fs7(=42Mv4a_!6D7sd3z)(5 zWULt@odS2t6dX4xASX__>y#crs}9Q%`7h&dJarc_l^y^+*2$1->XZ=0j4bM7-pb9H ziXcWJnxNZ$M*_)^(H2>BCSE2#iBHE=6rw06`h6js$_RP;ae8lv8baGWNslC zGLh@t`Fj!)09AKF$)pXJzz-N1oCrUq?M@}9;bIE1Y;%#4sA6h!TXHkSR1T|d9aGzUa`VvZ>TZ+PZXpd7_OdTr!Uf+!9`Kp0fp(%3aV= z36If>Z5X`+DRsl>r}3tKC~g>SVF?!yBu*%I>*r$-q8)5>nGK`UC5nzGHtZ=)A#4Y@$U)iLBxtPg3E zp3{~6{u*ejxO_+NERh~R8VHAX@lf3oOGmEF;Ykjpg#DyF&bxS=9^XB@#|wAu=oVe4 z#|u&F>T`O$5T#DO1N8W}&mY#~nL}Qq9vA7SL->+={QeI{d%Vv-=3MqTchiGEOOJmI zzcP`U0fSWW+RrL<`!0JFVi&r-Q3hZax_vp`!Yhz=wI=U1MH*U_I*O4 z^4uO>h|<2FfGE4bRVSsbVQL>QD=vcMAC6ky`vlWC5?X z*Dmp(0&`-uUk)lD3R_vSKS|;9QuOlj>PWRiL`(H~OyRWiv7>dpRgZBG4K@it5W%G9 z2L*XQbf4;AJw}1Uv$5wi@0M!?MMpJzxmw2!4arER-tr zLkmS2M?}L>Bjm$Y3SHfR?l=#OB;+R!8;|gl4)hGl13ziOn-QG5ybc~Kbp>aEUnncN zgsEfsQmkaMM2X;Za*5!KBT5D5u42LIPX)?th|eW|fQbSLHobQ8)cM0S>Kkku|0>5@ zpuK+aG}#4iY~}N$3aa%`Bdx70-Qy~*s{LuIB4rf%mQh0ub-VLEc$aB`G5fx4umS7Z z=Kq)YP2A*A&*sj4!0xYxBLy>^uKIt#lMH47ek7Mc-H4IG0PEJYRrYcy6Q1Q|J{rc; z6uBn6WsZA00jR?lqO=HB2QOBq)?q*w@p2XmJFWkM&Ic3rQeW>YA&GyW| zur0x4F#|EhRMbuJ>t|ZVfQHa=vn7gySLb*Cn2EN$^&8gUpPJoPm+kZ4EP1t6ZMaJnL2ao#TTWT_pN8rY-4|RK47k|ec z0C#bIJCkXS!|;kPo1^Cb@H_7P({k7Bnvq-3H6z!!aYk+>q}=SD8M)aA&)kTV8_f6J z!Omk7A9cR!e$se+nY|MBE-Zv;c>H2~L|=mejs z?B(NAGw@T-Z@SM)Wv7jwyD{dU^?K=JZ0E9HaqjPJs$m7p)4YQ{@{y^RPn|vWqf_U& zhZEfMPjid?(URGiF7}h?1;azP4Zt1!w=t+A0_Utb*URMH2;(}oK4$jhkouUVA0)pu z+eef(+W}6+ZB1e^&H815xI|Do#Q&aXVrMNWJsTxDT#cG8-Yw^kOB#zFsalS;R~5~$)%Pd`k2 zF#C{hwzf0f_&J0gjmNbb1{xJsxjc@ycG}a})>MypY`fnr!0W(rT5u zAhs?s)fg<2U|pi3rWQ3;s&_2bsjV8VmEZHc?>YCLJNE_sgtc1XMLj11jsk_k1^wizH^;4mKRL2DQ9(uqmSQ7*cIb?z?5ECTq z2sf_p6+=Vk_@J+Z=eK;2v@DKr^gz3$2bP2EaCBmW0dZq5YUgY3wdoYIJ8;Lv*$EA> zi!5KBW=*=|P0ytcbt8MhFz{Zrc-LEhW~t^D+2C|FtMGugK}SM%8tPn$F20D>^(Z`| zfz@T`m&?|P=J+4@YO>$(S&aB48iAw~U&v{Xx0pTJI zf(OLci72kYJ#btzdhcX?WEJ#>+y?cF(xzt9vP13twuU(=ncZ*6Y+tlk;0^t#)*d6D z#*%bfefd;t!)Q?)#Pa1U2aN|S=0k)SE1!1XsZ>5q8DoeC)*V9T)j30l(>G=P)pw=a zp0nfLq1LFy9@@A-IJ-mr@yUt&j9nXgK)BY^q8m*i14=OpQcS+R>sE=%eL#o_euwARg8Yd_@Y@l=S$n3jiYE zW)!?)n|M-NdwfR-tZHw2ZboVcn@L%>I#wi($^^tG5j^Kp>R}b+HtU3aj zwglpd&WvWjcX2c#kfIszVH|@9q-X|05)qcVZ8QTRiDMJlvS`KzQsW)f=v=5al<3B1 zqZv3)hRz?1W(*c^Z*?=2NCVAmJsEUI{@&LvT&L2WK0kxE0M>lB_*6~dtmbhds0A9%02qr4u(o)ow}FD@^x zRPV8iv7TK&768Mpxcag7G8IR+8$Z@D@0qdgKT3bVLi0wy;GOuq482G2u$|<&Q-Be| zxSy_Q?(S20I@Q8iB{4EU=^Hz^?%QfJPreQPb(0|eT;45hUnsyJFh){F5M}`V!NWIi z&-WDuTC*}W*U;M6JK;*063X|1Oua|r#f zcQd$ICd%0Qy%Xdo4~6)GRk_RKnHG{um{$4fnAYa9(n|X$M>F-0qPnsrpUvEASHV6SX#!eySRD52jmNv!TevM(2b!C=isl}(&AoM=+^mMx zua&MlLe{KhS6?;hZL-Q*U$NEhLAAnsmA1>pni&olRJ)hHQHE-_R3=Ft=22{u8uR6I6?Han zn!y?CMuDsBZYu~^8Rc@7aq#-LLJKGxy<}{z6I%v$e@ORK)Hdfqm@;plrv(aVdi6b+ zc0srv%J%sY{U5@QK7x5~_|enSd3}%f!8HS@Epi)x@BIwbbbwjY({>6!T92|=+;A`q zgPBr*O! zjb37K0m_-@E&A~QwF-r47EX$~88f}Bn9nn1{so=wUfuO(KB@P8S(C^)3MNs;tOx6d z`2$W?Adq`Xy6t3(=apv}GYw#B7p8Mhc@ywzi|v$ka_RA8 z7K|AaqLuMNu**Kz*_UiuR(KqAEJYA(r6l`9I`(P9tpUj%PKShw&?y2dNcPZ1A=$Y| zpSv28J)UtnW}%_HkgUHhe3E?~o(q6D*Q?DMa#G@SI3ylxygI;Dl`ll0W1SgEU%he| z7(q@S*b*<{+B5C+T`dtNV9HzWN>F7A10W!N`I2Nfoszsdk$p9q0Z9%kV_`G{k{osk zUl}NA3X&W(W+6kB69K@A!a?z(5XmK?aM0>R;Rd_M3=T6KtQEU8bx)#H6uvvc7lkF* zS-(?subrYlohd}r>rEYQe*E}Q{4fE`%1|T%63Fuz;Q>DFkP(gtLmlp<PEJ3rz5IJ5R!^z9b$C`$KswDIim~10edBg=n>m>xk10<60Q1Qp&g<|2W_wt7Tl5 z3;;{cFfL!faPXpGc=ucY&V?`MA3;cHFZ}N^0a%nj*g1x7!7+vk z8pQLf&v~U=|7gkOpd{$km>LUYmg9CNKe5HXkE6WgqTWswP|xI=T|H*rk(xs|B|@js z(w9ZB{A6nnp3z`lCh42wDjNsR~3nL1R7DbPE-7NTN`%`lAi+z z=V0OPV%y0l%cUE*G0o8sl^Nb`=g5=pbCj=0tww_tG*XvFXIn}mzCWiOq`!%R-Hth# z12&T`eawtyP=tu$(`O~d7aU5+fVNbcp;lRUG^5*ZPai~+^V1XXU}qf+GI{V9j|Cy9 zq8sfNQQZVn;Jl%Rtv7x}0CsMi6#v}~3L|2U8UDr>#Kj1e6~JW2d@J z>;$OJjh)Etu&U6BQ-@VDpkf5-NMr>C4pSA$0f4zP#=BXL5A9u)zKP|M#m`HXr6U~5K38S_nngRD2gy(!@Sc!-Bti&4}NIcUEBwc19 zl11W4ngnAER*C0;0;fd~99{IbQqB=B5J)_vTZz|N9+r4TuXm`Cc(@aYoU1TLeR|=> zFdH#Q$85j?k3l+S1HoM}NXKm8sCEp}F&pC$@e)O$&PGo(1G5p2bj(KINOvr5GeSYS zwYViskY2tzr2hhl3lj)tB^K$a4NH-psSJ<~be9!&2I>(=24XBBI6##gYJOTNfyW1RcDEb%<_>Wax9$@OW>cjTcUSVS3yLqZN9*8Gbk)2dV!OJ$^XX zrN<3rY#8L%z{$t=O@Mz15#W`& z85JVH+GE#>0GllVK3HK0u!OL`+IPDcNEg_aPpkbmcWCuz>q4tdUlH8-JVy5GL90{y zpj99H)bE96&Q^P0h|%2Fh1p9Eh$GQp_tt-pIJ2VC(MQ8@z$LQ1AwowFgy_YlXb`4j z7a8Nv;rS>i0XQvD^uqID{KResL@#PQ9Ic^h&(EV7PF?vPkiFIPa_JA0vcXmy5q{juqpLBO($G${wUYXq&i}%`_(v)Z{P*fBGCBs0 z48|Xo;s~-g_E3oa*0=C2zcpt54v*EzLFZ8aVsvuQImo$3hVM=o=^W%7V+euHQKJt- z$Z`FdnG~Jey8a|hbaLbR3s1Le2yGn4Ok#=i{(qMe=ldW7Ax_K^7ExKD9CHOm9_|gQ zb&Oe~n2IrLfGL=aF(?G4pmWEd5SW5qAA>@01YA$n2MWJDWxP{XL&>OPQF!5}r6{}y z*Hc&&QW-Bi3964nVGO2LMQrg_x1ulxQ;NbqF!kjT+s`rD$lzizRsBgRrhc?VfGIHm zZ_z!c2(iTsPchZU@SH;irY%`Z_JoI|xhFir9lC4jae%mH!#k_Dba=OI9t;oiv#jta zJXMj#umIxM669D6g{X9mUrSh)@oOob9bqjY5TFkfetB!@YM>!9>R1Zd>EluqPO1n{ zC~m$hv7#c40fq5?8K5xUF9U?cARTK7D2ze6Dkw2XR|O>o>8tX~^v%G&JOyP#ATENZ zSft3}MRSwJiN zZy^0AKwJb*u}H7_S1Hmj-!wpaIgxHGs4#1aCus1(ct@i$ix}L3(t-3Cf(E4n=`jSY zNRPp-BE1hTf_P_j^!gfvFk&R*uSpX|yy5B`jr#*Xwg#+_O0ke)al7n;QrvF0Nr2l8 ziCbDtBBEFQ57k8;C;91{{W+-bK9nHXmjYIfCGy@X`F1HehDCt~R$=lHkIPlT=Gj4_n zbB*=mn~};)TR*;}$xItRzJm^+DG<56-nflrro#n-nMS(x<9|>L&vdUh3YW9VoQ8*{ zw$+)K^>BK`whDI|ctFGHfd|w^o+hnrwIgG;xVQMw2Ij{z^y>yerzKHbXV{8wGxYR( zqW_?Foz&*$_9ANGiLCL&S~y1NMx!_(V=me3_1>|%N6CO0Igk549{10f`zJ6WZ=*6U z-mQ&6bipgt4tOMetzr8X6$0z1C9dv*``U3Wm7u7>qUaAeZCfzc#H~GMo>9qYF{z9M zmiM`4Siv$~J#_@T!ggt^D=sKuhi;*4`siPyMuaxv|d<;wMNVf^Xbq8ya9`D8fAR=gQ(IqhY z8wU8JZ}+^vaP*zxBc4S+C|qsr*vj2Z>bm>Y$lz|X-{=q6=&Mk#^`z90pf0z80a`ma zc)Q1keu;~IDQ1B>L}js*(W6j2jD z1ETH+Hxc%2GgUkrX8*LH##!61j8p@h1ojE z49xD~+v_TTP0X}Jk_Af%049?Pmxe(wE*vLDtFdu`xHw#aFtKM`ZmVI4BiNShmJq}R z>>lZ6x_gCxHj0-@N3a|6KxhMWCkVfAP;P4}uW=M6487eO0IE`&F^z0hQVKwM&yq{_ ziJEnxxM9><4*68(sg&%pChD_W@FdYLl?FI-ci~}X?qmmt7iH}CHMWF>x95AC83f7o zbGlz)V-YmwLblx`-Xklk$nM7wuNJpO(ZE17W@iRr%5ptvvG4}Ad%~qa0*wM*%CA+k z#!X=gv=&;?cth?5E<}(3POsH?i_0qQ?Su%Yu*t>g+z~>#C(@ZGP;R2vR9-lr`%p+- zEc5E&E~%n98EFRyZHZHkdR)<|UZ{F@KS%XD_kKRI)=bL?PzfO0Q){A@q%eq+gyfC< zdw0zP?Qwcmy%%3cRq@33LXBogf)rE|DKRE!5Xx$E z?NV>gIgHM-`+ivyu}Q$p=3TKBcv$HzA0pvGomQq7s)8YylAT(z)s|%UK{NS@OTAxc zR=Yr!m*HUOofvw%_x1M(zki?g6=?qPF8s4{tKpU1SGrj;l8beK-5n?*L+$QJ4ulNU zQHR?G*>~&S#L2cnuwLYo+7v?E$9{Khl}PJ>Eg#tux(xK@(<^ZMP)$R9Ou;hX)= zTQVp;`5(B*b^z}A8WlRjFEE<3K`k;Ygc0S_td&a-j2V9b3utCd7 zJm<#MOrob#v*R{vI*A{C#gq(9qQ^;mRkJXOa($QJb%TVn+VZMYBV^~M zh(njQFM^*Mq8YG#u>*5XGy}FTc3_Tw1bt`M4ow0(bMTsQ_i% zN+L<9B4s@{yf%4-jf2HTZ8i0B_N5K5=!>V#FO(2)yT`zr#P zM4ZHd_o9`)4mnv#*6jX*JwfMYBYIwMafBDn|27zo@l8l=%(_*rZZPvhA#ppbFBjCKeq zfNv>J6PPIHTk&1y-7GbDdIljla(V`p<;lwm=|O^Yy1+{+w0j%0lOCddSO^I?TOfq^ zOCFACJ^w>40sP3&o(&Y6{iSU`BI-G7tlY}LDMMs{vD@4JbqvUActd3bXl-k0)`|1_ zqCBs$3~KJ+_yCRUc`~8y1|k_B2=_Q<$OJd09P|gsta*v(Co(x%L*%c#(b;H_Ni5;N zo>OdEHu>dkuATAmnzG6A*Gk#s5g!>gSqSEh&#JyjzSEUIu_!p?o(l(#TFVnl8ix+PJH=v|z89Cv+s4M@>zP=+vUYa;phS)YSX(m*f8&2*=4wPDn-fTs z(B+2m7U{3!b#i(vv-$sEJwRI90&@tqn752eCPxls7I`s z0g6?g^+Tn|FJz|2P+74UIt+0wO5Z{~?aI+QpXVYpFlqqeb_V5?Ti%G5F+AJEN-R7! z;mhbRira(Y)CJtaC+-a_b_hB0S;6OpSP2E1QVO&cHgFVyxi}Sksdxx0jE$?XN2r2Y zT9~m-Si$fTb`89SER=N^=&>Q)=DPPwXmUO2HrqQlJwb9=l!<)attoY%?+eEa>iwLQ z&-YDF-RIxTa&JVH1j6@BWS;s=d@r`nHgc8_3nA|0IUpM;h7M>~1;|lnLsS&6ID9P*bDw${L^u)ow z+KXu({^t^1j1=QNhwD#3_$FpEnHvY%?eTui1l#p8a4l^o zOQvkJkxoc3Dk(h}B*V*)49|h+E|vI;Y|22y`koMEs!&t`YU)rRvMJON&B8WI+&Rr! z%|e^)NC^ur93%RGE2uHE&F||-g<1!84VOO`>j8f z%&aJmA3lu=!OTurkpTy+T+>N-4LW{b zldzC^cKE%}s*HT9DyL><6U3tzR(``?G>V zkgt8fNbKD|7KsWC9@O<3vI|FJb;#HI+{Fomt-7UwXkXYqOTD2F8vfA>4*DJem2$i^ zcfi+-AU^ad6bX!x-IQv{Fe1EeU$?dM{MIbH$KV5z+U1JW?IFxpCsJ9#7pd>Qw0e=s z3S4)BrAJu7h*V~TMQX5er;#bbL_dWK<9IpL zqJIXRy&7&1$nF7o!IvxuYf8;GPc=g8%2W+ZTn|NH{`Ay*UlF)L>vtRbmVqQ_gXUNT zAjVFT*`cs07(>D-W9D9}s8Q#%FeK6fQ^G9_aa#}@Fx6f7MzG-ml#hE6s4$n#V>LN= zhr&0O3s;xpUijIOS^(%c1R@;Z>xSzZpr5oY==V`~ZxnU+PEXzIqwY3~2Xze`WItDd zI-^kuGR?pNF;|a+L8qZUG3Yd8G3YjA5jhHo%<$2W#u8gPAhf?f59|T}OM5~;y#R*> z<0NOlXcYaea=w@6nXR)`7@RyfrY>{jurZD&JXdg4StAc>jVBB>-CFirW91#$Ph$AF zkyDt;IVEd84zRJIwKhcV_ce0WgR@kh5D6~b47T0;`7PyAA==tGk^OCC9LCvuQ#3=J zy$#U}b@rYU%}{6W(a{Wb_U;$WP-pKBl0gG>srL_0q*XVRKQeRsj2QFOo=+kQgZuym zeCEC4FC4D*s+Gev<%fdtCPceGnB;up^eS;xI^DpOy2KF1G7w(Q=1dYX? zI|8QS!=HhvzQ^r6Vrj@4hID43eZ*4IByiI_Vi~6W;fd^EK{UwgI=~*Gtk`iM*iky} zE3iI9tYX}v+0BnkAI1&qMO|DPmz!>$*zGmryc!>hsf()s@Qiv1p?Ez?0GvHcL0K$% z$r~1C+ty5O{e>mf6Lx@PRbQ+zXVR^&*~|lxX~p6_m>^dn03ur9;tV6guGME_*6Op< zQ_uQJlD}5Z#tJcO6)jGQvNlA7kBx1(5Ij#mp zO?+1)+JJ=X^%g%V?v!5d8ScFF8UOvp17@+k%~QcgNNtx=(DWGRW=LXBmiZMcz#g`- zoqbz6W4)#p+Q1STr$5CoVGO2GkWmKtU*HBSPuGMo2!slLA${;VsO%hr3|zyBcM2@l zGc7ZSC0y8Tvs-3sf~7F7{kH9x+j{kH3<@s&7sg}>QVMJzDxd*h^}1<@DP!OKAMp*O zVAVX!YZcG`1kLDuVks|EcPg9;>W-AJL5ap)OdY3-|CnjeF1AA#g**GPWiuC#jQU}c zU6rK|Os5l#qxlQH!cXOSPjmN%dqtXn{YS__3jAh4)+K1CFi{#a75<2rk5GkAA^d_0 zVxs2_u-UJ;U^r&P=K_LDDx`cY!oNl{K>2tx?&)X-*un*g?C+u((3H+kWN(gUz>I*d zcuXWCJ*b7NpHC~OgbqQ5T2P+jGd8tUf<-f0HyOc#o6uNg!aPf3*C#aBl@jZzybDDf z?yk$2WCo0Z#6$15;d(LJh-2~ z#|Q$f24k|IqBU7YwS^U-Uhl$JKzkgSaFMA?V_L%LodF;%I~KqSrFF=ORQUk;~aa9Iqf>?V9EI_O|1lBiV zM*}(GVS_)$BKDO>OA)*E%PwNKc`>G?Qyfk^0aGBHcGGuI?+}>~pLWKi{^dtK*~j9q zF*|pD!1W?(ViX0xe;lwJJbaVSpeQ98FSku)?bKMQ&)}>^qr5x(>NzFNH%}) z@bRb^jCy>z{hd$mn{NB6;hqc1#zJ|@ZxXK6)?uJpP`2`UXKJjpw0h|)iN;ATAePab zmdG9uNhhfx<7<(ObboWa2+bLd4NF-i2e(vTnVx#Z*L2NwAO2*6BZ{aoB0dS7-VRhL zTqS-o(yNj9F_ zW_aMkt^Ye7xWyk-!6XkPuJaANNmMj8evm)mSvKZCFQ)PkEUXSGDhdU%)k@%g4)`4Q z*P2oGO<1XgdHB*O-QHXiDKuXr zM5)h){;zoM0nXyFQIoxG-v#(07~X%)=O`s|5Gc6-rF2=DQ_Lrt1S`yZv6DY4<|;)? zA0wP%df542z)qss7nuhgXGCUXB>@Oun9)}tFpnY3e|A8DHLyk+-3M^+tXJAP_UScU zULW6IN?ZH=(WNceKiHgd@5iM7BK%gK>!!Lqk-b`3k>lSb%Q-8NogB@;>bnHTMWY!I zoR=oDqoWxRoaf>?f@lT==S8@V05gi&b32DkabY6+HZm;Ek!#npV^f$qA)7+d#8_MH z#S*VQB{+9_h8_{DXQW$WEwdnu^P;zKiBAx4(*9v_OiOrl&yPU;mZiW)UPVb8H?)Zi zo&NLRiOZk{^}GYi^eFU6ACY1-PI}o?ufxtEQSB_-ckyG z1Egqx1IFL{LrhDt6#fb=bxYx2Q$Hon|6m0PRn3WO$ffWf+mfHxeGv+uMDNL9OS^}m zk=0Z94z{c7`syl{!at-x!SCvo`(i1)D{wmCisOcT!TyHBu_YX)QM{Y5^UV{uyh`6< zYz29OUbz2=j>b#3O?cQiN?+|~E>1PE4ahs$=Czr;>@=wdjw;U#WRvz&{0voaGZ@9y zEE9BBHv~kXHZ69Pj%9_`Nw(c15O5+4T3;>DFeeK;4+ma3g8qjZ+VBW_NslOOAB^F9 z(m9T{w%vF+bpQk!eG9f4qj!fw(9QxKt3$&c0>>>z#(EyJHrPLwR8 zl79eSDbKUq(!YTSrfN0V)D|1b5}j6Ta`>Xk!sIE7Oa! z(wA~nj)B6U_K;&{da_?r>aU?9$^K2Lx5Fs|no{qio9maifeV&-S01++?Jq^^Cei~B z)%18haFq#)+}dIuU?1(q5>V9X372<$Gy{AcF7Gp=8Q|-1c~cUHyGVks!{x0T7C`nL z(DhhiRj%mw9L`OoRsg9YI3M4j+K~B?qaXK5#3`H&i}5Cka2`1SfN=$HBA(54g~ z-0k>+wT4P9vlcC-(u>6=hfC&VktQXxvMGhfb%hN%^yfa}{MGo1c+44(?e^iEV?-w( z-9^vtBf-4k!zBnPBHhk+(j0JK>!o*Mr&)Tg(hZtUMuuSQ{9U6NplNJi`d+`84kGv4XMJ`+3hAx-*}*Lv!4j&reT1?>mhBfqx7BgE)6)w{>UYE`n9N zGY^CtL*1GGMr@-q&l;r%;b?fh;{qK-*GI|Y$F6;)@dKH9+74jUWrbZWNlDa1uw_;@ zt)(0J_qDzEdLmopPcy_;i|j2YvRj7|=@kJ)I(#l=(rU1H^;VCz<`-2tXa!Fy^U7b^ z1a^UW&#tM*LSpXjXj||tWl!=9p!escZeg#q@O>?&4Y` zQxuhyIxQ>?^vIE7NHk$lul*cCRyN%eJ2oI&<1wbK=)zC4nE@z{MSBZ@^&(K|PR5E8Q} zSMsSxn^KDxr#j4VsZt&31IXFr9wri1q)?L3se|DUbxP$MSW4*?w;eUt>X~?4UNR5q zIKfz#Xyj!u_=RUnXvsl}F3#6H+Q!s$>m4Ro2agRcx*S9;EHPB#?x4i4P(tU1z#hg1 zgtHRZ27DoLFO%p4t12d~G8ArLDHmAtmQ&#>rcXu?D7sGf>&VwW>J5Krv$6qt-pbO@Qq2L1?wEo3TBluU9J z>bH_qtx3?x8&O?%ny6$#fZKJ3Sjtm3NM!F&m>^M;L(P#Y+8QSd)_vml%v99n)M))akEigY61zD zDI|z-<9IO2%LfW*97KQnU;%yIG(a*vThPJLc$}6&uMHA3Vjck&Ajm)YzL>1kjudIJ z%)AuF=^&V?c^Er8Kp2mu`+QRqNSwE;$PZ2l3*otu@lZ?VrJHNIy`RB8QS{Fy#^uv>`gi=KbaSek7l!dwu5#}& z7y*6szcYFSn>k53#`YJNYr6G5vw*;@7JA2A7jiW!=JrS}kjt+Y_Vg2;i)Y6;5A0tR zw8p*dXTEN{?5cThe~1Z{dDznA<)u<)3C79Vnfj#&+N_jJ!18VU5btHZXcG0^-tv6E zvcgq^*$>e?u}AB5 zbagZ|pg1}zE8L*lk_=~L`Fia(KQ-w+_^7Dj z-Jpn3z$Q2lklP1X_W&&I%Yf1CeUw9WgDH7aP^Pl+a5RHo+b0?ilm_jBOIMias;3O~ zdRxoZO_)-~BD|z9loj15O3+r5+Z*zIqby)CMjyfakXkXdcoP@@5Y5VlAT)KV>G@!p zM_A~lk3UII?nJ5H^Z<=e%gG-ZuFR40=_i5LO#O23spIiW%DWFA8pbpiEk+pAT!G;W zFs8Y(vjxNKaMU!{{N;?}eY-lzhnvE%-!VBg;TPshk&@)Q+yiS)wY7Pp`K_P=c zd{$w!W>um}Icm+}!&sU6CS;JnG$qxf?bVG(_~IO|d9i6OpF%A#uQ6jQ6MFDpCc=7Emd0H4;1gPz*5!b+Q>Cn?bR?zvp*?p!95(f}+p zpxslYS_+?>V?~mfRe=4kdL(-+r-Di#V*vzq~dUcnw^W|Vk`BpMCVkkr1aVj`s~pdc>T#MB|)B&bF{ zbL?oC3wq=Kh_jA{Tg_Jx3ZI^~h-RvL`%frdocpakrU6JrU>cm&-sMg3s_@?kS#_(p zTyOh_#B4(Y8cJui@?N%FILI%bS#g?`=vEbD42-*#ImIL_?Ekcx#yyRKp@&7 z;AUcjieEZwsmR~9QD_yhgmy~{t&luxk7n0eTZ7DnGOf&yn z5YTT=uj5SmsW2!)!;mgohuL8qN|k1J04R8o1+qyZYs@XyhrSl7FAkE{akl_5{;LdFI8wWJ@7F33>o_w*8D!w6f@RemHqUsKkprD{VB@K z90}31USWYdgTNhbyG)*%Y5y$a^-KJi#T-;(a>ZxgdY`Sh8!Ha7rKD)dKR{Oxh!5Nk z|JlvA~G0rV7ct@Ecaq?WfJzsK#A^7o^MWgXmr8R1)NGMno0BsgUBx zQQ_sye+;Ww)>wBENm$@~SK@n~e#=ds3)8Ka z8=pG)-wwZ&0kwl3+c8{S@2ecpK?o~H=}wU2U>#(qx4{+t{6YQ^qSEg_&|fi3z!#ju z#J66xOzZd6~5f1dxuz%Y!lPh1l*D;IHktTmqH<-GQZFQGo866^9xc* zN?84rQVbSfqw#)q<)vU|NqJBM!CpS4m|sQAl(`5UShqi!I>Ho1s{RB49tK8fhE(P2 zE7)`sAy0boRVHo~?Cr-2cC~TGLll|BgW#k_oH*r`i@{nKw6&dJi}yT$;`p%LjtAYK z+EEp-s-T$q75w(^Lj{7U#*^*H`i~8p6E)P_^_=Qbw{b2tx4=2ETvyGdzaS-3KNn=w z9RN`wG^uns8vx-ydd+AV(#pJ9OZpSkc)m@b{oME+^QEiN9{nl`EooH6!CGRr+JhtI z3j%Fg$6Q-AKNT=cob8?d)q!Q|A>CP4nZMR%gDj0TnlTW{2mE&(TB zH^e*oB9d~=0yFOwSg=FzZPp*!p$kx7IWXJDsB4c(7Q;R%nV6PSL0Q0qs7G8Q(>hKP zTEmsy(-!lmch#kw#J-oTuq3(ZUlBqMMIz<@ghQSCNOVE(cWFN`?YaJ4BU52zxciM$ z0Ubt`!ia!uM^0D6gETG&c4hqb9jV*d5u8F0$UC!3jgJ{Fy{9~1zcsR%TK6>gi6cUJ znF?hRg%Qd_0-+3Mq@lK%dNOTSKHskOiY3X-OwQMX&DK@`d!DSfW1d7Jx8;->x-whu zN2zJYnA<6+%`k2;!@w*W8G>B<(^Iy>Dn4I98aa`snO{h|-cK{XynK3!6p}w)I-e%W z*){+2yUu*`FTR@^OcUszKMM!i?~Vq7#{aQKh*#o^{gE0pkNlGV!|-~5Y4N+TTM@JK zfT$krmE)&=L=+*lTT`LGNM*cx<4t}O@;4Bi*K=i1QfKO0FcoIiwqxZ@)hg(uBUu;x zZfM|d{13C#?mdb9JS#32qv zvdpj11frmxY^8dcm!LEY`(XVh1*}EPh>$@2<4rQq1sLc83{-S>MW&LiFaykEIe=Q@ z;V;H{1{q98a=hXM1MNtjWbo7CWr1FcpWlj>QQrd6Uf}KdI}xt!Qk#PHyc>jFU|d2? z6_`E#UI4r$nO5p3KuzCKfZs<|;lG$izuLVIel5bJ&+=|Smn~GufUda$ijjsA(Dlo3 z3Ie)*6;44w*KOGCovQ&|^Y&yw*R7fQTYZYGZ_n4>>LqRt0=oPzZ9vycGKHjV86W%! zl*0(6rENe0gR8AYt! zyP#bsAyAw0H3&!{1ES_6Yw0%-JuW&eLX2YKwjNSU+5^Sp@_Pcs#3>(AOxgp*H%L3Ax4rNn7_I}|2(A*BRl$tCAA@!QF#tWwf$m6F>FXR(t^J*C71{v<=7?h)2M zhH&|*{$a#$yb92*Du6a&#J>?}s18f8(NqTxtQ7YmQXJw$4%>c90W$cK)yBf@l;=79 z!!;@7C_9DbH^ASG!89?2GbQ>#d!Qe9RzEoTJm9l$4y1wwcD4~PDp>ekr$k}}3zF>5 zHRfBJ;h>1jL0^39neS20xILt2j7;p<2vlLRcTC#*Q7R=E$Ht@LI8w!mE2$S@I~^Si zlurpVsn|S7LkNl+@!av;MTpos0@&-&sX5m`AC0TZp zP_k*ocq~D}!w7@)X%BbY@q=*ad#|_rr~Z;bh|t^DvnBla&wTs{LQIB8OW0+r=8x79 z4^p*4X#t$%>3p(zcr)9St+kB-a~S z>=C$gO_QWWiMM74Q)~x^NC))lRAF`wlS)J`79|sm!W`_dRXQb5NFwKgch}eqKt-Ts-QYZkPK08h&#Oi{;X3AQ+(U<;Q`YL*3?v)v|2p=vD`>yX}?F=5zgSOW7{R>5J(R=+TY(@OK zpi4thhgjz;oZQd+kP8k!9*~mwkuR4C?q;<>D!9SpJ#D)Yh}Mg2-&5{$`rcXkre9Zh zE_TEf;+}Nd&uoQlo-^8emF9JOsf_M!x$e*Iwlk!kJ4`jb?qrYO2850_m)JJ{@T_Tb zmT5EH_M*+Z)8^^&7bntGz^U_8pjreZbf???Y-`l^Sp(I~T~4x3Rny&ewm`W&1ZDPq z1EmpTqVa+wQj6=s`T>cP=y~kTeV*6nUz3EMWab*Wh*5Y3J5o=hClWF|l-)?AU#WC* z4=&kD*+%RZr2sjAgZIBc3YH{oqg?7N0ci_z1O}aKiGW)-zDY__L+oYz z>_{y_zmTVk#-yH3G;?y$5F#LJ7U3oj&=$@(oc~9&tW*g3n<0z67X%J_Jf)sb*m1=R z!J|oWye=yIf+~?-vwj)chgaT;V0l$!>@BddXGN53Qb%o>iR@b8&^o-S{dKdnf8HWQk{vJ_43)t&^N9f|4}`R8P5RX zAw211Otp}sSXdoFcusyWlxNc#-HWXm|M3Z1K==TtNu-qbagi|c$U^&h^ zZi%G^x?5}hIq60~+y1Gxq6*l>KByRV-BhS#-}Ogh0>qC-0-iI*p4d)K;e2wc!mGQf zAZ*4zE1o#pSOnn`qnG5KLJ2fM{C1%yDh^;#M5$#_#toz_DswRR6f8T@bBS1alP8jU zJ#X3yI8h5Yk)?h}VqXOF8f@Q$5Pfd!2@}%ORx}Wj9F76zY9X<)E>+FlmB~=@Y|xhh zfC3yj>{cC zEY0xZ@rc9UGEFCU+M)*hK4t88c%gu=PgRIL2#aX+N8VuM zL-nd~-^&7&=DjT14nlMO&P%UZr(A&e-IqtJ*Q>lvIHN7E5hvKe*_IuO{bqFp-N7;5 z0GMOnWQo=(2EX2qd5-z_u=6dwqDiZnIS-ndjzot;vgmMDF)!of=?erLMfmxOG zTpw1yI{?R37&|aaP)ED6HU|g+G{z-CyePb&5|iL9^N^OKgLxeg`O39~4BdR~no(dD3d?Hj>1V29?lLnOVtr4nhp1(3@pJVU4hndV2O9)$v81KtB0z3@G!xT{nf zSY$%1QjIh_b&gUUh8jpWN;T3g(x14{I3rs~-01^x0hWeO%G%Iiww5MCGKz9L6-}H9 zyg>dhyg=@?jbruJ>n(9@2PeIZRV?ho{h?q@)YXBZ8advF&7G{%RY11R)o?$%qRoxj znhhgPe!PQ)8@7+Jx&fT=r*x!NpjYsA?@ak)&6+S$uyEj{E}0fCoS}*A3DFEaZ+J*F z11{IYLDbOS;`uNbH5sl<`8bV3<*=$3|pYr6SFqL55&M@1zxAWu;y|sQHg(8V&?bpqi`&fSYImX_TBQ8ub{n|r$|;$ zIO{(MnoZ11N*1bxYOSn5mhp)6wlU;O)@V8O7*e?7zW6hYOlJn{i~>s=C2Z`RkRPro zL5bi#sA+2)K&@GnzwWf9BXFMg>K<|HH)a`?v(JZkE+ zEY)dAN>-0))MV+jkgCxdH5=2~ES4VK4v08AY=72Bq~K(F{qobAQf;bd@N=1d>VjPQ zjRai?ZPQb2s53qFxbH~#1{92ZY6T7h@N&f&_o1l;U_@+tTX;3Rk&md!qindeIz z>!8sLg1$t2`bNT*k?|G|zvC{s}jQr9c`XdL{L|1C^ zslb@NSC|CZuW0GS7xbq6hGwZ;6z6<8MshAOgMR3shi6tSXqMioocXgf%B6pEML@_&7;e1G9It#n1YwTe4Hofjw&&Gt2=#Pm6&wKV zpfR_)t@g5yd^;GUYCaatP*wBxXojkq`Dli!nwLZ~RMq@;G(%O*WHdun&0V7zs%rY9 z&HM|aeMXD<$T=rkO%-Z7al&Zf3j}*5vefZPGB8SHs5u3+9#km~BWLl8j_1ya57f`O z!biG5?P4u?w6vfNAj^&-S^q~~7vAL)5-jU_OC}k6%|jR5|L);m8$u8C=NlNAE#d3@7=e#5 z1BW-faAjHI8gXVw8FPb}?jZQL72(=%7Bs%nu6gR^@{YU2)!GHV3S*08>ZX7{euJPm zjKCi@1B~($f%4<3@E_3pe7avJ_(Hp1dUA4Ke0M70)B#v%94djK%CIZ%0U8L0`8_mD zMWIa9=cUD(SxjAy6lzRgiW ztuf&#SO_1#g(;zaiViHFRJY>i(6*s56#>6bh*wquroS=+%Z33B-p2-&&>moTOE@>$ zxfP=W8mF2;O1wAU@1x4fmm6nlOzp>LB(9pnAis905hQcwS#*GUc=(G+SoeENl zQA5+8b^*ZyyQUup9p>=n2 zGa-XM7J6qBIYe;H1qQFfE;2v9zx^5_cpuC}q0KwJ~oK)49Kz_hO28$V3~7=^N|KqD?Rys7Q=RUe{qxaV0b-Xk7IPE zbYFhy1crP-MA2AoV0n9ChQvH~YYzx97D0ZVRF!Bj)M#Q)uxF$`?n&_b%@Oe2R!y2A z#pLH?9nr#`{^@>UlanpAos^F+VgwemCdSw8idYBYMjnY($^P@vNUyLma; zq{p1w_?kIr*t3B(*Xze;geQ9{#=!58ya)nqguxg7iai8d$Yn{U7A$V=)$1k=(yUZ- z_5{N11L5kIV!u`%%|8JP7r2z3d==Q}oPK?v1;1sVDn{qD#YQ;AV)m0g?^=D5-IhlX zti4RYCRI93NKf_zzv7AtQ1&thdEnN1$v{VH21n76B4y%_Sil|Gt5H@G|Dt&%fP8H` zcy%YW=W)%cx#OCfdB<3~SxWJe8t=(BQB(t?Y@-3{zs`2#;F+A0$~-2G+so8^zsg*2 zzmC*g6h^=w#)c{_(0r-}`?dGN&&*@&8&jS@Inc~pZ`*rtu-9CMMui58am+Li#GAX5p=XV0nyxQ1b|F-AlK9?MY)W9ecDyB+Ug( zkbwYXRl`swmE9&p#|xT=n%6K!SXg4#;nD=TpdMBR4dip=U$|Ce;a~c}Kt;S)hVd(E*3lM~rqG7? zof``CfeWWaV{@X#i7nz4pYR$$(7jrs_Xf_5WbA$ihT01sJ_#}}0I^B=A$`a{tD=@t zQ5OVvp`)-72ek;3<%&jQ#0h<-LfBkX0rc&yCbtJ!3NVQy2m;CTNC$px$d6%O9Sx!4$ah(+3_zBiA@V_Nbc|Zm7E)z7CDc4VrgA5)IVyY} zvqEI(!3vr5%Qasim$A*e&?Zgjx{7 z4aBy$4GgpYBP`*Y{&I5|$$yC@jQS;*z>)!+F|dRuPFK~=u(Uuu5Y{ycN=o7Ek4R#2 zahWjF)C}1yy*@GXyN2BIwKFn{2YGM5rU-7RLs~zDoO&Wh3CILo|7ew5+f{QKnkgE`q%^!V*gAq9P*J zS_{9%SK})Hi#--Z4>X&Nr+|@w-^o>H##)QQufkcP!t;W2(EU^2L9nyv z*CGdLC(3TZI4NLMabrM^8C&UxJhxc3s8=@la+j0qggocrdoBp8T$c%Z>D*N<&g-C8 z6qbBoR!62qZYxMMHu}6pQs4^j1evybC)J3+7{cY0d5nJ`jd-DON2(FPLvd?_e#-PQ z{SwXlN-J4@o>$X|ixQWl^VOZ@YEAgbCh*?maIuBO?%#IY zKHgK!Bdl5dIdA~3f_Y{M%wffUP%hOVR~1ppvr#E?16fC` z6dEh7*Ly|^O?t&hp-q`?y&mH>5WxDBGgKV__!pBRO4(+wU8+U}NXz>0yqgXq=3}nsB)t%+w1v*QrhK|dpI@`7*DYbrJR6Xxb zIC1i+Cb7(#3P7$k)*2LUU{ymvqg17I>S= zCUsXyeE$M$gJnXZ6wmXItO^pe{wAH6t9fmIWcAiF%$Rk*;G?b3E`z#*NfFCh78s7n z=wyNKL!Zl~8Vfjb07MC;wtJu4fCd%&?H~^E_~}Fpm%$62vy)jH;w)HQy33yC-(<%N%m8nKdlJ|L+0dm7*>rV9pyZ_qc-kffLq z-5C_qkU6*sRd&-1r9oYY>RYkOxllXE(>X$9$V5m8L4gg08_~Ux7P?@hL9y^Qn*Bco z7En(MD?KDVpm`F&Rb(IuTM+qX*DH@;=X~>2r-&XL0psK?p(28sxyfa3L*V|)v_;%d zIpwrJ$o>=WbV6#Th5Ii!CIZ_D^YIz}Ei2rGf0&tXVrFI`o=@NpxBN`CSR!g*Z$0eM|&KsDi&G#MII~rToAq4I7Ke>loOCu`{|xZrEEFqdhi?$|AD7!h`OZv0H}A3~c<**b~Q|Fm~eDih*ykISD0Z%aM+RxNg6PXmuVt))6Ykvp>ULWkr0BXQNaJ%{0FSzqVj&Ky=b zE_bza{H!{6*{~{m5RNC)aQ5ufVdJa8%T7w;0NNxRK>K7n*d7Y$-U1ws-X|$ch+B-R zU8cu|iQzKA(gSG3*(qaB9edi??~MJfOHPR$?foR9B)-brPm-%y4xIK>=ky8XQY#k> zQhX&Nz&Y_7_FC+XO1<9PQ^jbq<<-VSNaVH(x|2>P?cUDurf;GIRQ)HsXU>H6wlORq z%iU1PZdHDH0XW+n9|I`X(=Z=UyW#oRfu#XB|2_^7q8y^`m%+*XTfYi%R9A^90?2X} zEkALY_t;Dmd^SB)4tsx-YnG{Z2H_<8ArqykolA9LoG4;XbKq@jYHlWPK)MPXvTz1? z04mwk@F@lJ8a8K6i?@(yASt>ENAZV-a2XpK0Q*3Dx7=^aAzT3jry)3IM9}4m-pMbS z0>~#tBJO7`&nr$nS*IbqP&ZXGs@MDF(WSE#@zMiwAx$MUY#*-Q!*_e1fw?#OhIH+2 zv>RB`mCi;x(k%5l8|`7JL3d`O9qE?tQU{ogcAd8aQ(XzYX;S!tu6_6LU6;K65rjVL zU6Z;c$hl39PduEQDsMO08MTM>mP2#zDm|oEi>-=a35w2mteI}r8D&2&(P*}7gV-+yC;jKp!|JA#4rG$8x>-qF`%l@BO5KM4r0}0N=npMQ>S^iCc+w zGtyq08Qb!lkK*Tudw*_v>N$T~{C12A$5Y=3VT^C zadORabLayRH6(ESmsylF`e0_oD(NG3l23Qhb5&v{DMe>|Y+}as;7R&%a$?qxg+Z+; zk?pa!GyJnrb(O<@Z2y>HYtI0Xd?N8s%^Q3T^eWEi%!^zo-RzSkd%T|w8g{b}lx*s~ zw!M)|kuxAR<-3v+Q2t&CJ_j12ne#xD>qs+(N(PSPz+)+Yw64t6(@evDeIgG_zZHWe zMfu{&gf00i9vlh3MZJj$Te8Kd1=(UTVM|5t)h-cRK|f-^2b?9^z^9ys=D`9VSj4v{ zXagZmRQUKm#)dMaUr?ceJ3o#=MNyt+pCT1YRzz^Qgw?MRuUAR_iF42}cVU^K(|wN& zcPcxim*PH9_1@XhSL(5r%M#g>qZv4{ae5*f~ z!T58T06NFHl=BnW*P6b!YOOj5g6}psZCmv2Iw}UUphu%@qM{Z0hZw(Z;)XQ)hli+79Ew{#UheRuxKue=o^b?0uvVRSQwx~K~)SEHv%UK zV=)cdmMJc56q-@f%9V*Mw+h0ob7Y{7m?4A8u`bMz(VnSjhddyjaFARwQAoQva@ zWGvxqvsdYmCmvyk?6ZlZ0jjWxb5Hb%%AHFfZCBqUE4J-qiyy?|gJql`o*f{~3*Qz> zDXF}ZLqQ)==mjiKXX}4VK|28@5tw4p*||q4Iyba08Y89b-=V>J40@OgMG0ZV`q?{}8x)uL(n&Z;mf`kN$wb%9#dO;S)l`%a%lzi|jW6R4$#V|p_ZNoS$hl-+)R5ZF z=SS;P7LG;GO$t-AVo{j)=tTAa|C{V~WFotZ+rsIg7Pzs}?%j*vfkNP!i1u?T`$0ut zro%3%tAv|Ssn{x*G)1qhr2R={4s_#Cg)d$(MF)eyOTIDJ5F6b>Ubw1LDCLnlIz=>@ z!)+lQ_jk8P(uobYh3-U#j74i%%65dRAp=k}x2v2n2xYJK2ByT=HKptacPXXpe}bMA z(KqOpza_opcFM{f?Z#F~v2rBgdSSe=!!Y=LlYj|=0h5Qil& z^)XgU;mSyUv8EIrdz-=gmVuX0f!>|+{`A!QzMCfOOqZ1}$9f9CQd6$iyOO=5b9i~V zs}jgg$NsBO`B{S-PBM?kHc3F=XNsE1K7`A($8g)_R5)A*_8S)(HOWVtw%WE)M_BP07}J;SaGIGPB&B7 zHGLf)PEUP^o~Nfi0(PdSKK3VJQ3Mjy!HCUXlmkCUj76aFmmrNDJ_21e#8rp1(GWNn zlwb_8V8Y`an~oy#VG&EYj+HO!@R$N63BVP-H@+`|0-Z2Of!-;$D-P$nlaONKeIzBHJV}K& z&MUW#{}Wf6UIZ6hT^xe)YX(XTU<3v*$8TK7CE}EEU;jXVN>lU+n^S`(A=$4f^_~K0 zQ}Fu7-@_?*{o{SS{;@(||G2AjQ(Ro&i9gypyo-F|a&!3ptho2Pw05qqgu|RyZu6_K zUm<1$J13ftFvIknUSD)>o=zHiafc*8f!w!HcHsbP$o-QrcIh>O*<6>%_Czz_9J(Np z?TBXRlO*$_8E_6^vC!=m1}gd_i3=HOVYwLgS(1VEqL=~^-VEu+cJ&1hXe(xyU1+`A zaU?1ry-~JccuJVD$0;`(@+E&$<-I`PMTRTPa zNpwX`^~!SUtbLI97zkE$Xa<~>sYG_9$>?Ypk6-vd z2pxFqxy7(Y-xz_^!S#*@nt9ZlRTzvU#h+IN8x&>YAY4M`%?3WR(SD#nq9W#6h(k{p z81CEBg*=cH_vv-!43XNdb-RzHES>7#`%jXgkaVw|;{VJMC95FhON@U>;bPY^pmuR( z+Gioi2qk&9kJpi$JW*_g$VteSoC3e9bk+K?HEgEf?0?~G>D~gfp#|pPM-&*H3nPS! zUX~|0bR7j<0HHox$I?}{{zvsTn71#;bb>iC>IINVt}zAm!%Sj|MZV$|Wyl8(F_3Z% z!NU#8_->?c~zH{FA; z%o3dK=MSkPFM`! z^MCec08X3<71LAuA&pt}Aw1tRM4#{BEETT6Ki=`@l$Uwm{WjQpOLB)KQZVEL2M#|8 z7Y!O^3AOkIU4zOO41^Bvm=FH5(!2TU{$<`-hi_8mjbFNHnfJG+@N01jX%`=Xf3EHt zQ09I7G}3cBGZnTqnV4md5)J=uW2zZvp>`7{e&U`^-{FX;8o+D;s@y(ntvPfQP7 z)cCjfE7AToJ@q$V-PLs+=%wO5GUgvzOiFAUl-u|B6h*Grd-+(BEmGc_AoN?>FZ8H) zt%`~O5_{3ryVFze`knd;Y;JEXw}*8h_zmHtT2X^?BiB;ds1|d<)6OQ?&AXVYjLhH% za2J9={l-L}InBml0POv@mA#T)@2eP*rKNCjoWwDU*Lk65Gjt*2{%{Byh?rm1e*A*5 zzW_p}MIN^_P7%X((Ul}4P@*^8R($g?(pQ;x(QqD3Cft(iJ%=qDZgpgLMy`_qVq5HO zv56@hJfEo}F;|Z_N}G;9)p!I~rRpCGPUs!j$+rg~k47PAQ`h-gY6KVUF9z|t>idSM zBMQj+)8XHKv=1G=27Yu)FJbirv*a^-$`kPzybdqJI$?0H{R{^Eb*+Xdxdj^z*1OTn z-%(0&GgLEwHkzTD`Ge66)y!{=W~>*@Tw}UGZ)KjPH{(Zi6`F@+#3=Q>5m>S%didLu z|C@UF9tQc!gH<)4>>pnu2u}5L#$$P)K!WS?eGg~A}WR5>57xPzJF@kirMVV zJk^_e%AOb^6mVT$jTAhkd$8zyNitbTSq^1>pP z;AZ*0ew`S^ZxhNia$OkVuIDj;Z8^e0B`8`=dy=hQT(moWVa`27gk=gifVCvi#$&lK zIxCQafe~H_qgjavJ;AiL_I>KX+S*j35<~N%Z{&3Q$#pL?a*Ro_+I}OiR}NSJeoAmE zrh96Y_t9^-9^`^TfBsc>48mVR&pJtU@BLX)t&7cSKfuE2fL{7h$jm`gZB`&l+5*C( zsJRZo2zEy*E_B>WabuuBL&+iOd{w$_f>pNfhN6`gA!kAhBSlZPMH_5UajT&5lhJtL zj6Qle=E@V119^6ot!5rvvRpF&W;^o$z4tX+v{C7I!2@U@SQ=)4_`^4~u}72{g8a}V z;LdiuUAtQ+9=*qmk4Y^^T(cF*;P)P>1#msnA21J2I+d%^@-Y4_Q%L+XE6HGI10a|HCqSO30 z`^ko6n*Zdcz(BF*K6Sc{7ac+Sb(NU?JGC%B;f-sgR*v50g^2XnJB8Zj1o)FHlQ91- zkVa^a&7>9!rsJo4NFFhZAcVJw7kY1cpndaar5{T(0( z{)2z?bt^7hE`8h*yB!)R+^z$FCL_z!tav3=!A^t_>MFgtGh~3B$|c6LiD~tnasm2} z595~}0ysc_b^=d(N;i7iMfv|!oUf_v!T>tcd*C?36W-t8)!}k+T#G&4<*v1FIfM;6 zcKIL53A%L{Go(Aa9%4K^0_&_m7^rbk%1I80$+lO`6gq@!S7O3+@-VgSRu_1od+#%q}wd>1`L@DGD@{E{%$c5YNuoVl}+fSd= zf8?fs)Lqtk3$F12?KcS;WtGKIZ9|Y zX+D{J)W5k*npLnHT_8z=a?HT*cXD!+Gf$Oh865@}*n&gpjXhOvGYXCOP7Y&q!yx;r zjJhajg$1|>=OIYg%(tP6ZN3BKsePUi^629r3$ZM`fH*06 zR_QbGIc*8WQC`I?78L=Xag1~wOj|S?zhd{>@R%3bDfAf};W9z%!Aw~PGaD*w2`Lw3 zHHtpr=XjkhLLLl}-qC zAkdT9D+{zFqf;@rP>a$&mI4LTY-47B0lPYp-5e#QNn_Sa@^tyP)VMEt_v{GWl6Or7 zgVykX3wP62q!%IIeN4NOvU>7`6z#Q;hzAsd`>opqh*_mi*pLD2btAm%n+$jQVM!Ht zt=~6S)_S|Z-sf6x39_q3f0S;0^kk!WjN-iz{^YXXO8uN#BplS3)lW(bjdt*E(XV_Mtdq{hkuj?;GJZ(eLXTGY_zDvhye0U@i9)A)FxP)p*){ zWSm%19SE?Q*;+lb`3dBnLW!M=xsX)&cwIJ&uM@Ggd{Cl!W3&g6MbqR{6wlPJz=*Ig z&&D|fL$U;ONo;yVfc`*^k~AiP8DVy$xi#DIQ<=o2Sh$cCgH6W46WlH<*GreacW50* zDS-II5RweUv|f^;Wpp2UsTvyiueL5_cMt;^9*{!gxiCs09u|im@K!og(`5fe(WJ z^g$`P=0Na5qoW?PvWk~mfO;+OQKH=pX$Ag6ir1tK{V(zXRw|5^)`I0PvjH;DijasW ze-5rXQYvyi*32_c3Y>2D$+i^*2PG$M#)-v`pFU~<>lMJvB_^z1>!X%XRV!w3ZT zjOfA0Dlp32FMNq#7_oe3;X~Q5YLg|J*!RE~L=y`d<>d5dqd!NZg3+y?bwxtVG%g+B zbYJOrKh$1hYO%Nhn?1yZ^$n+R_62;n7*QQ=uSE8dXa;mRWXwf|qvo&J-fciw#6S&Y zsxP+EdHV>(NbY6tQUn9wYMP)kDf=1ADza!;X6hTDqJ|M8EITXRfYi=^Xf=qrABgnl zr5=b4dSv7VnH~au&WvVYn+yBn-->2n+=%PhCz=7>wHmiqL^Ghfj!k5_-by;xSF_&1 zNJ}#G)vRZu8Q2E^RNP~W;nB_mtyn>Ht_f0+jK5fJOcNeGcy(vVhHt*6Jo=9xmGbDp z6%LP9zEe(kJHYJxnE(ay0|pGR&tOr|&|qV-&GQT5wJqwwN)VO!#l_Gz20!@xy0`aD z$fFS>G;uMi$zmCTAOim$AJxNtgerIkc27(}qPZ3ytJaIUz`bMiqOQa>($j|MDbR}! zw&2W#P8fjmmmy}3WTJxE3VT}M5Wa~|G^34D&v8kboj^*t(xn)acz`2oa{c()#RkY0uo)3cn9)uM8|)i>sYvA2vndV6_#V~u3bM^-SJ z{X)Ue0aAcs{)@@b(g6Ztjw>g zY~#A{-UP5Yx&PK)4Ax8wc69q5lBikv8+esjK#O23{qeNz4QFFhiU9iz~HTs6>HEOy$n_Agx-ZQH4y@x_z{Pe3wkzsn`o6 z5X5%KLm(`fmtSK92Z`pAEe@_F#566Ozk$Dl_CoY@7bJf`PxH~7_3LMUi4Uzs zI_Sg~Shk%UU%mdmUn+j5DbqVRF+**>U^S#O9UrIL8jX6}Iv8zuXZ_(nD~TWH{5ZM~ zlWUuG)Q)}ugxY4imbGvFl_+H2orTzM*=fyR>%41l*RK|{>nGA zh0MYM*u(xGFA;(xON2iPr{SM~xMG&b!R2eZME>$#=@O~jFn)=!!@%AuJclh8kp^W0 zoxVsG*?oXPAG|f%qS()^VYb(rE?hJJzIBPG1t3fC@Vvtn|Ar3+)C+ON8<#ko%@DLk zSA#V(9UrT(W^SEjq;gnkhrlT-bV1J(L>#$L5fOI7+%MS{b&yDcnvMo*stSY-BRat~ zd6xJvLZ5up)Kwi=)O=|3Fjj7hW~dbt9aYF!Sv)g#R3g1U-OP;Y&ELe0>d%tB=A&W^ zkFOkG*$+kE^Qo$I}PU@^GS}L|zVsLQo5-f(8mYg$@kTXm~_=@j z(i1ppi;Q}*q2%zwgpJxIRU{JuFZd)Ik{iY#lp{G%XJHLiNyrY;<<~EgP`_XeyCvQ) zz+Mui9{Fca0RRKGVe9Lm{`@DZtVce-Z7S;;7|}BDBL{Olb!Y>sdkK|AD_{hb6+rka zFr%ofy`)_b;_6kEg!_MXbfhJrIY=R)kx&)X<6n=|N{wRo>?&I}$`W&n-LHprVuJ zGFE)5BgTr~5@5i(_qBfw7k-@E^SqaFT(ZKZ7Fif~6KBHq&W+h<6X&*Y;an6Rjtjp% ziBtt4-mmqfS{qwM(E1&~!wz6$Q$&~XYN3AG(dMA(TNZuAMt?CP^w zF0mMD6`NRJ!@sx`$#xfRL<-}B7kF5RyFk0&>M@cm|Bj{g2+<&R1OD1o zjGA@98IqMjR!-l*oFVV~C9;b#+a>N4w8?Dk)1)N@q6qMk*~FcT*)gEf0VG{FgCpXV zJI*HBxzfs_BN~tuK7y!7WD66!3V2VFXeF|Gd%RT6Nze7I0lniE`f>XZxXWiCM)RQ! z{}^KK@)^kS`5TZgBjp;O5NZ6Xu(GAQulJcS%fXc`*zz(G+Wl~Oeux*=P4-5<_8c96 zd&EJ_7RKus1_&I+v4Stp62T`}%)W@ItHyso{op?SgE|%Ij2pDbP|Af<0=3=BhXYr& zg~bjC&JPJ2>pRXfoq#Nd@wkv&x)`h*wTBrnRF-YYw!5xZyg#kC;|%l-KP>18@*P6Y zJ{opUDL!E_YxuzgQAK_193oz^Tr$!Al@UPg9Nvwv?+C@X(;nx(Yey-9E0hE&g0gHz zq{Z{(k08N+$PB73@FPN69rNbb__CZAMm>08)c~VtU7b`60o)=CKfWWrPlxjb!ZgvW zyY#7Mi+fh5*wSwv>vrmWmGHbpM%c{&&YX(&J1Zqh_i4}i(I-gXDtAA9#Q9dPEv?XP zgFEpGP;YoSwPFij9KMA?)XL;aTUcDNg0!%j zUlSXs!t=Pe8_y${dA9ONuSO{A` z1~C;P@{9SOw?4PS9Oeo}IAKGUw+7B>R@vG<(QycC-g z>+R+to|omJr)+B;p*+MIxGijmAcBPubh9pjGri%H-v=TC+thk9Yff-G_doK;E@Ys* zIR>|J`N|EbjDhLvZR0u($cnFtQn*`E?jxUQ?^o z--w6xu*0_YuO)(8cUANpDinI4!3bvzg^xQFKH*UK?c@jwIG_Z?P&0>p&npSooO=_+ zK0UY~KL9jtS@YbJen%#YVVlUH7ChtT*S7{D!U{lgil}2giX1D~6iU$0NF!aDNut4! zhvi-|UnIS^t%fwme*xAMNvVGGt%Et%+@&dmM!pd6fgzBT$KtZB1%P)eOhu2ul%Uj6p94;Pz=ehay&6o;Q{&^Q@wiW)58kT2i2Zq9h zY}U}DabNOzT*M?z6q?ZDAooceSGeULyW0ZI5_8#kp})H_HSyU9ie1om<`qJGLVx~u#IGF)wlx*#Xx^VK| z3?OFjokT@B2F6-40r!|YcZ~4u2icrzhW}Dng^@KwVHnK-j-CWe&>A(vzS>wpl+&U8 zqMQn5)pikuVB`3J=M}=Iem1N^U@?%yDuk1M9x4Q%Q$(BQFyx>=oaiG8LB!1pP%A3T z@5wdYZ*KaFNVrq-mOusbjwqU{cBE3?{QVDtAi#OXYs9E0-rbJ2%f}msl`$k#Zd4R~ z@>g(+Pbjx=LYYTp3BCaG)L0f7VJne^L`c51w}r?YmYa&NtH^GFQAT)PZW?PGUVTri>ygg*AKG zBQ%MJTu;ZAQ-LxtAu`5~h|(93edc2?=`!nLnKp(41$`WaV2?le;cV^4kyrDQu?oPd zSoEW>H+2YjnFPR38dOS)P)?yPGBwiUcv_NGpsX|68Q2PP(-KgRZmeH&H$G*SAjPT$ zj_m90NJ>-av{YwSeA!wInXcbuuKNKQ$zXuDJms#w8wr_}P1B6&cqW07Eh);%i*oQ%CVN@KX* zXflUYc-dZWG(2DaPZcB;uC*i`0Goo<4plj_3EN<9 z%hSMx=&6E{fgYavZERPp@pcV@J6pAtV4SS2i7K2Yp0^5T6wp)01bVK379Jg5{HA&m zP)4!&Y9bQM`tvD25JPIO_2$scR(q-Kr;54(EK7?9hHHiX{pTE5Shn?D2+@F}HUa|NFH zwO6(}4OGehrM(I9$YT)UF*_$1Bj-*UOZek;C`Vubr@RxhRjoTj%wwW7Fu>OKZa4;l zS#W_A?*n}!yg@&CY|;C2F1&22dYts_HHVU=kdR284CCkR|@5zy%(hTG|qCGX)D zX}_TN_rTrU>>K}}asU^tebSb=abaUi<1dSL0aPX+116KHqbCa|0$vKC*z*#$?= z&@aJn(+(&@DU43wfQ$JHhho`3++xCBN^6|eI+@BU@ZSB;oRl^D4(+5Rb#knYRm?PM zE%~cW-VU-= zd??JJ$y5jXDR}hH8dz#*xo;HYyq`(2f?sy7(@JQivRM?rd9>f`@T?#)Z24i$s2;&n zThU!qx5iUoM*T9L0yFA1m{C1C4XmEWY2e0e>x~#Sax9rKH~&Vn-;>^q^7BhlHlJce zUOY5X$hOQdtDFqpE3_-?k%k%=8TINK`oMp>&)L39^&gGAl3tZss z(LJI&_i`!7Je(e`cUp!6Uczvbf@*DM5DbS>n#jN58Uw!YTJW_Noi6taX;!B3YOMW* zv>r?OF82#*RH*u3Cm)#A0)x5Co@}Q}|77!Q08BC6l#{%1d#&HwCYpMJ?_Z(AYuwLbEN^_YD06WecrGElRm0_`Nl48CMlSgw;Lq?xYp zrB ztrCI#B@`wa;*oW@M%=c0I|H-(?%-a!-`$ONd+<3nqSO3I+MX(BQPAmSXczydt27Cv zmVtft(o)M{N!8*fF+>UR(UyrNg#-m*pEq{4iUvG&HiCfmwh2Ef1b%WX`5(K2PmY{^ zVx(rjG|JSq(@k9Dx*b<4=qduEh@<&)YEKo|h`IZ(XdtvgVvgF4jsA65~N4s)!AKsCZG*mEON2UZxwC?H9F$=!WPdnsr`L1>P(34jXjQ0!oC zS?msuW2bX_%xR-3_A{JK@VIh4f^(wadc^~yBai zbM}2|MA$U@n+)!&nhkE@^Ssjwy%R~zDkC<8ymX2Xm_amTs!4HV|InNGt*cek8n2cK52^Quk-iGTCyVBS4cW(Z*=60C= z!a&Mc(JGrJvWl=yfzB?VGFJP3Ho)j{jum@Q!pNuSk0J_4SLr9R5S?T}DYW7LEKZ{f z33XT-zF>}fA++I}rR{V+V#BKs`v+}(Ff`@+Jw7_yjeiakmss9Ttpf`;+W~7WHG7Mc za^I!1-%ZaWTV_92wzFSYI6nKe#R}WmFDx9N{Z5J%wzFR$Tw`=ktQFSqiYRfQ>NrN) z{iN%DPF#*W=-a5B6}N-ma64M_XT(=Us$dLAs=V{7K%YIcLp5_30G7HM+;bS zV9+eR2$+6s(t8e~KL;}_9RbY+yN@F#D3)oKqVk4O8q}+XUW40*yW;q;dcj+7$P#-^ zyMQm6ef&>)dBARzbcu~vt_J87{1)D5$c;WJ>Rc`RICh2sMa@8T+C9xuFzY0T0wG?F z_Xg^uYBW85v1=hT9=iWKG#=t`AWznKD1^qtX)Lao3HU}JmX8?^5!mlXVbUaKJQPZd z2U%sbr~cCgXFM#m_gOBLwp7)84ZpLkOMw>`w6d+$%B`Ve6*IaufNmvOMVUxcnc}I$iELdV-vx(= z&kZ*vHK{ATC|kfqUfU%uC1GSZb4+_RYbGQvrG?%)VicjF9;5u z>0F}y5EP{};f<&ZC*f`dB<&MTnk-2gxfpaJ(&Y@Ezpo=nngf` zr1YazimbSAf)v4P=etxPqbpsE(WV!3h|mU?7~1gk6|4r?~^ZFm|p0)56Xc6ITtje<}%d7q~)#w zq@`=e=vYTy>zC$G7U8Rv37=oN(8vT&9Q0Y)VhaTNq|}{{dZ;%Sq9jK~N~>)zVa!<5pM1l7E9_ za}!tPsi`WgYyKPs(3Qd5{4Lm9@b*_=bA^7h^<0bQdrt#`^IR{`Dn*liSl|u-F6KtJ z6RY1m_Y5t!)}lEhS}i5jIKS%lD~t~qO^Gl5HtKM@(fk4P+VRkgcCU?j_c~#jBJdhQ z`5~;W)J46u#Jk;oo}{A>wij9&Syf355lrWNtP7}zDlTv=DkN0|{~G6%G#RND z@0etZ2=ijZExQjQY6l&N|6%yHWDS&pygui)g5aqguGB>Cgko|2C$JFbjlm+rQ|Ah- zi6yY?wvq@eXW8+Ol`vtfum*#ca>icI2P12X2*anxKENwNyIw*4~R`=WdS)G34&T%#%A-2 z%6CQG3m=p6n4*_xwP~zY(v&2XHbqzjCp4&*hQ8<@_Dao|*3xAtIToBs zA6O6ynTNq){s+XTF}t)rlS)UFb!?kct5O!^2LL3*vyU+GpMXu3gJn{PR?@=Q2Q>&o zMH|>7!xx(-Uot9Fu_&t@DXW2uNDY438o*e(URDDcksADRHDV8XN3a4>qc!*d0eNLA z&&m$d#>7|+e7PES*~f{V?>TxHZG%xJeRIpQ8js_0Y?hfZ}2 zIKCV@$>C}wV>R&QYNUp%k&4y8mv*4HjiGh?kG$di#$ZveUEUnyDV?m&_iNtB7r{71wA$0`U;)GlJe@lg}ODEK@LSUb(5UqdDKN6I#XT|~+Oe|U=P$b#UC=TP1hhALT>>?Qn5@XGC#1!Qz4;@5@P#R{(U?cmDdS?n2NO z9DZuriCyOUX-V2dMkh~e>+=V5-Esr(1KHkjU2FK07jkv&3RhEkV@yTSRiV2VG{oUU zd#=v&TMj!}A7i%|pHXWw#_YE;Ps1`Fl-{#gJ%(Rn6y61gd5+@~BCZk3(;K9%1Ln%B z#FZKluf$ddFm(@$!9IlEn=axHhZq^ytN7`w>_=}3^O48Inn$4<0PrUc2x}B6fv9hd zS-U@|8vR9T>kuw2W6)oB5ry=y`SbA}I2`xKc0R+BbbZhwIe~c2&5x5We;&a$VXr9*D zf(rMTFTN~PEQZuM97& zzy-21UbpTG!ZVOfyObslyp(hcWZ(c4&;>I6866G3Uo_?TkNd^3ylAdo%x-}fk0yc8N(~)vZR-m9!mGpA+bu z1NjSg6){(zQR(aIEKo8DxQ{n61CqMiRC~H@_>&GtWpS%S+?y6ak|70scDS3|4H)p= zGn4T%a`Zr;n#h6c%wZ}W;PzqUXC(+zWn_97?tS&x_>XW-01-6O*qC;Dn4$X|V~ZXZQnr{P z<riV_wD90$#!_{{mKhJKdR(+-V2+@Pjd5sh;9>y!ym zZmMK4vf9;V#X#PDG8GiJ=@sGiV_0Ohioa_jzmv!x#0Ww{p?r@0+YSH^ab21j=W5on zJ!s*g`42ge$;d^>kL(}n!-j-CWuMMNg`(NQx3@z+iUu)W6tpp1BOVh3JA}HW-wo|l z7*MvS1PNq~jy!t^9=qWZQ4z{x5-hVw`K>N4I_JzPACcQ+BXXNygjp+0dEHKe;A*sJ znNT-ZzRP`5E9{;tVNl{T^+ATjHhJTKVV~%FddksHA0Oo6jrsHC>_e;JvckPvgpAOb za#AKHj!&`mH>{-}|C>;902W3CEv?JpQRRF5H-xe=<%=2C*%y6Qdi$O9##QF)T|yk5 zg`oy^cw5rOROX8hi1cE}qta{bi=>k$=*upSy;qsw1U=1-J7Or0P@5Ixv6}U}=D!Sv z9?CVnO!2~_CO^c8s~u8$-l{_R6{2-{OQ5e3>W4Zvo|Ffi54I;X%wCs~dU_W4&(Grb zKVLL^qJ( ze3bHF@tz`j&{^O7%MR-JN&whg9SCuuvA{jb1yOmE@#Nsk$UkHr8A9=r$ulf3wk+Uu zO`KYdm$9Q9MSk?}b*mmf3MiS4*obRRyLN{v^K9QvRVKZ9T$SMs$mWYDO|CLOIeo_} zvtSus=U(*$id_CD{BzCN zi-28l88n}}8}r2D?nII(Y z>YRt4?yeEQl{YsWuwHxKih~jE%)k-ZS~h|I1O|56ML+d?&xe?+bDCYgLPx0)<|R$y zPdiCW#6IKVeIw*vn3Uy7Hkb4bXo!4xh_z<*v%^Ew1y4e(4Ix?sRv*1rG<6>$4-*j0 z9@?e^(1dxrvP<|+K%_`oTd5AQg7AxnvH732v=qO5Ug~U@0Vb}Gl*4B#@)^Bv z(Vg~oHF5SkR&pu6m>_h=_UA|@pyq*^tBKD-{L}bP%yHS?dFDGj8AY0A^GW6<+BIZD zZj+Qu?vSZ92(p+7i`?Qwo(cyUfT7dgma;47EWgsSbAfyxGl<)*pqzgZnd9p`tYj+$KO$Dwxbg zdv%ca(-Pd!N2?2tUwFfYSW0()geM?YMCYJS-K7{B{|f_al`qs7q)#qDqIIVbdw>-}FSt^S_=4&D zP1rDQEzoEnu!BwJu9e^#O${-_f9_g|0rQdPoU<&=AzyHAxf6gxm)>_U8EHo@qtPa; z-$k1YQGCF+zQcgIB;$MsIQ8N?6hI4g@VQbgYn*+i=3rUl9K?Kz{lC}aM5Me;{S&}K zFE~`+<4>Vt^bQDAfU_+Dg^OGP_0bhHD91Y>RuH`G*kpok3sBePxOyB;mUk)L&Ns>S zPZob=j-Hu z2*Oui!H>{djd>tMoHPIfVAg9YVmD)YdclYu2(5SeJkj=HPicG)d!1*=?jz!kH3K|0 z{g)zf7v9mx6Fk|so+ku$VI7@X#P07mO~156(vG+{S)uBL;od6>Y~!H43MITqEYE^ST3Yv z6d#r{dpkw`U_6z}BZwDbd^Vb9-|iN3$ddx3qC;xgp%3g(MB4+ohK+1@T)f>>G=7lk zYJJ&-58y6kTVKZIS+UM+0Da7pcswH4`Z9vb`(f<_ov7Hp)i&PAG#6}$a*jJ_-e(dU z0K|oWKc@pgChkK7=%rhwP634FwjZZ9!YRci1z-LGQk`mDIS)MQlei(=HR|IJ}NZH1LZtWmdQqCh(R{+6biN$ zVXir>5x=Z5r`{XusEuIf&5O9!%a^poDS$Y65a-bzsndg&dP3sl%^KF>ZlXgA<-}p- z9<#>}ggE>lWAgGDGRI~fH4d4wak%(Mlp)bN*AruGA`?jkW%gNi^@r!95h}Bvyr@5b zgfXu|IS#>t`!@Trr|ZYQwjWSpjJNhnC!Dm!hV(ST!>EDm1r$B?W*IKW<(6Ly=BRrj z{2J+a-Yox~>$qn*+wt=>Ite9Cb9z0v&W=|l{U_@~aiw&ZcC~ECe#ov)|C$}L`ax=~ zEznx${Z6`BQEPosx(SWuLSx!x>Y}r5k}f;y*e>^(kFTrT<$}56yS~dMton6EI>NCA ztA^pRFrM33a=yo@Bst(yLG11uh7h-s5Vc>mggE#G`2pTl0fNrD_QBY|Tb)(J1Z#B` z&~F`x=&TZMn0;eqZa4(fwAWrSZustZJZYfooBDDM)s`EY{~99=b&#`Hl5ReP`RMN} z&|NDX*TEnFZzL1#SL?42C)yY4uY(iqZTjo<#3Ehk*m6;#yIIp_`m|FM-SkKS<+Mcm zQTprfM0-7cEoj|R01*?5C=>X2lpo!DYYt}upYw|3Ow^pAXwFtR6^ZU=kpuwq;7s{C zt^DZj*PKhDIa@K~CA#m_oSl=AI=k?r`&!MJ7tOh1ALd-DIaTkA)Oq1x=FqbS2IJ}? zIa?oN4)RpXFDXAmD-x4s3B5Yc>gp4@cM zBj5=|7R8^$;tP?RpNW5Fq_-rlu%m(zc!BAsm!xB~fM8X=;L>Bmu!>n61Oa8UbR2%f zERF)Ry1$7ZV&6j#WY*N2dkVfG88^?|Swkyd#g|7gfsg40ZYuv2e#wEOd=)4ZZR7^1 zm_+vxT5SgsRCaOZ_rcF-xdWNiO^;5Q%XathxI0XOmHQaUaD83$q2D8kq{4GYpym%NxJclvw5mLzFtm*g;IZ%98)`jS)m zx8MHlvwsWx>rO-Wrk6{yLr|`LKxc4UcoG>zT+gkMX#jYNSX5u@gabx)^&NBdaD6!I zq2vMax>D~5)`O}+Jv{KjK$iHfhw^$>XQrM5fe`LQO5qGCJ8^2Q>>_F{U~1sNs{14B zsIP!jgoYPN@@8jjB1bqVjukGbZ+d!q;jjlgJ6?cOl4ySrKo`LC2GtUakHm+J=Zy3! zryo{fC@(`g+;iOAeKCGbFRV!7&y0pu7DzYkv;Zp{Re8dZ%Bm4osg65FvWoF6Rb`x@ z0FbII1bD>^Nd;b8w^mo#R<77z5`o7N4tWjNgwljFQPQo2@~@YL-|YmlENJa(`_|H` z#ASy942j|=GuIv6|m09I*r(u>`6~N^J(KqT&+a6arvSkZOT<7j*qP zlf4HTp{Z}f#7X-HoF(IEsPBUs9u0ZR4=)$M8{HZ~rd67WB69~z2tIAVr_JGWvf|UG z_$Zj+QL2pTzLk?dP&v82a`KGe7w9fV1JlQ~WgS1SjQ$;bYXBXWKO7?+1#V@CkHQ@+ z!H&yQeHr(ppAJWp6xSS4$_h^?01JJ>{Jvb%wbQqns&B)#Tbh{wo`9z>8X&0Io=rhR zeqalhIlI!!&@m{|PR7tP+-uoof3_||pOl+XXl`elc4ja$K?}sn@wo{AT9$43)b@#v zkLXu~6Dv?+j#5JYgp{}l^J@tuSVAb#%o^F%{Notmcq!f?IZ6qEr@SyIa?!C!5l2T; zjWQEKa#}R45(8Hr=zkKoBqO*itPY#{T_(E$q@Ul{x$C50-b4It^+slu3k zg;j7Mj;z8zj#ZLUyhC!7RRkC~QZFFKfL_uI3*%)YnMy4$0A>7O-T+ zvrsG`(%IES46cXLL5Il6(qazSaN?Ac(Zv~a9p>PdC|j8XGo+=+Ki7a$V2~se?KHFT z3kpG9AJ}j9-2W;l0eKrpcT%Z8g!AqlTcirFpVhS6kw&`^!Blu+d*WARERt?v2Qyb| z-Z(b-G3qd)^YzgOZ~i6nN|)u(xhP%mfubtYa!Nfg$9V zPuOqE`^vaP)>X{#Hg^A9b(qSF@z6~4>E!*cvZsm#Ef#&l-tr0;u%bV6#HHfT1n+%G zq#|^oA(Oa&SOfr^+kO^4byxJK9a-cUdmkK$=RwcJWigJ<2IKSvt0bLhDX~!g_3p!4 zm4M`7+FgCYO^%H{z!FLPL+`7bLKd9Bq{z!XE<}FG*bL zp=w3%cb&tE`w^N|P^wN)@REUQ ziPbQKL=NImX2JR-1}GjKp5@mwqVb?N&e>0W3ll2|atug=UKD{^5t1$|A*Di$kd-=w zDF4nIWJb2-+d0J&4kJNpe$9`Scl9dexfgU@1MJC%kA=U$C9qz0k$o%*-R47NR7PF6 z!QR3gWz6glTCW#71g&>o0P1ReFg_CK{zlN}tYOg^u;@Hoiq0%S2X)`eyF$aRPm#Lt zg4Vj{AQ%rpp#15iw9y}^CeyFx{BcA&^RC0*!_Ys1ox_Jh&Rnp2M<;nC9*a7DHJm~)+U8LC7s0sEYi ztBgxM2fwep3w`Xk#Mg{$7PrIPt#mDx(KR0TOAMZg34$0Ho`LJFH&&?FQ6wg2Ur@KxQ!9U#5a7W5~T^ zfNZejQbZvL&Lpr*!F;`i=YW^%1u^g;*ekG=o5{g9lP@P;I(7Sb<;Xd> zwt|<jY$?lqYd`;L)X3fJ6tNmQ@cS?gCJ=qbg z+BcY^X!K;(Jnm||xX$*YtOmOt#1KDI5Z@d_e7r+kvDdpyO7vUL)_&W!2I7xs!X*4D zfJ{U9OL1(D&v>$aKl7BCpP1P+^W>8<3$`p}%U!MgUGwip$PhIf^4O};gLTp6;2Nsb z1Eg!bB!^3SNU;4uf?e$pQ|(GA*3dsIckcbObDzu4#xTvsy-1ndrwg-lpT;*gsHK-r ze`sb`|I8IId#k2DG`p*JcGrg4UH8oDdf$G%xb%@NWbmUJf2;79_D9w1t~2&a&hEN+ zzuMVdU)!$^$@Mln#lM-ZPwkhPjeiQ1=H^>XEhWHb{G+CSLXnr27M@iBk$S5b`+)= z3z(SbzR9Q3VNauib2=b!xfO!X-1$J>oOQwpoh2gq^7+*{57yP$}t0Av5>S zfLWm*9~iA4$OnlSqh}9rK*H_J)QulA&+_+9>YhMMC2qaCj&p}UhZX8h&=MLL2lDB! zU`?8Q$nR={r zLQ@qXO>}E$kcrFi(iz^U9SXR4)lC9}hDs%(BDp=tZy1d3Z|Y4mh60UH9n>){@a zG{TDsA6=M!6g3v6AM>oXE0tBc*tHHZ<*tTecIb>m_Z@(Twf{H9H9I5D;LV5w0R5jq z{bRe7`hLcWQ4E`olw!~$6L_1MSTyuaR4(t;8#I;3_7buV-h=Qs#hsav=*!8D&|0T zy*x!CDV|-=)qMDA;_3Ctq?C+2(5X8$`rs|#7p#Eb(MZfmivyF-Xs>;Bt9Tiy!kSbJ zw7uOS?dsYyAsc~6RX{sUE~JFw@s$HyqJi@a8_~|W(hi^Ng*`H^7Y|Locm4p@z0AOE zVgfr~$%aW)tzLT?)T$%M#R{PShofMoTqJ&R!5mgk9fC%Sp*1RDD-Gaqp2H?;=I16I z_#n&3Lp2r;zN!Wav#)de&AEpQJCdYBa@U}Wghc>Foy%Er|9E3`yzTU$b}PMm=-ihd z7k_Xl*a12QaNf9Tf3{sEM&~n8?fvY7s`zw&xXov6Xgh;7Fx6tGjoaq4c42z0*Qy#k zgE_AwPH+SE_du{*Cv)x;;ylnXLAeg?;2X2SOEM_2$|N5N9>HbJ2)L|Sm|pY7aIrg# z6qj&^k$xxr4kO|rfzQYeBP|o|Fw*aEhY^W@p@Yp3+hLSJZ>^e?*|cEZt(Bv zjSLrMu~P2%%u_&wrx5Al@b~cpf5}eVCt1lJ7((mdYZ+8H0M=}bSBxYSymx|{3> zxvBW6h3Tg}qr6oq>A?iIE29z~U}5(hU)9L&p~Y|j3_k=<7f1?pSB>+ipce!u>b!EC zYCF?UCbBV{J}fvrxiI~t$LSE24aFH7w=U5ZiQ}+fpC|!)fPj5sVfqOVHquoAQ>m-9 ziL8xn`__VGws{d%>^~a|I-5$+nIht>2 z3cjOVfkaY{P*}!FBfk~+=kXH$(Xp!JwT!|)mJLHhL^Q%^r04?uNA*2Kw2aeK45R1K z>pJ^7A53+=$Z4aq>4naQ=R4ESp;K1lQ2okzB$CYC$n}&m7t{chzJzGy>|R&eh#9ds zTJ|;ZD6>`4Jno;oNw~EHWrCp7MJf5=)pk>rq6aop~m7udWg4S&>!<`+%Nk&^r8JdL>)XCvq2{SYaZoe_&`)akoy8srk+ShM{V1 zA}yEUXx=-Kp+nY%&Q|*-YTJ1K2>s*PNVPRIuCOIMc0drp{*cw)GUqxRei?Yy970&?vqlD-$_rF)^aT z3atidL}e%#KZ^VYVk2rO%Im%3@k#)0+cf=#5G>K+XFUcFB?@{ zbmy}G;2w@C0uxM8@=7fNHBB4MgjxxEV9RF1M(mV2oS9hjqGN?y_Ily^LbjU*%;N`W zIfnvy*zT<2)HMX&rPGbIo~S)uO@A2c=|g;-99q9?UDsc6vcXI{8PKxpt691YIc4XO zd()elj1bj;{Eg7l^-DKuV@m9036dP~zxYt_$RdTx#Z)-_KI+BEMFyQE(EZJcJ9nOB zL*@v!zk_9c&P3e&f4I18vADUj$7z6W4sKIV*#cvgQiN_5pu9k1vpH-TjeQ2#=!wZ6 z@fUO~_jhCYOZsuH&zx#7LWA@H>zqi0ZMKUn8OHeWtrn0Aj09JLB^@obR=B#V-{I=2eut~8 z`W>#W>Ni$b%UTf!@T(Dd(xPapq!(Chebg_u`u0i+VX+m3PV+QDSHs0tR1(5ru@!|5 z_l4YID;B$^#uKsFio{rmNf%qW4(1uAtWR8Q9dXLlb zV%ZAas|t<;&E3E%>*+SN-ppcX>uI0nni3W_$amjoc~-(2u-dfL5#YYoO<=!`x;4a_ zxSJAJ@R+Y;g5@?Qy48=^q|CN)VS3|!*pgf5!c$_*fl9|O{J^}`FJAw9_*-^C6zLL) z^b|3T6j4->Tk4Ol1bRO5J%Zs8Xs+%AN8=xR1R8kR zM)U~uhqam>fu7ECdIUNwr$?X}-NHcNe7zlANKsXA+Jw=Fc>E`Yh#s@6*u+fyBmMPb z2w8d{(fu~ez9Id5CZrLWe?f~O5xK^+d^_zYp3h{TYYGZa^i zk9XouB#O8kB<=syeM0R3ou%#*`#|v7h0kGod=4_h28-v}2KOmxFdc=ln||DdKbQ@y zX!gmq;X?ZshxX&+fHt=?^-)T>4Ip+ReRQe)&p9f!*a2bn;>dcXcO<>iTcTHb7p8kH z@&&I~3RbTa#;8~7ErwpN$io;hxx!q`m>~XzzT$mlCH86~?fa4E^9LZOBhCx39mh5= zyvgVD`=B&r1Yq3!e`G%QJ;D0wF;E2jcBYcg`GX|sn*wAsT8(+^v1cE8tV_Y19Z>HEj1&AxEbzk!w1@ppR%@BfLFGz;o{WK(nM ziDR{relwDlgv=4GB;=21B_Y4mNB_VTkD+vviSV_Mb#Y#er zFhq03WJ``_obSr6n1uN+eLP@XB zrPn(v={F10zwruabSvrhk4LSfO_*mMAJvp^(>lJ#Zz3<~hQIz_%J&(gk}mzRvC8+a zMv`x2jws*AA5p%MUn<{78b-cPcqPKAzZyxtkvY12qoES{{?#b*jT&Q=Z4I2c(~mf54Vrec$j9<+!j}e>*VqHZg$HU;+qd) z5+2b4{J-~yQYGee%+5r3DH+X2Bqo**6UyuBfaOkbn z6pS^-!=ahyBXcMsp1hpZ6S*`T%0mgGhC?&bHemR0=m(J!65V6#!=XGX@7pAb!-hk* zAT#WQ4~J%-i+AE)6pMsI?{uGsOZ+ox7yNUgqZ3NnPoqKKp)p5CS8t(R(D%lpqpOZq zasK+7Hafby#n3C9u|`MRKvB0oKL&eX6PAwO_p)UG8&0i;`LDPf&e|y5mSc5mYJ(1iVIu3(L?kKk>2IL8!H|e743`K4m7FF-% z)NndFD-&I4Pu#@xf=jpaIj6rw_f^aqD9Pf?m*~ELS>B%bJiaO{s(#`bYfl`9e6OWL zdxEzqj$}`~O{=Lru^m3bsml88B@ccte1x+aLpWUGOLTLl3UTxk+AsfTalAoG zLVmxezhIPHslOoOm+LP`e=C0Z#=^dwiR2KxU(Gwof#({$uf~ZPAF_HJ zS99AeqbW!J`&mW@{de4`__wr-KEFBMiT`cOD0n*F{u{H5t|OFx#4`Hv;cs@!sLEov zjh0auEV1{SceTEjZGCN=yW8>6bAu(v%ki<_NV znz27h<23FDmP~W-q*TXLo=Y`jdmhhK;V`Z|oJB=Vbo5g$=9JuAON}Jw=GB4Q(t?gAP?FP{RVQO6w55 zWFv1>98&5pxU;a4_G@kX%DmjA32Ng&>!k6zy^SZXm;xTiM1{oO=TX)l?yOQ8=waJ^ zT>oSM017Xr=>?x+&wOrCE_m9*D%&WKjh)dw_`nGrYxJ0>iD**g7vLaGx~JO|nLCpGbj# zXmm|S*~RfcGIftK-?!pjb++e8X$yPtPZoB7c*Mu_+Xy&~IHo7MF@5`kkuhyXHPXb5 z>1BVdG^QtN+@{u^U(S^@zx)H zfL$B4b%%T<^v;ecq$qLv-TY;TU2p#I4Br@G_}a+t6cD1Q*8p8*JzoWrga4fjLMU&f`Eu64IyrVFAhxn(bQ zyM$epC|IE=1nY#CTMNMYNDnoWw9OKQe)+AJF8~dogLjTm6igfG)f`O#V23Yn5@R3a zTmQ-fmTtx++(C4$Ca4a9AyIC5Ktlq&KspGkhX1^AEfZU<^7k(!Wxnf8ld3c^AlN$Z z9ScSUlAP93;M2DYnp9b-6b^GPro)ZP~$GOU8UPJzj~OZE1|>HJS^i`n);uyg6p4BYj?TJg?bYamUUMW=lM;#e7xr zyz*0XCmEe}}wHp`0t875(#vs|K_2o|(McdRnSAeg5S@-xI+ z24w#~fZ;rGsuB4F%mQ;N6`&C7#NZi3SgNB*ILWepIQw!B0pMXW7P{sXJeZd4w=}a4 z!a~=*8`qyWgd+2DtQ5BT-(xJEGJ&V-Gix4*!sYen0-J7cS5Zz3YT@UGS_Sdlbc$!#BLKO&s+LSQW55@7z z;H_aEWX9(mh^ys;zl6dAYWlqIqi4bIk+#-!0Ms6Ke1Y|LF~wP9o`wHsJA|--b!gbV zw|hf_U%UD@CCC93xQP0lgY&9UDBlm+iORS;)_Pm`wQHjNE8!O!Ji~s0o1i$L-m>fF zP{rBHf~7x%SeZ0n!g-D6XJ=I=4RSARjFYAspw0>rn2>1ykML_!tW_2rzSU~;fe~88 z6zZi7q#Qe$%VwlqDywb^+;*+g0yc{XR*U)5QPw``O|?klqNVd~{Owl|(Wa!B zX$`J)o0LEybPL(3IUIQV8{V%~S2J)1x?>Vcg|_h^;7;)sTjrR0zB5ZGy(zICzz2io zx|flt4tk_;quD7e+z24TH0FF37Q`iZ6zO1%`GT`MROv=Z*lSq9I%X$~<$x2vEEsobM!g67AxWsb`>O6Q4@pkoB;D zdHl1sU)=Z+`uYsXtzZH2ZCoFSlVOFjXg)b}Com}I-g0}?UihN?tNzf< zufe5z!Bt`2NWW=q-u% zamd+rsTySpd`8d0v(sbO&1F;IgYWjF1C+>|hk30{22aQupYt#qZ{wV2LhgqtKt{ow zcSrN^+#j9uwyB5BXelO+S3K**@r})#6>zUMubwtM?%~WC<8k^ojQ{->yJ{SBw}ZrX zKgxnFRR1o-$0y+3brJ3@SylCU&@ay$9`rPFkLt7dRS{S2AcvWI%^xo2?3P}NLQ4@n z5W=`%+c_u%t+;f}M6_$_@wS{mmbd>J^1NiRp{KLs0!(9xtY!ba9MzW-my)qi{`EVK z55$fG!jMvUL2(kkd(#Y~Dd-t^Qm}oRe6=pcDeC3YU=FwX;~KPk%=~ZJ6$%ONuR>*K zfaK8!Eu1Zkhj-AE$nyM|wq>6`Ju6HYpB-vRbbP`l;7r^E)K|JmU6u57ejy@L-wfFO z4e4)cW4Hw8o7tfmiS`$fsvp=hv!DMsEOEtd_{gQNURRumo9Din4eG}Ab)~NkIC@$E zXYLO0A7>`6pxTdCIDK3no?m4hS~pq;8+XDw$CTHZ>Fex`I=ska?XDn`xNocR!;(3e zfn1?lNIJb%a`f(x<4D`?JMTPi4-{%`3_`F;{Ta;=YQ7{0an$Wd{J|!m?)Ysd{5MeB z6Ml;S0O2{Ad@+6Xjxn-(a=gQl<7Nz~BL`PhgvrKAg!yA4!b7U+%cukE-wV$9A~^50 z2;iazy^W)5^$g6t{X z)`W7VT|g&p{5YsDaf^!0SYB50vBvkTKnf3bkONPJz#t z2AHPSL}ze6hF*kP{uxuxuP55>N{fia1(E`^=PLP4*#;`uPINV}I*wQ^Ui}TUnVWyL z`Q%>M_MlHF&y_zL+P7mKIs_(Idww^-P?zSy27~Xt>e+b28DZ{{C|ms; zAhq*o)$}g3Y;_iK1=~UwZZKaa*M)3_K?eV8fu&}aUw0on_cSZOe!bpQcM7PSfsxj@ z_ruJqYy<2k_=QM5M1JMMymQeOtmixtkGT5vTI{*-*E!pJ^RdffyDf+#fupeCmo*a- zm!B%#0nFUQdpmK(^44M|f5n4MNEH-{`bu5?_Gr=}%*#I#P1;A2UX3QnyqJIMLm{l( z{MT?JCNu&rmxlSV77SHoj+`v_U14c7e&1D6)+=})HGQqiX<3FLS>*wG0CZT@8&)eQ zw%!2~3C~w)#NSTS+#3S3K4!bf)tgyaX|<(Hg;Fna>}Yn$joUE*k4YBpEUONL6jdG=3IOAWf5YewUcS6CR7T!qsbrc{HJfOlLSE}pLT z0ds@EZKJuNNpx@#P2&G_d=bE8v*&!)WiYV?iSvtQH^IeQm_^Do`qStzQ@t@1Jcq^u zHM-L5B_fS9NVH!Zt0rT1!Zbw|4GJub|0A2ub}A+4&X}1>v|F8uR3b4iW&Vg+KtHIp zWK{82c06!|>unyel|1})H?2y*6{9R+Tb;ygm_(44s?4s1CPIkLAp__V8;18^QmGd0 zCAA&;7Wlt)9^2U$FJI2M27ke*k8>0~`n3#JgdwIP$`w&g!i#JF;6hB#--@w!M)U`i zkBSH}v9dXRKtfDKgqWy%EIo>jcFZbW}BNz@-#4x24f+HpC#A+H|HZC%m%>QYp8!c;)7ZA;clw%5R;>6H2_`>Gm2 z7sX!z*mQv&%5|`YuM?l-aiF0ep-+Mw?~`1wKFM{~C%NAFBq$U5B>3pk z!3z!nVdUSc@`^F>26NuWM2h-UJ-~q8HCR`mM;?Ojz$Ab!i969FlhqFw zMP=X{XfQZM+gWbjzQEdSr)Vv;*;X_9DjOPGmz!nhIvv$7I!7%oYvChF^v8g+@CP7+ z{brQ{P~*#^y*h?8k0~oi6Y>cJ1zk5ac<$4?K z2Ac3JA-^d!z#mrq^}ytCc4cvEcW(amrt_`b$=r!|b~-oA+OAv2aPjgIo6a`_n1A|FkR2;C8LCv6oTZ|wL(HaHwX;aD z-ZalpRt0bi`5XV*IYH;y+eI|+_7crc%b4xoEHmiKoQbzSP$n-o2dGro+DBZWIp|a#HLYm@=y?0Q%0iB~i+Q^e81Qfm!2{Xt z5*<%_^sc~7r~+j zSm<&B{d(Jz6Ky%UqkKd9=KVLMZy|s6;|;r;wV8xk)u`j^Rh!*yJye-dUS-qCmbyUG z&*12p?AII!W)gAPKIRRX=BP)v#P08H+(v#{4zlPJsl2gd1m2(lISg-n_!AcUStt`5 z_pjmk4^SKeEP<8?#S3PVtrej-BQHXMF^~JxmyBWDpVVqNe``JEPGYhf1cgq`N{47okeeep z=&v}VjP=x7^3*t7*l)2c8wwx`i=Na;92Qsx)d z?go!SLjJ#g4rEZwWNuh{cfSU0OtWvKfY#?(F2*aY66agCp1ysfQs>5$&3PJ0&uS&$D*rqoBA=iAaB?T&= znWjE-;gs>9Ed=9TK6f5+`7lpIpE#3u?Tr#+JU0LfQjzczLTpEG^!-+^A9Vjd;|seG z1;^8&jzAnto^fv&ppF<4tJA}W=N#&YZGmrqr(l3^4JA*hnXF?mE@q!Z<7NNMn9`xb@RuOUON7a6? zxfK^A%g*vz`73Pf#Dz>kNE8?R7IEnh#bvDAHXz&vK$W?{$5X2@UPC~RDg=t7Dxl}) zganC^4KsoYXn|de${>(N#seRwxRo3*DuEyF!SU_JG`PMxN*eao~Mk@ zl?W=(MJYMzB(p0Nv%BqyS#{u5@}%&y$-sEAmjwskK%(OVcr|V}AzDHuX(?36Hdd>f zWa;XJt(3-W5%m89_BOayY7|?Aihcy$U?$s9y{{OCPIQ0IsQP6`>K96AXnDl-OU{`I zAH6oBUmjK(@bD%po7MMt{X(zIP7~XpUvAuc82$3}k#YT^I>p9ci)MW+yD_SM{vp|q zohOv_m-%4hCPr6!%@1j{st8xyZ`md5EoIK_4WLX3t&6H7tuFtzqxF;DjnMi$rL~WT zpRmry!!dYdMPpVU;iyyu_f}gn@HbE9jp?9Xc_^7i^S1Qw`(y6k|9mIXzcWkv_vJ!K z|3oPMx&3nbBqjPh^4_cJ_I9flpl;pF_(8!^baz-|D_<$T3u0LrBX0PSq) zG`F8n<%obPB~Fg2XLN6&tTglkWGz7Vi;`mKLk_>{l7!8alUZy#DS*O%1f{b3(W!5S z{DNy&L(xwB#@xN_ov(l9&Di;4NPMx>+Jz@{ry^GSF#4S8JX@IB!z#O9*kkNQ1-f=U z?M}y!mFP!K00T7{=$>`v=xwKC&wsrc=?H?6VwM6{-zGV~m*_~$kP;{qGk)z2PDif1 z2EB47{;2{?wx!E_G;NjW5CeNxVyNL7YHFAZ|{#LReQ=ze#I+m;GlDO1GeVXC=+ zyH!{p4PfK3-KD@UY&AYMY)+%b5)&$7CLDm=Y%t$*K-4>BZlsA;mn%-LHnCHpV@eG1 zNcjd=KIUlNgyInmsf#4B5;+CPL;N~-i?`$yF>qqc1PWPVCt`uZKd+s_W9~ z?UyU_etxG51-#I2t|Lg_@%}KP2v{dRS4jowmxVzicFyNu=io+ulsCDCO~bC|Z{m9X ztM7LrLfFyu{7vSGl03hj|FsXqDvedH%8jR3G{Nh4(QkM^q(o)J$>>$aW4O%2tGG*r z9w8Y&dY31oRT;&KDnpko`J~(y^T+AY-i=vnl=p79cq;oR^M6+p-aOMrxd|4GY5OSm zc4Ew_RNa^(iw6_J=u4blCB%x)2Y+!q_wy?v#46RVd)?{v>m=Zm0>d4L z{+5mx_$8GRPrAL`rszEL(J+4w*vvJ4P)Lukak;!_{-F7o)`3ouC=DKK1&=zLYzUSz zw65KqMJ35Ae^5)kZy_=IOcG09qW<<6`g63yH^kMdaH3IsS6%8KCRGc>ez7iz415%->5~iGO7NKHdSTIDb!bxnrEaU+4KrniR1K?j{V) zzxVuI!hanSqkJDZPWeE-WwNHc?sh0=Qz~jO`TW6L(-w2}$t)Y!#u59lB7D9c2mTz& zr6y$yx~;aDHM=G*f0c$J)jYP2i+p@CW(0wc!I7x|?`FVQ~L6=JIM7}@)IjpoJo3?CmBVW7RI1Jog@4#TcI?_cYtQ_QWRte;@XEjG=rA^cpH#* zj^N3T<+3dqOs3X=$3VB#qKzUW(QpUuF{|Jff`bMEI~1`JS~8W%SO&o455Ugs#K1_F}jOvESq*X=Lw!IBj4A;VyQ`NohL@O6rQfi~Fv{nG=;;-sA0{SEp0 z${{`xBY+s&K3t;<&(4ami;(K6tECn64vRLQRJP*!LOlrfN!uodq+YQ&E=;KghXC?% z^|~MZV4u^%(IKZanufm-I9hpmm2E|?%|J_kM)6>}*0Ca?{w&>QLa_VGf1w`ew(T#! zjQiZg0T%|fdQcdYzw2zC;;B9(xr|(?Y1;j2LC>#M)Z41mwB$7F?xUuxxbSw8%KOV} zgdVW~ONqWndV6M6{`wP#NW4~OMUs4_TzIb=$nx_GKet(`RZe%qrhPimeX>tFfqf*N zltj;ErWN{1&yy%w2Q8#~Z8(578AtGg_n^8nImuTj=uA!)gs7ts*XC^@Fw0$c>F_Db z9k1=Pmtg!OLu{(8io#(CRiO-aSjOAPeVt^yud5I#d)qy~1XbxQ!$-)i6obnnICFSY z!s=0FsO&;zxVxV9*G`KNdOlNLau>p2*N*Z5c~Y2){8opt#7e$%A_$j?GFgdbu(THO zM^Jk#`bdtejLI*3nn9Y>>70XxPmUK?PVGcgLW*z-)RJ%}+zt&T4-A@MMQrp)Sb>Wm zj*jPin-3~;JVD0elB!Tb<0Dd%5l3(Z4C3(d1V=Zfh=JNiw>>~3AsXD zAnHhSX1sLKjt2=}hu`={1x`T#LVRs=?Yg$<$G29pMrMz{%MB)B`@v0gYQi|}SYX^G zFg(jBHDcR@vsjA5T&_=MYnGMI$CYBVSs<;m?H7iN*5nw4 zcQ+9!jOv;@?Wl4@H>>$go}>;s*Mat|6fz8WK-q~F4AjHSNLlGYdt|m!a+0}zh?|u} zX&mF)b=-6|+76jP*3LQIZWAZ`nOj0A-7-yBw*YL0u1&UGQ=%!CiSUtVhdSg*`t~wS z_bgpPYPu`$h!E>8E6=LwQu@U~!Bq{?v@;~TZ5F6H2aVmNjgjGLSB4>Ga10wuXQ26!si*WCy%nFz+1Gv>{LG>qQ)DJlG+k?1j876n}QlJck_r8u1hu#Jt5uk z6*LAff(eQ}hVpJe$PvK3RQHta4(kVg{U{rmfsiC>q2KKeLoX#PO*O#sss>J1T-gwn zoOQ8SmMR?6dnlVhNt~Ko!h&VGB~}UWtF*PK2^!xY3ikyzQCAb7sUOR=vfR#7mp^o2 zl{w^8O7SrMEOo)Cc7^qe2Au{4Izu*I&id}|6nD5v;KkQPR$D5;Kjv$)2CQ}*l4O{2 zOxRv`I)w>X-5@`Q2|Fd)-x*85iib}Sa;ryNj0ZH1c6HEAPNwh0H)$^XZnscjD1C&T zvMb|W41O)@nB%OJkA`O*{iFS_(C;k!1E;HKin2Hg%QsonqgS$G|Y5^Tn6HbX>Q{xK48f z&!x9y3$Jr%FC}Fy2P5q{mb<)^XNkh#@MAX!o^>{LZ0sQKPk5Pw|^_!B>Qth zRh6g8S{75^mT;GrQIo@ki__=NoUtld${bB7-9fYWFCtUyJuFU%iq7XcU_aF?4cv4% z>lq{K!Z)P1f_hsiX8G^^T;@led+2|Bm%B$;OoK6;uxjmhouH@w zt}|gvd|HrOTwYdJcV(Mg;H!i(X(}8zRJs-cim3lL2UFajT-aLDXe}C@Bj+y!K`lL+ z`|Nzm;hgNG@Udz`lEd#{l;50{h53wjCFuM=l^yr+Ura0V@7zy?mYpT3mj^Q!f4 zV~uQ}`|$TMHf37Ougt}ohY1gL9`WxGp|tlmySZ1_juZuKw{7Iqr3;S6n?E!(WHuWN zbn~q9W+nkM&699$6^ac7KhxO{;y}~E&3D-?)$kwG-oVaSzaKC`8dls7*y#NYJ->oU zI4)Z+gJR--e~8=y-vbWG_Y0Tc1CFPe94{LcQX9IW`KpecL?2KYW6^p6@=VZK{8YBHQE?2T zTkNE70K`qW&~HPWIjY{Ek+Ou(Q>6ZHrc0OSO4s7q>*InE(`-DO5#(BH|ge ze?ptVlr15(W9=t0aku7S;TP`Rv~Dmf;!aLy2&2hH^R-x$jk4HDs!JR0hV{WSbD4P@ zlQaEsKvhpv)MMQ;*3bQ=tr%L|w(uF=FeH2TFr~~$_xn>eoKc2?Dop>1=S6@N&9}R#KZuxZX@;hOGF)Ic^8WJ%qw4jFSnT`ZxSe2J4l4 z93dK8J@^C*z*+i<%h0_^kgcYEGlvFH*aUEcu6Kt8fJLeXwC+JNrZ2Z=0%wp@NdSxQ znLr_l2HJog>dMhj>YpAvP4~FN0+GxHWJ*tx;fxplLc>KgOnPsVj1Z!qOq%28o085R z*Zqb=TprCeY>_4Y6{^S~VVLhrLV&UPNaBY&Qw~W@vFBsckt?5y&PPz_10)^(_RC+L zqZ>I4$|ZQZ;CdDiE^#Cuv=kf+{vUa7A0Jm$t&gWrAV4Kic?oY4u!R&GH7X{RESt5UO`9RJVz=< z1dLMb?|If*d!Kz~CT&5#_n%)spJvY4FKe&8_IlfEznq8ESkjwm1!X?MqMS~jD+5XI zl6O6%t=-?HkeCN32X7wujNy^(z7d{VO}7k1J76B{A|>FHOe?54d|{1o;A#V)r9Z45?FeNL!^F>HgcnjWjWUF9lz_)BLveZb+GulR``4%Brn+V~qd zlOoeBma}5umQbs=MnCNji?v!Y>azgayyz_4$&)~vXT|6z2gQ~|TizSuwnU0qd>P$@ z5O>HmM~>|wU(kqetn0i^N4q3kgK;fn&hE;74^9~`S-dugpCN5?KH8z~T81A)LljVs z@n9P2SgkdcJUJE0Q^G;quBUrif*jriLvBm<9mOJXic?+iK^2*rNzI}SCVpGzM?3t5 zGyw#0VzeIIs-u#=^g&vP3w{?Z(%;s4{moqvo$BfzVl_aE+PY5BA+Yb$UXE(GHp>=J zAn;#6O6X^&6-vhMrT8|oZ0L`RkZ|}LY@#-vKkl8zCSXU+ZqXeNpi$E4+*2pIP=Ax# zUz!LQCML;lY#;y5%lC^$gZ1@k+GiRldKyLoNK0ludWz$cdm@Ry|EzkNI5HxoYg--EuR<;Lc9h11VL26Q@kqZ)BqL@MtirO3P&N>=MN#dJ&b?)^MOw^#4nRXU zR6LRr{d$L>@Umq__rkIj`c&$2PnbsJ0IFo#qL7=TZ*%f(n_QPU`gAPyngG1GJ%Y?g z_6`#3R$%>6H_G&o<%TNXxmE(#VzMB`5sw}r@!TZo=Y}BNYZ#bPG~rR?>ZFD|2o-FB z*(zFcCwy-}6&6V}Ur8jskXRrRRy`m*|k8&T%IMXIog#S7n7634;vl-VS3N`55{Dty5)|$m=fh8-dIvMv1g9kR)cuM8Y zMtcJpF2G=$Zw|s{E})FXw5{sZISe>ql3za|dLw!v71f^+-fvD9ZMLG% zs&y{K0o3UzYI9l+?sO~qKdvaS36!YlR0`=9>vuaIrIR`dz|J%DThO^T=_lJb&%Np% zKG5{IbPDJ?Ih_L92A)25{(-&$1stw*4%d@ieVz79b+4HApfac#bhODj`sk}hJ`~oD zDm#1UC()Pfn@WVJE{wRKgPkXV`mCue>@oJ*vp+rnRzx4bkhA2xSYYRipqVc+=t4-s7d9CtekANC2d z#9A%R=3~|~&`n67`hv3}3!)_o29U4?PFwcB1r_r5OULRum-yN)v1wY^rv*HveB@^LS z<(u=>neUq*Ya84(C!rIXOya|V3R?B|ZHkF13a-?8 z-uq@5-MpeW7NshAkEu6w@~`K;?Lck9woy}(UlX9VJ)HSV!yY4nO#_(GfEVW`+}CSV zt@rY)3b!rkw6i+m$%NxZ^)3GJI9BJ0t2S@ZqcCADKicQw@D~4JwC_R5GW!&cwp&W1 z_=`Cb`&8`@W(vd6t z{8*E#D3kk%Q<~L<8OA)LC@u_2NC<5@VJ2S4HSbS(A-E579G_%wwLC*0xfHPm`nJ`; zf!o`_z1mqe(C67$e5L}U;fsqfyS?~M#OgVWm93qZh~42=V#w6RNtc{e=%%5-sG!2R zo_{7z#^}AYgiB4ly;C6fp+GXUBa$gAe-Y@$aMowIT9CMFLMVWBfr9pRCE)Mp@8j&R zI$irX3YKU%w{IzFNcCkVvLq!e-WTIy?anBv@Y@mG}fESO8*f za5^majHaW1&OIg$kyh_07B%pz%*=udsE%@G-4{tXSgSf${40;8K5(kTYGn(DvC%< zl^<(uXMbr&_UM9`pyArD-fP8mv%T)MS&CwAJTo%6>B9a6?w?Wi;IxEe=a@vsu48us zuM(^|M9e+HQ2ida%!_7QedwSU0s>J@+)@50*vWox`!(QY-dijFx0b)h?2o2 zL0aC)X0;nrts4+Ekd91M8Rx1;aT!DaVuS~QyH1_fV(DRBBVbVk|Dc+W%spQcex(T% zl^yDCDNdeH_x)m5c7qMZJxMN>TMsZaP!=&=TW@1c1c_a+14U}$j-(pMevZ9an+VLv z7WvO9G`vc@?NYw##KuClAPHRu#Fox~!G^X4h4O71z$WBb^pv$ZAv;oDWn08BVn!e? zr%btqXl)~E@cL5IL?AcF@Dz$WVxb&qGZLTY)T=D@{g*ZXNU*Y;fGO4%4BsBC?*=#I z$AH{x$9iH_tl#diR$;}P?*!3o0-8~LDx(y}x}d@sVpUjIN$*E#P063$uS(f-1FS=m z9#f4c$OOI*a7$>cXk23Yi#X7W>5VD1aMJilBr%3X=v-8r+dJ*Y(G@U+$g?;^$7hv2 zhVybyrJ(=@73DJ={c0G2d>B2PUj~QEqm8+ZD8?ICR_;&`18}w6owNfZQSIje zLX-k5taxjFb(Z}?#RgErTpD*bDw1UZtx0}Uk<1~frIAcL%S2!(xf_+aN=nnDz{FqJ zJ1mP^I}a*J(d<~P1lJ8kjJ8r2@fzLl@c!t;+Q^L6?89 z242a`l|uqVJo2}{-%aeJJF&!OXg@|U@F=x-RQHlyFy!`DG@gF?P?*3W z!Mgd3FbxNwI*thwiWs9^>aN{8OpEX#ZW*A{uXHcn z_r#SIZ49wDcqvyM`OkeCZ8Uo3J#It6NUlp(CFKKIN@lUk;iTX&o?rE%t4#hez{4<( zMqd9rW=ks!mXwSU{-;{uMYAKHhiLQ$_P|ko%`! zW)yrrRt@Pk9}qohIc`r?nDp_pNO9cnJZ=R!Y#}1f7ChCLy9(wtK+`^Xp#jUlJp*=Q z@xgqMy5gHe@s5GDj(0?^vkLS%uTUzntC&WJgT=aT+hk$MlIZ(SQJMi6eoI1@&bP@M zwY|eHa3@|MeHdpsrnwf2Q#H}8P**ZjIMw0Sf2k|5GYeei3LNYUT~J&O_CicUVaU2Dd)dS#it|@A#B!CFC(xq*sO(VKI4?}@%RIPs49C!R0T;Jpa|M{@<6n)j}&4m zCh3ik@?^i3)#cp0$$^445-E2I4Uj}XmEw=EE{bWBa_NFZ*epgsESdqy6d~(T5tib& zrt0bJzlcy+;H?P_Xg-xklh-N?_pCDrIlb-6(yTp!0ayy8#@}v-Q(4Fh{M@MD+(M(#5QajkZzL+oa zq>hb^@ffSdjVc6{he){KiuP7hf_fg}A(DX%Dn!4=DiARPndmU2fc;zt1UN1pjgFG8 zAdbB6W~otv1V+&$EU^P@2_VMe+id`&JNdwr&uOdBv?5fLJd{Squ>tF6kDFq>n1!7A zkUhg%B%?(^pF7_y!(Dau`VQ2NI>!W-F=VsWs;Y!!F2tD4;01_{=u`Sc1PX;GB2bsI zD;pO}rld;lL`0B@d5gB)sDwUPy8|{7xxNa`NP$A86_Xq!KQNC+L_36^wWEwCstd)A zW-`gaswqir^jMBtDKOZMZ;jZLS=q?>pS*VY%5B{uSz2tA^iff??4qT@>lXjj`<*}c z7`f09`88Z5$(iLiH%B6bmM~AS|2PBvU5$Tk23=);>rG+}@orZ*+%pgO1O?+@P zVJE%L2xFx^IzuCxBVddXP@i&wERYW0d%Nde5vXBMnx`5@>hzT7jT1T8S+ROH+Wq1u%MYAr{tf)%Xdo2sptcPsjhA!NAm9EVYD90SY zVXGlE-(OA6hk0(fz#cxZP-H<`6Us=G)B6+TN8}+yVe!1d>_z~ED>A$rflF^(K*!e8uJ5SQY)ECmhpSD=a0(u>pcuy6|R`70VIy~ zY+(q5Is5$*@zP%yP5%Y!*OxU1MEb5+;bi^#_h*f_e%{83Ia$(v5eOZ%HCm%;g)jUssm5Ee~# zfb9N=lOPzslmz|x;V_2^7h^(pBjH2*f&rnjGqnBR_AY0&MNi1fOk(>op3 zgV|nE3iEkd|L)TWfF8$!mR|KGT8eV`z=fIVWgutLkn|B}-Q-p$Apl^AZ_yjy1r9KX zo%@P%rLV{JBvKI<2mBHtaq!9zx;z9TjS2?hf86v7e5S%;*)VGHkw#^pG@!!(^V$u=jLY z61t(E4n|g4v-2Y~qRMIWK%PF3rw`**-s^o31OumB?W)T>0Zl(czS9F)yK=kRcGy<-$Wh%zc z(r~j;ni@p%rSwX?CCy3FMXrDz$D?vJHm7X>ApGC1mJW6`1&|AD7LjV<=w<3^DY#Ax zA_n=%_6ezz;~gXF>Z$$@btN(wg(%Aa1K`YjS9Y_m8l}SB$@SUFC4*s?1#L`M$zmyV15^hHKCYJ-=WgG=k`R`^UCL>amEwc z+g3$TEp<1hP`{n96HE@brV1^qx`xDdtg_ZVoV2!fHjt7nB>_^i3fWb&x{9ef=OuNn zL!A_c&-__2j6Wm{BG(F_ceq=E_#ZaM@TVqE=9G(){bXQt^Y7GKa69*OHeySRK7it8 zOb5zH!G$bj<^ir5E!#mz>dNlfC^~E~?Tf>M#I)qMj#w&ZCD}oU8(et5vJ2t3mhREA zY$+3r#4VZ(u8^?jQuiv6B;v)(HReXq%Xfr}?456Ouw))aFR3<=s^&JQ z(%qZ~Mz@It>>@hzCcqG_psJx_3Q^`y&-e6({P_FF+}3kCY4Cc-BYRP78t_y+{-NlT zHXH>y$0gA3gAOBfi73Ncv(Gk&!wbS-S-Jbc^vGyu&eaBnO#>1l-0e~Xt^+>qIN*M$As)6}Ln8am*|9F72D=Zro+In;SN8W!H z3Sg<~Y?*Xfvhh~*ZkL#E>n-Q>r&OkT0jtj)dKwkdsl&vf}X96;|FGW3V;%Bp6brujeu=Ti%$6w=GZkY479?B?BA-T;F)ffkI?ckR6LGk2gF1{0E{Bis-Z#C-x*d@efjm zjyz7Yimcl@X05u*~9o`^{v-dD&SYFvLd7J1X41^f} zr{$<#PBq-&vI?12un0N{f1Tg)1${oIdHUX1*OBq>wSBwd8OxnF)%!Hm*{$wI6H%>$ z9j{^c8>}qOe&Tp2wua!luiSP`3P`U*{_*mO@2z4WN1+=-S!qC}r0W)CB_Ysth9E5u zo2LV^?Bel3!&_pm_pltqqZNY-OZI@S;l9UZsA)Uby^3jbmt)QjQ~jzPfMGQ%T5GFz zlYJqvBT-@Q(@|l)ixNU+@%cXSrUi|p%qL;0b!Aq{2$q9>Wsf$uwTvKX4yx2g^#hH- zB{>xb7(!HyiLQ6SqPH}F{hd$v6~i7eP(0P(WW^kb17%0Ma+C0u^KbQ>(d$hjEu)3m zle!*pcad;)5`CzZADStU^eQfKV#iTu z5`XebCPAJq5YV1ZQ3ahMr4!JsLZ^XA0%a%yF{3O}N)yZPXTV;D zva>zE8c48!KBW= zCHKvRwueiHdL>(E-OfZRzAr-lnK84r?z*rBcA(eb8@*_bS4B?+VxkX~S8Q@jAp@@r zD_YPk($xp>YBh6(+O9{@D|ExdnnYM+U#s1nu6>Pr6+(eBj!-33!GF=!+_rSBlXOfR zNGlX=7Hn~_{D)E3iLw@kL?NVC=L)qjyLSD=TF_F?d830ydQpXOq9>*sToP%*`ULtB z9y(wUBLRm}K12pJRmN|2{;&G@TmotnypY#<4WL9#%x}!v80|O{L%^Y$RF@Bjahg>w zWG2nXZmPSEVF$%^lB_61vAI0laJnPEnRA}0KOMj2j^sLiZSJ*v1V$)Tx-vn9b0w(0 zn2P{WZoxZeiLVjd_joRFh#`BaYX6M43Q<#%@d!$k6xhrX5 zKqGpmWTFU^$L;fI9e1Z90`TGKo44Tl1Kf7tQ31!K;z5c3oH8b2WQ5z<#28@X17QiP zCH`nqKg8Blh<<*E;apU9>(?31&&Z!{xiRS#Twb7E6MxX6OqG0kGIG2wNf?y9jSse3 zI;Vp=#^Jx~cTuh#2EiU&`BU3$2?3znQO>~|Vmj{tpD*r)eLUF00|v$`aa!?D$m5&o)RKFxB9q)+6j38y=a8(b5wAFQ`!wPRn@u$0 z$E4*@AXVk$?I_zPAl5#;>Xd3AYp z3PKc5U@g;0cKo&intEVz2QUK{LhR6jTyZq%<(&%%Gn@;QLP@Xj)m{KAY5@9kW$c&V zJt2WkGaU&6)s##p;iqH*d2Dp?5}i*nJYp_p`P6cX%2L{V$b@ls(%M!l7>XtxJ`%AW9T{{9asxgezHCHU)w1QYC~hlM-Yf+8JErvICU1QH)mWx??4u z`(8`Y^@u8Q&R$NlGjE7ax|yfE$2+|(D;Q`1CP zEv0aD%Cs`-dQwka{0HaiWW?MYZ|$yG6hJ zYxM#9%FfAvwW6Big3=B3%1R&G#L*;}d4d#0`e97J!l#qK(9UDI{`U>c#WOO0g6$4MK=>*) z!agQ?l@zxa=^=ihsHD3OG}Z`U(8+)R7X&71>JX+-mqS3cnP<$CU%NBg`lzI%q{T#~ z7P!hSO!iVqVeD90XL$H?#bQJrD02 zt|;pr;9e2}b}`8|IjTLV@SjEQ6aN`xPWjK3@s)Q0VF{mf+x%=~DZ^>vp1)fObrYn>AeplP(eA{MNWkML#Ogz;X?9B$-auV3t&0Shp#FTT6 zjI)1RkGF1e)498L0I6IYPhGXPQG8yi5v@lDPc==PMC?+bmt=n8IC?!yan*Cckp!LK{q!I)8)r&2hcoed9uWNxkY{42hc$K|nJZ72D9_yiccBP^a=a zRm);S@$r_$>8E`h12?#w$}HydLl``7jf+3HT$ZH$O+KJY$6C_pAV+r|n>e$-g?lFQ zZq940Urj`*r6>iW>S^v?x%_8u2d03{lDI*p<5DL4nA%MZ+c|h=9duwm#^=56wUC() z()U3n_2E{^K5Wn##tPd8Y+o6Q_%ZnW*p@mC)g6g9KtNFrRv+N@!L$4khEVXgPDl$m zv>+E2C)C42V}abaRjSECI=L-pK&g>SWWy{UFX4?GhApX;tWhz zOOab03$i`5grG(){woR?G1tj~!`+8+Mg(1ZK2adMojPn+z68U8 z$1^@r^)q%f>7m%Sqd-aRp>(^WS%9FkgGCg{QN-fhs1vOIb63E*Lym+Z61K8 zckx#)BXx6U1)@Uj1HYTl zRhtgWoxoCsU6GSp;EyehhsnhblV5F4FriN&V`&3AcSJfV?UxL)9b)1Nv~$}uOAdv( zBTl74Ed``D<;lU(PF&s49;E53sv#Bo+5x-^RWuqEbUAwjV>klJrwTox#6cbg#hrde z4=6TP!JQF6YKC7tF8L)_q}VB!Wj(eFh0Yf`$sG8z*dBF>%Td1)Ik0u{CtR^){lILy zYdbh2pqng@kSg46F_)|KgV8OM!Mn2D1DF_AHcGUse#xeMzS6#_hw$jObS;h$GC&lM zd_0(a9O+PQBm9BV>9yb0{KYm+{$MVce{#aK;u=u6Cja-Ey6gj8*_9}~g1Lj)<@!T; zr{FLYaUdV*Fy@zJ@T$U=jYRg{8amsLqg|{ZjhF6xrH|T&%6+s;ol8(k3`JstEDg3| zGNd6s4!QyTAabmQ+P&0KJk(c`1T`E_Q#lT1hXhNp24X;lP1K7t8Nx6YC?oDoz+FPP z;``#<2C;+$VYhaZ|0V~9Xi*c)&+2FzI+Li+PB_FOB%rQPu5Bg2ok%v#b8l3~k$f!R zLI+_+JCMCvN3{oKdQfI(Ez^@kg@~5b#?2b|8RBHBE#k(7oU!3K;Kuu^e%_#T^9Wj z8;BDcv}0`0lOgov&Avr4?-1kpb*UtbTyB2cgboYUv~6;DPy8p$qg*2FH+Lp>ycLyY z8=u<)37&x+bUvwIT>awWEgZA0z@E0D8uow zFl_=ww>FBsj00L4*%S!wC;g|HeHIW&26`nWk)1GR$DpskAWTHxv>MjI6!WSt{FelT-UR80{;n@S}#~lt#(IIectiT){;IDfO zaF+n)L%MQAkCF7``#n)4CVFo^mu#X>$Ol=`EnWp#4_=pNKZ;-$K zgy2O%Nniy^^S>-Yuf{k~!Js{?)YQ2T<*v5P98Tvz%_3Ah2snZ^Ua=d7P-t4IN&x`d z72>&QTwYTAVNP^UA=5}Km+!7ndImGRQOZd(aZ(Pz_qsJv3=;x-CBWqP1a2(H2Tl&g z$DngS5IzisuSv2csKn}ekgzYl)N4nb*%WaF>tMEnU9*jN9mL8+@@yoJE0WW+BM?QE zw!%q6(MR4we|H?|;w&mz2x(h^RS+9?fdr#?^(d=%STM7FT@NxsC$D1vr_RI8Wx&*$ zo?1Ag<+&g<5+OP8D{!4bSjcWHjX*KDPbiL$^kg5Z>oBPW{i%>=XBhD2RfZ4UkbTIr z*DPh(5(WU9>TUg`gyG@@RPNWHhSmw_$Y6E@dQ^h}HC*Wq$r}b=kpE1OAPnJr4x8GJ z091pDGWIis1{^tJz#-%;0Rz6r=gp{SXEy-T8o4LP$s~%ZLEv=;mdHpg4&c7bExR-O z$P3Zs#7TG74ns;p(zPH`$YI*qmbOLAI%+x7Yqi2Mb*!W*q7wU~mm% zpaFl99fB_F0Cr_yshiwvhI0YGa15z6@#O-nt%!&fD@UJ393HeQ%6N*`4JZ_r|z3H*oh01Dh$hi%9J(nKJK1Bl#jJiylkp&{T3&&c+9-R2Nl7$WoxYJ{+UvzLU> zfCa=tYwD+V(JD0;@gM@VF-KSk=e|A$R7EomG20iV8Z4`Myw(JK;+vENeFXpjv7dmG zfPpuMvd%Jyv%_{k2id;CXE1Pf$TTGGyx?0`Zn6SGSWiNGvc&1PVuk$DTF5pOvh{8X z{(s7=0ml{!9-Z*`W*}`;Sp@=7Dme%{Z9BSXcqU$5_LY7Ft`npE( z#c9TW+neYhW&V|65(L2QuwIJvd>bif-hR<4F=;_rC9np9|GWyvrW{&WX3|uzxHYcv zbE$c@u$74yxLh5t5wM}7)kgH&sUqZqVR1-cf>To91`wz7vx0}LUP&u5?hK#Z{3nh~ z7Is+zgyDdEMhMCq=(s7YrB7V*nSJoNw?s$q1cZ#S8ke@ds0ll8ffI7K#2Kk70W_i- zPgPK(3>R3_kP>z{*T75cA4i}YSo8vmUSJzy@sd)|Sb=kMVGQ&$HORJAr6@kshPv(# z8R2!-c)Gr!Juy1PidiFa#ONT$jLvO0*)VXzR^XjF*&=5$>~96R>8@F#r&lkgG#i9w z(W_j}38~c^{T&-y9kt#h*tPVciC|!TxXtZnY~NG^GLEkj=5)0TS>P7By%#_^_g~H5 z!R##@mvr<3nM;|O8tOn)pP^fd*p4 zWGaynezjvA;&4=n@9)5RQcze$IVqC?2Sq`$Bkx9xpz_R8k>Re+R&)UcVRr=`WP&rr zq^*`Q2y~+t4R;2C9%`B2_3vmvM_^6$#u|er$Qs-Rn9IE=w!^Q5GszI0*4^Xmwx-N_iVBqn*p&zk~x>*SRP1 zas#{nY%YGep7{HJY>6ibs!{?5owcJ6?Exd4Z(9nQ&BuGL&`nOk_rM4SmaYj9g<)(Q z3*C}Y=wu@Dn^8j^eU0gI92Ch`P~gF2+TM2qoLw3Zp}he%y7ev`$>L0H z3Wiy0>@J|>y+rUC$a)^oj` zqiJw8W!mZZranHbvXbowxnMU~1w`tTvio}&SOGoldOKi~X!q#F`ly+uMTw@8A{iuj=$3HfxMOtduQcZ5Dd zw{$l0v9NeZ;-tIcbbJyz>Op)=u!Bm*7!n7Of_!m4KDswg&=CcKSA?DO5=Q+sN~YIS zI;odIeo@bE4D5fJ>EtF}sMIY>zknUjbjyTFZfsLJNm{n?X!Kk$%GH-;%^JC-O=JG5n$c zzF8Y`C%~c>2%B9Q?}wSAa_a^#RXiwhE-*lTNh|Q!mXNhZGk~k090*yfV=5j{s}!(4+V^5g%AxMxZ6|iB7>)Bi8cGRePO> zPMj|TN%x45p%|`TyE{7HnNt?#4@#XVr8KdS3%dXUOHr>48Y)s66*Zl9u$3|Zl7wnb zU*J)a8k3~P_(2UeZ$Iq^u6@0^X@CB;)oFjoYen&Z*Nx)MAKyBPKWwj#;%6~~ zi`Oc9kd!$v1m0@mm!ZVATWN0G6e`Vy03ajml%{HktAu43{G^7s*u9Bl^+1dCAoWa5 z?a}GLJM;|+^Sx@2eq}01--1bG zV%yfq zH*N2BG_dc|kGALKgYOvi*;1V6<8RGK?^^m~S^3)^!X*cymL*_Brxd|(R)UeoBR17@+DO+Y6T7FR z+8(I7PI0w^>e!Ww6(tkACbKC3ic^ac5Y#5#>|@Goa8G;$6%23IcY78x4nlXUEM(jw z3mMG3p_6}or1>K4-D*f5!f@Fh^c4SX0Yjs0kmdiQg^XKX(?SM(KrCc9AFvrLc2H`Z zIr7SvwybeiIFcO;gTlJduKed_Kw@Dfn4D{L%p`}yCMzWMoix48%jR|k$ zA6hs}ZlDNoj1mCx4C>XyIRlPfG=VJU(WA>P3|3;-hm8jAOTiH)A`6Ofl?au&{Yb-l z5+xkL{yHq?w`_=N0TiPYKc~(Lt3dB>waQ{($trzT1>`6WW`95&fy)RQE+UeUQNqb) z2qBhz-i{?^w68>Aw;AFGcoy0+a_BD}$$=IR`B7u9Pqng<*7`1SrBvwMMrsF)#6K1vZjYdAmzVS5g1`jUO@x zO#0p`VI9|cs0eo(>bRZGB>U^cE&ebrCD+yi_ zSN-w3=&HN;th=0}7vkJ1WiTti0O1|w^$e?fZWKZ*8FjZBis%&cFN#}0h;~gun?W$n z6Gc!_qHO-4BMRHAH-aWm&Fe~eigAia$aKID00wu6Xss7qz{H9+(<1O0koVND>Utn*tTI-UQEhFH zjVQ?b=*_q`UGWZ>shYSeX(+HWC=1JBpTv=Pw*(E3LSgt;>eNqsaQ?$QtL=h@UvnLU z7baF2TQa%XiAc-`K~D$mjQV9kFWy>^Z@UG3KSW4@c}sU&Z#4WwIJxTGm7^~MU|pFH zn)Co7r@8Dg9((cFBQU74IV-lf8MHDOkW*#x>9}(XP*&^8=m-28S3pnGw;l{o12}4R z#gZ9vByNTrmcTxZPe4*+ng$YJ$&9^T9c=zXL1{d`2IF93GZ#==dJr^Q#lGrl*(1N9 z(>dmNpg$QJ^ix3e#Bf6_UWTS>jJ!U^@Mv{PUiWxN$xi^Tqok6|$YCVAPyv^b?7f-_ zl95P9xW)^aoDeD8C5QgX`hO8RB^RFpoUGGydX*B%E;*G)a~_w5BL#H*#4aS9Z2M9Szo4zb!PYe!)ddzp=tC;wxJd{> z-cSWVWZ?%P1SUBQ-~+Bg2w?@^tA-GI5JKqn`}}tMZ8$bR5w|+PjqPX<+?)uCQ#}}a zTqgpA5hr395D080k{8vh6LH@eq1La5Ohf>$7?y?=Emh=}!W8>JPcV z9nHT5?#!0GLL~4X+|$zQcOah&b?pOpuyeKpd6fk2n0Z4d|CR^tq@;KeuF)~bWVgp7<=iwDWBIsg+ueg`u0DM`*g0fN=MON{BwAz+TA)uEcq_*5 z^ecI9dI>ne$imAQB7V>Z92v3kYVOMdX}w_}%|`AdZ4_@|Ak7g@=}F>|mTn;GQ^eotJlrxpTJRT=XY81pkHM5mFtI?MQ4+2&SSN4` zf3CZwcP53lCVCM*X0kBy8wO^C2|Crws8ZL%$u$@ZxyPJH0-y=8!Vn7HAi*9VdI5L_ ztp0V8mYYv=3aRH2UnrS4~G-?W0nvh%2JGxsc<0kDHB==>-;zb{Lv zGrosXHv;pOeFEm;WNXC39re)DrSx)#u`uQsIU&{O$y51VdQdEcJ4APqdpMvBY*iZ%s~Y5?I@;FAs44enZfAM z2qz8vH=feR97Yoi=EG-D61NNqQal!Enw==k$MiE?z>=T_rOK~yfv{2{{uNEF9174H zVjYKo!#$Ln?c3D_JN4S|Lr0dFOXXE;|Y$$mRKAyXxoBGv&;?RgNv& zCHt5#VsbWt^BD64)vZ{r9V|JEf3<%%OTRElPz(RzBtb3vY$oUup3ZA<_FxfiDBsrE zgBie0c-O6n9ZqB^ReGVpun1u1*R;K1lQj`%IgU#Hl%uI2E*MyjGufyhg*h0NcYn-A zL zm~JV@=2!#x!F}NpaducvjSb_}*r0cJnU_JYhTW;L!5gxJoDw_(ZZ_Sg`Yuy;UuS+3 zr~V}B^}q>a?!UT8 zr-d(a^TI$Q`r>!C(~wIX(jq&&^}QYi>^kvCr`eIen;lnI$tNUn+4#c0HFGPO+*uEW z0SW-tbd1C_RF^loFAxQXo2R`TE&I(YTcV?n+pR`x=vg)L^;oRT;UYY|{AueJ!rkA5 z{%z*r=g0|!^R<0ljs zIX}lP-fVBU2o-87ap?7PM^2 zE&OqFZUPyogf>dDEkc{!4F!P>{*up2XxbvsC`c|uY)+iGDN6Ga1hf%_Ox)0YIGu$n z8};|!YC&1)gBSu49yEtKh@sdnA2$k8Ps_6a3`eyB^#YIu8mbq-Zo@>NZ6knwnN)pE z*IXMuN(jRsVH41EBk2iL>28){+;`?e3Alh53tXGx6(W1CcFUN%9CplbHBSWTn6b5h z>w*K+dK(zbM>T&)#vk@0!c-fz7ms3tNksQE*Y%S~^k{{{;_q*3Ew?{BISE!SN^f+a zESM1`h8UgO5}!3u`a5dqTObzWXLsKG1Pku;symNU!uT9rTlfe$+jGA&@d9}>X6!ly z%0I1X0Hx^Dngeaz zF6C`Y~gXkp6`1xN))#@?boF|Xl}Qp&^YeeY{>Rta!=Q3A${lKoLF zfRs$FUcJzqr0AE@I?c0X8Js20mTjFXsL3wc^^8S9on1~iFmf{hr^OINP%hQGt9|dR)pci$ z*XlQ2PDQILTu#{P@fbzn1jos}U_}N1WN1O$WGwsQw;?@!ZUy#PoP-qjK80e&U2+hF zDsHNP#7wk+Dq{Pn2jv;ml8_728)9{ca6$95_q&LNRlpT|2d2_c5wX8rQ)wWuzg47B z8nCGe+8WI8ex4d&j81CsQ+9HLL&eJSZgAe!f^R0keZyBHG-M?xU!xFL|sK9UFCh&--1A=#c1!-)uuye&x)q>dGUJ8dq0#0J7sS+S)ROR*K#= z4rtSr8>b2A67VnAl~V)IRdr?5S{-ZCl~*cg+Iv(_G4jJ(*Ohg(AihfKD4m9dEyZzk z<>jimoDoXCJLoH=b!CT03$>@yW)?MPis{PJlQO0&WiF)W18mGrCZVGh8n`T&kXk7DdpZ+wZ@IsYd(e4IGUb~YuUW|}aoJd&me|L06ogr7=s>P7v2 z)#bcD$x-!ty~}ys1iRO1&5&Scd4d^k2f21CaNEh{RN(eptM%t~<3{F^!F2LgsnLZ^ zLD=oq=$z0w260S0Rml2UH2S$Ml^Xr@R2oJO8vXcG+V*I4I4hyR8+_*n{r zDrs}P#)xwKNfDAVzby|{g%KSFLyoF08m`bqTAemfN~z!WS%5671UNJlL(tP_YcBMN zQv$~(DW-_tnxvQ_vKTvSH3HaJ{5=$L{DV|tIuzdqd2xv$&O!5+dC(?O8^9V81J5Qo zU>bN^-*q`hBsnVXD_u?nS_f7`ixIf8S+WGgmZGrZ7xXHy?}2R>{@908D4EPS{@6H2X?*HCV7;$$`v!Kyf$?&`NC0d;7%yC4ZEhibfwXsd28-I4*h;r%HJxNf7sCy zd@sm9#>V|D#S;e6w7l!4d$!0&c~ONrkJR*GLT95wUw@#0cfnC>nDQUg*uWB8npIwV@f&BH)xvpUj*itm;q9>0vQ}V=*zC`<1&uIjYSZ-Sms`yE@ge- z55cM=@Q2~AmD-#;ckTmJG2TVxi(2Qe?`DnZ_d`%$;(<$k@(Ml=f`}Qv42rTN>?nA5 zM)vW#?p}d}+2sOoj|RtrpqTodGT{kJAT&&5(n;7KQJ#dD@GF=}fcGfxqeN?AwgfxG zkJ_L%n0q0W#CpBA;7>qQ%h3&HIVeFQOKc?^H4@JP3zv0)M=~p#ro<0}#=~HxhqS=3 z85-4hG>y^={0i#$1-_@J@b!2oO-@rlqv?(eEB4dI#Xg9L;b!jG_E-Rl2cIjDp2IT6 z;*M+PT+%>OCFngIAMPYLp~y?A09_ltpq%n;7=0_7kE-pc&~LCEjG+yolccB9O>U03 zuXR4qP1GtwvBc^y4=v9C^*Oh^6!n}Smn*TsG9?D}4!fgD48LB94SFRuBuWhERV|u- z;6&ARL>iI5lol!1VXwDw*O{sqhz4cr)L~)Q%XQf6ZGF4C&UtUBKt~bRpUDm%iym5?zbLo82CZ>+y5|!E1ZDLPGrwmAv*WS)Ux6Dge5ehtyHj0!0?!`mb7*{Up^q z6BzR7hwrp`M4maS{jCsqjp1`FXMfoh62?&_ZG}o!s3BV73KX4h@0Qd_j5bxZF~O6dssKyo+zE_4ARTPayG`YWpzK#!e{ zpalQ~kjv=^x(ll{3DE;x3_>;nn7XddXU>K|NoY*3E2uLxQrU*ui+dp)eWd&Bu41(5 zDfH8cXg;B|lggq=*u0DTyw3H^KH_8?zq>w`uV?NjK0gJ4I#rMAN1eFp0sR{yzNEh`+Nc*B zc8VXGC@UlbpxagM(_D;)g)5F6T_J!&l1_vNuoiCdkEjW3Xn z#wzRg*bmaR7#u%$R1E~y+;G42+E=zn=as`WByYpu%=wb!H29q7nX@x<+9l^8pYtc?{2pQF=#!H3VV^U~ zoFV44NX}%R^JnIKgE>b_&OScp1?KP!M6|EuyxHgcg*gkEv*kYa6lZ#Dv|nV-9OgVD zIki6LCFZ=HIS)zB6rV#@i}zs8cO++$&-p8J{siqBeL->#@Hu158D>tKGf| zFlT|};Lat(?eEOFnK`p1=P;l13UmIQIY&y)xjttzb3VYFy(DK}pYtknj%Cg(-zN=r z_BsDx4$m<}zmpv7Uo#B0Fz2t(!O@`PH2Rzx2x2_KoNr6cAwFjUbNHpC=szUqEk0)l z=6sPkS4z%-K4(Yf@QUf^T*<+Qdkuq$%sHDmS;@J?=j_CslbLgb>hFEzEhN zI>Y4KZbABW_Wf=SybG{)t=leQuWSu;7 zZjzjj`tmYgy<%`)dBl5?rA^JdmLlsPjc=VLx+Pv+?M!Li3VRw(rU_dmAZ zuf0tuq6Y)vvb~-3!R9o4nI0z~PN=(9$+n3U!xqKD;xXnFCOz2u=#@2a!$x7wei$`B z1=FhL%m>7{KVs%t@6Y*9ieaXX#fdKY5FDN{J97~+x4X=CHxFjN2Ptz7&0&1xwz@u^ z{eeT_T$+4eJrZ!E05FEh!?U?S1*@T6c$=@!6>ZeFolkIy0C%ZGX<^!}(Rg21S#nqN zO>@~e@j$iqJ_dU4?*HR&>N?f`kz_!lVMcj+hbSnnI2`IWydx;9&h>ENobSykoP$fB z=uu`zaF_ecHJlG;r@f4IsW*UEyUw0mn;V=pnVwD!ejE5Z2dRxr6|aX6&6Yjgelz@? z)AfPLxg5R&)QS@q%la`c?dy7w{*jp<4a1dozl!^QD*Wo`mCuoa{HU>ykK|99(v0uL zx)8`+fCC5W7$o7wY`E(3@z~|7pD&ekt5aXQXfhG3UXYBaTr#c$Ss&8WykOC zxcRQj;}?)2-%1M^?Yd&(CQIRXH9lW4UXzhjeY~1k82_q`S4Eyfo&#N(X^2Dq7m(P{2Q@i4TWHXD}|=wuioi5rDn9I=H!|T z+1W}^&A3BolyCa z!bKbX|MRJ{SfM6*>~1JL_D(mi$;2MB_i4BfRSIjL(Gp`5oPBw7<>Ese&rz=ZAsslNu#yzng@dwk6lU-hH!&tBWAKoh7%i?LeYm zAFX%i0TyqD!5AG7%9a>(sQ$fq#kVr1vIZbMn=t4zW8#z&#@@}?HKhhBv##@KDGNF` zfP7tuyS6=zV{kDtKJdt642ymIN8Rd$hKLxrF^&j zn}mm8738$owLbdfl%325ruc#D)%X%Bt5p*@u7Z|*M9OjC0jx4ma$UTSukIsKx9|mr zt=vbX4hON=v*@dbx!qe3QMn@m;N*@7(G~-*I&c>lgy^OaE~$^+3`W0VDi(-D)N}Rn zt5F_~Et`%gH@<785~_(u+FyXOmTC@P+>erUQ+N^Fa2&tb=~8N-8=LJm`t9q1v_x#AoH` z+uy{|o~BbB;o+d>8bJuC*d>kN?)^!pL`8E6!42d6l7*6mC5`=+P@?7_&(A%oD}k_2cPM*{2wKi;Zeygq~y>|nT7RfL&Q3U@5aAhzELUjmNa_O_ickzh1eRc*Pv zMY~Vi39O@PE!iIw$oHjAzQtDj;P8J=zN3Yoce3sMrCe}+SoQt(_wS@zx6!}ns$|W)9TA{7=rJG}Yw#7rCdknF}p#&8R&^n;G&QC|%?VH!rlOwXK)9 z!aepBJtBpRE~CHx)2?u{ds?&9o}&Lk;b5@R^EaIjD8A>H;k)8e2es$l9SR=bx4{~R z_+~D1h3C7cHJQbl7V+xrfSz!yQuY(NG7=Jbzx4S#%KTFLCgQm{zqFsoik(mUrQbVr zJiqjvzDC+Fy|zjX^-HNJq5Vd^%Lz?QH*Xv_^G)WwMvH)bbvN@kTu23oknT{gR`~B; zpTd0~&%Zody8|&_EdJ$M@h{K6Gx0Col{ll(-T$TJln<)YVFZ0$gO>g^)R>QBzv0OH{YHR`gr09 znAq-nS#e-D7?5byi^;|UvrFyk*qcCJU=Mu%bN$yi8vg7ZXt2!v7XF4l2S7k9V? zB3?~oicVxUU~79g0V%hSx&C+l${d$7$7`SV3+JN;GN96U?$55y{h7hhbWY2d5MJCL zR*vraDt0nXoH7RoqaP?u$SoL)zI9^gqcnp0+u;j+Rluq*g!9tT$vY!z_+r%jU%P{8 z?36Y9A%(@&!9!3X-R?1|cAH|G8q$|(LSeECpSQ!up<805>Edb4lw2m$i?qJlK7aBL z;3!Yf{m7K?&YVAaP7nOak>g(n4Tl}7@F%0oWr-I{4R9N^14spBZ$$c5UCcjD51W2n zF6LF=|9|0PhW6CUTd)`Ai`r362jCFv%|1FEXo{9euc28JUSK&gQZQ|3h)M(CH}Ps^ zN};nIDr9VkknK(<_(SAy?!z`3qsd7djX(u({E~4n{qXafMk+&R-YTczFKKTOJdxSY zuJVd0-t$R16{T(T#Ed~O#4j*pED7orpZi8Yo=<6#pwN=0Xz>g(0`d})uv|bAmTQQ9 z+AkzwUeIOcHAd4C7>&S7;N_Pb1H3f)AE_jHIv_x$c9QxX>jBW#F@1DMCLYVC@MYuO zs`T2#c2Z<>AL$;|mP3b_U#|}OFK&#IgWcp5R#tTAEkHDWbkFWw!H`ctcXPr#Pz&T_ zdcX2{(Fmi1nPZsd?Bd0MFA$_o=l3|BA$~!dUCArkyefIE#p^=%sv-Z9R4hQ{aTNe# z!-4vi%=u{QEa5XbjvPPUvv|a2>0LjOQ5WJaH?Ec1@ByOe4;Uu7kIC?=((+K!a-TKS z7#*c87k$D6Z5bu7Dj{llXuOsirR7Cz8GUqAf{)Za8LtDoI?A5H&n=;6pe)mb6E@47 zupsBwMt96Lt0 zjam?0zgY2jzU}dvy5*lE&;>1zS4Qt;&(^u)W@9+PU*P;P3^?scbtvQjDJO%kdvbO{ zY5536Lc>D#aap{0JU-uZo8q1FJy)P+p>0!CH-`TDxTZuBpvcHvB~Avb_DAmtMLs4= z;}mF60Qh31YvzHsLKs=io1W{RxX|Lvckiu}5WDJ-dIt*ThtXf>2`ETb+i-N%@p#cKPTvPi zFe4|HvJ$f)-?kxP#tq>NSXa(MW~`De%-EM^#%jfc8Bq@1L!^brVss|h0DMAb#P&%9 zem4j+1_qBc^)QV|)4#R@WzsZm2T<;{bU-?0c&DW4Q!=uMa~GczadNYk7D;a@V$`9D zDJ|7dkpL?4MVzV@pg6HWz5eG=lrSv6#I@55XS1B~dviVmf=xH1P4 zPY#%jP)PRle#B<#V}Wlm$7=1oOFKOheI2eIpi=5#L+w&D1QMwLAs8Cd#-qgF=$-Pp zUVl9funcAPz^$hxj2)fxG2UpV>tw0VgTZ@%`|xynNYU|Nemtsu=&(5vUL{7KlJ&rQ zYK)p?PU#WE0)nT1z0gM(Vf*0~PvPXMDm>1|ar>5BS=ODxNJVWlde^AXm;(+!N=0n} z?jqy7mNdrCnwsmpU|C9Ql0tfO15F_QX?l-=-lJV}IcFH_;tp7ZlIL!UPQ00+qezyTa+wK3Iei&j2r)A=+g;G#Ao z(tlYo%-}H^yGd6J;iPYhW-#LASNqUyYV&G~S7B$b0~iwe#ud8!X2gj5kJy=QHhNbEL)ksq*W=`F&LwTb5s3K6ar8bcNGmk1HTr!pE zDp4hsC>XESu9QS=rTMh}LyDr@29sdq8pAa3&>>}p@}YDYm%V4;1m zABrA6o=4q&7^_dG1_P3=U%IBUz7!1V=Qm|cUvP=c=72hrH)jE;)Wj!xvD!-1z|Kbj z3E|@*c7k(nJ*q+8i>6O@oIDCU)+E`Ot3zXys4-$3SHh_q4Q+?c%324D6Z?A*Y3s^v zr1PRnv!{NU0SHwzWdVqNenXj%X>u5Vpk6Bggg;jTuxB%X$1}TA88;ox?UrTW)lBvIo2S3+cd#*Vr~TAW3PS*?%1})PlPa9n z=PGyIO|-!nyooN3B*{kP#%KmR$l3Ju5~P{rLJ5C)+|!6@E=a?hvt3=xAoJ@dL|49D zXJOrkqM_WtaW2w*=5IX&pyMHYEr1Z6a}6$nTaqB~?Jxj;mS+3Ys60%`CA#>$2LsEDgE z@D&Gdm4TZOe|MOtoUGeOFme?c_=RK37`Pob%R9a=W8kxX?MWLlFja9m1Ahr%t1+^vAY1b&ex}4!)aWfwiJPV|oQVVlgC2 zrN(FzbVYv5ABotE>VAI_O`YH9khUMK4xdDyxvN39h2c-Yyp_6-d!tFXO4<7&a!kxY z-Qo7O;icGwSa+iaapgrQuKMuNr2kEDPedO!9aN2-8dVC0qhG;|c6^ayCs`D9gu4A` z06AGSK%N=^lY|-BO?90T1sfF^lsN7FUkSL36He&aSL-@NlE_;!&3SgDD!<*Gh;mbO z6dDAV>le8U3y1QdY zA>D2%W`#OrETJl8_Ji(K1H(hg@l-rTWB#V-KcK~6Jc_xl^++3nCa1blt5Y5X9*Lfr zf>3N3*uDg8uYqlhPExSF3bt=tu#E7IL^l#FkmVq_;4YUOc8M|kGD4)S;(Tl>W6gb zmRe)|&SuusITU$DI+mKwr<+L(t*Tg@P z64k_vhpNyn!X)}R+`i^7I75JYepwls5c0?Ku-SEfJh-1W=YxMub=|t_Qgm=*|9Pku zeZw{?I79^16VV*VAkVLw?3+uoqvPSgr8$59auF_p+l)g%j`L-ffJq_Ka6@qS;tlxt z&bol*xJy97lWv!^G<}b2nlq{ei#J4@2*}C&-ACdjCG+cMWQR=VFO{ky^M{3&WjvXG zVWVfa(8f$lFldTSL4%a}OMon}U>_6KZ^u@#94Ed^dkuYj#L?6Bu{P}EL)c&{N`hmG zT^Xh%qC(3$3^kR+P??e#f)6B0Vvz%^w&qnu+IgmB(!5%!iXLQp^bt1tlBuM2TaQZf z>T#vHNu;?5o-bDtD-*CQ3~XbxkAhvHU{{U{R+Yqs1Pk1&Dv6VR?nf<95?7;iN=d{b zwvKO(2TdK{c+U#d@0V?ox4qTcgD<3-Wm=Jvx-5H>UIitlWng=vjACJe9)gHB`O2`<=GEdmvIgp^Xwr4;do zv*@`QEkI(RE^n^!7_Pt=s=JwKH)IEhm@vZe%EP?SCqH&lUFRo(7(fCnF5#Fu1b291 zUAL5cgO&t3?t+)G^)-hILSf3q6)Bfhq|AuTTxzqYY^~YPE2nO&*-ut9Qmxse6__@Q zqnua`D(me|)?2fp+iLb>70rICB4trU%8d99ZCDY(S?Tc+`Mj3g79wx0Xk=PN%Fz`m zGh+I_NRDo()yyB}@;}7Ab92X*)e6%le^@G~_ftplO5OfMUK|0NNRVgLVuf^CEUDC0 zD{gVPpR3Uu*KN6*rxQ1^rzypMjGzot`O4Kam3lbfMlK+6#_Kk1?SXA(beZ8E!2Fd( zZe zLq_x=U`ToC?v!%;7(wTV)X<;qZb`=ntgfT&!FQ0DTh|X+JkkVI2S|%!P0RqqYheS+ zioZL7kV^my>DG7t4sdH^zn#@u&*l&>;fE)*8?v+$#U~Jqru5fY!XNxd7XKIH4_+>y*V2erB+L zxoh-Q9PC!Ieo-(ZRs!sM=m&s7*d!c(h2kAWliGm*12W+?&+HFKS(rN%UHkxcM;)xC zDVR~eEETW)obS#|+@kV%?tCK&@=IFbFxo6Liu!SGo~+6&enAd!)U*cO{NMcrvl1|X zv)S=+X-hzHrlIE2MX(vIu!9tAs~!d1l41jSPQn>i)`RKTq7S{|1jsQdOae8eXs<(@ zDA6Yp-_y|Fl8slUY^wP4;8aUb#s8giZ#?)JrP^q;5)X2&>q3`uIh-LGTA7DfF#HZT zh)aG7?r_2IGo+3-2$mVa$iOtuWprCiwFRFH&ctf+- z_gwFDVLLaEvIRJjDSD3hkW#wugc~Yl$bC}BHHz_Yu0MSgW13;yVeF3r>9bh%u1m)Y zgvG-HyTC9+`~H~1jTUF%9#)Io`cdKz6F0P+=!r;RT*0wAMA09p1=KqmAB3#Hn?{t8 zEL#sIeN-RP=d&PZboZT9X0|qTg=ia`==>YZu8hq2Oi}%Cs*(xnqEAkO)^*UKMO1G` zcQEF0#E1@Xr3zBYl*U-}^>2hC-8rSaD*Qy{8(Hfgi>|mmRbH&F?3J|rjzID<-1Gse zI4yCnv<$gE$svC`Qyc?mCu|}ebmDF0n4lACEYlG-QBO-_ZeC;41)w z-4uB%Yv=a;cvDVg{n#eWHs0(=c;9zstNg5*QI`d?rNYuzVT!!VO%;Mo_?So>GxNC*WJ;r0(D+rx0I`R)Hj7ks7Z)@ng)(kIl`@mqN4SP!5cGt%UCNB(iUn7#mc~yow zaW!D$KcW&h?Z+9r+?${YA4Mb*0ts-KM0dg{&`IhAv3d0usu6@c2~co&thvXYX0Lh7 zrQw!soCbIVSHa}E?M6i_He&;)J$D_~0d1ZHDI*=GB6^ z>?Ffe9_xLK31+XIY)^B#4w%d<9cpo-Lp?gOvvmXjwIdJyh&mNG{orrF74}!neH*rJ zc?}vZg2_m{^7eHc^fWuze7G=a$~=zW~v zkHrzr&tZ$ro+yq1;}kZ!K}H+0l^<-1zI~}2nXxTb8oVoOE!Tf@&`h*H#1w2bCWItu zLAjB^nmazsC;B_dUaP^(MC3D>ya7?oH573BCLZM!=SfoaMGo){~k{%@wTOo3&k`BqwmZ zDO4%6jAyLac)r*KJ_A!@2N@nQG&kuiMNV)95p9f!OQ@wGO;NPsBUmg&M&PVJb z8vMi3HFc+aoAr#yU;aGAN5JxQoY4!2?^P=mU}=?#X*);S8oRgm z-sa#(DmTUx)lCPUFFyPNd{6n!iU2^z)W=w+FdZbBm1JqBK3F@?r-5O6+~=v0M}rq% z(E&SETauCJ>8cT^TIglV+R!x|pgkc-wJQspuXaEAoX{fpAJDAR74(SFpX2(ju#r(< zJq{j<`LFJNUqaIH$;1_M?&zP&FvndYGIt?xeq zjp!qsr*gv9lxS$>56g{b3VR4S69^3lZcf%e8tS9aZf!uLebO4)$sKO+MiT77y91;J zoKU5SussHl8%r?tSnw<8$nf(3ZUuqsOtfG<{&#^jX4#zr2SLI!|HJFiC^-M4(5hAl zF2zfbTD<8(aE7!+9BB6WVDi0EN6R^TyFb#yh+VHfm}Ac`I(@bs<@Gv86PBca^K8PO2mn%aw5S6r|!E9rNlznkH2QO!WxT#v7 zZD@sz{13>=w&+)|Ra;{;nqYo>+gcX=Ea{IO6U{C z4J(r9iJG{Kb3!&6mldq7kt>JGPKpa`DepY>cz+j;?Xv4WMkG|T?O@E`ZN(hO4R!R z&FpXZu_f*&Dp7f4gvO=m3hY>~BQqz?x3wJuA(mipuB64G#}bUsl}vXC%C3*hXM%pS zG%^8GJvRKW6Q61t8qy|dXh@r+p&>22{TS>GkXFcPNGs$t)X0;Dc#T(%4`JtXTpQxPA=vF$Udp^VfUIF=-w<>V7#$DpA;K79 zwT=ahF4+Aw6D&it_Yg4`j2G-5O$WA6N^0XY+4Hy1pDWt|CwdIP;v&(am9HBi4)`vw zb7nNq#{(KG*f{vcSx_7z9wEl&Dv(x!Lzo05r-Lya*O?<2+I+ zfc+l7N>k3OVo&A;ug*aqHDMiRLC|R)484WZ?yowgb`g0 zZ$x=wmj&gQG)mwS>p^!@dW9xep(VXSi>r`LuaI>W>eDOe8|=iPA-#g`^soX)nKFv$ zu8X$x3T>=l3DYxrK$;z2w@`u4Lm$>&>=652bqW)_O=6#B1ii z{(|ehuvWuM*(pAUhlgUN|5ASF$NxnCM5qa%1hZ!Q2O}TEneHNgv;55?+?YoM=U6e8 z`4tD%Z{B&mHReg5lzIHx&VZB~X(J%85Y;PADewz>b6&}>`h6XE$>~6|#kb>cOoXY6 zmY$up*#byT0*XG8edv1yEWHk(3H^`wnQY;MjXO|;!*`6HUA?zdgKk}f(D^$6C}JvA z1kZp|(6}PFNCeQHv>9DUdp;<(KGy#*&YAajJ%-a>3wEdvmw?ey;jbht$FvInia2}$ zcR!AM^v@=^dneZ)u49t3=TCxjB&i2QW23qYW$3lHw0ZTwj!EfwO1xvG&Jmfu0rg%q zeL$v<`}XKl(?@0c=K1NvGkxaNnwDolUB7%!d|BF0zbDg|_0#)cW6V!a&Ga?->3uVO z4SxF6jQjMF%;xEtzA>F>?f8Rpv)x#T(lpLq^$|yW72lf1kyH&g*1uI4a|$ssmZM|=}6($m~^CYYn?AG;MOt2 z0wOKo){377w~qK}aBIm=gIfpvG`MxZPlH>R_-SzKJU_j6LOP&bI{b2Ik2XIIZISiU z&=xIz8rq`CPeWTY`00KBEz(iK-d-dfcls%Q_ei-t#x#(QJBwX+ZZx~&RCTdyXrrr# zy^xMtyni7mkYu*~nHMozHScE)m(zBAMJb4dGTWHs@(z@xu4I3ss3umjAr;>W@)_^j z7zM?ZlBmeZ^u^|WTW@LW>J^M0RkFilV;y1*pM%SBlhzK?KA`G<>Q!`L2W4;(dtyKIp)XIpThFU54X{eP!KMl1q z;HRNhmiTF?m3e*|YM|3k!)WO6(@;BYei~{g>!)F~wD@VLp(Z~KHPqmz_xZP|ncIrF z+afhH=%;4i0-mboC8(J}e12`C^+qvwOR?*gjjkSkl8dmR6xKkxggll~OCDa>rkWpb zW1f)*6)*s>K~Py(>Fhpbg$|FFfukt_roa9D!yA>S%?eQTq2LNPZ`>>AkU>Z(FOND2haXhw~GZsloG^|Jnh zt*YgzlX;OmRS)7Q0bb0u8QtMnf6fFw9i7tCmhql8LMFpSuvo&Z)n6Jn+ZV}N3gf{o zs|R=u^EPIH(~|?7$j3iBr6*k1^m|f5rO5UYr)I(X(4jHehmYLpm#3HqG2H<3Am+uu zJZSOT!#s$2F)$Ar{BoEFG4lfE!I*NC;t%tn;-_IAjQDAo2PHoZSswJ$ko5sSeN@7{ zfO#;_FNf@R`f131ho6Rd(B`M%rDXjy%##*B4fCYQPoJ7FFHZlrm=|9y=Dr%~hNXUL z_O;-?YO#WOv9#E=bfbm6n7g*vb?ru1S05h(S98FwThtPaZ%-sdS5e*)mhbyj25Vd1 zynIEcCc7y@v};OF71-pSxc*-u(wk8Ke-NT2#oUreh_3civlrA7qN|HtS8udb6mtuT zT?;n4dL%?xaH^NnGpJV*g0h?H8Yd`t^XM^zmC4ewIT#`ijD*|6@jhCDD!ec@4;8S9 z@9*cqY{xzw_wxW{J~jp5JTKPG!(}!`|0rJFb20ier4wi!J{-;?+vrfYO>sN0b*)7G zUyz7Dx5Fz4|0y&V@$dDa(F@QsWC6BZbtxSeZ1q}>JCNn?w~p)i4s0}@{Ci;L_7?i~ z65M!Bi%0CwyifNS5G?q5jys$&%Jjw$XefNrLN_@4GYIuth~5C1BpwooVGWlX zE#XopuKYZuQ4p`5BStm4;N`TSNV^Ci81rf{^3foZxy=;a`jfnGM- zC=9|IeKY`4`ND#<8>6d<75xEWuqP@^s!G%`;9c7@8 zee&K{4p@+TBqEd@)3vxK{m8=HBkrDb6(#urDW%qgUH+KI*UT6y_x>AZiOYrs$f+_h z9XpnX6Dxe3+(mzQVeaANP;gE`m}1o2C3S9{lJvVe>#mm10eiYRAqQaocGL{ug7faZ zt2WQ$Mr)tp6J5km$viKCv}xt})9{utx7lCZ6#a*uv&LGGc< zm7*k^Hw~d~B__CzbwGyP^3cNELyp7(>rR8OTrN|h=DC+BFesAvk%ODSA3Li1F$_(cxQ3Up1kV9@H z*7?n%-2I}un-5MBak<|fQV@CFoWvsm?q8U@AAlC-9!Nu(lM#g67w3%WeY;~KBrD9d z3P+VB714yEg}Zxp=pqo&$qR0woBJbr-%LQD1$>D_n3!L71_adV-c0VRNbcPx*GN43 zP&n|f46!wRSmqk+OB)Dy7`kNvucC}Vbzb6SGdT86KYd>2nzwrC;4H+|UCYD05;}a- z{PZ!IYmDv?1cDiUOH_2KuAGLu(I^i0Jrwi^Xtb&_83KlqDZOC}_73ehKJWLAalG44 zV;n}cB|)4usqABBI9EHym=5%zU`)HEBQhfn1(mADhv%JogU$7!wGlJu5qa8(vlfX& zSzc^_Dzgh5W{GY2Z1%cvSk=M^R3n;^p~mq$juSK4*!hy|g7F2pe`JPp|L7eDGmzIc zf!%1nv!DskDJnTHvzU{uB^diIE`fm?djkCCo+87a2wA-5&UdysdoJamMrLzCcubxn zfgOOYOclv@+=0WI7)AIeN+5;w#+AJCwz{`xb@B~YK2wHW;oi~?^4yU*IXR~XZwdiK z-00iOO6TIWo^&pdPE;W6Tkez@K9YiEX|{H-PYx@`=9z0gs7O|Duw!*_3{M$z5z;afAi#07*4rCqqgQEWOc{U@~Ny zqy(XqURPqLR!T6nA9W>&pztg03L4>)54i+lC+~9!1WtHNO{*bl((DolnY_&<5HESN zOCVS>$t4gec}dBHH&42r3NF7B^GRYBek<9y2HRRP2LVcY8f6-LTQxqJuh`t4TiH84 zC36iWToR=gISwGL^hgX_@kq>WuF8zwVCx#SWFVEy{{(0eQ#Gy1p;0F>xotp=6ufUR zD>{!v!s$y||5Tj0J7Yb3as&zR6!)I+0LCHm-^Y#viYfx-gR zH5Lrvbvt=4?J=;qTID^X!Tb2!n&s0xz^MVMt6Xe-+y{lI833j#9@*NNXH(n-Il@ZZ zI=vBPay}LB1waE}Ot7SoF?_&XA7-z0!DBAlxl@!g zszE)SINzbu-GGl;S$s~L5TB1*d=ByPIl|&ITyO5o2D4rF2F;l+BL$x((0OTuPg8z4 zXYt|pxG=mL^m$UAzyp20{Y#HNH;euxIUGLs40}|ewDIi#-LBK~P!DXNM10x}a3{}3Nfv(q&jIzmb3P`NmU3b^VFm*J1cda4vX zo*ee5S)U)i^At0%r+H7RCQ>iT^Ls#Q#m_yYN-|tS&B{+LW&GX^i)GQVM~!TL`1?OF z9nYPx<4bMFGyIN^wH-%b&T`!weA-+_93KqgZ;z71^lqGP7n{tU_oaQL@uM|Hk0#$a zFkh8{D(CvCCYQXE5Grc9@p;oRt#CO26T-F_hM)` z{BAx>{T#|wyUXVg`=tJRSzjL=YClW>0JWR*tRVzT^i}}A zM9;35@WxOUb;-!3phWg2q_Y7jI6*NR0>~kY*>QrI8EIixHO?^ZZYYI(BwH09MY>RGNCR|a z9&`0U%UuB1pwR$_j+O6l((=@6B0`uZ+QW2=fJeTGb$NsdNxVF61(&!{4a#)HoAc6u zYu!-V4Lqd>&T^s$p zq6c)KjBiIy@4Kgc7p2DoGTg9y9 zh*?d`mh{<*^JzFoZIAzCp(7bM7#p0x)?$l|?4`&`Vt`j{#>)=eO0@GuSoGP2POxKw zRr|me0te55bvdcbg;%wZSFuEcCs_@ z914OG<{2>i@Oaew(?HWoAW*=etvQUdPOcZndpNyxTM2H$U%tbAIy2Gs011QNu`qXs z3r^xVBccSO@YLWIg*R(3G0_ZcFUu6;J+7{7hmB?y?TbvIn_~Ic!X4^`2qp<%R8DFD z{9|F6vD&@)4;rzR5W?FZvs1oIi^1_`$}x4Z>>ZYZj7c@Kvo^6Kfv}V zAkpJmN6kaMzOcn*yzjN}qrIV2-#HnaU>LvwTyw(n(0s+7q2MDAstPm<`4s683;7G6 z2l7fl-sF{n-)i1als6RI$2{6fy{l{bznw0g1g1v^Ak|~~Gr}Jju_g06#NRc!uS!ya zPxi2-i#Nrb*}1e0-n~YK09uRH602~m+6dYj@sg>4O!GplnTrsgc6Y#pi+;W(cw2;n z@vGKv(PrZETf*|&0{FaT+aMqi3)fIn6aag>RL9d~R|85gfcKNIw!|!!PojXtlBN+h zm=b)d^C?g=jtxFO}&~sZ|gU*rKctv5EJm- zt2c=mS_$WBB?<^sT7e--!D#su_X=0O1)Kn-HNCOiN0%c^piLi#<=>E5Ku6 z8tGYvX~n~G7@UgkcBAOb!tQ0FPl^hn z@uIQxEiI>$bPsP$j_LzIALPKo`>+J)M2H%FOa&i1aeJZE7C^pb>*78wb=}~0*JjXM zs5WRAs<68@L)vWoZf7z;1aABehK4<~1wc*nI-;_(eaK5s1Z~JSC`wBHkz7{2eOs#2 zlCA->(R7D~151ZJx*&Ih+ixU!P*G{d4YL~-=59zRc#K0d@V8XKyC&Ej0PN#h@F6n5 z-gZ0eSnB(N5zpN`VAyFFm<-V6y4h+lva1qCNmi9u*kZS)K-NaX55-6Cmazh77Y!z5 z7RP5|v^T_!#N71>36fbRflh${WL0qIdbsRN1( zP*qb<`dbI?t=oSiat;tt1?5M=ACdPIYZF8pzz%37bLFYR2>9^o;^SpBxn)+r%+T}z zWKFi13oSa_0cdk5oqH$YCLO-rke@RWd}|N696x}8_J*5*e;7RuRao&pKkLt#{b11J zS0kHAHNy(p*ydt%LIEhX0Z*wN!E-TUEL#7%XMi8x{wij}=tFwh#I!ECy06FkLdc7) z?tf&Sb~TRQajf#4a`>l@5NtdoE9-m8UeWbBSGxK_3>ohL7^IDQQqN5?^n8Iqa?EI* zF^q34_~o#S3O2?##-ZLBo;moSAcyjAe^s==c=%4~59e=&yKKz#FkO^KF|tuK{s8H>bUJ7gA%Y(9vjdHxhUazyU2%p$YOjzOV~ESy}=Gby*{9+7JZ zv^X?@&7OC-M6}t1YS`=%$p4LEBlUKfxL))gvHqIn^iLvKgn2Y3O`qNS9MQ2tjThb zA$zkjUF4L?bdgzMO}5FaOrI{LGMz@Ptn#Xmv+0$yu5#9cyn&}6qE9Ol=Z1913=$|B z4IX3?E(K=>Gqmz_uX0;@;eQqFJ#HR2eJ(s>r18K z7CNzkxZ*gvO?84pC&;Y}DGk64T0~FUkxK>G%P_OkfDM@j0_>s0Iq}fNCWU0 zc8mX|TY<921W+zV_$Cd?fmKjIO+AtUG1~<~Wk-v7DbY)tu!PwGTUdon3 zeoO4LlO>6yi~`zsU%wm*I93iFyscjz-CfZ3*mhs%GZ1#(*ZOIAY&6?lf7pz_(@$g9 z{T4qxEmPn^qV-8tbZAy{bjS?!I5SoQLyFhHS&rRfH83dhRRk1gI?jtSu#CogK?Zu+ z!QsVod+}b7fnNR^gMnT=JW%5p_jZEPD!Lu6Y20fVbP#X`1NR~Z{B(3}Q|m|9HZ_ey z3Y~s^+?(j|)BC!66uJP&y(59utXf#W&{@I<9kq|%vwC5Ta?(qU4`c+eL7KFsW!=2}Xh`$=YO0Q<`k z%%>LSo^tN5kuW!i@ZIW#j6uQY6d?F4#Y6#{>623+>vWEaCsp&sDYR(s4Su(Tb{+#o zn3Q@HkviDStdFe?c*V$`hmYou^@?arh-RW-wl8&qGfTr&CIi&x(tygMyDPzOVAQ!7 zmafbABI#@4nX)thA2Fi}EFpSpvdtK=*o#<+E5X(9&eNJVN%Q15!YK+>83uTI0$mB_ z$#QBw&)}i*82HC7Bib^J6?K`=@-$ZT%cEsP>qpCorlVy<)6p`b>1Y|zbhM0UI$B1M zjxQr7BU(mG28LvrOPfT?h^c`=nPtReM9T;>pz)(+#AHOvh{=fe5?e-04fNvS5nD!3 z1It9TjA%MqMl>BQBbttu5lu(Sh^C`uMAOkSqUmTE(R8$oXgXR(G#xD?nvRwcO~;p! zN^pG*4n6}M|Ld_l~nZxuZ zDybg*v|p)~9zEVw@>J%L@l2e1hjQI3o_VHZZXeIQOfp~h$!h0u42utoRRf8W)sB&B+q-H) zzTI^EW?3{#-&DyA;+cC&<}c!z&63G)k*netn0rg+_u`rFl+0`6nYsvG9?#rYYF-e} zJVG+{xDrF7O@Y3>Qz%)KOYpLp}bC3B~EW>zwJlGQ^Vw}!wv>)g~xM@LEKSU{-J0g3|13k)#hD~ioA$P zidiEne1qpJ)z1BeHs*?*;_B1RRabwkn9cWA!1l0Ni~*NwlpMdnGfMDD`h66BT3z|5 z+td7Pmo;MW8G9Nty>fOX#pKpNLK>{#iL3m6+a|DvBL6tDhpP4EbDO9y?{R7hlTb@v z4)~R7>C4Z$O2W!&Vwx9=EIX;bOlVfsmkG_P`ZCh2$|Cyk*bro?ioSv8is zv6}VoSNIw(yFtx*6;Et9&6+h)iH$HPQ~Z73Uo_o}c8rTNE)8Kmqwij9m4HZow3 z;Cr(mLE1og04BVH&abYwKT;T6|yNv5^b#$UL7-S~kcg9ddrf zL=o~WcB>##@FC-CVXghwC6d~WCFwS zRKHR!!|~m&l4m&X7SB|}(d>>`BS#I#zZ;1(zM2}2&$!J0K*KTTkekqOG|vfQw5(Rs zaQr(2hZ@O@Uk%4+;+bkVJ`~SX!_n*_+U9CFeluQE4abCMsfJ_1vsA+|;aRHTnD8vs za7=iXYB(l5OEny0OZDN^!Rk%-Cb>1KgaeNtP$o;9YFN((O4%vrYNtEp8*2l-c!@9K zO&eU?dRO`)-c-XNFgI>w`#2@MwgGzxezhJ)!_-))Xnkt|fDxY3qi;4TRiSUvB^^Uo- z#^MW8s!IJ;X7MMS&I35edqVFbc8N-}{7R`R6_pZxBYg2+;W&hADS8$v6`2XY5h@j# z3BM646`7IW2<-l&VwV{3yEj6mqFN?aEnTIeTHvPJ`r^OL^d+<>R4OtP+7l`jnF;L) zm5R)S_Jm4BW!s^XjBZ!;yZ>W1GP;!*d1pIzp28j;9Bs8hK?@+F*B9{;_A6XB18)c7+IK_5${9} z5!ufnY9|L~3jahWyGLlCSD;~g#bTt77(L=@K$RY}!A=fN8Oeq_IXBTsoH~cN*R&$) zcrdZGbVv%~{tQy~MD!E?h|@`i@Hh0M_mr{=P||}JtNy|do;k*W_>$8>53G(cZH1E; zA9O31E{w5qoV?iIFOL|{3fW?F*;doo?lvzWX&Otvc?n6=XJ-1Ibjt+#!*=(>e)>OX zySr-DGn|Hjkm0d8XwFrc3@mu@8aOreS7j3&JGQ%@@zdDu{<)vVcK6+W8r$7J^3&Mv zzR6ExyZZ}%8r$7h_-Sl+|F@sUcK6wS8r$6`_-Sl+zt2x&yZazNjS$}MNXxc}4cj2C z7g_A7A-+poWst>K3M|L>upCQ*Zn1K(+;)C>3d_CVvkX}7X+I5?d(=;Zd%eC}rzDE2Pj>$0XLwtF>fcI6>V!WFiGCQ&cp#Sxd**7onExZi}i{FJC zr;(kv=^-=!dwTQN4PvgnBZWK;C$?K`Hx{I?3(dk4;OUZ#^M0k|C6yzTuqm$2OzvhAYfAjcRP_C%qnIZWJ@5wd|rhTqTlCRh40%=Wg_6aUbY{z@St&bNAU6# zzmK^DhWs`FMmhg(YY1*qbtw%5iDKv6;B__>3jk2Y_O?)P6fke0%ng>V=jBkuu)hQ( z?k#kzTfZJ2`d$1r(A$O=U_zDyy*j+vO1i{HHEYo#)?V=nYUG!H*A32%tP3rPhask* zv?eZvb?6RO&oyDaF$iHj`^^_SoAZli z4=kst6pY^eI#eOJqPJ%$)Bvx8vBUiEpG+6QdAKfO;W7*+xMwF@WJBuvEVDiSLO9r)?RN@$iq*`2-F2i8oN7-2mQ2mmi~Tn;U$2w=L_! zZ)^zC(-cS9H1XAoho(Yv=mvvm5WYVJtOO2rN2i+v?krUYOY@6b2jp$zCIt;a!A(DY ztiBIhfS{+1fAlO}KN6bLjCNX=n5pQ`_4W4jK_^BhnuI7z1h*@jQg9QtP&p+K@J54b z{@Ima3k`%LGusH(z;EjqA`XXbzMyb2CfA+J!k5n`Ph#vyvKPv~j2-FA7gp&4;BBv2 zk^p<2+dv+oWUl>ma_o0WF|}AVV107c5;8=V?^sN{)^Qb8;5n8*gR9<;uwJ@7j@2+ zF|L1mY>Zlm^bp-}tS7D=9in*8e$yFE>S~LUYHaR)7ct4_otBXL(zvB;AQaum6_%?jv(+1IJ zfA{M8@Ew4yFQG*>c6!d#ScMuSlUtNp@kjtxq%(9A2I_V4J?%!L6Lh-;y?~&nYc0g) zx|?C6p6yW8_Z~>x=HR_}L!*BcU$9xVHQb>^jHq&~9-c=K*k=S7@`bfKn}cbB8!NhZ z7Pm*15<_2SXAkwk+Viyse22MK4^KRg9(Ih-<&9HyNL`2Z!ELN`j>Uhn<~2 zfQ=NlY@-Zfdu1CAqEXa$-vNHk^v&#pcRu2cI;{5q_mp8ZVpzMg=pZn^>12nC~q;7 zlOlPdeF|WIg9#QKvl_ORMJ7M2GghWdcI!HLw38+Gp5|Y`U}j^P13Yg9o5A3FocWOk zINIi~M83Y}jgO^x_HXaHhLxRYxPAwD{6Y)@@j0823EjRXKRoF()WCo(9)o@3)5!N2 zj+U`~uzy7;i@=4s0H1z;dj7g4s1192Tt0cS#yweCK{kDzQTf%+*P9J9=nC;|FiC`s z)_h(yH=guum=W`BP?;C#c@qt7MxcsEBHv~t=Gz#!70GV#kJAr?BPN~RQV(P!UVp`ce6zA8$Mg?7fMdZWs+>kOu~D1eo9Xt2ujgp=P@CTl8N+J$Y!L z9r{*vkTq;c|4Z7<)p}h&QYtjFf^E_>j#Pqsyzeu#S!b<(_H*Eu5gCTgRfZ!HvuNH@ z{)su4tN3@~Q((bt8%)%^4*M1BB)PLQ(4J69*LF2Ba+EcbTJAmqDevcLirsk zP}@`wO!tgJCutD%v5AR;)M%QF{h1g>J6#t|;q~> zb}6_h0ergF7vM#_NAvojK4`XKQAzu)#0u*@DaN2ZmBd%!eEr8bjIv6P`{oBe)Z+Lm z`IN5mnbAvQMlS&mx>4k}68}u6d#K8(ojq<8MtL{MEZ6NbvVX9 z0_O&uww8;huY+nDMUdFHfJp*R8B~91vM+_(mXouNwYpoA*Z)RnjaXIB{nEh zlq(|8K{1c-mLMTNw9sktevqi?Tgc|jL>ZL=IIHz4F1H?RWvL>9+{gw}19tXvCtBgu zLK!m)Reje6-mJh+iUDs9J>bp3RWac1*u2!cwR0=Z|z zD%pb{_oijUpOz7s7KT@;gz}9By^WfpH^0kH(Ma_a%{akMkrr<16y17|4?HnN&mHdr z-|!Tz<_aXiHX_3*0wrZOy(t0>+!Udj7;tV*Le8>iI7?*w;t?Qze5UIBa)a6%UE?Cj z$Fg%V7Oea>NqIlEBdq+YF=>ng*dx|BP-D-Ct@%#unBx;Da&ec%C`XXg9DiuSUo}?o zoAJhfSg(9HW=P<9p8(z25PX=?50U@A&jJ(%%Bo}u4e#}UnYo&D)(5AyP0{_IgvEr? zOX|g>V$~#7W!TSEzwb(Bi!Bh_kE-9+{pe=!;D%_aLek<~e zxwY2$S}ODWSDlij7}PyWH6WtfEPG2q&zP|T=NjXUoDlq&+QFJ&e5Ewx7Ag9K@zj@S z_$9yLrGCSOYKm%6n$iSgt*p)XV+{v<~OYOdu(LG1b$7=Xvjzg_Uo6u zf&F1J=Njy}sB18&+$_f8G7NGV23arE!Ml(0{03Ebwhe!mP)u7g$Ko})0sN5RsqC|8 zrEaR!&PGx>0NxllaD8y&i*Io2q6Fgx|D#razRkcpLEs=>Is74mZt(RNM68HRBC@`W z-bBw}b-^GCEDhfzgL9Z&YY{DGvp}{DjpzGW9G-4^R$zY(2HS0h-rZLd>^GOoz1?|? z{(aiA45GB7(hvqy#s*?Lvg>4E>?8qE$baDufXeR}TmkFC$eKJBtet*!QmoSf(~Wf6 z_c2LnNS9k!E9B_!@=M+HVn@sEU!DEzzeKzdxVwhLJ4v@rAt;Flky#hs$Q8E}e?@Lh z8Li5oP&A(|*6_$*{w0*&LzF-|8=YA4h^*0NyfLTi01k4$_I|t0mCd>Ze7J5EI)Eiw zgTEX;NBwj7M7pu;aog8rjc6SdPUz2fpsy0RzCvE2EgwAn_c!p0C%Eo3iwQie4Nl_? zPaA$Yf$&u_Q-s0t{4R=x@?(F#UB6me?$77Zb_|_=KsukupHbx@1`cUR`5Zw*(X%iE zB(RA5CV4PcdA&P}k&Xn{yhP^Z=~Qi4Zqn@PsOO4TliIHt-5J6Bq6F+e(N_!Af?rbnat3w4ghgW_+X6xpuG zLGrh=EjUk2M_4mr5+xQ=)G=qIS)l{8OR3Ny%PK3(jfl%$<_7ua!NU=gxyXqZFEREK zql5$RrzS>R;PZcmZcT((to`KGAN+u+KYtraW4gaYduuEq*qATb^=Lw8T;@GNdYLa> zTNb1>oVy_Y8TPGhec6-Uq&hSyZBMa8s3-U<~5j*%AEaMwWBp z-Ofs*G?926>of#+xH{jkU|&L3$kPtm)^)d5ssgq$YE^e1bD&&z-?LeYQbUlp8N=VV z-4&1(exSO$i==Ap?q2_D)#whl&~0~5xH@kMtrW$~I}Glm^rm)R_>WAMtm{vBSkQBn3aX(JeO^j1Sm#uBIf zNn|y~ioX5aV*Ml7*sAE251#_N$wy?pEk?J2Sh+!2E!se=2#;>AJX#@-j(R-mHW0sy zhT*u(u8^#`no*mBg9LhvQ7^VxN{;&A%>?vA3n;N`2VUkj9(L{CW(j6Ut8F_gd;~SNo3^2m9GU{O0YKm3M&kCm_Kl4MdtLF7Oy2mB;1E&jNWRZ}Qru%jKdgQI zANYbizDw+}l-mGX^cBNW(FT}qN=x*e5fkv#c+Cy452AV62H3lq@2EcPHo)G_?s`|Z z)bK|cFG$zVdiau-^lWI-(g|is+`rB)iK+fA;pxf5@!&;%`!BJ2M(_LR`pHm9WEfAd ze%{Wni39oLc_5XWtwrkZ2A~$4qW( zQ^o1Q{fuRZp(Fu}6w{@iri*h2Jo99x+dq==8$}dz(9hMLKt}{6A0dCc@Ll}5?jvnQ zK~OaS<#l@S6(VTQfz^ky^l}yFWm8$;v7q~;h!$@Ok{jCpTPL>H!wS3eO>S+qTL&WWTl{FSI3e(Y5DEJk=8wD#|g>(E0SF!?!Fp&$r zjF0^rTLN*7DVeLXI^3m{sm9;(=w8U@MZ;704?X^{jsMW%50BwLGx!e)8WeZD>M&$Uufy zARf*vUhD&@SIC*^%yv|}PdMENHfyzz%69{zxaWX17-;7~*{;6m-DkeQ|^T*I`Kg`q^ z+;+H+NxPZo9!_D2Hn#q@0Uf6Eo$%vJ!H1qz4}TF9Av+o~{ErR1*2;>%(au?Zk(p{7 zk+#S3^(Yp0OILD^tXk2ll7u=fTY~g>$64u0eWbTJCig5g2%D*%dfA-WPg6Ga6%cxVEMh|!4H_@BS#)-KKyimbOd6kLrYbo zwCSGfRezJI-nW~U4}x~>QcrwA2?`EUMC?2Js34LxAg?J7)Gf$;In#H(HXcaeG6=5d zU&YrjQSD2a!r@Y_wZx{E%thXH?!|5n!^f)&O-V0a__=Oj?mDzznEMhsTbTQ@yIVcY zb}P|1HL%SIGoX^qV{Qh*lXNR!025@!h%)hW$&`68DEiI~@NXMHsZ9iQXmw0$V93;r zU#=8QkbV<7Aw(*cCiCk;Ct6S)Iw3044Jx)F^319^fAu`{OPeZd&p*(E?ThYasmf*YaZ_&T$yToH&$Ft=GV-;G{e%`YO_!U5DfMxhc-8-njo(6qrd zWe_jXbZ&6*1Wo6uS{Xw`hQN@g<+{S%-T1#`jAwo(;YLE$J7wCTr?!d zGvn~glb5UsRN#i{(JOT;x`tqb$ifZbUgc;i-mB{282ayBK{VE)>i2Uk6%CX9QzzK=o2^ zdn~Vm>TgXp4+wg36JK@hZi8{uj+FZbD?Y%55AJ1=rL^^yAg-@+g%ZCo z*zyg=OlmfB?ip-b;eAUx;h=`B{G;JzSo!4xfv@TElttV)CH_8kdJf%VGM@ewDVH99 zZ;*JN2C?Rt`j2w&v_}0V(ktO2Ob~B4Mtv@2-xq-lrj_yfZsK*=ZNemh@eDu?#OvEg z9rX^7f}PD2f57li#aoPl>#R=>)0_Fd-BiVm0$r+g24@^#d5u;_r>RD@>s4zA4vkf7 zFx9ApylQiUhFG<^rW%!*SFJq=_xC$(M>TYAOr75N2aMc&k)Gpnm^nRu^eqXIGPwDW zb=|&jC8mcnCN#mCbD+(L;=v!6ETIiYGgT>Xo6HT~K-@rJM8W+dEEEOX5d2!|aBHE> znqk;lfEm`LIum@1tp#g_0mC=j)9GVq8SW^xi1|;xuU>dC%KXUgAf_*{YV)i6UQw@cmDp=sa8E9Jnq=Z=JIK&!l ze_!qc!p6h}9(&mQ%bEW!SARd7e?IdQ=p14SiO!)09f%OQ*|AB)NYenpBSm{~j?IYn zIwmnI!QgRyR69P(5RwPKJ~*eB9g=gWV{uaXA``jD?-x-a)L=C8UBLRY($I=UOYm9o zkEr$h{R`E1wei_m@qw~oytZ?$QHhuRL53*6`cTE$8xcGkuie9)DXWeL_O5HQ>kTe= zRcr(ht5<-*#^RUqs7G&4C7J&fij|rRLL6PhV@*FTk_Y9Z3kICho)W+a|JtKY)J-wl zhPAWNIhrAu3$#{dk6_@?xBcQxQkmurxF!$*Gl!tk`Ig<S9T|`b~{!^ZW$?1P%X(3kAY4SM6;zY&nmkl6qdi#HvSvkNTxBF!ZRiDIN{pA1kg0 zz!C;o!AzHf;YZDpiG$D|%#8|-ond*BVZ|5i@TUBn!iy6%g1i*z%cu*4_juBI5<8Yt$(4Z z|BXM^uFv&tEWrlgyjuJFJ3Z)e&@DOtRKEeP%c z9Ot*f1q51nm@#hka}xPC+tEt!+BF2*#oDDF5lAfbHvVt@)7tvx9_g2g?5CE^esmeg z>DG6A-(J#!8i!=!qiC_lwwM=dfwP}0qb3~9RM&~yFm8=EX$Y=HhJ0>Sx*i^}u%{*~ z&aoN8PuMzj%t{!HG5)GO{mmi)4GYhzwcV75ph*Xp;!kMLogct3M0=Kn(faeZ0;yFb8k+Yx8DM}8;Fv^&;hP1ywc}ks{;sn`fPwJxvj@A5j55Mn5w8U{q zea6vL6z`WUX?C-as-7}P0L{T^coswKd>n&sqSiIKdL-EXK@G9R%~N1Sd-DXk*BX*;K0xt+rR1ZYA-3@PAf^TW4qZ9r{ntNLSl7m&9x z4SDysI@Hm?@!2~|1gm78;d*go-rr^MeGnpmqGD%b-n}2Q^mB|z$-5k(nNikiFnM?o zMxN~GH}As8baPH&omDfSVF(2wPc}$$VP#s z;ZPH^@|lB21_Z(AAHys95LF4~Rp(#g>uc(T$GBhfkPOucOl)1f)t2d2+$h8kD976` zk~(scpcH)hv$2q8o0ee#=_)hS$rUenQ9KwZ@=cB%hPvw|aY*n{YXGO$#N4uX~RXxxb74Arc_ zKn+^{T1H0z>%R36lr)hcfMZ~Gy^HfdFaM_CJ4l_HVqY%R{3;$d-^;+%&YMT44q?5pPhlgN)jOQ(Jl8hNl#dqqgxD@ z_)XVZEAz!&d`qt$9!|g4>QzajO;CULsW}0 z0B3}jf<>#05voJORz`7~ZF~^tdLTwt0Yn}kM6<#Ig=T^rJ~3q*Jv));-EVpwn+jta zbra4ZDjNAveMi-n7A$}anu~s{(1>YB?5wc@jJky28s5OPjKi&>&Fjl6)>4Mpuwi;( z1BpmQ&I#AeSA!7p(h!2YdN&VK5MqTmLStOF7{gO}GqLgmOQ-)VW`9dOqUm$S-hAOM za6-Z(wDPL>dv^L1o!Rl=0nCQB^2ZzLZ^r9lnivi1!u=@*N&%xtpc}K$3XU*F4NL7h z)HXc8a>|A|!X?ReB>n1-3U0=ljFsHMlGxHA@CQr-wOwRwXuw1QrM8CP{o|1QNC~#s zx@x`bW|LyQB${SoP5Z3M!~k$GSU25d7YwI@4gMHtUAP_p!T6B#VqrsR|z_j1tq37>oHj{6AefW%@X;TO^67UdqYWf^KX zWtUp@d7?ngs8N8kqn4@e1F9+ZljNB+$%y*v-ld8>J^W24Y z@z!X(DnG`Jw~Lprp6^zSfrbn)2tLZ4ut;f|0kSE$z`l&m>KtGY93HRkgEj~MD#a|| ztu2%?eeXnPvb5+Wd|oHIg8sP63(Tv064SQs3te=hJLQGO2$^SB+vj@ujN{Q(lt zw@>`{)vH%$i2~@FKvt7ICaepiLE9r+<4EFKJrGpM&$%x@scd+1tk|_SXgE&~+1dpS zz1D^E*|!g6>kU9zG1nZ`CGBD@M;=b^KZNm#D>!R0TV^(-=QOs7+gJ8|hE1c-H^7Lp zJjs&f(Wj*be$W*{pRsdN=yRe#^Pv3Uq4ZH&DA$9_7FKaeq3U!;3sF-!F~Jj{~v-+fK<=rdIWo>{_c6sw__ip8%#_vPvX>d0!1= zDUu)q%m$SS6^Rs?mXkGSxt-9^&COTB@M#YVq5kYWD1P zd)5q(3$MxX=qqONIT|=wx4!lFyvE~b#je+2f#GRyymxli2((kGKRtil010AUHe&*s zH+2S4gw^&I{up01X8HAOF8Ng_T+Y?}(WJ%Js`(?y{6m;eS4OP7zAZ2;Ny1n_RwESp zUx|UZ!Bv|Fogkxb9{h0*jrqb{WMDIZKgo_BwDKng&QGK!tkmFzKzMLa^KR3ob_~!$Qe(^Yc>>b79*g(uag@}5t28A z61c_Ky_pEf2)eD(id^`BBclft4hl;dzomqbl#Gy+VnU*|A|Y|Dd?9g}8mB=w`h`dZ z<@$<*1Wadzr0fZaFFPV6sAq+w90>`Ua6lZ0<=iD0V#H|d&T zTy`6SH7eV#_-I-ecB7`Mg_uiExZ!CErD8Naj1^$Wijz)p!>H-uN<){EzODTMIvt)xj3Ha_|uW#?(m&#M(mx zNa1~AUrkhXR7Wvf{=Vvtu0uy48{m@IrkguNY-9;Dqr$24;yU5^GMJA+t(~PsSD6+A zUX-{I=Q;7fe|S8y?Y#<04Dd!}B?18=@T7sC5-5lNNitk=UDWy*gP_L^Rj$*BX}& z->zDm!XTZ5Au3*nwC(S!805FtnI%pL6#XN;t0A&X2S{%1z#M$VCW~1JP0m;^)?66` z8R`ug+JlvKy7uS?vm3M}s?@Pzhz&9*T(NzQk|GI3**Otn5_v<2&J{0{otB?!1|jqE zcA#(APH;z52X{0zDAf_gw>|q6(8g5=B;E$CT&%|e++Xj->o)SfCLUn81zVy6z@0~5 z}Aio-+y@Xj*LjQr^%W9Ze?7GE%FKcFTHvZ=4!TzQ1W$`L!3&%ebAI_SN zM3#v>zLljP%$n(cFl(1$`i0GTY-8eQZ5yYbcbhD9Hu_>B{rvX{^z(0weuhnfmv=6v zIuOB@Xtz~dCu(+Cp6l5Hn1(Y<4g{qE7KG&OXY-)0d+{ZV!Zu!p;f5hVFXQhyh`+T0K5s8dqe>KY2pe|@rsoNkUvnhg}l3%+lXvo-p)2H`gVv1TA<4r7eb z5ahtPl;GO^(2Bo{fPJT0OWg5!XbIhYiODEsQy@c5*}nzxxG$rZqOp}x^G+>B8IkBE zHwGn5@$w`;i8O=%>rjI9e7lfjY_I zPB?rl3d<0XQ(q2m;>$)D87Diypxf|^8N!2UAAVle6JxRUQMI6K1jlYFnZ8SHiW<2n z4qk`-UNIE@LfDt+FoJ!U49bcGYB)8b?uojfmoC!^Nhh5xR*Sy!6ABzJsSnr~a(nS#p_$ zKPJserv$y8dnPuBBQ4fCi2ZER6SPz?HySYESy2n8Mr@1VGrWTxQH(1!%IxIqW|JwM z1xK2uLNd$EWyr+)q?KD9a6{QSC=Dxi(8 zs4QO5?2#aICk^M-y*;bZVZu>~cc`}F*Q+~Rw~!r{*dc~ohR=h;Cuc~C0TV7~o$bMv zFRSh;Bn;D7Ct5q(ZrrcOe8pdgx-rbfzUX`HqkWBG^#xbRgHEHtmGB7i5){^WUI~?4 zREZ6v^D;~UXE_n1Zm@Aj161BCJq0jIgryQXk=+QxPU-e?%t^TrIohBf-7~p^f8g?dvyw zUpHUnh{L@IWnL(Yjy^>^kkO1vBLQB2fr$KHHNrSVVQn>s_ z)o^Bca0J+`>~T$wlq0Gm!HPdm=Gbh|&|j;ItP3+7#mn%!OoDdc%tuw`mmz;p^Xu{P zRlY)XRi^L50+^NS`7{-_`mVHRLnL!(3M$}S>@_>aD`MO4%FN;hmkEzVH~+3&n7i`e z^?^T0!_Qfo5^H# z)#%UuI#xZEYgK=rQ%$Nb^~Onsry!loFG0t&wfpdE{Q27UHoifQ&lKqTj63HPe&C<9 zxeozLnz0}(IFZf04Qht$7f?1}b64u6)(GT}-RbY*z=yyV~6*g`KpksO?s! ztNUfHp6b-zQFG;hZ4~#RMSYCz(ms~ZLW#`#g0L=vc~$4paga0#0t+%3!GQ&9JFz5 z;CaO+;3*fTmtWyJbvuynt%;{Lxyv>2@vIj-hkyVj3d=App=FZdRSX8wVB_zOZ_9`} z?~h}e@GD{z)yB@`|C{MvEZHwy2AZZs;h`IHB}|9)6Q=)BrQe&5lhM??uwg`mSf_Xk zz#dOpwd1ggZ|2KL{f3dZKrk45!dp-q+J9f<-LS>XDF^%h?q864 z9(m3$-|J6Gcft6pmu^VvwNbliOz%hrhu=$F?BJQ~w|I&IIgHHE- zjlB9AdQ)%l)+U8PFiQ9j5=u@yWb;_XhVVE1mFXzq&bp*@6A*t67Nrh61Dw6S%Iq00 zqi5GGo}JkSmQOi}{X|%J&Oo7L>ltWTA=l5BU+IYKF9)w6N@szzqx(>g_;Tw~c9o3- zGzcxz);k>zVosQb8YQKt?KslqD^h#9#_Q><2nZm{3OO3Q9o=JlTQ;KmBCkffF^6(6 zI1UO2bL2Z0%m41Wa?9dg=tuN@xIlU#acQaceaa?{Ny^Re;IM=6?67odj&#GfNzc*X7nPI&Zq4oj1BW}M z_5};Np&r9V^qk{5we+;-Q=|^)>2Udk#U+K{qruT>_*@F;`t@vK6X4Ti`>R3l-J~4f zAczy3a}cy3Rx=UBmy+UW4=pM_p1Uj)oq@OaAF?ri*TZuoYzk+%EWe_G`=&8Vx&5vB zXNp%FI}mmqXIQtAwq^^&WY-WN|EgdX@|fv8Y?7*29V!#osesY*_+K_C0j7-FmuYRx zM|Yb5(c^68V1O?X@q(b9D?8rSQ*ShqlxVY1+=h?Fn)U6-W=VuG2w%Tw2cNbbc!&i1 zlw(Nn-*IWEQgt^;CuOd_K=LL}Yq9+lF9F!rvEp$jt$KPA z?;u_Hf^_P%bkx%`pQeVvdo|~KJ@G7)bdo0k{Y1iO3}JnNA0q-97nU0Hlk9lFm^gUJ zG4U)Ij-BV{oPa7nM-_~^9;KC*F$c zR9z^uPZdxM=5n3oQL`tf*+&i1al(h<+O!8#E)xZu?*q;VeCbP9W|id7;K{(cA@}E( zf6c|+e3p6}ToE%aR2db#@b6_|;uZi$#GvO-O6`&*S(<2DO-q)x_)(uskC7TxJnX zW1tq~=d?bUxqWgy4~E<07AAAs`ea1htG#t*@hMdx@T5~tGHZ-MO|FZa$>mS)kzhJI zhJ67fTlB z%@fqBk>b)Vga|;0blC?cDp+Z4?NgJgvv^~bT&e_ZnxGvYPWcMo^Q+aX)i^T0lQLH~ zJ7Bt86tiu;!KD1sgyywR+>AkI<yFiqW47Tsf1aK)(JKlu#S+7C@Vc`5-1H(o&T)CfM`TLGObz^xGqPxr6M zw_O&@n|!0d2lHVM%uNv(YSa`k@2mwTlW{wYkw)^40C`uGMa}*RBEWV#gm1 zS3Fs(@l{^qUtsBs7Ig84Zwa=1Ni0t5$O1lzNsbD?DfNxIExg^Fz7q9XXe5tHm}HXV zYX+Eh?o)jF+s*-*Q0#_@Owni0j|g*s_L;`H4%S2wmM;seI|cvqx4XCTxYN}a1QQT!`^dDkdoSlFQS$ZolE4U}tH*<5z z#^O_tj+;yhl^RfK5DidKOqbhLkC#xCHzNE^mnFyNv`C&Ryp922y*~7ZePpu_Q_f>2 z{7ERLN2f%i7t=@2gqw4(BNDCHODP1ii17lsBN)ub7u*=0*8{QlphoyZQ%zjy57;)k zkREB1HZ-x1m*KpI45+zeyC$aVmZYmX#fg2C zL5jr0(Zna_P!p*10tZJ^vU>|?S_*H4Qy4B*VF>gP&AXA(+lKpUe#K0(mAeMbrrhBW z{R=WUnt_}q-F_&_k2`i!*cpS!^eOFaku$Y*;kVg5XtDJIZLxSKfo+QHDHJJNDF3>% z6gx*1^%#n@2|r2VS!8reFtG=y+H?nT><=*^xA^lY*PR{FkoZ`>jA)3LsjZ*p=_sFb z)z3tW**GnQq-*!UgZ^uNz@|FP2DXM+Ta-pj* z2P$t(;WP}A|A8G)O`O|{g&YjZLc2v@%-i}Q!^a=ea!zaq=B$ma-E*h=NukN4y`%RX z9u_5RUL=LZCx3(tR+PgHRwJkux+u3_##HApWKIqzeS5~3Ftb<`nh#@EZIvaxZ4;b8rl@x|@ec$%$ z)6p$VXVc!h_yba8v^ptQUHD%p?7fTgfp9#-Haa=@qb@ua|9}+*8lD-J$trfv4L)rU zk+W;s7+y%!7=x<|g#^6quFN6H_u3?&>hLJi@@M#(If0yP)Of%@oXFoo#Daw3Sd~GB~Si}bQ+W* zfZGackNE&Qmw*x8?;yb(@U7y+;37z`l697E^@0tx1GPN~34jc#e_>c#Pa5#1fQ(DU ztc+?p%$S&c^FG5{%e0)#LcVVSV}O(R1HQjf3QeYnnGq98LOUi^s`HA-i3VQkm{!P! z-0~S_3~}A{#Ocvoy;*QKP$@x#FZa#E=b~}=^81^z8OO@_IGS}F{J}V)XaFs#f)rAI zZ?vt?i=cB@rb0vTIa8sKl?q8dl!`niutK+4``ri~E4~U*v&-870>nV)@Yqi{oByE1 z%x3&AojS@ft|8p;D(}UBDq^O_-sU)7*@^r?BMK9b|6P>5&rAz~Y4toBUwXYa*er7ekB`ZaipUGL$VgW% zqx6bY`XDRuAAp2qC0^?xHp$*JYj?>K%8vvOA|=&Xt{9DkpCAFZBQ*77*5c2)(5xS{ zl4wR4+s!O6$%~ofM;SB0F1_9>DlpBM z$r9s!vaQcWCE<`NE-D3AHpv8PxpGk{#Btm8;r7xi-o<^_7Ut7B!WaJlz3uVpS*T+F zc2VPA@!@{NX`xFO`EXx%Srhnhd%nG<4~L_RKx^ei*J83UEU)7vvjiHY05iz^fP zGv=cf1Wc?uB?KB=rI2++N6&Ul6bUmukr*v(LV1+$ixKG{ZB&f*z=Dq$!7>|WZL$OC zSr&Y%VGC6l@_11nl@7k$3~%pP{p)qS48W;T9d;LRy0=ilE%&r;Hb3Oh z&0Z&CN)Gm$EfQqVl3kf5Z~B|vf^%!ZpFfO-bj?iH-q|r6Hp>l~ma|+-KNNo}8}IA& zYHD};wf(5xJT^dm%dH^j>zTqRT5E~z#;ddFq&1b8zZ!Y*>rSWKdV7LId_q=E zT!ILi?w8{g6%Z$7SDD(A5vJic(Xv``w_9nk6TYVxO!@)YgsMbiKVPuPB0N9!r!V)j zUfc>#{_wwMarUvj;RTbHZC?G)pm>r5LfS zwLl-te{b-+vuG2%1{ihb!-Bw<2nse`OM@+di9VUJ6bD!a3D>tF~p5T}3YWHzb`uCV0-O}7n` z=8s}6rubXL-W_$b;&}em6Qi-p8cpbiEhVn28$_Mneb~hJ=1h=Y*}|@O0!3Ist(LcB z`smqU=4r$15VL5ucaeI`D|X;GyVZPX>}JC_6NUP}1OS$_>}`uU{LcvY2(2)yh%SES z_dGKPvrS&r5EH8)uR?RpRo~f0mO5k%a_taiLuVu2B-!O+VWbk7Uys@$ii>l&P#C4) z&YwBZ8gESS1V1t>p(nM0LOfUjRVdwdKx>ylhca~FrG|9M@C8rH$OzC?8Lh)Eyy5K{~E3 zqakiDdSrg4L-C$u=uaR*S>nR6NjGsuh0(zs$8|Go>2l{EdPn(o-m$( zb|G7Fm$%OJF|-!`jsJ|{9|AU0qal4t3}n36IbDkM@q=-k0ALbZZ|%WU#60_R&&fd( zV|#EdyyI>zddtq*Qqy|EnwS11MQ$#VE* zy9(H4m5(Ih{>R6KjWK#?L*+!FL?@Vknh-`1LUF!fSTyU354@~8JJ=p!CHtL=QH;yz zhf(MUArq+A8T3%{qZq(c!ql^WUiEe*GOB+tUj1-EK`?4Y5Bu08K9+|?{>|3tBlJ;WXX(+DH9n>B(CTCN9=lvMl3EJHVY*fr@6y+2Sh=X~9WL*Bk zB$zV+2HnLuL6*<+V)rHWeej6?J-$E9j9D(Y7ECY);}o4A7i>FKomnx8&i;l~_we%4 zcv4v*u}FFApQkTlO7cn-MXMy$y>m*^E%9W&Z60Gr8Wg(9m_Ca6&fzVH z)`}wy*1>)r#@rwa>)FWaCyN|+Ja{erfa_iZxAXX-uEH8iN?45MD_E*;3Lo?Fm2sP| zBFSv(*dx3yuy|ef5iqDoldSG;0CUX%T*Z%}qViGI=wNg`sbJ0 z+Wx9OMiV+HjEk0Xi}>sp5Lu!TWg=U^q%JhOa6xd@PsI)xwbjADqrnL;(iVLVO4eov z*Zj?9;eBG?c#GDQD*lCigs+V-nqk z*DAk_73=I*+DEv&T=hxK|9_~v7WlY|s-HH2rck&Q5sNRj&_WRkEiVHtkYX3N+Gs(F zh&+nnr6|@<>KDLZ>L!rQHfcqX0tKo(tjMQPDW-v@8!SzDC;=)2t+;B1doe(i3Q@p* z|Nl8NbMM{VBt_8AuRqw_JC8GG&YW}R%$YND`{*m{5MP-If0FILn*1zm=5T5j#;E0| ztB&YRZ8+_BMw8b4$gC9OtuZdrOl1AILX(F0oj_4JdSO1hOXe5pO=B{LF(|jw0!wA~ z?3J4gi!u11Vt@f+3<6ljVB!z8mu&xbjuHNcOVzgj18pB57AOcF8`wSbNV;cC<~ZWP z*3S#unP}HjFunbA#687nl{;TpDq!ix^m*K;Qel+LSfzu9skEo2>%fG8_Zt7YbYS9m zP}?p^lm&X4&IR`DPpWnOqF1(W$7jULAkO{+GylFFdvr*VOkKdpUUJL;N9FComnu*_ zX0A)}8Aukpdb#0mNj;H;TP0)!Z7l|L|4g)%>c~H*h8i{~7NcYYGiB3>L=y7`^2>l$ zV6-=sioC-k$z;5x_y^mi@&{j##m=9m=pW4KG8vmxcwnBV%x0PZp;re?hA5M=4-Hx}_APXzx?yLMn>gp0+=-pllj?8GRzJC3HI?~=|6TD2G*t;2 z>-ncZOMFfyuU12BDaWrTBTgQjFt1g31={v?hJBRnf~ExmTa=Pgr&X%Spr>X8dk8&D znvM*$tP!KZ5P9jBtKW(`oD_{^3KS zc$y`tUTXz4TdgFevdiul2(C*IRLfalv}=SK%I^Ljf2sPu@eY9OX`0}G^J$hyqSwl; zS_k}I101WB+E$jLlJw8K)2ODMP*y&?sTxTjQYp$qa4V$9LHeeHlx?NRtD0QPN28*$ zf&jmAuuR}`S4rR+;G}>6=R@!uRgDU!M~t(r!k=cS%$S%QWj~qzG5)Oy=|?zz+15$1 z6bw+Sa6*)(!f^gA$GyH?@pQY9RBG|%tyw>rwG;Ae{6E;delW9Sz~C+O9uUqp+=(8f z^A$1|H(_wo^#kX4%eWlE(`8=UB2Am)(oXl^ywIct>S5E{Xh;Cy=A-M z7cWonrH!Zb@WLGxm-DjZkeQG(6wTQVN%GpBLlSZpLuI%+{0@NE)~7jNjpl6MhdFm^ z&V)py&Tf2ZTctURqdChbGv{lXQ+9Bq&Wl(udTkeK&KS%?4ukDaGUubF&fg+AkG#$t z?oa^hLB3cTybdAq+TLaAK+3#jTVC=_kvwwp-;PAaH2js$H4iOV`B z<1t$9KxVa3`zdpo?jGX|GLS@foJA~+6{~Z70=yper|l5GzW{)R{QiKZ#rS=#rp<6N zaJ1LPj}R%E*Xk2wpjDrydyQ#*I>c+d6i?{(Pl3AE_&I&a@x?NT3dzZuQ$k3LV3iOO zBUoioQQ%k4y*49QCB(-FRtfRx15!Y=g!mZ2IzAD>x|%QlZv>0cFu{vT;*kZ5yP2f~ zi^DyPU|q?q(t>pnvz%b@>}?6bI%a|qEbh0K5G*nKM-Z%?wVDbRl+tj5^|TJK_W!*s z2YFKgd_Nw*%wX$vcnWc>`hpSuZ{c1gnIf*!l3?uR`UGZg(kDy@m+KQm;fr`G(U;Sa z9D>hZY`}lOf~SMWRin*=7ZsfZYtq>+TB*(=_WCZ0n2n$TEk;lg;r9qdKgj+BX2Epb z6lmhlqAHDS#GAlQ$7A$x<)u?n-OrXs4_CsvgFzlW0ge@V_z~nwlC)R^8i2WIf1xiE zn3t`_e9v>1Q%at*6#FqdZ;G6={Bx@N8EGH(kghi{=>ZBGb>}R%&kYy%AG3|52q2T1 zf~N9|}o!lT*{1_V@IzdIgLQJV2+4`}=J)4lt7Kb1u}8*^kjp zA!!n39!~0t3B2Vl4-0SqPq$;|yPJOS?p<)}-3!)90^vwqy-G=q=}PMjNm81WV0xvw{PHGu`6Uz0<&8JG%Nv>4fhAS+@=IF~ zmtWrKE^kDlJ$8`1u_bvUFTcF0C3%xOcwnL$bLR5PoW1-q$ICA_5UEYt7r0}p;QH$I z-|+aC2c2stnD|rV{wuJM)3eFFGetF|51I@Q?&a9d@IgajMaWGTdIdL8feB zoO-0R)JW5Ed!_9cZvR}hqXbx0k^rk(lB4$czaoC}+Q!#l_r#g^t($4%!0 zJ9G_`h>*kgcfKMkb zh1c}DvfCPfM%!SwldltYYlm8I2dnO9+w9ua?r^O>HV$wjL1Yo>nMtn3-_@1_jazs% z(${FZ<-i*p2cod$!0X)rFtLyWZ9#D0^=<&PDZPI6`j+JN`%xh6>k@#&}83p1NT0Qb>|&{)fR3X3d$df9+ha^?l@! z+T?3sxce8eApT)BDz5q0f_`wmDGtZ_5QvnX{qu%bFkLh!U(pR`fT{IXL2N^D_9niu#xa}Bk^U0Q>pjUlfWsEegV|1FJGJbrGFynK-L7KU;8qqB zbU3dJ`qQtC`b%l+m|@7vFyw=qI1H>1a@&EusqUe2?6YB0O-gM=!!VH@lU1=1CS^5A zNc*#I#Rou!=^ZHPpag46kS1b}=y=EWSOka&gxDl9K6zdLG|rN)%A|ntF<;nQPkX3v zfXx_zb}~kJxq&@4Mq=GG0HBRO5qUsE*sX}sw^15R4vMP(g8POf-mAx?hc0%EMNk1( zw=tR8!%Nc*W@HKu?fd)Qb!wU4d`$_`(Pda5GCwV(AJC4{FVfbr@IjV&>9fMtD8Y-~ zZ6w&-KZDyf{9SG15fLsdH;f2>gS=yuC3wh)aJV?M`Xy7pttUAMRKN>^DT5mIC0FS5+FiZ@W%0a6m5&>6#SqoAR)XU&~UXiw=&4PRhWqT^-?xn ze=8=3PoY_qHH4jN-wFvkHHVyI8}MT+g#GZCP2Sm^-x=tG(&_y1yC(0H=UW*dki0dx z0d!khf2ULmDGtuWAohA+6KwvdV4BUfSN0p1gZRefdS=z%>EHeuBrlU(32s^mCZqo@ z)mq<>t+}&HmPwr}&sIrqFY|x32UdZt$p(~PVcjV!p$aRR09CZYPoadGuyAPQ#)3Ah z$#5Y?A18d_ddpjbo67d58iVRzk*Zy|+P~}VSk0pzOJUz1)iZc1tTRi<3KRYU@F0x=tr(lwGY3*S;mkJB1OGP!zb{c85a%H(RWMo)4TQmjm_&PjHJ z_niQ$Orl3M?ImQgTV!%|UaG6atrnSN0}+{A9hFIxfK0MPL?%~9WfCPIlPrNQ#bj~^ z@j4KY3&c@gK`ao=%H*n0CLgjgnN6!{-b$He#Qf6wTN?n~OP_{c6q}XY>^08EGc?Bj*ay|8*?N5s(vI^Q z4?!C69E2R@jAXx}l}kzXBh0G5)qi+MBzpz8as?!N27$E7$8EATw-yWc>$_99^^-W6 zWV4lT$hF9KGi0>czYv8oO`k(I1RoLcR(TaE&v`nPQWZ-9r|2S5-khqvhE@EBJP5kh z-Z5G44gN%J#ln$kWLPc+5=Pcn<0&fZQU6oIPR<+JQEL01dJkggKuI7KaU4CVu2n`8 z`iEhFt+f(N;0sO#AP$EB{9o=S?z=qh-4g#bwSQ0bg~(D~bFuT{Lx(`8s?j5snHVWE zDe_E4v2_N4SdEwZOlFPG_1h0t1i3vt65BRnMNF| zhI=2d zzFLZeDkk7>HUG}X=Sowl%-kspFn@k_FL+;dCCO#{oJ`IjkV|#^|TH1oaF4I%~Q}G-Jr>uz5s*0-vs{0&=k(p?PEpQ3eR$!VZ|Mr1tlk4wQ5p z6Ys3r1qJZHa0u{b9$m}>%2WZ0^N8R|gyinJNG%*0k@+|;^fiol@U&?;-9hIZY8`D7 z&=i}SCNhwnhiB|~!45q3?=053hbvZB)x{+LXGahXDy;~fvrKSYwDY17;HRjhnE9W> z4eUU=A4t=b7%yW&>@%Ul`$0I~jv*vfIG zM!`~k`iGR%U%1%oN1-| zo*gdWUUL=>$EtdjT83K}C$bB-_%mxOReor%T29WS60q;(+*_)=nZYHgjQlZ&;mGdg zsVY4`mnV-&D50>PNaaVq#wySisxQEL(HTSZ1;3~Laa;mPMGw7^&n(#jH(npE9qpa3 z2iGCbb_&TCP9aE$P9b*_h-iRD>JddVpJ^805Rkdq`YrRZg@P|y=P*s+l;%P_Cv#@1 z;50PzF*iZX&CH$x66rpnsavHc|tVf{H>_XwMc=|JeU|l4ccQig}UM!Sb|$`!2uO4 zTcE3;Q)Q1MmQF9#eqPho7`spjSC35()wx4E5v|9J)4Zl1yBf+g>F#pFIAOzJElI{- z(`YtTg%oobvp|zJ9_>IzG%RHD80mRIZ;tksb7F)4xI14F6$9_?@#$d3nBGisAb6@& zP3Wd$OQoOhEvNVn1M!?Oz3JR81p3udm7!ls0zGj=pmQ8hH<|5B=$)S{9No2;mF2F8 zsLsbUa^p-)BR|B@TMC1yI)!3t8ZVfl)PJ)SL&}Oufhpcmlx~>fHP=x)#A8bjF_H_0 zc!2^zC)@#jE=wfvBVm=a zR)RB_L<2V(_o!i|M@d#bo~6;FwBb8w7fUVb7GSY``$PoW(Eb7k^Dqj;nUn0!QcJyRC=I}3W)*2vGXy;%!m09H}jDY)zNpbY1Lw?qX#&+PDc-B&m5SW zJrimg2RxEnN^9oKdxlrcBUsIIp{}c-z^j3R+U>?{|H&?*m#JBek&2CA)ywIPb)Ukt z6*p)dn!j(gW2(HOw#N^JfB>J|0ksmd{q5tIaj*2`UuRunBNd?^j`p)N#3P-4GBs$ zTyE+5yKt$Z^jKF0`^Q^TWpSKS7DN7rr-T3BD;Pp`4E#at*StG2v06sbWFj$I1_OdsMdb7+ z1}u7Z4HeKrb)C}n(n@ZG@m2=V>^QJzFq7RVL>ZXvZu;t19Sn+eMteSwFP-P~F2r9t z7O)8P_mIea*?&Td?HmBV>vFS`qw5K@_@3ExEa2g16SP(30d5UNaHt-Y2Y|of80CR} z^A0;C*}(=_fKQf0~4^g0})jPAdW(((k?M zBzD4QTDD;ta`gf%5XLJ0FtFjh7KboT@Api8*K0HDwP;0V?uL)Xx(i35nWA9f$iE3z z_IF#7-*r~@Nd>KdPHSW!-me3J7bAAF<|K@}!eXXf;I@kH59|b3!E{a}x;Q(}!2Xwx z<<)1)f-BZp>UDmamwL=GgtY)L`52odQbz)n8dY~Wl>;fQw1jJuxq=)z8BA+BsG{H^ zc6^9WdgCJKOuIi%eTjI1hk*xXmW}%7Uj6}u(XH9rRuwGX@5kXz%upaP0tkT-Iv36{ z7%)y>lKFX)88Q}n2)}Ez%seRrW%h+>cFo$*M~*d{ciD!1;m}@f<;{8uuA9PE(A*-J zJ7@z7J1*gy{zz)jf}hKW&Yr?PKT20Y%sLNc#0+r64o5dJz(zdc>992>OIuN!88?fq zOCa^=M=3hX4=E}jF-gaXT$vTAqxdz2!emq2gl#Tb|!qGX7Y17gIx#qFDSNGle3TCwW)RU@Y_?`+_eOwRV1bmN!3iIX-nL10>!o$wBc z36mt@-pAgfL<%MAU&W5Md&@rwObU3PL7HI4+uh~A5hfRx%c0H5+dOx-Mu?^w7UbF6 zT9UT`LQC>?Hw{b|!-j&LKM|5*8!DA2nYaUUgU-E5Y;@aXF!)cYz}}jzH7J~(5JTMVFda0 zDh#O)wZf_UX-6*l;>Nk=x_Cwb4o5DS&8Q4tzP2~i!&W2#`uY1Ns&a{ z>8)Pdmy0Vh6J{Bp4lm5eoLyX#1|5X?mXU?|mX_o#0N;|l)d{nkhQ0;i3%&<8h;V(V z!*&Nb(fM|&*VL?~l=#TT0p2hVUldiC+&Gwr>nt_A{&k#xPSl^VTn-`eH zF?;p-KWJp~y#U%E-7t)7fMyBofkslg^%*{4)dgI2uJVYzB3Q_GDA)ZZ%=C&Pb z5}>nXLd0NZGXkvOd{8qNAAxh6_Q)z2l?7a+cB)pYL-F*AeFp4G54|2JWG5PG6gUFn6AkiZMKldVkLTewqL5`bqKDkr%mF+uT=p)B9=3xnEXqKwb4IL%O{T+&YO%N2 zO)A|Eww2}zb|Awat^t~E%5M6dK&l@a&RCzqX-J0G_O{46iqJe}tjE(sV?B}{HP)XT zW_fp9kV0V5Q6hW7#QP!gmyWv-BJg}nU6Dm7RR}* z0|ROg_i0{=@!kg!TcNr&I+qNtEFE3 zQISR*!?+98DEH@Ch%jKmdC*N=C!A;UrkgxtHDTP}eJ%Qu6Z?fo+0j(qeYbE&G@bl3 z*=rhGluTp&c8!)7kJUj!K%N<-mLbD8=5^R}120_V&8PJz}@Z7Q1I!@0k3Jt?koj)U4cvp-#e z4#7*h1Bp^`{V5+|iOrJ#Npt_jqQs%go^1tX!nuD}lRn(sKkc{w$#Z`TC0OQus_8A? zvx7d$z}7A*HL$otUCo>kt%MIeRLV*?3DO@t#f@t)UPSlNzHnAT9kL3ng!9O!vce+U zsgajn@tEWeXHVQExx?8L-;&(n?1?(b9nPLOU2=!BCuU3Tj@uJke$8P0H#Utv#Ng()DYEHdH10a!7OZcnU4lu%%nwMFbJ1BX<8KoF>R7>QsuLBEb zF+>$_)Dk%Z`>~-V^1g4O4miB<=gnFod;RLIw?t0f6?*J?ZYK}7hEYo-oV)G$GK4S8 z;C__q!H>?`jaHF;eGY4uaGuK_+O3w{cF22?`K056r* z$A-J`Xx|DK_V5JAT*!qzo`+l5Bg-!A&)G#LeniPu!2p_RT2ZgjX-L^8l9H`HP2s{< z)V1I#tjF+=77;uddI!yVSGqJB>7fd5*-BF=-LWV8q24Vzd~p6}i@7t9z7aR8BN-7J z&0N-n=`Gb`nv>7RQ^qzYUx=raHz!}jp`?K>EIiBnyM8<#d&0i%pK`N~8lUmU@1`pc z?~>rx=qfdef=mMmQ$T>FI%gIRUDK1I-VH6Qq%;wxdASJv+~1_wK$fO=M2ci_@wN=w zrIp4T7VU`yxI#}Xa5XG-%tGe_#TmNL5hqH7Zr_JlrGiT&B)G!ZpFBN%hn=xM_%$8Pb$vrAie0g zG;aCAir5`_$!mitQvem>rMGju)RKJ3jo!_hu5@l+^OWeb_0D}>rhXeatO#Rc+-`)S#K{e@pgki4CCgXYdTPBV!GE(OcCN^F1Z)` z6Jo%9#MBL^Eu)x2FN4$As+jjKt|1<%Moju;!Odprot3jm`l&v1P>J~=#pL=nASH7> z!u4>PWE&{07lB5K75n<7nC^lIRqLw!a*Vjvv4pQEBD}=KA=wU5b(M@`g^Xjx)M?z> zsYUof_p`JOcmP-IAj2Mr5$k%;Y<~Gu9>kzvTNBM^nkQ0qtU>3XNEk?#_jfvtAzZlO zAu1{u^Eb_FJq==cfR4HuYsM5ks(maq=FzZkmI@*J32OcRXW>fHgAY-Dc#Bc%4|~4D zsP*}ez@WsTV{;F~()!J`7QI#~Jy9e)HEM2g-Hc$KdZef8H)BWOOL#KzIa-;9ahi-zr9YLNR^^%OGauDTtNBU9tB1vV&X z9ph?|=KC;GjCnRY`UBXOZ{D*q;M!e|J>rv1wJ=}DY|1X&>L2%xUCPQCEVdo2}uOD&tHe@1Au-ope`7UN6o;dib}Gw%Eys_Qc6C)gLIV-u3I`1 z_#v~m(X}6NvK~e>XpeN1E-rj!5K?|uIVV3>ilH)Lj1J>zmwth zinDES0gKU_u~V7R-eOIiAjupfSW_LV@dmRaiY76oZ1pqvhh$Lnkm>6N1evJ>o?V_w_ zX7wr3xe;sw^)l4sWHY{#x%+)oywUnwbwO?hP0kv@E?8Q>RYjLx3(OM<4XHFjywy%} zTQSKUuO%?au}2cDp%;el&sY49E292&ceCfR6&ZyAciK##&?C@>+Am+*WkmD#C zkr_7DxX!R!3uoA^xP{Tou;-yoqef6uXV|SpGi;buVulrH%PGyAVXZDUd)~dV#0#IJy$ zl;Jl&G_U_vb)HDg3`IY4)&4^FCu)I#=&Pe8x22JKJ`%@2ZfV)`HLY5 z`#rw&@(ju7zmznJe!MKtU?ePl(de>IP-?^FS%PgqqRsx}(}l>cfmRkBc&Gt@(e(YR z5jO`QdC7T)Wq#VFcI%`XuK$3HVD-5Uud{s zP_P83$-}DGW6|ouaKob+K4!Cm3_WF%i0;n2@eu!w^zNvfed<{TlX?0{Qsg4)z+(& zR4lN=lkgIQVDHNy|5zNNZmJWEf7Z5lCff5??!$xn=DM%uUaT3xKd3FI`l0bTMQbPe z%=r1|b%sYUUVx6@!09;bzCD6cqUJ%7ns>?UQ11g9*7qOT^tbIBrlBa*- zcw9~k9tK`XRGT%}RYsnVAaxsl3lP2t+cnaF9J6y6H5|+u_@~XpB4K-~qqu~H-e}*N z(8O>}hdqonjVp}$K@r<#PeWhqZL@uoeW50mH4tFkVzb4?t55brZ738d70O#B#1jW> zY=O=^a{Z(3r`U4ejYU!@gTLY3Og#BZ@(A+PwA9M76Q;iBHMq-AFw=aO?O1fPkM_(F zd;I+SA>8KGND|QN@<&zU8E={9HT=W&)-5`wnrTdI=N}}7cSsHPG^~Kpfcr}&LKKSvFmO)va3!`(>s*CXOx zCJ|B9@p{*w0Ciz@$pF5J{_&ak^e<0Y=%Er?%1#?zq$Try+wM@#Ze?Z06Sv~r{XV2y z-6>NML*a1Q7Am3*Ik$leZ8&alk<=v+b=vQrbQSi=)rZsXU-BA9ICfbTJp8Wzi$vdM zmiU>4TQfCzAUTK$X5{_fPZw??R%2!Wg-Q6}SKv&s^V@-ze%yN+KqQbi*TM~-v9t#6868y{;A6e3F@L&W($|Q=ES0AS7n#LBfHS|Upf3A z*sy(Ajuf;~DGIB}#af|Sv{z|at;;)4v~4yOLj^$lIST$ifKu>IBMq(-V@!hS_Vdv` zNw?#>h3r%gE#*)i+cb?GTAr^7ynZiyorc%z?Q4`Yr(P+fX%F$$Po+eC?RuU!$N1z| z`nb7#ubj+iJy-zZ*rhCRI?s)UvoebEbZC6ggt@`C5{-ixXt!pK|7Rc}wq^LE;*j?@ zp`IEyw(C42!O(zt z*raO*yw&1{Wl`0*T}$jhy~Y67$tJf32P!-$a#XEL_^T0|J#1-RWPJ@)B!INBPAbES zz6_rdBvv-0tm%^q775(P!0iVqlMw5?i99t#6uUJ>L`lh3UkHTo=pq4xlE4LDY?Xd* znq>NofNI{Q{|DT0{|5bkmNZdtqS9 z@0Cb!ebNZS%kSj`z<#O(QC&4PVjjl&$90;Bh@Faa%l(ApA|m2hhlQ(K;g6MEL_|DL zoV%01b)AWb_aheG7S#MpuXdPui(WN(+jh3 zm_c^{p!wv0MYSGeIN3F8CZnOw=}1~f@+xgJPb4$F{_z;TkhB-=X-M0zv@)a>I`YB| z$CqaTjA8{h{0@%d=4H{Q%4}2X&9NpOMQQ4aXj7w$z^tE+Bm(c1+~GuE``xTNoCy3* zauKvzQUrb`xxNn-`rUd7NRmiCJYuB;?t*g*-0Pn`L;F632r7 zV!_zIB}(v<1u5v94N8fq&bc#6@P9@y?m<^V8GLr4k-=N#+>;$2QE#J;ZG{=z?+6fE zw_t29*UUF%I9-4!^pQr>8Y_F-w(LZwZT){@~yX$ou`s_9bVZ&~E4 z0)%Kr)&N7{8o&TGtGR!|c6}cjP-U_Uo-ksTCw9`;;>mFUHsKqY9L<;WEUCwl)HeZ! z&P<1TP5UARykWXB-n_vhWIY|h7f^f$ERac8M(IBnl?Ya?cTTB%GiF(}T8y%QPGALs z^c}iPZ7RO4f)6z)Bzu`!d%FJ4@G`abaGhgYOGs>R^fI;Ae>=V`SUEvBq}{(6A34Ip zX*Jvjt5JKh;3}J)?IkZ$+i-_YD4~rB76&E27w;sRWrQ2rUEwn9Zp<6sXqUC+K@Jct z@j95&W|fMrg1*rMc}v8yc9_s{K!i3T$(6j} z_G$3ZN~6UiQ|?@(#m2$C*o6#;WbdF@$@a`y&d8DZy$&)*+|;)oDdJAfzw~}1Z|%TZ zmGl{g5M8u{IuFH9a^?ebGY@bnb4ddoODp8773wKj1!=RWWouS2*r)b^mWs;e{} za?aiQk$^9uU;toBsmz4gnr*y+`D7nL`Zji#9DsSsf4YR9ZCNwAguna_vwnGB zac;SPrsQJ%!u>I&Wn>9|yyRm2@_WIaWOTVZ`I99V>z9qixjXyil8g1r?Zvs{{6Bt= zSYiD_aV}`L((jR6tY1Eh+#Q%epM=H@ZKZNpq~zyOPW~Tut0>_iKfrP{I1%c|Q8j~R zby%>l`HEs_SHK!!eL+0&jV+6(#n3$k3lkB)?njH}oA2xJ>T>HWht-ZRi`OGUD5OjP zJ71c*y}zibS<$9OGVN{!5J#yu$iQbs>+Y*GH1-ph5yA+eh7JyO#c^f9aVVg?u)h?A zozeA@*)Q%y!7_iaA==s3AScqXuR7=+A`#l*Ky zMKjzJ#tpRG%xE1I!me=$A1s9Mkx?N$Aga&x;%=LC-*&lZPNH5RR|O6YV=#r^@?#->XC; zc6;C)62a4i-MuDr{tS~b&Yyh_-?zaMtN|8(1G;N=)FdywWVGb@vmZ-M2EcGypNO!6 z1wuD&-!9!qi?P)Hv$;PV-?`|Uo2hx&zxVD}w`c1g_AePD+vn}Tg9}Mnq}UDdZ$L!- z!|AxtuVds;U@z%aeY^i^IV#$cpFv6N`eG9i{tosU@MMow7g)($Ps2*^IsW4khg;yc zYq?w`q~hpGuThC+W3p;;sqE3)`{F@F?0HW2RYgs(S3BRkAb{IbfATle%%Inedstm)9hFd6N|)b;5B%sq}BKNPfsBg z4Q9>Ehqli77w|#9#MuE5Q?z)_KmH%%QNW={ge{8uu!^>57^uU>BLs>9n)4cLa~&F0 zf=}-8@>U5{z@r2zbogszU!p#TzIONz@t|w{7MubT((5kq4YpGnIAB&cr~q?O*58-e z0%AY{X^9g+0mKQ+y8zxk+3hAp)xZSx@Ena3SS>`8Y{UuR11}5n{v&S({-k9wROGJ# zkk$UKvR_Be;Z;KTuS{x$ac#W%?+|aFM&y*0*?5x#<1IE^h!hua#l2v;_c(!63=6K| z`hihT{@vdIb6e8iqWO$EBLM%Ct7VPrTl%AYK2Jm*ap5!faqM#Lw$`*qtm+xD_ zFnvBFbOq9s5UK^O z1XYbTegEdm85hEXQ*h&bP{7vrXP0dDZ-<+XrPY&=aIQI2ufgTgEZKR@PZ#2^v9sHivEAPVG_ z0pkU@hUO6ZWtUSOx)3mW0q|AusR_pFDSK(G;<$B6xpq+w$VKhE|KlOh%<6!@vThdl z|3Xcn(k6e~z5*Krv!h(!htX9|F_U55zc>oxM+zeka`gMBJmF@SuWP#RFTMe3oEDbW zclcNicBvax{lgJKDL)1!Q*tYbXD@IX7&E31kN8xbL~cLar)ITwv5 zI!)t=c;g2~Asp+jG9WUDd;wC*s=j~PEHa8{QagWCJN`8K6P%F)yfQ!gKhUF`JxJa| z$lY!n;%vEu&8xoLmycA2SrR8Vl5Tuh<9$)Igl^=VYE&xKWJEVEQQt#>ZuIuC@!rGA z=Y;LW@|mfB4P4%^`BEsSA;fZK^aY&Z?wch)3_{-RK)*{nON-7}ehfmK1X-pnWx_(` z^FrtWXjeT6gvjF=63saTBR~ovrAi39a4+KkG}R&E_y`Pt@V}N!=PC&!z|IKc<(MAE zojQZS=%*;YL=yV|92`XXTLh(rY9`Czl09bly92g30;6cWTMB_QyB6%$0fV<}9laOn zzn6J)yIt%Wrsb%RRKS83NkgQ)wW>Yy%jB|`MG;QRD*6kT@h`kT48Mz@@%r$;S5n+=v;!T1+BlYdX zf+k6I`Jj~TMTx$FCpf0c6O6?z8jmm@IXb+*F-YPI#ZVHsBU10CmX@H8(*9Vl@k+M; zKlqWjWy`%Bq-nCMJMnVrg&rBl?Ba?3CY)%>+$SN^j#-jmmaV}|)0(Tgt5g+Y03KF| zf4>Z{vi1Eb%tF*RsD*Ro{G!(3g>@fc(XiRWg>giAd)3^aKO+yz0ydP?>8Y+pljJ-2;PiY2 zpL-hWI4U+L-O<2Tukm1;l5Jp0PZ_|NwwswCa5Bw{@n|p9rf-k${3oERt=Y^LX$xs` z^dJK3BqDXdi3zm+0hU$kPBa;8C}}XeIN|@ws}vWkxlF`P|L_fFFHO+ElMW_qb4Hwo zhd9k|9s%Ms2XR^mu|rmxUZZ$d6iw6AWldbX+(ZbQbV0838&AIOqb-L6-}C#JCqWg}6Ml1`ZV+ z6PgT$Gwg93@ZU0~;vWm?cdFf+J6?f|Z%QFsY$7{>e_AQJBN-muK&2T_Of0Fz|aZ_ezz3lO3l$56hSsj&(ZI+9o9;nX9gTP7%tdH56u-U@O238ET6zGUTPZU5;IOtOwP)^_P z+zNV=%j1Hdr2G0MKXDt@<0Sf=JB842oO?rG7?x-3BU9K!gkb| zE^oa21idO#bz>t1A~h;wHSi`i%xzx|IXko!4t(0L(4qjI7!I983^?8lItfGMq7ER# zwJ;rUEm0w!Mg-6uwF}SunO$EvdocDr%lHCf9!TZC=i9p65J}mGr)a|kuIN3xVpXe@ zD^?igSheCq#E6vkWvIe+9qk}z8$0>Z`zfK3uzt@h^fNVE=ZbY+KSa04rFtA2y61>7 zK*`LL7x9t4hC99i?ck7-Z;2osssZ04dErT;IfiwWpxnHwh^yptmDW{)9GblLRy8%6 zkC9fXiuldT$Tt?n6;lc8Ws>4G=7P7+X2RG7QkjX-pYxX8ZM7_ue zdW}bExBJ5uQLBLp9ZNax5%z*G8bYhk#9Tr)DKzAt29FEU`=QlFqCaTA#K-!;pLTO( ziTMz}tP~zui;cOlRr<3vTfraqVZ2kBC;S8dAvHih(kb4g<-cmKN6hC`=^n&*Z}!`7 z(sps6&TlN2eTiO-b}zaXYgQQZrHgPVn5$7)jF>f1FBc;PXCIGQ=KK+PFeZ@QOvX&> z(%E7uE~UBd`|#D7`fakj)X%-jzH$7kEE_;w{~tHvLe;{gm*uia^WjQ`M2w_)fjU( zqD9BwGps)#)c^EF#Ki0h6i1heP(L5(euYJSmZDCbPp9i9|HHe-yr40V5%l}~?rw{| z%oeO{(0}%CG2&Bc75IA>Sp4bFfc_YXJ%6bEDC*y}?8ofu%@BMEUo8YX`j~ORP)&ao z*0oF+>%`fFryjT*ieC1(4436{!>>92)6YiuHPZ18zc*()?pV%r{Dq-d$H8?*9!u#< zS^LM8()YEiMMH+GFv|Rst}|V2#?ho~{QwkJ+e^~TlB^c#Ce_e49+PfbikNQp`j7+V&0=E$JFX7JR1hwI2X~GBdACITWrJxOdCBNc(r&SKRgqbiQj}&z9Gf z_VpNf&ER!d0(=gcVf*=uP5b8+w4aQ^Aa4QSPw~h5W^T$D@9rE7@PM?Hp{TRH*oRP( z{oJU}+JZdFydaK0S1<*LEsEy`^eo?HzEv0w`MY z^#W0tcQ8z_EW+6;vxjD{VV3mhHO!Jwa1FC5R3&#c0}9;=*6$@J=PmeD{Ayg(vu8cR z^W{dreGCZF>3z1YC{a|d5DHOU3|KV-SjOP4V%~^4;7|DVI9lJJ(vwF9z*;s z0&0IdwE>NYljBY(0~F2cIT&kt%YfJ$NGrZay>Dq4LSvPwIRHAA&^*2I`LAeNTF5hl zKVH+hz{<3NkmizYtX?y08)J*w__}RlkZthCYq}S|rVT_$muzEpi8cgPYBB?6QUpv< zyL+Quw1F|ej)Q3pH@A=L&hMdHLQ2K_@!k0eyYf2Re%EWJ?Ho%hPv?)g5tuw}>Pl{v*!^ z=ZR|4kZ9n@0q{S5FEk_vz(GjYEr5XSB}s0tMEht$cg**ijUNjA?ep(#fJ`|TgN>{~ zEyP!p-5*BQAf=|yT=8;P>@)C}eaS@D5Rphcq^@XuzvYJv3VJQrNxJ0*V453%EbcCW zev}WUa4nc>UC-?e*Dq1{mC@I^)G7rDsj<-n6e#byhQK-}Jg^Xdp#&?Yv}1jC>EE^o z2Q#B&E2hqeO%G9FS5zQpq*_~vl_9|=VtMfTFsZ+*~Qv6jq>Xx`zx=562Y)LaUDj2#=XoBo9w&HG_1~G|M z`AdArI7MKsV_U)AuxgEdnUBGHvC3p@@3){L^xBXe@7cot2yv@>q6@(5Kt64IlqB4!j zrYtcSXNFI>I5-z5vOr3K8a@aap-cf4f?En^5O5vth#2Cc7$xtoc_8|pKIR-)y z0I)2e2F`76`YNd8weql0ysb*tr$iARhCQ0DVBNNtit}Yv#l8(w_p)YFmnL~(yPS$f zsC%@ndwFqPE~1Vx`H|1USUL&b(`|lCujrVt{@FHPr`zZ_gZ_t*@dWu6`Beh82pQc9 zVQCR&s0jf(x>Wk<-tx&M(sPOCZhlChdHzlf!QRCM!d&j-;qoT#e`3xY_%`OOeYj&F zEUNZ+>yifA-YXu7*xv3)L1gV%e%x1!3>+HH#)**?7GMHZcm%{YS@EaOb?z%l9^bc z%sAragYK`PnUKoP?uDn)wt4SBlmTxUuDtD-zbsas@P(6{5)H82p}h-o zx;7XT`cIM5LWr=e@~sicP~V38M?J}YAjS4@5QR^|m;NQM0Ikq;oNm(172YSURU6-( z)BNN4C~lpoAGbix=CPQV=>k=RNa}rTfgjvJ4+Ex=Bc&uB-b0ZVGgl6M_<9y8k0i(} z{vTmKTIP?Q!o&1fMocSyUgyE|ePc2U`FS0Lxc7!#Z~Qy! zq7x+x^#f`@v_627Cd)XLo<`>(^8mf@WeXT){v$w*qo!1*?buvDt7Bl>Kp(o(JbS(_O`;@w1 zh6tzwBCY=%rKsJyIQl*|3`)0tKvCEuWa@} zK6JJhcI7AnLzW#X5Jb-yX?)AlfgJLxn=$tFgZ#{^@wN9Px3Cgk`^;ZeGUjXtvd?8U zc*}gMZj1X=T^^FnHF!b_aH?{js=M@45#9M$NGS$~3a?Mu$5OVEAJr^tZu%HkL5=Sd zII-0NZbN+$3mKTeQl>?IouStXz;LX-D1KNqp<}h>z9mtPwb7EFDQ+h{l<*qo7o}Ia zqc8q}AugNyovNw!`2`T>G#Axp6}9Zm9im>xjq=ri{!v3~Ik?Y5iRd zK*~##(X+|BuwvnD+nM`PkSOdy_cd4cB-;^Ku|2pQB~Tm@f+)_Z4aK|tozwY!cFWG!_)JAG(j0R?C!1&aSPwGc|@Y zY+vvj&i3N$!({Ts(*Z+IIWuHzt;G;(7@J6l66xDiwtocYQ9870^bV~+hgOvC(AG~3 z+o6+{BUeN^w90m996O}pQrm{ZpIy(PA35vByWf`Fp@CX9dcPWgLPP0(O&GpkJhB0_ z8Y2B#X8J{JIUVXa5QJ!zD2Ndii+~W_LV>icj;LOwN+}JqzD~%yjLtrVl$EQwM^-fg zj@m{Zg1Z5uKy?LgdqW%nEwTd~u>hsO5&Tn{BMvxaSdO?xW{oBR5po3EbsWLHhqY%Q z#sBT^FtaqBi^rww`P%^MSl-}!N#0n5j0kVAT$DHXJ{oTj1e&tEAs`~Wp&&-)4T6a9 zhE^GwH&~@4ZwNY`;SEB{wlZlH-e3{o4L%5OP}BSOw8C=Rm#a&tkWHd-Xzb|fZt2Dx zx*d%%H}P{btbY)i4I9bowGmrS*Cr9KQdvU$UFvwbRoPDs)U<5aiM6qe=~{m&9))Xx z(4g6iNJO^)kO+w5hus2z?I;I=2ZK)Z6i}kA?S=k?6C<69k#O}vfBjS31E8g%mGor) zpnv}?ZsH9fL=d*#Hvt1rI5$YE4^QQYrHm~_zI~M?mRHszJCL>xg8Ee$SMr@6H>3BCylwHRP3oW-cgjAKq{%|=nVfm z%px-y^Z0FR-CENYK`CBPQj2rr@w?Y5oe?+%3a2jbeC)veM?uFC@nB+Y40eo3s_aOhEVph-E-VoEc&)&~4*onobly`)lS5^m zU_eg}(*k(p9Q<15i?*aoFK!DC(-ij|V%vkeo2LDTnxXIhM-&6J-+I1{w|PIr8|i~< zI;8zJ`UfF&@R2zG^+)=Ro3_g3IakP`HcyEY^R2wyn zsOtpBl`Uh7z87SK4Xr~I%Y!3&{k2a<-Jov=YC<+xbLkuwV_O1TL!j3LwOZF9tEPjWfh9ICDJ+n>2_7*HCU)e>$;LQ~Rk#lrkg&=mb z#f|p~nd*3%pOtgG2B86ikpEub5@7&)Q*s_$o<|d(*D=TodOv!?(11>JVRO;BCg=w( zVTO@Crch>4O!k=2TfDHO4q`kv3g*l!b))1G~ORIoPyGIZCSs+yvwFJOS#49M3bBlpbe$X(p4&x! zV5F8Ml9fao6`tE!zH}sbu{~xJ(*X9-;fwWzCEaeb&haJtTv5p(+JSxL8;8e>FtEd1 zGja*+HHXqrgfU>mcAXQ$0c)91X}6}seUk@x{!0`?Y|r^UKN@k**~&|TYh7$P_cXnR zgF^5+uXTG5BicO1H5E4mnK&z|rCoH9khr7IW?KZUJFT>ZJ zGEGBx6nEJydGwY;(;N)Pp@T1Wh&V-sFjcUe(M8d|AOjjK z+}n@VKnRg>l@`>v%v&y4@sbbG`0|rp&rw3OF6WD^3{G=*R+vOR^Vg7HQY)LW7m6U{ zKvv#TCsiw@FwV?i^zk(uO#k~h-de5z59jI5vD%FkP0 z!$AsLfT>#hSZd6pIP9A+%vD9k7H^eWxDg55$J>#w-N5Hl@2 z1K#+KWI+RorD0bz>5lo@YT9Pg^!PvFCms8x8>wG;L5#gWYJsfZBPv#S0@vw_41P>K zkKj@#y08}D<6nV(*&SU_)4ypR#?CCfblU(I`@ogIr2##+p8qY7*yLsv*M*xQtMhky z4mOqeWNt?}6pwoTx5T_LrD~#%_55T1C-nTIX2c0os^-qDISoH_bNUhYOR2(KLJ9rC zAKBD3p8qX~!;ZRKia@|f6wiOZdj4yZn>Wqf={aFTe=0azI8GSHtg+&XV;?lHOo=~* zUsQN5yKpl!&h1u(w_pFxQf&*Wa4skNme%(*;N3E49~rdQFleu3(1#-o+81Te zz5)gL1VK~Xctpv5&K42r@r1}!dJl0hHFCcAD;@#uA&K?^`+@kv*1O+9QG zv^Qi>9@iAo|MLtQzmG7zk!QY#xA%IQ2BDcrIURA;JQ0(QPN6qr`R(!Fam(-OhwQxL z>@u}w7$BHl$8$roo10z)QeM+hKub$u2eh!%{=k_9Wv?L%$u8jNfsg=v(x;`#sgRS zti$O#g@QtaB47q}NZSv5z&mUFoT07Wfa2C(Pq_Uy zx+gyb6HGTt5xdRMG;tI2o&ik$oDrZx;FBUNTQ@N-#fF=>tvl)_4jDdDYBuik2Eb#A$dVG4QTvz_0#U(T_IW&x?_@!B94JQm3Iv+4*Z|q<}%SjlD!_Y(Q z0VSeapW%I@jHRU6+tG)CDD#$!9c-g*Z_)n2zt3Fp@ADyAA%4k-#F<9Gwb6WIacl?m zo0{1M0p^cMtxR2%o0b~GEy_WJLiVD7y+D(<;_;pTw0?uuXCP%pkhtgp)Mda6$j|G4 z)gDU^Ocdu^a+_4GO>RrA%bj(q0_x6JpgEqII2z|YUNSpdwKdyP9buW@p$vj3t6+K$ z`O`KimvPupqb2#08+>woHn~j>tZWOeCY4J;qIE9;fEGXUKeiTd62)Eci@Mu`Z^;x- zQrWEmy8))NBPw-0`KyJ}6F>2DvPdlH`Ck+zJ-C@k04a=gB&sSc$w-j{3TP4;)r&C$ z;}PB**N#SeV?T#hML?2<=O}2h+nt_Y$@5nHmcgBhYlLUt-*7gF?lrDs61Sb0oIOI4 z{m0fD*)7qt6CW<>#@mZ~Hu(5k+Ou~7%TO_3pK5Dx1jfX4uf*NWk^AYYWjr%WeB3u= zqByZ6=Up4E|1F)zMrLiz7VmC4wi8~XakQI6>^i`RldTXsYB4^M(g;t_EvP3iiqKh~hq_8lH5tpNj5LOR5tNx72ffyovHM{5$^wCKt<5!iV&T5x zOZS-JjW&2;VR09#y|GmBqYI0>oylu#akW6n-E!6HQl%6)7+0;f&yC&@*SJXYdQtR3 zFr@@1$ff6X7pA&Svc9uFS+-2r;#uZjWb+>~`7tukk0kV$AC)!+gV;g=YC(X!a*;7Rj1! zG?fZ0jt)dGl(hDT%nuk0cshkP*C+<&qqtX@HzNQw$k`e1@_bl2u+xbu3q!z2cXh=jDz^w>}dSX%xMR$ct8w2bd z2674%A`NXZwJ6<%H?)nHJS@`AhN)lz)eG<25__$+K8KIaOha*h>(Mwyudz~|1uf^> z!{{F>h*am-jNrI1|92gZ!Rl7Y#$sh6ioqixrrGyxstD+D7Or+5qu>H+K*{JRJgPPT zCT!XPAXaVl5wHosPv}(3arEilYiORJ5W=aLuD=(NPrI@SorU+0w}$u+5H9*@;!j_| z&fF9a4G!tJKLr+;L(h&2cE~71@pNuvqusB$ zj1n<4h9y#oNDPgnMPg{k+l*{7JEX|wj9-V8y&Y&Y9X*q}WKiM-hWt}MgfWt{9G0RM zWniY3J}A53d{E@lXwT>IrQl=4@1Mz@i-ids)R2B+tr2Wpd;-=HUzTebhWuZjsDx4_ ztsYsfLh6QKE&Hb82aB8U;pz!DPB4MOAQhYWCWngn5C+cEL|YfJ zg(df*Kl5^Scc{pk+F0Z95sm1$n?psl2RhRxSd47ZpKKKC7+1AcF&7IRUkg~`tMHHe z00)ajok5?97L6M7l!)w762Kfil1CeCQm`PYw)&a$lk;{s3*!U30vW0DD~{j?UOx^2 zqCm&Ev~G<5%;C(%$6@P>bI1CG z2I|b^TIt;xiyPTBbhwK2A{l>8nn>@?5&>rvnH9T)*Z8?2DvUlGn8l}27iN~gY>*IG zh$)=Iht73(=!(MW=r2zfnH}<9$GLaWqNkAmLVf1|oG1VeFncNvz>xqDOc0)p_N2<6 zf0+3&?{khqc5=hG9U{34y{3nYbI1AN#!)iK)WS18DDq?d>sjf%QA*+xUb^X<;qjtRt$IhIP zK6H99PyD!$p0^Vy$iVI!p78c*V1m)V3z~bIAFXcw3*A`F3tw!md7(M^{9Gske1sPc zt&J>dP9bkfZXg&aT__JOveX4(+&t*@_Mn{$AfDjE>{#aJ$tkzKf0@BChDGWEqi*q{6N^bF5Z-H%-uHOh`zAgpf0jZFT zui;gXEY#r%nDw$t>i9#bq@HU@_Tng}jX9=EaI)7l*A$nWu@a5UoatVZiP+OR< z&m$ANhv@4i{Gp)%fG-F@!STnF zJSsTu&Y2YA*9Om|E(lL z$&4f_{~&L~)XZBcDs<)=#gF(i+0Zz*pg}MtwksCqFmt|*vf;M-c9eG+!e<5|CywM? zu!7SFl64e>oloW6Un8(CJiRs^)a+-by!E+Mdhqy6cSkiq@eCeMJnrnZ(eH;)e|%IX z;CiKlVQPHAAEa-VC^FczWoesvxrBe1ii;Z$RGl-o~@9(5@_+m!vlH6htF?EaWk>TJ3A}c>n#f- z$a#knFPo8;`%{@ydMkw{*jFcgf?f=x>MALLhNLuL%8Ax|a5M{;3w|1amC|SFz=BG2 z$aJ}<>0un_WoD|Usog%pYg_H5t^W|15BjUYAwdOeGN|A$P=CBduoYt@zF^oRJ%mC^ z;jtP8r6{_+mSBPCpuc4t(lSjszT>(=Ja$Ny{^5OHVDVP+Pl;@9ogUOGuu!T^kpp`i zBxo1Fnk9{RZHGH7v{ZM#JT(T+wzYyo_8PYD<8vdxPmwU#WwoK&Ye=0`Yf~TpbpIY3 z*Kh)27+SRtC9_kNSs^NURUQCaikDkVl_2^y3+I-b{s(A^e5BX2!7*Oj#TN0_wQM`9 zEn$Z8uLWsM0}zzjUWc98R(H+&m^%AhuHs&fudrua37qy51cN4FC7PRcl~9PB(qtU7 zb(Q|L`-nf%4Qj9*Q?MW_Kg!zS7!M)$KX8oShI#n^&lvv%3hv)I#y@#)!5F{0Vx%!< z-2Q*y7*9vY+5ew0egs7PcaHHR?=BeQ55O>t$Z_j>Q8a6*fc(dxsX3)J9XOmGnvV(G ze+atBsE~WDQBkN6p2fWWAIL0avj6-4Md^PBWA*Q3mhbFcz$}RHH_Y-lXUnA> zBJ&Yala!9!eXz01{hcNm<)bS>^b$kDa{8`h=X*IVR#`3T5Xb_mj4jA5Zp*kTMCEo2 z0W^!Dw9-aJ*-#yn?na2ZXcR+>2nDg)T3Ad$LurK|lx8{LT0rSf5eG%5n9QZC6c1u) z6bi|VQpq*JUr1(VVd=Lxs-ew!Dy-k}?N=<-$9mRREZX=ls3NJ>jXIpn_JX9ES1hw2 z2gYg^uE$$$JdT3oxA1Es$AT83W+Bkw8khRK%X{P60(CYi zpt?YR&Bq)7%HZa2QRXW#NhqNfn68LM;rg_E&Lk0cIRmDK(2_yirVqUG{?lTfa?X)B zHk3AtG2Y3~)pT&2gFL?w@~kUt% z0Ch#r<){jmzofnC6UH#A(DedSi;xE&tc3MmYNi00n7(iz{T%q^F}n^ooAAYeT{bJgF2aPsDt;FB_*^A7?OA6aF8@!nQ3wfYIfpHeT%TZ(U- za|S8uYUvVp7T@Q6}c3haQxShn%Rq#i*te_>j_Lg==WOXbxjoB z`%ukmnS|fehI>!PMk@aKf8OJ7+XV!Rx;jyHY5koWs(-}cL!BFs9uqTp?SAh>07?!4 zNOH&@kAfJ1iJ`v~=OrTfPwkGmZG`+%^%GKGKc*>T{vI?U&HcqYJ?G!U^l zZuZQrbC&+B9V_BF=|AZKhit|D3&4*vADENrox@Y%dE=4yek2PyRT{hl-1 zbMH-)qVNCn{{2XEpP4gf&YW}R%$YMAXEA&$s_AzCpMuAVC(m7@M8C!%&1AAOX{zuS zpPVni*6iLjx%m%zHe(Z7wBJTr)O_;jYPK`knkh)0fYjoq907MK&-X-?v^iCoxt#_L zFbj4OKMQo$R&~}hiEKuL=dNU{8uGS8ZB_I9b;!~3gzdwZuv;37AmQ)ka}{W%gTU$+ zw;mVsB7ii{=UFsgAS=sd{?l*g6XLMTGKU&r!}i0!9w=MSRLkiqZrb#p7om}B*diS2 zzfV#rmD(zt2jjBbzacwS#XkjA%rrlqX?_gO_LS!Tq|~nYlo*N&PnvvcqJN=tRY(3w zGu4b2JsNX4L!7odHloco-tXXLKe{6|9CMjOh|% z^XEP^LAQeUA{omv@@m@t3WZx8Mx^ZP2J~>|RGBZMlDtOg-PO|Ykg^w7K_n_d79sA>xp?u^1k;T!UoqF^zpGZozcq`FfZLaGEJNC8RxCCUp;)~eYzlJY-6mC6Ea zY`FTXxSWdo&=`3^%TV{l72M!00KCZ3)_{yTW6c%s`ogdug$-t5uq9kITGxj!5oNq! ztm`-S{2k^LwD~d~&~<0c4HIxU#nsy|VK_G7x*R#c!;zJ6on^!AFWVSb2DDa~>&^f- zMr{P(-pP(#=Q{Kgwn#NaMT*+Ls%9wOf%MSjxYjCEP(lUB5vKw{GDQr+FdG=;?~7PW z)OLM~A&7`m*MVPlV-^hb_>PIw*12cR$O8;X+o!I_rCi^G#g&F{5z4K ze+q^fBJ9No)7*3+^|QeYPt9wWWKF=xS$XqU$~NSrmi9#f!+FH;Ljfi3yF$*ftXmc- z*(ENl;0s`v12BJEQX7G|oB~(8&ZN<;j7emwj2O#pq zvXWf(JN3Ab^8j;ln`xur$kbMuHF&ALd1dp0^U(SRgM%hq*%WNsx(2p8$UCVOx&TV**C#UU@mT z>E|{T`^lI%adK^{saevfkB^4xR}HhRDC{J+N(PP?&8fjr4?4oGvC@Kd0mb(miuN6^ z^@{clmnf$HLf5RDsp|U-acz4)U^&ngC?urXWwdW|w`c2Ck~kRZ{#tGu7*qF%OH5KX z%=M~58m@Qn?IQyX^CXcp)E055Hq#z)=oDW(;!wsVDh(5?;O9ygq?97T?+DmDXOyZE zRe^}1Ni5{Exsy!R4RXY@Z-9PsGcaTB>czkm8+4st`S&z2S()7nd;WjHeyf@Gy9){h zvl$yibJ~9O170~^8wzgSL~coGcfm1+I&{CvO#4j%^bY`a&7|Xst^$wj49Drh>V5=p zR+pV&_*_c+qrdhFf3eMCCDxMzzWutaSZ{;QW2Ca78DfUkB z{(2lQxOESJC*lSFclqDcFN5FO&}aKYcVO^ekeHt*45qcJ816Q>%h%Sa{?Yx?qss+! zR}-CeF^O(ys>vH0Y+#}VTK02n=dN@jwTbg?LL$;4sU+63{{P7DhL0S-*9Hb%fW-WF z(a=q>EC*RcPR&0E=yrB>I5nTesi?Os7rre%aAaA6)^D7@>aWMghh>uUN<{hpHP?OH z4=ul~DgR;^+xpfs3l_e%5>o?pR%XK#(=biP#2RVmc3@(?O0R=9RS8XuwhKG^Fn67V zR-!G7a*7~_a){mJIHy@VziDSU$GRwrQvo`sVN#1^_~;=0Q>@SXIZfj*PAM?0VG`yl z;alXG%QGNbT)^V+1=Jr{aIMTw;wjEQKL9f{?ic0(Lzem>@?qrXFR7qIkv1~LsYHdC z;%tj44q}Jc-6IK@;+!5$aZ&+8GcnvPpd5a;4LRRr&QE;Kr$f#R=6p|bFci)ik#P5S z2ylB5&fApsT|&;b%sIFp40{H+fBq|hVSLDW0y%87Op=1(YOf9;cd~E~<`4=8GMfSu z4+wBq67C8}*1};n6yOdCaHkS(Mu3CC3~=cHw?E;=1~^=^6qs;qfZK*}0EIjNAdoH=zqXV;K(GjnG7oc%&hGjopeIfsUvZ!+ieK4)6U znZcZ(S+hdUMC4@c3uH}YYKn%X<}DE{ngFJMEn@n4q3}oV0&O7w+aYHya{~F7g`7V! zCy;+d$Z2IxAb+=za~*R6`OP8cGUR0C2`ng8AGi27n2OXqo}Pgvl?0H#C?fy+q41$e zQhpM0#w1DkWyskoNlMhPH{PM;Urt4bc@6XSYen_j?+7?L6>@qJBvTRrv!4Sp-zmE5 zds2o#GV^K;D8EgVOw8WP{PBM>fBGka$uTEb-)C|Ev#ol3Cz4y^s7kTZojeg}H{&}F`}?!lbne3=m;r;<4b z`J8P-&bx0Rr`qMv0%EfJnUMc9^P60L9A8+5938~U5z5ez5=9XCPqd-4YRkP3wH62e z%#(=PX*uj>-&nbdWV!2EZtiOOSMmC74T8zsGt)f7z}2!LS}v8@(_Q&q{KgIo2gP#0X z@kiDg@ybkQtp7F6|Ju+0s`0-j&lS!gtW>yfsaI7Hyr z!&lS-V8h5U)qJE`FB$Iz?bS%d;&ErDeK#w8^Nr0whPw>$%g9GJ?Zq`nwfJdX=oRtf zVd=4KCCTlq9T$GqgrEC`pA+0q)Xdll7Ho7mUiT|t{j5?J2clJhMT#Ae3|&$fQZ75e z{Npp2e(RbJ4@M-`NgfM%3~WbvmF9OLuPT{WWv&Z(T=|H~RhvsB&#i>nWgxC{g!?2L zWc?4y!y$`x?8J_b^`ywOg&l$*8uxnQ{rJ`ip@g^^kMqhHLxU%YcuW{&s{*7_B| zEd82W_eXSgKJ8%sv-l^o;%*CX78OB&W;`lr0OopHXZ<>S4P`;;Yi_mwb1ucN^rJ)D zRetQ$^(*|JWP_CY`6x0qdkQAk>E439Bd!VY-jUAo(X1BxCMsZwWN!%LLw@_n)Y6+R z0MAGh!D{(8v32BWIzbe)T-amxu5@JD97{H(e(v+AW(~y~J_>2bVCPB(;yIqxOOd&& zDQPhtjZARs$J&2*jPG__p)Gw-d(WYOp#hGp!*p5)?%y%rdl9fvhXaGrLzv}yh!#(q zh6#A>lKa1a%a{Z3gV%i$5>hb|2;rU@$OwB;xO1T#WcuTrZVSVdB)xXkUny|?94O23 zZHicyMA`Sa9(seO2S#4w+!WgL6C zT^Bs6xkcxV5Q=VZc-=Nr7j4JdFTZhsva2xXO;%pG^Pc&8EFA27MZ=u(v8k&qyJ4z1 zv~rk1l^~~#yGmfd_-M|8(_FHI>Br$~g{a(R+hO#zTZWnej)DRq40#*mJ3k2sC(tc~ zXWxS|4Snv?!^a8KiY|`AN^@Uz0nMn*MlASHn80mpSBg?0$0VyzQa;fZ-<)x&1+!eb zuu@)J*Y@0jcOrayWS1v5l)dv5uoGMSwehG5m z8b#zR+&1P8ECa0Cg!_=`GH{jfCTL=SVgUCVNvfFO+c z`WgH*Z>*)S@133sw@kyyfBwK_QfU&4Qu z@ehj>(fC(uiHgR*bHn)8)8F`)I=(}8=-R*y2S7aXysaWL<_P>?elBmFbt5B+B!Nw& zp1N$zhuC$FtaMJW@fYVVaN!c`CD#A9m7~D66IsKZCk1NlMn!>5(?_ZMQflT zn(_zdh|NzFGWj3cLc-GLk5?h=tu{|#3}h81f0l&?lG-Xw(iKzGiaVmu^MKTx zK@F3KxnVL%7rxS9o7-lsY)Q@sD9`8K97vv5dU^i#>Hg&D=RhEzN@@%|0%f9%UA5IX z$dJ>?hIIJE495zyrVr@Z3BoKi;f(wBbT^-~t8!MJVu-?a^K8PgJg>=e5?Pk7!9SLUlIS`7+M$n4Yr2lrZHIqQ$ak_3-?Xt5>qy|OMOFe1 zcH6&Q@;6e8M5G0a3LElIms|Nv#5K{0x!E$C1GZv$kta`34}2UIr`{YxQIG}ri=i_D z?6H6(x=V;xKw1lIC}dqf04jM4q9@h#Rs3$i^N^`V%RiLC=0iRLsCT99sr7cCXtyVm zb>z2GGCN#>{2$RQ7v1fHTkfW~>+l=zIzmNkq)Ce7EpbAi%!d3Q@tgFCE7a&leECY0 zxyizD5`@i>6OtIi#eI@n<8!5svqK%Alc`rnU41lpgjv4EkKlXk%y|S zwG`B*!n5pJ7EkEutBGK^Ad`e8XdO?~E=e9A{S(}CpOd(5uFW~__GJP72=kzg=mF5db9&-^-moEiPz=)vs4BW1?qXT*FptFOK?6g2T(9o z>N5etC7kXybCRsV?r5hmq9Vl}9LEO366c&?-wQ*$|tnYW2UXWQ(<3LCF>& zVKMl>D5+%UtB^G(p=9*X)aa=YXlY%)w+55i6?6ct(^#b|Mfpo9dEnA^XE`2>$pgEP zk4IG&t{;p<9tiHEYbAeY)tGDUfqKfyLkPgy`#_`e&OqQ6d`!n0hXIibM%mSfGdymc zT{TX32|DZ7V33>kOal!USNd}(m|zd~tO*tw68`iG4kKX=hw}^u*sGDMG3{TunD(#o zXsL6_hKbhH8BE)Vz-<2v=5;!FyoB!+q~2rI^J2Jv@ZexyWjNSCL7pjp%A^bN1^RAqcS&X~^%RUKWW}ECb&5t*9 z4rxAws~U*4=c}cn8R$vUaZ3XMMyW}7vPJT*j@B>0Q>Ozo;Lri*tq@uM1!7e8*`dU? zMWED>_T}#f)QTGX<2j4Q=^8{eQdM4uxHY$TUy0;(8S*j3$$@!9V7~s8FfWH2+*GsB z+`{k@CIzdeZ-xnxbBQXg{HSgrf`WrpKTCjBi9aJ=6eV6THFD=|8`hy0!iU?~`VJ_? zaUwNP%C@G*kz|Jf7-ZJOU`QO0#344Mmv;%9o8|#t$o3b!$T2s8fP!=*Pj3!L3`eWA zRF8%;t(yo~pu)`qsL|ag+oQ93;<>QO9DZ!_tsOBwbJz&{=SLJ7prYmUFF^MCpC9RrH5WKf=Q9H zgV~ZD#Zj?7R*;BPiEw_ZrCn>D$D?LlKzdcy>QVDGv?aVZ;wJBJ$+5f-h=D=m z@O$W^oWQZf0Uq`i(hxa>(AV)GniV024U_bBKouJap)!N`i z4p(gjO~F#Fe?mGN)=|V#<$nhhtX7(Y(=j+E=Xf-CPI>)xi?CoBs(Hv&GbXC$CP9%{ zr9@xj8f|&ODy0nwmZJMfECf4$_83P~h6tK7<-pc0LO}EF*onvIXh%OQt4VxITRD$V zXQ3V4nELtk`GNbtC{-RD{TN*Y?J3LuCdk}+fO&S2|A5RFy%czNWC@v9bpJ(3Pbb90uVAQd%pimoe6WS}7#_1U4_gk3# z7$FP$juIZ#{eX8ZgrUVkN5X~}dJS3PbdH`IW)Xw1!IAL7p4@D0r$%b?B#Ius2=y{ME(TQ7+7W;1pdTZM|I6qC()V?a@v}r<_y$T2Jit{0N(Z>LZsfWB1u)wA;-{3bb~`+r>jBiOkD4xSoy=Ut`^807&|L|_2okO;S%Tc12rHmSyk$rcTqR()3I9l- z#iEYf=L?g8T-AQNq8z*={TBwoK})uR8_p_1B@6bA!1b7nY<@t=UR3O$)b0w1Z6H zm#*UWWo8Y}xQ%6YP0jlom7LEv&&FLgfqm_$lGod8q?v#hf3={QDAP|fk%MNw$3S=7 zOjk)kGvC%HEW(9y(#*Fx8x4;lZ@ih@I2fHEa{GUzy>Vl2aQqcdws9^#JN0?zz=8!Q zI3N}B$87!kulcZ;d)RrAh$<1mkef7IO4tP%y=T?CA_IEDe0L-9iOv5EhC3rQSz00S z2_i5TuMq=fI?K>M#OPyF6Mo?*)@A+)YQyS&1;j=_$92SwuICL%U!~n6WX|r1=$och zGkzlU{rN#h-|#@6l8Utfp(is|Xgzd5THScc_yeL#qU?5T>}8YlY6sCiozXA=K!a}@ z5&YzMYELte0Z>M)?4N5h)X+3iMPOq{UetT-EE&|==$Nw-S=_sLAhuj{My8L$m#{Z? zLp#ENCcn^Z?2Sl1br$cRlK9Gi{2%A||936~JN;nziA%nY|0k?={4Zd731x8nE$Ux7 zG45BNYm@$sn^j{Q0cOJ~AqaY>GO=+V3{&uZb^=Wzpu^XRfO1w2c3O^0c>)5vo5VR! z5_~BYUZP9%h-}saX8c0+5auI@l7tDo+-NH6$ssr(D=$}#6=+P%HT<%@5)aXf@p5}n zI`Uit#OefMv`(V@=qBf7_VDJbsunVIBQ+Dxt>d@wZVMa*LEYpXJ!i{cDV9(P_kTkU-+*FCz@%Cv zY30y}Z5AI_4q-s@^S9|D4^^c>sIKb%RHyq#GCJJM4k7_+D?hQ*`Q3v2T=^&d~y+k&pQIbCl9yZtX-=O7Qt>0TZ1~Kj@yQIujY;AH(gL4@q zlvuC8`6;vKDZ(Du5>iNO9qr|~^B~5A>Dh{ThVv1XM-ho54qCq0EJ8!vYv%nO^5u`m z=n99?H{kdE+16pFQEL8dOwgLY#^T^*Ni!SA2fKpsVSipedB4 zt1T~wStIFV)CES;MWDNa;&eI1;jE*_>OhZq)Y#4$FPQFtYOGSb$ksO@_e9`L%;6Nj zo)z=2XnxI2reY^wd|BAv4JKnBp|g|Slt^Ay5<~x>2E^L~9rK+`Va$z5S?ZIRo(c?$ znO$;3DrENeL)lGbc7G!hm@UfyST~fJ&fcsdTZe%P5s*4NNEP`mj`6c}BoZD0ksXQp z>0kD}BJ*RO!jZ#@vwO{nbg*OO)O9n?`9i`_nF>d2&AqI+NWPU^^2>$Nu}$ilV;c+Eep! z`}_4l_!}E{eg9eiqUy9eo8D`-WD5Jw5c!elKOeuTPZsx`!ugxZ4<~M&DWs9YIJC-a zA&uhfub4kvuWZIbtaKf>a0{i`kpG#og2P+9Fxe>LqQ5c+b0xXJbo>T0@VVlvv=8}4-`P=f$D9J1PFq1-+otn zjXEao+-6rJY1wuKxQ6OkLvqO6br1^bfbnf_`9Wn!Hh(y#CX2 zLO!k!tKOfDva#M%@Cg>AiM&L2+{;y}Mj|0?lask8JZY%+0QMlXw?rjRYvtUd((dYW z=OP>L&=eDnKElD-EH$r1(;l+=Y*=IJ&qX6?($12y zlonzRykPaZi)_vpqnzx8mFCepo59(L8bBUm;T^U^&$L-Q5h=`dj^(JmIZI6(FqD2-6Q|KLUS)KE)mPWhq-^3m(&2P3k_`Q76y)C@kF3RfW}~GMWLz~@CZSpk%#C({SwX48>_`n{{P1-(7!y5A zz2H^FV=M^vw=QS4+5;g9JAISIx)ECbZVdRb6^Y(6u=lO^_SgU4Qwr%=Bs#^5LJGo} z?F;^g^DdaRgU8ubTM3-B{kBchMXOo`oNSmg9je@n&k#!Ba5ZuA%+!MO9aOe1_ znA8Pm7x2J*O_RBb=T4P%?rCeaqY4x^hN^`&L91(kSyV7AJvPv9Lb8e{aNT_2c?yu~ zhX3qhT0H@ycn>ndVwyGgC}2fr<4+@~2}IH<;vxz+*{$b?Tkqk)uYnhQj&K3}?N-2P zb%Qb+29f)K{`@;!Kz}pj@LZYnWK>aG1zM;pQNu!KiRRzc&2?`NxV&(Rqh=n~=sY!F zD4^zFw>xTvBB!D5?XuLh9ixY&?t}c&#yvXG4@s{7%J?)OLEmu%y}LXj==1`DzU~Ps zXO7N6HA02y^uxQlZJ*#1?)ad47exT?NM>)Gogx0TiS+Lu({BSZUc9&7<`^pUi=RiK zW~z&+`I!8>Z&}1Y4KD`u+P$EDFzvcA38od(QF?zl=dRC1;h#G-ANMG0T%aKttS)Wcsox-R&A#K#I0l^R82$JAz;r`M(`homZx zs!UZLQ=O_jp(gc-nfPydb?OtD%G4*sDrL*iUE#FI75G9w4So586J$)!ixbPSC5!hP zQlk@M$S+iQWZKbw;d7wJ-8P_m((PJs9;3C?2h%wgHRdq*aDLZm{`hEo{CjNvKo95` zm>HWNEr}zNcSL}!EbhU&$8w{!Yy)1XN|>JlZ#Kvu7Td4iN>p;W)(V@;ov4kA@main zKgR*-TAW+I|59PH-@PE6o7UMC;O>P3AIG4e4r@Wq&K(~_3$&nARE`2|n4hCWX<Si34$bKj1PDChrH(Vb`&*Nz<^6n}%8kzZH2`&7-4i_2OTzFfRRGm(F+#N0dJE z(zP};uPu1ffwnl%^BkyuF@RL0TK075=Ji_=D5{4Yk1Ti*M>-T#E2%BBpsv1s7V}to zP5N)Ro~N$f?BoEEXxl>mxVxuae0J`-#mE=_aGryE&a?@qp$TNu*BqNThp=qYG_Z*t zjHKcEv*D?QZlK7_n!PTw)G-d1(!BXgoZi2qoI~8YEeqisBLVkE!ZiX;Y53WXEDy$_ z9uzGvEb17GqF1x%6j#)<^#GLAhZq#)qF-8+8bE;`FSI)L0?`pf^e(&uDez`$9N+fZ zqe~w*<5iid7Tn%|Tx2w-?+~TKX0V33JKzJ-pGQg?4GA~!G*4?=Q&yw*TP~>U$WFVX zUHq`6(H-qi-3%MNAl(7gZbjMFR6C|04eyuDZ#oCOPc`z`q~N4Gw3#)ETxe5Zr} zE%L9w)7Ls%t$~8pmI@_lm3udIentL=D5(lAo7fVVDTPPFo?8i}k|#-!?*4Aww-@vFUYVN5)ga^ydreaWB6a26 znyO#!Nx7|%m}(JQ_e1>bOkYJ4)R~^Y4gNscugOlkYDzXeUkGTISm)ATyBh|Fm~Y?I zhnMd8HVF8-oPWXFv+*ajQ2OUA$xF3Q8Fo!W-&yd$G`B@yJYzXa4Y#mLk^CLxViPi4 z6P?~&$=>1;&EG%(^aUF#u4<^e%CfSJTRZkd3PbMmWsSup@p}v8qJ_{j+rmWaeiK@E z-HonwBF|KN8m*{KH8Ge1wYmnPs)wlRTWW`3B2hno$Rt=+GT({6-X3$V&p(Cclxm`& znI$i-$P-Xaa{!1dMCFe~ulfeXm{y-^ufDho@(#lB8To`?IdPM-+XQ{dJuQIid3`(6VvNb3)xI=3dAF^e6i;m zez<#i(e)S1z9uv4S}KG&9U>BjgnwWv7o&X9{Tm#AG0qIQo~^duKRLMYGctVi<@b>G za)}g|xD1yMxQV|&Yak~0Bf7WhdtA2&o_|5Sukeg}L0!A(4(LAJ;X_}817}V>CB}qM zQ;wd}eD#zNsbCU4r3$kh+1iZjJ=NV`Sn#U~VSUC^`2CvWES5cX@yk zW$EF%yIPQw?n9Yqd!*kVr2ZBCZ`vIdV}=|n{T_f$$y`Mbp_B9ZQMW+)TFLTAUrU&@N;nmd+C)nU|f93%(iHT zN4b~o2>~y}YSEoVrzDqbv!QY%SBAHm`RO~0s=NVhxU(gFr*Ff>Ac3;V;h(La+>N3< zf#V9bS6klEomqq`x*&+6TE}iZeE(G0TdB*_7{1S3c{awT3M8DJI(cPkERweCcr!Iq z(BX$vGBb@|ysPKfB(Iug0=azx+%|?|wQr!K23D_#jU4c0dz|c;DPSPa&BuDcksqx2 zjh^(1_;nx?uijE{wT%-9ZaX1+HA9&CV56f*=Qut)e6P#95 zBptQ_b>lQaWBj8uGo9=Ifn96|kUPU@ILCMFnSK&2r6S><%3(*2PL-LXe?rIR1ii8< zXEh|crRnt8#Jc%ibr?TO^@w9on+yka+_(+nVTXhgtO`OeqM=l;>84U zobWc^#TPeD&%TbH59P!Y=;8R&jq`1Tt+C+#fVlmXA?%6ygziG^%O5PY(K*073p(1# zK+~63Ym8y?9qfrVIc$~?=5XNr+X6N0NWlCW|4CHV@w<|A_L3L9=BRl({gJ*SNzP-H z#qU&$jlP45GV6k_XaCX#YR;@Z_Y&)u&L84l0uf#fydBw&GI)eaZ}6>L>$#Q8tuBi|1zr?{UelL@~=EM6-=-DP#wa^5c@bn(f|($@EF<~~024Ue|$ZJW8B&-}n=ZhpV5;DPQM z%d4FTX7_$Jio*1_zIGCoNzA^z5ZHN97!33>|Dkx2maH`=V3(l$sJ9wtevO0Q!gc#9 z_;-Ir3*<*peTf)`-^B~veTB`l&5D_*IM_T)FJ+~+TFBwj=dRA?U2!uiaW=0@^Lgh8 z5tw(b@is39Lq(&9zxX5DF_=_kZe$sM;RtORYLh)%dkHp2FV8ezT*C`+TuL3c_PDC2 z5m;tpjR#3NdKYaOSYEhGV_iyiK2xL)xj`&b?SFG6;hp^Enpt4*+(j%$Z=e z#aeYFaj&z%St;6I)|r->I+TH1N9-vpGL73?VxQ$8OwiCjdd=lGpb}a9!N*1VVSQ8g zSX~Zfr;>72u}=kVR&l?A`3!>3dF!?_*22`B8HQBW(9X%7x&Ly%TR-2fYKRNsc;Bc7 z0WjjejpkxQKQhbm_9S;sZm8T%E5rwGr?l%gINuOn1;+LRIO3;I=D)6WfPLI&DS?67Dpa;Jw#_jA zC{F`PzpxrvPi~=EgAPlLMhMx4r6eY%(mREnRfA+IxT#10k=)?P;4o#VRL#hl(}%Op z_3Ag*CeELoF7pl8&*m9xJJa`|Bo&5gXhkNG!A4z7p{ojE#v1uqgjKDEC1h+1s3hY8 z>&i(STO#}Um*BTBAF^BwL`zV!b%mEu9#_X@TUoZDZgGHFTm*9!U}Vd?Z+uauAwe zuR4hKt#~uJBs1&4%*t0bqm{%$i(U&5F3EV#nZ{?Y51sG6&B(Pv6hj3?H&Aq=vvcrK zlkQRc7$_oJ)WIA7*OS8hS%R>x1MCMqm6??mX=A5n^>mbx}n!+lK! z)zl=b!D+A3mG+AH@~yDwwH4^dbzMNuE>nR1iJv7}QG`CKtSz*#L2YFlT8N5V3%5fH ziHK_vObSW^*bQrpT;dx+i z$g<`5iAy!0Srf~@ud8aJw6<^EBPzC>g1SW!cZgOtaEq1OeU_wl$6YzWBDo4GkFuoO zSh3y>;EF+~MaPxIm&dqb3aZ5v1)2bKnx4h^=;51hR<>_?ZFBmbhPr#u2hsJ*@|*%n zKPc!7Pk)5TeE?&?#6q~faTy?rMKP(Uy|O+OWIPSTVTW#Z(i8qrp~HADoPlB?S&R`Y z3Na!JT|CCJC(3h*s19Ln}1(hBauXw?>Ua6^2d~ zw9F4X9cF(_8!)si;V#sFVedlJe&G!q2NW$c7r@;RN98FlquBLXgn0C3_SOhzoB08{ zH={qTX2NV65IP4qG)m2WC7D>KrQbpS%>{;JV3sjhuiB-@5yM6+wK|Gufe8Rpjipbd zMKLIYRho~V361U%Ti%mzgT7i7<}j2DVD-*BuWRjdi=1@MsRl3A zYZPa!I=PK{E!$_E;kD$Ct%O$zNBG#U2DQ-oB`{q)T773kux}2PA;rP~I7MW@=Vb)P zcm@V^DW7)KBqJ{#Eh8ObRLl)Hc+Vy-OE&RUv14-H&X}WrKzoIkY{f!70?(gcW?!sS zfax%v4%uB7S~K)%ZL4MDPi?Xtqm?UsZ6=hwUqG-I$=<_bOD=ZFs$;@K$4_bfW(h18 z2{@h&N@6+DCHIG=EkW*{u2PG|a%!YY?hniP2`n$;z_z?-lf?3vOYRSg^@p@l3KsUe zwhHQ!`q|3rE<1r*8~RxEYtVW$uY?}8I|X4!YE?brvp^sLqYfS#Q9U|QlQ_qYbe|S? z5V}w8E71Kd9X`Zl*jhP^@n<}b#G|5-7WSIeSI1g-M9OO6Zx)Icf&!<7dtOjd3rE`I zjcDO`0V&eL9b9sMGD~XVKhIA}-sY|;OFaV4515D8})PiyNK z{In!#TxlsPDKmGyhQSBXo@ENm0kr~r{}`bqJ#W!LWZ%?kz~3mer1h=Db|Zp_G_dLg z0&_Gtn)|JHGdQimgBj`hQ5T)XDLq9@*vs-d(01F=oaB>#!%h((sK+YF5r$iZ8g|ckj zIuZShZiWiXI8@ESWLCe0=(Lg-+1cx|IG>HHk*9)G(}1}R3yRx}YVlZ#%Yhfy*njZu2tM^u>h*LMb#(sp>Wl z!&rm7F0)F1SoR)=bzIla_tDzGon&oYW?`bXN>|%=wKk{#Wr9MJq&Ba$-R27mSgTLy zGNUEI1-PF+C)9qAj^W+vQQm<)xw2=#I)Po9e63AR48O-FO8yQY8mhKsZj^-Qh4FHl zPA%y7Kr4br@bh#d)${m8Cmb_UjF;3^Myem_s&8s? z)i++M)uYl-z2yjaV>triVv-KiG9aFsrX1M?zbr>;g(K>GZj2lCQW(#sH(eyZ$c=O4 z7ex>R^f9a67$;CmG}#P}aHO`~=KPidJw6!;+DZLPG+tqH^U>3>{Ke};c^bcYTF!a~ zooS9$ZYWO#?k(?(MEdP2PtI)fjnGeaWG|Jdr&}Y?fq742uoSFEbii@7mPL(5r z65f;XxkR_JQD5y=YJS#BU-!ra$U8wp_`HJN;DyVyaQxe9!nvtYO0%w^2Ne@a}B1&;%j=W*Wl&cBrTOuDc$ssW^sH9U?8xc{nG)4 z%s`>YH0ri4w_m1O;@6Cee&#aK7=*|;Bhw2usfhH2%njg!9wbCJH@$GfIg}Z#N4Apm znx%88=U%u2sKTW63FrY-VJFs4HD~v-)l$|oWr2yEJ9#Cu-wzbpH}TSqw6Fan;Qtx$ z(~OzQlI?p|4BKGacQUMM#Ek*kcL?jZ+F&mNLJtyse-j5rL_M{QCH8ZpZ$N%0;RpqK zdTIIn<-}NiHCL9B-@n984YqxkVb}ZM+jlDKFCo7Z1~0!$FWyM|J~{#T=fN2h`Avt< zR;-^pY*PEKe}7ZjcRB0d0`-f2n$u=R9b7w!m8O|uv*cuLKh}%JQV@AdvKp$HYH4>J zzh_%?T-gl6H~{)%4d3l*El*aE>U=|t;FPSvC>#nury z*7*EQfp{S6A@MPr?m|kc<$t#c#S{(DgyJ@bCiK@s<&;uvX$N7CZvW0k^m%W*0+#

5Z3zCsZ5ZzPn-{W@PEYPa11!rcpaEw=ORcLnrgg1 zPU!fs!EBzo;-W;_d%QI4itof}W<;uSY9e9lRO4}pgl$rdd&CJHZwTs4oMyJuX}dp{ z;u%Or@>t5(01oB_&bkcv`#fOUhd*Wc!{U!G@B<5C;0vMx>ix;r)&+M|(Z3}iD#aX$ zN|qFo>^C30d_GOvukyJ~G50GUz7Y|(3Zz03G+_m)cvdhW*t-h~!W%~=M?vX^%M*ZA z2^7F)*?4JDIh%2&W{_Ehb=lXwxVC^r9DiDtI05~MRO7h7KMIRJ5%ECqLNhr_5pDoj zZ~zJ9sh&8wqM(6)a=-$oFNhx$>Y#%_Qr!F2&!Bx}_0bv*PnogY5GytX%P3pmg-BQ>VrG==@h_pji~!sAG{q_jVhcgfkMq@r z@gC%rh+!b;FfujoPzC5_(4p*Be~Tei9^j~bEKo9*3n|#fm5HQyeMv|IC=>$(U}APc z0$OvBTPd4Us=dYsR>_2T4lXh})E)IW{)M4(@K5`IGf<05Ats;a6=rA{KWCM-FMl=x z9GW8f^vcGb3`3TUqZC(92H_cbOV>`|m>><8sH?+8xv0L{6tD!d;?)RqB=7&5&iK(F z^%bWcoqQL>TrMGB-I?noBV&}4Z$~WO4$61>ZJQw9>%<8UnE#{l{qA$6!!Rcb~X#kRzCOAaFJjtOJ%n(8Y}sqKG9MJaK=8=Xi`^tV?K*q3QY0`(8$0_#vs z?O!r+(D9(8&zUgW65mLe?RdGy#@7a4_rd}eqE8RbX_=t~A?KicMf$`g0Xs6-AvTD@ z`e*rm9JWL}V({%*`*GW2XNwze&y^c(&jeALGaX~}9N3ZW6KA}@+->}FJ!-1YKFf(_1Gq4W7vr~@a}Bf*Oc7yDU>et$zCrUoNoL<~L0zWn9Lj~P_t5DrRLCk#+a zp(}{Z9R;pnynlOB`v12BGi3tgJsX*Gg6V0>sF0b5s7Y4wHAPHe^Y!_fh@q zWT;C(?HMYQ-Aq;|FRU{R13?ALy(he-97|ejl0T2FkX99t;_%|3P`-nh1ZZNtVjSLzbwxV8Cb4I zPd|?|(kdgPyoDO0v=dCtrF>R_OSYLKJ){GTu6t7AWPJhtts*Rr74>Xb@QZK1P+ zJ`>L;20#8Rj@tl5D0Cm|<9wa)7V63=1kvtzL;>_hosls`z_l}lL+lC=57l1=6#SO4 zwI1ni|4XH;XZ62ciJ3ET^igp#*$V$tkN)?e9;gYk<;80Y1{Ku(s&p0Cm^ZMo0&}&> zQvD5tCHzUdK8pFcyB^_s--YVAzXLVqP-9MA-4#k6Qt0Z!$Xi3i1o=Pj82Ci?XnCgi z=!&2}J;2f9ACm2H56KGq8&6iOfMH~!9B8-E6gyto*cbBoN-7qJcg9j)ew4t-YLt{@ zX}KCfPY!8iu5gdTO|>!9*$_sP{@X^!nLXaq(WHi_*yrn*FfXbif2gSuUVcr&DV+Za@_4fh`+ z4|UjSc@#e?+;4C_%Im#I0*eGI?CL$Q)hk%NKbWvsmKRtmXTzMY zm8GuQ*QLPP3oVge;x??>ubKS>0>da2bLMG4qN2sZEe*GM`4G|7#Ml}8KccU?R;D{~ zhdK513j3DQfPPV+uo9U(RdXRmiA+Mbrba12##JR`47H-tB5a{c1pL&cPW%wjG&x+V zP*G)8p`yyFLuDILsJJq0q2vmL=n?e5dyb+9vS?x6`9+~3#P+md9sS3_>ca^K4_+Vk zB5YD0&Krb2oM%RV1cJFq9Qu&Ko`;|hR1EXfq>byt^b+lO$fRb* z`dwmo$|;0>Ms*84YECs2Wfv7LIvF>M0KM&%HUaAg+X@79nXaALo;ZFeII!M*E|$!p zBX(Nm7K`Z5MwWmEot6YBb(_zy4~0GG_-oAWCj*~dt-=0BH-6DogyI?<2kv9BS@>@l~)_^4LI z;|=wpSK`^!X;#{q?m!*RQ%uY@z6JauniszbTwd!nkV%E+==~)CIi2hYm)WlHmt8Wk zZ8)mHsOv7Xb%40cc7?y}5{a06>SeYoTGA^DFS~?R$c?f+a+z&Zr^Y~+L&c&*xt+9n ze!4x?_$9UvTGbCByml3Yw5JwY*O!1y+*(Rk`qEMlZU|4ex1`(qr|vQ+hztQ#WKLdp z?}F@~!!7Ax7+fVe8@*7lLKfNC-R8Hqd`SLwA+HOD`KwxE7diprKQ?611=Sb}ppN|5 zkPRCr5@W2ESryE(5>;NvbtiUBQZ&EAeE-|fLI8p%Ud?foJm#Ifk$CxFg}A(=5SO>4 zm-o*m95|!K_JDAc-&clBRVh*9e(YI|*I#v)zOTH9{Cn&0m2j6h=2=%9{mHq+cHSo` z8~0!!%;4i&zg*`nY(roElc2>i5iabx-;+MmXIq1nrC^;4_9sh!wCA$a3N`I0?SguQ zQ~S@Vndr;24q!Dh5}{M@?DjR91`^93?34APe4Pc8&9evd5;pW;XMNcB`|`hVm~gN6 zrPo^sF*!gF2Mjwf?{Ud{19niy&F8@C`+L2`_EvLvkO8w)yKuPyJ4RyJHD^v9uBoNj z=l92+Ucz7cIV_THTUX~?EGLBrSrkkw*SrDBu%DR5`KSNIV9wjHA~c45n9dBt&-|Aa zTaov*)xPLO`yi8u2N*41+y}6mTUd;3AIJOp8F8$VVH6|otH+46ILuj>D~|V8a7k2- zEJ>>)A1u3pkROMHaD@U;)7z1uRo*4XPh4|=^)Bw5xnei+2LEwjZZKO! zuL?*4yrCZxg5egSu>ctmyM^VL&JLlMQVM$ilAzE5^j$RDJ+#vYrD^l<&%c!-bk zgoNAJ$~Kn%x>Cf_tpk*qXmK;|AhqgBNMv0(ALaXvfCww;1mssd?7{(wU}Wv)M2wlN>#|q>m-7@>H!I zZs!_vI%_{zb(40r!^4-f%C#9xZ7R))(Tsa1Vu);OuqeiDWPBQpq%;#hdB%y1coiCtpfc$iWR?k?&!@+f{v|`0`Q~J>Ti&S zTbU4f3qMiZMc%>-djQz>&VjV;F2YXNn)=LUM_WyiURrQ2oiXGLS97ILq!{M6oh<&GDB6AYI)Kep%0uF|JF)g^cVdV2Y|O+4Kt1l01!*+FbfnP zTD`{Hl_73F^~+)E_eoL~sWC64D`hl4H5R12Y)Kiw>HWuUfEA9ALY3jpp%n-@mb--z zL>N&a-nSEz;Gylzmu*&PA6SxjWHT$6DHvfd`Q25* z6FhSQo?L8%#~tL!&yVD9lyrXDc{I>!OA7l-VZ8ZKW!BKt0*Q}DY~+q*un{|jJms=7 z@%XNw{5oW^%9xEqi&rLYChRu=8|>Ync=>^v%RaLzZ5bm5#D)UWh_QnGcI7EFdp3>Q zdhk>pam2Y)eNk!Q^G>HThLE|;Z#u)M= zQe5Ot`uS!}iSdL^L@6ofM}uH{m(D;^UQXC1s}Y0iEIYh!*`*>GptGFJ3Pwu>=qz_0 zE;<1=`pz~$*TmDw983Dlx3s8>`&*H!Iu(f2m|bDIB9Z3Ic9P&k+W9#U#X!4?QbY=x zAkwYxgGgm-W8@W3m?A{A7GIZwI(dHqRM}Tjr2G4U5V!13RyeVJ_mcWp#~Q^L`i`G7 z-(o_M0wm@WI8P3R#wpFllu9fbEELK_tGse?r^X(@RPiQfO~r7X)$KX4{+P{fSfBx2tEEQmqy0*nGN86_qMVsf4s zIH!@d9kwxIiu}Xf-rNXh0G;H_*GbGcN6hah31{dZsxSBt#4+$xp33|4kPsJL@lM_+ zhU}r{ZzB*YlsT=^S(U zUT{})dNpd8hJPxDZ6law>RmK)825_ds3eg

+ zYLC~YA${fzEU2TI>{f%ESG|rK6QxJqr$vqVP*)?ddL)jbM>RDxva@Wc{pIwr7o<_&UnOp`*{>nIdsTh4XLyd&YaWDOby1Lq!R3) zTy{Q4=<6|Oud$`wG)(qS5uKYPJb4H}3l;~X^CWIO0nL5|hxas=lGjn&Lk7BsVL*9( zmarFXlDsZ?)iQnZ1pL?}c^&GCZmva*nYKb?;pFw8YI{;%f4)s%oV;c!Oj2I=sC3~e zWN(N0!xhf=@DWSiUQPEAVxo1#=0NVJ7=i&lbXs!)N{IBbvpbqs?FnJed)A7}uZGBc zd$9=nlE(yGI^G33)m}nj@544x8!narg_o@{eKgUruwP+hhD zbgqbqxd)qarFL{Mv2aI+15E7bK;lMsbRaGuJ34Z*qhn3_8A>Zx&(jsxsOS_!b*j-W z1thAjjA6F)TM%5WO&n5zv|6rZs;_$nXf@ygleJ*>GkSmPAD$UXAk<7lHan-OzdVHXD-KLH(Cw`c?}$3 zzH^x?dbk$N4Zi4PSF}Ql8uMjY7W8{(R%p)wHLzo!!?Z>xC{DLqQB`Y8+5B`TU%R(Q zaZx|R3vdX|yq^UgX{dVy8#>Pfzp-FF5pLcBJ24it+1Zbn?HPlhO>C%Z1ERes8eQyK zjK6KjqV(HzN;Cr3nc@pMvzIilGUq=vRQpgqDs~MCL$O5wY}H~Fe>g{TO>9yR~e? z6LQ;`^kMa{X{0G9lD7mB zAs~O|N6!ot5=3D{`@ z3j=&;4G5qCZjc*Od>rFDq_@=)$|VMsjSt4hYz_u`Ye(ekcQj1%_{>#dG-V6#`BaW0uabr0`pU zWCiQFl_iYV!>GR$KOah=;dd%=1M&0cguTMTmNZ@nvUA=8a_wTm4$w8Fb51pMI5}d* zA$gfbPhth5Tm`a~0RcOAZ*!L_SZy`qUUKwgBj*vm2`u7&g!!l#>pyRUD(v2fM0-n| zNB9k4qW}zSn`*e4jSF;A11YXCFYWCVBW!?3-oM5RX(RvWyng6Akab#R8Hm2E39Gh8 zIdj{$;y*;E#8w?klg5aljgEn>eY$e0hgHEY;A7&nY0%CNj;wLZdgaehIk5_+k)~ znSFQuM)hiJDT{tPtusp8E7hbShbPf8Ys&G1wC2#YwBN-GirPqPpht=67B%T`8QIxS znp<_8@1PQYmYkAnFk^oxdA|zno6=U-i|~ed;1S_&pS81T7`X6mx*9ke6$l3IUKtzU zkzJ;RbKbmNO8ZI%Cd?Zy({E%;*R(PyzqjL!CSB-ouJeC$Fe__EJ_d<05x zs2B1l;ePyj-ibC-4h-Q=TwJi#fxyt({4!`%Ji>Q7i8DskV}?CUF6)+r-S-fVqc>PZ z=~H9Dt+H;uSMBUW#OJT}!{>{KqiTC`(?Et`8e#dIV8rL7M_Uw@-SSpT?x4c5>nc#e zQYT1^Cul#Tv6WlzaPu~0=HRNn_=-fIeKPmmj^jUjAUHUaH&4n=T+YhHZd4;chlhQd zIB2C>#JxJMuoiba+?CumN51>Qa^NbzlS?K!-@1v>zmvJmk9G-kx;smqw^0vpr~jqo z!84Yn^gh1@Snz$z;{gowa>Clpc~0*KkjEvz-V}M9%nHh#z+-u|+z5I6=2QPUdE5YY z1#Uv>ULI@_cs^{yVu`pG%H{N^pvG@e_Db3?5u!uWGzuxH7T*7b^zt#qm)CM9x)cdy zIH79aEV!;U>_;yp-*bnSmhbS*!BQUoU@Zg4_l04A-NnL|9C(ZR+fQ%V6!~7p3RV`% z*UTulVfe3rC4n2<*?x&+!ONdmly#b9A(CEQnB`><^}jC`)(X~dz27gORmYFq1g&z^ z1<5Z;)}EpH5NojAV>d{rT_w@_E9r;1tgUa>tb+brS|ePQC>*p@RvS_+jFcd~lzN?5 zg05i`rQVtH^4Q8$f2L;##X9W6pO@?b$c0nEyM(QOT?6~y>yF{+n!9=%+!BqUD|x9> zl`0tKD`n2@k_glpsjF)M{5Gp7DI#Ga5i-Bs2fDRO(gFKL+KaGivW0Hw`OJbstd*Ssr zq_(7=D?Eea8GAjH)lu;9C#4!|zHL&dPAqqFHUa0A~E8>YMq?wx~AbKDWQe!uD4_}Q?W z|AI-kKo#@@9O9*Z`T_Q2{Ren+x&HuTxOAXk;DR_Xf^CmfMG`TM7iX*B7YjcQVZY1zimAw0p1k=g0<2Aw6!mM z5WmG?$O?^__Nw!bM-t)|JG{NQgr%Bp!dKja6u!rIQ0cg=Bs1Q&GE6>Pg91^v{DMTC z>C10XgYQO8k=sV$XK{hu39yh(sdD5rJ+!Rv>d>}mGBl4|^Vbb*Gu+NvaH>zGIKPPj z-Bjaln~_#cJj5k_GD`fsOZ*VFC2r+1QW?vM9UR?X@Sixp=}h8Z_|hu&Q|#Numu79ja=pyq^#W3nh@S37sWwhmF06t+!oT7f9q-^?WsT)m!DHgCB@(Pu4Z$;`@EcqvkI)7SXXu$+G|FnJ`jbEZ5-@+(0ifYP{G(tcC3RUgP; zE7imgWI9d)6xj8S@fW}($`A$&s*P%`X?t@St;gw zHoI$$EPH8>n{}`D+P@FnYrhnu?gbU%F?w^xQN^0GRhg{x|Lg*qk>v z!A!VniO@|oN=&$_<9zsamGSpMsirHT04zVa3D`5Kg+GZAl$?M8=-V++$q5*M?3#$1 z-(dpwOscV9R<@TU7R<^HlEg$y_Lf=MGcD<7eAlomQ@&++Y&8zEG7MW+1|oGqc7Y>1 z%$qRx>B-Ek>yeIhrLG*wnJS$exiN3X+fkoND_+j3z*#Q(?SFay6RS@HTDpmhppZtH zxu5$n6LYJx3*zOKoLs3MB`$dUwN#C)_Rl{t1HXZ6hq-otvTj&h&l>FYU4)x^)>jnn zO{lOegT!!jkYw7{{?X$W-yciCecr>(b(fakR0@s`Lb%ycm;A!=T8Nive`)q_W-u&- z=5ndRl81z{{4lG$;qADbydBp@aL!zDZA0dEd(F4O;Q&4e*R7d|1tU5GC_JmZN9H^U z`6S04;m1MHyYl{dwj$zUbd$7x@Z`=X%}=vSS!699;c zaUk*pR;8^vPSfz7zZ&zY7^`!s2UfW#-(D37El{ zoj3QU5g7@CSYQvQi#?>haErU0=`LU=g{J)^{4hV@5KRNu^xv4POFE~n<`SQNqD!x3 z`k6lcFqh7;$sEme?pD(WUJpPTesVzHnLlAq8s^NzmmPkv=cjf^Lmx)kMCjyQb|Njd zo%SaT7nrsoRgaG-mWA|k>5x^6LpH59d(=$qC0hB{A(>h4V3O^w&j1IgRfxtBj>O)1Vd-J6%!gUYud7m{dNN)dqX!U z>{<%a%gj!Qje#U~i!Sd$`33SWFhf_)=P4s{=EEJgz@Ubi^lTRY?YYvcY#)r+HDbAC z*Iw9v;n~H28S2iVY0$pRSo{Vp^1E98>WZcB$~5icW`IJ0fe)!FfG+ax%Sg4o5xH22 z3#=kRU(-I zC~P8qJ+)9=R}x{Zf!+-EdQ19s?>f=>6*_~#2&F1?H(Q0g#ciSToFWtu$g94-IY0fH z+dXA#WN-Ly@z!2zNx$Z+yia=psH&YH12y^sOR%<~8i-Cd{MAis_^bUj{MDB9tDcIF z*Kin;BD#=eNOTFx``NE?XcH!!W@e4S3TP#~CJMW*r54{t)bW zSHpx6{>dlg%>f)G42E1-xfJ@d;ek&A$-rD$#Qvd2NfY}S;O~&fy$ut#N;TOvX_(P+ z#G~I;>hM*8S5Hl#m2~!k#&Sy|tP5;T8hc)VA!x%4{Sy+RXpSx}`^W7C2%`fb87RNsm-gVHm^kQI$&D^4<;~uAIU>kc7|{=?A^&2df^SB+Wq| zy3P=d{|X;%#u^7$5QIL&OqB1y4$4)B?OIn{9$>aI(f(ZXn8DVl>O3%&bYH!j6S0}9PaX~IZ8z-g7h)XrM$mb>L5FlowLRUYdx(FQBmZE4u@fDO z8rQDQ=LRO^do|PAWMhGys4m!pru{(6O`0ZWL^*j=R%jU-LiAZ3z_6LtPZ!7k z$vpN$vSNLHH^JU7qaGzeqqS25&!HSVj9-ats+5h-ImOcXzgRL=DtatV@8SAG z8tk#PwXo!Ps|S9j&gsOgV<&c|!YZ*$#cV-+F{dCtQtg!)&XUz&VX_MmX>HPRBtUFyIilyxlkjjL7?^APr*2?>{m0%k{-5qQ2VynnWB6y;ccXr@J^Rh>&qn>` zyc7HHH~$ogK>d#F6X{0U-((katYVbV^us}}YI^gFL0R%%)4#<9Z>Q;^LuY7;Q*wG% zUYp0j6!St@ZVrD$I)`=z>sjFl-oR@8NTz+;`*ieDR}d{*fW<|Kv{-Ko^yzfy6XO*! z_lxh7>=uRaPD^bS4Yj%NCq%2;(_7H2688ab4@b7tZs!jmo&0)u}ox3zLT+4mjtf3g-QCtjvxc)H(%FMhT&^TXdg!hbCFZD@} zQ}mea?-XvfvNg;5013dd{NVw7NdPZo@qS(Aw(F$$5*EK4#nCUUTV4N4H$;W%4CV`f zk;D4Yd||rne;^-rx@j0GIHX*9P<#ZBkJz5BjA)wm|k$F@@&##H#-QjNcg^T(zd zuZzETPc_=*cZDC5YI?-e%Qz_*V9gBxm~cdD;gkdfSdfG`JGF3^1O%Ay-9*BHsjJTp z2}28OK>})dEdi0N1rVquq7(_JC87ff;Pq|5(NMP*`gy;{2B}W;w-9KnvB9@K&Og-e zm)3mjIz2tkul4(-HGfyXUs}Hp_WPyvdr!Y#TE9p8O%VD$F4d$_0lBE4TUQ#&e~g3X zSA=R;_LVpEZJAnN15+%?q>h^T=|}UCl1btLNOVe*OBI%DKoZM67MGJmlzR*vkGCj1 zvJ@Sm%+y_H&$|N_rP2lUSivID021up!24ty%5H=}$DhPoVNugJ7p~3oU6z7NxDyC7x5N~f3f zQ_qtjW{XU+MfA>+?qmltNf~2-LbXFD@8n8Z8Sb#8?g$=64vIqAV?Br0xjMQNBVZ;N zk>&t6yVE>?sAx91INh`u-t&Q0d{PI{&R`Wv_M8J+uRvSrve8|+Oh9T~&Zr{F^q>|v z&RT9@S)}|;@dN{+faMT@fO;X0T=w1+7TQwT8NhQ&Pc=$~i1Ixx+3oS5c2H585P<>6 zjX(lqU-4F@-dO`U!U^B+0Fx?`hf{zvxS*x-V&^yZe2L|*J9_LEX1kMJXpIJ;9|oa# z5(ETsbPcf`X>=kEQ@FSds|6?69C~5)t?-3uvt8mctDzTyH+T2>y$kT&Fn#(38Ch_S5h;KLqzKCM^U7u2jiutB(x)85vHN-i8k6^Ovxy3 z!F5|pUCp`N=AeHYf)?ax*ggjft*!)TB_JAWN`pEa`Z2)AqfH*$5umRX=4%-6n`{vO zS!6N$*2f6!r z5>XCT3zJk!f>}aDYH+l<-NY6WgOec^@YI3KD1-0OrG06pl{ zA!x_A5}^CtAkq%r2`OOLtz<<&`%$P=`ITa4Md&BK3yzilZ&cBT72Oi5=q<>sDj=Z7 zE`huZJ58?l9Tr+XjB=6OI-d)YZU}Jk4p^7BAULi-8T_YlZ5!001chW2sNX|92G$tS z$j9ip6ksI*6R~jK++QAY$a}$P4}okC(wBnV0c<+`GuUExUItD=3oOk}#BE)de-s^( z)A)8ma-T6E0h8Bt|H*^9aoDZRcZxy zgKAdINYpg+Uk1e2&CUStKvaTbNC@#;d=Fq)fY9Rkk-z*#IoS%Od9p1EaaNb7+obxf z|AxAd35W+UH^I+tbSz)Aa5 zth)p}pMf&ZjY=(>aGMMCncE+Ka|2hPD@@H3s42Lk5Ax!gTQ98EkZyz?-N|*R0`P{MMc>Jk_xJqTq)J+`%m-vJuM4`-MQj#L_Ph0ezkV-d z&dyk8J;hw(nh9MK8`sUtU`yc!4L`$FeI#)$&P_3?RsQvxR_Lx`u?r^`&{AsQJuO?# zLZMnsihTKbmhrDIIOFU^$ zM`Ca!3aF^5XS*N1!Ex#e~?2|*3{{# zM%n`UM@AcO8sN@EvdWL|Y}5MX3>)}mW}B9jM$Zg6g2Ut4c{J=*7cp8TePHiQ>e<7PTC2zu{h|G45^` z?wz8ZrBqz;3tM{boH5P)|JfpOc?kXcjz$+npkHUp=Tc*^Qx;H(vmR-phC7mgQ!_6d zL;VTPxF!Aw`dq+K^nC-{qX9*kQz-AAV%MJzcWYj($$g+@5?#k>B5Sy0m zvUVi-QDWmE4UC6C$8rRL(|P>iUzroRiF0ft5eo#<)tBSU4ln*TvJTejP5nu7`&A$0 z6|q+L&?yzqI4T~!7Mh`RYN2AN{{a%VGfA+)Pp^Aqs`Y}j!T?Rx-Q)gXk5&-&bb!kP z95(Q{sevH*dw>Jo@)AKU$h#uU15Z$7Dz-LP^XA-lf{Qedpliy2o*q`0joo%)EzKSl z<`sbs@3Rn!^oe^w-dYm%1yM*ZLF$zr8oTD45{3If8eG|(?s`{t_fcY`lq@~JC23Sl zKF#3mMoHKcsjTm4CJ#N>1nFtGjZewhVzr_pVavII085OyI0Kit3FjjkVk=F__ffKCE9-fnZr z&0d$Af%ky%#42LMx)DTVgAo{Eu>6BQi1W8Pz%6KA7#--mdFt5$65WdgglN4eOpiKP z&VFwqew|o|%+W}2{IZYYlWojoL@iOCdRKHXqjSu?L0r^*HcfCK5>4P z;Lwe@$Q_In4lR-@P5qWbtELZ^Lz7B!=*WBlhsGnJkV6IjavjGL{h1Quc9u6R6%aHi zon#+xHGUB{?7p~9GiV}l@$Iz~-YjpZ+@}kvM>8v-n-9k#Q;O%A!G98&_wX-ap~4nL z6?n;}ROn{~{*%aL`7hfX2-7IL7Raa~AiNU?nWnpfPPZ1TNawd+k>6hD7J_U#f6R*f zm~E2zFl`G-+bWhe3Tc`U*w_Q$j*7xf089v@vIGpmwJ>zrN!&o15Vze|NRrL?ma|FFc5X5mM`Kwu~9OC@T5z}xUR z;QeU2WaZ;o?`~k0G*y9Wv058ykfkaWYG_APH}g8fL3bPya-`)uK|Ovd`O&iLA~WcX zY6gDb7vSuGAEqIMqyAo9?0n_`N)DK}p|em~_tL6#-2@Vf?qa&^uycofULV=fkJrl` z{dm1K`MRG)(}VRbsqou4GaAPni&s|<>#)yP=OtfDWc#KAkyl4Xkyp!6fSKnUi8H*a#QdAIi~V!wR5cu%z!vdvhIf-YoA*DDh4V*T zPET3t$1xb0;Z?Xhf!rDG&Rlgj(C)Fh+T!MF zwYkp^(Ht=IPD<@i&DF9wd(x^Ah|*;)S!2d)Shg_MkWqzi(IpT$wM^v?r*8Kjy8Hzm%0EZe^M95zOaE+5 z{&Qo^(zm=>3M1r^c$<#5`-;cgugi|N&8c_Af;VYi@})$}e@7)>1oBgo{*`DtM0-*q z^O0y$s?v^Gz$hNGfDx1(vq5VzKpU;empse9Ryby99YJw;Fxs|8*vgMt2Cn?j=7h-& z?S2mPC@`3ep@ueg7{&e4_dm4F$OPP!6L8a-G@e>9dJhXX98KhW8|xLtL)(UEL2V9g zOL%cOIkcz1E-m2%azfXHuJWV%P@dU!EOUD8#gTRX#d4j0u{HVPMs_}^(9s<;sDAyc z4o;_z@3*ZWMlMtMJCgn{+S3EXo`$lnV@dBLju}jDI#b@2GMEQ^Fb1s3$dq(PQ{freo!Y#jdZH7#5q6xer!(qZeJj49CM$#rBTI{{P~5*k8s&uD~3e zS)l4^NX{*^bz9KZ{kPP&O9^V5#6LY>{L`2#sBsM3W>Vz1`Zz`j$Mp;-8XR@vbgBGs z#C6?Aq6;X8e@AB6g3}9XpzjQ2x#Lx$zFp|Vy_n{W@cH`e3km~G+psT;6qSk6g0UG% zyja04i>=@gV|^=haEP&9_b@*lfK>o$@SQwfnM;#_hL9+k}vH17feTwjRFau+q8jqs|D<3Nw1XiUt-qw z{W)&|*3Q&}TV*kdcqqR^lI|XAmtS~vwI$S3;iU=w;v8D8$(L&)^0>#zuB13Ktz zSx_(uLxI|kpim5P8!LiS{C=f~y#Z3>L!@`NAgQ!k*=*z6khbq9GDUus4d%|Nml)NO z(T-@@#|FLD>G78$isgL?@@pd#h zuA5PCKX}#qRben8jNftp&VVz!{z{{Q*vRuEW7_lOnD%^Y^7)ONJ$cOt>BD)r8$A1T zPJs={S45Ml}S3%OAeuK03J`PS~?1Gvmr7C?Jwb9yi z-*95lh6|8W5zMnLtcxbVgNjBI&Me42B%a++klhf^-nAebct(K_l+|6&jf}g`mE-Pn zt;y#$n!5-Le2oi>S+}jQ*e$439J~c|H?{}0#GFPSM#l!pKyIRzoy9GA z@v-ol=_1r~$AYnjgQx5K6N;_Y4+Cq$^a2K)U8+oNqGejhcCCw@#nh-2yNG!X;o@oP zlIhzfGPH-mON9XW5F;+)jPmn|Qf0;`++8Kco+C4<)dL5G~)`H)i`o>msr&B!N9LzN0S}pA!vlbEb8h@#aOLF8%McW z#H6pmN$?#p7zA$Fe9vPEi<6_3xs( z*rbQy;s<|Lp&c++Vri?u4>`iRCQgq4>(fHn)V*^^o9fdzJ1Th><+CFj`_Gme`_Hx} zpWW!OPpebHuiFOno7~B1&*UZK{@~%i!{m+VGN8ChI9Yu2A-v63p0&KV1yv%?0IQV& zZOK$&)>SNkkH|mXMmcvNKQb!g)J~zb(yLDMt;zhxQrW(#>h@35{&W8>djPz#KtGUAwHAx4P;}!#e*D5X-%Wqv1pE&8H5X^)@ke*TcTNTk@C79X6aDFZocS7mif7!GrDe=b~4@AX@ z`^4ouAr{irXX3#*WL7b=3l)U8+e=M=C3z*Eo8m(X`+U+^@>e3?JsH)wR+4T)k~~eG zi_yAvUig*>TF%gz`VMesQb(n}5yi~&34?xCNO<42JPk$Md7m`ig=$(Wk3u1(<#42g zEbuktEhyI5Dca_q1Yd`Lr0a(Z1|S-q&qGPdde{m7^3y4o#XE7gtA(fZ(EhFN6AwG! z^Ed7jk3ZmZq5H%O5BSXDvn&D5LuS~%f6M8qAH~~GMqyC40Pr^a!D6$$G`=SwZG{#7 z@usT@1sgX^W4Ni&Lf9dIwI4t#8njXkP_(f{?wW%LJ= zIfvl=4pu|(PJ{h=u%~sWUEztzO$WT?fV)e$t)v%8(B=5gYMY|@HM1kJsW(TaAm1#f zAm40FzUh1U3G`Bsuxod47elp5i&%1dShNPzo4Y2)EXK-HQ0d%?c&W@<47Gx!ogt4t ziE{xMjZr?WtU-QbWR!TL93|dpO}_DgP-3GE@-LsXrt}*m-VL4v-jqgMZ@VLX2tIkT zI{W(XkrD0R<%st0*5toG5Ta?{AaK8p%3!tV@lumfn8^Q*m;5R|OO=GtoE9yKX)8<* zJpjIlm6Cr5D-!pjArD4F2WX~5&Fp@J8oyro z6uj?(dgnNx9yiCa&1k^;4m)oeQ=mUtvgq#q3GhIRdaxM{)ZkN$$QGQawEVI0%>OI; zHZwM=AFSH^j~C_tAF0jr{)XZ9g73N4mJb#r4QbViBzH5?mQjrZC1h}}t3ZWZRAh0T z3RyogrN6$M(qG@2T)&Y@zet6^*5CetxdfZh+Jef`M!N(H98E7na9r)*HX@ojh4`rrEu!0@b`?!X3ZGX87*}nsoU3BEfMOA zxPjRWEnuPd>Gg&9pSW*XHD1xKKG&6hjm(&D%EzF*ZU)~@i3}0&wZeRSE{4dJ8$Co` z8CiEsth{+ojJ6r`n)JeDMmP#ZQ=$7UJEqYoZ;a>hB z2zN3{>AK6O{QxQ4#J^-aWDULS-iUk9g30Bfum?j!*&0xy{2sZo+nn}}%DlYbJTc?@ z8j6d?+cu-^&{6VZLEl>>gxm0*Y!jsBhXt}V3?`w=T)Y@SL>!?=cLzco_9=wDmxtX@ zZ%2S46!USX@mw4Nrn*^%%LEXuaH9-gUcyBLQ}(Vgx8lku-y^5oUKrVEf1%uHf1x$` z!bZ+i1UJ1CgJ-=I)rN7o=II=odF%-Vb^U1PYOXo-`#8m}7fbl-n!^1fvnXGQFLlYa zO?Dm0ZXhKOx+79p#`C>E|}F0`81wc)u4j4RC5-vbx#fUr0m zJWSaUi`$Bqmx6K~0^`eDlgm9huK_UJFSTXUj$`rn%Y0jx_fUlhn!40Nu8f73k$BXH z6v)K*ZQJ%5Tk(402g$y(6JJ|#HWKC|;q1hzD-z>-&Q9zI`kl0bP4>zqSNP&DU=SQA zyX~TM%Jib=_A*-A>#hi*Bk*8h;Y!n(x6aAaHR1j8LhXIO3u>QOJSFGhIFNc-Vt&jw z5*A?5Wtm$G?Ad`gq9vELCYO22pN+O6=$kq`3_(u3{$b?=NV9(TnET?vK`u%^$9k@+f?F5{9 zY&O7P5oFEhil)bM2Jar zR13E%73x~-QaYrdQ5>{Jh%UsVWgmUrI|ySzYfxS9sGkijoi&9aM7cjnEK zW~p#QA@s!*Lf$C^+%hVb|R!N7mgZ%XRn3*5s2L+g%m5LzOFf zMcd3oW-s}MxGy`&zIVyN;LLf_dCK(8Qh_7*Zg{gHZ;(uTl2E$Y}LIIa)o? zntWg*X%+0m4!Utax}WXHF^I=(#YcmW*50D<{Vg~$LOVr)D2sQSh;uIy>DdQ zy{}w%?`uuox6$2o3y$l)rh5lFpP_g&V; ze<5m4JXVd2xU0$$cU5b0)dxsiSkl-8oeQT(+s}6)+}sr#>{j2{`>~X2>hkLELW_-K zafN~8AQT6)ttYTbwOXMlc0sl1s-}TywC!zha@%ICPPH}WjohaQzd~Lt z(#a#=H3F~mK<7)Y*BXmwbW24njKzaID0r~Xu{R@Md^f}K$nskomJuy8|4fJ~euOyt zTgQ4W==cf;w2zaRo{>q651@o2N9}P>YqDn}CB{?SxmehZ8Ci||HO}P(f0q~@kCuNb zqz+~n{ka*vOGu2NXBK1e6l!FZp7Rq=CCpFYNB7~np*2%-r>%xRod*HU5_$wvvb*jb zaiY8bV8geHw!A`^*u5DAUHne`PwU^24cy_>b-lb_VbZu+{jvcW-3%{P-Mz?OOON^d zvZI_?{4lN$h|Kfk3?0=(YT0qFNdLd$MIe)+Nm9%5l^h-rj|U2hh`4`WH48u`?x94Y z+^-7CiIVz)FZTu4WK%&o7&Y7E>8{Ah1x2`k9*p*&zU|6=qM#fHw|4ORu1KPw2xGT_ z?(HBUj(=nZ5`g`Sufz#4n&p0se-z&34&L&Da&+^w$kndMwFO1UeJygmD{@Ie5e9sN z@xI(=UAfN{l%t{-fx)F#h4X<1%m@1A{^u;jF5B2QO>Y3@lWIE=wCWGRMz4YAy`a+& zFgmG^@8(R}XZkz%yKJF-_dRv{xBl`)l)xL_7axE#H5HR_si=FAV+B|Oq0Dzn0SdYQ z)#v9(Tm_5hiqQG6={_QBCnJ&Kn2dzZho(c6Raca9K70{$)_VL%qFsm{)nKVWLPL5n zs@0{wGA!&AbO_z?NkhWZzH?A`;@n6-OEQ$q_qET)DQ+HVqpFB z#`i&O)|YUhlj|@T7g{Wx*oW(R(1r(`}q0}{qprA3Ufj%xI%=s%y8g}HoGjD{X! zj~DO=>!_O-+nz3Fo35ii-I{!Qvu4}LUyQKrJHq=CYVj1c${vdw!&w2!8LMx>?a z0EUOlIiw6=UIynknECy~way=2&WTL;=v-bM;Y_W=d)cnbtd-vLJCWA(e*UIB9-Siq zbM={cL~?o*6fc4Y9;rI{D{n7lbk^;ycwVeHVwJv)W&a&%qfu~xJJLYspZXO)57apY zKzBFPhRJLiC1f>$t&Wq828uzwV&W;nw+KB&V&^Tno}q6NZZF_w_w)9DGagvEx3LDW zc4wU*P*{Qo{bp;TEe8ely@R>y7O;L~%E1>7x|5xPWp}c}{$0es-N_r}Q}1`PGZ4&6 z+@on+y9i#FDFuR6i(7aQox!RN@e;h<1gY=28(sQp_En8x&dspOYP^|TP~|!Y^i3(D zZzj2Sm!;Y73(z${MwlU!q!?bOC0U(k{LQ9*1w&_UJ(=(_qk zREhcwHRpSH;|Ln6BCxNaV3>freB_kcug;u(B{)K9Dz33gX9)2cv#QOZtb!UOQiu~1 zf*+%bB2j}+Z3EoHtI%uQH{LUYQtfe{cpL!#&nDZ`rZUlTC4t~S9R6=lcfFT3TPH51 z0QfXBI??j2Si*-26SmR&j>0Nq3KQ(M8(*U9HE9T3jx@AmB10V^g|s7h#(+Jc`{GjZ zC{waSKjfWU$59li2(ndHY_@3Tdk)D(7!ivK2zHj1S!51AiK4YqiT7nxhlyGQS-3Nm zeazg{$jtl2X=;=9mB;tvow~hHR(U5GZ$Y1lyf`+`?lhPFPc-soH)aNpKrAc?Zj=p+ zH=~O)gw0CX?B;-Dc0w0QHd}zRQKbnWW;C0{(}W1Yp(vAXS_u%mr-@`Dm|O}w zA(dJe&Cr5Ej~7u!U`2>W?C=RZITjE8#qyGv-`^WyPFMaacH4k ze67PTdKuD+r-OahkHxSdbRr(Fn*U!?rD>5lRuQzss6$W4PD>2PDFtk2d7 zx{kF^WPOI~>&vOjP%F}`ZyRN|xBCz725)RT^HFKAF9nXMd*|SEU)Vj1&v=gyF8k@hK5XRfnzMi*rf`vdMzPx1%sQsZEN+ z3nv3ALgkEVhyxtsAm>b(m-!)5bapAv1pXW^GBc@F{#}G_oPx_}9SA6pmeCG}{ibe3 z{Z16*f+1BfVg6{%2S>p5cklu-b*Wrwi|$AEYxTSLX~UiHMrIM9G(*7lo~|B-fE)hE zmq}f#Z>fA4j9`iktSNV{>e%Mqx7mGW<;lFF<(=R`DcaO$9-Z}`BrLUc({rlO|Gj}4 zn2kEvxCSjGE{HrcvY#kd14ZS_kEg)Q;)hv$P>Va?oZ08Uole8}MjR7ogo^ zKC89u%$`gITo8Rju&=K@+d!kN(A&6D*?Y|{*sDpH8V!ind0lYFEV25Va9=!rP?JsehcbbNYn0Z&6%>V8nUL3KW&d9 zwy9bXl?<&K_C0YB^r$P@Z=S|VJ5cO`n0GkDB!tmOFQ5CkC&35JnjgbD491$TOVf@uJ%_VDrwx&4_ zYwDYjHLIa#3VYyL(>*O@&9(cGimof~e$uk$#qI)Z7mhzlp@Xd5ESzCr#5>jPW)aQhv=n)OUHO0Q*f}pCkzJvYACx zM3#=+UHZE{`Mp$Y`u$XKnraeZ)HRh~6gou(1B0h#)0hWl11>7bP%`@H_oQM;&X~;)4 zT#>Je2HzwkeSBbWL>BEKf~11#Hc<4NGhW0D?oKr<%!B4q=NCeJ<_pOCMVJTk@AJ-C zi@fGAZxn7f)GuePbPgp%uT9s(6?S#iAauKDuGO|#@0R9COMg_LK}S)Mn%^E9YOkkj zt$!lkMEH+o_Htxzq7ie^n}gGMiZs1R*gJryoeFh(R0XaAxj9Tk4~1;{Dp_dv9u=~8 zAF|%gJ(&mgjs~s8N6=Fgwv>AA$Fn?Fs(&e_Zy%sUBPhbn_r zTB)=+)&8yj>`I1EuV_^Y^+aQP*uvo+yV`15-<+?!GQ9)M2sT+;rW_5jN z^!NF~Hk;WO!K(Dw{1;wu zvN|^wvx&!Z(3Q>*Z`$|*->D!th(;@d41xu2AVX8oST!TP1UB9be|6Jg^X3k2tZC@y zMSNojO^*yA)n=D-Y>93YjP(o5EQ<7|>$mqFQR)2cAjrk_(OZcWr|ZWgGPULNMH;i2 z@s!*2QvQJ|_@_`%5;+UXJQaT9@`MK7ps?-R4{eJJQ4U^_$Sg%}qV+bG>CV*pu9mgj zskWG?+W|J6If%2c2!5AV`Q&tH=FE0EVr4*yY^H%yWU-c=pnn}DEUWe`LyvTf#V3ke z7fuu(pAZ_qG13qwihF)eEc+SKN=EyapSR&tQ zwYnS5k;2x9bvK-6Ka~&Uv7IL_ent9xlECJWyoEo_ zY?8uB)R1&M;vXR$oqWQZ1pZ5fKKp($l!te=Wjd(6{b!|Rp|;XeXnWt$_I;~*0U%@o zwdTo`%gPGG)sbUTkC}Qkaa}4UF!A~>$vY_f=6pdqMY9c;l3S`)SW;4wKY-u%;%%8t5 z1eGLo^HHLiYio$qm8CCrD1MCinY2)9ycPv^_B}Y{)qboh3o(18qu9O@s@6RBvE zRH8A}0b)_Q>!XFjLCw11pyrnh>NAAbgAZyEP7$X*VpiOB_P1C!&ff+K^2@5p$Z52s z!|*i(fPg4{t`ftLsBsv6Pt0~k`y7!wuk*2hPZzYfL{$&eF`P2^(HzJ{5HOJSEcHI+ z3*=G_PENSYnO-VANMy8%6HcoN820)5OVTM83qGlE`5Qv)wS$C*eucFy*`EXIh@fC{ z#N}`6;)IIeJS?qQ?1!UZhN*bBdbU_$=m16>87pXTx-t@4;C-4bA>Xn$Cbxd0uxwWO4 z>a^oS5~`nnWF!GYi+;X3R?@FpkXrrxsPjS&nd&oqXz43#qdU`wo&(wlkUuPnypDpX zyS0_W9VSP7s~xLior&Va{DR2)kH&{%;ICV;CIs!_&&U`s!ljJ<5r?XmDe0yB6Y5%i ziLU)?NTyN(V!KV@rZLh_jQ@Z-r`UyJs#!03MMf?$H&rPW zcUTPp?-W4Xpj{)b!S$x75pzJzhD^HRqF1=s=N6~=EG-T(K0R+OBHB1 zmL7%+b?!fe4|#ztJ>pOE36f&iF4X#`LOMD#W?d+u&)Ne*30NYs18P5%l$J?QXdM0# z*?JDdu;1u6UF=R|b!WQpuM&#CKqw{)p|nCtLd}7%nJJNzn^lJlLa?+|m~>C4*O$(L zH8ayNtpY*=te0NOKM)XxjG^xP1lTQ1G&g_A8l#+`En1N+1jj&C1sdcng%$=h5Wa=9 zFb#+s4yUb@YYP~$Vi}R0EV|ArlZlx;N=Dqqv1&`{mq91W8tkNxtS#S)L zeNZm~i^{|D+AiEX6p3F;O^C!D#|av$4V+S-i`Iiy)K-LcLB`VYGlWV){Pa>5L;rt^ z*++?y#as$ZMkglUp zW8%3QJm?&Yi2KD4t!cN^f+^vBS##IP3CYNL6&{hFf=!haiCn`Nx6zRsGw;{59rUhX zBNWp0Xa255_`DNGT{@`fx|56b&m#VTU2lN$ke}8eLU(JO>ocq|_ik+{SjT*X#DQR? z8Yo!Fb}SckVeFj9wsK1q@a!&gjVwtgJCNOh*c$f3MzY(@OH|?jqxXGW8)@Ka7yxz1 zyEAn_v$k?7f(gCpt_{3sqOBT9X)`8q*`8|W_|3h>bNK+raGWREx1mr^)V5r1h!1HaJ>t^5EibLUtFfb zLPABVbNbf4t{^1NPiOz1hiF1#jvk{0H^+(xAB!N6>dfC7&n4H@(P{NhV{qO=5R#0Se|6T zxZGn7f-b^XsGw-#bGJ{0EmfeU?hG${KxaW%iMa4*w*(vX*QqYsn}%Prunu3i89*|J zLw7T$x>!1JD3}yt8G((M=XQrY4q$wqE)b-cPD~Cf0@)@oqWkEjxMBuDtB@yJV>lC2 z$w97;T0Z@|8YdMtK%v?r4sKd`6;3NKx%F!Pi`$l2^Nl+z6Ui0X%rroPfvS~1!v6+yi&tt=#=bB$MJ?@ixXnVoT!k9sST41lDU3KEITA*d&Q#s7YuT2WW$ zeXh>uL@Nh*EVzhzi%f~bW#sOpD(#$&ON(PY3mwH;X5sp<;2I!)0Tr7EhrbFOAR~D> z{@0?;BEArqnkXyFws*IoMlQK{3D=SF~bY>h_pZ>g???!RMfcG!y zQ7rHuW?Pz!(`=&>mrgE7HaIPKP+=N^VKAAo>IMe}f9ulHOJ%s*16L9!5eNAsATm)j zMIr-qiJJ_7oXDJI(}v!X(VRYno9&HI!>*KG${`4D3d3I_1hiTao?#5Ws20~!XkxM_ zk@;>&G>Q9Vx=_XU=qvcpm{3uVK7}j@JF25&wnujG^NfY=NJt`rT(W-y7*TRSW=IfQ zlmQX%?K^}AR4RfS@sG!!2B{4GBjw1a*}}1aHv%@saXiW62q+c7O8f)Cg`;tcLM2F7+eSx^Z0E!gniVmHf&<*@0i96Pd@t{%!&t_fWN^_y4e2DNS4~-{y^*zsMpLk(=>;3)3V!Q-do}MODr&ETX;*M0g8p<1a$K zJcy%m9xnv91=$tBi7XV)!b+-S9m*`WF8^5g;yW=GQ*bYUMCH;3Z9fP7CpB_54NY;= zMesybv7&ztyLv>0{DxXnmE>Q;-XLa}g8#ay^veQZv~irhfe<{6?9~>-(VfAyn^L;226H!-ujIp#Ks*-yAp8|k2Qbvy^A z*Dcu7w{4h!SzC>8U;haIS`3MxuHD~-9<~glxVS{4{~Ak+E@XN)c4Ma!|3P55q?!E# zS{a_1y{!z0xS73)@bF*sAJLZaG=?Q~qxZbbi=`tIOm3A-Mka!PA>McmfPi$(7zI`( z&mnnn2TCL!66nT$37%ryHDjvCQWG9w3?bPpR{*I3|19P8{#O8DBVh(x0utj>x{xXT z#Rd4l)om!VYbQj6A%n|jtB~+JhtmvSV7lylzyx#>dl_zy!fa5AwXx8YoJ@(QvJc&kHY$`G0YGy2u!n_wJTzL_ z^AQwKLbOdsoe7Uf6fKEE8Oeu>7|eKUL>NyF+Y;21{N7mB1BPwmQfwWU)IHzWhgM)vk$B_lOn(!vYK+EJ9Pgv$%<=644n&Zek0Fw4c-T56@B zXOF#a+tW8dTtg#u<`_om-0eZWzRota{KRB)qJ_d?LlovJx6MRX;X{O)&5@5t%vTl^ z5%b-DJU`pU3*&vj5D_ih?4XN5T>L4xUuC+x3?n;ZEjrf^3A_NU%XJ)?vjmT%$<>=b zKrVqgR!pS~yM!?R0RB`2M~m%E8Zx-$K&^uXHQ5PexE2ZGB6M7nTJhW{bMek^0!zST zYJavmc$wokgeoD;nrNOVFa(M4G*?Wo(QLHK<lC_JB2U zVMO%A*HOm4yOB$-;q6ClH+!_D8jgocwO%0Eiwk@Zcaoap6?(7E%D%3Zdi3kd`h_YL zK&B@JY%&c#ji!c=ZsGvj+$*iQ*;8{vT)V4!kc8?@J!Y4qae|DSQ$@bRe}J)sDAxpB zWgrm|Tu0Bofr`a9^I@%kyXMF^Zq&)tq7+G-TDI2SYi&NUFNp1Uc_A8<;$R={{NrTM z{9*@T8O~N!A)-(bI9f?R`zKDWO3c3&>8v()PF3@d7b1jPiv(@w->#i|KOSjkw6s&T zPo3Pl-3W2H1ZeWiSJjGVvD^FA)QT5IiE`-z=djvW3iCNph;rT`*VrZ4+fL_FgqBTJ z3Hgv?S*7Y8?9f|S5a+2EN8mT0c?#EbkzSM^-ibdp`%t>OGW#jU;QdWriA>*C|nfDkhFh#~K-ok4*dWZeE6Y77NS zj@yr@Fb{9s-tpmral48fEEu<2Pb@!fe~C_lx+{ug&`r}a8!P9>V;hH; zb6Ld{HivS)WV;VU&Y#;W(vC(-ha=~`AZBlAIbRTkI8#JOZWZ=}yHL(&^bIDRp-f`; z=MXZ{CsQjdAig0 zsk&A$qu5c`>o=r1T>AN)AODATZy;F96qo(D#YTv-Mu@UMl5B5a4c<+gtrC~gt@CMS zheSq{H4-bt1M%SIAw`gvyINZ=bf39~I_)pkryNn(yMf?~@dQvyC>HNJ-n@iQEERp% z-TRfXu2-{^?HeEs;6hbMncVm0Hl~PL8C15;BmGo>?6M;@_MozLq?IjT$0=h3i(ogK z<-NjeD#cEgDEhjiMS2e1o!#6g?uA2XoC#CsO$by^*$9P2YGi&8))>$HQp4bKUxt=( zD!Mf~HF5H|0<6!8mYO&@W$%C|bI7%+K3m+|es}_@;36l4`T(o4GCijjU5T(AE-?_# zyRv{rMn%n&-hb=(#kV#{uKF5XdDIWw*{IW;cYsMnaIeJ&WWqB2-ugwZ)r&@e{}$U` zknEF-kKBHV`7Ez1!Qa)YxJzz~zc2;{g9@mHlXkS;M`4hol8ups*AfTHx!!!X+Le*x zllaKLp4h+o^~A}m^av%7C?;Ah_7IK=!9`eU5rRiuOpm$i+EF%_tZ`O51u z_U_~zgqTa-fy_K-0dJ{mlNXZCY`nvs-WN*R2}GEetLi}`&8Un2?6i${+kt}e#baKL z9oV3p<@slu#8Y0)q90oJK->I+2sS_jDLe8hhe|BGYRE49;><@R)2=?xZZ=nUipR7t zI7DkL)OizfzIl`lAHjnoJYH=;Ya4tLeG^_$91PcNvYCrzs8Tv+FEo366fi|pX1B|{ z-~4GYuToqr6-Ir8E&9znxm#G*d<n9T%ON^b1Xr8)>h0zgH)& z$ja}VrRdEV-xHIo6Pam9B&CH7Hgdw5piJTJNQJX05#yu4eU!$lCmhhqZCe`C&}YKN z>;)f9sC7sBp32;e8pGoX0fkI1t0a`-RvaGe6)4?ozI=$i{|LOt^#-yhgEZDH%d;1l zlRgGgxnZHh0lQa0;Eb9Tuy@AJBrCRuVLryOIGY0%yz;|Jm;=cd%G?nQyaS3O-b4(f z*HdI%%79c6Y&k%3MfKR$EXMuj#huuilg@?awq5b9$Xn|WBL6ey$z=zA$l$Zfk01a(K97e*~)C-TUqs-K~4afH)MnxWb+Ko2sq@KUuRr z(x-6CU2=(A^rc{A&NG$N@OpQLuok~5R>B|r z@dJ`S?PzSL3CD^sh(c?w;lgHobMH9+y8D>n88!`MXXD+qrUA5Vr$z$|{ape5S`jqi zpL7!+7d#Wcx|99*7f>P7jRUmIQ}GF821LGR(!CYyYu(_Moi&^O1)OwC0At4PZ~IJc z(_Hiii)dR2TxkK2-TbQ17va=DO|PrXHmzSy@d}^5a2|IpQZ+>NYZs#0cLz|;O}lO+ zuw0Wt7>oeSPb=Sq-CF;lL>r6&dbXbPE1ErsOYrf)Q~r z$`&+syD-&1l3@_-a!v0ikO722)R{8?`MFUO-Z0~UL9THy-adXo=k$9RKOrhWyu{=tRYKK(B2Ym^gWQ zqD^Dkd|c4IpLhEJ=(U9WHO=eawfz`Cllq{Bz3I4i0X`4#R^ak6fyk0%;`7l70#}~<+ zyqys>UN*)|3Ku)#7ht$BN0hxgcToXF*{QdhAEWuO4OMs7bVP48|D@zl7sieXx?3zb z6)@)yX3EyXCy=If;&+Ksn3(7R&vPOP(DjhtmKo6`SS{Y%F~6Zi;^m<_!Wj|Bui2ha zTJ0zjXsP)h2S=V3LzH@~Bks(jbmT@TNM2c9l7-uehott9BCc>T`1z^4w0rNWt<_`*{2YBMY$UTWIb%alqV0E$BupaaMv5qRT2;F5) zfI6_VuggaZVG$6z2fvUwD%nQ`J;}B9%XeX1O_gD<4PkRi3 zgu2rAQxVA1KFsY2;Rq;$oYP<)JzVJklSmu7fOwQMi9S(g`~ zA1g%YZwV_M?>?P&IWm%fGSn_AXV&$x+ND^LtlGm1h@8w(cTi|z{to9w<=PU1CR=q2 z-ZI#5J?SfMO?u@S;d!|9x>>{4*ZZLbP?LOTT(6gu%~4;stG<3q^>sV-^`e-*{#U5! z!4FpHuz>LCCjcT)BYX-#G~_1+Q}x_%CygmHY+#XXsj8>DW|672%=kt$$ueVpDg9r} zp?z_v&O;M5PgO55%-RxHIjR0HxKysO(-TLgC5zqXNM0Ba!oUqKZ#qtnn~qOKIxUx4 z9TZ8hg!yPR$q@$h^&Y4b`62Ak9wxLyk2;lp-qs-9i0sglFNR>|J23kwm>v)f|3&Q3 zJNprSu^n2^3L@6l4&4RifHA}fOlXHb1^7s`c4#-(+LwM6Dw5HXI9xk){ z=&#-a495=bJ_NM$Lp!uE?5vDs3_;kTvFHf2#X@Sw=eF`{hM_i;H^Z~7*ZgeoKE3G8 z!*Kd^!Vu7~XU&b=@Z_?_V%?&updEXB=1gx(Vjh>%@8+?e4&H^meSO-ZM%tn~X^XDA z%hj{$_iZ;;F!7I29F<^;X306mrUj(-#ao6VbdOfD_x zypY5!&DGaLEX^!Tq7u8e00%pN#@s1AX`h>4hsSNh`g0$;HfbF!357u zF;dlTeld4l2g^s|V}njHjzWB1i65FQ73GOuuqlcM=~u5H@ z+sy-ojf!s+-k$i%1(mwzTYM+HNhi3IH zM0)5%ng=($>#TDZ$TJ?6y4kkrl`jGc&0wJoi8V7`k@-W&BV6)x4!+o1ia>bhkL~=B zldYq!4oL}=CMrrjXtoEwCvpmKN+Jk?NDjx z;XE6;&Lt5FZfs`s&Q7J!chG%iBhnE}DY_;x*(}q0>81}TyM8mGtWjdC`%tW4R@nS= zV9SWHy7?MSb@jzwpSXLOz12!#nPV?7<47VWTtm|L$ty$pI#JzG7}nHf9(X>Kis!|r z1`9gh6{!FP?4 z%)Y}JtdslFWJ#+)>K2&H77k16PG0O2Fy#*$7ug6S(e_iK(ZcAgy$G>sp4k%{TR@{T zFwG&2j+4$tCke!YViLOX~rVp)ND?9WpcCKQ>W3bWefD9W>DG4o~yT_-$rn zS(nvgL%5Se_(C=2=#^u5(PcuBys92(W}KEfN;?qCfpKbp=D~Fj;19{<0E$j%@N{8} z)ZH+@k0(UIn4f=*;LIb%?m|WWwsRPf4;lGifa6v2R0RM74H8jr6WE2E1X@F=qG79t zzg|(S9`=wnWxdq=6VVB@-(_xiCX_3^To!WG_Lj(1s4Ax6z?!IvPlhn!RD^ms0&D5z zJ6lFkY@u3@B!i-`_b}{bsbi{$h@PDxZBP6Or&Hz0IrsYl>0DyrBt0rfACNE+4Cajuz`&HL7YJ@YS+3soCd!}XY zoR(eDU9~s#Peu2Xy{q{*g&(kalE774ls$FtTBeTY7k||82maREzYY95E&GMNQ>pBf zy{C6nn49|1M~Ul&&%HZ-)e=9@4J%2ySk;cG;Nm7Rjwm>5cNN1vAZt}O+@8PC#k z2_H$oEB81@YcSt~O2m{6D}r!bZIBZM#5Xi71iwfMlh`1`a8-><=Uxv+oj;_Y$#A7w@WlM0?YpuE%vzG2!df9PHdH%()IZ1@e~%?0m8O zy~gqFgkL8mO?fAOXRQ_a!=@XRKaNF`gKIzX7i*7o{1iE4tlH<2c*f^a9`goENfc*P z_VS3ux8c%fRT=u+RF*zJ88#KxVdIUb!WjZEq{8XXkAw;$Dx?o7kne8bIS=$2-QSm_ zF46rdvGw_~^0Ag^m5`771zoxr)rDeUNmD{VhEJM@v0zY^G*h07lSUMj6ApB~&MNz% zBx4NeUqqU43`N$L%hG328Tu?h`tZiW3y4Sgu6|j_8cM;JpB+|L%d>wx30d67=>Gg# z(GMkb!)3*Npbjy`<9W|$AEs*`xCuh+$<=x30}il6?1`~s*+kjZ-5?qp_#)YgFvfRm z;D+pR`nql~{q`y&JtgG#35@_@IR=YpvOk_%9PF$G`{QwFpfYjUK`zbh_kl?13wKw< zbYc$B;ydOqLCP@sKM>*nv5Hnc@ujZBb`5p-uNME+B({THYiIyAG(=uAmKA(C=q9~7 z-}L|+AbBg5oL0BpL;?&Nt!D58g*?cJ3G5mji-?l3$_DC|)(FbDA-Kpxp@YZ&D40dh zaTMyQfV)A8Z;e=Zi+U@m+mEz<%aRk}0O)&W&UomA4SMbvk})pmJcx3z3#KM^cl%L9 z-pg$8Q9o&l^OKH8xXzEwKTGez%{@#14!PD{Bv&A-_#ho+95jFgOGr*{mt5|Fzl^sh z5e(U9oSbKCif-olj3;Dx)aXPuCnH0S)M2@bei`UXI?pzRht4D~Hgeo}VgCo<4A9=|8%I7Mkd+M7v7ke9N~?l*^{xXen%N(oF{RzLFY zhG07+TRC&PVg9H-_yEFyXzME|UQ9C}ron7WvmFR@`6-SeOYmr>J=;uc9#W@njZkO6 z9XJ#Zmu?pZ40e&>z+vWO+XH{{iNv>u2?0wE6Aq+iURdSN5jyXs0Exqh!~}sRUa;US zeYH$cBIRZe6fs3M{y340onPVXV`9?iVGwMc2l*=WOpl6~>@%*VFgnA31K3-y94*?2-5E|n7 zTO;3gR8B@j<+H54J&iyk`dlV$IJuG(VDwfXv}>h31TGW>PVntOnc0Xu%#vS)>6gP{ z*cZ4qz^(`mEi@W+5fz`w@vI z9B70iPIs!EX`$q*(rmdo{JYbI?%X2D&1&-2S=(wAPnIYdufJ0;KGcTOSOLme=4;K59gNMdoMc zI7*0`Z8-s-*lLM?BWSm2G{aK{_~Ln*{U5}xLXXFTLLR4(K_2J??63?~^Z>rnD{Ewl zZc4HLJgB|*YX6P?h)wyHpdR{r=RPiK3>KcF!wUKyS_tp?(qbUkekdOQ)`fYR((ys9 zEkHY9J`L@}LSy5FAQdQFEZ_EgW&!STKhNWSR228$YpdSR`@>__KsnqoKw9WnNPzK& zw9nj?CkL|P2PD6WLfy&8;O%GB(FVl(Pzy}pEKp<`0~nlZU@sAFU_54T^fVmIw+j~= z`%uL@nURi5ETRPs#`!nQ{^NQR?++Xd5I`a9|KDQ$*SJY36lD4t%1@p5U*$|34Cr2Z z=|cgnNQi-8Cm05Ft*^Ub7EOexULIb{rsm*xo>{5vyk^C%FSTsKQs+hW@>x^-&+MS* zZkV~=Wj1`;X1>V-Cb=eLe%l(|)a^AXoB5>A{GrdxPqmp#edc_hS@T(&+3qtJ`pmA+ z+03-heEP2%|4H56@dcZCw$Hr5*PJ!OW=@q%cG*j|Fu0i=wez<#s4u9~x|3Z@h6MW1 zj@;@W`Q~K}2+zQbQa^(Z1IuVO%`aBMrP&6Vps(AsjJIZ?-T2O|FS|3#&Su$Xlue8f zVKv$l_vMipfqpl2BxfvlipL-^E7YSedcd)C2G+0B_+l)G+}sto`Pj0$AV&hZmSkp`B`^2yIg{ww=D<6LHT(Loq*7i zdw%{MN-X5(1%&fH`FYpjAwNHZC)WqzXT41Om7k}w`{d{6iAfoL&Ry3Xs_$D%=M%v1nrD$b)*UG`#N;{;W z9ctXR(r#N>Agz?`K~-T7nhE>XQMLzheF)c%3orCHD6iE!i1rELg*~*?rg#w$2<0Cl}QVGkcL~%&v%r zrrO|&was2P;Ssa#k@AT=c=-#U6j6~Hw+9LrvsiqA-g9al>{MH0&$PDWTJyI_Ty?rC z-E#o1M4kwL_X)^{yd%D&^^-|>v1s3*r)4rGv=q-^nU%eTfPr9Z4Ppv4po6C zVzPq+-l!lZ*RAK;q;UIlf}Y#qu?Nw+g!L2!bQwbgC|nWgj{ z@Z>sxVbB-EWb@NwHH0qvY7NOjjYX`13Obi}g9er;*@r2Ko|OYz5XQY#=`pU1Y_l79RWl6 z%}2AWeX85}&3m#P>j4hOzj><@FkW*0%?W+z89Zb_$VW#z65!vwt9HzQFnLo84U7&k zycQqrzahkh0+I7c>u%o^h^B}wuM^A@&{}|JeVT8w?x|WAZHk8IK`Y#Rw>y%%lPgKc zTyiCx^&ZZ7tF&;BRTfCEqAa=TxahA(NE7$848}f#{WllJ_K|?tKFJp}v%ENEvM_D1 zFl`>*4{4Cmz{XBM1l3=_t`pdOM(cD!ZQ|`wvtfy4PziqzYy~YmjBqx1paG zYaysIpoAvA<(d$rkx7B+18iA2;nbanozDRw17?B<;1morP zudI7@X?Z=Vq`cZox(1ckZ3u7#^14JxhJJ?fx(6b;BCo&jnX*5<)5_~KO)iwz<8PPl z^_ms`jLPeyH>00_kSa}9UK`A^kJ~0Nnb7efw}EDAEodu%on{7cfdE4OT3sEKiM&Bl zO3?Y9d4Ztc924~Gp#DU3vdMOU?=`2vrr}3B1%2*nvYUb)u4uVI?onyC!-ameF zDM8etTh_#NpOi67Z{h1z$$4Oyu@XDP>`4Z0`9Kxc$s0Yf!}1b)I!=3*2U9fmWL+Yg z0424Dt-0)5h&rck|DBDqq2DXaPvAl8(l$ZA)eF>VH&8*y#$NbQjG~CpZVNTs0n@f<)Tuew<|(je?<_zz0$2HD^+Z%9l=P zdFOJvX(hPuABhZv_9?H_`~ zBR4vhRd8ZEuBSr;j_15sN(c7+CDO}-E6p;l4CBIbDM4q$dS9LO1`RP1i34U?zy zr)2{Xt4Q2h-BFo-t9D-UUx^k=Yn$Fl!hxJujKg06<%@ra#qCtqf`Om9Z32&uCI8i$ z{1W6WV*SYx2owf!$GJB@wP#ecUW4kh=doi=S?u~twAKX67 z{kq?PJ%Z*Ed|+d`n+?#RF0^RVlw{|vb0|xZ0eoSo*h+Ba|9nIx+ykCe&5P;D&f~4! z`iVabeow7V?bj0)$=b;}gKrH$CB6^#w|8UBD!p>fDU-i4`SiFsi}}<2P>Jjh9l5;x zEn&2Jz!P)@dlBq2sEu8mgLYFjV{(gWO;ceR>aW5xF zpH-fy0hx)r_R^CulT!7xPhnoJst0x^i(AgHk*kG)NE!RQ_KeTFd^4KB+fcVoT>4+J zv^V7OJQ~liV(jHSUZD0G=UtcX7A@5EG8?#zgG^P9sLu>Ot^MAYKN-5A9b`AKo~e84 z@7r7Ma?QiSn&3n&#*dED#jj;?dlN>*({EAPa!kVpxo92;jqMwlQ79&W2>XfMZP@j& zCb)s_=NP41KMIaVK|4E*J0tz57UPCYRq3MH9_`7Wa(X=Mk->yoCo}BKep-T^SyWW= zD%ql{GrD@LI#@NeKk5kHk$$O}mcgX`%EQQ%>fGmEyla<++qT*A^UA+BE!E;BedZ#989s6^;kz>y;Q6mqG#n4|}OGC6CGZIW{LweRnBt z4`$zm*Ulau)~E-bouC!w>+bqND@SSU$CU0?YiUl43IV+=abPgqULYXb%dsMe;oH!l z!PPDZ(lRa91%IwHk-0;qg?GE*iMTaN%r0O*9bgs#mqoyZo(=4JH|YDH_rOhzak1_Q zsbzUA5Q;$7^6F78-E?zh;&QH}=NfNL2bIWO#BD5<#A}hJ;VdCEck)KNv}x}gQ&>%l zap+0~< z!pR-Tp!8Ux?T0TV+U~x_&8)FpYjim(ak?kfIB^4y1KdK#?pZjykdxXWYbuqgPWJeP zJ#$|Vp^(K3QDtGA#XG-iS$u%Ui~``1xTyXU)`Mg0w%sw|;NO3c~CU)78VuI?IE>*H;7Xor4R{`dOFOW1Y)(L_^ zO{crwgX@rOT#z=~Cobcj7NEa?_H2RJGr7X9cn53v?wQ}gy7N}<-LvBXMYgRK*DJB} zb$4ISO0n(D!ri=Z_F}kRNz{a``Ye^s7=?_w?}lrs!)kC}*C0qif2$(+tHP#R85>EN z$1#%Na)TyVtKis5kCBl?{zfd1O8*Cf+~GyY(FCJ?E)d;g_TmR+{s`Uu9@XfxICpD7 z0lz<_*3Z{l?C%l}&V1s~`O;TIMHMY^=!mWj-v$SW4G5+mWL(QYLCgO11#RXz2C7|!^X ziLaaiehv5m8VP!R7}m~_5HKP$;=4vR!Mm&61n;iaVUB9Y^mdw> zT+YSc$vZ!Y?v`2uN7%_v?HL6#pSm7>pRQ(iz%1Z;j17f* z?@0QIq2`X4>Pm`uRPa9K)b#l(nxF@-OE?E#92WNTJpDwF;ilU){$R#yJH`%O$RyQ> zF*P@$ec5X=J8wpDg$z(48=iiH8A|XMRR<(K$1t59^OJ|f?d>gI+nFGx<;=zaVkH2G z37|O4y3C`;*aX$0%~*3^5OVZcl={pp;tdFLj8^K%tqCg`hq3*Ydw9{;yO$Jg*9rs` z&b5Z{giUl;hk|*C-sOIOJOnFh<)EBOv(3O6xZeH@4#Qd;^lHkb1b%@VC)0%w7%SH;# zeKWc4LkN}t@aV*?qtiiMWsmMaK*}%$IcNgk*lFyzFegyS?Zbrdy%pUr9_5efUnrAF zJSMMh5c%fSJNQvyPQM1@>IG0z2xgh_nCKx!xhWkK4`7N2?jvFboWj*jpUHu_b85~5 zEW70tkCCcasCCicn`nACbkt}`!o3ieP`@j_o?yC>0x(x8Dcn-f-v(YtU^Dq%M9q83CPc#&Wr!SfDkp{W(a)qN+|a zP^^*IMkp6H%>U@fRLrC0RLrBT$w$2yeS*!40U55qXqX?}I{FvN{s0&4Sc!=)kNJ3F z1IM@S$2QViHdo3;C|WJw|1SE|ybNtIKGHz?$2-Nnw+2_3vx7$Z*wI6}UC!H)_Gd?k_jRy2vG zbU*i2i*=Hi20BYW9qE~dx(7w;4#!OjrN)U4yV#1+077N&Or`I{D&ma%JSL2w^9yzE zn7@Z{BaV9dBXJO!JtWDScAmDSX{X&Wcl|G<=65pff`78?OvlV^YV8$&XNK^=Q`D5P zY`u6O+Axl`TyVxucY;->AbfSq;vzE={e=2D_>c4_Hx1CHi?Nd zeuIZmf%bdi?Hh4XqpPd0%LA}Yy1M#n92yJM>p`mveFPE?sRJl= z03{9D$MNuA&Lb1HjUiUA(?=n-JipyC`1K>RkJp#8kJq;*uit3<7>e`JiI$@UUEisW z*daraOrIC)@Gc9`;VsZ%-`C*`I$zik=DLv)=DKo(xvn*N-3LOLdQ&;+ZQAm7$Ur+} z;QbQlKbM0*&kA+1*>!${09}NE-fj*#8Xsv{pm-n95nQh@*AjZ#i<(?K)q(xei_9lp zp~Y{6XcrEnMKRuj)7BZF^>6H7Mt?SS`}t1c?2qNFP)8Py#+Xo~S0a*G(!YZHtMj`O zVL}>!5*JEcfaHP`ka-XbjPHU4`dcyXUC^;!Xc3-X{r$D>^eVkxb`S)CVs|%3 z*&BP1!r_4bbPrXjc&wW_X&<6<%9jK*m#M1ZjEQ%D29ktq^jEmLdu23%tGlBTm*!$= zZ?W8^^pe7gaDh102ovB1eZwUHU-X9B9e>q38;?9DOZZeCp79&IZE1Ci9-tpjTZySK zer~YOzZ2e^>E=gJ@|dN$mkXr;{0Gjb{r&T?{c_XEUwfaEUyyPvIgHvt(Nl{@Y~@y4 zjoI5yNUTg8FIVwx7$#sXbEYykg-jqVes0S}c4x90uDKd7)l+q*>MxKH`l!EgW#yWz z7Bx03>o<1Vs`Xm6!L0hTtxB`0nX)dO$8Y>cftotbZVr=Bv!shjq@d9>!@WOFD)a55 z8NJyRSi<|Z1G}Sw&5Q7?6yeFRSNIPEM*@Urax}pT&l#~a2oD5mS}bk72oy&|a6bOA zcy-vnor2fzB?Ez|+>B1a>&csJcbhaPZ@4Q3zNdEAb)C<$t-&H6>hZ-!#0*Tkt9cx2 zIws=W)bN7uFF^0aE>b~*9FEx87U~p#KZVLuWO{&gk?4@L9R_oBe8dKC%T(!`TV)t* z$}t)x{SXqK04+k*akLm?!;cDgzct6gQ22cnaDfv@>&C_hfKxp+K~R8GNIbV6wBUWZ zbhw7>n6@X~qxUmp1N8)4m?M6<55gSSZEy(s9OP^{5OO?_ma!xQpciuv5!<^!8KF1U zK;>;<=*G`R(|B_bXPjXnRiJ*41}pMahzrHFe`Sw8@S+gl2zFU z%|m~*L*c`UEk|>gRB)r4%JRz}#YQh4-^3{;89@tOwKe}AdEXu%XHoT^(iBoCZo~>f zQ3ABka!o;@P>>Y5x@e+B2~-rR6a7|nbitGZb8NVzTb0Z=DF-{n)3Sl{qyVR)6MhDoH=vm%sFSyoVh$`sRfTJ z-Ql|W8z|jbuE_t8IUp<0pIa0OER=9+00=S9;~jtY`;}baO!9bxMj8gBD1+~n;~OCc1E`3>0E#jgK*bCm0KFjwgWjeAVeq$qY8m_s?TG;} zcrlv6zf0sV89Y=Y3`R!N5@GNWuGr;4v36T*5xQc)yrAczk=V3Iid4EHKI*pZ2I`Wk zQU50g5B5^Bop0rAsrI z&sU-481L(Fu#7Gt-txWp3ptX(6q)Y!!73N`wgKnC{}mEiTMx8wh> z?N4v6cQTM|+GIswC$I~T^p3*g)bVOs&=nOBdT5FS3+%Wy05>i+u31xL4Q$J%io}9< zoz0N%w+~dbC!cmV9XAdjFnej$sP^PjZcDvQ8Y@YmdUSvFQys~tP`)Giw4X(BG*7oY zkC?NLlRT{Wy!j(fuYlm*YgNWmNux3 zvvg*PpL^$c`nmlGz)wr|Cl)e9Q@l^0#LgF<0T5ROLkzi&xPw%IytipYbHa==m!+G(nh&6UfOuCvMfP`IqudoXFB~C8<=ez zXy80Rm>#Wz+OOk+?F)?Up}xSVAMJ}ck-uhNsLikjra#tk>qJmAEUXMScp zIoJVn@h~v-f!Eh4XrJ;Dqb}Ny63WZ5?v=be3->!<5gt32xd-z)u9+krN0gC~8!c1<3CrR*~u?;=f^e6+bQ1%As zm>Gl01^GVODQpIZzFgy@y1O7R{Q{_p0?kSAC243X-t^<#j~0$9UtH;+>k(k>53pW9 z)Z-v2BB8<;S|aQLm$O2s5D2&>e1VlAz*iKeNqsF`gIQ;4e=P<83?;Xn90(lOCGq)p zq5phDjv=2+R~h33C>D?K^2PC`ym*ZZ#LFt7LEpwk6#1T$ijb8-*vgO$LhPe57?-dg zsbru(u=gXmNn{J#M_LBWr_klx?%wh!Mvr+4hOV=G`?$1l?P$+Bw@%Nd7iL;;6~-N0 zVHL(9KxiL87zaMUT6(xGvT^O`#z%3gXu+8w00`k)2q9N-Ay($49W@4gQ_m;1Oc<4T zs0V^9JC@r*!lhzBY^WwA1}lKqc241Ect)iMB-i4wv!f-7ITAf^p%+x4J2FFt5nrShdFp?0EAq5fN?)n+1O}Fur)qr9sVnq7rzZf6qYM*! zBrS6cNXRT~`axH7Ob{DmF)ga6hot&}FQ-7wVEk@IoYu+N~`HL#7M z7=$)88BtQSSvY`P+k8CH-uk9ICI#Joj8}2BF}UGo{~TSw4ZKpFCcC%X)b1D29@EqQ zw(M)lShpQ;a`=hs-K*G^?oDukQY$vP#^3h@_OQwzB8Lz~#s0eQKerT)71Wgzr^>ah zj7VKt1M;&#53Lzh6c@337tQ znM~1G^OTi2j4T~MS+hoqk&eN- z0mcPR6+Y&ct(;)4WL>h59kZXc5q!#089zfbhNf#AY@(E7R5GM~^^~55>{AWd$MHn~ z5^Qu7<~iJ8KB)1QT#{Tt3+&9un(YRhjI*CN!IX3{k!T-B54`*klTW167ZU~P`iqqc z$eS^rL=YFbi;=4~9LD$OU?(zrkluszNM!XCU@J^#Rows1gF)pW4`RJof>Y6ISxm87 z4Tn)`geWYl#PpRJ`C!Vek-GXU4a$4sMPnV z4y+nu0$LQHW#}-qV)UAm$vxcv<dtA0wDg(X*a-Amdi8b~p6TQz4lL-P^W3o)h zH7-hxB1JV}@MI6Rv(B_c1wBH6m&T0)-9b~g=Nq!XNWU54Udm^(3moWzgiMr7$k&4~ zr>RwYI{`Ty3lCnZK8G<0#C4(EvXB^Xq$kZv(N`7IvecZp5CWcl!^+y^zSQJ(c!K3g z_B0^6#=kRiIMga_t*=R~m}aYlEuMgHe7x5R(V+SOkv&ngtnj%J<8H{MfV0u!1iqh^ z!p8|aWNUa@f#=HKoB~MBWX)M6@JJ(c)}`Z1X^iaERBdX-R|BecD}zl~nVB&Rd4jAe zwPJRF?D6>}SoWE%Oq5Gbb9cq;qb#D28q`NX!k3PmQyM_ z0Vv%UeW?|vuWv$C(g(l4s<@%5>220pl)#c}L<@fqkn%ksvDT<$cdd9RfNch>$T6i= zKU~7UQ`zx2<1dbr2=cr-^Zb?8rZLXVUTUt(HQj4I#*srO>UK7dthxDIQ#GQ=sz1Pl zSxAK#yMHrH)NBa6`I00jmx;3oZB_SML|~Rwl1-%or>unw)wLEADp_XgFq4nv-^{5z z>2ud=wDo8uJ+1T3VT%$A?h6tYF`@HLBv>;7OYs#DOHWldSRyKcYa8y~G0}Mfpm6F> zww~RMCND+gXnb~#dHyxp+q#6PEI&^C6Xlq zc%4nfdqv?M{_siKo2#D*Ssp+nVHWK&FIDIDF&c@&ia;8G?APmL1|mOeRaj7_bXf`7 zOQ5@gf_ZIOH()ts0RZs0l}-xd-CNh+36=83(lqLg@X#UFWbLrxm9X&8hVDgz4hDz z>w<%YZ&}p6^|Ogl%43B{{(?yR7s|$-Nr930o2y4UrxGXBr&?E6KupNcYwVg?G~Wg~ zr4&j_DRzS{>;ZP3)}`#qo9#WjkVkg?eaf?`$$xh|voex{`bTo$ z4#cx)wdYii?SFS1`Q*CItMQmPuB9GxWg)CHDVZ?3fYbRPI`FSLO&D0z|2(S zYuG%Tf20T)%h!}HU*iGj?CVaQFoH{KJwRP)fI1HVdsYfVy$6_A8i3=OYy#<81oi+% z1NvbymNUnL$@IA-7;`+>e7uy##vBjUUKWfw3I_M45-%hZF&2CtoYKHIsF(Q~#D&ke zJc;Hwq~Aj*t&tA@Er}prkltL&@nO{x)-rx#Eu%V+QadurkhbbIC)(fQ^u>7#CragV z|33?xpUxEm3=Xr*lq{^a`4fnEv}7^0St-PwXguvwStG4rOc%mLF_NprG``cixu3{D zB0nMNmXtbqCVoXVt3906cD5|SJE=AM;@zAG4U&P5{vf{fT8|2m30+&sn@a&(N7#RS z=j|=M^2tkxxabChovF^72$bsVWHHl3LzQexx3r-f_XeC-`R#sbg8)}|1u9>MF2dJB zS=3!unwDEiQTi&;B)P*B9|6M6k`gq^NkR_uhxAZ&;u=~QU&XGjiak*Ut~(Wq{)n!I z{-cI1h1F_7dQhcajoMseAAvBt#vB25VAD|I;URPHMQ?BUMmD)7)hXW7fOs`#-`y>% zt`inG;&v=S+#cnKyZYgPxKD?Olk11kH|2=C4g9ynC6u`9LEIt;!hjwek~K5X#l9IZ zPe4%cjqP+xJ7j-1NmYhCD~)XDxbSmyxL9gmC%3Xls|pu!pL|-1pfgl?6v20apm08A zh4%5kK?`WeLkaRQo;|FoH!~INe)QB+D$JV~fNFQgPiGyHxgYM@Zwf&fzC-yQTa3UH zZu;pu$o3$JAclg>M7mP3)MHq<>#|ttev-N@mMR9e>vz%ARPH9Cw}N8^9}Fb&PDov^ z-r)`P%EKQ)Af#~t;t!lPen+i)9usB=WUDj+%XanSA&r%ZYa#;grSZEV^v4oGC+{;2 z;m&;mP6^)U%p7kXxKIoOa8^V7dSo4Yt?l+2@G>HkKL-Kkdbq=)zPvhsct9KkG8Z8Z zs#2P`Hy;Sv{sR{2M>!dN@YV`f}x~{I_vW=sY27^Z7LKH?i+^(bWWIl?KJUs-D>p;ADllHT< z)@nA~{|`)fIRV=N`5+bYyQOd#o`nFc8zl4amNr#ZM7^cFdQ0!2PlSmD8bx_x>|EB# zgYm6(b1jAmjvuMc%pkvClg$|Z$?2cYPD#Wx?wBoz7$iD(SA7`tlaguEXC^XjLKSSo zJ@}eKHnRyBD4-G-j-kTLB^m(FOIfLI9ouH7(VZ(6Jta=0(EilwfTp z9#EQ7hUv5XX`vHmbyQgbcx*^&kst^3Wr7qKzT)Ep7%7J9E!6)~_CR1Q!wQc>XxAlQ zE8PJ07(|%7rY|}lSe-xG?Bo$JgJ>*$3r@ymUi=FNOJQ?U-H%wYSiy9YKi95TT?l!% z-$n{94g!jvF@g#`p6IT!Cx!1yEI|Fh$3#e;9utn7U*YuP+~lSm^}=`oGj-TdW8Z-n z?S&-&H#)-OIXIEI%i?taKCdpZz)GyE^SXUTSO>r?t*!xgmTW-eoQZnZWTK^%-+PjK zCu7YTs&&4p#deB&mO0}!|zwphK!XvFz@I{-r;v=m8?6=i5T}6N_|gP zMeDPj^}Uj9{a#1%d%iyHtUNj^?`mOZT!o`FMLr@^;^@a(v_rX}H;m zi@(XYG9^TVIbLd>(4ygiKG4&T_kP@lNASO&x$K89;}l2%+%WQzglKF5<+kr8t4aVoo5jm=j1W!HHWt zlDCeC6N^A2NF8QYDVwXwi2>!rfqx8hg5?WWLZehRpLViIH`e?fBZQ1c7X`984jeGT zJC!OFttcFaUl~o10X=s|;uib1g_VDCM{;qzZBfJH2Q#d`aU^4iC@ho9@V*Rmbm4DT zAd|QFo^XkfNhI2yaEXvfB-);EiI7Po+MYn7m&sc?lDEXE?Xoi2wT&`Kx6;lRd!LQ_P8*OK}2;#hgH5F(;5%f)h7)ByS!OCq^KX zq??@RQBEw*hdCiK`6m%M4&fV}Ok#woFpaNRnfyE6fQ6DX*2-i^^ltJ^2#elL9m$*G zO^AygB+W0qlu)brs1`EmoB01|32xBpi_u}_g;|T?L5!nJr&SOWN;;xf2>7gk6Ix;ZHpd2};SV&6jV$|vNk;Q&zYOgcf?sQQ z+PDany+F}kg9V!qUueR1aHW>_0ZsW0Cnjz@bKz_Zqgx6X=?G`KPhWw3TtjDAznEsf zH@N}76@?2N$aFlcxEqME%>HjSC%GZrvH_Et&nm=#8Q|V$T}0hq(%@Q2)K(X-e6%y4 z%4yU#Z`a*iyeSmX#(32^m!E3tGbaL9m1?eCwW{5 zbNgB`X-XC!E?Kk$>q6#W+c-(soBtcZqJJ7(DVDFXw+yfofw z8U}VtuKpZlWf+M+e-tgx$$}4(TUj%>EuH2SQix%O_rkdK8tx4hp9yngoforw7dw%s zqAdYf^=if|!Z08pvcIsnJUbAlb2y8&wWEde=WFdCBx%C?1xH$*Lp^c6-}2%#6_+%3Yf%Xk{s?1h89*>aDLq zi`n_0L5_oz0In7P0+(^t*9vebu+a8CHP#|cPrb6w!py<9_ z-R^-cZI}EL_a)3 zw*kU7pbmW4yBHhS_I!Oc>V2&mJD^@1)~sZ^XaHc5k*Os}n;J$|OW4SEWn*ulTKMkUCac0&T_!~86`RNMp=HItKgm6l?7i2Rd6ZF%AO{f zR(hhYa%FyL%X}1NWE0T_Q-3lZ8#l_?-pW0^~JP7@aYf%iNI``Sqn+9;}_c@>x3aq3}!ryf>a?#etek}`Re0XxVcFb1xe z9w(XM-!GOqhM`1_&rB&Xj>LnZzu-Qc=n8;*hq5zOa0JCpO05e&E1pvUd z1MwuTO&cHFdPp7nkM}>?<0Uh=BWzo`^Zy>%R?$ievvh|{4D@dOSQNoZyUs0R81kwP zx@r^q5X4^h?`h|bjRVKP^GDYTKC zPM;&kIl_f5lq|Og>y|e}4F-UHAco@v#epoUgcW?e$w4YHU7QZCdp#IjcXPGorh=@2 zRIbh(@g=J`^^gdmRgY~Tv$@9X?sC-);{0z?pnhCI*Eu9EB=i+Fg)01!BDKZT*x@dY z)FjpoX&Y=E<&2{^c)=JxDKN1U@kDUk$4gU`Nk(5_>oWBe}=oE4u zZ#{V8KYi;%so-rxn3OY5--1sGx)9WPs}6LNDIV51|pY;i+b@o*mu~Aa<5spxY1d7wmO)14ezs-uU^H zor0+h)0Yg$bn^<*;pbJHSX33+Jc8PJ6=3TbWDzEomMsG7yo$g&uL@0-+{Yeu9NHB! z0ybE->PU5g)1$EFSwYq#YP|NU;Z+PLpB7L*8_9>JN(`=qMjB)V6BXp8kSW?xVj4nN zFVBP>b{Zl8L>8G^MOr7IO* z3eE2r06 z$B;ISI4}G;&?982i?C4Dp3$PzM3F8*(;5fblTReloW`3V{+}nNw7EDPJR~-;$}qGI_$bBA_&*QA_CfvnVx7DFJKXZOR|qBF;887 zCaSyjop;0Yu4uflb#o6XDhhjAbu1%<|7IE8DT^mQ&IYgLv2*1)c%0I+oZa=WH&Q>z z_GL3CAt^hQ&B#7lv^m#K9n3zSUUO__eYP)=T9aLq{zK2?XX@LZT0OLVYH=#J;4$K< zZ~uEL@e>?p(N{Fss5-+|$tc(PAi)|sW!EnEz+LlMnY4E{AX(<^6Ht?MWG=%rPTjdf zN0MwHMt1S98jDo!+@E$X$6#3AM-~LGn|22#7>C2PwCrqM+XJxZ{-)N=gGk#}elB2{ z&Xu*GuNwv$6Q%#LJ`DmZGg2^InrZqzgVtsC09?R|ROf>%n3{7F)3GD(j{;PKm-I^h zLS)DU-@s+gU;1?p!GR1x(4u%`s&y?}5|1ypZmy$c3CRnV3q&)Ez4A018nMEL+2Up5vKu|{kSMM!t6NstUC+sYQ{$E<^pGL9ky-HM?rHu+G`F5MvjneUnhON z$wkQFR?j7FbN9yp)tg)jQx&fH1is>AHD@zi`@>?x5=2=RnQxzO%LWZwgS7*6;9|}*j+u{giEBzB zniEF!wBt}q2+^e$k&;aH64w}gNc5cQ*lOTM-}Grloi=iZ`i@C%vy~Cy8`;#M5~&ie z5P{ZzQ^@ULL1W_X^cKk|#(Hdk^??~ttdJLtn*!_77*|1 znFoqx>~Ui_#lf6mQ|%OWZp_5l#8?@$f z5RRIy<;H{veY6f|c%L^ffeZ;=HlmDY$p;;hqktqRXmX&GuMrO}^yWgXJ4trGN!jFrpm8wbf@Dt90$A|9BwN3J(D|t_Z@lgP_%#vUoR1Pw-oO{5 zRsT2RZd|%(d`p;tWVk=*)NH5Wnkv6Y{5kR8GJJ;z{#Y$U5=Rw$fJWs|x%5z3&T+yI&pt<{zL2FsD1xiRTI z>MF2@TzUf+p&o=p&GBh%M>^)`Y})8V+kIH0De%Yl07suxmE~_!z~AjaMU1~!9Xl+4 zmq@l1zy=WHmD3C09q9;vUqy*%OQUaA9M8viCEV`j#(Aro89ES%kuvy)hE^1+(JF|a zyeBd-&28ICO^(BrsLJ;Td=N~p^@bWJun~5h9b{$-z1HW3NKQQ&_3`95k?I&lvCIHj{$!sqEwVWlZsV83&wnx%1eA!R3hvmzJ)(Btb zqC}Jv(KpMNw`r-V=E=cr;R{z)tt5hZF-iQ#(Zg5mB=IsJ5lQsoXk!w~M~L7^hd^3z z1Kzyxi;;Bp2r<4QCLioL9A`{`j9kj(#ROrk^P3b2%09JEQ( zz>hQHX;FSC9Qd(U49@anA12EW87t&`{;O7n)^~3pfXxU^bMNa_e-U2NX-5WD zMdq_ChwFXpggE3+9R|pC$yXdIbN^J(ytPU3Qvx)CN%3P>j9^ln*we<-%eFUUMMLck zIX(Xcf}9l%wRe(jZ^(f<9+2Vo{_=F_>qsQTo+0H36e1}?llvzBTs^Vx?mRpx&}a@nDn5FN9RNFcq~6;Xh@*0 zd2(f56k%KN02W1$f^o zPZtPKz>~5(P0uUI(+$|<`u~EbF?p?q;Sa~_qB4j{>6XILoa3qtx|rH)hv_(zc(}e! zcA-s0F9supZZW$IqUpi|UC94NZ-!#HV@0pXr)*7QtTnzh?YPqAwzK6VoCxcm?jllb z73a9&Cm=q=u*W4qh~YAs<+8{!z(N%dMgW|Cpr^lh>{%Je!|xA;Ew)qCkhNYLK&%3U z9lFf%c+O_VgLACGYoHkMIX5vK8u&E<;;qf;mHdUYaBGWihMz|@UF_Uhw$}WJ6#;GU zd}%yNIxq5Oov03)`~O5i3Q)uG_y&q=Dy{cyYZsoo4W^yEiH-T(A?fkHKiK=(kuD2eWFvQB6B1?*CzB& zBtZM>lqR+>7_&Vfa{|F2lsw2XT`t2MEEJ*9-^gWl#Ea!qAjo!*%gGpL?v(b$wQ6VU zPnsuJoz=ul&0gnrHvs;$uN6Az=|#T6gzDjv8X!lub(E8g8!?3r*u zsQ&c2Drj6a_#q?2@`I6Qo;(1J=*%z`dN9O4oiaQ?X17DiprpuTAeHN6enU?SN}V`l+WLD+A*>MVn2~s>e$@2Vd^9Pw-SjxrtkKh3|7f8| zDhgIlZ~a3kg_uOZEx}*01kcFsF=0mbqzP5f#A;CAc3{+fuf+RShmSo4D6sKyLHEPQ zuFa7iJR9XGAjQMSDZ&KI_-DLaGQ0 z4Is+#^fh$(cT3b!e|E3z^ zWi|3w^qgy3SnP(XYt!&q;Lc8F+abc-1m@@o4#-H*kt}DvyuV`{U(p2bOk6^=@?{%w zjC@sQ-=ZRg8GubObhhJf!AW~q#O(pL{*QTea=EHF4G@{JkspmmP%OgIV&f65o13w8 z=I2-Zj1w*^N4E`PQr6#_c>uFG;NwgRTOr&OgDoo@$k4KG)4WV6=I$c=$41I}M4RO* zJv%3n0y=89^qXfH`R7_U)!5r4~xf z*c8JHM-Fj!T+3}pO36bA%N9{`0q|P20y)Qzl$@gia;)jK+;%{v@Y4>Xg1mX zXnGz6`E0EBT-hFMA7DB>*SiI%3oq%F{DoLeN2`iG*W1q((*r!>K5j-iq76(>F2nMi zST2$Q7HxY6A0o+0vLc5+CXsd_N6`GR2+fq913aS7aJU9F2sdPwAXF!s+nZU6M@j8m zS;tmHx1W5EF+Es-#rP`?7sFNF0`#k8i&_BUrE1FG&Xvo6D^|^owwgu%n`(%c)yQAZ z6}14`G_e58h6NxC%nijIHklmqrOk=^#=FK%D&7GDT{mY`c+pG0$NA%MFF^#vxeG9E znHa|y?RtlwpAc01h!n)AdZY-4wGf4`qf|jI67w~}hotVq4vMtm4k~%)R<6Y>L>DKo zf$(0tkCX7?b>*B@4D*L`B7%EZ5gn!5!lNWP(Vo##cUCD*{d2dS^%^1>pJ7Qm9SB+tiu#-`vHo7PQRIg{>^o=V&w|<(J6OU zQm0`jpTe#snDBmc_K=JLq)+WI%`IbG8qb`5%Jh?`pY)|v>t^`|P8NnMI~Q}irXI2c zCb+9N^Cku#mhTmBO`kUVG-IEjpB$w$d!tLtwREMrdu%`G)lOsfRu45}Kl;=K|B#nC zb)m*CF{8DKjNMMbJnrr5D!fdKPvi^8qdv; zv>jnRyRdmI#qU04n^5c6bfFHPDv;d5t+BfFW}nQjSeN^V0m{hbDLb~?^au^|fji0Q zkY7(jQM*_dNe4y!a;SV`;exTM%fgET+?cnKjW0AIFU$r@+6!e!)ASOgF{2~H->s7- zbojAX>39+mq>vvL^jzDiATzy^9vW^kuf+>n*HM)drwzOQ){M&D#N5@mL?9|AM$dzwl48V+jtqZ2pC+U9`w=7f2ir>R z*_gop2e{1HwaD03xIBdLkZ>86j9mm1$D;3_+x(Qse}Miipk*ZVPc5dOMc+UDuY`6K zP~r9JvdnWpT2fk=(IMGhS`MMCohzoXwAFDR=Ma#>4d8c3KHrDT90r=V#`Doz*UW#8 zkmqaZ$;zh?yv(rZ`{(&Zfosg+!14Uqay(~7M~1(i=c=I`m`byphMu``L;pUw{h0W< zBvd~-=BBw!kgN9XbV9A>EfMIW+!+Wd4(Ov2nRg*Bq5gNRe+JZ+lsIN|WcV9vJqPIW zt!J*Z-rGsk&8bpY%}UTAbMR8bEi*b~iXNkbp_KA;Fjsrwg3=9t8UQ65&Ww%>e`6KW zTPa^5bAxUVweWrP{dzd9aZQsBgHP}j>PfW4242Rynb9G?p6=7o^i~-$Z^qNsRkL=4 z=6o`p>az&!Rg*;n)!fm4hZW)q2G~;wy-Af;awo(g=k7dNs%bZ(Y0T)5U*EJMcjxEM zzA0k;c+`cc2!huKhqVX(zO=9NCh-kAJ2?Vj;zL8;kdr{jjNA|D#LdX9WN$WfK1hR; zyMr1%BX{ln$%)n1AV|A0{BvQ!h!sb}qUrHzV zE7QL^{cF=txA!}>Zk~-aAD;-0q;eTN99%e$0aIP>)kP32E9=qFFx00dtcnHKFYwkN zh9L4j1c7B_PKdGo6)rKJB{2O&d%F2mnbe9!!F+%B8qCTx)7-HeXF^K>N34FX&w`li zGab{VE&;k1FX@&1g}5DyI*aG}_kBgCOu!?P^a@r4w8328P5AWwXtZeOCpd=;P-B&9 zvUaRP@(3y~jpPtEOqpl5md`743%@0F;0lA*-nH@w$!=Yzk7(K)#Wo6`p#<0DeBOB}>=Vb_*)0Bt)UB0vG zAH=@15ygv@?xioP1yg)x|AZ5jpwGFK>fW4Hr{U5Y!p&%DNzfj)0!OIH-F0nM&J{VoG`O=2n@wm2WsJ{c5$9Q$b|0Uu>c-j7UNSA+L+lZF!y5Mr5MZ7KQ!&(Q;!BF9O=&!{Uy+0vD|H0blL+N=(kFrhr zD3Wjrq2kR;p|ow^Q;ck2EnW|h*KreP$>kzPPn`KLxhDxk%&bjyr#Eo$<_&FIo+)r@ zDfH=06vLF96f600DH*Gz`?fH0)}jtwa7iNf3j~~$kAu~UcR=E?MLK?~1Bkv<=VAn? zD-FP#H%j!5y)TCS0a=o(rDPm~Xr-rO_7T>r&x5Xjp`{x)^YMUl)ENlSY#a~9Ezb2j zTR~Z#lr4yCxsC>UnO_?d+w`yz1AAaQu2Vt0ucC0b=KA*=WACIe4F8?j`GN-FL!GFAh@D1LE)8Wq7cos__VH5unRtmlMOeOfWZdwHRemmRfeaU zNu=HTje9jwLg)tG`etyg8f;SiqG+*;kcHt4a|7>@tw##g)D-?e zt;`7ucp_EmggE`I7kRSxIGb0#xjoBZF3($jF1D&xEr966GI$5It!FP_3F|XQ8|Jb`y2GQIW+tcmZTt+aFRQahcB~_gAJD5&gLl)3}7cHI)nB@3crrvI`|8gAaQ4M zO@qtXRP%YXnK!`&h7M)qBTK>Ig@3@o_Gqjt4UT(Py2O1wq5D2c%pSO03nt^*PKX1-eUi?11ixgVro4^aZ9m$9PS)mPsQU#fIbWE7R>+5BIa5sc?ugdwH`ws` zwG=9Xc!|YW^)ox5n7fVvKU+4NTgJd8a~019N+hOo53-Ofr9X^(bO}Mv!=v;}r`lD= zY^fo{Z;@2{dAvD|W?f|!+N@v8bF6bWdxUTB@%B91@+NL0UNsNIl)I5^oomJbCPkk7 zIl>XSk&J~+u9BB(zDXGrt;E%2vyd)A*<1hB9q}licS3gR971sz6MHAyEX@HEor*(- zQ?p~TOjk4Xfk%H{X$flx#e=eq`~WSrfFjw4+zPcY?sNt1TzKsK#aNOEgY-Fgf+*I9 zJ9=o6+U1D5k8`%#(5 z2?$5rHBH*?jIj*5XP|Up7E$yjy8y_)%lNl9d9S=8j)4o!mzm=z736oiWf_<&g(rrq zu1&Pr5iG(2J8o%Hchr02J-LY13!;r!Brd_&mTh3Hz?NbxGdeQ--5O)@iM{TZoEAI_ zL7{=LF4(=aCWVPGa1bNF=-n1(czo|VxIbJOZ7)T%pqD=q-*!*hdRN5Y zY6$li{Ahc3a&Xtj;OJ%)R(iOfSx41;D+Wgwp|Hrqjd%Eti^0)_Dp>0T`gV74A8~NU z2@YpaTb9uQx3YXO1T`+pUxpxt1}=aX25^(JNaeQwq;g}js}2#Kh!q!=$|di${%~hA z#F6(yU;9^)s0`of71#7xuUPeEqWdDky;LKsA+`}epXwXY?-cR}f{iu^virYL$S(s? z357f#WRBF*32Z5aWJX7ZzgtyEnw~CmL|}S+OS>S!h5J>E)j)l)1l08aNVnVzGxKdL zQRXk761FXY9a{qJK9T8S((D~YQGrP=5mo|FUCHDU$jvf26CM(lB|#qtqT-F*|E3?F z3A$ZI7CYj6dmH*eU`zD_GdeQ-9brG*cT};&)saA*lZ#w-nQRFtx&`_*Ts+vJS}!Ij z%ldRn7r0Jq8e()8w31FY`t-wzj8v=3uQ9kjQT8r#+9g79U*RY%^Z|FP1Vkc(*$)-8 z3qEY0d81Dz2#X;Li&5_^TJ#OwX=PPU&gLt~Xh3fXL#mD>uDXm_=s( zp8tSbw>I6f7S88bMZU;9{;FuUyGC^}TCfy(Xu+iNl#x%17qeIopw59&aOs($RLyq1*h zDnWHUE;K^fzT)0wFBLE0!4-(!0tMCNNB$EJHU zegIq?zz{IZd~KbyfnVoC_!;vxM4G?P9sBMYPK|wFCFd)DjfiV_&PR?F&JNK4_EwnN zv;#&!!*N1GW2_cr zc&yh)3H7icDQQE{(=)?!!bp6B-_ydULZrO%hU`P@20^W`)ph32kRF6i_a;;>78lMn znN)XkEPR@tifHx`0xq#s$Yhh@O^N0rCNfmgi&aRd%#l!2<&dSQaA;6$Hr38>ohZaR z?RThLSF@sWJ)Q?pNX)|%VmF_!4^M`{g8|f4fxrFow*&(&;vgbCa^W#ZK$J%_2|{`8 z`=rogBYbjS4!Wc-<_PtH%AP=8dmQyWNQa5R3S9S0t5_@8RP$ZLYdN9H^pRFpbQL%Y z=>DK*zRWBg6800QQl0cQi&j<#%JgM_s=GA|24t+0gB~mijx*ekjYFuLf()NB?q~GN z$W&&?vWBRz=XQcKA8+VV$c8j@Z!sYVI^2Btwl@@L?+Uk|d_&iS!K9(u(Hb+-HcO0p z)qC3J!e^Bm=q5x{3lKk<=!W1a<7>=y4qit*!Nk#{-^_J6wz~Jr!i^~JY#Wre?I%JQ zKbKJh#p|?hHfTOpUJ=v0=SVVMmLRH8=<5y)QBym<<;{n5HsB1EL>U?#pakLD_H?fZ z!=~reADUPwDrvQ;z-*x{_>oF;l-a?;XQ}mN-J0lNg%EA@d*ZcTe@p1D61er*l=- z_Q6~mRBwwtt!IOSu}C_Pn^Dd=SJLw;Smel7?P<{d68-T0hc zUwT5rPs=K%V~S#j31TQeO#IUq!6I@Q>j})`Z2(M06VPDo5zI@8!C#!`yt$Zb7?eCe z_z(EOUxs2k_&KhnjYf6SX)`fa4$BvAZ%bOXhp3a;`%9XG)6r%8cs6f9)=CA!2qyz#}rt{!o z+*r!K2&;8+-YkvgoCV#rRolYuvhH15;2yyBb=@^!#sL>mx$cVD7PtOd+}=QEFwR9C zFMiz({Q+r?rk~055{^^~_D%eY``9izQimTbR1E|yvl>FTy}X8;6?PoTFnJ)=-5v%* zm8_FSY(SiZZ{dnwVeYV&h~v?XD5`uDBinX`pmKx#*X&z-uwOBS75c$Gc2f1EY?97d+u3CcyT~<{VewOy>`PrM>2z_pn;*2e!yMmVO!r z^Z4#(tldhj_))*w#?JqcRqituu#yNe0X=Xi68l!PEMYP#u$$ zf-WbVx+-0B?ij2}ZxV_&gSFwkZIQ{P`<`ujb8V>q(dprVP5OVvcG~};9WF+~`Px4m z=PMtZ*Qc?3C`ydN%MZU~iuOR0&Z5?tZ z2W5W4oELn~Ubp%(tC{nN&*|ILglD1P9_D=C=R6bSbTa2!pL1AH&qd7nFQ0Qvkn?5c ze97k=ALJa%9Qf+09o-E<&P3*@|4km89OUf89N}?Z3MPlZV{XXpc|)#b{Q^=&o6(Eu zp4Zc6OhUd-5~OXGG|@o>47F~0zp}IJ^!1(#-~TgeQsYQ-<{;+Z>^XQ9A%qs-0V1JA z2-zWVtyG}tzBo3ZT@@6sj}>Q2A70~odoN_iU2YY6he+!q1;1YWYGpKtSUfJeQ z3DVSC*~`Ab=rq$hLZ9-`rvXFTiVuI;xQ1x^%|7&BYliaT}s49)W>S+*9pZRtbBjV57z6ri#T{Ism(cV7P!eNoq z!aexNHga0nrt?&Ji|vrRQPpxVK89R;fR?xEI{+Pa4M5R=6}-3w!FTu3pA6=WBXT`v zdzszxjN4-?=bXq4-PmL8Y8yAi>IkIl{x>UDueV=lz=4MPnrX=miA;~Y%U6le9nH1o zb6?lNzU@cI3C8y_qcvQj&JbPT8E7cAXA#Klo<#!GfycW@&2IIJc3Qp`Ml-$}#^zvK z)+8~cqa$f`c6)hY7c^CCo$AKQYC#M_Wa#ZLyaU%txG|E}{50Ge4GeMGm227Hgq3nJ zBUeAw29npC0&hq4LRl>zd>sycxrgt^Ml+q!tKq=6wd!S089$X#gMF;53%ycj=2pvK zP}5aFz63w(ax!ErIT8p2)e@%eoRABn;3MmQRMt=I26_&fF$ zhuga=;j9CJdi}nG#~qwnjW=oiq;I$BXDi=VqrU+YI@k0jai$XT8*w{1GYFgf+0q(o z@^`l{&g2`q{unUb_Erd`&iz7LS$`xehx~v#Fl)Oup{M=8>d*1ihGXxc^_IGTUUuoW z+Ubu`taQc`ZrAoAZBQ|Z&t=9EF{T>k;fZ|kW;JhZ=QEOzX`OBB$-IpLPx}5!pa{&+Sy6--G*E3k0!`%Hqy9w5G8H6zQyLULK?D>?*_b>`i}bWm z3-gLOGk>jx=1kQe`ycRnne+B~fl+26N*ANn#0|^#6>$Y&*`>ccd z$D=8+fqh{p*Gh*K96@(JvfT(Y$AQZJbf-50mU3Cp2y@{c^i4L)rQZ=K4y}?JIn=`H zMB{Be{vcJ!cxpX_s!|U=i2ulg)utIg97(E>VLk+tlv;JS+XZ#zOLPX^R0H3-;IRo3 z&5hdCf+_P6mS6RdD>8*e7}?Zg7_|SXu0ET~j7YD(@q+ZK3*hkFKROC?T+UUv4ARq# z=YBjJdsj}|t$>jxYoguln0(sr^8;kC)sb=(0^G43fD7%ws3>KhWAf>aunY{kqRzLJfRVcPX?8KIk@Q zoWkIgtT0rHY}ih+lJyd*hTe*gE$f9bS)_v-lDxnCs*L2B3L?VittqdNNXj!MGCU+i z?18UGVkD+j*kp;CAVhgl)}DiDKk#=Vme!}ijQ|ubjk;*yYEr|U)2HYkk!#RcdlGJEs zl-p17vND%SjT-Bz;O^MQ2eqtbVXsBxLr?&M_ugiew@)Rp&z(4787%%*6u1HcrSUxE1%D1!I_(Z+gJ-^~x!LF)h~gC*eX7>Xxny!hx%!Tl0jv{avrm&ksi zTIhd7eyvx5D3To6aaMk+pk!~b3#4O$y)A=okB~UAYe=7-Sr{y=l%C{KG+JX&g)^7m zCqO#-&2(p9t4UAHzJB)|BJ|d7$mBO7!RnWF+=eTEV!ZsIj7V$@g<)+q481F_{J;s4 z7!5neaKNSwn!Y~@9pnZE_Gp8gKU<O`XuQ#5TWA#um6>0Z z=#ME}*l`U$6GbDPb3CpD#&^R#z#PF{^bv8_-*y;_@$@O~UvyQB3RPh?ttI+@`OHc| z|F3xWiF}ejIKoB+cH?(7=1Zu{o<05vy8y_^W*gc-oK!mW4= znt!=u459UDgYfCDc$JX=YR-_le*EmyNG+P|cAp!jjowr-$aljaAsRSV+iHf;9B%kj z>inT&7f(Q6p)KqyOj=}idmUYmkO433h<9ZR!7y)$tuL3dj~C$jY?vT*In*g1D=mQA z`4+DZi7~h2dUZ@-KSrFPrCM4_E^TrQ3>dz*R1=dHDrNV>A!bocXV^|$MaMeW3cKD+ zh)maXUD#FTybsju{ALCT(bfSW=5V|S=aB+{kSmwhaVqazIryM}kaK*}4q;bX_tv%n zi}#1?U>^XX_A$njv9JV|CydGA5$mwgmF)3oUcjCu3dP+UNB9D52ja2({*UK8<3_yy z<1Jrg*!>?LD7*gy%yd4y@Yn6aQC0DKsq^OSUx5R`-VRZ7zcZxYuSxey?^LnL(Op^C zEfM+tQE0zSjMsO(=6M|<>3Sdy7+hZd;`=2)QAC7X6OSX2Jom~yBa>d1=2>2}MVmL^ zo2SB8x_Qz2Lv(#L?n|u3!3DITYKY!oMhCT+4t4Jr>MW=ZVd1sHyzmK30~?U)a&Xe=N1=eKWI&6K2A-DL;Ps%{sKK{#oA<*0Se$>Ye-r)<{c{-p zHAVSHSmhs|-WUJol7DN=nV7|njDOW+Pf7k&_X+>rVFOZK4sP4{cc4Z=x5mHO^miI^ zr@^034oz7fXu;+aa+RpDE(s6dpK4 zF@ZL(qJeiZGL;Jml3m9KByfhnzxDjvfLj|=DSTpOCJv#${*0{u&MuCp(AL7(%f3RK z-*po-e!GPSdfgruG1-M%fS1sizTpcs^l4bq&0t?kh+(yfJg$O+F0U5j#I>HuS38og zwkKcfNWNBn3VNqbT$HxBnP-eNM2avs+&brBd29l)>$pv(XWWh1;QMgw0{7%N*3kIJ;{ESHN%w$YY!lwub@9 zcn8=4z-6PB4a#(U`4|0hULy4!m#A+luG2%VBq@Y87y{$MEAURRW z_SHGjX?s&X)mv`L*F(-?s`x!`fb4b2 zr}vh4DeDy@yvvS3`-TSkKfGfvJ2qqlS^gP-@TSy-?PntTa@ten~ zv+Pspb)&L#pT`yT?c=Kuxu(B^_%&dB!1HchPXP^$&+}##$Cr#w`)wzK3sfSO3}5jP zX*IY&-BlO~N897JC5fi#FHi?9eBvSLo8gM=X`vnMvi>Ad#i$m9*MD$6Qslokxfxt4 z>E;<^;Qk@WCTEn3IC$#(2rT+>4le7W^c5njc#D-NJ*Nsb)%*7%VNn>cNdz8UB>IE% z`Scy^4M^_foWmz~Ooev~2%QDpx3C%IbQrTr#tDrC`tyY&VJd`Ti7khw?M|~^7eWya z_~en`3#WTJhsLUlAzt=NzzdD%{Y=vxaZWSvUcRwbMqFdU)X^lI44#{P8`wE**Vr$>^tbDh3{nFY90wKk0uQw#f}P9@K3ByXc9W#&DcwLulm^P(9EPxySix>o$J;{8HR zR+x1UYGkSWD9N%b7k>huv`M@^(H=XudE}v63K_#f2(j2D#ZA)i*xt?Mf0k1VF4S`^ zU{Hc_WnkV{O2ooWG(WkSb=Z6vItfE^^q49qKX@~C_a{aS?Ed6#;Wkf{X4Y~SS3DvK-czdKS zf9C0vSq8zKr?CD!fsbY`7DBvldV3WMCkJz>dJb->dJU1cO{f&09+v1$KFUARgYb+k z9RTcyP<~sDB{zwud)|XTknL=SN~X>BiEEFMybRyDnl;pC&z$6es$aH2j)jiOU_2WY z1dIo-O2pe)2D=-jYzh+phHadjyY!9N!bS+pygKtPFwq7S?uYglIF+?owdUJXx&Njs zm+YFBeAKzd!RGc{QTM?IU&dwRkQ zRj36YC0CFKnT3GlJ`V3#!Mj1+{tX50F7}gv$k`5{W;6N=*K#%>_k+kCF#*TQ*oGe6 z4?5nSy;4!d8K)e0^INQ$0jUd}*GPk8W4WF&~!x zI7#ZOvGwILe3~ZpCpwQ;3c#{?b@(t3vr@SS9;?M)a~q6`h?{tN^kT(CDFXI_fERwk z$$SK_zW=B^!KbqH`Z#W2z2A5fW{1fsgpwF}{q!+C_9CyNCPDrJPGsSoPHZ zCBU@RJ_Ql9_XkD$l3Z_u|NQ3_SdBYk)~^gI}?g%m4lpHh-TW$c;* z)#*%E41LTsiDv7evfHEfA!U0X_92^TKtHCj$lX?nRLgoz!|gPo?$ETVL>rff3xh(v zY%M}7v3dGANUn4vLrNp!7xqM_qWlWA%NdIem>#16LxpS5n!;7eGsJK*Q@v!0pw|0W z2&Whl6UJjg5v>Ty=iGP@~~{`5Rv))G~BS!2-!NzLff>3?a>|0%jdm5m>E>CIe$ znt(j6Y>!!XL)mc6&prN))mznLizfLdNQ>(HD_Yb{Vl%za~xRsqLTeb+Ln{FwDm|LQ}82^CG-YA;kKsGosxsZkWPjd zp{e4=&<+?CI(MA1h#6ib?*Y^LG-aycyB@ZC_N`b-HTd0mZ)Z7a(IqciH zh|Clq4GL>)%-#vXgT@G<%9jG*RN(v2!sV_8-Yd06eC_U}$BAtM=z_fY=wagRyAjyl z>V-fLEV(~JZT>XbYR=bGn*lyA1)KW?_nNCu+3|z^F8BxxND?gWM76ogVbR;exxFL# zX3^G;6Ydvw^?_Y|VArm~AW(YZYMh#Oe3&e?z*FdMw@osuXGlxjkgqa_P;&R0U+IFS z+0)g}$p=oC(b?C#GI+SN`#Oi|ok_N}77le)*h%8t0kBh!U$0*A9rzxp4cVu? zdwVkr;6E7Q1Dm`uN!d~(qaqFt=H_C5SW_QH%hiT=ycdp>B6IVo!>9{ASL%4EL>=%$ zs6=^lWKW1MA9ShvFjY1p+u3J&EzWYw`nY@#x=FtXy;$Ir)o}Lvv45p6+q4#uw5|r+ zwTAoQmO^U!K}_F_+<&cY$ep#UA=k3BAvd==l{*b`bsFBA0F$hq@~mASemj+YF_rz* zjO>9Eu&7&ZG5E|0wGH@Y-z0vsuP(j_oWfdhiVMawxg0!;%fYj;9Q=p-u^imGmIU+b zeW!)K->3T}hO%I17Mg>vDL{63R^(i59m07ct)FwRfwaOkrnF*$UL>urLw{t1A1^T2 zP$u1lX>4QOa2jLF)ya6>0ULs-VQfa__S?+_en?&T$>`(DxU>+zikd2T@#A*Q z>I_E?*Km82Ye4|}A4l=L2CSMc8elc2jZz4RzK{ld%pnPDz^NY2YrtC*OK1Q_PvQdu z=3;L^vM;6pBCuWsZoryUTm^8SrEGCqt8{OFmTlS&j&5nrWiM!QYQ=qBR&n<|!Wt=D z)c}ndfZc#NHs)8s1;ko0)MxyCVl<#)Ug1z%;cE2>(Y@rQZ{Du1dDFE?Lo@W6!hAP- zAhp5)rk1~8HSdJ3_J>YJ9&)pl6U^IZiWb`@aeK%EYF1F=8_4iNi&qP_Yr zW|MOKjk{E3(_oDmruiPr>Rjy`eB=oY&U><{D*Qz-PCosjBbeNS0#lAi;U@(a`FgaV z3$R_0U7JWDOcL0YqzzMCipFL4l)C8uy-z>-cS1nc98+v5y4B}(y&CNht z%>Ws`^X0Cfz?j)TBip#a-JD>rR)x#53@u=|YpMOaME+`RG%DzTL7sRr|DGmx4$YH0 zT(spaOStn51{ZEYbg}(SrY`A<{tB7axAj3Isda|Ao%6av&qwlk7+n0d}JxEw)vfq}w z1C|2UQb^5hsLy)5qY?|x4r<5z76G~<&p8jdqR+cD)xF3viNU#NV3VlII$z@XrNdTnzwz-#X_Y~5Tf7S3*2F52<|0x7P2 z{Odf85_?DgjL{c_6is}dVmfA0?=LibD(A#bTGAF3n#3z!gfP{cS!$XG5YurnUk143 zGg|veUPc36m5IG9*%Z{WKWag!L_r>87D6RShj*;t<@OTZGo#VnetGMU#CU*<%@`=$!K!px zKX)X&=_?uCMJjl+1@T-U%>y4MzHN8|rMhVv(cQI-?mh}nOhC9OPd4%c#p#yk0sedR zVsGX^(1UU!P$Uqz29WuH?S7c{u}(pf19%&k$h2!78CMZyT$O(X<6f^N)|CqKAhW=@ zaaJ%g$4l*#Z0)%WpQZ^lKE_1;GrY?z#+Vo~F^@nV#Pg#kSqQ}w2_-QmKG+yj7^#gh z`Hs*S6Pq8zn2^cvE)#8xiH{m%vH=?~NQO~%JeWOTZsTb)%9Mt8Ir5H3;OkP|3yTH5 z8YUX|=`91!pkpQ0;ySRO?Z$sM0j8L$XiX=rp#biWNQ!s{H{yvFBh_l zw|L`L;wx{V#_60`6hjH^)MWa5Gw0%Nh5B=ZBM=yQWU%7=V7&W|>|gm3^H6l8OZLcy7nLh+rmPJ!d${e?G% zwiMFB~R; zyy=carY5CUxcQ)|-}hZNrA+qWMx$)p&*V;Ey;j z66|r4=3ugCW}giF(0@|eA55!**_!zjAe6AFpb>PUvoQ_jWZ3+jn=l;<&-y!9cnn4a z+h}x$n^Ow+ng)ux1Ke|yP4g@4ZxkYYPx)ERBbqhH`pv&zM>W5KR0h?!nWa?o>WihS zaZ^rne)(!n3RiOrt2sYXjhkOeHP@D`#!Wm;RZ%r=GGzXCQb_LVSPer)L2KMBQ>v*g zS&f^1n(r&FQsRA0xSI8YsOI}JMmSY*b4{sc`L9Yb&9~;L^407auI3C@!_TS&t#O?w z)qJsJHEt?up8HZ+5$Mt^6@h=^Cd)YOi?v%x@!LN#gGUb#A;;ZL{)wSfg#`s(pUJ!KcHiFGS)^2XMZ^t z8;aZ)=Jdeq52r^4WE=8=Zyvq}%&Dc>E(Rx51owbBfj7V2C5n&nme4(5PGZe3VsH$b zgzf=zB4;{ca2&Wp_kcN>F=xc!7{mzO1Liv292J9ONFsC(nCmsOOAL;Gjr|SI|4&DAJY(K*Hk1==U0B#1* zBuuI#Ee!3>%W^M`!uyR-d^LHNE47X^@c57~SJ2YdEV`v4MA^Hkr+@!IO6eL|h!8aJ`trl8PNg-Lms z8cjII)6bYI(4OZLYBizRCrm(sGNIyG7qzWIk?(kjNm^u{PdHE$uJ8%t1jo3EGXv6$ zG;-X;`4$M&4%(#lAZf@ZEeeu)EUv{tQoT)D5+tQ;($XMlnN3<2By~xW2;M9_PI-I9 zEO6U=Xc3l2u+d8-{nIcas!Q&E0oq6LPaVi;f>3gxNJ6}x0N3anJ#nlgqU8lx2^==8 z-=iLX@nn;IO&ej>tk#C(V`7gZ_1!=~Tc72ORHD4JbT9PSBIkWcJL3A2$OP=ygbMGm z+1~zTF-jID5K(Q0%NJ?CYx@pDOXWoAj?xIVrz~0Tz@&lp!MJ&H=k+Xob>-=ktP#_9 zw$xWSQDmbueJVDVzEieBUwX6lhi|{dFMR8ABrj@OsJvba70boE`j)%v<-{#q@%U7zo2=9jzi&%Jk{XTtAQvG)`X z*@W`JFWx8U2pE7X0P&;oMubAISx`%E`TrsTph~gP%a2E04a4G}r}#M*c>FprSp1i4 z4S#bKf7i@d`>UhvjkRy6QrgD>!q=~(g_C~*4A(w>lOn{wu2i(Xu9>m-S+Vz-(eg3+ zW+{CfMm&8wra1ZE8hx{e#XkfyivH!O@;O!M=ZNX)*WuHmK4NS1?-A{f82@D$ubg-efINP_cm;Wp z^89yxkc`RNj+a7L-8@9gL!{SdV{&`{ieDUr1%+~PN4vXJFl|esUAy2>hMV9_o2ryiK zPm1F2s*Al(jlI`L-ywgpvTyEehf^a126snD^vrB{=8ZqNByT0}3&Wb*bz-rsXG?b2$;4EX8HLVlXwQX>)4zA1cfflpn^r=QM8S zSy*`vWUw|&ylbzeSDdCS7rKk@VW~%51^g#IBWFGl54FxX3fS9UUj{=lNu*!Kz~i7^ zaA+7;FGGU$e@DizpG*CE3VUSyYW#7CUl*cyuO18qebbVg6P=&a7J+?@rel1SFbj`3 zY3v>o4^>t%yrA0c77_MCIbjD7$!e7;{ExJKIL3Q_Yn%Dan=wbu@1vn)DZ?~$ zr#rWWMpYC#$r6wUL+z{UlF6eWHuOmVQa* z?Ay@+q>hdd{WxrI4>xmfNkw5os6?3Z`BTA~hm>p*0zW+XUO=6vncx3X>OKr07kf3l zI-EDZ72m85s0uwSsoQhI)W60&0thSO)Z@7F*f{koLnZP-dwKfV-kFN4TkTRGnLxSY zd2x3m>kXh&RKr)MhoW&gNtm!OTfWm1Bh!&Pk*<%cB8yMV8rn}`W^jaQPq4br+Ha=KRUV*Nn za7SqpuF>SUzMan^_+O&OVX4McBb;RQ4!2C~%-8p)e|LZlThqUiyk75UE8_Ki%qiye zVoi=Wv=zzQ-q5`22!lfMeIfMDCb8a#h9ZUCv{loSi#0t6_uBEYz8#jLWe`^_+2%wB zbp|y(;Z}p%rXZ0zig#QR@ft7ikV3Rz7#U?9UUXPT(!s(i5a9-TWW?`Fl<`t*pfWT< z!H-#4iG45E3laQY4j!CQj?xhkFGu_r1LCc0k^Tb|nm-#NiAl}!AoBk*kHJCFhAr+&s}2AzX1e__ARCU=dp8)%|4 zC>@1b2Dzc*hdhWAaUrAMwAXeB%H*ON|{q>?NaKhgEs=H*xL^Z>1a~!}ZksQp-yKg9O3q7TI zFxllVaV1U>l){5rnY#G)2eTLK=ix@E%w8zuW-qJmWc%5pdGj1^Vx{ThY77zwzyQu- z^1^^Imy!WUEWw<@yb&>{w0{60g+Bt0hwP&>!e1vPDg%}|#%y$C&OoNqY;}18haA}K zjWsV*5uJy?$pZHfV+3AfzQpYpLGOvV15TO$v~FGo{~|GYB!6yNB7ZuU$)8Nm|KaX^;Oi=i_VKid60mxsZ^a;r0gI$iAZXQM>&vb5>Mb-9 z(Q4(N)dB(qtx7c&qAfQUn%<^VuvoQfUq$JwC{;j$LP)VR0g41giGp&~s^>_Rs8xgL z+u!rd%~n8w>}QWqk?1!ar{xQw+@?l!aNR%|72IM$W} zl-sY7@s^0KR*(R|v6A zS`i!Lwaf9Gao@iI{&g{xw$sq%tSISZW$w{oZ45^vEA*%v~_V?Zu9(A~r&UjQ`f9ljh$32it7YGQW6 z;RAS4vb%+lKr8z)b%*o$wfvKjJ0-2^#PO%it`f5VhD+ z0|J4c%_D>a**^t1ig1HLc&-)N2PO#6pBaQfUby8rTPW|hrTje3&(H&M6;kji*I?M-0t{*Z#ig!LehHdQ!?5yn zXp$O(@-Z5=z)FGXRH)6gxW0wI7P#uxvHUYW$v+Am<;%# zL};7G4quLd)oj_+N)=KpJxl~UP8FK_SW9(k_BqCmqw_5F9^{- z6@(gykj)iH(=TI-hD`i94cY*j8e~ExIKEQ*gU|<@E6GGZojWh0K-`MIvi?Z9ZNA3F zm=82~uiS3f17!7@E06|gW$_Kk*jj2S36It)T&?+N=9>dvLb^{zA%O?VK8hPGEAwCG zfS5JMCTtBX0ahCLcL(&kcKjSXu?&nn@pQ{)|I#ydmAxP;F8GQ!? zm2ZDIclRUXY!A$kO6g-p!Z+A5xRLYcb@~3L@6#WLt73TzlUtQdm3n^n;1RLAdoS|4 z2anX)Js95}A%9ifr=nnG4N3ac?$R^Q8=XoxfrHstyGJR9> zLvK5gD=7nbFmff)c|VdJwQ3ERS0KNFTNTtwLYqQp-|)o38?iJ`z#&Kv=AwFdy+3HL z{tJ4|Yls=I7?k-aJ5X`|W_q&yZgV`4MJeZ|+a>;G-ylB$l3^!70 z=UYqRwI@FbZ;W+frrf!w%1;z5zIW}mM(yLL+@k}c+;=%fT7lUa@Kmp*KW&eXFM6!$ zl$5%qI!wFrgs-^@c7zz{)s)ue33|cbB=L$kS}}UZi&3?oh7&{0^F8-Ozxp`Ts9y1K zkhV33+l_#yjC;6qK^QT#Dk8F6JhAQ{SMY@PG<}jS+E9`w=Th-F#eNW^9(}^qevT)& zl;86N$&M#X7M=vEN2I!{C?9F5-z6x=#2v?ZF@uXFgDGV;gN1gh{Fbt<=si-vM@i75 zHH(D+o{`wKOEVGx$Vl`q!N@4V$R5mubhkB&V01+ZMk?D;R~RW63aCM}sYE~*9b@VD zan3Uigj(zAly?8D!oWGvrim5N9RrsXHB!JK2F%B6iTfK`ZD8T>ET7PH-$ki3|!B_1ol zj@`RInkmo?K+=l@l0F>1D9J5z-9B^F$_{PrUghu;R zb08mf2%6=Za3C;Q?sAlq*-1XVgC~5%YqF*__-nZ#VVq8}HX%s6aMZ+$C|Cv#)U_cK zQzg>s#3=%RXz+!2WzE4X!{_BOUn0Gr&+^S-YE6nu@EWvlEMTnEt8-4YbP(3JJC4yZQ1;Dr7cG}y33#f?Cur4vIl+@;loplBN|@iApu1OTmmpVk(p13Uwb6+JrozXd z!ksq7TxA1Qs?bH7uF|4?$Cyu45efzSx5e$x*yNHPR4J|dCJcEITV>v81@lHLnTPSK z%%h-t=7BuIJXB9H57pDmLv>{ys~hulo=su(ZJShu>N97zWG+u-Z;)(ku5rATpvk5_ zKyZ9j`KO6sZx~Pa*_(|gUG<3W8_m}@%7o})wJIzKvePZA(zP#fuOcF7-ib&VRq!8T zGIMro=CU{Xa-9?s6l~Lt3jFafuo9?h`Jm0C^f@@ zt%vhZS^($+Jm?Boz@SnB0mCE^8qiB1XFW=tfLzg;mOxff2}Bhyfiy_1O69bla0dr_ zPUO?CVH4}~q#kFmi0E;r-SJ*$-G}K3=YI5B(wIIDVHW5AB!K;x3!ZrQ^tkqT+rEz% zMkgz=McF+a<3%O2(nfkzhm0^NUr!^=B(Y#Nv2a^bkD3hzU@!3cP^DEO(=LC$l1z(Y z;Y8xboII_|EdsePaCV?NC#*HDgicr=b+2BYO^XhPeO!w9G6+A8P1i5Q$Cd$b1lnrE zOd(lm_y5qXf_8CJ)LGnr67cOKf)i$2^l2ntFINOXt2D-^NWR-JW<$rLoxQfPHrd9< zQf)M%2@x{W{QsJvq+B2yjbZ38CaN0Wo2=0HZoptj?v7t2J;8us6cx2Z{gT$GK~AUF zva&d6%-n%zQ6oiy6FC__YW6OSTxTalHEi%7N%L;Kk<#MkeF9c8l%k5MC#sx!A~*Fw z$Aqbe)my+HR8LJksGgpBP+g}UR`*j6PdZU)P%_Jp*=ih?wW?SA@Otm|QFRf$_;l!P z)i-7Qju}IsS1R{oY8kVs&fC%yY@r4dNN)b-e$HO&tAKJ^c{=rwo3ZLuqmUj+i`U!t ziM3JM7D?*svy$ovG_R0{e}yR`jHkw!+lq~A47`(CXp3H+MDrGr7H2-d>M+aWUoyRV ze#6LsRm8=%3~H}w#d2`_2ciJdBRa{Ru>RU7{v7-7!yoBK0evt6yej!E?Im!>r3$Z9=t

N3V5Dz)#B3G6j!ZbjD)F48iWtFMUedv9Q09r*zC_z+-)tsim;DmBT!rOU1ug(y=UgAsW$mhY z0{`IJ)}_cV+^e4;!%`$S?5Ja2AWW{+YxP?@_HnH~j6R07`Z>~YauK4d9X2`PyQ%d~ z4R$pAI36an!g|V}pFFA?n@j$Z2aEvwX zq6(m{)w+)tu#5(yDcYt#a6{bqMpDf?Adv?LByv$u%qulhP`OSWc)IedL5aWqGEkx@ zjX6p*a?{oJrr;nU0{`a@4ovGDxVkdRR>!x8c<6(O>mIb0m}WeRtR(xl(OQDna&!`L z&AWX}qoiJ-skUG;3nzYyOO^OXZl_0Ix?f_TLu53{3WQcyHl-t~_-cecoK7>9}^ z4&w*&Agyd!M{qFdz1A>?+`mZ1h;NP6x1S%qze?qe;kx55t6pi7%+tG4Oihg<44*{2mY$xf6PgQP7{<66+!%ng0g9X ziVf!ibP}b*0%vcuU}JvKACCK8e(E3c6X1Mq)I^9EyevGccG*caL@J0_>%Y#EW?CT6ztIRx z1!2|jf9-kjZS{in@1^0V5wGgOr{<+P3mHZVnRda02nFrUxf1h%Yxa%J?m3>}a^`#*0{E7}4r>=KW=_6NZz56#6B|-F859 zI9$u)4WNU55(dz%i2+nz)ub?h0FLUE-iR@Af4(pXpZrH!+=+R25N07d;Y$YtOOpN- zMiKC?HDS5?H-I`Q(gW4FH;ZVKkdLJM_Zlx)u*Q*NY#X>IMX~Gu zrEP_M>zQn;ThdW75jzbXHR4E=K0rZsiNFmX@W2FFW|s5=B^q^w55!6MokijKa6c+x&KvkDEMXwd zkIoVKK@QDDWSZ3|K>#e($!)>F{*pCxb z|D{nKC_;(QPbNz&4LZ2|7%zMaET%rXM=L~$hy#mPa9@TAZh*@V@%1}heeW^8z(eQu=wcMCYJ@TTa_=@3g5cM4O_(1m;#(IS9O7G_c>#>$y~MY& zd}TD3hwtZK7u;TJ8aCT6if*ZU!Uc!N-wpg}eVXhw8NS`RjST^zm#dqBo1|=^v#~C7 zdC;E}pf+ZdIvS&Q{7#mFP&rZbi``>5KDQ$|Yy0sOY!mKf?~~)^#;2bwVqa2HsW@8f zmkPwx3tf>exizTOwb-TZY>XktQ{6`A??U!R* z)aeBE8K(m-*TC8`a*&0>sjd8=ag9DsK6sZ<4`yZ+$bFKN?`R7^?rGJ)m~ZNR__$6o zj6ACsSE`ery~&LqFNK}K-V66DInf|d;}e~kSKyZxi!X9yfb#{fsiO3O-mxA9!f}XX zAdnu1==|MV3AZkKl2e+SvVWq+*$6H@CV=RWSBqm|1aZm>SsJ_@8O(Ns#|Bie)V7d1 z-94h-4EH?92b7h092Y^@q@exz56O~MN>g4YbCzh)_Nbez5w5Zc140U0PiB8%1D|E6 z%BId5T?91fX%M!!NMiOU;sC}3y6@@aW|ge`7CN(_A*aR)+B_A1XKpIS-eXp^MlKo z$A83bFq;pL^V}mUoadegv%I;0mNMWhU(RIwle){ftmZ$-41*GOU?RTe&A9Nd(=RCP zYgJ|pS!gXpxz3jCjL?RJ0pytxK2cf*=;*k+XZH-vzLhRhe9`V(AODrIlGCO!yV)!EcsD__@-29-k}i zz~@R|aRR6Ct(~XW)W16aC*r{`Rm%+)gPdx(k}Zk>LEd-22e0;Z1KyI4K;@aU+cLeU zx>EQU3Vdn1@{8|o7GF9CUH74q>!d?sn^9^$N_`Kd9zZl+lZA)_rW_O76@M0tG7BkL zaoG&9Ylt1ud0rLdWm#X~JQP?a_>ST)oCM$v@tv3H?T~sjcC+UJ-_iV*pEU@+oZ(v} zGui4~6hcVOmY<^#&~*XrfGF6G#v4Vfl2w+S=kVxT4tM~oMozNKt;}IDmzao)Px>#$ z;J+A^@A>eWe{spoha^S&qq-V)F1~-o&H<(+rj4HVM+S3D1lw*C9i(fQq~H5pcma>G zjYpd%<(zthWr^uSsb#qm&h7s#p5|&HxD7R-Y>m-eo{`o|U?MOq1|O+C0aaON46$cA zi4~_9FtDJdFasf_h7oa$hfxk_8@>@h>s}yz=<{$c_>EFo*MYp|Bl_v*tP5nQ=&`vS zj;S&rsRw~mja*>QP*Xre=h{bcIo|PgD~r4_G*f&N5;so}j8_)lC`m6z63TQ9OjucL zmy~3XDtm%k^dx7M{MCA^q_%=xCBQe~8}!crtoX(QJWV_#RkV_Q0k}-u2eZ>qTIsJd zI)k-m&Th{19%e;IO8rkojyN(Kh4Qr}etZ(#)hif&+9;49dQ?_J?$dhsLgk9irngOh z9;DzSAihf%vqP3q`gtT})mCBEoAB4{lG#$Fk7)9{mokAFiifh4azIgB)ZQ1++k~u5 zh0aNJnbjs^o8X=pHUd3l-A30M@xKj#H=%ozz~6cf+Me7-1D$nQrG}OGCKJB8goKSV zXX7G=S1XWBYQ#^KH-2;nUuOgjN=urf5^kat$BXq2Me5@7@yCIgkXikP#OuC6ePsny zp&2Lf82?Eo(I9>Cy*T?ON&4sN24xV~@m68S4^bNIVD-V=2CcgxMPeRStswD+K;pH? zTAL#A+60Nu33VNb*QQClGC^X=5)!X3<<iPe_`EXc`WV9+GZbX(&NH_7qrFLnY{sU3yZ@#(mMnFp*a&g0Nr%}KeG zLryPqCh<;YIRj|MX)A+Ijz9aUyntzx`UwDj|Dx-sS;MMN< zdJIn!{0A^$1H~Z?;=nCtyTKv-g5r<{&(Mcg=-SFFHmC1)trof-!9d#&SvJsw_b3L{ zuvoAlWjHF%)Hf+KCQKC-9`#Q^bOFW#+2x{FF~x=VwA@O1%!OIQ)7YR5kHM zUqQ&AtbV$Q4u-8lq5L!<#556{?m;<3n;_hzOmBkQB7{{5Iuq>%`x80{y{&vz+3Zp= zp}j!!ZWhU+AL=|#AInI!lY|sm$_joNh13r8-)FyXT7Y++jj(y)sfx{SK4Fxb@M)11 z8!NIpR*+$=OkP>Ib3)JLm1xV9jmab@JkhYdFCgyedQF23E0OAw8&h&$m^FlM0*Bh! z7#4*Y4VmHxU4cU1ay+6+g&_#acta5GqPJWN>2bkDD_KR6k~JQzz_-n=XjkU`@ z|Ic9U_m8k?C<_~b2taY}77YrvD%Vaj#3U^5wGPXFm_uwPF5`ksTSCMS^0G{l6U(Kd zEzKduYRHEeTl>}l7(wHo8!Ice4geO{)b2jSGTxKx6?1cqR;)vQ;bx!eCCZRx)mWl@ zm05boUA2OrbVi~LxbKlmk{+qvRgUhRf@}JUvqX7g9Ns3cGw@pKWnz6Vp9@1(7{>FOY!Ak!Y>sCKU`0_UN0HNhXK|R@#yoRS{hAv2O@D2MWL%W z+A89R@gdSi{&HM*V2!>;?Gb z0Fnif8ZdEY5UL4~#lGEM=-LhwYd=)Lx7`&$Hgn})1mO0<00b4ORHfO4a95y-Swj$v za`cI-pbW>Lq6S&CorQ2Xwu3)5IlloJQnk?8fpT;cNp5OZURq|GSWkA8=0AvwPNLbF z8#)%$&xf7;y?kjhTpsOo=_v+yK|Av+>4T|G)~lzv2Bp`vN>)(vGE{Jsq<94#&bgY` z2M@T%V>b+S+ZS=Qsrw|<-yHleJ@~|~?61=g z1CJ1>26ExEyY27lej_@5QgXVv}4shfJ`bVXuIxX^pU31OZ9OC zkInixj7M=@qcQ5aRCwW+VcwxXWolVkgk=hYB#rndiUU^v-ODCQ1~A9$s{`cRWKs_n zq+L5vaH>MUjJX7U5M9f0n%y1G)aEegmh|MVkKw%#iIOpRz1e{$YGR)br|UthzUtv* zBXdZv7Ic8{%6}pSgSpLoF12qa1T5@MTCg%#(9mEUG~mbVH{g>6g;lwNcc*+66+ncV zP1m&n3SBp0)Sb^3#8c2Wb2diZ+fx8;;#INL=)(vQTUQ(6pahDOF(?_?KhX2t z!nO%L_;mE5yYoGgS}rxx6ls)hm2#U!t~bYri2&B<Hz@Zo;Zg$p;ZU}P zWe0Pc02orX35;G#DQjMtTT#V;6{~V9JOjRU#Jcn;Oi?I!M`|p$#+{Wd8+9a3g(1>Zx%T z0Fe{fbe6G$YDgpJ&FWB>p1|-vo!m+gY9&enEA`;O$wZHvO)u-!ts=M(Z z>6T5RTQ`pDZwiTF~rhZ1{+cZndtChEW1cFW-|eXJR)6-D}m(lYZGf9Y+~IP&jBer&;y zV>0GSP5J)(CSTyo1i&4y{#));m4{mETp~Kl5#9fp(Bd-W**(Iz7ZqKCivrstCs^wx zd^oLtQz(8?0+i`-RGK~%@p4YRSd|yz^7chRLt1Ri_umje?B_rvQT)RTs?li7^d8}e zK=ndpfoqPXxyzvULvwehnrqGXe=9V%z6RvhOz-Ox9aP|L1nyit)UUX*W=?6&XhXh# zD1e&_aG~KZv*Ch%o@I`|FA_5(IKcf!;lu}nJN#Lwy(j)Yb|Cn>UR8uTUd;1Fj(#M- z`3}l?`YvgR3MGmu3X$GR8l(UCn2C00V`HYM8sBm|CP^WLHue_+!1oJ4I(r(Pktx17 zMRrO|Ld4z>iegoAXrgGTV_Lp{RRH>8_U0ZbAdqqO%sW!W=Rx>G@!vhaS_ZK1TpFwEivfp)0nCFarX@h}P~zR8#5bgbW3hCT zAw&J|2}Q0%ks2fYNNHVb$_a=?Py>qx5M;0|I%92;!rKzUUe$lf`e-zhqRYb<>LEx) z4oz0EE+e|61#MDZ%h9)_0>f6yaId!7FN_Xey^J*a?GF?iudA#&c4fU#3t8DlyMNlb zFK}yO6FzAukn{bI*r1KRskUobJ?{s)rmtj47jg3;No9i`i55j5+pKFXduwr*zytX% z1a~vJ0`RMnfGwuA95rD*2+~B-?f(!g@e-nDTHJjy7B77V-N+%x3ceUlTIpb{_i0}u zL{zbKwEekG+`74YC@h)L>sIuf(10#5&>szwiUzaXLT5+tcwu;?6=|vGf%6o=J>ok9 z#jEjc5g_m(_BZ@dheh$4bzs>u%lt!R5 zy(2_Ao~u#^#g+&4E>J+&EXxxpJ&|&!FZWs&Ez2WsgA>CW#JeRWZkN80ljOe%ls3 z(#w5_U9i2LBUov1H=^WC$MmIc$A@V$A~B!h7ATT7(Ms8#QAs|~cquQfFFM#VEI$rk zhxX04-GOC4d0bPW?r?ei0}-}>hKik-_@wFjG-J@7l)EgOTm2a)Qm*`xT# zAu4O;5q;!F7I9>(t$t1i!%6xy53W!I*^SI8oe9rvu3Qmh_o_eXV66zUqjp8WT>i*cq&EHOv(KUnagLX#Cb6FqwlV`jh0tQEKUaF{+~Ew3 z)5{7N;6{HfSyLHr2Rp*ny<{|P2uSO!q3FXcoZ(ym-F>3wl8~2mh!5Ar&eZ}vD+N01 zL4OXrxqAd1qVC{iuN9WJkZn6`5^-++1{PaiWQATDa0mjZXJoxhG5BWoe%IF|#~CUw z334<;b=J6Fa$Vi8->n(9CUPN7l0OYU?IZ7ZkG&$ z)t_?QbU?834=pS9=V_TpT|Krq12VWQ_W(s4GXz!mU~ZHMi1y+h0@f}^SY0r>1>6{Q zekKY}@h?`pB2%1CtAAWO6PjUWZdayg9vFRzTZjmi~!*uKcz4R<41t)i0q^n)z;6AD9tP?0dMdtt+u5& zVwM|05w*#|c5xYu#vcnwZZx0hl4^9s_O8b1h~5Y;G@pdtREqbF01TY9vZ!0L&XV=W zE1hd~Kz*E2X**uZo=KdtYfy@{SfYYbN`+f%XDa!0-BzP!6X^HR+BHQ2xBKoa!bVkr zjyh%LDO$Y~_t87fL&JMAq1$a%j=nGq$~hDI+WpyZ7foma zh_*dLSBrUP=QjeaVD8BqtSXp#kQ6)PSjx}htDSQ|Zq{;JwC)+2+sZfOF0|Y>%{@X8Q~8nP&4r(nD~t_@h8&6hXknP9V3NkT6^l|a3M}&;!S>2 zVTLrYgOG7PjmFi?+3-`%7a%h5nlR4jNIAe+H}vc&*wioU6g|)dqW9csEsfX~CR@eSCi?VJR1Do0+@=U_&cefXC~r6_&3XXQ9sb)t z80kr297+*;UrE0L#vmqH>CQ+@OcL^)<`^3I-(#7^D=Bk-fzf8ufRppbvFYOEywuJw zd6njmxG)laGgk$200KDxfz0g%`$W&iM`H=l0N)05Ji?KWRx>wj(T{>nL|np(Iw;Y> zTpt=saLo_+wJNkSdSw&u+Cta0&~%`4U3^ZE=q5@PB^r{s7Q(R>{(9`fm)fr_Egivz zcjkugVu=mK5Tq7utQ9-9Mn!kJ3?pPPMDMj>m_+(>#N>Uh(=7$9(>;(!!8yqDZx9i(CazSnZKI?VYm-|@Q ztt_=~Kpvx^)(f_@hiBl)`d|(PH#-#JFq z3f;R~h`uqU)Ug1MeGm+iABD~HBBZkcg zShgCDAY3M+SPfr@rFGCe6{}$s<(V@94JQHt@)_p1dqj(zt829gJ)dZi%Q7lDtiQ3e z+hdC@zQq>TjQ?m+`+y)Ljx-#NVV}ik$G8%CUWkFs$DaHG$hAIY6Z)Y_5}cqWKRh&; zWrx^TeuJpPJr8C%^}6J&dmhZ5;T}!vEaW#djDy~P6_vSAbT~;zNeVSL^3GRl8O}lLXrrgEwo49KP|m{ zEsNrx&$cC~X6yH{d>;2xT}kv^N2fM1$SmYxG49)J6pBg&03IDCEgoE}R{)kleV~ryXG{v6 zt2mYm6?p1jp#s&UQ}Bb?EKxLp>Lu~*l-y%jbhvLYSbDy&tOe)iB&YjgRCAaycCjRd zcuFJl%}I@$ClsDQ(ccIVUB#w>@Pp6pBSeY{rVn?-j+v{9{Hq{V2_S8Gm9+0e8a}^2 zCO!%6RfXbUr4edqWGH3v<^;}4%`b!$IZUseaHsF+BM5zLkr~eSGn~OIwu$j0Kf3(Y z9$R{y5Brt)UR{r=chC~B?&UU5UA!4eN_e54Dg7_^YDoBlg3`+x2cyuPlT`NM?t?ic^$+ls?cH z!;B{ZeGwlyRBT3pQm>X?#}_>i#xK-oR?`hrGElwDbZ5ety-Ge~ucx!5LxtO=TNaU7 zQqZ8CuPF{Z?J_$bZ>A~c?XH(q z3{RYJYg8mmFtPzlhNR(*`Euw@Mh}RSfSM{D4hcC%=utKq@8L8XlqVqE&i10qv4P?^ z=?<+)WjVLj+bT`FqibC0X#~Disn2)FB=4GA2yCSrq99ElF?gmVoV8kTcT9Z%_2Sg*E>t-Wf_q}1 z7zC1YXth8t)Jj60QZ}0uG>Xn{Si>>5nj8kjISQ2IRfYbFWCDlRVWC+&^r-U`lC4Wr zrK;`cYT17hG`1jcy)t+lO@aDKlgXg?Y;8~zfbD8piG|y#;6a~bHP@)I*O79@q6GAR zwyM~ss2eU7b3;N^j0PEkLQ8Q_R0Z>cs^EDHC(0G26RIMRM?GgkKo@`8Ycv$h#*-_a z0IJze#reau0-iMF>V(1PkMrsLEY3x73&{~CE3aB7UMbAf39dIK>@*VPc#p~*$~pAH ziMr1qJka2Yp=zN#PLs9hW*6;H0b)gc{DUf%{Mk;nzxXFx2D(0}S9Nn}T1RDf4^jq; zJHaPBU@GU6X-&C_1P~pv;4rQk>6H?x`$&$EGH!kCtT~ijr)8^dC6QL>aFU1ka?*#* zhvk<6(d$W+2-Sh-YZADLEL0o?bwFe@Re;DgALkob?hul?_~ZbhKyP$n5U%Ls3TOE> z>!DVx3h-2ChQ&PC9gPAyaVC#ztYk21a{pS_a~j5(g!&&Mvs|SB4HwRiGa)m0rtZ%` zBzlsl_F(PG^=ooByNnDhl*?E`!Q&iuvr!VZjJY(KxTnb)$$`n^L|)7T4WW(z&y z^oN@vqjpbz23G#bHLSb8rHPhV^f&`t!pF8{cgJmce1&u(av{QGG44INr)MIlbDo(7Erc9sJM2eOOx;wqbcNBG$%0G5j!=fFT}XLB@LDgjg{lYZ9ImMYr-VY;8&lOxDHEG*!ksbZA{h9nhhoipGsS20ScNw+IWs4y;w6jhuE> zYQ+vD?g#6j|G}<~aW~$e6F3)}64Uc2rr(hH9K6piDU>J3IXWzEFxGBkhb!X?A*dfU zp*KO@saCL$YyuoClUohN?zZfN3XXc_z@3*y7+2Cyr@IXEudxwuzD;KmRwvEt4H`z<* zVq>=ta}%ieHcQiQ(V>1@Y5r}|%1>ebhxl}>9m6V<&>d8nMwv+qZ zVNwC&GQ79O$5Tq$vI#6uTwul%$>U`;b(FD-Z7jSN^-2E7ve-FgL_zYjEd` zedf*-Et%xbbCG0sdN}Spfo4GEec;X(Eot0QjnBY>8RQ~3!8p^pXqw~2;e!7F{t6cn z0?B-q4UgEv$qmJ@z@&&sLbnb~ryQVp>0sp9meTYg)-HA6kqtIR8@Y1K@zNtmr0E63 zF1UsiIuWSF+b07f9dAF*Nm~ztnS=}h+C&E+1VTR_1#zAZctFLThs_4BVmtO#|LiZF zM(ogH>R?e^$@#5HUwsMGLwit192G@s4ta9=_VDAw8m%s_^;e~b36DI zGa8DTN7`x1d4N&5p&wk&1Wm1>plJ;45%j+4SoWH+rL~lBUZz_X=%`&l=VKOFhyrh_ zf&GF^Z>tc->2j+7xeMhgINK?7)ESa#IazMm!rHSy#d+N-esbJZk}=pEBqMDOC1dk- z)npW!?77Rj!+WT7O^P?yrckqzu&Vf;=fxGBatVn$p0L*j9MQr=8RXq!TNB}kG(}46 zes1hp`6W0Rjd7JMKdOHGbgVWFL5@ifkK5EBV*2Boem-`N`#tUj=oo`FR!0qBrYg=I zB}cfAkIwr21-lcK=c8<|K};gqYtY~&{jyWa*!sL+-Zk3Kc{SR^H~IRRga@Qbs^h&K z`VX7q*mQweI1=4*mNUzk*6emLaBj2=^*IzVB2Vlqv(AR1bGVu1OsXktuh3P77PU^3 zgsmiD+{ir655dM_Tuo(sWDEO`!{m1?MEMY3Q#PNR=n6M^Y z7&36Y#^Lzr_rvDIL~(`E*lB3U6tAc!0bc$}Gu}Z_x)}lCl!apTfZ3VRQFj>o$5u=87jl2V`u7m3P+|F7TDF z;W1=S=%Z{@L&!sHgSCHWbf`e|iD-sHrK2@!M20(=gA^jVq)m|c9eNgDsSWxjq}#3# ze><|#T_~vZkPO0RMq6|}A+(PRArvgIAg>rTqKVY2;Pu5X6bfP~@LR^k;5GoGeP48j z1QL-gaNZQ{=;sKuJ*LT`dN7PjFaJDX_vAJM{$}JQdG#_bFiN@2j)?N;gbb-BWS(>& zPWxt|>1QyGs#yP!2#4q)4x#}f8+`}vK)o+xq|`B~@Eh)4gV=I&#&$i8kBp|ujJFIy z{G|r~qr}EV7tvh@IeOzbKkorR+Sfs)1P{o;zGxb7k3a3m_n-euB+|@fqq96BE>Dq} zBFH$tJl_z|E-aZLsC^8Zd19F{6>*Iy1N`~u26YfQ*?S&^a%+_u&T(*&36^sI;|4(X zc8Zt#Hy+Rvy{Us^reuI68@G!vnUXT=LTFu%8ej;eJ{mj`O&PXQ1PdmN()*r6oaKyx zU`igsJ~(C%vFrP^Hu0FFx3!owsH^aieaK-)qvydjk96xXf0 z@0D(CLbIFvj4wEEijJ-Xf0Wpjnkzke5(5uSY(i6Ilf04W^|5!%$n^|GC+;tlA-YDHlrCE@y6nHS2kWWJhN^U#%Doc$Y@ii?$U5xDX@V0c3f__c zyeqM}8S_{?qh|FQrLSOVy6<%>6Ay{`AI3VYk&5}HqjG-X{6DX!eF#h#1rzqc26&Hg zqF-!)Yav6TJ9Kp;+R)9{bEG6-W91<>fP`7fodif4wj+B*j7)G6^0@x3gvAqAEZ!Vn zuNlM9dw;wOLFu0>nw$ zGXv2&Uj60h^Azow)S6AsdsM`CBuu)e#?mKJEPa5ty>U9I!P5IHSqfgkYmQWEk6}m< zbz)8Ke(No1?mp_c`>_#l*F4dXg3IKU8_J%?;)Jg6Wm@2LvCJZc+xdfe((_xshvP{6 z62Vu>D9hIoNc7zw$quqWSR`=mDln#$WFI>%0pi+@J`t*wQaA-^=oOeI!TH|Xb;|_A zgrl{8kX`=P?r?^CS62~E$CQPIIrLc8b><+N^b8(3}10-lEeumbHER&WT03ega7jbKHua8u)VLo z{iYy#m~~{%3PN}LXo3wN5TWbZWJ>0y=p7GKnFEb zkzos5oGYgw8UqXES3EL_L%&^@!m3jmB$FO7=0jOWCm-!niJ+@!G}dFXe6 z9Qs|r_7jJG(Hx@U7QGL6*r8wS{B%W7Zq5|U_xr}b@>y-1L@Q+%qz?UJF}lEEb1JX_ zTue&ZC1;~4r=`KUXW)DaQI|5Mtl@#=IYSIvKsvtnIQxvAJ9!K2o6hiFL@Zz{^absU zF@N7a?t7cllY0b;0xKOVirU9%A94hJ0fOw}rL>h*IBfYj7FNADd^_q&$B@35`h#f0 zl_CcVA1rh|h^=;woD*@ToA1Hk%pXE&{IA0TH_8-`7wY7O)OnAM1$f;L_i2-6BEH$S zW?2SmYQ**cI1vgdOSuQ-hQSBp%Z!4B&dKQMB839sn5@2uq^QlEoL~F|{aJpGszqq8 zo1WTj(6Rr3Kfe`V;ApsggA=vMe2+WW{MC4}zN?H)PF%8_pDZ#qxkAR!4rPo8{9X|7 z^ZayymTL74)+%JIuaupflCi#?{N(sg@ zJ|ZQsvH(tCYj|$$OlY$aAyloJO(93Rh(_fz8sGrXR7&NWWnzQ|~;mjj-g zPso@iFB4{P&%t?m=(wlgN4*NdA&M$(>0E+jER1I69(2agaHTP%2ceuX^s>jKhg`k! zfL3bOJVpc%#?0)wEW|l&h|4N;mLrAFFd(2TodJPOq@)4yAPb2BF|1Fh1q0#>SkvI5 zOx$#eR8S7H#iI7DVnDE5NU32!JoIfrw@g4BebMW0LqeF(hkzRmh^=NoTo=AOITT%h z*_HXy2$}a(4G4C%%7D0u4(7B0LBFw!KUj#oe~$gTpW45b{2UdQ@6rCfPZ{a#-&klk zfbI`eviu7yxi|aw4XjUTs90nlaBsr?z2~XgzrO@jx9ED2BD@JK<{}&R@AiGPf34iU z+P~}sd@S&IV-sc^gZGbEGKufNi{@>xc7S0WYCCDYjh2q2sZe>7_i*@$XkmGY{WueX z#15FmI+OQLa#OlU_dwJq;+v4zw4A|Et=gZ+0;zw3e&OXy7~7S?#;x|f=oenz#{TJI zYum4+`!)5;LqbC6m!HjHp_=*yy@6IS292XoPQ`-GzQy3QNi~DEj>n+xTPhgzMN)LL(vQ9yh^H+G=r!JD(qWbPpB=M(zb^wHAbU9ep3*N91hXD1R+LE=}wx8{*-W&yF5UmE**}jl&<=rw~%f5eoSdPTG{H z#VJX9N}Q^a7t&)-{QA?475qB;rZm4WEIj=&)9(moS9B|g=xi=$Z~Z^l|8G?Gp9D$B zYr6mK+JBMM=vMlW%;t3cPv{%BjRIFj6a1_x)nHf4jYfYm?H66|ZQn}GlZa2S`{im# zHg;NN8i;m0M9JQXn4;vW-`huRJzcw~zIf9DW{wrO(F^XV%#|7lC@*(V?5elgQ}{nq zXC3aVvvl;F?{Ht8$28%}XyT78;xyI*i7)cLn?+rZB$rQR*tLzUfxXp67)S?8PkdBI z8H;Xbr>vDMPVSwJuu}l$=RCvwu{&X{s2<{8RkY=W^>sSG0k(nWuIkZGDTw|Ep8L8=LY!%6oVlksSU_~xiB|3 znz)kf8@3B{L`yURf>m>GUUeME|9hk;b{W236a7G8bHtR^^sEqHSTSoqetbo^ObU#xg|d_ zb4%`?2}4rg^9_PKq-?le7*Q4}1lDdbBIvzET0{&3yU-8MB0!DQC^-@xsU@|uAJ>v) z3<-EJ6(ap`VX$hs3$2_$1TL*W+qZzNd||1os?AIX8fE-$#_vd?T=7J$hdem!=v6gs z#L|+|;;=AJz@>D!D8RA!SC~G8d<&4#G@E5uPKd%Gr4~FZ@OJ$6k$!LpQa-z90AlWBd^-IH9&)y+ zR_!J>Q?vG;$s?(4WLSzIS0K3wiDU7jSlE&#jv42xB8B9LA_c+cwpdTsT%(jgT6GVQ zC_O0G#Nqvl!$!7*+EqPZZT4Ve&Dzs_ZRx>CbfYYKa~q`xFV-F;F?PJ!6UGb&Br^Gy znr#kHR`@Z9yq?75R0-{foRI#t(zr_hTGSj7c`bFp z)TdW@{z&xY<))Rs1J*z*;mYgllu5Nl_DJ+$S&Ty5$od_SHMStEuhan@T2ghuw~{5H z%tT4+2px+*qnX-Z$kdw4k(osJiH{n>DLsE0N=e_sA8IWK#Aukvhk)xSgohJ3oCUn( zsQWyd_IfV>h>2kOGOzPH?A!EdFaC^UeH(!rc>A;%^t0Fuh^px{*tD`SyvyCNnZO zh#`+n?8f*)pptA1&m-1w3sA)LaBFqLMMDOoXivxp9JB|k8Hb$Isz8^(K1p%zae5jB z&6BhxmT1y_Lp<_B&5fBgYT-+5C{ivK1pOq?L^1%?#jC3k?^bUThyOnlalM}~g&ccX zAMg}}{2yZPuNtiy-=+-1urE!b8lWsRLji&&i7K$%`CiITmcfc$NftDR*ov*o(Pq+u z4eQI)UWlE zcH?VdD8Y(i;LA#Kvb$&Dl z=R2Vb#Fs3$O3&-r($g>{+D#^;Nb3A;DS8HfB+)T0o9hc)4z91%_uP`G0f{pF2)W}1 zBKiTm3nR4@3FkEmJF`i7L;G{ou8lAw0bxvSjBKAO%7{?}4R^IZ$jElvr;HCoj@`wL zxB$7>&!(5ML?Lhrq%%lnF!K`vue$gr{KF>+CzyZ@#Ta{KIPWyV5QNoM6zYC=%%u%@ z4S|)9HWBa$?-&FQXuU4J%I9M~!{RNTg<59IqSBHkBMQ84BhfREhsJa-l8$Gz4=Tm& z0)$*-LrYo`b>`IP9*ph-Du^7Fy{2BRH_UqE4nWlB1(OW65p~oo#U6-!V zLX{L9t`$Z=A|8`U=>FkoDuW~3v~<3&jnA@9NwDo*o z$5qmcy%$EWYq*kQH-lz)(e^>wRIfqCEE+cr2>#2@&O)y-jZPc#W7t` zDXVs(L|uH0mSYa0G-;EOR=SEpkSxxACrh&mcAh{+wGYGn=zhzbyq87$OB5CahLF|e zp77!>#Ud07}5*Al(h=`m%(aC9LfFPyIIlPZQh*1F%Vh0>2zcM#@yO)nuFolNi)?kZUjP;y;t ziB_f5oLd(sMtn-y-o^kRhi{{Yw+ChW*I$dG8jF97$rc1r8NC)tr?!mVD8<~2wNhuS z#rv}^FEehqtIuXEu*eVSDml1Fp!oS{EIy+$;bd(`C1ql!IKu=>COP^$#CWd)Jh>81 zeG(3~B+L(mn@y+_I}~bJrv(g4w4{SolvxXxqx58t)7qC{bEoF!b(INR4udkFYG;#- z{*&OTC1txm;-!bVx*mu&s2^9SKBv^X-^ijewRWGFAVXr%IQ2+Sf=El@8uNwPjv!Za7+e0sRLX3SAoz-rz>R zH;oT8tRQ}v|2_=y8O&{@_z{jKzRqNdwlW4c_ik=z-vGC_c`vS|&{>E;j+RcM6hGN@ zt$mBx7YRsJRZ>=L;H=+`?d)CJ3xWJZYj_3JwDhm&Sd3Y)_! zvAMvoQ5tQqKIz*W-$NlkvAmKu_86@kA?W+8Cf`xBTgawdHHhE=WD`hAhD;1LVRh1@~q(#PAxLj*9%(Wzi=>|VviNbL66(wHQIvZK+DHCf0 zWo#T`oe$!e!X2Mjrz?O!tXD`aDqg?d=yr?SL|XOY;;*tM_O|#)3|&dvbHr$XMZq37mXzUu3qcziQaxG&H zbQ#2AHP(s1B3`!sZ0nYo)Xy<7d%BMXc^ICMAXOOuD9{O^Q^CW+1hPfS`$ zC(*hi(QAIJBe!`3u_z_|>;)v1OPbEm0`LODu7zKz!@~><*8;+@+^YVSLNC+nBR^sb z*4(}FlA;Y49&B#^&>Z9oR>%q5)UXRiV2ch%YXYR9Xa!$n!_pxz5D-Xp@olx*)W!Nb zBAPHwbbo0iev9vbE#fgetF}^2WJRN&r`!T4k^9~-!L7d^mT`h4N7fT_Si;`lC zA^e6|3eJ|BkS^tSp zQ(0vtOWY(7guT!=a00AkKx%MwB{5j3ttD22Nk}l2h>PT^W5sfTw|y^F7Zpca!G!+k zK1k9`%FaRfsoU7l-CWC>>p|j?x;ompo7?*)FWV{(fw>vV>w2l zX@^OV0enYnV^@5M=Wx9+5B*TzT)_AsLD591ls7#%y%&JEf1>@u#_uGJ;Ya zot7z@NTn!3Z4*6LF)w3y(`%j}NEGFMkRXVxR&^nPZelyPmJv{Z;DBNgpkc73XA#cz z@!84*aRvpl+Ifv8jMp(a->h+%GHL0S0qmqY`|gK^xF7eu2$m+a5^sC8`U_qC9vlit z)VmX?B8~y0U+;$mg#H6}%tv*^QLa6IOvFNc^_$f5ahguYo9Ow7%=5uo`_(PbTBo5_ z+%Bb<{#JK*^mR;srAy~9!2VwJ$azS8iNd5rqoZ6$**Yu4!s@ymJ}8ZJke-&g4OSN& zMAgKwM{o@SxwH%daDP!=`xpMqdUGdQGTyg5^+s-jqOELXBhwb?g!~WUer64@b490< zc4s@>pZUMSeGI;>O5Ara?K;rUNb(QR{l98}?L`_P>Vb0ev*OLUe`}$M zSVi&3Bxko)e)2Lp%&SMS0%anpnJ&BG?vkDUXtw%aG>nEtK3p9tTTa2sB44M_0* z?Y)(6ev0MWD$475cGX`z(S%8((3yu8T%;(C4QBJSk7&u*momrj#Uy-${?`q#Xyl9^ zYUj^m&3vKrJXC!t%EL)AnD0OG@weg`ilFHX5k5lWd(2(w_!>O18ovOI%a!D_u6ci7 z0pi~A2^xg)<=M8~i2)_D3{Byh(?#z?_OAp7XeFHorUPI_!=E@^8-`jLDP{AON7M81 zMnOVi)}$Xc5n+;f(Iiy04wkZLbv{}>bsmm{G~_3s>y5x8l5W?^l?W>IVV*=c%?ss- z`&>Zz8K4a12hqGz0UFkNmdLfwr^z%f^9ALBdqogxY;xebiliAOAHGcORugzEpS;$& zEoqW9kq6c~cCx{Wc9@F$!xz;3WyOhG!G*CSGxlwI%#h9^;%teT0PoPQ;(!-F^0``% z(Bz%m7gRw;&;b`gY8F7wM3!q^+qpEO=SDRCkkc`QLL1To5G`DpxI3PLsxHLhWY>Zg z7Hn!&Y}P59BnIKm}Q`8FA4Z55*oAVpFE(ryJAHR~jdGLPDE zh8pDqpi`p^C$rk(Yh^majS}pk>#2NA0#~KlrzAv{Xv+(FM*+R{)}80EJM6Pm$84d$ z_!xzb$?2)PL@?+&#wnoZz)+x-(nws0LmCL~H?W*W{b1a~zG0RXqM$*!M+D45)M{~s zlt?JZ(p;P#Thfb_M9p#`t7O`#)HRor&G?JShj*h0ZMOZrkPq={gtq%z~?_|#HzRn{d=MBvHg3mcB>0?=W{;iu8=d8IYpoIgOHP9&SIalBjo()3go=W=ln6` zJj|R|`<%aqoGr|GvCnzd@4f6?$DDef^Ma7m%bZx$8ENp+kn;iN=rxzjX$v`TXU@&O z&g_tL0&_m?bKVqk4rk5^pYx88^DO4P+vl7ca(;g~a`ZecG5A2pd5Af$@O3^Ka&Bji zs%O?Ig`6)iXE(-@a_;Jo)5Dx!`kaj+=e^9)%_l(SDgLek3iZc3$wKn%a3T+Y7XKerWGl<^)!nmeX6bSZ*?U^E%}<-w=fpYF!g*oyl5(o}Ugm zCo+df2yx^qpt`1U9Y>G98j4Rwah7ynxJxwmtx)QBmjS3UmPo?vT%88ml<&Vc6u*PT z9S-{8qeBHFheKn&|B+C9EsN7_K}2vBB97^!-x@%tHIP{9n3nH2+*Fsi8&a+=={BnlB^hNeOU+?L4o3>Pyu38yPL=^- zOPlJ0PPtSai0O+xZa^ND7E1x63-H`oqQ?6N@OPOjQ|Q&dV^!`B|D|Np2BXpKs9LLco2+-6pJMMehTd&7PA>%v-Z49W zqryV(Zuv}&-c122)>?J%4g&#fb*IU2n~dbd-2Va_Lkq`LUE zt}R^>Yt#d`bQ52#cjbetjO&&!8s}l28Q+EgPKg1_G3C6Lb}UB$qE1JAeYeq)}E`z4N2!E*zib^(OKS4`gAboS%l1 zOGZ+d`QOV=cmPlv-7eJ89*h^w6bYVPnU5u7(*N+=AZ#ky5aVRN9X25@n%|l!=6xNE zH*u}d;UuePcBd8Hxik9B*JP>4isbWfRe`(H1*8 z^DX^NXxcZg5`KcB09ilMopRfGRHk?(ph;N~?(VbkiXtau+&NdF2TrL1!Mb?1=EC`w z*p6&NZUb{UGEo;mGk9`zLoP;HWsfvBFxhpU=avBDl1%YzJPqm>`UZ150Kp)JIx>Vu zFtxfNyqa5Ma;uPyHKYEtOmSJw`kq9Eu`V}a5Ei-nqcOA<+5=}glkhnk2>czjh4KJ* zjqv9$gfjqzwc80^NJINB<%c+cZvsF$MOoB7M*1a8c+}(zjYkQ((jBscySVCF7WT=7 zn>!ps;4*U5Hoqki^-3~qc)RnH33*CrxkqmnEeB>DlW}4LF+UBkM1bUDc6frcyNbgTj;9)iauBrPT5a^55kAO@8>Do+;W1 zMi`PQ0UDG2-00=kIJH6NVjD?PlYq#gmQb=1E%<-i_!#>YOdQ|&6F;$4g8>9rP{&LrXij`V1 zU1R-}#Ic@--oyoiVV=l&SpdegH z#`x0^XHB$zV#L;@)+M{lpc;8MsCBllR>>j(1EDN*?OKv4Uhg`Y7z(N8E*Yn}PrByL zXLIULtQ1H{z`-zTQt-OQfp?vQcM#!y5z|u@Db^wpSa)QK-~L}?edD=kMg562us#RV zhG7lm+=|ieUe)f|YbV}9@MX-vRh`&|M0DakneL5%il_HyWZi?Oi!ij= z2;GoH0&sgV6SySC$1epZjRM~#xaeHGi#U)lioPG{I9R_6G0eMUV+;#YH`IHe0Hh5q zABJblkEVh#AMi|lvuEo0o~d&^Qx|!rp6Ho+wrA=bHzn`-keiZsy$#EIv@w_)CF;Ph zFmStUMwAQD^vo42q$7;?X}D{>IJ>N5{BEJZD2?i$0rt3+KulQG~j&RUs6Mz%WRXvyG!s{jR`1!`#fG!o3<_{*x?UubZ= z83vkKGtPdL`4HzhX}Q6o=T87B+x)dZ;c>H@vETAeba9o}e~CE^D|eNN1;s7%s#AlZR`}Wqpky{B3`f2XOdQqn95M!8NbxpOBom6aj5?HLZJHS zM2-hsZW=*UF+}R*f=LWU=*A=QiYMsC76X*<9gIdjUlywxRckji;u^}bp%0=V;Wlh# z*j#D$(&j=lb9^(TTNWX@z~b1d#IrII70OR*P)l#IqXoaoHU_j9&n#FG3!UM zD00ic#`u9++X=N6RjRdbfNJr2{PD<0as_v%r|2042wJaz%O1!KA$BOrTx!E2`0`cN2L(4*bU*ufUYv~TG_!K#ir2itza$)fZc<@TCovDk9H@5Y-l+FBq8H3Y`#%;3&hj zZSXhZq9ly3awJ~)5ONP&-kq73k9Lfp|4nfDVlapU0XXurDf8^JDf8^JDbVRz%uNZ7 zJAPBY^ZUn${=;qSV0HP9X0#EmXC6TxM?l#Y!56-%{?-9oUK~Fily$-96h>W?jr26C z{{kO>X+S@K8lI3=)+fes0B`C7{I?kOBtBypeSpRzL6Q85QcKJn^D@Q1G2bb>@$}2m zOi?WbQ;Jp&;Lkzz_(uG}kiKx-Qs=VNN-cHqxTRy&mFfESDSmM<1&^q zzQ3Q(_`ioguWpcjp0%)iB=wAlQ6?}PfruYCd z_Bz(aAO9aET;t6660@A8tXGT2#difu?N!1rV=3#^NBE5Y$v>ZmVTi7sxQ|^MAL(ww zwXTgXPDPfou8pq%FJ~$1+W3m=3YN0275I$*$v=1Mn46m^uHBarjCFQRt7eC@A+CH2 zjFjhtUgHS>rn9o<$mpV z0bYSJi*q{<07(I0E>?s47vi=FLvXGEG=$tBgjG}wzZ|xmq6wL9dS9?@#Kn7zxmee? zdQ)Aczk>E4?5|xYMYj-|L+JQCEJwWXXFG6O7#R(q0)$@AUWi@#dmU@IOQji&O43hV z(hS_pAt~D}1ypF!$P|sBoJhET$lmRhP3^9z+x4dEgus2bVW;Ugb(J-w86dnJIpgwjwVNojOp68CSU z)VxKxo$ZSUn&(Xzz@a8Jq|y33wBC-G^m!A8=HN2>X!$CWOrR_0k$1)?lJ~#}OdXY^ z(U{jg0x;-5O#C2BgGW8$)we(HI(8n7>>g)+?ZG3J_ihZ`?ru9@==BN?&EB6JQG}s?644t}_(3 z%1jaB2TfMWKz_`m0%<`iAgjRjd(AkPMD{cIV|E{fEc(z&aGldLs#e05LA3g{lF3yk z7*bWHBvE>mH4(HIy%@q1AHKKBSP({kgjk5A=%4#)VFe z24DhlFl3^{kg*R*o^=I~a((B~)O`a=mzP0!5h0*2ZWKf^3ZnQc90kA-(#KpkAl!J! z+IriCMMwZ+_thx50tX2pL7CoH;-znY{GlJ{N}Zf{9*|i>%M`xCXJ@*(!s%WtG$RP?GY;a-`BeQoYU58wb|Ob4M|jGG#TD2JJb`w}1^ z#=g^krUO7!8ON_j!=!MjvjM&mdBUuR1g8?`aS(hjIt_r_H`v@1h^jCzkr98x zF0wEaguM2>Z5M<0IP~qpW_Y+9mGEJnd^2tynbULUoSrQa%|wesk%La%&qabnsko>C z@M?!hc=A(pbR#9>8?rDLyn2WGD4GXPAwT|we^6IWT!u|tPD2;LDvZ#EyUII~;&Lu> z7*@FpcPZTO_o<$pSqDq#{#CjAO?n=QUx0$xOgnC1X8X>Sx$o*-*f3Ri9+GC$cUR@U z>kI!zTo0pl0HdK0=+vkf%V_34-7J$=T-1QqgMhWX?k}%q7`I4J#(k@D_j$Ni)q=~9 zok1Ehy;lKDA0>d6i=3GfpfJO?XVy$Xk-m3UWx{wzCIzf-z-2xU51S_d><{rE`M<_P z-$+&dpI!bS9yU+7b&Mt2cS)6-@Ejk8KP7ybt-txAx8V_C3maZjU)Qq*cs(JIi@iwn z9e6%oHcvS2?mustKo~`Fsc?|=)xFVr<#GEWT=>$^$x;b0_G{CW?&DeGP`n8pe2uA= zzs8gM9Ry(4x9@t5kbC>8+;&gymtyu6O_^k)$Mz~VQ{_zDRzj>&52@ z1s|-=ZRIIt>X&<0-;c8QcUb8mD{c(f$u)Uwsrtt5z_uZENZF|pH z{#We%4ukh;dq2U-m+bw1%fH0lAGi0#73EL2_dBpw5dPcyqxL@2-d}=4`^-Pe)wlP9 z@otl=+#70l2a53W%)N-_dlW+K)@>9(|!=|7{K=d2XkeBQe&*@ zwgIXLJ$~c9v%=eR%+tVX^2H_0^|TtXX2u1N_*`5v|H}qDVO3&-w;^-I<(h$IN5fq$ zu^I_wq}9cA+G`|j3!VrZR$?=u=eZ>JHfA|)_W7O2rz2oVb2PU7e{knoIX==dOWA3P zS;9Omn=MyH8E4yn9EV=(FjV(UuMe;Ux`d_dGyTFgk~c?Jf)}Mx zLD$QDcQtfBf@=n(!8%EOASoUkXE?$#BxQIq>&ki>gJt#QBzg2GS`-`58g%yDW?|G4 z1C?SVP|6A9xm=iu9UAznFdVUr6LGJB6@{UHwHn*5q7xxB~>vbJPebQLa_ zbDgo|;&@~9h^PqUl#ox(64m-f84zbd|gGg zKYsdx6ev3=NJNnoT4!dbyXV zs8vCFkw@vJ%_*;>T$G>%q7*oVihCn!F33FGqYyR zT5Hy%OBi=|9HABee?!}GGk^RmP9vcvPT!}D?q z&-K8AX&uM&37gas$6rOZ0RsypURPVuV8oFNlflqN3=wxla3v=k z7<68VpWtfW&fNzC7_H`?U*QjDp+U=H&6X(g0*y-)d9ub`=89|%uHwivO$P0*lA+5p zO2$=m%K=S!{5S%yW*|Y}UZibT{&}AgxI@rVg_s2YhL{9_|0`lR0*>1Fr+`1;X~&?2 zCKF$QlUt(t{%NHC8R{QNFZKs~DXIT7VooD5^eK?j{2=CBSILOXM7+Vtt|D=f%6@ZY z8PFFbp=&*e(cbq~t%-}0(9a;&;(N^deo&z=O+s_gz(TL|zOPs4<|H%+Y!;fUl=ho` z73t;%LNjvK*a98nW#Eb|G9=VrGEDG*IM%V5D|BYb^QyAm%JG?9aD_FJuHRncsRIFf z+Y3W5gLZ(Zp%0@#*eT|NVKh4qgv6efF(NSH1JQ@DC`34Kz&qr?3|Iyk>~ZZO6J3rz z-;^EicCc*hY54~11_S4nT{u0a8|Gf26>FnOkv$|1Zfe{vWT)!;b2i1E-PRQCWP8ak0d&&?eIj~hkg-FsO!t+u zp{!*h8eg*Fi}wU&6D%|?rG|AK97fG`bg--zi`Hg5QTBJyT^&4`L1O%^o5|sv}}gXNwjSEPN`O^zV|79!kw4M zb$%ijynp;$Ka6vIIg#taM6QdHxz3Ms!7t?m6(dW=A(W%y&?O1ZzLww&=R7>l79>i$ zG+Ej^F-9B>@^az0k*9DtVe50&6X#kOw3sn4HGdHj^zaNT01=BNf>RR{aU~-X$i5LL zwg~i|aYR8PyzK01lGzV4(2x)siD_W273O^t=Ia{!ri!|TcrO7|%MB-0Y?+yzhGOMN zYS}JIY6HcM?{oHkH4NRs6-;=>Uh=`SR@jC!7ogi))p5O9`=zzKOWejZZ$+re`O^lw zKG8J~*kiZel5yOqN32Ya*4=53E1wAm1?Sew6*;7rroFm`2*SeQa$N}wFc%MSyPvKh zh&e_Gld3Gz=$U{Je-NtG5PzV@v$46@Ev33E^Fp|F&$jpZ({-l=-<&z}n-{lkUEZMc zv7_?tZPDW{1s=EAv`J^en5Um5=w-$S3oG+-Bp%!oew_)e_XuVi-?}r*hWMJ$-C~nI zR<3oiKfv)?EZv5MpV{rWpM=g1o1zYO_(+CuNG&e8S0!yOh4=7^zU0GiST-{L_4T$s z%+y)BNb5s=v*1&@+Z%v6Y@g%FSGv3K$ln4z);CNACJ>yj1mW^bQJ%Rrh+6=|Pu@uv zEGu2969p?ww#CM--KTBCU2HHjm)qHvK9-eW8YI$#8`pCr&I@6@#j^uQMK>`CnynSW zTOcOYNMWw(;bfD%DG`fla)#TSj`uwJw=);-hU;;OG;sqPkY%F(;vd_8>6#wK4U^nm zvhe7iB)42nV!JVS$@ZfqLBvfU;38ay_?%qT=%jkEP|0%yuGCMOQXzZXB|9l`%O(8V zCqnYRrq*n^#-JD=m$^!${KvmX!i5yIT7=FQVJi$-P|bm8C&48PsbTni z*j#FOfeTE!pm#|zJmC_+ZS-Pr8YT>%0xWQ@2F}&U!F3;(V^8G3C|(L!B?*AD51h1o z*~Ivg_$=d8nzfSLgymhV3%Ayo$9ZV7vDDjhF-p~kEDT&x>LUqP3_Ae_NzfNYHCXZ& z!zIiwE0sX@4FxjGgx`nThnae~b;3c<^AJZUJ-1o@hxxHjRn*hv*A65>woCX&zF{He z0-`YG$^Bh}zwfY^GLCyVoj8h!!tm^`LPWMd`jk`#Q+PoW-gm&93{E67TZ?ehwWq9q zgz5%1^of7Z`wrUP9Od>I5O}DVv3N>^NZ4Pfvb;(Tc$Xky=R^X8pwEENyT$qWawl8` zm78R4c1k`2BCI%ifMiloC}@)dDRCyzfo-oB-b=CQEd#$9i~%H6W&jC;FhGx+;WH4d z1JSsU;A6t6xt5m|xNc^Av;I2=$>nn32)mmX@m?@n=f~ER3#gnu`0`Y)A0$*}4+(>? zN5`L`*^4^tkFLA`TVYm5{Kh zJYkX~+*_V7SrUF;o^ZJ&e6u`ZiX<#3Pxyu;*u^GeQOMxFl8~wgChR8(sd`|-5t2|= z56$AGL64y7^>C$nG(&5qLvdgdv=Opv;xUAK!q=9Lq-C-G#N)_}RjmJ!6|`o!$z}WG zW()Yyu7@4TwLWM~$w^ei*f1rs--_%hGiTcxoL^ExpxYH{83`#NFafoUgfbzhv7oC; zbs=1C2X&TxX>i{N3SWnUYFx@ni~#Aa*^T+;jqqLbtZgZL?ED-~>>uJ9|iTogLcVhQVk?LS>qfFbK^X+OivlrrG#l zY)p^?V~Cqr5>j7``@)=BnrD5=7(<`O5!FVFL&`=}t9Uyf_0;tfRuy{&V;TvSnMT4O zO!u^9dxpXEH=Wv1`d}CL)2(+_B&mvIO1Uwe`0Up8Xne4QneYkfVnwF92V)8em6<}q zAWU_)WxI#L)SU_A45s!A3il0*shNCOHluuT2pWzWl&=Q{;|mFu`9i`Vd_B;XeP9@T z{lW2IDht;IzRSuIrlwMbD^}M1gE57K%1j|)5T@>L%icc>rofXLF0o$Lgq1*_ooB)O z!OXwyd9CuM^XI_`M?z)7kuV71i3{F_9P&x4K}DF=*@P*u6PcCiio>D8vchq^(4Sph zY~|uH%U&3#(w?uFo9@-mw`HGqGM@qr=f$Ve(7xTNG{qS=@94Ww49thsl`38j%O5te z?(Iu4>(&Ef-^K7wX4~PL$Kd^>RxA`DHPIt|QRgV7 zEL;PO(c@Sq=g=GLrIP>>&YdLdrTyKRZG;G{H_6&ft}c9IY&iuhBs<@XsRuYP@pA&c z8Zn5Wwqh|RSJ#z8OuQUnr#3N7>n%-tlcpn;rVunSW4L}FUBh+fyWsNz2TdsspOav) zQ8LC%hSDL6d)gLvCs>L$f>VgV6?eQXZjeH(te32ia(C96?ApoJ_*Bx|L8Ped2C40x z^|x!fc`#xfsSnRJFw+w-dssZwf-q}f8WS+Tf5~VU#FYuh8<<=IW*>`(%PisB94&&L zISH6geDPnA2rb2+BNP7Kz?_tTX|Q;pY?<(O12ZoH^Dh<#^2~(aG%)8RU}jnvP@4%a zFfbP;U~(1)8juN(F)#}fFvnXMq-Mg224+zL=0poa^AU2qNZywuVCGqvafEpi5+Ka- z1k8L3!>y(8E(5b70h7DK$S@$xbq1z00ds-H!|k5%A_KEB0duj1;eu$$-CWYMDgkqa zg`pt}CmWd637FR(GW5{=hGPs&F#%KmFqhg<@3iINW@sAA>M<~l{OxMDWpTeKl;=YL z(`#Vlx9i&$W)H%A&*14ZF!I~=6AM#Mm`e;yDS_v+j~aR=66VteCNwbe+x1e>==@%U z+26qQ8yNZRy2F;W4`Id{n5_mze!K3rFp~-MM~?QuSLPjB<(-wku76u=${J6Y^#-QK zz{qdcdW&ao!u-2|sWmY2+w~g@Gl4Ld8kjl*BfnjLurO+W4NSd(k>9S+!t6^t(+td{ z1U;`mU}3l<7|MOIfN3-^^4oRW zc}B;$i4^|8;K?OmwqI}Rl-+tLho6CGP6FnQXAKOONW+s2o|6oWz;=zbcs@Xwj~bYH z21b6n?)bUEvnyd_6&7WklYsfXEsNbw_!s;k?-wRuLJPzBO}N3pEHE$)BExni6?C6OSmYcn;?JwDUT-*&WF!`34d`bsw6vK&pqs%L+>)y|NA2s=wn|vxO z*e#Q<8yl@46H>woFgLm?t;ci!pmlDks|2XHTehnV^@!D>!V5+f!e!JryYTQNt3Z9V zR|h8+gUQ)qu+ySmY;a75!5wF=re!l+&XDnc*Spcokl&v={Rtwa7i0yF++^V`? zaP?0#tpwihUyilzffCMW{}r8T(84hj0{slw9WX#=qAT#%?E6Gt!8d^TT3OICQ**o| zfrB;hq6FAiJH%{k2>eY_1}&w|D`f{Q1Xux)xzhB%6S8Y3G6%`K; z{2xwiaSMid&MzPCA6)%mumuId9153IzNQ{&X7)m7kuj2tp#r-=M!d`(0g5|a`W-|( zYa(RuNQmE>h?8s<8Ac(?A{(*FKwM}e^cA+z6BpQsYYfCZ8_{ec&an~an~0o^_^gST zVg2PPu45X((Ot%YFgVzFB-#FtD&y@mLkiOAT9*(PF=jhJB~R#_YzQWNQF8=)PM zo#jJfocP)f3~j`C5XF6C>>p>&)~NxmaL!OnF2`|Zxq_=BHHmiXE@iUod&Zd4`dAvo z@m4xTxE|ZiDCrIp_Xm~o-zXHojRQLkxNv7chCcKgF~btX_0x6cN{Z9Pg*yi=6sLCgh# zp&@%F;))2dwl~(=rMozP{)KwjL%P@FcmjIDgj6|&NR4VrkX{MqJ^{DClpu~XGKAT4 z7dX!FhAFrZ)|iSdp<-(pW2;98CL@T zG3ZE_n&v;nq+O0nFgaeCLk>lVb?m(6?KcvmA+6$jOb13hJDK^;(YK1!ny zkLGmTMt-ZI;dsrU8QdFIj!6#MFcZC9vo+PidnOgF0q%0a)5Fy(OtOp`e1i%kNiNy!LI zlO#f2wY_fDT5Hz>T5Ih(ytK7Wp08;TdB8q^pAZJM1UfLDE*AtZpRgt>G#A^$HR5r1 zf4z;w_V;5!%S57~$Dm$;4+jTC*1AaSxNRp+0gtt19|M-Q?Bi}zf@>(uY9E4+a2p!^ zMS%<1($?n+frh`-eoN(w!V)0ypR3=v0dDdmxe>hQt`D(&l7F1L{9VIi9a$R2v5IY# zfW8MZ^~`4Ih*5xqo0TNAO{WF$5suB7^G|H_8F`%p?z^4#Z zQ6ChA*_Fk|6hT`ed_ab2H$MTi`kyLVXC8QeE-Y(gVm* zdQ_Ww%{&mEu|!(N*619Q91dtq#h&g+?M2|zkJH-HczRJ_Cy#}_CqUwQ#B?(ooMQpWUdw^?h?~!-TD1D|nSpT9&>gz#ahcs~GldvdGqK1CPGpb1nQj03H2 za>@86iw9DH^MB3QvWTA?m9Fl@7ka`kCL;ECuc8=;sew47$60VNQER3-43EWQD=52Y zeRjie#Ty!f(u$x)dODuv2Z3TstwA+?ZLYOYGKT57c8$OszxNG}i=tm3 zHs4$iWXF?IYzr~L{9)( zrD&oQfU!_vylrQ#*;VjO2B-6Y&XT;!D&|pAMpnad=cQqoMboAJ4cF{{kkdXH2nBDjPf| zs%LUE2pCfrHxXRx;s+ARA?Y0XA~#M$mhgdUY6#~JDpMKEv5Izh&7>iT$SNv~t}SnV zsd6oE$XBoBFOfB(kB-1szL_IlrIPf{M1o4+(c5Qfa#YTLRjC||K=Yuun3$E2;L4Pm zXgF3A4aaJtVXG!z{isyKN>dFhRZYl&k+x_)EKDZ+H7;d=Xv;MJcKB@SI(%i#KLtgo zO!m{lV4Sj@xsJkxG{CI|9?3;voe+@GXQ99W)!Y|tXfu`LTAEI#U^Kt&QV zSZ?_UVxv^%rN*eJ2o4FBL0y$_*ZXy{o738{J>7Mzt0gt<+3V#@!}ZZECYMwgRx!SB zv1oVR3CPy$wT>8gG`%hYz^NQB zpwBi4*iZ*iuXXQ2y#%(BdNHA`z`w&#FDEY$C7k|x8Y)Mv-%nAQU6?6k!o&ZTXpgN( z5cXT{7xu43o8a2NFxcL7J#X8*c1dBaaI-5COy%mMR1KULNMf7(byU{JkkB*RUPS|N z;{E#Qhmg9h1dux`27drWBpZ4AB`_Wjpl_Uu-+OBD9~y>!GQS?*_}{UX`V~$%(^0(w zqQF772j}Cc-TeGBBj)EfzcYXABlB_QPOI9CgnI;F@#cZd{KXqGBbXjt08+rWk74mM z09gM_&3u8hcpxczdA7wfVn9$#R22I)QH4D^76Qo#AOV;n5efKxJ~C#a84c2=`rBpf zqyFr3OYKdy;YDZBrTOmYCkGHh55_<&lJ-X|;WDjF(rD)kcx-H-yKpN05^s0mB=>cK z`BDSfEI@h1+B}e22R?@&oDf*ZA3C* zK?6s^xTO&kq!(is8*Ynt@Vs7(tiKr4Vl&{SOYw0^krn+Cx8CI?O4LnHcrCI-*8+WX zB%r%?B$^`bsqoN{dxwT7UQD9+G*Nt-C;$k?&*g;pqp^Mfwgk%#vq59y* z1ckY2Q9`^k6LApbQFy~PjvGRhr|s`V`I1oJi}K5e=@L=i{d__O6i$AvC~45*9;$r!8nB|I!qg^p;fHGP$r9!nV zLZoG;Kr`SA9o@JN;8Yo{QEDKiNZ}{93VYMnW5~&grN@Lpi%#nAxCkOLZ=!ft6Llp!Hd~M((O20;aVU z_}7VG5X<;uYZ-?!-K$xgnG_qviPxJdnr_K4i0NipTY-OvBCw+Awj+`mlbwn9n~2;u z5$7XDO~m(}OPGjb1eA+YW(2TqwsDEU)#n$y^%4#T;|d?01;i%OHP`L`1YKD_2`xq1 z%m~mBNm+yl_aCaPm!H!6I%1F?lLor3x*HpXOh1F( zcVnnWhG{MXIuAC#bP4Bcr{XBY8+)?&QwC}C+UZ4y%kq_=@F@>@IRM@OL{H#KF9$f= zdY{ORmZ}`zharqM#M#6E<7um#;wX>t!KuTzggxHi0Ot=yJ{~|DF8L_P==KxnbCi)s z_$3MMk0Hj)l3Qr=D(l@H?^^F9#~^ygw6+5OzFWPsR%49g<)W0{Kr`#XhU1JwLX6vX zK%CLm=#W$v=w_8H)YoW4Dhssp)O0COzg!{?qa|pZE@qpS&^U_yO{%!jK7~?ThmQxX z2kLgAA7#e5NfJ;TR47RTii6f9NkDOBB#iM%KuJbr{$sB)l~MiBDdgb*6raHGjZ(rq z)48j?>23~`DlK7t)1f^RU&j13TJtBb>sd8qtX0q3fED%XqOde&1}QEIt5arR}0g?@MafRgTl9-Owj)w!f2m99n}wg;!oU(-|ibzla%hny&UMoC5JVpn&dihrnLz~ z+L#j1=ruoWCoa*gg$5;!KOl{Bgv^q{Z9>{bU5B;7(Q{K}`=B&DhLa)4^dVX4+6 zM>W&h1mfTUEw)VxPxHWRh6jE|#|qVJg$JcD*WMu^d0X(F^Qvpiu6tM|y$s`*Tz6p- z@PS)?*4s~~wfAj|l|a|eW-*uE>hj+rBn&}2Zm&bmaMuT4<)Rj`pz^T?yr2;aHTbf~o4X4NMQD6$ zv=n%0p+GVi7r_=@R)lZTR|24G7yJqLc>)>TDt$rh(-5@WrL-7&*)&i&Mj*1JFN>#Q zgEo9ISyB15QWHUoPI4p^-k1QY^H)2DLk`N%MBl<9NNk7p{O`C%3&)c{&-`&}95(#H zXFJ}Ot4q*QzAd*F<)~S%Pn5U{YT*n?x}Mwu-OQTK)jfVFnKlI5a|! zC9%DONO%k({PB^mQ>8P4)afOmpqJ>_g$B*b{pdL3`Ci8STIP>OXd{u&te6R%-Hmf3 z3eiTsMT{=u8lAJjldlYZys-)QQo_^veEI4sNr36D@ICXK!Gx?*{Q)qT2LBy?I;k!( zAqb$KLSyfH<5_@cErcpW{%XWKbbKdHx{h=+DJfz06E^Fc5Kr91=Tx!f*{StC~L`Y#ZXq zvE=T;YD5tiK3CaK*JFO`*IsM<3!zk{p5Z5;&{?iTrttZDq_ZRf)HtJ1HD?P@qU#jk z3%)5`XQu-5CpH(tp(w0Y7A-317FgbNdB*42zJ+MD&PWGQYlU<(f6$!UAwlG0RK%$l zL8TuyWTyI1#zOlPZ!^vBP;xtcN>ll?0T89tg z%joBQ_*4()i+=}kx-Po~*2rVkbjKoc%**Io5_iXko|QC%`L$BbmX{8OKr(YBy5S=e zMWiI-1ZQxik{JuZwP3WNRr4p1h(ba;-&>2yP0ep!d`vhjg7v}YHy4~Kb-r9^F33-7 zVTp$LvuHXhX?GxpqA)Dw)dx$rkQpy(VbJkNDylwcS(l1BENJ;fD(d6|8zLUaoUU4{ESpg_ zfurAvu+~y^;Q@I%C>K^plxq}Bl19OJG)J*bU&h=!*S?lf;gS|))0QR61Q;4-!r%4! z3aXhnVVB!V>V;_gRhkE)p$wgotNfxBBxK zla!vvcsVeSksNj&qe*Ta!?ZSmNY7jdXk^OI#0I9MwH6i-q`lx!!mGh7!)uiIr5v)P z@Si04n)Ar72aQ+V%b}05&=k6Zmg(IYOA4!q$Zi3-V(0U%Oi62#zlx$wigjFZr3FqL zpjdWW_+ildOiqPXly5_L+|(~A-14p~KynOH0ZeNXoQ_n}2e4G1Hh&w!@eWHMs(TyO zWRyL7nQ#6Lo3;XJMwR)_M%R82MOgD2V0X4wRrxLgwy$Niw%<+(g$I64Op%geRaFYrBOLcVQqQZJ!Mk_(yM=KvjSj-jOh>FCJT?jY5MSF)9&o#Y7C-Cp+@MyPTCFUV- zcVQ0xLPpqoo^8I+PMKue=~2jGTPNeiB7X@vKncUa9n-^)or3X9A%{?YE&t*^I;km2 zUt=1B4t8qoQl4lf3)aQ%@kr2K1s@izVUQ(6SAxMZ622D0l7!n%CJD2I1pc)oP{HzR z83Pi8s7tVMB-m`UxDK@o|3VoB;TPwVav4ZbCU^@<=6kQbeqM1@YvBYbS0o4zPb4H^ zV*T7Y4u$^=nweiqXpA3<6`(QH6;dArv?u1?lgMKu@?o84Eq}2L^h>c5P(Yw$)DgiA zun>%GlfSO1O#z5O29DTIP`DoYiyZn0_m6^2qRW@=<$ANyb13L(S7wVNmFwtnDVfZ` zm9>aKnsrQFg_*Z8(Dh0iC8ZsPd}M~dVCH6z8Ad5HjBS&&;WKmNiIf#_7-smHFFhPH za{=hF%wUV0RjB%S0unrZ)Q*v3kS>ZaT(hCvnw%%R;jAR)9qk=d?NJ>R2`~CS>vdd_ zpFszVZFoeXdGQC$E4D3{TiY_V$Qnu5mIt<{*g7PuY297}HUgDK34!_o{vjqkLfK$Cze4PbfII+^bx=|qV5UsVCxlQjEe(L^F6>M;S$2LcBdkGr z1*7-!euofo$A1&`z;1t=q;$vcKF~&WE!ch(*Y^m6p>i`#{Wz8XE(8`9BMXTWRiS}27a)j3V zXsz0Q{N14qh!!@;Lp$E*AJo2E{;~QIo2B^640rA^WvSm`xbyu`EH~z9xdEv<8%34i z9W}M>ktiehNVL^QG*ybh(@xlV=`Ia-oc7vsIqgWq|j$md?ewGX|@$DbR|bj zf1MbFWumvX5s`6#QiIaE3ok$knSx4WgsqNS1WsV2!MR3Cc+*G;Z(27$&HJ%&p16^w zA*H|$DG-e`Lp&YVZ3X6BM@K(?!b?7uZloVc5oFbN8)e9}fr&xkM`UL4TB7;>s0_|miC2IT|`~?^bZCElAck-N}U@k(zehRSsS`m_QXkEOP^bS0H(;2XY2LVvUOaEz!#M3JNXEl^2>VUsFk6Ug+B;xbidwAaT2xV#m2+QDK;9QtBw%7XD{czpFcAnpiOl4RQaCbgx#BQG=$%--0lWmTB>Ou7`TY zEqA1a*03Fx$ z%1=iRe!_PSN;kWoG7HwZkt%k;*1cTSE$Ktg_b1*EaUh3dSs6w1be2dqz z&@*bsj1I1xrukfif;A`@NgP=BOWrw7V}sD;eI?h#wzc^F`=Y#k~=s0Bka?#?ZJpAZb9(%i}eq| zqSB^^t!n_ThlhEpSm?0zv$qn3UC>MV^@f!q{k__~Go{<{V#k7uCu z9uCY!*-BU*Swb@e%>&WRQk>rZW)ilbe&L_x60nM)Ikuqr*e#tc(ufhJ!r;X~bm!xML!HeGsDL~jSs)odoK-)1wh(pb-wguMDv^11;Kplt@8 zGAq#2g!%*O`@$cir=an>0svSb!GhJ5NXFMkf|dpPwMWqMCH<-o7_|}K|A0k+lSLj=&KS0jy427iQ%{9 z_Yn@otMbcP1<>x0LUtmSQpoLc4_V8Q$j($`+dKa7LNWVO6fnl|w~ga(TgP9G;}1TP zy4P8PYh;4I+pyY0l6axDVHnk8VbJgerUyjs z5)?iSa)-5_e)Idxe!9W!H@Z_i5COIxuY zHbZLDiNnf4fAKPN_fe)Y_eDvFh2}4yxnycx_%oYo2orK{McA*67uFR=+$E=8=R4T>-LS z-@~%B`@Y{;S|fq@SwVmN)yVOXx!<~#ujBG&FMAVXDXt1BTc)@&R@0FQ??T2SMI4!w z@N{l!WO5m9uRzn+a(T~e&RzdF9K+gc#h`K#+T57!z$ma@1>J z7EhNedMhK%4-4r&L`stzea#`2t9~mZy=quUClM+8KjU|(HwbZ7m1})CWS2&>yb}TN zU;ltXert_YzOSs3yfGMT(Y7f!OZBzW{FM048m5J_T7MH>h(3v>H3GTOu*v+S^BC1> zd8dRDc@8sq*uaHC({L&f=j(GBeY15O1FcTzghy|G`zkG8{VPFtFX#^GhvC#WAq>Af zzy0t^B^EcUwdtYmY!C92+upc6rHOcz#+{c%brV)p&gf{%6c^S@pFixvdLy*4d!paB zC>l;zr=ze>7*MpF>G|mxakG*sXN?$dk1A=zd_1T;e|?C{6G{t%JBzaI=_6-n1TI*| zhK9cUbeQ`aW3It~jLvyG*}U`kV9JdQ5+&fkYAdiokw#OXDv8-ZKuydB*HuTi}> z5rKaFH-3b zKN)ctV8I_OqErnKU~uHJec3=!aM0>f_)CKaVbi`aGq4C8)O3^WP^6i*7d?aTVcGW+ zG4m78RFRYsR}Y%E+&)&r3bzJtZ{XwtS;F3#N*0U8&d5E_Y%N-)TzQjAOcu5_GEpTc z+mVS4s$yc;DWvABY`)>p;| zvndfgjaX2)A94K--wAGy9}L&eEUrN)Y*nn2iM3h3h4PCeA0EFfu%U@m^-|isZ4e84 z7}1o%I}fcexx+&R8M!Y;>!Wcx7iP3(^mk4zo`sl&Ni@bmeY1H{OLpVz)}1HF`pjsV z;ZO}yb@zl!)Y4MEAF@a+`qh{SBQpz_3}p5#~7EG#MUZ1lFc_F8_<LHQnl$%(u^r~a4sTf+bV|%U7yJh?_sLudbH6WhvB~Ib@G=%|sg?Wwv=d8#H!=i46XZpY!gNzuYLGVwo~gt$ zi+J$g{28`RUS@R?O2+IuPM^mG=|v2C^ELMGt+;%-wJAjRUPAZ2$#n0$k{PSq=-v7D z?WXW!TW#;I_oXj>LEgZKpAF!dU9*Ir9$ZhwN+T)2-y zq?|HDL#_iYd-(+SCP0k>L^m@>*N5$!SieXB30JNotqU(W+%L_huDkE;6UiCg_p6vr zdbm<|Kq57IpP|)jI&yc+{+4K60n@tuh$V2l1cA{-TxOI4umI4?3uoXV&C7DzbM^Se z=&W%PR>Vu#LR?J}=eK9KU?RnKnupVC_CATomqyrG)mQ*=LPLitO-xO@_KdOE>DYX1 z|IA+>0qF)@;ay0efWA(w=lQj>n(w36D0Xi0&8ty2e!Wk^1PolPM)ImOL1-XMTg6(Y z18Qs2ss}Rr8$Jf1U_zxl4P{uS8ndhhsCiZHtV`|_p!TNKc&a@&`2n(z5Bn$*=-qaV6Y{qPQ18*w73APRV<99@NF5f)@15FcrAcY#5kvpq5eDPPZ zu?e82n;sZlGc{sA)tzNOCe_v6v@%#Xx<&}x5plTXRdi})^c0#pLP@2`%a8*!cx3LE zU5P#b^nezVz1VtBxIjuShituPT>}aV&-qUytLPY|Wi@ELkC%XppExwhX%kEbwaL>j z6XWTMiJ1yjSdE-wQBQ>O;=6xXO}E}Q-Q%YC)+2h1HBFdUPrw-8nZD)VGcI%tV@8qX$4ey zIa$!7y;?hmu7EbSt%&tqj3rE{1O@KD*<^;^Y;V-j6WXv7-m7NTAjeD1%J{U+YNL3 zCe%QNT3yfB)P0kwe;Er*-32+RPC~lnpgfDiXFt}vUFOXNC*r{Uyh7rM}-WP*Y9|7=`dvbRX3H~k0wRT*{F~+nWCiKh? zrmoKgpTJsdffq%nvZ9!yPz=3k8Ml7($Xv$`$Ix7wJ0?I3N^7j2A50o|*wNc%g2^3= zfOLNF#ClS3j3ujtY5^7&i1_Q2Dgg~9^?|rQkcN9bTJABl=v@M?lqYzcNaD^dF8cI{ z%=}#NrJi8YF1<%>mzf`&`5@@nWuttb`d~2Wk@>+c8(s`fdJrXmo}J{(Jj$2f;KU8& zIk+l|wrL|t^z|!@EcXM^jQ9p329aU8@K}2m8)#)PcW$v3X3^3*!J~E3yQKA6)SSgm z(zbrr(7F(s$%uy$F>G45LZ>V?(8^%$yy9V&&~Id8p)Qo~ibADkN}~{+k!G;ebmaYb zT@*sb7$q`9v-DK;Z_YJLKRpG@Z8 z5&66DKYnwwy1gF2Dh~=0bBFRU*voGY))7H&&FOK8S(F&v3fOmp`$uKC*GHrCoA)s2 zPm9q%_cNgX4AIvNpY&N}=s`M#HVcdMGuMZsXXZ+ zV>W?0?D^_*Xt6~2FipQ$Nu#n>;-v3W^!ZY-P9_6uz7nI}gQ%woE;(?lNMs`|o$IS{ zu81Xc=n3WK2?=dzG-P5}FbO*qZcN?AGT>_j%@2OzQH0HVCHXg#ku?8HeEtd3T9{7u@@x5%=AQr^a`+F-30yntL_URe zRHh5&pgIv$2WqPA?g~q3COm?awo4h|x4#YUW&UbWb5fS9YgNWFjLTw-fBA{<-bmgT z@0s9z7FLvqAkBN1$NQ%UgR5?+uzJ=Y#d|#gI^@IyI21VLou3}>8jLA5z_Z%tKpfAH zotb}zxMLH$Y8r1g9zt+3nG&#j-_a5 zk*NrMDxhRB33E9zaOK}qUjEV_i-76oAJ&gg2>4kMBuPLsADv9&;)%9iq=of~e7|5? zhq$B@*;*Zm@=EZeU{FNoE#rJWA>2vqm z_xT#Qe}usdvz9-4_MoE0Gr@4#+sy^w$v4gg@L-rt5e;5n8a03Y*3m0Cf3r`M^oM`h z2>#(F8+{!ayGUSo*)oYLp=Gib;oFG z8k#9TAC6 zB(UyYu%`pje?n31pj-iPWv#X`EQ)Yl2dJZ`IXjUR60FBzP0n4>nEk1BpmC86OAu+x z1SHNV%dPI&pSERx>dxBk1)ALQ4^f)3R<~zwl0}P~BJ|FzEVZCT)0+uN z1JNtMA+!UkHn>JQu=BFT?XV=VD%bj;dBqG|jm<|5xwAItn{P!a7W%X@!Wj*nkpMxB zL(nq>f}Y9<;1Xyk=p6z9j@4k@%TXZYvL3l&&Q)4yiG23pv!tIze8SSzKsr{F)BXo@ zl8*Ao0E}2-OtcD-+bk^bsJ)|GpRN5KcQ!rSWv}$XD}UvW09rsi0@&r=r$eMYjGpak z%XYbnHo62lM3;IZzE9_siCp^!EmKrQ6-z_V@nJt4t1Of?6BS^krwxR=w6ZC>PQo|X zX8{8ID>fXPrAw}cc~vnY4mS}XYNQCs17^>NS7)~g^zigsV>Pd(A4UoNQa4_8flKvx zXeM5wligUJLCr+JHsB%-^e9|?bflc(-g;Eh@Nj}@n~v0@1>P&-H(n8X?WLs^*rmu* zw8*~hj0E4tbV=kJ&6ETW*Maa1OOpE$pIit=_9eM64c}0bU6Jek(C1k+1s4D?415~K=;KCdcQ$)0zzV>4{ z@6AV8iQX_{bjO7wPQ+0?LPmCnwHkOQ!LMGbh_yD}i`uL8MKvLXU8?JPbZU?vYLC5J zbOiot?d9zkQi};CeJ=?6IyzWahZPAMz^GWE14BoFJrMU`LIm-?(?iC1I9qZE5|;={SEc zYTotgd#yZS3#nBOS>Zj#uIUw=mbMs#TI*rXG9cyq5*%;?9|>vvT`e= zudKl6WTLqUN;Q@9RPtLyv8IPXu}G zR=C0TU%GE&=7Ov_t76Rt!bU;GzGyT3Q&dbky+0W(AG*_9>qCx3Z%Q3o`qT2*U4v!c z^kcb%B(UEokDU=LJKMy{B;W3$TzOm^JLb%V+&GYBf6w1%(tNwnaQJEr^n+{6V37Vq zURn+s8Y~rMJ;~tg&R}HA!5dTwy#gi}TRAeAffINFCxbDW>6u}QoC4-(JEBSA&@Q}U zA+BW6Rh0U=J;?O?Z+nv1+iI}Pt z_2)MJz$c;?gOJwjFX!WPBR=Q1W^c`5)fWTiX|JxKgu>2m$@a~dx+}P!vr~2vggfT_ zCa{Eo9Zg_40~hVCU@Of0)*mFVfJpMqo4{KEm~G?kb+drN7f`Nyf0Xg7DFnX9E)!aK zKp0ruO(n4Qfk?#Lxqu|J$=`Gf>@_`AZ~Xo!?1<*YNEF=(1au$e%xDWN-_Gkpq31Yv zG(tyR+I?smMwy0bN&6AfbdBn<%Vqk&`B6^{1eOP)D*)ulLv3z1)QtnNJZ1)0iZ=0_ zhoks}pl}ch$H}Qt!PS%xDi=8twA*8XLdgeN2$fW_=v?D@eAzDvZ?A1JIG^85)KDK?O;x7o$`I^fBno-nCUV24;l^@# z_F!Bxp{>Bbj>{&cNGJif<4zLFPLoaFa{y@NBut|YPBxGyWmlJTe+e>J?$J`r%*W}S zD9Nt2FMpBTTd`q4eZNVf~5GT&#u^vRHH>uPyh})G!lj zo9nVWHP$0VmSc*>f7XQZTj8wAkpZ;V&XjprE!xEh(W*#Q3v)VvhihR3wvvTmLR*1< zT`ik62WK>53lmL7k0R$ctqW|=v<gM!knPwFnoSnF8a!;_}-MQ`zm3SaQ2;GrWCuK_Qumr^C)%p&fyNl?yNWz zyR$8Or>iDi)}xAAFTS1!phE4aN>Oe~*3M5Zhge*=K4>{uiA8$cEtv+WdA2JnztCaw zpb(-mD#}$hqS1$CvUd!Z!8^(dz*EE7JKC~$42!{^fEe$Rx-xR~37qWhLCe3!tQs0` z8!nBvRiyE@w(McgSXd&0|`xjV30 zJVF_Y(=nTyfLOtO z%xMS!?WisLSX=h7CE3T@vX7^^24%928%AFfhGjro0!1a;QjMHT2C!r|53rJri8}3z zx?CbtQ)yZ;H=`+Bl6^F|$}j;uwkd9OOfWLdgarf>8yyo$g}f)3-Po4h2+VESN7GC= z5~2mlgd>)sg?jee{Txs{1FR)0LN`U_1TdKh;pf)+K=|kgF|u2MVynH-W)b8q=LZ^> zY+aIlGq|Ja&DApz#X&Ut>)?*;oB6G$1j_;&2xoGmYn=oEe1-wu!=`V&ELcXTDaje0 zkuUB>_-ibDLm504tKmo2SX=KO@62+0;0=0(|3cXku}Y$RXc|*Y&cK0gP<12jKC()h@Mynx$s}o;fc12(Hx8P2V1F zFBl`aOte4#w9lm;!_le+J{9Yq8NGOO01G+xkyc(N)dZE04V-vuJ~=_u^CU(dMhF!; z@2^Pb4NS7TN2JtkbmAQUaV{vP0E1~B25HGBBCsa-l|%$K9$3@SfULgIAthHQZ_djF z$0m%cz^6HD`QLZ$39{N$;$kv^Ud2E6MWA|^8HsZ-#(YJ(|TXO84e(? zj}E#vi~t{l^QTKDoKb4l#yYp8Gi}3UdNcM{%U+f#xei2ksu9YZyLp6wATOE?AOs?D`CHONZPM`knY>BAiuf4n&qierJ8xI$!nXkFDKafv5Pkk-~w7BEi>TxCwEt$6U&7KO3PBJ1s{%dpN%8dKeHp) zIHEtrMoLmNh-ih*xbyqHF<8_;i>t)EK|bdezevB@qx?q%MJ^`&lvxn|W? zqsyH1ov28&nHee%7%yy#jOco0yns(bky%j6KJ46AYzDkYlYO`?`>-2G=CtH&FBg&C zFU89u66V-ORBi=HqQKEfjkP{o(g8+!j6bC#FB^!kM^{n6tuVcM4s^9+CY+9Q$r!XzWj+;fxjuI%`G@Xe_Z22R*l;tYLSalfog9!6>hLjED*WZHA6QoFCjOTbO52advV ziri!?%n;-#RnCXwb~4UO^b&BXE~55kEFB)=#TGI4#Ak3??7^LlG+gg7Bik2Tlc0LG z&E&MEOd>qR%M+oz3nu#@Ntiw0N&bbS$IF@E8AlwhrYXr3^ zG8P~-2>Lw){I&@AEeMRTdf}wEx0YQbUX-CLPR1)zWo_N{K+EoyI%@vxd=Pr)# zaoO8z|C2lSp3LS~#sJGIV(}7`kD?djKvx2^m>ZQ{OEC0$jt%R{2?z4uBL!_A zf8ijAzlzknfGg{P(H$Ph&lLnDT+@gw3cd6r_)L&+r72v{evNtP2_wxdhxUfARnd_y z|1$Pdjy#)JZ1bT~Hl1Pd2r#k=5+G9)$VSYo?_zQ4paY$uYqP`QG? z_AU>=6i0b3f9DpzL?TP#0umn|Rv zN8ewaiqkpa9Cz!JKaf!6zlh$AJIHLWqD}qR)g`CK?hY&3OM65 zE^;H+N%(+9i~4*-$yeCIf!cW0wTa#&dZ^WrwPSws5$A0<43!K*(c!|Q!>uYvyqN>w zv@iA`K|>GvgY{tolM?G=>KOzRN|D{nT)jDEl3iiiz>451$5z|t3|ouwVcEhdWi;Ar z!8&;t>8&{x();&^M0!O;7Q+(8u3)5CCcRE0y-vHLaxGLl6a7K3iCm$RoWB6>y^~e3 zTvke&FDqR2P*LiXRS{D6WJP-eftdr)YHySgZ2;Gzvb_#LbmZ_;jW7?^k7BqVKJv}i zx?#(;Y+51w8MQ0XVJ_5nl+F3ZXHD;|0E4uH7Sj$w)M&Wve@m@^2WaQ9aNI$yRMcsn ziK-pbe+p{ycMnP)Z95;(JQdqcSvxox1WHMB@L?6^1K`Ni`bxZD{(pHpSYq1260aRx zd5U4{QhZpp=#ku=Z9zqYJC)v=lOet9^pU_`MD~V#9~6oAmbHUbkjN^rBIejhi{B13 z#kPaqa_v=wzV`MGqP;~F)cX&z8B5p>Ah1L`P)4*Jv{YyZA3fO!bBccShI`>7-`wKb zK?~bK2_7D)cJSs&Cg+Rz&@@V4zQ83egMxC0@M!ex+X$WjL4=cE~f%hqR)i$6;V3Anwd`M&UI?Em7UC;T`*+OvyTwPQw$c;xb~x8UP|i!@Md zKHN6A`ecz$LH%t;-`}4(5sy|pko{92BQ|_&8yyM|e2kFO==c~Z?mGAw6>&FEK5)8# zAKOG6wcw*BLXrGnwS;_4M$4sZlV7g7I^j-G44+u;bGF>)Y`M?ba-Xy1K4;6thnD-C zE%!NF?sFOJOa2M_gU?OtS(5#u4U9)%3j%+{`FC+(HX~PQHBaL&(ze*NPk{q!xf}iS zj_br&S$&985JvrUklhZPaRtej7C*AAc-|E;B;XTLaQ$Wrl)Iko8-iWj&%U6|g>HACSg<<518E+-9Q8{y$gG_JI%H zNHZ08yBL1Os#yh;WWpI2Wdj3#)PX-GzDhy#p@25-T%GvBR&ZiI%(KbRb+crdS(1I) zEfA_dMn)WEo^H!N?bewLWM$(F=$5)WVKE z5v3;reJ1%XlpO`^f$s!_h-$1t;BO{+n}5uD0~kV)O(0<`myJr|U^Yl8_amPzlgT}PYdcdE~Lz-#R9^o~XY8<)ovV#jkoPF@T7OXXUszm8DQ+6B6gO3r;-$4Rb!n1AJXB~x0Ay!Aw-`Nl@23cCL8r;)e zxU4ZzUGiJen9L%ShR3P9j>Tb&v@y+Mb|!c_P>1j6PFIGOX&Nw@caC$W0lP92;c@1* zW-$UatLuSpa*uQlez`Xx+Uidyz72_Z)Q&x1`TH?M$?!JrSJ{gfPzsNUZI@1m6h= z5#Z?xA<&<}U$(k;(dGDUV`nLVBP_o)#ofr6xTnb49gGYI88iL=wHqn34=M^fpg{j& z25$*%FkaP+GhWrtx~>qB(sFnVEDA1>tkY>mYht7sK=6%sb7z!wrt4>Vz~AAk01Ek zm5bq6h6=s(MPeCn3OivLK8sk9VD$TxWw;JCQ9-ttYz(iBJXKM)iCIZS+4|PWw_*S3 z(W5E_^W_uC_G6Am{KIDkAkxv`n_qs5&;}d5&Pu#D04qP#d%tr`*O{M=M;XmgPuV4} z<$=Xg^igdvxabWdyj@MeU3jN3hC&Rtu-xo58NBuzBbDV6LE2}LB0WYLCXn`7XInw~ z3#&y~Q^}UX?`Pl8mq_;mJ&fuLueMQ!79?b%i;>NaHqXJgf}WZJl`iralU%}L&FG1Z zk6oGx3e$ljXgkoB;iYiPDYbBRw(gk!0Q@i3s+ppAQn;tFCV+8C3z<&(<-L*aL`8}lm-9m!muFsRe`2HYl+A6&u=q`)e+)4C7 z;r|7C9;~1@K_|Tl=*6>hDj_pU6F>lnz`b4h^~QIhKN<~*Si;1K;oPDTMA47-X!ZpW zju=D`NU+ozLEtKUBM9!^Dzl@jF#Eq3#OlEWu^I$`h^Ez^AQ07`oSnz|)Zd-m0!r!L z(vQaKTgl6fO@rJ+pzsWLJOX26mC;Z<0#iGzqoGP8u*%D4&U!zuRmt$gMIcvJ?Mb*2 z);MBf5rM-O;g9ur)Rn^FEYBj7mq)<2sChbie=bF|CS2>Pl}` zm_S0PVnzsbD++}&j1Y7sOeZNNc9{pSBmC-ZL4gL4%o8Q7!l~{kC z8{**;JgJ6PMCD1fT4Zxis*PWa*;W3&M!!wi_km=iWKe%0Zt%I2p!2pDM*7>Qhryx1 zh!u9Uq7qaj0d|OhHTQ?dE)<|X0MW0FyLZ^DEQQ} z96mGHbq9-W&5mhUfF88VZ>Tk8C>gLhAZo1k2faW5Q(Ux99_*A|juOZ9O{f3gPEFX! z$KwZ=9VfS_%v};p>S2cokdw{b|Fz=|?;8tH+;%}PLg{T*lecHQlQJwJ96|5GB9VVX zkOS|Y#A}=nNeJXtlN%*hI<8hvau~cKYoZ-hRZSGMwZ=B1 zgkXa%%5?P*hp9A++&!KE&*M~De)Bu=p|n*}Ilzco!f^$nwnr9LlP^@9<@u+0&O&54 z^;1cnk;6N%P=Hclq%{VA-ODQiz=7u?EkN|4cHCTxaZ}Svc#1+QW)Wa_IZP6?f_##w zg?f**be_FN0Z1Y}L3VPNe7yNDQu!UcDnsiZB>=NT$Rh}~2KMAfpqckb6?!$FIy7So zK!r~uBEQ0gB<_h0LK6KBQ1ZA%h9o)w2uXjMEhJsX2xVT}51eAAlreQ2$&yq%ZXZDm z(!N849%-t1EthFWuv(jrT#@#LR21&7IzgjU!n|OywE*8NE(}2YNtQ#jpmsUIO-h)gV{^GH=#R)tc-A^Sgwu<}w z&a;Z(r_)q8uCC8jDPo>2Vp|k}>*onet?aR0zVgnH4E}&{1r0ZlApCYiyM1%U7gz(F}%Gq=)=2KBa}bsc1WC(4G1n1}Y=7!e&!c@0ikF;9pdYtpyx; zLc~DCS+0nMHooQC$yz~WFQxa8R~cK;(qvk|fpcr20XU3Q(_Hz@=)GxSQ%JCx2gS-E zO;9-{04j_`wRbQ8Ut+YfYwlKok>Gj(`9EY5K8(Vu5=;OPOrqL57y!Y1fC#ch1yO|} z>4s|XX**NHxlG^0?YxKzDEh+(c|?d7`#TNViDZCTEcQo_)=q>GrW2`=G}DQo5xw}Z zG@7yw#UD!0TtSw#$eJn}M*NYZ*lIeMD7KtWpK->V98FBq=21k8F%|?!hZ;&mU2jT> zJzhtLUL|>%0X#RR<4J(0wazIm^~9Ee*~k1?dlz6~yorU(;&Y4sFu)uVE9qr@(G?1h zg5bJxevDGampB78F^;l>Ld3>Mc%mmdz#)M@jJW{9YBd_3+*Adzq0F%a$N%&napJr3 z01-(EO0yNyN9F!#-JFMRZGLN7adGoonGqx4wDV@Llml;sk3cx!Y0)>^vTw?j z2cNr_?}s}0H!}(N;}EV2zfBT;0O4xzb5i&R;FVJi{zB~h`1B7TTn)YfO~{8|hHy3b zX4}So{ z)!;i*@LfZ|XHxVm9EzSvNqPnlu0~HIR(yT>Pe-^Kd{s@Gt!hb3WKY&4MRd~z{ zeR{f@hJeR%y$}ENPpb3Vi4MYtA3(S&J)@HFUq-kZd~bacegNTW@bxKuIA92Uc(?d7 zSorbzJp$os^mL}^e|QM`GZ;-I@FQFeKW`xS;Rg_|3O^htlU%{eF3f`t3~F=Yb*Y zb0?O=e0l~Du10^us8oF+Tn+xhRC^p4qCIBzNYR7vdx?J$y6ObK2v@_;+r)i%TmW4i zejo||H-xLKoaFjW1f@IO5S z{zX_sr z4W82{pPq#XSA*vYi4T9=5c-q(ND_Vk;cECZRRpLjMT_U-`ka%J-@+l}w@mdnWnKz?;Slhd%#I0q79w1Yo;j)heBluN zdFFRXdwe>=)$lJ$*{6Xa>{BK+-ds4ucym!o{#`@KKQ+EvIK=o4>XVQs)TcVXDSLmz z5cWO;FFId;77k&5GAa8I3}GKKBa-^?H-xLz*YX>a^gN7kHTX~Q9Luf5)y-GrT#5U{;?@pe;g{pQi!>1}Tazq9X4xD2gNc8<)xV-f^g+k8cODiDdA zQU_EO*f(kE@<0$Rdha>tR_M!v5$ zDImFz8?fAc2$n+MGw@Pterpe^shq&Xy8zgW@cZc-03@|o)=#_lpSs#J6S-IGsdlTq~_?J%f( z{Q9i3@LwGse1nBQa(M7L3;+J%!Oyes&*EtEAo}Igzre!(YIyL=Eqs1>@GC9+X9kBy zeWQMsj7I&$)yH=iMeG07s?k$s`>|z~*7uY3i3}wKC4(E$J|i*lh;|Dza6h!HrNkpz zjxT)q6fOPV-fmd(?6dG^4G+HG!XGp^yvpaV?44ry^dl(jUY?Q0F^`j{I5}_TR@ZzE z$QJ0vvPrhBX?imGP@7EijM_SueQT;URkAlVPn!1hnX$u?U%iFj zYjAk64={tLlmC`ZCFqFy1Urogig*?yS@=J}#I$_b#=L2GYN3q4(?RUdV~HG$prBx{ zhvcSYGIt9l+1a@x1~kUnxw8>Y%P6g1(=ERT)eK8Mb1eL*!Qrj_{4dZgB67C*gY_oH z(Y(8jG4*;V!fBf0*5T%RBGF%1{B!UjF?AN35!r``EtcqqP4YFa_&sa}Q~V*!kW#C- zczgf5XRpt(@^}f?gb%~sEwb?U4iA2Xh5z>O;8$7rvxW!XW8n`P9(>8dj~X8QRtx{T zF~gEi?Nhe@8ysHk(Il-Z<5!aEztLPKS4)>sO}!}RRT-l^o%oQLi*1Zu@R1v!MZtEg zGcZ&+6q2b=DA;xgN}F^Ve}IXJM zxaF}>JtOe@jEr~@x1a|8d!$u{mhB5_!X6ulZ+13mwc(VHzDn0E=4(jiYX}=hIGpqe z^l(lOKOd*%kTx4dbZ1}2UyOQRhD+Mk88aJ$4lFPlG8%IjQX}E8p72~`1&|DeUyg8{ zCkU{way7wq>C)T){LgI+rw7_jo&OB`+cf{w3d2V^|LUGb9x;&g`KS$ViqpvBP8Lo3 zg6Vjl>w)mCBVP06fI4 zhx&THBEfIv{GT3ne$|&*rvCENw+#v>Sc>usSeaQH#Fef>pjr11MnI%|i3A2Ipz({~CAp13E8 zxG(s)s}5Er4<^Q{BFa-s_Zs|--*0O~6P)H{H40N`o;IpLQM#xq$JR5R{!r2XR{ zOzR~tpn3M=xP(9H{VM2f$N58ZliY`u*Z%e;Tk*x?C-OlE&RSm(P`%kL4LZ^T9chm= zCLSNa;tD6*_=_TW%}k>GVd6=Bh;Bb@;+(heyY9l7Cn6qZIWzExJr(*LLUwhU6joktP3HjZ1mf?i%{0l^ zF{}IS*Ik_>H7>Whb{q56I(kBQ3NxUnMd77bc%F%~32Pc``dvlybkKnEVs^u7bOlr;pF7()+TtWTmH4}X>-7M z8j_LsmABW=-c)TLFKtZo@_bdeEC->=89Xi&l*zGuZhvmw8=okbCC~SEO-Gi2ohQ~) z^1QblkC&o6vIyaJ=hp3eq-G3TKOwBbhzvvzOF7L&`vmjuAEZw%PE}od?c1ndy5kn* za1SmjmrwT!7^3;GsGR@dcRjxQ3``xqu`a@_xk>m2oP0O1o1SM=!gv-jZ%*pbezaP2BO2!G^ZSZi%azC0!;vG!5~L^=jpiZYlu&}YUk z^H8IMw}kCF%m{GW-n=sWJw8w^@3<-yqIUa{XP=XE+QRRB-_M`Vhvq!H zv$Hd^v$M0aw~?T45_EgT+GGB_-)JA}??j?FgdhDM^gcK0V3d)O0al>FV9a~itUY2h z9+kXXUmo{0pAyu}xB`mNaP+{8_M>Q@S#}(|>D@$U4g|244>fs2x5IFg^qPp!M*vR5RsswF2m#XtqAW(Vmw7qe42_8n!R#(n`>3E|u#p!hTUj_JI@WC4T zd(*3EB2gdwBQLWnTz$6T4cfThdyx3p!0b0=~e0##ZwXQADR1J|8T8$_;vobmsDuIweE_|)p<5sPx#MT z>oF6xp8xUlZQdLZ#2h{;I5^j;2ce+?v2(3>{ENgfLJ?|}Rj(aCCrB5JPjVk7QU z4eIchTQH##2?c@WF+1F7fco>9DcOf`Pr($l1g4j*dDbMWmg*=@%bz|3IK0p{IoCIN zIcLZd9-G>A?N6tZhKgyqhcG+B=v&b{Wh~#O0GU(9Rx=BKYxs9sZsyoprjF+qe<0!| z*_?t9EXBXmawm?>WO7r+Hg;5)c{{$jHflj?ND60bJ(h%?Oy_SmoCH={%SzTy1}VsZ zf;V?S>n>P1AB92_$SP7cJelp6aibHE58ew- z+3wzw%EqV&S}?b;9ohMYL4M^HE)!Ub#04AQ0YDM6>*!fyc!8Shlw42?dsgoj!fXLlqn|8XDA{S#JD<@95)yC+ zfc5sLM7&GwmAxPywx)AF5JK_Q>^t*9d$XK5E_l-^Qxty}AhIRJ@J=|;2}I2d?*tL1 zIcVQU&6WrH2-95Ti+&J1-#piRYLKIllx`4q@G21DTqlEkj zV&2=G0b_?Jw(3d!^oo@vn9%Pw|_g9K!j4 z`5A>3FCGC0_BDI zowSuO*^j0{u%cB7NcZ=0?_E$dQv)>p7&z-N$o6}bxlD~{5c`5p%+IYc_rPWVvLJ~P z*aY{1im(IbGjnZr9sVLaH5YZVQsy<=yn370?DFypX@;4b%cK-|q1a&=3^N&p7t`#D zWIGG^i6@XGR0z1<6z@S7Bxqp_Hneq&amsvh^2w7=ntb93nFWI#1j@AxAWGezo4yK@ zq#jI?Ix$J=Kr7HjP}|$>UsAz97m0CN=Q4M_7!&Aqwu1!xroJuZ&)Dlk z1PdyT{OL=f;{8+dEvu$swv)-9-T~JWYA^2_cEJ4<-!na7&6M1vvGC`x|A5qua5ldM zXA>Uh_;om%GskA=ZNi9889M{M-ey~iuSaQ|HhJdcGbW$OXz+Y|CjBGE^5Ghrb92() zof~v0;8a7H?`?L;-gtCzA=L%(C^sdHT6d@3U_`9oyY#q8)HFbTGjBNp_l(}i3vBNWt&rLW1}AK%k< z?29lRj)iT(LZnx0B5tzw95Rcyr5bwHg`qOU@JBaZ=Gph{>IHhJE=mF+8wD-IMM+WR zK8U6d1Zm?*O_~j_Tb`$~76VtU==!jA3HwmK8e;B?3gS9R$v$vd?Fv{lutRu6QEC-? zB<9+f?~^&TVz6nTO6(MrB2#A(NMwr%jlz9wCSQuhTo5iGYPcP>=P7gfRBGIOfN&+L z?XFU=435n@U!Z{?QwgUbdr1wpI;^OYjhDW@e5M9FL=Rod9CyL4trFAGY;#JVTUoIv zy~1A_y{FWOh9<$BwQ5V~H!bjYU9g5)AwY9$x~frXIWpFo{pR{1o>~){JHNlON&H89 zQz5jcAEjy9`uMjueVhIfgV&qBMZemu3DvQybrYn@19f0_7-ZDN-AY!Y^XX->1!0*L zMvD2-b3*%QU1pmNTldf_8^bZ>MLeoTf_62XkdbH~M3pOQ@Q+`o<9)Av@W^k=FaY*8Zs!5H5ARO{xG|X&~ji9-ObJ4T*+*|=lI{ndOT-M9Q0B?^-&mUmV;BT- zmHC$2%+Ge?k}+)oXw6jirXK(p_<3Mr`ZhefEyYCu4}cwXq;wDRgb+M8-6=rNpn#Q9 zCstj(lWTclNIuJD?z9o*AEQxdqkPHMZfZ6`5Jt$12as;SaB(b8cpTZ>pMh0f|^Yw!SA5 zp~w}{J@`j@L-#!A8SL>dR4Hb!^=jl6_2{ok0o$Xcv$h@+Cb4hoOkih8c5`&FFnc;| zz*bo5zeHyJ#W|DyWH%7S++QhO$N{$WF<5}7TTh27!c%T4_W$a<{{?3t+j%VrfZkrJ zK3c`wXFL82v zB??@gPeSC8paO=x)QqMZnyAs6YvxID;UcN$)Ga{0$}p<@C`V8KtfBiiS>c zSRaTUq3u`Wvj#;m9o(YOxcEA}doEYsFBbD2JinBUi*I@x&V#JUwRY8?F1K<-}kW3d5k##M;i+Tl?e(~#1ym>aEC-)aK1R=7(py6 z%6@a4GRDMYD;h?Si`)su0ALn-Zu>Gv7`a^lIx<#%#W z-HYSI(M-&iJzrVv=UYL4pfy7OD66j>uY=IT2&9TpRyD6Apjswyq{LU7JHN3J&?iqc zy8RQ4e*A{b=uJOQB~ntH%`ZTFq0MJ_N$IdL>9!9YWx9>oO=j5CG``(?;YScse-d@L z0pxyBJDTe-gy0Mi-5R!DIZV9L*kSs*V(J5?8rb7bkl2ahb5NX02(!r~dKMk{v{oyc zsHKqQ0<=T>Hy|H9>4y6ltH)eI_kV^Wuv?1I`RDbR6JYbLQ6_eE0O;(r3my?x0hDB5 zK6Ol?)ezZ%paT7Q{hP{QhK1h^L*}(UZmxJh66|xs|y&3%{c;;2)xLs~@&apC^%#+O0U#KFs)h;82TZNZ+;{{CPjRA$;oN2^b4o zhI8}Y;=>2rS~7)aeFIg0N68q@r|Po>eJNV(&)>pyeg69sVUljnZnsG~4cJ`1u&KWt zvlj3+3@JB3%Bn8-%%_?(wAwGZ@~L_jaeQ%M4*c!MC-uG`>LNpi#vq)d4_8at75kKF zY4YID?r}nB*5D0?f*Aygh$D0i0FMF!z;R@=c97WRMF%%R`u(5b7zu%aQjE6}bA$j9 zkWb%jX~X#2#;(M@zZHYr7S08Q+F9Oe<^GM{-!+;LEbmCB-VdlcLfaje=Lsfx5-mHt zw{=2Vq;QBn6{FuD=piDy0Xu2o0a?6o6P$tG)Rb{HL#q?@k+nH3W`nX6viKnhM$U|D z>KXi4HLYNr06`HtpsiDdl8}|l;|k7X1(3>y(0?AViprxvr^I*d?5kyGNGNl_8m;JWYI>oAVyy-;-QHUL z`!2Co=mO$W+P-6(UE1MiQW#4b`FX?UC-Fz8*%po$R1MZv;2wxgn2u<4!t!Z7NR zSk^KL?q*wV18wT*ac!txUQVeOg?bJgmnKjJEutj>0g;FFnbEL(aU~DOtpL!ubIjXg zR82wj98xA*Hrv=Xpk-}U+ep#ou_T7Bl*`on7Sk~X(0igBGfQ=dfA#r()zCvAQ6?K= z@aIKpy?-LEkBbFdpondNfd^?mR!CtFDah&f7E{!Wn!6z%=Tkg~Y{wKL3QGi<5ru2< ztLm!D00ZM_qRA=x+t#sC2S^^B4p0H*mjzs zZq8vcT`wM~`rs@QLhfswTEO9>2w8&{q4THfyuNY{ESIU+}_c!4vH?@ zsg+%=(?UAW9$8*+Wh2DGA48lI=2tv?>Ud;*HwKjW&Hs>1pK2I?hr{4Wp#SS>zYe1D z$8L(-kDeL?Nf{MjO~;%2n80>a&ob;Kq>26^VEbYDD(zU0E-FLn5S%GMICMbS!Me>j zcxZ5`r9quBw(D?Zn%5Ep3>f-0g{ef1T+MDG`r_910UXum1%pEXaw^^1b|Cs1i)DJ{ z1r7O`WiZLTRfSrb>rB&m+y#XDke9l14`&}9mAj64cy}>()gyd(L|R(&Idlpj&~oTQYa%jt3xR}Ia-MCT zix#ACMG*PaTrL4!{plbfUrFsnlTg`GbMZf$2fwGz&CK51j`anZQWc#RWS6H_)Cx8Z zEH_!N)0{@pyS{R~`d^Ie)&tbMS`de{fOcU~lE&ZT<+nyks82sA)gvEQQEO;@r6>($LI@K z%BaiCzDHExAq~#A)ldl82l=P8>|dx1YI;gAE|x+RGw4ikC8`ppR2OL@J9l$kX7N4L zzRYY@$A|vDvB{tn-JU&2UbQ;tHLBmAk@|Vkkcd*Y^4uS?kB-VIUoLnb=x`6J62hD! z7i?@+7O2RDnl#r&k}`vt&H!-7omsPQ{@pM-RXt?N!Z zxGbN$A46-CWkm>T$j$+i@>>kc@?lMit%#WISPi(;oNPVT$97R|b2T4A{MyOpXeXo2 zS`(;4jX0%EvDKO*H0k2I!FeEB!#-Q(|Ax2AOY-&%^j?sUxUnmaBA#X)Dv3M_GK_(hk||hQ;B1Dfg&|F znY(rxMXo#&dl*P_9lMx0Ymb`O@7KbDB7gFAw4Ek(u(SwX>#>5zfhgocq^l;T`>VW< z2v^(nUe5kjW%6VC%q}1cfHHeq6+OoOdJf9QDC`g-b4c}NsN#Z2E7w+1Y`@1o#TZ*R z4UIY$0L3)zI0-rmL!v|x$&7BpKO!0J=k)x7QccE(Zml{;7sUnGUuWU7G`-H>)JE`A zO3;ca<(=r&F|Bq=2|6iL(0bFRmMSY$r4?1VrGnKWv(?d&IQo!p5T(X!(yD+)ltfb4 zPb{e1>S|_AukKTdI)Dr=)~Kqh_rx!aniM!biho6e;z8#-(6$5d%c)C7*0Tc3gMEkp zgkf_Pu(#tkn!&aM@*hXOl{SU9o1hD<)~{TCX})dI|Bcalrer76W{;I!4U9j6p4`7# zjqzbvE|k>u2hdy*{gA9kAgOh{aD}l&+@>}S{Iv{sGu>p~0i0|^0*cIBTf{ovu86mb zx^b}RKmt_ck~)qke#gNOwj}7xPnIx-p+j>S>NJP_hg5MHBk)!nkb;{e$P$dhpYn_Y9pd`gxotWXAI_jSh!e&LXE&))Kn(;Jwtx$T+qf(V6|%qsXLijK)SIlJU1>pe?EWXKdo(w`{~Df zS!#0Y_y2Ft$JNUDxLQb?@qxS$iBq)pB88&!af~YdKR6#Zoi12Q5h>h=hVyYk!vFR2 zaesaRTC`y0e9#ciF@y7Q=o#_4|3&H&v9|;+6Sbblqa6kJ9dnk7ps6D(0pb1H-y8@DXQR346f_tgkSFE`hU2xOJv1qyIH-uCI{>K)|rS==%FKQ}V<$^afNk{xk*KRv9((j{21A(KHr7JhyihTtpQD*# zCh{3pl*?Q$!@DI`8#vIbwsBH=Jyj?WVs)&-Y8qB8^2asn7N>7FJD<*4KbXb;-ToTC zr$(x@TW!MbtML#wR&sGO=)>yG$-u#Zu*M>(1h1+rcGissvtlc=pXL8=`*+-V@!UM} zODn%6S<>NkEBtgJ(aFN8a7QPq4jmG$H_sSOc4hk)dg`I@{;`7!>jJhYOkYI=mkwrQ zjbBZcK566s3kG|T>!+|v!p=;hbE)^3m7$1tO%uw;(ddoJHERP%#{ZZS#gVzOf^+0v zg?(@$!tr>nVC3099H08@pje|mG%5ZEZVB6o_ty`zT4OFBk{x4~P4k9qW;WZ!K=3V77}Wp@w#f5tGPS(@k@gE|1Vxh2Vb{dN^ewmF5E#05-V z{2Aw&r?g|@7_Y*pCfuB23M(hLYt+|>jkq_Wa>Jqa4;sFEcOH(r!D|8Bb_ z{W12^5-!R*&QBlnBF-yQu-WEX6qe-?8N-@u&98q=^>HI#x%1q$G9S}6euX?JHcI+e z`0Py&k~7>_D1$%TzAGFM+ix~+J{a8>v}2=YQ&=U~fl1U6UZhz)l3xPIMUS3tx&W30 znYIr`Uz2{}0OW4S`07ViYFh{@){FyEFrL+eJc;W{SW&?4$6FQ?`-xy&W&AM+4v9!z z6n*cFL_nB~VGRZADE8QdtFYg$5%xzf2#Ey35Vc<)?yX_<?d^n9S^V;hfP! zWaOB1;nyyAe$OegF9iw94Q@gMu+&zy+Bx?+S67Q_Zfgf6u1f~YJiejK zJYJHS#}}m^UpF%WAKLXluOb;>WPxpi3nCw_sEzj0WHh!*Hj64z7;q0~uq=cfX9Ei> zqnCM(6seDjT-iF%JN8J~eO0u+Rigj5X*KM^><>W~t~PW2>brLadD8%zoQsvei}$a; z3@2b4eiv_Y{dK`0&z1O)jXUxx{)cnyTi=7us1Do9U~zo>)zzdNKi+-@KjLym?fa%s z2DSs3CSzXI`BVm-wi;1BJ)e5<6g|P(*6SKWeXw7&0-W;xg) z(WxD3rTv$qvga+gFxxm7b<9GT|D3})F!22ID0`gtllTI2XlIxSashnPFi3Z8IT{(u zcd%PK^j3f|nEVP5dU|w(@U11yf1MD7l*w*GNY+);F2QSF6L!J9mV{T%kn_$kG_rGW zz7S%G#r`3l2F3ZLg>CeX}veF)}#y-Uy9W)lXIHeLNpp-J_vol{O&BC zMoce5k!3D=ZyN)fBL}*+m0A{rwU}$xS%of>X{5{#5(7cq3z3I5M3v1csOwh)rh+PO zPE@(;I;+HCd$VX3FO8KY=ylY+mDCOJ(+Dow)|`^5&d#TZGW1a@Na!=CED_0233?zI z8BdFIL&m%h=%-L9q!z7TMA0!=5_ zIVCCeo~}x1==T!r`~oW%fbT~u70Fa|$+vD#(7L~Zd%D488alNzXXZppHy5oy_vfkm zozuD{#{BLGYbMSYZz0h;_B~CStR2<0gQW=pOSX6HWzqPvtg9ak><1t2O6b52Ckw(Q z(1CX7z!Ee4YSDp(sA1vA-qCJ*$Ctud%-30kP*g0mc8Dq4vSg$*mjv=VpG19(;t9*P z^{K+hQXpCiy1y@yah9#E8BPd|+k^Z8`}U65w=n`Fncl=PXOZN46E|7Fq-bE}Zq(jm zD^x4DV~kJ@o#2kHh+QC2&xKG=w0gr*bFr%Ee5JZrdP_xm^TAF^5UbrsS6tZj3DMo= zL^J#oGnv3kT^NXXvn|-}UVA00VZPVI%{TLE0Zsf`pVh=e54WRdtyE8GQd0|~X5bqG z+D8(J8SE4h z_%4rS(w2gSbwt+ZAw4NoXO!@uj4qhNKZM_q(@Agk!5La3bx5iSK?c&9&ndLu7G*Y^YNE7lo_)_9_ zjU$w>=@ROFko42GIV36jApbyyqL^7rfsHE2S0;a*K*j_AACh%27xSXDNPR@RPM&Bj zP_5)EN{=h!ckh{IU==y&KMztVb%cSM_?CO)FsnwXM0NLBxtJ$izEyX-JDNDlS%N?ZfgSUMO#lQ@WUeg;I)`QHvZKhu2YXU-zY_nrS3!Sx`) zg3kZb>7pnZre-A+gXWMpfHeUEPd8Dkk1h`(?Wu^cfdirLeF=nmfK&^J{B=@^m%bT| z>_A(XYiGD6M1S$2wk0*5f|%y^Vz$~+N)P{l@|ToJNz`3J<~P?$|EX6v{sA0k^tKlC zJ36n|)gi~!%@%QtS781@gM?o0w0s)@yQYfS>Q3~CPv3_g9ryn>!NP+@G0)Y_#daROb&;AQsXM1Y*Z|JI!A49*Wtpzzd{D+ zf`08@8$*ij)>$@96FAuQXlqJe{hY0WJw-$~5l2~CpVKc^m}?sg8YN5TC?_~bKik;b zVQY8TG?34`KT``HL(JWWApxT3O>hahT5oEYseh+4vsFdi^amNlKqlT>6o_ zT}z=VOKOQdf@@Muzra+}`Ae(Og zU+a!gmjYrOp}Yl1O4X?@&8+EyV|OBr+1Bb-Y=C?w?X zA&^=7ob+x@QsA5vk4{!XSqli&XpZk!OtoHx?$|k3NQcE%g`!`el7r>T_B4TzVVG2q zCV%AWk{txbro%s%U(sJ!tqdL9>7}{4W5LD5C6_Y;9)VO9`;)B>_IqRJucr;ZMpw1n z>`7^EG>!1(MZa_{(9`S5M;DVpppDac&w+GdKMWmkh-$9ehl4Ke!T^4XznO#KQkth2 zQQ6`ZB^@Mk|~>1weFov+0?ZeM^Oooo9Mb%LzTDq z>wN19BqPx#y1+r&S}}Z4Rq0*ZRx*+#!SGhr=hnYLILrm_gJMuApPCVq+MckYfS zD%g4=M(KmCeLB?_rv38H%s7|-I%v>3neTn(O>BPKszko`nO~k@wdl4){vXb=1H~gQ z|Efg(b1whqF8?cue6N9RE`M4gzr&S3+vOi9`C@7*I~)q-@qgZVm#OaBLX77UH{L9{ z0~$01rk#K~vR(B%OYj(ru=VSS3VpYEtIjf zT7*Re`S{puS7DMMKmR_;<$n}{E+j!U34(s>r1!?BtV$&%bj<~JV0qH!wd z|0o3g^*12s3K^-Kgzk3)o#hDHO7qeFejZh$*D{<@-~fSGwMKCMrfoam7A$&Hc?Qfy z$4R)r1r!6H&np#98xM5tEDH66qu>Zqcab7R*?PE(;}s<*P|2caNYU3_(a|UhHAE?i zrIjsqx)j^t7^`N#zm3IkX6VE({>Lr%xpA!pvAXDZrN*kapJ06EAgjLX6#gkv+2O9T zCRC<29!N_%8Q`EGCii%5VacxK$t54_5AO>}`OO48pXK*euO#9;H&pX@Unf4Q7Jn80 zvIk=aN)La|=GN5FeQ4ZDI_u{APg*^kAb>6C>S-fxRoCW1|0$M!-begDT>W!PM~}E6 z7d6Tv+RA9Y4A|IU6EGz+9q0R!9zbO z?m{nvUwD&6rBU)%e`T9@-bxuXh5>^EAfn$b16U^~Zc~4|Y?$nal&}husiqfaZr;z` zam+M`iW0=;P=Vnm&WVo)BFNTn(6IqlP^@E{9#B@tcqS*a{JB5_4#gUir}uhfOP?vL zV~?jr$NC`qJ{XLHS-(oDAbOEhG1ZHwmjzXP7FDdE!HAX2DeQg@S@)=nwHOnBA}ZBq z_M$`Lx&oiQL9M*(keJNNzZR83FM~;PD%H5JQz@o7m178(jtR8g+YBFY4ksfs-nuwG2UeR8fQ$mmW&CFPj`pjz-i&xjSK#%&s6#w%K zk5Yz*%nhPPEq&(T1dSux;X{^KzP**Bw!?9^2JIjNw=#GptI9J*FAI5%_EVj4ofsig z9C3dw?M>sYj_u_N=TjMham#-5EyPILwh<*vC1|_r7XfYC=@?$H-g5^Uq5};f_igLX zd$m^N2+6nFPbJwdBX%gseu#e!3Lz7aOI+b%l7H_YsD1VxQ>)!Z1e9;Yg{%l{zJ+$o z;hs*Ow70tx#ZqV=I6?SpPVo2S&oLV9NmHl{Y%5kV?HJHYcX2VK?3{Va6G*q#`ydB7 z^6d63Fjyq>tsKN%f}y1&aGK{HDO%kQ0@^|K{t7|+rd01HR4-3Zy(_6cOCj6Mhn3V5 zVbqHQ{ixl%jCn~eePg!eMj#$rgczP{boO1Wm^3&^0=u zjb!G^UhVDX+~WBM_dm-1qr?tDE}RKc_HySkDJ%B778f`Ot^6Kwpj^vrQFXQJmx2RZ zqqagB?C!(A?&=m;5#4Ap6kUT6IX>lG&Y!6D_MR3f+u1{8Rc%%;aX-NW_(pTESK^DF z1^=VOZH<-PgK;iCS*s_H^0v00OLsB53?#HdwH~&~FL?WXidV&A&7puxkRqDKDI7zogoverc_uUrJO`zcz@d*RP9-Dy3g> z9XTN~H>MASYFp$Mazs}BVy4wE`I&y-U*}M)U(7Fm-vM()zxYEHQVWFo<*3RFQ6uz= zWQF?W9S7AQR~pwRXe9~#D$d<-{c7^@9`0$+H571d1SlaFRLy>v<9>|S59l!7Z>>3f z#sbuEAt4n)cQ?p9l3R!_R2=;}3O3oVqG5b|tsTZwK0lR7cpjTNh}{9`C&_c zFfc!Jm<-H4psdIISY3o3NaJuphIbu#VcfwE!A?jGd765M<*D&5{_tZeHb+GJDKfSN z&Y7}#&@|#OZDBu^t@l0I^f!DErh9kG78_Rz7yBDGI*2YpV2e2ZILJBBgboOmp4$&K z8K1I0?n?K`aF>QzzZE7iXqt34KkX_yM&X8myd5NU;_ov2g~!lbZFbuilGIHUNNfZW z+_9Fy0a0$Mwwuh0uB40o4mS$+QG+9_+3{8rLzas%{j3Rl?& zl@jaUHgI4|9V9uAmShc`>4U_W0yGe zK+f}vgIQ;d&><&#S=3x}1EUJ)RPo#+vEAIApAFw{Wvr){wiSzHsF1^*tT4IA#ZQ!9Avq{cUtBQpdx%h|P7l;BljYw;`F#Upk`a2bd1R`d1D-acqAP&X8c6dw?& z-RCf*BK@Gs9v@8)QCfO@o&_mR+E&BZSM(@Cfr<{k(|tm*n?%d)EYzseEhE`_oIA8? z4Cz$HN074h+v&aVDz{I#oe30Tb=dM%Rc%!kTQ4^-RYWI|0M%UGzsEA$R<&_12n`s< zs0ET4R>It1(o7^$?v;uJ0>Z}!Y+4ZsjO`N18NtJTT40^@0Hh*%l*p8xdS3?IiCZ9A z@rg3T{q(d_#GNL@1@y29bX-&)fh-2C@-8Ma%FJfYyh?!#8ltEGj5?YTw}?vtAZ;88 z(m$fPSoOQIC(Qmd0 z>71ZYjyB8;Esf=9vue~2HR_AL%KiWhR+r*7NB2UTKWlTe@thhD>5v#{*RdiJi{AEA z77$Hxw~f=iwCay?sBUdEPl1@@`Y$9~2Qk5qmA^w?(rWWn>MFva_?)b3js%c%TAdiA z`G(ZYq2lDM6KvukqtBC|SVuqQK7m(mKr7iVZ-MI}U2zU{i=_qh*DR}D>Hn$;`2;K7 zP!sYlJc^MfL`W67(GcH@>E2+oaZOw%ts;Y|feP*HKVTGN8&b}|omP^%gtY_0pxxrO zv^|T?!%+0cchS{~PD952F<{WuF}~n^kX(a_z11NYkUKEfb3=|uBp$latQcp$1##nS zvb))Tym07EM`hO`w0O%O4@X)~G3GDwb_#Q+wpijo`N?7&4T9sXVjPozBl?N}OCSgK zK)PHdm{yCEm{g(b$fT;rJ}-RKbcmOwaoK|H>9{#A-_nPr@SZNMb9W1)OR!Jm0-K-% z>-$w#JA251^?jH$&pgI|oXy6kv!+VDnjv~MzQ;Oj*3mA&>92^e=TiEQ zWcE~XbR)shXSdLF@kxFuos5;v8!}VT_14uI2ZC#aYmkvl+*^y4h%n;%{YMrv z2STFE8+ZaO*>Dc$0Pf;ZobXERehD{3S9+Yof^+keRH0N^egd5KaVTxg%g}LIf{s%g z_r{CF%ZTm(5#2!{MmE$`AYE5Oaeqc;`OM;C+qq)3rQ7%OQmn1G*mHPoRBB6=E_Q?z z>nbjGiz}v&eT+~Gd8mE)TgAn`>WWpDt}P|CjXgOKGDY%PS4`duX=}E91_N_749j`( zCuXQ4O^cD1JFXb%i*0DU5ro$Y1y>XU-%Vh4OvmkL}UWOSZ) z++&XzngNgaR*T3!l`?{ePYV(E6ch0&5Fu?)n$vT`$=})4RVweyQ8?+xvrQ#f5Ra_ z)T$Ol+l!M1%hJEU(r^7?+@JU*sM>2(abX62>pvYcWm>9UsCufHsz2cXrf63g8BCC3 zYm1Bh*cB_&Qd+F;lp?*D?TQu2AhjVf*az44Q$gQk+)UVp9}A_G4_F087Ihvk&O&{* zeiMD;Ld0CTAyxeD9jzkos{jf*wd?ADlSM?Q74v%Wg5sga`3$F{7MKeR?-kLmzNXFA zUsFbEnqOSg)@5sY6PG8sntmhh1V<@6ntZ3@sf@Nvl$w4~T+_|i+PW@n`HU2Mytvp` zT(L6Ra*PyvySUhAPz=;VLKP9!TN@q5{!&MM8KwP{;M>_hq%b-65C@c(zq9U+d!!UQ zy13ZwDCVsD8J-Nd_Bv^@4%&G1$fT#?n)|}HRH=58vZb8JX%+$iC4GK%4%eAW+1Oe0 z5avj*ZoD}Pw-?Z~Z*@FP`#^Lrl8^~&!5ECqe67)i0C25^SS2lVv5W`LN0)0M@Ec$} zRWb*nQ#BJK1*Q|2PYj4sAEBw}o_oo!0$ePcFSFsz0@$F&vxO3ksur_+^qXuutfuhl zm*DuOlDxOM-uf2p*}J_@&1PotoX{(bEAVu(DOs6U`cvHg+V{kK(el& z-5e^8x#coyO(0n?LaStK#LPs?F;fYn>{ywM=i`lTK8}qdY#lct*RETG>8cCv+vpMX z4vPl5CjVU>?YZuW#RS>OvokeS*A^-<_)S!5FxAD)gL>*volH)ek>t!Mw5{W>ZOOlrH^^Vv;r^Nhnnj-H3m*wtu>XrA1|H zlM=Qz#6UN+w(Bo(wb@?FX@Ss(AVZ-`PRK3)Nl2qP#}x^-0~N3x=qQjNM~R$`6dO8% zkllstz7Qn`wdxqFG&2K3{n2yKLlvr8gXhVnZCGgQ+)7gkr#V(7Rk6KMv%W@S6|ldz zf<`|=PZmY%t=Lw74Ix@tBOFWg(#L^owD_|MH4H7BgC=A^dj)ZryKbajaN8mRQ<*vP zS7Cx_y*Bd>!tcAq{MI%@@Dfg4jD6I=lg~8e9_LdsjZNLPthei?<5kD-bnKCr$>J^= z2e0fco`(Xs{O0tZz9SZT@rb5dobKq-dhf6}bjtthi(PA@0@$vVjo}`L@Vtm$&l%Cj zDU2DeGyhpTGoXEEzFztW+Yo1x;-1tvCef4hmF`4Ox*bmy%EX$d;z#x*E^lb7#N!L3 z4;_$`A#!MA`Ccce$dug&E^_Ra=t@VFt&XyZY<1{L8(dw3ug)s{km!Y_kS}uD{xscE zX?AfXin`Ji;dKB~4&9NGglKnaOYpsNp5+_$qa9K+q%X}xh)>0u>`R_X^8g&xxFxkO zy}rSHiAvCe<-b144+gUb2J?6PiD)Hs22s@3AGuG4{bfvO%}A0gN%nx$I_cD(Rzf;~ zrPHaJjhl4#R&3|7$bvy9R~{k?N@|i7g*1!yp{VxrhE9=03?~V0!379-&8>9)9=nV| zS}3-j=wOU+HWM6X>JpZLYhy{vuym=j3|vp5WpFUoGI(*@9y-D@Y>KUH&N3`v`E^=` z@fV9_09LUKC;-cF)D20?;Om^WIK8B#W%%AVT~~n|X&G=1!r6m5H{Q$oE=(1|y|dyA z9S~=!hz{3YkBVf`rl13+yYnZmA5MmxKFut@H=(lIvi@OhLs}SW%R%xfsuA~d)Pn%x zD~ZCZzk$N{YhlzZg|qHccJbh7WYy2b01bdLbS!tw9!=^kmriVC$3nkVgMQz82A~E} z$sVYI_`Sp6zd4c=Z7}p0Kttq33+#TsJ=Z^=Oq?IM@h`l4>78vt%Nm#~?4Npv_Idfr z(EH3GZSb~5UmUO zeh2s8#KN>2;rxDKI0$Z@(qjjR-U=O#WfvF)UJYfZt5}168_Nz{yd_+`7uHQK{yG<2 z9I5RL8d8n69~Y$4+|0lwsU$+8nSbU1U@}XxMwlGSphyf zFu}0M9<%)gy;v<&fm_#i7~-V1U#B`c^sa`C{o=h<`PQJIXsr3`YwIY8C$++zImPG6 zVb^566ytFL1jT#&V7{$Q>w_8%!4iIrvelm-2<n#%wW& zjwE!9lpBdW?lZo-bFKTkaKlKUhJZ@-pGIfzy=~pwai%0}%^KaFU&a-cV{{|_f<4I0 zkQ(@6mG-?F@WS?{OGGQ+Fn7Hx2J5WQWU%jDae*ZgTUMiQOATV?VKAo`%;+6~!FND8 zvWR++Cu4ufdfu0MzF%C=&S5<}C?}vl1rfk$BronYBlpgn@X-2<*aIcWyset#M)qGx zo{TDNY>HqYU%@*K9>QUw&aBzK>dFNI11~W@`jNiFPOeys=3pqoUV;y;$w`BX=0sPk zVEaV@zp5Vv;g(OZ+1J|aFxU*=TL&4db!=(zNcIj2diCrFb&4u*PBoDUD1x@~E=h{K zP%Wb#k4*M4kx^uNZO=qM6#ylw>%SuXhl{0u<9V<`8aqn>zFG|UO#(KI#JKYpiUzu4 z2{?8n;4#I3dlC?E;4W62Xm{xw4LwL40!NJ^oOsuCVzwH`qndnwamG%9a>=dnQ_xM( z#s+3hX5H#)(8`^oR2a2#Gwhd+4&KUb`%i1->V1BZm3u9+5IYEjRfqjBexbn%(E|uT zeDwPLokHJp*vr=cH3yNXeo{Bff8#R6%KKf~+dAxveSR_j z#`1qb$p3kCZR2r&Yvwu2btfirY~fxc$}cw(CKPCtdIvV%CKG#FsKPl=pwo##8}%bF zwcu=;dPH$1Ig-mVwX=grFm)~c-ZD%*j~S;jg+9k$C7GHoOl@MrdY-8*$yAmYl&QC4 z6x7sz*iY5e0hcK)wVMkOp8JYzhfbeg)KX~&@k4>Inz{l$YB{Dh^GpR1UApP<6m1@S z78`P2E7oRw$efvQHaOeU*9WPdXuU@@a_SAQJ-5BL24W4-)4h$R1Tl*{r@ zl0;MSBWTo*!2g%a^N(fJkpD{{2<^2~2Rl7x91 zc(WF5!fbH%SNZ&+ zmj8l-u=lQ`B@nrIgidG~bG|i666Uv5WeFoMmw&*CC|3dK>s8BN-PN^UpjlnViLq}C z?IB07-J2kl6I7oHGO>OCcOZnwz!!os4<2EIF(EeQ%QnGjg7vHrt9jx~pae#d6+{OU zojmjOMJco(EJRX%fO0?#aY$IB9+o{0fjpWm4uR064q+#R+#V}c{GhmsI#%JfAJ~CR zapaqc4@}R61Tnk#?spjnd0yhIi|_aqk54}GEEexbq@z;rd3J}98bOH3)d zC#1|=e+DErHh}I@s3$`xifAqXJ^j0CZT-PaYX-b;@W2UdB4+ZV&Am>41i#Z?op}8V zR;SDQeHS~39Re=Q*YQQ2j<)+)_4}(GcXHUv*8iWsSqc;NzqpI7e{rSf|07uQCH>RE z4P3PA9rm);{9*@@Fleuzi{>iRrw=7b(74_T{0O?rh8wimGfNw^%U)%z&LGr9d4zkc zLHh`e?^ki5@Z?&`3YZT$Z}U#js(*Me;---1m&{~y6W z_s1x2blA)K=a)K&gn#}PoXv8LKZzts<0AwRG=9=f>N(1aY+7mZRscMxp~LE~2seh{s&W>*kYZ5ymY?48h?n zrvtKwRCEBY4U2?>`mJwo(4fAL5OjJmK~q6ca!}v*0T3eNn+)pabL$$^#|hSNg;>oy zCj%wuEUT>JrO=PVLL9NWQO;^iy%lLZsK0($IH*IrBu=K9Rzmz^rHT=Q`f04fDayl2 zq8oy5*H1-RJjUPjZI1DGXIt*Zg_GYY18HXFWQ<=1^;-so_^iOGyH1IU8>E!o6*6yD zo)nN}$LeJz#_DB7V>R$sMBNMxs=l{ql+Zb$7urwl-c2r3^!=}v0Arr9`kwOnMf(1z zgU~$?=(f7#mC$#cL%$TV#Wwxt^nkO!1oAL-=;*P&w{}V%yef@7a(|;Lp*VOc^!j7M z(htKIMd@}h-j2L|6ujMqDe0Zb!dE*aMibI5$l?g4okLxgK%)UTsy?I0zw#b=gSJU}% zO=}!kIt;99)bo!`{Au<2M!h>6gdO!{xu^A;S{FWWnEM?0u)0=7hukkhB!j)r${?Ru z0vO7tQrUtYX0kyn+z$cg*zXF%C#+ncJyx*qx{j>u{xe|(xXX{)se`<4!oUC7vipF~ zFKWUb2O(E-VF)s3V3#`>!Z3^rSYN*f+~EhNf%i_ZBZf2q>(V`u#T^90_jsB_Y&7cY zdQW0-->_kKbJy`0L&gQ-!KsKC#2GF5@g-gPhVX)aR)?n9Ti{n3i^K%ZYE@I?+nZrJlT;#rgUKE2^G zCQ+`9(hvpPpq^sz+h8rf$z3;cENl58#jSB}1G>g{Rp2mtsT$PS1Ex9IPzxp0^dOcq zV4fWoifoiduc*tmbi$e2UNQ8;%z&QBT=4CTf~E9M5Sapzh^HU}z|>bDl_ln$2sa_A znR4f=v0f-w^>JT$hqi$n^vHBBupA(x-E9*j;nhq)0I&nrZ5ixgd)KRCG#f&WP4hHx z;AR+CfDEA}{)ckJUW9_bcccK#ZUlqd3dw#&wo!JJ0=j^z$t^g?|GEiMVVRUlF>B;) zI#vJ>Rl)@+c|RFYpb4=52KV29^gb!8TKN&&5&y2$4!^frS=JqSYn4JIr);Cel;=We z(uLjk3xPn-c8acUYQh?9BIR!`F8|80D6gX+!kft|H_guiX~8~p5De75$Mlq07y(f3K{L zA1nTGlq#z^{Sn-r!CVJ^6?|nRz~b|CP#Z$tAjWTb?Zh)`j?U$*Svm~}#;=A>exWN@ z<2Mk>Z}>%%#pq`3oJ5hd# z{;{_4$i!GJ7Z2<&gh;>O4&RQhjRfJC#-MAOOMx)r03roBX6A|Pl1f$6uUD__&!un4 zw%jtR%3WwN#5FY%Vdo+pT_+3Tqb*{y4{?4?YwyT(w@z5P);&K#%p71V?O%S-g| zu@rE%&2Ov4mvAZGQ^Dn5=*n-S`MBD?fM1Y6i80$5sby$8#Fkp^sp4f?r+;c|XICei zEn29i1VnqCco#Y$*7`~SIK>cg?j>Abo)G5&Q>1-RiB< z0}0iV22>PfY=E+BZ{h0pkSh-AUpk76;RW*Rr9(S3wU90%%x+g5Fw2CIs+b9#z2q3C zzNAPTRcqsco|w}Nw~1-Hjg=;GQu98`td+J|Ml-)Ry^x4p^O)6eVIdbg3M9i+vMm+% z*N^(Fwg%8kq4EQwb_{`Ki0E~0gEBVLEeI|YB*j`HT z-C4*llL%DUTd|oIK}_Bc6QB5-3=?ih*Ei2_(fSj&kV?MPW0usGw)*|n>c5&`@1~R# z6kBE9MvWk=4>F>%euDMKR{z`;V)gsb{QW8sG1~YZVYK_quf8Eh+i6x9v4&CTD`~WM z5LyDGt=pu%vW-VgKv>FX_mwo-j~oGwJ5i*Ff@-w!H)*t2W?NRmXmglw?L&@y0IA4m zf1Nl18<NTDoT zR?~H&^segSLjr&KJm}hm_+<=k-BPMTG_Bg(Gg_NkX{~H?E!sDMwn@+)S&a4yqU|DA z>RbMbKeZV!>1e$HpCUiKe9h0pMcg%NC}MHzSb2OcG{9sQH^48*;f*yBf9UX7@e8T) zLgOw%+bm0)dG&D6B&!+XEZJ?>-jm1_HBZr}2*7n_J^1PT|E6;N*C~d%Ia9vl#`6K` zIGhh;i_XNgo)s@PCC|h$!X>qIU+vhu^zayV$%3ECKmDxlZ|1)kZ{2FJB@FB&<p4G67>$pXBY~xYjxrH%+V)>43vp)3kKmb*z`pk z!}HK$iQt6OFF!u`@j&D}Cmsq~zbKPRbw!l={?~gio(6d`3_^ z1+j*~ptgST=KA5y-REB_*0)Bkh3|IXqV#>$nMYXY z#}u@x)`8mgXs+pqta~(%{r7Dgnpz3Ep&5QE(ud>u>J^7c6h$7dk~3r=bL<6=Q7rK^ zd%)~Jkxk((xj6sv^iS+*>rAN&N|R63qA@C=W>do?xw1imzO=-!juw>ZvefJ@ip6N` zvT(5fHMF#JOEt7=Tw21W`0Fs9SwT(Ul;s3dUX4S%|c>Dv_!MezhJO6n^fru*H=!72WK(pekX{7{gf1M z8IofPc7LSX3W9fJW&Zb>_^f8E>D<^keJImC_k{+az!X0J&3AaDlfUCy#d&(8Fpsb$KTokH3fL@9nkG0*E$rox8x> zgr?Z{-Cdv%$g<5-V0%KP7U$A#FcNnBpxzpZ-NAY3`q5RbHe`ekOfDuXZTQ&4-}#OY zgk>!s_`q%O(yh?6*?L@EZfz7k;%)^r6;aMtv#mFafWr02b9^_PLA`vd6Jj7K+n0 zC&XCco@^)j47*s+(^f`; z9S?&zgO{D5F=P7J2gm|d2>K$;T!^|#voI3l4?hYh(T9p0#NOFWYMC@AJS)kug>Jh;Qrk$cwd^HzYp)lg6+b^VAV1Q zxV-qX#03Z0&VlMhIIAPvP@?_C%PYdD2h|(^WzYlVXi`ij)SMi(>NL$c2Y6dyHXd`% zPx_O6mNrJ$DI#}(Ek=AJC}?I@_OV(S>PEhIg5e=I?=3tKhs7%}im=36{tB}9flr?u z(Ff$V6guC+y#dk_0Sb9*;xH3wkN}DM4oNby@ym8!bbtzbS+ro4o@o1DQ&IoxO|Jqp z+OLm);Og}7Z*Q7=p*TJbK_=GTqI1HmN|X1pAxibf+chKXk2gpX9>eZV3#Exip z#NjVl!okC8PIJ*0{qIn9oMMlLqY{r#Qc1+!Y1x(sa7}{Sm?qsi4_H~MYUrQ`eJC90 zUpoZ>FrDXLFG~M9cAkL-b$4WNQl1y9szck-BeARQ=lm2o_po{TWV%-RI&~}hK3i54 z?Sv2qLV7o-5Qr0FNi|wMmq@|1y>-VR1+hRk-xw>&tX@dcvq24Tu2BC;T7R@pDHscG zA7?zE9H}?Q)ykp%E8}mFx(>pun`h;6W{(RUfUfS7L@sWdT}-;wDdOP)F0CYR{lNn_)@wmrFN^O2b%b(dA{Kt??Dxr=_dFo;=ixoJ|BbHVRaFV zxAq%-Idq!#)%=Zoerc-=s51Uhqnl6aejpjH&}Ug7j*(dBTljO~uR)qCcku>|lwTxi zeGFN$wZ&fagrFw^q@AT#?heM}tg)$E1`GWHqdXpMkVB=NigAMv~bAMv~bAMv~bAMv~bAMv~bAMv~b zADBwenn7G8a z!`TJ#T~ABIH#txjr%rSshY^j@5aAR%KMmjC9J#-r-V?|}%q-DoZ&gy@ykop>)zB+l zlX&!&`Ao!Vx)YNHK08R#61ptR{+F)@iG@tQ&KwUYE^)Y8@mXPyOt2mqEeg?caA=uB zDIm}c6D<~t>*iD%fwJql3kH`^t^JjAYiPqWiyv&p$TQ)ct{!}uKkxI#+TOMfq-@Si z*h%UAu~Ua`zL9ngBkn|K&)yR!NS2A{6X=?@xJuQTTw606MJ@H{aSILloTjl7J2as`%ggB(cAmn7Hw^2c525G{^ zABOB{Fg!EF@Jt%l_&$Wu{m$Jdu^6t0z0+F3<*!1&Iw~gfhCLye?8MxXLxH9m9#;w`Y;I zu#M3^Lsn;9v;GvQ!)9fbL9+s*H0zLg2NRriHR}dTw+e)X?Gj(8yBQYw-OYx8WAqU5&kyil0sKlpDie@f zWA1MsNv@z$vNJW^j6M4XB9D)w+Nw1viatl}4{Z?_W)7 zb*^mZNLZ_@*B}j+#Oq~0EQbRYtwYg%K=-5JF7<5ku`sNL{{kbNe;aYn7%jan-O_~p zob^r@o(5TZ^+IhqP`v^&x($%1AC;sycK1iPRURt!Jo&PeC##6~6q_=LR~SCYj}2vz zvgrdf!zlrSeZnAi$ZZ&dq%3+H|7;k8PmmGygvel@Flb3W&S7cYQ=!;8_Iz2}=8}Z) z1ZTkZ))z*%(fC)3!+^DDY*}hZC`dARStPj)wmE|sXROV69?juqTF?8tB2%T;KZkqM zZ-H2hM1%a3Prrqk|M0}gja7@U(N=?Zl$rq-_N~kXkB!faqEA@B{fwJbE#`t`Z<@mZ z$_-6Szg4yP2lx%qxiUj>nE@mh5DKvS9nrm%tt(og`H$mBm#!w#+>aBpffe_B4?5>noZ&VttgRKxCKL>Cf_{nc8=;}8@?BZ6`IO|B_#0y>tpO&K%` ztVr6781MIjws62K$dSoeepL0kU>>&-6}GjZqFU+fcRTT!-$N+qisX)tz9df zI@f0KGm|y@R$bWxyqUZv;2zB8iEJC5HkYbdok3}gp!vUM?h`G2T1WB zYON)dY{6ZzuT3?(I-2F3wiT0I`e>KFbCOC+;mjE8<2wOs2i=zubS+I=mDjzJ-r>?0y7Zrv#M&QYJ&srpNkRp39Eu^w5^{?qq~&FsnO;I4)&Ob^{f(HH z0N)`o(sBpH2;R?$q3$BoQq~be1+rWmLoOtw z+#FF7@{Snt3_?yx;b%xi7!5skgWJ#!F zVyH(6bz4cO3u35tLdmhv5p?BZs7ndeL|iLwv8m>wAK13JO49Fl>1Vj~Z%O)}UHZ{3 zeWs+p=F$&x=~Iwi)h#wpLL{|>Q>rkuSTR)Cr5!Z+%iF)P_R;h+4#v#;o)RRseZfka zUv5~?{W+6Qo_x~e6Hmx280;Y09CoDT=Jn^Mufj(C9*i`d7->2XH05q222b1V-=*?b z!k(=p5XiX<&Z!pXIPxiT+VnDaNEIUzoT6O1T{Af@E#*(RCkTZXjX#@`D3 z6%S=v?ptGPGr5^#$1|(WX4TujDgK>?+|0DxiDNOyP8mA`(z|#M?7&^HlF~SB^32I+ zOg@vsnor=;=mso0 zjTTNtCWIrxW3W>^L!rgL)2?e98|m5xFHg4t6T3VyiWzWg{dAx%bfRo~q2iVyu)ums zG~4Yoq4cX6@UK;RZ5yQ|z!J9Mf)IGG0C?Pde1zcmtdKYCh&ygloWjI?-D|a}``Dy& z4i`T~{8}_4P9;h+a^C6MxnIGBDqm6C{iq?2G>T|(^r6% zr59J|I+89c>DJn~S@svu22eP8mQZ+3Zt|>i#9Sp?EX6X?&_bqo!@f~rK&pMG8U#ug zfE0Dtc8)&uRHd4-!-KvLLPizQi#C&QgAa0E;UqCaS6`4YLa3{O-HLTpNR7T|(OR*( z*o0O5e)Iiu$oj3~_lx4&(5i5zBG$P@X_=M~T&U`t`TD(vp?|%E#K!S%e7V4cOxD%i zwn{C1uNM(th{|{^UCgMpDC#dHOQP7+)tb+%uHrz-Ptk9)SmkT`A_ULU@@V?-D^;zZ z*91s@z7bMn0fwJL`U$m98@A9ZY#~g(#5fI@Nqc=@cV`b}atoy_8!+3+pI$H2UVK7n z23ETJn!YHLS?E8eD@xjLmb* zxw~r%%MG$*S5ha86Z#kdn1hxH889!8Wu6>liY4uq-$kt>J1nC4To>uE>S)Z<+j9WG z8|Lu4C;{yW(XO1^iOQ0Mxpih6Fw3~UToNIoa;>sV$<$tj5pMtrlhF7-%Vc+5a+*gR zAa99iefFpi)UAbyidrZ^RQvjf`uuu{B0*9i9K?3>>XFg}NE5xG z<0ynY&Gdw-MD|S)$gR9gR{XcD?l`$FT^|dVmB(Re3|Uxe4j940Qeoi}BU#vujz@2L zNvv#+s)Z$}QZG(U+Quqq&E3=Qir&bIm^x`Px@CD{x6Q70L8uP>68D~HEa;GlCFY#T z(hhN_F6+cPe#Z5PWN_(6#O3obh?{uC25f)xg+b6bg?A4_bDXl%aY_y z2TIcMlC;XQBT3>ybh@)Zl5~JTxr>w~sYa6An>Q9N%IBDU4tb_UzH?xue~IlDoO5gWJx+k zlH4=El5~h9{Uu~*Pf2n&DhQOuNdFc@oYR=IozJ-|&Y8@dVI9&?=KeTmU*t$H zQAg(tGRtL-?nh&ojbj)F9CmXsGT>l)V)v>T_L)tHPu59bF|cyn{ZyRUmB^f%F_$=! z1QkZvIWD35#kg1&#iGM}&cEZF^O6Ybj9g|b^uHZL9mVqUh>_%c80YL)TwcP_0=4B? zUg8_Ge3y*Jl*~?XPBc2?7W6OkQ2WMEzXMcssn7Xrob$`#@^d^?Du&9k{9!)l3vteQ z#pTC)s1swTqgejGGLMJqS#w@RID6srxaZa>xG5@~&l`+)s02N*8 zbFPhZepy_8j)(eL43%a1!+g#ian5;C9wUQlZ;@s~`R`<&m$IcB3o_gN85gRCFG89JJ>p+zqBMbwLd03Ac(WQ|zx^Y*zqX`h|zj`H({Ouf38Fl7=@8;WGInq67# z#(TTpCO2=8+ieiV9hicHgVv(XfQ$Ea5l4EcH+5pA|JjINP&0dqAm1>QnLYKy%mwd` z#{!=7rR9JhHJe!W5P0|&-P>BBn!k>Z_ndqvs)2ss);Ga>KGg`faA@M>6RWPe($<{M zocPd-i2a_(x^+J*>ds#>gOEzY>mP-NQvw=XJQlNIpp*KuW>jWr=7Jt9`124rd}DcT zj!a<(kUQwc&nA2xVTpvSGx)z!Xv$A*%5bHBuOKsDF)=+D$0orjx0wAmhH&gO#v2Fv z@(qI^p)Xe{hdNssmPS7>m`5*RxSr%;PXZ5tw+xuO5^1%}!+JAhToLUp<+woa;N_+j zmUVD|0BSKxWJ{w~_{^u8GI?+%1^L$|Wn5Zy#5lSD^romR?sv8Rb}GKga5?-QVYSiqPMT_x*@3gs8Xd$x~s=JfYw4+J1?&A_RmG=^8l5 zYi(prH|t2OT)IbpbUQL-dyG98w1zG7TjeCI?#G%W)wN!(A65^-@Z=oG&mPo(u;%rf z;oUf!!p@Nb4(5ggjTIa%L){4FxNTXP+~ekR+ej}Fq7Oh8O5%VMe58tqr<7c1wBL5{ z{^&G-##`-Vdqi?Qg8tkP`@3sEo*KdeHMF=A}d5Oq^U@wOH1?gaFLI zXXDIRR*sS#3or?Uw#G9-QfYzmqx<5TK?EvhoQ)L^ZMAl7Cxv)G+OSDUkW`LZWoL;cR5EQme^UfEylr;>B=5Vv~|3}^Tz{gco`=>NO0CA(B zRz+E$NbwH@0WB0|3tio6qd~0JKWMZ(tfIX5ry8C{Q#XNZmz1iY^*x0=glARM_y^n; zXtxL?Rm8wUjEc`i`}AI4!GIOQ1L^PkJ?G5axx1UvBEFA5J~Vsp+?g|H&N*}D%$YMY z7Ym=xluUioQ5lph<*{208_zC!1yU`}s8C+K0y<(?z2Xv|vH~F5B;2U{6f_EHr9wBy zb@f~xM<1kU@x-U=_K$bfJ9FJmG~>6dx=BQdTTHo5j4qI0t&pdo!`P-{VF5Ml;%?!~ zR&6g5s0)PbHK<}}4<8{f6CB~C1ZGybc`3U6V-~!$QUS0kn&Rd^0OONbX7giLk%db3 zI4$8`k97ce)-i+d%ejJ7ah|Kff>5f!XZw} z7)D%FH@i%HDJV39K%AAvlby9zClE(T7E#7%@zQE^6Trz*K#EfbAzK}jE>4&vyJmzr z^-TIa&btH?CS4OC5KoXvqVtp~TY$_zI8%Tj^asZ$)mGfL(PVumn7`Yyth#rc28FJI znfO5w!f;{Nd});19LPHr)0c+zBxs#%cz!`$yf(Pt)JV`%+mQ^hfFcfJu%Rjhj*nDjr9tt3|JGQn56Nm^W1XW`&BP!u@fn z*apY=WPIGMY0!BvHgy_=63`&BjPDIS9j{hxui{(%kmZ!A(|jOv8JPxgF9DXx_EIDA!1#}w$l!LUuwS-edwryPiY&SReU%*H28YJ^tL>A zsmaI6e#m{&c;;fA5<|ZPrS`W{Ys}uYkFAKTJdm4<1?Fn`>$ezFZ7176Kf;D^=}Dln zAOt$J2Z?O_F(46t2!9|$RB+&OPc|Cpu|Cx6q*2FhHc&Ik*+EVeBuNbt`T+Wa=%z5W%4aYgzl+-tRTFiVa|J94B3^UpRA>1O-JRv9FDV^7m#6soy+3FS ztY!={!$%8rr%AEPfEEy(-Lfg-T%45VY>q21KR^-R3$`JjTfSElT@u#fZ!lbDqmLa0 z!pWIkGNMdI=V(F&f?ov<4`YF1Uj>h}k5RS?4OfX?|IbFWfXG&)Za}Rv2vq>oeZa|u zu^`1iI;Mg(f?iYu*mxX&tha+(OF=?6+7{ZP|3ZU7vbu8XS#GVABX>o4jIx~UcBsiy zu-jn@S-ORDJnp~9O`8Kb!vW14jn?ZbpVlJQrx2vvx!xnA1_>&Wu00xG1Lnc*=67s_ zkdnKM>c4pcItbnhG_^@o|Hp9Ro>FNeW-`d)S~cPk&`!NBc%KK3t_9`RMbqz-;IkpL zZ3w!TMnQ10<}cG)3GXC>7*^}>*D?;A*gH|4=Jsv;;A$-71x?NC*H!VjzEv)3n>OOU+% zoSJdVaH+E&c*LJVP8UJvF^cy>DmpbOpdzG)VFy%cJFZ%MxMgS%X9Ht?`D_QAZWVE1 zES#6Y8O-u|wfyynn5B?Z_Kn8Mvf$?kWc3{iS8<>mgzyKAzWUY2%1b{ViEf)|xo^ZI zc_jV#lD<_84@RXeRoe%=jMSwuR0_l-2lN z8~B<;h-w>Or5+vzQWL`oUuW! z2%=$VS)q6X7hl13oJA3JV0D2n9>878qVAmJ2AY zvZMvVV1&b<@tiUoP~YINtW+lQnRVMa>xtlY$)18*6TL-*B|0qJV)VzKpfkJ_w(S$3 z>mxe2?gm}CZ8jLAI-(;Uk|py5IaR7gUd`_NA^JcQ%sYU&Bftj@lZNIUz~RRWa8@;!kDU&P+$d$b6;;U462-qEm5>u)X`&I7@1%JI)0ql&0C>>NA6Do8 z;QM6*!0!Vf-~d*j>D~22+7?4RR@kmubu}3FFzV0xq4{gOoiXng6cC3}6_my6=`Mq* z!5*ELOs{~(&iJp|Rcp}bGzrFm*f_FrKKL)vX3QdW?q|Ms<}C1RyTN1hJBsAype^_f zPoQ3k*ftp3!<{hhu)HBhJqhq#=Di9bH1??-a2XK1iQ2wi# zK~8}A>k=uUtOL5s+X{H6%P3Z_71$(y^^KAsWdlbx>3P&qaEq^U7Y1~ z15*v*kserPQ=$Y-V2G?@xmM!0IF<|+9rAjZ$4B&4#aDajC`!6_%GP=k#HXoEtl!g4 zIv@&la>o5sCs-DoIIf-rlb0yanigm?iTjknOAU+fj0L{$5nD zI)5KfUY-Aw7s0@HMQ6-ZjN{9w6 zp=X~GqMm&nJTcpX+PVpOZA`>t>eH7I-SFYF6AiIm?mp5 zN23^gGBC;LB3;!tIdZ`)Y@X%|u;hyjPj|Z`Pa>!>Syf^YVg_Z$OWD@wa}DlMD}Zm# z%eqZm;oD-|Jq5>}ZIKS0h^EgeAF^Jggn1_*C}Ar7gq9gFj{?lEULa|j8JqNb#g*Kv z9PDRiAmDZ}G+p{>LW}WjekcFIeKi8j$MU?KFy3wH{HWEVHR^h5tyE~GJBQtOW~OGZ&eT z1>0NYcqb?(zZ?#whLLai$~*n(PPT9mtifO7=<}BSl9@6Wq)@{okd3&|SMFpOKqLf` zi+uqZ5?o#xm7iMrX>n{;>6Lc669z2~JnGrQmYQ(Aan<$?d~;27YqyC-z%DRXYR1|p zS#HiET6hcY=NP4Z>_iMgK*z1MKSPRmjowBva3|Z;@J;fT3#Z6Vu~XO%AE`Fn27#Bb z#oG>HzCpf&fHzmwhp2J>wdmIjod8(FIUYf7Qx)+gc$Q&PbY=}RsC@y%-FMts6SX;e zXmB4%HOgvgn@c@Pu(Z7Ux>VC$HHciRxDp9swE)seR!dd&x~>M^P}kMs_epEipM%71 zvNGQGT%!m>4RBs0?ShrH=zlS%4mwa?Fyc2z01X@3Db9KKtv`_&qAAITX6HS8V-u9& z`C1hlfL&cV1G$M)$AGonj}PrELVJ-xLrYdr{0nf&4lbfZB}>#D(MzQr8lquMRvfz) zmLbGpC;^)0GbB!FC$X{9CgzKC=`X@yg?%~u=@o6^jiXg)3>!J1kX1XZbEQ@ z+LYk@vU-qzhX#rGYWdqp@Owd!*8h zQo)60@k`4ozK_G5>~)~?edu%qsA?cz1FD{a#ve43gWsrHFb$|2v`R=>k~Mgs7PR`Bo#h|iQ7jX4qyfoBbgGnWDQ;yxGJ5>TvL<5}MI zD^Whirb=`_ysfbuR-gjKN%N&i!y=iKy&XY3UQ9ofAS9JZ{c?yLh*M2uB9LH+keA?z z2!co?vCR<4EqdswNDY-d#=UXzYciJU;>UV=ZGdM1ExbY z`X2Jc|88HjLs#K2QCd=`L)0CFL7g8Gzm?T!Kj41F}yTVwWUMHf^k4vftKVi~g!YI4S zC|PP&45c*O5F;u-3Vn>iLy4+=%DA?t&@I1>c1B0kdT_#9cf6+?&`uU?M0)!L0Hy4E zFtVL7VuFTI624mrV&5fbf?e2)?(rh&9uiooGgYBIq?A_1uy!4E z&KGb9@_RJ861jtL{Y|(;^TR9Z{`@mvZC z`w>9OZb0X`7C0fHU1oIuuIh(VqIuxeXZfm&U>CYCveIP>uGkkKE^?i-%Uf$^@C8z* ztmqcfS5ds^uMB;a)%AE%a!DD;;m!7jiVLWCc>uzk7C;(^=L)oKqu)O20bxm(3-K6u zj;=4HnS+ZQzL6BOUEhkORe{;zjnRcko&@w^0cd|Ogk)cqWKVdR6eLc~CZnX0n~d)L zYuJQ;ZgY&fhRuokw?F2+8|rdLiI(_Q$;L6A-ZP6+5M!^wD06ffc)74ndI|e!cXTKC zm6&K+Uwc^J?WhWE5CL+xfxDT{7et6exI`G$h)dM&H7q4xIMOTzzHuMHQE+w6@m{>9 zMm}Jrs}C=gjKnm6;)W6SGK?V)VT?-p6TAkf%(rbt)SIZ~KnJPr^4Yqhh49pdHYU8P zBs<8Oa{_uD`?({69WG7?E346LDLw34>I_C3Vw{Ps);-#7gLcws)l^rh67Dq|Mca-^ z$}Vm6&4_VOiL316M8|Bs9Z)$KxZ=zGhm}!uEUXzOt_~Cb(i<9_+e(7Da@!M0SvEHV< za^Rp(G<5HVF5!>XUGC|M-qFR#J3&q8U?^D6kmw9SiOW*zu`db?s28om1w~0JLM3}( z7K7oe2il}SyplVz+fVnkC3y}N+|kfY`!C`|8Ee@USgqFK<3j<^P$My}(H7K&S$^y{ z!U9MH&1DZoFo)_2 zT65#G~xUoF)F&I@fZ(7O`t}@uZB~9@L<&DIj*vh zO()HRmYO3;!^FmCmKY9ATCQMh)2^-vL2b%#6Ga2KDjcdC;+2A|;-h`k+TEaq z5JOfyv4`svzo?J%DY*z6uI;LIW}bbrE$BF|yQ^*sI`@GVTzt2ONeEEt z%RrN9?1B%rjbk{YLDX7zY&&g7M%7_12(q}5o2wjlusMw^uJGV1`hrFyH_4o3{4+8H zv5j`HIl>)q#z43u&7Fsuk~h075n{ohn;FFJUDUH|M}GwvNn9Xq@0Poj*S_y{#Ihy& z)P+<*TnfQa1(J`+c!Plj|EgXN@k)_jkt;M+hLkpBnSjWY@;8Ch8fR$oa8t4RSEgM^ zj%mLw_f16C^!-K8@Pj$x&Q#^@9A5S8&V7n%Whk@!t#VP~FqMW`)gYG{a7Q80sr)x! zk{hp*T*Ou8Z0Ol6#0H^IPrLr+3bbRu=c(wdby9`xxeqfgor=1{`knSt5HN#Y5Y&Cw zPf@ot1&PpOxY==7UQKX`G3G|N;Nk~5Q=bIZHx^2FMUSp_ZN!Z85EORIq(p>P)L9Pj z;H&XON=RfuVWT^~-O=GSzy(04Yk(`{w((AhS7XX=n^Ps9;zPht6fwuoAbUyCA}=i|@LgEcIRE*2rcU{;_(*C!EPU)YA3r^9Ag`ZsPNe{drK zL@&JVehN|zRf!1mxtu##2LC>!u8cI_;ny>t=mn^YLPxn1!$%&mVF%+UlHGM{juzNN zMed$IPf*E6Wyzyi{c$L@!t(PEt`8;a5KOeR6P}Bc`_roJBgETG4%elmvttt9(iFrYu$)dMW1AZpzpNn3Oof|i}1H5qEE_&%pV z`$;dF%?c!1FM0dKPSFuf{DS>{o8IN74wQePCuxW3^MmVWKe%$z{ ziXbk5R>or=6`5SeJp^$YO4)CIrvB7>5~41m^R(PIgsYxW_P4VU_;C3TC>2dW_5);p zbCB0z1<9F&_wOel`vZ_m1f(N5=q7yd!^7MjpydB%l3xTyrN*O$enm5#A&Ku4AiB5+gGycIN@G3N{v=-uI!AJXLdTM-37vrt%|XVKN^4AgoSac1x2wMiNy?Hss2W8jW1@B4q?VUkExIu;h|F;( zhj7V3nhFKYYAzBu9O6+I#1oO1#Z#bi?WQylHA-y_(m%n$1(qVK)2yX~$BiSBh#rIT zNUYC<0;7-;#=)3f1{gA^t#cRcP|VlSB9XjYq<-#%_JMdOrf<3j&8ezQWRKY@REZNf z)f&neZQB|D0xc34vMJa47p(3&@}4f)q`Qqr6WH?Rw4ICL5_M#OP71kQAy-8Srudwq z+`N#OISN1JbEMCt*BOW>novjs?Lb%3TfB! zVa*~mO)Jd%u$fSrDJ>Yh8UWprM;Q594~IJsWc5O8FA0We`~OS)yFL}J1BQ8+&9se+Inw9A#jqWB+vWu4C!fjr;OCQ(#& zy^@m^qm93)o0@H_V#XWHiAQB=Anc(xB8O?iR1e*ZI>hqRcBoq9^-~*s_ zNrxXeU0X4V+p5u>PMl*%a`O)~hV3wMsnw2wngmF!V z5%`nQ(zP~#(i{x;(fhalofFBlbk$8Gs29`nwZZ)?aD(B7+Y;7(aKRlKf-zHEKX?~s z&m?eG)8!OB7+btESrY`Dn>zK)`*+4KgNB00Od#{yw7pZZ@%9L7u$~MSLdYc$z6A&< zjGEll$dkq1MF7Q-6(~)Ps1PZaMIsfZVwFMET+@&A!G)T-CaA!P6ct7tS_=;x24zo5`&8O&Fjg1~WR$f*@ z2$o_$L1`?y_Ck91CqZyzwVJ@^7CBm7+`a5UDHEP=0Hr=+bk6y>usSUHA{NI#vULVT z<2OL|txbL()Z@@c_D2`#WOu}=)e+}i6i`lWxtTA8(yQGUP9@O=;0c$Fe~zq2`S0Rn zK?Ynbn#!@a<&gO(k6oOT{{G*ty}5SQK$ksffFnXuIgD!&a%3$>HZx$; z6{PwdG}-7oM>RPXY&mME^Y_#5kxwe-adYt0(3+tdSd4dw&w|$5(}>VRV4BzY_<5oM zXayQzD)A`98Qa#VUyiHNmp_1H@BeEro^s^+$Ifp7n?j-Bgd;loaC)6vj~vDKLJ-&g zD9ei{t57~gzDDOEs|e`NzIOjk6sfStX8z@W(ax{lzjLfrDk4(8*qc!-g($r0;r_bf z_5?ps(@|cAOsjSJFd&%J@;&Cq(5F$ZRMQ<(c|_fKL|L zqHAE-2x(G|Luy6g$>toM5?3D#Ur`t9k;;xb)}rKqVKkPbr$bWl+}`hU=t9Nj7WmCP z9CuuA8)1aY6L{wILZP7FgR81SXnFOv!E;DB(bRw3zcczbV6KsJGHpW+I^=Xih99h^ zl0BcOi`zVfLyHpm;d)T?8=806i)_t%DN)cfM9p)6^`H(SD^+0`hj{BLJw$9?WbOt4 z&w(VAnL77a)mxTVQ|IdKsVk-`t)f+|Iub^_eI#&PAHat=Y!KnEynG2Y!%oOlw!NU2OBB8D7yBgS? znzodej6$k(jeY}KTUE1WCh9C&xfWBd{{FfB{v5n{X}LkZz<(m z`-1${nL%|Yune4w<&_Z#0l(tipqKO>r650x>tb4toN|JJ6#x+o@RvE*=t}%4VXBna zqblD!W0j}Qw$AJ7CF9up9+sX7K6-Ab0!0cf2cJr*oo%xnVwF|G;#JURpi? zaUCG8OK}}3IkI5HbA4SM*O4RS`tL{5Tql4wfS!)8PxNO#U94@n3JS@+aM$!h!(eA}GG zA3x61bKh632lriMF^puoTIFQ9+{w;gEfw1NQy4=YREo#3+`*_GkFo&BymJ&6HOqDT zV5Pu;5Mv^hF>WAWmhst{3+Mr0ItBUbSoX+VNF=?>;@qD0eWKH$YuHhBByw%0qHtsz zB?AFw8lgJHX$F7!0c7BaDdoS+ndigO9LktW&u;M z@6-b{wq~wvZ7a-{d22k?@p?F1%KSmgTjGyP z`y)7sLnrt4%rGrZwu*jv(rh+QT;2xn#FpCr$#b;N@s{p9JJ&{Z%Iq>IcT)Z0sxGcvfP^*$)Ju@2ZEo&f2dP!){C zV>T%rnXUHGNzf+6E%T(^Pzb5jsz+o^h_rt(6Ry0HKsN1=2^+bxd%s7sFTlseh2X%wF}8!K?I zczeIc8CzrdtI=B6mFq=)rKB1x+Zn$Q%m?GpmxZD*-6i=TCa;3uAqRCOlHk5P>?|kB zlC}`kkk&f2P1d;VKVtS(eG~mibDQ1P;~6sH`4u4yVsG**JtGtAdvK2A6%{>2Iyt}} z^mvfE(0yBeyEoR5-}XiNuw;8Lv$uOw6Y?X5Q}Gmz_hpPRbeaakvQ97##MffqdMIKW zWWs#XHz@99K}t1xKb|wTi#!EY`JPJB#o8&F9jEEhG3(-&E39-qY|~673)rwEGQSRa z)`^shFa?8Z4PTTibb5r1{1=D0+8ypAhyetaf*`-e^yKzJ`DukxJI-B$ICcRQoWE9L zNZH~!py`|@!2M8(?&7P)dZvH_XK`D=w@`E4z&rxU8v&^=Y(@fhiTnszj$a_>xmA|Y zc|-gSu5WO0| z6+V|nK4CVrkr#S?`QFl7-hZb+(s#GZUO4Uts z_PEN6W~`C}hg9k6b(33OG@s_i-*=uJ3V` zpa0BERX)pA8L-|aZ>X3i8k9x7|1%xmC`&v|9b&b_D5g=}5>J`2hVq9r<|^abx6K!ev#gZAl8&utR9@GE0r2+BrarrxmLGta~fc(6Prp13|Lw#cM9l52;7N|B+7Q)!{OSp zX4&4cug`{!OpI+~Rj9HbzZ^jDFBse=h`LAzr|qE?lybmD4pYiek`o{+08mkB{eWgd zib(5Z#ttdTS43K`cB_osbikEHmcz(WddT4 zDm!(?%6`Bp6FG|RLCMgk(GS3x!AA+cDDw1vS5qp(5t7>H zkqwVZHmMsxVH{8#lJd-pcBP;!v93b#2-AcJ#0gR6s`rt zwJ9k?iU`I!FNJGokV52y6u#hqv=p+uO5tV7%1{dNky5zUN#UMWwqgI7DmxC9IVqg1 z@2SoS2!3_e7M1f?Mm<7#3_wksfxjoknmPkrM@JKO-x)|_*D#ZrW|h;9-Ean?6*M|w zX$mg8;|!eZc#V#u&OlwMvXCBe2EGjP4#=Zu!!&;B@f$%g=l{W4VQJ+KhPISCw=JT- zZ@EUd$gP2TAqsWj-nZ^U*~Qf2V6Ai-&cAc3&&PeGv+)@pV1UB&_e%X5!M{>ox&zJ! z{D1WA2(d5^pkzfj6Fq>a0wth_F~i@%1R)zPDJ)jG4qED*C`S8bF8ro~oPZI1^Ze!J z7ew{q7ZiAG7vAX?4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BlJZt2U!^2V6== zkGnw7HP6syOk#cHWYP;?*-r89xdxAi4IXEMhg^ek#D1#5d=DGU_prfy4;#$)u)%x} z8_f5x!F&%J%=fUtcuzMNOqgu6Pa5P4zGCc^NDh!#kl*3mp4d#-iCeVj_Cz4}-3aFv zx2Joi+f$$2iGu3(M3BYFyT~5awawQB2lo@IYfB9-R*w-}tnQgER(s~0&il{0!ug!L z?>O0ZG77P9W1X!HPGQ)eEHAw?dg~v>Dw&Q?a^tJ|VxeNW%VywxDpC-XTsu@9e$5wq z=j_gHTs9E*rut;x;Iy-<`-=C;vh*AXWCaY==h>nyM)jSYempL7tkSJLtqO=kKNm{P zCyU%oeX^foZdI<%Pzrsr74ylm@(N-F74O6|OMQl;>fyYGoeB4?xFC?(`}<&0nSa)Z zlJ?Isngf_=+tjneQ0^?iG96{M%#(Ji*HqtU`~09Ptv>OUj;lieBtlZ)pC!#W09FN# zpI*>Ed-4U&KZ{Ih|11*f{Ie$q<)IwzMEU<6WO*Koy&L7x9?6ys{JR)WOzRhK>Iyq& zAfH($pI}qn3VP^#EeXZM21W^t5xVdEbWM&xOeBGr@TY(J`C%d>!7emN;07)=)UP$Q z4Qdj`3EZ76shxlo_0B^_h@v+__TVouml{n&hy-J(vSEuXUXy_Vjh<=0Eiko(3*n-3 zL~Jo5oxKnz+CLg|6e2G8qAnU#k&4f9m@gDcT*vbPv*vgqAQxG@ z4&m7vP&1fDD-c5#VIt(gBx}H`0@cw1TUJ9AcyB>1QT#JC`hzNy^*zL!1p0~fi$J5W z@;{@^z^jDfrkaRQC6b5rqDdn5(|Dgwtsm|ho=E}#wZskiCaIblX%`;!fVIWBZS8pxiz=F*t=vF4#1u}D|2nt0Zu04zCWemlUD&f>*4Eq zgpjixM1Y(#H3cGDz!XqcG)ei7$6) z<=*z_;tO|hLOp>(6Ci>`lpq}V1iVT19?6ak?r&U!tla7T<1!ym5r?y}To*Es{CMZp z&IrKf(hT%W^j!hY6&}r7Ds=g0A*0!?h%MeU2?L7%MIy-c_miJlShanK)sSzcm67j@ zm3=oXm2%edDWJW-3?|&~&mtI-MOEl*>S*^?Zdp~C#LKrg-TPmeLAA%J%#gRAdIIoj z^r!$~q>irl<<^eKW9QV8@>#t75>3rd;x6%p8>lsp`_)+MTvj=@Xl|QSjR$r|CQy!A zmXzK;H(S8lJihUvgAe$fZ@)SIE-AfnZlO?GG`EXcmN5zO>DiKmYu7bxtiK&~Lzj>( z__hRZL?#xJNh8we9(TvW(u5&=$CA=5OG-EXUD1B;5YS$A6VZ8FI2dFOb^5iqy?b}$ zS#Grx-Kz2QI=H<;o!^ti%9lu|j2uW!wiGL)q(f%lxh{tsZ*ic#X|EV~j8>bo^eC(1 zp|-IIk_*GAHwz$#0TiK%kU-DNsspc+f;_^xC9BV{b8sD!^|Y%9SPIm2jIE#cJ%~fl z1T&R$IRw`0)1qYQ9Wo#$%VfEK9onK>SJ|EB;lp}?ZlSB2DNsHFMtfbUP>?Le-U5)~ zfeVmn^tSt4Z@V08zi5bH0BdQ!3+FH7#7@mmmI{mTy(&-uO%G&8xIdA>n__@~)R>n{ zG1piwhidF`5mksGDdH{F^WxQyj_Jk&4pG>^h}%n!bXjH4>dngiRnex`&qAZW&vNCJ z-;a*HVHV+m%#70<)JZPOKr~;mH#aM@Mu)||$>@cfv1^1|85LOX{Ae6et+al19}8Ef&M!bd zo;aZ?l@d3XcT_4?#@VJ&EG0#8=$RMYgw-C2161XfLS~*ID6ye)p^^#q2kF?MZK+RI zqrN5!&gv*T2~=dXVxzeP^#PO;rvlJ{mCYe{V4G5<#=%l-lfgSIMPcLE0Co&1fh=RW zC4v(H=x`cEkG#;Tltjrxq~ZZzPSi^j-QhB7RL(p7_vUcFlFDxCjcmY`aPMK+jjdX5w4meELhXhId^};tVd{baE z)k-VxMmI(m=^S4|3hKD2t1}1&tk7aW#kLxN1TiRV7>kIGmY}%1Q&5IDoI_aPx$V1q zNqHr@>seJ8MH4WJ@SLyKSs7z$Xe=t7G8Yz28^&O)kH9#Bg*0y$hSA&S7HA!H z(K=cNqv(Ks3?*g>2uiq|$)8eH8|z<(ME(by(6XvD)ne+AGqIK=k69@T-?8wW)QF30 zKBD$^T7NXrfx3M(=(`sm>HBWTv5xxrYGD7AmTm{1YT(o468Khy$I3IvhMMrFs(Pxb z3c-f9ZQ8u5Gr`M%0nYGtOWd3|5v^CP1;2?L`|=XYUaW9)1sH#bB=Ao3&Z$l3@@3;W z)-@t-PtbA$y;=@nc&FRod-3_1C*C6-?Da(>(rC-h+jo~nBY>h{W~9*wV2w1T(TLG#B)aNUq0xHK z2>*;mhY4uo;|jiPyfvlbeuF?VRUtOytN-&%9QfDE$rXZ%WxR(26gXgvA220>Q?t@a z0tum#xRjM?2~`phKwq z0Vc;^VcBIbcSJo-mJ_9epXHf+a;wf5iff!cf$0|Pr%+*&O#kvwlTc4 z65ad=+9so6eqyY@hR;GaWcFI&^{&jSu@QOXOoJ}yo-UZPQ;;0!>wIMq7J(L(&w{p) z{VVN@zy>PVHY(Wm=u20tMHXLTFnkA`8UC_8fPadEf2>0nc*&g?g^kCCG>H!9eQxEx z_UPfSKe#jAg6wWIM4M}PMVB$t0wnQjUya6Yd?qQK5i+3IBSGeb3+=NINQdZSB&lzr z5R$J4U2tzLrRo z`X)=bxv_+CwFI7V5y0tMRln9rVUVOdDH6g?T7-xIl}U8#KLM_8`p0B$NE?qXPfd8V zdu!?=LFWJ+osVP`{J=jNVa`W_N9QA%glTXmOoJ*+g9^I;I7AH3`HJ{UT2W8_IIL!> zL4Z!stk*vQgW!KZrgO_g2I7*miKuqYh?MChqIH~kMV@@z-a*_}-9)y&ZQlHf9a1G~Q}ni*{@@ZhpWh z<+(XC1mUKK@LdNX#ZJZaS1C+~5OWw8QID{54|r-y*m$~!O#JNKyTe2q@4LgX-Wk}& zLz;-wV2(JvKO`f0e%$w-XDA0Sr;+LHl%o$U>&cCr#zc#eMeGGV#KSC2Krr*#EKO8H z{c4sb;Gq-OS(=jQElpP0CPV2aXO5etIRQAm%2%2py+B_0qSGL=#w*A`ML>I<6}P+B z#2T-lpGrT(Q1o}EQk^}% zTU4S|FHM=5O6x(T^-Za?-l()bdd3MtC5|v05S2=Y321tnl`Vaasx2Y(AllK@PD^pM_T(FL6tu^iVW=*+b?dg$^sU z14)-_j-rVP%^8MWbiwa|*l(4|ka&2I`maW=e#wc2*P#=vT7E0Z)F^(g&)%DjF8vq! zxDjknTG$S*M?e|+Z-AN|HAe~#FMPuh&IAV!@Lswj(mWthd5D!3x3-q#L9)7BgqyOd_+$rLGfwnI6xZPz~I?DCuFP5MR&Qj-UVTFy2-oMGQ*b{u9WKh-GtkC{~czxKVYIi-`y|TNC zzkA?}FbTRL`qUyy9bHVqBvfy9|b)rSYU4{3rXW(T? zCWpomNs^R3S7z?G_qOL2Tw7hrU8EY6I>!)s<(-G*VA*V2x z-h=M+O;`{CapnM9=TkN7VKTaCBYe?W<-i0ow1?Cy=jM>&+ApOIBjB_x?ZSKceHE57 zT^ZFBr@B{YidDTQ@Z87Dux=L+M$Jdm#yRSUK8L!{!e=JWfi5&9U^U8+KN-#c5@@8( zj+ZKIOp|%YmaZjXPK?mE=*A6b$$|3SQo64}3KE0}G9V2uus4$zvRjo=C_)3egdnw7 z!4Mc9ol*3mRsd2}3pXmFPp>r45jGOov0zsw$AXQ5^3A`jCr=cep96$o$XmwYh#bma z?$6m;&%g^Ltj=HV4|BOf(I1r);CeHIZ}IQBS;grO*bPSIJTl~PYVG?ogD+2V%q~u! z=Wc3~9JtZ@!~UwT8i)v-mjb)aN;KFeRBPUVT{JB|9?~H#@`QJyMnXoz`|$i;+JNHv zolESLvlhVxG{mk2Pm%o{Np_0;Ld`x7uBo2mbY*FUCPnnQZs{!JY65juHf?3*jb94; zV{{uht5pw}lmZi~nt=|b6N=~Bg}SK2o1r?Em~5fSmE+O2ccVI$hM^}(8sr8%B^zZS zGw?dWNyJb%L%k6FkE+8x=ge2hnMQ%TtX|+QTb;jbMuA(TWTJejz}c{u2;AXG4i&hk zB?%&MVed+sb?_5yR-?dqQ@~t=wN;e~;BdmzfAWpYV837kn)=}$5{Kdb`-ft<&yR?w z`(m5=2dg!bK74>SC0WpEgtKIhnGLl%vjM<}#fiWIax;SxZ|;AC<86dB*M(T&5(-FO z3$)3!s56Y~5X~v{h$#Bm55@k6BZmGpw~yE5Tjuk9)AHG^7*6_7WFEJj{BpN9e+w(3AtJdT zU(F1z2y2!0&QN42ixj8PbaOwk(iOnLtTq7dT@fAoGg?9U3Uo%Lu<6(v-UM>OMxMSW zNERd@AiuLjy8@N^S&Qhz=E4S z*R$z4dja~!2X0vkP-yePj2ibbB7I^}u#GS^!Tb2+V3+bFQdJ_zFUlC`2Rd?}2Qof~L)M4ON07^Azc{1MMhc>eRB zg8?rkPKkSzJYNnVyXLvt-Q>C4h8evA5-Kg+4YqHnWBVaOO0wPEtcjL&ErS$9(N*$I zTQWS%7BU8VKBP;dpPb$q@+*OEr%@Px+g$&FMR0-A*$?NkxEplr!KL?ax?Q>@qW1GuB8uNp{>FFm zMJ_A?BEw6o(Npdb``ZkXfp5$A{J1j#F4z3kKor0JpT-g;mU&ENlC|-w_o#Slh)UOd z)OeV$5l$D`d$DnAD%Z)dE70SqAa&evlAcx@QC*f8!~nhoheui(=FazF5(oiq5@jmU=;CnpQ@|5C7DuM`%v?QsNIP(cmes z;R#}|B=#dLI7CM`In~t#@k6j`K8n6OCL&Og>MK&xQ2=p!iPK#NOW31CR4c@Dg7x6< zsed$<>sP9Zlzp&|f9&7QT-lf;sD1pkBtgxUbxDHS#}_6Ed&`LOQB8o%Azoh;| zL_3iCXXL?zEaGJySXbJ*sI)a-8joJ`GZD8DHrkcgX(e=(y$K74{!>^82G>gnWFd|) ze{%aj;ql26_K3;vfXVwv^u{SMyw`zH>wtBaVV&{;gFhf-oex+Ny$={~;sYKjY}#Q` zOdoLk9)$<+^Pe2(Z@*awCV>v%;CJ7;==t~m#n0%73Z!Y}2+ZOeqf6c>=Kp%MZ$0Sr zDQlm%Mb2{xvRu<`Zy2&@{GZ`oVf-Vh3rVk(q`GyDloT_bWj(y^BT-aq?)jf7Ja9(y z4~)a06g9AU1Z)1|P7+k+|1C*SnO~hG zsLY?Q2`2MqSbGWHwalM%hsgX;bD1B4yy#pE#7-O-mrSJW5m}s`fu8a2_f7Wz)->ca zc%XmBH{D9EZp^F*we;69v>;J|XBIs)aV@-*( z_Ww@o*Fx;0=>A_nX<|RrRP2W!_WN^QsDj=FRZ2#gd4}H}^nZ-u^B)wFj3OV+xPUK= zC>b|Tz!{D&8#=(3$Al9E26v#?vv&25-B>g*DH$x0?n1K-xO}3ioHl;>$7T!+E4)!$ z*eb_DELd2`3@9eBG{vB_Qgq&;dmJ}2OvJ{q()Z7KHO&0Wc|Tnd=Lg2x>B6?dYZo#1Z77|sshWp407X+I8*ZZX-u4AZ_YH>wPLN^O2ul{dJ}s> zOm#r@>UBno3{kSM$VP8#)}iAogdh$5ZVIBl0%VUi$ec<~rYPRP11iv24wXXAl(k6% z7?(P~Vpqc}P?DBK&uNNPqW;{32gWAN_*2{!}`98sD=WO8oM06LT z|A0Dt$ncL}30EWSGrjEGpCp--$dzXRsQ3@ycx@=PzqJ|Nu7ya}10E`D{i9tPJbNqfJ zO~ucWGSHm}G3E^KxUEs{5V1$riUtuf6)QQQ36hvOheq}@1rVypfPWHG0k7(iBm?pC z5YJ!bCBO0jS*+qdjb1>BMoxzWpww8dP5P^F#sV!=^&^0UP!X>Z3loZcu)6I|9(YE6 zvx%M&_6^Mg=L*=_xz;7fugI+}p2L{jRCQ~%|NcYRFgsxHO8amN#Ub0#B`uHyuk#+2 zSEnxdO6*}Ie^u(C92vHUS%T_+xpYWYlpiY!1*>rJz9MPOBs!knRDvwn0Vn)N)_ERXTQFL zT##R<=L=X~7B1*jX=?-m=t<}2;K$vYQzqhUB)P?`^-4qarU(E&nx>&zF#~Em(VO@x zdb5hU8OEvZj)#A0I&?hLp(3=PCpMb#jJ_-608{FTM5lA=1U9_)6I8S^^xJZNCAFLn zm55w_{$jG6uPL9o)Ryy$eRF`WliSovfNaDrcT!376eTFpz8dmk?+s{;URjjDj|24; z=*U_#z+=hmfj^LauJaax?57B2xtn76KW(|>svFFV%No@U6etByU!4(@vW#0|mQt(T z65YKp6q;uJXZ2?EpI=j{siJ*>Vgux1A#UZ%#=BCB+%XPMjTNsxH~D=y%)zjfo0tiO zP1*FdBjkva8S5CTJdhOykiqJJO!FILImX0d-s%Fbe zhl)407M9yCuGh%`^KVe2wV*b1`@pLNagkiA zam9MqbuO01yQxp#S}5o@IzkJ{p|yhsYvTh{4o+|jE5eaZTCjvIS7a7%_=wEr+=4iI^Ewpb zf9{i86Cd}k3AC*a;QWW1DGZ83uqLj%5Squkui7q#QQi7C_awr?8Yen_okaV{^O!`- zS2{R<#Z?qV2W}JYlETvkL<^%^fyt)+k*%L8P{R|*fPaM!$ygeaWRxin6_7!!2R?w4 z6R;k-0VR6(0M9aRgEG~FVoSQ3OL52zxVFwy+6IvwYI?(D$Tm!#>8G&G_ zh0T{GW7ao+cP$cJ%oNj}A|k$3hkHcCX^*C>RT3@ukZ@$e4hR;WfoR;oYdJQ2P;;P1 zP9!D<*4S@%?y)a)&uWQ37?>E->Z5wPsv*2_fV4Bna8{fyXuVrd;`*qZmpX~I)^I5W zw8jr$xXD*ag&*;Icm_d@=3Wm8bhC&vi}g4F%rFst$f-ZIYg_TJ#^+nZ}w< znK)GA=<+E(-V&YkU0DyU;>+Uzu11~B0iSGw3Y9buO+wS})2gN*oY-M`DcxoogRme& zsTo|xj#|8dKgfNZwsShQ0y{G@!z_k|R->0-?;=<|qCBYq4DRUE8Acw^oVJJKPAVK8 z7XKYX1rC=gHF*JU+%a9^hCRVdwi=EAKaJXO-(+FCj7mAX02sAFc87dV#U3E(F}uT; ze;?g_zFf1RDd1Lc#SkZ~Nx!2G*$kX=x`TWFC84 zn>iWxxrM_(6LIE-NjMolzZ!16Un`D)BH=RZNnKFd6VaSC<{f;^*xG(rR_R zkafL(rn;73lb?7Z#h_>U#bq&E1ts=z32j*WFg#MAL+!?gRMs=QDKI2kWte zLEa|;X&T(y8(HH&;SbU$b+p#=lhpb4dVWzYyC}&t9~rZtKME|yGwwn;dK@q@QVNXu zh2^;u@Q&farjm3M53d}Jp7jNBuwjWPnT)|{?R2m?*d|jBHeeb$*odUl!N&+n&0Nsy zqg#Jr9cePuoRFo-=$;;Nu;FZ<#ABJ>Pc(zSQr1<=);VzRwVxa7^ld8oL$6o}HFx$4 z`j$-WrlP+t(=Q+i6Cs}~YtcF$8AqWR+)rCli=J^hlhV$=@Vt#K$4~BmRaVwQR(=vI zZb(NOM=53R`&=50F>)>m<-fw}1v*nW9V2=bv--~i=g4Q-`Cn7vpm~sbha50uUF^$A zj<)*Fn#34kS`Is5nOqv;!V_LNcawLDf!kz+Z3Bl{C`a^s+}5cVGkz0}Yza!AL{R$X z%)pBbrQ@o_^V?=K$?gA`ENp1`sZNUvCl%Up+#$ZM&TqCe3H1P+fpb-pV$%TY#*pw< zO`u!>XSA)jWf^18T+A3g^mawV-=Kn^jl>2aBYwwn%K)Jz76%KOQx>TPj9R(GhN6{( zbCO_8BDpCiK=yP+Cu6NpG{zjwpcTzcS0uxd)TRv8yil>5j(4@_ts0 zDeQJ$uKJ4p&#%KVw;hIp-%!>jmZzKL1KK+rv?~dX-a9hLLxZr5ZNXT*vw-8U(Wnb` z*+z1Zj;=n2{_($0G1CPJvi%Nxp5TAM5<)QIIy*0?vMg9dK$(krJ+6G`$90g%D)Lu( zaF9N?9@#NTuOmhAd~jnWRbUd%pH%E6>eg?e;%=>&enT&Q0HTV^u~m9!()L+n>>Ri& zdwVqRSe$69qC8tfSp^!ffQCp9C?>4GrM0akz85Vi_T32?`-rp&ipsj##rN6(sJ=I{ z(<6EW5G8g3Q8l5lPX*+2-+4q$59?0MTNZ56y-K}q9E`PV%Q{NZwbh@%YD5`LMhEa% z%5=S)z3#f}B7+)Df%znd^*Vh@eKp0iDfK>}2^K&tQ!p^iW3JvlqSBVD5i1dS*Zp!Cv<%TlWWY*r}3pFJ`Y-jV}bLyAM;|FGf(+x zB2O6s8a!uv+v?V~q5MyAR0$kVuM@z*)=UdZe3_=B{^~LnQTo)SRvbMd=SK65Q7^6FQ@p+)gqitqW&+QH(s1R%!fCF zjDBeYm+M7?7ebm?l^iLD2Fau|t97t}nQPlB9DUGVFD5}X4e9}h+o#?S%nbe%-$8~` zGQ&4}41rX|iZvp28NQ6=uLmvRA-aA+9tW8BSZ2`TdPN?{*!+^zM&eTvjMSGPY_Qxw z%MZIA#DR7y>uCTkl8D;GA9Z~^0BwXe)zjqz7Z_boqCtWoesG>}1r;U3VTJpHb@Klf z`PdhgS8j{8T-i7_sJ1o(1!B0(xd;}0o%r|}$fShUs!;xdsM!2@LTXl(1gW%jiUCCl zy+_t5jFxCy;|4cLtlQwWz*?m16r_qD5OV5@IM`Ld#a3NH<#@Lu>E80RyB-*}jucGJ zAncMYwTsL?HAfn3na~ys?VS#1?=&;*FmWlQVV1hu>eH&|i(s)cXA^mG&@bG5B$4QR5b^ zTR9aSp#C&kr!{AZ8r>r=&}@#BN-ew*V8gu}u27H#P_E{8qr0ZO=Hrg;{`~E_ z^KF{g_bZfOsQ z^^*y5{U{{y9O$mlTx+BAarW#E%pc*RAsz69L%gWC+?AvpIDmXfGviK_#xuv=dFDJ? zt;jvs?(A}!kMY-FfZ`5fu;grjqNWNDD8Ms^eNErceFq0+yp@I`pSX6LPn>dzV{$x` zWCg&n{z*LYpzHVzctCCFqZTDQRoF0cjRT-N(hD2fZ}%y^#7F^fY!jvJ+I}BWw1*Pw z4gFtmrP`z!8@m40B@9iVtR{AU-X#_+TQx}mrwA$QA&HL`DYY;AQd!M2dYMm|rzulc zxRjx)udeGWF42sv4b}hfDLF&w8$P9Apsw~Q^R2pX`IIgz^&OwGOjCN2lx|I_eb47v zp()k>b}2*s9?9D!#oO}+k@vh!E@F>Z>SSY0<7{Y{xg6b!E-KnE(Fi>gXb>)yrDZ0F$x_i zm85iQN}bRlPhAg3N?i{plKrd&|0$3_(1v_sqeuc&MK z#Q(l>qw=u1>z5`kziuWk{~yG=!j8bK9|v}lxcC+Iw50R|j!(Sq1#l5OZoF&G`8zOQ zsezf1*~OEHpQ>ew<~GBOXbb#|aAxrqFHF5&V6NJy1Izd)oU%Gkh55wc{HWj7HwC*g zLKUb6x4d(`Snk@u9zSgG!^IVBakP|IW9YQVgK+!&WJMLCMCDSvDRnx$+W$5^OWS7z z8(#!PunG$ZEwfrO#VtqykSW<&WM-h`ItRJN^4s~$@8y34Jd)a{DXfj@h50){s2$XfZo=`4wcVW;&0f3Tx+Tc80`^}XH9rN@-}M% z@SmU?XhG}knPM7wI(kTbmt)cGt(gm47RIlo(WbGjXb%x>yroQ#WHrOxmxS}GN_~&6 z>U$J?0;ATUKxHBREXY5axsV%LMrRfK9)0Uj{*lZD^bc0v)$s9O zV2**AgC5}If_SU^4k0G0OWpSn z(vC}rGgd%HsUUNpAS12KB8|v2wDyC9M24hkwe#ns<)1Sbuw|8&TK)IG?zHbO!1v>- z8`$?2bUr$ie;{)q=apc`&YcKWV0{m)&OZQHtMh+$G?u0%0^;ZQDfw{Jm`*rSJI^?> z9UJ4}#!+2?Bek5p8`6l=UtrdOAHnRA%!Nk!lN!lD*Pbwa{y$q4C8;7{`Y~=Xa|U^S zmNxqb_yKFJsR8o64)U>e$Q!&6_oVI10j|;liBI$As>@0LhcXw;$9IwbebG>+$Y}*= z_hERKc0cGjax{{p=?|{XKZv}m^A9;RLCMenBRxZWxH5o=1ze zEfFwKK7Wol_XxNH8NMbNq@Fe?QJTl5IH41v;HDQWoSPY@j+7c15yUmBbGOdnIu!!# zsel0sh3hNBr}NvSGG>5?H_OnDU@rit1{TlncJcg5QXSqM9&gqaG`cN%&v_(B-}EN* zwU&)J{D}@em@5O`UptM$vOMeLKcV-)V&o4<-GpR7QZta;94VC+^P~Gdkn##^E$C%Q zk8M&Pm979#>VYS4aH*@6?vi$V#&^W))u2t|F*4g`jEihO;LbBto8NX>0S;!p!Voey z+emM6Kg*`1$U^>6OtF4t6(!hveWUW}&I@K_2N&1irxn{J+J`8I^z8}lsZyuAdUY&+ zCtH`CY61t63m3w6^6!~Ib1o8b} z!9yIE7926<2@20oZVqcFgt6R<(OmYTQH0DL+0u`ZW*WFycNi6cHrLi9;J3u9wIsiw zPFesgOx|I!@9fOr;Xw*4rW(R-OjvL;k3dlOftFzoJ$h!Il^UX7 zzp*X>{c;p_vAL`h$Fk;cLd5Ta{7sqR3uY_zg>@KDiSwXqGgy*^;+iTiZZF2Ow%o&T z^K$D@DSy2-zwWE9#~}mDELb=vErCCW@HXj^i1anFrR}SzaCLO+`J;k#1;G2!)dEQ8rCHoT`k7f*v>|k3NMcT z0+B|cv&}X3d%PynX@}0pck4t|=>jx7(N)(0d)XABN0w-p*Bn{RQA6KRiR}Zv@WX%P zA}pV~a6jpbQr51n1Wc5;bW8s|xG8fhCJ}@0Rya@!12j{B_BzbiKy|E~?#B!ZCAAM! zSs6vo1auL6qX3W5sJXC1!{C9k<M(|qBuPx%vU|hu@TU4ki^gJ$Y zrs{%cBb7S7yz=_uEexueDtFDnt>w{Ejsw6wEHepfMTn0@bo1>C5?N_d(0e5lD$~yA z7|hA7qEAajac$0Yd`9zdY#63E z=$}v{lc0#8b!o5r4Espy1OoRO$_>9ta!CVCTuDea6@Sx`NRNN)gxB>5YDCdi+Q%4i z8OS<=U;eJLJ_L*U?a){+wW8HwGK9;t1VGAZpPiU+q^Ocmn zgS&KST{@Eo@eb z2VqK#tVhu;TWs4eO+>A*}(1sp`6prGTO042`iO5k%22Io35Ci!zW}rB#SBE&u{E5c%dQA;i5T3*cx=OrJ zY3iU`#6cfwrcV(Y819BDM9ymbD&kw_7vj@7N>Af0(N9)Mz_iN?RRUvN!j(XYTBx+Cie*g;>X@uMPtnh7ezn)xQirw)iAn+gGp(XU5P5FlSreG6D zyA{B%-`doU&cKV5-A5Xxfv!=Dl0zYb{%SR}HIG-Tiq`j_f zZv05K?L2{qsin28McT%}Vjc%kic40*aSc6UH!XdaA@ zh3u-W?9ZxweBNU+gCEopz$ZO!g}wof4iEZsg^fPDro)3X(ShE|Cy@@|J7yyw0c{_$ zs3*(wFX1a*Si-$+TcXWJnl=;NDyN2RXmvDG1|4e?#0%=u_nb(7*)t;jWhNs1Wp(~9 zPa=^ZEN4Qgd!FWCTxT-_xkSD)*A{kqhT7Pod}dw*#x|rOW>+YBhDcUG{e42}FPs}v z|H!{t3U}-ofp^SA;2o>;JN`xjy8%VXBqN?u*o6WacrDVK3CMl0Z+sh-AU3>C!wC#(wZuA%A=Jj+>%PO#NICD5 z`5M@xCF2^a|ke5ca`hXLyQ01r z5Nm8n5_g!N_p{sKQV+w(LIRaxQ=zZ9<%o-bNqw4u7W}P@-WF^oJzx4 zw`j%3ByFZvYkaxxg&ZiOAC)VaLQqJpqKuU=U3o(vyP!(2P* za>cshdv1{Z1KA5++@*o;5-KlJUx007Y75e^ALvj=)sH3_+*HJ-DE~kPLo>yDDRi=L zys5F%>!l#2cn^3^Cyl@_@sIgrtGkB%ubVz zx)De0b5<^Dah!|tES4!eJK{{AP?4#V`XUN^taX{MV&f;z%+-mRKx8RHi4mPn?O ztIpceEOjPV%3lz~!yINc2O%EEJun4(&pVBp1YacfTQ}no#_}~{HI~0ye-hO!(Ik3N*ONWi019iu19;)DtAYY0?Jjos~{%N78GM zbllG9oa0dqLn_5%n%Y8RdO5RV;ul5kuPw!%taUD8F$WhV;^EroDAMb2OGA#a+I>P>k9#7Y=EO^ylgpI4>k$^Ixt*iiIl@N8M<|2h=1p}Zz28j4h-~t|UHU1{R z#Us3)gB$n=Ap&c3Z!OoGX(F>q3k+G?EKi!UIiakeiQtDxxM3n|>5UuCW^n|J+zSUy zy0OOtFOTh=2+KH3YeL)Lv0V<=qs11q6}M(fZPxgBf3!sYu$mMZNbZP^pmaT4G))tA zOe$(t`qd4khZ{tz%7Zz#--ndz!!sp!=x5Kve|27N)&#<8{x3g#nOIC3lB zX?i1-K`khudd$TjZ;Ou*&-vY8?Mi%9*1CC;MjGr6WL7VVVa*E_im=4T3c2e7H5J^M z1vjNfMsaUjfUpEzaC>b418l7YY~8EWhSlptn|X+>;>5-)6kMQ6lnhv;`ORdwLWkLK z>a3MU|2yD78)9+w7e*HL_Tv0~GK1qtusFi8d_-2F@m@K6Imiy&BNtAnddPGJ&aOE3 z4n!GF0M#}@Syf4pyFEz`a|g*DHbP<8Y60Q%mfC#SA$h~FhA2LhqXBzwVXmxo&Xt!O zeyG~!WiHZql2&(=1%RI4!H?y|^UV8y?)~COM~J^DjFf)=FAxK{Yl4nB*~P9ki=kWEF6W~n&;bWdcD5YN>4cr#(e@!n~~bbdFo=%40W_8 zReQ>!4kXW1M^M7IqYVARWf4QkH)1Bn$r_4fUh42CL%~NZKS!Rk@pT#+r+K-YvwZPf zCvnM!xEVgPZ%B_9(ZP{|<=4zD-G-Q*(ud~qvB#yMCs~Xb4#&bRu8b4YVuL;lZ?B>z!#St-{F4UKD3o_wWq@43Kw%Cz zRs_3Gp`3~=@iO5hLF5YdF{eqESHT^W)Yz^yB0Fn6H&yF)v?>`S;;Zn=+-MzIe5_Ta zG&?ML1I^59!kq3Dju9&i%orb71t6o-z#z&>HEQ7ubSo^ZtfL+ar6ZRe0a4ZwaPSDt zi?2dEd_pU(I@^MfP-jbUC8iuBT8%HI4%V17$?y{xuG-8;@MJAS=&F2-G|Ay=17m;< zXzj4k64$yCijuPP>4uWh|8uTJA^yxfJ(u}%u8GR*7rR$EWWZR>R)2eWC@~$b3T;^o zE7e*C33n!f@&_IZ_bn~&uB&Xb!oI5%B_3MnGp^r^KH9ubxHQkQ1|ogNX9;Bf-gk#B zIM3BOGkso*EW0c7hbA?qW&UHSTBm7wgCO?jJ9te*RSq8TmK)Mluj2$Cr}9l573V{8 zg+4_Cz-gSy$LG@^!&%^;T;&kY2>o0joTK^Knf9D@M_b`E>jr+6upEe9uW!wTdQgKH z*Z~7po%Sy4V*LgQ+NM!6X#*H3AZL__v?rQrfvZ*p`zZHXFW7f=hut|#X!sZWF}R|} z}I5LU6N|~~P3rK5v_;>FNd&1cSiGTJ7-jRB|PV*m`%}Z#!VcI!MH1f7C z6lP-Q1k4H=(D6s`2V|Q7Y9^6{B*)lE49~^z?4efg5YeKN=Op|^$dp({;~>}stnP8l z7+NLB9M(i#8Z|jb-1wQmPOXQoRQ!qBGcfH59!S;sPUZv0R4B^#kWJ`gc?VgHom0Y% zl+>SeX^c6#gfEzJB0uKwnnC<2+U*25=755vjkVBVZGee1{D^@asYe5*e3l>dltU^6 zcp-2_h+JC>>A}mijX{_M{p+n5dn~#SrKVxa!E&mLXOZ@A?f{ZWe3A3!q#FJiX;fbX z8;iN4PyA+T=jLo!ZVM^_3W6d)^k&gq^~`uqMnSku4rN&)+1G-{gE5p?Dn$>E617CI zBnfi3?Jm;Tq*?C#02ezF7eqyL zoIIn@&iIFQ)qYdj<3%OJa2-CG43dV@=*9CFENsgR|3CKL20pH$>K{*O3n>&fya)wR z0<=&-phb{ETiHri7ilE|h4LoF@=}nOf)oN6OxY}Lx=pD9T9HTlJR%lFhz~_Wpve|X z6SPWzq5%soSYa+!2~aRXA;0hUoSC`z?rzc+)ZgFV=ikq#n|o)@oH=vm%$YND&di$*u&KAswt@tMKU%ti7=c)8XmU5a((kRHV`< zf|ZBAH^=iAE4we8_lO-TvG!i?Dz-y|szh+=(1^D8B$pKuB*&^FM1mj*?sZk5L^LSY zO8z&B$n+;RJ-ted!vgTW!0R|m=u}5dDWTLiBr3LVXj>w>tVCeQ>u~*4GTz2;{e(M* z8mAe%{(uH$hw}^5O_w-I=Ey;2y%x&ClK4%i`U7M`Y&&<&k z)f$wQ0T60yTtBCq17M`ozFXP-fNEyuPS|bbi}*^J zm9lC9=qr@Oe!y-K$`xakwk=LQmW4gJFH|)?f$iVM8wuiDqMe{o-<$lxG>lny>%pX3 zpW1lnDSG#S!4@VeHs$s`z&zRaFs1t*ooHugQ9I{pJ3B!U)zTRL_4^(gnfT}kZzWDIg`E4HV&u{bag4DzRM86H98@?pW-YQRBB*Xy*Y3Mcn1NS}|WiOU) zH8vcA`|#tL0iQt9?~8&zHiiVz6DY%N1wy)bo2!dT0>myvQL?g3Y$jt5P1=@}HzbO4-=dT0qi>^wou(ezTymGm9L8|pb3ZWVcZj_+i$0o7| zfOno|^&f=|EZ^gy*dCi`c-5_rW@W zs}|!so$Z$;vezgzOwf;GUl1nXNmdHU8ZTTk<%N6;7 z%N%x!U8h|VLOP<3j3((qlEc{|;$CO&$WEp2l`)pSkB4QVa1%PsZjMy;ww*-Rh+VZN zI00>pkiD?D2Oj1=8H%~KSPHYHOCztT)r_>gqgooGfq`$&IQgV4(m2Y)+0|fdp>;bD zA|aTj3yYy}{D@O`^ZEcCw z^haQ2aq<^!-|p-YIe{zY9M=<6tbK5I|J(HDH+dA#Pb9wwk--IMJe%yMheti-stut( zcGNu~E?e?j$(>M-d|3Tk+{=3jonT-aL=u!yMdXWA1m5E+f(bDd!GsU2BF;awyo$JU zN=!v?-v}xKN8ih;h)0T5MBeOh(g#ryL=;mItFYh{6&6! zVp>^3_0yPGu{plj`*=bzD2u|N=|ogvMoqQ7d?ns=Tn(fw91mq~AJD?<6MPsNw@Rh4 z*hS7-!Id`Mjrrd)ah0c{LWU6(HJ2)x>5XWIO(HR6x$JFX z^Q%}11`KKE;Gsf4oGn{ca=XyLoGsY9Z_rHcpB(@M0~f%tD;0XNbGM)X6um95D!zZm z^V%Xo!ayB){{jTFmKu8IGndI*M?Kk7RYJ{{9)%U)iT7_-{8g`F{yKd@ourUF?#fI&1rSvP&kmkx-91WUa2%B}1_V$9~fZ?Pjkvyz2Z=tA8<6b+q7w-}8Ts zjuhJ0CG*);Ozd|)BPR3h7#2~oNbX0|`jKj8#EM}}Z8hze@r2gHFR%qF@IxqBZV}md zRO(Ay&ZXgl7%{N;%IZg(?vMM0`efasj!fB) zD#?1<6UfPRY@Ra)mvM4-$=>i6R>J%J5{r&QK8o>bKYUdfFD-JbAL+Nm$d!JJc-9Gx zJl9?z=Pq%0!I_i3>TePUB~^GpLU>W+THLw$+r*+>03I^PXX4IHWb$UDkW0HrNy{h6 ze}?(p4ztfEvn2mP$>K5y#0$3_0lQ);khGJ7dgvN1`y2#Tw|F4SDHHkefo7eJ+(-$+6c(*fhef@rFI0vz3_~3h=!97%U-^ZOg`PgUINBg+c0~z zd2OQ1k=-bOLQqoNJ%`sJJed!T7H zOw;|CSU!xVyXTz`py?X+8c@>>J!T6uT|~cCH`d|HHyei}ny|3J*7-(SneEm1*-ZR~ z1l?fo1o0b$Hjk{(Lq~FP%FMcr>6Nbxg)J_ZrqHih1%(Sg6oWnoisJYfa1qkRALpiS zgzGiU(5UIalh(hjcS9#9U7lr@!@6t(x8rh>EW`dp6 z_*|8nigi$`%U@1bDFN@Hn>x~e(q4XZh}ZpaW>ZIsdIWe10XM+kVwbzP-)0EAmv9~U zTYM1^18&%)%HRqMl}ip0t_@1ua=IkNg8PM|xf6zXrVU|-Z;3M>C3%j3B^%R20+OQN zWhC>EISsMsyQEjXgfJ{+leSIr;L_i{@%QxTe>y$$DGNlZV@_;DnU|H1YA+wUO5|*S zPNsL%hG9r2?*Z#glN;)!;oKygbtRbqS+Bq#lO20o1i%#mCrRB*Y;k_4V=@F6VoON24NQodMwB1U`{2-XH|;UseabWdq9U0jl5s$=Lh9 ziSLHZ;oIwPZ-w|iwpo0KY!2U#heqi8&DS485ki5 zaVI%PO}h2{Cr`s)WPbE;cAsc4+WUtw7t+xN$05M}$I0l%!(1DJ~Gt>mw^(6+MbR$JM9lFkjl+G?qkQRpYk3H#W|-x$n~?sKo0?f7}jt5`*-=3-W4 z8hJUC;Nk+eLYbQn1hp~;VzH4PE$Nxs(ct{<#KNz4XUKhLg>wI0fWny$nk=I4MSnrx zw=V@`I7JuGp9Nsuo8{Z@am>0F3r~+bA>CY8z>LkpX8WJ}Q!SUX7;jd;5ZX!UEr4FK z2AC!CauJ9MEast7^D2TdQK(>6GRw8#9*63Xv9v@urx4W$`P)&y7}@+M1xG`e znU1JEckwNygC~^q9$fj3IA1%5Ab!t%x;H&eAT(65N|2=r_)HQ7D%e*MjH<_9(a|F9 zs008MLRG0k6uTe)MeDeDFCBl8!EqwWD3~lmxzGQ7>a@l|8oe1!Nie_>vo$l3Nhp4E?>O%XD9@JR(NH*KwX^<$frwLPdTTu=2UYYo8d z^=~plANouPyOJyOehB+92~#i3I6k6?*|`-Du#}PB2^lSl;q8Xe;7Ga@MfBc0f5o{R z?&>rj+lP(w2HD|)+cTCp^t#4jT4|^G#9CD9@a`t5VzY(gFdSl7{JZ}5?G=Lx7obj- z(|2{6Mh^l~2Q%{CET5Y!g z*vn^xzG~MWfG?m*GCQKvp@DsTxfn8sM94B6!yFS$j&cF96&4~DVs}q_k_5Wr`Scm81Q#?@C92MOrDMLxU+jzqVw*Pq4-EDbrDX3=^T|Z zIY}^Iy;bPUi=uGaLMh8yPb5|oP*~MurJdmz(Tk)i(Kr^NCM6|FzE-X0wuJW>77&!Y z+4j&u?7_V2HV&7QM%<#oG>D<6LrR4&wG3^>+?oB1wwbS-YCb8i zGLZ7-{G+W5=sav=M8Pk*PUUc=Av3E}?gR5$TgV272AWD!#cPvm~Q=@136#out*`&gMpBh z=8}k&zAc;AD|m(MTLnt$N>x&NIu0ZJQxn*rKd|TgenQxC|i$Dcr z08|Y5s39Sm|7?I2G~84b*NkW!F7hwf!Dx|RbjYl#U((z1c=YkWURj@u&CZapq7M4)e>{# z-oR)z1GM9uC1#V9K}$uDT7U7VwOlvuFMYZMDipRuYDusJqgLn$fAo^%BZxrB?#bm=J7@c7x$6^1`Ay|wd^s%&YsF{*-SANr||>&obT z3N`WdkSmKy@DCs?!5|c8ixp_iy%GBW|9!=7DB38{k z$Do=E!fJLZqV+rDk)I0lckrtUw1stJbu{$TfY~>MNjMm}!n#`8{0&@V9lVF}V)V5P!VFGiXF5J)YHPq2DncRcp`lOM`Rtfu{>Z`o~hMu|5;WS!I59kmZU3&T-0p zPvV>t;vAC5o)+&;wc}-2)kr)XwE4$ewPItm*0`qp8g_TEvn!uVLX&W(mFp!Nwhn>( zZz*iw&q-wK{X1h+k#I$r08`=9{=fv*8~JSnBl!>Q0xmXm+U~8P$*)}Of_m+iPYhsD z&}}|tbL{+eh9malk{;3r?EJ1lS8x)vI|%0IR=eC`iP8%H$fciDIHw!-qh+slnXjW2 zKssb>AT&h-(jC(|L#b0dqCNwO;UXnQ31EZp)L)8)d_wK zzS@q@-+c5fT&K_DeZ7t8WUvpi`K;x2{ni&la%B`lmgO7O%8iS z>XkMZY3wUim~C?!dP3SECpzbQj(fXiZ>C(;@eP&UrO=qF8B~GLLH%oZ|KheS-StT#pP)!mnomwP~+`Y?zcC>rgYf+u6 zh*paEv80!2(Z11&_S^D`&hQoexl3nmxr*CN>aU^)K!<`-&F2ibU$R?XRMX!-^)>qc;-^ zKg$#usL|;VTXxw`Ajf`gsw4G?%u3z@>VF{Qc(6{zZDO7^G+l*X3>ed13);kac63;$ zAZmZuc09fxgwp;CFSBvO3TFlIWsG@LNXOV~nzKre`BmGhO2*b9+#t3z6odxdd(%Ns z*ay3MI1sh6ur0Uu1P*3q;kX@Ac_g5%oWujWd&NGP$hkAoG!?%VZKjYI5J@rmZKCMW zkc!~C5ZT0DL2u_p5rV>Y9}sce z6I_z^C7PCO6iRH@mYtspapmT0l86xm&>%+Nv~Pz(=C7;i+|ye=TT*M|c&Y^b} zF7cIms(xzk>WTwOQuZ%NsYR3&Zq%TtXdW&Bq7^W=Zlg-CE(w5HCtMTEvAM8^5>1g@ zE*nj7vdu-|SngoS#V&(ju7E^F%MOuT+v%)os3ZWoczl6K*g>+2>;>r%?4Loja;c5b zAShGFm_%aUjUsK_=^XOdEbS&16W%}_PBp75#ss|hTd+lw#|EdCOFkmdFSQgQ`DAcF zIp`w;^+^{&9~Dq9l~nnu;Kg#uM+d(umpm?bpj`4Xfo=&ERXHihmV^FGaCy1p;{%%X zB?L|mlI4<9-sKcy>}LbJ#wg-9x@cwZkjB);Af@+n#$|Ops)fk1_FmYn{(>6ouNzaw z{=}ZQi}@%xQxwZlpumBqRi{yf!OqkhSU8IZAJ^Y+EeE$0_1od zvcWnKYcrhluj?}JqWIi8+)>r{^~9oR1u(23_iOwr1m4t8pVgG1*Nj;PccfA(;~lP9 zA;Ws{xE6|~QvtM(Lp5PQMjqw!fRlA{`)X%qyv&9;bdU1|-&{mM1`C_(Zes|gTu_yV zldKwDoKJ_}X6JJy;Mnzi<~qwh^GO~%l4JA{{JbP7JqxDcrEUyAor_t7U%fNm#~W)d z;wMkbuGIJzz~K|j<{AO?es&%kCbk4oAA$%)@O~!#hx_-sgq$2(KlVZ`_ljDUeNb3p zm?(Z_KEF~_G!}(EzGd!)0vlpO$T-K~6SI?{t)^gN>B#b~E;i5Ha<_C)M6it$?A@qn zRF-wB_|`SL{uUu`S}_hdTm($ztz z8?&_v*$v1VJ}OFcHtNk~XCo!kS=}fP!m8cwppPj#hM<`h{DaXrk*&;WqBxuEBmHr| z$3!YE&8(32CU|K|Mc8DxbTm06b)NJ^s4*rs^oO z&Cx#;zItZf06?^&SK@u%*(3pO1v@fCQ^-88!yB6n6hUqmVO1%H5`u%A3Sp<4aRr zQZ79%^Y{?la}NIMmW&&(b2rozi5-9LaJzCs`g=I^9%^JK59~)<@jTS_3sA!r+WF>w z9VR*7TuYc#yxaWkQIO^(VScd(?Az7IuMP9ddBBc`NCc-U3^*l$C*t2g8_IdZGWZf{ zFfznh&Kq_=VJbqHa^A2%5M~`FJ<9=j!*n>wCUp(^LuWp`K2#C&hK-PpWcrqS$=<7^ zw?hj0UF#b2xhl8ie@aLQykt+i8Zxq(i@;P+i9K1aKOqjWbhO;33 zj%IgP1((X{R`2e*kyY?YD_g|??yghfIIGN~J830$`_;R<4kpfrhk2YsK9sv_-C$t* zzvJ#Y4^>+(!aRt&yFO=girrm@OF9;`b`#VtRJPRJ)w7MO5bmy-J6iT?mw9*BuK^@; zWpH|>=W(&SYxim>hodzgJNrrR&f@Y?r6T6eI!2SNJ4^j2SWAfm3+e!hegl5XIIkXo zsupTwoauP+&Z}x^kLZQ1ab8_KJSJF&JLlDtgB*KAs;f*=00sXH3|p%vpbRB{hM7_A z8e3bHZX4%(NPAY=81J!Yk^qb6BD-Js3Un^UyEEPPJ?GARVh2(n6_)jewF3q7!8o{t zJ_&YMX!sHuc+y{9sjKBbP2v-hX?`t+$7(f`qz?bGZWfr!x3i?a;%JkCvF3ctI&5ZTv3_ksYRl zSuRB_>0qQFj3pt3%>xY*-BSo?j9PIf2_41Ni3dwUJZen-kOMUewu) zPZs4;_eR}wE$^cVs7pvnx2K}Ttu+=%(IZGqA^Uz=w?LV5W;&;ZA1i?Mnz!RmWjZfB_ePq zXk40`vn-doGb#cPVi8kL1U|Oiz#{P8wgZU346cl5KNX2UTGH((Z8${4N|Yjvr-3}^ zhwC6>2O}V$VOz^knV=rQHO3fOMKa?BYVEsj{FU{iNBq59dFTuZ4zcE?HOu^HxK+?aM#DC7Krir@5OD6QdbHl1A1K|wpbL01;zv8OM{?

zUIGEX2RVz z0HL>&vm^7}v8;>dcdnd|hsG>P!4`#3l*sNOxpPoxT0zeIn0H=*39}Sv?f4N$v)hZ{ zLZdV(Ezz|SqZRIWZNyzQ!6hUnzW1_luI#;V!$tRA6oqcTbjaQd8=IT9uKfN>0R^M` zFY8{zW=-+_3&^+oB8NV~rSb}L-mLr+1;&!h2>FJTG*(j>wQ%^M*b(6R-SCiZn11wV zZmD5qo-(;H<~#4cgExX<2dOeh#*kE-S3gk>Nws<7z$lVaV@Mo{emCwYj2b>fxUCPf0&ixIzl?K zUn3Iy%S{8D<@kl&lT6jS&BVs+bXKTnO(!HGCmWWsCt1rZ?x5T3J=gGEXft(x+=y+* zk$}j_uiY*8lBDr5nGIE5er&&ueaf6iKSj|IRE3|rp^L3_VKs0GKqYbeJj#e=1kujZ zy*k*Xe|upgZ@mXOeF3ynF{4hZD`FH!py-j1OC70t6oiI@H63Tm&;BwXTekT%*#aUi z1`&2`hIYsI>nAbmUxpN|DYLuBOC%;A9k?|fMuTUAhl40O6 zD~`h0yk&>4U#HPGivB5>hvwqJO+9YZMkVVxKo$>7j^A8O+B~ve#%F9_J|>oSd~yW3 z@!5TS5ua71eBe22bTA;Ruj?eMRYN`hhb@*` zLXAIajwu6QI{pC(+&g+55ce;Pp}wHcT}%@f>BE&4=3TW^+EwN;jns~|#+bKew|$+0 z-vbD2o^ZcEZ(Db=CBTpIwL zC}F=p3}4BcZ^Ts~%yuSo>v{$+X@p0=zG*$@}q-)HBi?|7~31!hC{G6jm(`4^Ys`2fm zvWM4B+Rb=Jp@64Oq(AT}i(z{ES6*_sZRk>3Xa|hVr^ioinV)(fk+IusJ&1wNC%%ar z#U5CYdSDsWKwOCj_u`i*B+L*&d0*9b0WG$T4(fzaipy;T@+O5ucevP(9*zBor(7x| zMq#clNud`Wy&&Ngg$D(z5Yq)!wRtk8N*NFBwSRIvN;kS=lF9ZAdoLx!iAxh z3t!tZ63#0j;j)sH*(E7)z8o1PsyeaI20XB#ADxF{cKU+ya2w*Bp?3Fty``!Sx2D_EyM6L9&!3MqHsAP z3Kt_OQ@0!@7F*d;Z6Oxb;vpJQh(ZkX06vWn&fCT)PxfqCH>EHjfU2bzOeB&EdM{_6Of}JpblHxE9htHfm5wW1Fp5pVW(B+u# z-Te&G+$0?h-P&|{?y}FLk>1&nT19-OC8O6MfVL#kTVOP`V0U5~@&FE9WA|@}Qg;S* zawbE?Flgb~`k>mu>kSCBh$F@I;&bU4;O_$d5d_exD7WAUs=`N6F5V#N0MXsXIEeZ2 zE6C=|uJKwLZ4CS|dB&@H5lue3-wTG<^^`6F-Z#gI)x9Sj0# zLgbzT7$UGlR$=52NA#wGYQ+OnV-6ZJ%~0Aj#>5=(7Q|CAa)&R>=eENzWM=ACfg>`E zG>C}WLuBM(*%*-yQI5t)0+cm~AbNg1nAtE!#2Z+N812LDZf#uobBZ;ECOPe7Nh)PrE@p_=t17Za}p(y%a#=Se%$YfjtKusmp z=hCPEkn-WT$cFq>kgFemzS@y&v0+EWHl1%zq0a(>#xBi zuM_RIa|4FIB&#d$4!niC{|hxw9guDlgKw4oTqoZUYw~4<#HN-q!a4UGuh61?Pu;Bz zMC?JDoVr_!p2S5w>vOnJHgf9j#g}9(fZcO?%&K^&{9|S9!xpOAKk;f7XL#SrJL${b!D(%x0W= zkUt?jEhkvd-=K=XO22nwtdSk$h=LgJ07*)^b(r&0{=fr*d+KSzKvqp~a=TRo=XTnhl?+oQHgcp7`j3P0`MUyNljpPK=6Le|kFjmb^ z>UKZ52%jzq4+By+!S!G`>pEFCH_ZOJDB;-Fu1CNn+ZMy_cB0r+PJeXSWF3k(;w{u4vo+5KF#PLv#0u=? zf;Xxos?glypC}3v#`^we7I;yXZN{pB6Ot42hR5pMU~Gl z4~g+B4_Y7#!aLYPgll+DRWj#CPI;jj%-ED|FF2hjE6la)-_eUm)oue8$VTvkfy%CY z*beFOWy*F3UmmFJe?Mr;_Wh}}-a@c%tZc&<*=lJSY4&A*>B{=3qFgc!`5h6tUGn=5 zCekhwJmL^4PnLzRBfv55Ugre_nOc|;YS_AQn@iTn77@64xhu(0^C!gQ({b4_-KDB& z?W^XR;0xCvircou47!IQ-PZ3Xb~n3;G*k%+>^r$ivE?S}pxloa$8YF)EQ)|?q+T^O zyMb{Yd8!8X*YvRysh29JAuPO4x#1l5Dv?V+-`+~c882xsWw{szNuAUZ>9*fLXM6D& zmtWA9+x*Mi1ps@x{Cq6`0vB}kj~6ZerLp|m?b$5ztjn*D<^R}~f5_#}h~+PG`QLH* z$yol?F8?~0UmeT;s>?sa=KHuTd%e}RZt7e1oG1m1Kg1F4AZydQeDTzm0g#(a3SjnB zRwfgGy=M(Y#BJX?+~KVW@fOSj(z~U24*bd(P${zalu&=BOrW7(z1v+H%{ua`%@j_i&`#{jqX>1YBFL950l0^<5h)H}^ctx8ur{J26u3 zxL7$q;sz+@de|WwOFRZ0t+kf)~7WV#fun(g%T|4f_vq~NN@n!dE&uhz- z%S6gu8!P8yI*%(??!-vB<6`Ch?qWf=D_4#-zN3=^);@dpNaXyA^@Y*&kdJ0KAI8U2 z^m@||)qnd7K!L_G@B}NehidL{3G-=3XyS}-xkO$ZPq2KLQl%-?9+ON_fGPZ!FIBBD z&ENAWqcx@He_YD^ysxh22QE=QPtNM@_9;m%IO8WiC2djN>r=+r>hAL?HMZ2xe9Cl9 znH{Fg(3HXh9%h!NEPc?Y%+{2uCw)q-rsV(ZQs&qDhRk@`C(ieY$v1prr%#MPF7}Bv zuX)HNNR(r>S-a(mj|SG$BH=&zERK>f`;$pY!kr_`)x?T1KC!u6Vv9}esPD!Th8Lm@ zWW8heF5|+pM#mp|rC4}6>M1h(C-sKM2SKbqKFH@05twTK{7{K_bkygWi+>j3n8upz=3reJ}M z!^n1-p4}Hn+lO)XZtHPo@GfMy>y`~dBo^kG+UcFO)wm4et8^#M#T(9$^$PrH#r(Gy1c7laK;c$oF+SL}Gq+u0=~w88V4ozh zpwm5C*?|FTWPp>i*uiT|-J8kxabxeMgHea9s&J$vli!pv+azw95=}GPCK|3}0>u&bS84H@|N%Lx6Hgv@q3TZ#a-rweeE>$4b@OQngYl)+}l!h(k+p zbL)iyJ?vjBM)F--p1R4@H5Zqo*4ElYWSUiUR2;E;*=(M@7AH7*!9i_fU9*|D4~jTZ zuGI1<=fz?MePglpXib0pt4q|#_?qm-%l~qB#8na*U)b@9j;{+H{7q5#$oN9l{g1CY z7WxkyUjy?qdQCCdWq04j<65F&&f-2f_4!xXkGd;qZQY)5n6$XhHRvepM_b8qsvmAD zPT4ba+NnsBMD<6qA9-n?4=Ve+e&ZN>1%#Q0%Dm{T7BwK(Z?Ld=r$(YX^DvWlR?*FO zNT45HtS>I#m_A!sk)`s6ayI7pHSQDu$*)3oH#n=U!fh!dW7#v1-4$kcnW3@lS;19` z795^q^s=#A?|t8DjVONW^dwxj!hIzM=PHW8bt&BOF}PW7Ym3{8S7_y(rtj%@^!x)F zJl*#F5t5n8VE_~JMLAUy>|rr>B&Xwv zx+agch+87?xi*qcbtEt``#vfv$uj<-F-~4=x5YGOvtp#G=4kk$d(96YQ91Tm5>WOnkoCwGOjRk$Wrj=Tr~GA9jVz0Ajop(~sHBf3ZQDq;pxw zpNr`)Av0tquo~OakFe3G!IgCWl%oD>=nhFJ(?ukqsEcMukHAkXUG%alu>!iN09e~a z1)*vIQ2Q>*)K0;5bQgrRvBM$)!44~`jU5)Rt#*Lg_I9;Nm9}1}kC7XdNs)ey>bolR zPp|qP)p@1$JxlZl=^im3BKx$o+P_bZ|RP>BOOHaO12rnU|m zZz0L4gxm5X2PJ-v3kx3sQhe?KP`M$aGtVP0}oB$)lJ@i zhj$+o5}Zn++xll3?$&gqNthV2n~@D8C4aue0N;Ebky2f(EFc6lwG_`wB_|_3&FiK7 zkWphKW=$NTONFRqXwWj42?BMh*0M~9B?3-Rq-HRxic*B2Vtz&fHx@!BvhuVZPyE&@ z;6XL-3g0)8l~Zn-fV;vEMN~@&F<27Pk^tFk^EXQ@{|%L5YKa`4ldno!*+8d_Pc2C_ z+@o!UT5$n--4X)ZnQn9;u$}WOLC6-fYd(PIN7!}ZFg7H{uKB{Q#bDQB$F5NVm0E1s zHNTi$!3iAhqW?BS=;oWU8HnHsT4!vr=SinVa>r8`$sJE&7ILBIc=ggD++%qJCzqdb}$bs~%68U6L|B*k38to)6>G`9858JV`9HabXI9 z`1FGtQvw8wXvZfnMtE$HdqQJ zWosA+jcjY)@B;$E`S znQJ{TY;h&-ipy-TC4OFMU7mMZG|d&}yQ!YO)!A!FLb@p{pn5P0XA@^2HPNPS_Cr~V zCi&spM1XRf%G(-kBz|}BjQYx@iweM$Xi5n_Wjx~Tg$X(NWz@YqD6ci}UJ^7}*~A@) zV3a6kK{ByN(0(O~HnBBm%U3RO_a&8M_N)kg5LRVl?-zzC8QjP##mb|V>w_a`%R?1c zULHz9@FTdCKaea{I-+^xC$mE2E77nVd2?5Y*nxowxzSAH?FEfS&u0Vx!RjYa>%G z85939s2{*}78&uK-iYtUpyk=0sSfF2N`;SM7{ zAEO9Hyfy65Q_eu`QmZkZLaQ;JLc=beGCr`89NOH_YK()?YK*7QYK*6pL(WA802Mi` z#&g-B#RW@|(+-LwryUeep&b-Y8Sk!*)9Ua6g)6tLx+_ai%_&K_q9mnUdvjW$5&+|A z3){S!>$4b!;Fckbzz&&;80m)&HQ0m>NU*U$w zzS0^$>LVYxMTuUFLL%p>;X^p;oQ-|a^V?OT zFBsU`*7b*zNPLBv^rg}rAEz%AUeBX&lnxVGaS!wwn)j+?O7|ZG|Cn_a|DYTC$6rl- zRJ0juFkp?>BCk8;_zrhV+*ZIxMdIrWj@r*>8!j6!o3SR`jP1!`?-fdpTd-;#SAqT! zLO=J^5X#x|b2nK-6=Ew^!Dht4W|(ipz-CymS#hvg=8_oLEDOe6s7R$X=J*&`jRi}` z!O~{$7+BhZ)yBbU&07yfn@|fdYV}_HrQl%KEVkbhKcB$<+=2X1--&E;{7$tqjz^sh zR~8hX#Mcc;%)3W34Bf(=&Mgcn`jeC58+Jr5OT;v}ixWnBxr8=wgXwmkTt7TuQ#kZi!dKtj3R*}E9l^ne79BkrS(7OH7)ftHairPEdKf;0ZC z&n}f#OleK>w2L!DATvgK*%~IW6wc6h1BNrL;y>AW_KYi}91bRh{+c5AIlbmh?uZnv z4vOLJ6)Kn*Fh{6BJfMa%W|i6`I@Sh3pzD&!(7OvQ&Ur`9HXN;tLgZ>ao)EcufK5Oz zqu2=}@PD-2(W;H-q=l0cw@txe3EkPcNMubAa_ZI{GdiCMiV5Z)_q{Li1on%Q&VVBJ z>#AV-D=i$HMMY(r@y;qRPOdA7IgrMg(B9dvy{3qAcg|~QQH{veZikpNFkNbUG7Gj zyy&H(J8Du~bT$Ld-&J#eBJ&ZUnC1^+qcSV|I3Rds&HW2f_xmer?0Fn6ckKS}DO!vv zD|@%ay&*g1kuu+&F>>n@Ty;W1xcOW-ZpZrmA)GP;v=GP}N+ehdXATc~k~A$+TMgPa zl0FDq=BZ}Ob=$1w`KkL78SNjbS}DF0ZMttk>OSA513`^&$uF+U-qdmzdE80MpPGJr zswI*6jF!~veKJQ{Jf1glJ>XQM8`t@{^z zZ?XDp^TPB3m8?i!wp!ceZtBF+u>&dov_N3>G5aID2??DitqLU({V05EPGnA24GxOj zb_OM*F|}-N-LiUM)?Uk{mLZI-BXt)m3;u#1WasfGkvRgtwt~F7dc(-M1GE_7gZ6?B zy^RB1))(xADp9;3#VP8*E|=V}0t}prpdLSfkUex63<7~GY6yYS6#-2KKydR&hl@bq z8W}=h1yB)eJzdwJZV}s}AG8iEoLZp#&zyP}1z)d%+T9h%)ZGOg*@S96V|h(fg*QM- zxH~G3Y#js*TTkg46h;W4TnKcpv>admyBCemrS9SaEp=DGu!*^K_tKM-n0FX{rH{BV zrj(tjD9R{@55TzzieJP$SgLy)Jz&{p1Og;Q#*vRdfj(}Wvq6W4)2gVTA~+2li_3zC zBo@w9sqLW>qcL)v5`cGl(UIUOyqbPN@ja9S|K#Z>F&!I{2vZU7skrDT(ayG2UH~$U1o>?3w@H%aADo{R!3sOwNq3a+@3>+LYl|CvnePr6{+ADk4&=le4E+7^4^6EI z_KBiH>3HvMo`1k^8!L*18{(oNAc}(%3s1l+#}=oW*YF(U-=K*+e-`84HWS+=$)c17 z(?jo2Zj)Ge5ndh2_lwI9n%EaDFCO^Lu=@zMFh=4*hZc49waR~3@;}ydV)izVz7Q-#jGyuH>AYAx# z3@y|$g=;HOdf&~JzOK@mc9?|WOu=j%oClrPp|qiN1s>P14fq$DuG%itj9h6UbFDdO zi{L%yG5UDi_ghlHvqzRGZvXLFi>khzRmYu8^{9=q!oM1C7vUGLtWtB?ZXp`5&k7z; z^#un){5n$WSvFI*KI9N=ld0>4LuZV%99nNVgyjA>v|c#0-f?KXaEM>vva)+Bswou+ z?uC$F5^Xkff(QwmRYM>Yjg~nfiYW06%?fHz8ihFk&;t~(#6qrWk;WIep@4)>tU_bQ zl%Dj=BW+bLN2;=;P&k6a0=`p=hSvJxPW=o7Nu)-Nez(l^!wd!D!)%;-4|~{3tO%SG zAi7Tgky>d-cyJS%V+Fx+m_v(&`oXfB@FT?JL7VF8iz+MvO;-XdnaQryr%=)Oi}B0s zPr1Pv?I1ZsT)yvUDcYeK9XnKPAv30iLjq%m7XkfYf6M0YS->J~h5~Um_nS|B<(t}P zo65WJD61Ua@L)nO;#&A4B}vDBdWj~lwnYyC+{`XkYU(jiT#xM)_L$QeyQ9aD%~9tM z5v%`Z?uKfNLUH-3ezPnD4qSu^3kI8?J?3@ZWWbF(UFgzupuL8qo{sDW*mwk=yMj+V zo1SQ*Mafw!J+q04GME=u>tL1w^A`^7p=~%*-V$vM@*1kXJ%K>QP5>wn@(_HB!l$KH zYazP!iL33AGf%HDpW4rMQnVp|!p!KP_?Z<`RRjg1VYx)07XM;eg?V+~I4*(ub_D7a zLai!-l1cT-2-KN``d&Gx6C+S#t^-}QMNq>?*Qf~8v4lFg98@3s(Q+b5s85uGdNu-; zBGk4;P-3*o($V5NiBJXfopg@nsz5bGaP8HCHnx_7x+nt0kE5I0il7*e7EFpjO=FFh zmxKCf1nN9OrOQFRg?@6JxQtNy6+v-63Z95S)e>scKJhjR)IAZX215O=9274|a5XL_ zRC5s&*%rv9DweC?CDeik&eY zD1xdY)MF8-4nn>0@i-@TCe-&MP)`wRO%c>CgrbS%YJ8qhcNam4O(XM^r9L23eGwF= zWxc7>LcK|-GmD_OUl4Fv6wz&SS5cv1Cr0#JW8FskaZBr`+#@k>6&XzJ1wZ8oZ0Y0p zscSsV&%qPv0B+8Ue zx>}MbKtAa_Nusp)q%TMkMZ+hJm!v`0N0LTM5O$P5&*MO}ZV=Wa++M?|-A zJFk(w zi+Sz}K9$UUOq98A@t$_>V+!WJF8skPruhx>T6XRufXsb-aC0A@G4~M%1lihQO)L0L z`%0RNFN8>|U8L0!wjt)iXd}3wZzr$Ab8g*WLN^TcLy=14YQqRJAaD10J|4w$t^n6{ zBi4f0%%Hs(Yk}=Bh+;YY?iOhiQnFW9?a`{?jVP(=Z;Von-i+9ERlF@!2pW$Ddacc&=NzU<=wcw^@p! z=ooBX=?4$OZ0>fnUn#=++o-U<%o|l7HcB0u>+G(#Z548OsMEy?(cyPwBREqda&HawbM( zgq^bBYj1GF;dHiILWSDBrf!;3yW=a? zQ`fRcW2HX8$>1>1H-kpRPB`}KpXq_rVlN6l5k0ZRz3b3hlD9c6_zPMef;z(Ix&M)Q z2kvVcjFMalH=WcTfxtdI@>+868LWJ9kbbD58K_(2vlQ@&-I~bkqX<|dy-x7C4Rw{n z&p-#+tqW4OdIwoED#z%SVd6q1=t89P244V}+LHJMn0ap?^DA#?;GwV_{(JY%5^?Xq zQ*bZp!OO6fFIEogL>ZEb>iHc3e)4iu#U^+tD!QqU-cTZ2;A(5O{sV60Y@U#1nY3qX)7k3AIAlu8sGD&k@kb9wb1_>kFX13)ow>~H@`0Ydz zeL9j9aZfSGMKuT)vpl+_9+RVx4v$JbNJwP%Q$otPPdZY!Vf^$3cLM_86_o_%%nG_! znt{BsC<(BNfZM+;i55gk4$l-4I~I^tzRqn~lCzgovkMMD=X6kOk zMi!=6igUEtW03@$xv953Z3b`{=Tf(2%(jiG+k*c^>!k}ZmV%vh+IQkT0Q=c5p;I-w zzZf;_%6|)na~~QF-J{tjAA6&6EA{2*;^-Q|}UuiZ}Jn;Jc9Nxp4Bzko1A= zp*G}-Fw};$&w%hk=@Uo@BQKy&*5$Qkj<}3I#=d?pOgWTNWayFGiDE zBs8KG7v@rnTr(2CNG)2~TfQAdwWJnC5G;%!SlAx|y?9CX96*ijT_~CFVV6^IZSjx* zbVS*N0d@9%ydJl<;AKsK#rwa}K7a~izh(l6ci4|K&Opk5Gy2LxrOt{NE}Ys+=5=?c zV5!9b6(61PM?vJIHj%KcpG42zD%zJ}gbVF_h|o?A>ur*LX=kDT-$;;o|3A}681?~; zge|t`i|qqAb+^Di=*4`th4#U32>MU452iRw#nTpM-Fm2ia`wTSNJn;FvOk4ikkW-= z#NaF12U}np3`eyc)nr02 z&X(=K-=cgbxG%h5<-}tU_zWhN9%jQE{sY3Yx3Puxiqn5whK2hY+|LlSK0>(}`5K3e z&556E$>zjQ7NmaSHz#h0i+J;*TTvE2!mGnh`^DAlYkYer<@rRuiiBgURA{IsD z=0RxDhu&bJ_XQI?1*v>+xGqH5=*<*oKZR@0&>YnMFI|6yvXbq-Uy^0eCuLjL~!`$;u7E zb|@nW_qDk$wuTj_XYQu1iQMool(0O&geMUxC?8n%zAYsl&Mmkcq#39IkEE6VnA~HZ zqXGVIKB%VqDb4}&`pXQo*+|bF{mzAq**!7uSnNZ}Xv__HtUK;^{sgm}XK|nC%PvyL z`W6_NH^?T42Z0GaLr}Ked7I7Kd<{c&c4Q0Cc}VIF9uv?roX6+a1AyKkpfeok(g8rP z5YS5;=$rvSCnGO7THu{a+oT47-%UUnfx>@guK_><+RE(=LlMx|_}UK}+K?CgOyE5g z?E}Cs5>QXYZ3BSL6i`pa#RGtjLtbzQe-7Z!z65P|UVU>oU;Cl|eX8|#MgmDwhYSGv zw16@kNI)g}rys1#02+K(;GNUS+{4#?;A;v06@hnA2Ijf};M0U3FYqn|!JIGv{0PGD zAn-0e!R$EzyrG8w1Afx&E_lHNeC>z+7Q+8T;9X>cd1wIm`Gl7n`r2LCgJ~Q9o*^H> zi3DhOF%d?t@9T%2(S%n|qzjlZ2MvIqODhfVX?M{S<{wDwuf3gwf0zL6SGlqJ_yF)r z1eDP^{AVQQu^-Ye6VR_YtY778KcJsMUT~DayXX#c`~dK>!3UM6bFtHr&}hAI=<&3& zzY|>bapbhMVzBoMEWeL1=Ga7ur4clAmk|0LLjR<=$Tbp$R?ak52+y z*hV;ZoSH>MB){H{1YAwUCj>S}!XcR=At7~te@&vl1sWkCHMCG?${WKW`C2w4ga{-g zgb%@Y!cqtcVIi24ZaQwb2}FeC5e=K;+P{0 zpzK~kId9hT z!A;h3H9x+P=ptXXL$8ukIfM8@KDJv8fK3C~8)-STuO^<*npSRD|`WGzz zDGPXd!4{EEpOAO=hfM3SQ4lw~q1e67_d#93Y`>N(#&wyxb$yA38X(QptuxPbQQeA zBnV>y3b|w@7HMcV+?soU6fk>yYF%Ox9i_R{I^+d=;&E75M!^3a7poYQe%0`A!F=`R~m(r_;R8|C8kcec~H3I!+ z-BG9uUq2M+G5o`t2d%~v>cTmYX=|r6rMk=wC>yEn&eqLVhtROTL{_=ejm3kGZ($L# z-t$>Nj3XTpSSDcCLyyU7D2B72XB5Yi@Pim2wHuy#5+S4E8LL zCZ#HI+PSe3?|^4f`<|)8%EjKSc`sN*g>TM6;mo*G{h=3%dGI;rOp+XY$~Y>(hcf3t z$=TiK2$Oe34jLfO%KS}80Ye$pGDAYnCj0SK&3H4p-??#`L8E#_{URXlAynUIuHm4S zsZ;ig!ub-%EIU#r9EuI32aR;1_3`kv8ca`wucOiQXhXU%BS^uVd|H;AqVSJahC`L^ z_dQ-ogdWyTvt@y>BDhV;Ld&)h1|t}71)QJ4z@;Y@sJe4FnSpSan`O@BSqWg$o8jly zb<6nGEGQN~fLV^7aV)C~iJL|WCVsy{QyW*CCvHV`)b5{+)SI4LSC|EDW9!0qSoy|M zR@j*$( zQnhJX7sP(8IS)b-t$ycd^|t|4rp|apVB(4ZBQ}#C%yn-Qr)_@gWZt)gvaB^V9$Q?? zsOz8}sR5NxaE;_cGDefEM!n$|$A!R?THwHijrM6W5A}x6>1{kja&X&NVrjk4&V7wT zMj|lt^w(bNTb=qD44rB9?O%oNPq+QbO^y#g1M=#OS6c?6 zLqi9QZl%Ts%=fHFn2!vMNbLd)qzdePCrT-j^bb6w#@#OR;)j$$yww&CsfkSlMVmOJ z^1!pTL+TOM|UyM_cNq+!lgRVA=S1pQvD=U9}~Q-9#YNy4yk9T+5VYBYRHEE zht#a6$_^>c(mO%IFoibCB18f_IkMzUR}Mv^%&q6@Q7&pCbfngWlT>WpnNHaU8;hnR zIa;JwW<+PHgLRatZKyG(4jXE$2;`euAhF1v?9QduiY?fkSojH&23ru~YjU%PYtEq6 z=8gX?YZP_^ZYzz#ZZ{RILp?AG*P6GRX{8aB`6nBN-J<$0#KpTpQP4bTCDXSdx9dm&TIX3sFlX5H6&$nzb)`9gWC|y=q0lrpvC8%dyq!?jMz`2 zXKAw0{-8)Q#^3{+Q_phOGc=)E>~l5LbRON*Vr~^B2#$!5m#A`?02=-XN;*<&gdlKF zZC^E0^j4=+NUByd0+ve^bVgdOg%Qt3}9j~Svy7ME zKqwI`MMRa*RByjp?6!)p=~kqi#p?UDKhYe>PA=eRyJ4NcEefoVrBMjH{mSFxG}^ug zD$`k}BhVyKNWA9%U6X$MRi-ebDSh+Ww z7q4RGU75P&80b@3f2wnQYPnut&oL_9@viVd_IkSMZ=?kWbh*^>L(oSvd(4j;-a*5K z31~k^>Jwj@cpw*Hg-7kU7$*qYcH?tv-~#3&(};05x2XY|2tA^k>ONYN2-%=s%qV!XS;(7 zsXa@Lf|HP}rYYxczh#6jk*Q$OFkr(}AR)h8rxsvTJSX)*VMvoWlUJd;r@L3`Op&|j z_D<8BZmTL~Z-;wt5Yc^5W^xtE~n@A>L#7$L{PjP3yM0vdi4{H<`gV zhadR7_MD{K+kT%6_L^fN!NfTQwFV729$&PG?}2S&2LE_KbB9ct4J;s+dan$V{2mz1 z9mgk3$cy%qV!9jl-j9k5A9T;))LLDMgB`#>m78j^Ek0yw~aunBOAl6z&~ZQmHprsbj!GK2nru-*u9}=XPTf{Pc(W{jQVtr zAzB${!zGphhvU|##}9eZ4d()|R0P~l6wyLa`fF0_gI}N$D{WMDcQ`yUezK9xz7ZJB zUqddMLR?ar4zh#XD+ZZif6{#=698JzHVCXg-z!TYVvCd;VXp1J+z8-zBLee$!#G!; z#DzGQorZnzUIS}g3GS}hS8(gSjdrY=Mqw`G-w$Wt1QD320wQy@lCrGrG zs?3I$-o?AHmiy&qypUBcUhPF$9-5~}pYu!Euf+ZS_+B>T`R*^m+wh&gzK%Gh-iN9VlvAvYDcqK^ z$-k{c2op$ZxEfSU!SIZM}7BtT$IoLSz+gHmcZA zR0!s{uQ)fYCtk>W|GC$Mvhz_l&evkBu}1d>$_yxLn%ECz4i3VHO6(iHRLx30d1I6^ z4I&7~e`dpM4E|p6pXhmeu!enrTdJo};kj=TFrf+wkbVhIV1OYMI#u4mwnRt$d^};e zOZkp^0f$5oTSq;y5uwfk4UGae6*mQ(1KpMC8T-_v#;!>WNU0e6)CsM(eV-biw+`4# z3_6C4Bxc-7@Xx!&;GLIV>yr(6NL26G{G`UbB_N+}d0=Y^;0+4ZBzf~!DWq|WLK>U( z*Q0*;re=rp=cLmoopuTq0c0flrO-HM9na1ormhoi!n_*h4YrF4#a)DiXcy6bw)e_Ms|KDTZYWi8S4O+d6v!q52Bro=5&dCh||b(_wdpL#d3=wkqBIjuijKHJ_ERuVuyPnf<5OLU zhEIB^GE^dppTLb0F@q26x}%wCG$?Gro`RUCL+G*y3`2CfYW6#n zmq;7ul4#-p8Iq(^WCHkVn8x0av~yjW?*>Uu`((6CeaM)ql@|wGPhRN37U_~6Y%}(- z0}?mWc#vupRvi18ztxzlu>BO8qc@KhFrE|vg}HR~*r(D5y}?^n8_6Bn8S70CPABo6 zjG!}rxz1IM`A@jzshWKwvL-4O(uAxhWn9}vG{=1W1b(-I6>2-aB*?_5MVjziFWu8r(4yJJYvNWX=9I*NmH&QNuDVGY}Bj{itc zUvRW;v9RSK#_bc?Q63{~!1R&02B0y0q_i7=9m#RPJvkseumoQA9Pdp7`|C z{58NQwHBDcpG0;oC?`oMpto+9*6|!KmnmPzHYIiJ;_B#O9sEgTSL4^#fs4G6P+G?| zW$F-8ITKklBO+)@>b(Q}3yH)C%B&n>Wl}CIDr~p1uuCH?acL_*pSrRze20_?)A+Ge z+$a!BlTV`xP;i1)FTKn0iW&yTYDfTKh)rvVW0TLZ3bwh3U-&(Eb2CjGyi^qMauY2i zyvPSleGaDd#7z#Y0{02r^iiRtt`|z8Z5W?hce(R4{DqwJ9&`C}P!TV1mqEI^Tm~X{ z&=l$2`IKV4;X)rHeeOmUEe3^l68H$#++x`TKk|A1{IMhK{?N2mIa)*RSfzn44eepc z&(t0X5f#2tEezj9K1gS~J=8HHeQO;j{`c=z$M~{6RZuBA2v=pvail9FO06NPRG=O( z@rkO1%5b|1LlR92RM%^J`V8CCV)x^UH1joFl&A59-eVAx7x7=!rw(aI`W}uD~hqkI?Xc990iYG6nLo8>VCmNqOhGhwsrT z@ft-};QSVyNx8Jr4Tc>Z$Dp-6rOXu%TNhwq-Rk>396#30|0`Gw>T|9yR z6^0OYggKV3MvIlJWd@rFznzUELUY*bap8CKHkaAJf4W3UJmmWWAdRo^I4b|Lqo6ZP&21Y-HmMZDb4)FwHJ5#c}h#hKZ+*Uik)1o83v z1di~wax?SZt7K;G!OWb*u0h$Ec{&_BtS&Y)m*=Woc+XwM2?u*6W#=D$CQEm~Y*0TO zJ+VpW5~?1ZrFJF*P`95EK4-$ET%+RtXPQ(J#IB&)t#V6n(C?GIHeqTt;$rqp~?*LVhs_& z5vt7K5RU__5mh0yg}Tw<@VfCoL-#wFX=b;9LoImOHGTTV$sy^B}Axr*p3$EdED+G&*A}%fk;gb=}jw z7>YaA7-tz9a|V!Fm{piR|H}S?-%$$~=cpEDPC{am461$9?tJMlq=e``<^= zx-(IGK;EL4N*hijf-yox-A#R@zU$L6@t9M!IW@>AYw6}wh)o*Q$`P8S}ro6Z?c=!$2 z8|QNs>_l<36e`0{cQJs{_mh`E-#Puky5su_`*p%ntCi)wJG!s1rw|s)^N3covSoJ! zWLWPj$f80-)bL>xa?{qC1ahr~m|2yK`Y)^9=0xMP^%FF%1FG;T`XgI13 zn%EmZe@Prr=qPIAF+{&c&O?`B-E8VT*^i0o-7{1j+DN0F+#4J)8fi2|8XSfgF}U3! zKo+hQixlCPwLkwXCna&afbt4#;Er%2_E#C+u`KXepy(B5jZHsjjlD@r%ooGfEH6t(RA*e@K~?K)J*RR0~rDi16QS~jCm z*jCS8mN!(wYx&Kd{Z&G9Kank|q)(CuuH^DaCGu^l<-gE2W>3`|OS7AetPTiUqBBuZ z-EI~ts@wSmq%^t;f5m|ojemqQ+KEknQUYhE33d*yaQ9>`z*H;W3 z*R`X~oG&vfvlxJhp>3ywNEt$%E75Ky-vkv~G?u--YYc$*Ys1 zOzjwSY*_oz(b`{y;o@o+GY}LwrK)xpG|`1c_ZL+8@omR;D|LhU0{vwY7f=>H;!mc1 ziny6jQ)nTq39^Mn30NTPDVxEvq|oTCv=D(xMV7EvK@9vT1~8Cv z6G(aq6lAHaMG(rO6a`ER+=g06P{e>J0Z}drI#&t=s8A5-`~99X+wCw z(A;OvnKNh3oH=vm%%-6hw>eQ>Q^)IY76CDxQV5kEfn!Dq3XL9NT4{u79w7q+Yn$zQ zwj~G-bM+aB9)HiRa`^1ll$9`;t24jfi0i(N{qUf=o!?`>8SVF?>B!<={6H(JHLDgv z)QX?{(5^F`^8)1PZr5m1xWVljBw+6R8Rs$xJl1pX19`wtE-u-h+{eo;G(%w0jikBG z0&G&(FSCnBbr>1xTY(G8aD7Yx-Z%;$1i?Y*XM*4)tqz~U!O%p0WyyX}Zx9)@3+&MN zL38JKVRlW}833c8wuSu>{MlDidvdX0Xp-@2MIh+BGX zmY&%cOcYx!8ARn+lC2$Be)1+8Qkno+Zs7IXB@&I%V`&C0dB zOe6mCyDIfv&F@@h8o^ze+645(`r6DWT1RHA(Z6xi!-P%r_d_&$`$hlcQ|)n-Hq;#J zYsIi6*NI;cIb<%I7Y&xehR9v%wJ>a3B=UcB+u}hBWj$;;1Z?MX%fosY_H^{JM89t? z+IlHddGvkRaOn2SRlEK^tbc6M7P*Z-VGnk?a32Z?{bL)EM!J7M*!le|1#bri83hlz zQ!P0Y_V5&3QsB!`(;()+>WKdh{b)62&h8kjMH56vEOe#%K_@oWk9uE!+<*gqsPX;$ zyDAl&8dp&4aMHHjp`8;3-F%w^N2vP2EJ;TNwcM1#8L`ACFUJXxO^GJGoAR9aye=i1 zTEM)N4%9-1%y~F-k0MH1S#EZO$`+uiYFTL!U{X&RCv26>Lwyl^8M!-j+=bMytYJ^a z;{zKw1U$EFzGqXxZoj#CHz7L^vZse_7(hM?E7%+4h|P8cZ!isdBuD$4A8PxFEc@Vy zR4K^t=H!SID$;!>{U*jIdaASoh+gW0C{~OE=DF>i5gN*LbrMkv_2vT}Q2hRi9nZlL z##q^I!{eBl{7tr{GF{J^@52>xZWV(M=Av02J68IY6^19w7Ne0YwPe|ZSbi-M;~9*| zW%56_)Xg;9FW^XD2GWut*TW3?wrl2;nJ?71qTr}>aOGqXt&?{>C{vV1YYWK`r$i}l z<8n7wN{uh2PTp=aCts{3^tBDLF8EJq^|cMepV=1pRU)6{y<)cfOoo~I>L+sAth`8u z3HVG^`DETSC&={x3NrG!pKubm0_WY>b1}bEvqm@L`Bz~XyEy#NII8|YUr#_3y!Z#Y zN=dqom@pI{)ak3QaRv6(^FXrZY`c`H_)qAx&DIag;+_G(8F={O_KNVeQS_DRYZFxk zR9MKiG&vzQA}!sBnI`4`=(Up>PQ+(Qh}8qGveN*x93Jg{qTZx$lk3CJ5yh<6va$s| zy_g94TrKNW(LuQ_D#d&!5matF<5#GH%Xt}crfP8%t}f6j`%?Sr|Aks;u{Dw8``X9^ z|04|TP;Eb5H`sc#<2KF~Axge%PaE^uYP0U?HtQsUmj6BcimGjMEq42F7YIxsNy4NLF{9XhX$yBr zAhk`phtjRZR3?-%2j%e#4>oRunFvw3I_C>Lu8{Ho&Y+?KzYmxVLAlE35lZ>`K% zqWH<}Fhy>NTW;R{lMHd-B^u&}%!N1v?}j)`@2y?3*H=0hijj>4ZK#b4Zdlt}3avIm zhY*LxA-@!zj7O+0jZp0oYDy#2IE0=iHdaYa2=QpsM?@pU zp}}8jr&X7>TF}fM!>@hHE85ldjU}t+Zz+7SS|xcP#1Zf5C$W-fgm|=p5m_a~qxCBq z^-0)OFA?v#e#9}9Y?Y7LNQ8JoRU@Ji;?Z~yZfWib@o3eGRu$M{N+!3bytHhdTP$}e zkUefo0YPh!pkI=LvGH+pU%;wYtS@MjLn2Wf^$Hkxcl1T30FuF}jmsTU>kd8=*7gO_yXoPsQ zwh_??@o1eRq7mZJW{-$Qh({CaSi?^bUrX`Uo9D^AgsHcC@wb_?DF<1#`F!p(L`UojFLy00fD@Q9j8Qh}wv>T`0%~~U}Ooy+yEz|_51OBiO)wm!+jhkLF-%B+T8`R8@6R1)ZY2x07mlT(it?W4j2 zpp4EgyD%#e8if}AeN^VOXHe^>Gk9s)t^htsCW_W~hOx>V>jw@HqR4`|)1HXsuIJpaZ5B?S0 zY)dmf{o+breKYNmCDSa|*Phl}BUjVJ`E@86E%pQ(kh*>Y!vm!%>Qcn$ZEM8=S6>J8 zi1L)8pt%YtQ3*g|`S+dW8R~_)J|U$`hztVnZ1c=yzzp87?!w<#pzWu64AffJ3(R!%JTW^XyZiF7{?eW-o(_+I#M}LR=ikE5lftJ(td4+RMOGD~e^E^u z=|qA5Pv!Be|0nW*6ONfP`m>dXRX`bz?~I%49;+V7?&GM&?w7Ob6T&PN~ zaVrIAS?hX;F0exaggc8{p=2 z18}|&HGonr{^%20!0!*KOwT{)MZsn*H#)4j2^Ad}2`RXQXs=1^A6BR7P1HIgJIJyH zp;`Q&9@(ghcDLtGVTL8snKRv*jeA6fin!O3GZl;^L5JLZN~QZVa+ldBC}m~Qn8}H? zUb~G-Um`K>4GNvL4Rh6Gme%WZG z%Rd|yfs8Q-V|5t0`6V;4f4zR+TS@(RfM^x#$MzedeRP+kCAuZ0QsgSX)i^8LW;pmh z02pqydlALrtMrCVdw#?dhMk!yg|g@|Kjo|?3|Ugw1Vgy zq)wkQNH=<~y2QB1?XaE!=~2T7=zbo^s-&Ex8VAKxsQJ)tJ2#}}bAsSHE+B#sWQS$P zAUkmG_7AE4v41{fh2Ejd3hX!3E-+qe4&|m8Rj88t;h6t?mtR9%QU2y~v%V*g%3tgB zBiU}KOIh*SsKWoIr51YsAxmvNM#zJM(5I-+O;LTUxlWEgoCPpsz*&ICT|U7f`0rKA z>tiWDkAte}v--Bwl(;we@i?_!(4zT7t5khe!Kka~T#*^yLouPpV)S6PVdP{2fuGhS zDg`x-FzOFO!$D)DEG7AK_BUFO_?naqeZCv}9>fSq9O3|%EaQ)Cc%zfUmJ+zSImkAV zQ7|{^+@ZOK%%5yM|R}g1GG56m~TaONW}M+OZ=wG?>|e&aE{QbgtjiA zo$$XMvUS!VjgQ3GJ5 z*P8ZZIIk@u@cI_!wlTIatO?o-?gYGYeYlgBay`*~CWUvDV`wW6ub+mdWzeSp_Ta)k z$v+qY7zSR(pAx;3i*KKGpSTSSrLJDlu{cVBylNrvd*h^BJ(P=&T%ZKu_!Va$-%U{XrQ}}bhE9!U`w+&lAAm<6(Fe3E-st3c)jdXA~A`<>vE4q zYNSu^k4#R&U{4ppilfjTlIlP~t+EV4yXe?gMS{5CI=}pXtdf7YrtBgd1e;i2v$qBj zqx>R^@xn+LH@I7xdJ-5eqy&<^m>(cg|6MSRo)4lMIHDbiEK#vrIE)iV!r0bfOh{n3 z^8qY&Eh&}))@sSKlTJ2+xU7KpJXUu$Eb{AVNW`rzYgJr@dFG;74U7Cl-*2vT%MP^Y zo)pT#aDo4`OB$nipT7@oNJ1|5WfnBUfbe9uwm#m$lLKUt5h`nDk+P!rp%^g?lED~_ zw!I*M_blYvsbr$LDaH|rHRo`7{@~sNb76=wUoSZ+%bW)0g#+{fvKy<&Ny=2 zAePg!Y8#11Q{(E>Wx3J%e9Q5s^|9+OmJ4skZ(A*{j}BxU#1gjgLWg9vf(6&0;DO>% zC}cR>r=u}d#tF7R3$_EYE?H3ARj8hb^EEFit(PKeWBt;?v~u#4GzG7fyTNBn@ZC4c zR!*<$XT4}b_1b=Sb$-VY)J6&``^Yr@#9U3tDVm<{`-ceA-uLe;Y9X0ujp{E`sbW{{ z>pqqMne^6m8^@%&h>v6_ykKBgcVNy^`-E9=S5}wYh&LO z;`V9e$9>#Vd20@I=i_dZ<=`wO%15Moz9>kMno6z=cfpjS%G`Lgh zosi$PEN!oJL+#D7(5mCvB_s^L7S8pfnT4*`WV)U*qZVOtoLeLOXy-PEV`RWy?579c zUg0)}b118l)ODUgu3YP2kbGvLAH@#&sRiom1ev@S-=2WzF<#-&S?odc+NGMsynQ(^ z_Ev8DQIs(SbQjqnr7tS8&|!369FP6=$fQDwygqlYS_odG<8AJJ13Wf_O9}RUtnoGO zrPCYwnUvEcnQ1)s@%wsI)S3@b9eSkp3W0{D#Rs5oQTgJu`}hMIUE@Q1KN#%{i|u^m zv{9muY#x~X7NtC7cHTcRzQ)#TA`qn|AS=W|3v%tYTc1ILwGNs$m>Z8rfwc=OsO=yq*p3qf8PK_w$|lm|whiY^{)+WC@A4Sboxlmh|V5zKE`iU-pwbuX~}Q5~5mk zs2hQ|+8h+%Tu3$@MOu5Y$j8j)tnYCdRVKsmYBJT}wijFN*ilez`Aw(C{pQ9N`4*kMxvKlk^7;P`3jL5Sa^X#NAW1WcCvBGFwFCh`M zfSv!q<%`-E;f;wr+}hXB%ks_NE<gzLMwDgW} z%1hVXrw%SUAJzn%K5p&-X3%#KC7Oh?7X9`u>lDsQ5>aS_6Z$L%MGYZ{UbDkrv3rZ> zSH=9ekp|_I*(-JMoU0WW+G7wxd)BMyXJH|XPN)L8bx=D2{_`doy0ltWQ%jD!>JdtGPeg_ zbEEl8ov6B1yLJwARs#Lznh&_4(D%pw6$5r4qJ%g-M*g#aqdj3Bn$C);yrSdaz(1@1 z1xGi3u$!~g3H6B7_AVjc)MRHZ8Ua{I3%gN+G|S ztHGl@?xuQ){O#j?{`w3^!g;lmTvslVbIny|mShu3kJws%*Cn}Ho)SnmfliA5CUg5E za{P()n+Eu1PH+e!sy;PNlirj^Z-N;d0M6se-atjZejSOAKHxHiHhJ^CclatNu)lAy z+gjF#Xgc(Z#nl3Mj{Ah?hOWGNMf-8d6x_Q##ieMk<2+qCLyuD5e5W`GtIRUvY<9;Z zD4(A%w(>a=d}-I{9_aR(@@%JP898!(v@D zsXX9qYXG#9S#Xt$ZB;w4IJcq*%F;27r_nvbpI=|K0(;|ME@*n2+jdyJ0h{4ZKc3S*AXt)(?Vz6*)O{&nL*ZeM5efX5U*IJ!jBx$xCAa4U4QHfJn?gT+Nv;8}6HZw^e&%cdD%!0hi*x+^M&BH{ zgk!XXe)HB0DFIs=H~=}{zd!i?^C19zn2U$A7h7~IR>_l^2;7{cn3@R8bkJPufEm36 z8p~jS#&Jhx_a|EML3paTasL&x&th|jO*3aaEqV_syg96$(SL{)xVRGM&zsv*{zmqE zXyWS|b9#%7$PI?;??oI&z;u8u(N$jjV#r=?ZXKSz+WaJuy)uyuRpXv97hP||TRQPx;z!SF=aAM0%J4NhE)Wdy)2Y1Q zai5&jsLOk_PvRWs&)>A}*1VSs>h799?bTv)`ox1xO? zEtiQs7-Y+^o__hpA&sjY*yVU{#buQ~5vv{R$!f>Fvl{MAuXezM$svn@;uVZFArr$q zJ@OaE2JW7lEIsl%dwj!usMmbRT*I%#@Ds7?6{80jJ-}E~IhYUkT9_%&u}{ zg|pIQ6+~Ejmunx zPk${8tWDv*q=bD-_h0&EZqz`hZr@I%Bb--ii2TutzpN z659;g^0>?$OOz>IUJhM4Q7+z0XSvDvoe>}YSwzTp~#ZDMcpp4!9y4O66^0UX%mX zC4VnC(i#3gP4QJa}9Xc6A0RQ1P%ymb->dG{XpspY-c$@_@YK0)3a{@q&om58_^NhBrW zx4vbIup*`v$TeonW>1xpG#D#$x1$D0uZKs6MAG*^R#MXOd;vZtf~{DO;rfPM#ay|V zdEJQF{JWy~uoCT7lMCjQ36yLvS0z?elM5=@g8AT^Qf)hAIk&$MG>FBw|&<2YnD>9!v(wx zjaB1pp7{~yW}HXti+O}jhe~Vss`;Z|OZ%gh^hXh0_ zFK7stjxMcuaCEu2oidMnQ)pud@sR3@_Jb0M>kjj)BJ8y*F0;;7l!(VXw1H+Gq)wc&?D2`^<<)q9nwQGsu~&Op)$+&d zPcKWY7m7a1dJ@EIjyw!Ss79&>%tsv=IDiZ_b_)88yqLI&ZZ>=jFLfv%KHf91*E9hoW1Nh(K51 zWUVz*lD*P1kJs9+g)(OrUT7IIw;#@oY{eNv=Ick`Lw4P}^ZjVwguG@hozHr?CAerC z^Bzpsm)^|F+T;-c``mxeDK%NRqRM`BhAcP)&{2aLUi9APy zJbOwW5%jbqJJZl~O-PE^nFjBc>=Z_3=j=fG`D26~ASc*)=320`a`n6-5V;COtS2A` zkP`iOmF>m)jALk%ay!p(dm(WZYcC#U`AW#>Tk1=X$4(YKZa*p4j@5v|jXeC@SfsWv@Q} zIz55rMziqQj}Q~XF7-t2S3>UhznqDb#q9?q__~VfM0A{}-o!ysO8D-C}AG$(0vz?sI=1YAZ z0UoE+zSK=Z_9vzx`*!K2U_)2Dbb5u%1UN=vSvwb#{_6=n7gUILgG6th(@pO@)O*y;?DM!UAk0Ml3%)}}8o{E&cN0fYZ%+T?Hp(--8V#InBGg0-M zL$;T{hHSimE1}cA!G0>))F|P&R{s0q(mZ#yS{3uoQQ&o!=BD>l539Yq?LxkTcw#5V zJhTQLjsXuWKJvHtf&uqcS1U2n=I|a?9B5FRo6Oq~7P1bm;lEnwRF;?`)n1iSr%<9EO2h{hR(d-%;!}5!T{=D8u<2l?}kc(!C z*0Z=o-yR)#ShxNqeH8P>e?)GGi#G&+U;WE3SjN3(Y%K|p>A_!$WEzd<2OR-XooKPd zZ+=>09nyrK!D_xzbdI|X=~ElfzAJa*J1sNbjd$MoL>n*twDLL-jr z1LwAlAg`pqHc!Lo(2)`SwG#7%5{)Z!gS&9xkW=1%%-Q%%5xHL3{NX4nLwf#@ZeN){ z=>8gK@9c!jxA>XCR$!{sKEXDE_!DaLL1j+eS zPqPdGl~T3d*;386Oa{e-&vJjDxCXGCu^7>S-gg3uNL?r3{Qpm(Pw>q?l|HS_1FxT? zPb;5y-52IvTQ;W6#8EmerX^U*Z#(4|LQG%O7H~#mO z^J)6u3y|->DX+(ZW-L7f@;XVxU_0vHB{m^?UxhI|;YB|aGX9JiS1zzxI~!byz+C+7 zQ^@OsrKo=}Q`k%mLxR2$q8&YKaT^r5N2L3T7nqH|VxG%87?vU@mu3s{SBECrNqdf= z_yEBejiU)8HfrOkz0(yi$O&Uz);+ZcgIvWhLlJJPDH1S^;NNj}f>10HfDA-j3VjX^s55wfv|EN%3>eI5|D6AT-?p_zgrotW-#Xx^v| z-ug;{R@83K0YX~V)egBMPJT9G?jI0>@~IurIc~$iS(2<+&(?vi#rZuDm><_`&a|Z@ zI~O!d0^jx&M030ET)LC8Db$RimOb5P2(@f2Nwj9t-w!Qn4Xmej@2ZNt$mh z*v9z844-3$zc`Voz*frq>ltMDDKZp)%zx(bpIiCQP5g&(uOgQcq=83!{RqXWA3gqjYCRq1rQs%pV{B*l$N69LJV6 z5@G0#Em&CoC-%`g3ywTAQO)%{h-J?FDe?lDnvGTMNVC7(Ae#Lt>PP=(*m!>wRYp{{ z{ZMOEa%E8<90$-oA8Bl()mX7=<>)?)dsv?dUWUfiCzaz;s&4gWoPoq$E3oNY4#o}X z{iX}k)!?HnMvTDTa+_+>{43tOL^q%*Vk}}BFT#~mx}&#k#4WA(jR6H64ci~LvSSKZ z8O-oOqh&FLQ-ngQ5afKjq7qJ6e#{Ma>>P#CzBmFdEE{$YZsJh!5@4}HP{BYQbn9{R z2ROOfYH5FK$nCG-bx+n*#Li{8Hb(*Kr>2s+&{C6d!KNJaraM$y9Mpn&%|MvQ@Cy?e z)mQNet0D&rJ4iIU# zwRPgY!ZR5dk~1{ow+i#0DXhJtsS4 z2S8*1jqo{@gKdPjylpZ46ENg>hn-Et3%c`%z3V-S+kru4t)jAG8_0@*biGpJ3H#?K z)$fi~sNXIq*tO$#mH(3Zu}NGv*8N#-=i5KzfT6O%1K-XtR-bzbSTbsgp<>Nv6p;Q` zKAMfpZldI;8yYW&@8{%s@6!7JSC;+>?Kh=9)bBy%7W`rPPPG0&O|gAoSRLyJ!R2N? z7r7U63-dI!U@m$J(1?ORh3ZwdVAg*WCV4~(z4v&7?YeGcw68qCv+l)HVt<>JPq>5! z!;#zOW}ubUVxX(IDGtg)^?|jiubLHzzw7Wxz5PZd(#lPEkDH5bvqu!QJv9|=dDL^* z&lPqjGTKBrWm~G=8=q2iw9d%)B_`~FJCSKMI?-J6)}tX^<< zJp)zsNJhu+>S#_Uv?$q9oog#*ahlWp2x*z$t@e)R71T+zP^B z)8I0;`DAfzmu-AQ!5{S{ky;Rm3V~+@_xCwRN3b7uoQiBD=`x3)C-pR>#+ijo?*^n? zZdDICszZ*FMcNQAS*pR1vL4axDa@kJ%d(Roks>>$FG=GGE^B#A2frhc7uyl&PLGSh z7{ur0AeCYMCdS8+9E}rLC^zii$P10Uh9~-kI*+uPQwH+yuyqzjVYI9E5*0F!w-Hpk za_2bktp4N7rL$3OKZWI$qdbDw{YU{7#{D?UK++tB5+3hh%5IN$aPMRF;~js-pZy>2 z_zS->eI0}NOOc`ba+DWQ-wku5_D{dB*KZgu{m$vPa~{aJ-85ZDUh31)%jJ#iBmCns zAHvKzf%unLryypaxatW(VD1xQ;TcEwSp$&|nGf!@hd^y|xkHdUavg4^PsO9fYu;qt zDF=l|r9U-Rr+%QDo(RV{O?3-wlI^;RELZn;OSN*7%4G-E&Xk_YJx{4;7B<^KDYIa$ zK_4`|eGk|JJ@4Ymt%P>X5;Y3MHN1EBuvFTrV^gUio-50w%7d$xa9W>1G||@-Nt5xv zl!_)raZ5Z+8%u$#FtJ=Y*m!Ck800m>+NW zty2z|nOa*6u3G96MTIJfzFIxJXiHHgCIMl9e{%AtB5$u>?6?&hAl$>A7UV8r6xb~J z*B?&Q>4K7iQMFX%&i}rSC#l7(yf0*2Zx(kvcKlEZnLG@%mIH~%61moPAl19T+In~t zOJTEwu4nC#n7q2=(pmQo>6|Xet3ch9#jNt2u-vscyLeRB)#N@ir}NS=O@I~aXiZNP z_~Y%8gbV7Vf>yTc5DTQE+Ukv#9k;ARq=d~94A1w!AW{ftt`ss{ZtFQvT5fzyOkuMm zvoHTYCbt0yP;ZI!a$^$v0!5lXA4+Xz*S@Kzjiqf~#=O{p+Xy~00bU$|I|x230lqZ? zcM-gY1OHLHC~Gw6?OX;h|3jDCA4uK?5VkPDwn@W^0k%dOHah2N{(ZL;&DsEaDh)d^ zzxI zq+#a;*n?@2fcwOyzA-8)eGeUU052zU-KM=~~Nx*uTY za|gV3z;3eQVNu36aPZ!&{>d3ZH9@(_y5L9O2~Y`T5c7U+08Ov z*~!*YXHKzP(**X}6t#UG%QUXGSCYW3jsPe3G1I^f!+1;0xOYuC&RP}^KyqKl{WO|H z=zfH?%;bM|(mP~xkF@Zffk#_XT;{(=2 zS}|;hZG@3fgZ=EjTF~R^+j~1g75|7hpsVrqEbKm{3WZUtCu^+Dq$0F_B^G>DJ)bgn zvCW@|jW(8e9UA9+e8<7EGaO>&;0^XZs_Arwzr zVvThTg-8OHS({5Qvvyyt&5>AX{S_VBoGpnFRh+m zO^BMq65xs#|39&tIWxJ9`kjEfxFJrca4IW5l)|%4qfA#?QPdsc~>~#Rdj{(qs(XY!cu?TW&UJSbOFp*aj%HL zP3)LejsU~Xu_;n+QkBf#hCKX_Pe>Lupc0!uH>_|(DK5ckrmN`^mUYi|wx)Z7f|m{E zn4kYKBLN-rMY*jlxSC&1&CjA4{Z2&hDbhRI(YqS-KAHDtW8RO6Sy&a*ap7LUbU2H` zRi6jgcd^v*oh`Xgp;~g#7SNK1)(_PmBD+7{c9n+>sqc)4z}MCXfzvGkjbvHx`Ih6M z28TJ)KUh5!Dv&x0;fulgSXIY85Ns?h+W+h$OocIAxe{K-wK)wpj%2crd>JU~kqsxM z;nE!$GTdaZxo42OH`y~%CVRFw*Dd9{iW<;IEX) z?uaG0J3gGVHOzi%=3u`k{Tb5I7_<|pjs@Q0r*pjb5^@Ai#OxENcmigo|7-UDJ7)i^ zP5)i9f9u+zV=kvPxOr=94JMHDlaa%9nETz%Z}}!x2j@{a9^t>M zRb09oXkvU|5?-yJQ;}~Uqtnsd^umz{hS(uNelF*FIOZsu>{6od-5a`z^u0C|qH~mX zg-8PWUel-Ody@iD?R)KuRVuC*W$UnFsQpZ5GHxQm7ra$=^0>DC)F}6Xv0&>fF_2=9 zn2vBMrOB`E@6cHBw4-NV{VwhSGLx}BB3txw`|9>Qt7c(T1t0k>Je3Jpcvz`NU+Yof zz5eeEDb*hTnNIxW%73>LpTYiTz1!m-gm-)P=C%{>nCirz7hQ9XlMZhoc<}4zVXxm- z9Up1vbNy~r2F2DLN_0#;Wi7o!I%bRSn7e7ol7Nmm|5J2KSq&Q=JouvwinpNz)EkzD zzfyzZw*YYK5tm_=CwSqEXixI`ZyGmaq{xZRb$AmQ4O|uLdxKRHgskKTt8QGMWh+LEXZldGS@u5}nECHopzpIeV6I z1e*gf57lj1c6>&Nps*A72ik$A4hRTmLb=_#vt3zEJO?hy%~!1L+NXVmP8piNAsCvu zgnI$f`~4b+?PuT?!h6^Fkh>N7Gq@j`{*UZlS{Sx1{obrs4Gi8M{mQz6Iv^jHtc?%d z1iY)ToU*!nY$U&3vurYkyBfy)WUse+RsDQo+(W|8@DVogz=`FOkT?K9JHSg^2 zWYE5rWJIklU-r-B{*uOcvst{qWY~TxyTxK%kg_{einD2K6C0@jEGwR?$=rYuW1k?V zxz*$k0Fv4G8f=P?`BVm!YMdvRfd8 zulB!6oV9@)it&=l@qnVa3fOej$Q^2?!g1kFs}H&TLg1)in(=}ceqcc#M-e`>7h@pe z-$^}|s|BYPT(s=j-@rb9&lZ5<@NUgF)5Xp8%uZ5}D-OynT-BJ5E|Vhr(?xFVizH%W zjVtyT77Jo-<3Z%AnxQR_y1*Deg{t)M4Ue-&^ zH~kf&Pd(5{+^#zAiOJm!1LkMAz@7V*Tb~4dZfmt-;~qO(9K;4QzBbkq1s2{CD?A~d29ozk1h-ydZ7KhlV9Y>YW%$iDcp-0_hD1Aqtjc(R*@IJUp&SS9!OeL>k~ zzs59i2m6KI)C9T9+JK%1L)cygsT;?lbdU%VBTlpZ+gNE<2ZknMeGfZ0uSVgCPKu4r?taAh{GQt!2>n7U z44Knzd3yyOPS5f*V8E}G&4f7F>8>A9`>z|+a7sB#cg33H<=K|zvWm;j&>Hb;_loZE z_KVk(@Ls^|;&O1ydx{=?c~s9yfbP(rnUfg>%OCB6ylg!`4x^ALYmD?wB7p#m!;;G6 z0Bi3Tjq5wC4u_~28bTvj0ZU2ojjn65gzbQrxY6|^tx|O9s_T3I90sZWkKE|GiP8ms zwTr6p+x%%AFm_C;wEfzUP;seMRuvnJkX-qiy4Q8rb&=nnTM`W3>q=SInwcaHQjzN% zjv>CUcj&07qT5|xL?%_9ME`20{&dY)hU=1{W@z`$t3a4ng31pjP0qEoA#Gyrm}U4h zY&m=!Y!aS0mY#GO{xX9kRJ$KF?g#xF zqSV>H_53@z>xi+LOxMJ*jc_yQ&w=&kScTkqEc$25^}bcw^Ll*a+yrgA4xB1OTvU2B zcLglG+Ri@AM=Bv-a|w4z*bFLix!eK=_cwIXzR68|t{*CH9q5FODBbJr}xqzQMVf7660MaUC-86V?^y z=NjyninLw#_px-Ih(gJ^Nph=UyC;5~5dV`Seg%lT18KHh?1Ke{;egM$Cq(IN^a_)xmYG2fHPi%SBRg*U}R;J z0X|mgLDb=sCtTBh81lH62&_iz;EK!2ag37LwqQ2k1??5lwd+<2t6S}Q!brXKOAK*jcQ$-L?z}k# z{S!hMfM4}k*(JJs$U zr0YGO`M>>4yX!(MB$S!+kN*gBe!iL1FFV$S;zN?(F^A3D_lRoT=alJP@@l6k;He^h z094&i75^{_zi|}qCk0N(RS&2GxTp0d)Wn^trIahtk%S@b8WFi43qwPW+{q*-m>@|< zKu$Pf=lclv#iKaPN8d!Qu7+2#t*?As(eYJb24+_sGW7*uBW{|6B z9m7rZ7U@8T^n2C=I0!eq^3lko?-0_byIcdyOOaNj8ywR4jHS3XWJDCG zJ{2zbYhtd;N&jhn&x9{-_ zrg858!~3K);R{A|^YFEyh9@vFfyc9=$O~RX#GG;9E||`S=iF1KQ-*M);N0?2oejTt zw-ni=)g)Ak)sVOuIfeFtcKr%VQq8A3+!uNR*+KB3q2+W#6s~F)*fjhPn1`K z)S=?LbOW_PtPWf0MttHd@1DQ~nZ+9g73Q}~fPZwrdkAcEz*z!(&jBwd@I(j9323Y!SZx|N&SMZ|11DE0T2y9T9JAQ8dGzPP_IP+{crDk^yZ);5qfhb|EqxBqv%>{ zq#<)9omL0lTo#ptx}*Yn{=QR6#D`=c@+0tE+bW6txxhy)$}7GfM2?xE7x^tB@?{p; z?8QSePdTfkyMQ<$pqBa;m=K9Pzv&#EFu<<&FQ<6i~StO+gllCp-rpi`5u5HY5ryA?n@G6%Gz(J!FqlxOlg1*-eA$m*z? zvJOt9-2&2PS~POQ#JX9KMikKSI;RK=0p~Kbr>nTC-*z;K%v%3D>5A?dO1qmtkY#J* zp6DZ-#vo>f`xH-BzyLL7zGzHR*82oPCy-D=)&~V(!!Q;m2Vf0=R@T!X#Dp1l48X*q8E%b(&pI%9~=I2(v2QOD124|wwe2o6YcV7`14+Y0M>TD_@ zE$r}6sl!oN@kTo8kSpxZ29f>wp>*KySY$Jem+PKoQDGuze^x%YT@lK8?JZW;OQq7x zBC{n1x5YqA8>kx{3%|3X^n)8CXyiPXaP!AhT=H|RuekXGNgMKT;A$!hOZ4ad0IVZ0 z(VzbifLjol=+A!(z>kLjOz7CM0DPIiM1Nj8JZZ87K-LH1Wq;m5YJsM`0f%FpvWoEUnBB;#qqgJHnZ8jeL%op z`evf}8%-`MAijh37eKWA-1dN5M5~h%0ym$G;)~RO7QQO}^rXPp;Vf?xt3}X%TXUsVtzCZ!z*7KBbiy%lb44!pex!neIen*VJzU-*W-lsn z#iuhYB|LFJ7%F0?EKOIOzdGSB^}V!;?e))4gbxGU@g87^1bnzw`vJ%@pzOkA3f}p7kt-^nj6hA5o58nxEhE~Pq7gt43TcW zy@+##6&r0^t=AhvQV1XWtHG92#a(|K!i`tNHcfxG-0}fmj!?s{ry@yQ$$}&}&$mT6;(sd&~Zgb*wLmpw)zKqsfpD&bi8N5nN7Y_k$SX$^Fft ziLyO|$N_rX%%Y7YDQ1ED&i2e3hQSo`w}3HUG3s4Pu8k=uZV)8#KYtdYCL5F{D+q!t z=63`=kS@~GuM{J$m||{Sf&G2SrXS|bPW1EXVePG_rPv4A+`5wPT8iBwvCBR5isX1D z?e!ng$Le(Z|JAp@-D@LTNrs))%D;R6*C-$C`I&c%&g>R!0#VH`!$B=+#B9qnUqSY~ zmTA~a{J42#O}vjT0&b~K!s`XTB)}Q5RRKx#};w8Fkwq;)=ZRtqqF_TCb)#iKePns_f2YWo-~MWYQWo&c-iFa zER5eVKg*$Vwta^(`I7^QftS%XKayY|HXG#643Gx_v7Mwcv<)gk^TLIS%skKVEK;#7 zf=WxE((I}944}FoRIRnPgl01}lh1}6``aAh*$!QproV{7C8$t#qurW?!Y&P2S0@`f zNn~ZN4v=C2kf&YA`I`geH-!A$L+%QY2MD>*Lmmu}>j}wvNN<45B;=bO(ib475^|`A z{5n9U5VDttyci&R5VD1XK=3(;y%^vd0#4JK{}5?dcU@h+fmVMs)C_wg%$gOKERp=; zP&_t0lG_^L&97g*gmP|h<>WUAkoyR^$U`;{kZTE~2Zp21p zQ*I>$oa;#9oxzP#(BBn^6H_uDRCq(l}i#rIU;pQ8ZB)9(v_V5XDGESETcK8Gy+rgR_rTpw^> z|AW_kx{-E}b%wkdhCGPxQQ(%={W}QJ5Sv$29aK3UsG^#Sxbc!T5Ixta*BSEZ6{#hY zKP2$>RnMDqJ8cxt4G(S19do$Vh#Za~1nBG~wI$*a91lyzAexZJNbtaq&F=nk4N@FH zgf(_|n{eUtbc>XY*YW(!Pr{nI0zMv&>K_3$UGgAOU) zzo4V)D3?3rz%yfrQFy?|Uqqf=GnQ&tr+sbYlohVa#Yc4n8KyUDa}E&JsS*g|q(q({ zz!=q)nV#d5S`7s}^liRh>tqRt6FGiTe}nvcb~1L3~j^V7vHGSoAd3?=Hx6f>G;}a^hokeI~fpcx7 z0-*scP1hSWR4*IKJ(jU>xCEKiOK?6)1veMs-@b;2`H^dQSj+4oq`MLSiY#pW?Zhbn zOPTXwMdmv%Y6n5%%yGti^Qef^X-DgPGW4)C>BGevhciSTJVShR2@F;GVtbfkF3>GB z)bPq-7)&vj?!u18KG4zx0wv4;!8=EVT3 zMZQga1zKt|`RWCBYW(0bIde@e>yp&#%-ZO*wg#L_M${|KPj)VCR>GJg{_f1B11#5V ziSN=U*ZLZsMJh&ot}Kl7(#MPNhJjH)i>?b~_v*-+`kOKbZ$r7VF;$4C;FwLy%!f1E5bb00?98dbFe=k-O$}^GeKUGQKgjokyww#r!hf_uj?BWh>@RaN$YGy1 zv;#F0l4NG_~8Be zJA;QJ8ipoid+R31j;wLLeWS;+raY0!Y-Ups=xTU2+xjd7N09vLZURhraq+(b7?`U> zCFnKJ{;ov&eE!bWnP0&X1Rp?~I&X4r%KZFC>%fJ1Vp7i*Kh$|grfc+Avlp<6JB_9g zo_$~qSIliF5Z*^G{(uHufQ}YODA(|8S3`SLZm0b2YM5=)SpFRRMuq2#X2?&>Q@U}{ z$G6Z&aOH~-ngJ?Pk$cK)ur_B>&#aiIThJTPcD;~+&boXjf~|3EiJXfW9nIiIQNKGl z0H~loE1aVhqDKF%EyOe<*D6J%_n2fO(puW@WbVdh#p2a#5AmEn&wmZUJ*k(!vd+@M zwSS27MK8`hEi<_p&#IsrYfyE=-;?n!@uZ%=Th4Hr11bURGIK+P)urNbw$zz*OTl+V z$BqCm;)KD}-H(yFt50b*S3;x^#Ns+L`=bwVCBw5aGg!1WG1ngf^AyEYg{9#8^TYsPLq=q z<-1|rA0~HgG&X|`%H{qLw0R9$r_KC^RzR9LlmEj5)GEku*1`6C3J_UAJV&@E>Rwj7 z-+ogqGWiRfbdD;44}p~xIr^zEh<~xe-?0QfcrPnjeG1+46ZPqGOEc1^$*}KQJ&-K< zORe2TWKN?9Yw;)Vm+4(*`~HWbQX?Z?3q)&8d1_|n5*h&xd5QUn?hlm%?J|Nx&{NI0 z-U(g3lX0#7FTPC%O2Lb;g@E`5fwn$>_B?!)Y9cHn{5M>C!)p^^bXi~_D<1Z)F51(eBtb)B zDKDY*v#sz7#G+(dF-mu6{K6uZm1*!}Cm|;{s0^B0uUicxGKK+hm)h-kHlOA9HB?$N+Vt0 zecj4n;Z^pRc^#`g#g?_9iIzbQX&{3wcXc?@-m9F=%eBqLFEtohvvEcHf%p_P&WRDp znk`j2k|w2rgbuq?1}EmGEa9Xb_tf;5bs!gv>BS~cP{bL7fM>d=_L!S*P}oGkq>bG^ z9&j`R%?4Xdw88giSNq-m2oGc#<{=9NiL&Bvq!3mHtvyRWY-NPyU5SMMsRd-Wo?QUt zIF|c_Pl+q6bruhH=lh(UX?lT&In?DttfZ`2HFqz{Qur(Wl_sGLP$zPG*OG zY+m@=0dlufCsNyN?l!eI8gTa-4*5^%g!y`Ma<{ldGF3ozWvW0MZkFQAJ8hAM$%bc? z@pO2$2Q(W@bmwsQx>MY1)xPW_qG}cGU#66^yf3Rm9Ut}4aEn$^+f_Vzymdf)v+<8P zU|JMWT-@v!losICb6zvw~~R;4F$o$;=UZtQLi~bmVGm_l6F6W;CmDIYx3< z4P-+;T8pfsa2eL60GCL^r|;N5z4DVgcI!}SLv;I1Fhr-rD|J$7BTvi09B&nY0vF8B zR*Zr_p?-Q+9?>0PY@h6^yurJuGK{Ys;asNno29<+pxVEPUv>DmBoTBk1vM$!F(pHy`LH?r7Ds8c@a`Fn@sx<9cuAV!9aPfZhMl|g< z7&9bu$Df5m@1f}c_G=_+%YIdUjp)j0cebpxKq4~+&C|HR5=y^Pk8Zg7it47v#EY+9 zWevX0Rr5eN^+i^|R`XvN?+$=ANVf0~dhC2?f;h<`N`}~-N>S{gdgp3&ru0BX2lzny zW)!d(q;?KG(4!vn@!cQjGE+%t!9fv@z`M*vnLmwGewy^H$eftd^rFyXeqq;p8^Kj2 zW9;sZE?j8ACEv+iQwG4<@*J-2QrFJe6(l!QvRx2<;p`Jm5-NcotY?`yiTzIR*^3r1 zbpF)Ux(qS#5D~*33`E4e>gVD3-AV2F^UVMcJJ=exbPfOCQI4Lhlt#Q)b zlGGe0&5@+OIH^OD?s{0K$xzhg#j_;o%fE|~j+3Nk;*66e>BTrnn!V??IB7eg?oIe+BImX)Z z!MZ5qgT6`Ey^cPqxv8NPB){Y%oAZJsT<6zc@CCVrrh-WCD@^yq3uZzhbFn%C`^)ys zmI)-yPOBkO8EHP9UD^oDYW!b?|3}ngbbOR)g(5*V$On;Id&-3yCNRy}Px!)!u>l-2 zlnl!bPrbXfAJZemZ=W)Ep2B+JhUEOm_8D?>%0zL9`inY|oB?hz4?-TZ@Bdh2TEGJ= zn&$rVkdD@6hEPa(}Y^Km} z@@bd)jv{d%aIB3m*CVD|+s#=jSWcv)h%prnK~1f%h4q94@spp8jrun;jeqfk@pS&3 zh>Io1y^BCVcSFI=riNQ7hR&)?5e#)TyqIl$afS7IFGq>^gm|SwWALe((t*}=b!!CJ zMzDkxgg_hff5c>ndNQf!v0Jruaa*Bdz+8@5^XZ5iwMrMZF-3b>i78h;U5lD|W_OcOu#vOh0S3Hmx|Lb$o+ za&ryFvrt4E=&7B8WVM_lScDoERe9V_d*3r~V4aGwZ4wK{kP#M)f34^Ipo)IM7+O{b zYM}(c>Y1Rd!wk3aBURYMRVb`!}0#+h}2}{bjb)6*Dqek7B((f*Gtn$-S|| z#WOFRt~We?mPE%5`B7$m|l&gR|B`4aeL)(D55u0=t0ps zabC}p(iIZf;z715DQUA^Wohx)`0dQ4b5Q~cWTDmgpOxXTF~lt=sX#1B>IF76p~wD} zple^lJ^buzn5Tbk(?4_h2e@`?|=kU3cU_pTF)@*P+^mB7bXrx zmR0CX;#V+%YT?>3xFMsMn}Rvy9DHz|nr)qfdNjmDb8>AZ0tLI-9Jv|uFzi)w{sNQs z*}GKNV|#WvXBy9dSE;X=tJHfyozrsgjymWP0DRrS(}PD*wVnvQ zvc?#~62qONj!bcR@#kMk@_(+S@rB>BDGIyi98VMlN)9X-_cHzUqwp zWZWk)GB3@@KY4%E{$vEDNB^Y7`)5F{=+xpP7^IS}Dz3mVX?3PrHf?S`62wA4w9?XuU`+TjfRHL%Mwf2$?0%e~HZwWJ(+|+7qoci+oI?yYw z7nj}b6wT3{yc>m>^3T9NcQte(trK9Fd27wzc8p`Z`Po-d<#CjXxC-u+RYqAt-X2~) z2$Fldl$@lP7uFWr4yN7E*oh5%_NKy4RE0mySYoMnzm*VZ1!x9)4{t zn4;}nwS8pRtDd%f^aumG6_4VL2MuBWDS^_$Dj z23|Ljfy*Wat#)p_LNJv3ADC+S1cUR<0ekZdiiS(G5>G|hs>bXp+Bx$tp(w4uRp|FWYFnrqgTq71XYvE>?sYl zCqIy}+T6XnoC_O3k3u1GKlgxn7mT{cPShmWiS2;(=*3JNr$lk&XDpUz0s(H_Y^*X* zx21{fiVXUI3T>`zn!?`I31chTX@FR3X~rj`o0?TUqv}r?1fEDPCzk*YLC+Bb#@wqu z+TY&f<6+t&wP>e8U&9gV{ODt>^|zP7offd6d4HGY4q@KJ;F-;lKpK0zqs8=kD_-T+n=_ygFD z3dxS{2mh@2U=HnaPqz0%nHu~AM8y*1nDzm0M7k)0ruJzD7nUC%BN^ObH#bh`{k!D) zVj|b(745f1NV^QcJ+5e{9y!XpJS|B(F`GP)k!uBeGltB%KhSE=Y^ml(JR2|>Ko=+y z8RAjA(bt#4n@2qE&+>Q=gbyY%$;*fDZCHLfj2eg;^QBd!h42zoW^->-^JKHyxhBpCp`)MooYeO}h!;<-x`3AhQWo(cEiAJ6eCB{^OW zEl4r-dn6UlkF&1zqf(W9WO&x=nUzKRQu8IVUNk&w6SIyax|ehxe=NFM;HN|ff0K17 z(c`3RjjFhWK3oz1lRwpqU2h*Xa~b$z zSvA*QI}!}Vm=qH+OVvg7^~nNke?n-Z;;)$F81Zz;)e!zVIaLZYLFGkg*xG(va5Ak*QaR=%%X zbZ05~J&4HCh@zW4ylr`|CndU;m2k3oMaKkyy)t6>u1h!U*Y7ID*k{QYvX0E%_l9%# zJVxylcjDTXHY@Dkho`t}26taX8bphMvc4If$f%0T5{mfEdrI;9Z8r@YQJUWx&hHND zWx$w86p*4>OA3cKv-l@kOf=wpfYBvYy(^X10w{=IGt6Dd8XPkIB!f^&eSdgwscK#f z7FOOYCk(HqeKo~1DTj+z;(T4Kl`1t9z@zFo6yTsy+_8{rn6H*?bfO;u0GDV%PpOJL z;)smcUS|xi$hpXrYJfvl!Yd>nk6G$@-34|=Ec5o^Wy+|!iI$?%tR*&_yadP?;bhB# z^@3HXef8zQrw-F!<`n4j?h}hV(Yc+Ed*$3tAzJQX4(g$7e-KZ-rOte*-cqw`LAiz{ znCuk(tHN)niA=}J<*z>lxusTN zIU-1m@7uYOVFrT{vP>7B?Rx5evi!Lq4uM4FGbLF*8zRfiVBYP^>s&|wew4a zR+IIu5=_o?6ZJI=hih3Q?st#M({PM0uUg8m58T_|EC|&Z#>ZTyyXU8b52mpp$3+S>y2EkJVq0|Ne zv7rp;6?o?KGk49!qB1(P;Q<~F@k5F>Ia{t=vOYP1Wu5}kZq$Ni>uzzSQ*zI?|`?9 z;P`T6N!;2;8s@I+>{4i`4-N*W>Qm|ML8P13C$Oh0*2Cn9*xtN^_xU@*x z0%U};-ZiqF^1zIYMW))D8Ec}9z~abd$00zmJ>i0OIVWSncqM(Z8HCL?bKbzoL3fnf zUgU@H8|%;iv>#ae9P|+q?`!K+6iNtRoR0H9eno<@;Wl&?Y3t7khHE|cZ7Ue=O|Ui< zt*JsPfeazB03cVhFn2R?GPebKPE?S)OVL7{f-FHCg0#fxx|X?KLgJDjz=VLoKLq^Q ztO%HRwajSorlSv>CI!R^_VR zv7;&;>{Tx(ZBPDx8{h24h~ZT_7FEKIANBwYw$&Bg``{P0H(;=rb>QFrx$Ehz`=cW> zy1KtTu%rW{|4R7F6d!>>(zX2|eG+zM<85jATH802YvbVPB|D;hgC)cyNPxAZtq<;#H#8 zV1FLyaR-d^?@{wG2F3n;+&&03qnmLvYeMW@!mAfEM2_u23pV45hda>>(MyZL9CX0V z5CLK7&Ey;5*4Vu&)2&|??^XE=H<&qwKXey5521mTqPsH&wag&?Sh_m?KAu{?Ucuc( zs&g{uQk}EaD}YDQ;{QY2x4_p`RO<&Q5TKYK2th>x7A^8hR1B&_uJ%`6B9JE1luaLs8gV>jWSwyb4O))eLnAbKymtxm$0F(yG8Q)46 zUp#>QY=n+pST0W7KyTG7#iqpu0jTxH^&uDc00#X>neEVjD_3J>3_p_mkRke zg9mb}YOkb&hXU#n3*4%C%R?enUK6{o4v7V=D~cx)yW_-b0wjfF#lIO6yChK@Z8BAF zymRVM`t@c~0CJ-zrrrlwUp41iFD{Nb5oDS*s%0mF0ys7nEK#{d}v zs80dZUmq~!3}9*spgRVbV*m{)fQB0ahPeiiu4XX?m}dZ)6o$--fMLD?5y`w1%$#pI64{+$c;=^Ix?`B-0grD{iOJP| zJD@7YV4ZkOVOt)9^~GRRr4(4zO#xef3`X5dfi=fq12Gu&It5nsoq%mH1}ow*1=bvc zMKKuZr@*Sd8?X&47^K}CCz4B*q~9`kkf-FEm&+r1@}W!G@fa?}1&aFb1-z_*T@S}z zlR(ZKAV*>`1|JHE^Ev|#%2Xk%z8?}fU)IFhAB03T4iXDuN3H|FU@i}XBgUp4{dz!> zI%tDn;?_;YtHch(91{@ZQ!dBfe0w!Wv~0k~?D-%=@OoHxg*RZJ^YM-PT^}w0 z7!ErR5XqW}z36)E1|?RWzYR6xtXv*YxUZ!kW;k5q)R%8247lw(bP2O+u7nM) zGOL7>2-jS(DLe>l8{b{Pcz)rZTg}BY3azf&TA!l#uEik!b+u%Dn9LQKjYE7-0-A1?F3%;90bk>&Y~Omr2z?sUJ6EVRJ+4Ka%aDsTleS9Fkeu) zjLPZZNlw4O9YpT~r{XP{%LJQuc4K!gzXN1VnP-ervoe!Adqb{6^7?TT4%C4O*gW7z zNT&*`BNQ~y-bsCcs46umToTDB6s@2VE#$?jiW)Wp1sYJi_mv2bw-h(!X1b|xg`_TW z%|q+o0A;OhZ7+>pTeIv@Wuac`v676A!K$McugcNJs9-X#M;EwBxW@ZvO5XOARpe`b|&p+RAPX71a)zq$^hDIrayoyp{+;cRxfu0 z^lfZCg%k&(-Ir2|c8Qcq5!XrieGRF?C;Y>t_(>EVMT!Hl6u~+S*@yoiQlwQ5Q^a7O z>s_85P1vX>q8!98ZaSfn1sh^VR%=a>nzqG*LBNA4TWo8Ez$BuR*iXI8j(0Fjo&&4- zGHoX$0qCY7OpRw0V3l>oG81R;&&C{2%=v**6kt6+2+};()v6H}nUL?e@<4~mANZtH zJ~j6$pMQ!zjamOSZ?pbamerC$!3o!&d!(xpLWs_4ornaEEsQLI{ht^~0_pfCht{j5fWLCwKEYf9=*To*6$;gIXEsdmDt~3 zc{`O%PvTCB6wEHg-?_BjS6}cxhyktavfHxrMW{V|AVzXIF>lQ%5r$tmePNfSd@zcE zrc8M>kZ4JaZcBuO;ap6gZPD>RD29=R-ztZ8y1&H!$hMd`J+e?n4;5vo;QtRjPRPpW z)lHlp+Y@y|Jc{uFttT2!w(-wWL3&#zb`Mal^`Ogm8VbR#u`x4fMS8E&ny7CRTarQl zYJype0N}%w&6~R4O8HS<7_%4zB^yETDs5~|J~);(=9KdN%8Mq+rUANz%FF0{&=4i< zPbO)9;S|Sb(akB=8xD?DVtvNWVg9P@a00t$GD-IIa=)c2dY-nOr$yxMoqo~xOmaAg z^_}fA^7yK4G*iiV8>vmU2GR9y^}0hFO;5BD6uSxSG*XXq{m-DiYLh(R3)z?`KrS** z;ZTp>Dn~Hr$O9U$(nO{`{nkVo$RwVciMjwcqbzaf$Hv>47&CB^26qx+(?0GE!Me#- zf_HIk^pn-{oeD^51o?2hKzoUL(fv^Id@L=V1N>FniBW*GJ<8;g;<0ub%N|v<4;99k zaKYr#f?=pyJgX{6i4eUtziTlx!w7w=9c zi*B zW)@u6n2Pqs>jXwMTMw?VPp0#3AdeB8w3pI%b)murix&U7%^nWKo{*PIy1|E!^rG|R zE4EHhr}F(mNq=6tn=b5MsHj~I>2bZ#j$G(ry#pzIrY7Vt1TziN7&y>N8OTS8ok9so zp?3+W=!RF|lUMk674wY=^S2yiD*0pT|BSzXzWjg7U*CxQG4+4O->IX^&-BXdi#F~8 z5}Js8YgRtX>>E?TCyY`UmFU)oM&3^HX%6L__E1y^?CE^^BwUbyaV-(>)UHTZ7yb+U znBTyU=>r7P<$!h(>q(mfZOLZXMe7%*DXF531rc7+?%8B&Uhn6Zb4A)e=>da(+(`*K z2#@B^sGXTVqmGA!JKj5GX2^EjfIL_`*2$Kr6pU85qSV3?UblFEa{EWo5mw60RjD2%&QCb=-Nc zT(BQe*WZNoWW1W=2LN~_%zV<-$MeIZ#GWlkg`E)|EE2HhE`s4deap}^gtwWAH#9P4 z5N*$dOcrE53xf4dJR)CbSy*@Ne%S&5lacO=^bg@#;PuW`nV&*kdz*{MP-Ivm&LW~0 zuMtmG0zy5B>oUcKW*4_3`d%o7d0MUkr8sb7nvq(Rwm}@?$`LV2WAk-KH6O9PHPlDu zMvLa5fv~FHx!=j4g`nhZx4*(`y7(L>!Lj=n^heu6{k~ejvI0w{b8S@*X}UBlo{f*U z@IOMKE;P;&!|eJlyUf5P^WrU%B61mw-V;OCL7amIS&v`zU)0O@%`6^ztG}H0)P5-V zKH=`}1^pEAn~%Q< zHA6sNj?bpFq+7T_mMrZTwa?;}0_Aj!kFsSK3m3ec5C4OEcEYAYu4nMaCy=$O=s$Ay zX)(|&jPgy-M~C$Y#cojS4jkRao>_WMF%Yyny7pEs$T#AJMmIOd1jFa)N@gMQK&s__ z+;8zLdkdn^da0du5k-2XAm!j7c&3L#n;EHstf&!bjsPPqlx_1gH&5KwviLTzYjZMG zGBZbZ!L?avLsIgxk1haX{|0(J4og^E-n0aK^k(KD5#o~PT;iE?B#woBu$(rb?Tfmw zD@j|(K62WK=CG!~rF`c;@+LO^-4=Fu%u8By(eGsJrhIRQ?9d1H!O$9@hSs=78G+jP ziEQjTBzI&Fz@9qjsUl#R)WVF*7J60;z(lbl37 zMz+efHwSyuknA5?#ZmNLXK&m#88!b_jvj+u*&vd%to6b#wRz#dw8!P51zxdmA!Gv! z1NMTnM~cr=-oiwBw+snLn?rk`uETi7MS8LIte6k!e%p6wF?=hj8f_$Q$EjGCV`=T2 zQQ60M_-)z`DMW-dC!7kO)CYRblVJD{)RMgLJntY6^R`}v6j4#s&QEIo0i@$JJ>bhz z`5}!5d|yfe@qq80sRW$w+$mKA=R0>uCA_nyb)QrME+D5p2~_Nm@V`=ccdlu@B9(ws z!$&6)?9}jc$s|2BydRT(k3Tdd(YIQm?UBDtCfz6f?Lxji;%_vWr5=BKg>T*RM$sm> zRYPsCt@^nuI7%c3pVAU9oJI4LzTj_P;@fBZjfc2OTrd*$wgHyXEPvyDb|syCf%U&* z#l;WyV!z%byzyYWlsg-5xsLm>>fD>_S?1S=ZA%z{VDNrk)<&N%J){SFv6H@<85WZm zasPN??3ztbYGBKv4Ench!V-nV_lBb-Hav!lT+9W4zRFxJy8G0Tcbtd*Tr07}1U>Dx zLJz$lNv}Fu6zEm*GJ6zCvnY1DVmGT!7{MiJR@_@gU_n z|C9$)qSx^8K$T{}VhRa~F(qm}Wn_t^_|f*Lkk4G9Us;!gy%|g174@kO_2GWJWL+0T zx22Un$ZbSRob0L){nV@Px4q73m!oDa_F!gNj62)B;HE# znUj)76Zj>xOB-bV#RlfSvX7%t)B@jmtx~ubOB_%R z2w^4Aug58CEW}uAc5MbpkC#-m*M#&nHbz0Fra$%4-~7A{zx#~PD?-VUoRg7n8bwR4 z^TRapkd=)0vcecoS|VI_MuR1GhH3oHtBZI@r%C(Nw8@}fcp@A*!UE9lD3vP=|C`1S zPh1nK;REqbm;J~-Y`Tvv^3eNwF~E^@>!GyEEKkZD*gip<84@PdwCx0>;GpR077tFC`eWG4ZqnjNPOmN#`QHO#Yv)Ogcf5QVn;6 zBz@hk;gyDy+cpX>C!1IHv=y#dk!aq{rQlmhs8_&muCU_|6Hw1e(zIlf49bP0l1Zxs z>WpO4k0j~hWYRY!spEwN`esRLO+sBDN#9E*eL|A%NhZCdtxK;kjheZUQw4 zpQ+}5A{^7UrlIh|cwH-np1>L+D-H(8dKwy3lzxam;FQ=gTT!-hr zQmd3CCb_RAf$5?c)9Ep$0hGqS3`-LepJ9i9$+nE3O3iV}-Mu7B#Pq?uyf2WFtT0dw z;iVhCdmpBV{kZ427@hn>jwy?~;S%L~zW3NE1gz?=iXJ(eMs0BsMp{>gg5@p3-kb2P zPx{9WZ{eI)?^@ONTC!36Kx;CFuzRzEB#<1TX2V(QZ95+}o;mqte417~v~gp5+vo6D zvy4N2%Y97Vx#lK(yMw7qY^ovt$_z1 zih)#tsU6xOfb?h<5bFRfzz9-&6FU_ zYonsWT`L$ol`1b@!N6&r4_>Nk+CE@lsyx2>f_}dUJzADtTJGN@`U%4w)Er%F+Cd9J zk?RF z!5%04%?~+Osfiz%td6?A#0msM5`3+Z{cT^>ABN46X4OeOPz4N#Tb3T9o=apg_P*lv z@P;s6aJ||#q(GDV!Dh+|JGOYP&@(FIQoGji6CK8$}0hoZy&oJi<7>pAWC(H_ZU zgz};tk_kQGs`xiv@ZwNdeqrqWA}7cWK|}bHvT37-C$?of^e2()yL|x<$5CUVW$^Mz zO>Upwm+<(hxM|IFz zDoXh+&ANDmOBH=T50^jAfH=;;9r{gB>TI28UlwGsNHaUE_~hjN_pPM9>t&@z>NDfi z8K=x>nsM?;xg{ITYEA``dLl9w`a2dr(t!`6b~F}ec4XIpgKlU;mx!)6+iAZm0juAOkbSq|{nEBpv7##B53V0k!;k98});~VDuvGKXn&)qVC z!+fV@a+vS3=W0B!Xj!}lgTt-FDuZ#GP12V8p2jQpFp5}bDdG{0FB1qM*31-;AgZDv z_=F^Zl@>XqbF9DSGjou{DI8<1#={&Go^A-*lWF6`-d`8v zY`_vY1qYtmEo2k8`Cts@+?bi8q*C07x|;!J`2v>-z&*ASP*&}D+!~K6K=xK;wwYk) zbilW2E+3c4hof@Ku3H2{f_@@J^=e%Ij#Rc?u@IkKVT#Hp7|=5BaUyzh$)cKMd>-ox zQ-Y>l*a_>p!g_rXJHtELGN6l_5uLT@n{oP#GiH2p#+hOMWNX2U zZEutiz?+~V<#4dqW7|)p(loX`oJ?bEo2ww9AYM1eO)J%ec5S ziwPIT5H!uhr8DA$21&4ZFUe*k;m{aDk(x(D2t~Sc450~V!PNfV&|c~J6Sf#fbYU>? z44?!Cp5LIAS!sA+G~DU~yLZIkoPJdZ>#>BVSsVfw^^-HIWQ9^AbNBmqwu7g2M)Uh^+D7%q*0Mx z-aMHAMcOu%07bell>kM0G({QVq2(#0(5%;I|DGy}@siQPJPindGT8m3sBdw|`*%Tr#bHBTmaE#0I* z%0os(lq&bfUmLO3bh$I*a(gu6xw7Q3zqOLbq)XOoNpz~|xt=$kGoU@vK!6FNPRi$# z$--B=d?T4;c>nV{L$cC35097|x6Uo8{L<0TQ=nk$6!2RZy>+gBBqhqS*7-sz*O}@$ z;Lld${ZnMiD2-gts`4TtMDQr}{Nq59oj@>X;r*%n(wQ&^0AfA6b8DlZAHOKW(hbiO zk(kyMNzn(S7o?CX(JG*9$0MAo1$79H4MhLkhP3cq0i4@9G+jdX$Cri124tQk#<{W{ z|N4EB!%}^cuYYY*%jWCiYRC=&^^Br~;{=Sl>utiEG!4N4QE07U-`8 zga)D$aH$k(+00rtrAxm3TJDfSQ2Lonm^f|4+;|uROzC?%g<_RDb8ENrD*b1}*i~Bd zyUKhtn0-9}sPYo#!mrip%gb4-`{>oPVwaCl9vwL-#ObO0((4+fi(01dXmjtiyE>~U zq*%2z=qx~Ya?q&``hhg4cC~#yw>q5*g@Cp(GB_PS5o%N)J^0(oYA4zLVJg3Lq_NG- zSm$v#@92$w&^IEABmA2OpGu>^=T zv7}%5O_HAyzuA^s`%$O&YHu<(ln$!BGF4jh$q#22R5IzeAC=)+J{HTiZyupcQi$`? z`Qs^l=_zR_>_*(_c`8?L^wAX4r8S=aPk!(U`Maj_D=YQvuPZCfN^u$%Ds`R=zxPQR zDs}4!Ws;T3r}M|H6txc?C4X#Vkv=n_Wid|hwr$Fm(v3;~L?Ws&h#((gS++_%Xddng zJ+Q_l5KhI`&hfUbd#J3MD`2B@u+ir!I%qy?EfZ1wYEKTGpcaHygl>KFl@!T+0s|@h z@bMJNace1#O6X%i3pePjG!Dy+6?R5CUnTHDN&>$R6+jbw!s}a|E=YllRNpz$%CdOm z^@S+SjIGQ|eFX;fz3W&1oB9GR>U&WdM@4;4Nav3yQ}2Tz?3_G5vw&g0a6Zx|E+{b+ zPf57ikd38@AlgUbH%v74&lJZ!^DFn43Dq?< zEru?WqKhF`(`~gbU98J?X;Nu1bSjF37#?pIF?6!%@50pJ?TMk!E<}m0OCc!j6ozq_ zsc)$o(DUd67x>p)L@P^R*E%rMx~1h2wmrM!HhG-XhZ4nv(#%;`CM|1Xm=p2c>-Bez zI+3q@UFx@j^?U7?sgiHMneR#?sA%TvQu*c0d_yrsUP@EFmnXzQwvaex2Q+9b~sFrH9c>>>C7-BmNh zBOeBSy`xBC5Ap|fv}PN|BO)krFGpCxsM!BQ7+K{<-~`_^q1Yny-l6D7b#c)b;C)~% zX49{sy=9p!UXTj=7aGEPRQ$nJ&?mM5!M6SnqAddyb6@$K29WIYK7Z^QA)lDY$`Bl( zC^|@n7ThrbY?qAy4Q#;!{zN*zMFK%(6CCczDq~!)8j$su^nRlcQsxvq1T7IG8uB;+ zU&h>v2?yg3zN2k+3fvFtl5pXIWYTT|bx|_u9g?&tk;HaH>?}F{)XVq-4lL%0(d7wJ z#Xs;BVxF9`g*1kxmZTC8mP#ieER{|`SgI>k1YxOHlL;1ux;B{>A?TD$uyE$Bgz3W{ zRng2m5z6{FVSyyv87It_gdZ@WuY|&u$HN<`#5OiAA!#5t|BARYfs4x`S?G;)LpD-*_lVbPC)i#OI##yf z|FFH%5o@&9pOZ+fy}pu6V|yhNti8TNnAP}WlBg9)++CjV!}0_+eX2-HoS?$HxIE!3 zPZ*(PR(s1FMj*dZ(l#`(LF&p|s9F*x)Iz#m?7p06RHngj!f^2;PS{?X-qwFE_^=rT zPViyLYv54swK881rMTA$=`y|!0txki{)s@`Xa4(VpxiFGI)Kn5<0?$zh@L!Lc9CGf z;uKw!SdQMy>aXsv@V#lw)z0MSIdzKUN1Ad|Wqn60z^T53@43nZ#28hoKqD&sQH-~g z!N5|TteuS~)*d|jlx~uKy!VgLB=>+sZqIv8}^kPz?KI5tjBY)~ks zHYaR?%3*WDv_H(2?FoK{l#79^cUAP+XF+JZU39R9>C>iRKaBS`zgs3B`rK#@ycASN zXyDHxnJS@uuDpS3(H^=cD|-#C3+jmp+lhE+c5wVQ!&GRbP8r5y*`Fc1GsMU4z{lP? z7WQ{EJ;Lo6IJs9CXFCSHOj}+XNGu$qI@tleybvlYOU7MH5^Exh!SXy6jogVw#y|Ps z^$J=fY`y8nTKXec{w-iFy&KJoCT_xWwp-VIv(ui(|1&!dlMCoDpMY(}(m8&syqUQq z4ugIA6nrRr=9C7@nr^=t{&KB6$F=e~Tq~c8wemw}!kp-wnG3bLOdH%!-=71t2%d8P zx$f242Dr?GZH~v%vrxf=M@Hj>soP@Csl`cEFHU!!!5{qM(fDE~?^<4b3?5=njuYk0 zYT6o!9d=mX4zV|k`*V8Gv~NW>V2wdmOjI`(4@U2L_~o}+hT&Dg+m@nWAQHPK7S50% z|2;8ktQA`Cr+JU$fRCF(&O7VCye+E^q7Cc74csf;`zm7uQ?R~B8%_cSgB^B>KokeN z!P3hZ6O|jlDsb}3Z7JIzki8CR7^y8L$u^Pnv5w%->`)l!28q@;YLR!IqeyU}xT!2! zL1~$`8`)1z0YS7BS6f5#{61^V^Gq($JTjNC@eBwP@f5TqlzA}v{C@*H+}e{Kh4%+> z)M?1hLIZw4KN5Y&H~DcA+5}%QUd%ZgtwcP+@f2U^zqk${L;4*HaaWLCcSV!L(W~u4 zLWlb}tAA=9=<4^`Q}h*l<0=fS2kW8+IHEbL0<}KeHI7Kn)rd=QhITBpYW|miwE)C z$Mn*-lsf7%63r`|=5>g}3(fPBG>-;Nux{sHkUtb%etA;Lb4*rqfM075w)ae;m?Ugl zd*w58gelfQIu?+lADRAu%pav{U|qIiwOQXajayK=mOVP!(B${cvx@VistO-i_|fqR z$t{7cO?G1{ofOK;Z2$wgo}aiFdT`SRZW8rxcR-{BSqO194MgA9Ok6Gso=1}AZI0&X zb4;4=OY-qLYrRg1Ta_~P;z7QvA`!CKIhB~J7g3{mow;s0+Ig=O&RCQwss-{CFPM1?=WhcrL@vxzAACnmV zQvkfS6Mw=ii#r+sR4qROvpceNx;0?B&Cf^8{}sPKfi3Hx{2(9*-^+~E z3>!7XX^LO+Je1E(<_*s|1?yk1ClX zguV9-Eia==4Iy8@=#$FdG?_n19I;gXq-4Hs%t_@}C-e2&w5j~sWPW`meq3xD^Ovd2 z&&2tAG(&g-Vf}_RT=Ftg6F^}LRSJly07~}o5I;Zo!wp_rshu_9j|wwglD5aw0&xQ(U_XSdWg{o~Mm@Ye!QN zK7!qU@KE$!AV^a=4piim>b@Ntx9c#3_cT2C(qv?sQjw3%ZZ~Fs3}zF2d;{>UFx=n_zXl^a8p9tNiD58S6*X5#tA2EbfA~LQ_@^L|U^wdx zXVVP-G>8Wy(xoc>l!RyC9_F{+S_O|4R~S<|Gdmvcog~vgimM(e(FyM?mp@N}YU5YP zpY3n*KXKyne+H~2s&l1R=ZnCWkpCTECn(GI zWFK_ftN156;eynvbe5dH+Gi_@FE%Ea0EQ_>tIj`UE&z|dbrw-bkO8N!dfuJ29{j?O zhcO>U{+=N}lY{qHo68@tNAbl=tD*-0(Xp<36B+v-upRQcf;J|J6Yew;SBy(yUKxqs zX>}Ps8I#1N?sx7wE{QjOl&-}WKmw<9SdaGX{WYz+Pr7k{X_w|SEiJNNK5X^*xu7y< z2u0~DsAS6|*8xDvmQK?BOSAX4XCGLaeIU3>FT#ch1K6AFC|YDK|7-rrcIXL&4>o*m z?=cZ7qqvhp%oGf2iPh*nRR?N%J{P7~ZXnZnzuW;8!H1seH}CdGe?J@^&LJ^>w>v}1 z-}n4g_zMkv;}1=jz8dn&`1_JWsJKmY*P97|yMo!qpWvvbJM;aps8sWo0tX~0g$#>} zkc!XussvdmLg6#?RZWobjzjWSo<^3dV0iqFza( zU29CngWiA8*&0>in>)l9jBi)L_#ALkDe)~vV*F(cH6=Dn*&pi>4YWw5bN_9=x;4u^ zC}fX|P*h-5wa)cdQLQI@3-%HJWi1r<$uiY?uS0xLFo^1lLal-}R7K0`jSQm}Wa$ig zRVwQ-S@`JV*6r{8!FVj(=nx~b@YlV{Som$+!4`Y9RSFmSt4QJVea6CcCvaTIFO$NK z4zagD#8SXyX5EZ}h~gDY;Zv=Xi}|2gOti+Q{Z;rF+=SK`!tDOOiDG8RFXQ7XhuB>p zVm_khk1C`7Aegd-7?b)7t_vS_+@n&jb%+Y;r_3&+E?;z4H5iln7v1`=>>RJ|*EmE4 z^%cjLQC~~xOn~}hPW>RqJ!;)|aEJ=(t4}JUepqN5cnP>e5^DQ{{x1*2@ilTVIxYakL(Xmu5?5&W1Ls_Hg{40`0wqzgLBgEAX;NMg&cXlAU0YE{X zsSsXLp2M=<#USy~Yh+!6!lgvFC&hSY*oGTr;g(UE;dpf;($$UAFO$^`&<^o>ZeF6) zlItn;E)Q8l2g^PGyu(I^ci&{Px84%vtKN^x;oyME>0rGuGuoya``7kyx%B+QOF#8( zE$zz1J|m~TrAJr9inRVqHZ}_;oa0R&TOaX=zF%{iUx?~sIc6C?Vb%5vb2-d1bMr9-jS9EuW}&zAzDyG5F z0LZ_FcaY zmr8_ufFS0=O16N8Ms9b%CgD+b#ulSB*Z=|I1@7D{T0v#zlP=Src=C7~40I5IqaY@v zTnWx{d>?oIVwru#^A7hsAmI?(57FwF$$J05!FF_(sv3uuPW0w zzd$8=-1690l~)^jhZ)+-H{tvAVoqvhSdIScS&Ss67D))nZS3fat{{N=q->0ZbAb9*=^d}~rh8CWSC0G^32P0obvw#`*)9o=RRq3a{^6QbBVO_FB! zwGPh%L{;hEG!YCi_WaCSaLNs4^_Bqu8+YE)OBs{aj@~qeFXYhX>l&)qL3}VWB=TFq zmN*a+q28WY8xj#3@x;22Sm%kVySyU`DUd<7C@FX;Vs(aLl=}AUJvFTdgB42*OE$I~ z=73uh@G1*6BN4rQ+nQ?;Ot@!h_MYJB=qw)FfpqPrSiI^K7OPakX@`f|!z?ySu+E2p?24g>xRTD4+ZN+U?mlQ+1~vCvny#_>47sOW;8l7I`M0kz76v zKo>8-guFv22NO~dhlayQ5xzanXtifo*0iM*T%%V;iv6<(7*-H45&lrX&MUn zMdS^OH5|dB8(-(;v0SWaEY9jEB6Fa}!|%VEwfff~TK#Yi5pa~iF0INfd}qG~nXxMn zIW8#Q6pw0@zKAEO?p5dDDa}fkvC^%qyhB+*YGd~Zth_ZbRtElI%?Ak#RH_5yhue#- zU42MN?w7>=om%+2!w|}F^kO%B>lVF{Kb|kmbAMPi_}Kiw*V$6j1bP4>7Twd79CFk+ z=nXIy2Wi{{Ss%DayHlD?a2Bhh=LizR0r#S8y;j zP3~)ncF~U`+sGj6V^o_#E;&c<+~QwQ%tuOlq6li9Vq}Rk@^m(4P4>lv`|4UcsW9b{k~O2^T=-K<7P)5smC*U$uGp_MXoE$_sKXt8L+S2jV_h}2#$>-P zozFk>@CS1iNjMG9U=&NPsG+V>C*cnxd_#a)WE#W*>3D4?Sc>AiBk0CSJ>}z`BnGzP-bDb zTVf|EqTktm-ARhJke#HROu}Ut>zt4-m$>yI4BgR&jZO3y;JIg; zal;U{lzyfQHw@vXp@rb~jC%N#2n{tg0A@O1+LPA{u`HKj^Vw#u#?jVL5oprGZqpn# zkh1FSl@~MtG(%8cIfUJ&mvFbK+|hLUlzFsm^I3KQHlOzFESpa$)Z{HeVf$(2dOPRG zc5Pm7c0Gx}2*KBM8^HOw1Sx#e&dHO^I-28)j>kIyF8LTr!ovGUEy)6#0m>+m5rz{u zHhf)^@hXv#dViJ3X;|I=;*~b;+T72;{R*=_AkC##-?Cmny>T+t*w^z17&5UHr;s~w zpd_r_SGrIdQ+ZG9D)=tHw4+Sdp*A)owa%rRs@ip!Su^Ed?(s)~eqp9(>Cen>xI1tB zZ|mUY3}5RIFRBE9Vd8Rnw_k66oMV}&oOba7Bg<*uBS(~zjKbYgPmIR8Wn%kRWE4hf zQvpMt#zI#)XR|vVjee!bShEHSvoslcZ(_XDnV0gu;*Iz&%e8@DP$Z z@!N;ruC<&JMaK?FJ0i8IE4lUMzh0EC5VzheK+E37w!H(!YHfN z&@R|r+C_8*R#`_qN`8g*=a0Q4daxXNutNHC$3wYQUX$6&8vCM65MCF@=Ul}~B+b@* z?TX~hzX=kgHnyuj+!wp%rV?X$K#%exZLq&MW!RB@wX~0h2SCX0B>}^2y!u7SeM89I zw?Ha&9n%BnE@N=%ERaBBp=a2J-C2bu z!ymm1x|3+wlVJ}^7?U|1U;^xW&jm%#>rxy`YqJXX#r#E&qY)D*wj&B)Ac`V*(@-H< zmv6&?#UfOBAo@3pVeSaO4tdz#mp=nso>73S)+aMuj$B20=gYF4_~y|_H`1PpZQA~s zD-DkE^HZ^0Z3 zeQ-5ya4@635R_v<|2{sO3l`ieq&O-*&YX~<* z5CK%CPsQ;=zU8@}bKSjW*MBef|8R7WkGiSzCF9{>&r`AXIy`z;^qWRtaUc3sEJ+A0 zznBcxcrAI1?u*2Lwxem6%V^y3(ClT|Li8@&NF)|4<%{12Jkkf`kFeWzk+O?=ps`V( z+4*J$qoIg{t2f636>(b80wd8IWGmRDv_y_mE@@9{0fSyI$29t}2Py~5{k>JhXO}#< zMl}Mgk|@a01Bk8~gWR)QQ79vkAhCRIZp#L2be>D}xqLh8#B>~4=-0(P_kY#Onu!HpP2G_1 zL(ykpDdXmH_OTCqZs~a7QpK`QmKjH`EYW3-Ris;$B7N)YfLc^lk5r2j|2%q0hjQg}c zjSRUY4LPc#xaVRM%gAUBaWtwIGFR&^-2>NLM>gmaRVIQ9xkodeM^dh8DwhFyc&tqS zCW-!`JhcC27~f;@6iR4#DqRA)l|-uNBGMpGLMk>}zLV0TUSK;X}SL81_#rYw>jHf1tI7%TjF1d-c&9`U+sjNQ*evC!(o(zAAuKe}-lEpUhmo@hplr@hADY4-{8 z)H!J`5JKQ@E*g)gryQb!r!8WhZkRK=oTR~2)finD8EV^|=daRsVJG2vPVtzKU)C9N z4lz|AVr7rs#3XC91_Nxu(8g+sZo6dN05L6VD$XdtcZbh}*+_KtSu}n)ZX_MdeK~%- z+1mYb7NQBz`dr|zQlF1|*ZJ0$Ova5NzpOrs9AYnlNYv-MXD8~@z9L2-CPxgR{4s`N zzeLs{ipiuJ8yxH$Z7t|VNm*ck^CVz#x@c()$4x~W$=nskueeZyvAQ zbNDZG+gNYpN#_xIxuWY{+NHFYcD7+U7gHJLFy5zmc#L z5OAefe5P}A2C$wK7W zRYhArY5o4FfEC~9gU&$(3Njm*uqf>S27ZF= zNqJkobBYh&qc|kDjp2~=#)=W$2)A%-hh#Z;O~y-?Y~=CTq(8zf^)qon9R}Gx)(pQz z`z_dSH-CGx*V=2l{7%?e`6CV+LrC2IgRmRbDBR?d3O%0wnAo6Bb!Q$u%O(?9P43bg zz0pC4tP28~p^q5%QypovFy%f6OWlUaeCaswWD$#NRkth5$_0;#Ss66LVeV9`X}b+n zt)}g;c+|IWP;>eDrcI{p$S>2k3mqb%?cF-{-v3!Q#_=#Mwbv7l$8$!j^WMQ}kIQLq zoiNQ>wcEDc`sv zy7e1K3PA|Hn&4ZtROM^Yws+En=*>1$zPVmm%Cbi;V##B<5+o!aL5;gW_vgF2dM?RnauZOy6tfc$%&KQEOZ2C1)lekPUwxVOZa zo?oBJf6DVeYWaRu7x)wZt*dk(B*g}VV7ht+RRHT|tvbC|RUro-`r>P-@&R#~CO&_z z>1rZ~))g<+{sSDzs4PNqs%!NwFfJ&US-$S%RIGdzu5MSKZ`FXEmc=X3c_kQp;yb(< zWw8@2-Q0tus%Q%~wJnmi$a<(3*;R@x(CAYhL8gWty-_FlmdXNn{$2bm2c5WsyGw!Ej8fn1VhsSq_d*uALFd(z6NQB z>zE$qMs0KP7VZBFbCaZ|^D#-$-n2V*>vAdu>sN9%kSg_+CqzApUWOaZn8M_Y1m4x2$#m$ty{9daE+ z7fE(>Ug?Eo@92N^elHz8bmZTC*6J>&QVA~kS3Y2t^={AqVXA!S=+}FGTPpw8zGvo( zp8uIt{<<}W{}j*9rt-r|z(JnBM=JkL>+aExp1(QrbpD%;| zGRybZPh0O88O^`n6ZDU2VD|R*H@JL&uZy%^qb<-U3wXHcXfCu%U+U#WT#AUQiY3av zSxeS6gD1k^P{g8XkIyQ2eZ;~4&c)1hH^fCTZA0`tyxlmu;v{hM5$L5RmhX8eX(iIj z5UDi=GPz_!71&XxwJ)YtDhve9B0%IGFypN&n$%liaQJ!l#0nY^W7>$aBdnnP&W+(X zw&iUsqJ04j#m%ik3H@b@2U9|Ukl6&R@g86^wd7-UhDVbWOC~v)HjwHhNPIF7C8d2; zy!8T9`k^FByLLr=!cEFpo9y(S8&0nwIv~P5H$Z?HH>_Q}{21mf`~G2`%g9)76U(Srk+r zK<)$>g7BAqI{NJoEE7mNbD7;k7_x|dJfC%96P>Xy5rg8Q7|XZ|W9OSs|U z^m%5Dt`7NS_UaIa_`E`(0*mH@`(zvyg6{5l&TFvhQFj9wyTO0a_3r}z@00RwpRl~X zA-eGCgj{peQ4`Kt7<}(8{es|Hm3yV6$LU%bw^mSk%i*SstIxEmTp9Aqs`7bvf7uZP8*lX!If0nKt=9Y=&ovS+n0pxa-c@+*U+1cEcy7ryUc8U zX%5E=XT&!x7~~!SvaFV?088_O`-}v1sr+r13NMwv;Q-*@I5=wU%?WVzKR;k6A3?@v z7;e8vxpK;Us6(g=8LKb59c;$DRUF5o16G2vevi7ut#lLNBDBHpPq&tiHK9xfcR9qU zT+r8!Zof0;;%lt2%HoS&dDS;W*Ao5bQE!tIoW{{1zl@9h975Y_1XRlt z@5?|@U^vKWF29Tu9=P{R#LTI-r2e=ii=8bBpnZm00h0#e4(@i=3Th7_Ke8~Fnhow^ z{mJ)aZoM7J%ajeq9GeXEBk1alg)@Wga_qPr9N4_cR(VhabGTOFOxEOzItAqP4;i0h z#&`$;fK8gMA5qvM9w!Sv;ONa@EEW{pA8N^cNN$j11j?g_UwJcqiN%ujjIO2QZOufI zSpN%gwh0H&uG^eqO2x_=G+ti>|6qDz@vjd6i?7WcDJU5rr7KgK2Wu*qRa1t(m5j+2_u~G7y5+m0ekfE?z%0V8@8Id z6HRc(CrfV6%R-pjSFbj@PBc31J?s;qUkyl2bU6Y;?BEQ&RI2a$z&grW*fSERbgme?knQtEUfWcFe9qYCqh>lYZjElLWQ!J_x0?}KZV!iQLWfS>j z?ejvDLF^eb(WimvTl$imWFRIMr%&iin8G>}w*?|8ckl`)ab?IaV`82|m^+9@mJbt@ zdA5B$f7c#+|EyIN?%i!g>>X+@V^&`>g1Pnj*dXx=tW!Wm z^aW!KeuuFsy&1*Nc);(!m^YHK@6E0O5XYkl?(jHEgZ!M>_}1*h?oR66glzu7^`Pk{ z@*QfAX!Ec&{YH#YtsAlS!6RjJJT=?%>p)lA|HnkHJONWc& zB%(-Koe!@>OR2H1OLUfr_1Gq7WYiwJze7~^*kPIACfA(f9vhoe^saRaum`MfMuGMY z2Z`21R~<^zRlWu6No2PyUIY7LP8SSgu4My)PxuitWINs50$BeARa$_sGpzXplkPDp zLUNT87~jeBNr#v!5JA2AqE@t7Y!Bx^uyLJ~hq3zaiME2`KIipYNE`N}U9|tUte;1R zE#vpEmG|F%@bfl0?lI~SB|C1*&!yu+M3mTsI&L!}n4#nTGw!%_*68<|vv%%1BROlu zXdNh4cHBFF$8={hH{{cTw6nJSK~E=?#GwDkFpD#8`z|t@oM=v{~;p z6$rg|@$u>2Yx$w~p5gh44wyLSd?DJ+doSBRm(rekE1YyP5{0L+u(V@Bc}DBKmvpCk zFFK3d9c8_jBU56$?JpZ|Z#d2r-Fh$b%UE6L5Q*N~ujB0@>!>K~y#uy_#o`=qor$kW z=isX_@g;wi-WK)*ztc%@=mNG%CWab~O*_#wq-ScH`ejcrcI`yBV`3TeQfF9%m(mC6 zwW?IcWGHM1UgG3NW#~+Ys9L@Wk{AE58;UdH=l{1n$f zxqbP7L?m3H)Ar>rNvg3E|EJqh9n#It#D>!?j!k#SO55@LF$R(7kmdmYgj38gPpCy* zSe%`}nJ8=6lRY93S0g{U1r1|T}3)sfRzL(hEvqWhY(NlX1SL25K3Y^u6KQ3OJ5~?u?0S)UgLva z2pdOLg-m+x^$QkyJ_m`oQX0%4K8#5u(YlBK1_!MX3JNs3R{+1EyVa9{q(6{s3m_c; z4r;u*26CAtUD`QQ(H;ZQ$|a(%!$8=LQ>z`>HA;rlcDWFMZ2|BFIsKLE6Z@kJ)UEE$ zF9dv3Q5H;~daHhAHHxJfAFZ8rfi(L-r9^o%l{2b(Q6} zHJ&yG6EHLWZM*9u8&p!+J$fk{Y!*XA5bH`mCj>N)pUG~OAyM1E4BY0v5K6Wmf!x~F zZvY^->Yt(NJfv{`Rq=&KpAfv5mh-zz@Bay;5GLefb4BL-?nNK;ickfR&Gtndz!a`0 zV&4qc%f$MC-VbH-^TsKe48prhg~!;jQ6~_}%ms&LU0Y!kZkF1ZX8e#0*8t=Ol5(sIsCtOJ19aQP8uZ|~5*}AFzVx_3u|D@(j**e>6Z~oFQ?mcyt|MIG%l)~Fhw}?@HKv*} z$e%~b`$tmqSJ*YgF2oHo%6O>!KSU1IJeZIocJI>NO!s|`(g_!3MB<&Nr#?rxo7Pb6 zLp}qTZpNRZ4d3MV*Kps9E&$563Xw5nQlSqWZC^_DSeFZ*Q72^1}eLws?@1o1@0%sS^LBlXLJ4B z{^|?tDQbEB&G3<{bFCOuwH_G55ZM!#YxQ!+Cdy6IaziNBFiN?fdb#ZryM! zhDe4W`4yD>N2vm#2YJoJ#z@Cil9ry>*OoI3r@RYyC007@ML zOf`V&=uOGMondk!93N}VDcHhDI>UZ-v=qP5jUWgt;8Ib17dks+A9ckIU3}XtH>E?K z@bOoaXEuLu#YKUj_$EFP6W?x#iwMH`p&6&}i@^&}hAh)9h&mQNFSo>?3!y9F zVpm+8Y4-%+w;QZL0p$+Dehfzi>7Zv_h+3|F{d-N!#eI?=l`A&8Q6v1rg%{hw*@bj9 zA--PrU+|qISyWj*j0~;jXrsLfgWaj;i&5wYDhOs_f4=E?+!_W%yoN$POj}FlQ#a8b zFokz~Rr3S0wY=l2juHNPj%u9yS4DSnzN`x~WrJ2h1})Av*}c2LNEtx40H_dfmr_oDNv(ceWtq}oH;v%mE|_H54I z2BCO!^f&2M#OBM#ld}6OafOAR57U9!OqE?<7VZPmSfV%fSgyZW0O=?9RI^Ir(~Ayc z|J+kJGus#4i41)DQNQlUk(rmm;fjo}S%LgQ+P;h^UM$+Iaogo?=8c=c=b*(!DW2gQvDAy@rOsxlnQE}e1byM3DNnFpvYrGJ78`P9 zp@(cKAG@qnhc~#p+Y#g8n7K-|WLOtdM!7|o9HFCo+sA|k8$_;#=$@U=)$;BZ3K@r4 z2&_b~*wJMqW_Rp>-h&0P=xKh6;0a92bg=kpIm4~}yu=Go11NpSehT02{r)6! zA;*^B+4-#-`1~C^n#fPb^0~@wKZM5+&@6wI*g{xxx%RNsd~$^7%f*23%_7-5YT9n1 z?oEJ1*k3bkToN^9Bo3Y+iLe{#(L=|p#chB{*5Y>*#{_B-jz52HToSX&Nbv9lceNlO z*PgvSd{CsHX_xYwT}Vr}O892Xn}@{PTnHv}mytqazXc#;r~GEu?Mt(_w`cEIn!O|J zYdJ}LQHcni;_a{MaJ0Xs)uGMswSF+hw*E^evwy@V1t!(W9!P=+a9 z9C31}@d*01sY7T4A`Aijx`=%ecFdJzJF>Rkm}G;3{PbW`kWtCz9b#m%|H0}~i9OPk z<{W2VYa2S7)HW#1L5_5~gO^9{c5sLt1tP9(^loenD@jC9EBYx%p%hQ@SD_d*XZ>`m z=>8$UtO0-E5ZjegjBo}}j854fYbN;am`r>ZmRxLVZ?g>hO2*6&UaCqLFiCk1N}xO+ zr@;MXVdz@tXy1@u#`8-bv0BkZNU?)=C-!+fVkqSofz(o3h)9QGSu920lZ_j<+Hm1f z%zbg+sO|N)kvj!m9vgdWqY27<54zNpiCmW__XRIm-;A`%`Om!6eB2MSsZ+EYv9!pP zR+M3s`w}%)@fv%!IOixOkApUE_h26#Pe9<6_P=bQBP?WGdyq<2+!p~Cee!GjqDwqK z*3aaHu5A>Y^(nXlWzF^xD{PLhI1h=1jvNac_bf~W>lxygv{Bz%sf7_!d9Zhwk;;UYp=5?zVHOsn11%#loi57ky8wg=3@P>e-QAhhHGVbJxBvR)TP2%t z!r}7E^$P0D|MH#g%wrZ=oxqMsNPIIlT({(bLl-1^K}6@FlvkCp8iC4!Infsmu&zh@ zgBc_|ki7*=S`$jgNJzC^LczmqM>xknc?r#{<479Td{MxD-eDILmYv%p0IF`@rOcrc z)gR$HZl9mDY|M-nzX@>^4d8@W^s8se^sOHrlCe6>7z;jw!WbK4Jh@dKhmLNz3|v|( zm4OZ9R&{x0761%7(g&PcjSxDi2pyNlM>0BZhR!aGcqMc)qUoxgisD7k8=2pF^!T&T z+O>m_WE^}>D=hWvgn|dXv9Wzd6WI0QvRam3Ttx7hNTQi5|Mr%CoTNy-lCK;W;Y8Qs z8Fri-Gt32*s6De#bxumYgW>>)uP-@Q5~vC?z2NA98B&o*A?yC=iFzc+gcQ|pAF$$> z)9?}1)PXt3lKsZHzQ}-kn+FMt|C9(!N`6s24%KBysfXPe>LkNStkLk*y4z1cyagHAuiA6Ty_`pq1%A%kklo?dwh zbE=|krzHkBz@rhXN)i4j+#en8g@!a73zzN+P(AJwL~UYXTSSfBsrC{IR0}r5S|M zV1FH|9NKu0pImqf(bReA@OFsT&M6;HA#+YeIgkzkADWAg=q1_}#~f30x?><5_?C%n zCo!Pn5CE^v!sH7K%A9Pj$VX>#D>NBBO$OUT{Z$6jFxY-@KO1ZlgK1)S;q*U4EH;=z zv}J?oU-z}9AGz?qUoe@1I~Hyrccn8JSJyB~a?j5Zh__oU>Hz01LyNL)E<@`j{wlQy zQ^vELk&{Dy8LJ<4hz~17KWG$;4O^`IPp2?e;P5ugS)&?I#M&|t8gZF@;!9XgVi zO?<_S7lti-D@vC5E`;a$_Df9s!03!xp{EJh4^qm#X0*}6PWW&j&lOz8-ubA z5yvVd2HUr4D^Q5G*h6Xx4P%E)*4gi{<)E?H^OTtj{Z*I=-xzvwZ)4`TkYC13!6D)S zJITzd14d;A7};&eOkB2dyJ4awq#6G5oGf~=w2sp9?VD!4+xH^>Py6f5obJR|}hZRnG#0d*<5DSB>vgw_8 zl#P3rUYYFM&L8%W&db76Lr|a<+D1%?O9|CiU=r_fm5We~9EJ7vZ9&tAObJJ|1^YY1 z=(b?!rq~wTj8Q(>FW!Ey{?xPo6I-x%C^bP_aN3^Z*@A-|qQVx4lku;5spG$Y4{@n zuS-XN2R#H6s%zTj5Vwt_(;oNBNtWA&&6!y8KX)cqCRRF-gSbyNv*Uh3{plz|b=wUW z9NiX9TyA7hv~1ifTH&OTO%(psQ?Zd{VR}jh`65GUrE*(dXY=m7 z&WEPz6zV){Y@R->n}lV2TX!{>U~%zBwJSY{PK6#$scL|{h|{27LS4dX z(4xo4E&2Gs2DL1FVE*^-kHh2!X+vHm!?yy~BIN?QRQ`rY`9I=nM4Sj>t?@Q)|_f^?qr&r?qp&2@x_8u zKW=XbM(t!r8HYS_O{7cZZ@aLvRQ`qzcf{tQ_S7M<5~?pt{57pFf8Et;e^$sZv-^Dx z@lk;go0RIzKmM6?=H-z3a_Ic_02`q*mrmsht2WGoo2FR1+h2vXpk&88;p;$puCxsd$Y}a1L`3h zW}kW!)wn@*tq4E7)eL&z~b6)=RtE>HaGE9L(8Q-)mj%u#jJ-&u2IU zw=lSC&2cl@e+Cku&!sJ6s$X<8O7$Fn6{^9!ZRI$R4*6wN|MDK=OAS!mi&kMU!c{b& zSQY&MU+)wKmJp3r+v3As?N0>)9Fc;hYj^ZVhWs)HKI;(m0+C<6&3wQtLL>$o;9c!Eun0`>1|%7-io} z+fHDkW%0`L=?`W`NbZ74YU@(VLLj_fucqVq#N_TeMDMsCw3-!@npk{%$@(Ia&UnD$ zKl754J(!JtWKyvS#NUGajnmz0+%74o{b=h|no$ z50iH3eTouQ=KNSTZ}FPPf_%X2AT*qK6DclUgpsvQ88l*$WwESLh)(2uD@+_mz5#Pz zOoI|r$I&KwKb|ggM+g|`CA8&{Tk?)%i`=$-+h3)Jd0nF)*J=N0vkuu;Hf#I3=bw@) zA7*9ecs|%wa)Lk1>W=pO9VMT_NG=x7#pS3z0|M!?zO}U#PR`mAi^cC@VW2g-GN0%x zy%8V1PsX=Dc_~`dWNy>mZ)4U56&*mY87Noy57AT!xGYB%dgx9^2g^j+54d5xl*S!^ zmGdcfbkHHf&!CK@A(-HktbVhyW_0^i+98g<^G;^Xj@4Qrzf2_m+|eNR6bPYjr|;Hu zP|cmWYUy)o96(hz{FK>+)G4m=4GsG~!Yyeu1Zonx%Ozy}dVrlAw1&% z+gF7EzfPTNIT+ildVE^RUQ_KeOD0zk4%=uJ3r=-<327ehi1be|Cbk zc5QHUKOxHHwZB4`BPU+_1&Ne&?T2@;+BYUa%4+{>2bwBCZh%Ok7A*yJt(Lnd56y}G z;~01)T*U9AqiG>92@=SjMh*GF%vaH{=!%7pVVp6VR-;3qRonIjT(r}_;m^2IQYS5Q zGBW*;&53ySehlWO(`o2|0j-KY4o_GPbtl2!p8!|s%f9(R>~bh|y-^urEZaYwN$I1H zHxnLT_6K9u?<3fxu0e?z&775kR&*XC=35T(dt2xwrC7h3Ug~ z4I+uIyGG6mLYj2Qc&~6H8bF>K@Qe;8&-HjlW#xG)eut#uEsNNbbwji4=FsGh-1HKs z$|%zpVDlMtEuxQ;Mzo@6SpTbM{W}(Jl;c~Z8yk-&UvuLzB$z!jX$^J- zCRai*H$4wbJnh9JV77Be7ar?J*)K3M{qs@0W%0(Uns0C((VN`}la1<5+M}Kaq|RQv zF}Ln7n_({In^RD4=WcgEBGP_;u4mw<>TBmZejmLwEk6CX9uWCP@W}%;lXaaJ&-u(` zNN?!S8Pzr4xJ1YyEjM}Hb6Au^&ZIpWC)Ezzckr$W-gMPAd2|6%eKe}faAO8!?%v{}s+yud4&9KEBa z^+vCZVTfvKT3;(qtF38e_#{RA*Y_d#OiXgC%Abx~k7YQC76YK;L{FC-rA zt+Z^i%!(92U?D;L2*DL3_y{xy$XUbX_{BdFX}dgEh;(^Mq${*+vP^r5Ah3`ieuQ8< z37!@cYz7hh!`G(u+urhukXc%)&7fJ2ELGGgT0C7$B34RS*CjN8#O;an^${!#pc?@p z>TF*Zw;zgHZn_8T0vHVIG#Vxo43e7cH`fWO5z5b(^3-SJND_o2eG+`~2#$`5Int1% zg*2&c77x@E)wu*m0I|@9hlc7tIq!al$`(W^?oVchh!6doR+;=DRtei0(6hwuk^8 zSM)=uYHSvXEHM~&(Cl%%Twpln%;RC?XvGG4q!M{WrXW^0xdfv-TEzUk1nNyPJMZjiTD!^Uar6&cL>frL@;i^MG$wl+iyr)} zRSQ;`2k$3zcS5vwq)Qqf!H zwx1G^)7FAVu*9Dd9pW(!2jAvUJo5Q5g|H|<45fsR?=BL;=k zs>-&|#+2F-M!N@}#Bj(r+O#UO&?qqUoy@Z;oyNzwO3Dz0%AnhVkJ%u8&0GIW?GULH z`T{_BfVu7S7&U6zmT>B$f*X^{VyCkAxKy^Tr1G8#Qd#O$9(r@Uy4(zivbx;GiOK}( za)VQuH!hVUDyhha;3h!jW~cJ6H^!^W03gchQi{#xnC;T-RIVMD%EgsbS|&(kty9@| zTq=_*sq8XADz~g@qS9AIeg7FxVm|^znZ#^I6%FT@66^K4d}>@OnMx|QqiS3#NB`F9 z@}GZ?SC=ONQC621+2JRkV~=}Xt{<1mC6!d#Kt*;`^>z2LMRRSIeAOO>|g)qklRxTA`oOXY97n4zWeH!L(=z}kmNKvQ4Tz7-M}(a^>G z!&Ew*Ftj?s<7d*~Np|EG`F24jbRwY|zg;NWDewMq0UeMy5$P-4_%94MGP_u`2&(fC zar2z}V39Z*zj^fkpScmq>jF%;FWYm1h{Jt4eRlG(b2; zphOs4Vb`|-Cw6nSVMc@MHzJ(EI<<3VS%PclY0DAqKo$y1WCbLJ`{zEhqrv)l)lly zE5`p}gV-y@7#e#UZenns)IUkz=We!C&AP^ID5}oow1A}YY|r+qb$rAmPiBnU+ztVq zuSMZGj8*iKvZDPzMbW*-p!J!1)3mlg#;F2M^X+SUUb7 zGv<00Jh0EC4MK`@p)2Uzi;Gb9f>edCvIXAEW>Ni$upRu6e`-_toZ9kzf*ZZt^G6OI z>_vHF#SHo@QPNz>4}AJH(}R%>8Wf^P>%bJ;O*v)OqL|$Kv;`5UFI}}TC;iJmtkx$xczOSL&>==YZFGgk zN(wxAc+g+OiiK{X-QsP}xsG?Lqt0*kafph!L}JbrVHZZ|!tzzCz*y;R&$;e>)nqj) zPd7S51y6}N*U4k>^tR_*A9RYN^0c`_RPdCTa~1JbzR~2=LCsK|n%JD{oBwTc8gxjs0?E&s^;g zVN{l_Zx~bVdBz2eKHc0&zB|SoT5Nnk++wWp;U)V#oewSDKOSd%D8Cl}t1JL+=yD9p zFNcPf^>W;_l?i^{Gy?-zn;aujH!8?giVORrZ(#I~?YrH>fpWcq3Mdjc#WJZ>k3Vq} z%C`XJ4qSu)YoqPZrIYuv#_Odm8&l&IxTh{qUxzTPh$(Mb9N|&?mJtrJ{SZAf+OA!~ zk^?9<03#e*UGUL!g@5|*bK9d%zD?i)l%rKfRR-WaO*P)JW#imc=5YV}5Rriy?W541;^!j|edl23qCn3Jz?M5B`WqC>=_N+i{V z5pW`;!o++ZM>Hy_Z5$#d^;eRbK0#7pc7Fd$;|Z|SA!1T5l2jl5Or%y}ihimi8nspj zIz&urBT3DjAgM4<-}txjYW1)~#H3^!L8Q~@L8#oA8W<+)OB~UtwK~%wVp1=$R*NP` zD$Lk-bVQ?)dUa!kvj3f=swYS)OxtgDM5B`GaEQ28LnO6Ahn#T*80PL7M>Hy__c=sN z>SdCeIzdul0{`0=$5V?t9U><63P}}cJSJc*!mRx~M>J}!at;xb`frjN)t3HJZ0RkP zw)A~6DZ!1kFSI0V>5n0ucv|$fo??R^&rfE<;OqV^jtRB2q)Vn#k84`bG0VDSI+d-a zmD95rMffsV?*Yki)6WnVb3Nf+n*;x9?V~es*y>CJYLTc02Ns(QU>+emmoHQ5oK|q4 z_?*9{Cj(EG4E3=gzbq78aELtxLT2%{eR}cfACX4u zt!%V&Au0+Hp2RSIgG15`>ajnPydS6olPzrG@e9Uz6g)bK%_19ZaFG!9V}W+Wq1&#b z8W2|bZ7&SBP~g<}2bOH?Wa5}EPw-^~tQYXowEaD7mT2K|L%0C9TaJfZ^<~MD%_xkj zaG|slzpP-_T5c1Ju0LMx0YYvQa^(An0O;>|8qGa{dw|YS6{K?kC#@Pkc7vA4l#GNxqO2%7p-^ZDxi3m^~$JM02nS{^CEi|1%B`G(<)d(nqR(xNm5ELbxgY^IVt+n=k-*;xx zhI7vU`M&RYKAwkW-hExSz1G@m-%y^+?U8zjk12CkwhD8R+lHLheq8c|Tb0L9$TPTQ z)f^iK(T&Qu?-!o4d-t;YgVZvfuiPfi&j`I3@oPPPBxr2g;nH;js2AVT>CPK8p)n96 zx^t_yb%P&L>Pzn@UCLkzaN##Fk?Y39RloZXOeA!(jE=VQ0zW|k3^Lqu9^G9L_vaVK z=N8<&62)Ij!62Si23bv`?r4N0Q>WX zWI2?m30M1a?zV~G_Ofyix0Pt3b5}T z@2&uA9o6f<#^m}h+>O!upv~<3#s~hWXUmaboR5t}WhP9Cv)TLonjF3Day-m4;!`M+ z7{eS>sN`BAjs2Rr_$Rs)&vC_1pN0pv)+nSXjYGBpvThQik%Z1M?6PJf!Qr2Bm*S04 zYst3iG1$;X6>ZoNy>%{wp=0OeUd3LPZ0Ck;>TJn!!?ty~JqWD~hVs*O51=%1(55#f z2@$mSB$D^BgCsC0$MvS4q(O0yIFftA{sh-gu=5s;4uMEK;}a9fchR9#=^Y9lNGq!W z1BRj~lw#elYKLZIUunb@!*$(9E9gutY=_@RkJep9i+~EQ;PxzdCAqGN2pPVq?i!qt zN!(Dpqvd0l(hT+#UJW(uD*(g=Qb2-=xN}^0t&4r3py5%0I}stDRv5L+8|Ct(nX z%o&(mf@$JC%vU79Ji6|O0F&1#`?VEH$@%F!wg-j>q}Kj`GoQX=UV1~_6^tjq!Nu~_B9~gKyYhcb&tF1>jGpj> z*qa4Amagl=Ts_~@bE*Mi z`(O3G+6nhQlU;tLVLctaPeKE#L+~nuxhA|D|13q=PXzmy_=CbT>iSyn3px!gaUR3- z(0)YS`d;eOPF~SDyaD$a&cI|7GR@5JY%~N}n3o=}yE4}3s5a`& z$m!ZB4gc_;eWUlr8od!=D>TZ?kXlRBuKW}8>-3eRxIfjDR2Hzn#FaK35z?ehzZL0g zn($9#(X1~tOjn16rWajGCw|G#e(W0mJLJrE( zWVm___8Wd}!uXHtVfjt>h)s*n3=`%&d4H^z2k+dteXG-s6VKMEXbIpff=sxnkGh@w zl!eRN6#;nQiBpJ6A6G5v9&opO&-_oi{4Xc!dx@Lx@=r?S`%{ejx%_t~^8G2s87`kg zKwXm7*!5jI!9#EhqX4aJ&cE*WW&)~LezZTb(X0%4!`)x82i)VQ7#rrv&;e8BiZ(z~ zdH32bukgi~qJlZ~O>V9Kl80rq7|)Nd!=c0sfwvUg9Yw=1!fv)pGgmU88|QSCUNUq;u@xDxwI3F+Ko zDMuVH#&`&02FfQ9L^;G4mH@_P&!FGXM-O=&hWT!&B`fVov_I?{Ti_dtptlhxfZmA8k64*`q%r`i*-K%U#~is3dkK$tbY480--s5b50%%1BE)T zDU1Lto(-dy2I|gG^Udnc$EFeJ!SzWZnKU!s^)UU{w&mk zIm77&L-5UqD=5PwC+Gtn4BA22vs~G8Tv-!{iQu22rWr>Dt7OXt2E81kHm?nH!cC#+ zW{8H17?vO<&D2WaHLABc&F&Gr&{j`0*S^fp9+_A^*LDRl*S^fp9+Bwh+Lv9PzN~!q z*kd!+9yizSLEru8wjVv%l^2)Rb)O_0lti2N=R7PdSq=-+SP-z}JS<4`u;eaJ=Z@Ue zlfLxw^rhu6^&3q6;g>)#!jhQ>GUVWz)`XvtiB@NiB;$}x=Acn%+KV4}Swk85&Y>8O z?s`!9X=mV==Xw1z%j-TNl1|7>boY} zHZvx-8XKJOXPF$i$@g{O3x2v-oG%|E#04Pk{g5FIE%)8b&@yZgy97ljpG`;@#K0NE zzR zS2||U{6&C8ipoFn;6@RRReztcY?EsMXc&Qc2l@&Mo7 z)jH#RR!dM|sIx~w#zD#ka>!)tcd^$z>BqryC(%#^$``X5+_r_kMUnQOl9^prtRj zzy0>Nhkr-X-TJ4CUPE-(;Yf~lfLY)srvB5}9QC^$NQ%T|aKAbf7-8_EkpVRFX}0HA zXj%tIWZdnx9Cy3*2OpC?+)lt;=>O~5D5OZPO9!1>2e1^oJh%jkLI#y7>q!C|o`B-O zi4Fv)kJZfCy}7Rd6MUd*YEcZB6UDzEY%&?=ri5%~H~RmiRvsvumOp!sjbdGYlo{AS za2*_+a8i8;tKqMEE4UhBMIS~X)oeK()K+}$?Y0A~H&NUkS15<#ELSK2#Xf}M3kfK$ zxXWD6x49aznPWgQCaC{p2`w}wTDbBIx*%}3C)OM01$?QDD1nUzjml+c7J6$h-(nrF zbk!=&Zy`JvO=`EqhF8; zqwjxRXF$(%KtF|&CaVL%d$|m$n*xC02U@N0??w}fUB*y&tyV<2?e4U4x0IC=C^P^@ zik&!Y5^z~rIa1jsvm~`qH7z{y%cgD7=zj@;Ank zCMihx`I_+?C3pBmr2?$;)dsw`&c|?vtXKlC+-`h}u){1t%sEINRdD5bwZZiWH2Njr zi)#(m-W;Z+)aURpb1D2>!&pXe#UbK)Yu+-ZV|x)a+}*G*#o&+Vz0z15C~bCPztqt2 zHd1Ffly%8jy#BdSe@(u>y|h2g>ti}&@e{_|wVA>y&(V7vU8dq_39WcUuZBYbseuC} zRzoj@7DZbMehmi_ayA5WI)nlV%XbRu;SvN8W=L*ikt)#hdZQ*xW(gaDf;8&5iA+`| zD&_6$NQXvFbaiWxt+gL_o17~IGx6v{6u<)aOFgtERacdS6iT5YA_9Y7Fs?>Bn6_wGHF z7={{Xe&Dt-N&gufFtqiisoR=wJ`CcWehm4x9*^%3ITdXQsl|nJ&v_R?W^i1lCCfo% zPG1g&5gN&z2ze$%dHDs*$2qC)+YXs1KhF8|nSCsTT)WaY#Gt* zdGkRGI!366p&=;^b-AB1WkfFSVL!;6fUq@4i<~ay8s+B_RDn?TtK~*mC`Rh}DIBbwc+f`uPd0fl)`{6Hl`MNempyHR8e~*kYlZUEhves&q zHBKSu#w(xhxC(}{auX>!)n#7S?nS-h?X+9f`HZ54&$x9SQ!M=v*>$UISQx0tF9Y?* zu0+f_kHI>h$656MYzgLdRV; z8l8a){&@+CinnW=bw;fdfosV45WDuWzMdcGx$G4V+A!%HOV+~-nFoJ-4uqOw-MU*E ziJ#Szh#p$d_eT)I3l~Y5@>Y8`)9PUrt#aPweOBA3a?+qMkg?TCAi`D3_UOL8X|0dL z9Yf9W#G?3BFy~5yCF8cbyg-jsxK->qUJXuv;ri%<0PL2QlYs$OlHK}oqt}=AHZvMP zcriJZ$%9s9tHmXhE1}$MNBH4hgP8g(c!kl*du&ieq~0n$!_7%7Yxd$GIt6R2LD3?_p=@V(V1$Zz{lhq~cN&lJIwgR225x8gu15(0f{_}!>Q(p~C{%yDPT&n&*!XgALB1wzuP|JhpHoQ+ZY_>A8;$37qMnA$wMDDC%TDLEHp;E zn@`8O`4GE7HR`l6fL7*VC-#|@d)UXGBfJEoiIu(U3WKHFHs&jm*g@+AAo%>wsK6=1 zv_QKRQtV6t(4+}n==4qHeYYq%CU_*(waB=rYp1zseBOwXZn6BwKJHXLvX`#!LODOU z|FPTu&fq?OsOsRp)eY|BU4HfPc^arbwfnq-Ri46q-j|hyOw$AxhJ2F#00tl^Stm zS+^6W+WVtBT5W%tB*!p@7|C=2e+zzZj=t;I{VA=$blsj~Z!;QbOfPJQGCY}Mpt-W! z+e45JG^BgbmY`dGwGmr&s=eE2fEEnULih;;f-PtOoX!^X z5*jMmtV|XyUIm?-uuR{+(QLuTT=8F|9itGe$9_Nnv(5nZq0 zfgP3f7j-7*U^>fvCgVC=yB?48`DOO$>7N_aa{o}YXF%@c8^fJ^&=%31d}IDjK283x zM>Sy%E;6k$0Qbd` z13=~Oo3|?woO$#O_Z3Jq%biV9iGKjXMP79sit!h}2XiSvsec&W~gFrjGk}m7HBxWh4;5hc=U76%$p3m9XtRa4k zRCaINJ@vTgl+ zXdEk;o^t{zG1)}WpOZ0 zTmm4@^cT>)NSXnW(@7mMkQJ2T@Z+L4xzKQ-X{Su#8}1h!pdWnjPUtWxm6b%w!XKEDiu8(oPNQbOoC%J>N;XN}~CN1>?_h3*fzW)+HK+^5iSwSyw# z`mkN2Bm{&2w05gX2f7mf1|8#qE}*PLvo*mth_T-<-2Fl2$!I>40$_u>fstQ)^D@3SRanpqW%4#aU2e*v$er?0B({$o}9&egg@z>%bBhsSloaV3^9y64W_0fI4Cx_3mbW0 ztDykZonpE2FyUz^qs_-nZRE4q`^AZPT>P<`$dDS+ZdJ-g?o?0A>~gINN$#D3ztc?* z^jpmAr2)&2S-99MF|#NhW*#A^WfJ&ns~n$J$10DW>|`sZv}9GPEFx;NikMq95$9vg zT`@l1top^@m9h2yk3t2{F!*KP4X=(2=)IpRmAoGt!`{4ze(xe^xt3(yCQoGNKGGxup! z1D*xqfBgat+o4C}pea)gqj9xTzK`ZT*joZ|2kE@HBT5yCyIWsK$h*@I;2XnHM|xVN z18nMVFv4C_PS{WWC7P4xsoeE|y9E+ZRcRX5DmBLiC61?TM+3TP^4(xXm8ZXKqtBnL zABx9&F$^%bma}1V*@e?yZacbmX{1orUO-%m)P`0R`R7OApoc*&YrBD?bxrA%`}L z`PLQa*dB58aBBf-ODiCd$wQA3{MQQnEJ4`W#K=sYP$YoT3D8@WEEpUeXtotLwD;~+ za7Al^ZQuN=jnNXuXk$31T1l|0CiugyiIS=r>=21315b&nTr?)cPiz2!_?ZTi4{i@W z!sr?7e^MkHjG)RGhp^yhbaunZdxbqr%%&3aQ4WEGTg!mOnhvxY89*DFF~#}GIGaaS z#}wx*RL7X-e3Xp@_w427qvqUzz~W=pgUFCp`F$>alPGj@Qv93GWU}jVZ+QkE(K`I6 z(V*%R+CF>9N)L`>XXbctx__8u0&%c$DUFiZ0)GO}Jtf66Vib&UtDPUR!XsTJ{NjJ? zSyWSGh;1_bGP{vnZ+>m2`v=X5Tot_<;xPA|^XuV{SjucC);i*iSX z(>Sa4x+BJ_Nx@QB#YTdC_Y_~nF{qJ@7^zVO=h@Q~W82)<#hv11Ae)%F|Et_NrDrPc z9HTi?a%VICWR>wV4gP!^R4wyCDu>egIDfvfD#o8h5r5{AKVRG34JAFbBAz6NOl^!O zsty3 z-m5lDf{3dYp_EQq6cVpKVyFGtIVSPFX}*t)9*9;cJOMUgBz>Pza11X7r?1G`)4*>* zs?aNsv;YtL(iTPuc-8jlZG)! zMtk^oBmyY3(CiK@#OpuovNO%1aGM2zYzHZC3Y$tAIHl^*UW2t=;_vWVu5v2l-bakL zeWA;yGOtx-PIriH?__KefBFj?t_tY z_BRyN{TL&x;$ntuT>DN))b{jIFi)53eH7D<+Tf*OO+^BvO2gAS_wGW>WL)-NEqsXb zWA7%mbtSi8{ldZM?iK&SNg_u>UZTAm#kXKpl_NNdWFhDza%H3Mn>e|bPjB?MmT}A` zNAq!ZUu*LIGE|36Nvy)wV19`Xf_!RbQbxqP2%m-*B-xpnA|o?L((BL}+>Uh+hai)0 zNy)bFgRLB7B_&(GTagb(jvB))5Ce^T4F&=1KyT|{HrS=^vO#*fvM+e%Z&E)xxn@&| z$R;G7^WSio@f{%pMG?LNAeMJtRTuCBp^05llsN!mAr|+jug1b%;)(H$4{6`%@pZJh zaH=*n<3DvszP>h7Q?;oXKeaYvqgZHiLj-^0v}w{lRbQI%F5j0Q)za5{qrU2=-B)I+ zzBJT>*CBRjkk0Y3Q?zg;KM_=jENXQOeq z=6WLf5IZ4t^U&8zfL&WD`20Iw#1&3YB18@q)5pHutPx5DnDxNcm4ZF#V5pfa;qP)u z{POjZIDocFP;G@^&izzvysAQv`iOaa8hbTb3Ku%u8R7lGM?|R=DwP`Mdai$gR{nv) zkeTJWaIM@Hg;A;p@jH}M0mNV~pc(>hLppEnK321klxm3dQ|@3%W@v$>+Z%$NcxG@C zZyKrvf^tNt#ame|RwHf8B6SW6S{f&b&7qdA>q4_}C2H}q6r7<++;4}ugskOB@7Yd7 zMY|hO1F8IJVYx|BU0{$<8lq51u^)WqV0EQR62{S<;~m<>=SRoM{r%NU4LXkJ{x1fR=(g%A6_8cvj_i zLGLcJc@PKyp-tRv8@zgGWO~63w1=p(6E}j}0r=Kb!q=gF_je&Hcp2OA03yt-xQWM0 z@d!kKX2rW$T<<4<+jWO6zS8X?RI+}FA9O=%f-?wN3co0^5Y&laF_wm5fAB#t-GeTU zrs}-VXiC^TLL`n&Glr=x4YMAIZ*yE>4R956vIbq(1fT!Mq>Wr@3mc-~JjddxNEP{j zB3j?ToXkGW)ob18{?Lv}BwN60D z(nTIz4708WYi@IclZ*DAx*2A))_j zA|dhsFceV2u*m6L3Tz!oHKPLHiUcw?X39zGcF#>o(t81@D!98qC;i0*pcuqIai0S5 z?sd6qVhIqA1`uOuJPDd^X)|xcsLOr2EL}#v40FuH%vDBLj)(y+CBY{~?!pHBn`sOR z$>Dgu(u*cxT%gQ%GzT+Rh{7LNngR`=5hPTl; z{Hb;YMIa$ijU+@o2$#Bi?M^txi3PeWQQv2qYxVrM!U=YE%$`x#or*9R(;Q%M?5%V^JHrOJ@T!@s*xAS6ub3<-r_hk`%>UAjjxJym)BhkC@6O;vuVW5%cx*1Fe)8_h ztO@8hr{z0X0q9fU%`iz%HZ+*kgsi)eh>~btG(Onb-Xt~i3!8(<1Ci;~X*VgF zZrz8SdEO~X$%)z5vS^r#H^lFcO$59qFanHfV$L5?Y)Lf^8uRLbmLD()BLBn{N4^j+ zqHu{m1F6V>MDS%`qmoaEnQmQ}50{|eTvoFIg6gS8qo5lXF$&7*0k3@r$j69+7~d{> zqId7WoK(gK6_naC@u5G-regAwDoCE?p zOT%J+Nw(T@M%V4@_eU-C{*wS9>@W|e`%5}%=nBS|3UDK)iVrovA5nI?Ph{myCgr?`W?-w#cu^AZWA1Qg$R=tL9H zgNcjGa)WRwT_@Sm9gqGUXYqpg`)=S@wz(mxyq+^X2Nq?FYY%$nI0c3*9bz1w_zl7Q z9NZ5#%$TP8Of)~+0U6JoDS#%1o5?kI$=Jx0=KQd8TY6%{Za22#huuL3DDtMb?1Y{{ z#bbL|P(R-H+d45^8(EKEd7As%CxYvbBYQZOfI_roF|hU@P+DV1rJx^Css+fm)Xtlq zs_Xu~0G2M{5BcF?5Yf!1!7Q1nVl+wYbQ~0%i*oo2Gu(&S+x?gbLPkc>GH$|NYoKzS z=uv~zANkvgV2T4?zLB>iQ!@vIgPW7-GNYIn&{$WE^mUWpZ$YRdqgAh1Eo=x5K*U;4 z8=N4>di_(&BH*PJO*K?F7S4A~YR@zF6Lra}%EAiO*@QV;w4X4$vEJ(&otf>W1fQgb z+pTB1#KWgwF3LrtM(WQ3z)4WNJ$QjmXm(w_G~SIS{P-aL7_iRYx0?d!L1Wa%+J{2Z z_HPgX_&5vOhW_J}^(vThu-YlYOIgO9=c9Bu?R3r!V5RrgL?j5Hio~k-iAan=B*rNc zTZ{BkBw8O(g%SMqXpVNy#kL>{-lLSKVq*F`72`KeBk5*_nN$gXFX+)VLdd9|j!`0e zm1L8;l==4dV3ueCXQH}$neXmM_u~Naet`xifE-BOhlj+j;QCc;0L<{%<{h@LGz+%l zmDrAp;E$s-j=oZr!AlP+8UzXXhjn)H?|82xn65>Fg+xGYnK@(_A=LGV>BkZvqUj*S zb-Gk0Qo^jn-U=S?Qfx3#nXTooiI+Dg-CUNa5RNZzBD9e{Z;bJez=40=YQEDL|KQn- z3TIYTBC<0G-eZee24n~GJJU`_yBK^CvRn~V;h&Q zeRXOn@!f70-^Dx=?nq5z1>i55DbiRAN@%PFc>0OydmM>1`~v3y0s-uXU-+#KnaryC zF&jM39udXfzJ;d4%U%2N`Ebg&SQx}l$bYp)k93VLi#0l*jq)`)A*hb6YL!oOl^4Y- z&vfPB zfcQh2u0=Rx&GMU(B}`2d;CA6#y0Y*M#19cOrhvua1(tve?2b0P=d2LTf?Z1OR`L0-afS?rxfqF+}oyEr2&@qENU2x zq)wYDpo*fQF5cfkK76f7NoLiZPG0674kz)K<$?m+mY_V_C*|EN64-aNOPp;S0TW?Z z)@0lEimEyYu0NVAD+|1Ge~%+&u-iP+Zv)#lqRJLL-+{_M^l42dBmgO>OMzIiSF)CBh* z@*37GC>enAvq+I&eFx!}D&%c{?-cTZ_A59AbwDE-Pakjvu?#u9Z3KO*6^=vyVsip| z4m8mv2@OI=((l%B_CC8YqIY8NR1lF}z*%a;8ysl{LX85Q4AKUC#*9C_fx6_J>iw=N zokQi?CtP(TNz4gFglF%!3zEP~tm&5&IsAWF!UXj&Pp} z03@n=pLmiNo$!KcqO)VvXEo9J(oqTG>xC)=S43y7{-s;&#iv=sCtFNSB|BHYbqlgH zSt&bvqmGju4JHu=$W9FWYO-_NI}_l42MiF|@o;Ag6m!t*LgNiQHZsleXR%L~`7y=` zksV^Cpu-57J46a86J5)gDJ?RF@{sx-kL!2{c0Me@%nDBng6#dPXg^O(WzYrudL(r1 zn1IiyyRto&0tdBZEB$~5L6F*Pfc>HO$=-@9=4(l)GTiZoi#qZ%M>$84%qw|vB9D?R zKPo5iuGm(E$;yvf`7yLSuEcIvUG68ORdRuIxzP-hmGpr8 z)*ExUTcZ&Cm|KDJohanqcwIYO2cc~#^cqcZXu@f_-yDg;+0FuJq}IZ3)`+cZqP0?f z$$i1#91e&w1IRE#xIO;?prFNQwg^o(8saK!w>{es*Wj=%ju^I1O?RGWW9?UHL|&EY zHpIo20ZCW^oTHRslp^9ihIl`$qi$2VUSnG*)DL9qoX^BQGzyw_H}m| ziu^&a!za*@WJ9hgxcEKJ9a@i6*`f7_?9gg**yK?tz-(?0CS;>_8Zc$6$7fCWMgBv3 zCRR)z%t6l*z{0bwDF`#2fK&s9H-95-;X;>&^o8<_F;`f)EL$7QI-d^4#%$-tGBJA# zJDSCR@W0_x19X5j=li+;g1E)#TNZ%#_wTnme_|xP!5WIWu>c4KghbWmU@5gq7)#!F z`RsNAOwx1J&FlLMoKSMZ&;7yKcJHco&W5YHhgKe!`HU8K8{o7n-LK3iQ|JL6eVFt$ zuCtx4N?@Lbuc3T^cX{u{<*wS#ksb3cJEb&y_m0zM*5$sswKkq@p5+brxL;qn9&$$R z!HX=CY<1n=)|5adn={2)cUw|a=l~%BEngR_fwW_21rvVxL`qF)ejzZ76%l(m0aq)< z;tTR!W2`MdGa1>c&J&E{WwDXqbMJzUU`SEVK#Q2HhNVCi?CaGjgx}XoF$6@iG!IQK ze;I@5U{jjcGo(L}?S2wyrt&{1XsC5G(%Vy%&-7TFg=5N~BnyE!SomdFKI7165Wc`S z#^SSu?ErI(Lr-iID}Bk|%S$smR{ADVPFc(aWX{lt|?C#s*!@ z2LC7*iB5m+I(-^f?}R+fjY5zs$0NtCu-j1~wk1HuV2+a=R&sLho>5ULSGaU7&MiVn zdx%E<8nLN*(ai4u$ba~@h2P^VTCeSR%z`kOI{9jLdm( zswe1^VOY?5IstwsFjI+_h-ga24MJ_JAQUyhW4JX%7fK2i+(TutVlswb5vA0Mo;lbu z%^(rPh%91g0DhUf{zJZ*W!HiDd=`z#_dBgN1_0vYPCZEhMH?dQnn&NprxEo4sVTAe zj3@w$;8L#B*m|%0ft*Fb9_Ch&yGyhgjy^Oqjn327@6_-S0Pww879hGmZNO`aEHa)H zPcn(g&DTVFRDjCNd zOWO57S=Zk#>5z$cy*s;p3%b@<2WKh}ZmUQHvmhmvjD($+}#qn@<-&!3OzXjucXmKv8w5Y>c!5 zRg~kslB$eYNTjcz6|pi34p%4{pQb>=NBHZP%YB5)P$*_oPQj-y{d<^?q`hKxtn|V7 z+)T{pSY(@v7P^5bQO}y1E{piN@X&73Z#sx)qiPf)YEOnQ{Q7%6{JY6$y-IaZtG31+ zTXSmQ4v4oR3PxjLY1^)dED51gHn7|4m8*c=BsAumq`sw|unZ*8wX!Pllc@hZ7s+Pf zqEzb~CUq1)(VSnS>o^T>Jungmeol%_)+pg;RkA0XQxbgQ72d?e6?=?Xaag!E)q%E1 z@(f;BSR@Az-#usHt9%_wmi6j0!>>H2qiCpR(}STsCJWp;I)eLW#I~;V^h+x;BqpKI zn}Y{_C_qVB=`}yZGQnf4Mkv_E`u$uRptyS|Z!*GDF=wmMj!khAS_*SEDqymADQMaU zX7M9N2YU!BIQV6r!iAQu+RSTE)GdXUL^I*uXhztIrd0X`){!p4&i_2%!x)?)jeVMlUDLw*SkILYNDyQB^N0{d$K+vpGztj_ zUK9vSN>CJ|gtrVv5!lLjH}8jaE5%va0iB==pCtf5B>JDXkTmx*bmek zn8YQe;Jd%&aD}aq>8Wa(KX~v}uBoA*@6i;6w!Jo(QM(IS9$l}cK^*5<12rkwJ$7F+@0?@HoAYW`b$^g~r<~~vU z7J8VDGMFNPK|AAs5?W1YF2TYs^e^{m%s=UbjD-yI>BfAz0i~$GgWe?@@ID_ZwvORE z$c+c6gH!VoP@;#;071U9A?UdXNxkVtGz<4tPV8|=EzhSn z^ro-Nd^{$yY1s9x-oeJe<5$D?l2vB`{%yXmbdM-!7B1L@h0iY27Fa{ zQ`XxNQ=ks= z+6uu+9yRe%5Vw7HRMut-?1#Zw?tHfi-Kd-9=DsVrVyU4kIHky77aD{fex_~uba!*c zcAsHpR}<|%`#HQbRW0%!II5O1c>qt**P9x5P#7#3ql>vEKs=^}l@NI!fgam57OK6F za0^Pxbxo{+p~vQ>MmP#nApPj9*`h$*%h6rgWt1fV2=c}*qkJTO8D)Tb=FQ6tKPkYL zbv%MZ;H>dI3j_d+2u1M=^rS`%KSDbSHrA3m;m2VY%njD%&c)^9Ddum8l}8YE2c74O zpjlK_?3E;#hYm>E#)C5nA?>zWIq_OGr-dA14xR4>pmV}$9RAk|P8Lyl)!?-X zIUTB*FT05*CC{r-+b`ba<+;LM{rATIDV5{DUC00S(;EMKPJjGsgVo0Wc3T|(3e$)d zd>!Nef16&pMV0hQ3B3+B*i>58+*jJ?-|R7MdOcpNRH?MjMaw}~aFD9%ONHs%TJZlt zdbOQgNw191>%X?0j(jcKecJT8K^v?hU;UP|8G0#9=NL@Ww=e%4`Fe(fUhVM%{F(6o zPBMBODmk<`g?{-7lRUajCCRQvrYR-$@PacMjAWl-z0JCS7ixo5NcM5diIYsdTUrmg zfDu?n7+9O5n)6>$3H_!1v^n@VcLG~UU(N+BekF)Q+sn+UMZYGf)YS$M6hzam{hIi1 zNNgL!tbKT`%vIlJ+ctH|`<^;60?Z0Op$*wV@EMisI-I(phmu7@X2hZt0n=p<@4+xD zI2G&4y;y^jJBViBS}i*`uS;T6p7$9^m(UFvgv}n^Z&wEd&5QG4lLj5y+i0FFB4RrB zpV?sRy071cxqwqcFL(OuWisEtW1&zEIm1A z8$+N==5x(z^o08jn5r}cc;=Gk4b(tmD8)Hfv&x&Bv(a^!6nd*{93_27+ygcmZQx2V zZ6hfOQjNZJWq5%Usz-hh-pRVjDPD?u6S`5)@2B?imYDwsa;tz|C`9iovC)9^bEo7u z8|F8zcfcDwYwZgp!kL2ZU%F5AG)Rb2g5YGsq(7^cPhmT(uG|U1JG6QUt+k`INGjb< z=k5ho0^VVE{mfpsQgP`a)e1$c3F^u)D!c17V}^dcF317O+!8Zgx>*zhc` zj`$@5(pA1bIJz1=|E?4%fseR(2So?u-5z-gnE;NYZ={T9Ta?@;lmP|{7Y3(b7*z1* z$7oNe5RoFEY6l(#K*<@k&1wo7-#c8}7JgrZsuk^h6p5bSq0y*7sms>`5~v{#{uPw;?ts(?^E?Pz0fq>`JLy*~mC=8BAe+L{eLS;@1*#HV1Iht=<5gfUF6(H_MOM(wt zlX%)th$l+QkBa)H!-sWl2j{LkkE-ZqOjS;&enB5m0e#N$AaSxGYDKnlMNQomCs?vW zO^4QU3#2GQItbrv&3PRBAY3kLR;HwG+Y}89AYo1eNK!-$l^d$CWlHwV`u8FrdA+%I zpl5|K3v<`ppspN_#9v&&*Vow}wCzZ_T&=~Ib)XiHnnW*ZZsYdN+XgDme`^6qO>hYp zvh*F?Hw$Eb9@{VTCwfhQw{wiD;B@@15Di+RkjnvOta%(N(UNdqA@xM~A1*02kzBfN z0Ch2!tT+$B`6LIR+#yqsLYP&8V%V5lTX)5t_|B}!8eYM=?Zn@aL1)%xLWD4<#?oQM znDx;>jP2UA7(b&^V))7N>$eSIWrso`;cFKb&u410Yd2w5A95i{rn&(q(*O+z$+F=L zyoJ$s1mP3)f#-??yZkUOqXQsN*5OC&GKzX4$w9bES&hiAYn^b!2$fye=5F1n>mC@}~spYl1cyhvgq-KWJkdL*a}32?G&yUm`lq z#ggJW?e|iKLtf$?wN}T9T%3^O|$&fqatxYn-oyuiXs9mn#FIjjs>Nj zorO;jS{$G*lyLVKFHX=K-R4uEW@~BQ{6p}xk5ZTzG}Y8yQ^XPYUlo~~$zH^SwOvmm zWj&-KHzz6zWRpdi5G(qh4nW0yANMK9z&1*_rllFG184BbL!$zE>>kADNSgXYQysIF z$)8K)mP{1fI>Fnt68IyX!1rYbO4mC8eoe@sh|a)Na&RoX3mnXL-r=UumhBmQsmo5B z{iXvUOmMT5Bbb1e^&cV=qp>X(q=Rh7A;3>zlo$~>io13G0!?3`n4W_1b*(?FZiSPw zIz@qk1$yO-xK7UO{s&`dcP?TY3(wQKDoX053{fgM9T#90RRiXubW4mhBsnBf9GoFP z0x8T%MxCQQVHP8YZ&Uo#ffg;G*9zM?*36=V?o89+=G0y%j@E?@uDP-icqK=mhS3>m z*$hC~?Mlw8Z17UpT#70G7hvKllt_bP;7;lwIi74%NQ{Bq6Z#nuFsaslgKT(E_?O_5 z{8WC^k$CaC9N)?$p5EdKZ1VNtug;P<>2dY|u%al$4B0^5dwH6NxH^%N%0* zX;UInL&YqvE4n|Xg*8__pbxnEte{CpN|MYmQ4+T<&)622u3TjXSHc0j&iXm59|0=n z+J;()v4XM4wW^;j@qSggfD@*{T-ZMbRnFv<>;f7|{cVKsk?6AdYNONFy=@ynOZ6dg zCjo*r1Ng^Z$7*{MYNImyBO422cV>piZG|t>`@0}_b~HEQc|ewjr@&zt_Te9X=TmQ_ z3qW;w)t6ja=8d@6xHp5GnRA+Cvx9gbESNd-^KZYO6;lh;Q*RXiPg(;~EQxf;CB!&PQ(06ubE7l`-8I_jl)qoI~$Z#?S zujy5+CBvbK){^7?Up@FYi328+vJxWmN^a5Q;~$T|xDnclhra#!iTHg8^oKaaqb1(C z$}d$~81?cV1Kw{+-|M{%*$2z_6Yjk{eJ|fnkjTPQN)<+bg82R5IKgu}92*$|Erm<$ z7$3HL1^c`zV#3_8V72qH(~RBNibO&qYQ!x)8Z*nC?Gp8hP>Yj+U%FZb7l#vi+?Gni zjUNSY5vtl3ehG&v==}5VkK5&`A@WcL~=%^KVf395j zCA$EXp!+<2pf@QQ%wj3pA2Ds+_iG+TvRlfOzsRP`euJ-BgE|;zbny8Te`F-m(2kY(PVz&9wrue`_J9BsL@`njZ+P%zK#rwLD2RW*Ech@t zJX1Xyy(cQK$Z7Cir%|{;sxW}$L;aR_Y6KtziJp8d--Gb2L;6d3WKX&B;&=F#+VpfxS2$O>CGXC zorLR`7YbZjWEryw*E$c^#SX6BrwJFUhI1WUS$}gUmRLYCK#O?uO;GHjQ)TeR?yQJ7 zv(okZ^z#vC9(M_y8>;3IlyD%HR3^McMLW za}j(*TYidO6IPSW#~cNo`ddVS-@@Dicxk4aPCY+F9?ibH?a@Usi`Tp??A8)aVy}!< z>%wm#+eMm4F`nyWq&L?jKjD^9gfCknqN3T$m_<<;@uKpw1NiwDrzgU!8p?Y@hJ=Hr zn=@Nt7WoJ+!2eUtfeua8PBji2A_N-sCyKY%3KDmINs!PY%b1-+;vEmGZU_!~JxDYI z6TpjZDA$GX!)RB<2H-M>ve7QQx0~}dK`h~6b-CB1RA+Ix2I1@Ay>GEG9Aiptgj2oz zG^YIhi-M14FJl(*8TCx*bNHMxF+HZRYIyGU2DOgg*xZ`q4hlX!w6u8wu^;zA=OR;R6s5M=KDN`eqQ72Lac?Dr$pqeS?ok-wbY6-yHggN&e@;NZ))y zyDMU{I9S)MabEITHaQOB^~1M0S=|om1!>`N|vY;F4?ym6P4gzXyr=Uf;MUA`Jz9ZA1N2#NBxCWu{;A{I;x?qE@(caup zIa-H*R?yNS%a~2H#ynaZ9a`Udc6w;BYWNel>EO0UtJUdEcOj7-RaHS7eo(rTJ9zef zG@98RfG$BO=7uM5DWh4N74tr`4#R9oLn79mCUXNK;)6!Y3KzFl7}3eFfzHtNCLO` zXKC~E;;p??N?6hhl5~J1IeXK`(!-AezTjtAKh$&853xe4qt!0;)T!%6dP4k(Ql29&~Ks0VH2GkhX+ALjgOBgN%Rogrs?ELt@ z5e1Fk8u4K%7ELe1)gVi}#gWup6am^LSoa`)9UD+=WJr~}PK-D%n zAX=P6AWS=KSPA~uDEq))p#c8UO!0fb{))?j?|%F4vAdkE39tf- z$apQVF#4H^ex{<5|8kcMOIDO0pZ>YPB4jD!Uzp)nf zo6LZ{BUJ<&hU7jTR;9xio~>>2qer&bXpWBSmMC+1`0nVVD?HqPh^nzOIMU`|XnS|q z=0N3cSb$%HoUsu1eozEUm56T8)~7_Y-XVIe6wL9Phz9P#EOaf3KFmdMlJnt`=$q^h zKNWqG@nKu^y^!DO=$kSUz9agkbcA!FZ)zQP?t%R;;`c1%3r8JWJ@$C}m)_tI#_%z0 zL|ta6C;p^Qe~>gS8gK|?!vC4M!?(dPZYc~troNEw6W{e|@k!_%e^aVE z4UI;+0N14ZDbEYJnQK?RIaq)x77El7vb^vWiAOOpzginurj`3@Py{B8B@Lu~ey1SW z*{^8N+pqsD(Dg*nb)Xi$V$h8#NImF$-2GJOO7;mrZVm*xKvG0Lk@y`Z=2vS2%d~PI zD*-x|+!A!VD|F<-ua$P^Ds(khYFdth2J-UVg3sqo%+ME}9 z(M@9Tu|Gx_Q07+(GOIcC@bz;6BE8%&V5(s7$Ya$p*xzG-=z{kxaY7atu<}a$Z)gyQ z&OIt|V6h4uP@h0dfy1}{5a9qh%E=HmiD6Vq$M_5y#n>3nYh0dlZb|JvO_3c^WJxnf z+p~{W$Fv!X0iIXh0T*d&>z^+>+|x&_r>HI8-B}&cDh@iKC0{&KU2}S}b0CY(FPNh9 z+Yv_B&Ov5OXkcobsJAUw8aoJr-Cg%iPN}72zk0TlD#5VsGOT-~>g`CFtfw4PrL)VX=070+DS}{3lX{}e!-H8XQjPixn!XRy%#YVKR`NWEmH6i*gY$y7&< z<9C??ZZw!eKCg#~b%dmNgLLOrkd7I`z=Nki;v&Qq6{M<2uzuO_dJr31T)!rzl`Qju zdh1wq;?0QlYd3olb4R>LR!w$JjrB^wswybV5NzKwMX&koB5bSl%K8b3{R?JVf~!NA zqKK})D-tVF&`&DOnPHj}V+|^M74Gk-=AG1f5TFwxm3^Bw(AH%-K}`GEu6xL-A$?nU zceVtF9y3$)_^n!pG<0=rbZC#VPM1&%6PPrVODTJ=kWy_x{J$x+=+=)-C8ZI?A`6gv zpgPeWM##LHlo|@nfUZnR4+avBX-O%K_3NedO;hxHs_(Zd=^`nGdZQn68(dGr*jD<|~VoLGM*k7XEoVcdR-{ucTEl0FRkt0IZF!Z8#K4NX~i zw7JA$fCq-zTw>5@%v8a+=bq{`ehg7aKlt|-xe_NA4J>2jG8!M@UDHT7Sgb-gP(O|T zrx1=0KIny`a{w(F4vP{v3>Xef6&%*Bua3h`Q{aFGma%df4i|XGF~WhxDsVvkH2$9g zhf6UTkMY6HIE3Q5EDX$Cs^HLz)^xG>(h>(`d=gh0&n0Y zPJmZA_8!+k)KomSP~KE>W?p;%T!fynab=hT6~^wyLpjJTSmyF5RJPI72oTx*;a%(n z4eqiJuEPTYh$KU_HibkQAcNep%XM5gnqp(?2r@(%u$eUnKMbY(g}OudbjRHQ5(22Q z{}h#RcaBt(776NDh+DMT8(MhAwm;g#rB9%54{qcp+dfNR$F$bQR0(`Nd8rOpy{S z6cU)sdlCq?C|DD63#7xM1V+g6M)(fkX2?T++b5_&bDXH)qJIEq+;G>h*3?7x^g^1loJL-0qJ%5Usj2ljXQDSf-EfNb zs~5ilMj4^UNn+<@@E!ipefDJH3K%nwrZwGdxhMjMP{@_{b%A*wr zYO7Qg2jF!B>>72aB7}-cD^X)2UG6;|>LaCt0*!MMG8h1-mul_|P8n)2@}x6%K;fQ` z-Q9=E@I?3v5FP7p9J?Z&arGzXQ+ONVa%LJHJOb2%HtN0zRpqT z{=0)k?-CQm?w1?8Gx$9qC%bP%3Us+_ke9uejYJvkRxWDMJZ5}0!!DCHmAn-f9rXv$=)R|;rMs} zT5%n8TuRGwEp?;NXI$vhtj|hKD%!GWPWlw{>6i5M5se(IB~Fet2jBZGS3mTOQoijz z?k2|mkj%=1Y<(zLb%LNZUWr!hEP~!M>f|Z@z7v?++sf;L>^h^k;aUWji#f6h>)pVI zAKZK6&h+GHegGZt!_l3Ad*MiyzYDVq+VFZb-cYGpLnUeGx6C*3PUSfLP@ z;4RxO^sm6>h>xq^y#ci%_YG=XE^Ufq`2{pA_+x;G#j!C(^K1LC4#icBiYaw4GOz;_ z$E5SEPX;{y!w%j4Hx#Q0?Q(uKU}*)?%pEKd^`}wN{0nECgt%SEj-!Cjn(%)7gE~UA zF8r1Pzp%t;3*8v>1h))CE|+bgGsOX^vfay276LZ?1vHEd+d}vF`YK%f5K0*rWr_q6 zu*$+(l3)-Q<5rNsJSG&PavclLbgCZaa~w>e`z4w)eqhm`55gc;AI!T;xdDKH;WHAP z@&Yx6oiugtazuVr&V@T=0d1A+@?P0$qh&$w13YAV>B7i6{V>`EHWRoyY{>s?uh%4b zQX5&B+Tfv$9Ej!R=32Sh;K#aI9!(f-I8m86e}?gn{Tomay{#LLgY`R(<8CB9#u}M5 z-}uML{81BZzYQ<>mhnG^zoYB`df=P)iXMQjyE_=!$rZt-kl_oQb30_oauvJXzR3d1 zT!E{i0&uL9Lo9HSEAUw>5bj2pcni_+WiIcdzB2uYsK7T|fg`Md*1Ou_vxiRxPIB@x z9RQ!Z?h$;7#OLK56`yS9lW01E>qoBX$E-jME>EvjmWOWP9JS%8Wt_L*8oKbGhs4I$ ziiYI4z!V;MdA*LSMInSZns#=z^Ul?6_$|_e9$j=^rrBehEQ>3aoG%G#f66}cT?6qNARS({6 z_G)T99NL5-V0Sd+aRD0MD&nTfzFm-vM!+lHnS=D1P$}ucNcuWL5A#ukEt^G{ZkWji z2AM4Jtk$A5a3zw_Kv5eQv<8Nd1Wu&@AhyWmdGVCHpy`8J!R5Bca&bx1A<_#U<6x@{ zYha4Uc@(~e@P(oC48KOwJ@~^^I9RrS1)}%v!!WjcZFdkt3ca=?3c&Q{8o}l~E-Wbg z@CH?`nUxotQ3-DD$lnt=2ry6x-i z3eHHe#$6Ez0H;sZQiBgjmh3XxB6(|sh9s}7$_8&>-TZ0=Ob$?B&o5yCg$c)k{0}DO zj~u8O{jvz-nEb1rU5#ETZAG_uYp22u$Ztrf>HAL2cRAbqnc`d-HtRby}Yjb zpUP!MSGBebfgxcUSbOxr!rFp-%Md8)PY!`m{M;gs#-zOPh@AxIyjOUnJuK6P``9RW z#0D`6SY>z?bXUvD*QPfLw!-Wd%Z-ACGxDAdOcgdbBt-?6|ASRaHw74!TfPRvGjQ3t z6w7vA2gP*&37ze102$TFbW&rQ>cQod|Aw%LHa40vHXWmBj}QVh{mVf@(|-9Dnl9I$ zr0D>DZjq*gQeJ4vPJ*4^BQ(_>WSc+ao{fU0Y!EbMmEqS!;Lm7#b2#!^w3wjmsv~kCQicB`vR6xfs^&ab_$RDy zm!H_?*C)HyFi{ra=s@xo#h^>;QvGGnSMWyG&9Bzh``B{Xv4KtC{}B(h6jqo7R2mle zvv8fWZU8(*(tZYSv&RrP4&EwoZHz;gdW z6)4V>)dt^anNxzW&@CfBF`Bl0vk+_{zPCuQMOtYrcxYFtv{=4n9I>b15(%EH)^7UP z1qjHNVK`V92#3fGBCReQXkxU?q@%Wrw#h5*%yqj#d$+zBNJyfwY1QOcgT35iv3xi1DLxLEk-g z)YBY!L`+^5+NA5b%QxTJFmL|cx;~>!Q<5?@f*GfWxmx_(B4z5OJScPX&O(_6`4-Bs z<>2I_gfiM}ADaYaSP7J2+2L)CGFMMcnJ*3tWdza+$}m+Z6Gy}-BmO*4hsu-X07Uh0 z%7p$qVupJE58waDr$H5Y6NVOwK7BlXh*&G)t+@EHTD&zDCH)&#z94_a%=AFjFqSD7}D^Jos-tX!$Ilp8q zct<>8_)imRy@GwBu6S|bBES-Jf3qna~;;7+sD!}_AG>DEO#DXA+f zj|kek*XO(8(6d$aieUgo>rC!yS5F^4{IdJxtVmzDKQo?$wZvqERCJ6_Y zvGTZg)?K=nfaCp9J0w<ZstNRR-87m_$d< zI6rEDRT4(JJyhF5DRw(5oClkbIyLjS+S0`m!oTGG?<46anIlZfr`kmlg|m3ix_hnV z;8{hySbM8}Auf++k*{?hvX%ye)z1VMkfj9lrU#@|d6^3$kWXchHiR_Le#piNe#)iM zV?pDuVKVZasM9vcAP3L!&cyg>DSY>7Q;4lMLBDB;{>{?8S9J_UTHhcBtA)+*wZcR3 z4?C2*6)bY5>k2oO!~cCv2(Yk{Ey*jzxo$;i6o1$XQR+98mRCn(G&to~f(FX9Eq5r; zc(fF@`;(z@>5YQM=9khO8lQ*43Qq;=1r5G3?k-C&30HE*D{v70LXm*F6%vi(5!|vT zp1HDDebA{;NvDF089_JF_|Z!z{w8#9 z{rq~&VsHQ4WnJ;xl(KyJB6pCW1R)$=vO!VJtlHtnhV;7Y{6?a11wxo250Unf5!(H3 zCCX-2IxoQe85K*WXQ4g8M;q-LXEU}UjHN#Nq|zM&O&-@y;>@P`fFgpiq>;ml^wK+* zOA;JPD1im}t^l9G(D$wLyV;9#KK!9RHX6be}b;Ca42w9^*A zMmJbo{bjTz2%-a-Wf#J$F-{~&p3La}S^|i9=^N|%&QSosKZflc00V%@byJUS@a>}R z2WSPCOCVe>qV5vlX8@)Q5WL*(r~42td0Q@+dDSrJedIuZzJOu`OUXvReP?ILB&KcCOZ*a$Ksf;0+612?k5?v`2_IF3Vz znaLB0XesK{am<3W`5~s_XDO5K=g;6oxB;RlgxK?tBs7?F?4s8Bvn7b!B}!d zJ#$Gd@uYf5)F!-d9=m_IUi#OyN!3oAk2IoduX*&%bofa`4NR^HKdzvFgsFyXGu*xX z6A9b8(7MjBvdy*8sg;0xGGeYkY-tV|j(7?w*Y!QYY(CW_@KQ_a+)vk;4d%qOz@ADm zAh)f{Jt*yOBtt+)Nf*W8Csc{*?**n#FiRju7iy~z5NA9OsjCMR9425b%?Jh~gex8b zd#3>_xW}SHB*^qC(Zv&J5?i%+N%K{lV`6U}4yhn4iPWH%PlibAU=gNmOAKtZUUy4+ zBPHT{C>itaF;)vSC^1m5hh_9tE-!)5d2YFmB&4 z;S3*Tg8bq?Wi%F($21MAe#%OWr0Dl5jyiAN-F@aenu5c>>eO$l3F)p}GeFUqlAB#| zj($-yyhRer9w-r5oK|cGaFVIL{6iaq!j{SU2KVXc9MQZ0k!GCfHWZ0mNCelWMQ^T^ z_}Mz36F1Lh>qXG}!_qPKA*6SOcHj;RafjRhf^2UJJE7tMI@n=%NXs?O6pBm}(&5~Y z&7*=Hp0&`T$~lI&9R=R0&A=i_bgadpte@}FPc+K#i-a9YKI~x&3nGWjATQR~yvhv! z2xnIM)`m^uE&G1Se#wz?7qJp~Rqh))@_@46kR%YVyio*d#@^dU0dlO;`qjL^C%$ z3q5E%eXgBcR@xCEftJXT+EbzW&_(5_0=Lz;(q+rIJqxOOdDCHO;)REj&}B>y%BLHH zztnne44QyxRh7Rw1$c_Fa(=vDt*|I+lFV#Lewwqu9%LMtcOWB069}yhg}nCdhQep` zGuVQT&UciP(NTXII@%HDJFaUpIp<-#7~jZ7n;f~JpODx$RP+xv{tM5pZkdfXg;M&L zsWlzu;!>+uxR4Ho?O$EGv5Nq^WeQbF?I8cxjb@-Xwi+W4c3>g_J4F`96AAz$S6agrSO!Ehy}g(WbAFaAQ+HXg+#Zq7!*o5o4s|P?oxE(2ChcGJQootxh0X4H~-<@S&`c?%XZzEQDWSNvVkvGSu< z9_BAGm&Lc6%igRNsA(HWI&oVx7jxNu=0;Jk2>?4FC`#CN2~QOif@}6f5J_UQt%Hm+ z)j^XZsCj2gq4#kM?l^L-{1GH}OYtVORmv~9FZh1H#ZW}A?*nARe*zvE)-b;EkjrQ| zlZG0}B)wvh?N|(X_)R=1-?4ajHzWidkFrfNTNtwHa-}@XK$o4Z$siL;j)+=hooW%fwzVH>6b;nz}HwI|Kv;&{dSiaIjC-Wg-WmgGZ^KL5mli)|E#_0FfzOzr zoaT0N3m7=?=Vs)ng!6z?QQ;f0E`NPZM1>pBe#A}vb(O=y=)fZsQ#Sm3tl`sR4Sz%% zdHp=vJ=O^QFM-KqDi%BFMwYD)aeY0me9Ps>f#T$+JB6B&d$BMhTJ^uS;nK}sJB ze)TGK+4sb%aZQ+0-Xfwi-H6ruHE^(JBq4dz-qPt&4Ka zCd#uFoHvS`5>&cpLq#Dcf$8T@>|D*^L=TUw$_D@6Guy4R*#-yXAjlAh@G}YvRo#%Z z>t1iN_WLmPAC^5r49l`J?H8xef}b*-n=Ek-8ygLZ!{jA*19chUGrcos2V>t6B{){8 z1Y?VFumqc5=0e|247lYy{G=fdI&EE-+ta>ey=h-uvn!$@Bl+!;rTkR@5hcee+am@e z_0!&06A|A5y*V9{+*?YjpciPK%c4HQ80Fz>egrTy)>M?ZKGx~Z$xc7SPN%9jD~N!7;;IC&v~~(C zepFE80LVY+RoKV7~)2Vf#+&UdwG#e6_Wh_8K;W#6A+UL}B zjk$6MOJgPn&qQ|WT`??n1s3R+x#)|BEP^_Fa06dlMSq8agt(UjgQ!}+W5IPWzEX~p za}2&w{898x!0*)bBGZ%Jlv^-FB*CuaSuzTLqZmx=2-5cQrZaB6f|KJ90eQo>}}IK(qWN z5a@fuUlleev*>{yy*|{ux541Y*r0}NT@Mw44g^GF74PJ)a<?Up){o{}-Mv2yu0mV+RPf;7SB5{qbM7|@F8D4vbHWoZr zJHbKO6Po40P+CKva*e14fo_i!0Zddv3^4eZYgT9y_IQXcM1Z~7WNnxFw0 z98%~z$kiV1GBh%)zHh&RpJ7=H4%+`=?(O5_E~@?U6pExgZ4{L7B%u^(@hK=uu!xIv zbqftfq27YvtrnyxXh17Ljizo^lWx;iMQ^=SZ?2+7MXd-JN=X+iB=|*$iWU@l3=$J#0x>b}3kx)Sxu9D!AjW-ba`%OR7`B*CNWaCiM{KSTM8~l~Vj$6WkN^zW z0%S!_i>v>~k%C{{;zU@Aqrco|O~_r{KmbcrUhef<@%j_*5*;5l48&$DX|(D4LxN#S zS_v%-)6f&^8Y@(FEf80aH|JSfLNV2OydVf2c_Ua*J=zxQ_yiD(CWB6ZlVF5?xXKW)wq#Vmyuz@cJ{PDd{L_$_Q1qZQ z$_+{aVHFXg))Qa%Hjos+E9{tuD{rOx;>beV$eu!%TB^7AW*@5`e;{5BB;-KxrNj~K z_)Ur(G{`cH#`OaJ3ETAU>!DJ(I`3WxV@Mv|CF000`2TcxWe)eTfv*O)2#>eTWM=q~ z;$vGNV|LvF^`4jJLBG|dl~jV8+5F$ys--%bEGwiR{)1$G5~5@A@UP>=z`dv_D*>|- zx)^(|spADm#wM&lqqZ74Kpm1d=rn%YiDj6%0I>nL6Cs;0ps(rSLjw0C?~!@{6fc_E zx#H_2&(oHOZzxOBvxEN4#}qWWK^q{~0J=FyZ^Sw{prf@wH@&npeQBQ8MI=J|1guhAlj91XVI z+39CO1qb1zv9A2n^BcBGewYoxUhQoq>Tki(($&-BhJ*&WQ-u~MW$$rKdETtd&1Ici z@f@%6hwwi7J{XF^m${*AxMz-TJFVH;aU$=jWN=+w2BN@d(0?7_9S`7K8J19n)f$#&3X)O6Zrb7;Lf^TUEEh<_dTYE9PirlR^;)`+qX3xvRk0jXUiG1B&}lh?EOWh*M*C$ilC~e=mctdI zY@_d9ij5n%bWi*CsEJBea&WyoKD01*ZS$K2@a7PY*d(zef8p8640yrK$_!9@ z!^lb;gs4u7)M*5ul4R+{1;MX8{_YiCx~l$Bl0Pko2O4T|T>K?6Mgs%)~C= zoJPo$T_Ump#L|gU`&RchUk=LYlv!j94llWbh_ zb&@5&#lm970NmHY2VFMr!M~xrab9t`LPk53KX0)wkz6Xh1~HWeF>R>n8OT9be1@t= z1q%-1zv!Z?LbsF~MBOH^;Gpt2A)MEzt42FRnU z>$6e}(CC+QrOuYZqqDXE*{u5*2-Kfj%l3BHp&M~!evdj--Iom!viQApW2t?u>r>t` zlvZs(n)IVn=4LFY5!neuuNhp@2X!}4Y`Y`7FggCFqv8Q7RrW$oJ+U8CWw+hFZR(%u zcI}d~(S779nMZ~i@s{OA`n#NYwF{FmG?kQyc2#|zk9x+ZI(POBJOUnFe~?xsAb2*M zQjcRE`e2=wfm=))kFs$Lka4Asd4-2(xjZP_U;GGU0TXw}IT-AJg>!nM-s3koXMiob zvpB4&c ziI4@Zs`DyC?1ke$uja+F#a~d8v2`0hz=q8NPkBcP_vvZf*7J}MCgw6JFkm+NNx0yv z{=_YcygK3f{*qFpXu?m0uwSIYJb*QyW_-7lsQ6byC?2IzakWkEQw|OyG1ei((WF*~ zU}CArzx~BU_)9LWRwEjaI!%pWVoBZ(LsSQ?CUh#@#IMq43Cb-2(fj2INY8|B@%x30 z9Z?ncDox94S~N%M6VuAoBj&QIpI^xuespfqu1HpC z-~xjDnT$_uf#t}u0yly#I=^%`9*Sz$bd=wRW`sd)M6htrRdzFB6$c?3t2DtL?(Ws&H2?)r#^MR2be8*kS6*7>mQJUu24ndv;aNl4l1fKAv zjQ@Ruy+0Ioot9s+z+2q$NN6oYG-&}0&|tpM0P|-g-GW`~w_s;oPNUF+VoMS+uTj3l z;JlZbHruOcDD7aC2M5dte8_C~AE0D^@kqf~rm19nRuec1w(T9*^RYue78q9r7_7nSt<@QtUa%PpwBREN;`|Eqa7axqUA^46(OA+C5Ty?ZlrY3dosLpy!^LB6C%GloR!~+~o8pVAFuf_|GF4hG zd0*gcIbbtBPR{bx!i$EG99_-s`w|oPwkhI+79%#;Wsu~QH+YVs#oGLaOdY4OG zVL~s1x-p(o83(~~q)pC2ND#0McD)m_PX71#wFFP@u2~w^eo-mNVc07(pbHb((knK5 z*3!w-T1pWlG?NDrzw;En8fEvydDGC9AWUGAup8#KR(Hd=Ps$Ip<7_L;_{cCgjxkAB zFB-!@30x#hi^>i-w-wj<5c9DPmO{C|UPe^p&wf6T^Hh$R>dFN4ArUr68`j;e^5 zbwCdr=wSmr?2ZEHG>+OADJ56Rs^rzjdqM}YU7$%{1a+MBs6|$KH~LocOLw2p3>Q@2 z2$Rwb9k4^F-E@FWO+#Lqx`0gulVeIq_fuHX(w-IBv;G?CBGzx4uD#J56w6hvx0LJc z&uv1>HPf{xDyq}9rT)9&K|&8H zHy(8FqbV`vaHhis1fL%22f(obnYO~#*aUzK_$DJ=azkM$q->~;uTpj1 zf$I|c!eHHhJHl4W3nNs|q;;&P1&71V1wKJ0{5Ou4u)R~s;nFNbK-&u~MXd7C%LCI7 zh&8@T?7thG&mv&G2Z^DH`@P?{c?w`NWD?ckjV*m zBGSaY?%>D3VPopy$+IY!>8My9#Zvw@U$|M&4KMpu!){IEW1KN%U@{C$F5{%|*UzE@ zE|rhN?r$(Zp!jADp`#I!^c;v5BUW@R^gKUi6G!5b z`SZKw;d~JMs&U=Rs3O=Zul=-%yru`!@)|f6S9m<9oO}9Xo^zMkFZb`uQ_k%G9vI>l z*bkCLey9dkmEAM@2;aaGPDf>P3dO9u<7+Z3V<6Zh$JAYc4q==y2t4YLsGJeC8FNOc zR=f;&#i(MaORKhGaIwHTE+mVG-|zAF_h_!TOx&x1 zRBhOG1eOzsI};x63bU$bI1j0SMFmwvE7oD0$5c4by2rjM!-(FDxib#+%vAw%C5K9x zRXpw*b;nodsR1zX6=IBAk@?0_@i2&{NhyuW zWL(3v)xK&JjMuC$y&$U~kyxc{_Q=xp(H{w0g+EmXMn9snpn$m-0_z zsM^(7TJ-<~4#Zje*rHPVrX>TpLHB`oOVswnx`QTIZc}L~info#K~ajjmtN_EyI1)n zZuPvl<$gbx4!$s*OT6nW_o~*d0xlXZSojT71$zM?11Tu241&KaAg6S(_TBqBp}xNb z`iZb8<+gJrxd$c$Jz3NZC=$y;7WtDB7x0C!$(OLFl{{k*;{`R_(AzYv1H5VnM7)p< z+fswkeXqZfJFzzKJE|p}q~bZomO;xH|JWPl%)Ip!@4912D`;Np3A>CS;2bk@?~CQ$l_b zdPm9~3LpCtoZ==cu~_O=KmmS+0N;o?D4*(KOcg)diQ>cJSvm~Q()F2M+Z&5?pkwL! zHM#Y4EZt8a5=4*3v`Cv17_1edUuQ)Q3FLvQSG`KEG>yS*21cfn^N z{D9GeZ{`8Z`vLpmvUI@y6tyhFgl`=|U>fH1QlT_MyMI)hfXw~?eu2_250vJJ)}b_+ zAcx_MuT0dT^Q)j*#}nmTX{ctR%*Z9{rgO=yHtj($uxu1Pgl^I*- znRm3$yT$TAy$N^Z^XTOT0g(bZ+ZWt09msh;?*jpdSnZCZ*QG4NDVzs}44J%#bFuWy z%zV0Lr^SEwQ!9R$FMeWL{J0+c7WjusB0F@JJx$@|VB^4x^3osQczQspPC;`I-# z)%lU|*v_}CD%i%ZLxAhFU6vd2T_}cfNJd$>5jMF_->xwVF8px1G1mvX#7_x!S$40y zNbEYpRP;}dp^b!>d0Kq3%Y{aS{jH1dxcNAK9 z44Q#Rr`z2twj++54M$ueT(@{G3aA29i&`A`SgdHNOQ7h7)Ci#&i@wD{mJhFuslJ6= zNq_=o8X=`n^1G_i;C0J{;BQFo#2;v;SmPQJ^|-T}4$4|qRI>lm;82C^!EfOUD}c|2 z_0 z+)?W9!N={tops7sW`I92*bb6GXB@d2%l!)IBZX7BM|o)|(VOK@*$PLcN+*rE7kM;FQflR_Cc%PO*dr^KS=gqP$WOd3Hh%;hPx*pM7= z6v2L>nd6b^T`8E57?J`p>fF-~*y%owS6726q%_2$u32D!iXz_G=#IPA23|W(+`E>^X#AhE#HZKXlT{sChw3ueTEA<# zyZA!-vcmo3Qf;IH8n#Fy0&01FEsMa6B>JZ#K0YO;y}-%K;x_;8n{!R)Jtx zvmF7alMSbo;ef~lX=r4FmvePI<#7cwANei#uNnVw<6FC=*AGc=>-Q{dab&>=OMTfL z_|w1dTHXC;DwJN z8%eoCA2-UK?+c=way#Z3*N-Iw?Hk-D zw_>SY2#Nz?*=rToY6akNmdE2K|LwT~Y}{Yu88RPC4IV8>%aaFqs1k13R`7F~q>@Qt zV;I0*tqmw)5CpJTHo9q?l4Kv_JghJ3Fv#^Z*(oG z0d&$6Hui7d13*9A0zellphs!|{ksSB{5=4)nt%>fKs#yxebNKE=f8GOqc#G%8v})| z{iy~}*#j!<0iefj0iX{9kaE14lfjg;{o|Ieof(SgneKXmunP>RINw*CUB6;bPCvkU zXgN}@cJsLig+*fWDVnc*F^~zZ2Bmsknp`t)TVR=)@BT5oCn|BOPf&+ny`76kmA>aK zrlN28h^-FV15IKJ1y5?v5Ua=A2Q;2CenJ?htDa~gTpxCt$uiO{!xbIshAkOR)OpZh8jRPz7?t1@QNR#`lCUvcat74tzWOAsN4zy$5v`O5 z>~i?tdp70+k|(N+P&}$ZWB4n1SohmXtM1Paz=z=@NK~^14i{(zVCVBAZ#2HkZ&~3v zaIZYq%{@ld>vQ`nLfXTk=)vjRwP&v<+wsK5(J0@d2%_I@`H>C2;W?Y)LQ)p_G@?BQ zEi0|=bJ7jvebxE9i_9Vu22dtI(?)1N6Uo(GoZfl~FESWk>lR;we(}4c+9pmtlV2EA#QNH-jCz z;IIk364i_zsPj2#Lym&Dh3G&gqWt10_j!cQqm~C}@puJsMW{L;4|A28k>ssxuskHN zE8IPaZmwI4aTQdyz)i}Md*}I6(0{>_!Z2FpAc5y+M>jUz$)qI71_c@|`YY#!XK6Fk zdFSJ&92FH0W8${0=i5qk|60#FSn?a~vLgDiwL1OG0IK&j{3#O-%=wQW^XLiF{j$%; zaC|94G^tJk0@xp09)cIxvu(KP7sv*7{j1E-ET6W+GO)*S397yx(r6 z@-Fcc^ho+Dowe9Y$V|YDBtASlH%sJ$>^-)n5R#J%PjAf(EW@{y;`3eHgBN6%{4z=Q zgVqj!i;)eFqSC297TLxow8H3YZljdzWW$RfDi0{ejSnz%h^IgZWiTeMF9}r`pLy3cRY%h& zOZo0eIS?03XYugL>vRGmUM1pP`6C7QsaQA4B zCJl5#9>nlBhzi54sJ|=YZ*@7_0cK?!%n~a zkePfmFcB#x^`^8Q#!PJ{T(tFC)r4Jw9nX9}-wDtY!XiM>d?JzE%oZ^=d5n$G5!u;% zRHTJ9OZjZ!?w0<179XGhSAPD_YA-|WC;VqAy9`v|)W+g0fK8V|5&?@9rR=RJWdj2u z<~B;5{@ft`MeL3yyJ~1vHY2r+Qo~Y8Z8rdkAiPAzov;vtTp2NGeAG=&$dwPPw1}&^dtwo&?OjZ_l!^It(rU{mlMjGNO;`h>96`T%MsIb98jvLhe3&m;}@9Lpx5)eGdmxs-0rJ$!|H! z_v@9Xp><3G z5LN<0zz0zZ#xiOmHXK z@JQrOm2u_KEQ1uHlj3j40uXg_*_6Lq)Q!yMLRqBSEJ`;O-S0+K$dZZt$R~Zv-z=Kt zRW%PZi4`ngI_bEvN3L#g13p)@YG5&%y#VMnBu4~DYky#D_6}dRE~GPjZUl)PN$yd) z0H>GVY>*E1W$QwEy4Ns{AVK&wB;5g0$@lI@zHD7c-|@K-BrHJV!fFI{!Y2nd7epQ5mg^QMaTV1=*IZ(3A&*ukdJL@Hx-SAgYp z+FG1W@Pq&A`EP;!a!XIa1YdyOD6k>I&GcR<(80!St7lEGN=y} z^ZXwkH{m?~t!2n;7aRLhF#q7oxogI{_QdO8*ca5P2*A1J7W@@8z+q1mT00S`(rzT7 z(hi*LJ8(@KB@|jrUSrKpqky7&M8L|Q#B^YCwn^L64}B{1=4csBTfEq}IF~Ix1;$GT zLglXc?2!k8CA{jhqs6^+9<(cyR$i^icf_R%UBu^A06Ci5@v425B&Ah5OrN{Kny=C4 zE?xv=vP1?IWe`0Q3QtCAUzxKJe%TH&5`9^!Kr#*B^y{0)>@o45^rSfSWVHSWA z{)i^wpEWQ&k3H<~BZDNo&l7jJL@e+mjo9iV>WyZ(ZElcg5!Nek;*rPhF?vT#nK6t4`&pYRHs66uD%=b(-5L7i-9<2+CaR{pw|q<1FuJ0-=9Y4HYktB zH8eEoLGrV=b?&sbF09{HC)+y9w^bOXoe=Yrz2-bpzu3Q_S$$N<^W|vIT9iOF&Z{bQ zF6HuWPrFlJg*KWvZYWeIGqOF0+ zX>47MdreBOO6F#nN#4RoswDPILQTJcn&-kQk=Q$(6+6I+8we^`4h8NuKf}V>0JBc< z8RUsg@E*j3$@CtNPvJ&+iviJ@sY0X)*vq_~30v?7>RN?8_2~5H=O1>E_SfppmBQS=JZ>{MzvY6z*%JHwmqUzx z6T(+m-l$Zl#3BBK(8;!dL04xUXVcI*`f#w)3#at8?!SJC#@S-2tCN==^8G(|`;U>e zRP|iTIV%#n_zr`EPFph)c^Fb09d8f>WCh2UsM+0*6Ei#7l!*EH?pGJ+I@uA!mH?DB z9EQlv6k*gGQb05UZzzYVfHz?9kfs9>Y2_(fgb0)WcnR3z8qhj95p+_lvZJbNaM7ya7U~Atm3JwdA%(}itIdN0rzGi`$vvs zFJ@;#0dL@E7>?895`H*dB8f2-{cxb;7Wm+eZ_`mxP0hx0hEdV2Xbi7rR8p{$=ch{1 zp7cBn)4#nKJ^vF%C|R>N{-6i!Irfm(;8&rdevCiTREmQ}@b-xR6c7EXQE-Qja+gyR zdSroAkoT_Lt7+5p*Gs*fT(WRTrK^*NC@ZqtC#q18Yo?em^(4{~KbnOT(5J%!*YQfm zO-_F4~1`qVqIcQcq?9HEjHg+xmNuERA z{xZa3m^xnR>HTPwiv3EVqI2yMOU5KUu7_=M-Leg87IT|2Bi*3B!v>&6N8QeS1cS$h zDJ8E~Tn2cWB3tJQ=p*@cZGqZ&l<{Jtg{0sYI7YNX}xz zyyh+sAxEv_k(KE(@Y(QLePuO1uiqnl{#Jv}t=w=>N0Vvx?0R(?d&KAthG&-x!)pbIorQ_qoGfi7WVc_IL+Y(LfAm9C=vs+kCg~N6 zEHW_X%%%&pcu5i^TBL-^CwCB7Glj+5KtY(8wj0()Rh+Orm7zM-x;{ zVp6O-EhNl@Re-+poiX$|9=bJQXkT@{?maxMi)Q}|hg7@#Ayp1%m|`IU24OVrG<2}= zk1<_!ePWDGGXXwD%|#v-<^ z4I?eH?gYsJMMrK7hW2~Cq5UuOKwJqqHKluo!111Mirf!^gn^;MbqH$UOLurSr zAPeJ=h&4-n{D9AUzx?1KZ!7VY^O#!{S(5&{ESA6hp}leRyGMQbQ{0zNo*VV$49~OP zdtfzTX9kXA3(8~CE`12hB_Q<%7{jP0FRUpUGskS6>^fyBJp#mpY1p;_f5KSsyi-mG zQ_?@r4D3SsiE|=!sWRvVPhtO*B+8Bbhm3_M%`v^3Fm9 z#L{hfR0h?Jib+ccNf|%qB)&e-PaTP1sYx%J`15!lkAc)I47Y&b;7O{O+ZypF(82R0 z3n&|LL1Sqdhfp&m(@;#N@4hAK$~RFhIotr1dUR!^P@thKv%bfGmim|@r{r3sir*9w z;Wx>x;Wv+G+NTt=uf&)g8e_&guHuww%%xD4PL|dXwf=hxcg^a*fj`q584g8xCSE<7 zqt--z%WwT?KH3tIU`YFjfx~Pi31ys;PvJubd0Qub1>)CX!oS9SI48ao(JlbH$s+{f zKDWd3h&ILh$HJc4xmA;;b<(-}3Zt|7M||hNs~#)-3r~;Q=N1;#yoYCA9QMwEcT1xw z7HV~aYsHiWE0!^v%3v^+!N{D=%!8{l4?vn{EEW6Kn=Q(#y*d4VT+8y@m@**5bl676dN01zgm+r?}j!0mX^0$T%x=Dn^>NIQk@6$SF`yLm82Rz#T`d3&yZ?481`v z@=Qo-kcQw#Lk<+(8hXLR+FtmA=*8C13nT`LZe5exT8sUjQ1sS%6x|YV*$qXv1YBZ@ zZdsGtLWc`dXd_&mXwu7<r}u}#gz$!F|umcD;CntK4%SwATL>(jpcF7)N^zAu}ONc-|Xm>jGLt#h*gX`d{~ zs#}0rGF+b{^Se@NaIrIKN5iT4%~-x#?|KcN8KG9`m*@ZwEObx!fHB3~XLJl|_Jo_o zO|A;x`bulUNRdPvlx~9%s^E8ckfnGa*COfmZjWET{Tv!5bRB=TOFZpeot=xCXF;m?-Mao8!H~`l6`zm#sFqs}tiqhV^+2QsA8)pSp(f!u2$ihr;z5 z3)bkgO=4@D-XwT#Ii1BtZv`W zk3>!1O3Lts*n#&;OWk8j^pY6Z_OASZylj{s7`O=hf?H;n;UCxiLt5l%JeL5>i%Oqm zZeFVeEBY6#wJIz6Tjt4_=z-n?$=}hWNw?%7X?{=njyw@RhnCKKH9|e`is@Ww2-OIj z*By)Xr&SS|H?2};XI&|^A1dh(1gTn|m03tmFCUOl&oV7-9-nR zs7yKcXMgug<&*Zyz4rMj=azsBz(Zf>|L_ZsSIvh?_5%H~4VV{17qWEh)-1<<5pvV` z+%?UjbPiW@Aa&7-h1E-?wQpc&iUc%aJsN?;rpt^iJG1^#cR)`$Mh8^JYG-nz!bx2S zdL+RM{|_GqEK=bQV-=91?jr#S@o%;8-*FVBPn8Cek~N6?hYn83dJ-V|KF!B(;Tx6r zZ@ROdytl%tnq=$mXEE@ipQU0&cmX=6Y~<@v>)+~AYkzLpJZJAr7}knR5Us?Jy5Y6R z0QlAEFkD?9@C`>-0X~C(g*}TW`vIWWjg93D?lzYL2+_OQ7XUX`}WIieQwGrE$D|-DgIcoRm#ipOp#)Zj5%_0 zO0>Op)tvxsFN7HER}knIE)v{4ifHOI>%TV!tmgmMTN0M#4fu&dp{Y~SrdsMZ^`oQE z)FBGN^CA_^yJypBf#7QXNEa|P4Q?;Um1yFvBamoItrHMiINr+p;Ng+VMJrLQ%9T>K z%Mf+%Y)UD6mq$dGetQQo2rI$3Q3dlDaH^z8%UlSTE9VkPl@89`eyoWC+sk9&+?8Cw z68|)te?oUG!sh5I+NgCQX{(Y7xGopRA1Le)c|d=pV4@fU7|vunL%`iOeqfNtnNjTl zGaEAt2a51Qn1eiCdE>5HE0lUzK?aJm#FTSv#3wSncL~Gpz#5@9bg8&Ao>w3&Z#h(b z!bS4%v1c%W?(sgjds5}lA4?VZK356eyBn6VFNgq8v0v`;gVI5NnP7Jh`YJ|+U+MA& z^^#GFIX76KsCQSOvJqoniUUp?Xny2xzA?P*Hj29f7!MinF#|iAohQu{i4XuF z>NZDl;pr`z^_Tgy{5+bL^T-KyKJ@=;w21Luam74Xl=t!$<(W~LicmQUv0BC`-9>$ZvmfT^zi8Y+u%$dQl(l)_oZ@`CY;l?>Zcx2%zAQ9h-^~6e( z7c1Dl3zLqe9hTn8;kAF^hwM6mWCAxXuE_h7QdF<?tzEn1 za<7WJ$QB*NE|rFeYlG+`McM}WSJu>?2`1?r!o(DtB;uT@*2Yzdh{-+g>&-#sdR89I zZRI}*%DymneP-Y)P(FQ+9RtFPd$B){D9+LD7%7`+o#7)}lW zpB1`q1j9=6r|ZcDfsK4FFP|-2t zg8yEOBtpP+H2(8k3l<^&ErX|}4BeADbPk?X83_U!_)sTV++|VFX;uj_Qx=x{0z*<8d;P`8Bd{fwT(dO zY;gOYrC9Y&5tZ&i46Get69$KT2?YK!IY>P9xQ?ATP#k&c#^Izi%=q= z_6VhpfYQOJB3zM9w^bDDNVY|XyLDjVFuFD*VE<@HI9DacqS2Q2pr|^&DB+CR?gq0- zCJNW*xDnK6X0;cS=wHfWn*k7HN)O6K()EFyeHfsZNp23G;_jrIQG9Y$D0F2}f-4#t z&?E%s6?9ULCTKg(8@L3DGI5!iv9S>+1yP7>jvIZ#=ErEgF|CBnK?}vUTuVxJux`&`N&6UDfzeZ9a7w!PG?E@wLj5#(M z0mY)Kg+oA0E-w|jH-IV+YqMh@REMIik>6xmA*m$7g;Q!iAxW_kE~xQ$f4((&aauo* z!pkhf7e-oNpD%*)k}cN_>-J%xiEQ_Q+33T^AOf{f?0G)D%Wtlw;oShb$^&{a0lgZ4 zl>4;Pe=&)G-pmhvZS0(AyZElB@s~HMcGt8f(fC5EM^=oTxww z-PZxVQ;~yTGl-st{kY%OfY~+%b&42ctrV&FIpC(9{G^|EDgn4x*rR3Z?2G(LdS(g% zKG?ng1qe!CM4K%%-e?K z(-VsR_U@XT+YWrM{4-D7*`E`&P44x3ysakzGinNB>$s42H72KT6CvTIYMSepb z-?>ar-bUppj@TM%(=?K*^EW9Jg79JfQRVFHWSjb%k%MpJX`g#)f7(`W%i}k~?2Rk| z^YCbL@$eCQEn|BPIH?J-Ko(#RgU10`5i>x$?bi%Rg~cI7HF-+#g%E-Ozw&1aYRE+2Ud>%(LB4G~U=XyHE3S{r;TZ%te2wSqOLI+wEiaw%W6M{U<6 z7q%S5BMd0a6JsN18d2QWj|Dfu*l0Y9th0R9I%bK?LALUF%59&w{SJ8Q*$2){bID7j z4PnCFR={AGJLWiQP4ho!p?%*6j{#rT-E(~%HLC;tczqOd!1J7Kv?{jIcNiuo8~vi9 z3kxgfjkl0f_AhlK$9f7~hS>}}_$?BEMk5Ua)Q=uW)!mUt!#?P7MoVm43Go)tSK2P) zescc?+X**R4aueWW4@`fzepADH?mmOyhnFL&qs%8O1WTRZif%OMe82I;F3$MFHZX6 zlCQEa)*9+fO&gESaQ+s>#xp-KR2&A#251tKm|!B)3vvuYmC4%)Z}1XIFV8}(FJK)S zlSf_?{6605{XVXHdS@^((%xg89Aq83m~r2(i=u%+n8Fmyx4x%aN_Sxdrd7e9uI;IL z!nL&G&ie=C15dzs7=jp|i0=pI`=$EEldSlRMKh2aUV`Up5aloU`z+}{cV1H-FK#xw zn_zc^QCFi=kOJ@kqJsn9D*#=F(cLUj7u)$#fNvi+uOf<6_4kyS$GtPztCk z0w}uzNh%BCi-)J~#u2>s9omlh&zJL9(pgh(ehOKN&G;k$yjqEdsmbvR zx}Q3*X}Ud1D&U9R3*k1B7Ea=xxIG6+#SSPuc zCH!euhMvjL4SDwV#vLMTVCu z`AAZ%-rfUD;w4`1V|!o9{-u~aJlPaR2fO8~&RT*#P}tE4RGaI^P+t^3ixQ?z6f^yo ztAwy+u;+w(;0@x&g%60-k$>N8>*Af3jLzHxa zM#kKBgHPXN>0n#xd|=K^{HK)LRBFF}@Af9Xop7Mq5SnpHv&poRAstUWnf#54iy?6+ zes88o!!Y`f?<~&#-o9BlpiQb^*~<+ADt*HTMG+HrVk#V^%`yDi zOs}rL2JIsmMtr??P43!S2jmnK-&g>afWHdZqK#7fkh*KnIU{XZkOSYJuaYZNFLXB{ zwFQVOCYZ74f*~<%UFv<>@|7ZKS9NUf@MAb}vNX6^w%<|rR1DaP9-2;m1I#hL3v>5p z)+(gCJfw9Vk}Rj&j-s=KQvjo-IIStCcp9bPoIt*JH9c_Wl?N^4vRq zOUo1(=$!^jT0nVGwKpZd!?C%R9QPe<^R0>kia5r{YeE@lj7>))dR-=ZI^g?v7~?*y z)GVWsI7YYl8MXJ1x$`ficnC|5yxX`P8qT}o_^->Kb+Pw4{zT2XPoo|9F|7MsC{z#w z8K?1j_W$Ce&=$FZLtBiM20nTs>-xH!5K~rMa0@k~+_0{^FZ?g@Swd?2@Z$dR2;Z3G zBC94j_nptmRX+e~keEI}!$9i@#87qzeTHUH*c0^ZeZFrfJbmKy>5~sWpN{!-h?sy* zkeoQJ+?bX-yQ*A7RgRIYm}vAAd2`XcD;m*s8Dsix0a-N)LGxJbn}Zk=h_f{lb2>LsxBfdAvZ$dqft`N0d8%noqiWr$p?HB(RSkFTh6p z0F~O4zLeq_^<8xk`V2 zHb+4Ep-1}ojfX`WnZoU`PDr*h4lT4*;-kB>(A+c!o);1aDJDU0J^SMd9*q*ngo3jZ z+ofzgm16nX8p}_<=gYo@KwuH|C)ko0AH+d{xRUykOaw-=Q13x~8vAOf@3ESTEYdqa z@=l|E9zI&fMmH{aoQ~d)d*WYmqnun3qj6+`A8h*zw(Mhy^j%0E97sd52Ky2Flu!uq zuYWNJaVhMB;LvCO)XUCsj9Qz3(&OC)iU!zZwMTTzCO^r(_s5i97olKDh&C=evUHHg zB}%BM&xAf71Fqw#N2TLtuc#WN)_9QYeO_*PIYjC*Nb$iwb5@q+r+9yrdiEuIlvAC`o!1iz-NnIN`?o#Wq8Ze_RC%WP)de38wj=V>;uG-KCGBZ zX}UPHS4xXp^zu__b|1J1144VBkF|@&MT}OGOGMkG!y9}Ot_LUpDaV%%$|0uR6-o<8 zxC;UFAV?`0^D$^MH!q@DT*df;P74>MOkD6Lay%K>?s;Q5%DVcLTlFtoEu0&oKdhzMA@lLa4wn{wijrbaZ0dPJr z`#f;K@#37!I^NL5gURs8WH!AMXu9O@(QGT=WeSU~Qpybi)<%02VKY05Xl860)v*8+ zC-s>Sw(41ZN|P!`@~qyVtZt=*&HLQfh0M1pgaOt9o3mtK^S01`97pZTJ z?5I3e5u5MT2s(XSkd64Gv>2E!ZUmoXJ)fYL+Vhk-)`Yfy;Xa1D1ZF--E&@!fQG-T4 z?evNcfD#6|@mpN7milat#HKtiug!>Q zH~BI4$c;iifFXuaW=xHQlU@XZB{fwPl#q-Ggm&2@Bwa<)n-g71eA5_}0fBk@Z}-m60;O_2 zz`aN9sda(;Y&L*g0!ZlrtiGPMP!5wb151QlgaapEx$3ENrdSu;CkU>Yh>=7JiIY?g zqLVL4cR3(8kp!*@V*>ImS1OQR+=ukiZyr=(azT9KjzU6;pErAJi3qRK>@f^TBOtb+ z>S*y?{8cpg%XjEARUKju*bt<$$LFLjdKzV9rHth>&R0=W@T}x}5nw*(6&s2)J6z7680%=&|DZr+sr0-Jl9q@$^wE7UJ z*oA^U5CKh^DpC*_k@NtLF;tWRwC=}z(ld^U9I6JkvrV_SwWG`p15EhGO~}D z*Y!b$^96#h7lH-K7GG3FK=GNYeHzH9>WAx#*jFU~!D^$$7Bqoh7#ms9$ApnR>yKBl zHH*5(h3dCyxd9g7(TJ#~a*ots(UF5v*nuq*_)OZF#;!~icJ*ior((J60c)S2XsKkb zVf5*2AvLvntb(Fn72TR_P;eEfn&NKI<9lt_P8K4HiXB6PgGSPA&wT5WyXlvz->LxB zJw65+<44;0Jt@ZC?~E(ZK9OrygRo(Sp#ZnnC<%$3LBs3GPgHH(S8wP3kB7Q?zF8d~ zX&kjNZ%v%?BRL0u1eI`)#^DqHVQ=@1Yq_`M1W#~)rIw(|*KiDT;A zX1;Vvk1^0hy(dVhF+c%!0%hF&L^O@=&81Z+heJ)gkpvT~n2p_w-iQ`7ws(y^oi9Rr zob-sYrU0JK3dq;Ig&v)EHDNOjL>X@c|CUxwx?`8KNqMv?Tt=!LFCIpdK?=iDB#wqO z*v7F9Y9P(7<-O~Vl)>;Xr4;M@Spy{;3-u~J=z$fKM_T} z{x-s&jFtlJvX%`~`bOhH`UdZO_Y$=0Lv*Nh2fc!|L`EvDpAF-QGtYiTZZp2!7G7z7 z=TT%)8=uD1k85G>!OVcUtpaviK7GG2b3$AN!|AXMsEGcga||3Er?t6(9*X(yF~)yb zI_|!>j{4FAddc``8!)!P2l~FdAcmg2R`=+pi^tHY`a?RFXpCr~u2o7y*Ip}`=s;U9VY z@0=g^RS|2LZqPLU4=*3n`R0JBpKpWsIc>hNfPgIwTiJBJ{lu`4`SxMlH}I=xI^Srq zJOuwm^G%JIoNtrJi02z~WWH&UU>QK4Z&5sCzDaJ)e0w%D?~BpAAMPC<%^ByLLgRcR ziZ%PxI)?uOhLsFM>p^j;dmDw0-r8R=-ZGSHM1% zbaA7OAoulzX)JsRqH$2J;r*>PU?7*QR>c@U- zp^9Fjv3MbGL3!iT2MT4lr96;)0;ohyU_OT^1H;-T9&fq#GOl#eJxi;&El5iPh{$7! z>Gf6r-eF4>eU(rItC(QqpeX?ge^HK8s1?r3tw-(bGed2*Tb)R*dL0uSHi zF7dgqVXiFm>5FBeCv>&|6vT2zvwMv%3~QuG?8x&HbFiL1KzWMw0qdPPUlCj>>+cH7 zbpzc4U^Ul>VXjUj2aH{MUt#t5P6)%D{&i^#uGX!(V;ea0@S89KP#Z!fcuo6`0xS+vVMW9xCEJLU zkhy}l)UgI26NQHh-9WzgU@)@T$Y7hrq-fWMhe@*%?N>RPH{qsdHJJ=s)|WC~H^V*( zEYpxYfDJLY(%YpzhtK3%WTf(>8W8q5re?}H7~FEs^G&bdIVRha_BW$_`$oeHrZv1m z8^%Zo9tRT{{D=M8xM)@5$+h5~2(`a?@c;)pDRDo3EX-}sti>g3y~nF=AK$1Yj!BG& zI2DkysUCq=A5=@A5b#X#d?m4<&`b$59oWA}q}kINKMk#^A}vI^xjvD+(6nh)T!3Qk zkI!&5rRrY+U$@A=(IMx99+YHg?1ZQzCylwgE;5UaG<_q=Yf(A>!l7uhj|h1PhMd#d zD2hD~zf1XMIk0O^UXQBPV^+?reWxEYNLAGJjE;6s!yFb%k+d81K)4CXsPhr^g}Hk& zYkv(VFW>WxHa#{bJDv$Uf1CX%rq^H!^uP-H;WS<*T8D({DN7GUs+t1W`w&ds$aSC_ zoViEs%f#uh|McRt_p3}XA5B&RQq4q6CbhWFr_C%EQK(AN$x7Q$9(D4pheZt0XkiIf z)@#yYpq9wdWCZ;>u`J4FUv7P-SCy-Fta3PiYXXfmEGP!OlLH-S@4GFH4#SVF7#sI z>CKse8&X_2_mE-231ZEJnat>WG6NTD(cyH8icBe|-;gOk+mCZ~T)n1*Szd-}_^h!J z9gjW;qsX7YiOG7AFXLYHMH0w3Ejdj~Kt}P7iJXG<-XPLt0xf}9(m4>TMKt(NBg+$8 zsr0|@*C?F=cqO)P5?WxZi0=5 zu&~t_wqoCNIpnM@z%xbbjCf7k5c>f<-%A-uS5A=)WJYF!OE zHcD?5a}63$Q(%J>;PO<(4cPzTe!&CD3nP)qo>8N4Nd|8xM^>uU+smk4$6l)Xr`JvF zVoA(NL55Pe)oh{#r2`s`=hEwZ(}D{Z%3d@&@Pi%-=OBTbF$-0~5p-7zGEKO#C#pWG zoGi#eGOy$;!h}S%_u;RwdT?UI_?f7puoDscaxJvE%IR=37d5dzUQbACMasxMMI}6e zP#9AR!iS~!6%47cnn^`-^{8m637<6qDu3D9r6ttn<9rC4c%U+c(0}}}OYxs{qWT)vTqyoQDmak2tIg$V} z?|Lo}BGAuGS3nAMWXv8z#c|*|4q`}O=AulY`x}`*o2PJ0=K)G&KM3)0%&IXkL08ts~b7BG)CK@oWJs{c=-{>cbFJ zMiq_P@~{`^DhPg#&zN`{GXr~pco-tCk)dNs%(uk-A=QMK+7%<>=l8B9;-xZBgBZ7J z%m#=%Z33gYf1PM2Ol$5LEXq1&|2om0@I>2~=^X-w*jDk@yv~cDe;SQ8=1ZcOD!o)m zoEiKG}rDNN@Ct^yzAJZwF&i45|cFsX}!OaCKSe zeMb8SfuAQ0GR1Q=!QpfheM40xC&K8dpEawNWM@C28+-@yp^m@=DS?o^Qhs**sLzA)6bK>xmsa(!g=zFRw;7pQ>$1_1WLMOmNLM1N>fA*(CWrZ4F_@swjlw#XOEBq}YGWKam%MB$s2Fv3WvMYa?9U22 zS|fYcBz8`lrE!veF`Uq4si`QcUCS}(ixoF?kgN~JISy=@?tqs^MTIc_;{Ok{9zbQ6 z1KFuW_9W`6UJF?-WWj0NNA`+i=95ZjYy$ukvP@mc*M~N7DCny6Ax# zEOW+Jn2S==`S^tB;=}h)A}Jc&QWiXn^CRr{d_>Yo%(Q7@2jeMXXR=o8%-sIb(LDM_ zk~%w+UNP4#1qX0L4+(@b?&(q|QgsV*4p2p}ZSw&xoU~!O6vUx`gP>&C=}oru{|6eL z{t0J1<~H98A`JJgUb+zRj0aHsy>kqx4HQlwGDr8Kpv7Oe```8NqsqJAwO6^f-DVVV zAKvvBZpFsXJpRLt)H4s@(W51d{BF{0%dZT{;;}F!9t)d^AgHDHmZ`uE3ySG66vSO= z@ge@G=_EA4UW8LBk%o)mhJ-b9pu6mDyHkYRP-*GrMYs};T_5g|{Q%J(#!<0J0%@Ok zH-kJdwga{xixA)e2OlD5-Qzne|;m=yp{J zh3wl}AZ-DIk=ys{YIErtK%7h;ZW)Gzz=Ubm9f9F^24 z2ce#iE!AsI0N@#oX14ZniDpK~eKBMoiJ|vQ-*nipp_A-2C8FapY|-c@!4opQIE0Lh zQoJ8>(Xbw?hF#%jruQuTl>((6rT`$;I$8QC>X1`G(uDl0`=E*}*i-0d^3xPJ>+*jB z%AdbW=&#h2h1ox4C+Pz@U$)fa_|qHbWs>^-v}0;r-N-)q6g)(P3nympPKKm?pVtn8 z%GtXRfz%{q{*OqF_Dt%Bef>H53ioW{p&3U3_gmZ|kuHr&Fk{x?rws}cJtwP7lMQ* z-wdlA8L}jY)$S$?iGr1Lc=xJbKE2De{(?vNG<#3MBT0|<@v}e`p;x`dV)|XZ+!HUm z99TjN+TIbHK4SUNlFpajSA@33h(h*cBNQT+0}Ni8B{Xpb2M^$)#Q@}xVJlZ0cG$Iq z!zDRJY4QC0ilsa9rBi>5P>Tjdl;a)A_0z`x>iLGh9`W^9Bhdd~u%_N$719W#GrMle zj@dR&s};2Q%8*o2=A+wB4LerIj!w{V$=9k!1%7%T{~Wo(_ojPFki(J=HRcD{tm(nK zUvDXofe{G@C8*Xz5;^Lv3&tiDgm`wQ#!CLQO`M|Y>W|AQ@2&qn%#~N`R9L|72m;9g zL9!CtUcjA%KHO!^aam{tW_qrPsLto03{Ue<^<{O>7lS#*vP7?2r(81WpOplNjwXW8 zr|1Wc(QY9hl2=;CcH=n_Qa^=eC_EsTL30<|eg|y(w|Z+>`y>J+oU(Uc4o|wFZGi%7 z**+2;f$y}Xue5zw*oSg7+k&ojVB)>UYFHAsq`l2?l4wz~A;Bo-I|YqGS0`%j7WYGe zJIkX>AVY(`S|CzfTK^}SIs=TXM!|zJcC%bbfs{Gv?Q3Wp=tJS^#sdXYiWW~|K9rk<@?9y99JbIwnk+nXzQEHPJJN7VLB#nkVc=WVM+t953^=Gb;> zlltP{!3Lw$$63IWVELg#51!U5UG?U$2VGoaAUxJZS|PP@RXK_)Ex~39R}p%Nrj3ZB z3x?%&HK~~9<0v(*7$e>dh^M=W?s0cu5dkdpPT9B{2dQLoC)a^e;1*E6J%Xn6iD#0H z#r&vHJQlU2ZwFZE6zze}M*27SmBk{B{Vzz5%?+5ON}l(=I>Hy7!qlHvo$~x};39*K zG6!agB#mGX0onV;PytUdjBGt$cbzBxM1uf4XTzUhn}uQ{Y|mMU=U~ufNY5ZjDWZki zg5YSj6L|uER0KQLFMkl?7p}l9=Ud6ZEsH~faZ8&fOaODR#0mCQhXp3weucmS6YfVK zd~&ia9-+Of0(gpZ@XxzKg0)x0ifWO2y_FG$#o`k;{-T;Z@F=ze-D9r%;{lm5mo+Z% z!UXfG$0|aYK#VB&i>T|3C6-DQf4kfdAx6zk(R|8mi_(M%;9d#MN27(ugLE3kE)0?i zYYro*Afu*D|J`E}p(N?(px;zC3&%%_?I^G)Nu7fyFP~NLUX^(PJt2&Fm0z( z;v~>p`kYpW*`U+C2i`IfEsWJXg%8g7FpY@0K<1Gpfj^Sff0f;LCTs?b@ZbqZA6*>zTNRwQrod5NbeHG)ke;?Gs_ufNE{%ah zNk*EVY%3FLO6_>{O~P8K%xRJU6=g96dBWt=dFmA=T@U97V&H-m;DW&Uz#1x|Z1bdNOK52f#!dX<`Z+3V?Brl$Qm}lFNlR!4_|#20YBRTA+?z$ zFt<8f?~^b?mb!;vg4~QioIit7C)5fgD-6E`T;7mb=k+Z`D2P%)=u(uZ4ZzK6xUk|8 zFx#U%NObC$kbo?3QSlkb3-njJ^JZmk7EJo(Y7+JagpzpS3fasRugdnk9EOI}zF@XV zp-9zM;{{L<0YN8Fse zSLy=F!0A#K>Saw4^`MQ&fz?d3?fnTU_aIF=^n*@lA5?^}n8Pk%2hO zrwJ8?Ur?6{ACH)e#2lBx-+V3$cVj)giv%rYFU!xmYYS<2;@$4oz0{K*l#IM5Y5p?7 z%lo%;d|GV!8rQ(0oXWLy(GAV33N}!Hb;}_@P3~C&4>pX!;ZP{4PBsKMYBEf{heRnhj&h^g+myJ) zjJks_{nUtEE-{cEg59LJjZ+2_(?35Qw`H`33M#T{lW$9y4vcSb-f!UCV-aH!~?atk} z|4caGn8Klts#gT_wlf3043rTMBJ9(OFNilhLBuk>J@~8Sw2PXNp$(@v3s*Z9^Y8Y> zCpk&ZS1k#!TKc*1o++CXc-GFwV5-#jAgal>fRbmIQsXS977^VyAt!l}m{xdY}S zi;#fNRy>dwjVM1c<@G#~T>>?aOk2istYa_T#Zug2c|dX*z+j)u>fkV<*160r{+uCD z%65pVU$}i4m$9HZX%nlenz$tWIwaG3UiyWOpJiWYumcT>L{X+ZTyhY6Rom`xm;dHz z-8L(2J-f<=tixE=24^?D^b|m&%h4#Tt}?2aN6XzCFQrvN=z;Y;LKg4NMaVWiE3!?l z{Og&K#g5TWEgO<(5Mb68>M8HOTT%18Yg;gpC57Qr!BH1w2HxPyi2UixdOnk|hNKQ9 z1a`2nRBD!dmiky-<`RF%YoO5)7db{|R(b>#pKoz)O@ahop8zF0G1G;T-T}!EJMz-g zCSh^xl5uioVw8fmrMB*ib?_(M#{Gcg6qKMU(A4*oFSz4o|0vU|13tXV<-P|kV|K&l zhFw3lg(`U%-(lE;*B7p&v!Tq|Pv9@RRO;imTuB!UfK;nIQOA+IMG?Ty72j3-(vWrk z41Pz{!SBozKksVPlQ!4CnfQr&DUVb!jQxGO=ZA*8nwkA~6z-VS|0(&I+gT?(i64(_ zz4aL!+No=w=T_0@9C!z2j32Ra9MFPQxBxHG&x#svUhThv;bvZxB1Rit#Uk3Nv4*Zo z%_&H4<3$;7pm~*VGd0f4l_U}B&V5nUL8-x7vWPI+kU$mrElTU#eG<1GTxh7pvW$pI zyK*cv#iGTdNO&R4#a_VMELbkJS@0{hS)c}0UG8NdkJb2(->_MXQ z5{x6IYg`^Pm9B%B?!BjI*@@Vae1xRI%k+%P#Bz*j51+8-zz0(mbRqY5QxixHQGcaI zCiV>0tTt@`V#8ar%vJ`dsWoe1&iNORFf89>9qW>=(9-1D3Tj5OybSr$O&*p);p)qc zhIJSBBe2r*_S)#0+$fI(%Q(HOE`3*>(s!-N-Nn){)yOUtR95!Uz{06MJHJAO zNoh7VX2KtkYyq~<9i2U9bum>{!dE-6RK*w372y8|`u?&%Pwuh4zv<_ZVxQ{!7ymv= zCMDq{=Q=_nY4I%k4(R*$KRFW)|CGK@6dCd9C zq%bDaw`tn%NB2aNC?3W1ZLMKpa`&G12(E8ENXt#~iruvE&JRipqLIo(=p%kIi?CDO z!ySaTH$e(P#AE-^Pj@B1bzJIEP)mBObQS#8@kC!H9w7MYF5Tf;cg{E_+649t7yIgg z;OC?%F~Mn8l9BNQ*ETM=l2mXIF?-ZwU5_arbOfp-!>_doDra4(s0S}*yEtimm^3DI z$}AS8y;=b@!#xEq4395Si2Q=>l_n{4!DYUmzp`-mUhnG9UzvW+wok|l&z>(0aQpsQ%5V+P%FMpG74s5GXNkGBbF$pFQ)W}jf!)O9Hj;r)oSdM z%Biord^m%>`wkPKP7nDU+OC2P=ESse|K6e)%x z;`GBguyAz`5;FsFvA0{X*yTs+=OhD%3Ih-G?v%N3y}*jA3zs*%9EQ|@v_Luy6h$r} z1(mPL|J%oZQXY#b@VGSrTBZ8~;PD5f({%Y`pRX+DNBkg7))DtR)JgZ731Yuff;^C< z&=hedWQF+!tw|LYG;xC!ey_ob92ruG16F7;3R$O7^(sjvl`zTnM;4qR+3vAvDH+dB zEbNs`aZET4^VU{;7nA)tENhDHFB!5CFpO z5NiQw%$A>^+5W#URp?)DdY~Hd`9OSSoCIkCjONTpvG%IMdwK#wlZ!iwo}u7G^axu3 z8Z1Eunc;MH<8Ocah9Vi35!58*4}G`f58%k~4RGw;y!s@(0K zfO=fs!ZzJIw?kou&~$enEH$CA$&HFK<2L0^EHCQ6-QByDr;IoOnJ-=LuDBg5M9m&^ z=NyV!u56Q9CL~%gild6xqjC2EV8~nm z|HumnAr;Tq(!;Wg!^B=GWATEp*MPkBT~F=Xqzxd0j_2?S|8zQjTiTJe0+v0q&{bUV zP9=_i=e7d6jVs+w_<_;wQ_llta!w> z;rl+3_Pydh<|{q){AomJrFlE(yW0QV+h6wav##zE9wMEBl(K}Q+j2($D{Rhz({OlJ zpd#^R;4R`0F*FJeGWGJR1lX(A`ve)gf*A5_{Q$784)?wPBO2{gawSV%j6X6=Tc;RY z3s2!hg`3^Gm`(c-7p8>Uv}b!xyvLknZfV-rKU=;J>)}6!g_x3msS?%%cbkEp>3Y!! z18kFztECt$B`FfyvaH^sjiJDyhrC#uZ64 zEo0$aCk2BtfM`a~La&+DD^vHV`(Qoy3zjTpw)59T+2^orV+M3u4Txcdu7EeVtda?= zAOFI_1D>cpD5BgAAz`cJN&hMi>SXPpK8?j_TL)%RdUwtgk)keuwWhzd#*j4qc?L|r z2Pha`zFxD*wWZUwfY)@>Id!TsS6oLv?X zNsg8TTtQwcMt{_l;?3pVxayEE?Ge_0hZSmDL)>>Cc4@x0AWwoU7Np2g(xAI50Xnc+ z+Eu1KZ*Co$6S#QdLvGW#g~$81f#`W9Zu;zZo0dY_Ej{<0OA>*lEmzEa`7SBZpU zjb`)ssofpTc7)#wtj}l3bIBwv``VcT3k7O3Hu#zfXv}~1=a;8gji-Qo0WS&AR_dL~ z-(3-Etu#EiuRewGElkbM6jWH^wR>=PgM0h!CPBo-0tLH$!H-|y(I8eL!lX|M?}PAi z#N3$3_uqlYh7Pw;@47_*{^~#fl=5}Hh4_zVS9*L#vzM_{vM|8zns4>*z?0kkKX+f) zU40JJ+b{@>sWjP|rai}Wc7txugY&3vGyI9OOtHbtcO4O-dJ9(qvne?rZk*60fcySDf< zJysF*V^O$oO8rCZBZw#J00+O>2maS1ec%YknkYXdQe#OQoJN~nj&7*0M7;768 zR`A;dZZ6-Co6BRR3!4^|E^Nl_R~`dC!twU*&Gu1zGi$-;$F^f1W3jm^-I!A z2EE=nf02zaK;rYwFXp-^P95{a(`=Ak1kwcXq#WdNrExW4dE6iU~`4 z*CEa;4Wh(Fk!iN6oc>95;#NLjsg4iI{TP(dAly{%zw{$Ck2+ZDWS}E7vB(s=DrQ1 z;-CP#>1}P^#m&qck=xaM9q7U*02DCic<0W>4|% z^AxJ3*S#V55O&b_!&Bw9_1=Z$%-n>+dQ=5OoZI}=708qwk~3T{h{R0wD_3ac5wC?R zQ{Nmrwg5QsGJ3$NvnT2l&(5|j=sm(IsIy}W&lmy7&s_mWp0tO?+!Y#Kg-TQi(74ij zXqlmB>swZvV;f-b2(5Di5#c`+i)VWHBO$hNN1P(|1?dM2g<}E1{fh4yA$<=iH17kk z$yP(;j5riLO>r;pgYaf#f+JD{TkT;f0)(lNN|6io*fD3Q6tTri6sNU0S3BkfFKbin z9KdNS@|r%$YZI?5It{z_P|yfQqlq7k4z8DC8b5v9R!G2eVVeE}BGRZ|Ok_Cz)#{hI zbz<$VwKBvSWd|Sxc2S@hL{mg7zPi^~twp^09$5BViI!4ng_plNFgbQ_fT z)*uBd<>jDXqqte{#X3|6H|E~{RWdCQXFRCHL&uHypO)ef8Vp6pcQ@)W;Q^aIRn@D< zpNG&0HeBvTm4QZz&_O~-W*Ggo72`KRG)|Y0^EEh23Sc9^U<4RUC*&TpJEval!-_OZ zg|M|lp>h}73ivNPpX^lVhjJiI1_74Ls8KMF5*30aJf9~+L^7T^=K7B|VF8(FbNwSL z%RSd$(u)P>gv6eJ}B;&#oJ|j28w?6Y+>n zQ`ZGjgh$@|(r_|}ifO*+A*I-5f);XP)HKsi(_lEC;c#vPaC|Lf|4WS65q+^C4v_gM z-389!ZPm**m_%$PQ-If^o=x8p!fj)FX^D3dRA#>qfkH z{E`tilJIc~W-=bourL|EM)HwCt~aP6#Dr)&Se$&sm6mYcWej3xL7ll6sfuETHe&wpe7d9ogovLJ7L zTg$q2HDLtgLFVMKT52v_n#Yic`-t6w4kkSoS*c95=cNpT&{Y51mz6KomUL5nXOJ&d zs$rUiFL|n;c~W>&rvnaa;J%&MJ5Wps4~Xa*4=?OOBVrEXyX($lDmgeyCKlotZb-?U zoqmN%?kaLKP3uLKTtKUxZJq03N^ax6my5j?Q*ay?oY2P6e@)emBPR?3++Zvp2aU~N zk2`+Pp&)tpiUyK{wsgYQ=Pnlfm{?xFp10v=JgFx4L+Vj>MaW-`!w3RHU?DuLoQ4Cos;HlJiW)MV6!o)rB%a-e<2gY^ zjdezH7@s|`*Dk4|Mw>3ydi3&EqGV69%?=XW8t$G{wGm7)CImC@q(Afvz*$r48Uq1Y zQ|D?!(Fbe8irV835l~ntf`uOcDYp1fvEv8RuUWD$NX}n|)oQTlNh^xZ1C1rKk4sf? zcAUiQVv18-+K}S>9r%O=pPl@{;2R@~(^)X0IF;-WMPahbSB)X?RCOMLh*AqO^ZEeJ zfKF2~2st^3SxfKmI@Du4cggf6=q!2FSG2*?|Dk~n2IGMG6b+SYUGo(bAn?+?sZ+MNT>}_H%CYY@7 zjcd4SxQE5aE;t&vPuMOu;>me%DH^%0;Ql4 zCNX3uJobPx%EN?B*ap2v%Yt@7KXazfOvdzEWib6fTkQmz(}0~|kLPkfygH`y>bS%( z&}HbR*QDR)TnpkheBV95`g+&^qv9o~a-pkHnm~}!>y}~H4&SfCOjwC9oJvSkWQL>4 zBi`q&@>ud%^2ui6)i|8#_ED0PZo~pn{Umc8n$=GWHl{X%vzoS|oU^(uPzpL%f`{V4 ztaP$6DneBFjItz8zIf9(_me>M8#A$Pl0cCUQ=~k3;On}+ttXdbB$7@!Q=)^SpabU-6Hkl|8+P!EqBsz}SWYR_!0|}cueoC}o2{#C+ODvooV1;1rA%8jG@xR1r`wiV zbi#xFPMr09_I&TNNzKNo*Dq@G_5o8o)3#>4WqUj4-Fm{@Mi9>)*5Vt;U71l+&`I|<8HhZDcr7HCyqc8epq z>Ea65O90qIjgp;Tm%E|j#F(e)m#24Buy2W8Vb|`ukL+6MH7&i!Sqi{oB#d|Tqmzs{ z5eR%{vIM=xGI8pg%myJ)k!we#I>C<5{D_IuPcpyb_)j0T4)~yxU4x?j=m?^xZ_EY) z5(ZRXp339+KcDLmE|7y+L6=JeHdb$TfNh5L>t3Kt^VKLHX+7G--*`QO(H?=14!1!3 zmE7wmAYvLL1PJsA z81-FmMk&r$vpr6CF-A~M2F^(4r%*K7pb{CT?}*ic4Tjar$UKMoa#CB(_fogNJJxz` zxAhcS&*&hQ+2|MLpiz$75s=5=4*H76*OS<>?(|N}yZsFU1Y?@~%_*;4A3KU)xzDXD z!N{J-{5SrXl=`Xsh6NtWd=G!9J=RjA_wWDtJF)$pxTD;^eN}T6-pSPNBLai`%?znp zz$Onr^IrK)A?*w{IVhjqHViZ;jj@v9}!AuEZRk8fA()0!P2p# zDvqfRSng$lnkTX$?ms~u$QBY#YR{%@3c_oMLsUVh!a(0D%YynB0>JiXqC5~9zk035 zHU7XN9pXj$OIf54Oq0L4-xeuJ=OkpK`mI13Mzd&Yc3{Z*B9->Fe^m;p*D4i>N}rMv zkc^xV_o|N@KhF&$o1s7*uXCB038K|H!s)S}F1-fCLxgjk^>PX4f5BcKc!}j}Kvi%m zuv~g6F9)|CHr_iSiBlgO>a8VD2X^ zx7%__jz8x3t6j=L3=;1g+2{GyT@MY1hv;|q=R)*@^vCw)=`K_0cRKZFk$)0c_MrS$ zL?N}D`e9stdqReBT>K{Mt->b&jn>v%p#fBV?{*+W5SP)3-O<1nr3>h@`M1HtSDftUo6Huakdx^4YKmKm5Cwo|=Y_*;(I;q!e z_1+(Wr%PIDm0PXa@oE)Vt!0r~his7ww4=8uZf}X!vqdZQp0#=}$h7-outhBOzG(Hn z9jO-@Lyy(EZ@gO7R*Q@Zrg~Vh9D~tkTJz$pPQdf{a)?_P-qc>D!UWcMIG%rOeflfw z{W$np*7uU!!wzXH7J|O;>)4}$cbm2qHEQlWo}flU03fi0wxXNn+GE;u6I;`|(82%E zLT|B7atJ|~U3xzvU>}bw|4uN*J8t@{FkHiI5gJ~U!Q7k+yT;md;@c-mFO8X+EV;yR z@ac87WVsc>oG+q7I!$laPX8(NyWhGyZu)T;?lHIJS^8n+op(-@77J|f!aL-41sEmY z`{UgTG50_N=b3Swd7}LC^eY~3mb|c`%e1`Ms?&1gM8{uZ1D5fRJ@NU{!w0R0iO>TM z|Ag#S7Fq1UHR2NjJpCXKRUe= z@@}K$k-`7K1$lp_OQE-s-{bN;_>g3XafXe7#$y@ysRIcxwC$$`?8~r2>nxxgv9W?z zpnP~#a;KG)fufIdW4M@!A$>BGC&TOs=Fu?!-7-X8!s&Z*x5~=9P{g^uRx8B37DzT0 z5M4BDD@GOkw&P#xOJ&Vxu6ETLr_*Yc(_t4|F@;qaxI|(DZfAv8Y8a54&7E{XkDaP&ci2g1^=&wdUUlJg7 z?UQ~wNUweok$yUsAg(T}CgB{cyCN(@6(*9EF0NpY$_13{a5I0|S?*t^uuEovYk9RN zaKXycW2j@?6aAIC%%OXtl|%+VUM$B}PyZ6&6GS=2%G-E1JpeZG^SlKIlnGCvZv|1T#hyNHiuV4@4iF23uxH! z;`=%uSS``{!2IECFK+H}H2itNA!ygf{rvz|)thW()Aj`)*n!ZOI5t9LC*<9JsZ}yu8>~Z`_4?4#W7U6>7p^x7ShPQXXd^$JjCRBm9;Q zZ1)*&FGI7=rzZFCj|@jP5H!L|7Ab!u^yQvmt(~#jLD;uA*t(9;|0j?~_|tO3$u#<@ zFUutCsFeO$_?kBF1Up^ExK{X9Zu44{00un=8|X|C9YnP|jp*hV^Tm^;3^U$jJu01G z+3;kIKnB`mA)bQCQl-T4lsHcoa2jz_q{|K&Jg~48vH`$toNJ_`kuZ&eHVgR_R(qDB z#h+vSo4#lxF@mq^l2H~VLGJSc{;dbuR@30C43#e^ngl~<{uc_E61XUuE z6SH3DgcsTa;6y&#!m4BcUPhvPWWf)--IHH=;KJ77-%{U!6)BlNm_p z)v1&neRV3`(~<%6S1utA#LJ4_w~o9zl`(i3U5E|?-sujyP)7UAi*Kcl^6vZ;V}O#K z^vthLWenh<1YVsg2w?ZQ`b&bJygC(oj-7nge+5H{q7!^mDx;5sH)*~%{RqjakN)Y; zyk$Mu!+nF_8Q}!OvV&qfrR#NAbfm@g1H*(#4-ZA&s*2aB(v!YMm4Di6RB?#Lo#*%U zZ%AKmQyPGurhs{U^~rnEM>6Gpc@E~z$8?0isrVZm=-7>hKuhM1q>Aid=U_;)A4MPg z`Yp(SB-}x7+V<`>pwU~GAd%d<{KT*Md%8HB5xjMYCBs)LG0GwZ5xsRu5Qb6aeeQg| zbx9EDnf}on40Md}Z(l%d!4Rn=OEs<10(3e=ZQR{Zhvmze|0$M}kA)>IS#RC~jK!VG zpy4n(88Jdj)<2=p*DqKHLMGA_?00A=ZylB5gU$O-kzd~Mg-Wr`z9db%dsCm$6erNp za`&lPf67Htf1u-e2BlbqzS&D^lNO6=1E@JUpuqOft%vubpS;-zD{;ChZ}vltoIKFM z$$h&y`Q%+gp!`_g;b^IU=b$|6>@TS zoDfTSk57Ol5Nhge?e}&s#)Ei2 zFdLK$x@B3@HC1SeLmQrwN!%avKJZ3J*fSXbI!br+^G|w#?jwWzvvuSEP2qy4#=9nR z>k~AWB&<46SLDI}&M(i`KYM=nUwmBi`-kbro?lw-$3MRk?*)V6dke;>`>1&TYsRk(wxF*%%Fr}qu?!8jJ_5IK*PTc5lgXH`_69Fl%WJxrmYgd{cPcqi@V z`|YF+xQ5^02!5i0uTNOzxhwS~`>2X{V2*>pO%%dF2iMmpATWxbVFW10`{`RFd}x<8G_l(iP`-lw7|QoI8(qt!u&@a1z_>%o_w&_K zf1rcE?WR~k+mcNl)wXUuj{}LP@mGh`wa_Y1+~=n|IPRk!z^;5QW2>EDs$cpvGoXTi;o8MG3!;rc z7UYCp?riTz(QJW^N4u)7IQRQ!SZP36pwo$`vpr$CYMC>B#PXKk7sJYYG+lm}UYzAk zB?S2Nr~m!5qM(1+Q~n%q9gR%x|8Zheh%7T2oc?}Sqg#DTFoc8B?uvr3ZGVf=i*rmLkHawYTR1iKJ2j7Ql$H!OKFj)z?`N+_D0G+w0gjxs@ zRq(l;I@aS>1tan<9#Z=gQU!Z&ke-gM3ixze2XHrko#OLqzmYI$9fc&pEA+gBe}!Yh z?^Oxf^8tJBpC^BQ;IAcL{n!pD%isO3#w(FOO}0eLTMn3dBSeajsW*%auR&hL(SEkilp$d9w50%Pe{f{^(hEj1A*C-bU~7@mivyYiLbOy$(N7Ti9LrHkJv^L6DO+J*L)DDz zh`0rB040Xw7JRM+CRN9-h6e!MTJj_Ztwq4Nm5 zQm*ogazvJM9lI>|`e>(kamf^?wTZ44m&Z@pL<;R+{olVIvjxl)3R=zpqN+;v%1`)| zja%g0$}g^xLqVvZCsf@23O2?))TiYaHH=aMhisZD(BzS@>TzH72~OcOMKN8x!Zr?k zQ!lu`DfSy#PY43(7g2Jc`eB6!R4ah$>Gnu3;QnL%?{IVQ`HZp+$bvU#`o=kiX3Ns+ zY%89Ww@bGnsbZ2m_HZh>DH^?nJ>4hz}6*bJeE6*#($TwTiKiKAZ85{T- z>tF)o!(5C|OC4Zne($4vjxF#A{Znd<6?~rQ(H=JENAwf16ms|{4U^p?Hu>A8c>h_? zd+j6k#Yo223;{R}vRRWoV$-*Ar*E+fE930CnngafqzHQqFZ(SJZxR>q_RFwcS;#Jt z+($+WU3GO%UG+!ypPjqxk)k=SK>C2FWmK;q7x;I|r@QY13lMu@BN9 za+%A}y@hlGbz$|^9bvcSam#ma#S1_@!obIX*tdr59)c+K6yol+e><8vD@xT^5y8b^ zB2;~3BR9$3Z~2a70U$;)1MEgGI90Y%e!{xId*v(H8E}#9$ z{rq${hs$U84)K%5w>ct@Ft})m+wb#z8}GP z?l#>^-6A+IF?!i6NFO9T5u6{Tq^CPcReCt`pX_-^LiKkSai#|6d%Go8k1#}U0;V)J z_!G|*VITvEp?sU@p6)Gx2V;tY^F!VXXA%P(0D9oQ*R6;5gNy%n ze?*9$dw&EM$wqE^2^#L{&i1FFz3PSTh>AQdS}X6+*t@pejbeTOxXH4fo39)X6Jv` z4}{F|?=NEg?1fPy>jzd{X#Grr)%Qh7|wXd+A5iq)@nK| zi1)jxn*=WcpCatogUrCD2A(905Pctz#2$TLh++}KljeuO^QAo?+I$HVsvAQ4DS`7* zorf!f`yF`O!f+`*qM-g{oL~#2soV{sZ0nZ)p5A5#qwZ*C#}q>H8MvL3fcrB*0|7wy zjUH?!n3zeIb79ZUQdvQC#svTkc#?rr)SX|0ql*-ug2D^A<^8;8Sq*wW?++64eqQud z#8A+$dzGQ$`zCI{LIw1YSLp;_xKE*CA~}5d>G&&W)1PV||7?2hGkC$X=|-6iIHk$t z=;W{dP?$FR+dza^VW8H;!N&}|`}ohLk0D?~^yhmL$wvMyAODfO=*NGoW}DV5cC8yPpAA7UtC4{70l{KtUpv?BTVk7Vcg z_)m7hZfhC(_z#Vu(#I2jJ7~`{c7gBP4d^vp`RtYo7(8k;SQz|5+gX z41E>|u=%q<)LuUe^uA-Y2g0$;5dI7#9;M%c7DoJN<8P0q+aL96F2e}jrf(=1eld35 zUHv6<|4Q`+v497$DoTyd60aD|`0JbbGh;*)HxQYXi7(8}u&yn*MIvS|LCWju!e8l& z_VW7%!5zq@Ydn(Mv6p{RM9KfMLYH()YntJB?_A{8IEG+fEW*6*q~;lo@S!?CyZ(B( zX6AD4f+d8H18>)QlNM66S9UTeq$VvKfUK@SQuLyr+^3k375NmC<^(>)q&d%l07L@= z0!;x2@kGn%?28M9-eEcV35_ifq}*npgKMA|`ezoMs^*t>Ua9rv%T0a{OuyuzHz%$^ zg;-2t+@%=_P~S9fQUnS;hK& z_{`i^1kG=0l{(hk2$M<;! z?f1$G?MoSQBx1RPNo>zwMN;#T`2hT~5ZM$@7y99ApbxM2RWL_)DJIQFTbyYD9SgW* z9U*F589qN5x<6&{cCstt=)}U~Y`X-J_ZpA#zz|V{%OfAhko}I({cHz-y3hP4{zSfY zNbzZyU1Qu~%lWNCxq8~}*|!caeD2pIl|0{eqNjkR<2n69xs8O1)@ZZezJT|9S%#nb z5j0-Aumk155I!D7?YzIAXR854CP46$d_X2jJQ%Jy=6M;THNnml;tz%Mye%8ZZyu)K z_$DW||2>G35qxFqIgj^H{NBdg|0pJVmA$kz!y?O9O3RaS`akMJ7_sMl0E;9SN zXWjEmgS+nLo`+>|g?TD2D1tKO9;os>>0t_MS4bDbfi5BhDz^QS;-2;w?e+3FzSPWgW{e+c*wf!CFCgWi%w z*_0a!Qf??X-%Pn3FEHhX0>c93!v0}}(a$Cv`+q~FJ>^fM|IxsrCLA;O3ZjrMxG#u# z!nurxgd_S;y${t9_aX}dtF&txS0-nZzw&95UMVp80AtvDjSRLQP5S-8_Iax=&K_)k zaIoMqy1`ODglT-52Ycrqd9eL~!Bzy9RA|4rhwnR*ED3Ic^39m+ZCCdyOL3og8pW_F z@;9LJNE((Yu%8#fDjAamkX>< z2>&7K7wy-;v<6P&v+-Jd1!Oj^b5-~ zTCgM^AkQM~9h`oqlxUb>c7ia&dAfA#^N@h8C+8ufq`5XXX_#Wb3xZ~pq$*KIWJVDC08*e>Kp|WoL<-VQ*GDe--`Rc`LM{lk zCO1mu$WFH(21f5%${3mG3$_()1$pjEJ|Y>UpD*~mL%$1?%s(%jrhP3i0WD$GQ8cIg zUCQjqV>2+Dt?2S7%_;gFp{ar(I~<S5COu{Y!f>ULKx+HCqz&W z%iB1RmlzX&^Uq$u0JDf}D0>C)5wi7RhLR_PiS=xE-vd^*Ovs$i+=~jw|K+ek^mHph zVljp{Kj54Nvg(6bbe6c2jyA}VQ>!W2>ruNnRGVKNfq85!1TjXvU2{g|ouA@ovM+-Y zs@019F*pIvWJfR40Zt4?I`c=B@us|=8hrVV*G2RwnngS@nmw+X?~RoInS1M&fSkPx zhAgoi`Fuy{2zt0t02-;Uvqz8`QBOEXHF>>iQY-y;Rv?#q;Sd+WBO3%$(_=;anBGav zJHI}uhkvMZV`#MJh?Y8jentEcKJB4mllfsj9ArWmWC%CjG@fGF7Jx&^oN5kTKy+c=ax6r{kzB9Q%vIn98r(g1vi6CX4F#z)hJ18>b5VktR{`PV%S6yo(Y^v%c6 z$>%c#H*|_SpL7PTCpn!{RpudUFyuo;_J^1~%_rDlBNhwWj~y`0k7Q_d*~DSY{M~k} zQg%>S?2$#yOKJ=N&GJEm<$Ujy`eBAINhvPcOrh!>;BJk-cF{C$t7X28fT5 z4|?>pS@Gc=Y<3DJ-7~o}zKSuBJTR0ebLrhe**0flO>v-&fOy{-q(B>6Oc1qGFc5E` znA`vw6Mjzdf9BgyGXSJUh0FG-n(bdUI(u67Y%#y4`i`WN6{HH16+q+&T*c89=^KdX z-hv;LJn~wAU+{9-fxG@qR(Z1LS%iWHCeMW4hz*p^oI+_5KNvlvBtv2=@NN1y<&qb} z#YOZ384EQnrj)*3pG@|Y&aA+7_NE_z6rE2r2BQ&f{b6xI)&%6nM`6*MtUJPX`7Sl% zj(9t%j1Dwo5NOnv#9$*PFNuI8c_}Xv9`@Pml9Td!FT*ppqZc##AG}sZMmx=>P&d7L zn33?mcKs#4+ah#Z324zy;(5CKX%#?p`<=X*`!=@3Va0SAiiu&Dd|&02-_!l*$x#5K zoSu7>)4|)me9b|ILRWzh&QYPrRjABep^_>X*6mJ=2G7IG`~eT1s`s<#|FBXzoh+t} zhh#C~DO0KD1koo+T**h-=}=QLebOKg2b;?F5^U&|VrDCyHg1uuE(5&DgAg2}S^2sT z0e&LAA$;TTAH`@`i)G^<;J^1N@*sRZV5k`hgz+}P=|5#N60ElnMWUt+JWcAwj-aH$ za!?$~iE$1^(g=2u_w<23fUON$kl0 zAS<;vLM|r!>)l-fh|0F&i1BqFwISmH?yPqonSrcX_?xl8Ku0^*3{e~L}tQ}DzmfQR{d6XDz0K7yZWx{tsVfg2ed)X66p!9v-8 zg0uv}*rBnz#^>_r%|zY56OZ0{EDsw+D4x_u#yV;c44g|j35WmiYlI0a5x-&Y^RI?w ze*_16ge3_wBFHBq%*-tp^aJwL@+m^|v*qfO2`Ph1?o{cMgac&3h<7d)cyM(G&gZK? zLiQzGm~`ulw8Q1yM8g=@e?esgZ69&P;ALl z=g9-F&L`OlZLkQtuGViqGI;S3+G)~}BrZzx?%aj~&P$fkyY!N!)Up2}y&Yr|;oWsN z0Ref1o?aN92m+5_f7B2l>sS%MZqxfOGSy5%1AV~VtzKQ6>^W(OkO4<7q<+&S#qx%{ ztBM^*@pQn$)cq7*|GZhjjA9Ic-ta9Z(xt*Qi0$c;=aRUV=rjb2PP8J%3m?)vRID%W z^?ELTNy6abun|`g?o_AJ>ZG(z*TbfXYoR@jTGR{m zV26La6Rh?1qGJh*>Ci{8HlCxw$?ETVSzwci0iFJ=KFNT)2JO)y=LUK2!tfwRatyLV z>vVNEI3W}(t=uVL@6fm%e9KnD53QUJ z$aa0y9$^{?!EX=bDA8MjS=od?M`7D*s%c&ea}fUo!y&+hs27@mUtFk@coz4`ww!mM zf~m0HQNaysFIgL?DSwn6azLpFdNedK&8opAPzHr4t>|c)p^__$pinV_G%hk z%=-)sZ{Kw5o{zlbV~@V`8Y%trxg?dyXwC99W&)man*nV%-drs};r!8w5?xz}iXH0x z;W`0aae=apjEE_b`8ah>@xDX1rWC!xNIhzu5gkFjItxoj-#8sAXXro)Piv>4^Fw;% z5kwtS?5-+~z!-fyXAr?bOgbs?%wmW?pB1D}$YLBhx^e|uP_PI2fNPvVm>UIX;)1kx z^2T(Ze&dbGaaeVO=AvyMB;7`7JLqk1=i2)~hhgtVdDx2w{NK9Io9(yS=bR>o^gbTV z-t231N(wEL9OZb5%ZPrvs;Sma~U2?fL1T?%CfvkL}&%Ie4ENa0n2 z%lg6Q;9ypEm7VQhLEGsL)7HN9y2IX6n5Le@em))oqM)VZ{{aR!@&N!q48VRwYk$lD zNOu3OzU|1ce z57!x-0)KFOXmEdf2M>aeVv5J~2Gr0s#-K=|@5#_LT+Zd1y%Y`LcrWnc#JMW;F&{rwKuG~%CR`zCJ&YR49QFNz&OY(rti9D;A0 zXu?->H5Pwv7ZWl%r%n!Kz0snDL^47yF&S{UOr!{!y41JA4)JZ@HE>2); z0^1S^FMY%F*qs`U~#btd*0{&{;6KYs*!61P4<$X*wS58isXgNUT) zV{>N^kDw(TGeSb!&Lpic5_4pjhkhg)2|>hA_G6SSdcg}AIgeAee}pb#x zrauC&0S%2+`|}<~eC*7;E;7n6Yx0Z+5)S* z%*Zn$pr3`*mA7gc+dlg-Ea=(pxS-Jwx}XZkBeu_uTf~|%+Xv;X`@L$-MO#=gX8Y{- z-rd5rcVpcBUcEf*!~_0s-R;fwTkXz9dN+?|XLiBPknNLWtTOG<0-+9u7A@G%9TDDh z1EkMsHeCk;(kMBLooKdLz?n5)H~W^dNfP6#m-q299=}PUH39gT+I`x`gJ#zLjbBhl zre_pK*jNEu7G|Mg@o%F2&;#u;bbXe4pr{SJZ8$Vi5NF zD2l6DI6h@4UOPUDFmW%U)7-w@9l-SkEGUwr*peznH~5X}>&ux$7#<$}O7se~#as?y zW)e}f#He+Ydz`jVc%(TfXS8ZY|DElhK&XIX^_}ha;#VaBmWC9ZZb1`>Pm7ixL0xPrxby;XPy6+j8L9g?twPZ|D01hU zVLOR#rv0zSiUGhs?_f)PreH#3hI4+Y@ys2+0H4}<2lA1L?QyY)fOtRq3~lmLEVx^F z5laOHKv3)*L=`VS)1r#NjV6Rv(-f)$J{sZY$Z;yl!}LfM`dMf{(K4>TLBD)-YmrjS zG4upLh61$t(E#mqqC6zebTkdf&ftJQ`g4w&4|_wu42=8$fGg2?uTIuLe%_tixmU7n z@;OwSPbdUJwdj#UwLm2ts+|BTCmSk>ASz@!C@S_n6WISaVVquhQqT7~2PXCW%Sp7i z-gDZZP?ruS(8-Ch-v5U8=H0eTrJjhlC6W(rac%?7M^W^L z;~!pBQT!0QAhysSKui_w5cXgVFr7iM1xkXxpNpKpwdv~GBGu3%dpr1S))G=XS4Fc4 z33w4Gx{!+GtBqA+RfmdtS+qiwC zNWNw>oY{dsnXl0!%l}6+9gzRj7d*6{M4u9b5v9!J`p&0b#aHxMIShJ-AcVj{!|C!q zYDGm7G(3;{bwMh!O~&F2Bkq)`L|i&+X6VvYyU9b)D*0FtL;{ov4PQM&XebxKd~1Mh zAgU%uALhTExoeQW**U2v@o12=WQ-|XOb@fTBkiZbmK^pW(eEQv&MPjRoWtk6=CH_( z5b$G6Kx57#XqjQJ4VD#pLN9zBje$?4wI(*b>qc5RT^Iz_^s)ZN192uY@3kv#7G?%OX=D0rV;%O9p(y2|(; zS^!x4Ala`KS^}2MosfzE9azEUVYlix2@PEE2ja63fA~)j7RD4WP+NEgAl*K%=ogHQ zxgS;IbPChCUpwAsiuLQG)F({t!IS?uq0VpS&J+97v7YW0%xialUKhDuGUc4r>0wLl z^N~FIWbEX;+h~r0Rr~+KpIH52H2Vkvx&7;wEu4}~M;=l+)AA`B((iD)iih;l>n1j& zd&n_OBWNlDTTTA`;QuLf*y{ZYfCU4*cY**{10WBQ|1fC40?+IPYfw~rdsMLPT|6nT zS2ykUQpYf29~Ipq0nl^N0)YH7$UDMMKET+!1vAmx|D#A3|I2NFd69Y8Q0KI7pKsm7l`J*!Y zZfyR^Y=~SDeOZo4Hl}idq{z?H1*`U6Ms!LXkpgCXuFcU0V|JLo5{;&>ol*+3$*>3Nr^AS}%BIDl)Vj~ysz3S0JZ&E!M zYO;@-d{vt4$w}Vj=WvG|K(7N+`aY@K!5!YRg-F}oM$5AEASK5paEB83Jx1Wue**%~ zFci`c5g0EYc=?27(4m+|hedtD#0M12M_@1IGgu%#oOVQ!curs?IJ;|;v9|hUV_2I!=N00=-A*(*6nF>xf@D{o!!@l&%~PB=%Fg zfyDii+(ijE-t!h;#GG#XmB;Hw+?ny+h^3-D$l9ksQkistQALN`I30O|E5K+6mb1e8 zfz9hB07nbaJ0CaNP09b7j1tOhkPF8B{P23Z^DfcZ<3;*e&qunKf%}15nLZP2!4(Hn z<#NXMABwG*Dt7=_fLj8_$+-X>wb^kvo%8`lfKf1A=zuy5O9W{u-k_`POs>JDg;Kg? z@DLVt%)0@509f}!na?6ds9b5b`5snu0a}Ycw$ukkJ7Xdj#ZxNCRRq&Ad1#LAWOz$N zbf`_$^&V~kIeuE}UvNO|{?7LMkLGpjh;q&}bn5;CS1{c!Fre4`cZg&ZJ@uDlfPjBs zk?!~(^}Lgg@H<@g3IW&cC11_E{cX&{Dh<1ZeC>O^ycbY8C*+TavVgE-{{(yl)zhuP zu|3|0e@P7i;X8jE3xa-}Y#7Ww9n7vi&@fx(*L?Lacq!KX-u#acvSgtn(vl>TdBEHH z6W&#_TZ-+&hdMx0@BG*Oo;`|P@;O@aQSf%H`b*eBA-OCW?Ira7f!#h=El%vt>#b&i z-?}qd4cBnelhjYLcU_0~`|r~vb=}(DMekwC>m@bTHx+*tC%W?94`&t8#I9+1yZ$7< zUYFPPTdEPqAF8qI7xL29pe-zYN-Rse@Y`@PaPGSEHVmA{~pazMA0>8z`G7H<+NBHKIg3$oqL2f275 zgn5qR^4Ph9!H)X^uSGL3^C+l!5`LNl$R8V{da_cC6 z|C;X=*i8a-E)tGsaqYJWCXsNVz{A!25p491VQXf1JI|3kY`h8_U$o}=Mj@e{) zaIBj=_b0ter?Vg(0t*d+h3KdWQ~$}|V!SqzFKaIGx_AG#>4F{BMQ7i1BBH&g0hYz2 z(+HSy$WAJyiuPgpSILLz8T>ULKg>Wxl){7HnlME3LFAE45oOpnFu1Saogfm7`QGHu zun9$>Y@(2$okwWXhC?U>A3Pv$=VL1^*h=yE91EzEu;<+kd)*jn5f9rkqdqe?$QZ%x z#TDq&$auZr<9Y9WBWrIEE9>Ok8Qhenf@Dl1pFl|Ve9QaWM?_udj06|;@2N}bmxm}_ zsu|a{NV3TktAutsM;=FkR6lBaNc)fuf^?P86n)7<9lO;tN`H&QC1?hx3)KwZyTbtM ze1Q8E;69{70Juc}H*WDdUZ+vGi={S|Hfm|3x6w-9VxR??eF0?t@f17_6q6vMM9vLW zLNG?&?^BHVJA(ZmjF2w0;wHm~zR7ZpCUXQ7pfd~T`Uq}}6M|p~PH{OipB_1en84FX z@`S|gTZ|;DcZBvWsPS|L!VIe)ZI^SN$phaoTlSZPfp2|`z>T;~7zF*4N|Xa@HyR! z@SovRy11o(aQL%gQlhW*gp#~{6&MibKvMCkBhdOYrxDMP`wZ=eu;3e^Q*t1+Sdhx@ z6qgg{5PXN7##nqr9uh=QLy02984*Gr;RE?N+Fe{qTtcAy?F!m%OiDIR0i8sX()mO& zvk+?Q`S^;^`o{~JAaDA)(Lkb)Q&y_-*}_iRU+ZGwD9oi=mrO{u15HwX04;$Gq_N3@ zuA4cF%$Qb>w-{j>c$;5?dj47~p*rH(s4N^rX&?UY*L{j|qCYZ{MVRqE{6+=33qWb2 z&xFDd=vjn}q0D=QeEoO;KjHt*Co0B1Z=>%s0ttqA=z9J}R+2k^FQzlCFIXGLNtj3A zy#SBlbWEdm<$F54SLfY+m*nrkviW8V7ekI>!bu)-#IO%t^+ieCfEIdy4d>H{8WcX9 zFRQ(eTUM7p5ey%m7%d~#rz>7}aj%vm(lA`v)Y-!s4@f-fJ(>pQmw$WgohwFT_f#6p<%%NVQI_KGOHGdqy6?3=`RKfo| zx%)sBgxI^3*Y@#HcJol)WN=_@cM|3&=G|Utc_btQOt{bcKa-gW$LTCoCBDGwR!RfNWa`0bf;+0mGGvcrK13}As_cLTdj=Z=WymB<-bsVr^@4?T zNh%3LrH7qid?T&SqE>V!2sX^;9$?f+^%a3Gq%j$WkZaIK&Yfq>JdX2FnYW2-CT=T4 zhkJqX-YB4={Kt`${4pJ0M`V2AR##K2bbAMl?_2j{d=ei$ z8|`^K3`EB3B!-Q5Bs3%bpchkqA!87nkMdz}AFV<<89`CMjEf+nlOf7Rdc>W^Q2ALL z(!cV4oq#XGFt*9U1K06#CJ~0;)Dsy>;5qYN$n@kEi&bf-i?8pY!>5SrW1$6>4D$X) zi}dz9qeSL4XrnaYb1*=+F`rOQS6t7Sr<0YGBKovN(qx7AhV$5-Ct*g$!W^awiOIG$ zJWjXAbX%ME*GWN5+?JWiY~y$3{bXU#H|T;lOmln$V}NuTUR-j0UKbCJL;)kz*|r6p zTqKXM4f#_MU{uM_3qYaA02CTDL8qU5#s^{Iya>hI_B>JAjF3G7;40(q9^zd^6dcKws zN({pXKRIFotn`bf>U&8;f|uq5d$O&6VzDs9ZZO7%TwDbMYsI_+FR2F*Tz-6X#EmC> zUW8qk;E+szyF(;*0xsm(PD#2X>7e8l4gW?=Jn=>6!dGh`%nYCkEm4_jy6R-=30i|= z7Gaa=?S6}ekPLf(&>n~b@e%OmdqWfs^o3}hlua`cU0?azY_s6r`P2%!FclSvUdP-CFaeQUiV{)@IUfH-8mGnh{7B%>&?GxHO%+VBb#;*o$%EJ!Z0vNy8#nGqRg<8bDGI5SOXve2dA{muW^G>;T!RCOCk)FR%L& zWFz{96@6TMwSTpg%-8WMAvOA~U*Q0x2N|S*`25u1hav+#YT>D<^ zqILdmlE>du2FDI0c57WF@oYQ_iQmC6sKs5>f?pX2*3=lJy>EpuoeoU*`aHCT4s6pH zc+O4>a)KUKWxkl4*WDv%5)9%C-u&)7NC{>kz!#?tDqoOOCfLouFUJ7f&=`OoT%eSJ zdG~%piER`XpU|iBjXG9;e*Pf$Df)C$z**sm5iI6vJEhTEX{<~mdg~B`)}4}Y)Hbsi zb`j4^W*;>(Uk#LkjnUcv4@94Odg&9w7;AVY1-;FhMv zzvChM5<0)LZ6+9+XB|%i#dPx&G<89nBM92e3?4Q;0uQ+mG$f<05KUzmc)o12GdZ@s|9~%W>V|kgQFWpkK(L#4B)++Zb3E4lFiv-pn@yjw?09=D?TOHlw4iX zbF^e#$=VgYv)*1b6A`E0xsv_4X=Ra1={?BCR;VH?l|NR8-HPmtUZ(HIEeroZ} z6+ORR(erXCARImIxn$=zCM7TaP3x~Q;3?PLP;!0A4JGd?+3=0sen|U;$opTCJ%3F0 z{Nphanwj_x8W;LP>u(SN@NZJ=Rk8Yp`l@ZId2QPe)vYQn=KSw2mGnLO{1HvRtm$_& z^)x-9B;3y0zg_b$)^x3=4Uzi&`h1_JKh^YQO;1sL=4g7kriPdGXXzcuSqHp{A7s_Ggx$79PDoWBx%ty!@aSl3rK)L;PdSTlFh(gdo+YU^84 zP4!iE@r|vUHWA+IR+q(NI#y6CCIrS03?$yL38ZGqa&}CoW?J^#(6ZHk2a?77>q$+2 zpy|&w{k5hqYx=4(seiJjZ`SlIP0!WzQcbVW^lD8vYFe-9EtU=EHQlV~ zyBouJou&BPqUF7sPPCtBy>5lqq^XrZsBnL*=}}D&AEUq5HweD7G&Oi#k>}6p^Fd8t z*7U79-uaPnuhZu(n*LVPSOo8%X#Q6;y;#c^M*9CqX&F;~;e*U9rsHIlwjVa`BO-Y43 z=U1Yw8s=2(&8c`zsu4y?ZGF6^p}Lh!9#~H`@z&;4e0}+f4HYG;*CaM1*Ik~7H#Cxs zH7!=r(AY>OMr}RWJhN)1!9pmURWlprLq%)zmS7QCV)M=`f-wf8w}OnOWm~G6R;M;C zLTff<;wYdzGKN~o;sg8yDx{iV%A~}Q3unxl)x0=f-_R1@)X-X=T|Hjg%%xRiJHc#& z}pbKB#E&Z4|XTmHa4X&c`!k1v~7F~?6vxacy$9zsrr^|P!)+B zU{<1k7?6e%=ozOhu_UV-wl&t(RuQn3+txO0P1UP`bv039QM_PQbpgiMw6V6PCRHC# zVZs_|&^nyjRCBz^=mY|<+0opR+P0z=QDK1Hg!B}GesbHj9xG^tPB%nP9=K5yQhNgCr3luoOh%9{D=qUCQYSYLFPV{8xwdTWwPPV(FbgFn zmP8Vif?F2RGAHcDn^@*lT7kh~3ntQSP04y%}JAjGnbdGPm}`Dk`_qhjjb)Dg*H{S*0rb_2r>dYp^%X*A(Z7wY&fP1RGt=t zc&V=eL)SxsRypX7?L^D8khGh4^S%?98@V>tkomssSrvvDP~4jW}BD5sPB6O15}mOM?X3 zrp4+vZY8KbMc8tLf#{|u41lDiT8gf~S!Hp+ZLNnH+U(nr6qt02BVfRRc_4KuMyH}! zOooCb1vF!UJToTEnn9^s;v7&sK>!_ygQ!ugripPth>x5iEYtWQ6c$_G z17MFe^2zyNzTzl!ORi zGJ*a2L{N0PsIIDhbF93o4yD^bZojG(YE+mWo5|>nsq~7$nnN)6=2Xm7v$Q>9R`VGw zgIx7zEAUTes*Tw8@uvg5_jighDsCRx_p($rerBJpT{J^C;Z z^M*;hjoCCrFN}U!DNML{Gi*T$frqWYa2atcyqenPEl_xBL)XAVA}bOmxpdF`rl_iv zCELEWu7=EaG^bSsD|%C$(Tih@q)Ihl4`Z|m!R?k-*dtmEQ&&YmTOt+LtzABM!G$p- z_zQkv=QCbcwJ}vkL3}Aj$hw7{FM3>PVt*R7S{Peb-`v{R*w94iJHbEx?izQpJ zZ6WS*T|)yzaqM-m>ZTMdKCnK^ho(jGQ0N_!2qsLdu{qUR)6mq=&=R{^QQcPC4DwcQ ziEm7`Y)`?AF|UPvDiIXZVq02T8W+uS-Lhf5NhXb~Sj?Ap>n~*24gmje{&Cv%L8&skSO8gxYNoWW0=GSyhfvEUlc1k}ZgU zSi;hGjHNsij2IB3VX=@$6Kq5>w6Qjl>tuScDkhKBI89B#;(}OdaDA{g2uM`SW@FfE zXTji`0zt^l0rwF2xFL!bCarL_c>Yls>*`a@)m4pPa$~*mgnu{^5YGl?5+E)i1CnIs z&6j3XUxUB_MPlLwH{5Wk@O_|jl@BoqCom+A9L!;Vns%9>D!{QM<6{z3kRt2Qg%5%i zmubjgTPy5D;!x_Q3M4C-JGUTSSi|9gxe^|j?Uo*#V4hIOU3l!QN1Q}Q8L@rL4DyJ1 z7pKJ@E5P_%oCJ!qx~>61Fl!RDG`pp-paj_FR-L|*6nVrd zj8rL@QxJFk1-c8Y%te7kF(GR;W`a15`QjK4xC5KH5aWU%6^^BEB`XV|zmrw2hkjV}86afH+T9ULw6!!P7XgmVksj6)tro_8hbCW659N#Xr*r1hSi9Y$}Duu?glr@SY z(fO6jXyM01I6y=}U&GIeR5GY4$$c9*8=eV!VkVyrG6(*O+xKv8C=A)Cci=D72m+PmY$Ui8i3_gy$M@A*RJv zq^fQ{W+fk#h{o|DjZ?>%MRsQZ7BSGU$Bh~*8melfNQq5$GZ+!Wk(r9EPF3;A7x*G6 zvC}{s+N=SSVrekJv!RGpE>>o)ZhY3Q4)0Qhu?}f8=QqQo)9@yca$8El005n>2^AUG z++uiIOydbv@CIY68dG#wNezDJ#>=_bc&tU)Uxwgm3(wY zg>Y~|v?v0)`Lm6rF0FBhRubqok^m?gP_&w~o(3E^Y{Yg;7!`$|g#t)K@;^a}j<#k4 z9T~}FgUbj?wU0q_sxlVYeH|Q(q+^2MFXOKULO=rE>M{`-x0oVn37Ih+5ZX}W#sN^I znGD23u0c&av~I}mC(a41A6M0O;>HBJTn+?cme^*BUqwyT-5;}T5kin-7lLLeuh@uS zjBbQO)URB_RIi{|pGC{oaC8;^Bxjd)VMW>6#Ojh27|wVA#c}g1FWu3S0^=05%_=%~ea>VW zY&$v}pmQvCW}HJfbAUL+1>x#!z8TYIHKRpvJd5Hc2`^8ztf*>kf$ZXcOO|nRs-|aY zda3H8|1qN1f8oPc^mYiKegV zlJ;-a)Y{o|wA}Ke=}TkuZ|#5oW$EXNuSoi1eYW&T%`bXL%J=KDr59+vl^Z;Jj+TE> z>qpa%M&Lx-zvW@+|0Yd;@>O}Z^dZf^Nb@`O+0s(Yw{nAL&(ZP+wSK>*-_i8$2%Kp9 zk3AxIS$f?8d7fyx1%!^{j_TudtRO`Kdt$9oK(tkpZRA<`tYo9T7Q;2KT{~_s|qCjo<3XtKP!Du@v)S5#pq9c1H^W$T0(TO zjjiy2$OdJ_8WZ)}j7{|xzo_0U0Y9sBZK?m@6q!b1987rYel2H-`dJla{_lEtasJaL zjl}smjK72I+qiCb%&(dwD{Hu{hhvB{atNO~hk?rvEs(ZdT0=_^F}$*d~tP$6A}}7x^6-DPh+)x5S!LRZZ1=;LfKp z4kpojxC|)PHLK<>TzJ97a~JrV4ie9gZEkAVPPO&%teaXJS{BE2Lx2iOSC!AT&;h$s zvNwus3Og*La~3Nx_(B~13$&_2)E3hL4SuYO;$h64V0AYr=d1+x8~jOCU&TBc+i}RM z&`KtUo^&y%(anB*)`AOQbYN$W2%(k?j5oGo$PqKQTn#)#ayQa3xax++9Xta>f&fv- zRSB8xv03xZEo!!H$XPY=j1(~(y3!KIp)$A+aUAK}76jy|K&4|ANVEFp4Gb7(FzLr8 zfUW^oZrW6blbZB{gWUMxwxg13*H+M86q#=}<2EF?3VucLoRxE2b8Q*nuTb4h&L*#e zQy=FJu?5@E+JtQe+I5|VLr#2;2WESAm1(haz*q>AZLM$EPFv%8m=jCKU*A>OK7)~2 z$Ey;%g<836l?DqcXx_0c0bd4N5Vffqgbx%0P#ar{RZX>si?-HR-3(ON+g=J>Hvug) zXs&LmZER_1icuci9J-d|1K8Nwyn}pmJv9VpwK|0j&Dct8DNw+O_NPcDq?-LUHJBGn z`PO*V%?*6FskC8R6_`x|6U(XFR2!CjGj~~4gQ!z;bBy!ZgQq=@K%Z!dPBwETwyT?3 z8)=htQ)|8K5`#2#F8+$fy!R?b`+S{3>ADOD8{;)NI$DkK?ue~L{1UtIJ8&2nTaQGJ zWFdB7W#EFev_`wI_1E%;xGoNZD(lxhY&$A|Vb1io6 z?UAPgKBbReqAi7!aySA&yM*KyQC%V|hT&#%B|?p<`i9ocTjV4q!{c+Xb*W9b|3o~& z{VX?fQ5X^7a@iHKvpxaU-5N}sWESh?8+tU%M&^<9)T-c~2N(!gAVM*^4Be#k6 zxrs1AgKf1fn9tbKCO*m5Slh__M+fM9cA$XRTt4i|bW&25X_%)umD=ihRE`XAP)jYH zq5vzz%5 zYnHF1ZE6KW5=0W6GIKOkoNK`3AyQjaN1|&7QLUcOD?rZjFIvKo*@)=WKqjLSq&%G- zR>Wc;AukrlI1#k1wythRj7WwJbh=qsx22)EWxnOukJ$E&u}wT8 zNKXi)vQ;F=uAw0=iX+MamzLuUIBc8X006~{;Q3;Bpq;aMWcc&6PP5jqeF~~dLbqbw zS~e&sg5`Gx_1m2Cdz3IqwA-c>6d2eU{jxZ(Z<#l3T|JYir6I;=Gqe*oh#*{+&K!S1 zybOU342+-9%`60MHc}|SuoS61FK!|ohd}7uc1>zgtYX!gwNa_=LPi>{710kYaEb?X zUy8Zh+SmX}VSX{I#E$jxjVvXpYgcgvROO=hD(EYq2n~mjH!WsdOK3#C04tnT*E&1C zYO7|h77d%Kq5SyVOXIG%rHPd{NWze~e=sx0xF`qbWPpu=Sxy;+vjvybHhKiW^|OV6 zwGzVGIA&TXz0Z@Im2AD~^;JF%NxTjt6Gs%#Lt%NM9MP6FYgw9TfGj=({lxhnidU_^ zHeRw~#j0f`YZIjyCGejUFULvZ?YO6a2R{A2f#57%ohZ4oVpZA7wXs>PHMC#J*=tvq zEK7hwF~x$9xG-u|>t4A~Uvl{$>0$XC}-ZM0}Z1sd3fj zDl(X{FV~Eo<}a3(PQy3hhHML6Uy;t|U$$Z1nP)A&gls3Vh^ugM0vmaVNP{dJP;0}A z#LCOpCLzWkJT;gUi@iK2!G7VqxsskZU(#EPBz<{-q<_`)t>?<~dQDH!dT-G5d`&lN z`k=ynUeoS*(te(%-RH^kCpEq4e0jd-0!iO=k)&_e^g>NnYWm?)DgU0PQxfuAqUjms z^85i!V=Lu(kETzqlINdmT2LX+f6(;JtL6C}nqH(SHp7{2_3I>U*0fF2c1>^7^ma|} z)bsU~PJM>UGM}Ly;9Td&rA8AHQoN7@_fIhKYmf3J71P`uBK&? z^q@XRQ)_puG}1xV^YwK8Pze9E}{NdASkTJ)eW0-5%CKFW)Lr07$(0_Ggr!Y9(xZ|Y6jtNOFg^hsG zBFRQb6!(}Y`3-RBY<1bvb!!u<>&I*YXTaazW@huZ%XNRyi~t$1YalZ_){tE_Vqd`Z zhfHB6sCYO6Zr@OOg{smeP4a)XRqeplM}PC0cPsfer*OWzb_1R(D_xyfuE`ouk?)LY zT9!c0%JQ|Vu1u_SKPXG@#Kj9^@iSK^u3A^NI#G(BW#tts%J>&wa0<-91W1Yj8QZ~i zYuxIF*ZS~w$XtL8lxSb#SHRACV;~A2IdpdeIyawB|nN22m`WIA$@tA4R8YE zc-p{=d<6}-6NIe-te2C+e5n}ZOkr};WMdOhIr3`0azA#}npz6Y&ObS*+As<{%tp}`zVNv@$GipmiHMbBaR)aI+luI+7E&}9WwJY(0Got)EYjfw+UH=iY&^gf z6qIFwJuzmBAo2`b@|CUpB9$`fh|Kd{Xc zY8UHX9Ms#?Kxg$>hhZ-qp}Sganj>h*0oI_R zKW59df~{QR!iAIL>o?)fQEXz#C@0c6c;=$&swO&d8?Zb>vp-HfwlNaEJ!yBC zLcnOv>U(eO*y==^_%c05OP?X=7cYLZE&L*fyxevqYY!_WG(Nwwg9D7mYFLk}(6~rx z&LnPS;!Tb*&LZ0sz$NrigV%qcnsm#19aKy|*inK`BoiQIoU|M-%0Q3;J2n|5MEvK8P60k9O z0T#2LfmjgEwQ^N=dn0$HrFN<(1j2$#6Ilr3Ooh2`$Ngm74B-T;B$KT1F4RLL)w_fFFfTIQ}!nJde|24a75@a^vP>@k#FXu*^(| zl$hvV2Cm;&RlT)vRx^%LIoF*x!l#ACMe$JF#bXSarpAeN!FjA({(vyxLl#0p|F z1sm~(j{f=XJD2mXA8OisgFIh!lcWzeO8SLLNng_EmuuwtgIgrMN%Mc+AkRCr{ns@8 zyQY^lNqP51NpIEXZ)mz}Cwf~;h|DUcCgJW=CDZFq0 zM)=vrYtR2vxQ3s>wfQl)MyFRQHw><|kHWS7te(;5SoN&jQp3~Mm8~CJC$=7p?~T8I zp!59B_lZ3E{oRs&Y=fkgPl;Uo53To{rX!jf-rEjH{U||50*yDUml~se`vmy+w*HwK3jj*kL6o^dydw->FKb%HGGbDK1?3idbf3L z<21Zx4*h@Zy$4{FRrWT1hZ0PssemhHP!U7|Nk9YyAr+!&CIQ8UlVnH+CNp6Q5Nz1X zTClIX7F@gQu2@h}QEb>&7kfj+vTND3cMt3 zTkbmfpTfS3BgMV* z>HkKD`6C^?n7@(cHScouP`8lJ-zPbqVt)FhWcj|WcruB5$K`c1a> zq~5EZ+LTMZO8eUy|D`Y3^iuTy!xa8&*Y!W~zaRbIEaqV!|5O^s8P;^?zi!%-H&X5_ z?@~L`zBBx_4tvYVOS>fT-z$avRQV_4b_vfE+F#-DZ^e}4d=vBX-HE81f0eYKKh>I- zaohB1mS0a4`_c~B^mnO4X5jC&_PtBp@)P}+{z2^D{S)oWcvH&%Gqf+^73^2kb^gmZ3RTbi zdz1Fp(!98z%D#MOiTy8V-&y{g=_cVi#%_On}}t6D*WZNzt&-1;xFa| zWqe}muS?xZ`_Ax-`L*TA;gESmdH)#g_nTqO#llx%dFemal8+?xAGq30)o|WU+;if3 z+7r3V-x(hEU#0)k_qYCiL|)7vNxAUy{V4p`DdI2b=PZ9R5AbvC%lyI5wJ-AyKi9s@ zSNvT2GSBgI?aMe+`p+#)|CNq>QU@fLJMmBEL8bl9Nl|_z|J)9DCPr-gDgNiueyzh? zJNe}fxqOdF{hvVl&iW(%OSlDPd~JA)A7|3Ov;7wHD;)mIcZZB04oMMzcco1~DZlH< zKl~um)r|jKYJLj)pE~SIc;?@cm@hrlk`&=j)&HC#{+aQkQfCV<9yqXHb)tVt$@iW$ z=2CyA{cTPE2a^1AsYg@TuXXql;%3 zzfX#f_@dOZ8k=s?{>mHq-n4uVwf#J6ZhCEUIy?REcc6VQ^Qqdtj>2BFFa5vxBk1h^ zC(yive_!Fn0?|$XM0_Oqr1l-{e*^8e^SzAEo#7XEWZqQxb7)`EU&be?>@QUZi&bEc zSpU7O-lmV(Up~w7%VsC1tIS)ABd_v%a3#%2`4IotI_wXX{*w+o$?$KaIhoJ;)M0Pg zK{g!nUdErV(Ef71mvF6c@FI`RuW|hJAKFh<|D5Ij8=9B=-z>a%K%9PXa=Jj$5bUwLS9JY=4o)nEON{;#JwvA@w_PyCbh5aCDA zzO=t0Uv`-FxAyR4|M#JJYtE&nlkb%N4tupnSa)Q-K-#~9eq#7#okHw;e`5GErTu0C zF8+!Bi(Z4I)5$5~FXLA+Cn)(N{DrjN&h(M|k^EauxtN!A3MqdpXn$MFudGjK`}+I$ z!4&qzKW9C3uJ67~`>FcR6^`)Bx`1`xrQT2Bztdj{&k&z2N5hDti4%#%#Gza-tR_E) z*h~x%|3mzOcpdR(;)?m!zZ;0fY`-TFcV)o#q<>?Gdr&@u+jCQ+bBPrd?WF8 z%Ksj==C7fA73I&6e~EYp<)4xNns_JWyDhZtj3VAe`JquOpGWy>%FiKx0r76ipCrGY zcn{^9$h$(;y?ZHdAb%)v4ds`SznXX-3s8pCvv> zc`uf?4B|tS7m=Sye3#@mb3MLH!#U zkoYF$Yss%8Zlrt@`5s4Ef8L_JhWu>e+mxR|{!HRKls`cJG2*+Fe@lKd@t>3z9BuvE zhxjkbPa}Ue@jc3)CjSEQeaibBW8KLien9ztU_#etYApa@x zBg);!T7O3nKc@U3@`n>Yq5M4Z7ZX3F{7LfvAbv*q*W@=7Kc_tJIP33t;un-RlV3pm zlJY;1zmoVB_$}r0$uA^+NBLUvj}pJ9{2TH=5;svk z=6J@7_ygrW@&V#z%KuFM2I7yDze4^^;ugxYPhh-=bsWE!ldmM!Q@)7&(ZnMuznc7C zh#tycC;u*S3FX_LX#E{RJdg4k@(sjwJ#0XGvp-l)`3B01DSv?Sb20wb|2B|+n|L1O zy-%|KW)RP(d^Gt&;sul+PQHnFA?0V2zetesd&sXPUQGGh7X_q%6oMG`k z%Ja#OBi>K>9P%FGTFOr&|9j#Cl;1*r74bpJH;{ja_z>j-e$RX%K1_KL`7+`ol>5m? zi0df7g8Ws)M=5`T{L{q8DF2H5cf`jjcb{p)vj_1R%4^6UOnjE|lgOVze39~1ULpSmu_xtUlix&4r+na9Hat5KvnU@=eiAX8@@Dd_#2m`cA%8xxFXi`;zn?ge z^7qJpMBJY8UT53zWDo~aK8*Yb;tQ$ZiF;7KlKh>-e9Au}|0S`I@`1~3c!m(iQ9hk~ zIdKx@i^v~CoJ{$>7Xw zSDXG`@_u3u%1-ze`*c^|I-JxO^V$~TdBU1-C#9p!oC3yJBJSCOwL zW>Ov{zl7MA@;{MZLF`ZYQ{YL-dxm6VU5d>#2Gh$AVlUtq)YG39$w-uGfFA4nWU`2_NliF;B0#agS^ zF`M%7ln2Q#B2J-vIr$5SWt2Zn{yE}I%D*SC{$Rs(B<0!bt-tw{dnorXUR9JgQ-1El zHhtz(?xlPo>-loZPoP}Zi&j&9BIU9U^c>|UQT_?}FNvp6zWpW4cjBp(Pa|JSypVD~ z`4I79$}c5<74aI%pC$hi@e#`V{?YooJ#o9;Y<(;szYj5;@<#Hl#0<($A%7Mzlk&UB z-%s3=@+(;mU!!~!<=KC-;Tb@DVz>=Y8Tkt0k(@w3l6(uXiSkp)pGEXiekb|+i1R4_ zko>1a>#I_-o+5fhqTem+B(mNt>z<Lv^dDSJ*8R=2Cwk4YJ}r7CvfeJ`Sjw%e1B*Vm=tYTslB`q9dY|a+ zB2F)m0w#9eroxR>Cs3+5=B2%^h`xxRP;VYe^c}@ zWj$2%ilm&2o|fp#h<~C#EqY3#&o6pWqF*KZBt+j=^!7ymQuGK!-&gk4{8k=*UU`V= zMLEhtclCP>+k!GcXY|( z{d(hDr(Tkj&mY(>_hCDIyw}zn(M#`3`3^*}Cn)WGs`gvV3I5LEPIvZysqwz_r@qy8 zoG;`4VGQ54_KUw(_~m=cISv@b@Q)?#<4AAW&nWrvYlVM5hRfM*{@>nSioXA^oxU?1 z`7Ys+@uKjue^T~Yid@j?PIu)++?R1;1H&Qn7c#!Bq5N&)p+p(SO8so4d_HjzaT!tS z?MdWi{44cB;vx8dd-?k9d+g_ZkI6o-?#i#Tzv=Ef=D%H@e#_sVm%q+=k!_t1+17aw zX+M5y`T1|nPoBZ{?Ofs|L}@3TdgZt9y@XqEtwY{jd>(c9BkiuV-|P8)1Mvgm=S1;W zQ1*MvzHynKlK0((XSXc-J@EtGPc^O;_hjB!@>$MHk$G*IUzUB0GVYamadAh`**>^9 z&mr%n|4XM_+K*KIk?fzAeU6eo;-1q#kqb_CoP*U}`u)`WlzfzUNq?OxKHd56jL(0o zemLXh3}=7l$6!Z(NqLs>ilnRHuN5B|*GT=A@048_e)&$>!%@!0l6S_-8UOCSZ)87; z>`#&QM$$#_r>4&Vj`aVj_WxVurHKY~K!JI*7Rz@{*onPjE-BI|?uT!vF2*_S?Aj z=Z$Nn90>ka4*uVqPyV^ZkTYqCeH0K9tPIJN2I=9)iyACK(6Fc>Q{&$KQxD zP8IvNQ!czS-Q+wOXE_%0lK!dIYksNrLh7}A53gZ7q?}8Acj_O=_lJbv89o_j%6Gn) z6O{8YW!*#0d(5Pso17mZ=U_O`Q~0&gYaP=^%8RsjGH>!U-#<^>Nc;~`;xFxGpA_>k z|6AfK;p}ex>etE-(X0H9>H8z`=zDE{m*%(QyBy-S#%D*Gm;90Zmi|%lQSjG_ztmr; zuQKl-^;W)Do%Po_k09|7bk66ATu{zuk#kH$E-2|HytIeXzl&T@=7le!K-^tHUi=eY z>W7>cA?=2ory%Wy@Y0?LFM4%y9)ZmF$$owLz7t-~GnD<_43=u<4|y-{$ot)fN6kfU z`U19So4%{oad~xyYK=tNCyyPwc=6&fi^q)#hFZop)QznxE6Hn(wE4&9kM#$GVegpc zNVCctJNBS)C1c0xyWq@qf#b*IyBk8DK-k@73bjhWl8apRl5 zgHC(a`DOePtr7d;61kX>l2%X1*fy72;nGQ7_te=yn-8~3;u5Z~x6RiS^alf7x#A0$ zYg^^U_0Fz{0bD?(z2<$`!*Stb%q;H))0a%)`sjF&8a(<2FkDP!yhyMh*Wh)sAuseT z*xt7GNCz&Z@-8;%7AlD>iA;6}aq%YZU2F5=>Pftfg`uPs_qla)uQjAv3sh^NY8|Iq z$E()8RqF)R>{n60LbgX$voEA@*PzlDaw4g4r+K@I_#%F{Ve8Lbaf=SuOIw zaa{7KJdKSZ6cfvGm<5M`hB4hi4Z9z|xlbq?SrYfp=ACd9d*KiU>|+;S!_ z-3oV7%4OoXfzy-=lm#tE`Xaz4hR6kd*L;%~_ppg^T^7Af5tM3kJ*+}e@P>R%Zoenc z5=G*VH3^OInCm`K%;HwdPaA~zslCQ7|^ z+j@&Kj8?>r`ib=MpoMDodGfT+?WojnTziaC+I6im%@Oml%^UH=a!oUdbyj)&2xb5k z+GL$}H&!G}q1KlXn~ccQ6|fmM8N&CF$&YQZYKv@VyJ)R+Ic6~lqck_MZnXw|D9Eba zgGv(ew71%yZAy1-&2A)gJMyA~{f2IBZ386P!%FF99w*dz+tB7kTG5EMv?i7Z-6A3< z;Wm71(|rOe>u9$PJFcAcMw-Sb%i)4uq?N9`VYhB_btG))b@ON%@I;rpt97tqn*XFw zvBlOs7OpS#g~6juM2zMIVLsYuL!z5#Z-}8{OQJghX{2yJtjFEtMTepbrEX?bTht%% z<(UF&3aTxGw5z)kG*IMp71Pa?v2U(Kr6gXsl0uY}*w(tvfT2aJwtEob$yCLr)^ps67 ziI-^qJ?&oA6h!dDI^k@?5JW~bMRlke{m~HQ=!(#rqvh9CNO?lIsd^F6A5pC)iPRzs zfuQzF&BGnsu&i(11w`!+eKDu5E$Gl2TlDZNq!#HG0M6*YO@1$W^JZUIr&O~-i;KP; ze}ePop`X{ClF}CjM|^EMylw4heeIZ}(ImZU^);hWL9Ig$VnopHkG3EeU`&2TLw*$w zHK}O87YUwMX)FKrCwpGP*0)otbJw z%J>3{ea(?p{%-a9T3RD$`(YoQyRLM&q+AcB5alpxdvKl)!vhqpR+LYL48|A&EwcXG z)aq?ofViWiHzV~r;N%j&H_!sd5irxj;D_ytv`c8PbyJMEpk>9#FVddpT^RK(f~T#h z;pqQRxGcZLFh}=icV*F-YhQCPWs5OAD6y?ji2(1K~eB0mJ%7^vam4R-PqXgrbZ&Xt(NCLX@GLMp9SG$SDIX!oqW^79J|-4*pUfoPjT^M{rMk>ZO9 zu@|^eUivvZW<`+0XsmFFZ5U?q3=F@z1> zjFsq~#R#q2MfqaS=Uvj|N7I0+tJ`|bc{uRY@uTqqF|LPTW(1uO(4tt3+f79>e-q!2 zi`kBb(9x+T15F)?X2y$|4j8~=-XR7Z(WFEv+FQ&uh88uVHuA1&{DfgLIxapvLV}bL zh^2iPJt7JhMoGGhi6wT?KH@G)E!s@<4{%SXm`=HvjIK@8hIR373buEcKOtSg65X35 z?x7(-+k=n00NQ6X;V6a(8JaYN5aUR?SR}^%9+U`tW6X=>wFfbxGu{WIXnt_Tu^t%3 zyIz(*ZPpz#+k*SO^_|`5Xmx2UDi()vtu)FBXA+6c63 z!2s$M#dNV$T*TeeXcby8oHCt^PE6QLkVHagP4GE_YLbxBu_D`sZzHrO`U5E;tz!b+ zo9I3b?{pQ@Y&<{9bs%&OG$RmrLSAozAH}iajTSfDh6Wgrhb)MOjVU;3B*9RE&_=H~ zR@5;NC`=j+L>32iI1|PP&At|2#7+6aD4I3a_2O8Sfbnt3uAnp0aq7YyzG;f$gMgul zRUJojciXC)t>>v~TXC$mVQk-2FkUT+ z`diR4Y0fk_Ix4!H=po_MF2#&dtZEvE3cGZu)#IP%bVbYPM68}_C&qOS3r6fHhzyNx z?P8%!enaPC)z-H#>J3NYU4~(GYs&U05)J8rXp)$2m|Cm5#v*(XphNYeBSrb~wCj&a ze4t^B6ml227yBZu_=bTAgerv@^V&LFVro0g6{sRpAGYdlLX9agb=_KQ@?jK~!Y>mZ zZ6Mk<&+lDAUriOamLonthD}?uZA{RjsngbCw9UU&YmSbm#8h!>RevmQ)vo!P^faQ~ zOr46_3`1pF2kUeh2DT}jF6-=;uf>Bb_qvP9=#ptQj7ue^ig)c)iOuGuMxeyB7RGAX zR!T@&LJ6UtruDEEw^9UXF|i1kro&oHT?A;aQxP!jh_#$DCu!H2lcuFGRx7p=(~8b9 zH7$d+xRsdFVq#29dtfc5jw$VRim9pn)^f_2(ylY6rqUa$WeqdCE(>^J^RYBum8-W> zsj6+VBvh)>cvY_1N_y6GO3%`GHLlr8deUM-dX~nkaZT#J^;}@AA5OCC zNyv;?o9{4TEZg9e#Vf8SG2#vzrYB8^c3HgI;!7*m19xT1nM-Byii-jm?|-|pn^1wu z;?>p@&)lvoIkL7aUS%o6AYcgx}x+T%@;kDhoBPIsiw^>74S7O&g* zLcl!cFvM`4UDGD5?V{ll6dWlrpgl9>Xaq%`WH=+wzTO?+jtG^NEy@) z8^gq)#%rKnG!JxDAIuA5lhq<#^*U07ksdk27_WLYU41o4J6&VHjSBXb8d0c%om+b` z9ki`_!QN643RQg*79Aumjt}N~n+C>&iBG`q2XC{{Q0bOC;1xy5H^y9*|nl!RV$+(u#f^n+U>(}eVT{#S8gP6;v-7*%++QU99<#cVu zYhTirz11NpL%lQ}>IteWRS@Ea_E8P3DIJ4aOe~}(qfJOFp!LypFnxH#FiuhjKvN}! zxdr+a4Hl_NPg`Si3X@orz&jc>Es6<3RkZ5>v_)yOL{+CS5)dP$>R?~jt}OA<71KNz z4{OZaYKq(m+LyFcu4+@b+fH}wDvWWrt~Jt0cTs`s^|Dt!2alfqXNFMJK2 z6p@d382h5}YSz{YTr{!3*~J$V-rCkwach;xnd)f_m!vX`6C>y3TiHI^Gu88Gd8fRQ#??C$tE~@k}w* zzANJi?Ll$8Jz$mZ%0g0WP;AC9CP2FGcV#}_CfJ#M8+y|;C8bHMvKO0?i!o-JfUX=( zXd8;-8Khf)u1v>UhT?eUm}a0W(+TZ^owGMVv28(D<`Y{9I~Q*(v`H;Uilwv>#ip}J zl@`)W6q{j%F||YrYLau(SQN(_3$_Pcg*2(DC@yzbmmP!^nXXJqV_|2xO#sj)bY(Ku zRM>fKW7M<@^SUw(jW*1=C$t+SrU#DO>dI20@py?wYtohBSR-Snt&PiUPr5Rm)YO#3 zOLKdy^+-x@h;1#m;{fA2+LNwajx{rOe%TmByVjLai0Nv)ESnakE5iv*O-Z~on+g$z z%BSu0lLBqtx$zR3nbsdnTG#`VD^Cmf#`RPNE$$EctEI7?pGay+ffQC)8W`bkP+u&@?f@$Hj zg+^n6M*XRSV=@COH7zY#(ba(UyU=`p=%g#E4Gv;GMn`w+fn@<1n>Sg6dKUA{Z zw$|v8zu%1M3#nJ5&9_3I#|H(nxT2~NSd|UCcBxmWp}Ga_HwGy7tpJsrHcXEJuvQH( zW8dk8`QuEe%_m5ENNaSNzX+069Ef<$5~Qj!+Oetr!u;{$O%e4*p@5+OBqVQm!#rO)cML6*{r-79A6GPN0xrbXW=t3QS4yw1tCeu@~Qk?V>a)7HeU#J-8TI3UxUA zK1iFwR0?z$-R&me1qG&Z8aJRxh2qwQ|8=mcUmC9y+Ej$V)Forv=(MOVG+PP_5;VWi z6zLuSYJcUL!jKS8VDP8a_9zotU8blnD2Or%v2p^=$%4s9oj`u6tEG)*j0Ce{-UIqvqmNOYL^F1^@(b;k^)_r zlrrN{A#Kt`z(%zT!|}S@tPRJLr3z#GEm^aaaoiXi@nS zGa=9jV`EsDZ^l-pGzXy9>VXb8{-S_tWmug?u>dsLYL6Z~=7Uz#SJ2Hg`>}#X*QBs8 z-_$M>5vZ8KfL1hvW>6<{ruDMse9)USn#$3~eBZ-W)BPGlP)SD`n!mnC2ZL`uE6i)ttXrw=XiZi^&s6z?EyioTb!Mu2vA4N} z8CVz(vY0_Zoa$cW6$9}cM5_wF5p&U!)RopYqlJa>3~Yi9H?)?`L>_)KJn@)nConP1 z0$do+Q&WJ)>#bI1lK}%T&NL_{eqmo5ws&DNFP82)q*!!A7i<;~q5kGW=MBXwNj$47 zYiy%bwJ6Lhg@Q}anLu~G!wvo8goGY%ioZ=sG}7&8rQ3pNn8g%4^JsYlB^mo$m_6gA z0|}YJErxBh?R=|o5^Dgcw>tmD<^QeFbP$srkVZX#YSgGzs`*;)JV*}iL^Gf=kT?swzM4F%Vh=yA4DgoP%BO>nSadkNYwVIG%n>XR|!$80#%=8dc7C*9PY zQKGA+hFMpw4ePA=O-D^#vyOH#tZc-vZGjml;g_|MP^~dKfmW{`Jj4|u?Km=S54LG9 zUfun{rD%SZVq<`f{@x|#ogS}aEQx&ycF3i_CQ-4&QJ-~Uf~`8*Sd$;cji&T(V+e@= zErzxbc6S;tCrmH}*?tC~yA%u1;txT$8P386whZV>Xw^dtCrmKKNn6qVpxDsAF+xua zO6(({1S21J{*vJb%SKjo*%)79n--D+JAr4R4z=qhTx-k+u!BJtf#G3Q+=0)8$=YUq z;lUZIB7hA~dXuc~4t1lCvCyoB^1O+o@ljy(zx94LS|65y&CU(Ad1VLAs+g@xYN{K` zsvA_v%%ZybvWBVgEwuG|dj$6EcHTuB;r8UX3E34a{jg&nbKD>{A-7{hjOa|!dv*6i z&1p&4w%fHqd|z#oLA`w{wLzo{l-t|%pj&?nxjhkV-NMFDZ#Y90MIy8H_K(T#T`}Tm zht|FqJDTHCY|S>?L$IX|J9ski5vd1GdVqxul4g-Lw78)b^48=qsCAC+nTydi0>pmT{B^k=d0Rb~pL)(P_&@1$U(D zO-Lxs?vm1?h9XmEGP>MrUtspvcix5X*miHdtkA;`430XL@#JiDOYYWING%KN+JRz> zPgcE87u%I$d(W|JUFUWw_8%d=P;?~eb**rt`U&rAvvn0C2LuCyMfAo=8|jzW&{dR9 zcGu6TZz!u8t(}`ySCLR<$`TCK&MK~~C^3d=v6BO%iV8DI(2JZpuk_boxD}zU@4$$& ztrDA4F>p$H1AD&a*o#CCRRcZYh*$xzVW_}2k$zkE3yxGY%$ZwSR#Lf*MrRjQ z&MNE9Y*9l)T}AP%hO)WaWc=W&%DJ_=S+1LFvwv=7MMGI#QMX}Auvjspx~8t%fF)Rn zdC?S%`kMnI@O@=lIcy4X2fT}si@LMHtcTarmLW%I06#rWGv243D*CMTozqr*`|f`B z<)_mu?mpe(M(}I5Y}xW=QBA)YM&u(tLfpB(m5&=>F-%-bT)n-Ozel{7_6mnuc_nck zaT)PJ;)q?Wxfh9Lxt5>!>`e3UqGH)}3Te4n^@cPl@a_!r_|Y3~v8Gu_r)Bk^eB zMZ}fFCy4J7eFg!`A|VJ9_Zl3eq_8gcPjBQ;ws|h#5cM@ zv0pL4y5}LDMf@{yF>!S_DE5zPvF<%Y+(5j6_*&4uUr4NRV1t8~_m@$=jwtp!mRR?W zC0Yd;Vati0@OO z*ngeo_o4Z>$=6(B-6x6_Ag{OZlODWB>x%lapJLjp9;nP1&p7M_AViRC-Gmz z34EUl#s1*SY`lgN_aUA{ypH%tHz@Z1eVui0`1Kb5PCku%b2ljVi|(@aza^8YFJrazNQtbgUiBZzgxQ8VrPA;hK`mKWTYazT*`iu`|y_tD?)ud)8Wd!5DB zYb`D(iu^SPFY;~0J?OreuXgYvznAjO_t6YsU|r4zT+{W6+ga-X$-5;1qJ z z>P?Hj_br}EyoR`eIPC-b{&3<^#7l^G5(BF-c>e{AKK6Ni6p`95D*obipt zrNrk3SD1FJ*DgN|-=w{lce3_AB0lgt%P-m4;y1+Z+<$whH9wkoBEu8d-O9HW&!N2| zhgo}3V#ThOSG!p}k+`ky-bM4vOlsket4GgXz0>;OBU1l6&in-`m0yCVOpIC7GW{>V ztj3;nCWi^SM^?|OtlSfGRWUi%nJ}M$)leK>gPEB43y-^6pZr#j>Fmi#@__r``pO2* z4&s~G>v-=j4hEqh62MFl4hHgvF{zvADptR-9Eq0|W^zWKaMlvuTVl?A(#wOGQ^Z`O zo!G;y;*xexq;*V_I=B|7=bErYgVWdW+mA)Ph}OV>z6{*bCj{!4n;G5=s2N~YO!GRL zSZRvS>8296Tj88>Gy|s*=`)cMEIR~=W@A3#7#JMwl~9Nrp)jlKK~qW--e4uhgT*7K zxRC{}(+g&BC%H-4m=p)i=XFyXWieoZ$30JYg zs!%L3?TC3!n=8mKbABe~-ZAkzSzC*xfnKD?L1zgPJyDN5kG+`Z!6smx2T1G2C1D)D zC4p@DY>4_%*-oxWzh3^GwqRv}KvX)Nzxhbn&O=`+egSmsB;!SYGsyktV) zbo(Iw+mmnfJgWFw1|KjVu8U3b8bGoE6iSjH`+sd1V^Eefb=)!5GXy)>aOxcD= zLD|b3Q>$!}LDkV5z-4B;!+Cm9TyAEY`Zi zSR}(_yB9@lxIcWQ5X`Lw`Y>`8QWY^r{A}o@ij_Y$VGZdC&%=(jF$9-E=0|8h7Cx6rZH zN4)J~0Vz;js*3Q`)G4gR7FD{Z5{FGyB~`WVDdz8fs z9+AZ5;q)q;k~hyvW2>fyg~q$T+5FNc0%D=h6Not2BwE_!O4$QDq4>qmh zgU%O-oSZ_Q%Dhu9_MJG*;cke$ zU_#w6H2|M7wua+tCgGjvp5Plrv80MfXR#LB3WUx~pBTU)opsWT=&a_ILbJ_ZSmDP> zg8@6ljf7GZaqYU*s@6-wx)X$7EIwk%mi3Y0J(EhiF5IY2=(Cer04?Sinq^)=Jy`3H zOm>&(9;V*A5FY7OXN=YKpb4jPk1a@Y!z$dwk_sxLan&h%BCLDF@Gw+X5>n74t5OZu z*m5wRxQuuaF%X=KFNY;s#Us+rpIU`#Zf#x7!E=mMad2cttQiVzI))cmI@jNH_zKac zwcds*H)=vU0j>V#Je+x{bwcq~tzRdEjpsEpTBy4mH=FOK;bE010Xq$k@n&qnnEdRF znQ&C=*kosPCB>H)UX&!LCef^jD$TH8e}-gdz+^(O%<6w90o9!p>gb}FvP^<4$yFSr zjFO6vF&u?0IyG9Ln=w5ujp+wL`N~{HfR7OzD`%1@)-)hxp?ID0wboL>cO&+b7%y;Q z+!$j+w;vGNent-hp+M&@uc@mltE(IBt}82_RbN&*THCI!X{e~G9ivBm$UEJ48I>Ay zBDZ!0it89+hoGp6;gT2aDTWx@58FiIBL#O}uz4MW<4%ndq{P+?Qgwad6a$XUMWtP! z%XCFehO)1bTmgM@EQBa2rtsJp={(bKwDOu(!PlQY2mpr7u{YKu92g(bKI4e=v7a0p_fA#^9duBh&OCIk`rI$P ztJRgqAwxurUK~rBnV}p1lC6i6h+~OcUa<1PFIp6Hg7advvOHEPW3st=dPBw8c5K#J zj4afm#BvO)X6TR1Q_zfTK(S9q0iB+XlB-2J-5NV|32{p?77aJYYi3JQX-H@d%ruDB zu#xP+v;@jyovp&PMfLRwzdRV*cIeZhrz4Q{Pzkc{jQRLGQ~Bw}bi?QIOIZ(wJ2=4F{E4H%l=Fw!g}1>u19|1Vw{pL9&dvf8=^_tAw%4-f1AI#~FWL2ETS`9EG% zR@67R^D5)NY;1HxrHnpg1zy#aH87s~n~8TF zWBI&eEv_Li_!jv>zHdLyntO@3-!jWzL(Dqf@?qku#G(_d{Q6%Q(T1W!Gu=e}3{07z zwe?`vjjoNDK|!&`bc`R}XSgF=q3d&80v&aS1fvgQLTdt+mKD#MF&CeyMU^!(l$P-K zTzs{b)hm65KQ6->i+eT3;&Wgu{Z%E_f33cY6^|&snM%!t2D%@Uu$ieE^zQr`L%V~? zuNHr>5d%Y-K{%6NiyQ|BW640zp2}4*2_`YxNN}K@9jth(zjEx{olYIACu^pAOzL%Q z%IaLg3v;4>%un&fB$uA<@w=JOliiZ82}z#9gq71ammHWqVE4MlpMMCoFxm1?yL^enBatBQ;2%TjKL~O%M#s2 zQW^#3(nO&I#DrX7TjykJ%-4)jhP5!OuG($NwpLVzhPfV}1dWj?>iSKnH*o4J6 zJhcPKMw||mo3CpO%rTnRb;OP9Us};8+I<=3v$pdqj2mna6Kur$MtpuFeLzr~3X%!P=rZyC*w+ja}QER4x zF>iw#lTglW?!+8Sv>-<4ChhAlCah(2Wl+Du)`SRysq?^=cD)@tEHPt#*_d`IG`VMO z>aRz+_+gshSOTTCcnRPf?l>{($tfMyJV~)mbP~L?N-Ns88V#c*F$t<=`)D+cM)Y~fz%S<7% zEnL*>bV?;bup)^NCEZHe176mG?i2rt-xU{alJiaTLQiAoilIO2*hQcgDn%p4?qJ6bcH z;wj#<)lc!Z4&P0S9JWpG6m!2Ye^P#7-i(TdMTKJ~jVV-aw=yC-aafF)n0w?_-XDF;vBxbt{)7`x zI{B1SPdojL-=BHb+2<@j_q_8jxbUKj|8U74|8(hPmtV2s%0FLq^)=UCcl`}F{^h2> z{_WQ$?W^v%^RCr*-*fMp`|e-+z=IDx{K&dTAA9_XC;$G`)Bjli%(Kru|H6we zz5L3nuWfk!jW;*G_4YgO{_|h&z5l_7|NhTMAAj=cXPB4_Rojig*NZc*x3+j9A=E9C(7|_ac@M=MZ-|(Y}9%`21Ox|CqSl*_PjxIE6Ty z*iJlycs21p;>*O(iCO1Z_x2!8Cmup9IN!ei4S!1qU9tbSl!FM%=h?*Ti4PJt5Wgn& zTW<4j6tR?e1aS%RJmO8nb;OOt?}^)=Yuy_|oJnjX9!%X z#CgPJ#6J>mCq7MlpV))-b!TFTcqZ{$;#%UX#GDJP|09WCQvRoFt^79Pv)$l{-MsJ4 zzVrQpZrppaoA*xleky+s-M?-d{aL(?=C(B)bGvcxe!k!32AfZ*aL*L)MgD7{g!k9- z|Cjbx;+G14Y5!BX|NZs0yrg=c#_}TX2RL|c#(I9sp5V5eb)aAi8m8P{>}aN{q}2r89bEk z{)RSve@ln|9qI5(mG}R@xqBDu??*)8o%k@{@AZJq-<^mj5<|q#AGGh^A|COG<*SGR z;&H@YkJme0=e;>`o_E>tCV4d15;zG?(tEnoi zT(>}t0eh36SAdg;+rrrG)1bs#v+lM>JVNq!XUT7)vG8ub5x!G)JRm8C;G=zPOP-u;B$&H;g zhNV^&_Lvn{8)Bv7;)V#DSj;kF;ucJ;ziy2|W8Opy5!BuzB6$e3GKUEcZ!+2xdUYQs z{zBc;Yy`w>t@x_rBq24%p&sG3`t)J9-uZ}B3*m=RXmDd+N{4Y%|FHYqw14qmdRw_s z6V+nYD2M+M<$*>KPPht_%n06<1Wpg=N(xl{NK- zubx#^tev!|kH)L0!k#tZZSZ2O_*koVNV%aI1elAnMys*atOl-FL1|I_O!-|?TUIT< zwWo-(HH7dq95|~6TCNn7S5znQ;#Ykc4$Ff+fQGpyI>JB^3AXJEyez`+IaS3q2))I* zRYeU52$_;ub#;jNoR}b{JEShfT2)5t#H-;=?mV|H!+KW))T|NQ zh9YReVryBo&KRh|q7)}oGgEaf55rpXdyyBV-0USn;e!?kswt{9G;K$tis((nUR@Eu z=s=jwyr#a&Tb$#rSKf^YsVh*i&{c;O3^viG7!!OUbrp&iCfKrb#WJW=)O+{n9kIC3 z!fkdEyN_0Kc%(T|)41B=#hL$lSzlLoHaKP;U9Fg$01dUM%;tS3H5r@Z5 zvNWMJax`2a$2*7^Bv^?lOWFO*cE`So8?o)3&8!5mRv^%g3UmpQO<0-Pk)!pi>^5qh zFm^|>-KwLNSQgG6ljOcN*zX6+HPA zx6fe1sJVm@CT;OEiW&)WtMYAhckKQzt9xZPgXuhGhk(w*oH$Fip{BHEvQ|}_TUR!t z?BLqD^*DR8dPb67qfSof=?8QvN+{n4fsj9?|3jtDu3T4B`vq zD7FhEzR@9%S1DUh^hp$sOqRnbjOWn+)MWKu$Y%G5kt6hh7wER2!*BOHtD}ZDAEW<_ z#{L@nLksM-5A@dPUeL8B{CjVc9S>D)CjMaY)n5o#IsFrVQ(&j?r7#x@Ki`WzLFfBl ziWmO`Z)JEMB0f+2C-G}ypC4_y4<_zOoJ>4`co?ybcr5W8;tJv|#0QDb5#J?#MNHdb z{T)OcNt{I7pLi(IPdtWrHt`DLO5y{=XNm6+za;inm8KN#NE|_&NUR_pLR>&Rns^rR za^jUt$F^S9UBNwiTmF|u@vl2P-x0p<%*%VHyu)7~!~A94Q&hIenKql8Do9ogTeZ!HD``k&x3%GVrVyF?i^5UNpv+9z=lk*eJi+!g(iPtZU9kn+6r3YGcrt|BESoyiceTkpUvGRM4NXD}$ zpLVE~k0bs-9CnzM3;I2lUq#GsvV4!A#pP`l#}hvxe(AUJLjyG5Zt+LrET82s4q4nl z%%pr|qm?^xXgFDZQVMfo&uQMti@AT#v+n-VIG6D}irD&B>u(jYlsK2TFL5@pkhmvt zBk>X9y~LM@w-KKv-blQXn2WkP6pzMT9GFVBv%{R&>&pC`s?wQN^|0Xhr`^#1_O+nq z5SI`yBCaAnPyC$N-(`P{B~}yp+Qdiy<^lWaFupj7cnR??;!DJ@h}+Y>LgIlb+@C`8 zhY~x8e<0pLe1Z5SaRA*bAl9UCU()9g+LQFTn7lK6zMx#vC!g*nr_adg*4V}pgM+`a zy!$4~t1Vvo{#vE~UHblXgKFaRgl{_>n&kDnaSKSa9W$Ri_(o5InBxiY>9!cBQs`S1 z6W-!`5Zf5^C%Eir#-3_9E-7xo?6mICyXN&|VZAvV&v2Xx#Epp&Z-c%Tv}F!18?t|^ zFkg#ndlRA5)1g}QpXMmOU$OT{nF9fFqZD>z8MpN&s8;WiVsp=>(vvk4#*@*rDf%*1 z>?E%>N4_oc>QnHHh%-#WhjIUDMCsib`b-U6h39Rq)K{Mg19P$8^~S8c(YF-wM7ad# z<>0wyZU&147kC5eD3w1ZU*+NKHv3>TPxwN_3G&}7KZqVqI$ke z-}Hv851Ug%u!(l@;>BYYk25=^a136-SWH;d6o=1K!~OI0 z+?F}q1m^*1SCbEjLEd8vz1z8K(-s6PE<%=j0`{D|FgD7xw|a2(ysrsc^KkkB<`q${ zaG)A4vns;L8Q3joq0{TUqLgon@dk%$`8)wttm9t^NAVLUjNo_;Rg4<7pp1uhs$$$% z*cO}@jQuFX?KXN3Cj?7MLmqv#k}3}2=m5VL$9iJI2nQV&M_YX`(6LlcB?Y`y*j$IL zvGwNe>#!=>|9}!yV0hYy(-JZF!!~+CNc)ZuvJS;aek7z-DM}np6~d;{t`!`npj111>1XLubnh~9kS zW?>F5l2{yyiPTdSwMDU#6IQV@=4(PKqf8(U!GN9(=hEB(o>P5nqL zSmHho>TJS=-=2UMN3A3prU3-LTO-BEM!IyGLX;ca^BY_oPPWp3rNV%&!U`q31@~v8 zoK|&s0&N%?*mm0%vYHlLU#M#Q%@sHV0wuIYms1a}n`0)|;ozbceYiCS3N;~Lhey@m zDz*SHUa%5=7GW(?;k-Gxgj%vl`&#b{v?AeDz23K}J)NzOJ`JFH*0+0_P*tmNKcT*A zjFk~$tZm{%V1?{QyTSvPR z#gj(OiC5G)zIe+q$2T7#oatTSLHE@rAuU0ZI}h!@DnSK7WopBLO{y}YDx<2ZNmY4O zRX|lYt7^Zh4yxKFRokp;y{dMess)RrMJZT-j92wRb%rr#AI!;}o{t8lQ zJ=0zX_3hKQ&+UU&4a#))b&qn7aUbb!a?f|;knfk(%g4R8?6obgsSR7+R2#Q^3;J=( zkKb+Cw8f6Ul?p%OQcLl;RE~Mvz~k^J)z>_mxAax|!3jL(*}SD6c>UY{+m>)7`kC54 z>t2yMM0wOwbt7mM=x)$j^&+D3wfa^~=uz9_fgbC6Jkw)ik9T`~3|iWAY0pzYr}aFe z=b50hdtTY|s-92xT;KDnp5OG`)Km33zSkMOp6<22*H^v1?e$$R)w^%+g5I-x&jERQ zpW1tU?+<%_+WYg~!_p?FO;6iDEsz#WTbTA-+6$n6ru{4J7MkH)6YylCw+PP`RUiE-8sP% zfHtJRp8jU~Tj`&sf0o`mBO{}4M!$@K86z`BW#nfRW{k_&J7Yq|#EeN9b21LgI06*P zh-93caaP7T8Rur4pK*Q0jTtL5Zq2wYV^zlLj5VP3pp6-CW%SO>%IurjFLPk#$jnih z`I&{8<1+WooRm2gbXex$nR7EenF~QDf=D|2qmxh-c6Xl>5JIqN_ha$e6taqT<3?~J|`edqT*t?%#qs(!=z?bdHZ zzdien>Q~!uR=*Yf9_hEf-?#l#|2h5V_WyJL>-&G#Ukykbu-$<20W(4S52zYYJ7D&J zgF%N3IDEj715O!m8t9AxXAM|B;BNy~f^HqKYQS9s?i;Wc^x%L;20S+4=>h8pyg1pWb?27l&djaKt<60scMj-K(BYuDxyR%#%e_7K zj@)~5?*l!U`*7~M+`s3p&wVcU#oX6&H|G8)_w(E@bHC30A$OsBq5C*ck6}HA^#NrJ z8#rtS(2!w6hwTp912hseYFOT|vBL_6jT<&;*wkUuhLsJg7}h&KEx#at@BDr9r{ovq zUzC4Y{uTLG=6|36L;jZh-UXuz3JT6HSW$3i!KVdV3e(DY43n@Tp7 zZYtk&%ckcxP2F6(`JBz?ZGLp~r<*rzZvQdz-td@_K0&uE6tW zKGy)R#d8CmoACS%&uTpP@L2+!6`^B|sA@od2JJ)R%%Z2uD6#WNny1U%JvYVic{wBtDq z&lz~G$8#f|2k|_N=W#qr^)Szi*Y;5QQQ!7ZL%;8#oNfJ^rk&rST=>@$)Em?Xln%-S zWrO;H`hy07b^r|m4FUZQG!&Ez8V1@8G#oSnv?pjUP#$P3r~ot$v^QuU*F@K3&=k;q zpy{AuP${S!G}Be#IsjA!ssSAcst3&i9R!*KIuvv`XfDVDY65vdEg&Cg0jLcW1T6%G zK~d0R&{ELRpkrOjTqlA~2Au{v({+~XJkW)pOI&|)T@JbubQS0t(Dk4jU4L=?6|@p` zJLnG3YS-PaHLm+z>p+i#{tkK?v>x;<=y}kKpqD|ff;PBbcfARE3-k`?pP=_ZAAtT1 z`Uv!i>r>YkpszsRfi{6QgSLQNJ#eTBs5ht&C>@ju$_DiX^#=_E?Eo4C8Up$qXecNb zgl4D5ZlK|y5uiOmdx7#mV?hO=aXob3e{+xJJ(u^q$@K5f^n9V`OFdr!y#{(6^d{&n z&^w@ig5Cpt0QxuRBhV*3zrd*AtDfJ2Hi7bc&F$p@HG#aK7LX6L0MrHwf);|ppeSfD zr~`Bq=orv(pyNTm2b~2v2Xrpze9(oUi$Rxw{sg)VbOq>2&{d#oK-Yn80R08@SJ2I% zTR^vgR)OvWtp?o#S_8Tt^dRVA&^pj#peI0o2R#jX2J{^01<*^NS3s|UUI)DidJFUp z=%1kXKp%kq4f+W53FtG>7oe{|-+^@H>j~2T`he0wnV@V?UyvR@siAufZA8E1+Qqd? zPf%}AA5c0d6O;|=3+fL-x46p=ph2J^px=Rpf^tE_K)Zp4gGPY%1nmXN1C0e0fX0FL z2JHiy1lkug6*LW01S$cQfo6azKnH-TKsBHPLG_?npo2hjK!<`32h9a}KusVos0HK$ zEdaHFf}n+02Kz{-K6?8M`7SL^=RiHaTt3mgG)`0E@Jpg(L^a$ut(Bq&dK~I7H0eS}X9Ownm zOQ2UkuYq0%y$N~?^bY8sp!Yx@fc_2o2=oc)Gtd{HuRz~`zBA*EKDqrc=5XhZ$j#5) zCwDr=9eT`hWNu4tyBTYon!7yr;@lOv*X6D>2|9q)16@l9;pk%19M z&al21bqvJ#V(hT-ph;$oF?Cou#uzdt(Ea*I^tCm3c0#{54o@{6=|@}e`vg3H!gB|n zRQ=^Y@a{uAJ<;ds{&64ne+z)8;JE_N-FTkE^D&-2==*lXvoD_6c!GG&z@z)i#D4NE z@QMB8@6hih_LH-~C-#%)fOqzjE4%o<(cdc5@pYoVN6Il?)?;2hPAnN*GI;b*&(Pla zy*UQk7vrzXG4}c~zkN&lmdm$XvE?4uJ+8H`hg^x@IYo}|oZr52e(7(Vvj5RH&bEBt z{NM0xW4~*P2bXs7ZL{~ViNn(HEir}P5m)d#V$09`j`+FX5A(JJw=CRp*_IXmhrSLEGf~J9rKqa6u&g!9Sk}IbQtIe(2<}s;6Qt_xfjx&Gj~ z)ODHb3fBtPpFvlHu614Kx&d?(=x?r@UAMSybFBj1>AK5xFX&;=qo5~1Pl5gcdIt0y z=mpSApjSYzf!+XZ1icM<7xXXC`=Ad&{{ejr`V90X=xf)vuJ1uVfPMra`+Mkry+CQ8 z?LZlzEKm-pA7}t*d(e)c!JwT$JA-xsxk0;vb_eYN8VMQ&8Vwo)$_EvKlIPaW>3Oc1 zU;9hXXL~;1^JUPhpbelmKpR1CgWd)G3-mtdL(qRfAA`OGeFOTg=l7VG8{6whP$Q@r zG!N7Ynh)}W0-$zK2owP=0xbb81sx4K7PJg>2Ix%C*`Vd1^FSAXE&}}l^heO8pvyrk zKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx=zF(CZ=4BcMk?kAt2BJq211 zdKUCN=ta=WpjSZ~KyQFHg5Czb3;Gx6eb9%X|A0OQeG2*<^d;z9km{}U=Tz@rpfu2S zpbStJC*n z12hse3N#ut29ysf1dRtx08Io<22BC&2bvBl29<)!K{G-7gDOGQpjuEJr~xz^bTH@; z&|#n>Ku3ZaLCv6fpjOa)kRKEPwSz*S2xt*#31}(kXwb2sWuOy4CxK1@od!AsbSCI* z&~ngupbJ1NKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx;t{f*uB~13dH8+@hSMEKzkL5m@`!eSC-pAbDx4E0lhqa#1%N&+H ztlzK!n9=KcPA}ig>5UtZ*bZ0~@-=$}U5(eqV9@QlY(g{KwI@p$yy)wa%G zt%BM0cs{_>3*+jo&09^x`)!%G^26N8cvj$9jpunhAK}>!WAR~lrr?={rybAfcw~O- zZT!~rT03J5uIIC6tJuGu2lYI>XRzmqy-w+MTCdZ4o!k4$-dFWr-TR*2 zYkJ=gdZ71%y&nekOWPssfV6|t+CeX-ZAg0~?cKEZ(%w(|FzutX{(buQ$?vm&pKJT9 z#6(ul^eLeI(yP)BOm9eUOm9j*KK;b>dqMZ5Kb-z(`eW%&razVb66o#pchX%MJu{|& z_RA>Fn2|9vA8muJt+-aor4`ykK>*(YW{0s2Sw z^Vu(gUe10q`}6ECvI}wwa>nOO&Y6)@opTH5_MFu@_vGB0^H|PPIfMHS>AN>*AJ8Pw zetoC)UD)@ezNhp(weRx27x%rS@4bE3fkyW$>^Gs`q<*ve&H4YRdlUG&s%nq_K%sPi zHU*_E4m}~1B+%iuOr>K&lF~q%UXrvFDmH0y+lHpeH3Lm$FoHq_hlr?^LE{Ya#Q2^M zs!t*46A?uNPCUmv-&5N{Au1{g^!~qV@3qfxhf>t{`TzeM(%(Jj?BCw|?7jBdYtKa| zPJhkxh11WTUO&BIde`*s>Gx0n!Sr8nO`dVWjC;8JnP<*S%v>^a#6RGlk(i(ONaFUy z8()0mi{7EBhx|h&hl0H1M~bnoHvV?-*Tvt}{9VuAJNdhXzt8dadH%ekrg+csH;(*T zKCxnA?Znj+uP2`#oH(p`^j(ujy4a0Y~=h=q}<8*QAW;JOkOd$5?Nnk zH?9MGp zAiW~L=OMx87j4KR!w*dV+Vn@bzMUh>r_L;$SvGSa*ZD@KfA0S`*KZ2Q_Ez#vxMfo3q~A_@Zqk;? zos)kz`45w~9N&5TZ;yZO_$?=No{*e!*_4qf|24&*de+p6qS~Uildd`G*^|dk9-Y2_ z`q=cpPA{4VP$pm%lBn}Q~Z0LEATz#`aN$sNxsE>M>H;yhS}jp(^ArIjPyE#wCN&UBt7Ekuql=f z`My2-dyBmiZ?<=aH^-aLIMouyrz*USj7)9fx|-`+u8(uw%k==)e{em-b=|n@#@)nq z`LUaheb=!!ANwHJFxNM@{&?*3#~wfagz>NAn#FbH_#NYa$mJb(!f~w=Qxnr%&!6!8 z32UdUopSkzbGlMkMJ&h&Gq z|8V+`r$06Qr_;R|lV()UteIKlm--36%CGS+@f-X`|5C1N{pxu&?2tITuZr@b5(F%z*Wt)itBQ&H*vk0Yhq?1skh9eTT`Yf)50b4Z{@KR zi4>Wf z%9gJ(MwmBpNm*S?DO$>P2c_l|{}gF@Q8sEQ6W3BE-b0xvr%Zf_GO?}nO0IUU4z4s; z7grD0Z@Kny9pJj5{D$&(a^1xBF0Na+-oy1iuJ?0&fa`-?ALe?B>!(~VaZR9fG36w2 zJQve25>!`|wbvw0=9B;HIf1Lcc$t$L;m~zzAaZ^v4I(_OXQ)f**o9kSzMO+U~ z{pQqfP5tiF?{ocZ`p>3U%&eF>Ix{o#YqP#K>!Dc>&w6~;_h%^;~cDukmm8-|Y|jU-Uf&oyQfAFP>05vG_GyCl}9PSgWLXHdiTEIoCX{gmnciQQvRh)LwX?LEs|1@v*^wVdae(mY~r@#O7 z!P7r}`cb9Fl#VZ*SbBVEDSIqjT)Kv9ZE1b!daeznZ!T>v-CBAZ*PhZZlzy@F!P1e^ z-;|D(USIx^@}HFdy!^%TL**x&*+1_i^X{1UM~dx_=8w&PasDxhV-hDOPD-Gt6Xzz* zODs>UNZgUQGcmB>{R=*{;A0Cs8vkc3tXi1lYFc>h!nbkVyl`mY@WMk2y|XfB4X??p z8TiyApTc|2mw5T*&4)H0YCW{&P#f1VnPW1Oxn7@nV`e#51=pLn-pn&#_`8q4U-0Ms zfHoa}57Wkzzn|&fi=h0y7Mnr-&e6ZMp!{{}-@8EhyGQ@N0m`4q?*VTYsJW zS0h&^oz5LS4?%PK*|DE{_-|1vu(8>JW-re38xJ1rH#tX@IA^DR$a%uWMng0pG zaAnJtDJf513aALe>tc4l_x>7A!rxyzJ#yFl>2{n zdG|fv8|3Ogx&P!TGp5Y&{7HV9U+&N6+Qj80xcKj~Q`ZQ1U5bxop?iL$==j&EKmRCZ z`?us?8{cQ{iQ|a{o;!E@KNolJo`0;sbNBx5#bNdL`Il_CN4;!urs4|4HpTZT{=4Gi zijxmn-Y1W$Gx@YY?`svC6>rLN_r!ZVhNKLYd=O}Je>{h%*ai_ZfjehS@8cwO=kH*<>zO8s53kyBZc9(tc{4IpH z9b?0F=-mBT!>`fz*?8x%miI-)8;`U14&C#w6?pI5W#e-7=dtnDzif2xUkRPR&fUY4 zt$%$}Eq*Qwzca-?zi(px_u1~<{o9mR2!E>KUU0ni_hrT56YRa?IsaBou+R5Sv$(X# z;#$ScioJ@v74J~|j`Hr)`-c^OsQ5d@zbT%e?tR6x6jv%NKdpH6bQ{l= zCt7S$T&2(7s`s}kzE+>R_wK&_B+EbXwHE6Yf1voIlkM|H#V225@1IoOt&XqH>lJTR zbm9H$X_oisJd2;3Yw^a}@#p81#_w;@_f=)_=O?K@*C;xF-TimwSohs$TD(|shx+gM z%Q?YQ{`>PHizl6L@w#;uXX*X-6)#oy?){mUSa-7h!~eX6~=Z!S9^nzgf&UU5n8Tv9M z>)N$R&z;Mmvdny&gx}L?qmajU4m@P5I5{SM7n@s}MaA8oM!-In!|rpoSCdnMNte0{ z7t5ZM!Lhf&W1mw^S>;a1X%@&g?_eR?B(KEoCMuh*`C;PdE~82fQrd5C+uX%+P;=s@ z-^^B>&8@p+8#g)QyG!;YY_>=4nzVMV3;Gg%f%8I-@?EV#uT60KZlq4d$lJ%o3 z*6xv)c2_w$(X^oJ@Cr}|n_ z>7M!X?QJA!DIZoYBx}Wu>D%vmE%gq8`V$T zvKGCgCvp-nF{rh|j6!pV0=v+)8WO#&LKu&cK5Pw?ZlJ((BA@G&mFX zwDKhJY$A7?%|=O3vvY~;R2q04X!pZ-!1=St2fLf}Y~#dKQy}twQy8E!h``|k4a>Hz z9G7ZzmQ%H|Rf(j!?i=BUue5GjYQAduBu_a`f3$3)+GdLax7o8g4p-s-!pvPIAJl3akXxKgKV!N?YR0>EW^si|Bkm z#p3WTk$4TRdFxi{J1P+#u?=fnx{VQ{$-`c+TE*l9A7<>~2`<6wF_z*HnxnhbZZQgv zx*|}U`P`C|%{wSby=;8@N^Y%2JVM9pm5|Qk)CmZ}cDUTpDm%UxOJY8$!}cPf5)&bh zsC;uExXWs(vBh%9a(#(pzh7#6Dh-OJbF3AD6DD+?Q*N?@a%USBhWi408|VY6Fx;)%0_G^%PlA&SHNnYC+^fjmF3hzeZt7%|q#LMNVy^OQfr0pJZDdh@NfVg+i9I z%GrfRb0*3N3Ye1=V|Fg)aVtDqe5`vh6!SfQE4!Dh?OKD)6MQqd78IA&{+*U1gu6y5g^# z&^=?#5jx)38c`4g)q)MGY<^+vCV4p4m*}N-XIE@n3XwasyArh#q4dWqlKtV!w zQ5NR6`)CoKu)YnFBU(k;l5h0P;`t>jq>aMA| zBKWmx1RAMV;gw`FjWB8JB{YR>4~HnmjdC>?BX^AYZm>-%O8zUux@w zQmPB~5D#OHTt(b=`@L@4c5DA@mPo?lvVrZBeCOPS%7*Zy5ay#c8N#wlYba=dkl5zay1uEg1Ri#HQKjtVB#0cHL^(j%K!%hLQek zLQtg`aaCCr^Cu5C>XVahwkVsMiK}&M^V7dX`P_yH zK;0Tqc42GEZ`mcg&Jk5IBlrx;iEV3=dfG>zs@xX|4_d1bBKpl5ebS+1tz}7iTkVL? z_!%TyK9@K#Y1_fhT1OVTCPEp^^1=~rr^{*n{3CN4)Dqc*ny?2aa3kger*vTZs9rRh z$Jp?p<{(u?HRN|xD2;<4=Fbm)zS0LCfy2PQnm^xcdwE2@M@XSAIU;6EQjQ>cMr8B& z>^e9CF9H)Oh#R^NbB+y_Tq>!B{Awt#AnHL_E{I(B`T|ZSGBOz!6UWHQ$qHqM%KVxeYc4a?E43xrdVxMw&ryA(t z9mV`p?OsSPsE6t*7@*K>s&po9w`im->=4%@{dH7jY;j9J3Hv8X72~Q7D=n@MyM@)5 zTY@^Abdt_%we6%`*(gRH$}HZ0ZPHV_;%lpI6=Ib??c~rq>A9tSV=YDTtv1%`=NVqS;+$f4_;s$!=(jVEv(J;q1AxVp`5Kx{h)g4`r(SY}J*%E#O35ulHsyz%= zd})^caItobB;|7@q1uiS^^dr(H|>|ue>1^eT?ns;%N$o=}L^e zB@7R(VlO5{g$121OtMndg8f^v@AQ-rb6^d_&GdXT0D0yQ8bz7 zNZLG`J9oLhcMTNjenSXN)!@tPr3^%}nKV7)OEL4z;H~^NC3U|13fm0kR?^@6P?RJe0KNJ`J#}FpAlywIOduA5tu&aY3wfS{4?+3w>Ck{i}0tZx6HHP zSC~xZdHmLO8k$$po1k=?H?ccgxA3Wao&DIQ^X)TnOT&UhSbSijc|FQet%!c<-vf0aJLc zFjX#su0vh!R!&5-rNs_XNaiB{l0=@^*b-sq_SU!B`5D(Mb}4RFtXI51aiQX=iYF?5 z<-OLQ&ne!nc(dYL6|YphT=62s#foPr-upi5-yMp#C|<3&U2&u0#fnQ5&s2P!BIUfH za>K$}wOeF+TlTTmr!^`7`m}~U%6oQ|&F(G_G$m)Kc5SEQj%4d-W&2qg<1#YV#Zi52 z?5ZtQlN|x#)KNUf`ot7tzim-ToTx|J1~QH?N=_X3 z;Cb!~O@P&@mUi=5B8Geovm{WJ(!YoXb}@&sn7!I9aDH7-+^qG-Q3En*2Gc=Cd?P^w zivEZ~i4be7WWQQkU8k)h0-pPR>{x20BquDiweVYuXe_Qd+`}bEB&zE=P#m16X)_}T z`EYE_fCf?N)jAd}HiVg5f)cStwy~hA8>@AEtk_AWp=knnbrfK0fd;b}oOV#@G5z$! zcVU!Q*PWNS6Wd0z-gMy{ww1j96vn% zd*eqU`%NFK`$->eFX_K;AL(1zNxJY}(xdDooo^rMbF=o5{=e8i`fz(kA2ns3EK$_G zqF?PkYWJ~QbbP;PyGL}}RJ$MapV<%EV|&tZ(~f16j)`28ryW0S%Cr-wE#+FyRl&8I ztBxzl)i`Y(J4nkO(#_LaxKdnOx!SmPOzW7|HLZJEFV{!8?&i9e>%M7UnD)T5z0TU}Xv)qP z_dIKVha=q!VT#M(&bWMx96iGB`%fG#dke^(lx{ytw+E%$f6^U#oXq08y&q%;a0z0Z zhBJ`m?#|M+=FP_yFDSG3Ys)SEO`kue_up6isy=^@-tV4o-M>e1RPo7#eg35d7T>$j z;v;8S{Q5Z-FF)5}@;ZwxitkdqO7Smmv+t+$Tb!-9RIx$vO2xM;?os@L;vif{0^A=jLDZeoRdb5Q|~qn-{yAXQ|`>M#`^hv z+j@4iFOcB%=Uis_685~-p4L2z4DvFV`)VTdYB=F>;?3=bcY4W!#1fBx&ys)7=b!c- z{@E)3H19|+v2!5AbY<=){bFLhVXcObyE*wK?1Au>uE2qh%`68}E%Qz#S?Q5twiE}y zbZlMbMVhe7PVMOAUD&2wcIvJa-9;x%@A(^LCWrQrxweGuBctO^ z+exmgUs;o~yXzv80T-Nq{`od1PxY2EJ%*`3%<-Qq?enXaomyr4jOWTA$f>rorlV)s zsix;l1YwE!1mubY^XJn;*Vej>l;K+!bGFb{`K_2MOkv2PfU1UVx%lZ3;?yH__p^tN z%-_$be}DLeb-(kM7SH;X#nq!0pHSozD_dKud$dWrIPCGDQ6e2llHmnhxQTAA;jLW= zj?vj-o5_X!%;UoOX?g~wgV%OT7_k!>W>JSZut*w+w7BG$Bj$VCMsy)ZOd^W9T3TFF z*I3(l8A4bmqUj@-`ee2*epL7FNIU74HolHQ5u3%qq#HY)V0&~-A2YlvGh4}hbb+Wj zj|;{9J&LsrYv(RVoO|}UbJtZh%w6d5??NyB@N9Fx zy0WphZtep4?VI1e`8{{hqI1rNClu?%{8lISxp8uqabkX256#bW!l&nkKhFz)E((91 zZ+z(lb|{Q!?sOJ4MmdXzj^~ zf35AQE^53EyRJw^%ns*F>qK3hg5$N!Qlvka!(VsM1w`d4CyjMT?{F(qI?YNp<6|vz znDc}zm2Hlnq8t{SySm1+KQ7=$!`#Y-s@htKTfHvX%j4T(qu{Az?N`}vIjsA}&Q4Tr z$F6`APMl?tLCOxht*P9wsiv-KZFOzkg_~AY)>W^rsc-O7n_F5rWX-1X+;t6J?FDP* zCeAv~W`s#_lk_G_+89r{if`4V>bBi>TiV*`6u0BMwv#W>$FZ*){Ct3QA=*c}kzV_y5=Ul!o^U#a}BEiC@L`ORjU53fmHB_C=_w@8I7GxEY zeYCkvtbb8ZqSep#7cMyaEc@%MvllG%I#N5e5N+w|+~L>GU+Z+CwIyn$fYG2!k(?=O zC@nJzhczy7s(ouGba48j#Lx`0IGRKAGGbxmTEBLg{&=#Q|`P?Ui zZuP^vBi*SAq;=Y{HTqrBW<(gG-^J=u^3P}&zG&WA2_m2Mz34F(pUYQ;Gpu4uZZ$Hh zpT)TucbFuH-&&n*(udVU;jptww#Yfw1zZ?QSSE&LzYn7lII%50*5Q%Tc6PIqE9NvA zW1QrbX)5`g*h&^A|5$v7}`7>2uEXmYsU4i7m&UebvVIvtP6Lw4(oz zy}wlPLyC_p9zSf~S1I14_@LsSvfj^m*t%b?m{i=X*rRx(;@1?*zhik9E50cU`}N*o z_WQ+I@0~k`uk_xzD};_e=estZD;1j*->P_<;(dybD*jsWCB?+!)}MEd)A-7DW3U#d!JNXr+A~{1B&|;4=Vme@g>EhMyx-7(EB#MFNEXu{n{ri@17?u zUZwYUDgLM8(~2jmyYm&B6mL>I>W9{!YZV_-d|L7TXYKn@#ir-%{mqJBQv9XjgfaVm zq2ikqZ&Yl1-oF2U;-!DG_itCcSMf)R8O8EHTXzkL*DC(T{%W5u zQA{bmPw~r&|D$;Mi`M-+6t92D-v5i@j}^U_?ejAf8x^lpyj$^)hpf9dWGp_SIHq`t zcZty;)ruX8dlbK}_>AHkPPFbFo~8Haon)Vs7R7$WyA;n+yykV*-A5GfSNwtEnBs2Vy8E=^*A;)I_>$tR5{|{MI3;*4Nj@})cW#b-qZ_TanKHW(-VR)-u&(<~T(z@mb zb0*Y>4u3<#>PDT4iD^pUejW3mn^}8jmoya@V@9qF=F#uuXmHb96l*PfOrLx3w2`@+ zdP`p=W)+k6Wr9c8lPXK(WKLJ9@vT%E7c`Keynwa_eUu#=;y1jXqzk$&b^MYW+Uz>^(u}#cV*~CNovpZyB4X+D0ClKec@0)ed z?7Wm}Z=d8%WWue#QGC4u7cNw}mx)zum?0~jU8pUs{zjITZ4;+1)K=!i$?52kkd+Mt4wlX(l(3eXj~%+v|^Z3u3zSt1=D<3K_4uUm}8CKjviKy zO>FHAJ>)BxEF^5i#qQ@L`C%UPZk9}^RV3}NAYwSp`Y6eYAaUYpBl!}%a%sc-c$SIr zhPZ5z5Zr&xfts_u-OXE(xrxTw-zeWjvYDG^7C7zrP5%-G$SQmODj{@ zOE@+T>&Oya$mM27Bu$0047cMDr-z-(BOh=ST-;6L;Ha6DR zUa+o_Vc}q!q8s`Z@$gJ=+D=9nQTs4oRidEJ$Ul9+FN9wPs_7<{ZYk@$RJKP!%uKM( zBc_uYRb(c?wsoObrP`K=iIR9*VQM%T4f$Mb>sUceR>c4CklJ;xu)!NsMsqnOW55Rbgtl$~wOTS@wi1 z+kS1EG)x}FxU_ZB@Gt_*%9 zpJR?2v_#rTy=DN_$1trE9pnVh-N*+tyD76a;i9jMAjR|wBN<|wg?`AI)ivg&=+Ef$ zu*hYY)!H?Y2$~Kt_eIh8YVTMMePw;+ zg%N%jQ-)jTCSR+oSW%QF;dce%fG%S{&Dy%gn)Q@GKzmq;gFSl&Hh#Ll+w(6}lCSj0Uh;!K~M6xU8YEW{v$l$yAl@ zx9jUR&T6D)o8yOhX>AX?id6GaI%+-nZC08e$g!%Z^3hc%b(R&od_*6iRL>#A0-tFG}I8Y}A?!`qs= zYJ$07jhQSG%CfY^WQv%{H!ZfRN4YcQ*5|#rkr;b({N%a|R@YWZQJ>>$I`UhWP@ufR zbprXl3zxq}+b&k;4QZlgY!%UgujpJ&R#OFdeoY-3rrs1M zn#-niNp>xC6y{mcH~j7F5i*gJSDr()Y)#sr_{RCN(?MO_G@&7S8eq&DGGkW zE;hp5;qGX2+s9f!mwA%nc5TYxWH)pb`6!05u$9=|3d1&ZfOe9-VwXwXEF)ckliZp! z;x3o(6>#tJDJT|BpKVe_$e_NRHs#b|@WQIV!tb4u3|s_W2U;T*53cU_@Ch4F1_bOiYg!TU|qxo^{NA~$weroZqU*vaJi2pO?XTMLm@D?_j zeEw4w?myc;f9xEK?tbZ7d;j4qe0oj%`Dg0v{f`y1-5;-fx-_+4W?qZeU^mXU^Cej5 z>u%AxnBY2Bk6)1NJF~0XN_s)r&D%ByWViqWtBY;ubq`22>P(lqnc-XO+I2=B+eNM> zq|moHk!rx{c+(@r4b#p{8(90Iw@B#riJN02P0TR3M(zsHWD_4_{RV;L^}{x0ttW07 zuhdTL%-!l8&i_(6ccl>NS~PfCKKM_y_dcKDrjrJ8xL$$ zwQt&M>1=OrPSY)Q*hrd9{*8?l_-6cy4Ahv-Lu_C7j%L&Iur0Ntna}9%?CqixoL*_u z!x0YcyaFSXp`@6VUS)PY?RU1&X-WF(G#W`4mqgU?+C6PPEa-MrQ48+X{0^rx2>+YP5E z4Q?ylh$FL;NAwkWXqR0_4cMqRW!>~~(h5zL$9yld`-EgYB+<&f-i|gHtiiC&fw`m^ zwinsg<84pTT+ja;6DRMhoopxGBE4p1bgY+q8)cY=vM%XilJE-OZU7D6ZV;KzNi3D< zjPKmmw%Mj%o%9`PA93iZ=lhk?i)yEN1vhGd$}$wEtn6>EOtn-w`pWKH?0Xwg25l`@ z@T0p;GEaVKHkyZ;uI91XiCTV5!u`N#wb-_EI`B z*!7``Zthh?J=ls&zEmn9ry;Vd z8wz3PjcBDge+5KUrH_iAEq?rqu5@Ltp-=OV3JMOgX3FI5!XMrkX5 zM=w40Qh!l0nMylf4`g7kA)_|YUOnBZ_AOCLpx%ucprb78qhftXwK9VqUxevPW$ku( zQJ*>Pqlg(?e@lTVxd6HS5Q70$d|O#SvFQOB%;CCicz-IFrscclf+^P zdl=-qod0G-JbV@VAPp-VXwDx(Sk9dbaXfP=y z&LvqTA&~K_sKnTRM@IR@i>;WQGJs-?leiw3$JULwh-Y#kgF#$MbmFc9ODjw%Gr$-X zetjhamQsSkRJp(u6uY!dOzEf@WlNeZcAZ^$ywfD!Vn)~Ojme_69!BI$7l%1hC@R{X z2_W08lr%{w>l5|1S5kt~p_|3zYBS4f zAPImRC@=TSc9(yLH_oFK?1Us^-NrJvrB}+eF)G6Pp|-lzh}tW<$}!!kee8BK zrJ>v;*EhFU(seDJ&HQ8*m}HO@bW=wKQYm{2_RPgNm&ZYK0@<=FE%MXCB@A{GD_6dp zDHah9zQ^u`>fS{vBJ-`(oI#FyMmYy@Gh9tKlFX!!%m~L0a8)(a1qwQsxQpIw_s!RP zrSq~=Sg9r)`?8?->V}?Zwe#VYdLms+9aF>3iwKk#l><)=$3{uxpdvOFiC0#pbqpe? zYF{MNRy8~`^8t)nC_iJ4UshITB}csCZNy{lZ2JI?8?`V&l=H?J5|MX2rC?j1<#ZHx zb4K|Ylq{)-wsd+@r}z#Oos7~wubwd73GmUM}|ZuBGC!z$WlMBDVPYy%o1_Pu3>EZn^niU>1;Ny zM0r`gXTmv**RtJfA6kfJmCrmQ@ju%OH=dFmZf=u0Qkaa08@o#qWu70{5Mc-ry&zU@ zU211FRXNRltri2{$W$-iLtC}uVONT(gL+6D0)g2_{S#Ks#xju5os5JgixG8c109)j zEe5u&*O)IyG)tYC7Fd967HI2pBPmj2V}6hYv?IuX&`u%~jG;z8I&PSy1@j|sR7^-m z7N6K8nOt7p$Qb#`mW)6c)!KC5Kvj9T@0TiHGN_wj9ADB#gt2fskmuO}N6Q%6;O|gM z=!~$Oi&)m$Z&=$^ugVXt=}rhWJK&1VBGYSw86ox)SDP(r5h=+P{pz^nskI*{RognS z3jc5fl`3sb%tM<=j{*uten@DM;!fFMbNh--js!j5vgQs1w_Ra zjlqg?{v*3cFaDPfK~vkAVlJw_*GlBlNaeQN>SsMNf~{q3%N0$sT!h)|B5OKVmQx8b zv1_i`6FOQe8T%&Ex`+m98VuR#5($HE4JvtJUa-ERsZ<$MJ#&nRFoS(ZXrgGv6c$hU zMAH#gFgc`ACFRrhlNpmKFe2r7sdQR%T#d_Kw61nfM=COm1qyL%N}6J(DmPvbW=w|F zC#J=T$4f&)gA)biTtJ`Mf8;|C<~XOFambmT99u(63WH2YVKg*eWKMHFuS|7|LS}GO zG;%bjn2l*VG|Y0rNL7xI{qqGeJJ-XH7NL%wiHi_$YqXS{mn*lCb8+o$^ljvzTwXGr z+w_juqjGt`veK66A zjp%tf<1NOC4h@(>WV**>5^dB>6$Sdw7w+<$Fv9YA1WMW~OCW3u$~~Hx>|kAI4%57f zin=GYHPz*n<$Vkz=DogtuqeMvg3jaE zd70}tD@9|vLt8+!ZA9xi?T`5$9WDv$A**A9MuB7+V<0$=9tjonox9!+XJT+bZ8(1O zkAx?cV`TcTsMvgA*v_nG(MUFt=Z8tk`4L7rV?8a%mWQxe=!7q)awk7!=tk4c=9$YR zrpVK?A(|i0$uGu4Xl-L@FEEK5aV%X(38^>a8V*iws zSo60om{leu)3qRmOwMbbn3v%`ZZ2k#wj>foERm_6aMHF;n>XFJYM7FkfsJ4$IMeJ3 zb(mDhlC)yiuyciL*T|zb^qurOnez^%x6gF^vQ~m;GAsSng(`U!25S`WKN5Dt4$B(< z!`M#kkPJ3sd??d0cNPIT5kBU|ncC4BA-9Fk0E@Qm5x-LB7q)s%UjQXm=3*H$-dQD$ ze0FxzC%dOW5+fq+IZ+67h_%P`sN1lwKUB#w800>YTHoa+LlT(DX1Qg%Y*xgUD0E;; zYiMb}HFoy$f520gpfLGXda_J4X(wic{;`|5c4G!Xn!^Vp(amd8O3i4`QWOa~a+5Ny z$s>pIE`vN7_%)BM|h5MGPa;)DpcA^xfvRE~7o*rho;FtQcD4;C3PE~1P11(xS?ZquJ>r$W#S;2RT~?UR4R2XBY~^|lu-?i!^l&xvLm`yPN$NIaCHp`_GH1p7OKdS>=-Cbj7}fgmDz$m*tRb|mcHLwL%BZqgTg_Cnwp4rT znfT`(Vf*tW>b+FDxwB=WmSH3=&3>u#iR_hisINpW*b8B#ueQ3XK_gq)(YjLNHb<;2 zbMggNuSi19T44#7lSQiN*|Fb=(kvKEm8|#-0x^EsetJiC-5%YtX{Zd};ag*YU?n=) zJQLekf<{b`=B}>hUHQE;l|ZELkcF)DvdCy<%(I}w#F)O>IZf6eH#ydDIRgr6ZCYBL zn}Mb6Lot%fnLy+q>eh~%xc)+I`niNLA2=^Iq!jC3%;dcDzusGiacgBcP*m4FcLc-)xvB zM~3S&t3}jSGTqRj&lJCSMHTcD)4x{bI?Q4b%$_Y`V;2rl>#53eex3HWNqb%os;2xa z-=(VQLUR)s%&1M?Hi>+FPPbgp{YDij$tumE=CY1*`Uh108DTM#s_2osnpTgUv)FyD zwJWhw7dXSuW}9pNsefi91MN_Xgksr-QwI5r$X!Iuh`5EBWXE!_DMh+yewe8MIiAgt z4kw1e!ih5K+_ono0ojQ;s9AytgOP4s`^=P4nF1)o@|^7ChAfm38w!yR&f_$Uy!bg^ zb$eiUM{Fv-w56@9MP|u*Rr({0lxw9&VjoQ=Q=p7zXo|w@p#D^oE=CJPm2qM!(MqRe zOpRF2G0qHk2UA7Gr>Mbim-K~3cWCm5VP>@vj23Y6BI3>VAVFVOoMq&gd}*iA-pWKy zs}_t!5~g5bbzh4aCe7pe)D8{>lGR?VOlUQ8V^ywc%ChoX7c*E$9ks#gi2QH<7rA$R6GJ=44ob~Cj{ ztLMyhs?&{eOtjs=u_;U9wf$Zrd783};hOZbny=Ep9HiUMso%WIPH(|(G#@!9GMplX zPPx5ZHdP{D&*)$f;2fiugK~FOb5~o60!<9;u&Rk(sTu1sHVorzA-O<%2P-mYWke>h zSmR=CLqlV|zVG%T2boyR2mKxm@r z#ReugZbZ6SWl+P5j%s+OQi~}nJ&zj6(7t>MXS_?^bu?#XrW7oagnwgF&agvmb!an~ zT2O4rq^ymo66229`pjsg3u&t#eDZo*TduEa2u!H5JiX#JZ^F373b)D1&|r)Xj!JIQ zJz+&cM{FX#M1&;diV)z!hjrdsF)JHw}%w?~z{ z^iM}q%$S5>kvDB3>D6I~Lyj>lQ+_lCW zF}6e4ffUnxY%JN?G1sifG}fN$!Z3PorywzAkX1%SgHzuz1(T6Ek@heGVG2gS*dqzE{Sa;}B}$b+~3Lf#k0<6{74epe2C~^_Q=}S*=lW1nZFXGgzaXD^dH1M z4qJ^*OVXyxB1aXr4Z$`;ccF1z4jKa>=8*4{rml^tQHzq}u^uz+TvRKI#;-IbMS4ng zfOT#sW6|~tVt%`_E8n825{S8pNpKgWNLF4pN<9#EKpsJ&#JZG(o>h@y43SHRHF<+r z$$(DugRXVhQS~|8|$O8iuWSB}>$AX_~m~ z>9+Y(Zpw2009BG>-$gR1Z$>z*Eg5s6WhCp%O$$+k+eXD?v=J;#cW1Ola!S%LCUTyc z-Jqj*DrML*!31AAs`wCXhDKNB=@?G)7B&EGvxBuF1bMu$J(;FprHrBGhL`eqN5xmj zhw$?vWz?u}F+DYVx>8rt3bN*>l^^%-+Tdv84#fWEDy5rnTCDJVi5~%SM#<8%GYi#iv_QZ(x5+HYIZ;6## zc{6XGnE`6n)SD)&HEmT8vzwSWyN;*~ zdMr}r6J@kREC9P4%{HWQX67D7v}%|LfqsaYNJm~9huS<;9pRUn$s*=ctJXH~wQa4{ zy6jr|W0^o|d)o3ypa?`W`!kwTiR}cs2H9`J40SS6A4xH0Oz`Eh^gHHH=tGs6EMdF$ zu=sl!;*gz@Wo~%Xs6n4b4}y?aOzSZDAbv?p-x%&jtYc4{5|@J>yXcOkrzA{+3s?i) zT3Ka%SR*6qo~r7 zI!I2Kv@)s}C^jSP&0X8k6==6eUd>a@Cd-G6mDPL|3-*mI7U>$VkxgvFgvis8=!G*% zWN6FODtVWTBhzjhEJj`mIkBC%rjXkZ#>Xg4X2>K`C3+EOp?5j1tXUS} zx%`R@QglcCvd>M2RSq}mE(|l*SFATSR9=|bA<>0zrl&-EjAJjfmpEq*OVFl? z&L#+_f5+s{t(?jEbnSPSxV5Sp(c>JObx_QzYm=VQ1P;Y07%j7%|9KsuYa2&A7E zb!Uh3WbsDZj$U@guq(r|80OfNF3!b>b5Lb@Ia%K(QYS;ZVawa1}HA4(3I?G}cV+(yvKy-`$=vsKSerU!Sxt?pvQY_W-z7C2a^#=8* zDTp-`63&c3otqs9P2OM=cXqHyq#cp#GsvC*nAy~$))c0`>_> zm#360JNtxOmvHRt0SUtmFa|)}- z*qvHygu8^LJGM8sGFy{~YqAKZQqCk9H>c=L zW4AhnU|U0xh{;mnPZDv{Phw6xLLAh(HrIk}2IBD!$3RR}q-caeyCiXbd*a&0S>o%W z8jNU*g&g-V^h?Wzk$95Uv}@*?)m*vX)PS@$?{JJNS#~Nph74KZ&zkQpEl(rLX4e8Y zcSUj}TGPt}7I|jcSVE!dkj=J&;V*4|M>&Df8H|Q$k&!ujaz0aT++D0C!k6mqk;MA2 z8lW137&nbBc9F)D6mqlY$6?-@odt74FjLxVh_D>46^TNSLz-$PNkUkViGTVOBu1MOh=2nb=y{8*Rk|4%=^mjZkCy}r!LsFp`n%oZq1#j8f#Pb zH0N^~2rT-T=1gQGH8B`%TfiiW3)N^t-AuzaSwh=idemF&=y4>h-mM~2EErg9YIfIJ zq;|A#Fmh!zL6{vO*JX1coRl~jr(R`B&2 zXx>CM$ro~^a<^^2T#-|6FW4n&gWbf;mU}t+#Wad)Opm`60Znx)Nm()=q1z7aoVJwO z*&-<>jv+G`y{ASERti}48h%J#wIy~c!-Z~Ljn6ow^Ph>?OuD7#M!Ezj8j?#U=J_UT zWG9-&)n#%-lgkkt;l^h=YE#A@tI@~YUwy{4-qpIGda>t=i67c#5u43vc5ibtT|;{2 znjDUjQ=R0AOsK!C=(n<~w9y)*gA{Y=VryX^Ppv&-zDB+&^u{D|zJN$exAScN?+_8n z)gXELQC?Ywj2>x>XekwUqo|~HZw1UnGaQX}nk=g7)VyU*GlMT$FHz7*8M^FxtVUKf z%aNx!!v88&pcVfhqtW?j5Nf|v*BUdAg6$vV!%*57E(n=a3dU@Zlj8VHr$*eQLD}?} z)6?AUPYmdok&k$-V)}=qp1?57s%7F(p_+4xE?`5ld%dqKSq@wZ=_KE5d}VvGUm{NzQW(W4FH2jZiWv z(9DGK&=|6MeSS2P+uiFSd+YJ#M-oJI5gz zX`ZHMLklvqegL}1heYCEN8l|o-^r{N(6PvGL;7XA(h@?WYHBgQp zc5;~M01T(DyY!a)WfPWI)UrKxW9&KwB1mP_oV0U-ei=DM(sU--mGN5XmvP)&R8^P} zg?xi|s<)*`5d>;mJHDj!yC|9NPpJyzfw2mlX(2Ku=CkaFj@%sHmN3FdCodCy+O_Ea zJ!)5C#tvz+f6(8ryOCA&m6(5g`2W=iYnI|ANHcLENLMpWBOE0RrfY=NcfK5pX$L>q zu)fylmCdq^4<94OPF8s`ozV1=IfE)onRI(=;)+cyF=}PT5lr2jt)r|`rS3MhW>5_t zIip5fYm)mM;}9?WQt(Z;F~Q_SG$;iPl^a%(eC@IVw5vxwtn1E|`LMWPK#98?BPtxN z(j;Vc3t2@75qmAnk|5-o4%byixKbe4cqc9OsqIkBjcQdjBh?KuX+64edzBf*FpG=U zc9^9`QJraCBB^$XQM_|T4tDzQF?$ZvYkzOCSn(~2*DAhC@q>yVSNy!<6N+C}{APjo zztHE|=)%u_?)<;;c^f~6$N$ORpQgAp3+wfMn_|D>BZ_+zhYGx3{b%ccHvU}QXFqrT zkAK1P9B$G3_bT3>g+JH(qyK7oXDALT)+@fX!287CEH4`$QTN%;o&Wb7x6YjFHEDvy zEsA$5uAgY14=6sU__$);4UW#5zrk!viQSO*JsTjo_ei&N8l}28)+?+x>dhlg=iOl} z7zR*fFO5lFNeeYrGiI2T{SsOMW@E7u*P-YIzveOmX8H=nTd9kzpA1O#rgJ^U&6;RX za;h@V;84T1X!!EbcF#l}T-Dvd;@gg%EsBr>_Fkqu*s%+?+C&&OH@9qeZg$Z6 zZKI=|oVPEmLnc_8b3P+Bu{Eivh@#$3k|{sTL3Yg&YlINK)Eb<~#yigO(oO)G-qI=& zoRsBWHViapnCcdnPV99r9~xRR{9|^p#%tFt-Dfs>;8oDjl#@Y&1VZMqio#?vtrj}< z1Dd8A8`7A=G;$I^8JAWO?Glw+I87)?T$Yte}hji=qB9!r;wA#^ebb+s=M&a8k=wSm=%_o zNp6|N#S-PvRaeToGxJn~_s#^6{L9|N#thExGC8jU1tP$xK`);GAW@s!TG<)O$d)WA zwg;8TF9y}RFr?ewYI>!`v~$Xo?4oh#25u&KGL$N&Veo_CjhkRF*~q;b_tFMMq}y7h z6OL1tBhi##y+CGk>4RN@L(c=HO1?NKT`~$|EI8TiHs}(w2_}g?$*WwsdebE}Yu0V5 zuCHBRQ@^Qh?WR?0*Iq0Y+flC@x1{}2&wFN)=lMtP%k1U%==gn^-GayM%Z!3!ptr&E znkMYa_~6*YeVGa{F==0>3G4^^!69%EteCtnGYqD|QE+$){LAovCVatD;0wMUJ~%K7 zKIoOe2m4Ql4-S{Z2S*mbzntf1?aP#b!{91#4BQ4L&nCX$5O_D(f9}4_qw;+DzRW%_ zy<%Tx!baj%0UsQwgbxl~urHGa`>Xb42IP75zRVDquGyCv0h?Cs%Zz~)wfizfZz4U` z?#m=V|B`)~B-m6B9~`(0zThU(Po8hymw5{8Zz0}S@H|Dh;NVtxU~)S=FbxiX{tm(g zi@FFG9J_{a!Tx^2eKX(x4#EY!8{vb)U>Y2F7kn`NKKS6!hvCcpr{RNR_rl*qJ`KSK zNA8CYCjSFII0O#J`$yq}P2YnL4ufN${{#3<#N%i1!SpZTgM+_?4<-)62S@)5AME$` zXGR2%-k%u*hsW*D_|1IRl>M0saB$lGOcR(qd4HxK94*Z8 z7vO`#;Di+JzX%_!_!4|@_&?x-17F*p832dCA+YFS(hcl?jC2EszqdbAv<3fvyg!ow z2Y#|YlLW`c_GkLQk>Bsn>;Z@Wus^dG^q(hOaP$Sj-AeplBwWxxM7ZGSF$Xf+$Kl>5cH)z)kSM;THJd7`P3r*a2U#6FxWyJ}U3QePDkt{3{9n8u(!HTKM4b4e-IC zcfbezo8W^*yWxWga37ciCv3+bunZi07ksed7WiNq+%3<+yTRdi!w1K}eW3py`0b?M zd*Oo>?}HDf2jGK4;BIgfyc;ZfKYXz1R`~KBoUnuUU>WFr06y3RZUYm0;Dh~lzz2uG zN9FmQ@WH0L;CGO}U>R8PQTT!%gAX4Zge|hA;T=fy@iwz&8$LW~7PtBL^~zz>#ks$ZPBv&5dKc$w+cR3R1075V)$TsHGD9+20l0lJ|)lV;DZ%w;r9_ga1oeH!UspdKEZnU zV4?v&m|h1Tthf|DICvTSUAWr_9~`>^J~-SAAM`fE2P?q6f-UgDL@RvIPr-jHJa7>> zvIRbvXoC+9fqUfsO88(C_!KzM0Uu0v!oQk$fQ!K4UihGQ6?`xO?g2-3!k6cL@a6f{ z@WBCa#x;ZwE&`L+!3Wb|A2{3(U!LCr9~=Rn0>|DB9~^uS{A>A+_rnL9J^&x|Zi6rP z;2yyb!UxkIf)7^gfe(7O!@rJj?t%{%eH1=82=;+vABPWCd`X2U+}?Ea4%T#Q}|#K zd;uH;XS{=S{~3I+3EUv}KZg$v{|Y|n|2KSj|7-Z5_cVNP>>2p)(STLH~64 zf@Sc*Ch#e+XfAv(3C_3)|G`Dz@Iv^YcNTmw0qz0E&V~>A=fDS>z!$*bbK&pCzw_XO z!;9d9gG=Cp-U|3&65IN`-W#S!(cx+3J!qYEyS-8KG?JlJ~#?C zfko@#%lk{=gGq20OoO9f{|5N)CLW*<7F`A(OkWNk90vQrQE(7UY=jRc!BKD!^xlIz z&<6+K1Rw0b0zQ~{GkkCe90Z3q!3Ud~;Di03_g?Os;e!KU1vm;efkm6)%lj7i;7BWc za3BRA9Nq%|eYoES9~`_AKIm)?aQ8{mV98{vb);Hcd1hW`Q5@n-noAXotoflXlg7Wkn5Zunrud*Fj( z?}ZO02jJgEJZ^;#4uBP4#clAxq7T9ceQ*#Q`4D{2`!Ia4;v?`sNcf-+4uKV5;tu%W z=$-JvqPyUOJ~%Az!BKDo^gcv9J_;Wk1S`N%uu1Me1|ReX;e+1C;mdPyRGxnV{)dS- z=!1z*!k7C`!3T%Iez57&@WKAiz?b_6;e$mF!QVqVfj&6+pYXxqZ@~u>kHQE0zXKmk zJ^^3ue+nOL`ZfHI;O>9ngWhl8gTudt4;Jl%4>mmmAM~Gv4|;!q4<`Ns|91R+2|ify zGJLTA5PY!6JDBO0`=btK2EnFd4`znJkx2(Lqu}u5gBkA*^7Dj)86T`T>0qV;9D2>c zOcUr$hYt?SIG7m%N8flbGa~mT2Qy>x{; zd%!_(ue_gkF!L1H1ik>$5YEiFi|+y#ffe8eaQNJVnLaRm9(-^R+zXC?Pl02L;Dh~3 z;D40xmcs`}!3|*13i#k4xJT|Q;DbZpQ{d=@@WK97@IS`;iwDxm)hRN5Ot@A2^acn3*t$e+>sSWne`kd~g8V1`dO}<^6j2VDeJ!v~9Yz?bLXqjKK?AM6Jwd2OspVhYu#e37^5A z8_0Li-%Y-QgYP5X!GRBu@ACXE@*N!d82K*mKS93B{in$H&+cL0_~6jf z@WF~_;Dck}jC)C^gYdzMXW@fmzlRTw{s}&q{0n@!e*wPS{}n#yy$Jtb`2LsSgM)|A z7hq!CvzdOuW1h|24K_`DHuI?9NzZ2XfyviAo0;%=?qBz8rVR96|7>Ozm;kqdVq;H{{q+w zUoZt99N7XN^tQqWhql272ixF-=_}#OJvd>A^aabn^mh2*7`P4W-vJ*S=ztFws&t=l`e8O{?0eL>{xy%qa zdLn$V|0MYG{x$Hw0=^bL*ncv7!5Q$u#7y|0e+qngJ_|lr;ll@$#qj@w@J@vfCQ9Ig zO{c*ZoDClwI2}GXd?tL*n*$#l1dG1P{XF=fKOa6gn1C<$XTb-P=fDRO=fRiz#qhy_ zCGfvSyq3ZTE0)0rN5Ql_Uk)E^S^;04gCk&31$=p53I9RvtKfq})$qYFFbyVa;DZAz z;e$o1;DZ(57&rzNJ%qot@WG~w;e!KU8ceK)5Bh81gGq2ip4Y(#(_qms@7KZyi<0oc zB$x*K!2vLR34Cw}904op;e&|=_z!d62p=2(li<)g_~7Vz_+a8v_~0-&0wy=W2a7I) z|8;m^0`xD34_1I_a2Onr`!~Ut_gBCN)8H65@Miemz+DS`u%Z<{*pz|~4uS*n9vlL_ z?eM_?a7^yo;r}Q8feCN~OoILn_+S$_AkV=eaI6D9SkVO^90rTN$#-_c7wmx#_V>aE zy*~JIe=U44`8N21Z-)<#+yws-!oL|lIQl;La{mGN;K*(8!NiB)gGGDbgJa;By#EON zZ;{@&!w38Cf)5UU6h2t=G5GR+5I*RA5+>+!+#Wa_rM1Sz$Do8Irw1zz3}Dz z=i!4R_rV9pz5pNe{uTbWi8q)4oBj5z z!3T?m;e*MC;e-Bv!UxmegfH*E1z+yJ4IdnM4E}eB*LUE9!;ixk{62iaC*XtL58#7E zKY|Yq{TF<&>1Xi2OZdNl5Bj6vfg`_x52k+$A1wME{Kv_k{qVtI zFe&#>!1pj-ar#F^KfFnnZWs+dgxUozc95`kyGXQ$y z$1+3U@Px60J175B7oSMexC*#qhzQrSQRl74X5~3*i5N zbX^G_EV>9j=&yk<_m{v22O8jm{p;Ziz8O9^wi*5p@n;KsuxT57aHs=5INAkYo?itY z9PWb;`q#k+6W7E45$|t;4|==dgQM?<4;I}9U*6vVAM`&4A509w2mAjY#?A-4k!gY3 z*|t_u1VvEX-%%qc<1eW}p*FQ%dx?UhJ`5k%aPLr43 zAP@b^$ivuj@-VQH{15bRj6963CJ+77mWU?k$Xg=XCG(evZn+-z!x$Wc!Ga~Cq@Q}$ zUm_}C#J)t-Km#^Ge<^tw*p@tWY)4*tI0o$w@;|~I$V1nTW-K$n8!ZI`$wBqp%5j%gICg4DyoyAP<9Z3>tfq|C#aKi#&AABoA%-l9$T| zl85nw$itYMJPghv4}FJ{AE2Hp@-TJ;dFVQ7i3mV<^%4<+_Ss8B6h=>6BI3|?>Jnl5 z5ABBz=stakaKpeEON39ZKa;#%K8rkzpHE({zkoc9)|3B*dM+jpW6%x#4dmtWW#lFO zbJe5B=AZhrwp@Fa|@=aRYhjVI0PxEe>xd4~;v>%jLVs zLq{8VXupR%jKHYm{p4XB+Wt#!9(m}0kUaE0NghU?A`flz$wT`yv&N zBtHn>A`ku04Q=m`hu(L|Lst)Zx&90Cay^Vg_m|}V!1s}t{E9pbeoY?67m|m*e)4kt zPvoIJP9D0FOGM$Hye_>&IAP3KB0Mm%WQnMUp`}YiEA%c~BEm4Re2M6V(G^QX0=id{ zU(9;wgt0O5(6@>_bWD(!TumMtuot=ndASS=6ZC8SrNRmAMN5T8E^o9{)Jtx>RJ6kA zrb|T_dN*4tdL@gOiUjm;zEl(rQO*|RVPs44FjPVw`nDzyV=ye2OUc9dcI4&y?a2>Q z{*L5ftc*Mi>`WdSyO5X5yOM_?Cwb`FgFFnv!X)LElZT-h@^Zb4JTzb!y8cNX z`e6b_VPT4X?nNGYp+|CW@-PBhp?xNK=zzV@whwt2gN14QzT}|~dZ2$l@-SXO9!B>k z4{ZmMhwe)9(!;_G{vh(ubtrks!^uPMk>p|I81m449C_$Fg*|8Loe)yemDjruw*6ehZWFvBYEh6P0$6~p&NEXFYJdtI0pT&WQ_K}3K)VlFbbPs z47S5K?1sUc$U}R8Jha_ReieCG0o}KdhX!nd-WKw58Fs_yZR90yClB3skRPYLt>j?< z)_Ic!?@c?_Ym&?$WPi`4`7#SrG?JLMb+e(g`(vNZ6gvM%)o097;6A9=pTqX(& zsAuzK!U=6#E)yPTze2?bwq%jJU|dz~1DcV;}M`2*Yyye&nICKY6+SK=SKOv&Eqk`YOrG zWmpdb2a$)igUQ1n?3K%hkeAD_u#japdFX>47=rcCekgh9hhe!~MIO3g0>)wCdgPBM z4@1xc-Cpw0fUVGf0(lspO&WNW1PJ4_$M~%Vk&(BX^O9zPriG<@?D)|2*Hq2+}ga-6L#{%-u3tM3ThG7Ku!Z=Jo`zPc} zsUJF_A9`R2*25TVg|<)0Ll^9YKA3<(Shy|qLnkz#2Rc3@552Gz24EOQU@wfr1hn^( z-;VmB6Z)YChG0F6!B%MdoIG^FUg(1f7=(q}Q$KV<1A3t23-ZtlTVVi(VFdQVI7~qM zm*gGP51r5tJun38VGOoHTOWDog1yiO6EFx1cc6agga-6L$5-T`7q-Fx48sWQg>jgG z_OHqBNd3?W{m=tLupY)>E3_>n4_&Yq`d|VEVc|~H51r6}9_WaXhhEqU127CDuouQ* z0@}YJUq=1V3H{ImL$DskU@NqJOCGvlFZ96#48p>lsUJF_0X@+F9eEgntuO||(6)#? zbioAl!NOfA2RdOCdY}R8q2qh<&48c|ygJEd< zfjo4<1oXi|C-p-oj6x4IU_Es7lZRdyh5^_MBQOEuuy8l(|B*a&Lk|qWdKmnPJdDCH zwEs*Vx?w`DhlRV-o&oaE2R$$d>tPhOLIZ}O<3Hq~7bai;7VbfNpcA@(ArJkq9)@5m zjKMGr{7N21U;@TrVL7jhlZP?rfwupWhd$T}<1h^EzmbP-n1Fs*IDt~wekFMr86yvatH?v|1o?mB zp%aE|%Y_HVrY#qK=*?R$f-tzwauJd1H&`xWFtp)vVL;o)%Y}U}`U_pqfL`delZSy# z$V1y^mc^KN3JdAHg9!9q(FV{QB!^jTgp?_!cFt`W#nbcQK z9{OgGhqgV*!;p)-T)!827=I$_Ka)Ik??)a6E678~{^X@UfV^B^Nglcn zA`e5yli!zq&LI!uCzFScTJkUkgV1{>dFVQeJdF6r!{FKE_k(rhp{t%e3_(8(Ttprk zFal$jkcaNe$ivW8-BNLmqnXB@biwk%z%~9wHCj zo#bJxi#)WwMIL(JCNKR51@z=$6Zq%SAtQ{BOA!gVFpIqU0ca!3t3UL(^A?8fdJ$LNr0wdMiXbjKOXg-*AQK zhwhD5h%p$jlRuc(Z9^VL0)nP^3bs(c^KGrW*Q?WdE64%h^vuwAaNB@ex@ANtN9FFh=o#riYJ zL${AS44p?F#?L1YgBOs8kqgN~$7ST9_e%1I;;$tSjqAxvHj|g@Zz2zU0rD^k`=R}2 z@-P5P4&!yO0>)ttblpN824K5f54)lJR`M_e$6&C9d=>q_eT8sC+uRkx2V*b*qj#?m zA!z^C3egMwFaeEwSBS#HDfhk=!UY2ltPozwho~3YAEsUydxU!B`p2jj2H_aAg{b!k z%72n}L)-JTTk>V{(9uI4y53tMqA>9O3K5sScZIMW$vDPV2nURRL%U(%TiOj>KhSRI z{h4+{Ka4_SfIRg5Lf%6;zmkVu=!TBp$iol}z$gq!4w8p)7>CB6bbLj6o0dWyr%2Y=w4%JPg2I7=sDuUPAsD z`URcPHBMeG!+IEkt&$Vup?#7(j0y6Rww0o=nsTSD6i(tcQVJ$V1nzZL&q%g&~^lQ7=vLLJ(4^$JmjJGX!6I?Kj?%8^g#D9UF1M10u{+7np`N+qp$mGT57tZGMIL(F$V1~k@^blp^3p#*{v_5vL>@XG zCJ)_@kcWQQ3ZpPA{iEcetAjjrKSus!@=ub7{%6R;$aCaj=y~#T`9<>3@e+CHf0?}W zu<#VdKSCbHUL_ABuaSrGF7k5y8|0zwP4X}Z6EO4^`5HWQ!r;f`VHDQGz-Q!P1cv2$ z*b5DqfR0}Br!pSU38SBrhq157!@xrFFapCc4trtrTk_EUJ^9nf_mhXQpUF!OkcYNk z$U}deJdFI8JPiIx9tINRPsb0FhxX)3;e~GKhqly8p4X?|^h%!BC!bl#^ZIPJr7L+} zpL$lTLc0{$nBlUG6avg7L$~L=^fC9}{sHgEk-K zA3Y`<(00t2a6=dL!T53Hq5XLBl3wyK2IDYv0{OGyiR58)4tdFw$iw(4(^3Zh!dASS&(10Q6yOKPN!8mj`l0T0;bU*{Tq3bI0 z&<_JJ4nxp!HF@ZRap<~+{Q0z_i9B>eH;h9c^j%9H8ZZPM*O7-27>Dlb$zOnn4j2rO zm&>=2hrZj%L;D@%p}Up5Tz@Bd=$K2so_^j>9!8-X8V`_%kq61cI1EAiL*!xX5%SRe zDESL{9dtkgx}oDS@-X-~dAa@x^3eYzc^HCm7=yNpDCcSNFaq7sKc74dK0_XcUtP6bKO_%>ACZUtkI7%k`UT{n{}b{s z`YCzn>m?6kpOc5i7vy35EAlY-HTlb^Cqo{(4f4>wj6C#?l84ddt7>6O~+J-!g!Z>tnOa4l7 z&;g^+4P)DrhqfKaL*I_%p#h`P??PVs-N`pHj?e+Udyt25=!5=p^3XSfJhc6jJdDCP zH1;EZ7451Z52ID&B-_$zO+u4(Psx zyj+Gp=)ILZjKdK0wUCFl+sMNJv|Z2g?c|{!x?v3Zpz99uFakr+(MleMU|cTWNxqq7 z=zxy73vmQEO zWP@?xf$rjQQ7@Nw9T%-IG-F(Zq3@sLq8Hls9Ty20-)~$L-a-8pb1`Y4HFraVt zxUk>J>rNgQF6cOoyj-p)4~>h-!@#BF<@(FXOI|@92BCc}{kW1mbX-Rs`sR{{fgpKk zzn8q^!{nhK8qn84{x0&+1-*}xhrTDsL)%m2q2n3y(Df{N$>+$!$P47#$aRj33g~)i zT-3n$YvZB``d%Lw?a=ndxafv4*e}IFv;NC*p4Vr4^^Nnq zKI8e-IM3_T?r+9-;}&uUrHXj zw$9<@((wL;?nPpAd!jQ|=xU z!U>J?3E`2PK_2?{Bo9L_@-Vg!dFl5hFMS31d9>qT@-TJ?d1!N!hrU_lVH}2~Ka{*& zUqv3ejwJs8uRn!6bkvZS%a@UduFJ_o_m$*f5cW#nNM8D@CWQS#%7-o(XqpgS=)HDA z_@V9k2@#YYMqu!U2@!+7J14{#49%SoB@f~6nh+I|Z4;sfhVGdVO>+6Z3DFL1?GvIK z24FvQJxm@NkC1PteNU5zfoI9XXqY^-zeHZHe~rB48|0zyP4X}fOCF}aZt~E0n>=*C zLmt}SB@g|u8^(LcL!*y8j4dSp2<=-$9tL0ybp1eHuK$s|T#l26j^D{c?;v>?{geEo zl((2XbZ5xJ2yB9m5$2s-zl3=Qqsy3g(6^j<*Fn3X1KL(F@1T2vc?+X3Aea9~9>()0 zMHB|sofL5x*>qCa9%FlKJ}De9w&kR7!{|1X!Uyf8lOh1UJ5Gua^p%l^ekXYt+k^b$ zlwV06x(*@_W6%fVZt`+@7I|ntoIG^HIE)@e{t4P~40&ifo;(bB$;!z<971UaR+%Adw@K&x08qN4)T(ZlZT-v$wTi`kCA_l{(nba@_X_y@^A9c-cKHeU>F8|A`iVk zlZXBR@?qNh3wg<3$xFt`!{Be^Vd!`A(ElfSxqdNu7)y|Up6xe89>#{rLsyc#T!yVM zkRmVFr^!QGhP+%qLjDEHT|yp)pa;faJ#;N4592T_mzR-;KA3>^<>X(4E677X^uQRb zhpv_6p<@+!7=^vim>>^htI2mVUV=Qd+g1w?^yRM>_0X}-YS9Y4Fbw_ct>(FX+6fad z1`A)JeMPHzZlC;yP-Q=OWiadrUq5TN*FapES?IAChk0B4^ zu&@hy$wSv1^3Z^O=s10~2*MbQ$n|He7BT3$Xtgk)&A(dM-(b8iUoBkFcjao~g^sJp z%jIjxOE!^*p=R>XdlPx+2#|jh-cBCc?jR41R`SqwCwUl!5xG2fwHSkLXn%{>^G|X1 zzkKiRb+c{Ln(WiIDO$HMIBi|KTwlt+-d7fj-PgQE;;&!NSJvR<>wPaQ7Lfw}XCwO& z8f>}#sv80BsxSIpYTetX_w8%{rpir4r$n82TF_IYP! zUm)vf;opkLVsW$V!rFX(^ECMa>F4ur_|?VYK&brHx$+mVx)<*;`@F+c`Gc$huNQ>%U9uB@ki$K0@eOQ^W`gK`|I%CZ!8vPtZ(); z>#y}K_^}Tb3m)OfwRx$>8*@mV0t|7fweSgZehRsSHq@KbAFkY}^i ze7;y*tK}P2z6{^px0rk4&GjFsd=%2cM7JJJTYs%6h4YSQ}d@P zUnKkY(_-+&h}Go=W4v~_r+p!EpJ!(2I&VEi%+%s zKUDR%;q8Ac7Kds1gR^-#j-7b-pNqwIW-rIFIQtS=YId9!@w$q|*7c0y6Zmz_<>cq7 zb`}?~Jrj$?e`JAc`XL_-C zaJo5v@AS3#dHC=$_IIs)`>OVJ;d@6Hi%QM!r~D#(V)tx#~n=SiMijVP~<#Jx-`uSP5pJlA7#0S>lJIBrKklSO6-1d;KtK)S|(-R`k zT+VT~PH$W1o`Qc-t9-S5T^p~H-+^xb>({N8uaoWS;&mRr3;kubW3FA#tNn2izJEj7 zg;xIbsjkWV=o&BIdMTejUyWZe+ogVEzT2E}%K6_5WC=1q6JJrB5Wi~2v!B%QYz}^G zyM(w~YhSBsU!yF4$AmaWEB^>p{ycp9E(x)t*1m03`?~PqT@&I>+M?Q*_iDC-vVDv2 z9%n*)XdcJ>9yLEl@ngFu#J7xt%IANT-S{$J%)IG#CB%N(@ocX`)qi|{1>eQKp*jEh zhHL#CeA5vLaV_=a%5PNjyHVz=6Jjr||1)y^$B%gvqC?9+r1D*|{8JL5Ny}fU@{45o zrzgaTRIlpKJ5G(yD88gNA)1R!KL47cwe2sa-%a%iv9ngcL)AYM-+F06oUWCBvMPTL zz8617Yv1vzeU13SD-+@rsM?o5TaE8L)_bl`h#_tJ4XW+eg)g}=A!cZKr^+v4z4P{j zn5(t_Hr4)7e0v+;DZie%{ukF%{b#-N!Gw51^N%P$ll9>z5@JG|pDVKSvz#L5;9H+e zh<}>B_ttgWrr$la$CqYbDn~E7Keh1s_NNl!P;GxYNbOJa@x7f1(W327H>v$;0ltFo z;D1gV@2Avw56XNO`=d5rTeI`Ej5ZWdZ^cIm@uzIi+T%UPvAluoCY5Wm?JSq=`#2$v z*7lpj)qcZoqh!D9|6kg6o2#~413vUcLOiAU$CPiA`LFn`2F+iud?!A*Fd<%ts-5{S zt8wa+`JWQv18rWsqvk~lANwt#pFi`rQpc5|4e-D7+XUJ;C)GHY<3o!R;$t}=YsV?? zeKqf^@!mv29K`;me13&`f6##Uk0dPLhqmDZ`2T6!X_Y#zbmD!h6Cz`tSNTJ#{e5_s z;JBpK|GKI_g^x`i62;p1Zmh<)h~q)5a7etX_5aOW|MC8!Au*vHH&&?QMm6ibTMdbK zwDR9jpwoQ>yYS@e~7Hz zKKZX~w06Hv;T`)9iMO=+UsLrLG49a=hQuS<_&uP;uN?0_bV!_|&95`m{Hn$W`K^dU z%=6>AseMSER~qmU{GQtQ?5@VAP1avMBo5X5LCSaHjpK&IRa*P}>U~Wg-h1+p=rfPc z(YF@dlb`?I+9Qr^$0)BGJ7q|0Yi?&vuARkwed-=^0ZToJcwr`vC_Ya9pwQ=82jeDo`4-Sbpwe#Am z>b%y6_dhly_R_|6h8outJ~;nx_J2G6*&$J&ZC4&`UGu)L94~)^Bq%$)cK^z|OO0nW z-oSGyC+G7!)&AKa%jY*sTDAPGD&K~;y*4D;wDG$`jbA6;|K^bRNZbG3Q|;@+J3e50 z?P0F}xINakKZW-V4~hS2?OUbVSF{QHcM7kK|0*^9<#-3bk#e)v{$|zwYJ3pCSS$ZG zRel5B$8W00zrWP@<&UWH+hqMKhQx7N|BuS`AMYO@61$q~KPOv#cK-F@1NbU!`yHb8 z%M?D6KP*;i?OUqaSF|bZUuRgHWG+9?tNK@tkKvEj{Nc)1<89N2h5S1v*S|Z|@w)-< z-(Xn0pv~WB)ckFe`Avt#W?K6;Qtj)MezRdwr{&L5`98dt-vFy_Ek~ z$31zx>Xe?}%;BS=T>tXh)%f(`W7`jl8RqiqbLFS-alAZ+s_{81=Zm-)Xy7;1%HL3x zUoO34SnOcV*XHuo@?zo+*5x1g-i2$DBmaRFB=v! z&F#A^*S-|qfw$U!iZqk{mudNo$~WMn zGl#`STKm>h?Q6qF_8AsJJ3fu8<5MR-STQX4s3_O}{IJUR;T;DIixW7{sr@^@+AbR) z$1jEV9X%}OXxsnz-1aYF{Erszv=x@-qfLzS5Cbjs^#@@ zUe8BMruMv`+S`oxpExYe*ZO<5>Td@=deX4?NNdk~s=Ylj&u@cSoo@&5ZhkZD2(A2C zs{BcrKZEg*4OZ`Gj#t~Ol=qhr{PkM>SF8Ff@%FPho@nLosLHR!JI)=p{Clk#Z`2Ko zZ?*crQuTMp`p+8{r)cNX+3I}SBl8yxi#@dQ-9?S>0N&OxEOs-OUzaUDJ0B+Tc03;) z=lY-jq{^3W&3w3o_Y3BH-cr@RN_^nbVezH*e)CiHezO+ux_Vel=kE| zZTlUdwqNNs%%2B`#TDj!-X*#I<3so(G(SuET6_$DqULkg;hORGhla&*+V~%(#=k?> z&u_Y2rRDvq{2p09eo&jAzpD8;fcNv;Zovx zZJz)qkL>zXvaWJJ9O=+yFj?|3T~Dx2k`Wvi`ndu~740C|}AO zdG}YmU()J7Le*c1m%mkbu;%wyz7`)`_56RQ3JS^sxzAFX}ID?f>kEwVoUlsd?NKP;-u_1~1OKD+-^;-h%0_SNG3 z{~i`Gb3X4&)&6F@;|J^gvjgwOf1%|+QTZOcfxkxcS13P#_x4+l&m`XUllA^px&!UU zS7_tAx7vRz@j-rr@(XQzKT+dbi+BHGeSB%g2l$Q3J+$(7QRR2Y@_!o^TWWq&<$I(b z92Q?``+sk4|Cjai+n0Np$7kyFHFf;M`|xhFzdpBpOLwGwc&qobm3ZIK@Lyg(lgF1@ zyldFnH{)$dek0Uef8NJx`*q+W_#ZXDNckSTKQ$~)&*KGa-@oObtj1?R<}<_MIxT;d z%1`3$Bg5hb%{M7ux)bH&t&T61_yB%4?eDEJ_4igSKDcaH{Gyfrqbk1{?;YjuC9}Uc ztFzmu1MkCcqn%&2Q0JE(>Bon~KIZ(?+k_+qVaAOiNl`j~Q6wkJIMIQEGln z;vEG^anJhZ_TQ;KPb%dP;owF|ak+VX^QPWl%K2T1H}KnQarNSw8+O%}-sB%AWu6QT&+Zm#KW| zE}Vb2Oo~FSfBC9^mH1#uQhciU50$UQySGjXd23v5e!Zf6Gd{izUYkF!sQJ@@5Aa*L zUaft{sP^^XBlx>D->Uoo-r-1!Dy{rORQZ#5?@mc!H9tz(@dG<2#m-v$9jg76_~0%{ zv6r@eW~l8`i;wV|zVB-JH&wnF@7+BqzSi3RxoUq0-nK_lY@?OGg(|;C`WZ=amDWGM z>fZp~=Sqr%R{rm*{7Jm)pGk3w*1p-QeWgzJ&%Ki3>FE@pjt`Hk<4+~twtrGA)bd}b zd@Vk5KvL9e{#@moWuD(E-n776{)X!K*&)3d;j~|t^yq?`5^T#ADKQHRR$MBYa|Kkn(Kg{jB zFx$MT_dj@BHOGH#|G87`Kc#$*j#SYs1DOK~Q10Ux%$v4!FkA>>^*dz0okmqx~T>Yh+$N|nC|74!u7H`px-#4k_ z_axqXTT(nxWX?aL?&m0F$BFS<<2CD;{fX-OV9&CgQ)Fmb)a`Ny0$eO_6KcjFH> zd(-u`TD%Xh-9M3koGQN=A9^_{Jm$RVzWok-3~zOxYL6_R-<Hyo=wsKg^uJF*m-oc;DanW?4S|Hf{U^ zYJ58Iws-jZK=X~t_sH_!wLX3i;Qe^3`8z4=$6u(8U!5AiQiAdKtmki~Eckui|7*vW z53|P?{OzQYUl~4(mxp=PzQc0cxeDKo-`MPr z&iOigE55<(^Da>BYr*&9Pcn~FzE^GM`S_AAlA=k=U#ap7@J;w#%>L|L{e!Z8{2ykY z7gzZLJ}|HOGAWMIe3kNL_*OiZ3v>N9-PcgH#uu2|pC?ql4&T(56r65z`Kj(tZGV}^ zpJDcSQ#Yi^@t=?H#ams+T!1h9+WPOrL3{;%TXXrQ``rq-fFiwR|MB&BtNB^A#(T}> z=jHxRt;4tfO}=G~x4KR}A78UDX?Y!c0lp-b6fbJ^KdZ)n5Ff_hsQIY_wH)7qeHp)R zlA_4G{qomU^REm)hJQrMKcLF5!Z&?uJ-&5oyw(2Mg0J|Fzq8Hdo9;W9kN4oM-Uly` z<^N575Z{Wg()xFZ>R$mT=Hae?N~QN9dc`0u3XF}E-8tz7@{VZ2kz@1*i|viu*C zmiOJZNdIF}@CagV|Hyw?<>%vTeok6`4zvK@j(=Y}j=!yrotF_@>O`xuN>z!|1ah1@V$7e&zV~Ah4G~2b=dj%di*h3`A4Yo7vS6R z$7%j3rh zq&Q96{wL+Ozs`v5K9sPYT&g@gQ^s`=dWm4o;i{Pmi@TICCP1KN#0#OzJ?Etlc@ z|HfD0$M9Eb?Y~sDzYbsXXHwj+&Ch$({A`isCz4__bNy2vlTV%h*Z4cl-t>It0=#D^ zDYnwy=M}5>d4tlYlHv;OeflNpeR{!xjIWUtKWXjzUbU|bU%xDA`Fv;?;-!b+2_5jw(lT5fq!1}^OY~C zWd9#a^4m+iK>Z!NnQDKT^sADV_wiKW3n#4K=hxvqlS%#gxBTqmY*Xide8vBgme1GD zmw7y2F<@%n)2e+7@ckkw7HIwZK=p4B-)c(<`8HMcZ&p@k>n}Kn{^704FT)q+r7S-O zs=}Ax57f5rzH0l{;VTMKmiHyL;A`+!e`n3d*W+){`rnl6KfZUJl;A5Ya{bGHT=_v+ z{<_xfFW|sckGGm%Wq6sl@>O^b-tzd5@5Kkqm0kP z>m2j(HRUPGMz5$R;0uZ>)CSs z%P(C|^&j6pDr$dsYyYjP{e$?{^HSn`&7ZA& z!C`Fw^HXAx*1v_Se`Wagi`aj)_SdTRSK$+vrNn<3zTEsD$jyIzx1af)XY%>Gs`En& zzW0ihsMg9qQk6d+KXy&Z^8LjEyyx1KI9@CN=xq7&Z|*^S)Aj$?_?Yh7&A&1`6teZ% z{kgb`@n~i~O=pGL-w#&Tjc4KuZ%tV~Z#oCxen(2w$pY8r^QIm&kn^z-pTK{qZI4gY z_LwL0cc#QSTK)_*o?SAJKT_-Oq1pbHky(TQyl=+)9!ptX-|xVCLn+Ja!#(%_ekXJLP3OG}{Qa80NBK&84F6Z(Ga=`BEj}Jji6^xDBiX#%FPrhc=l}or%T8V&eIX^* z)5fzvjb|S|(wP#wX}(PPl+3@Jvb^7*hzs%lSFGnlIX>_=z8W9ITU}>qz(*sTN3{0k zuGhE8@?TGhyR`ATU5$4q-oS(0{$%>Rpbz2bvYrnqybC{~&DUWyUyI}gz&BHtpI4RR z19+?br5Ydn8{dEr;a6+zA5;BnljXma5-T*nMEOppQ&9*TyIJd`dY!_U_;GU*_@M+VS#rb-ZlA2R=wyKHt|SeKckH{7$FzAM!p$ z8=rU7`1Ii&AEm^w*1tbg|5A8kf%W_JA}%m_KS>F@x%{cixY^@vIo^%8-2Q9wdzkZ6 zhm&l+0q-M!jyAq$sQK51k9^ACIhwCfz7rq&EF~^7m!EfDuK##PZ%W*v`5Tl^;e+^u z=6_edsG9bDo)TAT{!-=3@lpKsn$KNFs>VCMus)tP;Qe^3`rGjCFH>Tgx&L{Ss{T&A ztIzs;*|)|Et$pJvpTgU}vd$NAflvBx%=PE@sqrtz$G*1CSFiC_^*7)n3$62QYy4^2 z{5?s{-%h;oO-jgfi+aCtO1691`PH|^Tg}fD-u7)u#I*hMOSOL%aRD{*eaiCt8_MzC z{*?HSmhV^jYP@|Q^_SOi%Bi{m@4(+_9$)kO(5a6$W$&{6>EQK&|D;510V~$Nzsf&F z{oT@okN!6$G1Roe3Jo@Ts#o3!v~{XZ<%e_8&vY4JJ5sO_7#K<&>xcmsce=BM5u%k~f8UE8HC z@86ol2ewa(`^@t(|8CX4Qd#g0X|Ymk-%{1SN_>2$w76ZX|7O*`TD-R`E#B1fuc~}A z-qXlZV*k;~ ze^Hg+Ec5vLG@tw2tpo2pG%e<9{t1=u!N>8>XvepZI=&6y{YRw5e>Fd#{3PCebXuIP z^{-a-uXGOE_n5S3)BGLESK@8QvVUpq%YE)ti}&KKuB$iWEcG&?`aD6<3a zJ|Qi(GS^>y>(qB>6=s`}ohJ);UBzs+gEmiEvhzfiGl&nLoEGEecFOO!GO|M{*JjHp zI*H@KDQWSKby%U!H@m6pFy;7QE#+wEi{qAG4=z;4ixl2>AIDoQze?>-MW?WR?oW$DwEg7(wZD|(eGjI^ z!P}VX&)YJA|;wB`GO2E4Z`ZF#?W8{YLsS}f7pms0KP#M|FYTi#FKhxfge zw!Ggjh4@wZ>L2@tA9w279HCB zc}UHla=h=Ov{* zefS7|g*JY<>jx=(us3b__jS=}_|MappQDxIU0`le_-ViT8cQ`BFPR->r_%efapdX)&VtVdYc!NPk*9rft7=wf%}tr++_l zzSR7H^5uBjFKN-QweLH%{i^ZNU(@0)?f7xKI({_B@_$c@Pqgugs_|*V$MII5V|3!Z zf21ux2kgTK|4fTBwf3E=+Lyw|7V~~pJAd7*&R<2f9RHT2MOy2BBG-SseKak0*7gsF z+CQrCjxoH}e@CwWc-KT)T%v8CdbNGp@Bv#!+^Cg*tt!70A1}y=-L&&dnL5Ap;f)P4 zmfs_u!uvMNSU&GvbO!y~DD#)sYfIT?<@g}}BW--AzFJTEYP{Q?5l?IVe>~TJd~CCf z*j3B#sJ2fVK3<%$e4ersZ)}+ndujO@D&L2U;osqrg1i~46~#5`?${-wsJ93R;)V|kxU zwe%Gk%kR5r!21r&2&Q4KeR)$CaOC`H!-w#dW`9k#d)f12Cq9bj&sI}Dcb{n=-oPJb z_BZD8DZHaHBQ`gCZ_XF_ru?>MZ@N#m{Qu#r{~x|#jep);e%}0S1Ik#}hL6y`Q_bUl zWcK?jkIilbUL(h;i`OL%v7RT3@MHLowe9@A+Rmf+@T`m|*8IlG7oUwkG$TIIj#E)} zoSKQR@npm;TK)!=pM&o`Dr5OvQ6s+an2hE9$n(~CtNT&A@HN#L%k#h@eEYE(vBNY5 zOYH|!Upg$uZxkOsE+a0{&I9%8JWzZN<9ABN^10WU_`*{&qJy$j`FRgzx1%h74!#xt zj^^J`z7g*{EhB{HbJuC-$?{Lnh<&v7yVUr0$$V|b^0}QwGJj^q@_y)1d^=0{UTe6Q6XQ}xfp*IbveydPYGs11If9iI^?EG7V zZ^HY`-t=7fD83tS_4^XV7f}Bl8F97N{>xSSXW}dFWdAdle}Sq0cn|(*v(I~6jc=nY zA8++{_B?!eF5|D&f1Rqo3t!k~UH>9{3H}MK{;B&8vd4dXJAPR6f2j5q*Ry@@&WJtD z-t^qxOnejmJG0Nr-7h%@UvZE1_G!e|;9t=4z6;S+eP@#(^M|0`p8zxpD4Ki;bS zqq2Ow)&5s}A>{|H+dmWEkDsfx|2EbBIe5>#*5liVFS##c`MnzR@P+qhEboWy!dKw6 z>!NFZ1V(P(MbgjX?<8&hl&SeMiuXK_v3%aCm=Bnn@V99F%YBYK6Q97}rujgw|M;2* zGvZavcPihAAH(0I`RkOQC-V+vgYnDYB*?Q^O2&BQyO%UFKy zH3#30XE)3BFYjD6K8^SU{xZ!^9bmHk$5(_imfy?Sg>S+iuI1gT{6+XMzQXLM9+%9H z?GCrsS}v2zxWdN&*!b*f6bKsg^cjz^J2CA4pV<8&cS(u( z>0i!RUZ?KDx4x3GyiaKnzA%yz&D#5$Yt;LjQGESt%zthBHmL1ed@1AeR>tys&1T}8 z-p+_s+WZ?;^KTBm=G}~FoNgYU%hcx#jri^lGvX1geGjPi&BIqL$cS^b_MNHP*M)EW zJoA^|Q=2{h;m7*84xqK~Sk=B!S^n47zL<&Gw2=K@%m1YEGw~JQWGtWOnu8z1_iOX( zJ2gKW@!j8A=jX}#zsraP+W35+#-|JK{P*AN|I+`Ev3%ZORF;po`d*e|c8sxpt}|%$ zAEWA@iFf|Ybq=k6pQ`@N!S~~T)W&a-8ox$-`+v9&qU}GYsQqW2%*T2Eu9ZJ^0F&Fd z3t#cyjOFv(i|`4&)&4aq{cjm@m)5@9Rr`uBXZ{Xm#2cEAC_fWF_6OHdG;ddaj`V+8 zUq@@iClZX0*1z2M+Rej(hlV9L|WiR{zhc{zdrSWJY|bmEWVb&nUhrl@a@E z`I#zT%)qy&t@AVSo(#udZGO1b{FsApGBRQV%}-ap5nsQQ@zs1p`FZ%l&kN;Ov{&+?_r1|^Q_{_vtOlHKH zTKT7{^5@{2{+F@*oTX8Ekr8`q<^MyKKM&t-8xg~r|3mpMe0|=CSgQH7@{91Ef)TMy z^BLtw@y_WZ;tiqYxx=ud_-@W08cuFh( zF;#w}EPvw>%j4@jeBmY|;zzCiMXLTTeD7u>;zI5CQKya{i|{2|j)-@)`SYflKco0= ze5>YfRlfKt#;0V&@^h@2_%ZxEEuVYdc@Dm5s}aldbEC}Tx6=Aotok=k`fWz6-~Zz4 zOGm_|+W20m#&;3Ed)pEHKD+!D@;He zy^M44?K_W%q7BURW8Dqp0L%TW5#Q<>`OD`wq@RcH-i!8WMN+;0q5L5w~jf z->B+u#5Wy0V)@+2yfuCwbN{El)-5}JUHEqLR?kx}!k5e%vAjMpig)6zzIVL1iS2vn zh&Vv&|310?|^^RD6pG5Js%n$s3wC&fgw%<&A_v{hzUZJUf z`Q6#inaWr-2VZmgh<^T-_c_cenr@e4!as7JH}kp(ue)2WSbH2b-Otj2chruE<266^ z#WFJAgZJW{T03*!J28OwoiSqhdoPoCKYp%O{%vYIm0ri^g?OvuXeB;yrgi&j@e#aL z|C;fRvqnTfYyb6XoI7Osz7g?=ww)hP+qnmCs~ZugXzib^+CPAIR~kn@=4e^R~{A8Z&AJ8A9TPPM-oAG&NroUi$_mG8hC zSBzLbm)L`kTsc`QMbE#QSd;5!Y$$ze=^gw3+_hG$MZ2{4dH^ z;zPHLh}G+|0oKmn{4w=;d@VjOcSKyQ?T6>9{jgbh+B4%rU zryi^RPOZf|o*xl*t^N&E{mpp$OUw@~zn#i=$oy*~;xTQ0x2yTxgAd_KR^iTA%hA`a8G-@$78mEK7CpNv?3KW`=8{rQNPuI*pb)c#eAcYR@f zd}zk|@TY0@pQP&VkoA8vV)?xpJ^0vn%s;2O|6@)$K&7l2z(*!W#QIyC{W@E(^^>yv zEey-&J4?BM=-Ap2bG7liO^shAK3Hm4o(F63vF!}Y<4-f*=P<-N+W6Vj_;ujDI~c;P z&5r}s{OG~^cQM4n+WeiT=I;RB*v$~H(0#Rk=Dnci&m=yuyJ2}hVrhW(?O}*R&H1Uz zz}fMw#0T*{vp0RtQj3q_KhXR;s{UrYzuXWnY5fbU{&nDOdl}*aZT~(;?cY6kZ-rs` zIlzD{AAh6vKJ;4kK6DZvJIt`WAF%Xh?zgBi!~--VH-16Y{z|<2a6^2g`S+Bs#T$65 z&vBcjKf(|bT7HGfci>}38kW!3_DJtB#7|oOdzBx+2ahtu8=8+OKZ$o8ZHS$;`MsT* z-=(+EziPwsbNWiW<5zEWaPU67M?Eu)H6&79Yf)I*kUX^Wz+~e>dY}a}04_ zp4t1<_;=tPrx=#^vGmA%jkO=Z2Tn6YnYMpzulBD=eDEwobZYfKr|K_lq5g9W%lnxt z@kX5?-qXgnTa9lmK6oDO(|qnaPBY$pz9CZD_$*fA(}B0wGrn5;uFkfvj52%h{)-GT z+w6~8^L#*6_GQ`Q)F7`5HyC1izImLdspDk9ZTvlTnIU?$ar#(|QyJcKm0|h)I#u}o zs||6GmakCxI{eu6hUI;`E%>HpLxi+(cvOwUe3`$&u>79+1^AMHVfpUwLP^m7f%-+61n7v61HeqKEv--^Fqn@9Jk zdA302?=i$_+V(w3ZQnt>=Uzkq-8$3n@D$v^-^2G=`!amt{f6cD7*ye#9xyDQGpob* zK4^$j%=0vVw%X5HWcd#pme)h(<0~FzKhgTXIM;uf@A#YTFa2YN<@eJSa3RczKT<3I zP*r{zz6S5n{9(#h;al;1te88_<(;p59ljr*{Q^~W92{5oWwzkEpS33gtS z@L~LcW^Z~9a6Z2GZ~Ov$;&1#QzHotI`91XocX50r|G2h)KCJf7GJMmghUMq|RroM| zM9UAWe4WgHPXDy=-&c))3%>me>-~4W^j{j5_f0Rrm-JcZ2c`dt`K#5xMAcu=M*qJy z#3q_AQoc<3h1T=C3SSsAEI$vb!&iK3SU%U(f-m{b_&@Bue|%ii_WwVfq;1+xYfz*F z!wrH_Q~DzarW&*if+8rLl2*!Kkh(=NuBc!zD2gB|C*L|MUzCX7Z3sg;CBw6QpbU-;jy*@razRJNXf3#?S@Otos zx&PV=^K%`y|4Gjq!ApMDpJ%p$_kwHRe+*vnFU-$M`DYc%4_^CAl3iM2F5g9R{w=-* z^KT!{6P5Zc?1wA|Uzbj@Wh2e@e>Ki;_<2}0c*Ss%xyG6JvDc0YizhY5^9wFMPX!Rq zH8RDXP||rswqqE)ZFEZe{7n=*G&ZHZ-id*G$ECFU+7jSSM@su1OvkM@TMM}Ed#-Nq zwh1ZieFqce|8!UvmIF4nB6Qsh<>$l*h3!c-Jl|=1}^_ zXxTra;2nQSv7eOkeJ9Ho1CQ*M(tfWl0Uq2v#a>plhW>+k8=CTDfXL^{x3597`SKO6njmn zpOry#zZ6@dv`3&+VY z_g|S}BNV<-=06G^IxxjnDdoSvP=0XdK`9ng%731;Pk{TYQrdls4qRY#fp4YQkC*mt z&JRwpo0a@E70M6p^`^A%xeS1Zz~4~vU)Yxs2KUU=&o5E%n!{4s`?fJ~XLX8oEB?Qb z^^*Ya0>|Z`ss9%CZ8~s6+k3cvesY8REw~Rn1b&3#f2K@70N!R{9|rHTu#bY* z<6_`(@RODFkC*8uz+Fe`+sA>0K0o+)v;Azt+&Is6gV%tsH*EWW=j@dBd#C~M z4)6ob_NMQ>gu&zBGtGQiA^j-#KPRQ#Hyi`E9hK7F*G_=f9G%jh2RZJ7e_u+wFT@S* zIY!TY;5EmlwCkk-@GkIA&E+%g8xMm=j!Us~mFuj9@;WOD9zQX~epkj{R*t_Ic*n^p zwxhyJB~Nf(n__bn|Hn!Hj=PbuGg8{?d^dP-eu}xqAf7x=+(F)N@o`>{-| zh5oz@JPy9UnVYWLo55|@puUv+zc2H@7QF3R^cS3wM3+`ciTUANc>?g5`-wht8Y zS9TBjGx&*SZa>zDz>oJ;;1LV^dEjjp_RGMN;0qN0^Q8Y~aPM_`zLuvC?ljvUUC4ho zc*ufp1P@y9vU@QfTJS3H8Vf!Toag^AbN)>CkCuU3rQb~H>+IKpTb3W(viyINe%XDZ z{JQk3z^&4s2X2-AGH}cCQ~J90T?<}gQUBfGR`tK}Ptq@I{*&^9Tb3W3mw&do{q2Qy z!)4%Y7Wr=mZ?Wh(XBa9zp(e={JM7fa}s< z`zO4c_$YJ!#p$>xKc%nZWi6upbi4|jw;x|tlIKHWcpLubf%E>Ojg(9HvP zUZ2vg3oZkXgX`>@!M#l>?Q`a9xjpzZO8SNU9o^u;8&cZu3T*^$yD_ER$6U4w^>b5- ztyBEJCC^W)z~kWk3jdGf^T0d8DR#NS#RU(qpJm{#oAuYL&D=k@U$N&KDaHBmT5f-f zzJ9yGli*(}_J!vxHiEa^it7o5XQlr#G<+n2@izhyc|C4XyV{?>AP@QW2*cuuC9+uxbe?myTF?!7Ce{r+rO zE5_%_ly)C(6}a!ukf7tGVr$hQri30&73!s0Iu-yNFA?N{lq*O!6U zJe*>a&Gw6pY%AHP-L-p4UNDfZ7x`+4B;CsS;ZV!uGv?=o;tG^Krxxta5)^vCbD z;5FcHEB*`b)9MDdJ&pNIX}?=#`)vddJ(FS!74Db3>@k$T4eP0j|H5~*s=$NK>iIly z=W{9cj$;2tq5R+-;JW_P%>6%~Vr|86Alv6jxn8jr+}56AbxQrum-XKbUh@i$FGXhi zi{yIuM)0;*Q_OBIzx{Wazp~YsUtYs{w&LF@{a10`f%SN$eBVj?dEmh}^n4k(_f1^i zD*oq5|IOf$&J^oY{Qq0}U(5Z!jrud^zvy+@e%;`%f9S{eMsPp4Zhv0c}_Y@y_}V$2hr zh*$YxiansDbB|1?2fY2G6x)XzXGY}t-=;O+60c7H%4_y+Lu5_9@H%lnh9;Jv*m)&eZ^Z@*9WgHE3Qzf#)o ztoMLd{+eRFO8xvG>!2Lb;usZP7;8!XB3*TRD z!0AZ;y&$nIs@Py@Qe5YyYwHB_u0eXkuCeQ z>(5c}wypZu_b`|C_OE3-#lS;b_i4|E65w(0K4m`qx10|hPhmdZu1|YC<_7NqU#HaH zTeALq;Gs!@3hKgZLUugdyZ?I;s3I#KSoc7um@?PKpK<$FVx&j;=)@6+yc z3xEfA?_;kj^F+IxC&J*)J^QrxFQVZ7z53X@ihZZFk8%5b`n1oBB)}t+``BWo{B?!$ z<3cJ9{vV}$|B~f%gSUD5wEGx+{6cJh)URS+cy2fV9-7*xeScq=`v=!u4@SYA)B4yl zCI8|Dfkyj-2f=Y!Z))FrW%&}|N${%`E*3<%y`v513)B0w@AYtlcYvR-*oy-RxA%cN zXXxz%;306GeHgq8{4~YCSa9L~quhUGpLYL54BP{LmQw$P@2ezu`UmuBzccQ57Ucui zwVxZ@dr+VDeufXc2K+81|F_Bd4}f=pPaKN~a{k+*u>XPc!~3-F)r)ffN9cKs+k>N- z3;s>ddnCa9M`Hd}xVYhAwEuG`Kloy${^|<-AKW=dZ|?&Sf{$0mXNer20dW7(ecJPY zFn9=DH$O$eZN5JCS7rXbSkB)u?*F(x_J&fvwX*&b;Le&pc7ejh1(#9&=V1^2&ICk| z?eoS2?tpVQxO0A=b|01xyvEo-j}UtUl&7+h1Xri}@cs z1pcd1{+|lv=jku%(_T*|xPJ@oScCSn;BN2`c$<>{CuRTefjjH<{U-qKU);xrmHsgx z`$rhu8|c&SV~c_Z&qx1I&QETa=O;1nAF}=v;PFfPSjb$zrti=?UO@T{ zeXPrDU-Z5#pBp^6q>uew;V(+=1CRVw??1rp!9P{X|6!s0;BA-pY4=e^!Q;#N7!Kow z{%Kz=%NGL=UTM+)!ChDN>EHkUBGSLQj~%HT{|_r1|H0$e^=Y4%@qvey_i4X35dg2b zv5)|^}0SdL%&Dp@}X@GfwlQvXNF z`ggnpyOo%~l<`#}$Cn#Cd2b(kPqBYn+WWv;?(bu7jW(rU^qPE*A^=|VNT2q-Y+-Q! zqkZfX#s3G=e-zyHcptk$slQ8Q{l&mTPxP^al<_fLj*kR*%QJoKKBax{lI`nghyNG* zwBOTlgZsfFO8Pg+^nKu6FZF5Pn-&0%v}1l#><^OmVeqz>``EQg`&}j5FADB@rH_51 z@Gm8gfycpdS#N6phb2#d2mjv3wpQwQf~;Q$7FvU^>gQ)Sc*|>jEU8@o{93sF;r8qL zwENEj;2rPwv38~ZJ}>)k7~KC!ADgD+&m;2}1rM#)kB=C55`2oe{HFa332^6Uee6v$ zx4$au$MFjC2R=bbe~e7u4c_)eA6uY|k9l%@_`q#n_38J2fqTIBGpBF5z6pcZfWK$v z_P1sJqTGKs`nQ>zo)d_HyTGqAb9-TbTLL@+exAY?N&k+&qyK=Psqj-JcZ0jW?qhz1 z7w$*+!2RI5_b~*(gWu@=hr!#xahY!FzmLlFqu}0e_2(Zk@KC&ujaAkQN6PiW1W&(5 zfBoTDi~bEh&VMeYN628{C`@Q$7OwfkXw;I^InweQ^wfIGq8Q^x<>h4Ih*yZW`? z6N+;CUHY}(4~&7w!M9h&*EVu|B{<)+U%Niwcop@#SHJc-7dN;cyiUpge3^eAc-!9n z+V}nhz&-AM?S7vycnJJRWqchb$5)j5-?v}8KQIO!2fsl%{xr(tPXfGVM!)ucxC0B_ zLGTN=GPnP^TgmnZ@0ioCyfm&UpRgj)+eIiwqyFW z`}1Sq&g1&o-^Q8ji>{Qi^AjfY2+<8vF_WU#qZmaKS4=L^6Txfsr$a(tukAVjR{mib6|KFv30^A?$*S>ez z(ShUlMg8nf#XchE4>x$trTwf&IX-+Vj}Ja@*Jb@|CkM(Qub(E#b>sl&*P(uu@l$xO zP8dACyq{g7l>Y*m|0uZk#(uV?lD01sL4FnGj* zN5NYxcnrMFf+xT`EV$zxw7&&+gU2nn4?JnX1K_qNEZQI3X~Co5E(;z5_gL@*xYvR^ z{(<(l;BIig1^0mmEqDMtWWmGW5eps#Z?WJp@HPvc0PnEij&*2%3+@JwTW}wE(t-!T zZBJUXKe*F^N5NedJO=Ku;0bWA1$VrQ_P5|}aK8ojfd?&k06b*D!{8AM9tCf);4$zv z3!VV)u;7mO(Eb+O4Ia1PKJcUk4}jaE7VQu2wBS*2mj#c3dn|YY+-t!d@1y-KxEtJW z!F}LC3myOuS@1A;#DYh`TP%1Cyv>3qz&k9sBZl_3;BN4^1^0m`EqDOj_LN2YgF7vF z6x?OOW8fYOo&fh+aK{H|e+%vg_giouc+i3ez(W>13?8xIQScV<22`UwKek^euP_q@C10of;&D!{aSE0 zc$)?Hfp=K&0C<-L4}-@ocoaNo!DHaIXDr$u+-bobU1)y`?gsZ*a38qWf(O8BEO;2) zZ^5JBK?@!O4_WX8c*KG`K1Tana5s3H1^0n>SnvRNmjw@l$1QjiJPCe+GX9S#jDK)X zTfhGO7vQ#M``KU2_GcEZuN|MDe}MbU+*qwHdc^&oKjA*&kDBf656SusfO}um&tGBi5O_|pFT4*m z3hsZYUweNy2A%{z#B49N*&6vzfIHju-0=n4AAHdWIFRet3*`MBH+bmfes-_fzx_^G zJ|DR4m45Ah?*MobT(^HD3?5nAumAo#cpMzXDCE!nu}nV(-tsEekCpsCAoHI9_q^WE z&Mh+87cG?Q>y8a5-<$nxXS4s)OzltndNa5GO{VVyPs08Vh2J8106h3szxH{ZFnC*M zKl7UH&HJCgyTDI0bJO$qF>vSG{o40bCb)la-FJ^1U!s2g(a&(1Y^vW*nSVEU930hX z;-5(F18-T^&t6vQe~qmF0J!%(+@DkI8>M|1ybb*IVw3-(SB(1;Au^WK+SjU-q*P zlya_<<(vz?`m28CSNQ3YH-Ptc>+gfC0I&EO_oPFA8R+)&m4K5XD)c}_qb1~_%D3ty#YM? zLq97UX|~@^?$cSpd2he=`>AWdXa9oxxQhS6_j}fZ*Z->Tr)lttL_g!FTZR7dfvmrY z-N-+@2k5THkSk~_vp8kk5J4z|v;j(<|!ApzM+Ic1o-UME3wzo4`{}aDK z`xK|yNlO2&k^Orrc>AcdcAwo`@Y$o&?3Arc{j2B%xsRX$ylGOJeXPuLF?k<$1-IWR z&E_lVpC;2^!|h#ZHbWUd`^oXM9(?s~Y4(s(zs<6IY4FP3)9fm9`HL=-^*8Zbw9g)C z?f94qUR$BJp9|i;r{2B+eCb|kHmH=ZPnK^5_rFh?-KMmExX}LK8$4<4KAH946;smM z`|N4(-u?9U6XU3#{nP9VC4ZmD{7nVVPD`@|O8w1~^*0xM_KY+;Q5pZo7REn#)4^#L zci0N^PtjL$pTG)ke^i=1rKG=FroRS!gD=fKQ|hNn*3WwIl{IO$h0?#q%KnuGZsvX#rh?aBmu9ai_5ZT0|GD5LH>9=S$7=weeN&pw>8bqQO3_%a{NpMuXsGI-N!eV+dq-kzVEjIy#2|v z_WPkL!0V%Ef2Dq|H|nPxMP9@GKb!v3^Wbj8i$9lUk1GA(A=wW$f(O^6weOoP`w{2s zFQFeP<7})PXI0>y*VD|d^poGE|9Rl9H`45Or5rcQc3uYF@=jX2AFmm_1N<(<|824# zt_AnLo7TSfxEnn9URwLU){Wqi_tV<<^_BgE>#10pjVLzvvyHN!RDs*N((H5ug>iVY z97prOz2Ju``9DzRe;K&{lQer~tjWIU3Hdx!GkCH)&0I?R?I7!SE$3gSnNR7*N6P$l zgS)=d=WioVA3Uq%zwq2|+0V%T_i63-SE@MwA+3ELXdZZ|C#`+|$TDvKBl^dV=JMaX zV}71*2Jf&BFrQNXBMapRPZkZZtrb2&@@~$H2ekXqHiCyn4``onFY879lnk(Al=hn~ z+ph{dGIoF+q8!H$kjL?P;BDIuu-laUg=PMhfqO~^wC^2n=6uqC_PZEsx&Q44wC@+{ z25$ksM`_;`vVU#_ckM8seIB#yU%1`|pJKKT80N-txC%T7u6wWlJaB*60GnsFx1S=@ zUk2U+ex1S#`_-GlojVR__tUNgkMA_V&KL;?a=ofn&M)2IuJQpkO{ss6tpAPR-rWYY z&kL6Qg5eFmmD2v>3+>PO9s{giN&jq_{ycEkJ_BqwW&Uu<g+)qwW>8)d(ueGVSbeqXQ( zJPv-8lK$Z`{dwTdLk6_ZyDkIwgY)4d+fUqXG5S|Ccn$b5W^SJ?{jUWNfzMHRwdCF4 zZ5DhZcpUr$#lCPqsVsr^J9I$1-c|+fx8U=@TfouH3gxr+82KxQY8iOYJHS3R_s`ka z78P|GU6flH_0WoV6^9M58RYz7+mG5BZh`QQj4ZxB8fY z&3@mN`&k2CQ8S=^|GBUZ_${wJexBKlc(xM;*fr*I6)h`_fAHXm1MEeGKP!3Jf6#wV z8qj_pstUa2lmRvY$;kdY$7o)ozUF~Pz|T?Y<19J;mVw7l9bm62>9@=Do54e;53v15 zoBS6|md`V+1#dZPfDIL!d0Ngd-Q5110k+))GvCU1o|o6-M$VTEsQdA$-R*saa+Lpu z^U+HOShbSRLuEdz!B_rufL%1koK8SK7gh(J4Gpl>C1(DxJdbPyZ@K~Vq~hNt{kL-e zH{v)7b6L;!u#rLD&Yj?;H(?%E>fs4l4?W*}uD>?cAqc5wGh3{qZUW9(r&i75B~ zwElcF25x&s?>_|Z=SEZQGD2tHFe zU#*hos}3wEwY)dL+)DZOkmYlOw|y|cZZZ3}-yrkv19yEmz^at?n<3jT0Pg*KKzqFz z=JsCWEF>b#B*9!{&m*ffXB={o=Z;{-Q!T9=efHf)nTFKqu zN$``Dd9p^%lRj|IR|DGT0|VgB?g5r?AOU&3^0T~N41>pe(SMcp*;}?xl&Ami0rrV< zocll?=VIV(eFLmp;a^Ce01plh=%0TcMEzxvKc)OX7s?Nw1m9ID|Bi+7gWHC2KCSR$ zBoBalbNci3FnG{{N5NYxcnrMDf+xUj8wa%SYj$8E!~=e?lK)DXe>Zr|?*lBX)X(*@ zeth5^;JWY71^7Y>(_asTxqtALivK&L|0sADI8J8@{m1@`BXHMV&Mh&Y;94fv5t`3{rii-L#1 z4>5Do{+1Yciv>@BcYuGbly8G9pJN#QOEcQ{&AP!|lQQgci|3$%_J7u)rS&V_Zz;*90N`MD<&afxU^=E%X)~|yf7+w1G z-QeC`GVIXth$rW-1IKd*{5;$T?w_1tE0p@VRn|`cJnqTp-+#c6Q`#}{$t=taDEyj%V+vNSAzSWo>AYEX#c6u{=cJs zW@OlH%J>M&@!WudNg$eLD_z_C|%q*1u4~(zFGur)=Ztxm#9m|?|=J(Kn4 zV5pdrGTQsvZt$9uGi;_(|5ei72Oc^lqkaEY06YS|L9zc-+K0LSQ}zC%-2Z7A?S0D_ zxcBr7+g&N&F0y_S-2WN+@$ImUu({66X!nP^!9C!AQ~J-9vj6zNTfoOE7XXjU z&#(%!{n>^2C(P}^*N#I3IlsPCc>W#Sd!By&ihUaf5Sv-Tdhz`@PKe3k&57fIHz|XCDT4f!8bbcebp*D0ncKVWXAtW0&J6 z2JUajutya87HOXVPcG5VzYhK)=u0iyAKVH4wbH*f$o}O6?^>E+)e1jU@&NaLMTS)= z?K4BRPZ->FRfb)u@THPR!9&+%wCnvbaR1-*^JfA)crEHz$zS0;#STnt9oOObuGC*) zU!5B~zC6ReQR@FoS^qxpmYXu#`!xaZ;LSMxDE@yk+NT_SCJgSqHKV@&gs%_ZEcy`d zR%Q6N2JzYv&&?J2adJ+fpREU92foJ4?avqyxP2PDK9XVID*5=Q>?aekF|6YDjP}0B zRPYVpk1OreD%)u;c>P@&wn(X`1+tzRz}xT5u%{LK$EE!W@YxS!*qMs`snUK8c+;v3 zYf;K~pDf>c@REl!+UwLb_uq${N4CL#-C?u~_ z=Ylsqm0>Ft|943L4d5luW|(fha0Phwxr}yy-x~0WH5u(X(t7Yp@B@_er^@ux;I%Jh z*nEYbCi%osBWx>Q$*_Brak4^=$NjRL%fMScMm;I~CCQt?y`N^-80CDl z*f<~M^Tk?l&zBjtli42gMbSi22A(ZG-g^+Q;-9!KQ2bmb&ufcIP~Y(kdq(LGPssjI z4qn=mVON{eDY{(dvl@Kqj~VTA3w7Y@z^_#L!&2EF8o?`m!EuXcI6t23g>|V`@OE&I znTusfqkNs*Klo!x{#VKT_kh>_M}OW?JO=X>I8F~u=?}^Iq#S(qZyENi!lRN`gZF~# z*6r%RS0*!TSgF4OS$~b-OZzfxM}?P4-pYAD?3MHj@0IEVuT5vzBxSrzl;fp`^9-&F zly%A7<+@}sPT1=Iz<4nGUuqQ3sNZt%Ch&Di`@JRGuNu6vXi)p!&N}eb;FV_o;;}%( ze&w{U3_`|aPJHeZZ2es$zJ>VNg4rGX|mH$t8 z^`G!M;?vCjg9ZPM;1x(;x6h{)ymri>cE5Qi_)2iyx^NG8FZiA2^z9K@f5rGfMg3U4 zeK~kLxX!*BymH*2cArxncouw>lK%ZN{YLO6#~}Ma;p-%C<^IPHvQ~vZD0wINI&j@S zj2@mo_#(xAfwV8ig9fuF46=a2#R(OkKg+>ag6r(7!Fw(2>%c3w(AzhHH-UT2>6`AG zwSun(pK9jfv41iDfv*GC^{*cAUhoUd_V&ev@=rkioP%tJnO|&RG5*18!FA)e8hk1E zKg{;_H>LkN@QN)5wf7wx!8d^KXSP4TkbWz87W{TIr;}pdKAk-Mtp>Hv9rtkm;JS6| zVr&$iz4f5>e7YRG7W@V!{YF{7YVdX7Hz|C%41N7ogSUgb&G|Q7kJf>& z0}m+v&yoHc!AlPqWc6ly``NPnTEXkVUs3oAl6Qia95|>wf9m1=$O&G1jhWw)2|+67n=Rs&z1Gl!_x=XjgR7q7+;6$?aRT}f$Q>L4c=>E zUk6@!#31`jslP5+e~sYTBlYRGg3q2k$evTm_mnJOCr=+-TYjGYoI&=yV*j+XFWv_A z1FqZmP!3*k)F8t)qC)-Kf0g#t;92kiW&Tde`MZw$KTd!AY~=Rf&nWftgsh)d@TTJj zwa;aD5`SIE-zzeIJ>V55=Vnk3V2<@}UE?Q;&D;I*}b+V8gXfNwZeKR*_42mhy|ew6ZU zFVipQeBPk;Igx7c?3shw>(@H)rul+<$10ty7MF zZxxPz;H$62@k7b~RGI%C@O6!Y+V5Bv;_RR{a4by zhx-RVSK$jKFP?Aw}c;xQcml=6#( zHskom(+Ag`pZ9S8;Fl@(h5ez$_+VS*>Ot+kv2yTw@J7YH@IHcS@D1R{E9Lje`mX~o zePWOur`R7Q+piIPHux+vH|<+%1z!qYqSQ~3te;Ns`skqcyM8^~{;5IjdU!EDfZ6`^ zp!T~P<=_?1V0Rm|`J)xQrqC>#KF( zy>AY({mto%*A9vKAH3wPK^Ac!f;_*wN$!hl1z-BnAUn%!Z$CqpuM>P7_?}AtE9@KS z0pHLysC`bX7z@Z7KF0c&VqbX9uAK8vF#eSKIY!n`HF)Xg`u3>;3Yp`ep2omC*^(P9`N4(46+b>N&lwz zp%ml5Kl?X5F9%-@9#HHH>qFJxS#aI_PzPS09MnGN)d;=;T(`d2%I#BwtX4_?#6tUn zuLjp$KlOlT!T+k*iv=EDzr|?y+P*`FQs~Wr)+^e)t;ry@; zyd;g|tHMp|-`svczy8$9?KArN>jYnF!F#xW@G0i}2aM`7%2&J#{0|OlzvEsG-UL2i zwznr`{a1t6X9u#9eAw;Z{+?hcq@1o z{BKJ7g?%TT;PoY0cDcfr$oA<0Uk84z!VBM(D*g-VcTAQoQMg#3=jAI0UkQG{!dFWF z)!?OL_4QK+z7+gQ#a`TC;r<)JH-IlxxY(G-c`JCuxUBZOm7U=A7Q6?1HMp+*ip$Y{ zj;!{(Naf(Q;LDW!72a1<4c>0S>%dFL>+KuCmx6~B|6&2$C_nfH@GBI4sjUA_@X85U z?Y`e0@OBGcyc_Jd(A$@Tw}U^Rq<@c*emQj2+}@d0->1X(Z44VxxRo)_1Q5@)WtKh7 z75U?w{c%~2FnAkyqcTrkEst|iZohSwwJG*bO8XeM2R~Keb0trJC&9gDZo1Fl*d6z? zCuX(py>Nqjw$19F{{c^e>yCo~aQ}8$?K*!LJOqBda-RD)d7c~P{wHO%_c3DN-tDv6 z<6r_j0(34D+##zyPWr$-;JV{*06b)2ALi+UW1F_Af23vl zQEp$R&wmU&0`4-~pKh2N{VzdWcb~{nf&K$~-8|(6ckY;FA1dwhu52G4c*oA@-%9^2 zoTmlAYj(jrtei()CC?+n+`c@kfBp+R3GOqO&vc(S2JYG|tG$j&@btlPI#{S*(>jv_ zC(t#!XE(e5m5*~bcm!OzkH*J&ov34;Exram7x6YAp7MT|nrlagN8LQ~mf~BBipCgA z7d*PrE{%x4Zf||PwSw2~lVz_c*9R}i>w`}4>;YN!qH_N5tUQ0{0bh9t&L4P!`FTfN zzKZi7-1u1s{*9U2zm)y19K7k!EW1(R*GXOto&|qcsn^1LC+oQV%q+W8;So8nHG-GS z%Cbil{|`z3t>7!cb>pfNycfJqu`fJ#*8^Tzon`#-7g>IKz?Zjc@!mK-9iCO+_r=>) z+=Av-Mm@O^uM6?s=Zbti+TStq$^H1iLq}xQ=XeXxWpBj`%#UXch}U#vmN}JiG)|7A z72r$f=+9@?fNuc5z1WnGqMK!VuLrL^Hp@;{>ic+E-)Zob$6+2;_&$8o<}h&uYJewF11vkN$+>73%o`*&o(` zuLQqS;f4JS>%mJGWVP%0Y4CdRTNL{nr2mQgAphVamGaqS`KE%eTbO0%E4*Ivx!|Se zX0`jg8@T`TvTO%)`r@@YMn79Yyi=+F*Jb^$0dG1#%U(0v+g~>F&*z`@;1w5SS%cZ$ zJpYJWgWOt-f81DHdLimtDbE8&dCC!|9K56=1?ec;Y#vg`|Uy%&8V+bsaz)t1%1 zA2Kr2VeP3 zR{MU$GV5hoz({LrQk;^^>c)* zpB3P%|Aq5xWxZsETrXJzzV0_%$2iU9KgcP|58lhNtW>ezTH2>MA33DmuQPFf)X%6P zHl*BdPs{u5Q^6}I3~9&7T=1pfKPvSbm-X8KK6}d{b`i2K+s`f*qMHOg_)S|N!*U!h-y+`+=Yjhx zhgd*4UYsM3tINRKs)m?y-=3d$imffO9$FD^_Q6BidAk!l3x23lj>2;*J>aE>qQ1Gu zd_K+lKc}NTz&}#j>pj^Y%E4#P8e(>3Jp3-lQ#E+yQA6w?CH?8L9_zqsj~-$NE90?J z+BbqPJ$^`g|Ed+d=>+|F>g4`U8e+dG{rwl&-+RC-YB%X`MTP5+;u#okr|SDbIe5kC z`u<)GUNUcpy`j|KT3LT};O+B=*mR|zPLchz5qv}45OXQ{-$CZTmGebIY=h$eQ|Z4G zeC4@A>_nyhkCpY`!|l%-(!LM1xDxYeV2H(({_ziaUQiCc^!y?AkmA2t`mY8rxp0W> zsN}y?=D&{fi-xq{O=tvf0zXAb{{)$SEBHF_gu;K8yc2xo#Y5WXPJ6ijONO-HRWCjO zbU>E4zUXr`*WpzBY6E~`uV;Uy#4YawpOu! zN!oXU*IqfqUQ+mTlJ|gTuO4D^mG(PMwqNmq7{AvHu}_rqr4Qu!QaO0`#v$$caW#1D zO+!p~y;28Wa`O;dsN~Nt^Vi7jZynm~bNl>w(F(pgGQ|gKn*H_)({yX*lec-{n^gI9_x?9h~;E|O>45#UZ zdAevX*-laLmV1UayN+R$pZmXeNc;R~0=(uA?)CcbTW{6>VsZf7>onR-U3AmM!&j!RR{dP$E z9*`B_tHE{e?OX$1@%@nYd4l!e8^9kk=c8zq><4M^`ko=}dgnx(NLBoZlD14ZyHM#vYhh}&)+x1aQH3MN6~&VAIrc){WvdB_!P;T!CTTp%x32H zoa~Qlx&6S9_Ioqk;I6?THnrHC{=Ra(Vk5XWH^jD4#=BFF_cAZIZCHEXuL`^cT(@pJ z58N|iSo^)BW#C=*VdhiTbB>hjInCgqX<-BLIJnvZx?wT;nDwY1ezwGbb;9lo2 zo28WhkV5&vgA<2YKq>z@h4Rltf1fnWnBsp}`mX|SDH~STjqM-E_L&Fn-*K2-#e0N2 z@4ig(W!yjb>*n??dZp0*+x-%`?lO{TvQJh;oScHev1 zVYog4KVM0|Ugoa~-1e7YHbJ=#A0w~B=Yc2p8`eI@yNvsvHq7=^+NWH$PcwMO0mIt! zjD`2SA& zuLAeZ9@aiLGY`CG&M-Smu|GrFF9UBm8s%5=SJ=1J4BqA&W=AR4O^3_trnTVl6NWeY zTpFLJy1_jsqJNv)pI={|Wpn|qHRj{uYMkFA-u6m9w~_fQ=lrB$cDcfrNL~%T;gn(R z_jc;QYfl~4@Biff!Ot+~(_Sn4X)Aa;_<_neohHX=Cr|%O{XEqJUO9i5EmiV=iOhfT z;W)ovFwE{z{I8Jy%fU;}8DU60HbvoX$y>pjE+1ySO8P&@^gF?8uNr2@D)l!<)?W{|2cMzzqy1z*Dn0`FYaG_@ zUoHn4(FY{LizV7B>Rj7Uh>YccK>|w9Q1$ihn4ad z?l+c$SN>y|B^Cd_%KTM>m%NMPv@(AjDd&$mZvWvh+g;(iNZtrO`%@ezl=Gl7?;Y1Nak4|9(XF?@sQ&AN@<2KP%<@ z*#q7*FwFK*#%F~bpT)Qlv2tjb<&^woWd6#*m*&vFl=9Wc@>PSk|1qq6KD`cnHXCNw zDgHy!e%P;`1D+j~)802M#tG)S(K+q?gmUoqlAQke zA8rp`s+6zrUb;HY$K;!KgpVPh1NZNrV>>AJ+e-TY=Tmd+afP=^9_Hy!%W0p(i-LDe*Y}SYc-xE|J5OoJrsVP z76y-ab8L*_zgX5!6g)IDr#()_xPS2bmE(M2pLzn^dl>3p;jM-8pMd%We?sApNbUyr z&&p}n6MW##>KwaB$$voRKL8#)Jf}U63WIx(#5`(Ff02>Aah@Foud(1Ua6kCzW_!EX zSjFo%0p0?xTd#892AXGfPWzmm8{7}B%byQC2>yst{=)kg1N;WvQ913ti7soc8`TS} zdg(s^-f_I1hrvT9V*XXy?^N0UqTC+*SY`g4Bj?W;c=F_&_Iox7@JOxxJjQ_wh!*fk z%6Z~Md7kLzd|pob{$U?@8@TQ{=>T{KxbC~YVQxQP??1}z!FBu7W8faYetu4X$H8w? z>NhOw*KsoX&w?ELSm80r-QcdXa_k3%e-F|AZogP>pWycAVg6I{*DCYpI0f_91-Z?xr}6p24ekejNh$wxh4O>j zF3f57rw712;O{Eed7bh)FAN_4EBd$Mzp#!I1$QpZY4`WVIKM2%7AW@fWd0K1e(+}$ z{)FU?TC^YdSqd*aXX*y`UXJ`Lyi?lyxIOq!3ja>>0C>k0Iqm()Fu3!|oOZoD3LXT% zPw{`3^dIBtgX_je0^EO9ZnMwv@b-0_iuwnCS@FL{`geneuEzPV(tnujpFZ&5H92;x zGC$oY=cfSo-ZExN%&P5SonfycqunbWtwCF?H$9=SoEewe3!V@`X&C<@+n6S(64 zMd?2V9t`KS&(S8pZ8zt%?=f>=0mKEqQSo2+o}imAklcd$QQG$m*}gvTn%i(4uh=h? z`3r!zfa}^P4BiI5quE|8gNySY;{P&p`ko%|zcKL8?RxtJ@n*&TZkay^zi_w%*9S`b zFPHt#4IW&fU#IYacigQnUjV!doGHiGVR?KFgSR#3*c_#PtBv~Q*TGTn_=7pN)|`Lb zccoVwbFEQN>k)5h3$Evt_3jCv2apT|TjWR^abV_PcY+#!z>Q#pS;$M$m| zLAl<#k9;0yE_me&IrgEl9`LSQ4`=}IeMNs9TLC_MZH|4aw8Mw89oB%CyoTeD!k?3T zJ^1R^bL>DR|I=jt)8Omg(D(C+XTttXT*oNwbdYSPso?A0$+1<6|NEu?x!|?$=Cu3C z8o*25LqAaJXIR$H3h>^Ka_lqSp!xc>cgcRb27GlF&O?;)e^V$w_|i{u>>#uKrG~lD zKhoeU!EZ8i`*I^fHFOi_BY&Uf#6E|^COB`kA2y-%mZHNaxNa^!Y(hnN*ftR7$4~yt^MOCa>kO9Ky(e3Zf$DSU^*&nf(g z!VHC@CQ|Hm6A8Gn6FVcsks?X^z@|A@lxD73E^`fVxP zl|m1NvnV{7!XSlLQg{P}cT(6&;VTrbr|?G#vlNd0Or*O5g?mwWEQNjwucGi~3Lm5J zWeQ^yeof&3g%ds({&%8qKMK7R)=_vBg?CZ7io)k9e3!z{Dg24TVG2vW5b5kiVI_st z6xL99DuoLvyoACKg|}1q2!$_G_%4MTDC}Cr&-4n%qkKERIM#Ry!B%_L$%g6-3U8+R zeuCuR?iBn&lDiiOxs$?D(qC}4&}T^h8-*tlpGo2SzlwC1Cq#HK>Cb;f*ndQJ!$X3P zAiuXzyhh^JQ+OkVH&Ym)@D2)3TQ2-wLiXprDCDC_eq*7K_a%AD(IVY{*9rYk3{8O~wBcxwUcK&yT{s@xe#J3CxKcA62o%r|jg}%H?*nL9$UeX^&@$&5@!ldzP zT73QO^;wjUi(V3b{zloWc!Xi1UNZm$%$2^rwo@d#ebW-V))tStATJPM&GQ zuWPHbjj-{HyNz(+2OsdzHNVAv7{cC5XV2i_sukOxkI?&Lvu72;$WEPWKSwxq_kr^q zvuvUGjLY7dIm_0v;kr|%UOLOR?$~qAf8)tnwu5i;_tbtj%Nu@S>5k8ABL)|oZH0gQ z_e{HJ&zot!6xzc7RrqrR{^id{Jajy+q2oe6jF23><0!-U-ye(m ze_?$8PVqu_8>_1}|6L;NpwLD7`29lP_J9a$9u{FTO7R~Rq5nw{wmnVqvmy*q7=K>K zEiZ`B`LPH)eiWhqCpE13O~_qI5eD}c`L}u0Fu6)_Z=VQj?iC>~EC2cLBzp=wD0EUe z^W_(@_5bI~uaBV;|9@Hjyj8yZ9xC_$Zu#^6@?pMw|Eukrx7UULZTU8B-+cMIZ^t=s{q;H!c z?9L&*ty0J>2Z%6#-I^qs+}gZ9iGEg|S5SDzC}G#N-e+hYBH8wtkY6R)Lvkm{ev-c- zIYM%lakn3~d-$8N>$rDKqk-RI(Z6xnaa-8HUlAT`&e@Bw+CHWMR zgCw6patp~zNbVweImxyS!e2AV9+F=o*-vse$q|zKNbVqcTnUw*WEaV>+t4 zlKmv_PI83gDI|B0d?3k5l50qIbqoIil50p_LUM@YCX(AoUP*GCG7RhZSpGR_>i;BfL$d38;eR)hYe+tr4(e-7~)l8+}jMDiIVw~>4{$#Ig;C)xRv@OJ~rUXpJmIY{!m)IKdF-%Y%W0S`E`=xB>#hCXRomTl4LK*Ns@yk50TtL^49tGAi08M+rNargGu&~ zJfCDg$ybsbA^AR%J4jwda+2gHNOt`q{69}}4aw~!he&>n7bH7>75=^< z*-P?|BnL_Uh2$2J`$+C0IY+WBA^hz$LG)J-$x}%7lYA`65t2_Oxr5||BqvGkzD`{K z1^*-bUqQTu#Y)PIEJ z)x?b)!a){)gW(oVhpC&?nj%@yINy0~qMZKHZ zfAjagw0@TlaoJ&9U;H<=JZ}D%&&NZwZkE^ox8XF(M?U;N&Bu|OU5ESg+zhpddd!Fa zr}?<(f3rSr?-%Wz5C2c|vFHD0K2CUDjE8*qznTvo-~8L@JW;<#o-4u&NM23hE~GCd z`Be(z)W82ld<^NgrE={~@|_gs(;QFNOY=KLeLnrRD9@3zW*z9NIO(h<7c?w!O`AM* zvS**^OAKksRa2%<_Dr2TWxqWIaP8-rGTk%XbAavaz=8|Tab3Fb;!74^c!6umev>_u zJ+6xShKArJ2kyJ?Ig1{D$;6XtAv;JAav*-PPT#E3a~zh?0+wmDn# z2Z~2-i$97ca14j#h>Q}F23OGz>>O! zHbV$pc=m$8zJbMO?Q8V3eMJwGacq|~)GfZCVRAh;U$7_;49>r3;rUDE*Im3AeRA^I z@XMprEnI{s{6K+?pkwU$HZB@BV&sIejU&g7Dybd0$Ec%67L7V;kbHTzo*V*+8F19T}g;maPu+5)8^Mn&-o;v@; zIj0>yf9|O@htHqStI%A5^Ns4AznD9+oxfo51-5`Ka3Kb~^ax+JOBP?g5dIcie9qbY zze{a(OU^(4GP2?=p#K%2-74+g{}G`GjWu_(`XbxX&FYKgz7DgqBCPb~_kXDRQMS$P zn<&CcXvqYxIjZq@5q6n0ZB{=C+xDB&kGFMf zRzE@Rn=v~pvTb4W(ta9M@3h6Yt~INSzl&^J+G@_*oPI00565g&WZPQqzftuQZSl?Q z3n{W~W82(*ks{l+w(Lh@eNgqY9VYY5=}T?FPd2BYWQ+g0IsNu#xAN~I+Ya(?^B+aV z%C%V|{w}f^JA3~JD6;MJKXiN&E4HQBroaKk2&~L*T0fJZx7)_slAE+I&mq@)cJSh_ z!f!JEG#-*WsLfxCbC{a1z( z|2=|#n=2PTd~Qz952W0G&CXu@WwRYgHweGP-#niV%BMJ*+iXM7^Y|?Xd+`^1(#EJt zoIr2RKR^ES`2OES{D08}z*eO9TrKo2_~O4kNT2-IVTSyP@xRSBh4i*wq5ltL{;MK= z+eo43M}Gd}&mtT3wo>TNw+lTU)i?BA#X`ScsBL(3&Cu8UGSkrP1eyP^l^ON0g{|u` zaTWo=_??H)DA#E-4LM2mc6na^meBK48~%%szUEA!e@m!st4QxXRp|5Swv)c?Ymv{N zA@koyr0@Dg=ue@IbKj9Zw2#m?iRiWg(kH(Y`nja%d#`!^UDpWxAo<^)^c|lG{WGMm zCcWo2p|8WK3ICl*`p^S24Vl+3{{=|zY!mT4q`wq;-mje0uk!oq_%}&-ep)^feqt2= zUeb5W5c;2ld)s5A51#KeG#jZNo+o|VN}=DC{Jfcuf0EGW>v=uty_X8Ti{kTl5*hg! zb(rBFkMH{zm+}Mf_ic+O{p}yI%Jin*C@X@n@8I{El`JKfj52 z2I+(Mi};^VxqPIrq4DxKrF$Of{oBqo{PS_be+_y6>xKV(zr8B&|5c$so;FF}Mf%7` zUc-JFp9t}LhV-6~MSSDiBGA7{`kLoOy7!JYqT7BVeR3C}Z-mT$*?jyyuOaV44evyK z@OtQ4B>ewD`L7^-$5`R#LAr5uDCu2|LZ732o=*D6BBB3-ZlwJ!um4!+=Tm<8w;g!8 zwi1!<%aHkR73q_&i1@}kL!j>P?61e$<$=KA=TLeJ}$|H?_<@pqwriu@l$`pA=BBVId|_c+pbeIVk`B|m47 zzU5n?Kf-R9*_Mz#_^T+df0EE&pZ60H{%NZ-;>KZBd&$uANBnYZlKkJiJHkvXK0*CjV3o zwu=n?B%5oK{9i+UyjKZ7#=F|!@lMhQ_pUbl*P>qd?{U(1?IiRMQvZLQ^ez3u&+(L> zuSst!67k39GlcQV>#fTp^xIMWxJV!WL-_fX{CM;6Z6f|I6#o>`dw&!09~arQokx1x zfY4WxpDRi4yjAFpXOUrZ8|iCq7y4t#|D&W2ZW8~ky#Fo{e=922KS}Ru7y8{O-3;mD zM+^OnMIxhPFc0y1=!gkDKfdzcj-+qv6nZ?`Y5exe$DbzZ!FVSY$dROv>@W1jJ2;?U zK>Eo@Q|PQEy539jNre6NFQkw`lE%~b`<$py8bdlgKQhW#S}lk zA2oj*Zz8?tZsF&jl+SxeU$b234g&7}7tTkAH)Re>Uk~CVk7_gub5i?~p!n zvC#81C;t1C^zn0q{v^`(6^_ z>9-+$#}W~LH_}&--n)tZK+=0!Mg07{dTc&^gV66teio44Px`M&AB3LI=blaG!!YTm zZlZsX^j^}(seWD{|1}SabRQ@GofO~oAJHF*N&g+`%Qw*vklsW3ynhFl0C>H*9uofZ z=fitJzq$TA9eQ3aS5i&4iu9GF&-YIs={=k1PbYoFCi;5ljr=?%@-vmnbp^$rxJkM< zlfHBlKlhN{xk>ydN$=ex{%g>0uDqSl^Zc}YCGr!b{Jc;4cvk3*cMgDkL3)q#a3ki= z6#w6OKRXM(o5rIZ$2acZIZo&&juZylk=|w(`p=4l-c5S%B%xnG@ed}wYfGWepSPbx zdjD2J-$ecDf_(fvgnlvUuP1$SYoT96`WDi+?IiTyQMsNaeSDxAJ~+qJFB2 zh5jqjdu<}V@$Oon|B$|G7oj)ag$KPI=Y2-~4+}rDC_h_~KKP>0-zD7J_9nf58{ua? z)ti^}-cLmQM=1UYdHu^mzccy&_1Mk#hqEYtO~3H}H2FD?^tL{sKb-t5A-(H0p+AW9 zA<{?Mh5jV!4`I^#&lY;Tder#cPx`i_g??MoNArHp6Z+pNKWj-Jze4EgGRPJqeXw5W z|3dM9B)$JQq0b-pbENM$L5;uF1ko;$bA!EO6b3!{Ljh9-%IH8 z{qt1PJMR+u8z}yHr1#HL<6lMk1}?Y-;?swOZxb~g?`6kVK7AcJLi+=BGBtA+kt^5e?uDgHsEp9=lvj#FDt;>YDJ z@P0IL-?o?H&qRE#@0cU>$e!^#Ca<5R>T3->t{>?3A0+=J zurrQpUmjs-9;SA8Qa;-#{%neWIr(vs{|eIIK>Em;YPxrk-hY_TcTxOR`TQIz^byiO zMS9P{~m@ZPM3xMf?uZf0Fl4`h0zULwe^-5x7A6He7*gJ^fgqU`Eu<~`p72jSVj6SN;ki5FgvfO z{O9ZQMAF-;MSj{TKl4f7@&EC4=W$cb|NqBN`=Vv+Wyw&{h7oBYofa)xOnXG8vLs|8 z6v>pLvP~gLX%Z@=k&;RpTe6Re3TYC`J`|GZcg}e}Uf)~S(dT#maOr-%uGe{=*ZY0m z=ggTiXK-&21j}$d)>QEo@iA7P_VPG+Mq7Tyt>wQPk91Ick@0z%_f}1C9h>+eSj+MXcZI8cH z@?IGF`%(5u?MIu~-lK7MgM2LB$ozEqqe|nn!c+fho{13O15b}u{LjQ+j^|&N|3rU{ zw)m&z_po2zhZmob+j0Cc+}$XDo%KF%K1x0WUxUXUl?UIo>9y%oJULl@1M%BD59T-K zhaBzy)$$yoc>nVt{<0sB&X&(&yCO%Z&Y4f;c08($C*ty9%-d(?+;2~c z&l}o)bQ$saPZa+V@z>+gZSuynGZo~i;iQ;{S*B_b$o=;({bi2l!F+p6 zpWxqiTzHB2VoSxRiGPRq)StbB__+6a&tEnLUeihNdOS*de#GOU*YAfg&nKGn3I0A6 z{MWlKhsQ(nc5OVvJZ#6KQ}O7T%Hz_`=6JfVydwF}_uStv+*7n&MZ7zndQNWFQR^|E zCuxt(0|UsP!AFwk8a&!X>&@af;RUw0Bkdf67m2TdPsUTUKSG{|@pw1o&){<`{vx@> zFS7i^PbB^^j@Q{fCF5VQJQvFCc>Ol+#^rhPY`~+O&oslg;*rpK&UbhcxATX+c)GXp z?<7wJui(Kv+*5AxN1M}rJ6>eS zOK#T(coDb!oAE5}l4qxRf93K187#Z-0-nLWOOQeT#@R1y+*ZL;mnx6d^H}ps-l>6u*Z&_3@ai{5O%O z6P_xgJi&L|dA}QKdHz+NhnW8-;#uGJWG7Bjn+FEe;HN8!%JxJ$pQ+Kw|AkDjmXP0^2|@N_%5 z)&G9WgIj&(;ITd0-ifSt6(0FVemA}eFRqu{dG9Vf)mH0WNqlwh!`yy7Gv6q_7419) zcQ(oG`fw|}_>R0e@x5{PZFvE|4v%k^KZ1|PBUj1&>l*$t6OYpVH^k0TJo%;K&m{f> z^QPLaRTcFI+wkJ0@d;4iCGn@=$)57s_&FATt9%;m>48V4 z5zl$!HMlcX?%%)SFL&Vio8@`(Pq+Ai@*Vgxyf{zZwu17!k7w?c_h7wS@yM(4f9fgz zH#}dbQvhSU_fh;M;@$G-*CAO$zK}fi@MtahRpk}m%HpfYUE;66vxmwbrTt^^+)A~l zGxeW^J1@$EXYG2cScWHt(tg`s%X61}B>BI>)8piIsPkSta!)^6mI|+?_1%i9dm7E|3S$toPRODjx45 zxBcjI^Lg4Y{QD98{L{9go(KUqw5gw|I^V_3*WLTafJM@b; zEd)yo&;5R%7^+)0;D7rS_j%T0R0#9HM!k9Pv{<_w%Pi$Jq?=@l%y& zG~;tAo;z9VovHNB8uPp5|Kguno(fuTqO^Xo3(r=P+x~TEZPh2TL+h>VoqzaCBRqbj z;undX)_C@4`D*-9+&N0V8@~lFv{pNhrw;ex(Nc={@2B*a1$eHkd@}9-0ME2nJ7*BT z4KJJ^zmxp?@W>LmomW(^qwRGU$(N9)4xX$a_wQrymzEaKd^k(&#PK+FNZBJf4zY%zp7C9=TWEfjTV1Q@6=&zkVOj-6~&3{x9%kZ}}Ve zZ@AM~{yJXi6!z2h#IwD%@JPp!-W*S!E3Zy`7d$&j-k0_#EYF4V=kQzcLMOR@Ke4|& z?D@gQe}?$zD#c%*aA*Hfn&)2*9Y>z=;{EwQ7n=XG_}WnX3i2mcD8G06M6kRa#Mf{t zZqo6zEdCMk>3NE8gcmFi?fix9-D~krDENIProF;kb2g~os8W79EHEM#EWy} zkBhzUA5)(EeEBHiFE@Wo{uASE1Rj4zUhwWS^OwnZiaI<_`)A=fw)YV7FZBHX*I$J# z${+5pe5n4`Upqtnwam-!_hTXC){h%PdEOwt81fJBO`$v+Jr7=&y{&dyKkmR|71VOO zPyR2wxJ&U-j$c*lD^H@5;$7-f7mvTE_`9j+xpm^S`+Vd~*k&6_6Jawz#-FV~Y&o_|U z`SxjetiQY$4Qk`LpT9;Ze{bTWgA^aFq!kavossgk%(vt4$l>zEv~wEyolqU-;gQgK zmy;*aTzQhz;axm?n%vGCzrf?S%SY0l-*DHJyW}b3?U;Uj(wE8Y{O1@vafm!l{AqX; zKacHdkGt&@KLH+FqF-*u^W)?j$o~i)X(jJXo~*?mD!1!MZ{Wof4S=q>ua`+J83gUL#+Pcg2&}%ip8^m*aW%Upp_l z!}8pu_{HRT)boSQKXW|~uJ`gBO52ZK#m@@)=D@w{tNXM++WztnemQP=>Yk?YKQR>F zCUEcdFZnG`KfGCJy`%7RL;fJ%G2|}>Ueg&8YR?Az+K}(Yv!Qk#f4bVA48^y==ZE5l z;3Gou_u|t-@z3KUL-B9p=}`O*JQZ@sdtu_wGowR!>fuf(zG>h!95+<|?w%iPob)G8 zWm2;>UaL&l}E4joX(Qw~yeNth^Wd*8)8Cc}ZXO zKk~ohxj)YBd8^*(L9l#^+w)k>cUb;morAbx#Q%vGw#pBuon_BZ`?F)^KXBYR3@?&r zO*JK|i^s1}yxkw(0(Y;HS0#TJi~myoCG8oA=laQysH|U%FyA7-llc4a810{rKZZwB zinsasS={|eZpVvNcznCO$nonv-1(|xp3m^uQ28y?r-I0&ZM5ID_!aW1v~vI+Jx)H{n~MD98q0I9-0lxa znNO1MrT$a!*j@50>s^Su&&jvrIXuxpZtov`glAUC-zERocrqvVKgZ}V|KhRTnh%E% ze^e9IE%KS-)2z2Hp7~t9RcV|ic>YlN-|W{N@xmX zM9WiIelk7_&u*4?r#%btd_(yS_$oZwRz8G0AL23gqeqDU0xy(P{35()@r>vD@cnqY zyyC~;)y`HuGo|D^S#K@#`{a)>&osu}2jyjm?|{c2lBdYu4^Nko@4>Ie^Tg-LbF0O- zQ~W#h`~7(83%N`DlX#?p+^#i&7{tg4-)!-v;*)Amtt!eB#S^pS57YkUxbuYkYwFh1bHDus)|*or=Vsz#uPOc>;_t(=ugHg! ze*s=xEWeTZe2hn4klTGPd+_wj@?*$zLUV0b@+EojU5;LxTH&z^h-aP|faliAd(-~g zEzgZ|>-UH7d`J0U;-9qmKUL=@Z0|}ueY4^pA^uZ~FC!m-@5Cc(~Q6|GYgGI;4g=K0-g!^EZq5bRIo*q*;$Nt48^~V z$3tGg-H`9Wr-!`yIojTdA+Lw0LhWgdj|_P~&;9+y-K&1|P9uZmdg9Ze{1YsH$Y)so zkT1cLA%71~gnS!5B;@<>Y{-u~S9KT?+OGO|GUToBi6QTU7eo1n;`xw|!#jrZJcjQK z#b@zEDE@6c9`Y~nLMYEZyk98(h?c5DI^?I~6+<4!H-+-wh&Kzx-;d`)@$>LlDE@7H zZ76;Vz9;0n@Ma;e>|Mz6_v?NkKLK|`>urM93waN`M#zWZk&xemM?=2AJk*|7EI-cl z?0o8Zuz%g7`DzRE{I7Vdiu??3Klhi4trVXaB_GFe`~UVb63FPh`Ai{z6ykL`!2 zd&}*4Vz+yKu=9$^p8K!s^IXTMq2@U0z^gm<{U+XFC|IW9_WdUv@tNe=8Ok%4c>6vS z%l`~+- zj5=>3Pb`#YEAjR{EphUEOMJ&r{7=N&_qJq+-;FzbuZ#bjDS!E!Jc&@A(yrfM)gAl3 zmwJA%w^VY~k0V3zk-)2ap9|1=)E+>$G#t?2HRUJaPK-#C{G>Y?fYWve5?U( z-zW1X$K@D#=7;h$CEmVYCgNy054Z21`2s&b@ET4ol&1^v_I)%~hn~27UyZ$fyqG+j zLU|Iz+xOR4o-1+tew+D@mTLpA;S@u8ZY18m@5Z+4R@}Z1rLI5^vw9V|kvy?fZ7(^w)gyGz;ZfM7(_ukL{-~5g!l5uOi;Q zpJ$(=L-oCHL+PMz5@AHY$&duaWh4K`Lx9|BWOZ*Pvr-$NyBHq6DC*x?@ zh1>T69bxCCfqT!%3FUEGYd^B@3-T@_1WSd$YdC8|@zsd8?-A-p{E@^LLh;8DZ{I6q z{azcl?;XmKrvZ8Pgz}t0ynPRm?AbN~35`bo#B?`i)-#7D?e1D_GNH}CPiNpFQ zzvQ{U-a_wgL541+l;~YN(Nw;f{9oa@`dtID&zJ4RqbDi8729=q8}gqeKZ^XP;L#n* zQ;X{x9r5B!d3BCom*Ls5@`2>J3D0bo+w%<`z@0gA`~2yAJT*yPsG<$?A3x~VA=+7f z0r@|+_`&jzY0po1_DFe(`jl=F#hv^qJ@W`Wbdp^wRxKot>OrEZI5g%SgzZi-a zDyW{-8E>QUWKHF1&hhI}+_^;YT}vy^V!T*gZqH5fA1~(DAy-~`9;7{6@k9l=T^HSl z$B4h1_@mk>PwWQ8ufrSR*`$07b#9A0hp9dGxyycd=4iQh8W1eQ@I+nZvHtZR!xfC@ zJ#xGMc9!Kivt)Y~;gOj9TH5nEp4=_Js;t(#8IND5_GF0Ph3EEa|Gg5gcs_Ngt~`@y zzyDYvznw1e-f3{Kw7}DUDUTgz<9M=5$vju$sZgGj#m5ytkNh)mr>oqK3yUpJJGouw zf7{|K$$OG#o8@mMe+A!*C$`DYX1w_y2M+q>bNRjaS$OV8d5bbibOD~)M|?T?U_A4! zJjHs);OP-^8*l!{c>VQ8Zj{@2TYx)^!#U*fKj!Sm7t5-Dx6#h^xEnk{-*KL%e|O@E zAYg7SR8dN08fW8{O0A8z?a zm-M@E=WMOF7kOsj=_ZQLQUAr3=XAx}`NkSNcCGwS@)YpoNadMAo zpQl2{qZ*$3^(nloczf>R8F=gi`PbCb{}_}XpL#+*m;C)L{wTS99^pnjIbUv{yYW9R z;pfS&mDeTD0?SW5?K)%*PfSz%LgK%){9EOApX8tBU&?={zxfwb? z<^FSx{iO{a&B@1Bl=sIo&&tOfA@^@v4YuoP`HS?|WIWIK*+~A`mVdqCU!@lm5P^@QU+_uHAgNqOuz?%$T$zW_>C}hAj?;?xSYPEooIHK;0>{T`)IW)5 znP*Co$bZ{0Snn~)(}_I(+laoWhsvkmAK~$Sa=R}5D;|rxdG%l)sd^4pU;QQlwd9O0$)Jw^YT`=tIK)-<7{m-t0O#&3BH(VNKljH?Ingx_Fqd6D_&89aKN{K`tfubmw3oG1U0 z6@QAS>&n|I-1!+VmXTkHJKhBZzdhN*<+i^ZZGMD&KJj(&!bS4e@w4%mUqEm92=9Ow zPm`ZZ$MnQAegVDZBL@%5P!(pMd9|mD};C37)%5-jY1$ z<59M^A?v*ekK^s};kf&_^6bLz$Ma9i?RYvDPv0fKnDxGhN5;sPljl{-KVIGl|Hyo{ z{0ICSJWrla89)0xKiGIH?Y-bVm{;}O-``WOEB_|ic?=%=LOukqho{%bPiDQ%@a#6Z zeQva?#c!9_ru~C0{yq6Chv*l#<8j(^8u9nyiO&^ZAD`p7f83e>ovsH?#Gl7w-QKbA0e;I zddFJ+!{s&~-sic0UX%}=|4hSohR&Cs!*ikdH}LmE@muh zRQbK+{}E5%L-GB1+&@wA78?)Mz0=fSo;gu@Ze)Pg#&atbZ`Yrj;>qQ5UOqZq@Qi=L z<1H@+|8<=H<~5Yx-X9redDbd^G4bQ@=o4( zd}7`}@%DM}9p?TCmA9Nlo>JZ$bAEkdC(D1wkH*u>)Xo*OzoEs~SNt&A>EapIYuCLm z!reEOXC-;A#*=T!t^T*0zaqEKiKp>gWv$oh`2?OiMDBktn!hZu_^R@ioUgub@rTO` zLA2u(aEJJ%_>Xv$et8N13(p^^JT}hDU!;1bkCK<6o=4%)vhuZfZ9KnD+q;_l&GGDd zd5Z1oWBE%f&scmY9;+xHijT)LmE=E>f3D@Bo~Pn3;>GfcZ%&>yo*!&KT~E9_UGcNX z^DUm6EuW45fu|lX>E$n`ZjZ^YA^vc@K>i!?I(T-5;xEOU;E^Zf&*L5N*dy{g@xFL! zrhGI$2zO}bZTQXRvr5L_g=eS9ZzcX=JVks8Uuf|UEB<=?P23In=Xf+!&)saT}z zXO80SeXIF+f;_jACui}Y{`vsVWxW%AZ?XAvD_&SCKaS($FSzT!0P&W`*dOQuW#^~~L^_;Y!^Ru^}-%I$e*=iuqR@`u@v5_s}U`CGx-9cL7tDiDuP$20y5 z7H>J5d2A8x{HXYI$o~c&{ZR35kmozgzf1AlnsNlG;SZ@7N*W7<$ z$@l#=d>XU6Kx6iZJ!qYEmz0Z^9 zEId;~`KQv(K6tK|@_dC4wfNKJ-etXDxeJd^ln-Kn&c!3!wBD(l=PbvwXUeVLKfrT& zwWnG{`M<-9anZEy4p#lOjR)xz@yd4c_?EuP&jx9^*~2G5)%Uq<{yyl|A< zuFuTJ-L~@cSnmgTvXFpL$IdnEb|IEsk@< zrsIjainsU8U$*@HuO;a?E*mJii@=W9IEPkFp<3YI@DzP~(5dk(om+m-oTZvA@_?p&+C@8Tm2fIUO(f z7xcX4b=uz*Pra^ouBf8z9g4dj$zLifzsvk$xxJ777#`zz>YZ){%VLW^P4T1fxA5q5 za_jdmaOZjX5aRdXY2wWf^Zv*0FK40RW5hScV|W_xfM?177v2w#GS7^~Z^CorITybV zPm;%czU5z3vOTZj1w2Zg4S4(v#ka+O#&guoywcU$Ubm&jgN@tTc=EiGejXn6FGPFG zt&E3D@zfVu?|ZEG4m{sldF=ZCEIhtJ@m~`EDxTaZxAXr^mM15-^TXe8hdk}bQ`Nh` z<@aOm6UEPEd^W`0to(N3JL0Lw)y}htzYdT1Z%lZL)n^QztgkwpK^>;!Y5&5zx7c$7 z7F(WkOXhhK&$N=C&U!ak{0QZ#9b|KyU(7kLo{m@aUikaln>a^#vUqJg`IojgiJyb# z%j)=kEPfH5*;}%m!|=#Lx!u2%w)}U?y=gF5p25=vt@l=ZB_7>FzuA2flZtdxVJAcaU`t2=vF0K08>(i-thIy|g z?aAVWL5jEgTi&z$Q{{FY_y;_HyWGAnvix=0u2dzt_cAJ2YT+(^9^Mo$+^#y!P?MugJV4R`#0ZN+jS=Kr{lThay#!mA9uT`ALnyi8;EDWQG6fTc>`X!U-35o zJY@OHYaG7HdY{1)&ne!<;oEp*hw?Wj{}*`jF6FWNYJSHvGgJrt)^VzM7n=O-EsjTlO2D&C+vWO*Iei1_1h zhjH5kZ-yuLb`PW+=aX^V?bai3JD(hcr~Xy^b;OUs3mhNsC;wx3?oY+r>&-=Yp5xcU z#J`0XOZN!G?tj=~{+!&-WB1_kh4OFMziM~`IG6`GF5C5@Gx5Zeiob{TUVuB5u*=~ zaQSD4Xaml`qxIz194_yGyN}E5^QV{LMe6WZ1;yWpr_WKmeed2B%kz`GWqHNV#k0HR zR{yumtIF+pS)bv>!{qv};}k8P`K@Us<&WG%KMqi2PwLqOk8YEHgm=WV@5t||t~^)Z z`8(tj87Ft*&M)){CEsxWWUs`;3`RDZGE7x3ltLPW+<1wz!&n5mlyx329PQokRrtK>5x~2u^?Z@D0&WHOEe;S^-RC&Io z{q6AF(el~Uxi20YuXg@Uo~!U8?-MoUxG)Zn9;Q5x(w^zK+e}`Gak$v>pDnlh7V>!E zN7cU}^UqE^u~WW?{wh71{{2C|hV80}7v`z`8)$zsJmKH?=PmU)p7y{q)#W3}e*+%H zy?+MFeRz!PB$M$4c>G-D=|eqpc=`tUUBs`$QW!I@IiPwC%5~SM_Qh|{36W+b@%gxWwBlc4dspH4*VWE{ ztqyqcS^25#N8jPu1@e}(bHDlV%5R^Cs&fZ*xIkW>{4MZUO?gf755Q9&DgTeOeeXht#Jj?%pk5R!R+u&CY1(7+ z(tO;Rr1%!4mH$;ddWqcji**)HomWz~ukrN7iob{T{^|L_#^E7%`qz1CdS8t0oj3)H zPF(yyJ6QbDLHwak#rJH6*I(5Q{0OJ;f#s3=|2;A!-|D;pcgM62;_Uf0JMes=OW-l3arWTFmpcV=HePMK+L`awK9GO$`sSBh z7)THL_bfa+OMWWxZSlzC+TPN5PrTSt{ti9}cS|dewP!dUbJfn(#NUe-wwBzkCoKNw zwn3zR>o`mCNI`k_kmsGi`Nsi23jf1*Tb_T;527F7Z%R*4-7>#ujo#(rV2R+_t?IAu zsoSY|w3XU96K{zZx_1u#-pU<7)_F4Q8)uATaTix40 zf4@lbe0Z1mWAIcj)zkKuGw@us<2R%F|ayHB?XM7{4ghuqCLd{nZF_+#+wt+q{#PJ#r?TJ4taQ<- zsq&mzLBG5hcfQnmkD!0A!=r7^4+2jh*PVD|dddBL2A<~g9X4M*XZfE}JMBDkIbJ+V zw(n#%mlzBCV=XR+6f0E}yJX=of=}*ebai@>^_Z0j(+`Zs} zKq`_a75IPK^RUG)(fsf-Ay4ADsme1KUxXLvN2~v9mgg4DKlZtsPx0hD?bnklDbde( z{$16fNdA8;zyE*~Z?VriSM_!ff4__P54`dg@8xr_)WwUT<9IVXKT-M5BK~~yj>>a7 z-U~0Br6ZSJHyeb)vclpI%CJVO1; z6aOCWysr9OLH};_{7~;aITiZex9!B|?o+&a*>TF;>o`$z9{A$~&;2}w(EF<2tnlM& zILUP-&sWd%;{AS!UZHw^PO^@8_EwG0{*3d!=6|W44-tQ@<+)e=H5I=NPq~V>_xGpZ z$p>|Od6W2Amj4!wH#-k}+Txe04%3K#0ndG>{q9|SJzjW5+jS1@U-_l#6WOOalqG%} z@y=ZuKh@~4-^^of5P3}*{XwbwRJYuhT>^-Sotk*0r~GpI_dGnxd6BlxaRyqRQra$i ze%JMQv4D^uR7Rvy@|)VX*{3HdN<;^{u*y< z7(ZX(PUyH(=HVkJd61JmCBzY z|M__KF|~gN+j|L~WW04GK8d?8r~+5uqw(|-<%yH$K|J?*ryz1V@lWCLya`V&RUSM49E)e0%QdTbpVPtbPHB^DfOR%#}mrGj{3~TbN&Owyrnk2 z5RY_Lzt^M=uUno$%9AI4ec=4#fFC=FFSgJ)SF5~hr4Oo}iG3Fa(Lb=g$KlCR+O8+b z)fjg|$Jw@c<~7YTCy=Kv9^YKDzsBIvdsNTk$UhBF{ZXPPFBm3aDhwf{@{ zH;-r9Y5crGd%nSQ$GX89tFhkS1Lq$H{HW-iPzB>{nZ|iv@*Ixm-_-nO&oSPg)%>4i z{x6X0RN_(y2` z&K%t3ISkLS-skbiRf@OIspatKe${yi@mulua=FWXvBz`&ytf!S?>*#U)ib-JYNB2XWJ5A2#ufacrtW7b_kv-uX-+E-6Ji}_a)nT7w)vv zxIL8k*?8tA)vYo99G(reXNBeOp&n^X{2II%ng=%ExyD_C$c@DRipM|H{BQ{MFYBF< z`{OnqTJK@Fd#~2}An^_Hz`&Yu|0X()xb?8B!6U;Z296xO=&mF4g5aI{mk?kepZwZ{B1Aa^) zzWAWp`6Iu}Se|s7KPAo4Nd$Kkm~>i4eH|K7j}I^f4_;)^RZe(ZhZ zC3s?<`mqUr^A?`=AFSss&CBQ)U*gf;>X(6H=WjfJhmMbvY0n{#vfqW?ANl?_-~YQb zB0k}0e|d(G4uStS{wm@#w`ly>`PiN27pgve_|r5V<$C5Kd^Vn{u6a9&FU4b@s17dM z^*Wvi9rwS&I$H-rK2IFdv&OoZ${DZp-)PB3p))r3;RvxeH!O|O# zmscGw!Ci0I_~SOs^Mab=gDn0wjjIXxZRTH;-0$wiQ=#*gS%LG%2mDxMd9K%fx0~^^ z3XjxsgXoU@%?8WQb9FAmzr(X*RR1WxA5V{H9f+OZ9^>sG{`M9pxPfo2tUqXiC*rE- zlk`hl+<8Isq@Dl7El(wl!+uKR497E}^Yav*49y!;J&$Hn&r^th0*`&J z?YaqHj3+|#c^)q;RQwX!vlUN%R&t#GiDxfYym!-Bu#}m_e$-Iy|AqC|#51kb&a?4T z1Lq$H{Af*lWSfo)y%>iV;`z36`<(BUc>GSa$L5V2@JxI4m-b@sb0mQuutNU#IpTA- zYyNM^dY9vg$JLKV5x)U1@P1zd{43nyx{dYwK6AcT_cY?GdKZrT{V`EWb$%B=1usli zJtKH4^9OVsS%$~)_@^cNE8)5Ser1a5#$}1Wf%sw{^~*H2cM|SCpgOFee;44X>s5zi z$+HYka-GfExgL*vq4?H}tL>g2>UiHn%5!&XkmoPrGY^#9-fFW|pXeQ(gUG*#KL(G- zG#>1AbOSthyW(y9G{YUP*R3Z{d&?i1uLj|T6Ev>Aru{cr9_Go5$P+7FD%ek}gsw|Z zB0f1%_57ZCK8P2O(hNVE`oD;$JGw#UxAE8TNa*#*_js-UX!j-7 z!V96}*Xeki=iu3X)C$jZa2IR|H$_GE3rFe0y>UoXWc`tDOalntQfqU;4|D*N{qdmLuSPwUd zw(D>I;K{{m&zr$-9jEdfZLc#{d79y;;O@B^=TDW@FPfR>G=6Sk{ItW+5RDb0hA2S8~68!2B_tKNM-t96a*9)_Zg*{bG^DM-^}P9le6bCuw`nAkQawf#*zK zg>T0b<@Dj=|@eS5f{b?R*I@UeZ>P_!>Op ze{qbr*!?_P@xqD9ze|7R>@lCDJg4J_JgIu7Hfevf>z`5FZLN9o(K7mjrWPN%kD@1D z9H9Jm92saHIxZ)1=TtXH{5$O#gGW!0H^iso3GxiY-@x-oPdhH6~de0w5ZJXQ5vz<%8kPt4SMt^IxQ)VcEeh`$DpHEa{CFU@*K;gM521o8v^ z0Pa-PdLP8+;mK2U{%_yw^cJ4yeRjJaax?B;;szN$CeJq(f2{gf|8<;Qc)YXvr7rOm z=BqvhUhmAtkH>SN<9H)H-&mDAj&a+@{8%^0Fqk|S;l;t4A6~$(vHX{I2*i#Tcj0a) z_2W+BXW>o@?MHUM(*lbRooBvm&ie&#ljj}0$o;PW;$PsI&^X+UNA~ObkN2`DSgI{h z-4YLL-l&3~h)36IeBM++zi4dn3)Oy`|Brk4;QNtFd?BX&WfS8qjytEhL1KF@*`;`f z<4Y6Tb1m-9Qy%YSOR(H#{+rtWD1INF;QpVE_&hxJi|TMJ{r(0X9jSh_d3!USi)x(L zC(j>vey02!{IF+K&uHkn;)!_iN$p?fv)-n7j_(azT~>)Ym{-((% z!*ewh-kZ96*W>Zw8b5ZPKN-*M>JlW*(Vpp^``eq~dys8==MbO%QSmY2mslQNubID( zySvoRdc^;V7kGco_Uj7Iv%haFnLmohmUap-h_ILG0MhqZs%>&KJvXnob83G0nnp3v*@-nctY z`_YFSrv{ndr~Tz#+H)Q53|9W1@w@P11;!!%5FQWRZ}2Rh`Aqrk^~G{LQA=BTGI`eH zsnGq0yYT2cTJLMbSIqkL{O?jTaPNK9bJZ{X==X+r;&aWO(yFLbpJ!V!O8E zG5?EWyv6eTWBKnW8R32^ZK-L={;?DbbYJhDdZnOk0e&;rl@P;$TSjA!|L zO;7S)gvWkSI}gQ2;Hd!@2BO)(aVFz&-j6m5LKD|}jYwrucfjjqUzOwE5 z5Ks2kcFiMy!SalX2V&PJcj3ivRG+WdU#cut-J-WB&yVCe5l>&C{+*0B!wc0kehw?6 zUv$Ka+e+5+GCUVLkNVp?VfK$NiO}(7B=M2Z`wJ8B*lhK?9j_n6Q_M?)82@v;H&%^^PjobsGY{35*AMB8hxzuvU^jPl!a5~6sK_w{PBUo^p^^A-OldD;ffKMwfOoA}H&ZI^u?<+Zr;w%XZ- zI*iBjH8g%ElvA?D@nm_m->!o#w|M50c9j&r!Q#0-e;aMufv3x<{@>$&;6?w7DZQmH z9$BLLr@FL?EqnAph#&OZ+L@gngK*FzHgZk6T#L-lEiufx+{_X?yA$@XVne~L6j;GpDXWH2gFP!ZLk)!CB{&*~Oo#&4S55C?B#OJu~VaJgf zc)Cj0AisB79xO|7Cv@Ih2%Mk;e(WdS{X_McR#Cq^e%Zm>b4K7^9k}ji@2j4V=lm~F z^Oob4#_5Nr;;jQ&P5$OjYM$>Gnul*7zVML7!_DMLS)R$7-&)~M;rWb?J9Y3S=0oKF zQvdhy^vycn+3{i%p4qN`+{JkK)#6ubfBz9b#5+Ot&nr@VzUEZc+XzpG?hm=Z;y+QH zcN5R)aZ?#?R7`Gqb zvB%^Qws#xu@P66p@~Wt@aD=pTSaLh3Zq_^O9P-_dN!9g3m2#G&;^{c%;1YJWZa#PijAUnf<6A z-qGS0sbB2*+x_tP7G<{af4w=Mw{1wCJMjD?8V`-}G@j)3qg@Y~ho?fXkCs}V>DsT? zlIIP)_>d}a9ljoq@c9=V-5h7T=l=a*;mJis}%6Jms?yA62aGu7vB^6bDPd`_(i z{u`b=v11^1eZKUos$2S3wdXG4BX|P0_140RpJ}@WaJ)MwaQ^s!AAN|AhF%w3g{Qfn z!RE=E{zsmP#HT`err|lRZ(G02$0PeSo-?#*1s+Rkyd6Tnuf-ELs}6P^@&%sZ`k0+B z?ZgX%)L%2nzuWTMrTx*4zok|)K3`CKhO*wn@Z2`VKSiEeczVCa^CbLqbMBM$Ru?Sg zzW4Kck6EhW3i$8Fk4zb3KX{^qn(t#X{JaW{0`W+a~Itvut&a~~eNTlH*JUMrr7 z=ih1_KpV!%^LXS>)!D|?O7qZq-^HCfRiDjl*Css5_shrdZ}HS#H;~D+=P$g-^~qMm z*U0&w_y6y5is$}$X_4yyq;Zmb96m6hl;JRiDWy-VP%?0_E$;*)%C zB~LrYcIKO0Y5$=J{Q`qZ}IqS)u#@B zv)l7SOV@BlhMpr)>UGt}3H4W9Ji+_6?~>Ux7H!^vHRH;<2lZ&^;eGb9`1J1 zIP6LO&+!!Vz|-Xa4lmrQEqaFd(r>Uo@_GN-#7FSRMaqA5Y5k%Op1oUp;aTOi z{~DfPzq9v?H+k-#kGZ_>UzR*Oh);2To4|MD(H83W4%Da0o2q9a^!nmBJh4^v{Ggl? z)yJJ(CC@ipycjwUk9+R7v)o78@7Ud)!Nf9Y!<}m9xn<;s z;mH=-u2ZO6Z9LEOou-oiEWFTM?ca}g#j|CV|8o2?JTdG+v=GW7n`1$d!>@_$AAMR+W99d864|3vHkmiX~_k>?=Y zfj@#5TByG!(*A{b;)}LHWRm!I@eI$`dJNx!JMU|poKKy1;n}qE>$l$Xi{4g!BDIv? z?(3*(evZb;MDj=R=&#DKnfxs*zNx$s?e7{me|*4?%ZN|i*(Oj`$#HJ;+~2RAtNSXN zJoghH*{AsOOrW#P%jtE8z0dd}UVOGgkY@wyehW|Xeo*~#`o(68U#xih9L*27`*gb? zupxQ&yaPGKN*jYK0k=G_tzf8qc^LayT~&ikFC%+IR}3QPp(i;jm6&%oPQkf<8#Z; zb>^Y`?oT`uIuEb#4*MzhHN9L$e^4DSj@5DYD)Q99bG#01il2qYF4A_LM;$uh$qPFK zk=u#C3{P<#=@@(@Uie(wYwssc#uN3Gzc1~aW_i|h3NjqZdgtTGuhjmUQLW$wJkRq9 zk7vDW@pu)r^9}NB!PDF)c{{!nFZNe_Bl7IC_b4h8h3=a=^gV5_vs?XjHRGot?uK5cw8r!M)sHrhb;jcx)t;@iv#)vm z3j#^e&Y_n73&mfK--0KZ-{#}v@z{Euk9lv$2g@wWQ$zhVzP$VeJjMMj=ZT%wc$Vw= zwjZs-6F)1@#tQm_Z}B+iQHPM{58NHDI$VNRcwhBQT%++^7e5Y9a=)VO7cKA@pL@N9 z_>LCO>r=}!7|+boIJ|=R8}USY)w2?HxC4*QRsHRKgnRJ(8OqazJo9m9i{icAAy}5< zvCwtJxA8~^)y{>a^3{)*C(-Aw4tQjwj=w+hH~sP0j~51VJMABir+-yHK27^mc=Sq*&+p0e zC?4ne9#*#{-UV3yex!P#_rVtt?|iI&Uqt@5J@?OJ3&Z*bnQM^$b6f9B#UDldZ+PTQ zH;A0ccq^Y*-D08V7RK=64;s(+kiRpY=6&iD@xFMfrAE{sdHve`>Vn{{6bq z(EBNO5%0WqVG!S%_D?e(tp2S_{^#&$W3Bg{iu%QBJbjnO=LX`p;JK%}1!B)B`px3& zs=w;8-pU`VKKTk=g80gex0CSLgzkaAN&cpIF{eCB$ZfurN{wZ5Ye{edU4aIlIRiBM<20TZ z68|Hf;B!4T5B!U#W~mN#AKFpgj_)5AoHd%q_K_!sN4{_asmnlbj~9N`dWTSli}CDO z`3UmdWO?q^xc!LuiFlN8Zr5REnQv9ysxTg2G{08)FDCzL%OCoj^=3SFjpjGIp0>lB z=R8=QOMRj`WFFEuyuY$m5W$N)XP^n|t&6+s)XpQ>t{Co|6b~Y+;~ntWF3qcXyf>b{ zUF*G_{6j5I=>6G|mgiyB;UV%&#gn1?D>8UtjOKy6$iEyHxO`Z*Seu1`kCBDm?_j9ks%Wq`=4ZV)2g%{dtp0T=}g(pX8zo9XfIz!r{dkOnjdEqH>j+yf*UhvR$4TQZ$4yQ{oY@v1x^A$@;;(dr zmNcrM2Cc@6JU?wk8TrR}zMkrK8NLnAT(A1;w~q6Z#fLsuTYi)38NaoAkl5;6AJ6f5 zPaC%_@Fe$#SpIIf^O7nsP|bAuTb?SK4+rB{;_=6|pAIgkUyQc=q3d;%@IvT)fhRoo zkDG4j`5udiPw+XBYOMDiJU&eAwDxbrBO5h-I1@nYz8Yacv6PW9}_c(@UF zc>U!a4uWM8o|&f#)MtC=1n!OBnl6$0@e=Wgxbo-t?Yp=e8dpEy*{Q1Y4QyC>@5I1A z{>J?W=y}U8Z-!_{?wUxn)`g35Z@7Z9_tmzGj#C9xEs13cs!mRsrI}=o>_Q? z`wTT(I?h7R{qxxH^W~NkpD(9=x6f<5kEi!&X0Z9~b38sn`{N|~9Yuf}ZA4~gBz_TyOcj2evkvp}$58)l~!ce(pW5?-(XSm)qf%vQNkePjemk5%RAy|6295 z*Ja;Y9zN%uCcexUs#}EXY4*CcBAzX3|EkY+9fud*k&h!!BRt(p^MlRLE?&GxviJG90=RsvCwtY zzIcZFx+l~AVR+$1_4_K?Ki2Z_`S+H@KZ55%_od7?AM6H^c7MWByhxsN$ny@K4IOtj z;`s^MuG5JB4tIZ4o$JtFWxn+5_TS~mz`gHB+tN1pwJ->4DTjd^<-9-FFmTAsP)9o-=F0P-)#i=p$h zEqHv8_KRnT-|e~Io{^#Zaw}}rc#9RZy`!jSO*|3$JVkrlxnJYf?qlzcC;!xXSF+ww zxr6u1)x^6qH4hA9yp6&0qjdaAk!Kp7IZwyadx@WG{*@a<_M)EizR_{NM(DWzGV$rI z$}@&}@@+i&h{nI2hZk^{`*Iu6p5O6oQ;oyg)UA3!^-PY}cG>&LC*q0g)bBfJe^We? zSDrV$m(Kpush~Xh(Cg4E@WKa*x9j1z2k!l0Xqj4|JzSUmncqK!CqmaDU&jkPFGaoV zI2$d#h3oi>%W<|?Q2x{<>aQO7e!O_2>fF-*BX2ouo8k*6bq)UAJNU2TG{WPvG!DJf zn_xK`&paU?j<>_}&&WTbTsL_)&P2=XSn~Pr@^NPo?+rGgxL= z{x6k(S}FN6=A*T}_PL(bc#O}nE+)^%c%rlBw<{Sx-{b$UwRew`JgMqLli@jdk@g~j zirT2IuHtg_wz#^mJZvAAMOfv2zvmGVzxZYK_{Z%JOy%!H#EFO#C(b!> z;zYy|J706e@;~-tO1JAjIV+H#d$cBet-)`eQ9RGE{LeP{Ws5U(KmYR$e&i8~=i2RB z;Do_zuU7tlmd&G620xy?m$zr|>lWuTwtD}i!Ef060T!r<5JoyY%a`QL8vqi1wn z4j!Qi?=krCw!**K@_*FxXZv5DF!)BMM{fUfrQ5Z)t6chH!~ZmcpZh+Af9Gvl!Eu8h zpHcpNg5^J9@Edid^GmHgFLnHOZs^+#e%|0$&uaUR8T_KbuRl{cAD{B?jqo?puG`D} z^FQYJ?f%cMwdWTNe)$6`XP#|%-evG3+4}c`j>qhfIm`dw3_kb`rNe(T_@n--(e3|I z_%Y8~mKbttnM&wU-(EYNnUJ z)8Lo?Q1LHXd%oY`M?awQ@aYD>YVa%Hcv2v{27kN3ul9~B(;5Q6j z`$~m>lfi4yFSOH+{-(C)tBrr2VDQ09m2MY|KHp&Qjeo6j@|xj!k;5~6S2y_a4{5*P zUXXv=2ES_OF1^1$_VcRmj%NCq!#!CgV+8><@VE!Zl5stHM_rJ(eOX|FO|-4#U_zNA+uPEjpwt6=Ve*8DJJzr_~|GB}hX6whH!H?Lz z>%Q*$ZioM>;`tAT=Ze8Ezkf?w^4r#)Hyiv~cF)P%4Ssc1@w~+Fe8AvGzC`)(QwIOI z!LOT~xzq4}!Qkg^S2^}}gForNDLt>-zL@LT=NP>9BMXxA`z-&Q=YRf^K%Vv(P1rK{ zwZ4w;Q;eQ%gI~$~Cl?KVgU=}cf9In$;g=15{Lge8 zf7R-Jx52NySLGp=tMczd2ES?d4!QjNn8A%D3OM{g{s{-LCvA zZKvmdvcb>2N89Q0@L2}G@dJwg8OHy|0hf44TNhZjYTsu0FK7E`n+D(bHtp}Ttev|C zznSghyu#quU!dcNZ5sLa0|vj^(RtzbSG*DMqn0QA^ES(W&D#HsmiQjWWBXaI?>=Ji zn{B248!i8T_52@Gdj6k})r7w@_+VM*uluo|@Cl{!Wjn9*rH1F(2EU%&?>b}fYuSF{ z%M5;GsC0Ox;d!OOZ)WkC@B9gspU1O!fSNQ7mwq5)PE-(s{g)9;E22UjLMS_S(fJ+e8&82XAC}T@N0ji zD&<=&8|B}t4ZiU)g?syd%-}bEK-=%~=jR>%FBE><@cf#= zk68W>8vOl^-|Uu`82k?ne*Co7>w56d41R4#;hUEKZw-F=;DkWjZv4_uDqkHRYkS`J zC@pZ*;18KU)Ah>>1#U=_Kbw~S=x24@pJ{0ggI}3ZKL2@>OBW43xNAmoo`0kkc&))V z?ET{B8lE>Ae8$@E^!#;$Uw^Ig^MU361A||_L*=~di@!4X@ekiCId6M}7WjLE-?018 zl#38Q@F}Iw^-b;9J%;~T2ET0UVz8_Hd$GXnBl)vt`5*e(-uE z8T@!%`{nU(KMFYQ;iqQy@K0I(>$MfBRi$yQ_7;O*Grj)`8{c;seB=LEll*Sy|AE0T z7s?NxxAuI};OG8S$MIVX&%ghDZO_@PJzuc=SAI?T?PWH;M?S6eJo-D!Qtw|Ijh<=n z%h`Q&cNqM}oQ|XKhb|lZW=HAs7l!Aw!OwlUw(|?t{#}P}YI}TL{7Q#g{KlUfp4S_^ z_M?je`4emZTRnd!C;!OcGk-TH`9EOt{1cwv-mM-O{x1sLK9WCA`i#=&obA7?TH4bM zUbA}$m3wg?j=_)qv_jxMm47D;e*Hb#-`kDfzTMzgZ5}=E(VG8)!3Te+zuVxiH~5v0s{DL{!LJ$o$Sdas@(l)mr@@b&y-y&oGx+Z~{w)6U&kcUr&e@%} z{GT=WmH(jqeXqga4~5SCtc^@haifRpk?RYZ-}UlS4Sw}+bf)~I;rRxGU%sIH^9~!w z7dw1k`}JI-=Q7~5Tb{bFn&qj6=Vg}v%CBpFpVy!IGi~S7vh~QzE&sJYToDY%4bQ6# ze$?)ne}%zcXYd>L-qV{5{!0e0nZ1Ee`S(tPAF=n8KV`>pZJu2-{Sdy zSmh_gto&Osc+KJje#qe8Zt%+=Q;p_){-D7hI=>+~pKIgwg9aarW(5Ab#^3RGoHUEzrp073d)j!d8KGqoPxWON~U*+T*EdQdw?IZbf z#`0hOl+yD*S$i%TeCC+e>-70vgI{}>=KmVY|9XROSlpDKJ9v}8lM3zUZ&>~#wvYea z2EXq3?cK3WgMZ=>JpW+%uRle{@&C2_Ps0W-`S3=zZ*rHx&;6Ft&EsI_0q42we4l#V z^Jn{C1A|}tsLqRDvU zo?`Rs%#2`otij)E`LDiqQQ%)^_&;Fq+B=m#dj|i1ygeso1mb?qzcu*HtiQMYoz{Eg z+jO2nZOOlJ!cL6&@U)`++Vco`RzW;8N>fQ z2A{F}&vg{=p0(ro616nmZ~1@O;oqt9%IEJN82s9kPfAXg=bte6##rUmUzpsu4Gc!U zy3*19`hNG53|_PI?5>xeVep$jt#aG<`(9-5>vlfW?T3>FzntmKe_`;A2b2OIv-S)C zKWcqU|9rpa&-}o@Z1AIR)AoFo@y|O9UbARzn*OH zfx)l6N%?ux+Vi~zzx*1dkIR#vb@`KXOd@?FUUyebn*% zuR8Di{(MfT4e=+#+H)=ayZt$lI z+&+>&FS7hIFFqyECm9{?HTcF&<)1ej{G7p$KB#i+O@`}&!)-tAn+*Ovj>qhL_j~-f z!Dmh@zq!Bns==@R!u^8b9-Hs)F!&(5@8Z1%KlcjFf6?mwn8P1Z{2r(A*N$gS;SX59 z9{Kl5&ztus{NEd%ry0EV2JP?Z+cn{N1|MYi04y5(+VAPOTrfVV8~nza!rhOtYw*kF zclu$=f6?H_GrRgn9KXF|@@8x2&l~)RwI5+%^6%{izxtF}`JQ{c!ryK1!G{&@^7+G_ z-~6u1y|vokIQ;S2{-L6&J>v69wFLge?#pcD!3|@Pp z;{U9T%fR3pyNc&=R_{fFUt3o_<$kd5H~4kiM}s>^{=MGdH|*T*ZyI0yn!#&7qw{_I zSk3=ogAXQJuhxS1uMB=Xi!=X%!7sOTUHmgv@8iCp^f~u(#q)0s{v3zfIoXcE?>6|+ z?0(?02EW$UcK&B;|GvQo**?yz4gS#Ul+Ja-|1$=^lHE`8E`y(YNawrH-;Wsl#-{e` zdkoLt8hj)3=RXn-Sjwe`ep}_$#PT0;covWG%?7{uS1PZ5+4z6K;2Uv?S#QEf2%@%#OiH0{PQ}F?>6|v;MYx_H*MZsG5GOktDZV%{PwdB|Ia$U?>6|` z4gS#M6#jsX<9iH#)9y`bS-l@L_?7Qd`a6Gq+VT99w*QINo_{d-@xRb{^z_>m(e3}J z^t}4HvVMQ2!Dl|J`QK-F?lkyiTOZ9?dsYp8JUb8AGWhk^tNiad-3)#+FH> zee}bYfB$#c&d1k2^5hwV=$|)O{ww=Bua(-h+S?3%w4wa$-C21j|_g~ zu|}US(}YiY{ugQcZ`gQ!!Smbun9njikNKj~^M>7<^wS1^vcU&g+`=;re)%<8?<*|- zjKR-k_V6jk|N0rp`Ky+H-{3PZQ2xQE{QEA0U%pK#bH&>K69zwG=hNSA`G3jaH*DYM z69#{u!3TEVwXTwCwU2s!dsnMr`9E&(TBZk&)E*)7?aH%tyw#^qe9FI{ zcKBPho!X09?H3Jx{na`ne(=$n|NREP`3%MXVZ;A%gP;4iI`6*A@PEPad{X7P$Ju_x zBb07eAJlrk-01dPgCEW2FH?&HnY4|5prt`K{Xi1(RdHZSZr?(s^{;^8XiuUu!G;Lk6D%<56yJncRMq z!9Qd9A3CS)d5OUv4}S>t=1j&9Pc`_B_v*a(W6OWc;McP_x)TP!dau&i<;fX?U;a_; z@0S`Kb^xc}dnWUHPdtCNfA@oq-{KrzW9@mP!E2dc@!uKz+>Gj-->`B2pur!yUE9;N z_WY^m&-VTQR^V1y^5;t)sdPJPe5+hqt35;DNk;qmEtdbf-GBH7gWm@@{ZTdZS3l0+ z4a+}xzRr}k!TSckY;g;(Gd_8(!Dnng>yqXFaf9D{r{Z~r_4nTx{G8dhPqh4RH~3Y% z=f~ek{D{CUQ}X9imjB8xE1&$9(fJ<@e)$zj=ijq3PlThA{C54S^7)$${Y^*HTw;GLFyBHR`ozb`$HpcsnR=3|P zM#$0bH+H-I?Pj;p9`}c%Mssqh*6QyMy2ZF?AAA1uUU>KPOpTpRuhVD_hs}dV(HjpB zYCFT`e$i-8_V*7^B>8F}=eU%0+#K!}<72H>tr!mbLp1f$es`le92LWjVW&4<>U4|w zes5e{8ZYC&!(Ou+bDVB=JMGT+U{Q+hHQT_y(`Wi-G3XD+0)L3eKk#3Z(O#{mfYAm&MuTRnUv(mVQ{$|l^vy#y9rAbf56XQU1o$blESeOhX&v3Xp+N~=Qme8XvGBLq_ zBQ^U()fpr!t_YFM;3qcM&#=UaV!VbymeJ$)@`#`F7`^ya2P2Lhw9;?3wG+a6TJKtM zQQ7E>GR|^uFkwwabDwC|M%IC~(V6D3N01O09S56Ez{H$Mmn!g-pk6>JB~%sAToWAI zD%$gVlivB&V!uB;s1%zg4g0$r%b^DLW&zN=X5pf(VY4^ta7bhR{{DW^8&|UTdzfR$ z*zDFZ++>1KWU*UFk-bj04JJ2gEflRTChvuqt=Haa?%t7o$Nnu|(wS|1iK1ZAkQ>9d z(j1Lrt={+gWP4NyPY9J(`u+2hLA`kS#HX8p*XB9e0h@m2on)5TUYlTuio zSRNPqLe+BW%O{;-5hN+HCRHf{vLyz0ZM4)MVlq|IPc+AS#c;V-Z}kVrm8P>^)X%DO z@Y1l5o?2__P@Ps7e5+%yH0Ia;JxOrUU^H!w6QxESOe;1Y83_^D+h&@sg%N zQsp!UXtQYbd#z5lQy6j9Ak3w&>{7jG4qJO`qqzg}oQO*DTT7-_Oxze2JDp2O%D6f1 zv^dIapdcziR$yijx&Uk2ih2ST1ad?5Hz(aglNU#==0NQjQ)2D;Zhs^MTWY)BTxy5v zX!b01X=wmCKh_5YuA@pm8c;maWv0e*p!3PCtqlQCbF;|uI#g36?eaQvNc|gq9i9|4 zu`(f3K(4tKcDm!x8U@81)QN6yWU@vm>uGC3wGwEnx!o0lto7G0b1q@%We%=S#)l&< zCo0x5ETG*iM*Z%Ef`2BM|D2SjGfAU;;XLrdHVnk`uoSl^yQ|GhpjsWm(!PuRIi}K( zWOAB@@{MtGw*f}#OW%;15de@?@THglEIaNGX2*h%4FCi>xdl@dHO!7{lVJy~>5LkC zT0*S4Q=3t}-}S;5+%r2F@Abi=!s((42*vzbZ;cbpNZ``2xl3Kmxwp8g?*2xo%){P%KWS9%SBWSvklL zPS*<~$Ug=8Pn*RQlEDflDgw-a^3SzCrKj3t3tT=W1_{2wFK$Icgi`deAQRjW<4Q@# zIDt~$mNNGy`^7M=2r1F*n& z$Ep!lJ&g`xj>7b2LBTUOf!RB2MlUTMk;jrm-4EN?5ef`^5o&Td7;vSD%k5hx1KFgI zZdcGsQfdl#4zbZzJD1e#DM3NpY1LWZlLe5MBApMdNUVp$Q}@UH^F{CB(np79Fg~5u z;`Lr3Yh!D9N?PNkGtKV#O^jg>A_SnW4wlq~aM;PM)s=yGA0T|2vf61hxl~7{-JbvK z_AhSCb7=)I+!>NSpr1s3k80b^QL%%m=%2f-ez!l=jG|wsFwi)C zfq-A_Vlb>>$vp0B#iLpat9?a--~Fx?~9xs`@PdCx^1k#V#XcNr2*<;LA(Ql-ShEh=$SZ!Sc+5|si&xf zWDiaROO&6X{?gYi4q3n|1V(d!FJsjYi#q~V3$RT{hK_CSVllL*AlP*9kn~%k zdWT}aNmeyJMY!?XTrK>GmSU-`Hh_EwDa9|W3E{{{+Df^Um7tZ9)rZwW>fIowwf?;F zkWqUi4c1l3PMWm09psCxj`5#*kjEQ_@xh&NWRTw0sR#)Q+S|Hc@GGtSS)8G zq|xj5mU|bPBbYTYRTn($w-Q-8ojEr`on^%QqRBui=NMl4i6fCqWMf-Ch!1Z?JU3 z(og9RT%fL|M>XAA&=zq20KOlm-FUAtR#MmWr3p%^CE7NPpNP=I+& zBiAl=+9)r5yfna~hby+CC>qay-rbE}vHM^#?CWj^*uh<#?M}0|+T885YTeE@OiAp! z>~kT}*zWY2!vkz#U;)BK0QXhe51VO(l~ZFx?{%IP%dggXpu5lf|pY#3oUw>x7^>p*Jk_|F~|KT=}9c^-RB{RzDX0thMiaSWBfFJlRzIQ*GA zM;DqqQ#^85?~WT3V0r5Q?(^gPK6+MXA#oO@Qt-Jjd=oE_=%jr8jsg9wy|7_9g2Gj<|>fQV6t%#do1tyo5O#h{pt2Ksjvj z>E}R005>E0{GYHm(82zMrQE@cx91d3_-Y$zqFF+Clr_%K30;4-c>53n}5 zC>X{mqC62|5erprO2+X@7AanIfqqhYqMXF3s0fMdcR*8umIPNRWhx?$*LobFP(TR7 zErwW2XT+i4ruIIRP!t&=8m10JnvxAeniL5wP^o&vC5w9XWC%*GB!~3jUK)*H4kj36 z+W-zo7dD~&*uvUxjx$L>fiJowW&@$D(=d0i+>Z4jp$>%`if0aNY3cH47Nb7G zHdo9xnuWKXYmWqUD`Bzr(#6g7ke3B39i$?nT8y~>0JoReb`A1ko_o)>ut+jr8beHA zmk;ZV3PW>v=V80R425+U811fE);4J^Bomgs|l;eZW!( zn+eHaL&O&Fc&U01Rc}suC8dOKOdCW?l%Vv$mN*9!yNq4uTB*ZWV=5}P7NRNCiOoeK z3y~hu-V}&p6Ygma)M|shE*%|1>tCQW6Bmnt#J#(THJS+KD2m3zdFU)6uwelJE=BI{ zOKwL=M+C5G#}G2WTr*O zL(J$|-ydQcz6Jf7L`fOM8|sLVNmtd@N_^8INNEGm8VpyqG$|!3aA}nTPr|Q|_kS6I zC+(s{s@3MWwWkB^CD*p0Go%9Sy9OY3wnlbdcmU4Z!{$<>Gq`Y14eRJj2m0R)ZiJ1n1qc^u zF&y@=DCz7MechDhmTZY-)__g+Y5Uj&hctt)4GVI%HcL5adwLFDDnM|txRjUyP8DL? z#tx$>&On=R(lU-AtqJi367l23IJ0Maql>CsQ|KvNJd-rB4z~wl@8HD{vIsFYum-%? zR+7+#r@y#0$C67^$N(6aauvR9#|?j zFrYLKRx#tSRI*?#0qHZZAhyeX+G1}}q9r5P+@!PEY?R;x%WYsNG`Q&!EV9Lyp)lcM zB}>d=Fi>d&i{(!1*uI9?Rp7Q}j_pE``ia#QEtWLE;OYs?;Nl&uR-t))RUNCyObu%j zg)Rt)Vd2(&QbRex_I9mM*krfw5EN8tKRZ>$eX7TG=c&!Lq&_r)aTX%*4eiu+MWDAy zR{vtn2wxDV*rkR=FxmhcNV9Z-Dh0rZz7>Sl1`EOlfZrr3C^J2lWG|RcZAEEP;KCf{ zDldUk4NHDcGZwH4B}wKhsz6e#x0DhG+scW9A4M2Y!xpBJiH2agoieLAc1bsL7%lEX zWm}%)=0*+&dvrvbNkVM8lPm)}#ixLsI9U=lD5a1_S&vjiXq*wJd`lx4w)TeL2W0{Y zD$*RZEz=|q;U-4oAJ~PHG*8&=7F`JQWO}|61p=r#Ey#+#FT!I*X<`Z;+dltjI!@XT zy)l;Y_1hN#VE7B@qJto+R%|n-1QgpYLXucQ3nc_D0#P0W*3b|G zQOa<65+f0j06id`&}Ipb0V+Bjf8{%_=^e6OO1Fgp5_N1!U0Fgjinxnr$NhcEVNow7 zXc;2LX#zrPG40^*+{gCWNP=CLW*56~lJwy1TO5o!I4u%m$E{?@Q15W>@z88^yRv0g zOk@ktLik0L9HgaLPnzc@1=v2XcxtZ0kUUK3Sj^hBJo2T^(yWXL+pIOpXADrbbY`FD zwndUDz!3YHfiWHQ5JXa(0lQf?8Jh&Q(SbuF{q9RUb8PodAc__*Ard6XE5HsyHq?IB zZb2e}jWidm_X#$ADr3J{v?r}YM^rEr)<65$glA>Wj+-pa8jzyRD?+73ivW)?fZ$*n zvXaoSnM2PF%>Q_f0RH!pRh7AA+ zkOU{bDkuRJXSPOb$#DORfrPnM+17NyKO#3fr=yS~v!T zE+>PGp^|0y8Mqf(CezWd;?e-hfkSFWY=FhUyip55r*KwK_Ca+tKxZ+lnsd-g_uP$8 z5E{x649m0Nj!zjf4-5~iZuJ+M2RIoQa0sza09b*oV)J6J0)2p9#H{!hmh;nKFU2Xm zTDysZJu5|Xz>;$ZidBFaV6@x|iT<1ANP6urI)&!KCQ*A|fus7#M_0LM{)_*S29y{ zRDm*)Z;_G{<^*Ly6%C<^Dlc%dxOB*XEOQN2?&oqFZl>u_F37UXz40^{M0K@+ZeUjm ztn_7NTE?u$^eTC2Rab$^-}_Ha1+J>B7wWyJJqgNUov z9K!80f<7Eh*@>y3tK$$zbs$ubRWefnRe=o4u0T)0Q@`6Q+H=$9rze8yhZdYVv|ey} zt4DJ2+vq=qea*nm|Czi{pE~F28paw4<;c0j>yaML;VG=_;tJu&x646}Yco zef{cdmc9bV3LNX#M877QWg@^;fvpN?RUs_}wG`G;Al}(V+gE!E>w>VZ5ba1^dr-#>9n5fE)0BAiea){ltZOZGt);HDAdZ70C`Yokw!6fUf<_4duE=r@ z0Mc}g-(>;37R3M7YeO7px+Fdm#^`}H-7(3Kl}l?UV8MxDENF5V+94Z+5iZ;qoF@+V zaAetGW5t#*hb{cXdY1}qZPo9zARtOU04t;!`um7fv}I9J?f{l%+EmFbi&Jb%A(T1R zEh(iam=yo!B*TNv<=#demm?+^2%E&?P$le|hS=|F0gnOk`m`&cgYK9{@Bkq<3@U(R zqj)LdR}YK$cev&+cRF31C~*LRS49K^T6Q7JJ~)tZ%ZCE>X50V>Pnc4o3H_4JrAgYj z>4_(85pLZCg>Vk6H)d#aByE7&u{F;O7aHm*4?O*93QP$^=m`V}ARH^j3+Pl9C7H`j z5JQN~|f zUt-Z&_v>SIVEsopd88KrB*SJD_Mfm)LJK{ zs^m<;$<|<620uwCcZ_`&M`O9SaE3us6~pP%*;9))(^I5=AhMkgtqLo#eRGXtNsvc*vo(cv zOfMrT6(to*WjYFL1f3xH92JiRP6;G5=c%FP-5w%9WE04^1F>QykD(}K08jC(k1RAi zBifuTG%Q7Cs5GD~!xDH|j7b6=i!ODOR#wuox$NoI=+aT(v^_u{vgpaYDV1;vkI}Db zNgQqo=e}j)A+2*OVM^av`Ok{HdPDT&wv*@f$mr{U7`y;-kwQ^^U2za?>5f>)(R zDLM4Ax61%4X`B9xp5@KnF3*5lT5=p5k?^>{tTsg4MPpRh#WH}we!oBJ$pwX!0USXX zhjX1>+fQV!2=og}66g{<)789$rkSCQC4h(pGoB_$H+p$-mn}|tQV5!j24>L?Tq{yy zjrUsF-9LJ@m3^>y$eONuO9^X&gdlajvxNKDNJ>qSnosM=sxXdBV%_1;Jpo%#jK0`s z2m%|^+PlEzllBEB1U&uReQS({y?%v_lB|@Wv9Lej2$nbTLE42`h;NDEO>Wsz06cYU0@7I# z_gL_?sb|X!NJwn3tatUmMFiSTPi&8`iep(eC*{8pmN^&$p7|uFa5D#Qeh`5c}G-^i^%XK;5{4~Gh5xY#IIRuBMoB%R}L zEv1<9OeSWTR2BdL)Gu}rx>~~E)P$d#^PXlALE1A{VY99kVUZ7tmgedxZCHZ|n zPTR72j=iRqzZk;E+bxlWYc}aAx3u*}gu(^@ggLdfbjLk&i(7sCc!7ScBwsI(ggfqG zivONlOutr=FF}B8%~7kJfUvYJe;CS;I4Lb(mZD-ED%T+Gfwltx(~lGo1pF-6bxBj(Gcu^wKMY-Q<2 ziEEQyQp*CM%}70jWon-(ab$_%ezE|7uCRy_g4iy$f;~>Zc5}wF(tyreCleSKnxxglX&*|;G*4~ka!QVsGM710 ztR!bRKjXy%FsD%7cGrz5Mh|;Uh%KIqQfJD8W>Kfa7M780%Nin{V5-(zxS^3%Xz->Q z<^KE5G~q6Od_PZC8c50I%irA9GBKiYlff@rb>#4|4&PsBSJ4?RRlX|4&@qrgpz01wNLnj z-3t1^C{zYk_+B%(HBxKHIshhr3LKT@_8oVz5e?M=(} ztQWRlor*YgLeC212F?P>88Muq)67G^9K}E7EJE7$5&Wp`KITDh@A`=Q3Z9~+1(XqZ z(i3fA#z`dfMZI@b3xdU<$4#nwupl7Nh3hSb?vZ!+-RZ^ez-hJ$6F!0&G~06u2*(Am zbJujJxOm0?8Qccyw;@I^iZd|NOCtfz-s^~l4&|t|Ff4YIE`W_fB}@k6$Vx~v1_*YP zU5F4$VqH}##VcF=SZ2s1ceP1(N_ivrkY1)&)CFXSkW9lOxIPhrV&F^I>G>)F(&#qB z#&My-O7dYJiea-Xt@1)gYp9;Lcs$K8U_WXf^J0#H+2Mx2Jnd{KFE}GwidYV1K35tyiTp4Q@ z=*pmJA_yym<~zgI1Q!y=u1!yu$lNKJ9;ObRZ-=#Fe!V`wrJ>{Pb-4gqi6KppM0I#1 zL*z-fD798sxtp~X`0BT+tiA>P3dPpaeb#bIM9G>(pX03;Jj2}|ijK|`w}Nb`q}+mZ z^QY&*qVTYpb3JX$>3N^BL9k}1g*Gzn*6;H^*>UUy(IL6+9QW_e@R1L1(O4!Q%7wut$A!ets+K17IQ|v2`5o8z~p@WLz(g zyXN!aTel!U?EE1OrPw^Y8(FGb8d(bvYJoEkw?s58OFnP8mY57mT0xv4RGrJXGcO$i zagtzg2~S!>u#(OuL|#TFOE6P)Txj+LzJ*Yteba=Ul$M1S#+7mGBP_S1Lf6hT`^#cj z@!%{yXu}F~(VeGPO7o&ik;G+vr+7Aqa=mvt>xy`31i0RlEJ;%*xRPSO+Fjcj;qb25Oe7_(;TKlmiFV_;en9(p69h^U zxp5@OUb4D{V%Jtf4n3|kkI$sifnv_KIWF-g_f z6L0F)K4}@Qu&^desuHX>*~fY-FR5A}eN7@QNwX3r0Aj{@UO$pe(6T-n5gf-nZE8CN znA+%^En=i6#R+nw>=1Bfj0hGl0_q%6N-c$wWzLeu+T}u^N(F$y8}srH_YD}GfFc^y z))|wO1QI=DTzyU;pd(Cvm#t|pV%VOM z31=#3QMI|{#I-Y`5XwxpJUSt7&1J(k@~Oi;Sh+1PX#qx>i~`=63M{*Mh?u#>#;)ei z?N!gt(XHl&QxGOk6|S*UWjOmO=2iq__=d$!iO3ocK4l#lb>mh){)W~NgD2tyt7R5~ z?CN8PwW>t{)B!8u^$~{OJggRy4772079*SPDPL_+_@W8u^4+oIhO7~N zgv~wDNO)|+m8}nkb6XP`aAuzZvl8Vcj@Re4I&r0sNL#y=R-9mJ}a?WM_-dH|l z!g+$oMm?%hZif|=bh4^Q-Ex-IjyR>Ooks`{yn=|N>{ip@d7w#AO;Cwmu0df_1;Iwt z0Oc~E0FfsIHi+y)VC|5eY}~LkSi}scXN*y`pgsd)w6+4Ibu}lUhvm*p9j}>1BngN$ zM66oTAxSw#ZtG6-o`b2GkSvNELPE)wP0|&~>~Jx3Kp0zJ-7;Ira+DfmO2NT~_IG%g zFC#B&vXxoIw$bv_mTi(!vHumyI4Hkj(8$P2go(4ZtAsy{08o8den8x#ho$%u-aSLgG#4+Ow6%Gah~-cCSU}s zV_Zs}&L$A#CC`#HRe@(ZxTr7Qt(%aby4I3nhY)P4KT`@Q%IW-~Xq4e8W|Tb{u|!H{u&A-J1kr`LuE!zEF>a$wvJQ*vTXqAnO;R>mgfirbvXubJ@Om;b zkW6Nbpn69W21xP{=fh+POY(=$cZ(c0BDcta8K?NJapT^(i$rLUL%@l%jA_;5}e0G_ky!T9|>QNjX``GxC^=J6N3I zs!L^P{jaCz3>JB}q&K6tx@5veaG9+l9L7g%8mV0NnGzyOmoo{j-GuEl3BI;+d9fws z+E|g>(+b3$^;lF!(C1oG=rsBhlx)m?I*5L;NBAg7SX?D(O06VGb=v9qNX9&InYAq- z(t!O-6LtMAT$_f$=y08eh~$e;Ndb&cZt9)Z&CX2opJtS4nMY0wPbJ8xf*F?YHxgHq z$bi$KWp|WlbD&~=r+2knK6YNJD%U+F@07I|ULFJu%Z_pCv9wbCArYdKOtl`zVc z7HWFAsCQ>$zUq^feLT9rC+K^`rh(F_TSOrmvvCsg*j{BrFWQB@A_PGETWj6j_JCRT@P+i{V6O83sycDBQms^HG49 z9Z&`?F9hdCIe`rHnI8$wwN~4jX9UTEB8Z zpR)SST#0Qx37lf_%dxedW+#=VBvklFitsgz>Nu5>NJClRWJpmo_T(0sl3lkd21}e$ zJQVAwov-1aXU)Dh%|qHHpe@zq4q>pjGkOklwoT#TCZiNsx^CNQU+9DL$;N5@rt`gQ zNyRvjlMLocS`2fdbfvac0kF?GFKj7!k9fw_Cco#D`&66V?zY{>mcpkM&*&yM(F>PZ z=&6^F3BnK##)2d3l$iN`fvRW2{Z2-fkh$`9u6Ud zrwReYTx#u!Z$-2mW#1C?PXD5L(1oO{%^}{pccbCde0_OzA4K8#W>3VS-?qJ3K)m$k zDdQPit#+y!Jc1_NMYlXU%b0F9ib2;LF@&0M}Rx8J;W0?@^Uyqa;vWr+S$);@D@d_Pr{Sl zpcAbqJ=(*Prmq0k;!(hgl-7`XMn_;>sf&X+`_=Rs8u43zT9!L>#3-hel- z_LPy8@>qi)&qPPi2?CL{jEMqXRx2&g*d7%Cjmfo`=K27K*-P3l-r|SXdBgo8va<0x zjQ%clarG_U1ucs5$f8HGF5q?dLQJCL-K(btG`bq;x3kF%pfa9AUxh=CHWkhIz7usE;V?v z`d|ZssMmQUiik5PdG)}ki>=QVWEAfDT*s-5uBZ|nh=U<^z&fq^giq3Pz039rF;J(h z9)0WECjxrHN?aAH#RIl4J58BvXGMG!<>Qu%b51kfp-8N$nGXg;U49do(GgQZpQ|?+ z;%tTn$b^%y6B*iQHh{o5yh3lAZ;4}$^WJ?qvVrApgV!#iF0&rMaN-&jW@f!fCCLq& zWNY?U2eLb#VI3Pn9MS0FkTqN4;ukkWHK;#z7aESa8RvP#8$9X zI5FGmps>M9MnEKJdZ>^Ud0!DQRN6pWftvx>1(WHRjmFQcHHzOU8Wj@D>x3_?ukxrD z2gBpd$m-a-)Tu)uqY6csP-lnBQPa`5*~1SViT>=;5)lIIXIiT#vsngQ26(;OUIypl zIY?z$-4z8N${}ssQeYQsL*Oh9?Tm<4I=jZ!>)qVbZ&j}~mbX^%Y~|3ehFArU_H@%2 zt;3^<%z;$il@Auhs3rgIkYOZ>K6}P^3SQ$dC^@aR`vJ zD54ea3J3Jux>w2z?{Eaw;Iye8wH(_=j!;LP-BzkRtO)cN7gx5v=AbgMVhh+pkZH2K zZmX=SkX%J}#3RF5-NcxSz?@~wBl2PQ=NZFf}iJC43+IahFkZ@%bsVZ5d<4Po|( z`s9h=q8;T>M3c*MG1G(uv$(ht?{CSwqImNb*ODW&vnmp7zcMJ#(!^j}qP>m!<=EU# z4Oi#o);T(-lN;7hWC;_|F_r>7f=vKD;)f+E9o#Y!YH_*Yt{)&;6_G&N=}g9}viL2n z6el`G^IWlmn_&XsPyxJBm9B;>lW=;3d`CQ?eX`3_ns7>O;d%Uo50&|)g?9Rcy2A|8 zQskIVMN9=MOFN}2W5ReUv=^%(xvzbt;Qa}>g<1@nvUWgGac0B$j|~c$tMV+ppF&1s z1SLKFm<`M#*QR5c-QR_Z$>Y|tI7fB{V*yEnXb*nqv@!dV0CdmC1;YhtP9sU?D%J)Q zk+hWfkv(YBVM^G%SA4ioB3U@7d=Li%Ye0d-ON({*sMqXOhAr|suPWuVfe4mW49icU z4BM%;zc6)dpfu^kWVk;$zbETmo3A|XkFMgGu0V%-@56owuGDXbi$LTEqwJ2)F`Eyv z`{P~UdbjH`c*b621I!NLF%}MdUa=w(MTu2MeGgoHzSel@J#rYb*toE9U+Y0GoSN+l zeK>)PBO|Fe73EgCv-`3!tJ5wTHe;CO&HUxgSlsT(aAOlqHj9?G;-`ibEDC=QKy{RJ zfHR9%S=J3Cf-B!?Lr9MdvY25HCFWcY!=_VZ5g~dVZ?5qO|AkR+0P>A@%9N5hriMV- zg1{Knqtv_)_Qa*mX0y#nB}^WKdS9cgrLwK&en)q_wJxKSsXlfO(dFj$P&XL@k$KDQAm&hsm#&Mh6Sh(g((%TQwOkcMwY84OO14X|aOOm9;#gLs zN0AGHPN3xVW#JT-Htv%t0VTWvT?HL)j~&_zf8$efWpw1zXi%&WRF86FDG3W9t*xzBWorroPN!dunsw`nh zo$ludqF3Xs|&{@Ay2z0fJ)l6<0JtGRrAlT;5lFGs{%V4t5X8PYD-am@^lo5&ZC6Dm83nb2D#)}%R?i^M4VR>D! z*bN()ZRrjoWg77Wr;O-tTO^P#%#5|(F{@xJi(S{jIzZqV0MPRkm$IzeHJF^TLoA(& z)DAt4HM2&N1*;io)<^_cr_BTWf4|niGhz9DWk7`YDJJ`7ixU;=g05&aqyG*D4bCJ;&lG!tDE3&H0gXyLFTN}cq$gJJ;}y2b~o7a+Vk;5brN zrLPbpEUtod4GLv>9dD?r167!S-30-%NB&qP22i(2(0qO`kAlMPwDi!BnsJa@$zyuV z3W`XB`P(+Cf+$8Bmx|DzOch@N#xOXN%j+(z=)rQb6fj3(5Ah7!Bio5_iNA;!+RcZ6 z)sgRva#`syE)cXdBFESZ<^?mX8pFE;qX4YTFClo+LHZK#fD0!w)uOEClEF366%8aB z$?d~Lz92tQ^oP5&i8%*%uo!md^bBSok!>+7DO-C2y1oefP~o$a4D{w zqbB>tVo9ojIWg{W(S-NYKyLVBDpN*kuTS>FWbANdB)h<9Jwyw(nJ8EAAz4dyoZY2j zG~Yw(G1G@n5*qquioz)cO;3WxkmK%OUMn9iwySn=3*2;*!bBI4?Qw(BV z_^l#x%#mq2zRPP%l2P}}az!P1TxxSD>~xuk7c`9Zh&iM4((i8xIyV>cf{#m276b?B z&8k&jjpTDt!}j@rm@h2|7ZRs@=MZyKYI6>)V&Zk^HXsn=0Y>02?YX|!$VLDJJYZCr zZW2=#qUn6h;ir+=$sHQX1N~r8SP?*?yBwS1*>~TKjJaKX3JZprF^fg{$Jf>A0S#}x z(RHfvEtzhM?=WL_x>5>;M0&!|)eLBsI`Ay%glQ6v}MMWY0DH%#9Ja{nV0#1-M7VAS>m}y2AxJ*(vx-pi!p2&$0i3sAv@VbD|7{)%Zh4B ziHvs`{+0&6HN+c=@HH4lL?=``S!@pr@%o{aaD)tn4C;nrCc`Pv&y zONcqR3sQy48fFJ`2yON~_(b|ZH*lN^$`e8Ba9E<%Douz10_uT~@sisTWrIm@Mza|R zG;9EanZ}L-E|tV3Ztx#)z}Q@l6aqU+k$L1dy(JwPur}bgXh(L>TxuqK)bB(@x>_2M z!!%Z#rA!zyot?DsY2oJ>lP%pcBQP?9?%OexDzF97NYC|PJo&MP5IsN}?f!lbJ!;^2 z#0J8uWwa$L7aQn;h_2FtF08b06{DUMmodNwc~DmiS@ludcCgTm6%e$tX^}aq=QBSyt9Mpj zDyXWxOJKwenHkb(eL|?4xsXCDbwFh1U#Av`JE`1$DMuHIGBb)Dh^ZiN*7{<=i8xnN3)ZaCh|QG2r@M9+40LgdO{?25 zzJDxjOXo+T5Gcyb9Af9{CstRmipD-qG_feCMOPyq95ou9HND;HN;I1kg4qJ*OzhHAy9oIK7qhD}Bg4Z>qBE+O&@v-flU0}v=0c~c@3<*%^J01*&=6XG zFh|-NYpr^93G&7}PmQd~JM4$a91B`cZDpB!vVY>v@Y2%K1Dm2((WGX}-B&WFC49*j zCK6Jkoq~*#N|O$WJI{9$A&lw8M(ar)Xd?V_U26MuW^M)kNF^t&j3maFIKaKZzsqrn z^kb@v+BFp){k6k=sWw^40W~!5%@*3(?^l^xTPdFTFvn1BYy?Lv8h02A)17&2hLSH{ zqGK;mvkx)=BogT@m$8JiKEMa}*!`TM^ae7wd8q@z&Cad*Jjk|KY&rXA1C~cJd_<%G zlGKms1%kpp7B(`S(BCg$jJB|$ZpI)&vpiB^mbdqtGr!r9TR`-fmzJG;2O2i+)OKK! zwknbdgoCS()nZ-4MGfVY$X=;FQaOuiVhI@;v6o;R@Kj(H8a<0Uqv6OK!mWvevYdWg zF^|MI=c-UQN+U5Sm!x`vRPDIoVoFHYpi%-QAm7B2`j!IL}PFwB^v6e?HF8+@|KQ%k3A%x05j0PuSi2HV*g0f?Iqs*2VD$=xyAQQNAXrVQTNP@ek*_++&5Ah-oE*8;^_D+io zCWli-JdV@Y$GPVUFIi--OZONpJQAYhp}C-dHH#u3EOW9TchX!M9F!!@3YYVo>e2c< z+?q(-C2Ss6ckZ@PPZ*aFWwPl0kVee92$Iv@K?uQxGN#6us`lc<$ySUdvcpL9xRyA! z!rF1|V#`2nop2x)MA*JjCghnNOe`GQK`4EJH!ooXGSto*m746jVYyq3M=-$qgUlA} zU>-Hcci8(OAi8W$1P_-wvV{=t+i~35GFfA!cA^tFOsUk2FruIj!s&6j$iY?8Bbb1_ zrJn>V1`!{a)iG?*EVIf^bdVl8+3~5adNLSipCW~e*X;JhD5AVB?Ttv+IF!zB)tayl)?j0lNHhr~c(+u}?}DRsb@Tw^|x9b@O_jaYNw*XqO>p)FIygdwXm&;*X5WLLVyd z33yw4zU&Vvt3rrh8B+viMj_P?r14gt*_b_A5aq(?24)I`H26~TsZq$ESg-N1HQl?V z{8D3m9Ty~G_m~zdbJ+wXKj~+1(q%2gxG7!Ip%3~F{1_YCc2|`Q z)k;%hYRC>?vFd{m(d+NBMCgjuL^@&#Sr-SR4o+OK!IHD;8x>!BCBj20V>w-4yquc%eQ343t6 z*}EufSI$Y@)vDnL)*Z(WE74hzR&X51v{5dYsRya+_keQRM#b22g0Y8^cQy|Nql(PWm(m6;MhJ$jJ}-=Q5_U+M%d}Y zQ!^#NMey48UECZ%VVIh5qJ~bZmCjELxT;F%)a30pS!duWm!c&Br0^Rvvr-`}lYkeV z?SOQlxPYWco{J=r-MPpk{gLLt;P?a#MoE`Q-t9 z@h||vU`rmaEb++t5M4kqc1(sqwnut!&BW7BTt+0X?GTkb>8<;H{8R(V9pjMVlfwNFSWDK5b(Mgsn(y%de1g5zBeM#`mjE;SP#xDh0$v!3xo8~;vKT3 z0Zyb)rOgtKsl$d~StM;XlkP+mY_9^&*!`1?7ura|RH(3=5CF-5t9zqd?fSVRb#gEu%nznE#XdIN3 zfu!fqGn)4pT! z6$~SxnZ}!UJLe1EnT&g>TwLn*F&ji;joYa=2a?MUcaRcX46hG62Qp?LtM2jpJd6kO zhzkP0K-6E<{>ENlM6n8mP%^*W1d8HSgrK;<%?ehj?s^kk<;DrINVCLmNbTmgHVVt4 zT79?QOD@J}jGOZ6l@mS04QVBu z*=ynXT!Dci!cRib%mFIWPaBST82q4m25t`W;{2eGqb(dI6&mEQ&JcEp-IC?aSX_6iS=7I#7A~TqpKk7FdmndiYup`yT@62*f~#Py>~p z9QVZ-zp3;F3|&@bL41|62rE}4IB^c&NDq4G7 zQ?ZCy1hZ|pz5;8A@@9VKuvw1lXF|xI1Rjzwd_2H{*_TJFSXjgTWTtssJ3;3X5A8Cy z!pcEGrYqWu7qGBOLzO^RP7EjwlEg!9QUxu-PgQ2%X59mk@q@lwqveb;$_k=N z#CQ;rm&QW0zc>{!D5_R#`{Gro3LDNpG2%yzNC=8zXNMO(RI)4cA(ri8r#+@I&IlR# zE&C18jX*-VTvP)aLk;;PloX*rBatMClS%A^*G z+|UAx#O_E^3>fTWbA+{75j%fM2*!H$0;0~e8zI2jDC_zTyezxM>hodzXutKs7dA$S ziB023pHD25&2gVhj>_p)Y7l?C!3Zu23}8td@qJOz?{^Z7P`JFkijV-YIu#vw3g@Ix zBAkWU)j7fOl!8KS!jlzK^pa6zP^wd;822Kp5L-=J^jiZKgbh~Hi)7M8t{JGZ2^P6b zch_u=u?>RQ!~vCroC5I0t2CGDBe6YI2(l=w8JJ+&D1K9G#l^R?TC7`SdZ-gFAqWMX z&T5Q9@iCPP>wv~tUR$E_5_skj{;#AJvlpT3-R1z=KP)T5!a_ZQiF=!Z49uukSV?P! z#f1)T;W45lu@jSyO9 zJRC0`H*>oT+`A5wwCq2e>t9+JHvJYkp%blgKjTZL4Zx z;x17+5VSJ80M3Eb^CfJBCW$rRGC;6l`oZIsL}6fpNJBVF(?Gg79Bc_Thl=4@jcAkX zdW>MD1F%M5Vg9;|)2)59ofB_bgdEw3f}q@zz-@~b&cFtvo0y?GyRqMckZ2igMthoB zE8|h8PNskpMzePdm)Ciy+1GeFiNOY7UM0O7)}SM4L~TXnm1~l$9ex1E#CdYmST*tN z*~GRLYs!@{jU*yb)@hDc#9Iq?6wxfZl{%w9!BRdEVL}%Ph(aUNqvbS9OxOzM6MdYd z6$BKXNHHPgOoA2=!b+tUi@SpP#{m(V7&=g$D`5O_HCuWB-3Wq#nYIcKy_9{D#DOI? zfw4DeUdM*6o|(~2QI{3Mukn!zL5HYs?D4C610M3Yq>-B><$#`qqqD5^1|6|(M;gbF zG!BTa&}0;04EDQigtVSnXhDL&Y}Ql$>?fHVi2P6_by;kh1RR~rOijCQmM;|m5WJTKR*_l zgDnwpxJ%m@0fMU%>^P&kjHT>Ga=;AD!~ly(rYq8J#?krig3~QJ8$2P5n$H|k@nA;2 zPclIuLM~~*oSQC69F}v(L+M0m=m}OUlU`r=UfS#|jcMYlQ6@pfpj9s;`b2J30-L!u z)Pn|<<%8g7i^x`>M`#0dp!&^4AMM}?>UhyZ%C=&6EXr9gmW^Fh25{jhU#_|`14=kf zmW9Mn))<5+riy7ss&aj6o)P9`M=H6Qz-20Wx5Ah3Fip2dBiqO)ca>M1%x+5yqT?s6 zKi4MFwJdyg0$Jp0o!D$HnxqtNk=4fVi-aIgX?SHyL1lI45#>G@%^D=lhGT7^G3dl& zf{)vQ{7kB)0>E2Y;>@gJz_vSWm^<*iFdy}*s(&ZGG;Mx?FJLeO@~Ne|Ag`$rB;5|N zUAmVP>w`bX6_cRkhC53^?o>25U?r;@ttng690s9|$sS=#k$X$s4jymaMUYPm%hg6} z>d|?X{A%7&p+^xdz4Tl1if~*NZVaC3O6Dua8ibC!RG$=MjbfvH3=?dCgZR$=K z0&$WUELG))9X}P~iiu7q9%X?{XPt%`EEw8B|1}dtK#Bibag!x`yn{PflINjrI zX6nz7M$HcQiyjYNV|?iMQkjkqFXJP|3?@JKx5c~wUyyazwkaS|)hqf6%F%xWeYW!$Dn57t2bR3l<_ene#{t1AdAbkGSSgS3E1apgt{1{7hc zb8w{2MP2cVUR&sklt;+nJWrKi7tmx%(7Y-pOY!!^4!?jNp47*92!gDJwo31%l1}F* zBEmWQQ4;&+{G{#*snep0TVsU2|YH-qH z zWMTF>G0mcbN|D4-futR&yA;1p%f^MC*HBy9uWTYd+L*L*gBO7gN?9ezCDddYS1lAn z{H8r66U5FL>LiT&eA*h|@b>CRV%>thiC9r$mW37mohk-nd~M~jV?kc!9*7Zhk%7vR z$AqT*PUbHa-r^;6S_FeOz2w`FA&jwYPW#k5X5L=GFlCpcw0}c#a+O6qVR!BfBoFR9 z_NAQ8U|gvk14qgS6x!eo@QW^Cb)ppT=)gu*p(LQ}PEX?w%pRGt97MLksSc93A7lJlz;|$UUGP$5SmgokX_5leb~bfOE8e+-2YES04~Hdlr;jl5h@_BV z3^Bq%L;$U{4P=z{9D@op8h}h_>wWTpLjk=AmrYPAary#1 z^hu0CGC_^iL2qF92nX4%6-F^(((e9=Zg)ts*ohb9Aepwy+u>%XRL$LFITtAO&|M+3 zV5VI$0vzVP?R9a}W2B9oiikU9(a}stf^t=9D<|~Z2o0N1xB$~1|BI$2XB=lNo97*1 zHHkrnsUKVn3``J98w*erwPR8kHeAVp+oBI7ng*y)CfFKryy*XQcJr~J^}5E|Z4E^c zdjNN+tZrjba4O8X3(k)$z{!`y^$--NvW}p$1S_^4CG~5bWI00?jBCi$q{Cd1O@Puo zfONwZ(|#$NQoOi`pg{y?b2eFx^r_%JI`{V*FF7VBdRiOpmJmoIco#bK+!XNdvYRT5 zRgLpoI%2l4xE)hvWXH&KDq;@lZKfP|3z0DHu{kRuR#}!SR$&^pN7pPeXJro%)lM_> zMT!p@mc@plppci&Cz&sedoMJ65k22+j&QvK^RYGLbtg*M<7yjDl!04)HOZvM36Hw4 zMuid_61?DGr^V7~D*CTrkRxVp>J3R^hE_a=VOo0I%{)K{?yKBE+jS_kHfc$;$El8)7h{h;Rs3`uaj=j~)C)Us2UYGlMcFu=Fpi8K z#w~ajX(#J)+qJbl22U3EuZ~lu!$TYh$B*LK$4?m)@twGwk&T9#avrVrPz`-aML5GN z(Od}1fb2;wjbSu-Ib@DJPPo&U~QL$g$ z?5MMq%6c*2(LG3tHnB@1wRt!>JklH5YAcG=13bkWA)5vn+pxjmi7?O_(}gYbW^RZH zt4sx|%h@vFsoBw~mA+j9gw@3|0t|S}&^#$SjCQW{J@$f@5BH7DsAG-J4P1!Dr6gMS{UsfhatKSz`B(2+eaops=5Xq~uvZ)@lM* z+Gw_2pj1j-W{`>LT7wcRtZ${NjpeQ85S&7^F7L^WAdR!WfL%=ZHklp?7vzwP!RYhu zNpmD`DX=asy;z@@j!|P`Rmws+D31}3(NyE6;_^7OoUybP(;Mn_GdhpUt~f}Q#6F0@RJs9=7L`R$8o=(CI0YgJzr`4y zAmd9craDcj7BgvEM;0cFBMDxuEI7QvJi++?KQB~}nrumt51#i7O~l_m#E zm9xv2F9^aa(5I_EbpXPUc5Y>Jl$U$r%3&LjsxyasGP)lK5bQj}gSj~vZNXH9$Z}nX z&x2RGOUO!8mO7zbkbyBLx(i!e>QrS&>^aTkz*bU#Vkyf>xi`b^Gs%o=craB?i#i*JX<8I4zX*+^dLhyQ{v9&sHuLGjh z!up3CA{SSfvUNU0kdctYL=GM@k;Jdq8*s0kSrd_f!L&OJEm{JZ1IHvcH&Q!6t4ny2 zhjCdO{duS?)EZk9tXal6_Zd=%>vpT(O3JLEUJkQsHdM;kK3^?PRdg|;-fe)ph%c_o zAQX}rA|s;T$udkyNv%O^EHs@>1A*wS#?Q%k_0zMH9ciH2#z$)sx}L{JP)Tg58Z6THvohPQQSM!eSIw<3z)~^m1TLMQW&u4`cuX<5n0n zD$S^5RH890vNohF-huO7DZ5O{`{SFB*p+1|GOGl*a#}mD1#KCmfD7vAB2t~?yQ6vF zPI;r0xT%2>fB{Ifl6t>`*J<)=7#(%pg3U6LUTw_h?lcW@HZ zpY>osQfcMNLO2skSNTh(P+HM9EN2JOnPI&%BLPDfLaZ^=z|WHpzF6Kxe0&>kq#|&k zB7Dh*l<_4X<$E|bZPko#B6jW$=4~Wma$k0Nvqo4@hE+{B9s6F}whdH_pz_1sH55}* zV5&er&lo7XU|z64zM7(8h9jzo?@TVEcdl7wPF+4&K#mtPyHXTPsi-wC48L2y*dnwC znBe7Hg$chW1H{n{?Q-Kusuzza=4#=$w~}xW=h*_=*(|PQaGzV;K;fleSwJo)WQfGc zeO$#bc)6q%s|U^AzQ4!|IpOD>G%<|?-YQyqxOYLPW4JGcTX!;4XeZ}n!S7JN{?|UT*f#%=zvU#!z2z&lIRsu{h`KanQ?6XCR^=n7z8+R$cmSjR7`L? zgr4z{(or+0Orc%i{gDjrWAL#{mkdNKN1a2!M`lFny(P${lF2kf2pQ1!r$Uk5QMr*o z^n(jO`Cz}`me?T`exo1JkQa<6Oto(Q7@K#(I^>;9TnC9w^zJQ#w@^P*Y{3$j;%}w5lejBuZ8}hLUo)Z2N+9 zz=zUI+pCjN!zK@BKYeMeT40-am9+FEQ`7^=-COQJgY%R(PcURAI8`Y`AoSINp|OMb zj9s!(d)SZ(5v#%%rjU7hT7|1lF_*(d{$Us+TZ(fObGEY$Z6f?S7(L-{ zVr2R_ipdSyWM5~DVAZ0>K$F51_xs{)@d>^;+AGh*1AEOB@{}lY+>-X~i5-`%$ zveiEF{vj(rc(rxJ3V6L<{z_K<_!~}1((yNFx!XOX{mr^ld!3c{ z@td*oGgkg*C!V4R^7`M9mA~<%vy$<~lXQf-XSAIEH?RMfvho|}wfx3;E&t92sT2R@ z^!!yMkyXf>{CEBL4(#t&%HKSH{{3#`dLsVsy2->~vG{)y%P z0A@T2ga5q!J`S$|EUo`@AJYDR?nAe3zvKD8v+}j;TE2E&%kPzk zKh*E#{~{|t_t>v$!Nbx(*`=mq4zvMGo z{`ViI{MT9ey#HVJS6cpSvI_mv|9% Date: Fri, 30 Apr 2021 10:33:00 +0200 Subject: [PATCH 160/441] nits --- frida_mode/src/util.c | 3 ++- utils/afl_proxy/afl-proxy.c | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c index bd13781d..86b94970 100644 --- a/frida_mode/src/util.c +++ b/frida_mode/src/util.c @@ -20,7 +20,8 @@ guint64 util_read_address(char *key) { if (!g_ascii_isxdigit(*c)) { - FATAL("Invalid address not formed of hex digits: %s ('%c')\n", value_str, *c); + FATAL("Invalid address not formed of hex digits: %s ('%c')\n", value_str, + *c); } diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index a80d8a0b..2d8ba991 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -70,7 +70,6 @@ static void __afl_map_shm(void) { char *id_str = getenv(SHM_ENV_VAR); char *ptr; - /* NOTE TODO BUG FIXME: if you want to supply a variable sized map then uncomment the following: */ @@ -81,6 +80,7 @@ static void __afl_map_shm(void) { if (val > 0) __afl_map_size = val; } + */ if (__afl_map_size > MAP_SIZE) { From caf282040ffe45509b7cb37cc7c087c22bfdf034 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Apr 2021 11:09:49 +0200 Subject: [PATCH 161/441] update changelog --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 5c0f2a9e..459c2f35 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -39,6 +39,7 @@ sending a mail to . - utils/aflpp_driver: - aflpp_qemu_driver_hook fixed to work with qemu_mode - aflpp_driver now compiled with -fPIC + - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup ### Version ++3.12c (release) From 758bc770a8f2a35e1ec142f9564f2aeac3ce33bc Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 30 Apr 2021 12:02:26 +0200 Subject: [PATCH 162/441] typos --- frida_mode/README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 0d655d0f..ddba6928 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -68,7 +68,7 @@ following options are currently supported. Additionally, the intention is to be able to make a direct performance comparison between the two approaches. Accordingly, FRIDA mode includes various -tests target based on the [libpng](https://libpng.sourceforge.io/) benchmark used by +test targets based on the [libpng](https://libpng.sourceforge.io/) benchmark used by [fuzzbench](https://google.github.io/fuzzbench/) and integrated with the [StandaloneFuzzTargetMain](https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c) from the llvm project. These tests include basic fork-server support, persistent mode @@ -112,9 +112,9 @@ to push and pop the full register context. Note that since this instrumentation is used on every basic block to generate coverage, it has a large impact on performance. -CompLog support also adds code to the assembly, however, at present this code +CmpLog support also adds code to the assembly, however, at present this code makes use of a basic C function and is yet to be optimized. Since not all -instances run CompLog mode and instrumentation of the binary is less frequent +instances run CmpLog mode and instrumentation of the binary is less frequent (only on CMP, SUB and CALL instructions) performance is not quite so critical. # Advanced configuration options From b15fcde477d4c1d59265c717841b5942143917ee Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 30 Apr 2021 12:09:06 +0200 Subject: [PATCH 163/441] still not working --- instrumentation/afl-llvm-pass.so.cc | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 6c898c48..27b53e68 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -409,12 +409,9 @@ bool AFLCoverage::runOnModule(Module &M) { if (F.size() < function_minimum_size) continue; - unsigned extra_increment_BB = 0; for (auto &BB : F) { - if (extra_increment_BB) { - // increment BB - --extra_increment_BB; + if (BB.getName() == "injected") { continue; } BasicBlock::iterator IP = BB.getFirstInsertionPt(); @@ -662,8 +659,8 @@ bool AFLCoverage::runOnModule(Module &M) { // the calculation may need to repeat, if atomic compare_exchange is not successful BasicBlock::iterator it(*Counter); it++; BasicBlock * end_bb = BB.splitBasicBlock(it); + end_bb->setName("injected"); - extra_increment_BB = 2; // insert the block before the second half of the split BasicBlock * do_while_bb = BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); From e9d2f72382cab75832721d859c3e731da071435d Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 30 Apr 2021 13:35:24 +0200 Subject: [PATCH 164/441] fixed potential double free in custom trim (#881) --- include/afl-fuzz.h | 4 ++-- src/afl-fuzz-mutators.c | 23 +++++++++++++++++------ src/afl-fuzz-one.c | 8 ++++---- src/afl-fuzz-run.c | 8 ++++++-- 4 files changed, 29 insertions(+), 14 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index f201782a..040d7ae9 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1003,7 +1003,7 @@ void read_afl_environment(afl_state_t *, char **); /* Custom mutators */ void setup_custom_mutators(afl_state_t *); void destroy_custom_mutators(afl_state_t *); -u8 trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf, +u8 trim_case_custom(afl_state_t *, struct queue_entry *q, u8 **in_buf, struct custom_mutator *mutator); /* Python */ @@ -1093,7 +1093,7 @@ fsrv_run_result_t fuzz_run_target(afl_state_t *, afl_forkserver_t *fsrv, u32); void write_to_testcase(afl_state_t *, void *, u32); u8 calibrate_case(afl_state_t *, struct queue_entry *, u8 *, u32, u8); void sync_fuzzers(afl_state_t *); -u8 trim_case(afl_state_t *, struct queue_entry *, u8 *); +u8 trim_case(afl_state_t *, struct queue_entry *, u8 **); u8 common_fuzz_stuff(afl_state_t *, u8 *, u32); /* Fuzz one */ diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index c99d9a4d..d8db8676 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -305,9 +305,13 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { } -u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, +// Custom testcase trimming. +u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p, struct custom_mutator *mutator) { + // We need to pass pointers around, as growing testcases may need to realloc. + u8 *in_buf = *in_buf_p; + u8 needs_write = 0, fault = 0; u32 trim_exec = 0; u32 orig_len = q->len; @@ -397,15 +401,22 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (likely(retlen && cksum == q->exec_cksum)) { - if (afl_realloc((void **)&in_buf, retlen) == NULL) { + // Check if we got a new retbuf and to memcpy our buf. + if (in_buf != retbuf) { - FATAL("can not allocate memory for trim"); + if (afl_realloc((void **)in_buf_p, retlen) == NULL) { + + FATAL("can not allocate memory for trim"); + + } + + in_buf = *in_buf_p; + + memcpy(in_buf, retbuf, retlen); + q->len = retlen; } - memcpy(in_buf, retbuf, retlen); - q->len = retlen; - /* Let's save a clean trace, which will be needed by update_bitmap_score once we're done with the trimming stuff. */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index d72d4145..ed815cb4 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -508,7 +508,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 old_len = afl->queue_cur->len; - u8 res = trim_case(afl, afl->queue_cur, in_buf); + u8 res = trim_case(afl, afl->queue_cur, &in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); if (unlikely(res == FSRV_RUN_ERROR)) { @@ -3007,16 +3007,16 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { u32 old_len = afl->queue_cur->len; - u8 res = trim_case(afl, afl->queue_cur, in_buf); + u8 res = trim_case(afl, afl->queue_cur, &in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); - if (res == FSRV_RUN_ERROR) { + if (unlikely(res == FSRV_RUN_ERROR)) { FATAL("Unable to execute target application"); } - if (afl->stop_soon) { + if (unlikely(afl->stop_soon)) { ++afl->cur_skipped_paths; goto abandon_entry; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 832f17bb..a7b071a5 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -720,7 +720,10 @@ void sync_fuzzers(afl_state_t *afl) { trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of file size, to keep the stage short and sweet. */ -u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { +u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p) { + + // We need to pass pointers around, as growing testcases may need to realloc. + u8 *in_buf = *in_buf_p; u32 orig_len = q->len; @@ -734,7 +737,8 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { if (el->afl_custom_trim) { - trimmed_case = trim_case_custom(afl, q, in_buf, el); + trimmed_case = trim_case_custom(afl, q, in_buf_p, el); + in_buf = *in_buf_p; custom_trimmed = true; } From 38f1394e3ab5ccacff07e27f370f3edf1ce77afb Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 30 Apr 2021 13:36:35 +0200 Subject: [PATCH 165/441] error handling, freeing mem --- src/afl-cc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 1f89bac5..09009334 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -560,12 +560,14 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (lto_mode && !have_c) { u8 *ld_path = strdup(AFL_REAL_LD); - if (!*ld_path) ld_path = "ld.lld"; + if (!ld_path || !*ld_path) { ld_path = strdup("ld.lld"); } + if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 cc_params[cc_par_cnt++] = alloc_printf("--ld-path=%s", ld_path); #else cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", ld_path); #endif + free(ld_path); cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; From 094cd917b6bb1b179b737ca34ed08b386974ec4a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Apr 2021 13:39:43 +0200 Subject: [PATCH 166/441] frida: complog -> cmplog --- frida_mode/README.md | 10 +- frida_mode/include/complog.h | 14 --- frida_mode/include/frida_cmplog.h | 14 +++ frida_mode/src/cmplog/cmplog.c | 75 ++++++++++++++ .../complog_arm.c => cmplog/cmplog_arm.c} | 6 +- .../complog_arm64.c => cmplog/cmplog_arm64.c} | 6 +- .../complog_x64.c => cmplog/cmplog_x64.c} | 93 +++++++++--------- .../complog_x86.c => cmplog/cmplog_x86.c} | 6 +- frida_mode/src/complog/complog.c | 76 -------------- frida_mode/src/instrument/instrument.c | 6 +- frida_mode/src/lib/lib | Bin 4144 -> 0 bytes frida_mode/test/fuzzbench/fuzzer | Bin 1703936 -> 0 bytes frida_mode/test/libxml/xml | Bin 1849872 -> 0 bytes 13 files changed, 152 insertions(+), 154 deletions(-) delete mode 100644 frida_mode/include/complog.h create mode 100644 frida_mode/include/frida_cmplog.h create mode 100644 frida_mode/src/cmplog/cmplog.c rename frida_mode/src/{complog/complog_arm.c => cmplog/cmplog_arm.c} (54%) rename frida_mode/src/{complog/complog_arm64.c => cmplog/cmplog_arm64.c} (55%) rename frida_mode/src/{complog/complog_x64.c => cmplog/cmplog_x64.c} (69%) rename frida_mode/src/{complog/complog_x86.c => cmplog/cmplog_x86.c} (54%) delete mode 100644 frida_mode/src/complog/complog.c delete mode 100755 frida_mode/src/lib/lib delete mode 100755 frida_mode/test/fuzzbench/fuzzer delete mode 100755 frida_mode/test/libxml/xml diff --git a/frida_mode/README.md b/frida_mode/README.md index ddba6928..67dc6048 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -18,15 +18,15 @@ perhaps leverage some of its design and implementation. | -------------------------|:----------:|:---------------------------------------:| | NeverZero | x | | | Persistent Mode | x | (x64 only)(Only on function boundaries) | - | LAF-Intel / CompCov | - | (Superseded by CmpLog) | - | CmpLog | x | (x64 only) | + | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | + | CMPLOG | x | (x64 only) | | Selective Instrumentation| x | | | Non-Colliding Coverage | - | | | Ngram prev_loc Coverage | - | | | Context Coverage | - | | | Auto Dictionary | - | | | Snapshot LKM Support | - | | - | In-Memory Test Cases | x |(x64 only) | + | In-Memory Test Cases | x | (x64 only) | # Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 @@ -112,9 +112,9 @@ to push and pop the full register context. Note that since this instrumentation is used on every basic block to generate coverage, it has a large impact on performance. -CmpLog support also adds code to the assembly, however, at present this code +CMPLOG support also adds code to the assembly, however, at present this code makes use of a basic C function and is yet to be optimized. Since not all -instances run CmpLog mode and instrumentation of the binary is less frequent +instances run CMPLOG mode and instrumentation of the binary is less frequent (only on CMP, SUB and CALL instructions) performance is not quite so critical. # Advanced configuration options diff --git a/frida_mode/include/complog.h b/frida_mode/include/complog.h deleted file mode 100644 index 1c1adb6d..00000000 --- a/frida_mode/include/complog.h +++ /dev/null @@ -1,14 +0,0 @@ -#ifndef _COMPLOG_H -#define _COMPLOG_H - -extern struct cmp_map *__afl_cmp_map; - -void complog_init(void); - -/* Functions to be implemented by the different architectures */ -void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); - -gboolean complog_is_readable(void *addr, size_t size); - -#endif - diff --git a/frida_mode/include/frida_cmplog.h b/frida_mode/include/frida_cmplog.h new file mode 100644 index 00000000..28864c0e --- /dev/null +++ b/frida_mode/include/frida_cmplog.h @@ -0,0 +1,14 @@ +#ifndef _CMPLOG_H +#define _CMPLOG_H + +extern struct cmp_map *__afl_cmp_map; + +void cmplog_init(void); + +/* Functions to be implemented by the different architectures */ +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); + +gboolean cmplog_is_readable(void *addr, size_t size); + +#endif + diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c new file mode 100644 index 00000000..84412c0b --- /dev/null +++ b/frida_mode/src/cmplog/cmplog.c @@ -0,0 +1,75 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "util.h" + +extern struct cmp_map *__afl_cmp_map; + +static GArray *cmplog_ranges = NULL; + +static gboolean cmplog_range(const GumRangeDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + GumMemoryRange range = *details->range; + g_array_append_val(cmplog_ranges, range); + return TRUE; + +} + +static gint cmplog_sort(gconstpointer a, gconstpointer b) { + + return ((GumMemoryRange *)b)->base_address - + ((GumMemoryRange *)a)->base_address; + +} + +void cmplog_init(void) { + + if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } + + cmplog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); + gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, NULL); + g_array_sort(cmplog_ranges, cmplog_sort); + + for (guint i = 0; i < cmplog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); + OKF("CMPLOG Range - 0x%016" G_GINT64_MODIFIER "X - 0x%016" G_GINT64_MODIFIER + "X", + range->base_address, range->base_address + range->size); + + } + +} + +static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, + GumAddress outer_base, GumAddress outer_limit) { + + return (inner_base >= outer_base && inner_limit <= outer_limit); + +} + +gboolean cmplog_is_readable(void *addr, size_t size) { + + if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); + + GumAddress inner_base = GUM_ADDRESS(addr); + GumAddress inner_limit = inner_base + size; + + for (guint i = 0; i < cmplog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); + GumAddress outer_base = range->base_address; + GumAddress outer_limit = outer_base + range->size; + + if (cmplog_contains(inner_base, inner_limit, outer_base, outer_limit)) + return true; + + } + + return false; + +} + diff --git a/frida_mode/src/complog/complog_arm.c b/frida_mode/src/cmplog/cmplog_arm.c similarity index 54% rename from frida_mode/src/complog/complog_arm.c rename to frida_mode/src/cmplog/cmplog_arm.c index 1b8eb8f1..5af28f3f 100644 --- a/frida_mode/src/complog/complog_arm.c +++ b/frida_mode/src/cmplog/cmplog_arm.c @@ -2,16 +2,16 @@ #include "debug.h" -#include "complog.h" +#include "frida_cmplog.h" #include "util.h" #if defined(__arm__) -void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(instr); UNUSED_PARAMETER(iterator); if (__afl_cmp_map == NULL) { return; } - FATAL("Complog mode not supported on this architecture"); + FATAL("CMPLOG mode not supported on this architecture"); } diff --git a/frida_mode/src/complog/complog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c similarity index 55% rename from frida_mode/src/complog/complog_arm64.c rename to frida_mode/src/cmplog/cmplog_arm64.c index ce62f6fd..187d0162 100644 --- a/frida_mode/src/complog/complog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -2,16 +2,16 @@ #include "debug.h" -#include "complog.h" +#include "frida_cmplog.h" #include "util.h" #if defined(__aarch64__) -void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(instr); UNUSED_PARAMETER(iterator); if (__afl_cmp_map == NULL) { return; } - FATAL("Complog mode not supported on this architecture"); + FATAL("CMPLOG mode not supported on this architecture"); } diff --git a/frida_mode/src/complog/complog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c similarity index 69% rename from frida_mode/src/complog/complog_x64.c rename to frida_mode/src/cmplog/cmplog_x64.c index 28010e7f..cdb698d5 100644 --- a/frida_mode/src/complog/complog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -3,7 +3,7 @@ #include "debug.h" #include "cmplog.h" -#include "complog.h" +#include "frida_cmplog.h" #include "util.h" #if defined(__x86_64__) @@ -56,16 +56,16 @@ typedef struct { }; -} complog_ctx_t; +} cmplog_ctx_t; typedef struct { - complog_ctx_t operand1; - complog_ctx_t operand2; + cmplog_ctx_t operand1; + cmplog_ctx_t operand2; -} complog_pair_ctx_t; +} cmplog_pair_ctx_t; -static guint64 complog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { +static guint64 cmplog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { switch (reg) { @@ -134,15 +134,15 @@ static guint64 complog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { } -static guint64 complog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { +static guint64 cmplog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { guint64 base = 0; guint64 index = 0; guint64 address; - if (mem->base != X86_REG_INVALID) base = complog_read_reg(ctx, mem->base); + if (mem->base != X86_REG_INVALID) base = cmplog_read_reg(ctx, mem->base); - if (mem->index != X86_REG_INVALID) index = complog_read_reg(ctx, mem->index); + if (mem->index != X86_REG_INVALID) index = cmplog_read_reg(ctx, mem->index); address = base + (index * mem->scale) + mem->disp; return address; @@ -150,16 +150,16 @@ static guint64 complog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { } static guint64 cmplog_get_operand_value(GumCpuContext *context, - complog_ctx_t *ctx) { + cmplog_ctx_t * ctx) { switch (ctx->type) { case X86_OP_REG: - return complog_read_reg(context, ctx->reg); + return cmplog_read_reg(context, ctx->reg); case X86_OP_IMM: return ctx->imm; case X86_OP_MEM: - return complog_read_mem(context, &ctx->mem); + return cmplog_read_mem(context, &ctx->mem); default: FATAL("Invalid operand type: %d\n", ctx->type); @@ -167,18 +167,18 @@ static guint64 cmplog_get_operand_value(GumCpuContext *context, } -static void complog_call_callout(GumCpuContext *context, gpointer user_data) { +static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { UNUSED_PARAMETER(user_data); - guint64 address = complog_read_reg(context, X86_REG_RIP); - guint64 rdi = complog_read_reg(context, X86_REG_RDI); - guint64 rsi = complog_read_reg(context, X86_REG_RSI); + guint64 address = cmplog_read_reg(context, X86_REG_RIP); + guint64 rdi = cmplog_read_reg(context, X86_REG_RDI); + guint64 rsi = cmplog_read_reg(context, X86_REG_RSI); void *ptr1 = GSIZE_TO_POINTER(rdi); void *ptr2 = GSIZE_TO_POINTER(rsi); - if (!complog_is_readable(ptr1, 32) || !complog_is_readable(ptr2, 32)) return; + if (!cmplog_is_readable(ptr1, 32) || !cmplog_is_readable(ptr2, 32)) return; uintptr_t k = address; @@ -200,8 +200,8 @@ static void complog_call_callout(GumCpuContext *context, gpointer user_data) { } -static void complog_instrument_put_operand(complog_ctx_t *ctx, - cs_x86_op * operand) { +static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, + cs_x86_op * operand) { ctx->type = operand->type; ctx->size = operand->size; @@ -223,20 +223,20 @@ static void complog_instrument_put_operand(complog_ctx_t *ctx, } -static void complog_instrument_call_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand) { +static void cmplog_instrument_call_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand) { - complog_ctx_t *ctx = g_malloc(sizeof(complog_ctx_t)); + cmplog_ctx_t *ctx = g_malloc(sizeof(cmplog_ctx_t)); if (ctx == NULL) return; - complog_instrument_put_operand(ctx, operand); + cmplog_instrument_put_operand(ctx, operand); - gum_stalker_iterator_put_callout(iterator, complog_call_callout, ctx, g_free); + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, ctx, g_free); } -static void complog_instrument_call(const cs_insn * instr, - GumStalkerIterator *iterator) { +static void cmplog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; cs_x86_op *operand; @@ -251,14 +251,14 @@ static void complog_instrument_call(const cs_insn * instr, if (operand->type == X86_OP_MEM && operand->mem.segment != X86_REG_INVALID) return; - complog_instrument_call_put_callout(iterator, operand); + cmplog_instrument_call_put_callout(iterator, operand); } -static void complog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, - guint64 operand2, uint8_t size) { +static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, + guint64 operand2, uint8_t size) { - guint64 address = complog_read_reg(context, X86_REG_RIP); + guint64 address = cmplog_read_reg(context, X86_REG_RIP); register uintptr_t k = (uintptr_t)address; @@ -278,37 +278,36 @@ static void complog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, } -static void complog_cmp_sub_callout(GumCpuContext *context, - gpointer user_data) { +static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { - complog_pair_ctx_t *ctx = (complog_pair_ctx_t *)user_data; + cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); guint64 operand1 = cmplog_get_operand_value(context, &ctx->operand1); guint64 operand2 = cmplog_get_operand_value(context, &ctx->operand2); - complog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); + cmplog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); } -static void complog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand1, - cs_x86_op *operand2) { +static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand1, + cs_x86_op *operand2) { - complog_pair_ctx_t *ctx = g_malloc(sizeof(complog_pair_ctx_t)); + cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); if (ctx == NULL) return; - complog_instrument_put_operand(&ctx->operand1, operand1); - complog_instrument_put_operand(&ctx->operand2, operand2); + cmplog_instrument_put_operand(&ctx->operand1, operand1); + cmplog_instrument_put_operand(&ctx->operand2, operand2); - gum_stalker_iterator_put_callout(iterator, complog_cmp_sub_callout, ctx, + gum_stalker_iterator_put_callout(iterator, cmplog_cmp_sub_callout, ctx, g_free); } -static void complog_instrument_cmp_sub(const cs_insn * instr, - GumStalkerIterator *iterator) { +static void cmplog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { cs_x86 x86 = instr->detail->x86; cs_x86_op *operand1; @@ -340,16 +339,16 @@ static void complog_instrument_cmp_sub(const cs_insn * instr, (operand2->mem.segment != X86_REG_INVALID)) return; - complog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); + cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); } -void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { if (__afl_cmp_map == NULL) return; - complog_instrument_call(instr, iterator); - complog_instrument_cmp_sub(instr, iterator); + cmplog_instrument_call(instr, iterator); + cmplog_instrument_cmp_sub(instr, iterator); } diff --git a/frida_mode/src/complog/complog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c similarity index 54% rename from frida_mode/src/complog/complog_x86.c rename to frida_mode/src/cmplog/cmplog_x86.c index b2e5ddcf..2401180c 100644 --- a/frida_mode/src/complog/complog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -2,16 +2,16 @@ #include "debug.h" -#include "complog.h" +#include "frida_cmplog.h" #include "util.h" #if defined(__i386__) -void complog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { UNUSED_PARAMETER(instr); UNUSED_PARAMETER(iterator); if (__afl_cmp_map == NULL) { return; } - FATAL("Complog mode not supported on this architecture"); + FATAL("CMPLOG mode not supported on this architecture"); } diff --git a/frida_mode/src/complog/complog.c b/frida_mode/src/complog/complog.c deleted file mode 100644 index ce8a3f62..00000000 --- a/frida_mode/src/complog/complog.c +++ /dev/null @@ -1,76 +0,0 @@ -#include "frida-gum.h" - -#include "debug.h" -#include "cmplog.h" -#include "util.h" - -extern struct cmp_map *__afl_cmp_map; - -static GArray *complog_ranges = NULL; - -static gboolean complog_range(const GumRangeDetails *details, - gpointer user_data) { - - UNUSED_PARAMETER(user_data); - GumMemoryRange range = *details->range; - g_array_append_val(complog_ranges, range); - return TRUE; - -} - -static gint complog_sort(gconstpointer a, gconstpointer b) { - - return ((GumMemoryRange *)b)->base_address - - ((GumMemoryRange *)a)->base_address; - -} - -void complog_init(void) { - - if (__afl_cmp_map != NULL) { OKF("CompLog mode enabled"); } - - complog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); - gum_process_enumerate_ranges(GUM_PAGE_READ, complog_range, NULL); - g_array_sort(complog_ranges, complog_sort); - - for (guint i = 0; i < complog_ranges->len; i++) { - - GumMemoryRange *range = &g_array_index(complog_ranges, GumMemoryRange, i); - OKF("CompLog Range - 0x%016" G_GINT64_MODIFIER - "X - 0x%016" G_GINT64_MODIFIER "X", - range->base_address, range->base_address + range->size); - - } - -} - -static gboolean complog_contains(GumAddress inner_base, GumAddress inner_limit, - GumAddress outer_base, - GumAddress outer_limit) { - - return (inner_base >= outer_base && inner_limit <= outer_limit); - -} - -gboolean complog_is_readable(void *addr, size_t size) { - - if (complog_ranges == NULL) FATAL("CompLog not initialized"); - - GumAddress inner_base = GUM_ADDRESS(addr); - GumAddress inner_limit = inner_base + size; - - for (guint i = 0; i < complog_ranges->len; i++) { - - GumMemoryRange *range = &g_array_index(complog_ranges, GumMemoryRange, i); - GumAddress outer_base = range->base_address; - GumAddress outer_limit = outer_base + range->size; - - if (complog_contains(inner_base, inner_limit, outer_base, outer_limit)) - return true; - - } - - return false; - -} - diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 3806136a..d93f37c7 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -5,7 +5,7 @@ #include "config.h" #include "debug.h" -#include "complog.h" +#include "frida_cmplog.h" #include "instrument.h" #include "persistent.h" #include "prefetch.h" @@ -105,7 +105,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (!range_is_excluded((void *)instr->address)) { - complog_instrument(instr, iterator); + cmplog_instrument(instr, iterator); } @@ -140,7 +140,7 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); - complog_init(); + cmplog_init(); } diff --git a/frida_mode/src/lib/lib b/frida_mode/src/lib/lib deleted file mode 100755 index 8f09a3b1be87dd83dd0150c152db5c6bb2857769..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4144 zcmX^A>+L^w1_nlE1_lN;Am#<)1xySKtqcM{76XGM5YGVO`1lalh!Btn8h|K62txU+ zKoJmTgv!Lnm!wvdAe3R4hr=AW4i<(6I2*_Sxyu8HVvbZEQSIu>`8J&{rf%N^F7ap zkD0yJ+I#J_*IIk+>pAD@$jnnlWMzfiehIC_<_hfohC+D)vm9k@TdnlA)s=#Gf9n(sO}tj=ZaIp_ay|R*D*1c%y*%SL*OA}- zb=$|b@&B_O`q?8201+XHABm_P60?;d@`{Mm=ipSQ4P>0wK!eD|>L9({P#qQj4r zc9TEzp8EY_W)Hb~%o9lMzY=NJF3Yn+P+eUeaX)wR-1eH;<=XzA{dnsUqc%FIAwQ49 zk;V?ehC=kW;qX6%Aj9GR3q=lx-ys11LI9uF0_3?c0Dofuem6MzaPr&^BM*n462ND5 zfc&oq;P(yS|GNPEJpuLZ62O1w0KJ_Q!2i+!{u5#IykYEqYyh5}csRXn43P7v06BLG z;Pb}-e>*&Ye|12+ZVbr(Eb1Muy%PfD`C$NlQvm-*1N`l@0Q{W+^4A5_`+fkQp9bJ# z0dj7GeTTE-eF1#N1ju=6fPFgy>fI2)zbl}<^#S>B3-FVJ0_r^?fd9?`eqIt#@Am@u zKM=rwb%1^j3gCZS0G~Sp>ODO`{%HYxZVJHfA7I~00_rUfkpIGf{LcpD?+L&k9Dv_B z06#xK{&4~A{WQQX-wMe8N`Swe5g<=h0ROWC_!I}|ZC-#p`vl~#3CMp;fSf-G;PXy^ zKA#D|zZ8Jq9Dsj5ApZP4K%S0(cKth`U1J0A>jLoY0sQv~$bWeN{`Ud$-xtu{Hv;%P z6ri_d0seD)0H5pt{LcgU7X|2HVF11;fKOk59&QNe7wG`~91_spx&S`!2IQ{^kaI>r zyKWDV|J;E5ivr}I8leAJK>oD>a-I?(PfGy*KLp76;{g6k1NdAIysp?Fu=Ve=0C{!~ z!2czH|83wo+&pAm0RFQ8`L7GWUmD;Kc>(^jDnM^N0el_~XxCi<{7(qrb5a1GJp%H- z9?;(R0_y#KfL$&K;8PxeH_*?np>Sx*t24zLP@VjHGC*(dJNc(M`N3BIVck1>zOHji zXPjMFI=f%lFIqUebjd7>r(iB#ylB?!@>x}WRa&}w@s$}>33gU>_2SYDxqNh0MRoO+ zl@)`82*^CV#DlR_70|jX|DuKEKJ!Z|s;eq1%ID3QSMFti07Gz>Ra{wG4vSU$MWxkM z^DbF9Yra=haMkk`RLmZ#pus|2x@ewnz1bDjv&!d&7S39@sA_&iMJ0XYlJfG>DtgG| zP-*ePCG(*6Gb^fU7Qh=F@YIUxnX?vNQZwt4inE+nOrKRf%cj#y7cD%Ce(Ryns;Hh( z)i7wVI`vEnTdocc|EXS7Gk<>R{LqpG6$_xs z(40B*YpUjku9#I-xp>~f>N!FvUr-rB-Z|72@**D{8XaxH#bB_cJT$LrN%_L+#bh*R zQDp@*wWw;|(o*o8H6J<$eb)TSxwFWmdeIzKS6)@UX#Q;HmoNwmF4o#AuLR>N;anA} zfjekrFz9?Fl?lqux_A-PBrNC8523Eb<#QLiFzP5RWmiW8m@{i0gsxs(zDSxnud1qY z7Q9MI&eoqfY{Kk$m&~h{g5~t-Qn*{`f{RPbYZjL-n6=d59I7gxTQR%z%6SzK0fm;j zrJxW;y7^GRoW&Kc+zTrhDX6Z}((^7)IZoHnC0 z>_TDZR9E0P1jeo?5K-EGF@sYG8mNF!sFPAam=LOQIU)GE>Yj~8fQehBXcm6Of=lNt zUI6NxC5z{wJ3=k9L~Y^^z&p*EPsXUN3T#|azy&odT3jl%(6&%nWzE8J+6Y94bJdkq zR6SII--UC)z!d|$J(G)-)V;t+YIVF1E-ubU?ibIWweT`VP(!0tW&^1mIB-ob;IgIN9}HXDBxgP|B{;uO}hgvdd;5;rn58W=aP zTMz4IKK>;S{mcBsk>g1D>vH9S%{Uw#8=zHnUYex17(%txbRVSKBZW zXDY7DStyMO6#ix5zY6?vKRpls*X%WKObFaRW<&9h^q)g%F1_g6SMJ0UlC04#eMG1R zNz(K2|Ke}5e0FFI=)@_%kruz~&?%Vgkj8&E-}p1sG$u68$zLVqM~Ctpc(-};a8R*B z=+F#)BRqb6`{{WJ#oa?V>YtQ_=bpd&&scc(9DuZb3xAE98NUM-{udU0e4f?|v7jOU zU!H|`=YXV6wD8_s5BPiwkEy8lZ;FM-6xjP$VBsAT2`y^jDU-dO%~qu8Io68czYez zY~k(oQ;UV)&Enr`;di(2Z5DoJqJ{6b@C6orz`{?n@Sy{I|3AsX z=UDiYEqtzppKjsDTlk2D&$IBSSonz+{!|N}Z{edBeu{;kVc`ob{Am_GYTVv_$mwEWZ|nV{7MVY`M3M8*}`ApBJtZ|;g?wWRtvw>!naxY zD=mDdg}=(e_gMHJS@>QH|6>c^XW?rte9FTA#KId3f3=10xA1iqe!#*nv+$vVeE+Yv z@HrNKxrNWQ@G%QN-ojsN;qxr~bryc2g>SI%`4&EI;ip*mMhjnH;S&}W9@I@9r zY2iyO{0a+SX5nwJ@N+GElZCIe@Hblcr564s3twm9e`?_yEd0$DzRAMhV&PX>_@7z$ zW($9-g^$*6%!wvOMYiULqOs2EQRd_^p-{Abea@p+CM35Vb0)HEn{YP%hW9H#im*hc zbZQ&^O*oBk7P6*$1wM%|mwM?=fsZFVl5nfQM-t8^+$`|Hghvr>68HeZI}olDcrU`E z30Dd{mT(T?GJ$s_4B68Le#yAtjdcpc%fggXUZLwGmBtpeXqcz43h0^dV;9N{K` ze@mE4_jH}WzaYFP;YxvTBFv>$x=i3k!dzmdiv+%gFqc;80)ek0%q3MiU*N@rxs*!h z34AHxeF^6Zd@*4zozfwJ&nL_!Q@a1ZZ2y^r^9ZK|K8^7HgnI=(i7=N&=}v)(0?Jdtpjz&jG2M7T)c5rhvWTp;i# z9|JywaK6Bs2p>u~PvCb5A4WJ=;MWKrPB!0QMf zNw`zsHH42M+$!+>gpVfNEbu*qk0IP7@NWr!mvEiHzaV@p;YxvTBFrU7x=i3k!d!Z! ziv+%gFqa(Z0)ek0%%w&;U*N@rxx`5434AHx6A0%Dd@Jb^DId=cSX zfiEV^sdhRf@cD!}#ZLGCTkKD`jBrZe(+JNZ+$-=&ggKQ?cM5zw;c~*Q0v}0uHsNN0 z4<=kexJlpx2+tv0C-7c`FCknh@L0kefYN0G??`wa;Ua-Y5WbXffxw@91o$$-`2ueu zJfCo$!0!-VKsZ<6*9b2p91{2?!ixy^4~YEO(*n*{zX;VTH&3H%GfO9)pAd=p_#P19upHxlNQG+iX{HH0}8O&17! z6=6<6)A<4~Cd{d4I#1wB3D*+N75HMpoNA^+0-sNqQ_OV#RIS|Pb0jHaIe58 z5x$0Sr@+S(t|#0o@R5X<6K)pxV8SuNO#&Z4_*%ks0`EomI>MC#k0sndxJ=+33C9T+ z2|R*uBjEypKiLF0K{#LFO@yx}oG0)*gp-7G1%8e23c?|QUm|=1;r=aRf5J_KQvyFu z_(sCL0&jXRKQyOl+k{W#w|LsQ)6SW8_F0XiC%?D6GaS1O8Kdz}qsbG_95pRu+A+k& zfF}RxjpbR>wyYmfy?5fW>_^rBGr7}jKp&hD@0xzx$KmBS12r>wLOOd|D4INMEXp^Y zoYgX-dhE{G4JT*KjBks^-#3R~(0cdn$?ttHtNH+Ps|mZTZgg11tFpUJ&Kl94MNyI` zJPvl|O_8G}FK#ZFcHy)iPAk3WQIPJtXJ_O%rVKw2W&fX#Vg3gddAcHZR^%B9eYSE; z=-me z^BmThJYjD|h7>u?5#&5i5M;TReD_qo-|Id(8#)U)!jMCf1;|q1DFHTYl`=02@Sp;33viPH9|^EPfo%dr71#-WvSrkP3hXJsXIq5Zfdc$P zfg=QXK!K?O+@Qdz07@Q>CQj%94|CZc$AI0vk zaDoy(rvD~RC?MeuA?&P#v=YK3Gz#J6kEx>N|5U;&fXwAWxJL<3E8!0$lnCKUCHz$h zKPKTsAw-q%kP=P@RFa+mN_fBN*w5cGs#6r;_`_`qJSY~tLIL%MGZavNI8*`khtUeC zKfER_im5-eE1>?cQUUdcDh1RZzOR7#!z2aNAF>rtfB2U)BR!i7q3{GpVDtAucf5*&XxoP=3I_++yU|#{Yio#-(1b9Y)V+8nv0@DCU zgn9uInaA#?w=gWA19xk$`(F}Tg}|@?!e5k7O~S20U|0a*Pf9qMgr5k3VF83YlrWZr z3L!8ofN-l4UIk=k3V~q(1dg4EH&lQ*N(c-KAY844t4Y{P2n-7#R4L*6BxDI;FC|=} zgndacEo@*~+P?e(C2Ry_o)SWv5@fJWobVSCRtw=eC7i4!8cDca2wgNI|3gJ;D?52b+5{?tXO-dN8gj-0+6T&Pde2U=~x|&VG zXd&b);R7WcMZ)`cvE|z~N#(CAVFU@!3*kv6yr_hy0hxz|aJv%zri5k^?hwL!B|M^p zMSx1uaZu*CBR1o+m_Mfd@iqmtKVG4L_D79dG3}3sDnOoL z1++g_DWLt4?tmGC_Qy#IXn)LBK>Opr#9A@!k82dr{&hwoLKYm#V4=BOuj}MZtP6+i%aQfr5B-|~8GnL@<$6^wi zgs{I7oc?$a2}^{~|Dkj{r$2rK$oxdA|*Kev5bV> zgm9=5oc?$Oppx{z@5tMuxB1iETo%Abjo4NOnj5!&aux!`K^5MEb+4Lu*sH(L^CqGqSRJ=ENg!MU%BX z=6q&AV)7RAYb3)DM&7DVWz`Ra!pnCdOOQH%51HQxwdSq*w?;huKGD&5dozX$(?Sjj zNrxXKJ$vo@Bh3ASu{mqsA88&QjLlv9ezxfvjLlp7{wUKs7+bLR{T<9p7It;bTWjAR zZQiy}5Mb^5IrVR4nGXkJ#}La04lQBVzP}@}qec>2*dMK5J0cn{?38q(*hI6Q2G|x& z)Bsi7hE_MD)h%rGCSkOS>1eXOm#F=~B~7gZkrMnW;-ksp9`pL1nKW|}GB>PkNd6i* zq)=mw$rcPGqrf74x$^5Q(2ksD%YNX!Ke9MpQGysAR41rFP zV7j(9nyg8|*Za(9=}kZ+kO95OoI^zY`uvL?75mh0%=5~_NYQwNJo?SA)k$GE6OH5e z6sU)NR6Lpk9(lGk=cv8wH|7dI$YCx+H(~I)x$~f`@aj&KfLSu_5BdH2Rep$BVMUlmd&V*BZDKqUmtgVxsg=P-$9ijo@caI_0(@}MP9F;^C(lAI!j`D#H7FB zViq|VQHV6%^KUvg+U2%i+vD;-c3A#rkS$d0^DlKUgZXFZ6L~OpL@_2{{0xO}$c0$hj-3Np(Un2=b>vCZaogPXHqSlkDk|mOmB^!yls-CJ69rbFOk}1KSjAonpmiF_H1LfIFkd^@Oh- zBZjMOGgt0D3RTsn_6*k}{8KQFe<^dh!^NzWl99f2v653}wO>K6nZbcE-iAFTDTbicVrGJ{m#nFW?;A=qlV zFWn>7tnKTHJcWU)<|*@I=B{5~1ic0O4<=F>boD=QhHV1;Z&3a`Pyg(L6!So>cu)Xw zkJg=Adb2Q2!akAKBKXF#LUB=A&3+;Rg*)XdK$#PFMcY-xe`FY=0wv zR9o8*qf7YdjtuMpt*4Jx)q{rqS}NrY)h@HnJ;O210yKPxH4w)cyW!uA>w}`T<*(X) zjvs^cg+Ay9Yd?Pa`Z`^Q66EvkX~%Qn2mL@q^8<0qLI@P4K4A-2KST9d-y_X3dwXSu zj5e11L(8+ie~B`rz6^V~V)_#-iK?c1Ram>K(r#E4@I8h^yTkK{7XX?ju=jsF`f0ff(* z0VAj7ppjcD+A;7>C4o?MO+n8LNtx$ah(w)<7xu>^8%>cS`^{aiVN4muzD|EIr;=I5 zc$DdH@mlx^V$9V$BU0089_n>Ps9y`yIL>GJt8cH%ehSGx$A7+vJz*breqFQqA!>3B zB15SDv#jv+$KyHmwVOwTZ(b{N@@yLz1z=?O7NzX)#V7y1`Cb33%!s$~+E&D;9N=2a zr)+BU3_TY7>vVk^UC>Cb(FXl~^H>rfD3_1p%(pM2q=}CXBfy zMUQa%gG)n?OaXiIn;T(CjI(siWG~Q~>O;!JaKXZnSV}|_ zN#bQzEsgBNGPaF5Z$r*#VinU|!SP2_+1^R&--W6owcsz~7R=IY z@)wDy6bx{aY4xq^3Z7@CjtPaJ^yCA`B^pSqVv+@5wPy2a*GP!B7Ak9Tb3_xaj)=lw zQ4+0RS`rG!!m^HWh;?-oZff>~BJ2o-W48l(WIXD!uUb;wCKZotFh2+X^mEt~aGi$YL$^02+vhT3Cszr6?T&7BiFTF;o@8?+E)OZ!r9Rho zraN9`t^a^0DZSF8C)*2zGqisETAwX5fGug}0I+piCx{Psg@3C^=1omg7v^rN;anQW z>CB@4V+JGW3w92$61Kmv*sieHo=LWREmM@f{lOdDI?JuDF~+3l zh1elOezz~O2>N1Kda{jPT4K(-(^XZ0%g8T96id0@pE$J)K{KCN4hV&wny2_>+l8En z5f#nqj6QTuvHpv0O-JJ|_}jha`#X(rTy3IX+!dH8R6Q5LV=e;3-=Q;C3RXQ9ckbBw z@35ezq8~#?|(sO;f-3L=Z zo0|9iKG+WgI)&g*80}Vevp|)EV z>broi<=xW56Ya{)3aEP}5Kw1|4?08Km2=H8r6a|dTfx-PhSbxTBt~XFOO-bYY7ajN zB4M+XBRj87aXcdilSFfC-{ARR@cd@)aw(+qn_uCe!>Qhy-wa&rWU=NqZwStr-z?ea z7Ss97cW|-JXXDOqF30se#eTv0O{+{tF~7M>6D{UfnlNV7i}w7cej_@ivwz6>d%U(& zCmq;*n5x1Pk!L#6t_av20fzIpW;5Q+;!r+6V|XmXly#>ZaanpWt!Q}*F+ z^V(X!zHIneTZ%AB3t!{t*R==?*8ppwb)5JJdgxbtr zr{((XBJ#|O#*-AArrOLlGuh4JHM7&~>*6r|mz~uoyhh3WnQJlUu>xD)Xau;M3) znBqo+m%riS7y%jkcSk8N)NxbSoo=Kg%(u7UXH6sdpC(NdgxQ5wm8n%H=#GoFGu`nB zyZI|+E}e%VE?p}8DM%FaUYC$q#U$imROuUnQz{X?G zv5b?YnOS&$Ku$u^V~{x!*<9a~7mwhuLEE_zdDzaKl=zLC5l}7idkz`%vyjhVgq7o6 zJBP~!FUYXDylv<4#K^I@ylLm~xa4MVdDY3|G03tQyfGYuI!JBhNe!2WXFOJ(4R#){ zrd;HJ>JSd;XmWN$b(W_BoVzdbMd$Xraj`Ol=Efl2DWC-ZQOvlt?r;h|}{vmnC8 z>E?@I$prVJbi%F!$U-kizd2x;c)Y; zHnsbI89EQb2#Q8py*R+_#0?lI>j!3slg_q(OOy-wJ)osDrY0N?`f&`=wPrS3`oZtB z)cp&4;>B2W*7ku{Gu9G4=8ZDR%;L>!{04 zWk*tWBqagaGzfC1TGNaj=_*Z&_g|vv9f-d`)95Rq^ba%*j}N6!)-?SleXOP_dHN7d z)3MXsqlOGSGrgOpxr3P|Ge18sJG!)&!EXRL9X&%T8skfUd_RNgOisjADl!>@frVCCD&IC_NQ_pkn1} z%|KV8a@mM?e8};Gf=Wb}0l&O>@60mtz)sP!_4IL>X&Uog!D6O)*prz7*4_Utk|3qM zJ_Wxj!|e|~V}h29SP2JQe3p zvc0l=Prrf^^HZ+^VA%xJ3p?^`hgVUYaM@>Wqk|+6;jXzFCXs9fbCD18CM#dB8HqO` zBVVsM-_J*d^ zzL|(A)8mCt2&;HIAC5LF{;A{W(_&n~$x#2@v#r(5??H6O*ER|L?R=7Y&EBZP%ty{> zLJ%e&=jS?t&IR4kL_5udXv41;%ftOZ4pa4&p4fur`gAfw4x z6NP|;%hu*Hw8xWCLBxtgxOVx8w@(3NMv5V0Ok=Z9^3`|dV(!JK$Z=YS6tjn8>$%T-w#kokhsna?1jD`ya%x+ie z2%eC95OpH!jVJT@BZ0AuMH4YWByJ(M=-St^**snXOy)}d*m(Y6!%d*}9Q>Gx-kc<% zxe_trqimlvjG4o+E;h{JAD0FIVmr`uwpI<6Xjj2>5$fB`tXqn)MNab>H{-DotKc1x zI37-hM3n-sB09cydLr`1%tVsh6QZBV&&0D2GC#p=o3ZgQZ7OR8rvYxDi3%8^!HNiT zCh8O4=%Q)GBbMt{tls*3jn&3u+_Mug?iU#MNfb4y2a3bh3?2uUazkvE`6DA%CYvo(Ly1xp5aWqb)?3Yn59_=7Qa^I&gqE zp@gJ_%R|y~F-Iavdi~n0X!&E&wXbGJv*?^lsjCF08RbI8T8P+QR+nfe(Y$)DD5TFq zy-$>Lq?1@hN_?Hn&xabJhsA6o5Mlm)g=2(ikWV6n$}F9bVy364S2?Ea9L$9XbDeU@ zYK&~t(6?+o1D>qA>0xFMbUN!kf_N8=Y*RO`2mp93*a@6i5qcN ziwsjEsc`*DDU16}9oP}LFdSR#z=#`i6~)iVKuicZ|*Y!0vBTAN)mvRR7xf21m>+VuJ0%*`2@fjHx1FMFYT zO$8>6CS|WLBlg!hp^QH`6%?qwlI}H{%E6E&l%(X-*e@$t36ae1#D30sZUHDh{sa^4 z{JU#-#TdvhA*o4%0yQ0*3lcpm>Wpi*Jx>_((rd7r2{}lQubr8c{mMj)oUqp9xEz_> zIX%9PVUhRmj`qFKt7a0bNlLiGVHX#q=9gGr;<%h?)B%DOR~+ltYEd>3*qILQk}leIiCev>ba*GKQE6xC+ig!iJm1o;S&LHUV96_E`QDPNqb(^@YaJ#ylkL)bi9h>W< zq_KW$|8=<Dne z!6HLu#>rLew&;tjBZBD`#?@%|^n`P*THw)>dZ$1&Wd8P> zEGL8}+L;HOL*)EZkMk6-WTKtvj`Cf=`J(;dC6`B~6a3tFE!;62!0TV?jp zG!<%If{5vPunM#%GY)@9N>3Xe{jFiqU@nqBgl~?z75zceQqkqC=;!<5&v6Ky!<)Dt z6LOe156xJ!geIQJW+nt-ay?~Ew3^JcnmBcmtCI0P-8OL#xSPhmxu#6E_p!RnFy`03iJ1qSNj9ygxST^?NnAJ~ zXEAZE$9ceVKc+jHY2tpE$2GAqJn>!8yoi02rm0Y~6^ykd(t!DmrfvdKZPq)py6x_`n z*cEh@)4=MIs|0@;?piB8(a!R~lWY$3;zys)wVi1-bG=tEM}hMaqhI}On0oNna6wmLAw8iQ(O!F(6d&iv}v&^1Qr5-O>_oj-ogP`Xxg z3Khc$mSmj6O>4_y3v}R^{MgL+lhYa1?a^Zjo?GEyTbuo5Mvo}ot_GiLgvnIpPg-%7UgB>$$w;3w8*OHC{}dAp7`@ACL_a#m4Pi{ z;-zTDnwx3jUD!-aF@Z48culUen#{DC__yD4RZ{8GZ4>i#b7tmWT~j98`93-*T=2WU z;^MLMit@mdY@R?@QOB91kb-8Hc=%z9HyEMkBBhNP)b^AJS*x=bt;tyJbx(e+kEMXYG) zI5Alp$4TB^co%!T-pu+Mga&su*n*pG=+6ac(3+Jr_Wo=zCQ(3`H@(J3t;RFm@gW<( z3S8aBlaYCj+BlGrXUHrFp;ofo$1MNY-5J~-L1K6>T)9~U%co$!q+kuG41y71W_p56 zu>@mUy>K7ql|VDmr`ujw3GSwAo$GB___Dg>D#5RK*~R170Of%v*_`49l02VlJJafg zzdO#Yb-YK%?R@1dUU<;0z85kNIFoEPdc7*wD~YSZ=>|78Eoxrb4g>T?r%qvEL71I9g@!DJGOZ5uGS0cxf%;KiRg1@Yq&vwqoIG$hF+Ba} zsy(08VWc9y@E!Ks$Mydo4QC9edD$-uNoP_qe)zAgunik|+LU(sJR zEfvLC(S2|MXEB>T4g2g{WI+y3+1d4!*U)pO%0fJR!&dl$>nbaP9b*7b%D^!?(fBny z!8Z7UDjkCevx#Ym96gqzm{!MFcZ^GK^Xax@^n$yY-{Cp{#y3`n@s0SSabeqWrgoMG zo@BGpbH`SnYdh2G7&EU5+6Ywf)nt=w3}rMU|{*O`ZxS}Q#|9?VkC z;zTi=0J-kTJm5^SDfBqc^-AIlh@8cV{&1w*o-&KhwC_(T3f#XQY2V&_Wv}VoUXz6X(T!p2HFpqjIFR@zA zv|9S7%qy0T`gGgU`QUC&SmRn0Pq(o;j2Fa@de+6`014%RC)u=n;h@0h+Rn6EdS9>B zDIPu9K3+MCrEgo|Tbg;mnPgM$anAQjV$Ma*V(CZo-S$kh=uGQo${nD)mKKJa{vnnY zvER}(6>9E*h+mhbrJ}f1QLRSg@We<@$RSKTmWy=ya3ynzjwQX4 zg{P4HDUoiB!`uAH(QAO}+hylGy!?3p!w04TyeJBz+jy8{jiI|19U<;YgxTFQU!G+? zrqx~FfPCt%xjx-?*IsZpD;{*+5~CZd!{|o*IlV3(b61oHo@BF&7kF}fuI)^#yDs!< z4S95oZpvBQbz{PJSLOj{lFb8N_ZzVG9hp{l-QDBdZ_%0VDCFq28P{A~cNK;wzo>%_ znIEfZD%5-mMqih^N<}Zd;8*mdrlq2rSkW3BN`2mlHZxJ!s|RgR1f7V-?G1QO8kcyh z#A$d;0^rx;Z~g)1>xTxd1M%=0+$IIpta*=a^G&D*QH}`nPo^b`8B2{!cU(j@{sCNF zHMW3}d4hTkUI#ME-OTbd=5*38A4Ec)#`b1-6vFLc|Ahm&le}QhU-_;yp_fhIYvjy1 z5DQHp!tCWWq0edp)9U%}9O5>y$EVw#UkUE!<_BC4$BL2FVZ})Ng@1SP*pftf;7PXn zTc^*pooV&_YOmHdkB$|iau(0u)ZlwQ^MEtSW(|9_n55M!iHESrSpxN59_JQ|&UD9> zG}$Ky`z8~HGoBNN6tPdxG!<&HXxn*oqajQBFTY|W!_>2WMbBwkDq0DN)1BLy%MI)K zf5hI-c0E5mDZulic-j-5zY?lhGeEc552}IN5Mf?tTGZTZsgdc9Mym18;Ocrl8JTCO z*FevgEPrB_7e_jt-;P8&*r})BSxrdSK6W2JNJoT;c+xdl(lM=0J&t)r`Z}L( zJ9RF&n@8?*oj2K@$Lf-+1b-cFNNd|L&qR6PNj4{XU1_P$wVi2o>R(TEYpwL?$@T#} zjR_9o)caoRJ2mqFPqKNF9aiL>>y^Yjlbpq=BOd26i_Ub%U9`po&|PZ?!|JES*F@~O znx;a{p-{}%<otSPk3}avt#?DC5D2?Lz2-AITw)dB__~pD8v!Fj zA0?~jOqcgZ@g^2&GUjM0Brr$Q0TR!e0!+wX-bzW%V5PVu1gu=Cm^H!SP@ZH?_iAb) z$sBmI3tqv1gzzI>F1j$0Zo!2vq8~hbRbJTU zIT~+lHL!@@*lNKl~^T|@?P_B zA1*s)qjq(P-Gp7O>9`OH6UOFB`ZYoMrdxA>Wx9t!bWOLEmBrh0@w4V~nyw!?Q6mxN z0jNloKOUfKI;J}emA{;M#W*=W9m@aDBo`m@@p9=NoSD^}hLXxJsrSO?(Hi)l{N$K6 zL-~}_oWd-H$RaTbb4Vv9g;@&Q%<$iEN52VgK>L9L&hI7ZyKt*xQ1@o{l?#}x%1rqg zyZ3Sybo+Pi2#RC%?_uuqmeIcM1zUYn4>|%F9!n)SS4$H~$*1>uOISqi^Ug)ey3hMp zJX}2VKJU&D2v3AjuJjcU8BOgszqm)L?If#2On&0As6e3JD^x}nLCMv8#xUIWYsC*) z!RJ;YX+FdXw_9$~3fAE@HOB1W>#n2*5`0%*vVi6F3UM6^mfY=lgcga%j+P9l{WDNt z#e`t+goECxrPRAqE*wT7XX2JA%+H4~^kQ)Qt?BU{FmoVtTsp?~UN2JSL+p<6Io%Th zh*cY7Oj;L_G5X>4C+v!j=PU&sw-oW$ZRGbJgG-zuZEnIqAhzsZl?#}9w%@xb}0SBVOj|Nc`Z!b(uSw&#G4U8LdH@S8+8*y#&j=U)QJ;X@dERKXwvaG>-n!1$`u!bqBpSl zh`=JqNSVFFn8p-H@@dRyCPrcgvs*FaMm(!5YI_*?`gZ=cp8;qPg~&+LKo<6s{OFKX z7|$SrlH{>;c?y8`NyNy@zy3e>X}x1U1{@^-V-|<9c*giA`%41eQG=Jy^09{`8K7g6 zgLw+a<$MeIHfv@@P07m!taz*MyXn;TL13Pw?}h1#e1Q9In24dOe)A}X0C;@ibLwk} z+RjAbb6Jl?%Re;cDaX2aP!y8EV0eV1O-lU%tz@Z(r4(j2iNc4`qm%!jy}*_a(%g+a zd^+|)$SS8wWLhPere$(E-pTZU zlj#A;bbfe6j>T!5lj+Y+raw!j{7g>$PzeRU-^p~pWI8UqqQesWZ%(HBoJ{vgrqb~8 zpIe!J=VWSiGPNSpggRu9fU?NS`C}*NpPZb35_agR*uSH)Iy*{vpP&ZWBu9FdgLgu- zyxYqB?on9m3b%yJU8=kiKznNchEv@ig&FxbM*hg5etJfBSe!ipuUrnn@8CFDTkyZ$ z!eSwF3@X$~fxOg+Q}dHn;IRvRU*@unGT*hvdwC>Frt$+|=sci327-zIpFENhwkrvD z%8$JR!;bS9(FXT1q78gDKZ&~IawS8vuakyxe0x~5?6*vIFt@TSJ!AwFvhQ6QSE zX~OI3`q_gP>?1Wv`to&b!;s?bb1};|vn>uS7)u3t1WV&!h#8KO(lJ)9x6*%u)^x{a zgGPm8ZGhC&NMATv4=`H3im=FkC0K_$a@uG~^qm_{8$>@(=x~**!Z%>~mr?cvEnB}f z)sU0kl|&t>3mf8*<>@!FoMvn763kd_dLjQHH>HmvZ6eshM>?PB^URktsfsi0m8a5#-w+ZrbKF^_NAEl^Zvd` zs8C_@D;JsW8Ppb6xF@jhhO^z*DELjY372xL=%!OWd%4EhFf3>u+M}-+#hiz1S+MdZ@MV@Zg(sjTp*LaFh<#P zd{5SNnx}Bu;$l+3w3v1m!wIxs)@|)8kNB;9M$&Ne$28GtI*~}jSla&kUG&{V(-*8! zf&Gu8Yi)zMrxE>f@cWGOWil>97~goYvbHI zbS85&Lx()4i7go&O^rDbNKspx_q--IA$rkd%#znZEJCtnvA(``{e|J>qbTZ1hv0~( z*<;{Ezs38ZN8t5L{AU(@%L%Yg3oV0HOjvPlo2XrHYU-WIuFoakaQ`t5+w?eK^!eo=ez?e|h5^3> z*qx{PwB-l8O!-}2=xeysxm5aobh$LBaM-7? zr`4MkzJ3xQl?!ua(M z9==|tBT}ef1T)`TG};dbKO{mdI1^cj`c-!xR)7*f1Vi3T>x=#OP9=&SC@^ zMxiH)oLDv{@cd?Zaj&_(4%0K?Ia-_0-xWFx9N}7py)yfs3QFerYVm*M#1 z)AszmmAr@Z_g~2(T?UhWdF&qQ_dND0lrletfI~aN9x(hD>j>XN`LClRWbD`J_m-^w zEu9q6GFc4$Z!mo4EUoG_g+nkD*BcE#(uu*V*Xozp4;a!fo$dABIWqXA<_zhYm?zlr zaC`Ec>r6a7c?ukP!Vi9Z;w%SGXMbXQ^1O(LqB8V@tC*^vm4meNIRU*_l{1`f{OO!K zp2>X98PD|f7g&mW_Bs}BIIKMJ!Rq6aKE7D93G`+ieVJ6yLo;_5HjEheD+ z*U>Fp{eFIXg8M(8Ow!3@Q2+n&a1Gr8@xNgINBOU#p@aH=9_;7Mq3~*v1V3+AXeK`s z@IEW9${H}Sl}Qyx&UbNwml`xJ*vejzY|oWhA!Y`T30$~QAIUP8W8+hdKlewjPPRne z#c&`q2uu^OWRrDV&Q;sCeH1>wb5nTNScoGB_5skn{0w{kWZO2Eh@D$m7zRxzE=F0i z1spTAcsf}QnrR&ioJzzYbW=E2YTpD&5c^Ueg?A0fF`-K!5>jMN9ha@Asu6wMUNP8PLeO3L+>*-ANtCyGd=6vPyXz$gA=q z(XU({?cFJ}@E5UfOJ_U$8Y;>)=IPX(ZV) zEXiy7&E=dY3Zcyb_3jY~4YpwSsdiKj6-hLiEcRTc5w?iMh9r|wD zq3^yO`nc`T_t*}7&*ACb_bJ65*bUN;9GFEo2jhv6Y@?f9FZF#Q7k0Jxd-CDE`1k?M z2@h9CCL5%C&D?CqOJQsCBL#3&!7Zm=^C@|(h6LH)!1{wQMvJ^X`1B`-|Q ze(TroRj9EbF^1byh5d~)vh^E>3XBq9lma^lumgc;Vg}*{K3*+Fa)pqqz^(%9s=!zQ z#wxIz0J|x$y8yc@FiwDR3hW`k9t!L!0KU@gM{u{jxuP_UhyC5$dy}4T7RX62LP>W4 z7j5)$s@@y%-13&bv`Jx3;_F!6NENl2Ur#9v-^Vm*Xb`_e01MOs`49i zD=uib0mYaZsMy=nJcNzl0ndT7WxTs9vK4FGnysb^$8IFZRod?Y;58o2+S9;hAnO)p z-D0A4)*q25{=iYR(_{SEA|OexK*h=5*f3_P=LZWKKJ94DM%)7-Pxf_*1mJVCP}&1G@V? z(_-wa->y9+oA0xQd3 z3Os+|p_zPlR{CA1Gw%0DNR!=o%w#TEMhE8cEPzG=xDx{ZK`wkY26qW&#PNNXpNk(A z*dh<=kL+-P?V;`QN@T>cEcra~atfX4kFI|+mY#KlYZsfN=KlivaqPiwK$I754tHdW z0S5WMUEi~Rk>+JYFSmapeiStHQ>6`&tcQl6iM?M&=FErTi4|WG|^zYcOF*Ibj*YU!o7i0~| z;LK-Leptf1jJ-h#UN?72W~a@A_Tw_zYnHIg=jg|)f7I~xlMY?Si!l@S!XK|mu$$ZN z>iL^D{z(~jg=rYidA|-UcHP$NiVi0lru>($&(lwbtSC=GPgBJV)*qa+KiZMElXJu1 zB4nprn6y@!y#3`v9T{E1DW6ZL78^@vfNLUuGi$-M$7uIxgLD39_ouEqg0Fez zbWB9rJd8Z<&^sg}=FZrdu75Juyy<0=k;|Q78!ngRWSG@BSEY#bn-Im@8O`s01j(6& zVx5;KfH9RALWXOIv zjK*M&-n}z^HJR0oZez@Ugt;v1?D0zc!`COiKX!l$9c}A(Y=hMbtU4M^Dlq3@6Gp;E zcLDEZ;nZ_8zgaqDx#;H4wO}5NnwWW7zOuV59X{V94ylto(U#7S9nbF?i zb$HS*7*(N!EB8aK^^BB*tKoY&NyNgXUKS0hjUlHZz z86S?}AqCtE*nk!4;N1H&w|-xYp9PXHQe#<+O$W%+>UJYnz!q_=i>^dVMaUL;={G+5 z!>_zybdvi#ck-RD-vJNl!imV8@&QM7NFRYW4ObEIBmBWfs(SDfO4s9$2%RJI%t@pr z@U_l%EG3vg4J%DA0jYeYR^Fo*WSH@2KVy^O0z@-5xf!t+L)YmAqaMBSW9e;ATy6yNF`D7FtVujnt!62U$ z%a!JP#eNuAY&MJChhmOm;S;Jl=Q<-aHh@;t8S-~D*kJgEegJjoO%0g)Lm_R^k(@|G zOU(VCSu#W&(S=W}lI~UMv5GAv+%IrDY0<qtpQf*!X0*vLV1&)*+%2`qYwg< zQ-yqDz#cFy{^&Lw$YgCUUC@{hvLT*0n6bNH%HXvG4go?%OTa&sC@6DPE}ffG;~$7% z_@dd=X(i$MV^o7EK}+-+d@Y;G2OQ}$cugIFURVMRqa{*eg+rZ81{bc~+&yLsu_9QH z2*&eBvNE?L7w;c^j10Wm_ze)mBg{zL+3@aR7BF_zf#$ZqjB%d#2UG=pP83R+jU(Nf zQnm{E%(ET=@=^tOeBnfuk(TK-V+n|iy;3q4y+ZDSK4F&NKr&JL1iaxQ$my-6XFwkE zQ3bV`epVqc!r`L|v_V0gsvwNk>)>c`)zPRbQM=I`;k5b>!U#9FXcOr|v3#JI<$7uk zJR2epno6*2EX3mp{|5YnJ=FJ<=e(2*u{BHJM*YNCl^`t2K37k|+1A9BN&W60z!<}U0Wh?fc#I6TB7 z5$0RsP#RIt;(tNj!THJ_P@(z`;E`}%pwYe1A8r{qNo?+A(VZr0+&HpV1## zC{eQ#b1_~jZpCC1U#G8aHGlOqzcQK_Bg42KKj^EjCd{YU23H$FZ-sC-&I?-*Fk29* zQ{w*mpi6|-C_$6yeg7+sYbVI3JFZ1_G$4m_l6L^val2*f>1&zsK;~;)s1)R9hGTDj zmtqF`cRd9H1} z1+=^9isnKt19gwbZwkM8+b!=c*rNH!KhY^a1?Bwtqc1PxJ_~n1l8(a9 z5MKP6Jq_vlNbAOfPj37hX8!;;kIuMv=njIe|10Kz9<^*sQthkfr~!~1S!PJ#OQ5BbJ>LtB40cj*jR{?C&4GX5L6Ic7UwtQ zNTE-#@^bq2puXqzA6LKJ5BU^lBHZ<=Pkp9~nqmCcx!;cdj(*KOW$Y0qQ5IW3{^-q- zLV7+^TSk|0?N=o6OxJI%X7n2<8t?Adn@<3}!M8zW!9hMDlFr3 z*}eF-7P*_36BrBmm@d@U+7-$YWEYT7VUax2(`#Nlhl}SrWOC0M%^I5Zlas z9-$49vxJ4r37Gjw>3F2c;ef#rI}~>++ZJdVgyNNWV!)U`0V&_`hAvbFUDHf+WH3*% z3SAD?nOA+@4Z^d?=UE4y4dB^lE+9`)KN8v!*00?P3gE}iuM-N?uxx!Dl6FiVydPxV z#Y9CrjvY_YFD)OJ{dB^d-(%2DV#dKWFGL4IJCs>RgzR4VJuo1?i2oPkjsZ4^cmU;2 zIPkq?j{9O~o|2T}Z7e=BTfTw}`SjeR7nbjVNd4y21)^5WZzLhBuEP| z0jHXjIYXsvGfSl;9#$<@a?1S7A)$g^Gl>ySrcIb{c4e8gPeh|&iir{eg{$T`)kmbv zRRG*Uf)Asa@N!&#pcpKT?-5I8^b`NVF|15vzSo!T!4S%vd>RAhddghL+`2FC+rt^p zt??w+vk&d@BDu&A>*^Q%-I{+<40#%2NDtTez&%@u-OjvhQcvc5&yBAf4-ym*>*nsr zMzj)JMH@$k>p3DZoMX>A+MV4)0+u6aByKRI|Dn<$uDbDE@5jUDaBa@PG_K;~Zdk)7 zi~G#E^F%AY@Bgk*;u}U(r+;bt)Gtv6IyhNGK={Sw8gmK(X>4HrN7)k?{+Yka>lTt9 z`hc!|{oC@YtSK2nN>Pp1w}8oYl!8vo&bQGlv@@7aO2sOBqo=RWY3~4J z7?Azx!TK01|4{h3@d zQwO-M44JdBv&RVHJfDlaT_#U7g918h@c9jG-|+o`^LMvDBzBF)bEAnfFr6;S!4)F3 zh^uAvntyPThM1+xIX2ce*=>syVzBVCH;E`l^;M&nRE3!hz#WwOfxK|cc?7Z_X9k#xN1E+*P&3vz%~%T5$%2oIk}U3lH7Iu+ z1I_^EDYT%;yp75!Jz-bS;$3+9*#Iir_L&+&-}HNCvUh5 zH#3A2t_+6e?h%f@F@Gl!Ms>ILRY00yIT)l<5|3fEE=(1AnvR1rs!#N#* z^Fy3OajRKJ##1A$`Zz33#`>MYDo;M-QFYeWwxK)^%2Bp0+)?}#?7q_7LjAqWgPcPd z`m^rX-gyz!hA$V11+cwP+-A;@mT-&vyVWuCJU8X&Hl-RHMk~-6v~n-a5UdqG80`pO z+bdV^K4k&z$P%0TLcWV<`WWI~{LVJB!C*!sK9eE@rAV~wa z`0;?@W6qH`3)Zn9_SCd*3_Jcs`N*5UE9Z|N&UotFFTfQGGmgG7D0KVzo$&_y#pCVC znzi4Q=SOB|J>c#mabv5@9bUZoaK1cDh~cnCx5#J=43Jpx$|c4<#CvrC28aK^9OEq@ zhFkBtqXPAtz}|11qXRC=%06(!*fM91M~E*0^8qLvyaM*0>o*qI_rGLFfotHvp#38Z z<2*T-4eO`_^?Lp)H^dmB8T-2xoy3fN*!g=EI|fvO_>e^ zLt6o!J{|vp8atXMEkhOXoDc8db^Od5U*3GzmcMqOu@KkTMu$5-+*UNj^C{o{gZyPl z-cE3tYqrRmj*A6vwD;n70ki@AGt}`H1Hwn=SuTDQ>0j%b2 z(@bFoZFo5T66oKu-{iXYkp9l~fCyEPtCn!}@AH$fwPw5f$w!g4_j{Rkh zm4Ydaxtf}Xe6lxBe_lw$(Dj59Z{S&4A7G?y{$Bm8$8@VZpu(a2Uq5phaH5eXC2&u<>40`6uGb^gb&Q!BLohsc$=CC!gu>&>cpK? zx9_7^O~2Yp@_Rc5zr=@5hUq_E`^*J0zPTNFi2h~$F6$xb>6vtQy>ctX8ivmK)$d7z zO@8X-@x}4?dwhR&_j{c9Ze+&km~c4%|D5>h+1K?q%JY|MH>~*f9>yOSpRMwP<&*vq zUHjG!dTP1lKknq&>mvs~!#?892Rwa?KK1OV+ib%JCRA^k+ZUN#PLs`E$hky*zUFKj03I^}{a7v{S5jpN8fEdpZyi!9+zSTeTz442E z{4QaU!;p#j8h;UhF+@su1v80fvX6&xYS^)yOUzm1BDv7phs~w?Cf@91*!ikE{{A2K z-UU9+s@fY)Xn}B%2^U`~phOU9ElRj3m5Kym=v0Xmv4S8{tbhVaIaon3l8_9|bQp+7 zs#V|^1vCms6bj+eG68Jj0cE%dIa+0ade{R!FlvP$9QytLYwf+C{mdl^i0}J;-*@=^ zXy)0^zO1$Oy6v^s-p`&2bSzxx=v_H~*0u%sss3SKv`1SW6ZkrQfBH$}kq|{m4-&F| zpUD)?rpQb?{T=BuT{F;rBEEUFtB;4j@Ig!!yev3K596eoHRc{;?~e(;!r#vzunj1) z$&I~Ru0@(N%-(64d7GU!G7op8<6kDUjm&EXE%=wayy$ae2C_d`X5O(s#(gXdJ%Oq>2>(mj$}T}Dtn6sRhVvV$fWN>g>ExF(Q_u? zka4oMY@0+6PWQ#jc1rXtab>0Z@e2u1L=Oy$Ns`OIWy`mR=iRX49>P2G;+HTN_V;_9 zYr>~Ms~Qfn56S-ARvWUwyqA?v4Jvn^KLh8m=;Ps*V;%QvGt6mt7RW7`LWl-@#}*%yY?R7s5k$0z1wzpz zux{aPaT|gzPCN+dH1)2)^zv5?-)n^L(mbFDI{Pf(i2zAcQ10d|n#~Ppi;w}2r)~u( z0A2wfH5Z5-eu{E%ai@nKi)t*Ij@cj3H+2s;W|~Sk%qVoJLUA8dQl&aJ(nuPfHqtg7 zKt(h=gD`4(?s!RKVac)6vZ?8(q3hE!sp%jW)HeRFQooUZ*cK@Z+$QGdD=mk`qp?2z zei^F}fT_6f_;t1c89m5P>gqt&5+{2vMG9A#Z4@{vr>_CH+58&bGq(`|$)ICKAI8i+ z?6~~_gn1$;&Ic6sbZ4?)G2O%w2sl|+E=mK(7L0@xWeFMPZy^7|>qnXh{X)i*a7um9 zhf&(nB1U1dX_4TOHr2v%7LykQ^n66#TG8VwL`^2y-Z)5lu0uag*^W^Y=ymCLFid9- zMaCCIoc9fxX~TTU$Z|g(tsYs;-)pX>x_#ts_r5Q9&)+)UlIf>NdZeW!z(Z~X|nuzyH0VF=xO7@d`;78<6bbyV!mU%lm!*7Y(=5K*av)nLB zL8v^77w7ct^ieb%WJ$MN6pv{UqIPLrz6ls@dnuKQ<_pj__ISQ@5Kb{haV=%0-xsuN zvDf6Oc1FBO>*~gef`Zu-(kcqvP#0WEvt(K6DA1U=OjV)106*O;Xn?bNtZ`t0Y5tSb z+n904C5^SLM$?_XzSa3GFpI`XwbkcTius zoJPp=n3$n75xu(w|CqO;JF6yuZcAxI$RhQc5|`d0Pq=dWuo>C;GjN^bJ4c0hSJ_%{ z`dS#ILp*V~*qB;*JN0|&r6-}`5`Fp92zUg5Cfdf$jZeqM8A+~3O<>LItk=&yY(^qC z)Axy>-{OVqvpaoLOfxPS&g|5ST9U=E-ezjpwY%7xt)wM{b_j#WEXhAusgL2DZYq0Z zOZMY4G7ol-G-kdrBenQf=&n+wMfzQHFz+Tb=J=GB>#)k&bP7Tnum&;vYR3K%7^IM{$?!8hU_c=x-6k5Hjv=;I3>iQG+=N9TRwz z4zbic0Ly~u8DgNEXB@b-qVjTWjXqF~reXm(5?=l9_nj2K0gTZ- zzGZ;lttgoYzqQ3W_-#of#$Z3})XPzz0KX1FC%|vR>?z`R07zO3zgONjDSo3EqkDX- z0KdmjG7*0N`9vN3$m3=lR~FU5?`lCOz;D~B;&&`aS_{8jYv9+lp$Ir|1#hMUw>B>| znT6}Ief)0~ix*kB9Bk<8&=nW;Wo)P1Fk{5!?>T;GKwgSN-f0MbM z194}Ql6x|66)d|t){BpI+1DWUSxjGHb2_k@hf*t3U(7dlHgu+jO-tsUOd;3PByWa? zOS=z`CmKgH$y=1Hhy5X#wv;F90+MyBnsV zSEVvLjiMVd6jzn5=fL>tw2U82;^zQ`{Le4KR)wR$00rfZ(fC&qen}c7Lj$4)^ zITlqj<>gO z?Cft_R9`3QlfR25sU1dBTmgW+W*hWjPJ7-@kR;!V$6Bt!Q)1>7(+cW`8y;%|c14!#8ueE5Qcg81|Q2tY*l1QAAm;~H9J zb1!0vb&SRr1R?=ZjsD~B5)f(h6~tmDwHtFu;Q=VHMQ`CTkOC`Sz*`hpoR8d_;Z47v z*&6y&O(CEK1yuYgXw(L?O91E?s5Ui!>I(Kr@}7x-BNlM~_c{x0insLn+xV z7z@Y-lu5RHcA-(ba4B~39oc{?1a|~2F%oJ9lk`>$Ut$_4dWZef4KaW|hr65O^yb<0 zQa|YC;h<0m9CVO_(sMRD2ZIixWnm=w0LmfL572AKeF(n+LILx^i_ss*9@uMkgwuof zBF_($uo(h*=J|jC$R!xGq){2+Qk7MA!CKL@zT4lQ&}R8dNp#%f0f|E9XSl$85j(q% zM3_yQrFM30+#(t8$lCg*OBCm+nit^QDuM0exqomxEXx=Q*{L$uA_7g3s%rPyA z?dLZqwr|8hmy|MASHuRICHVkaH5-HgDiO*5! znQ!*UY;q=G;J8+aM@9fXBp6f7&mME_zZDuG!qrgvfqiT4eo9woKrW~Os*hG9<=N16LG>K(WZFzDTsm1k^Jd5ujxYTiIuPLB>fox*v&#Z23;heb zTNK6X)N!)vf%1@N0RG?5F~HBA%~9~XVR@QA>mu=8Q~|+AC@_e6bEUUa4{&a7dnah0 z9O&*Ca6ygFqCPx>?)+=1#b8`67UguTxdByE_N1&pUY2SIlax(g@Q(W?1leTU2fByR z%b(3R@mgRlT?_w+aaT)Xf#I)s>%*^I_w@q+F+M|P)*hAi8sGZ`BYF8C`)ovD-A2o) zb^pXieD`t)D1wWk&wLyUn=UhQFKY1n7mQFb0@H1FN-Vny>dr-3veSQA*!HM~O+|?i z@9NrJF9Y2`(s7`x@R(iAM{GOGm03PI7~D zy_vBeH3al*pUp8|=LY}23@)4XB>c@R*fvL1OSf&lYTD@IQ(4;$t2! zH}s~pkE0y|voHvj0}K;MCvVedi9vCU68Zs4>HAeuytsh1$7bgH@6a4zdX^eOTM!PFUZ6xQ8z$l!* zU0er0l@6A;4z83A_=pbv_#PpNbnq}3Ix}oZavt6%(kD8Se1HR`&vJe2jmK<`k8T>Y zK8h8`cT4>*xcWQu5je6yaO_R9!E*Um$#W(Jgw)+enl5rpUj>Bv30ybS>3Ee$ODZ?( zzk&)}ytxL?$up1TOOYLpjh3hRuMYPrxIl(mM+&4r>01AqkARc~!EF56Rp)!?q@plJ zULVHrP&AK7M@MN#W9B|QW^;UWa371`iS+N3L`8Er{n|{rRT~t|j`B>nr3iVn!{gIX zq0RNUgEpAso}Uu0Q@@3q)o<+1x+gXK_i4DlhGMDXo#Dp2nbkA))3k^yU8B!4-T3zX z4ENlv-Rtw}7AamOwRIF(Z2xT6h~YWjav4=gOcm}T@1ty1#`cQDv(emOwlk^+(Ksf2PC4P-0 zHv&6yRuNmusqBHj%)jd#+~0d6v4uk?d)kqA?e^3CdDN9UL_fVp$!-IOO3wUBo8DV8x4;J6=gy!L_Yet66qE_s!bcnP;4Z+=vaO7iCT1=Abk z+F)t??3vN!6gu!1erD&S-FY$=qOT-~_qBx^zZsA5@zuW^j0*oCEpU=o1IU#itZ^Wu-$s%hVe=L0jsHS? z{65HFG}I1Y$Exw)%R)Gnb;jRLUc-aiJT`vUhJr8ynVrcSI5I4$F!22lkiiTX^GPZR z-s^$@(%MFhfmE3h${Id_2)nm=;4(F<^MF9kqkM1X!%bF~HQ9^%k`lKq*g_na%8N9~B0fTb7j>|WfZ zTcJo)QLk9wsBgfK2MT$Nfs3iS&9p=hj}!<+ar8h^Ft+1h_+NWCQf+wN{3pa68nOj1 z%zH2?5X=hBnGAhJER89nDCF%nzLiG%N=HE_e{A8*j1Z}3B_ z^a^bHsqetTEPKqqP@a^MDf?UK$v$Z%lyJ&ljykKjo5 z40G$B*nwPE1Bm1`uF`Hf&TCA^H6I!^&m!UgkjU%ieHer6MzB`MrCFU%HTE`p&WzYF z*M<6c%q07jKl|NYG1hG8Lk7Sr4DiK2GV;+cgzUGG%nk^eg<<$fgp08dOQ(QE;>7&1Mwkj))q;qADSiE&*CV7SVHHIp+2!>pJaziox8N{ypsA|M; ztTY$x6dLs$vuYld8#JuyCWZPw!>gYAoT+yPFmOI(iq06?mvwXd7qz8-lfl4||PQ{B%t;=>8urNbV1D)Z1bO_?U> z$Wx+G9yP0R6Neq8zzM|g9Hn3$wJ-cA@NXv@(-;8r&Qc7RH{a4{(hM^`YIY?3xmlA#L?pL#$UKY+y;!fjINaEq-W}C!e#7Ak z_NdvOglXC@Kev5@t#J9?c*lTodRrL==TbIs7<&9HnS0pu#J^$f#@?38zdj$u&)0U) z$r1v+?AeF{7NrKX14`Y`Hv%ir8n6zStrZcz1Kb1V4w|FvYKz#QIanY__M75 zTt}zbQPJc(VAW~vg$YY}w0q6re6NS|P`@{olM58htElFYKTVPEHAfQgw&{vluQ|v* zrZ*^Ny=E_#7%ZIILQN*)S~%!WZycP^`hEML`Wr3X+PtHggpZz5vWr^2Weu zc+^DMn^RdUlU^W`uJ^R%R`JO^7a}OWh1l_&hO17(TO#VRHW#r;iiNp#9I-BPYGYJM zr?UD9@-_vc4SkdlB1UVg6wGXVRCKs;TB?bkO;B+xgqVtQK1R{v3t%cmpVb~`qO)H4 zEIMONK@^N?55eK;eA`yhr!FS#(x^|C?!c~G$nVeLB(qRdPSN}s#=*0~fyxTT%tbZI z!K2_BW8Nz;c8q10KAK%H-F)NkgcarQN6)3}h;v2Koz3TIBRq26Pqu9eN`&O7Y#44t z7e(_4F>a!4ie__tC;&iXdig*cR5^~Bc_?rP@C~G} zx?2x+Z&;%CM}X^BE4sto!6w3h-SRL;z3i=HN57Tcve`muIR?V^oBu#=7r>QO8AP#Q zR-(WY_RAv9uusAUkbJJ)9zzWh`3iX&<_Q@Z|OqW}snf22|D~oAcB1YPn-$64+9A)Qk zQGEX3QeyiC+UZh}sB^%ESd?Fo$Q=yq@aq(x`8r@tc8R_xMjE)CW^Q)-#ydDKk35@s zXwS%Cq2&pQ+(FvMVTqh*TC`E)U&3-oyP!Rebpgv7Y7}f)D|P$9U%b5x{DtwF8_a*9 zOHLAKSv39nfVl;e?TH+a7?b@11%B29&E*`Q+7NDp>bNTiHl4s{8HzqC@A!B|)aw7$d-H>1AuzT^p*?h2f;SiQlv)c<^ zg_N+Gqogge_t_xcjTwkoShX&YMhxhDR5kAwfYk@bDCR|d<~tsa=dDG1qR1*_sb}`L zNMv$eVW({F3L=Zr5^ll^?B ziT*NANp!275evE>iyeHWp9rqeCN5{!>_j=Z0HLLkk%qZI*9rg5D+Cq7ofucTLX&$lS4Jq z;ZQfu@-%;XI$VZ^h-hTe`=C_Dywi8w>e^&i$=j^B_Sx-uOKlE%XM5BPY1VJ{#T2@d zQFD&(sm1l=EL053FFM+nc1OLgj$1_1FMlsVTS`K#)H(XWwo&h#qm}0Fy7Up3zL^{~ zlI&CBF#RGu10$eE%%A19tQH{_+}6yF5MXj4wSBy@i{_eRAw~Vqo4TIFuW3jpNKKEP zQqym5XxP4CwwiIm@Nd*0?vty~D`V!WEko@Y#WRslkXnrYho6}STFfw?yq(sCrkIOY zC}3n4p4$m26s{;DbOU+ z5IsUybi!gvZ76|R65QrzIXC?`{r_2ISn8^as#t%&B$fJ zJ@)qe5N?~l9m=KQyDz;g&J+l<7&)~^jABW!A(6u#3bOXcprD0jz{suQK@}-S2XOk6 z>q;U<{A3-@oGo5BHh20%iQG19j*rCS^;Y;P8;Y0*t82arv>D)XeqZRpxO|aToqt(B zi#;+sLOL@e=Icx~lVn~X=O+0$l1g_~3g$f+5)bsQD8*xjmx*|VB*84QdbhM;3(5NDMK%gG?Z6&O*)750v=|sBeUGNcQZ}!q?zB^GReO>$MWXly*W|L)>b| z2WY;&1KcouLB7=j!9VhM5yAzWn!<$d2`(gxBj!-~i_6o#3hn__PzwQ~JI=>O2>;{# zjYs8h_Wzk2Q6@9p)qke%ps)%N<*Y$yabwP0cXc1wt4=>7`U7F z)`r^j6@MA;Z)@8uUcu%=b!}K+{R{8Hr@0LTe+@1mlmobTW8$_votmB;9@qQ=Bu(Yy zFc*A~A=JHN1G+FL(FWOrX^odtNsp`<=04Q=93QyZ&TSzzTDnC97tVa(?a}@dSAr&q zeqtv*#!#9`KZ<|tux1ZdIR?N0N*r)#C3zMnH$v~?N3C4{;hU+F;k5~Fs)XgIp6A&D zik@VUy(WKS=Xa{Z(;aqSO%` zQ#995z?}h`i`!wk5xqcLC=njbpN%A=){6k$d!!V6$~u=IL}cq6Bpj`|v1W@-)Wjt*m{TsUhmYlls_Sfy@cTm^U-NrP zOa(uM=f4U6GcX_ue_wM9{`hAQeSV`IAI5G5j9v7xM37)Y{?z?Cle)cf7+?ZkfJsH1 z+;M2xG<*{*!fE>Ppai6i*-nvZnczN1;i!H;6j_9hH5`>XcP=?AK&b3f`x6ZYutyQr>z@1*t1>S)*u#vOl*{>6vkrLR!D z`+tmtK?J92K0;dKE5$f?*~Az~YI@~;G9mmoLxd0XUt)%aK?-J^9KuTSYjAGoPx%;Q=nk$I4=2-qlRI3-RIzMH^K*de+9;=Im zq&mE5-(NHJs;AH11aT_#k@y?h%`r!u&L#|@0ChTCqT{VU64LWd@+sS1FCkB<%@pbFS3r{kCX4lz0zSa& z$}fS1A`Sb^zucie00bZs@3hanoqiQpwAhTLM~$5s^t{rnxYJhVzCa3F%xWFEar1XR z?ZRHI9Q)jjBHwJmH{CXxH)OVbITYy{_?>tUM{;cF=+{z#U(x#`zrR~X1_t7fbPFU@ z^8ZT4r1=N49Enafzl3kj58gb$;VS);a6a$0$j-k^_#Z zS=}kMg&LiJGH#FU+QZDd+JbJ{|LZlna1d&Zx56{oV7`FJ5^**sFRO`<_kRwk?0+)&CLh1zy2^_2(Y~UBwQn9icqpOwD-U%uGC0<%`P@u$DXu;>SYF3|2Z_bwd}!_Aetj# z)qILCf%Vvyi!h<4AG=NplW2Dd>mc3}tg(!_0rnn5HsRYYL8(< z(WaLFgYiT~MDo&%`Fg$e;S9~w4 zf`!1a=QjglsLAu2_5M0aExgXXFq-gJ30{j$;-DVsxTvJXcB(xA=n5hOIAslzXM5O3CO2ji2<$-Q(iR1B)$@hy~_oz9~a>M4pb z{)VA?Ck@q|*bY)sXe;wOsTmD`WhRi}0AH*aIxo)*)#*JyVo4Ce0(@!_H(kZJR@Bu^ zcvtFI7UG5dImX_7u9U%p`3y#vY;A?fTg$9oWN5x2uOku-9;c-1d=00)|*yMeOw3v3cl5M zirCOFq@zg_w!fs9wvt;q@!RRk_@@bVWxytl$8chqV+syY-Gv{5Ico)yD8c_K2tJ z55F^vIR@s{@V?&ptk%z-ekMyOh7G=f81BDD_P^48%KE>;en$KUYm}!R^$t^Pe^l)? z>Z~0%kBp05!kk5wBmJ-AJN~o&jqo1=S9pnyv^{tQitJkJCib+g8AuYyq8=STg#DF` z^ha%(rnJlV>P-~hdYe$B2#VkXpBPCQSR)R~e}b>XubOf0zbOb{IsVk~$bWJBx4E@{ zKXgjpi~Q42yb=D<{M6D%mHOv&LQEcfo)?M8@*aZv5WN(I-+qVgeXicEa(#?^F~YOs zW>Eh?6$(i*%>8@P|gt=`t0XnPM&w=SUuk#NNCO3pKz|z=KOl zD41JN$n*I6*#dm6z-K6^l9YJrV2Zo-zmoQJnTOOUVWZz%%R-)SfwR+u;pL6KW}8)b ztwqZfi&687zXOXAP(T`vn*E7yH-!0;q%9KcGs%AQxF2!Ajo1%X8%SmMQ_+3QB5Z!` z#~Ev_&Lw{~gF z9t83h7atpM!1p9DKVV$O%#r8zIFelPfb{`9$MafJ!_RM-%E<)@Me#FntDHFim~cX# z5R8{6pYRjnWh7t1S!+-o_s`J(%;M*K7`MoNNqz=CuaK2w*0R|otiVX7+fbkn`tnx< znOM9b4)2x@UJOC|$%WI7z6_2rO^eUSfkwqr2MlJ;#(1^B)|fWeLxjFK5y(eXfgCB5 zV82i0Gqf*3R`G@*&?qN;A&Qyf2*M%Gxco9xG34k($ zFkYX|x8^26fyMf*v@f8Ku0g=&XtQ*x-?s#PJrK41Ew1-QiXuN{^RsW(iI**Mq6-o%nKS9FUecmdj`+1{jb5 zev3EwF+g?uX>^85$83tWhWr*`5+nKr>nBWmo%r1cpm5B8f06y_YGoLnC6`6VaanXN zURZUm@wK zhWphIvw$3Houin3YXN_t9i~1Dw9yV7p)gT;}VlWXf_Ab=Cx09vah}jbR0Z=M40P2EJ`kepaWr^~K0U)lE>^CnG{2YB? za{xDlJ2_-7ypppa?m*uBCd-GVU|LuRHAqI*w_2fSzNA!jegf`KMu9t}mVDeEQ9D2x zcGP@XtAj^nH0v)2LBXs12sd&kzKG`o@oo9XmnR?hJdeZ`AjT*P?#0pv7|Q2a8f|QY zt7Sei_#%_cA59tjz6^9$d_B_Y@sA(AE?{4;h$Vqt=oAdLbTI-vFNFNM*S5%()*Jvx zz^p1KOk)BYXph-*enC-mAq##iz6L%EL;g8f&=tOG_4!@R5&u|yxF_75diF{6z4GVm z<(MLzAz;@}D3Qq0A`|}HZGSc75oLTK}E%N+Iea0IyBwW#?7DIL>il)fTLVNJZ z{8i})3xHE1-_|#jw=pxHQ0d9i0$>?6$19kFD(TIJ>)TB7zV43uAPMv)v&s8-dA<)- z&rRZZ0KMOlBphof{&&h?z?yF^v2W08LupH`g@4h@t3Z;L$9n@Y`Wf;Wa6`Tn4mRRp z3{V!$*0KdEOb77G<^+M(JE^O*gj4Z~MEDBt^{O{GQz2GB6v z@dir(C5kKlw?-|3FOqHO4b+7j1sn0N%FPw>>+Ffhj+ZfMQ`7$o{Ld-HtNi@bp;y<2 zLE^(D5mTbL4#koO8Fn@Ecx+1=4E3UIS#2Pz_a zHvzBex6eG(fL=%SIlE$!Jm<7{Y3KY*9;ELxJ#+)~PE$D$!~Xqg-ad03JI{6iE;(wO z%C69}UBl*n-f6)eekkJ$csvl-XC9I^uz5TVoYB*^e~>acW{YCX`ofzGzkb2FWtLRe zeWVO{riQ*%doXt^)VB8E?q+FOX%9k{tBm)U6S>TW!RyAS&Gto-J2(lpq;kBrnEa?t z8a0Q0OKFK&7&8|uzO<-g&?7T2QR*O)*r#%JXw51QpLE~TV$MOC=kAXwL*vaHG}h}6 zFo|+e8dV&ZkTTt4_GBYBSLjqU$sc(&UK&O(rSD2t7_`g~mJEt+#g-S%S>d3c@PjgQ zxn~b;h|0*3d7AU+M;47cR@zN!ghQjUgk#1_j8c@;MF=av48Vh#$(Q)Qp#<%w{P#I* zjp{m}0t+BCj#+4{3#a)}~j&3p*sxxV_$8a%CSYib1SjW6Q=L|O=^@c{s3 zvtkCBuX`~WOk#nA`zzE7S*1*HTj8L&@S$*p5v^ZAWU%?vo-6$&Nw^^S=^jD(x~LU@ zwox?$6u2qkzVh&s-73s9nX8!(1ZEX3-%~1rM9ZXe|7mgW@z zWCB%{e%ppgM6LGGw{7iqghz9E`wI#jWx11# zVc}DHM>g8wYs`hh$lS}h2L`V!&nh5-A5l5}6o#UE*q!Tdfy|%l&#MEW;}Dpp40`5; za<4Ens+P5AUegDtSFlne1EX%Snq4@GsVY!JUslW)MEc0lNBn(J7>+cKpFBU9UHM+< z7V=AkKi4PhY$wfzxo{(|htA!=3<&PB6 z26M0wa{$Hbh7Ysx{>I4Cwn9d z?L%<{3&Fp(W;a<_-Zq2rmnXtag)ub&%X$8N%Lac3|RcnJ5alP%RvX~Af{RHU5l!M&u4rkw-uBe zaFuEhC282Qbh#Vj5Hu$u?{)>-`u?1YlkC_2K#N29l2rUpqAXNg=|EfQM)jZ#`$~Gl z5GJQDsH8pJg)U2LKoRi>sNC#FTNBfuI!RwX+F3+PVt{Ea5l4%#VR zL{4gF>0#2q^Di7cMAxHb)lO1Nd{J}&9>T7G`pj%WUlJ{5kc?T~XVH-uW807K@K~1k zkj{>GL4JFDnC}|H2h;D+v3S5v5iRj~u|l;Aa{jcc$@^6WJwG>(y#l|zG5 zAymQO77rO)P^g%H>SI-;Xhht3dn!y$Eq#9GIuNVMp8;Vx2#8tF-v9;Br}K|my}w4_ z7z2|$K)7Kl<(L?mprS!|o|97)YcJ~ZtwJ(1$@@jMF+!mV@8A0uq5mQbMqS&4t#9kB zU^LDe#)fmnK)_n$1gm~4TCqe}hCX5rF9QDSmJbywKxC#lpm6o zOQrp*e2&3uC(rutaGRpZbN;*Tr;lL{3!oeRitAA@yE6bFTNi7c|4+m3g+FTF63s{8 zZ$0snlEDTVDp;pBe@t!uJ-=YwvUwb-9HhN@{wsC%FBdrY;`^6C7p;2lw)>Z9<&3gf z%bSR0|I*r4L}e=WFRwY*?O%?XWmv3($3{WC0+@e>^m;M-fF_r+_B^!53=nom-W|zz zSSsKK4LED-49<5!s&Tgi^y^P?Kdo*$E^zr?Q`&F*ER?RvA%Qk!_ZyG-H~|=0^9}Ad z9*7spiaFhHJQi=Kw%<65{n-7+FAay$fN1_beSt3Ik!Xti0c{ZYHd-v8c9Hx=tm{V` z6o0|F`aX-jNe(Pvd+om7GTZ(MkqN|$D(lgMQzwKMyF9r4cwKPbAj@lRY@9t}ES{PTIz)r~Cv`kNd7+<{6* z^b3gE1O%-W8n-hDP3`2N7vX(^TW1pMz3~;-8yB@J>B}Gn_%t5hJWfhu@y#QoD2i`Rm*+Xk2Ce3; z_%a|s7&F^qElj_7%JIz$nNvXsBvj}8troGLijy%fNu4OZ`3#?5M|@N2%K#BQWBy}R z{(+7!F%H-SwJ}ApEmsmj5d%C+Oo!2wKjFG2TRKU6^Y=JNN85A&*-(+L;oo?DC+nN< zP}v0VSI)n}2Zf_PDBv{aUQtk-L+;SsW4iI|cE;h9Rm3Cf<9ng@gFbY>pDw8Dr==o4 zVygZ$^?O9yGG-sE8SHl2z5CGRll5LbdmwXY{muW2;=Nz^*gp{O-R2qchd9KD_cH%j zqn2Z4d%k(y@m`7NR>_y=FEg9=UwA9@k0XAd3@Tqu8t)y%^-`3PDBimrcIDAI_@sj0 zqVenb-~SWut%x80gYn***9-R`-pf@e7{Uc$@6Z=RP!z8>-phO)HHNbNNws!XDvZ|n z^>Z8aIaJ6L;=j1&cS|U}CbLHy;FNx&1z_EH|K$8c9hq$iRZGb4Q)-XK&OZ720xC>G zOh4DtSCl2@cU9I8%|Z6%h@SSKF37=27B-a!5xtBO}_`rK68w?y+1 z#4GM*`^cr9QoLfe=e3AGEWg#|?`nP|JY`uQApnGA0!^KLlk%4)wdeKnr)~nn`4yJU zD8*u9()=mcALn#e(kH{k2^N2n&&dMLx{x=B9|LdHmynuUk49Bv@;7f z?{%k(cl@g?6oY)PVQCYOcl=t);_;6Ekg}=9JI>sW{HXDcv-w-6WL|;va93Y@i_j zYadN4>H}B>ppX17u8l!NZVNofmttna_{Z-=?tK0i_usq}G5*2#b>kn~qDyPC5i?wa zr#CzPfzP)_4qvohkMnn{x2OMD{NqNXrBF@9;~(FV(pdbXM~b5O$Gb%T%n@!te%D)z zLbNe+mehM4@sIl%Pap&n#6RSG3KsRMP|Ic>2N}VNteyGxLhDBl5q{vDB9>W%v_` z$?Kb4c>+vmQIj90wBPCc6Ur9(3+&15<_YuBk4=Lz5u{Jv8)f7;%yU%07# zjjt1F2ODpGQ}g+L&v9fvHJ^{qb}_;@22`u*{op?k-^3&<{CR>YJ#)GkrgAoPS(?fuBE#OHLX;T5=Df zMQ3)DTQynmAwE{DiK^D$b@_Q{q5ijdxa6-JKWMF?@37vZJApNV`1Aii&lf!RVd2iA zIYTz-VFPTw;05{u-u{~rKicO5|495uED+ZAjLW;sZVe&D^lSBcIO6|$@krXhdhw$- z*k9nU`|(8|R>p@a`>%WsQzbqWdMCV&Uudc z=L@8N=4aqNe$#pwbCH5J#Knf37s8L|==x#s#C-fgqJtyJakOYCy-(V?r1GVs2yPY3 zX0k$)o(twwdUZTffhPC~0!Tm*K2zXJLKbC0u0mTsJqvbj7U4Y0xY!J>k3 z^Q0m_h9;02xL$0s4`&goZ~EVa>;88nxUzHL8q%E9M=kL9F_YHiVi4Ha} z=I$F9Lm3%U4-*O-5($VKi9gwW11Ci6*jlll?)_)1e-1~s?8NsCjDsfQ<~fpr7u*E$ z=4FxdT_fIX<+rYXqx#0mgZT2mPs8h&?PvD}KmAN1bxHPeAM;s5b^x={l zaA1PXzEU9ys^~K-Fn|I&H<`Q2>|+jxGfQHWB3HaNyN*63zm5w%b`{+dr-%2K1P<`^ z9JA4e%4DmX8e16J>*qz%pUem2Ej;rohn*z)!nE(S-L3$UlB4bdjIwE$XdFFd{GZ{j z1pb%iHnAEdWRkqQlmgEZyUe3z9xrf0F*ydj;fr+e;)|$Rsu@*^%zXx)_&(=D!QM%m zP|6--)HHG#nWs+VvMgy*D3G=`REm%iwIVvS$6xKkkW{@+sNkJ~}YiJo6;cc87n3Ee4h;(Q!>@><;Hi7Q#+>F(6FgEICk9edD@jV_yH92izo z(=x}?z#q>X(7v{RH7nnL4h(mU3Nzho>n~5uU^jB?kH5xol%kwSTXGPJapC9}laC_- zdq`Ht9k^$r=SKa>NwIUU2QKMw2D2#5<~jiYHW+%MqpPGesR2JKaQ`(N0 zX#lx&HzusKDmH6JM|8sIXs}#+QV=?9>lK2qn>AduRb$#PXI_GUFm=kCFm10q5KWuT zteZBOM5m{eSDz4MpuzuyR@KvX6Z_I>>#s3w{h)roOk2*)N^LCO<6e702ebA)83cqp zOd;1@Mzdx)08O`$rX%JZAb)U{=mPlQfhbm7ZW8+cv=>kv)a@c4%DL1g zxRUsIf=@j#7eAywOnlk=9GMyiMpRRgLiyL2!GSY1rN?A>#7=mSN2GOJElcEdhWTwV z!!WMQFm@O~%;Z(|*JfA#M%c!9xfS^^LNw3x#9{&nSgWnM52 z3>L!|*q`981O8&!RCV+GyYWH^>DRUgyo)Prjc>ws$JQ6&`c-4n;y(b#QJINlKO~>( zI#$+)x*0}JGUo3;k*u^abBsVEpJDPl3ND`564-b4ZKU6QrC&UZ5EGzMc^!=R5A1w^ zc2ij|Iec8~MD{PBOE56*(@~$84|)6jBfjA(IUilpXv|ZDNE?ls_g^j)u=PfxdS!PX z82c+2n&qQN9X4cUC{sV^65>OH^BeQ#ONu6(=vwFB)o-)@&j)n;vYDj-m(3FUgJ`6( zyr18gOSKlB;V)+HF}tyj(lL@h=bv(J?OFJW`6qpq9pS6ZR3PD@Rp(=A{)ctn>cvOA z|HpL@=1lfiNClcw_x&Vg{2*Thp$@wGbhPf@A`Zz_9`>K7HWYJL=cC+;?$^qeAJ z5l^!8aquaTK_J&(YXyH}KE!3fF4E5$tr+LzF&INx#}NG8b9b3sH;t}P{LWK7qh%T)>n%_$_Ap1>-aukf-4 z1|VoTUeYQf@KLpe;@?3NW|IBr zrC_dQc+1^pDd&^%4L7uc8+VVPy0rN4WJY^IZ&JlyUJ3Op^rdgv^M&F@>&3i^q5odn zBEG_gm^nTB8kngQy;kpkO-0^9{i3dPnPEAR`1wt`uAubeH}&E0Q`1t751|;$Y30Aw z(^L2lW>Hr@=!d$F>n{L@ACMZ&w?CZEA`Z3rJJbhWw{gh=SA%!B#__G-f5@yG_j-|5 zS_i-p-7!(Y4{d-SZ6GrmZyPn|az>>S%<9}^F>%ROiovLv^8tPi6Zt~lmoU04@qibW zlf$J(ezfmm=li3B@luPlL#^RrBMKO|;Y4G-E=6qZt0Lwu+V-w&V#&ayAw6$^%`$VLwITZ`uph1-}N^(?C~CkPR7l#EVA zYbv_{qk!3Px3D>xNj}uFRPMYKc#SJS0<CxRo{aSyncw!2lEH+W&c$UT(v%-kB@o~{g6Mw9kjvLzRG@ZWDn$f6=8kWb>|m$ z4-H%me`PBA%k_1U*GI$;^FVo4zW~%4H#glBtm3SUV)CbuKdbZaf-|K@RD*V*52K4zGgD&AXt zTGM|}+(0+rg?NE*7DZFU8(vii%@OtZN%XHVcZ*S{?ltl)Q;BQ@_aFU0RvtVLGtJ(A z#1boeF@6p4X{tIO;O#?0J@|Zk^9uD&75}z+{p9s4)e-cNek@c)8pkulj5O`{aB9|H zyd8w%;}wCI`S`Zp8vt7go&VG{)6^qaVa7dw$K+4vhlY(~g6_|7z9fnVK5GK&8uO?x zD*LGj_@~XouR5w=p4NSs0wFh#MGtvX@(&ejrlR?oe}zj|hy4TV1#2eovwMXv3Ik23 zn|6b%wL~Y{mD1s?Qe_ZouV1VA(a)EBZ>vI|g!wv@bMdESvOvSy>ysG0sS})kUBS^# z-;p0cXzCB=OW0^}{QFp65;sr1i^}g~{opU66`&^8nzuqLh)-AXeXNsqiU;W3_!0h; zZw3sMXRGAf+{sa@_<2bMKMa_|MK84v$Qo|G`-TWSn{wh}8=Ap85M~!T+miH(JvDQe zA~8VTG%s8v7~uhD9YL4IwdO9})8+e>=0SNM^NayUzd1@ftK68_WL=Sh&F~p$x zJjc@Y!KgW}?CEN@A^B0u0g9GtNk-AzD4G;YH>z6Z7q!~+ndDti5M$;Ma+oMsKK+tV zNIVat<;{^7$r31ne?bNOdAL{2kmR!TCH91&bNanK$0^Kt(@A$l7i?qZ-WLSsA#yis z#9(&TZ>+Q`fYmR}Zex89>rdFf+#ms13+8*@2xl}FUwEDCW8qN^O~uy>)Hk6mmxYd= zRffig28pe5nnbne9Xcw1-rnF9Lzl7~3G9{aKhXDW5xqG!&^-Kkp&#ZD`uPLVL*C5y z4^{ekJNJqZdneqO7yrw5HfrX7ebXkyu)r@^9s~;7#jt+D%A%QFJfUkt0bJJ$?oy?f zS-76tRZpXbGH&)=fQ7m__M2?Q3wzSMyvluePQFW*S)D?aJNi*>u52PGQeaNr3cqpV z$+f)k;gW=Z`fth_c1tNE6zd1Qj%4&X~LqhnRJ`{ zTxzll*P~`Xp3Ik}(rS5=TO~!ihV2lneua2s(krF0{e!X7y-@)|Kiy_iB7LM2#Z)%O zakGc*)Scgy!N1tw%DtCtn-$`$o!8u$%B~8#SgiVf%j_)=tXl6K5fCJmTC=IZ=ruPy_G1$)be4g|yg)XB{TjJ_gIwT|-0ZZK0wng_i z_Q!UWvYZg0dw3^14i?ojN(-v1Uv^Nu>~@f|A@$OenASue(nazBcT+0SHg4|OhZpcT zxTQZ-b!set0iF`SKmghiE_1?pG9l;Vw}pkFw`@*W%eznFX)G!VB~5tN;X z%l=j2)8>K|!W7-5#?<0p=_l`U`f7zBy!aDMskzf1N~BMeW-=j;0=y6?8}A`|V6RML z3qw7YS$wV3;`vRPolrq%B-JF}ByK8696iRVa}>7#Mz&354;*!k7c_%~k0&{*jkA(wzTz(xT2+7YQWYZV?I77JxHA0@aOnF(VLbzr?99jvo z+_;20WH?tWFdv`Y6jSt893fWsT_)3~;)&<4@R{w?++NFy6j0LtMW@TxJB#(=;wU#e z^}LJCR#12>Is%x^kEMKxoBi2bP$!de{0xNcbZkOYfY;u4-A5%yw?V&(xj&|(mcJlt zJ44lHHVLqZKfuNv%ind@$5!9-E-NmdsGKFgma>s;-;had>x8l1`lQ-EbnA` zfjycg6NsgZyLh>cHq-m-M9kZ>t_{uPQZa)xXRA{{)I20T$Zx<=HpA>%zZ!M%M`T!i z#}Degx03~#c`fGmgbwzCY6R{(u{A*v<76w*QK?A))sdd*i`rz;Z5;f*ULs5F!$+<* zyKjodG=Gwy4hY!ueko1Mc$xGZ8MdRmhVYp0V@D3KNFhUi{Lsa7XjxLX%{6L`H9A8Z zNg>IfTRLVg(J~>+->-;(6$A@r%NT+Ma~pJcX%96K(&j}5rW*60MnCojSAy8QgQ_2W zuQUfgAMY|%+Z#^%B%^G%6vt>SCki^U=mC(OjNt@M8_;ZI4=y_?liuKSX%h6va7@!$HO#@;zAfNnRkMN3idc4+xt1rhy z&3jNw2SHP_j`ei5^ zVRS76m43$B_WSGS<98Ydjr^TSk5iu!xak-GeaSPlOPa4a@U|>xg*^#@q$cp`t?o%F*L5ES zP;?pbF{hnd;orAG+wuaL8t@6b=lwG3aj>@8yJd^_TkHJEy@pec_ zL+ZP!mtIyzkWmm^Wg zH|AwmNpW_?627%E`3M%ae!O!S^yxQG0CX#lmMrIhyE=N!+UNy8LV#}_kVyssvaPP5 zkZEVDfC=s))9x56kC^rq-WjK;m_u2|9zo{-M{65Z3u{e*Rat%>%419Rm6_xf^5!JI zIRT^!;W95>ta!UA$sI4ef^UkyrHAy9Z;42dVPV<)T_!>&kI8cK(LwxmpArGPtu&`D z;SSglJ{}3K0~2a24Cg_mS1#><+Wcl0)03!4$nCEEw^F{j3@pA(o$61w- zf5ZK{k;(`TyzskTn*b;5IMBuEr@AbD@s|RBRr%W~TgJ8)v*#*~R{yP%pWC6Q+dG}& zO|KWV$B+L|TMJv6Bep_!VroTmKtFe%FB1nFHIwhM>;QivajLJSAtZ4X4HXa5OOSkOKlcBGbmn_9d||g8sitTyb zRl%YsGziwevFkh8dyf`)5CN>bYJE@E<^P2-Mqxv2M`M(X(#o*JqEWvDsApt0SMJlup4Oog^xvmVb4wrqru1l-@tD9rxk#t`fm77ic9oVB6^qsRuOZZ3u-x;>F zwt)XPs#M#fzD2pY90^gPJ0Z zmpge-f6SQ2r4I8t045>@BYYkqWvN+^>QV7Mrb_;wg8h>3wMQg~*{@!#A>Ks$l_Aef z#eOx1<4$P5KJ`cPJ1sH^RGi3ui5S&l_=}lWBUakluWyo9l*WPmVt$z|4OsnDfND#v z{d!s^r^0^yCMt|L{B~PtT4+H7_LiVg*4wXdvL4x+(cs$b{SLlah{q;TezpFUIZjL-rvfYsFK(VZW4*~(AytVn2l}G2 zS`w_3gZ+8+*U10e&)u1oML^tm@%MYze=qmdRKIVHt#=+5U?@m)!u+H*Of}&L9$5Bk ze$oT13Ub!WPuhJc2P)g9Oa5m39Z*tpPfNDr^XL!1kt}(YbdG=v%_+i|56CmN zUgsvq5Bwq$L7X2G=bwd}1EGKueX-A7FA-t{0dVEy?9;WZyTj_+62JJ0NM z6F}v|b#i??NAln5#B-cJ_VWj#@>?%H*QKbZ=`PV7CrQA=Y8r86rn8hzV%iQxffHR%}7x;X)%{AX`y9+1FcdMI^KLm}#|F#TS%*vLqkPiI- z{ro9?&>5P~hd@7XMTUs!=UVeyQ(wH7O(h>JY4-b7YSu$eKPa<7>iOL#t4DtDX{$%9 z^5{fkw_dD(U-sn2z*7YQ|F$m)#0Bol-6_9e(87GnBLxo4xBMu7TXgJt&heME?|=&N z6RidruC0Hdw*vkQ=3ig~W+3Z7nlE`MVG!S@X1?SS>{xP~C|~k7EV1MZ^oPTbvW^%U z(Fa~pe3bm`_@`F>Z8g77JRh1PfNT@YhvWw{cPN~X(+GsUQ{xN;2pbI(*o(>O8|ac~ z!Yuz+!#{=oCcHnq+4)y>=^5vb*H^z9-q+VYobTU5CsfXNX#c3Mc;EH0tS3?rmW%AM znJeY6?69tq?qkzV(4>VkCm|U4yM7iU>ihW&;9e#H)g{*4*cN$ znF;9ge|diBubKHM5)Fd#Gur2417id;fY|Um&$KfDsrl0xcIUMsKlBiM5H=*R(~q7% zWIci9zLjz3pZoVF%TX%izm`6C_IkEVvbEPL6UV?sSpZ+_81#xnmF)Z(%+rm|z;C>%E(v|o7d|Ey80Sq+Al$E#Pd5ZV@yibRR&jBkf>9E0hHN}tF zG9sC>9>MyqgEv-uT#+c~`CQR?V7axsfqRjUf|tAuz~}qRvX}lXfuHO?n_UQ#!UI;X zo8QW%>lE&@fgIrcC7})UEA?ftw#&9n2dBqBAQM|}1p3;XDShR4tJNQ&298{GA)t0e zUhZ)X#ntE-q0c63Uu{3yls-PtFbW1Oo14@olD9FLSd@O2 z#86%yH(e)MUZ!`W=lIIzhT~W`Vy@szrei^*&)473_DhR;=JnfBB0ShulU}Wnya^w& ztznD-b&V{$&kU97%8=xC|X4xpgDVZbj}bkI2$o`Ac_e5Rj$%;9jR z6+U6anZ#<%(>3*><1gU{Np`D@SJ?R%-x!8{j=5zu`W8c27SE#M{vcZ)_)d0y{La(S zQN{eLe*^ur6w@Yp3RVT=lKZzbCRH^1EAq5An7(_AB#t8b+`DibjmpdMr^5Jnf2Nv$ zT7?_&jZ2jbU2$ImBsZRjJgjDr!S49*ep z6l8{ng~fUn^gNI|S|G#a*Cy}A=sYigs9$=KoojQj1cngMk_cJ9*@Xcwy#S(9s%MhD z;Iw}8q(+c1hP^*MGi=_%GQM2TA5i%igkL}GH#;&8%k$Z}j+ICNPl=(YcJ|^VhGKC@1w>x63mMu^&Gx18u`Z~T(xX2HRZpBs<%~|1~ zpYVgqB`SN^QH3=QkBuys54^eGC;XSIKs>v+q&}d}&nYGMll7sPT)fT2W07%~fd&G9 zIEj~N3N+=?PqDLPac%Mma6w0rfl}m8lC>CEWlmX+_ld|{?Rt1Mg#9F1mrz5Wx8FD9RWNuG)N zx|P7=_V!8uo{=$&$shK@rGB#zPZ+%y8`qs^A_3XF+5M=vx;r8suLI*&`=g{tYIv4ZB19&Fmv$i=+m|O+`&LnH#SpN5goN3-^?Y(9_?MQpO_DkQ6PL9w~}c z`L*9;!#UCq?$=+%3>2#P8_0vA-WyfV#@uNSzt^`$&qrAI!M|^j8CQSTnBzo-X)Fm0 z_CNUSk%Vfi*slxhwcfAK`hkB^z5XDVfhgdtS6J7sm~4y}d~n?*K&zJGjQLN1*F5)0 z)*LZ^y#Rk@%xE>?_}jr3#(!+Qw>i{Kwtlph;i;GxK=W~#&rH+u_7~*NtV!=9aQGQ> zqHrE;1l94KT2ZSQfkAD8dwr%O> zu%5m5^{3c>G@q)Y-q8KplJy{KyGg&_7SWHwpK;%tf0t-%XGukYi4D8tXb_c-AXWos z@b?5CmcKyWQ-jv^H*51V><+yf@pqvM;P2j~hjGU+EFDF&JHeaK#nt(kg1`BBc0DD3 zQ}6eU{LSS`qXJrY0$Ml)*55pb$4PnPPT+4|J&rQEmtWDdrjfsSjnt0&n`g^0^tiuy zrPQ0)-<;gPSS6dS{a3)1w6AIIn8zLO(Z{+ z`sYIS6SMcV_A|7-%6iefG)U|qUQ@VAkH;M=?5laS%D%SMun*+eQ49lr2f=du0PC(b z5`PHq&%5IU*_C-C_vgLv37Mt;7u=t>DkT(vW?^JFxC`Qc?$68oNqyxy_7CgW|G7W! z&A&hIT@O))eSBX12k(!zio(h-k*h41cAy+bX$@Ylez^=mY4Ni}Pad%Y(9dGw$+~>tA>?58p zSD;B_=uSe2_C7CGg%YfpFZX?BQiu)YGOp`4b@Sya)*sItC2+&w;QlD}Ul2jcH(BKW z>GwzNEd0fgtonn2zfXQN2UWbU_D2JLQ2&^8`)B7vEILjsujWIDoUUO>E&oCF1LnK# z`eF!v2>+{<4-u!w8_7qSeEj(OsnzKyIddTTf#QT9lF!kj=S7#Sh;YyAyN~Mp4+@nS z8FKR-%pYhZ{2;L&jEQ;NQe=-}hP998yKWTOaFXX}?&Ztl3;t=YaX(p`$4_Mt=h?+$ z;3LnLo|K(l<*P&G0SM>;Y>i_Zks?6-y zq#wvqly4LAPxid}`4CPYF|?);L;SIc;?n>eI<@hx*nClQI(vs@WT>#6eIh@VC7$kM zMm7i;zt8FqK{TK;UtxPvh#4c$QfUxWyy}X4h1{>=D-1V&$PW|WXEj^rp)UO<-5;VZ zt%w(OZ&(oVo4v0IM|X8^?gTX~gGTUk_tCyf*SmS)|CdUF`49-5=UV4_F^5UU~YduXjHNPx+H>6_Wb%xx31;;AP>fT;1B@-4|*T%x3w?6 zTxs4WFJrfEnH4fu5*p|S3I+4Yzo7@cZwmJnDn584iPPpg;5WDG>;vP$3mJy-!C&4- zyOo=3EX?!fPKr`@&HHHkRmz6U;|J0=>O`+P|FjqM&2;TIZiA=F;qx&NEjZ)j_#MmS zjrhIQ)5rCpd+zAd#XpUZh+478IXVD?1J2f3@?hKaqGRgH_9qT(mr$mkk@!9tEAa5Bryd+*K_>;(y-73bF(Z?|Q?&0Ww#g6`V9VHx{&YlFj z97C2z8vYwC?2O>LABcTqe}nl5NKKjQ~UD|0CD2-h2z5mdNoqZz^j< zY!Mn;+DUCw`Zg9L-al`pJps+SIyUHl_GC^ui?1vWaYznuEq-{30E8$klGC)wJXVwR zHvPzr`#Rv4SxydI+`fT#>bOtfKvAMkk{oZbHWs+bB_s?%mBO0mI@XzABSH;>1!Xfg zxuK#Z$;<>xHg+hMOQ%S4;3~G+tv{M+FEUFvLO+jZmu@tIo_KNLY#ib3S7rTEXUUQV z4nytwI)4%$!qDn7AYbQhw4$lwBIgr)V1R*;cL7xPW_o~*AHR+Bq5d@E zduR$PA(t86hdzwioF&8Ap%+x4N)-LW3>Abty! zD6EX$VwYGmo$gTq*Bo{~i)-y3PORB>`&hT1L;rwu3=_CsIcZcL=O%Fr)?xN#Vh!rF z7ZPi>inV<=UOSc& z4R^e)tM+)@`UCU7w46bT7jvo@Il|UEQWNmK6_RHq?gZScbNizj5-T*PQH3{%FGlk% z`AFbsgxll-!b?>W+evZ&0~Z$by`)*FuATDQyR^;%D$PkvBaeYPK(vwf=mMZ-{nI3W zTLck{&7W9fmiy_90Fub@D!_(d1RT$=w+r7CUvyh-!WVTl5 zACgrX#N{}#BixOg+FmE#KRs`P~lN>$`ODO?@&#yE3Fno;6=nUW~jj1-2AqR;QC}pUc4dP5=or$3YeebBMRQK6X$0( z)>4sJ+DfWr$c~tZR{SYK9+@o2RN(b@(HbPnS(g?Xu4gOraa{bKR*`avrJK2#M4Vv# z8Lo$U33tzaO7(G7)J7F`TKs&6t0iF%uWZyk3rXkqlRlSpG_*Ww7pb;0@Dc^D_y4( z1T>N>g*=iPiS$UV&%b$ivavKK|rHG`GpUTLb44$yJ-yflU@S+h(toQH7 zX>V=32d8_0V7uk$=+r>y543vurbl#8IR5gA@%4Gq@gXT-MJEp}F?paAIUn$T5=MLr z@U@;P2L!7sN_o{0Q*^XH8$X&-|2Tg2y8BoE2=s%zO(cJ~IEy+4?pQpY=;f`5E--Pl zyX~WpH^>^TC^VzU+Ysb!2=Znf2h@baZ-WWoawttJmRYdo+~iOq7pp1DTdK`$J9;WL zs_#jOWKaE;<;nVFTYB2=iiP9=x`VjIy8D()bO&I>MI_y8QC}`3S!o8aqZk)8;cJT8Y2C7^@du7kt-!C><}&iModLN!NYg-(KW}W0-}#CRsJaFEDQNelYG-K#U?&x&UGLj%-~Wn!*D9>Gny_Ga3Wk>sPTKnIs- z((_oGe6YbRl#fu_ak;i!STLvHrK;y#vVdAh@qQ3W?tLuQrL-lIeijYh?Oo=OW2ZHg z#HUvz%swc<)p{f&)E=kJ=6WCSj%feBYr~@HkfhLL=F)jA(81ZpoqJ3)Hzu}+Sz29` z7Ym6Q>#S)&TeEQ&EcnuQ@s&31Ud;zMNc#fb)M9;g2u9w_S=p`$~_=;FYe#jRTveGdOik77ouVz#8{s*@NKIuXHw(!(ICA(VQ zFJ8qa5C?~m*}E<>Ji(wt&J`FExi+H5z-)Gv_NKT@2QHwy6lKx_93Z?+oCT%h;E%Rm#k($=Vb|awP;&Mw*$Ek!Grp&%9bjnt7d!H1kFoY33>!Y36E< z1VL2MTcx6Rql(_C5WSNidJFp@f`bsjJSZo_W^*D@_NwLVDv>0;H5ig;p+;&J6-Jx< zSv5!gtZ0=#?GQm&%AA!?sOnr2BABcYLC&A~;q?;#z(iX4dy?4XgLx)Y!DZGYS?MFJ8)(Bnoy^WD*a>HYFbN5?fPdMy!1c zAc%N{mnvlrjNq9r7{WB#A$Hv+>mn57RYyVwI!o{)nzcb+kFbA3}`1RYp2UGV~ zdX3xR034{QzIf8q&lkV;&sF$hap^x-;Y&rH4x6;`$x%ACxEme$Cn}s+-1N^?xL905 z9FNpkZR{EvLi%!LY%K@Ejb>HpXj&Ty%U*otv@##t)c8=cF9XjN|8-ZGHyln!*!EPe z3ZFq0E!lw*b}SxF4ODu~9E;4X>Y~_CtR_r=GNX2FF z0?+M%y8(8n&PF2#R?!+#*L2UUPqwIbOqFGmQHIGwg)2+Je1_W)4g z!yCzRDT97)pO@R0*n^`(x9avls&#us?0Y%9cO-5N4BIP-@d^wNE5G=kuul3a=3uL+ z;ywHmOD~G#C-e7na+~*F0*e9Z90qZ#Y%ji@#Ucma1l$Sdpxoyo0L=Ahprg92zcN#e zepMDf3~)p;mOh%raC)xq$T{^DX4#Ky`X^1czOVlCr-oaPLZHBbdw^XRQ z0aRUW?W~7pMI%BSe?SS*WPsZF(@CJ$gm{fwM|76KGpsQ1Cq7HcQ?!G3aI}%e*tC1) zC1D2Qb8!~%B>X=ayKHe9m=*ar4S&AI`J0a?`GeO6eO+!}oAh<1{#+)hvfK;Sk9CT# ztQ&z#ya7y#`4Zu@Q8RA3u_}NTXqRD)p z@Fl@4yA{ts$IH@6vZ6;;DSZW0H%FqZrYaz_02O5O z=t7*&jjKBkC6;-!6~7Q_*ls&0rcOMr;AD#@t&5k|A(V&JZA=f!24WyCP0^orR+E3u zN>7CL7gurzt^e67H2|IA6F?`5pG7Ni zr#SfPJmD*BP0(|`y(|s0ry339GS#`U#AufTc{F(+?yuWRWaix3Zsr zvc;YR)Z&pS;wQFv>6w6*#wv%tRDtG864Y3%{dA^@7Q**hq*WP^d#D!7-AE8>-^)(I z_IN)im`~8i78+Iniuy03) zi!-QyIE*8N)juzX-IQy8;7IWV60IayuqYYJW+X!Xvj&x~F6PNOl{%1hIeN=NVB$O>Rv!`sI+=wDExJ6Kj`dsif%&t%{92_gHk8FL1}6xIo?3um= zU}-JEV9uGF=1jv7`jVLX%lI*aVT{_5LT%K3v04e%<`Q<<1RhDW@(Nx< zWs+}RwVz#%2dZ?zNW6P2SVSCzV!QD~iXA zjgNOEp5YA#__d)PYqrvG5c>(tHEv$5p45KQ^TUfXxy3%+OSCO?=Yp3b)CNwgDL2TF$zfJYe)T!a&^R97JV92zoE3~15)$`Eqa3# zJ&8U2G1DRA5*sA#WRL_ZCRyj#*LcbKfoG_G1D1rs$_vD3UhWIC=Txop*s_gd5+5OvEP7WDlDXi73uBE!!GLNvyH+7H!&VKbHY)Uv_g z3tb3DNG`_`W%<-!4$bt~B?|EJk`0)%4Op8j$J%7tynW`guf8HEql2>ENv2wo@Nq## z3t6$K1HF~PE8@v}Ag3l@2pwC}N*t}k(Mpn6TBDUJ+e$uuSp|jAe%Dk_{342Q)4upz z2q2w&AkIBPDMo&P%oJXSaoqljiR2~Pg?u-%1ir5AH@7oXefi#T%s0%tVu$nuFq)Ox z-2l=Jt=S@G0Mc6}ohnX}z;{=l?|ScJcROq^h4$En*e2a(FG9dDk+hU#R4+xzgd$43#hKaG*|5(l9*d|GjZOXFfQt!Eh_m*QDOp@%d7BvF$H}?2+}9}# zj}UH{n-Cck7wa+PgW&H14P+_Rb^}XMHH#Me!A&dPy<#EdX)ItPDQgOPeF0lsE#_KNa-1-%Q6|Q*b+t z>#xg?SC!^M1WbNDi_-z85N_poLVn`dLc1(5^9BlOoIZOS7J-#}Z4_pJj~gF=X=^zU z4$foH*PccAvmmiIb}bnM@y8#DT}vAHiM;=gJooJ8D!21kW(F2vC!LLuL&7ndfU??DIjzI~;(UyJivs?VMue%;%cnO% zA|9-MY+~bMu5s%pDwtnmHO5x3Wdja}OQtv*uevQFjTU2>hGh!(pG0i@^%7Q^gF4#8mNbRZw4XFSTgQF_MF69^aa zt;jDq9(5}Qmdu6McZvFhmxxa|zhog{=a-zy0?3T>Rj;w* z@)fJB`mMI1dJNQ7TD1OB7)|)iF8qu6`9VROi9$YpDyw4%K>@2A>MY$pG0d z0Nen2Y(Tfyo8fsOPF=v0(L@ZhW}#U6*A5SH4Q z8cG$9)oy`S^XWsbADNDa}bM~2N^|A-E^(=WmKJiFg;&k$w_|KVI_O_E;U z_-vqPHz0Iqz&o|o(|{r#zH*n~YHU{uC0!|)jAYCHNz!~2vjUZj`S=-xU#flr{zI$5 z{Kb68u?GweTM?fR^m9{l%$M(U9FyY& z$N!-cju{d&A<8k}tV9p`f#JXxrGE6bkYi{=V=3r3rYGPSNJ=i95TZnHc$8xfdP!IT z1%ws4O6b>RlEjYv;GtD6y*RuJ9YX+HWe9^KA?8SwEyBA>GBwc*1EqVwkY(p5YJv7B zBHeQ*UXE3QVGuDc|HZoGWq4iD)|ed`w|}-8D{Qo_8Up!XNiIu8H~=q*7T#w_GnSFp z$S^1Xs=*RH*k*__u)MS0@PpVWGFB{Tc>s&ov44S*1?S_4>Ilver^XJ9rI(@{v^JIT zvz0I-(iE#w2ymq9F8%uB`(DvIlWV zxMAF^Kpm(YfzwTS!H+jReHzA@e(A6Z?1&B0%mz~@RYt`Q?eZJ3Wr-?3MirDMK`{vf z`%1KY7@Hc{AR#|bpm#UGU<^d#>iu)U0*f9Mc zRlwJVWw>k?XYELJ+xt~exKZH(jTQ(y?6X+8){LNa+{ZFrNff&2fUUnXG6b~BdoT)q zV~<&jW8!}EowOAYlTGqm14U-Z19lDOe*^EpBn4UxSE{=)(CA!iP7%Eb4n5uM!cjPj zXwDo1Lq~dbuOgbWh~lWD2;g~-dA~6`UllYZPsVl_OE<(=n=8OY`x3jcuoedfeBcaF zQ@2IIyKu0Ic2!~vWP1PZO0yAc3BM_L+{e}#JMzFOV2wqSx6Jzzt~if_qzgev;vAH2O`@;`5d2&9?A|wu%+Q=9ilxwB=#411Wh8MA_Doi5HhW%GI_9i z0(@bnF5nWfTpR=r_{fsI%P<5-$UZEc$3{LTe1-Wrh8h|w)w&}bqb}1*{~$T<$0(!Z z)(wsXni96!;n=Ei6yoT#S1K#~)*U4IS@2r0KRl8%RD|*%p(fPAF{{VSOE@R3wMgX| zQV|wrPDE0o%dg+z)!(8l3KiKcd;sSNruhc*CzSS^ZxKPzBO}X@K|3ax!O_)Oxc;i6 zJOz`IW9{X{{{@DE@g=8D9g`N!H|WnM0p6n>DA;a~I40d^ZepJ~Yj*mrBkXw+z7)S1 zgX!e7`A~>bT@@a@{AVG_-#jd?rp3J4O zYtGlSOJiAV?ZQtpa;av0Ew)w@%-4_rS}ee_@>&fPVOs(|HLxi4{H4Grb^oH&A1^iM zqp2c_>nz)DC+f@>NW1Nv5sf@)GiKg0HyBP#1S@Z4{OC{6AskjJ?Ger~sa7n0+z<|% zd#FuFCCh`*e?leWI2Ws|PSAzg!)e$8kFl`zTi`0N%*2s%`ZaDx%eHSv=?jyzKV;5y z?H_@Oro=CAA9LXGzY7Z!@-PDj*AM51mHhrV4dZ58RU1Oc}r$WyFk4NY&U&_?)qtJPAF&7OAH5c2|{1V~^_jM#*B(LE9 zB-I6&UT`?HTf0$+B+?I~4@0bAe)l|v+}d248~+5mP6-K@186X4-i4mZ{y+}l{_rk% z$xm=lCtOGp^tU0zcQn(uCsY4C@%=OK#Ue)7AeU-6ep;-Zt9GRD4aV(7_DyU@F-c>a z>i6`tAsHNgEj<^As(k)E_wixvN%)K2=Q`^t1lh(f7S_w3@~CrTp2t9I_r3COBk5rcLfuu@bq}s zka;^20*)4Ozzc-Ffm9!RV!-14uZ1qcw&+fT8r?2onDn(K5tmmmpCXj{E!feCglB@o z0{K=;#)$Y7Q!Pyu!Tys$c#)TEDqf%n$X8G+%ojPP@UxLS>~Y$JvD{dM4Ck<5usEgM zvf&X#nfZ--%}aY_J^}71;ObH)dY)2rH90fh1QLPoF=a?i2Ek<(A-7>tXP#rC=F8 zJuqH)oO7)#uO5Opa(6_e$$o2EAsTBy>LaDmM2~Xrp^8F}c@G*bcA^%pnt))3hBk-* zz6?)XIP!bpa?b#o*cH3>EG8#*vAL`bOMzjJ4(SFM3_Bw_Y2FPd6G+TNBz5wiZ z1JtVe!hsS$`gj3DMN^7P$DI;>0Iu*Gccxw#Kju+P+V=mDUhO>&2ZiZ?(FxBUpksRv zY1|p~?Q&&*<{Z+zv#fg;BD1&*NC0bqT9DWoYqt|hLD3vfjgB94KQvkZ@~r_#myH9# zA-jyTe=h+)p_wI|D&s;iMqR0sd#_2~!^y(Qz5^2y-^<{8KN!2mtKXha3<5@lE_gqH zr+i{76A*~cX#QX85=?GtlY;*7~&Fm(dD34 zX{hf>TAeY#=5v3T(tiqX0lXFHQ~}gA($KZhhD5YG`?C(dw6MIKcjq1daI&|Px**B$ zKm|X1G-eJ4rSVP&5>^b(Kg9LAtna9t{)Bu$gCmN{>26U@i#bU6kLig7D5t>O7N~c> z1=+usrWhB1b=^ou;!mojdj6vHDL#Pw;0B=D$qW0g@D0q*w(f@f88I*3EpuiA6ejGx z-LU(1Bk=GNEz8qj6xXmmJ9t;-RPC755_2 zpY-p45=`ML$pTdFujZ2*n5#x`@Cf?kIL>j=tE+#+Ll zOYtYv1s^JFDE$qjN?Yy8W?5bvO*hHoM$PQxo4H=dpI$9F`a>K9 zHqnrW;yPp(w;#x{v|Uawml_!NFFu2qqELo(V0v78(9z@xzux5pDLS< z71xx2YH*-VjDT7-2`Cn{phg_1ca?xjI#4^G4za481QZKeP?c6X75@a=QCKs*IPu)7ALxQ$hkk`=}_| zEK!2?Poep2+)%2QfPgQ>B<5Eg-jKx@mg2dRWVu?BkWbf01324H;WRc}tkPm^Pv)6k5iV_-<)ds$p66}bOncsY*jxaopiML<@|m;qm?|P4 zlteoyS#&HjU2?&?Cz5oYJ@VUIgEr0aSd|2;LyB^ziYuV@5OlmAwA=g^NKJF{D&Yhs znCJN{lCKM|P8IXH?-HuwzR!lLn1IYvTAAWZH00<0+hYD{5y%=TKL)ecOJjSKQBG3r zN2pdjk41b%w-ZcbI|>Du{wvCwc@&;D|G)nrJv4;jr{xEM!f4eM*d+xhNhOsF0dm$p z0R=4#Z#^2wvZhA8RK~7Fn@AIAsg^3lzJQA>iXQ%SNHt=zJ8UsEe^KmOWq*Z3XXb)M zRk5{mN&qd2T_ekJ+nSU@q#ER3#el$bJ+*E7b?%{|szVB>+Fm3wUOOvy1j}RbWe%Y7 zgn5;mL`H!p2~fcbTZ%eQ-3r?Y_Tq1(gp+#1(k+y~2IVa@UN*In8RiZ*uYVwwg#S7| zI9Hsg{1{)wK7?Q;Mor9d;#W({v4~iUw%l%~8_z2(2mY-PYtxpy&y_o=v>Y^GMGp(x zayPnim0`KQ8swW+m$MshwqJd<%vs@beuXzT83xHgUT+(IHshj)3Uky-AqNx8vwW7x zkin~)41DhU3Ma$QKJD^b!hDc)#&0R%yzG};s=twsz=q|_ANScamzWG}-`u2a26O17 z=j@;!$3Ez0aJFO)NwtroTG4J4@`4eXKoY0NqUQQ1xknuM$7*R^fUA=}t*VN@~|axoTL>r(k3jD=>m}JU}STN6Nknv?d!w!P_7mS@6}MpgfWmS$u~G zZDdIbSj`3{AZrC*y&D6~Q4^X&u>iJ&-UvgObApBa`dcb-W~WoiJcx;`G$^>10F2K7 zO>+m82-^JYHmi*GCDuX0L*a3>%L#Ha$UTr)4{l3KWfxW~BUGTmwA}WECcqhF5P0)nlU%v+$qQI5r=C>nva2jaHd5GvM`5q zbJcIaIS^rkuDrjIj})lPegckh0babC6)j1w6QfaDnCvk+Z&_Yi&SRKADC94PaqO+PsH!`;g0VxNW3?D#NuQ1e@kF)n_<= zg7Uv(Zz0qoCxBP7&4s^-It&7T_-cv;*>9v98cora-&%msIYNifLQyf$QP<&@tZP-#M&>$j1Cjt7;AsjB^3Wgc|;IL?oi>n_GFiG z4uJB&z_-3n^~A`55%@Nf+#L8IdJv5HsM4%pe)~8IuAe%X>ZGd~OhwB^Bo8egrUA)`x(cQzksm8z~+QjpC#Qm zdO5fkxeG?#__dyliZbilqs;my2kKM~*M6Aw8}PR&v&v9)2kb#A??LD229f4_Z1Z44 zd+JHpnI2itTgU)EEDCXz8gTRoKFSnu^wEMf-L{i(G`$|S^>qUCa>7i&aRT@UkRpET zI!314Z{7?+G=ZbLN;ta9ypcU)-Fwh#DM#Odl#rvB5=97rH9QPmDgd5_X*d~2w+Z0Y zsOTlGk>@WxB?z|p&DQ|Iectb&*WE$>4`~)d4g=H-KB9hs^fA%Yk3;^72g917!?@i8 zTt%7=8%6;GJnA>pG4=%~Mr(b<|Kia*ZzgX1s6$B<1@w3SSvDiJsi&T`FR7L|EL5>U z1We29zKV*P3NsU}+AuOo&qZ--tgcv!IAWYXIEhX)>}*R&iZxA*wxzwHS#Ac9qv#Pe z1Q6%rvu&XQ>W?9>)Sp}feFTqSGib(r42iv(hv+nzwKY+3;r!PV%4@*Ps|Z-pDrNqD zYY#iE7qNuT9U>)R%T7a-Ds2dQLR5>T`RJuD!(U(i!YM!v%+gg&${}8MEL6~)eD*i8 z5Klr_6XC1yjtIce;)M7G7zS3W@tN(Vt!Hk9ZL1}Hy%y1zYt)>%DP=xNzZ+Py#Qw8a zDrOr11?Uw_Vm)}96jxib)c9VEQsks!6-A&mzMGKfr7tD`i}$6E0dGX{&>VmP{|(e| zSs!`<#RLh+2xm>&>mAi~<);Og{h6f4>~KH^BS82Ji%U&XXMfp#!9eAcxdYabr4x-- zN&9OwO}T;2z@V5W-4!I+PA=n0S9+3*Ai-xKA@*BJj^BX*r3QOI#QQ*(zHjTkQ8lr< z=ORmcn4bc{dp4QvJerin(a8KF&YFsO+ZN$OPgXA7lav38dNBAHjo+B18H@J5G%I1L zpt{^%YNr;eEKoV8&j#ON#(g^#!@R@nA)|95<|A7y^!ERwVht z?0X1SWK_P@a=tR2f+5+MvRFi8)*6!~Ib{hRjd!r|{Stp6AwCA%;RuRlz_>ri$+C;i zoP?S2D1!ZM^>&iU$x~@hP-8^TJwqTj|Jm~a_fguJ>%Ku%ng?dad=hpCCKzy|2u@ZH z#A{HvG}wPae=K|~d@;cY;RV~-AL5Ht7x`}YTJwTKK907^<-f`&5XSro;u}>V z#lrSpqrTqT?`$DR5}s5Z!&xL7za7tv;qWZta?~{leSa+@#F)@snflvDGKp7XYcH@V zJ(uF4yvWz22&pDe_)uQtOesR8g@_{9N0&$d-K!mmSLyA`$(CxU?;`!hRVwBE)$zwb z;4Be+I#dx?yanYbhY@21f{&TA!hOct3H#d$KhO^tk_S*+Fma7d;1}wWQS%VNT6dAO z^E)=I`UmY;eI4R|Gp-Tgg+|k{+05Tnd@mcnlJBcQlhK@4U7wRScO#e#iNof-Pz6Xq zE;bA|&v#s#mHWhp%(c>1qL7i}5BPq$ZTo8B8JyslBL2Yg51hai?jU8!c-Z_7CD26u ziF_LiC6Q0FrE&@V>Z1F@`T+{Vc$WW2PqLzwcs&n0t`bT^{a!+=LOU!v{t6lqjH z>$e!jxRd-6N2a6xC33UO0G$W3ex?1 zCBVaYpt$r$PK;0?icA;+?FNAo;%mPoVgRP|fccX=i{oHe@crylJbVS4UN#%bLPnjv z8>JV{qroT>;+KBEmzUJCJ+uqZ`u$#RkBfa%Z!D`3KZy|;Hg995k`sOF|4{h--u?II z#9xQ~IYsCm>Cbm}y8bX{ivH+$xH%=_8FYGN2jOCQp_*0MJsiu({y+`rt@3>`{sM1J z!jJ!KdF4-jzw~PD33Rv{j}U)r0D-1}52pF3(o|HKo1YQ+0M?#uzM^F!@Yo+WA4bj9 z%%`A%XU_j${T`~sPs+l#fOQ+VsHFxNL&LSym`i1(^?Rsu@GSgP_C3_r3!{@SoFCf1 zsQx}KplNh~)!q|YM80Rhchtq0PDOu^3bqBmU(RW5HeKmV@IYez{(|uS^T>Ei`F&)} z;YfSo_;CCvLcpApjo<5n2i`5?&$>Wec2FM`g@vrqtkw3X;GSjgU|XbNYO= zfXPXg?2Zka-^&YzP%P>?6<<%EUphP``)!W@@I9X|$owvtpAd+UFse_J<==x*d55MT z1}N`d()vS`cmI%Q2qdxfAfGz|EC)e?zUf>Df z@_OV$IlnpnP<|aXPjKxv#dtr-{!P$tA^sR^Lvf~pd0e3Cc)p;UH_~$j8nMVq*Ml6N3G!Fl zno9moO8@flf30_SUOj9dgM-B;Z}!Zdu~cQy+rKtJ23_*OC^18O%JCcLKIgr78o=*w z!#0>D>{Ro^ENFFQLU?ON;v5y*4LCCBrNKQ?)!5(Rh+~^eQv8-`a|BD$=Dg|=Z+BGIuXQGrlC4mL#4LdUg!TnvWtwxhN}pqvmVOjWn=X280cKrmX3l zyvOGPL25WNqs&6P-g@4*#(izm=4b zFawq~r`;Rf4lCDBpubrK57B<+vwlB#>iKSjfA^Db?E_4faJ(YpulxzUudMI%T`)hu zA9MGse}0USorr&3#J(sPnU5k8oKYwe1wx=AIekfO5&^srA*1FCB%#QX#OOVZc$xQD z@+CwRa5n@3rV0ivEzOcldXrZ@SjT|!K!|*L8Fg9p%~5to^R?4vl1?uiq=b!Rthyha&8z(78U{LViEYmu z8nlJAd_N{lwYnicr5%ReEB8Oh`0g&FhvN^`N6^#Fqvo$cnb)?TpkM6w4!Oq0Q6i12 zF?3yG?oW%Q;CO(mnAf4xu|`^%+cXm*!|t{hWIxu@ao9Yk1u_10o5>sI2d<{U!{l2f z!Vwekb^YV~n?hfM=%GDE{s1i|(>La3G#(k9G7aM9Q*B^xmFo|chx8PN^E2c}Si?Eu z5vZgIV!&I?9hKV)I3e zu@GWue-z%R!lN{m8Ax$SVhC*TOQ0G;+(Y`l*7&>j9KAm6IPGDEaJY%hXan|CsKpc8a)Yz*@(tqU z&r6PD*B7w2CNqfI#Vh$iX0`hqwng7{2Vk(WN7%o2g(yRi>pHLQlK?r&Xiph z2uM#(eA9zGWcDHv5iRw3(MuhPe6X$gLFtSLpKdrP3uXp30@PsZQ6&ZkqS-~DxcZmk z#h}-cquH$UBC<89Lwhl3zRlp`Jb){D=2&V;PWG!3Hc5K#CA!R;gBCZq7Q4WD8~?drLS=$vr;7VS^Y`Q6v6rt~+OdH&V)~x6+t*$_qeCLbZ93 zvGi7WP3C{73FI-nBKx(6zdkUTJ=}!)wom+p^wwo_kHeSZJZC;HA^ma|36qa9zTe1t z#>#v1Ir2Y^VEtV1u;KN38Qd3-$nQ+z33~Q+EH3Z%B1RTawG+BGnUgl`W3%mrLDYd`rg8q95^wsl! zpaYbaMge|6F~)s9(gHLmT*j$^T5)kQ426j4_A|8}2*5*YB0UODuH#*{Gz!H#L|4G= zzonLZ~pge9-v@K?(`<(4VP(1_bmog0+B#K#B5aO$om&AqpaN zoV+DHO6Qzi*`ROe2i#VVD@D*zPy(a$9lSg2>eyIBUPR=9IYipZ)t0tbJ4t(NXVk3H zcF+bcgoQP6N~9f3PNA2>Rpz_MhSKqM`C{8rI9G`5SWp@Jwj5>8mEp_sli1fx)4C8R zxO&*t4F$wRf6wc--xYSLv?u;E^8C3ja|j(LIp(Dd>$??#`seoyP5* zvvAA;o({%S0LqZLUyQEwN@qt&zAvW(5kIcU&239P8V~EtVl^IefUsI>0KUB^o7ssf z;On;nuZ^1B*&=l5H>=nTi=4$GiXNkD*O|+u4rETYHG@Fv<)~m6`>Dtb}P^4sAwHFA6I-Sk%qAd zosD_qjMG6g#~JjPjJ#MWb$_jyhqORmp34EG*&|zIT;2lku=$k?0>qpIy^$Wna*`bL zV;E@|?`rvxksK@bqh9eQtvqP>F$=O9KZ&ifuwYJ&HhO;0sJPmWwXKRz?}Cz+MKBKA zFSkaU24w8}Q^?awx3}m<3k*r-TxQ~bMG;3Pg=Xe{L+t39DeDDN#xMeLPI}enYeu?I z75u$UKKZ71t4Di-Gr*(`#25mnfEimexFU$_10*3C z9~(xzs5w;<&=5UFxUgBaRhATp-KF8EQJKDl zmqNkV<#!Cg>tzm^0RI}`I)(~k=A-n7q7fCVu79;IAHT-jC}p?+BQn^(W*K`I-L389E1mDrcqQ5d!Sn_qrLjxK+|1(`s_6>mt+KYK zxCHC`Kn`lyU?$$533lU@ld~NXsZ>rM((?$;_X+$H^4BTMpP(Ow1{m6!`A~bdE*=$NNxk4A6P`9Z`2m zAkR>rQwECL!+ohDXvLTt*6~0^5w6yABD8aoStD3V=F`OSe{FseSq3E%4o1`-dR_HV zc>@26ZE+CjpggSk|3myD@aux{#2m)6-uKJ#(xC&t$($^ho5dPsC_A`~rvlnF%otS~ zgdJ%w86zjm%d|~|e)J%0v#3)rZV| z;&P@NVZhY~+fG)$Hl%-Ket*-tTCIs!Hn~Imah?k18Lwgd!CZMVl|#PocJBOMiVUTGR`-S5n5%p- zR{TG-0qiy{cXz!sKh2P|MH^AH_#H7D(!@qx1?fR~PwC}Jz zX$=Dhp-Ai(@dHz1aO)f)X<2C_)qkX=6vY1A;sI(Ev-hs}+L2NaK(ZSIocefXM?J&z zu}+b4ILFe%LC0lU{E-lVCWR;oekY+tKbDZ~lJe;d{J~dt<*j!;e#|99!C@3F<)@i0 zs+ONmkUFvSfQT$@(2|0k6Age96ar9h0?DDH%DCoipj~{{v5DoC2;p#kaD`B(m((#| zx{)&_9S_Hg&M-f#q+5C*%$MxxD8CP%{fo8Vr#&XgB}!xMPc%WR%TPe`y7PxskS1Bp z>XcDhaej4jLDi!=ku8I{Ve=7R;ZFhq=gI}Qjrs$Qh0ICM5Ans6bTyMJp!WSv$@FHS zb)7rOYOEq)4HWHw4U=->^GmOjN85d6C4q5y#gR*UE!RMS+mrSOJ72 zUb6VFSZQ0b%M6-y>KJWTsG=PXSV0(9H?(@0U=BYQ{DQJhtb}5z_!P+$zTd=m)=xu_RTNii14>LtvF|b) zuAa!qq*~?%%R!q_Hdb)eV4#X(AX^rfPdq2xbVmQ};Ps0=1}(E@E42ofxf*>_x&D=L zXK#QvXa_LHHKLD>mZ73b8F2AhwNvUdqEzB@r<6z4gAj_12?>%A@{*ZQ@Uu+kb|%1N zOXZI=8F`V#vI;C!e4)Nmf0D&d?3E$&!>0wp5M-b+R~7IgB%UGEg)Y9rJ}46K^?z#@ z%81oY*B)$%HFDEJ-h4*y2mlOehRtu8a$`K@mtpoXls;1>}_M8%#ulxX8>Zf6grbzuN{QXWzb@x)tmu6c>`?z;& zeh5DX;7TIb;=Go34{8=KDXCOfQt9(rNfJr=EIx$Lp=s=txsqcN?ck8{BT3v?zn3EU zSp2c&%zx4fsLX*HU5Myk4?@#A=mPBZ=J_|2!jo$rO!YHisvi0?2{9$yg%7nv8U)JX zQ!A^)r|Eiq7ff&Fc-grqW5p9@Nw&91>hzMebr1aosko8lAbFS$cx^DXYVc^Punt8J zsTkL=|y0a~S(91FL0TnlP?=`Z1L@ix|-kjx$#uLgC$C9st>v&|dKE{GzF zE0-)7jSaF*y1gX5#-`VpyTf!d#%JgXN5B3`(BCMClA$kE;U!u*t2>fOA;Bm!PO!@_pyjd-?2-?3gc9oJm zOp~o|2JTQWh?v85Z*rSY__b2&`sK!J3l!pNtneGE5$tdZYRFeh?l9o06mu?n47bSF$@ps1)l6NhG{~`d}7GXOV0TroUdeGZI{te z$PZbg>+VRuK`n6ro4X!nL3fklY67?O@^Sk8Tzi*;!CJe_GeF(WNsGwk;4s`TGZ1Fb zi40#g*`^yP+v17}8TS;OWYUi);~rj;9y0DfUs`FLAx(e2h6C33yjYWbQy1xXxuA61}f z>y$?S`~3Vh*YrQf&sT_mex3Y$)j_Y5pPzbYDt^|>5*^zrKgY-o7_qh? z5g?Ze<5X@sZmtUi@{!x7V&JocDs0V4($XSI zQKnrRCWajQRhwvXVw~xYJK1tbGOT4bV9w(!(|Muz5|XnB=`VlUi) z>ck;A6DKVq%vvFAS;4zt6?s_|(ycpoMA`mV`TV6?v&M$CuiSlW{~ze1KXQ2$N{ZKOUrlEz? zY<`GMXN;9i>Bw~cn23nU?5itYA&63a^i7PtWgM5GlloI(Mr2Yqa5<=q8roM6>DqLH zef9H_^l*0H9Hz_nL8AI-kLEdjw3@G+;BQ7K$>bCK6%?7Mk1nEQhzyCF<~8PHzbu{N zN6p|Uluz-z%!$`9xo*2^fOplZun{q=hpoHG6OaF`f!_&qk!)KY^+%q?*m`GNkrj^)VS zjK`duz2C|lx@Q7h%-1m&0&2U3gX*ug`$bADmsOQ69(sl3P<2x(t0z;@<#Q>&TKmde zBq|ThavcgQZi&1@o6zG&)7F?Xf}~N^Bv>g&_6MPT?0SUfuiwnVGC^E>rTHgLoiFhw z6Z7i=_&l%sgdoF-#IT!p>v)WsIEI?|%M#Y!udtm(!Mw1~ER7q{NA6(3gZRjOAgK5R zsFp5$Q+U6EwioC`%=_u2v^W`nz&;sy8eSkxkuMQX!&mt(P@R9#-JjSDa@rj~AEfpY zUD)~nX%ZWh)ZFrxZQC5+;TiFZaz6yW!a#KjGlBPHqR>!sL1H-8p3<&&nS^4OLA@cf zJVzmzSceK@=3L1k0oFSLtOw+ED4CHjX-TTh0$dGy7?QegLtV}GbR{p*Soj|4-GWOU zv*jifVkSPmHCx+&k}O(#Ow*cI#$Q)FZ1jBfRQ{Z^b#McJ&R^NDDf~GT<8!byhETQZ zVyagOqrOV_ped*^Gz=N#_qlIs3NYjBAq|n(0l$~~i=+6fEriN4kisG4H~IeY zRQM8Jz-yRu5^SciQC!sHlmwVI^y5fA><}1cZhn>VtLy=QR3Q$A@!C-?<@cDU!pFr= zQJ-->m&aq<{zDB$ZNtz%5#-Z=u7!fm~FAqF#BaUR={Jd!LK>%S2P~&{elM=YN!*lp!jIUXy=nv7yO!lKs1)&UG%4Q3U-8+h>13Hu-mSw8K_jPVDdg$K(J1@qw>BAEDPG^5LH=Kat-5T>a>H zKS@iZY`mlLfc(aIINoZnv)-x#)rDq(q)!?TS4&nB7YyuOWvjC7qO$qLw&3ov=eZ}| zHzf0q`g}g8Ah&MJk^K(+{hX(a^q1!qr-ZM4b@$g;|G!;$S@*x)FDsMhkOwwCZVG+M z`7jEbBx1+Vrv;;E!J?X2y9UW3SoBx;io32>Ad7emB61(qqZ{oAKuC4sSuM$*>-d4N zw7LI0qcpKoN9E6?`dUMI^$U!D|8gi}BL1)_zpoi- zg7vw`!{^`97sAi7)Eo6T@?jagiSmvy?&T9sWsv>kZqUFB*t-%rYP7|8Tj&R?5v7I> z!87RfHX+Y^xrzc`%jK6epu6xFELm=Uo8&i@Uyb6cS$qkKTZ`SohDGaLy@A!%qt3#!pB4lTC`d+sa!r4mJZ0m=%S$KugH369>#bwG15nSlpr!C7D`s=KB9U4w z>>{-U{6Je1EJ}R-aR`4a@^QF4a5HfWqD0eQz?0~YST%#LWH%nwE&TLcJUh+z25e_z zk1czAB!4BIeM#|>GmFO(nB9gO=9l~ibipi36G`|U6R57b4sy-SE&~Tg8I!z6a5~2O zi}z}F=H*^;Wzx?m3H#S`E8EjI+L-U&-0y)i7_{6KyDXT$0w;T+H;X0Qh<1xSlqd?cIPjOdq7AVf zXteov9GJzgh6BS?GaVh$fhkOAb-sC1(3#;dx0BBk2BwA3=A0i64B=s5B>fH3!hw;5 zoj;O+5fr+BQ*>ZH#3f#Is!TF40_4UBkdLxsA3;sMw0Y;T8V!o?(u9bo`3%9qPfW>7 zdl%)GOl*Ei%5jutXPM+ZjH_tPp7#V&#SNsC@sbVN+UJATdO|q*l}rSOy4D84o!VM= zSgKdEvrN*~)=X?o%6Q4;$rbUH_drZkBwu=#8b1$@3Az%Cj~PEep(_OLuw@eVgPO1( zM2#RpDoP7Is7Co?JV3Aq1AEzx=n$C82p(Zr9OOD6i09RO{saaV&!P>M%QI}4qmdQ0 z))xoshq$gE-8w(sfaPvMgTU<7v<35*g#-^JJ$4M+*xEjMJgX}KXY z6qaj3xj`*AL*^q+e?BYOK&u5Qc8n2UqYB5YP$*cZi6Ja{xSuJ-eLwInsDR%pKD6j>H|oQPvNWKqzKLgKEyz*1VpG znXjM?sist8*{wlRikugjrBY)KBv>({ln>DACaU>F50W{aJwTg2zJmFM^nuYD>m)i5 z{X_v=i@?my%=FpEOv!*|Oiir~ffZl~K0=wE;%&r-6@S2r5r^Kex%P8Y@gqzV-hIQd z09rJ`n@0x{d+@!AF~}r*e*MTf^}qs3`Rj1kTH0D3!gpLWcxxEHT~g@FK_PeH4KwOD zNLbw6N*22GhW&Zwvnb1fxz!HLt--)xy0FdezDo|S$A$ixLG$o=PCE4vA^t;~h2puk zq#K7JFR|UM`N1^ZTqX=%^`pTVeQTjb@y+?gnVh*Yg!gYVBJc#TF50Wux#C+vRM4YR z@9>&on=@}k6H0u!S%=QsQ!b0r*x9>Hlh9XpknJrGz_9N-K#c#)iLXG0^XiKp{I5u! znHY7KL9ke-D^|f`?`JV+@Cn71PS*~Z-@c4u5=zXk$$Qw)__uvjG?+uM_H z#bulT0OOxGv+ow$DQRe3P@N3Hjr@m?f@mWSjljVUWRrNm2hGPni-FYf3-CyTtzV^ z)mtTZ-@78YXCpV&x&sF+WYG+^_v?4)SqK^5_M=b$sKP9kEbl>>US8u4e5)y6l>xC4 ztqLYYF6c3zjlc9sibULM1Uj38Kc!28Z=hg07i;G?I(5YKW6TEqs3U^-kI&|^nA~ag z+p@IW%S`^({Y;)~+e5#n$J+lBNo-xHAlyhY!M>6BMbdWwk<}DhIEe%BltSrdTZuUG z=GX54&46IbLx@=aU<(T8NFK&h98Z2?*BpGwN4_1@{x&U$X{Di*qM5mLN@6vLrp#q; zImk{=o)tO*V<7z`f_@GDlGfhC_#m6tOoDo|$Wz_s*Pq}gi>hL2#2x__QhpEo4oN_; zVT$1OZYgkplM6z6^9%$6`#@IYk$gs$M->;TlFCt{<%-wAYSB@zl_ttZJv{@-^1XE| z?slYFhwN>4uKTzXUaF_hM7dP!E@VfDAt3@$Vlcs6@~)nm>-u zbZcsdny}0@BEaoXBS6Ach9)fxuo27)1Lp>ID9TETfK~+q2C*X5~BBMXgGqV@<7o zCUe$iar`3N+-=&B5Kv9F+K^)&l-fFk8u})I82QAVwQLV7zYRE6DwB;tCp-lM#lHgo zxfhq}pPgI*0m{X6<)dCbzL(d=6|`S}d#b+{GeFjCM++nk@W@L(AkhvPLqHUDC*Y<4)RfY1n}{fA&o1*UJ{V4Rv5hFlGB2mM&vv<9pB-r zyO?T|73O1bOVA<={s4mwA8vit98 za~%ZnWv?dpVRd6`LzFS~JD`AVsEkKc86#W^iKsLUm5Oh+Z;@jD85#2~<{=9cd_=V7 zNb!dx@Pr)!=g(_!Mxoa@BB7FKRgCU<6MhT%#7=?M2;>q4zka6`X**SM6C6F-b4LhK%*hi>8Pm1YC-1HP18JtVEU zAJGXsD7t9GthxjhRca2IEAgW1f|NNZcJ(_|0_AYk?k{U#DU272$0DhCl%&I$doRQm zHtr|uQ<1C)jE2maQx}qf_$m;5+6UYg&JvoG`ok{u}d|( zhw5LoyHZy*FbQZiupqLIy_*7C*<~WOHv`+_5=K9zIb^OO^1$G3Vo>Y4^#1)oLYayp zju(?#8lsysp}dNo7lZ${It0yo%?Z}Jnf z{X~u9dW3zj7mLB_%k(lgvOmTMz4=?$H%EX_jb z&F7FE^rqG#whtexZWq3OyOzfNeQ2b3xV*91`XPUY$Iqz3+}dt37YmE$05@lD#tSU$ z`a8v1`XE5si7pB4H1>jo+$&P(hkV~L^OB(0|TJDpX|qcbLxv~vPgI7(pUpi0{yfE(6iEs;em?E zRBMeB222(F_482io649l;v@Pq!jF(&U>1xXJ{Xl6mA_g zsvA=cNF|BX6GZAUGz2Zl1akus6r>s=Nb$Mvej@d$2vP)O(yZW+xe7XU~;ILtBK@} z>t%5#4221Y239wipK)&wt@-hp{ieoCUnB73ea<-66*yUq6kq;&>2^Hl(`^Kge=z6| zj-}srMXl<;PTX&pNq-Zy=H+a?O!{qj zjkO=fh7!ACo5sx7*Nu;Ba))HH&Xp+CA%EpY$c`+5;9{rPrfpPPvm$8LYTI%$+u?)0 zhduSP>}l#RRWr4-stmD1K$5)%105PB&drqG}agxQXT5J>A zyBkY=g^B|(D7;S^g`N=7Nzxm*Ds{OeSy^ta%Z+r@?<6quFMG%;+I`DvA)D5s1ljb_ zQ!JY@LD;lYn9}Q9%>-Y6yjf7=0b_y(xT2x>6K6Z8tEv9*g!31e4(fE23iJVa_@-nv zNHgEeK-VF4B|^m6qgtN8agtl^va!YsT~qVTzp#q9spgw=X403P809^63MO>P2l{>@ zymqx9=#4tl90+(aiLG6ssofxmreY8+irf?*h6F8%A6qlBnyNe6Mf*t(8a&$o#$H^8 zwyJT~5OG;MEBr zKKC8`CdjoamK6!i4MUgD=e|1T?|RPVb6?Hn=kV;7i*G!UH13scH*df^{^jYaG_%}% zbrtyB_dWvr4ghLuws#n*=D!46>7MRASLzKR>K@Ee7kTOJ_zP_#71p3a@di*jpC%iT z<|(-t2Y$&$4uG$pIYF=1^cR@0qLT%&daL3I+B|57!~---)ESnf$Qs1GEwmhcfy?!f zJQTlAyUC$+L|yWHsK9E!p~g?nGCj|uvhX^mhGoq(p8>9*p~Pt)$hetBHsAbfPN|~`A=fh1 z>_oy8^Cn3)zw?>03J(zi6g;{Y?lBhOLn%oBj|=$kv9wAajtJx%gZH2KZ=@c|Dtz0< zw>R)jg)3<%KI>uglMAA}7wosWc%(=?AvZw0`xkrt=Chc`?xJPL*ibk|*K-m13^@%u z8Q)hHYt(ztoHR9nfL|umNBi|De8f9z+2BigTvy{?znyy_X@pV=4$``Yl2~@XlzerLH3OJ^A`cNAeh^ zbi|L1ZF(&A94)KVvz3eS@qk6CLZx~CR1LWOt-4UTAx_;5>pj;L3?nh5*k=1o@J!sKK%Sf$^B$$)O4?7wPRMrz=F*vtsZ zN)pOm^&OOT!ben=Cvjn$mmCNgbkmcRYm#6-#*crBC|eD1R+LEuLf>T+Kc}IrrrL|( zmdV#b@j)f>J4F0k`Ebzk$hw7cr}Xl;*{D-|KZ~II`{Kt!3_syIbE?=4=_c2iBds0b zYZA?II;!#_o$-LDyU~Cw@3RibZrB2`zBqO`u*e9DV+?F@B3t~hE8b&^&!Nue8sVb$ zh}R*k4}op#SJa|Db*AD0D!L3j34Qd>ukk8l)GX$X1Ov(#eNx_`7d2_W-J<3YAa#N# ze0}@t)pA#QnwAba^(_Pv1g@a}n@*ttJ94#9%Q{;uH_tb>V7!7>xVfYXQxgF;&I$l zJzi1#C~>q_W(o64@gq>YxD-V!Xxrgx6$Qz;Uo~bO685Vr zYqnCVh+!zY{jg>3zOUeZ@KFiT#U~=<6X5g-aU%~tUO-Rm!0sF54X$U$3V8-FlBwH5 zN#!>q7DT*PgQnvt=^yK)#!!+LBTMEJTV)!(S1Qy4?pGU3FWA9$j4j0*&|({r-xmk7 zw9^xaH{{GW-#$kiiP>+!3YIFmH>>wA6r&|)V>*JKS-H3f5WrJ>v?ZAUgwYB%%H-O7 zYygrrAD6)Ae#W`sysK9zEcO z`|c^oBnQ=10-jkNOCKW`ao2(lqj4YilP9aABs+w_SOug*Tt!KhJGIK4WmSezGN0JM z%zWZ@yugupyErnlw-E?BFUb3Ke&g-t54?z9Itur@>!@C&z+KH$>w0vtR_f8=zrm}& z-mkx2n+&@ANzGpmTfZQe7KxCBEduY&hFA34WPajy?pDr3BCx|u9WNe^XC2SP?XvfC zdl6AEakLM?aV4lh>B2dI4%WbpOr|N0$pGthTmU^#2`ge?HTwx5 zbwI{^LOdc_KC86j)epU^nY9!^EpJML_?8uMSl5vdT(0X#JjM5KV_a%sxnM678#3abO?vmI&=|q&1cYYHl|{c zj0Upfdu&0`*^#1rwnb%Xg}8iCD(YBS(rkKBN%Lk0pd-ykkTHD;e)lE1A)IuxXEOTK z3dH&z+n(!5<_f}hJ)y!~>$*C$Yyd{;I05*gra>CSSC?Hv#*l^jo_+CYAR@Njh(Det=?SU= zjUKh4ZJ?sC<$WuGm|3^)K+0GETW6USn964!{)V&+wobtEJ;r-D5NT-HhvwmySw7w} zG;)?D1m5vY3gmUEP%r6;@St5RcjLNeLbj;@f))<@Q#q002d#n+?60=}1si6kuQ88>J z?0~#}pD7?ALz}e)>@32uPX~QAu=f(ebMTtX?4ygkqt)$)g=jbw6kO?ip{9rjcvW1nB|{F z1sBdHJu-iV9hd3vuH=WlG&{`^#iW^rFC}SGhh(rDTLu#MG7s}o(Yv=&d@NGjZk;RK zdjXdsSCr);(v^E*D-CnX3Re##He-|}-sw$9+n2Z(rM2K@SI`atLVe6b*wN&qaM$=a{94Aj z0dy~_c7!DVLYN2u%ViMtZkCdP+d?2hq4vANwzPq>B>}-SIF{s?U^c<}8}%IsoivCj z1%4sv5psvD&=Hm6RU?=ShDY&2hhuJs;5c942*|ht`5(;kH%gWeUvezqHuL2WaGLUfZ7#Y0-1T(4kPENG4(Q`6>pPO@nQ#ErV-%Jx0YaHsY z;6-Vg=A*W26No}E_TQd}$uey~$LP~2jNYvb;AJHR_kBvnMlMq`x-p{k1Y=5nzKoHU z28(ZF6B9Vc4d?0P5Zkpk!oVng3B{$NFGC@FE2MRCmBYb}HnKpQF(&_m3u-%{x1eP& z@p8z!F5>|*pKa=n8GMGT?etx!Zq0y#spT7ItDkron~2CKP+W^V!R|N7Q)bpqc{Vv;a=0Mo092MZDs`ASR3Whne1v%il zZuHYGIl9dlzM~*SvI2rq%{)F(Dm6GMO`l6d&qbVORRm@`WzJ^nyUmZ`Iuc-*scdCH z0+XRpME;tYSb37Ce(LDok>(?jeK(Mmn!0v49u0zG6~$|yD(#SCC7QUscyoEe8YI~D zhnNX52?_>5OdpRIm?wsuu!BETleW4fT^t0B9ZgU=$tl&nERe27g8Xt3oEHq^z@qPR4?T!EX7HvGzi_~Munwf68zsyQR!5qTfpo#hR1}W~UIXcIq{E}i*@{F+S9wBKEK5g-Wj)&$zmvJ<1$#lZmu|$B`H@emZpU;aui_gJCLBrR+2#!kv=lDsaoI;V%iJ4J-Mq~ zK2RsPsS*-_Mf8j0vVGEVOcfyoeYCbHxk-xhq4<4~UofVBieL^5ukxwD2O0&F8GHq* zX|E-oFHgdYHvqLL)7*!hKpp><2+8;y;YGpa;#L)0U}lc+5w=SJ~SU=X1_rLcZ(&kZ2!#oPe$B|3n_ zlml2$J*@+H_L<=TvI3L`hbTIL#F}53kv)eU@g5X0ht;AmfMCe6@s!;-$i$JYkV$qgX7sbuB+py~2@y=I zNoFoJSgBkD2r#FkXG9z7MHdi4Ptp>;1f;wD(OS|M_64qwgBt)L@A-t0 zj?msn?3DnGn_l``a>Xc?ej```7<25VN`~iSQ?%AcM8*t8p4LX2ijH56j30oR1@Ox` zi^Ywv#m9O@ZL~||{y&?K54ubRKY~BV2To}NR$PtTD zsbVB`GHs@Brv#-E@fMXMRjNcK5Go1NTAKk2OaUdFQ(=G#d!)(;Sb`S&JiO{FL!RYCxFGua6TvBgF&% zlJqM{P>5b4f&*HfOUt@MKlV#%KU2<+d;eq0Rc<` zmn_gh-(#LTn~k9)JFBI;%q6soye*OEA~1^Rk)?4T|8BEwVIKMF#}8H9RH&bA!7qt5 zTis%pld`6jIdJ5O?*fS@_M6k1D)mFc@r&~N`}3td7*w4<|6+caKL=5ed^xcEX)L2h z0e7L-vzmE#E9;XUxZ4NOpM8}cC;*{+1i;;E_L}m^3j`gCX@HN@4~R0#6?l@_LH*?H zgOv~JmyZd6NPmLyCIIxB#^`v{u|oMm=dgWJ?`5>_t%vA^e&Rl)kB|iTxF#eV)$x(? zPs*$xn@$o3rxQmwX=<;;AMMM2(a9i`_)YeF0XBzD1{H_A1xKX+F7GxSVSYrQWh1~J z|3VKtU)*rkE^k8T z)a>-}cuz2vY?M6S-2`36*FopQJj|bPGY(Eok8fopH2#cTfbv&1!a6Z*kFb9(oE7k2 z?^{wFWwE2M7$>hVbaZbuWDD(2GkI)W#$4PUD$}%$obdza*gbXi$m2{~RDPNMipa0I z10g4+;TLG zCFX7M7cizYyo?YpaZV=^bYhEqv0l`x>R48o9?!-)7S}O|{UWOUjA-eZ+u>O1yZ9yO z%6t_~qi1pBEoj0R$x3@u)|vGai0zPB&iA(6T_@T2rZic zh)wTPI?fs$#M2Vq1;P@Y0!%=&xQT_3&acIRQpB!Wa%`#0?Giv<&U`?fcYAYgF~`b-9e#q3=AHlfq|vjoA~DSW&$w)8{%3A4ewNIG?A9|Ug|J3wuKOLwT; zb`&4P$V7$=N?%RfEs2n9IoA(;GXt)cuW!x;RA?kzzyduchh6}cfgGBf(pr4jBf|leepeMQNzeZ8+nGD00Uhp4ZNpQg( zss)$YLm0h2VrUM;{8k1z)8yPv9TmX{qg04;@ecxUD2ezD|3LBBH$rv5L*`cspk6%e zT2b^i@vyCKkin10F5cUFl+dH&zO>N|7Mvesp&cwF<9=>v9PwL(K$gJYFWsv;0{+ab z$^rX&m>@p#ugc339J8&Vw)kDqrSQnjqQIJs9J%}U1|yfLW)l)%f(HM{k$d-DWx0qhLXs5V-^Od%AlZ3+7^Zo#;Ysel9NQ1)VAxxtD(K-N}A z2jK~*6O>spL70oN*ath~kHu|($+0K{4ug%|Oe7bzLQDTqo1@?$f``@k-$?@Uz2;UB zx}WsMiYDnd6;#FUV0@wsLh}5AR_K8!7Yaf<5o!>xjWAM z5J|}qT!}*Bq0iD5mZ3vMR-j2V&!lwfc4lPy_{Z#q455{xA;CX3Rm4p;s^BdpE45iD zz(%i5R+wb5=Fr33ej+=+TGrfPXY8CCb+Feuzhb_Py}`B?(AyCZ0)FW}i8TBKc>P$u zMhd8i6r9V^q)8i^8*wP;Q2c)w&j3v(z@cUuUlOu_TGL=Sn3Z4_{$jEiUGVnj2Qt@Y zyC4vn##Hha7ZeG0yZG~;MwyR_zb+vR_|IqpdaeN1vSeQ15AoTpzYX5oK5CtQ^s$6N zo<$YBmvjz_!_u2;X3M>E$i?yOHLW;+%l{A#8=jqs=gl*mwIgQIi8EAO?mI#14VeR& zp3K&x$=2u$C!jCd#X(sA=AJ5{yYPGnDwJ^@`1k+%IANE^CxZOn&#IO$^pW|YOi_$P z#OiR!K|_62?}^&9Nh7CfEiu#ES>f9wg&WLgWL=LVk+X=zBt1PvwhzTiBqHcNJ^orO zBYqT{kXujYl!oeVz7zjpd~)uIpPl@P(i{WvQgOW-0EDgEDwVUL_<_5xS9!~^4v7VS z#c>-)4wB245oKwa77Ah$&MufUm@P6>A#Zm4XzO7HTX{sjjpt$b7>Vg&evKhr!?QKg zsMmxJbN2jN`ox8 z^Vt*qB#1o)6;tt0Jk6IEIUXo$&6TN6;b93PF@NE-z|-X!ls(VakFp(K(z4??GZb%~7K z0&i;k78GGo4GeO+LpcZ2%Tq1~t!>obXOI{h%{|AjIXj*Bt0Cp-0|4u4K)F>B9yah)HAq$eO48AEZ*&hMy_% z=KC&7LtyrDE4-iW(lL`YvoPXj)43%;Y%$Z&5S0Jg!kAgLS#t^t%PkZxzKs3>*MMG; z`_x4Nfqyb4Arcsu)8i)AaUy%k<;XAd!v+`Nm2MZ2qIE*^D&$#$4#qdl5EDOds{QY&h|97bVsP742 zEc)ebeGwkmTkI?!E~B572in7FW)XWGl?R&-`@o%nni;0QpATY|43>dGOpuJm)ybb$ zipHaC|1sURFrB>n@T#^~PM;7xgq}-PVj$2CUTYxFcA*cqAnH=wGL^+%a~Y=uddp40 zT&F*>kcpDH{z3Y-ZEB`*0PY*pCA4FtU~~ zut65zW{w+1Mu8jt;-JG9L3IT}!xJyWmW%^Ak)1Om>&EEErR2P5GKNaw0Ix09%2`Z= zHc9g`Uk|Nv;XoT{J8W5`#pdV*}K}@l^n~ zXwH~EuNl3AxR<>bdN_q6JtQXjMeWaPyq< zy<}vc73T*qC{OxuAb@nsL=fxExrkH{2bR(IH-XPV3{qN??&GiWthi(SK+vGWISq5r zQ&lcXCaW5TvIlY4gQ%GMSybF4V@Eg!3^#Z1WbWsg>6^5D?r`%r=kK9Cb2XvE;E6qh zlWRW9$A0Mf>8htO2Y!eN^u!9b35q@e!{=kw{-01CbO2BleSo!B7RAsF%Ugr+i~SwV zKK8>%@xRl<9QXYfzy2=T52Y{dcUWKOq3V)ZdW5)odGhHy#8+=qqtj19;=WZ$RAxV< z9crrLZ-xDX=ly<%1-3$8a(t=3D>QQU%Fve~?2Ng9JCt?GF>F2({K%S%{U2pC zFPQiGS)ln;|3?|kjoGH`0GWg7$E6=Boa60G~RP^O600xYhIx1Vv4mmT!ns3wj zg9>}8^dT>8cneUub5u!oOfE0X~L}tmc-D7-ye$4*z<^PvGAm-y!(Rb_ITeFt2zhFCM5vcWlb{D(9a&r^oeN5#+uE@cRb&4)Nok z2>T1aWkF^Xe(xNA(5p&3Li;i%+rN4D^!VaR!UwM0=ZKVBoz`s{x4YjYv_OYWW zP_Z(%hJh)W7C@0XiMtwa!PKpT^rp?Pe2<+G%94Or?yWtE3}15)bp`!Q7w) zMw1uumn!X3lZ>ALzhRRk9P9H~BVo)6O$5@k91Z4pZLEpDZ^%C@r)T-^Fg?oc;YStZ zX!cO&Cl&hqt@ZY$$U;TDfdsB5hR`xHzXZm~LgO84{jC0zX z-zsS#h)o< zbH9-c&gS%;5wJFo8aeX~WH^TCgv7(Ua}N0^Sb15CzD+Hu)pR}OAMPm)wZ)ByLFD;<7H5EJm7!&G*>!^mtx2jt=5306@Xb z0RGbcwXV_;ti&)|YL+Hpzo5Xu20=>ybsCPvj|B}fW}xl(p1co9_aQILAuKXtb{~te zax4JZ0YkqD=wd_N2^b-g=!R0(yrJ#DO_vy4YgKzi`IZ6_1f{P~CBC5Xl1b)CLX3=` zCZB(LbF~Br-Tl&2rN__%PCwvtK9)}~^GU}yqx%I9E-Vy<*E+$x8(S^V6NfESePHaW z_~S;YNgqjEP6T#)^vzal$?O&zK{+6th9&8{ha({hUoT!{H{_egNZ z#FzZc37R<}lzA~S-OCl^Ym1SsCwMjuT~+qaZ`thCb+RfamhKRTnrORiAyI+^^a{(b3U51rx%pp%$R~!5`0GP7BRU!ys=*7}lU>oT;qu3z zQO8ZEAH(_T@7p2~{~IC*JF}Dc5>TzQS69Dlr}qAB`wzR;UygU!b;fzYSe>>M%(>WM zh)xW{kLMz*`8;U>yWNR_gRvJJTk%7Ju0M@{CpK2tBI5{7#G?}h9vawSE}(0|U>ymx z1P25e5=P_8#>obadbKMGZ}HYfu@Dx;G~!AU1s|9P#+xY;V_-lY*f*I|1+ZiR*Sxt+ zvg5f8@gWWq8jOi*VDeD;IrFnf`Cg>;n*C*ojD77#m3~y&%&zlILJV`HijC>7(d(CD z9pY7UC2KEPVNo-a?@WCP_{BO7le)-#*24IG%klcmhQu&*?{7w9TRqm|-Ph&X+d|CuBGYE*O7Gc8YPbSMo zY=h1qQ7$uMCL4VL_=vg+7%iTl6}{@0$Enqx{16iCF*fOD_cGT}~|gkHsB zj`*UE*mR}=?O5s2LFY*luE;ib(XAmsCn|f709Bnm=-@j}6M7>D$~x2Wjs&IbE+AUG zU#MI z=5F&xsWW6&NS4(lP*3)#It-~hv|b~`2U^d|ILydz3uOUo%aR-R;UUC=w%RP<56WM; zghkTh($F;f-aLKLoY_Z5_B^%#h52=Dpd=d&>WjLH7wV63{n7QsjQqBk>@LlPJ3wR_ zq*2?uc)wi_gy!XO4P5v*gj+FCY>E`)Ype2PAMWrdpeb{{@ImfBK`{mwhs=AWs9J`_ z>#4LQZrN!*IIupYID5kq)}H^iTWK(!6)Iro2Y zB+0d)2*vC1#jdH3nTd)tT$4FnDBNv6APH^V&?c~F@gDOSgp(5zPM){@T|low$%6T* z2vV@yVHRpyDFz&#QXoKiEmFw6Hop>pIPYnw8uEDTI{apw<+{HLBu+cc^y_mOYI}H9_o>Bj2!@z-1Bf z2jIJNpVbnb2e(d$7;fS{UXM)?{_#d?85Vd7i zwdIJ(Atr=A=88SYC46%^$0oJT&XK&|BAE@4yq{=g9gNh7_B>R0Ne}|TcpBj#}D_9?jbPXeJWYZ>#U>WT1ezVAWpx9+L!r>l#k4> z6+Y)U5>EteT%hevwk57`fm13daLWF>PH+x#A?hGkn~w^U#&Xz5n-%lt&b%AlJZ|(d zx&TsQww$hC*7CA?-wYPCgKdu9qv31JbRC`r$~L#Q^S6@=1jT59O-IH0RFlIX)PD#U z#7*g7%;Dme2m7s_*Z#a^{NP`HzXN*{j^9xyYCFd8{Fj|}$XWTa{R9j4#!AK2ZKX+r z;CGGL#GlIQiuq21lb2EFXZ=6Z|Hg+WsH5ud>hy8@OYC}6o^FB8KdGQ)y$M1Cak-ow zDQcY~h{>m(n9K+|UQU)jX*bbB^wqWXL(n~W}+5Kz0K~n}xk6FWD5um=G zQ0Vvsq8>MAx{bkdDZ7N%k>{ zOqU{)M>_i_NEJ6J;h5MD(#ov=6a4KKMwif$NZV)!e366FELcM9` z3Q3dOF3~2ETN}*bs0T>P;y3v|4G#oZX8VDLVu#~|z=Aa(A@K)2TR;7HhdX~8w)_*h&4mm-wod`^wOxbc*18yVwbr(&{7?v`uV^_OeSO`v;v zZGSWRfvZNd_(VcY;_(6qSOR_s_QY`OvK(VmA}vOs zb1mT*N$24%Ok~3Apu?t#St3EWzgwFrGbhc?-Zezp3+;y)CBE1gEiXg!E$vG~y{v?D zzuH(eG1oA~>cS3?&bPmc5Bfg3eSw_tze7g1FNxSdHjykvc0fk_hn>NPU8owb+!cKo zId37#aM;K`pDO(O4*DSRj{7BTxsq8El*^lk@ne+z zl4E(6=yN`es`fj;5+ zvbmN03FJ}aojyDrE9_@`NejzxtTO*n{FKN*-_fVZA3w@N@B_Vy%C^AP}{0yUrgS zpCOsVNFyQOrByl4aj(!@R4AXwMcKUhfV!#Vn_KVSweuW0aLdng*x{TtGT(a#=Q)x( zzcdCHjjLBc<~K#oa~vWeIL`YaY&_5LHJ5-zE1TG0uCj@ySABQL62{Pc9sC6f$XTu$ zU7*l;j%Q#5Q5cF~gZZX|a%!E^2qAe8k z66b!c&xeSrJJ0ch?P%ZMYdd3MaGoO=AAx;=tkXG1LwCF?CL~Y1f6w_?`T2$=iivc7 znGR4`>QH|gg7K$g+5A|GQHlBPVJIFX<=Ovta=xKb-!%s9tA8N<3eR`xe#p+25H^8+ z3Dqb5yXNmT{u_ZT&@b@!zQz=3X0-Y1X!bJ!11JAg^Y=pf7xenyoo^V$exuJ}e=sU9 z73T-Wsz`FPJWZj0egLBwj~CKWA0GAmz*sY_AXI_``SvYBe|x^W28}?rA)mV69V3*y z)$;?~<*JjUk~B!xR>-5uSA&uB2V(A=y=V^PMfINfqAY)KOE%6oUmpC(nlJl5%6yc9 z`LLe_ALTs%2g`+g6l3;xSyj&$h-dORmxIc7&${sfc?Yec{zQ~tI{wgKa|{hxnST(L zAMg5lBk`sPJ^cEh3+^Kn;v#~Gxfo(HdcUCpwf;hcUt$CP@0>6A6ScUFmImhwz;&E2 z(DgGl(J2sAr?)ci@O56xg6Iyo3i~MfW@rA*G0F$%t$^NP`iZ_0`q0lSQ*UMd0Qqq> zb!%0AfV{F@0`mDs>f9!T>~VkQW`0A^Bm8L%@=t1lm4?}J)^3O1Ev!_13 zfLky};Q{l z_#}#H70?smX>RDj)=3)-E|?!Y8x&CINbO^}e+5~H*q_Sy4?9qAE=6zLIFv5oX*eXI zhjXx>VBuDCO}K!`N)}f&U~-?AAG`pajvBkqw3t(uTgqlu~ht5oM$4CYW`P~ z@YBtAC|sNXI{)`pt)Hj=`yKg~Oi&RsL-BX*+RF-s5A4eHUszu1%~BQv`VSD68i`2x za{8)$5qmJ2e;A>E_4??OEKWc_a)ukRA3lEO1|O&Jc=Gc>Cujeu05(*`C&GWBCAclq z!!HUKDZ-o?H5n&r`g=jWxu2+knogfU!9X%CBOpYL<~AW7XE?)Fmgr`}1YC;@CtaxK z;&)QsmzddCh9$=LFa7@6^-W4i18C~}K|f#Q_b?;a|K$VuPfHS zILEN@j!$S?qs2R_(!ZSlZ}q#feK1GP6VwIg2_Cz-BF3=e@-Q*0%L~W-0hR`jVqv(N zyodZJ^FOz^G6B5BTYCjUXg?^7H^O8&jzEZHJGZNfF_(uw#L00>D!m)xcR|D8rz{GI zIB<`~VWRfsJxmdwS2!V0r>;~1%xS*2Qnq7x8BJc;&Qrg9s!h%pFe2%8ngM>WYtAf` z89VWkw@wrK&@b$&k^7`UI(IeaC>lVfw$sGFUX>Pp^q%hpf)oQIj0kayNtw>=!xrEYq!z;cPbw-I~&70 zCcfe|5B(bh*dIp)tFP?>C0Ho=*ieUNdN3|@V99zV#+Er22sl_><`?+Ijd#EuyXhV+ z+f9ew>l}oyqMA=rzz$SicbN-iHlmbSyuJs?vZ1cmeCN^dhPvwhOxS)g9wzY(nYWPB zSkVDE(utqVx~fB$pTBX*ka)H#i$?al(wC$ZA1;+Zf&+9S0bl?kgT&NH5@sZ1J<C z3C=XYG_;c+tfT9T^zGO%$GC>>*@RfY*9ay6mG;V9Efw4_cJ{0h{2l>7_yllaUX(J7 zdlDJ=2mI}KlB>8dKcVeA_H@d>j}T%?l6t$^K$>d@mKvt z@NgmStK)#GPS5|V`^#>SflH@f_m}avDg=K%*7>Q5`B-a&U%vVi-?QKHEh~IGhHItj zITXylMS)3_d)Q3XRa6wmWvkwt9B7uON_sej8%JxT_fA-JO|8}dQKPu&+`gm~jqmxyJ z^PCS*e$gRk2Ma><%L5@d|6lG;8%@4S5G4o<^ugn=L#{Y+`I#(`)L0oCHvg>|6sw$( zeYJK2Z99mf@fz``;O}GZPY`fqF&&03;E`1)`!N5UGA{o_*yZ;1eY4a}V$iN%mZx})Nc&v zuk>Ko&C7DuSof>KZ&EiUG`pVZk1tX>4A3mz07{mV|oq2WDE2t1>?2`}+_*3E@x#xfDMce{-f2 zdIEr$Fjr*rdL&pmpluTmOmKSSxBte|2kDmeey-QD9^v7kX3X^HYB%72Tv9UB%!v#C zHp*Z4W68B>tfiOR8z)^v6H008w{W<}vZX)$h{;4+mTEwW&m2xO&wk8R^S8Jn9Z%>! zVm=nBhO&Kr*=`?Il%x;Ee|>cE z)&|+V0bv!_L|&zpIk9`}on$WFkJ%Yc#z@MoT8|idK1b}tTGEw#gZY#Zwwg-82-mQ9{kDDhx?`Z;;Jhx*@)J# z6mAUc_^Wtl`l>G87s3szEvtc~w-EEiK^ykZ%nbqHH=64KoqEirC_=Ve=n8l#ehQ8W zd?d{tv89KRJzk2x@odrWYWAO9v!mb`kWI($FD?NRgFQ%3WCprWY)u=eYaW~J;%S;{ zZf>#TBh!pRwnqc}9=sEk&1I;d^qCgq1Izmc6w4D`s@KO)(3$1TZT~Z-MypMB1(3z> z!K?64fEizo#}wdE{Jsc)N)bC@Q8yEq$=5H2;t2NeN%`e~1P{5Ucr&YzY?HA;jby{E zn64X0eZNg@bg5p71-uLs$SZDwtb{t2_?5667@P6iG+twYi)Df<=(=CvO00=*ESzGZOl)=Mx z=~O)ugev>m!hAYLnCnTNmtn$A`j2L%cyUjB38en}mEnj9I7s{yN}S+u`=%{a;}`1V zr;MGm-sfPVbWKq%ln{Bhb+*HFSrqvh1$?S4#D{XUP#-@9@ZWIQK#?V2LG~D1{58LL zil0%KyW2t~zfd1P1?FuLn8n?QF`>&pq80Rl?cU;3n9Y&q@$G?B3WzJd4^;OiM${Y^ z^B3(MALm=Vo~lk_Ls@g4p4 zFX7J-gnn#^y!p?d#43e>bvN0zevtriz8y6$yaS0d<|3`+%w&aOfIv2ql{J652Cw@9 z5YW**N=0;*^2Z?NTyqZMWA?{nGlM_W`}ch&^|u#qZRV(>+XH_iJ!dO+lOfuUjj0mJ zL~4rc!DzraY+*=NO#xGf;!h|7js!VxAztvs)dj86dOYW~Jdu7Vxvn-n=LtT)wD#FL z9+Q_xjqC9z%LVIX+Y{I!bd`XW8hAM_-4ZTuZ9;NU9Uke{I4i9LuVA^B)M_7PsC_?yrU!XSqthsasv2^RS=iWIw8&Ksbpn7u_J z)pdl*mCEKhh7(cR^sz$Db3y3G_I$UCC}i)nL>wmHzZfEo%;hKhFM zWA|9v)}x^5hFiHaxGbb_Y5h2Qi+2j1%H%0n{<91poyoULA)m=bi4s{3jQ|_OFOz@Y zacEBTtqjtHHX#E2lRk?tEs;#FcZRQ+D+*FZEF$sEFc7$SJ=GplHsjYu-2t#V>gPl23`(1l#r1(RdXNObEa60~kS@%+HP4PDt5H`)Ve2NN5 z!{)$y%J+vY-Z~E}4rphl7jFQiLDz+_ZgUFq0_-z9wfr<}PhLr#D&bs^&PHff<;mc! z2&^Huz@?EiEQm9l+|iYu1w}}?NvX1>U6oQOB#{WN;>rXghrj&*V+-_HFsp!euZIgU zyg5CXubNe8j0PizvFcQHmq`9V0jRC{4${qj(3cP-CYXC66{?C2ep>rH!0*A$RH#dv zUH-72Ps|@pxb(cA?)C8-kXh7Z{^V43E+{d;@4;`4Z>cfI`H-`IJ|X`O#)B^U{Vvt( z<0rtfoVol_2e#K0Ko-9TUnbZ;p6(D^733ob`d%O5o*=!C->A-_X7gqTxjQH^z;8wP zt3KqeARmw?T7;LoRIiVp0LyZw?~yUq@3E7q^@DHn+OeAAV+epdv(yPDrBfYbl`Zx? z6f0&~1m;`dO%r+X{ecg1ppar`in&d-OCcci0c(CS|78*#cwZVn6$LmK0$2%fUj?|x z0UYB4l%xp2y`lhL1erU<<3MGMk=Q+(mbE-19}kY(lzgKmwsNfw9ZtxfLTSHwc>b=h z8{$vbBHB|6>Bfn&I^q!W$FwuYKm=5~~KGQI%H74FEDXmrh8l=0YyAqJi#n8*1o z?#2S-I~nKq;BK5|{`f;Ke_kk`-`>Io^N)=I|JaPV9pHq2`;H%le^RUs#fmj7qKJDf z4QrpRO(!NSYk8U!NHj<{QsVq;5yZNn~G^wu^>ZPIRFk4Y2m6RCh?a<&@xw&h{^0+#xnQ`^0B`c zLO0=?NhTrRRvyb6`3;_Ultz9vlZ~Y2qQ+1PF&Fu7DAkHDpao#y>Iz#1RF*nllix&a zE|VZ*OQyQApGIEjK~+LTxC8&j?in%v`18Ma$m(WV8W7-96*!~|2;kc`n_>bGYjur| z^Ba{UG@4@c+mkxU+-_<4DC*`5S3BWqzjUUfr6i&D(!&L1DM^HrBjfc2S_iS#LPRmL z+2YgeAb#72C`sk`jJLJVi`1UxYJbA7ElH@IJS-@Q$8Iao852ThCdYLCMg3_teSTZA0n#f2!a|4=lf_oDRB?njtQ{Gh=Wg;h2&JaNrHrNq? z2wWeFnLqtZ=15J1>kaUa`3sVg**8U%Oa_8UGuEFb@i(VQ?Xa3V3QjLIa@$dQU=lLd za5itQKLss%l3=Evs`7)|+mP?{62AuzqF&mQWu>u(P`+R?517zMPH-7`Kp3BZ%%WyS zF3?#-!IS{1cn1_C;K?*7VsE6#!z|JY|JCURB{8NP}7rR0t;!LQ;__1Nwzv=rSd|wSt5O2y=t`D;!7gP%7!FbO&0zk z{`UPycf@XxCG!CTY}Oo3VvnCD#Abqdgx^BU5`H>j^Ly}g68rlnyZk~ZU%Id#+9R zlo%Zt$$r{f#543tWHk*}!5oPD$_F9>eU^2=AGDU&OGy&d#*>0ZM#r~Rl==$y^u=r; z*3l;=tUSmthYa=tq}R>@>D2uW{AURs&L8voBo#X|tX7?}&U|z^2cPyhIY7aJqmA_i zUv|@l)u5R~PH9o&>xmPM3{cT-Dbk)StH|tA^pST_ zy_aFR*^1(9?DV!V_jk&o1@ zYJUmMKJpnMd0MQf>S$*^ExowmUOtO!WdE0<(g~PIujfd!*!@A1YM7K6keo~(e;E%s zzIS&l(bjzPjXk7uN~|XHJR#VuqtMqPR%8G^BFG&-l+J92@?mGZ6u+j&8)BIo2^gUW zQA=3ZnlD+n0UDt@ENCw#jlGpDzVl&ylLO)XBSS616IATR!%Vyl?7Q1CF=JBZ= zv6b1`Aem0uU!0lV19zUzBoQoBy%!uD=2G&a{(mP2F*HzV+QxP#?{e< zWRYniStO77^nXFJgrDXjsBG$rDvxH{cu^DhHv%*vaBahS0m#r<6kaU*hVB93!&MJy z=z<%jCPN$x<_%mZ0lxSLxDlB_@XMdn)kDUx%YwAAenyKt5A-8}17W=nFSwVVzY~1q zO=v~Q+_Epp+cIn)hhD*${mx(5KI3C{F2oHS7(%*7I>~wxaOd_>L~Q4`*2yDahyM`s z6l82`o(#J<%@)Ix##p%a;#=hHZQa%_VX-a#L)%+8?6J7bLn>DI7|)lL5NvUXtfssd zIN35-;b7n8oe9dHGIBg%(GwQtB=`-qLE5>Zc=|5Pz;)Br*I?euhKjAH&bZ>c$JG(~3SoM+O3w^j1Z_cw(5uWb>)v(Op7CAHyME}J!&vv8{gm?ClxVud>_7U3ev$F_b9LB;S$iy^9v zIN54PrrYn=p!xxs2++(0)lsM+v>&b!`6W~aAsEzbUq!&!IHYTZsdMr30T}TbGvRzU zDho0ycN)&P(JzdFBF~KCFVH@S&?S1x9ZA?6*eUJFcp{3@hsI$4t6dnh(QoLu`0!AC z3xEI$Rmv6#dM6YrgWg-XRw3Qtx30+B7`bUcR#u=NiXZ_Pv13(0NZIbwFn1>JZe`#Y%&Xn>yO zG)}j&8FM1M5d47c!=@LWDt;BYzBC=hqFj4^Q#@Ff><26RVV%X@)GM5&jcv^h(3dpg zaL%|4;bs{fCkJVeh)(%Mg7?d#$9#KUxBtlE1@`3O{&@f|eh+5HDkIy8mVWMoxm%Vg z?=~MtXdn2jLZ4Qd&*2AWVO+XP8X$6-a{)YA&P$pxv5rU3v_N!ey8&U$q9o1D6T4}F z)3P|X=2QSN&rOkeL;~sNCr8uu8XEi>CxvNd$fU6qc@|aR^6YJ#_YN=-`|2LY`l6O< z4od0nm^7iB2`E}OGr+dZr_n~Si?cuL6qc;8~rElI?7cCqMSID8Z!o5+Ne;lq6VY->c%l)r;18bCI0G3gqBLwomap z9T!bisu26s0FQAngD^j5^k#I!acSLFGK&ootMC2+>vtMg7qr z$L?hx8EgUO8+MQ&)}iC;yCG`YS$xNplIB_fCE;>-Ktkp!JUsFBkGxfh)alhq5RL_c z$5`z3$W<$Wd3EV+U}9(bdJynhWvICgRDMN$!g4POu>1qfYtmo z7a-YZiqGmxWTtByXfnTW(EfpsfYo;h8evvr-xjd0k!??wZ3tN{V4FVe_wmIdkjxg> z0N;ly{z~9NJU@aD3sN`fP(O<+&OvOR{C4#Ih4A@R_+aLGSxiQ+VKBKB_X_z90>O}h zP8qatp`QfhPM2EDTi{QzEVs8?|Ah7$_89-uA2^xo`hjaf!(Da%yxXkH{n1JE;6yvM zP+K3^C&gdk^9%snc$|yw;&T+#ur~?bTO~PclmlPN_ivnimi~&jXfy!EZ`mz2F|kcH^|lJD{%Xxzu{S>s{J zH9`$MR?w724r}sIlQg@bowT2kL-CH z+OE)m^XFHTmk_-IeJT2Zwh;2R_JulqYx16Ro%1ca9j?83{)n)Cd3*eUyrAtse#`7T z2!i`TIFk~c4gDc^+rTJ8e0YQoanfUO#;O?!MO~4xWtOOt;@oO~^i@!{x~hPNu`VX+%XWOi1)UV>I9n0(y^Dv$@m&&f~mHpOj~(S4S1?WtlO z5SN)haP}A20F#Y6#+l!3nt~Cu24)#cd0LZupL27p5}2-pla3c)k$QFo`pcWV@W&&sOW7E zn}2Xllw3bgsF*b;-6SE{nZAG24E#&7t4)JjIkO+}7DXoHG+ObkON3bBrhq$`mB21TlHS38i*K z|4w$*sB{pnKwA*bdUJv-LUQ40gPHH3jE9CmcQ9~6_M}PhS6zVnH(7)*zNbuofW1pWn&+ zg#MPykED!`uYVtHEbKt|^Q!c1-Y!$$L8_hAL}iT1D2 z?;qua++)9R{F%xG-NBHvL5MImGkt!A>I>~kgkkVVlwTiaVTq`q2VUEqi#Le4_F%=5 z?co05I=wRD-%PP%xw<@{zyG`YgRiF2DU+va<5BJ)&>=YviaIn3b)d>&tS9A96g zJRn#iyw-S=tglKESZ7%s(x=Tn{;E^+X8tRbbFT5?F0GFRKeFa3{|6<9Zz5P@Sun@@ zS-5X_hX12%&T7o=F01N&!!lF-t=)QBL{)JG@W0PKBtdy`(<2 z^B0(<@Q88oD9Qr}y$~`$(?&JHbvww!^cfAY4w=MqF~`2&i<|LQ!g=kpYWRpL>FXT`wf2osXxl~y_=6wzkfpM+)%z=6`g-o%Ey`5T;a>d zNx_e-ndSeekdM7x7Dt9JH^yw!3k>q0RL)F6A;d6p0zD)koGdYh@lzHSUos>Q5?`Ra zV;BU${rG7k>0#HXIZQk_HZYd+=e(9a@n$Ysb6HSVljk>?dog~zIY<%Jh@ib!kCj3< zY^w2_^eJ0E&YNCgARJ=yKHZXYEihc})~j`$8+kI+>djY`>GXRW43}9I2~dX85mXev zPi7Yp?>f-`VrxdF2jv6K2>-Y5Uj$$v3PBe`@?Y}hSyT;34e{o+e!6ghw#p{2A^k%7 z+xoVWj2|*gD@FVRj$I#rNJ{zrUFG?dq_MEZ(943ajQt?qQqdpWX93r+?5t1al50EW zkIA;pSp4Y%BV>0|2QB^JFc$n0nSrdBzkvlPwubuE+_)G01W7Pw^7TGCnwdq&w~qV( zzXxCBdf|R3tEmdeydM>0>%(e#vv$p}A5ElFce5c|Y)=#`-i9JT9}}*0su!8b0scEC zmKhH;h9n6c#2435@qw*${F*K~v5fdr^Ywh>P{;4Muoe`OU2iO19D;i=l;R0&&E;1a z2qq-}qQ(co6x}$74*?;{4W=iZF)S^MMS4~>Gr$yc;Hjel{QG_aklWHRQn21G zzX?#1A^=A?m9qeg?+Rf^)r;vXxq*u8LBi|oWsoJEDd?|N`fC`!yu`uj%o9xBt%o(z zshpHS>t`x9S@-(_{oRk>8&Y@SU&5E%bc);vev!TS#nx~PIkie4xT3xKOa4qx5n3$y z4VgFDrZdcn4USvZ}!71iYsuNZ5fzIk*XTp%Sh_8arVD#yL@oK`St})^wuhsJYsaLq zQ?hv?c20q*YYSr-q=2`(xNWO>6M!=kY{8y;K!hD$z?+s=DaK^t>^_=UQpx1R#iq~Rdcdbp#A2DZ1Q3mbcC*yydu=W;iNo24TaqwIy5czI54fqy@ zSfZIruh-pVIIX4`ULQZD;*Sv+3KxdxX4T|=~R}9?9Rh}om{AnWP2GV$)@u4 z^%M+&L5uzwfd%yE%Z*)LT_?5+N?KbEKDyo^ZXT0pEFDq~PTTbqzkv=Y$5Wj6SNesM z7D&hOOC(I6F)^08jGe-%O+uZYVe$}6JT0mg60N}GVwOd$_qqt*>C|;h9tY2~G8uht zH?uB6ei8D9ee;4xE#XSm3T6?b4XFzN1xjx=|KLAwrR_CDEW<<$MzCVo(;srZ%Sxt` zTQhSML0EgK9b0iFyt0H2EY@)l9!YN4k?vy|Z)R=;2V?lv$A3-V7Z~&;@p?nV<2Q)c z%w_^Os0`=lG)Wv_p1BpZL6XdBSJzANQ{eUBLvCVugl<1C*g2f zA$%y_r=*i^*h+qe zflbVLD;+S)XRxeRSq46*FU-{ym&&?jN!xU7OQ8NvwCI|R0 zuGzW|o%Uo%b2s^N@%+|s;w5R=l*xWYHGn6H7?IMlAaSL9DiSwdt6aPeX>I^A-|J%q zFT-^9{mPBSH3r)!pc<$U# z=B;FU6iE8Q&N{gt-%GLhbg620Y`z9{5RgiHDzqjp#W4a)Irbjg(8idpS9(d6o(34XJQ8A)?lIyDIeaTy-|O{XTvH~*b3 z>E%3SPQcT8{K8&v%TxYRp0ZTH4yG$l>-Z&OB*fDiNn}=(r%aCm3GtN0r^~r5%hN{8 zAj3Q*3c^!<6sPbXP^YGNMTl!VuF>&$tRoF%1)n@Yud^}B-6w6i$$q&EKl>X2@bQ9^ zO{%8i2a)82B5SK1;a8Iz2P5T0tDufw=@Xw*oErT~ef-1_Z#OT)i=?JM#N{nZ@iVHS z51^}Q5#QSao8&5ZEBX1hl`5w+zD5z0Dg0`bYrTvrWf{VF@7?cG(HpT;2OF;hb>NO- zB}6`pJMjLRYPrDAyR=aclcX~Z4q?>fH{B~ZiuiwFPHV;Pq8FYw)3M-#{=fm#s}5yo z!eu25>QU2tg+P5{p9Lg33M_9hi-9knmJ0!qM*nXFY33+PwmOG}*Y_II0fkk75=(g* zX47&^>@*9xDk%1xQ4oF*G`6f(Cu{MU{CIG#e@Z&*@T$%g2WWA z1TPR4!5wAQaF>{1?l^>95`6RJ1(;x#pa7?4h~5DOG*(l*R!9P8$HtVxKy$2fegHIE z4wMOIsum#S`pXM2!8B;A@X}nX2}V#E&j4XMQUEu&tU4^`-!MnPv|yh^ns))tss}q8bO|7Vtt`!rK)zx}T(`vBlix$QW?9k^R@{DtT*TC}MP!zTo<{bMrH%`#5gHb|8Bp3+D-D}_ zf51z%uwmkF2M6aLjme&9L)upUW#!8hua%MS?)d)bo8j#!I)At4;beUw$;&8Hd$FmZ z_z3>g6g#EeFye6&y9Yt8iLumYTwZcfBT$^%UE)e>=_5E~Pb`YK3fd_347Hu3aIedSD!3Y>& z#G*!X!UD<}{Oh!$t*K94Llm(f$iv>7AsLwC#c`$(3-+J-z?(ZBpyZfa4x$QZfjS#X zr2mPNaJ~Ac-`i&pmJs(H9q-l``1BN5@8N_b8b+s!2MZFoG+XCsdcWIY?*=a~38UBb zd7_82&@YD3J5|xk0ll30kVP-wKLcgB?x;eHKv0xQ=1_#; zI(g3(!FMM3CyVV;jbKX&x0-Ow<8Pv|x7HoaUm#nuhRv;4l%F4Iw)zbrDMADGIXjXI zI`(vPDc6x@AgjR2HFpvx6AuisEMhh`)^VU9X@A#+Rz9v*1`n4N)ZgKP=V-w~?B3=v zNrVn@$}D#8tTD-FYat zWatf~JLDaOhneOrm}KgySH6hKL-9Oe(DETZH+{yWScWSK;D(eHip_7ydpHOD1V#$V z(F2U1wn8HhZ;g=_d!N$zWw?e>G)>gg&1hdW?R(5;54zDB-9N}M$w!<2bqrn z&L$qczKQH9s|5Ot2;r$M%c|7IGBi$Jd^4|`CL4G;1MY;Bb{`BdgyLa3utOvnML(*% zD9L8Xq$qlo_>p2gQLtJcaIgv6#dr0rIFuN#Of*TeBi8X43ab)e0%p2bgc4}Ln)Nyy zSLQfKDw602*(B)0meSZ6fVjPQ7m|S@Q;w;1WK8}OCPjO>m4z60cXh*M924uiIrM8bB-7Qo?~k%fS(%$sDRR>|ZrY;WQ$RN8ieJ94bE+Z|!1fyX8T-mvtKY zAlOcE7cK+AJw%=_2E!Ra>1aiQTCYFuSEl1vLC4D_$^E>|w#Ll4O4a=RO74aC^DfUU zlreSx?V32}cHrAPIFaT1jtX=?%v!vl?OY@6z(T$O_+9#^+pKEw3-hvMZoNq~g2>#v z3>}V+)Ibu=d1y{L!sr)<+4xuoi7FLfz2S3ubGDlA5SVH`Zlu>6>*d1KO=!HxbA>9$7GL)kcsm_>S=7ry&SKRJEx;rI*Xc0mjY~qIZ61y{b!d(Dd6yFZ0ZSj|(W^LySN)t}~Bb_e{lHP{VBuS5U-ue4s`W7603-c^}&lEbs_}6ni z3&XJ;5D$Zo2I3addkm7!W*x>2FCmTVExj*6IMVgY;xCn9L%n9cg|bz!ar?)TTjz!N zokxqbM5fi@GZnwk5HmzGoNP1X8X@46A7sG6Fsi1l?}HJgEZn-c({$hty;=C;SiOQr zpHoeDHD)kiP0L2B={EA<#UC$KO?S7|bhs-4Qwq^^zsJcHJ2v3FfZ^IshqPlgU5{$I zRc0{Z7v@PJPGRVjP)ZgxPTjU<9MR_etn3{$4$`4ZFTBLH5H>@Jo!V0ijuW+8{nd} z&!yw*%{f4`I_-02-%o({ZamJz<=2+rbTbjrh|nC9a(G-6a>$OXhOjv7Xj;r6^hXO4kQT8&&4>AoGLv1G+%jw*#}Rbd~K&ZomLM2EC>H(AV&D3 z@$?$_Dn3tV>{*ScbA|_L|IG!5lyOy!QJyh8Sp~)yB+7Am3m=dI_EkB(2Y0Zhl!dIkyT(g!IW*fTIii0Y)fi9&@aD%8JtZ6rMSAcCgjzoP*|ub&lQN+AQ=? zTI6(yzn{oTxYkBkFj7g2VMmJ@IM!lu#?f@nYc;@D!YmWk59~+BHvcuiKrJ!AD9#2u zDa>kV1!E_POH%@Sw19&V@>9a!{y{=REGe(Mr2EZ~29-c47wjXQ7ll(bOkjftpOPGy z`@P{vCPxm4rDkgi;(r$~1rdWIz#uee%wHsBq95)vW>``t#8Q9O;aZ3UAvzwFR0PX< zQ4W1;xtmw!@_{2aSwg~uSjUYhC-m~-NI(Nzt|~57n2~_NM4_ggtSdKe#~CkQ;r2ND z_B1ZGcVe?jS&(Ryzv7@v{J{n=D2gkyv3v5#=W5NzT=(C^D|zgG>TKygc!-JsU=VlU zpK6s4MCIZ~lw80hq;8)9lErD z*4*{U(0(;NGr$~SdUqry+ihNL6@}AnK2AzSqAZNTOt5XyU~=mc$pmKa1+6CL;~Zcj zMWW?A31h(^@GoOitSe~(L#kS@w||gZ2F)?zdPZ+t)3{g8`~at5gWz@8-);_#zr5|C zo3kFOL@Jrq^Q4P;ScKnUVEa}c9+dUAzP6i;Sqw2dX0tkGa~QMWT8+sZ7*HMUa2d$D z%pdp*mLseYMXiup8MiyQO5Y0<%MWsO%e)UP#ne~_bioW=P#(`~&^L+U(bJB;ikc(z z+2_1wuEzDE+v2ank!CDL9tPuGgg4QjK?DfTf4y6qVuj>}8Ogt0hHA-mGm?L~%p8x( zIwddD=cJ$07kOhRhK`U}44{6nK`by)LWov3*r0yFyn-|I4E}dm1CH8@CJka!L5+Fx zVs@U7XMSyxocnwM31Yy1Cb)|4Sio9Gg9;XB)D%?cg!=(if@FC*GV$T$qDk-(TD2PF za!;1h3Ft3Tlq43-z2!xn@(GXwB!?Tn00ThpxGspi4kPj^Q#{G}(7}X3^C9gM*07mt ztm_)`K*74O{57il(I#S4T>npMZwdy6NgAOt#=iXCA@uvlcMGaU$ukKf09w*FOX8EPcz$~CgghviIx)QTezv?{eryqid;pf?CqRF zvwp2zkZ%5$mM&fHC3e3YH`yarygN#P3=6^d4fUv9f|c1ly^gOqnE#wD%h|B|AkkH> z?JuDR64OPGKMv?>6T50cHWAY?x>H$i&Sq70Kbq*PI+-ZCYZl>?TJ6U39p=2lo0+UrqZ9 zCka$lDJT_tb!dPD39c;wiGmFBlKC`BiD_1S7&k*Tu&hKAh9Nsi2y})c&lnw@>n9Px)B1usE&y6J8^Co}%;(QQ|xQ1kg;v1zf56eArHgUpe_#l#! zZ5!)i8C{rZ8S&y9)9d6>xsBL+o1XoRb|w8SxD;o_|(+^vkooz&;Tz|o@S*gbNxd&0HbS>7%aO#SHX%JWe15t$^!fx*}! z-5MA;b_P6~vdLyyKMV~mXym=X3GQaDCV&`M4{=n+dMSA}*M)j?oR-R>EbwY33FD7Ok~JsIQ5C#aSM-nRPcrk)^Z16pSF* zILP}bzfMK04a?g;a!2JRrqu(|;NHK|W9!oTaFI#--{`LeynBbI9evqXlf=JR)s^guc2W6UG!* zkmITqGOJJ!=X>yPA|uDjOgCy3zs4f6!bz={>Sn$WMz1BNu;Z8slTAIsw?IL@S5pg} zpmj&ebRfvSFl%+-NJs}>d6whr``OCk^&E|yy$ujIbMe{mBFp@r20K{g41o2uO0q@W zh;Fk7!fkwM@m9GSLIX^QciLLcsRo(WnOnF^m+fJJPzi2)B$<;8nt zB_NH0L-Ey8w`DbMKW=%VGxd9{=fpB}9r0Kp)9!X@hbUa^W^P%H&8$!r{aE5#J-zN` z-h?a_m&w1rLf)HD@GK?QNLLrTp`GM~$`wk5)mXnRP6Opd996#A$&L23)GJbZz1Ol4 zlYgoWPWWucFw`dI_>J+NmOZ))bI>1hVxmuq@t))-a5bhm2GKI~x{HH0zTCq*gYosT z%wYknyKHu5z`c&B`MaL21pAY=!R%U zOLd}%`86ULXtz6oH#G5EZRYWk$S_+q%z=~RbA~eo@SHcWFbD~E6SG=S49w$#vn?vP zt}i|VreUsu)z7HxKv3FQawzpx^hWB)mq^l6AbmoQ6hw0}E%>d3&afWoV~#-B6T?zg zK$30ka3__7ShMl^m};H_p?%hK7E_$>nCsbAH(J&nh73)6+uVIlaKo;zAIC^vIfp>j zralQAu)i4pPM6kVnNx#qFj>0sCT5SgM$Yz5lG78hd6k)nt|-AoAe0SwP*mkW$_e(wu{a50 zSxp*(^B4Bu1@*~L9U)(cdK8L`oiae4=e9jBq1DK1*2vOG7pwa1R;du{}F=b zn7xmm_O_Y52?1XiiOImuT+qY~7hp73esnkSbio^2X<1A(UWS=C-H-#(86$&A=O6PW z#Bpd+*JGeqn(yWSqF&U`(Vu&1%VoE}?b-Qv7z&$qOmhud~ z$H*F8F2j>gZzW5@eB)o&n=`;Q=}3`R%{e#5pv0PW$THt}#D#1#dW`$LN1c<>>7WB2 zeh)U&i8&M%lzHu;eC0pl8bs@>F2n2NC#tikx#*HHbWd>lW`Qe!EPm^AkV6kU$X5pW zeIj5PeNy%8p*9jc(b4lVI_U!MEsu;?cPAuDZ_K2vpGm zlpMcA$^F>>35rMx!X6F>mJ+ph#)quGZUdtwFT*@;L4v12o7m_|Xrx3GqhEc$@#t@; zZ<;Zh*P_@7gIKV54k)4hQFl>qiKbU6ekupI`Q_=`cZB0XT;GR(iY0B3a|A9!0lQ-c zp?%@si~j4a#VaeF@xR16IH_c&tTsQ0OpRV6Z&~~=j3~aeE&dWhh!>+Af`;Q`H=T>G ze!9B6it?rzE?q2B0;}eXKDKPt1z&E($9ACcu@$sik~;^YvQ<}o&ql7!%76gmp~fUE z0)mzUHm5Z8LGyiTF0QZ#sb<;HkVuJ!h2l-~tbcBM-a8a8p%y)5BY$;*Ucl2w$+iM$ zaF^S{h(!x|?+8165cYj!c*l+tcOZLN{4U>@Ia}J7=o+R03^2)7LPk|nh|E!NxQlW3 zvDo|?FY%xuJhu{giC@|}DuErvHgp}Od+idl4LtP9B%47~ZlO~{`h5@vo~KSRsy^NM zO+0?Ufk|+@yT$etkwiWtU*6weg!+3GUkud#KK-Qj_ZQ3JzwrC}o1OIcD#-)Uwwyw} zAd_|Jylh5WpKM!?$K6g+0Px6l24Y^{jfLs!U<3OT!Atjaz2fVWS$NUw^zME8(ggk@ZY#H8>iEO^&g7TIb94yGey$at z2Y6@MhQ%F_8Sk1iP~7}-2v!9T&mr9`%+bOO4Stn|Y%VgiUzq{cGS?%wSc9eu9-vKy9QVy`nwo6KrQp2w?R-n5!9GtNN7l%gxt@tC<@}yX>krLY- zsY^7OQYZQF?@%Eqh0bazCW}TEfQ(O<1N4isv!ep^n~eelJY`lNYkMo13ndBrV(t(d zWcyVon&h?OOyu)9IPgGh0A;}Z{FLa5m)l>}3}NJ+Rx0^+G-S5mQ8z02=*fp~D-I>I z^8c{+F7Q!%$hZ8)~s2xX3guVZAgaGT|I`?op|oI306;Jbz{8i>_}~v^M0Dk6%o6r8ExCX z3euTlHq%7ojieO>;no!F)bC!Xc5RH7R38K$j=~|ftx&)XPcn#n;zh$KCW~Ofnw}f) zpor-Yf~XHYWKc2Q)~VQsELVbUJ2UN>C_U4$m-Mi*Dm&B%j& z=V(=ov`9=05-QrzkI0G67_TZSZ-hq2uP|(h86;dnIl}bR6XY3gOvUCP@N=D+g6MFC zh}%1ck=5(2j?_|;0oQ0I5e*(80^Y?aYB4%Jr>Iix(Ne@x{l?xd-qL|g3(an{veWQu z;7R#(bP@bX9-UWGZR{b+Ikqvi#{6@49A_s;JwWSYC*&Vev*!fJfx4A(O(BcF0TfX^ zSq=)7Df|mm?P|6>e3E{_h1F=D!v~lqVCO4Xr^&GHa=UcB&{tzFp-iTuHA-KS8@lM9 zAsOsQ&F0L<2_Q5qF}wFd!!AIs3Wro4DJ3K(ImUcJzo+n<>AMN{mr6Q^V|559yJW+t z`J0Hho3l6Sc2n1s2Y?#3)x4v%RhFRR#eh=8>j#kpEwy7CkBqjlGi9(Hne{in;BbL2 z(?CX82SdDph8MW3jxxu@t4<6tF@q1sM4is_`s$_32xl48kJ$)}fIulw_1mCu*mc;K zY8mD9%OvU-IZvhQHMsv;MlgD{vA}sMKd_|`?EdyZy;P+34CF>LAeS_WF}Vta(G=_L zc{r6CT`#wxB?>L%+_9g)bdS_pon-ie(XAL8Cnps5S8xobbSij?1vuG_yF}{$FD4!?_wY&2>3&_io$*SdG4kfU=Wpx zBW9_JO{sDN0|tHbF2viX&v14RHc+RWiUASeGc_<36f9Rfdlp$f8m`dr_xF-{>2hPf zkDZg3?A(p-D(l)C$3*0zQKYod?k*z9YPDa z)6VhXXw~QPju&_d0jsVzd(-vGjq=cxz``|~9J3v5C0(7FF&5xF12U(Y>`ZCCn<*Kc zDcx={FTm2{{JQ9T&XoSRHTp-)ltz<&l(mX;q|{%{2Df=D>uUNXaD)@e{O8fIalgaP z%dh3Z)_CwVgJ+JG`nzzMeg&cTmyUTS(4$2b@dxVHZ;|um8z&a*PJ(F_iz3U1+yKA1 z^>x!KM6%yLNFJJuznM#pF4v1BT~i{dESV=}$DJrc0*kzP5a5>Rty=J{e#4!URWKT= z;?@)L*G4i2Bc37>l*&fD6@GhL=*dB$nu2RhT$#5@;8ySFD06Q0ojjTvnQteP#K;C@ zr1_-NHXsyL4N8VNJmei(Hg=TZ`Yxqs zhg>0nRHV!@Of|p4G6eMpPikdvb1HHA0_(@b8&bizToOn+O*QC2CkMIsXk5c8fw+)S zw+R5wbg?vdXtxplpt>^&scaP8dD1G;J&3>vJP8^^s{dPb6)E8dQUdOU^id50VP+6j zjiRanswINz-Ian05wn((7M0Slx`{Ai%5)&(-6n$rAKA+EP-Kurr8eWSb3o}P$@i^(C$3*6dTYNY%0lyG#Mx~d zEMp)%6C`gd4xp|Wg;@08`6>Kj;cQG~{?7!(omh<;fMqowk@D`EM&WO#c^m;!I`7*7 z+V@cuD24hFv?oOGj?6#I$4g5f9qj|}5kM!z+Zx~=j3IZ?~2-D%(uaIy#R!2q^OuqApYsF%hq1jnR_u9Es##U&NP zg-J6Z85Dst0hMY>%Xe-o+5!MUl`f-BX5++RH4vFr;0%cl(X<8YVc8YP0K}U`ajd?( zTCX&US1)o1_`p&&tMn)|O4={0q)nhb)CCrsx*jEcnYd7sqGN1*Df@igGGZf?=HFVj zT!dI$ZLEuT1e<~gy%!>v{v+3RPf5v9Y+m6QCS72qAH@lvME%Z>8tkHe?nklr3sj9C zHN-_-=0|b;SD?<6C>U>O&K$G$Sk|1zn_lK2)4*Ux@>~Pu+s#PY+>E5&Tq#OJj9=)M zdh>hW0s7!P2p0H(KV`P87w_k;GqZwD#JwUCKF;+J~}I?t_ya2tkbu3>~rfntZ?b zL%J7#gXD$Fw}e0)^vztT=-Sk{57E!&MYlvTFXdrr)ek_!f3#H^)_3B<+ z=s3N^L{!BfKUDb1Ku9)w`=T8CGBA%+u?g``EgLvw>rN;8%j|eOcav}{G=6bNMn1M>JzLKWLS(n-YMx`-9)Y+q2w`N4Md#267Ih?LaEiGni5`5?y#dIoqId zFt%m`PHMtOZkwaa?PlK_{$@R_N)k_3Egj3@C6y_mF2T)sG5qQ=t9;<#3eyC{sG`)1 z-WmvED&ezc>S#Z80fQidnDpS)ci(beKU~qoM9j){A6|hFqKAPpMUsTAc$tw1nG^Sh zX@~|uMI{3D#XLS%M0Tl!U93a6G4~=sl{HU$bu|U^?_j7f4^vI*iy+%^l1-`(mgM4S z8V24Rb1RwW7U3`#*S7A@+2Em+U;vn!MGEad{y=#t397c5bdj!^rdeVw|Jvw1h+wM;*D5>JssYRztnrhg)SofD57#X`I za6Z-6u6i`SM?g`U%&rC&pBBx}pYq31b=cP>hid-ylF4-Oces$&10_ z+Ya|I;0E(WM9c+1LnSv)s~{}D0Ts3#G4Tt_1+B&vF6H=0Votz25|kb#5}TH5E!xe~ z;3Yc>9r=mINbS*p*6t)XhlxX&Q{1dLJlRZX6jR#k5Z@^Xzj3o=$`623;N>6T!ta(_ z@>_%&A^$m4NytAtl2~G+mHZVh1x~#Evr=wzDe&9vykavqqTx`nf}Ry)RQHN$Tvo*f zxr(iXq7ZeJz>pKJm{px*s@dXEgXlo&97A^Jy#?ce%`2fN#Q6j5aUsY^^C<#ja1O{@ zs7u6C5o_)`LVBk7yf7N!@dP*{7BDH6DQ`84yR`H8@;J;<_?mDlRN(j`D6THdy3-kE zPi1mgs$46Y%H%U_^~_C&OOXP)RDc#RIn`u#eGSxoq%WKqvwo>6HG8EHR6i|llaTDV zwu3&Oh5E7B{A`ouoVARthKvEnR_HkE=B5UP;xY&0?F;A6lZWv1u>8fcWmAs3!c>u| zfo|iVC@R7`h$hJIMcrxR_|Gn1g$^-;kzU^-gSJoo0%K!m}vdIjlhII z9Qcl}*^X7w;?UC!y=?T>sSzSQQd3-W@n~xWf#Cr}-IU%|(dK+@oMQ``DrkDZ9 zF9_&sMb#R;o6u;)i1JWY({^rfxt2B|oN(xuIo|C-4mzR%$a5f)!ME|2m<8ytP>V~< z`a@6v{nhd6#XVe|oYH`QZ1pAPxA<_bP91k-womQ4#Qdk20M+$y4}MF79Vi&>9$kzF z#_0!rZ4=!c+dv(rMsyU41*87Yxtlu3PG`TU-NGHQsHKVVW-h2~xtR-2ES%})05J_7 z9T_-JVTI{JJQxK_L&9E_7>qaNkOEOcBO?h>H2_p4bev21W~BBOWN^!htt>XxFaA%G#l4!zE_&9-F)pnt8nRFW;*J69_lZ3h4Nfy zqqVN%T*`@&glw)R!fybft}-RxN5{nKg1j~XYPo_MtT9XmoL>ccU2wzCp*Va+K^=@V zQJsGlTO+9F?xc1SWhXMkmC>me;@H^cgAhPNqDOmMr zHXr?2lx(i|Z9yeGZcfZcPF(0Xk3Y1WlL#~?;{2?WpV5K+RSMY=4(UmWZ}CkQhQ$axGH_#Mc}+Y0gG}WcdPIOgU%O_Lnjdre<>&D%fcFE zkZgTPOGLaCn^Va&@4#MA&^7Ad@S=slQ6E2Ch=0t5-O;{;*j}k9Ab4?i@CafZ_5zE2 zVP7aph+^x(JE;h62^IpmM(i^IY9q(1$3H46xmHv>Ofu2vdfZ^inr^~Mo~jV#dQg3S z_zy6Ze9W{;wu<1P-$*fs3r-PCyhs3^rV60=p(%K&7L-4xuj&Cz1%RRr>9{aQpl-ex zmJCNn8A~x_uh?-9dwgOfzo`M<*6&d+{bhcqmrAct{d zEZd#I(MR?GPzjsg@7MFZLXiwkG$kH{MwdP`7{rSjxC?=n=qCJ&k!=&N+b7)50SC8O zbOVYDFuUIEkIdMX zgN2U6WvQ6k6N-?{9I?Op4rMvTmVe_-=vRpCWBq-wthu%)TQJqC6A5o=J&}|wATCL z@NN+U5WyPe0n)^9;*fJA|JrgmXI%}q06@vG#BM}e6PSI&vV%dgW8MOmE06d#e2>+% zbJ^G{oH(R1mj+oFlmSB=N%q8Ri@1r!Q=D)2xox2< zh_f9{db_$XVoHEv6dUa)4g*k5M+B^|*T6?s=`5GMF2NuTvc~mdGETy0+)VM8R`|`O zm8tvd%K>~Wx#6e~pF3VwK2LBc(+LK5#^?3>kk5()EZTmr^7-2iLtTQw{`mY0VDU=u zk94Su&?Ibb4*M!04GgLoz85+0W9^-6MJr~t=)8nGF@R%G>~)#xE1cS^ zH=`-Y%M%=MU4lU|Zoi4kFa$4_o~=BtzydbGc{7_3SeIb1zgjNADDRz#f25Xim<=Rw zv_q0^U~qK~hJ3RXb5tgd@)PAscBy65Qe)10P|4sctCkD~`y=CUk}(ZPtcVV$fbDae z(+W^&sHa4B;y^0v`IVpm21Ax!AHA;`8ymv1u3Y{N9(R>kuL9}9gs<2t937OvV1HGp zl>E{Y6!ob->W?rG3F-k4EAdAKs2S`J^={o!Z@kk{eY->5Wu^Sc05yaCp@aBi z2HZ;YLYlw8pr`22RI;+kV1I>iKPtv6b!0-Htp1&%IV?cKV1H;%1sbmt9jQgUjx;U3 z{qT=|axnL3$LQx^gd!tl%*N2&3G~g0xA8By7OM3I48m5VL02;bpZ&AQ(FM0Rf~um5 z;VEb00e)hFLFv2~V{~#V>J^|Q-0%R7LBh?O2%;<;bo~clIk`E^LDnT0boz^agz?wwc9ZGlO1fmBZl=F^G~?y&U8KQ6+5Pb-<#7VS&Tr z>b25O>Vh4gRrYOuQm3DkUP=sjiH*>(bC`1Y6F}CEXmhsf*|BtkmcLZuYdK^HZ9RwW zahUM9V%eT%@^2imJh$VLIFOnX{Ukb`U6SNF*iUNrlhX1WA&6Bsb%rTItmHVz5u08* z1jr-HG880UTOe9>fdCzEwZ{t%X*Q-e8-C2CfTJk=H7K1ymVN=)X&F#mzxrx?nXmjo``=#zXa@VEwHfXVTf9o* z?{0TG<4hzqCmseVfIv^0gVBhcfXAYw@U)ze(w_7-_WUzZj?}QR?J*k;_Tip%Gtd*R z)kh+aQ})u6?tvl2>bE$^x&(vSJ&Dw1_oRQi;n4|*^noH)l_wr20^j`zLIP&xD{=_{^B zwW2WFqn2QZ5E1+B{K=8Tb=~pbW#MN9@C+Vx zK5hbtEW_j(9dmEn^=Ae!4ED#=CkF?0k;&m7Z*g7!TuB1zBt~X3bh<-r&uWUF{bQWF zW8$TLVuC?oXdP$iR^09YUcy}%z%eKcJwJd`{j&_*Cxd?Efa?+r3WG``iK)UMC_QwA z9FtnC;#3&`GuU6v*TSxFttd6W_gAjw7le{HJvE0~dT_m@N=;pYL80fW5IrzPbIgZ# zDLuGu+5t1zA3dd^LWQ1#eR}=^i^!2G^!x(MB!6&0v@3!^q34tkJ>sUm$kKCu0L);2 z^xPXNROq?kmySQtP?FFy(9&~WPy~ZQ&vzmTo?~+K3#wCnRA87(GBt>$h@9=PV1|vL z=;yBmD9jWKHzj~$P(*2VfDeY)e}IML(_{x(mtaun!m_h0ONKki~_ z?bUHV5JLf@N4V(pQU)<4$G_&nfvS><{L}>u#?lSMtGj=`_qc626e^|Z6*x-UAfLA3 z4h1qZESGX+3K242#YPR~Yg!_JXdzpkn}JCBcP)(=a1;(kCNWqr-GR|znQb0@LItJ3 zhfXlaJsCej+etxbiIS}gT*b|b!`6lS8TTj~I^Cdr)J;9~2%4d&lJ^PqtgA>U@q-7D z*dd8>;39j*nDALgp39G`mHE9D`$?>acCmvWYT+!fM@!cEFup$tiPi=_^nNFNouNz&BU1-| zSaSVfEqRlJQQ=ELQInwcE;_xG!E^)R%*FvKeC>Yf0tUf$;#J{$q1mwn&$u&DS7?;B zy89e$Z4L!8GpxdgQ#^RT6lK}EW*7mfN;=`QK{=9~SfYvbl9*V5uQZd1~N%yTNH!T>X$kn$h7TA9d3xoY(@fqX9mD58A0cQ&C$qj01s2Gamr(1$5!C1{X}QghgDxbji~txjJcH z*#0r@Dy~7@+<7yu_jCs5&3K9h$04y92GWBPvEu`Gnz!AcOI>>P*p0iuY$r44VN+P4%`BP zZ$Rl{`pV$0w0a;!#=q(iOQaN}E74!qhTdIFY2+wGF5zthPcAnVaSsR}-L4pOjc z)*%m`Peqt?@kAG1?HR@GOxX3u+Pr+7aGn!}HuGwJ=wus~hk9h<@itmKQe9w|HMtJm zVPsXg2$v--Sf9gt>~`sLTVy`Di@ic4~xF~p#UzBi9j-!=CQuKJn_-v3zoMYqn(%yp6(`|D((L^Cgw z%s2`^Dq^o^b%(rf%|g3}MH{G^g(%G)pd=yYC}4NHmT|4=yh8#CzY|84!bKR3Ta-v{ zxO=%S`ZDzrjOQHh>-c9bE);y_{aqs0`b$#v6mDi&Y=1`lL zBNj{K+1nQN)yH6ezMQSceVHW%;lr_hI{H&;7A_>+wi}<&>e+rsM`FBlhdZwZeD>`b zdA~B8NABbG*YbHfl?NE*ZA)yR!_yUEV0VALrEl(R7z=ym!0BMSU$^uYFa+E$f#6f< zeERME#CHDx%9KTaZsmZM5^c$OJetdxqmRaQO$_|-53qvhd?S6lLo^<`kJ<4Hh4}SB z7f+WQl}&w_Kc1<4yZ0PCKlN-*kpU5Y1OF-hMsbA+Rww(EpOP*52{`0%Sbrt56gqJhsbDk z*J@07@xCSVc6*)7$yZ1}t%i}8V}9ZThwhhdi=`-9?V`%GsUbS(*XCWCC@9Ac;br6UafbnZ zcHu40yI9z=oN&%F@XLZq0hC@xK9?hPgu^~6#&g8knRKqdruFs_uc^LYyv@G$=IZ|A zlaYdEYKKrv>d`+(Nh8}X)jTMtd0a03^6)nxr)8Wdpq6paR!~RdXsF=_PE7tla`;1o z2S40Rf}JGeisU!mG7@;(&7f;&Ct+_+%ebkM&@%2q`#atK($55WeY?i&@B8Dau3Bmq zq5UPXrH0Q!+u#xx6x|Qx5L2DmbmAIOlSoL3oo2#&;St)`CnZ{6t2^VfXJa}mcCV<& zlBudjIZnZ{hCH7(8+Xi4-LY0pReMQ6N4UrsDr@#YvEF}5E~?s+3l)!AgFc=M9Uj)j znkodB`bm!yCC-776*KL3I^8YTbYl-Zz3Vo)&8+m3g;zk(ng!8nZWajepEO=v3)Z-| z89L2N_zZ?XcOO(e%T6`S#*nM`rq>9=L__J>do;GECuJ}>e54b-ypD@@*Fw^%RG}Y zydY)nqofkXm~D7oPM}vQha;pfgd#|Q+1Fux3j_<+e8GyH^WfZ=ugWj9tyqH*(DRSBr=m^S1`jAo_HXWm9yK zNP*t;RfCd@S?2>K9S{=G4A>l4i_S`xv}0qk9M#9Z$5!*Dx6t2-Hp5o5nIw$nqmsjh zH8wBrn9kt5Q6A3iJH9VAGcnIV!S(3{0+ec6-3V0@J+=`KVVMu8WWWQq%wqHS2x$;* zxt3jdxHrWtW#QQNiULy2W;twSO90Y-zsa5?uvSW=xmjXh9a1aEP~whJ0=y2W(0+2p zMv&kRZ=t&ZoZn&m{a@aZ%xqh_4NBenUbhIL_6wj^w5TPB3b8St{Pxly6HSx56@NN| zCI^g%^U5G=C{G5vBMkDgYfyI8yi|K`DJf*WxHddJGXQ=AS zmjLC8^yLL6dR)XJx#0{9s?AXJrBM7B{M;NN_#vx1YWQ^3(D6mDOXWeZ+_8jK1E+bMI2EP`WZAhl{ zjdqFY1cULefiT+@Wt|}QCpSFj!Im@kf@Wr=GfL{4mTe2vQWpz)9j_>=!rk-G0^SLj zAh9|mt*yv!2Gs9-i;kNO6`k96*ly0iaWczNK*lW1BYnsOgB&#yo0YmH<~WOPL;%EK zh+SXCXAgEgWgNSPyNqBL!@{nok<2;|b&2T&gN|K9S(o6yKD$OZc3oqsE)23V=-8!q zTP&dk&eoo3p}Eh*a)Uu(WXx$YNw9o@G-^L@^thBJfD@nc8Js2OgB${ZDqi8_oDMCE zPH$7@{pfO+nC?qquQ<|&?h3S?Ca2}(pvXBd4+h_;ABlj9`=<1)o6KczIQG){;L1`r zh}_hkG-p~CZ*TzVr3?zGr{P$=%>*}O36QZd=&F!dc*hYGIXFhyo-{{Vbo6;B&{B1O zpe{SQY+QhI(?1nwyAPgVP;gF`&WnPV+k&}u!QzxXI9g$o1P&dUS{(p7GsEc2HE7HyM98MG`jr}`McZC7KxmQlBG14)f3v9vzmVA2T&xiFV_Nb6r?cC#fd34j

ojD7Bv9fZnk{ivu7APvTtEu8q1DUpgBNZ>B;i(`SB{%TSkK z(C->*HoCLa&tY08%=ETMiB@=K)tKQH&+h^}4ElIhDZG?<)a%-QiyUk^!JzQu#t_^V z3wLV($Dpv~;t<^WiOQLU0UU$EnUh0s>nz+&0UU#tIoUNe(1BW0AP9w|t7#`*=)r7N znLh%8Lx((=K*tD0O^}?;2ikqOvNIC{Og! zcb*lOAE|xIk)#qEH@o22ZFjhV5xKl8EAOC4?Y%DV>Q)$2G2P;a0hmI(>Rlw7b7s&e zln8Th6~bb`H9DptiQ(1jklnm-p3t1lln0Gor1h$y4dQOxwE#<7$a`=sM?thh?I%?$pV4i*P(26rLJ_1MoHh|9G}5yp7;-?yDtra*8=zT3)x( zuxfzPZuPUbN@<4%_!|Y_79Rkono&97;@<F%0W zawE$g=PV_g6ciNd+9a`~P_%{*Rs@O>uV!vmf7bWee1D?M;td{q!Hw1#u6fL@-XcnO z{=QNj9HO1uQiCAoYw^vwW+cWbLgNzQBE-(cr4;yy%;#<+a5sSNG@np!h|93&dR`Y> z0&)uf1_wUemfakE8_seAG|p#EFE>y`GT%oWFA?lGNGfTkKA5O&XxhGu`6pn+rx|Up zt9TnLO&gLo6)a*F_}Iumye!^|m&V~`YcddH6WmAmD>Wh7Bg>Mv1B*N~J2W zF)Hj5R)30lqf#$&THqYnfkVOhlb!DuUgh#FO|J~t4gOwu=iU6ei2dFAFA+3mCfShJH^ zQ!VDgo6x1jgVby;l`t}CO_e@Jn-Cv=<)BsIQ_l0RvL+wy5}Wq;ZbOr)p-DQ`bi9#? z7Nl~Q8o>4BmtR+aOe^1l$B26Pg?k2rW@s16Xw1QV_}T9yGFySX=Uw zOu${%(tcaKzoGrCe_#0%Vv6)2=r_4xfNIg0FSA@dO^EwY`9X&w@15nYtW=Zv?tYjS z_bLyuxtr=KNul$E_R0u7JJ@cnZGkND<_NuBnO$CnnIo8uLwHp3i!-CmByrRWkgc$y z+5owF#Yh=EIcj3?tijJJ`W;QtC2U8DFdG<_!83_;56M8>!0_r;WH%37?9yk4(iuh_ zJI!PF`5q1(j2|Grcy&9xKc@&Tcdx-quQLnWkIc3iA6e^(G6>6E;IWJ%x&(;2kE?k6 z$sV5nHD;&4))BMk+t0ZS#oDy<_NE^K6Z_fNhQSdwG_I20vMk90&E$V{-+wTPjbYoj zv1WEIs$o@7quK8+vI2|KXR>0L!vJ=Pc@OC*Z3*hds}$FmFF`#DN6S}OcH$mf-p9&W zPZWt+H--AM+9R35(?l5b_F_*lp_Ozy|O_cW&gGyvv)b*+Ldo%={t#sAGbE;CKG=~!I6ZTw*klp zugS9ol8Ws;fYG}&MgLmlc;wU^G?as=MfIm%Pz^WR3UhMs;zNR|b@H#GvRi(HA6@Or z4^a*29H}i;HLvf)`XCsjm-x5!0vB*)fIxDYCkIWFO3>~@1IY`2?0zB?X&e0^qh)1C zqNQ`MaX`Yz2k<4)e?-7_={Dd*mtKgURp%n!l>Z2%+o$sOypYwPJaES1x-`S9*RxB% zQt8s`L+K1-c1cD=mW?u-;Mdfw8QC3RUP1{%2Mq_Hm-h);0i8<7jMIWW05BdU3*XA; zrX0E*;nf#m%)0SR^|xI#Gs|&)Np-lU&)qah^jk14IR>5Ea zP8}41K2Znn!Z=3T@|)^l(P6sy2nTyft`c*SBj!5Ho|~gj0vyQR_zM{sZET6s4S;U` z5Ue1)Wv<%cTcn#e_)IHDe10n+p#?Em1>cMDy%^7(EK#c#h;uz!kHUSRlOgvZ?+$2< ztw@U`&O%~~z3G#;rv{~2%bnN}FQqL6kqga@ARSkG3aUHh`fc*uuh}#?odq`E119KB z$3-bM_;5=XIg&~g3S&^=ucN~BUmSo4D>sNOv9b9sHobts^iqOB=$PGHjk6Lqi{jHO z7wbt(Wcl=gW`8o1e)1dEk*jiozC~^)MV)bCX(sK)P=&vXSY@YOe;C?|Hl%X`@3IN7 zylBS|>n{1_)@@Lv^$P7^%%IBNihRLXue`xU`5erCp^uWDMh74T;UCYF zWSE&6gDV1k^^(uqd zaAYEwvc);(ySzCA$gTz@H^j?Q)Wo|~5_zW=l%c)&Ocz?-eU6)w;5x&IgZ!FCP9G&% z?02F~=mT%B0le~7qC&i#LfY>qE5p3KQI1vt-+Jl-woVN&z$u{>mQ4S_7~Fl!I8KgF z5K;g-OF&ygpwlcU;|SWF>Ytz#ZNZDKbuGAr`SAdYpaIq$YqbR*MMThT1`B3516^!- z0fX>RO1=hWH)Zay2{{5tc+o=uP0rWm2-8*}5BJMD!N{Sp{lZKUL6x)sj5D9-k z24p?UrsI}w`MnbL@$QsF*N!pf!F5N(eFSia+fmZkjz5$vc2Ol!FO`8rl^lSr{Qk%A zRN_|o0DE$T$_7H}X}0tNreSU%8&q}wtt<8s=n+)51SHssFenv~DI6R87$|A*f2>d| zKNeJCNMj=!+>MnZsik25qsUdfQrHxo%OdniybTP?SeZn+Z9IK!?@JsjANYYwpBGILH}*bl1#s2Qh~{ zv4xZ7uIIAtb=)t@KA`g_%v$CBT?0dsr*`nL0VYB^)x*$!mXwRPT{oC|H`uL(cGC9` ze6Z00SjvqYypvSBKxLd=z~0b0Mfl1aTBjnEuGpZPk!IW+s46C)vY7Pno!U)i-)G5r z%mXsd2p2*lE4E$fv)P$b$TsdFT#UY<&td5pE6-@TG4pY0e7XJ&?I#=AIhQbZfJAQ> zQR+Z(fuN9DuflG0i%rYIgq#oQLb+fj1DSaQ`bn8a$2G3~0sE#Rq*cGAx{SSt+BsQ z!^h1Qiwz>J;mnR_v^BK+P;2bNN?rlxNN0c=C(e042T{_(%?nwkG|x-YJXqqgmm}Sj zj^4yOl`>y*z`s;rOf(ll*vy$=oy~i@pZ6v)gKqL3COz@$C1}FkB|jG6P-$gszi%k6RcrT?kPRfKhm# z>gR#bF+n7mleKVn^<>H$>c5UTx8?=qPDQz%&cz$Fu#kk^4^r$#HV8HPF$9!qlbX@G z5T-x<@s7}b#ZD2um;OdRaGDCG{14c({xaAFpi!%N#ZOsHG%)V;boZAYhewM*Z+W{) zbOm*rJxwtCM!&`wP^nUW%j&`vz^-}btqEi%)~LY*OVvD?~>laCd-2d+q)Hpq^jmhE^#SiWhrK zc-bpWQtpOkFov*rRn`B40<^8$@w}L6Vc8r$ZhJC&L8v6lpBl%0>0q;TWiWrV{?NIz zF+B9PpBnpJOOl3WCpS)(7ImHD~_}MC&%$0AFZ-EC*q;TpAV5(Umbc8u%Zs zf-PkIx^1xa=l?~Hzt-v8g^iLWCr40Ad4s{Ml&&-pb4H*jf{VD@`Ua4LO8U2D$7v7$ zwx2Ha!JEn^=rli_14dflS|QZ-52c4a2+I_)l{HXfp=vxl3LoaYt0|h00Cb!~5Wz_s z8V!8Ib%G^@j?%vO9}B&``{Ql-lsQcDTL#sOzXF4p)vhQ7yY)ew(XESitTbj5O+t3% zJ4l`I3N)HS&c1FL9<0ApxZZ_-6Sk}vt8(|>yWjCb|cS6_3=Jpm|vY{GJ1U1{I*n+F4#H1|xs`FE+Km-0F8XlmE%<&66P2B)+bb9`oxg79^%>V5 z)aOWYPv4=?`mB1{)kpaHXh~Q^9DbF5@=JLIn!u;GUm#w{d<)ybig%dZR{yDd>G;;0 zd_g|5{p)A1tguhcayw7=?s*a@YDky`6F=rHBf zoDdg|O|nKcyATvZJIpRL=dlEc4W*d+P~^$OEn*xnMrr@}_2l0Bht@Al@0Wd^_N15k z1#*ElRC%%b#{ahK-68%%7G{}P(?18SqL#^%-VJ z=|MnhMl*UMyN-I^yBNknz=Hv6UOLUOBBKZRJ`%{F0ND-2Mfhtk>Q;24e3y&_fsH~S zfNFKGw`{vH2hF0L5}^7sGI)zrgg620<@n$nlT?(pl;)s6Qg6dV2`hKsJ_z*}^My}Q-e&9M;j&|w}H9Ply6>9^X7O)vKH zQBE&p&c%LPtDDgfg*}Bb^$v8hIab2Ncsc$shdJ3(y*C|CIW2QdwFk&r+y? zK#sWn+ns+P8;_MVFU*da=X6pU4qQQk=NrJRgn0PPAwN^Lvk4={9DIG#y01*T2(4`m@!H zlcu3N0>xg%V#PN>n+9fmF+3(nX~PHandrb2qs?qVB=#Pcx5&6u7j5x<6%(a0po7jt zfSbYMOQW~MZT!H&l?_D7?IAFZj5~dxV;u9mk7W7s>a-TE=01yUJD~F);+W)e0#*G|JnC{+S0+{PTtik_Sh?h~#*hwIa5TBu8K z%*zc~oOnI&;$#vS?Fi8z_BCw!R|e=)Kv2=*nr|~dg{=C5=hth6H&W{bKuYcsz=!dr z5#!eh6_z@!kUEu%@I#E!u1-7a-{JA=6yzKoKEd9zz5V_d=-=M$0jIB0^nR6MsBIh- zOW_wSB-5Lf^tZ%*8T;TvcsnZG{vcA#VHv$2paQLKvrZJ8P`6 z(}X$FQ@@^2S`hNF1@@0WHqj2^5l|4w!625!f^2weGYNb)UVp&&m*#i$A*C??p}q)+ z2>R#TO}t7m34Le*v1x^t#>)^|SepW3)ym{henQ1V> z%sWMA8h3K0aXAuHuVi!{QqNSGNy0^ZIgAbHFqsx`Hj(|-&;F-VuwGbYXupJ)B4+M|2isL{UlUn6V2*YS#Kx-C> zLFbt7;9}FpLk|rFh@_-r1+ufe!27OJ84}t;AtFqsWKI*mMJulzjRKr`NZBKKGD{`u zB8ueE7_}`wE#*B0$s&slw|FN=wIsF-1WIk3@Bm~w%5$PIPq(^T4B$p8Q9!cUWNwPj z2y^KLSV=(@T_>@<6P;{LCwU!w&)_%nyR9Yc5*V$zyq|><+x0GuEPkrI~{)vU+orv8VW~11i(9UxorS=maLnEs+{yz8^vc?Z*zsmS0YXXLv z(d-a7-!`$+uri#C~<-ZwmW?%&H=nTMt3TfR@BL!v;}l6Z(ySE>5(XWerirLIo?lZUv}y|N zy|}?JH?GKhQ*0y~4~>GFP6$P1uuyv|kaz_`q?YpWyX1>4MYhkF6>qYlR7bLf2D_W$ z^h8-G6=Y$foxt9XKSzNa>0%hW zEU6DkTmcF|z2zI4CBtM`?jj@?{oKiP#4fmBRYZ1#_SF@ zPPE3nkJ?Zq($Sh2cRs!=!=B#0!5IPKu2q%?aly(56oaTaYt^Q$%HTf%*62ZfCRW)|RM1@M+0{%)-4Re-If;qK|WnzHp2 zQjAx&q!tL-Wf;C`ign6po9&nE^KE7sZU;t-I$+^3y$y*AnZ3y%mpmw9-jdTX_KDsF z)0t}f<@2(zYs`uu*0DK!)*rZIu&fvV zHTNrw`6oq@lTTD_d|}ptT3DQ2{{H3p5LW$vN1m^8MSnJVt`Y_PDdqW}2Y*U={vuB9 z#N3n9S@JBeoVxyFSPl_^4#H%7Pf0q5uYW)kji&ho=?e&59ImC zAm03#;gCH4Ow*h^=kSyAd=~<}%X5Y)mvxutVXtq}R(ij~ zwpZzuSXIR*1hFB}Jp?SWu%Lo+dj~Bok`xx&c|l|#u~*ti(7u%$m)2 z_{sP#1bP?Oe=z03KwQDZOJ26J%0|gpL502F(q(GMi;%G9h*&l#j4!NzK!s%-=M*#E z1X03omNGVXQW@8hRq9WRZz}QSmG+4Ebt%7?-sr}gcEUp4cYs&z<^vWSukM7&Zm*WZ ze2B$zi2$-bMy!cws|N+4%O|al*=-;V6PrPp{E92gIaz6kjDv;1*v`Q9+GwtpaksqD zpY((W1na+cea+cY{rUUC^GTP-*^_x}rbZcr<|7+%SO9PW$s2U-*>c(K(_bdb6*pWI4$VJ8ED33~g@($0cZ| zt_%`Foq7_dgDR+jef6ZyO?%i^_h-ciz5A9R-t1sFG#L4{M`+o>hvlQ-{nYjU;)@GC$D_&A41x0YyLqAc_4@2C{>8y;h3;LvMfyZPCRg5XdW=Uf{LPazPoQ?Q z_eT^-|JU_FV_py#E(n24cnVth-9pYHD}31MW(n-M?(+XB#;-duPYAIfYy3(w?cXsa`>kmzb=(-)SJLx!}Uce&5mC;P*#-3q4DeLAT}iGJU(t= z?fCVYG)}ki>zN=jknoi@(iCw74T*Q5jHv$jbpzoj-tyu?ui||ma(Hyl__Ua-(HDGf zyNQF2UyZoZ0m7_Sl};WSq^U8~^*LCba9eo#?Ch%|f4rhhPnIDM#d01BD{h>8V>IEs znySQ@(SB5?jwF~V`}5=Q`V;s64I{905LcesbL<~XKdkR`xu~OO`lwL<>NGD1G3-cV zF@zqk?a^sU(A1<~rm%K@=u-rRs(^iFd5rPd?GKH-0EYUzgqn^C_J?YDzRwdp8Xz4G zb7L}StF$}~FR%tjEm*AYX}FT#f;F&DYe*w5A&2u4{s(@)+0?V5l%dxqON?uFvK7Sg$_(IX&$YOpT#b z?M73YD)P?xwfiXl3>eZS))|~7=EIx0!IxbDOY_#g5{>Q4yY(0O{^IccD$-||IiQ{L zW_V(;FM1t+T-{|VkJbGGkO0cDiVUF*{5TS;SIxWr)j$7u>M1OxJENz2f0p}ZL;cy- zAH!R=yR6LG!+tsq=mOi^A$u>B&Mi$U4x#jL`(ft-?8vTu_Wx$0Qt9&IDYuUevU*8y@BJ>Z&SoUSp3=L+x>K&-Un9UZ{Wd!QYTB31;k8{{JO>c%!6Hc2m-Zw><48FSG^eazHZVBxui` z<@L{hjDx*DA@=W?(LYsD{FKhgz^8l;ErxQ-BGN|WZJT@mtJU88e3)~IFm$lKU zk)?48 zJf9=-7aAYJ>Gc0|YN@6Ie(c2Sf95>R(_HNpzYG{!4iy_ZPqQbUyOS1xlKRV2cDqNn z^EBln!n+RxeeBDZ%onaTt654nc@68IUdLP&ydlsrwmZ-F$mU!cmy9qt+I{~UvX(OT57+!3=14u_nTi>}ShF=zQ{gv{WJ z+j4Ig@Ve;j{_eh~0bU9m#m>CTYZ*Bp!^ItO%i?f~6dR6cER^ zqg%}>h|wMPGX7yJugQ6gViR2i_DvU)eTjMNQAXhw{``9SIDP$4;wp{v!)WLZWJ5QL zw&IjOjzYIYt$!1;_#mEcvKKd%x5=$d2fHZ?u54<=InW&)7T)7tsCf1IJo}cbY;2u9 zJhpl%s?7h)_Lq5$Qaeoj9PdT^1KTrgn|B@yJ;$CI}}T(6f^;5vpB@sfkUk8wIvcUEWS%)pbvu5uciG~ z$V@_#G{lW)c`U>58~e!~yYL9TK1=c{qZ(ZG6aN7H=K~&BAm&FhVngHpeaT6VwmHDF z30SO%HCguajTJ}`aw2YsW-u2TlBOC?4-Ji8DrE(T%*EYZwG072D46pVDBA1y>fO)FoAYd7)gxr-egB4qY_ zHl=JsOUo9uEJA(-8q(2qav{Y!Zx)6R@B|{;gD02mVWl?qcaVMvvh@de5COMAyZNMJ zuUjfpBt+sqz=z?21Yz=x)neXd`_#ekov+S`cg=|;jt^H_at?Pn6Pi=LHD|144M^W% zKK={JT#THn|AID*W#ptAH^Lz6s{0Uc9v>#`V1&sGN0{!DOd&o!B!gDDC~WoX$ZpOd ztfc3J(i!%vG#%$badnaA)#A(BOi)J=j{RGH}ttI`o!)< z|H7dtaYeUW7Zkl)|3w#kilR5Xh@zXsIU4GgKJ||wS!z8YRCGO6^UiCXLB9TKeG!X3 zRf{5wZ z96Hju5Q1SQuSSWNa2T;WnzF=2Kt>a!Bj48gP!^cjBugSFe+)mNEf@i9(F>{V4s;Xl z0|u$v9H})F<&<2WW;!nvQWbV7?^83M;Gl?;Y=WA*8$ic{>?XaDDj+F>d`(CVbBh<3 zNt0bf5)yj37>K_LpXmks#G^d9M_CqLsC2cFh$%{!B3LR>7lh~{s2R#azuXsH0`ks7 z0QohBPutB=Hs7~$edfE+nEgo4M3@2nNzajhu^S#kf_v$%R(B3zvd7WRX><1G!KgO> zGjF|sditk>tEx1sJ=CVyS z5ByXWzilPGJ4}rTzcoq(yI?cxp!QI}6e&P|+{Jqe@Vo$U8`}zY1nz%4z8g1j2O+Yj zM*&6xlk&~c%27cp4iZW6ekqeYtxhVj#PzH{<5nAvR=6J4l`$k#r$!uw%4*zcZbbhH z2Tj=_9hORe9GJ{xnK8O#F@hGma)+_pbc1|P!z+D3HIF`_QR#{;YOPgW3r+V2ByEkphr#N+vO@8*voP`*{c64}CeS{NSX}oL=eIi6S`G+0>D@%iF8(`Nsgx)zSSn&>e=| zM*||)9w#FMo;k=F0PcvF46gv^4OMpjwbJb z!L7$hM%j5kyqTRJRn!Rc3aBiGG7Om?kc zEK9-QSN0>b%^)T_=7*6N3i86fkmn2X1NuS^(tun@>kavEL0%9b7v&3-zCY8-H&3Tq z=MjATRx07QGz0L&$vW&ihbsx(>Yy~@b6qb&x?Vw)p@0X|EvuO!jahzlJ%wsLX6z!Q z>ulpPBYZ51I9<*#;qVm7dJ)p~R!E5xc?U!#1D{G+M>ybZ7a?u8LMp{Y*AF1k?cK|T zkfK}>(w&wIAw{_&q&qDaLW*)lNVCdC<@*)V)+`}~KP&$+lP#peYA2*VPtgXJ_T!{6 zNCJhl-AaOE%evz%tJaB-uCqewT4DWhmP6}BNY`5-b@*$RVUaE<)NH za*zh(BBZ?`hmZof2&p1hA(czuObXhElGMSK=s=tL_CiavF}Dx{PD`{^1|A%bu)mnC zNPLI=HS(K@HXi$U>WNrW3-;o+?2f;a@OND7x|h%eR-m92sVJYE$3}{D^nq}Z{`$eO zJK$tH>~f;ZS(TGhm}B0pf-^{NdBk3Yhh3W4m=gE3j09ylI$q%X+M);?XWN+DcD@x1 z#}bYD5Qy4G*dHQ$G$#}F!v#z2tYFF&L`g@%uE=99!sz9VVD3yq=eeCbj@`N{2k1@H zYF+OwZ_E@TH zMB#+g#__4YPe{Ep;czb&|8SScwQ?tT{KEqy^R9xGIzIL6__c4B=e`}A`=P=2oGW8Z zUf#DdqYs~u`{9Jt+Y?eBm8Uu;q=$?!oAPsVO6w}{chJ}uBiGLo-8^SRp<9n1U;N3; zOCrl6SXbCF_HWglrOEP~i@mZM$Ekv~E~w zT{+MnFkNgTEmoRsb@`yBZv`@Z&Sl+|s%s0FGQg4`~yMJ8(`9 zL?R&%_IqU6lpSMVobzLhFS+B3n`gc44M$=igU2?qh$DcoG`FhZ!g3ml!0dPUcxO6#ga zrB~KRmKBn;lCdvT45wnmkCV`oe@r*^bh>F|qh#5bHNx{>ZX3(HLt`;CsNIxi~jqh4{lG z%O;}y7L@-^HOl|!Cx42i{(_d8xi=UCzKmU4Js3@j3Zs-ng5Tkt&DsPk+qGpDx$SJCZv%il7M3hl$i;K!`J>!43b&g zT795milv8+FgQa3QXT^iNbg(TN&L)I=K`N3=iz&NYO}YO{sM2Lb|Avu7+U+8U1oeV z2#;?KNyc)UcDzzrcPf}so--D{Y|aKslTrMgw!_<%A9eVsD~BANv14pgB$GrdvSl~n zS6lql9o{RDJe5oeTtyx+agsK6O(e6y0(u(}7@wI1Ij_hYpD7Q;$<6~a zcKBJPXP2H+`h(JQ&+&fK17r0RVte0Vqk177l>|&yZf@d6D~BbmEwIq0If-mm0Cah2AcCVbeeamc{>%Llnuo(tSV zw4Cz1RO`mPRGZ5}&m17~m_=ENvcRc3G&fKo&9=k*5JovKsg2Sbdhm0=gyMH+p1TrK zlvB6=*hi|ry>TDvzsRyYbQj3TyOCv#9vw?P6Nq$WeQC1nYnaJw&z-qXX=GX1*S6!- z<&LqB%z0x%?&giVRMt;OZB8B-%go4~P`q{4ec3I975bdAx;@J3hLzRrABE)a6&?Fz z^{HjagUXV7iGtWT`PfFpMKY{QS@OWL zDbczD$+dRQ7dQSen);h9tzqK;bXGsHdOYw&lZ9n#<Enjb8|emzTje?&@&O zd7v!Sc~hrsQoE+~;Mm_@Ha1Ysau9ho;5{NbM9rZ>Nd zL%^~4tJ^1JPOJdya@0)vbp$5M_4LcdGB|0LXpBY1V=C~YUVf^6{C^Q9N^5eysTE$TfUQM9ifH z2zYnkA6MVf^sv%2)OLFGh+^1F#ecQ-Qfd~4U~4aJtPPqJW>J1A#-ie|y>y7$OK8!Y z^z?1T@6MSHnJs^Ld#9qOZOte+DobZQ^n+TG3})f(LRvd zZ6SLpeH9vGO@8qQz@ND|zdrqaE$_W*l=s9>8hz_19RU}LVI8HU?!eiHb@UOcr`Az^ zU>&`V$ZYHAESftzv5xj;di*iq5bNj|erBrkoprPYn=)w~#vjgNFWq~?rm(1l_hu^q)alJ-4yoA(+-Qst21 zRZ&1pw2q3Q3B@`BptFwhF`5^^IvN7&Xj`Aw5rsS(WAzkb6YGfBXdRJ`3kjI2$S1*$ zR?<01;@KF{eD4%|6w^8qz-R&b%Ec<2<@p<@60cZCeyX*OqHp^u*E z!OtPIj?P;-1aRrE7B^RyZ`?=c8)=$H5R!K#`s=aOvq9gW{ZyJNI|(XpM?UPMblFMp z!?kQHZk}T%nD$X>SQ!%1);>z_87)@(C>1G70o2+@z`jRW3jYW8k$}QJO6^sa z8Vo>SCK00*tV{@F#HD3|iuO^upp3bE`$$W(_K{13eUus;O%;}4^}~Nf6NL+3Xy&k*I4+ws~)(3#g5ROFSpz)X_wA zz{YLncql{fIV6Vgo=?2Ak${&r5)e^5#CtB3_?Lf%M)OvVIn$~Ef_Y^ zJ`Sc0W5g3LzN<#H9QW3F^fG2DnX%mdc*elkN;0jqs{_;xwPVA%4{YB7s zpZkmc|LQOLEshC&?k^Jm&gcH3&;3RJ+y0^>Uk}?tpZkkwrF`x$`k(X{{SVkf*YvY~ zR`p+7Kda*US^U$kpIy`U`q_+~ub;*HUO$WXw|*A?cdegQbzeW5@!!0D2K+l+Kdb6} z{jBQ$$okoumwUH|;{C0k#qIi8Ts%awV%q!qS)3js_{!trAp)TD5dEv`XH{H3i;IVd z*zEdQypQ#>crWW`RiX8>s_gZ%xOj+U8BW&E;{C0k#dorPR@M9ZS-g++v-ln06qorz z>t}JUIk_dXZtG{=(f3?GtLlCItm;#)pUwDJ*3YWAepc1n`kBu2$-^|LsAL$cTf7fsLgvv@D-XYn5EXYs7{ zvv~LQvuk>+pT$4j`dPfM^|N>{>u1-{3ER*5S=DD>Kb!Gc*Ux5z*3YWCub)+g*3YUw z+xppz&$NEF9qVUU8tG;IY%M%rTt3?ks~A{5J1H{nL4?MqTE;iM{mt>YE#u>FY}aM8 zX9scFj220F*{tb9EZL5hGbUJ;AD)Wclb3 zm2j?~Q^^%B?%xI~EI#?mXx^1@uW?%uK!*@Ca{aA(aYxR-k(?Q3(bLL=~ zDvv8@n?1gw>-!InZ4~rh0V-e~gFh^xMV3eKXBW{bxr)Yz#gJCc;)iWK1pihrNHDvU z#_}_7z;{as{9&yRzTq5i9ivjQ?TE7LY21zztfxhmhZod9FBjDEKos{M&E6haei2rA z$;-{$fAnnC9+jzMDzT>4to}@FE%OGT2whJjXJ;JX{U;*qdRk>_|H`ZtHMAIfo!Ezl zEl6eH`SPpKGHX!a2eSVtFT5Nf>EE~IzsLPYPx$+fhLcNV68KZSTcu@9-^*-qa9x+# zaCx%Zg!CVX%wA?2-On=HCSGn5e+)QenXN#V+49^n+tYTL?eF?4%WP}8%oayuVAsPv ze+_Hx$nsOSqZ(*cy7hV91g#Y1Kc{W?zJpIBVhsrpl(93=2ymOpkugDj)l*vkZ*9SXzZ*PRKEeTtaDzNxgJ`f9U+xuL2dlA4r@m60dI1lx4 zj$(*p{nAF|Ni|4})H|d6P)5$fsim7aVTsLB4KKIzFnd7^FCp5=1X2Og1jY- zXtH}OCe6x3ZOR2%C3x3nefC-)nqnZ=?0&FvAb=ywzgme^yV%CPBFjZ_aX*vB!5|AQ z+0}z8U9iiWITYoWorLA+7Sy_V&g)#V8-Ql5lm)vyF4*1MZ9`LKeOYAr9{3xEzx^w@ zI<^n~eX{zDO03%9&o0|t0yTx`NJcn}^*JQ%iY)u$PuK2{{9^SuL=VH?frz&2cai0L zBI$`aU-vkhL|O!Y%%KU)osB{ZEdX#kvD31R+HYuH-UbWO*+Bc16C{>aPM}9tqI$2Uc>q z@3=}KHxH$QbJRbFRH9g2_1gz3NOnbqkk7fp-xyU9-VYU9>u-tr3Y5d*=dzVU3AArS z}cVBM=;QB@63hsTCE$)04u^ae3Z6fkpwm`Z243Jtaa4 zKpio>aejH)~` z$8gDTpzOceUg<9wPQij9`f>BjD0kTrv=7Ca!?_F=sqDiU|C)VRCH7%eANFB*eOM*-p^AAQ_MvizYU96R zA6AKd81HT$#=F~x;*;O0eHib{K8*KfAI7`ehwk`4?o|3j{)oR{r8{mzo%nx%bKum z|9t=b=lkzJ-+ym6=l}2RzrW()tWNp){(HFBKHq=;Kehk<{~7z}n!e5_R{a;xCsy%% zqV7k-%BsJx+Q<3CU_V;-^NBP1IiDEs`+Q=&zw?Rlf6w{Es_y3#XZ$yxPXzv~^NCfx zpHHm%KXN`Xe^r($_RlBA`#YZ~yU#eUmEC9mAA8>dA60SoorMJg0%t)2Q4mv!LIgEY zR3e~RNXS{)1r#sTE3Hbs;4QmJPy~g9%d)ObZEJ7V)?T%(R;#7nO$ZRc8)!>`h+MpI zmMsvVB>|Cq|Nk@R?4GmP1#I8<`}+NUqDjsGmhqYy*x`_9xCij{S+jFSS3h;!EyNtg!7*45sc+4BGZ5 z2EW|?L|gRPaqUlRL;M*I7D*F-*3gFAI2eGI%>cA{2U~$g?UASWl6r&#J@Mud4#hZh zRC}1{wa22lR^t?hwzQ`>co2r>!!CaxP6=QT+AJ&=t79CJ?U#5oT@G|;(;1KELpYiq zzAPI{uGt6`z##qG}1EG8eL zypS_Xj>%W~qh;B?2+kIQG(Ak6Ea7NZBF+h(CY&#UJMGbqeGlA=D6ec4k2VU4wsJWW)!7-xGcB|+!z>w&(9xD0_$8D)2u--GH&$ig2&pu%E*_EII zoJ@P3v*~MJWI`KROJ^X{NM!IKBFYz@)D|1c7o75dRPfSOz&*mwqLd2~_W&Lg)hD#Y z4uks?f0FI4^awDroeqs0-DPHtF&qQ|XE^2IN)H0gauIOWmNDS$<&H4tTrcoCF@?4i zgLb7cTrb3zY_{8KvNV_Cq)ul%#9X z=grmwOm^&7@t`ugql}*^HNSkyVeJt0RtVO8jIiUPG4yAizNT z%(RsCLZ2BT7-U=DJ7^l1S@JIUl&GR1uJpaKT9>4_i{0D!ePe7gj;16s5FtVz+ zF+%U{595CoG!_W2Q(5Qe_~Z|FM@B$qwvj5EY8XFY%pxd+hy^0qQi|t4+z|+GG;34w z{fWdmQvfdz_V^<%Kn);}<}8005udmw5_K@zXAU$Hn$k&+^wuK-s1Z)n!R6ZG;J4JCWBN9b`xFm*5zHmvK9Jr-|!EhP`AVnubQ0v=_VNj>B6FXLO zuT;Zr1FVMpFCSb25+_Q8aY;Hg2A9QrDhR!$ZV=e@e}eL zm@LnZJt~=@Rr1Zu3HXfkH{tst0KibN6Ywo|qa<{birJ8&M9ImNO0zMQH^nZH1gXb@ z5Is%40cS)FkCfmo@azI19h5Gyj{?am^zirCEiQjT-mSjY^1v;Gf+>MKNk=GHd1Aax zjR(_JJXm(9zm5|mAbu;+A7?z6o`?s#8u4I|L&SsWa)Jb!vsaI>2F8Pl$`N$T`8wOl zj*tn!DZ(YCM5}Z_xQa*RNeAP@X`5K#V1sQvS#W{GgCzlfsd%veHhXRUaoB6Y|IA(s zPNy{`9UoCP2$0hVy`*l z!EE+g@c$Qk?e5UGqO?uLZ?ktLb2`Nqkp2d#xs& zy%x0FYrzzIttQo8t2w5tI1@q)ugl6YK~^FrKu#1y%s!*y_Oo^mBC)) ze#|dzuLWtZ1=HDU;txw_uLaZEYxIY8u-AfV?X_U4y%tQh*Me#6HTc7l_L}JrOW0Sz zRC_I$YOe)T?X}?1?6r#Hw%7jtONYEB>@|tc!swd8UJHu7CelJfDviBXW7%usf)C6DFUi(t< zS^sVJ+E@NH&MP?kU>N^@Y_G}wPP@Hk?(h6xv)5#Q=TYo6=l)Kcz4rf)f9{A+9ei~MVK4tY)3YhU@-bep~Q zm4B_{dgyaMwO{j`pq;%+Tl6fJ zxBcORIB$gUYP0dZ57vMWYiF;i+KsGzu0+;8-VWCg@y0s6c(b-(8y;c@@T-m>6>#nB z20rx5uet+pw1q!G`%GAX=r#k_f>=>bhFszPBOIE>VmW9<;z2KZCZ zuC>~tIqa`_Em17yMmo<|DXN#s1_3OZd?G9CnU6x92{fRh*a&&yA^6akN-Xp_AwG=H z0X|DkGp-JO&=#&`PUK+@G#hacIL1bO(+~4wKXp&hJdla!swIN|*dC;#+T=GhMOqEW zRX8tp%Hd>^#P1>fGMoZK+^?(N2X9}n7wYbdA6NVZ(kJ}4*n0^3vfW=aI5rEdG0$5w zGj~TQnqK^Yu9a?N=MnOzE-@m>FO?gN&;Y>476E$$(B5SI%c@v^)ib!#2t*E@OhEVv zWC4FwJyDTDoeFxJ=nv!8&p@~}5dKW~ZMPn|E+63qn~a#S?9^<}l61j7Fegpc?myft(|3&Pb>uQ@{a5EvK$Aw0(KnIU=4Q6pcidybeM!3SP+ z^tk#9_*!ipo@3h?z!L5C`z5w9gw&Zp8meAt3tvYjk`!ITZ`^qF2lau%!dz~XtFJn& zE&K%-L70sv2{AjQ1i!JnpxP`1enO!#6k5fHE3>tQPf4L=+QNcFq1gF&M08x*eFhL% z=b2q{mzziVf_PZAjQi$A;*lGsC!UWOZB_ErAe$t;bmuPc5uvY_VaTh$Ld zQZ*Gt2C$d}^~S$Nr3q5MD6Q_(A1R%Xxi@|WNDkn0} zy5Wa~I+=x5ReA6Q)uSRvL>35TmZ`d)AMxX2cKr0FPGJ?28y~DjYYTa991;XLV)lp= z6Su3X^JDV_?lKc@wK}-No~P=YQVr0`v4i#XU|kpDD=O~O9Ul@67=;h14X7H5k7niW zxOKXly@u*1Z1H@_%Pu*RzW`d}zRP~lI};b$^iFugwT-A4`1F*EcF;UmLpl76ogpQP z$@8F5tXwg_r{plRv*F97Ip~gl*o1<{d2pte8g4N-F62SbBBrOBV9?q=C6Ybeg-;tX zoTP0~)dSKPp0z8D;li|h`I`E2wHu$yl}6xs8_a|s-T_q(L8#Xj@GOxSPkfi=bX9{g zib?a)>_pSGg)udvlEtvW68MptF6mg)Irf@J2VE(SrvM;kwv6;5N?>*{1`u!3*2&Zr zX5%XFj#b&Kv_ZN-eV;7tRCogf8%&-y;(%!@{53X%x9375S$L@JiH}9AUoq7JFxF62 zX2zd~*V_e}V9gt(a)2N64k=36XFL(kU5ERlkfk@S!>l=&9je9^(Y!%QtNk5_hyqX? z%b;6Y@W@)Ke;(g#YDN=F^Ce%O$)XsAtI$nwp;C)CtJHE57FiU_X$u4Dv%&yrLk&g( zf3Hy}mF($){-AN}6y$eSdjh`17r}l>Jul8~54XV{Zs}+bn|nDbXb)R^InGUI5`Q09 zH%(%-mxF>}H;I$J%Z^s@5S-Mv58PCiwGSrj42YVxs0nn2S)3%0x}S44a?n0*L#{Pd zyHE;4|2`PV9X5452LNIq@5Mu`8PgT#ip>%)i*5rY}_vZ~vKTF`|PS%1%b zl>F^IpwtjNSHmdX4x^-XW%N7H0}BGqKB zLn3NTb^VP>dV0XVX0*)t=BNyp2fh07$r7he z6pP~>%w7VCU@=Gzeq;Z{qh>L%6f&2w*eX6<>CqN4v=8qX85yaqipd?GnKqSlG@HjC z1$<2c{0&L)ci>SqwaxlS$wLpNebP$RIc?#3Gl#Uj4|bf;o>mQ}^(YON!q|c(z2_l) zsvG=`{Ur?WQU%(rBu4>;W;zOdXnwG&M51RBB^}~Nt3ko#Z{XI#nvew5u@O~$1)kIr zK(k;)yYYLO9S{R11&~JpVp@PDJkk*u(pED>EA7_8ickSF;-}da0263WgSpow@{EH)ZN+P`-O8TM4h>=BN^=lYzf2HSy`2WN zLu1mOhMdx#Mg)8sdm5E=#gB%@tis>ERk&9b7WGvqG=K$_Ma}b)gt#|aDDVPAK)+1CSS+q4v| z64U|Q!m?q5@NhNs2!#=^&?7#I2rcYsN>)52Z7d*-2RhLp^hs|s0ik)G$q7X^1&Zv4 z3KA6A*(M|wD3Jo`_RuWH7?i11^AfG%zBXyqNqA5V!CaoA!F`z5{je$aH|iAo8~fjYF>?nFaMMuzDGhM!<2!;Zmi_$z>~C(s z(Q22VA{3zg4PDfNN2#p(XYmg$rD~z=M#(o^BUH1^wyfT`X5(sY;S&%dK#@W`dJimm z4;p3BJJBAJdgGd^J<_JCr`S_v*K4&Ope^7&uwbl;aKKull}&$TJe!SNP+xfzfB0&k zE@9ncAEH?IFXAJt`_fc@_`?v`RO|i%yFYw1Gt{gA9I@_i#4C(>fKl?I)fVGRY(H2U zM!!dPiqq(Kt9-E>7LWG&S1>Vps&egHmFRn$?*i%B)s4HW3u3#`{}b>usLf65GxXqDW96QRvP*Z6VEIRcNrSQ0(+X0oeE0Fn(notieKT8i#ja zPaxdlk94%}&qK?c;H&Obptsn>HTD@_HVW}Y0(rZMDHv$kT=vxy8-S0h?3--hGDwYQ zV?BQ7p&%3hC*2#@h%8Z}JTZFpRRLOU9Sg)$3w(qRNqHm;V$p1tDU9@eZQda8{|rW# z>evX%(g+b{vr+L8j`K2m=BE{b3QOJEJAe`ZVe!c_xITmzxqY1?P+sOj| z0>4`y&A*)+9r$zD<8GTh{_5QcjnclA=1TM39zpfpkbB;ipycIbVRE)4MsKy3qZbHL zeOjy>0&SMzSG5qJ3el~s2<64dMBvKg#+LP~^RQ(Js-nKdpeNQ@aaE-%&zne8dASQn zee43D8<#ad2%&0z&=mBI{I&-Cuo~ZCU4f%vB**2Rl#R30VSp_T*Q(C@k==IK??j#fiF!n+fjLIY$CEG*p9VZ045Nw z)gZwE8Iyptg*>7?2`pKL*9F9WBbdQZXZE$0d)Z+?i|h_#>#7FFhbK9pj-&fBNN!8B zq*iO9Xzb??IsMzsV{rb;5l?79^UMn&%quC(anuLfx*NxP*wl)I$vhv5V zS2_F(L0OEezoia@73O`yjM(}qR(sR4KLM`UL|TUf_^-+8;nM@e~ljAsIQAf zMlRtI1FdUy*9N`#h^~#t%7cH28xP3QsKZA1pfrN*lki?H&%V}so%aUsjc8%}O0A}g z29PgznY7i-|8-<(-R29g^)(n>1GjD9;;Fx2i|A8-^!zjL>}KNhBZD5% z!|&>?>vh*ky?9F?8hQkkPuT0%CLl|TzTiOR`~GOJINBX3c-Pl(q?13Ia|+&))J1>F zBV(QqxVFfxRKD=xI&b8GC5N$quQ%+@3*n%Rwxaj-*4DUY;ir^eT3gve?T=f0#ap!R zEz^tJv`6dx;T=A0T)Q@ZV=pXsBcXOJ9?;AsXi5l&eh8@j@qUi_6}G+IVn|#GhTCK)fqLGU%K#0@Jk`FpX|G!N zo2}saGsEku`ukWKcudmfKVXM9T)~@^8J^kS32ERddW^8cYwjWay&^L_vwa6X@7Q0} zz7LU-=x;>9o92Yq-^MS3zmsCWL8&CCD9k--hvZd|uE`8ZdU{gqItL`xN8JvowY&83 zhRl%6HuZHtQf)eN$kw}O6r`IoLlSJA6kCN-$=)eEy=aGYlY(^nF(J)O1L<}~h+ znVBJ(cpB+|r0|qyhxA^y;He@rB(rxr4|eR`dVEW8!2$)TDl;S#<3D#mQW$^O4r#Q4 zG%GVCvv*fHAgSJsvqRe3O?o#sGbFQjJspq~?b_OGy~B|g(1{c0gQ@lIO39{S@D(VM zWC7K+=j~voD=>>QfH7M$*8xVg=5{-nlN1xpf_lVTS-!0@9se~2B-`|w|( zQ{T$~#-vwEYsXG~h;IqXM--UHGJr9O^|S+wBG&iqU`iF3A7=n#w&t4-Fbc(!>|nlt z4+@=nJOdcBH3J=BRBO7~!7No^ex3o0*_yu|=!lzod`sZwZUyG43}8%3MIB%irS7wX z8K%HIn*of;HxnFS6yKa{2eS?C9N^|p8NisGYX4WqPQ~#p(WxIRFfU~QW47ic2N>0w zU)jM-RbXDp0LG-$y$&#nQrFwT^i*Kp$N49g?9QMY$B|DKRH%W)%ZW!i*hL+6xn&KqN>)A zz332Cboa4}s=gN6i*mkazqsv3M`udT1osG|QoR#8=JW3p(d3N;=$RxwrM z!?t3VpoqWw2ARmHM*3R!$FqeX-q!u*lt!CB4P|`V9~*u18aemm)Mdd_=rm?@@w1Xs z9r4$}KVMrPIx&8cIiJ$Q2aye)?Sk6(L#M-q>nf`E)f_3*zE}S;U}gEW(!D-cy*aIo zMNw64Jw6_cZEpc?qGM0Ev0Ijb0gFp0rI;^XHFb(FeB@0Jz8I%Q+?a4T>ft8%wT&Wt z(xc~J^qt}OlXD*K_J(iWcolhkm_6dL1dsl3tMSA2hcMl%MfR+$se1TxV*vPEk9OHm zhmzul?92(j>?g41`@V21szs*#k64+y9q8%`bqz!w^u*o1nkJV&+-{6rcL?rx1iH^U z$+&lsw9X&KByoCnQwf_4_>DMJak)#m{r%zX#-(VDFMI=njBIXza3dRf&P>&Z9e-nk zA7c3q?YSx09vwwqTbpb^%fjPoz-mCx(12&}Pz{)YEDHa?z}{#A1A1fvRy)hHTWU($ zTtHcg;8Tx0h(iXMGG3*;1hcTcMQbQ;tEq3F)kRmnm?pzGTTle|3V?r!>P#_qm(yXtN=vSh;dz+`)fZ@;Yp4=p$@e1AQ211>fjaNq+QzMp>h ze+=JmNDG1QIt$mt0&Lu)1Z)Vdc zE>6hXT4X014?}OP`W*3}qXOX-zVKfmSlZH44>Uq3LiyR1*XrxAl(ofI(5lUMp&5bV z9dz{g!&~(NE^7Ao7aN*fBYJ7nJ=|XaH)8!xtV3_m7BLo04_}uLhonD0&ljBpkpBGK z*ZZS0u^RmHMQ*_UD+T-4$ZW#)Mb6f1K0RVq;W7ZRU25^lNYHNtYtjqW;=9Y&)U*fe ztT!!_KLtB^bl!Yk&YG+l3v%r^?pKVMIHtQ|IH^_F#=$G7 zV?lBo7D3wvc;6g=M*6k!P@19qLTZ%ZHNsRl4HP>;7SxAujOrFW63Wk2+hKaXf2duh zq1(g!(UG|Ey_M-uIy;TsP)9tG90xDEd$NE>FIW~jE#Sgtno@v>j?DJEuwMuMx(|#7 zW)5$X{Cdq7{X;oA_T=O;X`wViCHVooP>;;aALa|+!fU%Bz@`0sRChCg82 zx4$FJximWFOuuV8;xzo>L&iJ&h>b;_K*6Uz*JdwNf>!$~pv7yrbX=;FPQ|OLMq@b? zG&_yYBLfRQ37w>1L*eS-cZ`JsJ4QSS0zi!LI{;Z$^hvxAipIP98Bw`acQqhE*iv_W zgr=M==sIMSnE=9@Rcp}t(}}HY-G!}6@3Q@;A&ae*3%0=X7eBGAXqWxt8hjidEj=sC zySS_0wQFS=qZz;o%SX{8d_8@_*UM0FGyF=FB|kk+i3nJpA54ezm2gSxHUG%fo9cIi z(e#2Ay?CuQpW#G-@Y{iKlOEoGpc{k%Ev)Pcr?)HamSbSU?tDs!$Jew%xcQ|dt2S2W z>#j{e=s++y7RD+x_154i9h48Oztt}k@g-}LaU+1{1zvoY2#&$Xe^@W2B_bWK&-rm{OM z92b;L9HZ5Z_`wnnx6F09rIi1l?B4}*zEuCZnf*HlKBpw|9qsdl-}8n4DI;ySr(BiY1y}2gIF1CL zkR6CrdGzQth?!Z76`~Ck;o+A3zMwf&2>uKWR_Hin9BKqI!Pi{D+U9rdkN4D(rzf8H z)nBkb-p%B6ijj>yq&?6=m99q0TC512wCOLH_3uITTdh2&Tc=&l55pGRCpp7(jcHsW?DaejM+L=F0ACjQEO=O_iIl zN1giBODwL}!~X(1YfFhp$i@oax?OR%KXM1|)7YiW=Q-t&7Ol1#56Cg*C0ZZ;0>fY2 zqSa{lSPC`lhW3NaA%@FFZP6|GEMKA%#bn8TlZE2f>X8#*8(`jX9~ijJ0sC`ncIpK?xqP<+y4&x9-iJ(mg+MP5Ht zi--@+jmoaLb_T;IU`KOAZq?m$4?HO<@ZtCS5S@s6C)sWE-W$Q z9ISN6g)$h0Pw*8qg>V@A9^JJ?@BBdi6umR|SG(TQ!yj>+?Toy>n!^cPe*l=uKzj!U z8d%MN4w@1!IHT&oRTN1LR;X)bR;QB1MJr+RLO@}ZHkB~YBFp-gqEC*%4rmEZ7yBK9 z%b@|mzEIlvFk~pRu(>Kvj~Dr(G{()rW%?{O322kCWpE%o1JVQkU8@W#+l>?!CuS`Xo&d>xP>08j4T+QnV%O3e*u+%yB*40@iU>Xv|8@fc*>N_6k~3q*B87W>Lao|GT&GQ>5{L3=$L*Gc=BH!P1rw50-3R3f2eN&wpnKy zbr7OW#&?m%p*nuNd|9BaV?Ku=Z_#+dKVf><1XqR zG%?!q9L%$P+Jtxf#k&!i5QDg1Z0u-YgHSKBVUq0+!xMMNSck8E*XIYyvY>WhmM$*K zf)yLS9?(C8y_XLWq8cA&Gx;Dc#+meZ;cs93ol#c`N_!8~yDIyUb9~?;)3jQ!x-zHH zFPCV5e-a-Kd#Utdg!bHE{6p7hq1?pv@l#fIbYc zs^Z9=XPXU@a*6WJX;0j!6x2-zfOLOAw3ASq2=gUCaSC+>1ynQ zO0wyq<<(zPW8DUrkd1a-l$a~VIM!WTp~gD;Y>yC0mqM&%;8KcYV9+sc(J{HQ^c2`a zqkPf3TtG6&fh*DO@(|y>fg}^m3$Gt)my9w33caP98=)$ z;^d-I>Hpq%>0dQN1yIHN>9`k###c>4yI#CEI7u!~Dc-AV<=6*030iI&Ic}v2gJ-&mhezt zcoz&!F(#>ZD=z|FaUs!7p66ZA7jExgXhg+t7dw>c7}CePR2ma5)gzcrsYdvsbD^bL zg58XF?r~?uyBI6+N9^rf8e=7Eca>;M|JGER??&UZ%8KB(&?8f`tq-ge)#>faD*Khy zwpX715bU_D(0OH9yGj=ik7I%l+Cp)!Fz%vogbid0HFLDVr_uM4{)QB(e21ojujXAe z9cKC+P)Xx~R)-}HV8#wgs^fF)ib}Wm=acxN{{xydF~uoVgSqHDI^1NSu7EQLgDykV zIq2>|_X1$6*iJma2}t)K9f6!4B+3Ne#-N08{h$v0rp9&Hsv-;wBz+3v6w3EF?Lthj zO`Vqz5xsat^$-qG(5l5v7@M0MLXuE;9IU~!JB*^cDG6c~!l44I5LW;~UQT|4!(beS zEQd(g%7=_@_#_@XB|;le5Uw~;XMyk;9ED+MO~5$0B0ekt(LsNPv)p@-8H}hRF&t50 zyD5>OYc1)EvfI%#99PAX_A~6UuHgCJVvnt@Kpgia|BKgFV7iZ)C0r?Vbs_-L zg}KwRX|ZxRVvI)tWkwy=U*K+O)0Pf6u#E13b+G)`RCx8`O>o3)lEDQcKQMl#9+?6& zWKG2xR#K!yR6rlywF))@0|bGbFJ2?VG1L=mQ-~T8?lEPj3U>^KtC=m1`-?xWcz{bc z@m@Z7fcSbR*K_;@AM3?$p~V}aMO%X3!0!RUJ_5L~Eisg5uL6GsADCHc2O2Q&N6)AVPAwq^2Nr11wp zKbw`G0ZRMU?e;zdwZDKHCZG@8f#?JIE>S*S864u{eUTCQ0h!vF8pc<=TU)?m(IC5f zwAz=fk~|5^8hjnE6X%pSLREHOaBE3jg0>gGZYLE3_izyrtn*kAdel(H}U5BUBt=~@o5 znfZfjFOBwuUVhJCumkQ7TA2QV&k$>^&F4Y`YD%4|hp&K%oa*W3Or6sxOw${nb8su1 z7fen!_rU>zQRo4K9RK8P34IK$o1CSGUvkd8zYfe({hE>io3x*Ftad0`D3%MOR!`*e79=+6b?5%>mLmxIQ z18;lDsE|etQMt?VF3b9Dl73T^DuBi;S)xo3)23Vonl-lN0xNM{Ikt_ zpb0Zr>{>;bJ{?Ju;9c0O&6m?^pq^%9xM{EK3;rGGU0I5w8%nYcco$y~zX@Lk_}1-# zBit3o^%xU8E8T?I@8 zIL_Rc$e14p&!yvR45skld%H)!)!4bs-lr+JrAAxYpMy0Zd&Xr#Ksv<0#IT-K;kLjX>T=pJO}X!uLRZy<#S-xVBNNdrb0tdr^lh7 z@LEbeq%^v}ct1$v)5_P=i2=)qPI_Y`v^bdGQ?wfC+7B8eapd@LaRCgz3si39e7S4UOad0NWMmSlLE*IfKn$Jq3!Qf~UhGN(w?;1Y` zvLS)6D2dS<8q>G!hDKx2)`Wk{X0O22jHPk9nzy|e+HPSEb5$CVL|*Ij7V?nAhP9t~i&502Y$>`(3~&ET&CxdCVEk!89DF!>$%Y1^E%_Z{>&f?Kn(6&xb~ zND9q%vCJd}Q@?2o)=}d}uto=~7zZKY5Q?rbE{RBL?GB{+BeTVnwOkMgn_l!8zjLYu z$!$Qag>oD@T@d40A={boCt-e3ou|9%5t`=9II*IFr=7C#8!{-6A+Vx}<$Cd-H$n|@ zK>5ix9g`=e8B52)8B5EKP3H91SJU3Vdb+7U2}$#DPR+AV4;ixnYW&L5i(OfAtPi;W zYTMS!g(qX2V{-^y+JTzQc8o@0m{_PV?)OE@>ABe$yaM%&czpyK0O{R>*(r<*Wrp`e zXB@ouIV=hoHqMC|E63ZfPaaMnfaK2 zxO@e>flcp2?J%~vI#UYwCj31A@Tw)VQj#YCJ228&_=_%&sE%l!gW7^8t?WQ*i&oo8 ze0DSko2pL-;$84@rd=O%SlQ7V#hWFox5*2UpSqGIfrEQ!theKA>DE8{`xdocI4SsdE#(tL~TNS^ybts-qRnRosA?cf;YOjFq>S6HEBeCtCSS$!(8JZ)(;T~jK|k0BtF)y(IDdtGKz}f~VVU>@ zaF7~a!3~##8?b2EfIEgEuB)cSW+3dun76UR`~i_GK5nRli{M`vGQbGuc)2V*7M`#G zrUV85(B}UE+5nzQ>@EBd{lu6D)!=@Eo-2QGTSYm7z;IL{hEPPg;QSe$GXNJzwpIGB zWNBaI0v!uGCJ+}4AqIi91BurRX~wvu#=x_$yh2lWSsvrwa-pCW?q5E8ap$#%kfM8 z;`f7>A&v>f)>i4T<9^JC^Ert<#VWtak7-S|vHvMRfFm5&l;c%*ZJr$M_lhLJ*ehy| z!%%`xA4j?L!`2$+08~`>5~}+lsxw|dc`3@q6{uyL=$NO_M7HnyNCg}$0f~ywwJb-( zGugg}45}L`JFdyi`K+mSQl~JF{asXuL*6BR39g5ixNwGlm(ZnC@R2NMbN;9TndsX_ z08_P_0Zi2%Jq)MV8)nebsaT{FI*SXfx>&-OdLn!YR_M5Om4b2DW)H z&JGJU^?k6AR&^oKvB zEJR~v9PxOFZ$j?ZnVW0j;hn~jCsV?l&HypZ3{nSg1Bg04IX@1g=^W?=hney5TTlsN7g( z3tb+$=J4q29ywgOv#8m!{}>;2Vr1sYC_4VIcl3yX80Q~65red-KJvCnHbZmum#1H&$ z_OI>gFV(-VKcV`!_kCOcRKN$u98*}}_Eo}?AztcCz2W0d;$LYFjr2xBgAWTf4jH2% z(O{gzbj{$r!ToTKLwmz481w``BLGQn_`Fjlzhj*(Udjcs+5BtpKfa@OC79uijFmzg z<1m`Z)re(8tkg6vX>cx-{90A&i;j4VI;)6{)*H5W(hEK?<0}x|AkNpF#{8e7;g~2O zUTOu{zVR^PrF!@a{-rm3(Fx`jW2McxwP{lbeQomtZ}@Fl+2+Wtu$WCt74eqvd0?HT zIIhiq3k-;#u-&~bb$SgvZB=nBGftBd*XTgt)O7!jgAy`>38jhOuS*dL=r{EnBVr4Dl2~b zufWmi7Dv2Ir6T@76l?^?VihVkURi4w=p;VW`qUBqbvi2X591qs3=*iTW<4s(=wC9z z(shY3E)ivvSZY1hR}7aa#`)^=aRLs*l)0W{1?YlMTV;fMnFAc0FRNs-P>fmbJK7>D zZ>yum`&UqTA*u^ON8nY7w*ZEWOMe1vz=l9Xp!-Ay9i7GjeTpyI^Kq1&C#y+F`XR7b z#{uwU_-EcX|G276&EglegA6SOKG%mUWTD1fg}f?le%Y*|q2#udjKv9@f<6rxvBWUAem z@s5RGOaYSdJMQC--|wd)8XPko+j_mSUsW)VIawL%J+RzWS>#&>ZMhu^OqC#qi`}f~ZPt23gD!rtageJ#I~a@?ku|hTtVqj5PH{`wfDH zc`<#j2;P>N$~Nf2K=`0hfkjtp!BR+bzjz7NstRr?@W&SFGqc3IYe(#7X7pp=2-8&t5pjBiuy zT4tp^aKv3T1IsCN=^rC-1Zsz~5D6Sn6IDi(K=c?m;!XsPoQB3^3LKfR#==)}e1ScH z6;mu8tHqi#&3F;9zyY^%EG%e5DLdmu(TbtMT;rFhH3>C5R}Y5&ape!l&a8Dv6H0 zumYpcT&{^m#}4On1)s4paR23iS2SQbJhIj+fZ@J@_K>sq*z+&D+&ft27F875uz>mZy?O033kwM4S2VyKnGK@Uo!FLcYd)k+jCjjfLo;|SI;76LL{ zilyfMR&HmKP#(2mLE<$qq9R`7b8UVUeZ$I-JFdx^5WZE+k)?h{+L=)swwYaH@LQNo zcd>Ya|7mIN?Q5M@<`oIacf4*9nY-KUVaCis!H)VP)`^L|{i6RGbgLDzwt4oY^W= z{P|ML7_vuqpr@rOmSx3{l9*7!l8Ep49d>FYQ6TzU7C)`{j{Cm@#_bT_@lTj6iS<%N zf2@C@j2W7Z$qi;9a4)OL4dx7${o_~rB4wD|NPsDEO4rqR-4^VD=}odJ!e3;=Jj~Bd z!Te0ZKYju^GUsQZ?VO7F!XIL8lO(SlfbySUr1yADWlK-WiD=jB)Uz-1*BE!GfBYhD z+`x{IWc=Vel_T{g1S#VmW6GhfwqP~J7hc7A%6be`7YCA0p29oqc}ZiTSxk@ z4k5(jvctt84a?8#DtA+!pcIM1QZxQ?Dq|niaJobYEcVAZZRx6n2?8%R)(8`Lq7{O9 zQo;%`DV?xJjDKQLQ{43@P}b;Bf++$HQKks|i4ZKBA~PSu@=sH#xE#~kA~tDD$P3RS zbOYh=DtP5+|QcZqCdxF+!BVgp5%J z9GG6jnDH}XCRJpH0D~qsuS2j;o0Su+)mR9XXw(1bkN6A{iXXlVZT=dRm7xk-N$Ebo zCt7SO#P9=C^&^bn;u6MJ^upMTo`^_tsOZhcC&V%8ehgu8T+A)r6dVGx`BcOf3QJ?} z?!iE~jl=I$;|4?!k|E>ch`6x=xGVi>aW|tau$%QYG6BZ2eh*_7?AjuhZ%SN6=5Bu* z3(j`+0{%a2>0>EM=S@FuM zU>-`_{26d#Vbu!sUm_jTmYzU6QcZ=%B=k_~ROl?560)X3HOuD=4sO#-XWde}L0}wk`MpeKj~LfevWpe5O$Z zsk_2B#cUOQI!TKNJ`*Sva^B_zXbZNlabqcm4Q`*r*b<(RJ-(?_R%VUHNCAXf;A~)h-7fEI zBwfivaP^i$NEzMmEwHGVD$14qXJ$a>j2X~b@k`-X@L0tejd2s0SZzRIj6?C(%9m+O z(ipZZVu_#F76`Y{sBBzdvUqsdNJc&&p2CWJ zaKjV!LW+7Y{jJJARyHxXLX5o2lvRxRWbkg`F06N}vqdbnIEE422klix@a19zL)BsP z5x^AzQmB&gKVaxo!@A-R@pnLLsWA(o9A%3yj{9hNSu5yVQjf!HkYt~vL47d>(4!jE z=zh|gro9M5F*QB|+_OyP|0+HM+=KWGgbCOKG_HgpWNiIQdwY^!)OrTIAQ*wa(5|k> z9YA_hxd+sQj%hW{gOowE5H*LWFdmMDpmv^?h0b&q3p4*z1npu+d_)S<9A@K&EI zPT?|y6yM2h7S8?9r$T#6VDy2~e2*&xmq?W-el`YmjEd@Dh%ZLd5rjj9%JAuJY<#{2 zrYm;u!Y{EjzMOkE5b=er1zfmjfYTA{CqR+Y9l6KYv6MQ$(aSx1q3*uO9FI{uhJd#i z*MYN>1B`Y4ittlOV$!g(G(V5KrM?yn-F+KgPS4WuHj1c$<2%$Q_WGSj=%*%$8WyQv9F zW!eI+rU5m1F0~d@XuJz_ATS7BEJ@6%a8}cRzBrp7`x6iZf}Os`s*zb)>Oi%3#|rxR z8MDnM>G-eY|IV*HKf{Hc!vXfOfvz7(KOE1;K; za{#@AuhE=;oT`Aj70^4KKnEv)=BEI?LIIuQ1p1f)`U4Z_A5kdYHQqhmDUL(P8sjHW z_oD|x@f~=}M)0wqukv(~`rgGL4fbN>8jCKHbl`PIya&oC95*wu(6}9m%svj;|5JW& z8#6H=Wa5X1I`Bhzk{@_YGWnq!?;SoGPrOo`mM1!U9OQfPT#F}OQ6iP#iJi|0Pn_s= zkZ%NEqd8{{R^%(AxI}ZF&>TQ-OaQ$l1?cw`(2GkPK(FR&G-typ3TO)pMRUIH1ll73 z)RO|VL;=0c33R>!T4MtJ2@0j-i4*a?BTrmUttLDX9CZ|)xC)8niL;SCsV%5~ZT=aD zzR0G&=nj1`6Z)c;=!-m1w1d9z*L38MJX2qk%%@>v*B9rJKk}e2LUS!$A$?N%A=h~J zLPi#K&=0M>6xoIe(T%4HEnavQyaVp!=V8!MRpCo`jnF4g(9|Y+A zV;n%g%hza5KNIK(08ORaQvlSFZu@{8irOe68@*NCPpID{-Qpt^-5QZSF(2(X9%uJ3 z<*RZA9(v8pEMYqz%uKPl9Vm7z3G<_QX(a6XJse1#aF#_Wzp!Ca!XEg&AobUy9Y}qH zuhE=0a}}lj&O*_gLMPC@h!F;k=_z%8Nuw*h$Ea$yqJcTV{QDob+-V7tPH~ue*@u)QHC`Vc)|I<7w!&Iom-u zoV{wI_JNxCh6TIjZ`*n#4%3dP+9D7u|WxgD~isV_KPqN=h;B{SgT2REozEvPEa5CDz)`4r0wa!@}z#;lw1d z{_-m!*4B{@ydLChH0MwsMXbIgMl|ORC(scIpy#Fl{iXtXf)i-I0{Uwc=<6tyN~~gh z>qx8`vbhlJM9Dz&2K_J`$)(lO-my)> z;J@lme#_gB3+nTG8bi>){kU;DAMw`9b#Y-|k7JZ_?#NPjE##!jV+7b4t?Cl*FcAK^tsPQpK(e0EH>$5IZ)94R2n@vEIo~yj&ub^;0#hUn)NjcpL0P} zJ3gQNnc(y9=h*SNmv7OWeLWS8dH{ELy~znPKLPX16qwg2n4KLkPf;+RFkvo5nN%8` zi*Fri^Z=P!X!PjNqtK`liKI~g*^}aA&A*)VO1L&|PUG6J$#4w$nNFz2SgeDFbfpS-Ju^*0`K5pZoJJZwW)^8>0GuEPyR?GV<93H_G zI&J$}dO8)f+357)$rhcqgRFKs_5G31X>@^|PFM0RnsZfGMW?&Krb4F`tu~m86EGi1 zf%(P{1?IPg*+_1AJg2&GUDn^g|LCvNtp8Xoe$#Lr*@GuTwrSTs9J3Ksk zxgXX+F9s;{Jh@x(yMMJuj;Q46gSdpGvLHShfq~e3q>gnsA1hWoSzPubB|>nKG1M9VQg30TPqE9yh<*UfF?!_R9Vh{K!O1}J8WSfzoZNH#7#V_nQj*K^(qc9v>%S{pxt|5x?VD_&E53qvHddD`yxQS#*QpW-60t z_w#T{a5m`|PZIJC=cj+T2=aW92=e(-1R8e{gJ7w>7JxwA7i7jmDJyjQWnl)kw` zlFfbWcGcXHFVWsdA3H{SUH?{lPdJ|TeufdB=>0P7-Tr;HHxVAhpm$N97!57;*~L1k zC#gQWLVb1-^{LMAIoSOe>NCFAral9RJl4>owbP>_9~u55(k=P(00v@$@cahb^Gj>^P#gZYesDRIfAYW@vYnj_fi+ zn_fRd`v!jQ@{jC}x7B#VPsP?;{MwegUwhE~9Dezq^GJbSjskts7ASoVt^$-OMA#i9 zsi{-tcNwEsWYuWaWY#M+C8~AQh)p zR^AOIgAz+5k(P}`2N*gyKmI)D`%AwoDx}o5e+T@MXYz|}crlqG&G2HS9D8_)?Xjy< zlVz;o<+UWwgg@@cF?VO=nDf(e%rjW2NyjnWQaI+*qjL<;8P32l||b0yytPU$`8pZg#h3Nc$Bl%cpRKEh@65U6ZAbgf8-@2 z6%~I(nQy3I2?<@k{? zPaI!35Ndfxxt?Xob&eTCn;Z(pq!sMHVl^in;d(1T7zFk~W@!)CY{MXM83uv%dc$rE z0zCfteXaJeh%_!fQG)0-RtC zhoBjNy+aNiFM8j&1Iwh^QtpXDXebZSjUx=5r|`&P6YhJMneW=KT~jY^bG)AZ@uyuu zDoo7wph#i7AZZ=S{2}}i4g-W25uiOLXqB~#ILh>B5KfTo;?>Q4&Si|al3QzLjlx0| zcUJ8W-k=&&c|Nz06*pEtyRvkUD+^KIxRj7d0<7|d_)=wW=&oj3qh=4@qBjg%|2Amz zgWQ*cHylNn3rR-DV)t;1&eERw+}MH(qHy@&ULI&T5*nl)(BnhZZ7;aWL*qSZ;T`CM z|ChLx6Q?E$ph5s* z@`OKaSeGZacFm%eeWf4C8Ez^%V7vh!P2;EF9UpeQF#vzjogZRjNk$QME4^!1xnti1 zWMB9bMaI5%g^S(IK#@|ahZ0J4z!V|ri55vKJn>&oapUX5)vE3ke67Iee+yrJ!NC?I|EiAovg-?lv5T>GWpZ2|IPRQ} zh%s=VjpZf+kcBc)DJIhmk%l90T9widSi1$#xcXtLlpbO~lE0if;}CSl(tseWZ-T+J z_%O$KoZzoNtTHv3LfCWh7c8NE6e$TI)`p>FNgg|fj1CYqY%%s+VOO=%UY@67w9W~4LjZbrfwNqAmI4>Jw{|QqpMcPEkGyA**y4I zr9Lt^VN!JDaBLWF3C`BTBl7Xozq(BJsNsqy+D@`r6@W}f_5*0Ld3VPSbwun=V;VfE z9gj=IW;EcijkqKQ$cP#e+OFZ2*fMacWJBw^w`$ha&pxe0oA#|FX(zxu`!zZhf zyQSO~V3{)A)WKiqpRy?Q+Ly-Lil#HQymVYYw?W zIS9(uva%k;&3IdkayUukV4gRzNh8a6%FS2Y**vVvDFB6gn>A0D@$yuHJ;Pmw$zxVi z$*C0;cUP<|8KMd+dM)Ylyl-??Z9VRZjCOefk2vrqI`*e{FrE|JBD6z~p0WV%tocp` zi$%K}*l;FZyWGvM(XqPPh~S$5a>EbM9n6WZ*AT={fNtcUfM>Em3D4Wvi!MdZ#V*Ed zV=iJfkvx>(YU(}0D0cOlntw0@d81ug|DG{_>~pNwBth{0s?UubvWBze+Sm=iR5Fq6 z;d#4y|M`yi6&@Ebn%aM%s zJLL0o|4pCKOYg#&5x3%8%c}cy7q++KKG1P1^p{~w@SlduBK6nRbNi_{pxDqOv#0r^ zV>pFJ^N$$QFdTAI|2MFlO*ejc{4^Z$Hr-deXAVvVb$`KpILHCc`n7trA3WR3;Njlh zhVlC@9VNqe+#1KB{y`~(1+0KJ?h72CJ{_kTeg>=FesN%Ad|u5eS9pBhg7Nv#AWdDi zO&Cq+WSUKQjK2rQ9J>kP_F^aaN`?N3{ng+UtH1uye|!j~w1xZ)7Pu8%y63q1ZtwSW zXesvl=0v~mLBD4mN58Ae+3(-8cImp5OLl$M@pOH6S)%JZ@F-m$w-H@`8MMb>q4bN; zo9F4Qhb{&NaEGFfD=nawyu6i2TR4vxaJ_FGVVa;iu5@rveJ4;f3P;Qc)s0&)qND4T zy(1IzYF4|#6Y~~K%&)u}q=z)kEHT~l^9C%$O)KNG*b`5Sh zEW!CoOOUQB(#x?{AnL6f(6cQ7X=iuJBhG_>5Q6?YKd_Vr=7l$k?42^B4m-IaZ<9pc ziZBWsNC?}fzUbUSS#*&9lE>@{{G{uAAAeBbJRXT+WMA~K>m?;etd85eY7 zp0U40QR5Y{Ekb{$9fx-YBvlU;5Lqk~?s6Y1h>pEnbaBp9Y}cfapGcOCj=h;6eho~- z?nS4;_*6~bLNlqV-t>2{7jQ|zFrWa-cHgT<_nXS|(XXtg^6XAIL;$?E&DK>9h3W zS06$Z!J(4nW`d9`mAOVYgin#OV zLr^?Ze4|VA^&qBYvqu@ZKp#%L6bUj;keAsdJSInnJWN3+%Zd)@P2+X;)Q5}R^{mh( zsrMoKFuwzUo(&Ks>|^h_j2}uOJ#lXE)RJ(|`51}TJu5T>k~^*F{TX$zvDV@e005dg9f}>Wr%v~cz9N5m z#ix3t<{=az_*ub$0Dq5h0l-7xv9(b3J=&#BmGW>cU(S&n0%z8eUpm?Z#xY#=m0GS`Ff3SrH2U z6b0=X%yu7BWI}ehJX`bNwjRhsWI`UqB{CsDTn@Klxdgy-+{eOmq0#!JFwZDVx<>(d zaZ<`8W}$g=_KSdl|FGg(kD#^UrtBjJxIIo*>C~CkiZq>lVIsh#t$M+BIUVw&&4}_ zCgeuYr%8F?$$8-kd6Dw`$fW%60tbc(~(ZJ+=};G@qR1bZxu8}CV>wpDs)B0&qDevyw5`VEQ{kKk30k{>fs3g z_`=G{s8J_@D9=b@{Fw64PPnR4^uW96ylmM!H+l&+d@Eq|2k&;9IhIYy^LB zUZ0FdKj4tS@o3UPj7N1zhMQ3rd#epgeF>XZ<^K!5N&dmipGc(r#PO9{wzxHPxtz#{ zcnjmVxQ7P$F`62P_QJ5akio`~Xa4a<7S`cUxQ4%x>ka7GEF**>Ub6G}{75hlpN;KO z>4qeCJ%oH&vEgajH^6G&+_vLtU$_g4d!XWba6S}{aoNxNS9wMa%(V6GQ?SI?NcF`TS2tCf z_#T8u?AudEEMYz=_0_D*Ha`Ao`uPB^zK)dSwr{okQ}Ujd@;=P|-afrB$pf$#A;9H% zxH%~3#&NSaEwx+w^ic`^mHI`)lfAwMS4-HGpdvb7wK z*xwRcf1rSh%RQmKC8O?Xuf%dI&g>4C3skwTSMpEmn7@=JZhksj> z6^i_T-Z^U=JYoFpC$Lv|CeQdn{N&-sqvprTUZvVZsV%D=rJ&!lje(DM!XaQX3XF%x z#xsG1^Y}nW(EsWfGRyw7!9!{Cqj3;*9}Pm-CUfcZIdpM0bTNLCx_AL#n!5PM@+i9a z+w!=_sK#H=)dO7!tv}HNT?oxTJ{RxM`V({U4w{e8!#hNOVjkY}@IDOh!|*-~@5At3 zi1$Lg7vjAT?=;+#x;?%A)Nfj;yUKGD{*=`DE{?^veVS1RTeN8ziD;fT+VS0%9r9IF z?|e^=e+WW&9K$lnfhb{wz?11w&8P9n+0l~GZze_S4z<>~YOlivT zF78Ip8IE8==;!}o?@QpDDz^U{+Co?p_JRr#tF(gBDrzgB4Q=U-O`!@3Dr$dE#j2<% ziJ)x7w#X$!ap$?~b9A^ReK9sPuE&Xq#GTA|g~TEkS8IG} z@O$L<;dqb;55uE_VyShhQ!)UH2FB&s&IuizpM^u%F;!3B9}WhZ|AD5;dnJdOKP4mh zR;c-NuxlLl;?giEr8;*o1Mp$p6d2zmoF*{>G(u9P%G!|L*c1dFt|?FQxqFOUQrxf;Rpt`M-2i zGi?mO{6M8c=|*DM8Ro#CkU-;ue4oMkX}re}GXcZS$Sitq5`~gp|J?DSYmtB8V>Dp+ zlV+GkjO)xJ#z2f1#HQhbvcahFx;ARGI#nAro}&4ZAuDuP^bxmTUk}kl9aF-gSn=iv=p|_HMJrlE0?X|ihf|?w8ZUnNzP|pP znu=3tVMPB8#x<>rXa=HB^g3 zm74OooHev+<&Q^Xt!W?DZ|C)z=$Rd^eL(*i&pBlF3K02$f^s1E=( zz?}$iX{F@$mEdZtxEcp~o#U$*Ko}SLW}iU6=cu#gy;{NdgYlkl&&7NC9gO#UkN5N| z`$F!j9M(Rb-*A2CER2=d3jjUO?HSnI=V|W1j(;7?S7R?pX{Ug?I?xi$!-=WBcc>x? zbVA8u2$YBw8*G(HtV~QwRX`!my1f1^?Y4^DNJWRllcQ#>IGVPJ_Mi58KWUHq5TgN{ z0O2$sI?N$WHGP{SaPme{8f~h1Y=AmHRO30u@~d)#tzt4&fM#?UvvC}(whrT&-WB?D zPg~6MDynYj7|fRIE4f%xDyk-8em)HTC{=ZNPK$$1#@2FrNYAO5s_WLsK-hhp2Ukp83Lt%0ZIlUq9yy!ndn?bdoPSVa{voiCA6!r}#* z^i590x&xEn45}`criohDCi*;ysH{Z{LS@OIZWY4|fh8}U5D0ZC;>A`5vBf>Mf1sDA z<0UcVl3*eLM=le=F}0%SPVCxx;`fOOL7bgaEgZO_KAw9TDFbUn&MGKRwuU;7@Ym+! zS`PKl3xrJp<$9A^&LuQ_&-PA$6Ou;UBukBNY@&m7rR5(c1-=1YkTNGkqFu$m4l_8E zx_ok?Bf(a=45>)tnX)(uSAj?H2lFF31Rb*|6MmRr(Ski0bc7u}2~MW4(X^U#4H%l` zfw%0rIM4NhjG308!`xiRAKSv+F0it?ufCXP^Em7`mwE>nqHleZTcd+e+JIpWZw2RF zjCaB5i%6+NXR`Q9!F!Xe3ATKsHoC7h8Vg_mJ?FI2R^(gx83fxlPeTC7LvZ`1q{Ye6?2^M3xo1@XE zJiG$FXKnBrA{;~_{efP%$O{)Ou zxe%XiI^u-Dj%jY6-Hou&HmF19x*~Otv;I6R*eLa0AEh=RAPR2n!Nw-HZeb9>U=0Y@ zE*9e>BHZLaVghvXZOFPxxyw>p=5+)nPR7InOfEyJ;6vg$#-dsjotl(1W>G>J9N3x%k5UFDlqDog)*shTuxnVeRZcT)}sqXySM}&5h_n_jfcMKkqY#sFdEfjH*N`) z(hP};z4}P$>#Y4ceetPi5%l%)Mh0Z<2|9gUMk7vihKovH(`M@QMP_qQ81lUUo*Tn9k0_{!W}W;HOn)28IU~db$fJrdwx?)bnIfs z42jNZ-^D|3cOn(g`J7Ry7G=04boQSl(RsY8X?ly~zYl(jiHGwm#^WEUIv%@c$At$A zGrQ=3rZtpGZN!7Mjo|ThrNra-Z{xvZ8d3p|Rg6Qm7>8TJL-dt+%z5X?@pv1im>Bet zxqHTgO+11%Io{<+`e=rxMZ;qjadmX=v5OBYBp#hN$AiZWNCi9=F%H$D1h<68 z=Y1p|WlN46j~8HPih;+mUoswpd+B(r;o+-EJg}1zkN@S-@wk=PFcuz*@ez;z-^7E* zWk>})o?{#^{^OSLSaqVrW8C5+$K&C>G4W{s1>r-5pK9a5W7sCfV=m)REpl*6cq~enc$B<-8bm*z$@i>ndP2w?1;<2nOIv(c`8^*%JkBQj>;W4+j z#3Sd;BgbPblpQhXMaSbzV#8Q?OuEekEEE#5Yw7a);UeO`>=mR5^) zct$Orkt$n!@*9!!QPPLX#kAN14Fy#$5z$Dp1K=8bX_x|&{Jo(-q)!ZgSLjM;O$p`j z7V;B&YaLU?2%-wyj^$Aki}RW#tv*p_^V+Ci~QCqwqaYpJD@ zKB-bkH5uus1F_VJ z-SH+}_^(3m7FsiRAdKARe*=$ne}M2FZcjRyt|9dV`$uT{nMs*D^0I{I7DAKOJUHJ} zx^7r;d=-=_Ce@3lo38fZ6MV8aO+G5<)a`pjHT1RiYD$_;F;crGY0Xwi;cCI@OKANc z?6R2DH`D^Z7pDQgYs>%1xe}X3M37n)7#MAyn#3=e<;>3DR3Jrp)`)`7W0T!HyklS4 z;KP)S2!25%S1sOp<+L8KagL=prf(T~P8m6C4-6j3>+y-0n?MFzdI`){au5?z2(6fk|szu2ciH)L{h`6#JD;UFbm4gKj*W=1hE2t7L&jV zE)G#U=~E3nW66VgtGPe(Qe=OQ=20-BKOqn9ofw}y7>jh&p|ABc%YzZaohlAz)XuaG zQ_e!mY5BCgKl7Sr3r zLcHS;n80iJ%D__W{8Tdk{q!w*sa+4r{0m>!^=%rxL}xye3f;z1n>#dwc~^1CHVtz_ zi%#(pMl8)VSN3Y}B_RqWdCWEl4eIux5ji2)QQBh&0StS#3N~aA6nWYEJ-0@K(_4io z5Z`!=3&Eaxe;GqO#5=lJ9dFIcKH$m2fyq$URvT z;OKHP?F~%S6z=UlVtO#RFp4CQ{Q7Il;!{d4`%vVXeFH~J^u z`OrlsxtJnWkP=+VMbms}KsfraV5Gs3n=KgXip;w5U+Qyg_pY=wm;?2O%rNFaGytt! z8>@Zo#ffN(oF}n-S|F}QgJ}e6uQgIVN;Wd{CF~E((-$pNC)TvVMq=V$AJ*5)(bPrm zqah+p5ucNuS~iwb$jKj$$Cl+Mhpf9a-dx#W^mK0#mR&V`th0WvWY`qY%sqIxA(?sawawT7a3UK?ba^OtN@%h;G5Ifk^dkQn_=v>@;in0$C*@kV? z%QQg58HSrpAa2q@3|tBk#zX|4bk55A`VyM&1oG(xsAcX)u~4*$LwLt12D&1(7{mZp zi!JmCfV`xe1Ty&rW4>?!#uj6)q6ptuo1=WoFQGAp4TUg<-GoSVy%FeOvJYX%Nhe@O z;uY+IrneeDpGDv32DA`~brfE*RY^1@byZ0qVeLjN3#1vj+}iWV<+c?>JTifZe++yup7?vW@*!Mi4 zQ3i|?wDpp-4adY{%zH-lNqT8m^dT$?@hU17r_eXr`~x#MGa6Ts!rqL=5(AA?1C0<4 z{{jX}&>qa07>Iia2%NiIBc^`X7!aHAHgGusaRQS=wOEZO1jLZ85{RAuj^r;B9+1>9 z1IunFp9N8ZkoC+RAwd>uQfF~5Y1w6yGIz)>hLC{(VNph24K>`884!~gC*IW3@>qZ( zf=^O&=6`_dQ6^EAgB?+IDK3_ak=&ovqMp*DITO0b=Jbqc4(7)pe~iN@pNAhyjng+8 zo)|dpxcvPjS4|BeOU}3#n>xuMmerEq0XuKN?V!0M!PCZ+7Do$DZjPl(i_8s~b$lG| zf2<&<`eFy~R<~aJ(&Zo6+}RqX!7KmRRUB51qfF&^C%s3g-EX{~2v-dhr3h!ayPaGI z!{4Jh7Q$UbH?;CC8VgLtKQ4xIS5}Lk@hxF6zO%&OsOQXGs_h>ivA&f(i`fYnADliD z2$=fA=LV<0>uFK`Zj$<85NkDKq1jQqxY0-|J2^`eh?vsTs#gOcO%>&h@}gu*ND#U|z!q9fWFd`*nzF0U3zTC*p2lFd$i)--<(i(l0{-Dk9S?nRjBGC{ zFW9*yKL4^uP?O){U-n?5{$*!VJLB*#o3Nbls1@&YFw-ipXT#Jp;9vG4D?oaEerhl= zzc~qSLepdT!x{c%9c3982X0;7lz*A1=IUG=7#5cF*ZP;WgqZwe{mZod`s|2kjpbz4 z83J3X4@NsVge>qRS{dPHM!Tz$n;GrdCta*UZf3m4F5Jxgqe+iZD;B&1ko>0&Y)R|h zT5-iV>1f7UiD$14xtbOE#wMjv2xOPQV#q8E=J1NnO~Dge1sT=hU76wM(nDM zN92))zJtt#Y|=f_Y!&1HfZf}n4<_#)9t$Sh$Scj|d)pTBN_&%=(gG=2U5at21&u?R zQySt%Sm0scX#p3y7VMSw>{9d{?Iov+V#qT1z?~ySS}ruMEghbLq6Bt_iYja~r3q|p z>Z;`oZ+qZ%5hv^>cmz!q5FqbJ!P?&2_ixFqt2Q!T-s5$$*R z+QELHuB<<|DR;O^&KkpcV(_;3+~LL%%j>gwbfUdFes{PlkQVN6FQR{`C(p+%_2h?b zWKVh@)A->?{gn=p2N?Jxia%WYw^%|APK1PFi*D7mV7}&I{NWr}3&cRuDlSJ^gyg&`MzRTi zxMbiBB!@DB(Es2gLh|}n63H%)Kv1x}Z3@pwf1HQO11vgyy#hxpz_~d=r>_zWdvVa0 z<_~wi_UOS>Fb97)9LGX^@m$TbkEc61{`Y@KbJ^EbC<+JXOAEi z5Z%g1R*O4uONchNNqJkC3$6%QVlArMoQ zJa`Oylku3#IAHw8E#a{!QQ}c@|B>VIeIx!~uQDE|9Mti6nMa@|@lYfl>n@It$3?`3 zvG8~V9}yl~7R7_d*+32SF_UqC{}*lvkLQ|6Jc{o-ay-6j#Q*DM#-rB(9goL(_-PUk z%^z;rMbYs%huAO{9)5g8czpUsJb3g2YQSS6;{g9J+!7vhEfSBMdygEC4;u0Rn$LK2 z*stR;hewPi@zDI?UcE3n9%m98#=>I?J|a9;EQ|+_ov{Q;CvBOG@hIUX;-b124qcj=3a$KIcGJjP)#j4{14&p%2f9(Rw7jz{-b8o}cd zd_;IW{aQSD)FTz}P#6cqf8dtzC_OCku-|nA{%{_Xo;yXH4>Hjv3v9rUnv(N1Ww&O1 zN1Pgm{HOTRVETpAli>sxgdLoX;w$jNyN$D8d!K0n(i#g)(H1f(WKcmLzOVpoh+zV; zqkWuJ@DVWr1VeNDLzEtE_WUB-eDoaij1>C?Me~P4xDpfOuknYQH;<{JKT!qTn@01f zY4U#=CH>*{s~1K_}DEtZ_l#==vG*hs!2^I12uPkZ8&uj@3SJN5P3_vHaoaRXqN1 z-86R!vp-x7c~zPxxJ+L!f``eSrG-;_ulKvA6~3gJY9yU5GGB>JdiUX-w7%W1 zDU*n+P!-+2tNV90?H?CFo{|1>MGgGpRv}fme_WjUyz7Zxc6-K#`Nu)6Hf1K}G z?$1tpWPc9iQ8A)F!TFwZa+8r9 zutfKeJG-HW+%x1`8$8yqUtmv5(8I_SVk_x8SqO!Bq>Efj$d%Ttp9;y7(;!UXU{r`B z4!@alo*wE~EHLJDOv4tu2x=bb@IGc}aVcqVE^BfF$G|3_4=qw_uMJT+FOcjnaHgqla>Tl06i>-P}WS z;*KAxob&?o=qsL!g``ca!aGJX&=ILcOD2?R@d|wcFw^%+FxOVV zzmn!J@%hUQe#!vA+ z5b?aHnX~+Gz4xJD2jG&2eankSIn|Z?>~``OyNys8`fO~MlUCwoybX*bNa`30#DC)n zLDFT9gk%XkdP35b{pB_H6Sic>^q)K7U(v8(|GCz96&0JkPck;VXo&Eidn4p*CKqNQ z|GC}Z{QZh{5;HsF62u%;F-oCc?55zFX6WgMYZtZ2|<#$TS7ALHZvr;{4~5& z%>Hu@v?!MU+;_DGLciXB?uMsh5q%r+G2Th>v0QZ3+VT#iM_bO=CEHRv-P{(#UqSA# zbfo@s9nhlR)qn1r$7A`=O?av?|G6*lwxR!ANAAaJ@fO|^2B*T7N-VOW%#1-?{&NZ{ zW*V>?^Pl_WYa^+o++XECxBjsZYv}9g8gb*lVpDPp@iE@QpX_Mv@@lahx76%`J7lxJ zn-;(S+$btun;MZfY$N`2Z5wNE-2QXh9*x%C=}$J+-f!_1?d{9mTP;4pEw$JEy=?D~ zQ^Wk{-2Mqx?4Nd)C(^$STPp7pS5bp&c!O%pF|cnMZK73=|1^yT#b;5v#~z`2){1RG zWBnP$pUoPWfOOIP*{p#}@Ww1)b$>Ri$d!3t9C-eb#{Jo>B1KO+Ei7pSKWjeV4fjWL zK}`K&{%gZ&OEeW=OV3*ASlbMnKGOzWZ#UQ7oRUQ@)aok}Es^Kd42OKj$M_#kNad5Q zaAPXQ58R|&b$M2}F%3pe;(k~Z;K_74Pg=CZJ|yNT18?4Sl=+p(nQ8LFw5>D=f?khf zA^Zsb1b5MG^<*NLKfvF}v_U>?Q>N`ph8+n|Sz0+_zcSigYb{8QCL&=wl=UE8yRkzV zg{^KR@2VDa@z{TwvWeE<+r%Qp*c9#;r=gT}`}-!keODx=`6?1=OFMG0AB5zzY5vLw zID^Z+kr_-t2820+UL8dFdeG~9Ezzdw!wM zc8Oaa1#46Oauc;LA&tcrJPXdFWxxh{3!WSr}MFd3&FhT)&c z3(^SuA0=Hj<8NnYJe*^bmPf?x!Z6R<#i@@`IBLs3%s)n;UaXeK8RA_k{ID z5uI(ywrj|s!{St#*9WzFUYmzR=@c#{1sTh3xt;ea^dTQ-`FH0yanQ2U_QqBwo@VYb(C><%!_-B0oE_F@ zb}@)Q+$B~#9M)$iK){MjNUPw#sn2@jiu&xat+LMwZXw<)1Bprff!<$7%r861sgGjw%l$Hge$>%mxB_GljbElAHxs|)+um3So(bodj9BPz zW}YOn+7BPNrun4<3Jc?xrTp10;d&?x`{yxQh}ZE<^2vO3iv^^6C4>EN{Lv|S&&MrwZuSdSp^ICws!u!Oj zGolzs8z7SyYsfEZzY&MW^wElmAo7w!4OUE-hr z4C}9hkeed;L7i8Arnl&?@!!h+I_l=w{nZ%1tU-S@7+;pWpm!MUv1p7h&)&ryCBBg4 zK5DSRFOLi`by94886z{O|59eq6&Zy0jTHIAkeiubRP6m2FS{&YmLzt0cc0z?jSVl~ zo*4$eRou;=?GoMRhQUASLBKx)&m_A{rni9q$8RM34|~k;kCE$#c;yxQ6q_05EK<@p zlvlmyF#e^VOZYyAyw^5;JqE472V@a&`%^K#k4-d>?`QG&zEy0!lQWp6b>IU$5;Yv( zKg!neuSnGfcwJcSL^NZOy1S9l;uPjU>HwuKdIyk0IL3F)CHx;KjOgEB`1bgWX4U_^ zKdb`|VsayrAJ9ACXL?KYze%J2@#YTrjrcDi<5WZZpS^?O6Q61Hk5Nv;|BH zs9&$qKQf3)|Hw_!e{B3?ju)>oj}iW>evAkI&1Xd5e-}O@{JY&3hX1V?heRcwNd}li zZ-M_08zue^-S|7=f7WwR@$cUyYLy) z|J`Bu-->}nRN|RN|MZsVe}hK<*GIvB1cm%K8d+U@iP4u&GsjlC<^f<3Yu;%KYFc0z z1Mms6xC5?QC-GYksjo@VqtOb30S3lc;2joQRL)?k)`R!+u+fkKR-dYO0MCs0DD*aT z6uQf2%!07Y!=fQ4RyXuvUZshUbGP0N4#T_}>=Hf*T!I2kOkfvn@DX*wy>r4k;itRN z2?=+h6JDeRLmjZ&n5N`UTbCm6aG1%{|#eP#{oD6)c)Z;Fo4VeEP^O3TJ`|epefkzmHXiGj{qS*SPR*&O&(H2Cp4xJ zKFH-yXkEQw24~};uH+Ff~_2)sHfwhvB(nf=FQMidS9AYngoTzth z^@sJ&22Ab5Ry>nS>96Q5dS}FX**k}>HuuhNou57`HQ$l!aeF0Wy6Qto-B}pfwDDm| zKU25Fo}Uhp8Pu+p8SLXxC8A5P&hCfYni?N)=0NoE`EF)GVvgs6dKZK*5U2}6^V4M~ zhjoBe+=$Pp0}lAYI^ZIVJL1aO`uK1$uBZb({#16rq*8MSuss^~6*{AULU|Ek$*duj zf3zu33v4{ljY!2R61c$K(7JFvrP25YM2DKxrfr}};qGA53q@7#!=Vedil@O`Zr?OS z=3-}{=Ws(C9<-x)L_XgY{wmACW>JrR_=o=7(}8w&>Jp}(Ci+$>{?>47g5Ay7_N&93 z$o;-L>zR4sza&2`4&H{1Q*4!8p->MF@J-;L(jUQ=fn-v#N3RsTC$!48)bl|Vc((@L zbAisPU4MOKTaaT7%Kv~AaB z1c*Yg|5NyPH_&&t(sx&C-(80rO1R}?+1vgx=H4d%7yUSjh_2T3yxyxKbtVHynQu(N zuyX_Z_rMN(5;WnVqo-(J#*CbqX~7e4N+HxP@bIC4&?uT$iy)&=n%+SG9Qw0)~rJ3fMDcdjSL9RqWm>|F1dQvh|gw1 zmwv7aOcA(PBPLu)4%{oShor88IbP5wyTpq~Nd2kla@%156W!>$`83Sia7F0ezD}as z5BZp>(eO{xj{JzgI0u{Ew4g&RIO5YPUfvd}r!=E!+d%r>P7E0$-h{q|ISR47o|On} zU&a;GdxC<_Y3Gaj;u7qP#g zFw7#w{vldCy0+sTg`m?63EgU=!yJ4gfY~}vi@IgW-iw1LC?;^M;t^;=;QcCt(J5`B zgVG^{91-TInzk#5EIW-h1c^eCNuqf<^~5&OW2@dHS|~Z`l0iY+L=wNj{ugWD31}Rj zLE{%6@M0&&O|TB^Cr48Kjik|Tr22}wlZ=!abTO-6aGR|DWn0YEzogoz{SbapD^`DG zu08wb#N5AwjxI9Jh1!A=n%cKR+V^CBZfVb4Ju<32^8u=F9QMqQ%BVfHqARMc>EFYs z2mD4Shz6cTy6E;yKi-78E3`ic&cBd(!`c>o#4!l#ln+J#J+6HpG#<&EL5PBUe`G(BuIuwmd3 z-ETveu_@DzD`Ll)@5`Ye<5DcV*}*Rk`{ggu@V@>n9q*|2%Xe;J*zC&y8#nLz6D9I| z^U85y*h~9m2z!^=AhT19mw6pB^6G`W8gv3@JPH|W-GEHPY?muxyR3parb@G2LJ>im zzQEE<9Td}Y`OIY5L3S}aPRr#dy~4W4E{1EC%hr%VrWwjuh*B{D&*XCJI(myP+VZY8 z{~K){t#$wBc@{Zv{d$$M3r!5?kW3~fddviFDjNav5wCU6Fq zEtMJEjtm-f4F=(Njx{<)+AbybWauaOW2&NiGyf8QwEY-%={5yupCOU;Vh4$^2cL0GiB2ct4svdvu}RUt#>Q&%^zsESBW`90mb&Z9;{yx%#hQM_Zze=lXv^8Y7XHHr5~lw;C$ zTE%CYDe{hqVR-Mtv`!qvGfn=}Tay3FH2Hu2Z^e5k#cnsG?`Ov`T>BSEyhmZU((rzy zdt7*rks0jzkIbMeGH4*`A!mjmw?^nYrs?qwW*@@)kssp0dt0{%yvN`(qVFCP!tkDk zfkMo}Gl_Q@y#?O;t0dl!5C5%rZ+tl_-e=svc+Y%8!X+^JXn3E5n#V!kb=PwS)3gqI z78yjtyEdg!yknXg3z+{1@00e%gZBiK6Gq>4nyK+6Zy4S-3=E?C%{tz8ToK+g-;sD{ zoTuY$wr@rCUi=i&JDPp*y7@ZbVfMw9*D+pQ7fQeyg%Js-io5`4Mi*nL}X(i8FVwx7$Fc;ChW#Mie_SmMyW+=-9x?N1i zM?~b=o-oiK#NZ&F#xrT&dWhZv^o~m;=x-I9=Pa6ki5Y*h0zb@qH=2EM$BR1tVH1`i zV;TPkUX%FmgA~{BAJ`=>{F7w{cf2k$SjfXbL;QDkHt>h?oTrKsbO$kPew3H z63L&rt7+_Kpd1tSR*{U42>Zo1g<;NpyL8Sh_Ne0+=x+0n*pSV*E%)Y4`=fyWM7;lvq_?^?6HrbVJJe~W#FuUe1Kfsj zMRXr$$bVe1{Qr+8|J?`c&FUZQDSOzY{)TNmWI%-IzRNHlns%zi(GlSWMB0ym)cGO% zA)5@p0`uU=1K1D0vsKjMCLhOoNc$lIs&ipKT!Cn>0&MMzqrF=pyqZFuv7VEQAZ<(2 z4sP{lZ>K;dKG*j%)Fj7f7p{?>2x&iWZvVg6)F3bQq1S6TqydGws;jBQc7OA+A z21xYWdd>WJXZTmUA%n%wcosNb`)Vg{h(gA^At|KYIpG2m=NmO)f4nx*{#ZzH=f)IR zw|c?;m}%G_=@c4@s?Shq9~^I55O$*$>P}c7aXK6xG>rbRh)%@Pao8X~nDOgukgpNP zhuI*{8%z3c{E;@uACyQN z(y9qIPYPKzJx_~egpgG0<#72x7t6i zXZN<)=G%DfpP(D6e!sBlo9v%mwA!zJ)m(dhe}duiz(&P41Vb`Lt)ZZ62pY9bi_obw zFoyCL;fng1_#DN-7&?Hcnf@D$Yf^@STtK};pjFAWWAki>%*CCE8*F%$h)1Aj&KTE2 zGANncu-weQhW!*y0?9)MMcPkO^eWN(Xc)D-ru=cL1pccjC&wD91wLJHrv7Pbh{sYz zElh#0O%4@`?zN&|*tI!o^y~QRESul zr|cP)RaARy0o(|NqFaaIAG()}+Oi+9-0+ov;kSw}AUXap`)s6r><8L+-=BQn>FAyE zD!ZcQACD=w*Ic@C=GU$(k{@C%!tFw~%6PMb89_6@d3W}-MeYqu0 zwV*`t=Q`_hb8z6{a!-=mcR2)8p&e&cdOEt(zj6D9r?`EEj-vF`a}?jT(CqA>54X5|xfyQX#aTt^n~KuE4R%&)R>%*l61g~Feq^3dk5W`L`mozS#922a$KqD2Wb@FK z_9ArcNv`yz3c6PDO>!vd%arsQ9Dj$ttHb0deI@!0eK$PIm0s;iUlu%7ktYplE;TbK(9x*;%zEsVVkzndy1h21$bWqfSH^Q8(QB5=H?`OeB38)SnxoL9 z*sZ!#)7-cMild3T;XE!pm&umf-I#fR7U``I=@eXL5ER&m02#Oej)EOp;PQplL_Vk} zAE9yW^ApC@SvFAh~)VF@M``K~W6YPqe@pOo&lY3Z26$HA)}bZhLlM90!yI9xgek16#PRY!6Kk9{L8{WjlR&gL_;8#gGoeRQn_&$ z^yTtj3i_LzicI+Zmv~R~2wJN}(6ZQ0_aLuz{JTxO$G_xtIm#64s!^C#%)@J|AeYv>4!629>c?LNny4zDIpYL?qK zi99zw1B=qvgTFvlXlwc!>RM}2`kLSXr6w;mhh+gSvh<4#y3oG$F4vBaqNG-O;i_RF zf-*;Cu7gm3^jHTGA<4^oqT-)wDZ*Gxgnptc{ea7NJq{Nc0z&^qQOAOE()UyOj^GJI zgIY@OXF6S@lr$=ZigVC~+kbHmNQTaaA%dN#sBfp10U%FTSNbo=JOi0$aprwfkvAd( zq^whFl2TD>w)U1xOy1#O2$og)R4_hn%SK|XpDA-l=c!p>6GPPE zfqw0}IL!6ej%b}MyRKBaQTDV8;E^;*=X zFBZ<%qB0oCWMvXEt4L_OEt`oQ50RW-MiSiZznlZy!9iQaLzZSZUwSH7YHX^)A>@a} z?Rci}!X29lut=9SI)1%Xl+tSmbR_2yU?T4EN|exZu+k{}f@2lGhnRF9XYg7o&GuLk zc3AY*GSFH049)=hDlLPq^gDeyv0pgLlE*2J42t+6fhqwpAOduSVl$t^{ENgtogwAM zU`$iIx9bjrgmXtBD;nvavwHgDRKj+3OD))VX>Gu5*+W~nx%?McXpbRgX+^Psn+r!N z>Tp1g(LpVAJZHC6&<+mpDLTtpSA%2STx)kha$h&0!}X{@^XDwkJJ12GYef*#s$9kG8;>t`yVda-_?Jc z`#Ab7RAlbA{>iT`^V?}*1rfd}dhIKyf`ow|PzeoQrcwrzU8M#rkY^;9zd1~eFSw#i`jje7I zFBF+|N@bO&CD;b*g^~637_;cWF}ghyw;{Y~Kf&^86B9fwAxx-8E~!>OE#Hg*zI<7I z`N07bwu9Lef7@PnVRr2wG^HPob-%pR0}8f0-;BpM3~Zhd#D?Q-yPb-QVYp~T7ejE- znJxz5;^$Lv(H|GrJ(iph?1PJ4^rROq{8Mm&=!v$Q=m}==ZCBAn3tX(jg`#3t*wy0m zM@X-bI}uH?Rh$o!SLc!F$f;Y=45yQ-HSnM&b`hH%K2VQVcfoXTqNsinAJybe#EXOg z4RCVZP7MsTe#{&bel!imz;m-bh@C-KS_CN`qriC(H88;$#BC@;JwI#tdv@`7^bGzJ zp272B8EEyP?<4DTZuIP~3D550uT58J$hkQHvzWldbqW5Bv$ZcTx$d8}E$H7G0y4B;T)py~ZCX!z~ zLF820^gEZUV(=l+38l%{*f0zC&8)F;06j|ASaN4E~QQZFA5`2g$(gpaPREl{=DelMNejI)$ z;&-CryN7^ssrS>5+wUX6jfeDuhuR%=9`5MJcMq|ZQ@x*leD~0SXt<%DS@%3nH#6_2 zpIP@jA#dns);-h#cq98^I96BdJU5{gm@0ne_IILHs4`%9DdspeST5{Et26K~4U;6S zXohDfeej888S0xc#NyG-%cb8ws76pK=6iCj6TAlk44s3?@@~blUrq(-)euL(3t16j zXnnqce$52qNSy=*r3n)$+~jzgm;9#*ppWl)Xg&%EzVh@uPT*k{&o-FDa2$<0Q5z{v}Ym&w{?Hp;P)m#QQ`o1S3&! z*Ylyyy&Hdm_p%wfRvdpJjcNPDi=9%Ch{!+XTjR~NB#t`&Eq`BI*W8a8)eta-H9tjp5%iMsnBx}%O|(lpFY z$M6gl;s}BR@y~V4n>2wv$d}t_+pArCxl63aFM5xZh!ARp$Y+Qh_gMZ6rP&@^Lw?>alwW(wuZV>KN>rBxyHQb{@Cq6s6ysJ4bGQQPYAj5!KEV8S50!z10Tt`A ztiz(b7-f|p_Y%A*!Q&F#m*Tz@_mB=lARThY;eH(M$Kf7QB6lM0C*po0?jbE$&boYe zlz}J})ki-rbq3%0%2{am?qH#zvLwMfDMDEO<2w=|_)ZFx87xqEBR;3^4iYG;PfC{= zEM3Z3y7=y(AJr#C%?uVbtgdy=y5n)Yndzgy&Y3glXI44OomqF#&rBcR%$z|#vv?H1 zHzb5+`lLjfK|k*7T)XEA{7v(6k3-;QxznrM&(*OaMh@XSEM`4p>ukckf3I;8fgzH=!aN4#mNGW;8#RcVN-xO5*SmniVdCET%PNF4(7Vq8o!p`avX6 zY`JT|Kax3^9c0}eqnt4#y+xn1P;l>ks0xN}MM=az{{s0DR+B!gMp5)If16X>iNnXa zeLYDFh60yj3_8zQk9K2PQ@%gZ+YW2V98{th3p{%eqY4y8?!@tSif?R(XXr+nmMm-@ zOy*vaU6NgB_jbT=VrMEz1d-TL6O3rOElZT()*z-~oU8!ERG<^nJBXXZSmGBVKot$q*Kn8gb4kH0GT)Z#c$0e`hz{VNe}W zln5V$97$%9*83_xWSTw9KE4;JDtpx3PLjm#ZJv{LW4*VX;&);iSCEo3^Tv90cQu$B zx5H90tHS2{Vfy1V&e&FgJvlJb`4PNS$Mv;)rGf?2T9fNQA)uYy5}f+l@}|)`L0$zl zKu+*#(%zvvFkBR7Am*jsGYvKcZx_X%2MrNe!3I{yz&{9?+^oEr$D)fNi10{mERRl4D zH4}3?daDsJAaYw)DZYMg{|KnC2?4ADoaYtOCX=8t@K>6W4XwYeq8e4k_HLMuILm)Y zv{lTe`|@8bw%h;BjTuX&V6McB{)<-i?c&b+Q15JEt1Q>jd&iT0961xl0G0%~wmiTz z%R^PBo(AqA(Kd5N%_`w3R3GdO6Hi8D;T>e*-d1jkc?x`p zIgSJ{+_WLOBUUUlf7A);ddW^8r~(Hnj}C)LiU_J#nPe*u3LOT)vkF5B5iS}u3=JyC z3Z}!FWw0Tspb9_`!=M*jDrp>1<|-1X!?Gl|5j|kAsGwr>^Bj!BIAk@j%qze$ufSgR z&f}EIJT>iJ5Or#rh{qt25~xaB-qa&!);tmhGzZS7RU9Z|e9lT~X$>Bykla+U^r^`$ zA$HeZXdhAfw3R%VYpc%EU?ELoGlmfF=W6*_kk0!#inFrFaM^|dmPzBN$hIi0RLdb~ z7yI-1JM9S~?J@T9s(?;13UvjKpCSG)2D{^ogfi3*lW$waEL=EMoM`c*oD;jG!AB{d z1no#$PzhYCJV)nO?wHmU=Rc?dBa|%0*b!A>l`5vwnLFT>`IWQ0zS#sQd?!tGQPj`; zP4w7p8@dIv+C253xbbdMS9o8e6k^1k2j~E9#W#-zgy3W1V}w)@e^B@b^mRsUNLO<_ zcPGg!SykkMUF9cD#LO8g$Znjkr!!RWa5OPhlYC9w>c6OfBK2@^bGSXN7#?GqJbVCL z?NSe!(OHj2PG3bTPc`h`Qy|VOuA^jlMpHdSO-gl^y`3tDh>GP@2JuNzA5UsZ;9K0f zFigQg3}y#U5Ar8*E~Xg-RLo20S8j)3t2i2Y7Wt(%*`;oii9&ri#|3`JbXb}uTu|=w zh(qSdx*~OdeQ_EF6<^;}ILA;jHAC|GAlsx7(l(CW@g9 zovreIybs)gKN=|@BZZn%>`Gq^B@|DCDR+mf4+NrGrP$^}A-g(r183vfw-MEO6D>&) zv*)l*$|@TY%&FMm!4^_UsV=pGHRgm$jtgduV)~;vYb3<@RI_qJin_=|Lr>5{h#`xh zx+3I|QUqKbwhF}Y!NbCYP*EQmhu|WhZmoy2@Z6$A5A27DRA&0h1(tvtABfWZL~6Rc zxL~+kmdU1LWNxXR3C`aq+V94yOXXF9#>vu67TXO=HB3&{3eWj0U_yGNSv-TUsPZ@~ z-Ze{^*9IqQ6Z)AfH6W%T)e6T!gqKJe@C3D3=2ptx6M0){^d(H6@G*1!3aKRk+NBMRm)Ht8L5XBlb((VU~G1*9Cyy9WAD zc2FotsVf)-12zgQ6)#c={^ZX(>kD{H`~8y~;&=h<%7bOJlnk1UTk*jjJk$XCs8d+ZLplRD6lnYwXZgOemILJ+;TsAfAR{WZ)_UTPXs*-7HUqvZf}GHU+2#u)u=&VQ85e|lv8YrZ2Q$KY8r zNTcwRkunOsh4uILNPNpzP6UA5!DwXLYq$~;P&+!pKIr31q{v=@?-KF*)KhD+3h*<*_g zL3X>mtg(wOa6RW{4 zu>0EdYMCqb#q1V*%^q#o&m1{({k|R$t$wn9iFwg~n^Qvk+(foLWwzpW zj)#O_X{hCj|FM@t_{mH7=6xm|z%LFAidsL$uU9A+;1?~IImiXo5c|&z>&OdH9YcPZ z@LSukp)yyAA73+mR&lyszekXD!~PA!@7DOUt!0nwT2X*pP53=`W(dDP;YDVaWc!#n z1JAfSry`}fIyq3-E%ltt>na(apk(j$oB*SIo^4^vysVEVcXwtTnB0ZzbF_kXWv}vn z4Z~&jXSVyQs`>1@unE7}Uknqh!;1R8lK!z${`2nfV_oV8m`3Be%Y^p+q@$cOo5Od@ zQk1>Tn~qJ${MXu*@-4f`YIPtB4$vw&I^ofWa3DO{rCw@9LQi|Ctya`8#V5C8{%-l& zxiTLMVs&@K9F2N)^Mb?Bk8@=`IWD4Z`fsQR0nPpt4^hyU^R97PZ~XiCg-$QoIiOS zrWxcR1s`Z_!Qi5u;Sdqy=_?gdw9cTbVoC<>z5PE7+SWIGU8fC-tEc zvs^9`p0-`sT?l-nolod>*3Sxnd zI%58^k#p3`62u9*e4F zo(RyPJTIdxP(ON#jIlQ(W$eOJaJM*?oH2dvS;qLs9FD81O z{yhmHkSw|TDJyW=y;a0-_b%faV!Kc*vl24aAkvQ+P^;~67$niqZ=r_SO*z^syFlgy z`-O6&^Hw1dxIRDvX}QeM2U`x4Xo2nok_ty|z_%|Y@GhPi@(z+EmGXwD$Kgciz7s>a zvwfEX9Lqtk)D;LjT#kMW*edSDH_ozwsTQwbALXu!Ki>k|OkPI4Ub?4iFpcVG4}a|K zs8z^jTe7oh{inN{Px*S0V}0e*Jy^AoRH;7^?j1Bh1*B7MHqcwno<-Z1q}R14#h ztQI_QErCn%6!ZqpO0{t3Q*$6qKr6P2ccH^|`Ob!_6?8xWlb}iH6>&^29aKn%^HL>T z{!V>$GKM9qneDc_@ST~Ufp>_QZ521+b=g_XyxTRZ?f|NGV}kQ#u)RLtBzmStpl3+# z74^X-M3Jzq$UY|BbA}h>qxT{RitA#lcm)W9JU}N9THcfZ>9{g?@CWjlt>RytL?hax z!ibhL!H2ersYpa+COOO6HG@fx#-$WbH*GyrmemZWAeXNMhXRr8J>H#223sPDQmEWp zW9$=-X(X7wAcNoZi7j(qr4DFn$MS*{ymvFAnz3QQ@B6+oYwM9=Xg4l@6Vw> zR&QtLVmm$#b_CA_+c_7L<~rEixwsX6Nko>=fPrCQMCv#aYOw4er={Y{Yo(eh9mHh} zygbaX&nOhK0s*Tekw&o?CtvpVo@6372T7$YxBqQcp}OG@odN#pi}Df>yUX%M5+1Zj zh)M+M<6=Or10+ww7H#W`{`WS^+&~?csuPJ9!-t7J&?)%1Q=lJOKW8yz&O>7l79HRP zNDWV_-C4KN;>~oe-C5{w)1Um6PSs13%!{ps17x}kVaxR+`byD0@qVZvpaEKwV4=VN z>11ZXNV^LFY+DT{T_nWxM*7M!5R1A{Rcv`Q$ws1ONYntJA`A9AfP+2FEFpKHB9sW& z*id7jkY`&0Q=4tc{ydfT7oxEoumVczsBt{y$tre^q`OhY;<sA^r3>q14U?H`d6`v z00L{Fl>P2>%x?E5+h+3w$6s*Bm0j-{uU;gfE=gXLvpdcCsyO@-UAv0WEug(T%i##M{J|TUl7-~437M4$(4;CZ-iB z3LN6JzC8Ovd=pQ{ibX0OkZhj5oS5D$fGRh5mj{;^B89W@+VGQO@pdC|^6o7(v!R(* zZ67_?ZSrTs3*K6Ax&9vl2=EDtR;O(x&9i+-3jc^5%i1ambsSkm%2u-;6r?uaq|rZr9{Z zlj7#xXv?YB=%KcpI*V35*{0>xnE%!F)RrE)WYFd}pWwl-lsC7G)#c5dMy{H?naa7= ziVKkBuaY<2FKSBOq%HX$mp8p}KvR?Yn`TJ#=g1q;^{aUYG&!69vyjk?0|8aTq#-cdn&D}`!=g6Ch9sf#s z^WL|A%bVX_-XwR4kT*Ye{?+p4pO@?MW`3s_&`nNc(`cvJolbE#B}c}+4mN`EyF_CXkF+~cEDvldh;DsKvpc~E1-ny! z%!CuLBW4>5{RH<=p9!-y(LND~^&(@Fq8podFXL9hQ#51KiDi>h+aySv z6O3W7IelZcIbnAVX>-bwHm4l&#)Byvwz%y=-9!Qe_DgIqpFkET*qBTfCs=<%7N_;p zIWTpg3|O2tNsH4mddN$pL!Lr+_NJS$y@z3Oim(SZZhul}7Fir=e}W|p_NPs-Ke2Vy zMMa$6i2Z3f>`%+b!`NiDKlM-bd>q{X1^2MH3{aq97@#i8+(5*PnD3~>EbUKaMG4KA zf^_@S>+PBI;UdrLrBUK3JUGJni=x?|T$kzc;Tg(3CuJ zyz)OMPfmI{4tZilqCZQXe1%^6i{(knuQhps0~7w1C$SCMzeS#0*)~F+jKG6mDNhbu zq{|bVk*g+84!5CPYsF_s@_WmZyK|e8Cu?5#pOYtF&x=EzEJC6`OPxMEydO zCmXVwn4Rbf+_2e6NP&BZ{9!g7i9gI=Js;_=lm2(Kg+OVMx?HYrD83VpbBGj&Q#!8<*eM&EzI~e{o!ryh{?jH5B`5dS zWT3G>dFC7BMqZIRm*%Ain0=f+#D6aANl94111l7itYEKwtfw4scF#aIaCSei8uW%q zyhGUfk+b`dn9lAWH$wrw$>d9p0Pz)khY+LFYPKgMhYPxspV>HytHq2tO*{c(J+~(* zm6}7ogsA2=-3xH@v!vCz0;@4NnbVR54yAB5^(50o-A>mIw_moAmS<`Dij3S-`Uh>s z{^GnJWmEouG=*(qJx0r~u=UtaR9~zU99WO_P37g-u~?2NDt6Hf(1Ofx-}2l@3o zLeOGmL-0F_)J^%==Gs_-WfVIv(ER+WXn`sH{7h@FH^bImSPIhGi`FF$C4DFQ3$BP~ zaIINMjvS~diYBEY<7O*#fMfg+Cw`#nRzkf`<8|WF?oDN@EtMXP4Jd~(3*43 zOc0ZXQ-Hdyq8~Zl`cIotl$`L+J3Zk#yiV*s2kfpUKY?UO{UoOzaiBf`&aB5l^Bk6d zQu_vTgDDh}w@CqVy2ZE2 ze48Aw$=l|9+dPmUZ(Hzfi@+XK2#KwHYYl9cw=Ma$W#D6Z+lp^n1(wU()_mJK@VdNh z!?$e$&&b=heA_ngfV^$Tx9tM7BLoVvVdrrFBwKJYuCc8SuI<5bxNgta?Sog~x&vQ# z2#&&aN51YDbmO`cUv~=T;JPzkcMkT)br-(w5=_H&SHA8VJQ~+2e4P@syldb5@^7<}Qjz-MWz%9uMvy!r0 z{`1h|?VafI@&pU@w;SPT>7RK%f!k`cX{()Ox7KHPYqZY9cS(`o(Km<(I3EGK%JlEo z01*yo!(Q6tOAO|RP6fL_U?+n!c*AO2I`*Ehr9(4kOMf`E4C!s@QlDl^e@+^@rYE?uDvMHZnZdUhIS?smbrauJD- zGMhDW&~cIfHsam5k)7*S$|-;%+F;QBHSun*^@O0pTm>DnQJldQl<{tbR075>baHa- zOOX|1$9!#$619SDWChPRDtPS)DCk$jyLF@rVor%VV(j|;k~8-Wdv&D5ILNW2>Y zPqEdH7VidceY+O)rYzQj-ms|)_FDPn%9{}6vrFXW6PFObs!Qn?;Vu|8`$DtG(}T2IMY z4|b$@HwtxgXM-Ybl{EZlk#1)%uu#AbCPrF})A2sEgg)vWsvgCQ;SqK|^7aajV|xIF zKVjK~r$olZuJW_7yFH4UfvsHGWiAicGJIE^z z*HVB&DAo5o0hBRrc`A;a$O?RhM^gXcR)d&$r$Vsu)RqIntjJT3FQWKviX%(Gp&u&{ z1hoRt2IZ!HWm6I?-he!U1Dl=aCk^)Hy?jV7*OL-F4)uYAvWGqQwk6unQG7N!6EDk| zUE_TSd-oZUZLe4`>~Lh;9YLIFmv1#5*eY?{Z#^o+fo&-u14sr8$!sd@8q=;x`eA^TFC|Z0Q6R)k}HoPv& zjx)XuqOrUh@okb05ws`ikOS5{9YH^x`I0ChHNcB}COuG{ggZoe+I@)nl6+R2*0q?t1?sJkOJX;CGHdb!C63#kYY|l7*tscDpq2 zMg+A%mVlSM8-w43$k$eREjprNgQ-Y=@J{i_Ar>*k+|GJ+!TqhKU@*&Ul4p zV!U%eQ!2c+|0EUO=-8ocFQjflxin&DpgeE^Z#x+LYA8xbT6L({;5|CfnM97>-_jll zxl;Kv>Phr&j)%kg*NBJ1>Q}3s2PNF9^$*dg5&!nJjC(_TFvcq^pmsgbgtm_oy@y1a zwl5SIXvCrDVNkO}4bKA+U!m5Z;5M;i-Okt6z_a_1yy93lhu#2N$338jyJ765a5q}WNaN!#9{6Vp>7V%> zJynAE;TefM#LykR-&AbN*8KwCnVyJX&^4sv>NafSXXX)}O&&W=bPp5KrwW2kW{I|%b zVW%`DpFX_vZ}}8kKFz-)4*4_-iT*hG96=CrI;P2|1r!y5`I8Sx;+0QxrTs1x@Ap%<9d0y* zmmxZe_nB;VR8zvHY>E^%B^tYg$NOPJ#HZNnh@4OjV;n;L+EKipEfnwfXWQeBi*Aq8 z!vo142j>ODA5{+z4B6vu_9X;v!8$_sM>XODb#GL^VUfFJavTyT3yB&)sKp0n=@uRD ztdRMJEOMh^Rv(4Uh2dC?qv%GY+O+6E?9Ql12li)Qq#P|eu%vjnSlyka4@C!>taB5? zt#da@>s&O$oH;zOofaOL(J(wPihXV$87|2_C$4!8gbTZ;5gwQm79OaW!vn)Nq}(Je zbfFC?4|xWX1O6Gbg!@ri=zjhB&4>qteeQRS2mEX7bN3+1K?)3A|4m^JynZ7w5TAYS z$7r{1ZJpeg1<7JpVzGKScgC z>(G?^Df9d-f0~d#myC}?{$wH1pCf-(xBu(qPpc<1`6I&*8<9TY`XO!h6Y@_wME*&e zq<@k&`}r;YNq_$Q=NR3-c0Bx(&Io3QCb&jSqRB@IXI;u25pQk%(t~SsNuf=A zR6K|(cnn`XEvS)QojflEUk*kKO4PUO?%qR}Nf|~-noR1+CDn?3#~A*UVeyC)dHu!l zh%4bl34d^Hf)gbkarg(sIfzBVnKtV?OCSGn@bUk7s`T-nNRfzTnDo+rj2w9!rt|Dy zQ7N!v6S<8$5QH$7KKFON@qXaIafr9q;i?fI|Bi?zgIksshluDd+)*6j*{>!e2Z}?S zjq_m=66%Xf*qv2$+10GEP{ffp$PK0%4Mp^%jth%J47O$eZ}@A{Nu}fy?m-x;;ql!C z4sJ(}nG@-+8S=tq5~*hYZ*p-v-5{Sf_|iE4!k_^{Px@IRM-F6kU)6I1SAjjy-}l^e&ONW|_$$5%+680GiXU*5JM~v&mchtEmo{^jv(Szw%sEYPiu)A_*Y;9zlrC7qnBR=i>e++SR`vQ9vt(@V&Up1x?eN7#c!7(IVRp^^>NzMG_bwDa#ykwgcwn&d zV>}vG*Vq~>2e=MS#r=UH61kiEal{p`;Kz92Ncb`C#SC`p$M}3&f#0bgLf#sJ&{>HL_l{22rA{$p~0@@EXdxsS<0<qDf1y#B7p4_Z6m*n7zp-%i7afu=P8lP5vjcZ-M#uE-INXJGO z1U>YxVTbrNmWC3~%H>}N;QVY%N0f3sd4eBa_dboTb}(;;+g$;+p7O|s6@M{FoX6Q7 zSeB#>9&ffw8yxB@n)?cVx%pN_zH+}~7I&oIR>M}3F`fNTt-}d2;?YxGZ-xoFhR%1c|c@(+t z9XJBl!qD-#Ok7~-yHiZ(}KAil0aEV=9r`lC=0J@ zBy-L0sU*Crk?b!1+V~2uY9xDzzc!Naszx$T{I!vUS2dD7#a|mqcvU0WOYj?#@Tx|# zx8OGv}WKLe%5#%WKG30{H*a@Xidg5 z{H*bOgcZi~V0j*FRpR+bc|Ot_h36siJj5!-^H6ynY7N2jFnJzk<>UD%c|OX@L2U?{ z(Bk-OA9Z7QdxcX&@BCA4R@IU|WAxNz+i}Ng_RJA@f=kDK-<&ZaxYy%mPi@J$ZS}8T zwxoak8w<)dMpx^pvjEXqRg3#t`D?S`P3XXQ)nb6Psu^&+zTx%Dw3XR`rf6lK`o-A< z;#09D6of~*6T0C;s_tkS7UHHww7mBmca=Utc>N<-UMO*RBClN&a4Ij*ZViBe2sUK< zRD+rLGL(2Glz5R&qjdc>&S+F;0^qw5&-YXq2|+xDzdMuIaw^UWz?Ssv28&eU7QINf^^Vjv$R2UdHf&MnE)563c6HY$#Kq`* zP55IYNM;S$n*Wjc``WzmWICi@_aIicO}|Fwx%6w&4-b`oeb7S|+n1qVJ5{evN%ty@UUd#89n-HwJNlJ4n0~#8n2{aOuhVB^c>?(3 z(yzZFCpq1p_D$2T;6$NdIw=^)7_UIXnwR2kVMW2N>x_b3?NYF7Ot@rZjRE1);wb>P zy}fU6h}V4X`_eSY@er>cbxgd>tMOhim05=;mvo(vRJxut=_+qmi+Q{h63P`L<*E&U zaD@`9&D%k30&_u%!l}9(bBUxtT#(8$=SvFY0;xXc4zsbXKU@n+uq>9Zxk^;|+)CuNin76=Ou*^u6 zntLP#jv1*@LYx9~!7w9LX1*Zb$|Y59u9Z}!q$*ANx(4P}Nvg{Hi==c(>E<1h3QH<% z-Xf`5N!6P5k^=9H7A9KJz+AA-c${oq9heKw8IMz}%K~%3IODO-ni!Z1z8Q~Gtx#a@ zGe${$f83S51c5Jb)h<~1>HeP9aKubdZz8)Srhs+0<4=w28xa$MwhGLD^aev) z-l+R<5NhnH2i72p#5L|&ROE?h79k0EaP+kz2hLeIY(2~X2zv6IQhm%hWw?(ybsnPo zOu#|Q`kl9U6*NN2_c)BkG)fp_^T58DbMePGTAcbexl`Y4+<2`79U%)+WV~l<%s2O- zc!)7a^6c=vg~rPH9hf6!#ig;d{!A@ z)T3wtGE`!Gw>34so?E|uveo_mYpv}2r|O9-?^~?b-A;8C=VCpQb zVcVWi;@waQ?sYz}B=`N#0tf?ylf4#uRaU!T6W-{lnhoIu!WisD;53N)?g7OJU$L#m zcVNjmdG)W~SCe?BejlLowaDoDefiN5!6jP#z7dh!`hCYoyVs=V_^hD~t=aPn>i3mK z^Mgyq`T7)<0|Dbpw$-gB@tKY*r5l#OB~6<5bethSiA7a6_YU@g{=cq}y@({4zw|#@r@vxEmb`C#zQ&sYfYtyYfCg zb>$|{!5Ukj8wO|my}J?uYDx(BaF#0s{KjXvDLIk*!l#^riWl)?{2hyHz6Bv5gDtV? ztuL!pZ^=#T3+zSAw-<2GlI}6w8fyjC_BdW|Xz|&rXs+#nRc!I`EAD?sz!hgdKvsbF z+HyoDTpa%6WV&w@SE(>3S?BBs>w2Hs*F;wvD@`Toh_(@}%QP+5)XgV%th$TbOfI82brB1^3Sfv;f@qLX&PFKobv(-u6A%KA){- zw!cZWKQi6^IBDO(_6N7W0{aX1O|$*CwAf#eqQIUw9xcCvGa2!9{@pkROu;q9K#r5O zSONDW@G>HEAkNX@OeHSO3NGnUK7!ebBR#^2&&rRF;)so?_G9N~33`@kTkO8YNc}xmVA*oNVg|frhe^rTA5Q=aw!DjlOQIg zw!Duowmwn;+8+!&6&>yEH)CLEi~I35=6p)+z$AnbbO{m*6JclC5N9*k@G@F{3&W2R z6gjg8O-;jUV0{&PDE>VlJ6SYNLoM%#<}xBWhVI)GPDZoBfjyDyLaEuPdo70pNhVHX zvuEh3K7-Mu&+R?rkJ|De=4;^M^V)D~Z&-`@3i6tF2vKIf#mb-+7SW0p-zfov*gXIO zPkETU_mz;grsT7b50^6_JMKAmTEu>5=dizdtP5#XuY~|nGMi2iiy!<0TdHC8G!JSw zp7<`fFXsaIjNFyX4Mwami|9JWt=koS*1sfazN#f_`XLeL?9V68lRj=woX6lzd*ZBp zf|dQ+iSu=T>ykMC5}imB=f|i~?~FL_d9X9$eAQl%+kS1W5^2;X&O`R)q$7)C}T$rmf6B4usqV+5a^^7X8Bf*mpi^zvMdJv|sWet^bWBU&Juvo%3UV zLMPHo{=_p~EcvJZ=xoVneTXF=_G!kFmwfCl`A!?a`FJ*s4SwnY zaP~*l|Ihcgz1Ux1e@8!Pzu1@HP5Z?@Y43kyv48RBE*JX|bRxajuR_<}>Hf~Yzq7?& z^gb4Q_5IQi+v%oVX-GmZmem>VtD2fW&+R6{f zuH|PQwKTG6{lHS^;H)*kI)cgmaBk?w(-z*PPg{v67QT^#lh49W_!ow!;B&P&0nFjY z)u}7E7$;~DRq|kkOLBkv9#>V1Q9q_93l<|uCaRW!sPk72L-G53#>F4ffMTe2%Lhm= z$^E`v=5{GFdZJwh(tpI9d|%5)%P3Th-kCI{2eCQvxP_mP`^E|3lbq-=nLRqoD$0CO zZE2Y=#x2$%;&MB^eUIw2ikn#QJd#z(vH1sg{C6Kn$8S7+N$zsH%rUCdzeO?$wi07) z*YA|rB26Th_*}Gy@yv7C2pp}#3|`S1PK`QAohr#|myzioMUMZ3B{f-TmLDR&sLvY0 zL#55@SKDVwe88D9lt57KiHQ9Q7P+(v?3q85*s8_{X+fdxYcuYCueA-5Sf1jbS3Jzn z(F+}ty&2%5!Vp-1F+mvJ&y1xA>m5!|w++Q(7;9Fk;_EURGy-OBHWtWez?>K_uIE0O zNL~rq;h-~A+imss3Eg&+$D^}RwEa`a^C!Sl?Y*m;g?8Zcw)nFZutuS0U-7T13%h2$2rYQ zrpOliH1EwDdEu&-9w#1$!+bUi0r2FIpS4(1=li~LzF!~RT_IcdsD{>@=qNN=>56d9 zl18WXSw7&hv%xwErLCSL@i1Tt$j^B!2a=J6pZNfnt0Y z;lKtUJO~Fa?d&{1wR6dmg|h*CbBl5wS?l?~xugi32>kbI(Bds^R>O!+TBYyEtw`TzMYU z@B`)OuC9Q~rlzu1yP2|_V12p2REs~&M~Hw0RcrB;GRIO`59cuNtqNz^2rMR5a|kYr z)BNgeZ-!6+mY7o!qPXEBRE0VGY)6jx^J&X-OSY4MMM@Bmd>|enRG${oR`&7ltGte6$Q)2kcy0GwF$N;!p6o89N4Qa(7H*Vg3O8QN8o3kj0HKY77ea#v>LAsC zsK-|mIH1KLtry8g5vL;`!UKV2NH)SggJlBi)Mh$GNluz(k2pIu3OIVLSN?Mr>HMI^O@n9d!Rp^WR(U@r#W3D`UeqH*UeSYw=srN}8oz zn-v!QM-Vy>qU<^%+|nhv1Kv?w?F7Y&fBJSHYfHHwW&rqHOh&cNWy+!ESYy~sc`t0I zCAlvlI~n==6o30TOT(BDHLz%@@a8CWFV4Z{Ds)G<^0k%O;s2B~M?8La47GMIUXcx7 z5I~Zgc~|53^j*cHpS2{nzg=1k6OyC%za>0+N5e2a29pKwDFyf_v3UGBEr!bzfMyVv zS#Qs&7k+6@oj6=4lU{B!>2*};36tLK9WRrfZ~Q@SIJm=KkLk7fbnGzU(~V!ceEMYa z>9sDO4*qYm@v;mE5vz?63@nVHO(s696+XS3I}DUv`1DJEpUJ1kcL3|+d$HovXEP~$ zIzijBTVCA+@^IgqAP<)y3n!I)@lV06^2_MDcU<=Ri8lqW&qHREna?tl!0)h(`5n7J z#g%-W@2RQ}FpX4I;HheXs;X2~HIij|IaO^zRmKl+2NfC_#4oEX#jKZ;g-(rr`fayM zr>c64H>67@evDOU+w3Pm^(gI&By6~Dz(y!8zk(VtcEzesKt|2eZNX1zF*S+6wi ze6&5YUTib#*MsDeS?`4g?QrM9tQQ-tLX5W>lkuCD-+Iscw_{Pli8WyU20)KV*01a; zpqnAkvV!XxK7(7iH@e5IJV$M!4__zgo(cs!;HGfp0IA{KP{P1=ZhVX4mezAqCzL~Y zUgRh|cM;riI?a!kE`jhqeKLg+NyLA&HH=5ofmB2F1H*H)=sV@pF;sZILxhn>&J(Em zHDko>khMVk4#sgr6S_jqX);v$FP^Pb`gP<6r=e4TT5xI5SSwBt%q>ssKn{R);Z7@l z#Nw%fbH2kRN0c+;@>O{1)BgL(Z3XqZx*NMV@tDzh1;Gw;J z#bA$p1!f(T4n~CSj4S@|bFPFku6PLTImQ*|gbvlX;yUSc!77-IDdUPwja{?k2V{92 zmVB3_XmC(Zqk?wE6@@ge!2Jr~mTQJ+ZgQ zA+J>+OcG}j_2k?{Ym0%_<%xC51S6FbgZirv(ee3&krwvDF|dFG*?BoMut@l|>0l-p& zPjSsGZj`cHjSKJ%Dm#p4(!ur>YyKDZ70HY9nyj7;Z~DTiSsfTx{Ona?olxQhE%vUg zZ^1mg@yd6JaK>*V!ZB)mp9VQ=VqQUPgH81%%_~wlul@_|!P0|<79}`i!_MN$Mq0Mf z&f@Q2U^|lQZ>OEbM1!0a)(QG)7(2YboY1K3EIcL_RmqyCjM;LG?8waGj(=mLk9%8f z^ju|TasF0!qd)p@+343G8#ek6BsUhR=T;x827jP*uVD8SbVM}xxsP?N!9P7igI}7~;9n};IAjg} zH&y%BrrVE$e7dLngEjbIb37V+vaKC!@I?>IQ&OoGdq5~6#S=o1h?(!lt8n559Nnw4 z%12OzzYB7JZ{XnJsPHF;Ada>5)j$c8vS=JkdgjsNe>DI6ATGNpjh=&gl(06Kp~wd} zCN=hA$FVd*AnA-RI& z1wN2k!%hG^l=$E;W-U%RU2jPqu9k50Zk6dEC7`2^88j`cEX>k{@< zmY>9+4w-ORmV7)aBU>Z@ihlqG5VK1|sZsxjqjHWrc%Ju?XB|lPOI&aO%g&6cvvTay z@;iE9E2OX>8}QKp5{C)I;ntDilHI8Oap#qz$N%F`u(8_d@w4^L^!Rg`8~C6WOhN`e zAeRnp3xKvJ0SE18fp0^JPpg0&Fp=wMSJDK#lB8Y;Dp=B_YvVUl0#ou4j2dqotT%m% zZ`FWz*r09atOX1$ZW0B?w`jMB-~Ng{n0)*@Lk~1-4R7EZaY_+vfOBW{P30W97{rQP zU>|D~Kr=^w?10L@KtFnoo+|$v3S=3ZmtybI_>)_$;c1w>OjjIXK8zxAU>|{XGv39=>Nr6|R$Jdm+3&+|Uj|jn( z*)BmQE%6Bo!Tu%ME7WpUA)B#q)fTQ%h11RIVh_tE468A*Hz-9rYP<&n;X15)&BK3n zPLKb4_7tB(jPqVGQ{M?OHUV@U+dOI* zrt!$D8N_(a%PuiK=|v&N+g=c2{5pP&N3gaT#Mt_~TJ+~ZxPc%4*Zf!1wx{@b1-+ta*?C~3Av9pj3%(hQ*V@)&m zcW<@~r2fGswZFacmC2y2!32!gpNDZKB@_Q;dy4TJxUgw^iZUcgogfGC*i-a+KEs~k zNV|+}PmyDn!I{@`XuO^%!?Tt`W_nu<+HF0NKc7+fzKlq{wLr zvKh=wMXzVDN&blp2ia3RvccUd{%2&Xy!fzE^4L=x=c(j2RY|p~l~T|D8MRRwh}aR76FZ%-)$`%x z34SG$?Vuw+P#t+F>~!R5kW%;DUW4-yq<9|7{|V9&C70D=)sm7snNc~Np?T&jt4W-$ z4&;>cO{R8!hohZGg-WA1xh8d`t(}MO`am4d5=L4(KZV-)S1^&bcK%sDy4v|hnPLbj zp!>D8^Ei-B!S)xutE$gc(KB0HEzaqVie6<11$J=4@*EZYh)bT%$yy5ic;X2nMA6UB z#$$$l9Qyh5D6A0u{M*paS0aTKorH`=7I+npetsA9^EW&pd+S8jld3q0x$*#d)X%Hd zXU&$LBP7YcpUTO)itYDAF1!7`>)W-Tr^Pk`W4P@%5+lL?2N{j}=MHNB)AiE+-&s$p z;$G%jj9yxQkXEUpFQkh87Qt(97ZK39nJwUoU1;g^BB!Ob^m(&Sq*e;TQrOr#`i(EB zp9kQV@(7=Yh;q1+SZg3H8@V%-SOal}dt$$8si^AqoN`XjCLz2DgbxOen% z^z}hFVI$@TtvtA_z{sUannC%paz-ff>gyX`qyU8y94xE?A;Ly-Af*|hL|+OsTErKj zCa^<`UxV|pz_fretoM?AxuMihD6$v;!SoZ6Z$bYK&jJV{Hq1U2FCWqyR^uX(hfrb%D|J>QK9jOVTZ4}fkd6kQaLm4d zpuj~58vHuwJ)l0GR!LVJ2t7 zM42xV2(@RMwxNAd=mS$ip>OJe?V(hkTXn5!9X0xi-Z=Re+RFK2n~m9c$?q`#lIR&i0b{=NdquJqoy>ofHC z1MSijgzCxBZEHH#-|xne|7+CWFGaItUv2&Ubx3}m{=Q;eT7Q4OUE0>)k3kYVVMqG= zVhrQIrN4*j+-3^Pm8n9SDLiwnmnqCQ-uNSlV229)V-cIq;R`!d;4e=r@TdOaYe2FibwWqt ztV{jwVx`8@soIp`iY(QM+P zWWgvTJJa81t>Fp(Yt`RhgV_5d_0-?L*M#|lESLKGg5wWafBz2_PZcE3Cn|YTC?mou;}ZAdp1jAuRDRJ_Gp_5lZ zkl57~ECCw7iGefwTBC*E8M%c~GE1CbsL{R|0Z{uJ4ixwcxpe0cOyL>PcE>>kB=Yb(L!yWfL}HRYv|?!o#`tD_epW42_RtZITf!OdBf zfIsS*ZYW@lav4hS+cjCS^>h0$B4|D>aEqejo#95V*Oq5lH=O zTlp%GI#d)y@-W=ST-AUTLZY}fI3d_}zAjSHM6-DVu>f>`X?`pect(p+Zw({P*mK%q z#+YG*2{P4tt7_5wtLBgS&Y9>?vX5VsneVopSBTzwW~i;UFj%&RH*Kipk&Z;*xZjA= z6kefPleQc3o=c45T9&!pQ+uuC*~B~vXqmPk62K@u@idx>d?EY2+HkNy*JDDvm&f7=&W~Sl2civH>Nq(cwIkm`b*RG#v1324Pi#}5pZK~ zRnP}t8>fI4y9#W1dYI6D#jn5%b2k2r+>&viSPF=a_=62MV8Uaiu=lbCITOJ_YSx*a zWCV`QHlX)U_d~9-2b6Cnlpkr;WK1UOcv201R40QU!olYT85Ne4yDVNn`C8q{0VCH6~pz@hS!`ne1e|H5kXg8DDg&Z@O$8`(;oB&I^-$RBGsIfq&V2|8RG@q0z<--55hF< zUy3jR&E?MbE5ukv#8`>3V<%K&hd7315Y0fyLd;mqry^j+5*AMtygx=^#v&sRw7+x0 zq%Go^3rLy7X{Q$ZrKE@n@4F2c6|(`2KH>=MZUY)`)>DgXv4>l7{L&X7cZgYF%e)FE zcr}TA#{4rd=_Q-=it)&`paKfqZu-N2{fqjiYxl0x9~mC{iJ$*b#rrWdCmZx8;|zV{ zcHgR0&Wo(IWR-7YFmWz+muOs9>z)}kepTWDjlSq1Nz&e?w0%*U9@W+)o|4IaTIAn* z_2f7h)VJhw7*OtJ3?s2s)bFbhGlheA=yVRkum@589}EI+L#y*V-T%Vyuo@w}9e9}h zunP~k1z35(seM;r}E>cvuEKz84;9^Atc(=F=%ae80j5 zh%=CDL7=0#w87)J41gd!G`*3X$~nKJ3BZ7D*#R)za;yg!e72c^`FMx?NvH6@VGtm^ z!)ON(e=N5FLIzRxB?r+S7zF>P&F>p_R0?`nEzA>Qm)Mr4&loEt=r@>FNX5brk!ga@ zBXC1qk%9%U3z8Q%I2eIw0k{Fkrs6OZ2Q0jVh&*Ik3ymHBN3N+F{BSMct-WE=Y_O^} z(|Va=TJN9@0a-dFbfMkZ3X)Ny`7p>H5H}qjt*ONudSqp#mQKgthSsTC&4z~7YAw8R z;i}tUa34%u0Mk=&7uXt=>8;UhtQwwP%RFPWZK^PICD!sp=kUS!xfe_T;syprG=E@h zxR0$0C)V42I0Jpy+bt)0^yl?ppxTz-Zf>_9$-iP`&7s88Vv7Rica%RJd|7lF&ln}s z6%Shq9`><+DjpVdo4awCS`M$s*~7z%xVe&;+Tms^7N9g%Lx;aHSEJ1MwvalkbXSaQ z&+cAyy+0RL((07X6)H78xg{HHV{=2}mWI}e+D+5&T~8f0{hVCv`J9EiZ(Z9qkY*tD z7L2s5&AW-I+7_rwqjd6c`B!HdcOhyjX{n%gZUXJr*RkwhY9q+vC-i*tx2z%YE*q00 zS>hE0?hguuHzK_eW2^VxrW`GPBC_G!a?3aI+t7NHcI!}YL?+cF?-5kS&pe5quu%sJlKVEOoY<*bPnX%(>ds#+|J=7 z#-Uzw((tJ#4ZqF|VuCwc=bL+`8$Ao98e02kw^r~0p?uU5=bLj>bvB!4N^HAMz^1~j z?qjst&^qYG$>vTxAxglI8q9YgxkYEbhnf$PxOGz3dwJ=u{S`G31pgp)qKm)8gWbP8 z^JOLuTJ)K~e&(a{>7Zr8fU=AqyY(|Be?x1zcI%nxdVOX+pH~dOXvFYqMhu^-Ft`mU zMYJRb<3%V#AYd8?=E+vAog@LTI~bBc#xOJq1gXWrRc3XKBo#>44lws|iqNh)xVCQ) zoU*y4<4FXlWf}Ki76hoGS69&0alsY#v<)$r;k$R|)^h9O=mP~zT$qlHhWXQut42jx z#(C+gwT9O23*hP|D520gyJ3A!qPI0xG3@Ys#O&z4HEO!70_QcR&ie(ki1L$ajgs9q za!BAjk;MNE85}6iM0wisbHrXh7g3!MCOdgf5%6jhJwQwKc{$cPJ%!kY8QAm{AOZ)Q zUO38bfh{IOdBCdC!yESXK`cSkkl#{?WrBU*kHF@`Uv4graSi)=Yq!!}vZ1MujcoGF z%aAsb!%&wJ(UcmWF>WyU;dhoh{BURVQXo(RUQ&xQAl`UmK9K8z-a#lRglGMBvrMCt zaO4x6&|j(VanKr7AL<&^d0j3=U)p8=u1(ix_peXqb$(9&1Q?G>*VkVGW2d7{%O|?* z9~AcXcn=5STF@6rtMloLaZNkrUu6Ckr0c`{jp=->-uZL*N5rXgqL+V+=yNfn0wQk>~J<&z$5N@2BDcmUb zl-A1Ec={A5UsE1^=WB3@v-F2Y{LL-AI89kDX zRKh6R^Cb%27I3S(VoS(z&!Zf7C_&loPy`1OC8V^50_?h57vXP?HNoko4fYYd=x_uO zws8b7PUxh^N3(0~Alf_D=vofxP3u(`zCpeUt8i@WgTs(O_=mg~p&c55F$?xZu{Fi% zsbB>)p$O_?Re2hDi+6&70}CO-fglp^Cgt2k5tiFU8N(FHI2xdjzMqIa>-ic5bIoZ5 z;($cG213ydd#ld#y5^?jv`KZM;_=hpado?SU{$Rsjb+w?V3c^5Nhh3o)+H zf&!liM_XwroD&^n&7nM&FB>o|Fhd}gjeN&hlL*m9^kQq43ymK6EwQCDFQ-`J?Rl~M zZf1oK?dCl#M1MnYd@FLKXZA8toLsurux10ggFE$*7g2?4lBdGbt55d)YfINfz8^}S zg?T@#D59xZJ;K}u)eg?nP5?^Gq_+4eyz|bc7JCG5Qd9nhY#9@$t!zx404tI7YH9JY zM98lpJ7S%TKoh& z2=`N;mu((}L_7Ja=%0!l{nJO(KY^!&>l|E#seQV33Qz7sc=^$Xce%=^LQNgqzqs;g zIZET;e(N{Y!M)VDYmry^)Lx9DExH!?%Z<=_IZ}G^4pBaZlMmX;CtMbE`T|$?6bihi z#s0|iT52q=Zi0YUlu+&A1-l+GC#peatBWEdae3RR-W*xZm5-y9q9L{=a;bSLDs@CE zB29*DSI9Z;b#s(h1{D}jf;|V=fPUwp;=?Gf@~W=@YY&q+AyUP@(q=8T6--PpiA|o? zGEJktDnutEd$f9BlNLklt*j)FtD8-!t$I;yrNyZNLYX|tTY$a>le2M^i<=v&D}=-b zom*plKbRb7e_EMU#2~YUu|}t{$jMhh-+{oTksE@^3vy5<=b*gN*Q|&;Vcf53DiLU$ z#H&`8B6rH#@YO^z5Wrf zSN2j4m9`?^#2uie=BJozZv`3a8~yiHOC7M$;?2nFbT~c3`N@2%(5*n`4<``96I23f z&D@32Vn6d#qQ!U1eul`B1)x#e3I8p;GRFzKXTOIjnOzZFrW4IBfFT)Zj^Z${CNbTo zvz$4W1rNLi^7I`?t7T~!>M-_KZA0v~NV%;SyBiKU)=BA^u663!W({`g;d=HrmtZuW zH<25hzC?1cUvM0Bh9F8a&)uq*rdQ(|p1V~Ytr$JJyjrn#d#ndw@`2~n&yVj@C2c8aux~osiAtRd_vbbY~TG7D@wRZB_&h=@r3tat4-ZEfo zPQrXlxjwB9dVVlyhony%atRjk>(r;6)7OR) zYIs)8RbcYRKRWUQ&-#9OecFW=a}fVieOhFq3lFWocHv=2k3)ushgm#T@RMNsG`1NecI`LJiu`OYy}LzxKn^3hEaI! zef|@D+F6rrfRI7_xAke$&R4KNecFy+x%#yHTm=h5rDKz*)yoJXQUD%5uKTmfK$MZBogaQN}4)O>wxX^a-X4jHM> z_#u8pr8bQv*)^)v?nc5Zm`62^-G?L7K6pU0CVB>>RBCms^gmIlVNiwUVAcZdCoDcBb8z4PokeIgnq8)E*sMTpm3DnpG@x=2;{ob z(B)G@*W%UCDQxCw=!l;08gIA3)jLQ-SLkTy7EDjK>U@Ih(lfV=X{ZzFA( z*{Dlt=xU8A*C;|<^()%cS9Yxr8V?lrRqE&3Kw;AI_^&`ecW=7BuSP$2S-QTjMn9*e z>-%c-bB|-MrswZJ($AgofDf^6qTlew-W7R|l3h?=r?OCEXY0@gD8Wr(sNoD;8`o?N zB>X5bIE2el!xpP%=<6byT?jIPVU%CvyaD?$TizEnmj)lhX3fIaOFYutNKc4$AnvOo zZl##L16fYwI8OmBUL_(M%Eq0ZYwIy|7 zL#?CSF>Z9n7~Ke2W_yi>cW{tSLQ?XYwapbzG5$$fLG-og@2)xLf2qGainNwSQ&H%T zzXJW;v%uu(`o04F-2&A2<@9%_%YN~|&(R8ghI`-#iUg&ui})dZJI;lgEgq=ZLa`@Q zbk<;ZC)m=tM#!;EfJ{FRU`Gy1mRkL&l2hbP?FL66NtXM}hTz(Rwq^m{hi zad)bcP)3eT&-7b(PV4d7&-Lc?T)!3FjJX~Sy&dOTr1!uip1FPCeTC|(vTdF2B`enHkB`KHo5Cg5F;#enOPtCT{t3z4=%nWuthg7A;r zY2M}3T3e~Dq^?%M)+IK+vk}xl1z>|6Y+DWyd>S7T-@apy)H=pRFphkGTw$sQ8M~INltJ$M#!tgqpFD z9zX#=I||>(nI4cHYJI~6>1RD4Lx2{Z4oq5h2kKh~jMQWRfS$KDyVIY6-vQr{KRn5J zlVu2M4)~@%u$adT9B3t4_Dja4l}hwLf3)`!O7u_*(L?SBAblt~nQj+#B#{}S2T;T+ zII`kAsq+bZf5ihR4bj8=UP|;(Y5W8il6NI_*bFd)5TBPe?$lyW3Q*qTUxubAcE~qQ zhX0q2`%+@`>4UVNycTOlcI2elpPSV>X(_Zz>JDCQ zIh_B;mxjiSFN=f`Z2)&lT!;&N&F=#;5QGtZtig<9B*m~9Kuymk`uGudcpZEm|SLZrux<|0P~mvm1L>}XF;MB9V>p|#yv!&_XMrZUue z+4yiT0826b`NnrIS4{u-TQj9^z$au!c-?EgEKd{SG%bk<5Wrxy&+w|nVgF$WQrH(M z4L)I!o=63cNT$V1V-w!aw^Ij+AVP7M8u66gex4m#nP}J&}o7Q)mx`>9(E(D z!jSy*08xdra@Nb_C%xmr>_;BA8ae2NtJy&b!tC*;Lj9BK2?ZIG9P=jtYE={4wzDhBJcQfWEgI-}jOZ?a} zh!y?b4GrzSy`gU|hif`O41s7W@)vPKOT4MvQM(V`(4JdZJJ`_A#brbPwY#&So37%9 zR=2Q*lILO)XJ^EMF|h;PTVS^!Mdji$%p12sp>g?TaKVQD@hvzRA{a&tAMh#gsuue- z^5X7IWhx=q7h89dT$qCBzd5*%0zrb1IVfhhw5O0v-klr9bo@QjL<%ja{&hk_rYi(KC8yrzi-?7_oR0FH{aR6hyuj@I|=)DbvUt; z12d09<+OH!Pq`CT+S$X~BtuVRAT^@xpccCc-9=wu9H%Y=pU9rrv8rM2L}U%Hohn(z zBMZDW%RnIMp9Iocz0(+ibuwLZ(uP?yI8FQr3YVvM4)!*Qx;6w)}VQ&K`!Ci4}j$d}S zkJ~vLyStmayYa5dpIt*rk-{?IVkp5!j4Cicfemgevn0GwC^;-#vR`l74{zifvWx?Z zRMZIycyZx0gg}g@x*TtTJ;^rZv6h#ZZrI-zDMU2d-x6Cm2x&_2QbvY{e7fQWxCK9`|zjO zvKe#9{bPSGHNMg1cirgL<@Y+{%@rNipBy(gqd&=U^E1;o)nk#H)Aa8Pk7riL?WM;v zq08^O@vSbu*BOU*{QXeJ11>OgyyFIBq|@v3hle_xzw~$>_;**|b>pX9ey=lTb^QHn z8_)C0yXtSL@g@TDbPkWY(cIAXXv0|h;q~gFiG&~PnDZbX>kXrW^b5{AM@sK(LRe+1~ z+=E!hZ{UOY2Tx!tD*Cc?s^Db^R;W_VH+EhE#-)oui*Tt%rH<)J45=_!mQfgooJgvZ zFw+z_rzzCGL%|mY12YIg)?Q}sao9%CCn%%g+7LW{LhYpB1Y-+pY*<~&m_QNKL!;Ko z`ijz#Cx2_y=u=LWK4Um%oLa`NPV}ECR&?lW83VP0w}8XMd%UfU1_QJjC}sfolHGbk z+ZEc)qO!vsoNf0htgYx83HS!NvnSwFXMSIUD`h<^JsQ z;k=Y;Kp3qTa6AKf$?PC&DDhdi?4_ngNi4DR>A0W3`qK^1_OH6J!<+y3FP{|(Ds#MHhj|b*h$`|;@9Cgeg zJDqhj;w^J*;Ai|JtinnYH)Di>Q|jf-L<*;H{V_MsH+V7fG2ztB{$==v%|ZA1_kt59 zf#E;j_(vgXYgk>RCu9C?+@y(^p9eP@sBdB#?>F!l<@eydo_f#^LrCOvq9|cbyC?4O z11n{zyLFJ*COLCo1h6m^%}(xbOe_2z#VX%A4Vq+bxuEWA(gROw@nidY8Th4c>+p&f zVOPWc94+>jd`jdHcoIuBByDwj3|2pSsX(lA-c|O{A#09p5AE9I^5}Rt>u{Q2;UeqY zkbPR=m6>YfgsD^Q@{Zwd6lUi=0A~=hp&}0v_kl(UUDc2> z+#Rgl1V=A`@L}`&V%I9ae4_QdHXJnfchlkvpt>|yqeM7ykKe!~QfJX$aeBeowjb{*UKQL8%t0{7aQrRp_(d3> z4{t-sa`?>JBJ{(76HBXOd#@|BMmp=E#J-S6&k%W3>2iJTkV|?Sw&y z1`73nsm1#Or6{>V31aXdoR5VylNc5{Vt46e;Q4O>!e#3%jeOL#v710{`|+NJ0F78; z$}Radqc5loTaELD`MrLuIcDz`Jl-rD2-lcK4%6-RQYIPBR!WxXh*z3Ap{E{SFUJ#f z0TFSY)E{BH_=jF>)LWYPh+e=}`miLU8U^$`#EVMoGE&z|2cj35?*Zf}QJWW0U5aht zi-tGhIs#w8CW%^vC|%?OlDXghUI{XDCj!gmRV7LgZYzfnb_Fn=QRYsC&a6b~y0zRe@~s$qY&_M;}uF=gd(VkLQXTO$b4m@MsQO+`(;ZWdfqzYkRJGO$o0 z1gu&j_^-+z4DMa!3qpUQ#r`DF07Ps48c*8toBj3pO*~Qm1`NO+#iNwuIxa>+TMl%Z zu>d~beEIYf;HHy#r~Ru4&X|i*mi6qbf0|cLJT$b z95pm5VxB5A2g<_Bipr|9wD=NkIXW&GKnA?1S5NRO03!CBv!oastF|XtMFA1LDqYZu zF?-xN3M+)t(ayA3-*)qg3-JWT#?!ahsoR1FJ&h2YG@SkP)T91J^xOF1W1qHJ$9d5m z=(VQ~Z{BL;bx-%mUOTPyEI>;P=8zb7|*T|go3eh2}2L^5B(SL>N zQO+DLAi^4VG;?e4#amd5cNcizM45baW=jl7iQ@9%&j)BSaTkT7LBNJX+z7}`+RPDH zTat3Bp5*OJz9mt}XeD+$N(<|0A^}i89xw2tEOl`T$#>ZRhZ8Y8 zoCp|#K$FXifML#!eSq0e%*Z?F6?uV$*oMN4@P%n{M-dY*kzLqbkg&N}ZRmrhI{q^( zfO+eOoMIxBB_68iB7QC24J5@Nsmz`7l$`a^(_-Z0RY%8_0@vF!_hf$*;a| z^EbT&WxNgkX0z}&aLBZo44cWhuC49aW$r*k z!cZLaN!H~aMCC%nRah9aH>TO)ujK?1=^`8^IGU3Iw_aF`9L22%It5y!hv*S5mT;Pn~%}e~DW+RY3MrFpsMVJE2hQIxQ5CbdA8m@`` z4X30VGPIwPf4h|MEy2?cO-S<)xGUlbeBtE?pfJKj2AU$nyi=#emID^hnkh#R^fx_W z$$(zc3K-`p!^5gKds+1jnR|2_0|^C!d6E9yo^Sj>vFZa&gkr;n-EC}`W`pu+e38Lt zKXxf$7kst=H?A@e7Td#LXY@LLwnNVmXM$Hhz!+oTVjrlCA6EU?4zS`NULOxH@$p4k zd=N1(cUvv9fCId>AGbdwxb`L#WRZyj+9OjfelKysKLi)Bs)NdSIKFt_y~ul?lNVwq zaD+?3;H;mZVZA zY=g3DaR2JRKo4MD1A!q^Jvqzh4Q=ny-FhHi;WgTMh&V0uaxHt_an%MeA113C!i3K?>WDEt2IfE<+ zAJ&*jwwSuv|2ura>)DlLbrajIZ@Lh>lo!E(5lCH!qrzuCT;cjGuYw5&R?X_KEgzY> zv8}Sc?S?s<11Cpbgn)gyFQvED@4G>}=_J%0Oy)H-wFR2AA05q>u&32(oBfeA&aBGL zGAj6|jDNm`Ka|k^>Hy@v2-*#cfZWTrqnL;}QZXg7Bx_(DVGXeQTlrRBtB=*o%Cov# zIaaoX(#>fQI#Gep7zYHR)e3~pPlFI5-YDCY==ZGer{O4dqytB56dcXx3kQz=m4>4$ zRX)Jc-xVB9RQb5{zQ~7uvT!`s;*rAcyFr&6d0mG7iZoMP?$_X! z83|L%xRp~Vw-Av}?k?U!AnaF40z2j-5Z4;#$T>(+ zdBu>AP+k>fRRhl|<<)cw$pIM@pcezJzM!M~5MeQxed4nk$jHy1R67C6t6>~pgHm2G z_(M2(r@$2*b$!wNt8fFbUvy1HS<%6kSik14#pb{m!L8a~V3w@RaA}HwAQmc`z46>V zSRVC(^MMZ}h&Zx9dXLMPz)3tatKZVH?$JJqZGJEMfe7&5HCheKNOA~-;oiFm+>q^@ z)ZWZMI?&I$+Ofx>(xxo}#}5@5q+OKyv8+xUETnEgd!g~0G6jx#Ts0Yyqp!iin<$PD z;z4oL*ECuGGTwRmvo>q6QpSAJO5lZT)vm!hhFedzOQBIA4G@@|&+G-T=vH7+w6WXh zeU*a!2T%>p_a69c*nykYo}#^PDY^V&M0F=Yu1A+>K{W$Wz-YXB4WS}6;>b%0jL;yY zatm7&EJ~x?I4&$guDOkn2#~d55`bK>b&5dZQYaS5z7!gN#9^{aNCf8hK%%6&aZt6B zgL1<+5|BvX#<&Z=T0d~`>AV1t>HfJSqLH3@ z@`ijva|$5Bj1)&D5~WmreU$`sjyh!m|?1b+Ki@w>EP+{k6|N=b!9lCFMFTT7KJBNSL3cIX8w=9o?RdH=T%GG#pJkmEz``E#bf53m z*4cD>mfG*+?r5pOU*9a!Yg{APu)55%A&n_deCAPLUbPe|8m%VrWN4!m1i23gi{xQ%UG4>_o|a;A4p~g z6K5W%O5hy2>Od%UCae>m3nf;~d=rfw#U`o|H5{#>Q5p#2IJO|a26xm3_RQ&R;R1Wy zH;1ZAL%#jEfF5Xt=dKGe5(r_m@t*+ufqz!>pcsWaQkZpl$S-K3fu|{vTgm^_@wqP2z~`xao~p%Wkw-^*n)y9Efe8TX z^{;nx@bjnu3#>GXF0rjNUIp-g6m#0wNpPr&L&6w$$W~ks)p`^z=LwqHpu6YIyC4hC~-cn*jo-?rO zh3F*CG|D`qNRj(?CmLoG`bo=?Tj2fmck6y*`x>#;xb1_SEaTfa6dMW9_)J@kXTR;* zYHZmO&;b)){;F zC3V=TuR;fu8lAH%2lmOtM`h{<3>TCd5_VAhD6Ddv2f6z|#c`ED0B6=m5vSh_V$oqd zuk-`FDOiMvI19@2KG3{!gx2L{IP^Y~{Mr3b^9Z(z@y{rBbj|8uA_KEMAnkPB$Y>+jgV z3eJ-QJD5*|O0)$(;yYR8I8Tlw_$V;KTtH$#siyY$S)_!8_yqK~YRo+X(PigMr<;8 znoAp6bfjTvuU;80)qx}+_^lR`3&>#S3@PpqRkIf7JM&$DHI2=>PmuPs*i(2x0m?Sn zdbF7MV4RZVh8o^IfFShF#OjF?!`)8fCC`aRW!iZ}sij_h6N{#FKw00aL~#%*63mfj zl@Smga$4&W8eZc(lsw;V`VuzX@b-Za8o_^1hR7siH{%SMJ6*bg0Xa=nC*UH~um)Bi zdowB*dkc|lnuTI|fn5OOi&b0_MNs0Dk<0GL2HgMwx+HCZu?Jto0;3g!s9XZ;*2H^Y z^t9Vnk&NJ2_Nkt#0`}0VjE<}?R-m|w$q#5)jD*LALA9D;eSwi_u`$>N=6z0&V1Mxx zFp_sfv3>xrWR{tapRT(UN?02kHoYJR$j|HN=S+t61%xB8ebC~+!7o4Iic*+j zG$Ca!gjzxM`yk5;C7JhFUPz}GIlJS1bjsM12RO{_JJTnVd+W77P;o7a=)W3i^N{j3pK)3Faj zg#|8h(L}%V72wagVm`q+!$4H5VKOA`@c%i;Jb}Gz~ zXrOY#E~wg`ab6aS$&3rU!e6#$KzTh4;7Fa55LLj&Ej_TCdwxayK>=ksH~R~80Sq@xo&&@T2e!bf&!UxNc2JcO4+;s|@0nDUo}tWND+oAZwMz~aD;gZz9Jz#}p` zUEo47<7ihPQegfP7zJ#)r%?1sXPcU1SqS{Zn6qtuqCn8i!TbbRnA~A!DANkv;Ud5p z3;_vLOe1CddD<;csR>alQUc5L#w9yb4651Y?y5JYAkQk`()ua_a*_??*;BvOnL z$9eGmKgi`TKqidYGxyO=YIlr@$pK7@Pia>V%_r2_C~m%12Dcz+n@?=x<^+O{og+Kn zId+X+yDbOt2w_s;1z2FTCZV0Mr+6HlsQf46K0(Fdz$xN0S^eA+HvQrGeG(_8QoC&p zkM9#bGt&n}`lsQs-3-Z90F`ApncahadWIc24#iGb>Y1N=U>K*x-I35a6_dnun1Ft-~6_;thVeZrBwqb}!z7(_ZrCs47JNgejMC_#=I&HUA~kM)qt;+CpNgYat=T6Inb%hzxT; z*3$#;tJ-X%35R)jF1kgmBrM4C$jNwUhC3K;q+feXAso_9i7X}oB2#qK z0)Ao*-eHoC$074^4KY-9MZa`y90YDCZ>|+{3P|Ok&4*A+SSFLwNI<68ir7bw*dkB~ zX)>Iek@Fa7k~P%bJ;e9+-i6V*eWHS^3G~W$`=SHDupmYO^w&q2r=zINZwB+^rMBoe zyu+jhACfJK`LIa|_gi0QzsVRWpU`5zlXaric0(DgIc{sgM%7}=WNFe-Z@9lbJTCn2 zGclU%*I-!-)qJ&7_~nBmL`U@GY3UBkN@hVRB!&_?;!cdo`7^G<$jk%FJO_wt%`7~+ z{bdJR&?$---_qiB_*fmo6sOyZZ^Jj4=ya3Olp3d-OLaht&qHzZdi=pOg&B9|0ThNI z?H96J_!N10(XL~%uoG#VK@WriI~{uk)4Q5gKqFtqUIFfF9(#qIbNtqo1R4jr60cgb z5v{`dp=-RbbM{!e=;jWI5@B2PH#2Z_OtTgKFR0K%A0&)+XHzFcb>v) z@2pU|b32I)##{MHYg>l?2zvLf?IB(R3oRIqdJ8B+)*3rLqLyFTL(DjXx+7%|aogS8 zMu%h%F_Oho1-%-T!l=?HDx$&&MhzX_<*O~aU2ukD53vL(+Cyx^@0YcQ_>IRN;{O0& zw1+?^ByhPeimT-j69})ff`}eM{SM3`hFXYG1)Q%?QV2P~XF_VkkBsj}<+KE8fNoqu z$QTd*t({@STBJkm|SvB2*a2>JdMO9YRolv`KyuLeh6C7}4XY8Kbt*;l zlz3Nx1k9NEgC)5|fj|}ouqI_o~|+|fm_seht?jGe_lxjBGnywXX5dj@~O6shIS_*Ev4DXd92b%%^W zTMqj&ShwtDqf%FOVD}BMgoW;>a&L=| zC${C8;A<1zh94_mXcEtTTR(+Xmcc>|a+bJ&rKa08k1T*Joej9t6zK1ar??!L+wPIsqR2*1*7UB=Ch z8L(ZEBbQlokig_dk5%*efDAkOSh^s@uJ$-nsLvWezH5KEJ^hi5){j^jI*@N%it8YF zmY|{Cdqmi3A<{Hg>k}r{W_$JS|pKp+-AAY^|9N=eY%uz~`in?3_o+cwv;gZgdrz^bcPn+iYyW-Ae{IJh8dTk{cwV|*16N~Xy12= zB`GiL*mlydy8iY9PS^JzPTt_GP7etiNEFgW)2k$v?mGL`S=Tw|=sGWhH&wpcU?O9P zW$qAZ;R=J*Z|~r?067oY2CJ}eJv56|56SQ6RCW-_SKJ${Rnw-mZ(HexU0YA{A2Pg- zyDh`ByZtA(w6e23Vm7eY8kj1k#~9cnT8!O z?SU~=FagaOqC9>Cp-CfVAZ#O7$`Xn0!^u1TAA4^C9#xUOji-||1X*rSA`tSW!axx! z)g85;D=-RM2C>P-hqD)6!a=pL!6AU1GB8y9NC`N&3#}c-kQ|hlNROhvp^MOR!FS8* zBtgaUx^s=gh)uXxUK9{;Dj3JE4rG6WH7j2wlpbi(qIQ0Bg+@_8fjw59;=)Owf zb9^W`0au7eMf_E+je9r`?G`+bZ%UeTYx8yZDU^-@h?hZA*|i991+r}gp9#GR+lL32 za;*(2Ted56!{js;TY#GL2o$_f7PTx~GxZ#C5DHe_xy3&7J1eX0C4Yx5|

H_m^I<%l>_B1 zF}NFMb(e2u0ywaPKmFGxme{PD9D`pl7)!Lv@vRdG2jhm?8<=r(t19ocg-IMD*K9HA zs5x#6Mnee~4s8MyC|VP)A6+v0hHE(Ep&T5>f$rk)?TGW7pTYeHF8{gCz$8JbSU4^_ zGLL$9ryX_p{)h`_IVlHAK!$&WHGX4$W0RKeX#C98l=3+40_-i3`^byQ1Wy-73GRD9 z%j1@QhgeUcJWVeE=Y1-|f}*F^!Hjlh!5oH%zF;LROUzt_VFimIFq%)f5Q~yF_1V;QF#Cd+Ly>X$rX|F1Kf$0x=x*3)C99aRCSy~m4^IQn z*i@(eDT~mQeJjA|tDS*-LD%NKS#s@7xHf0LOicBDx}$iBM0TZ?aFjCmjk(ApTO)14m#9GQhw6 zJx9UOL{EEsrg(8jQ!|Q07#X-Uz&#(nl}?LJ8Ma?phM-c=!})<< zn7U;B+Fd9+AHFR$hD2>m%jn9^a-rUY{m?(claPj-98y>Jo;4tLQW}SXP)pI1Jy=g0 znpgr-fC_Lv>WN5bj#$!_Gc%436UFq5wF*zZI5A7)QwpNjnWoVV9E*yWka21zwsDOF zCr^fFWS|iJSb;K*)3I1F9lL=Wy57O!6sKc3m=3uID~m3p7t71J-} zWGr1w&jwQ??W-(;WJ0g=4#GWEp+P{CAfrCK#W`-X85>JTi0w?6zyURmOMHpsVu_-pW5%-sqA9& zF0ptn&h=lLkc%A_AzXX@QR)Ju7i&Fc6z>l%O0Erifd4BByotHCqny;mDNDzv!dG8T z>X?#~x@Yl?NnNg5Gm6yC7N6b3=fqJrh&f#WqHs=Eif?>vz?bI3`XMMS=5)-0b2`c< zNCA5DbL+riPAaErDi%Z`u`%J0hd;lM?j>g&SK%ws=5>f^2+z>qoTkH1ROL8Ph>7Lw zhxS%>982fo>ul{eY#bCBc$P6BMXQnlm?16e%*k49PYY(j2~@hxb9+dUryqs` z#4IXXd(+5B%%W1XXTlkIGG(3SAVAh>yp0)FYS&*D1|?=u={7HCQ2_I~0OQ3<2q9$Y z(YqizXHg6BEh}Trq7t8$d9Q|p$2o& zGNq-8tt(k)DbOLxd_O!TryVG9{dz`3T9lAK&~l zB%`oXRWalgcB)Uh2>JNL>ry_ZYyaX60a2D+C?7FB=S3fw{ZT%0P@$a)_i%7!L1>J% zBggXm_SRy6_^-`Wg#>`!iSB4IQ$Z#khfJ)}tyCCC+<`)2hN1@?g>{a)OE*;U{3l9A z=eQSy|6We!!80^e{pL*D7Pd;A(op3L43~x~XQ0(^X{dTl8Xtv?io%Yb(lq)^I*$%( z+T&d)_*TJQC5=^=gAMM$Yl6{eCe+|c5!(UrCyZ6s23oxb{g4JcSP2L=EZM5~8Pqp>PR8mlt8n8vE-FQTBcyAch_ zM6QV41IDT?!dSIO^T%Tac@93Lm~GfjH6&c!u$`)pwWg+>3Z0#@LYj-hcB(y%uv7iA zUD~PkX`?WH3K1M(r&@?bbY?rTj-4uy26Q0JMD2W}i?maRk4bM-<>X$T6(U7tL z0+!;J3TD_A95z$QO=++fLzRY0CS5H8gT#*nD#U@FJ#iFPs1ui3X?ehIIrX3vM3o-OPt<`${nF&1T+Dq z@D9W%;PIw6GOC<#b_@QBI3<|VDn*?{4(`+hnv{6IY_J1Da{ZUN0z=~AH8GVYrTy5| z>h6!3s<0nV?v6+Od_O<@tmQN-CV|r|UYXYt6YO|r|65a2CRO?5fi*G8yq%<3=0Ro7 zXyh*zoLAs%weK)ia?o>wx}>Ta^k1$D5(fT?N$)MNP6&Gt4rKf;|0ibbQk&Bd_~>~e z8-?TEd?XAO0B#tzXS~yYGnOj1d&Ws45$2=qUPLU6zx%Z03n54Y@$%WGAwz?gfu3_0 zLao$U9=x5tn6xn{g`t_@=#T3*tH`2yEFxf;?0v3?y7HLN0=MM5dBX z>8J%*CvtfZXa=%F%M4tZCuk3;IPS&)I~Q{I)O?43@NvK5P;-x~IKlv@?*s;8yZZ?! zCX>W^SpjlG+uHaMoP*z^g-VjsXeefBMSDI0#bT5ZTO2qoKW(GKceJ@OyECZ>6GyJP z+U2XN$y4qx%~K|p!lpQ~#>w3c`>?UR!ls_|?Lzr~^qt&1W0SDRIepbN&LfqP2A1rY zgUZbK$MBK!Sfcn$5ufSeGh2L)6rW?o=R|xKK1K}U2l*&|EC~O2FZ`o4{9{A-M^*U8 ze*C~m0NJP~&UU5)Ar3JD9kF2m!HLeYU3Qw%sIrRebNcN^A@ThXKgF4O(z|8jUogO>T`lp?p(e#=??CcA~PhTgWaV2qV@7@DKD4I*xXavy^6t*3wLv zt8nmQIkH4Q%KX*)9gL}XcU6v>Agxt6_siQww^o(XT9sfEdBRxreyEFC{k-|KS2+`= zJTJaM`>NyKv`~Leiv9P& zfOWzqqNLN{mIZoRAPSCJzdvn#R3UWi@A7 zVakH^rTIcdvWRmg8q$Ae?RKJ@HDJ$@QxBT7)~z#5TGu600n)omz&?2vS`nsXOTaiz z+)DAyKV#x1Oj>M@tlU_dw8rum=73qvnN=XE3J!48hZ42JHTV@pAKEJ9LD;0V8c&8v zi$c&aX~jpFwET5US~tT!A2w;pbxGZ-HI{a)iL8ASty*L2S+#Hk0*)b|RqJNcsx{YQ z)w=%w2CLS5vdy$=T_GlT@3)VzYz>7ZqP_c_1b{}5Hc1s*B9t*!qnrnn7PKx}M~I_(xfsHN)?5U0yootzeyxPWMdxkHgUey!G6Hkd<=WUJc7Sr! zRID$%Dh4M4DKf9n?B@a__7rsmu`~9V1IB#b+1iUrly59VDQb($VZFb~_8<(VDOwQw zP-)=yt?XuPJnAa3JnvOx{ZhHI@sAFu0T=2QB8|*MqgTl)`5R}h(vJEpUNZJX#C8S- zT#1wZ$bgf{CT`8R8~Cc4sBCil`QNV5e|@FQ9L2-uf=&pGapibdi}!L9vSg`W%n{#_>}Io3U=# z8q>wzHVmIQK8Kb^gx`#z(v6!7A%_!iR2*AEiZB~dK#Z#0AkC+-N}+HO1d|hZ4MpKA zXthFRpNv*{$QUn`rCun%eon&;D@;Qi*L4?Yh}MfGX~IN{dje@_ zpq)p58W`PjZNCfeaXgvLFK<3i?uJFH%AK~~6&R6%+N5Bk=$DYwDJI3->H$G6(rPT6 z$Y`WY!F{J&9M@UsC0y+Q3%K_yg)>l)n6qGK@8qtz>Q;~}2P451Z0t|ZB(=hm8Z6og zUL0^|R!weA&nV2-%Y%0s1bZeZS~KV)xT=UO&N$jkl z{QVq$i!BUSh5FD-Tks$US(^O^a<3PA#O)ly*nhkzKypM2wKEbaMm;vMCuM6R5RK`& zBAvt+(Vr%?t=FG|YvEgNGGIRMbJG?h4AOW^@Z@UiOUfsn56P1w0`@=uE8I&ky~1nUYin8n zpKHSu_F;&En8O(}H5mu|yb)RcPjA*K|3bt>`DrM>4Swq7Pm|?qJ8?vmr5>q3hTQkG zM()o-7@{87gVN`XM6(`kWj&T73SzEc%okAO&`Tz{^5zHq$kz;z^vjoJjR`KTu)bvd zgJT+qKQtVFUj6u&HW0skIR5SR;~(2)EmGE}8exK;z3Rn}7~h;w-a-0&tasX<_$SDV znR6f?Qfh7rm8Zb9>E+^=%^jEkrTtoTZ1{*e)uAaI4ciV)$A32dN8*1h{wFGJ=N6zt z;A_78S|GouDIu^_eo+I$QD_xc+Dn#?>@H%b6~abdCWiEfUaKI-s9$p93#%r%y-PYG+vu0DWr# zR4xGx$37rLk$~d23D*Sw^q>yt9gzvH3`U4(BlZ>TSiJqqR}DP>LP)v&6MV*$*lz{7 z>BIhZd$7}QA57}|v+sdCcw8jx={MNfG}xmgA4z}7$IIypXY%o4WKTYZb~Xz3^=dTO zi$o?8HuxAi$KYeD*A3ho5eh!Ob%uPLB>71COF(yW7&ie;LiPmIp>cqG#nAx$f<3K^Y?ft+AgOpvRaF=U*Fu(y11hP3~ny0t)`v zC_vX0M&r;&A`=79XymOoxnX9L8;DSFDESNlRmBTHE>Ko-=nf2@7C=?d0?DD|#sQk; ziw0=t58`cD0zQkpbwD5g!)S6d5SmwEFTz)^9&)_%;Ws2^u@S##CaZl04bmpz-U7Ny zxDzqBTHxAH1mUKMnx0lZK0Z4d+~2WaZV~v~p#AD_JD6~nQ8ixD3om-$A3|{{0wnCu z_^QHQW~A$RUEG<$?!a_`q;cSmg#91}Gz;v0D1xvr7d1XD?B{1igM9+)`WDz{8`ZbJ z`nJL4npUh)Pc`Pu0R4&S0!gI51oS4xA`77BkUat2De7`sKwlI@1JolD(4UaE&d22@ zpsOUH)wO-ksA0}$xM0d;B|pg9jm1EhT;-iAegF7nnn^tuV?3JECw3;}(4 zTmX6)l$C&ZvuK>XsA7BA3HNZ!lX{fPTY(V*zv>vL}b$+R`XM=R^hM6`2@-&N2ZF|Ip||`-O(uv+R#E1Eew?&i^m~ zr9=XH4A~RVwyzrn=$eP3ap*OXi2=xkymb!!VOZPkmq|b|X9#HZQ2{6ul$9L17K5LK zLmQxH5>P_p06p+vG(ej-i??B+P>j5FK>soU-7i$`o&#C2Gw4IjC7^piSqW$c20sfR zMF(`1sLN^l(1NMa0L4ZEs(`ks1G?D+^p4O$d(NmiGeAR_E|ByLC@TTIgTc=NXauq+ zhw?VDrl$q8K0g|u43UY^VniH7Y4k%@tA81mMcHO<79Zer^rv2{H|Yh79ZvXXc8}NaOVginl=y#yj68#YjH|}xc5?ok+q7As( zCgJ}FOXrPfw#nXltR3c`zC$;eJ|r?}GeTuZh5bLsTfkR)F2K(cdq32Mn1@Kr7Yj`G zC-DxL|6*dEBtklk`aO&}&}G8y_08YWp(inQAZZtBETJFAz~meUUm$7yZjD0Ns25@- zzY)kgd+H&F^*d}VE)ba*jNgKJl4QL7#&-=?ekx{9omv^N>X@mb$biDwAtD*1CO#x@IoUPSK1 zlhimoGbTmDQ}v~ID~G(u?T1(>dF4Rg7%lhM5#iYH;K5#jJ~tnVGftsce&7g~^(G@4 zVtYjF<40~ey@m{mCAtif5_5*!(IU- z|L%9Q^c^2H)HlTYI&RqT)o zWL<$NmbP@QEhcywylP~a!mzg(hHLoruJsuZNw_uptavY=j+w?yX(Uuvd++%?#_zut$xs|1j(>GwX&agNm>_djlVAwu% zdP##v8Fnwjcq)Vp8_uvB8O9UfWLR^CUBfW?VaTwZP$IQn41384TgI>s4D%ad&oitU z!a@(pgby*`5Ejxyf0Y3)2K>x`n`J;Z25e@)P#Msi0m~V1r3}~##Z7yk0bOLkLIx~g zKsy=mBm*90KpX?$aFBkufUBG~ZwKyO#>sA%a!o&7>yAk5!q*)^|6x3*e@QkXYIpvN z-H}l}TU_eH@NR$$0FFaJoWA8851D#5*14Iw9a3wTA%zUyq6eQid?fO`;fVEM__~~c zi!HkCO%V9@g1L~wa8nKp6|19IP+gpYir_iCF3d&K6s!ls?IZtxcTE@tp!{W|7~$E| zPSlpzui7hz#;M#<<+mr}5j)T6t1}Ufro2)O2W)9A#*+$z5t5sX`#?N>KSd@uCnwY% z`|;K9;77`P$IDK}iNh1NPC>E(8%X7y+PVreY3S=^bQse9cpYruVSCvL!tXa=pEyU3 zR$L3s4cu)zTqGEayRzs{vyjXSAIC%B;Eetz{!?_+Np=JVyqaZ zwGKz!7#X#sUeu9o5H+23eVtLk8J#$J71@dUdIB8BDzc^LLcm_BbHb^{HB1?;^(up< z2aMdEk-1wf_&C&no*aWv%Ajy5YwDHafyd83*^EJav}$eWYNM1#aM97SVq*9SV~@3U zP2x>Dk|}qCAu`hEbs}{-$B19 zp+_B^~}S4^{(>_c%vaFWTXjoB2{)UB7KecvT+Y% zB!d90kBRj~Ym0TAAC7uKWYlhA<<1(lb4L_V#}71+^`3^YZP0I07xVDa_CTjpOjDLp z&Vsty-0cWcJ55DAQ0W1FsrE_YDQhwl_lCL^>?cz8*;a%NJ8HFC{X^S#7u@vV?ptvk z@(J`gVZPa-zj;T#xo?h<=2QL66L`bDzJaW^EMW{w-~lJ_#5)hSHz(m8FX8pzhIsl! z#sfNs=9P30e4~tm=)O=^s88sMkjMro9z!T@m%AvG66zf4$h;A_dnvL!TYs3q2fLBr zy_b;yhj*;x5RFl#F9#KG@Hx~%6jZI8aRr2N(>5n7E zrV@AO*a2H2q zy5rgB;pZ6Kteq9W4=rUMn~0|x&BKm)jL|&q*(RFDXv9JDxQ<_{eUy00x}FJ>_Or(J zZ2U%UkduL|0SuqRa4_K#R6^gs=D5jmqvHn0^`qdVpN=C8;QNc>-u;<*ic^&Bw_M9c zNxjAN35!07oXFIHq>XuiE?mN@%Rx!Q9sn<|*O%Ea@;{7&UIybIYQ`x&!fLg%{z5gb zxy2(a8P}K^;Jq;Bo6d;BU$Q~`OLtoE zk7z3X0;UFjR9wfusxE%;veEeOii#gOH3C0k3H;DG8iRj`mH)X-#h;+_9~IZ}udIvz z^CsXQ7ZpEpY6O1768J-n!+)if|L&&ZulY&x9~IZ}uc(XvvnJsGb5#7usS)@QOW^;t zarkc}f^h#I-cio0f3R`*^LAM94{Iv^ZcL5- zkBaN~G3-RjzfYQge{59z$f*(d5li6L8i#*Ml?A`6srdUcHSnY2I(`m*5%T}zCg8s# zDt_eD2>gg8@K-ku|I?Kg{LZH0znQ6l9~IZ}WB7^0zoZHHZ;y%}IW+=5VhQ}a8i#+* zj~4txn~LAb)WDC5>-aJJMB;}nuF?Jfwy5}#QzP&rmcai@sevCA*YRWciNyb56Y!6YiXS;O0zYC2{5u-L&pllhGj4F6G*7~mD~vru zld)B&8~*#^---X5@qdrLNp_0ZBwLOhKhv-|rcxV!kq!IXZg<>)3(?9C55kt*iw@)J zBk!e$2Vv7%Z!y)(V#LWGfF_ulJYU7R+O&z<2ajV58=`u);PGbdRq==|bYJ2zTYD0Z zOzgqYw$r+4MR;T`JwK4S+<;ufe!Yh0bMwA2`B~ypfA=hpWd z&(D50MdRlS$m#U_oPt<{e|u#k`1x|+zu>1kt&#kE^*zanwLj|o{Aqp!KR1gkV_PPuG?br^OJ#1<>!2+4kTrO5t5%nF+4`_vl*(<*zx(^8=~>^ z%l|ZnpRXep;m`Y_5&Rte$bZ4l{y6O54j%*SvS!OtsEjmGlx?^we`4?Kmv<@h^| z;pbMwBK)P>8^O=E{{MoX?!JxWXB?_Td3!0UB;@Tife3zHAs!8WrsC1kKa=oCK%f6x z=JLyTQTe%Uqsh+>1DeXu`Ai*1dJK$^{Coq$R|G%vP>sg&^NT-4<7W@#bb5K)46z7* z@3w~cS>Jy6;|2@<{!PWdfT@B1Is-pPIqUo}@9iew9~l)ta%u#A#1in-^E zH5LDRObz^CoX&p?caiwtY6AXiqvA(Sjlhps0{=Jl@ZU(wF^u+yBbBK5@kXZ>nv%;; zP01CQVhbZnTXJgnlgr#n#D`3>tsx34q#^HATW@+XC<14+Muu#!K`Ici(mXZf3r z=TG+$(fIQSaymVK@(_#AM{I2@f9|?BOzq~U;LqjjBKh-OK{$n#Ka2im@aKVHl0PmG zv<`o^&b9F8K`hyjKQC`NC4WYIW%B2{E1SxnM5YcT{RxDX{JEQ>u$4buQH93J&k}bu z{_N)R|7q7B$`OnFdH3sj{AqCg;r1^r`1>>!e+p9rf3AW5ox1o@pGM;!9u+^<&l-Ur zu>}6jb@5Ao8Z19y3RW>R>>+aHU1)3Yr11|)c3wIJ2hQV=1#YnS)pY*6GZ#sfp_)8u zL2Rc>gTqb5&=kBtD$QA@Whq5iaz`sXf-~7V=bz&YOiM5KrCUD1^?z=`(wn zfGd1A6|#Cb$9o#ia)`&W^`I12pvQoW!*2B_?Yl475AK6E&8z9iz!g}`FD84>exlZ$ zdCY?)EZ$jg6PCn}XltFw3zr|@UO?eJ(+{>E;XQMn(Erq5E&ek+Jt)F|X5MRN;?UPz z%fd|ZHe9)KMEh_CjyqB-97621b^1TeM!wp^sJZZv(jA?y00tbLGbr7eS>e4Je69OKwhc+f`xzj3ANr7$)K1>ezTww&kVYHK$+0%86pAyX{X@W&8xd5lbs1_B8a_@+QGfUr zIS#K(Pzv8gYUwVJJ)6zK>bbP&&ae!m=h6flHAJ{0dE(gu!UNmU)od`j&r(O>vsCGX z&(dQ*)z-?4t7p~C_(e;`LhX#t^-qvFB7ZpWyk^aGhwv5>nGV>Aa}^J-v?+y80Jij7 zD%P_P`$8-cE0`jB>z~7Q7+0?jX=J3>8Xg5)M{7MMoAvmJ87G2t+F8ul^q;uT$6R%% z2-KlmQ-2B9p|U{G!32zzatZf_F>FTm*F|EUG=)=0;C2Ek4&N0n=w+rh3p!A*pp@!x z)G3is2Nu??(;*}3@W`l-)QkEB{Bb4Hl*p*t>P3AiD42sQ$8leX?uQeaDS01e&a^#T z%oorm?nchSH>kW$q^`WbT}C>8Z#dG+bs}xtZ$#pK?=q+9bs|kaU_^T0H&HvBoCP-w z-LWcHkFJyTRE|}1EX}oEKcKtALO7M`75+PjAicKs&ydi=JhSYK#x-B`s~QZys=?h* z8#4a^OCfcei1zy{Mgf`da7Guvl~xJt0>Y80s7_Hh-*OUoE*zO~qKxolLJx(zmF~&p z35qgr^H^fp-(*GDlO^dBK|7g!*LvBfPPQbhpS`z6WPi2S602_Z?=yS&D#d6O4@b6< zXMQ)B_Q=6-q*v-hI{UB@sX5N41VvIjH_C>Z&!}Ol2U>TViCRQ-$tg%Hqq-xb-cT>< zaCroy^=Lb{`rGG}xo{Cpu0Oshb6%sPlI|l~slD|gDx(jOp$$;+lkYT~k$PoI6|z|` zlB>@E^G!Sb&F-G!&0FT1KL*M)oA3tCO6hP`>Vff2jFVlZv(ilfg^SXYgnN=ge_}Mz zKmQ%^;hv;F?tB4pFpm-Mw!-Hq)DpSHBR8lKBCsuUf$Qa}(CrA}Xes2Ee>g^!$r$VD zj`Sji3`vXHP%`~X=+I~QBXPX1nev_KkMu4I4PPJ}`Wjhltsp%Qi=j++NlKA^P;^PE z)UIZH)IE*;tejZ8pX9h{>C;!oRs3r%_q_o7;n58>Ro)-oG1Jgtp*Z z-~?=1?4cB5dXDDWY3eemwL^)tr*=n>P(a`{m4br6Bk47j#-no~QpE9D{7`X;V<4+P z69B z97<)`VU;X0X){b6j~!NlPVX-@VdbVZ5tfIE14*m0C9EG7;CtK{c+201gZt{B3MzBD z00-_I{uXz+{HzqV=Mxm|{O1g^8>loMwS^9)?u9qHJZh`zYDNpA3hGB~ZPPu)t`V7F zx6xhOYH%uT4<74`>tdP#P@vNd7S{b015lG#mn>Pg14Je3j=m%@x&!0tV#EoP%A6tM z=&teKO3wA=6FB$8vvo1zbjAFOc|JZ|hz*R#vkZ*G0`WWQV7y&q(gu5JfjZD>f`xNW zT+&2TmrKsI)KOimqdFDmyzuiiId?aoz`4(#sf!954(fBRtBDE|u)3Tp7MV!S0oBK! zo9*%Qu1!QWor!V(1)2(ZmHUtA?eR6ZMw_Uf<`Ym=Kiw!)BL^6~Y5>&-A`=5uoCQ^N zmnNbr|4g8|17sws{1>C6+6)JA6V)m{0ae?^p?au)G*sU|CEki&243Z|VsIp*NNn3w zREZLm3NjMa%N)d_$d2X_sE)$(ov8YY3Po;}ZlDFe)-M{WW|64w{?tU(KedUx>dwT0 zqz^$xqFT#QI0~x%#9>Ipo;s?(Jjv>w7S+1UXsFUfCPoW<{}U6{UoLJUDi0F}l70Xg ziRuuBkZ7nTVDo~B>P|j^SC3*2+Xz%OSo1lxoWDh6VxW5dV-wY*7c~*p?Mxg!NCK^t$It162cZ{tJfuA>?yDs)lUL9138>z{YI-A3B}PRxNn~Q6I`)By>J4tYYRcqmDH8{hF3?e3g@G{|ueM<) zq={-RpMYxPBaK4U5BBL(k6tf`Obk?gET}eO-&vDT)x0lIxj;tp>P`%d(NLWofht}{ zb9(+Q3bchO_R(8B~nSrW-(W{k271rk$zH6d#V9R8a+T&Cv4kUdHG7{BB zj6=~--Jf7ZHI`36bsv`c8zDQs?iCHyl_C?Pm+gDUM0KCAq%@%ge!#?mq@5rmQ60k& z5)IWW*j{e(>PbEU)lzFu@Gzvr|#``c#662{PVtWc< zL!WQKCrCtlJ&X-X#QQHbFg73&Hx!AtVTrirEfbZ!si+=d;y}{FASzKkg<&!p=Z0ft z(rk}ed_sG?OjPK!67kvY2C4=m;vZNtw`jg`7F3tP0?{O1mH$hidIMx6s%035qM@3J z=3%0GfKNa*T2$z?sFtTiLzNndDvK4Yf(W?rzagjS!hc^fEXD{9BsqgKwG`y|6$u3FE(+IFPglL?uSMj`38z>+RgkJU%R*NDrHrUG&OpFcmvU^1)#;o~b3#ymIkrGXi`n%o`sM_nOF2gVxjdO9p zVRG&e7CFedHCV!mMAhJ|`SMGmaqdZxi7xdc&(hLr&czjL2l=s=A3=Wn%#TWbe8-P1 z{Mf*cwfrdOM;Sjp`0*S+p5(`){3zi^5kCs}F^wNn`0)Tg z#`EKDe1xtH^$rch@?)=1k5G54G+3(8ohUsSiC*uN@wP8SZM5>XP$d-fw_P+pDWd?ooV~& zE~TG;uo>%DC-w6Wkg=XkXbYDcUqrrKJUrFmN?*-n``)J=dWQ>+mcy0e$15lR_DR^c3oc=|jbA|eBawigbJ5BBN6?t8dpT8z)6BlYd9ayKY z5sgh)gy0N@T5UN(9ESysY@Svw|I%!r);_z9^}*p>NZ1DyPId)`(0R?1qP>h)p$m~k z_&vIZ@!ngdGYoY-qIE^yT+$x#cBK0n?&G3=<@KY`m~h;O@KHweOAs9!w!jdb336Q( zt8@9OuE6!Fl49aUBJ_W73m%U8euxcDbvVwS7*NFuCun=7iPd)N{?}q8*fmI-4CD?u_ae&a^+AWq-tp+Xk0U z>Fo5!SI}#ECp*u5%pMnsF_X|nr@CJE9$=G`K7ylf)nlN>=Ud(Xnrm0%Rj9e{CWuN3 z47UZpnP!X8&j&H;`)a@cnfiW;yrb9mUt>;L-+6dtt*_RTxf%7IfY&DJgumrTCsvuA z*0uBBrnCeB_mhCJqgQBeC*msfUg7I6aUWQq)3ca3EhQ_+wqsAwt)|oN1soaezu;@k z3Tyll`woQR{1&(yWR)|Pn)Qu{+-U>8v`-&m4Zjtqx-4eEuz!hDT{fbi%d7=GE(`LB zwD#%zQtc0mr>q%FI1mje^mjBZcnkcE0gDm9D&G7iH=`7y!nhEz#Qs;j)6bK+5kE!A zH!%JN#N&A~+E8&*pFJIcC?kVkfvn3JWjiY8^xHe*clhL(4h(neMeTVbvV+CYaks>N z_$5&!2%WVZKb>m-F~Q{z0(d|?Yd6Z0tF*6pU3kF0NJO$P=2swV3BGVzA4|@9A)MUD zlJ-@^PRX(435HTMesT#;Pb%X&G;3j2k+z4JHG#Ftrs)(_t&n( zH!mVn<9N}lkY=~95bebrf4HrIcU2aC2(r4=-!U958%dFsb~6&w0jOI0@nzJ?SF>O7 z!I?-@*H_bi^4Wp-^NZtC-GT9tBt_f3-9uM8)gQ#cyuM%db2!~~6SG)FjWf~d`wH@= z2kryCl{Y)W0dg1ade>IGex%k>o+IqDyC6T|16uH(+FIe(ByLqq)Cy3MT=i-S*Bhn+ zn2)oJ=E3Dfl1|owHNB{|r`$6zP3ZI37%?3{SISPK% z2Kq};b@CCN^SJAu6Twl7E`*GlIU|oJE_I!mS{kLtGo{ zR52)@kW^lAqa>04d=lEbAWZ0w1UD*ja1SPKrvi5?WbGufbgO^E|2}Qg6u|qj}%^%%mO>LG&>uiPLRLFItV_$fy{s^y}FVQxt0 z@nApJi*2n^yH;erPrF29UI0o)$^RNNf0w@*znVC^egj@RO*`P2lptYC*YCk>tZLn@~> zPwUWC&W)OU@Zu)L*8lLp=aI=AOE}O#m8@9K(=oNu9!Jkh!+t6?sJ6FA&<=IY))$KK>lVyZr>e0$C^VrM&?H2g@kfg}DBe zVI9%J*y27%VN?Svv~j(8YpIYlOD2=2mD&QlgmeKnx`7*R|5Z+OYI=%P!v-L`sksW! z41}!pbZO9eE-9}AbKJ#Dr*XU;HwYePBjJ5Tr5Fd4N`F3XwrK10O)sm7QJyLVUi8)5 zS7aE!#CdF}O*-1F6Z;0Rk-~nfUKQ)|?)Pp)n0%&hGKWXR>y1d6Za2SmT zI{jCo(Pkb|3jJtOIm)6(+4$V*8e9YJI9z6P`k(15>bk+HuhB<3SC^8y?d+m$AL6lsj){l;+J>7CqUV zDf_i+raZaA`wSQd0+e~HLys`dTsN9>x93H_cydM1OGOGHb27sB2~*x_&rBpca6j;m zBO?{kYzUI(wPO=Zd4wib_H^Hvk5OdIex)qIS7uYMO;`cpDfPLqyh59Vyh0l?P8;ri z85DA{U88w;=gG{cd891#T~PQe(cA=)C?(KPf7B*ihCUcbdgBTye3CN`Ypr%d9{YLK zgBusDC&nmg@u|WUpAO^P&jBFS+7x{2Tl&21AykrW-k#JM-kl(2?A902-Nm_(yD`5O z5j>TlvzUaDJupE`$GzC=@si2%^<*z08R9VLE+hNx|MPRP?S!2w8Wr4QR1;&-YO|DQ6x)>@V{CU`x{H}whqz(=Q3-Rw*|==2?f z20Io_Fqc-2FP-WZjK&B(mr^i0{~YSGVFk;TxyO4|Xb29uPwmS&w98k$pA0-FSEoA| z?((gN(<(+c-VNSY*pZRU(^jZhdr7HZ(1l#KA9-XZv^00xPFaUtY;P!6nfnj?lEuQ- zGCuXf+|1)lAJ&flDboLtQ^FziaD~myagXi1g-aQH(osGbcjZE-JB-VPvEH0cd3>Q$ z8GMK~tZW>0ov3XFI~_RFbcGF)5bE0%s6TU(2S#?mQ^uOXa6*2nYzYTu#Rc)U(ix#& z-v`xF>htHirLqc{oi6oxT)0l$-B53(C3#>Y# z-7}meh}j2NwGOP}o${cdsB$8bdD?;`IN+D8>W6wbZ9kBtqMmM28SgxHp=@xB&EV{0 z`QwNu=0Y2V)L4aw_LKVsa(c!%FdNF1v!OlSk(kx=glJY4wM&)2?QAB=hnL$tH@NT% zLpIdz(4U-Y$f~}7Fig4{T$`p~g_tntrF4WlO-1sZH zyN%W5$;ItZ+X%8>0iw`ISogGEYVCKgI$q0J$Q}5u%dTUn7TLA=Sqd3pZ=yz1UtWKb zW=NQ@yk0*)y1ZVNCggRWUZ%Xh^#@epwDP(fJ8l}1*C+ofC1O`pR?6!Es6OZb8Qp-q zz5p-Tw=48y`<^l6^+$Tp_Xx7eBdO0|w4ruwk*}Y1Gti$xzAk^XVflJhPeZ;ct)zUd zrY;&OUp+31d~J`)ktYKqDrc3iJ7l;n~jhN^hXX7qA7K=_B@21qqZ_k~}8@1Gv!g7GgZEofXZ~xFO zyk;1Jc3iy6_w(^#fdT(S=Zew(InQsdDuV4tm#;kDQNeivG!i$2mim<&f->8kwnr(hWvE%d{F{ubp`mb=-O-i#)u{?- zS+4+LaTq3=n`mj?VHC$5Lrx4IKvhjtpR*>~`XL6YZs9QmO$mZrR1&3nOG5vm=!}+Sal;$wmphX4-yvQ_KWscx?Ln8f%6zO}OfJm=fg!jeJ0?PDwL#F2nnLaWAna(Qc zyc!G2H6YT#;-{BMfj$r4br^i9Aa|t}hms-Bg+5=wRWj=HZSc~RcI3bBkD2*BU?f+! zs0T~zOG|_u6c&2>+xY49XWyd+^NKn;<$N0?OnjD6!WD%&T}l zE+G@__cDV()_shb16GFKVtFG=?4uC^`)+F#GK6tZ$Y|#2V9ebZ*O2E<g?cMVyg^oR1pkQNR|Lxm78g1x5*j%vN`x%a1CqOA7RS898%%V-74A zrFjn6U%^?IuOgO9T_b({XXb0lBK!M@jC!_1A^*Tn*3&tzrLs8Q8CuKH)FG={B}PNJ z?R%*zpif{ih>?pbhDzPE3Sz#e+juP2ckm}{AEPFl`Gsc&I-Gh4SB~`-HSKc5kD9hK zSvFtP6t%pLwLE}Ywv@HR{L)@iY}7KZsE5D z7WF+^*NY`)>uN5GTf$_4tdAMUr3uqMc@4iAbRCQ5D=zi=Z!ZXshRd z#^{eP#u5M2Ee{^2>SvUd~7`*(~hAaA*ayzOP}RwEW;ybcVZ*ClzO zKZ>PMt^%^Zn)H1|kUb7pRw+sSC$oV)$q`>^K0`to9SnrdxUU|~>67`bwaz#l-u@NQaW^VAL4GXlI z<+hc&fG@2y!=j-pOMCZKdw+~VY_7~2?|!GcVMPWG3xJ*M>Cj5}A8eR)l0cPf%0>GP z)AP@;gSynsuCx^{--_ePqBSnxv5v~@o(wJv#e%BOqSEp1%@5@u}!)nAh{7?8j z9AP6OY{ko+`2PtJHX#E3@7^Q-D^bzV3H<(9{#S0m^Vdi`V?bYiUf(w!g^phWo}p;) zXu=lej93$XL(T{EqW2=_!^j!`6PQ{=VBP-Ei>@~7W)zM3hYneaW>t=}P!AdszNYtW z6>cL+(Q(+_9Z10fxO7<3-{2spps2C!->e>PdhzmQ};3sVrJsVvNV5SkaRhcmZiUAhotY z$}bR*x-nfKD~&N@3F$-FQ+0nBeY~70$IE7j0(rh>HstxGR)(Qm`;M8ic&DyV=~RxGD-j72eFNq7J+f9SEhFYHGewP_Ml8ngfEA(F>W`Rt^G*CB zLy2EjU}7YG1ZpQS5Qp)j?&0w=UzXO5>42XxV_D*<@goZH&uS3=41s@Qbo_{9;Fqb=F!*Q$!ByI}`*eMsg;2%V{LHKx`%vb{k zDKNLe`j2r8N0Q+9kqr>pM^h#z49?gd3_?ics%u@oomH;Dm`VTh5F zp3N|v^p%s5&9IRS8_O`9`jwM0mSGc}zP$w~Jl^|eF4&mu4zx?hW1`cBako6tRaRw> z7`vcPIgm}i{rGIv57}J3UuoOwYDmKr4rV(cc9g=F5FHrLI(n|iRaawlKRzPR&IS_$ z%-unlfb#^-qon>G-%cJrNQgBf(ue@D1sHR}j)2lE1PF(i`F1 zf6yg)=%7QHnVQbe@#%?3dVM-axm(lIo07p@NF;KAj4#hdYm8NjCJN5LFpz`%TCrBw zvsP2KBV*L+E{;*Z;#(hkM9mPseT!bRUn6Sf&Rnk)t`fsvS+eK8ToAuJ= zN~}w^DHy1vzA&R*UzGD5%E36deKYd@78Ljn3AT3Z3w|WHGXL;?o16KCQZ#_g;?MZV zI4s6kVaN~7aoTEJwwhovUT}R1*51Cli;=lH*Q%X4R#glY3u)y;lW{%u^A8ERo&~{L zjGy6Q3d5VjND`+@&co3C-+qXaV^9j0oj}KxeYs{0sWu9UwUe`j{QHpd|6z;#6KU+- zm_OtnW5yOj;`qg?gIhhU{pB2CSx!rqmgN+z1jceL;MzA*^&M7Rxezi{HOU|AT_Qus7Pf;irYZJB%c8j#Hd@di8@Qu?KuBjm5W2g|A@H&XS zV46wnvqT#Er-%Y#f5wMi+i7rOnaVX}@6m8YRs3^|IYa6CQobai%s3lJzN0PH8)hQ230J}^=AlB^`zOSoSC{ffr)k|8?` z4o9q)&wxJwd&%om2ShLV489VlTz`29FR3mJ)ssy?GPDr}_11%KMUY8wqrcQ!e{m;< zTZ%mIm;UIH>)Y2%VdnMMw+FTp4VX)Tj~`0lED>o31!$kLtIj%d$ZE8E^OG!nCN zR(<+&#i)*0PdOwc7VbZgDaQm~Lw+2;g#B#PNQb&r_&*#ek4b^QMyrfHM^?mS<5$N} zFP^=b1ERi<=2cXhtvt0#zVoyTzqtvGhfYDjR+Voz0>fG>8VomC`NYt zj_2=JO9 z7(y4oF=x;PUYf+=$vzTM5c5xr*?l^Onnj3~OZU~9u=!DL)>sktAK>}Qw2z1FVz7}z zu!j`*OH1P?)Mn5*$A9sWRWT_sG2ymdt=%eMDnnPfccQ{Qg)_n7{ zY;;8*%T&nPd{?69_@aD={%5}HtmimOzC(YMhb!k`)I1uQf!Ua!N80n1!V7>+ ztT~XL7v#+k=awpvcwh$;#$~1OARrm^^?s|<5-ozlt6KX=v=Z+IK}REWgrJr86T~JB zjqo8Ncke3*C;g1@A7w5j2q*1y0a&dq65&eG{b*x&NBSA>9@5`khj)U8#+%ZKq7@eP zm8nQa<6XN4b<{)xl>o&!1|bxKif;A^IwI?jmn=(eefcJOV%r(8`cgXhmyf1ESeT=rzcUR zrs9P@4BWQDl#f(ng_j+Dt1yGSi9S0jJY9e~H*N3Wj9M&IVgCZWhObe3EP)WTK>&I# z9i%KBp9P^uow}D%=4)sHvdphoW)fb6R&bdY?l2sJpt%}50n8zo^591Jl5f>9{0Op2 z3?G4O77VNK!grz;tGeaN;8mD%+=e+Q=T9acvE-r-z&5k3p4)QOa;$S>HoPO0Y8J=! zEM}6k+fm$0^aNOiU73}h?*2=iejI!0pPH!Mf}*e&0(49lb;vE+<5@$8dIw&FmeGkn zyhoz}MAVP9OXQ;bnBe^|`&*08#>fJCx>T$WCoI9(5fh=E0?+B*BdJWMk6*%F+mgw9 zHp>I>(jhf%qZ>zxUsDE~K}_BFLZA1QgX;M-X=XJy^q>-Z!FVxs;ll3U@RMh!3+v@Q zc+k#~0)-1@7fmo{ACHU|LqZng2ePha%=T!G$fCQEg-H=<|7+Mk>4RoQRl;_(%aD0A z{rCdA(2s99%hZoQThbW)xa-!2_2b*civ1C74%@kC@h^0Vq94!1ODe;c=*g}{GF?Az zrw0u{Py~ML2a+b*<#q$F8zQE}Zo5yAKh530&)$3c#_&S!X^Gkx2toF+74TKSx31j< z<54sS{uLr>Q&9#+{R*&V?%zz-{C2Nk%`1q4n6EPCbcmVIOV;|B{R#5HnF}`@75zfG zk$?n+sl{ltZhRNuTVLevi0`oeAov4?yj5tKCG`QsKw9N-6vfmX;^D?^r~lug(n{e*j*UL}mWyAxSeK9ERvG;3cu+&S z{^20IOIS@fBEfnF6J7ac8;_!UXI6*_pP%8EDlG#;p{_e{1*ylJ|ILDcMIoWs{*!GWosjZfH8+o@r)tElVda$^*7KrUX;^6 z!TVmQXBZJ%3-)fHa$+xs)iswVO2mZNPDNyhei5(@@;IWu^%eaM&bQ*A>#gi|DRg;G zB#|bH-uA1fGn5SzPl4Xw&;ouSy+Ry7rixC7eB5d}oYa)U)+o=FxmPKSXOo1JYBD=q z3d#@nw{(|UNx$1}xoJn}e3!O|y-tiqVpPnzPZwqAbo9*)lYtQ3wyFJKX174}$%l)~wtlUe2lA+T0_f>;!* zuoE(Uil+TV)Wzs=Zz3K$Q&C4fzo|}N3|J&HMi+uRVmhb>3Wy3Qg@3S32>sy{^z(NU zblZY>q+8JzDB(eh0p@Cw7o_Os?w>BDS0Q^FJ=xOXgAkU7x$0h4Kqf=3bbg~mWZn9w zdv1rAbEgS6a4;F#$M=6dLZD*Q*hkHb;_aw*=q?JLRR)z8A{zYNJPY6lcM@fIuE&pB z&p?-LZ|I3I^3ZwmmzthYnwz;Rq{wF1(uK)eDPf6*3Ind8$Asg{h(8&RR_t=6?RN)y_eNWdn{<0dDaD`Azgj}c z^qh+X4w} zKEcE$1}^M}wg3D%LJ2O#`z4sg)PnJLp#!`8GsN2OrP^yE?JBKfp2&l315#w4_6Wkc zqwJVXd9qZb5%d+m$WOTcnZl&5JnCjhpya_BKZ{|Tn~$+JrWC$~AJVFVSB_<}k3zQ< z!?~HIJMAD_5jFy%ao38-?3&^|f@;UW8{1R2)-_5ImG-@hunU2#kRqPSEH zk8&YE^ha99`?=H>T-u2BWMV&CXH{nR_;Z^L({4^E)GzRAji$_vkmEN$?~-bb8LJ zt;G>?`F(T!=OLCmZJX%gk9?09>d~@bvw}6HuD~GH#!=idI1j;QTOl5#{|4!^t?7Z{ z1wDPMf;Ctu4yRXZ%Cu&w16vg!wkt54upGs4!M=!$e72)fbGd`Z1<{|jR?q}qLh;HY z4n)XN7LSh2QMb?98FL)bkHvhC=tY;}4W-(p=g|{hd89qdttqQIt4qvrB}PQA#k9?7 zTj89w0;jXY2r=f)+^o!{CdYL}r+SvCm#<2JCy82C8jLMivp?6L;R@W28lLAUZc|nj z@2g5DJz{-3lon+LYYGG}Zsz;qgtF>*Uv+wp`Yq5Qmlidx@VW)%ic8HbwmAxR4s;Z( zl}Q9IbBdEgV?<46)y7oC#7r7zGRb!|Zu*@pillP}^dbz(iHt{!a&4r4c0u*P?1J@{ z%(IIzY;*md$k;??YtX$iC`?v}GQ|(jDTY7(x7)kWm&_)g9`E*d@N~x_xI67zZ19Pj z-q}&mf1fwmQ83N+skbe@VwZW(!siD)h<_N4`954+RFS~EOfZjwxjXHDvw-_P~6>vzWghVEYS}t z5jt2|G}(rH??dxFh$wqJx8k$PJEmY~Rl%_Zo;!jc$h5yJb6>?TnO+wOY}DKcfJ~;@ zm{Tl1#>63m-#z2;x!*g*5tuMByWm9nq-jC;na3d4P+Y;z(t=|JO3}>-P(!|*rL&Gn zG_Z8UD2pqcWmT;lzFh-dWxJZWT9o^K8R%|tNLhTsBxPqr%v00IiC{Gdk)s|f*ts8> zdfEj~gr8+0d&T2HODX7^?0lAxFAzeBnzmMU)Ma>9YkXDBQIoTgH%VKzvz4>OiX8P2 zs^cvCrJ1wE4-SO8Tl}C`Yl|{>F4Fm`o9D1Ypi{;L;+K?FHFNl?m22=5%Q$8G&>7=w zHTKehF)^)Uz9kBbIJ*=FpyH^9&UQ);bk10G&OFr-iv|gh@wz;et&Y71!ild$`j_4M4(RFY+I#Ab*L9!82=dLx96#LZ^1&IUL7XsaX|mKe zoN5g=C&znwpk+AIV9u%m4dbSFDi{dwoEmRZ!A#qy{L#u87#deFGj4a6Tq3fD}Ww-$+}Iy4k|&#~InT;{sRN4lw4Yfw?WdaAB4;_aTI%uvnw8u?P@N z7Fo-F<4j}L=r`DH%B*j;F@K7EMA_rH8=qC)JiXuC8^pPGtQPtWTPx;UZjl};Y8&wk zYB4`_p_3pgvYM#phn(Y>&~q<7_j|`X0{6=<^ta&Gh#Ap^Fl?YLTLHe05J%aLRt{zH zHa1XK*-mt#?Go#E0xPE$z>1|PLD)%CLo?C&(SbtE#5X&RcRaF{9o2iMwYPXjfqczD zzO(f%+A6ojI_B;w`>9!Oivuh(x5Z{x=GuJpPo7^Uy&%CsTx4h*RU!3baDO)T=hvpy zpuM8C!me*MVhVle5-jb*HU<0V+5eOJP@=r*>$LjNnd(~$xQ*{L`qqEnA0IjnUoL~F z4bra~>+FJlz1r5LA62tNX=diXF{O|$=x)sV)7Epx#ktUcm3id|a};OL>pb+4(8o>+eXbjnNsMT3h-}LC zHG_&!>L||4F4zTaVO@cv_yP3!ve-}o3#9%><#YNpiqBSvTZOp%jdW7Ia1=jivm{0z zE{h9hLs3V%`00Zf_iUuwuct#EX1cl=#ac2#2PumW9zi9fx(BPHdX`jEz`44=G2bzi z=fsATXNrx+DbKM&EYbi$4kd)H49jn;wmc7{L4HDK6KWOaH?VZ6GI1qd`unO!XYC-D z#E>xSsALt{BGmBD@dH};ls9!fJKd@$gF)P;USH1+r}&s1DH2tdZDHn|5An4kUfn0? zuVO|_y&oD_d;=O-79<5Uu(0X{^(H2CKx$wik^aAz_mTS7f2DqL7A@q=X8e#R*+2$AX236^)eoU)TzwT2J3A?|Kbb)zbf-_sDZB3pef=M%7*l>JVtIn{}RHH z`WF>FoOTiu93Zo;qkDCg+1Am$ZbtdmMoEVP1ffwL1`~{Gp;2-QUq{zM8)00}SbXmH z-k~?jJA$7gYDA-?l`2x%dKMv3m96{-g`$j_YbCCTrVxk*}^6 z3-hBN=M<|jq|>M!>G5K&=l>VwxuE?ty1b^!XRH(81lHsn|IidCu98*Pxw&1XEO-}A zD51VvGBhPMzEq3Fpb&`9hISUw9kZ#gP{B)~-i<}H{KUgUlVd%pZuLiZ+Bz|CV8;q3 zoEpSTo})WP`eWH%^r3ao(=*CK&0t`JebG@o8ale6cMBa|r0t8eLa%}0 z0#Y0HRch8~3-Ip~?Ty4q0b$}j7mL%sHwepI`+|P^yk{3Y1iKt83)jRIJVeXF|6%W2 zz?-VFwv%44K=Bl%SOlao@&&;qu283nH>3RMJ73?QJEBGCTtTI-zTq)id#n|Yr9|G(jRXwF{mzVEfy zUi-Fo{syYgEUK49*robf@pMO=TumAHpei@a1fc)0arRZu;pcSE9cG#tdjOh6w^y&kUGQ`dXP^FG@?K+HuBR znq#+UE<2(XR&l)j1N==5hmCn!9{O0#hP*)Yfl0ce`S6Y9A+#WUm>RKQ4etrj_^;yr zlIKs{a--7htMCz{e<;gysQs|LiiPA(_?F|ZM;enCIa=>8%H1fP3S%!$@ggxF{P6Js#EO>n zz!`}-an3BXDq_W|4x05dcxm3O&{-qPqVB?c|JFzb+_`90<;^-{fyEJ7U_s+e??TE2 zvM}Rh;aA=qMwQLqM&thm?nLJDmltNl$fLxj@`&$8cy=9wyoEioIPyJBI|$<{$1HD; zV?1doy&LeZ{4u9@y!(h*3rTs>Gy@6#wb)^zRhL5~ z{wMK|XLIyO_*i{c8uW9q*EljdMkuj=PE{zIkPDo>z!;ZW<= z(i&QiE?rB1tHLQIA8sl;EwAh@tA8!Iwk4K)2%`;mC6-NqxUWtMT?diZH;Q~e#P^5 zI3Tt&SSBgU2Vu&VqAb6{imeVTKpjS|c>&60!^{w$5YsS|k-KF&PHn77u+#Pj&e!Db zpMF_*0?s=bqC08MH6&*JM_^N^^a#mzccHTU#>A>^ZD*RR(57IM}r6)$dsPs&j(*d<-2u-~Lb)iW+>dxTk zMkl6Go@cr4MrGJ(CWjRS3{?ZA{-&Y+8d|Eq=@6&WZx-pc78N%svc3|LYDsg7l;yJ% zXaG7~dWh?9FfChG?Pvon#9V({Rciwbl+x}dMca`kEJe9%XSAc04a(*G>rr`-Rdk-z zq%T=3o2p9~kDKaC(wn-;x}&Zy(aPc)6qod+#s(VhNL7;cA?``UQGr3k|IwbLcu8pU zIDH2`oc_(u><^=hT89$m+>F7K)Fo1QlETYH-qP~@oH71GRpB=NEu}lSKW!Uo{Y83G zX*KmHds(NdJt;WxgZmN0u#8B39l3|5_vUFszsXfK zFzFHLH8gfKApG?AbrES^NgpRmxdx)IcawgA_f2RB$>JHn9}gipJcN)&<_um9G5CYx znGFZjuR;0#2G5Rq9!N?XFnn5EH_(Iti+?<#I9neg34aL<9D4f5Jq;iUh-StBL_8x0 zGX`2wtXG3~B$OWFNKS_4tq)1RsQ%v(#|)^HH4xChhxId@iz+f9A7~(b0(PLFf1}Q>ZU(iI*kDoJk=4L z4!wE}EGkU@FndEJ|0aEsrQ1uT@@4@_aMm*m7r@=wo z%n=8Te}*Gk0fxPhD1W7!RFu{wgK+MYrfsCW3187FbcC-Sg@b2o%@|AZ-p#=b<~mj9 ztr^5yru5DHHH!G_B4zn>Yf}b0Nty*Bx*30+j;XIMuw?4X*_?lQ9DPJMFPb>%Xa7F_ ziz_~lf&Zpi%?xOhk`DZL@n3WOTV&k-Lj4=dCx0wFVbB>%Ch_#|wEwO8x2#?qqrjEt zbeihlY5x!D-;w$3G3npZoBmho-_85eap~VifBIjif49`1;tn8x+@Jn$*T4UuKOOse zTTA;X*-$i&dHw4W9H=_l@$TVtBJY@vcb}@_=%J?r{PW6|t}o+y#G9Wuu|B$>5gM20 z;JjH~qi2WdfOj>>p)mf){Gs%qobQf$qAMKtd;kxA{d{-ika1`p1v9N?Lcc_KI^R8r z!{hj-em<`pKL7ZLa;Pu7A%@LZ8d>lIs*z82Z{~>)PIjj#_nZe0`GIjs`Tp-pxAR)l z5jogRn+i_cOzD%2i!#_$rZW&#-?u6KUe0xI>M6&%tJKme)3I(;%XV%p+-LNk%4b|+ zk99i&oz&n>I6j?S*7iSfs{0a|`y8~?;#Bu|uC({mY&>OfByrB=Mukn`^iv{7aQIC3 z4NQz|;2@~^;1Q1faFK{7=GV)4ZmfQRIV@NbQ1AxscsxiuSuj%fe+_Vs@v#%x3l$TPL9v-(D`moC?T{CpNP>oDnT(~N2wN6+;yC;NRldw1{@eIBsNBZQS&Za&fk<6k<=3ygq9*(9S`qgz4{_b_VBS%y32u+4Z z(>8|UyMjWRj^8Lgydr?p65Ar%RCJOD$5c0CcI0gROSEK}@W&-f4E+Qi;xnoG;chzE z!EQO+y^rDOHkjD2G3|>fzK`K0a<&_tT29PviX867Y(9Fp8|%Tw;chI9tF4VA=Qv$Vc49>^Ns?Kjq4t^a5w(o$qdG|JsI!_GEwK5B9H*ef(-^|Hl8}aqQn5 zhx}+Mz1ANeM|#IQKW=Hi=<^LmeManuIPP1ZW8wUGzaL{22-q)&u>`Hgz)y^iKWE^3uyJheu6pSW}n<$zs9qm)}fr%oP1g_y614NZw5T8-HN`+H>&E;r4(KO^x!a zhfj{1-f9UyE;PAmdSAp%?>;@f^NjTFYL;GkVVY@)adHJ-KaO#i7q*Xa2MRmHxH-R` z>J06(No4B{4|T>V58W&^~}qhksr4jS@%hx*6BvA@}4NC*gjO z&0f|DoBT;dz8~Fv!?*;$ja4u6vm;Y#Nt1=8J3Io52So9DJC0ewsvZnzHQ*gpZBsA2 z|5}qodxJD_h}iRo5ADivhfTK$XulNYZG-YozIy5mux;{n<`Uz44!=L#usRcQX+LkJ z(%}yG@H8bW`Rd9E_P+=-yloYv259fjH_);UV7xLOzhUQ!^dLeUGe2$eH#z0+0rsYJ?T^T z&|3H4ewM)Ync*k&B5cwA{4O#ZOy9l+EltJ3efXcJ9g8ua%kRbb7W*34j_+`;8Rvc^+^2?1BAJMPCgwqPV|FFgM=q) z{|D-`{Pfd83#;D}h}f+%EcYJzhFBe36~pS=L8aWh%Y0p zwHLY4JoS056Fv1QZe<0T&!A_mR;19!3c7z0y>B$8Jb7Uz+tq?Ot>nA#$tKO_;zP?r zo?tg?r&fp{$W&!_GJ2MLIWQQ^x`MonAX$fZt|XivmY{}QNc5E~Mqw`&BH5fldLQfk z)5X3hS+s=z8!6V{fU8$0TC@{gXyxFLTZME9kq*sZl1oSqB56XpT}T%Y=?fvq{oD$5vf>6PYLO3 zA`KDJvqJiSNM{J?1tGly(%4W(p}h>6M*W*a!S^@-iMkkp>U3KMQFZk-$ zLaHRv(?aSZq<4u_A*Aj?dYeddh15$(ZxZQ7A@vc`>mZE{T`IJ*K+}GLJT zt90R}%%aW{O!uF{?R(K_O#B5!*SL&Pksv+ z+V^ep5+Fq_ko>HK*Sp;~V60mymoydX7k63#nX4j}WO^ zNcRaTNTk<<^nj4OL|QDQM}%}ck%B^cLP)m~=?)=1Eu`y+biI(421!cBD5bs(~6*o5Odl@_}q)W{&rph3!mwom=FId z!ekS-_E5+P*^X#$ZR6jDDXb-e~8YQK3x%@L2|$>UTZ4KRhhTu6h2bQSp;E~KGC znnI*M2`OJlbBUBGB!`g7iPTO=BZc%=BK;oZGK~?^QX=gX(pVuqPo&ReJA@P<(qtjc6H*zG#t6wPBp;FT zgya{}d?KAGqKBXln8&W!YA|RyZF%ZII*bw%%oiTlOF*F{(O|YjG)0ckbJjKkQPvd+Jc$381g#j*G46#U(0YTWtwB`L@+N_V^6o~1i;^n({Z`Lq^gM<3R*%wXoO*khIZA z0WmI>7`Y}^5Pc2NQ4`l-ESLJO0$ET03Gp2q@*;Vyg%^^4NZ$uH61#CZ(tmyzD}HBV zq6E@SjHJ(@^oL6N(Sgje;Ebd$huPUJ@_`t|1i-nq619o$I2>#J1$7o_~7IQG#FAk^VrU zuOT|MeO8ocyPf~uK3k?XLOi211N`I)NzZWEJ zBQg*E`v~7g`kRP;p`QLWNIq%*??KknUnRa_7n!_HjHds0xRL(ZuTc5_A>|**3?hUirONcyE9>*-Gr-@zd_lh;~!(aT=|H_~s#A*#}@bM};|g zB#xDC%5%#3?vb#g>Blg2yTn_#IsvN`DGW|P9?jVS4eu-WAwkhGRsM1we!>OHiCGiDTsMYhatgU!e zWJXzD0Cu0PIB;IQF5hm=RD3%*D7@9=+q&S}VyvZO9T(P{$f_~UXRDNLm^`j0)0bVe zv#DT^>wT^SQhEpv?^x#br<8kA%Fke*15`TAt=u;il}d=6ka8d)x{<{9@5s1uTHNH= z_;5}nxwT2uw(mLnOtlSklpYxhrGMV-k>my-Qc$}g6Uu%0_)Exzlw4;@ZYU_S{z>#q zq9;-aQ~{p1N6qdr_{ov`E1s}HTB`pyWqB*?F_cyET*GbU%5rZBEh9Hs1XY$>mRQ}V zs~a_{o-Ac~IXa|;9^LJw2Fl6oziM6YK0Q2(VKp#+F-TEg?r+qMA^31z)^a7}P@PYV zR00-bENUMzM(U|QYhJfV@z1@2JI|_VRI+S1Lb&IMzK*(;=2ptc_O{XFDTd2&G2Y( zT2U3??K*E2v9#6QPYotjsmaXWu$+M!^H$#8H#7yYD694&0qsu2O>GdmoE9Gg-l{3o zhU8Bvvr}R^o2Dq2*`H*O?Ti!vVT5unuz)De*;U!bl^njBiV2)u}(D|Z8Syh=I?5lDth>fi7wezgS zeUGWODcHVozoO>m+lpN$VcQu@^qxIf@Vlq}yqW3YQ6=aiu%wM%rxRxlR)g*KJOhb+ zO;RaZy|Fe@^|QxH)z3mEw42}v6=8pkD#eI!9kyMjQoVSu$6q+wVXf31?QQ4kF-O*XdS#o z^0@(?$l<0`*1{3`yBU5(haChzL-5^Zc##ehqi8;YuQ$UpbXX;LGQp}DzF3Dz+-ijc zXPe;xI$T6>7Qt=Ia7P^;LvU+?!#GqCDcFHarC_%c{1Y6ZkIe8U9lnv^4+(ye;k|0< zIvR3J8)@OBa6*{GBEJyWn(RGmoz{{x*{bcsFo^e4XhZrEY)Px7yVfJZBL62&c|XBr z!!w0PV4#~V4Lh_q|e?-e_L*pWiD}LPg z=N&3qBf*2dFn=JeG-L7EP^yVD5)$puM*#?iDPq%4>0b5867-*X2^qC)O>ME82t zib1E&aVUgv&fHHCltaJ_CxAn!qf;f{VF`-g|{NZ9rXQvX;gY}qRKU_WKe<| zk1glq)m2;F>FUNk>iI64>e`HlgN*S{4NOZB>U-4*sM+@#!z<0{lils>X<%U^`l>Xy z?_7*F;bLddWt-R^+M=1~eD^?VQvq?H!qtQQb9Uvy@sgFy8xU-ZP*CW@VVuzbGf9bv zm)KA^8SDr9J_0`^r7|74H7-0ql26TiL4xZ%v^-iL?*`y0+}-w)R9g}q7dR2U4*fw( zI}!Z@cEC&5QHL}2R(kNvx7ocZ{G%iqo1XiDa34>#DZM9{SvDxVZ?^xaHNrT#L3Xg|faD`lzjvP_+Ft(uiljO`&O{av}SO zKF;w9x$)|O;vLos`EIH!?^e7WL05xamckkU$BCu}kE>9VofvO}Wuhk2YazihQIkoJ zP8KaWpS0xRIQN}z8>2hq%~=XZm7-;H*Uwp7H)V{G1-Y z(|@fk1yz`aILvA_%Cv=88)^jG)rVfKkzSpq-H526OQ_l3sij9)tL_sSs74|apptx> zH;<@x%Gy9sLp?~hr1zsJJ^d&Q)c2H#`p)`vRwS83Btx(A^qE8YbR+B27eo@;ejDl2 zjiOJ#!qQvUr#}P|TB=j7rsUru$}_}7XfJ5NW~CT9^3jxHbfp%R;+9L2MY0%5v0h=h zNl3a6l5V0DcSpXcK&%vZpiDM$woySbjSW?b#+yK28=WYE1y^W-dZPmJ|HPc2crT9v z^q68}@f0YT^)xmm**!I)Wh!1eCr%?>hJ6*Xg(|tyRvaTgAh)ATV~(H9BkKw4@ed28 zu4WB%Ff`Db4SG^|`v=Fnt8wvq8%|=lUm_J09621pA?$JVd0mLj`Jm*JsCiDs)|IZj zH^S|xYK&Fh@#J;VJgU*0h}M2#jMknM#*t~R5ItXmdn!H;qKa_Ko7fbJIQ{`gc!r_L z2cV%xD^ohvoub6ME;bbS@SmYBr|B=iY8WoQhB+$_(AOfi8`&vOw4n0XVkH9qSW`q^~ zp$uVMy_WR%LQ?8y^@aX^;-m5O_Z7ED@mYU=0gmt!_R>bt*KLR!4${{ZUuTHnNIlKh zL$S{8hJ%g1MBr<5n3e5I2_9|^ov*{JY@bJPZ!_FehgsRqAUMSgx6)yi806s1fI}F; zBWdphg&ZWwwQmUizzna~VOF-^A@~I|{Jajcvi%sr_n6^w9cE>FF2OgO;hS`rmF)=x zk7SsXZ5j_v!#CEYFMS*ff=eE2XbiU%)tmbs#wFsGj5>=IN&tQFb0!sUqKjZyo08nZ z`q6rnw~0R9R2g@e=e?B zTq~zrFS=H~2d^N8dqjDb^mC|u|Ehitb-Kt`Np%ACya>sVstWb|Li!{n4(fS+`RlrV zj+GU9y(&gO&ktl3cN)1e!h(k3-?4XE;5gZ+ogR=_397!-#&~ z|ET);ZAaD5(cEVJT-rOLpHH<-ERc8bqLV^jDKET$QJ|l*e_cQKqij+A{C>DtKWA=Y zFS=(i7puul^z%--em>U{QPAIG1$`GQ==4_4i4ZcRpx>H6x@3F>9sWo`=Tw^{=)OOE z2B&Q5FL;v804cjsk9ajMq^)C*tCt~K^6Q3QN(Q5i1!1C|Io5|H)=cs_ zLSl{j;ON{EofK$`)=Q5LVj@m-szitC-J%_KaweNZ*Gr(nw>1r(8WcD8zB18z-Ji z^t4ms#(1uHf|*~AapwprFQzkbVr(s*AJ$`h8=hlI!42}`5vr8cd3uZw!jmKT@@zB+ zL^fFB&c9&JhxNOB==(4#A8B!H3ylZlB;Im@PaZ=&YVh4!jG<&^LAq}}NZboKLM&`>@6T9qfcaVNEXlM?&Gu-u7jZRY zwTr0+!*haorX_Q%ziY3-GaaVIdHjaAuc5kufE`P$-f0I`frC%dEYDuIfPSp5R7YU- zCVXitu?Zq0JYKt1(x4eC?eWT+9?x{H<^2co=utrr?r=E`N$i z^oS55`7;qoW4Qp;LLc--^yyJyN&Hh_*_~h3hgQz;u-*xZw?BG8K9m5pD3D~6ULAbQ zX5oakg1LUbpV}Xj1?|E^U>YN4np8v6A8gY;tS4St%c}s?4phgrN7kzx z*p!1-;Mvi@H@k9wn`s*naPCUOfpRr_zj6K?;|yNEarocY24nHpUXCpUcRH^Y1XEwc z6af0w!7kH>g*#M?2;}3LZ8P;uHP~SZ6~d(k&v^-{;64i#3$Ls#TEo`eH=%oY@!HM? z>Z~Xzirir-2K8weF9ZGk*sOtpM4Gtde&GJOh8hCx-^%JfInS~i4_k*#26HP$_^0kl zYoYE-7a4V5eK2m_k2=tD-6sNL9aMj1ya%}>b-(dMOo4)h=;7z&jRZ7(?~?UwO&l#_~j7J`D~_y2xD7`Qh}*RR6zb z#E{Rt$f*B|TBv`Lq*VVE_~rUXh(D$&skKSvrwKhs61z2Bt&`kn9B2(xjYqckX$`g^uri=nyPq5>+&?Og+9IPUZYR% z|1EBxzVnxs`}A3iMdj%za!2~~kv1lIT3Stur^CvG};iUr#BO+W5PBQ?_#_e5%BJ!9p2*v}>QZ7sj&0)jzT!y!6evR84yY{u*9E*XOMQkOxBh7J3YZkGo5fNLuR&SDD^(Hx) z1?_NilXPw_UwffFex>$kNyJ``gK;ckd#FuC?8V`p(YoOI8QSAlYLDX-xer2MPP&>k#rsq2sOFXhbZA~#j>ZJ{N&GoWB_e$?ZXm;aTw&E@Su)M!NBe)j*FyuBat z7Fy>(@GPbzNqAx!8(Mm&ZK|(oPwZ{diL+Qo?Y)OOF>c>pDe7q!v2cp0teEX@+O79v z{Y~b2a%1C4eb-O`6z^il^`hYGHk#|$%f0*ysVZFmN%OGmyW8^p7Pugy{Om(n=j6{bNZnA-evtv{pw*|5yV310!xk|Hy^v zfgQn`68KSreU|{$wGTeOV$wglV!U>CMQ%j_`4PJq6>9EA7gp}OJOJu6bPCi+)wHM# ztO%Tpr_jl^66@z*$LQxN7|aWxpQjZ0mvVCv-^pZ_`R>KLTjIN3#9-#Rk?`Hi;iK~1 zM8JHLR_D7Ca(i%2$9pz4Ik=4`%fxN;E8NzYH1p`(c0jmo1w!C?cau&Y<+dzLy<@no z5!~j|xvi3t##4jdYlPe0g*@Tuk}{vHdl}re0^GJT4!5O{AA{Q>3bfiCkGOmW3%}sI z2DNGrROf1|f4}Dkd^8f@HHJ#5xjj3e|8D7TKC+*czmoWGC9wneZv~os1@YfXo&Q!Y zW*~nB@!tyKzm+=wt*q1$;=dKde=BwVTUo0k#D6Qme>LF0YSw>0CH)sAE3GbpAF$#I zpy0nBlKb!0`LEwz=!^ZJFG6u_pNaz+q%Z#D-VXMASk3*~g$ZPr$8`2X6`9!&_BD>q ze~krY7ZCrgv{3_+CXSiaj>!557P&&&`&(&o<1w2oka+pm>T2f*th8-HAng&Hb)%Jq zOjTbZNz<1|I4Wa_#G}U|Yb0KqERt|6yh<|WsIeHUBt!IA>XER$&TFGzJukda((b6S z7z-r_wn&L&rNoP^!ALB;R#NkLyb_hJqxF#3{h@Pl2udrP-w-)3Y}n(;;SYj)UB5pXv<_7z-)16o5slMr|LT15f^74gfYg zLm(EPv$X3qiX>TWie%8Kk5p{NW?FFgqd%2`lG2{TSp}T)&cVTGybXiRA|Y?U`XOHp zH&%-j-#C;IF0NL^cfGi{sTAJ~aq$9~;-gI^_#{bTReS+)JuI$=#8o1$r^PizTrZ2O zSX}RjYoNGl#FZ(o&%~7?uC3zQiyx#H7S|?m9S~QgxDpWnIa?wwMO+o)>MSl==R_>M z#Whh}e-f7}uA$<}5!VQDWr*uCanY(3V!1|K8YB^1w~C9_YT&w4Tr0%2KwOK(g_SPK zXPLO36xTFyy&x`9+z|`zLXl5etc7c>xU$6ciMVL78Q5lV)kBuRwNqTR;`&8gv<45X zQCuXu;A#u*L<$d!>lAU7h^q&?3a7x^S@Kzo&w=te5TADW%*5wK@|l9qG5B-@hH7tb zucOUg?ayFZtg3PcoBSvzCv4_@1S%I0?!Zn#gypFDSEVNvgRK`IFOKoDV9?`T106S7PYVO?*5AQK7siy*?r z-dsUcLgomPiErfKOhIx8nIuSxAl(JYAVd{JSlyd0h=q`Tf(YC5x(Dh&0~=}`1d%S_ zJ%T|L$Ob}wN25l%gLj`GD+s9-M7oA|yC91RsTM@KiT7(k$_QC1h;$k6KLwda$Ra_c z`*^Da8B54)L2~eoI(S2nJVGW2k|D_Rf@BerFNj5u#|23vATnEw(y|)Xpo{(<^kuK@IS&(IftPw=Ir}t_>9wuaoAktO6Sa77eE+OPz zL8RMy9fC|D#3hJyVeb$@iV3+wkSu(ocKQo4kdQn<(gf)#NG2h@1gYl^>g^;*3L&Y2 z)C$s0kiBqe`~SjqAl=_<6=V}3n*Dd|j`)q=GqA~JWIi(D zyK6cBmo`OWNBp5!Hj$zIjn~a1J}yIDdk1aWv1Y;7p{|t^>)PM~w6>uTti~>06NO+r zx*Vj3NNV2=;;Lnt<#UT`y|_xnB~sWI6xYLoJtD3Was6FfB4K^6h)blZj~=B$dLl`E z?~6;Mr|%1KiNy4MFRs1#!DzEvT${voP+XPbN=C8~3FvDtt_s1ric2J&FI!w9-FySY zB@)eN7neveUy-;(a``S7mq;t$b>h;v-}-J7*9LLT6_-dN9~KrUXCi%k*!m<_nfQE4 zTq0$BFN#Yfi|;LQi8S%OCoYj7zK!A%sp0!hTp}raA#v4mul4;VE?pt8^3c6NR|wjP zOM1SqlekJGTu*kfLeO76Ng)^{pQI2BlTUPGpHn_lV8YN5n3thV#W`&1xzBu8*BJUU zK!_Sv3B~|G;f2w>56Pg%DnYIw!gSt%AbXK_t(zdifZln6Y$7CC5Mf5|3_&Uh2`}Vy zgfYF>3$lceje-c1ddCS;LCBke2*Y|u2{N0I#|07Q^$rtcA|W0@2I3o%>pVeJLT(Tw zQ;36ep`06~P=y(bG|A*8b)!uZ}31ku3UnpF_#1l~g;@HY^$6M{O@ zA-q2evVxF*3L>4uyG@YAguEt*bQJGbf|L>Rh#=BwydMfOjgWbQNC)z+7Gx|T*9nq? zZ`96fg5(i0LXZqWo)aXCkp6;L1o^8VX@s02h;%sbeS*}}aCijL7$ud?=k*9uOUO1s zq$7G~39_D$_XUwo>AgviWrVyeh;&fzRf0TB$b*7NXZ4N|q=b+=1(A;HEfi!5Ay*3` zo!EQ6AjO0f3X+9y)XrIg3?$@CLDB^2AxI`6CkrAS-Fu24DTExnm+L?}y|=9(d(oA( zt%B$(K_ic@t2Ytyo*>J(!+U=bq>_*q1QEgD-6;sG1PcWzkuaMDLCaXQS&Xns@ClQl z5?muRQVFVsHc=ZTG*SuP6`HD@FEq#!@9RR#(RvGwW*N_c7J7jIws4kWbz|;)K-*4( zF6PP^+97Nq5alyau>WL?=UA-3jp9b_+cgMk8m;g7tm$Zd(Um+XKfS2wXuT1u2+%1O z-P~lf&d_Q$>5*t>zR2TnW|Nusm;ar4Gf#@l@cnn@{U4cm=Y1*K@g}gNG0g5N=ZdeF zA;vuO{#1}!LCiDn6@si6#60tULJ)nJHP5`gf;=o?%royB1t}54Jo7FVL?33&Gw*W+ z(T7>{%)5&q`Y>yrc_#>>53}Z(w}z9a7!>qj);#n6SdhIk#F%H^uM4tC5IS*y8s%a3 zQ9&vNG0(h91X&`8dFDM?kP1P}GjFFL`Y>yrd7mwabeWi$cZMMPFl(N9H7j^y+PRaBL6PR)Y1$j`&a>+- z&zfh~`up&(P@<2=EzGZne`L(BU1QCo^_CCyftD81N1s5mUw!fXoUeFr{_Q#=ANo`} zLpy`A!pq_ne>V@#m?RIqDRz=PRONdr+9~InCdsE_f9k)Jz62!|0>8d6HZ!h(3CoC&|@<=%crJlDt$9ee^a@ zk{1c0kKX1<@@zr$(c3&po*;-mdYdQ7`GV-9w|SC$h9LUrZJs2j38IhQ=1Fp0Dc6BM zdYdQ7-wINhz*8;rBzcV>`si(*Brg#}AHB_!FYl5`@=KsZM{_!VpxfVa`0L0DcuipnGLBI; z`LPMczb;C=O&N#L3uFCFIl zD>rKPx=O1%2e<40?DSXROn?8nXqie@o_7%bd*avyj)dgybML{`$)Lj;K2HtYXTf@; z>U-aHx*B+hmLB`pRg?@qyQixI+3C;SH*0^mP5(Of-I{K>-A8_cms*uosqH;g&v_1J zDhnpz+!h@fy9!0SCbe9(ZfyMCQ=LFrQhYC?LzrTYDyaQk~{1A5O;a}3jzj3ti_r`>u50_pe{{1-Q zq}+`SMo`|QGDq`(`ss+g(=koHWVmtGp0L}$KQx~`bA{@`>8gLT;FI<6_fcu-k|M%~ z4m1nflpvMm-ZLrc7L`_zsfyYRbe} zv6-ml!b#tpZbc^G`6G^-8{J(%ZSeu3Z_?gasWYYj6s7-V=tKEwi|}xLDlU2}GA7Nt z`CO#P3>FxZ4S^BD%Ti7Jc4P|67xt?}{5Ej(T=A#)_Y?DWfM3*!z1-Q}8u|sWo^0r| zW?n;}M7%y_@>&}8dLlJuCEO0&I0<($%CHy4dlc^y(48XFkfRk~G8n(%Cd6v1B}9+s z`M>1MwaKk^&E+UyjY#@9Md7-^6dbI|!LN0X36JrAiT4`efkdtvSU@7AJT+$p8q`v9 z@OIaq_$%Dg@YX%n8|r|)rIH$gughHtc+J7Ee{!7i-?Q?~!^m4x`JdF1{PzrgwYmIH z3dhL*K8Y%cznBKsu%zs0X{{|EBhGsmCwKau}>_*4=3`R^J0 zm;aIcm+;3f|Hc3D%l{KXiU*guq|9Eg%MCMWd zqeR{S_f97HugCwNk^jW6$0Ps6|1rvc%K5R&f6w4oj!FLO^>M87pS&Nt{6{AKNdD{T z|C{7L3yfow|LpfzV~sCvWICc!>ITm&kulto)B_-}sajH1%lNzVQj8VRj*y{wU6IVp4%q zxz8q%{T~&#dSRAFNrSbsBpY3LZjZaod1*+W<|$g*=~z>YW8Zl8YMDo+Y4_fC6#K@v z0i-#M1Ky$hcqv+Aesxs)#_F52`q|9B@#ag-_KolVldM(V)IE|(!@hC-G)Z{Fs=7wh z7YrdBat6*TPhPhCJeWasWjfCv@Hjqc!gap>z*i_~CCcQXw*|?T@(>?zEe9FLWNrhk zl)jZ9?|0#Gz2}!xZ6{v=FYq~ze4bNT*BD+x^GDNta+sl(O;=-vIE@05B}p=DLx+%H z*k;$;6xmws9Hei)>-IV5j==aVdjHN<#Bbk?H*Q~3rT&U0hiNLB8$Qob#J+v^gSPe! zjyUr6oriqk?YrrH?A3*7^ALAVUU{E9?{4>{i04qF>m+;GRptnKhF$j3!)ImU6+Aq0cX%;kbNeXi%xEgE z(Oj^R=7M#O7Hk7j;%h}X;4NQ}OqoyGcHSHF>}9v&oj&(KESzU( zOIySKLcpC_6ucgmuXbvW!3}d+1*7}FKX{%}uwGeJW%n1(wwKJk6bu2Mc?hOzZg>l) z(I*=J(8D9L?jVZk`R-k1p?_$lwqU39OOW`ZD3SMZt z05!fv``F2XqkIem2hkupZn7MU==h>*v{#~=Q4uEH9PaK#09|e^3f=(osI-#e2#f|#!$Oet%OzGv z5DOQoQqbU33Vy;p)I>G6Uhx(nkRwHq10eJX4VfC0Lw{*9`CjoSJHwd$u#*LL+0^}s>F+&^O33$L9b z65O-OhKX^-_aq`y{d+^-;FmLHO@MI^s)GbexR5_AiQx+*zt->x{E=j3&gn(f&+O*5 zQ!@tDM$7y5vex$MB&#JvGkFQ0M819XNY?59WK|}m$YYN2aA@e=BM=(kRY$-98z03G z@uO47+_WXM7J<~@@W%Y|;ShJ#2@s4l-l+cl%JS37#^d9Nn*Ey^oRElGQ?vKL57r)G zSX>$Pi|YSE&8>ESmR|!)pZx)$EWO zyae&>R!`x!WbSUoH`C1LwCX^%y>SO6hR>5M3B<5q9Pe^?VGd^{7M@Rsx;WnJxbajffqRphUO?as>j3|MrVBZD%~Tcfh}QY(W9cy zmsx(&vl+4aO67}?$yD7>fq`{>W$>#!`fA?SV)Ydp=tt96@|Q*Qm4mNP6ixM&lPNKi zUhx_E`j_>U2PF*}3vWcqrg-lJ^6%7FZhARVu*|px8?-dGV80_jqOZ`xZ&Q8cFosuX zAsL3gvI}l|prE*!x^ksiU8#nzh`QpefFklbg)5mm-mI=HHhfKly3&h$-3yAYuFTjG zRaeH6Mshi6Bv(RRVaCz!$6akhW4VIxafFW-jYYgngBP>XGVMB1T9$B$<0~z@PrPWh~~d~s1!X<2^Y&@s$+GSizWEiYahPic7wR8m@Q z<<3x}U60>pO3QR3C@C#}=VETvhQMdccx9R|l(99xK zlZx~f>WQWdR_;>KhrFKx9WVN3(Tlzp(QWBG@E7N^1}upFOZx8|4y<=R+|tj3nnxQ_ z4?NG2M%4O?$sZmIo_VsprXUTXVjiN-LDcS(!{g}kE7TUKMoemw+U3#IPHZ8yUQJTl zL7kscYlGA}P-@{6JrR0L7^?hS*p9yz$6LR}07+%zNvb1Im?_q4QL?}30tCj?^7vQ` z86im1jS&2-jR8zD%+QHvklTZctlqgeM^hBME(eNQj$8t7NSf&|n;gh+kYNM_*3Du$ za_eT|26_?9@9&Sf0lp1YtQ%(Pk&2G&|CSAhba0SWV_06~-ADH+p|NOa*zwIXNMddn z*XilV8fxNT7iGS}13n4^+XKs>rM!+2Jx|U3!fbmWObr~h@Zs>(!hrG=Tms+IY`8Yu{u(p*U)D0C&DOBmL9pzV~Se7h`YW8~2a8!6O$e zR`rFkqxVn~si=jjyl4-q2wY+zg9GpB1_wg!Jv5nx8bE@`-5T!z6qKD~3nvx%-2hbe_7&wB#->e- zujc+Tvj-R-ODf-(7$55ZI@h0x`7h=>=td{1!2)_Uzez-Rch`A7}6?*c#Md%KLzUurtG6B_3Yo0g34!WcDkLAACdh#CHvE0&{gr? z0teXe@6mpG9w=nNk^1Rk^wVeJ^ix`JH~J~r2=V+--;$9K#d9X|4MQOh;m0r(@@ZuK zjO=?+e|>=ZYX$ll87s?wfch)!eziB7DJwxWz_NoFG6O>WRm_wv))BqGR#1O6nJGhm zt#kEFYGh4L5GBWhL6RbR}pr-`i%^ph8VdX$mS-^I#`Obv1~V#LKQT5`j=_Ek3|RC<)v`PTx0oyFDDn&j z4q-s$$AYq6B+agyB8xOI>ItoVkM<*u*+PuaYSSoMZ7QVIrcsyDK$zM8Q!?h9q0ubg z;n_`#PNQhisgM?(Mq$wjmP%oPU!wy=@>(6QI^}3Dk3;1`&)NAbX-nJEa?_A4d1%m_yaxLIl)i29T}|H^ z^ofe#57RGs2i@>OOfjDo6Vq zJ~=!O$yzd%5G8#a0ivS|_$jKNMb?){KhxKjV0aOxi@<`8z_66iqxdkbFVTVmt#T}e z#HD$^_cdA-2_zN;XC(QnO24P=Z(3E#AAtu9MnIVwlLDSvs4DsOSYg`d2o6u>6{a}| zhWF~yc!g;Y+90yR1Z!X8;kE}_*#jd}?fw(({^79XIvnxgB`^O-JYFz7Ei{;hk>+bl zxRe`RTcSN;%(?G{U(=ksz`~15bSTkY4F~?1R+lP}G|zSEg9=J!8^TwTPb~Ztn3k8y z4WF;-KFMf1=B8K$O$zzr$9}dEhCV2Ex^v25u)cJO9){D2E-(=TbB^eP!t^x4V1cPS zzOle`I8b=lnZ4iDjn|jzoc_)E{x2}tCus|xu4{zSnPm6>R3WHTL(hv=TVi|0goz zll>*;0%}z_!5RE>D&2s!sM%kuo`zJ4(xHrkiQvy@S?8mCe**FxS_~gtLHfc~0WDlz zB-NZ4w)01#EL;^>^@Xccln`nW84%4kEnKy=*Ccrmoh1}T5hMy(yV?x5)4w&|+LaY| z0H_}jGt1i5m=t<7g5!A_;jp?^M9Xe3fMV#M&Y+4~$b${oX}HMt0oIRxLHW;S7XL=Y zv7f3v32N{rqx}1@uFB=dGSqKSLYx?QP<~h_9$SxS>e=j+|LbTMhVl}y_^}*SuV(M1 zMP1UCgSVv8Vk+trLvcOgOZp4q!~0lRm)b<}!3ORoXYMcPUgl213Q@4#+}x&}#I!Q? z4x;7dB-%b9Ui3YM4?g2X9Ro{K=8mDSIk`tm6(@u~foJl^UCmfhQoJNen6X8sxQp38 z)__Jei_|p&9$llbIMpXSDS{eNxo+fWsBPhcR;SPh6T>O^wZvbZ0v9z|p27yAEKlV$ z@bVO5NZ{qE0;|3}1@@BVsRC>4@>C?~Z=Lr-TPp4e*DOjB+J)o-!CQ|I66Nr1wH=!__@c)C(n= z%#RakrTf40V={~Of6e?jP#Ck$$kXF1k1{oI2EmZrzG)HzMlV+(ob>G9xyWqRCt z5Ol%ASXRM&U_7SBX%OLNRyR+NAJmg>f!T)xHcyWylbffa%3O6P$>-W7R_tZ!OP~=l9`R@&&LxYRr3@>|xlU zo%J$!C}F%PCTG4v>n`Ga1S$4`l8+kXqtKL(S1LFkli&q8zJ`1brhGgZoo&c{V6C^r zJuY+$VvVAdU$WPwonYW2o8i&&yn05H^6a}WQl2gN)XOvCL1~lMZip$*uMRHHyYQ$@ zd6?^!$}?+Gv|hizkIS&t!gqZR~^K*LB{9KI?di{>Xr=Fj89+3R>h|SNn zlAkjvl}+dI>mllB>XZ=^mhz^7gxFWfKnak9i|@Y}_R8KvwBkJ@^$q+TCi z;gY4X_h-MC+h>1}>*E*vXdj{G;?&2R*X#AsP#Cwo4;lED`1mXXUlkv}%)pj<}6om`|bn{eREu>UvvK-#_|8A;lE+HIWnWaVU;#ROYEx0SsoJs zrN{WTE{tn88F9Tzaa9l&TCkoTcQ3)D8EsaWxi-pj6>4z7G-x7NzLEVjxR*gMHM?t@ zxa*s^$r`WOe^#u!Fs(^?6Pu*BxJi5)nz*$lZcA+Z3o^{^NPP@DU9Ybzt~1wZ1n(iZ zc0OQktN8_y`nv3&|7+??mj^Q9jVg~wfWi3GCBXA6*S2cyujQIDB*35ZiJOLWhDWV> zQA7fKfmi4a2{5#rCBR-kOMrd&(LR7UF-w4$^gn?QT_Ufy~cJt(%1F|_L= z{&z5`Y?QlD(ycG!bPwW3`xH40KZpGz<2*NM7+Znp<^2esdV0B%p7zwFnDYK`A*cHS z#dfKrOC!*ArgT3k88L7e6}W^KOl$A%KP(zNO`}-r=Ffe($ikKI;On)?VRpA@Tg6e zbg8^1?es%pEpvvrt-2pzD!~s7kUD5MundtU$yfL{I2-;DF!~F86G+` z(Hx~N|3MS^-^@SDpJ4JAgCm1)UExHlyK~(z)#|p@4a>2*&#W7kVRfI&5j;*Y1@4@t z{g{WnE%K0A@2HJqUV>_jo%3Rjvdob^YfKfX!& zEtdZ(qx?f-%g@ee`PmsQKb%tjt6C`kcjw2}e~aapn6z|6B;_XpmmeSI^0PBqes;E8 z{_RcDZ?XInjPhR)TYh#%%g@ee`QeoEPiUe1*ELDM#qvu`S~?<<@)Lo}j}LSC*%>WA zJ6kUQ%}vs8vHatW@(+nEKRcu4XJ@qha7y{dw^07wgO0KNB_=H$5lQ)pz~#q>x%}*m zmYaQczB}~aX1HlT8r#qg|Cf&Jx+4DpeuX~JO$`*L(Iyx639Ak!I&wdm*^3X|JYm6F zpMQJ`ZY|)f##+}bv;}tBw2#lHirf;u)#3lVDBwZ4#&)^>Jyx~^$z928ue{#!qGnk z_7c>0<-4()s$8hy{J2`B4RPOylkTU@%CMKb%h9`WdS`s5o|qMz|G~k#DH$sApCE4LhoK;w1mi{juZyyY`oPwEq2Fk^h#I5Z!j{Ux`Y}U8}HZ zC)Cz=6iC}J&|(=G?2GFRT{hteo*vWgn3$XtQ{Y@j;L;SFs6r8O*6*&iR7s1VTmUKZ z_j4c_hkpVrqtv;2ICFQna2n%4Y_*2+(JXrYv8)?&MxIXE72viXRFuD6nPAaE*r$)2 zhr(0hY5*0UtK!y#ns|HK5-aXJ1#rqEKc%s;mh}mYm+p*+ykh(4>0a<~FuCp&gWSwM z`Zg3E%%F`M%fI77e*+<6?=2V;Uz+xwhjl*fOvASezDZw*;SX4iIN-X??*GU^?{pv0 zp5#z#@g{r?Rk)=*x!ql?;a#T&+WkHkTA6)()prK7vDLkWVMtG&B*s7^(lGmT&cZiosmIGZ70kW-8yQ6mO(_&w!8q1Lb>n z4st!k7b)K?JmX@_GQOX~AO2~ueGJQd!u<>`Rb6yMvGZmrmxd|Oojjne}iH!y%WW}4BStf=5z%FjXntmPK-+V=uWPbx$p+xcd>6&U#JjX zWBEB+AH>ov)y1XS+u&Rf>~(kAZrD)S4<}s4r6?aNijKZ#-!4hxX&Q)>Cvq zDu!3n{mWx6|6TFQk64ZJb2_H-8gv4 zp!7I##{&LJmhOi%lAqXQjtci21VtgosDbpZ92snP(h!q^6563qK?bKgbMb(cyOXE> zboXg`GltXc{=PN_T(}>>A|DDA8a9niWAZ&RWbD&fD8^hc3!-@(+_X$PseEcwEb?A zPW>7;Fk>62KV|bRaBdX7W}WA>hRF9>crJ0T;u%ApJ&hfe1(k?qSTJd58Lmn=ak!$rGk2Tf`vTO^ z_mqNvpEEn;%sn`x$B1BuvtrNKJN=;|zgE!yeeF3|wwGh}CsF1w<$zYR4UZ&NLVcyP zt2#yTzDxv9W2Q3yetbD|YiFeM8=v1etv{&N57gXmlm)i~De~9jPCzYQ5wBJG74c*& z+(%v!pQw1skUN|jptF~b;H|hZvVAXEFW7x1+?e8EoX%7||HL`Lsq`Ws4Cy07uJ*j| zi~CW(YwN%)Mb;y9pbnQLF1DrBt+BdN)c}rHtAUGc8Q~OlBOd;Ap+=yt-u><&+9OWG z>ELAKj&@HowX6G~mgu}XE(&DRbN0sZh27B>u29mF`Y376K4~~#e+HfJKVz|ymft6n zXgNe%Mzl(z!NzdkN{@7vLy=A9`%uY2B@&fjw37 z@TZBxkbeH4y-Hf@AjFYNapWRA=8O&Q?M`cDQEt7fo6~CAkWiMlEyENEw|_lrt&ZGp z-FvFh8rGlfu#!mU)%n3ioL9dKr#tteM`SfQK%S;OiYE;)9&&Ywxr0pYTr>+w#uK59 zL@OsMpDwYpgaZG673KfW9ofHv|9kU2jSVsUpR|hfWT$_-T6F|-s;_6B8J^7Eo^P=m zL_N3gZU+_XssN zG@~cp`*vD?YN=2B@PoqU)hhY7Tbj&gPI)bTwA$+YYcu>ON?o92`@6OQKT-=>$2mek#nA;h2CpqwJ z=taT7Zve7r@0=0oF&Pfe$CzxA1#0dG+;?&hx$tcHR2$AUZ$}n?JZ$u#AG8uE5)SKb z2X1T8c~kmFT`48fl`^O+rA4|@Ds`n7zU8izg06HJ0puV;$3CcDn$n}7&!do$uJkGT z&;95F_osn>7gnHOEL;qhzCV*_IYe7Vv`V7o5v`bL8;Dj*w24HUMzp=){e|c(5DTXM zlX^e(8Z@IL*n!Yy9SD)2+oYxDA`Wz<_Njv+{Rcv=q$qctt1D*Z9%H{S(AH1g2iIZN zCOLAq8t>(zhe{91v+TCx$y}V|zoms9l%kD&#^^zKc8Cw9WN5!;OAq=8BW1J)$^5l$ z0Y3n$__D#tbspM}#5v^w?4Zp`IPB~Y8_K>ScF?vakjvTeusFy7Vx6Z%9JjGU>>>N0 zN&_ht#Ltd_;&_l9nc|?E<#ishZR~rI9eeQ?>A>I)kWJ!vj~$ib*vO70;`ojo*fpmx zA$DL`CC6{INGrzM;x8lks%JcFHq;Phy#ae;1K)4z9H<`fNp`PaZeA( z3USa~ggVb+aa_#~u?6hAnH|#vxt$$j#o=Q|o;Vh=L+twc9%lzH<0!u8*-;NZN1|`A zqgEVM>{u_3f3kzt*Wm4Ic04SO?d&KK$3Ailn*u*a_zPBceWXm*4TEi6pTb|6_@e#b zx?$*WzV7&fjihm*9n+zn1m4MnTYI!Ol~_tl26b6Ku zysrtciGWcI2xEDl6QGiSa~TjO^Zr$UB?NS3Kp4(@p8ypEBrzb&=f$;g%GGQF!o4WF z!ie5k0!$>}Qw9d&6QboN0aOCsVjxq1s|3g)U@-$J0*nzLgMbAL2;+JS1+Wls3j@N$ z-tz?@qbJ%W36iz>iphBrrtSQ+sGucwT)BBNb}B#+A1bN9C-H$N!4CpQYJ{6 zkaDz#nM5Np&M#8H49y1;ONy1Z{CB*8=mhN9&Z}DQOP$6U>%p7d3cTFSUIuEgs)z+q z418ap60!96BL=f9Z7fl7E= zqsP91*V2|0v;CBRnP0JCm|8q)w>MGj*-Dkf>M$dF!xb;}!f?&_&i@yMEKK z@VNl%FgSmj+?^aKZw0N7ApIe=63^9$r-Iyj#66na=A|2|pU{V$&1InYD0t*NYUqV# z_$Ou@{#$o9Hc?MlTM@dmng3Ut__xORAJNSJLbHGUyw~H=FxbCM;T`k6N>yRKr?PQ& zYt+)X5RBF0c3F+49XyrmZCr@V7U|)~A0_G%A@D!Y&}008Tsjcl>E&7 zm!I@sE_R|-o~LBz+lrNJr){E=eX(ttlKq&i1gMhzjEyEDO7>FQV*Y*IMgxtKz0y{R zUlq%US*rhHTMpTzhG8uj`*7k*RRdj@j3I&E7Lx2uB)#hYuy!W!Q54zZ&x8a51Scpc zoy z%-`qvVzmX^6)2`+eG77UELN|a-NixAk&S^!v+;jdh-Z1q;tr%3f9AzF@iKZ4Y-cTB zu!j>+HwS&a9qkvPXDYu^-!(rhm7U14i@Ur^Z)c^CNT0sN67iGLr#D&Y2c=I}uC4Iz zyRK>LpJ|nUFMawrEB(3j>BFq_yV9qhV5Lt?pWe<&AJHmZ?5%I$&>ZjG_4Gld^s+7r zw|Y;_Z{2rXolK~m30q}pR_zk2I0jjYb-jR}%DxCWaX8Cak$M$r5hvkFiExum#Uecj z<)w%fZ{6rgTGa716$NK8vs;iae~L-*;q=2K(%w&Kjtw|rXt_|`TPr4rFhg&x932}jhx+B3`sE`$af5Gib`oa~diKuElo@FbOR0QM@QHlc zQazw7{7a_yjs`ya8#ZP6JzH6p=|&XL0I7I<*&9;8ss8v|9H_>rWfn&5OpK^wyQ-st z`%%0V?OYz*cV`MT z4d{IhsP7t(RiL^#Kz*3#5T1@eWeG53lC$rV;X_IJQu?HCLu($E*DZJi$D$B<7@f{B zFH>@i%P^jG#B$!WUxQ$+Fu=^RIJ01O2t^iLBB4@*80`0xiqg^Xc6>B!iMG~ zmZ1^C^%m5^R0)T;KrgAk%v|oP7A=krh0oa!Rh^I#9IV##8(8x--cq~h!+*zUg zh#w`U=JK52f5`po;i`>ilDo3+HeKLmvp_M2j>yJ(w7RXXuZ*zVGUAu=B5&I&+NNSy;a%?{A?5^Pul@8G$Y z$qA{eyi6~lKF5KX*rFyE$an>!B2E1p1s@SWktWK%smsE@WpN3DQWg8^I41BK-l(&y zZs(o4sy~}m_0&~)YtK?;(p0yM>TFpQf+nJ@VwA8O|j^3 z_b}rTovvp;%v{#oV8aq0fSVWF@Yz{q~C=uW+U$S1#I?q{zR!=Qw4AXh zLIUK;A{jyyA-H$=j@cUU6n^@yOZJ{qP3YY@hAfY^`0_%i z;s`3M=D(k&oShTQ?Yl1Wi8eErBjF?R=~ehIsXn^<#>7|BKbZDrpQ-1s`Vsct=y_T5 zP^{0TmK+S;gNfdzCFyA)a;$&#p^6&+<_8wMB_GB1 zD;C7E|ImTM!Nf-(=kYq{Ir5{7z(YE7Fi#nQ8Jw-AZNOz@-qTfqy^hSvl@OzGgPFgS z%T>yvBl993@A~-I_ez_Ww+kJ)YxS|Kn;S-_A-{GyJWLhA47IEj>ec}Y%P9MX z0#KZ|2$!fDX~57r;rSw;mdQ*Tgj(5BU5IZqz!UIR{E#S8kHKzK%abo7)Qz7(o=|6g zN~pi%QWS4=vB$_f^xv-_)10!?C@=;dV+f* zBTjWxuKHVd{AWdEnTqcIScjO2V^S%iCNcIBUtfD2L*1BXkec~n~H`l^zt`QF+Q%XrNp2ucn{^+ktk#j9NlZc?>4Pj^>DC*V2Z964Q-gT!f) zWuAa%r|ky41B(H=EfCpP7BP^Nvhc5XLl=O8zu}uKq8*4e(m3QqxfV6tSU5K`)Df%) zu|U!v9JGU!IL*mVMrx{-ipW={Bb0;>ggoECOAB(mh#;kFZXdy^C*P>Xlq2hwQ}wz( zsxVHx483x^b#ik8wVukvu*e{!J2ftGWq5BO@`OA!4I98uhB{QH^i@xDxkPRS_(ZHq zUSJ?GVczgyUO6vqSU|{CNqw9pw@2JcoH*S7+z$Tet!%W|5#GQh3%fm9-pj(PL=|WQ zyGkn1n;gX7#C$6?@>rD-yq}*yMz9Vn*#VWOF~}@?1@xxVby8^s9bZO#kCaeeC2>wC z$Ln}KFnZNXK~1k$nH=6!bvnWdS(pm%2s! z|7HR)o5^AGax{DeH+i@Q2Q3>wB`0)7cse%mRFF9}aZ*{h#SJDoRO6qp2MVC_fedGo;|orQZjgoP-s#hdW}iJEykDCLc!qWCiQx1 z)49c1uD*w^N#H4&tvthQWvDt(GCe;yn7@U=(;50O*EBsXmS!Uo-N`B;+0xuYC~#_` zQ(1VQC)Cbtt_Y;C?mNR2DjkEUhsjO^j{WD@RmbWh9Oy%^n_@ zU0zj|^L|;*atYSU3Gc<`zpR9^cY&{ABVEt8#KqC|kQj*FP?$K!Ht&qzD{vvQRG8nJ zbQHYi7HGRk{nQFjJ+?0N&Kn-^&a>*W>~PNHv(-4ZqIM;>R8PlRp3z*Hml-;kYf)5x z%oJo>zIcK?v|hMPH4a=CX>*5oQ0!{W7Ei^j>4CDE&HPTTO0h7$$a(k;<<>Y`{D$D6 ziO-_tmd8-8JO+G)<>BeL4fVo`#B0vxI_06dBJ!@{HoL#p`XiiP`m;6>D}!fAzb`$k z5(y(`gz{%kA=tReQ&n;eaxe>8@fz^Z9_8SaF>4V#zbssdhcn*l%!5oEOgATNIH!Bw zyXpd^y@AMA2$oyvS~gTgZq2WZ$R;vi2zX>Vcv#|CZX3}Jl*Ee2cA6c+5Z_7*F~pU> zp}k4@KMz~T?RLn%gy&kV?B*+J62WJ(3J=HVQKecrCPBoa9_5BE6v6kEOvnjUIfOpQ zZl~SBqea*geN!es6w-$#jFxxXuK^h7Ka)}nv9HZ)UbASTQv@NObSxsI=X6G z2C9wONZLgzep54bH_&J^z0R+3n(Us*P`xr&p|PI>>G{MP&`n>ky`-V{Oxyp?R`+?TUR$m8=4`_i61<%DlM0d>E~E0r?u zE>kGb`t*RLsP-BIzt;5b1HBnM2oU-WD5;9w>L?cc01;-(3w$(rah8}p&5NLbiS@6{ zR=hY=-r&WTWUz@L@>y-1k)-Dfu+r!SyDWa3v))NN&5w?5`Z)PJ$13klQ~v9K z6Xu*$esIKb{1d9M{E_(Y@FO+9FLJu8|HOW#zO&Of$G5Ooukv9d0_AibEA-rYtx!67 ze%g%2KlA1bf6cat^~T6{nT$iZETukpluY2sn9#Vgobc`NcQtw>rf$kK9@-#;ZZi5G z#7wQMCs(uNS!0ZBpP4aA$^20y*c=!;r+RS>^%y_3%~bOd`qt4>BCbohgrKyV|E2sd z=08*HrFq;)dQqcsI<=VoUi{~rOb5U@$@xL%2F-mv#Wyp83cFC8TwHN0)IVk7f z823ueDw-l#Bw`XRAKgmGLWf1m2h`P1>%|IvqXra&$5hpzdYbCYR zlQYB|Z#i?QZLP27Yt8i0p3oryCU?QKMj&iQhysxxgcCWQ&_Bt?v`;-Juf!JBKuvAH z-zHNcEOh@13y1O>;nzWbrs~<6@iS0voaG4}0hId$N;WkpcB-oCfC4)yJ=}y+&M*E9 z_MJ2Gr2x*S`lW~SL5_HilP9Y~Oa+(bUDPP1!sagL8Cmn&#!H+wZ-%I38|u`(bdenpH2|SKzOYfFsU)?0+1@F8QlFyN z`JDMEGsPd#Zj?crl*e?v-rBeMO0S@1yD~5$`!z0s$W1xh{o$drJpR{hQcoMrEZ-ay zKhJoc&XNcABYmzO3jHiLvq!9aw2{T(`U>Az_IOoa`L*;~Myw1|5uH5R*hGw)f5v8E zK~>4-P|xV_0ZjgX<_)Y4FY!dq8z6@klzhr?H8Q-|7wIPYm>>=XUG(y*MPCgo8jTW# zMU%0bzR}eGW-&o$`lFY#uWMbfhiJh5Wp^b4ipo5KgqSK7pC_N9x2-U4Fky#)Ed;-T zUt2ttd_PS~lv;(SAi7@r%4#WUoQ;d7IJ7dWwoCU=m^)b_j(G+~a}*az8x=T`&EOC_Zv-H*pR zf2B-_`)2HEQT4FO6FjZ&%Dxf@GVhSc$KlPl`##t#IeqQXnTB??Yo=}XdDi^=cqhS9!R>VuIQ}I$(AiK&>(T6~QI4E4&4OTjYEQU;DiRu(Y;$+9ug- zIzaBIWo1zIWAckFxV~T%L$}?smvEG98H{|LIK*a&+)8oB1(3}*kXRXS_-r2WO)4V$ zjLtL`dYEr*)EgIstF)gGHGiaDq;wS6)hGKu@4S9CdP_iWw}l?d&17b^Woop_^CR0~ zCx?}mZi1JAHjqp)>P6l}Flj&o2gelQ%g7}vx#10MVa3(HC~I`#`g}bT&9bJC>7?*i z-UUY=B@BK`wfO@!1#j}sH^Sd|IMYZ%fAXP1Z{<&d>^j+HTW!*l%StLUB1^&>A?QYC z1;ChL0UWA_o=r=z8Z9KuErsPDa*rOr)$s&7GU=t$PGqz^V3qzR~}Pu(IR(faEpFevC|t z0IUiY`#sB0hWInA<_ZD`s4V;(E`!o;Ngt}TTT^MFm}NQ#N#IRX9m{>KWA0gK!usnm zvaPu)GL$vWqu};><91FDcae%SVWQynM(P+ zDc@{xTrJW^2Nf9i!*wOn690qxMyIVXDnDpxFw707>7!xGBUBaZnWn` zt}gA%!RwJmCiwEJu#Jz%f_HrtoLJ!>Q&E6Zfd2WBMMb7FxjYkj6&lb`OIx;g%z_0mesVhgrL(dW2h9SJ3ty8oAt%N z;qD~M8tMMxBhwmfHg4YK0TdG+D}##!J8V0hyD#>~(bA7}Gp^hYP*0+^URaeAyeLp& z$k`LuA}W&HPm-N_7wV`o2Jo}AbTYqMQv?68iEGsn18T08Ll(X=E`T`};E*rYXWI|Q zBgD({qFLINDN2!9r!^GC*8Sg3&8~wf^3D~JHCBJrK!3DKB!COwrhT0Vm3il9Bqo$aGvbd6gw)bw z=lo`QyF;t&yN=~7F>3U7s#p7fiY#nHN5;=ZyZzq9(uhp!v$u92U%Bu-G>Dc259R;| z`RyRi2Yc(i;;pM6Mr!KUKSs)DS>;1Z;}V!-k8mNfBCBi64*vtg=lKceW>4Rh72f$9%EFsGa;={-b-bBxK~ zL79g+=z8oNTN;SxjBKC5xpO~dPd$D{i}wVM@A8FP#&~D814g)|y?5rVJe1Zn6_?H$ zAP#FIt83#|M+R=bfbnt3_?;PF{gfTqQ?vshD<2p*b$HE^;#ql;F>!ubWcO*JmOal^Nnl+*KF{M+V)99W5e&j7@{s}v;p3$-e z|I0gbHZ4$C7wr%yJ=Qf>;hTFlrI{P3Z__xV<@UedN6s)gz4Lc+J>2+ah3V8GEUX~fg+eqboI*AbK1P)v1b2kk zigwgCB3awmIsV8_pDAEPrhwh51ng(%p#)5>6A}R{n{|etxrRVwRim6RS%2fsJC9@b zw@DM(xA52ZuB`1m^_^!VbZFOC2-Fedmx%NgHO<&7g6o~RS3vGXc)t?i-HY&!XS4x( z%4QubpyNm4)ghG&O{wHe%XpvhtCdvlE?PCCMN4HfU@WQpR;024038$niSYF;yl~nf zFP?nO6D3JZPGRJq(V!9bKEK3Q)TGe(Uf}~8GP-x5u?i^O`ArQ*=J`?Rq>}N=aC`KJe|~z%D7T_Nv5>dJAX;Kx}Ji#zhBoi zt?Fu_TtqbZY?Y)MCQQ$aH^N46=%U!`^TThZOeR35amEOKxP zvn)2Di{}V`6b|0`E1cp)OGhgRgM@`=SkeXBLwFyOL|a<;mTqCOjTJ3i;%Z?!{q$)C zMI8{r1x}@-mCp7DVx2zRr0n*oBGdh##P}V`a0@-K##+=f#ZJ1IE{0l4oSh}a1EVF$ z%x%$5dY*bF`spTIO(#zmKc)VVL#xNHQWc42CChdwTAQMu$%=BNBADBh%zO|GW~ygZ zqX!e7ol85wHxuwmQsYk{J)CM7>$LOhBu`aJ;$jDBKXN3}io`ho_ic$o;@$EVaD6=egn4 zTkvG3PJJ*_*1ZT-QNSdSQ-%`0rerSlCG?q(ATk)xGCJRuF8Iy*r7CfVqlEqDBJ9Gv&Xb8{>$T{e+Z)c&34J&v<)^U^c z3NLF3b~FBdybLVY8}F$+AtIL8{c;)Y)VFqA7Vp|yhCIwqh<+?kFIu0(M`#)ctTm2N%5}y8}_2z9wJMuE}l49f)=~J9a8w?(!Dju1|c&ZfC<=py)kL z^qV5dKFn$n%O|pzT#c8FBYLU0oJ`j5WBr@gXJ#+}ADO2}2tBGf|4Gu3Fl|pBB)g3O z=fSFgbY{BPE+FHipHEcaO4XZMmN7ojRPXDHT`Hr;T})dTclT^=k#iW=8%GpSU|XnH zq>)IGBjJpMd|cKTS(fNV1_g81aa>Z;L3Hz7phvy{(R@Mld*fNJbGB3L-81BH;79z2 zMo70WSGRA96jS_;znz-@X=KH2uU`1@dpi#+!}9qr3n7Rj^fB$F@nMl__L0(} zX@F#MsL&FxvdiNiajG9!-}|K^?=FHQ#OUZe#sU(harLir?kMZS=jp>`_xU1&3YJTN zf-yxyKfA2vwow_uUjEqSEDUW?_C?OG-)H<3_Ym+)V(2?Hl~=ZW=qMr<69=gWpG@;@ z1cpgn0%|~}gGS~$SHy;zZ~57H0`{QyS$(%94y~C!Dx;JgLlRpxiutqk#=U@2dzeIt zY+?&O%HB6=h963PTFol*X`n~JOX8Oa60!b&{zB2=dox0!X;E^%N7K7H4ZT@-8jWVV zcjPANf4;6#(SJA3DfGX9fe7^;rt6(by$<>hAW`UF3L55mvjlT8wQk&iaH=&HL>pG* zp=m9Kp*5l|0yga08Z8^)juA6?jGyb-59iY;WyWryM`S`{*r-H6Qn&cSx5K?t{jnbkwyd~FGHUfm}7iM8-$hr;MeA$#N#4WO=h2jf zAxv+NlD7091aWlVZPM~wneaT;U-DkCUE&CyLtRzlz0!ExfKf!>j3&ZeD!YQpWZx0$ zZTDwXcCS*oP#<5od{hhbdm<^P2!c)JqiKK;$v95lwZd>d-Dbs3-#XRcxwKNI4Qm#f z{FD8I$@m~#{i!E&zHUG11L(9QzOhdr)^j!=1F=4r@M9BT4inD=QF1<5GIMaNFFY`V z4ZE?yCzCfhPZa-)0BmX_Y$ELtspB?2At7ZgAG1ZwBNZT43(+O=NiQp}7fZ3&;Epa> zJ>?@!=tSTFMVFtXi{7S-3Js)acU^Q9sm2c^8PBQcj7DRmidUe2ll*|0vH-3s`+lCD zyv_bhJQS>dlX1rDJjVKW{8CNge!fV#F2=vepyV-@{phx&FNa^5vLBwf(#T$i&Lb=z zC|{wQZ{T@3-n$zHwxO%YUxA~i`_q!!H>T9F({O}oD6p3>p%NIux0TbCGS0A95?{^1Ec=z_n z6Ie^;;jqbFV-vr#_>Z&k4`}?Cm*#{0u{QRZt+A)Smi{yH!;F23LIY-J z4+0$&pbtN_^`QYEd!itFkG4UqK4f2~o6?cbq~`LID4(7EV=q(gDV~#@|6Gvj1mHU1$x_!}Z)!iCrP2!B<=wWOSW(kjgMLIF|ZT;pMykdNf`B#}| z@LH$K{`~`Z&R9TH#GBWq%-gxG>Zsdbp%HD-M+O#4^L4N;ipE zr7q=Smu6)Zh#%l#5h8SA;kL>mH2x`*0~PB zCiz>VhuJ74*j;s_Y@I0(ED&6iO~u9`x>bSANx^0(7V~Co@78i%c7+UR9ip92)Usf^ z@Muf4-+$i%niOp+P@-LIyhNg8pG|h#A#$z%(MH+K68VX+9lMoC`N(dTl*?{w#pN;>jI!s#E_c4VyGD;!thci$Ut4O8-AQ|?p1LrR;rE2O?yw&xp5;wzcvzafte zGA1pPn+}yJG7O(3^N>`G2GPfgvRB}Jh|m-pp=2FN%2J=AY&S!<5Bo=UbG(eH_!uH6 zVcEajx9rjF>Lz^IIW$G?JyNGbk$12-NwZGel$4Oj1WQ2BVw~=Dg8!fxD5bbBQeMGp zE%<*I(BLqU%(iTZzZhTlQtSD!CccsVlKADaUg|jDqm=lMk+|l~kzW_*BPqrWO6VGA zXIB)cj{8KMyuLhAI`SP`8jXJ_*7m>kYZ?{ndKW&l;L$9_VuQWpG;RSWyqx7U{Tyj} zBzyaDs#o5@k1-pXC!Q8}kYeYk+P*iQIwGmR4p&y$^HhH~{@^>#Cd`RPdB<`C{0Hi*mF)pUJa3=0o-4 ziKBec{u^181H!=?LM;${v2YDU(>+4;5`9vUc*8_$>kd=YfqsB1ql{DdPFz@SMkpJ7 zOk_zQJ>ZtEhC~t$!4^N}VN|qPut=F_PTra*b?TYF*x(`W6EC5*<*<{GMtB5;X#cY{ zUgwgEQu00iG8D4tQ4Jd&PzAG(C8Kfub58OxzgH(R`mylQTiL|i*bfI$B}W^Y_Ee`o zDV@Gfe><73=;GOw4OGYg3`($RT>xb`2@JQ}#pJ#Q;R}7;@ z#UIn7&QWpynUaq$89wu2%a!KCNzARNq-9JvsfTwCF&`##l$ZK)B4@6thZ&r2ryk~V z@Sl44=h5cFp+)Ay;1kVccVRGAOHbIphDBh81?Mwt(9Tw*>{Ty8%6Y(4ZCZGKs3QKNc{`Q>yqApym{ z(-T0W;@4R88H78j+CGM9T=npp^>8IY3hGOtMX|Fi`n2UVSe0}`5A&hmIP+n+coV{% zNj=Sn`;Rvt@-1TS>Sca;&Z6o^eatUMF=kW6Kd>IYwW#{2Mb)`yn0dap9!3r}zr-vW zR-9vgSyyd7EV;mZ@Ly;?(2Cfw0@>Y$`OboBQ#w$4IW{gHRk$>1UOd;KHGdbFzbnk&Pt0G#{M~K-<^WmBcQbzr&EEm$ zuh0CINjAZxMt&m}Mt>@hvwhWfWdr_HFir9o)vA2*JI8#NQ-kIG1@pJw{9R@KZZLnh zo4*otEBW)x-+c48*!(Ruf2+;k(dO?>{0ctz$uD@;n7^~k?~J+C_c{D3x|zQcTrBSk z%->IotJ2mMn`|!%eGH+pQ>4>niW>7m* zNk8GmvQtkzufa{mg$kPflK2QJAtT3#uuN}*gmjTwxrWCf zA;*m66NDx(8E!r#8KTfj0)%0}r@o>FT!T*DJHi5F0MKrchiRUxymdFJr_AfUbz{|2 zn;X4#m#U|%G2S{k@26&3_5^R8Se}|`Z7F-EdTKY`tK#x&rsYiZ)~P7IY3--zn}Tbm zbpVPI?`a(=E1Q*SrsZDat;^&o5F6bIaVaR}C_KG4u55O0!7Mg1h*0D*|IY2kV2{Yl zFsJd?_@VI|$QoRGEHht~l3|6B^OCUXBguyD1Swu(CPj5Q7dJZ`}fUP^5cK zJ+Dsj1Ru^(g4jD>7?D0w@0q|f^%#~lBt83sEhv*9zVAaSD4)9fpGk4v0)h?M|7OK(k` zM1ldy=wO^KDTN?U&ho6h3|U117UN1LU*tf{qY9*JtsBP-L3}KK)HS9`Q;{V3c&?f| z7<|ZD)t{fNemY&m&udp97{=PRtPSjZ49@6y>r$huvPSETXTiidAhXub0FZhjdt%9LG zB-YAIALBIJpTX_;IovLj!Dk@av-0QTVKOoh>pxOauj_gIa7bajadEC}s-2j}c4<7E z=HLK1H$|Txd`>&Y46Frp@4L+!@2JFlNM-bsLi@gIh(Splz`qukP z@V*`aLKWvw&GiJkiUtH(29f3U{sh}6*3y1eJ6>&u@mGYxZb~h0(v;&lYR#^JcvER? zzU04(9A)e#uNZhrC@w7mzPI*#=x)}rdMA>2J@2h>?<%-IhKH_js0qK=W+q6g< z5}j2|>htbw^;vyjphJJEKI~J&GUo|U70&%5Nq+7MMEivH2tRK{ruyIcktjvi2l-L_ zoDCjT(Q)u|YPYKB?fL#_C_}TeMyi1ZjtCaoPpWReq}u$%&~S)QWQ$OD?T!}J2pnB~ zR-^F*9=j^4@IN6f{{AR^Y;5rE4_U*KZ9Mu+>*?*8pm-@ceoiB=(!P6kC)@WVL~_Hmn|Lm3y~ z{FutP@&nbl-TbJ=y-Vq;=xuqG(J8sM@HVy44Li&!uP@0*XM0+Lr<#&_g59190^06V zjX@|Cvu=@cZT5*@p|*M%Gj{_7g1Z zy$bs&>{vcsOWZ*w;zuX>ElEn;e#o@Y->Q|ZIe4O46#3G)_Iu3^$*WLqlDroEO{9r4 z8vM{27tZ;D^Kx6e#eVEZzWS>+DE%1<5ajC(eiRGN7ORz3e@X?7{pwGTWP_AFbn4H& z-=)geHOws7`m@F3XkT(N)|9UW+z04j%s^~PEBTTD04I<7T<}v;f5uXt_U+_HweLCr zh=^51$6_C*x(Q} z(KE7%ClDRni(O(`ng>%1LT%uOW|UKkaZq0LJWeV;tB7q9{fFq3B2to~*&9U4!fjC} z2}-ffcXRPW?AbE5keT-SW0@_Cb-hD?N&ov9#wESHt!nw{H~8_Aq&n$k+v^jyrpnt- z=Q-tVsubNH^?cyxpx)c4@bAi7&u?~0`;>ptEHj6(uFnESwQnx~_TyiCzfU(Xt$(pb z67BY-@h@H=#{v5nH-nb34;^*ehXeF4J|e0(#lPrB?Y4<7Fq^V}|00tdzv*AxOdaX{ zi&x(T_aWe(;$J-ftMIXve{rAwZ2K28)rZvnOU?i9$3Ax5k(AftsT_WO%a7vciQti5 zUh}1z{o0RANwxXuw2xEcsq$LM6s&C@n|_gYrs8kf$NS!K$?K6AoK$&r*~Y;o+bxYB zPEne6wAHk8D2qw7`>zpFF)d2df1M&psyVItuek(}E4i}zuXaxS9sSoAOu0K$Z8Wwd zeg9?q4;Yi4)4oqCTLcKSU>prm%!vU4#}EJEcFdOL$Itv(H^b#WOp=dIel!PfGVSda z;=gqRfS}BHC7Eq_r(5v)Zc`sshu*^tuM+S4EIBrlqqPMQWw!V2rOwvA$476u=r9WN z6#qXN@Wci`NCP2+{w`)qp6WaojKUf=9?(rYbm3Z9c*OXQ=I{x-c%cfwQjx<@j%rq}h%2Rjt* zd-T#tuPS%)Dw5OF%e=6Gb!u^oeUYE&;x`f^Wp?pDG%2bH@fdE>$2S8hzzMdT?aILg za#SgkAJNJ}ezIm)_9kYa4WEnUGsednudUjp$;vkAWE8w}4`Y^>q0HoEyd7=Iv{^8*IT zY9dF?ILUs>s@SPZ_4vNZL1|=h$8!3x+prOKW9;$$QpWdHB|qx%y+7Jpt_A2y@FGWb zNI1!t#syy|`(LXuFEu+G^Do{+Waxh#HOP30{Hi^7kfSWz#Q1)o9^V6BkMGSoc5F=c zzbUx)7u=Vi#Ag2sNHvf@St_;rU+Z%>{h84+^JQ7a;lrUWyR}&xT5nuB!lbcc$agNB0EN}GM=)y#)G^k56B z8eh$%qM2OjPF_KB;!#kt<|EwwY1|OOm+|1wOO@RJ19B;A(LzC2f4c8S-NH2e>DQ8^ zn%Am79rcyfICDHWU-DZ1fTKT+QNN>Ed4l)vj|ZiT=&9PE{MXZTBQ`+;)rd1xBht=~ zooqHIt^ay(vO)WsAKU)Jf8oEr*oX|CiCIghKfgOa)|HJ~DgNsuYPY+nt9di^XFu~} zL&(wE-Z^`Xi^_i{XbhCtqXKm zK1$l-{(m5H%+I#ISpTc3o=)rp7>jkl9FGGP4k~A|x)KwP&BZR~^FnzE$ucc*ezbA` z@42%p2VtN)`lF}mNsSW01~olG?3a91=H)oPTIS_jv6E`Gc$_lF%7p#(OG}DR)7E&$ z4q<=^bQ3QE^thDxjU@a=$zbb;rT*Sp*&i$>pkFHdzc}I7n($9h#@?2pB>XXCu+06p zDdzsP#md^3l0~dN(LSse#g(=1E!MsdXW-j0^0?koIiTQ1@?_0gK4^zl# z-zS^4H}pkPK27R;u-!qO<-7=WPHNJIuPTBlANPm@gWx;#%E-xKun9*GlLGu{re7PwfZ6wXjzkFGD zsI8%-@Nd%RT0V5Qk!x(k+Df<4QM!$uKB3!b+KXQBy^cs79ol zFDo`%lYTz^;ADf8{kP}Ke&&V?xsb@5FZ&F`p}Z6&PoHly-;_YT$D0zUH2%O#lBNh| z&NtfgWhbz?#qAB$NoI>;sq}267Qq4&hbGXck&A)ryn1<$Db?KC+YR+B1NxaG)>X#3qZ7{*V=^HKIeS@68Y%l zw@t6pKS`z6J!H1&HPeFUq}QZWcs9MZtaZRs^s1E1t?6|X&2dQ1KQT;Bdj0yEE4hZ` z1EJS_Y}GR5>)${?z8;70ieAqGqBXsq`Zf){{wg2S)2p4ceM;@FA+t@d3oUp~dJRd1 zXVYsw@ts=Vtci}UlDRd#wsOa!gI+gcBAoPk*PUEV@`2Fn+Aosy`Xdma*KP1c(d$+~ zw5He8cp7?LB_Gq%Yb{&2lI>IU>Q82yUME=aob)<46`oD6nNE00zP>Ti((CmFE_$7X z9dXj@A$M{<$p=EO0iP%7^r`|xYkCb6?8M$U^|7CPOi!<;K1`)oHkoaD z?b>3(bJA<0e00LI>2;wKo}$;QlDV~f{b|07US6!6lU_HtleeSPY3b!2-?d*Sfets8o2FZzG%59V#GCRK!kuVoZ zzu`qBEG2wf#uw&#X`|#&;-ToL8FB;&=%Dnw0iIlxx>xdAy}hDe(tl9>xtl&kpIY=8 z$U&{p=N;Ir_Yv@eu3cp{!171>liAki6D)X6 zeLgr9o~_R_o$$2%`&v;Xby5EHmt6!o3oGK(=ZD+XEi=ft`Ex+LjSc%k_`n2 zB-;k>71PfKiYy^iMQ=3YM`*P2MoR@r$maHUNzF&bjUJNfq#uDl|7OzAoYVdrdr{nd z$c~Lp8h*{205=Dy_WYLxe+e0^0cz@eBze>b^fy zZ!4z8IlfUS{(ijCGB&cL%%}8lHK&W&oc*r{?))mi(h%;0p($D{y%}GE1mu%2}=l|A=v>sr5+>6h{^E0t2wzS&w=f6My$1biE zd7VVNITi5)b{%p%@llqV< zuPO6?N&6=JykJezzKx}F?Avg}S_$QK;IW^0ge#;Th>(__LnP6*Z)xHY^2u?){QT-! zXfhEi@jvmi@~u|6c^ce%fP0EO{uz*I&91_Y{f%7waii|8mHz9vdL`2+x3a2 zfouM5qkOd6FAjhe4{@Oro^HQncC}xz<4<#43hKr1IQ``t+{xQf^R)i5+y1nF$Fe_1 zQl75l5>!P|OYEJ?{v2aAERFqXlWbn=@h`_Iy8N59YgOx7kAFF=)?t5&1^)vW|GsVE ze+lKm|9R9!;eQ1HT=-uu6{okK<&u=%elFmIMi>5v?FavDPrC5G37e3LzdrxP5p5iO z%fkL4N`rl-U|(-MPT?}5q-Awv?a8t_Von}B@UbZx816=O|Cn>IICx+ZUX_OT8Y%$1 z^BnMII^mt|f|n*x~C#i=LFoEl{%(H%ei9Rw99B zCWa(uB`&2_8^aMMhH62pMg~(VEuROYpBq23^&!?5^^8O&SgG7fVY4K6t1dt7deZ$X zERH|(FGb2G)K1Ck^Wf@|*XKUe6ilOUf0Ly2@|x3-BCq2luZ5hWzaLEf4m#JP!fEBz z8Be^f$-;iy;|lx31p9j92MVXe6YnGgDW8&(l-|!jkX|rdJTYgkIM=raPfAu)t1EgF z?dC=hAkG9LOWLe&U(hWOWnWpeiVa*kzDU-&IgjNdz0@6HOBUPGeC<~S`w9+foIeU2 z#0ne^H2J95U9J#YM)*vxkXqkPw5f>pDucuvMkcw`0Q_ijsfE{s$V#mD))(0J#g!b1 zgh&3KF(Lk6C;&~F;=vh$~4`DkKsLRLd)YfGWbqSEs@maq$XY$q;3__ zKV9n5er_OobwN&oJD$y?qjZvJoJtCD4$LNfn{~2HyH`8fl;B0$bd==}nC6#6b#d#Aqh);^%U}w{jDA?<0_JCdwb5l!myU zOX_%16AeiUezqz}+yp+2N!O+ND;7;QAtJ;a{9$zGhy%%?EX-pnhd6QWRdJcholZRt zo3{&nkM@fHhgpsN*z>MSllJ_0%F^xJge_3Ybt35Q$6xO*D8S3K{(7b)+V(un_;JJg z!qEeq4|w#SknSWJ@;~|O*{`?q*RP^>+wz~!n>1zr{(3)h{O0)aQI1+n@2`LJFt|^` zRHXRp>)*3k@0h<@p+DQ5$$a(UH~jTh^E;JGlKdP=r@DA!^V4U~m0 zPt2#6DYS_(OzMLehr8B)_-F;3nEM5ZC%hjeGnL}e*R)b7nLU;Lwci>Odzd|_vTfVn zby9pIZ&FDQX9N)XWQ`A&NV+XQ;vbJN=T=WQYqBYHk7TxbG{<_sav#P%o|qp4ccKo$a&76Bn`} zSUZ^3c;Zzu+x&UTg6Eun|7$8ddpyz32~Qc1Yb0~)@x&mSWA_!tVpP~Uo;cc_{0PZu z#}lpQ-}}6}SV*SgO_o2XNLGQFQTF96prqelQUA6ko7-Qs;zJ*kR44uH{XmCtKZ?)~ zNi_Fwe!~GWD(FPDew-9dBQ0wG<^b?>&|nd2pSr)o-9G%`J|DfAY~SVwwEe_hsrG#f z0QR0S#AKZ8+JCm;t>0?j5=nKnPhS>j?omBuz9l0NM5)(bD4^P?e21_J+!bKwj1Rsl z6+W?9Pb+O!JB&Y=mkPhH3;uDx2R}0vesk~!Q-7yAVJnV&wDLDN^5p$4juc^t;vUtz zDu&H;CwGwKA$Ib$?&JiPB5{X%eXtcjduG3pRPjS8kNtcBE1~V@;Z*S3_OqR|Ce?oK zT=6^h^U7C~QY#noiTyn3Xs7*r0SLAcc#OB-vY&TIx>J5^`?>2Ci?`SpMgI#Va~h3M z2J-m(T=f4pw!>*Z+qsixlbmWl&HV#Tf4=`?i-g1yulmZpiozFRT{MN~1Hu)riVv^$ z5ZFPhxckN0vu9_)?8;IiR@)`x5@$AP(sUDfH{%f}^UdnM?0D6D28L$$wee+EqBtlo zM_XPq-fn{;>*4A_;yR;) zE6JZ6p1!f%QT+?N2*;0g#mk%Z|4kBg{VD#l8O=J0461_d+JF89|M}F^K-PhO$5UB> z=34!qB8EL?k$BcB#{JfL1e48C_!FE6Xs)-Iglpr(ym^_%oOsrh`xcY@`G72HbY+dV z6t0(|$7U5ns3L7V>&$z=xeGYE<5};JI$OoFUa!AOpecvRtT(P#9fKKYdX7qL?NUo9 z>9N$}=obEkipSqghLW~%r`{>4UfgX8et$Ow?fHiZB;kvXCQ;@?ZGW8cu5*9Q;5!zG zen=R~-9W$s4Z{#IQenJ%FEB(u80(tbYdCwv4Cj_0Z?&-|M@9;&E10%aQ~z*vUW7Tm z8N)}{_=dVFi@u|};Z!H_nmYsP2<{W9OhBnVrVpi(aPv*L-EEf~eKX;=kwm9HFj>Tu z>0nWXsV}%x0hHyG&$4cg(aq9E;hwO_2RO^pCVc!-F$;lD(JYy2T5h9jXd z8F!+ULf7ukJM6mR*R3wtH=3~1j@SMmiFSWs88E%yW*NskYP)Fl7{^KWGz?Nb#*cq- zacC;GATFWl=6v2q?&MJ<|HgisKfY=yLX>jw?E;LHa;^R>Ce68j^{xh+c(o8k3sgS8 z#$-vd8P`Ae?P%6|A)Uy(Lw|96gR z#J{i@+W!U0e*E8h-J1RQzmjV6%elY!Ftb6n|J#+gE{FdsMXmNZMoZfN1wV(OTZA5` z^?&X8IgTr*iECa?Hu38}t0ulBhJ^D&fuI9y#-Uuplyb>~rCh_5xymn_J!}BI_(A-Z z@Jq-Uj;+$V1&cKudZ+B=(CbOoc;K((+F!g3dDL{>MDnOPq-}`AIk7=9hg2+^!0ZNN zUrqykqY-t+Uh4i&=9H>R_UZi`Rng<={tgv_)BULfW1f75?(dT%K1%g6smpG|k8kQW zqy)TarYHejBRO3B^wwUfx<6G#IaS0bnr^KN-I;eu{|CBe|3_ohtlbO&Xs=FNpRd!O z6>196i}+w8I$V;mKgsnvi@yCN!NyPQ0~=$oKChb&&ZAFTYD5tQx#bNfT1y&i@lgSAcX1KVN(ufUWuYfc`8V z4d=nFHy$`t@1ya`ON9ZZ~lh#vm}NNv%dePg%E*|&3jj@8v|SfmBQZQn>$`mjV&o%CxC4zuQe=4wgf z;%l|$^AvmJdFF6-)_-_bRj3x!08>YcSEI0rxz6TV`#)Qa5Bq%cT+-Mz z&sOc-j?qx<-77XG?RhiXUrX0sOTX4gs@-0D|I8vPaO|IXz_Ke!#r{DlTY2v?Ye;wA z%p^B_=>VGofO?4^*)*9qTVH#iT(Aj=6FE$uRSOI zC#hm#K;Q@c9qXp|+usQg;#c$NRVl-W*y?BTXm58+>`q)@wb&Zp+5Y7pNOSp@YD4FP zVq^89N5j7?DM3Y*@O7t%t^1u4 zIyL!aDXwVh9uO!^uAS+kX*=wkIn}O`uW=_E7=^@Nw12%He=Yl&q<$YtVHtg49+f;D z0r2$llqV>v(Lu8L4td%+&((gXJdJxiRi3Wtm1M6!SLzzPRkYMwv0LC6;~<>L`5c+{Ivv2O0wrY&Uv-+eXLyt9 zTKOk`l>}Q~t?`RJI`TYb$uB4>$XB=^pKC%+kzcDl{oL@K>k&^q>VT}wR<>kLBdyAQ zeq8I~*hN?ib9AJV=ev{7AUS0|%^k0E(Ok>IPM{=wd`ax6n7$h+>KY$Sd_@y4P5i)l zlBCGjDqd&BBUbZFqkMwowdBz;KKeE6YFG^hA?^6cjsN{mS@=IgdGP-Q^QQ2B9sn-< zpL=<~`2S6k(&L|#ivKvtn+E^EZv5*J%T)YZ^>6E*w6NcHhr-@3*c1Oi;hO2WBJx{D zNW$PfqGd|tPd7qPFxkg_@{+5MOB#=)zvZUa_+*XKb&VUaP>No+Q>Tkww*gs{B@MsF zNK$%wee!S$zfYIEY3S97`W=qI95g8F;(qae zT$0k`-z^pYsggGh{#DfPz<(7=n-+h!|0jdpZ~i51Q2s`9jcP;??kXni1xota+snc zq^D<&YMcu0I$SsI@j4~b-D#TXvjw8lnT)@LPGL}iIxMg&IT8C`0FRfhZr1zEn3(14 z!nZ%KVlkPk5-?{~d%=d&sBn}ZjdrSD%;;lsbDZT_`s1^-GH z{PTVfe!o=s_ImD9_c?Ia{*PqdAJ0CX?&8@+STE;#?tFLh8ItT+&%Mu`d?d-O)^p{0 z*tNL1HMdJxTF=w}Dcm&UL9dYV_Ik`Z6gn}4?Ul+Ul#QzXXN2z7B*j49gziay)0&^? zAqlp=h#{;j+Qm4xBNbFc_Hw&b-+F6QX*b4<4k}3W4N)3w=~Mi+{?PUKW2rDZFGU69Db4EXKVgl!Z6%3*M(843%V#n>Tj} zOp|0ms&<0XOo7l|vM|6ivs|Dd{OYa!Lo!Q-8%jS7CCgiTax%-RKf0iJCCjemKa=jQ zZJ*3FUvddL@e}!GYk!g-x_{Rq0~=L&%XFzscZDO`Kl_1cQR8q8Z6uIPq?jBmLZDdbXq=Wz`Vhjj15LZ!$eo(wQ077{ou( z>7A45dqiR6BmiXr;tO>84ldTx_3v<}->1`8C)4AS&T6h%ej4ePztM_c4^j$3sZjl; zAnf5U(sWv|uhW!z&Al~I=%yQH=bNw8X52xE~ zjeqqd=XcrjL0tQHA5Fk9_C>g`CJ?*6fb(LnFW|!S>kCHvVq6kMvP_6vYhG`4liY|@ zBOjyB-$yfiv6<|x|yd4L`TRn5^@~vOeejmz$(^06iz!{n57m=m;*>Xz*{?? zY%wD;!|UJft7|S>gjvrBct?CGH;?RE@AC$B50Cc#&=;2)zmUCiRANpgraAilMN7-jzWVbJx3$Utg{*s@)wcDhv(Gm%L=*~fK zO9ieEv5RsGVbKm>!=5(2*fj2!d3(|_U&*S;hsIy!JP7X{nRKqh1$IPJ%j9k3Enm?R zZ|&XWDV<#$yKRjR^lNB9W=3gEOW&ynm3rsVvd4e+-fZu(UA#h5*{zyhB_fb{^-bV{$3;Vgne?GE>{YT zWJQ?!f9R3o|6<^%#qtS?c;EDS!h8PUtvv*0h4+lqAZ=mn+iY~f+{rDV!stm9L5K8} zHp4NP$(y}S)c1KE_6VvZIbRcYMw0h=L2W6duk$i5@e0HSb@Ydu^5inFF8VUB!kaLJ za+w!KWg#7bJm>RVZ$8tE>pK?5zf*0f=f3&2C}pr)&44N1yVZ5_Gf|M*dT-rIawHD! zyH1p5via>*zNvS-7+b&oDX>fxsa@x-eFdf(871i1D&ccdEulmQBFf}mX=&fJ6f^C@ zO9)v*a0Ft52o(QcC4bNOzxJ`)79%)^PdyC~9tf|#b||e`&gXrHPd!}Y&Y_C{^3LOe zr+Nh_5?qY9?jj4C#t3*|Pp;&`Q4x+DpW!Uwnr?QCWNq1u?FL&SF1mlM7hLR-Dxc8 z8K*&uJgpL@S%rUR)3Mu(f6^?a4C{?jV7-WfjqLcf&Nzor7I<9OPWza3*vrPIYSJGUFs`{XGyPdwqSLHJNuKa z>@PX9FOuvDH;0Dx)A|!3qhN5l`Tj@ieYaD0#yG)kJq2+85OB;hcpt-^h%A*`?-j3~ zQQr+^?Hhj0^v80yvZsr5qQW90U|c0Pcn#&+^&2d$5(UVv8BiI#QSdmYP*hKhQ1Al6 z$-4OmPRtLj^vk+Q5f>DH=kw5$H~P4uZ-BRMx^zMmn*E?D<9(=IDeku5LE6QZwUD<_ zfvU*ZJheigoRGK-?QAiV^|E5)l@m3=^TmX610ixI7#(eX_NkI~Zy`NHDPS_V`z$Ae z8wR-oEhBia6j7`}YD=XVCyMn@Lf!`|iUq4H5OQiER~HB(-|=G*3#^CSqgO5Q8QlK) zjBtDYT=^&ji#(%%MV?VbVqxV>L=-R~$S64k6^~)GuV`oR4CBs+C=%60R4O=< zr26&5(azcvrv%`WSu(V|Z#}NoGHTE8c??>h5!ASGryJz@fW9O^r$1wHdGwnEvNyk;(k+#wn*8?GFe_kie$H1AhOY@`-e!;M6RFQAo%zje#tyL zmirBPIW8z(6}x&F_Ij+6@)Sw&b5Wy`dVi!hTZP*CONQof6!5%^tTluBdS{-36np2@ z<8$C09nT9b(-PSOWe{HGn-YohC%cVAG)sN4yR~=6HG>I%7&N%q&cpaw!|2A1h#h@Vx$ce|5zppE z#LYamB$fmsUnkzMry!j8ee91gwfnrf?=E^7ZcDj!A!!lFYtQ8}nk{-cHV`SaZXxwY zW-6~`otPd9`6HD%BVvPkiPwT1G48()3H59s)Vr*y;%L)}={jZ{Vu0A^7 zAE`LH&>smLU5qT-Z8Kv1+!H1lYQ4Y==cm*@pLtt%AbNr?dIcKs30}FkR%}_B_suQ^ zv9lM4_mp^N9wnwV*1z%s_&6r_E}v&d%U6AyYxYhGbzO)-!J_QWoYbRi_W1=K)z$W0 zS+jSf_wEMI4t(B{RZ|a=KgT34R&P^w_H8b!8PsKXsrT;X9xh^(EK|-bo86^L&EBEj z+7AF&v$rDDJF-%)q{K*1Iks$eR&LgdgNmjeCgQ5<^axJg#~ZwNJSKX87M;}3lOcmw zF=p!4%>;2BHG9jvbsKr8LcTmzku$}3(kqHx!^1yBQoL`T9Ph*f+k44zyuez6O50sv zR%dCyIY8PnkZR6Tc2w@SHS!d(xKXojeYoMp@SY;?%#ZoTtn;tuD|+c`$pz~F^`hun ziaKh#)>YF3s-#)d(Syhy2UV*dFwj6u`O`H_?3IjrM832ulfY+Eppqrv_ZOl zdcj@Bb7up7DW4tKd?t#E-fQvuVAN(j!WwR>^Jhmm)%8bsQuSv&I4I9M z^A=ta!G#_!$5hf6zLqb7OZDkV^wqTBDj_W67~%H7hX?Qzy1gp;oZPJ$C`$Nacgppe zer6Z)eX&!I#Mm2WVziV)bEmq1ld~O9jc-$28+4>`?BC2TVx7R15yCpM&FhrSLDyq{ zHLJf=5ZbRVpD#Bj)9H4^$54Z=c52Yo_3<&{%bzcUuCCoCpcOpR?yiTK&xP^FC1ytJ z-)|yvxP{0E6!`BEIl_U+`D(@Tg>Oec+LSLa@!n}A_M*>L~g&*rpQj_5-l0o zVLlheZ|`_u6#41TCL+&M;J>Fx^Jp89F%Cp7O(N3V;lL2N-a_Q~{|S*B9Efa{L7S;H z-b@f!{hk+1JEDe@2n{(FjSy27T&h2v~QMw!or@lCjO2O_K&TZnY|pAfmkfym>N zZA2b0p9|xc93UdAVpDe{i_Tp0g9}heX98t-ZcmP{|xJ1&tUUMEc`rhf!*s*=h*0f zS6>&H4?v;T96-8SfP6p=+z|uP%>l?tT81EkN_(fy*5++C}zB8h+1q;Nvo!C(l-%fS%es4pr*zLm{$h8Z+AO zgBdz6u68jmg<;43WI2Y&3}HuVKkAJ~)n)emskpCK%iG^Mi?m~rc6O1>WJQL;ABlLw_jPcKd^_?d6&a&OV1{B6r9UEQ6Ft4A7$h2yqM4Jxp(l3`P{J^m1kgg=?(wjjy#&r z&Aq#Dw>uijr|tlr2}Wowwp!3K4}-=$b{G>@)XO3Hl#NwZ;k`MBy=Aw%aq}({D=VMM z#W%iCY4}K*8#XE&y-nkKVyjkj5?<>rQhA55c{}ZJj)wsW%ri5Qh~I))H^5#KljJXzsTKzwD~6ou1od#yTM?dZY&o);&o{r zSZXkfRWYS9+J@Im zE7ziIYei}*Ckr$hqFUP-JF_Rh++;qEZ$MxCETb$u4Sm_@>$R#)fadUb08F4}tp9jd za3iqVF<(Nq-o#T>n3*QP%A*(bqZISsxUy(dQZ71~s%R+O-e^06k82ZVzQVpK=A4sq$>7rWa@D*+{D# z1SOxjp1WMTGlH4SR9E3PrAoV-9Ue5^sQeQzu21zDm7J?6fyvepWOuiQT&(_pd^hNJ zp@#fK3-Z4UN*yAw4LNKGgnUG%)9kM_P%Tb8M<5rof97P09Lnrpi)qj6g6ec?S*^JR z;y@oU530}O)Vja2-qZ@^3LtS^n=6|2IeJ5j3=p?PT~@opH_Jr!hJOX=L;D73F?XSU z6Xe0f{Dih3fvj7ku0puJkmT2JK4Df3cxndPr5n5%EA+}ySj_NFhZlT2m#r^ zVC8UJx}#&jEwJ1be{6(20CiPriQ5k^m#xBg;kYdOrZe!Sd{tptbmCiq0~yAOlSn<9 z^}8ZWq+0o^FMVq&3wOpy(Cn8Pi_rGY;rLmGz?zWM>ALbj2HMOY5O7Ns26 z;_#~SqTEx|aD95osVSqvb(G{1>tKp~;Dci|IVRx|3!`5p;5mz6M zVjtP1t4UQ0d^A3()?KgBFqF;IM?=Em;FwecJPl5&I3Cb6h$#UN-yeY0+?H(MFiBLn z1QnGl@RFACo)%0GQ$vBZNtr!h85gt1m6&qgu)?J|7iGv(CY`Lif0}I9rTdkVaxT1` z3u+}D*-if8*Zbj0E67SwUxU)fj<0DPSAV=toq z$bqZycA5Df*U+z^u0#k2e;G(E4vO@r=qH2BAN2DpxMN*G@L0SvXQ7L$Fb@x<8lm7!RB#6@u*U{8$_)VC z?Tr2R6iqr?I3$$4>e6^7_^Ej;7#3-Hx`GY65n>V2w4!BDq0sVuAa!r}MK$FUYF$%K42x|e>qC~k*qjt04qp$58qa`PJ z$82RWxK3q4T@t#u1Nz5M5|4T8Za4 z99{}H`mp)!8$3M9cR}zlr0+qX#o*z|esSg1!xNiUs44Y4QYu2=+=C&w86g*L1H};4 zi*RAGCH~PR-Brzr--t98clTT>6=#tMYOz%j94E=4+B@FW{(!AB!7O0@L4NJ|?3Z`?DMg zQo@EmZT{KtiNC;KicVt^2z|%C$60J#p^l3q&u0K}{x+5*jBt$giHL)XcU@Gr90G*c zvxeziV`&1_CPtk#N?})AqbO`lLlmagA8xigVza$bi0ecpTuv9_vKWUj3|DxY=>djf zPi2w5bbRz)SL8mm=eKswBB$GqXJ5}#P>f1gdX?iDcKq>uv*o#gP?wfm5L+uMudvKE z2z_Y_O()MPiS-2pj(8j9zl@xRq?VWFdc)ti3*UEdIF#-#{?%CC4yb|)9GyZjkNWR% z7yeQfotke1zxvS=S*sl85cv|#=%RL1#_}NOgr7q#`~Hmwf8z3929^Q_x;@rKb;St% zDj#ivX4w@^cU6sm=+1U9UHRd6vY&w;r5vT;_g2qRGyapgnyl8~Yfsq0X*4#-Xmn{; z>g(?CbnF+plA%F8tSa*z2RP`K`2$GQjXv}2$#{o%%`b(2CgMUezH^6}&*vk23KDbX zy@6-s@#kWz94%Tij6c~uarb-}+o;&{a{ym-$N`VM{gRBu#^T;W3=Y#bFL-eyCblq(Yv;R;uZKjN!Ega<5#-n6A4 z(o(WsutT5%>@adB^Cy5zIO$I>i*zYpl?J}tF87!eX#As{g0QQ=Kd~M5xxRLJ?(pJv z1!W+fc6~8t+m)7ur?zudtSoQmsWbOtpCazl)=;eGSvaofqRf}YT{wMk?05j{irfI5 z@1{Ig@pfO!DP|5h!IVu3A2J_+0J=6t27o=~dZNofm&2f^^$m1~2Y8BWee+yYzMP$j zcz$p%P#zRUxJRc(1Kcqno)Nf4Sjz|%It$}Lt?#(lgIJ^BKIjcE|~$u{4fH zG|(R3fY|4tO)runN6vIbuw~XB%6Uf4h)nbzErL+RKWfB4Hlij{zxBW>#*VKS=oT&g zPV)I(-?22~YBj$vY!++|-cga=12fl?RHhg8}HhiV}Isv}FwmJ&jd~}S{?;_`M(Rk0S@?jI^gS-48HS^2ENc0zXyMJ46^a}7sPj3^mnhm zPQc%PS~&1$uRr4;T+uzeY)z`Cc!v>sLe}Slfq|F#ukj#84+>Xr@lNE#z;hTe;WmDV zQo#B&nUh=ONS_<<4pQ0GDKQ`M4fpZA<(Jdia1kp*IO=L70CwR}8=n6IlNb#W?Ol<+ zuIS}(6Q2YbcsstTtzImV77V#?w%o0emSHB0^;$ot(Op2x3FNKZ}qq2B#MH0Ki#bp-g15yVC$%JOfoj@?m}c zym|KT!QTf1Z2T3_1fcO(uCEjDR|7>{JpRAA>qq|Yf^UEWzGsKn@I9}u6W}}lXy6OY z`aSr&qsYczdk1{SC4=ujDGvPgTffO3Zsa>|>K^gUjsiNqM)F7PgUAH_36W+-uBY%T zdSfhuRI~^(LB-meWnw2+u?tDzt37I+W;K)okw@g<8qoaeqEJv52g&3=mSq2ku!^kX& zH|{HCnW~J;K9|qw!&WlT3MAP&Xl$vZvIGRmBcSfq!%ox*zRW9+Pry&Y`gwwcR~3I{ zgmSPP1qQ=VOaBStE_x-n^yygld@ajYElCkmX>9BzAo@rOeD2<&RX)u>Ko&+ZyDv$> zn)8^fIaEn?cSj_q!97@l4~)>`Tz?`1&4-9#>o`4QT?Hdug6r=K?mxy@5oPgc_Jb#3 z#@a?jU7a&N+_J>!P=$RL%49S`_e1lUz-klX!zt&3T3_eZ4pymlQ0lGn!UEcNamPT- zAmiqxcn~dnxulD66a0G#7!{C-3lz$#-ZcWwWfnLcn+?u$KzoY07=N47Kr5?(r$sO6 zSXvtF?{lyNq?pGyvw;U@YJ_5!+DwE#hrXtm&vOKufuahlfu9JGb8&3A2N|fldTMiO z-#J5r|EK2Hj*g~4rBEo#ZuUP%l0ml(kH~_;j0tbwqxS@C=M$kmb|=L67?sDNm1J=~ zMu;{P>bYp*I~OZPLaYy5b@1BUjX%)mo2zLv0O~+?{niI+ikG!E*1QS*1`Xi$-8D=4C(ma$G7uk-2$` zn35uEsJC|&zUkU<7z*A!Mlcf};!vFpnP#dKK^W4V(*>DWAL@l5Z3i75VF;4>5Udrk zZ)?D)>gY3&@Afk4O9zjH{4EJD=*RdA=$86q(QLZHtx7|?REAi0WCc|O2&QC=uY2$c z#wGhb?&z%&$PAU_@yHMYN5xMrCf?;^ELr}pW-07<{c2+yr)eVTD|W_&+QL#B>MBL0 zuIM;u4gRb`iNVxY@F8k+@dpW<-MvPFvy|tLb4N#FMJvxQ6(F~PUKyL4=Z-!>klfJ~ zD(Ja9-{pdSygHlttRzX3flgwvb))NAk=hPV#2LkfVB1nwnv39Vs1z!4_y=FB4k1t* zC$vD-558AtCz5nEds3`OM@-u!{Owfwi?@)4Rb0~M!oZWCyk0`P>+kGEi(UIk&bNx z*SAUaXM@$zlHlL9_3SoC0JPWF!~WDJ3H5#3#P8dx@7)`|P4Bnf{+8p5mYu1 z!PY<1UA&d`w@$5Yqt73L43GdtZ$UPWh}dIk^Fyo zeuOshcm^YXfPW>=9A<1Y|$f z9DPDN-IJrxCn(eOkgn39hV==aJ6P)kha<8aktMxL*(l zW$0*A0!yIXQof$iF%X#Py!MI_D#R;0w1-~QuBwd?2x`Gl!9&u?QenS}Px z3QLuu?bwSa3T+v}^OJc1?xG75iqZWK_L4ri`HDwg+(YcxeR8~EU!OcT-V~roI0BdV z>5Dd>$^Qu0@eY0_e+Pbz%DsSu&L$Kg+=XEGAy_2QQ$#t0DCNQ@XaLFUdvI>IawHRJ z1NNTE`|#d;4}VroObKk<7C3;gDy1FVf*ewqd*9gv3H*Ed%QtW81T}4??G^eBlc4??CeYUYPpu z+|0xE!}_{F^54SSWk77IYRWemgTh4(IbOg9kmF@f?C; zjBD5igpY+*)(CxtM{rGlH7`&Dufq5Ffu$ec9%D2s7BeIC5}uRGLK87~1Y~n=@@eg_ z{D&%l>e4-t7t|a zzN_LsBJedv=CW*LCu~Xg0pw@$%?=D4?!N@R1@Dpkj0-*hx{J5@us48@!F%q=<7z<@ z@yud6H>w4#)j0~GnDGwUjqjYdn3KR#v5%}yM|1Uc7_m#gKa7Bz0Q%^Nw?Y5o{wjqV zd^a#3TKyMFn?nLL)A3(`o*&oyw)aph7Bznsz=YKk7!I=l6BNJ#CSH3!KCU<>- zXC#3S8h0~ESCIOqCeT0={OdF|sdkF`d4l#&gJ=UEroRH4^*m!@L%vI#G0Ohyi7eA< z10p+%i#fybzk>p|P?$qhp7#`bd zqFKE^fRGwFFL#rsSMx4fE8_-_M1AiJt(4U&=LR*h2;yp3Bl|EowpMQsqegZ%RI-Bx zQ6Zal#0uHNu|)KhVn0IfgjTgP`>Ot#uhY6|_s3NQZ3GBDVt5ep_9T)MZS)qt=9^w- ziA{^fBP@E62m2g_pVakOAOfy%OK;^nzSG=MH`uWO4Q+c@DuQqj5{=ZIRE8L9+GFi^ z!!qX%BUe+K`CF=6>G!lDIQ#x5{|-`VM5U>0)WM7Gp-p zUV`=je_{0nvf-KSQ4GqHAmz*c^%2mmH{8Rq({b!Ku)2)}rL=TK>8OFVB%B`K0&I#s zx$|(XZGXeD9{*Bn4kBu>8M3yp@PRt4*yN7U3W^Io;XG^Iu~LS@y>K%N(U~n1%WYSB zYjaO=yqDRx_G1m|s+arhkGgUV@^po$wzw-xbOk$)TQ0>6*9oA>c#ID$%S-XK?DuN; zl_{Ix%d&N3UMk0Y)yUQ*X@0~pwyMnuZ`e8_FNGfW%d7 z1r&DByMiYz0awzgJQkJ;rC3PXEKOog$tN7 zP7UtBIORsr3MZl@DV94L|Bq7zqogbN8*N6xuwsh8tZ-zZhb3w zc*H`Z`pka2;Aq_k^WUT#!=Bv-92F)H7btIWAZ zJ}rzlwS2+#OGPh=Hj9$h!0d~h(kc;kwe_8 zF2q+lAfBnO;byZqd!YFhv}uxZ{lHc5qQpKlc;H&2@--^l^!Tzze-#Cso;RUKamS}Y z{Z!H69lV3EYt!MM%0P!ql^3VO$AUE{8Y||?m!1A5T%-P+IefBE(*gXLCTvs$k27xL z+TekFV?{qHUG!#aQgK33c$slKROwGy`VlFu=j(mJnq!R>KQkl?^Hoagw$Yb59P8Dy z9Y8-WljnI=a6u-Utq=4z)$HqRw!ahTXMzU`j1`NebkQGLB?tOxRr+z3-iwG_@I~;u zau#xoLI>Vk+$(e{?l=mE5MO0;gB<;Ir+(U32=M^#;$!1NmQxJ>?%2jr7@*vCj=nw} ztU1+K@uqy7r>ZlJwObnTS2pMD4;qftI9+ z1<*C*7hr_VJ1~*rv~pLl2KMt23Y5(mNkCy2YMptOD<923hq6(GV$U-!%p%cXtB`=R zFf0xkt)Y+rZytmwh-wuyG`J%)Oku+sj|X_6t*i{OZ{Gw;$(H^O2q-Q_reT9NEziHf z8(9KPF|-mek`6|Mf>Fscv$+*JX}F%(k4n_FBOE|>3>RbCLuH;LdtGbb8^u`lICk{) zk%=80lRT!oZtO!79eohYo*2G*DA2}^J||IH&FW}zneON&V2kXPdroXq_15V6@+2L_ z3iR9w80BcEr}1O%hR)f-0bV_*Ufs`E?bA zD52nS!$tFnbZ~`bXdMf<2+!BQY6`8zg_A-z*Qd~HG=&C+>49q_aMT^R4Ip5l(DV7d zEdczjn+)8Y_%R2_S|68yZdI?seATs8GN~%-G-$FvjcqAK(~*?D<&)uWiD2%!JbBis z$qGMlQUaMg+g$+pH-5~=(3%A!@v-?|YJ5ca3+?wp(^r#XPBAE!R#6#rJ^C4lwKwp>hXYu817`G^h77- z;Hf+KE^i`&G69FZ6dunzjvBH25c z@O~DY<|v3d*L9RSpTmzioUfweAoWkA7qSr=i3fo}*vAZ2g`l+*>1491Z#?U3hsDa# z)OqUFxqP)J@zu%dRX4u+2r`jn$^3Fn1?r52UZUkkwaH75bWmPI7<-+`XkZfW(^pw7I`XkGaQRSg@mOUPgs(G=3*Q~BPQhDu;od`NMdnAtIjxN%- zPw-=2?|=nh{;0TpHM#wa#8)4vSKIii!ntvd7QLWeJ}p3Z^E>#1l4Xd}TLi zg!VB1m_-Bs7>TOvQ!vyH`97RbZ2@S6HsX8M@>iX=Okw{~tCskV^HoavZzcA%&cvDo zigR}LY+a@5>iJfcZ0+?5)OKTHZLyXPz<{{|7I0v0Up#jk*;E^;uBf8D19QK!)?RgL zU7t|wUEGx-THiv^f1oi>i7iGV3UiNRj0xi+oVRV`=}r{n(`$5f3Qr;4B`hXyv#NhN zs>1Lt%n|yVhaXf?2Wvm(Ct@u}H=wX~GVYx4_IowePXFs>XpLrVS0+*jWIJfCM)&FMoMiZdESgtforMja-mB~*ELkG zsO#!4SJZX&lq>4G^5m+`^+si9Tw#dfx~^}kt&VXO~WhaHoTAvrur%2=g-%^j$vZtJ`^m!4b z;N1!5MO;20;k*cKIKBT^F`U*rF9Ld)iMceDmUn}xw8bcWT?#W{T;aJXR39$n}X^lN;)J z($W@(b{g>&?2S0hvhaU>A3`0+b3)V^Azw1*Byv3Dv%DasH^D|qt;&<7GJ4yhAV>*z zPkg;I_S+amDCu}lv;=FAw{CA|tV1x-|A1elp-RI^ZadUvI;wgfm&p8);bmjdqWx{j z`xvqA2rxE(!HiJ#AqCe1tPk?ky}G^&jLOxjl5|!=I5yt`+!ODM_`*&!a2alyXrOWi zF6c)?-yKr+xw!X6=OW`2j+H6?9OI7%FM&G);w33_{Mi_O2s0V^6s%I*sk`N{jV>%@ ztUD{#vA+Y~MktlFbBkN!+V{3A^<#kE?^AcQ;|Yu{V`@0bb@fFjd}XXVh7ord1Ql`j z@pEj{Rk)wsWdgP5@KxXdKz;%j@F74QD&IvN1FB_2*G?cC`)QGT6ri%}+w60gc2ZeKis*P$a>R-$r6Q*8nicq-F4=X`Aa( z7UFi8Kpt90TWGX`@)0;Ro&2TfAi6D&nadzj;D&1{5!;(61Q=HpjQQrZ}NC6rcy zi{?|>>lz`NjWAz|jj)ad8e!(Ss4oFi*Wp2v zn3}*+#MD?0q>ZT(fvzbg)`ed+iK(Aqybw%%hl}Q8>QHZusV#MlAI-+psM=G6oZw;A z;{FQB-YiV)FSs^OM70SBbKyag2s@djh_LP)NE=~o1<0ll7K0I_X@qUWSAsCwOq!3d zH+pG=-NsgqitBedY$I$uRqc8%dT?$22m?U^!j45dO(JX$OA%qaIG#4bKEd;*=i*v^ z)g*=e0bdEiR^p=h2)nDNM%cvy%h52e*l#w%x}@6(J092O%P=$~AnaQ_XcA!?Sc(XH zk>hD2>>)gF8euo_t0oaP6JH6!&cj9X5q3qPMi}!rA036QJ!m8B>$Ucj`~=tLEihOl zAnaK@XcA$oS&9gYa6D~UBWxnSY7$|m<10bfskmr9!iozt!cqm6qoJ^y4%i5L zf0K={H*jrEqge%xiN^8>t|(t$WmE=m2>}wKFha!68%!kVjmYJAgnVt&=+z)r$fGO%7;G=E@co~j47KwvqV zfqiVhJ+L1iwg>iYT$>@-ZY+ewCG7Ub@_*oY?EW4^M}mZXGoCvo?8W-tlCZDR_m+e` zRo`0@wnyJv5_XBcwpRMmd)A#N4 z{Tuq;(DyIud+bJK2l1%BZ?Es~=6!VTF>wh$f(J^%zmczkRUMj^@bAjkgLpBD9EpVQ zRucYTjG);CbEMu#buyM8faM`pb4tCD`V!BbBlV8Hw?=BCzPCo|DSdB^)c@&wYoz|D z@2!zquJ5gpny>Gzk-A9VTO)O@zPCndxW2bW>I{8vjnql{-WsW6^u0AwY5Lw8sXZ_* zu)oLXk^55LchL9m==+ZPexttcr0<{NeROW;_(=a957bEinXiIX$2L9E|2|2N^mQn5 zBqKdajr4}S80ph-T81^!q9!;Nl{Lx4_O#GUY}d)81*YMFTE+-{g6B;$v9+#8*oG!A0{Cc14~>*ck%L(I9N?9vflTA+Eqe*j!wjw?My?Kw;0~ zL6Znu%~B%&a6D~UBWxnSY7$|m<0~cq;G+2mD?ULZOwPAGsx8S)KiLR-YoCp< z*Kuu5gT5>QVIe$d5@9n~iU_-a<7p#oB%U{ouzY^iB*L(WD}?=ui{>LNv%5yvHrgnT z3Skp}v=MeYV(TmlyA#)DZ&aIru<>}%B*JJg5rh?TJZ*$^79gA2^!`kpW|Ii}FTN5A z+e{s6vsIlRcGU=zsK28^SpIGsVZ$(77QzPUYk0(8m95+)tD$#?l`k%P);eP*#NS_^U!5ZnN=RC>2)+wHx(boDcz^l=Lyj7$ya02~e2DlN z3`@`7cyUAOJfrdsxk`hT_hwu{jSM9<54^FGmm`y7bU0!MoF|X`>v)Z?T+VxEb`q^s zc?XWFQcQ9?W_5s~99qo|R*vF-eJ{xBK$Xg*8bMYE>V?PX>jLv}%nt!Hr~&ma@kDQc za=j$qTf7g)9pgQ$7xQ_-kcJp3zxjra=Xf&-MvY(bKul0M?+>2}4hjctm_+z0Dz@D$mxT5E4(*v@);!Jo0 znK+C>oTR)HCD9GEXoNl$;9zrk2Nzb$b_(oCn#!D~X_R%*RQ8nA<48%bj~eN0#_cEN!al^GcKhwzM9&(pn9?^dJU{_dl)^9SXv*m^9^!EU~rv} zPTT`wC_%GMMUIeVbw@ zK6AL%5l=DB6**QN)3woePGHb%zeiHJj$%9#Jwk_+uR5^|&a}@2YEE6$*I4tD>*X?Z zod0pG_Pzz(+%LZjN4a6RcfY$EqmOiiZC!g!=&I=;pS-;t3;`+S2R^E*z2 z>(j6HhwZ z|Aui6(LVcBO?&X8`uCv|8~EUT^}*Y03g#)RlC^=FlZ_RBQe{HSg}^F`vYzMwu>gC7aqv!bu zxr@Q*`pi_1rtr}&z>7!azX;NY;m7<$J=(uZ9{r3Tvr0WWQ+;(Bzj{VJ>Z~5+@X_DZ zqaEter+jpadi0!n^fZ2|m!i29>i$OF&%you2c)fg@KZe<_ifetmV7@3_rJl(1T?W1 zKh;BVf1-NdmG4i(y;s3H5s6WIg4peGou!chsl z*jg6cnOYY3?Ob0={Pp;I@tfzZZ!VXB4J7)ngcW~-+bDn23kL_Ie1|*yCSnU=C$8v+ z{MnB22V*;5)!kl&!C}-dy7{hp z=DVJOf(f0l?8v$k*LP5zxTxVyNVJTz6DnG!(-U?lu3{%}J_Nf1G3t`+fk_e|#2$a# zDH}1rOf5AV2liFV>u?i7#sHWKq#-1 zQ^x0l3T5tO)prO0G{9&^M>Be0FhJ?&fS@PhNW{hJUY*Y6TV=w$&~a2l0L(vj1_zMp~JNnfg)P^N~|G{cw)uhCyXx(zgdP<8{uDE zNi#zg;$#Gc*%z`EtXPBMc{E+&1SSYv*-X%l1*RfYYut{BSrOVxo;XO&-1Y)`eCFbV zLb5`zlWCh`zdU#}{G_`EZk_`;HxHDABMC+FX7Ill@u~PRURk`Nr@)J0S7-=ejz;qzkr}rMlFnHI;uMS_bk+B<0RR4=t_{)FTU?RHF`j z3m=M`7BwTg7HVZ8V$($$5pRgv6kTf!5nCSBh`1MDb4E6bh!5LnL_E@n4jZez^u&RP z-EqZr;yG5x7m~a|V>vR*Xjj&YtVRbk(x~|&zDHnvnQ_||e=&$&iMc9+)#?nZg zRtT4$0GCb$30P+6YAnE9BWyC*%t^$Ys4w6G-@|ad?qRNHR;clFT(je6yYGzs?ccJR zvr2OX${=nm%0bbM`XX#}^h`&i3#A5|_I!QOpud-D?3{$gM%QWVOf&|D}CWYtS0&W39%j(b0w)v#8DKr>i;f&M)H(9YZgpuFv69;;RMK zTjvW@zWFloEDdo2lhDV=Rko1sbLZMPgRuAj8HI-CdAbHWdUGRn=?t=tY#SVI6M7bj2TeoCV52oC|IvS5hlw{=MrJzD@3;M1&UXDHzL-8%3y`L4S>+w4($Fn!*4o&NkGRriN`Fh_ij zqd#15(4UITQCedKb$xcOM|J0a|C8=yvpd=B4zeOME1-FQBIeIutAPsRxyF1a1*q@3 zhOw^qUezgz1g9Jg#^2nL9OJ2V^g5^B4Js7*SMp6ZZAF{&(3l8=+3zG2AFRr%0s;OM7aMyLb6^uVHm&>??H%tb;7Z-5*HGuS+s zR8GNu9=?PTd{Dg0KgIkSfY7(_8$9O|x2dc`TT=V2=T|mMUv0JUG>SkhL_~C?AM>cH zSeO6d5>5SpN{kRS$I7QC#E-8gXcgyI;}z%WL{Cm8mX3fw*# z+)EwvD=yLL063XoW1{(3t2Se;8o&EHUtpJ>+ zTVGFjN1ShLicLk{Lwh)!`Hqw32Q!ur5O(+*Hzb$(3%O%4Dsf&3rJFjt7Gt^CS#nC( zaQf_BH5o~BFDx}~s|p-IfY%QosldTS*aaTE5aC|9D_yxbzb(vhHaE~nL#X0K-F_k+=L>kK}s6l*g@Hm{c#qp=K?lH3~-rm%8Y>yY7lhVL?p0k1u! zrwcV~pcr=~ewHh;w?L3|q;JVpC#_S(cJXgQct+@5L0CMKrp{{e4-A-O(lp0&QL#ls zDw=X)w@0+13F%9be{_}xfyeU*2o|LF7I8>m;5`38jK}5vGh9f~3E2d>L@DVacC0~s z0*mI$tQ1|I0a@CAfdxvPO`^737|YXv1x2ej9@IVjNf7fL&OJ_GZjNQ&d>3tqyD{Az z2FB@cnk48NDEwrTJ$`>fg;d7bXI~%0z5yQ~r>Hy1!?=;p%pE@6%{_rNV(J9m=g|;R z){)yW%=;+N#Zk)jBD;>{+d)25Z{cp9A@9K%@)$Abe8FS(#r}Oj_vb|E&n7uP9IGT) z1kVrObLbaP8IBJyFO&k(Uop^7at>c=|Juxv9rSWS2;}WZ->iJO}F@7%9)s zT3O!KwW>V7Eq>kR4lZ$Z=^z>=Y#?nMx|<-6Tb3j(kN;Yu*xcm}jR2TjsgiN)LE1VF zDPW>Bi$FA7fyq(#j;lOg;r6PwkZ>2bEj3GlfY?d5gL7E1)AgTmf=qxhBid=MzSdcg zW7pgUd%c4nWA{*BL29vNd-rhXeudiU36Li!NP!z$r1c6>p5=}V<(}sZwUAUw2e5v7 z1id2G0+l#oH11CD&YvuNHgvw81)D8zAKs^6o0kBaW8$f`%?7TXeJJZ)Vpi!#PlZ33 zWgqIPuQg@?aH4%EAJ8_nKd2AynBNWW)OT!nS0L%V1@BGzx*>Rde^l_=@)6fJnhQUf zA)Er)Fl5ybj`V@0UhE*xWC~2phtjVC!akO69E3C=FmMiLCfsbImtk8E6HRfo4@+~E zl9BRBHE}1n%I#PLs1xc$tu=QG;Vrz)#vfPsb2xW^qoGIy|)pK))Ip$F9!9`554kwyDGm zX6l8xi5txL+P3JId_LuMTH!_~@<18#oy<-*BtXsnzgDgC>S4psC`0)OxK zsWF1@(ExWYS|d|tI(_wLL4`GI?&EcD|1SjhRl3?Px=D7b6ka=D=U@@ zC#d)JVRN}XmVw2GdfzY-W+CzJT=OM>$$0hPmNXkXvsdepF+vxkLI{{%2$(raz#Ik1 zb%zo#tIcx0#v<_OFB-b5Q6D!S$}+|?uxJ_Eg>C~8IXwABPKy__-48I^0TgeZ$qb*s z1LN$Cl6mxA=Iw$G13-)xq`G3fD18Cz+-J)fh-0$|&5V;U@O>Et)^qKVMms z(R_P7$@p2u35T&ZxSv9QoQzM-e?CbtP_*?8YdyhQk*9Z2=UD9@LB5J5dlVQ)lCR=F z0A1;ousiN%CHnvQy;DGM6O!et_~-j1MU}7OPJNBx*zZ_8ZjX|^mBXDZ>G{<4@wfS> zqr%@=3V(OJp9FvH0YkIpfpXpc(a8f_Wz|yhz#XsJ^1$u-TCW1pPFFztW61+E^tB}q zTzGSX@YcuIZ9gh}HTMi1YyY02*8lf0x`ZQ#vY$n8J0i|}-p$bmw$o4?jemvGBow{A z%{g@S{VPTTD4T&Qc}bm@>S-$9_`KZ;M@N)z{1J4iPQLNW)^jQ}ns5A{tB#P~-}~XH z=)FwQ`%Q6rbMT830Yd}yUY~v@99{dvRr?E*wf}dVEerpbNwD=p{1&}}KFusgFBgSS z0jWjz{avd2t_IW~kQ2f5Z5>EOB`o{dxg!+y{uu)T>dnr9)jzu{*d+}5C!=+(-)IiM zo}d9ZLVjJY`v1WOC(&wt{r8m`|4LqNIv@VF?~j5$+hXAA(B~^JHA$Z>0Gse*hrD^? z_bahn^Ke<7gX50eBu4{7?nrlUWKJdx2;$a{U|pVV8W=ng`LijDjYuuI$X5aH z&=CDq=p6eeicjLBKGa)$2#Rc0W2`$p_7G7`S9hM|UbzOJQwQ$N=W72_q;bEurI)SDoM!7+cg5u%>FG;nCfbLgaXV3T<0 z59N8GkO{?si6+qmE&1ST85AS*vzW;p%F+0FE^%wKwK=3L(@K$M$%~q?V#8N0kmDp z#U~4DiXq^B*fZc%1_DM+Z6#fDO$Nbn5Fo$etW)6spDfk@{y*~+S7ZF~MI8VB>p4m+ z+!*d(HZ|@Su{oz8)i~~ZE8IW1PUD_hfjr8G1=N$fZrn`l#HEvIH~?X{D|L5loYh<= znnSO(Yz+%3PS5@>_6JN)Z+M*`Vgu#sjP1aS%#LW*Zg=<=B2>~*Bcmj?EqCyhD~z)> z&qm_hv%$Zh4T_$PwV!TfIBJOJU(*(}572m`r&Mi7g$qFSIov*M!K@a%qZsWZ%JA=$ z>32h>$GFUao@q>8zfWCo#zP!}IO93%z6*5+1|quVkGP=I;ry1yno_YB80&s~9vuZ8 z?TpPr23e}3=6VXT<=9{An@xwnTag-tK6`}V9ui0d%?+ND=l_G72W&gHJ#gN$wkWM* zdekb?QMHz(&*F?(}M18qBx6+>%KiN}U6qR`~G`FCC{XTWb3+&d)ak7h%Zt*xeZ)7&q zZ?p6K3%rq~Io`tGpnS_`w(A^U7wT^ZlJ~$`AC|$uQJ^tSSyXg_!kQ8KP#!=d_cb#^ zLnC+C6aF$b^E(dWbm&xeC{^KaX``Z9UwNYWo4n!Kdf>Q0mXTv@FuQ}(r;N}<;6}0< zc!(s?y0rx8Q1!)*gOel&CH$^8aw-6ZVPvPTBRFgC{MZQfBp@eAo`l&6jozQ1 zzJSg@v~r29Y>&AyA+VT*faB)x zkN&}CF=3BTUa1h=7Cj)V689$#dGV)Z3GzyFF3hvJ^mj40-(l+dlKm!sjgG%Ga1z@ukDb)q8R46^Rx{TpJx}hH7 zA+fOw!S0!7SNOnS@+uVFnvn@z)Dj30RiNf2ndAsycDXR3_$FX|2UkMfjn>=RS?^ci z3{qeGD6LVLRPJ;h77Ilk9CwkGvFSRW#l()odaJH;YsNr$K2~I+{PeuQ;5mNyDkOHk zk92-4I#J**L{3Ok5VS-P1QYl$c4Q8}F{5~s1V=-h?H()b3XV{*jUy~@d2E8JvEr&S zM2uAwJ12Gds z=}k=-I@mJ7MfayI^72zf9_lDGMIQM{S{ZJ);>(M-AZHt_Knw2FX%dYfjx?KM&n%`u zU7BLvm0++``>(*VEHH-_{g%@|DOc%a7BHwI$c|duLx2KR0gM8148@Y04hHN#`5&JYGTBe^?c&K`o^z z2T)0CrtEBk@5g80`*ZrOw`y7+%~+qZjW1g8MV*RDQ$Ae316Ax_SuUkVv;@#){c081 zH2p?9)~0Mk@e!?zwOM8RHW0oFqx_Y!lnrRSJmod^fZb^83jfIQHr9-(HP+;;oK(9K zJYzkUf-zt_aAFDV{QLYz}Hqy09DccwWTR<0%12`{IjlC z2vg&)M(ue`1=}!irR%>1@;|`wn?eQS(;y;XlqU6i)f&DH(X3Zf-sbRu4*E}0?X1&P z{D`va|A!iWTIm4=80$u7GzQUVP(a5~YG~t7q`c+;f&?@ghub#XtI;5X#_MRyIx-ur zqjghtWU-Dm$?7NpcHiRLwn^%cIlvC>1WrDrcS1Hl%|b=x{JdXnnS-$7Rb?lsDxsEk ztfd{iXYiq`?&NrlFAcB(moNd&4GK~1%2Hm9PY`1jEJ&Ov7$?JCyG7q%tjRRiV6u#< zU5Q0I>3qpE3NdN+$XvlZIe48lPdJA#Pr7_^#Peh!=RyPXO&;zmj5OTygm#5y=t8suoB8=5F_Cf1pCV4~EoBR<(MQ|j>#&f8-WX56u? z2th#xaKy8AJr=|yvo;U=##qLu@mV`rX6=~^MBi&3 zzdCWgDti;O3)m|_-y(}@S)&Kcx}{m3mx|zGeZcHVCDsA67$&-~V$b`#PO<$OJVKvh z+sSHV=tl1mbtP`0p5?#IxTr^2^}F(-mASIwG|UVQjqgMwI72%d#-92rYu#~?#LT%{#x_e9rm!SQyeOTf_EY84&6JS?E|E51` z=`a{NV%|kaH84bVo{ef=Hje72-qWxwY}s5?qq#V$J3QPts!w6938-c&i#n*@jlmOC zpMo{mfodE;m|}iG1-YYlOwOYTiI!#|y~60LY3VV zRmL9FRA~o3R;O$4$0WLOtLOc!W`D(KV({zrd>&>?<2{G|txpb!QaoLGF5yU^42upj z$+#nMc69f`0s@s@KJ*FCA!v)QI!dEQC|_AU&gIrN8p>B@ zkF7@NS3o6)973(@`jA8b<+@@+!c1DAfcYEABu)t@;(Rq>CEpOvB>0$#8QVBMJgEpg z+=6YMg^ONw+$ihtqsO=DCgpfzr$NN#M{#SE)9JIT8u_IU$jDRg2d7U{&fXBHXW=M3tB(ib%<970o!=_G!)3{s|> zbcJ%0-XtemDqBX3e9?B3#<_3UhCAG(VV1mvdUw!5$y*xZGPC=96qFU9zn+j;fo<)RB8@GlB?MUi{? zlRX7@&!0$T_pSd$N1{XaJtVKMQm;>b*ix0x<7-P34udQDx;-`;lf<#V8fVEf4e9Vt zP5_pg->L#v@qS-x9L+x2ydAYo#tay;K*12ZM?ky}cS>FV{Tt5aobhf=+vocden^E! zbLL!l^{h)^UV{{T0~Orhy*G%0+Z$P!>n%L&^Fm*HmJ4|~;?>U}e%BGGJn!h2%#FjqY33$UQ^|2}HAo2u+{@=$@*2le6&P`?jEj*JnRsago0 zcBxbPg+GTmIOKd{`Tt-~4qosJuoM}Y1x2r~S8#u-ubg7wA)vquJsT8iP)oQOz5v^R z>;NjrD5@{5|2CZnI8WYQSO2Y)UBI`dSXCXS1yt^il;p=+pkItyl|lFe7n_JNyDB3y ze?s+THcH)L>-+b?faBj^sJ`D?o|!g56=LLgO7)q^O5Wux*~8J&nCHODanMhzvdGyv zq=mz{g~r8qMR)`3#q0k2hWckuKI$`>MsDA?t_|O%M>CFzW(2}-6;_o7-s%hWQrC{K z&_Rt}gQ@oRq7T3cm9wrJ+*9KfF%eK819vc!0JG5jLkpx)jzn|CKP_;}i>s6M;6>0H0#j-I4-Gx*0Gc_`xdK~_fjmBFXRlv0XjU!JT>^KmE5Nn% z)*IW?F*J)IUFg}FunZ_DW1B9P{kHb!RQqe{kR5&Uq3QTuxd8fUmH(&|3)5kl-?ckd zn^(fTYLnn<_NN}ZvqvEbySr0X6~*pu0*UL9n058Mt1e_%of?S}83`<$kPqlA9edjP zl)P(<^nu$Y$iEW?>u*8E+}{l_SyJFTTnxd zigexKAb`BU4Xsn_k_6=c;w?sK5~MANhR_uxz*zDA32^o=U6(Kldy=6^_QO|Q|#c4a3gtkG&FS>pqyYIa9oVh_y#hT{Ax zLepb{{@lVll#aUx@z$%U60|+>s*Sb-8g1_A(j0Inncs*9{v!4X(;iaf zQFNf#9Oy8as5ISCA#IjI3mKV1r97Nhkmd|4NFBhE&{OAlJ>WQ`CwLKv7z2irry0)h zhTuw4-_}>Gj`}+3`rsY|u_(@7%BPb&OH-2aOQqgqpOe&mg7Imb#Y;|Oa##EPCyresM_e*$60C8&iW2g#}rcaC6rzW7M!)d}u=^;EZb zf(6PUA2!uozOy-|PLf5IZ0jVcO>Mm`gu|Cuku>`h~yo?!uz1ES&GpN+do&Nb3Zi(x}GvolY-#S zp4t(4qI19uk>OfwA4&{AlS7G!uoQ^J1!aMyeN+5X>j~>d@CTtU>~oF*g$p&-5xBdd zBk@@`1uA5B1St|k=62NW`v+a9WWz9lDl{z>HZ%?E?itjq?~|_sOhHPFd{&PEm{G@>>ZU>#>eA(Nk@!nd+p{h8E< zchJR9GlgjerV|?{MUS9&FM}B3y*osGa~!*>VKAE`sBWIKy2lf$lfkNwtZeK%6Or{F zDhNS4=Eoe!B>btZvk|v6vIHMuBliWJvpksB-t;9Y-tZDgp^!hu!h4Nda_kKo8Rus= zI56=u_0JejDJ(QR5THAlcLrrIRa;>)7%z3!_D`wJnLTBc`uu!obqZ7nqQ8Ib*O{t36D>Y0dx1r-pAx|Sil*=JN#*7}jcU@GE%+seo} zI16``M(`zTS^NYSD1>OJ|KW-u-YL~xoGWw+f{x1=eY8P}IBF7+qrHfMMRtjV{kA3A zJ_j0%kNE9YMS9;&;Wn*|HWiF}Jqgzc-5^L%Y8Xnn<`sO9gmIs1x8j3%K(1o%ibaM_ zhh&>kh9#|Q1>3X4J}Z^nzt1@gS9cV|Hy-O7WB|S#72Es48|Ea8ALTI}A1CrYZ2FP& z@}OWuWDHb|ss356;%&a;5zvhTB<|oT0$pjOfAO3zY=$-RuSJM=8es21R$=Xnah@|~lWC#A`02nBN;)sB^FQ5jbz#5a8s`}bNj znobk-3y`<|BAG)qkO@_<*lFa#%#W^@mXr^0TofYtW#q6Z|8& z0df@|_Wz*vWe&tS_RQ9J42U=HJI;$Hhi}bDffWvfV@(2))}I*Tq-`aiN3L`}v*mMy zJAvRmkxO&HohJ<<7=Ng@b;c723yEr>MQ z!<0GMBysacceX#fj`wDd(YG zh;=rpY-nD6ciQ!J(DkXQskhL_p;vZ?%!3IQMVXI?53l1N*eEY5j5lb6UcqoDcEYg; zH_7r84Upv}!P7<%qQ=uKHo^72Q1ewAQ{V4wKBnf`H73Q>k8Y0tY$v*$_z7rzEp#%l zpITOfhL(o(cwa7zhPJ-c?@rr%rGKi3O@(AOUY2@vQxvsyS`&%lq zB0sdObe1tI_JqrcJI()TW_0MkDepM)!4{9q^j)$lrKH?9w`2mc+rcBE5Y`Z?zOIB% z5l^uIi}DP9VIY2t%6oxHBtb2}4U)vUqQO#Jxr?{>Mo7ZA@a|aTDPn6ga!B$c)Z-s- z2FaAdj&!VdxX}cfnsdH1<-Z-qm+JAOqb0*)qaOw9LF?zD63H+JXBM4dZuJvjjp6%Q zuOs{2=xEk&-e?J0j1We+WkPxg5^DH9;T%8*U%z#v6BmM?1o<7yVGpc^ShEgNrfFHW zs&_sjws*xAJ_ev73>|uZZ}~Zh?7z$vJP4^fAFY(F%E}Ma;Os8)@<0s|>9*t3z~cN= zq;X8cHEc>ax$jiO$r>TVXEF-`4pw89br&-bJcUQl(Z^s{0_NcR1g8P|KAO+s4_~~3 zUp@`}gBSD}ZRsv%lrAHZC24n5eTj_kZ@>>ozP%QYP#Z$}ohf)Nf3BV?!1jxW1=&Vu zx>S&7=bF+1?i@*^BydCM&O|nztlU$S*W<5$60gUs9PCrFkaMsrl2UF$CQYQ^HB(TR z>b}2~?mEvB+z05U)0L4uk-ajr*IPXSg{Yq3!umSJ>We;w#jC=Fx!4n^#5@Tdtgie? z(CIkLA>I}7l%*r^sHlqemF&B^M<=TuG5aoZfHU!Kfl19AXu&)Uzer4GjaUd`76@@) z>~uVr?#MpP(H$z!r8_Ge-RU=456yNw1Y#RaJy8CT9+}PfxQWyQO!uIBG3}33lOT1K zN;wcMX^T@J>CxD>paDwIX@TE+P))nZj7;7gLSYs{J&`VLnu{UXIAOYlI#(YZe zIjxnqwr9tbWAZuWPgqxmc_TQwuyDT-x(ujX)hc6KNo!-pRH8Ll_4YdaA~(mYHv3}! ztOJsLZIO(1oW1@GY&|xI7D${as!1EF>N>il@am;DmAT^+sO2 z@${S=^)Eg0Z{y1*Mjo3kSp3&Z@-m(9WAwG809YOn1d(0|?=wbN<2p-UO9~2`CpJzM z>mE>4;cl8L9O=0=BpViyDkMGkRXRO)^-Zz1!<{_XTHovB$F%0QozJYlhU7@?F&dU4 zz*5g16DZU67)$l?{t$M@~7kp6iE4c|m2NrbhN8`#SOE_zELI0xEi7fGt z(q1+*`|5bwM_|abCx|-lYy3D5LKM)prx2MJ-a!m$nX&HJe(Qr9?+YI2WUSbTC)&v+ zTGVD9h~(mqceqmb)FNR`4VJaPsS;z6jykyEsbEc>vEo)1iFUeY0YA<{T*uqB{{w5m zy4HC5n#KRn)O-aTG>@E`m-uaJp0wPi=JEQvz}zbV7KHjcT%n%|>W2mDkNGm%>8$zn zp@u%^I#gml!j4I=A7=T$veavh%KLEHoZj7gzwX`5g3%*Q&U2s7?p<$3?|R02m&*fJNJngU}5k3>T6hRjXcyF1xCZ@l~)_?W%(8&{0|T; z*gGWK{)$$vX7ujMzw6#@V=YJAyRYWky;}`nEIxayzAiAQQrMB+(eM`U-ECZSRt)3I zXr~ip@+HnE^lsHM^sarpcR8y3$kgEeu|}vrY&yaH*BGIpaxvGa{E=oZ)nycZjD;t} z8-Eus(KrkHjF1b$S#UoNWqr{uQ*SwPp3?Bb-!z&YVvR?PrWdcV(bOM+S!g;#Ul*7~ z07RjwP(i9D@MA%qUYpC8$X1n{2)eMR%ps)8o4`jL&1-`-`NoQm@CfCPOJ2SP=?~0@ zs3aX|;HH_6#kt8;RT;aTbAb^CnFI!h8JFBJ9_?b>3_M5d{^q0aC5I_JD+-ZOw;_w)HYet&#<@tW6ppZ9sc&N;8Mz0ST; z_VrHY>&@1XtIY1~Bdv00pKB|*8TCH|>Xzf(uy@RIhYiIc7@s*(JggohS1)>4Rg={w z536zXAzifYX5X8vE_?X6o~+oR|E>Z!ovc3fa5a;xl010rTmh@+JY3a~)gx}JT-UtFoKJXWMlGyEn`)D=8gLQ#*$?NZ!36>4pTB-+50XVyOp?rur>HhSOgBXntIl^+wW%5KzxsS@O8qfev;csIQjE$ z4<`X+^`wVY7+JANNLK*;VdWX;@7$q0nwD-2d9h{f8bh zJVgNyce}SYa{mT`9KSDRJEYL%p7z+EVxNyT&#f#ryMFJ6W4X0d zBk@(|7{p*}4OjEEhFG@8m#S(p+AJzX=W%;i1jRl7)^NLrzN(miOKa);RNW)22D{1q zFOSlKrc3CqMu;;J!(tY-y#Hkw%>Yb5p>xjP(}D! zbH3>LfAX;1h=XE6`47@+z+VgKk7;b9+(sl^dOFjjr7UlEIkeigx ze;)c%@@dZ+$6*&(H^oan(Fns$$tP2U;ilwM1)+M$M_~#+~n~84jtxC9>v_HyNZ{`SG?wz_->PC!uKv}BoV%;jl*{kyG<-T zdul0&*ff2UK@39>-J!#LxT8KzY12%2Z#dx6)g9g@23%ZAQd%|OQZz^z8iY^mzi_(7 zTShewuQ(5%p9k3N7!u7>vy(otM1XCipgC@u7H4zDe8FHdQ{%Uy4wNUYGw3t-RQpQg zc{*$kDdAe`AkUH8g5BeM%K4(-T-IovSHvk}ywNeoW4f}L^tj>tWF=}Oo`2Nqz9yXt z15y9&8kHty&w9GNu`ZLx+4{|CcAU+7=Z|YJ&mEU0JlTudL6ik~%972^$@@bSW0lgQ z{M;S;72G-8Q-1C>&}D11k~NqXopz#9I0`0p`4%RuHjYD}Y=x9q$;Q_Y4R!?u$Fq{& zSv3>WAhf%X#H*RpR9W}yk`s__RQ2*{Uj4Mjq5Hey z8yXJx`UZ;*8`l)xp_|`j!}vhImq+_pSiQ)Dn#?y+HB(nby1ez8Le(ZxPM|5&n;UU0 z9H2}-I{(IFPPMu8ypcGUKj;=`@t;gMS8ny!qo!zX&RebUi7w7%B@YwTTFfc4m7fp^ zzHKZL@04g=KH2nWy88iHI#!ccX;>llfzncw?FVQ9MeA4&aT}mRzDA|kJIlICh&wJ# z)aR%ED#yht*XJIKb&C2brA77m6q>g5T0g=1J2$yMtd#jIcI4Yx4apYH|M&aDJd#Xa zv+L*fj#krgudrNEx%CR$3)t2x*U<}JE6bZ?ynQ1{kj2B=i}Q2s$U0q3%81o#M^@K9 zkf3WnWqn_d%O*W6tm1FXs{5c_uj1QskwyG^bcz?BgpI`y@zMk5s-7)#{D8mMXa7 zRz4P9vDSw|?plv@8`c67r?aJ4p4cX}awh3c(6+Ho-!_ij6UiFi&vEd;S$Tz0X9aJY z;EfgjPz@AcW4Q>+bxjl$kA&vh#@qL~h0s&5Oyyf$S(#K(-F3RInZ;jCFf3Itq?v8j zHqmxPv`L8a{6>|!R{<}_9x?U0zcv?zCd#_X<)by1d_$!hO&5d&8`@_cfWo;MNc*Y9;jx~HedKEh*pod;Wi9NSY_TT=ZQ zGFEBxXWE|xR}j?eGG(piPpx^sq4M-el^j#~oO0;ZP@ZB?>icQOvJP*nlqXjKb9>i> zU~^sGSy!{N;PPsu%d3{k1Z8TfER;JBn(*opr4&1qu<1r`nU)4y)*)+Qeqc^wQ|Z;> z`i#G?<6}dAa(%{w)5Saw9l-Cp|0_z||3&K+`FeFKJX}3%X&pElGT`gLW0c!X#Nqot zRgz3n`0}mQtd>t_OI+h{(q;-t)uA)SFO?P;&EFnS{iH{V$1W@<<+b*z~T9{=t%LV z6zx1l5~g63LA{O^BPtg4tIJ=PzoNc*6Owsvy+Sg1th}+c_&PT5Ag(2#a~tGv+)Xzc zIeg)=32rNu+&a0rHF1Fd5**;~wFjKGBVbQD-;Qtxi`B9wJn5|TWG9QCa*SkFMYG!x zG8xa}CV1|@$0Y_j4M^}~d!z#yKO43;*sxTToiioEXxY&Or{xMxXw#W6F$?6m<=}h- zmBA#*@pXb{`D5ojpui*(|Tyh-teDARzz$J|USFczRAXz)QjN}s4 z-z2JODeittsZVSzu$W2zK+$bHI&s5=St;Gc__Sj{Yr^Lq4{ky;n(YdodR+ygOkvdT z$hk9hGt}IU_dvZIv}F!xl_fc# zlQ6v;Ok@r&2nX#^i+DMRXAZ_u6$B31%{f>o9IR{XU@+tGh;Z-{QP&g ziM913y+gBbS6ljgW|N=yR(#Hu;Iq$PW1mk5)PdC|Vb;Q2F3cL37YZ-*dq(FL7%XG7 zW3VJAaLlfWGI;zse_b+DoerdRt3NAf*%!rop#Kw!4wZwfS9G;Z?|^l z^{+k`nY%hHjI9{#fc*R(o;tH9mb)9De}P$0ukiusDmZ1df%dCdlUsY@S=L%Aj{#Ut zZncOL&sOsj&#G3?w7N4>hby=A{r1xhEm%0;x(hn4mASY^&^K)2fZZW8el^~>Z)mZ0 z67A0%%vvhqL$?i}6=p;2~m2_;DWvAUGd|VnF{|WB6 zD}P%vXTM(cmcFt*H;ek5)!%Y!#*Vh~+?K|5X0TOmp_Q}HAjC#)*Vz5g@S0Tgk*Le( z7#3iw8ar3gUz~~JIk@4mEl<%*$jm=kBQy6tSF+10Okv*KxsnxbX7ag`^VlK@F-+&* zQEor#F_Wl}xAHtC_jCapUUmzGjWf#O?&kJtk-jR6%?Z#cN^DL52ep!hf+l?Yi`0bU zHEY7f1VA$^4id`0`8fX#H@RJy zkf{o^PQ(}qK0a*wwSJ=g#B#-FR$Ts;q2lYI;lN7Q8MGzW>_fQkgs#6&J@%@6SC8fL zb*i!}*=gztzq8Fj)NNJD-?iSO@%>}21$8*Yp6{P|Vkv@w52;6Y`^sALF zMWBi4(?;X2H&lz_JVML#*$|HzRd&9jOMjqUM_hmSKIMN?f1v)Ey8H(ELnw35jhb5M z54VDPDHz;Af8l@*)bMf;#yCt84swV#Y5_}D$i+&%ZV_CxPJf_HNR4^*Qt*o6ywI91 z!^EJM{&11%>_$O3LB)|W4i_vaOm``@vSkQpCfis{#S3?Z;H~4uCYfwjFyRAJ z(1#ckQ>nFnKx1Fct`DrmZXeC1R??Q>W1z)oDB2YY&+5lF{yN_MHTt6P%7icJ3sPYG zWuMKgKfNoABBf~G|E~6E-{;*)`Au%$7qX|O+xIC0l?8BP`RWL#^%k62hV2!&{-JKk zKp4izUo>A)7uYnzPhAY<@tYg*3vu()+!Vh^Mfm#2;o|}8(ljGn)p=<@m46nV8+@;A z=6ifxMuKbUdz^~dl%&6szjsvi_eeiw`|9dG@+l*CW617ll-t)mRL6^=@)klw`VNMX z#qN4{1N%d*=p$FWYn=mLWh+(AF}ATZ4$oDOvlgy(u%Ua#9V;^Dy0}{l1ZQL+XjIhL zd7b`9+E#r$HX^!DgtYwHxSRyJS;~huj!|s3M+f|#P$~>ezK%s6)1&hEERI4&v)t@j zmJ6(-DG$Zb>Asn4rnITX;Q~{6oX17`%+E7*ucxW^n6Q-n_gb%X!;#dkOI!_Diae4^ z8X?t0)VrraTh~}#tEP+>hPdR@c>RxOc-eTx$r|@~MR(8lP3AXhP5ANYP3WPMZE}9I z-ob#(koh3}QWVR`PBqeAl)EZg6%R>-atKQkIE+3j#?{b4l2I&8L%!qE> zp;Bl|c<=q}F+KzRzQRc-lHy!n5nsJ^ z8xC9jOTiYSKTsiP*h;&^jAO4&Z2SXVvp^&94r09htkYV{d!mB(S=70Lx5bDC-;^s4 ziCH=C4HHL?_ObRDtx{KbO%F1?w>u@{2!+pVLD5jMz0F;D%7caPFP4R6T}j{26s@)o zJIcO(aAW6>yPe}|S2khf(?@)Rwfs;)=v<)rI$BqPtI<5yl{8gby3TU=F@Tr9!9~-;4^ z+n0X?=^j$AqjFF-VhXf2_Zu|h@9F!!r7ypNJ*qTTSKpp4IZ#**U|&s8SI|WJhD>x% zvCHouDuS{rI99@jd{lO2sk(wzbWMQ#$y+2u3QEOv+*mYSqp!Pyj5V#7CcWAgQ$Nq0 zTTnmK{Wh11slI;)pP(ke;S2t3C*K!zCp_Jzg9}Z*MYPaMaOkTe-r>f29L}oMvwMM3 zaAf^0G*7|~UO?o7=w|qJr3hCV4*b~jG45m`wp2*iu?F+Hq>h@Wwbi9pt%!!y;4-=pJ8uH{3%ypTtc)Up(fbE%a*B@ z(M<+iJ}gOkk{m}&R9AF`L0_GTgv4=$3GZ3M%0|w1yQP?%IU-{68zjw-PQ^KMS|)RN z30XscBs7{CAz8b^k#NY?y?!O>yK=%SURiT-L2ucWCDtFyuB6yzIN}fxm;R5_P3*If z{b@{3P9GyAtFN^4^ttAP>$^^;Ru9B`N|6+tkCuY@Ae`XoP7>SW{J1(F%OG5sSax}; zRa18Pc3V%#BgGcsm`gH%QN3;s`R!WG#PY{!`=yUWyjc&K&KD^{3KnT?e@(A4A_Y(2 zG9kU{xAcVb>I!zv5Yq7Je36Dc)p2UcDRE;H&T{+3e!_$jUAao*7)og<(t~9DSOlIa z?Ke=4BfpTZMx_K=S0Pi`mdWBvuX>puTY@IJ(NP~UvfrZ-o3u)u`_z&O`Y8Tgx(th* zT7ttRst2O@zN5kZpYSdkeq6;Dx6%HC3E>zJnj5ZlJdd*-alT*W5e&Sco9IUX??h~cMq6sI-#KR%p>e{fz0ZjyU! z3himc^f%1^6y_L*hK`~{ZGsbW98Z(XM9l(W(v@!-`-bz^k$Z5t+tEe=Rqo?GmnQ;B zhlSrnK-+Seb%4xRK+`Zp1r29qNX!J(x1o*_I#wPDjC&vI+i(M`oLu4iz z8NMWOev3GOB#Vd7x~TcECFz+EJ3xqUF(IlYNUYl5o+%3v2SlQ1K!hxSbjg?wR-v#N zF=4$mWHi5w3Xe$+bb*}q)y`{*#+Ayi=XpT-Ds>uKbuFNr0{|>ri7`abPs8g?_iv~AH{1}r^nA0l{rS?0NTE6c(M#WE|yiqo*9!is8sBeGM zS5IpTY0*WlD^<8naNttpk0YrGC?AL#4h!s7wjb`%Bs2tD-cG9?*cKP}Vd>R-Y5jiD zC;Xzmn{JbHoFr!GFQ!(8^A-w$we~Jcm|8K z;`~wdy4zq*<>&2qT}|1a4}CthK;)+*?5oD-?NG%|#Rcc>s9zl)v>_|x0Cp4m=Hq&> zuIs0Tbw|Rj;RzR}K@}So!8R771;Wnb{Tjy+#6P|A14Ue4XEwj4s(!^`N~mve`wwO1 z@@qlryRSh6bcPEyR+GMnzPIlJbp;6qM!!4N72j~9f3CXXV{Qy6QCA$`#x@pp#cSLc z2o5{AG03W}c!nE;VfzS-`sxliQ|2u!&*+q1nU99%8qSZ2L?|}2D|_om*%cgKqsCL} z#c$K9{g$R){33-ambc2c9sb>VXoPRZ(@raGWkeW=H8`E}eq!tURwj=+HR{?OFQ z9+VZ@hUit-C?~+h+v;`C!)Ns?-H{bi>CjOiWrt@)b_j8h)=LSQL{$aVt&}U-B$0AE zI4*rt)(1c4i1gEt5S!f&j!7q4k-`&&wuAfd`e0fHD|2D!f8w|#y2vpGrwoPZ>bq08 z(<@J;RUS|4XV)j#OS`96Wa`_(gqj3lG0_ zS~Ew}(A9?3$vSp&mB*Py!8`)Dq_ajKlpR`y^PUPrq5Tzx>KrrCV%d!i*SNk&{lnJo zkK35dM0#`kQx78^Ui;(L>nLbx5frotEn*M>*`D#37I^21GJN8^eGGC$@#D+bHCVWY zOno<9Fj+PVy5&|ftWYgcS3FKdyYeaquzk`hZzaua9nI>ds9%XoF1r@5zL!)$m=e}R z*;kR2s{%1SW1^$VOvo!}h)^FoXbv5Y#NkHByjTz$K{pTDw;dGq$x!Cefg4{bIcL7e zhn?Wsqwc@KGzv|ibY%8(cYUvlh5_$V|3I*3BS&ap*1S%r%S zMxleCUPsqFmeKJ{RWP9GLIuk1PPCsqAYy=dUx*5`t&jEcQ~_8?5|{KoJWs@68nIEH zkkPsr%uaK~U?sI&m;!P%APTZfQxlF^yP{eM!3Ev0!>rb1OqHF05$)=+8;9-MToE=} zqjfW36KA+wi*hF^mc4QSzq}By}6Iv_=xFa*RkpLqd1RSj8}TJ&&Zm%841G< z?5t)V%WzygZHvd@L}izaJX4olE>*Al32`sGY_oOdA!?IW9h-}_B5BpV4IuRaxUVWD z{uG@$=foLxj~o?=zZRcCu}V)kVO^41^#acT?C3eUDiTfMKj#P`((${q?PxZ;cb7GI@mR2E`2Xt;toxlQ!JNLKcc!1Qj7mRI`xD zldn|p5dMKEc!~+wIe#csM0vc>Ydx%-A>8s?H=E1P;1N;}`5`}0pTH$Qs?_{hmKgT) zWXck<$Z&v7;aKV$OvB`Gb;kl>)`_(QyU!zp^8Ak&&ulS#Kh64Y!Z*=7e4mYRhwoEi zmc!SziST)i@858sF##FY zJjdsnx<8N)&(iEo6XX4NQ1ij&moW2+nIFD9kyf44@kP1TMvabCC)vGa_b=^Mn{??Dr??U}9 zGfa0gRE*Dy2@V>XkGYwl`S}XY=SbH;P+9sn8k&!(xrw3qHVU?n3AQ&FnvbcuiJ|%J zsDfo-&}b$F8N8btnja_+&C?xw3?#x zU#DQ|8tuo*GH8UMT*d``FmPvQr-M7O@#VJaer?$k}5?*t8M)7Zbe!M>APv=MM-9X7m95{+fM)Ub`G{Wglp8OW|WuYshV#Ufgly{Hx z3}E-oV*OYfT0Az-I-YIf=G(z7yrOjN`=;akqHc31-6taHNP}iMnoS5mH>25!7WSqe z&2;mjc{%zXeAr<+d|}Q1T*5DM`DMk1V&)Ie{j@kp)Pzvb#iB9$Hzz#h>v+xQzsL{2 zrSklc>(MK};rId8L=WFEgAE^qt)HeCJ?OYLfwBfh9w~ol8&_4)2>M2(cb6Nrw;t(F z_b|~l;t&Ns3SPI*8jFUuEiBpksX*+wpj{kz7lLzM4Z(^AR@S6X zqMDY~;{9@wSJmx^smFGe*0Fe6!JoG|JmP1h%O`6$mSLd3_ornk z{7`jY(OSLqBUKn4_feDNl|p29AT=Sx49a$u-#If$h{=j(pVwf`s1yH6M_%GxSNR-F zey0(o5OJ(ZiUC*A>f@xXwg}-yM}xO=+BsMoLbZ_DDumH=SND$o z>v0K;UoVdiTH}uTbj8;%v9CjWQAd3=6?9WxY89B3AH)>X=w4}6r6^u=v}yg$S<^9m z8s*WtDF)c&+U_zceI7;Y9L9*w&cFt}uk2$d;f-$uE~1XWECt;-D9VP=mYQJpteaW5 zV76n7gRc6t#~&koSuy^%hHkMB##MjVA;9uxqP}XeJ8%BZ@@7AM!sphA_)pTR{lD!; z_e=V98aL99YJHmP#RZe6ZVHK?Fz3S5-qB0*b?(o6{nKbf5(yv|C&B*+GjHn^@QW{NiJzvF?R6_z3LK85V;io zCbF<&q8vx-U~#0&YZ%p(()!hln>hPUfD4={lYC%egljfLzQEjscfE^1smMX#cNJ^`XzDRjm+JRs)^9)4Hv@ z<5(EkhG0_q6kB)KkE7(7k4=K?%$?m|Aq28K9gniPQd~94#}~5Dhj}_<7*?(ft3w*w zUmt(oi96Yns}eWB*8ah0D);*_a$xKCCi1)VhK5|Rxp<5wK!Mp`m6$`{S01qMNMzqe zV@?u#d#e+l7^cF;Ci}yv_wY25KUMLkbpEsoPww0S{VWqMJMi$tlTQPActWcZucQx? zW;sSvfT|P6^Uue4eV)X=KLVGCPc(g>hOCOf`^=&Mjp1Jf;ww4+nRdE(pepe(e1pl| zQ(*6Mp30qniK=X)?4H%%70%>0NEm7Al#BXwfbA zMVB+IAFSg)k;mgI_p4t`@<~lNV2QMjQolL`E#6Lj-OoN~zw~Rb(_L$}uj9Y2pD>}{ znf%J}KI&KZp~)=AD$fa()^e=vjVQ-L0l)fQ>Q{aB6`xrB^DBMo!{G{i)*>YTP8%lW zAB2d=6{4{c&-R5B4fzJI`HBr6uJIPyA7tO0OwK6t;0h8hg+%&%8S>}`7qLGWOOowAsKQk77ckcuiI*PvM_+kZ z{c0+$wzl-MCaYf^h1JV@^mQj8kMHzrom?J>$G@i_Ae#^n$Yy50y8Oy15Y4*~O%+5_ zIiZRqQ&q2JQn^4<36Q07H>C0ezE(;lpSayd(W*Qae}S^V`2;2+UIg7Cbm{Xb|7q2U z^YL9;f>V8W8N`G21{p}&w1gi^typ|>6`>3#zNrvnT9to)nA4GI64MioTSq`4sH{VI zQNOwvK^?s_E#ac|HubA3uBTS}y+Nxk@IWieu{ii1ecf>%eIkoG77O}2CJ&R6`|V4H z9P?8u1JWvoeFU5ObkcC#db;Bmc#DO3*Yj1#ILSWsv8s#tl`F1OCg}h!PcbeBl94Zw zl?K;`gU>y%gSYv~IH#aG@isgu8ODR5cl_bRBmPKEkND%gJvE8PALjp=_@_3CKWrMu zAKu<5{)~%P{9&hvKb}0|4~82ZUytx;4;>9-J)SemRtHKb5>>>s6AC(!_Mkd z603mi8+u{=32x?yS4n7TR?-vbv`;9%9ki!`y0aVh$Cv-wg|VEk-<|A0E*n%Z8%uEX z>a_RtdtUnc=Y8xUacyb8!Np%_>1myPEOrZYV+S)#!vY-BThegj+c>p_*5jZF9*z~M zINo6fayPP~fBB_iTPMV^3kC6ER}fEPPYNt{!vaD2lAb_!e$0co4b;^h$^A8cFKx-o?M( zb48i~Unxd$%~n*v2p^rtQKd%3x*8?=5K=TqzbEUCM>h}JH9^u} z{6Sy$ONcUAu_B8twW|D)^|z@Kz-bV+QRkiImz=g>`)i0{`3OJj&q!t**^#xuf2V$! z1Z6e|mB14)vZnrV80`C4`)@sovR^^ZIwp$5wPgMTV#WtW`~zC^o@gTb@yPy^3_n2> zG@gt0e;8fLWPd=>5)XSLj!ET}20)6OPZy_XlEuo$X|5 z)fh_jVA|oNwNJ;SEbHFEsv}upt*>i{!*MI#DxUXai6AXrCDn zv$PJnTvT7Z0+PBltshPZJ(^nQ^h-t0R$p1CuXBu6SFi=gIAM$Zsnh!XLEAg(uKVfh zu3@m_9ULrb*Y6Uq+vpRp8G5{f7U=fTW6MF^NxyWcg3~d>m|l5?_riy&QrBz-|g}aREfg|*FC;arPcQPt_jmW5+Fd{HjbrAR2U>D8zeyROFKwGmq1RDj= z9k=@;N2XOS!s3h-T7BiBnDmMZ)=rSBEN9;RaJ&wWJ+1cJ5B+@ErSEyji)-OHCwbIN zjTH+-2SZAMkW!#y4<%96sI-1pQn4=q5l^j75fVzojl3j7Swd0Rxd72XK824Y`)JJVfiW%70dp=CUoI3!Ms+Vc7XRBbDu>!9R}ZvfrF0-9;hWm;eUe05 zv%M!SE1CyUAH7Kh)&4I` z=c#AzQ@6zl5lI>##Oymqkr!Ec!z67KP4l45IA&i%&)Hd zZ>(cIwofUDk9C%P2%%{Fk1`|L^?kFj#)S2B-qeymxo&^fbARCaJFMHD~^RXz8gLUn{2DO4|WBZcY_W+di%7ju@V zA7HLf#QrTBJ!_!@&f#hO;}6 zloW?xCCe<)eyknmYCno$WbH>04E8d#=Flq8end{kGv%;Es=2HEf9pw8DgI;0wmPv3 z&Ig3<-?cwkerNwuM@>s&e`2u+?IPTFf|=(>WHq#i=%+SR4n<1`r8ouDFI}`@B#;=#U?RYG*rhQ=Z_oHv) z@kJ67)G>P(Xd-g{bTquL?BO!~!G02UtlWg-3%9n$_6K5uCnwNt$Hoi98Cz-9OHut@ zw0FUhl?&rbRJJj$Q@1dJpwU;O8M4=7J{Xk&_V!IF@ki^GL}L8MAG~yh<4c5I!@DJK z(x{HT8-5TIVtg8FLCE<`rURAX1@=45$f~@?v-n1qQ}=K1e=~`tU|%G{voPY5%HQmN zLn%k&{izo6s_y8A27*{cP^WZ^k&uNmr=cT@7R2MT$mHX*OqFn>() ziiNyX_Q;D)Cv?fr2T;q5J!#+BM>TNKeF`StqB}-W=A!#Iy{7mgEbi3f{b4a5fjlUu z;0#5G`0znmRW7pFN&7$+oS$quw9%*-uiHn#0zvbWlkzZbyd%kt=izak1jQ2*m;1;e z>M26BVTdwBZhZ--e!0SP0E?pWGvx3*=1b!F$#$z8p6#%(UqF6>m|p1b5>tmO zJXp_y6R*7a0aZL$uh7mTE~qMU070D_%=B!zDG*sZ5pR{T{q`(l%Q?<>WZ<=1x>R1| z^wwg)flGHNCI)&1vYl(Eu}40+YEns!pG{vAXzQC=ot>0g`Lmk?+7n*-E8tJ^g-IoT z*5B$Q%a317uAEdtQvMbkh#jW9F^}rRz$9fMc4SW~9e;u%*TudJQ_g4;ZQaUH03|5K zn2oSMg)b3oaaJ)?YO3c_#e>@Bx_vr*0x1+hnh;Dq?kvj(1)@4TjkNS^qE~6-&J&v07V3Ig=F|4#ZwNrJ-V1Z1F z<0>4~8XZ$@+9qX!<{V5a;o*R0r|dtWg_%XuIH;aSp(}ME39U;%%IX^CoQB_7?yPpg zQ)Kn9^s1p48J|d7bk=mFo{)VokHakaXu1vl{~SrpgnAwAj0CF~KTuTm%VAA@PE>Ko z@U*=r#{Ler+tT9*deqqSXL&WoCn&Pjkr~}6lKT~`m9C|H_+~RPx13iJ4BpVI_TvJ2+Yqob>}0`hh5qh(791rUbrwl?jbhjSS=qYK6Cu z73m4vN8@EBcW;je+l?sPV`*FV|7N@WD;E9@Z{*)P zw|`xQe|1nw-1Wq;dfP87E$6v53~qE6h;#c(WKRb!C zzhn_~wV)dW{fD6c67+dN_Xv7G&`$*YPS9Tjy&$Mh4)=$7CY4Et$WPqKO?n$=k|rXty(H8OTiL%RUn1p zZs5AeR%+EQK+2oNCkvKq4ca`@LKCjJun@yWUyBfzYJ2DLlr4n|`ojwg`~4y$jnU(Wk{CVm9;etw z$Npq0yOR#{_gX>i!TkGKf=`*C8bQ7N)4k4Z%2FmW|8@u}`y*4?-A3{Lh@cr+)*;#1 z@$m@@45g;rY&zi-*@T~Snwp!Dg;#WJd$!eLFj-4eb5l}am*A?=$RZ^LK3}@P!?96> zQ}&Mq3O~C-dA#deTDi>`k8& z_H)~L@{{?tmOd-|zasb?7F1N?R5+;~znvFTDsg#q$enq)5ru7>ArHkM--ukFOI5I~ z*s7J{sO|@{PYa~+hGP0EncB20+X5|`1n|UO29ywU2~`1{_sEeci*1HN6nIpltdL7K zw@YpzR}#k3TtkUbTS^rQe0EhHl=BSWY|-WxqB3mGUTZNFFEmO;CX`H6ar0cJeiCI{ z)&$L^V4&f#6`@3<&afb&B}S{sin5Gw^ZSrp9w^?i)^`CDO!MyXePLrR)2B_09pU0x zY$$?=5K*hmV&qk(knK`K;Uc3Y)>K>=S0JHk&t1f-LSs>h6%9y+t!O;|sB|WCIC5lG z0W^adrc%^&xhRTgJTr)S%g%%ga(x44sO`=ovvZ zW4XOn(2OC-J@L0TibRUU-VEoNWjK#ns)^Ml=HZAD_B?cwBtIV) z{w5{yaAXSV9lnx-sq&|co)P@Y28(#z#_173y}v(xJAcpPm(Ya#dA%fu`-tE#hg0^v zpe>J2<`B*=rqH%(9Z(a43UhtRw70r-yZg1TXGXl}S=QtLWVYhI) zThQoU{P}!uPN((ZbiAPbqxmz{4GYjRFogsa%VhHcEgq1C&CrkX(U`}1))3Geji?l; zENWSWLk83ui&BeAts**jADzzm4;OUTRQ~Ln$>~qRK0Sj!9~HExa91Q~gmAY#i@Qs^ zjnlgY^_j+>`wRLnL0=d2c0unFbhG$wir_1!qqaRy#~s5szog-uYNv3zIZZrI=Jbr9 zEdPuc&s1fjCB>C)8o_U$psfBD8Z%Yk@)sjVjyIPq7u7(tlwszTVJV4}s!vgKri;2U z*8trbuUwyNr2-?W@`2i=W=kRJ5h|`;g%S<^(1{kqLe|jB<#Ll8E+GIpoEz^H@e@>9 z#GiG7<_Id6zwnRvdzt?9A%AuV`nq`UZGTL>7v5)6KFrHEkZ4GSHbbd1=WC0MMP|$L zk=hcAc_HgZX?qtILiaNkF@w~*w0EAAEzOc*dYAN*wE2aGg^9gyStd=ubRN^ONmjSp zikW$8@wnwyqeK-WWpOCAjbADn!%{SgCPQJfPAQl?d`La$!qna(Y|v<_lT=!SiXG*E zsiPLNxrnt{=qQlKP(E3RvJ5C=qW6KX(4>`OOCcIk-aVLRTxQjpN?BuKLYE|u{3y1< zHcpzzI$iXUq1aHk{4Vy9#VUX58RzN6XzUlE_2L~Jts$S<5yeS zOEQ_N7xQPcu$SrO5>I}+Yh-WPbR(d`pLCf=}1}3+B~z7 zi=X6fKz1SFyQ)1nEJmk-btn@X*OHXIN~xvS=9(DX&rE;8-7mp>1y-uV`Pep@_0B%Vob=3-+B z^;xNU;#wj)(^}6?DQRA|VncB*A_mE_xKn=4@SVW&h2Ni~Z}{-<{~!JDFb#eQ(H*S|Lt)7U-AF-79Q`1MZTo^lm=CeT-hteh%qTN zd^A(hkv5m0RiJ)5bp)w7&!mr-b}(`zGiRc2IuVLZse~46qPZ~7n0Gt%m!U1>+Tga7 z=^I5h8s|(dUe1^m7?+8WG-+<0GzcG?eC=Ov2J-Tu^8zUc@ck#@u47rI1^?jchcJTe^)4EryZ;Zs|7CsG)^hx{W0m z%d&Dyx3R=loGV+pjHM-pTqAesHev)`=IJ&iaBGd(!>Uy9=4_w!`ydfMm3za{qp_>yEuG9!7(RFc*}u0c$uk`#rfHOyVKw3@lo zg3@2KG)NjLB}sFn9BBpYf;Kjcs_YZpUFBANmD_@(u__yS~){Fo87Uc79Fa9mLf76Tq#unsr z$cukV?mzM3zgh5au73O0i+@Y*BSZ!B$SAJg91!%Zpjo52{aQg^5cEHSUKZ3`LIa1G zxWjC^RU12ortnsZN7ji{+AY91P480eoZh;@%VOzg9)BwhGD*2&03P2nE)wfU^KLYT zeuO1s8BP3)F{!~F(%^^GJ1$$I++~sb`8#xdPePe#j z`QvS0GtZNc$X3$k7~UT5$mj2m2%03~v02cP8T|c5LHW4-&@59?Nueo!IiG*P*ttAj zzh3Yy>Bsq#K3*yuQ<}>k%0pt9MZ%y5hC66-OddCK55X|!H0~{b*ZfqD>;f9SCp&zd zZYab63e6+Y3>CTrO%B**X6dr!i4=LfHdDkymYW=}vV~kO#|1qjsHTA1CkZN#*FN(k zxA&$yg}qF_6VDs}CFI@=4H5R<{QleL_@}tPnSw4C^bvBWQ}C#{^w1_zir4e>Xu;wV-na?I5U}ZW{;i z{Ft+Ye^(}GrjYj$Ay0W8Zijd;^7}M%7MtL2l;4*LzVbYgc8=A8-Vp|y^X6f+bEGsj zbF?&PKCQ2box5yBye=PqtJtf4tTMEUr2|wrs6U!-!niVIKHJMI+~9AeCsZe$w2#q`3>Ex#M7=$JjQnL1}0;rr(NHbLRCQFm`3!{9bdVIrHYn z&Xwj`q`6jUZm~2sUz)p&>UoeAy_c<$g$0@nBu!rnGyv}e9*6R|2$YbPdKQ9OfMj0^ zN*D?S*$R4>uzwkp@FWz6eW0HMwZJcc-w88qg(G}361+fv0us*?po9~(lJqkuU3*0K zmq4!zGj-+&mjfmEjSZVbq`~;1`+>=vfFC^&pE@UlE(PLWT81COdtkpDbTyFNtN|tb z4;FxyffDYA`?a8ibcEa8pcO#;OMk%+;fFBa1G*kad@4aV06&0z73jUf{ytE`sj$Bv zl<+;6H-Zu#hWW3ce*+Sq2S5pl58Z`8_z}zxf)W~F{s$-_opSIHDB;I2{}c3KApWIC z@I&|%%yir^A-Si`zJ#B_`~)cB-7s$gC8RXl3`&<0;$PZ=AHuI--U?a+q;PHnB_#W2 zL7xNSUwR%tgk=8$=nf#c-wFC6@Jrag1p11we-)JQYuN7sr7I%vFTIYRy~6w^DB%d$ zzYR)=f9W0k5EB0bpoB<9=Rr_HvOfe$h=1u_{1B3x_dp5pFCE4YA-R7al#twf0Q!xv z{}z;RC+xoiJq^Ua^gDhC>D#lQg!q@v;fIj;oCo~_h=1t7z^_vP{ND- zB*_d)NcM|C39rH40!lal_BK$${xGisB|Hf?WuSz8U|$YONappRgk-J+C43F$4WL!P zzA)blN=Q3Z{{~9f8|D;r76@r4c?l@p)JL*i0=iU~SAebp-VOV|fD-nBc|GU`U~ic3 z1tm;^`99G5fn#C*E9jFzEzD1W5=O!NH0X9=|12osR|wB@pf3QwhIuC_;c=K>1SRZ& zZ(joax3GU1lrRbQuYkTP?010@c7^?JP(punX!d{-4u}0~poGN#bx^{~*n7Gclva9^ z{XS5_PHkXF&bFL49XDZD=;?ziT^cv52X4*@`DV3 znXuP@4gzXn)`3n1lB_a8vw;+b9MH8u;pGP^K?)`GS37hB=c-gLdrjL zKnck_50sG1*`S1E&H-Hrq;CsA&BDF}bTM!;>@A=+;0&0TfG!2*!MqG~Ij{`oyFga} zOJH6Jx(c`&<}%QGfW&`2=>0(QcO&RS!v3G2n}q#l(5=G02J{7CzXNoquzv}ZFbF(% zf$jzp&pn{80bhanbx=a=<#4_MN_fwYPUn75Li+X)=wTq0srNw%$^8+~kAW2CFF?Np z692D2zXm=A^KsDcf#l`{C?SO0ZRB2zRdwO15r$*63{ik zGq5iQT?d5G`ARR8M_@O&IRfec{tSC*AlhD_4)!|G`9La>ONt3lTQ>)@sg^hY4MsR#WHNN&!8o)h*`EZRWeX5@{&poCP6R|3heRiK1dZ3r9aJwS3_1$r-#+*E@SesKrN1?U4n zau zQm1$SXC3V6+rNMk%Ke{vU?#a#f^GnQ07q4zgk*moC}B(epT7$C4}cO9A7%gNAFv~A zs?YOJ*yF$1e$FPmBqZ5w27Q_wBQ9G&38}BL6_k*|O#K={vZuZcA^scnZK!`k?stMJ z`!+9g_etJ;n_b+V^=+tsgMU|l25O>5f94=w5|X{L5Az=E2+961=+{8}CsCi|Hz59! zs6RqTZm2&({SUIg07|$CVfOBO^dQG@qXi|D`yPXZy?5V(`X3bc=K3Dg-ykG6<3R~q z>ThJg4TVA0m1%6D1o_?qBzw}82`M`Nt$r-)#7h0LDP0iNxJws23A3yVl0GEsg1^8_ z`rmINoU;B$I-;!qQC%$Sd~d@n>wNoQCY_HE#zs0H>3tO6*64gWeyH<+_)8+)?hRqy z2TCaGb|1hDo=K$7^?}|-?v?snYjil$)&35oZ)KhA0K)IBlU)~X0;Ak|SQnThfzcm}NcYpD@e1OAXAjzOoDE z-9X~gl3vn)Hs%oAHl>Sv0sAinAEo|bhh0m0#wED93@k$!TGB0^Qs@@R$K1Nb9+;K7 zg;Jj&9fA<-J#+}A-axtnA?3H$=nAA0EaL8y{)|pQdI9-GIsqYt&08n<0rvPyBAwtA z5bl#mCm^J6sl6`*l9Af`e+VeDHjC$YfOe>DR~LjB7=^@PRwE~6ovu2TJdW&ERx0jTc;3iZ41RmwgOWgEhaVOfoXQ~0<#7C`!KK!I}3R;9!pL0 zrSS!ZMMVZ8MffpV%!`ahtdOTg@lF@8gNMV?S#Z~4)>?DGn z8E-)>M&lxBlI>1xU$UBDuoT%A6__MFTmu){3W?Z?&1Ok&T!1Z-lHP;`_V8CqEy9{3 zEE~^;K#L6Em0FAlVFzU%Or^ON6GCK$0J1X;1%-wsrbf0FgaF=5HXs@#_bJ%72d}4K zL9QXs0Ez@4kER%w8w#@1@CLgC%%ug)Q9+T>BBdG3K&z=(N;8&V4}p|sDq3K}Z!xx) zW{-oR6iCX=58w19S;_oMpno>_R**lCp}VEHnNs1_Tb70lczo5F$&= ztmTDft0_Cfun^fZ3t88YD@{YjDKsx6y1-Dp)BpqIVPs?)$$_3{n2@!n85ZHQX@(+G zp)}1{Xj^EL;D9m%2ws>L7%8aJOf+}1ut1tlrGT>a47{Cfg5G{dp>#)ybO%k4$bSKT z0RaIa0bv2%0wMrC0NQ}D0m%WA17-wd2izH84pRyf_@D8IjAA%7oU0`|M=MW&GCEaoNf1?1~LWS4m1O$7-x*st$Vi~-J-fB zbE4N0-e$D(MJN_8$iJ*V=H% zVQA6+w#bXX;lS}gsdjj6Qf+!|X6@|SxwYA~o7?`$48<06*_5dkvRNR?C4TCU{s|x@G>a;qY?pEDs-B{hDy2o^z0S&sVx{dLh z;`hb>7_S|iJ$TLFj|R^g;vBLs-I*?Jjo!L`>xQkmnuMBvi4r z+pkZ%o`1dI`Xb~K=XI4+>m21wa?WuYoh5)LoSU4-oj*J6&flDuo!6X_N+tOKasRk9 z1b8cOEN~<6QQ#5aRUiz~A3*72mDC5=510?U6G-{49Jmg6FK`?1dEmD|=~I<71DFF` z43z$ZIt4fb_!#gB;3nX|1U>`01-K3PEbw{YZs2PI_k!*Rz613C4B-X_1H*tFfSrI5 zz#hN^;3(i2U=nZwaH7D;pqaqifzN!dl4^j5kE)~(fli=wMkNgZ>VOXbHv^vs?gYL8 ztOI@o{1|u)NS*RvpavKR)BzU(OMs66e+D{%DsPzM|a zycM_-SO$CmxEc61@Br{V;Bnv?APoeJ0VW9?2YL~B8F&>)laz_TB;a^pCU7CJ0Z4-f zDZr_~GT=Kvn!GFpdet_mI7UWfk-D{ zpuk|zVZd8~BY>j?js+!@{MPy1$ za)a`NmIf^kS`&1eF5|*4U8M88#sTU&Q~Q(2A24i`r3S#`rhTc%6A>$ zFM##F8+`8t+~@nG?^C|t`=0T2`u2(JA2~155Sbr&XXKjzDXL>sm#D}nZB$B>J}Nyb zGiqkkY``4AJV18Ts;IK4e@DF%^>);Os86FlkNP_5+o;n~XQR$XU5L6K)hD`7G|4py zWqkvc_fL=~fNO)xgDZlogYOUiYw!cXHNmyPJAz*feku6n;N8Km2fq`1F!{xSIH;NOFl>7xqv4fYQX4ps+ig4+kj1osct1rH7$5l;-o>J4f5Cd>)HUKb^UZBbfa|A(3jJt zjQ2N5my52HT>0_}_t!`IdG0 za|W*-oU?7^HtE@?j_x>m;OOC_4M#US-*CR=Jm`GS`H}Mz=TYZZ&TpLB&O^~wV=mVJ zp#Ks7U;NMbpZAY!7~U|VVRXY7KvF|;!}x{?4HFxtHYDr*p?h4niH7SX)ee*)ARDYh z`A$L}pAMV}%%=SAYxb@1`-|U{faw7xfZKv@4>}U@NyL95jz|0uVUIWkI1ktt`E%se zNM~fIHcWd&dq&$|7pr?%_lQoquD-6l-p8dcUPIauF8o*}nSd*RcLOVcRlr){b3jQI zj&%;LTf^6LthGgIdpgE>!ELl9tb@Y`d;VR80ZfS0EPnF13Lmc z1G@r;07n2v0>=U;0W*QKfMuP(?R>nmqw|^0mpdQt>g+1-r>K=`F&_W2veu9qitIuzM66hIAMEPu7HvjOw=)2Z$1L`lXm(FH-DbFuw{k7;5 z6tn)orvaY=@V$&Vo&@hp_yr{dB?2-5vw{pki$z`7oF2P3XfHI_4~72vebAYp--B*c zM&ekjDT|glr0VD&*;qnvmL%=Rbg#&F-?KdD9~K%G9;OLv7dA315s(4M2{VM< z6}Bd0-?e9D?eA|-I=8ArVJCB^ zHJ#RWdZg3lPQP@LI)`=+@7%VtwsU;vq|Uc>&gop(xwvyl=d#W(bv_FC2B7V-v`bl+ znl7~f>O)|YY1hoIMO{m}TDz8Y-QKmX>%p#4w@%%(-KKTh3h?hfqz62=t0p5(W9fsMyEulMrQ!Z zqcJNh+UA^rKMkxO_}jp<(0i0^w=Q;JtQpW6-C$7Mpg4c%`tiD9Xt_q~-zTavaEZ&?GKX!Dj6TRLxz+S(Jn zfvTDH80hit+@#8sG%l!TkmbU zZ46Yz5FE4908_tx$Myao8W z_S@RywZGJ!tvz4cl+Lqn`w!cd?WwDMZU|_gzIh}dsv)MKf0OO!POmYM2G^KKv~whm zA-uzx-$eWDY9FAnh5*BWeSk5*k-*WwMBrFpIxrJB4_F4gLKJ=B$AGSWF?6vWK+?;S zfa8Fvz%thpHOCy&@zJYee*+bbr^p748Js3ds zeoplI=$wIT2KL-~k5`@Q+$y2|lItKT;?{^!5vi;#bJsmEp-t3w9ne+RbyU|Rz=W<- zY5An$@6XjwN1k>*O-yJHFzKnsn0`vbH!77cz#q^C5CjMTgaOomwt)74j)2a9u7K`< zNI(=I8gL7sH=r+|A7B6=7BC194;TU%2DnuZ|k1_A>x-0Y<<=fC;b& zPy{do76VEFHo#KAa=;3}D!>}RT0j+`8gM`0uYd;t4+0(nJPddg@Hk)-;7Pz!fM)<( z0owrE0nY(m0PF<31b7+nDquI@HNalLn}D|fZvzeh4guZ+ybt)$?<2pD0iOas0~`f> z3HTcDE#Mg7d%%x?6M&Nd2cRBs3UC_mJK!AP55PshWk3Vq8o&vl!s`p5zczp%KnNfV zpa!%Bv+y=-3Ob5&a%m&N>%mZWt41ipK5wH+o0xSX)0nC8KfKq@BuoSQy zumZ3Oum-ReP!6a7+ykftQ~|01_XGY4cmVKVkH>p#0z3(L3h)eID_|R7JK#CM3xJ(~ zmjEvVUIpw1yaw0{coR?u*bjIIa1ikSvG*=;QPuhX|DfcJQP^U=!N#DVqG${Zia2>m zG)+`W>`INm3`!1{VDM68WOlKrtmw{`wdR$|jI1`+wCql0#kRGv)wb4JQCYIB6*B+l z`&?#*1ISeS-S7YR`2BeK_IW;^&-?Q^pL5RV+&<@X&b)$NL$9MZ(Oc*p^k?)J^gj9k z{SAGD{*L~EK1KgTpQA6)SLhq`Ejoh!h5n6xKtG{l$a`|%m)-E$B9MJGv9yjqXLiNB5%#&>zr4XbakgcA$sRqv$d8IC=s-iJnH!pg*B! z(LVG%dI7zJUO}&+*U_8kE%XlhGx`g9AANxShCV`nNB`h{umydMju`F6OG(5a!WiKjS|o}G#;I@#kwU0rJ_k_GMa);Mbpp>G!xB2r=z)O9-5C9qBGGV zv>2U(&O;ZV3y}lmqI~2+OHm zX2OB@8LtqQdky7&LtEgTy*l?%%Cpc*(Rn->m*<|+n!2KFIdLQmmr`nIHhs*NWT z($6z<=**$gce9HAnM9r~$TOIG>6;0>Uam~MJW={R)IN<9v_6d~^m*S$Uq*YhQ(U3+QIu{erI+G5`X+wZBK-}e+e_(1_}lg)^dacaC4Kjh`o@IPFDuve z&xAY^vNz=UkeXgKz5M;D>NtzQKGmN3Q>7pEczvg3|F7><>A(Na^_|Z8Reh(wwBJ;o zwH=H2@As9e{iLT2&G;F8rN{3lUD=_ZG&MFYR{9-->2s8^1$M2k@qV61NnfM)xP6V0 z8wV@>jsK>QZzof^0#b&Kv@w=bZulP&*6ZPjzT|Mvf zAA)|_{ra!%Pt5wiyg$*`kH}cB|2OW9{>2{p)%5oILdXjtFQeDccj&s9n`7>Zxj$xW z%%d?4s1dax-Cz38)aRWa%D`#qq6i5^eNaC%0GZJs6oF1ek!Ua)iiV?T#4Tos1&u&) zXcQWQ#-cI`l}$qalxlJRb4{dNSmxkOs6Ly@XyxucJ57Tj(A1 zXY?2JKKcNCh(1Q2po8c$bO?QcTF}?%Thxla4>=n0BWgqKi005s{z6e7)DI0nW;6&z zpc7Ff8jOab;V2rNj4WsbibJE&7&I0oq6sJoC8P9SQ+l1+Yih3(H>GoBEN`k;P@ zfjB3a(I6CoPDGJtFp`0f!%;Mnjv@;hf#T38B;y$ZpGEVIkTj!{Ly-)6?uP~-Ga7^< z(1|D#4Msx|gI-ULM)GGtBTyU~g~p(S&C)?0Ol!nrg9Zf~k(P=0H%|>(3 z87LDiKw0Q4l#R|t=c4mb4!Q^}L3zlD3eYliF><3~REo-w2dzM>(50vntwB|2En0`J zLD!+{Q8l^=Z9uo88gw7ph#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09cFM1B`M=zq6 z(W|Hty@3v(w^0*%7rlr6iki`f=wtK=I*2|)htLWLL1Pns0Q7E?n3vVT67=Uh#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09c zFM1B`M=zq6(W|Hty@3v(w^0*%7rlr6iki`f=wtK=`VxJGzC+V_!hagdK(o;tbOy>q z3s4q13uU9T(Yfe+l!GopOHdwiq5`xGU5wnQ3av%!&^72fbUms@H=zyaR#b!TKqDAk z5Qj#gF=#B3j<*RY8QIW8l!nrg9Zf~k(P=0H%|>(387LDiKw0Q4l#R|t=c4mb4!Q^} zL3zlD3eYliF><3~v>IK8F5j|dOBGs+)}d?A4d_O+0o{r=q6g6?v>9zh+mSrWljrvG zuC|Oz9){Vl`Pee-N=(Km2Rlyr349M=pJSo)3mtEKavJHuj8AsscQv*Vdm3xPzQX#^ zmlTWHvBg*^wjPsl%<_Eu6HK0KN7G*<&$G|Q^ROrBrAs+oSDqF)bM7;_-w5TOsUsS)5{o?zL?w8PSe82PhU7)-JW9r|#e|mp= z|Ec{K_CK@#IsNk(%Pa3-G@w1c_bpym-naOKcP(T*X;))LO9x!SXwixRGG4U-?Fks0 z`U&GwL&AE8+0oRnjIh(g=7h})n;&*|*g0W&VfkTe(Vnp9!d?t}IqcQ2*TepTLd?C* zQ_UIX+2%RsGtBeNi_K@7^UV2X8SmJD_87)De!|$sUITj%oH{UL;Ov2O2A(l+{=jok z-oX5UYX@F6@KyBYz@~xkqW1=VH1NBDM+RC4SqIq$r4KrN(1Jmaq547cyt`qLJm(%7 zJ}f*HO+u5=)bMHHmxQkizb5?J@EgPL48J?PA^b%&E@EoL*%9YOTokb+A}_)ju{5G6 z;*tnY#M+1(BW_0bMEpMD!jl{)oj4?NNHSws&*GhvvLWR|>W93;NXWkp2^%_a=r*K3 zv)(yu@35DLy)tYF@2D&ue$ntH!z+hhflN`MQMRazsO3@RQB_fEqaKKQIO;Rrn~CE& zxH?`{9jp3Xz*toor}|Cew~1Gbzhb4@dNIvikT~ZfiP?BMm1m zaNMYj9W^mVrWclm&BkO5>{@Im_D9UbSeahfXiVO7slwJ`k7IkW9fKLqgPqCPm^IkV z*sYlBEp>cu5iG;H8>f33W3V$YeY~!;v5w;y_4c+vX>UttZv_J@2CimI<8=11i;%u= z3wyJ_O+i!pPwzjse`fy$?00L~-}dz1tG(OQsO)RK+0Uj9n9kmG75ma&MtRFP@5TYW z*pH^7=}6s=GTDpHVgGqHY@cr*YV_?xGuVe@pV@=?>~$e9O0wNV~rRjf+T(u%a|HCBjadKgZYJuZma~acxAk*4}F)b`RM-WY3TnhP*W7 zCZox_WUmkkf4ou{HH=+vkgQ8Q`t zYnAr?K-A`_Em7N19c}-g=!>Y9sISp?%6>2|+7_Lvyf^e6?+nQp^O0NQXw7`ozohkkt+d~N(S8r^_-w~NcYLn2h19frk};6UDnYi#U8;P#dd3^w^M1K1(@DG z^)_@J=YqdkKDK;fIcOC$GzUjsJM$S0){xkZ|=|3O&&pTHt=be3=cV0*8`KFh0zL{ZoN5Ox-S*x6H z_9^F^mw6N7^#PwK=bI4ad^0UCi|Cb3=amt|Mh_b^EE!E^Ow^F!LpifV4L=*5 ztDIk!49`QZ;qKw(zH?1)&Na5EiBaiMc61t2&pTH}Js9;+)YhnNQ9ICQ=up(>QD32N zqP~qvj82K3=sO>E{rAS5TWwiasy8)FSVIuC`QJ)?2b-*T!BQyFPYF+`VyM#ChXZjJ|F3vBYDET>NV9DWxaf zYQ3FzI1`fRBri-plXp3*lGi6cmi%n8Wpl#j&o+OvIcaO^)&pDL-)h>{UwPL?-i?*x zX@qx}SAQ>4-pg8r$-7x%7RDTp#AawF?~aMRh5Z@Z$UV(A>|Dke%X>zHIR-~z)48UR z_hBx_)?oU3KKlDVO9rX$o9pi@AEv$hfXVy2)35{B``BK#{VSL$PJQoBf4|fB{^Ymn z`;fBzy4q%e+v~HiZUU@es;7{7p5~WRC7aQ0HWIKzSY)22)-FDO0r(R@W z+n07OZTm27TiSIgZF($iS=z9?&-7R7)Uj=j?2WLfJA)m`r|7g21?p|--8=2O}*-N`#LYut;)5o>TeO-6&8`%x_dg{AJ z`C$dDLw$Bt>?1O6UvC$&d=)g_G?q{2$nWM%;e7#l|NKJb_lhp#7j!O151=h*2ik3V zl6TVOt@LM2^8UHJdwxFOBUsP32=<`8=y~)aI>I}H{re2yt@MG)d+8_hUi!s-iuyDm zQ{RDo|K0b8zDfP2D%b4tj(RCNJmBzv)`6`97YmL$te%Ph;8mPM9}ESK}% z`;EN!-fv{s$b^w&M=l#(G5UqkFOL3f^f#lgO1LZGy@U@E+7gZ>{E*m|*v|XGrQ=J- z%df;I@xFUVQg7aK|4mY4QVj39CncSV)c4$fN@{0p^T5sFo6FG}^c~-3@N8YV^^L7> zZaup7$E_21|IdN;@h+mghbZ3-_;CA2+YfL5cKeq*zT6@2zx&^P&uz~~%h1KV10Uk; z?LEOez-#t~dxv|YyfMoA@TYpGp$pK3$ichudV4U@?&W>>`)O-p2Q-uSHN|2$hKfzo zOn+;=)XRror54I1R&arbQ_5$`YW_({-eurtAWx6FBrL^1H=eI9x zm%8fp8_$Ol}C4364=+y99+R1FoY_{$iw(d=q{v-Rdg~QmwV@DQ_E*!la6`>Mz2`Wbw z=tcBT^f~$xeTBY3>k`%_T!XGd*Q0856WV}oMK$OSbQgLbeSnUkkrPHvh)1JQ0_vaC zKZ(}|lLn%2^c(bBGz2lgJ}C;FOnaKf_8;0lw0$B)D(MW2a)jqp@ZhK~Xmhw%F zbJ`v4xrXCPUydwtY%zNW1sq@OUb{CJIpw(WzkECy!y9lHAUSuXbJnnb&~4~;bSHWb{S~#L5fesCh(n{$7}Sq51)m8>G9zBWP2%>H^G0OSU^EmB zN54Z;k4-%`q2QqbcZAG!4x_GtuejJahrN5cTu+4NXL8 zXixYH;V*?ZhQAU1X1ILo=05JJHt;Qr4~Bd&MBYvMkoVtnqb`o}@I9nI#r!Ge*_eGX zugAQ}cOgEC`HF8t9OJtX8I}yoS?E%JZR&bUwMG5rO-O9-*gmoSV*AHNqQS94c|~Ak zY&;sRd<`c-4w13xu~TBF$7aNyp?nu-A>YL5JJLLI%*b&g{olr^jpHlF@$!9~rK4*` z?;rir=ubx<9=$flA>Ypl<@-4&CY{9Bb1X>{`F_q+ z?fW?!thZS2(7v4`-*_0Ce0p*gTEbU!u20^XyjS_ofch<+4VzxvWZE)#i-m9Mtmm6L zW44alI+5?{tlYkOJG1|37vJb=>bPOI-_@Z{cm^il=nyl#qkd;+-@9CAU>|7q6BPR` z&wIpDHCqV9N;F#!#kOhoJQVYNZ|m^S`yS5mzJv3B()VvnJgbsx@+$g$-rycxjt38# z9x};(EBmbMpFe5)=MP~&gvmZB`kd+ zhkk6-kBM?Dd<^NwKsnCI@y&P~8Okw3jt%qBhS-|edt&d6-H85xHls(-8?kT3zKxnt zYpi#KWn}EgN_6kY$454g{QJl!;th6#%_vzD0WNi!?BOXz8-rZ z_N~}=(4S+EaCs}o{Fsp=l;i$oBQGC$&&c|bAB_B@(>Y*w{8RCJK z`Z?j*(aJaT#+@>5*0|Zq_tSzs7yR7wfO_no#L-_p{>wMj4tfvrt+YelulQb?9Mk{X z$8*#Ft;bz$|Ioivp!d^NMLioO{Szk6)6!=W&KQIFeHZpszh4sR`)-Lm(wFjg*x+AfNH^yH z!Qg+L=C3bLwIS>^_}BDM{t2gbTt6E%|Bf5kU#o!z|MxV1J{{lX-(Z8k(dn?Ee!nyN z&*@k{WBz!9f2iiKuWzIO1cSf1hw=v`cAS5N<}Y6`mA@=4thW!Fq5P^I>NCgSua@fn z|2jkc78?9F^icj;2LFwkzge5b0WHku`IW!L27fKuhr@>XW_q{5KOjk&v}^hG<$1v1pQWX%KjmP| z&F_~O{EZ$?L;3p*{-s*F#h6hGziRM5toe5sR1}c+9fNhkIjn3iZ^ zeg6!Zsiy18Q>CSMcl_^X@PA74*Yg|e6k+h+tNF`sTy^y~#NdBW^Vhf6VMEwr@b6S+ zR>$paHTXwp=_hI#muO*q|C(a(H)Y7{<{#;`4H`b>?%dc;b zRR;e9T6%Zex60rjai+Td^y5jQ7S_vOZ}7Jn(v9`I)!=VTpRVQC_vham{HwHdz5N>V z*M)a%&l@!VGOfZ(&Qa6l_kQH>4~Fth7pUoadr-an|8Ft)XKDT?`&~LrJ#6rQS@Z91 z`_>!$Ki2%aJKp}$;NM~963FSe{hl}Yr)lZ>_B7^y+2B82^OxUjmA@q}wS0b7QTcn# z;Gb2Xrl)A>(M#2^KEF2%{z+Q;$(qB?<*NT;E&p2v|0Tt0dWVnvYQBOdgZ~E2f4Wxx z4J+0B7A?tpA5S_;1ww_2bvsuXfD8Q%kSc=1_H+nm$wue`+XydZn7K zAJ2Ui(*o{W@|-NjKQ_$Ybd6dc{dkvW@K4gx^#M8?wXl9Za~b?2u2swHu0G2R z{*gWSdkp@@<+Et{_3d{>5B^C8{~LPnpKhq%?|bl{WANW<@XylH_4Q|5o<|J+#`Fz_ z`tLUQZ`9J)Xc;%ISGR|LJbB9CZ@FGg?{0s2#^66)^Y89@c#pxqO7ov%To5h1&)~oD z2DLujonQ7F{9o4myK8T+8~lycIH2X%+s}Ij|Btow?vDQ-82lru)%vf}W_0+*j_dzJ zgMaBwYWf+*ifQ4$8~pFOS@qZJYs_}Y;J>j4|3AH~mZz`3otpp6di`%v)6=x@*M{FE;pB zY5w~8(^&sy>->Ic{cYMCi;D1>2@9unbv%!DNJ!*UDZu{P0 z@K4nI_4Z|4o_h`c(=~tn`pD@22ZMi(=HFfWsWbQ+%PTe1?+Jr{m6qP!@;+_wUuP)K zIKKvi{|3!pzyCJ+?=krA?4dsU4F2^!`0qFP@74UfTmRQ<6?f5Uq9 zIqE$pOtnG%k9tqTuE6rJMVQf~UYQ0W8>Ya#{V`pPG4O4CDkfYvp z*u&V{*y!J>_TliO-V>vadKY5JSn&wePPZKOIQ&r1MVLsS>*elqf$*P?>>8N)D_8#^OHg%e6 zzde=uVHaRk*q={R?bhi>y)R?S$D!y(6%BSSj|xJk{3DJ?hU|3P2R7imqu!S zsJ8@r0=o-yI8_^-NBLMjc0D#{nQFUSl#itrP(Joik!trWr+n-m*Z?^1CBOm-4E_Q~-{&JnU-$+=wmpXHk7Busu- zNcwZ64?7-9z{X*xU~(NW1v?d+iJgwk#TH_Vu=B87%!Mt*mSaWOCD;|%RoHs$2JCk1 zPVD#CAFwUh!`S246WFuZKI{eTCF~tcj(h*D`mSbP#yZP&Xjk>#Mtor1pCN3l|69a4 z9L26x9tS^mTja8otZ0#kfufhpZm zTw=*DDW;@yeu$PZzo2Rtz zOv_nS4{Omr$i0vgJ47Rj7|lCO*YF;}Y2l`-JMJ=>{{F8MOt0P}O{Bx0e*Yx-n~h2E1#J-w>-Z4W19P+^`RqQx_*T#-&3Nk6P!#|`Hw%zA%DjE z(2C;nQdd5|$m()h3QJg>uG}I=ey+#0w4`jc#Z^{DVZ=M~a?4%m>G^JcqE~6NQs+=i z&Z}}QWWlCmRoL+yc9JajVlo6z){tHflO4i=*wN@W&>AHJQrQ3X~T-m95EI!S* zHaWr_Z-Ln=lXKnf686%PvW^?is&75=|B6!dsuvuu8vZ6@)%;6>_1CsjL804qyk@g< zoGEvlX=R=%H_ueYzj1k{l~^ujI{f61-hVy)-?O48e)RsnUY%cvHt*A)Qo|0yI}G)? zcX#KyZNMjtJXr?cDfl|O@DE%*eg5y^H-@^1>FIjC4r}$1_z33lljbv8TTg?vdFb)t zHxGM*d~2}yw}14`Z2Iq+`^_J{_q?IbFY+ywRazacA^f2hr`M_OK?JznzPM%qc(KI(Prw?BF_ z|MjEyq1GS0Cinp1J}3R;-97jxuNk`-8$vjH;!oZU*hg5*q@TQY?9X$4^7ftklXo=c zz%Ii$g;fO_fvP|ghd`4{2>DYlI@D|3NrdHEBL?Ht)pE!CCYJJ^SSZ;S)GNnZJYi@7fWZ-4%rIdqMaF z&QIol`eSY0MOY>FDE0{!Ro~`yV|QUsV6(8xo^SJBhwZ{X!-nr~^H#su=KTmWztrX( zi#^G-zMCXjlT&P|6DOrj&dtkrx(a5THZx<^>{aKE8(*4LIJbC#si>sbwc4@N<&krTPwCHFj>Z7cFUT!^nM^enR!%e_%P_eorgJMvZ+=N7r_a@97K%kU1d z7Ph8DRiI^0w8+9FT8g*@lojMrmMYM*`|1?ry31Xr;)etM0a0` z!O`wtE<;N9MZ_1K67M`EezhrnPI~@K zY-vr}>gc{~tyvY9cr4`=rKKfhG%Qp64CY{pKg|@Mrk3l3aW-OqGUMX@t? zwP}8dg6s-cxdhK~Ig8b)>}3^YO4RJKLP=Sa>!~PHCMt?0mx(OmZo<)ok2sjl$StnO zEn97x?aC`tCg$gs zE}&~diO6u}s}qzeB~n0{6eWd78B&Dgmz&kvZE{wPVG8xUtqw`e{}EwyQ5 zdE96#XL`BEmI=9k*YCqEOi#m17SnX%_*etC`Tat1!qXgTmT_j%y-Sc80qc0-waIl2gxVvL)xkQ>HhjWqz?Kr%e>@IkCQyQpOhzl zOEt>+mvt$BvRsl^<|lD7E&G7fTc)KB^0yF^I*O097i0PYEq(>;u8a&VP0H!cCvd&u zrfdiCmHEk^z7F(y1+FVe*OyLhGx^l1{*CC_4ry|6ohcXI#ECY|gGLn-zEJ>Pd30WNfvUcN< z5wJSCa|u|T`hG*Ncu}cuhp^f@-bqMjqP_>Q{ghjez_?ES0rm9x2gGUnWk9LcWNp7x z?q@ob-7zJglr;T%I?&x88Q^J6)m^pAu969aNiBBNYZtG%?73)PNKIwu{49#@&# z(b}muTp z;-8G}%qC!KSyO%0Q19}8&4OCf0+y<)6F=_@{9KhTQ*wL5~Zc%>l!9uiReuW54~iVvuLT9K=~oa3eP@L0cO zu%_s-9UG$GIiLhB~h>huLRzdo|zL zwfmcc&c4UF1K{%3chaDzt2D6PT014my5ll)Rjy+x{bx=`ZvG_|g=Ma;;w(;=hY=+7 zCYQPL>8mST;j$DK7kUbF-G!ItdSpaSe0f0spH`HmsKVn~)iJ5e#bA+gmzESbe=Vh> zdtO;dt}{QE-n&58+&nriP4w@rVw4KiaxBX&cDh|<7Jrm`HFc#Mv6yZ{uGNYPi={vK zSNVCCmAO`0a*HjlRrz!!%2H=By2P@gu*_4D>$Vg~zcH~EdhY3YkEN5)&3bco?@;b> zrlpbiy&FaCSwEe zO-|~j5Nootq$szr*r5*Zp&+ZfWGTZ#eBp_O#Vgq2QiY`zMXqAHR6W*YwHAJ_WQJxr zN(vn6&@3rNnescNlvNZf?bKJWO&=oWcS@ztSRFQ|#ral_(i(grxy3JZ$~sUU8x$57 zln`Llgp=_~(&_85DhsUnxeN31$BoO)D@?bT7RdEN{;E}kR#@fcxO`b*k;7LER}dW> zxbe+*=a!cr*P~RfCcF3G%Dl9su$Ttft&dz9>Mf~zr@(?r97Rg!b)dJ>Q_}fAeJosu zB}-0G=IG>6Qn4r39azi?Qx^Z`(cev57n{d_d8RD>&12YwDT{yeR?=ma#lLy^^sQy_ zZ{9LG+_LyLFPC1(EdI?ar%Nk~fAc)_wPo>dUZLq?Qx^Z`T};ng7XRkC=@QH0-@GEz zDpMB!=B=W0EsKBiR?`ERC9^N4TP%xz^GZw^%t>q>{}q_B_&2YBPR%U-&2!T8mBqh# zF1q8g_&0Bo_Zw{3z(s?um~xez<(5&DHN!D8bJmOni?bYAb7m}>C9V9Z z*06Q9YvDFSyq?|@yUVZdQGDpxnv|TBl4MItRX&25mNeO#WVKq8ttnQUHPt%NI?0-5 zot&JMY)wv1PD!>UrzTHKo|K%HJUJyP#hQ|wl9FOeNllrUGASi3WwI^FX0;{TQfxL` zs%@fek}b_PIW;NOnwp%Nl4?s$O`VuJDK#y1^2DTx)``gzQzqIbrcRtVani)JiIXQK zO|ni(o|H1lHYs(|#7UDTrA?ZgmXu~qOHNBkv!$h`O-!4VmX?c$7WU@^r zilgI19>U2f)PD+5&N3@qxyv1;jHA`MSgpx&NY!I~cUN-jU(O>}3dk?vu!L{%P ztOol%ww$=l&;u{W9%cF(cr$hv_7vfL*sIt(STpu1_BHkZ>D#e?GyOO;r5yA2$4A!P$|>8owwzNk&N!jL*OUed(&Z&#V5#or8fYtx^=czhnh&LXewtLHr)Z+e9D>7&QI8?l6) z$Gp3+DUVSGHhjpP%+I|0nD=(<^9 zv_s5Hz21JNqrLLSj$vbZSK)WHJU>7)w^Xg=5~_zj1AXeTbd;p-P$7ZC4j@l6KNZ zejf>6LiotPdba-GQ}_RXZSJ9rh91(ps>9n_o``?5Ph$<(_gKtPwayRy;IDh1ACGx6 zu(jAT*bmsGpN@IAV4q^iZO6Q`;Hp-?earVy^>CD_-8Zer35SGqj<*w6NBN1Q_hjw8 z+k5nx8``r^;CyQE-=*cbQ>()#-INh>Lc8}l)>GAy&URsY=eVx?x{F&CWd7&7@%xbY zRcy+NpZ|1T-0 zo_ud&=gGFG9>G{9?M3{q)_6c;S9#mCv>jcPo!qP4yAG3lZ^EUr?Y}v`MN-!Yj!WV< zPGeVjW|Q_l<+||;v`W@_U^v+6I|K6V3Yb1#{@1(lJJd~lU)pFi$GBY0EF9PL>0iQ; z(e2(FB7!TURGZgZ@C)*!{HEROJh9z7D6-w#tFKzdlz#1AcYlr*1Jv-*-?n=bhO~Rn zAIf}&b)3&jVeQ_dW`A76aC`^h8{Y1{E2iChG4?+89cHnp;RPBcO*ap5Ph;&^RBXF< zE+%Qq;bLqA(?+{+MCUl8&wnC(SvT`3BEB#6z2;=q9-yB3^nZ&V1dxhMl~4RkyV||6*lAckwhns;8}mobY1qZs4OkuaI+m4N zR_-dBFuSB|C68OPc|I%e@SMflH4~WjtR9mPRIj|#Rm3+B+%Ba{UfxczjP2M7FJ1S# z(-`IbA?2kQ=~!3Y6D``CJ;cxvFWu|$x$>Qb+)PuFWz;CkhzhOiQkj$V`V~uG|8hG2 zNAy@neb%SU_2d>8RupCE^<8FKQBvr%jL9u7DPCPvQc-S^mzT;*8MB*^o?fVW`)Zz^ zzJPhAr>`h1FZ7I=U7Voy6I(8r%_9wq^7xMzlU!x4;(V85Wm#@1Pb=)*l%2slJ!eZf zC1q1DL<_%>?pah(P*AwaG$MY&*zyskvt7l`lCoK= zJZJKRH=90DlT7enf=7!ob#@6Gk@u{Wz*+R9(~Ime@vB`Xe6+7sETn2OR#3^F#mFYg zm%Pg76_m(XZh4|jYj8?%QK_pyiC)0^Q6^^O6=vryo#CN7epYdAp4&CIKnX0&yLe_+ zS&64aJb5mrJXut7(5%#T(=jxUO_-jZd3LUwH)?!7YV28RtX@jVeC45{I)7PJ%G7M_ z8Fz;O1HR3)2**?(@fU-*&bP8;?HOWWj!rW9(X8|nevvMy7CHFx!h+fpUF^`ZPDst z&oY;%FkjzM*?n`16xR+h>bg_1bP>;r=q^e3HpRQ$6*Nf2QIAw+#yduClOCh9bBYp^ zm7Bj@@mE5OIw+GEU+x*&1A8U1gUhT{rMbn*H&r?xnA8@;-a_j-hnElaI#61<>2!BV zUas5Mj+HgD$m8r7p_J})IknZlNIuO{=&4Y~PWa>0b?EzefytN>_z8qgiL%SF>5X}` zvAUh&wSk45;`PshC~YQ#cB3p1uU@)Li;Ig{0m`naM9y@Vlr!!_HmtVP@`5HY&ePbv zsEiWJG_R+z0(g;3b{|>x{IbGQj}oOF29#-z6i&v{$fH&ztnPTqB$-O`R1$IGK;;maFsHt??Fmt-vLD1_5DXM#dj_P zell6DYQ_?`Q<=zK#v2F9)Z)c+GZq#olc$xGsB>SWY#eR3G-c)%m*g@dnsBb$lvz@|G^3<~Jy?%9t&9_fI&XFIEcpbGQYgby?>sNg<_U!Czb;858m7yetkhBB+9oiMSWrew% zJ=IZ07SA$Hn)0%(NrnmKI>$3l#sq0+CQBKEVhW43%pE*Bj-%@6$eD7yKDx+117*0D zMVUYAMXe8;RNY%GvWT2Z_)L#1IxqWbFA&RGS)m*Y)dWtVrrZioiHT8bZdu+jCQeC9 zi+T1pM$N_JLe6qd^~kFRCX6)|YlmgLc(5l!SxQ+2YO=g^%YY$ugpSfG@sf*;k^+7- zmT6_Zat$CWi4Q_)FUQKmROZY`DY-!Lhsu|!!@RUa-cl%LyipqO=(^qVXnJ+2r`R-F z*}CK1YJ(YVip$QXp_O|qv8P&Q7nU(0S2Qy@y0GI|@;EAvNwBaklxr@F`eCHl5vFX* zsBW$vI$xP&EzDR{M1kt*qPwe(|6D$~NRi98w5jsHjdz;0#ke4wYoY(~YImId0%mEu z(6=Y?3$4ntVrAFpV#Q~bl$OehH>~cTcPaS4zrssPN*TSXw4MLOl|I_796=ddCASje zr|KtUSn&&Y_I{IYtEfK)6*B_my~i^)(+{)I*^4-PhZnb3hU;A490n^;7Ic`_M2b4 zD9U1WKPTfNU1*xin8#HXJNGy0mXsrxv#g}_G_~dB=N6CVgAsDY=H!rd8OPMiIg%EZ zn=ZJ}()Fe_v5J(Nk5Qxilm4kweUttv?nCuViN2{dzA456%c#~1F7(BW^-XDMzVIpj zDS!DF`64g!N1p1RoEk9ca}AiC-Jfo^`yA|n(Z1O6{waU1vHr>Neg_L9Y6IpH>vxLv z6(T;qKxL(W(m&#>T{Upn~L{O`7=%Rdrl2lQ}$E+@gqi9 zOtd$>!6HayIt$Uuhrd`TzTg?Z0!mr(dY1By)-U zD;us}mNe3oFwj(Dhp`JHX%aK=!llvU*%nG^Bm}t|d0wPnAeUTGQa+FO;c6gKt-egcG(xC6=PHy!Q z)T5Dh`$Q@W#r-g^=vbJ~Ql-PfcYo)b(9Q{COr_FArrj}Jzb$daaa#024Mofz2hGM9ESw_w&U z%jf)s`CLKeOIZ}ysT52NQw=?MLF7rE*nJ0ZFxjorfI8foNbhVgIceZscLfKNIaQyf zPUWsB*jZaU7xTke~v=B_TB!4G* zFz%^_j`m>kBnLh&2qHuBWW$3;|Mrr;{UA!PS_2-c1mQnPdo&V+t2L#=qnBWEq*DLD zr#ivpN$K#oCzu?Q7b%_V%E3sE*TJr;6yFU*ke5@Feb0Gv#a1a@-6BijC2?voWIVqre%6sNY(++020!K##F(@xl9Rh0(i24e0zz+SABgv*Wp^`SgMRBDOWov91eLIy|mQfahE%!gIfC?7e=co zFP!tm5}r6~S$JIGTE$mMJp9lQW5JH=>nPyrm<(Dq@_A5CHuZ75rCj~Rn|#Z1m-_5n zhSeEorRBWTRaT<>1d*1P&tg=lPvX1Gq+bd+^oRE8=_~n-m2~whD2%T2&>NJ$oR^mK zJGolKQ-Arnb8>pR@*1?_6+s|OwN$X$P4AOg6IaW_l3RdT#6qf5&;?+VK0Z~@ylIM!@;Y_7Gea6h8 zlq)m7isW>7a?6*i1*x-;_pF(8f3{ihVN)9$5QN5?kxt3q3;zQHX zy^nZnn9eaD@!B8lWx9Ug5$`&9(x4;WdRPZTm-jL?L>%$P!NwDhcr#$m;3Hl)Y#By= z7(E<+m*99RphVS}W@X4nSXU}h}&ug4GCVI9nY&9D-- z!CII&g8VQOHp3j)1}kASKQdPh?XV8!z-Cwp+h8rs8A*Ov9Y=mx3)^5FjIO3$&<>kn z4m8J;AKGCpbi)Q%3!5c<6!|3`M&C&J&mH2(Kk^p zw8I9N0~=u_Y=O0~4K~2&G31AdunlIyXtr-1jN3qZ0_704!yH%%D`73Hg$=L)Ho^@2 zGsn_S9;3W*v>RaxOz?P*86n{Fi@HcI?t=6f5(eW&Cm&>H;^CZz)i3g?uU)=AT-}X{#xb-<6t$+ zfDOPY=oir zQIFfn4>Mr~tb|V30N24bxCz?tAU|}&YT8*HbkYvZcj71Q7jA-fxF1%+O4?cGUCfWL z8*U=p3`1|BTo?zV?`FQx4xKOuu7j0u6Rd^%VFNq}n_(#JxDCcZ`#t1`)zAqW;5t}& zFZm=44?=S-`EFxItjPIbujby%okR}{jdRMJkI)t2MH(MM>#e4!8lk6 zov;=jgpDwR_TM7$(0o7T!bG?U*24X;0Um_SFqHkkypen`5jtTeTn8)RCRhje!{`Ud zC+RSh{i71b$^HT}U?W@yTi_;Wevo|74nt+XfpM@JX2|{nov=;P*)J0RK>2LvOc;7U zez2{c@Fwy}7-qm`=!Eu%m>+b*O_C1x!#a2nHp0-2)O$1eVIs_cZs>%ya2;&iMt(`( zPJZDI^23HY@;$+P9;KWIXdf^R*1`SEwQwDbew_T04);quJO~?M=qAdq zKjO_~d0JqcgrA@sn6sO5U?p4!8=(ik=qD*p;^BT+_Y~#91{nGf%K_t{`Dx05iO>lv z;X2p=H^COTA4dO?{4f#LQhpr_-Ap+!4%(lg9O#BlSP9p`TDS=|!2Pfp9)vA0bPMYd z#zA`n`C%q>LN{CotKlYC2lvAUcn~(i(5;jw@zf{hPn1Kr8fL&2=!DUGCeX!VKvMkz79Gi{RPT}cDM<;;eJ>R55fi*x`X+@NO{l>GhhyM!b&0KnqQ(ENr#)D z8}5g-@SucWrkpy$Fb+1r4A=sz$)ETNtH3^1Z&}b*bEQC78v?4%Ln6N;;URg zkiQvbNIZ1H=+`I*+TkYXhWlYHJO~?L=p$@D7zbNm25f^)Xl~?sgmN?CI>ME36Rd^% zVI4dOn_=jatgqMMqr}5F*a$OV3v|NhHz)^Y!cEW(_rpqf5Z1!bo#cmcumL7gZX3)X zocJc?z)ZMK{NN^NKR`Lq4G+Rf82T9XfpM@IX28U^xQ>!~!uo+BCigq+pM>jRJv29Q z{UTu)`4sd2GybsdUDgBsIq%~~xcaY@KPbdx{($Y*xzM-w&`ezBlCfImFtJk)daGzFhHgxxG_14Jxg{`ta`;pH2vO^Da!x~wi zun9K8R@efwSs&&Bq_ezm@V4}dSD%_fz7ZLw!uiYQ*fS@uwMLN6Ey#h`M^vV`2ytGFR zg!QluHo@qV$qzGOq#&!%FCZwXg;@z@blSO=S6BW#s)82Jk6apZ?}FdH^P4{U}tum#pbb3FN>9k#+882KvO6WU-i%!Y}h z$PY7NCiSa^HH7P6y`+yOo%p&jlt;J`))KBvpj=5GOS!L6KD0qM%!bv_16yDXG>@Y^ zXopQO2e!g$7}?1BfHv3yv!OYW{Ll_-VCH!C2j<%X>j_6spd6S3TVXYfe4Tu!P!6=i zY#5zHITD67uo2e7HrNCct>lN9F!BwyC$zx^m<`*Y2Sz88A7;XOm;;+&HEfZ3!B)bJ zDU|aj{x-^ic9;#Tp$FE%8rTf$VPY!fz#P~Lt6}5;{Gbgsz--tIJtQWyf(@`0Hp9rbsh^$vFb8HsH}t?- zSOXiOo%uzdN;!n9VH2!_t&$ES-=UnTlmjziHgrP|tb{eN8P>xV*aQ=&kssP&WD|bS z2Ag3vG*2f#%z-t~4eMbwY=U*L6*j`iKa&sIU>nSa<{7PCC-u(Bpd7-Lum;w`de{i7 zNw1wnd4zLjQ=a(2$anFBHrN2OVI%ZF`|0E-Un8s`+$>?(0-Ip;9Lj+?F!C>y18uMY zX2VA4fo-rx;^(${o28y-P!8c{*aXd)lmqQB@;%low82W44cq3odP9FpJ6K40gmYjG zjLxDQXopR(61Kux82LW)gEnYBlX9RPdSDK$fpxGRw!kK6K8yS?8buHum(26dKkT!{4f!=LN|tQ2og3YiMw!z51v3%!{A11EDyB7I+zU`p$9g@8kl);t2cTu_f4>#a0_gL z(aT%C8N|C`E8$8Qd5H3$4K~7TXm(Q`%!D=24eMbwY=X7071lvFH=+hi=#;>9AGOVdR(O zhc(ovvW#*F*TQUxhaOnBigcK`nsQ(cY=X_OfqeE$DUWa_jBLRl+F%RJhUUvC2S&ph z*a+)kVkPCkOxOzDF!C$v2W_wxX2VA4fi18GnlC3mjD}6n4qKrcMt)6xc#wLT*H8{& zJIsce&^(0eHs~Q-2WwyhtcT6eMtbEHT#v(?D#|Cm61Ku>82JtLfi@U@CFR0I=z*EA z23Es*iC;^8*aBN&-Bn!IQ*QJ+uDfMEF!C_*&;}b}Hf(_&*amB0^wpFH?XU@E!d93A zBflj-v_bPVFE%4Vz#iY=w!}lK(r(gEr`f*{~XVU>mHF^y|nkVb}!C z>&XwJVdN3!2W`*|vtcc4lI6UfawHwrz#P~n>-7e%?}u`~2{U13HGVMhM&=`aunAVe zR@eX|TiHI)23ue@tiFlsYw}g!Mt;JLum+lIClo1v5V#0RXhwn8_IJj(Jw8*GHx(EKp@VKl6Pc32N{U=yr`t*{P8{=od84Msmg zerSgtm;-BI9jur1N68N>VXMT$$REiMZLkey!x#*aXf0A7S?bXURF|kAE`L5|={I2nsz?gxXmyC^GWCYf6$=l_0Yj_EV|`kx-J z*X}z{eV*t0T&m9L(>*=Or;KOJ$<}%~&5X0mInO>9*>ai5r;TUIJ?wDuQqLc!Sut_n z(q(nDJDg{ii>$fKK3AE1MnC;a?g`g9d71j3RgWFcGUq(ITx5^Sq5U~^7=7M&rkorY z$7vRvWyyK=xyY8wjJ{wz6YgQg$xXh#ahhGuGWw#=Y1UbBUc1l5aQ#c_FySgQ?qSKv zfSV zzOGKlxraSYZc(4pjQ>L&rkrPoi_E#qnyc({591Z%C)DLMbI!8lJZmnp&t znQ-!Q=HoO=&NBX{@l3cFaxSyrD!bn@-hPU2Q@h8>_TSbr{tem_%}U9PgnJ?wMRpAU3@uAct=pmxhy#=lUP2^ZO8N5A}6Ubmrt z-`7XBtXTfq*Bd6k@pb0<*6~|khnaGQIpS;xgbf3Us8`#0mg&XXk#r5~dQ$giS4;}i9By=22aJFZ7p*Z-#OFLM^xxOh;oWEq?^ zj@31dV|*=jZ{|F&Z5$hBjIU!ndn_1T&$w_sHjW)8H+TK|`m=ijbxzT~q3cYTv0~2p z#_F(h6YF3)r5+0|JizsvsvFvjZlOODMmN`Ao}8+lc9$jd+c`hii#r;p9pA;cTU!6! zv>B)R-^%mAoL#p1*Y~mx?Us>qOHb2}J?5-guwlvQbp4!D!i*V9`|pSA_T4gPdT-;H zvt*AoYc|a8qhDAz3l^+dGO^y4Sy=aseoR@g!;)Rr>@l+biV6E65BuTN1NFbJe%d)3 z_82AB!GsMnM)#xsUCy)5-1YSS7Y};cC5zDS0qQej&72LpjBc$y6PCD*|KKzVEq|$@V^_VhahdH}kHa>c|I@$?KW~`aBVf+Yn?qEC<=FHe- z&Un`Nkh5gQnjJPQ7)@Ir6ZV-gdZh8}uwcoOHTz+|k5WfFWy6XS57s_Yy*nDmL_2v5 zwOeLP9;+@>7NH+YR;<})!{~A9+(~~X>@Z`&oD~c9Su*Pw&zublMt9bJyzwlUF@A#a z%vi9?l0DXJ*f4sc@psXW33F!bF=xqweU@xlGdjz7CXDWCJQH@AvB#Vx3-+I6JfkNY z&*CY*&N#RJoI2VKqr2(bl%UxH$WTIU$W5b-uv(;hFJ^EEIP*1yM&Ca}fq0Q)C&f$d@58_O{ zbJWvrnK6FJ#e=W-OVrV!@UrmN~{#mCfR_HoxAuI?v1H^%k2!0J=xalK*5^wSJE zSA(BX_YuzFv-ZJ?t?TjUjnnS1V2>sHtQmj7ydh^aD`&z!Gsa&uo?RA9zvTLM`~0fU zEiAt7^9r+X_*}vCTk3`Wj2`Lw_q4>S+iurn$ym)_?7Wn zU1!2RGp2oY*kQpgOZHf^V#9`s`y2n-IOfdRV;QdhMt`PE+}|FvaKBkF`K_Ee8y1Y* zw~|xNxA!M?oO{JO+^0XQ6V97Cdn_3LML%Y&L(YZ;Bj?|3%*#G=wk(+a)i~yCSTTCE z^>NO9%>LJW+7&bQnTMPO@Z`_oFxlJ2aIRJni(7B zj2>_NLE~94W1o3wx5l%_k`-$zXU&!knKFKj*AE-*9-}84&xAEIMwh!}Fr#0|JX~kN zhGoc)SC26pri`9q-Aq_8V~;s27OYvaAFjW~xu2kpcFKl1qdD_jUL8hPP=^U~_E@lH z$?S^8v&$yrjJz*bOjusYc-G9r`!x&3k?~B}Fk|#I^D|+=j6LS8Sg_BM4QobMHl8t~ zryI|N6&LNVxQ05~JyzQNN%gcF7L2Z`9uwBgudNw?@yr=5 zI9F!c$xYM=*IBS&$sTKFQ|ho}^c>@uuwlmNrp7a7!Hgwy)-2et$LP8C!-NepMmM`; zFl{{r^N_P(&5rBQ&DGORSTkkAmeDr-Pq}2UpkHzeb+rp-;W~5nS+Hfv=$7g*W5bfs z^UTMD4Kqf!GM)(wW-QrZ&6*A4#Q5i17ZWzj*fM8yYvY-)WX76ZHY~&Su>RYq^8z^& z=FHe*&WZ&au7>lv?InYj`KiXcUb1G(hVkvxo3~yjY&rE>?c1xX-DS=m3zjU|xq~{) z*|5vZxR%iit#evE7R*>NXU&2QOSY^T-BBGTj9z4aOxWeTy2+i?3D=o3XAyFiELpS9 zhApEPt9xg47&BwSo_by8+9eCtEZN>gozU;D>afG;9Chz@$zUa{BUMj3WyY2{<9n#X z4oh}fv&V)FqnGG+Pve;~W5Jv?3pOm-vSxBGkU`5<7fE# z!IBf|#Lx6PVvjSdILFSjjAx%qjB?|cuxsAtdB&e>p646Sj5F+VjwKh^aw+65Fh6sy zg`5-CU2}>JXBf>J&zKABaEV>6vB!xw8pql?k{24UU2rB`=Nua@u;miV7nz^Yi`8Mm zi8omnrU3jAzV=!u~nMoHH!AC)}r(s1tH7Fk}2qIhV9cuCU@7 zYfijbzn7|`U-mN36-!RJUUM;w@5;54m#fc)mFvA%m`A(wO7*mBE`^*cY{PY?+s*S9 z>*W*+&amVhD@O0KzgMZJopOmCuCU8B_BioY<2c3W)#@PTNoSb?StiE3CK{`f=jz z>bzbZ7Mx+jId;!ghdnN_<_e=X7|)awUSAzfvCA12?3lO5_}%)y&Fe-xXD?i5#pvz& z%d_`;ooZKX*=O#0e!lmKe|BCU@cPznI3LHW^Hvfh6(|Cg;-JO3KBdz{sdYW1|E?^{2MA38VJ;~%N7-Lhoz zWA)knsru~vOx^dX&xF~}-7n*kU#X|vGH3cbby)r0czO9J^|ZTx@wyH3>{2iEXVf$Q zZujqe=N|1H~-X5>6- zCgGfzGrorYVSP-(Jj_CU7OXOK-{s*n|6zgQgob@e?XTu__$(DhUI`uontv(hear=NCo z`@MrT?f9){k@&ah#rf9F1X{k=u!#yQvHnZ1KnyWm3T$0a8BRhJpp z*x|&#sn01EoMFj1_PM~8OHA%(JUg8Ff}CsG(f!r=hw-F1f~<6CYEbQ|vuh9afwR*SWx! zOCisU4>{LZbK>LX;S{5X7|)b*>~Mhvm)PeDlZP75j4RgF<3y=0r`un4eQDIKz^2>~n$9tno~_!VXjObRVORcEySR zXaAgH@3HEz@ffb8z{YmO-7hKj(=G52ju&>>Jn)+ef)7Af^a}0jT{XN_3 zkJU5H=X#$rjGwjF-+xu_+2#w^xxki7A%BkgOxe}1{Nu;v{5 zTnPE|^k;`FEV;&-6aVgc;1r|h8_$Gu>~MiSF0tYYTdpyBf$^WxpHs{@!-8|{ae*b5 z7|k2cglo(=@oD`y#ps2`Gv{2m&IOiSV#5_?FEXAvCzj2}DfT$SmUE0=Y&oMUv3@l3eHlq>9TjWs7eYaFK-zr=VZoMXlXcDclowfmO5RGpA> zjX5X6`!1(garVo6nfHgvyf1hEwL7o(eyv@c>-l5DY1flC?)CSh)#0S;C8t?)HuU2v z<2UKYl#|BgTw?oX>tS`C^@MtFv!1WWImMPU?7Z9iE{pf*&***Xv3tI+2VXVs2dtOL zlDaHD>g&c1bw8#K(@$6rd!O=khV`edi`i$*_ch}xUzgbXvU6j;!#lXZ);@o4SN-em8%%whH`+HSnBREcV2PcZ?(_F>^_$-3@7v1nxX<6iwGT$$ zb)6YIciK1Tx!&b6D;BP2ciuOsS##C(h7FUu82>%z&naeH{Dbu|)o$)?JmY)p8}!*S zs_pBZ=3{a%^D*Ztqtn#+zVYm^tMqrCJ%NVtXNrZlkFSC7h1nGO1c~)Fxd6xAvezNoUDW76ptXQ%$XFPkH{+aqu_1v*$#XeWreVX?{1ooCz6FOB1zbLc$R{P7kmU+j4{Z+4D#{@Oa3 zvv`SqtXMODsr~#${g+uMqptM@Uv9tbGybh}e}#21ex-8@Zr?XpVTaKl)p?cmu=^V4 zz}{=EgW2oN|6kU9uKlolqjBsM#{IW>-r`(Xz16(T-?neC#^fE&?|^#}~jPv}9{+~6EaV_a)4l@>$C5~Clh!<1_wXJuUHC(ieZn>QstRri3L)9i4TUCzjx zpQ)?eva8+xTz&267tTpL`=xopIQF$Wzfxa2XLKe1Ue&&H(5{(k*S~fi+I{BQ{ogp3 zgVxKQcJo{7(Qa95w>zy%JNljHT08o^^U{u)MEM*^?_^X=t@6L_+ zF7vUw+xl7Tv2J!Qw%!wYiG4HMs}9qB&c`}>Y_y~O`fJCWZ0(B)GtMyQ9D7^{`2q7^ z&AA=4Z>E>pXXww>(4Tu)a9Q47rtYQAb6`I0Xw&{dq8&57y7e8me=wt+GtG`^Q>4y^?ilXKb~zXurRo=Xql?X}wprzTj1?*Y$#hc63$a z*+0?vYs#;--@jkM>*ebE2a8OuVI6EH<=1kbuB8t1Ya7qbN&5#Y>|MutuI;{G*ZNss z&$`)*tv7gm`(|+ibxv~MZ>SFYoVT8a1zRpLKG}INWuG})Hk=+fha2f{e92kuiaGn? zI$JJ>d2V7|*RhYA>c{eC>a%mo{=pvhZ{a>(SNm4>%YL$duol|4G0*k1Z@Yi6z|QTQ zQ)u6Q|6np!ciQ^d-qHPKb7%L5*3pOkn9j6YbZeZML&X>*U?h`xrvHlyXd*A*3{*v+c zQ;*I4ozuzk2RbL#4{}aSGwWmZ5bL>-_8HED^;YW-?T6d%jXe*u>al*LeKLKt=gvC1 zTn+6rt?MS%&CK=UG0t5(daQkE$6RE>k||f%VV_;L>@nVK9;WO(&i>RX9Y1Y9$^Wf9e#l>G94p3`H}7`m&Wbr(7R+8{9D7_1*V!_CwQ;@<7Mx+9 zb4*|3{@&C$&M@a3D|W;61Zcw3%(`A`eZR6V?UHNS=}xZ~?TiaA zQ*X_Bv}-0^`Jc=ia;|FEe>MK)+Pj=r=(oo?zQTN$SobZ=x8HN1T^y7%xl~=(i%kax z$t$gY^MOH^(Zm72H?9BW4h*W0AFs{qgad=gTUsZR?bdmv1A_(ju6$t7XK~d7gXvc} zm#ZD{`>NJ^P5tyQuXSKB!~EI@25YXj@qt15YV8{x7%Z}TlLLb$v~Q~4Yn;=~4-9(D zZ*^d>hi&5eg8OkB*V#YSb=J2(;P+&#_s$0fORUlZgO`nkqG#5nDinRb8Hxo9Vkw2sh^Numzt z7(dE7nRAsDqg(5LrtxgJ$n-G>{Jk^h#);b)&xFzA4)}Xz#y#G?-(cP+n=f2{ih4}B zhhd)+r=6SmF*RHvw-JWfncJ>VCtliz_oI=j&Q;mO~`IvKw75j{y?|$FT zIWc4N0(Du=tH+kn?bUsu`B^Y$^CIWS`X%Ojlli*l(@tM*zB_ncI8&&*{lK839lgqV zu+Kgl?qSPl+WKC7U@*m$DLb5H&YWE?uwaipF0*9Kifin%Wy{Gss{0z}&4e>d*mQ>~rEy_OW1{jF~dwEK}ypxWEp3>~fhs)~vY3h7)(TPR5L0>)aSK zW5PM6?6SiiyR6t_pA}oyoV<&5GGW6Rw(Kx^o&7T5A~P;C=PC>CVUN*WohzqUF=fqJ z_L;L~!T9x_1E#FmVZ)pgce7r`EI7>`GnSlV%>_1GVs!3-!3q zy*=jDuGnMEWj0)8ez9}Ar*(6h(IwWwggH|#u)`(htXQzm9`~?fYrcB&;9&OM_ILe* z{{8E6*1;Pb98A84H#|7#1W%R+Z*TUYeoWbY^1;CzOD?d_RsHg(sLMX%4>hUB<2WO)o~k~hr#UaC zPdCp8od;*xveiF6TR-iBtBjwi{%PuPmhrRfKeQSBtLGy(uXglobwkcRQ_jfK=Qs}* zTw?NE>y~#odAjRd4gH?y9G293zW%`%92_jOn0K!FRh(tRHP`zuay}n&{T%CYz0XBv zFR>1mTw~{@2M1I4wm;6X_cH4UZLYA>)i1Oe-$(o9>at=dv|phvbCxV$XmM3-IurUe#Uc#{kM9K*nOLIuztJyaDV+4&C8fMbN1NfGHb4} zW%K~+c&GlXxxmi5ynfkb!yYFdXkUz3bDDi-Y&gf3T}JP=FBY8rFyCWd?fAXs4cB|d zKgd4bZ$1|1n~%{4tpCCKF=6yU=fsRX=B!w=Vdq26BeO2fviyj14s9;6X2m{N*|K5w zar=0P@tkItv+Q$$X=%O8ShK@5=4@GT@}bU!2`grd{-1MT@k!^vh9#3v8PAk0GftkN zE)#Y+!*bdEV#Njaxy0nN_Q8S;dz{#+KVw#$W}g`w&av}3=f;|=A!ieEPCU$cFlPLD zQ_guD?6AjqmMlVh#eHDK6?VR1JkxJ_ejceV zQ+7DZoH<)AF#eWxu;NPa+t$yTlaI15CTuvv?su$%JdP&i&uCxhij%YG=Q*55|Acj|KP0Yfe5vJvOfAYn~hJ{vTcch;jer9JH(d zR!2MeA9b`le|E0gHH$F5p?3aP>(Xwxtljxv=cL_dKeYemyg#bVgq@4*E40}S?Z11j zLYsAH@3PL&X8bYdwcC0a?Xg~UV|KOc1NO`2GIc+0-0`j7H?z+xwu6Z$>VMUCFw5-Z zcF=ddzIi)X(vDAQ2a~07w`~U*vpctg71z65(2nob4k}h$bG^E6J7|LsZU>F)-K-tN zpD>=2XPNgQ>S)(nsU1D49rUz|$LP=GDeYj{_44f2?~j@9`NlsMF=Ni01q=4L#EL7d*=NI+(TmML zrw&u5oMpzG9WF3uk6kXaV9g%aSh8is$)}o!3HzL3!wy@{Gdjom7;}j!SJ>eibGGbq z@@eK{!X9T>vcrn=tXZ(nB{rwJyzx&19zFB>i~eXah?xyI~u&g0qk_j+}i zo@+d_HyHmMzR`IH-((!)!nr(GJ-j(F&;I%5`K11wzd-#D zxX;=hPHN{&*ySQC&ah^OeJ-~GhxaZX6&%TdFCwG~WPP z8#atSrQW})$CNYda*h=jShL4yNgZbFvtS!?#-Emd$n(RD9Tx1e$3>PbS#gCm`)t^< z<>azDAGRLGoMFm2X6%OR|7JZ*xEylUA?F%9Y}sY}8S^t`#SZ)IvSp9)N9>C!`|Pk~ zm+@zfXUdYZteCUr0{iT-_^5S+>s({}F?HDGG}J->le6x>~V?p zzq?<-PpK2~Ppk6<`((oUv+6MVobwIWS+e(e{k~`)U$9>0Us5l$E3daN**8<>U$)Ll ze|EG>Mqjoc&TBU;LVqqX`igU6%vC0Am~uj$mea;3UsYc_Wk);btag_<3ofw79!oB> zV$C|_VI3i76LLm7w7+5>tl15^Ua?`#3D?uFX|v!oOJ=MXeO3N->tpmE=3&OU(4R}8 zz2drdhpXBZ+u%2h+hKp-v=3%nWX>vF|F(WCeqjEu>3^Yl*)V7NBkO19$L{ynW2Kk)MLuY?^qubb~wW>=UA}I{J*U$T<045ocOLf|6@L;Oxa^6T>q2#*ku{6 zvu4GG@2UG|&l@{`@tm>O*jKInSL2!fujhuv-|Q<~zeqphb54ZuOup~j{%(Hlgegc78Y+;Nuaw|px<7IK+LsRI7@uT4%&ub`yVo`Dr`CBrb=i;A zWpo2M(;LcvWIvV z>fc6Pwp?a)TREdsFC9$%N?p#fyq)pPZ|^)7Xvka|1SeXw<~$gG16S6M&A zxZkONhJ7&JYX58=W_`c6?uQ%4{1Mi{K3CYARre3-KGHgwK1$AtHRDHLI%wHtvSu7R zOdoUUpk(woIZLL0bp7#{4hptUxOC8G{Y2ybOMaI6%${Uicut>vso!@s4=d)+QHSxX ztn0tc^ET`LAN3ZkhZR>s`(3X8NxyeHA7)$#?e|zOE4J*s*SvqW4tCi4C+lMRKJzjD z=Sv6CU-W0n&c9d>TbAs--};%JuU}&xPO-z3IcM2r&g28?GUX~WHtcZXulj$`{@G=R z(Z9KVgDrmUW-6hWqzO2b=EA8yKE3$V%+A- z{GO(HCN3K+v2(f0{QLK<=lIJ8Q+w_6gv$nVtgm#Lf4{zUM3)WL7++bw&vnkRdllmu zU;Q%w-hAUYwO_q!$l2#2i^@nK3Wm9=C>tb}8`^lJ#Ojt5I{W8DDy^iOpO5_p9`0$&3}}!u5x!AFgxmWaG}TAMKodW)Ht?5N~mv(<~lgKkTt!JL|j| zJ<@$*pOX_?HZ@GxKFYorJ=!>CXSz@9ux9=k^)F{!$NgmU1nXh`MDsH~OMbj_;51V% zTW9`E`_S&Q%Z7_Ao@L)ma_cz3zBt3|*`5>DTxR|p=g;W5>Rw(y&NJO6XU3Whqbt}4 zr&v7CIkCqsOD?keeESbMTUIZy|0|l0Gb~Vr`g$?_xUT$5H`kV^B!n)XJm)-5okp)*6y~;dnUt_;l)?RRaY}jSX#c=(##xdp! zOHN$He2iJV&N%is$L<@9W66>gSHkr-nvVset6CSQ*}Ta(w(PPjjAO+WcHe9q>pUlUYd)RrO^-ju}vHJo2SbWI- zn0#2hYwG_|=fTd$teXw@u=jD}uVw$GeX`F*mY>j%75nV|KlkI>>T-%brYt$j=#$Qe z?Y}$c(EgNjX7*|OI?23Dm@RugLz@fivd12mS+QpG8LtPnoV<>DpEaHZJ4`-jT)6&u z{TXvDw7;PLb+wtWV$PZi?6b#)%Z$Hd922&znO;xMS*Bk$j(skN>#T!c@w~*=$7#l2 zb^ffr=6PfJb>|n_?6c4AjkH&cXZa21A96-Mr={OCFEd6r)}IOEZ>h_SIlC;_`?hmt z^&R&)_+8^~!tcphbBTRcOls>0*V(f3ef_6AH=Jdc^Q^eYmdlKPV7(#d;?2}!qaFQF zUG19DO`Qj)7+t6?)BiL-vmefqBVa-+jqhB~5?Ut=}_m}RIcJeFhIz@lB+C664 zC6im}&pGX^?>=a!zi~b+xfa^L^*kh=PcDRU%(PoBX-7M)H;m^RyPUAjic{>ftAF-8 z>*3_4!~Z+(r4Qe9+&L#6cfII@%b$1L2`7f@vH#oo_FaQp4*LZD|NC#+G$jlDx4&%H z;M6PlhpU`;zpI?|psQZ##h2f{>0Z~p`z`M*D{d^}jZ`yRO`!h3|zj8gFl7C))v(fxX>-miQ+w$9w z=FeWw=j8t*zsYF+g!OzuzE6I}XukPDhdP93a7lj3yLSz)GMYbdef*02B>A}UYw`!k zZ!22#!e)G}sPhKBCBR|{t>y74*TF>W(`MC8j4C{{@zckFp zjbD+6{f%4y+AzP#==w&^e`4bB{tmqt{Nwd|#`^lFhWW!s$8Ubfp$_5x%*fwk{#$y^ zjyzvmZhBnk5b`g&&Qnn^YSN;*5Ca2Bj>juzx;d0uWw0yl6>s`hxxemt;tU@ ze%$MG;&{)GeBAgc`I++Tj;{Za>*q5w%&#+=&#vcl!+hNO7mkrH4fCsw*3Z`KuN-6i z+AtsY`k6T4@czfGZ)%v28$Tnz%LeynZkUf7zaS6yXYAL%VSeW5{x?73$n&!z|GDvF zU;o2A9UcGT_4AwXb$Z_h>z_JCJ~Pb6?JrDw+)KA+hdz;<;Ir2QH*Gomx#aNYj4Am8 z-n47*Veiuu^AF#;{vPtq%~pAObo_~j-bXV1wtF2tgA?bC^wSRSGqrVWw~rV4=OZ;X zZ#!~Mjr_FZcMl$MRQ}K-dE|4>cKL~;`GeQbDUolJkGoIVFu&L6_?NDa&*f*GuzPUz z(fsh+=%Mu&@(bnT>X*mJ>tp22G4jY8=tlD=$H=o|F#N3*|GT`N-$2LcZw=D)gSl#Hu7y7 z)Q_UWd3c?zzkcq2q<$hl-}rIopUHQ~Z!tQ4?$GeV`np+<(S+?*F6L_m>RwxzT*{6OYWF$uHbs{(P99G&=t9m$Ad|f5Uv-=d@CO-XC@i z?tIke%-bLNoLS4m^EYrvtC5HE8}~Ul^5E>WzBe58 zd@US#z7qM?zw8>^V6^^Y*3Ty!<_{XpHy{2+Cft);zTNl-9+l6m?_YkA=V#pdOZj=m zZ#`=K;SVUGel6dzLEeP=@*f;E{yRtJkGwIS-}pYm=ddHM|1H-FpTQ2DUlQ{F-8J~{ zqsIUK$oNdY?QhQSsC?l_p38U2&pj%C&5^v2Z@p;O;I&8P+mGa>e8&cPEkE_|)iW0#+Ijn4n9L(?DLzkG-ME=N5dcR2EVWb&Q6cMa|^I{rE9<8%3@J>&C2 ze)0x+DL-w4yq2FOAGiKSzHNi?kskn@w?UrBFW4Z@EiL{Q_4@? zAg|@8$;a+rzIB7~kvG0=8{~=nybbb9e!&Lw=kgsJj4$LnH^@u*rc1`3Pc1)LK6d}| zQ#TkNd1K$YL7vFBZIEa3^EQ}2m!H4E_(Hy8gS?dQ+#s*zoAz$7fBA{>JLq=g{cYs+ z8C~1?Y>+4NtsCT-eA@=|=kn7gb`MS-o&Ry`?+?W=ztd>`y!E`4pM1I9{(JNO_m7{` zJ$F5?!+80)uRo1^oBZLU<41mu7x`dzf&7%w{3+}86ZsDLQJ*hHKEGwh$n#-7?&lQ6 zFu(uk{G0E6XaQl)Qht&7eH*jB|NE`4ua@tWkNbSy$T#`^ecb*cKfpRs?vJ_F>u+>W0^O5u4y#DipOn#Pp|55p#BkRxQ;q%p7kNW!Y#v@-p3i+v58UOuB zIn2jBAGLhz2IHG!c+-^kDTGx;|2-*Pm6>iYf3<=Zz{Uop(be*Tf4 zx54=O79&4-@N|)aVEdO`0(?rBhSa-Z;uW= zKe>E|+{f_s{O})h9LkH~_?wRAXRV)KIUGMbnr}Y*gZe|C|Kyvlx_j*B(`J~D`~D+R zXH!{302HkBbi zarfYMqj|o5KDB(O{ANeJzHW5n_0`BPy4v`kFGSZroR9nYOd{WQ_3`V=(AH7&*7V4KJNZRzOlK;{HKkMAN~1<{KU!K zV?SSH@{>2nbNQ)qKZaXh-^icy6!P=s!pTkEdAD(~g{*RGo!+hNQxjd|YTwcg`$j6;eDL>Wy8~1$F^3&wwo{vVp zT|Vylh;HQT%LdO!A`j!ooliE*$E`n?Z`+`LAwNq#?*5d+eBAu?Fn`b{|NF=1!;zmq zH1du17kOh3`+LYyUVHrcmcxA9>#LTZcHIqr z{x{5@e$@UB|9~odeTlrWo@e~num8i`F|MC)XZ`C>CO_YJKW13ZNB(>#ALhwu{`B?n zh5Q2JPan+>|9I}u=YvwdQ+~72{7LKMYxza;anDCH%*U-S^1)^M^>z=&ef~(~=gG(Y z{5q4LFUR`+M?e1vE|7n7G~fKSLmLR^U&zmj$Ja0A+vMY3AN4S|&Gq?5e$Szi?=XJs z>)*yN+@O9k%*UN?Hq7rbI{ypS?@unjNd2+zfAXF3aql1Hu>QF7ujS`me}m6|!+hNN zMINj$eq5dm^Ks{!$6)1@dv{R}AxU=Ti>rj~ibP^Ks)FdD!2$Jn~@dkdJ#l z62XNVtUnv(0kZ-@i`1@B5^Ktj5K1SXQ^Ktht@`d$0^N(9!B0pa~?)$#~M)TpH zFMI3T6h2?VPe&IvF`n-GeJLz@1244yN@{xHD{Vu_Jzu1Fv znm=!PN9dQ1)_dJi^=9-t`}Mm9Tej%8eWc!&=BRz-`fdC3u0yZiiEN}^_!>BJ-xl>d z<&C=r_Y3Dzj@G-&QS~bQ&M$TiPB>1#YNX%h{YMIh^IOyJ+&2&VT{ym9r1J%D@q2!k zQ*Ujg-`lUvqvF`h9z}-*t~#-)gA$&0T|6g!Szl z?YHfy^|kt)|Lt9acZGQ`8tr%PQS(k&|GEBLZHMV6IwSXObNJ!!`tuS#U!3RX%P$G@ z&X4rlG9TtO`ta{l&FlB`%XSUE5b6~p{WgF6sCqs9wjOu*^XA0)BmL%&bUXCiuY~pa zxpnxt(8L8J{Wgam?yaw{(eFgRe{-ncj`95_eI4HC=cNAg8=EFB9O<{^qv2;YNA5?e z-==8y;2MXXgGZ0tx62)M&U2yOm3JTdbJ2--q~D?6L0?~A_?0ZN7e1t} z_gmKQOh3oDYv`Ab^b0?0I^6B>`=5T>{Jdl-^vg#2ZGQKWjvj$c6TTpw;`^R^gn#ag z^!q>Wr-^UXGKKGN_1)SK1sT;C@hs@EOqH&QQrz3Sgqz3Ytsez=uif63>B2L{e;!QbVSHzF{N}^IFcQXhBkSAT9vNTB!}_qEkNkOUUvQSsYkwNeH?JKT-^zCw@9k@S{K)qUu^%*s z`lpTNBR>yI<>#O5`<>DCZMk81h7X-zXE^?9qvJ<@Z?!wj$9+H63;8L#$NpY!CEqE( z{b>D>pU3y*n{F|Fd@DaM**$pr==jY~K5{;>!rQiv|GbwD^Kt9%4D-hxRsZl0)DPW% z`335Se?D@5M}FU^H_T5S%}4&ctQzJo9L-05-?J}2@nPeCUewBWPLKcdoH+bJq4DE> z9+1kn-f8z>-1qYx`A+-0`{?>ce&4M-tUvDc*OQ-Y{;Q3SA9;SNVLtBjcz>9uqvKzE z==L6ZK3n-|>fd-YANhTm*bf@F%E$dYEtQ`qA6LI4zhHyi6WE9zOo(DV6-h zyN^HLzWhAn$9=!i4#!Vi&OHD4dD)gh_*#GX{m+frX8gGKhg80OgS;aT^N;&^Kv#aj z2J7n$^IMMIpOHULtK>V3_vK)H{fA$^ht}VhU${Zu%6H078y!FL{uYNH=zk+i`=m5+OURq~6}pF67l;U74K z`TO$I?lu1YweoGJ?H-(e)cg1Qj=X=zcRqYR%nBQ}B{+F!3zB=-7e&b%BUHJ}q z_+yD9&)>-Jll6vq_m$!!D?fjO`xE;B81ivH4@u=`IiGR&uQSZY zJwM%HKJNSdo_y;D_qQ76VKJM#d{}_3DjQVl-!fpO>_0wbIonz$PVLtZxKgRg#7~}iL z7~c-_hmD^9=EEN_!s|Cqy?@&O*w?>&tNi{)jlcJi*H=frT|V~tALb{Hjvx7bjGp|& zM~#1ftK{3{NBz7!)bhXB|Mlf($xjLw{_*vF6m(Lf*k2}9~ zn2#IZk?%Bq?EZ)Oxca?eKCXTx-}Kn=>+2sQZ;z43r)^w69p*RC?a1qEv5&xaYek-)a1~`K#ghcN{hUTaL`%mv4RC_~)Y?=Hu$e_xAp8{J1=opDG`B z{+(ey?){-VtbeW1^^g2}A9}-l-1$`Uu)q6`j^BLR`u^qH<>P*zp_N}Czy9d>k=kt92|NVaFxuN(g_gUNf$Y1PR`U%G$to7CYSqeUk{&||K{vqQy z+s2jlqwYJ-!pG2Oo3+BP_Oizt-}CSZxE22jd>Vd^)>rpAcO19oH|emi@?wV7j`)jW53${Pi=hK=;#O~Z9ry(LX8M`f3b*zj67Xrb)&5dW|4()N>b)Zw_y+m~%_H9r z(l-k~a$xuKT(A7$t8lA*t~hSx-wwR>CHDHJ9Yx_*`%1t&;8y>df)Bzwb^6r)K?Xhy ze~9L~{lmxLR{xuK+{*tIXWv@C?KplxsC_>uXy5IZ6aP!?`kR1Hz|YqHU*r{^*FUA4 z{so$={ke?Oe`6^A@gV+Lc=yZg`jv-w)Zr`e);fF#-T=>O|016b>Rd=Y)CePgW7(?Um$w*AHIQotA4J)8(v}O-_9QT?N9ghAEx71 z`x6QHF!o=idBlGp*c<=hN8nceWgNHa_pIYXA^ZLU)=NKp1N)Z#isLb@?>{c!)z2Nr zt@hJCK>vdMl-5`0dkJ{QEA9ME!CT>MvsdcJb(Q*&fp^!@pLO;VT3?-Cj(-XG5xABADaWn;C$oqCtm9Vs386R#D9(E>b*?uT(s(bja|PJ@Qyk>1#g90{Zq#2a|~ChfBy8&YoD|5Ui2TO z`Dms6-{kK6kx+exH(#`v%%yXnd=T zuNio2+8$qL;T>?x|Gd+;+V_gnx5n2U`0{IQ`|WIuF2b$xF##Wbo!!5u9Jj{D415B8 ztNqS8ZjFz5$4N$|{;2VB1%3qkR{h(7FV=~_{W(5onxyPk=HChU2Kv34tNC>b-a2mA z&y3?%`Od-{(0{15f3>Rrd+4t?eKY+|-x}ZBSs0HI|EqNTYJ5+?7va|Uo^sr3pBcxk z@qHHF@OnG{@{U{M`-*;2rR|&L1_tr{KMH^fS)BHNMZn z2hq32_dI+V&N9AIKiz#-Z~TWh++_Q|1K&X3Dxdb}`TSnmzPf*raNN>QId0`&2EI!C zX8U*C($B*s{g(cU`}VE)6Yxdix5m#De6CLZXW-ND$LRdk;~)G;9iE3T z!yl#f)%dsq-+-Ixcibx9_A7jSGyU*Y>@$t3)W1mOd8rh<^$m9am4SD_E&W;eAiP`K zSNGfU@L~9cnydFot-#0N*7&jGxHW#Z(=kod(N8#TKSe`Mf;H{0>g!h7L4UA}64o`Y9}ZUUxr)yEAT~lTGNpVfX+j$8T}_;9`S!w2iw&pU4A&&nQr$8pQQ_F?*8;+n2$5N^#MSDbx|@4%h(<5vD=;B(l& zTLYi+{Q-4E8xeeanxcm4|>gIo4f@Co?qLi*QN${*hQ&N}rU-VL|L z-@L>Rf3&u*?$52jr{QM(cigQ1FTsEGKd$XZ4hQ}x;H|fvDlv_$@u%Ptzm>j><5v5f zb@na)^6+KsKUn9Vx_`0)Uxi!#?Z8{7?fTLFGM`)e33vngmVYVu#9!FMVKe^0>&-*u|= z8Lc1rWYB&x@C|rA#J>>mS@>|)F5f(S3~trW700de*>U{tI)3#&!SmPK_OSzBgj@O3{)+lM;kcE) z6kOtel=e^U&t>4taBKcD3vYdo?O)z;YkXXB+$x_P$6u}ei})9Gyz%dqlt1xvOsx9% z%KQEj@M-uRA^xGD{-)p^@3qIb47?R?<=-s40dAE~-f^pcUvc)$@`umWvEM%Gb1VN6 z@Ug$N>sJas0k`^>jN?z%`R8As^y|OGkA9ox>i&M-aV!5;;M3@TQ0qr#g7Vpcx882A zAKE$i>4sbNHvu1nTlQ1%Ww_;E20na;-G9%*r{VY3{;TJs^6-w2+5WA-SLf~W*@2IJ z!tS5jX&9{w_Wi7c@K4+0d&==AX#dsypbUKOZ|wFp3txtt^?wh(vIpOR_kPCiU)!%E ze?Dv1--P4V_?v>yp>Ori8Tcx^Mdy#YpD+twhFj~`JbVLgwVxGuYtF7;JMdn(mA~y{ zKDYYUgyUBGOzpulj$8fHEPN3EtooCOkHIbfRvfqHFFWvQ^sW4Fe+~Uto%~5SZpEK+ z+=@Q~pQ{u9EWDn7d1rq}*B`z9hc9B^>c4j!x8^tP*Zca<2-&ZkZzbRx*k>A{#z+5x zoQ$6-c<<-x)PMK{+$?|iG~6nmywiV_j$h3$R^W5!TlupCUxi!w(|&``t^7$iZuysj zFJs?q|M1q&+v%HyH^8m^+dRCZj{b_XpV0ZE_HTFK-RPU?Py5_TUji=iTly)-E&U9< zZu;Spe#?H|am)S+e4|eJ?l{gikgC7_3lOCKw%Q+fjXM6fvvIWwH_PAgRc&8AUy*{(;oo$K zSN0Dx@YXNd`-ije4!9M6-th~xeRaQl1>Rjpf5-9tT3?$zt1>s*`M7*Kkv8|{|a34?~sl^qV|8`ymvQ_#+P?ZehFSPD_O0~g;S=yHLi*1M);BBgMffj5d^O-ZV*ksw{q~!%54Y|w zB;XrgvGr5%Rd_BG|EGiaGh+X%_WEJg@h50~wSLIM=g_zEf5maD|Js2sqi^+}?Qg*U zIy?d2fIm$8r=AZ;!3V!)&%ZP93AnXCI_vnk+P*r!&pZA+%_Eib=@s}Q_AUJ#$75Pw zolm!Ce0{6_CE!P}pVInj|0xCEfLr<*_$oZE_0{?GEWBaS*3Ucp39YZ@H!JW~^m{Z{ z`r38dB@Mw zT%8}SIBxmBU?AtJ_pZ-c;$Q~4?prv zyZ>E*Z@{he?MVFJvdgdi&+GGq<5v1oaEaeqpJ(8$#6J{DU*-9>S@OV4YiT}ac|EntNgIV}8+_Il{-12W_5B;4z z^xNM|{(aj%e@(#0;FoCs)%cWx&%y7nxw=1_alA)!H9wh!FQWe!nydRWdC~uloj)s% zTlur&xLN+UQa`cJF{$dG`~~`cf@FTN{0+X3dLQq#ol@_iZTz}C!yLTFH_AABocADm z-|s%JRn^^L{zdgFBf)! z3)K6A?-}y%FmfZ`b@oo$_Lh+A_@0y7w&jZAA99b25^wX6iuYmBvV)S|_M7qV2X~fk zmvrxp^hmc-O|VgOc9n3C62`y0er! z3%NxtcZb|L3gV3;H~*76Oa0n39V~CsB!a|1Go+zIXS2 zlHMLA*Vq(F?*MYce1C3M@_9hZ-5Sd0G;;F|{<=GQNXbP$7K&Hq7aI}xzUdh)_r8$a zG317#?mgl2N-iCUdHXr*$TghheUqLv&5cT@sQzgj~~I{rCJvx3!#H_Ndrf5dVuGr{2>o`Lh2Y{_+0u2k%3!N69tb zJ6!(A$@lwlZGrMva^5q`m3Y(0ZQr~6zHud26|c-M{G#@8}!_XHUz_D&+#cI~Osi$rc&%gJ6`r9L;mh5Gl>Qzf>Y8ltOOPBy(N za&hE(Ugp~GhLWplzbUbY-222{LrT@FN`l3|L&&v_oGSg3$Te%Z&xhh&K(1rd^?w~& zP7W0+{uPiLL2gLwb!$1fyjGFhL2mIiuAl7Ha^Ze*|0Ltf^`}Zju{WsYei^bifL!+t zZd^E^<-+4a8o3eVz9jb2T5cg^Zx*?R^r_OvMDCE5lRH9{bR0u&?Z#83-$#*~R&tHM z361yb$Zhbv;`^n4IjrU08tPwSZ>2xDnfe?-Zc)p8=G|Pvgt*Y`cl;{bI8pg=f&HmNWSFc93T)19kkXwGg zYv&m)Cx^6^@;xl}Zg=f`O3Q`Y`4Vy)clh5&5uMd?r$Y9M$Tj_y%jY9Xt}36~88{{u zoV`UQ7YWJ$cMzdS6>gnkE74Bu%drcP-P_4^J5CRj<268{X_!F`{}f!(cZudQmE>=){Nb`6_`#5W zGl73gV*l^#_hGEV$KY1^HP28!b@aR7N8r|e(Exl7{w(c(r1JfAqwwWA`cv@5I{FLn z4fx}<{p&0FvjlHtzwE`K{CQ!JKkM+0@181sA;dou@aDfH{_olSKo`7qd3XCVUawE% zAMt+|`_ZK8j~c%wad-oclw%q@oqx}Jl^8dJdfxaY88f|d&ccuXz+{iOFF{eHc|{RSuLNWhnWbjtfa z!3zJ!KtBaP@=My2wtuCEy>wt*_o6-2MUDBlcet;{F9gFa7WhxMe@J2hYHle{!ny8|I5a{xz=2T+vUzaKpZo zbL!p1PdPtF%6VLu^F={9i`*gPnkc8|kg?IJkX#dSdG%7{7Le=y`Ki(|v6t6!pAGCu zy5qCV*YWG#{2utN?xiOkzgqK%KTwH&8a|KyM2O4e$S?OSeC^z#d9Irij{es}`uRY= z;Pjsz;{L^>cEXDA&h}!-I+uujkntXVuGUxgF5-LeB)tFM?R!UQ_)&PLwtubXzTf`g z+oa!$KLWVidxY$Jdzqg7H2nB)?R!gEc+&>wh9Ui~z`q>4^FQtU zEx>2svcFwP--UsG5k7xs)qG67w>x$_@tzhg|MDRIB7742Jz8I#JH_V6 zAGlRN|(;3v*5mY%BhBNqk!6@}lwXy#vxiY5HM zTHl{0d-2EN$Fct(nn!*W*iXWbqW>qF%MlcRd*u(GxqGp6YlMKn|679m&%&Epily&_ z_%{QdgO6k1N?!p!Unl;et@OnmxBO4SkJquEh98An`I~jzia+PL zReuZc@dp&m{ko##R{XJ#`}$V?#Ni{@x9V@w>0AD#;gjfF>B~B9#h-KbEna|&e-;cD{`HW)+W&yh?=PDByhZp? zxK)0!Px<;*{f;|+MJRrMg72jtzJ`5EKkc|xK3VuS`d0hSId0XT0=(%VMf1JkMR*(B zia+*g@*i%^FXN7ngwpSC;CShWkE3t(KWWFU_LX&fHDtfCzRbaU9$GZ-l@=VI4(V5( zJ1oNI(SNw+>KrFV$8;2KwZAz0INVBK((!(6U!60h;oEievyS&_eZBsLw_Q*t{f>8P zeYL+f-~N8h)pLgm{5bYgT3BOuK=a| z((n^?;?Kg5!>#e)J!u`Dms6#oeDb2AdCwsU@4VQa-=~FNYWGiB$F2T52S0jQ(R^;I0AGV!^|!bOkA1PeejGm3 zZ?6xM@X5>V`AORGOLY0DdmdT%QS{CJ555hz>PG>-2Dj>W5#IE)qWRva*q10DxaD6Q zJ_NV&H|e<5KcyXS)9HV1rF~`h;5o;w_FaIF;NKIpeLeoeC*hWVu`m0)N9(Keu{eAl zeJlTy@R>UKlXl#SKkK*^e-3`MPW%OUJ^zZ%{_}MD)O!PBdB!K~pR2h(|8_j4xfE@F93Aq<=-wKjz>waI^g3^Kh$tica6^-(z1Pf6*Tb#qU?p zcEaNDZMc;`Nyn}HNjq-&mxZrkKNX5!r61loV5hGDZ-bljA9zn4{n%H1`w1Ptp8vr6 z(KplYxRt&%T;jL%vyNN(Ie6Xl!zKNe{i5TR{n*#2pLO)(j$8ASBzy>ctA9*8Zmqww z@DcPa|8jfSFF4+<%kPzy{c0Zza8HCFk9Bu9Qaxx$ZXhxuxD8QgT(#YaK>zp7UDSuZzwoIoWgb&3XB< zgxoaeJ~FOE=apR5^I9^$=x2ZY7LhxuOZ#Zgb03*~@@Jim+;Jt>_~f(8F^gOu za%=1-y;s`DnwEQWqm~;*Zn>-IKUWjIx>64s!_U>o{9^o(MgRGhb}bivz9o-b$D@n> zb2V`-7k;khByzHz^YU*%$yMcFGvn?wa^7<_DJ56+TumIgk)EReTuoZbg`cZQAvgTQ zqTep3lw8&G8HbSDMy^5X!K{`GKUcGW+{9D;ds)#VTCUQ5+bNIuH!0t@+2d={aghz~ zclgs6|NP%^bN=hNbv~1WkJpL6um>+XesArcS|7*0<=eOXk2`+8)>rp~lJLpr(2nW% zgY-AvD1E-4e)tgnTl2%L&|So$sHS+W1?%Kb06luwWLPpw~y@DaE*|A-y; z({Ifm;_ylIt@}Gk_ze8XI)3$D?=<`<{9Mh|`XVdwzuo3J$1VQ~@JaMvsO_u$mm>T) z{7*Dj_tRp3=X1-yxZ_s+NIKr3?O!RS@9*!V9q-g!olj)pM=9TfntRW>`uaKH`2R4? z)&6k7+3(Zbf9;`H|BCQ!^sV!=*tbbP@jozvf%5&V#`fU;T^zoK{%f^;^}R4jc>k2W zzD~nuhKePo;T8LlFM1gyd76dyyr5`4ua$#0VSgy3Us<0OT>Jweepz6@D15kBdW7a9 zmGX&whxUp6$7=qX3Xj8k(6{n8xrcrlK8}5>eq|lMpN?PMzs|u&t|^w5G>?2MNM8Zo zcC9}i1?8vC--_`019kTQFnk>TXl-A;7cCB7gIoJcNqEysY@UX9*5O%re;uBKkH9Ve z3h+s|x&DRE!_EDV?~*=vPN!d;KgES-i={Tr{p#nnucYHv`$)t4uea-07Cr+1Tjo1K z`86)eT*tGYgEzgWSdzI>z}5L=LE?YC-9HrJ+xTzwpRw=x_HWSk)&1-^e1!NPsJVI$ zF$o`sTlG7=2hTeGYi&RBi=ckz;61k#&F2#e@Xq%ZOUaPFzd>9&YvTIe6Rqir#xbg7Wv)M81Co z_z2vZUlkp1(edl^?`8Tw^sV^gaItTWe~zE0?W_CMX~#dPx%ys?EPM_7chg+mkIlh{ zX6o$!iG8>=KPx(JrvLAK`xcMG`>}7;@1*0Fej46`{y92*>iLDN<5vFV9Jk^xINq)8 z>-`_N_;2M;>>uiV8N8ejI*@=IVT< z2;YX^U-P8byuJQ4_5+`r<3GIZ{YCS=Y)SYG{4?6Vdaq*|-t&Q?`Ci8?e16u>pPb`X z{uUg!`nTd9_G1M1^TgnB!A#$`NP-XX8Ik!P}`R+1pfBMKWE?SpR(|# z+wJ<3gP(v~@fRGo^0x>-I%nUnkNt@L1O7bizd9d_!<#;A^CY|duJ`Rs-eRaR30H1-I>4%?yTj`6Pp#Fcv){i@Gjn7GVQyu;E9z5&#eRcZO z^Jh87t@sP@ZPI7)B76;Q*PRH%l|aIvrhb3$F2O&Is518^r`)`g5y^FMQ7jAkFEIrS^9B! z8~$572_LG%)9`-y1=@f0d{Wlw-x%8891He0bMT{w?e#~&ajX1_j$f-?Mc7sQ2s?gfH0bvj`vgq|IZi z)F1fy+P*s9i0{FZj`xK2j~^54AE)8tpZ3pxgZ+!~%KR`3pMgK1flqn=Sv_BqbKI(* z1;?%WQ{02ce(J~n1fmb(SNF%_@T2%=mn_)H!Dl8#&YY4{}iR{mw-C*Y&n|A<_&aOZ#U&d=HP zy8s`DTkX3DKMJ?@Ph!6$ez;XXo=~w%sImfO3 zz2Lazf6;NPd}9Ab`4GRgKM{wEe`fo4+=@T#xD|ia#c!oA=eV^#C^-9;e?@rP7wq;K zTcdu#E&t;1A-I*kq~n%;8s3k-wLhALufg-W{3Bne)PMN)QG5I-z`jS!>#;@ z{i;5XJ8q>f377b-{lzqV2yXU&@EN$3zd6Uv{?BnMeMQHu{mIy`>&G8=+)O`w68~Qv zD!LiQ{Bmj(C?`ghY@ogWq9lW@!b*uT?%!ma#|J8tD~ z(s8T*NW&$5YkbVY+rC^U{f=Ay6&!z%PQQA;P7&UTeM>*K?(;`#{Z~}R?>PKu-adax z!cV|2(fV(y=%?XLU$NJxS;wvUR}S8Z{$FVO>U(htqW@Jp|B8;A>Hm$dZ`F@De4F?` z6^j4kLI0G5PZGbSpN5aat@@dTufaRDeRV%5C-K9r{-Xfz`I^1IQiS)zE&pQw;p$nwv&hZO%{;2bX0{jH_t?{$yxD|iwx4wRhwy(~|0AD#;cMty>B~B9#h-KbEna|&e-3+xy39 zcn|ynoxghj58e;Ao*&P_x4&VhuK-_z=d^uwf2RnaJZ9IA*nj%mT>r!8(YNYP(((K2 z_|^Gx+VMfn)&4*heggYe{mQ}D>cn4gygy|BlAwPo!rT7V?!RMqQa*6A{2jOIR}$Wd zzSV!F_t4KeeKY+||6w|P`u-z)hWKBldBop-=Nz}#t^I`}`~?14`mrs>54hF-;&9P_jLv`c{CpC=4S$s8>V8EU-gewB z->lXkN6X){e;QfDGaes(Y|(#@d0xx) zh2#d1n|LwLJ=_(0IhEeVAKz8`C-aN7C-7WM6uE-7cU9=QyIJJApHeLSD1zL!mis%| zD-G(wF|l`1(R*Kiv{}ddsgT^d_}5n~os{%;Yq@_6r6b1pE6>l%d*7o2T5d(|_y+MN zkQ;m^@4=ONI-=#i5~`;MklRjjA6Vi&q~-1rigyaRiBa-d>cP5_i^$@*Qf@N87=Lxq z{~nngEhmFSMQ#PTv9Y56eJ;%hRQ(G-=M|Ol7CEjRG(_99+~-5~x{zBu_r6Fy&0ufiCigtkfR>ZRLdD);o<~e6xvJ+8mynx7Zbs5E zs^lVaI8?DG^NY5Oe|`|nC^@-<>5F;ovYm0b^-V?Z`z)eUN>0|=O0EyNwp*Nkvr4YY zzft5Ck((3$7L;7%-GM>L7nxs-9CXhk=9OHf*gXI8$aV0X&Ud6gSWptx2UqZ=MJx?d|i|zSxz0z{wdbNXG>tDO}ku=IzQ!}o1M~fFA3$}EOHH;qa7A| zvs&(bA-QAXALmIIiQIyct0cp#FYCy)vhVLbZ<<$fRnMEo7@z0a|C9AebXmz&)q@0b z)9fR~MQ&Be$x(=E9|w?={ghioZbQkb=S^kazy5pL?<)5)sHc^4u}-O@-o3=;64~)n zd*0IppJQIb@kvELvMTDH{s6q=XZCYdqwsF{ts(te0{tnm4<8Nj%DK-1d;|Xa5SK#m z<6nXg{@h;ItULa}kbdR8L(M!Ox{SVMzYE@d(q7jOzW)bYn_?iZiu{}g-<{d;S!?gcIE!I$>n>yBIV=H|%0hH2t| zvW{Opx7h_h0>78$YTY#;`jr3uG*{=Yqt3py?wNADQ|qgJ&jonHzuV`UOYmO!qqV-e z7rqW3hFkGBH~QS#*X)81qW^JiU){?dfUm+|7~=lHrPR++c*nYZt~uqnwJ)*YxaI$n z;}TcU{`_nCUj15k+${en?F;|9wZ6<*_*-mt!NvdcHCOk71{}Bi8+F`@f6B#grr&XE zUvw>Sst@I5zZt0K0m(jQC*A#paexuG`)qgI)C;r3E z|0Q_uZ|!rDb+HfsOvwHxy#kiGZ36 zQ%ms0I{CK_Uxr)$H}l1h^>~-#mVX0qiT_dBKeg{O3SWg==T=kjj#IXO3yxdk&ywR- z`&@V28sD1lO8p{!Yy9qV{M9;rk;=LD0DKz#fe^1e*EtGbgx?Y3m2>MU_+ZiQ9~LBj zxRw7)@NT$OzUz)#{d@D>eEU}W>w+)Wu|MFrmH(rTTmDbM7qM^6PZ!|5o5fOx&c7>F z`*-}gntSg?^2e`r_yqd5h4|Yl{omd9HEh(e-{ts2wf@zW_y^z(TlV~86y5>1=BHEe zZn)LIEjZqx$zMDpb@a`QhbmcA(Qu4%dX&_0LEFIK-_ zEPYSnUC?r03B_APZu=*0|Dxe#m3;P|A*#dCBbE}pM?_cyG*U7rc+rQ{g za#i~mqsTS&zcZ~JjbrSEGmJ9Fi#gUt5o#E|sOlZ0AK1T{Una|uH_NKL5 zWgkZ7H78r}kA9bJ)XKd0B3$E7;n90iKYwShEB3>W!yl;i)%y`Z%WDxrY z;3G|&=6TE^_)++7>n16$KE~~F#?7(2;Om@9XXA_SQqEwJ8hSc&v_Xp`f>Pp^JeM)Qr!aHSd=#4`a?Q3Yl z|9fiwG|#-3zPRxF*yWjoufboe^&|d5N$jWLow3c*J3@Ri@IMQmdHwG7LG*KuTjO*A zK7ZckuIFE(UxZI${{cFF^?XI_-qdIGpBT!&#|Gsahi{+1S$d|{kN6j4#C{Uq*|AxA zSBSqONM9O051$M14+K05Kl-3e^ZNyJ@SY1cOI=#u-zM|Qry%-|+Vsxtg8CUb9oR3z zXCA#-x|wk>;EgxQ80hK8?nC}OZnN}5Z9lRc=*QvxJ$C#__z=9mQQN;n&UQTeX|eyr z%~By`|NDXctk_R%di`YJU&OzF=aoNv2A&D&zb?=(z)w77v-JHC|8~HO5`XVzDZzLb z*l&ECjCFqcW0cROo255|%Kx>M@`rCfW7GSd>x%yIfG6SouiG@&$!U1!^EXQ?A^(09 z_?LyR!6!rfV8CG=3u_w~pK}{q8}Dw_nLc zq;IXn8)G~^O8@)k_#Yioa*b(8gC{8INFdj7FY-y`#TX)@Fmg@Zl$)euNXuOxO2-m%bM$NfEOMh-ZYd-u^NY2MH%q^jbL&G| z?x$z#c-t9=C!W4pdY{N0)^fLo>{N;PkEeK@r}RW`3moQ|rjsIX;*66y#6i&m|AN{E5RS ziQii1C*dc?H_i74q~RmzTm5%d;y<)mYNMW2;=hm7F)#j{@LM;{bE*P-2>XxF=~K^N z7vcTrvrMblkCeOu^2+~QIQrH;UfgkOpC}36#{O>ed9j~{chQ*z zzcLEnfLrZ;3f?+vx2pyCk+<9Z(h_`lYSVn~ejP6Ub!z{wt<70DKs3#XstJD1R=kLZle;v2Z z&ze~-XZ;d;n@Qpfr3f^%0rn$ep;PlzftJEL$T*eZ-1AQz1*B!U? zn;%H~L*Gol}p^}V@E@WBt;@vl2>)z9V!Q-9I7%C8G9_TL?f|D9d~mi}!3z6`hg zA9dWaKLuZ`6aNDI2>c;Be)YY%OHSWv-|H@ZYhKd4-}m3jpDy?+@n5RrSKpgE0B`-s zrun_Oqwrq1HNH;4r{PxqEja$BQ2hP{70Lf4_}Jl1^Zv}b#Q)LF($_=!mG8}MehB>& z+#27z;0+(M>&Jl8x9az(<5z^@uY7Or6ucYzmi~g{R{1Q!d(pSr_qyX&{b_zE^&9<% zYX7dTj89$gVYn6l0DKH?jqjuI=}&B$&kan$kHD?@(*k@M{z2`ZdT;C!d~m@opLO`^ zr#H>}Tg?|xe~;Mt-vyuhjJ+-!fDeDp&Yw~E#uqlt`xjI2>7#c0UJ(9eyL^`%e}c{* zxth%1(mvMV9berv&!?L^$v?Q&e|PP{2ln8j@I~xDL;I(`7iE4+%)e;tiy-lR{z`lFwzfyjJE&kO8#}h$KX%aT-}cwfKS6M|3=}9a4UbO9Jlrz z7aX_NolAT0b;qst+x&3a7yeoGrwhITxBMG$yhrDcdhgySy!GpL{!hUh;8y-DIBvzi zlU|J2+?`r%gl=z@#>qqKc>zh?m60Uy#_z1L?HJ`A_=XUcIa ze-<3K{9A$#V&6U@)H$Q^)E8H4?y5Mtl^atQ#KcUm_AItdbU-%KYnSRGD{}x>Q zmj06Cmi{`tZua|53-S{GD>#sy_?x3GDBdKG|0rmGPf_zqis%qYHW; zY&_Tp6S*vMvY#jOsOT{z7rBkTq_Y2(M{bOBtnbNwe?iGLekHWue-gPK_US$;_STe~ z_nkErd(ARFbFO|@xyP`hh7T#$T!S@gEerkCQ^K_14W2+0qc5 z&~laieo5~k>2lI}a8AWPUNszWv`Lz|NVN4TJDli z{_P+)ft=h&i!N)qr-tPAGcLEWujk#1S=DmagyaU0>wd?kf8S+8%e^!tmqzXca!-y!H~sICJFexz z-y_#0<2UPIcDL5aBDoy!^hy(e#VO9R)4z#?`6I58tQ)#f8(h1mEL&W{%7Rhw>L{{8!7&P zfG6O~-`Ok;g9H7De~>2WOTk<5&)RR#z&qgg(fZQW@VDsCI{rY-)xEPk{0Q+ULjFC@ z^H1tYhVg!wa@gVbXi}HMFM!8?Ayy(7#A_Fr4cj|F%y{Oy`YZuJBX5VizA z0)G+xfaqV`(spr6$Hgt37q@g@)Y8+}GI;PVQ)j>9tanClYrHkm_>snzo{L(#J&qKz ztrxX4UD`6(`0jnX5s9@y=BDw-aX;q7W{F`h_{d$P0m2vmX|wb?mws$s)Y5S<`c8@M zx=1+&Pe=UCAm6&OS$fr(`Fq6l_dWIfJxM%mKdtq5hw$#7ZI*7_&EHqm`rFk*|9X^XS^Dvr)rVi1 z_2Ikq>qC)vj{a`5G*(rAo1Z{^+}SK0->p6@*4Bpv@<)FE$M^Rz@pMMFYW&R;K5^F8 z8T-4Ad`HvPAHBULpNPNr*sAFtMhWk2**fF)HjDgp>mT3WC+eGS`kN!3{`0mzSiFr@%IU5?r-x` z@b^hurJK2Lat8B<$47UYCCL2YyvT0EtE)19NE1)nC0pLTMlX>6jAQWqz@Oz23{VN?$v(^bDKn zd0hSU^!3tzJY%agLH3nDlAaXd4bR#tU0R) ztPwXPnGqhEDOjUZi2w!}`R%y+Rk3spQR7x5fecvPh?FC-u{qGmd z^S$4n*CO-#1phMF8%}MNZn`IbF#BY_$b9vpmQH4+2hW;f-gsLi@+|q&O;0Zt1K#eG zw?4?Dzwyeg;5mtdkt;mgSo662+;`L9z;hb*jkn(A1Mhj5_TB{2NB! zTW`MoP5Z=$i~Kojqc_KgOMTscG4qAdE&ux-`CC4+9!LLNjzdN)`z{Ztx~tt|Gn2y_uh51zNlqT>~-<)0QP!bvsL?>HkGP7O=O9J#YPM_z`(S*b%8WC(-M ziNEF3$G;uIy9s}v1k{%EMJ>I$-b8NMZBUc^?t3cvgPjv+R$o3{ufB-AEcV)N+$xoJ z_p53hANlcae!1%BwVRXJJB~f?UX0k}>TrJQ{x@;izJ`w1GERs- z`S(Jv_j|VYzoa7t?}h)~%9mlCzl}dM@?}`ed+i^48?R%Wl>qmVc#aW1G`>}ObYt{Z7(^g5Q@#T-i(?xhM;W7=~yS_A@Z=|PJY|7Y^!Cv

NrRT|$t-m3c0c!d$K*B`ZGuZX?vH*N*z_&0db zN^JhP7Q3AK_ol7Vums@O!AKgk)UdfGm~{0{xy`ZsC63HU1f0%yPC*Og^gy!<|Z+!}J;`0u$J z+Lx`WCz15-{dup%;?>t2_Qv15RhpN8aDLoWj+hGneD%BM$2xi&=>6c#%KdZo%H2!< zGuVH6Oa1gqdq05OBytytzoh@Qs(htB9)cf*Uw3AHJ$o;|3fMa_S&7eIVzKTZZdM}V zg*SiSL9XGgyVtv<$UKwr4gTxh{i+f!jME( z551;$*3K_egf|fW0kOAtyMOa;?OyWxFm{HpbN24_rMmxE+szI_;)UP;W3TPDE$@A~ zyZBXIuTSr8&l_gE`BLArnNMKvkzNe`e^Spaga?o3ub)zr!`J}`* zvsHS9=(~^9za7FC315(~z;0E(eJGr7UizQMdipQ7O5YZ}ApK=Mw{Q0urKje5QZLi! zA4mT`>**hoHY)Wp^7P#-iT`=*w0@w{zf|U5k(a2sPtClrh~5Z#9}dM|Qy<@=axzFk zJ38^_Qy%E=)-Or=lJGUS+y^uB=b7bp7wHS9Pn7(AdKNo_vs8F{_Ruh6_v@_GLi@mPye)AK1sc99%8+8`&RJYl)w%N47am?t7&IaF9y&boZG#hl<{K}-tiUo70zh< zh@9Nb&+@*G*vn&Y6?=C%Gkd?>%U<&fSkHd-f6rbDd&6II`vkT1w`#nMykjr_7O=PY zzi4jrb36O5WWM;#ti2g zyV}v|`t#lF1nJ6QXZ!g7%#O6z9qbJMVE6N*{o?aEybnF;&WAp6VAu1Z1IUdcxBW8a z52P#lZscm~dUap@U%S`!-hti1iNc#l6^Lhy{qHIMjy~P@$M2)6#@=1d2E@)Dr!pXZ;6pN$>H9Jcp>;i&YZ8RA)EUhDb!^K0$%r(OK?`Ze_X89$@q=NHhg&Clw- z>S+7&WBAq zv)GwuocXAv@9lfpd53A|Bz9Uq%sfNv?3u3jn0C4zz_nCI`*y;bM^XKV%*|GhJ@*wDuk2!yyxR)K|zD&^UUI(MZfdYF8)(>^o{se(4RT7RmzJ0|6WI* zon01IUKc5ADLLZx(%(V;{moWsR`h>fM}L?6ll~-yekbGVH%0$n(61R2^;kB&>sTgs z4rAxY-)@yYFLpk?mz@dI&bs)+xcU{bb8t61UjOFi9=GmhXH5KwKalU=U|f~+|L7IF z+0p4bdpA3SVkd*0nZI-6;Uo936WI#ab8jl-_uI#?Gx6=M(xb$myX>zC+Hu2%KcTq9(6A5VI{{h>HRXa7>|{e%I+dv^&xKzI+~{?0QQ#D}iC zAwzgK;a5rkZRlXczetl|k6QRFd<;Gs@aOpZ9$a$~o`)~ONuJXm4&8rQfiD|e_62s} zt8jhJDRyHoVSP(@`8oW9k%7Q&7d-CxMf~pCzT3CDRTh%81{#|%K4R|x^5fst_67qk zejIY#d#+WK_{cn9mhcJm)+He5W6Uy}x5`Y^#ojvhI=;76IxPWv+xu)idkIV=UP}IA z@9#tQ%5yQdCG&;qKB!xy{qjeDaD)}t=HtYCJ>3iO z|J%=x0^ui^*M35RywV8P`FE7p`O;2zkQ**+l{h}%V_x4~+t$T4AMvw~1Iv*gR?_kG z^5&o82kLOI{2lk6>l34Vyz~=3tnBJ~DE^;(2>liP!<+a$dhS&<{cvTW6nQ~-YvCey zi_G7T>v|~jRqC0X|3-iEqN;g*i{0g7nRqVNsmwv*xiKjX|LAb=>?AP8{7W3w3S>$Gr`+~FQuW|i-!_YoTWUgk+mvj`+Z~Mpacq`%S zgtrnd-Cg-3;n7j{{|S$l1NkZ8?SwZF&SPQ0N5bQTZ{uHe_yFM>gv&L=@<-$k5WZFw zo*+C!_$uLlBf@_D_3tgwJ*mFy_Hf@N!mj^Ee;EICJ(Kb(5I#h>cQ2vbZuluRN&G3o zN2>J1pXOKj_CCVzb^MvO{24%hxyr7We!`CvuIs({nQ`(`H+E~^v+z~)%JoI}vAebJ zCFD1duk?4}_Py?Sb$f`un({%fI=r25iN88LPWTDJb-qhF2MCw+vwabKBy9(r{L>`V zE033Z?K|oH&kbpUMSlvph98CXCHyeqO@!Zv-^(8f&lBECc(s28C-2Q0oPx-&6W)Qm zm)|NpdL8pq!aH1;{1Ewe!h5UiOS#3Jywx8h;r;0C)gNS#8$+&KzE*#57`aL0{(t*} zljt{{*eW$k!rVvFw?lXX;rA#9@>9ZNW3+GLtCsH~e1q_6`98we2(Ru}QiQJ(Ufr*x z2|q!2b^kF%`0_5{hY3GUcy+&$Cw#FgT-tGg@S}wP|Mn}f*H9nG7hS)l+`9@Ke6jcKjFH)dFdxyGx7nZA? zzfM4IcxUhWc?h|t|E{f{vxGMgUR^(Pgl}WFx_&M>d8>Y|J8sp_<{KGLi0==rpMB_! zH=M4ipDDt}2)F8IrVf{SI169hcRIALk?eIcWMdhH*%;Rl|s8Mk7uWBy2Zb-n8%e30cmAa@<=V zdG(lQXvB9uQqK=NZk69LxcL8v^xKk8JLt7ueY*5mseo1a)Y!Ezlu>a+y52zlbj|6~ zd->gLr?-aNspuU*ZxX#*>*>9=R&N%))ju#k$*%%>{nwH%iO{3*gm z;6=yF^Tt~v&+wY3cU08Db5+t--Bz~P?c%}4?gOWT_x~P@j0JXu55R}vyTvPf6h2|- zOLeY)p@*5+k)q1zGf82-6isMg|g@a$d!Tv&M zAEj}BW6eg2M8YS*zx{7yee=rGrD5lnzYcfz6>p0){)S5e+#&7fuHN&?R~J1`+3Jp= ze*pcaSD*I34@`{mk?;)RgM>@k{c`fdvxJWjE@>!#Qv9+&_#ELc6+gV(pec6*=K*~! z;pe zZ+H9rr&Rr=&I}-$LT>}TPx5<3FYveePRLV@End;~%3%R}gV&$--|rZdXW0+8e&|(x zlnViU@n;?VG4z{u&%Y{v8h3vS1yY#u?n5MQrah!j`}a8gd@44}GX{^G74M-VpkHIJ5*9#A|o5)Mc%|_(b zky}OXb+vM@)N(N%_4u4g%#5e?D;-J_9d5r&;c=xVQPLay*j0CFC}clk#ZlV3bFRQV`;OUjKe?FN&ZW_5uM9xds8$)(d@I|=yKGbkN4wMaf=|^t6 zjz5RtZLimu&|aQ@XGdY`U|=e;@}kxwB% z#QE0~M84Lqq0plHTLsjpL5NN#r~IT(-tr0L=h;8>F_gWXA8ivApV>S?)8 z)@Rh1DdHUVnxYyjr{SWlNBK1k?tKTm4 z+@X5xd!BXgQRV|F?8$!I8^r$)1omiCm1j6!P@V`mKN84h(Hlh1tJgOKdiW7ehrIr! z>f%zj=oio*X1^{Y@m^``M|Q~vR2yQKa$b)9UrRn*sP+A`HFXK{Dzz8uQh)(I;ztTQ zP3!}{U+kQ(?Np`X;@Wgb|1pdH2>XRU;rHmD`1-2+r*!#CelH>4#y;ZD%JTFd`Yb3i z?R9IF$uV-`XY{Gu*F^7$;^#ey$JbN&?dD9EtL%1jCW*IC^x3DptLRIqRrROLQmVUC zuRqP8H_tw1MD$MkdMbTrc@^I4ge5-~ke_6K^XuYsjlBOTi)#*Ex>k_yWZ!dBdnxXV_o$^ndV&>3ijm{yh7zS4;fg z@cl36593;Bd`%&b_)5X zJDvP>d&}pMUn|Ssu($j=^2bj(`>)$uzMX^E`J$75!`|`($WLxM`J4Ba&mcdt<>U|U zEx&+#|7j=xmc8Xyknh}f@^9Z;zL^VR+sGHG>(Seg50AGW)BTb34+)X~zwZ4_PJY+% zmRnU+b`SaYYyI&ygMQEN-2GUouX~TTSJoSEm#}yAzx?;qL@x{MRoW+$hAYbLQ}t8P z0TRPGiPx^r5Ac%k#b z-SKceEpIcytx!&4fRFgGgq`ER=Xrgx^BrxcYP@|?Z92NpZ+-^#g>#r6^Lz9gzJ9sC zCF|a<%U}A#1o9`4_r_b1Kg01hjo$RW)1{|~pI;92RDRbVZ*!s_VLwasKM|xe=ufTj zb{)O(M$SP*?~a=E)r`08&tyKyInmc8KWgM_$J+tqw~_b8+uQ4;%NTE`&_Bxg)4IfW zTaYf5FZIXUCGDhG2ekRDE4yL8{@p}<6`d; z!(Mog?=eQdF)a3?gN)Cdvw8kqX4nhA6We-6kLO3!}Q*{hr0zGpWyEOL(M<=++mb9-6rZQRS* zyYhc-?)o*WA{eIX^^>Y*zJIAoIc)!#Bb1rY#%^&ai2fy=>NAF1KZw_{JQKjdJ+y}PsK@xESvziAfz?Q>3-o-O*W zpQk_a=D&S37pWISt5lKuyrF6Bi3 z3xU6t`2+L&>GJ$R&F}lrn?vt2qW8Wa-zs`I8|b-tM;Edg^v2I~{q5`g`0Dky3&?Mu z@A_NUZg=Z%3*t`)`{0sqXVjlXc6L8g81(w@{m-L*aejV>*gLcS>=8!)`>~%cY z`FBSBS$+SGVXt@pY5#kzt^O?B-(FbHzu5E1zlWUm-ZK?Fqy8*nJg4jD-vR6`KGdc6 zjQX?s>CItp^#W(_jQX?s_M%r%86W2CRrhDRw)^__lGy8bxU=`Npgnj!j(aCX)p&2) zlm7NF_IfXL{n9I|?A7$QXYJO%dHwA=cE-C-d*5RcmG)M*zol!d?I%4uaSjHKJmPfe zHfawBceA7WTVC>2Ysc$vGuYYwQJa*K zao6vDC(y6-pGLo%N3ZkGT)*qa2m1Spp3(0X(d&Ke>C(-_T^^Sz{ch-8fqwt@LfYHo zIDeLWwd!-YfB9Fdf1zt`NMmpD@uy2q5_=a^)t_>Eo8A|C>FGUpecV;*Z%aog?y59Y*y*|KwD*3e=t1mMuNM!N_h;n^D*q$(<1l*5=v~F{(d&ZvDQEX0ByLM# z%8RMPSM%--Q&);Z|(3U!W#&`x5&~5=;y^^1g$%Mv2geC)(IctycfN9N|^3D z{JgC?8{pDM51HdN^v)1_C@ zUj6zK@n2UT>GhVnjZ^!)pI3YT^Oju1L@z!^eaW6KeV*T4zEfu}YuVW6>g~tMlS!(s z$ncT+If~vQdQ4|MJ^yLmH+eFWZ&UEG*|47yewgs>x!UkN;S(RN4KEPh^w+iF>x55# zsy00OVe<2{wc+iA&wZgbJWhC1zBYV-@Ug{kxa8LX!bkp&^^ld%eBTs@A+6VV|MT`& zbVm6%i{9XOPnV|Y_iFkSP6@qk2E`6e41(YN`z78e)X_+HT_IdfQh$t=|G+jM@w53O zr1uBhbE?GW@6nVOG>wtQ@+O@ZL8o8e`_SuIarZ?$YyQ4nitre;(eM7((`ZoSmuAn*um8v1`@rWl-v9sCIrn|HX(VYnQQc%@lTKMg zOi*N`L>mOLrW8SFQ3OFoQ4<cbDuj&vwl9`{l1UydARlD_5O3culM!7-q&@mbIx_H_S2JzYc@j&mZiMU z)69u1nu*^F;G4GdV3^ww9=^&58$o(VPCLeE`wto7w`6Ke`(kB2gpA^-Td|`L2l7z%1OM{ zAXkOlUYxt*;hcz{^?FDve0A{UkL;iC`}s%u?SRN<4Tc}J^RcJjdavPL@$*k)A3Dh& z1rL({a%1yHDR>Sz%>q+OPMN*YpX7J3V+r(p=;sQ3^!|S2X!&C``nvY~&+|uG6aLxz zKhGbf=*ie;^!!l`-{Snu&mZl`)grgK`C|aNrg4;)#ln0Ca+{k!79zI>xy{WV^~m*a zX8k08bR(BAYcRZY}uNB{hh#sf0*5B$&bM=5%`(6hPivl6*=n<*#xW3@ckbI|Dd zV*tKs@EtRmTX2xewFd3kJjQk12ly8sl8za<{@72dmMy_>jTylLF|8oQ#8W zQX2Gpnni+pBJ*joyzp>HecO>!hYp6h4dBU_W^^!;JiZpb!JqNnv>FE439s#edBEoP+LQE%WzU3&k^C#=W`c`7UOW%H z*T?=6@HIYoIe3>(y{c_~ul@D5elOk%F7_mQ>|Aa0d+W8<*6+1{6S&yp#nT?;eN!Ji z3%tVzF92@?_u5%%^Lz11TfY;R>%$swvF9gJFUG^Aa?91Oqi%obe*W$R7k_)}(PQiL z;sfA*^-FrpzkZqEe)Y?<`JMF;J4?VtzY~}Gm4lB|zZ&R%^=kz8t6#gV&s)E4a4A1% z`%eB5yZXST{hYYi6{M#|>!)>A9oOOGcneJt}Rwx8612WgdHlzY%;sxVPTz z;Ke@t-Qa~DT-wh3J&>(_3kevj@Xp31A<3{sTT^ z#g-{Y^i`v;>E^-kzGJgHeI&a@UpM;demxkj3-O1aAF4d}3POHYcvgi)U*=Qf$NRUO zeU<2IY8nhb6VE<(JKZ&cdAglC(YNRc`#O{Q@}XFb_kj05IT)T|RYm__+I0YY5L{oE zI{1^GX1(W`SpH1#Y2adRS5E1?w_{%7# zI)hrh$eu5R!)a6h|r{cXCpK1t6o-i#oZWz)TK1>j91$St(#Ub!XU z4RPc$sb4+x{vQp6erlTa?q+`6ab+z3!kdW$QoZ{3{E3OXg5GMN3%!6Mq(fH-SfZg(7y9f;WKwQ~+1| zN4FHzLwY}LTaP^TBJY4*6p0HKN2AZpOL0=49^{I58Pd<$ zi~mH(G>_Bkw-Rrg#6IZDMZmHzqBk0#=oPBgm-Q^;L)K8-xGJ*g-uc)<@R`VMt2J5w z6Z@8c=VTB0?(Zk`deH}6Y!&;L@;Yb4$3kz1Uc5(q`5x$H(BsK(68(Go*GFX1pR?%Y zQvPgb{GApFtCwFb;BIB$YE$efg1-uV+}70gTDwu0`l2-ts2q9+^!tQvUFZ6&YnnVo zs$u(Pg)m$96Pl6FnK=}`T>$(MUAME>MeV0ZuXV^rZzxFleaP32Q(o$q#S0ky$jkj& zt38Gv3Dxz7p0kgC{Uwgep;th!7x`%YXUYAK;qN{3)krS>t^2BYPV_b+w+6X*<#s}! zwr~7$*Fv8UeRIl{ex2S>p>5b-(O{-UNN`DE&MaeJ%7=(Ea=; z?Goh0xP$|S!gq;$ymq-hwq5d&t3WQE-csl-o2gg)xDvT(`LTX)22TaQ#N+o)@Wr!+ zT>Es0-+I6+z$XviceFkQ2u}WSCG}Yd|Fqe$dX|7^fR9Cw*xL+$?;QVpmIr+`^nU1d;-6@K zi1aTzJ3QuSN3sK54`ypUKIsMW=^?~{OFrKHx4?4WXJNE9`~D~T8V((@_7{%YV?DFv zc#w8)=Q?8~VM%@Jk#9L{NWV`oT%Q)NJI1I-`g=M2z3@loox}5)Gb7`PUUysx-#YlJ#XhIsBF_-H zpB+2PZ}u*6+Jl~)!-vBA4(qYw^lCo4C-sbY%UbVDdXant|JB3%*7&p;&%sEXmY`=j zdLsSC`y5WCP4~{rYrt!f^Wu%*b>Nf4F8h#nX}9^k^Nns>zc+99fmfl&yKWeKN!AaB zTv7{}g@g=qvukP`EkXI=uTj>X&iW;VV$3<1XoC`b!DvM#QQEg2J^ko$wqpT! zEBHF_uQ~ViqwASHv&*l4NPpafp4y{_qTd~j^vCPX=zVQHPGokHFW~cwXNiLXn_epR zSaD##%Xx0fOx`}_BX-em(B;BX3I7`O)k?cr{4$vjEH>>Oex@7sUFjTJ(W? z{Z$X1M+rg{Aoqo{mZ}U6jM%t~<=3mJ9@VrM-h`tSa zVam*dbh4W3xE(5TnXi-2DQ9!!#Ew$r`jPY2vl4urPkm~@dwuXm@HOBP`;kNRx7+-> zy=;QSLAR}cdwU!sPwMw?a>Ne2fjJ&A##1l zb#11c*pc}r`QfbCdgp;FaBsa!zy~SEiw<+1fiTFv|i+-r9xc#{X0I^=;jfd7?q zDVN2yzc{ZSOQBbs?Viu-_6J`KJ}7d-8(Xin;4{Fz z_1XlU;lZU|X>T$9gU72^F7$QKo%3|5R}pwW_-#@z%O7kA#tF;f*8i>et%Pq;#ZY*S z@KJwj9ZQcN_6sF%M5ZOt3u$S$X5>=Oi>+TLcmlY$em&sI2Oj_*r2OSlzI}-Pq_=4= z_`UVY1YZn(i||_Yx;RoJXT6Hx>xWOrt8cy5`qrx&xwi9T>s1fl0`9F>D|nL+z8bs% z+*_};;L|RMt=A^-4DiwVSLQqT3%;@TuM+szRL0h)9J~wMTc2w1RUTa8upYbvJYF2O zL$Cd1Y`wa{>%d3rUz^~oxNz+C%Icy&UKCre0`Nj`Z@o&v^F6rKs}g)Bc)WV8gr2b2 zU9Vi^n!!`SH#hIEMXnGzz5YnR+Ici^2J<34@0ZIA=Luy=dFk)s-%B>Xyb|PAA-B2L z9W}^RT^8%#M)1YpUjMd(SNP!F;ETY;*O5c|cc0Dg9A~7S!S^ivo9ov+QqbLzq&vu*NSx@2Vw)JaV=j-A7vO*sig`U=J*%wbfcLch$Z;4Hp zxk=;@yd1oYdWcUWhuBjMz8riP0kyru&wUBK5qcf;pGE2Ak!gmt{tvxv1o^elSH+PR zyMiAOkI;jn-#!FS2k-U4bHUg6;6>nF9$f5S2rlIh`_uh=RrLsTv7^yRx9t;9wqEk7 z%s1tJtUi^s8?mnxzOF0dx7!lvwO9GmrTlv6Ezoz8a_mF&wt~;RdMJFlJ>Lza8G0XT zVG(*a^ucBE=>yQ)uHn9^ef_@F47?lBAo6J+qQ53SJr{c0^^7M{An{5xvb(nYVU=G3 zefbUkbg5S*^l7)a@0S;W*ML_&JQS{yKt!)KFO1%Q&~HsSAK+OS^jq0OmP7RQps(ez zq3}$Z(D~_W2)P~zN}b}TZ&peJ4=#vbveqzPS~X<7kEQ#myeJ5PL+C}&t3LF&ZgD^N zC#9U&dUH$PRqbbe*M()*yg&Nh;X$50jq1EVF#ehw!k3M$oNauUv!$HQ_~l3rZKRwT zQ#M%Z$u2)cA5(}t7Nf75y5V08e>Jl9^;M*Q#ym$O?H2rqd0_y%__GB5!4d4O9EHAe6ng6@ z^zKpU10&F-Kc@9q_B*<%)&If! z2QLS2@xiOXo4~zx)`K_r@VA0XfAHGB8obsAUkkq62j2u<<%6evO8)TR(oR|672xsO zsmP|sYo~IX?ro=P@I~m2sXus`#|~+~R`B^g_-gQCAABu%p%1>7`(`}o$lEQMS5?H0nn2L7??UkU$=t;epv6aGc;k43-4@c{g7 z@W&fZ(*8IyJ$D4U#Ak_3cgBg7TMphbLb)|I{d{<>JjZtlm|0%JBunI*p{J&8u)b5I z^B{XC*fUR|uZCU$J)V3Y^sW))lm0|}ZxdfW3wkZ|3!?V9%P)f7KZ1NY^x~=Uk{)By~-LmoQo6P{?Kdh z_ort{`$MmKus^&^78Zz)z&;4dzjMsUG+hbb0DS8n8ktYZOJ7TSJ=!16=3Mlhq_tU( zhzUIpdRZKL5%f~%y~M*c!}lfh6B9f)kuys!HQe*?v*OQ!t@(B{`ZBiNVBNpP9?$iW zSKrTk^)cTr^1sZ<$7DSZNc)2PKW#&J2LbFu>YD|g5AOH8oY0G)S3s8>Z1vya>v8c% zIrJ*%AKLVh?Kge*WzZKN$cw&q^re1(%jrw{lK4Ykl7D-7-;4L%Hz4v}yl#K=mHl8t zI5;+a%l(_BSiGg{+l;=9?KXtN0>rkz*SrYSHtuD0ccQ#-0n}+9UZQa~<=o%njj% zazh$WZOjGt$puw8sF z(%t)n4WPG*eLmL&(R-G!UcE`t=xZpm*vkk*#a4br4_fKFgE-GA_tdb7lBwH0_XB?X{$PWKifdf;P2WF?#1`bK-H|N3gi)=X? z`gezZ^Tcd*xaK&R#4PspVc$CT#nkq_HsI$^>ivJtzM3ZXe`X&`ZQtDgKKrtM!+y0h zZ2La@=YO65R%73M_IK3&JL|vCzVe6Y&+N~r?OXrNf0h3l=^sfCvmYhlB8~RrBk6cPCphqTd}i& z{TQ{K6aRbdENy20WAwQ%ITh`WdLVmtl}KEnQ%`>zl0 zCw5LAlbzDq$MQQQTg}f_l9%leI6GUNmaWdsRprTq%mho2R{T;QuW zW}H04_g;g0oUBA|M-kth6}<<=(aWYIj`7!=Z4H!HYTugpmwt0zwmM7(%2jl(E;`v7 z{_UlMbp&v+NxKAgAs`lw(!n|c$2bB)#>uqDu&>y*@BP2~`Ew41{2#NgRqQLV?OX8Q zXJ1JR_RY8L`{&>O>-;w$_LbW9E&cDaZ{_3IS7zI{^?#Rrjr5P)C$Mkf`tYgJfA8bz z9OpHIH7{qMU046G^ZHd*_od@n-S^1soa5|nJ3D0^UAUhvJjgg%6+8qD(v4-D97{Lu za&==RcJ^Rr9pC-ccJB1wYiBhZI#rbO-BR)A!+rld{xoNeH1u=@4$@5(9d2Zt%xYyk zsNnnOV&`sg>}+whyNr_za57FFZ;g|eSRrtM9w*P&<78P%8_nK9^IMtxkd&4H+1nZ? zO-vw#k2p}a1V$Yvi?F{B`;s3qJf8KR5FTh%rml{raxV2f6rp$pB?_= znN<0zbjVt^IN9;22ul_Rrj!LPFx=Rzlrj`@h~8@S=2Wi_e=T;tY3aS%JScg>;lo3$ zd40AznLuLlc4)RL&Q3jD589_EO-z`TG$A!INg{0IYS+@+gWg5U_>Qy0>k6m6(Pt$J zWb-t~JR`8m_vSkjcl$bD?9F{fsf-ot!z>H&eaSfXuGoBgYtY+PWBXydIC{t7hqdS} zzTUR?shOenIAqGXMHBJjw1eDiQcMP)`zd;#z^oi zU%dsgt(>#n@_jcynFX6fgB1^b=xw{5eflLH4)fI;^X$yWaqO*bcCY+zl;e&X7% zudy2v^P(-`*GBaAK5W~&ERNoB*t-e6iyyK3?;J~SO#iKQjpu=Q{a5cjj&H@kB}^8| z9$z1RO#1J(zItQw?%8qruQTs9qqps8yZ^5L($OEH@x^ACZhPbP-v;}kTCq3yJNoZ) z>%$Xeo%yvmdOKX}qJf*@1Xzci7aGx9ir(ezd`Cz6!wtTAz1QV)8RBF$fyok+WTr>V zlNj=tEt~YgvXnaGK!&11uI9~rJrc4uAZIWz^f5`gn7;`H){sm66HKkaq5^X&YnasS z6?`6JUtAwPQ}>5Bc6#2qW-|ic{8fbxImEA}=xuvxy?*{O_|6x8?NyNC(VIJp-U9Tt zqPL=ReRxN)_g3^qpIIdi^gRpx{h8~mO-sLV-?QMM1Ez0k06m+~)AY*v@JAESbMBbz zE7c95OqLAD3^YkW%5q~K&2b17(KB6Kd!z@ZK`+ftg}?;nA{5|ySu{M7-<<4J{t|>1 zH%qcpk42x{tvDEcAd~~)a$1u=3bRv>%jP8^i$h9`bBD6ZIKyKCvw5q{o2mD}3;3^l zeRvP)pSP~{Zx{D^k;El;9^`7wqzbIRu*k*~jMX;m!xaRf4o{gW>F^{RO_}|3nNgIj zPSx?riBy^eGV?$})jxu24U8r1Va6>IM~xli>pw)|GmgEUI2ucQZbI*(k0bH(Mj+Q@*=1QQ|X>eGRU8#R<5!n4cp)n~2XA;H&_wsFd`bERGdTFz5XS>uliSeUGs)N`L~a|{()oS%-5Xb$N+ka|G{^YO#FJx z*z{gLieBkgMK6=@Hm(o9A3*O8zIwg)*Q~@Y?ZutnLGx5@_|4*m0U3Z_9aqHG4TH1w zaA5Z9i)QIn^hN%mkHztCzqBFU$LewXpFxBM1S!;)N2-L}xe0p*zvFvgQ?d7jKl=HX zbxzl_-z;-yEKXS!nw8QOV!@SPZ-@ogkohN!Vxnk1$dBAwdQ+>5Wx^z=J}wWyz0$h4MF9%Y-O(7H)~{0=*z$p2DecOR2Y6r4Yzu zCSsrUb<{_cF&LUp+kfJLvp7YVWeGT~|H~z%f1q}R0{deJV$uJkPEKKZ6eihz%~Zth zEA;;~YajPu0KdAPeS?9ck>3*d3gNp`;_xrM{{HWG^>0a?lx@e0LA;p63%^=^b!@oO zz?R}}zDE5#DmyT!4$D<-agWgB>4)WEKg`4_9_-C+HLZG?*Xg|3-8mVYkgM*<9dPLSZY z^RgA8&e%w>axUEfR4Ug6)73B`bULSroZ1Y;x`eoiGZyg=K`h>*$%IaIX+?9X72t$F zBQEkZEA4ASI+cHDZF4QZS^TUttOD0lz)|iHKgvJEyF$^>woc4tF``t$3JHnZ+*RCv z{Mlf*MdJ3{&-~-IA?Un5cg1Z}@YIx+;H;E3ejWT)1rJQ=V!^i|Xwt6Ki%!o3052jo zV%#lL4+Er8l?$d(N~@Pvn#~lLnH8vL-?q zm#3`3@LqoFFuq?_tAplBnGw=z#RX93L1j&wpHK(ktRnQ66ZW;CIVpAg8aVF?B0+f2 z;sh4;{zaTN3eq$zh?243!%O^0XdI{i&-tmk#Uwq_QkY8+(OzU;xb@M)|NCAi-yA#` z-aUvv4*1l+-Q3qXl%x}_RGmATzf4(0p6TMZhFsH2uIVt%XEhI%Ud7ktyLf124ZmJ~ z>)`9>Hwa%PcpuZtx4F!P_R4K%EVhdy!Drz}d@h9q0X%=A;brt4b6p>P|PO22>?} zgSSkgUL!O(nHq1zZ*Xbvo;P{k;%LSpY3~<6X2m=UiBYaRDD8bJKdJg5(%#Dn+FE{f z~eR;8WGgsE{ZFU#sBhTh`)jK>d#H%MOl@MC{}HMrIRxYkZRF{OzB zZz13tOtLdAd!d!PXUio~lXc-k~h#5b6_XVb+QsA&kC0kaj}dOqBYeQhW4 zeT?m~?{r`LVy>sNf8d``s^~9rh#!M*GrnIo7%ocSeCe3{IAemp+Okaam59Ep2E!MN z?wzcDxYV@1;%6SN9}d>fFD`*^6?{CwqJmq&7jvCdHoTXb`LfS-e3{nMiJq#fZ9N}i z|2Xv|y+iviv-R9Jemy1V>5u3+cl>(l(bKftwr9Wb>sgDQvTJNT6UVP7tBdCwueJ5O zPyCJ3&z0!uis-p}{Ce8avz-0qb^M$)em%i=`Mzt7t!MA?>nTFdU_?(~{CZZRr{y}^ zo_9VPx1W2^v*>zT&mH5_lS|*se2?py8wSG+C*+-|9(h;PT4F19Z2<+B^?Y(Ea&5@z z_Sr8gXFc1m*Xc&@-%@@fdMaw|@+U_1j9PvVatSxu<$wH#arsf#|9zf!K##8fgHb)B zmS2k8{G06ZFOAA=e*Mvt%6AWR`E#OrMlHVwIr(0K_WyQKxy>rS0RLxplRsA4dcImS zEz={z;&k-wgrA&tMf7>rVXqx!Ub7IrJ?I_$-C+1YeVt1D$LjUI3$(&_e#pB(1^)A$ z{5;Ajzy-Z842G}gJh+>)pUu+uBO;&0HBWQgl(plNDywSb)k}kVKdRtHtNu&PMS7x? z38@i!1@r}?U-}>Qh|H%hvZhn|eXZ5-wZT^@d~Zhhcn8{gH&DL;DD5`@U)jri2TS7M znK=G-@16X(fAx!%^v42JWOUl=T{rND6`#@kbb4fX;B8VVzY>;w__L(^bK{iniXXGv zzx*=&ozG4w|CPb;u~P3j9(}I3KHnYH2dCsn`vqyTeB_Ul^KD0xzra_%0QoB9PZRmC zaIU9+4o_k)bI20_l%I=CHS#UU*Xs6&%HuzI8%Pha0Xk#`IZkUPvE_?gJ92fa_})yU zKYRRc-ajmm0lyp~H-KFK>x1C|&V$R`etQ#rQGd%TWxAbW{3iZbh+NJ)wm%-T zETl`%w{9oGs-pJrJ zMt^rBm;aUR@6Rl`c>b1hf?Rs${KGEig|U~Dhg{oUL*ZYDj{BnJNZwn)!(iRe5iL-)%*_?zHAPWX58 z@?Y*`*Zn7*B|`b02-_cWeLg08cO1#ya`esT`yS;|{%75~J%{s$d6d%t$v5@zC*%!T zT!pZ|C6G`RMFne&)U<@MQgw{0aYK^1R4KE-qvH zFAJWo^})aeaVEZ9pd^db8}S=y*=n{n>!Rot^Wp6C;HE{`dL$#L+s7{6T{PS?87JaULHrU$KESPu{RgJHRxT$KBkw5y$7K; zHs6~oJrfg=>qJg184AB8ay$CVJ?$g63AwtZL*WvUo9vde=UwJGF1dU?F6DksdtEye zzDeZ%&LWG$&WPNl9yy7(a^&XUG!(vr^WevpoMT)%!WnSFUl0GPyX<&=!NDIVo>z(82E$&qe6p1b;%qQ23kx_AG-xHlDrD!yg;xF$n$qdeK_iuW2ZJf#^GZO!`iY zr%&Rn9({G}b9eJ3^v&_r#|33I6e0ORUNvdI!*3_8j{!i{9PFruY6)^ol== zzF>WWee1q4(Yvj$Uhn;gc#l(-iN1RDt@+)|O_k8W!IQ}dvKwqEOcLMu# z$awysN1y9D$$ZFhp`v#kAO-3};xhM3rM^SYHJk@;u=GU6akd>V)N!n(ta-;m_>VcU zKYX3=UlhY%}ZOKQ*~taQj2Y3HXdS zaym|+7mh$*2wmdOuUwI@hQ53RdL#6v5$K)JSB*el3w>Q2y7)7gMf`me8<*+e3fvnX zx!{B7^TtyVct5z4U+T9IT+06*=T^H6?=LCkSKIVR8w;D@_29ie<+OsY@hN9Dc-IK! z^x1T0IbvUMSId8|O2O9LQorBA#h$h!6Z&EwKjeW|fZHiUq^{? zd~iSi2)%I>dgmzgwWH93*&~;qISRdC6#BwZ=+&dp8%Ll^oOIgsBxwNq5WEMx7{4;i zMi0RUzzcowq}>>Az@2(zT+9TY3I3>Pam)!T?Av5_JLZIF9ZL11mxc$ey!lk!6W-0d*1Ds<=I#3DBo*$Tc^}7m_vRU z7z&>!ShRk2<)VwcmOv%{w=};&6JzEeklBfAf9p^Wxn9moHNIbh`7{y6Z%@vS1thhB6A(~u|9Hm&YmGu z&7ZY9`3?S^WB~X0DKOD+Ey`xXQY!p|LwY^d)-UsJ*(dw!h<@Gv@U0pe3ZEne*@td_ z@YD_N?;waDTEVA*Uo3&mIOl19&pudzGT%!yM>)Zt(I5WJKG8NN|48}i;1%G`I9>>z z3tk6aAbyA~-xGhtfX^Ex2d3nkzV}{GDMuc^ddjK#ZYbO?fU_L;oVMA~y39_6*wL=T z0Z$FY)_VXv!3R&;lRyD?&JRR?CitL_{ygx0AG`!y>~ZRme6aGL+)pBYe#Ck3)|Yh* z&DP6*>~~B&0qb?ZcKGTdd@JJft%a|HcGvnYkI$DhzZ9asOqaJ!8^_(O0ohZ5gg@Zrzr?|QjN{z#I7NnKckaK4Py8nHjo@c5 z+CDuiYF7#LUg+&Y{}B2JZIlU5wdlj&zYzWxEPW(>sU}Y6|KNH2n&E4MFD!fyJM~6# zpZ!^^KRI%reV<+Y)rb6I+HHZzFSF!_$MRoA>a6!X7Q52dQy%;o!hf!1m-Q55)GXZ( z3*c*kPueVayv4^il%3{l`wR9V-r;-FfDx)S9%H*>?}Wev!(qH$L@9$?&*!R|k|Fv}0Dr*$}d=FsW7 zUuN~|X6(peU+WW*iyYF&I>8sSukudfKl>282fUX3Op^t}4~Nmy1s?!k4(`l9f+z7o z&nj?d-WEI)d@;ClT}k3754-|gk3{r^h@Y?L84tUQ>h@S@%l{A=v16&pXV~SOL)xp_ zrcV(-(~peOrTj*lzOB&hL*&}Q#a^++k~`5Q*8{ybVmEq)O~?NR`U|+uKYxGTlh1_9 z@^^Y3^JDm&ev)!?!JEMSu2;q05}O{WV?s><@DM5oN|H(f9|g@9bEJs6xBCZ>mws-eR-DcVvu|KSi$IrhEHuE4bL}jLTg3SA&baOGN?t$iw@ESHkDS-;a`0mC?ZiI&5WB0v zo4_v=%xB(vY{YJR%o8^0$L+}VBlj}_Tyaw#jTNzHEqsOSbG)PQ*@wjDCh!*aD_$g6 z)L(MlkF)s1j!tQIa0!3OcZ`R$V=?E!m!I?GjguldPmiZt*+D+WhGAcn>&+TJ5uZ?XNT@7&+8emp3uEabi0(Z2=EIjrM+qL_EQj&QzV@^?Avo4??MX>I_;q;0A4q{(zxz8WeKy@$P7$oZ1L@D``^c8_ ztS9iUaDww?8}n)Z0lq^*MdGaleRb$_<|T=Ta&Xy?dY)Yl-;1>-8!QJ4y#{(0bQzb# zerry~)dPQu-e%}(`&hl5;DgA`wdK%j%`(v|zFrG`CUUhxca76#X(VV#6hhU0Ogjks z;rFvc?97F}3c9}T(SANUI_?U+WCXg@qZ0a}>F)fc>knQA9&cQ2hTad|o4-53*MWQE zqzAm$Q;w8B0KUe9=SsayzW+eIx;PJB^o%PPMecv!@5)8_dR?p>Iq}DvA~)BPV+@no zudH=Bp8qOS1@P3vzi0>Yg7mNbqUAW&5S{ycd=RrJDEoX!{#%QlvWyMkXQkZ9=%FoS z@yj&NmO+$>da<6LCk6N(3Vgp8zKu_7K1bfDSZeQYX7U&(aiB?-e1*;jMab9vh`b^8 zzVDQG%vasd?U`Tr_mRkBdwSe&L~rent$p5uw?_5qF{{i@!xa&K>-v=GdiNkVe@DKn zAoaPxDQ5`*>p1Q?n22EC_K6ZOR^02p9J#Nt33@+ti3#zY{3GXSv*}OZ-xt6>1kVCj z#Elb|b|?T(0526@^bF5m%%dX%5ua{Qs z6f)n)-Vpvo0C&EtooC}+bLp8|tBPX9dm-z6EL!R~3z*D~KwW5qe^!1>x zB4^Cs$GG3W%jSzZtuN~k0(bW^Y|>U<`KX|gj%=8Lq}S9GYUGWOv5 zYfSCOm+42)C*yWK`cy90`%(aLL_Cli?fX(Ck=rdow8~!%e-8Xxsy^w5u^x!NEftUD z=*!=0%h;#eAAMcudqNx#ZNIU#zsPSwzIbo0U%l<+j=#6##a~_#^_e-U{D<-6mmr_B z&-mn}f43u_vF`@`UiWbQqw(v#5B5NuXQ+zBed3R#!|`X{`1~pM6d_;y^DP%I^)40UxIuu@}uM*-~6HbKk{9NZV1aT;nP1n<5ystIQ=6ZX{-Mqg}$Qk)kpV# zo=_|fr?e8=4J`9sJ5T=GxJ_~f&s{>XPAf27pkJHI*DJ--qDX83!@$S?8O1HYQb zICu|Cl+_d|K+8Rf4{w$6w!awK;r{ucPl#y0-#zz;X>aK5l z>iMMDS1S4zZU{d&HhuBlQH{<|o6*;B>iGJf*wcr6#%WtFKJw<%KhgKi*!=(8X#KMW zePw5E2>($U#5o>V&ue+|mHC*z`}0Lww`ULf)LC0*zM6&3tYgW)=o@SPDuq9_e9QT} z8GQ}tll`21{Ns(!siVc`CiHcjz2)pHI*$H*&W7-+vDsHSl6{g7>(SSB?)c(e`oMlBr^2zm#2qm4TM2UOkQ+-s5&mlUr(H01{#N)4$H*^!SquMS_+@Wg zpMK-XD}g|qxXedd=at+OcwV4#%Z!WC?$zi^xNt+bUJ7vLJ@-6#xqBWg%$7Z!$S*?v zN>}|N?PRY5Ryx|rT18~j3+LSq?p@mY(oW=l^hF!O&$#r(oi|pG=C6h5n|85vUun30 z9{Zeos95&#%CpNrU0=Bm(Tcu0^sUi|^*@Q%)!=29Y|#7o#4YDKw^H$c@FetIy&-&y zsIuna(R)#j=gNy6{*T^?7x@C@2a&&TWceCD`A%f2kzcfIL%2z9{CUckq#k{oK5)d8 zn44h-rxY*t15X_@cwP)AH_qn8fE45lN~NthEGi@4-o|=%Du6SNBhOpA*Q?4W`w!q{ zqHhVmdh~VthP=Qq?xWAsZ`owqXFA3fKYV7)kAnCdKO6~)lf0CEGWqXeSNY_Z#o{ynP(AqVvak^kqD_cA*`gRe3 z_E~D4qVK)Y-SmCgq*L%W^i@LlUXSuNr-l-!uX(KF4_=k92qLBZR)U_wM>m9T6~L=! zd4%2aoA|jJ{X)g=#%D;9DXj3Ji%+gQ^7BaF!Qh2 z(Fnd6yg_iw4!`*sce*tkwM+V^$gf3y4f3)-$FO{4{%K#wTpiQjgkYTP zmBd;ecnA0*F+MhKJbP@M;6FT9@T8^hyrsfyj6;YsZK()+)=&Sh7l|TIY?Fzqk z68U=Mdy#Jz1EYTO^jq!@`ORxYz6bf@u=l#oBVQF?KK*R^x4Ch&>+)p|`(4lHlp>!I z*f=ixWgMwTz83i_<%NaOWp|);|I# z8*U5%v4KOz+pKeG&yGd_9oU)Fi7 z2P3cZc5Hik{Wr^Z*pr8sMHjy%=*#&2#_;6=c>Pxq>%V6BE8ri`xF_ZHA>Tj7@`OMA zd{gEBU~KIx{6+A0z+c6AOnp4-CDNWt;7{Fdqi5aC)1D*b=XT^PkRQ*yPVC);d>8U# z@xSnAT|j%KkDb31{tEanL)Py9cK_i08moQvc#$Ex`PIPRF-HC3zjpXjfA}BNA9*!> zZ1s`yvML!*;dif-j=jCgk#9l1e#E>SxXScNU^2ySMm}}MM%Q(N_^lH>0sLCdW8&^o zcRvz61Mn~M(UbH`@&owa?dwSW4nw}Y!w~q4t4Q7BN$>emjOfXOKVz3zdrH8kfp2Ti z@3bDhw_jjlU|0{MucfCN{)Am)_0)qa@H?G)^!_1%>l}J?J`sCX!(WjTt7k3vBJk&> zKyRLTEY?417czc&^rR!21>UvKM!hes#Pem5)kDrDK8m1c>^uH=tU=6ma3{j)=$7=X{(Q|+Ro_4N`xKC&t5-*$J@AoM;Z87)nz~2%^cex$ja&uuRfPeY^ zn_urG$kig}Tn8vZ-%4Ab>|;Oryvh8_Nb^x?x3%aiJYZw^1kUYtJRE|jgI9q&?UVS*1z!xVpPRJ&%sj@E2fuTNmvwi|(p!oA{Cu}wY3~~FV(_Bj z{A0&Y-~dPd$$(Y2cRTzQvo>1$Ogn7QlB6bJw-& z+!eB?#-g_X`Q-<>^-6t8!K=WlIQPb*>6s7c`orG^|C4_FjgbJxCD5hZcKFK*HpZ;G zc7x9cceYyr{C(iX;JxzVWVGF^>jL+Ewh1Ah>+Wd2&b^fWaj09r*i!^vTja*YzYD>a zgTL#|M{+$9$w%!m`6vfbUC&13XB-);w;enKT)%JOsgGk3;d``P%msniy9xQ!;#j?D zOBj#9%SMWa!{Wz73Gy?Ja_g1$EeFp4e^n}G*(>pFeQW5M*!Hc5zr#mQD|j1t>acxL zJpqHBqIFvrVp7kw@YnsqZI86eCh%JD-Tm~WIQ7IXaEji%%aEVz)>{N#0=^vFv5xO| zox>e@XS0wY%ro2&@ge#e(N|cqQSawFdOi%yjdR_Rk1Bl~Ie@-J$6&WB9<6@hh?`&e z#f`LM?yp$CI(BURTE{>9%i+IQ4Dh!57}k*+ksn0fyN=ur-Vg5V=VD(s__T!^!>8Nj z4UfZe8DcwVSh{=b}j0l!m^*qshu3_hOg3z08HzGa;9QjdD%Q%@cH{CqY1W$=&3 zUMVk$O~yMmqr5!$Q%@UTdE%cX$XEOa^6kiX{Ri@!kk2`NWAwdn*ZXB`6CX_@vE5(C zP2LrZZ^(P&rUZO3_|4QYCf=Rb^>OsBM1GBr-e&MF@TGowt^FGGdP%(dF@4BqEQ;+% z!7J%6;Lds!QARp=D)=kI<@x2YU&kb^BixAGDV2O#j=ow?ITCl(;LE{x^vlC(&OB`O z*H+;_!)>p`(`xW4@K!%PH#+siI$rEcT1rAZD^_nN_~4lv!%zF^y?J!K3z1)3?$#^y zUIJbL-pzSToV?p9Vfw{|yNLIc`1Tzocr~8+`BKdeYvrtaa1K zJmtsn$NeIaKi92S>bVd+0sNie@n(3u?l4^ym3pp(zv(=;9L%!^Mw_dR?coq2{yl%MO!}eX{Y+tJ#a^YWfL9Cu4@DA{*Vf&(byz^b1 z|KLxp+!*c~_KQ#d3VguKP~*{rM3ux(?NZ)_v37KWw}I>D<49t&hQFb=Dl+~>R<=b? z@M`7*7rFHao(^6H?!8}}3qIe&FZC$`F9u)1c}zUBCDv&9v!+YzGS1`UlDPA2%ZZ* z2=2_6qQ3~dAG}>Sz4M$$V(nZ4f7PXKJ(-BE1YZn(i0Hwp0*o{-w70a#I8>iVdF}8u zz_*o8+?tzW%j=W!mbl9kJ;CLa2Oinqc-SxIJs!7c|K`F!=%c3yydV52vD;h!ha>g~ z(VB-Yfxqgq@!jWfq01Fd)1AAxiI;-mon zx~kYXDFtrIHH~8SeYsqKePCF$o(!o2xC)x2e><5W1S9j6+i{Nj#(yb>KJqy9>z>nkH z+fGX&VL?xfj>@o!z4cN)a^87=D|nly9Pz7`KZk6_xjSBlw7!pPwX5UEbtPvd@9c<$c*2=>qY*KSiP;_Gr+%=3RrO#qn9ts#=Q<0Kz@x!ulP6V zM&bk9xxba*nc%{&_tld!IRwuG@Acr)-X-Acz-Ppan}O{NPlJn|YT>Vsz5h@z`oX>N z)C#@^d@T2^r5)D7KjY5v&9kIFnKuz1$m@M|y#1OhifH=I3@Rh@QV%tB?^Fda$Ahx^&L zKauEYIN?uP$^7Y_VLKdo>c&Xe>dL??e$0bE<6d`tioi?2r-A>2^SJeSDW*PgpRaF3 z-zrZzQhqyl2e`A|;?HiI|L);@784(`dzfE>$VEQw7TV+f;W%~pVQ$0^G_<)a@(0?* zo+9LWk#qJ}!54zB0e9Ld_!97zCO5yd!%FZbaQz${Bqu~`jo$wEO^pt=HdEv2Z z%~1Gro*xVzf12N1i2VR}a!p=peJ4W)!-hf*(OZh%I`-{(dn@#A8%J-K;nJI(=s$bt zlGx-By{+g~*K7!X%e*ZZKGo0On7za)`eoYDhU)F+Id&!xL3xUU@|epLy^guD z``PD%eV-}iNoHxUh3L!S`Qv30UoZITBfi{m@O2!89ga9?NAGf;oBV){UxO>grgxri z+|HtS4CT=EKgLk`JWul=Snx1ky`DL5Al^Ib`JL!oh(38f;Ky8`1}8i9&63>0y_`LMPa~7{vPuEJ|5O99{0z7@k-}yG8pYiw#WXllMOm zzZ|o`FD|@(c{tv)s*-<~pl=;{`OlmOcSN5jhq04+bmTF4q9pnU{OSBw-p+X2Xy4}` zMtRPLO`5F^D)d(9P0%CzUbE{xJBUKy5PCQCRnTV$fEc?VTf#Pd0Qwr}I;BC0Du*t8 zE$t5G7tqrrb}()@{|Ay7HId*p3nV#&zW{#8@7vh?wCV6XU@Ii73Tl3d!%Fy9J+M)K z@51&?%=l#9?r1{m>16X@Hx$*^iN3`TZW(=PXickU{PT<_f@gtecyRG|`EiDt2428< z@UWA$&#j&Et@fyaUI<;@2Mx}F&VnXyBhV-r)^p9!S3$ojLf8J1ycFq2_B%Q!x*b55 zvBp2_n)Vy_I4XAafTx1%?>5kCk#AZ+(s8m0x`Muk0MM73L=yi-=;p8%J?bbVGrZ+pnrt5FMY z2Ji6TWF6HBz6xAlZ|LY0-$iq}r|+5@{6=EldM@z85!Mz++-BXyeDY!Y`MlA~`J+NdG|4YzU+&t`urRGV|ekFdYhh7F<&aL+0aXWfCZq$Bix9O3-C~VR$-Qe?)bK=rZ z`|R>^g>jCvU!M}`)d#=)wh*oHx8MZEOZrtQe+OS+Hwzsj)~@6gb|jQQD~C_wyF>Wy zgD+nEUKJC+1#TpASH`MGJrmeo{OzoV*xm}h2E0Y`jkd|WLYuQ#|DR3GC5lb!V>TxC z!X`fKL$3Idjn?<>9CeZGDt=39Al@I1?MIp5)4=2HOI~2pWw|YKWO7mp-rr*9X;&U) zF_!Wri%NZ};TwE>WB7a#wtN@OpXWrfCkU;isR;*J^X+!g{{-uDB8NWtN9xfHUihTl z?*-)0^#`v7KTH5!e?CNLJ6GsQ_mB^svFGW~Ax6g)(VGRm7`o0UqJu-~SpZ%LF7r9D ze|WrzersNrUk+axe7g#tF8}mM@tR%(y&|GV)6aF$o1xc2_iG1c`7;;I^?et`AbKTFN>8IyYo)wdVzTVtH>V~m8U3irS-U4oy%^^pOwh9JhoB4S04PS zTTXw2*!VxvFd5?4mGF1Kzg+m2I{Am=;TJysS&iH@`t6Y-cf7a0XS(Vrc5Q-x zeuRJTk@>|R!TT96S~toSr}pIyCf>L{fWNN`GK$uO3R7~fo=})FbLqsxQ}WN(!y2B_ zW2{|6op*}RQ-vPg0YsO5gu}+R>J~1#ZVAk|Kd4>`9NQjLcLZ06FQFw#r^*Z+rgqNP ze^1^ubUPn5*zI9M-Cz`1JSV8xO3et>7zx`>U8>ZjN3bKu>qZ~#@l>7M_a697X$wA>sy3v}>zk^&x0$-_1mdCwi7*Hr!Q#ULB0FKc`xsv9^QWLM?0wRwqFDO`;6%~{zz@i zz?pyl(Sj#3)rUWx_j;y!e8;)HnW{Ro8I>(RS@6#ps&1!w*Y2#o*=g=QJF8b_@Vtw9 zeU}9_yQ;^3I`6(+)rzdS&+V!{&1wO^ezyhh?yml|+q`wVtFD~6OmgqrT`m9zf41Pa zd#c_&=DoM4dMC(@nOnD?YTx%>^n98({kEU0 zr9YPjyJ!CeYxC7L2h7`;uRcFu?oG4Q)A_=)=D_JUAEf?$AOp?64qEW+Z1riuysp`* z?cljz%~mUB3(F&g)7KTM_X=O*oOa$`Nu8R_JB`l*>h%B3MU~DwM!+u=_E1r*0>X>BG>cR*wWu{NsC#q9yNdL*1@&Df4_{sK@ zJ}`}}yUj06<4to8VHXI!7*Mwc_EzfcKtNTIe*6xYD~5Fd^{-`qw|HZV%cr}_+l4S77N<2pG#fvUFCottcF|mn{%A9TaTk^!%u-z4t z&hsTdEje1L_l!hb(PMPso91BX=@3cjWzGjCgg&0Ah9*4kXtx}`C6#!Eq4w3IhGhpA zl6xdxZ>XQ28?nP{>$X;W9IXn@QtB}yaigK0HDsNadL$_(hPx&nr}mzu|DK{Si{IP9 zRfhU3q~9tMzEt%P3r-Iu<_sjNk6;(<`-+=HJ zr}9yw%aXsRouFnBuRedLs(-Vn_wR{2|29EAkie7#o)op4QoDs-H&pJQv?D~W@XgSA zL)|<9PYBOsb&67_%xEywwZ^Z72`pKirsxm61%1|D5qpvq-S7gsl3Hx%UcXq$Omz2y zG*@3sQU@|zC!V2-2zecw+lA&v<40mOCwVxQ+ORe#Z$mT*d3nZOid!U5gJH)e#xvNJSu;@#0cBkk_3#~xc98Iiz$sj7zJ zYK-|jzO&Xi*{*BWr2Ht4F6V{N^AjS7UC#cOyc{h@{JZD&OQU~#%N)2u?QX|}lF-HK*!}U5)VUhpRvSAq z(m!bY%=WD}E_O*RcIk7*iRico9rqa9zR6{gK{#7^(h-YcV^UdYxuH(Ab9~sqhDvqp z;o622*)(Wj;&k?-CLBtIKcPX{mV3aQ6Jf1wnyd5T&?PFiEmygn$~ zLkQ}F^Q=P@f0grB%{~7bP#evE+x+5ZXAF7u#*_cEL*D5p=^sm2`#l&hyl9Y_u}R8s z`bz#DsV&8qccK3-BSgx(&mf0u9d0}Qd1fZN+i0X15IdZj3I`_Nb);`Hr_T)bF1 z)0K=n?-{IQY&7OFJu$yFIe#W}GllB5{-4a@e(~p>zc_PGoSYv@OSr<7f1EP$a(>~& z-$iA{nQMc4CR`lNLt*0wimAt`iClP{D_h+CEwuFu6Vw$G-kxCldRr#W%>M()PlePI z!HZXi)WiQ5=GT@TX=;H|3-U?AO-2@7 zx!d@aF87CYb;WP`21C7Xd_uo$nK*s@MD@W$mJ)2+QWd@NHz5esg2S(1vXn2Ab@Wc}yH7-^wOuaY; z-(Jkxc?i$=%KRdz-VFYm&a`UcLH8%96$$c$LvQLyA52j%OpyuKTU(#>QkrT`YtnZm zko~^m+UxivhUC*Fk$h!b!s#FNXs>NZIB?<_>X7~ISWgQ%^T!k=Mg7|>{ye};lK9Z} zZElq;AEV(4bn#g{kQ&s*!x-EX7 z*BtkK##B#yC!Rh4Z0v5FE4TWk`elysa`YWArwo`6m=g(-Df5~6Ht$szm4M4 z^jt3SaYG%%sPk(h#LW5*gYZLFlHz95o{8tG1CG#tPeGDJG&9s3P*0eT5to+kWOas8 zXC$&_b^+@f7M7|y;q5dNdrjtF)*8wb^({H`+hFO2ka{=7$Y=9TSGR1%ptaSrfh&^L z`zcMvQ>m&db?eosYT1-xpbw`o9N4_c3R{jyJV(uc*v`L_pIArbcc1Yk?hU*^!P?$* z)>>q}rRd6_y31tU?Hx08cTjbkcTk-6)g#a!F{WQ(!u1NEB{y6BT&bT=y3JIj13zI2 z_s=_>(zuKIY(_HY*X$g6aTj&}&P@US_$up^)w`*lU4?LUcIfNf)SKB)3gNrm=~23j zRP_X9JYmdWl={e+ud%IeG(xW$IGd_iijg8ORqLA z*K*T-R%5X4{|6(rmK9|4WX``eC2DkA(LeX!?mTrY%OCtbS?8bXWL8z%lJhNFrl{v& ze$F`TZc|-l)^i@gSw>XLjDlsRdeeA5iYKXql{z@7LLEhxK__cM`23;Zq1T7hK+swf zO4ji?oq@cJ3r$O3uKI!|_`=MmiS7?P#ra2}o!3ubOudbEte=$sLZa%Kv=RKnq|)Cf zt0$8Q8}!eym&FsWGPycqk&GUc_-H`g7GSwcJs3>9S=P#=6E2-t@Y_jh^~4*D)sxi6 z3A03N;5>(RBXD&(_u8JDO1(nP=X$Rp{BR)O}k?ettSB^lp;+ZPK6YF-r1V8u#+I+EeYo^&&Bouy5!>b-!Gl}!J&Fx$oeC4H2-hs#+#u3cjzvjwa>T&23##BC+w2F&suHTcN52$|_ zQ=bi}Wv0M)n!pd4$qWRqnp2+&s2&Y}BXHPEelkD`oyzF-ctCGuB>J8Z7sW%2xhseEUB!6O3m$I z-;T;P8&hxQazy0bF_J$s)nAOMADQY3Q{Y=guF*`!fDUsirT#uD_rG1x`+?@;eQ$6gz1o-26LpDl0+nN9}yvm?{@qBG+vsujN4(L+%`2Z3>J_n0T7v z=2y(AADimqsN7w~RPJH6irkAv@;fGXGp4>_s&6#BT;ynsRXlfYPGwc_)uv%yHa!pAQI8usyvEjRTilYbLnluvwEx=`YS0YXmNqq zow6J@%T4Dt4$aT2JAX71c~S2#4mx9g(G*_pfPRZiG3CXjzZnPF@~KJ|HLfw{eJZzr z(slh4ijvM!^MArQxsG+;a~-Kp>`hTSD7C}3EF$c+0%0xlL)KaPd49lNc9J06~xlJbHWj7ckYFuW3s;2KY74ZOAWd6Oj)}dnftNuZItYAonc(S(qyv{ zYBSX128)Qll|^2ogEZ;P#^L&1jUSm>v5tdzw$=F_r9~(yg-o1u#kqk+9nxT75b-x*U z!ZaRo7o%nVgK|EXa@J9fEYnZ|6HzAX&zZ&(Td17z*!KTq#uq!A@3&ofpn*6(o2yQv z;#3*>Lm$byeCW>x5$+0Tt6wFl>1@sV!!y)@vW{54Cl{15|G3ZKE8oUHjlf?_<6nkc z!Zrj#_Xku{AoNtgcqHJ~M4z^M&iDvtVcStw6JBJZ)q>Dm|>s)dO{3_LRSm zu`A1p+^8@Dzc-C5%|MrFyl4iP3w4?#v+Dw(n;7K-p?d?y?QSE)_MPmD@W6YfakZAc zMzZ0*&Crzrb(P2(*Se*|R`D6GIyG>UVJzZ`h70G{4E2T)`p_`miS?Q0U%=w%B<>BC zGrf4l2)$u28Nt)Wd%pZXV!TuQruQ4hCz4+8GDBR7KVXKQG>wPd9n;E7+{|EX4ZLU= z&lp^Q_ZcBBg$9h!6{a!dF2dq(g1^Z~c+N0dg#Qa^aP?Osw81dG@$&D?V#SF($Pl>L zIGI%5XoOf|ZZ<;C8ph*ZUh&PzELuz<=be8VHv^5(C-RU)=&y$Hg_~LDVc|c6g@BX? zNkLrczGH;C4Thi4TEpo1&-t03yT$>zmo%B>^%~_x z6@@_(g`wo4m`FkxBq8-(`|Q_BXSwrs-#&kSkKgxe9*9vb#`w`S8O_}p;*G>^4GpBvur_~>e7 zt;hF?$NIp%$zSINowNU~KJG6+e=gVh*u0)5D|+Wy*1xFVqN9?gcz$I0wpiB2-yfU1 z`}9lHv3f4gp67-iopS@7A-2&$riZ3|G(_`+*Y}*)S|~c$-_8yF)Uh;A%yn*fL?5Ib z9@R%!{&NHS-{ah{&O;Y|`V8@k$GgU3y{3o2r+9sIfqbvm_lVb;=?=nmZg|~ejq-R` z>N5mgU~l*Mex>VqukSXmb(4E5(+}+DOq%fCVOf{Zx#0z8)b3S_MlP*4exI{Hb#7Qn z8C+@|xYeR89HVbveGhu*=G?c)L%o`-YchTPLegJo6~1O!OD#It{-Aq#^{eH(MV~P1 z(0_#VAF*tD>NsDY8#e3Co9^;_ztT)NcNO$l#Q&eq4F}lAt2QCM-}bV~j%hK#>PMaY z6~1AvdypBYTE`ygo8hrewNoDJ?24HlYl2luSK@bD``+)NGk!xV|77{@_E_ER3~ zoQk;~D`AyV2Q%H;caFz;->RT;oSuw$teZTi(ll_7?_)jKL;L7ckMBE=^+nzL=qTSk z+9vJbb1G&zHtB+vY*HJ@SdFQ?!}3wfxKZ1D+vEFC-&>Q-4Ibau9(qvY>a6%U3hQgK z-X+u=&u@_SSko*&wbI$v{?F+ICOUUz)KTJ4xql? z>s#qnFL-GPi6%`GT`hy&HG{5WL%wkyYta6;)2)xy@;l4gOwYK~&(1BtE{o=Y&~5$G z9(o2xbzkc7y{hk%exJ{d)`6$$IgCRNq=}%@EE<=2&hpXI$(QuFRz_dUTknW-06lwh z=J=N1uV2OR-KS@2wWa)Ou5TO4iHx>&O-eeH4+*G9D5$^!S!}thqW)x?`om@sT>t@m}9uUh9s0aZb_sd|2m`jzl_-(cL!X zla9GJta2)UZ}}$a-k0*Z(&MA?;Ec}a`yStCx~2ZUy*T;ITlZB~gFjpM|95R3rLQ$k z)7Kj3=xYt?cj??keI)h9YprrB|KeP0#C0E8-)oJdd~{cOnoT?S92(x$HXn0rQX5!h zHKOv5mXBJ-4vTEQ?(w}x&$jh`U+3{r54EB0{T`;-2-NS=#liUvmN@uzU=j_@mjBW^~!g>zPk&obzT~F{>AH~c}wvE>iTXg&~##fJ8Ja1 zw^6^_Vxq@dVYS?5SzC0!yVLUBr27-uy%K|dh)!JJ;A4o)#!o_^zeVFuW(VZT2^S!FIKM=o%B?(nry#BCP}ZA zGpDh^-8Rj*IOtxRnrY`5w#s_XqVn{jj?-+KIiP10{NJwITAiZQDGjz4sb{PMcNWp3 zqs}{u=q|ZGmESFR$MbWMn&%{fa`q>5bB3Fs(5?Z^)^F`7=)4bE4sp>@<^|~&bry##IYZA9s``S z-9tKO{!C9gJw7Ub@9|N2yQe91XcTPM4t3^ zL_4GTS~Rl#jHksrUg|0J`&lLz&1nolk0bQ^qDZ9+O6Z{Z*jGqXFK;YrM2FGjq9MDt zUqst4^0auHUR~W|`+RmAkZxW2E!2FPS2MrBN8fl$7X)skW1`@I?~2q-z9!TMO!p-z z8oiG?)7==2NqGvhCG;xufghKsjfF)YmZoLB@BG=!O-S0hxx0R~2x9x;do$Fgm)hOG0XQ_I; zxSYth#f5j2s=G>BQu*24xqgrAzvtxob0^n7Ik|q!*SPLnf2VUjfolGk*GJ{~$o1ap z8l|qOdf!&JTd&ZJs&{N3mEX4;qwVdjVoJrTXwu18x|VWAeyIG8N35q=IAbmSC&B1S zmCA4Lv3@Ykjjp2k%A>8DX#F^kkIJ|2v7Rn$uB&?4uO?cLmC@yx-$&(_{lD3#qhLtY zeI+ziY(gc zU-69h{kC4emr-?(k3P>Zj`r9zpO4D-VEv4ft?&{4aYayr(?c zPEGP1zo;F($L@WqoqD;%OXa7_y~IaX?DJqdwWK1jq@CJYG17XvoqDu^mloDEnrJ=V zPTkqW`%pWzY_ETk?%I8xw{9Y}eV2HjXs2E};4u%uSqILy9%-i%t&4tbYkl6fWPUsK zecO`R?bQ1A1)sOKHnev~<{WQgo?TDth_3#%1=Mh=HWkn_j0x7p0`;w@bX5U8sJ34# zP|ta5h|Df1c%#62xxhzCV|+!Eeb#M0VSJa#--{WgbnGM_!D1< z%F7B1?kTdqE%edaZG~l&@sUM7`V`^&MZV99tdD+|M|w^Dc56hhPutRg()AXqTS3<; z?P%g_)wFi>*RQ=)o?hOF`0Db?oo&_6Qd9TN0=>f9oLl0KeZ{AQv*X7?>r4y*ZdXAk`q$c`?t<&$o`-tx>^o^qTaEkO~7PC#4 z5zV(0Q)6%SSuqVCpZ8n|UE2M9VX^wj=XS*3G|)Dq9Jj})m{zU#g(Qi&oT@ySKLyNlG_#-r}%ud!)H&<~bP&y0Vys6Qdr z<}T~t=`{V>ve)?3N^d)QY4U*r`#zuARZvC;=&imon!7aBcQMEOwdY<>)us53ADY{@)~M|*ba{D8`^T>8)dO{T>OuA=UDe&K zba`_t`^~QE%htO5bQ^m~SM^F;U7p;|ez2>W*UG|?hUkGt%T%W3kKe`t*TIOR``|$tTh$GU3cP6yR=(2x=7U=YeSP4mQg z{3FY)Tj&KLTBt4b$IGox3ma4U*FyhJzjaHIEzx7?2z0hy{TvoZjZ;kicPx`G%{>qf!n&Y=0BTfCK8}(SZZ%euQrrh^gg|)Su zF2;!QZ`X_&UTeH}ja7PUSGCR4B+=FS*lX{swq7sL<;6bx+iL5HLS3FwWPej_-E8af zceediwY9!jmsgZfUu4ZM)#ZE3?9Z#MaeiIi>bF0uwmvG?<<~0gPpau%Z+t8)x_RVZB1{g%VVnS_0`t5Rl2-xFZ;b}>y^EA z`N@6kcdD&>n(6Y`eeKoN*7y7B@`wA`Z&q8c?yt)Wg7(U4>(K*rd0KPoC#_K}bouKR z_FL7~do6W&*@5=!)z;$&>GIvJ>{qL;n_BB~uC@Jgwe>+8U0&YSexcfWzMU>V+}?hr z+M0Z@F2_4ie`|f&L6_GaVn1JPy%5snc^&N~)z<7obve<=ezw~BrIRji>TEwdVzw-*?s5_j~Le=NM>_poUnWKg>gq-YtC>x6WfP)%S85 zFZGVm8_=<0A7x*ojyL0r_Ti1LQh%pmO3hpPdZ{+Ltmh(k@SP{dC0jV(kg>nF)TQ(w z>rTs0^O%$L7NuHiY51X~k4CanrmB>x@^?`Ows4kPIAe?UT^@CVehz0f8l^``X^zZK zRtdpT9X>XZ73Qdt}FX52WWl^z7g_NcJ0d_iwP&sSTf{_s1=p-h#Tty3}dzj&Hi_ z+2cKzvQsMmr7pAwsXFHP$<>&MXgF&>-dE!^&* zLunlC1pP%dtpB&Zg|BAxz|whW`4&9}_2|9$inoNyZ|RRmIk8|py=C%(=N~lu;kBvw zqF$}n)9i8oN{?D%HKd6$TP%C4o*JoZO6wXtXI0YlmW*ZB(zgelJ?QZNB))&AYai-6 zT6HyX?mN|M)4cU>z5dMwYNxj$-F!S=U@t0Aiwfw3YvQqwu}@V!jXu3wbb>k>+uq}` z>1~;%&dWBhdK%KK{+~TIO;a7|{cYQx_Sx!GY`eQH@7b>ZOu69z)%AEMCw9yK{&EB7 zUD5{hLefAxreY^>9?I0oN}X(dZV}5(sJq^O4D@N z=Y7-rT)FzZsKw%P^{PG1qJ@bi_A}*be#u9A&BXFE+2(vt;qA6s?A3!$?-zM*w$=I~ z3RkzMhR$~YE9v^{SpQ5*o$^Sz;rlt?Nvx!9qMx7My1wc%db&n82^IAE_2=|J$Jw^h zY)j|%WBvbBr`)7B)i(E2$I|zt{4^){6hBS9?R%X5sE_@1IXyhty{-T3%CYnvD|?6< zqI)4{yZYv~%>?hz59n3Pg3@J$>i&YZ%L~=ZKL64}^|r5JQon*}-&&|{E!=&7Li$6p zg=%C$>8ph*SrA%TNIS&;LZN!s*Kl^B8e3>53RU7a{caC?N;Xx}2PJ+f*;%Qc2~>Vu zsXhvH++3-aH1NM)sa7;-_*|v>xk1U?N;SH&Y-6QLR92DZ+)Bz4)n9MF#cV&iq28Xh z{3y_sK5Y0x1An$sz0siIvPu=NEP1R_-BMZhMWvcjSw)(UVSD=K0F9PB;I-HK)WcqS z$7pwc=)*(waT|MDq58qA$KvRx=gb8!E!{>RiaAHmM{Z2>>^55E-&u4ENY4cC@HC#Y zXE#dvjjiId8sA8ByZ7C*({=c{jc=lP^}pk`*oxR=^50uo~D(?N#2& zYU}IjUQct>ET3%^(u2f+Z?FIPb$-jPwEt%9O+(9c-)(Y3%;zh!N+^citbtXwpQo$U z(mvX1PY3I6PP!$&E3Ar3_F((cJbyF4(6h***$npc7JbQt9++Y)oqw{ox9?!9h26z! z_uCrH{razQ^rkQOSZ7mXG@I<2L4GXymPR4IB0D`#{n4V?YIHu_y^ic3 zMBl(V#6H*R+I|o2*r~D#_m-@YRoG+?b_Tt4Jdi#F;JcizeSLIg@q<-DpAebkIpMYf zdcqLgNiSOKQx6R^Q*nWwxATIx2^Bx}?nN4t3Vin$Sa*p>$-14}?d{I0b3>DZf_CM* zzcFWWPuC9&q`m<9A4hT-DdRrOy(h0;SxQRM^9tv z4FGEBG((ggMgL58_PB_k`26ZBrLMB+U4ws|W!i)8?^-C;qVjP|b@7j)j!QqG)pcn~ z@21iD->Rf9WYUx@I_1u`^y59fuDod_-K@0n4^`E)iD3;D?TYr5&(OQNetOP&k~6~Y z*rC^V)nu#D0uOa}e)?j|LYlAwJNsACKJG|;4tzZ{IKIMt3p#WheWoru3Y~|8!IJWYJW;@N~d_qN#czKo>-6X9IgaRibhOseabT zUer{5(}>=4)bZ0-rKsOn=(Rua)41UxIu?v?ySe8G)spf-I(Bn!H@^OJmG}0xQTx*M zq1I{Y4XVAViHmZ{$-Zqqb=rI%?Cz`XqCVj++um4CpAgdD>dF<{o66~Z$cvp-#YJ>jA8WAatDy}};fh(4F_01Xn;a+5ZN%f0Hj z;uT(X`gHw0%df4^IG>H0>qi(z>QS*Xhf!&z?gX9rvL(K5R^tYpt%J(Dx!cvgRz;*_ z0=*m4;AYGEM>&-oV@{Tgf9HFR_SLHE-<@TlPCeZ>d(SO&ysEiU%}e{L zgXzTWEcc~vxR(r21N5j|`!=A4(&0MCi=(5zZP4i|b(PU6GvAw_(<3j_S@gIr z*Qx8wawF#(iiIy(beU+=!-tnJhs|#|HOH&E{ARnWQe8`qQOB5V?Q;82)ugkIpWZ1N zQSrXly49+nx$Spbr|DNo=>1=sX-yZLTRikdSnFGlf2#NQIic>WSIL>`OpfnDdX1)J zn7WMWM)k3qmUdIk4|bQ4(!a!C8Tcy$e`VmW4E&XWzcTPw2L8&xUm5sc%Rnj|c6=ou zrQ_C%Vh+lENEh7t_mPp2S9_Xe{9gq<^@&*@hn&03Y`NmSbNUdkM(EH)c5q8G;N$ zMj)e*G00HPY!`-%LB=6N-qW6X3AuQ&$zv8$+P9aQ^{M@6@R@#DNVdz8_0m|c z_BZ-fPn+$-kaP#_`h{RWew@)yL2gIqW6X z30Vuf>KRiH8ZvPGg3ls9HyHalNUkU6hxO7}ABY?M&8R0!*2_RI1ic#gpN9IRAvZ$? z5XV^PMIkxZ+80cmi93wn^hD$%X=G%EkEDkBT)|; zfm0s($NqI$|JaXyH%9;B&i}vtSM$8t5Apj=yU9TsN<(WnE?6)6fYHlB#<8B|ZoQeX z2N}b0QS+R!oPw-{REVQBi8le+1NCCbdReRwJ!tg9 z*ggeW3po%{`r|lcz1R;+*2`C~BcC_@7VD)%z0!Q%K%5!K2^@4LvePWPR*nTWz z3Np;g!XLLU*$&wcOV-QR4lhT&SdaJPJ>Y4aSJ-{@Ez>TOV|q9!aYTpWp+=P8|D%GRC*umQ5cz{$jw|q%@e_m0KxQFxkn|@h zom~=y@Ij$I% z(;pxo>x>LRh9M)6F-VSU@t=&#e$5?MXqWNJasAo$#r?@T#KrBHkH5I^8xem0?0#au zJK>kx1N+@B{Kkae|7v}MZ<+o{);EUpBlo`v;rG8<-@n1HtZ#6Y*}r^Vj!tu*N8)Hl zIc`tu&Hj%;#vv1sDM)U2BjLBc{TlC|0oabO8+iXrL%f`)oQO9A|G5uMobjxY3CJX5 z3Nrk$S-f*{zwD7AwGj`NwBLkls8H5Z$hI#o5x8GfP{0@g- z-oKH%-Fc3{P7X5jrLmiZ%t5Lxh9@97&%w9rKK^pTZ%p`2!A|5WV>j}(kx|GPWE?W^ zjakorkImzE;G6Dtl@NYIuoKD|d*N^4A2JFV+|1rooWCAh?nTBM)U%@Y* zPnZW*n|99EyUdTx!w&)OA^qg3pCM_xEGK^Y!=gdYk=B!*+cC&HPDlzQ16; z3S8E2Lms{jobMCaPQx`OPkg_}=NZmJ2IDMQ$lcdH7LQC^1p z-8jT*cfXJn?IwkBi|~A7Kefon;8G(KX(QFkM#f$>GW)ubp|_2UuQf9BzL9)?atrdp z`*kRmb$;}CeiHFNj%_y}Ig`Ks_9%d;FJp$6ddys9&m; zi6_~{$Z$s^L!FEab}=&0)yTxLMyeBx6K8S-uW4&Mhpk4#T zcD#L`weEVU8SZ{H&=YZNH2hs;6pJ3WD`jb37ikvWXxvi$_cX(E1;r$nWZu_lmBAsaz9 zHj?*m#adjyV17VzEc1SRZIAlvXGh#W^0+|_>dDJJu&e@{2_yT|ntVi%hp5O$VyvlO z5;6lB9)~>LYGm{_BeS;~xjP@QA1gKW%T*W|Z-`~&BZqwCkdK_m$2d{{?pW5fs8{_F zhphkH_e}lcTyK^WaeaX0$bZ-#GT1H)nS)gKn0f~wgODLe&Kt)S29H2SA!Cqn$OL2( zlG{<$yQUrSd2l=O7Dv6gJw38VK6RVncFgT30e$^0=$^mY_f7s%@SEW{kiQ%+|A*~I z-HSXy1|dU`VaNz%6q57DamB#nkO{~nWC}73nStbdU5EV1d>ss~bK&F*?Tho3MqXsT zA|IH1W$!cf%fcUDF9aSi#}DtnkKl**)7`?aJnqA=FWdQI@J!P9jlw_s&CSMfjDC3Q zpY#)4=dND_{@4%KkMnz2t!bZ}7j9bvVTa=l-*4h(I~*_D83Q|9Pqw4hn|SzsAT8{~ z9yIliLna_okQvAvq?&8=1CT*T-e2D!4&Gm@vCQp6?ynr`$?b;Yo-5+cinv4Y8-|QP z#vl`rDabTr1~LoDaTdI1_QQV~XXHb7eiiP2cJC+nQ4b++kRiwjWDGJ1nSxA1a-6|G z8RvEpXGp}EfuAg74l?kti8}-tfs8{YAd`?BXSY8YXYwPH&j{knh&WU5lZMPd<{$%) zAYRA_WE3(6$;V9}juY*T+h6M};+ScUy9^}n*EsAXAd`@3$SkCqXW|J$h9JX`9LM#D zgWEmFk>WUJAr456BLX{7$QWb-G6k7|%t5M0(HaG7{H8y5`yVI#{|(F9Ze9Lu_+h^+rwRWF;Xn0_@f+Of z_P<&9f8Y=NkIm!1>JxYUQ^J4LW3C%>0V6s8Cw$<}zlG(z^@ks>H_N2(pAr7Ujg8+J zWLAH8n0_3`FcC-e58_C`pFBTRZFJ`$C*n{|jo%QJKEbNAa-F)?7yU)We=Y{P?KSjU6^@rqsBd`>Cf~@cJW%j!ce)%~z`>loF zIQ*%7j34&%~N-^K77gujsR`)8jcv)?D-m!DU&-P_`>)PtV*ek)KhK|H|F!VX^PDom|NrznCywtI#K-flIKIW7qy4{P@{)s8 zE6g(MWrSW3>qA0spwLUgUJ8=?_4ObAcKxn>B*k`V=w~3g9$#QP_QQNf9$x&B@x%4x z`b57l^$sKcIAmJXXZV*!F9ROHdo%L=nc>1-6nbor@T$n?FljinT3qu_}{%9 z{PK3WJllodFm^et`1F$LmwjJBGK1z3#kh z)K&Ov~3wykt?Ony&!`={HhP{lica5;e>)GCQ zyglrV;APkg=G^tYLD=K^;QGu$L0{<_UYe zp6#W0d)RxDmtjwR=dSNl!XB?@dr$NBu(yPlVJ{-=Jtyq(dbal>Zx4IRcp3JR!rm*w z9RrihneFC*-g3VXbs?FD#y#Mh9QVK4ZDyS`0@JzmfDn(_9q zw?8k#UQF0)A?)p55B=@X=j(&O>*hK@URQ+0^+9Xcoc|&%VRGFd$|p!-k}eTjJ|0k$5(^rW^6C<2lf=~W!D)yDcIxd ztIH5K$H{(@!cXcC{NxaCw$}KGWQ=4#i9CMzdX(#v$>S&emOBqYv43-UwhO=Q-Yz1x z3n1?qas3)v>)tMob{_JW?;b=T`8vPqQ*%6X{uV<&3%wj_g6o&nDG_KkdkEdXl>&f=# z{%rEf_A{`r{3iZ<_5)bY_E*6^$IJHZU)=Vyu%E{Ep>pF#et#n)?0=KT{#e-0yo`7u zbC7De;Q`1rWCk)cSbzPO-W$grq$D59QN}1>*e<6X;^oAv3J$4esS2#=P!AR+uz}N{0*b1j`BQ`3{;tmBueP540rqg@`o%8$_w@_ox`y}PTY3B~ zuBX2U?B%OpXo$Oh-X?Xom)5@e)h`Tt`TXUEy8RuJ$KSMi`cuRHeLl0-y8T_6$DdtT zzxw51FJJwF|8V=eE04e7_4F5ly?p)>*SY$Mm+kfR zmw-Lqf5EB7KJUK}mbreX-WcVixZw!eP$3&CE#`o)rNe=p_nH@u$y;;@&`Uu34+-}ia^ZLX)k zDD36)7oFwyx8L4%x0gQU^~+}r_VW1)%yIjR)USR? z*vscH{;=EM!aV-w*3(}C_VW2l3V&bc@mCe7U;R>l;4l1$yMDoa>TWM%>*+57d->`Y zoagp;avp!%>*+59d+aapxUtXYzc7}$KO2$9-@pd-%Vz}k*x&EYe<^qUmgezSTTg#6 z*vscH{)F4#S9$#PsH|W860n!gU-(J4zh=$qZZC`L=`S_k*vscHy1?!4%sl>DH>_X% zVz9^latn=pZZE+_Zhxcl_?rfQA?U{;Gmyc>#!eJ62`Sr47M$DXl05!w`um~v8L!L1 z9@kI$Q_r~T_f;N$!|UlU0DJ5&hGouYT=?5>-@4n&=6d=|2!FvP?)?|SGUxNGJpTGL zu3tXGu*db2`HTpEfV1Z=kZt5#MCbY{Vbkag|V#gTqDBE&l*2`g_mq@4)@*ZZAFdGWE+rKk&ZUE(FQ>j9@wbfm#2%e1dcTa&8`fi{bB& zj)(L*<0oJJlIz{|yE%`))_d1)|D|9rufGr7{+8tNHx2$G9~u29WKKLEkAcS_Wj<3` zx4$p)__Oyh^^0yW`g}Y{e{rnOd~Ecjzt|^ke@%mRx0m7Y_ec9L4tx3X8Qmy&}@%N?M-!pmqt$@Ej%4Y=j z^5rul{B6nO&)(P6FZ_#%F9Ipw=Q#2}v;XD$C=qO*^_lrJfkGo=Y)6@8?gx6qj+_US zf*qa*6M>z?b`w{=c`!+=XZtbO=Xo$Z4^qnh&Q;=Xe^GUqSf)P&@BDbXAuUhNDMcU`HMhkL?WD4+8` z{T+n{VW(7x<+&cST!Q85B2y^EGJoczF_u}N8uUk5&3@)sV+S zo(VYs@*2o7kW(P%KrVz_4!IU`6XZ6?!glZvc@ShZ10b(~90NH8at`D|$mNi0AvZy8gDgB4{vi*7tcE-u z@=VA9kk>$tft&(42XZ0ga>%uin;^GA7IuJt$b%rOA&-YV6LJ9LHIQQ0Xgj^1}7IG8hHps#d{6iiDSq*tS z` z2<0S6&Goq^i+?1XzXhbZJ{N4Df8U^-AgQ@N*X8g}>%{4w<~IHNmi~QD|CmppatZz0 zihq3GrbXwMT7N7T9hno$p%2~bV`4camUCh`^pV(JEZ@7Y$v?*xKggVad3m&0)_+-A zU!CmQ6)FG$;PjtP}SzZj8g|ur74?*^Uj6=?a%s_633?62->j4>qoCcYO+zgrH zdCFBMI&s|fnW^6ifBW0v!PaM7H0+9@!-8EpbnXy3xO$kg)bU>(t2=}`cj$O%8?z#K zXsBa#s5*3*x_Iz~S6mXjrvKGL23>hYu;ZZ}LLEZE)&qwQjSV^ckV7sRG<4vwi#l9< z<>iMA9(;}Y@8HEvUHbRy(!c9r9c$W1N1f{L=#b!rT{|CkQNOO$oet}Kaj45hoew4B)tx(4ck0x! zrl$Wzp~D7rIc&g1{mDyg=)kM{U)WDIrk$nRC$(5A>1)S9TF~#G^e?@zyHj3C|9d9W ze@E*=NwGK6$}|n{-w6~%=|82Y5%|s~`8fTvLWTE}u&ts+S`^uA=?J~@OvheXvFDEA zTWHx+zKQ;)Lt~NgcB`ZFnO@WIBl^FT^ol6D-Al1DXK6dFE9;AmTGB#s!5z8hk7=M+ z?pI9z)8V;;{__?1^r5J~+3D?2_%)S^Z2zw${2oGu4^yeo+M_1P3a#A0IR zD^Npqpy^0beCD+QN%LR(PtHI@~OvsMJ4uV-@b)*2VYU)N-cba1AX3eeExHM&Fn*H zX((ww;3=i>|JRPVx+-`G!9#`(9W;1|E>ZnW)zvWr2KT%oHf-pz!v?5fR}2|+$rb(k z1uq_W;nivwC9LLxq3VJQjydhLW6r+d^q%J&cR}y7Bgb8EfllF`3B15b?*)UjA$9qM zgRW46)!-|sd)aM~Y^foGuIo?sF1-4Zi}ioksD8sPzx*HAO7DSx_w&-8tMPeXX09 zsub>T+`LR>JBIf}PT8ycDpw~jSA3tm=SE&tp>nu?cJqLmbl}N*BG_-Bvh(WVm1^i| zkvjAnD!w1zbEQ``qFy+*CxZRPYDJyAiOST;o2t6*7rpfH%-a1;XTGNsucAH&_up>5 zw@S6FOMf2~#!11g&!Y!>QvE&Iecb>{UbSByzJDGb%)<}(9oOAqf%=xNS=_%eTC~*f z^GO+?qs6ZR;jn81Jzk=DMDPya^6wh!vzn!T%a4vj|4yfWRvr8II^x=XO4uLc=>NW* z%qCt}z2-am`=}_cyIRw-{^?Vnjwb{ja;Q>0oxm#9*xBy(c`o>3!7m5T2z~?cy5hNo zxUN_9VRN0xd-Ma?X>_aG@7LhH1-JAWM^&m3f;R%6D|jpLHG&@wuEx9lo($ez@F;j6 z!H0m47JLkNN^mo7SE<$sK9BUBcGBiXXOHN62>p8vyhiX%uy5byj{hg{?t+&&18bFP zwBY-L&lCJm@O6S82VQo&+ixH6Zh~J1K3MR7fzJ^94)9fi&jQ~r_#*I@6WsB<1|AW7 zJ@|ORbKoh#y#;zNRH`+CHv!)+cpLC$33oi*z`F~63V2_^F9IJe_%QGpf{z7XAoz6f zRf0bTzE$uSz}w&9j(-h!Z^1tUA1e6I;4=jGI|Ig*YJuQE@O6TB0?!G4Jh(m49p~BL zLBR)u*9d+CcvSF-;L`-34W1T!F?d$+mEh`5cbp%B2L=BYJS=zt-DK!?7!|xJcwF#y z;7P%c22TrqI(Sy_OTg76cl_6b2L+!19u|BicvSF3;3>gZg7=#2_WKcdU%|fzpDTEg z^Pr$oZ5MnW@M%-r_74HyDEQyNgHzr5XMy(?{4(%_;5UFT6Z}r_TEQPAuFnh6PUgH2 z(9M8;pMb{%-=9t#T0agRbhMSa2s|nDXMm>!-vpi(c0$F*epcvT51tczIk@WVj=z!y z!*rYh!OsT|f`<_QbnuAawcv4Kr#szoYx@boQ{YL#o6&`!)=vpO7CbHZD)5Zp0YCC1 zcyI8W;M2fW7k7RN%aI?!hk^$M{}?jFt2FUMg#MAl_4Q}w z&K{1U`CqArh&$Jlce&$v7Cd&ho4>{Sf`1C05d0_bS%Ui;8o!GLKLC7{;9bD8f;;0s zl+Ue#p9g(=x;y@>z?%tv6L?7QyTH2({wR1K!CwF$EciR%altabce*(Ol;4gzm1b+{_pWt7C z4;S2W9;jEU@q#x7Um$oJ@Z>%2dL0QKzR%511s^DQf8x5|h>GLx4(JaR`m>=Q6Z)@! z4;1_}*og}}zkrVyyrPLYzLJ8s0AC?^SMXZFPXbp-cOEVP4+uU4JSh0h;32`MgZCBu zaqyVnFM*F2{9W)Ff`17-zQ*ez!qC)86fOFB+KB_QRdSdP90{ zlPz_}`84#i@XK+2KwQV!N5uIJ+wb6xvmp(MI_<4G>;%Yhb|9|f>>=VA2p$$Z2|H=O ziL)i@`wZ*DZy0<%aUEwr5$CtikB8iGHlZO}9cQ%0#CfwbKB81d;yTVgBA&~@BZALl zI{|l`&p|%{zZ~bs#C4o85$87OXAX78*^Gvab)2~)+;P?r*KrOM@x;KRg3o~+g}t;VaGba*hvaIjfrbJwZhJE;AvrJ2<*%gc5a6Lc421`cvjf?6m}L1 zJ3m3c3jG-G_cqN|g`HPnCnM~vhkhSn$KS%l6Bc%k zAg<$CC+wU8{o%sS4d78>=TX?%EbP1hzE$vdz{_U3&r_d+Hxv9<@ZN$qXlde)34S2> zT)__mUncm;;Ohjx5M0f2$2knVO7L;u-2}e}JR25p6BhIQb-TZ9uzJgy4-d^xH_)x(ofsYq_E_hP# z%Po^nTkxgOPYKTB18KqezAqy<-^Uf4<*qN^$2Ai?1HbJB=lhp#g7bY!FTwe~ps(N? zVSljLFF!ID`lYQ*entq+&#k(N`tA??1)@FhbE~-U%g?QP2|FEOXP(gK=TJ)p=jTuv z!MnrGM#0YluM(V}6BYD!@2^47ZzecDKbm!hTc4j3tq`1_`(y&7J)~=`TY1Mai?E;B<$$z<8g%g9z1-3;qM!)4kUwGKm4HK z3&DF3*M6hIet+;jf{%h7HQ(5&agIa!J6_=N^9_Fv_E&;u&NKXe@T_CMLZym&Iivu* zVVk=9J?^i@i}uX@%v{0wIdxj_eaXH)UuOglfloWz-5$Dw&lNoCE z>}(W%F9Tm8^lt#K6`Y@&Zx?p%g#Kos&*QY)1?TZt`y6+DAB3H;61o~A%|3~olf|s^4`=y)U`-ArqoX-neh2Kul?<@3A051^j{~Yj`(7ysaF8E0B zM#9cy@PyER2s|nHv*0Pg-vUny{wa7%;deWDM(CHdH~Gv89t6(`-Wgo=b?@IE;AMjM z1rG`y0}ly48ayWAp9&rp`j3D|1b-g9pWv&(hYJ1~_-Mg@0Z#~Caj?nTEWulVrv>i{ zUMu)X;5orB0JqO`=XnTtmEbpnhXkJv-b3)m!TSjQ68K=j-vu8b_?O`01>XfeL-2;q zfJ~)I3Em1kE%*`OHKINI9ej<@zX*Jz;Mag}75ojdZP#w~*L^Yk5p^K;&^s5^ds9@0_zc0n1aB?c!%py&(C2xc-GqMSp(dZ} z#Bssr_r5}(=k<*cyd~Mu{X^d?@2TKB1n2w5 zvVQJ(c-~Hx;5?6|z2H2LrJLY9f1sD(Jb$3C;QbNjV8Qiil`QCE{=Xu&o1?TzL3qC(eZKzOE;!GBE)#aPk{#U-t6$yy zVQCj!XM&%qn;-o`;6d+pTlGSScP zO$Ps6Kdc70+dq#Jt`htJC$LJTE^+Jg{OW+}o1m}76_N8w7 zJT5(4=yN+s2+rfNa|P$|&t-!1`%`NK=W)?3g7bS%YLGil9&ch{-V2^;YW%JPe-k|VtFb=obTB0 zFW_6j%V59s2pwmIQu`bI0Qf%Oor8w6emn3mILChkcn@&)dlGmrp?@xTZ^17E?#RNC^wUsI^IQNH>1TUrd^?5KHHtpOQ_NTVO=db7~hBra` z=?MK8^ta)-xCmUGX!P#~AD1UTe4jf{#KY&=Wr9y8JG%c&UFPn$9|BJc{w#P#@VCIT zf`1C06Z|J|HQ4Rff24^gAou~`Ed}TE>1I){F3|5R^m~GL7yLZ%K7wBbzC+j_4L(rl z^LsQS1n2wfX@YZm>n!ra^IlRypWlC3AvnLck`@>&QV4`H_zxdhyFt1b;a{q9=?vaK3^nynDYYnliz_S!9&KavX3_U8So(Z ze&CII8aoBxoxy|P0q_&SSM_r1N5R8=4X-LT8(ae(?Qi&I*clHV8DRJ-@CU$~U1B)b zYcY5Td^iGq13Yz^(VvU+@<#CJ6^6Hl{hz@T;0kdD!pP^fMxT=F{0;(-k1%{GcsKCy zzYHI4)YWO=X>iWlK=9xVM&I_D4gLil8fkc~!DX-()ylo;klXcow`F z_*!r^#^`e%wt$DgW6<{;WAcy`yb3&ci?LG${SM$^a5C%sx`W5TgO=gvfG2Nt#}fn3 zg13jAG2nsmMn4NXGr)7V8P55C5_dMAc=}Gm&C#dShv3mkh7X3{t>77OzK$(9 z*5oHO+35Fyeh@q`#qbpTR)eRf8a@!b7x?JA4d-@#5!(mn<8e6n0>N)*`{2CaXMu-K zG4|Ud&L!Yc@F4ix;ObnX-vj(}@C@1&$D`TaCHjp+z-!Pyu$>cFAIAl^ zs|&!}!#?NdTJW(am^j%^0(?9;>puiON$?lJ%g`UPoe#i+e>e6=AP-x?li++@`@16# zry70c2Z2YBPi~(_gJ;2=(;WHe10J~9U9YRy4tNdXxdl8q!RT{+XEMLb9nVtm6nGeR z-T}`XXY{!}e*+#m-ta24+v4L)eRIes*S7`uSaCi&lJ&t^|19tj+DR1luL4h;X#9pe zCeT~K(>U*xA^zFmRoE|_hv&iLXy=@__t*}2OW64yd}+k^Wjp@kO?_8jf3e?I;ECaG z{bRtB;9TEx!KaD+H4MBL_6yse06rL;<9P@?2hR0+3B0v99@m4%#Qxe2o&;w*4e0@y za~~>>iw@v9R#O-(C$KK|ZTs=XUToxDEa=cr7^Z z_vPRP;yC&kJRq*qc7g|yfA0VH?rG{91CPURHFyp@2!0xP3dd1r@GDp!JPdvd_(tqs z8+;DygLD30Wc%3fT;C7D1L!|F{-43ygR_18Ia1v|JA-q(Iuu;t{KD<(@8FHlPFVj^ z@D;e;U_J&sDvrkoz~kWDZ$Ae4W+shEA|6~(?2zg*T2ZQ$j=k{|lxWay6{j0#U;=W)qcv#f;8SuF12R4BBL;g8G z#eX+(=3t+BNAQG*=N#~);G@9<@Y@Y}mpY5at=l6+L3C{EVY6agXQn%j$PQ$BI z8-+f<2eDP~gUF5^hir6(Q^4L*il6Va7M$lP^%k7x^9&UHFxVd<_{rd_1UJ)!==%Uy zy5r$_LA?bZ20P;g9|yin@O!{_2+s41I>+38pMd^g!CwZSB{+X4ZJprnLBG*eZu?(> z_Y&N4CKAwh6b0w+tt}P2G4!_z-iEk7?}VN)?YTAfa1Zb(coO^)*lB;YJI?FDdk8)O zyr1AR!Q+B20#6FQ5f!^b8b)!>L?*H3?X9VZ>)V2!0 ze~12Np??*4PH=vnu7@DspWUh9tYT=33u*)dkfCb*P?>+d)z|>pNjk}75owKErLG}9=y&S&uZ}Af`0}+ zR&ajaw^VR`e>^8RKL>1iz1#0Eu-`}Uir%Ijju*TIcv|qT;9CVh3B2_Px8DoE`wBh; zJR$ha;Az39gJ%SP9Nhk=+b=)gtP=bs=!XS=7d#^Pm*C?C-vz!*@P^I=C;FbA;H|)0 z{>vTb5#YTAKLvcW;QW1n1%mUuzO3LE!%pA^x8G~Q!-Dg724aHW3jGm+-v>TTaDIWvE8vp^{{Vcm;5=Wk+l_8J-#|YhIDaR0qu@Nhv1X*(4!_SbUT}U7IxD!B z?iciVu=6Ol9saKDSi$+bvg-ur@5*)??Y1*2WbBU?oab9E7JMr7GlKJb*_#FD@5gQx zoab8xZgR)-2<-P0yeaaqSnzh>WnS+KQp`u zINyIQ7It`^Nk(w4*G9p4-kSZOyFKvVaR>^|^VwTHwG^j9XHbDZl}rLF~!Z!^3H#^oLW&-`e3CAf8tu@ixQ zbJUBEueldXG}P zZ~ip&75)xjBcra?=du4a^rO)43;q46p#7%7&3gh$jRH@!qz7d5TZwp@o@eyKXBqw^ z?92vN7aINw^p7|n^}5dRccK3}c(|3D_rJjCXIs1Nd!n$@-f)g*GI;V3w|=V&jeay_ zIM3@_0-n|nDCx)i#EW3Rli@$(xL(h^+HF5Z9kR|_>{z#*UEs;Txp|_W(N7#_cvIx3 zV}HZrCmYW7S_K|C#cY`kkL<^XLujPzY9EfzT5t^OO1XoYB=xrwwJ;0C5D^l7D_z_9=y!0 z-)peZS24pkAfEN$!K)4DIIp_g=%_{oAfK`ti1gw}Jh( zLkv%~Go16V7(9UEh5hy%YV^|`-1gUlCpsF=?c~~Fu;0~iZl9IcAfCev?}z7!4}s^p z8P0h-`dZjI(r}LdE%5A7hO^(xha3Gs*v+kf7#=>x%_o9qx*N`ZTVDsi$GiD5@Yo4% zI~QMX^piadKN0Nm=>K1+d(?ms@&;d?Ay3BTd9f|Axr6w8uxs`@L0v@^3@R`s*^;X2w!tnLreEr;8 zTyMMt{bbze&w&2kFo%%qL}N2pix zgyD&0Zu=|1Lod7e6?Y(>iH1)$Zq=9Ik(Ugg1U_}5(a(W%{72pit|unZkNL;o5y8ij zK^=eMdAEKC3PAG^>cw`}fTvz`>t8p;=trJ0{5s@82jJxAX~W}AR7yRX99TY4P)mB z^c#W|$2mQ<|;K|j7bNjhEY4n40jQu#`-1~mSxxwfUY-CnU z0#AKt^x00Q2aJAvwA;=)@Z7t`&H;%3T6@g*fkU^Z!HF zxyMg6egFTwyQ#!`lJ3#yo}wwYt~#Z3Q5p(e#2_guA>rXsmiQ$m#d*4nSv`aPPX@BHDd=lk`3?X}lld!K#IoH=v0BvyUA8HM~a^7MJ& zn@1giuxQht86(XR;SX^Q>2L%6H+ z6AIg1M4kxL=T`cJ)2O#@^tnzpJUWhv^T8(`hhH2dkKY4cn#b!&uQ1Q|gV!k!eT`QU zPd?CYU*YN>-GcGGk?lTDo*^$szMVWvZuzey6UWsjxh!k$bsc%~Tlg~^?>X`mx%qrW zo+iJOK36S=fBZZ6bRoC<0WyK{`iS}r^`VFCqT4@6o>{e5~Dz-lxx5;1++L zJajg=_4oGG&`0QF{&hZ}e=X=`yX9W*lP6Cp^dIse^tr0wHh=#j&(;T*>F-{tkDyOB zDD>$f2PUnP5PhVZ?zM?L(G>c5s5TaS4W`zP)q>C1TflKV#r`3&JM5A-qr7N5c= z9ng;;5C2=}vrxEOSJ|&|Y`0^U>v_q-c{)nC>hm`u{si?6H!%KEh59SV(}DRug*;rQ zP`{Eq8Q?#Yd&d>(Py0**kni7I7-b~*agK03KE?z3A;Mk!;}Cz59rvlv1@v`4hu#|x z{RplDi-oIys$5|_yU0W33wh0r&?f@?a`JqDPbQBYU+D8Lc{afRAonX2>f3&ScGCeK zCl3eq4|B=A6AOL5B9907317lL8yNQ<(qCcyWSM*{ovI$yEfzl2;yp*~5TAm7XS|H<_F zfhKvGe}m2NPmot-{f{S4^(xfAMV=;qiu%f1;1lg#sK1mvMlOd@_j;Z@%yF@Jwg`9g zIxvp4zXgv3#%myXw5V_#pC-=*e72Bh0(!e|t!-d@Pu-Ay1MIV7uLN@XwRCB!7WCa&4i{59B`iIO;Fh2A>Rh zd-CVVz3T!#f%e}^sM}~pZ#(R<6CpVw1~$YYGZ zCwX#Aq5f|26#0h;$6H4pzpGGxm^?uqqJQ*fw3{4TsGmfhB5zLpCh{Ej8F5rax;BcxpzWegk>z(L!$bLkmOKv{zlIO@DrM}8O_#_^KkLi1nC&}-nem;447W6hQ`^Y2Y=5ywL#!3DG zeeNa?%`R+r8F`qzF6*lNZ}5rEDb!y`9wUF1`p3w_PZa9cl1IpwQ(yZ4{PRy1>id#= zPl3y})4djw=g6(UIrAa6_%HY!{^7ZW{!_>!&c_!b{s$TZ}^877wRu1kC1O+ ze_tUFErtFxwp;2De0*{nmu}=yayy><3cLH2a@N=E&nsf^W^22|DELC%EErt zk`rz950Uq0yCcctyd?FPm4d$?;LFIPjRofilAHRRdqg+4QcyZYRW_-!9@URm()7VsI2bCYoO57#X8sVar4JQ?5@k$bfY z^%KbB0lrGO#uNVx?bZgq?blPqtz-N&A zJw`l;l3 z^6J!oPagUP`WoctoXGwL_+;`Zc_YU8C3%8%B0FjKs$b0hl3V>>E?ny&7O1!B)Mr>% zU(sg=dFtE3e$|o_1Ra+&xooH1YZ!To@7G(qDdF0#U!$RX)*pTzft`qAV`a*O8+@-+Eeu9FQa!zcP9d~94sll!|0{g;@Y z-25w4flr+L3-{~zjS2lTCKqQ507p}#HZe~05$yt2Gr zZT>G)-#Vb*P5r2VzHu%1-x|fjh{vYbkr{3~&PFUNm;tk<-ev4;_s z)LT72LH(wH{!{9oq2A_i$TqX$Y(R^+c2L!9k1fe4(Joq-$=dn_Z8~P^8G&Z-%0(PfWCTN^mkN1-_7x2Z%rWn z(bVq>=oe6bAfW%6`o4T0(BcWn0aVw?a8=~T)`u>ROZ^A*W2o;Ra-r-|y{K==diaj|A$)(+;yI}y{3lXx`RVMqtp5Rhg8JpupGW^Usqf17L(P8= z^}7T9r^!Z9=i`cizMtd8Uajhd{e77FMtuL&{6C~VN_}(2bBOxc0ey$Y=|4b(5Ez9r*7p(*_52lN*>UhM4&_>ZQ( z8s9HA|Ao|tYofnr(0?=alLGn^&p$E zH{yMa=Kl)y_fp@I{oPCb?0~+01o?cEdaJhqj!XUXK3nroQooye%g+bYj|%8Z$Qv%Y zKA(CD`rC@}w0B(UKcF8){T0-oL;cIt_vQVu7SA5)rw06+v_L-B1oSb-i@gu1xAXBty~Xo6^^*en(Ami6 zWa=%SJsp?&59sfq{=I(me7bsmdnH}$_!Z}m|39Q1cnKtIs&Vy}K}^!Hqj*DUJ0 z^8DTWKcapB^>%#xllm0_eY11X--*=Q`gVikRlG(#FE;b)J39hH5*xzNs-SvuJ zab9far(3C?6wsGw4SkOKhV(f@__5mUAY7l^?pu*z9{M&O@YX!J{ z?@yxu*X|x`yzX-2QqhZFTIfI7@ygzs#n0aINzFVWlGy3?=;!x?^=cUt#^Bc zt3LGeg-&VLKQC(s?hgX5OrIx(pQL&|PsY}My{YK>_7SV0)u99Y#eVvP-t`@^eN+V> z@np+%cihIMp>Q3S>|2H7a;I>OCwed5@x=EydfpE5$V=e1Ue)S=e&uH&e%s&95U%4D zo{2b@6d}-c)Q6X0yy^mbH*|zgx(@Pbe6e!z@l(jB9q;xFSO4hG$mhTGIq3rUq?$o* z{q3$?<9Qg|t{dD(?(f6+R;ABM;T2^cyY#yrj+{*X8TFAG=$F;W0p&8jxtq~1yAIZ> z6M0YHIrOE^0O1;cp5tQkVx;PoKY}<-e~3Pji{NuDeY$ssKJ+d0N%CqJVtiBIVSH`> z&|Y{&8TUr77xIC^U7m*^|F-Y?pYW6DdGwF1j!QnDMgDF69@hmv@sX&95BNs|luLeM z!x5*=$CJAv&NVs2ga3M78{w+=Vukv9$WwPB&$a3Q8F@4TZZS9LhCGL!^PTdslK6vZ z!nMDl^H9%iSkQZnw@14n`k&Yx`s4-h!RUKl1LfMUp9}ap28{ENa_Lv>OvGb(sNREdt_44p`f=o`%h02BbA(Jbe{-gcIOL;X1!Y{fbHsQ-6^9NFME$VSYMaqV-?w)mw#i#?D_x3DRR9eBir(+j=HJr#%fcs0eVNNq4~gFk>)}M<+OO~o)WgHn-$b4(0UujeCkl7txT0{~ z$O%8KL=7+5;1=glmOh77ul2)uQHH$973}XVz9Vz$;}_SHN3Tad|6;?B3)gmYoWGXO zwZgT|=l>7=iowRqt6thohmfDs$WQ1?el6jyVPfw(wTK$s~`Fmxu|eGxlXx`%bD;A)BjH4+HT}J-;oO$ z&_wz~%b-rIZkLe9pDtWaPUsJx=+lVD^!3P7>k9R)$$dUA(dyw+;W{qiPmu??%WY39EX^%VxdC%MKi@Ht($%fnLSEzSuuPW2K` zhU>Y_iwmxVKKulHns8xS;W!&R>c`i@HJ;po!uhgIxcaC6?BLWR_&1jfgunMA;%Q3$ zAbDE9AW2?KkGDX$`b3_BK0+MI%Wqh+W3+v}k>NCSo54Qhoe+~5M zlIX9k!vlm{?J*ShW1R5QN>uS$?n3@;oqXEqWxrGr{8w@&%Ow5<1(2%b}QPoedapT zkH>gf-)jxh_-lHh(%bZG=}sQ) zf^oEc%M|6}<8KDHyww^Eo*#ic#EW1QRj&0=3H@zM|J%rOPh#CDOa2LcqBlTq`}vMH zz(02qxb4UK3D?}*ja@8lt_dv?BAWeEJ!oe_T(`g9krbu#}K z)Rp!38tQZX5s&SYzgI5pde0(1HjnBJg@1`xQNe{ezAB zA?nj3P!Cq0y>En1d@uTI_49;qofp|35&sbO>n+u*|8UepeexzZ!6)+!;;BJCUAgGJ z*U;{j)bl!JLtItxy(XMwd+O_!G3fDX&e?uPZ zy2|yc7w!+ie6jpYA@^#aU0Z+FlExF?>oDp#x_KclGl#;<0gDq+Hs~ z_JGea$h`yP;X%m5!{lvmrhjSVtt|boFYKJ2YLGCu8!cho>xyMrp6zw4{{mxkMQ zXI?~ptR4mmcl&|8h%?N74Wd5P814SVcs@`rd5-UcPlWp7+Yx{ML#&h5-_yvw9q5&Z^STZB&-6)tgh-f9?+EqrACWgyk>`Cj z8vgm`5&yIFX*~w<_|HRGfqZ~)T?hK=gFxkF<37sqV(;CrF;DAKKUcWM?_FQG{`~6v zDLU#$(OqaadK2Qe^QLpjy=92!0RN`1aP?0-g!xs5>-j^be+7D5_kLEr)K4N%Kdr{X zC&}ZK9XGcq7rnpEcP(1I{YIV+>`Nz(llVm+&EvT6FXK#;=eMC>De`i6v%fn~pD%LY z&mxbMM?FNTA1GY=8?A)?KF$H2MScDU_}e~YG4+WlsOMMdGiW^e6~74e(35dpt*F4`)xQ_ixpGZ&Sc|ZTCT>|=W;QIDR^7x;qhu+kGpj`5nx({*su25b|{c_>%xLghE;Uw}#_rTxZ4!s@6M+w*Q@;ENrso$ua|9|w4pUh_) z@@78Io?Ygc`pCVAC%+Z_I*Volglqg>AU_W)*ZTR+cghI$rSF4JbPIeg<+wK#uKL(R zh4IWF&%c1WvU=DhT-X25&zQfB=zoO%;lmima^x4@f9yOAaQp->oJBmVsDDVf>sMEd z@2(Q~#YW{4XOjD8%iG8YppSix@w$`xH-)?7ax3u5>Ay|&;*-A?{j&KubRu||`vF`3 z-%u`j4$VQ`!p-x37q0$3uMZT{zw9KeZ^qGY?E|el4C|vs$<#Ayg^Kd_TY$e*Yx?OBO zb>I`@`qp$Rd~!VBp^ev;JU#&RGluP6M(*>u?zVp(A>8F>4l>+|`pLqz&R6`2OtvIn zN}uR+i1SJEFVsisD)a~PV|lJUjs3k6@l2+Ev~b-&obdyWcTBVQDD~kG*6nrF|1I3b zsb8=zua4x6r^7$CAIFRP$?qqR&PSYf9s5c0@F|G1RB8Odd%`vTNH5<3tN$||Lc3wk zqY(Y0!Zkm;0_Tq{dX|#${qJjt=yjb;9z>jFDS1@=h39TU{%u}=rFyB8;QLueT)V~I zu)zMOS`zu}#p{zS6R);#_0Rr={?=u?cTzu+daKXz#nOtwjC&|GWv;ag6+odSLp!@yaDmkJo7nq4&VL;BV}x+cPhuYGe;|MN26=|>``frQ zdJOSL%VXWJJWp4ydA=0$!sge0@?1ys*Ww&F3;F4>4*9WlW{mJ-)%nB1)!%;xGqgG5 z+@oCb6I%)1mc0FJ@bpHsYv(nyg=;?JC7`$KR0~xv{`p!>+ z=%^nn=#ziLcQnG^?NA@hLn-*5Mt(@Ru48+6e@F%L<5S?X1ILSo!ZjZMG4v}*eZyzq zpWfj+VtM{dxb`cN2EU*B!>SjaoP>3z40)etRsY}DP~jSX;!KQ)&6gu`f06p<+WYR0 zPUoL~CVHJ;`4HA0%kzHcFZ1_&27J4d*VORhJ3Y<}HKefoRM(=tT}XuWdL2k(nG zq&^aVdOPx9$NiZL;GgI5w=Vm&SGcZAF`ma+U6ou&pW*Pa^UWN2;w8lS5PfPaf`76- zxSbbVqg>+2PC=cRex-0%=Nr(kk`@nn;v@L9DuG|rT#Pzg7ub)TCfwDbkMSza{Pa^U z`H7zl9~-Yn$C6H6Nw}^v4{X9Z(~~}})9_Cf;W%5CytibySnzmfYt`;Oc|-rzNiOX3fVi^X%1 zaE&M43_ciT&l{>-+6|4we6f61Tn>F`0P-`B{>y~B`FJ_%>Lv1>+nhO z{XW~D4->9FQI1z>>cWXz zlgD}8%<8=18)(;Sjq%-h9R8q#aBVksEBa-1`=xS;KhNte=5xYIwCn$b`rplVqvRQ$ z4_be360SapN8oSkfAO1WH{S$xczP)qO;axV)N0=W+t0ipT=SL=BYvL^yiK3X9_Smw z#@j}p9QOkje~q``AG;CxwDYxo!c9X9_hXpjQa=@-x974>Rv)da{oqabN8i#v_X&?9 z)tl{WFAI6zrp;}S_S{)gNWxb z`rN2od{VqlV&lGwJT@KUW$VVp@4zR;_rGj>FB7ioWMY5eIyq3du9MjlP@i^P{XzO< z24mejt^@+wqk73h*ke5~&QRvq!5neUTPhqqIIp>U0->xRPhVYqP3b2P9&oTpsk zjGTvYJfA)X$^ALVv+YA#z6*W)AoRAL+#_7$k8!?REzK0J$H8{*pl&1d|DXDZKJ*=Y z?j!H>9(az|;WgHybQm`xWK=+qcqxx^RutZ-wzaLY^k~ zK1BVzM*b;z^eyDM9Qg^W;UAs{pStAXu%37P_cd7b+OGGS?|y0PK$1LoUG8=DSN$y1 z3I6MOXMCXjm31I+{?%2u_SfhA9yTsd3fJ@K$d{;xMhtB^eOfl*dP2TIeWcykK;)qz z^Zdt$%-av>?^mqbb|0bL)OL)c&6f$}i8h6Nsc@|aZzb9-%XWVkuKjAX9lQ>C%{7Q8 zHyh(_`?On?OMjC*?pV8D3)ej7YN6dW^!d|#-u4}_F$(<;`b0gSeJ@25JQ zKJ%y#^L`2QS+9D{+g#-B4(gk&CBLh19G_P%@h1ZJbN(P)$1CwQ#w$dhBh*K_qYn3z zcVCD2)8AoSY@XibI7LVOctp6i8{_@Gwr*GX7;#1hcXnzSA@}O9T=dZa$fq5beKEEIQOzI~HSO0WFpJY;fV_?30d+U^saxP+6~3PUu8TMvpOy{y+(~DIAY_{ zU%2*bC+DN>Lq-YL_@mR2&t~*_%jxC*&yO&^G4k(KFLB0yM!PnDuiK#hav#g5(A$1* zvT*ee^Y~?XZuc4TAAiGl&c?4N_ufT3PZpu!SB0xjem3|l#^ZespZrNUetk(kLb&Qv zmmp4CPadM)Z;kOff&OXgBO}4>I9qBX`kQzj<8Jf!CgE=WcE)@h!}<6K_32ZfH=p(7 zdDcUH##!?VO)teU8}=$zC@fM?)PlI zT&7(7W3A!SqbveiEL_{oz3)3<@t^t?^N>V5R)>!(mw0k7W8Jt#P7U>S_9nEO44emb z7w+`U3-?_K^2BWLt6}54BV6ltW)|zM^=l{f(ccPvdVGyIy&)LK2z{n2*ZSdc>Ryg} z(Kq1PtKnmH*h;zNA#^wTYvaD3-2bAGM>oSK#m@(s{$t@9e_yUAbr{cn;aWct?$1k- zH{JrC4(w0b3wQBP#_?rT3H-ra;p)FSaGYJKJ`%q_3FB+^wv9gC0nDRzY`5mO@XvMf z9kF@cS-JS6dHuoaVFLBZ?Wq63^qFY-E0CY2dv8c3;LxVIYdSUwL3cl*-7x>qv? z{}4a#Hkol=CtUqgz0srf9G82k&)x!mi}OwLH0#9rRcagk`(EIjEzg$w>;cgw6UKoGT4)~{@K|cSczMF83 zGr1MK4*6^3+0v+!LFARbhfnSW_}hM|FL^Yuk9tYC`lsJOonZ7mZ?o#9PP`|Of6Hgf zAE5UG{p}-M^AkQB`5D7_rc$4J5dKYz@QVei7yszvh~JLaS@KLfj8|*=blb@|dB3IA z|8>H3zZBk5czk?SxW*H`7VGDbQZTCgBjc=vcuLd%Lg8AUsXTnbz2- zp-*}b`fEPxsgJ$@ZtGsjU5Gzi4*hLG|N6pRUGe>k>&SZu*LWIzf_P%&w@@E@5b@Y? z=QZJ)htxZT@&8M`|Ca9@def)IPeops|9|w4#=>ra63U-uXX+=Xjn{m;Up}W8BXhKSCbo`=>S^`}_i*5bNCdEa95BP5iu%?U$BO zpM0UP-u@Bp>i;vuIgRl&_!W7`P6M}i+AG(3cog%iJoOKgC-?b|SUkTA*LYe6?w2dS z8{A)m@v?c^Lb&=TS#P!uOe4>BLc8X_+W8cFhg;z|&NBCQP#^ynGuqByTJ3?q|1kKq zjDLl2%|keFKhJ06{&Cm`j-){T@EX+x&@f%yM5%8}D-AF3)LyCp z`ItC}e#NSR+xz~jg=^i84eTek2-mtw1nTfN^7Kl?Gl2zE>o3F^OQ64YJeooteh7Mt zr`F%dTaNx8GXB$rYyJ~+P=|KCYmVxvIr_&E)l2?Ud_Tpm1C%<%{*FW?$C=R9%5}VW z|1f5a99D#Df0GM*XK(Aq%k+t!g?`yQ+CZM1jeO$2p7$qxGJoUx!zcz@=P>+Jyf38& z`T4@#yuK0nv32`8?P?C%oH zqZjEjP`I|6Jm5QJL+Xz^0v_)LA6v)z2-m!MMW}yU=f|sF$FUE_F;D*-eR7-N-;@58 z{uLi-*W-2RvgGZBt55g{e44X?PgJk%z5$;I^?wR?`z}8B#`1rqJg7>2ve%*>ZlnG& z<kBNPU#!Zh6>D|2U7!7Jn1@qG$EVR>D3Z%6MYJ zHGY3?Cl|TZ&rao{550`}cs~2pyA0!8h<@2Ve3)<-XW;WekCA5|!HRT%J}XWC6Y_Q` z`8SU9A4mNtk~eNNp6o4X_YTH?j&MC*G&)$gue(9G>u*o=Yc#zcP#^8@#l9m$$rsW; z%{sBXeMo&eu>N-{tN#CeT`gSwQ!k=^>Qb`aIL|w5+}o8yoj)AdUv(C){f%`%f8V9g zSmolM9E>`#dT3Q1{f)fgJEa{@2MX8g|D^)=H;xmoKB2*dbsjn%JaP^EEzT9>KA$sl z3gf9z0s3eXdA8%rSn}{Ag>k+uT*oC=7raUljJA?T+hG3wO8?>$#9#CYzF%zD>+V)A z@#mjGelYr;w}w3Oh3_0}j7pq{cGEpkZ=W282CfyZ^^;f&hiYthl5kxoXKyR4tIveH zI_v>|tCOn5h$nsp>U=+a?kCTki~ibv@=J2BYGMA53n9*EQ_Q>7%+CPfuD|`^Q=k5i zk>@T4x8r`}iik78`%$e9Ul*?RP_|+Z=YU>#-j}MEe5QGxGJ*bWPl8XTT;Y7bMY-s` zz`pkgxzGDK?YKXn5`6N3{qQv5S`X1@P(Qb@zpI2-l+Qi7rE&b{*-8 z8sM39VV)mTE_ujJN4rfqAB$>&XO^NKeEJVmF8;A6Fn=w!`-SWLjRo!pm`Z*0BIMcD zjcw$qPml*2ujaLo|L~t^@f+r$lW^UKL<9HFUn5-OPaT4fop-DduJbF)`(5q4brbbo zZN$@@{W^E5?)OggzUSwFh`lDT<1~zNz4?vOzmD@ zQ6Gw-9<1IPoC;{Wze>`pxo~~XMyBxuN30I}QSYsX&-K*bDqQmxJ`MHu6!Y^c zd2$xc7apMg2z}yP&@Q{>opTy|yfcsotDoNF=~I#Ca`c%fT_v;IA*upcU@n`OX3NhFPtk}^Kfxs9`zQktW+^FPCQ)uGQL>LYPx zczwp+Z`w@%>_YfkJ)hYS?S}vGokK7Bj3@VaebwUMOrGQCr;MM~2<@g{Ks_5@pj`40 zy$|c;gC)>F*~ZX&cVI;77J)ZcF8c5w`1p+H3FCYYn8m+axaQ}A4ah@X>Q6phxxAmg z2ghZbcQu6T`jdPX^W`e)+X~mbh4x}x7>;)jd2Br9qt9RLGd+(Nh}QG2ZG!kS(~)PJ zcL&H*TfyzTsY_F|o9F$vCo`T2!o&RkqklX`y|7EryZ#GZg7q0ow{9PD-J$7N=t$$s5zqDXc~pHQ&wjVU zJbx=(>$wxxpHkHSMty|y$o3W8T4=lfeO=|aoTt}?zs-vW$b-)Zn-ld z7Ua|B*HglewVto0K6|n6oGt#X=EME7ttXeA1OLow=m#;L=gG6rqi*jeKPX)5{21?ku3kcg=>DYr7-Voy`4;bwmb4^$FK>$Yv6Zto?p z%HyNWuc^W{4-izyucUcvlbC{XFT=Vz~AozekS=X z%GE#c+?7@2$uh`*_2F00FN^aCd3p)z#PZO|*F609 zb*1BS-0bVSUv8%4CE?ny%+St`*!kT)3fJTH+)7v{!{i54uXQ*8{j&G_ zT6KoM|1-G7vqHJ(Q&Uk_XE2^!)MtAm&UN(faUp!tUEpJJ-XmP=KXDo6T_0Wt=+^Vt z&tX^~dL5S(pTlN(`;b222JoLz5)J>vc0;2vE{`&vE?p2$cyeLC-Y3uSK2NLLrd<(d z@cK+A;hKkB1*|7^=zo`T8OMC!{)d_L$@NFwPNsf0^|>_i@E&=UZtzd@er9A<_J_hX z56O+F%tqAD6|VUV-rxQac_^^1=E(DWKCsQf!@@QG>~n?Vbw+o@lYJ5URnuRsT=bc} zh57uDJogKZYw;ok`mb=U!wl=t#@WZmpjf*9`)nK|AUVcuJbFj4*7}k zZ{`WtIAgpI*6O)p5A-YZf$x-dTx%j+eIoq)yT#dDxb>aZ?nl&dnHT4w-p=GNZ&H70 z*XQR1t=;G89}0Y)VkLcIe2&@i^x2?3GQR0Ak>|6?PwffrH^;ch?O5(Lo;>{!=Bd38 z@{(}fSIi82F7*}RT0iN)eP5r@C(rfPe5zl}e(}1NU1w;cTzulE7anKh!nNIh*shK5 zo%D(SgMK~Ce!Wef6hEIHA#d6X?M6mGZ~0sxT>ZZaoY%jsdWk1=KJ=H+XFYj#7V=}` z`ww}T&pG^=`btr>n_mPUJAMr$kKBwpxA#F72-kc@{)K*R5scm^Pw_cLmWMyoNAq?g z)(3kZr|l(ZH_p$w_hdW|ktaLC-`3T&r%gyJjZ!$*D-2c%69qwsU0^jRxWj$ z=KUnLPfH1R`^ha>uWWyKgg)8v823tSw@q*OB=-1@v?9M&__5~E7}ZN2vb;ax8S1a> z10Sy;{Ox_!*Mz&{$R4a4lc@iT`rJ~)`7e31%cy7m%aPwoo@4#n{F*9U*MV%{^Kp-o zhXbG6eVjbc{lC>!O1Snby$$2?1KaI?Ir<4{_ z`-F+)mns*1b`yMT9z88w-(MKgXo6E(-gZ%+$ND_3d`@B+uV%?z|ve+s$r|J7=4ZdDTmvLnW}j*>SDe zK=Aan;P!sa+sY-*%#Ros{8l~(aTV%66!;#89*)cB0s`xKZ{gZ*ZY+E({^PDjK4Xh9 zPm4<+5zU0FKJqN|mbW{}Lx1>AXyg7deWJY28E&3eD~9#If8aWEE8*I&e1pKeP%iC; z1NXarMxXh|VV_)tFuk9s&v6|_w4N8a2JLR-{VFyt7YcXl(i}u+$F=8#YrE;6;9&h~ zb}iye^M2q5*zR@0)hDw8^)r_Ny-a;JisKHl%em*upVAY-cq>6 z<8{S|+jWe)s1L{BQ?exfU>5cMM#MjqKG8w&58fxgM7XY>slau=*Mw`kF<$Qq(`UDG z>2Gu_X0+`aW7lKfc;G9H3$o#P3xvCT_Vk^D<#P@7tpd-5s6H6u)ibdFsqJ_bFB7Qq z7Q)rvpI10u_tB>vzaOnCO+ywF}yAjqW%ow>hEvIyz5Qw3)g<-zQuZl|H^ZIgu8KUfjYGD{enKR z!1>E=>JvPVvwk(W5kA>pkO%XbC|u)72A(6mlsvo(`FV%y(s4IIpWx?_?YP-NxW<{_ z`<1r7{iR&|6F>N_r+b*6e#5}iyg#`V^Y93H@;21@H)ZgPf5`L85WgKy+YN`0KMlMe zeSRem^E&_eVW|KC?_ z$E8l*M&_TR|8U{zpW*(n9RGB_a>-}BFZ}nDSBXO(=5yWak`GfZ`sjmaf5lrxFaE*zG0zvS_oc)F_oZAfT;qw1fKPe)JfS|)-!Sh7 zW|-bm;adL*evZcK|5N(-t2#Ibi@Ex3@K3bHys-V!-O9z^+k-sYetrdc>Pz4G)L=Z@ zg_|dl`%&h0_k!^t`Y8zgBi?}YSf=}m-xsy#smA|j^wex^EXB*m-zD+`p%&jebx%sagTpi=>H4# zq0@%%#5p#w@4ZR5<{{A^{u%l|DO}sl?n2$#xbL7(JaC`$A=Qgd@-XV5G<~ia z2cO6i#M6NMUE$hp=yKHm9&+z)aQ|KK!{j018jt@M;<5QPh&=lo*45jnpGu#w2fdxA zte`&1^OU~S|4JTNgg7JQ{bk}GYyG)PxQmC+!LU4^mO%XZUof*u(x;zr)yM8azYvw@ zJ>~Qi9rfc~>XTi3M;r2Y)hECw!_S+W&sgEdTK}J;K0XLan@1h*LH&ex7uL^>!Zpq$ z?=v_3`{bdnh{yO2^4MdYT!hB!-wU7kTIerj{KLqTe4c~l?MLNO51CHT+jGs#da&-5C0^uqoNhhn<`xI%j(MSpDLpM1=HV#ymjU;es}=! zWN*MY+WOOHBK`TCMjQ7>luJG%1w}CwNCVU>CPtg?im+xEIesUFgg4b#7dRo;75l`^G zf)>Kvyn7J&xBPrTp5yv&`9Dma%0X{+)pIKRb6+7&8{Y?n>+!KZ&)=CgZ-H=aH~brX zY@f4DxUSn}`Tfy$TsTa9WGVEvj>V@T|6U69+?M%SEnM@T;`g@HCI3$Ky3T}=;Tomz zi-FVO6W-xFVC!D_hfpWEzC>V@a|TuRGxg(Q5^?3ejm zA>7qZ;5qFtQ=jE?Yi%Fc@?qp{KA#WJlKs6}xV9TxjCx~tz1hNbT++oj??$gZZ@Kd+ z_Bsacm)oK~(%%g0p#=R8(m(NAXGfZnpZSQ!|KC?v;o9!$-=JNq+v}ZP<`>Tgt={et zuI=V|zm1)zeCd4Tygu-J>2i;vzdoYZ*zp{PNr>1`h`=2r_pfa-u}H$@bN!Fp6_6P7YNt<=Vl>qW9gqI4}Kme@+8{z zu1C9#seh3?{j=|gtz$o$eoJ9I=RL)7=W(z#ePZMh-gji_5I3+rSbd7Pg+v;B7M`DizC7?G5u z|E1*NwP?3J`HjN$IG#Tq6_p@QQ=bdy*EvqnQ9rf`*F0n&!noM+sNDj@lV9jN^?Lrz z4Z>BQn_j5@Sh&u|)QY%MMydaoyxIZQM4NBDor`rj{H z*Wq*r+9Po@XzWDM)A)=TJbhR?&Xd`=+G@w$r7rsfD& zfA12ktCQ$cVF~Q7ioAD%zj`Q6pRbzJ&x!uZ-e znooUt7<>|p^N4b3H#QXcwE6Nx8a%Na`7~bZW$<*BLj5($C2#T1(cdUi4I^@Up^F4*@bp!A8 z3C;wkdnN6?>6{+e)|U!wx?d?H-e$rL{~6o!qrQMk4np4iC|J6^YV z13bs?3&W^+-W9^NU*QADb7QtUoIKH@qw_hN^>z<^lH8}A!**XVA3m?RH2He+4C}<^ zMX8m@Ta4FBZ9m*gxM^tNehgN<#>sjp%U_P8Pj;K{h}F+|Z$h8o^ZW-;e}!@xujmT& z>ss=UjE_RzEQXqIAwS8$bFI%2?&>^=Iv-7+%gH0dF^(;m&*$iq@!E5qlx-Cqj7D7^|iaS7(N?ei1L#U~W_p4nf8 zyLq%3@ib?i6raoYA>(OF9t}L-;}YfSQy=l$@oNh8@teU*v)wPLkALYqV&h)%UG%ro zMywC^epUa6K*z3cOEL=0o@-_&%mY=3Zgt;uEcf{+48cwh^xD zaHGKcT>XT*{5LHe_YdhGyuP%V{+Uf!hb{hgA2AQyC*&B%znQ|D%6=PJJwXp~E)r$Ndle@&=<$tge#6wcXTm-|1~%w4C}F z@6)#Y|4N?Y=VBskywzIzyn=bUvJ9kcMqch?9GBy~{!oqlJmIR(HpaNyb@jQz z)j!7b^jg%vNqv<2Qp-=#Cx|o6^CO!Vrzscz{K@dQb@fW&F8*G=bKXq<5!5H2Lf*{( zL*crwNb-BP?fm7$_3+O;i2mAs@*3glpUt7&X&jd+)aUMpz9HM)LLT3VIMuzw7b?^DzzulG6plN|Rb`BddPj{IIT)Bhk`eSQdx%WnE)_&lFk z^f`B<_Upf|9{&fwM!5Dj%ypaT@g7kw@npCUwE8Uj1@wvG7#E9kh;Yqw@N;u-P@m@g zz?fz7F-+y+ALe}~=6~v!@K2o&f1J(9_ga$2KJs1XDzl3>D;J+6KR@1t{N%65D_`J< zosVB3{8;%JPQ8Bv^fq61IKA|Xb#D1NOnr#+%l2c>Z$ch|&prD_xaQgC{d;yDsrT35 z9>0IH9OGXg+|93FvEyw)o>9H@H#Q0R@yQ#010LtNSp3%tSD)0`n7=J~;G9i;g2xxj z&u;4T{2cwg^slfP{%O9SV)y&qAzas`zVG2UV)4wRJ`#A|-Pg(`p6rPjS<7epE#Q6x z>!cmuuMmE$@k*#(^5FA63LE!-onHK3!EtJK5js%sTg;&+9FA99b<~<4_RE-|UxM>^OP4&Sz z?q}YX3fKI!U};J-Oi_WlE=m%e)GBi2eccy z9=sppyke*3r`VhPC64cP$j1rSJY>1gvHpH7+{Lp2dA^eR@Q)bZ^v8wu-$A(Qqn(i- zyFY)3aP`kWk9f@gW#bDA*Wre{#7FD%0kk`v?e>dV!x)q-`0l)snM8dr;d-3y&gUDPMt-|+Z8vunTKs{0sng5;FmT=J zQ`Kv|jl}%2wX5FG@P9IJKGo52@d@1jIY7Ajgg!vK{W)Pa3fKH(cpr<^TcuyXJ$|2p z?R(D=my5?*;Bx`Q34O{zl;ai1NEtFYjZ1fI77C3JX_%pWoAj>hipcg=>E!yzj{7 z``5yCUc@V)Ul@JQtGx&M=sv`6{aU45{KNM^nPdDn?u9=5C-QJI`IF?aXE9#4lK)Dc zNI`G&;*vb#k3Nq2Y)bvD!rgfBxk(n!Vd1*&h57zbg8JtBsDB0iHtu(k$5w$qSOR~r zUbyBh^*S=<^90~W>eCNEZ~K{>_rpKR^9zgTRq|L}__Sj@o5|C^z{m8L{f2h4WiT)9 zD#9PEAkVz&J7C9)oNyiYB*(oG{r?uO;}YZboJ!>99)NyR;CcH49WVB-VZD{4evojR zn?&x%ox;^W#Or3JneOy*oH_^fa3BBZIqLo4;FpnC|DAc;<2zE9{5Ij{N#uS^qCOo) zK1cAEKPs1a@`3xKPW=P(Xlh_RX)9doJi_Ne*}8X=aILHGiHH-U;CUY_7k~duaLeb9 z)MxGox4NzSC-NL!jrka5oNa}>yiLXNw+zR3qH<|B%j;UU-^)?&b-_NcYzY`$a1cHz z-WNd|?@r-b|GNVBV=q#@_~&?k)JVqjJ9&uL4Q!uN?JxL8C!#(r{zrwo^(yc^;Jbut zyQ$aF-vs?n`5Qhy?;|>cytQ!6|4hDb(wzKe)k~boZfMu$#dGw@FdnOuGY>%@3*7g0 zuW(&ITL#w8$&SnWGJI}8nC(7HpXhSz|Ig+GIB5RdZ`k;DK8*NV@_CZBue(mTj&F+3 z?Rky<(^W6utGku;X8V?r&H&j&8#glK1 zb}i1kgdc02nI>H8vxxU=p% zdjAyk>o)SC;cw$Ul018n@0>0E zjB<%5QiO4|b-2NCh%@^E`n81dv=y%P5aII#!sMM)uW|l?{bWhTGe@|_A9)LL+J5z< zvdmiu{ar_&(Zba~8n};oj&SFbz&c?4+N)gRkIqG$FVUxUIn;BK_xYf8&$~~!>chOB z8KdlZN0dvP`9R)!mq(oOav1kJ=s!WY>SH|bv-Rg2;aZ|Iqsn5>CJhgE@<#_e~ z@2k0R^-niKgf?EEDA)e-`CU8sr+<;hc)b3UyjBJ1^C9dfyOzQ)7Lup=IUw_|bOPpS zl=mI^^l2*Gt&`K>WAmc3aE&t?I3A_Q<4KH{-S=4OM8uN}T%T_t-1)CZ9sbC6A0bci z{cBX0=Pja7b{s}_8TALrJ-&Z^33;_*^eYv(pQ^cVjX%ZXtnF`KCl7TgobRPVh(FX1 z<8mwgA0*E_f_Q99-x03;ihqv!wD)1Zpg#J6?;PxSx{vzAe&qQe{o7YWUB#RBaAc}1 znfmH4T;tEZhWXwX*qcrLnm`>crQSP?OwOl%n{b`K!S72gbrR-Lv@zPXI;kt%jeCc} z`n*QD_V+U6!S2hNNqxRG@{r*AuwHnWF&zD47xhuj7t3>~65E_#pir8IpO z3)giu6nMXNE%mWyFpev!Z&?*S;r59CQS#x+rC;$cd`GO#=L>iFX$<|<)Mv=kf5QI@ z^77T-ljQSkZCrYg=lQwXp45*KuKtm)(ceFqhiA=aSz#V_2-p3_3O<*tC4HJyN4x%m z(A#`}fjqPX-1Zxx8fZ6s5x7sEj>0t$9-kj>=ll1O=lQwFF!dYBGd++8JAO5;DL&G# z1g{hJqJEHY?XUMc+Fe%$zgVk!X*Yc`eC++uKk1Vx1%57lD%XNO!T0g4UssW51J7j| zBV5~!zverKv*w$CuitfG2B%+kW^;lxhuZYN&UYEM8^KhKfppGQ2U7|#*qS`WOB%jQMxu=@Y^b++Sj9N&R;z9c2r3Rj;L&#!G> zzeye$iukR5nx2OBITW}bufK4O-{?P)VSYBF z4nHREM;;5@FC7=I^Dac61obPZ&+-0t%SleStLFj8!+z>dt&8|`@A;0{{-LFE%})Y# zwS?pKBK6U|7#GWDPB`ir{!cRz$Jc{T?n30#j%!ndt3KTk`q7N%dFo?}p||U4mFh#E zEP?zyM}1@An*V$Y)Th1ga5eS0pRfa<`$N9VhYxi^Viee2V<+Er|wxp+3U8vihmo5I)}d@Ui(ag*?vlT-)C+5pHA0(A|&Ks+V>%t>M#> zIT=N{|=f#@StS5PP6Y^>MnZd$czy87amZts*a{nvekz(=>%!lVw z49D9cT=(ajc)xKK>iRJty>GvwK3}mo>7Tg=ddtsO^oezXztzv*nq8aS`ns$ApbzGwh_4pAQ;i*_v!>1NP-7hyi;+24v0@Niq?VJm&QDwlTC zf#u06QO=9eX_l9o@M?0i~4Xk=*v@IuQ}R{PR2Z%OFm4wwCl$)UN*j;2-p0i zI)aa2{J)X=MK~|OS-gC`U<>%C`963h`nOju{;ArC$MSO*c_e|nHKBeTdHe(4k-Fsd z&Vo<27(VsL$0(OLqc+qXX^T;umHKz2l@L-x!~JY~%7Y_4)0-3&iSh@Hx=uQs|e})tAEcye#tt z=HoDg?=?Rc@ehBeF#hYwd$V75{d2Z(jVBRBo^5T}pdq=qX zB-=pGzw#=y1o!y72-{zMq+I+%(~zIxjQ_q?;PI2tU)w)Ftz7$iGxS!6Td4Q{!nh3Q zL_NMWd^|pPr6m2^2-k7<58*u5=JgfSho_#@J{sgH4=e?IwY)k{24-p^ylBfkyW zjonmOZ#N3p_3G8YdG`aV7a#u_^w;WtKYfz?{G+{J)~2n-|KC?1;Vz&3v2NIPzbV4C zo+k%BpZ=n7J@1eH5^zqNc2--e#vvP?udotp*eMP7pc2{w++&d0c9`8`T@ec&?T+HU+NjIZTqiE^#aQSi6=d7?e^;iibw{7d`b-n|$X zJFgre{8;(CkNVtD_*~1BSLy(t{1t`cHBh+jZzu8l_(If=5w7(XE{T<}i2Nz~WOKeF z4avKAM4c?=a~(^O-z;4F8|Qfks?_t|RxbI;k3qkBQh&k)(1#n~_+sZ--GysB@$aBN zoBBIcuX*M?we!1u^!a~uoq4=fwkhG7{~;aaccWoSox9`r4F z>OpW@2cFUjekL0r{+4eY$n)IaV(tEpa?#IZeOFV9!>O&|fA$OL>?%Ycnh96?!~jHi z2pjA%^6(hMEy=hIxeEUHE5L2O*gzf&?4N1d2Kv#St5>Y2(9Q)tB}S zf8aZX40Re_%lPnl*6ZX0$diqbht}_=2zTRE;JvezYA^b^$?(Ve-3c9FAA29;gT+50 zTY^|-0WKTWA`B!D3^LgJ0m_e-d=Vic)kGK;*cWGY(xH-eWjb=PoC#s zSf9OIxR#p?oR2q9xVCRRTfBW|&_1#o`E29NE@xlC8@~tZVTRK?DqQnC!TSmLE6)qx z4FCOo@YCkCgmSS@|A~lIV?3V~?)oWp>XE-m`^e+4x9jL@JHh`@;9R5og}eND0V7Oz z>a3-`AK0g{-gw|Ucb^DXe^Pwksw{QBQ+?&rP*ZD{wzt4O6nM{Tf^hXmE|8ppjsHhz zALn`FHa?%(8TI-;a9%_M;Vw^lLuVBInX6p<@pyl}DtU!2@F&ZC0@sqCFI??o2Yg4& z|Ka4}BE;<;Htn{W{H2J4t#3nJ;lCHSe^N!bmK%Q$`C$F-3*j2)?AIV? zvD_NnP~R-?7ukH;UAfr%r4WbxoYz2Y6*-KRzE^)}zN4fo}^9%K( zfp!dchfaJR^46{&y9w8Fqdb?x{7DMeb{uj(#xc8}@G|*5-1lPZhfS(4{v-qMPZjil zes(3s&jkIvNVxO=L*&C9h4{sIR6yh?lqof!R`E?n!I zZUFmrv++tA6nNO7+O|Jil=p?S~52c287C zyEHGrFBa3@FM;}AS`z#Z+Gidt?tj}}Qm*)!=l930uMHBe{-?G;$L9TaluNl;-XF8} z-A#M{Tx5ui^F!~3eT?TOAzS2g0KLH@{7#~+e+CQJew_-u7oVVgJn)|TQ_989>;lxw z^1ReN)DPT8x>UI4Rg8I6iSdlmKF0H+?LOxO<)Rhc zs**Pn?sP6iJS{#0gloG;xDTf@?H{Loek$e{YnRu^!=0dWGwr=T&`+L#INV5HL>@T@ zewzO?$-NfPvH9*J;o85-a9m>gcpKGT^YeY*Dc7L>e(Ly>P_EtgySy*z75%yR`2VPI z)rs&uIE%x2;o9z@1L$`l>VK^E5`T~TvaDa9)ekzU*{z)AXSBbYJk0NI-$lNdJT?{e z-N1y~uUzzV^AI0fSKJwgzQ_8?jN<-H5U%Z&D1eUbe|Vkt@t-iFUQ`11z52sG7Pzl6 zi9ERk>zT!cuwNitXCE#I!Z4?H&yehx0c zA513q8=zdfzjsKv=%)uDuU?@3sQaOl7zzDz$W!F`=EdW)S-9p^nC~}Pe>|-A8i&C1 zvdROY@A11-WvPFUaE-$b#-TcSQtd^@=lzx#`IpXK)+d2=(Ko_1Zt?5T?slCxbP#kR zpJP0?@h~S`?Q^gDPTB77l^x7>=liM*r&pUiN^bFQVLb4Cir&Wiqg~#h{|^h-dL`x{ zo-dLAMV{;eKXYlgr+UlDvK?Z=X*GN^AKR&0rI*Dk!D6QTV^+Gi?5rwR2#4=@h< z;HO>3ohMxVjAneNu#7rwl}jFGc7R_){)E%v|M}aGxzq`DXzu82{_bb;cinrv;yq2w4X>G;`4gTs~3f9+>*RrwtAHvAv(fyTqm$u zybFcveal9H`QI))jX>NFAP6Z|C{s$h{j7{~FY9 zJreOubVEF^qoc!xYrCYE`OfnH>q{Qpj(N&r{;6>7?}q~SAHJl0@Oz!V3fDZ0J%n=C zmViTkg8t8dpSI3?k375-^|g7k)F{|THX?4;e{WDO`pIjcvzql?Py6r-u($RKjfQ=E z0{l5d`*!3}o_{rod?2|u5jvNXpE?Hq#Ac#gYnOy_@h7|5cb3g)|CVr#bNEff)5`sc z_Nl=4Q^I4Rlj3{IHaHKxNf?d`Y))x&M$#=X|;!7pRZ7S9=uw(`k9yn|7%gF zr*J)oEqCrHM@o{9rhSUz`6BWS)XyG5d(|QTOYOynBe$@@N(c`{)eRx1a!j&{4RyW9q2yz?0Oui}s-e?CrXE zwsP?^HUWMX(Z2k6wlDYpSU+kfT-!G~2|D#z?t|pvi{bxwP%id)ez(ZhnL~uD zPH_LsIJ3VV^|j~4tI0FG-!-cc4po?leCr)pPgWML<$B*?UfaQWt(9;s*ISQz*?ihl z?WJA9qu{^Yw|Sj9v1#z?!gHpUc}g*5+~8=RQC@ zFQU$1;o6UG;{7q}7thc>%6;RevtRhX-OoQgi8w?DV!pQPg&yRoIq=`|@O9y?T>{?? z`N4DwQ7?wmJ8LrhkMxF4b^3psa*1=I5OKEg*R+s2xv8+Xaq<{-GFj-` z{odFUDA(T#ZgKd8JUamGZuwR;1@@`q=ywtNIZnCw>AwzcIzP}p&V3`6&mEtHeQ-b0 zv&NrBoZqJY55hH`@v7*Lw*D;j6t2_f@Z33g>v`9Zds)m2m8f&4aF?Ie5g+{4^L8oM zeCB;W%b!c1Cg;BW`>4~OJQUb(|CDmce}6CHY3=o!aP>bt68=vq2ce>8ke_D-(RqC z(wl{PWlJE#@1|=-9vyn&)UCO0v%|1)bP;=tpttoTgm-%?+@-F_jqm$qU3p3Kacoi7lGJ)iJ8hpC&T%| z`rTf$zZWg|82uSBTm6*#4}s^}bA)UBJ+7ad(tfXU(T}(B9jQoOI7j32&wte%mwf&K zqGn0GZ@DZZF$T@`<{Vw08W{UdgTWf zkLLp8yuVbAaV|d(^L{jN9@GuOwSW0vApR3+|A=sHuh{9}w*FjA`}ju~C-)cN54HE6OnCI47oD1ed$G;r)dY$@>g=@K~_2{7`$Oq6q&;1*wlOc~hf%@9`dG-S6do$su ztuG8+;D3kvfS5$hT|h&tclnz0h~W;#1~jl$%`#K85xj$diHf z;funx+$g`NS&H_{)n5JF4xMx8XW>Hd=o9dNI_<9|_Zf!)))UTTh$T&qepNhZtK7Xufd-P*9q1x9fYgB z$9DYxd4xQDUGaE&i{YogANgSUe}i!KCm!%;811tqpkwQq$!afgi~a|B-h=VXsJ-aq z`5XjMlILhkP;PV&;=GjhJIP}_*BV~Q`gtk!1N&a$!c{-a=b=T^*+QOv0ON_}$@$Az z?zQm0AMNA9_4=jJR?IIp?>s_#e-J#WOZ$!FA?|0h+&iLNxYG_ zpSh2qbDTP9wHNM9K|6L}fW9YB)-2w?&Rhwda9P;DNu4IbwZ8rk#M9zGM7iiE?m)SH zXn)lz*hjX(Pa6+MDOZ1fFCPER!qxvU_tVB3bf)fMygtEHgxqi`J$9|~OG9dKOkUvXbV4CY>y zwa`hwQM}zp2zUEf_+9u$v|q3G((bXq`EqqKDEFqo{=?S7)z1*u`Q@lHTDZ1vawqcS z3G#X5F@C3s;qi8n=XoCW&$O?(4*o;~?^X39PnAZ!?7HcF;WoBV!u|M)_K`yP6Xq|g zyv6!HhjG}}`L`<<|I^&Zf^6};>EyAAXqTb_2$g>u^^I}AnZ=>KaE)iK0m`-O$B)eZ z8kEagct5JWlpCFj5y0Zs>>cQ&_&$z}V{a+f`1eGv#_|I6O?PaaKCp0`uPFvJzh6)*zjt6jC!Sf#MAPjHF@rKaBHtV!u2|0Kd&Qd zP=AVWjYBf`&-Np4{cT5-(!8FOkRI0k?J9 z+vJ&v$iqu$|CewrH^uY8E+((>DR@3`{_`cmHJ*OpJB+<)@2AlpUuC|n6t2&el7V*I zpgIztcq_D*_0#H~K|k{nxZP)n3s*n0_qT8!hS*@s$n%xZe@D>&oz#i*eH@GPQRDmI zr(H+a&%&S7O0=)d<70(uxv>LSCtIGRh3j>3o0HqS63ze5Xdj&Key4t#+kk$T z{I>Z0hnR4UPb>|8Y`m)aIpULLz0PNS?^G`K(ZG5Bt7xAO>=WB0T=Ol&wEdHaWO zt#33i?_97^{XD}v61dKKK)5USIWTa; zB!8Ut>0fBUA#n+Qll#4%+ zb%?V)&)Oqg%ME$R!olf7!PgN z{5joQ9ynj79_`zUem+E=<^4v>pQ>M?UinJxoTc@?%rgOsATJAspo$0uYKUEN)VKlj1 zxcU=*4tZ!g3&_1w!O=RNcg_yfE5~uw?n^Wlt~!|n@~{^5A1BXlMY%R^Y!j||elU>d zJ819oxu@yW+sSyohB(YEKmj9!Yq{wK&^Q0zCr@^O|5k2M4mz1L&@Q{nK&PQ_>(P z70;`ig*$!vZ~89@*F3D9D{lXZ(`V)X_TwAsB<91PzWm+&yWmeau%4MDT=OBj9r@Oz zB>vzqd2);IK!`eLeFOVgD{%bR^X?U{{VRBW!ehd9JS-cS*S1h6Tp4~AQUCPah(n0` zdo9PBDi{4!Z}{1d?b4t2sfNYlzsl@ShW!HCAEABhN3^50*Y)2r4xeK@vHe=3m211# zfxfkiw+B2mxVX-%!Zi-LACaHmvfPcrwZHe`JZS62gQ_F;ab6ET!#G^~9rW`V=-Ya1 zws4CHP2G>>YA-teT=;3@aQ(gDY3{qW>xC$J^c>{5y+8Goa;a~Q{joO-d5=8RzIYre zeh>ZFW6-gF+KJph1pWqfo>VUSS$@}k9r+UB8n?^`&_Bw!9imQx-%YUVqpClk+#L6P zMXB?!a?y`Jhq!ekUr+l8pNrXjrz$_9e@$J3{$)DDgu8a(eW$_H$toB9NMN65t$pA* z-tV%!>M8u++G{ZF)8`kD=PKozKivOw3(GD46XFxxKUQ71i|2LFnM3<~gzLDmZ9D2^ z*W;_zUi6dgeP?O&&Ti@?*pDpFYy6Dyb3x#K>7~L|C(re*EMwfilyZqrqFwQN?Iuso zLcg$>T=EO-GdZ-Em3tp~I`F*aQ{ncvC=vhtM!44Z$d2OmE!+=3Q+epyyw*~=_?dg( zcLKJ~f1LK=pJ2a-gO=s|DasPy%z%ez>k^!^C;KWX*VB& zzP|wZGl%+b3DiAD04!An-yehxZpTK_UX2Ny+-^+a|=Kn3iwcIGzMdexU zH02WK&@Pl{{UY=`c%J!oE$w@gXX_$v=aN6ITVd1RJg9Ajs)JfIwV~EOm{^F9z=D$hJUC(|NPh1acN(^U)hr;lgU%V(C+t@z%SMa zSN&|@{^2&`Pa{6oFRu76?7bz3vyBf^g=>9h^4y;KEcYX|m-b5VeIm<~D^ zFzxFe`}cTu6t3e&Y!AjmTW=)PUUYJI`c9z?`}+&z5xy^G_d~Xk`#hhp9Lqi9Pt?or z0e>t%KUFUJ@hiY<)Bb1L$6F&mE0TBk3;x79_>K%DA4=|xM?01!f1Esc-(b0LZI?uI z=v$l{9S4u!h4`DF!s+86P$em79Kwu`qN_H|jnMA|2L-ksf-{!Y2rCw_sB&F@zhLML+s zakG4$BwX#I%qwfhx5%?EAwG-gXO$ALkKB*(&Ej^OaP>3E`_k2DKa)JpbCzuU{FFM$ zwZ5}#O#7U2X|E)&XDvS~mMrPwJf7pE-Pda1cx5lgdC>Bzr*PFt@%&qBuT{#$&-ml0 zm#w3^l!E^`=G&L_r;l*84-LD@5%hY`+d=NtL;DV7y9_H0`@{|4wr=09T>J^MU)cOI zrVMztKCVZs9lug8xj`|Fg8|9L*wwsB)V?Xy3^zB=u9k|()u zzYclpli_E04eB+PypM2=L-JO%m)+-l!`aj5Z$Ca3?$!z1M`z>Auc{+{=D6-U#J{=e z6qK9$6Xo_Ke^I#FM|r)_kbIqT@h9~)+QsJmil@Rpv;_PL+7A$}>*3I;xYHFPe^|J- zS7ayRkN!qZ(kM;)vJPbOddgGYSYg)!c{-Qeo>SBd1o)*r{;Y>rnxs?_`j_`zoJeea6MkP zD(dC&evyq=4=a~)J+8Mc&%M*YbBz#B;~mITTnE~?IzhO$W3CnY*U&Pkz!KW$)6nU{ zdL5^IqI5e)Y+OC-bmUbk@EpGu`6W5zn~hgj3)g&(^SdFHsQ-j;^(PWI=lM(^6F{wk-}ZM+<#kze7bP$zgd3w&DuS!IuifP$yhI4 zz&!kcJkI+Gc7OY#YVapJ4CCH|)E^~W%Z*nlKEAz7p17=~v$THkzUoN1;RnENeh;4s zoor>a*AVJoAzbaFFQUE=kWZ$4FrEu&ALmxf%e=hpPFzOstd-31j0(-mf7e7n< z(fIradBSewO;@h=f$P~N$S1MRX@gc=0N)Ms&F0u z8}T~A#-$IOJ&peM<40#N&!Kp}L72ZgDBShmB=Ua@d7Bz2H+X#%7q0eEo>Nzv_6wCu zee>hdE=A;pMc_W4zgzp>p~Fnc+NQe)g{go|pvx?Rsi~a`7{9JK_^5fI}yo10H-&v$Jr$?@>GO zoZ^1r+Fq*z?_EwH-xnBfr;yJLJa3vN+~q^yod1u7>%2dY*EQB({-AxD?^(wf&yMFp zC)*csE8qk$K)BX7&3W)#+CNGATp`A{j^r!UUgGKTe75f7;o9Jls}N6X_dd!+KX)AC z-oQfq!D8|h``2sK*)LqjflT0ht=}D&^JxR`N1s#&_S*vICN&nWex|PWowBw25aDio z_z>-TI{isHoeJKHK>VLp9nIURh#N)~&wHEtUf}!nzmwmi<5o+B4xxhD#DaaaQXnLgeC^4PP8XK&iC7Owdj2z_@)xb;SP&_gO_~ z-{=DP8T}mn`Wn`EgmCpI|9f$Nz7?+J=Dx#t9-~gh`p}PZU#pF`cL{g*nFIawA@bva z^EVaA8#_^(2l%v1pcR9!btTF{b?y&>+AD<{Av}!DA(5c$CYc|_CdKeZr|JhJU0{eQfJpapG1pE9dX_xQeVa9DzeTv_+i!dxVfR~pH~YZ%STDE){%6Y}{&xT85#{24nBT=S|9_@^ zu1oRw48Iih$~W+xC${cQI!@>Q_Twem=du{_K4d=sDBR_33h}h@?aD^*C&v9naoP_O zuKlq#&jqr$EfB78j`MzC36{N;I+@>~Z}Ua9%U~Z3>=SDv+~pg;r)=ZiV&$Tr-i`iZ z@p(_U=Iyw^cdWjrPK@7QuzHPd4EqefKVo@4PPqD?TZn%23hTR7xcU?3InS1#b(_GS zR2$^aG}gDDaJ@e~jOXMRkv~oQSRuxlM_7SBgloC^%h4`lX@BzN&`-n>w={W7x%iV@ zfjIPJLO(?N)Sd9BH5(vHo_rAb_7HW#O`(%3UpxF4i=!|k-cLAdHVx(8`05z!E=@@fBFhn|2y%$DrA=&Yarb9 zqrJW>@zg>Td|q4V_@5$wm{#8X!qq;*_X4ckOWMKz5ec~S2TYGgD?&8Du6AP%{mpsjLkIkR)%7m z8O5TGslDda6Npa(@_N^zy<$9fq9l1Q;c6cb+?SY0p5^#&dGfaEXufqt{tu5m@nFjt8id=6UinnTMlgUeLJp z+8lTGwdv1{|1n=I7OwMDD)8O;kA!O+qC0%2VB>S;>)>aS_hT)8dXq=^UWT>xQsFwk zXL;WqYI6B3+}&pzgPwII{V&-O`mtX*|FU6580Y+MaoeO^{LJ2q_OgT>Z_l;uCejwEwc|i$2=fh+dakcY99S;d?R!sJZHwn;TOm=(~yT1 zX}?Ff`XBiid29Cv{v;1|Lw|pw4E~_oO^m}G&^ettBb94E{n&S;Hu-wtE;vc3RJsNA3VwI*0`hztv~Q07M1^Z!d3^82;xJmdl$&ac za;MOKtJC5C`P+|u)QNY3|4-8YvpXX`e+Ax0Xhohq1#$DKb&GIU?jI=E`o&AawY@T& zFCw&mi}o?@->^7e-UaoF%(=>0E-u6$yeM49f!X}N61?@i{c11ujdno$+Bnm=D|C`P z#|GIb->nv|I@?Zw|28ii7Os9K0_VP-(G5JBLOvX${}&6_{<1Bw&!>mlYy7`Lp4&Qe zjc_;4@VxHo)cHfW=3ym1Co+Eat+0>toEaM@7bq9~aC_e=G^EZk@)+L}vFEehZi9Wk z7yP&9<7wsEE`fD#PPmTeQ@J0Y7xjM=?)vpkQeLKoc1m0g5DO~HDVts9X zd6o9Dz&^Aiv`_HFWBM`5w3B_e%ahvn$7~@>QDGQaG&MAOZ(I~a2uC8^n`uz z{pFFuRX-NEeo50l$M0pApr1dGC)mE7$xph2`s>k8SCU^Y-1)!RcjP?s2ZU?CSQxmk z_#|~=2N7qxzWabW9^X5wMx8QuLgxgY>s5+8BwWi)Tm^sbCGW3X;ugQR`1rqt_K{Ao zxBgi7F4%ibk^kRN=MLqfA6xT=W3SfMSlYO+hgSUUwo%*dH$qw@zbAx zcI?V>BX>h5)D3=G`>qjgIZspfW0TqQIi}6y<$FUv+7J3RkNCnhukv#c{}L3tjrJbz zpIdx>R<3bw3V*D>+a~}z37BL zD?TsJ5w8025?oOfK zv`;Mnw|4)}{m=*B4-C7!7rzO%G^xN;D9obzUH>O7)cf~QRKQezV z9s)nJd{5cN(zeQ_zB!)5WA>|PA39XLUMD^Po%|Wdx1Z=w7vbtp7d}5NN!~;4ML*pF z^@@-$CQlWir(3zdkcWOkxua=cV<^_W$xwSo@LSKjQn*|1{T6rJ^01e1ja#@b%H2Sn zCxoj%ncGpWwaZV&>5t`k?P1V~1ojuT6z<~2?@pTiI@%{{qTEyg3jUGyv3V%h=7pxi z5zlN5#M9bwsB-bs{~bCOpZ91VkAt5}{Spt-pG6oSjb*nvx zdV@U9e)k%64pAq>=ioLDUpEpu(fiUkH85*@LR-UglhWgs+OxL!9MS%Lg1OZ}{HH_lv% zc-p?5rlY}AE5Pl($5`R!GbP-QX^zV{!0)-+KK$2JNBqg~+?&qq81=@0`#cZ9^5+rq zXa)3NtMA+7`C;(K_+R8OdO1pS{2@QcrcJALj~v31~Y)QLQca%)qk<0H_CzEr$FzAjvKQY(FD zY3rrkw9oQ>=9MhB-ZZx3Gl7Vwsr_(+(0`=`qKif^9PGDXAfp8tSQ{3+tqx~Ir@0^OAa#}sSO0U| zM_rZtfO7FO#_^;B`PoVMnGbw7}=gse6&n7Pl&s zsUJstEI;Gq`T5YtDCBw7o`8Lf`}Ay_x!(99wEH%WGy8>WJ_ny?Rh@!3M6>W`a3P%S zCS2Pw(-QuSWgQY~uW{h@c$j=8?ZcDM?n$=qHrmJ9!G9Zvt30XgF6ZC!K3j}Bt%Pg4 zq?7Q+uGi)YSAUW}LEq~8747r=(7%RJr^8bix7YJLSi24#EnIc-k3z@dKi%2O^;+P4 z=T*Wr-?D*xdt121!RI~!Yp)?sqyNSO`%6a(*Lr0F_jMNux4DL{yC0irpPqtxP3AA} zeFpw#7x|7nO8$&+^~dA7)arG~RFs>Yj(iwG`$5Xp|A75=;X3~01N#hj3D>yAINp|^ zPQ_`^k5ofEtuC#EYurk5JTd$B!c`~oy6+Ss)ES~W>JRTnSv*&ghq>OcdFO;@q2s-e za=TI|DqQ0n9)|0q_2ko(i+&_f-@m96<^8Unv~NEh_L;!-=33#Jw^8md4b%Q-;aaaS z?-SM}KWPU2{2qRmX1};axcZakbNR>E@0OA0H~CKC66$OfuI&=xew#4)4(exkPNS83 zoH}8?zlLbYIi)k?IB!_ivd0 zR|wa9XcM?D>q7hF%@`kS{Xa{%#xs}4`13OpXtmmlKcT7U7q(8Q{v3F!F7n)CoQIM} zxxdKr^IhTEj#C5suPUaX6XkO~%eTJ5HU81S_ebuhee5atW9ymUl&k-rfcIlOuXvvR zUx)GS2J#8yDPGrDoHr;Joye7_*J0Y1n+=`JOz4>Xt;)qd83nibZUpTkbD?8#UP&I$ z!cWu53wQbaCi3AB%RPM#^kW{{Ybkjb^7M7 z^Iu2dY9HbL0b5TlQZD+jz`pu-oQ|x20{iHGqfRW)uWP*s{qS{&!#Q+epz$u?HZGm{ z63R_KjW}OH`-#Fe&pUEIw%xB-p!VW_j{7%E$DfP%q~1c@N)$ml4E%KK9j)V30zK%Q7=T^eqp6Q7-Y!-GzFUr~OIuVV~kU z$NU+oT;tF8Aga)QweWvy#|^@@-_7IxAC&HS2mgnC*#*##G((=8!uVXNT>TH^|I_4= z?r5(%^rzm-un%=XK0inPs&er^^ff#=kNO=JqFoZ}5y?fgzeBi|8=r#sSR69s;S6+a z94PY&bfSC@s4{h03fDM<*)BuKhX_}H!WY8-8sxJ~X94tW++L^l;!i4Y9q}i1@|*{o zQK$VP*!z4QQHuO!;hMKz;5#Wxg#TMRzNb3kXM*2Hw)y=i_2XB;Pm53VRoKUQ4y5Jh z67ukV)YtlTwKV*U^#Hf=YAU(M{ixQD_L@DfM~n}C4RMZhzrDq6z3_jl*LLBqUL`TU z+5GjJa2@~Cf$yRoQ+v%r_R}K9^TEZ?N#6t=>v!vwYySL&dRcrbEMd7@kmuGe1Ia@J zaHVPQHGeDI&5wcoMaOBMy9?#ob>eGF;eTzOlUAF4t`n~QM7}_K8Q&vZuNQKBzx9C< z_=9H4kSEmw>$=v$HExl5@Uv`5*gr}81kdRz%W_{8uKxRfpxlB2{Ng>;k#b}0;eS)w zd#|&;)eyHP!^CH1o~uYp;NQ?o7nl{JfVu5jdx4x^UNC+@Hy?c^S1A{S^D7 z<#YFy(9aA-K3IRxDi`}a_iftx|Lj%ZxdXoQ{9O9~33)8Af2_)C_>=q-@nm{>QQ@i| ziGqJbou%Z_Le#f5`F`pI&m$`TCj1Y6&+ZE0Iu0cH-If@2deS~K0rj0hzSVeOzx__- z;-|;wmF7>CHRxaSdA(`%I?H(A+_1}pyZH0E$>Kj&x#UUmFGSwPlNGf0e)gS*HO)`q z+P?W^;I{59T#NO_&aJrfP>J?u2v_|SzvEMyyd8PI8sco@_Auc(zpM(>YqW4JH})#Z z9Y>u-sw45q^@fh+?G+h}=Vf=ton?sjU4%RP+2}8W$zLW9KZ9|@)?=5igMEzW-Pyjc zmCChVoJTC4?cPEhss`fFL%5ck?TCD{em$2wzZlmq=Kr6&)@APmf35K1Y9!lY8I#j#wO) zzN_tchL^1~%5jVT*TU7$NH5ga)<3P*gQxjDvc?=Z7Aw~{?1%mfPR;Y~dk;MJ8~nGt zdQG^?la=6esB>JnuA`D)ARnqyr|5m?L@t8;S_*X(u6fupa6hLr`J_O8-Y#6r4Rifw z_nBuq&cgooVl;PDvpycO%!?nC5Tq7M2U{>t<27Ors) zy$4d{)I9H1^8B{ujzq|hlV^SbxBl4tBl@!#{3Y5yMV_F(tyk0J(F(1dAYA>AHiSQR-7!tL#w`>$fA2H37yZOo^miK{s&7Evp3D0@ z41?EFxZ39i!`{~CQ-y0g4%t_{|1J{l`rYrS*LDi6bM_UyRAB$uH{`qc{-DiM{}rzF zig!djZ5>trbMX8r7$0n$ykEKa>HUUsEpPXc=lC3as*ARK$7dtjch^qzQ~68x?^faJ ze`2}s{=dzq4++=tD!l^r4Z+-7PJ4eC+V=()`~!I=3Z0{6@CRpZQvHAayI8o!v)9|u zxB2vX;Ti{z`y|KmPe&V1qyJt+zQpNE{shi9-mLZ#pAh#Mq8E7H<(t`Fd~Sj)^1MF6 zwcIrKSDZ}!N0e)v`JIB==>B(E5lh_aChP1y$xc09@fpI%V`|LRMT)Y4F znQ-?Ug!{P4Qs+0d7k{!b=v#kzek*uBus`qz{GDsOMkWs*LEBiIQQcid5q`wglS*t3&y`J{IPkw1$kyK%6*ykG2xnr z*Nxt;ZzjW{o%{Q~6@&*Zb{@79n0qFkMjPQ*~f%y`*vdgviun+T%XG?-Hd)`8 zw}pjp=)$kyPig@Ag{^0vRxUcRm*Kz73#){yeyp$W1oEuc_tXjTxwegaBff@y_9xhz z{xsoEXDjmI5OwCMz369n{*U?pChgN-BhC%1T$ycHBZI_=GnW1tDouXkq?&VyM()S;}+!qJnEmfOLXMi-Fbh2+x&Q) za2NmEp;JWr%R{dZG}DQ~C#v$T(MpL{v; zt->|V*Yf=li^E@PFFKj$&|hqP=<+RimhWFYNu3wT(<#JrKKXv(+Ah7mDjt7-58{)G zz<-|=p_+B3*A{O+MWS2|3dnp(WR z9rr>%#ylUxdQBt`{Rw~UI&_C{ZTB$0H}MwjL*LW?z<$ME!qwjU3UR=w<#}VteV!L; z<3ox(_6h9GpN*<7I>GluO8fxsZH1qg)1Tqwk#E5Z3h;|de`I~H1)od%k;1Kwh}@5- zh3mMze;fLXt>|3xgM(LU8b!`oJSlq1$( z#t8p6e_j&q;=u2ZkD$&j@?15H^FNVa@DuEl{SZ&f|DScLSZa>P+XHl-js-bWfpJpicR}RFtE0=QPy%7hSUzX86#`n}LKL5$n{sFYtIrOKO za?NM%H?w~6C3*J0DA)3&&H>n`8$rj)ZAKpEcNy$CR43))XO8El-ob|1N*>yayfr^B zI|%(K-{UJwKcm96-(}xMeQ#vD+^6;$hh}I;^XCA$&-aV1UHbnD{lq+!Yxik$%2g+D z4)*znV4n)y54oE>b`Q$6d4GX$^)t%r)|&Kxz1oX@q%GR_Ao(eWp`Y!Al}taz=RxIS zpXB@0$ZF3k{TsN?b3UzJ!^v}ezr)sPpOL5QA>VBLto=Lu%#_2t(~JJxAYAhy#dYJ; zCGd-dv`-&HCXc249^pD)ObvXmx&9I8_l~sir>wwO@6{(@Y8=7es(9nSGcxUgyW~>`B?IN7uZ{z zX9-t-7Oz21!Efa?7PXgh6C6)$Jz4WO@^&8YTUve&6s~cLy@dE6i{uy$XMct_Brva4 z_e!~WXL+CXk;h{ydET7U$c@vumJZ*ViM+qr(xmq3kc8DwlGz zf$#NPPzF57^`!YTNVxhF4ZOGVgxYJIUqyZG`ga3)cqHbLk&I9EvanC}fjwUbkfpa(q2-k9RU7>ID z>15Rrp5pr~XdTbHRX#kb8IGF#t1AY9|02%NjJLAmH8EDU z$5{ zV8?{3KMC#=wPR)Kz$`$lYBx>C93C+B@@uP24O_yoSMy@Wh<8v2FJr=L(i!|xg( zs-8EuDs<9Gka29APsrne?=1W-T;q^gjP@#`{SBvKUGYB8N9sjBL%7UhW5KNym6O~a+YOjU(NB#Ui>5U zM{C~}!Zn_`#?ZHV-6mY)AD#n0hf`+>?IZ7E-dt0FUu>a$p63Qwzl&DG_|q$JALb_E zIxmE>XfNwWD}`&hX+8(BdhJp!ex~>y1k=_#`ApbHzkr{1pZPK2_P2E1{di8e=53t! z|81Py>+GezJRjTg@T9ZQzLC|4TWyLp7p{ILlZb=$-+ReJ+;`EP_TMQN|6`ZKPyE;O zjtl=cKTkay?UHW}{n=J7d1^@;N9vNtgsVT9mQc3%KSiGU$#<5uX#XK~g8P@grG5Sp z=-9fkZy5TqXbY!c^WgK!rCymf;0>w&BkjXSpkw3J{nc5oz&Zc3jBiD~tiOLDT=l)C zSQm|E!_=t(9zEE~m55b}Tt|?{Mxk7LpZB36_#fi@ZsTO#n&7d(I&+|K?HAd1;7^MJ zRBVab3(vm^ebn0Xs@8%|WFj)k;(VWQ)ro!%%i9>A*~+E8a$h0;TT=hOrgJsQJxKdD z=RiOE3hYbL{z2h-T@&Vc)QxDrnD(*qh@0KNYH%+6iT#E3n6=lf!gZZ+A)l9ps53yg z);F2KJjn2SUntjnptOdZ&V0@sOM$^Fi-FQWYra&MpSi1m>t zg{z-K0@tmtsJ-~}0MfdYyA9(@ovYO={Rxb65v?(5c|9seoA4ME4 zVfm}%@e;1>N~m+LYv4#f$vWpCy$jw zKAg*PFRI6UTL}Nlk>4m>{fuo#d@K&nE0=P^^}vVG{;+VDR~s?zCCHmz0Q+oD*k4Zm zVUq&)esu2gQ6%{Bm)L8)()@l%$+fE#hzOHD9^dXMRB5rWuFE5%7E;l-q!% zyr5j_mF0TO>UESnG7a%J9&G@f_y@)F`E}uzV}Gx}hmK1>ea&}xFMoNII*|p%bxvvc z?>e=FtDote(6Q^LG%AJ}y@acN?g6yd%?0?yIN`d^j|R@4PpXd8H{1mE zvg?JT!u2`Jk#k2m0UKvdxfu4bsi@ajmV2RaEjPRX`8?Asu|nuC;(&POrSLz|54Rp4Z(;BT zIWGN(_y4Wj=g2ej5r4ZswvPI7&YRYM>ota-S)R96mW8wvuK5sJk9@Ovd5mzEKYUId zru_u!#JOLtEBWWDBlXSlInK4@4V!>xh9V9&F8xZLAAxqU^>(An;b-V)^p|%zE-e(U zex`OpXEycEZ3^x!hrQKzBzd?l+Hn=_mkW1!dp7L9B;Q2)SOfHzu@(6L;7>tm8frgJ^Zgu-dMQW$9djb8S=QZm+vKgfcY*)K9%;F+3;sE zd0`8U+duzR7Owiy!1ug*I{Sa#FB(gGZxZGaWU1W$C(l2GJY346(k&66Fz37B#_=0fhTz`rM2%J$|Y{G9}$7O>E|rk``5!C)2Y-3_7U!juyL<5dG-p} zW7P7z`fU-P?9(8xuwLDTJ3qN@EMmD2lE=rR|5|b2DI z&@P+F-x99lPlof9<=gkP4_-$fCl8))d|L$9_^S7>>F<@Ty@fXPE?Ne50Z!Y9$Y8#jB@cO!S{V^Jzwbt z@XS8skL7I#;nt>R=H-NN&7XAOe(b}- zHEtoE=g^gLxVQ`3@ngito(FXjuJ-Z3{hTGrH4aas9r0J5SF0=SHz017SDneTkAfGm z+|PvT{fB5^pZRIspp)K)2-Kkcz2tH3m$r5}NS@=luXdm6>|3D|X8*PEaG`SXKOQ)b zD@Xg>bEucKOVisB=jDMo-zr?=6PsN;Pv(+`1NS8gW3bOmM7!U}dRW?=b{i`hP`>MUhpYgQ$aVB*lf#=r; zsT17qeZrm4Pv)Rsg8G+{hk4y?_dRYCuImv0U5vC*+9!l-y;8i7XXDideEF+bY% z!hi09eUj(e&8N;Va&G|QV|o5x<)V}1dqAaVe||6ML=O6nSi3wy?(;dU>6~yk{Lcr@ zBRW;M>Zkd9#K!7I!v8HFZl`^C4C>Xi5DvYpT;kvlM?PD*vEI=%=Ns$BGg=b;^Cd)x#4;J)jT!nM9W&v`)BdEU3e^}742 zFLB*!`&tX`g-)F3kKIpyDht>8#`s*LJNdh`PyC8{m1YM%r4P!@&q90#)4siN-Vg6b zzF4^CTP|=e*-GIWxBMrFPxV6l!7l0qzXSM(v#03aew@;m{si9d=qlW`dtm?GAhnnJ zW?wDdzU!zHeda2sj#_(Oq#yJ{TYblCvh1jG(aG?+Lv8YYAiJx#;Ak!rty1{7Cy~1=QD`Yt+3D_6d#~ww@fK zTd%ir5Ji_&x=`2&O{v1U7ZT){h^`+bpzr$tYQq4gq*FOq>Y`xS% zxRx8@JZ1MQ-c>I8@&1U+3|BkPYc!ZTyso!)>_+Z|(Z4#D#UG3y5B-34G(X=FZn34b z`>{>!)gN9LH{&n&J9{~wFp#(9hQOaV_n$CLyyn8SUfI6I*FQ689|@d`o>qIQZ-o82 zI?Mf;IzG>JJe~a4!3B~J|NM9T1MnwW8F9Fcd6E{c<5D>A++jI+p6BP=^+is&`ky)p zI+iERhl1yCZte=dfG$i`F8=3lMgEUqxpxhNePX}wEG>WD75;DY!hYfEXCwMkmHJhO zL*J{0cC@;;RjzT~2!HIl;6dYE!AnzTnelz_$HuE4s2^Ja`v$Z>X$0b#<9&Xc$Ilb) z+Uo@P^9FzMt#a`vGPkW$Fh5H_2%X?Q=d*VJW~mL5#v)XfpYVKavKWQI6TX9Kk!$cH%z#T1HX?ml=^Qd z7e7-kBMvqW6pmt?ze2lMf4o$<+t1ABvzF&0g}Zj-xNZ41nL6nvh+BgK6ud;alpAFp zmf!`_r>djz|J8SfwjO?9H2m>6o}57cCkfa3KKvC%Y@0{c2-p0N@w>)h+OH?~0_(s} zg{%L`ixCIAF8hVtKS=86ATW1J&?Rz>h=P>Ozkw@40 zj@bCndMx4){s_Dp?WYOX>*(b9sISF&soIPGkvq}iHt!#yPJTb?HJ>^yAA)}NIdB_K z`U+S76TA;*W=!hW1^h(F#HLR#JqC}%bh4(_5IE8^YsG!VvgEN zyC+_Oj?KS~9|6zZ2X6O==L=Vz_)h3NNc}ABz3!-&<#Vrb$cIGWd+2?IYq`-qXqOcw zAyocR_@85Z?7FzWa`ltf*VeCB(ca_xT$Sk0m%`Q0(0urLN+Eu6-gxNeZ$i0)7>8Sh zYrpV6$N2CF?H8!M@bo~`%kC%K_!xM+o$rLLzO%?9+*fAf-df@6PjJ8D7v#a~-+~G7 zC-MpWF`e^;t3TdO_+!^!oz-6Sqi?_;yUrb<_QDfygEw*BdfwyYeqfyZmim#F7=I4Z zzWPMQfzO>S4+jX>a{cAS%YBMGxNmtWd4}u!hSdL5_0@mwZ#;+Gn*@FD1^9CX+v^aTY?^1ct} zBX%QikJ?LolABR(C)%I>1bFxtaLb=NgzNZLm+y&~&Pd_fzPZjQ_fhI>RUP4xPzy&a zJ{L>@PyP!1#k3zJTy?_h(T>B(=aWY_K&Lx-R=Cb1ow%Re;`5v8OT8lBL*Lr{z9&&` zd=~tCo;q)l`y;{Ukym;O{sf=nTp(Qa!*iiOnf3$7{fCfO7XOdPJ-!EF<9WTO8MiFz zTbepO$fL{P&%y%yVySQ~*W>wYwoX3n8PqHK0?Hjy2>U_8HJ+IZ!FN+@VjQrN_jfHFbdhf!%6#Y**dwDL;b7NxU>xHX7A-?xv*GGG) z6FCbyx6}TTX|RuML%ZAkiUGpa|5RXq<{H|kxNq6kw_mBfl6F(||AJ?+PH4pY z$(BDi3RnAhEBM2(d5RO@J@>Jk zM}KP1guQ>zcf{uR_mpcMa=(H3(_j|tQ-g|^`=#)I8xQxZz3BLX`=TwM0}qdcj*UOB zk;ktBw{nk?=ZBzuEe=68e6#pp{5*J$?QY}P zRN<-<<@)(%>a0*MI_Ylc*Ha4ci*2eS_UT_yE`IBIr_6@FKMD1+@v5(KvCj;Ly^X7D zg#TMScTp$D>sE_f>p9TRE`q-0ZBn`D`@FAf@jUSb+8_3v;}*{r%Edm}ubCW&7HExmjP_IR_|F7u>_N}#k5&n1?taEyn#vj~69uK_#wNAO{ zdl#U-KJ~ZIKF9kER^J*gQNJhbEpFck|F<|7&V_xR_i1hXZ%dxO1v>V(4=ERa(q)T} zlPiV0>#Y4(I}eZ3&wa|(|JRVulQ^Ci&eL(Df>)mJIof!2mT=A6EZ-}yL7hIrRVO{) zccdNp6Xdbi!7n6VqWUua{Fm2jXOeHCee^rTzZCheYA^oO8`mlc#z8Se82D$n)(mf7K^nC0y&9;e8mp9z1gac$oM3tzTay+&wo8oD<%Q_KAzo zUX~9_$i4X(2dqCgU`0 z?w8i?N%GvU#raLIA#S_a7IoaqthLUUt8|&SJzfc+O{Y;p$Ja z8uH5gd5k<0I4{dv0v(U<^I9FN33qXO9{tyNQ}XbS7?*4x=2GRFx1-Qr7U$!%j~+rC z?Ed-arO*!r-VZ9X3_78m(C<^|!s?AyF7?WOUA*6I7p~VA;{y9wzM)Qx?*p3uC%=yR z=F34R!aQjy+_mEbaLfPQ%B5cEz84bCG_KaeWz^v7V><1G2iJhh=2R>3GJ5!@@+Hqy*-GJT?hTBT>KBcigvNQYO`9)t?YS$eaL-;t9^7~ zar?dGnYW>D@$d2`>Kpt{*--N24)n(wtiyN0HExMX;N!^~u0gqBuIuc2bFgrYPiATH z>$oRr?{U3t@jquR^y4}B*@^mFh3mNbE#LD+@Akav8S!808+;CagK!r&?vp8^&T8Qr zw_bdo-TKQe)scFozQ=fF<4nnQ(1~ory69Z?_om9lKK&K^wCkGpg{z<6Z!g}z_E5)< zV0^IoxB6Su-wz%0XPR*JC(m=$O40viYA@X9^IXXQ_ivwYEq5TF*Hpx#m^i`R2-SZF<>vZ;TfWT^uJNzR z_q%O;TOnNi$^DLXLUsDHO?5O5GZ6pF$-BL)_W%4hLb$ej_HD%3+Wix?SN<{Dm(A!M zp?&Nd--%h?j$99&NNcPs4zj3~!qrc2H}c>1Eo@MG;o1A)r=2TO>pkeim?!W`&XrZJ zI-{Xue68`J$nYEK=wa%3ufo#mb@lt`UtjM)zS+FcRk+3>{a5k4eM-3cAH1*oCUu7L zoSB-eZ>O#Q{yz8~)fb&i5BOv4JN5&V>vJESjaMgp2>aZ3#r^LoT*rqScz=)S4K0>*<`WW}>(f(ud6z|WQKcSE5{};ZqTtWNVFr?(x0p$>i?}*LcRif&BpTUZ0}eDBu6G`T7uf zygJIAL;Jd)q1@P7s+gE>(5~yYk~YZpE|S1v*WA){h5A_6z=-hYV)G;xOkd#$fOQ1BYVP}{>@0!k?|tF_~MH%zB{=6$EE)m?KIA_U&i!yAno5O{U7>+%c^B4?eCQS z>H0r^Deccl{LEDPzxo#$p69P#QZ4$NJ}T``OCFqV|HW@0c(Q-~DfI`Oci+VDgM!tc z|E9-(p5fe)_D}pJ?qB#l?*Bg0K9lyA+=D~G&(Bah@b;Y8S2YYD_uskwiJ!crM%a~c zo~Cxd^U(jp?f+5QzfIa-csI|h_xJ5G&fN*03vGA$q+jN79_}*TYQOClqn+fdSIYZz zA0*>{lk~szyFC8)N&7FMUGbCDd&i~cdHhkx_|g38N6}9GTYtvz|E7%dJoN`2Uid9; z*Le7I8Ruca=X*;3#;N1t3|JJW^|4SprgC74Gw3D3nZ=_DU zmM8yj>HpBX86M3~KKIuIPKg)N=j$%o)w)uC)n7n6;q!8;{`v3IIDoV8XN;e(5jb0K z<8jjVibH9?`==~7o=X3(l=dfnmCx_*O8bxLarz9umh)f!cEQ7^^Sqk=|2^6X{-^(( z&tq4{dH-Lh_UxZmqn+S?_NRCpjkmYX>HqE2ANzah4;Y@$lOfyh;Pz+U^NMQuNNN8( z-7a=@4d;(adr{;cP3N`WVE79!<8ie7{6@6Xyw6MgzuvEZhIZPQ?@qpYs!F zr+vBf%e=q01V4Ww?azM$@7JeG```F2zF*2IKXM)IgolSD4^-3hKSw)_|E$=-zFfxn zF=>BJ-V69NY5yY`=UJ)$ug~?Hf1C077eB)i4xh3@;rr1}^R}d})O*P|FZ~^Ee^~Nc zwY+gC?azHV@1x%LpP+WY`S4$3JZQVYUrGCOf1mNp+^K+fOc@XVN6P+iigp_3uJF}A z5qN$?^~XC4zsdKhrsuaw|7X9O;nDkB{XK^Nxqrs@pw=Hh6Yc68{afCbx61fmO8wQm zOjo=L$bovCcXIo_^zXkQeCeGwJYRrzh0lM@eEW?;KYxLCn)i9J^S@HY`M`H^|4Skd zT$lDcXjgXoU$@8qI<(U`&wM4r|K8I7hiDuc|5e(N9+`mIR;W@3J{%7gm`hBJcEnjW^A&>vC#LsIyJSFYVr0lW(1MQ@5z9FS=e&8R; zdN&x)T0XB)JK(>2joUSU_-1K;THYfr2_Ak9?TXIDzN**zM`)*cAO0!k1DZd7#2@p# z4`1c+eHrH;p`FGldVIc~lJ*~<{($F&UB*LE+ADv;?M2b=K0(^Qi`p^H=yQ3TBWZv5 zPx%}@k$MmGHE5^tA8zsZTD}@kJH~lR{FPdMc*UP_`?J5pbk3)sP`FC%wC|EH{6?Ag z%h0ayBj@oY(*CV7&fUMx96;~yd;U4~&;I!^v{RkH_xUsXoPH|W3C_FMnGeilf(i8p z{)-PY{)IghzKr?<&ZjT&dJkl(pOSGN{zhKc>!kfvf5GsNewg{&%ccF}(N5zOUc&QU zk$JyX`al0Q-2bzr|6S@&`9?Sr`0buaU`IjKXd$N6R5|KIVvA0r#~ zq3_A_7B_6VeN5Uf{WPDKPmlxoGicW|Z;(&n9cU*w3#s?(e+TXAzWxEGpO$=7doLOX za$U&qe6zHlqMh*n#Lr(+E!uAXgJ`Go@(C&X!;e#c;tvx4qxa=i@6F@f{Wj*Syt+c+ zS9H77b=B~{!b4XZ~sun{|;&g-kuWsgTCMY z677VycZ&U4ulIxBkNdyyO2&`Qm-#HTE4@`E^QC|w3qY# zKJg}A>4yuPeYC6ny2^B`{UcvU?STL3xAJIu&pWi6`AO6)#Y5+~Q-B&W5Ohq5j`1$*2C-_IV?R)dPsU7%# zLDr@1qA!1l+wcA;kN>cmrBHYr?L-eBlzNB#Gtus{Gk-pfgL$9(I>y`oDdYU4jQ_%~ z@%S45pZ|fp-se;D=a-<6pRfNQ?O%g-T2~2vpU z)DHLyAI|r}(*n>NKA8JodX(|-Q3B6*N&6F5?e;&={hLfD8gDm0gvY-mb@n_N=X=qv z_~fTBJRc%>`w{97JUnro$Jh7EuS$DM;u5tT{?)Hy{CrL79DO|6X`F({6}s3=jWrq44d}{*2fyHJpD)?ZD?#uV8xkdRbTW zq1@gQd+)x?d;P<>{dtK8j?aa(Kk@e&PA%vE&A-O|i@(e5e7XyTe?skqw{3<{%ZX}LE2RHpXeanbAIp3|pZ9-3{Q>{86~^aVrT-67f3&|KaWz^$eV2^$ zP>u1U>3rjF@c7ROKiBQQP3;)x;eWz>;NxZd`bTj8!mnIXEt;O+A?;878n^3tpZ=Sm zALs>lrS3PM%0l6L(N62Sn~F#JIkeNdo)WoK_kRcVNBgBs9$&-x(8G+kVhV3hP&@iR zE%9lZpMN{rX`JWf{XreC@*kxCbKk}@{ynw2LgAOtPW=42l)dY1XeT-6S*dTM@6DHg zq`>dYd^b{98Q! zGh)Be{=|;7Kl=$huWtW7v=jgQ)f9jD_tYQrJ}2)&ex%^xSERl0TBbvNpT6p&`2H%U z>}j8gb{gk}uVVW7ei`RGrM>mRd_uJx`y?xx~@J`3$c4-fqt#&c2N`BoYK+3#dLYy5oBtGWN^L;2p(euUSdo#1@_ z3m8tlUtdA(7=QHN7|(Bz@&Ajozwp^S{trp}$GnF7KlNTVK0ia+pZ`j3|HPN_2VX7i z={U)sk@kllV|@O+jQ_~TFr3evF`OSI?O!A9FZ=|LujTw#y_WIz=2Tqkr>OQ<6`o1i z8~3FD7yLByx4$LhzXk1zFa0*3qkk;zKPv6TcQBkoxfovYvE0A-$Lue7AL)OHcG};& z|L;h(==1eY(N1`7NqrT~lYdmkx%<7m-cOWq-X{H@c&Ux&5BuAUpXbD%uJ`>8+6n$A zdJO0Od+owGUNZ=E&W^nn(0Bqf8*mYKGAt9U+)<0q%XWy z;<`0Gf2FklXL;XH%hlhFcA~@Qev{#8$=vVt@eF6-r40Y8rTx{?-ufzr=Xq&=8`=q; zyT8Qe^wXvN1O5)<;RUI)`ci3s6zw$c6Mw|x==1ya(*L>N;(gcr_U+UkczgI`dHm0L zZyxA_AK`JH`ZD|6eVMcuQ}%&Bm-b6?&t4LE{^9F*{3rf|$N$2Y@DD#q?SS)nc~4yH zDceO}*InTQT7Hy_V+b1{uiR1`0b@sp7NJde~e%J$Bc)Mmj1u5`oFU9p%Uk* z{gvmxR=;|}jPV95|e#{KV#pGD)Ri*|x@ z^f<3quj|XHKiZ%FcBT`}55G;uX-OQ*YXzX6mi8wkUt9CNYjvLYVX1Rfl>Selo$k}O zr1Y#Wkp3@7{@_6R{}HtVo@eDf4ms|H*EG2OiLYlkzf1ZbOZ(^tE~yqR=YKV|<9t0M zc5h9GZn z^G4Es8SMnm(_$C;+tU6O)F17w)IIWl$vAgk#^>Fa{y!(HizhuFlJ+^Z0L(@xM>TX{GGC zdzYmD5AnHvtMva4v@86}xzOkFdFlVczr3V+e!ld7-^)DC)8EJK`hF>*o$mL4F7YZi zrT^zj`-a3PGZhsI{|W6hZ$b2NJ#Y64ulI#_@w)Uq`z_M`%-^x;@aL%=<6M&bbj{~K zc|+R2g7K;8^Z%3fr=;GahW}GGd0pvv;5VV2#((O^cwX)2{V&pf_jCAsY4{&%a{t1+ z7(W`Ge~EUrUy=`{*Y(G`y~^Xf_9cwChpzHCPo(VaPokap>TgJ%mzKM}MEZ|pAN6{F znA$-<1*!A@NwP0H*96WlX8e4twEwWQKlDC~|3?I#zd}2~|H9k2{Rf3^AAXd_zxz6S zUml}&;O%*-+oSo+^V0um$rIOn=8Lwtf9p>e9*xiE&`$HF^Xc9p?ZsCzAJBLxbjH)k zbars?NT(14*Ee>8?XBItASiUhad;R_rr|i4_JdAuI0z@`(H#bdz2Sbl7j&n?@g!)^ zP79r3f7A=7VfT?*rBQZw3J#({6tu_V_E``PrsK21!MNQIgYK-~Kf@=+-vacUT3tJ* z?ci|M9(NzSgUtO98;GVR7wVFBk&IU^E_{o?#t9WjX_vx31sDf2Y>$0e|f~VXz+! zx=r=xxOJSF&2xa1g~=;rKdfY%YT2enrpeC^?`Mbiv%~w@;r#}->)PXQyv0bW0!Khz z^SD_Zhm%=vieKmdmfng|78Rv(2K-VMuu>MVQg+?t?7GX@b(gclm$So{v%^=i!&kDy zSF#JLR5NR=)U!?58LQbDtA6IgY8HrUc0twb@U`rA)Uq?yvNP7QD6D1ISjz%Y%PzZ? zg{z*0tDc3co`tKP#Y8>39rY~q^(^%DEcEp(^z|(CjVut2?2L`<@Qv(Po{KGb*-t&s z@vVamcn&_`IS!Xs&TfJ4Wmn-lVDY^yntTU*zMtJd-vOWRXSdMzvm54vRizn@@8CFo zDZ4?wgXj3Ay20FR)?e;}@6+v2>kNCn_B7n;G@DO0n>%~KUNLBv_Gbs@`1a)d-&Q)) zvyqy0bFd#zyypdbe%|S2hzm@PMR&u_@pP-x@o)$B_i?dL!(e*;WyB+$tZbys$?ArR zRyWjSbG9m6ZASMzR(&w*k7k1ow($I$mVA5>+QH1hVTg%Io@zkS9f$2c&PxzM=50f` zcrWF-}$h2gbMv91Vqz`$fUVZ1;hNWw!f7#l~#+fsX6b2x{+r zVm!%Y_hHv~vir1Y$z=Cq&-&qH(mo8;1#n*GUynb|-clJcvEtiWF53rconCt~iAdY^ zV5UhFUH-We1W|wF`6LTME7o1}34c{{jQKa4bW1}b+PE#0`jEw@N8{m1FrEz*xrgKN zaNOLvp-dP1Z7e0gy%Y@&-FGayHDCaNZA4webPZ-DYKMO7R~(vwL+SM^S_KXwcD>bG?$uV z9S;56cPQw-Lqqo+D!T8`(S3)K?mM(}-=U`a4n5s>Xyv{`E%zOIx$jWSeQ4(MPOPU+ zEZb9Yw$*{numtGrmf?%fYdsJ

jv!gnw$zcj86|?q^QZcJ9mx@`6C>665 zQ7UFByHw1c#!@j$#U;-%ua{j%$zcm9IcxzXhh3uNumzMHwt$ku7Ep3nEla**9S)9E za&V-QgIkmw+@b_ZgiW07qT60+Ha+mF!E_klKkCiajp?oz?BL(l(QXOMu4SKGXxZ+s;$?fhY}dN&pXM*z7B06v_jhwv{s=D6e0z?& z2g>R6h&H{-|E0ER*{-|4OCdmytVYy3$P3Xw#gk^Y9^OgAiKH=*`EVWza6{%n!AaA- zlsDd5jDmUJ#VGKZ1~j}D4pP4@KteTzgn3`i!-9v4GY=Zn>2LRgQJ+q~`VR&1VkEe~ zic!FaRYtWCVEv-!%aQ;Y(-S|UW*TWQ$-SIC{f~HHka?D_&T@K8=xvLa?*1xXx*S*6 z+U=j_E*`pzy?FO`b2q-Mk+*mqohJO)rzDvoWMJv4&EA>qf)-q{(m_KAu^udg`t`iet`uQ+u0ibIF5ICS`mLpQHD^ze#9 z53e|!;}wSp3DByhe67-=XD{idl1=!|z@yWfi27 zLqW=}tDJ3eSRu0ub(r|FDk+q+tCEv>)ci+`7OD4V}+RJx@d-;ywE?3w|BMV(A3tY(&23T@L_mmt_Hm*bB z2y7{3slDVN_mab^T6S=pvcrZ}c7RfLMdCSZZDq&pRd%qGiUR``$8sx^RR`j$ z4wIpS0ahKHsOm7wR2{3WI_`9bi=gVbs%sA3S#ubAYYqc$&0)Z;IfAchj;h6BqDhwrH2kWU?l zz5yibyT&WsQFkNXGR93+8;1u$zdcHBw))<1)O_=--D|dRhw6(JH)A|lLwyt9-r922 z7}4c*65-zK3=x<qO%bn8o?sCUN(|!V(I`Y@I>Eq^ ze%l1%x~90N=qCOAfj$InH&-q1BWeF|=g|Yb!f$%d*42RCf56%8mn3cC5GT zh#@UI?w+zkmMtS*G|dCcjyPHeOD#KGfXcZfGU(Ri@}P4BS3dF#S|+6%0$@pZf&@8+ z05`AOVAkuk+SAU_HYhAPNnRNl4~Ib=lv+H%pX8SsM6?|ojAk-fV{3A2c#{Sp(Y1UP zPKRcpd(d`~mFI9qE4h*l9Fe~z2U{#TZlscflb0Mi zb=jepl^q_`vO{hxJ7NvW4#}tNIz`9|N>gOTfxn8wt6FiKj*0`mii7H_j#ESlN}6pJ zNmIBP_J?Cu6_}g)#YfwdqiUIX>g%KF(QX)m-l2&+8Gl>5ayAWHQ|MJU66K_^8B!k9 z=GDvU8Yt0!;0vCP{^pghwkOlwussIZ4{>GSaDdQ#ZfUiV5;Z|q5&xC)t;}!hts#Pd zpc*NH-)RpH!v&n)b8&hv!|8YHLDcl>r2aH})17b>PNQjro2W3DbBr8&={v+&-$CPG z;xX**d z*gM;3kES!E1~s3g%goYI%a^;|Pg6V8*i}m5Za6iVN^KXZW0Qlk=93(-WC4W13hEmd zi-D*eLs-Nl+bWcpWdg6dfk5I7iq5(+i+V_}Ynr;aw>5dZ-HW=9?OmgKE}TrnDRhzlW=3>7W8q256@a_BFT6~)$?kveK_Hc z+0`tDP<`K=blM}=Os&ZAwE?KFKHnNlp_=2!5iTr9TSi~n-K#?&xEmi47&WrUH%X?# z2yBJp-drRmTU(Xh!%1|SqkGMubeLJ_29x#LYgn|ybs-O-YPDew>P%p)GmMW7B8u}^ z4y9kb**@D36`m6=;6(MVpGdWpt;wTEs!Y&dd2EnsXb;X1MG`|+!QV@M^7lIaey9jH z?$W>x3bCrK&Td}IBIr4ES{PwF#mZzdj|ySLOCV5xHy~1fFQtAjr~Y0^{oPz4jbBUs zUQhkKk^H@?;3=jX3<$Z00U|dTFmi(dBsUmPa)SXTHvmqOw@mza#Jcu|pEe6;d{&)Y z((_yRZg0rMtq7$|E$Y9FFXCOTZB1BGqdkqg7K8E@)ShNxf)LhTba3Y4tDfU-_Z+ej zd1updhUc)dd5+jj&mmWN4lTiR$W^{0(#>~h4t_D~uW?A0J|a}6!->-Utc~$m!Q0p% zZbpc{H!UwYwd&4<>bS8H^UQl3Iy<&;8Q$aA`-K^^HKa*T!UOPn!jf)N%*2)!iW{9^ zO!AV+h`i#)!J<}^Nulr1*;iUqeJ8HI+r34t_6Xa3XJ2Ve^>sqF?SyQ5>Ku2rsMVhB zrW2F8HPttCjeB#jsMQ|fR@c>6x2F0!@q0^JQ+=H{yXC}L%emr~6S9_b#VseDwIbKr zT29DxtG$Yrlg@UX@b2Dm&9>{LGu>*>w(EpUx7vOGu5)c~bneg_M=r?T=vtfiXxl|R zNwWoox7~Ju?A^NKY<|4$0@??wbs@=z)xvdb{F{-U)dI%fJ93U+y3+0=5i!f1%pa_g z@WZt2+Rf6H*-_*o%hI(mLNHx(7(du^+&Jo^@P`AcZRkd>JwRm)Bu~1&xP9oxVCnWa zI%~VWfQXC)5y#|v?K@-HBpcklc0Y0vSNZZ7H9}ltS-)6=m9LE3M}5~c<&E|@(iCWa z11h=Gm&K%h8TJvb=U7d7!}ulr%?QOyT;E(9PLK32_BS{hhchP*9u4=$A#!mt7hw4Y zl3I_PE8Px9og>%gl()}1b8xVI)}8aqPWU7ycR{dw28=pax`*Sk?P90py|6bsbdg#a zXRJMNL0!3g9Kt>=+h8HCas^&rXxy`*pxp~$e^pT(JfbjOD57o*=la*bFkMUeK@c8N2 zy^EFIXmHf-IU(F@1BI~KI>6YA_QM$S7Vy=}<9;}ZC$oRMf-OPCAs6neSB9fue|X?R zWA)1HaPD^-N8xyQCv=Xv0YdEcoJg)VaY%+E_ixw2;rMXQ8m`Tr1fHiZ(yCsYjr+4Z z`taFne>8#}+fB$-`!{Rvs@L1c?Rhx6L6^pyG40>%F>kcb+DE~*a}C?TG-&S%Z@c~7 z?Ow2P6y0%t*E)h3DQLMUsR~NkZx2r9{1yc`;;!2g-$lXWkv?@cKKCLNpK2c-Imom6 z*dcg&%xtYS)HYzMi4KNinb7`mYXEA3eb05_)>1#(U*5zaI>W!Nb<}PS2ZzI+o1kEr z#95Err>V9(1DBYy{q@ZdqyeJR*QbS``Zd_~Flmei`_~)b7Q@Mr`=+Sh?sbE$DNd_! zaciyW*S*>Jj{Dcv(GUz^&V5qfZO_Iq#G~|rW8)gPaHXj`V&*!}4FU`1yh)5n6D}CL zLfGk}05&g|VB{Bfk-rk`qOKV(hb(#H_p{y*2m4n0(1lUIyoE1uv-JW9ApMwkTQHPw zf*UEEZ_EJau`I*tQ=w(-4rkLN8ff3WnA!%mR$aZ9_lM&M{15YHII&-E9-cw0z$N%- zgqaU}XQLw#vaLDmFxUrE1Teq1Y zHntu8q|NGg)6q}btbVr~{iMz6*K+ieHml#Rqo1@{{oa`LI|8MX72~+w14#{(MWcPt z8;ycDhy7X59fLr|sL^-%ptm(Zj{OxB_CZ(d_w=Z*>c{a2Tpv#xhV06C5C~9J4sweQ z%5!zAVe+U$QG40|g(1^MHHSCZa|8x?4!fA=$N=>mwldEVK;${>XPzSf4^;p&AbSqq zr{{?9@*Mt9557t`b{Ji#JQq!eZ6uBa!Dx7b|C2qP_j46y*)#$@hX>Phc#l1Yf8TR> z);x#z*mK0;d5Doa4m(I>Q#2C|VJK51lVrqrHMFW?I54ll;i8j)o+H}8b3_?>j#xL(5t-#VBC|Y4IHKps9Pk|RYMvub&T~X6 zc#haP&yiu^IU*W7N3gBui2U~)L2;g=3ZLhQZ1Ww#DZV2(#dmN!-w~taJ2;^4;C8+v zZpn9eTYQJN#dk!d`i?*&-w}`K1AkQM^$6;252Bkoywq?Uji(5$Q-8{iq!BDleAs|fyDafK)a2p zn7b-IMJ=2V%h=Lb#0_VzdE58n-%(X2gy~`w98mDR*9aaPoIp+pcEa`q#;pxFJXNOTD$`5LN<=481OF_WLV48reK{^LCG!4XZ zKn!(d3Qr>oOV(VThZu!H5FSw#Ur7>5Nm2AW*PNZ;4$_Oh+@Tw1--U*jSJAyF(j`2d zW)V|I^|@|yK(63!izyAEb2pBTGF|<0vMrNQ*a6{b;_J}|^C+-&?1C*byjNDWhe7F_ zKGJk9sQ~NX7y+xt8i{G)r?Uw~WIEZN!L^Iy0wF?r>f0YBgQyBtFd0!!3x!cN%lHq9 zc@jZuyN6HKuRawVJ#t*%KnTAautv#Z;A1mwTkrXTS*U0^9Bn zD#y_znxYaZ`*tZp8b(kmV0|)fBP@ALMM^zy6T?1EJrP4ne~$N5EQutAdaln>)7wLI zdRy0t;1TVXfy*n=N-k5$aTO+p=@bl9vi!<)1vEEDw|B3+ zcrevBv2qo?vkuUB74W03iuXh0`sqmR$pgoc=QU9;Q-=$z1)ge;%8|=gHN&K1eFvOXdA6HhUwb?Six_gF_M2K$h>>&x6 zN~I&#wcTGEjQK?k*X8ly435!hizMH5V4FULUn4{u@~DF8bkrWum9rMWdA@-+Bu}h? zkmr}L4#y{Wu0}%^^Z4}uuSi5sc`X_~P~4het_CR-=AW=jj1~T~-5F~7M^hvot_!&# zz-%M4%Y^z z`UX6OYXgl}bI~I}F0#Ux- z?2+paN}rP3AY2}-jb>UWDROO~LGs^zgdoiIvDuYw??1VL%);q#eZ=jCwj&NvJpiuY zwb?$uxOoQk1W$!%AMDy#sJyBcnv|Q9#NBmZqFzO=JZ(T<52!p*fY*lReQyKag~!#~ zw(AC)SBmePwZWHHyoHpLu)970Ra(($*jqQdtVg_48={mtwHbDLYjFsDxWbjwVNJn9 zjZd~@>;GRf^m!IsWIA4(t@TQ_Nqa4Bq6R-*zJ|Q4x;yQzAy_Cgv8GmHpDxRFi}iq! z5fzb$->%K21VbZ=f2@ms?=^O#w}it3#T&%cwH}cRHKaSO51NWCgmD(6QA37r<&?BCz()!0!xIqtf8geQRu zywK1u9)xCLfSQflNVDz~^kC+AU6USgF{FQPaR}}f*T0|2Wkwlp-ttg%?AZ23Pv+=Y zFXG+l@l%Bwc`9V>!3ko%JFd^7ft}05kRIF(?%`Qi*fq3P_+SkN`4HxjWbxoIW}NS| zpF&~J+TOL1&UDxvC16_+t_31fxx5yDiXSE&lwIM$0WIgn%C5T4nx255Lqt>x+I`kh zgwLusd8p(-%rC!S;Kj$bCViv(D_b1m z3|7Hl+LX2m;7X|TN!6Fyrz%|L!b`P0;|&$ovK<~w?-h4NHPTLWcy!N0d06Qcyh*6; zr(CzBwWiG?s|`yDX^u}d2Tqo<{S(L~2? z8Jf<;U>c*@yUzz#ac~-K*dxdZ8EA4TJCrieibDVtPNrHg$*Kgc`BSWd*5{AzyDuk?QW_VJR_1lkGN-69=yNuMzSu?Rc&yIhJHVQ~Z6wU{>{n>Kw zX&hw@8TS)S9DHol{JPJWlGB>X)4bn6aEeY`&F_9s&#^~Z{eQsznCzc)&l5)Aa7AE@yI3u0bI_wY55mPEFv#<{3kqTN5_RuBxN^9M&i*o0(AMDoC zm*oSYy;K7C_02&l7W2Woj~3&WoUEo0vQD^lR)biRQ}|bFIDDWIxN%k%fJrRofr2UKRHNkm`fRUNUf!|4>u_?@52LMf_6fL*RHC<#nU!)L zeD0uKOK0uDH7m4Rz^(_0+K(cT7@ihw*6FfN6-`+`d|GenS>QQ?Y0cA=#|oG(ACK!b z&u7`{DJZV=;I3w)D8GfG)QPy*%22W9!dM9(99EKt6Rtz?)Ny2@V8uQHF%;k*0DSABM5TFHm1q&M00^6;k0Mydw!eTKiZ z+Zm1!7G}NxO4UzQj(_H+s~2-Ft7r(0IX|)Fal*pVIGOYlO*uj_mW4{BhtvTQOJRx0 zeFZ?oW96RRS(9}IkT}P^7pS_;7YC|t^Io6|UnHo)b3kS5%d5bWJ)+&Ea(=zw6$y-RA8(h$`fPdBy+tndrJTx3Uzw|*we*;|PvatD zTLEB;hR+Y9o1Aihw{$abP+X6_tS0QwJ$C+O&pn1KS^3=2SF`xJ!{=ZBd_J%W1SG{v z(*R~yTQ)AY^bERq`!&HRA40rb` zU@?Zv4@262z6wCnW9Em(^2)CQ6l=iTa4d23uK=(mGvtQUGlL0M0GBmhZYXqk!U_P; zL*<@3mBg_E5K<%Nhok~oxQmJh!vP+kLNTpXz>*#_KQwkM$0}g4N6Zh2D{X2O@VLg! z50xD{vI=j``s*ibSmf3S+q3FwChOv;uJEjGP;?q%h+OfJp|+J-@SpS`JW_9t!8c z7dQ;gaq=&(WSPiUT;wNJLe5)JWuNr0t1IV|9(h$Yd{X1Cgnm*xw~A^#DKPU>kyZ3B z$Lf}|QXLgYPf_HC!*`bF%>mES)9N1i0>{-oQ0^6anS#lySY3A13#=?VNbXg+OWEdF z*)lqE51bn=&w3ba1@PDd=7%Fwcz4x|Iy=D%nQCV69GF~sA`u@t8+1tF(+_B`B-SE3 zZ0=o39_G%mzGak~3?}pE@P>K*tzmfD2}e_^`kFJr%`a}Ap*&~QX{s-Q&vSh2`Fazy z<0%K2b$Uzf9R0o8ibi$)2jxriDy`@= zl#1C3S!?G5vhZX8*?V9W&}2u=4N-iPt(Z`gaaW`3@;8ZX!7LSfQ>#iz&^ctyu388HWT zm(qMP+DeE%87}``dCuo%b8VaR(-rTabBm71aKJyL=uVm5J z%i&DYPC+_*%V)FuFCX80r6cEpGM_A;W&ZODIp-=o_Y;pa7oYUC- zmyhqP3XpTI`QKh>UMV5AoH8Br%C{Gqm&=dkI1!F{<=Y(d+8O+LG3@v%$6VAV0e_&Uejb2F6lPQQ4791zUU=FJPjk`Z#i;7+T}JO6^O zm(QKap3OO{`@0dmybU$ zF*N6N3qM~zyO{=>bH>akd1grxJ#){J`egYmaW-epDeV5a#y840F2DCNzR`dA_~}&4 zoXc>2mSZ*};WF<`=}&UZVkbA|oyhUk^10&ls+_af{g;nFFY_tqbPGRUK6@s`Dd)8A z?{duN$~($C=iF~|%xh#U<()45Nsd_@$wPT(oA+ssS&cNIytAc0$uUbh2Pp4U&hK)} zXC?aNoh+ko{))JUS^S=i;pH%STV;+vJ?Y^;M3! z()l!bXLEj+V?H})Chu&HuX4=g%7@822{q&`?agPFdP zbB@d>%V$}bK9Y0VOztrFoHH)?c=^oPF!h|X&iQcp zjP4-xoU<Na8)be>jCmkiKm0mIM5Q7sP^kG@JyOFl_ETxzjT+oq|Hml^L-&X|}G~ z!|Yb*WP%g41KE}k#6H3nhl6RtJ!q!VIP}X%I6JJU{pM58YxJ>aone184kwea8;sh~ zI0$=Te+v(sE#2Xk8o9K2^>Sr*3hHj+`8V3Z?Wow?-Y+(rl|W$uTt>kOto5S-ItEAW zLAMu%KKk7vXXRmMf z?u267tpNpr(%YILdZecl$@+u3BpxAw&&XuHhA@tu0!CqA5IK3O37 z1qTxd%y$m!8Zj3*h*T?K&M9p9Q&7hVGnRN4YW?9LJR4CKZ;Y7jeUE^}nVudEXA{uw zB$$LF6CeF(tHsBmLC99efk?&+WaqIvyEX8a%{^qb_PW!9Q9xJ4!$JwO6#6l$YMd4(Jk)(xGmTL)y^YQo#Qt=YYh6E*M&S&|%h{nlQT- zqW44qD%fqXI zhl=lN!VH25$QJmY(MVfS>TuE{lU@xA(1J%B{BF=~wxVQ#a}T<#Oz%p}s&HsG2l~t^ zZZ!@e5e!cP6p-(?$GALoDsnPQ^*HR%HNZQs$Fx}qP!D+R(^HwwM!j(B`fd9|>b7;A zJ|OO?IB1ie&{SMRkW=BK72id3uAoghlDoT8uQCIh8XxqqmT){CDy}O`r{2d#K(?H0 zoiyu2H7Lm+HjV4a;E5UXChCq!0z?<;dk74!5*S?97^Ksz$Gwamp2<#hId@qxb~<%K zZS{%zAhPu#MY6;p>gUt#BVf&S;;+(es*C;>u(C*}S_M?qqU0C4+X!7i4uZ|~ z9%Z>^hw0bs7Rx}jgLc$|uxy|4oN%LF)J47d!s1qgeTD?1Yu}Z zW=cQlbG11lj)|7b!Pa&Bg?MJOaMFP$)$3lmbZvX<%0}Qn;y+SJwz$@T7~46XZf#CB zXS8$ueeg$IkJDy~AVE>x@XZi&iGRx;&Sm2JnV+4LWoXeoO-o$yY)a_aHe)LnoUJa z9L6_7e6PCoA>e@|8GK1{k*!m7pdMQCYLz9&t*D7te@ACc1%O^=?e>T&ounkgn3Q+2 zbe86KtnPu^&ZD@xNdq)5WOAiSwul9IXi+o@_2nQsW#|~o6?H;0hjST)q)vL8JY14U zrPB-BW0R_4?oNl)x_$b5_qeaFKG-ryj4!6XzLru%M=ENQMkS@26+d(8@XaDX0tV($ z2@@go8N#WFiWX4<{-t}nx818(FbQ~PiWodksY3x-nM6s`x=V33h=?POrdk*>X5vMY zL>Ai*V%ZJCQ)-1uT!Jb?g1a(L&A(!p%|Ntbp*eG~T<0po5RGd&CS8C;;Hs-sAzF)? z8F10lW~J0%Z+fJfVzF(39mG%DL9h)A4u{E(g}LMxNPREZ(3j^Pdl`SGw$~qcCLV;yLbPU_p45@s?C2y4W z2huqh>W;FKG*``By0|z@y_ty01i4B)5QN(A16P_yc`0K@^7kDW#oALP^=J((!kNUa zTSS@3NqAMUGmNwM`0lhp@{IzT2G&G?^@?;D%%%rkb!#(X`xY)z2y#1?xJVjz1?;pE zv^FCmdi+bH?`i=cW$~M1%%S-OVM~p%Db^1B`G(yA*lNUr@)l0_b^Hq}bn}=%YwZQ3 zW3skG1Caz%LWRSG-46+UH#!mQ`!P_lEMFQzl1SPwCYF*yqi*sxx{tckq_Q4_*dB;j%Md^Nm5L0Vu((O|Ws+ZMShONxA^g5Eaw82}u ze&HS?(+;MCUos4aW7zYojU#(dv=0Yy0H0MjhR3ZJ^~r13Q{1uyf12u#nnU_dfeHbq zAZ&uuAzf(sU;yck}gjBp{|Q5hdZWU7T%hPFF_r!2<~>r+lr z`f>M=fFW3t+ng2BI`Xg{k0x}iK}h;qC%e|Z{zO?O!D@{=%kw+xde{CH5+YVbu-E}M z2D4QtBL~{_4qXeVHdV)jEk-bD*^0JJ|30P?m$HpBT>@f>Tj~7XOdPnAFuY?q<|+!6 zFdHXcC9g<_mM|Q38DwQgCy&+~o{fPg!|}ATMJE*eOxa}HZJ4O=?~{;8AO^($SY~jM zp|p&~GvV`tOE1XE)RlN%I8<+XL2OlkYOKEpvXG4C#Bz z5J(Ld)n03{_R1~~(D#9`SUJVYHdeaU8}7Gzkjj;Z7U%cg%wjOv7Xv=U=B_jgBMImL z{Y_ALHadtpY18i>uC!S~9%ax+EGXj~ckYl)HaLOWYf$jv3@-^oEQQk~g-s$2!W2n6?qOLl0fqJa52-oszSD|_j$CrC>kHa|*i(0cq9%6M%q;(XHtrWY|8kQDf zQrw7nXxg3aEpTVsD}$N{b<@SO#K863GL)%gM!wL;BVZz{)Wj&86wCru#MjIcV$mA)fX4$j6F@^ zMSYHgnGvPPKbiJgX{g9S^CF#AGBE1XXGz_1$Q)2D^Q9TWBQ3z@4q(n~-4k~jNmi_% zS%+U{PfLurJkH%1H(KGi$0iQOkzqfluj8vO zR_HC~oMtF1vDr8oh?ntbJN1QT^>hMN4ZQJ2$M8?y&6=`Y56?i1Yys8F$5nT4 z4uY70C-2o+_H{_hC6ofIJ;+twe?01gFkF^`&fMR!p=wRy&d~LLD97mS@ zeFaf*P^e)$pB`EI3(;2!g)0nv1dev#Km(58ztKEe+45@pXW-p%NdS3r?{(UYv?^$| zUf&l>1pw3FmO_`}(N1)g$>^`tabsVUT5y|)ARB{%xE>A)xy|=kEWRjt-z6Q%0+Jw7 zMWE*jtMxos-UwkNeo@o}{-Mh{7MT#!P0^%uaL-LfC2VJVFc_*>BW&q3I-DWMloZiv zI~u^y2c8JEk^f0}gG5D=dTIGWZ3{Tn=0N!z!Kt(xNTluyS@>{>wY^=L_!L=E z+%!cO18Is2n)1QY6SG3jr!x&S=Yt(w1SDcQqRRr)`2CpAAcEs8!;`K5*jyrN5{o86 zQ9+3&m#nfe!Y{&W(1le&g|5NYPI0oLPt$cP{6>e}kQqQCZy={6d#{-kOavxF1Jv_e zxthxfqm{VT{NIzM6pTrcI04FjDFg*U>YIjFaHrkmJ58I~oa6~`QfU*t!DXY1PFGnOL1)w%t z9d@i~d^x2317-nmCwN7rnKsq>DcJddC<3=pH#}(1dQ-(YR5-X2oP-@={e(o<*-)#> zeMPa*VB9oph9_?v^lw)jP2N|8 z^W_90GlGJelo6({kJ!4da6Rd?2SGGxPAOfXWbgs_bw*hqADwC=ycvHpmQ25Ks4W&x z3?r6+$ot)h4fP4L$t~KOYPq?vCyj;OLrxX>J>(unEISOPgF_BA*$QFwQkOFRH+?Tl z$dTM=xSX6`FD>oNqqD@{gaeCz*v%w^x#w6)Gq0%Lhdo1+Cm4xW%o!3bo;t);5`8_55F?$3k0H&dM z&7*LU<4W-n?PKsB`%Ew!Ah}wJ)G9Srh5eBueG7cL9EeGp79IyWVi3B`5^p>D85daG z&Xzso+p6e6xJh=e@x9gTV_|Xd&ESO69H$M4f-3LCj6gA`%@|LZt>rbCNPMLh2sBl= z_DHeaa~Z`_cvTiG(+jk4wlq33O5bwinw*ZE7B1-^rqjB5n+@)MlP5bcK{j%ehZ37G z0$fwMQMlKL1uwnVG_&`0C<;lAlq;*!yN`KXk07GF8dLVtfcJjpoAX zcU%kxei`0Sb_M1NkW2BH3(09UD^HZKyaqY3l|M%x5rN7)gS5Rk`iZwe9Tme*WRPmy z$>swlL1{r2lq04!GS|{1%1o=1ddaoEg;pOVn(!eEtMD335L(ej$~0v#y#b1HlL+f@ zIP3;v=p)EPI^cvn2*TDB;$5y(XK;#x_43?Kul;+{)+x3XVFSKnGgGe8P-(-^j z!TF)X<7bhA=^A45@-6K27Jf^l-ZWPOJs1*APA!&JVI_KGt}cLkPL@EY7=O&$(=6&i zXPfF|aCCw$yMam6sWW@3HT2+*NCL7w_=YJsCBW0Bi1q6t;7C~ufz2+zyQ@NAp^hC4 zmH7#(LL68ng00usQOP&ksHXu@oRuZGnGm=@An?xn?uf$bY=F>1@_@!YwU)8ikyk}< zFyddEJr95|FF}p6bSKMDQ4sbS z7D8bjqVusj%5DRn;SFM!q%wORqJa(((V(^j*M6fD-~FKC6t(-I8>mA66%*bC1QJ5 zgJS^quI>?a7I8~(0|GPJeOqvLpAG~=c@$*~G24nV=Dkwpp9>RJGs35GLy{-#7IXpH zFl`>Hig`%ih=dI?po${B+Xh+Hc2I+X7_!01SKwLIwiCHE<01_>2T);nGGQxewd`E# zYST_MqXZ!2lp>a&97*wkmYInDbmR~POiL;d#6POHF&j*dqJwEV7pOxD7XF1!1tcm8D_9buXH*IFjwS2-)nTez{j(iU<- z$X&rn*-;c37ct91V?+_J zRGC31QpdSa!UAG<19W7n>V^6~b0h~tEz7@u(<$~3|62Q}rH2b?30{@54FcR4B&AJ* z;Q@t@v0GBEJEy?{vfUU;bsH5X*qWhO&fdxc>v4-4kts2HJ;!ChDW3|jie(^4Pv_rz z*zzf5t{_W}E=N?*Qo=f~Fh1ca8!Hp9=Cn)BB{Zm{7K7drD2XONMB$7ksrS8ba5z0m zGeVUVX{wkG8ed{&1Ht3Zd97=S&Fmf=|CDx<&+$KJ@8}|*Q$R}4=`xY9zo*kOO(_|* zpX&CUM5y}KRNZ*jLDoj_8xc7NzbVg&gum_V?_g-UolfpK0Imr$B89-IG^C(2nFTm` zq6m6kZ+HlHp)OPs)Kw-PUA08Fun2NdxYkv;+)0Wg`fhOPwcT)9i@lQy?w`yfs`6<9H-K#}O3qq8$NctCIo+c`hA+Ku1Q6k#%>SBHc%ob(m$c!4G zIF}@1gr~^YQa67cewI}IP6fFqR!uSv(0yCs5}~ZWF=5Lw>BMncL@i!*1924_#Qd(z zq8_s2>X*A+eZ?o5iOZZr7`qUD45iGva|s}ABQe6URdH4hK~!?)f~s6|GrY=F7toZo zQ>xZ-@x)TE7^7rkb~{BaQ&?>GhehfX8OWsm?k@C$<~m8VCAzu>(F(Lg7?D)43x>Zz zuF<{SrRVirQh)kHvzN*!<6`V!mE$57WaRAaY0Ww1ws7a9sZ%99I+3F01Wj5Suo`DS zc!Z&=Wun$IB5fL3nZ(5$I=WwjFO;&^`}-2yHk$4Ca3c`!USxSZHcW~0EqWI|!S`-N zCbO>+F;z&}`U2Vx;^StJO*td{VHlHrJE|Vm8Dz#-;5YgU3nL14f-5 z5zAaATVuP65@iRLSm_L=V~R--b3UZtYde+|-%!D3CC_=~K<(QcD9>HW!d-*C4!Zh4 z8!ZrQ;AsPHZaWMyCyNKAWfx*d{Aalhm@AdX5rMf<)eW(Lwq!wlNfY@t88YfYZR`W& zV-lCOJV_-vnyNaI7@?HGy`U8I+{6WLXJ$X9pi$Ws&^)c!N*TL+0E_k(p**Rw**TUP z6>*^?v*dFp$#B)1W^yk3CSxr#5b>|)2hQ;L(a2aAj;`z1-Dn3N!17;CZe$= zZtMVC<&5x4<#=Yd5lq21kaVK29#Il1DoxYnlTj`Mvq+V?D}6IcSkXF3307nXy2)cX)PU}+esY@LMTEqZycp|$xyvw zbf@fJ@C1;rhTbj^8<=?z=iVh+0E*)Uv*C=yeVk4ZKI8Yba1cnjC66(r!nUO9`|x0q ztkSea6LBhI?{G9wA_3`{2?^w<9*W%@%}@-9?=mWNJ!(%?>?TpyG470HSb7D4>eK7>iRc=@)>qhXUfU8z4bpYz(NuVlze1l5u~{S43lP=Uz6mFN8(JvBu3btrft~#Dj zPD7Spg`Z)26gO1i*hz+?-nu26k_2v606^5Luc>b;W1^&#c#T^ysC75mBYL`L!l@pL zl&#B6N_iQaiLB7N7DGJSh165m!BLDUi8~-pk*g{^gpqVvVA;JnQAI%L0s)TCR#rhE zyIh#idw$^|RGgx9Lg@&^SUexEK_JIbTDXIWKa`*y+`W(ntP4%l9cHiRQt9)Av|KT+PA}&j z@5~U_p?z-IvNA!5vBTymSXpwrP+K<|8;2xO?JmqomuqlbR#s>P2S72A6{eb)RX!6+ zq}UDP9VUo@>6?lgY>nfdX$wOxh*dC(cna;&BLLZa9I~;g2i?j^TxWc4NlZ?yETc;~ zb$&DURgVUiZaAG$iWiC@y)=azW>F>H6PRYD5U=GzWLL|ei)#Ss*1g1$m=aSthD~I~ zi?L?YPE0Y07qJslK~-%h7Q#vUFB!FlT)UXbD=ob~8jh6ctb_xOYBYSd2CoP8NmVVx z8Ig-l$yj!sEmgw{RlM%S2&eq~QVopa8c`aod0hoKD#4kHcL5nJ7eW4GsK^hDN?)7u z6=2n1=QJbpyd$%bBxT$-T~p3O)w1U#a&KNHkO47!)?$>L^e8o)nR!@V6=zqc=cy z870%2VfF+O%S?Ro+JBjO9e~vnMaxuGKOLZ(oM3~c)lpnLRe_A;{%lqifq-(uMu5_- zY(42JN-0C3Lt4AB=Ea#z5AcquNz@hVD1x41yE`0_{{{&IvDRi+9dx#@3=gGL=$cd)0&_oR4Oz3mxiV%p8;hG`{EKX14)|m|YUEx`mok zkOL`Ybkm^c{LyyZE@A=juNiF@`xxahLY0igj}fxgH)PXJt~W46X!GoX-Eyxc2Dx-i zUiF#ghf6Ov;_&(nva}4L^p`mXXjdf2lJGO^Udp#;$|pjs%SZtFx#=;9u18Yq2RY@Y z%S0m}o6n#qIu(!Ktb(KBfbhAIZ^g8xo`ivE4M&IUnnseomC(T@E8quE@x}*uJacN6 zx0_=#%W_6-KU3Bl;~*xiFfl-g$xCXSB3A_k-~G+uPK0t;Fp9&clL}QZ69h>R=EB<$ z{E&P@btv}DQUe#$4@jN?GTB{hz84i+!GI|OODV7jPJ^x(Az^fUh{D?gBVA^`%9s&; z=a_cA%;>s`R_q}G4#?t+WDAtGqmu)}Mmj={pZ>KY82Q- z^IpQ4)xon=9N*eQ=n0v(WV-I)mz;0O@Je#t$LWhblenEcej|rSJK^E2a)XHo2fRI@ z2qJ}gF#3=P*2X;DUP;VB^$;n1U8>G#y*9YE7qq?q^DUhj5?^TSJy*T9niOo}xFOq+ zTUCbKc|rmbSMYd-qlydoy8b41Xz_bzI0JmU(C-PUrSw@Y9GJR(GJ2RzY}RYRb<3m^ za~i=maT;IMR_CJ(AD1|o2r41e*k)qH84ASnw~6i&Tjg*Pxy=cbNWE}B^Q7NqZ1xm| zNAQ6EDr1^yvsHqVz13EX(C&?M+U&QK>X>XQ2byM$7xQy|T%JB9nL@pZNSufI!4;B{ zSzJPgx#WBqa`tY}_ZDWT0oQ^uVJhCUWfp}tMHVe%xDBfmv0ldILPg4g$ytAY$ZSp% z9Bq`Lwy-4z(Jp3Of#u*Q4K0Zk1QOrNIqA|$@Xikv?jI9OosHce|eIqSJ2!@6x% zq=6{njKC8%OqOW#u@Q<9RZro>4^WxzSVgT+&sSWx#niVPS^Y{N(M9WF51sd}h88?H z6h|veFc+(gm^qg!(#I^_fAO_+Fm8A7g#96?!_+V+rRc&|dYx(nn~GU&)6inm3IyoV zbfC_8+&rabrMZ)RrZF|y2vTu#MifRy2^61Pv^efY%rSt45o7aNI`VKH#2L zix`VwCL;F&xuugA8J2A`$NH&Ys`T?(#??E*BVBke?EueHi^0t1gyzPiWOJ_kOt+Sb zFi-{GIQK-kG)n3z!dL*McO0-Kv|h7d`DCn&ZK%{c8bPv?7p{|Ng*|*!QDPWOJe)m= z!f*J8t^>+6pI0~{dFV5)r=fgYTKOVo9qTD21UM38tft5{Y22ZvaYg&IgyY0cfpiR< zozRXkTX7nDtOj}c?qD-$*pDrBKxX0qiQk)5mymvZvc@qfs4<2LE5imw znZ%`%pI9lhYNR7IgjtFoI+qcXXoSo`-S$~#J1C>3@o*RnK71y?F~mHECm3ipm{isVKH3>p8FH}B86s!oThaP{@Ma&>TlL2kAg-_XQ=zAl2;QJ&(z*=%d6`|{w zf3%JM76P`ms5~S75DcogDZ!dmBw-$)A1rkVKuPe|KD$(M3Wb=Afb+P^l_OS7X~ z;E7(B@PI)mA!;~-_x28peyCk*^J#yIBtOqaM6^bRxDKvmCULKCgP|ynGM1YfRT46I zewFGxeAh~YQ(2Pzh&X}bMlcQFzYY4NU$_7=*+uY2TiG-tHDmisX34@VxC)-Ww#r|n zL&`JnNnsLQ3@hd-F6&r0WA6w;dTle7YT=YwRx;fdd3(3Du~H$zX8hWMC^x+Q7={vT zmAZ?-CVo7So*P!;A;Bs?O-XcA8D2_rQoE}q7*H9-TT{3-{hNp{@Uogd8XpWJ(OM~F zaX%cVyasx^FT9i5MkM&2fAg=ZJRZE{;~`3}0BOuK^-eE!>9T3rII*19WSB~{%AAcn zby8omJc^-UMB1KDm3!a?um_nDzEv&IBXwDsBDdhHRm?<7AS5Y}VgUFO#y%gj_e8(+ zG3X>4{hh1UC24$IMneLGFIcSbdVoyjWUaBujDrKtBUj5CVR67gEG}EG&k5Pv944nA z1EUg^4Tu8`Vr?fI0%dS{mx(^hJJK>6Ns!o~SjJOP*h`~=%+%RfjL(|YHzTF}nLwV; zI-U{cEo(W7p|Z7HRYkogYq>nZ=?JciQw=JTYM_!(jzS{?MbsDs8Vq|~5sogj@y*u! z+bJjQG~!$$MMGNOOcz^;IKr`Pr`jigUsq$U@~5tvgK!=3;f$w}~r! zkAy$t`XH`t9yPt2;E78lZ+zLpt+0cCTR=x|yXX0Jb=yN_VXhyu7yI=r^RT)vJRN0` zwoIuo3#>|ol36!rUBWz2bFHa84!uZd@M0$=VdXLF%BZIqIV{6Y2*IMX(mhM|93I&1 zwAP}C>nir{>F^lmUa0{@2q`T%?>WSmaY9w9FlNO1YWid>H;4fkO9EBUIeZ$LG>H6g zvEWZi2EPn)Y?v~5LzxW8Y#`5uxUOR7(lI#XU$}YkEp|>l2(Yi%n#f4aC-FW2x5TBF zI5fu$Qt6<0mx6T%rox-D{pNe{_NMFd!vf}E%9u-CH+sl;X+qWBz|-aVXK92uI#I%ha5 zV&YSoEAtFPNNh>qp#!5xM>Q-Q@{V0i z-myz5pF{`?O6X;!QSr?XrMG)0?Xw9q3Rq~5nKa?mP=QJm^A>fryduZfeGwW~JZzom zw81)zYn-_*9K4j~eK5xBh;SO~n}%eD_^4I)@eaoL%(#Oseb4jz?K?0lQ?X}yYR!bZo;tS)z6Zi%DuD)3K#2Q+ zg#pQHW(9)=o{eK0n0ilHOSDT57?_1k54fnXN2x=l%o(v@n_QX`N2v^%dQN`vf(=s> z!*i`)fgq(v1Rt-ofqX$cE4d3xYtO={1aV*;%kzXxU&uMcTV)lt#94O1=u_g-I5Hx! z3(J-cqV2#^A^z&#{0i~Ro8~KC>cRt+U)09CNDUKuTzuhUVW?MircJuI15z(MYrnI# z$5!UOd1~ga6iAKtaj}Jkj*=w;P=jqv<}J&L+ETWQQc9JGWI~qWx6aGK-g!#TdCmK+hlInX};ms;wXw7Mo~WwO%|8^wb1g%Fiwi8`Hd7OUQ^Z8O;VAL|#c= zV4SPUW!WqtmTE=eZ9zO>p_02uB9G+?r)mMVYl!U^m)}=aiMs>H-ax5-hvjW8D$|c#SIZ}%30tsu`pjtq24UzCn%Q0ab zAh8QlobdU%sMgL*sV!3tV3X>?i-(swQV==SURUQGjLq17gH(ttFC?GYBc?<;8udat zEb2fLI7GH8GD|_Ns$f`rnz$EeUd1pQT2Y$a8~8_w4CftX9~`BWXMx`fwE73(2_`IE zI+6h}u$dugvPNlZ5Ih*{o~GULixeWL6O_nEaX`+tq;A(;yB%_}9 zT^()I0#0%Y{3_-UtF9mni9{v*9n+I0Le`k%vFiAZ3AxTZ5;kBehO&8@&Hh?Jpk|Wa zp#?tctU~&k<3ub(sOqOK+BxN+wHUU-vP5*Alwy@QpVXu9@r$^00#N)*r7Z{sUFtB= z@{;3y@h!I0XnpNfbck;(mJkfiBp$bfjROOp8=jw)2tN#LS~86UH9AKsfyXZrZSm!g z+V+DELY46@f|;c;FVi8)l_f_rIV;p@5kjv%TPJtHqj5yk5-6;K!N}E0ug9ndJ4UD| zLgj7X#X-IqJqsP{s)|cwO7D6lN_`9Vhcnbrg3Z<7_sY_*!y~6S2=H5~JLQ0?dS%MI z315|{8&N;>^|#Qp4pUNMT6f`u-%eV9lleBndvZl68gvEiEG^lXaPQ1nlIr*dcg zop%n$IqKvc@O6}qL1nzQ$zC4uX;`8=L3|@FpPZ*`a^@7W&~YATBxGW)04uIEmQ)8d!?zQ*EM!3L$Hs<#D{-lb%JJWFWS zAh12E4(_d9LUo3k@ma7o;a-nN>|^JmrOr4F2aL4U+K>1mB~9mFSuMb;Na_!pxFCfb zL}NUuZ1O_TE<9#<7U@W_SL3I87v}@FhkDuFOQ#-XWV@8QLKYdXqEnTS)}_)V5tisx zx)G&Dp|Tf0k416f_=m3WxHNs%PLzo?v(qMX7=DCd#Xa4IBu3bBBR;>4%y)y1Sf{Nq z#9xwj=hc74Z+7kH_&O^gr--jKBegDd&6DwqLXI$>y77T*FKFDPw>xg&T@$lD&b&mp zOr)ToM`cTstd(TNLARkFHC^jHr4BH2;x&|nvBZ99e2`N@&df^Pmne5H{6bjVi zlM7d+aO?Ur1fN{L_Y|8Tsu)XSJCQ`CWaARRRZkDb{W{~+gMAE z^gF5QUhygtK_#ynbe<%6C&Xq)w&6Sw<)obrG+-Q(SZ@yG@im15L!Qvp%rS&i?b6qr zs1vyV&5A_nP6kzl6d@&MyxMLvo^gUwCybrUI01B3 zciIvfq&bB)DAUt|6jkDQ2wu9rD5iYFnT43F)2$ZCtk?@qWkgm0`QPE4$Kzb!!uSV9 z8H3UJK*nJ>2*>(;%Q$U6`(VU9S>p&bu;Wp(!9L+PzQ`oWEN%IMEMgxPC8H4J>g?+z z6-l#oz6r3mp=}nZNJQ`bUPO#-76}erHySSnt28=^4l$TaF1}ixoPc~N9@qF1ml(n! zptw@)!4)m}#|Vx$f;Nn4BJ+)QPhWErVB zgRCa?sKjw(9JrW<>qzrHiBYbv0w%hcViYpdg%7oRO5d{%QwW`$>CtdDX%D&+1Z4^T zaokE&Xr@`Fly!MpBcZbMNfV3w#Bt#-Acx$#@fBIQNmfWa@i8XR@3Da@cpCpo7e1~i zzHiLxKZaOH_$Jd18M4(wzgrS%H> zgj*a^`S~8wR#8)Cj5_DauHVM0_A|*vOQA5mbZHQjn-0p*#&7^mkL1WbxVR_n&NLbh zNWvn^yuktBM$wE|Z-|^^GM&aoUAlUPW0bgr2@w*a9kdAtyc$EBevu}kL^({OURXXIO0d9`0)&qUFitW5MHV{vd!4D3T9f!R$gQ4+Jd0X5!8fP zI@4N7U1oe?(GM&tpm*uvB|m6KhQU#uDH8Hu7K6i!OJ}P4wtL+xZVkHO>ErF*ETq$E z))}#KCP?{JMv7HBP)cgV1M=H|z!bY8hlv@Rlgr^>o}3LVDxZ7*U^iB00idnT!6R)MBbFp-QY3kUDqnDFP$a+k3@fj;6n1p#z36aK;BManNHC>Y<-jwje z%pu1^=h|1KBvi=!IuA{;#7vD3uJ3BhknxKFX;NQW$x>Wl+7P1VE9_)Qqs?|3eZWld zV_cm=Ki6d;ol|J7@Col8lrU{%(R-KEV^ls&<;~Ae%e)smh^d)5AET$5PQ(gg{q3Ie z-Atyk?8>3jSEmOZiT=qFix|kn5XYoxC6`!*K{Ea@C5oQQD~sqB}U0Lsz12&&EFsHPyrT@v? zmuGH~?}!{ChXWjdboZ?#bz3Bc zJeiR(?AQ^(FRZEx_{#V${Mvmlbz@asNCPDz6-mnt-^|Qt0pv5UHrSntt6FoX5q#4YW$B0s?Eeb50>zn-2h^` z4^IFr#7qltj~4bBQof~x5lCp{S?H#;q+1$!r$Tjpz*tJfO*EM18e5=W#qqY038--W zZ+G_biviOZFBqIrPThp&HYhfbqfdy{%KlVb_iCAd=d-?n3NNS@<%!F8ODamkG5 z_J5;o@vR@xQl~#a|3X!H={U^b!^?fQh#vrtB}PV!>`bSR)8g%k516ec1~XJ3!!~m~ zrD;LZUhNw-U?jZ71#iFJqjbHd4l4GlO};~{Pt1QDxqmrlFk`X+Je6OdqrTv#(aLiY#LN6`HC#&X+#M?* zpp7#!iX-ms{_Zt%0|eolw{&D+wbbS+7A9=)($mDm-rRNNJ{r-Ms}pyjnJVg(Hu{BI z-tDf)rEoMMs975kxI!r!yPNL}anBK7>iD8vHFcKrLOibP9EPKj%)_DFoaXZ}d?cc_ zHMZ~1teynNO^hGm1USwQpe0eBwO&e@2VC{+vPZ?k2apTnCJ^96Bj%p2(z9F}CIoHn zUU*Pw(m9uLhr%u+mkbqT#L?0b4mli-!bgl*CNpflCZ2(Jyrl`$EcGfnDi_|KjOSev z);M`YhuA*d>KR50(j;#zH>r~^z_)D@4bStSH>j6qC#|aHHtiVGMvYvh;DP5H5(++@ zFly}9it9-V{tsy}-#{@6elvE32Dk;jmAj1q%8m!#Uze5R|7`KWBlRi%q5XasRQ;!NaseUzN@3T$d?2X*1Z*@uDPsz3}W4el~oW=O`$< zf(U;{@y-06I$i_EtUb}37Hl<^Q3FzR;}hR7rUHf^$43 zJJn+)kT;~RWlNJFo3SZp{<^v=Zap4tJ`fL*#u9|L*HBJfHYatTc6WPa3w;}U zJF0X#-VZh)y|(xPHWiG8n9Xr(ED{3M{pp?kSc5b&rwbu-M7PM6Q$pLFI75_Ynv|Ox z(t!;Qu`;&YrEl8+_+t5TKbhSlBP@9ehuF)7a*sgsUG)Le9ZUfb?++r5!i``YVNi*~ zv?_xkMtfcv*bl7S;4)gvbbY#f3Eyg0R@%`OAp=8e2R+lvPd|&l(?05o`arJCSPFkY zyTTN8(D%*h$BfLS&&X&iD<{r7^PMer$@GB5)mJQ=2G|*blF58}BekcAWv!ZtVxO^< z85Li*G~NC@{IPYtw#Y_kNKEQbCnp1#l!g)6A{HEoLE;MmdN(?Xa=B&Dz%KIs=jf zV`j}-jU|}|hG{xL}>l#_H(~)7uw0%?fd(} zPZ4s;NgveX?(@XHsnI`z93F_=5x8?TY`8~06oC8?8cqj#V<$Qu+fGe&dOP%VYNM2R zA$_C>M-0Q3-BbuBFwje^caz|;kkJXE)f@apCkHeSbr};hwK!hApw+`{th8ajc}|*g zzj=}=F31zXquC5AH5NE$ZekO*4R72ov*pz;L@SlwJQ~m18OKNLbS+~V&*3=J`-OmY z?Z2Ic9J1dZ6(;7m1TEd`(O`~pG#`1rr|VfrIr$HxU_9d%qka#aK9XUEySyUGOoXIv z;6@0Bq7rw$L}-B_fBjcT4BM#$a(<7p8veyGLKL_LIW0V|Qt?Te%JiGnPx70Dgho9c zNf{F!gIahTQOsBlIidhy&D_ELbU6RB(01+-pc9Hh*LPDvAkz##VWj3}w`xH}v18e_ z%PzhG2heO+bD*x0q4@3!A>H%5`%=eyD(X_Ft({O+i5~}eNC7bSeZD*dcof0Dca-6B zr;;Wcl5}Es@CfO3&yh1hmU=k5pFF*wmJGF+_fwQa((I}?gHZp0EfMiUG}hXH9D)Im z*RQt3*HpX6R6d8GyNn!ks#B}_i2IKSIAMAaaczUi_)7&joQ94Wn020kxr7~b$(I|1G7y#*!nJw} zQpJDBm8P-aT`xCN!XgnNe-RGxiSf{rwTz0hUdv(5rCbME|E~Zzj2g&dpSl<@_7R$a zwW@?-D|N3)Gg*<=_FSAID8TM2)F`U^WWa1r;Nz4pN?ajad$`rHS7pK zPI8v10Gu3xVYD0n>+uiAsT2;{dc8m?+RHujkl>)1&GqvAfyG2;yes2>sX)-XJ^$QW zgOKe&?4%*7b=kN1x`#;=c8lqrI$8)jU3N*l-CPRIgG$is(tpJ0rH13MC&c}h{7zh} zSAL~}YN7gU5%vz=Xl8d28V7!p%4&iDbUGrX7$|v~rjo{I?|(fv z%|)as(5eBz%go9Ju90^ptA#hH4tBjB;)13pCQL4Tl?V(Iji|O#;!Sf~)u}@<$f|Wt zVAda3!_h!!IBVU9zDR=b2iPN8 zSp2=dS|^M#uxD=YuEt zmV6H^T@1H4fh!#af{pqnrbCOhYuP8`+HlXFU6T{6uHY7}EyO(`HU_ct%gELZMjB zhCjh;auKr8_FAVN#J8D4SZ! z5dA+Qu4ylo$Gn${+tPRCq@hR{?FzYnd;TlPHe$s{iZrU)M8{bIFnY*2{F{VuROb(a zxAE{#!fkPzY0`|arxIx!jqe17rHR!-hoVXMS$pdmH9~sVaxLkRceo1>0bURY*Ll+(~q)9%O zI2rvc5uTLTRfd^*m0ma#HDAJNCWg)3A<74g5Fh?{g2X0$7*xbU^~u$IYspBZY+E{A zLWrcRWtMg@mpQZaN%1#8C01GU2&Xf)vgAE3>JB`KL(j@= zD%zYLg&|51P$*Jn6IZLnYOu(i9q_Th3ugL0 z&5;QAt@QdoZCqf}eN|m^1UC?$@jQ7fNE;(s75t6663sV)Tt6u9>IE-AikD{ou5aM= zfYpe`jyOVFZr@f|rHf&UQg{hb+6It-`YHFp;+=S-hKjucAaSQ(HzTP7mLb{LC|W@r zO*s+F?qNZXyvpa;1})+ilU}x}4Dvq3(2*r$z8os86mg%}D(I#6W5tJAH$xGC5YG@M z_C#Rg=L*q;8YI4#O5s2ig-A;ay5{ z>2?rWysXxAXBY{TgTwfg1kU_e=P!5kF#tYwwPDuva5bE*d2eD^uYM4l@w$Yt$7g#jU#di;IPMx@%081t>?zVU&^EO z75_My8e>+d4kLvfHGS6gDlC+)mCTNLZlw=ARWTVr6yj~vzgi*_g*bg`J0zAD zqCx$cZ*dy1{jI~4Kt4fr=I#Lsx_)JiHpYYh%7<57npU*P_{3981sku>KJiWIrj+~J zYg-mng{$aK8#PnOml6s(Fm_h6vVBucD@}tic`Xx&+VmjjDE?f$5fFh*99;`$?L{}E zJEZmvE3h&o`SPsao|7Z^b?kc|+Y4|*%zGtE`+5W30NI~|R$ZPQt3bFyd{3%0+NOq$ z{kK)FLVUE&LFWI|?;iahHy?SAB&u$z@f4w-(xRJcMpe`tTB=`u!Qd2yALGNAz0I{2 zKHb6*SuE$mhESRlfxP(P72W`xg7**@O{5Yq0i5Yao9e9~L(-R`4Zw6sLM7;mW5tbK z7=JpH_ctuevsvHNwSj&wx^x0Y(RbE#;D;T)IIh|NyYkb$F#6h^JYHFr(#DDI4lf!nCb+u9idzXrqoZs6*HZg zT-T0|b!I0(BU>Uw9-2{6jpbBE25_azl>e>ZWq$X4SpaWeoEkCW)QEp3O7kFxC)Djh zoJ7^!az*H@_2k4ciawmSkuR|ekx2z4w{8+*Yaz*hAc>eX2G^z%W556PLh>+7fvz)a zIO)g$-h15+&d@{WCJTwt?(BO}$m)u9nw#^7p$k~Q*(%e;(9Hw?JdbdrwbcVo45c^*5P>>J zYZ~|~=-sEmNS_I6O?+k%53_j)VKm|C#?8mvC4wH8@?5VvXMCMcK1?LMk)B%R#AQZ0 zm#eWGxQu1E5a`v#KlnZVP>j9QZC81D+I&5FhQ;_f8BZS?a>T*z63t2I`X4loL{JKs z=}4->;9Fth(F20WIp(OwguBbD1@EVMR;F=+%$>-w7t6m5WENX#lz(C3ZmB(yZ*oV_ zK*@kMP4A`%5?c^v{R~2k$^HIl$E}2uTUNWFgas~MG9fb~Cv-aFe=&V6C)Jxw!W^{K z8)pux&t48eYbY?MdEbAyeMelz=^AEND}FL(p~g|w0Xrj~2GcqaDau{fKu)wZ+ zJ)izf7vgyZRo$)QiNwh%PUTI~0~z9tozd*`9bQ_du^4w1FF=M z_^lJ#VPv~34oA-Vk|kFrlXxEotIcNV?T@l;QLA1~n>-9IL8&yXL)yl5XPy{Gf#@jQhEj<;?m#3O-yrd+ zaE!MmP*=vKzd-kBZf+={==i=LhuAJTCa)K5w4pN#rDl;cM*#!Q?ia2~*T25m>tnQm zAjQp`OSSJoyH8_CgvPcKjXO}m-gn4f)^}YrCY;W2Q2RF%xBUi@7nZV4+65^G_KAQ* zO;d9p4bH#I{8r&ncz@dZjVeKbrsCRSMM9hiP+%VDR_kpD3A^KGB&Mj{-N6aDAG_&* z`C2ld?kON3*@`pVNX|jO-2+hG#}Ur;CpH&mwcxf`8@j=4fSQTZ`|*<>nao`cvGXZt z+%M9~Ked-?9H;m!9)KU*#!Zkz0ifpnjmmP3Eyxz5;~F3-lR3b`$pa`QjNC%VrB%KD z=GHF=SRdXo;9A_eFaI`t9c%Iy8XPPeYvj3ZU8mU@c@pEb5Za4+#HN1=YS#XTLjTZw zx1LIp;{W^n4f)5xm5wy>bBPh)ef~T+{;wk=e>9XCbV$^YV5!LYu0g!2Gt&j}{jG2) z6T4%>G#r9ikvSBpqQY{F-gR7C&pfP9>~|he67!|RX~7Wv2xn$fl#}%~oNQuAQ+%FCQb|-lb>}aT7LCz4W0nL))jSY`cgc+g--Sx-a-O5QoZFfGe&SXZv z`qXHWTY$~nK8vVW0BAP}kv#^4h>Afut3%}JO{ABGK*bbpZS#ALPH|T_*x)8-DR5vU z96~oj4-h24_D==r-e3)st4csFo-+a;-Zd zO)SexC@6Beg-1Nczv6AuZzm2aQ^ddu3f5v$F+=I%7( zfbF9kYqltx_>Yo?TMI&s>svx=#PJ^!h(CTAnl}~Q8YpZ5MAZf;?Xwj$(2=yQ%h<}R z#A>LSu%a#DAv;O@H?bf5ceQk7oGN9Z1ujAeK5VFk;RbkXoBXf@TT9&wo5@w7yDjYJ zFGhUIj$(B;@)E}9Z8n_$Oggk_9T!%HEtWdw3HJ;529%OiF(cy^MYVGp>C3a1&G?6H zY@0Z`zyJ=Q9|$eCTE#k!i}3eF^@P{tcm$)>)WhiFp<20&B|5WkLr3MZsf^yQnam)^A&qzxEJp zSz!i@GG{oa5z_yu*Y59@aoKIa?L5XtzLJl(^yq_C;r&Qry+ixPH{)PU^|($5OUUH} z*HpV!>r0F((SR?8{yAY+yU|9KP?F2sx7Go0zsI=?BZR^_TTBy(NXw$8WrcK^n8x9J z)4$iMlPIypW5nW#+zU0#04RcA@fWgRqag%~*XaCt~j|4arb{=hh#mjz2V4l4 zvZV4K`ZH}uPCpk2UqcVT{d@S-*J$vc>>g#uAti$}z_!9vQMGF%!g)FB_ZV;$El*G@ zQP<_Qr(&S|mR7JYQ%S#hM&DudFacj1%{Vp9pb~ff`^)UJ#%F7t2QS|q2KiK-6Su~& z+jz<_8$Q+jZGBWoBUU8^dcgS5I5omB-Tyk}euNdl#-o-M{Y?p}BEq23!!BgvaPszy zE((dmf;XB;!TVpho=z-wyXPb=%RM*v1W_?(YNq=7RFp{XG33!Vi!^$Vc>jkkMP`H|J`)%^szNBUDGK&_p+la`N~p6=a?q^En{SC)GHlMA9*0G{ z_q96Ill9NJ15y%Lnyyzi%hOF%@Z}jFp-;uyrOWj(W?kM<8Ht_?l#$SSrmr+3b~V7R z1xJH7UJa{2IO>H2tD6rS&H3xz3=@QC1fbCk0g40)G>F@tiQmvj4FUw&No2~Mp5Kl- z>*<6|+R->?*9g*?SX3sjE`@jXw;|BmByFXK5RAcY1<6N;KUkumB$2lt{o8Clgq%8G zV<<95zOhjuKnp^x)A44Uv@CpsPjQXE_Xw@<)s{RP+|7IvTxOMOL50*W)=13Nvq<%p zK*dp0ZUJCz)Wbb(WvJ3Lq}n`DIS43|w8S30_s$-NQ2)tHt*BTX*)SW6w>9U4z&qxg zykEZsWqUI;t8i=uGsu~ioPn9$mb&ur+;F#;_tcjiL#eP_f~qJ03BA$v*Y0M9I25rm z51;m`Q-&nooO%6DE1HzT^vgagEy6Q|=~r`#5QNzm*oCB4!j40}Tm#FPp;LE5IUR|M zMt|L?=|*Lk;Xd;01|9RIjINMQxbDn0fNBNU=P{3u`~uy%I)|uXd8eE4bgFTndtb92 zRGGs5QP@?m$AK6gcuqEgaGCXg3Y+F9KXF)&`_aCN5e3yAccB5ht7xDwE zUAK0yL$eyGebq~z^stk4gru%GxbR4VgWHGAQ+K1Oe;r)e9W59#QzimY(KR35j)C}f zXvctm_;w7?LVq3HUh$@qt$Z19n5cr7zwrGYF?eYHIG7S{z9uZ8XxWD`n`9EnkTe2649~5_ z(!`|j0{Y&d^J2Q%5DhNCYwG=zx}Ol$(_(=}WYDBwVLWO<4R<0auc#nRGGM|-{`HB4i*gUmT>GCMybyv47N$=1+y70Pf0KE-&=?5Fcd!PeJ-Ms zPL1*&Zj7_7L^Q%PSew}~6MvM6S(X(5&O%ZCdfec6xr$mCSV+pRWDWFK&P$Q#EZOAz z4WlYGVMnnaNHO9mxU}ed^6S--GJzLE;P{Ut{>#e(3AOA_(K!=NuS|LyG<2qDK0YjD zSENMefT}8-DxTy9OTv%nc=EFQYnnw5)%Z>U1n)V&zp+~9=-cAyH`?PNUi$q; z3-Fs^YbG4|Pnb@GPpdI4o;JbZo&>^p=jazw$#2-_0=LL>ZiPbxc%n@7_^pQ`&4axE z)0}R=wWG0u7qb5VZPR`8?z4Yb56&G_Q*tEcD8G_YN@%4YccfO?1^v84`yC_)Nj4(% zSH}XV$~ska#5ZR^88(|UfOdmFX`GKAV=4Y=+r_AFD|l6K8r}q}(@PNW73x**1WJhL z)2vPHM59Bdw$T7W4h@3J-2!q4_a{CFB($6c^5X}TDE?Nbf%pw*i6VePJN|R=_}Ke_ z#|?hI{Pbb663TDTfU)J29N%6^I#CbK5Fh5FcaAweb|9?&0rFFD^=8IjZ!}Bp7(=-Y z?vuKOO~)8s33XRbNtuIn_6!GGt+aEe;ifgZr3ln81WRJeQmEhz5g>0r1Ucg35Vwe5 z59e--Y!@1yz{sl${T(i3l%s9CV>}e`w>mnYsf53seFZ3fK$#KoFKuYzI*r{6itCyu z^!~W{<3@ktXgPqmc)vT=TYtO$@+vp!=KAgSH}iPD1p_E_vt`m!qQY5lmG(+Nid)nv zc$zs)(_o>#SaqRE!3KSXN!vz3OMIyA99)L3q!#z^e%yDQ5#7HDPU%SgMvibGFvLB? z^P%CKPTf%b)+`F*Xk=)zVdnP{o_3?B<|BDJ111w5i)w7UAxZq8*pkIn8)C7pfxXiR z|B=}=vh{o>$AYsp?ic;_Z^PA};}uO#t-w7pR7bs(Kagp!swKmRnp;J*HXsb9yR6p= z*>6Qc~k(p+QKB<~t6 z`UXnR4gT`My=ljei~S5}m7HAysHpsSYAOvVUz4QRpdP5_r@aTqmC)VFgrM!!Be7bB zLcOWO!28CC_xxtOoU->N7SO=y1A910ydZ=pL}@O!1ohC2Adr@A8;o^1+AIcd>U--c z`x6O1Gd@YRwWXcrF!CPxAAImWs zt4Zrj?p_GJJm-TybSHYI6hDl0IpO~T`g1fejV*&vmsvzdDA}pKs<^T{!HV{9TNX*y z*&ay&a0tC{L};QlO`2%^*D(%;ohxUEojWKJewwq&Xkgkwhp0iNpqh}9t6*`XwzYQ> z7a!IQY z47?t$JJ;iNh@hTm;1_vTc>*p&tFQ3^Qmg`bpMINOoc1!s5v}=KcskJnzkm7E>3l|y zV8>5In>Q!^A(A}E@SMZ!h-#V5X5u!Qy|#Wx=S=$UeE$5|_bznW@YXaCx+c-v4X){G zGaeE~UbMkLW=K$MKwTH8S>dX7j(W4@=I8&&sBj3*x%@Nf>T_UH=3=>6YTC$Vz~0f4 zfG(v53o@2#{Ln|V%dlVmq+vhe2Enzw3g4+P_1YK>uEN;Fqu$oD-gA_l;Jzn5RySkt zF#OpxW))r}FNxE0)|`y-^Wge-x=Evy_?F15(CFQTF0J^Csk7D~CfTLTw5)bnvKdCX z^axJA%ETyt`xCmc;VNVwCrbMS%^HR_Nb+HsCumhY1nrJ>{Wi^;V8ymly2(}W>cV@ObN8vi2~T&SIR;MxN9;-J7xM?HA0R(z<5P47IzpQM zHe72DS3!kgm-#8My6Rs9dQ#l5#`R`Ag2Fw(xA|{!B%^bKAUIvtMrCJTq&gcbpUqqV zvgOLI*LY_9tzX&g?&h2H$ElUbzImr(582wVeXP(82wJ4Kp#( z%JLS2=bnf1K2F5}ClUZ7}UJzeXK|1R-33jD;Iw=F9uVVmh2IpNF)J zaLq3eZ4Y0bo(=0?HprHMRvZ=Qy@47Npy7VZnMONDh?=krx1Vu)(Tj@0 z)5$PFJiT?F)D#n(?@L06n^V95-hWNQ{4jWtEdi=BiIQOUv{_GnpkEpKxBgI(bbE!P z+$@HGmS4_J@IQJp9dHzWtB-WJ(zMShfxbGA@8BCk?%>Q5XX@Ym2K;}8%q6-=uI_&O zjBya-JDMMEgg!z$+X9&RXME2w@%eAFBiC~~!%V7*B|T7iP^fKz-;aepAh#48ls<_i zc(n%uJ&(ZU9B!1b6EurZ3XYXhz=p1DS_Tb)Nf&Xsji%*#Qq=)INUR$Tqd}?`BWZ8t zcNq;>pthX@lsXwz2Qu9*qPu8~ZSE3H^p>P;3qRR(*QJ)eyaqAk`5Oe~^a>J#+!vM* z>xz2H#|s>Upddwu`385P+fX3r&8qwG+Yd00qLI(LENt8e}=aY1-$pilhD3X*f zG!(S5vo=I3Xmf*!Rt4UMQbv_=Ti;VUl2`BlqAhV?nJRU}>0pp1%b3auSnD?AnfPCEE_5mjqQW``S9q`h&osKQcUOi#QL6Y@uCi_36u zA*?dK6C*4~(p(_ElC1Z9{MP@KRK4q0veKe0h*_YPOD}h#IAh9sI~!Q`&TS*Rf8+Y^ zFlYxl2NV}J_mUr6e>E^ZiNCIAjzhHIylI0CLR)v@Hy@+p1gwbQ?o0GC8@x_do0p-X zrgR#!*$(y7AlD0_)%b2)$q7_<(fn0?4W5)Zv{FS7u~$)w{&&q?qI*kM>>&m#$Rh3# zI=Bai#;2d8uTP?~B|{u)?j1}K_1e`!8);S~lJe-gfnK9Aa6Ssp$2sDSTttGSjNhuc zB&`$mS<@@O?>KCeNsAS@I~vEd#Ca~)AW)G5KkBKZIbX54BHdiagjSv<>e7R&W#vMb zuzOMv$iQ+t<241zu~f0K~)KDUcSO=dI{I4FHs2!-cBea>kI-0^;q@vp$suAcOipWy zQ*8UY!^>m($|kzn;_>b1U-$aBl=gD*dT5grckD6W>Fq=CG?3WN9jyZG#e*se*`5x` zSlA3(@PMk9lXrwsp`laxgU4;8BqvR7` zyE#UFZ^RNpZ0hsRB{W;uq-sD+JPWP#cQHxDvjI9Wz~sw&H2fPp4%bPS!fMuBWyjyo zQno-=&}-u|;p}ZDO+H5q=?T)N<7T4dqFQQ;_yN|6rP5B<0ci>tEMja zn{OyActJ(TEl4nv$I0jlSx2bF*aY1@>CQ?H+;ePeP#JqE$`o6;0lSyuiv`H{Dlmtz z1(#p}jUoxmy}?06R%r5Zz7sz!5}()}TfuIeYv#e3`PH#{`vQ!zXzh ze{y@@VefmnV>!qPg@eV#;Dq6l@}UOIQ~xqtkNf|`oNq`|n=yIJnGJe6{QI$wMkRfK zBe*&E6XnLMXxXe?Rrra@Og9^uKcK%E9Jn9mwl-zW*~T{CZ9onL0%0+x=n~c7@y%s4GSl>b@TokDV2wa{8}G199$+MYr*Z0Q`?=N>-5DT&P}dA za_=VizrKj#YMld4p@F-QFRnt{_Ny1qO0fzTYRDjy7i?D<>`x?$o_%_F2mtQi@4j3B z!Zl#Fun_9Kk-QnfnHW(jK)iW)yG zUdRrMDQv#TJ+r61Qyjk_FofT6D*X2!OF)qG&4hLw-vRAr@bH$?iBq$K%{-U<=(YjH zN_NqHH`=a+i;ahTVGsEms3UV=5pv9sd+WC_Av$LAB9yR*$T+dj>TIiut#|6{Y^5h& zaJM^om!=fppcMwv!rqHPpR?Jzj$ zB!!dc(+Qk}Tek%*s?=_W3^bdHyTlnRpu>%|>lkd`xGx@{3mSYNd-*U1F%?O`Ima$C zS;#J%BjK#w&MC6e#{qHr6L)#FTC7Bl-TPA<%7<|&K)~`=2EOz{=Q$+aOZA2I^^j~sgTuBp zP$}uU5efP0prNPj42Nz5=q5c*Hx@(yB+Zx;_!R;6I#nNAr&uPmj3DFQbyqi?_U`p)FbBBe^-JcBRuLdyz7gEeW*3Xr1H6OL zUmg+4kBUsF*`d=Fie#Ob^2fo?_87RkC#|AH3+-f=MyOg+(n3k7sV_O;jEr#*_#g^w z@e1|?%41OQs-PCB{ePLPA0|(YZI#~X4&s7Ntp9fg|1aquS7SjrLM!P_j~F^Qko6^v zA%lx8qw2(^(&P2AQ;<9IexSyexSS3D9HXbvWYxcc*CaX;2NKyeI2kvm6LekZmJwzo zBZ;QB>v!y-I59lncXe{3_LIJ%XNx5RcB^;FJ|*FsztUA80HzKjTs!pYl;Hs3 z3dKs;G}uZ-q{+eJ-E&V_v8)f z3h!~L%Te+2i;d^LS0h-$27C1K#}TX+3l!0~;!wYoj~Eq!rlJ27-E?=$Tf}UvDYMK@ zx}{R##J?eGG1=>Du@WQ!xXJJlaWZrc?GH9p00FPL5jq`MiG>T{w*~G1Pq0E16TR=w z559tLa3^ysG2wQ;#xiHjA30U)8?%U`mUKyUDpw>@iQ}E_@8dVt{=2?1)UolOTZYEh zKv?!JG@fTJk#NIp-6&-8={yLXveVfYzzR(!o$L~Sqp?4BIO#3^XBv&G{P<4X|3uThmjgYOg>X9gCZ&ctzK^!s|FmrONYe+9XEO9Tn zj{e+2l2J~qnq;h=B|dKl&DE5LUm|8fw29EmHTS*#`oml`*g$PSz!$xsi9B+Lq}mDK zLEhxgd`hO=GCoh1LF9*euQ|+%=ar~FSashh1Nh`Td%D@3J#`|NlkNHSM_xuB#_#3k z1PD>!@yhe-GJIL1Sl1|E*tkyOkMC~jt7SO;;X)A1IJznsso)7@qi7!QISwco>yE3K zUZ`l`|H7x-CpHh-J@9{ktq&)gJlV?=fJzSWT4^Pn(_t7sK*#6>f*qsIhqSV%^QOFp zWRpvJxxL5mfw_RKZId;$&H}0P0&W ziEx88I9vZYS-#otYz9LGC&ED@MV$L+{;+VjvUV&Sa>flZC$wj86TF?(uJ7(&yyOld#fV-Cd@TXOK89x#!?6NyxSK;Vj~E z%y3PlA8YX2>>Okp*t%5833>s!T)QS}y@f9@-2H7*0EfJ|+32k>x0yDi7{S8}g0m$* z=gQaNC{4#hKU_Cf4!fpE=TmosE!@j+^Lae_bMUkR3xYPWcAiz+lpZi`dhhxVmc;(y zXN=R`W;cb}=%UPXsVeW@DJ!a$4W0SD_&X)#>1Wcw6W*=Dac<`uh2Vc3jl_l%jI{ZT z22=_DJGR)h8Z0i9_neP69!b)h<${Ywd^HUac+Kh%>*)aI2EQ(H@aeJBCJEmk_s-T6 zcqnK4>}HST>(Y&5rg1No8+2N11RBX~;g(W?BfIpv3G>H=DiBzq)FLxqos3S46TqiM zcP{xN1iBM`7Q&46n1iZ~zA_rSxVMRUy>Rz+Z2R5^>(!mi&4&uB_IZUqRf>lxiHV2a z>BOIm%sYJgSE>#qod5?4lHibhW3rRmU_PM+=RJyUrC?ZtliDPwwzFGX)eAku8oAfD5j1X2|4JV0T98YqQP(^9nRvrr96p!@P?!-uE^Ak zu58M3OJItQ1>z(qGD3609KO{|EeRqbv8qXx=Eon@&0KXaHTQr>*`ldhuwyNEsnHK2qivgnIBU<~|H>{hzk|o$=O8rs-zEv~ zu^TTpB(I8lo48gEHkNcI%>UgWMi%~Z>@0svl;DF35&MOg?ZRWon2M=O4Y}=i2%>1F zcbB7)CK5q)*H253MN$0aC}ikCbUfHpnj_HZ@SD=I9Orb2Fx6cveqT&)9V4t#fQUcu zc7GfGya(HBwH{xOSJTg*dl>4t96J=xm_eEdca<6fvChr|%e+lul2u>_y|Kq{^uJ~2k6mhH*M#_5=n}c&_Qh8fe|GOvA%c<1ty)c5Mbb? zEwv&X4Y`pyZ7#{-Z1pDGceM!t1maFRSOo@Fz0U_eT+1}H--i?GZH`VZG9mV|CWDGK zmd)$q?R9~B%Wpl?@u?B6#QKZH8s~N^>9CSH#K#qbE?{Ob_+c~B=L?d4alHT`40SNl zkSVYL-(D)Xd&Qp;*XEO0)x?231Nsbv?uV2w9#eEZ4Obv zO8^Ybi;Zpw>?V!0od=Lmg6d(SqQ6yk)0?RhMxYa5Sb-Iz*AWF?R9UtPGAIJ3;x7gNa} z*S$;#9aGVBPk_;_Zq)Oozgm8yni+HOP*Vg5YgwxhChgNAwcYK{u05a_%~uEaTS3gm z1W09y3*9o*mJ9tiK$<~OiYV>hAJiKF7w+E=P~zPX-oI_E%h{JI$DC&fbIulHgENn(y?$Kp-h&T=vyjotZulL?qZ_+wFv_*@^?_pdv^sty5wlN z$JGLyKx8xr(l%Pu-0YrxtU*iqk$d*M;){62$^EndKm}5uw@}O*kUL3N(Ls&pR~#F@ za7`5Wi_V1`8u&YM=xc3800A}mW#1!TY`sVS+i+0gY+r&4VL(rZ6iJ`QPW#kKwHU^> zqh%P%oUB4=o3ujS+BM|GP(-KmLbTA7Sin@JxYbFak=*#;`nT2tT2l0>R#N0`OP#gC z6G_W&s`0exLK866+{>u@L*_w4M)Uk}IGKXW?@feX;>WNjenf-hgvaMKCs_xMZT@b! zww0tfFT;VlR71?|s=;)@P3j@sHibY=HoO|hH5`TT9qWjf0Z-eV>&X%<3wvwdMHTWP zo0o)4`xK#irt}1U%!bs65=sl$QZ-|=X7Tws`#Lq8)$L7}g#0N#189pDvhBbt(l_gJ z%(bM$=Gr6SbE}2%eB1!ucTUKb{^jRpeEahFIQh|ge!e%#?JShiL|0r?bJmG;dq&GS zb~U{+$&?5Y=tPvAd*X>SqJ<*Co93-e-AiP4=;xiR-%zdC)~$J!U@AS?2$m(pl<~h5 zKP5#`G_)iJ_aFAq19Q*Y3+8kPi`63S*B)LnmG zYhZ9fYe4I#eLgT;v?&WOCq%pOw??K2cxjFtK%x;7ha{-Bo1pa+I)SyHhYveVFKJCh z<0(G4z<}x;{tjb62`#j~FBOdju{w7x_JCbWzcwikB%25xpz&#ZYUbnci^BDCnb>6X zT^DY1ENiEb-E&&!&n2crV+>yBY&4t$CC8Yo0U9x2RJrg)g~_^po@C9-3K3lFuH26A z$sDSx4z*I-fczV+sF8tD3d(`~Q(d%awi=G8CEW{w zFMHPEaJ~BQ&Z+1R7CWbgW?>}%-2Qdo#^yOYv_Cnxxb;3=4{K$3^mtC!DU-i%&$3aL z_U~Az(rl;@TnS+0%82E=l^!m)m&e;5V<#HYphYU7dOE!eOsAO4?tzO6z1v}EShNEa?gxOEB93rupGMQW+g%h; zKDCWVRCQ2avuv7GNE^{07~1Xy1;&eqJBDsbYtA>72X90Lx4CC;oDV)K9_>ueBb(@& zG-vhit^!pmatFE?cFh9F3AUt=7oI_=%K{Z+CM0UQGz(mq2QD3?ELzn_uqFSboal(EKCGvY;736Q|^Ah z{g#-8&#VlOW2Drv2Pl@d5R?R7t&j*DSxpQ zPvu%t_q>SLv8B5qS9_1(LEsc{|4Eo(<+RqX`Ad8V{*Z`kM9C7Bmhe@pof8_kB*hlU zrl^($z`9RMAnX<2T-8(X9&lXv^;STgX)4#8HDYZERekk&5`K^AK6mB@?Vw$e1Q?Dq#Ix|CUzXD`u#e%RjQRdPktsavOVG?me-e(5lyc`w zCEY8JuNMCpufX&hPJhV*ltYxznYOA5Xp%lgbNY~xSEJIJ;c^6(h0+FX`_V;_l3r7RStc)*#K^ooJDtKgM|Xd_yV9R7ZIV zTFlR@b~;}ArfITaS>%Y^RMI5*FgtnX`V>gsA>m0^9z+J~&c{!fVt{_7>{e=Zrec&Rxk$ZTUG*aL7z7Ryh^n{fg|OmUB{Sv_Q6h!6)#k)v;$ z6Gw-rX)ytzi!yh^kZyUqqX)rbBG(cROSNG;4A(lU9OS+_0q}Kg?g|Edv*il9*2=J5 z4rsnsr;SX9hcSBql5$1^Nvx7*f-2R20o#TE;srblOlC!6^Wm7|D|@|vl58l1#>L`c zumTWHnwoqGFBl6iT$bj%cBc(VH9CO0@8|*-xm!Ee)g84jC(|sK3X)oKEm`BPqGP#Mm*+ z>>MG?2qRLwjXk*m-)n;Ic9^QmJRPjg`zk`N@2|3c)L1hp;O~8FOw&u@~RC3-Hk)u4Y$+b-cR(@QaSTSKEF1XZ>kq7x#p5K{Fs%&pmikJa%v z*T?`@xH^o>EJ-guZ+M`ND5#TYvTMld4S^aga{6uB>0b1D51L){Vpnk;cC^P-4QZ3R zQ9t9;1Rx?6X~t6f3%K5$GiX$<-J53FXx5V?ZI2hK7m`Ar22Vf}?KHYs#tzSlpPI`` zJ8Wz0ciRJ6azoE+B*P(XC(* zwUsxkw3E_H`W>Q~pO=x9J?(6JpuhOiHh7ZZ=~z?z3x)0=Q;flI+f8x2HLdBirm4d2 zj4IA5iwewPC@7m*x=v0JkcxQ}oH5G6pjd5~<;CPoh)}hp?_~K0+1b zHW0XF%vP}lRD@fI!_5}h1t~uGsWjC<-VmKVCAiq2v(y^RC~%snloU|MHzRMNM&jh+ zg>N5DtU;-~#$Ovwc&Y24=>wCfQsl}H_c|?b)jKEOP;~xfvHBmBG_s$Okvi^i3#XiS zp6&yBySjE3{FXfV?s``kqN<>VY{tlt{DRJnmhIXN!s4=CWCQs3Gx7Tm zT{sPClBzO!@hCJv7=b{3+6M$s|L_Rc5^RIuIqg#e!0-Ql@iuY0L(||) zQ1Em_xYyFh*d?f)CUGBQ>|-lj z0bSsY6GSE<3|y^+0Zpp^O%hlFq6i~kM~L4@(}@CaPEpQzcRY~m@y>aFKAm8MrKW?v zEx=R2k)kDLnjpHr7g9?~;e%DFw3+UnBi{>LXE?i`JiWloVo=Nd6t|VmmC6fpH4i`W z0{jr&$vC6_ae*``iNMg-*8Qh3Ms7uVXlIF)EqmEH1_J=4BuJ`ooT4?FzISVDSUGo5 zusg@TT@8H|`EPd@($9)~xceHY3fAyMONz3Kc~X;nb~Cou*J$r!+lziO-N7+RcFyje z*`JvpZy&hnkAFxZD88dPqA%kWZ2}Ghdn7UcU0+;XIAIFrm8?1uNO!dw9sEM;+I� zOMzS>A!Tb_leC(_e6`w*$B72?47WHV2Frckt=Rk`Jr1hbDt+Doy2sGZIT?r)y4bHsxsU>{eTmw9AKRbg@X2btXS zq`RvV$J6ysP`zgnrZ*SUZ^dGpPu^qShpI<1k~}M~dtG>T%=+>mlP=UL3FO<#%GLtQ zPy-TcNb=p6{BIduSDY%b@z$3kG4*r}gmTmqwuj%wkoex7Q(T6eV#sfGYON=@Yq!^5 zbxN@lG-tsa)6ppmUrV4O;<0TkyD%3aWU;on*t$a0te(j}R?^PIRc!fz;3MEr$#|^} z)H%{WE98)*N(RHL`xtcQhJ8eE7-wpnv(8!n3XBZ*Dm~0=)+KyHjCl4*23v{DMfKK$ zwvDL{lbAX2oFe!*Ec_1L5S>JWTnr4*0CDpY> z3PhE~>Z?RIH_>#`^me4l6w(Jpx0U~b=E1QTpFxd?MCXJN4;rVUix_>CR?{m|;TDyK zm?RJ>eeW}bDy@; z%^~5|rxxLs>O-H^U99WmBR{r_h2~dMjL5Td(tPYaOK)JeZcQecZTCf_7H#Sho9OR# z<}i2!6J4SwGpI80mE;lzC7!nj&rM$D_|%hEnZ-+HAZ^p^ii{#rKS4X+nD#>yh)560 zE%w^Rda~TbBH-C@hxht zgh)kK>;k!%;VUVNDzwJ(A2SbA3S_%#;t<5ynw<<4sG8_h;<>~~Z%iiqrgGczvvgT+ zrb>_Tx||t$OKG*9D)(@X&TavlXPK9urK%Fu7;R<_vlk^PP5VUnf((!CF>^Jc6cWav zAII@@f!=Tcq-J#R3eV;Q`EjHU;kXpeOT4w>W|>MM?g@x&&%iqc=DJTxmiTOr04IBM zz8r4oH1%%YkfxX4re{-C*6BG5po_O&4%o-;6aFuepwIIE0Ra6vz@Hm?@!||=P|G`< z&g7?ONc_dCdr8;h4M|1b+COHPjG<2ItuUyZZM<}|a~F?p_G(A#2g4zCQVpL08`pP$ zH?>O0U1F+xAz={rwro4F3Wl@6a;6t8MD%;iZT4!yT30u8yuJg3WICNsbjBSpBbVIw zaVo6?w4hgf&R*jGkyKHapouXxL9KsJBdM)Q8qQU&q`f7i|LB1&<$F==pdm5hDpG6v zu+86Q#~_kIm0^Q5w6WJ4?+_O>aCyWrZQ+4Z+4Cz)9~K90^Qw3Ol?Ahe6@Aa2BEn-m z5F8AUik#)_w^=10`VeJ3h`h)a&1gg?>{ToQousW8gU?85Fy0NKUcC)=J2I2gQWXI=MZM|u zNJzi%u|r*oyA_?2Tg;@JP9A?M&8SAzDfBH)uYrzuni*zjL$=&9&V}elIsUF~qG_Kr zbYK&z(_>PN&a@{n{Lq<6kK5}{z?F`M>= zdpUoYj#n5Z`6>_Mwg(bC2gHxUWzY;9&+WL2#$G9<+v{0CN$QswdzK@Lb^E(bwR029 z{sZQRhN(3$NEmP~N?B~h`&g+wyFj%5vXsr-E{g2d~Bnoa-!l^2Y+1OL2>xhW$?vW1xfOE0T0O zou{<*&FLKJ`lPo-=)k6SYoWTc6;;_659wo>`f<4Kr+^edAj z6F)1xEIh+1_X{uG^U7q%c`){}&b^*MI!z*8f)Re1vrcI&rF&qJ=%2#;r%g@pK;ln- zU~^nEPQwdmise_mw%#$D?@5-yTa@EZtEbMH`X)L7WAHpi9Y{6>BT&n(igdX1F>W{K z^Mw>Is8iADg61+9Q zGBb*)pl?nRAf?kOYk^SC-37pbQO5H%=r%LHuw78sUd^=7U8zouen(1T{TxZGJ|fK- zG5b5?*+Gjh4m)c}G;Y7AGV3{oIVE*4WA49_VPMSvyXj;&d;M=Wg-l7O zZoe9!u{R<&u*sX}wJuYxIiRbHPY(}L-h-_-NK}OffAZ~lY zi@HXXX`!nunykAd6ia?t5lu!utBPLOwo|Dzlx2IP(}-a4lMi!4HHNA~UwBSnX!z`H zjZvV;E2OfqD`B=ekhF)zujBJYH0 za|iwWEB@k#WY@)3L~g_1(=>#}iO$;_S_Y$Y2q>w@!nNrh@?qhpw}H_H1UI0Mn9jwX z3E#Yx8HD|`CB!^)_f^L?<44gAcRC^5D^tDdlc3Nku1SiEcRRz4K42S62}kT=N1AhD z9kLL!bHwUoV8AFR$CMh0LQka{03hc40i`kvJDS)VtL>fxZofudx+Cw1rHBF2p{6^8 zZ4BC?HGMS^GFU-L4ZxLuTrUz#=wB0G0mMw|BRLhFkEkCjGUV66Q3?Pwm zxc)l9bq1)7+F@~*t4Z?Q9}%Y;<^P~z3Y+@7T2JKA*`~lf5`FT#bLM6PMI(F_iuqWOr>w9LrdnGXjmV0C;!PQ zzL*O_%0|K^U-<4aR8BFRqNn!g&t09(T=@V*I6FW`b}~Rk!qUTjR*Fiz)Vd`c=0_=E zLA!*z)7)ji(m)Lc(B}{PcrX}e^vykGgG3YVmzlIHC1O^_5V}>g%1v+tkztfb0Kl5g z$r?$@M+E54=vhH3grr#`f(*Nk9vE0FYfxpOqUIR-|IcFe=f4c~IOZr@xy!~|=QVie zoLnu#4T}3v{n-%D(Y0rLiNvd@*wiA1RNtFdFfg9Bfby=>y6tA*&UmK_odv7et&v#O z6xn#m`43cj=c$>Uy(o%3BONDBg^0jbQJ<<$(P-M!J)mT#+BP#T>kGDnvy4jn!o_4a93m=-&UpVMp>&Tqtup~6PUPaCbZWW1Ua`14ie^}F< z>W8Z2r22s|vGHW|G}`;I#@UC!DK*-iXo*3IOy%W2A$RNJ1Mh!(ia}L5_2^6pfxtOb z5k!&K@0SFFQl{(q6CGtwn&1<4A)_*agC3ZD=;F4*=yHJbqL;jT(zy`-!GD}#luM(CH;9FUS@ZR&Bl8MelL=AnR!sFvhT3s_g;=m(g5~VDW zNCY_sU0bG)MawB49BdEKDo#WD15-4!*IU-6St6f}cv`gd>t7x>V{k=_HR|5)w`D2< zIZ~Lx-L9#Z(;hp$O$*rOIE0qc;f4mIKNx~|gtoLiyu2s0+Yz}jxMbc4n|KJMx5dYcy$SLw8 zxU&jJAO&laByQiaRqqSWp?w`U-+f{$9d2D>x=LO>&Pb5wi$ z7=MvG4H`^U+zC`+VY>2sEEU&5y&Eo&yw^S6yCNV&nRHNQlQ}w-wGDxa2(NAn_quG* zfKc@T{H^%k?GqASOKKh>ySJZHB=rMiLp%zp8J6CaqO^iCHZy!>m#V{s8}=_omCl8> z>9Fq6)#4lA^J|1j^WPC_E;pF}oM=oR&U5FC<4#?~&8}rN0j_sCN!U7>5W5dT*oE4D z8iO?GyV%8^C+1qfWtmRyN6RHj3YO?cxOp6)Jmh+G%^U*?(UAXUH&UQ-K!yIzH|B0z zPP`I#Z#aD${#>IOBn-u?KC078J6&JZab_2w_b3@0>mEBmxlhCL%TleKiu5>Dqy!R0 zk{6&ilrBfo2;pp{EwC6k_($?7;I`!Q*|W1O@XnG3cjVFNdxFAtW&(#DVg zZ_6AzhA{gNhpFgfhOKHA(z7I9??+9b!>>Ur;mv8Ln@(b4x>Jc%39sWu5O!D`d}Cqc z(^Y6l41tAfBICR6Zin$e&Fz_ld?H33^A$8?PD`EsH_-KlV$t|vfu*9xcu`^eSGNuO z6zTUJX$8lz43meH-?(enQd|nV(6Dj)bv8bd)B^lij65-9%NmuqnFFK8Y8J@Vr6-Sb zN}M(VAI@ou{A2HpOA}Ja&`&7dKMS|q=CHX=j4#4)g)j=rg~7p|c^x5h7>tGAwciE= zYToRF-y!8U+Aa7+N2QYx4m7O07mI5NgFg&EWL`RoL_ycGWEPfmJ*rAVJb=WxpN@Z^+Q}D+in^rvws@~AN(*Y)9a<>gE^kDk3q=wVmlBtTiPkBZ#&mk; z=^e#FlsM*7J+fWf3k|SO75;fi!>v1b=WCGVmWwqLnALd{!kS19hN0gS>B{1QY9xWx zp8xW5GyZMpMlQJ>Y#?1@;%G{`R{!T+JwL!^gaY9siHPv72^t&cXdvjV98MSo7EMIZ zDLjb-I9`;xiHuH?s}2ctEa_YaY|$Ff4Je>&n)au*%Vn&RYPBZY#nYtlp^ZCAQR<9c z$6E687ka8Q#g2U~T9&hg!*1&^KEhcVql=j9=V#mkF=?O@AJGp0Ka9U=}&$ewe2)6coKS8&IJ3si76*KRIA z!r9c*+?H6hi{BmWm+Bmv+s{`3G7T3MC&CM^9+&L}7h=^$LYotk&WR^;YD4za!W{~5 zTafU~mU3vXb1a*RQHTYZV)R-ukPaH^MSAymes5{z#lbMbYX@6S+9&o(KHQ`LB2y8lI^vu&}drMFxmJon@lXM!5KGH=mLa?|PMF+PWaW2dpq zsrDcPo7*tS9;e%L{>0+Xm*r>ZgfENf1IS6(`HS#R?OMaj?XLBi!iU^e#{lbe`J+Bs zZ=x3@;0wBM-GuSd7X7;snoLuZW6SHbBoHpnC{sv>tqF5%5UU?{N-VET;u7%(X=G6Z zAJ8mHPqUdDZqjl%S@pjHgTO0VPwKuwq7?V|_uH?@tnOc`xu2FeqiZBKg2$ttTxaAjPwG?qJoU_kn1( zNa4TM-T6=qTB#IIK(YoEr;)nd5&1IuT0 z_tc=Jrtfi{0fW+ToxH9S^GxcVmTAHBSWUY{A9V0x|!@cRlt8;z<%$`J{s;pu@ef^sJQWd5L3k zqbu@pAZ*)gZnn#dVCn9Z_K}9nQ9}?rnd7`M6JoM?o{ce7yZ^J{gc(lcunFhxcAynu z%g8=K7_?cGBrP=qUMdPZnduX8URQCoU{wJ=}z10P3XdOm}kc$`(pN zJAzjdCL6Beb$27D>;(n3!*pl6fYy<5c4#{CJb5gJ#*BEm@s|qAeL@%U)BVfnPkikZ zGJ+C@P|iSK&8StmpNI&8`|N=n^?JgOo4jgV-XfQhkq(gbNNX(*1Nu8%0WJaLu%8H& z`kOkg&ePaV11wxNUx4T#d0bs)K|^fG z!}VZB^20QO;L8q|0lqsCGDNhB+G2Zw)k8Co$tDOhngfP81D44aMm$K%Am2MT;&i89bT}5|(QK?66FG&-ODO z1$1LWCh=Wo#y7*SEHmb?r@K2mR8+1TrXq5!zAeh;(F<}Vro=o@JS_F}_VOVT*S&db zr~(d@XHgjSt(n-3L4csiJNEnR<2MlXkHW5{X)?{Jw=K!MSPXqP+Zmkrt4T(h^%+-Z zlSA%ye+Rp{!$49>M6Y4CM3A~h4S*=wto2e33rk2<1DK(lWF{H>(%~b9Wgqpj-oyfy z!JNQPDnP5w2hf9{t4vb_`sWv)@oW<`Jw5lV9mtr1PI)f9d*ohwx47Zx!S$G=ahZA_ zU`~c{_R7>4IgLPHu8bUy>K3+^f&LKOVr)sPO{Gb(kx%z!~JLw2GjK>696gfv}6Mf zQ_O05w!igoz5c1PAyWMriR#bH!B(WYh|B6xsHYvNz{Gkc`TT|^d-QT8cs+AHk5*%J zvm4Jx04zcO$ZMNA6`-PXgt}0)t0pQT4+Iq=R{^lNum{=0+x6}?W`W+8!bFc~Cgz(l zv#!7&gFZ*&Jq)?&ODTo>8#?mGxjyhH;WFuR5YTCJ?1o`p?$;y<)&Y zwxd^;m>E@Rnk|cp+gzgPLKKJ+br{5T@cK4zM*V*_{o^V=lQGKDA0JSiij&T#&Dm za=#l~2;LHd1QzUtN#@((%z7Cze|Jlx6%HmyT@`)SEi`toxF0qN$s~l$GP<4L-W8}F zlZV&d89SeCob)>2jxI2<0z9_iYWh>Z+q}}ExSbQQz1QP#OTD3!u<&{^9s!GHno^*e zt_2Aw4j5r@C8g84A<^t8ZWLg(<}M+sB&>lt_Q_JZ68LY6kwRuVH&S5<*@+higa^t- z$8Y;4bQI6OsSvW_D;hL|DRg&Tt-OtbRfHK>AS!>kM`Vul^U2!~#J0qZ#fvf(t&MIH zh@-r2x;pO|VQGXw@Uph}o`jGvOOKNkn7CX~#1aZ6wl2m2Q=zMnG{?oo68RK$7+`N& zCyAMwI;C!Tk63&I2Z=u?X z*Sd55`^(JvTNPjH9Y{~=Rg!4-06+xu8`amz%b#mEfLEB0e(Lc(I6jc+HC?05>BEE# zl<9H`{jdjU4uA0a?ipP32l$4=(Fh@XfDH5Lj7i)3Y`K-2A}iU8tA}?OJ27mWvC zGUFO!AiKCmgFkflvwFX!EAOp^50p~mvtZ!44gW-kuNG_M%7NzTC$9 z(QH{T&8<=E+K40B_sV0dr0zvVN(BLT7b~rtvg;xA^;xm~EL1qWi4fyn7Zb!LLQsPm zaN7B}Y1INzKb;@zFW}a0b?ghqbQ$LaPrpqsPK6kUZ^6H#4sX<(4pK9L0uHkl9NgWG z(~mpASHMT(KU^0!o-^(rAq<40H3*{`Jf|lsBIqCte+6q2lv=CwGgN#l(y`q=F&tGs z*%r?S*4X&G`gSbBun<#Jn*j!-1sxZu|9*?CTyH(6$2y=jD`y@of)3B?r zH%Q$fJiony;9nUbkKLY-qjg0odbXJavb(g_v1cZVet;9CH) z!VcWg=EmC?>gmHkpQHt>39iK!Rm)GSRth4W1=nqA+|L~cS>RUmm;{ALD{I`d!$B;7 zUk`)2m$VIaZA-}}BqShDog?kS#8ROu_T;_#jM7pToF3> zHPsva@Pdf_46AjGzcnKE|0!vr(cnNa)k6e@7Y;-mtjj0%K#aM%=`?8UWKutKsv+s_ zfA-h$2DLNreegsJo@GO{D=L`DlYEF2RhSIkq3;W-J^$nxu5wn2lXwrc?nHzjn zLjO{b0L99%dOF5r6n-7dk<7dN`4d+HfA47`P6t-?_#>jI8B;{J#K!n08B*O2btH`K zPd^UM7(TG#OJrKVs&dnhVs^$`GN&4gn56nKU@>9#4g9RMEuW`Mu;B_j1;Cu}=y?VX zXh@)@^WTO)@5e~KfLMPk08f*W7$5XH(Hl3GEZ$5hh2)|=;JIrsjZV6ue`bD?KNuFsF$efHMn z9npP{!)+e)<|)eWib=g=&n_So&pyEwrqL;RliG5E%uUn>#pA=_W? zh}XdNw<;mMW@;HY1`AnKgay@lrW`Atsq=9ha)sXjucf%|f1=gV3Wy9Y00Q&;s>Rqb zn?Ft;%U+{Y_v#G~PeF{)+1PI_>M4|MMd5&3W^;O+O0G!MoC~WFVvC$&`-M z%Y5=LjPIs~0pW7Z(c5&~P7r);JEOj4<9-JRpl%EP)_1X5M7c&Qn! zngM)~5n|ef&bjcqCF_Ec^BTE32qQ!RyQ9^sl47O9LjkGgP}UZkJbV6=Wg=ru7-o+3u7zKlU4vFT~SDk49cDGFIXcyW!5oO;DHpH2seUn zO1R64BI0z2PmE|_r42kP?ROGn3@X5tFQ8sVgv-|sOD*81)oS=t^2p@A1y&n6!j11= zo<2X1G2~`0)oJrhGK*^~Fas+m*Ee*=!GkqVWC>UmRJMCvS&8pXV>#U~?;6gIvm2#; zUCOgyXD$K(T8vSPlZ1NTT5t+ke8!ceDM4EvagCM9<^RvUmOF;sST~8n;e% zDa|rgRr?Nr?;RkuhiNk{u{-5a)d2qfd#9=TFg)@1+9~9xy{Ksd(1!*b;M{dpuVJj( zU@_XT2tU-n+O!GV+pH%=XBzgixp9ql{cCrrqL*QPS)Txb-}4W*7Y&VB-PLqX zrgk;NC7R5Z=jb7V)lLzkA(!sI*0aXwDab^~zo08Mob0zz8PU44ERD^iCq*suUah`T zW;$I>pn^Du(1?CxqQ{Qra8Dbz$+!6P8W{~q-NZttDq@ndkdjpTa3{-q0^{beoP;G= z3oT2nYXhw+_F^%(AOb$T-_GW;=Dd~5>oXXX;Lcf~XUW9a@v1{|a`>V2k>Jr-0jATI z=KY-Qi87k|NmZ&_Y|MPA33h1EzpfT9OJVlvHS?kcQ8j){=dAB~ejkIU$zBMqjyIt* z6}}JnYe#r}i*ioq?rn7@d0kScSbmb&gQ^pNml;>w^AdJDrlz22Grsj~S)RQmY-=EKyqYgdR zWY<^Khb@M|HTiq&1^pQX2YBy zmPlN|&JptMZ;BT69^xW6akJ>VuS^u}v_-D^kfAmZfc%FWPQuYKbQD!GieOY4io;=jkMg=<3@)vq?&%Q8c)sFX`>FByFgtlAf)!=jC; z5u$l-bx7Nk$o?l(Q(s$!y12u>^MDoYR7bamo^Y9QM=bV~4o&BcV&Z_g7tKUCX?RZ& zFyVM6g5Y&*Ysd(P!YCAYC}QU}Qvaj-o+O0315@Zk=6b?D$pl;y#xmelTi8;Uz%`R^ z2>!Kqo`ZemYelKRBd=w-E32{|65fr?)|j?|iy*Hkxd{K?`furAtE$$2s0aLeX?^PX z8Rj$mlpadbK=pC4nn}+j(w(5$|A2f#Z%L>W3MzZ|8aknJ}JIX(PgaF`I{EHnD`ISOUc)<$bGCWMcW$*v`&-GHw zKY#xPujaoc-D6aOd0c+TZdV}YWQ@BMl1ELAb2Zl!vuIu`1k{~1?9>WVFknEnRrn!~ z)$tnm2z*JkO{5R@8@le7*4mkMNIah1?1Y+bB>qv}r1sPaQGmMSI#x*p4HtD+8!&dc z25Ms?YX$Y^52*N@1Coh-lX-jr;VF92r5Ydp!TVU*&KGb9i^Mq;l*2B343MO!*zdSu zJZX0|@H35#(0uCV_LD(@fQWFs7#?d#YgatnGh#c~X|@f{XQ-fNo&dSF#uH)%%5>#!F&S=28D)^yX* zbgn>+p67MXhLACX{T>3A*`mf%hd-GD4F_HEf~I$YTnLbCbk@z-*1_Zi#6c3hR{!%vQ%gvVSERhvi`BxAWS(?@t%{7W zX3Ly1?VQ2?lInvY%JgZw;TL=@{9m>2(E&g%5lR1|~FRK@Y2|d?ezhkw#Tzbe} zywGx=e}~LPhdzE$=RIsPwD0+jJH$`3TXT%0<8X>LAS5pd4y^T0kNDp*QOvmZJ6kXm z3OpN~V5g>@VQMPyXXtYj*qpP#Cc=l#UhD*@GB>^_4(i(o*~r;_t_hu@O&B4N(f4=+ z+?wco!$zWZY&`r^2)Xgpd?&(p#6y`fLfc}+j_g5p0bz$}H^_aBXZILEDpEa}KQ27@ z=uNT7h3uE!fmVN6a_X4P7Z}}NsL~?dtDwldCYntygaCFc=acd)5X=M^X}bBJ46#XK0K5^bimQzRKOSajh7*|%F+R?Rsl(vW6Bt;k}Ex#zs(S|bwo*$ z={VTH|J+<6ka=dt$gs%X)8NvmXMEe)9Aj+QOvOiuK9SD&v8y?4Wp_nAgA*+WCeDz3 zyvE;c0~0HCEbaZH6ceCltQZ4x16!-UGpQ7y)+;IFDh8=%-%v02h)+oFcCo%V4Z;CF z?}OF%X}anCA&$QLnB75gW=FE6NtW~!-04lFuT97F!H^~0y&etbm@n!bdmo*=j{%;6 z2H8eY8^%~hwjSOq&lOBNj!Fl!VfZ+<8aqI`0y1pwt(mW=+`_UeLfVqZs_LC}^L-Yo zh{{Fi;tS~fapPF49UxEUz`gw9J6*&G=r=tOietVJWloLAaV@HND}sub^;qdo(RHw8 zg}b6xNX;IRq6uoxeNZc8rDug5CYEQ^*E|B+-;9&Qry&Qz?*ofn!rIP&R@O zfnPD6Av4d#IoE}wHsOnUNEBdRG{;MsqBW^+L@6fsBb3qEmLr}21RCr$7H_ep<qZsAw3O$(wuDQ!u5-X|^NcV0g1r?chY?DXuDQyVdmc~*taS^X?*;pzi z8YRaPQ3V_`LgkDYn_kfJDa#8tJHfN7o0GrOfqAKuILbUa=T z0M9B`aE5*|i}~W>;bjHfXff~qzzLtq|L%XAc6#`GKj!@Rx)Q|e?#~KPB!-n1@l7$hJ!NU4jZ1jo#aQ~0FcWG`c zOVY$bEvY4$9;VsNjASyIX)_z85q#6MsmKUKH8P_z*d(jEb{G%@No3){0zfjNw9;-& zE3LGYjcGN@{t5aKTFi15^8?zn&{D1Mb3YG1j|*G?%&v}#sEh!Ci+j)Uf0si-`qC!6Im&=!%9vgefBwQ@pIuCBcTN9)dbrF{t*(fP7 z)QW;OXci8iW|=4qPF8nP{H8Q7aTn@98_jhxY8*DPxu7aN?R@8k&MC1F9i z7+vg}{B%o)*rm*e9UX>lB{#hR7utIt?ilSb<|{4fXNo9TIac)Zg!^yF>}*wgr7KMT z`(#1?yZcHV5_81uTK|iUg#t8ZXnX#;KRAA^Tzao;EFEHTan%~~db&Tqn7U9hZxpAz zBBd-ZaIm8I8eSLv0#iyB+vSg#n>MscMN>GwwO((1 z1r+l^T@uxa5FsaIPeyGOkOFO2w$;Ku_h@H>t9&|rOF4hIpI7a>X z;%?-yO22@q(r&vQOoDKB@DwAx<){ax;We}mN`x@CA?Ot)o~UNVOhUTLD5x2wyL!9b zljUgihX-a>j_;q~VpHp*ERdXw{z_cno8Bl&WOKNl0nce{F8rPxU(G=M`u+KcS1uol z*iJu=*n2Cn`aIwmjR8+-IDek4GKj)@*6+0wMjO*z7&$fMSg!VS0j2906o|(UoHY5A zPu)G-wwgZc665rTed;2ffF#)xBR&&k&-pkQcIC571+zx=ADc&A<&sw;+7#bwx@Ei!ss_`_SLO5`wDE9016%> z$2tPjc?P~B`imq&S|DY0sXtpjqYJ=lD4#V31-{G^$F%xVUPlx4`l*f^p*2p2li}_c zgCSaSKcJs>a!;@YMS;?&x^8U?l>CnWVy>4--MIuxqv}i@R0>G7a2zrXBZeQl_UbhG zekfWJ21`zfa+fxV7emE{vv+7h{>SI>V)PE(4xhoILO>ePTS-e$mnp7~^z`4%7k~KU zmzf|65J6-_8IV?I1ljQO16Xr-Hx z_NDh}JTf>!Amohi*Jg{w|M4Q5Bm9nWS{u~T9%*0?hD-dZAr0&15}~dlIT@97nv5l@ zN>J;8Wp*sW-Qe=2NJ$a&%WF z;voO1m>U(Z-L1WPAu|A@yACWN>n-;x?iqDTU?Ly= zoEGoj=y&q83jA<8m~aL}e{hdtBUl>tQPm+N)!a9Boy}8{Y>tbFedp!|vM}QSig{sU zW0Oj!-D(!^@?{s3hyI_o{H-?i%o9Kmt4lQI?xDEL>X`^mqx)3m)7Nh~?Z4_Yt)mTW zWc2UmKb?BMun8fLrsJ6mZo)oGcU*0a!-7FtTeQcu?QuNWu8p53%1mvIk~8WOkqR`S zTN(4rPbaz&F{=hpT~t`bSck=#HjS<})-uYhzJk5R^-Be_S!-p-FjrjSaQL(3HnUOj zHl^%CZHu9U0l3$ZDxPrLN48zG-=iy39-BDN~51Y%!h=nH!<2SNSMEY24zib ziZjsO?WtN1h15^c=KHO}hnZ-x-QS7U+DERd$rz)MQ-5 zMxJ^e=d7WrpMa(grw@)QXzHgaO?{IZRdFeDcI!ZyH3HSKFbqW|u|6V0iD$l-RMC>* z0zrr+OiiF1({u<>F~(A(7leVeg%AwL65vi8e%;3QMI{KM+&sJG0!dP}+Fg3CA=t6p z0y)zvs3bc)&oK6K0&EXdhr#fXeGf2^E=pnEGNtZHrTk!%H>o`__rSxmzD?YEuN9v# zXN8|nx0$EWv}EzAGBYDj7FkRKTv_vY8yOHDBy}s+6csv!5R{-aa}LwvtO2*>2{fiz zZ!o>PxO1NByF-r6>@>gV36&V6w1D@CXs7PhX{CI%SW}ucqO1mJi2<8h#;S`8mb_y0!0-_ojGI}kLifswU_@fpp1t)Vg0I2efvJub&(f2Z zUtB2anw~z4)6f*5rf;^U-|43c=EFru2TF2{mY6Onb0xWqosMfjO^yX2H`V|6u6P*N z9)jWtLkpK=Oe+V9Sw}DP#8o|eY87t7e5anP(hqNlfh}Z^T}X)S@g!cvikx7xI!A%$ z&)Om7P1z8lhBo1#A(-cxLDdl_cCKGp+?8W4p~VzFq_sj={1eEAV_gr0^TLMd^)evK?H{VzQ@iaS3gdr(*`*F2vXr5Kre6y6AcJRlRPnB zwIT!NyO+5C-_BkEI`_j*rOXIH$);i}F%5(&_ymwAW`D$p zL({yXs&P7h85PGWv|{k7E#Gl^lP{B;8hm~5V_2%fi3m~9^-@j=6?p+Oe|}aEdr55&gdS)Ay(Rf+=;{8ceJ^Rn{ri-P;VK*?mmEk6~a)zXu786B}Jp z#eGrr{<%eY^=Mjp%6FW9KgO&oWWP_fG^b`eadd8PL$SMl=Z?OKp#%Ea;G&pQdoDC7 z8%{6*>X;Hz^sICV7jgK=7@nWuF8N*$uAf)Q)|M@e`G*haM;1glp)`pDAmx|P28(;> zF?BV(j@Jb-eZd^4UplAMe(tvoU zQNHN-%WQOsc%(1$1nA=+8e=P<+=TcArNj8T7(B`JZ`UPwD+H(O`BVD+h;(=YSZVS6 zWSbmsRz=wcrcWx?9-~@VZwnmc8Eg(6!HA-0%cPl(E2KN*B}JQkyqS)Nle^XZQ=iE( z40x4)9Jqfu#gnyRV2cW3rx=GK9p{YDWcmIoirGcJUpsX8eReqM8v5FPNoFiu8U}<+ zjoT`w&o`EMb2}L)oL~LTXN0YzFjs>=2s*2Cgf8j*a}F51$1goZQgw2lmYJeFt03IxYNAvX6{W$^! zGN_$SO%}%bnbmkk&3QnTB%C$Y-X+FNM1vhm<7Sl5Lp|EKIcMvt^4VtOOdeOQZBfmW z;P!f-o?u5VL!UZGuR^Y6=d=%e#IOs74NUg>g{zvna(Ku!Nb&}K(VAEp1q~q5|IQu4BQ6sHE967ct zb@F8!4P%=SyURxJhDd0v*y@^?0F{?^t=Ac zc(KA%cXPgSJyMp>yAFchy~s(BTesA6+Zr8jH+8HY@_6ZUUr)Su=XOb^v2u7CM*;UF zWdx0!(c;S>w1p_bVEpEyiL>DY=L>KPUJ*iPMfDv;%k7Lt`5gN!u!~>^y{s2d!!oW3 z{YCE3d={YL`0|AgYt--uuDdBc=D1;$fhvtMJ-VWtoXab74Rgmwb)W&FsJkfDn$h72 z=&yk3_@}-IoQTt(Mh}1u>@mW}NJ5|@-K2Z@mMSHcaE-J@cBE$7{VJ(h01_HDpX$^* zF*Xya4SY>(i7omiAI0s&5X%X-a&ULY6mlV1uoX81lDG;^WE!ST;24OTU4a|CzMM9DX?IKu@7G|%HplHmC`(V&HRdr>LayrE<19P5E-XS< zswDdoNZVNL@YK76XTz2qI2#xCY;@|}Vph-zCm3lLR+(V_+`~-$*$oq!HP&#ZALxwW zC4g2IP1$yiPIrZHx@M&ILZL@L3DPyYL(}@@_)qA53ki9-e3^cHN<2M$CeyJ>r$|W> zo0T1vEF_gOEhMdy-;x{+=@IDqS79FJM`*yZf7K>kn`Rk#PU`A*yBd;I-6HE)Z(`-7 z-<@jjjq@;d5-W)LJL)Y2GY; zNY`~u2ytdYi0?DCka&FUbeNN$7CI5i2y2T5JGXenU*3 z3C+1W8zY%ffI>TvZRkias{>*-I+-*D=ukw_c5FHt{%#f8YB(2LxgpVxdH29uL4t{9 zxhVBVP#>5@HM)8!N+m%!u)r_VVzz1G+0;}!RSR9;c*cm6 z1eG6NZgMhsL}9IOp8?n+(ucW<_NMS$sx)jpEsw{I> z6!gKqkv+`?po;$^flWN|F%QqpD}mz;c_ zoS)!}uqM2;-~Eag;pT1DguwYYF5!GUV_{spQR5?Tm*7dqT?ZhvbL>WBAOw1tFTT~k zYV9EHq+nLgc%<0-a5r`M<_`O)1FR?a6P(`U05xFxRuQE7384Y@p;TvOB%nJHdTcP~ z5o+)mE?1i9>%*jt$M!jI5|v$fp|Ki3F#oIt`>}7qeveZ7I|G5PgE=J@_ug}@1Zz^? z3+2aUema{?>1EX{+q}`WQxRVrcr~=ioGXRmmr5123Mt=x* z3K=>_G}!^8QkhKbh@VwW2gJc1@vz4GZ2%Rs({j#wluuw9@r#(7pUp|_myT&oNvHyM zs&C{Odri!dTVvz35G%{8cjJXryOb@P`6PT=InSMg-V)`}GR?T_+JO*3U5DVbj1;J@ z6ZJ0NYAl9xPh-Us`E(Zr&8YEKGB2SqOhshJD@zpYn0iig!J6E`5VD$5!bRTliBGnattqVUZBKYDXP67LB{*7X1)Tih=Tj^HeMbY1@3lY8*UO?86q(wf`CpG#0n@gEWUC|m$dvk!q_tHG z7||L#Rrr;wMIW`*OF4y=M*Ud?7)EkvCQ?p&suA{)QYIS1H_U(Oo2K6@>E zquLr{5AZ`(TR3lCZJqRc_zBJ*15&WvCg9qF7(4zWs&v@38buPz-njLo;V(SOKV7q3 zGX5fecd7Ea$p8$_AEbsRRIJ~U(p662Aw*05HC;!~;YA8oXR!A$R-)QLGz}-5F6Ni- zWO!L@@4^Zl14-eIIj`gU=ZQiN-WzD?MusM^Lz8r!5nGVcvkgfIEn;+x5LP#G2jN0> zffO6Dc4uO~HeU{UoSpj)T_GsP8;)tVRZU*~;gke0MFO$b7>oO)>S=emfc#3zb_M1m z8W*jg|e}ZZ@t61HQUUlkTFenX951wED8~jTm)dTC{~w-;>omjcI@GpRU%%{By2uvbF&sF;mPb)p`nB z{Afa!TyDixs>*HMiNf$Q6>rll1+rb4$lqk4ISGV5p)g`K(TViYa{O)U$%<{VDuXARlak^XJ zgxPtBCBukAv{y8vg?QW&%wj7?I8&RF^7B!oyM?#Cc#t=>z1(1*6goW6q!9B#k`tN_ zF*dwF^>#BXr>LhOO<-!eG&NJY_g=$oO;2r%9vaq#A6%L9m^ubqI^DSV_`r3eKJj+0lj1|k)w^(iyXOvjJUKpu64ejx%s*)ewYqD0Gf-&9$$aQeg{~$oH$o=SahGu z;2kc7;8yOq>a2&=GdhN(sio>1DBoUgecMW3o#eiv#>+t-hrFCM8MPW&A<$TQrBv<} z=@N@vFTSP~jBDn5=~6%{w{3TO_v2-@-H@|FU0*5InkzHjvGd;nxgyJc(0?n>9bj8o zB$-bBc2VK|crt3Na_gRqr?(Jqxh;3Ay!n{?gucq!Zs^a!;WNE7Lvk3aBmxsK_<$w|iw|fSlu&Dva;~9h$&5tKMV1*t>{NsbJ>*LleSDO03|2}i^Ou)3T}gWs}f6}nsSF;5XNg$f`Q2VW)6u!Fn2wugq2 zcndiy#AU4r#E~=OJLz_vq@JNIq)0=$!las7FT!y@%o&{|#R6-1BOBcQ(WW>#Hr>4)u7Sk$)b?rfMr(( zCJ*8XrdSMQ52H2BD^v1X8e>*BQ{b`#m&5wnDE%O1!D)eWqxz)JN)PG?iaww5scJ@M z-0a~MVWk4V{}Wta3bIc+YHb#p#D495k-CvE$tBB)G|0F*rxJ^%Ko{*jzDOG{mOMOf z@8@Q#>tR`L({b}z7$dKwr;IP<^$U0{KX%ag+c}J}q8C)fWEfKUh_a)z(F0lUQ>hnw zat2mvdIqZ%NQk2q6YUM^zd0L}sxS3I>WOLWH17XyIuUF9i@wNn+=lWCG(5td#n#*q%L;fA3nljRf04kB&4xS%zhTjtqI5AgSsi8RY{ z{R{o+^`M1BKe0GX9Gjg9d6}uIv5&ttBq`|E`jm<Gy4Rn$8a=-M@a|bYGPl** z=Rt}@N?v{FlkAvU(ZMEk4`EHB$y=ia=wO)WFdRyNN_q61ZEjssPgbMJp#Dz}`G8 zjH|dCyGTBn*g?2yYE@iR%lx%QwY5~_W;L0qf?Q<^t^?Zq2aitPEC#dXV7MC3XK>gq zeZQQT;h@)O`n*_oqPA*$LIUu=;OuH&2=Zjoo;tB z+Q&M1;NCqeJ1dc}iduU(aOkY`!IeeFWj~ps{l?&7wDgX$>%8Srt$liZaSw}$)f?t> zCHuaU@MkeI^@l^Pec#+mWB`32@7*Z)_is(a?3@TXIY+q}I`5))g0;G)JaTQ#;`w;i zAG~O#)$0(m@}AA0NH!wJ5(lPKbu%$xayVNpCJl7E+-t3yhcggxWTc&$PS)%=ne zSycT7)z7?UNOiAahHkbmt(B)gMBe_evIYeZ$_)Z_dqLqzef%UsV-!QhEGpWu)fhq z$Qa*1YiK5kP@yK}xb`D#>E@{<`(HM)GsMc-c>}K$X(QnY9PEZB$ zcYMbx$MdSzY*ulynpfrgnk37)lV(k3M~Q=a^X6@2Ad_qjso_3*6g|8XwU>=wi0Q68 zPtVK{z2em)T0EfR42Y&9x3u1A-09&-jV5(i_;xObm?(5F3F`?$$Lvn5M2}p8p$Ag& z7aj0(3=?a9kc-h`k}Hh-pCTEwKXOr-chYG5=h z(PT7w=}kwoRqyxEP56e$@RLTx2s4=(g6g(mU!##q*GX>Jn4TVANOKjnqs3g9$(O)z z@N>|*l9Y%Pda8^Zv6-(IloYWE>O~P7D4XH*sYrrRcbxnNU0c3(4zAFQYP9%_UdAG& zH$9`4gOz1vlHMwp4sFE+UvF!{p_Fu*iCDH_S)iHtPsaUhwhXllDhVFA?*!5G{oep6xtd4>e-5l^tY z-RMq>q1c8Tq5W#PoZrA#YWT9t!3uVgtD8y9VoKt8f{YBgX-RGu67* z?Fxhq$jVRGy-@9zZ1v6Wu2<)5+Q4qOW-W2dWMb^)5XmX_n}eWqxC8PYOZ#B`cBMZ} zXQu|d*OqYy0gn?*_%%{RE7QrOB|KCB8k&-FrN4!A1(bk}pdtEsCTyIO8OwWY0MnZd z7bDkpyx7O`AR+A#+td=35ZMqvq-fC(-DSzKokIukYqMF`o^wfd&v@BgX@5>GwBAOI z=&GbSkJz~PrM9=~D`RQQktH++kWC6Iktf6#8%0K=Jf0yoL4D3vU!3S%B za9Pi;7^@DYh6hHTNd_rwb{~D}OjD%%DB>zN0$|= z!b4(qfRR&dli(#v3I*PCY#jhE+{w{TpWdI|2yGFLQp&By^%9@nhlauUh^ELon6cr% z*^!|6Iwu(OG{kvWJpw1W8_%_;LorehBO6f+MDv54yr1uMCcSoTYwURf45)4_cm-Ck z5dv$a)cB}&y;RpF#+ zOgth*VC(A(fYz3lm|U28dnA>WTd5+^)QW{yyL+`O7wPtkY9BQf%as>lfF zT1#UQ%zgHS@HS5X`uD9KrH-xP7${=PDJP9f&!Zbm#EJi z4<^5n`KDB6d$`;U7*3Y5te>$Nm{=N3byG-~z%@qDQ5~$o|Hq)%UsUny6H)tUNBF z-%v6h*t6S~U<%5EDY=PpLA+QpRx+LoPJ7mH6>BWn@HMw;Nn@t6Bb55$D?;8QV0C=4 zMX<`ZC5}FnjH~uoOTM@D7m=chD?v07KuT4o`bG)|Iad!p`w}xOG)b}!9!r;vn$qhe zcO{$z0fjd{u$OaUx#iQE#!K>3e_7wpoF0-y?-7B zZ)iy@b$#Ob7PGh4c{z34Qqz~2z`(|+bt+18OvN2%Cccl&%*u1bC^))3Te-Db6ob7_ z-P$1d`V0*<7;D8BxyV>P#G_X>B?4n#TEV*6RWKRI#se4`W6<>C;hCsY8pnj&qQpRs zBzF|V)63ol_7)y?UD^Kk_P(8Gh*O?5$nFyrqZep24{s_t=zO83AnbWbp)55%*2idH z81WT-6)y3oD2&i{n;)O2DImL-m4tgvE9vG5ZMKunUEKZ579F4LJ7Bw+V-lo@0>ghe6xf0I@%&OPpxnYFauoB#<@Yp%>3o&vMnX}` zuK=#yT+{PCLeRhFrSVHzDsaE6Q;CILVWeocSQ&|0hgTbowtSkPClSi1(YMs`w~Rx8 zEuf?tJE(zRMhI~(+zxpI50Sbn)N|Y3q~^CGu@>>lxVLViX9&Ao_gb`WMHf=G-?Ycy zN2#7&T#uEcBvX{?nwD1dfnw+DPKV8WU6;r1*yJ07lT-L!Sn9Q|3xqJbT*V|u0R(iC zV{JzK2wW9G1xM-7`Very-a}EzB*DSz5qw0Mkf%-BJg6>fpe1I~@C>t`R;$qhsn;RT zIS<87>Y{u7sjt7Ur1~#ygwNF9hzWs!XUaivBJAVD?XlTRtR)_arJK$^p1@ya-U+je9|}@GBk1u3KDbQTOrvwW7@;~3g9~SvP&;z6T6|;SsH{`{ zF`du~7yzupfP-m^n`@~pq-4kDfrVEu?ECD}RpTj`gEX^0GVpALi_rk^=NS;(u*5f%;#?5drtbO+6s3~#Q`eD(o(M(S*_1Q{4LDe*Gr0TtdAYhDk0y7#yAYSho>*=pyzSGFWxfuSVP3~f z3~wL(P0={?5`U8DPrumpjo4ZFB7i|Akfw*1Sle|%i~Zd5BF1@Za;NhJZmzFa7eU$k z{qlXfI!K5wP#RpB+j8TNjZ;VK_d;Zjk|60j9oXqY0o!(tbmiOIOZd~`hsy^5Y0Ws=l9Urj=CB^5AV55vgaRe_2}kG?u` zweo-D$1dS|AM{T~FL;EoY3_?r=(fVN-*IXx6$6+me_@I{iC@!W$V$`i4ZmIfmH8}a6yLf#A2VTCqf9kizyZJ@e%{f`ub=ayqTbV$r`?EmNA zwl)+hMPp}O#m2^)!z$BTEAOV_o9qNPLn~lfX+Q0CS3hQlJZ3#~d0x!?88b}h2IKph zL-LsyRgXs40GtcBCKhoA%4cDAXbPW))PQUi7;cjD5316QZfCS2PG*(tRd+wJ$>t=Ph?c8~IA{~FoYmAi+269{83!ts zJoj&592_k-J>g9M$o5y+@O8n^rl$BL&o+axu$0~5<&WU74NZ}>_ZqlGCfv7Gsck%h zr2nH6-}Nb9bkd$<2CyymF3?i$1{IaCC|xK58B1U)3ZAd0!J>M?Sn8AE%35J2DJPLf z^RQ~3j38)XQsi9VI{_OG2hR_WtN!TgaP-7dtEHuMg)lI$fJ}%=q0d33vj22baZ|QM zIQ-cF*MyOl3{H14ikp znvm#&^2ovc8pO9*p(pT@>-A}ze1CL8XMmG1cB6kssvRJ6M{~qKu&Esh>M34*;XcX= zNX!Wm=DQ#n;T5mxfJKhO^!sB9YqM5r6VD7%zH1GDCr1Xum|DV&gvZe#|+tN(0xV&l6?3 zap_0kJ#T)*=; zhtC2bhs$q3d!~w0fD?m7>>RlEsU#(dt}|`DWoP-O-O#ou5>gA4HRDpEF{I)6ehjqK zwRi~zIC`LJpK7eACi^50;$4bEK)nwm3<|~ROk2fTGu@2S?D71PC#**`Kh}-ATZa|h@4X@aX!uFFu8{WwA zJZ7+2s948&)fmJBLhY`$tF?-Mo>)TX#H_*D$ zvtCs%I1)y^Gd(H6Bx0syf|iHOiwNF)SY08S`7q@74x|VKj)DyPL)>|bpqchY4#p*8 z`OnZOhrjuQ^3O78;OrhnyXY;A{YN58#WYit-Wf2@LQR2lvd%A|N^GZ1eZ7?iq8S&> ze|e3$ZzyjVG7{VILCSuKg1^DE|1?e9Y+%U+t^d9%N39xH1mLFX3p#uwnKNTMt}{L{ zTO@|4-ZUXN1K7XDT2N^O3uR%w0Wan%TS3WI6>LLSg%lj_q;?uQNF{L15Z!t@v)OmD zOCm|0#*{-ap6w>;7lqbBFS|n>o72{Nay85`e79OYZOb zI*+8gT;?%&epABa7e}6w!~ri*~F~!+p)7?wB6G2K(~jh+oBV?TgSEMiC0b?!|Dy-yYNm5Wiai{ z-7QdrMJ2);V-^CRy~IoWCY<}b5emrfu;0QlfOFGlYR*j>M4>I-K;H+QauE{^klSE! zB`c=8gmxe1^Sl0nXu@K2FISK==AJao?F{K(!*{V%f_9FFHJ4;N!X=&J;Es5;C{w0^ zfozb|ilWct`1iO)cz8DNwCNWUySOx*S56r!UH2GRPcVwNVf^KsRGHGyaeoCJZZyLE z;g6-mxtn>LW_sBJZaRi_dvxa80s+XtlH%}z3U7-Cx9D?)t+LM1B`zhGgQ`T&tMe0V zSTY?Xac%aV7Szu9$;6-@(f5Wui{bNRuyC|T?bDb0>If!y2rYTn_$i_W zx5_@HiqBw`u2)rEv0gkeU&OfAM#MCa*)WO9RA({1w8W{$RVM4wTWd~{7qLLz+8Q$M z6X5RT?t>Rf_EwK*em>cg0frAgMl?EZ8b~S&;v>A>q!0Gsa~+)Gq>t0I#JkZ=rd|xl zxOUYjly}QXT{vqvlJ+PzerpzL=gXr75-2GxFInvb@U1SVZF*gXpz^S@7!98n%kj%d z_-%K68Afmpe;d3W*ImV%e97Rs9wZS@$dV3bT_G?KL&Cd*yF1Oc4hQI_JYIdX>m}IM zaydsa-SaKD`d~L49@F~3k;8mx@QB@+w8l3yH?6zU01PC}TTY~T zi+}?>Y78Z9S^ReSXm5X=Hmx{go_SVr#*W2vyF@JT0;0d*v>{EvNE{0c-z}ySTsfdF{u%}Ckb|o=F^B%l`v{>t6ywBF0XS0J11^b)Xn@_x&S3zWuc**h6iOAqvqHr=I~@ThY);Y0y{SWBHQQOhB0X% zuoH_h$A8HVo`?anqLc1M)o7->!F&z#d4OtO(KuH69mO6!Q~Yvi9H*=m=1p>qoet>k zKA$RyJgEqY=W37gae2190n~W;1+7FpGv))^&fw(1wElMXO3e^{1UZeVbxj&Eq`1{i zNZW&ccBMDP@43g5nA6Y;&BXAzO;sOuH*@c6NHc|VM$qUMjzzLChu&&Yt;r*X!xOT+ zYoi4_SMcrAN{FPtste_A%S8$o2qoE$7Y-?$&4YgW%o)7Z@+A0)$-)xW#_c@Wos&y| zY-8}0hC^g~(f?O-FbQMZD#bUDH6}qrHjM#$C0_UYWHpn^_;D!h{bDfe-;EzowyUnB zZ!diATSbGLWjEY$nOuu7)NVdKjTT)t3dUhhP9Xrudyv#bB?Uuhk4J^8MAPUEQ?SHq zY_|qcCUn8)6X=&0Oc7f~`kF+xn5!X6G{!5bR)mc*CET>Tj7o|!Aa1!HvA_bOE|rou zR!mEa{gtR|xd-gm;Q{;K4cNvD{Z!83IGNC z4*a-iF@e`id_njPA>NQ5d>j1A)P}Y6C`i(7zTbBI8jZn-aNC>h9GC$)PncwB z8)F10N)&>5bn$cHqA?Dx)VC1g33ZjRp{N5ev7wxpxvr=uU1<5XWH1abA(?9kKyt>D zVkqrE*Vtv3x{oAHUsr-iVbz~alGVWhT*G$V6fl>v(ei}m@OYY}3Wpc^rY&Mo1jCT1 zkU})qL9}VSy;${Pw4V>`QXe4QGF4O1Dg!84P~IdrqspY?8xV(0q!8s@cqOO99~2}b znG0-gr*TQkc`J6m!ov%n2c8PVIcmJdi}IFmz$4I0w?Z58KsSb$UDdbIIGQ6e-zoZlIw~-G+J;ovd+uLd;xS=oX3EDQ>X1XO}u1ktF^=7 zc3-;jdwaf3s(AQvtLM>ucrTcUP=Mp|-=^T_aAf_PdWX0U05H~dCWAknNxQg~eE;=m z)j81dI5dArXhe@EgT~kxEOOxU*a#lcQ6R{Z7HOojk>{DA&K2-!jDxTEQf!RzlRKFy z8K)%8Cef@h2f4a}rM9^@B#0BGTJfHmhszYEnscA5ZWSBJ0cM9v# z`WMk^8Wpcq1KW9f;pAIoyMd)9$84*FNa9xq6r*9m*X&?waN<}QkDT0LKEv=a!X`T5 z!^=^2!mHYX%(My_q{f~VW}>kmjk_Z5_68?f#3w|4GP#>C<@N`!ndK1=ga-%8v9^(Z zrOijiIgb$qxZyab{4T~GzOc;69|C(Z0+}~#%%1tG;)n!&4xsdyRt=Z40S-y8euJ^WQS2oX;BZ8#v?u0Y`&B2=zQF zS>yZ`&XaW{#B*qJgfY`7IKtMkI)Bf`?$^(^iH+EVx=;+W$|M9qw%aa!6U<5xKjeu4 z+M&2!A&1aVHu-UBQ?h%tsP)3)40dF#j5Cg7wMl|AL}$LOFuZ*9aTY|-#JQzYSXVJ8 z&!8u~CbnnO5{oWq;mCy}CYfOMnJ&D~#G^~s@BHd-J|p!uT6E5POZnT~r}^S<&;lHK zM{i3`dC}w?RY`YuS1c{~q`VEDHjls_T#{R;KcFPP9Q0?X{P4%o0cjvc}k0;sdJ>tB%IVJ^T;nXe>iZt{=#c13;gs1WJ?_`di1!2kn}Iykb^ITE*l zEIY=}dsKCr7+*qy{CnUjCLkuhhbQUXx-yV*Nwxu3Pz~qSuLfUa9t$v6ygi;%0i39GI z9?W9=doG!&6YB~}_R0--t?q9)8M+X=Teu&4e+FNfeXzo;iU*NGm7ZSVHbJ@KClurG z);07h$>Ljll*~U~8J2NtPAUnmn>eXXC3)Qb8Qx0;xA%(6EKQ$1hkZN4md-#4HH!aiT0eXMP_Yp9@kfMeEbvhH@CbMa4Tf*Z2lX zQOJXYOV1bFZ}aVP@!Xo?IoHt}t^0j*EtQiA-+^CE08f(|k@RqQ2FV3keK5TpKRjbV z8*roB36dUsv$_zl8@3Q$d;49!SRf9v>XVPyn9eC0j0$DOYjZCOS%M4Zp;Jq6d25lA zDhtaEKZEgzSv$wys_vYONAF;o3tG`EK)4qlWPtHyuFyc|+TG=`elT)xqe`frXGk0& zPmk#^Mvh}Z>=a`LE>trpHkye_1c{n^8QBKDi7*`URyMVgqzx*}$!~a9v-~Qp3LYIN zaU+}MC`_G`&+~`hXqD}!0S4-b#bmRl`7mE|IRfYwIDHyJ4;&u;7L7E9kE1&l;(h;Z zHM&N}QSi1NA8)M~rqvQfhaBqIIFF|$OmLb(Mzd6$i(ut=NQ0Y#!${hZxOL7RI&Y?P z4ENSfwnz{`>^)7pD0tkCBI45VDpf}iY1q4(Bo1d9t;d-rjcTRRsvsGf_pmGaDQ$F}9;7a;>Oo;r4Oy_@pd z#RI!sr+a6Jjy~q`eKD1k9a{{F2L%W3qLSrb>vZfFX zd*Ge3;7!K}7*%F+f`h~8Z4N94j|x=Ra&*_14kyi!JR#sq5z;J_0+p#O>U|l z>j+B2tMGCQ?UCK5&K;rPPjqftX5b?6T7ZGvf#=TF ze0bw~@8C5RQ9YA0zH&xXPc3vmW$2DFnY-`j==nZae5(veBeb|2=blt&m)V8x5uFLa z_T=N{%A$$9Bn}6`S52sTVD+J^c*2PzgaSeKPEYS=Hdbfx0}51rrtyp(cDr=7_3gum zP7SVV?Of`r31mg+K|leF)w9Yf^sOdJ~R$# z=m1C~1a&vfT9`I^SJ)xrtL4FAq2>a3X_dXMg6FfyHTJHX*r6zn9n6U|MGMki^X2xb z(0eP+Oj##02}(x%BCHTFO9W{cnh z)3~$_0z{;Cz-aIgkr}-k zy|8RrsQfK)YI6_U8buKg{{c6 zWmirFwXrphw8v>0B^f)cDkL@ z(yc|qIyF=g&&i=#$t2+Z>1Lv+HqrtjsW45Vh44ac>^7>=BhS?Ooudz3%t?P5U27c| zS@@Sq#NS_1BuSugj1RULW3`K5%yBB>_FVd7`v-xR_+ZWol}X!k)Va7)0?pZ8O14>& z7N|++9D$sHPQ9V6w$dHZa#5y+`DkIIV^SClv9VDAlnI;@dElD>Vm0^}kTvZv40H^= z_@hFngqgg;Im%r8zPgPI=3mf?)m%z7fTSh-&2atraXn0kA6bQblFU;>Hobd^KR@d{ zHJBUy4bt?zw4ZJ`nd__%f7Svx=V5Hat@Z{B#6IK zJf}IS5)pKd=nN;GuAjBDgCoaXr?0D(VhvNJ@j%A$Z4@`?jg5X>8k{;OZ5>M3%%*Fs zz%?sY=r%gTSr%Vcwbqn?-c6AxNgxxyeDW@AiYHdNer~S|WSEM6Za{_3{J^Y0SFKXf z*XkNm^-NQcVY1bkc-SEBUJFbUjvqa}902CzITX(O%2`u&wnneL!fCw3pNd{12zdFU zwA~HJnD@p%7W2ZA=Jc2n=?9c8jYBSG_wZ`;F#0Ol@#iI|N+|n4NfzYOae;EZgLcLx zIk{txp17ycJ~W;Ix57a&?G^Me#%rg3eALq-=xJJm+7jd|aEKbi-~(vmEA8nHK7zwB zl8ROd9}fDb?`4c30-S^Xh0Kuukv+OOoapk_?}~?r@X+V>dnJ60D<2Te%;M8yZ_|^S zw8q6qn1C{N+cj;jaTc|oLHz3KDJwLL8=Z5FHkK@#DyIN6Rji`U-x@KqPLz62KII-Y=ByJ{tj)>- z)|p(~%a(4I`B=6=MBKXE=4$t7!ujP;Hox3SGkgu^ZI5T~=z1L#GpXAVFRdjmyws25 zu1yJZ6{ojLZfc*R0|7M7ZxKbU73Dmn(iA_Is^lppqZmRYwSA(d7T|o_9N;*k`HP*_ z+;7_+j>y+ingM0uX-tkm2bfTV6sM(TXQO6nG)HB9W)|E9*9+KKNtd9ASY#BpvRr7V znXt;}+dumD#8Upy7DHg1S|MMA9)poD#*k)FSTg7Ljg}gC!gNYR0ZJ8vwEG54akHf* z8`O#gh0%zYpJYSTso?kzEuSSLQn#pHvY#RjzGQcPkDFT4F?^0%-^P?ds?Nk`F#|h- z>7-Xt@oWRM{B{%|e5J3|gdzu(QSB_`NIax=X}>ElFYr5xJE^3WP`SNWqzeW2(dqqC znZ@yGoy4m={(xaF*a)~ZxG_ofX8bF2zy5h+H>J&6P)1Ww-x}jS83fC1T1P8Z#DJfX zN$}APW%X`#vx;b8Zuyp0=(}}yMEur8cxpKfMp9xh$>}fb6E2=@WH8|6MsDO_2IA~? zhB3PXv5WK|NG?<-M4!{PmX#&XQWxxuTptgV8=S(6$?eITtb%pOGG9B1pbz^$z<0#? zsYcM1VuS!kl};(e8*4*Z4etsLM!{CrV{4Q7Bz$shp?0>eL--!g(6SDJ#UWXrx6UDQ zMVJsXTiyfUWOHjxwmEkXqmRCpEC6=^@QK&K;*M^v=bUM`wza%#2wF@Na)Z1kIQk3* z3YQtGU>2Zk1s1(JBVE9lY1kqC^!keh5#Z_v}{86hB11Q?1s zpi%IyQO1&n z_IEe87xU-CZc~4kOn`-y+{CC{yFZnj_imEV%pA~rZ8U>B%N}--gQ$ZejenD!C9$nr z=FE|-A3QjcoIVAGVQSb9^g5z{BbSk`fp^xJIEMbkZ{u%N;6Of~cSG8_UHF8x0r>oe zpuF`Gp2Zx!#~BfRFsLCJlh0xF+41G%8FCISM)=72Ik7VLcSY5`w#LePigh|NMoee6 zWl9d3z(eSvTx{=&Vse!D9K=Zu4}KazCurIWy7|`&v_{jOYR*CgzSj|)TOyVKTG41v z+9|SJWPFD?4h}WeHS%iY=y?X#=x70zgU^*lbr+;34ijCYtx#!$JkS<^1KpyuKMM>g zyl8t?cGCa8>z;xvZbd!8ODYBPa?OAMyS{{Vy>Ggh+iDM-1DW*A^6Bo?@1~b8m!Dqf z1jQrR(9bxtmgx~we2}FV^$yU01Sn6TI3zo(+I`0;jy6FJ~Y!39= z5t+R(x)bctN!eY~G%Ax0ak4XfQ+HxJHC==cE=HpzF()y&XsB0M!&XDhrt_=>OnIId zFohj!?xj$?A#Ri(g?n_b`;etKc+Pcl$)KdpId#b9k10u-wI$J zvzfuv*xF>HIvQP+%(uq21!kLdI`&#Oot_FkD!oesURNunjib~>aD6(!laI(d67Eqx z7dR|N>`$xM@LZ9v_7&39hLVNq9J3hqx0on4L=s};(&Nti+G&5EJ`>wfB%5E;Id_y5 z+VQ3K%`{vW?7er$#>#lv;cOFk2#E*wHk%Tlycc;fr^-N-UUM)}Xp{gXBk7sxB_anB za)px#n5fV0IrvNE6oULxZLygeGLi>Ybz2-}^aM|-OM^-EE?yQ=key>NfCK{jGGnbK z?LsJw76a~9!mL$s<2HX6sq{mRIFXtn zba`E=u4ZQ!HB8dK%J+CVWRDl{jb6q8=)NJb@`Q>&)9vLwP#{;jdC8V`dI{o6U=F)s zRus33_fJogZ=dE9q_NquAL;@9g7{CVY}(LtZhKZCf`SB1Y*_`8a$3_~GYN`!1{4n{ zxE8~mv&mAdPxR{JNV4Vu!!C16)H`>hL56@Ocb>$62~cO^){$vi%a?RhA2O0d4Te{miWNbZ3n9=FZWTfn-KvC~_?g znHdacc?GQ&8^WD0u%s=lsnZj4j1E3`^^~XFYnDez*He;Em-g;bcd!~#rk7yJ!&#hY zkq#xVHN#%lSfr8<30$#8o{JY1teMG>gwL(Xkf1pWf8qAgm;-H9Ong^~my6}(qo0hY zx6gn%XyshIMhzKsZP6*KK5KqMASMxfDt2OKQ%ZLLSpgT;2J$wBPU()ymqDuqOhQV% z;CQI$hnE|n3Kw{xY{v#(F5cK^@+6+f8~v>xpqAL`^U!%px*KZ;O&rp-b`zO&mvu#{=%aP&dpo*?-07sA zD&IgXC*Kfaf7r*fS za@JzFhE(i&jgiNFW)J-!2mkhB7Knz+wW5@&I>Tz`?xPu->#=bEZSY+T-RK-_Bh1mn z-Hm2=8BS1QjPoi8o%i9ZAfk?_v>Y~w2ePC4mN%x@RlA7t3_jXqjEPZ~!wJI>w*uZZ z68YV`R=J5y=xlmRjpZ~`Q27;8;iF5B3dNd2XgX!FCk^o3AuHQFG-wUCI_qwD%LG%< z<`pGc@gcYddnj#u+^9TojA`4VH%A`2Km^pzqdE15GrLL32`u9nu?9{1v0$QaJY)uW{#f}EAAT*JqS1)8u4ruUmoAeHx zo$?#vZfi?lb$0=4<=0vX^X=Wfm&54g2WrGvuGkCEmyO5*q;zN*SN?HK3J3nglN}=< zG#^mM5b_k%uk#nN-0W$SxTW6nd2&D7Qp?#Uo46SVQ_VG8YV zg3xK2lELt8(j)N)AIPUin-ASN(x$A4+oqV|&?7SqFMEF2N7t3#;geSmnbajudSfS- z#uah|^_Ojo9kBY&f%ICsACCZ$awRFh!$vb}*4k>J_u5!(KQDlN;clPNG9CaOd}u_^ z5ia8b#eW5hrurr+QQj#y!Re5!68=vE46Z_?Y(f7r20alDmyx&gJKQI7TfoMFXW$*3 z6OY1@bBO7DM7ujDcVlw&;Hc|t*)F6m5j^h}-=no<i_c(5+$%R{YLL)VzWbcq$O*lui&XwooS!0d$)kL@*kmST53 zT2ef4j5o3AAXMF6!#l8Arp2<7znX`4^jx=QAsK`Ns>#)(TjbIRK?{RQ<3BEEK1Z-~ z=I082cpNO;R8?%HSLWtWXVsQx7+>2T&F}4`4!h8hc!*&zzm@2xy?cA$$Y<)+W;@cU z49Y#`^kSV8-+7*m|A;B;q;&Eo-1uB;8_aDNunPQ~v?T#Y#~5tVd{$)3;Jf^2=AOlv z!t-6I8IqOd0XbR1+{{pbD>1Hhkq-e{xbjD~r=5Z_&UpC}J9||4*_463i(h>5~ z0E8@>n7cj2!`r-SdcNU5abe&Ml&pR2E5D|5a*W%f53qgChmmXW0c1!v=TQ6ycG`=%?O>EoP*XZf%DF;Bn`4K<03J+U2j74wc|;c1Mzq zIKnyxP6i%(<$9I#uLEF53#5NvV43tccU3gwk%p*95+jH8iB`QKzyzZ;Ik95jQ6(Ln z5V3xMC|UPQ@1KVbz?wbCOc92IjOO}knRzq%wHMNuQW}C?d9V`?8~b&Dw)8v`sB|&9 z$0-~RzQz3cPuQ#;ljxcY2OA7X?H4?7{DO(=Ayz(0@g(XlWJttKKalA)q|^I$Ay-A+ z7ZEY^BcA9ja;3~ZD>TeHXi6$FRdmY;J_QpLBS8Hb&anKNALA-z58cx9 zVY9>W3;^C3d0CXuVZyt2{v3hWiUN5ZxeJyeVa=E+x9a-@(g`{z_s_ov-bE6YD|3 zL5%0S?cnCli67bR%XIUeM5p)9tLMe2_u^}SB60-dPACnyk;r}OA0Bh^#^GeXojafh z*2oJs7hCKh0;ey-kpm3l(l|Vc#c5k}J|Q+d!lGh$7R4%maQ*$yP$mh&nCrK$Um7;e zr}5prG@}(J#%6?5Jd_12f@T}9<^$^8qeJ|q`}3u3=aPy-HK~(+4>$abQR?DlWCsCb z{fb^kU%$fj#h*&AqhS6^KszwDoK1=3P4%|sa0%594eF^rOA2>tRZJ_2cg)nN7we@X zSVl|%R`^~^8FIZ4oZ?#ZQR%x%m8u1ek`nS|e7eKojIjZDnXElxZ-E*8!r62XSNzRzVY{o&<=Kk%kPkXDNt+*W zJ>F}}tj)2fpSkm5>0$~EdduP800o1V15~u$z`36wW+_J(c1{szx$bLrhZ?X0ho0#b zFHo9_IAb}#@BNrtO(+16j$M#W@$@BOodeg88na-q&**_HTgta+t}BoFTKV-R>Y{6p z4jVu-{)CCWr+&zV9jBH!%)pZYSWa}@W!}s~g6DLw&6?wCY*CYW#&{mUg{~;Awl1s_ zFze#>E~mrzEz=*zyn2k|!x@P^xq1#uX7Bge2#Gsl)tt7n$-#oLxJVg&FFzXJc^u7W<3`PrD-S<$95aPT%Vlqnhsq-w2=KH$BMUM|7`#zC2vnaATtr3MVnc^v&ku z?BOi(xRj|JDOXuH1QT8#`e>UnAPE%`WKzq?*fMBSsud$w{g0*HncAadTDSVgKCic`A}yvm_uAdW833 zQ*Q+e&@xpLCC1Q-jjbRE;)g|H9-adfJpe0EGm})HVG@@FY#2WG&E|nKU;?2I0T}Odj zsR=q%KzCp<0qIFhPVT>BVlcA#tUq@<}W9_ z94UH-0A_7oz2$Y*(i6lt>k)dVND%`HKwijVbRdi==(&t7y)Km_7(DU_6Syd;B1_MWIi%ah19&r-(yPu3U{os>&_h zdv2DGM6zATPha{$XQ^9daZ%$dztq~nNkx8#aeC=`$cnafqB)n^cWFu&0JPJ3qe^E%cXO07n~T^J$B zCKWdLRb+|J&XuVs<4)(}{4<92fm#-Nv|6sZxmQ1UsE{X|LEr^Eo~N#weKB&JzL=5! z;tnM5LnvC3g1g}8dFcm`2ojF@evN^mn+xTnG=_Q!E-FsUBl^{zYhtL5Mu&W#JJf}3 z9cLoW^{IEHDE6zWR=B+qeCm@(Uq*UiGM>=~-ocDYen;5y+>s0SD6Jcm!~`lt6ODl- zVL-TJ^f1SK*QjTVSrXyes_G~y1wb7?R;bpB(&;`%`}~; zox0PnG*>S+ZFE}g+PK}8_?mtbL)C~O_)w&1AgZP#(v`9bMNqfXlE>zVl1^pj(Nx7R zeK@gdYeLbDnY9cz$?D9v7p3&}U=1NlNi5`jfPZu=!3d2*XZuf>sQL2lUJ841TAaW8 za?Y!mf^9HpGo@Wc&H!T~3m%vtg{`-jcsN)s88AoZZH-n}PtIr+g{e&&2zMgiBHF)r znm;)Q$7t3vT(6s3p{FLTO#(P^`ZWgOVe7WUe+$nSOS5Gt!?CgWmE*gGqO6&!s!|kb zSWjt9JVfn)38~u10zeRB>l54VfyCVqk!S_@uv((>MOV}cyW9lEiZZ5SP%F4&8q(HJlV7^blhGqt^<~x}tqq`MsdF62 zncK%ooMjn#|8QzeHLP2cod zx_B;L!3QXt0VN73Z|Pb=M{G#ViO9A&gnqb{Q{7a?ZDJ%$jPT>wrfiBWRU1tTBE@t} zh+SKw3ak@^(>_rDWjuOq2z*LgoY9f0{$m$i@UA4cY9Z-ENFMmX4>KSI_lwa8DV!BB z2b|zru<~K=DDPrY*xH0SccgcIo-)cuh+;&@*Jxv<`4RU}9GN9OQIN%2Dh+e6!j4Or z?0+VMnhFV{sSPc`_(dTlc&I5s$Mi^(g8oex`ko|f7-K3zXD;gr9@+GXtk-wY9bX5! z2yp^Hm{+F{?0la$XsgkE2e^UoO(9nL9S-v*r0}EgJF%j%ySJI1C!6yDcn>P`7N`{G zC@nWe6$0oj2>z-rfZ3eDg?M(az7o zBZ|7aAQ{72@Md*6j@X}CgRTfHQ}wkO+y)%dx|cP4Z2N#Gx5*Om7?wqlwg5nt%vgEA zWCJfQ5$mtnJ|7EMRMtsx~L1RQ4^HRwjLdx0Gdp^vRr}n{x52VN! z0^b=L%+Ft0G55T>KgWR}pTbCa!Zh&K-`fW$E#ut89tAD-%iluDR}lZ5=Xob5%;qK9 zr!W1m;#&GLBMH?5Kfu(p)#4lP-Gv@*jrIWD2q^=uW2T!D5F*L$t8l#B7X%465Bz-Boz6Qai5rKq^wbJF3U+mpUa`r9Ij?`A!=n0PEVa*YAK;oh^>4dbHjz-X7C)eKEat zcI%*3Zrn;7I_Mz8>JOts5O~o7-uc*oEyS+@)B)Vno9DSCUVsfo){L3*EWI2Jy?Vxqe-VP(E?lZ&xwO-yw z>*aatRDq3L+hFk;=F4#dH&QFsHEfBwqV+U5&HV#QVE~S*4rGM;w=kc7(30I~A&z2I z<^cU!&G|lwy#)lmIES+&5JsXdVZkIcf5R!y?oh<=0FSXmLl1xpucN^qV9}nzWr%lb zdPyE0!%J|C%mJ#qG#fwqivAg!biBl)I0m8ls;jVe${@U4mhB71K(5gCjeU?;y#7G8 z=SJdwT#b~L>*8B4WL3n?t0{bsQMKwh{3CLIYAAtsZz?u3tM&J`+yNblM%8|Egprht zJ^;WdeY&YyL4t%T#BWwmqhS$T_pH^h*D#)Hvb~-4+RZ7${AeBXWKu#$q>Mz#uJ~^{ zdf8u(+A^mHM=RGfg&!1s(cxzz>6!d{`j+dFpt1^-bpK@gi4lYql}|(yn_7#GmiC&`mFGHm49y3g-2Rj z-9qP}H@h2s{oP=K?snPv5v)c7Rv16+j^IJCW&eqtpE$Q6Zl~};`9Qn5!we4`IgTvn zpCGA#1p;66)bT}ApF(05RfB*!pNFgT$6=$-?g!%us_*v<<<%{*bLZpZXOCTt%F`t# z;}R;F!Um7=)$oFi9^-;;2&_Vdo5%1dp&eE*1ZtV6gQbXx*QGw%^Lxt0-Z^5kn%B`T zDhMbBUkIlXcsft+EXjcg@jIjBO?gkSk7XHw+^kIo)bjv%n^{Y_v+^+^#c*-)x)VQ2 zzLq7hSJ)UysSkJsX*^eD7L3*Yb1)K&3=is+S*>4Gs{886P!q*v9#js+uB{}X&dGY< zKv1*FF_#R03I&x8U{gQj0YJ*V7dIxJ4!ZjQ-A@vZ{^KKna{T#OIr?BV>+d8GYXB>D zQZkTv4ihDP8aqo#s8tk7&a}GWIdotTlvli|Pn`;&+WW#DWvZi^no2K3NtT0wi9T+? zjw`8P%T+#DodA(>2-CpaWdKBb9O`&uH1AkFFVE?A5^3Qf={SE&fAoQ`Qd~lFfo7K* zxSpgo(KTy5w1nh$91X^7RZ!an-;*~Rnt*vCx%wdqP%KwKDrBF)(iUoNJbo5L$r$#mUq*oXK?_HXn$X+f`GG=Gp(zhUH6EI z5mU}do=v6Qgb!A8l^{5GmCgp6A^O#(w&UYg?ds1z!>;1bCc9eJE*~9+9#PQfiNIU$ zq|yX$^Sly>{RT%?PDUH2&eyFvWRmAK)+c}P^~oPhaI#KU)z4{R$FoC=_$2WfNnBE| zF{oa+8}M^gWjeQeelgzrB71<2ohK?CIyTdD~o7I_Mx>}DXgmr$-}{YbL(AKKO2h^)bv>$C+-^gX=_6I-PeM;mY+^^I1avs^tc;D z$y7OB(YZFTba#xVz*V|5jiKqQ4&n`Z3Qa{3g=$NE4YrO>QM!vhs2ZB>Z)p_i5>C)th0z#fOoHm;mmML(MTTyKOq^htB z9FoQ*sSBjuPF-8U8NyYu%6WOStbB;TwB0Xmse$2B6dBfi?K2L&$2d1${P-S!=?O67 zXV1X#HHs(-;P#0PVc$^#<#b8oaz1HJe=53sq-JQys>ppbn%%8R(gbu-((^gvj$Uxd z`XG;yPx1UjTHUNK{^4>5LPd9crBEH%5~cw!@)f9w^&z>k!KEs2{;i10#jc|zr;gF# zfa&RA@dqub^*Xx&^7DxGFT_tOq+QWEob@=y%=;OYJ9Nh{GH)|?2`M<7Mtd#yxIs^= ze9oZ<@=mYyV}R^IBO%WW{tiL>$&+x?1;$#l)P)`?KFTHm?)%fcA*E}FUU4O=`6dEqZkymgkFU_#@uq-q~>sS-J!9eh0Q!I8P zsv#~hVuL`S*pgR)=d@7cM?0^iIn*47=n^saM+}P)Of)#rKIV3+q@EgM8^Oy@juQZ| zKq@;HBb+*l zX>NOgKTz@?^9afZJmsI|q3(&~UBj`a_h|5Gy>;*+VDygCU?98QS8G zP!8BBFuXyZM@<3x@15pg(lkUkz#Sy!^1@Z>e)jjg3W=>_BNXjofM@w-fDKW6`o`HntlK*v=)k_!GpBWnl&- zjNiR>;?czt>VSExq2k@%m3WI4DO00uZ7)G3>R9gs`K0~q^1q;O38rX z2(0aWC*ftNr%<)wRE_2r(f^j#Za3p&-3Mnv_qY}l+&{3#F~*!JsIl1ue|(}R4-@>s z3^${I@N~P(#py@p``y?NxAoD(G$TR0qt|X};h(KIO(dNaZB7iA;;kGQ&zy#PBJ9SH zJg}>h^IZ=_ zMgrXdZYX(Hq+nvtqcZjQPwqsdVxlpjnsx6K&u3tCfJ`&H>;0fVf8nrUm&-~TI!5P1 z@|1@r!^jRiF&NK}yZ1$Nl(m31O1i$3wcf z`17v++u187Y4@*2OZd$|MLvA!AANTa1*RcioXThpDKO`VO=(6CJto5j$^F~Kd~nB+ zoe`8d`tC5^f}*Fbk6y0tpb|)~dSkGa?O_VA6$9ZU*?_i(i{azqw*w3AY7+L+x;CDd ztNPOC;1MA`x_Yh)@#y3K&P^4-8;U7a5ILmE&$H#X_ z*a1r=2)-$~AuSg|N=<-5d_*0PYCElZbOap%1K}#+WKcA;zH&`_qm31Dm;)rGPS$jo z9=V;PkMs8v4k1SO^SNt$u3PK+p0mVKGGRaqq>#qCSx_l*wNwCO z>CjF*IJrn55;8V|YLME4#2aEj%%&Ky_axM5IW()*I{nKZ(dj!MQ_d`6C9(2G9ny^to(0xKf;q)QxX4zjkgeOH?eP6$AS1z=VvAbJM$C z9ZD%RS~Cp3q51i%1B9X_GRsl~B^HaaO9m(D2Tc)F`#sew3X$pZ)*)DBM}1Q3@!DNC zWuXP2OFfsmUD#NIaPzi>Bs2No_LYC$( zb%0+YSQg7ef^0fR~D#ZZAijTV@YB?Xy!&;As9HwFF)C2TmE14ODHx3wq|#zyO~Jh<7($X#QID4Q{F!F*z6jxWJ#vh{*uRLgdo)&Rf|WT-D6)1tDaY z>AhXJp>Hw0moX!qs3ki(`RW-fYK=Zb7D^RLi`qPL&msT#8ojXbgM33T`U;;GgNI0- z-9YitRBz1?RFfXK6*zET<@>4R?YOTBKttapQ#ge<=mQ&K3Lbb%HRL*X!Zp4^og&75 ziRR;z{1hommWWZR@+dF?$HrS~*5( zjO?UhZBUo+HeFC>=*XvEBOjS(hpf&sHy^Ph744JxgMwDeu5BdLL|fh|v*XYS`WqEG zf@|PEU*Et#m4VKYOF%adcE;H(IrgESm4^9eze8pfINb2l^Gs-8hdnpVI)l}42Do&9 z^^O%+`~BeVGjqPjfcZXQ`h&ydfP=Ev91u7}`&46Sw5_kvT@%mak|W_hL;ak{-(s*M zo$iS-2!l%Z@*k$IH?+a`NAw?nxQVI{l%c?i8{gy?H=u@Kebck<1HM^%PDlE#Y*vhH zc^I*i%-LUJ*C(GRox}5P_bI8PZM1l8tO5|+D{4SbS= zSt8)7Gq-}bN?gV^N2*OPXwBvbC{2glss7VwG0{E{TKMfWGfdz1t<6*aJrj|t%aZO2 zc^Ze9qD0GzeK@Ai_KYD~Pov>#bZ3rVYre_2A!4Rq=T~eK-=vY6;Uy#3Ug;P1LyKT#tR!`IB0)~ppga}qVPPRIUs;ZINIw}XjQy$vZ457+14A|-Qj zt3J!2%+q?Sa!4H{Kg!(Yr%=zG##c*yx8%Be&#sX&|md1)=yobD+%qh zx|q$CMPoWfd2N#~WqNFMCH;1&1f`P@T$Y-CvN*AJKB!wbAEb=C=a-9->zfJ_Kfbgy z$epx4QYV}V+MNnBhSo|T)6O9a#uuZP(E`(zQlCyU7Qw_-Q?Xqxv$M)x2C;cSHl8sh zi4z|RBe1S<{5~)yg+>BQoiW+~zoj^R&2MEV3uC3k7Q?FSK^wGQELXl5YSTaZ>C^ku z8|jXM99mIv+vq5WOfoXOV2%Iiuh7)mMZy5zUb0NY|!0?Y|wNx9X=USf9F_KDB0$*OSLCqK}W*wtkaa~p^&G73CuUi~# z)#!=S4%KW=tGkp9a8zCm>TEG{tP%w^u#1|<0;uyV1Jhk4F5+DtSBWj2V2|0SMKmZc zittofmmKSZtI8P3{u1!s0CS!R@BE&GFex9I&+qyRXkhkskt>K<^xC|kNn%u$vm6!0>%FP(4SRy*D9WNvVF5$%4Q38@#+u17$xi-?oT&7Xb` zql4!qF$>(!(I202z*h5~SPx7Hca$_-7{5W82cUDq^L%)UDnaxM?hl4T`2C^a7wPo} zH?TDLwO*2y@E-5LYiUwtDSk=ALCUlbg4_)wWD)o^xNiK=+X+*<;$p7o0{tH0nTeJzQi+#~3>x~%jb6KBU}W)$$})nw$cNNi z+v3taoG_9Hp*>wcYN~*c2gKO;D-)ZUxS_=c6vC_&XXia2R>QK~^h_vP(|Y_Kf8c+i za!U~%o71QV(?3Dyky?ui(<;R`P+o9eiF#p4QzotlgXje|hwLbZGN1~>o4o3&x2lWh zb`?(hxTMf^^hI%sJ}xQSiK{`An{^vVa_+lfcBg|S6aL+)DG4(H9QUxQC)KS;LiT+; z4Ju^SxD3Tu?TlZrv|>0*{wCV$+h|dG|3`4*{Bn+mx}A(9Uvf2=J&b64bO1@=l452> zVi_Td^eoJo6yXGyQtN6rY)bo~EZ()oF-(UXXv^2i5c_DT-9hLJ*RO}5?gsgwAyWrB zl*$iF5=1^PR!75tIh+ukMQux-s$Lx=Af>k8h14r(eb9?V#b$4|XQ!}d$UyQ}CCJL5 z%OcRq{KOn&ls1_V@d}igC>$OG*Uw%S-F39Ty1g2b9(ddz?%mVAi`~P8c=Ek$6w+D~ z)_hqR3<{(roC(42k`Q;Niyr4m=SC+2;$RL>u^-s;wP;J@b+er-E{u&nOj--p8w)!4 zL2%5}12%V!jt;4EJ&nQnYB69vZ2Fjds;m(QI&zQ27GGbQWNU$eYh1G-{GbW z2r`8PN17Ue9^i&3NvborsN&qyM-5lnW$IviE$@4{=^4lE$UNxph0K-qo+bXU9OvfE z+m<7oH?ao;cJ z=ubad0N7)q0Nn8&(Wb1}1ML8!oO)l*C-&-Ie2O_f*7MBXN&;4_rvEY z4@CC|RO?CAp8Wd<7)%uJ;eR~7wEDdte!qO;O=>U(^Qoj}B5Jq_>L(BQ!}!*YdoO%g z{#06kFz8BxlTFHlx18Eofl{JQ5D!1)sD@#x+C|~4%2C}(({uG0Ww93jN-W95|qGK z?n@aRlOlt#!6SNU(zJ0ryPvmr44s=-3sHWqABdJA3Z?4YPs#MQPf1EgLD)V6Z<3|q z*$%IgU}PKTo9Jm$x z;Qs_132#=2qBzc+OMCaqQ@^3a)~}$-71E3$%r@L%*``Q#Zya^ zOKKJhpSSScRcg(l!M#HkZBE-S#XbPb5g;O!Xfd!chsQIa{BAA){uL6Cod$mu8!Kea zxU1G*EoLKcpVRS9j(hHK_~g!`UZyM3X8bQcznIUJ;SPZ59y^O#Ou+3OnS4!C*IzY} zS=zZ}#BoJp{HTCEz*D=JsUmEval@oOox8$ii=&3n5CUhmKfY6G@UoSDQ_C>pgj^yg zR?c+SfE4OTBjEHn>q9S9ElHaxvkCz_K7vvT2aZaKCHS2)9rgXpS$o3;*v4O_`AeGH zw$Vdz1Sv@F4A6qmT?;m>IbzgvYFnhbB`{?|6{f>kJ5|HG zr^-1<-5d!8IR1rhd(7+kU<)g-hDe#Mm)TmUyJ8y-f5Fz-5YybxAHDVMwQG%Q{3quQ z7q1>1%Akx9*1mbhH*xKKRZdJ9NwycFr|AxcX&3z^kVVXoS|KndH5a*atZlsV+w49Z z91Do(VqZcujGXPEf0`LI_Zt{A#P8jP2m0y9Wv$R&3i?vUGHyP6nsHbP3_GJQr{Alr z@=ZEoZJX8=N&lb2(@*G5J71WR@2e3A9?S6yVDwA!3X2XRNs}o=26kZAA?9YR!1AFs zA#~+_C_@b;JYegCI}DFRY2FJfB>>!u2|f|FCm%MtAnnRHk_F1VJT_A8Ff+H9KRbVWq)7gM3mL5Zd7 zv~1u83I*ztO&IYG)?V+I?@(s@T~2KGm#xF@-fPOBTEZ;r+n8j@F6xt)X@Lkjmk8p( zXD-;UA}apu<#UHqJhZb##XOf2N-tNZoVutGD{n>=qzohM9JqdWlBJFU6dX8)c1hw) zRjgmTwE^5#?1W>MarQ(5^ZubJBxDc#4zdaO10Tx^f5A}B)~ss zu4XoA@4H6rNx$X6FYza-)Aj3Ry{%%I`9dlM9@WB6T0&*mDjX}62PM;C8y685HcrYGcjT8BsuN2| zN<)%PszMEl2qa>@FG%2VJ4NFKq5@(82rr&7e?~ogT=n2Hm&foh$|KUSO~v8`RLg1S zaHUP$3gRG1{ zv?bFGS#PIGY>cH=@#~K<;9>0UV5fMhdpVUYb?4~Zl;wL$&14L(U7n^5zr>2Y;DYgH z+X+nGh$MsNs+JpfXHFY2KrzcWvr`gVeZ?9R^yYo4*&;5%C^1PZvOF+>|w3UriMjq=}eS*9XS^Wdt1*!G69T~ z$Rlxe17h_9!VV{IG658oa`76SkJ7H>hm8ll#wnHeb&k_wk>d~Zr*8>R8^zGvS%#si z2a&D~SqYE;DXHf*oYiUe)*UyXo?)575x_F*7kT0U7vAW2i5ocTAmFk7OW6xbVHa&O zPYE#}q%k;0x#eIucIf@hweSS>6ddD{l8)n)na~Rr{Rvi&(N6ato(G_ouSQ5`r&rfy zG0GP>#|bCxyj!1_i7&`qUg!lGn?+Q`$;XON*QhjdLVrY4b7X z?5R2#&ysZ2W}HbwEwjSvja@v=pZaCzZY=MH@_h)oElFVCCTS81R0^g1=O?j}-z^}C zFTTTIQj!V)nGL}>?&6+UDY_EBTj#j1qq|H8(1(-4ryf$=O*P-Oy^#x@+UoF0Y z@R3%_n1hikYctbAH&(>af>1_~JZ4ngby@!C@Mfqw?MaJ;aZwbRJv?wy*=F$kAa+q* z`6_>-wPvG-q{`oERd)8NG?dQHx>#3Bg&GV%hU#$o5j#@{y-ZrNVL>eyopb*lWnvTl z)Y80+Cv}CVauL|eL4S653`3(3Un^wNZ@yoPR6A79ZK@p@!oajn5tss>RT={~PYc2i zx=bl+fu@FLRv759MFZ`c+6Ek|TD`|`30rAQazp-^fG*=g7#)DfSZm?43qq0kNRp9{Ba?|Vxs71%=@s#5N*p)I*kT3!0Aaz*eQH*1;p+WG$adQ)DB^b#ZKLLhZNv*+`$%9 zXC*tq;VEXno!{Zi4rW8`>)WcG1!RbKeBxCaZa_HVV3Kw)teK7AM!2AsRa1}KNs@vU z+Kd@Ap9NU=$YKg@T&mDW5<;EN=&tu|WB$?|1>1*&$J^|(wbFoSP^aTmwUgCNV$))K z`Igj1RrLVxBvg+%tSAA@WWX5Ito1+XcAL!VdH;EJ-#P7lT((XLa6JN(^7v*kp6ZtA z^Bc!$Uu!}$NMVR6&=Ze`1{X%NQ0r`3C6FxTzESnLLlw~upLlPo9|-R(+qk$bio9L8 zY}g%ynF&Xrt3m3^E(McoF?q#Oe7Yk^(nD9f?(iOn8or@J7X&*SxTt}iSe`k1~(-+bkp$( zb1;hU<_l@KS0EC&XH6vwamO{laGoB4bUy{6h*nz6fw1#nTtz)ZB=Z-|u$7Sce0lfo zJG8z)-+TNQ-QeWEkN$5`0P*zhJ8&RI-@X67_dlY5|J`>Fv*+)4NZx&S_ics`>wi}Z z{fR4){J6y#73s)Zw9WJCz`}JaIERDizy@vn$&qI8W7vnA9x^laN>3E2X%vbz&{qei+ zZkNk<-*LhmJ5zsmH$s1xTfA~Nx_y2CqvD<)mA?;eZ_z%=|BKL#|2tOh-P`>7Z*ZCa z0Du0%UGDrZekFf9cQ5?6?sfkkzSsWxAMlU=1b_VJZ~o#}_}9C4H|~Z1Uj7yT?>~xv zmA`fH|Nrmb|NY#5{_9`-N?!l!UO13{y?f_B_n*3d`~Un;_{)EeKmPOo<}ZGQf4zJ6 zZ`=$2>c5hIzWa~yAKttF{6E!~-+jP;|3m!opFj8~zmlIE{1f@lyHh@#`ISHakNDZ& zoBO~2r@xYS-@7k3bszBe@4v_Y_xE`B|7Sk`um72T{$Kwyxy-x&OaCMH&ujSmcQ3zt zz+d>fzuv$6=f9F4{mXwY|9SUS|5L1=yS;aR#LxNp@7??Ut^54Hb)Wy+|5AUz_wbhd z_xsQP&v=cG_?P&@U;pY~{L1}T{`1aVM*o5T=XLBaXolqTf9pQ~xBo)lb?~3rcfWi0 zU%P+$|Nbx8=l@;jSMrX3N5R4`|33X!ynp}i{}q3+_y2e9^MB_)|Ns2ol&<(Izuy0b zAKB0U`@j4wZ~pgx`CrI?v)eD8|9^L%_xtyE?(=`=KL3CIcf5N1m4E;Lfgk<KpwzG5KNIOSf;!(h()@j z@dX4yu+W+P_cxo-U>1_u*`06xo!i@6jUeAF9r@s92^&|t8L`^4&%Y&OF+Xg9AGW|Z z@0l5Sxc~5+>lnU~9{Z_Aij{Ux7zu0jGa1$+s%KE!Q|B^R@K(?IFA_a3Kl0tccRSPZ zLt(Xk@>$@sDfw5!_X6Jw{KuIDM9r@MP3H9M{OITPL^_w{7rk8wk6*uE+Q_3i=dNWe zUVpy;zFz=e@zm&#Jng69T@k!1f`2d@MvgWo;<0`^0pCu*-;TdNzs}>Vz?zHo@0G!C zm%-mHvr^PB?#bQ<{jE`nzDHiy7dN`JE7Hl;zAh}kTY*07WDat)Ytmt#F>3b%ziK9p z>#7s@({<>#USoSTv}-Z!G6B4+8btt(|zZg!z+*)yBr) z_qf>GV}~F-T40P}Tq5!uGDX{GrNqW!Bk>%C|Ft6&P&*Znf+ox?G z+s6MFoA`@IBoJaa!G|fm@MK#4)&J*;`Fzj6ah!znZ=4l*F1}QPG5fUnETtYhjAHX})5bu_Xcx-J&)yD{{!+-u&AG7-C-Z$jWzGd)VZ&)~UUe!5& z+y8?p-<)*Vq(9{>S!hD%_iPmSFHYFLRsw-i@LnV+1>aQ$etwzqk1PW}6y?P6zxZ!t zne<;N1HZHk{{L16esY;|PAikXyG;6}K)h7{{IU%Eq%!4yw@mt#Wzs)g2A{4n>2EBP z{(EKMXOw|^W#Hc~ga5QL_CKY`SnHRdq_`wV*8@_#Go(C zU#$AUoaql7OMI?uXqdB{=_fL@Y{gaAE|@o;;hNa;1xx0mkgMh_xc1s5OXn*Dh%I1mH!`g$+wqERHoSU9x0B!wQzwpja$l+Hm!P6|sd27q47?Rc!f+Ya5nb z7hAAu(TdnrE0!)uhYVe{boq)au3It>?LnyF zlk;N>KY8t<6$@euIU2D==+#fm(X!crXp=!tvPiT^v~(Goh+N2K+PHY$70Zd=HA_E% z@)&>S>Ff*bbB>cCv}@*}%N7D75XL7Knx?WSv|trzaRu_tm~lzn`&M3m{eo+!FIlu= z(Y(cru3r#4f5!Cl-aF^CQ%*bOjPU(E;oHR1G51E`-$?x9Q$u{yf1@Nu<1CD+3-6=w zJ`x%=AyK$3i`I~)Kg2vWr9uliX^#}jb>C1xtOEZQ;7Pqbj{hr(}yM2N+ma_!oEJrl}HF?ZB-)!iX9NP8-(#)jDu% zlQAygz=@OnOF3}YZmW0TmX|ZnEC-H(3IFCg@UbB@7Q4!Uzuti_bKta1?B6N}j)4pR znjH8WLTD`3>cBk*zSem60$AQ1e zf%iG^H#_it2d);lMh-Y|NVo7W@4$}=q3{8l)g+<}jC;Kw@fxC1}Vfmb{5cR27G2R`0`*E;YC4m{z&k9XiH2mVe6UhlxE ztJ}X>4*UcQ#B;6#f0qNl%7LHgz?V7jlN|Ue2mT=k-sHefap0{E{8R_N)`8bJ@bwOS zq66=A;HNq84G#R>4t%2nr*yG@T@Jk70`cr|;Ac4SJ_mlL1Mhd>)Ya|ZfCHalfq3Q} zc&!8X9rz>%KIp*Da^OP_e6jB?!f0d@b^3LRC-@!DmVJbEt6uY zOwWqZ{sWLosq~J@2b@HB-G9aiB-uY<6n?$8C-BDbRZJA*_v3HE-|s`1A~Wch@Shl_ zs0?}}{4B#1g~3J%Kf^FZV9+Vy#~G&R3)V{bQHCkpqvOc58xQ$_ouwd{7 z04ChbFhy68m+O+ONx@nPU&t^; zQP3pe_cKfp6fBeQc??tZ1al>P7Q+-dLA``eW0;~QNJ#iy3{%7eH4;9KVTzU@F5#mX zrbr2@B>XQ7QZj%!CVQS#V}cDP%q)r7$)ls5)ytF!(^F3jf9V5n5;60OZX^;&t|wv!vDfBS!NKE z@K}b)Ducm)$oMmyU^p+~zkd&5vc{la!hd3zEHUVj@Usk)6$Tq6{0zfnfkCH)A7?np z@LCB!$}m}B&?Mo97$yr0mPvR!!(@HITnTSsm@F@-m+*O;CdC%6MOgkO{%(5qk&mXb z&!p0O2kS4M-rH04#hI~G@3zi6`RJ{}!@m^+{oF$D?ZB$*DL6Q0rcNHfBb6R{Ln`~9 zpLlB*iz1smeD?i}*q=w@7Ab%B1LTSePqE={#?MSO|6U5%_QFUMkjf6Gw)y9#Dt4wG zd11woVQH_orFn0U&3-`ZZ#w(7ehlWy!)GF+zXTmVd*|pI0jl`3)O3Fy3rwl>xv`a_ zfBPBa3k&-rGwko59bAt*1$+oiWgCZ5*_DH+W37bK`{EWhu_xP`>h5`KLR#Y=1IC@o zA$cx2nBAG$G7X)@KP20hoY>>vxo$)(l}-AobfX{hTF7>h-1qQG9(Qh($GRSQwD-#+lgDF5wtY|@nISw<*>>{f zRCZmZJT{SQr?Oke;nC9Lwaf!bUUg;}^H;Y^P1WnxO6X3hsrv4X68fgpRK2NRLR(oA zFr*9thI8fd&1Ldf(Bz#kd#!iE%uerwx{clm$(~d$Bh}{GS#2t(xa2koX1T4zb4D&R z$VWDlVv_9EggiFY%41!PJnAqm$-z{5%7psouLIs0%9T`Z)C8KTsq82Lr`j`dNuA86 z+LKktG0>abO%BwX?AHuu-~A-ycy8rjs(og^UyFI0YTm&Bd121mz%UCoGAAaCikQOy^ICk5k?( z^o1=Xg?G0RhJMitAW~^V%VLXcdQ~M*Agi5$E@VSeIqg|(OFcB6HizxM=6#)n znrWHJ&g6XJaEKc8W++RFa3YSu&YSmf9QahOE{}OOxo)5}b0vtvyM>YgDe~Ut%8eE2 zzm09pEF`>z8i>>7m2C+j}&kO`b*~+IZWLqzhQGI&jq{ewiLQCm95LSff^Ns?DkZ8J7DXGP-`WM zLL0Kl-N77$O`@I5Uxz8z=%?D(Ndvks{L3XMHWu3$+y6+(#^vgEPwbgo*Wa3HKuKPj zv{Gs$KV%b7?KBlizs5Wc4>PyPZ`dB{FK)syUJF(35ZSnS)6tM-1{7u%Y`dYIP2L&% zXqXX29H5opYMrPC3?afln)k&ax4^vzA;`hKW5Ub7StXCV8>G!ke0PtV6KTk zw2ayhk|iqf?i-db?3vh7I#Vb~Iu$_5dLVHW9A=q?J{ZR=_g`;hh=0tIvCP>O91h{! zn_Q2<-GBeTBF+9ICd4VQ5Qj!}0kvlV?M>dn$mYg7Vt)s^?T@fD!@t_wJ4puFR8^|I zZZ4jcy@^pZ%oO7+ zuboz5F1dbk@^&K<=4oU$xn8`M9l;m@+>!2?j}ZH(MntdHzrP=C zY6Wk!G(uAw9o#D2a2(K*qHQ;GIPYSLbYmPjnl&*;qZS!90=y9^Xx^X<1S#?}M%47B zS0yUE4%)JaWS$hbNndVyA{~rKH9QE^`kX@Iwh$fZI19`rPR}N*^{qCWtXH&H*yveQ zjY0N79fl5g^Z*a;CNh|w#@8I?43I#KA*>!CkpQ{1qAoxywaOlp)7hI@jK&iV;j@+R zkllYE18W~IK&iuktYX!J23H7EX3926A2Q`QvIz>gL^W#Y$w>{ACGry7jyh0iCwi=w zNwp0$eP0&hCf{33KEWs>Y7Uz3eJ`;LJ(zB+MsqpT&5hM;rDp_mV~_ufMI&QK;tYGP zafAPvQJ|{2-N0l+wh}B#UQ(klfL(kgeS>)^vV9UCst5kSts~vuG5L|4I%05a$vj_)<_X>|sgj*S&pDxIzkX4q*QNKQcG|(Mz6uJYbE^ppbse%Zcl-yv|?8XhLZYvu72gxW@ zG8iQs0tISYZsi8p8h0salFy0ZB6d?|o^;q0ku2!H3$@dXK!e!;fk-(j=9-aVxuy+F z1^Y1&BP#?`R1*x8`_Rpmc=v-Ofm#=RP2|#IAc^@YLe%hOa!5b0B8_IL0FVa`A?DOV zgr0xOa96A*!H8IDQgYC1p=T-8wd~yqf((o@Ce@WcGeMAn$xwF9JhR|jR(gmEGaVd>|ttAsG5 zRV|aGRDy9~06aTVh7Vz~CeU^%4atOKuf*4)e zwgnH4^%o^VZBgxfVfW$#629J>q^od$z}<@|4WzfK(x141b5!hC0>=4q1q_%J)xM_y zb_!F}_%F3;RYeq{nMpW;R{f%YpCl;~F`(0*lt68*{q+OJGd zqF*b&R&V^~_` zO)(mI@f1$QcVJM*p62^Fy!V^;YP|QE_ZqzSnD<(YAt@l2d>%xQ5EBcGNBkSj`+6|2 zuwD|-IALFjNpr$C=St}AW%9U_MhUDJS|hMtsGGui*@y@HcRljR^x*;fs$U-K2IL{8 z5Zq%vLbR_w1{`2tB@l%Fu3jGN=E~#FW%9VYNgnDxtlrcqp{=Y57{)<{z)+2+Zzd#k zcfCCBq|^k4RE6QlgHtcL7P2spj4-WOKOA|2R8E|N5TryHrd1Cg*^K!5vRkW=Kb757 zDUWqAc^F3?CpXw9ETcU863+p7s<-qCf;b|o%;v#L^Pt!B6pWxKv+p*kRGFP%BgOe6 zc~clQzgVfwV^Zh+C-<=tMUJfQ&uq99rC2{f9}q6KIr@Q0KTvrZsd|&U)aKZwHb);| zsrF=Ns$JZ$ASW6eaKJeR2N)|_*4Ph&V;2}V+>mvh{+IUB+StLo>Bb$Qsj*{na+ftV z`X(oLL`;nx*<_!H8O@=l#ttzxc4d>hjH$6pObyf&ni^6wIGdPHLzW{Ok=6xpe{dq2 ztrD!bgK{(bqf)^11{VQYhjQ@7ew42RIbEBZ_h0xe`a9h?fUYw(*MNT+VZ~K+e{Z`g zWAxRarw057kWA5O-oe@B`d9yNzWx7XzAXt#jrDIFk1;$d|F7oT#Hat)&$kYL_Jj4*nGPPS^saoy~^?}*Er}u-Y^#C{BHQ^;CtC5oDnKZ-EQ@{c-^Ba(?e%@Eni?v z8969!d)JfWM?5(cn5Bgte2s^4L#LM+V_EVO|7pj07!UrjJ1<9RPGk$H%=T&+jFV3>%c)GHE^1EGi%!%X#? zaA^9W5Ws_PrCk#n@qhZ|E731G|1O&=^Uut!<>*sPMGVa%yg}R4saOH`XE+rZHg2x6Y_=8f78p!)avZPYoDXWIY)Rj9BCu zfCbWz(I!vRhiD^!b}@)&r+KcIr{m!GBDUOtreL7x8U`4NaTtMK%*F(@N#NN?jH8MT zIvUC);^0sEHj1o`Fvy1;3aZK`zriVJo!`Q&`K12*Q(u z4rm-e_RdsJwiI-h*ivvNlBOGX0U>T(gEfPO=)wdobj@CRdqIHovEZ}#L5paVaqnEA z)|vgex?RN^80I61)<##B)Mgghb{uXO*>+UfMYbJSZXez@eb?KH5{{xROIH;&+l8H0P&59_hFXg{)> z4(a}6r{jm?dFDdY3r@+wlt@&oo9oy})EGDFkVw><+^FAj@`Px-&5i1hL>=!&ZHh#l z=tg}$5_N_fbyFlN(&YJ(s3~r)>5-^uZqzA}s2Oh58zWI4b)$wb{Dmejaie}2iMq*+ z+8&Aev>SDAB{EkFacU~$?}E!3YL2?BU1iP-SQ_!qMmf4-c&XUbIHeCS|SOs zkFI?dh57ARXpMOtvWfzKQLgUxbWo7s*!-faD3+68`%q*ri1l&jmC-Od;^U4-(6PHn zQd@rG;0(mbWWTJ4b;2W$(q<0$Q=WkENjI)XT(iW1kqW0RW{%*m!W`ENbNokGH1}J* z1m?J2nB%A~IV=Iy#n2)YY;f5KSuY$3jO>hs#~mXx+{nW(-x+P}S-eJB9Qu+qmjkm=CmsR^&0oI2GY zu$?WV2N4z56tV`(q`^ZlEfl8vsoJH0^(Og8qq)&sgGc*1mKH?=IsnDK>#o=Roflzq z|Eg@`bKFwLy=6uhz=)23G$m6|msJbU<-!PdggiGRH+ujgZD8Vq6Ca(v<#xkwQ`v`8 z*`K7c5A}}X#R0M2Y2z!gI}M7%wDI)$5ipL=8QIIn#|h<9k3`cS#^_q}Oz=4)d-3>G zDm!g_{l=I-br1T3lh5M7O{Umc*7cp2TRSU`v-}swfR(3E`3}%=r1IQsEE3Hgn32P7 z7}F17>$69XM-99paJI}A!G?zQ?_0Ib= z=e^c>KgoHIJMTw0?_8L-<#UzAz7IO@d!6?I=Y5y+-s8M~*LmOIyx-xxuXWxz+iks^ zb@qL+^FG&kzu0+C={tU70T+0YSKc|v?fZD=eVp@tDBgujn}k?k5@I1f;eO;|dSoVB z@EtS^Kyb1nagmpy$3w%3iuBOQUW@Dmvk9h`NN`@51A9eRl}K=`n_!lgVSl<+WJDb& z(WiSx$h5K5P4!kE877t;xR@=0&C61Hi{_1+hI0BuV?i41MY zr^0PKwtZ$Nt1tU-!w!gHEARLUZ*xyJ`FzlPh}Hs>@<^eZVGAhPO~F9vmmx|7a=R-~ z+7qIrITfWnZOJ{z(3bpVF-m!Zl5P!Vg%D6acGtq8G|F3jwzk;;R(fkpo3#RnWp`w^ zW4dFMF*#zvX1qsB9O1RQiPxC~W@D;dcb3f8xpANfH{WbqFodw}Co_bKR82U98lL2> zL6%t1H_8z1fqV9eQa$^4$)0_@E%|tB@`<+O6ECl4&He&3wYY~g<{5CwXv}DDwK1Zj zqah9ZIz)IhId)yTUG^@tJZv=hzloEseuEoV)YX5o1;5;`o{fxZTON>ze^IKd2TFGJ zKwEO4HTjFSDIE7c>rOZLd_w&d>ClYKYN)yVx&gCz(Fg$4wq)`CJ(~@0$mi* z36odwO}u9t03SIDLpyM|E*HQ_pO*rggi zJ}tHF*CV-}!EK+YOLoCP*IboCKk@t^RY;f=JN<#*dJOpf+pDUiXtp4in06oLN9=Qd z{hO4KXHC6HA0YM|SAYUK8q5&DjAAW0S%?};HB3*WvPZzX3Gt`3*Rlb*sfp}%oaM+~ zkbrpBtu%30W7qvu+<7nk64kpqQ5{Qz#TxV0L~MbKiOQuC>23S7sYIBr<9HKgaT8xA zy#?5W00gCLYR!f|1bP#-$e`Wewk9{K&q&2+D|<)vne;FuX$_06A0F`&|MRf%wi1Im z19d}TKohfckT3UE&leOT<2qM5aQfvK^i;zi?chSiP$#rHC(Vc+@~jsQ67^tY&6}p8 z7}5@l$)+xsKw{S9Q4^YQ5Z=4x0!fSnO{ZhS}2m#F`-!^0vcRYD@nH zbwBtEO}5^qD#VaBEQ!#S0mq1?4%7}JZJ0i*h&t+}aZ_g*>X=oUI*dIh_B%J+WmoRw z>5OdM9y5*TOJ>$(G`=;e)@1d=m zOYWKY=+tcg)caWA#7AdjduL>K&d6>zHZKJ8aGUo4_VzS50%~C_Cy-CgePiukghf?@ z)2S>I2=yjtCzuBHNP{xEpoq98wvaHLfN8Oo&H2?Aoj# zA)&P_la!fDqT?)<%y!wXen&Hqeg~im2wgxiUxkXxm$k8K zXpi+WV2^?hYljz?$3Jm)7WfeWIl}%4jAkIPT&h+Q)glp1W!hVQF8LhZvdQNNw8q?laqVBHT025BzooxKZjE>S^{Y}X+6I>e)SlqdOgTk`3!!nou?h1=z&xWeF0 z)Dt#e8=4-P5N?1O@_AFEAkqvp@b0z04<*^2$RDUD@XL5fm_#9ripGQ2QElPVu zJ6SOibM=W-_v^o^a@lOA9Q5z`3pyp+>z{LoQSi94!FCSB`$;GporY;_$?FI(AvVBh zw%A8;Av(4-x!)2rwIC^@4P&|A+nls6$WZlh{hczOt@>DEcv^(z&N)OUR8G_g&I+uL z*7c|T!@XP0RPUz)v--<)U#CHE-kZ~~9g5PMtT?GFb zH3q-O4>aGQZZcrWatGrcW89+>M@qaMk?17m7t$17gxFZ{EtAIf1q=k35OJ@C_C>Ur zsfv*KsH)~tE_03bI&{_-M;vAkaur7aC&8i`zk$5HP4L0w_~CCvr62Nlp=IDQg9XYt zPEaeR9BjDizS<=l)xX~?iP1sSM5Kd01@a6wk1B2+h-I>uxmDn(KPmMCVL5SnM%Wur zySjQ1f@&7WuXYh0O+6CQQy^Ht8kCJ#!pEYj+Z5KIKKZ9j0XUO@Gqc((4%ceH(KWU+ z(_OTf05}%E9BfMAZt?zXxxuv9UkOD~mOEsCyXYeZinIg-#dOyOg&Z#sQ^s2v2+NSe zIQ|UuSP-eHRH`#U0xY<vi&!1%!Y^s39@d@($Rq0wIE?h%5H3Edz?V_S;Y z0O>p|T=d?;B50LBsq3*JHti^Zo>c_J4o8%r+#Vye>S%h4HjW}|Otoe}Z)qmU7BXGb9;;o45MH}2^MRmc2%)`L(U(8Wi( zI*4U%<$!58wMwDIoHelV0Z)u7S8^E8y+z-J#>wiX&WAa z;a%)yK0Z8Rv~ax-4U0&PJ`mSKE^xgP><|%$IU@VB$AEy3mcq@{lap{;K5wV*X0Uvb zvid^-z`pBd(ZaQUh(VXQVi{b*KF5XwYoCjK@p=$MfqiDRjdY~cf<;WXK~jq@^wZ=m zalwian6l_E@3QcJOvrPw@Lwty1UfIjpu)&AQQgP88PG@+1rBic@3^gRFOn5ZT~d%W z!_PNp7S9!f6wX7_E-yP*27L<1Tyn2#m%H*E>Ze)HEHi8Lyrr@-YO95*IgV2kdT^?_ zaj@xM*T=kDg*i1h`VzWjsiLk~MV!obA-P!UzWOVt0faH1l&bVv&N0!&J`Bsdjq~E{ zE>)8Juj=|4n6dZ>LjBRILSugEXxiyjag6#DQ$<1U3ttLZTtSc8wa4gDAV8r>e=K#e zG%td3^gs6BU~h6C5@F1IeeC6fLmH{(crWuYWn2!Nll&cC=7Ql7I>~Dhq4Y1swbC}h zMJw=C>T6gDNKC+DZb$`Uw2aKAz($KODQMN854Nf}0Va}R`Y6eE=awg;Ju>JIJ!f=e zCEqAFw~c&J3cVHw{+%W|3hrdDC6D%E3Yj~4{PfTfUI$OonZABS75@#+P%S{{CuANR zz2IExW_%mgIdC)^Icb|nqfETX$02<#xo=y3lshfG&12F*O+{Zexi9#2sS@XTtL;3G zP|QMa&8bKat?3A_eM0%N=T-Ejd&aW(n@bgsrGS#fzwad$KQ$~~xHni=_aUf9`11q^ zKtuk)=>STX$xm}5&g@meHOaK-6yb6(M}CEgg%K6g*$*nY`=^-vppeo-ZQ-un`mGEQ;C+AoM;ye z6i>7@xZfm1?x01%n7=!vLqHnM+=QBkdKTL7UC3p!I62$zHiB57h6rNV^7OFR0v3xY@pV;o_ z-9l5Ri(YBTb)3n?*?a4e2+;52$xSFSkDm{if+`Fg@ZDqhz9nHbx+8ELt+0L;m6sQ# zn)g)#H_A-21dwW%n+b7hzZvEDmwXMBq7MFdN*z>-=rD)uHikz*PXdRI1^RbWc;DSyP(AQniTLko=3pzwVLoVpgA)p2qbew>4E{LCYNp)>@LEPGt z>Uz=z1p*qi)j@)+E!Fi-7bF+>bk(__jgqR(1#xRYs_U~Zs7*jWa6$Y;Q>yD}7c^f$ zl<^M?e?5pw9?si3@5H(Cseh8Ufwof-V!#!!Agapsr_K5LK2`*HJwVs>cfGJQpN( zP1na95O`D`Eb(}zRSpJ8G|=6|@D{uA9J_HB-VKo}B@RoKF~uQO0;vqwE4QqPExh>| z?dy2q1Jt7Y%U{|&n2pS5 zf(Wevb{Gw9vk(J?IQz8{{WJ7 zoUNILZAefQVM0)iNo{%kHl2F@p1)!|?GEwVOy*Rst55sgXn@P&xtV+Xxi1_B9l~tV zw8jG!@&;@uV0fhJ?5euw3=j^Ek*Qj$={k8i)u_b4j@jwA_ld6{k79=cYG+0zg~4*g z8AxY#h^QCJ(sS{C2HrOL^0b$SiNk?6G(Rl(aWE)t)5AGF0-a^l`;*(nD)Td@MCO0c7(nmbNvkfX$j zlFP@Zc&wzJCp%_AN<8~j;dlduwTB=p2ocrtNEuNqZ5^c)M5Ph3F-sxZM|R#{YYoIBD(xl7QqN!xFT01D8laaT3 zYg6mdZfcybZa-d~^vj^N3}^%?#l?{NQHAdkDDA)1%NR8iXUw`twpEa+-mPx)s#y;H zJ3rKdx<3q%xO6Z4y?AiY3vjI1JM-*)iB*`dSkVcoZ-^J8@M=XfpKHSTtZV(Dy2s*D zTRM!<Z~4l2nxm! zA?vCtf9%m?W9gpJGH{^bQ4^~5HfLUc#tR>0-elN4p;q|GZfb>LWAifAs58U@)e@2e zJ7aOwFt9UGF@aCa9&|`Ba_6YZ$xe6#!jjI!S0K!4P;2i9#c){_wj?6&v!nfGxIP=e ze5$Z_K<_|A@qp^RhxVPt_S>D_H556ik#Z>_6IN>mZb0Fl4sK(Le%~RkuxS#(`~{gT|<=2Nit#$Y>YQR`x`F`$PVBeqp@wfhrkT z{jLSRG8KDqiD`58~XY(_E0l6?(Ij^;s2;7Qi>sCp_BY`Ne&#wxo7 z>;z;w@)9FzDM0&b6J~nXrH{TbgWL z3s9F7`~2<_B!KN3J*K3>{Ng-1$IFx9T<=Y;!M7enw{-7A39~U?}WD;J4SdW6|U%H}V8+N^1H!S||a-W^cY0TG2u;Efu=FTbh4YZdTLqWeO%Psre!mSB6YSe z*Dg=_F| zt*G`o%q$oj zn`b^Xv1igF7JLFyEBHwlOq)H2?>KC(tAcvTFSoFiHu()HqrH*~Rd-l4Z`2@`d^aIC z5!OAP*lh6?0RZQAY{1!pboOErbM+6ddmY)>lUsSa|54t1pwCZALh7gUU>ne%Ka5~OS2|9RDAtv5YNz{$;dUd{lccd%z8+PmYWHnKsxGAJG73kF_!AN4 z;X(ZzQ&(FR67)ka1P%WrmEH+KdET)p^gd#4)FEY9P z&5Nh8$SRLQe;+LgBmK=3(%)AxM|vwCw!eP|ibf$4qx~)AaTcg2I@G^6q6ou7gY&gB zI)UALw0qHy(DKJu;no}Z)&y_`h*zs+%(98;g@^R3R5N>^gdZ>6(9nK4@q&39PVZIP z!`j+td{(|)1e6oZRA~2jX-K5qOd;(~F==`$AGY29MbCs;q1JXwd2Bc8j-|H}Cvfhm zf{C`l4r@DGRBmMLH#f{@I)eXT-60LQt)DD4>Ccfs2OI|)#7STS!f|8+aSK14_)<7d z)z?&Mw1*djAwFE#_a zl~Mk;&%mE!4^?3X_G=5>8CWA@n~_I>67|xU2qiLwP+~1}q_^^6De-D4HzP4hiBjH+ z%s>)p@Hi>8aXq9)9B&ZPt=kKv=CT`ecbAo|cleXJ;u6Z%T-|!)gQoMKDmqlp9rjd$ z*T>n8oPI&F(DF`TQN-(+P+DHi9OrW#|wfg15Pnot#cDNi2$>v%=_XD1QiERcf@eAF%$J z8tZ>CH}u=j=c%5lg`u129=Cg?QFAPqDzgzWIZoF+%Fc6Z{8Km|^i+BXYDm4(9*@%N zmeq3$0JZ=1!an3RN9l{oz#g;Tqb4m7OP%Ax0QPgy^o92X8z-UUJ!N)F4g_n%G+5E4 z%AvWjFY>6O40a3TKtM}WlVQ=dkO!L`i}TohjRQfrT@0dMjhQ;!WM#TAcn^RDN`Oz* z-Pbt4&&$y(L*K63bHQlPnIeMyjP$^{$%21`Xrgm}WMae4-BL&n%Wv3tpf9fv^P?}R z25MF4OWGAzCkMtxdNOR`>kupE+STw`*cP4);7e}Tbq8!$SP^tzt!RW)^gM#fE~G1= zkC4dxRJIZolZL(Y8AxF^ybah5Z)k?u@HP?7wM5 zV#`M!P+{$VMe^G(s#J#MHkxupvjn}>G8_HGoT@@V@4`GFt2Hc(&QUrabx^}{&KQQD zvzSu_BOe|8UM)NC|MdhgL@-};QXe`=J;CK_peoAM`kz8SF*F6!BWG+5ev4FJX^_Zr z;5w;>X)p?Ml_HjDI4cFh&!Ne7hU=gjuViaNMC^g#f}yR5>qzkXB%Bz9&if}NyKN6yf}rsHA-dh|3KU37*H zEv?I&Gjy;2t|5VmPr=!9wB#UmNFX?D2@|aC)Uk(Q&}VJIDY&~XFq(HCY`T%*IXx{x z%G)yD*74&fk$j|z44}#7{6oFWsfs4^ zxjtZmy4H8Ljm)j8*A=!qN7xm%NUcI~TRv%PeKTuS>P+_K5|^iYo=^J~-mOe#M$Yt@ zu)Qtcwi%zq{r7sZ6Db|xA(>3h7ols=B|Y{Ddh9W0&HBnR`s=eRpOgD9^;>L|aZFsi zYXSgv^L}H{gC(-BXwH${;A%`}vb!eghH!C)oMew|Et|f@Ua%V8pE2zqFVMhxHhBow zwG(_suFQNxma3T`XJ`T+?xMAATGoSxfUFJI#EBp72_{VYGQDG2sr?4HF0_6cZtaGr zuWlFAJNWo!;!^_Hf-;!nMwH}$`1KkG;MBu*ltJUrYn}P4*1BhKd>t6U$K3*3fISDc z9lh2jspuga3~ph2T=B(qJe?IFE`FvIdqlF^b9H;C;Wh#szE9$IyJ_C$K5+71)Y+r+=L?e@c~VpFX%5KKk|MK0|Df$@2^OH9KORa zkNG&gL!O}>P>>&g#^?a%YLO+S$lgaHQiS?#iPG*ir4_Iw(=N~I&#*&7R^Qcw5XLc% zU!a7Hcr^7$hzkV5@L4e#KH|f9Q^blL-8_M>N{^H}z_i!;tXMix4 ze#46Gd1pPVym1fvjCaYfZvIg+8_vvA$aj%%ohR@lnJW$sJFFI;CqCBXL0{V{Ubjg{ zRI8{%6^2i-9xCE!G3p7qR?$cqX$-Us*D8E#&*fhUs}Grr`^^;N*#wdM;kmrVimVEDg1Yb5C(iWT>!Wy;kx-l^;9QHqb8?0jpl=rVca&m%uoYzNl|EUtTh z!m-46vnHQ25)Sj{1?lyLg7W^q{7`)W?MG@61Adj0^cqP@qCLptcYj9lL<~yfZvPXo zNW~83EJ@X3Z`0(ud~5PYUgodb^#F67I29-Tq1PnI`>UBGy&FlIu~2}~@Y>&xfKlfA z3)hnL<64r3^h?IPxTF6t24#@D;>f_y!|?LZhuV@4nfp0*1hmo3krtH1wSbKksD?Uz zYw`iF<9!mJ*W878D*6)7F`w9T9|@SBj8AUYE67*`Pq?tY?QO~JNZXctz}CuZ{vj&4 z{`8}^7>yMkL%cl%qDBVoYqGUpU`rHAHw9XxAp$z0gVL5|P`J9N5- zd?_S^*G(zV%zUc`htpPv%B)5guDy{Vbg#V;K+&}~CXu=J1}!W!7-Qe?XsY57vrH~2 zQB_&@Q~^3v6$8(*dFIqiXR-Q!~l+bNaQfm1SH^L4=^I6{OM z2^k|f8Q07@7pmxX2rx**;wpm4Q>(q3l^bDC@C)~$X|(4;dZ)xG(7P_^^<%~Ti-42R zy_VaVB90$YdB-hy2`(Ur^MxR}7|#&4*RfEd^3fxN%wW!L{<3>o@R@To$gaGgXP>d2DK%m6-EtlY{c)+}qPzPi1fWO^j-duC0WtE=RHBRbkla-~Ks>DQjTPJA^T^I+JRb zMY2?bVCnyId8AiP0XBL@LObd#S(PQUEyLfi?X)@+Nt{qN-PCcN07(N8%ypSmYj4=Z zXk3=44M;GM-pU7t{6uMh)kGu%)kfo0-M-#w5pO)UD>d2=W+dRImTt+l%Ygg@3uD<$ zG9V2P%IeqwN8^t#$bel%v>K!YdU6WcDQ^Cs!-Q53!%PwV6v59~2S4q8?Q752~!t~Y*@Yr%{Y5)gt{sZKy0r+JLF*tg& zK8(S+n_L*cxAksBfa99VZK@|i?dzuC;n!1)$Z|!qu45pX*Dm~ZDyp0;QOZwsp#zoB zJKZ&}WGs-Qp)6*C&0B?(TKLcL=5_o5zg+`P_CkWcNP?d*!B8PV$5yu@{rn<*n zqaEj8aPb?|@AY{kaa%z3c480bP7^aTOfZwmZJRV0--h9v<_;wdb}dOMnT z{PFXAKbtj7@n$qd%;kyQ5aaAfq?~mSYeoYAJR8)II5+% z&#(vWRIZ4Ca-0)2hCC;XQC4%f#*o>BG5ewYdmVoT2n8$~>BP{H?{)lAV{UR|_P?Dm z4`|GxaVO7V40L=|W0tuwYmQ~i8jXpa8;~b5j7#95%VFa@FBy>=fnQC_2fhJgAkgZ4X_n9Z z-wN5MSU$dg%w0lU+y%#bJD>7eR${~?c#Z@Y+Tf`Y9zb7)FVNh4n@$nL7X5(@E10CiUc2$Aja@} zz(OEhfFRt1u(#S8<3h5G?)aQWE7gY4q+5x;UZa(C!)Ow(M1Mr1V?w22^il*RdWuFX zd56&?aEU%fqm{tqOXb2>=wFKM*S zh%lOSLZWZhXq^^ew7M|RYYis1%#ARbvqN%E(`cO_VYE6pkb456C-$Ievyp1I(-P!3e1<1jxV2i~S{kOTAya}@CK+G*o-O~sE~%Uciv&l5hc2o8aP z!7~~tukj^&Ls2RT9%K|}loVy6R1|!RQJhVT>gdEvK&N%Caj&CqK0V#&n@xxc5hRyT zWpfeUWR**mO{acUGpB1d)iG(ubcv4Xq*LwkSVW;uAm84sZ;)>hKD`sh*#D^Eelw1( z3K5Et!R^2+VGctHuzY%t*RmAM$?|Cg=h`6nG=di(7shin-98Atv33D3g7 zhmqjwh#bYp9%Ppx4yQQBU*h*xAU-64Fkbm8^3$`pvEn|Vgu11Ts z#IoBU0RAQ=XLzqj*Z`{X8!IM0_?KDm-%F?Qw!=1&(~}u5;Wm5H_)ENU$1PR=i4hXlzfkd2XE$87yPYIZBmC~0cx=;P9hwvA0m6;H#o-Tk> zXFLke2~zX}vww^qn6K~y&luelOkh7XNF?qTZc0`38srbX(~FJNO!8~yz;ODI5{$|6 zGFN%lvF{GT-0A;PWKQZ3ocL)w1nI5peoW4rUcKHun-@-qW1y5>{{&0|mmKc8t$+(V zd%m}t_X6l3h!0vkzXk8P1Yd&p{F0j;w~^ewX1(Vto8UTUUH+FZC#oS8UWAH;3fFCUod3F&`YF0B38> z{XVm;NAdY@6Om$%w`F$klD=T+k^0lgbRe(U{Sc_3H%k0e z;RNNnf|;O&=Rt@3pE^}1e6hq-ZR)VoBe+Ob zMAd!Q(9QvXli#M{D!3J}i zSe0M-(=oDwhl$Uf@02yA&a=zilHd&?X&Nuyp&&9`p$RYEKS2X{gZ0L3N_d0y#?6&@ z3%z*zV3a+mu+WRQ4_>@Y3WJ|TjkM-I*WnG? zfvAQpi#5=LR#=OD-_IH7xKLxL?}ssekr-b8i~^|VhcW8#ew5Zsy0f;j;Cylt-jCe zn2nIJ)%Q8J`Wa^#Tm5Xrvn_ad?FC!?cxHPq$~U%pp%S&#dE*7LsjZH_vvyb^o!aV8 zA}TEY7^bVik0AXnynvWN*7xD9fMaNV-8RYK_&H4p!d|0qAoh&DVJdt|-!K(Ej<>L~ zLR+|eRVY3*u1>SXpXFww6^Sx*>cp9o&f#1mIxjS+hH4ctdpi*NA|@X=6J-hGk1&iW z-f0qd_gdQf+^}DCS-5$@SP|x~LY$PCkIdjqJuC#zE_sH&VWXfQr(ZwVnSA)TAjyQq z3EmkdcxUi-NdQ?%%~1B#|D595a=(9!2KriyUDn6OBcqk@#7Scw+?Pa8fs6b*{hil2 z`pEZ@pY`kg`0$YzurY^A4|>yB_g$3c<+n<5`@C(&>4F9}%>*Ks#cJyJ4{e3aN$zfL z+^rTKMt zYYqvC%9F4QQOYYOAS&DyCZ(;JE+AmUePJwr&3gcWd5)7b4|50qn-SCjHCy90GL>_H zT6Ixw8v9~f@{6GjpP+Vw?@INIo}9#2eLpIt;;>T%w--VuGUvndsfLvpUsZ5$`&hbh z1IAZ14Ku#K{-mqgG`ijVV=#Llw*gyR^4M?$dxPW!?BzsW9=9N>7PE4XQDMj+K{%)t zUqFHKg6)6zu7&23++)9mrES%XP_muo6>cKK9t~@+q~b4eDP_evqp*}Pcq-wSqZ{ka zaA!C_Fg#oy;EqP}+0JmffW6lEfA;Kr}QDlIX%SJS9#t4a3+Feyn1x@i>n5 zR2bH?el0&S0G>m-i#g3cY?La!(B)H{p_)z*Z6_@3s;~suI@tGpw1gW6F_Z40`mkhEP5=@9SX#yT1;OIXSN> z%6Vb`jbgJ&wg9!Spi7Yo1$m`1RY1>e_yI(O_6pR zYhG|~*rd%r!2UiX^8UQc6?w%~kxPJ<66{*N=OH8rwdP5Klz_5#smx|SYt1WWO2)M2 zg?>MSsdLcudk=+!&~GqTw+w0>;g&&cwUc?ushq|3TitENU8@={?@f_n5|;RO67U zlNB6vXFT^A=?oMSZgd|PHq#T|y@9*VaSzlJdf}5qwOm<<;!0(_HFF8Gw9xQno#uMgQXTwwP5ZPGZ+IAl22VJ}Cjd1Rk1AedG}r2Awjwb{ zvo*w8-`Nt2bAb|bb$!fsw%jTE;y1jD<+7#Eo)kQb2aT*zctfS3i{MvaaYpYcP{>T7 z5VAlZ!r?AZh(xt;H<^i|5daDi_-cnj2*1g|*EkeH`0)mA@7LAwo+7*0Sx}o47om#i zfEQ-4P)akXCyB}V0RS0R?9VF~%wVpE^#aR`#PYbZfJWC`+>F~Kw3(m#pP zN#qz_7{*V)#iTc_oyl5PK+_*as~3>)(k1z#M3vx+0x!WA1zv(LYB>>FRldlGwhVtm z`n=S#HzWU|JW@#S)ZwHzm*f3PNG}18ffk?+x2OTjjaDE%t;Hq1$-_xc67e&px;tH& zpDZm}DL&HfTYoK>-#fbla0gdhZAx6o{X62Y%%oXU7{OSflMFNfg#1wG}J4fv6gS;p8Xv1+B2FC-zp^2 zuU$(r`?c#q|I^SUY$u>2^qei$8Mq=s6U)DCkr&&UeC)X3g9b}u9B4``ID{#$)RfN3 z17($%EtgZ3uyS}Tsx-u4-4*Z?+m#0#zn9A}B3_Ca^BgaQ99Tn7sM#YLDt$Y=mgoqW z^ZK2jVSfKT*6+V3^!x8A_WSQ?P2O+({vQMC#_x}u>i6F>%WHG0D*i7oUxV zo)CDrFXBtq`?T1S4H-yHHnGd6`k@+Cja)t}8uc(`kZy_}~4Ya~nuWf|gwFtuUciL^6jQ|UGZ|B`;~KoU2jvSB zTIYHlQ^)d}+Oh$i>!(Q+s%1eoN-llq(4{;~$CHpo7~n^sRET9SJoW7P^g7Zh7dql2 z*Ynu>7ONmHhL8~dSJnFGUm>{=a2Cxl9o6%uiMs!e8vSeL7GJskb=<25cR&1M!|zKe zDUZzMeH?BpmgJU(aE`u4V?V;EZ;?j2@~EPL^61HzAdenHe<5Wld9;f+LRopl&3Z3W z9{u1lM;`r6R6;9{sxScTHQNCC;N+r9Z}Xv}V~Z{YJ;<_RuP)i}Vns-TCygZNZA_dtjo7yuJ~HRM3%rtsED4#7*213dL*1|Q1KS1@r( z4jvafGFwcahjXCD0L)ldJ35&vTbzwvLD~Ax8-<4z1l?;iiMC?1_^@UKpHw3=MbtE%86VT4q)VZlzk;!hxB}J5XS-+%0vAm-&>=N7NtbBhC>&C|3DXryZk9zN71u-+J~V)Yc8Ta;0nw3HhH52nHb zH3a7t3?4fHK=K0|K2S;1l+pe7&SaMzrB#Jv8nVaW5g@16p8{dERyDIMBfL5UGsh*E z*oXxL=z;$TNfc!X@z`frUI6C zuvc9YWoh#;m9S<+xX;y&NNL(Lo+GIR{iUXA+-sSkO>*Eb{!ycG!}7>#Pv*}>aBzUW z;--V6qOO&FAl-=%`sYK>I7s4W2?s^|n(?I*zox{Oskl;^FNDaV149vJ7>q5720AlQ zNuu;jw0!5|xYG=+DHL9!Ds--lv5N558Q0}sF!F{oMrjOXDfh!krA3-GoJCjaJ%Y;dJ_wJ8H$?u$bks;3AVi*gtkV3D9`RUvmNX!#}@5 z0XOXvwgBV%6!dR0gJD(LNWY!|8+Mf(M6>|%a)=H9GqeS+Ezy0HQYp->=2E~LLh845NR zbWtLJ_sVjjsO?5ZRN%<9HUXs=*bC8X?Jq$o;u6eohqBqr3(pRZ*|vYuw4dARyv?I3 zsSLDyC;~jRzcX z&GKcXPe$QNw-(yBs25FKRi)2FJ#HPW^4mT=3Z677=FoOb0qm(@9)8tl;uiY>i-{?u zHe|a~ycT1iq7uh&Eo#bGi&qW^q*skYt#&&~Bpc@0gb-(295)i48ls74d@m47; z7-!$IPgjle7naJ%WyFH6V2%;!Hu9S2`IF{-bJAS$&p9fPqo9V(U4CAeQPHD}28xQ^Tjs;>(U4h4;51J*N zdVCh33)JHyh3FRwurex1usZrJ7A1F6S>Ry?DDzugL7EkpSxE9W`PH-4nGMJve1Vm) zzR9K%Y6Z9`R4S2+HZu20JtPwK7nMjzzfr46NM*|I5N~IzTQm2tgf(0nGv%5KL?xn4 zel>TSl;Pl)6D+A)z?&@n)F!{7CxIW}&>n#vR}kFp{6WOIsG2lXm~ckXJ01~Y_vi}Z zpM`t6dfyGJ4A)6-<)DUpJEdVbj!IfJ$5Htz*An*N#qRACVEa~rWN#<)`JaUUW~647 z-{!4Mb`nOxTP+f`LBKm(Ml+vcE-E`uV(46$fy9{bzZHPc9FykOu^?zhwb!YmB49pnU$;TE%Ep5$s17h4RBCg;){ z^y7lxTw5%zZ z3y(@#=nq4}({MOOO(J>)#8->2_=q|1zl-=}RF&7DtFA;>x!igxs4K#)4+FsPYOjME znlu3IfD_&2&K++BAZTC#E+?j*S>VH7$A3wJe1TOL5~$yPw+lG88<2zNB8zh13(yyP8SX(Z zioh43lU`=&@CbYXy3Whc*JZg6FtDF&KBVx;W`h^_M|vB;cp6;AX>o{tve`i%jViE{ zLI3D^LL|`y5JUw{*nYBk`}?9xHG_T(+eRGZtc*qt@$j?EPQe8mf;x#sGh}iwBWg;) zF~KxFe7;keV9R}Wso)P^AoB2r--0db@^bc5cq!agZ&&=g>39;q&kfjR73>FNA69?8 zmw9FwoI^d+%RD$d0z-YCm)STx0z*B+%Y1ft1crLLm$`9x1cv&(UWV5uIKBDm5A{U& z&4#tQ32Zr6x1~ zy-$!F!tYdsR1nVmn-?1rwyhgLa_Cw3Z(TOi!t)*VG+xmsgQ$#sdX z_F(dVfaxM|vXEoLPfi**Fs4G)Bv_OWWdh()~oEos7A}d>*iq ziY@0DRS*)URuK{ai;xhQ2#HZDBplQtLSo4OtIW9~^|!z|kkJZ>I}=gPG2}n-;R5G) z&29cAWdG=d;^}3Z#_5Ika?@+b|DB3Mo1Uv>{U}f=^JT7hh4k$dpetS^9!rH%6<11< zJHm7)dmTj+3!cjFc^zlyh$}V)cP7FzO>xcJ_q^4S*{<%)@3ker7tTJjb`xU9Pkivy z&5i(@aeRA%O-Kl zn9M+3S`JoW4uU)6kt!BsB`ww>MoQro*plyiH_J&h9zIs+d_1|EMyfRj-ofx!qH42u ztqWCmVRD@;#f3W-2DuJl5cy4QF(Q8$CEe78k_QcCL7yIp-HIVES{6^?yLJ9s-zZar zr(N<$%><~wF3+7xniD%WIrI9Rb$~4Eo1}* z&hi?q{D0%|SIEImoNWs*t_-^AibiCcxWx+m+%!&m4s+%#jYrr_qSqAwx}bVnI4!vX zH=kSFt(HF2eHm-qGRcsIKOI|Y9d2jE)5y}|3E(2}H1fs7(=42Mv4a_!6D7sd3z)(5 zWULt@odS2t6dX4xASX__>y#crs}9Q%`7h&dJarc_l^y^+*2$1->XZ=0j4bM7-pb9H ziXcWJnxNZ$M*_)^(H2>BCSE2#iBHE=6rw06`h6js$_RP;ae8lv8baGWNslC zGLh@t`Fj!)09AKF$)pXJzz-N1oCrUq?M@}9;bIE1Y;%#4sA6h!TXHkSR1T|d9aGzUa`VvZ>TZ+PZXpd7_OdTr!Uf+!9`Kp0fp(%3aV= z36If>Z5X`+DRsl>r}3tKC~g>SVF?!yBu*%I>*r$-q8)5>nGK`UC5nzGHtZ=)A#4Y@$U)iLBxtPg3E zp3{~6{u*ejxO_+NERh~R8VHAX@lf3oOGmEF;Ykjpg#DyF&bxS=9^XB@#|wAu=oVe4 z#|u&F>T`O$5T#DO1N8W}&mY#~nL}Qq9vA7SL->+={QeI{d%Vv-=3MqTchiGEOOJmI zzcP`U0fSWW+RrL<`!0JFVi&r-Q3hZax_vp`!Yhz=wI=U1MH*U_I*O4 z^4uO>h|<2FfGE4bRVSsbVQL>QD=vcMAC6ky`vlWC5?X z*Dmp(0&`-uUk)lD3R_vSKS|;9QuOlj>PWRiL`(H~OyRWiv7>dpRgZBG4K@it5W%G9 z2L*XQbf4;AJw}1Uv$5wi@0M!?MMpJzxmw2!4arER-tr zLkmS2M?}L>Bjm$Y3SHfR?l=#OB;+R!8;|gl4)hGl13ziOn-QG5ybc~Kbp>aEUnncN zgsEfsQmkaMM2X;Za*5!KBT5D5u42LIPX)?th|eW|fQbSLHobQ8)cM0S>Kkku|0>5@ zpuK+aG}#4iY~}N$3aa%`Bdx70-Qy~*s{LuIB4rf%mQh0ub-VLEc$aB`G5fx4umS7Z z=Kq)YP2A*A&*sj4!0xYxBLy>^uKIt#lMH47ek7Mc-H4IG0PEJYRrYcy6Q1Q|J{rc; z6uBn6WsZA00jR?lqO=HB2QOBq)?q*w@p2XmJFWkM&Ic3rQeW>YA&GyW| zur0x4F#|EhRMbuJ>t|ZVfQHa=vn7gySLb*Cn2EN$^&8gUpPJoPm+kZ4EP1t6ZMaJnL2ao#TTWT_pN8rY-4|RK47k|ec z0C#bIJCkXS!|;kPo1^Cb@H_7P({k7Bnvq-3H6z!!aYk+>q}=SD8M)aA&)kTV8_f6J z!Omk7A9cR!e$se+nY|MBE-Zv;c>H2~L|=mejs z?B(NAGw@T-Z@SM)Wv7jwyD{dU^?K=JZ0E9HaqjPJs$m7p)4YQ{@{y^RPn|vWqf_U& zhZEfMPjid?(URGiF7}h?1;azP4Zt1!w=t+A0_Utb*URMH2;(}oK4$jhkouUVA0)pu z+eef(+W}6+ZB1e^&H815xI|Do#Q&aXVrMNWJsTxDT#cG8-Yw^kOB#zFsalS;R~5~$)%Pd`k2 zF#C{hwzf0f_&J0gjmNbb1{xJsxjc@ycG}a})>MypY`fnr!0W(rT5u zAhs?s)fg<2U|pi3rWQ3;s&_2bsjV8VmEZHc?>YCLJNE_sgtc1XMLj11jsk_k1^wizH^;4mKRL2DQ9(uqmSQ7*cIb?z?5ECTq z2sf_p6+=Vk_@J+Z=eK;2v@DKr^gz3$2bP2EaCBmW0dZq5YUgY3wdoYIJ8;Lv*$EA> zi!5KBW=*=|P0ytcbt8MhFz{Zrc-LEhW~t^D+2C|FtMGugK}SM%8tPn$F20D>^(Z`| zfz@T`m&?|P=J+4@YO>$(S&aB48iAw~U&v{Xx0pTJI zf(OLci72kYJ#btzdhcX?WEJ#>+y?cF(xzt9vP13twuU(=ncZ*6Y+tlk;0^t#)*d6D z#*%bfefd;t!)Q?)#Pa1U2aN|S=0k)SE1!1XsZ>5q8DoeC)*V9T)j30l(>G=P)pw=a zp0nfLq1LFy9@@A-IJ-mr@yUt&j9nXgK)BY^q8m*i14=OpQcS+R>sE=%eL#o_euwARg8Yd_@Y@l=S$n3jiYE zW)!?)n|M-NdwfR-tZHw2ZboVcn@L%>I#wi($^^tG5j^Kp>R}b+HtU3aj zwglpd&WvWjcX2c#kfIszVH|@9q-X|05)qcVZ8QTRiDMJlvS`KzQsW)f=v=5al<3B1 zqZv3)hRz?1W(*c^Z*?=2NCVAmJsEUI{@&LvT&L2WK0kxE0M>lB_*6~dtmbhds0A9%02qr4u(o)ow}FD@^x zRPV8iv7TK&768Mpxcag7G8IR+8$Z@D@0qdgKT3bVLi0wy;GOuq482G2u$|<&Q-Be| zxSy_Q?(S20I@Q8iB{4EU=^Hz^?%QfJPreQPb(0|eT;45hUnsyJFh){F5M}`V!NWIi z&-WDuTC*}W*U;M6JK;*063X|1Oua|r#f zcQd$ICd%0Qy%Xdo4~6)GRk_RKnHG{um{$4fnAYa9(n|X$M>F-0qPnsrpUvEASHV6SX#!eySRD52jmNv!TevM(2b!C=isl}(&AoM=+^mMx zua&MlLe{KhS6?;hZL-Q*U$NEhLAAnsmA1>pni&olRJ)hHQHE-_R3=Ft=22{u8uR6I6?Han zn!y?CMuDsBZYu~^8Rc@7aq#-LLJKGxy<}{z6I%v$e@ORK)Hdfqm@;plrv(aVdi6b+ zc0srv%J%sY{U5@QK7x5~_|enSd3}%f!8HS@Epi)x@BIwbbbwjY({>6!T92|=+;A`q zgPBr*O! zjb37K0m_-@E&A~QwF-r47EX$~88f}Bn9nn1{so=wUfuO(KB@P8S(C^)3MNs;tOx6d z`2$W?Adq`Xy6t3(=apv}GYw#B7p8Mhc@ywzi|v$ka_RA8 z7K|AaqLuMNu**Kz*_UiuR(KqAEJYA(r6l`9I`(P9tpUj%PKShw&?y2dNcPZ1A=$Y| zpSv28J)UtnW}%_HkgUHhe3E?~o(q6D*Q?DMa#G@SI3ylxygI;Dl`ll0W1SgEU%he| z7(q@S*b*<{+B5C+T`dtNV9HzWN>F7A10W!N`I2Nfoszsdk$p9q0Z9%kV_`G{k{osk zUl}NA3X&W(W+6kB69K@A!a?z(5XmK?aM0>R;Rd_M3=T6KtQEU8bx)#H6uvvc7lkF* zS-(?subrYlohd}r>rEYQe*E}Q{4fE`%1|T%63Fuz;Q>DFkP(gtLmlp<PEJ3rz5IJ5R!^z9b$C`$KswDIim~10edBg=n>m>xk10<60Q1Qp&g<|2W_wt7Tl5 z3;;{cFfL!faPXpGc=ucY&V?`MA3;cHFZ}N^0a%nj*g1x7!7+vk z8pQLf&v~U=|7gkOpd{$km>LUYmg9CNKe5HXkE6WgqTWswP|xI=T|H*rk(xs|B|@js z(w9ZB{A6nnp3z`lCh42wDjNsR~3nL1R7DbPE-7NTN`%`lAi+z z=V0OPV%y0l%cUE*G0o8sl^Nb`=g5=pbCj=0tww_tG*XvFXIn}mzCWiOq`!%R-Hth# z12&T`eawtyP=tu$(`O~d7aU5+fVNbcp;lRUG^5*ZPai~+^V1XXU}qf+GI{V9j|Cy9 zq8sfNQQZVn;Jl%Rtv7x}0CsMi6#v}~3L|2U8UDr>#Kj1e6~JW2d@J z>;$OJjh)Etu&U6BQ-@VDpkf5-NMr>C4pSA$0f4zP#=BXL5A9u)zKP|M#m`HXr6U~5K38S_nngRD2gy(!@Sc!-Bti&4}NIcUEBwc19 zl11W4ngnAER*C0;0;fd~99{IbQqB=B5J)_vTZz|N9+r4TuXm`Cc(@aYoU1TLeR|=> zFdH#Q$85j?k3l+S1HoM}NXKm8sCEp}F&pC$@e)O$&PGo(1G5p2bj(KINOvr5GeSYS zwYViskY2tzr2hhl3lj)tB^K$a4NH-psSJ<~be9!&2I>(=24XBBI6##gYJOTNfyW1RcDEb%<_>Wax9$@OW>cjTcUSVS3yLqZN9*8Gbk)2dV!OJ$^XX zrN<3rY#8L%z{$t=O@Mz15#W`& z85JVH+GE#>0GllVK3HK0u!OL`+IPDcNEg_aPpkbmcWCuz>q4tdUlH8-JVy5GL90{y zpj99H)bE96&Q^P0h|%2Fh1p9Eh$GQp_tt-pIJ2VC(MQ8@z$LQ1AwowFgy_YlXb`4j z7a8Nv;rS>i0XQvD^uqID{KResL@#PQ9Ic^h&(EV7PF?vPkiFIPa_JA0vcXmy5q{juqpLBO($G${wUYXq&i}%`_(v)Z{P*fBGCBs0 z48|Xo;s~-g_E3oa*0=C2zcpt54v*EzLFZ8aVsvuQImo$3hVM=o=^W%7V+euHQKJt- z$Z`FdnG~Jey8a|hbaLbR3s1Le2yGn4Ok#=i{(qMe=ldW7Ax_K^7ExKD9CHOm9_|gQ zb&Oe~n2IrLfGL=aF(?G4pmWEd5SW5qAA>@01YA$n2MWJDWxP{XL&>OPQF!5}r6{}y z*Hc&&QW-Bi3964nVGO2LMQrg_x1ulxQ;NbqF!kjT+s`rD$lzizRsBgRrhc?VfGIHm zZ_z!c2(iTsPchZU@SH;irY%`Z_JoI|xhFir9lC4jae%mH!#k_Dba=OI9t;oiv#jta zJXMj#umIxM669D6g{X9mUrSh)@oOob9bqjY5TFkfetB!@YM>!9>R1Zd>EluqPO1n{ zC~m$hv7#c40fq5?8K5xUF9U?cARTK7D2ze6Dkw2XR|O>o>8tX~^v%G&JOyP#ATENZ zSft3}MRSwJiN zZy^0AKwJb*u}H7_S1Hmj-!wpaIgxHGs4#1aCus1(ct@i$ix}L3(t-3Cf(E4n=`jSY zNRPp-BE1hTf_P_j^!gfvFk&R*uSpX|yy5B`jr#*Xwg#+_O0ke)al7n;QrvF0Nr2l8 ziCbDtBBEFQ57k8;C;91{{W+-bK9nHXmjYIfCGy@X`F1HehDCt~R$=lHkIPlT=Gj4_n zbB*=mn~};)TR*;}$xItRzJm^+DG<56-nflrro#n-nMS(x<9|>L&vdUh3YW9VoQ8*{ zw$+)K^>BK`whDI|ctFGHfd|w^o+hnrwIgG;xVQMw2Ij{z^y>yerzKHbXV{8wGxYR( zqW_?Foz&*$_9ANGiLCL&S~y1NMx!_(V=me3_1>|%N6CO0Igk549{10f`zJ6WZ=*6U z-mQ&6bipgt4tOMetzr8X6$0z1C9dv*``U3Wm7u7>qUaAeZCfzc#H~GMo>9qYF{z9M zmiM`4Siv$~J#_@T!ggt^D=sKuhi;*4`siPyMuaxv|d<;wMNVf^Xbq8ya9`D8fAR=gQ(IqhY z8wU8JZ}+^vaP*zxBc4S+C|qsr*vj2Z>bm>Y$lz|X-{=q6=&Mk#^`z90pf0z80a`ma zc)Q1keu;~IDQ1B>L}js*(W6j2jD z1ETH+Hxc%2GgUkrX8*LH##!61j8p@h1ojE z49xD~+v_TTP0X}Jk_Af%049?Pmxe(wE*vLDtFdu`xHw#aFtKM`ZmVI4BiNShmJq}R z>>lZ6x_gCxHj0-@N3a|6KxhMWCkVfAP;P4}uW=M6487eO0IE`&F^z0hQVKwM&yq{_ ziJEnxxM9><4*68(sg&%pChD_W@FdYLl?FI-ci~}X?qmmt7iH}CHMWF>x95AC83f7o zbGlz)V-YmwLblx`-Xklk$nM7wuNJpO(ZE17W@iRr%5ptvvG4}Ad%~qa0*wM*%CA+k z#!X=gv=&;?cth?5E<}(3POsH?i_0qQ?Su%Yu*t>g+z~>#C(@ZGP;R2vR9-lr`%p+- zEc5E&E~%n98EFRyZHZHkdR)<|UZ{F@KS%XD_kKRI)=bL?PzfO0Q){A@q%eq+gyfC< zdw0zP?Qwcmy%%3cRq@33LXBogf)rE|DKRE!5Xx$E z?NV>gIgHM-`+ivyu}Q$p=3TKBcv$HzA0pvGomQq7s)8YylAT(z)s|%UK{NS@OTAxc zR=Yr!m*HUOofvw%_x1M(zki?g6=?qPF8s4{tKpU1SGrj;l8beK-5n?*L+$QJ4ulNU zQHR?G*>~&S#L2cnuwLYo+7v?E$9{Khl}PJ>Eg#tux(xK@(<^ZMP)$R9Ou;hX)= zTQVp;`5(B*b^z}A8WlRjFEE<3K`k;Ygc0S_td&a-j2V9b3utCd7 zJm<#MOrob#v*R{vI*A{C#gq(9qQ^;mRkJXOa($QJb%TVn+VZMYBV^~M zh(njQFM^*Mq8YG#u>*5XGy}FTc3_Tw1bt`M4ow0(bMTsQ_i% zN+L<9B4s@{yf%4-jf2HTZ8i0B_N5K5=!>V#FO(2)yT`zr#P zM4ZHd_o9`)4mnv#*6jX*JwfMYBYIwMafBDn|27zo@l8l=%(_*rZZPvhA#ppbFBjCKeq zfNv>J6PPIHTk&1y-7GbDdIljla(V`p<;lwm=|O^Yy1+{+w0j%0lOCddSO^I?TOfq^ zOCFACJ^w>40sP3&o(&Y6{iSU`BI-G7tlY}LDMMs{vD@4JbqvUActd3bXl-k0)`|1_ zqCBs$3~KJ+_yCRUc`~8y1|k_B2=_Q<$OJd09P|gsta*v(Co(x%L*%c#(b;H_Ni5;N zo>OdEHu>dkuATAmnzG6A*Gk#s5g!>gSqSEh&#JyjzSEUIu_!p?o(l(#TFVnl8ix+PJH=v|z89Cv+s4M@>zP=+vUYa;phS)YSX(m*f8&2*=4wPDn-fTs z(B+2m7U{3!b#i(vv-$sEJwRI90&@tqn752eCPxls7I`s z0g6?g^+Tn|FJz|2P+74UIt+0wO5Z{~?aI+QpXVYpFlqqeb_V5?Ti%G5F+AJEN-R7! z;mhbRira(Y)CJtaC+-a_b_hB0S;6OpSP2E1QVO&cHgFVyxi}Sksdxx0jE$?XN2r2Y zT9~m-Si$fTb`89SER=N^=&>Q)=DPPwXmUO2HrqQlJwb9=l!<)attoY%?+eEa>iwLQ z&-YDF-RIxTa&JVH1j6@BWS;s=d@r`nHgc8_3nA|0IUpM;h7M>~1;|lnLsS&6ID9P*bDw${L^u)ow z+KXu({^t^1j1=QNhwD#3_$FpEnHvY%?eTui1l#p8a4l^o zOQvkJkxoc3Dk(h}B*V*)49|h+E|vI;Y|22y`koMEs!&t`YU)rRvMJON&B8WI+&Rr! z%|e^)NC^ur93%RGE2uHE&F||-g<1!84VOO`>j8f z%&aJmA3lu=!OTurkpTy+T+>N-4LW{b zldzC^cKE%}s*HT9DyL><6U3tzR(``?G>V zkgt8fNbKD|7KsWC9@O<3vI|FJb;#HI+{Fomt-7UwXkXYqOTD2F8vfA>4*DJem2$i^ zcfi+-AU^ad6bX!x-IQv{Fe1EeU$?dM{MIbH$KV5z+U1JW?IFxpCsJ9#7pd>Qw0e=s z3S4)BrAJu7h*V~TMQX5er;#bbL_dWK<9IpL zqJIXRy&7&1$nF7o!IvxuYf8;GPc=g8%2W+ZTn|NH{`Ay*UlF)L>vtRbmVqQ_gXUNT zAjVFT*`cs07(>D-W9D9}s8Q#%FeK6fQ^G9_aa#}@Fx6f7MzG-ml#hE6s4$n#V>LN= zhr&0O3s;xpUijIOS^(%c1R@;Z>xSzZpr5oY==V`~ZxnU+PEXzIqwY3~2Xze`WItDd zI-^kuGR?pNF;|a+L8qZUG3Yd8G3YjA5jhHo%<$2W#u8gPAhf?f59|T}OM5~;y#R*> z<0NOlXcYaea=w@6nXR)`7@RyfrY>{jurZD&JXdg4StAc>jVBB>-CFirW91#$Ph$AF zkyDt;IVEd84zRJIwKhcV_ce0WgR@kh5D6~b47T0;`7PyAA==tGk^OCC9LCvuQ#3=J zy$#U}b@rYU%}{6W(a{Wb_U;$WP-pKBl0gG>srL_0q*XVRKQeRsj2QFOo=+kQgZuym zeCEC4FC4D*s+Gev<%fdtCPceGnB;up^eS;xI^DpOy2KF1G7w(Q=1dYX? zI|8QS!=HhvzQ^r6Vrj@4hID43eZ*4IByiI_Vi~6W;fd^EK{UwgI=~*Gtk`iM*iky} zE3iI9tYX}v+0BnkAI1&qMO|DPmz!>$*zGmryc!>hsf()s@Qiv1p?Ez?0GvHcL0K$% z$r~1C+ty5O{e>mf6Lx@PRbQ+zXVR^&*~|lxX~p6_m>^dn03ur9;tV6guGME_*6Op< zQ_uQJlD}5Z#tJcO6)jGQvNlA7kBx1(5Ij#mp zO?+1)+JJ=X^%g%V?v!5d8ScFF8UOvp17@+k%~QcgNNtx=(DWGRW=LXBmiZMcz#g`- zoqbz6W4)#p+Q1STr$5CoVGO2GkWmKtU*HBSPuGMo2!slLA${;VsO%hr3|zyBcM2@l zGc7ZSC0y8Tvs-3sf~7F7{kH9x+j{kH3<@s&7sg}>QVMJzDxd*h^}1<@DP!OKAMp*O zVAVX!YZcG`1kLDuVks|EcPg9;>W-AJL5ap)OdY3-|CnjeF1AA#g**GPWiuC#jQU}c zU6rK|Os5l#qxlQH!cXOSPjmN%dqtXn{YS__3jAh4)+K1CFi{#a75<2rk5GkAA^d_0 zVxs2_u-UJ;U^r&P=K_LDDx`cY!oNl{K>2tx?&)X-*un*g?C+u((3H+kWN(gUz>I*d zcuXWCJ*b7NpHC~OgbqQ5T2P+jGd8tUf<-f0HyOc#o6uNg!aPf3*C#aBl@jZzybDDf z?yk$2WCo0Z#6$15;d(LJh-2~ z#|Q$f24k|IqBU7YwS^U-Uhl$JKzkgSaFMA?V_L%LodF;%I~KqSrFF=ORQUk;~aa9Iqf>?V9EI_O|1lBiV zM*}(GVS_)$BKDO>OA)*E%PwNKc`>G?Qyfk^0aGBHcGGuI?+}>~pLWKi{^dtK*~j9q zF*|pD!1W?(ViX0xe;lwJJbaVSpeQ98FSku)?bKMQ&)}>^qr5x(>NzFNH%}) z@bRb^jCy>z{hd$mn{NB6;hqc1#zJ|@ZxXK6)?uJpP`2`UXKJjpw0h|)iN;ATAePab zmdG9uNhhfx<7<(ObboWa2+bLd4NF-i2e(vTnVx#Z*L2NwAO2*6BZ{aoB0dS7-VRhL zTqS-o(yNj9F_ zW_aMkt^Ye7xWyk-!6XkPuJaANNmMj8evm)mSvKZCFQ)PkEUXSGDhdU%)k@%g4)`4Q z*P2oGO<1XgdHB*O-QHXiDKuXr zM5)h){;zoM0nXyFQIoxG-v#(07~X%)=O`s|5Gc6-rF2=DQ_Lrt1S`yZv6DY4<|;)? zA0wP%df542z)qss7nuhgXGCUXB>@Oun9)}tFpnY3e|A8DHLyk+-3M^+tXJAP_UScU zULW6IN?ZH=(WNceKiHgd@5iM7BK%gK>!!Lqk-b`3k>lSb%Q-8NogB@;>bnHTMWY!I zoR=oDqoWxRoaf>?f@lT==S8@V05gi&b32DkabY6+HZm;Ek!#npV^f$qA)7+d#8_MH z#S*VQB{+9_h8_{DXQW$WEwdnu^P;zKiBAx4(*9v_OiOrl&yPU;mZiW)UPVb8H?)Zi zo&NLRiOZk{^}GYi^eFU6ACY1-PI}o?ufxtEQSB_-ckyG z1Egqx1IFL{LrhDt6#fb=bxYx2Q$Hon|6m0PRn3WO$ffWf+mfHxeGv+uMDNL9OS^}m zk=0Z94z{c7`syl{!at-x!SCvo`(i1)D{wmCisOcT!TyHBu_YX)QM{Y5^UV{uyh`6< zYz29OUbz2=j>b#3O?cQiN?+|~E>1PE4ahs$=Czr;>@=wdjw;U#WRvz&{0voaGZ@9y zEE9BBHv~kXHZ69Pj%9_`Nw(c15O5+4T3;>DFeeK;4+ma3g8qjZ+VBW_NslOOAB^F9 z(m9T{w%vF+bpQk!eG9f4qj!fw(9QxKt3$&c0>>>z#(EyJHrPLwR8 zl79eSDbKUq(!YTSrfN0V)D|1b5}j6Ta`>Xk!sIE7Oa! z(wA~nj)B6U_K;&{da_?r>aU?9$^K2Lx5Fs|no{qio9maifeV&-S01++?Jq^^Cei~B z)%18haFq#)+}dIuU?1(q5>V9X372<$Gy{AcF7Gp=8Q|-1c~cUHyGVks!{x0T7C`nL z(DhhiRj%mw9L`OoRsg9YI3M4j+K~B?qaXK5#3`H&i}5Cka2`1SfN=$HBA(54g~ z-0k>+wT4P9vlcC-(u>6=hfC&VktQXxvMGhfb%hN%^yfa}{MGo1c+44(?e^iEV?-w( z-9^vtBf-4k!zBnPBHhk+(j0JK>!o*Mr&)Tg(hZtUMuuSQ{9U6NplNJi`d+`84kGv4XMJ`+3hAx-*}*Lv!4j&reT1?>mhBfqx7BgE)6)w{>UYE`n9N zGY^CtL*1GGMr@-q&l;r%;b?fh;{qK-*GI|Y$F6;)@dKH9+74jUWrbZWNlDa1uw_;@ zt)(0J_qDzEdLmopPcy_;i|j2YvRj7|=@kJ)I(#l=(rU1H^;VCz<`-2tXa!Fy^U7b^ z1a^UW&#tM*LSpXjXj||tWl!=9p!escZeg#q@O>?&4Y` zQxuhyIxQ>?^vIE7NHk$lul*cCRyN%eJ2oI&<1wbK=)zC4nE@z{MSBZ@^&(K|PR5E8Q} zSMsSxn^KDxr#j4VsZt&31IXFr9wri1q)?L3se|DUbxP$MSW4*?w;eUt>X~?4UNR5q zIKfz#Xyj!u_=RUnXvsl}F3#6H+Q!s$>m4Ro2agRcx*S9;EHPB#?x4i4P(tU1z#hg1 zgtHRZ27DoLFO%p4t12d~G8ArLDHmAtmQ&#>rcXu?D7sGf>&VwW>J5Krv$6qt-pbO@Qq2L1?wEo3TBluU9J z>bH_qtx3?x8&O?%ny6$#fZKJ3Sjtm3NM!F&m>^M;L(P#Y+8QSd)_vml%v99n)M))akEigY61zD zDI|z-<9IO2%LfW*97KQnU;%yIG(a*vThPJLc$}6&uMHA3Vjck&Ajm)YzL>1kjudIJ z%)AuF=^&V?c^Er8Kp2mu`+QRqNSwE;$PZ2l3*otu@lZ?VrJHNIy`RB8QS{Fy#^uv>`gi=KbaSek7l!dwu5#}& z7y*6szcYFSn>k53#`YJNYr6G5vw*;@7JA2A7jiW!=JrS}kjt+Y_Vg2;i)Y6;5A0tR zw8p*dXTEN{?5cThe~1Z{dDznA<)u<)3C79Vnfj#&+N_jJ!18VU5btHZXcG0^-tv6E zvcgq^*$>e?u}AB5 zbagZ|pg1}zE8L*lk_=~L`Fia(KQ-w+_^7Dj z-Jpn3z$Q2lklP1X_W&&I%Yf1CeUw9WgDH7aP^Pl+a5RHo+b0?ilm_jBOIMias;3O~ zdRxoZO_)-~BD|z9loj15O3+r5+Z*zIqby)CMjyfakXkXdcoP@@5Y5VlAT)KV>G@!p zM_A~lk3UII?nJ5H^Z<=e%gG-ZuFR40=_i5LO#O23spIiW%DWFA8pbpiEk+pAT!G;W zFs8Y(vjxNKaMU!{{N;?}eY-lzhnvE%-!VBg;TPshk&@)Q+yiS)wY7Pp`K_P=c zd{$w!W>um}Icm+}!&sU6CS;JnG$qxf?bVG(_~IO|d9i6OpF%A#uQ6jQ6MFDpCc=7Emd0H4;1gPz*5!b+Q>Cn?bR?zvp*?p!95(f}+p zpxslYS_+?>V?~mfRe=4kdL(-+r-Di#V*vzq~dUcnw^W|Vk`BpMCVkkr1aVj`s~pdc>T#MB|)B&bF{ zbL?oC3wq=Kh_jA{Tg_Jx3ZI^~h-RvL`%frdocpakrU6JrU>cm&-sMg3s_@?kS#_(p zTyOh_#B4(Y8cJui@?N%FILI%bS#g?`=vEbD42-*#ImIL_?Ekcx#yyRKp@&7 z;AUcjieEZwsmR~9QD_yhgmy~{t&luxk7n0eTZ7DnGOf&yn z5YTT=uj5SmsW2!)!;mgohuL8qN|k1J04R8o1+qyZYs@XyhrSl7FAkE{akl_5{;LdFI8wWJ@7F33>o_w*8D!w6f@RemHqUsKkprD{VB@K z90}31USWYdgTNhbyG)*%Y5y$a^-KJi#T-;(a>ZxgdY`Sh8!Ha7rKD)dKR{Oxh!5Nk z|JlvA~G0rV7ct@Ecaq?WfJzsK#A^7o^MWgXmr8R1)NGMno0BsgUBx zQQ_sye+;Ww)>wBENm$@~SK@n~e#=ds3)8Ka z8=pG)-wwZ&0kwl3+c8{S@2ecpK?o~H=}wU2U>#(qx4{+t{6YQ^qSEg_&|fi3z!#ju z#J66xOzZd6~5f1dxuz%Y!lPh1l*D;IHktTmqH<-GQZFQGo866^9xc* zN?84rQVbSfqw#)q<)vU|NqJBM!CpS4m|sQAl(`5UShqi!I>Ho1s{RB49tK8fhE(P2 zE7)`sAy0boRVHo~?Cr-2cC~TGLll|BgW#k_oH*r`i@{nKw6&dJi}yT$;`p%LjtAYK z+EEp-s-T$q75w(^Lj{7U#*^*H`i~8p6E)P_^_=Qbw{b2tx4=2ETvyGdzaS-3KNn=w z9RN`wG^uns8vx-ydd+AV(#pJ9OZpSkc)m@b{oME+^QEiN9{nl`EooH6!CGRr+JhtI z3j%Fg$6Q-AKNT=cob8?d)q!Q|A>CP4nZMR%gDj0TnlTW{2mE&(TB zH^e*oB9d~=0yFOwSg=FzZPp*!p$kx7IWXJDsB4c(7Q;R%nV6PSL0Q0qs7G8Q(>hKP zTEmsy(-!lmch#kw#J-oTuq3(ZUlBqMMIz<@ghQSCNOVE(cWFN`?YaJ4BU52zxciM$ z0Ubt`!ia!uM^0D6gETG&c4hqb9jV*d5u8F0$UC!3jgJ{Fy{9~1zcsR%TK6>gi6cUJ znF?hRg%Qd_0-+3Mq@lK%dNOTSKHskOiY3X-OwQMX&DK@`d!DSfW1d7Jx8;->x-whu zN2zJYnA<6+%`k2;!@w*W8G>B<(^Iy>Dn4I98aa`snO{h|-cK{XynK3!6p}w)I-e%W z*){+2yUu*`FTR@^OcUszKMM!i?~Vq7#{aQKh*#o^{gE0pkNlGV!|-~5Y4N+TTM@JK zfT$krmE)&=L=+*lTT`LGNM*cx<4t}O@;4Bi*K=i1QfKO0FcoIiwqxZ@)hg(uBUu;x zZfM|d{13C#?mdb9JS#32qv zvdpj11frmxY^8dcm!LEY`(XVh1*}EPh>$@2<4rQq1sLc83{-S>MW&LiFaykEIe=Q@ z;V;H{1{q98a=hXM1MNtjWbo7CWr1FcpWlj>QQrd6Uf}KdI}xt!Qk#PHyc>jFU|d2? z6_`E#UI4r$nO5p3KuzCKfZs<|;lG$izuLVIel5bJ&+=|Smn~GufUda$ijjsA(Dlo3 z3Ie)*6;44w*KOGCovQ&|^Y&yw*R7fQTYZYGZ_n4>>LqRt0=oPzZ9vycGKHjV86W%! zl*0(6rENe0gR8AYt! zyP#bsAyAw0H3&!{1ES_6Yw0%-JuW&eLX2YKwjNSU+5^Sp@_Pcs#3>(AOxgp*H%L3Ax4rNn7_I}|2(A*BRl$tCAA@!QF#tWwf$m6F>FXR(t^J*C71{v<=7?h)2M zhH&|*{$a#$yb92*Du6a&#J>?}s18f8(NqTxtQ7YmQXJw$4%>c90W$cK)yBf@l;=79 z!!;@7C_9DbH^ASG!89?2GbQ>#d!Qe9RzEoTJm9l$4y1wwcD4~PDp>ekr$k}}3zF>5 zHRfBJ;h>1jL0^39neS20xILt2j7;p<2vlLRcTC#*Q7R=E$Ht@LI8w!mE2$S@I~^Si zlurpVsn|S7LkNl+@!av;MTpos0@&-&sX5m`AC0TZp zP_k*ocq~D}!w7@)X%BbY@q=*ad#|_rr~Z;bh|t^DvnBla&wTs{LQIB8OW0+r=8x79 z4^p*4X#t$%>3p(zcr)9St+kB-a~S z>=C$gO_QWWiMM74Q)~x^NC))lRAF`wlS)J`79|sm!W`_dRXQb5NFwKgch}eqKt-Ts-QYZkPK08h&#Oi{;X3AQ+(U<;Q`YL*3?v)v|2p=vD`>yX}?F=5zgSOW7{R>5J(R=+TY(@OK zpi4thhgjz;oZQd+kP8k!9*~mwkuR4C?q;<>D!9SpJ#D)Yh}Mg2-&5{$`rcXkre9Zh zE_TEf;+}Nd&uoQlo-^8emF9JOsf_M!x$e*Iwlk!kJ4`jb?qrYO2850_m)JJ{@T_Tb zmT5EH_M*+Z)8^^&7bntGz^U_8pjreZbf???Y-`l^Sp(I~T~4x3Rny&ewm`W&1ZDPq z1EmpTqVa+wQj6=s`T>cP=y~kTeV*6nUz3EMWab*Wh*5Y3J5o=hClWF|l-)?AU#WC* z4=&kD*+%RZr2sjAgZIBc3YH{oqg?7N0ci_z1O}aKiGW)-zDY__L+oYz z>_{y_zmTVk#-yH3G;?y$5F#LJ7U3oj&=$@(oc~9&tW*g3n<0z67X%J_Jf)sb*m1=R z!J|oWye=yIf+~?-vwj)chgaT;V0l$!>@BddXGN53Qb%o>iR@b8&^o-S{dKdnf8HWQk{vJ_43)t&^N9f|4}`R8P5RX zAw211Otp}sSXdoFcusyWlxNc#-HWXm|M3Z1K==TtNu-qbagi|c$U^&h^ zZi%G^x?5}hIq60~+y1Gxq6*l>KByRV-BhS#-}Ogh0>qC-0-iI*p4d)K;e2wc!mGQf zAZ*4zE1o#pSOnn`qnG5KLJ2fM{C1%yDh^;#M5$#_#toz_DswRR6f8T@bBS1alP8jU zJ#X3yI8h5Yk)?h}VqXOF8f@Q$5Pfd!2@}%ORx}Wj9F76zY9X<)E>+FlmB~=@Y|xhh zfC3yj>{cC zEY0xZ@rc9UGEFCU+M)*hK4t88c%gu=PgRIL2#aX+N8VuM zL-nd~-^&7&=DjT14nlMO&P%UZr(A&e-IqtJ*Q>lvIHN7E5hvKe*_IuO{bqFp-N7;5 z0GMOnWQo=(2EX2qd5-z_u=6dwqDiZnIS-ndjzot;vgmMDF)!of=?erLMfmxOG zTpw1yI{?R37&|aaP)ED6HU|g+G{z-CyePb&5|iL9^N^OKgLxeg`O39~4BdR~no(dD3d?Hj>1V29?lLnOVtr4nhp1(3@pJVU4hndV2O9)$v81KtB0z3@G!xT{nf zSY$%1QjIh_b&gUUh8jpWN;T3g(x14{I3rs~-01^x0hWeO%G%Iiww5MCGKz9L6-}H9 zyg>dhyg=@?jbruJ>n(9@2PeIZRV?ho{h?q@)YXBZ8advF&7G{%RY11R)o?$%qRoxj znhhgPe!PQ)8@7+Jx&fT=r*x!NpjYsA?@ak)&6+S$uyEj{E}0fCoS}*A3DFEaZ+J*F z11{IYLDbOS;`uNbH5sl<`8bV3<*=$3|pYr6SFqL55&M@1zxAWu;y|sQHg(8V&?bpqi`&fSYImX_TBQ8ub{n|r$|;$ zIO{(MnoZ11N*1bxYOSn5mhp)6wlU;O)@V8O7*e?7zW6hYOlJn{i~>s=C2Z`RkRPro zL5bi#sA+2)K&@GnzwWf9BXFMg>K<|HH)a`?v(JZkE+ zEY)dAN>-0))MV+jkgCxdH5=2~ES4VK4v08AY=72Bq~K(F{qobAQf;bd@N=1d>VjPQ zjRai?ZPQb2s53qFxbH~#1{92ZY6T7h@N&f&_o1l;U_@+tTX;3Rk&md!qindeIz z>!8sLg1$t2`bNT*k?|G|zvC{s}jQr9c`XdL{L|1C^ zslb@NSC|CZuW0GS7xbq6hGwZ;6z6<8MshAOgMR3shi6tSXqMioocXgf%B6pEML@_&7;e1G9It#n1YwTe4Hofjw&&Gt2=#Pm6&wKV zpfR_)t@g5yd^;GUYCaatP*wBxXojkq`Dli!nwLZ~RMq@;G(%O*WHdun&0V7zs%rY9 z&HM|aeMXD<$T=rkO%-Z7al&Zf3j}*5vefZPGB8SHs5u3+9#km~BWLl8j_1ya57f`O z!biG5?P4u?w6vfNAj^&-S^q~~7vAL)5-jU_OC}k6%|jR5|L);m8$u8C=NlNAE#d3@7=e#5 z1BW-faAjHI8gXVw8FPb}?jZQL72(=%7Bs%nu6gR^@{YU2)!GHV3S*08>ZX7{euJPm zjKCi@1B~($f%4<3@E_3pe7avJ_(Hp1dUA4Ke0M70)B#v%94djK%CIZ%0U8L0`8_mD zMWIa9=cUD(SxjAy6lzRgiW ztuf&#SO_1#g(;zaiViHFRJY>i(6*s56#>6bh*wquroS=+%Z33B-p2-&&>moTOE@>$ zxfP=W8mF2;O1wAU@1x4fmm6nlOzp>LB(9pnAis905hQcwS#*GUc=(G+SoeENl zQA5+8b^*ZyyQUup9p>=n2 zGa-XM7J6qBIYe;H1qQFfE;2v9zx^5_cpuC}q0KwJ~oK)49Kz_hO28$V3~7=^N|KqD?Rys7Q=RUe{qxaV0b-Xk7IPE zbYFhy1crP-MA2AoV0n9ChQvH~YYzx97D0ZVRF!Bj)M#Q)uxF$`?n&_b%@Oe2R!y2A z#pLH?9nr#`{^@>UlanpAos^F+VgwemCdSw8idYBYMjnY($^P@vNUyLma; zq{p1w_?kIr*t3B(*Xze;geQ9{#=!58ya)nqguxg7iai8d$Yn{U7A$V=)$1k=(yUZ- z_5{N11L5kIV!u`%%|8JP7r2z3d==Q}oPK?v1;1sVDn{qD#YQ;AV)m0g?^=D5-IhlX zti4RYCRI93NKf_zzv7AtQ1&thdEnN1$v{VH21n76B4y%_Sil|Gt5H@G|Dt&%fP8H` zcy%YW=W)%cx#OCfdB<3~SxWJe8t=(BQB(t?Y@-3{zs`2#;F+A0$~-2G+so8^zsg*2 zzmC*g6h^=w#)c{_(0r-}`?dGN&&*@&8&jS@Inc~pZ`*rtu-9CMMui58am+Li#GAX5p=XV0nyxQ1b|F-AlK9?MY)W9ecDyB+Ug( zkbwYXRl`swmE9&p#|xT=n%6K!SXg4#;nD=TpdMBR4dip=U$|Ce;a~c}Kt;S)hVd(E*3lM~rqG7? zof``CfeWWaV{@X#i7nz4pYR$$(7jrs_Xf_5WbA$ihT01sJ_#}}0I^B=A$`a{tD=@t zQ5OVvp`)-72ek;3<%&jQ#0h<-LfBkX0rc&yCbtJ!3NVQy2m;CTNC$px$d6%O9Sx!4$ah(+3_zBiA@V_Nbc|Zm7E)z7CDc4VrgA5)IVyY} zvqEI(!3vr5%Qasim$A*e&?Zgjx{7 z4aBy$4GgpYBP`*Y{&I5|$$yC@jQS;*z>)!+F|dRuPFK~=u(Uuu5Y{ycN=o7Ek4R#2 zahWjF)C}1yy*@GXyN2BIwKFn{2YGM5rU-7RLs~zDoO&Wh3CILo|7ew5+f{QKnkgE`q%^!V*gAq9P*J zS_{9%SK})Hi#--Z4>X&Nr+|@w-^o>H##)QQufkcP!t;W2(EU^2L9nyv z*CGdLC(3TZI4NLMabrM^8C&UxJhxc3s8=@la+j0qggocrdoBp8T$c%Z>D*N<&g-C8 z6qbBoR!62qZYxMMHu}6pQs4^j1evybC)J3+7{cY0d5nJ`jd-DON2(FPLvd?_e#-PQ z{SwXlN-J4@o>$X|ixQWl^VOZ@YEAgbCh*?maIuBO?%#IY zKHgK!Bdl5dIdA~3f_Y{M%wffUP%hOVR~1ppvr#E?16fC` z6dEh7*Ly|^O?t&hp-q`?y&mH>5WxDBGgKV__!pBRO4(+wU8+U}NXz>0yqgXq=3}nsB)t%+w1v*QrhK|dpI@`7*DYbrJR6Xxb zIC1i+Cb7(#3P7$k)*2LUU{ymvqg17I>S= zCUsXyeE$M$gJnXZ6wmXItO^pe{wAH6t9fmIWcAiF%$Rk*;G?b3E`z#*NfFCh78s7n z=wyNKL!Zl~8Vfjb07MC;wtJu4fCd%&?H~^E_~}Fpm%$62vy)jH;w)HQy33yC-(<%N%m8nKdlJ|L+0dm7*>rV9pyZ_qc-kffLq z-5C_qkU6*sRd&-1r9oYY>RYkOxllXE(>X$9$V5m8L4gg08_~Ux7P?@hL9y^Qn*Bco z7En(MD?KDVpm`F&Rb(IuTM+qX*DH@;=X~>2r-&XL0psK?p(28sxyfa3L*V|)v_;%d zIpwrJ$o>=WbV6#Th5Ii!CIZ_D^YIz}Ei2rGf0&tXVrFI`o=@NpxBN`CSR!g*Z$0eM|&KsDi&G#MII~rToAq4I7Ke>loOCu`{|xZrEEFqdhi?$|AD7!h`OZv0H}A3~c<**b~Q|Fm~eDih*ykISD0Z%aM+RxNg6PXmuVt))6Ykvp>ULWkr0BXQNaJ%{0FSzqVj&Ky=b zE_bza{H!{6*{~{m5RNC)aQ5ufVdJa8%T7w;0NNxRK>K7n*d7Y$-U1ws-X|$ch+B-R zU8cu|iQzKA(gSG3*(qaB9edi??~MJfOHPR$?foR9B)-brPm-%y4xIK>=ky8XQY#k> zQhX&Nz&Y_7_FC+XO1<9PQ^jbq<<-VSNaVH(x|2>P?cUDurf;GIRQ)HsXU>H6wlORq z%iU1PZdHDH0XW+n9|I`X(=Z=UyW#oRfu#XB|2_^7q8y^`m%+*XTfYi%R9A^90?2X} zEkALY_t;Dmd^SB)4tsx-YnG{Z2H_<8ArqykolA9LoG4;XbKq@jYHlWPK)MPXvTz1? z04mwk@F@lJ8a8K6i?@(yASt>ENAZV-a2XpK0Q*3Dx7=^aAzT3jry)3IM9}4m-pMbS z0>~#tBJO7`&nr$nS*IbqP&ZXGs@MDF(WSE#@zMiwAx$MUY#*-Q!*_e1fw?#OhIH+2 zv>RB`mCi;x(k%5l8|`7JL3d`O9qE?tQU{ogcAd8aQ(XzYX;S!tu6_6LU6;K65rjVL zU6Z;c$hl39PduEQDsMO08MTM>mP2#zDm|oEi>-=a35w2mteI}r8D&2&(P*}7gV-+yC;jKp!|JA#4rG$8x>-qF`%l@BO5KM4r0}0N=npMQ>S^iCc+w zGtyq08Qb!lkK*Tudw*_v>N$T~{C12A$5Y=3VT^C zadORabLayRH6(ESmsylF`e0_oD(NG3l23Qhb5&v{DMe>|Y+}as;7R&%a$?qxg+Z+; zk?pa!GyJnrb(O<@Z2y>HYtI0Xd?N8s%^Q3T^eWEi%!^zo-RzSkd%T|w8g{b}lx*s~ zw!M)|kuxAR<-3v+Q2t&CJ_j12ne#xD>qs+(N(PSPz+)+Yw64t6(@evDeIgG_zZHWe zMfu{&gf00i9vlh3MZJj$Te8Kd1=(UTVM|5t)h-cRK|f-^2b?9^z^9ys=D`9VSj4v{ zXagZmRQUKm#)dMaUr?ceJ3o#=MNyt+pCT1YRzz^Qgw?MRuUAR_iF42}cVU^K(|wN& zcPcxim*PH9_1@XhSL(5r%M#g>qZv4{ae5*f~ z!T58T06NFHl=BnW*P6b!YOOj5g6}psZCmv2Iw}UUphu%@qM{Z0hZw(Z;)XQ)hli+79Ew{#UheRuxKue=o^b?0uvVRSQwx~K~)SEHv%UK zV=)cdmMJc56q-@f%9V*Mw+h0ob7Y{7m?4A8u`bMz(VnSjhddyjaFARwQAoQva@ zWGvxqvsdYmCmvyk?6ZlZ0jjWxb5Hb%%AHFfZCBqUE4J-qiyy?|gJql`o*f{~3*Qz> zDXF}ZLqQ)==mjiKXX}4VK|28@5tw4p*||q4Iyba08Y89b-=V>J40@OgMG0ZV`q?{}8x)uL(n&Z;mf`kN$wb%9#dO;S)l`%a%lzi|jW6R4$#V|p_ZNoS$hl-+)R5ZF z=SS;P7LG;GO$t-AVo{j)=tTAa|C{V~WFotZ+rsIg7Pzs}?%j*vfkNP!i1u?T`$0ut zro%3%tAv|Ssn{x*G)1qhr2R={4s_#Cg)d$(MF)eyOTIDJ5F6b>Ubw1LDCLnlIz=>@ z!)+lQ_jk8P(uobYh3-U#j74i%%65dRAp=k}x2v2n2xYJK2ByT=HKptacPXXpe}bMA z(KqOpza_opcFM{f?Z#F~v2rBgdSSe=!!Y=LlYj|=0h5Qil& z^)XgU;mSyUv8EIrdz-=gmVuX0f!>|+{`A!QzMCfOOqZ1}$9f9CQd6$iyOO=5b9i~V zs}jgg$NsBO`B{S-PBM?kHc3F=XNsE1K7`A($8g)_R5)A*_8S)(HOWVtw%WE)M_BP07}J;SaGIGPB&B7 zHGLf)PEUP^o~Nfi0(PdSKK3VJQ3Mjy!HCUXlmkCUj76aFmmrNDJ_21e#8rp1(GWNn zlwb_8V8Y`an~oy#VG&EYj+HO!@R$N63BVP-H@+`|0-Z2Of!-;$D-P$nlaONKeIzBHJV}K& z&MUW#{}Wf6UIZ6hT^xe)YX(XTU<3v*$8TK7CE}EEU;jXVN>lU+n^S`(A=$4f^_~K0 zQ}Fu7-@_?*{o{SS{;@(||G2AjQ(Ro&i9gypyo-F|a&!3ptho2Pw05qqgu|RyZu6_K zUm<1$J13ftFvIknUSD)>o=zHiafc*8f!w!HcHsbP$o-QrcIh>O*<6>%_Czz_9J(Np z?TBXRlO*$_8E_6^vC!=m1}gd_i3=HOVYwLgS(1VEqL=~^-VEu+cJ&1hXe(xyU1+`A zaU?1ry-~JccuJVD$0;`(@+E&$<-I`PMTRTPa zNpwX`^~!SUtbLI97zkE$Xa<~>sYG_9$>?Ypk6-vd z2pxFqxy7(Y-xz_^!S#*@nt9ZlRTzvU#h+IN8x&>YAY4M`%?3WR(SD#nq9W#6h(k{p z81CEBg*=cH_vv-!43XNdb-RzHES>7#`%jXgkaVw|;{VJMC95FhON@U>;bPY^pmuR( z+Gioi2qk&9kJpi$JW*_g$VteSoC3e9bk+K?HEgEf?0?~G>D~gfp#|pPM-&*H3nPS! zUX~|0bR7j<0HHox$I?}{{zvsTn71#;bb>iC>IINVt}zAm!%Sj|MZV$|Wyl8(F_3Z% z!NU#8_->?c~zH{FA; z%o3dK=MSkPFM`! z^MCec08X3<71LAuA&pt}Aw1tRM4#{BEETT6Ki=`@l$Uwm{WjQpOLB)KQZVEL2M#|8 z7Y!O^3AOkIU4zOO41^Bvm=FH5(!2TU{$<`-hi_8mjbFNHnfJG+@N01jX%`=Xf3EHt zQ09I7G}3cBGZnTqnV4md5)J=uW2zZvp>`7{e&U`^-{FX;8o+D;s@y(ntvPfQP7 z)cCjfE7AToJ@q$V-PLs+=%wO5GUgvzOiFAUl-u|B6h*Grd-+(BEmGc_AoN?>FZ8H) zt%`~O5_{3ryVFze`knd;Y;JEXw}*8h_zmHtT2X^?BiB;ds1|d<)6OQ?&AXVYjLhH% za2J9={l-L}InBml0POv@mA#T)@2eP*rKNCjoWwDU*Lk65Gjt*2{%{Byh?rm1e*A*5 zzW_p}MIN^_P7%X((Ul}4P@*^8R($g?(pQ;x(QqD3Cft(iJ%=qDZgpgLMy`_qVq5HO zv56@hJfEo}F;|Z_N}G;9)p!I~rRpCGPUs!j$+rg~k47PAQ`h-gY6KVUF9z|t>idSM zBMQj+)8XHKv=1G=27Yu)FJbirv*a^-$`kPzybdqJI$?0H{R{^Eb*+Xdxdj^z*1OTn z-%(0&GgLEwHkzTD`Ge66)y!{=W~>*@Tw}UGZ)KjPH{(Zi6`F@+#3=Q>5m>S%didLu z|C@UF9tQc!gH<)4>>pnu2u}5L#$$P)K!WS?eGg~A}WR5>57xPzJF@kirMVV zJk^_e%AOb^6mVT$jTAhkd$8zyNitbTSq^1>pP z;AZ*0ew`S^ZxhNia$OkVuIDj;Z8^e0B`8`=dy=hQT(moWVa`27gk=gifVCvi#$&lK zIxCQafe~H_qgjavJ;AiL_I>KX+S*j35<~N%Z{&3Q$#pL?a*Ro_+I}OiR}NSJeoAmE zrh96Y_t9^-9^`^TfBsc>48mVR&pJtU@BLX)t&7cSKfuE2fL{7h$jm`gZB`&l+5*C( zsJRZo2zEy*E_B>WabuuBL&+iOd{w$_f>pNfhN6`gA!kAhBSlZPMH_5UajT&5lhJtL zj6Qle=E@V119^6ot!5rvvRpF&W;^o$z4tX+v{C7I!2@U@SQ=)4_`^4~u}72{g8a}V z;LdiuUAtQ+9=*qmk4Y^^T(cF*;P)P>1#msnA21J2I+d%^@-Y4_Q%L+XE6HGI10a|HCqSO30 z`^ko6n*Zdcz(BF*K6Sc{7ac+Sb(NU?JGC%B;f-sgR*v50g^2XnJB8Zj1o)FHlQ91- zkVa^a&7>9!rsJo4NFFhZAcVJw7kY1cpndaar5{T(0( z{)2z?bt^7hE`8h*yB!)R+^z$FCL_z!tav3=!A^t_>MFgtGh~3B$|c6LiD~tnasm2} z595~}0ysc_b^=d(N;i7iMfv|!oUf_v!T>tcd*C?36W-t8)!}k+T#G&4<*v1FIfM;6 zcKIL53A%L{Go(Aa9%4K^0_&_m7^rbk%1I80$+lO`6gq@!S7O3+@-VgSRu_1od+#%q}wd>1`L@DGD@{E{%$c5YNuoVl}+fSd= zf8?fs)Lqtk3$F12?KcS;WtGKIZ9|Y zX+D{J)W5k*npLnHT_8z=a?HT*cXD!+Gf$Oh865@}*n&gpjXhOvGYXCOP7Y&q!yx;r zjJhajg$1|>=OIYg%(tP6ZN3BKsePUi^629r3$ZM`fH*06 zR_QbGIc*8WQC`I?78L=Xag1~wOj|S?zhd{>@R%3bDfAf};W9z%!Aw~PGaD*w2`Lw3 zHHtpr=XjkhLLLl}-qC zAkdT9D+{zFqf;@rP>a$&mI4LTY-47B0lPYp-5e#QNn_Sa@^tyP)VMEt_v{GWl6Or7 zgVykX3wP62q!%IIeN4NOvU>7`6z#Q;hzAsd`>opqh*_mi*pLD2btAm%n+$jQVM!Ht zt=~6S)_S|Z-sf6x39_q3f0S;0^kk!WjN-iz{^YXXO8uN#BplS3)lW(bjdt*E(XV_Mtdq{hkuj?;GJZ(eLXTGY_zDvhye0U@i9)A)FxP)p*){ zWSm%19SE?Q*;+lb`3dBnLW!M=xsX)&cwIJ&uM@Ggd{Cl!W3&g6MbqR{6wlPJz=*Ig z&&D|fL$U;ONo;yVfc`*^k~AiP8DVy$xi#DIQ<=o2Sh$cCgH6W46WlH<*GreacW50* zDS-II5RweUv|f^;Wpp2UsTvyiueL5_cMt;^9*{!gxiCs09u|im@K!og(`5fe(WJ z^g$`P=0Na5qoW?PvWk~mfO;+OQKH=pX$Ag6ir1tK{V(zXRw|5^)`I0PvjH;DijasW ze-5rXQYvyi*32_c3Y>2D$+i^*2PG$M#)-v`pFU~<>lMJvB_^z1>!X%XRV!w3ZT zjOfA0Dlp32FMNq#7_oe3;X~Q5YLg|J*!RE~L=y`d<>d5dqd!NZg3+y?bwxtVG%g+B zbYJOrKh$1hYO%Nhn?1yZ^$n+R_62;n7*QQ=uSE8dXa;mRWXwf|qvo&J-fciw#6S&Y zsxP+EdHV>(NbY6tQUn9wYMP)kDf=1ADza!;X6hTDqJ|M8EITXRfYi=^Xf=qrABgnl zr5=b4dSv7VnH~au&WvVYn+yBn-->2n+=%PhCz=7>wHmiqL^Ghfj!k5_-by;xSF_&1 zNJ}#G)vRZu8Q2E^RNP~W;nB_mtyn>Ht_f0+jK5fJOcNeGcy(vVhHt*6Jo=9xmGbDp z6%LP9zEe(kJHYJxnE(ay0|pGR&tOr|&|qV-&GQT5wJqwwN)VO!#l_Gz20!@xy0`aD z$fFS>G;uMi$zmCTAOim$AJxNtgerIkc27(}qPZ3ytJaIUz`bMiqOQa>($j|MDbR}! zw&2W#P8fjmmmy}3WTJxE3VT}M5Wa~|G^34D&v8kboj^*t(xn)acz`2oa{c()#RkY0uo)3cn9)uM8|)i>sYvA2vndV6_#V~u3bM^-SJ z{X)Ue0aAcs{)@@b(g6Ztjw>g zY~#A{-UP5Yx&PK)4Ax8wc69q5lBikv8+esjK#O23{qeNz4QFFhiU9iz~HTs6>HEOy$n_Agx-ZQH4y@x_z{Pe3wkzsn`o6 z5X5%KLm(`fmtSK92Z`pAEe@_F#566Ozk$Dl_CoY@7bJf`PxH~7_3LMUi4Uzs zI_Sg~Shk%UU%mdmUn+j5DbqVRF+**>U^S#O9UrIL8jX6}Iv8zuXZ_(nD~TWH{5ZM~ zlWUuG)Q)}ugxY4imbGvFl_+H2orTzM*=fyR>%41l*RK|{>nGA zh0MYM*u(xGFA;(xON2iPr{SM~xMG&b!R2eZME>$#=@O~jFn)=!!@%AuJclh8kp^W0 zoxVsG*?oXPAG|f%qS()^VYb(rE?hJJzIBPG1t3fC@Vvtn|Ar3+)C+ON8<#ko%@DLk zSA#V(9UrT(W^SEjq;gnkhrlT-bV1J(L>#$L5fOI7+%MS{b&yDcnvMo*stSY-BRat~ zd6xJvLZ5up)Kwi=)O=|3Fjj7hW~dbt9aYF!Sv)g#R3g1U-OP;Y&ELe0>d%tB=A&W^ zkFOkG*$+kE^Qo$I}PU@^GS}L|zVsLQo5-f(8mYg$@kTXm~_=@j z(i1ppi;Q}*q2%zwgpJxIRU{JuFZd)Ik{iY#lp{G%XJHLiNyrY;<<~EgP`_XeyCvQ) zz+Mui9{Fca0RRKGVe9Lm{`@DZtVce-Z7S;;7|}BDBL{Olb!Y>sdkK|AD_{hb6+rka zFr%ofy`)_b;_6kEg!_MXbfhJrIY=R)kx&)X<6n=|N{wRo>?&I}$`W&n-LHprVuJ zGFE)5BgTr~5@5i(_qBfw7k-@E^SqaFT(ZKZ7Fif~6KBHq&W+h<6X&*Y;an6Rjtjp% ziBtt4-mmqfS{qwM(E1&~!wz6$Q$&~XYN3AG(dMA(TNZuAMt?CP^w zF0mMD6`NRJ!@sx`$#xfRL<-}B7kF5RyFk0&>M@cm|Bj{g2+<&R1OD1o zjGA@98IqMjR!-l*oFVV~C9;b#+a>N4w8?Dk)1)N@q6qMk*~FcT*)gEf0VG{FgCpXV zJI*HBxzfs_BN~tuK7y!7WD66!3V2VFXeF|Gd%RT6Nze7I0lniE`f>XZxXWiCM)RQ! z{}^KK@)^kS`5TZgBjp;O5NZ6Xu(GAQulJcS%fXc`*zz(G+Wl~Oeux*=P4-5<_8c96 zd&EJ_7RKus1_&I+v4Stp62T`}%)W@ItHyso{op?SgE|%Ij2pDbP|Af<0=3=BhXYr& zg~bjC&JPJ2>pRXfoq#Nd@wkv&x)`h*wTBrnRF-YYw!5xZyg#kC;|%l-KP>18@*P6Y zJ{opUDL!E_YxuzgQAK_193oz^Tr$!Al@UPg9Nvwv?+C@X(;nx(Yey-9E0hE&g0gHz zq{Z{(k08N+$PB73@FPN69rNbb__CZAMm>08)c~VtU7b`60o)=CKfWWrPlxjb!ZgvW zyY#7Mi+fh5*wSwv>vrmWmGHbpM%c{&&YX(&J1Zqh_i4}i(I-gXDtAA9#Q9dPEv?XP zgFEpGP;YoSwPFij9KMA?)XL;aTUcDNg0!%j zUlSXs!t=Pe8_y${dA9ONuSO{A` z1~C;P@{9SOw?4PS9Oeo}IAKGUw+7B>R@vG<(QycC-g z>+R+to|omJr)+B;p*+MIxGijmAcBPubh9pjGri%H-v=TC+thk9Yff-G_doK;E@Ys* zIR>|J`N|EbjDhLvZR0u($cnFtQn*`E?jxUQ?^o z--w6xu*0_YuO)(8cUANpDinI4!3bvzg^xQFKH*UK?c@jwIG_Z?P&0>p&npSooO=_+ zK0UY~KL9jtS@YbJen%#YVVlUH7ChtT*S7{D!U{lgil}2giX1D~6iU$0NF!aDNut4! zhvi-|UnIS^t%fwme*xAMNvVGGt%Et%+@&dmM!pd6fgzBT$KtZB1%P)eOhu2ul%Uj6p94;Pz=ehay&6o;Q{&^Q@wiW)58kT2i2Zq9h zY}U}DabNOzT*M?z6q?ZDAooceSGeULyW0ZI5_8#kp})H_HSyU9ie1om<`qJGLVx~u#IGF)wlx*#Xx^VK| z3?OFjokT@B2F6-40r!|YcZ~4u2icrzhW}Dng^@KwVHnK-j-CWe&>A(vzS>wpl+&U8 zqMQn5)pikuVB`3J=M}=Iem1N^U@?%yDuk1M9x4Q%Q$(BQFyx>=oaiG8LB!1pP%A3T z@5wdYZ*KaFNVrq-mOusbjwqU{cBE3?{QVDtAi#OXYs9E0-rbJ2%f}msl`$k#Zd4R~ z@>g(+Pbjx=LYYTp3BCaG)L0f7VJne^L`c51w}r?YmYa&NtH^GFQAT)PZW?PGUVTri>ygg*AKG zBQ%MJTu;ZAQ-LxtAu`5~h|(93edc2?=`!nLnKp(41$`WaV2?le;cV^4kyrDQu?oPd zSoEW>H+2YjnFPR38dOS)P)?yPGBwiUcv_NGpsX|68Q2PP(-KgRZmeH&H$G*SAjPT$ zj_m90NJ>-av{YwSeA!wInXcbuuKNKQ$zXuDJms#w8wr_}P1B6&cqW07Eh);%i*oQ%CVN@KX* zXflUYc-dZWG(2DaPZcB;uC*i`0Goo<4plj_3EN<9 z%hSMx=&6E{fgYavZERPp@pcV@J6pAtV4SS2i7K2Yp0^5T6wp)01bVK379Jg5{HA&m zP)4!&Y9bQM`tvD25JPIO_2$scR(q-Kr;54(EK7?9hHHiX{pTE5Shn?D2+@F}HUa|NFH zwO6(}4OGehrM(I9$YT)UF*_$1Bj-*UOZek;C`Vubr@RxhRjoTj%wwW7Fu>OKZa4;l zS#W_A?*n}!yg@&CY|;C2F1&22dYts_HHVU=kdR284CCkR|@5zy%(hTG|qCGX)D zX}_TN_rTrU>>K}}asU^tebSb=abaUi<1dSL0aPX+116KHqbCa|0$vKC*z*#$?= z&@aJn(+(&@DU43wfQ$JHhho`3++xCBN^6|eI+@BU@ZSB;oRl^D4(+5Rb#knYRm?PM zE%~cW-VU-= zd??JJ$y5jXDR}hH8dz#*xo;HYyq`(2f?sy7(@JQivRM?rd9>f`@T?#)Z24i$s2;&n zThU!qx5iUoM*T9L0yFA1m{C1C4XmEWY2e0e>x~#Sax9rKH~&Vn-;>^q^7BhlHlJce zUOY5X$hOQdtDFqpE3_-?k%k%=8TINK`oMp>&)L39^&gGAl3tZss z(LJI&_i`!7Je(e`cUp!6Uczvbf@*DM5DbS>n#jN58Uw!YTJW_Noi6taX;!B3YOMW* zv>r?OF82#*RH*u3Cm)#A0)x5Co@}Q}|77!Q08BC6l#{%1d#&HwCYpMJ?_Z(AYuwLbEN^_YD06WecrGElRm0_`Nl48CMlSgw;Lq?xYp zrB ztrCI#B@`wa;*oW@M%=c0I|H-(?%-a!-`$ONd+<3nqSO3I+MX(BQPAmSXczydt27Cv zmVtft(o)M{N!8*fF+>UR(UyrNg#-m*pEq{4iUvG&HiCfmwh2Ef1b%WX`5(K2PmY{^ zVx(rjG|JSq(@k9Dx*b<4=qduEh@<&)YEKo|h`IZ(XdtvgVvgF4jsA65~N4s)!AKsCZG*mEON2UZxwC?H9F$=!WPdnsr`L1>P(34jXjQ0!oC zS?msuW2bX_%xR-3_A{JK@VIh4f^(wadc^~yBai zbM}2|MA$U@n+)!&nhkE@^Ssjwy%R~zDkC<8ymX2Xm_amTs!4HV|InNGt*cek8n2cK52^Quk-iGTCyVBS4cW(Z*=60C= z!a&Mc(JGrJvWl=yfzB?VGFJP3Ho)j{jum@Q!pNuSk0J_4SLr9R5S?T}DYW7LEKZ{f z33XT-zF>}fA++I}rR{V+V#BKs`v+}(Ff`@+Jw7_yjeiakmss9Ttpf`;+W~7WHG7Mc za^I!1-%ZaWTV_92wzFSYI6nKe#R}WmFDx9N{Z5J%wzFR$Tw`=ktQFSqiYRfQ>NrN) z{iN%DPF#*W=-a5B6}N-ma64M_XT(=Us$dLAs=V{7K%YIcLp5_30G7HM+;bS zV9+eR2$+6s(t8e~KL;}_9RbY+yN@F#D3)oKqVk4O8q}+XUW40*yW;q;dcj+7$P#-^ zyMQm6ef&>)dBARzbcu~vt_J87{1)D5$c;WJ>Rc`RICh2sMa@8T+C9xuFzY0T0wG?F z_Xg^uYBW85v1=hT9=iWKG#=t`AWznKD1^qtX)Lao3HU}JmX8?^5!mlXVbUaKJQPZd z2U%sbr~cCgXFM#m_gOBLwp7)84ZpLkOMw>`w6d+$%B`Ve6*IaufNmvOMVUxcnc}I$iELdV-vx(= z&kZ*vHK{ATC|kfqUfU%uC1GSZb4+_RYbGQvrG?%)VicjF9;5u z>0F}y5EP{};f<&ZC*f`dB<&MTnk-2gxfpaJ(&Y@Ezpo=nngf` zr1YazimbSAf)v4P=etxPqbpsE(WV!3h|mU?7~1gk6|4r?~^ZFm|p0)56Xc6ITtje<}%d7q~)#w zq@`=e=vYTy>zC$G7U8Rv37=oN(8vT&9Q0Y)VhaTNq|}{{dZ;%Sq9jK~N~>)zVa!<5pM1l7E9_ za}!tPsi`WgYyKPs(3Qd5{4Lm9@b*_=bA^7h^<0bQdrt#`^IR{`Dn*liSl|u-F6KtJ z6RY1m_Y5t!)}lEhS}i5jIKS%lD~t~qO^Gl5HtKM@(fk4P+VRkgcCU?j_c~#jBJdhQ z`5~;W)J46u#Jk;oo}{A>wij9&Syf355lrWNtP7}zDlTv=DkN0|{~G6%G#RND z@0etZ2=ijZExQjQY6l&N|6%yHWDS&pygui)g5aqguGB>Cgko|2C$JFbjlm+rQ|Ah- zi6yY?wvq@eXW8+Ol`vtfum*#ca>icI2P12X2*anxKENwNyIw*4~R`=WdS)G34&T%#%A-2 z%6CQG3m=p6n4*_xwP~zY(v&2XHbqzjCp4&*hQ8<@_Dao|*3xAtIToBs zA6O6ynTNq){s+XTF}t)rlS)UFb!?kct5O!^2LL3*vyU+GpMXu3gJn{PR?@=Q2Q>&o zMH|>7!xx(-Uot9Fu_&t@DXW2uNDY438o*e(URDDcksADRHDV8XN3a4>qc!*d0eNLA z&&m$d#>7|+e7PES*~f{V?>TxHZG%xJeRIpQ8js_0Y?hfZ}2 zIKCV@$>C}wV>R&QYNUp%k&4y8mv*4HjiGh?kG$di#$ZveUEUnyDV?m&_iNtB7r{71wA$0`U;)GlJe@lg}ODEK@LSUb(5UqdDKN6I#XT|~+Oe|U=P$b#UC=TP1hhALT>>?Qn5@XGC#1!Qz4;@5@P#R{(U?cmDdS?n2NO z9DZuriCyOUX-V2dMkh~e>+=V5-Esr(1KHkjU2FK07jkv&3RhEkV@yTSRiV2VG{oUU zd#=v&TMj!}A7i%|pHXWw#_YE;Ps1`Fl-{#gJ%(Rn6y61gd5+@~BCZk3(;K9%1Ln%B z#FZKluf$ddFm(@$!9IlEn=axHhZq^ytN7`w>_=}3^O48Inn$4<0PrUc2x}B6fv9hd zS-U@|8vR9T>kuw2W6)oB5ry=y`SbA}I2`xKc0R+BbbZhwIe~c2&5x5We;&a$VXr9*D zf(rMTFTN~PEQZuM97& zzy-21UbpTG!ZVOfyObslyp(hcWZ(c4&;>I6866G3Uo_?TkNd^3ylAdo%x-}fk0yc8N(~)vZR-m9!mGpA+bu z1NjSg6){(zQR(aIEKo8DxQ{n61CqMiRC~H@_>&GtWpS%S+?y6ak|70scDS3|4H)p= zGn4T%a`Zr;n#h6c%wZ}W;PzqUXC(+zWn_97?tS&x_>XW-01-6O*qC;Dn4$X|V~ZXZQnr{P z<riV_wD90$#!_{{mKhJKdR(+-V2+@Pjd5sh;9>y!ym zZmMK4vf9;V#X#PDG8GiJ=@sGiV_0Ohioa_jzmv!x#0Ww{p?r@0+YSH^ab21j=W5on zJ!s*g`42ge$;d^>kL(}n!-j-CWuMMNg`(NQx3@z+iUu)W6tpp1BOVh3JA}HW-wo|l z7*MvS1PNq~jy!t^9=qWZQ4z{x5-hVw`K>N4I_JzPACcQ+BXXNygjp+0dEHKe;A*sJ znNT-ZzRP`5E9{;tVNl{T^+ATjHhJTKVV~%FddksHA0Oo6jrsHC>_e;JvckPvgpAOb za#AKHj!&`mH>{-}|C>;902W3CEv?JpQRRF5H-xe=<%=2C*%y6Qdi$O9##QF)T|yk5 zg`oy^cw5rOROX8hi1cE}qta{bi=>k$=*upSy;qsw1U=1-J7Or0P@5Ixv6}U}=D!Sv z9?CVnO!2~_CO^c8s~u8$-l{_R6{2-{OQ5e3>W4Zvo|Ffi54I;X%wCs~dU_W4&(Grb zKVLL^qJ( ze3bHF@tz`j&{^O7%MR-JN&whg9SCuuvA{jb1yOmE@#Nsk$UkHr8A9=r$ulf3wk+Uu zO`KYdm$9Q9MSk?}b*mmf3MiS4*obRRyLN{v^K9QvRVKZ9T$SMs$mWYDO|CLOIeo_} zvtSus=U(*$id_CD{BzCN zi-28l88n}}8}r2D?nII(Y z>YRt4?yeEQl{YsWuwHxKih~jE%)k-ZS~h|I1O|56ML+d?&xe?+bDCYgLPx0)<|R$y zPdiCW#6IKVeIw*vn3Uy7Hkb4bXo!4xh_z<*v%^Ew1y4e(4Ix?sRv*1rG<6>$4-*j0 z9@?e^(1dxrvP<|+K%_`oTd5AQg7AxnvH732v=qO5Ug~U@0Vb}Gl*4B#@)^Bv z(Vg~oHF5SkR&pu6m>_h=_UA|@pyq*^tBKD-{L}bP%yHS?dFDGj8AY0A^GW6<+BIZD zZj+Qu?vSZ92(p+7i`?Qwo(cyUfT7dgma;47EWgsSbAfyxGl<)*pqzgZnd9p`tYj+$KO$Dwxbg zdv%ca(-Pd!N2?2tUwFfYSW0()geM?YMCYJS-K7{B{|f_al`qs7q)#qDqIIVbdw>-}FSt^S_=4&D zP1rDQEzoEnu!BwJu9e^#O${-_f9_g|0rQdPoU<&=AzyHAxf6gxm)>_U8EHo@qtPa; z-$k1YQGCF+zQcgIB;$MsIQ8N?6hI4g@VQbgYn*+i=3rUl9K?Kz{lC}aM5Me;{S&}K zFE~`+<4>Vt^bQDAfU_+Dg^OGP_0bhHD91Y>RuH`G*kpok3sBePxOyB;mUk)L&Ns>S zPZob=j-Hu z2*Oui!H>{djd>tMoHPIfVAg9YVmD)YdclYu2(5SeJkj=HPicG)d!1*=?jz!kH3K|0 z{g)zf7v9mx6Fk|so+ku$VI7@X#P07mO~156(vG+{S)uBL;od6>Y~!H43MITqEYE^ST3Yv z6d#r{dpkw`U_6z}BZwDbd^Vb9-|iN3$ddx3qC;xgp%3g(MB4+ohK+1@T)f>>G=7lk zYJJ&-58y6kTVKZIS+UM+0Da7pcswH4`Z9vb`(f<_ov7Hp)i&PAG#6}$a*jJ_-e(dU z0K|oWKc@pgChkK7=%rhwP634FwjZZ9!YRci1z-LGQk`mDIS)MQlei(=HR|IJ}NZH1LZtWmdQqCh(R{+6biN$ zVXir>5x=Z5r`{XusEuIf&5O9!%a^poDS$Y65a-bzsndg&dP3sl%^KF>ZlXgA<-}p- z9<#>}ggE>lWAgGDGRI~fH4d4wak%(Mlp)bN*AruGA`?jkW%gNi^@r!95h}Bvyr@5b zgfXu|IS#>t`!@Trr|ZYQwjWSpjJNhnC!Dm!hV(ST!>EDm1r$B?W*IKW<(6Ly=BRrj z{2J+a-Yox~>$qn*+wt=>Ite9Cb9z0v&W=|l{U_@~aiw&ZcC~ECe#ov)|C$}L`ax=~ zEznx${Z6`BQEPosx(SWuLSx!x>Y}r5k}f;y*e>^(kFTrT<$}56yS~dMton6EI>NCA ztA^pRFrM33a=yo@Bst(yLG11uh7h-s5Vc>mggE#G`2pTl0fNrD_QBY|Tb)(J1Z#B` z&~F`x=&TZMn0;eqZa4(fwAWrSZustZJZYfooBDDM)s`EY{~99=b&#`Hl5ReP`RMN} z&|NDX*TEnFZzL1#SL?42C)yY4uY(iqZTjo<#3Ehk*m6;#yIIp_`m|FM-SkKS<+Mcm zQTprfM0-7cEoj|R01*?5C=>X2lpo!DYYt}upYw|3Ow^pAXwFtR6^ZU=kpuwq;7s{C zt^DZj*PKhDIa@K~CA#m_oSl=AI=k?r`&!MJ7tOh1ALd-DIaTkA)Oq1x=FqbS2IJ}? zIa?oN4)RpXFDXAmD-x4s3B5Yc>gp4@cM zBj5=|7R8^$;tP?RpNW5Fq_-rlu%m(zc!BAsm!xB~fM8X=;L>Bmu!>n61Oa8UbR2%f zERF)Ry1$7ZV&6j#WY*N2dkVfG88^?|Swkyd#g|7gfsg40ZYuv2e#wEOd=)4ZZR7^1 zm_+vxT5SgsRCaOZ_rcF-xdWNiO^;5Q%XathxI0XOmHQaUaD83$q2D8kq{4GYpym%NxJclvw5mLzFtm*g;IZ%98)`jS)m zx8MHlvwsWx>rO-Wrk6{yLr|`LKxc4UcoG>zT+gkMX#jYNSX5u@gabx)^&NBdaD6!I zq2vMax>D~5)`O}+Jv{KjK$iHfhw^$>XQrM5fe`LQO5qGCJ8^2Q>>_F{U~1sNs{14B zsIP!jgoYPN@@8jjB1bqVjukGbZ+d!q;jjlgJ6?cOl4ySrKo`LC2GtUakHm+J=Zy3! zryo{fC@(`g+;iOAeKCGbFRV!7&y0pu7DzYkv;Zp{Re8dZ%Bm4osg65FvWoF6Rb`x@ z0FbII1bD>^Nd;b8w^mo#R<77z5`o7N4tWjNgwljFQPQo2@~@YL-|YmlENJa(`_|H` z#ASy942j|=GuIv6|m09I*r(u>`6~N^J(KqT&+a6arvSkZOT<7j*qP zlf4HTp{Z}f#7X-HoF(IEsPBUs9u0ZR4=)$M8{HZ~rd67WB69~z2tIAVr_JGWvf|UG z_$Zj+QL2pTzLk?dP&v82a`KGe7w9fV1JlQ~WgS1SjQ$;bYXBXWKO7?+1#V@CkHQ@+ z!H&yQeHr(ppAJWp6xSS4$_h^?01JJ>{Jvb%wbQqns&B)#Tbh{wo`9z>8X&0Io=rhR zeqalhIlI!!&@m{|PR7tP+-uoof3_||pOl+XXl`elc4ja$K?}sn@wo{AT9$43)b@#v zkLXu~6Dv?+j#5JYgp{}l^J@tuSVAb#%o^F%{Notmcq!f?IZ6qEr@SyIa?!C!5l2T; zjWQEKa#}R45(8Hr=zkKoBqO*itPY#{T_(E$q@Ul{x$C50-b4It^+slu3k zg;j7Mj;z8zj#ZLUyhC!7RRkC~QZFFKfL_uI3*%)YnMy4$0A>7O-T+ zvrsG`(%IES46cXLL5Il6(qazSaN?Ac(Zv~a9p>PdC|j8XGo+=+Ki7a$V2~se?KHFT z3kpG9AJ}j9-2W;l0eKrpcT%Z8g!AqlTcirFpVhS6kw&`^!Blu+d*WARERt?v2Qyb| z-Z(b-G3qd)^YzgOZ~i6nN|)u(xhP%mfubtYa!Nfg$9V zPuOqE`^vaP)>X{#Hg^A9b(qSF@z6~4>E!*cvZsm#Ef#&l-tr0;u%bV6#HHfT1n+%G zq#|^oA(Oa&SOfr^+kO^4byxJK9a-cUdmkK$=RwcJWigJ<2IKSvt0bLhDX~!g_3p!4 zm4M`7+FgCYO^%H{z!FLPL+`7bLKd9Bq{z!XE<}FG*bL zp=w3%cb&tE`w^N|P^wN)@REUQ ziPbQKL=NImX2JR-1}GjKp5@mwqVb?N&e>0W3ll2|atug=UKD{^5t1$|A*Di$kd-=w zDF4nIWJb2-+d0J&4kJNpe$9`Scl9dexfgU@1MJC%kA=U$C9qz0k$o%*-R47NR7PF6 z!QR3gWz6glTCW#71g&>o0P1ReFg_CK{zlN}tYOg^u;@Hoiq0%S2X)`eyF$aRPm#Lt zg4Vj{AQ%rpp#15iw9y}^CeyFx{BcA&^RC0*!_Ys1ox_Jh&Rnp2M<;nC9*a7DHJm~)+U8LC7s0sEYi ztBgxM2fwep3w`Xk#Mg{$7PrIPt#mDx(KR0TOAMZg34$0Ho`LJFH&&?FQ6wg2Ur@KxQ!9U#5a7W5~T^ zfNZejQbZvL&Lpr*!F;`i=YW^%1u^g;*ekG=o5{g9lP@P;I(7Sb<;Xd> zwt|<jY$?lqYd`;L)X3fJ6tNmQ@cS?gCJ=qbg z+BcY^X!K;(Jnm||xX$*YtOmOt#1KDI5Z@d_e7r+kvDdpyO7vUL)_&W!2I7xs!X*4D zfJ{U9OL1(D&v>$aKl7BCpP1P+^W>8<3$`p}%U!MgUGwip$PhIf^4O};gLTp6;2Nsb z1Eg!bB!^3SNU;4uf?e$pQ|(GA*3dsIckcbObDzu4#xTvsy-1ndrwg-lpT;*gsHK-r ze`sb`|I8IId#k2DG`p*JcGrg4UH8oDdf$G%xb%@NWbmUJf2;79_D9w1t~2&a&hEN+ zzuMVdU)!$^$@Mln#lM-ZPwkhPjeiQ1=H^>XEhWHb{G+CSLXnr27M@iBk$S5b`+)= z3z(SbzR9Q3VNauib2=b!xfO!X-1$J>oOQwpoh2gq^7+*{57yP$}t0Av5>S zfLWm*9~iA4$OnlSqh}9rK*H_J)QulA&+_+9>YhMMC2qaCj&p}UhZX8h&=MLL2lDB! zU`?8Q$nR={r zLQ@qXO>}E$kcrFi(iz^U9SXR4)lC9}hDs%(BDp=tZy1d3Z|Y4mh60UH9n>){@a zG{TDsA6=M!6g3v6AM>oXE0tBc*tHHZ<*tTecIb>m_Z@(Twf{H9H9I5D;LV5w0R5jq z{bRe7`hLcWQ4E`olw!~$6L_1MSTyuaR4(t;8#I;3_7buV-h=Qs#hsav=*!8D&|0T zy*x!CDV|-=)qMDA;_3Ctq?C+2(5X8$`rs|#7p#Eb(MZfmivyF-Xs>;Bt9Tiy!kSbJ zw7uOS?dsYyAsc~6RX{sUE~JFw@s$HyqJi@a8_~|W(hi^Ng*`H^7Y|Locm4p@z0AOE zVgfr~$%aW)tzLT?)T$%M#R{PShofMoTqJ&R!5mgk9fC%Sp*1RDD-Gaqp2H?;=I16I z_#n&3Lp2r;zN!Wav#)de&AEpQJCdYBa@U}Wghc>Foy%Er|9E3`yzTU$b}PMm=-ihd z7k_Xl*a12QaNf9Tf3{sEM&~n8?fvY7s`zw&xXov6Xgh;7Fx6tGjoaq4c42z0*Qy#k zgE_AwPH+SE_du{*Cv)x;;ylnXLAeg?;2X2SOEM_2$|N5N9>HbJ2)L|Sm|pY7aIrg# z6qj&^k$xxr4kO|rfzQYeBP|o|Fw*aEhY^W@p@Yp3+hLSJZ>^e?*|cEZt(Bv zjSLrMu~P2%%u_&wrx5Al@b~cpf5}eVCt1lJ7((mdYZ+8H0M=}bSBxYSymx|{3> zxvBW6h3Tg}qr6oq>A?iIE29z~U}5(hU)9L&p~Y|j3_k=<7f1?pSB>+ipce!u>b!EC zYCF?UCbBV{J}fvrxiI~t$LSE24aFH7w=U5ZiQ}+fpC|!)fPj5sVfqOVHquoAQ>m-9 ziL8xn`__VGws{d%>^~a|I-5$+nIht>2 z3cjOVfkaY{P*}!FBfk~+=kXH$(Xp!JwT!|)mJLHhL^Q%^r04?uNA*2Kw2aeK45R1K z>pJ^7A53+=$Z4aq>4naQ=R4ESp;K1lQ2okzB$CYC$n}&m7t{chzJzGy>|R&eh#9ds zTJ|;ZD6>`4Jno;oNw~EHWrCp7MJf5=)pk>rq6aop~m7udWg4S&>!<`+%Nk&^r8JdL>)XCvq2{SYaZoe_&`)akoy8srk+ShM{V1 zA}yEUXx=-Kp+nY%&Q|*-YTJ1K2>s*PNVPRIuCOIMc0drp{*cw)GUqxRei?Yy970&?vqlD-$_rF)^aT z3atidL}e%#KZ^VYVk2rO%Im%3@k#)0+cf=#5G>K+XFUcFB?@{ zbmy}G;2w@C0uxM8@=7fNHBB4MgjxxEV9RF1M(mV2oS9hjqGN?y_Ily^LbjU*%;N`W zIfnvy*zT<2)HMX&rPGbIo~S)uO@A2c=|g;-99q9?UDsc6vcXI{8PKxpt691YIc4XO zd()elj1bj;{Eg7l^-DKuV@m9036dP~zxYt_$RdTx#Z)-_KI+BEMFyQE(EZJcJ9nOB zL*@v!zk_9c&P3e&f4I18vADUj$7z6W4sKIV*#cvgQiN_5pu9k1vpH-TjeQ2#=!wZ6 z@fUO~_jhCYOZsuH&zx#7LWA@H>zqi0ZMKUn8OHeWtrn0Aj09JLB^@obR=B#V-{I=2eut~8 z`W>#W>Ni$b%UTf!@T(Dd(xPapq!(Chebg_u`u0i+VX+m3PV+QDSHs0tR1(5ru@!|5 z_l4YID;B$^#uKsFio{rmNf%qW4(1uAtWR8Q9dXLlb zV%ZAas|t<;&E3E%>*+SN-ppcX>uI0nni3W_$amjoc~-(2u-dfL5#YYoO<=!`x;4a_ zxSJAJ@R+Y;g5@?Qy48=^q|CN)VS3|!*pgf5!c$_*fl9|O{J^}`FJAw9_*-^C6zLL) z^b|3T6j4->Tk4Ol1bRO5J%Zs8Xs+%AN8=xR1R8kR zM)U~uhqam>fu7ECdIUNwr$?X}-NHcNe7zlANKsXA+Jw=Fc>E`Yh#s@6*u+fyBmMPb z2w8d{(fu~ez9Id5CZrLWe?f~O5xK^+d^_zYp3h{TYYGZa^i zk9XouB#O8kB<=syeM0R3ou%#*`#|v7h0kGod=4_h28-v}2KOmxFdc=ln||DdKbQ@y zX!gmq;X?ZshxX&+fHt=?^-)T>4Ip+ReRQe)&p9f!*a2bn;>dcXcO<>iTcTHb7p8kH z@&&I~3RbTa#;8~7ErwpN$io;hxx!q`m>~XzzT$mlCH86~?fa4E^9LZOBhCx39mh5= zyvgVD`=B&r1Yq3!e`G%QJ;D0wF;E2jcBYcg`GX|sn*wAsT8(+^v1cE8tV_Y19Z>HEj1&AxEbzk!w1@ppR%@BfLFGz;o{WK(nM ziDR{relwDlgv=4GB;=21B_Y4mNB_VTkD+vviSV_Mb#Y#er zFhq03WJ``_obSr6n1uN+eLP@XB zrPn(v={F10zwruabSvrhk4LSfO_*mMAJvp^(>lJ#Zz3<~hQIz_%J&(gk}mzRvC8+a zMv`x2jws*AA5p%MUn<{78b-cPcqPKAzZyxtkvY12qoES{{?#b*jT&Q=Z4I2c(~mf54Vrec$j9<+!j}e>*VqHZg$HU;+qd) z5+2b4{J-~yQYGee%+5r3DH+X2Bqo**6UyuBfaOkbn z6pS^-!=ahyBXcMsp1hpZ6S*`T%0mgGhC?&bHemR0=m(J!65V6#!=XGX@7pAb!-hk* zAT#WQ4~J%-i+AE)6pMsI?{uGsOZ+ox7yNUgqZ3NnPoqKKp)p5CS8t(R(D%lpqpOZq zasK+7Hafby#n3C9u|`MRKvB0oKL&eX6PAwO_p)UG8&0i;`LDPf&e|y5mSc5mYJ(1iVIu3(L?kKk>2IL8!H|e743`K4m7FF-% z)NndFD-&I4Pu#@xf=jpaIj6rw_f^aqD9Pf?m*~ELS>B%bJiaO{s(#`bYfl`9e6OWL zdxEzqj$}`~O{=Lru^m3bsml88B@ccte1x+aLpWUGOLTLl3UTxk+AsfTalAoG zLVmxezhIPHslOoOm+LP`e=C0Z#=^dwiR2KxU(Gwof#({$uf~ZPAF_HJ zS99AeqbW!J`&mW@{de4`__wr-KEFBMiT`cOD0n*F{u{H5t|OFx#4`Hv;cs@!sLEov zjh0auEV1{SceTEjZGCN=yW8>6bAu(v%ki<_NV znz27h<23FDmP~W-q*TXLo=Y`jdmhhK;V`Z|oJB=Vbo5g$=9JuAON}Jw=GB4Q(t?gAP?FP{RVQO6w55 zWFv1>98&5pxU;a4_G@kX%DmjA32Ng&>!k6zy^SZXm;xTiM1{oO=TX)l?yOQ8=waJ^ zT>oSM017Xr=>?x+&wOrCE_m9*D%&WKjh)dw_`nGrYxJ0>iD**g7vLaGx~JO|nLCpGbj# zXmm|S*~RfcGIftK-?!pjb++e8X$yPtPZoB7c*Mu_+Xy&~IHo7MF@5`kkuhyXHPXb5 z>1BVdG^QtN+@{u^U(S^@zx)H zfL$B4b%%T<^v;ecq$qLv-TY;TU2p#I4Br@G_}a+t6cD1Q*8p8*JzoWrga4fjLMU&f`Eu64IyrVFAhxn(bQ zyM$epC|IE=1nY#CTMNMYNDnoWw9OKQe)+AJF8~dogLjTm6igfG)f`O#V23Yn5@R3a zTmQ-fmTtx++(C4$Ca4a9AyIC5Ktlq&KspGkhX1^AEfZU<^7k(!Wxnf8ld3c^AlN$Z z9ScSUlAP93;M2DYnp9b-6b^GPro)ZP~$GOU8UPJzj~OZE1|>HJS^i`n);uyg6p4BYj?TJg?bYamUUMW=lM;#e7xr zyz*0XCmEe}}wHp`0t875(#vs|K_2o|(McdRnSAeg5S@-xI+ z24w#~fZ;rGsuB4F%mQ;N6`&C7#NZi3SgNB*ILWepIQw!B0pMXW7P{sXJeZd4w=}a4 z!a~=*8`qyWgd+2DtQ5BT-(xJEGJ&V-Gix4*!sYen0-J7cS5Zz3YT@UGS_Sdlbc$!#BLKO&s+LSQW55@7z z;H_aEWX9(mh^ys;zl6dAYWlqIqi4bIk+#-!0Ms6Ke1Y|LF~wP9o`wHsJA|--b!gbV zw|hf_U%UD@CCC93xQP0lgY&9UDBlm+iORS;)_Pm`wQHjNE8!O!Ji~s0o1i$L-m>fF zP{rBHf~7x%SeZ0n!g-D6XJ=I=4RSARjFYAspw0>rn2>1ykML_!tW_2rzSU~;fe~88 z6zZi7q#Qe$%VwlqDywb^+;*+g0yc{XR*U)5QPw``O|?klqNVd~{Owl|(Wa!B zX$`J)o0LEybPL(3IUIQV8{V%~S2J)1x?>Vcg|_h^;7;)sTjrR0zB5ZGy(zICzz2io zx|flt4tk_;quD7e+z24TH0FF37Q`iZ6zO1%`GT`MROv=Z*lSq9I%X$~<$x2vEEsobM!g67AxWsb`>O6Q4@pkoB;D zdHl1sU)=Z+`uYsXtzZH2ZCoFSlVOFjXg)b}Com}I-g0}?UihN?tNzf< zufe5z!Bt`2NWW=q-u% zamd+rsTySpd`8d0v(sbO&1F;IgYWjF1C+>|hk30{22aQupYt#qZ{wV2LhgqtKt{ow zcSrN^+#j9uwyB5BXelO+S3K**@r})#6>zUMubwtM?%~WC<8k^ojQ{->yJ{SBw}ZrX zKgxnFRR1o-$0y+3brJ3@SylCU&@ay$9`rPFkLt7dRS{S2AcvWI%^xo2?3P}NLQ4@n z5W=`%+c_u%t+;f}M6_$_@wS{mmbd>J^1NiRp{KLs0!(9xtY!ba9MzW-my)qi{`EVK z55$fG!jMvUL2(kkd(#Y~Dd-t^Qm}oRe6=pcDeC3YU=FwX;~KPk%=~ZJ6$%ONuR>*K zfaK8!Eu1Zkhj-AE$nyM|wq>6`Ju6HYpB-vRbbP`l;7r^E)K|JmU6u57ejy@L-wfFO z4e4)cW4Hw8o7tfmiS`$fsvp=hv!DMsEOEtd_{gQNURRumo9Din4eG}Ab)~NkIC@$E zXYLO0A7>`6pxTdCIDK3no?m4hS~pq;8+XDw$CTHZ>Fex`I=ska?XDn`xNocR!;(3e zfn1?lNIJb%a`f(x<4D`?JMTPi4-{%`3_`F;{Ta;=YQ7{0an$Wd{J|!m?)Ysd{5MeB z6Ml;S0O2{Ad@+6Xjxn-(a=gQl<7Nz~BL`PhgvrKAg!yA4!b7U+%cukE-wV$9A~^50 z2;iazy^W)5^$g6t{X z)`W7VT|g&p{5YsDaf^!0SYB50vBvkTKnf3bkONPJz#t z2AHPSL}ze6hF*kP{uxuxuP55>N{fia1(E`^=PLP4*#;`uPINV}I*wQ^Ui}TUnVWyL z`Q%>M_MlHF&y_zL+P7mKIs_(Idww^-P?zSy27~Xt>e+b28DZ{{C|ms; zAhq*o)$}g3Y;_iK1=~UwZZKaa*M)3_K?eV8fu&}aUw0on_cSZOe!bpQcM7PSfsxj@ z_ruJqYy<2k_=QM5M1JMMymQeOtmixtkGT5vTI{*-*E!pJ^RdffyDf+#fupeCmo*a- zm!B%#0nFUQdpmK(^44M|f5n4MNEH-{`bu5?_Gr=}%*#I#P1;A2UX3QnyqJIMLm{l( z{MT?JCNu&rmxlSV77SHoj+`v_U14c7e&1D6)+=})HGQqiX<3FLS>*wG0CZT@8&)eQ zw%!2~3C~w)#NSTS+#3S3K4!bf)tgyaX|<(Hg;Fna>}Yn$joUE*k4YBpEUONL6jdG=3IOAWf5YewUcS6CR7T!qsbrc{HJfOlLSE}pLT z0ds@EZKJuNNpx@#P2&G_d=bE8v*&!)WiYV?iSvtQH^IeQm_^Do`qStzQ@t@1Jcq^u zHM-L5B_fS9NVH!Zt0rT1!Zbw|4GJub|0A2ub}A+4&X}1>v|F8uR3b4iW&Vg+KtHIp zWK{82c06!|>unyel|1})H?2y*6{9R+Tb;ygm_(44s?4s1CPIkLAp__V8;18^QmGd0 zCAA&;7Wlt)9^2U$FJI2M27ke*k8>0~`n3#JgdwIP$`w&g!i#JF;6hB#--@w!M)U`i zkBSH}v9dXRKtfDKgqWy%EIo>jcFZbW}BNz@-#4x24f+HpC#A+H|HZC%m%>QYp8!c;)7ZA;clw%5R;>6H2_`>Gm2 z7sX!z*mQv&%5|`YuM?l-aiF0ep-+Mw?~`1wKFM{~C%NAFBq$U5B>3pk z!3z!nVdUSc@`^F>26NuWM2h-UJ-~q8HCR`mM;?Ojz$Ab!i969FlhqFw zMP=X{XfQZM+gWbjzQEdSr)Vv;*;X_9DjOPGmz!nhIvv$7I!7%oYvChF^v8g+@CP7+ z{brQ{P~*#^y*h?8k0~oi6Y>cJ1zk5ac<$4?K z2Ac3JA-^d!z#mrq^}ytCc4cvEcW(amrt_`b$=r!|b~-oA+OAv2aPjgIo6a`_n1A|FkR2;C8LCv6oTZ|wL(HaHwX;aD z-ZalpRt0bi`5XV*IYH;y+eI|+_7crc%b4xoEHmiKoQbzSP$n-o2dGro+DBZWIp|a#HLYm@=y?0Q%0iB~i+Q^e81Qfm!2{Xt z5*<%_^sc~7r~+j zSm<&B{d(Jz6Ky%UqkKd9=KVLMZy|s6;|;r;wV8xk)u`j^Rh!*yJye-dUS-qCmbyUG z&*12p?AII!W)gAPKIRRX=BP)v#P08H+(v#{4zlPJsl2gd1m2(lISg-n_!AcUStt`5 z_pjmk4^SKeEP<8?#S3PVtrej-BQHXMF^~JxmyBWDpVVqNe``JEPGYhf1cgq`N{47okeeep z=&v}VjP=x7^3*t7*l)2c8wwx`i=Na;92Qsx)d z?go!SLjJ#g4rEZwWNuh{cfSU0OtWvKfY#?(F2*aY66agCp1ysfQs>5$&3PJ0&uS&$D*rqoBA=iAaB?T&= znWjE-;gs>9Ed=9TK6f5+`7lpIpE#3u?Tr#+JU0LfQjzczLTpEG^!-+^A9Vjd;|seG z1;^8&jzAnto^fv&ppF<4tJA}W=N#&YZGmrqr(l3^4JA*hnXF?mE@q!Z<7NNMn9`xb@RuOUON7a6? zxfK^A%g*vz`73Pf#Dz>kNE8?R7IEnh#bvDAHXz&vK$W?{$5X2@UPC~RDg=t7Dxl}) zganC^4KsoYXn|de${>(N#seRwxRo3*DuEyF!SU_JG`PMxN*eao~Mk@ zl?W=(MJYMzB(p0Nv%BqyS#{u5@}%&y$-sEAmjwskK%(OVcr|V}AzDHuX(?36Hdd>f zWa;XJt(3-W5%m89_BOayY7|?Aihcy$U?$s9y{{OCPIQ0IsQP6`>K96AXnDl-OU{`I zAH6oBUmjK(@bD%po7MMt{X(zIP7~XpUvAuc82$3}k#YT^I>p9ci)MW+yD_SM{vp|q zohOv_m-%4hCPr6!%@1j{st8xyZ`md5EoIK_4WLX3t&6H7tuFtzqxF;DjnMi$rL~WT zpRmry!!dYdMPpVU;iyyu_f}gn@HbE9jp?9Xc_^7i^S1Qw`(y6k|9mIXzcWkv_vJ!K z|3oPMx&3nbBqjPh^4_cJ_I9flpl;pF_(8!^baz-|D_<$T3u0LrBX0PSq) zG`F8n<%obPB~Fg2XLN6&tTglkWGz7Vi;`mKLk_>{l7!8alUZy#DS*O%1f{b3(W!5S z{DNy&L(xwB#@xN_ov(l9&Di;4NPMx>+Jz@{ry^GSF#4S8JX@IB!z#O9*kkNQ1-f=U z?M}y!mFP!K00T7{=$>`v=xwKC&wsrc=?H?6VwM6{-zGV~m*_~$kP;{qGk)z2PDif1 z2EB47{;2{?wx!E_G;NjW5CeNxVyNL7YHFAZ|{#LReQ=ze#I+m;GlDO1GeVXC=+ zyH!{p4PfK3-KD@UY&AYMY)+%b5)&$7CLDm=Y%t$*K-4>BZlsA;mn%-LHnCHpV@eG1 zNcjd=KIUlNgyInmsf#4B5;+CPL;N~-i?`$yF>qqc1PWPVCt`uZKd+s_W9~ z?UyU_etxG51-#I2t|Lg_@%}KP2v{dRS4jowmxVzicFyNu=io+ulsCDCO~bC|Z{m9X ztM7LrLfFyu{7vSGl03hj|FsXqDvedH%8jR3G{Nh4(QkM^q(o)J$>>$aW4O%2tGG*r z9w8Y&dY31oRT;&KDnpko`J~(y^T+AY-i=vnl=p79cq;oR^M6+p-aOMrxd|4GY5OSm zc4Ew_RNa^(iw6_J=u4blCB%x)2Y+!q_wy?v#46RVd)?{v>m=Zm0>d4L z{+5mx_$8GRPrAL`rszEL(J+4w*vvJ4P)Lukak;!_{-F7o)`3ouC=DKK1&=zLYzUSz zw65KqMJ35Ae^5)kZy_=IOcG09qW<<6`g63yH^kMdaH3IsS6%8KCRGc>ez7iz415%->5~iGO7NKHdSTIDb!bxnrEaU+4KrniR1K?j{V) zzxVuI!hanSqkJDZPWeE-WwNHc?sh0=Qz~jO`TW6L(-w2}$t)Y!#u59lB7D9c2mTz& zr6y$yx~;aDHM=G*f0c$J)jYP2i+p@CW(0wc!I7x|?`FVQ~L6=JIM7}@)IjpoJo3?CmBVW7RI1Jog@4#TcI?_cYtQ_QWRte;@XEjG=rA^cpH#* zj^N3T<+3dqOs3X=$3VB#qKzUW(QpUuF{|Jff`bMEI~1`JS~8W%SO&o455Ugs#K1_F}jOvESq*X=Lw!IBj4A;VyQ`NohL@O6rQfi~Fv{nG=;;-sA0{SEp0 z${{`xBY+s&K3t;<&(4ami;(K6tECn64vRLQRJP*!LOlrfN!uodq+YQ&E=;KghXC?% z^|~MZV4u^%(IKZanufm-I9hpmm2E|?%|J_kM)6>}*0Ca?{w&>QLa_VGf1w`ew(T#! zjQiZg0T%|fdQcdYzw2zC;;B9(xr|(?Y1;j2LC>#M)Z41mwB$7F?xUuxxbSw8%KOV} zgdVW~ONqWndV6M6{`wP#NW4~OMUs4_TzIb=$nx_GKet(`RZe%qrhPimeX>tFfqf*N zltj;ErWN{1&yy%w2Q8#~Z8(578AtGg_n^8nImuTj=uA!)gs7ts*XC^@Fw0$c>F_Db z9k1=Pmtg!OLu{(8io#(CRiO-aSjOAPeVt^yud5I#d)qy~1XbxQ!$-)i6obnnICFSY z!s=0FsO&;zxVxV9*G`KNdOlNLau>p2*N*Z5c~Y2){8opt#7e$%A_$j?GFgdbu(THO zM^Jk#`bdtejLI*3nn9Y>>70XxPmUK?PVGcgLW*z-)RJ%}+zt&T4-A@MMQrp)Sb>Wm zj*jPin-3~;JVD0elB!Tb<0Dd%5l3(Z4C3(d1V=Zfh=JNiw>>~3AsXD zAnHhSX1sLKjt2=}hu`={1x`T#LVRs=?Yg$<$G29pMrMz{%MB)B`@v0gYQi|}SYX^G zFg(jBHDcR@vsjA5T&_=MYnGMI$CYBVSs<;m?H7iN*5nw4 zcQ+9!jOv;@?Wl4@H>>$go}>;s*Mat|6fz8WK-q~F4AjHSNLlGYdt|m!a+0}zh?|u} zX&mF)b=-6|+76jP*3LQIZWAZ`nOj0A-7-yBw*YL0u1&UGQ=%!CiSUtVhdSg*`t~wS z_bgpPYPu`$h!E>8E6=LwQu@U~!Bq{?v@;~TZ5F6H2aVmNjgjGLSB4>Ga10wuXQ26!si*WCy%nFz+1Gv>{LG>qQ)DJlG+k?1j876n}QlJck_r8u1hu#Jt5uk z6*LAff(eQ}hVpJe$PvK3RQHta4(kVg{U{rmfsiC>q2KKeLoX#PO*O#sss>J1T-gwn zoOQ8SmMR?6dnlVhNt~Ko!h&VGB~}UWtF*PK2^!xY3ikyzQCAb7sUOR=vfR#7mp^o2 zl{w^8O7SrMEOo)Cc7^qe2Au{4Izu*I&id}|6nD5v;KkQPR$D5;Kjv$)2CQ}*l4O{2 zOxRv`I)w>X-5@`Q2|Fd)-x*85iib}Sa;ryNj0ZH1c6HEAPNwh0H)$^XZnscjD1C&T zvMb|W41O)@nB%OJkA`O*{iFS_(C;k!1E;HKin2Hg%QsonqgS$G|Y5^Tn6HbX>Q{xK48f z&!x9y3$Jr%FC}Fy2P5q{mb<)^XNkh#@MAX!o^>{LZ0sQKPk5Pw|^_!B>Qth zRh6g8S{75^mT;GrQIo@ki__=NoUtld${bB7-9fYWFCtUyJuFU%iq7XcU_aF?4cv4% z>lq{K!Z)P1f_hsiX8G^^T;@led+2|Bm%B$;OoK6;uxjmhouH@w zt}|gvd|HrOTwYdJcV(Mg;H!i(X(}8zRJs-cim3lL2UFajT-aLDXe}C@Bj+y!K`lL+ z`|Nzm;hgNG@Udz`lEd#{l;50{h53wjCFuM=l^yr+Ura0V@7zy?mYpT3mj^Q!f4 zV~uQ}`|$TMHf37Ougt}ohY1gL9`WxGp|tlmySZ1_juZuKw{7Iqr3;S6n?E!(WHuWN zbn~q9W+nkM&699$6^ac7KhxO{;y}~E&3D-?)$kwG-oVaSzaKC`8dls7*y#NYJ->oU zI4)Z+gJR--e~8=y-vbWG_Y0Tc1CFPe94{LcQX9IW`KpecL?2KYW6^p6@=VZK{8YBHQE?2T zTkNE70K`qW&~HPWIjY{Ek+Ou(Q>6ZHrc0OSO4s7q>*InE(`-DO5#(BH|ge ze?ptVlr15(W9=t0aku7S;TP`Rv~Dmf;!aLy2&2hH^R-x$jk4HDs!JR0hV{WSbD4P@ zlQaEsKvhpv)MMQ;*3bQ=tr%L|w(uF=FeH2TFr~~$_xn>eoKc2?Dop>1=S6@N&9}R#KZuxZX@;hOGF)Ic^8WJ%qw4jFSnT`ZxSe2J4l4 z93dK8J@^C*z*+i<%h0_^kgcYEGlvFH*aUEcu6Kt8fJLeXwC+JNrZ2Z=0%wp@NdSxQ znLr_l2HJog>dMhj>YpAvP4~FN0+GxHWJ*tx;fxplLc>KgOnPsVj1Z!qOq%28o085R z*Zqb=TprCeY>_4Y6{^S~VVLhrLV&UPNaBY&Qw~W@vFBsckt?5y&PPz_10)^(_RC+L zqZ>I4$|ZQZ;CdDiE^#Cuv=kf+{vUa7A0Jm$t&gWrAV4Kic?oY4u!R&GH7X{RESt5UO`9RJVz=< z1dLMb?|If*d!Kz~CT&5#_n%)spJvY4FKe&8_IlfEznq8ESkjwm1!X?MqMS~jD+5XI zl6O6%t=-?HkeCN32X7wujNy^(z7d{VO}7k1J76B{A|>FHOe?54d|{1o;A#V)r9Z45?FeNL!^F>HgcnjWjWUF9lz_)BLveZb+GulR``4%Brn+V~qd zlOoeBma}5umQbs=MnCNji?v!Y>azgayyz_4$&)~vXT|6z2gQ~|TizSuwnU0qd>P$@ z5O>HmM~>|wU(kqetn0i^N4q3kgK;fn&hE;74^9~`S-dugpCN5?KH8z~T81A)LljVs z@n9P2SgkdcJUJE0Q^G;quBUrif*jriLvBm<9mOJXic?+iK^2*rNzI}SCVpGzM?3t5 zGyw#0VzeIIs-u#=^g&vP3w{?Z(%;s4{moqvo$BfzVl_aE+PY5BA+Yb$UXE(GHp>=J zAn;#6O6X^&6-vhMrT8|oZ0L`RkZ|}LY@#-vKkl8zCSXU+ZqXeNpi$E4+*2pIP=Ax# zUz!LQCML;lY#;y5%lC^$gZ1@k+GiRldKyLoNK0ludWz$cdm@Ry|EzkNI5HxoYg--EuR<;Lc9h11VL26Q@kqZ)BqL@MtirO3P&N>=MN#dJ&b?)^MOw^#4nRXU zR6LRr{d$L>@Umq__rkIj`c&$2PnbsJ0IFo#qL7=TZ*%f(n_QPU`gAPyngG1GJ%Y?g z_6`#3R$%>6H_G&o<%TNXxmE(#VzMB`5sw}r@!TZo=Y}BNYZ#bPG~rR?>ZFD|2o-FB z*(zFcCwy-}6&6V}Ur8jskXRrRRy`m*|k8&T%IMXIog#S7n7634;vl-VS3N`55{Dty5)|$m=fh8-dIvMv1g9kR)cuM8Y zMtcJpF2G=$Zw|s{E})FXw5{sZISe>ql3za|dLw!v71f^+-fvD9ZMLG% zs&y{K0o3UzYI9l+?sO~qKdvaS36!YlR0`=9>vuaIrIR`dz|J%DThO^T=_lJb&%Np% zKG5{IbPDJ?Ih_L92A)25{(-&$1stw*4%d@ieVz79b+4HApfac#bhODj`sk}hJ`~oD zDm#1UC()Pfn@WVJE{wRKgPkXV`mCue>@oJ*vp+rnRzx4bkhA2xSYYRipqVc+=t4-s7d9CtekANC2d z#9A%R=3~|~&`n67`hv3}3!)_o29U4?PFwcB1r_r5OULRum-yN)v1wY^rv*HveB@^LS z<(u=>neUq*Ya84(C!rIXOya|V3R?B|ZHkF13a-?8 z-uq@5-MpeW7NshAkEu6w@~`K;?Lck9woy}(UlX9VJ)HSV!yY4nO#_(GfEVW`+}CSV zt@rY)3b!rkw6i+m$%NxZ^)3GJI9BJ0t2S@ZqcCADKicQw@D~4JwC_R5GW!&cwp&W1 z_=`Cb`&8`@W(vd6t z{8*E#D3kk%Q<~L<8OA)LC@u_2NC<5@VJ2S4HSbS(A-E579G_%wwLC*0xfHPm`nJ`; zf!o`_z1mqe(C67$e5L}U;fsqfyS?~M#OgVWm93qZh~42=V#w6RNtc{e=%%5-sG!2R zo_{7z#^}AYgiB4ly;C6fp+GXUBa$gAe-Y@$aMowIT9CMFLMVWBfr9pRCE)Mp@8j&R zI$irX3YKU%w{IzFNcCkVvLq!e-WTIy?anBv@Y@mG}fESO8*f za5^majHaW1&OIg$kyh_07B%pz%*=udsE%@G-4{tXSgSf${40;8K5(kTYGn(DvC%< zl^<(uXMbr&_UM9`pyArD-fP8mv%T)MS&CwAJTo%6>B9a6?w?Wi;IxEe=a@vsu48us zuM(^|M9e+HQ2ida%!_7QedwSU0s>J@+)@50*vWox`!(QY-dijFx0b)h?2o2 zL0aC)X0;nrts4+Ekd91M8Rx1;aT!DaVuS~QyH1_fV(DRBBVbVk|Dc+W%spQcex(T% zl^yDCDNdeH_x)m5c7qMZJxMN>TMsZaP!=&=TW@1c1c_a+14U}$j-(pMevZ9an+VLv z7WvO9G`vc@?NYw##KuClAPHRu#Fox~!G^X4h4O71z$WBb^pv$ZAv;oDWn08BVn!e? zr%btqXl)~E@cL5IL?AcF@Dz$WVxb&qGZLTY)T=D@{g*ZXNU*Y;fGO4%4BsBC?*=#I z$AH{x$9iH_tl#diR$;}P?*!3o0-8~LDx(y}x}d@sVpUjIN$*E#P063$uS(f-1FS=m z9#f4c$OOI*a7$>cXk23Yi#X7W>5VD1aMJilBr%3X=v-8r+dJ*Y(G@U+$g?;^$7hv2 zhVybyrJ(=@73DJ={c0G2d>B2PUj~QEqm8+ZD8?ICR_;&`18}w6owNfZQSIje zLX-k5taxjFb(Z}?#RgErTpD*bDw1UZtx0}Uk<1~frIAcL%S2!(xf_+aN=nnDz{FqJ zJ1mP^I}a*J(d<~P1lJ8kjJ8r2@fzLl@c!t;+Q^L6?89 z242a`l|uqVJo2}{-%aeJJF&!OXg@|U@F=x-RQHlyFy!`DG@gF?P?*3W z!Mgd3FbxNwI*thwiWs9^>aN{8OpEX#ZW*A{uXHcn z_r#SIZ49wDcqvyM`OkeCZ8Uo3J#It6NUlp(CFKKIN@lUk;iTX&o?rE%t4#hez{4<( zMqd9rW=ks!mXwSU{-;{uMYAKHhiLQ$_P|ko%`! zW)yrrRt@Pk9}qohIc`r?nDp_pNO9cnJZ=R!Y#}1f7ChCLy9(wtK+`^Xp#jUlJp*=Q z@xgqMy5gHe@s5GDj(0?^vkLS%uTUzntC&WJgT=aT+hk$MlIZ(SQJMi6eoI1@&bP@M zwY|eHa3@|MeHdpsrnwf2Q#H}8P**ZjIMw0Sf2k|5GYeei3LNYUT~J&O_CicUVaU2Dd)dS#it|@A#B!CFC(xq*sO(VKI4?}@%RIPs49C!R0T;Jpa|M{@<6n)j}&4m zCh3ik@?^i3)#cp0$$^445-E2I4Uj}XmEw=EE{bWBa_NFZ*epgsESdqy6d~(T5tib& zrt0bJzlcy+;H?P_Xg-xklh-N?_pCDrIlb-6(yTp!0ayy8#@}v-Q(4Fh{M@MD+(M(#5QajkZzL+oa zq>hb^@ffSdjVc6{he){KiuP7hf_fg}A(DX%Dn!4=DiARPndmU2fc;zt1UN1pjgFG8 zAdbB6W~otv1V+&$EU^P@2_VMe+id`&JNdwr&uOdBv?5fLJd{Squ>tF6kDFq>n1!7A zkUhg%B%?(^pF7_y!(Dau`VQ2NI>!W-F=VsWs;Y!!F2tD4;01_{=u`Sc1PX;GB2bsI zD;pO}rld;lL`0B@d5gB)sDwUPy8|{7xxNa`NP$A86_Xq!KQNC+L_36^wWEwCstd)A zW-`gaswqir^jMBtDKOZMZ;jZLS=q?>pS*VY%5B{uSz2tA^iff??4qT@>lXjj`<*}c z7`f09`88Z5$(iLiH%B6bmM~AS|2PBvU5$Tk23=);>rG+}@orZ*+%pgO1O?+@P zVJE%L2xFx^IzuCxBVddXP@i&wERYW0d%Nde5vXBMnx`5@>hzT7jT1T8S+ROH+Wq1u%MYAr{tf)%Xdo2sptcPsjhA!NAm9EVYD90SY zVXGlE-(OA6hk0(fz#cxZP-H<`6Us=G)B6+TN8}+yVe!1d>_z~ED>A$rflF^(K*!e8uJ5SQY)ECmhpSD=a0(u>pcuy6|R`70VIy~ zY+(q5Is5$*@zP%yP5%Y!*OxU1MEb5+;bi^#_h*f_e%{83Ia$(v5eOZ%HCm%;g)jUssm5Ee~# zfb9N=lOPzslmz|x;V_2^7h^(pBjH2*f&rnjGqnBR_AY0&MNi1fOk(>op3 zgV|nE3iEkd|L)TWfF8$!mR|KGT8eV`z=fIVWgutLkn|B}-Q-p$Apl^AZ_yjy1r9KX zo%@P%rLV{JBvKI<2mBHtaq!9zx;z9TjS2?hf86v7e5S%;*)VGHkw#^pG@!!(^V$u=jLY z61t(E4n|g4v-2Y~qRMIWK%PF3rw`**-s^o31OumB?W)T>0Zl(czS9F)yK=kRcGy<-$Wh%zc z(r~j;ni@p%rSwX?CCy3FMXrDz$D?vJHm7X>ApGC1mJW6`1&|AD7LjV<=w<3^DY#Ax zA_n=%_6ezz;~gXF>Z$$@btN(wg(%Aa1K`YjS9Y_m8l}SB$@SUFC4*s?1#L`M$zmyV15^hHKCYJ-=WgG=k`R`^UCL>amEwc z+g3$TEp<1hP`{n96HE@brV1^qx`xDdtg_ZVoV2!fHjt7nB>_^i3fWb&x{9ef=OuNn zL!A_c&-__2j6Wm{BG(F_ceq=E_#ZaM@TVqE=9G(){bXQt^Y7GKa69*OHeySRK7it8 zOb5zH!G$bj<^ir5E!#mz>dNlfC^~E~?Tf>M#I)qMj#w&ZCD}oU8(et5vJ2t3mhREA zY$+3r#4VZ(u8^?jQuiv6B;v)(HReXq%Xfr}?456Ouw))aFR3<=s^&JQ z(%qZ~Mz@It>>@hzCcqG_psJx_3Q^`y&-e6({P_FF+}3kCY4Cc-BYRP78t_y+{-NlT zHXH>y$0gA3gAOBfi73Ncv(Gk&!wbS-S-Jbc^vGyu&eaBnO#>1l-0e~Xt^+>qIN*M$As)6}Ln8am*|9F72D=Zro+In;SN8W!H z3Sg<~Y?*Xfvhh~*ZkL#E>n-Q>r&OkT0jtj)dKwkdsl&vf}X96;|FGW3V;%Bp6brujeu=Ti%$6w=GZkY479?B?BA-T;F)ffkI?ckR6LGk2gF1{0E{Bis-Z#C-x*d@efjm zjyz7Yimcl@X05u*~9o`^{v-dD&SYFvLd7J1X41^f} zr{$<#PBq-&vI?12un0N{f1Tg)1${oIdHUX1*OBq>wSBwd8OxnF)%!Hm*{$wI6H%>$ z9j{^c8>}qOe&Tp2wua!luiSP`3P`U*{_*mO@2z4WN1+=-S!qC}r0W)CB_Ysth9E5u zo2LV^?Bel3!&_pm_pltqqZNY-OZI@S;l9UZsA)Uby^3jbmt)QjQ~jzPfMGQ%T5GFz zlYJqvBT-@Q(@|l)ixNU+@%cXSrUi|p%qL;0b!Aq{2$q9>Wsf$uwTvKX4yx2g^#hH- zB{>xb7(!HyiLQ6SqPH}F{hd$v6~i7eP(0P(WW^kb17%0Ma+C0u^KbQ>(d$hjEu)3m zle!*pcad;)5`CzZADStU^eQfKV#iTu z5`XebCPAJq5YV1ZQ3ahMr4!JsLZ^XA0%a%yF{3O}N)yZPXTV;D zva>zE8c48!KBW= zCHKvRwueiHdL>(E-OfZRzAr-lnK84r?z*rBcA(eb8@*_bS4B?+VxkX~S8Q@jAp@@r zD_YPk($xp>YBh6(+O9{@D|ExdnnYM+U#s1nu6>Pr6+(eBj!-33!GF=!+_rSBlXOfR zNGlX=7Hn~_{D)E3iLw@kL?NVC=L)qjyLSD=TF_F?d830ydQpXOq9>*sToP%*`ULtB z9y(wUBLRm}K12pJRmN|2{;&G@TmotnypY#<4WL9#%x}!v80|O{L%^Y$RF@Bjahg>w zWG2nXZmPSEVF$%^lB_61vAI0laJnPEnRA}0KOMj2j^sLiZSJ*v1V$)Tx-vn9b0w(0 zn2P{WZoxZeiLVjd_joRFh#`BaYX6M43Q<#%@d!$k6xhrX5 zKqGpmWTFU^$L;fI9e1Z90`TGKo44Tl1Kf7tQ31!K;z5c3oH8b2WQ5z<#28@X17QiP zCH`nqKg8Blh<<*E;apU9>(?31&&Z!{xiRS#Twb7E6MxX6OqG0kGIG2wNf?y9jSse3 zI;Vp=#^Jx~cTuh#2EiU&`BU3$2?3znQO>~|Vmj{tpD*r)eLUF00|v$`aa!?D$m5&o)RKFxB9q)+6j38y=a8(b5wAFQ`!wPRn@u$0 z$E4*@AXVk$?I_zPAl5#;>Xd3AYp z3PKc5U@g;0cKo&intEVz2QUK{LhR6jTyZq%<(&%%Gn@;QLP@Xj)m{KAY5@9kW$c&V zJt2WkGaU&6)s##p;iqH*d2Dp?5}i*nJYp_p`P6cX%2L{V$b@ls(%M!l7>XtxJ`%AW9T{{9asxgezHCHU)w1QYC~hlM-Yf+8JErvICU1QH)mWx??4u z`(8`Y^@u8Q&R$NlGjE7ax|yfE$2+|(D;Q`1CP zEv0aD%Cs`-dQwka{0HaiWW?MYZ|$yG6hJ zYxM#9%FfAvwW6Big3=B3%1R&G#L*;}d4d#0`e97J!l#qK(9UDI{`U>c#WOO0g6$4MK=>*) z!agQ?l@zxa=^=ihsHD3OG}Z`U(8+)R7X&71>JX+-mqS3cnP<$CU%NBg`lzI%q{T#~ z7P!hSO!iVqVeD90XL$H?#bQJrD02 zt|;pr;9e2}b}`8|IjTLV@SjEQ6aN`xPWjK3@s)Q0VF{mf+x%=~DZ^>vp1)fObrYn>AeplP(eA{MNWkML#Ogz;X?9B$-auV3t&0Shp#FTT6 zjI)1RkGF1e)498L0I6IYPhGXPQG8yi5v@lDPc==PMC?+bmt=n8IC?!yan*Cckp!LK{q!I)8)r&2hcoed9uWNxkY{42hc$K|nJZ72D9_yiccBP^a=a zRm);S@$r_$>8E`h12?#w$}HydLl``7jf+3HT$ZH$O+KJY$6C_pAV+r|n>e$-g?lFQ zZq940Urj`*r6>iW>S^v?x%_8u2d03{lDI*p<5DL4nA%MZ+c|h=9duwm#^=56wUC() z()U3n_2E{^K5Wn##tPd8Y+o6Q_%ZnW*p@mC)g6g9KtNFrRv+N@!L$4khEVXgPDl$m zv>+E2C)C42V}abaRjSECI=L-pK&g>SWWy{UFX4?GhApX;tWhz zOOab03$i`5grG(){woR?G1tj~!`+8+Mg(1ZK2adMojPn+z68U8 z$1^@r^)q%f>7m%Sqd-aRp>(^WS%9FkgGCg{QN-fhs1vOIb63E*Lym+Z61K8 zckx#)BXx6U1)@Uj1HYTl zRhtgWoxoCsU6GSp;EyehhsnhblV5F4FriN&V`&3AcSJfV?UxL)9b)1Nv~$}uOAdv( zBTl74Ed``D<;lU(PF&s49;E53sv#Bo+5x-^RWuqEbUAwjV>klJrwTox#6cbg#hrde z4=6TP!JQF6YKC7tF8L)_q}VB!Wj(eFh0Yf`$sG8z*dBF>%Td1)Ik0u{CtR^){lILy zYdbh2pqng@kSg46F_)|KgV8OM!Mn2D1DF_AHcGUse#xeMzS6#_hw$jObS;h$GC&lM zd_0(a9O+PQBm9BV>9yb0{KYm+{$MVce{#aK;u=u6Cja-Ey6gj8*_9}~g1Lj)<@!T; zr{FLYaUdV*Fy@zJ@T$U=jYRg{8amsLqg|{ZjhF6xrH|T&%6+s;ol8(k3`JstEDg3| zGNd6s4!QyTAabmQ+P&0KJk(c`1T`E_Q#lT1hXhNp24X;lP1K7t8Nx6YC?oDoz+FPP z;``#<2C;+$VYhaZ|0V~9Xi*c)&+2FzI+Li+PB_FOB%rQPu5Bg2ok%v#b8l3~k$f!R zLI+_+JCMCvN3{oKdQfI(Ez^@kg@~5b#?2b|8RBHBE#k(7oU!3K;Kuu^e%_#T^9Wj z8;BDcv}0`0lOgov&Avr4?-1kpb*UtbTyB2cgboYUv~6;DPy8p$qg*2FH+Lp>ycLyY z8=u<)37&x+bUvwIT>awWEgZA0z@E0D8uow zFl_=ww>FBsj00L4*%S!wC;g|HeHIW&26`nWk)1GR$DpskAWTHxv>MjI6!WSt{FelT-UR80{;n@S}#~lt#(IIectiT){;IDfO zaF+n)L%MQAkCF7``#n)4CVFo^mu#X>$Ol=`EnWp#4_=pNKZ;-$K zgy2O%Nniy^^S>-Yuf{k~!Js{?)YQ2T<*v5P98Tvz%_3Ah2snZ^Ua=d7P-t4IN&x`d z72>&QTwYTAVNP^UA=5}Km+!7ndImGRQOZd(aZ(Pz_qsJv3=;x-CBWqP1a2(H2Tl&g z$DngS5IzisuSv2csKn}ekgzYl)N4nb*%WaF>tMEnU9*jN9mL8+@@yoJE0WW+BM?QE zw!%q6(MR4we|H?|;w&mz2x(h^RS+9?fdr#?^(d=%STM7FT@NxsC$D1vr_RI8Wx&*$ zo?1Ag<+&g<5+OP8D{!4bSjcWHjX*KDPbiL$^kg5Z>oBPW{i%>=XBhD2RfZ4UkbTIr z*DPh(5(WU9>TUg`gyG@@RPNWHhSmw_$Y6E@dQ^h}HC*Wq$r}b=kpE1OAPnJr4x8GJ z091pDGWIis1{^tJz#-%;0Rz6r=gp{SXEy-T8o4LP$s~%ZLEv=;mdHpg4&c7bExR-O z$P3Zs#7TG74ns;p(zPH`$YI*qmbOLAI%+x7Yqi2Mb*!W*q7wU~mm% zpaFl99fB_F0Cr_yshiwvhI0YGa15z6@#O-nt%!&fD@UJ393HeQ%6N*`4JZ_r|z3H*oh01Dh$hi%9J(nKJK1Bl#jJiylkp&{T3&&c+9-R2Nl7$WoxYJ{+UvzLU> zfCa=tYwD+V(JD0;@gM@VF-KSk=e|A$R7EomG20iV8Z4`Myw(JK;+vENeFXpjv7dmG zfPpuMvd%Jyv%_{k2id;CXE1Pf$TTGGyx?0`Zn6SGSWiNGvc&1PVuk$DTF5pOvh{8X z{(s7=0ml{!9-Z*`W*}`;Sp@=7Dme%{Z9BSXcqU$5_LY7Ft`npE( z#c9TW+neYhW&V|65(L2QuwIJvd>bif-hR<4F=;_rC9np9|GWyvrW{&WX3|uzxHYcv zbE$c@u$74yxLh5t5wM}7)kgH&sUqZqVR1-cf>To91`wz7vx0}LUP&u5?hK#Z{3nh~ z7Is+zgyDdEMhMCq=(s7YrB7V*nSJoNw?s$q1cZ#S8ke@ds0ll8ffI7K#2Kk70W_i- zPgPK(3>R3_kP>z{*T75cA4i}YSo8vmUSJzy@sd)|Sb=kMVGQ&$HORJAr6@kshPv(# z8R2!-c)Gr!Juy1PidiFa#ONT$jLvO0*)VXzR^XjF*&=5$>~96R>8@F#r&lkgG#i9w z(W_j}38~c^{T&-y9kt#h*tPVciC|!TxXtZnY~NG^GLEkj=5)0TS>P7By%#_^_g~H5 z!R##@mvr<3nM;|O8tOn)pP^fd*p4 zWGaynezjvA;&4=n@9)5RQcze$IVqC?2Sq`$Bkx9xpz_R8k>Re+R&)UcVRr=`WP&rr zq^*`Q2y~+t4R;2C9%`B2_3vmvM_^6$#u|er$Qs-Rn9IE=w!^Q5GszI0*4^Xmwx-N_iVBqn*p&zk~x>*SRP1 zas#{nY%YGep7{HJY>6ibs!{?5owcJ6?Exd4Z(9nQ&BuGL&`nOk_rM4SmaYj9g<)(Q z3*C}Y=wu@Dn^8j^eU0gI92Ch`P~gF2+TM2qoLw3Zp}he%y7ev`$>L0H z3Wiy0>@J|>y+rUC$a)^oj` zqiJw8W!mZZranHbvXbowxnMU~1w`tTvio}&SOGoldOKi~X!q#F`ly+uMTw@8A{iuj=$3HfxMOtduQcZ5Dd zw{$l0v9NeZ;-tIcbbJyz>Op)=u!Bm*7!n7Of_!m4KDswg&=CcKSA?DO5=Q+sN~YIS zI;odIeo@bE4D5fJ>EtF}sMIY>zknUjbjyTFZfsLJNm{n?X!Kk$%GH-;%^JC-O=JG5n$c zzF8Y`C%~c>2%B9Q?}wSAa_a^#RXiwhE-*lTNh|Q!mXNhZGk~k090*yfV=5j{s}!(4+V^5g%AxMxZ6|iB7>)Bi8cGRePO> zPMj|TN%x45p%|`TyE{7HnNt?#4@#XVr8KdS3%dXUOHr>48Y)s66*Zl9u$3|Zl7wnb zU*J)a8k3~P_(2UeZ$Iq^u6@0^X@CB;)oFjoYen&Z*Nx)MAKyBPKWwj#;%6~~ zi`Oc9kd!$v1m0@mm!ZVATWN0G6e`Vy03ajml%{HktAu43{G^7s*u9Bl^+1dCAoWa5 z?a}GLJM;|+^Sx@2eq}01--1bG zV%yfq zH*N2BG_dc|kGALKgYOvi*;1V6<8RGK?^^m~S^3)^!X*cymL*_Brxd|(R)UeoBR17@+DO+Y6T7FR z+8(I7PI0w^>e!Ww6(tkACbKC3ic^ac5Y#5#>|@Goa8G;$6%23IcY78x4nlXUEM(jw z3mMG3p_6}or1>K4-D*f5!f@Fh^c4SX0Yjs0kmdiQg^XKX(?SM(KrCc9AFvrLc2H`Z zIr7SvwybeiIFcO;gTlJduKed_Kw@Dfn4D{L%p`}yCMzWMoix48%jR|k$ zA6hs}ZlDNoj1mCx4C>XyIRlPfG=VJU(WA>P3|3;-hm8jAOTiH)A`6Ofl?au&{Yb-l z5+xkL{yHq?w`_=N0TiPYKc~(Lt3dB>waQ{($trzT1>`6WW`95&fy)RQE+UeUQNqb) z2qBhz-i{?^w68>Aw;AFGcoy0+a_BD}$$=IR`B7u9Pqng<*7`1SrBvwMMrsF)#6K1vZjYdAmzVS5g1`jUO@x zO#0p`VI9|cs0eo(>bRZGB>U^cE&ebrCD+yi_ zSN-w3=&HN;th=0}7vkJ1WiTti0O1|w^$e?fZWKZ*8FjZBis%&cFN#}0h;~gun?W$n z6Gc!_qHO-4BMRHAH-aWm&Fe~eigAia$aKID00wu6Xss7qz{H9+(<1O0koVND>Utn*tTI-UQEhFH zjVQ?b=*_q`UGWZ>shYSeX(+HWC=1JBpTv=Pw*(E3LSgt;>eNqsaQ?$QtL=h@UvnLU z7baF2TQa%XiAc-`K~D$mjQV9kFWy>^Z@UG3KSW4@c}sU&Z#4WwIJxTGm7^~MU|pFH zn)Co7r@8Dg9((cFBQU74IV-lf8MHDOkW*#x>9}(XP*&^8=m-28S3pnGw;l{o12}4R z#gZ9vByNTrmcTxZPe4*+ng$YJ$&9^T9c=zXL1{d`2IF93GZ#==dJr^Q#lGrl*(1N9 z(>dmNpg$QJ^ix3e#Bf6_UWTS>jJ!U^@Mv{PUiWxN$xi^Tqok6|$YCVAPyv^b?7f-_ zl95P9xW)^aoDeD8C5QgX`hO8RB^RFpoUGGydX*B%E;*G)a~_w5BL#H*#4aS9Z2M9Szo4zb!PYe!)ddzp=tC;wxJd{> z-cSWVWZ?%P1SUBQ-~+Bg2w?@^tA-GI5JKqn`}}tMZ8$bR5w|+PjqPX<+?)uCQ#}}a zTqgpA5hr395D080k{8vh6LH@eq1La5Ohf>$7?y?=Emh=}!W8>JPcV z9nHT5?#!0GLL~4X+|$zQcOah&b?pOpuyeKpd6fk2n0Z4d|CR^tq@;KeuF)~bWVgp7<=iwDWBIsg+ueg`u0DM`*g0fN=MON{BwAz+TA)uEcq_*5 z^ecI9dI>ne$imAQB7V>Z92v3kYVOMdX}w_}%|`AdZ4_@|Ak7g@=}F>|mTn;GQ^eotJlrxpTJRT=XY81pkHM5mFtI?MQ4+2&SSN4` zf3CZwcP53lCVCM*X0kBy8wO^C2|Crws8ZL%$u$@ZxyPJH0-y=8!Vn7HAi*9VdI5L_ ztp0V8mYYv=3aRH2UnrS4~G-?W0nvh%2JGxsc<0kDHB==>-;zb{Lv zGrosXHv;pOeFEm;WNXC39re)DrSx)#u`uQsIU&{O$y51VdQdEcJ4APqdpMvBY*iZ%s~Y5?I@;FAs44enZfAM z2qz8vH=feR97Yoi=EG-D61NNqQal!Enw==k$MiE?z>=T_rOK~yfv{2{{uNEF9174H zVjYKo!#$Ln?c3D_JN4S|Lr0dFOXXE;|Y$$mRKAyXxoBGv&;?RgNv& zCHt5#VsbWt^BD64)vZ{r9V|JEf3<%%OTRElPz(RzBtb3vY$oUup3ZA<_FxfiDBsrE zgBie0c-O6n9ZqB^ReGVpun1u1*R;K1lQj`%IgU#Hl%uI2E*MyjGufyhg*h0NcYn-A zL zm~JV@=2!#x!F}NpaducvjSb_}*r0cJnU_JYhTW;L!5gxJoDw_(ZZ_Sg`Yuy;UuS+3 zr~V}B^}q>a?!UT8 zr-d(a^TI$Q`r>!C(~wIX(jq&&^}QYi>^kvCr`eIen;lnI$tNUn+4#c0HFGPO+*uEW z0SW-tbd1C_RF^loFAxQXo2R`TE&I(YTcV?n+pR`x=vg)L^;oRT;UYY|{AueJ!rkA5 z{%z*r=g0|!^R<0ljs zIX}lP-fVBU2o-87ap?7PM^2 zE&OqFZUPyogf>dDEkc{!4F!P>{*up2XxbvsC`c|uY)+iGDN6Ga1hf%_Ox)0YIGu$n z8};|!YC&1)gBSu49yEtKh@sdnA2$k8Ps_6a3`eyB^#YIu8mbq-Zo@>NZ6knwnN)pE z*IXMuN(jRsVH41EBk2iL>28){+;`?e3Alh53tXGx6(W1CcFUN%9CplbHBSWTn6b5h z>w*K+dK(zbM>T&)#vk@0!c-fz7ms3tNksQE*Y%S~^k{{{;_q*3Ew?{BISE!SN^f+a zESM1`h8UgO5}!3u`a5dqTObzWXLsKG1Pku;symNU!uT9rTlfe$+jGA&@d9}>X6!ly z%0I1X0Hx^Dngeaz zF6C`Y~gXkp6`1xN))#@?boF|Xl}Qp&^YeeY{>Rta!=Q3A${lKoLF zfRs$FUcJzqr0AE@I?c0X8Js20mTjFXsL3wc^^8S9on1~iFmf{hr^OINP%hQGt9|dR)pci$ z*XlQ2PDQILTu#{P@fbzn1jos}U_}N1WN1O$WGwsQw;?@!ZUy#PoP-qjK80e&U2+hF zDsHNP#7wk+Dq{Pn2jv;ml8_728)9{ca6$95_q&LNRlpT|2d2_c5wX8rQ)wWuzg47B z8nCGe+8WI8ex4d&j81CsQ+9HLL&eJSZgAe!f^R0keZyBHG-M?xU!xFL|sK9UFCh&--1A=#c1!-)uuye&x)q>dGUJ8dq0#0J7sS+S)ROR*K#= z4rtSr8>b2A67VnAl~V)IRdr?5S{-ZCl~*cg+Iv(_G4jJ(*Ohg(AihfKD4m9dEyZzk z<>jimoDoXCJLoH=b!CT03$>@yW)?MPis{PJlQO0&WiF)W18mGrCZVGh8n`T&kXk7DdpZ+wZ@IsYd(e4IGUb~YuUW|}aoJd&me|L06ogr7=s>P7v2 z)#bcD$x-!ty~}ys1iRO1&5&Scd4d^k2f21CaNEh{RN(eptM%t~<3{F^!F2LgsnLZ^ zLD=oq=$z0w260S0Rml2UH2S$Ml^Xr@R2oJO8vXcG+V*I4I4hyR8+_*n{r zDrs}P#)xwKNfDAVzby|{g%KSFLyoF08m`bqTAemfN~z!WS%5671UNJlL(tP_YcBMN zQv$~(DW-_tnxvQ_vKTvSH3HaJ{5=$L{DV|tIuzdqd2xv$&O!5+dC(?O8^9V81J5Qo zU>bN^-*q`hBsnVXD_u?nS_f7`ixIf8S+WGgmZGrZ7xXHy?}2R>{@908D4EPS{@6H2X?*HCV7;$$`v!Kyf$?&`NC0d;7%yC4ZEhibfwXsd28-I4*h;r%HJxNf7sCy zd@sm9#>V|D#S;e6w7l!4d$!0&c~ONrkJR*GLT95wUw@#0cfnC>nDQUg*uWB8npIwV@f&BH)xvpUj*itm;q9>0vQ}V=*zC`<1&uIjYSZ-Sms`yE@ge- z55cM=@Q2~AmD-#;ckTmJG2TVxi(2Qe?`DnZ_d`%$;(<$k@(Ml=f`}Qv42rTN>?nA5 zM)vW#?p}d}+2sOoj|RtrpqTodGT{kJAT&&5(n;7KQJ#dD@GF=}fcGfxqeN?AwgfxG zkJ_L%n0q0W#CpBA;7>qQ%h3&HIVeFQOKc?^H4@JP3zv0)M=~p#ro<0}#=~HxhqS=3 z85-4hG>y^={0i#$1-_@J@b!2oO-@rlqv?(eEB4dI#Xg9L;b!jG_E-Rl2cIjDp2IT6 z;*M+PT+%>OCFngIAMPYLp~y?A09_ltpq%n;7=0_7kE-pc&~LCEjG+yolccB9O>U03 zuXR4qP1GtwvBc^y4=v9C^*Oh^6!n}Smn*TsG9?D}4!fgD48LB94SFRuBuWhERV|u- z;6&ARL>iI5lol!1VXwDw*O{sqhz4cr)L~)Q%XQf6ZGF4C&UtUBKt~bRpUDm%iym5?zbLo82CZ>+y5|!E1ZDLPGrwmAv*WS)Ux6Dge5ehtyHj0!0?!`mb7*{Up^q z6BzR7hwrp`M4maS{jCsqjp1`FXMfoh62?&_ZG}o!s3BV73KX4h@0Qd_j5bxZF~O6dssKyo+zE_4ARTPayG`YWpzK#!e{ zpalQ~kjv=^x(ll{3DE;x3_>;nn7XddXU>K|NoY*3E2uLxQrU*ui+dp)eWd&Bu41(5 zDfH8cXg;B|lggq=*u0DTyw3H^KH_8?zq>w`uV?NjK0gJ4I#rMAN1eFp0sR{yzNEh`+Nc*B zc8VXGC@UlbpxagM(_D;)g)5F6T_J!&l1_vNuoiCdkEjW3Xn z#wzRg*bmaR7#u%$R1E~y+;G42+E=zn=as`WByYpu%=wb!H29q7nX@x<+9l^8pYtc?{2pQF=#!H3VV^U~ zoFV44NX}%R^JnIKgE>b_&OScp1?KP!M6|EuyxHgcg*gkEv*kYa6lZ#Dv|nV-9OgVD zIki6LCFZ=HIS)zB6rV#@i}zs8cO++$&-p8J{siqBeL->#@Hu158D>tKGf| zFlT|};Lat(?eEOFnK`p1=P;l13UmIQIY&y)xjttzb3VYFy(DK}pYtknj%Cg(-zN=r z_BsDx4$m<}zmpv7Uo#B0Fz2t(!O@`PH2Rzx2x2_KoNr6cAwFjUbNHpC=szUqEk0)l z=6sPkS4z%-K4(Yf@QUf^T*<+Qdkuq$%sHDmS;@J?=j_CslbLgb>hFEzEhN zI>Y4KZbABW_Wf=SybG{)t=leQuWSu;7 zZjzjj`tmYgy<%`)dBl5?rA^JdmLlsPjc=VLx+Pv+?M!Li3VRw(rU_dmAZ zuf0tuq6Y)vvb~-3!R9o4nI0z~PN=(9$+n3U!xqKD;xXnFCOz2u=#@2a!$x7wei$`B z1=FhL%m>7{KVs%t@6Y*9ieaXX#fdKY5FDN{J97~+x4X=CHxFjN2Ptz7&0&1xwz@u^ z{eeT_T$+4eJrZ!E05FEh!?U?S1*@T6c$=@!6>ZeFolkIy0C%ZGX<^!}(Rg21S#nqN zO>@~e@j$iqJ_dU4?*HR&>N?f`kz_!lVMcj+hbSnnI2`IWydx;9&h>ENobSykoP$fB z=uu`zaF_ecHJlG;r@f4IsW*UEyUw0mn;V=pnVwD!ejE5Z2dRxr6|aX6&6Yjgelz@? z)AfPLxg5R&)QS@q%la`c?dy7w{*jp<4a1dozl!^QD*Wo`mCuoa{HU>ykK|99(v0uL zx)8`+fCC5W7$o7wY`E(3@z~|7pD&ekt5aXQXfhG3UXYBaTr#c$Ss&8WykOC zxcRQj;}?)2-%1M^?Yd&(CQIRXH9lW4UXzhjeY~1k82_q`S4Eyfo&#N(X^2Dq7m(P{2Q@i4TWHXD}|=wuioi5rDn9I=H!|T z+1W}^&A3BolyCa z!bKbX|MRJ{SfM6*>~1JL_D(mi$;2MB_i4BfRSIjL(Gp`5oPBw7<>Ese&rz=ZAsslNu#yzng@dwk6lU-hH!&tBWAKoh7%i?LeYm zAFX%i0TyqD!5AG7%9a>(sQ$fq#kVr1vIZbMn=t4zW8#z&#@@}?HKhhBv##@KDGNF` zfP7tuyS6=zV{kDtKJdt642ymIN8Rd$hKLxrF^&j zn}mm8738$owLbdfl%325ruc#D)%X%Bt5p*@u7Z|*M9OjC0jx4ma$UTSukIsKx9|mr zt=vbX4hON=v*@dbx!qe3QMn@m;N*@7(G~-*I&c>lgy^OaE~$^+3`W0VDi(-D)N}Rn zt5F_~Et`%gH@<785~_(u+FyXOmTC@P+>erUQ+N^Fa2&tb=~8N-8=LJm`t9q1v_x#AoH` z+uy{|o~BbB;o+d>8bJuC*d>kN?)^!pL`8E6!42d6l7*6mC5`=+P@?7_&(A%oD}k_2cPM*{2wKi;Zeygq~y>|nT7RfL&Q3U@5aAhzELUjmNa_O_ickzh1eRc*Pv zMY~Vi39O@PE!iIw$oHjAzQtDj;P8J=zN3Yoce3sMrCe}+SoQt(_wS@zx6!}ns$|W)9TA{7=rJG}Yw#7rCdknF}p#&8R&^n;G&QC|%?VH!rlOwXK)9 z!aepBJtBpRE~CHx)2?u{ds?&9o}&Lk;b5@R^EaIjD8A>H;k)8e2es$l9SR=bx4{~R z_+~D1h3C7cHJQbl7V+xrfSz!yQuY(NG7=Jbzx4S#%KTFLCgQm{zqFsoik(mUrQbVr zJiqjvzDC+Fy|zjX^-HNJq5Vd^%Lz?QH*Xv_^G)WwMvH)bbvN@kTu23oknT{gR`~B; zpTd0~&%Zody8|&_EdJ$M@h{K6Gx0Col{ll(-T$TJln<)YVFZ0$gO>g^)R>QBzv0OH{YHR`gr09 znAq-nS#e-D7?5byi^;|UvrFyk*qcCJU=Mu%bN$yi8vg7ZXt2!v7XF4l2S7k9V? zB3?~oicVxUU~79g0V%hSx&C+l${d$7$7`SV3+JN;GN96U?$55y{h7hhbWY2d5MJCL zR*vraDt0nXoH7RoqaP?u$SoL)zI9^gqcnp0+u;j+Rluq*g!9tT$vY!z_+r%jU%P{8 z?36Y9A%(@&!9!3X-R?1|cAH|G8q$|(LSeECpSQ!up<805>Edb4lw2m$i?qJlK7aBL z;3!Yf{m7K?&YVAaP7nOak>g(n4Tl}7@F%0oWr-I{4R9N^14spBZ$$c5UCcjD51W2n zF6LF=|9|0PhW6CUTd)`Ai`r362jCFv%|1FEXo{9euc28JUSK&gQZQ|3h)M(CH}Ps^ zN};nIDr9VkknK(<_(SAy?!z`3qsd7djX(u({E~4n{qXafMk+&R-YTczFKKTOJdxSY zuJVd0-t$R16{T(T#Ed~O#4j*pED7orpZi8Yo=<6#pwN=0Xz>g(0`d})uv|bAmTQQ9 z+AkzwUeIOcHAd4C7>&S7;N_Pb1H3f)AE_jHIv_x$c9QxX>jBW#F@1DMCLYVC@MYuO zs`T2#c2Z<>AL$;|mP3b_U#|}OFK&#IgWcp5R#tTAEkHDWbkFWw!H`ctcXPr#Pz&T_ zdcX2{(Fmi1nPZsd?Bd0MFA$_o=l3|BA$~!dUCArkyefIE#p^=%sv-Z9R4hQ{aTNe# z!-4vi%=u{QEa5XbjvPPUvv|a2>0LjOQ5WJaH?Ec1@ByOe4;Uu7kIC?=((+K!a-TKS z7#*c87k$D6Z5bu7Dj{llXuOsirR7Cz8GUqAf{)Za8LtDoI?A5H&n=;6pe)mb6E@47 zupsBwMt96Lt0 zjam?0zgY2jzU}dvy5*lE&;>1zS4Qt;&(^u)W@9+PU*P;P3^?scbtvQjDJO%kdvbO{ zY5536Lc>D#aap{0JU-uZo8q1FJy)P+p>0!CH-`TDxTZuBpvcHvB~Avb_DAmtMLs4= z;}mF60Qh31YvzHsLKs=io1W{RxX|Lvckiu}5WDJ-dIt*ThtXf>2`ETb+i-N%@p#cKPTvPi zFe4|HvJ$f)-?kxP#tq>NSXa(MW~`De%-EM^#%jfc8Bq@1L!^brVss|h0DMAb#P&%9 zem4j+1_qBc^)QV|)4#R@WzsZm2T<;{bU-?0c&DW4Q!=uMa~GczadNYk7D;a@V$`9D zDJ|7dkpL?4MVzV@pg6HWz5eG=lrSv6#I@55XS1B~dviVmf=xH1P4 zPY#%jP)PRle#B<#V}Wlm$7=1oOFKOheI2eIpi=5#L+w&D1QMwLAs8Cd#-qgF=$-Pp zUVl9funcAPz^$hxj2)fxG2UpV>tw0VgTZ@%`|xynNYU|Nemtsu=&(5vUL{7KlJ&rQ zYK)p?PU#WE0)nT1z0gM(Vf*0~PvPXMDm>1|ar>5BS=ODxNJVWlde^AXm;(+!N=0n} z?jqy7mNdrCnwsmpU|C9Ql0tfO15F_QX?l-=-lJV}IcFH_;tp7ZlIL!UPQ00+qezyTa+wK3Iei&j2r)A=+g;G#Ao z(tlYo%-}H^yGd6J;iPYhW-#LASNqUyYV&G~S7B$b0~iwe#ud8!X2gj5kJy=QHhNbEL)ksq*W=`F&LwTb5s3K6ar8bcNGmk1HTr!pE zDp4hsC>XESu9QS=rTMh}LyDr@29sdq8pAa3&>>}p@}YDYm%V4;1m zABrA6o=4q&7^_dG1_P3=U%IBUz7!1V=Qm|cUvP=c=72hrH)jE;)Wj!xvD!-1z|Kbj z3E|@*c7k(nJ*q+8i>6O@oIDCU)+E`Ot3zXys4-$3SHh_q4Q+?c%324D6Z?A*Y3s^v zr1PRnv!{NU0SHwzWdVqNenXj%X>u5Vpk6Bggg;jTuxB%X$1}TA88;ox?UrTW)lBvIo2S3+cd#*Vr~TAW3PS*?%1})PlPa9n z=PGyIO|-!nyooN3B*{kP#%KmR$l3Ju5~P{rLJ5C)+|!6@E=a?hvt3=xAoJ@dL|49D zXJOrkqM_WtaW2w*=5IX&pyMHYEr1Z6a}6$nTaqB~?Jxj;mS+3Ys60%`CA#>$2LsEDgE z@D&Gdm4TZOe|MOtoUGeOFme?c_=RK37`Pob%R9a=W8kxX?MWLlFja9m1Ahr%t1+^vAY1b&ex}4!)aWfwiJPV|oQVVlgC2 zrN(FzbVYv5ABotE>VAI_O`YH9khUMK4xdDyxvN39h2c-Yyp_6-d!tFXO4<7&a!kxY z-Qo7O;icGwSa+iaapgrQuKMuNr2kEDPedO!9aN2-8dVC0qhG;|c6^ayCs`D9gu4A` z06AGSK%N=^lY|-BO?90T1sfF^lsN7FUkSL36He&aSL-@NlE_;!&3SgDD!<*Gh;mbO z6dDAV>le8U3y1QdY zA>D2%W`#OrETJl8_Ji(K1H(hg@l-rTWB#V-KcK~6Jc_xl^++3nCa1blt5Y5X9*Lfr zf>3N3*uDg8uYqlhPExSF3bt=tu#E7IL^l#FkmVq_;4YUOc8M|kGD4)S;(Tl>W6gb zmRe)|&SuusITU$DI+mKwr<+L(t*Tg@P z64k_vhpNyn!X)}R+`i^7I75JYepwls5c0?Ku-SEfJh-1W=YxMub=|t_Qgm=*|9Pku zeZw{?I79^16VV*VAkVLw?3+uoqvPSgr8$59auF_p+l)g%j`L-ffJq_Ka6@qS;tlxt z&bol*xJy97lWv!^G<}b2nlq{ei#J4@2*}C&-ACdjCG+cMWQR=VFO{ky^M{3&WjvXG zVWVfa(8f$lFldTSL4%a}OMon}U>_6KZ^u@#94Ed^dkuYj#L?6Bu{P}EL)c&{N`hmG zT^Xh%qC(3$3^kR+P??e#f)6B0Vvz%^w&qnu+IgmB(!5%!iXLQp^bt1tlBuM2TaQZf z>T#vHNu;?5o-bDtD-*CQ3~XbxkAhvHU{{U{R+Yqs1Pk1&Dv6VR?nf<95?7;iN=d{b zwvKO(2TdK{c+U#d@0V?ox4qTcgD<3-Wm=Jvx-5H>UIitlWng=vjACJe9)gHB`O2`<=GEdmvIgp^Xwr4;do zv*@`QEkI(RE^n^!7_Pt=s=JwKH)IEhm@vZe%EP?SCqH&lUFRo(7(fCnF5#Fu1b291 zUAL5cgO&t3?t+)G^)-hILSf3q6)Bfhq|AuTTxzqYY^~YPE2nO&*-ut9Qmxse6__@Q zqnua`D(me|)?2fp+iLb>70rICB4trU%8d99ZCDY(S?Tc+`Mj3g79wx0Xk=PN%Fz`m zGh+I_NRDo()yyB}@;}7Ab92X*)e6%le^@G~_ftplO5OfMUK|0NNRVgLVuf^CEUDC0 zD{gVPpR3Uu*KN6*rxQ1^rzypMjGzot`O4Kam3lbfMlK+6#_Kk1?SXA(beZ8E!2Fd( zZe zLq_x=U`ToC?v!%;7(wTV)X<;qZb`=ntgfT&!FQ0DTh|X+JkkVI2S|%!P0RqqYheS+ zioZL7kV^my>DG7t4sdH^zn#@u&*l&>;fE)*8?v+$#U~Jqru5fY!XNxd7XKIH4_+>y*V2erB+L zxoh-Q9PC!Ieo-(ZRs!sM=m&s7*d!c(h2kAWliGm*12W+?&+HFKS(rN%UHkxcM;)xC zDVR~eEETW)obS#|+@kV%?tCK&@=IFbFxo6Liu!SGo~+6&enAd!)U*cO{NMcrvl1|X zv)S=+X-hzHrlIE2MX(vIu!9tAs~!d1l41jSPQn>i)`RKTq7S{|1jsQdOae8eXs<(@ zDA6Yp-_y|Fl8slUY^wP4;8aUb#s8giZ#?)JrP^q;5)X2&>q3`uIh-LGTA7DfF#HZT zh)aG7?r_2IGo+3-2$mVa$iOtuWprCiwFRFH&ctf+- z_gwFDVLLaEvIRJjDSD3hkW#wugc~Yl$bC}BHHz_Yu0MSgW13;yVeF3r>9bh%u1m)Y zgvG-HyTC9+`~H~1jTUF%9#)Io`cdKz6F0P+=!r;RT*0wAMA09p1=KqmAB3#Hn?{t8 zEL#sIeN-RP=d&PZboZT9X0|qTg=ia`==>YZu8hq2Oi}%Cs*(xnqEAkO)^*UKMO1G` zcQEF0#E1@Xr3zBYl*U-}^>2hC-8rSaD*Qy{8(Hfgi>|mmRbH&F?3J|rjzID<-1Gse zI4yCnv<$gE$svC`Qyc?mCu|}ebmDF0n4lACEYlG-QBO-_ZeC;41)w z-4uB%Yv=a;cvDVg{n#eWHs0(=c;9zstNg5*QI`d?rNYuzVT!!VO%;Mo_?So>GxNC*WJ;r0(D+rx0I`R)Hj7ks7Z)@ng)(kIl`@mqN4SP!5cGt%UCNB(iUn7#mc~yow zaW!D$KcW&h?Z+9r+?${YA4Mb*0ts-KM0dg{&`IhAv3d0usu6@c2~co&thvXYX0Lh7 zrQw!soCbIVSHa}E?M6i_He&;)J$D_~0d1ZHDI*=GB6^ z>?Ffe9_xLK31+XIY)^B#4w%d<9cpo-Lp?gOvvmXjwIdJyh&mNG{orrF74}!neH*rJ zc?}vZg2_m{^7eHc^fWuze7G=a$~=zW~v zkHrzr&tZ$ro+yq1;}kZ!K}H+0l^<-1zI~}2nXxTb8oVoOE!Tf@&`h*H#1w2bCWItu zLAjB^nmazsC;B_dUaP^(MC3D>ya7?oH573BCLZM!=SfoaMGo){~k{%@wTOo3&k`BqwmZ zDO4%6jAyLac)r*KJ_A!@2N@nQG&kuiMNV)95p9f!OQ@wGO;NPsBUmg&M&PVJb z8vMi3HFc+aoAr#yU;aGAN5JxQoY4!2?^P=mU}=?#X*);S8oRgm z-sa#(DmTUx)lCPUFFyPNd{6n!iU2^z)W=w+FdZbBm1JqBK3F@?r-5O6+~=v0M}rq% z(E&SETauCJ>8cT^TIglV+R!x|pgkc-wJQspuXaEAoX{fpAJDAR74(SFpX2(ju#r(< zJq{j<`LFJNUqaIH$;1_M?&zP&FvndYGIt?xeq zjp!qsr*gv9lxS$>56g{b3VR4S69^3lZcf%e8tS9aZf!uLebO4)$sKO+MiT77y91;J zoKU5SussHl8%r?tSnw<8$nf(3ZUuqsOtfG<{&#^jX4#zr2SLI!|HJFiC^-M4(5hAl zF2zfbTD<8(aE7!+9BB6WVDi0EN6R^TyFb#yh+VHfm}Ac`I(@bs<@Gv86PBca^K8PO2mn%aw5S6r|!E9rNlznkH2QO!WxT#v7 zZD@sz{13>=w&+)|Ra;{;nqYo>+gcX=Ea{IO6U{C z4J(r9iJG{Kb3!&6mldq7kt>JGPKpa`DepY>cz+j;?Xv4WMkG|T?O@E`ZN(hO4R!R z&FpXZu_f*&Dp7f4gvO=m3hY>~BQqz?x3wJuA(mipuB64G#}bUsl}vXC%C3*hXM%pS zG%^8GJvRKW6Q61t8qy|dXh@r+p&>22{TS>GkXFcPNGs$t)X0;Dc#T(%4`JtXTpQxPA=vF$Udp^VfUIF=-w<>V7#$DpA;K79 zwT=ahF4+Aw6D&it_Yg4`j2G-5O$WA6N^0XY+4Hy1pDWt|CwdIP;v&(am9HBi4)`vw zb7nNq#{(KG*f{vcSx_7z9wEl&Dv(x!Lzo05r-Lya*O?<2+I+ zfc+l7N>k3OVo&A;ug*aqHDMiRLC|R)484WZ?yowgb`g0 zZ$x=wmj&gQG)mwS>p^!@dW9xep(VXSi>r`LuaI>W>eDOe8|=iPA-#g`^soX)nKFv$ zu8X$x3T>=l3DYxrK$;z2w@`u4Lm$>&>=652bqW)_O=6#B1ii z{(|ehuvWuM*(pAUhlgUN|5ASF$NxnCM5qa%1hZ!Q2O}TEneHNgv;55?+?YoM=U6e8 z`4tD%Z{B&mHReg5lzIHx&VZB~X(J%85Y;PADewz>b6&}>`h6XE$>~6|#kb>cOoXY6 zmY$up*#byT0*XG8edv1yEWHk(3H^`wnQY;MjXO|;!*`6HUA?zdgKk}f(D^$6C}JvA z1kZp|(6}PFNCeQHv>9DUdp;<(KGy#*&YAajJ%-a>3wEdvmw?ey;jbht$FvInia2}$ zcR!AM^v@=^dneZ)u49t3=TCxjB&i2QW23qYW$3lHw0ZTwj!EfwO1xvG&Jmfu0rg%q zeL$v<`}XKl(?@0c=K1NvGkxaNnwDolUB7%!d|BF0zbDg|_0#)cW6V!a&Ga?->3uVO z4SxF6jQjMF%;xEtzA>F>?f8Rpv)x#T(lpLq^$|yW72lf1kyH&g*1uI4a|$ssmZM|=}6($m~^CYYn?AG;MOt2 z0wOKo){377w~qK}aBIm=gIfpvG`MxZPlH>R_-SzKJU_j6LOP&bI{b2Ik2XIIZISiU z&=xIz8rq`CPeWTY`00KBEz(iK-d-dfcls%Q_ei-t#x#(QJBwX+ZZx~&RCTdyXrrr# zy^xMtyni7mkYu*~nHMozHScE)m(zBAMJb4dGTWHs@(z@xu4I3ss3umjAr;>W@)_^j z7zM?ZlBmeZ^u^|WTW@LW>J^M0RkFilV;y1*pM%SBlhzK?KA`G<>Q!`L2W4;(dtyKIp)XIpThFU54X{eP!KMl1q z;HRNhmiTF?m3e*|YM|3k!)WO6(@;BYei~{g>!)F~wD@VLp(Z~KHPqmz_xZP|ncIrF z+afhH=%;4i0-mboC8(J}e12`C^+qvwOR?*gjjkSkl8dmR6xKkxggll~OCDa>rkWpb zW1f)*6)*s>K~Py(>Fhpbg$|FFfukt_roa9D!yA>S%?eQTq2LNPZ`>>AkU>Z(FOND2haXhw~GZsloG^|Jnh zt*YgzlX;OmRS)7Q0bb0u8QtMnf6fFw9i7tCmhql8LMFpSuvo&Z)n6Jn+ZV}N3gf{o zs|R=u^EPIH(~|?7$j3iBr6*k1^m|f5rO5UYr)I(X(4jHehmYLpm#3HqG2H<3Am+uu zJZSOT!#s$2F)$Ar{BoEFG4lfE!I*NC;t%tn;-_IAjQDAo2PHoZSswJ$ko5sSeN@7{ zfO#;_FNf@R`f131ho6Rd(B`M%rDXjy%##*B4fCYQPoJ7FFHZlrm=|9y=Dr%~hNXUL z_O;-?YO#WOv9#E=bfbm6n7g*vb?ru1S05h(S98FwThtPaZ%-sdS5e*)mhbyj25Vd1 zynIEcCc7y@v};OF71-pSxc*-u(wk8Ke-NT2#oUreh_3civlrA7qN|HtS8udb6mtuT zT?;n4dL%?xaH^NnGpJV*g0h?H8Yd`t^XM^zmC4ewIT#`ijD*|6@jhCDD!ec@4;8S9 z@9*cqY{xzw_wxW{J~jp5JTKPG!(}!`|0rJFb20ier4wi!J{-;?+vrfYO>sN0b*)7G zUyz7Dx5Fz4|0y&V@$dDa(F@QsWC6BZbtxSeZ1q}>JCNn?w~p)i4s0}@{Ci;L_7?i~ z65M!Bi%0CwyifNS5G?q5jys$&%Jjw$XefNrLN_@4GYIuth~5C1BpwooVGWlX zE#XopuKYZuQ4p`5BStm4;N`TSNV^Ci81rf{^3foZxy=;a`jfnGM- zC=9|IeKY`4`ND#<8>6d<75xEWuqP@^s!G%`;9c7@8 zee&K{4p@+TBqEd@)3vxK{m8=HBkrDb6(#urDW%qgUH+KI*UT6y_x>AZiOYrs$f+_h z9XpnX6Dxe3+(mzQVeaANP;gE`m}1o2C3S9{lJvVe>#mm10eiYRAqQaocGL{ug7faZ zt2WQ$Mr)tp6J5km$viKCv}xt})9{utx7lCZ6#a*uv&LGGc< zm7*k^Hw~d~B__CzbwGyP^3cNELyp7(>rR8OTrN|h=DC+BFesAvk%ODSA3Li1F$_(cxQ3Up1kV9@H z*7?n%-2I}un-5MBak<|fQV@CFoWvsm?q8U@AAlC-9!Nu(lM#g67w3%WeY;~KBrD9d z3P+VB714yEg}Zxp=pqo&$qR0woBJbr-%LQD1$>D_n3!L71_adV-c0VRNbcPx*GN43 zP&n|f46!wRSmqk+OB)Dy7`kNvucC}Vbzb6SGdT86KYd>2nzwrC;4H+|UCYD05;}a- z{PZ!IYmDv?1cDiUOH_2KuAGLu(I^i0Jrwi^Xtb&_83KlqDZOC}_73ehKJWLAalG44 zV;n}cB|)4usqABBI9EHym=5%zU`)HEBQhfn1(mADhv%JogU$7!wGlJu5qa8(vlfX& zSzc^_Dzgh5W{GY2Z1%cvSk=M^R3n;^p~mq$juSK4*!hy|g7F2pe`JPp|L7eDGmzIc zf!%1nv!DskDJnTHvzU{uB^diIE`fm?djkCCo+87a2wA-5&UdysdoJamMrLzCcubxn zfgOOYOclv@+=0WI7)AIeN+5;w#+AJCwz{`xb@B~YK2wHW;oi~?^4yU*IXR~XZwdiK z-00iOO6TIWo^&pdPE;W6Tkez@K9YiEX|{H-PYx@`=9z0gs7O|Duw!*_3{M$z5z;afAi#07*4rCqqgQEWOc{U@~Ny zqy(XqURPqLR!T6nA9W>&pztg03L4>)54i+lC+~9!1WtHNO{*bl((DolnY_&<5HESN zOCVS>$t4gec}dBHH&42r3NF7B^GRYBek<9y2HRRP2LVcY8f6-LTQxqJuh`t4TiH84 zC36iWToR=gISwGL^hgX_@kq>WuF8zwVCx#SWFVEy{{(0eQ#Gy1p;0F>xotp=6ufUR zD>{!v!s$y||5Tj0J7Yb3as&zR6!)I+0LCHm-^Y#viYfx-gR zH5Lrvbvt=4?J=;qTID^X!Tb2!n&s0xz^MVMt6Xe-+y{lI833j#9@*NNXH(n-Il@ZZ zI=vBPay}LB1waE}Ot7SoF?_&XA7-z0!DBAlxl@!g zszE)SINzbu-GGl;S$s~L5TB1*d=ByPIl|&ITyO5o2D4rF2F;l+BL$x((0OTuPg8z4 zXYt|pxG=mL^m$UAzyp20{Y#HNH;euxIUGLs40}|ewDIi#-LBK~P!DXNM10x}a3{}3Nfv(q&jIzmb3P`NmU3b^VFm*J1cda4vX zo*ee5S)U)i^At0%r+H7RCQ>iT^Ls#Q#m_yYN-|tS&B{+LW&GX^i)GQVM~!TL`1?OF z9nYPx<4bMFGyIN^wH-%b&T`!weA-+_93KqgZ;z71^lqGP7n{tU_oaQL@uM|Hk0#$a zFkh8{D(CvCCYQXE5Grc9@p;oRt#CO26T-F_hM)` z{BAx>{T#|wyUXVg`=tJRSzjL=YClW>0JWR*tRVzT^i}}A zM9;35@WxOUb;-!3phWg2q_Y7jI6*NR0>~kY*>QrI8EIixHO?^ZZYYI(BwH09MY>RGNCR|a z9&`0U%UuB1pwR$_j+O6l((=@6B0`uZ+QW2=fJeTGb$NsdNxVF61(&!{4a#)HoAc6u zYu!-V4Lqd>&T^s$p zq6c)KjBiIy@4Kgc7p2DoGTg9y9 zh*?d`mh{<*^JzFoZIAzCp(7bM7#p0x)?$l|?4`&`Vt`j{#>)=eO0@GuSoGP2POxKw zRr|me0te55bvdcbg;%wZSFuEcCs_@ z914OG<{2>i@Oaew(?HWoAW*=etvQUdPOcZndpNyxTM2H$U%tbAIy2Gs011QNu`qXs z3r^xVBccSO@YLWIg*R(3G0_ZcFUu6;J+7{7hmB?y?TbvIn_~Ic!X4^`2qp<%R8DFD z{9|F6vD&@)4;rzR5W?FZvs1oIi^1_`$}x4Z>>ZYZj7c@Kvo^6Kfv}V zAkpJmN6kaMzOcn*yzjN}qrIV2-#HnaU>LvwTyw(n(0s+7q2MDAstPm<`4s683;7G6 z2l7fl-sF{n-)i1als6RI$2{6fy{l{bznw0g1g1v^Ak|~~Gr}Jju_g06#NRc!uS!ya zPxi2-i#Nrb*}1e0-n~YK09uRH602~m+6dYj@sg>4O!GplnTrsgc6Y#pi+;W(cw2;n z@vGKv(PrZETf*|&0{FaT+aMqi3)fIn6aag>RL9d~R|85gfcKNIw!|!!PojXtlBN+h zm=b)d^C?g=jtxFO}&~sZ|gU*rKctv5EJm- zt2c=mS_$WBB?<^sT7e--!D#su_X=0O1)Kn-HNCOiN0%c^piLi#<=>E5Ku6 z8tGYvX~n~G7@UgkcBAOb!tQ0FPl^hn z@uIQxEiI>$bPsP$j_LzIALPKo`>+J)M2H%FOa&i1aeJZE7C^pb>*78wb=}~0*JjXM zs5WRAs<68@L)vWoZf7z;1aABehK4<~1wc*nI-;_(eaK5s1Z~JSC`wBHkz7{2eOs#2 zlCA->(R7D~151ZJx*&Ih+ixU!P*G{d4YL~-=59zRc#K0d@V8XKyC&Ej0PN#h@F6n5 z-gZ0eSnB(N5zpN`VAyFFm<-V6y4h+lva1qCNmi9u*kZS)K-NaX55-6Cmazh77Y!z5 z7RP5|v^T_!#N71>36fbRflh${WL0qIdbsRN1( zP*qb<`dbI?t=oSiat;tt1?5M=ACdPIYZF8pzz%37bLFYR2>9^o;^SpBxn)+r%+T}z zWKFi13oSa_0cdk5oqH$YCLO-rke@RWd}|N696x}8_J*5*e;7RuRao&pKkLt#{b11J zS0kHAHNy(p*ydt%LIEhX0Z*wN!E-TUEL#7%XMi8x{wij}=tFwh#I!ECy06FkLdc7) z?tf&Sb~TRQajf#4a`>l@5NtdoE9-m8UeWbBSGxK_3>ohL7^IDQQqN5?^n8Iqa?EI* zF^q34_~o#S3O2?##-ZLBo;moSAcyjAe^s==c=%4~59e=&yKKz#FkO^KF|tuK{s8H>bUJ7gA%Y(9vjdHxhUazyU2%p$YOjzOV~ESy}=Gby*{9+7JZ zv^X?@&7OC-M6}t1YS`=%$p4LEBlUKfxL))gvHqIn^iLvKgn2Y3O`qNS9MQ2tjThb zA$zkjUF4L?bdgzMO}5FaOrI{LGMz@Ptn#Xmv+0$yu5#9cyn&}6qE9Ol=Z1913=$|B z4IX3?E(K=>Gqmz_uX0;@;eQqFJ#HR2eJ(s>r18K z7CNzkxZ*gvO?84pC&;Y}DGk64T0~FUkxK>G%P_OkfDM@j0_>s0Iq}fNCWU0 zc8mX|TY<921W+zV_$Cd?fmKjIO+AtUG1~<~Wk-v7DbY)tu!PwGTUdon3 zeoO4LlO>6yi~`zsU%wm*I93iFyscjz-CfZ3*mhs%GZ1#(*ZOIAY&6?lf7pz_(@$g9 z{T4qxEmPn^qV-8tbZAy{bjS?!I5SoQLyFhHS&rRfH83dhRRk1gI?jtSu#CogK?Zu+ z!QsVod+}b7fnNR^gMnT=JW%5p_jZEPD!Lu6Y20fVbP#X`1NR~Z{B(3}Q|m|9HZ_ey z3Y~s^+?(j|)BC!66uJP&y(59utXf#W&{@I<9kq|%vwC5Ta?(qU4`c+eL7KFsW!=2}Xh`$=YO0Q<`k z%%>LSo^tN5kuW!i@ZIW#j6uQY6d?F4#Y6#{>623+>vWEaCsp&sDYR(s4Su(Tb{+#o zn3Q@HkviDStdFe?c*V$`hmYou^@?arh-RW-wl8&qGfTr&CIi&x(tygMyDPzOVAQ!7 zmafbABI#@4nX)thA2Fi}EFpSpvdtK=*o#<+E5X(9&eNJVN%Q15!YK+>83uTI0$mB_ z$#QBw&)}i*82HC7Bib^J6?K`=@-$ZT%cEsP>qpCorlVy<)6p`b>1Y|zbhM0UI$B1M zjxQr7BU(mG28LvrOPfT?h^c`=nPtReM9T;>pz)(+#AHOvh{=fe5?e-04fNvS5nD!3 z1It9TjA%MqMl>BQBbttu5lu(Sh^C`uMAOkSqUmTE(R8$oXgXR(G#xD?nvRwcO~;p! zN^pG*4n6}M|Ld_l~nZxuZ zDybg*v|p)~9zEVw@>J%L@l2e1hjQI3o_VHZZXeIQOfp~h$!h0u42utoRRf8W)sB&B+q-H) zzTI^EW?3{#-&DyA;+cC&<}c!z&63G)k*netn0rg+_u`rFl+0`6nYsvG9?#rYYF-e} zJVG+{xDrF7O@Y3>Qz%)KOYpLp}bC3B~EW>zwJlGQ^Vw}!wv>)g~xM@LEKSU{-J0g3|13k)#hD~ioA$P zidiEne1qpJ)z1BeHs*?*;_B1RRabwkn9cWA!1l0Ni~*NwlpMdnGfMDD`h66BT3z|5 z+td7Pmo;MW8G9Nty>fOX#pKpNLK>{#iL3m6+a|DvBL6tDhpP4EbDO9y?{R7hlTb@v z4)~R7>C4Z$O2W!&Vwx9=EIX;bOlVfsmkG_P`ZCh2$|Cyk*bro?ioSv8is zv6}VoSNIw(yFtx*6;Et9&6+h)iH$HPQ~Z73Uo_o}c8rTNE)8Kmqwij9m4HZow3 z;Cr(mLE1og04BVH&abYwKT;T6|yNv5^b#$UL7-S~kcg9ddrf zL=o~WcB>##@FC-CVXghwC6d~WCFwS zRKHR!!|~m&l4m&X7SB|}(d>>`BS#I#zZ;1(zM2}2&$!J0K*KTTkekqOG|vfQw5(Rs zaQr(2hZ@O@Uk%4+;+bkVJ`~SX!_n*_+U9CFeluQE4abCMsfJ_1vsA+|;aRHTnD8vs za7=iXYB(l5OEny0OZDN^!Rk%-Cb>1KgaeNtP$o;9YFN((O4%vrYNtEp8*2l-c!@9K zO&eU?dRO`)-c-XNFgI>w`#2@MwgGzxezhJ)!_-))Xnkt|fDxY3qi;4TRiSUvB^^Uo- z#^MW8s!IJ;X7MMS&I35edqVFbc8N-}{7R`R6_pZxBYg2+;W&hADS8$v6`2XY5h@j# z3BM646`7IW2<-l&VwV{3yEj6mqFN?aEnTIeTHvPJ`r^OL^d+<>R4OtP+7l`jnF;L) zm5R)S_Jm4BW!s^XjBZ!;yZ>W1GP;!*d1pIzp28j;9Bs8hK?@+F*B9{;_A6XB18)c7+IK_5${9} z5!ufnY9|L~3jahWyGLlCSD;~g#bTt77(L=@K$RY}!A=fN8Oeq_IXBTsoH~cN*R&$) zcrdZGbVv%~{tQy~MD!E?h|@`i@Hh0M_mr{=P||}JtNy|do;k*W_>$8>53G(cZH1E; zA9O31E{w5qoV?iIFOL|{3fW?F*;doo?lvzWX&Otvc?n6=XJ-1Ibjt+#!*=(>e)>OX zySr-DGn|Hjkm0d8XwFrc3@mu@8aOreS7j3&JGQ%@@zdDu{<)vVcK6+W8r$7J^3&Mv zzR6ExyZZ}%8r$7h_-Sl+|F@sUcK6wS8r$6`_-Sl+zt2x&yZazNjS$}MNXxc}4cj2C z7g_A7A-+poWst>K3M|L>upCQ*Zn1K(+;)C>3d_CVvkX}7X+I5?d(=;Zd%eC}rzDE2Pj>$0XLwtF>fcI6>V!WFiGCQ&cp#Sxd**7onExZi}i{FJC zr;(kv=^-=!dwTQN4PvgnBZWK;C$?K`Hx{I?3(dk4;OUZ#^M0k|C6yzTuqm$2OzvhAYfAjcRP_C%qnIZWJ@5wd|rhTqTlCRh40%=Wg_6aUbY{z@St&bNAU6# zzmK^DhWs`FMmhg(YY1*qbtw%5iDKv6;B__>3jk2Y_O?)P6fke0%ng>V=jBkuu)hQ( z?k#kzTfZJ2`d$1r(A$O=U_zDyy*j+vO1i{HHEYo#)?V=nYUG!H*A32%tP3rPhask* zv?eZvb?6RO&oyDaF$iHj`^^_SoAZli z4=kst6pY^eI#eOJqPJ%$)Bvx8vBUiEpG+6QdAKfO;W7*+xMwF@WJBuvEVDiSLO9r)?RN@$iq*`2-F2i8oN7-2mQ2mmi~Tn;U$2w=L_! zZ)^zC(-cS9H1XAoho(Yv=mvvm5WYVJtOO2rN2i+v?krUYOY@6b2jp$zCIt;a!A(DY ztiBIhfS{+1fAlO}KN6bLjCNX=n5pQ`_4W4jK_^BhnuI7z1h*@jQg9QtP&p+K@J54b z{@Ima3k`%LGusH(z;EjqA`XXbzMyb2CfA+J!k5n`Ph#vyvKPv~j2-FA7gp&4;BBv2 zk^p<2+dv+oWUl>ma_o0WF|}AVV107c5;8=V?^sN{)^Qb8;5n8*gR9<;uwJ@7j@2+ zF|L1mY>Zlm^bp-}tS7D=9in*8e$yFE>S~LUYHaR)7ct4_otBXL(zvB;AQaum6_%?jv(+1IJ zfA{M8@Ew4yFQG*>c6!d#ScMuSlUtNp@kjtxq%(9A2I_V4J?%!L6Lh-;y?~&nYc0g) zx|?C6p6yW8_Z~>x=HR_}L!*BcU$9xVHQb>^jHq&~9-c=K*k=S7@`bfKn}cbB8!NhZ z7Pm*15<_2SXAkwk+Viyse22MK4^KRg9(Ih-<&9HyNL`2Z!ELN`j>Uhn<~2 zfQ=NlY@-Zfdu1CAqEXa$-vNHk^v&#pcRu2cI;{5q_mp8ZVpzMg=pZn^>12nC~q;7 zlOlPdeF|WIg9#QKvl_ORMJ7M2GghWdcI!HLw38+Gp5|Y`U}j^P13Yg9o5A3FocWOk zINIi~M83Y}jgO^x_HXaHhLxRYxPAwD{6Y)@@j0823EjRXKRoF()WCo(9)o@3)5!N2 zj+U`~uzy7;i@=4s0H1z;dj7g4s1192Tt0cS#yweCK{kDzQTf%+*P9J9=nC;|FiC`s z)_h(yH=guum=W`BP?;C#c@qt7MxcsEBHv~t=Gz#!70GV#kJAr?BPN~RQV(P!UVp`ce6zA8$Mg?7fMdZWs+>kOu~D1eo9Xt2ujgp=P@CTl8N+J$Y!L z9r{*vkTq;c|4Z7<)p}h&QYtjFf^E_>j#Pqsyzeu#S!b<(_H*Eu5gCTgRfZ!HvuNH@ z{)su4tN3@~Q((bt8%)%^4*M1BB)PLQ(4J69*LF2Ba+EcbTJAmqDevcLirsk zP}@`wO!tgJCutD%v5AR;)M%QF{h1g>J6#t|;q~> zb}6_h0ergF7vM#_NAvojK4`XKQAzu)#0u*@DaN2ZmBd%!eEr8bjIv6P`{oBe)Z+Lm z`IN5mnbAvQMlS&mx>4k}68}u6d#K8(ojq<8MtL{MEZ6NbvVX9 z0_O&uww8;huY+nDMUdFHfJp*R8B~91vM+_(mXouNwYpoA*Z)RnjaXIB{nEh zlq(|8K{1c-mLMTNw9sktevqi?Tgc|jL>ZL=IIHz4F1H?RWvL>9+{gw}19tXvCtBgu zLK!m)Reje6-mJh+iUDs9J>bp3RWac1*u2!cwR0=Z|z zD%pb{_oijUpOz7s7KT@;gz}9By^WfpH^0kH(Ma_a%{akMkrr<16y17|4?HnN&mHdr z-|!Tz<_aXiHX_3*0wrZOy(t0>+!Udj7;tV*Le8>iI7?*w;t?Qze5UIBa)a6%UE?Cj z$Fg%V7Oea>NqIlEBdq+YF=>ng*dx|BP-D-Ct@%#unBx;Da&ec%C`XXg9DiuSUo}?o zoAJhfSg(9HW=P<9p8(z25PX=?50U@A&jJ(%%Bo}u4e#}UnYo&D)(5AyP0{_IgvEr? zOX|g>V$~#7W!TSEzwb(Bi!Bh_kE-9+{pe=!;D%_aLek<~e zxwY2$S}ODWSDlij7}PyWH6WtfEPG2q&zP|T=NjXUoDlq&+QFJ&e5Ewx7Ag9K@zj@S z_$9yLrGCSOYKm%6n$iSgt*p)XV+{v<~OYOdu(LG1b$7=Xvjzg_Uo6u zf&F1J=Njy}sB18&+$_f8G7NGV23arE!Ml(0{03Ebwhe!mP)u7g$Ko})0sN5RsqC|8 zrEaR!&PGx>0NxllaD8y&i*Io2q6Fgx|D#razRkcpLEs=>Is74mZt(RNM68HRBC@`W z-bBw}b-^GCEDhfzgL9Z&YY{DGvp}{DjpzGW9G-4^R$zY(2HS0h-rZLd>^GOoz1?|? z{(aiA45GB7(hvqy#s*?Lvg>4E>?8qE$baDufXeR}TmkFC$eKJBtet*!QmoSf(~Wf6 z_c2LnNS9k!E9B_!@=M+HVn@sEU!DEzzeKzdxVwhLJ4v@rAt;Flky#hs$Q8E}e?@Lh z8Li5oP&A(|*6_$*{w0*&LzF-|8=YA4h^*0NyfLTi01k4$_I|t0mCd>Ze7J5EI)Eiw zgTEX;NBwj7M7pu;aog8rjc6SdPUz2fpsy0RzCvE2EgwAn_c!p0C%Eo3iwQie4Nl_? zPaA$Yf$&u_Q-s0t{4R=x@?(F#UB6me?$77Zb_|_=KsukupHbx@1`cUR`5Zw*(X%iE zB(RA5CV4PcdA&P}k&Xn{yhP^Z=~Qi4Zqn@PsOO4TliIHt-5J6Bq6F+e(N_!Af?rbnat3w4ghgW_+X6xpuG zLGrh=EjUk2M_4mr5+xQ=)G=qIS)l{8OR3Ny%PK3(jfl%$<_7ua!NU=gxyXqZFEREK zql5$RrzS>R;PZcmZcT((to`KGAN+u+KYtraW4gaYduuEq*qATb^=Lw8T;@GNdYLa> zTNb1>oVy_Y8TPGhec6-Uq&hSyZBMa8s3-U<~5j*%AEaMwWBp z-Ofs*G?926>of#+xH{jkU|&L3$kPtm)^)d5ssgq$YE^e1bD&&z-?LeYQbUlp8N=VV z-4&1(exSO$i==Ap?q2_D)#whl&~0~5xH@kMtrW$~I}Glm^rm)R_>WAMtm{vBSkQBn3aX(JeO^j1Sm#uBIf zNn|y~ioX5aV*Ml7*sAE251#_N$wy?pEk?J2Sh+!2E!se=2#;>AJX#@-j(R-mHW0sy zhT*u(u8^#`no*mBg9LhvQ7^VxN{;&A%>?vA3n;N`2VUkj9(L{CW(j6Ut8F_gd;~SNo3^2m9GU{O0YKm3M&kCm_Kl4MdtLF7Oy2mB;1E&jNWRZ}Qru%jKdgQI zANYbizDw+}l-mGX^cBNW(FT}qN=x*e5fkv#c+Cy452AV62H3lq@2EcPHo)G_?s`|Z z)bK|cFG$zVdiau-^lWI-(g|is+`rB)iK+fA;pxf5@!&;%`!BJ2M(_LR`pHm9WEfAd ze%{Wni39oLc_5XWtwrkZ2A~$4qW( zQ^o1Q{fuRZp(Fu}6w{@iri*h2Jo99x+dq==8$}dz(9hMLKt}{6A0dCc@Ll}5?jvnQ zK~OaS<#l@S6(VTQfz^ky^l}yFWm8$;v7q~;h!$@Ok{jCpTPL>H!wS3eO>S+qTL&WWTl{FSI3e(Y5DEJk=8wD#|g>(E0SF!?!Fp&$r zjF0^rTLN*7DVeLXI^3m{sm9;(=w8U@MZ;704?X^{jsMW%50BwLGx!e)8WeZD>M&$Uufy zARf*vUhD&@SIC*^%yv|}PdMENHfyzz%69{zxaWX17-;7~*{;6m-DkeQ|^T*I`Kg`q^ z+;+H+NxPZo9!_D2Hn#q@0Uf6Eo$%vJ!H1qz4}TF9Av+o~{ErR1*2;>%(au?Zk(p{7 zk+#S3^(Yp0OILD^tXk2ll7u=fTY~g>$64u0eWbTJCig5g2%D*%dfA-WPg6Ga6%cxVEMh|!4H_@BS#)-KKyimbOd6kLrYbo zwCSGfRezJI-nW~U4}x~>QcrwA2?`EUMC?2Js34LxAg?J7)Gf$;In#H(HXcaeG6=5d zU&YrjQSD2a!r@Y_wZx{E%thXH?!|5n!^f)&O-V0a__=Oj?mDzznEMhsTbTQ@yIVcY zb}P|1HL%SIGoX^qV{Qh*lXNR!025@!h%)hW$&`68DEiI~@NXMHsZ9iQXmw0$V93;r zU#=8QkbV<7Aw(*cCiCk;Ct6S)Iw3044Jx)F^319^fAu`{OPeZd&p*(E?ThYasmf*YaZ_&T$yToH&$Ft=GV-;G{e%`YO_!U5DfMxhc-8-njo(6qrd zWe_jXbZ&6*1Wo6uS{Xw`hQN@g<+{S%-T1#`jAwo(;YLE$J7wCTr?!d zGvn~glb5UsRN#i{(JOT;x`tqb$ifZbUgc;i-mB{282ayBK{VE)>i2Uk6%CX9QzzK=o2^ zdn~Vm>TgXp4+wg36JK@hZi8{uj+FZbD?Y%55AJ1=rL^^yAg-@+g%ZCo z*zyg=OlmfB?ip-b;eAUx;h=`B{G;JzSo!4xfv@TElttV)CH_8kdJf%VGM@ewDVH99 zZ;*JN2C?Rt`j2w&v_}0V(ktO2Ob~B4Mtv@2-xq-lrj_yfZsK*=ZNemh@eDu?#OvEg z9rX^7f}PD2f57li#aoPl>#R=>)0_Fd-BiVm0$r+g24@^#d5u;_r>RD@>s4zA4vkf7 zFx9ApylQiUhFG<^rW%!*SFJq=_xC$(M>TYAOr75N2aMc&k)Gpnm^nRu^eqXIGPwDW zb=|&jC8mcnCN#mCbD+(L;=v!6ETIiYGgT>Xo6HT~K-@rJM8W+dEEEOX5d2!|aBHE> znqk;lfEm`LIum@1tp#g_0mC=j)9GVq8SW^xi1|;xuU>dC%KXUgAf_*{YV)i6UQw@cmDp=sa8E9Jnq=Z=JIK&!l ze_!qc!p6h}9(&mQ%bEW!SARd7e?IdQ=p14SiO!)09f%OQ*|AB)NYenpBSm{~j?IYn zIwmnI!QgRyR69P(5RwPKJ~*eB9g=gWV{uaXA``jD?-x-a)L=C8UBLRY($I=UOYm9o zkEr$h{R`E1wei_m@qw~oytZ?$QHhuRL53*6`cTE$8xcGkuie9)DXWeL_O5HQ>kTe= zRcr(ht5<-*#^RUqs7G&4C7J&fij|rRLL6PhV@*FTk_Y9Z3kICho)W+a|JtKY)J-wl zhPAWNIhrAu3$#{dk6_@?xBcQxQkmurxF!$*Gl!tk`Ig<S9T|`b~{!^ZW$?1P%X(3kAY4SM6;zY&nmkl6qdi#HvSvkNTxBF!ZRiDIN{pA1kg0 zz!C;o!AzHf;YZDpiG$D|%#8|-ond*BVZ|5i@TUBn!iy6%g1i*z%cu*4_juBI5<8Yt$(4Z z|BXM^uFv&tEWrlgyjuJFJ3Z)e&@DOtRKEeP%c z9Ot*f1q51nm@#hka}xPC+tEt!+BF2*#oDDF5lAfbHvVt@)7tvx9_g2g?5CE^esmeg z>DG6A-(J#!8i!=!qiC_lwwM=dfwP}0qb3~9RM&~yFm8=EX$Y=HhJ0>Sx*i^}u%{*~ z&aoN8PuMzj%t{!HG5)GO{mmi)4GYhzwcV75ph*Xp;!kMLogct3M0=Kn(faeZ0;yFb8k+Yx8DM}8;Fv^&;hP1ywc}ks{;sn`fPwJxvj@A5j55Mn5w8U{q zea6vL6z`WUX?C-as-7}P0L{T^coswKd>n&sqSiIKdL-EXK@G9R%~N1Sd-DXk*BX*;K0xt+rR1ZYA-3@PAf^TW4qZ9r{ntNLSl7m&9x z4SDysI@Hm?@!2~|1gm78;d*go-rr^MeGnpmqGD%b-n}2Q^mB|z$-5k(nNikiFnM?o zMxN~GH}As8baPH&omDfSVF(2wPc}$$VP#s z;ZPH^@|lB21_Z(AAHys95LF4~Rp(#g>uc(T$GBhfkPOucOl)1f)t2d2+$h8kD976` zk~(scpcH)hv$2q8o0ee#=_)hS$rUenQ9KwZ@=cB%hPvw|aY*n{YXGO$#N4uX~RXxxb74Arc_ zKn+^{T1H0z>%R36lr)hcfMZ~Gy^HfdFaM_CJ4l_HVqY%R{3;$d-^;+%&YMT44q?5pPhlgN)jOQ(Jl8hNl#dqqgxD@ z_)XVZEAz!&d`qt$9!|g4>QzajO;CULsW}0 z0B3}jf<>#05voJORz`7~ZF~^tdLTwt0Yn}kM6<#Ig=T^rJ~3q*Jv));-EVpwn+jta zbra4ZDjNAveMi-n7A$}anu~s{(1>YB?5wc@jJky28s5OPjKi&>&Fjl6)>4Mpuwi;( z1BpmQ&I#AeSA!7p(h!2YdN&VK5MqTmLStOF7{gO}GqLgmOQ-)VW`9dOqUm$S-hAOM za6-Z(wDPL>dv^L1o!Rl=0nCQB^2ZzLZ^r9lnivi1!u=@*N&%xtpc}K$3XU*F4NL7h z)HXc8a>|A|!X?ReB>n1-3U0=ljFsHMlGxHA@CQr-wOwRwXuw1QrM8CP{o|1QNC~#s zx@x`bW|LyQB${SoP5Z3M!~k$GSU25d7YwI@4gMHtUAP_p!T6B#VqrsR|z_j1tq37>oHj{6AefW%@X;TO^67UdqYWf^KX zWtUp@d7?ngs8N8kqn4@e1F9+ZljNB+$%y*v-ld8>J^W24Y z@z!X(DnG`Jw~Lprp6^zSfrbn)2tLZ4ut;f|0kSE$z`l&m>KtGY93HRkgEj~MD#a|| ztu2%?eeXnPvb5+Wd|oHIg8sP63(Tv064SQs3te=hJLQGO2$^SB+vj@ujN{Q(lt zw@>`{)vH%$i2~@FKvt7ICaepiLE9r+<4EFKJrGpM&$%x@scd+1tk|_SXgE&~+1dpS zz1D^E*|!g6>kU9zG1nZ`CGBD@M;=b^KZNm#D>!R0TV^(-=QOs7+gJ8|hE1c-H^7Lp zJjs&f(Wj*be$W*{pRsdN=yRe#^Pv3Uq4ZH&DA$9_7FKaeq3U!;3sF-!F~Jj{~v-+fK<=rdIWo>{_c6sw__ip8%#_vPvX>d0!1= zDUu)q%m$SS6^Rs?mXkGSxt-9^&COTB@M#YVq5kYWD1P zd)5q(3$MxX=qqONIT|=wx4!lFyvE~b#je+2f#GRyymxli2((kGKRtil010AUHe&*s zH+2S4gw^&I{up01X8HAOF8Ng_T+Y?}(WJ%Js`(?y{6m;eS4OP7zAZ2;Ny1n_RwESp zUx|UZ!Bv|Fogkxb9{h0*jrqb{WMDIZKgo_BwDKng&QGK!tkmFzKzMLa^KR3ob_~!$Qe(^Yc>>b79*g(uag@}5t28A z61c_Ky_pEf2)eD(id^`BBclft4hl;dzomqbl#Gy+VnU*|A|Y|Dd?9g}8mB=w`h`dZ z<@$<*1Wadzr0fZaFFPV6sAq+w90>`Ua6lZ0<=iD0V#H|d&T zTy`6SH7eV#_-I-ecB7`Mg_uiExZ!CErD8Naj1^$Wijz)p!>H-uN<){EzODTMIvt)xj3Ha_|uW#?(m&#M(mx zNa1~AUrkhXR7Wvf{=Vvtu0uy48{m@IrkguNY-9;Dqr$24;yU5^GMJA+t(~PsSD6+A zUX-{I=Q;7fe|S8y?Y#<04Dd!}B?18=@T7sC5-5lNNitk=UDWy*gP_L^Rj$*BX}& z->zDm!XTZ5Au3*nwC(S!805FtnI%pL6#XN;t0A&X2S{%1z#M$VCW~1JP0m;^)?66` z8R`ug+JlvKy7uS?vm3M}s?@Pzhz&9*T(NzQk|GI3**Otn5_v<2&J{0{otB?!1|jqE zcA#(APH;z52X{0zDAf_gw>|q6(8g5=B;E$CT&%|e++Xj->o)SfCLUn81zVy6z@0~5 z}Aio-+y@Xj*LjQr^%W9Ze?7GE%FKcFTHvZ=4!TzQ1W$`L!3&%ebAI_SN zM3#v>zLljP%$n(cFl(1$`i0GTY-8eQZ5yYbcbhD9Hu_>B{rvX{^z(0weuhnfmv=6v zIuOB@Xtz~dCu(+Cp6l5Hn1(Y<4g{qE7KG&OXY-)0d+{ZV!Zu!p;f5hVFXQhyh`+T0K5s8dqe>KY2pe|@rsoNkUvnhg}l3%+lXvo-p)2H`gVv1TA<4r7eb z5ahtPl;GO^(2Bo{fPJT0OWg5!XbIhYiODEsQy@c5*}nzxxG$rZqOp}x^G+>B8IkBE zHwGn5@$w`;i8O=%>rjI9e7lfjY_I zPB?rl3d<0XQ(q2m;>$)D87Diypxf|^8N!2UAAVle6JxRUQMI6K1jlYFnZ8SHiW<2n z4qk`-UNIE@LfDt+FoJ!U49bcGYB)8b?uojfmoC!^Nhh5xR*Sy!6ABzJsSnr~a(nS#p_$ zKPJserv$y8dnPuBBQ4fCi2ZER6SPz?HySYESy2n8Mr@1VGrWTxQH(1!%IxIqW|JwM z1xK2uLNd$EWyr+)q?KD9a6{QSC=Dxi(8 zs4QO5?2#aICk^M-y*;bZVZu>~cc`}F*Q+~Rw~!r{*dc~ohR=h;Cuc~C0TV7~o$bMv zFRSh;Bn;D7Ct5q(ZrrcOe8pdgx-rbfzUX`HqkWBG^#xbRgHEHtmGB7i5){^WUI~?4 zREZ6v^D;~UXE_n1Zm@Aj161BCJq0jIgryQXk=+QxPU-e?%t^TrIohBf-7~p^f8g?dvyw zUpHUnh{L@IWnL(Yjy^>^kkO1vBLQB2fr$KHHNrSVVQn>s_ z)o^Bca0J+`>~T$wlq0Gm!HPdm=Gbh|&|j;ItP3+7#mn%!OoDdc%tuw`mmz;p^Xu{P zRlY)XRi^L50+^NS`7{-_`mVHRLnL!(3M$}S>@_>aD`MO4%FN;hmkEzVH~+3&n7i`e z^?^T0!_Qfo5^H# z)#%UuI#xZEYgK=rQ%$Nb^~Onsry!loFG0t&wfpdE{Q27UHoifQ&lKqTj63HPe&C<9 zxeozLnz0}(IFZf04Qht$7f?1}b64u6)(GT}-RbY*z=yyV~6*g`KpksO?s! ztNUfHp6b-zQFG;hZ4~#RMSYCz(ms~ZLW#`#g0L=vc~$4paga0#0t+%3!GQ&9JFz5 z;CaO+;3*fTmtWyJbvuynt%;{Lxyv>2@vIj-hkyVj3d=App=FZdRSX8wVB_zOZ_9`} z?~h}e@GD{z)yB@`|C{MvEZHwy2AZZs;h`IHB}|9)6Q=)BrQe&5lhM??uwg`mSf_Xk zz#dOpwd1ggZ|2KL{f3dZKrk45!dp-q+J9f<-LS>XDF^%h?q864 z9(m3$-|J6Gcft6pmu^VvwNbliOz%hrhu=$F?BJQ~w|I&IIgHHE- zjlB9AdQ)%l)+U8PFiQ9j5=u@yWb;_XhVVE1mFXzq&bp*@6A*t67Nrh61Dw6S%Iq00 zqi5GGo}JkSmQOi}{X|%J&Oo7L>ltWTA=l5BU+IYKF9)w6N@szzqx(>g_;Tw~c9o3- zGzcxz);k>zVosQb8YQKt?KslqD^h#9#_Q><2nZm{3OO3Q9o=JlTQ;KmBCkffF^6(6 zI1UO2bL2Z0%m41Wa?9dg=tuN@xIlU#acQaceaa?{Ny^Re;IM=6?67odj&#GfNzc*X7nPI&Zq4oj1BW}M z_5};Np&r9V^qk{5we+;-Q=|^)>2Udk#U+K{qruT>_*@F;`t@vK6X4Ti`>R3l-J~4f zAczy3a}cy3Rx=UBmy+UW4=pM_p1Uj)oq@OaAF?ri*TZuoYzk+%EWe_G`=&8Vx&5vB zXNp%FI}mmqXIQtAwq^^&WY-WN|EgdX@|fv8Y?7*29V!#osesY*_+K_C0j7-FmuYRx zM|Yb5(c^68V1O?X@q(b9D?8rSQ*ShqlxVY1+=h?Fn)U6-W=VuG2w%Tw2cNbbc!&i1 zlw(Nn-*IWEQgt^;CuOd_K=LL}Yq9+lF9F!rvEp$jt$KPA z?;u_Hf^_P%bkx%`pQeVvdo|~KJ@G7)bdo0k{Y1iO3}JnNA0q-97nU0Hlk9lFm^gUJ zG4U)Ij-BV{oPa7nM-_~^9;KC*F$c zR9z^uPZdxM=5n3oQL`tf*+&i1al(h<+O!8#E)xZu?*q;VeCbP9W|id7;K{(cA@}E( zf6c|+e3p6}ToE%aR2db#@b6_|;uZi$#GvO-O6`&*S(<2DO-q)x_)(uskC7TxJnX zW1tq~=d?bUxqWgy4~E<07AAAs`ea1htG#t*@hMdx@T5~tGHZ-MO|FZa$>mS)kzhJI zhJ67fTlB z%@fqBk>b)Vga|;0blC?cDp+Z4?NgJgvv^~bT&e_ZnxGvYPWcMo^Q+aX)i^T0lQLH~ zJ7Bt86tiu;!KD1sgyywR+>AkI<yFiqW47Tsf1aK)(JKlu#S+7C@Vc`5-1H(o&T)CfM`TLGObz^xGqPxr6M zw_O&@n|!0d2lHVM%uNv(YSa`k@2mwTlW{wYkw)^40C`uGMa}*RBEWV#gm1 zS3Fs(@l{^qUtsBs7Ig84Zwa=1Ni0t5$O1lzNsbD?DfNxIExg^Fz7q9XXe5tHm}HXV zYX+Eh?o)jF+s*-*Q0#_@Owni0j|g*s_L;`H4%S2wmM;seI|cvqx4XCTxYN}a1QQT!`^dDkdoSlFQS$ZolE4U}tH*<5z z#^O_tj+;yhl^RfK5DidKOqbhLkC#xCHzNE^mnFyNv`C&Ryp922y*~7ZePpu_Q_f>2 z{7ERLN2f%i7t=@2gqw4(BNDCHODP1ii17lsBN)ub7u*=0*8{QlphoyZQ%zjy57;)k zkREB1HZ-x1m*KpI45+zeyC$aVmZYmX#fg2C zL5jr0(Zna_P!p*10tZJ^vU>|?S_*H4Qy4B*VF>gP&AXA(+lKpUe#K0(mAeMbrrhBW z{R=WUnt_}q-F_&_k2`i!*cpS!^eOFaku$Y*;kVg5XtDJIZLxSKfo+QHDHJJNDF3>% z6gx*1^%#n@2|r2VS!8reFtG=y+H?nT><=*^xA^lY*PR{FkoZ`>jA)3LsjZ*p=_sFb z)z3tW**GnQq-*!UgZ^uNz@|FP2DXM+Ta-pj* z2P$t(;WP}A|A8G)O`O|{g&YjZLc2v@%-i}Q!^a=ea!zaq=B$ma-E*h=NukN4y`%RX z9u_5RUL=LZCx3(tR+PgHRwJkux+u3_##HApWKIqzeS5~3Ftb<`nh#@EZIvaxZ4;b8rl@x|@ec$%$ z)6p$VXVc!h_yba8v^ptQUHD%p?7fTgfp9#-Haa=@qb@ua|9}+*8lD-J$trfv4L)rU zk+W;s7+y%!7=x<|g#^6quFN6H_u3?&>hLJi@@M#(If0yP)Of%@oXFoo#Daw3Sd~GB~Si}bQ+W* zfZGackNE&Qmw*x8?;yb(@U7y+;37z`l697E^@0tx1GPN~34jc#e_>c#Pa5#1fQ(DU ztc+?p%$S&c^FG5{%e0)#LcVVSV}O(R1HQjf3QeYnnGq98LOUi^s`HA-i3VQkm{!P! z-0~S_3~}A{#Ocvoy;*QKP$@x#FZa#E=b~}=^81^z8OO@_IGS}F{J}V)XaFs#f)rAI zZ?vt?i=cB@rb0vTIa8sKl?q8dl!`niutK+4``ri~E4~U*v&-870>nV)@Yqi{oByE1 z%x3&AojS@ft|8p;D(}UBDq^O_-sU)7*@^r?BMK9b|6P>5&rAz~Y4toBUwXYa*er7ekB`ZaipUGL$VgW% zqx6bY`XDRuAAp2qC0^?xHp$*JYj?>K%8vvOA|=&Xt{9DkpCAFZBQ*77*5c2)(5xS{ zl4wR4+s!O6$%~ofM;SB0F1_9>DlpBM z$r9s!vaQcWCE<`NE-D3AHpv8PxpGk{#Btm8;r7xi-o<^_7Ut7B!WaJlz3uVpS*T+F zc2VPA@!@{NX`xFO`EXx%Srhnhd%nG<4~L_RKx^ei*J83UEU)7vvjiHY05iz^fP zGv=cf1Wc?uB?KB=rI2++N6&Ul6bUmukr*v(LV1+$ixKG{ZB&f*z=Dq$!7>|WZL$OC zSr&Y%VGC6l@_11nl@7k$3~%pP{p)qS48W;T9d;LRy0=ilE%&r;Hb3Oh z&0Z&CN)Gm$EfQqVl3kf5Z~B|vf^%!ZpFfO-bj?iH-q|r6Hp>l~ma|+-KNNo}8}IA& zYHD};wf(5xJT^dm%dH^j>zTqRT5E~z#;ddFq&1b8zZ!Y*>rSWKdV7LId_q=E zT!ILi?w8{g6%Z$7SDD(A5vJic(Xv``w_9nk6TYVxO!@)YgsMbiKVPuPB0N9!r!V)j zUfc>#{_wwMarUvj;RTbHZC?G)pm>r5LfS zwLl-te{b-+vuG2%1{ihb!-Bw<2nse`OM@+di9VUJ6bD!a3D>tF~p5T}3YWHzb`uCV0-O}7n` z=8s}6rubXL-W_$b;&}em6Qi-p8cpbiEhVn28$_Mneb~hJ=1h=Y*}|@O0!3Ist(LcB z`smqU=4r$15VL5ucaeI`D|X;GyVZPX>}JC_6NUP}1OS$_>}`uU{LcvY2(2)yh%SES z_dGKPvrS&r5EH8)uR?RpRo~f0mO5k%a_taiLuVu2B-!O+VWbk7Uys@$ii>l&P#C4) z&YwBZ8gESS1V1t>p(nM0LOfUjRVdwdKx>ylhca~FrG|9M@C8rH$OzC?8Lh)Eyy5K{~E3 zqakiDdSrg4L-C$u=uaR*S>nR6NjGsuh0(zs$8|Go>2l{EdPn(o-m$( zb|G7Fm$%OJF|-!`jsJ|{9|AU0qal4t3}n36IbDkM@q=-k0ALbZZ|%WU#60_R&&fd( zV|#EdyyI>zddtq*Qqy|EnwS11MQ$#VE* zy9(H4m5(Ih{>R6KjWK#?L*+!FL?@Vknh-`1LUF!fSTyU354@~8JJ=p!CHtL=QH;yz zhf(MUArq+A8T3%{qZq(c!ql^WUiEe*GOB+tUj1-EK`?4Y5Bu08K9+|?{>|3tBlJ;WXX(+DH9n>B(CTCN9=lvMl3EJHVY*fr@6y+2Sh=X~9WL*Bk zB$zV+2HnLuL6*<+V)rHWeej6?J-$E9j9D(Y7ECY);}o4A7i>FKomnx8&i;l~_we%4 zcv4v*u}FFApQkTlO7cn-MXMy$y>m*^E%9W&Z60Gr8Wg(9m_Ca6&fzVH z)`}wy*1>)r#@rwa>)FWaCyN|+Ja{erfa_iZxAXX-uEH8iN?45MD_E*;3Lo?Fm2sP| zBFSv(*dx3yuy|ef5iqDoldSG;0CUX%T*Z%}qViGI=wNg`sbJ0 z+Wx9OMiV+HjEk0Xi}>sp5Lu!TWg=U^q%JhOa6xd@PsI)xwbjADqrnL;(iVLVO4eov z*Zj?9;eBG?c#GDQD*lCigs+V-nqk z*DAk_73=I*+DEv&T=hxK|9_~v7WlY|s-HH2rck&Q5sNRj&_WRkEiVHtkYX3N+Gs(F zh&+nnr6|@<>KDLZ>L!rQHfcqX0tKo(tjMQPDW-v@8!SzDC;=)2t+;B1doe(i3Q@p* z|Nl8NbMM{VBt_8AuRqw_JC8GG&YW}R%$YND`{*m{5MP-If0FILn*1zm=5T5j#;E0| ztB&YRZ8+_BMw8b4$gC9OtuZdrOl1AILX(F0oj_4JdSO1hOXe5pO=B{LF(|jw0!wA~ z?3J4gi!u11Vt@f+3<6ljVB!z8mu&xbjuHNcOVzgj18pB57AOcF8`wSbNV;cC<~ZWP z*3S#unP}HjFunbA#687nl{;TpDq!ix^m*K;Qel+LSfzu9skEo2>%fG8_Zt7YbYS9m zP}?p^lm&X4&IR`DPpWnOqF1(W$7jULAkO{+GylFFdvr*VOkKdpUUJL;N9FComnu*_ zX0A)}8Aukpdb#0mNj;H;TP0)!Z7l|L|4g)%>c~H*h8i{~7NcYYGiB3>L=y7`^2>l$ zV6-=sioC-k$z;5x_y^mi@&{j##m=9m=pW4KG8vmxcwnBV%x0PZp;re?hA5M=4-Hx}_APXzx?yLMn>gp0+=-pllj?8GRzJC3HI?~=|6TD2G*t;2 z>-ncZOMFfyuU12BDaWrTBTgQjFt1g31={v?hJBRnf~ExmTa=Pgr&X%Spr>X8dk8&D znvM*$tP!KZ5P9jBtKW(`oD_{^3KS zc$y`tUTXz4TdgFevdiul2(C*IRLfalv}=SK%I^Ljf2sPu@eY9OX`0}G^J$hyqSwl; zS_k}I101WB+E$jLlJw8K)2ODMP*y&?sTxTjQYp$qa4V$9LHeeHlx?NRtD0QPN28*$ zf&jmAuuR}`S4rR+;G}>6=R@!uRgDU!M~t(r!k=cS%$S%QWj~qzG5)Oy=|?zz+15$1 z6bw+Sa6*)(!f^gA$GyH?@pQY9RBG|%tyw>rwG;Ae{6E;delW9Sz~C+O9uUqp+=(8f z^A$1|H(_wo^#kX4%eWlE(`8=UB2Am)(oXl^ywIct>S5E{Xh;Cy=A-M z7cWonrH!Zb@WLGxm-DjZkeQG(6wTQVN%GpBLlSZpLuI%+{0@NE)~7jNjpl6MhdFm^ z&V)py&Tf2ZTctURqdChbGv{lXQ+9Bq&Wl(udTkeK&KS%?4ukDaGUubF&fg+AkG#$t z?oa^hLB3cTybdAq+TLaAK+3#jTVC=_kvwwp-;PAaH2js$H4iOV`B z<1t$9KxVa3`zdpo?jGX|GLS@foJA~+6{~Z70=yper|l5GzW{)R{QiKZ#rS=#rp<6N zaJ1LPj}R%E*Xk2wpjDrydyQ#*I>c+d6i?{(Pl3AE_&I&a@x?NT3dzZuQ$k3LV3iOO zBUoioQQ%k4y*49QCB(-FRtfRx15!Y=g!mZ2IzAD>x|%QlZv>0cFu{vT;*kZ5yP2f~ zi^DyPU|q?q(t>pnvz%b@>}?6bI%a|qEbh0K5G*nKM-Z%?wVDbRl+tj5^|TJK_W!*s z2YFKgd_Nw*%wX$vcnWc>`hpSuZ{c1gnIf*!l3?uR`UGZg(kDy@m+KQm;fr`G(U;Sa z9D>hZY`}lOf~SMWRin*=7ZsfZYtq>+TB*(=_WCZ0n2n$TEk;lg;r9qdKgj+BX2Epb z6lmhlqAHDS#GAlQ$7A$x<)u?n-OrXs4_CsvgFzlW0ge@V_z~nwlC)R^8i2WIf1xiE zn3t`_e9v>1Q%at*6#FqdZ;G6={Bx@N8EGH(kghi{=>ZBGb>}R%&kYy%AG3|52q2T1 zf~N9|}o!lT*{1_V@IzdIgLQJV2+4`}=J)4lt7Kb1u}8*^kjp zA!!n39!~0t3B2Vl4-0SqPq$;|yPJOS?p<)}-3!)90^vwqy-G=q=}PMjNm81WV0xvw{PHGu`6Uz0<&8JG%Nv>4fhAS+@=IF~ zmtWrKE^kDlJ$8`1u_bvUFTcF0C3%xOcwnL$bLR5PoW1-q$ICA_5UEYt7r0}p;QH$I z-|+aC2c2stnD|rV{wuJM)3eFFGetF|51I@Q?&a9d@IgajMaWGTdIdL8feB zoO-0R)JW5Ed!_9cZvR}hqXbx0k^rk(lB4$czaoC}+Q!#l_r#g^t($4%!0 zJ9G_`h>*kgcfKMkb zh1c}DvfCPfM%!SwldltYYlm8I2dnO9+w9ua?r^O>HV$wjL1Yo>nMtn3-_@1_jazs% z(${FZ<-i*p2cod$!0X)rFtLyWZ9#D0^=<&PDZPI6`j+JN`%xh6>k@#&}83p1NT0Qb>|&{)fR3X3d$df9+ha^?l@! z+T?3sxce8eApT)BDz5q0f_`wmDGtZ_5QvnX{qu%bFkLh!U(pR`fT{IXL2N^D_9niu#xa}Bk^U0Q>pjUlfWsEegV|1FJGJbrGFynK-L7KU;8qqB zbU3dJ`qQtC`b%l+m|@7vFyw=qI1H>1a@&EusqUe2?6YB0O-gM=!!VH@lU1=1CS^5A zNc*#I#Rou!=^ZHPpag46kS1b}=y=EWSOka&gxDl9K6zdLG|rN)%A|ntF<;nQPkX3v zfXx_zb}~kJxq&@4Mq=GG0HBRO5qUsE*sX}sw^15R4vMP(g8POf-mAx?hc0%EMNk1( zw=tR8!%Nc*W@HKu?fd)Qb!wU4d`$_`(Pda5GCwV(AJC4{FVfbr@IjV&>9fMtD8Y-~ zZ6w&-KZDyf{9SG15fLsdH;f2>gS=yuC3wh)aJV?M`Xy7pttUAMRKN>^DT5mIC0FS5+FiZ@W%0a6m5&>6#SqoAR)XU&~UXiw=&4PRhWqT^-?xn ze=8=3PoY_qHH4jN-wFvkHHVyI8}MT+g#GZCP2Sm^-x=tG(&_y1yC(0H=UW*dki0dx z0d!khf2ULmDGtuWAohA+6KwvdV4BUfSN0p1gZRefdS=z%>EHeuBrlU(32s^mCZqo@ z)mq<>t+}&HmPwr}&sIrqFY|x32UdZt$p(~PVcjV!p$aRR09CZYPoadGuyAPQ#)3Ah z$#5Y?A18d_ddpjbo67d58iVRzk*Zy|+P~}VSk0pzOJUz1)iZc1tTRi<3KRYU@F0x=tr(lwGY3*S;mkJB1OGP!zb{c85a%H(RWMo)4TQmjm_&PjHJ z_niQ$Orl3M?ImQgTV!%|UaG6atrnSN0}+{A9hFIxfK0MPL?%~9WfCPIlPrNQ#bj~^ z@j4KY3&c@gK`ao=%H*n0CLgjgnN6!{-b$He#Qf6wTN?n~OP_{c6q}XY>^08EGc?Bj*ay|8*?N5s(vI^Q z4?!C69E2R@jAXx}l}kzXBh0G5)qi+MBzpz8as?!N27$E7$8EATw-yWc>$_99^^-W6 zWV4lT$hF9KGi0>czYv8oO`k(I1RoLcR(TaE&v`nPQWZ-9r|2S5-khqvhE@EBJP5kh z-Z5G44gN%J#ln$kWLPc+5=Pcn<0&fZQU6oIPR<+JQEL01dJkggKuI7KaU4CVu2n`8 z`iEhFt+f(N;0sO#AP$EB{9o=S?z=qh-4g#bwSQ0bg~(D~bFuT{Lx(`8s?j5snHVWE zDe_E4v2_N4SdEwZOlFPG_1h0t1i3vt65BRnMNF| zhI=2d zzFLZeDkk7>HUG}X=Sowl%-kspFn@k_FL+;dCCO#{oJ`IjkV|#^|TH1oaF4I%~Q}G-Jr>uz5s*0-vs{0&=k(p?PEpQ3eR$!VZ|Mr1tlk4wQ5p z6Ys3r1qJZHa0u{b9$m}>%2WZ0^N8R|gyinJNG%*0k@+|;^fiol@U&?;-9hIZY8`D7 z&=i}SCNhwnhiB|~!45q3?=053hbvZB)x{+LXGahXDy;~fvrKSYwDY17;HRjhnE9W> z4eUU=A4t=b7%yW&>@%Ul`$0I~jv*vfIG zM!`~k`iGR%U%1%oN1-| zo*gdWUUL=>$EtdjT83K}C$bB-_%mxOReor%T29WS60q;(+*_)=nZYHgjQlZ&;mGdg zsVY4`mnV-&D50>PNaaVq#wySisxQEL(HTSZ1;3~Laa;mPMGw7^&n(#jH(npE9qpa3 z2iGCbb_&TCP9aE$P9b*_h-iRD>JddVpJ^805Rkdq`YrRZg@P|y=P*s+l;%P_Cv#@1 z;50PzF*iZX&CH$x66rpnsavHc|tVf{H>_XwMc=|JeU|l4ccQig}UM!Sb|$`!2uO4 zTcE3;Q)Q1MmQF9#eqPho7`spjSC35()wx4E5v|9J)4Zl1yBf+g>F#pFIAOzJElI{- z(`YtTg%oobvp|zJ9_>IzG%RHD80mRIZ;tksb7F)4xI14F6$9_?@#$d3nBGisAb6@& zP3Wd$OQoOhEvNVn1M!?Oz3JR81p3udm7!ls0zGj=pmQ8hH<|5B=$)S{9No2;mF2F8 zsLsbUa^p-)BR|B@TMC1yI)!3t8ZVfl)PJ)SL&}Oufhpcmlx~>fHP=x)#A8bjF_H_0 zc!2^zC)@#jE=wfvBVm=a zR)RB_L<2V(_o!i|M@d#bo~6;FwBb8w7fUVb7GSY``$PoW(Eb7k^Dqj;nUn0!QcJyRC=I}3W)*2vGXy;%!m09H}jDY)zNpbY1Lw?qX#&+PDc-B&m5SW zJrimg2RxEnN^9oKdxlrcBUsIIp{}c-z^j3R+U>?{|H&?*m#JBek&2CA)ywIPb)Ukt z6*p)dn!j(gW2(HOw#N^JfB>J|0ksmd{q5tIaj*2`UuRunBNd?^j`p)N#3P-4GBs$ zTyE+5yKt$Z^jKF0`^Q^TWpSKS7DN7rr-T3BD;Pp`4E#at*StG2v06sbWFj$I1_OdsMdb7+ z1}u7Z4HeKrb)C}n(n@ZG@m2=V>^QJzFq7RVL>ZXvZu;t19Sn+eMteSwFP-P~F2r9t z7O)8P_mIea*?&Td?HmBV>vFS`qw5K@_@3ExEa2g16SP(30d5UNaHt-Y2Y|of80CR} z^A0;C*}(=_fKQf0~4^g0})jPAdW(((k?M zBzD4QTDD;ta`gf%5XLJ0FtFjh7KboT@Api8*K0HDwP;0V?uL)Xx(i35nWA9f$iE3z z_IF#7-*r~@Nd>KdPHSW!-me3J7bAAF<|K@}!eXXf;I@kH59|b3!E{a}x;Q(}!2Xwx z<<)1)f-BZp>UDmamwL=GgtY)L`52odQbz)n8dY~Wl>;fQw1jJuxq=)z8BA+BsG{H^ zc6^9WdgCJKOuIi%eTjI1hk*xXmW}%7Uj6}u(XH9rRuwGX@5kXz%upaP0tkT-Iv36{ z7%)y>lKFX)88Q}n2)}Ez%seRrW%h+>cFo$*M~*d{ciD!1;m}@f<;{8uuA9PE(A*-J zJ7@z7J1*gy{zz)jf}hKW&Yr?PKT20Y%sLNc#0+r64o5dJz(zdc>992>OIuN!88?fq zOCa^=M=3hX4=E}jF-gaXT$vTAqxdz2!emq2gl#Tb|!qGX7Y17gIx#qFDSNGle3TCwW)RU@Y_?`+_eOwRV1bmN!3iIX-nL10>!o$wBc z36mt@-pAgfL<%MAU&W5Md&@rwObU3PL7HI4+uh~A5hfRx%c0H5+dOx-Mu?^w7UbF6 zT9UT`LQC>?Hw{b|!-j&LKM|5*8!DA2nYaUUgU-E5Y;@aXF!)cYz}}jzH7J~(5JTMVFda0 zDh#O)wZf_UX-6*l;>Nk=x_Cwb4o5DS&8Q4tzP2~i!&W2#`uY1Ns&a{ z>8)Pdmy0Vh6J{Bp4lm5eoLyX#1|5X?mXU?|mX_o#0N;|l)d{nkhQ0;i3%&<8h;V(V z!*&Nb(fM|&*VL?~l=#TT0p2hVUldiC+&Gwr>nt_A{&k#xPSl^VTn-`eH zF?;p-KWJp~y#U%E-7t)7fMyBofkslg^%*{4)dgI2uJVYzB3Q_GDA)ZZ%=C&Pb z5}>nXLd0NZGXkvOd{8qNAAxh6_Q)z2l?7a+cB)pYL-F*AeFp4G54|2JWG5PG6gUFn6AkiZMKldVkLTewqL5`bqKDkr%mF+uT=p)B9=3xnEXqKwb4IL%O{T+&YO%N2 zO)A|Eww2}zb|Awat^t~E%5M6dK&l@a&RCzqX-J0G_O{46iqJe}tjE(sV?B}{HP)XT zW_fp9kV0V5Q6hW7#QP!gmyWv-BJg}nU6Dm7RR}* z0|ROg_i0{=@!kg!TcNr&I+qNtEFE3 zQISR*!?+98DEH@Ch%jKmdC*N=C!A;UrkgxtHDTP}eJ%Qu6Z?fo+0j(qeYbE&G@bl3 z*=rhGluTp&c8!)7kJUj!K%N<-mLbD8=5^R}120_V&8PJz}@Z7Q1I!@0k3Jt?koj)U4cvp-#e z4#7*h1Bp^`{V5+|iOrJ#Npt_jqQs%go^1tX!nuD}lRn(sKkc{w$#Z`TC0OQus_8A? zvx7d$z}7A*HL$otUCo>kt%MIeRLV*?3DO@t#f@t)UPSlNzHnAT9kL3ng!9O!vce+U zsgajn@tEWeXHVQExx?8L-;&(n?1?(b9nPLOU2=!BCuU3Tj@uJke$8P0H#Utv#Ng()DYEHdH10a!7OZcnU4lu%%nwMFbJ1BX<8KoF>R7>QsuLBEb zF+>$_)Dk%Z`>~-V^1g4O4miB<=gnFod;RLIw?t0f6?*J?ZYK}7hEYo-oV)G$GK4S8 z;C__q!H>?`jaHF;eGY4uaGuK_+O3w{cF22?`K056r* z$A-J`Xx|DK_V5JAT*!qzo`+l5Bg-!A&)G#LeniPu!2p_RT2ZgjX-L^8l9H`HP2s{< z)V1I#tjF+=77;uddI!yVSGqJB>7fd5*-BF=-LWV8q24Vzd~p6}i@7t9z7aR8BN-7J z&0N-n=`Gb`nv>7RQ^qzYUx=raHz!}jp`?K>EIiBnyM8<#d&0i%pK`N~8lUmU@1`pc z?~>rx=qfdef=mMmQ$T>FI%gIRUDK1I-VH6Qq%;wxdASJv+~1_wK$fO=M2ci_@wN=w zrIp4T7VU`yxI#}Xa5XG-%tGe_#TmNL5hqH7Zr_JlrGiT&B)G!ZpFBN%hn=xM_%$8Pb$vrAie0g zG;aCAir5`_$!mitQvem>rMGju)RKJ3jo!_hu5@l+^OWeb_0D}>rhXeatO#Rc+-`)S#K{e@pgki4CCgXYdTPBV!GE(OcCN^F1Z)` z6Jo%9#MBL^Eu)x2FN4$As+jjKt|1<%Moju;!Odprot3jm`l&v1P>J~=#pL=nASH7> z!u4>PWE&{07lB5K75n<7nC^lIRqLw!a*Vjvv4pQEBD}=KA=wU5b(M@`g^Xjx)M?z> zsYUof_p`JOcmP-IAj2Mr5$k%;Y<~Gu9>kzvTNBM^nkQ0qtU>3XNEk?#_jfvtAzZlO zAu1{u^Eb_FJq==cfR4HuYsM5ks(maq=FzZkmI@*J32OcRXW>fHgAY-Dc#Bc%4|~4D zsP*}ez@WsTV{;F~()!J`7QI#~Jy9e)HEM2g-Hc$KdZef8H)BWOOL#KzIa-;9ahi-zr9YLNR^^%OGauDTtNBU9tB1vV&X z9ph?|=KC;GjCnRY`UBXOZ{D*q;M!e|J>rv1wJ=}DY|1X&>L2%xUCPQCEVdo2}uOD&tHe@1Au-ope`7UN6o;dib}Gw%Eys_Qc6C)gLIV-u3I`1 z_#v~m(X}6NvK~e>XpeN1E-rj!5K?|uIVV3>ilH)Lj1J>zmwth zinDES0gKU_u~V7R-eOIiAjupfSW_LV@dmRaiY76oZ1pqvhh$Lnkm>6N1evJ>o?V_w_ zX7wr3xe;sw^)l4sWHY{#x%+)oywUnwbwO?hP0kv@E?8Q>RYjLx3(OM<4XHFjywy%} zTQSKUuO%?au}2cDp%;el&sY49E292&ceCfR6&ZyAciK##&?C@>+Am+*WkmD#C zkr_7DxX!R!3uoA^xP{Tou;-yoqef6uXV|SpGi;buVulrH%PGyAVXZDUd)~dV#0#IJy$ zl;Jl&G_U_vb)HDg3`IY4)&4^FCu)I#=&Pe8x22JKJ`%@2ZfV)`HLY5 z`#rw&@(ju7zmznJe!MKtU?ePl(de>IP-?^FS%PgqqRsx}(}l>cfmRkBc&Gt@(e(YR z5jO`QdC7T)Wq#VFcI%`XuK$3HVD-5Uud{s zP_P83$-}DGW6|ouaKob+K4!Cm3_WF%i0;n2@eu!w^zNvfed<{TlX?0{Qsg4)z+(& zR4lN=lkgIQVDHNy|5zNNZmJWEf7Z5lCff5??!$xn=DM%uUaT3xKd3FI`l0bTMQbPe z%=r1|b%sYUUVx6@!09;bzCD6cqUJ%7ns>?UQ11g9*7qOT^tbIBrlBa*- zcw9~k9tK`XRGT%}RYsnVAaxsl3lP2t+cnaF9J6y6H5|+u_@~XpB4K-~qqu~H-e}*N z(8O>}hdqonjVp}$K@r<#PeWhqZL@uoeW50mH4tFkVzb4?t55brZ738d70O#B#1jW> zY=O=^a{Z(3r`U4ejYU!@gTLY3Og#BZ@(A+PwA9M76Q;iBHMq-AFw=aO?O1fPkM_(F zd;I+SA>8KGND|QN@<&zU8E={9HT=W&)-5`wnrTdI=N}}7cSsHPG^~Kpfcr}&LKKSvFmO)va3!`(>s*CXOx zCJ|B9@p{*w0Ciz@$pF5J{_&ak^e<0Y=%Er?%1#?zq$Try+wM@#Ze?Z06Sv~r{XV2y z-6>NML*a1Q7Am3*Ik$leZ8&alk<=v+b=vQrbQSi=)rZsXU-BA9ICfbTJp8Wzi$vdM zmiU>4TQfCzAUTK$X5{_fPZw??R%2!Wg-Q6}SKv&s^V@-ze%yN+KqQbi*TM~-v9t#6868y{;A6e3F@L&W($|Q=ES0AS7n#LBfHS|Upf3A z*sy(Ajuf;~DGIB}#af|Sv{z|at;;)4v~4yOLj^$lIST$ifKu>IBMq(-V@!hS_Vdv` zNw?#>h3r%gE#*)i+cb?GTAr^7ynZiyorc%z?Q4`Yr(P+fX%F$$Po+eC?RuU!$N1z| z`nb7#ubj+iJy-zZ*rhCRI?s)UvoebEbZC6ggt@`C5{-ixXt!pK|7Rc}wq^LE;*j?@ zp`IEyw(C42!O(zt z*raO*yw&1{Wl`0*T}$jhy~Y67$tJf32P!-$a#XEL_^T0|J#1-RWPJ@)B!INBPAbES zz6_rdBvv-0tm%^q775(P!0iVqlMw5?i99t#6uUJ>L`lh3UkHTo=pq4xlE4LDY?Xd* znq>NofNI{Q{|DT0{|5bkmNZdtqS9 z@0Cb!ebNZS%kSj`z<#O(QC&4PVjjl&$90;Bh@Faa%l(ApA|m2hhlQ(K;g6MEL_|DL zoV%01b)AWb_aheG7S#MpuXdPui(WN(+jh3 zm_c^{p!wv0MYSGeIN3F8CZnOw=}1~f@+xgJPb4$F{_z;TkhB-=X-M0zv@)a>I`YB| z$CqaTjA8{h{0@%d=4H{Q%4}2X&9NpOMQQ4aXj7w$z^tE+Bm(c1+~GuE``xTNoCy3* zauKvzQUrb`xxNn-`rUd7NRmiCJYuB;?t*g*-0Pn`L;F632r7 zV!_zIB}(v<1u5v94N8fq&bc#6@P9@y?m<^V8GLr4k-=N#+>;$2QE#J;ZG{=z?+6fE zw_t29*UUF%I9-4!^pQr>8Y_F-w(LZwZT){@~yX$ou`s_9bVZ&~E4 z0)%Kr)&N7{8o&TGtGR!|c6}cjP-U_Uo-ksTCw9`;;>mFUHsKqY9L<;WEUCwl)HeZ! z&P<1TP5UARykWXB-n_vhWIY|h7f^f$ERac8M(IBnl?Ya?cTTB%GiF(}T8y%QPGALs z^c}iPZ7RO4f)6z)Bzu`!d%FJ4@G`abaGhgYOGs>R^fI;Ae>=V`SUEvBq}{(6A34Ip zX*Jvjt5JKh;3}J)?IkZ$+i-_YD4~rB76&E27w;sRWrQ2rUEwn9Zp<6sXqUC+K@Jct z@j95&W|fMrg1*rMc}v8yc9_s{K!i3T$(6j} z_G$3ZN~6UiQ|?@(#m2$C*o6#;WbdF@$@a`y&d8DZy$&)*+|;)oDdJAfzw~}1Z|%TZ zmGl{g5M8u{IuFH9a^?ebGY@bnb4ddoODp8773wKj1!=RWWouS2*r)b^mWs;e{} za?aiQk$^9uU;toBsmz4gnr*y+`D7nL`Zji#9DsSsf4YR9ZCNwAguna_vwnGB zac;SPrsQJ%!u>I&Wn>9|yyRm2@_WIaWOTVZ`I99V>z9qixjXyil8g1r?Zvs{{6Bt= zSYiD_aV}`L((jR6tY1Eh+#Q%epM=H@ZKZNpq~zyOPW~Tut0>_iKfrP{I1%c|Q8j~R zby%>l`HEs_SHK!!eL+0&jV+6(#n3$k3lkB)?njH}oA2xJ>T>HWht-ZRi`OGUD5OjP zJ71c*y}zibS<$9OGVN{!5J#yu$iQbs>+Y*GH1-ph5yA+eh7JyO#c^f9aVVg?u)h?A zozeA@*)Q%y!7_iaA==s3AScqXuR7=+A`#l*Ky zMKjzJ#tpRG%xE1I!me=$A1s9Mkx?N$Aga&x;%=LC-*&lZPNH5RR|O6YV=#r^@?#->XC; zc6;C)62a4i-MuDr{tS~b&Yyh_-?zaMtN|8(1G;N=)FdywWVGb@vmZ-M2EcGypNO!6 z1wuD&-!9!qi?P)Hv$;PV-?`|Uo2hx&zxVD}w`c1g_AePD+vn}Tg9}Mnq}UDdZ$L!- z!|AxtuVds;U@z%aeY^i^IV#$cpFv6N`eG9i{tosU@MMow7g)($Ps2*^IsW4khg;yc zYq?w`q~hpGuThC+W3p;;sqE3)`{F@F?0HW2RYgs(S3BRkAb{IbfATle%%Inedstm)9hFd6N|)b;5B%sq}BKNPfsBg z4Q9>Ehqli77w|#9#MuE5Q?z)_KmH%%QNW={ge{8uu!^>57^uU>BLs>9n)4cLa~&F0 zf=}-8@>U5{z@r2zbogszU!p#TzIONz@t|w{7MubT((5kq4YpGnIAB&cr~q?O*58-e z0%AY{X^9g+0mKQ+y8zxk+3hAp)xZSx@Ena3SS>`8Y{UuR11}5n{v&S({-k9wROGJ# zkk$UKvR_Be;Z;KTuS{x$ac#W%?+|aFM&y*0*?5x#<1IE^h!hua#l2v;_c(!63=6K| z`hihT{@vdIb6e8iqWO$EBLM%Ct7VPrTl%AYK2Jm*ap5!faqM#Lw$`*qtm+xD_ zFnvBFbOq9s5UK^O z1XYbTegEdm85hEXQ*h&bP{7vrXP0dDZ-<+XrPY&=aIQI2ufgTgEZKR@PZ#2^v9sHivEAPVG_ z0pkU@hUO6ZWtUSOx)3mW0q|AusR_pFDSK(G;<$B6xpq+w$VKhE|KlOh%<6!@vThdl z|3Xcn(k6e~z5*Krv!h(!htX9|F_U55zc>oxM+zeka`gMBJmF@SuWP#RFTMe3oEDbW zclcNicBvax{lgJKDL)1!Q*tYbXD@IX7&E31kN8xbL~cLar)ITwv5 zI!)t=c;g2~Asp+jG9WUDd;wC*s=j~PEHa8{QagWCJN`8K6P%F)yfQ!gKhUF`JxJa| z$lY!n;%vEu&8xoLmycA2SrR8Vl5Tuh<9$)Igl^=VYE&xKWJEVEQQt#>ZuIuC@!rGA z=Y;LW@|mfB4P4%^`BEsSA;fZK^aY&Z?wch)3_{-RK)*{nON-7}ehfmK1X-pnWx_(` z^FrtWXjeT6gvjF=63saTBR~ovrAi39a4+KkG}R&E_y`Pt@V}N!=PC&!z|IKc<(MAE zojQZS=%*;YL=yV|92`XXTLh(rY9`Czl09bly92g30;6cWTMB_QyB6%$0fV<}9laOn zzn6J)yIt%Wrsb%RRKS83NkgQ)wW>Yy%jB|`MG;QRD*6kT@h`kT48Mz@@%r$;S5n+=v;!T1+BlYdX zf+k6I`Jj~TMTx$FCpf0c6O6?z8jmm@IXb+*F-YPI#ZVHsBU10CmX@H8(*9Vl@k+M; zKlqWjWy`%Bq-nCMJMnVrg&rBl?Ba?3CY)%>+$SN^j#-jmmaV}|)0(Tgt5g+Y03KF| zf4>Z{vi1Eb%tF*RsD*Ro{G!(3g>@fc(XiRWg>giAd)3^aKO+yz0ydP?>8Y+pljJ-2;PiY2 zpL-hWI4U+L-O<2Tukm1;l5Jp0PZ_|NwwswCa5Bw{@n|p9rf-k${3oERt=Y^LX$xs` z^dJK3BqDXdi3zm+0hU$kPBa;8C}}XeIN|@ws}vWkxlF`P|L_fFFHO+ElMW_qb4Hwo zhd9k|9s%Ms2XR^mu|rmxUZZ$d6iw6AWldbX+(ZbQbV0838&AIOqb-L6-}C#JCqWg}6Ml1`ZV+ z6PgT$Gwg93@ZU0~;vWm?cdFf+J6?f|Z%QFsY$7{>e_AQJBN-muK&2T_Of0Fz|aZ_ezz3lO3l$56hSsj&(ZI+9o9;nX9gTP7%tdH56u-U@O238ET6zGUTPZU5;IOtOwP)^_P z+zNV=%j1Hdr2G0MKXDt@<0Sf=JB842oO?rG7?x-3BU9K!gkb| zE^oa21idO#bz>t1A~h;wHSi`i%xzx|IXko!4t(0L(4qjI7!I983^?8lItfGMq7ER# zwJ;rUEm0w!Mg-6uwF}SunO$EvdocDr%lHCf9!TZC=i9p65J}mGr)a|kuIN3xVpXe@ zD^?igSheCq#E6vkWvIe+9qk}z8$0>Z`zfK3uzt@h^fNVE=ZbY+KSa04rFtA2y61>7 zK*`LL7x9t4hC99i?ck7-Z;2osssZ04dErT;IfiwWpxnHwh^yptmDW{)9GblLRy8%6 zkC9fXiuldT$Tt?n6;lc8Ws>4G=7P7+X2RG7QkjX-pYxX8ZM7_ue zdW}bExBJ5uQLBLp9ZNax5%z*G8bYhk#9Tr)DKzAt29FEU`=QlFqCaTA#K-!;pLTO( ziTMz}tP~zui;cOlRr<3vTfraqVZ2kBC;S8dAvHih(kb4g<-cmKN6hC`=^n&*Z}!`7 z(sps6&TlN2eTiO-b}zaXYgQQZrHgPVn5$7)jF>f1FBc;PXCIGQ=KK+PFeZ@QOvX&> z(%E7uE~UBd`|#D7`fakj)X%-jzH$7kEE_;w{~tHvLe;{gm*uia^WjQ`M2w_)fjU( zqD9BwGps)#)c^EF#Ki0h6i1heP(L5(euYJSmZDCbPp9i9|HHe-yr40V5%l}~?rw{| z%oeO{(0}%CG2&Bc75IA>Sp4bFfc_YXJ%6bEDC*y}?8ofu%@BMEUo8YX`j~ORP)&ao z*0oF+>%`fFryjT*ieC1(4436{!>>92)6YiuHPZ18zc*()?pV%r{Dq-d$H8?*9!u#< zS^LM8()YEiMMH+GFv|Rst}|V2#?ho~{QwkJ+e^~TlB^c#Ce_e49+PfbikNQp`j7+V&0=E$JFX7JR1hwI2X~GBdACITWrJxOdCBNc(r&SKRgqbiQj}&z9Gf z_VpNf&ER!d0(=gcVf*=uP5b8+w4aQ^Aa4QSPw~h5W^T$D@9rE7@PM?Hp{TRH*oRP( z{oJU}+JZdFydaK0S1<*LEsEy`^eo?HzEv0w`MY z^#W0tcQ8z_EW+6;vxjD{VV3mhHO!Jwa1FC5R3&#c0}9;=*6$@J=PmeD{Ayg(vu8cR z^W{dreGCZF>3z1YC{a|d5DHOU3|KV-SjOP4V%~^4;7|DVI9lJJ(vwF9z*;s z0&0IdwE>NYljBY(0~F2cIT&kt%YfJ$NGrZay>Dq4LSvPwIRHAA&^*2I`LAeNTF5hl zKVH+hz{<3NkmizYtX?y08)J*w__}RlkZthCYq}S|rVT_$muzEpi8cgPYBB?6QUpv< zyL+Quw1F|ej)Q3pH@A=L&hMdHLQ2K_@!k0eyYf2Re%EWJ?Ho%hPv?)g5tuw}>Pl{v*!^ z=ZR|4kZ9n@0q{S5FEk_vz(GjYEr5XSB}s0tMEht$cg**ijUNjA?ep(#fJ`|TgN>{~ zEyP!p-5*BQAf=|yT=8;P>@)C}eaS@D5Rphcq^@XuzvYJv3VJQrNxJ0*V453%EbcCW zev}WUa4nc>UC-?e*Dq1{mC@I^)G7rDsj<-n6e#byhQK-}Jg^Xdp#&?Yv}1jC>EE^o z2Q#B&E2hqeO%G9FS5zQpq*_~vl_9|=VtMfTFsZ+*~Qv6jq>Xx`zx=562Y)LaUDj2#=XoBo9w&HG_1~G|M z`AdArI7MKsV_U)AuxgEdnUBGHvC3p@@3){L^xBXe@7cot2yv@>q6@(5Kt64IlqB4!j zrYtcSXNFI>I5-z5vOr3K8a@aap-cf4f?En^5O5vth#2Cc7$xtoc_8|pKIR-)y z0I)2e2F`76`YNd8weql0ysb*tr$iARhCQ0DVBNNtit}Yv#l8(w_p)YFmnL~(yPS$f zsC%@ndwFqPE~1Vx`H|1USUL&b(`|lCujrVt{@FHPr`zZ_gZ_t*@dWu6`Beh82pQc9 zVQCR&s0jf(x>Wk<-tx&M(sPOCZhlChdHzlf!QRCM!d&j-;qoT#e`3xY_%`OOeYj&F zEUNZ+>yifA-YXu7*xv3)L1gV%e%x1!3>+HH#)**?7GMHZcm%{YS@EaOb?z%l9^bc z%sAragYK`PnUKoP?uDn)wt4SBlmTxUuDtD-zbsas@P(6{5)H82p}h-o zx;7XT`cIM5LWr=e@~sicP~V38M?J}YAjS4@5QR^|m;NQM0Ikq;oNm(172YSURU6-( z)BNN4C~lpoAGbix=CPQV=>k=RNa}rTfgjvJ4+Ex=Bc&uB-b0ZVGgl6M_<9y8k0i(} z{vTmKTIP?Q!o&1fMocSyUgyE|ePc2U`FS0Lxc7!#Z~Qy! zq7x+x^#f`@v_627Cd)XLo<`>(^8mf@WeXT){v$w*qo!1*?buvDt7Bl>Kp(o(JbS(_O`;@w1 zh6tzwBCY=%rKsJyIQl*|3`)0tKvCEuWa@} zK6JJhcI7AnLzW#X5Jb-yX?)AlfgJLxn=$tFgZ#{^@wN9Px3Cgk`^;ZeGUjXtvd?8U zc*}gMZj1X=T^^FnHF!b_aH?{js=M@45#9M$NGS$~3a?Mu$5OVEAJr^tZu%HkL5=Sd zII-0NZbN+$3mKTeQl>?IouStXz;LX-D1KNqp<}h>z9mtPwb7EFDQ+h{l<*qo7o}Ia zqc8q}AugNyovNw!`2`T>G#Axp6}9Zm9im>xjq=ri{!v3~Ik?Y5iRd zK*~##(X+|BuwvnD+nM`PkSOdy_cd4cB-;^Ku|2pQB~Tm@f+)_Z4aK|tozwY!cFWG!_)JAG(j0R?C!1&aSPwGc|@Y zY+vvj&i3N$!({Ts(*Z+IIWuHzt;G;(7@J6l66xDiwtocYQ9870^bV~+hgOvC(AG~3 z+o6+{BUeN^w90m996O}pQrm{ZpIy(PA35vByWf`Fp@CX9dcPWgLPP0(O&GpkJhB0_ z8Y2B#X8J{JIUVXa5QJ!zD2Ndii+~W_LV>icj;LOwN+}JqzD~%yjLtrVl$EQwM^-fg zj@m{Zg1Z5uKy?LgdqW%nEwTd~u>hsO5&Tn{BMvxaSdO?xW{oBR5po3EbsWLHhqY%Q z#sBT^FtaqBi^rww`P%^MSl-}!N#0n5j0kVAT$DHXJ{oTj1e&tEAs`~Wp&&-)4T6a9 zhE^GwH&~@4ZwNY`;SEB{wlZlH-e3{o4L%5OP}BSOw8C=Rm#a&tkWHd-Xzb|fZt2Dx zx*d%%H}P{btbY)i4I9bowGmrS*Cr9KQdvU$UFvwbRoPDs)U<5aiM6qe=~{m&9))Xx z(4g6iNJO^)kO+w5hus2z?I;I=2ZK)Z6i}kA?S=k?6C<69k#O}vfBjS31E8g%mGor) zpnv}?ZsH9fL=d*#Hvt1rI5$YE4^QQYrHm~_zI~M?mRHszJCL>xg8Ee$SMr@6H>3BCylwHRP3oW-cgjAKq{%|=nVfm z%px-y^Z0FR-CENYK`CBPQj2rr@w?Y5oe?+%3a2jbeC)veM?uFC@nB+Y40eo3s_aOhEVph-E-VoEc&)&~4*onobly`)lS5^m zU_eg}(*k(p9Q<15i?*aoFK!DC(-ij|V%vkeo2LDTnxXIhM-&6J-+I1{w|PIr8|i~< zI;8zJ`UfF&@R2zG^+)=Ro3_g3IakP`HcyEY^R2wyn zsOtpBl`Uh7z87SK4Xr~I%Y!3&{k2a<-Jov=YC<+xbLkuwV_O1TL!j3LwOZF9tEPjWfh9ICDJ+n>2_7*HCU)e>$;LQ~Rk#lrkg&=mb z#f|p~nd*3%pOtgG2B86ikpEub5@7&)Q*s_$o<|d(*D=TodOv!?(11>JVRO;BCg=w( zVTO@Crch>4O!k=2TfDHO4q`kv3g*l!b))1G~ORIoPyGIZCSs+yvwFJOS#49M3bBlpbe$X(p4&x! zV5F8Ml9fao6`tE!zH}sbu{~xJ(*X9-;fwWzCEaeb&haJtTv5p(+JSxL8;8e>FtEd1 zGja*+HHXqrgfU>mcAXQ$0c)91X}6}seUk@x{!0`?Y|r^UKN@k**~&|TYh7$P_cXnR zgF^5+uXTG5BicO1H5E4mnK&z|rCoH9khr7IW?KZUJFT>ZJ zGEGBx6nEJydGwY;(;N)Pp@T1Wh&V-sFjcUe(M8d|AOjjK z+}n@VKnRg>l@`>v%v&y4@sbbG`0|rp&rw3OF6WD^3{G=*R+vOR^Vg7HQY)LW7m6U{ zKvv#TCsiw@FwV?i^zk(uO#k~h-de5z59jI5vD%FkP0 z!$AsLfT>#hSZd6pIP9A+%vD9k7H^eWxDg55$J>#w-N5Hl@2 z1K#+KWI+RorD0bz>5lo@YT9Pg^!PvFCms8x8>wG;L5#gWYJsfZBPv#S0@vw_41P>K zkKj@#y08}D<6nV(*&SU_)4ypR#?CCfblU(I`@ogIr2##+p8qY7*yLsv*M*xQtMhky z4mOqeWNt?}6pwoTx5T_LrD~#%_55T1C-nTIX2c0os^-qDISoH_bNUhYOR2(KLJ9rC zAKBD3p8qX~!;ZRKia@|f6wiOZdj4yZn>Wqf={aFTe=0azI8GSHtg+&XV;?lHOo=~* zUsQN5yKpl!&h1u(w_pFxQf&*Wa4skNme%(*;N3E49~rdQFleu3(1#-o+81Te zz5)gL1VK~Xctpv5&K42r@r1}!dJl0hHFCcAD;@#uA&K?^`+@kv*1O+9QG zv^Qi>9@iAo|MLtQzmG7zk!QY#xA%IQ2BDcrIURA;JQ0(QPN6qr`R(!Fam(-OhwQxL z>@u}w7$BHl$8$roo10z)QeM+hKub$u2eh!%{=k_9Wv?L%$u8jNfsg=v(x;`#sgRS zti$O#g@QtaB47q}NZSv5z&mUFoT07Wfa2C(Pq_Uy zx+gyb6HGTt5xdRMG;tI2o&ik$oDrZx;FBUNTQ@N-#fF=>tvl)_4jDdDYBuik2Eb#A$dVG4QTvz_0#U(T_IW&x?_@!B94JQm3Iv+4*Z|q<}%SjlD!_Y(Q z0VSeapW%I@jHRU6+tG)CDD#$!9c-g*Z_)n2zt3Fp@ADyAA%4k-#F<9Gwb6WIacl?m zo0{1M0p^cMtxR2%o0b~GEy_WJLiVD7y+D(<;_;pTw0?uuXCP%pkhtgp)Mda6$j|G4 z)gDU^Ocdu^a+_4GO>RrA%bj(q0_x6JpgEqII2z|YUNSpdwKdyP9buW@p$vj3t6+K$ z`O`KimvPupqb2#08+>woHn~j>tZWOeCY4J;qIE9;fEGXUKeiTd62)Eci@Mu`Z^;x- zQrWEmy8))NBPw-0`KyJ}6F>2DvPdlH`Ck+zJ-C@k04a=gB&sSc$w-j{3TP4;)r&C$ z;}PB**N#SeV?T#hML?2<=O}2h+nt_Y$@5nHmcgBhYlLUt-*7gF?lrDs61Sb0oIOI4 z{m0fD*)7qt6CW<>#@mZ~Hu(5k+Ou~7%TO_3pK5Dx1jfX4uf*NWk^AYYWjr%WeB3u= zqByZ6=Up4E|1F)zMrLiz7VmC4wi8~XakQI6>^i`RldTXsYB4^M(g;t_EvP3iiqKh~hq_8lH5tpNj5LOR5tNx72ffyovHM{5$^wCKt<5!iV&T5x zOZS-JjW&2;VR09#y|GmBqYI0>oylu#akW6n-E!6HQl%6)7+0;f&yC&@*SJXYdQtR3 zFr@@1$ff6X7pA&Svc9uFS+-2r;#uZjWb+>~`7tukk0kV$AC)!+gV;g=YC(X!a*;7Rj1! zG?fZ0jt)dGl(hDT%nuk0cshkP*C+<&qqtX@HzNQw$k`e1@_bl2u+xbu3q!z2cXh=jDz^w>}dSX%xMR$ct8w2bd z2674%A`NXZwJ6<%H?)nHJS@`AhN)lz)eG<25__$+K8KIaOha*h>(Mwyudz~|1uf^> z!{{F>h*am-jNrI1|92gZ!Rl7Y#$sh6ioqixrrGyxstD+D7Or+5qu>H+K*{JRJgPPT zCT!XPAXaVl5wHosPv}(3arEilYiORJ5W=aLuD=(NPrI@SorU+0w}$u+5H9*@;!j_| z&fF9a4G!tJKLr+;L(h&2cE~71@pNuvqusB$ zj1n<4h9y#oNDPgnMPg{k+l*{7JEX|wj9-V8y&Y&Y9X*q}WKiM-hWt}MgfWt{9G0RM zWniY3J}A53d{E@lXwT>IrQl=4@1Mz@i-ids)R2B+tr2Wpd;-=HUzTebhWuZjsDx4_ ztsYsfLh6QKE&Hb82aB8U;pz!DPB4MOAQhYWCWngn5C+cEL|YfJ zg(df*Kl5^Scc{pk+F0Z95sm1$n?psl2RhRxSd47ZpKKKC7+1AcF&7IRUkg~`tMHHe z00)ajok5?97L6M7l!)w762Kfil1CeCQm`PYw)&a$lk;{s3*!U30vW0DD~{j?UOx^2 zqCm&Ev~G<5%;C(%$6@P>bI1CG z2I|b^TIt;xiyPTBbhwK2A{l>8nn>@?5&>rvnH9T)*Z8?2DvUlGn8l}27iN~gY>*IG zh$)=Iht73(=!(MW=r2zfnH}<9$GLaWqNkAmLVf1|oG1VeFncNvz>xqDOc0)p_N2<6 zf0+3&?{khqc5=hG9U{34y{3nYbI1AN#!)iK)WS18DDq?d>sjf%QA*+xUb^X<;qjtRt$IhIP zK6H99PyD!$p0^Vy$iVI!p78c*V1m)V3z~bIAFXcw3*A`F3tw!md7(M^{9Gske1sPc zt&J>dP9bkfZXg&aT__JOveX4(+&t*@_Mn{$AfDjE>{#aJ$tkzKf0@BChDGWEqi*q{6N^bF5Z-H%-uHOh`zAgpf0jZFT zui;gXEY#r%nDw$t>i9#bq@HU@_Tng}jX9=EaI)7l*A$nWu@a5UoatVZiP+OR< z&m$ANhv@4i{Gp)%fG-F@!STnF zJSsTu&Y2YA*9Om|E(lL z$&4f_{~&L~)XZBcDs<)=#gF(i+0Zz*pg}MtwksCqFmt|*vf;M-c9eG+!e<5|CywM? zu!7SFl64e>oloW6Un8(CJiRs^)a+-by!E+Mdhqy6cSkiq@eCeMJnrnZ(eH;)e|%IX z;CiKlVQPHAAEa-VC^FczWoesvxrBe1ii;Z$RGl-o~@9(5@_+m!vlH6htF?EaWk>TJ3A}c>n#f- z$a#knFPo8;`%{@ydMkw{*jFcgf?f=x>MALLhNLuL%8Ax|a5M{;3w|1amC|SFz=BG2 z$aJ}<>0un_WoD|Usog%pYg_H5t^W|15BjUYAwdOeGN|A$P=CBduoYt@zF^oRJ%mC^ z;jtP8r6{_+mSBPCpuc4t(lSjszT>(=Ja$Ny{^5OHVDVP+Pl;@9ogUOGuu!T^kpp`i zBxo1Fnk9{RZHGH7v{ZM#JT(T+wzYyo_8PYD<8vdxPmwU#WwoK&Ye=0`Yf~TpbpIY3 z*Kh)27+SRtC9_kNSs^NURUQCaikDkVl_2^y3+I-b{s(A^e5BX2!7*Oj#TN0_wQM`9 zEn$Z8uLWsM0}zzjUWc98R(H+&m^%AhuHs&fudrua37qy51cN4FC7PRcl~9PB(qtU7 zb(Q|L`-nf%4Qj9*Q?MW_Kg!zS7!M)$KX8oShI#n^&lvv%3hv)I#y@#)!5F{0Vx%!< z-2Q*y7*9vY+5ew0egs7PcaHHR?=BeQ55O>t$Z_j>Q8a6*fc(dxsX3)J9XOmGnvV(G ze+atBsE~WDQBkN6p2fWWAIL0avj6-4Md^PBWA*Q3mhbFcz$}RHH_Y-lXUnA> zBJ&Yala!9!eXz01{hcNm<)bS>^b$kDa{8`h=X*IVR#`3T5Xb_mj4jA5Zp*kTMCEo2 z0W^!Dw9-aJ*-#yn?na2ZXcR+>2nDg)T3Ad$LurK|lx8{LT0rSf5eG%5n9QZC6c1u) z6bi|VQpq*JUr1(VVd=Lxs-ew!Dy-k}?N=<-$9mRREZX=ls3NJ>jXIpn_JX9ES1hw2 z2gYg^uE$$$JdT3oxA1Es$AT83W+Bkw8khRK%X{P60(CYi zpt?YR&Bq)7%HZa2QRXW#NhqNfn68LM;rg_E&Lk0cIRmDK(2_yirVqUG{?lTfa?X)B zHk3AtG2Y3~)pT&2gFL?w@~kUt% z0Ch#r<){jmzofnC6UH#A(DedSi;xE&tc3MmYNi00n7(iz{T%q^F}n^ooAAYeT{bJgF2aPsDt;FB_*^A7?OA6aF8@!nQ3wfYIfpHeT%TZ(U- za|S8uYUvVp7T@Q6}c3haQxShn%Rq#i*te_>j_Lg==WOXbxjoB z`%ukmnS|fehI>!PMk@aKf8OJ7+XV!Rx;jyHY5koWs(-}cL!BFs9uqTp?SAh>07?!4 zNOH&@kAfJ1iJ`v~=OrTfPwkGmZG`+%^%GKGKc*>T{vI?U&HcqYJ?G!U^l zZuZQrbC&+B9V_BF=|AZKhit|D3&4*vADENrox@Y%dE=4yek2PyRT{hl-1 zbMH-)qVNCn{{2XEpP4gf&YW}R%$YMAXEA&$s_AzCpMuAVC(m7@M8C!%&1AAOX{zuS zpPVni*6iLjx%m%zHe(Z7wBJTr)O_;jYPK`knkh)0fYjoq907MK&-X-?v^iCoxt#_L zFbj4OKMQo$R&~}hiEKuL=dNU{8uGS8ZB_I9b;!~3gzdwZuv;37AmQ)ka}{W%gTU$+ zw;mVsB7ii{=UFsgAS=sd{?l*g6XLMTGKU&r!}i0!9w=MSRLkiqZrb#p7om}B*diS2 zzfV#rmD(zt2jjBbzacwS#XkjA%rrlqX?_gO_LS!Tq|~nYlo*N&PnvvcqJN=tRY(3w zGu4b2JsNX4L!7odHloco-tXXLKe{6|9CMjOh|% z^XEP^LAQeUA{omv@@m@t3WZx8Mx^ZP2J~>|RGBZMlDtOg-PO|Ykg^w7K_n_d79sA>xp?u^1k;T!UoqF^zpGZozcq`FfZLaGEJNC8RxCCUp;)~eYzlJY-6mC6Ea zY`FTXxSWdo&=`3^%TV{l72M!00KCZ3)_{yTW6c%s`ogdug$-t5uq9kITGxj!5oNq! ztm`-S{2k^LwD~d~&~<0c4HIxU#nsy|VK_G7x*R#c!;zJ6on^!AFWVSb2DDa~>&^f- zMr{P(-pP(#=Q{Kgwn#NaMT*+Ls%9wOf%MSjxYjCEP(lUB5vKw{GDQr+FdG=;?~7PW z)OLM~A&7`m*MVPlV-^hb_>PIw*12cR$O8;X+o!I_rCi^G#g&F{5z4K ze+q^fBJ9No)7*3+^|QeYPt9wWWKF=xS$XqU$~NSrmi9#f!+FH;Ljfi3yF$*ftXmc- z*(ENl;0s`v12BJEQX7G|oB~(8&ZN<;j7emwj2O#pq zvXWf(JN3Ab^8j;ln`xur$kbMuHF&ALd1dp0^U(SRgM%hq*%WNsx(2p8$UCVOx&TV**C#UU@mT z>E|{T`^lI%adK^{saevfkB^4xR}HhRDC{J+N(PP?&8fjr4?4oGvC@Kd0mb(miuN6^ z^@{clmnf$HLf5RDsp|U-acz4)U^&ngC?urXWwdW|w`c2Ck~kRZ{#tGu7*qF%OH5KX z%=M~58m@Qn?IQyX^CXcp)E055Hq#z)=oDW(;!wsVDh(5?;O9ygq?97T?+DmDXOyZE zRe^}1Ni5{Exsy!R4RXY@Z-9PsGcaTB>czkm8+4st`S&z2S()7nd;WjHeyf@Gy9){h zvl$yibJ~9O170~^8wzgSL~coGcfm1+I&{CvO#4j%^bY`a&7|Xst^$wj49Drh>V5=p zR+pV&_*_c+qrdhFf3eMCCDxMzzWutaSZ{;QW2Ca78DfUkB z{(2lQxOESJC*lSFclqDcFN5FO&}aKYcVO^ekeHt*45qcJ816Q>%h%Sa{?Yx?qss+! zR}-CeF^O(ys>vH0Y+#}VTK02n=dN@jwTbg?LL$;4sU+63{{P7DhL0S-*9Hb%fW-WF z(a=q>EC*RcPR&0E=yrB>I5nTesi?Os7rre%aAaA6)^D7@>aWMghh>uUN<{hpHP?OH z4=ul~DgR;^+xpfs3l_e%5>o?pR%XK#(=biP#2RVmc3@(?O0R=9RS8XuwhKG^Fn67V zR-!G7a*7~_a){mJIHy@VziDSU$GRwrQvo`sVN#1^_~;=0Q>@SXIZfj*PAM?0VG`yl z;alXG%QGNbT)^V+1=Jr{aIMTw;wjEQKL9f{?ic0(Lzem>@?qrXFR7qIkv1~LsYHdC z;%tj44q}Jc-6IK@;+!5$aZ&+8GcnvPpd5a;4LRRr&QE;Kr$f#R=6p|bFci)ik#P5S z2ylB5&fApsT|&;b%sIFp40{H+fBq|hVSLDW0y%87Op=1(YOf9;cd~E~<`4=8GMfSu z4+wBq67C8}*1};n6yOdCaHkS(Mu3CC3~=cHw?E;=1~^=^6qs;qfZK*}0EIjNAdoH=zqXV;K(GjnG7oc%&hGjopeIfsUvZ!+ieK4)6U znZcZ(S+hdUMC4@c3uH}YYKn%X<}DE{ngFJMEn@n4q3}oV0&O7w+aYHya{~F7g`7V! zCy;+d$Z2IxAb+=za~*R6`OP8cGUR0C2`ng8AGi27n2OXqo}Pgvl?0H#C?fy+q41$e zQhpM0#w1DkWyskoNlMhPH{PM;Urt4bc@6XSYen_j?+7?L6>@qJBvTRrv!4Sp-zmE5 zds2o#GV^K;D8EgVOw8WP{PBM>fBGka$uTEb-)C|Ev#ol3Cz4y^s7kTZojeg}H{&}F`}?!lbne3=m;r;<4b z`J8P-&bx0Rr`qMv0%EfJnUMc9^P60L9A8+5938~U5z5ez5=9XCPqd-4YRkP3wH62e z%#(=PX*uj>-&nbdWV!2EZtiOOSMmC74T8zsGt)f7z}2!LS}v8@(_Q&q{KgIo2gP#0X z@kiDg@ybkQtp7F6|Ju+0s`0-j&lS!gtW>yfsaI7Hyr z!&lS-V8h5U)qJE`FB$Iz?bS%d;&ErDeK#w8^Nr0whPw>$%g9GJ?Zq`nwfJdX=oRtf zVd=4KCCTlq9T$GqgrEC`pA+0q)Xdll7Ho7mUiT|t{j5?J2clJhMT#Ae3|&$fQZ75e z{Npp2e(RbJ4@M-`NgfM%3~WbvmF9OLuPT{WWv&Z(T=|H~RhvsB&#i>nWgxC{g!?2L zWc?4y!y$`x?8J_b^`ywOg&l$*8uxnQ{rJ`ip@g^^kMqhHLxU%YcuW{&s{*7_B| zEd82W_eXSgKJ8%sv-l^o;%*CX78OB&W;`lr0OopHXZ<>S4P`;;Yi_mwb1ucN^rJ)D zRetQ$^(*|JWP_CY`6x0qdkQAk>E439Bd!VY-jUAo(X1BxCMsZwWN!%LLw@_n)Y6+R z0MAGh!D{(8v32BWIzbe)T-amxu5@JD97{H(e(v+AW(~y~J_>2bVCPB(;yIqxOOd&& zDQPhtjZARs$J&2*jPG__p)Gw-d(WYOp#hGp!*p5)?%y%rdl9fvhXaGrLzv}yh!#(q zh6#A>lKa1a%a{Z3gV%i$5>hb|2;rU@$OwB;xO1T#WcuTrZVSVdB)xXkUny|?94O23 zZHicyMA`Sa9(seO2S#4w+!WgL6C zT^Bs6xkcxV5Q=VZc-=Nr7j4JdFTZhsva2xXO;%pG^Pc&8EFA27MZ=u(v8k&qyJ4z1 zv~rk1l^~~#yGmfd_-M|8(_FHI>Br$~g{a(R+hO#zTZWnej)DRq40#*mJ3k2sC(tc~ zXWxS|4Snv?!^a8KiY|`AN^@Uz0nMn*MlASHn80mpSBg?0$0VyzQa;fZ-<)x&1+!eb zuu@)J*Y@0jcOrayWS1v5l)dv5uoGMSwehG5m z8b#zR+&1P8ECa0Cg!_=`GH{jfCTL=SVgUCVNvfFO+c z`WgH*Z>*)S@133sw@kyyfBwK_QfU&4Qu z@ehj>(fC(uiHgR*bHn)8)8F`)I=(}8=-R*y2S7aXysaWL<_P>?elBmFbt5B+B!Nw& zp1N$zhuC$FtaMJW@fYVVaN!c`CD#A9m7~D66IsKZCk1NlMn!>5(?_ZMQflT zn(_zdh|NzFGWj3cLc-GLk5?h=tu{|#3}h81f0l&?lG-Xw(iKzGiaVmu^MKTx zK@F3KxnVL%7rxS9o7-lsY)Q@sD9`8K97vv5dU^i#>Hg&D=RhEzN@@%|0%f9%UA5IX z$dJ>?hIIJE495zyrVr@Z3BoKi;f(wBbT^-~t8!MJVu-?a^K8PgJg>=e5?Pk7!9SLUlIS`7+M$n4Yr2lrZHIqQ$ak_3-?Xt5>qy|OMOFe1 zcH6&Q@;6e8M5G0a3LElIms|Nv#5K{0x!E$C1GZv$kta`34}2UIr`{YxQIG}ri=i_D z?6H6(x=V;xKw1lIC}dqf04jM4q9@h#Rs3$i^N^`V%RiLC=0iRLsCT99sr7cCXtyVm zb>z2GGCN#>{2$RQ7v1fHTkfW~>+l=zIzmNkq)Ce7EpbAi%!d3Q@tgFCE7a&leECY0 zxyizD5`@i>6OtIi#eI@n<8!5svqK%Alc`rnU41lpgjv4EkKlXk%y|S zwG`B*!n5pJ7EkEutBGK^Ad`e8XdO?~E=e9A{S(}CpOd(5uFW~__GJP72=kzg=mF5db9&-^-moEiPz=)vs4BW1?qXT*FptFOK?6g2T(9o z>N5etC7kXybCRsV?r5hmq9Vl}9LEO366c&?-wQ*$|tnYW2UXWQ(<3LCF>& zVKMl>D5+%UtB^G(p=9*X)aa=YXlY%)w+55i6?6ct(^#b|Mfpo9dEnA^XE`2>$pgEP zk4IG&t{;p<9tiHEYbAeY)tGDUfqKfyLkPgy`#_`e&OqQ6d`!n0hXIibM%mSfGdymc zT{TX32|DZ7V33>kOal!USNd}(m|zd~tO*tw68`iG4kKX=hw}^u*sGDMG3{TunD(#o zXsL6_hKbhH8BE)Vz-<2v=5;!FyoB!+q~2rI^J2Jv@ZexyWjNSCL7pjp%A^bN1^RAqcS&X~^%RUKWW}ECb&5t*9 z4rxAws~U*4=c}cn8R$vUaZ3XMMyW}7vPJT*j@B>0Q>Ozo;Lri*tq@uM1!7e8*`dU? zMWED>_T}#f)QTGX<2j4Q=^8{eQdM4uxHY$TUy0;(8S*j3$$@!9V7~s8FfWH2+*GsB z+`{k@CIzdeZ-xnxbBQXg{HSgrf`WrpKTCjBi9aJ=6eV6THFD=|8`hy0!iU?~`VJ_? zaUwNP%C@G*kz|Jf7-ZJOU`QO0#344Mmv;%9o8|#t$o3b!$T2s8fP!=*Pj3!L3`eWA zRF8%;t(yo~pu)`qsL|ag+oQ93;<>QO9DZ!_tsOBwbJz&{=SLJ7prYmUFF^MCpC9RrH5WKf=Q9H zgV~ZD#Zj?7R*;BPiEw_ZrCn>D$D?LlKzdcy>QVDGv?aVZ;wJBJ$+5f-h=D=m z@O$W^oWQZf0Uq`i(hxa>(AV)GniV024U_bBKouJap)!N`i z4p(gjO~F#Fe?mGN)=|V#<$nhhtX7(Y(=j+E=Xf-CPI>)xi?CoBs(Hv&GbXC$CP9%{ zr9@xj8f|&ODy0nwmZJMfECf4$_83P~h6tK7<-pc0LO}EF*onvIXh%OQt4VxITRD$V zXQ3V4nELtk`GNbtC{-RD{TN*Y?J3LuCdk}+fO&S2|A5RFy%czNWC@v9bpJ(3Pbb90uVAQd%pimoe6WS}7#_1U4_gk3# z7$FP$juIZ#{eX8ZgrUVkN5X~}dJS3PbdH`IW)Xw1!IAL7p4@D0r$%b?B#Ius2=y{ME(TQ7+7W;1pdTZM|I6qC()V?a@v}r<_y$T2Jit{0N(Z>LZsfWB1u)wA;-{3bb~`+r>jBiOkD4xSoy=Ut`^807&|L|_2okO;S%Tc12rHmSyk$rcTqR()3I9l- z#iEYf=L?g8T-AQNq8z*={TBwoK})uR8_p_1B@6bA!1b7nY<@t=UR3O$)b0w1Z6H zm#*UWWo8Y}xQ%6YP0jlom7LEv&&FLgfqm_$lGod8q?v#hf3={QDAP|fk%MNw$3S=7 zOjk)kGvC%HEW(9y(#*Fx8x4;lZ@ih@I2fHEa{GUzy>Vl2aQqcdws9^#JN0?zz=8!Q zI3N}B$87!kulcZ;d)RrAh$<1mkef7IO4tP%y=T?CA_IEDe0L-9iOv5EhC3rQSz00S z2_i5TuMq=fI?K>M#OPyF6Mo?*)@A+)YQyS&1;j=_$92SwuICL%U!~n6WX|r1=$och zGkzlU{rN#h-|#@6l8Utfp(is|Xgzd5THScc_yeL#qU?5T>}8YlY6sCiozXA=K!a}@ z5&YzMYELte0Z>M)?4N5h)X+3iMPOq{UetT-EE&|==$Nw-S=_sLAhuj{My8L$m#{Z? zLp#ENCcn^Z?2Sl1br$cRlK9Gi{2%A||936~JN;nziA%nY|0k?={4Zd731x8nE$Ux7 zG45BNYm@$sn^j{Q0cOJ~AqaY>GO=+V3{&uZb^=Wzpu^XRfO1w2c3O^0c>)5vo5VR! z5_~BYUZP9%h-}saX8c0+5auI@l7tDo+-NH6$ssr(D=$}#6=+P%HT<%@5)aXf@p5}n zI`Uit#OefMv`(V@=qBf7_VDJbsunVIBQ+Dxt>d@wZVMa*LEYpXJ!i{cDV9(P_kTkU-+*FCz@%Cv zY30y}Z5AI_4q-s@^S9|D4^^c>sIKb%RHyq#GCJJM4k7_+D?hQ*`Q3v2T=^&d~y+k&pQIbCl9yZtX-=O7Qt>0TZ1~Kj@yQIujY;AH(gL4@q zlvuC8`6;vKDZ(Du5>iNO9qr|~^B~5A>Dh{ThVv1XM-ho54qCq0EJ8!vYv%nO^5u`m z=n99?H{kdE+16pFQEL8dOwgLY#^T^*Ni!SA2fKpsVSipedB4 zt1T~wStIFV)CES;MWDNa;&eI1;jE*_>OhZq)Y#4$FPQFtYOGSb$ksO@_e9`L%;6Nj zo)z=2XnxI2reY^wd|BAv4JKnBp|g|Slt^Ay5<~x>2E^L~9rK+`Va$z5S?ZIRo(c?$ znO$;3DrENeL)lGbc7G!hm@UfyST~fJ&fcsdTZe%P5s*4NNEP`mj`6c}BoZD0ksXQp z>0kD}BJ*RO!jZ#@vwO{nbg*OO)O9n?`9i`_nF>d2&AqI+NWPU^^2>$Nu}$ilV;c+Eep! z`}_4l_!}E{eg9eiqUy9eo8D`-WD5Jw5c!elKOeuTPZsx`!ugxZ4<~M&DWs9YIJC-a zA&uhfub4kvuWZIbtaKf>a0{i`kpG#og2P+9Fxe>LqQ5c+b0xXJbo>T0@VVlvv=8}4-`P=f$D9J1PFq1-+otn zjXEao+-6rJY1wuKxQ6OkLvqO6br1^bfbnf_`9Wn!Hh(y#CX2 zLO!k!tKOfDva#M%@Cg>AiM&L2+{;y}Mj|0?lask8JZY%+0QMlXw?rjRYvtUd((dYW z=OP>L&=eDnKElD-EH$r1(;l+=Y*=IJ&qX6?($12y zlonzRykPaZi)_vpqnzx8mFCepo59(L8bBUm;T^U^&$L-Q5h=`dj^(JmIZI6(FqD2-6Q|KLUS)KE)mPWhq-^3m(&2P3k_`Q76y)C@kF3RfW}~GMWLz~@CZSpk%#C({SwX48>_`n{{P1-(7!y5A zz2H^FV=M^vw=QS4+5;g9JAISIx)ECbZVdRb6^Y(6u=lO^_SgU4Qwr%=Bs#^5LJGo} z?F;^g^DdaRgU8ubTM3-B{kBchMXOo`oNSmg9je@n&k#!Ba5ZuA%+!MO9aOe1_ znA8Pm7x2J*O_RBb=T4P%?rCeaqY4x^hN^`&L91(kSyV7AJvPv9Lb8e{aNT_2c?yu~ zhX3qhT0H@ycn>ndVwyGgC}2fr<4+@~2}IH<;vxz+*{$b?Tkqk)uYnhQj&K3}?N-2P zb%Qb+29f)K{`@;!Kz}pj@LZYnWK>aG1zM;pQNu!KiRRzc&2?`NxV&(Rqh=n~=sY!F zD4^zFw>xTvBB!D5?XuLh9ixY&?t}c&#yvXG4@s{7%J?)OLEmu%y}LXj==1`DzU~Ps zXO7N6HA02y^uxQlZJ*#1?)ad47exT?NM>)Gogx0TiS+Lu({BSZUc9&7<`^pUi=RiK zW~z&+`I!8>Z&}1Y4KD`u+P$EDFzvcA38od(QF?zl=dRC1;h#G-ANMG0T%aKttS)Wcsox-R&A#K#I0l^R82$JAz;r`M(`homZx zs!UZLQ=O_jp(gc-nfPydb?OtD%G4*sDrL*iUE#FI75G9w4So586J$)!ixbPSC5!hP zQlk@M$S+iQWZKbw;d7wJ-8P_m((PJs9;3C?2h%wgHRdq*aDLZm{`hEo{CjNvKo95` zm>HWNEr}zNcSL}!EbhU&$8w{!Yy)1XN|>JlZ#Kvu7Td4iN>p;W)(V@;ov4kA@main zKgR*-TAW+I|59PH-@PE6o7UMC;O>P3AIG4e4r@Wq&K(~_3$&nARE`2|n4hCWX<Si34$bKj1PDChrH(Vb`&*Nz<^6n}%8kzZH2`&7-4i_2OTzFfRRGm(F+#N0dJE z(zP};uPu1ffwnl%^BkyuF@RL0TK075=Ji_=D5{4Yk1Ti*M>-T#E2%BBpsv1s7V}to zP5N)Ro~N$f?BoEEXxl>mxVxuae0J`-#mE=_aGryE&a?@qp$TNu*BqNThp=qYG_Z*t zjHKcEv*D?QZlK7_n!PTw)G-d1(!BXgoZi2qoI~8YEeqisBLVkE!ZiX;Y53WXEDy$_ z9uzGvEb17GqF1x%6j#)<^#GLAhZq#)qF-8+8bE;`FSI)L0?`pf^e(&uDez`$9N+fZ zqe~w*<5iid7Tn%|Tx2w-?+~TKX0V33JKzJ-pGQg?4GA~!G*4?=Q&yw*TP~>U$WFVX zUHq`6(H-qi-3%MNAl(7gZbjMFR6C|04eyuDZ#oCOPc`z`q~N4Gw3#)ETxe5Zr} zE%L9w)7Ls%t$~8pmI@_lm3udIentL=D5(lAo7fVVDTPPFo?8i}k|#-!?*4Aww-@vFUYVN5)ga^ydreaWB6a26 znyO#!Nx7|%m}(JQ_e1>bOkYJ4)R~^Y4gNscugOlkYDzXeUkGTISm)ATyBh|Fm~Y?I zhnMd8HVF8-oPWXFv+*ajQ2OUA$xF3Q8Fo!W-&yd$G`B@yJYzXa4Y#mLk^CLxViPi4 z6P?~&$=>1;&EG%(^aUF#u4<^e%CfSJTRZkd3PbMmWsSup@p}v8qJ_{j+rmWaeiK@E z-HonwBF|KN8m*{KH8Ge1wYmnPs)wlRTWW`3B2hno$Rt=+GT({6-X3$V&p(Cclxm`& znI$i-$P-Xaa{!1dMCFe~ulfeXm{y-^ufDho@(#lB8To`?IdPM-+XQ{dJuQIid3`(6VvNb3)xI=3dAF^e6i;m zez<#i(e)S1z9uv4S}KG&9U>BjgnwWv7o&X9{Tm#AG0qIQo~^duKRLMYGctVi<@b>G za)}g|xD1yMxQV|&Yak~0Bf7WhdtA2&o_|5Sukeg}L0!A(4(LAJ;X_}817}V>CB}qM zQ;wd}eD#zNsbCU4r3$kh+1iZjJ=NV`Sn#U~VSUC^`2CvWES5cX@yk zW$EF%yIPQw?n9Yqd!*kVr2ZBCZ`vIdV}=|n{T_f$$y`Mbp_B9ZQMW+)TFLTAUrU&@N;nmd+C)nU|f93%(iHT zN4b~o2>~y}YSEoVrzDqbv!QY%SBAHm`RO~0s=NVhxU(gFr*Ff>Ac3;V;h(La+>N3< zf#V9bS6klEomqq`x*&+6TE}iZeE(G0TdB*_7{1S3c{awT3M8DJI(cPkERweCcr!Iq z(BX$vGBb@|ysPKfB(Iug0=azx+%|?|wQr!K23D_#jU4c0dz|c;DPSPa&BuDcksqx2 zjh^(1_;nx?uijE{wT%-9ZaX1+HA9&CV56f*=Qut)e6P#95 zBptQ_b>lQaWBj8uGo9=Ifn96|kUPU@ILCMFnSK&2r6S><%3(*2PL-LXe?rIR1ii8< zXEh|crRnt8#Jc%ibr?TO^@w9on+yka+_(+nVTXhgtO`OeqM=l;>84U zobWc^#TPeD&%TbH59P!Y=;8R&jq`1Tt+C+#fVlmXA?%6ygziG^%O5PY(K*073p(1# zK+~63Ym8y?9qfrVIc$~?=5XNr+X6N0NWlCW|4CHV@w<|A_L3L9=BRl({gJ*SNzP-H z#qU&$jlP45GV6k_XaCX#YR;@Z_Y&)u&L84l0uf#fydBw&GI)eaZ}6>L>$#Q8tuBi|1zr?{UelL@~=EM6-=-DP#wa^5c@bn(f|($@EF<~~024Ue|$ZJW8B&-}n=ZhpV5;DPQM z%d4FTX7_$Jio*1_zIGCoNzA^z5ZHN97!33>|Dkx2maH`=V3(l$sJ9wtevO0Q!gc#9 z_;-Ir3*<*peTf)`-^B~veTB`l&5D_*IM_T)FJ+~+TFBwj=dRA?U2!uiaW=0@^Lgh8 z5tw(b@is39Lq(&9zxX5DF_=_kZe$sM;RtORYLh)%dkHp2FV8ezT*C`+TuL3c_PDC2 z5m;tpjR#3NdKYaOSYEhGV_iyiK2xL)xj`&b?SFG6;hp^Enpt4*+(j%$Z=e z#aeYFaj&z%St;6I)|r->I+TH1N9-vpGL73?VxQ$8OwiCjdd=lGpb}a9!N*1VVSQ8g zSX~Zfr;>72u}=kVR&l?A`3!>3dF!?_*22`B8HQBW(9X%7x&Ly%TR-2fYKRNsc;Bc7 z0WjjejpkxQKQhbm_9S;sZm8T%E5rwGr?l%gINuOn1;+LRIO3;I=D)6WfPLI&DS?67Dpa;Jw#_jA zC{F`PzpxrvPi~=EgAPlLMhMx4r6eY%(mREnRfA+IxT#10k=)?P;4o#VRL#hl(}%Op z_3Ag*CeELoF7pl8&*m9xJJa`|Bo&5gXhkNG!A4z7p{ojE#v1uqgjKDEC1h+1s3hY8 z>&i(STO#}Um*BTBAF^BwL`zV!b%mEu9#_X@TUoZDZgGHFTm*9!U}Vd?Z+uauAwe zuR4hKt#~uJBs1&4%*t0bqm{%$i(U&5F3EV#nZ{?Y51sG6&B(Pv6hj3?H&Aq=vvcrK zlkQRc7$_oJ)WIA7*OS8hS%R>x1MCMqm6??mX=A5n^>mbx}n!+lK! z)zl=b!D+A3mG+AH@~yDwwH4^dbzMNuE>nR1iJv7}QG`CKtSz*#L2YFlT8N5V3%5fH ziHK_vObSW^*bQrpT;dx+i z$g<`5iAy!0Srf~@ud8aJw6<^EBPzC>g1SW!cZgOtaEq1OeU_wl$6YzWBDo4GkFuoO zSh3y>;EF+~MaPxIm&dqb3aZ5v1)2bKnx4h^=;51hR<>_?ZFBmbhPr#u2hsJ*@|*%n zKPc!7Pk)5TeE?&?#6q~faTy?rMKP(Uy|O+OWIPSTVTW#Z(i8qrp~HADoPlB?S&R`Y z3Na!JT|CCJC(3h*s19Ln}1(hBauXw?>Ua6^2d~ zw9F4X9cF(_8!)si;V#sFVedlJe&G!q2NW$c7r@;RN98FlquBLXgn0C3_SOhzoB08{ zH={qTX2NV65IP4qG)m2WC7D>KrQbpS%>{;JV3sjhuiB-@5yM6+wK|Gufe8Rpjipbd zMKLIYRho~V361U%Ti%mzgT7i7<}j2DVD-*BuWRjdi=1@MsRl3A zYZPa!I=PK{E!$_E;kD$Ct%O$zNBG#U2DQ-oB`{q)T773kux}2PA;rP~I7MW@=Vb)P zcm@V^DW7)KBqJ{#Eh8ObRLl)Hc+Vy-OE&RUv14-H&X}WrKzoIkY{f!70?(gcW?!sS zfax%v4%uB7S~K)%ZL4MDPi?Xtqm?UsZ6=hwUqG-I$=<_bOD=ZFs$;@K$4_bfW(h18 z2{@h&N@6+DCHIG=EkW*{u2PG|a%!YY?hniP2`n$;z_z?-lf?3vOYRSg^@p@l3KsUe zwhHQ!`q|3rE<1r*8~RxEYtVW$uY?}8I|X4!YE?brvp^sLqYfS#Q9U|QlQ_qYbe|S? z5V}w8E71Kd9X`Zl*jhP^@n<}b#G|5-7WSIeSI1g-M9OO6Zx)Icf&!<7dtOjd3rE`I zjcDO`0V&eL9b9sMGD~XVKhIA}-sY|;OFaV4515D8})PiyNK z{In!#TxlsPDKmGyhQSBXo@ENm0kr~r{}`bqJ#W!LWZ%?kz~3mer1h=Db|Zp_G_dLg z0&_Gtn)|JHGdQimgBj`hQ5T)XDLq9@*vs-d(01F=oaB>#!%h((sK+YF5r$iZ8g|ckj zIuZShZiWiXI8@ESWLCe0=(Lg-+1cx|IG>HHk*9)G(}1}R3yRx}YVlZ#%Yhfy*njZu2tM^u>h*LMb#(sp>Wl z!&rm7F0)F1SoR)=bzIla_tDzGon&oYW?`bXN>|%=wKk{#Wr9MJq&Ba$-R27mSgTLy zGNUEI1-PF+C)9qAj^W+vQQm<)xw2=#I)Po9e63AR48O-FO8yQY8mhKsZj^-Qh4FHl zPA%y7Kr4br@bh#d)${m8Cmb_UjF;3^Myem_s&8s? z)i++M)uYl-z2yjaV>triVv-KiG9aFsrX1M?zbr>;g(K>GZj2lCQW(#sH(eyZ$c=O4 z7ex>R^f9a67$;CmG}#P}aHO`~=KPidJw6!;+DZLPG+tqH^U>3>{Ke};c^bcYTF!a~ zooS9$ZYWO#?k(?(MEdP2PtI)fjnGeaWG|Jdr&}Y?fq742uoSFEbii@7mPL(5r z65f;XxkR_JQD5y=YJS#BU-!ra$U8wp_`HJN;DyVyaQxe9!nvtYO0%w^2Ne@a}B1&;%j=W*Wl&cBrTOuDc$ssW^sH9U?8xc{nG)4 z%s`>YH0ri4w_m1O;@6Cee&#aK7=*|;Bhw2usfhH2%njg!9wbCJH@$GfIg}Z#N4Apm znx%88=U%u2sKTW63FrY-VJFs4HD~v-)l$|oWr2yEJ9#Cu-wzbpH}TSqw6Fan;Qtx$ z(~OzQlI?p|4BKGacQUMM#Ek*kcL?jZ+F&mNLJtyse-j5rL_M{QCH8ZpZ$N%0;RpqK zdTIIn<-}NiHCL9B-@n984YqxkVb}ZM+jlDKFCo7Z1~0!$FWyM|J~{#T=fN2h`Avt< zR;-^pY*PEKe}7ZjcRB0d0`-f2n$u=R9b7w!m8O|uv*cuLKh}%JQV@AdvKp$HYH4>J zzh_%?T-gl6H~{)%4d3l*El*aE>U=|t;FPSvC>#nury z*7*EQfp{S6A@MPr?m|kc<$t#c#S{(DgyJ@bCiK@s<&;uvX$N7CZvW0k^m%W*0+#

5Z3zCsZ5ZzPn-{W@PEYPa11!rcpaEw=ORcLnrgg1 zPU!fs!EBzo;-W;_d%QI4itof}W<;uSY9e9lRO4}pgl$rdd&CJHZwTs4oMyJuX}dp{ z;u%Or@>t5(01oB_&bkcv`#fOUhd*Wc!{U!G@B<5C;0vMx>ix;r)&+M|(Z3}iD#aX$ zN|qFo>^C30d_GOvukyJ~G50GUz7Y|(3Zz03G+_m)cvdhW*t-h~!W%~=M?vX^%M*ZA z2^7F)*?4JDIh%2&W{_Ehb=lXwxVC^r9DiDtI05~MRO7h7KMIRJ5%ECqLNhr_5pDoj zZ~zJ9sh&8wqM(6)a=-$oFNhx$>Y#%_Qr!F2&!Bx}_0bv*PnogY5GytX%P3pmg-BQ>VrG==@h_pji~!sAG{q_jVhcgfkMq@r z@gC%rh+!b;FfujoPzC5_(4p*Be~Tei9^j~bEKo9*3n|#fm5HQyeMv|IC=>$(U}APc z0$OvBTPd4Us=dYsR>_2T4lXh})E)IW{)M4(@K5`IGf<05Ats;a6=rA{KWCM-FMl=x z9GW8f^vcGb3`3TUqZC(92H_cbOV>`|m>><8sH?+8xv0L{6tD!d;?)RqB=7&5&iK(F z^%bWcoqQL>TrMGB-I?noBV&}4Z$~WO4$61>ZJQw9>%<8UnE#{l{qA$6!!Rcb~X#kRzCOAaFJjtOJ%n(8Y}sqKG9MJaK=8=Xi`^tV?K*q3QY0`(8$0_#vs z?O!r+(D9(8&zUgW65mLe?RdGy#@7a4_rd}eqE8RbX_=t~A?KicMf$`g0Xs6-AvTD@ z`e*rm9JWL}V({%*`*GW2XNwze&y^c(&jeALGaX~}9N3ZW6KA}@+->}FJ!-1YKFf(_1Gq4W7vr~@a}Bf*Oc7yDU>et$zCrUoNoL<~L0zWn9Lj~P_t5DrRLCk#+a zp(}{Z9R;pnynlOB`v12BGi3tgJsX*Gg6V0>sF0b5s7Y4wHAPHe^Y!_fh@q zWT;C(?HMYQ-Aq;|FRU{R13?ALy(he-97|ejl0T2FkX99t;_%|3P`-nh1ZZNtVjSLzbwxV8Cb4I zPd|?|(kdgPyoDO0v=dCtrF>R_OSYLKJ){GTu6t7AWPJhtts*Rr74>Xb@QZK1P+ zJ`>L;20#8Rj@tl5D0Cm|<9wa)7V63=1kvtzL;>_hosls`z_l}lL+lC=57l1=6#SO4 zwI1ni|4XH;XZ62ciJ3ET^igp#*$V$tkN)?e9;gYk<;80Y1{Ku(s&p0Cm^ZMo0&}&> zQvD5tCHzUdK8pFcyB^_s--YVAzXLVqP-9MA-4#k6Qt0Z!$Xi3i1o=Pj82Ci?XnCgi z=!&2}J;2f9ACm2H56KGq8&6iOfMH~!9B8-E6gyto*cbBoN-7qJcg9j)ew4t-YLt{@ zX}KCfPY!8iu5gdTO|>!9*$_sP{@X^!nLXaq(WHi_*yrn*FfXbif2gSuUVcr&DV+Za@_4fh`+ z4|UjSc@#e?+;4C_%Im#I0*eGI?CL$Q)hk%NKbWvsmKRtmXTzMY zm8GuQ*QLPP3oVge;x??>ubKS>0>da2bLMG4qN2sZEe*GM`4G|7#Ml}8KccU?R;D{~ zhdK513j3DQfPPV+uo9U(RdXRmiA+Mbrba12##JR`47H-tB5a{c1pL&cPW%wjG&x+V zP*G)8p`yyFLuDILsJJq0q2vmL=n?e5dyb+9vS?x6`9+~3#P+md9sS3_>ca^K4_+Vk zB5YD0&Krb2oM%RV1cJFq9Qu&Ko`;|hR1EXfq>byt^b+lO$fRb* z`dwmo$|;0>Ms*84YECs2Wfv7LIvF>M0KM&%HUaAg+X@79nXaALo;ZFeII!M*E|$!p zBX(Nm7K`Z5MwWmEot6YBb(_zy4~0GG_-oAWCj*~dt-=0BH-6DogyI?<2kv9BS@>@l~)_^4LI z;|=wpSK`^!X;#{q?m!*RQ%uY@z6JauniszbTwd!nkV%E+==~)CIi2hYm)WlHmt8Wk zZ8)mHsOv7Xb%40cc7?y}5{a06>SeYoTGA^DFS~?R$c?f+a+z&Zr^Y~+L&c&*xt+9n ze!4x?_$9UvTGbCByml3Yw5JwY*O!1y+*(Rk`qEMlZU|4ex1`(qr|vQ+hztQ#WKLdp z?}F@~!!7Ax7+fVe8@*7lLKfNC-R8Hqd`SLwA+HOD`KwxE7diprKQ?611=Sb}ppN|5 zkPRCr5@W2ESryE(5>;NvbtiUBQZ&EAeE-|fLI8p%Ud?foJm#Ifk$CxFg}A(=5SO>4 zm-o*m95|!K_JDAc-&clBRVh*9e(YI|*I#v)zOTH9{Cn&0m2j6h=2=%9{mHq+cHSo` z8~0!!%;4i&zg*`nY(roElc2>i5iabx-;+MmXIq1nrC^;4_9sh!wCA$a3N`I0?SguQ zQ~S@Vndr;24q!Dh5}{M@?DjR91`^93?34APe4Pc8&9evd5;pW;XMNcB`|`hVm~gN6 zrPo^sF*!gF2Mjwf?{Ud{19niy&F8@C`+L2`_EvLvkO8w)yKuPyJ4RyJHD^v9uBoNj z=l92+Ucz7cIV_THTUX~?EGLBrSrkkw*SrDBu%DR5`KSNIV9wjHA~c45n9dBt&-|Aa zTaov*)xPLO`yi8u2N*41+y}6mTUd;3AIJOp8F8$VVH6|otH+46ILuj>D~|V8a7k2- zEJ>>)A1u3pkROMHaD@U;)7z1uRo*4XPh4|=^)Bw5xnei+2LEwjZZKO! zuL?*4yrCZxg5egSu>ctmyM^VL&JLlMQVM$ilAzE5^j$RDJ+#vYrD^l<&%c!-bk zgoNAJ$~Kn%x>Cf_tpk*qXmK;|AhqgBNMv0(ALaXvfCww;1mssd?7{(wU}Wv)M2wlN>#|q>m-7@>H!I zZs!_vI%_{zb(40r!^4-f%C#9xZ7R))(Tsa1Vu);OuqeiDWPBQpq%;#hdB%y1coiCtpfc$iWR?k?&!@+f{v|`0`Q~J>Ti&S zTbU4f3qMiZMc%>-djQz>&VjV;F2YXNn)=LUM_WyiURrQ2oiXGLS97ILq!{M6oh<&GDB6AYI)Kep%0uF|JF)g^cVdV2Y|O+4Kt1l01!*+FbfnP zTD`{Hl_73F^~+)E_eoL~sWC64D`hl4H5R12Y)Kiw>HWuUfEA9ALY3jpp%n-@mb--z zL>N&a-nSEz;Gylzmu*&PA6SxjWHT$6DHvfd`Q25* z6FhSQo?L8%#~tL!&yVD9lyrXDc{I>!OA7l-VZ8ZKW!BKt0*Q}DY~+q*un{|jJms=7 z@%XNw{5oW^%9xEqi&rLYChRu=8|>Ync=>^v%RaLzZ5bm5#D)UWh_QnGcI7EFdp3>Q zdhk>pam2Y)eNk!Q^G>HThLE|;Z#u)M= zQe5Ot`uS!}iSdL^L@6ofM}uH{m(D;^UQXC1s}Y0iEIYh!*`*>GptGFJ3Pwu>=qz_0 zE;<1=`pz~$*TmDw983Dlx3s8>`&*H!Iu(f2m|bDIB9Z3Ic9P&k+W9#U#X!4?QbY=x zAkwYxgGgm-W8@W3m?A{A7GIZwI(dHqRM}Tjr2G4U5V!13RyeVJ_mcWp#~Q^L`i`G7 z-(o_M0wm@WI8P3R#wpFllu9fbEELK_tGse?r^X(@RPiQfO~r7X)$KX4{+P{fSfBx2tEEQmqy0*nGN86_qMVsf4s zIH!@d9kwxIiu}Xf-rNXh0G;H_*GbGcN6hah31{dZsxSBt#4+$xp33|4kPsJL@lM_+ zhU}r{ZzB*YlsT=^S(U zUT{})dNpd8hJPxDZ6law>RmK)825_ds3eg

+ zYLC~YA${fzEU2TI>{f%ESG|rK6QxJqr$vqVP*)?ddL)jbM>RDxva@Wc{pIwr7o<_&UnOp`*{>nIdsTh4XLyd&YaWDOby1Lq!R3) zTy{Q4=<6|Oud$`wG)(qS5uKYPJb4H}3l;~X^CWIO0nL5|hxas=lGjn&Lk7BsVL*9( zmarFXlDsZ?)iQnZ1pL?}c^&GCZmva*nYKb?;pFw8YI{;%f4)s%oV;c!Oj2I=sC3~e zWN(N0!xhf=@DWSiUQPEAVxo1#=0NVJ7=i&lbXs!)N{IBbvpbqs?FnJed)A7}uZGBc zd$9=nlE(yGI^G33)m}nj@544x8!narg_o@{eKgUruwP+hhD zbgqbqxd)qarFL{Mv2aI+15E7bK;lMsbRaGuJ34Z*qhn3_8A>Zx&(jsxsOS_!b*j-W z1thAjjA6F)TM%5WO&n5zv|6rZs;_$nXf@ygleJ*>GkSmPAD$UXAk<7lHan-OzdVHXD-KLH(Cw`c?}$3 zzH^x?dbk$N4Zi4PSF}Ql8uMjY7W8{(R%p)wHLzo!!?Z>xC{DLqQB`Y8+5B`TU%R(Q zaZx|R3vdX|yq^UgX{dVy8#>Pfzp-FF5pLcBJ24it+1Zbn?HPlhO>C%Z1ERes8eQyK zjK6KjqV(HzN;Cr3nc@pMvzIilGUq=vRQpgqDs~MCL$O5wY}H~Fe>g{TO>9yR~e? z6LQ;`^kMa{X{0G9lD7mB zAs~O|N6!ot5=3D{`@ z3j=&;4G5qCZjc*Od>rFDq_@=)$|VMsjSt4hYz_u`Ye(ekcQj1%_{>#dG-V6#`BaW0uabr0`pU zWCiQFl_iYV!>GR$KOah=;dd%=1M&0cguTMTmNZ@nvUA=8a_wTm4$w8Fb51pMI5}d* zA$gfbPhth5Tm`a~0RcOAZ*!L_SZy`qUUKwgBj*vm2`u7&g!!l#>pyRUD(v2fM0-n| zNB9k4qW}zSn`*e4jSF;A11YXCFYWCVBW!?3-oM5RX(RvWyng6Akab#R8Hm2E39Gh8 zIdj{$;y*;E#8w?klg5aljgEn>eY$e0hgHEY;A7&nY0%CNj;wLZdgaehIk5_+k)~ znSFQuM)hiJDT{tPtusp8E7hbShbPf8Ys&G1wC2#YwBN-GirPqPpht=67B%T`8QIxS znp<_8@1PQYmYkAnFk^oxdA|zno6=U-i|~ed;1S_&pS81T7`X6mx*9ke6$l3IUKtzU zkzJ;RbKbmNO8ZI%Cd?Zy({E%;*R(PyzqjL!CSB-ouJeC$Fe__EJ_d<05x zs2B1l;ePyj-ibC-4h-Q=TwJi#fxyt({4!`%Ji>Q7i8DskV}?CUF6)+r-S-fVqc>PZ z=~H9Dt+H;uSMBUW#OJT}!{>{KqiTC`(?Et`8e#dIV8rL7M_Uw@-SSpT?x4c5>nc#e zQYT1^Cul#Tv6WlzaPu~0=HRNn_=-fIeKPmmj^jUjAUHUaH&4n=T+YhHZd4;chlhQd zIB2C>#JxJMuoiba+?CumN51>Qa^NbzlS?K!-@1v>zmvJmk9G-kx;smqw^0vpr~jqo z!84Yn^gh1@Snz$z;{gowa>Clpc~0*KkjEvz-V}M9%nHh#z+-u|+z5I6=2QPUdE5YY z1#Uv>ULI@_cs^{yVu`pG%H{N^pvG@e_Db3?5u!uWGzuxH7T*7b^zt#qm)CM9x)cdy zIH79aEV!;U>_;yp-*bnSmhbS*!BQUoU@Zg4_l04A-NnL|9C(ZR+fQ%V6!~7p3RV`% z*UTulVfe3rC4n2<*?x&+!ONdmly#b9A(CEQnB`><^}jC`)(X~dz27gORmYFq1g&z^ z1<5Z;)}EpH5NojAV>d{rT_w@_E9r;1tgUa>tb+brS|ePQC>*p@RvS_+jFcd~lzN?5 zg05i`rQVtH^4Q8$f2L;##X9W6pO@?b$c0nEyM(QOT?6~y>yF{+n!9=%+!BqUD|x9> zl`0tKD`n2@k_glpsjF)M{5Gp7DI#Ga5i-Bs2fDRO(gFKL+KaGivW0Hw`OJbstd*Ssr zq_(7=D?Eea8GAjH)lu;9C#4!|zHL&dPAqqFHUa0A~E8>YMq?wx~AbKDWQe!uD4_}Q?W z|AI-kKo#@@9O9*Z`T_Q2{Ren+x&HuTxOAXk;DR_Xf^CmfMG`TM7iX*B7YjcQVZY1zimAw0p1k=g0<2Aw6!mM z5WmG?$O?^__Nw!bM-t)|JG{NQgr%Bp!dKja6u!rIQ0cg=Bs1Q&GE6>Pg91^v{DMTC z>C10XgYQO8k=sV$XK{hu39yh(sdD5rJ+!Rv>d>}mGBl4|^Vbb*Gu+NvaH>zGIKPPj z-Bjaln~_#cJj5k_GD`fsOZ*VFC2r+1QW?vM9UR?X@Sixp=}h8Z_|hu&Q|#Numu79ja=pyq^#W3nh@S37sWwhmF06t+!oT7f9q-^?WsT)m!DHgCB@(Pu4Z$;`@EcqvkI)7SXXu$+G|FnJ`jbEZ5-@+(0ifYP{G(tcC3RUgP; zE7imgWI9d)6xj8S@fW}($`A$&s*P%`X?t@St;gw zHoI$$EPH8>n{}`D+P@FnYrhnu?gbU%F?w^xQN^0GRhg{x|Lg*qk>v z!A!VniO@|oN=&$_<9zsamGSpMsirHT04zVa3D`5Kg+GZAl$?M8=-V++$q5*M?3#$1 z-(dpwOscV9R<@TU7R<^HlEg$y_Lf=MGcD<7eAlomQ@&++Y&8zEG7MW+1|oGqc7Y>1 z%$qRx>B-Ek>yeIhrLG*wnJS$exiN3X+fkoND_+j3z*#Q(?SFay6RS@HTDpmhppZtH zxu5$n6LYJx3*zOKoLs3MB`$dUwN#C)_Rl{t1HXZ6hq-otvTj&h&l>FYU4)x^)>jnn zO{lOegT!!jkYw7{{?X$W-yciCecr>(b(fakR0@s`Lb%ycm;A!=T8Nive`)q_W-u&- z=5ndRl81z{{4lG$;qADbydBp@aL!zDZA0dEd(F4O;Q&4e*R7d|1tU5GC_JmZN9H^U z`6S04;m1MHyYl{dwj$zUbd$7x@Z`=X%}=vSS!699;c zaUk*pR;8^vPSfz7zZ&zY7^`!s2UfW#-(D37El{ zoj3QU5g7@CSYQvQi#?>haErU0=`LU=g{J)^{4hV@5KRNu^xv4POFE~n<`SQNqD!x3 z`k6lcFqh7;$sEme?pD(WUJpPTesVzHnLlAq8s^NzmmPkv=cjf^Lmx)kMCjyQb|Njd zo%SaT7nrsoRgaG-mWA|k>5x^6LpH59d(=$qC0hB{A(>h4V3O^w&j1IgRfxtBj>O)1Vd-J6%!gUYud7m{dNN)dqX!U z>{<%a%gj!Qje#U~i!Sd$`33SWFhf_)=P4s{=EEJgz@Ubi^lTRY?YYvcY#)r+HDbAC z*Iw9v;n~H28S2iVY0$pRSo{Vp^1E98>WZcB$~5icW`IJ0fe)!FfG+ax%Sg4o5xH22 z3#=kRU(-I zC~P8qJ+)9=R}x{Zf!+-EdQ19s?>f=>6*_~#2&F1?H(Q0g#ciSToFWtu$g94-IY0fH z+dXA#WN-Ly@z!2zNx$Z+yia=psH&YH12y^sOR%<~8i-Cd{MAis_^bUj{MDB9tDcIF z*Kin;BD#=eNOTFx``NE?XcH!!W@e4S3TP#~CJMW*r54{t)bW zSHpx6{>dlg%>f)G42E1-xfJ@d;ek&A$-rD$#Qvd2NfY}S;O~&fy$ut#N;TOvX_(P+ z#G~I;>hM*8S5Hl#m2~!k#&Sy|tP5;T8hc)VA!x%4{Sy+RXpSx}`^W7C2%`fb87RNsm-gVHm^kQI$&D^4<;~uAIU>kc7|{=?A^&2df^SB+Wq| zy3P=d{|X;%#u^7$5QIL&OqB1y4$4)B?OIn{9$>aI(f(ZXn8DVl>O3%&bYH!j6S0}9PaX~IZ8z-g7h)XrM$mb>L5FlowLRUYdx(FQBmZE4u@fDO z8rQDQ=LRO^do|PAWMhGys4m!pru{(6O`0ZWL^*j=R%jU-LiAZ3z_6LtPZ!7k z$vpN$vSNLHH^JU7qaGzeqqS25&!HSVj9-ats+5h-ImOcXzgRL=DtatV@8SAG z8tk#PwXo!Ps|S9j&gsOgV<&c|!YZ*$#cV-+F{dCtQtg!)&XUz&VX_MmX>HPRBtUFyIilyxlkjjL7?^APr*2?>{m0%k{-5qQ2VynnWB6y;ccXr@J^Rh>&qn>` zyc7HHH~$ogK>d#F6X{0U-((katYVbV^us}}YI^gFL0R%%)4#<9Z>Q;^LuY7;Q*wG% zUYp0j6!St@ZVrD$I)`=z>sjFl-oR@8NTz+;`*ieDR}d{*fW<|Kv{-Ko^yzfy6XO*! z_lxh7>=uRaPD^bS4Yj%NCq%2;(_7H2688ab4@b7tZs!jmo&0)u}ox3zLT+4mjtf3g-QCtjvxc)H(%FMhT&^TXdg!hbCFZD@} zQ}mea?-XvfvNg;5013dd{NVw7NdPZo@qS(Aw(F$$5*EK4#nCUUTV4N4H$;W%4CV`f zk;D4Yd||rne;^-rx@j0GIHX*9P<#ZBkJz5BjA)wm|k$F@@&##H#-QjNcg^T(zd zuZzETPc_=*cZDC5YI?-e%Qz_*V9gBxm~cdD;gkdfSdfG`JGF3^1O%Ay-9*BHsjJTp z2}28OK>})dEdi0N1rVquq7(_JC87ff;Pq|5(NMP*`gy;{2B}W;w-9KnvB9@K&Og-e zm)3mjIz2tkul4(-HGfyXUs}Hp_WPyvdr!Y#TE9p8O%VD$F4d$_0lBE4TUQ#&e~g3X zSA=R;_LVpEZJAnN15+%?q>h^T=|}UCl1btLNOVe*OBI%DKoZM67MGJmlzR*vkGCj1 zvJ@Sm%+y_H&$|N_rP2lUSivID021up!24ty%5H=}$DhPoVNugJ7p~3oU6z7NxDyC7x5N~f3f zQ_qtjW{XU+MfA>+?qmltNf~2-LbXFD@8n8Z8Sb#8?g$=64vIqAV?Br0xjMQNBVZ;N zk>&t6yVE>?sAx91INh`u-t&Q0d{PI{&R`Wv_M8J+uRvSrve8|+Oh9T~&Zr{F^q>|v z&RT9@S)}|;@dN{+faMT@fO;X0T=w1+7TQwT8NhQ&Pc=$~i1Ixx+3oS5c2H585P<>6 zjX(lqU-4F@-dO`U!U^B+0Fx?`hf{zvxS*x-V&^yZe2L|*J9_LEX1kMJXpIJ;9|oa# z5(ETsbPcf`X>=kEQ@FSds|6?69C~5)t?-3uvt8mctDzTyH+T2>y$kT&Fn#(38Ch_S5h;KLqzKCM^U7u2jiutB(x)85vHN-i8k6^Ovxy3 z!F5|pUCp`N=AeHYf)?ax*ggjft*!)TB_JAWN`pEa`Z2)AqfH*$5umRX=4%-6n`{vO zS!6N$*2f6!r z5>XCT3zJk!f>}aDYH+l<-NY6WgOec^@YI3KD1-0OrG06pl{ zA!x_A5}^CtAkq%r2`OOLtz<<&`%$P=`ITa4Md&BK3yzilZ&cBT72Oi5=q<>sDj=Z7 zE`huZJ58?l9Tr+XjB=6OI-d)YZU}Jk4p^7BAULi-8T_YlZ5!001chW2sNX|92G$tS z$j9ip6ksI*6R~jK++QAY$a}$P4}okC(wBnV0c<+`GuUExUItD=3oOk}#BE)de-s^( z)A)8ma-T6E0h8Bt|H*^9aoDZRcZxy zgKAdINYpg+Uk1e2&CUStKvaTbNC@#;d=Fq)fY9Rkk-z*#IoS%Od9p1EaaNb7+obxf z|AxAd35W+UH^I+tbSz)Aa5 zth)p}pMf&ZjY=(>aGMMCncE+Ka|2hPD@@H3s42Lk5Ax!gTQ98EkZyz?-N|*R0`P{MMc>Jk_xJqTq)J+`%m-vJuM4`-MQj#L_Ph0ezkV-d z&dyk8J;hw(nh9MK8`sUtU`yc!4L`$FeI#)$&P_3?RsQvxR_Lx`u?r^`&{AsQJuO?# zLZMnsihTKbmhrDIIOFU^$ zM`Ca!3aF^5XS*N1!Ex#e~?2|*3{{# zM%n`UM@AcO8sN@EvdWL|Y}5MX3>)}mW}B9jM$Zg6g2Ut4c{J=*7cp8TePHiQ>e<7PTC2zu{h|G45^` z?wz8ZrBqz;3tM{boH5P)|JfpOc?kXcjz$+npkHUp=Tc*^Qx;H(vmR-phC7mgQ!_6d zL;VTPxF!Aw`dq+K^nC-{qX9*kQz-AAV%MJzcWYj($$g+@5?#k>B5Sy0m zvUVi-QDWmE4UC6C$8rRL(|P>iUzroRiF0ft5eo#<)tBSU4ln*TvJTejP5nu7`&A$0 z6|q+L&?yzqI4T~!7Mh`RYN2AN{{a%VGfA+)Pp^Aqs`Y}j!T?Rx-Q)gXk5&-&bb!kP z95(Q{sevH*dw>Jo@)AKU$h#uU15Z$7Dz-LP^XA-lf{Qedpliy2o*q`0joo%)EzKSl z<`sbs@3Rn!^oe^w-dYm%1yM*ZLF$zr8oTD45{3If8eG|(?s`{t_fcY`lq@~JC23Sl zKF#3mMoHKcsjTm4CJ#N>1nFtGjZewhVzr_pVavII085OyI0Kit3FjjkVk=F__ffKCE9-fnZr z&0d$Af%ky%#42LMx)DTVgAo{Eu>6BQi1W8Pz%6KA7#--mdFt5$65WdgglN4eOpiKP z&VFwqew|o|%+W}2{IZYYlWojoL@iOCdRKHXqjSu?L0r^*HcfCK5>4P z;Lwe@$Q_In4lR-@P5qWbtELZ^Lz7B!=*WBlhsGnJkV6IjavjGL{h1Quc9u6R6%aHi zon#+xHGUB{?7p~9GiV}l@$Iz~-YjpZ+@}kvM>8v-n-9k#Q;O%A!G98&_wX-ap~4nL z6?n;}ROn{~{*%aL`7hfX2-7IL7Raa~AiNU?nWnpfPPZ1TNawd+k>6hD7J_U#f6R*f zm~E2zFl`G-+bWhe3Tc`U*w_Q$j*7xf089v@vIGpmwJ>zrN!&o15Vze|NRrL?ma|FFc5X5mM`Kwu~9OC@T5z}xUR z;QeU2WaZ;o?`~k0G*y9Wv058ykfkaWYG_APH}g8fL3bPya-`)uK|Ovd`O&iLA~WcX zY6gDb7vSuGAEqIMqyAo9?0n_`N)DK}p|em~_tL6#-2@Vf?qa&^uycofULV=fkJrl` z{dm1K`MRG)(}VRbsqou4GaAPni&s|<>#)yP=OtfDWc#KAkyl4Xkyp!6fSKnUi8H*a#QdAIi~V!wR5cu%z!vdvhIf-YoA*DDh4V*T zPET3t$1xb0;Z?Xhf!rDG&Rlgj(C)Fh+T!MF zwYkp^(Ht=IPD<@i&DF9wd(x^Ah|*;)S!2d)Shg_MkWqzi(IpT$wM^v?r*8Kjy8Hzm%0EZe^M95zOaE+5 z{&Qo^(zm=>3M1r^c$<#5`-;cgugi|N&8c_Af;VYi@})$}e@7)>1oBgo{*`DtM0-*q z^O0y$s?v^Gz$hNGfDx1(vq5VzKpU;empse9Ryby99YJw;Fxs|8*vgMt2Cn?j=7h-& z?S2mPC@`3ep@ueg7{&e4_dm4F$OPP!6L8a-G@e>9dJhXX98KhW8|xLtL)(UEL2V9g zOL%cOIkcz1E-m2%azfXHuJWV%P@dU!EOUD8#gTRX#d4j0u{HVPMs_}^(9s<;sDAyc z4o;_z@3*ZWMlMtMJCgn{+S3EXo`$lnV@dBLju}jDI#b@2GMEQ^Fb1s3$dq(PQ{freo!Y#jdZH7#5q6xer!(qZeJj49CM$#rBTI{{P~5*k8s&uD~3e zS)l4^NX{*^bz9KZ{kPP&O9^V5#6LY>{L`2#sBsM3W>Vz1`Zz`j$Mp;-8XR@vbgBGs z#C6?Aq6;X8e@AB6g3}9XpzjQ2x#Lx$zFp|Vy_n{W@cH`e3km~G+psT;6qSk6g0UG% zyja04i>=@gV|^=haEP&9_b@*lfK>o$@SQwfnM;#_hL9+k}vH17feTwjRFau+q8jqs|D<3Nw1XiUt-qw z{W)&|*3Q&}TV*kdcqqR^lI|XAmtS~vwI$S3;iU=w;v8D8$(L&)^0>#zuB13Ktz zSx_(uLxI|kpim5P8!LiS{C=f~y#Z3>L!@`NAgQ!k*=*z6khbq9GDUus4d%|Nml)NO z(T-@@#|FLD>G78$isgL?@@pd#h zuA5PCKX}#qRben8jNftp&VVz!{z{{Q*vRuEW7_lOnD%^Y^7)ONJ$cOt>BD)r8$A1T zPJs={S45Ml}S3%OAeuK03J`PS~?1Gvmr7C?Jwb9yi z-*95lh6|8W5zMnLtcxbVgNjBI&Me42B%a++klhf^-nAebct(K_l+|6&jf}g`mE-Pn zt;y#$n!5-Le2oi>S+}jQ*e$439J~c|H?{}0#GFPSM#l!pKyIRzoy9GA z@v-ol=_1r~$AYnjgQx5K6N;_Y4+Cq$^a2K)U8+oNqGejhcCCw@#nh-2yNG!X;o@oP zlIhzfGPH-mON9XW5F;+)jPmn|Qf0;`++8Kco+C4<)dL5G~)`H)i`o>msr&B!N9LzN0S}pA!vlbEb8h@#aOLF8%McW z#H6pmN$?#p7zA$Fe9vPEi<6_3xs( z*rbQy;s<|Lp&c++Vri?u4>`iRCQgq4>(fHn)V*^^o9fdzJ1Th><+CFj`_Gme`_Hx} zpWW!OPpebHuiFOno7~B1&*UZK{@~%i!{m+VGN8ChI9Yu2A-v63p0&KV1yv%?0IQV& zZOK$&)>SNkkH|mXMmcvNKQb!g)J~zb(yLDMt;zhxQrW(#>h@35{&W8>djPz#KtGUAwHAx4P;}!#e*D5X-%Wqv1pE&8H5X^)@ke*TcTNTk@C79X6aDFZocS7mif7!GrDe=b~4@AX@ z`^4ouAr{irXX3#*WL7b=3l)U8+e=M=C3z*Eo8m(X`+U+^@>e3?JsH)wR+4T)k~~eG zi_yAvUig*>TF%gz`VMesQb(n}5yi~&34?xCNO<42JPk$Md7m`ig=$(Wk3u1(<#42g zEbuktEhyI5Dca_q1Yd`Lr0a(Z1|S-q&qGPdde{m7^3y4o#XE7gtA(fZ(EhFN6AwG! z^Ed7jk3ZmZq5H%O5BSXDvn&D5LuS~%f6M8qAH~~GMqyC40Pr^a!D6$$G`=SwZG{#7 z@usT@1sgX^W4Ni&Lf9dIwI4t#8njXkP_(f{?wW%LJ= zIfvl=4pu|(PJ{h=u%~sWUEztzO$WT?fV)e$t)v%8(B=5gYMY|@HM1kJsW(TaAm1#f zAm40FzUh1U3G`Bsuxod47elp5i&%1dShNPzo4Y2)EXK-HQ0d%?c&W@<47Gx!ogt4t ziE{xMjZr?WtU-QbWR!TL93|dpO}_DgP-3GE@-LsXrt}*m-VL4v-jqgMZ@VLX2tIkT zI{W(XkrD0R<%st0*5toG5Ta?{AaK8p%3!tV@lumfn8^Q*m;5R|OO=GtoE9yKX)8<* zJpjIlm6Cr5D-!pjArD4F2WX~5&Fp@J8oyro z6uj?(dgnNx9yiCa&1k^;4m)oeQ=mUtvgq#q3GhIRdaxM{)ZkN$$QGQawEVI0%>OI; zHZwM=AFSH^j~C_tAF0jr{)XZ9g73N4mJb#r4QbViBzH5?mQjrZC1h}}t3ZWZRAh0T z3RyogrN6$M(qG@2T)&Y@zet6^*5CetxdfZh+Jef`M!N(H98E7na9r)*HX@ojh4`rrEu!0@b`?!X3ZGX87*}nsoU3BEfMOA zxPjRWEnuPd>Gg&9pSW*XHD1xKKG&6hjm(&D%EzF*ZU)~@i3}0&wZeRSE{4dJ8$Co` z8CiEsth{+ojJ6r`n)JeDMmP#ZQ=$7UJEqYoZ;a>hB z2zN3{>AK6O{QxQ4#J^-aWDULS-iUk9g30Bfum?j!*&0xy{2sZo+nn}}%DlYbJTc?@ z8j6d?+cu-^&{6VZLEl>>gxm0*Y!jsBhXt}V3?`w=T)Y@SL>!?=cLzco_9=wDmxtX@ zZ%2S46!USX@mw4Nrn*^%%LEXuaH9-gUcyBLQ}(Vgx8lku-y^5oUKrVEf1%uHf1x$` z!bZ+i1UJ1CgJ-=I)rN7o=II=odF%-Vb^U1PYOXo-`#8m}7fbl-n!^1fvnXGQFLlYa zO?Dm0ZXhKOx+79p#`C>E|}F0`81wc)u4j4RC5-vbx#fUr0m zJWSaUi`$Bqmx6K~0^`eDlgm9huK_UJFSTXUj$`rn%Y0jx_fUlhn!40Nu8f73k$BXH z6v)K*ZQJ%5Tk(402g$y(6JJ|#HWKC|;q1hzD-z>-&Q9zI`kl0bP4>zqSNP&DU=SQA zyX~TM%Jib=_A*-A>#hi*Bk*8h;Y!n(x6aAaHR1j8LhXIO3u>QOJSFGhIFNc-Vt&jw z5*A?5Wtm$G?Ad`gq9vELCYO22pN+O6=$kq`3_(u3{$b?=NV9(TnET?vK`u%^$9k@+f?F5{9 zY&O7P5oFEhil)bM2Jar zR13E%73x~-QaYrdQ5>{Jh%UsVWgmUrI|ySzYfxS9sGkijoi&9aM7cjnEK zW~p#QA@s!*Lf$C^+%hVb|R!N7mgZ%XRn3*5s2L+g%m5LzOFf zMcd3oW-s}MxGy`&zIVyN;LLf_dCK(8Qh_7*Zg{gHZ;(uTl2E$Y}LIIa)o? zntWg*X%+0m4!Utax}WXHF^I=(#YcmW*50D<{Vg~$LOVr)D2sQSh;uIy>DdQ zy{}w%?`uuox6$2o3y$l)rh5lFpP_g&V; ze<5m4JXVd2xU0$$cU5b0)dxsiSkl-8oeQT(+s}6)+}sr#>{j2{`>~X2>hkLELW_-K zafN~8AQT6)ttYTbwOXMlc0sl1s-}TywC!zha@%ICPPH}WjohaQzd~Lt z(#a#=H3F~mK<7)Y*BXmwbW24njKzaID0r~Xu{R@Md^f}K$nskomJuy8|4fJ~euOyt zTgQ4W==cf;w2zaRo{>q651@o2N9}P>YqDn}CB{?SxmehZ8Ci||HO}P(f0q~@kCuNb zqz+~n{ka*vOGu2NXBK1e6l!FZp7Rq=CCpFYNB7~np*2%-r>%xRod*HU5_$wvvb*jb zaiY8bV8geHw!A`^*u5DAUHne`PwU^24cy_>b-lb_VbZu+{jvcW-3%{P-Mz?OOON^d zvZI_?{4lN$h|Kfk3?0=(YT0qFNdLd$MIe)+Nm9%5l^h-rj|U2hh`4`WH48u`?x94Y z+^-7CiIVz)FZTu4WK%&o7&Y7E>8{Ah1x2`k9*p*&zU|6=qM#fHw|4ORu1KPw2xGT_ z?(HBUj(=nZ5`g`Sufz#4n&p0se-z&34&L&Da&+^w$kndMwFO1UeJygmD{@Ie5e9sN z@xI(=UAfN{l%t{-fx)F#h4X<1%m@1A{^u;jF5B2QO>Y3@lWIE=wCWGRMz4YAy`a+& zFgmG^@8(R}XZkz%yKJF-_dRv{xBl`)l)xL_7axE#H5HR_si=FAV+B|Oq0Dzn0SdYQ z)#v9(Tm_5hiqQG6={_QBCnJ&Kn2dzZho(c6Raca9K70{$)_VL%qFsm{)nKVWLPL5n zs@0{wGA!&AbO_z?NkhWZzH?A`;@n6-OEQ$q_qET)DQ+HVqpFB z#`i&O)|YUhlj|@T7g{Wx*oW(R(1r(`}q0}{qprA3Ufj%xI%=s%y8g}HoGjD{X! zj~DO=>!_O-+nz3Fo35ii-I{!Qvu4}LUyQKrJHq=CYVj1c${vdw!&w2!8LMx>?a z0EUOlIiw6=UIynknECy~way=2&WTL;=v-bM;Y_W=d)cnbtd-vLJCWA(e*UIB9-Siq zbM={cL~?o*6fc4Y9;rI{D{n7lbk^;ycwVeHVwJv)W&a&%qfu~xJJLYspZXO)57apY zKzBFPhRJLiC1f>$t&Wq828uzwV&W;nw+KB&V&^Tno}q6NZZF_w_w)9DGagvEx3LDW zc4wU*P*{Qo{bp;TEe8ely@R>y7O;L~%E1>7x|5xPWp}c}{$0es-N_r}Q}1`PGZ4&6 z+@on+y9i#FDFuR6i(7aQox!RN@e;h<1gY=28(sQp_En8x&dspOYP^|TP~|!Y^i3(D zZzj2Sm!;Y73(z${MwlU!q!?bOC0U(k{LQ9*1w&_UJ(=(_qk zREhcwHRpSH;|Ln6BCxNaV3>freB_kcug;u(B{)K9Dz33gX9)2cv#QOZtb!UOQiu~1 zf*+%bB2j}+Z3EoHtI%uQH{LUYQtfe{cpL!#&nDZ`rZUlTC4t~S9R6=lcfFT3TPH51 z0QfXBI??j2Si*-26SmR&j>0Nq3KQ(M8(*U9HE9T3jx@AmB10V^g|s7h#(+Jc`{GjZ zC{waSKjfWU$59li2(ndHY_@3Tdk)D(7!ivK2zHj1S!51AiK4YqiT7nxhlyGQS-3Nm zeazg{$jtl2X=;=9mB;tvow~hHR(U5GZ$Y1lyf`+`?lhPFPc-soH)aNpKrAc?Zj=p+ zH=~O)gw0CX?B;-Dc0w0QHd}zRQKbnWW;C0{(}W1Yp(vAXS_u%mr-@`Dm|O}w zA(dJe&Cr5Ej~7u!U`2>W?C=RZITjE8#qyGv-`^WyPFMaacH4k ze67PTdKuD+r-OahkHxSdbRr(Fn*U!?rD>5lRuQzss6$W4PD>2PDFtk2d7 zx{kF^WPOI~>&vOjP%F}`ZyRN|xBCz725)RT^HFKAF9nXMd*|SEU)Vj1&v=gyF8k@hK5XRfnzMi*rf`vdMzPx1%sQsZEN+ z3nv3ALgkEVhyxtsAm>b(m-!)5bapAv1pXW^GBc@F{#}G_oPx_}9SA6pmeCG}{ibe3 z{Z16*f+1BfVg6{%2S>p5cklu-b*Wrwi|$AEYxTSLX~UiHMrIM9G(*7lo~|B-fE)hE zmq}f#Z>fA4j9`iktSNV{>e%Mqx7mGW<;lFF<(=R`DcaO$9-Z}`BrLUc({rlO|Gj}4 zn2kEvxCSjGE{HrcvY#kd14ZS_kEg)Q;)hv$P>Va?oZ08Uole8}MjR7ogo^ zKC89u%$`gITo8Rju&=K@+d!kN(A&6D*?Y|{*sDpH8V!ind0lYFEV25Va9=!rP?JsehcbbNYn0Z&6%>V8nUL3KW&d9 zwy9bXl?<&K_C0YB^r$P@Z=S|VJ5cO`n0GkDB!tmOFQ5CkC&35JnjgbD491$TOVf@uJ%_VDrwx&4_ zYwDYjHLIa#3VYyL(>*O@&9(cGimof~e$uk$#qI)Z7mhzlp@Xd5ESzCr#5>jPW)aQhv=n)OUHO0Q*f}pCkzJvYACx zM3#=+UHZE{`Mp$Y`u$XKnraeZ)HRh~6gou(1B0h#)0hWl11>7bP%`@H_oQM;&X~;)4 zT#>Je2HzwkeSBbWL>BEKf~11#Hc<4NGhW0D?oKr<%!B4q=NCeJ<_pOCMVJTk@AJ-C zi@fGAZxn7f)GuePbPgp%uT9s(6?S#iAauKDuGO|#@0R9COMg_LK}S)Mn%^E9YOkkj zt$!lkMEH+o_Htxzq7ie^n}gGMiZs1R*gJryoeFh(R0XaAxj9Tk4~1;{Dp_dv9u=~8 zAF|%gJ(&mgjs~s8N6=Fgwv>AA$Fn?Fs(&e_Zy%sUBPhbn_r zTB)=+)&8yj>`I1EuV_^Y^+aQP*uvo+yV`15-<+?!GQ9)M2sT+;rW_5jN z^!NF~Hk;WO!K(Dw{1;wu zvN|^wvx&!Z(3Q>*Z`$|*->D!th(;@d41xu2AVX8oST!TP1UB9be|6Jg^X3k2tZC@y zMSNojO^*yA)n=D-Y>93YjP(o5EQ<7|>$mqFQR)2cAjrk_(OZcWr|ZWgGPULNMH;i2 z@s!*2QvQJ|_@_`%5;+UXJQaT9@`MK7ps?-R4{eJJQ4U^_$Sg%}qV+bG>CV*pu9mgj zskWG?+W|J6If%2c2!5AV`Q&tH=FE0EVr4*yY^H%yWU-c=pnn}DEUWe`LyvTf#V3ke z7fuu(pAZ_qG13qwihF)eEc+SKN=EyapSR&tQ zwYnS5k;2x9bvK-6Ka~&Uv7IL_ent9xlECJWyoEo_ zY?8uB)R1&M;vXR$oqWQZ1pZ5fKKp($l!te=Wjd(6{b!|Rp|;XeXnWt$_I;~*0U%@o zwdTo`%gPGG)sbUTkC}Qkaa}4UF!A~>$vY_f=6pdqMY9c;l3S`)SW;4wKY-u%;%%8t5 z1eGLo^HHLiYio$qm8CCrD1MCinY2)9ycPv^_B}Y{)qboh3o(18qu9O@s@6RBvE zRH8A}0b)_Q>!XFjLCw11pyrnh>NAAbgAZyEP7$X*VpiOB_P1C!&ff+K^2@5p$Z52s z!|*i(fPg4{t`ftLsBsv6Pt0~k`y7!wuk*2hPZzYfL{$&eF`P2^(HzJ{5HOJSEcHI+ z3*=G_PENSYnO-VANMy8%6HcoN820)5OVTM83qGlE`5Qv)wS$C*eucFy*`EXIh@fC{ z#N}`6;)IIeJS?qQ?1!UZhN*bBdbU_$=m16>87pXTx-t@4;C-4bA>Xn$Cbxd0uxwWO4 z>a^oS5~`nnWF!GYi+;X3R?@FpkXrrxsPjS&nd&oqXz43#qdU`wo&(wlkUuPnypDpX zyS0_W9VSP7s~xLior&Va{DR2)kH&{%;ICV;CIs!_&&U`s!ljJ<5r?XmDe0yB6Y5%i ziLU)?NTyN(V!KV@rZLh_jQ@Z-r`UyJs#!03MMf?$H&rPW zcUTPp?-W4Xpj{)b!S$x75pzJzhD^HRqF1=s=N6~=EG-T(K0R+OBHB1 zmL7%+b?!fe4|#ztJ>pOE36f&iF4X#`LOMD#W?d+u&)Ne*30NYs18P5%l$J?QXdM0# z*?JDdu;1u6UF=R|b!WQpuM&#CKqw{)p|nCtLd}7%nJJNzn^lJlLa?+|m~>C4*O$(L zH8ayNtpY*=te0NOKM)XxjG^xP1lTQ1G&g_A8l#+`En1N+1jj&C1sdcng%$=h5Wa=9 zFb#+s4yUb@YYP~$Vi}R0EV|ArlZlx;N=Dqqv1&`{mq91W8tkNxtS#S)L zeNZm~i^{|D+AiEX6p3F;O^C!D#|av$4V+S-i`Iiy)K-LcLB`VYGlWV){Pa>5L;rt^ z*++?y#as$ZMkglUp zW8%3QJm?&Yi2KD4t!cN^f+^vBS##IP3CYNL6&{hFf=!haiCn`Nx6zRsGw;{59rUhX zBNWp0Xa255_`DNGT{@`fx|56b&m#VTU2lN$ke}8eLU(JO>ocq|_ik+{SjT*X#DQR? z8Yo!Fb}SckVeFj9wsK1q@a!&gjVwtgJCNOh*c$f3MzY(@OH|?jqxXGW8)@Ka7yxz1 zyEAn_v$k?7f(gCpt_{3sqOBT9X)`8q*`8|W_|3h>bNK+raGWREx1mr^)V5r1h!1HaJ>t^5EibLUtFfb zLPABVbNbf4t{^1NPiOz1hiF1#jvk{0H^+(xAB!N6>dfC7&n4H@(P{NhV{qO=5R#0Se|6T zxZGn7f-b^XsGw-#bGJ{0EmfeU?hG${KxaW%iMa4*w*(vX*QqYsn}%Prunu3i89*|J zLw7T$x>!1JD3}yt8G((M=XQrY4q$wqE)b-cPD~Cf0@)@oqWkEjxMBuDtB@yJV>lC2 z$w97;T0Z@|8YdMtK%v?r4sKd`6;3NKx%F!Pi`$l2^Nl+z6Ui0X%rroPfvS~1!v6+yi&tt=#=bB$MJ?@ixXnVoT!k9sST41lDU3KEITA*d&Q#s7YuT2WW$ zeXh>uL@Nh*EVzhzi%f~bW#sOpD(#$&ON(PY3mwH;X5sp<;2I!)0Tr7EhrbFOAR~D> z{@0?;BEArqnkXyFws*IoMlQK{3D=SF~bY>h_pZ>g???!RMfcG!y zQ7rHuW?Pz!(`=&>mrgE7HaIPKP+=N^VKAAo>IMe}f9ulHOJ%s*16L9!5eNAsATm)j zMIr-qiJJ_7oXDJI(}v!X(VRYno9&HI!>*KG${`4D3d3I_1hiTao?#5Ws20~!XkxM_ zk@;>&G>Q9Vx=_XU=qvcpm{3uVK7}j@JF25&wnujG^NfY=NJt`rT(W-y7*TRSW=IfQ zlmQX%?K^}AR4RfS@sG!!2B{4GBjw1a*}}1aHv%@saXiW62q+c7O8f)Cg`;tcLM2F7+eSx^Z0E!gniVmHf&<*@0i96Pd@t{%!&t_fWN^_y4e2DNS4~-{y^*zsMpLk(=>;3)3V!Q-do}MODr&ETX;*M0g8p<1a$K zJcy%m9xnv91=$tBi7XV)!b+-S9m*`WF8^5g;yW=GQ*bYUMCH;3Z9fP7CpB_54NY;= zMesybv7&ztyLv>0{DxXnmE>Q;-XLa}g8#ay^veQZv~irhfe<{6?9~>-(VfAyn^L;226H!-ujIp#Ks*-yAp8|k2Qbvy^A z*Dcu7w{4h!SzC>8U;haIS`3MxuHD~-9<~glxVS{4{~Ak+E@XN)c4Ma!|3P55q?!E# zS{a_1y{!z0xS73)@bF*sAJLZaG=?Q~qxZbbi=`tIOm3A-Mka!PA>McmfPi$(7zI`( z&mnnn2TCL!66nT$37%ryHDjvCQWG9w3?bPpR{*I3|19P8{#O8DBVh(x0utj>x{xXT z#Rd4l)om!VYbQj6A%n|jtB~+JhtmvSV7lylzyx#>dl_zy!fa5AwXx8YoJ@(QvJc&kHY$`G0YGy2u!n_wJTzL_ z^AQwKLbOdsoe7Uf6fKEE8Oeu>7|eKUL>NyF+Y;21{N7mB1BPwmQfwWU)IHzWhgM)vk$B_lOn(!vYK+EJ9Pgv$%<=644n&Zek0Fw4c-T56@B zXOF#a+tW8dTtg#u<`_om-0eZWzRota{KRB)qJ_d?LlovJx6MRX;X{O)&5@5t%vTl^ z5%b-DJU`pU3*&vj5D_ih?4XN5T>L4xUuC+x3?n;ZEjrf^3A_NU%XJ)?vjmT%$<>=b zKrVqgR!pS~yM!?R0RB`2M~m%E8Zx-$K&^uXHQ5PexE2ZGB6M7nTJhW{bMek^0!zST zYJavmc$wokgeoD;nrNOVFa(M4G*?Wo(QLHK<lC_JB2U zVMO%A*HOm4yOB$-;q6ClH+!_D8jgocwO%0Eiwk@Zcaoap6?(7E%D%3Zdi3kd`h_YL zK&B@JY%&c#ji!c=ZsGvj+$*iQ*;8{vT)V4!kc8?@J!Y4qae|DSQ$@bRe}J)sDAxpB zWgrm|Tu0Bofr`a9^I@%kyXMF^Zq&)tq7+G-TDI2SYi&NUFNp1Uc_A8<;$R={{NrTM z{9*@T8O~N!A)-(bI9f?R`zKDWO3c3&>8v()PF3@d7b1jPiv(@w->#i|KOSjkw6s&T zPo3Pl-3W2H1ZeWiSJjGVvD^FA)QT5IiE`-z=djvW3iCNph;rT`*VrZ4+fL_FgqBTJ z3Hgv?S*7Y8?9f|S5a+2EN8mT0c?#EbkzSM^-ibdp`%t>OGW#jU;QdWriA>*C|nfDkhFh#~K-ok4*dWZeE6Y77NS zj@yr@Fb{9s-tpmral48fEEu<2Pb@!fe~C_lx+{ug&`r}a8!P9>V;hH; zb6Ld{HivS)WV;VU&Y#;W(vC(-ha=~`AZBlAIbRTkI8#JOZWZ=}yHL(&^bIDRp-f`; z=MXZ{CsQjdAig0 zsk&A$qu5c`>o=r1T>AN)AODATZy;F96qo(D#YTv-Mu@UMl5B5a4c<+gtrC~gt@CMS zheSq{H4-bt1M%SIAw`gvyINZ=bf39~I_)pkryNn(yMf?~@dQvyC>HNJ-n@iQEERp% z-TRfXu2-{^?HeEs;6hbMncVm0Hl~PL8C15;BmGo>?6M;@_MozLq?IjT$0=h3i(ogK z<-NjeD#cEgDEhjiMS2e1o!#6g?uA2XoC#CsO$by^*$9P2YGi&8))>$HQp4bKUxt=( zD!Mf~HF5H|0<6!8mYO&@W$%C|bI7%+K3m+|es}_@;36l4`T(o4GCijjU5T(AE-?_# zyRv{rMn%n&-hb=(#kV#{uKF5XdDIWw*{IW;cYsMnaIeJ&WWqB2-ugwZ)r&@e{}$U` zknEF-kKBHV`7Ez1!Qa)YxJzz~zc2;{g9@mHlXkS;M`4hol8ups*AfTHx!!!X+Le*x zllaKLp4h+o^~A}m^av%7C?;Ah_7IK=!9`eU5rRiuOpm$i+EF%_tZ`O51u z_U_~zgqTa-fy_K-0dJ{mlNXZCY`nvs-WN*R2}GEetLi}`&8Un2?6i${+kt}e#baKL z9oV3p<@slu#8Y0)q90oJK->I+2sS_jDLe8hhe|BGYRE49;><@R)2=?xZZ=nUipR7t zI7DkL)OizfzIl`lAHjnoJYH=;Ya4tLeG^_$91PcNvYCrzs8Tv+FEo366fi|pX1B|{ z-~4GYuToqr6-Ir8E&9znxm#G*d<n9T%ON^b1Xr8)>h0zgH)& z$ja}VrRdEV-xHIo6Pam9B&CH7Hgdw5piJTJNQJX05#yu4eU!$lCmhhqZCe`C&}YKN z>;)f9sC7sBp32;e8pGoX0fkI1t0a`-RvaGe6)4?ozI=$i{|LOt^#-yhgEZDH%d;1l zlRgGgxnZHh0lQa0;Eb9Tuy@AJBrCRuVLryOIGY0%yz;|Jm;=cd%G?nQyaS3O-b4(f z*HdI%%79c6Y&k%3MfKR$EXMuj#huuilg@?awq5b9$Xn|WBL6ey$z=zA$l$Zfk01a(K97e*~)C-TUqs-K~4afH)MnxWb+Ko2sq@KUuRr z(x-6CU2=(A^rc{A&NG$N@OpQLuok~5R>B|r z@dJ`S?PzSL3CD^sh(c?w;lgHobMH9+y8D>n88!`MXXD+qrUA5Vr$z$|{ape5S`jqi zpL7!+7d#Wcx|99*7f>P7jRUmIQ}GF821LGR(!CYyYu(_Moi&^O1)OwC0At4PZ~IJc z(_Hiii)dR2TxkK2-TbQ17va=DO|PrXHmzSy@d}^5a2|IpQZ+>NYZs#0cLz|;O}lO+ zuw0Wt7>oeSPb=Sq-CF;lL>r6&dbXbPE1ErsOYrf)Q~r z$`&+syD-&1l3@_-a!v0ikO722)R{8?`MFUO-Z0~UL9THy-adXo=k$9RKOrhWyu{=tRYKK(B2Ym^gWQ zqD^Dkd|c4IpLhEJ=(U9WHO=eawfz`Cllq{Bz3I4i0X`4#R^ak6fyk0%;`7l70#}~<+ zyqys>UN*)|3Ku)#7ht$BN0hxgcToXF*{QdhAEWuO4OMs7bVP48|D@zl7sieXx?3zb z6)@)yX3EyXCy=If;&+Ksn3(7R&vPOP(DjhtmKo6`SS{Y%F~6Zi;^m<_!Wj|Bui2ha zTJ0zjXsP)h2S=V3LzH@~Bks(jbmT@TNM2c9l7-uehott9BCc>T`1z^4w0rNWt<_`*{2YBMY$UTWIb%alqV0E$BupaaMv5qRT2;F5) zfI6_VuggaZVG$6z2fvUwD%nQ`J;}B9%XeX1O_gD<4PkRi3 zgu2rAQxVA1KFsY2;Rq;$oYP<)JzVJklSmu7fOwQMi9S(g`~ zA1g%YZwV_M?>?P&IWm%fGSn_AXV&$x+ND^LtlGm1h@8w(cTi|z{to9w<=PU1CR=q2 z-ZI#5J?SfMO?u@S;d!|9x>>{4*ZZLbP?LOTT(6gu%~4;stG<3q^>sV-^`e-*{#U5! z!4FpHuz>LCCjcT)BYX-#G~_1+Q}x_%CygmHY+#XXsj8>DW|672%=kt$$ueVpDg9r} zp?z_v&O;M5PgO55%-RxHIjR0HxKysO(-TLgC5zqXNM0Ba!oUqKZ#qtnn~qOKIxUx4 z9TZ8hg!yPR$q@$h^&Y4b`62Ak9wxLyk2;lp-qs-9i0sglFNR>|J23kwm>v)f|3&Q3 zJNprSu^n2^3L@6l4&4RifHA}fOlXHb1^7s`c4#-(+LwM6Dw5HXI9xk){ z=&#-a495=bJ_NM$Lp!uE?5vDs3_;kTvFHf2#X@Sw=eF`{hM_i;H^Z~7*ZgeoKE3G8 z!*Kd^!Vu7~XU&b=@Z_?_V%?&updEXB=1gx(Vjh>%@8+?e4&H^meSO-ZM%tn~X^XDA z%hj{$_iZ;;F!7I29F<^;X306mrUj(-#ao6VbdOfD_x zypY5!&DGaLEX^!Tq7u8e00%pN#@s1AX`h>4hsSNh`g0$;HfbF!357u zF;dlTeld4l2g^s|V}njHjzWB1i65FQ73GOuuqlcM=~u5H@ z+sy-ojf!s+-k$i%1(mwzTYM+HNhi3IH zM0)5%ng=($>#TDZ$TJ?6y4kkrl`jGc&0wJoi8V7`k@-W&BV6)x4!+o1ia>bhkL~=B zldYq!4oL}=CMrrjXtoEwCvpmKN+Jk?NDjx z;XE6;&Lt5FZfs`s&Q7J!chG%iBhnE}DY_;x*(}q0>81}TyM8mGtWjdC`%tW4R@nS= zV9SWHy7?MSb@jzwpSXLOz12!#nPV?7<47VWTtm|L$ty$pI#JzG7}nHf9(X>Kis!|r z1`9gh6{!FP?4 z%)Y}JtdslFWJ#+)>K2&H77k16PG0O2Fy#*$7ug6S(e_iK(ZcAgy$G>sp4k%{TR@{T zFwG&2j+4$tCke!YViLOX~rVp)ND?9WpcCKQ>W3bWefD9W>DG4o~yT_-$rn zS(nvgL%5Se_(C=2=#^u5(PcuBys92(W}KEfN;?qCfpKbp=D~Fj;19{<0E$j%@N{8} z)ZH+@k0(UIn4f=*;LIb%?m|WWwsRPf4;lGifa6v2R0RM74H8jr6WE2E1X@F=qG79t zzg|(S9`=wnWxdq=6VVB@-(_xiCX_3^To!WG_Lj(1s4Ax6z?!IvPlhn!RD^ms0&D5z zJ6lFkY@u3@B!i-`_b}{bsbi{$h@PDxZBP6Or&Hz0IrsYl>0DyrBt0rfACNE+4Cajuz`&HL7YJ@YS+3soCd!}XY zoR(eDU9~s#Peu2Xy{q{*g&(kalE774ls$FtTBeTY7k||82maREzYY95E&GMNQ>pBf zy{C6nn49|1M~Ul&&%HZ-)e=9@4J%2ySk;cG;Nm7Rjwm>5cNN1vAZt}O+@8PC#k z2_H$oEB81@YcSt~O2m{6D}r!bZIBZM#5Xi71iwfMlh`1`a8-><=Uxv+oj;_Y$#A7w@WlM0?YpuE%vzG2!df9PHdH%()IZ1@e~%?0m8O zy~gqFgkL8mO?fAOXRQ_a!=@XRKaNF`gKIzX7i*7o{1iE4tlH<2c*f^a9`goENfc*P z_VS3ux8c%fRT=u+RF*zJ88#KxVdIUb!WjZEq{8XXkAw;$Dx?o7kne8bIS=$2-QSm_ zF46rdvGw_~^0Ag^m5`771zoxr)rDeUNmD{VhEJM@v0zY^G*h07lSUMj6ApB~&MNz% zBx4NeUqqU43`N$L%hG328Tu?h`tZiW3y4Sgu6|j_8cM;JpB+|L%d>wx30d67=>Gg# z(GMkb!)3*Npbjy`<9W|$AEs*`xCuh+$<=x30}il6?1`~s*+kjZ-5?qp_#)YgFvfRm z;D+pR`nql~{q`y&JtgG#35@_@IR=YpvOk_%9PF$G`{QwFpfYjUK`zbh_kl?13wKw< zbYc$B;ydOqLCP@sKM>*nv5Hnc@ujZBb`5p-uNME+B({THYiIyAG(=uAmKA(C=q9~7 z-}L|+AbBg5oL0BpL;?&Nt!D58g*?cJ3G5mji-?l3$_DC|)(FbDA-Kpxp@YZ&D40dh zaTMyQfV)A8Z;e=Zi+U@m+mEz<%aRk}0O)&W&UomA4SMbvk})pmJcx3z3#KM^cl%L9 z-pg$8Q9o&l^OKH8xXzEwKTGez%{@#14!PD{Bv&A-_#ho+95jFgOGr*{mt5|Fzl^sh z5e(U9oSbKCif-olj3;Dx)aXPuCnH0S)M2@bei`UXI?pzRht4D~Hgeo}VgCo<4A9=|8%I7Mkd+M7v7ke9N~?l*^{xXen%N(oF{RzLFY zhG07+TRC&PVg9H-_yEFyXzME|UQ9C}ron7WvmFR@`6-SeOYmr>J=;uc9#W@njZkO6 z9XJ#Zmu?pZ40e&>z+vWO+XH{{iNv>u2?0wE6Aq+iURdSN5jyXs0Exqh!~}sRUa;US zeYH$cBIRZe6fs3M{y340onPVXV`9?iVGwMc2l*=WOpl6~>@%*VFgnA31K3-y94*?2-5E|n7 zTO;3gR8B@j<+H54J&iyk`dlV$IJuG(VDwfXv}>h31TGW>PVntOnc0Xu%#vS)>6gP{ z*cZ4qz^(`mEi@W+5fz`w@vI z9B70iPIs!EX`$q*(rmdo{JYbI?%X2D&1&-2S=(wAPnIYdufJ0;KGcTOSOLme=4;K59gNMdoMc zI7*0`Z8-s-*lLM?BWSm2G{aK{_~Ln*{U5}xLXXFTLLR4(K_2J??63?~^Z>rnD{Ewl zZc4HLJgB|*YX6P?h)wyHpdR{r=RPiK3>KcF!wUKyS_tp?(qbUkekdOQ)`fYR((ys9 zEkHY9J`L@}LSy5FAQdQFEZ_EgW&!STKhNWSR228$YpdSR`@>__KsnqoKw9WnNPzK& zw9nj?CkL|P2PD6WLfy&8;O%GB(FVl(Pzy}pEKp<`0~nlZU@sAFU_54T^fVmIw+j~= z`%uL@nURi5ETRPs#`!nQ{^NQR?++Xd5I`a9|KDQ$*SJY36lD4t%1@p5U*$|34Cr2Z z=|cgnNQi-8Cm05Ft*^Ub7EOexULIb{rsm*xo>{5vyk^C%FSTsKQs+hW@>x^-&+MS* zZkV~=Wj1`;X1>V-Cb=eLe%l(|)a^AXoB5>A{GrdxPqmp#edc_hS@T(&+3qtJ`pmA+ z+03-heEP2%|4H56@dcZCw$Hr5*PJ!OW=@q%cG*j|Fu0i=wez<#s4u9~x|3Z@h6MW1 zj@;@W`Q~K}2+zQbQa^(Z1IuVO%`aBMrP&6Vps(AsjJIZ?-T2O|FS|3#&Su$Xlue8f zVKv$l_vMipfqpl2BxfvlipL-^E7YSedcd)C2G+0B_+l)G+}sto`Pj0$AV&hZmSkp`B`^2yIg{ww=D<6LHT(Loq*7i zdw%{MN-X5(1%&fH`FYpjAwNHZC)WqzXT41Om7k}w`{d{6iAfoL&Ry3Xs_$D%=M%v1nrD$b)*UG`#N;{;W z9ctXR(r#N>Agz?`K~-T7nhE>XQMLzheF)c%3orCHD6iE!i1rELg*~*?rg#w$2<0Cl}QVGkcL~%&v%r zrrO|&was2P;Ssa#k@AT=c=-#U6j6~Hw+9LrvsiqA-g9al>{MH0&$PDWTJyI_Ty?rC z-E#o1M4kwL_X)^{yd%D&^^-|>v1s3*r)4rGv=q-^nU%eTfPr9Z4Ppv4po6C zVzPq+-l!lZ*RAK;q;UIlf}Y#qu?Nw+g!L2!bQwbgC|nWgj{ z@Z>sxVbB-EWb@NwHH0qvY7NOjjYX`13Obi}g9er;*@r2Ko|OYz5XQY#=`pU1Y_l79RWl6 z%}2AWeX85}&3m#P>j4hOzj><@FkW*0%?W+z89Zb_$VW#z65!vwt9HzQFnLo84U7&k zycQqrzahkh0+I7c>u%o^h^B}wuM^A@&{}|JeVT8w?x|WAZHk8IK`Y#Rw>y%%lPgKc zTyiCx^&ZZ7tF&;BRTfCEqAa=TxahA(NE7$848}f#{WllJ_K|?tKFJp}v%ENEvM_D1 zFl`>*4{4Cmz{XBM1l3=_t`pdOM(cD!ZQ|`wvtfy4PziqzYy~YmjBqx1paG zYaysIpoAvA<(d$rkx7B+18iA2;nbanozDRw17?B<;1morP zudI7@X?Z=Vq`cZox(1ckZ3u7#^14JxhJJ?fx(6b;BCo&jnX*5<)5_~KO)iwz<8PPl z^_ms`jLPeyH>00_kSa}9UK`A^kJ~0Nnb7efw}EDAEodu%on{7cfdE4OT3sEKiM&Bl zO3?Y9d4Ztc924~Gp#DU3vdMOU?=`2vrr}3B1%2*nvYUb)u4uVI?onyC!-ameF zDM8etTh_#NpOi67Z{h1z$$4Oyu@XDP>`4Z0`9Kxc$s0Yf!}1b)I!=3*2U9fmWL+Yg z0424Dt-0)5h&rck|DBDqq2DXaPvAl8(l$ZA)eF>VH&8*y#$NbQjG~CpZVNTs0n@f<)Tuew<|(je?<_zz0$2HD^+Z%9l=P zdFOJvX(hPuABhZv_9?H_`~ zBR4vhRd8ZEuBSr;j_15sN(c7+CDO}-E6p;l4CBIbDM4q$dS9LO1`RP1i34U?zy zr)2{Xt4Q2h-BFo-t9D-UUx^k=Yn$Fl!hxJujKg06<%@ra#qCtqf`Om9Z32&uCI8i$ z{1W6WV*SYx2owf!$GJB@wP#ecUW4kh=doi=S?u~twAKX67 z{kq?PJ%Z*Ed|+d`n+?#RF0^RVlw{|vb0|xZ0eoSo*h+Ba|9nIx+ykCe&5P;D&f~4! z`iVabeow7V?bj0)$=b;}gKrH$CB6^#w|8UBD!p>fDU-i4`SiFsi}}<2P>Jjh9l5;x zEn&2Jz!P)@dlBq2sEu8mgLYFjV{(gWO;ceR>aW5xF zpH-fy0hx)r_R^CulT!7xPhnoJst0x^i(AgHk*kG)NE!RQ_KeTFd^4KB+fcVoT>4+J zv^V7OJQ~liV(jHSUZD0G=UtcX7A@5EG8?#zgG^P9sLu>Ot^MAYKN-5A9b`AKo~e84 z@7r7Ma?QiSn&3n&#*dED#jj;?dlN>*({EAPa!kVpxo92;jqMwlQ79&W2>XfMZP@j& zCb)s_=NP41KMIaVK|4E*J0tz57UPCYRq3MH9_`7Wa(X=Mk->yoCo}BKep-T^SyWW= zD%ql{GrD@LI#@NeKk5kHk$$O}mcgX`%EQQ%>fGmEyla<++qT*A^UA+BE!E;BedZ#989s6^;kz>y;Q6mqG#n4|}OGC6CGZIW{LweRnBt z4`$zm*Ulau)~E-bouC!w>+bqND@SSU$CU0?YiUl43IV+=abPgqULYXb%dsMe;oH!l z!PPDZ(lRa91%IwHk-0;qg?GE*iMTaN%r0O*9bgs#mqoyZo(=4JH|YDH_rOhzak1_Q zsbzUA5Q;$7^6F78-E?zh;&QH}=NfNL2bIWO#BD5<#A}hJ;VdCEck)KNv}x}gQ&>%l zap+0~< z!pR-Tp!8Ux?T0TV+U~x_&8)FpYjim(ak?kfIB^4y1KdK#?pZjykdxXWYbuqgPWJeP zJ#$|Vp^(K3QDtGA#XG-iS$u%Ui~``1xTyXU)`Mg0w%sw|;NO3c~CU)78VuI?IE>*H;7Xor4R{`dOFOW1Y)(L_^ zO{crwgX@rOT#z=~Cobcj7NEa?_H2RJGr7X9cn53v?wQ}gy7N}<-LvBXMYgRK*DJB} zb$4ISO0n(D!ri=Z_F}kRNz{a``Ye^s7=?_w?}lrs!)kC}*C0qif2$(+tHP#R85>EN z$1#%Na)TyVtKis5kCBl?{zfd1O8*Cf+~GyY(FCJ?E)d;g_TmR+{s`Uu9@XfxICpD7 z0lz<_*3Z{l?C%l}&V1s~`O;TIMHMY^=!mWj-v$SW4G5+mWL(QYLCgO11#RXz2C7|!^X ziLaaiehv5m8VP!R7}m~_5HKP$;=4vR!Mm&61n;iaVUB9Y^mdw> zT+YSc$vZ!Y?v`2uN7%_v?HL6#pSm7>pRQ(iz%1Z;j17f* z?@0QIq2`X4>Pm`uRPa9K)b#l(nxF@-OE?E#92WNTJpDwF;ilU){$R#yJH`%O$RyQ> zF*P@$ec5X=J8wpDg$z(48=iiH8A|XMRR<(K$1t59^OJ|f?d>gI+nFGx<;=zaVkH2G z37|O4y3C`;*aX$0%~*3^5OVZcl={pp;tdFLj8^K%tqCg`hq3*Ydw9{;yO$Jg*9rs` z&b5Z{giUl;hk|*C-sOIOJOnFh<)EBOv(3O6xZeH@4#Qd;^lHkb1b%@VC)0%w7%SH;# zeKWc4LkN}t@aV*?qtiiMWsmMaK*}%$IcNgk*lFyzFegyS?Zbrdy%pUr9_5efUnrAF zJSMMh5c%fSJNQvyPQM1@>IG0z2xgh_nCKx!xhWkK4`7N2?jvFboWj*jpUHu_b85~5 zEW70tkCCcasCCicn`nACbkt}`!o3ieP`@j_o?yC>0x(x8Dcn-f-v(YtU^Dq%M9q83CPc#&Wr!SfDkp{W(a)qN+|a zP^^*IMkp6H%>U@fRLrC0RLrBT$w$2yeS*!40U55qXqX?}I{FvN{s0&4Sc!=)kNJ3F z1IM@S$2QViHdo3;C|WJw|1SE|ybNtIKGHz?$2-Nnw+2_3vx7$Z*wI6}UC!H)_Gd?k_jRy2vG zbU*i2i*=Hi20BYW9qE~dx(7w;4#!OjrN)U4yV#1+077N&Or`I{D&ma%JSL2w^9yzE zn7@Z{BaV9dBXJO!JtWDScAmDSX{X&Wcl|G<=65pff`78?OvlV^YV8$&XNK^=Q`D5P zY`u6O+Axl`TyVxucY;->AbfSq;vzE={e=2D_>c4_Hx1CHi?Nd zeuIZmf%bdi?Hh4XqpPd0%LA}Yy1M#n92yJM>p`mveFPE?sRJl= z03{9D$MNuA&Lb1HjUiUA(?=n-JipyC`1K>RkJp#8kJq;*uit3<7>e`JiI$@UUEisW z*daraOrIC)@Gc9`;VsZ%-`C*`I$zik=DLv)=DKo(xvn*N-3LOLdQ&;+ZQAm7$Ur+} z;QbQlKbM0*&kA+1*>!${09}NE-fj*#8Xsv{pm-n95nQh@*AjZ#i<(?K)q(xei_9lp zp~Y{6XcrEnMKRuj)7BZF^>6H7Mt?SS`}t1c?2qNFP)8Py#+Xo~S0a*G(!YZHtMj`O zVL}>!5*JEcfaHP`ka-XbjPHU4`dcyXUC^;!Xc3-X{r$D>^eVkxb`S)CVs|%3 z*&BP1!r_4bbPrXjc&wW_X&<6<%9jK*m#M1ZjEQ%D29ktq^jEmLdu23%tGlBTm*!$= zZ?W8^^pe7gaDh102ovB1eZwUHU-X9B9e>q38;?9DOZZeCp79&IZE1Ci9-tpjTZySK zer~YOzZ2e^>E=gJ@|dN$mkXr;{0Gjb{r&T?{c_XEUwfaEUyyPvIgHvt(Nl{@Y~@y4 zjoI5yNUTg8FIVwx7$#sXbEYykg-jqVes0S}c4x90uDKd7)l+q*>MxKH`l!EgW#yWz z7Bx03>o<1Vs`Xm6!L0hTtxB`0nX)dO$8Y>cftotbZVr=Bv!shjq@d9>!@WOFD)a55 z8NJyRSi<|Z1G}Sw&5Q7?6yeFRSNIPEM*@Urax}pT&l#~a2oD5mS}bk72oy&|a6bOA zcy-vnor2fzB?Ez|+>B1a>&csJcbhaPZ@4Q3zNdEAb)C<$t-&H6>hZ-!#0*Tkt9cx2 zIws=W)bN7uFF^0aE>b~*9FEx87U~p#KZVLuWO{&gk?4@L9R_oBe8dKC%T(!`TV)t* z$}t)x{SXqK04+k*akLm?!;cDgzct6gQ22cnaDfv@>&C_hfKxp+K~R8GNIbV6wBUWZ zbhw7>n6@X~qxUmp1N8)4m?M6<55gSSZEy(s9OP^{5OO?_ma!xQpciuv5!<^!8KF1U zK;>;<=*G`R(|B_bXPjXnRiJ*41}pMahzrHFe`Sw8@S+gl2zFU z%|m~*L*c`UEk|>gRB)r4%JRz}#YQh4-^3{;89@tOwKe}AdEXu%XHoT^(iBoCZo~>f zQ3ABka!o;@P>>Y5x@e+B2~-rR6a7|nbitGZb8NVzTb0Z=DF-{n)3Sl{qyVR)6MhDoH=vm%sFSyoVh$`sRfTJ z-Ql|W8z|jbuE_t8IUp<0pIa0OER=9+00=S9;~jtY`;}baO!9bxMj8gBD1+~n;~OCc1E`3>0E#jgK*bCm0KFjwgWjeAVeq$qY8m_s?TG;} zcrlv6zf0sV89Y=Y3`R!N5@GNWuGr;4v36T*5xQc)yrAczk=V3Iid4EHKI*pZ2I`Wk zQU50g5B5^Bop0rAsrI z&sU-481L(Fu#7Gt-txWp3ptX(6q)Y!!73N`wgKnC{}mEiTMx8wh> z?N4v6cQTM|+GIswC$I~T^p3*g)bVOs&=nOBdT5FS3+%Wy05>i+u31xL4Q$J%io}9< zoz0N%w+~dbC!cmV9XAdjFnej$sP^PjZcDvQ8Y@YmdUSvFQys~tP`)Giw4X(BG*7oY zkC?NLlRT{Wy!j(fuYlm*YgNWmNux3 zvvg*PpL^$c`nmlGz)wr|Cl)e9Q@l^0#LgF<0T5ROLkzi&xPw%IytipYbHa==m!+G(nh&6UfOuCvMfP`IqudoXFB~C8<=ez zXy80Rm>#Wz+OOk+?F)?Up}xSVAMJ}ck-uhNsLikjra#tk>qJmAEUXMScp zIoJVn@h~v-f!Eh4XrJ;Dqb}Ny63WZ5?v=be3->!<5gt32xd-z)u9+krN0gC~8!c1<3CrR*~u?;=f^e6+bQ1%As zm>Gl01^GVODQpIZzFgy@y1O7R{Q{_p0?kSAC243X-t^<#j~0$9UtH;+>k(k>53pW9 z)Z-v2BB8<;S|aQLm$O2s5D2&>e1VlAz*iKeNqsF`gIQ;4e=P<83?;Xn90(lOCGq)p zq5phDjv=2+R~h33C>D?K^2PC`ym*ZZ#LFt7LEpwk6#1T$ijb8-*vgO$LhPe57?-dg zsbru(u=gXmNn{J#M_LBWr_klx?%wh!Mvr+4hOV=G`?$1l?P$+Bw@%Nd7iL;;6~-N0 zVHL(9KxiL87zaMUT6(xGvT^O`#z%3gXu+8w00`k)2q9N-Ay($49W@4gQ_m;1Oc<4T zs0V^9JC@r*!lhzBY^WwA1}lKqc241Ect)iMB-i4wv!f-7ITAf^p%+x4J2FFt5nrShdFp?0EAq5fN?)n+1O}Fur)qr9sVnq7rzZf6qYM*! zBrS6cNXRT~`axH7Ob{DmF)ga6hot&}FQ-7wVEk@IoYu+N~`HL#7M z7=$)88BtQSSvY`P+k8CH-uk9ICI#Joj8}2BF}UGo{~TSw4ZKpFCcC%X)b1D29@EqQ zw(M)lShpQ;a`=hs-K*G^?oDukQY$vP#^3h@_OQwzB8Lz~#s0eQKerT)71Wgzr^>ah zj7VKt1M;&#53Lzh6c@337tQ znM~1G^OTi2j4T~MS+hoqk&eN- z0mcPR6+Y&ct(;)4WL>h59kZXc5q!#089zfbhNf#AY@(E7R5GM~^^~55>{AWd$MHn~ z5^Qu7<~iJ8KB)1QT#{Tt3+&9un(YRhjI*CN!IX3{k!T-B54`*klTW167ZU~P`iqqc z$eS^rL=YFbi;=4~9LD$OU?(zrkluszNM!XCU@J^#Rows1gF)pW4`RJof>Y6ISxm87 z4Tn)`geWYl#PpRJ`C!Vek-GXU4a$4sMPnV z4y+nu0$LQHW#}-qV)UAm$vxcv<dtA0wDg(X*a-Amdi8b~p6TQz4lL-P^W3o)h zH7-hxB1JV}@MI6Rv(B_c1wBH6m&T0)-9b~g=Nq!XNWU54Udm^(3moWzgiMr7$k&4~ zr>RwYI{`Ty3lCnZK8G<0#C4(EvXB^Xq$kZv(N`7IvecZp5CWcl!^+y^zSQJ(c!K3g z_B0^6#=kRiIMga_t*=R~m}aYlEuMgHe7x5R(V+SOkv&ngtnj%J<8H{MfV0u!1iqh^ z!p8|aWNUa@f#=HKoB~MBWX)M6@JJ(c)}`Z1X^iaERBdX-R|BecD}zl~nVB&Rd4jAe zwPJRF?D6>}SoWE%Oq5Gbb9cq;qb#D28q`NX!k3PmQyM_ z0Vv%UeW?|vuWv$C(g(l4s<@%5>220pl)#c}L<@fqkn%ksvDT<$cdd9RfNch>$T6i= zKU~7UQ`zx2<1dbr2=cr-^Zb?8rZLXVUTUt(HQj4I#*srO>UK7dthxDIQ#GQ=sz1Pl zSxAK#yMHrH)NBa6`I00jmx;3oZB_SML|~Rwl1-%or>unw)wLEADp_XgFq4nv-^{5z z>2ud=wDo8uJ+1T3VT%$A?h6tYF`@HLBv>;7OYs#DOHWldSRyKcYa8y~G0}Mfpm6F> zww~RMCND+gXnb~#dHyxp+q#6PEI&^C6Xlq zc%4nfdqv?M{_siKo2#D*Ssp+nVHWK&FIDIDF&c@&ia;8G?APmL1|mOeRaj7_bXf`7 zOQ5@gf_ZIOH()ts0RZs0l}-xd-CNh+36=83(lqLg@X#UFWbLrxm9X&8hVDgz4hDz z>w<%YZ&}p6^|Ogl%43B{{(?yR7s|$-Nr930o2y4UrxGXBr&?E6KupNcYwVg?G~Wg~ zr4&j_DRzS{>;ZP3)}`#qo9#WjkVkg?eaf?`$$xh|voex{`bTo$ z4#cx)wdYii?SFS1`Q*CItMQmPuB9GxWg)CHDVZ?3fYbRPI`FSLO&D0z|2(S zYuG%Tf20T)%h!}HU*iGj?CVaQFoH{KJwRP)fI1HVdsYfVy$6_A8i3=OYy#<81oi+% z1NvbymNUnL$@IA-7;`+>e7uy##vBjUUKWfw3I_M45-%hZF&2CtoYKHIsF(Q~#D&ke zJc;Hwq~Aj*t&tA@Er}prkltL&@nO{x)-rx#Eu%V+QadurkhbbIC)(fQ^u>7#CragV z|33?xpUxEm3=Xr*lq{^a`4fnEv}7^0St-PwXguvwStG4rOc%mLF_NprG``cixu3{D zB0nMNmXtbqCVoXVt3906cD5|SJE=AM;@zAG4U&P5{vf{fT8|2m30+&sn@a&(N7#RS z=j|=M^2tkxxabChovF^72$bsVWHHl3LzQexx3r-f_XeC-`R#sbg8)}|1u9>MF2dJB zS=3!unwDEiQTi&;B)P*B9|6M6k`gq^NkR_uhxAZ&;u=~QU&XGjiak*Ut~(Wq{)n!I z{-cI1h1F_7dQhcajoMseAAvBt#vB25VAD|I;URPHMQ?BUMmD)7)hXW7fOs`#-`y>% zt`inG;&v=S+#cnKyZYgPxKD?Olk11kH|2=C4g9ynC6u`9LEIt;!hjwek~K5X#l9IZ zPe4%cjqP+xJ7j-1NmYhCD~)XDxbSmyxL9gmC%3Xls|pu!pL|-1pfgl?6v20apm08A zh4%5kK?`WeLkaRQo;|FoH!~INe)QB+D$JV~fNFQgPiGyHxgYM@Zwf&fzC-yQTa3UH zZu;pu$o3$JAclg>M7mP3)MHq<>#|ttev-N@mMR9e>vz%ARPH9Cw}N8^9}Fb&PDov^ z-r)`P%EKQ)Af#~t;t!lPen+i)9usB=WUDj+%XanSA&r%ZYa#;grSZEV^v4oGC+{;2 z;m&;mP6^)U%p7kXxKIoOa8^V7dSo4Yt?l+2@G>HkKL-Kkdbq=)zPvhsct9KkG8Z8Z zs#2P`Hy;Sv{sR{2M>!dN@YV`f}x~{I_vW=sY27^Z7LKH?i+^(bWWIl?KJUs-D>p;ADllHT< z)@nA~{|`)fIRV=N`5+bYyQOd#o`nFc8zl4amNr#ZM7^cFdQ0!2PlSmD8bx_x>|EB# zgYm6(b1jAmjvuMc%pkvClg$|Z$?2cYPD#Wx?wBoz7$iD(SA7`tlaguEXC^XjLKSSo zJ@}eKHnRyBD4-G-j-kTLB^m(FOIfLI9ouH7(VZ(6Jta=0(EilwfTp z9#EQ7hUv5XX`vHmbyQgbcx*^&kst^3Wr7qKzT)Ep7%7J9E!6)~_CR1Q!wQc>XxAlQ zE8PJ07(|%7rY|}lSe-xG?Bo$JgJ>*$3r@ymUi=FNOJQ?U-H%wYSiy9YKi95TT?l!% z-$n{94g!jvF@g#`p6IT!Cx!1yEI|Fh$3#e;9utn7U*YuP+~lSm^}=`oGj-TdW8Z-n z?S&-&H#)-OIXIEI%i?taKCdpZz)GyE^SXUTSO>r?t*!xgmTW-eoQZnZWTK^%-+PjK zCu7YTs&&4p#deB&mO0}!|zwphK!XvFz@I{-r;v=m8?6=i5T}6N_|gP zMeDPj^}Uj9{a#1%d%iyHtUNj^?`mOZT!o`FMLr@^;^@a(v_rX}H;m zi@(XYG9^TVIbLd>(4ygiKG4&T_kP@lNASO&x$K89;}l2%+%WQzglKF5<+kr8t4aVoo5jm=j1W!HHWt zlDCeC6N^A2NF8QYDVwXwi2>!rfqx8hg5?WWLZehRpLViIH`e?fBZQ1c7X`984jeGT zJC!OFttcFaUl~o10X=s|;uib1g_VDCM{;qzZBfJH2Q#d`aU^4iC@ho9@V*Rmbm4DT zAd|QFo^XkfNhI2yaEXvfB-);EiI7Po+MYn7m&sc?lDEXE?Xoi2wT&`Kx6;lRd!LQ_P8*OK}2;#hgH5F(;5%f)h7)ByS!OCq^KX zq??@RQBEw*hdCiK`6m%M4&fV}Ok#woFpaNRnfyE6fQ6DX*2-i^^ltJ^2#elL9m$*G zO^AygB+W0qlu)brs1`EmoB01|32xBpi_u}_g;|T?L5!nJr&SOWN;;xf2>7gk6Ix;ZHpd2};SV&6jV$|vNk;Q&zYOgcf?sQQ z+PDany+F}kg9V!qUueR1aHW>_0ZsW0Cnjz@bKz_Zqgx6X=?G`KPhWw3TtjDAznEsf zH@N}76@?2N$aFlcxEqME%>HjSC%GZrvH_Et&nm=#8Q|V$T}0hq(%@Q2)K(X-e6%y4 z%4yU#Z`a*iyeSmX#(32^m!E3tGbaL9m1?eCwW{5 zbNgB`X-XC!E?Kk$>q6#W+c-(soBtcZqJJ7(DVDFXw+yfofw z8U}VtuKpZlWf+M+e-tgx$$}4(TUj%>EuH2SQix%O_rkdK8tx4hp9yngoforw7dw%s zqAdYf^=if|!Z08pvcIsnJUbAlb2y8&wWEde=WFdCBx%C?1xH$*Lp^c6-}2%#6_+%3Yf%Xk{s?1h89*>aDLq zi`n_0L5_oz0In7P0+(^t*9vebu+a8CHP#|cPrb6w!py<9_ z-R^-cZI}EL_a)3 zw*kU7pbmW4yBHhS_I!Oc>V2&mJD^@1)~sZ^XaHc5k*Os}n;J$|OW4SEWn*ulTKMkUCac0&T_!~86`RNMp=HItKgm6l?7i2Rd6ZF%AO{f zR(hhYa%FyL%X}1NWE0T_Q-3lZ8#l_?-pW0^~JP7@aYf%iNI``Sqn+9;}_c@>x3aq3}!ryf>a?#etek}`Re0XxVcFb1xe z9w(XM-!GOqhM`1_&rB&Xj>LnZzu-Qc=n8;*hq5zOa0JCpO05e&E1pvUd z1MwuTO&cHFdPp7nkM}>?<0Uh=BWzo`^Zy>%R?$ievvh|{4D@dOSQNoZyUs0R81kwP zx@r^q5X4^h?`h|bjRVKP^GDYTKC zPM;&kIl_f5lq|Og>y|e}4F-UHAco@v#epoUgcW?e$w4YHU7QZCdp#IjcXPGorh=@2 zRIbh(@g=J`^^gdmRgY~Tv$@9X?sC-);{0z?pnhCI*Eu9EB=i+Fg)01!BDKZT*x@dY z)FjpoX&Y=E<&2{^c)=JxDKN1U@kDUk$4gU`Nk(5_>oWBe}=oE4u zZ#{V8KYi;%so-rxn3OY5--1sGx)9WPs}6LNDIV51|pY;i+b@o*mu~Aa<5spxY1d7wmO)14ezs-uU^H zor0+h)0Yg$bn^<*;pbJHSX33+Jc8PJ6=3TbWDzEomMsG7yo$g&uL@0-+{Yeu9NHB! z0ybE->PU5g)1$EFSwYq#YP|NU;Z+PLpB7L*8_9>JN(`=qMjB)V6BXp8kSW?xVj4nN zFVBP>b{Zl8L>8G^MOr7IO* z3eE2r06 z$B;ISI4}G;&?982i?C4Dp3$PzM3F8*(;5fblTReloW`3V{+}nNw7EDPJR~-;$}qGI_$bBA_&*QA_CfvnVx7DFJKXZOR|qBF;887 zCaSyjop;0Yu4uflb#o6XDhhjAbu1%<|7IE8DT^mQ&IYgLv2*1)c%0I+oZa=WH&Q>z z_GL3CAt^hQ&B#7lv^m#K9n3zSUUO__eYP)=T9aLq{zK2?XX@LZT0OLVYH=#J;4$K< zZ~uEL@e>?p(N{Fss5-+|$tc(PAi)|sW!EnEz+LlMnY4E{AX(<^6Ht?MWG=%rPTjdf zN0MwHMt1S98jDo!+@E$X$6#3AM-~LGn|22#7>C2PwCrqM+XJxZ{-)N=gGk#}elB2{ z&Xu*GuNwv$6Q%#LJ`DmZGg2^InrZqzgVtsC09?R|ROf>%n3{7F)3GD(j{;PKm-I^h zLS)DU-@s+gU;1?p!GR1x(4u%`s&y?}5|1ypZmy$c3CRnV3q&)Ez4A018nMEL+2Up5vKu|{kSMM!t6NstUC+sYQ{$E<^pGL9ky-HM?rHu+G`F5MvjneUnhON z$wkQFR?j7FbN9yp)tg)jQx&fH1is>AHD@zi`@>?x5=2=RnQxzO%LWZwgS7*6;9|}*j+u{giEBzB zniEF!wBt}q2+^e$k&;aH64w}gNc5cQ*lOTM-}Grloi=iZ`i@C%vy~Cy8`;#M5~&ie z5P{ZzQ^@ULL1W_X^cKk|#(Hdk^??~ttdJLtn*!_77*|1 znFoqx>~Ui_#lf6mQ|%OWZp_5l#8?@$f z5RRIy<;H{veY6f|c%L^ffeZ;=HlmDY$p;;hqktqRXmX&GuMrO}^yWgXJ4trGN!jFrpm8wbf@Dt90$A|9BwN3J(D|t_Z@lgP_%#vUoR1Pw-oO{5 zRsT2RZd|%(d`p;tWVk=*)NH5Wnkv6Y{5kR8GJJ;z{#Y$U5=Rw$fJWs|x%5z3&T+yI&pt<{zL2FsD1xiRTI z>MF2@TzUf+p&o=p&GBh%M>^)`Y})8V+kIH0De%Yl07suxmE~_!z~AjaMU1~!9Xl+4 zmq@l1zy=WHmD3C09q9;vUqy*%OQUaA9M8viCEV`j#(Aro89ES%kuvy)hE^1+(JF|a zyeBd-&28ICO^(BrsLJ;Td=N~p^@bWJun~5h9b{$-z1HW3NKQQ&_3`95k?I&lvCIHj{$!sqEwVWlZsV83&wnx%1eA!R3hvmzJ)(Btb zqC}Jv(KpMNw`r-V=E=cr;R{z)tt5hZF-iQ#(Zg5mB=IsJ5lQsoXk!w~M~L7^hd^3z z1Kzyxi;;Bp2r<4QCLioL9A`{`j9kj(#ROrk^P3b2%09JEQ( zz>hQHX;FSC9Qd(U49@anA12EW87t&`{;O7n)^~3pfXxU^bMNa_e-U2NX-5WD zMdq_ChwFXpggE3+9R|pC$yXdIbN^J(ytPU3Qvx)CN%3P>j9^ln*we<-%eFUUMMLck zIX(Xcf}9l%wRe(jZ^(f<9+2Vo{_=F_>qsQTo+0H36e1}?llvzBTs^Vx?mRpx&}a@nDn5FN9RNFcq~6;Xh@*0 zd2(f56k%KN02W1$f^o zPZtPKz>~5(P0uUI(+$|<`u~EbF?p?q;Sa~_qB4j{>6XILoa3qtx|rH)hv_(zc(}e! zcA-s0F9supZZW$IqUpi|UC94NZ-!#HV@0pXr)*7QtTnzh?YPqAwzK6VoCxcm?jllb z73a9&Cm=q=u*W4qh~YAs<+8{!z(N%dMgW|Cpr^lh>{%Je!|xA;Ew)qCkhNYLK&%3U z9lFf%c+O_VgLACGYoHkMIX5vK8u&E<;;qf;mHdUYaBGWihMz|@UF_Uhw$}WJ6#;GU zd}%yNIxq5Oov03)`~O5i3Q)uG_y&q=Dy{cyYZsoo4W^yEiH-T(A?fkHKiK=(kuD2eWFvQB6B1?*CzB& zBtZM>lqR+>7_&Vfa{|F2lsw2XT`t2MEEJ*9-^gWl#Ea!qAjo!*%gGpL?v(b$wQ6VU zPnsuJoz=ul&0gnrHvs;$uN6Az=|#T6gzDjv8X!lub(E8g8!?3r*u zsQ&c2Drj6a_#q?2@`I6Qo;(1J=*%z`dN9O4oiaQ?X17DiprpuTAeHN6enU?SN}V`l+WLD+A*>MVn2~s>e$@2Vd^9Pw-SjxrtkKh3|7f8| zDhgIlZ~a3kg_uOZEx}*01kcFsF=0mbqzP5f#A;CAc3{+fuf+RShmSo4D6sKyLHEPQ zuFa7iJR9XGAjQMSDZ&KI_-DLaGQ0 z4Is+#^fh$(cT3b!e|E3z^ zWi|3w^qgy3SnP(XYt!&q;Lc8F+abc-1m@@o4#-H*kt}DvyuV`{U(p2bOk6^=@?{%w zjC@sQ-=ZRg8GubObhhJf!AW~q#O(pL{*QTea=EHF4G@{JkspmmP%OgIV&f65o13w8 z=I2-Zj1w*^N4E`PQr6#_c>uFG;NwgRTOr&OgDoo@$k4KG)4WV6=I$c=$41I}M4RO* zJv%3n0y=89^qXfH`R7_U)!5r4~xf z*c8JHM-Fj!T+3}pO36bA%N9{`0q|P20y)Qzl$@gia;)jK+;%{v@Y4>Xg1mX zXnGz6`E0EBT-hFMA7DB>*SiI%3oq%F{DoLeN2`iG*W1q((*r!>K5j-iq76(>F2nMi zST2$Q7HxY6A0o+0vLc5+CXsd_N6`GR2+fq913aS7aJU9F2sdPwAXF!s+nZU6M@j8m zS;tmHx1W5EF+Es-#rP`?7sFNF0`#k8i&_BUrE1FG&Xvo6D^|^owwgu%n`(%c)yQAZ z6}14`G_e58h6NxC%nijIHklmqrOk=^#=FK%D&7GDT{mY`c+pG0$NA%MFF^#vxeG9E znHa|y?RtlwpAc01h!n)AdZY-4wGf4`qf|jI67w~}hotVq4vMtm4k~%)R<6Y>L>DKo zf$(0tkCX7?b>*B@4D*L`B7%EZ5gn!5!lNWP(Vo##cUCD*{d2dS^%^1>pJ7Qm9SB+tiu#-`vHo7PQRIg{>^o=V&w|<(J6OU zQm0`jpTe#snDBmc_K=JLq)+WI%`IbG8qb`5%Jh?`pY)|v>t^`|P8NnMI~Q}irXI2c zCb+9N^Cku#mhTmBO`kUVG-IEjpB$w$d!tLtwREMrdu%`G)lOsfRu45}Kl;=K|B#nC zb)m*CF{8DKjNMMbJnrr5D!fdKPvi^8qdv; zv>jnRyRdmI#qU04n^5c6bfFHPDv;d5t+BfFW}nQjSeN^V0m{hbDLb~?^au^|fji0Q zkY7(jQM*_dNe4y!a;SV`;exTM%fgET+?cnKjW0AIFU$r@+6!e!)ASOgF{2~H->s7- zbojAX>39+mq>vvL^jzDiATzy^9vW^kuf+>n*HM)drwzOQ){M&D#N5@mL?9|AM$dzwl48V+jtqZ2pC+U9`w=7f2ir>R z*_gop2e{1HwaD03xIBdLkZ>86j9mm1$D;3_+x(Qse}Miipk*ZVPc5dOMc+UDuY`6K zP~r9JvdnWpT2fk=(IMGhS`MMCohzoXwAFDR=Ma#>4d8c3KHrDT90r=V#`Doz*UW#8 zkmqaZ$;zh?yv(rZ`{(&Zfosg+!14Uqay(~7M~1(i=c=I`m`byphMu``L;pUw{h0W< zBvd~-=BBw!kgN9XbV9A>EfMIW+!+Wd4(Ov2nRg*Bq5gNRe+JZ+lsIN|WcV9vJqPIW zt!J*Z-rGsk&8bpY%}UTAbMR8bEi*b~iXNkbp_KA;Fjsrwg3=9t8UQ65&Ww%>e`6KW zTPa^5bAxUVweWrP{dzd9aZQsBgHP}j>PfW4242Rynb9G?p6=7o^i~-$Z^qNsRkL=4 z=6o`p>az&!Rg*;n)!fm4hZW)q2G~;wy-Af;awo(g=k7dNs%bZ(Y0T)5U*EJMcjxEM zzA0k;c+`cc2!huKhqVX(zO=9NCh-kAJ2?Vj;zL8;kdr{jjNA|D#LdX9WN$WfK1hR; zyMr1%BX{ln$%)n1AV|A0{BvQ!h!sb}qUrHzV zE7QL^{cF=txA!}>Zk~-aAD;-0q;eTN99%e$0aIP>)kP32E9=qFFx00dtcnHKFYwkN zh9L4j1c7B_PKdGo6)rKJB{2O&d%F2mnbe9!!F+%B8qCTx)7-HeXF^K>N34FX&w`li zGab{VE&;k1FX@&1g}5DyI*aG}_kBgCOu!?P^a@r4w8328P5AWwXtZeOCpd=;P-B&9 zvUaRP@(3y~jpPtEOqpl5md`743%@0F;0lA*-nH@w$!=Yzk7(K)#Wo6`p#<0DeBOB}>=Vb_*)0Bt)UB0vG zAH=@15ygv@?xioP1yg)x|AZ5jpwGFK>fW4Hr{U5Y!p&%DNzfj)0!OIH-F0nM&J{VoG`O=2n@wm2WsJ{c5$9Q$b|0Uu>c-j7UNSA+L+lZF!y5Mr5MZ7KQ!&(Q;!BF9O=&!{Uy+0vD|H0blL+N=(kFrhr zD3Wjrq2kR;p|ow^Q;ck2EnW|h*KreP$>kzPPn`KLxhDxk%&bjyr#Eo$<_&FIo+)r@ zDfH=06vLF96f600DH*Gz`?fH0)}jtwa7iNf3j~~$kAu~UcR=E?MLK?~1Bkv<=VAn? zD-FP#H%j!5y)TCS0a=o(rDPm~Xr-rO_7T>r&x5Xjp`{x)^YMUl)ENlSY#a~9Ezb2j zTR~Z#lr4yCxsC>UnO_?d+w`yz1AAaQu2Vt0ucC0b=KA*=WACIe4F8?j`GN-FL!GFAh@D1LE)8Wq7cos__VH5unRtmlMOeOfWZdwHRemmRfeaU zNu=HTje9jwLg)tG`etyg8f;SiqG+*;kcHt4a|7>@tw##g)D-?e zt;`7ucp_EmggE`I7kRSxIGb0#xjoBZF3($jF1D&xEr966GI$5It!FP_3F|XQ8|Jb`y2GQIW+tcmZTt+aFRQahcB~_gAJD5&gLl)3}7cHI)nB@3crrvI`|8gAaQ4M zO@qtXRP%YXnK!`&h7M)qBTK>Ig@3@o_Gqjt4UT(Py2O1wq5D2c%pSO03nt^*PKX1-eUi?11ixgVro4^aZ9m$9PS)mPsQU#fIbWE7R>+5BIa5sc?ugdwH`ws` zwG=9Xc!|YW^)ox5n7fVvKU+4NTgJd8a~019N+hOo53-Ofr9X^(bO}Mv!=v;}r`lD= zY^fo{Z;@2{dAvD|W?f|!+N@v8bF6bWdxUTB@%B91@+NL0UNsNIl)I5^oomJbCPkk7 zIl>XSk&J~+u9BB(zDXGrt;E%2vyd)A*<1hB9q}licS3gR971sz6MHAyEX@HEor*(- zQ?p~TOjk4Xfk%H{X$flx#e=eq`~WSrfFjw4+zPcY?sNt1TzKsK#aNOEgY-Fgf+*I9 zJ9=o6+U1D5k8`%#(5 z2?$5rHBH*?jIj*5XP|Up7E$yjy8y_)%lNl9d9S=8j)4o!mzm=z736oiWf_<&g(rrq zu1&Pr5iG(2J8o%Hchr02J-LY13!;r!Brd_&mTh3Hz?NbxGdeQ--5O)@iM{TZoEAI_ zL7{=LF4(=aCWVPGa1bNF=-n1(czo|VxIbJOZ7)T%pqD=q-*!*hdRN5Y zY6$li{Ahc3a&Xtj;OJ%)R(iOfSx41;D+Wgwp|Hrqjd%Eti^0)_Dp>0T`gV74A8~NU z2@YpaTb9uQx3YXO1T`+pUxpxt1}=aX25^(JNaeQwq;g}js}2#Kh!q!=$|di${%~hA z#F6(yU;9^)s0`of71#7xuUPeEqWdDky;LKsA+`}epXwXY?-cR}f{iu^virYL$S(s? z357f#WRBF*32Z5aWJX7ZzgtyEnw~CmL|}S+OS>S!h5J>E)j)l)1l08aNVnVzGxKdL zQRXk761FXY9a{qJK9T8S((D~YQGrP=5mo|FUCHDU$jvf26CM(lB|#qtqT-F*|E3?F z3A$ZI7CYj6dmH*eU`zD_GdeQ-9brG*cT};&)saA*lZ#w-nQRFtx&`_*Ts+vJS}!Ij z%ldRn7r0Jq8e()8w31FY`t-wzj8v=3uQ9kjQT8r#+9g79U*RY%^Z|FP1Vkc(*$)-8 z3qEY0d81Dz2#X;Li&5_^TJ#OwX=PPU&gLt~Xh3fXL#mD>uDXm_=s( zp8tSbw>I6f7S88bMZU;9{;FuUyGC^}TCfy(Xu+iNl#x%17qeIopw59&aOs($RLyq1*h zDnWHUE;K^fzT)0wFBLE0!4-(!0tMCNNB$EJHU zegIq?zz{IZd~KbyfnVoC_!;vxM4G?P9sBMYPK|wFCFd)DjfiV_&PR?F&JNK4_EwnN zv;#&!!*N1GW2_cr zc&yh)3H7icDQQE{(=)?!!bp6B-_ydULZrO%hU`P@20^W`)ph32kRF6i_a;;>78lMn znN)XkEPR@tifHx`0xq#s$Yhh@O^N0rCNfmgi&aRd%#l!2<&dSQaA;6$Hr38>ohZaR z?RThLSF@sWJ)Q?pNX)|%VmF_!4^M`{g8|f4fxrFow*&(&;vgbCa^W#ZK$J%_2|{`8 z`=rogBYbjS4!Wc-<_PtH%AP=8dmQyWNQa5R3S9S0t5_@8RP$ZLYdN9H^pRFpbQL%Y z=>DK*zRWBg6800QQl0cQi&j<#%JgM_s=GA|24t+0gB~mijx*ekjYFuLf()NB?q~GN z$W&&?vWBRz=XQcKA8+VV$c8j@Z!sYVI^2Btwl@@L?+Uk|d_&iS!K9(u(Hb+-HcO0p z)qC3J!e^Bm=q5x{3lKk<=!W1a<7>=y4qit*!Nk#{-^_J6wz~Jr!i^~JY#Wre?I%JQ zKbKJh#p|?hHfTOpUJ=v0=SVVMmLRH8=<5y)QBym<<;{n5HsB1EL>U?#pakLD_H?fZ z!=~reADUPwDrvQ;z-*x{_>oF;l-a?;XQ}mN-J0lNg%EA@d*ZcTe@p1D61er*l=- z_Q6~mRBwwtt!IOSu}C_Pn^Dd=SJLw;Smel7?P<{d68-T0hc zUwT5rPs=K%V~S#j31TQeO#IUq!6I@Q>j})`Z2(M06VPDo5zI@8!C#!`yt$Zb7?eCe z_z(EOUxs2k_&KhnjYf6SX)`fa4$BvAZ%bOXhp3a;`%9XG)6r%8cs6f9)=CA!2qyz#}rt{!o z+*r!K2&;8+-YkvgoCV#rRolYuvhH15;2yyBb=@^!#sL>mx$cVD7PtOd+}=QEFwR9C zFMiz({Q+r?rk~055{^^~_D%eY``9izQimTbR1E|yvl>FTy}X8;6?PoTFnJ)=-5v%* zm8_FSY(SiZZ{dnwVeYV&h~v?XD5`uDBinX`pmKx#*X&z-uwOBS75c$Gc2f1EY?97d+u3CcyT~<{VewOy>`PrM>2z_pn;*2e!yMmVO!r z^Z4#(tldhj_))*w#?JqcRqituu#yNe0X=Xi68l!PEMYP#u$$ zf-WbVx+-0B?ij2}ZxV_&gSFwkZIQ{P`<`ujb8V>q(dprVP5OVvcG~};9WF+~`Px4m z=PMtZ*Qc?3C`ydN%MZU~iuOR0&Z5?tZ z2W5W4oELn~Ubp%(tC{nN&*|ILglD1P9_D=C=R6bSbTa2!pL1AH&qd7nFQ0Qvkn?5c ze97k=ALJa%9Qf+09o-E<&P3*@|4km89OUf89N}?Z3MPlZV{XXpc|)#b{Q^=&o6(Eu zp4Zc6OhUd-5~OXGG|@o>47F~0zp}IJ^!1(#-~TgeQsYQ-<{;+Z>^XQ9A%qs-0V1JA z2-zWVtyG}tzBo3ZT@@6sj}>Q2A70~odoN_iU2YY6he+!q1;1YWYGpKtSUfJeQ z3DVSC*~`Ab=rq$hLZ9-`rvXFTiVuI;xQ1x^%|7&BYliaT}s49)W>S+*9pZRtbBjV57z6ri#T{Ism(cV7P!eNoq z!aexNHga0nrt?&Ji|vrRQPpxVK89R;fR?xEI{+Pa4M5R=6}-3w!FTu3pA6=WBXT`v zdzszxjN4-?=bXq4-PmL8Y8yAi>IkIl{x>UDueV=lz=4MPnrX=miA;~Y%U6le9nH1o zb6?lNzU@cI3C8y_qcvQj&JbPT8E7cAXA#Klo<#!GfycW@&2IIJc3Qp`Ml-$}#^zvK z)+8~cqa$f`c6)hY7c^CCo$AKQYC#M_Wa#ZLyaU%txG|E}{50Ge4GeMGm227Hgq3nJ zBUeAw29npC0&hq4LRl>zd>sycxrgt^Ml+q!tKq=6wd!S089$X#gMF;53%ycj=2pvK zP}5aFz63w(ax!ErIT8p2)e@%eoRABn;3MmQRMt=I26_&fF$ zhuga=;j9CJdi}nG#~qwnjW=oiq;I$BXDi=VqrU+YI@k0jai$XT8*w{1GYFgf+0q(o z@^`l{&g2`q{unUb_Erd`&iz7LS$`xehx~v#Fl)Oup{M=8>d*1ihGXxc^_IGTUUuoW z+Ubu`taQc`ZrAoAZBQ|Z&t=9EF{T>k;fZ|kW;JhZ=QEOzX`OBB$-IpLPx}5!pa{&+Sy6--G*E3k0!`%Hqy9w5G8H6zQyLULK?D>?*_b>`i}bWm z3-gLOGk>jx=1kQe`ycRnne+B~fl+26N*ANn#0|^#6>$Y&*`>ccd z$D=8+fqh{p*Gh*K96@(JvfT(Y$AQZJbf-50mU3Cp2y@{c^i4L)rQZ=K4y}?JIn=`H zMB{Be{vcJ!cxpX_s!|U=i2ulg)utIg97(E>VLk+tlv;JS+XZ#zOLPX^R0H3-;IRo3 z&5hdCf+_P6mS6RdD>8*e7}?Zg7_|SXu0ET~j7YD(@q+ZK3*hkFKROC?T+UUv4ARq# z=YBjJdsj}|t$>jxYoguln0(sr^8;kC)sb=(0^G43fD7%ws3>KhWAf>aunY{kqRzLJfRVcPX?8KIk@Q zoWkIgtT0rHY}ih+lJyd*hTe*gE$f9bS)_v-lDxnCs*L2B3L?VittqdNNXj!MGCU+i z?18UGVkD+j*kp;CAVhgl)}DiDKk#=Vme!}ijQ|ubjk;*yYEr|U)2HYkk!#RcdlGJEs zl-p17vND%SjT-Bz;O^MQ2eqtbVXsBxLr?&M_ugiew@)Rp&z(4787%%*6u1HcrSUxE1%D1!I_(Z+gJ-^~x!LF)h~gC*eX7>Xxny!hx%!Tl0jv{avrm&ksi zTIhd7eyvx5D3To6aaMk+pk!~b3#4O$y)A=okB~UAYe=7-Sr{y=l%C{KG+JX&g)^7m zCqO#-&2(p9t4UAHzJB)|BJ|d7$mBO7!RnWF+=eTEV!ZsIj7V$@g<)+q481F_{J;s4 z7!5neaKNSwn!Y~@9pnZE_Gp8gKU<O`XuQ#5TWA#um6>0Z z=#ME}*l`U$6GbDPb3CpD#&^R#z#PF{^bv8_-*y;_@$@O~UvyQB3RPh?ttI+@`OHc| z|F3xWiF}ejIKoB+cH?(7=1Zu{o<05vy8y_^W*gc-oK!mW4= znt!=u459UDgYfCDc$JX=YR-_le*EmyNG+P|cAp!jjowr-$aljaAsRSV+iHf;9B%kj z>inT&7f(Q6p)KqyOj=}idmUYmkO433h<9ZR!7y)$tuL3dj~C$jY?vT*In*g1D=mQA z`4+DZi7~h2dUZ@-KSrFPrCM4_E^TrQ3>dz*R1=dHDrNV>A!bocXV^|$MaMeW3cKD+ zh)maXUD#FTybsju{ALCT(bfSW=5V|S=aB+{kSmwhaVqazIryM}kaK*}4q;bX_tv%n zi}#1?U>^XX_A$njv9JV|CydGA5$mwgmF)3oUcjCu3dP+UNB9D52ja2({*UK8<3_yy z<1Jrg*!>?LD7*gy%yd4y@Yn6aQC0DKsq^OSUx5R`-VRZ7zcZxYuSxey?^LnL(Op^C zEfM+tQE0zSjMsO(=6M|<>3Sdy7+hZd;`=2)QAC7X6OSX2Jom~yBa>d1=2>2}MVmL^ zo2SB8x_Qz2Lv(#L?n|u3!3DITYKY!oMhCT+4t4Jr>MW=ZVd1sHyzmK30~?U)a&Xe=N1=eKWI&6K2A-DL;Ps%{sKK{#oA<*0Se$>Ye-r)<{c{-p zHAVSHSmhs|-WUJol7DN=nV7|njDOW+Pf7k&_X+>rVFOZK4sP4{cc4Z=x5mHO^miI^ zr@^034oz7fXu;+aa+RpDE(s6dpK4 zF@ZL(qJeiZGL;Jml3m9KByfhnzxDjvfLj|=DSTpOCJv#${*0{u&MuCp(AL7(%f3RK z-*po-e!GPSdfgruG1-M%fS1sizTpcs^l4bq&0t?kh+(yfJg$O+F0U5j#I>HuS38og zwkKcfNWNBn3VNqbT$HxBnP-eNM2avs+&brBd29l)>$pv(XWWh1;QMgw0{7%N*3kIJ;{ESHN%w$YY!lwub@9 zcn8=4z-6PB4a#(U`4|0hULy4!m#A+luG2%VBq@Y87y{$MEAURRW z_SHGjX?s&X)mv`L*F(-?s`x!`fb4b2 zr}vh4DeDy@yvvS3`-TSkKfGfvJ2qqlS^gP-@TSy-?PntTa@ten~ zv+Pspb)&L#pT`yT?c=Kuxu(B^_%&dB!1HchPXP^$&+}##$Cr#w`)wzK3sfSO3}5jP zX*IY&-BlO~N897JC5fi#FHi?9eBvSLo8gM=X`vnMvi>Ad#i$m9*MD$6Qslokxfxt4 z>E;<^;Qk@WCTEn3IC$#(2rT+>4le7W^c5njc#D-NJ*Nsb)%*7%VNn>cNdz8UB>IE% z`Scy^4M^_foWmz~Ooev~2%QDpx3C%IbQrTr#tDrC`tyY&VJd`Ti7khw?M|~^7eWya z_~en`3#WTJhsLUlAzt=NzzdD%{Y=vxaZWSvUcRwbMqFdU)X^lI44#{P8`wE**Vr$>^tbDh3{nFY90wKk0uQw#f}P9@K3ByXc9W#&DcwLulm^P(9EPxySix>o$J;{8HR zR+x1UYGkSWD9N%b7k>huv`M@^(H=XudE}v63K_#f2(j2D#ZA)i*xt?Mf0k1VF4S`^ zU{Hc_WnkV{O2ooWG(WkSb=Z6vItfE^^q49qKX@~C_a{aS?Ed6#;Wkf{X4Y~SS3DvK-czdKS zf9C0vSq8zKr?CD!fsbY`7DBvldV3WMCkJz>dJb->dJU1cO{f&09+v1$KFUARgYb+k z9RTcyP<~sDB{zwud)|XTknL=SN~X>BiEEFMybRyDnl;pC&z$6es$aH2j)jiOU_2WY z1dIo-O2pe)2D=-jYzh+phHadjyY!9N!bS+pygKtPFwq7S?uYglIF+?owdUJXx&Njs zm+YFBeAKzd!RGc{QTM?IU&dwRkQ zRj36YC0CFKnT3GlJ`V3#!Mj1+{tX50F7}gv$k`5{W;6N=*K#%>_k+kCF#*TQ*oGe6 z4?5nSy;4!d8K)e0^INQ$0jUd}*GPk8W4WF&~!x zI7#ZOvGwILe3~ZpCpwQ;3c#{?b@(t3vr@SS9;?M)a~q6`h?{tN^kT(CDFXI_fERwk z$$SK_zW=B^!KbqH`Z#W2z2A5fW{1fsgpwF}{q!+C_9CyNCPDrJPGsSoPHZ zCBU@RJ_Ql9_XkD$l3Z_u|NQ3_SdBYk)~^gI}?g%m4lpHh-TW$c;* z)#*%E41LTsiDv7evfHEfA!U0X_92^TKtHCj$lX?nRLgoz!|gPo?$ETVL>rff3xh(v zY%M}7v3dGANUn4vLrNp!7xqM_qWlWA%NdIem>#16LxpS5n!;7eGsJK*Q@v!0pw|0W z2&Whl6UJjg5v>Ty=iGP@~~{`5Rv))G~BS!2-!NzLff>3?a>|0%jdm5m>E>CIe$ znt(j6Y>!!XL)mc6&prN))mznLizfLdNQ>(HD_Yb{Vl%za~xRsqLTeb+Ln{FwDm|LQ}82^CG-YA;kKsGosxsZkWPjd zp{e4=&<+?CI(MA1h#6ib?*Y^LG-aycyB@ZC_N`b-HTd0mZ)Z7a(IqciH zh|Clq4GL>)%-#vXgT@G<%9jG*RN(v2!sV_8-Yd06eC_U}$BAtM=z_fY=wagRyAjyl z>V-fLEV(~JZT>XbYR=bGn*lyA1)KW?_nNCu+3|z^F8BxxND?gWM76ogVbR;exxFL# zX3^G;6Ydvw^?_Y|VArm~AW(YZYMh#Oe3&e?z*FdMw@osuXGlxjkgqa_P;&R0U+IFS z+0)g}$p=oC(b?C#GI+SN`#Oi|ok_N}77le)*h%8t0kBh!U$0*A9rzxp4cVu? zdwVkr;6E7Q1Dm`uN!d~(qaqFt=H_C5SW_QH%hiT=ycdp>B6IVo!>9{ASL%4EL>=%$ zs6=^lWKW1MA9ShvFjY1p+u3J&EzWYw`nY@#x=FtXy;$Ir)o}Lvv45p6+q4#uw5|r+ zwTAoQmO^U!K}_F_+<&cY$ep#UA=k3BAvd==l{*b`bsFBA0F$hq@~mASemj+YF_rz* zjO>9Eu&7&ZG5E|0wGH@Y-z0vsuP(j_oWfdhiVMawxg0!;%fYj;9Q=p-u^imGmIU+b zeW!)K->3T}hO%I17Mg>vDL{63R^(i59m07ct)FwRfwaOkrnF*$UL>urLw{t1A1^T2 zP$u1lX>4QOa2jLF)ya6>0ULs-VQfa__S?+_en?&T$>`(DxU>+zikd2T@#A*Q z>I_E?*Km82Ye4|}A4l=L2CSMc8elc2jZz4RzK{ld%pnPDz^NY2YrtC*OK1Q_PvQdu z=3;L^vM;6pBCuWsZoryUTm^8SrEGCqt8{OFmTlS&j&5nrWiM!QYQ=qBR&n<|!Wt=D z)c}ndfZc#NHs)8s1;ko0)MxyCVl<#)Ug1z%;cE2>(Y@rQZ{Du1dDFE?Lo@W6!hAP- zAhp5)rk1~8HSdJ3_J>YJ9&)pl6U^IZiWb`@aeK%EYF1F=8_4iNi&qP_Yr zW|MOKjk{E3(_oDmruiPr>Rjy`eB=oY&U><{D*Qz-PCosjBbeNS0#lAi;U@(a`FgaV z3$R_0U7JWDOcL0YqzzMCipFL4l)C8uy-z>-cS1nc98+v5y4B}(y&CNht z%>Ws`^X0Cfz?j)TBip#a-JD>rR)x#53@u=|YpMOaME+`RG%DzTL7sRr|DGmx4$YH0 zT(spaOStn51{ZEYbg}(SrY`A<{tB7axAj3Isda|Ao%6av&qwlk7+n0d}JxEw)vfq}w z1C|2UQb^5hsLy)5qY?|x4r<5z76G~<&p8jdqR+cD)xF3viNU#NV3VlII$z@XrNdTnzwz-#X_Y~5Tf7S3*2F52<|0x7P2 z{Odf85_?DgjL{c_6is}dVmfA0?=LibD(A#bTGAF3n#3z!gfP{cS!$XG5YurnUk143 zGg|veUPc36m5IG9*%Z{WKWag!L_r>87D6RShj*;t<@OTZGo#VnetGMU#CU*<%@`=$!K!px zKX)X&=_?uCMJjl+1@T-U%>y4MzHN8|rMhVv(cQI-?mh}nOhC9OPd4%c#p#yk0sedR zVsGX^(1UU!P$Uqz29WuH?S7c{u}(pf19%&k$h2!78CMZyT$O(X<6f^N)|CqKAhW=@ zaaJ%g$4l*#Z0)%WpQZ^lKE_1;GrY?z#+Vo~F^@nV#Pg#kSqQ}w2_-QmKG+yj7^#gh z`Hs*S6Pq8zn2^cvE)#8xiH{m%vH=?~NQO~%JeWOTZsTb)%9Mt8Ir5H3;OkP|3yTH5 z8YUX|=`91!pkpQ0;ySRO?Z$sM0j8L$XiX=rp#biWNQ!s{H{yvFBh_l zw|L`L;wx{V#_60`6hjH^)MWa5Gw0%Nh5B=ZBM=yQWU%7=V7&W|>|gm3^H6l8OZLcy7nLh+rmPJ!d${e?G% zwiMFB~R; zyy=carY5CUxcQ)|-}hZNrA+qWMx$)p&*V;Ey;j z66|r4=3ugCW}giF(0@|eA55!**_!zjAe6AFpb>PUvoQ_jWZ3+jn=l;<&-y!9cnn4a z+h}x$n^Ow+ng)ux1Ke|yP4g@4ZxkYYPx)ERBbqhH`pv&zM>W5KR0h?!nWa?o>WihS zaZ^rne)(!n3RiOrt2sYXjhkOeHP@D`#!Wm;RZ%r=GGzXCQb_LVSPer)L2KMBQ>v*g zS&f^1n(r&FQsRA0xSI8YsOI}JMmSY*b4{sc`L9Yb&9~;L^407auI3C@!_TS&t#O?w z)qJsJHEt?up8HZ+5$Mt^6@h=^Cd)YOi?v%x@!LN#gGUb#A;;ZL{)wSfg#`s(pUJ!KcHiFGS)^2XMZ^t z8;aZ)=Jdeq52r^4WE=8=Zyvq}%&Dc>E(Rx51owbBfj7V2C5n&nme4(5PGZe3VsH$b zgzf=zB4;{ca2&Wp_kcN>F=xc!7{mzO1Liv292J9ONFsC(nCmsOOAL;Gjr|SI|4&DAJY(K*Hk1==U0B#1* zBuuI#Ee!3>%W^M`!uyR-d^LHNE47X^@c57~SJ2YdEV`v4MA^Hkr+@!IO6eL|h!8aJ`trl8PNg-Lms z8cjII)6bYI(4OZLYBizRCrm(sGNIyG7qzWIk?(kjNm^u{PdHE$uJ8%t1jo3EGXv6$ zG;-X;`4$M&4%(#lAZf@ZEeeu)EUv{tQoT)D5+tQ;($XMlnN3<2By~xW2;M9_PI-I9 zEO6U=Xc3l2u+d8-{nIcas!Q&E0oq6LPaVi;f>3gxNJ6}x0N3anJ#nlgqU8lx2^==8 z-=iLX@nn;IO&ej>tk#C(V`7gZ_1!=~Tc72ORHD4JbT9PSBIkWcJL3A2$OP=ygbMGm z+1~zTF-jID5K(Q0%NJ?CYx@pDOXWoAj?xIVrz~0Tz@&lp!MJ&H=k+Xob>-=ktP#_9 zw$xWSQDmbueJVDVzEieBUwX6lhi|{dFMR8ABrj@OsJvba70boE`j)%v<-{#q@%U7zo2=9jzi&%Jk{XTtAQvG)`X z*@W`JFWx8U2pE7X0P&;oMubAISx`%E`TrsTph~gP%a2E04a4G}r}#M*c>FprSp1i4 z4S#bKf7i@d`>UhvjkRy6QrgD>!q=~(g_C~*4A(w>lOn{wu2i(Xu9>m-S+Vz-(eg3+ zW+{CfMm&8wra1ZE8hx{e#XkfyivH!O@;O!M=ZNX)*WuHmK4NS1?-A{f82@D$ubg-efINP_cm;Wp z^89yxkc`RNj+a7L-8@9gL!{SdV{&`{ieDUr1%+~PN4vXJFl|esUAy2>hMV9_o2ryiK zPm1F2s*Al(jlI`L-ywgpvTyEehf^a126snD^vrB{=8ZqNByT0}3&Wb*bz-rsXG?b2$;4EX8HLVlXwQX>)4zA1cfflpn^r=QM8S zSy*`vWUw|&ylbzeSDdCS7rKk@VW~%51^g#IBWFGl54FxX3fS9UUj{=lNu*!Kz~i7^ zaA+7;FGGU$e@DizpG*CE3VUSyYW#7CUl*cyuO18qebbVg6P=&a7J+?@rel1SFbj`3 zY3v>o4^>t%yrA0c77_MCIbjD7$!e7;{ExJKIL3Q_Yn%Dan=wbu@1vn)DZ?~$ zr#rWWMpYC#$r6wUL+z{UlF6eWHuOmVQa* z?Ay@+q>hdd{WxrI4>xmfNkw5os6?3Z`BTA~hm>p*0zW+XUO=6vncx3X>OKr07kf3l zI-EDZ72m85s0uwSsoQhI)W60&0thSO)Z@7F*f{koLnZP-dwKfV-kFN4TkTRGnLxSY zd2x3m>kXh&RKr)MhoW&gNtm!OTfWm1Bh!&Pk*<%cB8yMV8rn}`W^jaQPq4br+Ha=KRUV*Nn za7SqpuF>SUzMan^_+O&OVX4McBb;RQ4!2C~%-8p)e|LZlThqUiyk75UE8_Ki%qiye zVoi=Wv=zzQ-q5`22!lfMeIfMDCb8a#h9ZUCv{loSi#0t6_uBEYz8#jLWe`^_+2%wB zbp|y(;Z}p%rXZ0zig#QR@ft7ikV3Rz7#U?9UUXPT(!s(i5a9-TWW?`Fl<`t*pfWT< z!H-#4iG45E3laQY4j!CQj?xhkFGu_r1LCc0k^Tb|nm-#NiAl}!AoBk*kHJCFhAr+&s}2AzX1e__ARCU=dp8)%|4 zC>@1b2Dzc*hdhWAaUrAMwAXeB%H*ON|{q>?NaKhgEs=H*xL^Z>1a~!}ZksQp-yKg9O3q7TI zFxllVaV1U>l){5rnY#G)2eTLK=ix@E%w8zuW-qJmWc%5pdGj1^Vx{ThY77zwzyQu- z^1^^Imy!WUEWw<@yb&>{w0{60g+Bt0hwP&>!e1vPDg%}|#%y$C&OoNqY;}18haA}K zjWsV*5uJy?$pZHfV+3AfzQpYpLGOvV15TO$v~FGo{~|GYB!6yNB7ZuU$)8Nm|KaX^;Oi=i_VKid60mxsZ^a;r0gI$iAZXQM>&vb5>Mb-9 z(Q4(N)dB(qtx7c&qAfQUn%<^VuvoQfUq$JwC{;j$LP)VR0g41giGp&~s^>_Rs8xgL z+u!rd%~n8w>}QWqk?1!ar{xQw+@?l!aNR%|72IM$W} zl-sY7@s^0KR*(R|v6A zS`i!Lwaf9Gao@iI{&g{xw$sq%tSISZW$w{oZ45^vEA*%v~_V?Zu9(A~r&UjQ`f9ljh$32it7YGQW6 z;RAS4vb%+lKr8z)b%*o$wfvKjJ0-2^#PO%it`f5VhD+ z0|J4c%_D>a**^t1ig1HLc&-)N2PO#6pBaQfUby8rTPW|hrTje3&(H&M6;kji*I?M-0t{*Z#ig!LehHdQ!?5yn zXp$O(@-Z5=z)FGXRH)6gxW0wI7P#uxvHUYW$v+Am<;%# zL};7G4quLd)oj_+N)=KpJxl~UP8FK_SW9(k_BqCmqw_5F9^{- z6@(gykj)iH(=TI-hD`i94cY*j8e~ExIKEQ*gU|<@E6GGZojWh0K-`MIvi?Z9ZNA3F zm=82~uiS3f17!7@E06|gW$_Kk*jj2S36It)T&?+N=9>dvLb^{zA%O?VK8hPGEAwCG zfS5JMCTtBX0ahCLcL(&kcKjSXu?&nn@pQ{)|I#ydmAxP;F8GQ!? zm2ZDIclRUXY!A$kO6g-p!Z+A5xRLYcb@~3L@6#WLt73TzlUtQdm3n^n;1RLAdoS|4 z2anX)Js95}A%9ifr=nnG4N3ac?$R^Q8=XoxfrHstyGJR9> zLvK5gD=7nbFmff)c|VdJwQ3ERS0KNFTNTtwLYqQp-|)o38?iJ`z#&Kv=AwFdy+3HL z{tJ4|Yls=I7?k-aJ5X`|W_q&yZgV`4MJeZ|+a>;G-ylB$l3^!70 z=UYqRwI@FbZ;W+frrf!w%1;z5zIW}mM(yLL+@k}c+;=%fT7lUa@Kmp*KW&eXFM6!$ zl$5%qI!wFrgs-^@c7zz{)s)ue33|cbB=L$kS}}UZi&3?oh7&{0^F8-Ozxp`Ts9y1K zkhV33+l_#yjC;6qK^QT#Dk8F6JhAQ{SMY@PG<}jS+E9`w=Th-F#eNW^9(}^qevT)& zl;86N$&M#X7M=vEN2I!{C?9F5-z6x=#2v?ZF@uXFgDGV;gN1gh{Fbt<=si-vM@i75 zHH(D+o{`wKOEVGx$Vl`q!N@4V$R5mubhkB&V01+ZMk?D;R~RW63aCM}sYE~*9b@VD zan3Uigj(zAly?8D!oWGvrim5N9RrsXHB!JK2F%B6iTfK`ZD8T>ET7PH-$ki3|!B_1ol zj@`RInkmo?K+=l@l0F>1D9J5z-9B^F$_{PrUghu;R zb08mf2%6=Za3C;Q?sAlq*-1XVgC~5%YqF*__-nZ#VVq8}HX%s6aMZ+$C|Cv#)U_cK zQzg>s#3=%RXz+!2WzE4X!{_BOUn0Gr&+^S-YE6nu@EWvlEMTnEt8-4YbP(3JJC4yZQ1;Dr7cG}y33#f?Cur4vIl+@;loplBN|@iApu1OTmmpVk(p13Uwb6+JrozXd z!ksq7TxA1Qs?bH7uF|4?$Cyu45efzSx5e$x*yNHPR4J|dCJcEITV>v81@lHLnTPSK z%%h-t=7BuIJXB9H57pDmLv>{ys~hulo=su(ZJShu>N97zWG+u-Z;)(ku5rATpvk5_ zKyZ9j`KO6sZx~Pa*_(|gUG<3W8_m}@%7o})wJIzKvePZA(zP#fuOcF7-ib&VRq!8T zGIMro=CU{Xa-9?s6l~Lt3jFafuo9?h`Jm0C^f@@ zt%vhZS^($+Jm?Boz@SnB0mCE^8qiB1XFW=tfLzg;mOxff2}Bhyfiy_1O69bla0dr_ zPUO?CVH4}~q#kFmi0E;r-SJ*$-G}K3=YI5B(wIIDVHW5AB!K;x3!ZrQ^tkqT+rEz% zMkgz=McF+a<3%O2(nfkzhm0^NUr!^=B(Y#Nv2a^bkD3hzU@!3cP^DEO(=LC$l1z(Y z;Y8xboII_|EdsePaCV?NC#*HDgicr=b+2BYO^XhPeO!w9G6+A8P1i5Q$Cd$b1lnrE zOd(lm_y5qXf_8CJ)LGnr67cOKf)i$2^l2ntFINOXt2D-^NWR-JW<$rLoxQfPHrd9< zQf)M%2@x{W{QsJvq+B2yjbZ38CaN0Wo2=0HZoptj?v7t2J;8us6cx2Z{gT$GK~AUF zva&d6%-n%zQ6oiy6FC__YW6OSTxTalHEi%7N%L;Kk<#MkeF9c8l%k5MC#sx!A~*Fw z$Aqbe)my+HR8LJksGgpBP+g}UR`*j6PdZU)P%_Jp*=ih?wW?SA@Otm|QFRf$_;l!P z)i-7Qju}IsS1R{oY8kVs&fC%yY@r4dNN)b-e$HO&tAKJ^c{=rwo3ZLuqmUj+i`U!t ziM3JM7D?*svy$ovG_R0{e}yR`jHkw!+lq~A47`(CXp3H+MDrGr7H2-d>M+aWUoyRV ze#6LsRm8=%3~H}w#d2`_2ciJdBRa{Ru>RU7{v7-7!yoBK0evt6yej!E?Im!>r3$Z9=t

N3V5Dz)#B3G6j!ZbjD)F48iWtFMUedv9Q09r*zC_z+-)tsim;DmBT!rOU1ug(y=UgAsW$mhY z0{`IJ)}_cV+^e4;!%`$S?5Ja2AWW{+YxP?@_HnH~j6R07`Z>~YauK4d9X2`PyQ%d~ z4R$pAI36an!g|V}pFFA?n@j$Z2aEvwX zq6(m{)w+)tu#5(yDcYt#a6{bqMpDf?Adv?LByv$u%qulhP`OSWc)IedL5aWqGEkx@ zjX6p*a?{oJrr;nU0{`a@4ovGDxVkdRR>!x8c<6(O>mIb0m}WeRtR(xl(OQDna&!`L z&AWX}qoiJ-skUG;3nzYyOO^OXZl_0Ix?f_TLu53{3WQcyHl-t~_-cecoK7>9}^ z4&w*&Agyd!M{qFdz1A>?+`mZ1h;NP6x1S%qze?qe;kx55t6pi7%+tG4Oihg<44*{2mY$xf6PgQP7{<66+!%ng0g9X ziVf!ibP}b*0%vcuU}JvKACCK8e(E3c6X1Mq)I^9EyevGccG*caL@J0_>%Y#EW?CT6ztIRx z1!2|jf9-kjZS{in@1^0V5wGgOr{<+P3mHZVnRda02nFrUxf1h%Yxa%J?m3>}a^`#*0{E7}4r>=KW=_6NZz56#6B|-F859 zI9$u)4WNU55(dz%i2+nz)ub?h0FLUE-iR@Af4(pXpZrH!+=+R25N07d;Y$YtOOpN- zMiKC?HDS5?H-I`Q(gW4FH;ZVKkdLJM_Zlx)u*Q*NY#X>IMX~Gu zrEP_M>zQn;ThdW75jzbXHR4E=K0rZsiNFmX@W2FFW|s5=B^q^w55!6MokijKa6c+x&KvkDEMXwd zkIoVKK@QDDWSZ3|K>#e($!)>F{*pCxb z|D{nKC_;(QPbNz&4LZ2|7%zMaET%rXM=L~$hy#mPa9@TAZh*@V@%1}heeW^8z(eQu=wcMCYJ@TTa_=@3g5cM4O_(1m;#(IS9O7G_c>#>$y~MY& zd}TD3hwtZK7u;TJ8aCT6if*ZU!Uc!N-wpg}eVXhw8NS`RjST^zm#dqBo1|=^v#~C7 zdC;E}pf+ZdIvS&Q{7#mFP&rZbi``>5KDQ$|Yy0sOY!mKf?~~)^#;2bwVqa2HsW@8f zmkPwx3tf>exizTOwb-TZY>XktQ{6`A??U!R* z)aeBE8K(m-*TC8`a*&0>sjd8=ag9DsK6sZ<4`yZ+$bFKN?`R7^?rGJ)m~ZNR__$6o zj6ACsSE`ery~&LqFNK}K-V66DInf|d;}e~kSKyZxi!X9yfb#{fsiO3O-mxA9!f}XX zAdnu1==|MV3AZkKl2e+SvVWq+*$6H@CV=RWSBqm|1aZm>SsJ_@8O(Ns#|Bie)V7d1 z-94h-4EH?92b7h092Y^@q@exz56O~MN>g4YbCzh)_Nbez5w5Zc140U0PiB8%1D|E6 z%BId5T?91fX%M!!NMiOU;sC}3y6@@aW|ge`7CN(_A*aR)+B_A1XKpIS-eXp^MlKo z$A83bFq;pL^V}mUoadegv%I;0mNMWhU(RIwle){ftmZ$-41*GOU?RTe&A9Nd(=RCP zYgJ|pS!gXpxz3jCjL?RJ0pytxK2cf*=;*k+XZH-vzLhRhe9`V(AODrIlGCO!yV)!EcsD__@-29-k}i zz~@R|aRR6Ct(~XW)W16aC*r{`Rm%+)gPdx(k}Zk>LEd-22e0;Z1KyI4K;@aU+cLeU zx>EQU3Vdn1@{8|o7GF9CUH74q>!d?sn^9^$N_`Kd9zZl+lZA)_rW_O76@M0tG7BkL zaoG&9Ylt1ud0rLdWm#X~JQP?a_>ST)oCM$v@tv3H?T~sjcC+UJ-_iV*pEU@+oZ(v} zGui4~6hcVOmY<^#&~*XrfGF6G#v4Vfl2w+S=kVxT4tM~oMozNKt;}IDmzao)Px>#$ z;J+A^@A>eWe{spoha^S&qq-V)F1~-o&H<(+rj4HVM+S3D1lw*C9i(fQq~H5pcma>G zjYpd%<(zthWr^uSsb#qm&h7s#p5|&HxD7R-Y>m-eo{`o|U?MOq1|O+C0aaON46$cA zi4~_9FtDJdFasf_h7oa$hfxk_8@>@h>s}yz=<{$c_>EFo*MYp|Bl_v*tP5nQ=&`vS zj;S&rsRw~mja*>QP*Xre=h{bcIo|PgD~r4_G*f&N5;so}j8_)lC`m6z63TQ9OjucL zmy~3XDtm%k^dx7M{MCA^q_%=xCBQe~8}!crtoX(QJWV_#RkV_Q0k}-u2eZ>qTIsJd zI)k-m&Th{19%e;IO8rkojyN(Kh4Qr}etZ(#)hif&+9;49dQ?_J?$dhsLgk9irngOh z9;DzSAihf%vqP3q`gtT})mCBEoAB4{lG#$Fk7)9{mokAFiifh4azIgB)ZQ1++k~u5 zh0aNJnbjs^o8X=pHUd3l-A30M@xKj#H=%ozz~6cf+Me7-1D$nQrG}OGCKJB8goKSV zXX7G=S1XWBYQ#^KH-2;nUuOgjN=urf5^kat$BXq2Me5@7@yCIgkXikP#OuC6ePsny zp&2Lf82?Eo(I9>Cy*T?ON&4sN24xV~@m68S4^bNIVD-V=2CcgxMPeRStswD+K;pH? zTAL#A+60Nu33VNb*QQClGC^X=5)!X3<<iPe_`EXc`WV9+GZbX(&NH_7qrFLnY{sU3yZ@#(mMnFp*a&g0Nr%}KeG zLryPqCh<;YIRj|MX)A+Ijz9aUyntzx`UwDj|Dx-sS;MMN< zdJIn!{0A^$1H~Z?;=nCtyTKv-g5r<{&(Mcg=-SFFHmC1)trof-!9d#&SvJsw_b3L{ zuvoAlWjHF%)Hf+KCQKC-9`#Q^bOFW#+2x{FF~x=VwA@O1%!OIQ)7YR5kHM zUqQ&AtbV$Q4u-8lq5L!<#556{?m;<3n;_hzOmBkQB7{{5Iuq>%`x80{y{&vz+3Zp= zp}j!!ZWhU+AL=|#AInI!lY|sm$_joNh13r8-)FyXT7Y++jj(y)sfx{SK4Fxb@M)11 z8!NIpR*+$=OkP>Ib3)JLm1xV9jmab@JkhYdFCgyedQF23E0OAw8&h&$m^FlM0*Bh! z7#4*Y4VmHxU4cU1ay+6+g&_#acta5GqPJWN>2bkDD_KR6k~JQzz_-n=XjkU`@ z|Ic9U_m8k?C<_~b2taY}77YrvD%Vaj#3U^5wGPXFm_uwPF5`ksTSCMS^0G{l6U(Kd zEzKduYRHEeTl>}l7(wHo8!Ice4geO{)b2jSGTxKx6?1cqR;)vQ;bx!eCCZRx)mWl@ zm05boUA2OrbVi~LxbKlmk{+qvRgUhRf@}JUvqX7g9Ns3cGw@pKWnz6Vp9@1(7{>FOY!Ak!Y>sCKU`0_UN0HNhXK|R@#yoRS{hAv2O@D2MWL%W z+A89R@gdSi{&HM*V2!>;?Gb z0Fnif8ZdEY5UL4~#lGEM=-LhwYd=)Lx7`&$Hgn})1mO0<00b4ORHfO4a95y-Swj$v za`cI-pbW>Lq6S&CorQ2Xwu3)5IlloJQnk?8fpT;cNp5OZURq|GSWkA8=0AvwPNLbF z8#)%$&xf7;y?kjhTpsOo=_v+yK|Av+>4T|G)~lzv2Bp`vN>)(vGE{Jsq<94#&bgY` z2M@T%V>b+S+ZS=Qsrw|<-yHleJ@~|~?61=g z1CJ1>26ExEyY27lej_@5QgXVv}4shfJ`bVXuIxX^pU31OZ9OC zkInixj7M=@qcQ5aRCwW+VcwxXWolVkgk=hYB#rndiUU^v-ODCQ1~A9$s{`cRWKs_n zq+L5vaH>MUjJX7U5M9f0n%y1G)aEegmh|MVkKw%#iIOpRz1e{$YGR)br|UthzUtv* zBXdZv7Ic8{%6}pSgSpLoF12qa1T5@MTCg%#(9mEUG~mbVH{g>6g;lwNcc*+66+ncV zP1m&n3SBp0)Sb^3#8c2Wb2diZ+fx8;;#INL=)(vQTUQ(6pahDOF(?_?KhX2t z!nO%L_;mE5yYoGgS}rxx6ls)hm2#U!t~bYri2&B<Hz@Zo;Zg$p;ZU}P zWe0Pc02orX35;G#DQjMtTT#V;6{~V9JOjRU#Jcn;Oi?I!M`|p$#+{Wd8+9a3g(1>Zx%T z0Fe{fbe6G$YDgpJ&FWB>p1|-vo!m+gY9&enEA`;O$wZHvO)u-!ts=M(Z z>6T5RTQ`pDZwiTF~rhZ1{+cZndtChEW1cFW-|eXJR)6-D}m(lYZGf9Y+~IP&jBer&;y zV>0GSP5J)(CSTyo1i&4y{#));m4{mETp~Kl5#9fp(Bd-W**(Iz7ZqKCivrstCs^wx zd^oLtQz(8?0+i`-RGK~%@p4YRSd|yz^7chRLt1Ri_umje?B_rvQT)RTs?li7^d8}e zK=ndpfoqPXxyzvULvwehnrqGXe=9V%z6RvhOz-Ox9aP|L1nyit)UUX*W=?6&XhXh# zD1e&_aG~KZv*Ch%o@I`|FA_5(IKcf!;lu}nJN#Lwy(j)Yb|Cn>UR8uTUd;1Fj(#M- z`3}l?`YvgR3MGmu3X$GR8l(UCn2C00V`HYM8sBm|CP^WLHue_+!1oJ4I(r(Pktx17 zMRrO|Ld4z>iegoAXrgGTV_Lp{RRH>8_U0ZbAdqqO%sW!W=Rx>G@!vhaS_ZK1TpFwEivfp)0nCFarX@h}P~zR8#5bgbW3hCT zAw&J|2}Q0%ks2fYNNHVb$_a=?Py>qx5M;0|I%92;!rKzUUe$lf`e-zhqRYb<>LEx) z4oz0EE+e|61#MDZ%h9)_0>f6yaId!7FN_Xey^J*a?GF?iudA#&c4fU#3t8DlyMNlb zFK}yO6FzAukn{bI*r1KRskUobJ?{s)rmtj47jg3;No9i`i55j5+pKFXduwr*zytX% z1a~vJ0`RMnfGwuA95rD*2+~B-?f(!g@e-nDTHJjy7B77V-N+%x3ceUlTIpb{_i0}u zL{zbKwEekG+`74YC@h)L>sIuf(10#5&>szwiUzaXLT5+tcwu;?6=|vGf%6o=J>ok9 z#jEjc5g_m(_BZ@dheh$4bzs>u%lt!R5 zy(2_Ao~u#^#g+&4E>J+&EXxxpJ&|&!FZWs&Ez2WsgA>CW#JeRWZkN80ljOe%ls3 z(#w5_U9i2LBUov1H=^WC$MmIc$A@V$A~B!h7ATT7(Ms8#QAs|~cquQfFFM#VEI$rk zhxX04-GOC4d0bPW?r?ei0}-}>hKik-_@wFjG-J@7l)EgOTm2a)Qm*`xT# zAu4O;5q;!F7I9>(t$t1i!%6xy53W!I*^SI8oe9rvu3Qmh_o_eXV66zUqjp8WT>i*cq&EHOv(KUnagLX#Cb6FqwlV`jh0tQEKUaF{+~Ew3 z)5{7N;6{HfSyLHr2Rp*ny<{|P2uSO!q3FXcoZ(ym-F>3wl8~2mh!5Ar&eZ}vD+N01 zL4OXrxqAd1qVC{iuN9WJkZn6`5^-++1{PaiWQATDa0mjZXJoxhG5BWoe%IF|#~CUw z334<;b=J6Fa$Vi8->n(9CUPN7l0OYU?IZ7ZkG&$ z)t_?QbU?834=pS9=V_TpT|Krq12VWQ_W(s4GXz!mU~ZHMi1y+h0@f}^SY0r>1>6{Q zekKY}@h?`pB2%1CtAAWO6PjUWZdayg9vFRzTZjmi~!*uKcz4R<41t)i0q^n)z;6AD9tP?0dMdtt+u5& zVwM|05w*#|c5xYu#vcnwZZx0hl4^9s_O8b1h~5Y;G@pdtREqbF01TY9vZ!0L&XV=W zE1hd~Kz*E2X**uZo=KdtYfy@{SfYYbN`+f%XDa!0-BzP!6X^HR+BHQ2xBKoa!bVkr zjyh%LDO$Y~_t87fL&JMAq1$a%j=nGq$~hDI+WpyZ7foma zh_*dLSBrUP=QjeaVD8BqtSXp#kQ6)PSjx}htDSQ|Zq{;JwC)+2+sZfOF0|Y>%{@X8Q~8nP&4r(nD~t_@h8&6hXknP9V3NkT6^l|a3M}&;!S>2 zVTLrYgOG7PjmFi?+3-`%7a%h5nlR4jNIAe+H}vc&*wioU6g|)dqW9csEsfX~CR@eSCi?VJR1Do0+@=U_&cefXC~r6_&3XXQ9sb)t z80kr297+*;UrE0L#vmqH>CQ+@OcL^)<`^3I-(#7^D=Bk-fzf8ufRppbvFYOEywuJw zd6njmxG)laGgk$200KDxfz0g%`$W&iM`H=l0N)05Ji?KWRx>wj(T{>nL|np(Iw;Y> zTpt=saLo_+wJNkSdSw&u+Cta0&~%`4U3^ZE=q5@PB^r{s7Q(R>{(9`fm)fr_Egivz zcjkugVu=mK5Tq7utQ9-9Mn!kJ3?pPPMDMj>m_+(>#N>Uh(=7$9(>;(!!8yqDZx9i(CazSnZKI?VYm-|@Q ztt_=~Kpvx^)(f_@hiBl)`d|(PH#-#JFq z3f;R~h`uqU)Ug1MeGm+iABD~HBBZkcg zShgCDAY3M+SPfr@rFGCe6{}$s<(V@94JQHt@)_p1dqj(zt829gJ)dZi%Q7lDtiQ3e z+hdC@zQq>TjQ?m+`+y)Ljx-#NVV}ik$G8%CUWkFs$DaHG$hAIY6Z)Y_5}cqWKRh&; zWrx^TeuJpPJr8C%^}6J&dmhZ5;T}!vEaW#djDy~P6_vSAbT~;zNeVSL^3GRl8O}lLXrrgEwo49KP|m{ zEsNrx&$cC~X6yH{d>;2xT}kv^N2fM1$SmYxG49)J6pBg&03IDCEgoE}R{)kleV~ryXG{v6 zt2mYm6?p1jp#s&UQ}Bb?EKxLp>Lu~*l-y%jbhvLYSbDy&tOe)iB&YjgRCAaycCjRd zcuFJl%}I@$ClsDQ(ccIVUB#w>@Pp6pBSeY{rVn?-j+v{9{Hq{V2_S8Gm9+0e8a}^2 zCO!%6RfXbUr4edqWGH3v<^;}4%`b!$IZUseaHsF+BM5zLkr~eSGn~OIwu$j0Kf3(Y z9$R{y5Brt)UR{r=chC~B?&UU5UA!4eN_e54Dg7_^YDoBlg3`+x2cyuPlT`NM?t?ic^$+ls?cH z!;B{ZeGwlyRBT3pQm>X?#}_>i#xK-oR?`hrGElwDbZ5ety-Ge~ucx!5LxtO=TNaU7 zQqZ8CuPF{Z?J_$bZ>A~c?XH(q z3{RYJYg8mmFtPzlhNR(*`Euw@Mh}RSfSM{D4hcC%=utKq@8L8XlqVqE&i10qv4P?^ z=?<+)WjVLj+bT`FqibC0X#~Disn2)FB=4GA2yCSrq99ElF?gmVoV8kTcT9Z%_2Sg*E>t-Wf_q}1 z7zC1YXth8t)Jj60QZ}0uG>Xn{Si>>5nj8kjISQ2IRfYbFWCDlRVWC+&^r-U`lC4Wr zrK;`cYT17hG`1jcy)t+lO@aDKlgXg?Y;8~zfbD8piG|y#;6a~bHP@)I*O79@q6GAR zwyM~ss2eU7b3;N^j0PEkLQ8Q_R0Z>cs^EDHC(0G26RIMRM?GgkKo@`8Ycv$h#*-_a z0IJze#reau0-iMF>V(1PkMrsLEY3x73&{~CE3aB7UMbAf39dIK>@*VPc#p~*$~pAH ziMr1qJka2Yp=zN#PLs9hW*6;H0b)gc{DUf%{Mk;nzxXFx2D(0}S9Nn}T1RDf4^jq; zJHaPBU@GU6X-&C_1P~pv;4rQk>6H?x`$&$EGH!kCtT~ijr)8^dC6QL>aFU1ka?*#* zhvk<6(d$W+2-Sh-YZADLEL0o?bwFe@Re;DgALkob?hul?_~ZbhKyP$n5U%Ls3TOE> z>!DVx3h-2ChQ&PC9gPAyaVC#ztYk21a{pS_a~j5(g!&&Mvs|SB4HwRiGa)m0rtZ%` zBzlsl_F(PG^=ooByNnDhl*?E`!Q&iuvr!VZjJY(KxTnb)$$`n^L|)7T4WW(z&y z^oN@vqjpbz23G#bHLSb8rHPhV^f&`t!pF8{cgJmce1&u(av{QGG44INr)MIlbDo(7Erc9sJM2eOOx;wqbcNBG$%0G5j!=fFT}XLB@LDgjg{lYZ9ImMYr-VY;8&lOxDHEG*!ksbZA{h9nhhoipGsS20ScNw+IWs4y;w6jhuE> zYQ+vD?g#6j|G}<~aW~$e6F3)}64Uc2rr(hH9K6piDU>J3IXWzEFxGBkhb!X?A*dfU zp*KO@saCL$YyuoClUohN?zZfN3XXc_z@3*y7+2Cyr@IXEudxwuzD;KmRwvEt4H`z<* zVq>=ta}%ieHcQiQ(V>1@Y5r}|%1>ebhxl}>9m6V<&>d8nMwv+qZ zVNwC&GQ79O$5Tq$vI#6uTwul%$>U`;b(FD-Z7jSN^-2E7ve-FgL_zYjEd` zedf*-Et%xbbCG0sdN}Spfo4GEec;X(Eot0QjnBY>8RQ~3!8p^pXqw~2;e!7F{t6cn z0?B-q4UgEv$qmJ@z@&&sLbnb~ryQVp>0sp9meTYg)-HA6kqtIR8@Y1K@zNtmr0E63 zF1UsiIuWSF+b07f9dAF*Nm~ztnS=}h+C&E+1VTR_1#zAZctFLThs_4BVmtO#|LiZF zM(ogH>R?e^$@#5HUwsMGLwit192G@s4ta9=_VDAw8m%s_^;e~b36DI zGa8DTN7`x1d4N&5p&wk&1Wm1>plJ;45%j+4SoWH+rL~lBUZz_X=%`&l=VKOFhyrh_ zf&GF^Z>tc->2j+7xeMhgINK?7)ESa#IazMm!rHSy#d+N-esbJZk}=pEBqMDOC1dk- z)npW!?77Rj!+WT7O^P?yrckqzu&Vf;=fxGBatVn$p0L*j9MQr=8RXq!TNB}kG(}46 zes1hp`6W0Rjd7JMKdOHGbgVWFL5@ifkK5EBV*2Boem-`N`#tUj=oo`FR!0qBrYg=I zB}cfAkIwr21-lcK=c8<|K};gqYtY~&{jyWa*!sL+-Zk3Kc{SR^H~IRRga@Qbs^h&K z`VX7q*mQweI1=4*mNUzk*6emLaBj2=^*IzVB2Vlqv(AR1bGVu1OsXktuh3P77PU^3 zgsmiD+{ir655dM_Tuo(sWDEO`!{m1?MEMY3Q#PNR=n6M^Y z7&36Y#^Lzr_rvDIL~(`E*lB3U6tAc!0bc$}Gu}Z_x)}lCl!apTfZ3VRQFj>o$5u=87jl2V`u7m3P+|F7TDF z;W1=S=%Z{@L&!sHgSCHWbf`e|iD-sHrK2@!M20(=gA^jVq)m|c9eNgDsSWxjq}#3# ze><|#T_~vZkPO0RMq6|}A+(PRArvgIAg>rTqKVY2;Pu5X6bfP~@LR^k;5GoGeP48j z1QL-gaNZQ{=;sKuJ*LT`dN7PjFaJDX_vAJM{$}JQdG#_bFiN@2j)?N;gbb-BWS(>& zPWxt|>1QyGs#yP!2#4q)4x#}f8+`}vK)o+xq|`B~@Eh)4gV=I&#&$i8kBp|ujJFIy z{G|r~qr}EV7tvh@IeOzbKkorR+Sfs)1P{o;zGxb7k3a3m_n-euB+|@fqq96BE>Dq} zBFH$tJl_z|E-aZLsC^8Zd19F{6>*Iy1N`~u26YfQ*?S&^a%+_u&T(*&36^sI;|4(X zc8Zt#Hy+Rvy{Us^reuI68@G!vnUXT=LTFu%8ej;eJ{mj`O&PXQ1PdmN()*r6oaKyx zU`igsJ~(C%vFrP^Hu0FFx3!owsH^aieaK-)qvydjk96xXf0 z@0D(CLbIFvj4wEEijJ-Xf0Wpjnkzke5(5uSY(i6Ilf04W^|5!%$n^|GC+;tlA-YDHlrCE@y6nHS2kWWJhN^U#%Doc$Y@ii?$U5xDX@V0c3f__c zyeqM}8S_{?qh|FQrLSOVy6<%>6Ay{`AI3VYk&5}HqjG-X{6DX!eF#h#1rzqc26&Hg zqF-!)Yav6TJ9Kp;+R)9{bEG6-W91<>fP`7fodif4wj+B*j7)G6^0@x3gvAqAEZ!Vn zuNlM9dw;wOLFu0>nw$ zGXv2&Uj60h^Azow)S6AsdsM`CBuu)e#?mKJEPa5ty>U9I!P5IHSqfgkYmQWEk6}m< zbz)8Ke(No1?mp_c`>_#l*F4dXg3IKU8_J%?;)Jg6Wm@2LvCJZc+xdfe((_xshvP{6 z62Vu>D9hIoNc7zw$quqWSR`=mDln#$WFI>%0pi+@J`t*wQaA-^=oOeI!TH|Xb;|_A zgrl{8kX`=P?r?^CS62~E$CQPIIrLc8b><+N^b8(3}10-lEeumbHER&WT03ega7jbKHua8u)VLo z{iYy#m~~{%3PN}LXo3wN5TWbZWJ>0y=p7GKnFEb zkzos5oGYgw8UqXES3EL_L%&^@!m3jmB$FO7=0jOWCm-!niJ+@!G}dFXe6 z9Qs|r_7jJG(Hx@U7QGL6*r8wS{B%W7Zq5|U_xr}b@>y-1L@Q+%qz?UJF}lEEb1JX_ zTue&ZC1;~4r=`KUXW)DaQI|5Mtl@#=IYSIvKsvtnIQxvAJ9!K2o6hiFL@Zz{^absU zF@N7a?t7cllY0b;0xKOVirU9%A94hJ0fOw}rL>h*IBfYj7FNADd^_q&$B@35`h#f0 zl_CcVA1rh|h^=;woD*@ToA1Hk%pXE&{IA0TH_8-`7wY7O)OnAM1$f;L_i2-6BEH$S zW?2SmYQ**cI1vgdOSuQ-hQSBp%Z!4B&dKQMB839sn5@2uq^QlEoL~F|{aJpGszqq8 zo1WTj(6Rr3Kfe`V;ApsggA=vMe2+WW{MC4}zN?H)PF%8_pDZ#qxkAR!4rPo8{9X|7 z^ZayymTL74)+%JIuaupflCi#?{N(sg@ zJ|ZQsvH(tCYj|$$OlY$aAyloJO(93Rh(_fz8sGrXR7&NWWnzQ|~;mjj-g zPso@iFB4{P&%t?m=(wlgN4*NdA&M$(>0E+jER1I69(2agaHTP%2ceuX^s>jKhg`k! zfL3bOJVpc%#?0)wEW|l&h|4N;mLrAFFd(2TodJPOq@)4yAPb2BF|1Fh1q0#>SkvI5 zOx$#eR8S7H#iI7DVnDE5NU32!JoIfrw@g4BebMW0LqeF(hkzRmh^=NoTo=AOITT%h z*_HXy2$}a(4G4C%%7D0u4(7B0LBFw!KUj#oe~$gTpW45b{2UdQ@6rCfPZ{a#-&klk zfbI`eviu7yxi|aw4XjUTs90nlaBsr?z2~XgzrO@jx9ED2BD@JK<{}&R@AiGPf34iU z+P~}sd@S&IV-sc^gZGbEGKufNi{@>xc7S0WYCCDYjh2q2sZe>7_i*@$XkmGY{WueX z#15FmI+OQLa#OlU_dwJq;+v4zw4A|Et=gZ+0;zw3e&OXy7~7S?#;x|f=oenz#{TJI zYum4+`!)5;LqbC6m!HjHp_=*yy@6IS292XoPQ`-GzQy3QNi~DEj>n+xTPhgzMN)LL(vQ9yh^H+G=r!JD(qWbPpB=M(zb^wHAbU9ep3*N91hXD1R+LE=}wx8{*-W&yF5UmE**}jl&<=rw~%f5eoSdPTG{H z#VJX9N}Q^a7t&)-{QA?475qB;rZm4WEIj=&)9(moS9B|g=xi=$Z~Z^l|8G?Gp9D$B zYr6mK+JBMM=vMlW%;t3cPv{%BjRIFj6a1_x)nHf4jYfYm?H66|ZQn}GlZa2S`{im# zHg;NN8i;m0M9JQXn4;vW-`huRJzcw~zIf9DW{wrO(F^XV%#|7lC@*(V?5elgQ}{nq zXC3aVvvl;F?{Ht8$28%}XyT78;xyI*i7)cLn?+rZB$rQR*tLzUfxXp67)S?8PkdBI z8H;Xbr>vDMPVSwJuu}l$=RCvwu{&X{s2<{8RkY=W^>sSG0k(nWuIkZGDTw|Ep8L8=LY!%6oVlksSU_~xiB|3 znz)kf8@3B{L`yURf>m>GUUeME|9hk;b{W236a7G8bHtR^^sEqHSTSoqetbo^ObU#xg|d_ zb4%`?2}4rg^9_PKq-?le7*Q4}1lDdbBIvzET0{&3yU-8MB0!DQC^-@xsU@|uAJ>v) z3<-EJ6(ap`VX$hs3$2_$1TL*W+qZzNd||1os?AIX8fE-$#_vd?T=7J$hdem!=v6gs z#L|+|;;=AJz@>D!D8RA!SC~G8d<&4#G@E5uPKd%Gr4~FZ@OJ$6k$!LpQa-z90AlWBd^-IH9&)y+ zR_!J>Q?vG;$s?(4WLSzIS0K3wiDU7jSlE&#jv42xB8B9LA_c+cwpdTsT%(jgT6GVQ zC_O0G#Nqvl!$!7*+EqPZZT4Ve&Dzs_ZRx>CbfYYKa~q`xFV-F;F?PJ!6UGb&Br^Gy znr#kHR`@Z9yq?75R0-{foRI#t(zr_hTGSj7c`bFp z)TdW@{z&xY<))Rs1J*z*;mYgllu5Nl_DJ+$S&Ty5$od_SHMStEuhan@T2ghuw~{5H z%tT4+2px+*qnX-Z$kdw4k(osJiH{n>DLsE0N=e_sA8IWK#Aukvhk)xSgohJ3oCUn( zsQWyd_IfV>h>2kOGOzPH?A!EdFaC^UeH(!rc>A;%^t0Fuh^px{*tD`SyvyCNnZO zh#`+n?8f*)pptA1&m-1w3sA)LaBFqLMMDOoXivxp9JB|k8Hb$Isz8^(K1p%zae5jB z&6BhxmT1y_Lp<_B&5fBgYT-+5C{ivK1pOq?L^1%?#jC3k?^bUThyOnlalM}~g&ccX zAMg}}{2yZPuNtiy-=+-1urE!b8lWsRLji&&i7K$%`CiITmcfc$NftDR*ov*o(Pq+u z4eQI)UWlE zcH?VdD8Y(i;LA#Kvb$&Dl z=R2Vb#Fs3$O3&-r($g>{+D#^;Nb3A;DS8HfB+)T0o9hc)4z91%_uP`G0f{pF2)W}1 zBKiTm3nR4@3FkEmJF`i7L;G{ou8lAw0bxvSjBKAO%7{?}4R^IZ$jElvr;HCoj@`wL zxB$7>&!(5ML?Lhrq%%lnF!K`vue$gr{KF>+CzyZ@#Ta{KIPWyV5QNoM6zYC=%%u%@ z4S|)9HWBa$?-&FQXuU4J%I9M~!{RNTg<59IqSBHkBMQ84BhfREhsJa-l8$Gz4=Tm& z0)$*-LrYo`b>`IP9*ph-Du^7Fy{2BRH_UqE4nWlB1(OW65p~oo#U6-!V zLX{L9t`$Z=A|8`U=>FkoDuW~3v~<3&jnA@9NwDo*o z$5qmcy%$EWYq*kQH-lz)(e^>wRIfqCEE+cr2>#2@&O)y-jZPc#W7t` zDXVs(L|uH0mSYa0G-;EOR=SEpkSxxACrh&mcAh{+wGYGn=zhzbyq87$OB5CahLF|e zp77!>#Ud07}5*Al(h=`m%(aC9LfFPyIIlPZQh*1F%Vh0>2zcM#@yO)nuFolNi)?kZUjP;y;t ziB_f5oLd(sMtn-y-o^kRhi{{Yw+ChW*I$dG8jF97$rc1r8NC)tr?!mVD8<~2wNhuS z#rv}^FEehqtIuXEu*eVSDml1Fp!oS{EIy+$;bd(`C1ql!IKu=>COP^$#CWd)Jh>81 zeG(3~B+L(mn@y+_I}~bJrv(g4w4{SolvxXxqx58t)7qC{bEoF!b(INR4udkFYG;#- z{*&OTC1txm;-!bVx*mu&s2^9SKBv^X-^ijewRWGFAVXr%IQ2+Sf=El@8uNwPjv!Za7+e0sRLX3SAoz-rz>R zH;oT8tRQ}v|2_=y8O&{@_z{jKzRqNdwlW4c_ik=z-vGC_c`vS|&{>E;j+RcM6hGN@ zt$mBx7YRsJRZ>=L;H=+`?d)CJ3xWJZYj_3JwDhm&Sd3Y)_! zvAMvoQ5tQqKIz*W-$NlkvAmKu_86@kA?W+8Cf`xBTgawdHHhE=WD`hAhD;1LVRh1@~q(#PAxLj*9%(Wzi=>|VviNbL66(wHQIvZK+DHCf0 zWo#T`oe$!e!X2Mjrz?O!tXD`aDqg?d=yr?SL|XOY;;*tM_O|#)3|&dvbHr$XMZq37mXzUu3qcziQaxG&H zbQ#2AHP(s1B3`!sZ0nYo)Xy<7d%BMXc^ICMAXOOuD9{O^Q^CW+1hPfS`$ zC(*hi(QAIJBe!`3u_z_|>;)v1OPbEm0`LODu7zKz!@~><*8;+@+^YVSLNC+nBR^sb z*4(}FlA;Y49&B#^&>Z9oR>%q5)UXRiV2ch%YXYR9Xa!$n!_pxz5D-Xp@olx*)W!Nb zBAPHwbbo0iev9vbE#fgetF}^2WJRN&r`!T4k^9~-!L7d^mT`h4N7fT_Si;`lC zA^e6|3eJ|BkS^tSp zQ(0vtOWY(7guT!=a00AkKx%MwB{5j3ttD22Nk}l2h>PT^W5sfTw|y^F7Zpca!G!+k zK1k9`%FaRfsoU7l-CWC>>p|j?x;ompo7?*)FWV{(fw>vV>w2l zX@^OV0enYnV^@5M=Wx9+5B*TzT)_AsLD591ls7#%y%&JEf1>@u#_uGJ;Ya zot7z@NTn!3Z4*6LF)w3y(`%j}NEGFMkRXVxR&^nPZelyPmJv{Z;DBNgpkc73XA#cz z@!84*aRvpl+Ifv8jMp(a->h+%GHL0S0qmqY`|gK^xF7eu2$m+a5^sC8`U_qC9vlit z)VmX?B8~y0U+;$mg#H6}%tv*^QLa6IOvFNc^_$f5ahguYo9Ow7%=5uo`_(PbTBo5_ z+%Bb<{#JK*^mR;srAy~9!2VwJ$azS8iNd5rqoZ6$**Yu4!s@ymJ}8ZJke-&g4OSN& zMAgKwM{o@SxwH%daDP!=`xpMqdUGdQGTyg5^+s-jqOELXBhwb?g!~WUer64@b490< zc4s@>pZUMSeGI;>O5Ara?K;rUNb(QR{l98}?L`_P>Vb0ev*OLUe`}$M zSVi&3Bxko)e)2Lp%&SMS0%anpnJ&BG?vkDUXtw%aG>nEtK3p9tTTa2sB44M_0* z?Y)(6ev0MWD$475cGX`z(S%8((3yu8T%;(C4QBJSk7&u*momrj#Uy-${?`q#Xyl9^ zYUj^m&3vKrJXC!t%EL)AnD0OG@weg`ilFHX5k5lWd(2(w_!>O18ovOI%a!D_u6ci7 z0pi~A2^xg)<=M8~i2)_D3{Byh(?#z?_OAp7XeFHorUPI_!=E@^8-`jLDP{AON7M81 zMnOVi)}$Xc5n+;f(Iiy04wkZLbv{}>bsmm{G~_3s>y5x8l5W?^l?W>IVV*=c%?ss- z`&>Zz8K4a12hqGz0UFkNmdLfwr^z%f^9ALBdqogxY;xebiliAOAHGcORugzEpS;$& zEoqW9kq6c~cCx{Wc9@F$!xz;3WyOhG!G*CSGxlwI%#h9^;%teT0PoPQ;(!-F^0``% z(Bz%m7gRw;&;b`gY8F7wM3!q^+qpEO=SDRCkkc`QLL1To5G`DpxI3PLsxHLhWY>Zg z7Hn!&Y}P59BnIKm}Q`8FA4Z55*oAVpFE(ryJAHR~jdGLPDE zh8pDqpi`p^C$rk(Yh^majS}pk>#2NA0#~KlrzAv{Xv+(FM*+R{)}80EJM6Pm$84d$ z_!xzb$?2)PL@?+&#wnoZz)+x-(nws0LmCL~H?W*W{b1a~zG0RXqM$*!M+D45)M{~s zlt?JZ(p;P#Thfb_M9p#`t7O`#)HRor&G?JShj*h0ZMOZrkPq={gtq%z~?_|#HzRn{d=MBvHg3mcB>0?=W{;iu8=d8IYpoIgOHP9&SIalBjo()3go=W=ln6` zJj|R|`<%aqoGr|GvCnzd@4f6?$DDef^Ma7m%bZx$8ENp+kn;iN=rxzjX$v`TXU@&O z&g_tL0&_m?bKVqk4rk5^pYx88^DO4P+vl7ca(;g~a`ZecG5A2pd5Af$@O3^Ka&Bji zs%O?Ig`6)iXE(-@a_;Jo)5Dx!`kaj+=e^9)%_l(SDgLek3iZc3$wKn%a3T+Y7XKerWGl<^)!nmeX6bSZ*?U^E%}<-w=fpYF!g*oyl5(o}Ugm zCo+df2yx^qpt`1U9Y>G98j4Rwah7ynxJxwmtx)QBmjS3UmPo?vT%88ml<&Vc6u*PT z9S-{8qeBHFheKn&|B+C9EsN7_K}2vBB97^!-x@%tHIP{9n3nH2+*Fsi8&a+=={BnlB^hNeOU+?L4o3>Pyu38yPL=^- zOPlJ0PPtSai0O+xZa^ND7E1x63-H`oqQ?6N@OPOjQ|Q&dV^!`B|D|Np2BXpKs9LLco2+-6pJMMehTd&7PA>%v-Z49W zqryV(Zuv}&-c122)>?J%4g&#fb*IU2n~dbd-2Va_Lkq`LUE zt}R^>Yt#d`bQ52#cjbetjO&&!8s}l28Q+EgPKg1_G3C6Lb}UB$qE1JAeYeq)}E`z4N2!E*zib^(OKS4`gAboS%l1 zOGZ+d`QOV=cmPlv-7eJ89*h^w6bYVPnU5u7(*N+=AZ#ky5aVRN9X25@n%|l!=6xNE zH*u}d;UuePcBd8Hxik9B*JP>4isbWfRe`(H1*8 z^DX^NXxcZg5`KcB09ilMopRfGRHk?(ph;N~?(VbkiXtau+&NdF2TrL1!Mb?1=EC`w z*p6&NZUb{UGEo;mGk9`zLoP;HWsfvBFxhpU=avBDl1%YzJPqm>`UZ150Kp)JIx>Vu zFtxfNyqa5Ma;uPyHKYEtOmSJw`kq9Eu`V}a5Ei-nqcOA<+5=}glkhnk2>czjh4KJ* zjqv9$gfjqzwc80^NJINB<%c+cZvsF$MOoB7M*1a8c+}(zjYkQ((jBscySVCF7WT=7 zn>!ps;4*U5Hoqki^-3~qc)RnH33*CrxkqmnEeB>DlW}4LF+UBkM1bUDc6frcyNbgTj;9)iauBrPT5a^55kAO@8>Do+;W1 zMi`PQ0UDG2-00=kIJH6NVjD?PlYq#gmQb=1E%<-i_!#>YOdQ|&6F;$4g8>9rP{&LrXij`V1 zU1R-}#Ic@--oyoiVV=l&SpdegH z#`x0^XHB$zV#L;@)+M{lpc;8MsCBllR>>j(1EDN*?OKv4Uhg`Y7z(N8E*Yn}PrByL zXLIULtQ1H{z`-zTQt-OQfp?vQcM#!y5z|u@Db^wpSa)QK-~L}?edD=kMg562us#RV zhG7lm+=|ieUe)f|YbV}9@MX-vRh`&|M0DakneL5%il_HyWZi?Oi!ij= z2;GoH0&sgV6SySC$1epZjRM~#xaeHGi#U)lioPG{I9R_6G0eMUV+;#YH`IHe0Hh5q zABJblkEVh#AMi|lvuEo0o~d&^Qx|!rp6Ho+wrA=bHzn`-keiZsy$#EIv@w_)CF;Ph zFmStUMwAQD^vo42q$7;?X}D{>IJ>N5{BEJZD2?i$0rt3+KulQG~j&RUs6Mz%WRXvyG!s{jR`1!`#fG!o3<_{*x?UubZ= z83vkKGtPdL`4HzhX}Q6o=T87B+x)dZ;c>H@vETAeba9o}e~CE^D|eNN1;s7%s#AlZR`}Wqpky{B3`f2XOdQqn95M!8NbxpOBom6aj5?HLZJHS zM2-hsZW=*UF+}R*f=LWU=*A=QiYMsC76X*<9gIdjUlywxRckji;u^}bp%0=V;Wlh# z*j#D$(&j=lb9^(TTNWX@z~b1d#IrII70OR*P)l#IqXoaoHU_j9&n#FG3!UM zD00ic#`u9++X=N6RjRdbfNJr2{PD<0as_v%r|2042wJaz%O1!KA$BOrTx!E2`0`cN2L(4*bU*ufUYv~TG_!K#ir2itza$)fZc<@TCovDk9H@5Y-l+FBq8H3Y`#%;3&hj zZSXhZq9ly3awJ~)5ONP&-kq73k9Lfp|4nfDVlapU0XXurDf8^JDf8^JDbVRz%uNZ7 zJAPBY^ZUn${=;qSV0HP9X0#EmXC6TxM?l#Y!56-%{?-9oUK~Fily$-96h>W?jr26C z{{kO>X+S@K8lI3=)+fes0B`C7{I?kOBtBypeSpRzL6Q85QcKJn^D@Q1G2bb>@$}2m zOi?WbQ;Jp&;Lkzz_(uG}kiKx-Qs=VNN-cHqxTRy&mFfESDSmM<1&^q zzQ3Q(_`ioguWpcjp0%)iB=wAlQ6?}PfruYCd z_Bz(aAO9aET;t6660@A8tXGT2#difu?N!1rV=3#^NBE5Y$v>ZmVTi7sxQ|^MAL(ww zwXTgXPDPfou8pq%FJ~$1+W3m=3YN0275I$*$v=1Mn46m^uHBarjCFQRt7eC@A+CH2 zjFjhtUgHS>rn9o<$mpV z0bYSJi*q{<07(I0E>?s47vi=FLvXGEG=$tBgjG}wzZ|xmq6wL9dS9?@#Kn7zxmee? zdQ)Aczk>E4?5|xYMYj-|L+JQCEJwWXXFG6O7#R(q0)$@AUWi@#dmU@IOQji&O43hV z(hS_pAt~D}1ypF!$P|sBoJhET$lmRhP3^9z+x4dEgus2bVW;Ugb(J-w86dnJIpgwjwVNojOp68CSU z)VxKxo$ZSUn&(Xzz@a8Jq|y33wBC-G^m!A8=HN2>X!$CWOrR_0k$1)?lJ~#}OdXY^ z(U{jg0x;-5O#C2BgGW8$)we(HI(8n7>>g)+?ZG3J_ihZ`?ru9@==BN?&EB6JQG}s?644t}_(3 z%1jaB2TfMWKz_`m0%<`iAgjRjd(AkPMD{cIV|E{fEc(z&aGldLs#e05LA3g{lF3yk z7*bWHBvE>mH4(HIy%@q1AHKKBSP({kgjk5A=%4#)VFe z24DhlFl3^{kg*R*o^=I~a((B~)O`a=mzP0!5h0*2ZWKf^3ZnQc90kA-(#KpkAl!J! z+IriCMMwZ+_thx50tX2pL7CoH;-znY{GlJ{N}Zf{9*|i>%M`xCXJ@*(!s%WtG$RP?GY;a-`BeQoYU58wb|Ob4M|jGG#TD2JJb`w}1^ z#=g^krUO7!8ON_j!=!MjvjM&mdBUuR1g8?`aS(hjIt_r_H`v@1h^jCzkr98x zF0wEaguM2>Z5M<0IP~qpW_Y+9mGEJnd^2tynbULUoSrQa%|wesk%La%&qabnsko>C z@M?!hc=A(pbR#9>8?rDLyn2WGD4GXPAwT|we^6IWT!u|tPD2;LDvZ#EyUII~;&Lu> z7*@FpcPZTO_o<$pSqDq#{#CjAO?n=QUx0$xOgnC1X8X>Sx$o*-*f3Ri9+GC$cUR@U z>kI!zTo0pl0HdK0=+vkf%V_34-7J$=T-1QqgMhWX?k}%q7`I4J#(k@D_j$Ni)q=~9 zok1Ehy;lKDA0>d6i=3GfpfJO?XVy$Xk-m3UWx{wzCIzf-z-2xU51S_d><{rE`M<_P z-$+&dpI!bS9yU+7b&Mt2cS)6-@Ejk8KP7ybt-txAx8V_C3maZjU)Qq*cs(JIi@iwn z9e6%oHcvS2?mustKo~`Fsc?|=)xFVr<#GEWT=>$^$x;b0_G{CW?&DeGP`n8pe2uA= zzs8gM9Ry(4x9@t5kbC>8+;&gymtyu6O_^k)$Mz~VQ{_zDRzj>&52@ z1s|-=ZRIIt>X&<0-;c8QcUb8mD{c(f$u)Uwsrtt5z_uZENZF|pH z{#We%4ukh;dq2U-m+bw1%fH0lAGi0#73EL2_dBpw5dPcyqxL@2-d}=4`^-Pe)wlP9 z@otl=+#70l2a53W%)N-_dlW+K)@>9(|!=|7{K=d2XkeBQe&*@ zwgIXLJ$~c9v%=eR%+tVX^2H_0^|TtXX2u1N_*`5v|H}qDVO3&-w;^-I<(h$IN5fq$ zu^I_wq}9cA+G`|j3!VrZR$?=u=eZ>JHfA|)_W7O2rz2oVb2PU7e{knoIX==dOWA3P zS;9Omn=MyH8E4yn9EV=(FjV(UuMe;Ux`d_dGyTFgk~c?Jf)}Mx zLD$QDcQtfBf@=n(!8%EOASoUkXE?$#BxQIq>&ki>gJt#QBzg2GS`-`58g%yDW?|G4 z1C?SVP|6A9xm=iu9UAznFdVUr6LGJB6@{UHwHn*5q7xxB~>vbJPebQLa_ zbDgo|;&@~9h^PqUl#ox(64m-f84zbd|gGg zKYsdx6ev3=NJNnoT4!dbyXV zs8vCFkw@vJ%_*;>T$G>%q7*oVihCn!F33FGqYyR zT5Hy%OBi=|9HABee?!}GGk^RmP9vcvPT!}D?q z&-K8AX&uM&37gas$6rOZ0RsypURPVuV8oFNlflqN3=wxla3v=k z7<68VpWtfW&fNzC7_H`?U*QjDp+U=H&6X(g0*y-)d9ub`=89|%uHwivO$P0*lA+5p zO2$=m%K=S!{5S%yW*|Y}UZibT{&}AgxI@rVg_s2YhL{9_|0`lR0*>1Fr+`1;X~&?2 zCKF$QlUt(t{%NHC8R{QNFZKs~DXIT7VooD5^eK?j{2=CBSILOXM7+Vtt|D=f%6@ZY z8PFFbp=&*e(cbq~t%-}0(9a;&;(N^deo&z=O+s_gz(TL|zOPs4<|H%+Y!;fUl=ho` z73t;%LNjvK*a98nW#Eb|G9=VrGEDG*IM%V5D|BYb^QyAm%JG?9aD_FJuHRncsRIFf z+Y3W5gLZ(Zp%0@#*eT|NVKh4qgv6efF(NSH1JQ@DC`34Kz&qr?3|Iyk>~ZZO6J3rz z-;^EicCc*hY54~11_S4nT{u0a8|Gf26>FnOkv$|1Zfe{vWT)!;b2i1E-PRQCWP8ak0d&&?eIj~hkg-FsO!t+u zp{!*h8eg*Fi}wU&6D%|?rG|AK97fG`bg--zi`Hg5QTBJyT^&4`L1O%^o5|sv}}gXNwjSEPN`O^zV|79!kw4M zb$%ijynp;$Ka6vIIg#taM6QdHxz3Ms!7t?m6(dW=A(W%y&?O1ZzLww&=R7>l79>i$ zG+Ej^F-9B>@^az0k*9DtVe50&6X#kOw3sn4HGdHj^zaNT01=BNf>RR{aU~-X$i5LL zwg~i|aYR8PyzK01lGzV4(2x)siD_W273O^t=Ia{!ri!|TcrO7|%MB-0Y?+yzhGOMN zYS}JIY6HcM?{oHkH4NRs6-;=>Uh=`SR@jC!7ogi))p5O9`=zzKOWejZZ$+re`O^lw zKG8J~*kiZel5yOqN32Ya*4=53E1wAm1?Sew6*;7rroFm`2*SeQa$N}wFc%MSyPvKh zh&e_Gld3Gz=$U{Je-NtG5PzV@v$46@Ev33E^Fp|F&$jpZ({-l=-<&z}n-{lkUEZMc zv7_?tZPDW{1s=EAv`J^en5Um5=w-$S3oG+-Bp%!oew_)e_XuVi-?}r*hWMJ$-C~nI zR<3oiKfv)?EZv5MpV{rWpM=g1o1zYO_(+CuNG&e8S0!yOh4=7^zU0GiST-{L_4T$s z%+y)BNb5s=v*1&@+Z%v6Y@g%FSGv3K$ln4z);CNACJ>yj1mW^bQJ%Rrh+6=|Pu@uv zEGu2969p?ww#CM--KTBCU2HHjm)qHvK9-eW8YI$#8`pCr&I@6@#j^uQMK>`CnynSW zTOcOYNMWw(;bfD%DG`fla)#TSj`uwJw=);-hU;;OG;sqPkY%F(;vd_8>6#wK4U^nm zvhe7iB)42nV!JVS$@ZfqLBvfU;38ay_?%qT=%jkEP|0%yuGCMOQXzZXB|9l`%O(8V zCqnYRrq*n^#-JD=m$^!${KvmX!i5yIT7=FQVJi$-P|bm8C&48PsbTni z*j#FOfeTE!pm#|zJmC_+ZS-Pr8YT>%0xWQ@2F}&U!F3;(V^8G3C|(L!B?*AD51h1o z*~Ivg_$=d8nzfSLgymhV3%Ayo$9ZV7vDDjhF-p~kEDT&x>LUqP3_Ae_NzfNYHCXZ& z!zIiwE0sX@4FxjGgx`nThnae~b;3c<^AJZUJ-1o@hxxHjRn*hv*A65>woCX&zF{He z0-`YG$^Bh}zwfY^GLCyVoj8h!!tm^`LPWMd`jk`#Q+PoW-gm&93{E67TZ?ehwWq9q zgz5%1^of7Z`wrUP9Od>I5O}DVv3N>^NZ4Pfvb;(Tc$Xky=R^X8pwEENyT$qWawl8` zm78R4c1k`2BCI%ifMiloC}@)dDRCyzfo-oB-b=CQEd#$9i~%H6W&jC;FhGx+;WH4d z1JSsU;A6t6xt5m|xNc^Av;I2=$>nn32)mmX@m?@n=f~ER3#gnu`0`Y)A0$*}4+(>? zN5`L`*^4^tkFLA`TVYm5{Kh zJYkX~+*_V7SrUF;o^ZJ&e6u`ZiX<#3Pxyu;*u^GeQOMxFl8~wgChR8(sd`|-5t2|= z56$AGL64y7^>C$nG(&5qLvdgdv=Opv;xUAK!q=9Lq-C-G#N)_}RjmJ!6|`o!$z}WG zW()Yyu7@4TwLWM~$w^ei*f1rs--_%hGiTcxoL^ExpxYH{83`#NFafoUgfbzhv7oC; zbs=1C2X&TxX>i{N3SWnUYFx@ni~#Aa*^T+;jqqLbtZgZL?ED-~>>uJ9|iTogLcVhQVk?LS>qfFbK^X+OivlrrG#l zY)p^?V~Cqr5>j7``@)=BnrD5=7(<`O5!FVFL&`=}t9Uyf_0;tfRuy{&V;TvSnMT4O zO!u^9dxpXEH=Wv1`d}CL)2(+_B&mvIO1Uwe`0Up8Xne4QneYkfVnwF92V)8em6<}q zAWU_)WxI#L)SU_A45s!A3il0*shNCOHluuT2pWzWl&=Q{;|mFu`9i`Vd_B;XeP9@T z{lW2IDht;IzRSuIrlwMbD^}M1gE57K%1j|)5T@>L%icc>rofXLF0o$Lgq1*_ooB)O z!OXwyd9CuM^XI_`M?z)7kuV71i3{F_9P&x4K}DF=*@P*u6PcCiio>D8vchq^(4Sph zY~|uH%U&3#(w?uFo9@-mw`HGqGM@qr=f$Ve(7xTNG{qS=@94Ww49thsl`38j%O5te z?(Iu4>(&Ef-^K7wX4~PL$Kd^>RxA`DHPIt|QRgV7 zEL;PO(c@Sq=g=GLrIP>>&YdLdrTyKRZG;G{H_6&ft}c9IY&iuhBs<@XsRuYP@pA&c z8Zn5Wwqh|RSJ#z8OuQUnr#3N7>n%-tlcpn;rVunSW4L}FUBh+fyWsNz2TdsspOav) zQ8LC%hSDL6d)gLvCs>L$f>VgV6?eQXZjeH(te32ia(C96?ApoJ_*Bx|L8Ped2C40x z^|x!fc`#xfsSnRJFw+w-dssZwf-q}f8WS+Tf5~VU#FYuh8<<=IW*>`(%PisB94&&L zISH6geDPnA2rb2+BNP7Kz?_tTX|Q;pY?<(O12ZoH^Dh<#^2~(aG%)8RU}jnvP@4%a zFfbP;U~(1)8juN(F)#}fFvnXMq-Mg224+zL=0poa^AU2qNZywuVCGqvafEpi5+Ka- z1k8L3!>y(8E(5b70h7DK$S@$xbq1z00ds-H!|k5%A_KEB0duj1;eu$$-CWYMDgkqa zg`pt}CmWd637FR(GW5{=hGPs&F#%KmFqhg<@3iINW@sAA>M<~l{OxMDWpTeKl;=YL z(`#Vlx9i&$W)H%A&*14ZF!I~=6AM#Mm`e;yDS_v+j~aR=66VteCNwbe+x1e>==@%U z+26qQ8yNZRy2F;W4`Id{n5_mze!K3rFp~-MM~?QuSLPjB<(-wku76u=${J6Y^#-QK zz{qdcdW&ao!u-2|sWmY2+w~g@Gl4Ld8kjl*BfnjLurO+W4NSd(k>9S+!t6^t(+td{ z1U;`mU}3l<7|MOIfN3-^^4oRW zc}B;$i4^|8;K?OmwqI}Rl-+tLho6CGP6FnQXAKOONW+s2o|6oWz;=zbcs@Xwj~bYH z21b6n?)bUEvnyd_6&7WklYsfXEsNbw_!s;k?-wRuLJPzBO}N3pEHE$)BExni6?C6OSmYcn;?JwDUT-*&WF!`34d`bsw6vK&pqs%L+>)y|NA2s=wn|vxO z*e#Q<8yl@46H>woFgLm?t;ci!pmlDks|2XHTehnV^@!D>!V5+f!e!JryYTQNt3Z9V zR|h8+gUQ)qu+ySmY;a75!5wF=re!l+&XDnc*Spcokl&v={Rtwa7i0yF++^V`? zaP?0#tpwihUyilzffCMW{}r8T(84hj0{slw9WX#=qAT#%?E6Gt!8d^TT3OICQ**o| zfrB;hq6FAiJH%{k2>eY_1}&w|D`f{Q1Xux)xzhB%6S8Y3G6%`K; z{2xwiaSMid&MzPCA6)%mumuId9153IzNQ{&X7)m7kuj2tp#r-=M!d`(0g5|a`W-|( zYa(RuNQmE>h?8s<8Ac(?A{(*FKwM}e^cA+z6BpQsYYfCZ8_{ec&an~an~0o^_^gST zVg2PPu45X((Ot%YFgVzFB-#FtD&y@mLkiOAT9*(PF=jhJB~R#_YzQWNQF8=)PM zo#jJfocP)f3~j`C5XF6C>>p>&)~NxmaL!OnF2`|Zxq_=BHHmiXE@iUod&Zd4`dAvo z@m4xTxE|ZiDCrIp_Xm~o-zXHojRQLkxNv7chCcKgF~btX_0x6cN{Z9Pg*yi=6sLCgh# zp&@%F;))2dwl~(=rMozP{)KwjL%P@FcmjIDgj6|&NR4VrkX{MqJ^{DClpu~XGKAT4 z7dX!FhAFrZ)|iSdp<-(pW2;98CL@T zG3ZE_n&v;nq+O0nFgaeCLk>lVb?m(6?KcvmA+6$jOb13hJDK^;(YK1!ny zkLGmTMt-ZI;dsrU8QdFIj!6#MFcZC9vo+PidnOgF0q%0a)5Fy(OtOp`e1i%kNiNy!LI zlO#f2wY_fDT5Hz>T5Ih(ytK7Wp08;TdB8q^pAZJM1UfLDE*AtZpRgt>G#A^$HR5r1 zf4z;w_V;5!%S57~$Dm$;4+jTC*1AaSxNRp+0gtt19|M-Q?Bi}zf@>(uY9E4+a2p!^ zMS%<1($?n+frh`-eoN(w!V)0ypR3=v0dDdmxe>hQt`D(&l7F1L{9VIi9a$R2v5IY# zfW8MZ^~`4Ih*5xqo0TNAO{WF$5suB7^G|H_8F`%p?z^4#Z zQ6ChA*_Fk|6hT`ed_ab2H$MTi`kyLVXC8QeE-Y(gVm* zdQ_Ww%{&mEu|!(N*619Q91dtq#h&g+?M2|zkJH-HczRJ_Cy#}_CqUwQ#B?(ooMQpWUdw^?h?~!-TD1D|nSpT9&>gz#ahcs~GldvdGqK1CPGpb1nQj03H2 za>@86iw9DH^MB3QvWTA?m9Fl@7ka`kCL;ECuc8=;sew47$60VNQER3-43EWQD=52Y zeRjie#Ty!f(u$x)dODuv2Z3TstwA+?ZLYOYGKT57c8$OszxNG}i=tm3 zHs4$iWXF?IYzr~L{9)( zrD&oQfU!_vylrQ#*;VjO2B-6Y&XT;!D&|pAMpnad=cQqoMboAJ4cF{{kkdXH2nBDjPf| zs%LUE2pCfrHxXRx;s+ARA?Y0XA~#M$mhgdUY6#~JDpMKEv5Izh&7>iT$SNv~t}SnV zsd6oE$XBoBFOfB(kB-1szL_IlrIPf{M1o4+(c5Qfa#YTLRjC||K=Yuun3$E2;L4Pm zXgF3A4aaJtVXG!z{isyKN>dFhRZYl&k+x_)EKDZ+H7;d=Xv;MJcKB@SI(%i#KLtgo zO!m{lV4Sj@xsJkxG{CI|9?3;voe+@GXQ99W)!Y|tXfu`LTAEI#U^Kt&QV zSZ?_UVxv^%rN*eJ2o4FBL0y$_*ZXy{o738{J>7Mzt0gt<+3V#@!}ZZECYMwgRx!SB zv1oVR3CPy$wT>8gG`%hYz^NQB zpwBi4*iZ*iuXXQ2y#%(BdNHA`z`w&#FDEY$C7k|x8Y)Mv-%nAQU6?6k!o&ZTXpgN( z5cXT{7xu43o8a2NFxcL7J#X8*c1dBaaI-5COy%mMR1KULNMf7(byU{JkkB*RUPS|N z;{E#Qhmg9h1dux`27drWBpZ4AB`_Wjpl_Uu-+OBD9~y>!GQS?*_}{UX`V~$%(^0(w zqQF772j}Cc-TeGBBj)EfzcYXABlB_QPOI9CgnI;F@#cZd{KXqGBbXjt08+rWk74mM z09gM_&3u8hcpxczdA7wfVn9$#R22I)QH4D^76Qo#AOV;n5efKxJ~C#a84c2=`rBpf zqyFr3OYKdy;YDZBrTOmYCkGHh55_<&lJ-X|;WDjF(rD)kcx-H-yKpN05^s0mB=>cK z`BDSfEI@h1+B}e22R?@&oDf*ZA3C* zK?6s^xTO&kq!(is8*Ynt@Vs7(tiKr4Vl&{SOYw0^krn+Cx8CI?O4LnHcrCI-*8+WX zB%r%?B$^`bsqoN{dxwT7UQD9+G*Nt-C;$k?&*g;pqp^Mfwgk%#vq59y* z1ckY2Q9`^k6LApbQFy~PjvGRhr|s`V`I1oJi}K5e=@L=i{d__O6i$AvC~45*9;$r!8nB|I!qg^p;fHGP$r9!nV zLZoG;Kr`SA9o@JN;8Yo{QEDKiNZ}{93VYMnW5~&grN@Lpi%#nAxCkOLZ=!ft6Llp!Hd~M((O20;aVU z_}7VG5X<;uYZ-?!-K$xgnG_qviPxJdnr_K4i0NipTY-OvBCw+Awj+`mlbwn9n~2;u z5$7XDO~m(}OPGjb1eA+YW(2TqwsDEU)#n$y^%4#T;|d?01;i%OHP`L`1YKD_2`xq1 z%m~mBNm+yl_aCaPm!H!6I%1F?lLor3x*HpXOh1F( zcVnnWhG{MXIuAC#bP4Bcr{XBY8+)?&QwC}C+UZ4y%kq_=@F@>@IRM@OL{H#KF9$f= zdY{ORmZ}`zharqM#M#6E<7um#;wX>t!KuTzggxHi0Ot=yJ{~|DF8L_P==KxnbCi)s z_$3MMk0Hj)l3Qr=D(l@H?^^F9#~^ygw6+5OzFWPsR%49g<)W0{Kr`#XhU1JwLX6vX zK%CLm=#W$v=w_8H)YoW4Dhssp)O0COzg!{?qa|pZE@qpS&^U_yO{%!jK7~?ThmQxX z2kLgAA7#e5NfJ;TR47RTii6f9NkDOBB#iM%KuJbr{$sB)l~MiBDdgb*6raHGjZ(rq z)48j?>23~`DlK7t)1f^RU&j13TJtBb>sd8qtX0q3fED%XqOde&1}QEIt5arR}0g?@MafRgTl9-Owj)w!f2m99n}wg;!oU(-|ibzla%hny&UMoC5JVpn&dihrnLz~ z+L#j1=ruoWCoa*gg$5;!KOl{Bgv^q{Z9>{bU5B;7(Q{K}`=B&DhLa)4^dVX4+6 zM>W&h1mfTUEw)VxPxHWRh6jE|#|qVJg$JcD*WMu^d0X(F^Qvpiu6tM|y$s`*Tz6p- z@PS)?*4s~~wfAj|l|a|eW-*uE>hj+rBn&}2Zm&bmaMuT4<)Rj`pz^T?yr2;aHTbf~o4X4NMQD6$ zv=n%0p+GVi7r_=@R)lZTR|24G7yJqLc>)>TDt$rh(-5@WrL-7&*)&i&Mj*1JFN>#Q zgEo9ISyB15QWHUoPI4p^-k1QY^H)2DLk`N%MBl<9NNk7p{O`C%3&)c{&-`&}95(#H zXFJ}Ot4q*QzAd*F<)~S%Pn5U{YT*n?x}Mwu-OQTK)jfVFnKlI5a|! zC9%DONO%k({PB^mQ>8P4)afOmpqJ>_g$B*b{pdL3`Ci8STIP>OXd{u&te6R%-Hmf3 z3eiTsMT{=u8lAJjldlYZys-)QQo_^veEI4sNr36D@ICXK!Gx?*{Q)qT2LBy?I;k!( zAqb$KLSyfH<5_@cErcpW{%XWKbbKdHx{h=+DJfz06E^Fc5Kr91=Tx!f*{StC~L`Y#ZXq zvE=T;YD5tiK3CaK*JFO`*IsM<3!zk{p5Z5;&{?iTrttZDq_ZRf)HtJ1HD?P@qU#jk z3%)5`XQu-5CpH(tp(w0Y7A-317FgbNdB*42zJ+MD&PWGQYlU<(f6$!UAwlG0RK%$l zL8TuyWTyI1#zOlPZ!^vBP;xtcN>ll?0T89tg z%joBQ_*4()i+=}kx-Po~*2rVkbjKoc%**Io5_iXko|QC%`L$BbmX{8OKr(YBy5S=e zMWiI-1ZQxik{JuZwP3WNRr4p1h(ba;-&>2yP0ep!d`vhjg7v}YHy4~Kb-r9^F33-7 zVTp$LvuHXhX?GxpqA)Dw)dx$rkQpy(VbJkNDylwcS(l1BENJ;fD(d6|8zLUaoUU4{ESpg_ zfurAvu+~y^;Q@I%C>K^plxq}Bl19OJG)J*bU&h=!*S?lf;gS|))0QR61Q;4-!r%4! z3aXhnVVB!V>V;_gRhkE)p$wgotNfxBBxK zla!vvcsVeSksNj&qe*Ta!?ZSmNY7jdXk^OI#0I9MwH6i-q`lx!!mGh7!)uiIr5v)P z@Si04n)Ar72aQ+V%b}05&=k6Zmg(IYOA4!q$Zi3-V(0U%Oi62#zlx$wigjFZr3FqL zpjdWW_+ildOiqPXly5_L+|(~A-14p~KynOH0ZeNXoQ_n}2e4G1Hh&w!@eWHMs(TyO zWRyL7nQ#6Lo3;XJMwR)_M%R82MOgD2V0X4wRrxLgwy$Niw%<+(g$I64Op%geRaFYrBOLcVQqQZJ!Mk_(yM=KvjSj-jOh>FCJT?jY5MSF)9&o#Y7C-Cp+@MyPTCFUV- zcVQ0xLPpqoo^8I+PMKue=~2jGTPNeiB7X@vKncUa9n-^)or3X9A%{?YE&t*^I;km2 zUt=1B4t8qoQl4lf3)aQ%@kr2K1s@izVUQ(6SAxMZ622D0l7!n%CJD2I1pc)oP{HzR z83Pi8s7tVMB-m`UxDK@o|3VoB;TPwVav4ZbCU^@<=6kQbeqM1@YvBYbS0o4zPb4H^ zV*T7Y4u$^=nweiqXpA3<6`(QH6;dArv?u1?lgMKu@?o84Eq}2L^h>c5P(Yw$)DgiA zun>%GlfSO1O#z5O29DTIP`DoYiyZn0_m6^2qRW@=<$ANyb13L(S7wVNmFwtnDVfZ` zm9>aKnsrQFg_*Z8(Dh0iC8ZsPd}M~dVCH6z8Ad5HjBS&&;WKmNiIf#_7-smHFFhPH za{=hF%wUV0RjB%S0unrZ)Q*v3kS>ZaT(hCvnw%%R;jAR)9qk=d?NJ>R2`~CS>vdd_ zpFszVZFoeXdGQC$E4D3{TiY_V$Qnu5mIt<{*g7PuY297}HUgDK34!_o{vjqkLfK$Cze4PbfII+^bx=|qV5UsVCxlQjEe(L^F6>M;S$2LcBdkGr z1*7-!euofo$A1&`z;1t=q;$vcKF~&WE!ch(*Y^m6p>i`#{Wz8XE(8`9BMXTWRiS}27a)j3V zXsz0Q{N14qh!!@;Lp$E*AJo2E{;~QIo2B^640rA^WvSm`xbyu`EH~z9xdEv<8%34i z9W}M>ktiehNVL^QG*ybh(@xlV=`Ia-oc7vsIqgWq|j$md?ewGX|@$DbR|bj zf1MbFWumvX5s`6#QiIaE3ok$knSx4WgsqNS1WsV2!MR3Cc+*G;Z(27$&HJ%&p16^w zA*H|$DG-e`Lp&YVZ3X6BM@K(?!b?7uZloVc5oFbN8)e9}fr&xkM`UL4TB7;>s0_|miC2IT|`~?^bZCElAck-N}U@k(zehRSsS`m_QXkEOP^bS0H(;2XY2LVvUOaEz!#M3JNXEl^2>VUsFk6Ug+B;xbidwAaT2xV#m2+QDK;9QtBw%7XD{czpFcAnpiOl4RQaCbgx#BQG=$%--0lWmTB>Ou7`TY zEqA1a*03Fx$ z%1=iRe!_PSN;kWoG7HwZkt%k;*1cTSE$Ktg_b1*EaUh3dSs6w1be2dqz z&@*bsj1I1xrukfif;A`@NgP=BOWrw7V}sD;eI?h#wzc^F`=Y#k~=s0Bka?#?ZJpAZb9(%i}eq| zqSB^^t!n_ThlhEpSm?0zv$qn3UC>MV^@f!q{k__~Go{<{V#k7uCu z9uCY!*-BU*Swb@e%>&WRQk>rZW)ilbe&L_x60nM)Ikuqr*e#tc(ufhJ!r;X~bm!xML!HeGsDL~jSs)odoK-)1wh(pb-wguMDv^11;Kplt@8 zGAq#2g!%*O`@$cir=an>0svSb!GhJ5NXFMkf|dpPwMWqMCH<-o7_|}K|A0k+lSLj=&KS0jy427iQ%{9 z_Yn@otMbcP1<>x0LUtmSQpoLc4_V8Q$j($`+dKa7LNWVO6fnl|w~ga(TgP9G;}1TP zy4P8PYh;4I+pyY0l6axDVHnk8VbJgerUyjs z5)?iSa)-5_e)Idxe!9W!H@Z_i5COIxuY zHbZLDiNnf4fAKPN_fe)Y_eDvFh2}4yxnycx_%oYo2orK{McA*67uFR=+$E=8=R4T>-LS z-@~%B`@Y{;S|fq@SwVmN)yVOXx!<~#ujBG&FMAVXDXt1BTc)@&R@0FQ??T2SMI4!w z@N{l!WO5m9uRzn+a(T~e&RzdF9K+gc#h`K#+T57!z$ma@1>J z7EhNedMhK%4-4r&L`stzea#`2t9~mZy=quUClM+8KjU|(HwbZ7m1})CWS2&>yb}TN zU;ltXert_YzOSs3yfGMT(Y7f!OZBzW{FM048m5J_T7MH>h(3v>H3GTOu*v+S^BC1> zd8dRDc@8sq*uaHC({L&f=j(GBeY15O1FcTzghy|G`zkG8{VPFtFX#^GhvC#WAq>Af zzy0t^B^EcUwdtYmY!C92+upc6rHOcz#+{c%brV)p&gf{%6c^S@pFixvdLy*4d!paB zC>l;zr=ze>7*MpF>G|mxakG*sXN?$dk1A=zd_1T;e|?C{6G{t%JBzaI=_6-n1TI*| zhK9cUbeQ`aW3It~jLvyG*}U`kV9JdQ5+&fkYAdiokw#OXDv8-ZKuydB*HuTi}> z5rKaFH-3b zKN)ctV8I_OqErnKU~uHJec3=!aM0>f_)CKaVbi`aGq4C8)O3^WP^6i*7d?aTVcGW+ zG4m78RFRYsR}Y%E+&)&r3bzJtZ{XwtS;F3#N*0U8&d5E_Y%N-)TzQjAOcu5_GEpTc z+mVS4s$yc;DWvABY`)>p;| zvndfgjaX2)A94K--wAGy9}L&eEUrN)Y*nn2iM3h3h4PCeA0EFfu%U@m^-|isZ4e84 z7}1o%I}fcexx+&R8M!Y;>!Wcx7iP3(^mk4zo`sl&Ni@bmeY1H{OLpVz)}1HF`pjsV z;ZO}yb@zl!)Y4MEAF@a+`qh{SBQpz_3}p5#~7EG#MUZ1lFc_F8_<LHQnl$%(u^r~a4sTf+bV|%U7yJh?_sLudbH6WhvB~Ib@G=%|sg?Wwv=d8#H!=i46XZpY!gNzuYLGVwo~gt$ zi+J$g{28`RUS@R?O2+IuPM^mG=|v2C^ELMGt+;%-wJAjRUPAZ2$#n0$k{PSq=-v7D z?WXW!TW#;I_oXj>LEgZKpAF!dU9*Ir9$ZhwN+T)2-y zq?|HDL#_iYd-(+SCP0k>L^m@>*N5$!SieXB30JNotqU(W+%L_huDkE;6UiCg_p6vr zdbm<|Kq57IpP|)jI&yc+{+4K60n@tuh$V2l1cA{-TxOI4umI4?3uoXV&C7DzbM^Se z=&W%PR>Vu#LR?J}=eK9KU?RnKnupVC_CATomqyrG)mQ*=LPLitO-xO@_KdOE>DYX1 z|IA+>0qF)@;ay0efWA(w=lQj>n(w36D0Xi0&8ty2e!Wk^1PolPM)ImOL1-XMTg6(Y z18Qs2ss}Rr8$Jf1U_zxl4P{uS8ndhhsCiZHtV`|_p!TNKc&a@&`2n(z5Bn$*=-qaV6Y{qPQ18*w73APRV<99@NF5f)@15FcrAcY#5kvpq5eDPPZ zu?e82n;sZlGc{sA)tzNOCe_v6v@%#Xx<&}x5plTXRdi})^c0#pLP@2`%a8*!cx3LE zU5P#b^nezVz1VtBxIjuShituPT>}aV&-qUytLPY|Wi@ELkC%XppExwhX%kEbwaL>j z6XWTMiJ1yjSdE-wQBQ>O;=6xXO}E}Q-Q%YC)+2h1HBFdUPrw-8nZD)VGcI%tV@8qX$4ey zIa$!7y;?hmu7EbSt%&tqj3rE{1O@KD*<^;^Y;V-j6WXv7-m7NTAjeD1%J{U+YNL3 zCe%QNT3yfB)P0kwe;Er*-32+RPC~lnpgfDiXFt}vUFOXNC*r{Uyh7rM}-WP*Y9|7=`dvbRX3H~k0wRT*{F~+nWCiKh? zrmoKgpTJsdffq%nvZ9!yPz=3k8Ml7($Xv$`$Ix7wJ0?I3N^7j2A50o|*wNc%g2^3= zfOLNF#ClS3j3ujtY5^7&i1_Q2Dgg~9^?|rQkcN9bTJABl=v@M?lqYzcNaD^dF8cI{ z%=}#NrJi8YF1<%>mzf`&`5@@nWuttb`d~2Wk@>+c8(s`fdJrXmo}J{(Jj$2f;KU8& zIk+l|wrL|t^z|!@EcXM^jQ9p329aU8@K}2m8)#)PcW$v3X3^3*!J~E3yQKA6)SSgm z(zbrr(7F(s$%uy$F>G45LZ>V?(8^%$yy9V&&~Id8p)Qo~ibADkN}~{+k!G;ebmaYb zT@*sb7$q`9v-DK;Z_YJLKRpG@Z8 z5&66DKYnwwy1gF2Dh~=0bBFRU*voGY))7H&&FOK8S(F&v3fOmp`$uKC*GHrCoA)s2 zPm9q%_cNgX4AIvNpY&N}=s`M#HVcdMGuMZsXXZ+ zV>W?0?D^_*Xt6~2FipQ$Nu#n>;-v3W^!ZY-P9_6uz7nI}gQ%woE;(?lNMs`|o$IS{ zu81Xc=n3WK2?=dzG-P5}FbO*qZcN?AGT>_j%@2OzQH0HVCHXg#ku?8HeEtd3T9{7u@@x5%=AQr^a`+F-30yntL_URe zRHh5&pgIv$2WqPA?g~q3COm?awo4h|x4#YUW&UbWb5fS9YgNWFjLTw-fBA{<-bmgT z@0s9z7FLvqAkBN1$NQ%UgR5?+uzJ=Y#d|#gI^@IyI21VLou3}>8jLA5z_Z%tKpfAH zotb}zxMLH$Y8r1g9zt+3nG&#j-_a5 zk*NrMDxhRB33E9zaOK}qUjEV_i-76oAJ&gg2>4kMBuPLsADv9&;)%9iq=of~e7|5? zhq$B@*;*Zm@=EZeU{FNoE#rJWA>2vqm z_xT#Qe}usdvz9-4_MoE0Gr@4#+sy^w$v4gg@L-rt5e;5n8a03Y*3m0Cf3r`M^oM`h z2>#(F8+{!ayGUSo*)oYLp=Gib;oFG z8k#9TAC6 zB(UyYu%`pje?n31pj-iPWv#X`EQ)Yl2dJZ`IXjUR60FBzP0n4>nEk1BpmC86OAu+x z1SHNV%dPI&pSERx>dxBk1)ALQ4^f)3R<~zwl0}P~BJ|FzEVZCT)0+uN z1JNtMA+!UkHn>JQu=BFT?XV=VD%bj;dBqG|jm<|5xwAItn{P!a7W%X@!Wj*nkpMxB zL(nq>f}Y9<;1Xyk=p6z9j@4k@%TXZYvL3l&&Q)4yiG23pv!tIze8SSzKsr{F)BXo@ zl8*Ao0E}2-OtcD-+bk^bsJ)|GpRN5KcQ!rSWv}$XD}UvW09rsi0@&r=r$eMYjGpak z%XYbnHo62lM3;IZzE9_siCp^!EmKrQ6-z_V@nJt4t1Of?6BS^krwxR=w6ZC>PQo|X zX8{8ID>fXPrAw}cc~vnY4mS}XYNQCs17^>NS7)~g^zigsV>Pd(A4UoNQa4_8flKvx zXeM5wligUJLCr+JHsB%-^e9|?bflc(-g;Eh@Nj}@n~v0@1>P&-H(n8X?WLs^*rmu* zw8*~hj0E4tbV=kJ&6ETW*Maa1OOpE$pIit=_9eM64c}0bU6Jek(C1k+1s4D?415~K=;KCdcQ$)0zzV>4{ z@6AV8iQX_{bjO7wPQ+0?LPmCnwHkOQ!LMGbh_yD}i`uL8MKvLXU8?JPbZU?vYLC5J zbOiot?d9zkQi};CeJ=?6IyzWahZPAMz^GWE14BoFJrMU`LIm-?(?iC1I9qZE5|;={SEc zYTotgd#yZS3#nBOS>Zj#uIUw=mbMs#TI*rXG9cyq5*%;?9|>vvT`e= zudKl6WTLqUN;Q@9RPtLyv8IPXu}G zR=C0TU%GE&=7Ov_t76Rt!bU;GzGyT3Q&dbky+0W(AG*_9>qCx3Z%Q3o`qT2*U4v!c z^kcb%B(UEokDU=LJKMy{B;W3$TzOm^JLb%V+&GYBf6w1%(tNwnaQJEr^n+{6V37Vq zURn+s8Y~rMJ;~tg&R}HA!5dTwy#gi}TRAeAffINFCxbDW>6u}QoC4-(JEBSA&@Q}U zA+BW6Rh0U=J;?O?Z+nv1+iI}Pt z_2)MJz$c;?gOJwjFX!WPBR=Q1W^c`5)fWTiX|JxKgu>2m$@a~dx+}P!vr~2vggfT_ zCa{Eo9Zg_40~hVCU@Of0)*mFVfJpMqo4{KEm~G?kb+drN7f`Nyf0Xg7DFnX9E)!aK zKp0ruO(n4Qfk?#Lxqu|J$=`Gf>@_`AZ~Xo!?1<*YNEF=(1au$e%xDWN-_Gkpq31Yv zG(tyR+I?smMwy0bN&6AfbdBn<%Vqk&`B6^{1eOP)D*)ulLv3z1)QtnNJZ1)0iZ=0_ zhoks}pl}ch$H}Qt!PS%xDi=8twA*8XLdgeN2$fW_=v?D@eAzDvZ?A1JIG^85)KDK?O;x7o$`I^fBno-nCUV24;l^@# z_F!Bxp{>Bbj>{&cNGJif<4zLFPLoaFa{y@NBut|YPBxGyWmlJTe+e>J?$J`r%*W}S zD9Nt2FMpBTTd`q4eZNVf~5GT&#u^vRHH>uPyh})G!lj zo9nVWHP$0VmSc*>f7XQZTj8wAkpZ;V&XjprE!xEh(W*#Q3v)VvhihR3wvvTmLR*1< zT`ik62WK>53lmL7k0R$ctqW|=v<gM!knPwFnoSnF8a!;_}-MQ`zm3SaQ2;GrWCuK_Qumr^C)%p&fyNl?yNWz zyR$8Or>iDi)}xAAFTS1!phE4aN>Oe~*3M5Zhge*=K4>{uiA8$cEtv+WdA2JnztCaw zpb(-mD#}$hqS1$CvUd!Z!8^(dz*EE7JKC~$42!{^fEe$Rx-xR~37qWhLCe3!tQs0` z8!nBvRiyE@w(McgSXd&0|`xjV30 zJVF_Y(=nTyfLOtO z%xMS!?WisLSX=h7CE3T@vX7^^24%928%AFfhGjro0!1a;QjMHT2C!r|53rJri8}3z zx?CbtQ)yZ;H=`+Bl6^F|$}j;uwkd9OOfWLdgarf>8yyo$g}f)3-Po4h2+VESN7GC= z5~2mlgd>)sg?jee{Txs{1FR)0LN`U_1TdKh;pf)+K=|kgF|u2MVynH-W)b8q=LZ^> zY+aIlGq|Ja&DApz#X&Ut>)?*;oB6G$1j_;&2xoGmYn=oEe1-wu!=`V&ELcXTDaje0 zkuUB>_-ibDLm504tKmo2SX=KO@62+0;0=0(|3cXku}Y$RXc|*Y&cK0gP<12jKC()h@Mynx$s}o;fc12(Hx8P2V1F zFBl`aOte4#w9lm;!_le+J{9Yq8NGOO01G+xkyc(N)dZE04V-vuJ~=_u^CU(dMhF!; z@2^Pb4NS7TN2JtkbmAQUaV{vP0E1~B25HGBBCsa-l|%$K9$3@SfULgIAthHQZ_djF z$0m%cz^6HD`QLZ$39{N$;$kv^Ud2E6MWA|^8HsZ-#(YJ(|TXO84e(? zj}E#vi~t{l^QTKDoKb4l#yYp8Gi}3UdNcM{%U+f#xei2ksu9YZyLp6wATOE?AOs?D`CHONZPM`knY>BAiuf4n&qierJ8xI$!nXkFDKafv5Pkk-~w7BEi>TxCwEt$6U&7KO3PBJ1s{%dpN%8dKeHp) zIHEtrMoLmNh-ih*xbyqHF<8_;i>t)EK|bdezevB@qx?q%MJ^`&lvxn|W? zqsyH1ov28&nHee%7%yy#jOco0yns(bky%j6KJ46AYzDkYlYO`?`>-2G=CtH&FBg&C zFU89u66V-ORBi=HqQKEfjkP{o(g8+!j6bC#FB^!kM^{n6tuVcM4s^9+CY+9Q$r!XzWj+;fxjuI%`G@Xe_Z22R*l;tYLSalfog9!6>hLjED*WZHA6QoFCjOTbO52advV ziri!?%n;-#RnCXwb~4UO^b&BXE~55kEFB)=#TGI4#Ak3??7^LlG+gg7Bik2Tlc0LG z&E&MEOd>qR%M+oz3nu#@Ntiw0N&bbS$IF@E8AlwhrYXr3^ zG8P~-2>Lw){I&@AEeMRTdf}wEx0YQbUX-CLPR1)zWo_N{K+EoyI%@vxd=Pr)# zaoO8z|C2lSp3LS~#sJGIV(}7`kD?djKvx2^m>ZQ{OEC0$jt%R{2?z4uBL!_A zf8ijAzlzknfGg{P(H$Ph&lLnDT+@gw3cd6r_)L&+r72v{evNtP2_wxdhxUfARnd_y z|1$Pdjy#)JZ1bT~Hl1Pd2r#k=5+G9)$VSYo?_zQ4paY$uYqP`QG? z_AU>=6i0b3f9DpzL?TP#0umn|Rv zN8ewaiqkpa9Cz!JKaf!6zlh$AJIHLWqD}qR)g`CK?hY&3OM65 zE^;H+N%(+9i~4*-$yeCIf!cW0wTa#&dZ^WrwPSws5$A0<43!K*(c!|Q!>uYvyqN>w zv@iA`K|>GvgY{tolM?G=>KOzRN|D{nT)jDEl3iiiz>451$5z|t3|ouwVcEhdWi;Ar z!8&;t>8&{x();&^M0!O;7Q+(8u3)5CCcRE0y-vHLaxGLl6a7K3iCm$RoWB6>y^~e3 zTvke&FDqR2P*LiXRS{D6WJP-eftdr)YHySgZ2;Gzvb_#LbmZ_;jW7?^k7BqVKJv}i zx?#(;Y+51w8MQ0XVJ_5nl+F3ZXHD;|0E4uH7Sj$w)M&Wve@m@^2WaQ9aNI$yRMcsn ziK-pbe+p{ycMnP)Z95;(JQdqcSvxox1WHMB@L?6^1K`Ni`bxZD{(pHpSYq1260aRx zd5U4{QhZpp=#ku=Z9zqYJC)v=lOet9^pU_`MD~V#9~6oAmbHUbkjN^rBIejhi{B13 z#kPaqa_v=wzV`MGqP;~F)cX&z8B5p>Ah1L`P)4*Jv{YyZA3fO!bBccShI`>7-`wKb zK?~bK2_7D)cJSs&Cg+Rz&@@V4zQ83egMxC0@M!ex+X$WjL4=cE~f%hqR)i$6;V3Anwd`M&UI?Em7UC;T`*+OvyTwPQw$c;xb~x8UP|i!@Md zKHN6A`ecz$LH%t;-`}4(5sy|pko{92BQ|_&8yyM|e2kFO==c~Z?mGAw6>&FEK5)8# zAKOG6wcw*BLXrGnwS;_4M$4sZlV7g7I^j-G44+u;bGF>)Y`M?ba-Xy1K4;6thnD-C zE%!NF?sFOJOa2M_gU?OtS(5#u4U9)%3j%+{`FC+(HX~PQHBaL&(ze*NPk{q!xf}iS zj_br&S$&985JvrUklhZPaRtej7C*AAc-|E;B;XTLaQ$Wrl)Iko8-iWj&%U6|g>HACSg<<518E+-9Q8{y$gG_JI%H zNHZ08yBL1Os#yh;WWpI2Wdj3#)PX-GzDhy#p@25-T%GvBR&ZiI%(KbRb+crdS(1I) zEfA_dMn)WEo^H!N?bewLWM$(F=$5)WVKE z5v3;reJ1%XlpO`^f$s!_h-$1t;BO{+n}5uD0~kV)O(0<`myJr|U^Yl8_amPzlgT}PYdcdE~Lz-#R9^o~XY8<)ovV#jkoPF@T7OXXUszm8DQ+6B6gO3r;-$4Rb!n1AJXB~x0Ay!Aw-`Nl@23cCL8r;)e zxU4ZzUGiJen9L%ShR3P9j>Tb&v@y+Mb|!c_P>1j6PFIGOX&Nw@caC$W0lP92;c@1* zW-$UatLuSpa*uQlez`Xx+Uidyz72_Z)Q&x1`TH?M$?!JrSJ{gfPzsNUZI@1m6h= z5#Z?xA<&<}U$(k;(dGDUV`nLVBP_o)#ofr6xTnb49gGYI88iL=wHqn34=M^fpg{j& z25$*%FkaP+GhWrtx~>qB(sFnVEDA1>tkY>mYht7sK=6%sb7z!wrt4>Vz~AAk01Ek zm5bq6h6=s(MPeCn3OivLK8sk9VD$TxWw;JCQ9-ttYz(iBJXKM)iCIZS+4|PWw_*S3 z(W5E_^W_uC_G6Am{KIDkAkxv`n_qs5&;}d5&Pu#D04qP#d%tr`*O{M=M;XmgPuV4} z<$=Xg^igdvxabWdyj@MeU3jN3hC&Rtu-xo58NBuzBbDV6LE2}LB0WYLCXn`7XInw~ z3#&y~Q^}UX?`Pl8mq_;mJ&fuLueMQ!79?b%i;>NaHqXJgf}WZJl`iralU%}L&FG1Z zk6oGx3e$ljXgkoB;iYiPDYbBRw(gk!0Q@i3s+ppAQn;tFCV+8C3z<&(<-L*aL`8}lm-9m!muFsRe`2HYl+A6&u=q`)e+)4C7 z;r|7C9;~1@K_|Tl=*6>hDj_pU6F>lnz`b4h^~QIhKN<~*Si;1K;oPDTMA47-X!ZpW zju=D`NU+ozLEtKUBM9!^Dzl@jF#Eq3#OlEWu^I$`h^Ez^AQ07`oSnz|)Zd-m0!r!L z(vQaKTgl6fO@rJ+pzsWLJOX26mC;Z<0#iGzqoGP8u*%D4&U!zuRmt$gMIcvJ?Mb*2 z);MBf5rM-O;g9ur)Rn^FEYBj7mq)<2sChbie=bF|CS2>Pl}` zm_S0PVnzsbD++}&j1Y7sOeZNNc9{pSBmC-ZL4gL4%o8Q7!l~{kC z8{**;JgJ6PMCD1fT4Zxis*PWa*;W3&M!!wi_km=iWKe%0Zt%I2p!2pDM*7>Qhryx1 zh!u9Uq7qaj0d|OhHTQ?dE)<|X0MW0FyLZ^DEQQ} z96mGHbq9-W&5mhUfF88VZ>Tk8C>gLhAZo1k2faW5Q(Ux99_*A|juOZ9O{f3gPEFX! z$KwZ=9VfS_%v};p>S2cokdw{b|Fz=|?;8tH+;%}PLg{T*lecHQlQJwJ96|5GB9VVX zkOS|Y#A}=nNeJXtlN%*hI<8hvau~cKYoZ-hRZSGMwZ=B1 zgkXa%%5?P*hp9A++&!KE&*M~De)Bu=p|n*}Ilzco!f^$nwnr9LlP^@9<@u+0&O&54 z^;1cnk;6N%P=Hclq%{VA-ODQiz=7u?EkN|4cHCTxaZ}Svc#1+QW)Wa_IZP6?f_##w zg?f**be_FN0Z1Y}L3VPNe7yNDQu!UcDnsiZB>=NT$Rh}~2KMAfpqckb6?!$FIy7So zK!r~uBEQ0gB<_h0LK6KBQ1ZA%h9o)w2uXjMEhJsX2xVT}51eAAlreQ2$&yq%ZXZDm z(!N849%-t1EthFWuv(jrT#@#LR21&7IzgjU!n|OywE*8NE(}2YNtQ#jpmsUIO-h)gV{^GH=#R)tc-A^Sgwu<}w z&a;Z(r_)q8uCC8jDPo>2Vp|k}>*onet?aR0zVgnH4E}&{1r0ZlApCYiyM1%U7gz(F}%Gq=)=2KBa}bsc1WC(4G1n1}Y=7!e&!c@0ikF;9pdYtpyx; zLc~DCS+0nMHooQC$yz~WFQxa8R~cK;(qvk|fpcr20XU3Q(_Hz@=)GxSQ%JCx2gS-E zO;9-{04j_`wRbQ8Ut+YfYwlKok>Gj(`9EY5K8(Vu5=;OPOrqL57y!Y1fC#ch1yO|} z>4s|XX**NHxlG^0?YxKzDEh+(c|?d7`#TNViDZCTEcQo_)=q>GrW2`=G}DQo5xw}Z zG@7yw#UD!0TtSw#$eJn}M*NYZ*lIeMD7KtWpK->V98FBq=21k8F%|?!hZ;&mU2jT> zJzhtLUL|>%0X#RR<4J(0wazIm^~9Ee*~k1?dlz6~yorU(;&Y4sFu)uVE9qr@(G?1h zg5bJxevDGampB78F^;l>Ld3>Mc%mmdz#)M@jJW{9YBd_3+*Adzq0F%a$N%&napJr3 z01-(EO0yNyN9F!#-JFMRZGLN7adGoonGqx4wDV@Llml;sk3cx!Y0)>^vTw?j z2cNr_?}s}0H!}(N;}EV2zfBT;0O4xzb5i&R;FVJi{zB~h`1B7TTn)YfO~{8|hHy3b zX4}So{ z)!;i*@LfZ|XHxVm9EzSvNqPnlu0~HIR(yT>Pe-^Kd{s@Gt!hb3WKY&4MRd~z{ zeR{f@hJeR%y$}ENPpb3Vi4MYtA3(S&J)@HFUq-kZd~bacegNTW@bxKuIA92Uc(?d7 zSorbzJp$os^mL}^e|QM`GZ;-I@FQFeKW`xS;Rg_|3O^htlU%{eF3f`t3~F=Yb*Y zb0?O=e0l~Du10^us8oF+Tn+xhRC^p4qCIBzNYR7vdx?J$y6ObK2v@_;+r)i%TmW4i zejo||H-xLKoaFjW1f@IO5S z{zX_sr z4W82{pPq#XSA*vYi4T9=5c-q(ND_Vk;cECZRRpLjMT_U-`ka%J-@+l}w@mdnWnKz?;Slhd%#I0q79w1Yo;j)heBluN zdFFRXdwe>=)$lJ$*{6Xa>{BK+-ds4ucym!o{#`@KKQ+EvIK=o4>XVQs)TcVXDSLmz z5cWO;FFId;77k&5GAa8I3}GKKBa-^?H-xLz*YX>a^gN7kHTX~Q9Luf5)y-GrT#5U{;?@pe;g{pQi!>1}Tazq9X4xD2gNc8<)xV-f^g+k8cODiDdA zQU_EO*f(kE@<0$Rdha>tR_M!v5$ zDImFz8?fAc2$n+MGw@Pterpe^shq&Xy8zgW@cZc-03@|o)=#_lpSs#J6S-IGsdlTq~_?J%f( z{Q9i3@LwGse1nBQa(M7L3;+J%!Oyes&*EtEAo}Igzre!(YIyL=Eqs1>@GC9+X9kBy zeWQMsj7I&$)yH=iMeG07s?k$s`>|z~*7uY3i3}wKC4(E$J|i*lh;|Dza6h!HrNkpz zjxT)q6fOPV-fmd(?6dG^4G+HG!XGp^yvpaV?44ry^dl(jUY?Q0F^`j{I5}_TR@ZzE z$QJ0vvPrhBX?imGP@7EijM_SueQT;URkAlVPn!1hnX$u?U%iFj zYjAk64={tLlmC`ZCFqFy1Urogig*?yS@=J}#I$_b#=L2GYN3q4(?RUdV~HG$prBx{ zhvcSYGIt9l+1a@x1~kUnxw8>Y%P6g1(=ERT)eK8Mb1eL*!Qrj_{4dZgB67C*gY_oH z(Y(8jG4*;V!fBf0*5T%RBGF%1{B!UjF?AN35!r``EtcqqP4YFa_&sa}Q~V*!kW#C- zczgf5XRpt(@^}f?gb%~sEwb?U4iA2Xh5z>O;8$7rvxW!XW8n`P9(>8dj~X8QRtx{T zF~gEi?Nhe@8ysHk(Il-Z<5!aEztLPKS4)>sO}!}RRT-l^o%oQLi*1Zu@R1v!MZtEg zGcZ&+6q2b=DA;xgN}F^Ve}IXJM zxaF}>JtOe@jEr~@x1a|8d!$u{mhB5_!X6ulZ+13mwc(VHzDn0E=4(jiYX}=hIGpqe z^l(lOKOd*%kTx4dbZ1}2UyOQRhD+Mk88aJ$4lFPlG8%IjQX}E8p72~`1&|DeUyg8{ zCkU{way7wq>C)T){LgI+rw7_jo&OB`+cf{w3d2V^|LUGb9x;&g`KS$ViqpvBP8Lo3 zg6Vjl>w)mCBVP06fI4 zhx&THBEfIv{GT3ne$|&*rvCENw+#v>Sc>usSeaQH#Fef>pjr11MnI%|i3A2Ipz({~CAp13E8 zxG(s)s}5Er4<^Q{BFa-s_Zs|--*0O~6P)H{H40N`o;IpLQM#xq$JR5R{!r2XR{ zOzR~tpn3M=xP(9H{VM2f$N58ZliY`u*Z%e;Tk*x?C-OlE&RSm(P`%kL4LZ^T9chm= zCLSNa;tD6*_=_TW%}k>GVd6=Bh;Bb@;+(heyY9l7Cn6qZIWzExJr(*LLUwhU6joktP3HjZ1mf?i%{0l^ zF{}IS*Ik_>H7>Whb{q56I(kBQ3NxUnMd77bc%F%~32Pc``dvlybkKnEVs^u7bOlr;pF7()+TtWTmH4}X>-7M z8j_LsmABW=-c)TLFKtZo@_bdeEC->=89Xi&l*zGuZhvmw8=okbCC~SEO-Gi2ohQ~) z^1QblkC&o6vIyaJ=hp3eq-G3TKOwBbhzvvzOF7L&`vmjuAEZw%PE}od?c1ndy5kn* za1SmjmrwT!7^3;GsGR@dcRjxQ3``xqu`a@_xk>m2oP0O1o1SM=!gv-jZ%*pbezaP2BO2!G^ZSZi%azC0!;vG!5~L^=jpiZYlu&}YUk z^H8IMw}kCF%m{GW-n=sWJw8w^@3<-yqIUa{XP=XE+QRRB-_M`Vhvq!H zv$Hd^v$M0aw~?T45_EgT+GGB_-)JA}??j?FgdhDM^gcK0V3d)O0al>FV9a~itUY2h z9+kXXUmo{0pAyu}xB`mNaP+{8_M>Q@S#}(|>D@$U4g|244>fs2x5IFg^qPp!M*vR5RsswF2m#XtqAW(Vmw7qe42_8n!R#(n`>3E|u#p!hTUj_JI@WC4T zd(*3EB2gdwBQLWnTz$6T4cfThdyx3p!0b0=~e0##ZwXQADR1J|8T8$_;vobmsDuIweE_|)p<5sPx#MT z>oF6xp8xUlZQdLZ#2h{;I5^j;2ce+?v2(3>{ENgfLJ?|}Rj(aCCrB5JPjVk7QU z4eIchTQH##2?c@WF+1F7fco>9DcOf`Pr($l1g4j*dDbMWmg*=@%bz|3IK0p{IoCIN zIcLZd9-G>A?N6tZhKgyqhcG+B=v&b{Wh~#O0GU(9Rx=BKYxs9sZsyoprjF+qe<0!| z*_?t9EXBXmawm?>WO7r+Hg;5)c{{$jHflj?ND60bJ(h%?Oy_SmoCH={%SzTy1}VsZ zf;V?S>n>P1AB92_$SP7cJelp6aibHE58ew- z+3wzw%EqV&S}?b;9ohMYL4M^HE)!Ub#04AQ0YDM6>*!fyc!8Shlw42?dsgoj!fXLlqn|8XDA{S#JD<@95)yC+ zfc5sLM7&GwmAxPywx)AF5JK_Q>^t*9d$XK5E_l-^Qxty}AhIRJ@J=|;2}I2d?*tL1 zIcVQU&6WrH2-95Ti+&J1-#piRYLKIllx`4q@G21DTqlEkj zV&2=G0b_?Jw(3d!^oo@vn9%Pw|_g9K!j4 z`5A>3FCGC0_BDI zowSuO*^j0{u%cB7NcZ=0?_E$dQv)>p7&z-N$o6}bxlD~{5c`5p%+IYc_rPWVvLJ~P z*aY{1im(IbGjnZr9sVLaH5YZVQsy<=yn370?DFypX@;4b%cK-|q1a&=3^N&p7t`#D zWIGG^i6@XGR0z1<6z@S7Bxqp_Hneq&amsvh^2w7=ntb93nFWI#1j@AxAWGezo4yK@ zq#jI?Ix$J=Kr7HjP}|$>UsAz97m0CN=Q4M_7!&Aqwu1!xroJuZ&)Dlk z1PdyT{OL=f;{8+dEvu$swv)-9-T~JWYA^2_cEJ4<-!na7&6M1vvGC`x|A5qua5ldM zXA>Uh_;om%GskA=ZNi9889M{M-ey~iuSaQ|HhJdcGbW$OXz+Y|CjBGE^5Ghrb92() zof~v0;8a7H?`?L;-gtCzA=L%(C^sdHT6d@3U_`9oyY#q8)HFbTGjBNp_l(}i3vBNWt&rLW1}AK%k< z?29lRj)iT(LZnx0B5tzw95Rcyr5bwHg`qOU@JBaZ=Gph{>IHhJE=mF+8wD-IMM+WR zK8U6d1Zm?*O_~j_Tb`$~76VtU==!jA3HwmK8e;B?3gS9R$v$vd?Fv{lutRu6QEC-? zB<9+f?~^&TVz6nTO6(MrB2#A(NMwr%jlz9wCSQuhTo5iGYPcP>=P7gfRBGIOfN&+L z?XFU=435n@U!Z{?QwgUbdr1wpI;^OYjhDW@e5M9FL=Rod9CyL4trFAGY;#JVTUoIv zy~1A_y{FWOh9<$BwQ5V~H!bjYU9g5)AwY9$x~frXIWpFo{pR{1o>~){JHNlON&H89 zQz5jcAEjy9`uMjueVhIfgV&qBMZemu3DvQybrYn@19f0_7-ZDN-AY!Y^XX->1!0*L zMvD2-b3*%QU1pmNTldf_8^bZ>MLeoTf_62XkdbH~M3pOQ@Q+`o<9)Av@W^k=FaY*8Zs!5H5ARO{xG|X&~ji9-ObJ4T*+*|=lI{ndOT-M9Q0B?^-&mUmV;BT- zmHC$2%+Ge?k}+)oXw6jirXK(p_<3Mr`ZhefEyYCu4}cwXq;wDRgb+M8-6=rNpn#Q9 zCstj(lWTclNIuJD?z9o*AEQxdqkPHMZfZ6`5Jt$12as;SaB(b8cpTZ>pMh0f|^Yw!SA5 zp~w}{J@`j@L-#!A8SL>dR4Hb!^=jl6_2{ok0o$Xcv$h@+Cb4hoOkih8c5`&FFnc;| zz*bo5zeHyJ#W|DyWH%7S++QhO$N{$WF<5}7TTh27!c%T4_W$a<{{?3t+j%VrfZkrJ zK3c`wXFL82v zB??@gPeSC8paO=x)QqMZnyAs6YvxID;UcN$)Ga{0$}p<@C`V8KtfBiiS>c zSRaTUq3u`Wvj#;m9o(YOxcEA}doEYsFBbD2JinBUi*I@x&V#JUwRY8?F1K<-}kW3d5k##M;i+Tl?e(~#1ym>aEC-)aK1R=7(py6 z%6@a4GRDMYD;h?Si`)su0ALn-Zu>Gv7`a^lIx<#%#W z-HYSI(M-&iJzrVv=UYL4pfy7OD66j>uY=IT2&9TpRyD6Apjswyq{LU7JHN3J&?iqc zy8RQ4e*A{b=uJOQB~ntH%`ZTFq0MJ_N$IdL>9!9YWx9>oO=j5CG``(?;YScse-d@L z0pxyBJDTe-gy0Mi-5R!DIZV9L*kSs*V(J5?8rb7bkl2ahb5NX02(!r~dKMk{v{oyc zsHKqQ0<=T>Hy|H9>4y6ltH)eI_kV^Wuv?1I`RDbR6JYbLQ6_eE0O;(r3my?x0hDB5 zK6Ol?)ezZ%paT7Q{hP{QhK1h^L*}(UZmxJh66|xs|y&3%{c;;2)xLs~@&apC^%#+O0U#KFs)h;82TZNZ+;{{CPjRA$;oN2^b4o zhI8}Y;=>2rS~7)aeFIg0N68q@r|Po>eJNV(&)>pyeg69sVUljnZnsG~4cJ`1u&KWt zvlj3+3@JB3%Bn8-%%_?(wAwGZ@~L_jaeQ%M4*c!MC-uG`>LNpi#vq)d4_8at75kKF zY4YID?r}nB*5D0?f*Aygh$D0i0FMF!z;R@=c97WRMF%%R`u(5b7zu%aQjE6}bA$j9 zkWb%jX~X#2#;(M@zZHYr7S08Q+F9Oe<^GM{-!+;LEbmCB-VdlcLfaje=Lsfx5-mHt zw{=2Vq;QBn6{FuD=piDy0Xu2o0a?6o6P$tG)Rb{HL#q?@k+nH3W`nX6viKnhM$U|D z>KXi4HLYNr06`HtpsiDdl8}|l;|k7X1(3>y(0?AViprxvr^I*d?5kyGNGNl_8m;JWYI>oAVyy-;-QHUL z`!2Co=mO$W+P-6(UE1MiQW#4b`FX?UC-Fz8*%po$R1MZv;2wxgn2u<4!t!Z7NR zSk^KL?q*wV18wT*ac!txUQVeOg?bJgmnKjJEutj>0g;FFnbEL(aU~DOtpL!ubIjXg zR82wj98xA*Hrv=Xpk-}U+ep#ou_T7Bl*`on7Sk~X(0igBGfQ=dfA#r()zCvAQ6?K= z@aIKpy?-LEkBbFdpondNfd^?mR!CtFDah&f7E{!Wn!6z%=Tkg~Y{wKL3QGi<5ru2< ztLm!D00ZM_qRA=x+t#sC2S^^B4p0H*mjzs zZq8vcT`wM~`rs@QLhfswTEO9>2w8&{q4THfyuNY{ESIU+}_c!4vH?@ zsg+%=(?UAW9$8*+Wh2DGA48lI=2tv?>Ud;*HwKjW&Hs>1pK2I?hr{4Wp#SS>zYe1D z$8L(-kDeL?Nf{MjO~;%2n80>a&ob;Kq>26^VEbYDD(zU0E-FLn5S%GMICMbS!Me>j zcxZ5`r9quBw(D?Zn%5Ep3>f-0g{ef1T+MDG`r_910UXum1%pEXaw^^1b|Cs1i)DJ{ z1r7O`WiZLTRfSrb>rB&m+y#XDke9l14`&}9mAj64cy}>()gyd(L|R(&Idlpj&~oTQYa%jt3xR}Ia-MCT zix#ACMG*PaTrL4!{plbfUrFsnlTg`GbMZf$2fwGz&CK51j`anZQWc#RWS6H_)Cx8Z zEH_!N)0{@pyS{R~`d^Ie)&tbMS`de{fOcU~lE&ZT<+nyks82sA)gvEQQEO;@r6>($LI@K z%BaiCzDHExAq~#A)ldl82l=P8>|dx1YI;gAE|x+RGw4ikC8`ppR2OL@J9l$kX7N4L zzRYY@$A|vDvB{tn-JU&2UbQ;tHLBmAk@|Vkkcd*Y^4uS?kB-VIUoLnb=x`6J62hD! z7i?@+7O2RDnl#r&k}`vt&H!-7omsPQ{@pM-RXt?N!Z zxGbN$A46-CWkm>T$j$+i@>>kc@?lMit%#WISPi(;oNPVT$97R|b2T4A{MyOpXeXo2 zS`(;4jX0%EvDKO*H0k2I!FeEB!#-Q(|Ax2AOY-&%^j?sUxUnmaBA#X)Dv3M_GK_(hk||hQ;B1Dfg&|F znY(rxMXo#&dl*P_9lMx0Ymb`O@7KbDB7gFAw4Ek(u(SwX>#>5zfhgocq^l;T`>VW< z2v^(nUe5kjW%6VC%q}1cfHHeq6+OoOdJf9QDC`g-b4c}NsN#Z2E7w+1Y`@1o#TZ*R z4UIY$0L3)zI0-rmL!v|x$&7BpKO!0J=k)x7QccE(Zml{;7sUnGUuWU7G`-H>)JE`A zO3;ca<(=r&F|Bq=2|6iL(0bFRmMSY$r4?1VrGnKWv(?d&IQo!p5T(X!(yD+)ltfb4 zPb{e1>S|_AukKTdI)Dr=)~Kqh_rx!aniM!biho6e;z8#-(6$5d%c)C7*0Tc3gMEkp zgkf_Pu(#tkn!&aM@*hXOl{SU9o1hD<)~{TCX})dI|Bcalrer76W{;I!4U9j6p4`7# zjqzbvE|k>u2hdy*{gA9kAgOh{aD}l&+@>}S{Iv{sGu>p~0i0|^0*cIBTf{ovu86mb zx^b}RKmt_ck~)qke#gNOwj}7xPnIx-p+j>S>NJP_hg5MHBk)!nkb;{e$P$dhpYn_Y9pd`gxotWXAI_jSh!e&LXE&))Kn(;Jwtx$T+qf(V6|%qsXLijK)SIlJU1>pe?EWXKdo(w`{~Df zS!#0Y_y2Ft$JNUDxLQb?@qxS$iBq)pB88&!af~YdKR6#Zoi12Q5h>h=hVyYk!vFR2 zaesaRTC`y0e9#ciF@y7Q=o#_4|3&H&v9|;+6Sbblqa6kJ9dnk7ps6D(0pb1H-y8@DXQR346f_tgkSFE`hU2xOJv1qyIH-uCI{>K)|rS==%FKQ}V<$^afNk{xk*KRv9((j{21A(KHr7JhyihTtpQD*# zCh{3pl*?Q$!@DI`8#vIbwsBH=Jyj?WVs)&-Y8qB8^2asn7N>7FJD<*4KbXb;-ToTC zr$(x@TW!MbtML#wR&sGO=)>yG$-u#Zu*M>(1h1+rcGissvtlc=pXL8=`*+-V@!UM} zODn%6S<>NkEBtgJ(aFN8a7QPq4jmG$H_sSOc4hk)dg`I@{;`7!>jJhYOkYI=mkwrQ zjbBZcK566s3kG|T>!+|v!p=;hbE)^3m7$1tO%uw;(ddoJHERP%#{ZZS#gVzOf^+0v zg?(@$!tr>nVC3099H08@pje|mG%5ZEZVB6o_ty`zT4OFBk{x4~P4k9qW;WZ!K=3V77}Wp@w#f5tGPS(@k@gE|1Vxh2Vb{dN^ewmF5E#05-V z{2Aw&r?g|@7_Y*pCfuB23M(hLYt+|>jkq_Wa>Jqa4;sFEcOH(r!D|8Bb_ z{W12^5-!R*&QBlnBF-yQu-WEX6qe-?8N-@u&98q=^>HI#x%1q$G9S}6euX?JHcI+e z`0Py&k~7>_D1$%TzAGFM+ix~+J{a8>v}2=YQ&=U~fl1U6UZhz)l3xPIMUS3tx&W30 znYIr`Uz2{}0OW4S`07ViYFh{@){FyEFrL+eJc;W{SW&?4$6FQ?`-xy&W&AM+4v9!z z6n*cFL_nB~VGRZADE8QdtFYg$5%xzf2#Ey35Vc<)?yX_<?d^n9S^V;hfP! zWaOB1;nyyAe$OegF9iw94Q@gMu+&zy+Bx?+S67Q_Zfgf6u1f~YJiejK zJYJHS#}}m^UpF%WAKLXluOb;>WPxpi3nCw_sEzj0WHh!*Hj64z7;q0~uq=cfX9Ei> zqnCM(6seDjT-iF%JN8J~eO0u+Rigj5X*KM^><>W~t~PW2>brLadD8%zoQsvei}$a; z3@2b4eiv_Y{dK`0&z1O)jXUxx{)cnyTi=7us1Do9U~zo>)zzdNKi+-@KjLym?fa%s z2DSs3CSzXI`BVm-wi;1BJ)e5<6g|P(*6SKWeXw7&0-W;xg) z(WxD3rTv$qvga+gFxxm7b<9GT|D3})F!22ID0`gtllTI2XlIxSashnPFi3Z8IT{(u zcd%PK^j3f|nEVP5dU|w(@U11yf1MD7l*w*GNY+);F2QSF6L!J9mV{T%kn_$kG_rGW zz7S%G#r`3l2F3ZLg>CeX}veF)}#y-Uy9W)lXIHeLNpp-J_vol{O&BC zMoce5k!3D=ZyN)fBL}*+m0A{rwU}$xS%of>X{5{#5(7cq3z3I5M3v1csOwh)rh+PO zPE@(;I;+HCd$VX3FO8KY=ylY+mDCOJ(+Dow)|`^5&d#TZGW1a@Na!=CED_0233?zI z8BdFIL&m%h=%-L9q!z7TMA0!=5_ zIVCCeo~}x1==T!r`~oW%fbT~u70Fa|$+vD#(7L~Zd%D488alNzXXZppHy5oy_vfkm zozuD{#{BLGYbMSYZz0h;_B~CStR2<0gQW=pOSX6HWzqPvtg9ak><1t2O6b52Ckw(Q z(1CX7z!Ee4YSDp(sA1vA-qCJ*$Ctud%-30kP*g0mc8Dq4vSg$*mjv=VpG19(;t9*P z^{K+hQXpCiy1y@yah9#E8BPd|+k^Z8`}U65w=n`Fncl=PXOZN46E|7Fq-bE}Zq(jm zD^x4DV~kJ@o#2kHh+QC2&xKG=w0gr*bFr%Ee5JZrdP_xm^TAF^5UbrsS6tZj3DMo= zL^J#oGnv3kT^NXXvn|-}UVA00VZPVI%{TLE0Zsf`pVh=e54WRdtyE8GQd0|~X5bqG z+D8(J8SE4h z_%4rS(w2gSbwt+ZAw4NoXO!@uj4qhNKZM_q(@Agk!5La3bx5iSK?c&9&ndLu7G*Y^YNE7lo_)_9_ zjU$w>=@ROFko42GIV36jApbyyqL^7rfsHE2S0;a*K*j_AACh%27xSXDNPR@RPM&Bj zP_5)EN{=h!ckh{IU==y&KMztVb%cSM_?CO)FsnwXM0NLBxtJ$izEyX-JDNDlS%N?ZfgSUMO#lQ@WUeg;I)`QHvZKhu2YXU-zY_nrS3!Sx`) zg3kZb>7pnZre-A+gXWMpfHeUEPd8Dkk1h`(?Wu^cfdirLeF=nmfK&^J{B=@^m%bT| z>_A(XYiGD6M1S$2wk0*5f|%y^Vz$~+N)P{l@|ToJNz`3J<~P?$|EX6v{sA0k^tKlC zJ36n|)gi~!%@%QtS781@gM?o0w0s)@yQYfS>Q3~CPv3_g9ryn>!NP+@G0)Y_#daROb&;AQsXM1Y*Z|JI!A49*Wtpzzd{D+ zf`08@8$*ij)>$@96FAuQXlqJe{hY0WJw-$~5l2~CpVKc^m}?sg8YN5TC?_~bKik;b zVQY8TG?34`KT``HL(JWWApxT3O>hahT5oEYseh+4vsFdi^amNlKqlT>6o_ zT}z=VOKOQdf@@Muzra+}`Ae(Og zU+a!gmjYrOp}Yl1O4X?@&8+EyV|OBr+1Bb-Y=C?w?X zA&^=7ob+x@QsA5vk4{!XSqli&XpZk!OtoHx?$|k3NQcE%g`!`el7r>T_B4TzVVG2q zCV%AWk{txbro%s%U(sJ!tqdL9>7}{4W5LD5C6_Y;9)VO9`;)B>_IqRJucr;ZMpw1n z>`7^EG>!1(MZa_{(9`S5M;DVpppDac&w+GdKMWmkh-$9ehl4Ke!T^4XznO#KQkth2 zQQ6`ZB^@Mk|~>1weFov+0?ZeM^Oooo9Mb%LzTDq z>wN19BqPx#y1+r&S}}Z4Rq0*ZRx*+#!SGhr=hnYLILrm_gJMuApPCVq+MckYfS zD%g4=M(KmCeLB?_rv38H%s7|-I%v>3neTn(O>BPKszko`nO~k@wdl4){vXb=1H~gQ z|Efg(b1whqF8?cue6N9RE`M4gzr&S3+vOi9`C@7*I~)q-@qgZVm#OaBLX77UH{L9{ z0~$01rk#K~vR(B%OYj(ru=VSS3VpYEtIjf zT7*Re`S{puS7DMMKmR_;<$n}{E+j!U34(s>r1!?BtV$&%bj<~JV0qH!wd z|0o3g^*12s3K^-Kgzk3)o#hDHO7qeFejZh$*D{<@-~fSGwMKCMrfoam7A$&Hc?Qfy z$4R)r1r!6H&np#98xM5tEDH66qu>Zqcab7R*?PE(;}s<*P|2caNYU3_(a|UhHAE?i zrIjsqx)j^t7^`N#zm3IkX6VE({>Lr%xpA!pvAXDZrN*kapJ06EAgjLX6#gkv+2O9T zCRC<29!N_%8Q`EGCii%5VacxK$t54_5AO>}`OO48pXK*euO#9;H&pX@Unf4Q7Jn80 zvIk=aN)La|=GN5FeQ4ZDI_u{APg*^kAb>6C>S-fxRoCW1|0$M!-begDT>W!PM~}E6 z7d6Tv+RA9Y4A|IU6EGz+9q0R!9zbO z?m{nvUwD&6rBU)%e`T9@-bxuXh5>^EAfn$b16U^~Zc~4|Y?$nal&}husiqfaZr;z` zam+M`iW0=;P=Vnm&WVo)BFNTn(6IqlP^@E{9#B@tcqS*a{JB5_4#gUir}uhfOP?vL zV~?jr$NC`qJ{XLHS-(oDAbOEhG1ZHwmjzXP7FDdE!HAX2DeQg@S@)=nwHOnBA}ZBq z_M$`Lx&oiQL9M*(keJNNzZR83FM~;PD%H5JQz@o7m178(jtR8g+YBFY4ksfs-nuwG2UeR8fQ$mmW&CFPj`pjz-i&xjSK#%&s6#w%K zk5Yz*%nhPPEq&(T1dSux;X{^KzP**Bw!?9^2JIjNw=#GptI9J*FAI5%_EVj4ofsig z9C3dw?M>sYj_u_N=TjMham#-5EyPILwh<*vC1|_r7XfYC=@?$H-g5^Uq5};f_igLX zd$m^N2+6nFPbJwdBX%gseu#e!3Lz7aOI+b%l7H_YsD1VxQ>)!Z1e9;Yg{%l{zJ+$o z;hs*Ow70tx#ZqV=I6?SpPVo2S&oLV9NmHl{Y%5kV?HJHYcX2VK?3{Va6G*q#`ydB7 z^6d63Fjyq>tsKN%f}y1&aGK{HDO%kQ0@^|K{t7|+rd01HR4-3Zy(_6cOCj6Mhn3V5 zVbqHQ{ixl%jCn~eePg!eMj#$rgczP{boO1Wm^3&^0=u zjb!G^UhVDX+~WBM_dm-1qr?tDE}RKc_HySkDJ%B778f`Ot^6Kwpj^vrQFXQJmx2RZ zqqagB?C!(A?&=m;5#4Ap6kUT6IX>lG&Y!6D_MR3f+u1{8Rc%%;aX-NW_(pTESK^DF z1^=VOZH<-PgK;iCS*s_H^0v00OLsB53?#HdwH~&~FL?WXidV&A&7puxkRqDKDI7zogoverc_uUrJO`zcz@d*RP9-Dy3g> z9XTN~H>MASYFp$Mazs}BVy4wE`I&y-U*}M)U(7Fm-vM()zxYEHQVWFo<*3RFQ6uz= zWQF?W9S7AQR~pwRXe9~#D$d<-{c7^@9`0$+H571d1SlaFRLy>v<9>|S59l!7Z>>3f z#sbuEAt4n)cQ?p9l3R!_R2=;}3O3oVqG5b|tsTZwK0lR7cpjTNh}{9`C&_c zFfc!Jm<-H4psdIISY3o3NaJuphIbu#VcfwE!A?jGd765M<*D&5{_tZeHb+GJDKfSN z&Y7}#&@|#OZDBu^t@l0I^f!DErh9kG78_Rz7yBDGI*2YpV2e2ZILJBBgboOmp4$&K z8K1I0?n?K`aF>QzzZE7iXqt34KkX_yM&X8myd5NU;_ov2g~!lbZFbuilGIHUNNfZW z+_9Fy0a0$Mwwuh0uB40o4mS$+QG+9_+3{8rLzas%{j3Rl?& zl@jaUHgI4|9V9uAmShc`>4U_W0yGe zK+f}vgIQ;d&><&#S=3x}1EUJ)RPo#+vEAIApAFw{Wvr){wiSzHsF1^*tT4IA#ZQ!9Avq{cUtBQpdx%h|P7l;BljYw;`F#Upk`a2bd1R`d1D-acqAP&X8c6dw?& z-RCf*BK@Gs9v@8)QCfO@o&_mR+E&BZSM(@Cfr<{k(|tm*n?%d)EYzseEhE`_oIA8? z4Cz$HN074h+v&aVDz{I#oe30Tb=dM%Rc%!kTQ4^-RYWI|0M%UGzsEA$R<&_12n`s< zs0ET4R>It1(o7^$?v;uJ0>Z}!Y+4ZsjO`N18NtJTT40^@0Hh*%l*p8xdS3?IiCZ9A z@rg3T{q(d_#GNL@1@y29bX-&)fh-2C@-8Ma%FJfYyh?!#8ltEGj5?YTw}?vtAZ;88 z(m$fPSoOQIC(Qmd0 z>71ZYjyB8;Esf=9vue~2HR_AL%KiWhR+r*7NB2UTKWlTe@thhD>5v#{*RdiJi{AEA z77$Hxw~f=iwCay?sBUdEPl1@@`Y$9~2Qk5qmA^w?(rWWn>MFva_?)b3js%c%TAdiA z`G(ZYq2lDM6KvukqtBC|SVuqQK7m(mKr7iVZ-MI}U2zU{i=_qh*DR}D>Hn$;`2;K7 zP!sYlJc^MfL`W67(GcH@>E2+oaZOw%ts;Y|feP*HKVTGN8&b}|omP^%gtY_0pxxrO zv^|T?!%+0cchS{~PD952F<{WuF}~n^kX(a_z11NYkUKEfb3=|uBp$latQcp$1##nS zvb))Tym07EM`hO`w0O%O4@X)~G3GDwb_#Q+wpijo`N?7&4T9sXVjPozBl?N}OCSgK zK)PHdm{yCEm{g(b$fT;rJ}-RKbcmOwaoK|H>9{#A-_nPr@SZNMb9W1)OR!Jm0-K-% z>-$w#JA251^?jH$&pgI|oXy6kv!+VDnjv~MzQ;Oj*3mA&>92^e=TiEQ zWcE~XbR)shXSdLF@kxFuos5;v8!}VT_14uI2ZC#aYmkvl+*^y4h%n;%{YMrv z2STFE8+ZaO*>Dc$0Pf;ZobXERehD{3S9+Yof^+keRH0N^egd5KaVTxg%g}LIf{s%g z_r{CF%ZTm(5#2!{MmE$`AYE5Oaeqc;`OM;C+qq)3rQ7%OQmn1G*mHPoRBB6=E_Q?z z>nbjGiz}v&eT+~Gd8mE)TgAn`>WWpDt}P|CjXgOKGDY%PS4`duX=}E91_N_749j`( zCuXQ4O^cD1JFXb%i*0DU5ro$Y1y>XU-%Vh4OvmkL}UWOSZ) z++&XzngNgaR*T3!l`?{ePYV(E6ch0&5Fu?)n$vT`$=})4RVweyQ8?+xvrQ#f5Ra_ z)T$Ol+l!M1%hJEU(r^7?+@JU*sM>2(abX62>pvYcWm>9UsCufHsz2cXrf63g8BCC3 zYm1Bh*cB_&Qd+F;lp?*D?TQu2AhjVf*az44Q$gQk+)UVp9}A_G4_F087Ihvk&O&{* zeiMD;Ld0CTAyxeD9jzkos{jf*wd?ADlSM?Q74v%Wg5sga`3$F{7MKeR?-kLmzNXFA zUsFbEnqOSg)@5sY6PG8sntmhh1V<@6ntZ3@sf@Nvl$w4~T+_|i+PW@n`HU2Mytvp` zT(L6Ra*PyvySUhAPz=;VLKP9!TN@q5{!&MM8KwP{;M>_hq%b-65C@c(zq9U+d!!UQ zy13ZwDCVsD8J-Nd_Bv^@4%&G1$fT#?n)|}HRH=58vZb8JX%+$iC4GK%4%eAW+1Oe0 z5avj*ZoD}Pw-?Z~Z*@FP`#^Lrl8^~&!5ECqe67)i0C25^SS2lVv5W`LN0)0M@Ec$} zRWb*nQ#BJK1*Q|2PYj4sAEBw}o_oo!0$ePcFSFsz0@$F&vxO3ksur_+^qXuutfuhl zm*DuOlDxOM-uf2p*}J_@&1PotoX{(bEAVu(DOs6U`cvHg+V{kK(el& z-5e^8x#coyO(0n?LaStK#LPs?F;fYn>{ywM=i`lTK8}qdY#lct*RETG>8cCv+vpMX z4vPl5CjVU>?YZuW#RS>OvokeS*A^-<_)S!5FxAD)gL>*volH)ek>t!Mw5{W>ZOOlrH^^Vv;r^Nhnnj-H3m*wtu>XrA1|H zlM=Qz#6UN+w(Bo(wb@?FX@Ss(AVZ-`PRK3)Nl2qP#}x^-0~N3x=qQjNM~R$`6dO8% zkllstz7Qn`wdxqFG&2K3{n2yKLlvr8gXhVnZCGgQ+)7gkr#V(7Rk6KMv%W@S6|ldz zf<`|=PZmY%t=Lw74Ix@tBOFWg(#L^owD_|MH4H7BgC=A^dj)ZryKbajaN8mRQ<*vP zS7Cx_y*Bd>!tcAq{MI%@@Dfg4jD6I=lg~8e9_LdsjZNLPthei?<5kD-bnKCr$>J^= z2e0fco`(Xs{O0tZz9SZT@rb5dobKq-dhf6}bjtthi(PA@0@$vVjo}`L@Vtm$&l%Cj zDU2DeGyhpTGoXEEzFztW+Yo1x;-1tvCef4hmF`4Ox*bmy%EX$d;z#x*E^lb7#N!L3 z4;_$`A#!MA`Ccce$dug&E^_Ra=t@VFt&XyZY<1{L8(dw3ug)s{km!Y_kS}uD{xscE zX?AfXin`Ji;dKB~4&9NGglKnaOYpsNp5+_$qa9K+q%X}xh)>0u>`R_X^8g&xxFxkO zy}rSHiAvCe<-b144+gUb2J?6PiD)Hs22s@3AGuG4{bfvO%}A0gN%nx$I_cD(Rzf;~ zrPHaJjhl4#R&3|7$bvy9R~{k?N@|i7g*1!yp{VxrhE9=03?~V0!379-&8>9)9=nV| zS}3-j=wOU+HWM6X>JpZLYhy{vuym=j3|vp5WpFUoGI(*@9y-D@Y>KUH&N3`v`E^=` z@fV9_09LUKC;-cF)D20?;Om^WIK8B#W%%AVT~~n|X&G=1!r6m5H{Q$oE=(1|y|dyA z9S~=!hz{3YkBVf`rl13+yYnZmA5MmxKFut@H=(lIvi@OhLs}SW%R%xfsuA~d)Pn%x zD~ZCZzk$N{YhlzZg|qHccJbh7WYy2b01bdLbS!tw9!=^kmriVC$3nkVgMQz82A~E} z$sVYI_`Sp6zd4c=Z7}p0Kttq33+#TsJ=Z^=Oq?IM@h`l4>78vt%Nm#~?4Npv_Idfr z(EH3GZSb~5UmUO zeh2s8#KN>2;rxDKI0$Z@(qjjR-U=O#WfvF)UJYfZt5}168_Nz{yd_+`7uHQK{yG<2 z9I5RL8d8n69~Y$4+|0lwsU$+8nSbU1U@}XxMwlGSphyf zFu}0M9<%)gy;v<&fm_#i7~-V1U#B`c^sa`C{o=h<`PQJIXsr3`YwIY8C$++zImPG6 zVb^566ytFL1jT#&V7{$Q>w_8%!4iIrvelm-2<n#%wW& zjwE!9lpBdW?lZo-bFKTkaKlKUhJZ@-pGIfzy=~pwai%0}%^KaFU&a-cV{{|_f<4I0 zkQ(@6mG-?F@WS?{OGGQ+Fn7Hx2J5WQWU%jDae*ZgTUMiQOATV?VKAo`%;+6~!FND8 zvWR++Cu4ufdfu0MzF%C=&S5<}C?}vl1rfk$BronYBlpgn@X-2<*aIcWyset#M)qGx zo{TDNY>HqYU%@*K9>QUw&aBzK>dFNI11~W@`jNiFPOeys=3pqoUV;y;$w`BX=0sPk zVEaV@zp5Vv;g(OZ+1J|aFxU*=TL&4db!=(zNcIj2diCrFb&4u*PBoDUD1x@~E=h{K zP%Wb#k4*M4kx^uNZO=qM6#ylw>%SuXhl{0u<9V<`8aqn>zFG|UO#(KI#JKYpiUzu4 z2{?8n;4#I3dlC?E;4W62Xm{xw4LwL40!NJ^oOsuCVzwH`qndnwamG%9a>=dnQ_xM( z#s+3hX5H#)(8`^oR2a2#Gwhd+4&KUb`%i1->V1BZm3u9+5IYEjRfqjBexbn%(E|uT zeDwPLokHJp*vr=cH3yNXeo{Bff8#R6%KKf~+dAxveSR_j z#`1qb$p3kCZR2r&Yvwu2btfirY~fxc$}cw(CKPCtdIvV%CKG#FsKPl=pwo##8}%bF zwcu=;dPH$1Ig-mVwX=grFm)~c-ZD%*j~S;jg+9k$C7GHoOl@MrdY-8*$yAmYl&QC4 z6x7sz*iY5e0hcK)wVMkOp8JYzhfbeg)KX~&@k4>Inz{l$YB{Dh^GpR1UApP<6m1@S z78`P2E7oRw$efvQHaOeU*9WPdXuU@@a_SAQJ-5BL24W4-)4h$R1Tl*{r@ zl0;MSBWTo*!2g%a^N(fJkpD{{2<^2~2Rl7x91 zc(WF5!fbH%SNZ&+ zmj8l-u=lQ`B@nrIgidG~bG|i666Uv5WeFoMmw&*CC|3dK>s8BN-PN^UpjlnViLq}C z?IB07-J2kl6I7oHGO>OCcOZnwz!!os4<2EIF(EeQ%QnGjg7vHrt9jx~pae#d6+{OU zojmjOMJco(EJRX%fO0?#aY$IB9+o{0fjpWm4uR064q+#R+#V}c{GhmsI#%JfAJ~CR zapaqc4@}R61Tnk#?spjnd0yhIi|_aqk54}GEEexbq@z;rd3J}98bOH3)d zC#1|=e+DErHh}I@s3$`xifAqXJ^j0CZT-PaYX-b;@W2UdB4+ZV&Am>41i#Z?op}8V zR;SDQeHS~39Re=Q*YQQ2j<)+)_4}(GcXHUv*8iWsSqc;NzqpI7e{rSf|07uQCH>RE z4P3PA9rm);{9*@@Fleuzi{>iRrw=7b(74_T{0O?rh8wimGfNw^%U)%z&LGr9d4zkc zLHh`e?^ki5@Z?&`3YZT$Z}U#js(*Me;---1m&{~y6W z_s1x2blA)K=a)K&gn#}PoXv8LKZzts<0AwRG=9=f>N(1aY+7mZRscMxp~LE~2seh{s&W>*kYZ5ymY?48h?n zrvtKwRCEBY4U2?>`mJwo(4fAL5OjJmK~q6ca!}v*0T3eNn+)pabL$$^#|hSNg;>oy zCj%wuEUT>JrO=PVLL9NWQO;^iy%lLZsK0($IH*IrBu=K9Rzmz^rHT=Q`f04fDayl2 zq8oy5*H1-RJjUPjZI1DGXIt*Zg_GYY18HXFWQ<=1^;-so_^iOGyH1IU8>E!o6*6yD zo)nN}$LeJz#_DB7V>R$sMBNMxs=l{ql+Zb$7urwl-c2r3^!=}v0Arr9`kwOnMf(1z zgU~$?=(f7#mC$#cL%$TV#Wwxt^nkO!1oAL-=;*P&w{}V%yef@7a(|;Lp*VOc^!j7M z(htKIMd@}h-j2L|6ujMqDe0Zb!dE*aMibI5$l?g4okLxgK%)UTsy?I0zw#b=gSJU}% zO=}!kIt;99)bo!`{Au<2M!h>6gdO!{xu^A;S{FWWnEM?0u)0=7hukkhB!j)r${?Ru z0vO7tQrUtYX0kyn+z$cg*zXF%C#+ncJyx*qx{j>u{xe|(xXX{)se`<4!oUC7vipF~ zFKWUb2O(E-VF)s3V3#`>!Z3^rSYN*f+~EhNf%i_ZBZf2q>(V`u#T^90_jsB_Y&7cY zdQW0-->_kKbJy`0L&gQ-!KsKC#2GF5@g-gPhVX)aR)?n9Ti{n3i^K%ZYE@I?+nZrJlT;#rgUKE2^G zCQ+`9(hvpPpq^sz+h8rf$z3;cENl58#jSB}1G>g{Rp2mtsT$PS1Ex9IPzxp0^dOcq zV4fWoifoiduc*tmbi$e2UNQ8;%z&QBT=4CTf~E9M5Sapzh^HU}z|>bDl_ln$2sa_A znR4f=v0f-w^>JT$hqi$n^vHBBupA(x-E9*j;nhq)0I&nrZ5ixgd)KRCG#f&WP4hHx z;AR+CfDEA}{)ckJUW9_bcccK#ZUlqd3dw#&wo!JJ0=j^z$t^g?|GEiMVVRUlF>B;) zI#vJ>Rl)@+c|RFYpb4=52KV29^gb!8TKN&&5&y2$4!^frS=JqSYn4JIr);Cel;=We z(uLjk3xPn-c8acUYQh?9BIR!`F8|80D6gX+!kft|H_guiX~8~p5De75$Mlq07y(f3K{L zA1nTGlq#z^{Sn-r!CVJ^6?|nRz~b|CP#Z$tAjWTb?Zh)`j?U$*Svm~}#;=A>exWN@ z<2Mk>Z}>%%#pq`3oJ5hd# z{;{_4$i!GJ7Z2<&gh;>O4&RQhjRfJC#-MAOOMx)r03roBX6A|Pl1f$6uUD__&!un4 zw%jtR%3WwN#5FY%Vdo+pT_+3Tqb*{y4{?4?YwyT(w@z5P);&K#%p71V?O%S-g| zu@rE%&2Ov4mvAZGQ^Dn5=*n-S`MBD?fM1Y6i80$5sby$8#Fkp^sp4f?r+;c|XICei zEn29i1VnqCco#Y$*7`~SIK>cg?j>Abo)G5&Q>1-RiB< z0}0iV22>PfY=E+BZ{h0pkSh-AUpk76;RW*Rr9(S3wU90%%x+g5Fw2CIs+b9#z2q3C zzNAPTRcqsco|w}Nw~1-Hjg=;GQu98`td+J|Ml-)Ry^x4p^O)6eVIdbg3M9i+vMm+% z*N^(Fwg%8kq4EQwb_{`Ki0E~0gEBVLEeI|YB*j`HT z-C4*llL%DUTd|oIK}_Bc6QB5-3=?ih*Ei2_(fSj&kV?MPW0usGw)*|n>c5&`@1~R# z6kBE9MvWk=4>F>%euDMKR{z`;V)gsb{QW8sG1~YZVYK_quf8Eh+i6x9v4&CTD`~WM z5LyDGt=pu%vW-VgKv>FX_mwo-j~oGwJ5i*Ff@-w!H)*t2W?NRmXmglw?L&@y0IA4m zf1Nl18<NTDoT zR?~H&^segSLjr&KJm}hm_+<=k-BPMTG_Bg(Gg_NkX{~H?E!sDMwn@+)S&a4yqU|DA z>RbMbKeZV!>1e$HpCUiKe9h0pMcg%NC}MHzSb2OcG{9sQH^48*;f*yBf9UX7@e8T) zLgOw%+bm0)dG&D6B&!+XEZJ?>-jm1_HBZr}2*7n_J^1PT|E6;N*C~d%Ia9vl#`6K` zIGhh;i_XNgo)s@PCC|h$!X>qIU+vhu^zayV$%3ECKmDxlZ|1)kZ{2FJB@FB&<p4G67>$pXBY~xYjxrH%+V)>43vp)3kKmb*z`pk z!}HK$iQt6OFF!u`@j&D}Cmsq~zbKPRbw!l={?~gio(6d`3_^ z1+j*~ptgST=KA5y-REB_*0)Bkh3|IXqV#>$nMYXY z#}u@x)`8mgXs+pqta~(%{r7Dgnpz3Ep&5QE(ud>u>J^7c6h$7dk~3r=bL<6=Q7rK^ zd%)~Jkxk((xj6sv^iS+*>rAN&N|R63qA@C=W>do?xw1imzO=-!juw>ZvefJ@ip6N` zvT(5fHMF#JOEt7=Tw21W`0Fs9SwT(Ul;s3dUX4S%|c>Dv_!MezhJO6n^fru*H=!72WK(pekX{7{gf1M z8IofPc7LSX3W9fJW&Zb>_^f8E>D<^keJImC_k{+az!X0J&3AaDlfUCy#d&(8Fpsb$KTokH3fL@9nkG0*E$rox8x> zgr?Z{-Cdv%$g<5-V0%KP7U$A#FcNnBpxzpZ-NAY3`q5RbHe`ekOfDuXZTQ&4-}#OY zgk>!s_`q%O(yh?6*?L@EZfz7k;%)^r6;aMtv#mFafWr02b9^_PLA`vd6Jj7K+n0 zC&XCco@^)j47*s+(^f`; z9S?&zgO{D5F=P7J2gm|d2>K$;T!^|#voI3l4?hYh(T9p0#NOFWYMC@AJS)kug>Jh;Qrk$cwd^HzYp)lg6+b^VAV1Q zxV-qX#03Z0&VlMhIIAPvP@?_C%PYdD2h|(^WzYlVXi`ij)SMi(>NL$c2Y6dyHXd`% zPx_O6mNrJ$DI#}(Ek=AJC}?I@_OV(S>PEhIg5e=I?=3tKhs7%}im=36{tB}9flr?u z(Ff$V6guC+y#dk_0Sb9*;xH3wkN}DM4oNby@ym8!bbtzbS+ro4o@o1DQ&IoxO|Jqp z+OLm);Og}7Z*Q7=p*TJbK_=GTqI1HmN|X1pAxibf+chKXk2gpX9>eZV3#Exip z#NjVl!okC8PIJ*0{qIn9oMMlLqY{r#Qc1+!Y1x(sa7}{Sm?qsi4_H~MYUrQ`eJC90 zUpoZ>FrDXLFG~M9cAkL-b$4WNQl1y9szck-BeARQ=lm2o_po{TWV%-RI&~}hK3i54 z?Sv2qLV7o-5Qr0FNi|wMmq@|1y>-VR1+hRk-xw>&tX@dcvq24Tu2BC;T7R@pDHscG zA7?zE9H}?Q)ykp%E8}mFx(>pun`h;6W{(RUfUfS7L@sWdT}-;wDdOP)F0CYR{lNn_)@wmrFN^O2b%b(dA{Kt??Dxr=_dFo;=ixoJ|BbHVRaFV zxAq%-Idq!#)%=Zoerc-=s51Uhqnl6aejpjH&}Ug7j*(dBTljO~uR)qCcku>|lwTxi zeGFN$wZ&fagrFw^q@AT#?heM}tg)$E1`GWHqdXpMkVB=NigAMv~bAMv~bAMv~bAMv~bAMv~bAMv~b zADBwenn7G8a z!`TJ#T~ABIH#txjr%rSshY^j@5aAR%KMmjC9J#-r-V?|}%q-DoZ&gy@ykop>)zB+l zlX&!&`Ao!Vx)YNHK08R#61ptR{+F)@iG@tQ&KwUYE^)Y8@mXPyOt2mqEeg?caA=uB zDIm}c6D<~t>*iD%fwJql3kH`^t^JjAYiPqWiyv&p$TQ)ct{!}uKkxI#+TOMfq-@Si z*h%UAu~Ua`zL9ngBkn|K&)yR!NS2A{6X=?@xJuQTTw606MJ@H{aSILloTjl7J2as`%ggB(cAmn7Hw^2c525G{^ zABOB{Fg!EF@Jt%l_&$Wu{m$Jdu^6t0z0+F3<*!1&Iw~gfhCLye?8MxXLxH9m9#;w`Y;I zu#M3^Lsn;9v;GvQ!)9fbL9+s*H0zLg2NRriHR}dTw+e)X?Gj(8yBQYw-OYx8WAqU5&kyil0sKlpDie@f zWA1MsNv@z$vNJW^j6M4XB9D)w+Nw1viatl}4{Z?_W)7 zb*^mZNLZ_@*B}j+#Oq~0EQbRYtwYg%K=-5JF7<5ku`sNL{{kbNe;aYn7%jan-O_~p zob^r@o(5TZ^+IhqP`v^&x($%1AC;sycK1iPRURt!Jo&PeC##6~6q_=LR~SCYj}2vz zvgrdf!zlrSeZnAi$ZZ&dq%3+H|7;k8PmmGygvel@Flb3W&S7cYQ=!;8_Iz2}=8}Z) z1ZTkZ))z*%(fC)3!+^DDY*}hZC`dARStPj)wmE|sXROV69?juqTF?8tB2%T;KZkqM zZ-H2hM1%a3Prrqk|M0}gja7@U(N=?Zl$rq-_N~kXkB!faqEA@B{fwJbE#`t`Z<@mZ z$_-6Szg4yP2lx%qxiUj>nE@mh5DKvS9nrm%tt(og`H$mBm#!w#+>aBpffe_B4?5>noZ&VttgRKxCKL>Cf_{nc8=;}8@?BZ6`IO|B_#0y>tpO&K%` ztVr6781MIjws62K$dSoeepL0kU>>&-6}GjZqFU+fcRTT!-$N+qisX)tz9df zI@f0KGm|y@R$bWxyqUZv;2zB8iEJC5HkYbdok3}gp!vUM?h`G2T1WB zYON)dY{6ZzuT3?(I-2F3wiT0I`e>KFbCOC+;mjE8<2wOs2i=zubS+I=mDjzJ-r>?0y7Zrv#M&QYJ&srpNkRp39Eu^w5^{?qq~&FsnO;I4)&Ob^{f(HH z0N)`o(sBpH2;R?$q3$BoQq~be1+rWmLoOtw z+#FF7@{Snt3_?yx;b%xi7!5skgWJ#!F zVyH(6bz4cO3u35tLdmhv5p?BZs7ndeL|iLwv8m>wAK13JO49Fl>1Vj~Z%O)}UHZ{3 zeWs+p=F$&x=~Iwi)h#wpLL{|>Q>rkuSTR)Cr5!Z+%iF)P_R;h+4#v#;o)RRseZfka zUv5~?{W+6Qo_x~e6Hmx280;Y09CoDT=Jn^Mufj(C9*i`d7->2XH05q222b1V-=*?b z!k(=p5XiX<&Z!pXIPxiT+VnDaNEIUzoT6O1T{Af@E#*(RCkTZXjX#@`D3 z6%S=v?ptGPGr5^#$1|(WX4TujDgK>?+|0DxiDNOyP8mA`(z|#M?7&^HlF~SB^32I+ zOg@vsnor=;=mso0 zjTTNtCWIrxW3W>^L!rgL)2?e98|m5xFHg4t6T3VyiWzWg{dAx%bfRo~q2iVyu)ums zG~4Yoq4cX6@UK;RZ5yQ|z!J9Mf)IGG0C?Pde1zcmtdKYCh&ygloWjI?-D|a}``Dy& z4i`T~{8}_4P9;h+a^C6MxnIGBDqm6C{iq?2G>T|(^r6% zr59J|I+89c>DJn~S@svu22eP8mQZ+3Zt|>i#9Sp?EX6X?&_bqo!@f~rK&pMG8U#ug zfE0Dtc8)&uRHd4-!-KvLLPizQi#C&QgAa0E;UqCaS6`4YLa3{O-HLTpNR7T|(OR*( z*o0O5e)Iiu$oj3~_lx4&(5i5zBG$P@X_=M~T&U`t`TD(vp?|%E#K!S%e7V4cOxD%i zwn{C1uNM(th{|{^UCgMpDC#dHOQP7+)tb+%uHrz-Ptk9)SmkT`A_ULU@@V?-D^;zZ z*91s@z7bMn0fwJL`U$m98@A9ZY#~g(#5fI@Nqc=@cV`b}atoy_8!+3+pI$H2UVK7n z23ETJn!YHLS?E8eD@xjLmb* zxw~r%%MG$*S5ha86Z#kdn1hxH889!8Wu6>liY4uq-$kt>J1nC4To>uE>S)Z<+j9WG z8|Lu4C;{yW(XO1^iOQ0Mxpih6Fw3~UToNIoa;>sV$<$tj5pMtrlhF7-%Vc+5a+*gR zAa99iefFpi)UAbyidrZ^RQvjf`uuu{B0*9i9K?3>>XFg}NE5xG z<0ynY&Gdw-MD|S)$gR9gR{XcD?l`$FT^|dVmB(Re3|Uxe4j940Qeoi}BU#vujz@2L zNvv#+s)Z$}QZG(U+Quqq&E3=Qir&bIm^x`Px@CD{x6Q70L8uP>68D~HEa;GlCFY#T z(hhN_F6+cPe#Z5PWN_(6#O3obh?{uC25f)xg+b6bg?A4_bDXl%aY_y z2TIcMlC;XQBT3>ybh@)Zl5~JTxr>w~sYa6An>Q9N%IBDU4tb_UzH?xue~IlDoO5gWJx+k zlH4=El5~h9{Uu~*Pf2n&DhQOuNdFc@oYR=IozJ-|&Y8@dVI9&?=KeTmU*t$H zQAg(tGRtL-?nh&ojbj)F9CmXsGT>l)V)v>T_L)tHPu59bF|cyn{ZyRUmB^f%F_$=! z1QkZvIWD35#kg1&#iGM}&cEZF^O6Ybj9g|b^uHZL9mVqUh>_%c80YL)TwcP_0=4B? zUg8_Ge3y*Jl*~?XPBc2?7W6OkQ2WMEzXMcssn7Xrob$`#@^d^?Du&9k{9!)l3vteQ z#pTC)s1swTqgejGGLMJqS#w@RID6srxaZa>xG5@~&l`+)s02N*8 zbFPhZepy_8j)(eL43%a1!+g#ian5;C9wUQlZ;@s~`R`<&m$IcB3o_gN85gRCFG89JJ>p+zqBMbwLd03Ac(WQ|zx^Y*zqX`h|zj`H({Ouf38Fl7=@8;WGInq67# z#(TTpCO2=8+ieiV9hicHgVv(XfQ$Ea5l4EcH+5pA|JjINP&0dqAm1>QnLYKy%mwd` z#{!=7rR9JhHJe!W5P0|&-P>BBn!k>Z_ndqvs)2ss);Ga>KGg`faA@M>6RWPe($<{M zocPd-i2a_(x^+J*>ds#>gOEzY>mP-NQvw=XJQlNIpp*KuW>jWr=7Jt9`124rd}DcT zj!a<(kUQwc&nA2xVTpvSGx)z!Xv$A*%5bHBuOKsDF)=+D$0orjx0wAmhH&gO#v2Fv z@(qI^p)Xe{hdNssmPS7>m`5*RxSr%;PXZ5tw+xuO5^1%}!+JAhToLUp<+woa;N_+j zmUVD|0BSKxWJ{w~_{^u8GI?+%1^L$|Wn5Zy#5lSD^romR?sv8Rb}GKga5?-QVYSiqPMT_x*@3gs8Xd$x~s=JfYw4+J1?&A_RmG=^8l5 zYi(prH|t2OT)IbpbUQL-dyG98w1zG7TjeCI?#G%W)wN!(A65^-@Z=oG&mPo(u;%rf z;oUf!!p@Nb4(5ggjTIa%L){4FxNTXP+~ekR+ej}Fq7Oh8O5%VMe58tqr<7c1wBL5{ z{^&G-##`-Vdqi?Qg8tkP`@3sEo*KdeHMF=A}d5Oq^U@wOH1?gaFLI zXXDIRR*sS#3or?Uw#G9-QfYzmqx<5TK?EvhoQ)L^ZMAl7Cxv)G+OSDUkW`LZWoL;cR5EQme^UfEylr;>B=5Vv~|3}^Tz{gco`=>NO0CA(B zRz+E$NbwH@0WB0|3tio6qd~0JKWMZ(tfIX5ry8C{Q#XNZmz1iY^*x0=glARM_y^n; zXtxL?Rm8wUjEc`i`}AI4!GIOQ1L^PkJ?G5axx1UvBEFA5J~Vsp+?g|H&N*}D%$YMY z7Ym=xluUioQ5lph<*{208_zC!1yU`}s8C+K0y<(?z2Xv|vH~F5B;2U{6f_EHr9wBy zb@f~xM<1kU@x-U=_K$bfJ9FJmG~>6dx=BQdTTHo5j4qI0t&pdo!`P-{VF5Ml;%?!~ zR&6g5s0)PbHK<}}4<8{f6CB~C1ZGybc`3U6V-~!$QUS0kn&Rd^0OONbX7giLk%db3 zI4$8`k97ce)-i+d%ejJ7ah|Kff>5f!XZw} z7)D%FH@i%HDJV39K%AAvlby9zClE(T7E#7%@zQE^6Trz*K#EfbAzK}jE>4&vyJmzr z^-TIa&btH?CS4OC5KoXvqVtp~TY$_zI8%Tj^asZ$)mGfL(PVumn7`Yyth#rc28FJI znfO5w!f;{Nd});19LPHr)0c+zBxs#%cz!`$yf(Pt)JV`%+mQ^hfFcfJu%Rjhj*nDjr9tt3|JGQn56Nm^W1XW`&BP!u@fn z*apY=WPIGMY0!BvHgy_=63`&BjPDIS9j{hxui{(%kmZ!A(|jOv8JPxgF9DXx_EIDA!1#}w$l!LUuwS-edwryPiY&SReU%*H28YJ^tL>A zsmaI6e#m{&c;;fA5<|ZPrS`W{Ys}uYkFAKTJdm4<1?Fn`>$ezFZ7176Kf;D^=}Dln zAOt$J2Z?O_F(46t2!9|$RB+&OPc|Cpu|Cx6q*2FhHc&Ik*+EVeBuNbt`T+Wa=%z5W%4aYgzl+-tRTFiVa|J94B3^UpRA>1O-JRv9FDV^7m#6soy+3FS ztY!={!$%8rr%AEPfEEy(-Lfg-T%45VY>q21KR^-R3$`JjTfSElT@u#fZ!lbDqmLa0 z!pWIkGNMdI=V(F&f?ov<4`YF1Uj>h}k5RS?4OfX?|IbFWfXG&)Za}Rv2vq>oeZa|u zu^`1iI;Mg(f?iYu*mxX&tha+(OF=?6+7{ZP|3ZU7vbu8XS#GVABX>o4jIx~UcBsiy zu-jn@S-ORDJnp~9O`8Kb!vW14jn?ZbpVlJQrx2vvx!xnA1_>&Wu00xG1Lnc*=67s_ zkdnKM>c4pcItbnhG_^@o|Hp9Ro>FNeW-`d)S~cPk&`!NBc%KK3t_9`RMbqz-;IkpL zZ3w!TMnQ10<}cG)3GXC>7*^}>*D?;A*gH|4=Jsv;;A$-71x?NC*H!VjzEv)3n>OOU+% zoSJdVaH+E&c*LJVP8UJvF^cy>DmpbOpdzG)VFy%cJFZ%MxMgS%X9Ht?`D_QAZWVE1 zES#6Y8O-u|wfyynn5B?Z_Kn8Mvf$?kWc3{iS8<>mgzyKAzWUY2%1b{ViEf)|xo^ZI zc_jV#lD<_84@RXeRoe%=jMSwuR0_l-2lN z8~B<;h-w>Or5+vzQWL`oUuW! z2%=$VS)q6X7hl13oJA3JV0D2n9>878qVAmJ2AY zvZMvVV1&b<@tiUoP~YINtW+lQnRVMa>xtlY$)18*6TL-*B|0qJV)VzKpfkJ_w(S$3 z>mxe2?gm}CZ8jLAI-(;Uk|py5IaR7gUd`_NA^JcQ%sYU&Bftj@lZNIUz~RRWa8@;!kDU&P+$d$b6;;U462-qEm5>u)X`&I7@1%JI)0ql&0C>>NA6Do8 z;QM6*!0!Vf-~d*j>D~22+7?4RR@kmubu}3FFzV0xq4{gOoiXng6cC3}6_my6=`Mq* z!5*ELOs{~(&iJp|Rcp}bGzrFm*f_FrKKL)vX3QdW?q|Ms<}C1RyTN1hJBsAype^_f zPoQ3k*ftp3!<{hhu)HBhJqhq#=Di9bH1??-a2XK1iQ2wi# zK~8}A>k=uUtOL5s+X{H6%P3Z_71$(y^^KAsWdlbx>3P&qaEq^U7Y1~ z15*v*kserPQ=$Y-V2G?@xmM!0IF<|+9rAjZ$4B&4#aDajC`!6_%GP=k#HXoEtl!g4 zIv@&la>o5sCs-DoIIf-rlb0yanigm?iTjknOAU+fj0L{$5nD zI)5KfUY-Aw7s0@HMQ6-ZjN{9w6 zp=X~GqMm&nJTcpX+PVpOZA`>t>eH7I-SFYF6AiIm?mp5 zN23^gGBC;LB3;!tIdZ`)Y@X%|u;hyjPj|Z`Pa>!>Syf^YVg_Z$OWD@wa}DlMD}Zm# z%eqZm;oD-|Jq5>}ZIKS0h^EgeAF^Jggn1_*C}Ar7gq9gFj{?lEULa|j8JqNb#g*Kv z9PDRiAmDZ}G+p{>LW}WjekcFIeKi8j$MU?KFy3wH{HWEVHR^h5tyE~GJBQtOW~OGZ&eT z1>0NYcqb?(zZ?#whLLai$~*n(PPT9mtifO7=<}BSl9@6Wq)@{okd3&|SMFpOKqLf` zi+uqZ5?o#xm7iMrX>n{;>6Lc669z2~JnGrQmYQ(Aan<$?d~;27YqyC-z%DRXYR1|p zS#HiET6hcY=NP4Z>_iMgK*z1MKSPRmjowBva3|Z;@J;fT3#Z6Vu~XO%AE`Fn27#Bb z#oG>HzCpf&fHzmwhp2J>wdmIjod8(FIUYf7Qx)+gc$Q&PbY=}RsC@y%-FMts6SX;e zXmB4%HOgvgn@c@Pu(Z7Ux>VC$HHciRxDp9swE)seR!dd&x~>M^P}kMs_epEipM%71 zvNGQGT%!m>4RBs0?ShrH=zlS%4mwa?Fyc2z01X@3Db9KKtv`_&qAAITX6HS8V-u9& z`C1hlfL&cV1G$M)$AGonj}PrELVJ-xLrYdr{0nf&4lbfZB}>#D(MzQr8lquMRvfz) zmLbGpC;^)0GbB!FC$X{9CgzKC=`X@yg?%~u=@o6^jiXg)3>!J1kX1XZbEQ@ z+LYk@vU-qzhX#rGYWdqp@Owd!*8h zQo)60@k`4ozK_G5>~)~?edu%qsA?cz1FD{a#ve43gWsrHFb$|2v`R=>k~Mgs7PR`Bo#h|iQ7jX4qyfoBbgGnWDQ;yxGJ5>TvL<5}MI zD^Whirb=`_ysfbuR-gjKN%N&i!y=iKy&XY3UQ9ofAS9JZ{c?yLh*M2uB9LH+keA?z z2!co?vCR<4EqdswNDY-d#=UXzYciJU;>UV=ZGdM1ExbY z`X2Jc|88HjLs#K2QCd=`L)0CFL7g8Gzm?T!Kj41F}yTVwWUMHf^k4vftKVi~g!YI4S zC|PP&45c*O5F;u-3Vn>iLy4+=%DA?t&@I1>c1B0kdT_#9cf6+?&`uU?M0)!L0Hy4E zFtVL7VuFTI624mrV&5fbf?e2)?(rh&9uiooGgYBIq?A_1uy!4E z&KGb9@_RJ861jtL{Y|(;^TR9Z{`@mvZC z`w>9OZb0X`7C0fHU1oIuuIh(VqIuxeXZfm&U>CYCveIP>uGkkKE^?i-%Uf$^@C8z* ztmqcfS5ds^uMB;a)%AE%a!DD;;m!7jiVLWCc>uzk7C;(^=L)oKqu)O20bxm(3-K6u zj;=4HnS+ZQzL6BOUEhkORe{;zjnRcko&@w^0cd|Ogk)cqWKVdR6eLc~CZnX0n~d)L zYuJQ;ZgY&fhRuokw?F2+8|rdLiI(_Q$;L6A-ZP6+5M!^wD06ffc)74ndI|e!cXTKC zm6&K+Uwc^J?WhWE5CL+xfxDT{7et6exI`G$h)dM&H7q4xIMOTzzHuMHQE+w6@m{>9 zMm}Jrs}C=gjKnm6;)W6SGK?V)VT?-p6TAkf%(rbt)SIZ~KnJPr^4Yqhh49pdHYU8P zBs<8Oa{_uD`?({69WG7?E346LDLw34>I_C3Vw{Ps);-#7gLcws)l^rh67Dq|Mca-^ z$}Vm6&4_VOiL316M8|Bs9Z)$KxZ=zGhm}!uEUXzOt_~Cb(i<9_+e(7Da@!M0SvEHV< za^Rp(G<5HVF5!>XUGC|M-qFR#J3&q8U?^D6kmw9SiOW*zu`db?s28om1w~0JLM3}( z7K7oe2il}SyplVz+fVnkC3y}N+|kfY`!C`|8Ee@USgqFK<3j<^P$My}(H7K&S$^y{ z!U9MH&1DZoFo)_2 zT65#G~xUoF)F&I@fZ(7O`t}@uZB~9@L<&DIj*vh zO()HRmYO3;!^FmCmKY9ATCQMh)2^-vL2b%#6Ga2KDjcdC;+2A|;-h`k+TEaq z5JOfyv4`svzo?J%DY*z6uI;LIW}bbrE$BF|yQ^*sI`@GVTzt2ONeEEt z%RrN9?1B%rjbk{YLDX7zY&&g7M%7_12(q}5o2wjlusMw^uJGV1`hrFyH_4o3{4+8H zv5j`HIl>)q#z43u&7Fsuk~h075n{ohn;FFJUDUH|M}GwvNn9Xq@0Poj*S_y{#Ihy& z)P+<*TnfQa1(J`+c!Plj|EgXN@k)_jkt;M+hLkpBnSjWY@;8Ch8fR$oa8t4RSEgM^ zj%mLw_f16C^!-K8@Pj$x&Q#^@9A5S8&V7n%Whk@!t#VP~FqMW`)gYG{a7Q80sr)x! zk{hp*T*Ou8Z0Ol6#0H^IPrLr+3bbRu=c(wdby9`xxeqfgor=1{`knSt5HN#Y5Y&Cw zPf@ot1&PpOxY==7UQKX`G3G|N;Nk~5Q=bIZHx^2FMUSp_ZN!Z85EORIq(p>P)L9Pj z;H&XON=RfuVWT^~-O=GSzy(04Yk(`{w((AhS7XX=n^Ps9;zPht6fwuoAbUyCA}=i|@LgEcIRE*2rcU{;_(*C!EPU)YA3r^9Ag`ZsPNe{drK zL@&JVehN|zRf!1mxtu##2LC>!u8cI_;ny>t=mn^YLPxn1!$%&mVF%+UlHGM{juzNN zMed$IPf*E6Wyzyi{c$L@!t(PEt`8;a5KOeR6P}Bc`_roJBgETG4%elmvttt9(iFrYu$)dMW1AZpzpNn3Oof|i}1H5qEE_&%pV z`$;dF%?c!1FM0dKPSFuf{DS>{o8IN74wQePCuxW3^MmVWKe%$z{ ziXbk5R>or=6`5SeJp^$YO4)CIrvB7>5~41m^R(PIgsYxW_P4VU_;C3TC>2dW_5);p zbCB0z1<9F&_wOel`vZ_m1f(N5=q7yd!^7MjpydB%l3xTyrN*O$enm5#A&Ku4AiB5+gGycIN@G3N{v=-uI!AJXLdTM-37vrt%|XVKN^4AgoSac1x2wMiNy?Hss2W8jW1@B4q?VUkExIu;h|F;( zhj7V3nhFKYYAzBu9O6+I#1oO1#Z#bi?WQylHA-y_(m%n$1(qVK)2yX~$BiSBh#rIT zNUYC<0;7-;#=)3f1{gA^t#cRcP|VlSB9XjYq<-#%_JMdOrf<3j&8ezQWRKY@REZNf z)f&neZQB|D0xc34vMJa47p(3&@}4f)q`Qqr6WH?Rw4ICL5_M#OP71kQAy-8Srudwq z+`N#OISN1JbEMCt*BOW>novjs?Lb%3TfB! zVa*~mO)Jd%u$fSrDJ>Yh8UWprM;Q594~IJsWc5O8FA0We`~OS)yFL}J1BQ8+&9se+Inw9A#jqWB+vWu4C!fjr;OCQ(#& zy^@m^qm93)o0@H_V#XWHiAQB=Anc(xB8O?iR1e*ZI>hqRcBoq9^-~*s_ zNrxXeU0X4V+p5u>PMl*%a`O)~hV3wMsnw2wngmF!V z5%`nQ(zP~#(i{x;(fhalofFBlbk$8Gs29`nwZZ)?aD(B7+Y;7(aKRlKf-zHEKX?~s z&m?eG)8!OB7+btESrY`Dn>zK)`*+4KgNB00Od#{yw7pZZ@%9L7u$~MSLdYc$z6A&< zjGEll$dkq1MF7Q-6(~)Ps1PZaMIsfZVwFMET+@&A!G)T-CaA!P6ct7tS_=;x24zo5`&8O&Fjg1~WR$f*@ z2$o_$L1`?y_Ck91CqZyzwVJ@^7CBm7+`a5UDHEP=0Hr=+bk6y>usSUHA{NI#vULVT z<2OL|txbL()Z@@c_D2`#WOu}=)e+}i6i`lWxtTA8(yQGUP9@O=;0c$Fe~zq2`S0Rn zK?Ynbn#!@a<&gO(k6oOT{{G*ty}5SQK$ksffFnXuIgD!&a%3$>HZx$; z6{PwdG}-7oM>RPXY&mME^Y_#5kxwe-adYt0(3+tdSd4dw&w|$5(}>VRV4BzY_<5oM zXayQzD)A`98Qa#VUyiHNmp_1H@BeEro^s^+$Ifp7n?j-Bgd;loaC)6vj~vDKLJ-&g zD9ei{t57~gzDDOEs|e`NzIOjk6sfStX8z@W(ax{lzjLfrDk4(8*qc!-g($r0;r_bf z_5?ps(@|cAOsjSJFd&%J@;&Cq(5F$ZRMQ<(c|_fKL|L zqHAE-2x(G|Luy6g$>toM5?3D#Ur`t9k;;xb)}rKqVKkPbr$bWl+}`hU=t9Nj7WmCP z9CuuA8)1aY6L{wILZP7FgR81SXnFOv!E;DB(bRw3zcczbV6KsJGHpW+I^=Xih99h^ zl0BcOi`zVfLyHpm;d)T?8=806i)_t%DN)cfM9p)6^`H(SD^+0`hj{BLJw$9?WbOt4 z&w(VAnL77a)mxTVQ|IdKsVk-`t)f+|Iub^_eI#&PAHat=Y!KnEynG2Y!%oOlw!NU2OBB8D7yBgS? znzodej6$k(jeY}KTUE1WCh9C&xfWBd{{FfB{v5n{X}LkZz<(m z`-1${nL%|Yune4w<&_Z#0l(tipqKO>r650x>tb4toN|JJ6#x+o@RvE*=t}%4VXBna zqblD!W0j}Qw$AJ7CF9up9+sX7K6-Ab0!0cf2cJr*oo%xnVwF|G;#JURpi? zaUCG8OK}}3IkI5HbA4SM*O4RS`tL{5Tql4wfS!)8PxNO#U94@n3JS@+aM$!h!(eA}GG zA3x61bKh632lriMF^puoTIFQ9+{w;gEfw1NQy4=YREo#3+`*_GkFo&BymJ&6HOqDT zV5Pu;5Mv^hF>WAWmhst{3+Mr0ItBUbSoX+VNF=?>;@qD0eWKH$YuHhBByw%0qHtsz zB?AFw8lgJHX$F7!0c7BaDdoS+ndigO9LktW&u;M z@6-b{wq~wvZ7a-{d22k?@p?F1%KSmgTjGyP z`y)7sLnrt4%rGrZwu*jv(rh+QT;2xn#FpCr$#b;N@s{p9JJ&{Z%Iq>IcT)Z0sxGcvfP^*$)Ju@2ZEo&f2dP!){C zV>T%rnXUHGNzf+6E%T(^Pzb5jsz+o^h_rt(6Ry0HKsN1=2^+bxd%s7sFTlseh2X%wF}8!K?I zczeIc8CzrdtI=B6mFq=)rKB1x+Zn$Q%m?GpmxZD*-6i=TCa;3uAqRCOlHk5P>?|kB zlC}`kkk&f2P1d;VKVtS(eG~mibDQ1P;~6sH`4u4yVsG**JtGtAdvK2A6%{>2Iyt}} z^mvfE(0yBeyEoR5-}XiNuw;8Lv$uOw6Y?X5Q}Gmz_hpPRbeaakvQ97##MffqdMIKW zWWs#XHz@99K}t1xKb|wTi#!EY`JPJB#o8&F9jEEhG3(-&E39-qY|~673)rwEGQSRa z)`^shFa?8Z4PTTibb5r1{1=D0+8ypAhyetaf*`-e^yKzJ`DukxJI-B$ICcRQoWE9L zNZH~!py`|@!2M8(?&7P)dZvH_XK`D=w@`E4z&rxU8v&^=Y(@fhiTnszj$a_>xmA|Y zc|-gSu5WO0| z6+V|nK4CVrkr#S?`QFl7-hZb+(s#GZUO4Uts z_PEN6W~`C}hg9k6b(33OG@s_i-*=uJ3V` zpa0BERX)pA8L-|aZ>X3i8k9x7|1%xmC`&v|9b&b_D5g=}5>J`2hVq9r<|^abx6K!ev#gZAl8&utR9@GE0r2+BrarrxmLGta~fc(6Prp13|Lw#cM9l52;7N|B+7Q)!{OSp zX4&4cug`{!OpI+~Rj9HbzZ^jDFBse=h`LAzr|qE?lybmD4pYiek`o{+08mkB{eWgd zib(5Z#ttdTS43K`cB_osbikEHmcz(WddT4 zDm!(?%6`Bp6FG|RLCMgk(GS3x!AA+cDDw1vS5qp(5t7>H zkqwVZHmMsxVH{8#lJd-pcBP;!v93b#2-AcJ#0gR6s`rt zwJ9k?iU`I!FNJGokV52y6u#hqv=p+uO5tV7%1{dNky5zUN#UMWwqgI7DmxC9IVqg1 z@2SoS2!3_e7M1f?Mm<7#3_wksfxjoknmPkrM@JKO-x)|_*D#ZrW|h;9-Ean?6*M|w zX$mg8;|!eZc#V#u&OlwMvXCBe2EGjP4#=Zu!!&;B@f$%g=l{W4VQJ+KhPISCw=JT- zZ@EUd$gP2TAqsWj-nZ^U*~Qf2V6Ai-&cAc3&&PeGv+)@pV1UB&_e%X5!M{>ox&zJ! z{D1WA2(d5^pkzfj6Fq>a0wth_F~i@%1R)zPDJ)jG4qED*C`S8bF8ro~oPZI1^Ze!J z7ew{q7ZiAG7vAX?4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BlJZt2U!^2V6== zkGnw7HP6syOk#cHWYP;?*-r89xdxAi4IXEMhg^ek#D1#5d=DGU_prfy4;#$)u)%x} z8_f5x!F&%J%=fUtcuzMNOqgu6Pa5P4zGCc^NDh!#kl*3mp4d#-iCeVj_Cz4}-3aFv zx2Joi+f$$2iGu3(M3BYFyT~5awawQB2lo@IYfB9-R*w-}tnQgER(s~0&il{0!ug!L z?>O0ZG77P9W1X!HPGQ)eEHAw?dg~v>Dw&Q?a^tJ|VxeNW%VywxDpC-XTsu@9e$5wq z=j_gHTs9E*rut;x;Iy-<`-=C;vh*AXWCaY==h>nyM)jSYempL7tkSJLtqO=kKNm{P zCyU%oeX^foZdI<%Pzrsr74ylm@(N-F74O6|OMQl;>fyYGoeB4?xFC?(`}<&0nSa)Z zlJ?Isngf_=+tjneQ0^?iG96{M%#(Ji*HqtU`~09Ptv>OUj;lieBtlZ)pC!#W09FN# zpI*>Ed-4U&KZ{Ih|11*f{Ie$q<)IwzMEU<6WO*Koy&L7x9?6ys{JR)WOzRhK>Iyq& zAfH($pI}qn3VP^#EeXZM21W^t5xVdEbWM&xOeBGr@TY(J`C%d>!7emN;07)=)UP$Q z4Qdj`3EZ76shxlo_0B^_h@v+__TVouml{n&hy-J(vSEuXUXy_Vjh<=0Eiko(3*n-3 zL~Jo5oxKnz+CLg|6e2G8qAnU#k&4f9m@gDcT*vbPv*vgqAQxG@ z4&m7vP&1fDD-c5#VIt(gBx}H`0@cw1TUJ9AcyB>1QT#JC`hzNy^*zL!1p0~fi$J5W z@;{@^z^jDfrkaRQC6b5rqDdn5(|Dgwtsm|ho=E}#wZskiCaIblX%`;!fVIWBZS8pxiz=F*t=vF4#1u}D|2nt0Zu04zCWemlUD&f>*4Eq zgpjixM1Y(#H3cGDz!XqcG)ei7$6) z<=*z_;tO|hLOp>(6Ci>`lpq}V1iVT19?6ak?r&U!tla7T<1!ym5r?y}To*Es{CMZp z&IrKf(hT%W^j!hY6&}r7Ds=g0A*0!?h%MeU2?L7%MIy-c_miJlShanK)sSzcm67j@ zm3=oXm2%edDWJW-3?|&~&mtI-MOEl*>S*^?Zdp~C#LKrg-TPmeLAA%J%#gRAdIIoj z^r!$~q>irl<<^eKW9QV8@>#t75>3rd;x6%p8>lsp`_)+MTvj=@Xl|QSjR$r|CQy!A zmXzK;H(S8lJihUvgAe$fZ@)SIE-AfnZlO?GG`EXcmN5zO>DiKmYu7bxtiK&~Lzj>( z__hRZL?#xJNh8we9(TvW(u5&=$CA=5OG-EXUD1B;5YS$A6VZ8FI2dFOb^5iqy?b}$ zS#Grx-Kz2QI=H<;o!^ti%9lu|j2uW!wiGL)q(f%lxh{tsZ*ic#X|EV~j8>bo^eC(1 zp|-IIk_*GAHwz$#0TiK%kU-DNsspc+f;_^xC9BV{b8sD!^|Y%9SPIm2jIE#cJ%~fl z1T&R$IRw`0)1qYQ9Wo#$%VfEK9onK>SJ|EB;lp}?ZlSB2DNsHFMtfbUP>?Le-U5)~ zfeVmn^tSt4Z@V08zi5bH0BdQ!3+FH7#7@mmmI{mTy(&-uO%G&8xIdA>n__@~)R>n{ zG1piwhidF`5mksGDdH{F^WxQyj_Jk&4pG>^h}%n!bXjH4>dngiRnex`&qAZW&vNCJ z-;a*HVHV+m%#70<)JZPOKr~;mH#aM@Mu)||$>@cfv1^1|85LOX{Ae6et+al19}8Ef&M!bd zo;aZ?l@d3XcT_4?#@VJ&EG0#8=$RMYgw-C2161XfLS~*ID6ye)p^^#q2kF?MZK+RI zqrN5!&gv*T2~=dXVxzeP^#PO;rvlJ{mCYe{V4G5<#=%l-lfgSIMPcLE0Co&1fh=RW zC4v(H=x`cEkG#;Tltjrxq~ZZzPSi^j-QhB7RL(p7_vUcFlFDxCjcmY`aPMK+jjdX5w4meELhXhId^};tVd{baE z)k-VxMmI(m=^S4|3hKD2t1}1&tk7aW#kLxN1TiRV7>kIGmY}%1Q&5IDoI_aPx$V1q zNqHr@>seJ8MH4WJ@SLyKSs7z$Xe=t7G8Yz28^&O)kH9#Bg*0y$hSA&S7HA!H z(K=cNqv(Ks3?*g>2uiq|$)8eH8|z<(ME(by(6XvD)ne+AGqIK=k69@T-?8wW)QF30 zKBD$^T7NXrfx3M(=(`sm>HBWTv5xxrYGD7AmTm{1YT(o468Khy$I3IvhMMrFs(Pxb z3c-f9ZQ8u5Gr`M%0nYGtOWd3|5v^CP1;2?L`|=XYUaW9)1sH#bB=Ao3&Z$l3@@3;W z)-@t-PtbA$y;=@nc&FRod-3_1C*C6-?Da(>(rC-h+jo~nBY>h{W~9*wV2w1T(TLG#B)aNUq0xHK z2>*;mhY4uo;|jiPyfvlbeuF?VRUtOytN-&%9QfDE$rXZ%WxR(26gXgvA220>Q?t@a z0tum#xRjM?2~`phKwq z0Vc;^VcBIbcSJo-mJ_9epXHf+a;wf5iff!cf$0|Pr%+*&O#kvwlTc4 z65ad=+9so6eqyY@hR;GaWcFI&^{&jSu@QOXOoJ}yo-UZPQ;;0!>wIMq7J(L(&w{p) z{VVN@zy>PVHY(Wm=u20tMHXLTFnkA`8UC_8fPadEf2>0nc*&g?g^kCCG>H!9eQxEx z_UPfSKe#jAg6wWIM4M}PMVB$t0wnQjUya6Yd?qQK5i+3IBSGeb3+=NINQdZSB&lzr z5R$J4U2tzLrRo z`X)=bxv_+CwFI7V5y0tMRln9rVUVOdDH6g?T7-xIl}U8#KLM_8`p0B$NE?qXPfd8V zdu!?=LFWJ+osVP`{J=jNVa`W_N9QA%glTXmOoJ*+g9^I;I7AH3`HJ{UT2W8_IIL!> zL4Z!stk*vQgW!KZrgO_g2I7*miKuqYh?MChqIH~kMV@@z-a*_}-9)y&ZQlHf9a1G~Q}ni*{@@ZhpWh z<+(XC1mUKK@LdNX#ZJZaS1C+~5OWw8QID{54|r-y*m$~!O#JNKyTe2q@4LgX-Wk}& zLz;-wV2(JvKO`f0e%$w-XDA0Sr;+LHl%o$U>&cCr#zc#eMeGGV#KSC2Krr*#EKO8H z{c4sb;Gq-OS(=jQElpP0CPV2aXO5etIRQAm%2%2py+B_0qSGL=#w*A`ML>I<6}P+B z#2T-lpGrT(Q1o}EQk^}% zTU4S|FHM=5O6x(T^-Za?-l()bdd3MtC5|v05S2=Y321tnl`Vaasx2Y(AllK@PD^pM_T(FL6tu^iVW=*+b?dg$^sU z14)-_j-rVP%^8MWbiwa|*l(4|ka&2I`maW=e#wc2*P#=vT7E0Z)F^(g&)%DjF8vq! zxDjknTG$S*M?e|+Z-AN|HAe~#FMPuh&IAV!@Lswj(mWthd5D!3x3-q#L9)7BgqyOd_+$rLGfwnI6xZPz~I?DCuFP5MR&Qj-UVTFy2-oMGQ*b{u9WKh-GtkC{~czxKVYIi-`y|TNC zzkA?}FbTRL`qUyy9bHVqBvfy9|b)rSYU4{3rXW(T? zCWpomNs^R3S7z?G_qOL2Tw7hrU8EY6I>!)s<(-G*VA*V2x z-h=M+O;`{CapnM9=TkN7VKTaCBYe?W<-i0ow1?Cy=jM>&+ApOIBjB_x?ZSKceHE57 zT^ZFBr@B{YidDTQ@Z87Dux=L+M$Jdm#yRSUK8L!{!e=JWfi5&9U^U8+KN-#c5@@8( zj+ZKIOp|%YmaZjXPK?mE=*A6b$$|3SQo64}3KE0}G9V2uus4$zvRjo=C_)3egdnw7 z!4Mc9ol*3mRsd2}3pXmFPp>r45jGOov0zsw$AXQ5^3A`jCr=cep96$o$XmwYh#bma z?$6m;&%g^Ltj=HV4|BOf(I1r);CeHIZ}IQBS;grO*bPSIJTl~PYVG?ogD+2V%q~u! z=Wc3~9JtZ@!~UwT8i)v-mjb)aN;KFeRBPUVT{JB|9?~H#@`QJyMnXoz`|$i;+JNHv zolESLvlhVxG{mk2Pm%o{Np_0;Ld`x7uBo2mbY*FUCPnnQZs{!JY65juHf?3*jb94; zV{{uht5pw}lmZi~nt=|b6N=~Bg}SK2o1r?Em~5fSmE+O2ccVI$hM^}(8sr8%B^zZS zGw?dWNyJb%L%k6FkE+8x=ge2hnMQ%TtX|+QTb;jbMuA(TWTJejz}c{u2;AXG4i&hk zB?%&MVed+sb?_5yR-?dqQ@~t=wN;e~;BdmzfAWpYV837kn)=}$5{Kdb`-ft<&yR?w z`(m5=2dg!bK74>SC0WpEgtKIhnGLl%vjM<}#fiWIax;SxZ|;AC<86dB*M(T&5(-FO z3$)3!s56Y~5X~v{h$#Bm55@k6BZmGpw~yE5Tjuk9)AHG^7*6_7WFEJj{BpN9e+w(3AtJdT zU(F1z2y2!0&QN42ixj8PbaOwk(iOnLtTq7dT@fAoGg?9U3Uo%Lu<6(v-UM>OMxMSW zNERd@AiuLjy8@N^S&Qhz=E4S z*R$z4dja~!2X0vkP-yePj2ibbB7I^}u#GS^!Tb2+V3+bFQdJ_zFUlC`2Rd?}2Qof~L)M4ON07^Azc{1MMhc>eRB zg8?rkPKkSzJYNnVyXLvt-Q>C4h8evA5-Kg+4YqHnWBVaOO0wPEtcjL&ErS$9(N*$I zTQWS%7BU8VKBP;dpPb$q@+*OEr%@Px+g$&FMR0-A*$?NkxEplr!KL?ax?Q>@qW1GuB8uNp{>FFm zMJ_A?BEw6o(Npdb``ZkXfp5$A{J1j#F4z3kKor0JpT-g;mU&ENlC|-w_o#Slh)UOd z)OeV$5l$D`d$DnAD%Z)dE70SqAa&evlAcx@QC*f8!~nhoheui(=FazF5(oiq5@jmU=;CnpQ@|5C7DuM`%v?QsNIP(cmes z;R#}|B=#dLI7CM`In~t#@k6j`K8n6OCL&Og>MK&xQ2=p!iPK#NOW31CR4c@Dg7x6< zsed$<>sP9Zlzp&|f9&7QT-lf;sD1pkBtgxUbxDHS#}_6Ed&`LOQB8o%Azoh;| zL_3iCXXL?zEaGJySXbJ*sI)a-8joJ`GZD8DHrkcgX(e=(y$K74{!>^82G>gnWFd|) ze{%aj;ql26_K3;vfXVwv^u{SMyw`zH>wtBaVV&{;gFhf-oex+Ny$={~;sYKjY}#Q` zOdoLk9)$<+^Pe2(Z@*awCV>v%;CJ7;==t~m#n0%73Z!Y}2+ZOeqf6c>=Kp%MZ$0Sr zDQlm%Mb2{xvRu<`Zy2&@{GZ`oVf-Vh3rVk(q`GyDloT_bWj(y^BT-aq?)jf7Ja9(y z4~)a06g9AU1Z)1|P7+k+|1C*SnO~hG zsLY?Q2`2MqSbGWHwalM%hsgX;bD1B4yy#pE#7-O-mrSJW5m}s`fu8a2_f7Wz)->ca zc%XmBH{D9EZp^F*we;69v>;J|XBIs)aV@-*( z_Ww@o*Fx;0=>A_nX<|RrRP2W!_WN^QsDj=FRZ2#gd4}H}^nZ-u^B)wFj3OV+xPUK= zC>b|Tz!{D&8#=(3$Al9E26v#?vv&25-B>g*DH$x0?n1K-xO}3ioHl;>$7T!+E4)!$ z*eb_DELd2`3@9eBG{vB_Qgq&;dmJ}2OvJ{q()Z7KHO&0Wc|Tnd=Lg2x>B6?dYZo#1Z77|sshWp407X+I8*ZZX-u4AZ_YH>wPLN^O2ul{dJ}s> zOm#r@>UBno3{kSM$VP8#)}iAogdh$5ZVIBl0%VUi$ec<~rYPRP11iv24wXXAl(k6% z7?(P~Vpqc}P?DBK&uNNPqW;{32gWAN_*2{!}`98sD=WO8oM06LT z|A0Dt$ncL}30EWSGrjEGpCp--$dzXRsQ3@ycx@=PzqJ|Nu7ya}10E`D{i9tPJbNqfJ zO~ucWGSHm}G3E^KxUEs{5V1$riUtuf6)QQQ36hvOheq}@1rVypfPWHG0k7(iBm?pC z5YJ!bCBO0jS*+qdjb1>BMoxzWpww8dP5P^F#sV!=^&^0UP!X>Z3loZcu)6I|9(YE6 zvx%M&_6^Mg=L*=_xz;7fugI+}p2L{jRCQ~%|NcYRFgsxHO8amN#Ub0#B`uHyuk#+2 zSEnxdO6*}Ie^u(C92vHUS%T_+xpYWYlpiY!1*>rJz9MPOBs!knRDvwn0Vn)N)_ERXTQFL zT##R<=L=X~7B1*jX=?-m=t<}2;K$vYQzqhUB)P?`^-4qarU(E&nx>&zF#~Em(VO@x zdb5hU8OEvZj)#A0I&?hLp(3=PCpMb#jJ_-608{FTM5lA=1U9_)6I8S^^xJZNCAFLn zm55w_{$jG6uPL9o)Ryy$eRF`WliSovfNaDrcT!376eTFpz8dmk?+s{;URjjDj|24; z=*U_#z+=hmfj^LauJaax?57B2xtn76KW(|>svFFV%No@U6etByU!4(@vW#0|mQt(T z65YKp6q;uJXZ2?EpI=j{siJ*>Vgux1A#UZ%#=BCB+%XPMjTNsxH~D=y%)zjfo0tiO zP1*FdBjkva8S5CTJdhOykiqJJO!FILImX0d-s%Fbe zhl)407M9yCuGh%`^KVe2wV*b1`@pLNagkiA zam9MqbuO01yQxp#S}5o@IzkJ{p|yhsYvTh{4o+|jE5eaZTCjvIS7a7%_=wEr+=4iI^Ewpb zf9{i86Cd}k3AC*a;QWW1DGZ83uqLj%5Squkui7q#QQi7C_awr?8Yen_okaV{^O!`- zS2{R<#Z?qV2W}JYlETvkL<^%^fyt)+k*%L8P{R|*fPaM!$ygeaWRxin6_7!!2R?w4 z6R;k-0VR6(0M9aRgEG~FVoSQ3OL52zxVFwy+6IvwYI?(D$Tm!#>8G&G_ zh0T{GW7ao+cP$cJ%oNj}A|k$3hkHcCX^*C>RT3@ukZ@$e4hR;WfoR;oYdJQ2P;;P1 zP9!D<*4S@%?y)a)&uWQ37?>E->Z5wPsv*2_fV4Bna8{fyXuVrd;`*qZmpX~I)^I5W zw8jr$xXD*ag&*;Icm_d@=3Wm8bhC&vi}g4F%rFst$f-ZIYg_TJ#^+nZ}w< znK)GA=<+E(-V&YkU0DyU;>+Uzu11~B0iSGw3Y9buO+wS})2gN*oY-M`DcxoogRme& zsTo|xj#|8dKgfNZwsShQ0y{G@!z_k|R->0-?;=<|qCBYq4DRUE8Acw^oVJJKPAVK8 z7XKYX1rC=gHF*JU+%a9^hCRVdwi=EAKaJXO-(+FCj7mAX02sAFc87dV#U3E(F}uT; ze;?g_zFf1RDd1Lc#SkZ~Nx!2G*$kX=x`TWFC84 zn>iWxxrM_(6LIE-NjMolzZ!16Un`D)BH=RZNnKFd6VaSC<{f;^*xG(rR_R zkafL(rn;73lb?7Z#h_>U#bq&E1ts=z32j*WFg#MAL+!?gRMs=QDKI2kWte zLEa|;X&T(y8(HH&;SbU$b+p#=lhpb4dVWzYyC}&t9~rZtKME|yGwwn;dK@q@QVNXu zh2^;u@Q&farjm3M53d}Jp7jNBuwjWPnT)|{?R2m?*d|jBHeeb$*odUl!N&+n&0Nsy zqg#Jr9cePuoRFo-=$;;Nu;FZ<#ABJ>Pc(zSQr1<=);VzRwVxa7^ld8oL$6o}HFx$4 z`j$-WrlP+t(=Q+i6Cs}~YtcF$8AqWR+)rCli=J^hlhV$=@Vt#K$4~BmRaVwQR(=vI zZb(NOM=53R`&=50F>)>m<-fw}1v*nW9V2=bv--~i=g4Q-`Cn7vpm~sbha50uUF^$A zj<)*Fn#34kS`Is5nOqv;!V_LNcawLDf!kz+Z3Bl{C`a^s+}5cVGkz0}Yza!AL{R$X z%)pBbrQ@o_^V?=K$?gA`ENp1`sZNUvCl%Up+#$ZM&TqCe3H1P+fpb-pV$%TY#*pw< zO`u!>XSA)jWf^18T+A3g^mawV-=Kn^jl>2aBYwwn%K)Jz76%KOQx>TPj9R(GhN6{( zbCO_8BDpCiK=yP+Cu6NpG{zjwpcTzcS0uxd)TRv8yil>5j(4@_ts0 zDeQJ$uKJ4p&#%KVw;hIp-%!>jmZzKL1KK+rv?~dX-a9hLLxZr5ZNXT*vw-8U(Wnb` z*+z1Zj;=n2{_($0G1CPJvi%Nxp5TAM5<)QIIy*0?vMg9dK$(krJ+6G`$90g%D)Lu( zaF9N?9@#NTuOmhAd~jnWRbUd%pH%E6>eg?e;%=>&enT&Q0HTV^u~m9!()L+n>>Ri& zdwVqRSe$69qC8tfSp^!ffQCp9C?>4GrM0akz85Vi_T32?`-rp&ipsj##rN6(sJ=I{ z(<6EW5G8g3Q8l5lPX*+2-+4q$59?0MTNZ56y-K}q9E`PV%Q{NZwbh@%YD5`LMhEa% z%5=S)z3#f}B7+)Df%znd^*Vh@eKp0iDfK>}2^K&tQ!p^iW3JvlqSBVD5i1dS*Zp!Cv<%TlWWY*r}3pFJ`Y-jV}bLyAM;|FGf(+x zB2O6s8a!uv+v?V~q5MyAR0$kVuM@z*)=UdZe3_=B{^~LnQTo)SRvbMd=SK65Q7^6FQ@p+)gqitqW&+QH(s1R%!fCF zjDBeYm+M7?7ebm?l^iLD2Fau|t97t}nQPlB9DUGVFD5}X4e9}h+o#?S%nbe%-$8~` zGQ&4}41rX|iZvp28NQ6=uLmvRA-aA+9tW8BSZ2`TdPN?{*!+^zM&eTvjMSGPY_Qxw z%MZIA#DR7y>uCTkl8D;GA9Z~^0BwXe)zjqz7Z_boqCtWoesG>}1r;U3VTJpHb@Klf z`PdhgS8j{8T-i7_sJ1o(1!B0(xd;}0o%r|}$fShUs!;xdsM!2@LTXl(1gW%jiUCCl zy+_t5jFxCy;|4cLtlQwWz*?m16r_qD5OV5@IM`Ld#a3NH<#@Lu>E80RyB-*}jucGJ zAncMYwTsL?HAfn3na~ys?VS#1?=&;*FmWlQVV1hu>eH&|i(s)cXA^mG&@bG5B$4QR5b^ zTR9aSp#C&kr!{AZ8r>r=&}@#BN-ew*V8gu}u27H#P_E{8qr0ZO=Hrg;{`~E_ z^KF{g_bZfOsQ z^^*y5{U{{y9O$mlTx+BAarW#E%pc*RAsz69L%gWC+?AvpIDmXfGviK_#xuv=dFDJ? zt;jvs?(A}!kMY-FfZ`5fu;grjqNWNDD8Ms^eNErceFq0+yp@I`pSX6LPn>dzV{$x` zWCg&n{z*LYpzHVzctCCFqZTDQRoF0cjRT-N(hD2fZ}%y^#7F^fY!jvJ+I}BWw1*Pw z4gFtmrP`z!8@m40B@9iVtR{AU-X#_+TQx}mrwA$QA&HL`DYY;AQd!M2dYMm|rzulc zxRjx)udeGWF42sv4b}hfDLF&w8$P9Apsw~Q^R2pX`IIgz^&OwGOjCN2lx|I_eb47v zp()k>b}2*s9?9D!#oO}+k@vh!E@F>Z>SSY0<7{Y{xg6b!E-KnE(Fi>gXb>)yrDZ0F$x_i zm85iQN}bRlPhAg3N?i{plKrd&|0$3_(1v_sqeuc&MK z#Q(l>qw=u1>z5`kziuWk{~yG=!j8bK9|v}lxcC+Iw50R|j!(Sq1#l5OZoF&G`8zOQ zsezf1*~OEHpQ>ew<~GBOXbb#|aAxrqFHF5&V6NJy1Izd)oU%Gkh55wc{HWj7HwC*g zLKUb6x4d(`Snk@u9zSgG!^IVBakP|IW9YQVgK+!&WJMLCMCDSvDRnx$+W$5^OWS7z z8(#!PunG$ZEwfrO#VtqykSW<&WM-h`ItRJN^4s~$@8y34Jd)a{DXfj@h50){s2$XfZo=`4wcVW;&0f3Tx+Tc80`^}XH9rN@-}M% z@SmU?XhG}knPM7wI(kTbmt)cGt(gm47RIlo(WbGjXb%x>yroQ#WHrOxmxS}GN_~&6 z>U$J?0;ATUKxHBREXY5axsV%LMrRfK9)0Uj{*lZD^bc0v)$s9O zV2**AgC5}If_SU^4k0G0OWpSn z(vC}rGgd%HsUUNpAS12KB8|v2wDyC9M24hkwe#ns<)1Sbuw|8&TK)IG?zHbO!1v>- z8`$?2bUr$ie;{)q=apc`&YcKWV0{m)&OZQHtMh+$G?u0%0^;ZQDfw{Jm`*rSJI^?> z9UJ4}#!+2?Bek5p8`6l=UtrdOAHnRA%!Nk!lN!lD*Pbwa{y$q4C8;7{`Y~=Xa|U^S zmNxqb_yKFJsR8o64)U>e$Q!&6_oVI10j|;liBI$As>@0LhcXw;$9IwbebG>+$Y}*= z_hERKc0cGjax{{p=?|{XKZv}m^A9;RLCMenBRxZWxH5o=1ze zEfFwKK7Wol_XxNH8NMbNq@Fe?QJTl5IH41v;HDQWoSPY@j+7c15yUmBbGOdnIu!!# zsel0sh3hNBr}NvSGG>5?H_OnDU@rit1{TlncJcg5QXSqM9&gqaG`cN%&v_(B-}EN* zwU&)J{D}@em@5O`UptM$vOMeLKcV-)V&o4<-GpR7QZta;94VC+^P~Gdkn##^E$C%Q zk8M&Pm979#>VYS4aH*@6?vi$V#&^W))u2t|F*4g`jEihO;LbBto8NX>0S;!p!Voey z+emM6Kg*`1$U^>6OtF4t6(!hveWUW}&I@K_2N&1irxn{J+J`8I^z8}lsZyuAdUY&+ zCtH`CY61t63m3w6^6!~Ib1o8b} z!9yIE7926<2@20oZVqcFgt6R<(OmYTQH0DL+0u`ZW*WFycNi6cHrLi9;J3u9wIsiw zPFesgOx|I!@9fOr;Xw*4rW(R-OjvL;k3dlOftFzoJ$h!Il^UX7 zzp*X>{c;p_vAL`h$Fk;cLd5Ta{7sqR3uY_zg>@KDiSwXqGgy*^;+iTiZZF2Ow%o&T z^K$D@DSy2-zwWE9#~}mDELb=vErCCW@HXj^i1anFrR}SzaCLO+`J;k#1;G2!)dEQ8rCHoT`k7f*v>|k3NMcT z0+B|cv&}X3d%PynX@}0pck4t|=>jx7(N)(0d)XABN0w-p*Bn{RQA6KRiR}Zv@WX%P zA}pV~a6jpbQr51n1Wc5;bW8s|xG8fhCJ}@0Rya@!12j{B_BzbiKy|E~?#B!ZCAAM! zSs6vo1auL6qX3W5sJXC1!{C9k<M(|qBuPx%vU|hu@TU4ki^gJ$Y zrs{%cBb7S7yz=_uEexueDtFDnt>w{Ejsw6wEHepfMTn0@bo1>C5?N_d(0e5lD$~yA z7|hA7qEAajac$0Yd`9zdY#63E z=$}v{lc0#8b!o5r4Espy1OoRO$_>9ta!CVCTuDea6@Sx`NRNN)gxB>5YDCdi+Q%4i z8OS<=U;eJLJ_L*U?a){+wW8HwGK9;t1VGAZpPiU+q^Ocmn zgS&KST{@Eo@eb z2VqK#tVhu;TWs4eO+>A*}(1sp`6prGTO042`iO5k%22Io35Ci!zW}rB#SBE&u{E5c%dQA;i5T3*cx=OrJ zY3iU`#6cfwrcV(Y819BDM9ymbD&kw_7vj@7N>Af0(N9)Mz_iN?RRUvN!j(XYTBx+Cie*g;>X@uMPtnh7ezn)xQirw)iAn+gGp(XU5P5FlSreG6D zyA{B%-`doU&cKV5-A5Xxfv!=Dl0zYb{%SR}HIG-Tiq`j_f zZv05K?L2{qsin28McT%}Vjc%kic40*aSc6UH!XdaA@ zh3u-W?9ZxweBNU+gCEopz$ZO!g}wof4iEZsg^fPDro)3X(ShE|Cy@@|J7yyw0c{_$ zs3*(wFX1a*Si-$+TcXWJnl=;NDyN2RXmvDG1|4e?#0%=u_nb(7*)t;jWhNs1Wp(~9 zPa=^ZEN4Qgd!FWCTxT-_xkSD)*A{kqhT7Pod}dw*#x|rOW>+YBhDcUG{e42}FPs}v z|H!{t3U}-ofp^SA;2o>;JN`xjy8%VXBqN?u*o6WacrDVK3CMl0Z+sh-AU3>C!wC#(wZuA%A=Jj+>%PO#NICD5 z`5M@xCF2^a|ke5ca`hXLyQ01r z5Nm8n5_g!N_p{sKQV+w(LIRaxQ=zZ9<%o-bNqw4u7W}P@-WF^oJzx4 zw`j%3ByFZvYkaxxg&ZiOAC)VaLQqJpqKuU=U3o(vyP!(2P* za>cshdv1{Z1KA5++@*o;5-KlJUx007Y75e^ALvj=)sH3_+*HJ-DE~kPLo>yDDRi=L zys5F%>!l#2cn^3^Cyl@_@sIgrtGkB%ubVz zx)De0b5<^Dah!|tES4!eJK{{AP?4#V`XUN^taX{MV&f;z%+-mRKx8RHi4mPn?O ztIpceEOjPV%3lz~!yINc2O%EEJun4(&pVBp1YacfTQ}no#_}~{HI~0ye-hO!(Ik3N*ONWi019iu19;)DtAYY0?Jjos~{%N78GM zbllG9oa0dqLn_5%n%Y8RdO5RV;ul5kuPw!%taUD8F$WhV;^EroDAMb2OGA#a+I>P>k9#7Y=EO^ylgpI4>k$^Ixt*iiIl@N8M<|2h=1p}Zz28j4h-~t|UHU1{R z#Us3)gB$n=Ap&c3Z!OoGX(F>q3k+G?EKi!UIiakeiQtDxxM3n|>5UuCW^n|J+zSUy zy0OOtFOTh=2+KH3YeL)Lv0V<=qs11q6}M(fZPxgBf3!sYu$mMZNbZP^pmaT4G))tA zOe$(t`qd4khZ{tz%7Zz#--ndz!!sp!=x5Kve|27N)&#<8{x3g#nOIC3lB zX?i1-K`khudd$TjZ;Ou*&-vY8?Mi%9*1CC;MjGr6WL7VVVa*E_im=4T3c2e7H5J^M z1vjNfMsaUjfUpEzaC>b418l7YY~8EWhSlptn|X+>;>5-)6kMQ6lnhv;`ORdwLWkLK z>a3MU|2yD78)9+w7e*HL_Tv0~GK1qtusFi8d_-2F@m@K6Imiy&BNtAnddPGJ&aOE3 z4n!GF0M#}@Syf4pyFEz`a|g*DHbP<8Y60Q%mfC#SA$h~FhA2LhqXBzwVXmxo&Xt!O zeyG~!WiHZql2&(=1%RI4!H?y|^UV8y?)~COM~J^DjFf)=FAxK{Yl4nB*~P9ki=kWEF6W~n&;bWdcD5YN>4cr#(e@!n~~bbdFo=%40W_8 zReQ>!4kXW1M^M7IqYVARWf4QkH)1Bn$r_4fUh42CL%~NZKS!Rk@pT#+r+K-YvwZPf zCvnM!xEVgPZ%B_9(ZP{|<=4zD-G-Q*(ud~qvB#yMCs~Xb4#&bRu8b4YVuL;lZ?B>z!#St-{F4UKD3o_wWq@43Kw%Cz zRs_3Gp`3~=@iO5hLF5YdF{eqESHT^W)Yz^yB0Fn6H&yF)v?>`S;;Zn=+-MzIe5_Ta zG&?ML1I^59!kq3Dju9&i%orb71t6o-z#z&>HEQ7ubSo^ZtfL+ar6ZRe0a4ZwaPSDt zi?2dEd_pU(I@^MfP-jbUC8iuBT8%HI4%V17$?y{xuG-8;@MJAS=&F2-G|Ay=17m;< zXzj4k64$yCijuPP>4uWh|8uTJA^yxfJ(u}%u8GR*7rR$EWWZR>R)2eWC@~$b3T;^o zE7e*C33n!f@&_IZ_bn~&uB&Xb!oI5%B_3MnGp^r^KH9ubxHQkQ1|ogNX9;Bf-gk#B zIM3BOGkso*EW0c7hbA?qW&UHSTBm7wgCO?jJ9te*RSq8TmK)Mluj2$Cr}9l573V{8 zg+4_Cz-gSy$LG@^!&%^;T;&kY2>o0joTK^Knf9D@M_b`E>jr+6upEe9uW!wTdQgKH z*Z~7po%Sy4V*LgQ+NM!6X#*H3AZL__v?rQrfvZ*p`zZHXFW7f=hut|#X!sZWF}R|} z}I5LU6N|~~P3rK5v_;>FNd&1cSiGTJ7-jRB|PV*m`%}Z#!VcI!MH1f7C z6lP-Q1k4H=(D6s`2V|Q7Y9^6{B*)lE49~^z?4efg5YeKN=Op|^$dp({;~>}stnP8l z7+NLB9M(i#8Z|jb-1wQmPOXQoRQ!qBGcfH59!S;sPUZv0R4B^#kWJ`gc?VgHom0Y% zl+>SeX^c6#gfEzJB0uKwnnC<2+U*25=755vjkVBVZGee1{D^@asYe5*e3l>dltU^6 zcp-2_h+JC>>A}mijX{_M{p+n5dn~#SrKVxa!E&mLXOZ@A?f{ZWe3A3!q#FJiX;fbX z8;iN4PyA+T=jLo!ZVM^_3W6d)^k&gq^~`uqMnSku4rN&)+1G-{gE5p?Dn$>E617CI zBnfi3?Jm;Tq*?C#02ezF7eqyL zoIIn@&iIFQ)qYdj<3%OJa2-CG43dV@=*9CFENsgR|3CKL20pH$>K{*O3n>&fya)wR z0<=&-phb{ETiHri7ilE|h4LoF@=}nOf)oN6OxY}Lx=pD9T9HTlJR%lFhz~_Wpve|X z6SPWzq5%soSYa+!2~aRXA;0hUoSC`z?rzc+)ZgFV=ikq#n|o)@oH=vm%$YND&di$*u&KAswt@tMKU%ti7=c)8XmU5a((kRHV`< zf|ZBAH^=iAE4we8_lO-TvG!i?Dz-y|szh+=(1^D8B$pKuB*&^FM1mj*?sZk5L^LSY zO8z&B$n+;RJ-ted!vgTW!0R|m=u}5dDWTLiBr3LVXj>w>tVCeQ>u~*4GTz2;{e(M* z8mAe%{(uH$hw}^5O_w-I=Ey;2y%x&ClK4%i`U7M`Y&&<&k z)f$wQ0T60yTtBCq17M`ozFXP-fNEyuPS|bbi}*^J zm9lC9=qr@Oe!y-K$`xakwk=LQmW4gJFH|)?f$iVM8wuiDqMe{o-<$lxG>lny>%pX3 zpW1lnDSG#S!4@VeHs$s`z&zRaFs1t*ooHugQ9I{pJ3B!U)zTRL_4^(gnfT}kZzWDIg`E4HV&u{bag4DzRM86H98@?pW-YQRBB*Xy*Y3Mcn1NS}|WiOU) zH8vcA`|#tL0iQt9?~8&zHiiVz6DY%N1wy)bo2!dT0>myvQL?g3Y$jt5P1=@}HzbO4-=dT0qi>^wou(ezTymGm9L8|pb3ZWVcZj_+i$0o7| zfOno|^&f=|EZ^gy*dCi`c-5_rW@W zs}|!so$Z$;vezgzOwf;GUl1nXNmdHU8ZTTk<%N6;7 z%N%x!U8h|VLOP<3j3((qlEc{|;$CO&$WEp2l`)pSkB4QVa1%PsZjMy;ww*-Rh+VZN zI00>pkiD?D2Oj1=8H%~KSPHYHOCztT)r_>gqgooGfq`$&IQgV4(m2Y)+0|fdp>;bD zA|aTj3yYy}{D@O`^ZEcCw z^haQ2aq<^!-|p-YIe{zY9M=<6tbK5I|J(HDH+dA#Pb9wwk--IMJe%yMheti-stut( zcGNu~E?e?j$(>M-d|3Tk+{=3jonT-aL=u!yMdXWA1m5E+f(bDd!GsU2BF;awyo$JU zN=!v?-v}xKN8ih;h)0T5MBeOh(g#ryL=;mItFYh{6&6! zVp>^3_0yPGu{plj`*=bzD2u|N=|ogvMoqQ7d?ns=Tn(fw91mq~AJD?<6MPsNw@Rh4 z*hS7-!Id`Mjrrd)ah0c{LWU6(HJ2)x>5XWIO(HR6x$JFX z^Q%}11`KKE;Gsf4oGn{ca=XyLoGsY9Z_rHcpB(@M0~f%tD;0XNbGM)X6um95D!zZm z^V%Xo!ayB){{jTFmKu8IGndI*M?Kk7RYJ{{9)%U)iT7_-{8g`F{yKd@ourUF?#fI&1rSvP&kmkx-91WUa2%B}1_V$9~fZ?Pjkvyz2Z=tA8<6b+q7w-}8Ts zjuhJ0CG*);Ozd|)BPR3h7#2~oNbX0|`jKj8#EM}}Z8hze@r2gHFR%qF@IxqBZV}md zRO(Ay&ZXgl7%{N;%IZg(?vMM0`efasj!fB) zD#?1<6UfPRY@Ra)mvM4-$=>i6R>J%J5{r&QK8o>bKYUdfFD-JbAL+Nm$d!JJc-9Gx zJl9?z=Pq%0!I_i3>TePUB~^GpLU>W+THLw$+r*+>03I^PXX4IHWb$UDkW0HrNy{h6 ze}?(p4ztfEvn2mP$>K5y#0$3_0lQ);khGJ7dgvN1`y2#Tw|F4SDHHkefo7eJ+(-$+6c(*fhef@rFI0vz3_~3h=!97%U-^ZOg`PgUINBg+c0~z zd2OQ1k=-bOLQqoNJ%`sJJed!T7H zOw;|CSU!xVyXTz`py?X+8c@>>J!T6uT|~cCH`d|HHyei}ny|3J*7-(SneEm1*-ZR~ z1l?fo1o0b$Hjk{(Lq~FP%FMcr>6Nbxg)J_ZrqHih1%(Sg6oWnoisJYfa1qkRALpiS zgzGiU(5UIalh(hjcS9#9U7lr@!@6t(x8rh>EW`dp6 z_*|8nigi$`%U@1bDFN@Hn>x~e(q4XZh}ZpaW>ZIsdIWe10XM+kVwbzP-)0EAmv9~U zTYM1^18&%)%HRqMl}ip0t_@1ua=IkNg8PM|xf6zXrVU|-Z;3M>C3%j3B^%R20+OQN zWhC>EISsMsyQEjXgfJ{+leSIr;L_i{@%QxTe>y$$DGNlZV@_;DnU|H1YA+wUO5|*S zPNsL%hG9r2?*Z#glN;)!;oKygbtRbqS+Bq#lO20o1i%#mCrRB*Y;k_4V=@F6VoON24NQodMwB1U`{2-XH|;UseabWdq9U0jl5s$=Lh9 ziSLHZ;oIwPZ-w|iwpo0KY!2U#heqi8&DS485ki5 zaVI%PO}h2{Cr`s)WPbE;cAsc4+WUtw7t+xN$05M}$I0l%!(1DJ~Gt>mw^(6+MbR$JM9lFkjl+G?qkQRpYk3H#W|-x$n~?sKo0?f7}jt5`*-=3-W4 z8hJUC;Nk+eLYbQn1hp~;VzH4PE$Nxs(ct{<#KNz4XUKhLg>wI0fWny$nk=I4MSnrx zw=V@`I7JuGp9Nsuo8{Z@am>0F3r~+bA>CY8z>LkpX8WJ}Q!SUX7;jd;5ZX!UEr4FK z2AC!CauJ9MEast7^D2TdQK(>6GRw8#9*63Xv9v@urx4W$`P)&y7}@+M1xG`e znU1JEckwNygC~^q9$fj3IA1%5Ab!t%x;H&eAT(65N|2=r_)HQ7D%e*MjH<_9(a|F9 zs008MLRG0k6uTe)MeDeDFCBl8!EqwWD3~lmxzGQ7>a@l|8oe1!Nie_>vo$l3Nhp4E?>O%XD9@JR(NH*KwX^<$frwLPdTTu=2UYYo8d z^=~plANouPyOJyOehB+92~#i3I6k6?*|`-Du#}PB2^lSl;q8Xe;7Ga@MfBc0f5o{R z?&>rj+lP(w2HD|)+cTCp^t#4jT4|^G#9CD9@a`t5VzY(gFdSl7{JZ}5?G=Lx7obj- z(|2{6Mh^l~2Q%{CET5Y!g z*vn^xzG~MWfG?m*GCQKvp@DsTxfn8sM94B6!yFS$j&cF96&4~DVs}q_k_5Wr`Scm81Q#?@C92MOrDMLxU+jzqVw*Pq4-EDbrDX3=^T|Z zIY}^Iy;bPUi=uGaLMh8yPb5|oP*~MurJdmz(Tk)i(Kr^NCM6|FzE-X0wuJW>77&!Y z+4j&u?7_V2HV&7QM%<#oG>D<6LrR4&wG3^>+?oB1wwbS-YCb8i zGLZ7-{G+W5=sav=M8Pk*PUUc=Av3E}?gR5$TgV272AWD!#cPvm~Q=@136#out*`&gMpBh z=8}k&zAc;AD|m(MTLnt$N>x&NIu0ZJQxn*rKd|TgenQxC|i$Dcr z08|Y5s39Sm|7?I2G~84b*NkW!F7hwf!Dx|RbjYl#U((z1c=YkWURj@u&CZapq7M4)e>{# z-oR)z1GM9uC1#V9K}$uDT7U7VwOlvuFMYZMDipRuYDusJqgLn$fAo^%BZxrB?#bm=J7@c7x$6^1`Ay|wd^s%&YsF{*-SANr||>&obT z3N`WdkSmKy@DCs?!5|c8ixp_iy%GBW|9!=7DB38{k z$Do=E!fJLZqV+rDk)I0lckrtUw1stJbu{$TfY~>MNjMm}!n#`8{0&@V9lVF}V)V5P!VFGiXF5J)YHPq2DncRcp`lOM`Rtfu{>Z`o~hMu|5;WS!I59kmZU3&T-0p zPvV>t;vAC5o)+&;wc}-2)kr)XwE4$ewPItm*0`qp8g_TEvn!uVLX&W(mFp!Nwhn>( zZz*iw&q-wK{X1h+k#I$r08`=9{=fv*8~JSnBl!>Q0xmXm+U~8P$*)}Of_m+iPYhsD z&}}|tbL{+eh9malk{;3r?EJ1lS8x)vI|%0IR=eC`iP8%H$fciDIHw!-qh+slnXjW2 zKssb>AT&h-(jC(|L#b0dqCNwO;UXnQ31EZp)L)8)d_wK zzS@q@-+c5fT&K_DeZ7t8WUvpi`K;x2{ni&la%B`lmgO7O%8iS z>XkMZY3wUim~C?!dP3SECpzbQj(fXiZ>C(;@eP&UrO=qF8B~GLLH%oZ|KheS-StT#pP)!mnomwP~+`Y?zcC>rgYf+u6 zh*paEv80!2(Z11&_S^D`&hQoexl3nmxr*CN>aU^)K!<`-&F2ibU$R?XRMX!-^)>qc;-^ zKg$#usL|;VTXxw`Ajf`gsw4G?%u3z@>VF{Qc(6{zZDO7^G+l*X3>ed13);kac63;$ zAZmZuc09fxgwp;CFSBvO3TFlIWsG@LNXOV~nzKre`BmGhO2*b9+#t3z6odxdd(%Ns z*ay3MI1sh6ur0Uu1P*3q;kX@Ac_g5%oWujWd&NGP$hkAoG!?%VZKjYI5J@rmZKCMW zkc!~C5ZT0DL2u_p5rV>Y9}sce z6I_z^C7PCO6iRH@mYtspapmT0l86xm&>%+Nv~Pz(=C7;i+|ye=TT*M|c&Y^b} zF7cIms(xzk>WTwOQuZ%NsYR3&Zq%TtXdW&Bq7^W=Zlg-CE(w5HCtMTEvAM8^5>1g@ zE*nj7vdu-|SngoS#V&(ju7E^F%MOuT+v%)os3ZWoczl6K*g>+2>;>r%?4Loja;c5b zAShGFm_%aUjUsK_=^XOdEbS&16W%}_PBp75#ss|hTd+lw#|EdCOFkmdFSQgQ`DAcF zIp`w;^+^{&9~Dq9l~nnu;Kg#uM+d(umpm?bpj`4Xfo=&ERXHihmV^FGaCy1p;{%%X zB?L|mlI4<9-sKcy>}LbJ#wg-9x@cwZkjB);Af@+n#$|Ops)fk1_FmYn{(>6ouNzaw z{=}ZQi}@%xQxwZlpumBqRi{yf!OqkhSU8IZAJ^Y+EeE$0_1od zvcWnKYcrhluj?}JqWIi8+)>r{^~9oR1u(23_iOwr1m4t8pVgG1*Nj;PccfA(;~lP9 zA;Ws{xE6|~QvtM(Lp5PQMjqw!fRlA{`)X%qyv&9;bdU1|-&{mM1`C_(Zes|gTu_yV zldKwDoKJ_}X6JJy;Mnzi<~qwh^GO~%l4JA{{JbP7JqxDcrEUyAor_t7U%fNm#~W)d z;wMkbuGIJzz~K|j<{AO?es&%kCbk4oAA$%)@O~!#hx_-sgq$2(KlVZ`_ljDUeNb3p zm?(Z_KEF~_G!}(EzGd!)0vlpO$T-K~6SI?{t)^gN>B#b~E;i5Ha<_C)M6it$?A@qn zRF-wB_|`SL{uUu`S}_hdTm($ztz z8?&_v*$v1VJ}OFcHtNk~XCo!kS=}fP!m8cwppPj#hM<`h{DaXrk*&;WqBxuEBmHr| z$3!YE&8(32CU|K|Mc8DxbTm06b)NJ^s4*rs^oO z&Cx#;zItZf06?^&SK@u%*(3pO1v@fCQ^-88!yB6n6hUqmVO1%H5`u%A3Sp<4aRr zQZ79%^Y{?la}NIMmW&&(b2rozi5-9LaJzCs`g=I^9%^JK59~)<@jTS_3sA!r+WF>w z9VR*7TuYc#yxaWkQIO^(VScd(?Az7IuMP9ddBBc`NCc-U3^*l$C*t2g8_IdZGWZf{ zFfznh&Kq_=VJbqHa^A2%5M~`FJ<9=j!*n>wCUp(^LuWp`K2#C&hK-PpWcrqS$=<7^ zw?hj0UF#b2xhl8ie@aLQykt+i8Zxq(i@;P+i9K1aKOqjWbhO;33 zj%IgP1((X{R`2e*kyY?YD_g|??yghfIIGN~J830$`_;R<4kpfrhk2YsK9sv_-C$t* zzvJ#Y4^>+(!aRt&yFO=girrm@OF9;`b`#VtRJPRJ)w7MO5bmy-J6iT?mw9*BuK^@; zWpH|>=W(&SYxim>hodzgJNrrR&f@Y?r6T6eI!2SNJ4^j2SWAfm3+e!hegl5XIIkXo zsupTwoauP+&Z}x^kLZQ1ab8_KJSJF&JLlDtgB*KAs;f*=00sXH3|p%vpbRB{hM7_A z8e3bHZX4%(NPAY=81J!Yk^qb6BD-Js3Un^UyEEPPJ?GARVh2(n6_)jewF3q7!8o{t zJ_&YMX!sHuc+y{9sjKBbP2v-hX?`t+$7(f`qz?bGZWfr!x3i?a;%JkCvF3ctI&5ZTv3_ksYRl zSuRB_>0qQFj3pt3%>xY*-BSo?j9PIf2_41Ni3dwUJZen-kOMUewu) zPZs4;_eR}wE$^cVs7pvnx2K}Ttu+=%(IZGqA^Uz=w?LV5W;&;ZA1i?Mnz!RmWjZfB_ePq zXk40`vn-doGb#cPVi8kL1U|Oiz#{P8wgZU346cl5KNX2UTGH((Z8${4N|Yjvr-3}^ zhwC6>2O}V$VOz^knV=rQHO3fOMKa?BYVEsj{FU{iNBq59dFTuZ4zcE?HOu^HxK+?aM#DC7Krir@5OD6QdbHl1A1K|wpbL01;zv8OM{?

zUIGEX2RVz z0HL>&vm^7}v8;>dcdnd|hsG>P!4`#3l*sNOxpPoxT0zeIn0H=*39}Sv?f4N$v)hZ{ zLZdV(Ezz|SqZRIWZNyzQ!6hUnzW1_luI#;V!$tRA6oqcTbjaQd8=IT9uKfN>0R^M` zFY8{zW=-+_3&^+oB8NV~rSb}L-mLr+1;&!h2>FJTG*(j>wQ%^M*b(6R-SCiZn11wV zZmD5qo-(;H<~#4cgExX<2dOeh#*kE-S3gk>Nws<7z$lVaV@Mo{emCwYj2b>fxUCPf0&ixIzl?K zUn3Iy%S{8D<@kl&lT6jS&BVs+bXKTnO(!HGCmWWsCt1rZ?x5T3J=gGEXft(x+=y+* zk$}j_uiY*8lBDr5nGIE5er&&ueaf6iKSj|IRE3|rp^L3_VKs0GKqYbeJj#e=1kujZ zy*k*Xe|upgZ@mXOeF3ynF{4hZD`FH!py-j1OC70t6oiI@H63Tm&;BwXTekT%*#aUi z1`&2`hIYsI>nAbmUxpN|DYLuBOC%;A9k?|fMuTUAhl40O6 zD~`h0yk&>4U#HPGivB5>hvwqJO+9YZMkVVxKo$>7j^A8O+B~ve#%F9_J|>oSd~yW3 z@!5TS5ua71eBe22bTA;Ruj?eMRYN`hhb@*` zLXAIajwu6QI{pC(+&g+55ce;Pp}wHcT}%@f>BE&4=3TW^+EwN;jns~|#+bKew|$+0 z-vbD2o^ZcEZ(Db=CBTpIwL zC}F=p3}4BcZ^Ts~%yuSo>v{$+X@p0=zG*$@}q-)HBi?|7~31!hC{G6jm(`4^Ys`2fm zvWM4B+Rb=Jp@64Oq(AT}i(z{ES6*_sZRk>3Xa|hVr^ioinV)(fk+IusJ&1wNC%%ar z#U5CYdSDsWKwOCj_u`i*B+L*&d0*9b0WG$T4(fzaipy;T@+O5ucevP(9*zBor(7x| zMq#clNud`Wy&&Ngg$D(z5Yq)!wRtk8N*NFBwSRIvN;kS=lF9ZAdoLx!iAxh z3t!tZ63#0j;j)sH*(E7)z8o1PsyeaI20XB#ADxF{cKU+ya2w*Bp?3Fty``!Sx2D_EyM6L9&!3MqHsAP z3Kt_OQ@0!@7F*d;Z6Oxb;vpJQh(ZkX06vWn&fCT)PxfqCH>EHjfU2bzOeB&EdM{_6Of}JpblHxE9htHfm5wW1Fp5pVW(B+u# z-Te&G+$0?h-P&|{?y}FLk>1&nT19-OC8O6MfVL#kTVOP`V0U5~@&FE9WA|@}Qg;S* zawbE?Flgb~`k>mu>kSCBh$F@I;&bU4;O_$d5d_exD7WAUs=`N6F5V#N0MXsXIEeZ2 zE6C=|uJKwLZ4CS|dB&@H5lue3-wTG<^^`6F-Z#gI)x9Sj0# zLgbzT7$UGlR$=52NA#wGYQ+OnV-6ZJ%~0Aj#>5=(7Q|CAa)&R>=eENzWM=ACfg>`E zG>C}WLuBM(*%*-yQI5t)0+cm~AbNg1nAtE!#2Z+N812LDZf#uobBZ;ECOPe7Nh)PrE@p_=t17Za}p(y%a#=Se%$YfjtKusmp z=hCPEkn-WT$cFq>kgFemzS@y&v0+EWHl1%zq0a(>#xBi zuM_RIa|4FIB&#d$4!niC{|hxw9guDlgKw4oTqoZUYw~4<#HN-q!a4UGuh61?Pu;Bz zMC?JDoVr_!p2S5w>vOnJHgf9j#g}9(fZcO?%&K^&{9|S9!xpOAKk;f7XL#SrJL${b!D(%x0W= zkUt?jEhkvd-=K=XO22nwtdSk$h=LgJ07*)^b(r&0{=fr*d+KSzKvqp~a=TRo=XTnhl?+oQHgcp7`j3P0`MUyNljpPK=6Le|kFjmb^ z>UKZ52%jzq4+By+!S!G`>pEFCH_ZOJDB;-Fu1CNn+ZMy_cB0r+PJeXSWF3k(;w{u4vo+5KF#PLv#0u=? zf;Xxos?glypC}3v#`^we7I;yXZN{pB6Ot42hR5pMU~Gl z4~g+B4_Y7#!aLYPgll+DRWj#CPI;jj%-ED|FF2hjE6la)-_eUm)oue8$VTvkfy%CY z*beFOWy*F3UmmFJe?Mr;_Wh}}-a@c%tZc&<*=lJSY4&A*>B{=3qFgc!`5h6tUGn=5 zCekhwJmL^4PnLzRBfv55Ugre_nOc|;YS_AQn@iTn77@64xhu(0^C!gQ({b4_-KDB& z?W^XR;0xCvircou47!IQ-PZ3Xb~n3;G*k%+>^r$ivE?S}pxloa$8YF)EQ)|?q+T^O zyMb{Yd8!8X*YvRysh29JAuPO4x#1l5Dv?V+-`+~c882xsWw{szNuAUZ>9*fLXM6D& zmtWA9+x*Mi1ps@x{Cq6`0vB}kj~6ZerLp|m?b$5ztjn*D<^R}~f5_#}h~+PG`QLH* z$yol?F8?~0UmeT;s>?sa=KHuTd%e}RZt7e1oG1m1Kg1F4AZydQeDTzm0g#(a3SjnB zRwfgGy=M(Y#BJX?+~KVW@fOSj(z~U24*bd(P${zalu&=BOrW7(z1v+H%{ua`%@j_i&`#{jqX>1YBFL950l0^<5h)H}^ctx8ur{J26u3 zxL7$q;sz+@de|WwOFRZ0t+kf)~7WV#fun(g%T|4f_vq~NN@n!dE&uhz- z%S6gu8!P8yI*%(??!-vB<6`Ch?qWf=D_4#-zN3=^);@dpNaXyA^@Y*&kdJ0KAI8U2 z^m@||)qnd7K!L_G@B}NehidL{3G-=3XyS}-xkO$ZPq2KLQl%-?9+ON_fGPZ!FIBBD z&ENAWqcx@He_YD^ysxh22QE=QPtNM@_9;m%IO8WiC2djN>r=+r>hAL?HMZ2xe9Cl9 znH{Fg(3HXh9%h!NEPc?Y%+{2uCw)q-rsV(ZQs&qDhRk@`C(ieY$v1prr%#MPF7}Bv zuX)HNNR(r>S-a(mj|SG$BH=&zERK>f`;$pY!kr_`)x?T1KC!u6Vv9}esPD!Th8Lm@ zWW8heF5|+pM#mp|rC4}6>M1h(C-sKM2SKbqKFH@05twTK{7{K_bkygWi+>j3n8upz=3reJ}M z!^n1-p4}Hn+lO)XZtHPo@GfMy>y`~dBo^kG+UcFO)wm4et8^#M#T(9$^$PrH#r(Gy1c7laK;c$oF+SL}Gq+u0=~w88V4ozh zpwm5C*?|FTWPp>i*uiT|-J8kxabxeMgHea9s&J$vli!pv+azw95=}GPCK|3}0>u&bS84H@|N%Lx6Hgv@q3TZ#a-rweeE>$4b@OQngYl)+}l!h(k+p zbL)iyJ?vjBM)F--p1R4@H5Zqo*4ElYWSUiUR2;E;*=(M@7AH7*!9i_fU9*|D4~jTZ zuGI1<=fz?MePglpXib0pt4q|#_?qm-%l~qB#8na*U)b@9j;{+H{7q5#$oN9l{g1CY z7WxkyUjy?qdQCCdWq04j<65F&&f-2f_4!xXkGd;qZQY)5n6$XhHRvepM_b8qsvmAD zPT4ba+NnsBMD<6qA9-n?4=Ve+e&ZN>1%#Q0%Dm{T7BwK(Z?Ld=r$(YX^DvWlR?*FO zNT45HtS>I#m_A!sk)`s6ayI7pHSQDu$*)3oH#n=U!fh!dW7#v1-4$kcnW3@lS;19` z795^q^s=#A?|t8DjVONW^dwxj!hIzM=PHW8bt&BOF}PW7Ym3{8S7_y(rtj%@^!x)F zJl*#F5t5n8VE_~JMLAUy>|rr>B&Xwv zx+agch+87?xi*qcbtEt``#vfv$uj<-F-~4=x5YGOvtp#G=4kk$d(96YQ91Tm5>WOnkoCwGOjRk$Wrj=Tr~GA9jVz0Ajop(~sHBf3ZQDq;pxw zpNr`)Av0tquo~OakFe3G!IgCWl%oD>=nhFJ(?ukqsEcMukHAkXUG%alu>!iN09e~a z1)*vIQ2Q>*)K0;5bQgrRvBM$)!44~`jU5)Rt#*Lg_I9;Nm9}1}kC7XdNs)ey>bolR zPp|qP)p@1$JxlZl=^im3BKx$o+P_bZ|RP>BOOHaO12rnU|m zZz0L4gxm5X2PJ-v3kx3sQhe?KP`M$aGtVP0}oB$)lJ@i zhj$+o5}Zn++xll3?$&gqNthV2n~@D8C4aue0N;Ebky2f(EFc6lwG_`wB_|_3&FiK7 zkWphKW=$NTONFRqXwWj42?BMh*0M~9B?3-Rq-HRxic*B2Vtz&fHx@!BvhuVZPyE&@ z;6XL-3g0)8l~Zn-fV;vEMN~@&F<27Pk^tFk^EXQ@{|%L5YKa`4ldno!*+8d_Pc2C_ z+@o!UT5$n--4X)ZnQn9;u$}WOLC6-fYd(PIN7!}ZFg7H{uKB{Q#bDQB$F5NVm0E1s zHNTi$!3iAhqW?BS=;oWU8HnHsT4!vr=SinVa>r8`$sJE&7ILBIc=ggD++%qJCzqdb}$bs~%68U6L|B*k38to)6>G`9858JV`9HabXI9 z`1FGtQvw8wXvZfnMtE$HdqQJ zWosA+jcjY)@B;$E`S znQJ{TY;h&-ipy-TC4OFMU7mMZG|d&}yQ!YO)!A!FLb@p{pn5P0XA@^2HPNPS_Cr~V zCi&spM1XRf%G(-kBz|}BjQYx@iweM$Xi5n_Wjx~Tg$X(NWz@YqD6ci}UJ^7}*~A@) zV3a6kK{ByN(0(O~HnBBm%U3RO_a&8M_N)kg5LRVl?-zzC8QjP##mb|V>w_a`%R?1c zULHz9@FTdCKaea{I-+^xC$mE2E77nVd2?5Y*nxowxzSAH?FEfS&u0Vx!RjYa>%G z85939s2{*}78&uK-iYtUpyk=0sSfF2N`;SM7{ zAEO9Hyfy65Q_eu`QmZkZLaQ;JLc=beGCr`89NOH_YK()?YK*7QYK*6pL(WA802Mi` z#&g-B#RW@|(+-LwryUeep&b-Y8Sk!*)9Ua6g)6tLx+_ai%_&K_q9mnUdvjW$5&+|A z3){S!>$4b!;Fckbzz&&;80m)&HQ0m>NU*U$w zzS0^$>LVYxMTuUFLL%p>;X^p;oQ-|a^V?OT zFBsU`*7b*zNPLBv^rg}rAEz%AUeBX&lnxVGaS!wwn)j+?O7|ZG|Cn_a|DYTC$6rl- zRJ0juFkp?>BCk8;_zrhV+*ZIxMdIrWj@r*>8!j6!o3SR`jP1!`?-fdpTd-;#SAqT! zLO=J^5X#x|b2nK-6=Ew^!Dht4W|(ipz-CymS#hvg=8_oLEDOe6s7R$X=J*&`jRi}` z!O~{$7+BhZ)yBbU&07yfn@|fdYV}_HrQl%KEVkbhKcB$<+=2X1--&E;{7$tqjz^sh zR~8hX#Mcc;%)3W34Bf(=&Mgcn`jeC58+Jr5OT;v}ixWnBxr8=wgXwmkTt7TuQ#kZi!dKtj3R*}E9l^ne79BkrS(7OH7)ftHairPEdKf;0ZC z&n}f#OleK>w2L!DATvgK*%~IW6wc6h1BNrL;y>AW_KYi}91bRh{+c5AIlbmh?uZnv z4vOLJ6)Kn*Fh{6BJfMa%W|i6`I@Sh3pzD&!(7OvQ&Ur`9HXN;tLgZ>ao)EcufK5Oz zqu2=}@PD-2(W;H-q=l0cw@txe3EkPcNMubAa_ZI{GdiCMiV5Z)_q{Li1on%Q&VVBJ z>#AV-D=i$HMMY(r@y;qRPOdA7IgrMg(B9dvy{3qAcg|~QQH{veZikpNFkNbUG7Gj zyy&H(J8Du~bT$Ld-&J#eBJ&ZUnC1^+qcSV|I3Rds&HW2f_xmer?0Fn6ckKS}DO!vv zD|@%ay&*g1kuu+&F>>n@Ty;W1xcOW-ZpZrmA)GP;v=GP}N+ehdXATc~k~A$+TMgPa zl0FDq=BZ}Ob=$1w`KkL78SNjbS}DF0ZMttk>OSA513`^&$uF+U-qdmzdE80MpPGJr zswI*6jF!~veKJQ{Jf1glJ>XQM8`t@{^z zZ?XDp^TPB3m8?i!wp!ceZtBF+u>&dov_N3>G5aID2??DitqLU({V05EPGnA24GxOj zb_OM*F|}-N-LiUM)?Uk{mLZI-BXt)m3;u#1WasfGkvRgtwt~F7dc(-M1GE_7gZ6?B zy^RB1))(xADp9;3#VP8*E|=V}0t}prpdLSfkUex63<7~GY6yYS6#-2KKydR&hl@bq z8W}=h1yB)eJzdwJZV}s}AG8iEoLZp#&zyP}1z)d%+T9h%)ZGOg*@S96V|h(fg*QM- zxH~G3Y#js*TTkg46h;W4TnKcpv>admyBCemrS9SaEp=DGu!*^K_tKM-n0FX{rH{BV zrj(tjD9R{@55TzzieJP$SgLy)Jz&{p1Og;Q#*vRdfj(}Wvq6W4)2gVTA~+2li_3zC zBo@w9sqLW>qcL)v5`cGl(UIUOyqbPN@ja9S|K#Z>F&!I{2vZU7skrDT(ayG2UH~$U1o>?3w@H%aADo{R!3sOwNq3a+@3>+LYl|CvnePr6{+ADk4&=le4E+7^4^6EI z_KBiH>3HvMo`1k^8!L*18{(oNAc}(%3s1l+#}=oW*YF(U-=K*+e-`84HWS+=$)c17 z(?jo2Zj)Ge5ndh2_lwI9n%EaDFCO^Lu=@zMFh=4*hZc49waR~3@;}ydV)izVz7Q-#jGyuH>AYAx# z3@y|$g=;HOdf&~JzOK@mc9?|WOu=j%oClrPp|qiN1s>P14fq$DuG%itj9h6UbFDdO zi{L%yG5UDi_ghlHvqzRGZvXLFi>khzRmYu8^{9=q!oM1C7vUGLtWtB?ZXp`5&k7z; z^#un){5n$WSvFI*KI9N=ld0>4LuZV%99nNVgyjA>v|c#0-f?KXaEM>vva)+Bswou+ z?uC$F5^Xkff(QwmRYM>Yjg~nfiYW06%?fHz8ihFk&;t~(#6qrWk;WIep@4)>tU_bQ zl%Dj=BW+bLN2;=;P&k6a0=`p=hSvJxPW=o7Nu)-Nez(l^!wd!D!)%;-4|~{3tO%SG zAi7Tgky>d-cyJS%V+Fx+m_v(&`oXfB@FT?JL7VF8iz+MvO;-XdnaQryr%=)Oi}B0s zPr1Pv?I1ZsT)yvUDcYeK9XnKPAv30iLjq%m7XkfYf6M0YS->J~h5~Um_nS|B<(t}P zo65WJD61Ua@L)nO;#&A4B}vDBdWj~lwnYyC+{`XkYU(jiT#xM)_L$QeyQ9aD%~9tM z5v%`Z?uKfNLUH-3ezPnD4qSu^3kI8?J?3@ZWWbF(UFgzupuL8qo{sDW*mwk=yMj+V zo1SQ*Mafw!J+q04GME=u>tL1w^A`^7p=~%*-V$vM@*1kXJ%K>QP5>wn@(_HB!l$KH zYazP!iL33AGf%HDpW4rMQnVp|!p!KP_?Z<`RRjg1VYx)07XM;eg?V+~I4*(ub_D7a zLai!-l1cT-2-KN``d&Gx6C+S#t^-}QMNq>?*Qf~8v4lFg98@3s(Q+b5s85uGdNu-; zBGk4;P-3*o($V5NiBJXfopg@nsz5bGaP8HCHnx_7x+nt0kE5I0il7*e7EFpjO=FFh zmxKCf1nN9OrOQFRg?@6JxQtNy6+v-63Z95S)e>scKJhjR)IAZX215O=9274|a5XL_ zRC5s&*%rv9DweC?CDeik&eY zD1xdY)MF8-4nn>0@i-@TCe-&MP)`wRO%c>CgrbS%YJ8qhcNam4O(XM^r9L23eGwF= zWxc7>LcK|-GmD_OUl4Fv6wz&SS5cv1Cr0#JW8FskaZBr`+#@k>6&XzJ1wZ8oZ0Y0p zscSsV&%qPv0B+8Ue zx>}MbKtAa_Nusp)q%TMkMZ+hJm!v`0N0LTM5O$P5&*MO}ZV=Wa++M?|-A zJFk(w zi+Sz}K9$UUOq98A@t$_>V+!WJF8skPruhx>T6XRufXsb-aC0A@G4~M%1lihQO)L0L z`%0RNFN8>|U8L0!wjt)iXd}3wZzr$Ab8g*WLN^TcLy=14YQqRJAaD10J|4w$t^n6{ zBi4f0%%Hs(Yk}=Bh+;YY?iOhiQnFW9?a`{?jVP(=Z;Von-i+9ERlF@!2pW$Ddacc&=NzU<=wcw^@p! z=ooBX=?4$OZ0>fnUn#=++o-U<%o|l7HcB0u>+G(#Z548OsMEy?(cyPwBREqda&HawbM( zgq^bBYj1GF;dHiILWSDBrf!;3yW=a? zQ`fRcW2HX8$>1>1H-kpRPB`}KpXq_rVlN6l5k0ZRz3b3hlD9c6_zPMef;z(Ix&M)Q z2kvVcjFMalH=WcTfxtdI@>+868LWJ9kbbD58K_(2vlQ@&-I~bkqX<|dy-x7C4Rw{n z&p-#+tqW4OdIwoED#z%SVd6q1=t89P244V}+LHJMn0ap?^DA#?;GwV_{(JY%5^?Xq zQ*bZp!OO6fFIEogL>ZEb>iHc3e)4iu#U^+tD!QqU-cTZ2;A(5O{sV60Y@U#1nY3qX)7k3AIAlu8sGD&k@kb9wb1_>kFX13)ow>~H@`0Ydz zeL9j9aZfSGMKuT)vpl+_9+RVx4v$JbNJwP%Q$otPPdZY!Vf^$3cLM_86_o_%%nG_! znt{BsC<(BNfZM+;i55gk4$l-4I~I^tzRqn~lCzgovkMMD=X6kOk zMi!=6igUEtW03@$xv953Z3b`{=Tf(2%(jiG+k*c^>!k}ZmV%vh+IQkT0Q=c5p;I-w zzZf;_%6|)na~~QF-J{tjAA6&6EA{2*;^-Q|}UuiZ}Jn;Jc9Nxp4Bzko1A= zp*G}-Fw};$&w%hk=@Uo@BQKy&*5$Qkj<}3I#=d?pOgWTNWayFGiDE zBs8KG7v@rnTr(2CNG)2~TfQAdwWJnC5G;%!SlAx|y?9CX96*ijT_~CFVV6^IZSjx* zbVS*N0d@9%ydJl<;AKsK#rwa}K7a~izh(l6ci4|K&Opk5Gy2LxrOt{NE}Ys+=5=?c zV5!9b6(61PM?vJIHj%KcpG42zD%zJ}gbVF_h|o?A>ur*LX=kDT-$;;o|3A}681?~; zge|t`i|qqAb+^Di=*4`th4#U32>MU452iRw#nTpM-Fm2ia`wTSNJn;FvOk4ikkW-= z#NaF12U}np3`eyc)nr02 z&X(=K-=cgbxG%h5<-}tU_zWhN9%jQE{sY3Yx3Puxiqn5whK2hY+|LlSK0>(}`5K3e z&556E$>zjQ7NmaSHz#h0i+J;*TTvE2!mGnh`^DAlYkYer<@rRuiiBgURA{IsD z=0RxDhu&bJ_XQI?1*v>+xGqH5=*<*oKZR@0&>YnMFI|6yvXbq-Uy^0eCuLjL~!`$;u7E zb|@nW_qDk$wuTj_XYQu1iQMool(0O&geMUxC?8n%zAYsl&Mmkcq#39IkEE6VnA~HZ zqXGVIKB%VqDb4}&`pXQo*+|bF{mzAq**!7uSnNZ}Xv__HtUK;^{sgm}XK|nC%PvyL z`W6_NH^?T42Z0GaLr}Ked7I7Kd<{c&c4Q0Cc}VIF9uv?roX6+a1AyKkpfeok(g8rP z5YS5;=$rvSCnGO7THu{a+oT47-%UUnfx>@guK_><+RE(=LlMx|_}UK}+K?CgOyE5g z?E}Cs5>QXYZ3BSL6i`pa#RGtjLtbzQe-7Z!z65P|UVU>oU;Cl|eX8|#MgmDwhYSGv zw16@kNI)g}rys1#02+K(;GNUS+{4#?;A;v06@hnA2Ijf};M0U3FYqn|!JIGv{0PGD zAn-0e!R$EzyrG8w1Afx&E_lHNeC>z+7Q+8T;9X>cd1wIm`Gl7n`r2LCgJ~Q9o*^H> zi3DhOF%d?t@9T%2(S%n|qzjlZ2MvIqODhfVX?M{S<{wDwuf3gwf0zL6SGlqJ_yF)r z1eDP^{AVQQu^-Ye6VR_YtY778KcJsMUT~DayXX#c`~dK>!3UM6bFtHr&}hAI=<&3& zzY|>bapbhMVzBoMEWeL1=Ga7ur4clAmk|0LLjR<=$Tbp$R?ak52+y z*hV;ZoSH>MB){H{1YAwUCj>S}!XcR=At7~te@&vl1sWkCHMCG?${WKW`C2w4ga{-g zgb%@Y!cqtcVIi24ZaQwb2}FeC5e=K;+P{0 zpzK~kId9hT z!A;h3H9x+P=ptXXL$8ukIfM8@KDJv8fK3C~8)-STuO^<*npSRD|`WGzz zDGPXd!4{EEpOAO=hfM3SQ4lw~q1e67_d#93Y`>N(#&wyxb$yA38X(QptuxPbQQeA zBnV>y3b|w@7HMcV+?soU6fk>yYF%Ox9i_R{I^+d=;&E75M!^3a7poYQe%0`A!F=`R~m(r_;R8|C8kcec~H3I!+ z-BG9uUq2M+G5o`t2d%~v>cTmYX=|r6rMk=wC>yEn&eqLVhtROTL{_=ejm3kGZ($L# z-t$>Nj3XTpSSDcCLyyU7D2B72XB5Yi@Pim2wHuy#5+S4E8LL zCZ#HI+PSe3?|^4f`<|)8%EjKSc`sN*g>TM6;mo*G{h=3%dGI;rOp+XY$~Y>(hcf3t z$=TiK2$Oe34jLfO%KS}80Ye$pGDAYnCj0SK&3H4p-??#`L8E#_{URXlAynUIuHm4S zsZ;ig!ub-%EIU#r9EuI32aR;1_3`kv8ca`wucOiQXhXU%BS^uVd|H;AqVSJahC`L^ z_dQ-ogdWyTvt@y>BDhV;Ld&)h1|t}71)QJ4z@;Y@sJe4FnSpSan`O@BSqWg$o8jly zb<6nGEGQN~fLV^7aV)C~iJL|WCVsy{QyW*CCvHV`)b5{+)SI4LSC|EDW9!0qSoy|M zR@j*$( zQnhJX7sP(8IS)b-t$ycd^|t|4rp|apVB(4ZBQ}#C%yn-Qr)_@gWZt)gvaB^V9$Q?? zsOz8}sR5NxaE;_cGDefEM!n$|$A!R?THwHijrM6W5A}x6>1{kja&X&NVrjk4&V7wT zMj|lt^w(bNTb=qD44rB9?O%oNPq+QbO^y#g1M=#OS6c?6 zLqi9QZl%Ts%=fHFn2!vMNbLd)qzdePCrT-j^bb6w#@#OR;)j$$yww&CsfkSlMVmOJ z^1!pTL+TOM|UyM_cNq+!lgRVA=S1pQvD=U9}~Q-9#YNy4yk9T+5VYBYRHEE zht#a6$_^>c(mO%IFoibCB18f_IkMzUR}Mv^%&q6@Q7&pCbfngWlT>WpnNHaU8;hnR zIa;JwW<+PHgLRatZKyG(4jXE$2;`euAhF1v?9QduiY?fkSojH&23ru~YjU%PYtEq6 z=8gX?YZP_^ZYzz#ZZ{RILp?AG*P6GRX{8aB`6nBN-J<$0#KpTpQP4bTCDXSdx9dm&TIX3sFlX5H6&$nzb)`9gWC|y=q0lrpvC8%dyq!?jMz`2 zXKAw0{-8)Q#^3{+Q_phOGc=)E>~l5LbRON*Vr~^B2#$!5m#A`?02=-XN;*<&gdlKF zZC^E0^j4=+NUByd0+ve^bVgdOg%Qt3}9j~Svy7ME zKqwI`MMRa*RByjp?6!)p=~kqi#p?UDKhYe>PA=eRyJ4NcEefoVrBMjH{mSFxG}^ug zD$`k}BhVyKNWA9%U6X$MRi-ebDSh+Ww z7q4RGU75P&80b@3f2wnQYPnut&oL_9@viVd_IkSMZ=?kWbh*^>L(oSvd(4j;-a*5K z31~k^>Jwj@cpw*Hg-7kU7$*qYcH?tv-~#3&(};05x2XY|2tA^k>ONYN2-%=s%qV!XS;(7 zsXa@Lf|HP}rYYxczh#6jk*Q$OFkr(}AR)h8rxsvTJSX)*VMvoWlUJd;r@L3`Op&|j z_D<8BZmTL~Z-;wt5Yc^5W^xtE~n@A>L#7$L{PjP3yM0vdi4{H<`gV zhadR7_MD{K+kT%6_L^fN!NfTQwFV729$&PG?}2S&2LE_KbB9ct4J;s+dan$V{2mz1 z9mgk3$cy%qV!9jl-j9k5A9T;))LLDMgB`#>m78j^Ek0yw~aunBOAl6z&~ZQmHprsbj!GK2nru-*u9}=XPTf{Pc(W{jQVtr zAzB${!zGphhvU|##}9eZ4d()|R0P~l6wyLa`fF0_gI}N$D{WMDcQ`yUezK9xz7ZJB zUqddMLR?ar4zh#XD+ZZif6{#=698JzHVCXg-z!TYVvCd;VXp1J+z8-zBLee$!#G!; z#DzGQorZnzUIS}g3GS}hS8(gSjdrY=Mqw`G-w$Wt1QD320wQy@lCrGrG zs?3I$-o?AHmiy&qypUBcUhPF$9-5~}pYu!Euf+ZS_+B>T`R*^m+wh&gzK%Gh-iN9VlvAvYDcqK^ z$-k{c2op$ZxEfSU!SIZM}7BtT$IoLSz+gHmcZA zR0!s{uQ)fYCtk>W|GC$Mvhz_l&evkBu}1d>$_yxLn%ECz4i3VHO6(iHRLx30d1I6^ z4I&7~e`dpM4E|p6pXhmeu!enrTdJo};kj=TFrf+wkbVhIV1OYMI#u4mwnRt$d^};e zOZkp^0f$5oTSq;y5uwfk4UGae6*mQ(1KpMC8T-_v#;!>WNU0e6)CsM(eV-biw+`4# z3_6C4Bxc-7@Xx!&;GLIV>yr(6NL26G{G`UbB_N+}d0=Y^;0+4ZBzf~!DWq|WLK>U( z*Q0*;re=rp=cLmoopuTq0c0flrO-HM9na1ormhoi!n_*h4YrF4#a)DiXcy6bw)e_Ms|KDTZYWi8S4O+d6v!q52Bro=5&dCh||b(_wdpL#d3=wkqBIjuijKHJ_ERuVuyPnf<5OLU zhEIB^GE^dppTLb0F@q26x}%wCG$?Gro`RUCL+G*y3`2CfYW6#n zmq;7ul4#-p8Iq(^WCHkVn8x0av~yjW?*>Uu`((6CeaM)ql@|wGPhRN37U_~6Y%}(- z0}?mWc#vupRvi18ztxzlu>BO8qc@KhFrE|vg}HR~*r(D5y}?^n8_6Bn8S70CPABo6 zjG!}rxz1IM`A@jzshWKwvL-4O(uAxhWn9}vG{=1W1b(-I6>2-aB*?_5MVjziFWu8r(4yJJYvNWX=9I*NmH&QNuDVGY}Bj{itc zUvRW;v9RSK#_bc?Q63{~!1R&02B0y0q_i7=9m#RPJvkseumoQA9Pdp7`|C z{58NQwHBDcpG0;oC?`oMpto+9*6|!KmnmPzHYIiJ;_B#O9sEgTSL4^#fs4G6P+G?| zW$F-8ITKklBO+)@>b(Q}3yH)C%B&n>Wl}CIDr~p1uuCH?acL_*pSrRze20_?)A+Ge z+$a!BlTV`xP;i1)FTKn0iW&yTYDfTKh)rvVW0TLZ3bwh3U-&(Eb2CjGyi^qMauY2i zyvPSleGaDd#7z#Y0{02r^iiRtt`|z8Z5W?hce(R4{DqwJ9&`C}P!TV1mqEI^Tm~X{ z&=l$2`IKV4;X)rHeeOmUEe3^l68H$#++x`TKk|A1{IMhK{?N2mIa)*RSfzn44eepc z&(t0X5f#2tEezj9K1gS~J=8HHeQO;j{`c=z$M~{6RZuBA2v=pvail9FO06NPRG=O( z@rkO1%5b|1LlR92RM%^J`V8CCV)x^UH1joFl&A59-eVAx7x7=!rw(aI`W}uD~hqkI?Xc990iYG6nLo8>VCmNqOhGhwsrT z@ft-};QSVyNx8Jr4Tc>Z$Dp-6rOXu%TNhwq-Rk>396#30|0`Gw>T|9yR z6^0OYggKV3MvIlJWd@rFznzUELUY*bap8CKHkaAJf4W3UJmmWWAdRo^I4b|Lqo6ZP&21Y-HmMZDb4)FwHJ5#c}h#hKZ+*Uik)1o83v z1di~wax?SZt7K;G!OWb*u0h$Ec{&_BtS&Y)m*=Woc+XwM2?u*6W#=D$CQEm~Y*0TO zJ+VpW5~?1ZrFJF*P`95EK4-$ET%+RtXPQ(J#IB&)t#V6n(C?GIHeqTt;$rqp~?*LVhs_& z5vt7K5RU__5mh0yg}Tw<@VfCoL-#wFX=b;9LoImOHGTTV$sy^B}Axr*p3$EdED+G&*A}%fk;gb=}jw z7>YaA7-tz9a|V!Fm{piR|H}S?-%$$~=cpEDPC{am461$9?tJMlq=e``<^= zx-(IGK;EL4N*hijf-yox-A#R@zU$L6@t9M!IW@>AYw6}wh)o*Q$`P8S}ro6Z?c=!$2 z8|QNs>_l<36e`0{cQJs{_mh`E-#Puky5su_`*p%ntCi)wJG!s1rw|s)^N3covSoJ! zWLWPj$f80-)bL>xa?{qC1ahr~m|2yK`Y)^9=0xMP^%FF%1FG;T`XgI13 zn%EmZe@Prr=qPIAF+{&c&O?`B-E8VT*^i0o-7{1j+DN0F+#4J)8fi2|8XSfgF}U3! zKo+hQixlCPwLkwXCna&afbt4#;Er%2_E#C+u`KXepy(B5jZHsjjlD@r%ooGfEH6t(RA*e@K~?K)J*RR0~rDi16QS~jCm z*jCS8mN!(wYx&Kd{Z&G9Kank|q)(CuuH^DaCGu^l<-gE2W>3`|OS7AetPTiUqBBuZ z-EI~ts@wSmq%^t;f5m|ojemqQ+KEknQUYhE33d*yaQ9>`z*H;W3 z*R`X~oG&vfvlxJhp>3ywNEt$%E75Ky-vkv~G?u--YYc$*Ys1 zOzjwSY*_oz(b`{y;o@o+GY}LwrK)xpG|`1c_ZL+8@omR;D|LhU0{vwY7f=>H;!mc1 ziny6jQ)nTq39^Mn30NTPDVxEvq|oTCv=D(xMV7EvK@9vT1~8Cv z6G(aq6lAHaMG(rO6a`ER+=g06P{e>J0Z}drI#&t=s8A5-`~99X+wCw z(A;OvnKNh3oH=vm%%-6hw>eQ>Q^)IY76CDxQV5kEfn!Dq3XL9NT4{u79w7q+Yn$zQ zwj~G-bM+aB9)HiRa`^1ll$9`;t24jfi0i(N{qUf=o!?`>8SVF?>B!<={6H(JHLDgv z)QX?{(5^F`^8)1PZr5m1xWVljBw+6R8Rs$xJl1pX19`wtE-u-h+{eo;G(%w0jikBG z0&G&(FSCnBbr>1xTY(G8aD7Yx-Z%;$1i?Y*XM*4)tqz~U!O%p0WyyX}Zx9)@3+&MN zL38JKVRlW}833c8wuSu>{MlDidvdX0Xp-@2MIh+BGX zmY&%cOcYx!8ARn+lC2$Be)1+8Qkno+Zs7IXB@&I%V`&C0dB zOe6mCyDIfv&F@@h8o^ze+645(`r6DWT1RHA(Z6xi!-P%r_d_&$`$hlcQ|)n-Hq;#J zYsIi6*NI;cIb<%I7Y&xehR9v%wJ>a3B=UcB+u}hBWj$;;1Z?MX%fosY_H^{JM89t? z+IlHddGvkRaOn2SRlEK^tbc6M7P*Z-VGnk?a32Z?{bL)EM!J7M*!le|1#bri83hlz zQ!P0Y_V5&3QsB!`(;()+>WKdh{b)62&h8kjMH56vEOe#%K_@oWk9uE!+<*gqsPX;$ zyDAl&8dp&4aMHHjp`8;3-F%w^N2vP2EJ;TNwcM1#8L`ACFUJXxO^GJGoAR9aye=i1 zTEM)N4%9-1%y~F-k0MH1S#EZO$`+uiYFTL!U{X&RCv26>Lwyl^8M!-j+=bMytYJ^a z;{zKw1U$EFzGqXxZoj#CHz7L^vZse_7(hM?E7%+4h|P8cZ!isdBuD$4A8PxFEc@Vy zR4K^t=H!SID$;!>{U*jIdaASoh+gW0C{~OE=DF>i5gN*LbrMkv_2vT}Q2hRi9nZlL z##q^I!{eBl{7tr{GF{J^@52>xZWV(M=Av02J68IY6^19w7Ne0YwPe|ZSbi-M;~9*| zW%56_)Xg;9FW^XD2GWut*TW3?wrl2;nJ?71qTr}>aOGqXt&?{>C{vV1YYWK`r$i}l z<8n7wN{uh2PTp=aCts{3^tBDLF8EJq^|cMepV=1pRU)6{y<)cfOoo~I>L+sAth`8u z3HVG^`DETSC&={x3NrG!pKubm0_WY>b1}bEvqm@L`Bz~XyEy#NII8|YUr#_3y!Z#Y zN=dqom@pI{)ak3QaRv6(^FXrZY`c`H_)qAx&DIag;+_G(8F={O_KNVeQS_DRYZFxk zR9MKiG&vzQA}!sBnI`4`=(Up>PQ+(Qh}8qGveN*x93Jg{qTZx$lk3CJ5yh<6va$s| zy_g94TrKNW(LuQ_D#d&!5matF<5#GH%Xt}crfP8%t}f6j`%?Sr|Aks;u{Dw8``X9^ z|04|TP;Eb5H`sc#<2KF~Axge%PaE^uYP0U?HtQsUmj6BcimGjMEq42F7YIxsNy4NLF{9XhX$yBr zAhk`phtjRZR3?-%2j%e#4>oRunFvw3I_C>Lu8{Ho&Y+?KzYmxVLAlE35lZ>`K% zqWH<}Fhy>NTW;R{lMHd-B^u&}%!N1v?}j)`@2y?3*H=0hijj>4ZK#b4Zdlt}3avIm zhY*LxA-@!zj7O+0jZp0oYDy#2IE0=iHdaYa2=QpsM?@pU zp}}8jr&X7>TF}fM!>@hHE85ldjU}t+Zz+7SS|xcP#1Zf5C$W-fgm|=p5m_a~qxCBq z^-0)OFA?v#e#9}9Y?Y7LNQ8JoRU@Ji;?Z~yZfWib@o3eGRu$M{N+!3bytHhdTP$}e zkUefo0YPh!pkI=LvGH+pU%;wYtS@MjLn2Wf^$Hkxcl1T30FuF}jmsTU>kd8=*7gO_yXoPsQ zwh_??@o1eRq7mZJW{-$Qh({CaSi?^bUrX`Uo9D^AgsHcC@wb_?DF<1#`F!p(L`UojFLy00fD@Q9j8Qh}wv>T`0%~~U}Ooy+yEz|_51OBiO)wm!+jhkLF-%B+T8`R8@6R1)ZY2x07mlT(it?W4j2 zpp4EgyD%#e8if}AeN^VOXHe^>Gk9s)t^htsCW_W~hOx>V>jw@HqR4`|)1HXsuIJpaZ5B?S0 zY)dmf{o+breKYNmCDSa|*Phl}BUjVJ`E@86E%pQ(kh*>Y!vm!%>Qcn$ZEM8=S6>J8 zi1L)8pt%YtQ3*g|`S+dW8R~_)J|U$`hztVnZ1c=yzzp87?!w<#pzWu64AffJ3(R!%JTW^XyZiF7{?eW-o(_+I#M}LR=ikE5lftJ(td4+RMOGD~e^E^u z=|qA5Pv!Be|0nW*6ONfP`m>dXRX`bz?~I%49;+V7?&GM&?w7Ob6T&PN~ zaVrIAS?hX;F0exaggc8{p=2 z18}|&HGonr{^%20!0!*KOwT{)MZsn*H#)4j2^Ad}2`RXQXs=1^A6BR7P1HIgJIJyH zp;`Q&9@(ghcDLtGVTL8snKRv*jeA6fin!O3GZl;^L5JLZN~QZVa+ldBC}m~Qn8}H? zUb~G-Um`K>4GNvL4Rh6Gme%WZG z%Rd|yfs8Q-V|5t0`6V;4f4zR+TS@(RfM^x#$MzedeRP+kCAuZ0QsgSX)i^8LW;pmh z02pqydlALrtMrCVdw#?dhMk!yg|g@|Kjo|?3|Ugw1Vgy zq)wkQNH=<~y2QB1?XaE!=~2T7=zbo^s-&Ex8VAKxsQJ)tJ2#}}bAsSHE+B#sWQS$P zAUkmG_7AE4v41{fh2Ejd3hX!3E-+qe4&|m8Rj88t;h6t?mtR9%QU2y~v%V*g%3tgB zBiU}KOIh*SsKWoIr51YsAxmvNM#zJM(5I-+O;LTUxlWEgoCPpsz*&ICT|U7f`0rKA z>tiWDkAte}v--Bwl(;we@i?_!(4zT7t5khe!Kka~T#*^yLouPpV)S6PVdP{2fuGhS zDg`x-FzOFO!$D)DEG7AK_BUFO_?naqeZCv}9>fSq9O3|%EaQ)Cc%zfUmJ+zSImkAV zQ7|{^+@ZOK%%5yM|R}g1GG56m~TaONW}M+OZ=wG?>|e&aE{QbgtjiA zo$$XMvUS!VjgQ3GJ5 z*P8ZZIIk@u@cI_!wlTIatO?o-?gYGYeYlgBay`*~CWUvDV`wW6ub+mdWzeSp_Ta)k z$v+qY7zSR(pAx;3i*KKGpSTSSrLJDlu{cVBylNrvd*h^BJ(P=&T%ZKu_!Va$-%U{XrQ}}bhE9!U`w+&lAAm<6(Fe3E-st3c)jdXA~A`<>vE4q zYNSu^k4#R&U{4ppilfjTlIlP~t+EV4yXe?gMS{5CI=}pXtdf7YrtBgd1e;i2v$qBj zqx>R^@xn+LH@I7xdJ-5eqy&<^m>(cg|6MSRo)4lMIHDbiEK#vrIE)iV!r0bfOh{n3 z^8qY&Eh&}))@sSKlTJ2+xU7KpJXUu$Eb{AVNW`rzYgJr@dFG;74U7Cl-*2vT%MP^Y zo)pT#aDo4`OB$nipT7@oNJ1|5WfnBUfbe9uwm#m$lLKUt5h`nDk+P!rp%^g?lED~_ zw!I*M_blYvsbr$LDaH|rHRo`7{@~sNb76=wUoSZ+%bW)0g#+{fvKy<&Ny=2 zAePg!Y8#11Q{(E>Wx3J%e9Q5s^|9+OmJ4skZ(A*{j}BxU#1gjgLWg9vf(6&0;DO>% zC}cR>r=u}d#tF7R3$_EYE?H3ARj8hb^EEFit(PKeWBt;?v~u#4GzG7fyTNBn@ZC4c zR!*<$XT4}b_1b=Sb$-VY)J6&``^Yr@#9U3tDVm<{`-ceA-uLe;Y9X0ujp{E`sbW{{ z>pqqMne^6m8^@%&h>v6_ykKBgcVNy^`-E9=S5}wYh&LO z;`V9e$9>#Vd20@I=i_dZ<=`wO%15Moz9>kMno6z=cfpjS%G`Lgh zosi$PEN!oJL+#D7(5mCvB_s^L7S8pfnT4*`WV)U*qZVOtoLeLOXy-PEV`RWy?579c zUg0)}b118l)ODUgu3YP2kbGvLAH@#&sRiom1ev@S-=2WzF<#-&S?odc+NGMsynQ(^ z_Ev8DQIs(SbQjqnr7tS8&|!369FP6=$fQDwygqlYS_odG<8AJJ13Wf_O9}RUtnoGO zrPCYwnUvEcnQ1)s@%wsI)S3@b9eSkp3W0{D#Rs5oQTgJu`}hMIUE@Q1KN#%{i|u^m zv{9muY#x~X7NtC7cHTcRzQ)#TA`qn|AS=W|3v%tYTc1ILwGNs$m>Z8rfwc=OsO=yq*p3qf8PK_w$|lm|whiY^{)+WC@A4Sboxlmh|V5zKE`iU-pwbuX~}Q5~5mk zs2hQ|+8h+%Tu3$@MOu5Y$j8j)tnYCdRVKsmYBJT}wijFN*ilez`Aw(C{pQ9N`4*kMxvKlk^7;P`3jL5Sa^X#NAW1WcCvBGFwFCh`M zfSv!q<%`-E;f;wr+}hXB%ks_NE<gzLMwDgW} z%1hVXrw%SUAJzn%K5p&-X3%#KC7Oh?7X9`u>lDsQ5>aS_6Z$L%MGYZ{UbDkrv3rZ> zSH=9ekp|_I*(-JMoU0WW+G7wxd)BMyXJH|XPN)L8bx=D2{_`doy0ltWQ%jD!>JdtGPeg_ zbEEl8ov6B1yLJwARs#Lznh&_4(D%pw6$5r4qJ%g-M*g#aqdj3Bn$C);yrSdaz(1@1 z1xGi3u$!~g3H6B7_AVjc)MRHZ8Ua{I3%gN+G|S ztHGl@?xuQ){O#j?{`w3^!g;lmTvslVbIny|mShu3kJws%*Cn}Ho)SnmfliA5CUg5E za{P()n+Eu1PH+e!sy;PNlirj^Z-N;d0M6se-atjZejSOAKHxHiHhJ^CclatNu)lAy z+gjF#Xgc(Z#nl3Mj{Ah?hOWGNMf-8d6x_Q##ieMk<2+qCLyuD5e5W`GtIRUvY<9;Z zD4(A%w(>a=d}-I{9_aR(@@%JP898!(v@D zsXX9qYXG#9S#Xt$ZB;w4IJcq*%F;27r_nvbpI=|K0(;|ME@*n2+jdyJ0h{4ZKc3S*AXt)(?Vz6*)O{&nL*ZeM5efX5U*IJ!jBx$xCAa4U4QHfJn?gT+Nv;8}6HZw^e&%cdD%!0hi*x+^M&BH{ zgk!XXe)HB0DFIs=H~=}{zd!i?^C19zn2U$A7h7~IR>_l^2;7{cn3@R8bkJPufEm36 z8p~jS#&Jhx_a|EML3paTasL&x&th|jO*3aaEqV_syg96$(SL{)xVRGM&zsv*{zmqE zXyWS|b9#%7$PI?;??oI&z;u8u(N$jjV#r=?ZXKSz+WaJuy)uyuRpXv97hP||TRQPx;z!SF=aAM0%J4NhE)Wdy)2Y1Q zai5&jsLOk_PvRWs&)>A}*1VSs>h799?bTv)`ox1xO? zEtiQs7-Y+^o__hpA&sjY*yVU{#buQ~5vv{R$!f>Fvl{MAuXezM$svn@;uVZFArr$q zJ@OaE2JW7lEIsl%dwj!usMmbRT*I%#@Ds7?6{80jJ-}E~IhYUkT9_%&u}{ zg|pIQ6+~Ejmunx zPk${8tWDv*q=bD-_h0&EZqz`hZr@I%Bb--ii2TutzpN z659;g^0>?$OOz>IUJhM4Q7+z0XSvDvoe>}YSwzTp~#ZDMcpp4!9y4O66^0UX%mX zC4VnC(i#3gP4QJa}9Xc6A0RQ1P%ymb->dG{XpspY-c$@_@YK0)3a{@q&om58_^NhBrW zx4vbIup*`v$TeonW>1xpG#D#$x1$D0uZKs6MAG*^R#MXOd;vZtf~{DO;rfPM#ay|V zdEJQF{JWy~uoCT7lMCjQ36yLvS0z?elM5=@g8AT^Qf)hAIk&$MG>FBw|&<2YnD>9!v(wx zjaB1pp7{~yW}HXti+O}jhe~Vss`;Z|OZ%gh^hXh0_ zFK7stjxMcuaCEu2oidMnQ)pud@sR3@_Jb0M>kjj)BJ8y*F0;;7l!(VXw1H+Gq)wc&?D2`^<<)q9nwQGsu~&Op)$+&d zPcKWY7m7a1dJ@EIjyw!Ss79&>%tsv=IDiZ_b_)88yqLI&ZZ>=jFLfv%KHf91*E9hoW1Nh(K51 zWUVz*lD*P1kJs9+g)(OrUT7IIw;#@oY{eNv=Ick`Lw4P}^ZjVwguG@hozHr?CAerC z^Bzpsm)^|F+T;-c``mxeDK%NRqRM`BhAcP)&{2aLUi9APy zJbOwW5%jbqJJZl~O-PE^nFjBc>=Z_3=j=fG`D26~ASc*)=320`a`n6-5V;COtS2A` zkP`iOmF>m)jALk%ay!p(dm(WZYcC#U`AW#>Tk1=X$4(YKZa*p4j@5v|jXeC@SfsWv@Q} zIz55rMziqQj}Q~XF7-t2S3>UhznqDb#q9?q__~VfM0A{}-o!ysO8D-C}AG$(0vz?sI=1YAZ z0UoE+zSK=Z_9vzx`*!K2U_)2Dbb5u%1UN=vSvwb#{_6=n7gUILgG6th(@pO@)O*y;?DM!UAk0Ml3%)}}8o{E&cN0fYZ%+T?Hp(--8V#InBGg0-M zL$;T{hHSimE1}cA!G0>))F|P&R{s0q(mZ#yS{3uoQQ&o!=BD>l539Yq?LxkTcw#5V zJhTQLjsXuWKJvHtf&uqcS1U2n=I|a?9B5FRo6Oq~7P1bm;lEnwRF;?`)n1iSr%<9EO2h{hR(d-%;!}5!T{=D8u<2l?}kc(!C z*0Z=o-yR)#ShxNqeH8P>e?)GGi#G&+U;WE3SjN3(Y%K|p>A_!$WEzd<2OR-XooKPd zZ+=>09nyrK!D_xzbdI|X=~ElfzAJa*J1sNbjd$MoL>n*twDLL-jr z1LwAlAg`pqHc!Lo(2)`SwG#7%5{)Z!gS&9xkW=1%%-Q%%5xHL3{NX4nLwf#@ZeN){ z=>8gK@9c!jxA>XCR$!{sKEXDE_!DaLL1j+eS zPqPdGl~T3d*;386Oa{e-&vJjDxCXGCu^7>S-gg3uNL?r3{Qpm(Pw>q?l|HS_1FxT? zPb;5y-52IvTQ;W6#8EmerX^U*Z#(4|LQG%O7H~#mO z^J)6u3y|->DX+(ZW-L7f@;XVxU_0vHB{m^?UxhI|;YB|aGX9JiS1zzxI~!byz+C+7 zQ^@OsrKo=}Q`k%mLxR2$q8&YKaT^r5N2L3T7nqH|VxG%87?vU@mu3s{SBECrNqdf= z_yEBejiU)8HfrOkz0(yi$O&Uz);+ZcgIvWhLlJJPDH1S^;NNj}f>10HfDA-j3VjX^s55wfv|EN%3>eI5|D6AT-?p_zgrotW-#Xx^v| z-ug;{R@83K0YX~V)egBMPJT9G?jI0>@~IurIc~$iS(2<+&(?vi#rZuDm><_`&a|Z@ zI~O!d0^jx&M030ET)LC8Db$RimOb5P2(@f2Nwj9t-w!Qn4Xmej@2ZNt$mh z*v9z844-3$zc`Voz*frq>ltMDDKZp)%zx(bpIiCQP5g&(uOgQcq=83!{RqXWA3gqjYCRq1rQs%pV{B*l$N69LJV6 z5@G0#Em&CoC-%`g3ywTAQO)%{h-J?FDe?lDnvGTMNVC7(Ae#Lt>PP=(*m!>wRYp{{ z{ZMOEa%E8<90$-oA8Bl()mX7=<>)?)dsv?dUWUfiCzaz;s&4gWoPoq$E3oNY4#o}X z{iX}k)!?HnMvTDTa+_+>{43tOL^q%*Vk}}BFT#~mx}&#k#4WA(jR6H64ci~LvSSKZ z8O-oOqh&FLQ-ngQ5afKjq7qJ6e#{Ma>>P#CzBmFdEE{$YZsJh!5@4}HP{BYQbn9{R z2ROOfYH5FK$nCG-bx+n*#Li{8Hb(*Kr>2s+&{C6d!KNJaraM$y9Mpn&%|MvQ@Cy?e z)mQNet0D&rJ4iIU# zwRPgY!ZR5dk~1{ow+i#0DXhJtsS4 z2S8*1jqo{@gKdPjylpZ46ENg>hn-Et3%c`%z3V-S+kru4t)jAG8_0@*biGpJ3H#?K z)$fi~sNXIq*tO$#mH(3Zu}NGv*8N#-=i5KzfT6O%1K-XtR-bzbSTbsgp<>Nv6p;Q` zKAMfpZldI;8yYW&@8{%s@6!7JSC;+>?Kh=9)bBy%7W`rPPPG0&O|gAoSRLyJ!R2N? z7r7U63-dI!U@m$J(1?ORh3ZwdVAg*WCV4~(z4v&7?YeGcw68qCv+l)HVt<>JPq>5! z!;#zOW}ubUVxX(IDGtg)^?|jiubLHzzw7Wxz5PZd(#lPEkDH5bvqu!QJv9|=dDL^* z&lPqjGTKBrWm~G=8=q2iw9d%)B_`~FJCSKMI?-J6)}tX^<< zJp)zsNJhu+>S#_Uv?$q9oog#*ahlWp2x*z$t@e)R71T+zP^B z)8I0;`DAfzmu-AQ!5{S{ky;Rm3V~+@_xCwRN3b7uoQiBD=`x3)C-pR>#+ijo?*^n? zZdDICszZ*FMcNQAS*pR1vL4axDa@kJ%d(Roks>>$FG=GGE^B#A2frhc7uyl&PLGSh z7{ur0AeCYMCdS8+9E}rLC^zii$P10Uh9~-kI*+uPQwH+yuyqzjVYI9E5*0F!w-Hpk za_2bktp4N7rL$3OKZWI$qdbDw{YU{7#{D?UK++tB5+3hh%5IN$aPMRF;~js-pZy>2 z_zS->eI0}NOOc`ba+DWQ-wku5_D{dB*KZgu{m$vPa~{aJ-85ZDUh31)%jJ#iBmCns zAHvKzf%unLryypaxatW(VD1xQ;TcEwSp$&|nGf!@hd^y|xkHdUavg4^PsO9fYu;qt zDF=l|r9U-Rr+%QDo(RV{O?3-wlI^;RELZn;OSN*7%4G-E&Xk_YJx{4;7B<^KDYIa$ zK_4`|eGk|JJ@4Ymt%P>X5;Y3MHN1EBuvFTrV^gUio-50w%7d$xa9W>1G||@-Nt5xv zl!_)raZ5Z+8%u$#FtJ=Y*m!Ck800m>+NW zty2z|nOa*6u3G96MTIJfzFIxJXiHHgCIMl9e{%AtB5$u>?6?&hAl$>A7UV8r6xb~J z*B?&Q>4K7iQMFX%&i}rSC#l7(yf0*2Zx(kvcKlEZnLG@%mIH~%61moPAl19T+In~t zOJTEwu4nC#n7q2=(pmQo>6|Xet3ch9#jNt2u-vscyLeRB)#N@ir}NS=O@I~aXiZNP z_~Y%8gbV7Vf>yTc5DTQE+Ukv#9k;ARq=d~94A1w!AW{ftt`ss{ZtFQvT5fzyOkuMm zvoHTYCbt0yP;ZI!a$^$v0!5lXA4+Xz*S@Kzjiqf~#=O{p+Xy~00bU$|I|x230lqZ? zcM-gY1OHLHC~Gw6?OX;h|3jDCA4uK?5VkPDwn@W^0k%dOHah2N{(ZL;&DsEaDh)d^ zzxI zq+#a;*n?@2fcwOyzA-8)eGeUU052zU-KM=~~Nx*uTY za|gV3z;3eQVNu36aPZ!&{>d3ZH9@(_y5L9O2~Y`T5c7U+08Ov z*~!*YXHKzP(**X}6t#UG%QUXGSCYW3jsPe3G1I^f!+1;0xOYuC&RP}^KyqKl{WO|H z=zfH?%;bM|(mP~xkF@Zffk#_XT;{(=2 zS}|;hZG@3fgZ=EjTF~R^+j~1g75|7hpsVrqEbKm{3WZUtCu^+Dq$0F_B^G>DJ)bgn zvCW@|jW(8e9UA9+e8<7EGaO>&;0^XZs_Arwzr zVvThTg-8OHS({5Qvvyyt&5>AX{S_VBoGpnFRh+m zO^BMq65xs#|39&tIWxJ9`kjEfxFJrca4IW5l)|%4qfA#?QPdsc~>~#Rdj{(qs(XY!cu?TW&UJSbOFp*aj%HL zP3)LejsU~Xu_;n+QkBf#hCKX_Pe>Lupc0!uH>_|(DK5ckrmN`^mUYi|wx)Z7f|m{E zn4kYKBLN-rMY*jlxSC&1&CjA4{Z2&hDbhRI(YqS-KAHDtW8RO6Sy&a*ap7LUbU2H` zRi6jgcd^v*oh`Xgp;~g#7SNK1)(_PmBD+7{c9n+>sqc)4z}MCXfzvGkjbvHx`Ih6M z28TJ)KUh5!Dv&x0;fulgSXIY85Ns?h+W+h$OocIAxe{K-wK)wpj%2crd>JU~kqsxM z;nE!$GTdaZxo42OH`y~%CVRFw*Dd9{iW<;IEX) z?uaG0J3gGVHOzi%=3u`k{Tb5I7_<|pjs@Q0r*pjb5^@Ai#OxENcmigo|7-UDJ7)i^ zP5)i9f9u+zV=kvPxOr=94JMHDlaa%9nETz%Z}}!x2j@{a9^t>M zRb09oXkvU|5?-yJQ;}~Uqtnsd^umz{hS(uNelF*FIOZsu>{6od-5a`z^u0C|qH~mX zg-8PWUel-Ody@iD?R)KuRVuC*W$UnFsQpZ5GHxQm7ra$=^0>DC)F}6Xv0&>fF_2=9 zn2vBMrOB`E@6cHBw4-NV{VwhSGLx}BB3txw`|9>Qt7c(T1t0k>Je3Jpcvz`NU+Yof zz5eeEDb*hTnNIxW%73>LpTYiTz1!m-gm-)P=C%{>nCirz7hQ9XlMZhoc<}4zVXxm- z9Up1vbNy~r2F2DLN_0#;Wi7o!I%bRSn7e7ol7Nmm|5J2KSq&Q=JouvwinpNz)EkzD zzfyzZw*YYK5tm_=CwSqEXixI`ZyGmaq{xZRb$AmQ4O|uLdxKRHgskKTt8QGMWh+LEXZldGS@u5}nECHopzpIeV6I z1e*gf57lj1c6>&Nps*A72ik$A4hRTmLb=_#vt3zEJO?hy%~!1L+NXVmP8piNAsCvu zgnI$f`~4b+?PuT?!h6^Fkh>N7Gq@j`{*UZlS{Sx1{obrs4Gi8M{mQz6Iv^jHtc?%d z1iY)ToU*!nY$U&3vurYkyBfy)WUse+RsDQo+(W|8@DVogz=`FOkT?K9JHSg^2 zWYE5rWJIklU-r-B{*uOcvst{qWY~TxyTxK%kg_{einD2K6C0@jEGwR?$=rYuW1k?V zxz*$k0Fv4G8f=P?`BVm!YMdvRfd8 zulB!6oV9@)it&=l@qnVa3fOej$Q^2?!g1kFs}H&TLg1)in(=}ceqcc#M-e`>7h@pe z-$^}|s|BYPT(s=j-@rb9&lZ5<@NUgF)5Xp8%uZ5}D-OynT-BJ5E|Vhr(?xFVizH%W zjVtyT77Jo-<3Z%AnxQR_y1*Deg{t)M4Ue-&^ zH~kf&Pd(5{+^#zAiOJm!1LkMAz@7V*Tb~4dZfmt-;~qO(9K;4QzBbkq1s2{CD?A~d29ozk1h-ydZ7KhlV9Y>YW%$iDcp-0_hD1Aqtjc(R*@IJUp&SS9!OeL>k~ zzs59i2m6KI)C9T9+JK%1L)cygsT;?lbdU%VBTlpZ+gNE<2ZknMeGfZ0uSVgCPKu4r?taAh{GQt!2>n7U z44Knzd3yyOPS5f*V8E}G&4f7F>8>A9`>z|+a7sB#cg33H<=K|zvWm;j&>Hb;_loZE z_KVk(@Ls^|;&O1ydx{=?c~s9yfbP(rnUfg>%OCB6ylg!`4x^ALYmD?wB7p#m!;;G6 z0Bi3Tjq5wC4u_~28bTvj0ZU2ojjn65gzbQrxY6|^tx|O9s_T3I90sZWkKE|GiP8ms zwTr6p+x%%AFm_C;wEfzUP;seMRuvnJkX-qiy4Q8rb&=nnTM`W3>q=SInwcaHQjzN% zjv>CUcj&07qT5|xL?%_9ME`20{&dY)hU=1{W@z`$t3a4ng31pjP0qEoA#Gyrm}U4h zY&m=!Y!aS0mY#GO{xX9kRJ$KF?g#xF zqSV>H_53@z>xi+LOxMJ*jc_yQ&w=&kScTkqEc$25^}bcw^Ll*a+yrgA4xB1OTvU2B zcLglG+Ri@AM=Bv-a|w4z*bFLix!eK=_cwIXzR68|t{*CH9q5FODBbJr}xqzQMVf7660MaUC-86V?^y z=NjyninLw#_px-Ih(gJ^Nph=UyC;5~5dV`Seg%lT18KHh?1Ke{;egM$Cq(IN^a_)xmYG2fHPi%SBRg*U}R;J z0X|mgLDb=sCtTBh81lH62&_iz;EK!2ag37LwqQ2k1??5lwd+<2t6S}Q!brXKOAK*jcQ$-L?z}k# z{S!hMfM4}k*(JJs$U zr0YGO`M>>4yX!(MB$S!+kN*gBe!iL1FFV$S;zN?(F^A3D_lRoT=alJP@@l6k;He^h z094&i75^{_zi|}qCk0N(RS&2GxTp0d)Wn^trIahtk%S@b8WFi43qwPW+{q*-m>@|< zKu$Pf=lclv#iKaPN8d!Qu7+2#t*?As(eYJb24+_sGW7*uBW{|6B z9m7rZ7U@8T^n2C=I0!eq^3lko?-0_byIcdyOOaNj8ywR4jHS3XWJDCG zJ{2zbYhtd;N&jhn&x9{-_ zrg858!~3K);R{A|^YFEyh9@vFfyc9=$O~RX#GG;9E||`S=iF1KQ-*M);N0?2oejTt zw-ni=)g)Ak)sVOuIfeFtcKr%VQq8A3+!uNR*+KB3q2+W#6s~F)*fjhPn1`K z)S=?LbOW_PtPWf0MttHd@1DQ~nZ+9g73Q}~fPZwrdkAcEz*z!(&jBwd@I(j9323Y!SZx|N&SMZ|11DE0T2y9T9JAQ8dGzPP_IP+{crDk^yZ);5qfhb|EqxBqv%>{ zq#<)9omL0lTo#ptx}*Yn{=QR6#D`=c@+0tE+bW6txxhy)$}7GfM2?xE7x^tB@?{p; z?8QSePdTfkyMQ<$pqBa;m=K9Pzv&#EFu<<&FQ<6i~StO+gllCp-rpi`5u5HY5ryA?n@G6%Gz(J!FqlxOlg1*-eA$m*z? zvJOt9-2&2PS~POQ#JX9KMikKSI;RK=0p~Kbr>nTC-*z;K%v%3D>5A?dO1qmtkY#J* zp6DZ-#vo>f`xH-BzyLL7zGzHR*82oPCy-D=)&~V(!!Q;m2Vf0=R@T!X#Dp1l48X*q8E%b(&pI%9~=I2(v2QOD124|wwe2o6YcV7`14+Y0M>TD_@ zE$r}6sl!oN@kTo8kSpxZ29f>wp>*KySY$Jem+PKoQDGuze^x%YT@lK8?JZW;OQq7x zBC{n1x5YqA8>kx{3%|3X^n)8CXyiPXaP!AhT=H|RuekXGNgMKT;A$!hOZ4ad0IVZ0 z(VzbifLjol=+A!(z>kLjOz7CM0DPIiM1Nj8JZZ87K-LH1Wq;m5YJsM`0f%FpvWoEUnBB;#qqgJHnZ8jeL%op z`evf}8%-`MAijh37eKWA-1dN5M5~h%0ym$G;)~RO7QQO}^rXPp;Vf?xt3}X%TXUsVtzCZ!z*7KBbiy%lb44!pex!neIen*VJzU-*W-lsn z#iuhYB|LFJ7%F0?EKOIOzdGSB^}V!;?e))4gbxGU@g87^1bnzw`vJ%@pzOkA3f}p7kt-^nj6hA5o58nxEhE~Pq7gt43TcW zy@+##6&r0^t=AhvQV1XWtHG92#a(|K!i`tNHcfxG-0}fmj!?s{ry@yQ$$}&}&$mT6;(sd&~Zgb*wLmpw)zKqsfpD&bi8N5nN7Y_k$SX$^Fft ziLyO|$N_rX%%Y7YDQ1ED&i2e3hQSo`w}3HUG3s4Pu8k=uZV)8#KYtdYCL5F{D+q!t z=63`=kS@~GuM{J$m||{Sf&G2SrXS|bPW1EXVePG_rPv4A+`5wPT8iBwvCBR5isX1D z?e!ng$Le(Z|JAp@-D@LTNrs))%D;R6*C-$C`I&c%&g>R!0#VH`!$B=+#B9qnUqSY~ zmTA~a{J42#O}vjT0&b~K!s`XTB)}Q5RRKx#};w8Fkwq;)=ZRtqqF_TCb)#iKePns_f2YWo-~MWYQWo&c-iFa zER5eVKg*$Vwta^(`I7^QftS%XKayY|HXG#643Gx_v7Mwcv<)gk^TLIS%skKVEK;#7 zf=WxE((I}944}FoRIRnPgl01}lh1}6``aAh*$!QproV{7C8$t#qurW?!Y&P2S0@`f zNn~ZN4v=C2kf&YA`I`geH-!A$L+%QY2MD>*Lmmu}>j}wvNN<45B;=bO(ib475^|`A z{5n9U5VDttyci&R5VD1XK=3(;y%^vd0#4JK{}5?dcU@h+fmVMs)C_wg%$gOKERp=; zP&_t0lG_^L&97g*gmP|h<>WUAkoyR^$U`;{kZTE~2Zp21p zQ*I>$oa;#9oxzP#(BBn^6H_uDRCq(l}i#rIU;pQ8ZB)9(v_V5XDGESETcK8Gy+rgR_rTpw^> z|AW_kx{-E}b%wkdhCGPxQQ(%={W}QJ5Sv$29aK3UsG^#Sxbc!T5Ixta*BSEZ6{#hY zKP2$>RnMDqJ8cxt4G(S19do$Vh#Za~1nBG~wI$*a91lyzAexZJNbtaq&F=nk4N@FH zgf(_|n{eUtbc>XY*YW(!Pr{nI0zMv&>K_3$UGgAOU) zzo4V)D3?3rz%yfrQFy?|Uqqf=GnQ&tr+sbYlohVa#Yc4n8KyUDa}E&JsS*g|q(q({ zz!=q)nV#d5S`7s}^liRh>tqRt6FGiTe}nvcb~1L3~j^V7vHGSoAd3?=Hx6f>G;}a^hokeI~fpcx7 z0-*scP1hSWR4*IKJ(jU>xCEKiOK?6)1veMs-@b;2`H^dQSj+4oq`MLSiY#pW?Zhbn zOPTXwMdmv%Y6n5%%yGti^Qef^X-DgPGW4)C>BGevhciSTJVShR2@F;GVtbfkF3>GB z)bPq-7)&vj?!u18KG4zx0wv4;!8=EVT3 zMZQga1zKt|`RWCBYW(0bIde@e>yp&#%-ZO*wg#L_M${|KPj)VCR>GJg{_f1B11#5V ziSN=U*ZLZsMJh&ot}Kl7(#MPNhJjH)i>?b~_v*-+`kOKbZ$r7VF;$4C;FwLy%!f1E5bb00?98dbFe=k-O$}^GeKUGQKgjokyww#r!hf_uj?BWh>@RaN$YGy1 zv;#F0l4NG_~8Be zJA;QJ8ipoid+R31j;wLLeWS;+raY0!Y-Ups=xTU2+xjd7N09vLZURhraq+(b7?`U> zCFnKJ{;ov&eE!bWnP0&X1Rp?~I&X4r%KZFC>%fJ1Vp7i*Kh$|grfc+Avlp<6JB_9g zo_$~qSIliF5Z*^G{(uHufQ}YODA(|8S3`SLZm0b2YM5=)SpFRRMuq2#X2?&>Q@U}{ z$G6Z&aOH~-ngJ?Pk$cK)ur_B>&#aiIThJTPcD;~+&boXjf~|3EiJXfW9nIiIQNKGl z0H~loE1aVhqDKF%EyOe<*D6J%_n2fO(puW@WbVdh#p2a#5AmEn&wmZUJ*k(!vd+@M zwSS27MK8`hEi<_p&#IsrYfyE=-;?n!@uZ%=Th4Hr11bURGIK+P)urNbw$zz*OTl+V z$BqCm;)KD}-H(yFt50b*S3;x^#Ns+L`=bwVCBw5aGg!1WG1ngf^AyEYg{9#8^TYsPLq=q z<-1|rA0~HgG&X|`%H{qLw0R9$r_KC^RzR9LlmEj5)GEku*1`6C3J_UAJV&@E>Rwj7 z-+ogqGWiRfbdD;44}p~xIr^zEh<~xe-?0QfcrPnjeG1+46ZPqGOEc1^$*}KQJ&-K< zORe2TWKN?9Yw;)Vm+4(*`~HWbQX?Z?3q)&8d1_|n5*h&xd5QUn?hlm%?J|Nx&{NI0 z-U(g3lX0#7FTPC%O2Lb;g@E`5fwn$>_B?!)Y9cHn{5M>C!)p^^bXi~_D<1Z)F51(eBtb)B zDKDY*v#sz7#G+(dF-mu6{K6uZm1*!}Cm|;{s0^B0uUicxGKK+hm)h-kHlOA9HB?$N+Vt0 zecj4n;Z^pRc^#`g#g?_9iIzbQX&{3wcXc?@-m9F=%eBqLFEtohvvEcHf%p_P&WRDp znk`j2k|w2rgbuq?1}EmGEa9Xb_tf;5bs!gv>BS~cP{bL7fM>d=_L!S*P}oGkq>bG^ z9&j`R%?4Xdw88giSNq-m2oGc#<{=9NiL&Bvq!3mHtvyRWY-NPyU5SMMsRd-Wo?QUt zIF|c_Pl+q6bruhH=lh(UX?lT&In?DttfZ`2HFqz{Qur(Wl_sGLP$zPG*OG zY+m@=0dlufCsNyN?l!eI8gTa-4*5^%g!y`Ma<{ldGF3ozWvW0MZkFQAJ8hAM$%bc? z@pO2$2Q(W@bmwsQx>MY1)xPW_qG}cGU#66^yf3Rm9Ut}4aEn$^+f_Vzymdf)v+<8P zU|JMWT-@v!losICb6zvw~~R;4F$o$;=UZtQLi~bmVGm_l6F6W;CmDIYx3< z4P-+;T8pfsa2eL60GCL^r|;N5z4DVgcI!}SLv;I1Fhr-rD|J$7BTvi09B&nY0vF8B zR*Zr_p?-Q+9?>0PY@h6^yurJuGK{Ys;asNno29<+pxVEPUv>DmBoTBk1vM$!F(pHy`LH?r7Ds8c@a`Fn@sx<9cuAV!9aPfZhMl|g< z7&9bu$Df5m@1f}c_G=_+%YIdUjp)j0cebpxKq4~+&C|HR5=y^Pk8Zg7it47v#EY+9 zWevX0Rr5eN^+i^|R`XvN?+$=ANVf0~dhC2?f;h<`N`}~-N>S{gdgp3&ru0BX2lzny zW)!d(q;?KG(4!vn@!cQjGE+%t!9fv@z`M*vnLmwGewy^H$eftd^rFyXeqq;p8^Kj2 zW9;sZE?j8ACEv+iQwG4<@*J-2QrFJe6(l!QvRx2<;p`Jm5-NcotY?`yiTzIR*^3r1 zbpF)Ux(qS#5D~*33`E4e>gVD3-AV2F^UVMcJJ=exbPfOCQI4Lhlt#Q)b zlGGe0&5@+OIH^OD?s{0K$xzhg#j_;o%fE|~j+3Nk;*66e>BTrnn!V??IB7eg?oIe+BImX)Z z!MZ5qgT6`Ey^cPqxv8NPB){Y%oAZJsT<6zc@CCVrrh-WCD@^yq3uZzhbFn%C`^)ys zmI)-yPOBkO8EHP9UD^oDYW!b?|3}ngbbOR)g(5*V$On;Id&-3yCNRy}Px!)!u>l-2 zlnl!bPrbXfAJZemZ=W)Ep2B+JhUEOm_8D?>%0zL9`inY|oB?hz4?-TZ@Bdh2TEGJ= zn&$rVkdD@6hEPa(}Y^Km} z@@bd)jv{d%aIB3m*CVD|+s#=jSWcv)h%prnK~1f%h4q94@spp8jrun;jeqfk@pS&3 zh>Io1y^BCVcSFI=riNQ7hR&)?5e#)TyqIl$afS7IFGq>^gm|SwWALe((t*}=b!!CJ zMzDkxgg_hff5c>ndNQf!v0Jruaa*Bdz+8@5^XZ5iwMrMZF-3b>i78h;U5lD|W_OcOu#vOh0S3Hmx|Lb$o+ za&ryFvrt4E=&7B8WVM_lScDoERe9V_d*3r~V4aGwZ4wK{kP#M)f34^Ipo)IM7+O{b zYM}(c>Y1Rd!wk3aBURYMRVb`!}0#+h}2}{bjb)6*Dqek7B((f*Gtn$-S|| z#WOFRt~We?mPE%5`B7$m|l&gR|B`4aeL)(D55u0=t0ps zabC}p(iIZf;z715DQUA^Wohx)`0dQ4b5Q~cWTDmgpOxXTF~lt=sX#1B>IF76p~wD} zple^lJ^buzn5Tbk(?4_h2e@`?|=kU3cU_pTF)@*P+^mB7bXrx zmR0CX;#V+%YT?>3xFMsMn}Rvy9DHz|nr)qfdNjmDb8>AZ0tLI-9Jv|uFzi)w{sNQs z*}GKNV|#WvXBy9dSE;X=tJHfyozrsgjymWP0DRrS(}PD*wVnvQ zvc?#~62qONj!bcR@#kMk@_(+S@rB>BDGIyi98VMlN)9X-_cHzUqwp zWZWk)GB3@@KY4%E{$vEDNB^Y7`)5F{=+xpP7^IS}Dz3mVX?3PrHf?S`62wA4w9?XuU`+TjfRHL%Mwf2$?0%e~HZwWJ(+|+7qoci+oI?yYw z7nj}b6wT3{yc>m>^3T9NcQte(trK9Fd27wzc8p`Z`Po-d<#CjXxC-u+RYqAt-X2~) z2$Fldl$@lP7uFWr4yN7E*oh5%_NKy4RE0mySYoMnzm*VZ1!x9)4{t zn4;}nwS8pRtDd%f^aumG6_4VL2MuBWDS^_$Dj z23|Ljfy*Wat#)p_LNJv3ADC+S1cUR<0ekZdiiS(G5>G|hs>bXp+Bx$tp(w4uRp|FWYFnrqgTq71XYvE>?sYl zCqIy}+T6XnoC_O3k3u1GKlgxn7mT{cPShmWiS2;(=*3JNr$lk&XDpUz0s(H_Y^*X* zx21{fiVXUI3T>`zn!?`I31chTX@FR3X~rj`o0?TUqv}r?1fEDPCzk*YLC+Bb#@wqu z+TY&f<6+t&wP>e8U&9gV{ODt>^|zP7offd6d4HGY4q@KJ;F-;lKpK0zqs8=kD_-T+n=_ygFD z3dxS{2mh@2U=HnaPqz0%nHu~AM8y*1nDzm0M7k)0ruJzD7nUC%BN^ObH#bh`{k!D) zVj|b(745f1NV^QcJ+5e{9y!XpJS|B(F`GP)k!uBeGltB%KhSE=Y^ml(JR2|>Ko=+y z8RAjA(bt#4n@2qE&+>Q=gbyY%$;*fDZCHLfj2eg;^QBd!h42zoW^->-^JKHyxhBpCp`)MooYeO}h!;<-x`3AhQWo(cEiAJ6eCB{^OW zEl4r-dn6UlkF&1zqf(W9WO&x=nUzKRQu8IVUNk&w6SIyax|ehxe=NFM;HN|ff0K17 z(c`3RjjFhWK3oz1lRwpqU2h*Xa~b$z zSvA*QI}!}Vm=qH+OVvg7^~nNke?n-Z;;)$F81Zz;)e!zVIaLZYLFGkg*xG(va5Ak*QaR=%%X zbZ05~J&4HCh@zW4ylr`|CndU;m2k3oMaKkyy)t6>u1h!U*Y7ID*k{QYvX0E%_l9%# zJVxylcjDTXHY@Dkho`t}26taX8bphMvc4If$f%0T5{mfEdrI;9Z8r@YQJUWx&hHND zWx$w86p*4>OA3cKv-l@kOf=wpfYBvYy(^X10w{=IGt6Dd8XPkIB!f^&eSdgwscK#f z7FOOYCk(HqeKo~1DTj+z;(T4Kl`1t9z@zFo6yTsy+_8{rn6H*?bfO;u0GDV%PpOJL z;)smcUS|xi$hpXrYJfvl!Yd>nk6G$@-34|=Ec5o^Wy+|!iI$?%tR*&_yadP?;bhB# z^@3HXef8zQrw-F!<`n4j?h}hV(Yc+Ed*$3tAzJQX4(g$7e-KZ-rOte*-cqw`LAiz{ znCuk(tHN)niA=}J<*z>lxusTN zIU-1m@7uYOVFrT{vP>7B?Rx5evi!Lq4uM4FGbLF*8zRfiVBYP^>s&|wew4a zR+IIu5=_o?6ZJI=hih3Q?st#M({PM0uUg8m58T_|EC|&Z#>ZTyyXU8b52mpp$3+S>y2EkJVq0|Ne zv7rp;6?o?KGk49!qB1(P;Q<~F@k5F>Ia{t=vOYP1Wu5}kZq$Ni>uzzSQ*zI?|`?9 z;P`T6N!;2;8s@I+>{4i`4-N*W>Qm|ML8P13C$Oh0*2Cn9*xtN^_xU@*x z0%U};-ZiqF^1zIYMW))D8Ec}9z~abd$00zmJ>i0OIVWSncqM(Z8HCL?bKbzoL3fnf zUgU@H8|%;iv>#ae9P|+q?`!K+6iNtRoR0H9eno<@;Wl&?Y3t7khHE|cZ7Ue=O|Ui< zt*JsPfeazB03cVhFn2R?GPebKPE?S)OVL7{f-FHCg0#fxx|X?KLgJDjz=VLoKLq^Q ztO%HRwajSorlSv>CI!R^_VR zv7;&;>{Tx(ZBPDx8{h24h~ZT_7FEKIANBwYw$&Bg``{P0H(;=rb>QFrx$Ehz`=cW> zy1KtTu%rW{|4R7F6d!>>(zX2|eG+zM<85jATH802YvbVPB|D;hgC)cyNPxAZtq<;#H#8 zV1FLyaR-d^?@{wG2F3n;+&&03qnmLvYeMW@!mAfEM2_u23pV45hda>>(MyZL9CX0V z5CLK7&Ey;5*4Vu&)2&|??^XE=H<&qwKXey5521mTqPsH&wag&?Sh_m?KAu{?Ucuc( zs&g{uQk}EaD}YDQ;{QY2x4_p`RO<&Q5TKYK2th>x7A^8hR1B&_uJ%`6B9JE1luaLs8gV>jWSwyb4O))eLnAbKymtxm$0F(yG8Q)46 zUp#>QY=n+pST0W7KyTG7#iqpu0jTxH^&uDc00#X>neEVjD_3J>3_p_mkRke zg9mb}YOkb&hXU#n3*4%C%R?enUK6{o4v7V=D~cx)yW_-b0wjfF#lIO6yChK@Z8BAF zymRVM`t@c~0CJ-zrrrlwUp41iFD{Nb5oDS*s%0mF0ys7nEK#{d}v zs80dZUmq~!3}9*spgRVbV*m{)fQB0ahPeiiu4XX?m}dZ)6o$--fMLD?5y`w1%$#pI64{+$c;=^Ix?`B-0grD{iOJP| zJD@7YV4ZkOVOt)9^~GRRr4(4zO#xef3`X5dfi=fq12Gu&It5nsoq%mH1}ow*1=bvc zMKKuZr@*Sd8?X&47^K}CCz4B*q~9`kkf-FEm&+r1@}W!G@fa?}1&aFb1-z_*T@S}z zlR(ZKAV*>`1|JHE^Ev|#%2Xk%z8?}fU)IFhAB03T4iXDuN3H|FU@i}XBgUp4{dz!> zI%tDn;?_;YtHch(91{@ZQ!dBfe0w!Wv~0k~?D-%=@OoHxg*RZJ^YM-PT^}w0 z7!ErR5XqW}z36)E1|?RWzYR6xtXv*YxUZ!kW;k5q)R%8247lw(bP2O+u7nM) zGOL7>2-jS(DLe>l8{b{Pcz)rZTg}BY3azf&TA!l#uEik!b+u%Dn9LQKjYE7-0-A1?F3%;90bk>&Y~Omr2z?sUJ6EVRJ+4Ka%aDsTleS9Fkeu) zjLPZZNlw4O9YpT~r{XP{%LJQuc4K!gzXN1VnP-ervoe!Adqb{6^7?TT4%C4O*gW7z zNT&*`BNQ~y-bsCcs46umToTDB6s@2VE#$?jiW)Wp1sYJi_mv2bw-h(!X1b|xg`_TW z%|q+o0A;OhZ7+>pTeIv@Wuac`v676A!K$McugcNJs9-X#M;EwBxW@ZvO5XOARpe`b|&p+RAPX71a)zq$^hDIrayoyp{+;cRxfu0 z^lfZCg%k&(-Ir2|c8Qcq5!XrieGRF?C;Y>t_(>EVMT!Hl6u~+S*@yoiQlwQ5Q^a7O z>s_85P1vX>q8!98ZaSfn1sh^VR%=a>nzqG*LBNA4TWo8Ez$BuR*iXI8j(0Fjo&&4- zGHoX$0qCY7OpRw0V3l>oG81R;&&C{2%=v**6kt6+2+};()v6H}nUL?e@<4~mANZtH zJ~j6$pMQ!zjamOSZ?pbamerC$!3o!&d!(xpLWs_4ornaEEsQLI{ht^~0_pfCht{j5fWLCwKEYf9=*To*6$;gIXEsdmDt~3 zc{`O%PvTCB6wEHg-?_BjS6}cxhyktavfHxrMW{V|AVzXIF>lQ%5r$tmePNfSd@zcE zrc8M>kZ4JaZcBuO;ap6gZPD>RD29=R-ztZ8y1&H!$hMd`J+e?n4;5vo;QtRjPRPpW z)lHlp+Y@y|Jc{uFttT2!w(-wWL3&#zb`Mal^`Ogm8VbR#u`x4fMS8E&ny7CRTarQl zYJype0N}%w&6~R4O8HS<7_%4zB^yETDs5~|J~);(=9KdN%8Mq+rUANz%FF0{&=4i< zPbO)9;S|Sb(akB=8xD?DVtvNWVg9P@a00t$GD-IIa=)c2dY-nOr$yxMoqo~xOmaAg z^_}fA^7yK4G*iiV8>vmU2GR9y^}0hFO;5BD6uSxSG*XXq{m-DiYLh(R3)z?`KrS** z;ZTp>Dn~Hr$O9U$(nO{`{nkVo$RwVciMjwcqbzaf$Hv>47&CB^26qx+(?0GE!Me#- zf_HIk^pn-{oeD^51o?2hKzoUL(fv^Id@L=V1N>FniBW*GJ<8;g;<0ub%N|v<4;99k zaKYr#f?=pyJgX{6i4eUtziTlx!w7w=9c zi*B zW)@u6n2Pqs>jXwMTMw?VPp0#3AdeB8w3pI%b)murix&U7%^nWKo{*PIy1|E!^rG|R zE4EHhr}F(mNq=6tn=b5MsHj~I>2bZ#j$G(ry#pzIrY7Vt1TziN7&y>N8OTS8ok9so zp?3+W=!RF|lUMk674wY=^S2yiD*0pT|BSzXzWjg7U*CxQG4+4O->IX^&-BXdi#F~8 z5}Js8YgRtX>>E?TCyY`UmFU)oM&3^HX%6L__E1y^?CE^^BwUbyaV-(>)UHTZ7yb+U znBTyU=>r7P<$!h(>q(mfZOLZXMe7%*DXF531rc7+?%8B&Uhn6Zb4A)e=>da(+(`*K z2#@B^sGXTVqmGA!JKj5GX2^EjfIL_`*2$Kr6pU85qSV3?UblFEa{EWo5mw60RjD2%&QCb=-Nc zT(BQe*WZNoWW1W=2LN~_%zV<-$MeIZ#GWlkg`E)|EE2HhE`s4deap}^gtwWAH#9P4 z5N*$dOcrE53xf4dJR)CbSy*@Ne%S&5lacO=^bg@#;PuW`nV&*kdz*{MP-Ivm&LW~0 zuMtmG0zy5B>oUcKW*4_3`d%o7d0MUkr8sb7nvq(Rwm}@?$`LV2WAk-KH6O9PHPlDu zMvLa5fv~FHx!=j4g`nhZx4*(`y7(L>!Lj=n^heu6{k~ejvI0w{b8S@*X}UBlo{f*U z@IOMKE;P;&!|eJlyUf5P^WrU%B61mw-V;OCL7amIS&v`zU)0O@%`6^ztG}H0)P5-V zKH=`}1^pEAn~%Q< zHA6sNj?bpFq+7T_mMrZTwa?;}0_Aj!kFsSK3m3ec5C4OEcEYAYu4nMaCy=$O=s$Ay zX)(|&jPgy-M~C$Y#cojS4jkRao>_WMF%Yyny7pEs$T#AJMmIOd1jFa)N@gMQK&s__ z+;8zLdkdn^da0du5k-2XAm!j7c&3L#n;EHstf&!bjsPPqlx_1gH&5KwviLTzYjZMG zGBZbZ!L?avLsIgxk1haX{|0(J4og^E-n0aK^k(KD5#o~PT;iE?B#woBu$(rb?Tfmw zD@j|(K62WK=CG!~rF`c;@+LO^-4=Fu%u8By(eGsJrhIRQ?9d1H!O$9@hSs=78G+jP ziEQjTBzI&Fz@9qjsUl#R)WVF*7J60;z(lbl37 zMz+efHwSyuknA5?#ZmNLXK&m#88!b_jvj+u*&vd%to6b#wRz#dw8!P51zxdmA!Gv! z1NMTnM~cr=-oiwBw+snLn?rk`uETi7MS8LIte6k!e%p6wF?=hj8f_$Q$EjGCV`=T2 zQQ60M_-)z`DMW-dC!7kO)CYRblVJD{)RMgLJntY6^R`}v6j4#s&QEIo0i@$JJ>bhz z`5}!5d|yfe@qq80sRW$w+$mKA=R0>uCA_nyb)QrME+D5p2~_Nm@V`=ccdlu@B9(ws z!$&6)?9}jc$s|2BydRT(k3Tdd(YIQm?UBDtCfz6f?Lxji;%_vWr5=BKg>T*RM$sm> zRYPsCt@^nuI7%c3pVAU9oJI4LzTj_P;@fBZjfc2OTrd*$wgHyXEPvyDb|syCf%U&* z#l;WyV!z%byzyYWlsg-5xsLm>>fD>_S?1S=ZA%z{VDNrk)<&N%J){SFv6H@<85WZm zasPN??3ztbYGBKv4Ench!V-nV_lBb-Hav!lT+9W4zRFxJy8G0Tcbtd*Tr07}1U>Dx zLJz$lNv}Fu6zEm*GJ6zCvnY1DVmGT!7{MiJR@_@gU_n z|C9$)qSx^8K$T{}VhRa~F(qm}Wn_t^_|f*Lkk4G9Us;!gy%|g174@kO_2GWJWL+0T zx22Un$ZbSRob0L){nV@Px4q73m!oDa_F!gNj62)B;HE# znUj)76Zj>xOB-bV#RlfSvX7%t)B@jmtx~ubOB_%R z2w^4Aug58CEW}uAc5MbpkC#-m*M#&nHbz0Fra$%4-~7A{zx#~PD?-VUoRg7n8bwR4 z^TRapkd=)0vcecoS|VI_MuR1GhH3oHtBZI@r%C(Nw8@}fcp@A*!UE9lD3vP=|C`1S zPh1nK;REqbm;J~-Y`Tvv^3eNwF~E^@>!GyEEKkZD*gip<84@PdwCx0>;GpR077tFC`eWG4ZqnjNPOmN#`QHO#Yv)Ogcf5QVn;6 zBz@hk;gyDy+cpX>C!1IHv=y#dk!aq{rQlmhs8_&muCU_|6Hw1e(zIlf49bP0l1Zxs z>WpO4k0j~hWYRY!spEwN`esRLO+sBDN#9E*eL|A%NhZCdtxK;kjheZUQw4 zpQ+}5A{^7UrlIh|cwH-np1>L+D-H(8dKwy3lzxam;FQ=gTT!-hr zQmd3CCb_RAf$5?c)9Ep$0hGqS3`-LepJ9i9$+nE3O3iV}-Mu7B#Pq?uyf2WFtT0dw z;iVhCdmpBV{kZ427@hn>jwy?~;S%L~zW3NE1gz?=iXJ(eMs0BsMp{>gg5@p3-kb2P zPx{9WZ{eI)?^@ONTC!36Kx;CFuzRzEB#<1TX2V(QZ95+}o;mqte417~v~gp5+vo6D zvy4N2%Y97Vx#lK(yMw7qY^ovt$_z1 zih)#tsU6xOfb?h<5bFRfzz9-&6FU_ zYonsWT`L$ol`1b@!N6&r4_>Nk+CE@lsyx2>f_}dUJzADtTJGN@`U%4w)Er%F+Cd9J zk?RF z!5%04%?~+Osfiz%td6?A#0msM5`3+Z{cT^>ABN46X4OeOPz4N#Tb3T9o=apg_P*lv z@P;s6aJ||#q(GDV!Dh+|JGOYP&@(FIQoGji6CK8$}0hoZy&oJi<7>pAWC(H_ZU zgz};tk_kQGs`xiv@ZwNdeqrqWA}7cWK|}bHvT37-C$?of^e2()yL|x<$5CUVW$^Mz zO>Upwm+<(hxM|IFz zDoXh+&ANDmOBH=T50^jAfH=;;9r{gB>TI28UlwGsNHaUE_~hjN_pPM9>t&@z>NDfi z8K=x>nsM?;xg{ITYEA``dLl9w`a2dr(t!`6b~F}ec4XIpgKlU;mx!)6+iAZm0juAOkbSq|{nEBpv7##B53V0k!;k98});~VDuvGKXn&)qVC z!+fV@a+vS3=W0B!Xj!}lgTt-FDuZ#GP12V8p2jQpFp5}bDdG{0FB1qM*31-;AgZDv z_=F^Zl@>XqbF9DSGjou{DI8<1#={&Go^A-*lWF6`-d`8v zY`_vY1qYtmEo2k8`Cts@+?bi8q*C07x|;!J`2v>-z&*ASP*&}D+!~K6K=xK;wwYk) zbilW2E+3c4hof@Ku3H2{f_@@J^=e%Ij#Rc?u@IkKVT#Hp7|=5BaUyzh$)cKMd>-ox zQ-Y>l*a_>p!g_rXJHtELGN6l_5uLT@n{oP#GiH2p#+hOMWNX2U zZEutiz?+~V<#4dqW7|)p(loX`oJ?bEo2ww9AYM1eO)J%ec5S ziwPIT5H!uhr8DA$21&4ZFUe*k;m{aDk(x(D2t~Sc450~V!PNfV&|c~J6Sf#fbYU>? z44?!Cp5LIAS!sA+G~DU~yLZIkoPJdZ>#>BVSsVfw^^-HIWQ9^AbNBmqwu7g2M)Uh^+D7%q*0Mx z-aMHAMcOu%07bell>kM0G({QVq2(#0(5%;I|DGy}@siQPJPindGT8m3sBdw|`*%Tr#bHBTmaE#0I* z%0os(lq&bfUmLO3bh$I*a(gu6xw7Q3zqOLbq)XOoNpz~|xt=$kGoU@vK!6FNPRi$# z$--B=d?T4;c>nV{L$cC35097|x6Uo8{L<0TQ=nk$6!2RZy>+gBBqhqS*7-sz*O}@$ z;Lld${ZnMiD2-gts`4TtMDQr}{Nq59oj@>X;r*%n(wQ&^0AfA6b8DlZAHOKW(hbiO zk(kyMNzn(S7o?CX(JG*9$0MAo1$79H4MhLkhP3cq0i4@9G+jdX$Cri124tQk#<{W{ z|N4EB!%}^cuYYY*%jWCiYRC=&^^Br~;{=Sl>utiEG!4N4QE07U-`8 zga)D$aH$k(+00rtrAxm3TJDfSQ2Lonm^f|4+;|uROzC?%g<_RDb8ENrD*b1}*i~Bd zyUKhtn0-9}sPYo#!mrip%gb4-`{>oPVwaCl9vwL-#ObO0((4+fi(01dXmjtiyE>~U zq*%2z=qx~Ya?q&``hhg4cC~#yw>q5*g@Cp(GB_PS5o%N)J^0(oYA4zLVJg3Lq_NG- zSm$v#@92$w&^IEABmA2OpGu>^=T zv7}%5O_HAyzuA^s`%$O&YHu<(ln$!BGF4jh$q#22R5IzeAC=)+J{HTiZyupcQi$`? z`Qs^l=_zR_>_*(_c`8?L^wAX4r8S=aPk!(U`Maj_D=YQvuPZCfN^u$%Ds`R=zxPQR zDs}4!Ws;T3r}M|H6txc?C4X#Vkv=n_Wid|hwr$Fm(v3;~L?Ws&h#((gS++_%Xddng zJ+Q_l5KhI`&hfUbd#J3MD`2B@u+ir!I%qy?EfZ1wYEKTGpcaHygl>KFl@!T+0s|@h z@bMJNace1#O6X%i3pePjG!Dy+6?R5CUnTHDN&>$R6+jbw!s}a|E=YllRNpz$%CdOm z^@S+SjIGQ|eFX;fz3W&1oB9GR>U&WdM@4;4Nav3yQ}2Tz?3_G5vw&g0a6Zx|E+{b+ zPf57ikd38@AlgUbH%v74&lJZ!^DFn43Dq?< zEru?WqKhF`(`~gbU98J?X;Nu1bSjF37#?pIF?6!%@50pJ?TMk!E<}m0OCc!j6ozq_ zsc)$o(DUd67x>p)L@P^R*E%rMx~1h2wmrM!HhG-XhZ4nv(#%;`CM|1Xm=p2c>-Bez zI+3q@UFx@j^?U7?sgiHMneR#?sA%TvQu*c0d_yrsUP@EFmnXzQwvaex2Q+9b~sFrH9c>>>C7-BmNh zBOeBSy`xBC5Ap|fv}PN|BO)krFGpCxsM!BQ7+K{<-~`_^q1Yny-l6D7b#c)b;C)~% zX49{sy=9p!UXTj=7aGEPRQ$nJ&?mM5!M6SnqAddyb6@$K29WIYK7Z^QA)lDY$`Bl( zC^|@n7ThrbY?qAy4Q#;!{zN*zMFK%(6CCczDq~!)8j$su^nRlcQsxvq1T7IG8uB;+ zU&h>v2?yg3zN2k+3fvFtl5pXIWYTT|bx|_u9g?&tk;HaH>?}F{)XVq-4lL%0(d7wJ z#Xs;BVxF9`g*1kxmZTC8mP#ieER{|`SgI>k1YxOHlL;1ux;B{>A?TD$uyE$Bgz3W{ zRng2m5z6{FVSyyv87It_gdZ@WuY|&u$HN<`#5OiAA!#5t|BARYfs4x`S?G;)LpD-*_lVbPC)i#OI##yf z|FFH%5o@&9pOZ+fy}pu6V|yhNti8TNnAP}WlBg9)++CjV!}0_+eX2-HoS?$HxIE!3 zPZ*(PR(s1FMj*dZ(l#`(LF&p|s9F*x)Iz#m?7p06RHngj!f^2;PS{?X-qwFE_^=rT zPViyLYv54swK881rMTA$=`y|!0txki{)s@`Xa4(VpxiFGI)Kn5<0?$zh@L!Lc9CGf z;uKw!SdQMy>aXsv@V#lw)z0MSIdzKUN1Ad|Wqn60z^T53@43nZ#28hoKqD&sQH-~g z!N5|TteuS~)*d|jlx~uKy!VgLB=>+sZqIv8}^kPz?KI5tjBY)~ks zHYaR?%3*WDv_H(2?FoK{l#79^cUAP+XF+JZU39R9>C>iRKaBS`zgs3B`rK#@ycASN zXyDHxnJS@uuDpS3(H^=cD|-#C3+jmp+lhE+c5wVQ!&GRbP8r5y*`Fc1GsMU4z{lP? z7WQ{EJ;Lo6IJs9CXFCSHOj}+XNGu$qI@tleybvlYOU7MH5^Exh!SXy6jogVw#y|Ps z^$J=fY`y8nTKXec{w-iFy&KJoCT_xWwp-VIv(ui(|1&!dlMCoDpMY(}(m8&syqUQq z4ugIA6nrRr=9C7@nr^=t{&KB6$F=e~Tq~c8wemw}!kp-wnG3bLOdH%!-=71t2%d8P zx$f242Dr?GZH~v%vrxf=M@Hj>soP@Csl`cEFHU!!!5{qM(fDE~?^<4b3?5=njuYk0 zYT6o!9d=mX4zV|k`*V8Gv~NW>V2wdmOjI`(4@U2L_~o}+hT&Dg+m@nWAQHPK7S50% z|2;8ktQA`Cr+JU$fRCF(&O7VCye+E^q7Cc74csf;`zm7uQ?R~B8%_cSgB^B>KokeN z!P3hZ6O|jlDsb}3Z7JIzki8CR7^y8L$u^Pnv5w%->`)l!28q@;YLR!IqeyU}xT!2! zL1~$`8`)1z0YS7BS6f5#{61^V^Gq($JTjNC@eBwP@f5TqlzA}v{C@*H+}e{Kh4%+> z)M?1hLIZw4KN5Y&H~DcA+5}%QUd%ZgtwcP+@f2U^zqk${L;4*HaaWLCcSV!L(W~u4 zLWlb}tAA=9=<4^`Q}h*l<0=fS2kW8+IHEbL0<}KeHI7Kn)rd=QhITBpYW|miwE)C z$Mn*-lsf7%63r`|=5>g}3(fPBG>-;Nux{sHkUtb%etA;Lb4*rqfM075w)ae;m?Ugl zd*w58gelfQIu?+lADRAu%pav{U|qIiwOQXajayK=mOVP!(B${cvx@VistO-i_|fqR z$t{7cO?G1{ofOK;Z2$wgo}aiFdT`SRZW8rxcR-{BSqO194MgA9Ok6Gso=1}AZI0&X zb4;4=OY-qLYrRg1Ta_~P;z7QvA`!CKIhB~J7g3{mow;s0+Ig=O&RCQwss-{CFPM1?=WhcrL@vxzAACnmV zQvkfS6Mw=ii#r+sR4qROvpceNx;0?B&Cf^8{}sPKfi3Hx{2(9*-^+~E z3>!7XX^LO+Je1E(<_*s|1?yk1ClX zguV9-Eia==4Iy8@=#$FdG?_n19I;gXq-4Hs%t_@}C-e2&w5j~sWPW`meq3xD^Ovd2 z&&2tAG(&g-Vf}_RT=Ftg6F^}LRSJly07~}o5I;Zo!wp_rshu_9j|wwglD5aw0&xQ(U_XSdWg{o~Mm@Ye!QN zK7!qU@KE$!AV^a=4piim>b@Ntx9c#3_cT2C(qv?sQjw3%ZZ~Fs3}zF2d;{>UFx=n_zXl^a8p9tNiD58S6*X5#tA2EbfA~LQ_@^L|U^wdx zXVVP-G>8Wy(xoc>l!RyC9_F{+S_O|4R~S<|Gdmvcog~vgimM(e(FyM?mp@N}YU5YP zpY3n*KXKyne+H~2s&l1R=ZnCWkpCTECn(GI zWFK_ftN156;eynvbe5dH+Gi_@FE%Ea0EQ_>tIj`UE&z|dbrw-bkO8N!dfuJ29{j?O zhcO>U{+=N}lY{qHo68@tNAbl=tD*-0(Xp<36B+v-upRQcf;J|J6Yew;SBy(yUKxqs zX>}Ps8I#1N?sx7wE{QjOl&-}WKmw<9SdaGX{WYz+Pr7k{X_w|SEiJNNK5X^*xu7y< z2u0~DsAS6|*8xDvmQK?BOSAX4XCGLaeIU3>FT#ch1K6AFC|YDK|7-rrcIXL&4>o*m z?=cZ7qqvhp%oGf2iPh*nRR?N%J{P7~ZXnZnzuW;8!H1seH}CdGe?J@^&LJ^>w>v}1 z-}n4g_zMkv;}1=jz8dn&`1_JWsJKmY*P97|yMo!qpWvvbJM;aps8sWo0tX~0g$#>} zkc!XussvdmLg6#?RZWobjzjWSo<^3dV0iqFza( zU29CngWiA8*&0>in>)l9jBi)L_#ALkDe)~vV*F(cH6=Dn*&pi>4YWw5bN_9=x;4u^ zC}fX|P*h-5wa)cdQLQI@3-%HJWi1r<$uiY?uS0xLFo^1lLal-}R7K0`jSQm}Wa$ig zRVwQ-S@`JV*6r{8!FVj(=nx~b@YlV{Som$+!4`Y9RSFmSt4QJVea6CcCvaTIFO$NK z4zagD#8SXyX5EZ}h~gDY;Zv=Xi}|2gOti+Q{Z;rF+=SK`!tDOOiDG8RFXQ7XhuB>p zVm_khk1C`7Aegd-7?b)7t_vS_+@n&jb%+Y;r_3&+E?;z4H5iln7v1`=>>RJ|*EmE4 z^%cjLQC~~xOn~}hPW>RqJ!;)|aEJ=(t4}JUepqN5cnP>e5^DQ{{x1*2@ilTVIxYakL(Xmu5?5&W1Ls_Hg{40`0wqzgLBgEAX;NMg&cXlAU0YE{X zsSsXLp2M=<#USy~Yh+!6!lgvFC&hSY*oGTr;g(UE;dpf;($$UAFO$^`&<^o>ZeF6) zlItn;E)Q8l2g^PGyu(I^ci&{Px84%vtKN^x;oyME>0rGuGuoya``7kyx%B+QOF#8( zE$zz1J|m~TrAJr9inRVqHZ}_;oa0R&TOaX=zF%{iUx?~sIc6C?Vb%5vb2-d1bMr9-jS9EuW}&zAzDyG5F z0LZ_FcaY zmr8_ufFS0=O16N8Ms9b%CgD+b#ulSB*Z=|I1@7D{T0v#zlP=Src=C7~40I5IqaY@v zTnWx{d>?oIVwru#^A7hsAmI?(57FwF$$J05!FF_(sv3uuPW0w zzd$8=-1690l~)^jhZ)+-H{tvAVoqvhSdIScS&Ss67D))nZS3fat{{N=q->0ZbAb9*=^d}~rh8CWSC0G^32P0obvw#`*)9o=RRq3a{^6QbBVO_FB! zwGPh%L{;hEG!YCi_WaCSaLNs4^_Bqu8+YE)OBs{aj@~qeFXYhX>l&)qL3}VWB=TFq zmN*a+q28WY8xj#3@x;22Sm%kVySyU`DUd<7C@FX;Vs(aLl=}AUJvFTdgB42*OE$I~ z=73uh@G1*6BN4rQ+nQ?;Ot@!h_MYJB=qw)FfpqPrSiI^K7OPakX@`f|!z?ySu+E2p?24g>xRTD4+ZN+U?mlQ+1~vCvny#_>47sOW;8l7I`M0kz76v zKo>8-guFv22NO~dhlayQ5xzanXtifo*0iM*T%%V;iv6<(7*-H45&lrX&MUn zMdS^OH5|dB8(-(;v0SWaEY9jEB6Fa}!|%VEwfff~TK#Yi5pa~iF0INfd}qG~nXxMn zIW8#Q6pw0@zKAEO?p5dDDa}fkvC^%qyhB+*YGd~Zth_ZbRtElI%?Ak#RH_5yhue#- zU42MN?w7>=om%+2!w|}F^kO%B>lVF{Kb|kmbAMPi_}Kiw*V$6j1bP4>7Twd79CFk+ z=nXIy2Wi{{Ss%DayHlD?a2Bhh=LizR0r#S8y;j zP3~)ncF~U`+sGj6V^o_#E;&c<+~QwQ%tuOlq6li9Vq}Rk@^m(4P4>lv`|4UcsW9b{k~O2^T=-K<7P)5smC*U$uGp_MXoE$_sKXt8L+S2jV_h}2#$>-P zozFk>@CS1iNjMG9U=&NPsG+V>C*cnxd_#a)WE#W*>3D4?Sc>AiBk0CSJ>}z`BnGzP-bDb zTVf|EqTktm-ARhJke#HROu}Ut>zt4-m$>yI4BgR&jZO3y;JIg; zal;U{lzyfQHw@vXp@rb~jC%N#2n{tg0A@O1+LPA{u`HKj^Vw#u#?jVL5oprGZqpn# zkh1FSl@~MtG(%8cIfUJ&mvFbK+|hLUlzFsm^I3KQHlOzFESpa$)Z{HeVf$(2dOPRG zc5Pm7c0Gx}2*KBM8^HOw1Sx#e&dHO^I-28)j>kIyF8LTr!ovGUEy)6#0m>+m5rz{u zHhf)^@hXv#dViJ3X;|I=;*~b;+T72;{R*=_AkC##-?Cmny>T+t*w^z17&5UHr;s~w zpd_r_SGrIdQ+ZG9D)=tHw4+Sdp*A)owa%rRs@ip!Su^Ed?(s)~eqp9(>Cen>xI1tB zZ|mUY3}5RIFRBE9Vd8Rnw_k66oMV}&oOba7Bg<*uBS(~zjKbYgPmIR8Wn%kRWE4hf zQvpMt#zI#)XR|vVjee!bShEHSvoslcZ(_XDnV0gu;*Iz&%e8@DP$Z z@!N;ruC<&JMaK?FJ0i8IE4lUMzh0EC5VzheK+E37w!H(!YHfN z&@R|r+C_8*R#`_qN`8g*=a0Q4daxXNutNHC$3wYQUX$6&8vCM65MCF@=Ul}~B+b@* z?TX~hzX=kgHnyuj+!wp%rV?X$K#%exZLq&MW!RB@wX~0h2SCX0B>}^2y!u7SeM89I zw?Ha&9n%BnE@N=%ERaBBp=a2J-C2bu z!ymm1x|3+wlVJ}^7?U|1U;^xW&jm%#>rxy`YqJXX#r#E&qY)D*wj&B)Ac`V*(@-H< zmv6&?#UfOBAo@3pVeSaO4tdz#mp=nso>73S)+aMuj$B20=gYF4_~y|_H`1PpZQA~s zD-DkE^HZ^0Z3 zeQ-5ya4@635R_v<|2{sO3l`ieq&O-*&YX~<* z5CK%CPsQ;=zU8@}bKSjW*MBef|8R7WkGiSzCF9{>&r`AXIy`z;^qWRtaUc3sEJ+A0 zznBcxcrAI1?u*2Lwxem6%V^y3(ClT|Li8@&NF)|4<%{12Jkkf`kFeWzk+O?=ps`V( z+4*J$qoIg{t2f636>(b80wd8IWGmRDv_y_mE@@9{0fSyI$29t}2Py~5{k>JhXO}#< zMl}Mgk|@a01Bk8~gWR)QQ79vkAhCRIZp#L2be>D}xqLh8#B>~4=-0(P_kY#Onu!HpP2G_1 zL(ykpDdXmH_OTCqZs~a7QpK`QmKjH`EYW3-Ris;$B7N)YfLc^lk5r2j|2%q0hjQg}c zjSRUY4LPc#xaVRM%gAUBaWtwIGFR&^-2>NLM>gmaRVIQ9xkodeM^dh8DwhFyc&tqS zCW-!`JhcC27~f;@6iR4#DqRA)l|-uNBGMpGLMk>}zLV0TUSK;X}SL81_#rYw>jHf1tI7%TjF1d-c&9`U+sjNQ*evC!(o(zAAuKe}-lEpUhmo@hplr@hADY4-{8 z)H!J`5JKQ@E*g)gryQb!r!8WhZkRK=oTR~2)finD8EV^|=daRsVJG2vPVtzKU)C9N z4lz|AVr7rs#3XC91_Nxu(8g+sZo6dN05L6VD$XdtcZbh}*+_KtSu}n)ZX_MdeK~%- z+1mYb7NQBz`dr|zQlF1|*ZJ0$Ova5NzpOrs9AYnlNYv-MXD8~@z9L2-CPxgR{4s`N zzeLs{ipiuJ8yxH$Z7t|VNm*ck^CVz#x@c()$4x~W$=nskueeZyvAQ zbNDZG+gNYpN#_xIxuWY{+NHFYcD7+U7gHJLFy5zmc#L z5OAefe5P}A2C$wK7W zRYhArY5o4FfEC~9gU&$(3Njm*uqf>S27ZF= zNqJkobBYh&qc|kDjp2~=#)=W$2)A%-hh#Z;O~y-?Y~=CTq(8zf^)qon9R}Gx)(pQz z`z_dSH-CGx*V=2l{7%?e`6CV+LrC2IgRmRbDBR?d3O%0wnAo6Bb!Q$u%O(?9P43bg zz0pC4tP28~p^q5%QypovFy%f6OWlUaeCaswWD$#NRkth5$_0;#Ss66LVeV9`X}b+n zt)}g;c+|IWP;>eDrcI{p$S>2k3mqb%?cF-{-v3!Q#_=#Mwbv7l$8$!j^WMQ}kIQLq zoiNQ>wcEDc`sv zy7e1K3PA|Hn&4ZtROM^Yws+En=*>1$zPVmm%Cbi;V##B<5+o!aL5;gW_vgF2dM?RnauZOy6tfc$%&KQEOZ2C1)lekPUwxVOZa zo?oBJf6DVeYWaRu7x)wZt*dk(B*g}VV7ht+RRHT|tvbC|RUro-`r>P-@&R#~CO&_z z>1rZ~))g<+{sSDzs4PNqs%!NwFfJ&US-$S%RIGdzu5MSKZ`FXEmc=X3c_kQp;yb(< zWw8@2-Q0tus%Q%~wJnmi$a<(3*;R@x(CAYhL8gWty-_FlmdXNn{$2bm2c5WsyGw!Ej8fn1VhsSq_d*uALFd(z6NQB z>zE$qMs0KP7VZBFbCaZ|^D#-$-n2V*>vAdu>sN9%kSg_+CqzApUWOaZn8M_Y1m4x2$#m$ty{9daE+ z7fE(>Ug?Eo@92N^elHz8bmZTC*6J>&QVA~kS3Y2t^={AqVXA!S=+}FGTPpw8zGvo( zp8uIt{<<}W{}j*9rt-r|z(JnBM=JkL>+aExp1(QrbpD%;| zGRybZPh0O88O^`n6ZDU2VD|R*H@JL&uZy%^qb<-U3wXHcXfCu%U+U#WT#AUQiY3av zSxeS6gD1k^P{g8XkIyQ2eZ;~4&c)1hH^fCTZA0`tyxlmu;v{hM5$L5RmhX8eX(iIj z5UDi=GPz_!71&XxwJ)YtDhve9B0%IGFypN&n$%liaQJ!l#0nY^W7>$aBdnnP&W+(X zw&iUsqJ04j#m%ik3H@b@2U9|Ukl6&R@g86^wd7-UhDVbWOC~v)HjwHhNPIF7C8d2; zy!8T9`k^FByLLr=!cEFpo9y(S8&0nwIv~P5H$Z?HH>_Q}{21mf`~G2`%g9)76U(Srk+r zK<)$>g7BAqI{NJoEE7mNbD7;k7_x|dJfC%96P>Xy5rg8Q7|XZ|W9OSs|U z^m%5Dt`7NS_UaIa_`E`(0*mH@`(zvyg6{5l&TFvhQFj9wyTO0a_3r}z@00RwpRl~X zA-eGCgj{peQ4`Kt7<}(8{es|Hm3yV6$LU%bw^mSk%i*SstIxEmTp9Aqs`7bvf7uZP8*lX!If0nKt=9Y=&ovS+n0pxa-c@+*U+1cEcy7ryUc8U zX%5E=XT&!x7~~!SvaFV?088_O`-}v1sr+r13NMwv;Q-*@I5=wU%?WVzKR;k6A3?@v z7;e8vxpK;Us6(g=8LKb59c;$DRUF5o16G2vevi7ut#lLNBDBHpPq&tiHK9xfcR9qU zT+r8!Zof0;;%lt2%HoS&dDS;W*Ao5bQE!tIoW{{1zl@9h975Y_1XRlt z@5?|@U^vKWF29Tu9=P{R#LTI-r2e=ii=8bBpnZm00h0#e4(@i=3Th7_Ke8~Fnhow^ z{mJ)aZoM7J%ajeq9GeXEBk1alg)@Wga_qPr9N4_cR(VhabGTOFOxEOzItAqP4;i0h z#&`$;fK8gMA5qvM9w!Sv;ONa@EEW{pA8N^cNN$j11j?g_UwJcqiN%ujjIO2QZOufI zSpN%gwh0H&uG^eqO2x_=G+ti>|6qDz@vjd6i?7WcDJU5rr7KgK2Wu*qRa1t(m5j+2_u~G7y5+m0ekfE?z%0V8@8Id z6HRc(CrfV6%R-pjSFbj@PBc31J?s;qUkyl2bU6Y;?BEQ&RI2a$z&grW*fSERbgme?knQtEUfWcFe9qYCqh>lYZjElLWQ!J_x0?}KZV!iQLWfS>j z?ejvDLF^eb(WimvTl$imWFRIMr%&iin8G>}w*?|8ckl`)ab?IaV`82|m^+9@mJbt@ zdA5B$f7c#+|EyIN?%i!g>>X+@V^&`>g1Pnj*dXx=tW!Wm z^aW!KeuuFsy&1*Nc);(!m^YHK@6E0O5XYkl?(jHEgZ!M>_}1*h?oR66glzu7^`Pk{ z@*QfAX!Ec&{YH#YtsAlS!6RjJJT=?%>p)lA|HnkHJONWc& zB%(-Koe!@>OR2H1OLUfr_1Gq7WYiwJze7~^*kPIACfA(f9vhoe^saRaum`MfMuGMY z2Z`21R~<^zRlWu6No2PyUIY7LP8SSgu4My)PxuitWINs50$BeARa$_sGpzXplkPDp zLUNT87~jeBNr#v!5JA2AqE@t7Y!Bx^uyLJ~hq3zaiME2`KIipYNE`N}U9|tUte;1R zE#vpEmG|F%@bfl0?lI~SB|C1*&!yu+M3mTsI&L!}n4#nTGw!%_*68<|vv%%1BROlu zXdNh4cHBFF$8={hH{{cTw6nJSK~E=?#GwDkFpD#8`z|t@oM=v{~;p z6$rg|@$u>2Yx$w~p5gh44wyLSd?DJ+doSBRm(rekE1YyP5{0L+u(V@Bc}DBKmvpCk zFFK3d9c8_jBU56$?JpZ|Z#d2r-Fh$b%UE6L5Q*N~ujB0@>!>K~y#uy_#o`=qor$kW z=isX_@g;wi-WK)*ztc%@=mNG%CWab~O*_#wq-ScH`ejcrcI`yBV`3TeQfF9%m(mC6 zwW?IcWGHM1UgG3NW#~+Ys9L@Wk{AE58;UdH=l{1n$f zxqbP7L?m3H)Ar>rNvg3E|EJqh9n#It#D>!?j!k#SO55@LF$R(7kmdmYgj38gPpCy* zSe%`}nJ8=6lRY93S0g{U1r1|T}3)sfRzL(hEvqWhY(NlX1SL25K3Y^u6KQ3OJ5~?u?0S)UgLva z2pdOLg-m+x^$QkyJ_m`oQX0%4K8#5u(YlBK1_!MX3JNs3R{+1EyVa9{q(6{s3m_c; z4r;u*26CAtUD`QQ(H;ZQ$|a(%!$8=LQ>z`>HA;rlcDWFMZ2|BFIsKLE6Z@kJ)UEE$ zF9dv3Q5H;~daHhAHHxJfAFZ8rfi(L-r9^o%l{2b(Q6} zHJ&yG6EHLWZM*9u8&p!+J$fk{Y!*XA5bH`mCj>N)pUG~OAyM1E4BY0v5K6Wmf!x~F zZvY^->Yt(NJfv{`Rq=&KpAfv5mh-zz@Bay;5GLefb4BL-?nNK;ickfR&Gtndz!a`0 zV&4qc%f$MC-VbH-^TsKe48prhg~!;jQ6~_}%ms&LU0Y!kZkF1ZX8e#0*8t=Ol5(sIsCtOJ19aQP8uZ|~5*}AFzVx_3u|D@(j**e>6Z~oFQ?mcyt|MIG%l)~Fhw}?@HKv*} z$e%~b`$tmqSJ*YgF2oHo%6O>!KSU1IJeZIocJI>NO!s|`(g_!3MB<&Nr#?rxo7Pb6 zLp}qTZpNRZ4d3MV*Kps9E&$563Xw5nQlSqWZC^_DSeFZ*Q72^1}eLws?@1o1@0%sS^LBlXLJ4B z{^|?tDQbEB&G3<{bFCOuwH_G55ZM!#YxQ!+Cdy6IaziNBFiN?fdb#ZryM! zhDe4W`4yD>N2vm#2YJoJ#z@Cil9ry>*OoI3r@RYyC007@ML zOf`V&=uOGMondk!93N}VDcHhDI>UZ-v=qP5jUWgt;8Ib17dks+A9ckIU3}XtH>E?K z@bOoaXEuLu#YKUj_$EFP6W?x#iwMH`p&6&}i@^&}hAh)9h&mQNFSo>?3!y9F zVpm+8Y4-%+w;QZL0p$+Dehfzi>7Zv_h+3|F{d-N!#eI?=l`A&8Q6v1rg%{hw*@bj9 zA--PrU+|qISyWj*j0~;jXrsLfgWaj;i&5wYDhOs_f4=E?+!_W%yoN$POj}FlQ#a8b zFokz~Rr3S0wY=l2juHNPj%u9yS4DSnzN`x~WrJ2h1})Av*}c2LNEtx40H_dfmr_oDNv(ceWtq}oH;v%mE|_H54I z2BCO!^f&2M#OBM#ld}6OafOAR57U9!OqE?<7VZPmSfV%fSgyZW0O=?9RI^Ir(~Ayc z|J+kJGus#4i41)DQNQlUk(rmm;fjo}S%LgQ+P;h^UM$+Iaogo?=8c=c=b*(!DW2gQvDAy@rOsxlnQE}e1byM3DNnFpvYrGJ78`P9 zp@(cKAG@qnhc~#p+Y#g8n7K-|WLOtdM!7|o9HFCo+sA|k8$_;#=$@U=)$;BZ3K@r4 z2&_b~*wJMqW_Rp>-h&0P=xKh6;0a92bg=kpIm4~}yu=Go11NpSehT02{r)6! zA;*^B+4-#-`1~C^n#fPb^0~@wKZM5+&@6wI*g{xxx%RNsd~$^7%f*23%_7-5YT9n1 z?oEJ1*k3bkToN^9Bo3Y+iLe{#(L=|p#chB{*5Y>*#{_B-jz52HToSX&Nbv9lceNlO z*PgvSd{CsHX_xYwT}Vr}O892Xn}@{PTnHv}mytqazXc#;r~GEu?Mt(_w`cEIn!O|J zYdJ}LQHcni;_a{MaJ0Xs)uGMswSF+hw*E^evwy@V1t!(W9!P=+a9 z9C31}@d*01sY7T4A`Aijx`=%ecFdJzJF>Rkm}G;3{PbW`kWtCz9b#m%|H0}~i9OPk z<{W2VYa2S7)HW#1L5_5~gO^9{c5sLt1tP9(^loenD@jC9EBYx%p%hQ@SD_d*XZ>`m z=>8$UtO0-E5ZjegjBo}}j854fYbN;am`r>ZmRxLVZ?g>hO2*6&UaCqLFiCk1N}xO+ zr@;MXVdz@tXy1@u#`8-bv0BkZNU?)=C-!+fVkqSofz(o3h)9QGSu920lZ_j<+Hm1f z%zbg+sO|N)kvj!m9vgdWqY27<54zNpiCmW__XRIm-;A`%`Om!6eB2MSsZ+EYv9!pP zR+M3s`w}%)@fv%!IOixOkApUE_h26#Pe9<6_P=bQBP?WGdyq<2+!p~Cee!GjqDwqK z*3aaHu5A>Y^(nXlWzF^xD{PLhI1h=1jvNac_bf~W>lxygv{Bz%sf7_!d9Zhwk;;UYp=5?zVHOsn11%#loi57ky8wg=3@P>e-QAhhHGVbJxBvR)TP2%t z!r}7E^$P0D|MH#g%wrZ=oxqMsNPIIlT({(bLl-1^K}6@FlvkCp8iC4!Infsmu&zh@ zgBc_|ki7*=S`$jgNJzC^LczmqM>xknc?r#{<479Td{MxD-eDILmYv%p0IF`@rOcrc z)gR$HZl9mDY|M-nzX@>^4d8@W^s8se^sOHrlCe6>7z;jw!WbK4Jh@dKhmLNz3|v|( zm4OZ9R&{x0761%7(g&PcjSxDi2pyNlM>0BZhR!aGcqMc)qUoxgisD7k8=2pF^!T&T z+O>m_WE^}>D=hWvgn|dXv9Wzd6WI0QvRam3Ttx7hNTQi5|Mr%CoTNy-lCK;W;Y8Qs z8Fri-Gt32*s6De#bxumYgW>>)uP-@Q5~vC?z2NA98B&o*A?yC=iFzc+gcQ|pAF$$> z)9?}1)PXt3lKsZHzQ}-kn+FMt|C9(!N`6s24%KBysfXPe>LkNStkLk*y4z1cyagHAuiA6Ty_`pq1%A%kklo?dwh zbE=|krzHkBz@rhXN)i4j+#en8g@!a73zzN+P(AJwL~UYXTSSfBsrC{IR0}r5S|M zV1FH|9NKu0pImqf(bReA@OFsT&M6;HA#+YeIgkzkADWAg=q1_}#~f30x?><5_?C%n zCo!Pn5CE^v!sH7K%A9Pj$VX>#D>NBBO$OUT{Z$6jFxY-@KO1ZlgK1)S;q*U4EH;=z zv}J?oU-z}9AGz?qUoe@1I~Hyrccn8JSJyB~a?j5Zh__oU>Hz01LyNL)E<@`j{wlQy zQ^vELk&{Dy8LJ<4hz~17KWG$;4O^`IPp2?e;P5ugS)&?I#M&|t8gZF@;!9XgVi zO?<_S7lti-D@vC5E`;a$_Df9s!03!xp{EJh4^qm#X0*}6PWW&j&lOz8-ubA z5yvVd2HUr4D^Q5G*h6Xx4P%E)*4gi{<)E?H^OTtj{Z*I=-xzvwZ)4`TkYC13!6D)S zJITzd14d;A7};&eOkB2dyJ4awq#6G5oGf~=w2sp9?VD!4+xH^>Py6f5obJR|}hZRnG#0d*<5DSB>vgw_8 zl#P3rUYYFM&L8%W&db76Lr|a<+D1%?O9|CiU=r_fm5We~9EJ7vZ9&tAObJJ|1^YY1 z=(b?!rq~wTj8Q(>FW!Ey{?xPo6I-x%C^bP_aN3^Z*@A-|qQVx4lku;5spG$Y4{@n zuS-XN2R#H6s%zTj5Vwt_(;oNBNtWA&&6!y8KX)cqCRRF-gSbyNv*Uh3{plz|b=wUW z9NiX9TyA7hv~1ifTH&OTO%(psQ?Zd{VR}jh`65GUrE*(dXY=m7 z&WEPz6zV){Y@R->n}lV2TX!{>U~%zBwJSY{PK6#$scL|{h|{27LS4dX z(4xo4E&2Gs2DL1FVE*^-kHh2!X+vHm!?yy~BIN?QRQ`rY`9I=nM4Sj>t?@Q)|_f^?qr&r?qp&2@x_8u zKW=XbM(t!r8HYS_O{7cZZ@aLvRQ`qzcf{tQ_S7M<5~?pt{57pFf8Et;e^$sZv-^Dx z@lk;go0RIzKmM6?=H-z3a_Ic_02`q*mrmsht2WGoo2FR1+h2vXpk&88;p;$puCxsd$Y}a1L`3h zW}kW!)wn@*tq4E7)eL&z~b6)=RtE>HaGE9L(8Q-)mj%u#jJ-&u2IU zw=lSC&2cl@e+Cku&!sJ6s$X<8O7$Fn6{^9!ZRI$R4*6wN|MDK=OAS!mi&kMU!c{b& zSQY&MU+)wKmJp3r+v3As?N0>)9Fc;hYj^ZVhWs)HKI;(m0+C<6&3wQtLL>$o;9c!Eun0`>1|%7-io} z+fHDkW%0`L=?`W`NbZ74YU@(VLLj_fucqVq#N_TeMDMsCw3-!@npk{%$@(Ia&UnD$ zKl754J(!JtWKyvS#NUGajnmz0+%74o{b=h|no$ z50iH3eTouQ=KNSTZ}FPPf_%X2AT*qK6DclUgpsvQ88l*$WwESLh)(2uD@+_mz5#Pz zOoI|r$I&KwKb|ggM+g|`CA8&{Tk?)%i`=$-+h3)Jd0nF)*J=N0vkuu;Hf#I3=bw@) zA7*9ecs|%wa)Lk1>W=pO9VMT_NG=x7#pS3z0|M!?zO}U#PR`mAi^cC@VW2g-GN0%x zy%8V1PsX=Dc_~`dWNy>mZ)4U56&*mY87Noy57AT!xGYB%dgx9^2g^j+54d5xl*S!^ zmGdcfbkHHf&!CK@A(-HktbVhyW_0^i+98g<^G;^Xj@4Qrzf2_m+|eNR6bPYjr|;Hu zP|cmWYUy)o96(hz{FK>+)G4m=4GsG~!Yyeu1Zonx%Ozy}dVrlAw1&% z+gF7EzfPTNIT+ildVE^RUQ_KeOD0zk4%=uJ3r=-<327ehi1be|Cbk zc5QHUKOxHHwZB4`BPU+_1&Ne&?T2@;+BYUa%4+{>2bwBCZh%Ok7A*yJt(Lnd56y}G z;~01)T*U9AqiG>92@=SjMh*GF%vaH{=!%7pVVp6VR-;3qRonIjT(r}_;m^2IQYS5Q zGBW*;&53ySehlWO(`o2|0j-KY4o_GPbtl2!p8!|s%f9(R>~bh|y-^urEZaYwN$I1H zHxnLT_6K9u?<3fxu0e?z&775kR&*XC=35T(dt2xwrC7h3Ug~ z4I+uIyGG6mLYj2Qc&~6H8bF>K@Qe;8&-HjlW#xG)eut#uEsNNbbwji4=FsGh-1HKs z$|%zpVDlMtEuxQ;Mzo@6SpTbM{W}(Jl;c~Z8yk-&UvuLzB$z!jX$^J- zCRai*H$4wbJnh9JV77Be7ar?J*)K3M{qs@0W%0(Uns0C((VN`}la1<5+M}Kaq|RQv zF}Ln7n_({In^RD4=WcgEBGP_;u4mw<>TBmZejmLwEk6CX9uWCP@W}%;lXaaJ&-u(` zNN?!S8Pzr4xJ1YyEjM}Hb6Au^&ZIpWC)Ezzckr$W-gMPAd2|6%eKe}faAO8!?%v{}s+yud4&9KEBa z^+vCZVTfvKT3;(qtF38e_#{RA*Y_d#OiXgC%Abx~k7YQC76YK;L{FC-rA zt+Z^i%!(92U?D;L2*DL3_y{xy$XUbX_{BdFX}dgEh;(^Mq${*+vP^r5Ah3`ieuQ8< z37!@cYz7hh!`G(u+urhukXc%)&7fJ2ELGGgT0C7$B34RS*CjN8#O;an^${!#pc?@p z>TF*Zw;zgHZn_8T0vHVIG#Vxo43e7cH`fWO5z5b(^3-SJND_o2eG+`~2#$`5Int1% zg*2&c77x@E)wu*m0I|@9hlc7tIq!al$`(W^?oVchh!6doR+;=DRtei0(6hwuk^8 zSM)=uYHSvXEHM~&(Cl%%Twpln%;RC?XvGG4q!M{WrXW^0xdfv-TEzUk1nNyPJMZjiTD!^Uar6&cL>frL@;i^MG$wl+iyr)} zRSQ;`2k$3zcS5vwq)Qqf!H zwx1G^)7FAVu*9Dd9pW(!2jAvUJo5Q5g|H|<45fsR?=BL;=k zs>-&|#+2F-M!N@}#Bj(r+O#UO&?qqUoy@Z;oyNzwO3Dz0%AnhVkJ%u8&0GIW?GULH z`T{_BfVu7S7&U6zmT>B$f*X^{VyCkAxKy^Tr1G8#Qd#O$9(r@Uy4(zivbx;GiOK}( za)VQuH!hVUDyhha;3h!jW~cJ6H^!^W03gchQi{#xnC;T-RIVMD%EgsbS|&(kty9@| zTq=_*sq8XADz~g@qS9AIeg7FxVm|^znZ#^I6%FT@66^K4d}>@OnMx|QqiS3#NB`F9 z@}GZ?SC=ONQC621+2JRkV~=}Xt{<1mC6!d#Kt*;`^>z2LMRRSIeAOO>|g)qklRxTA`oOXY97n4zWeH!L(=z}kmNKvQ4Tz7-M}(a^>G z!&Ew*Ftj?s<7d*~Np|EG`F24jbRwY|zg;NWDewMq0UeMy5$P-4_%94MGP_u`2&(fC zar2z}V39Z*zj^fkpScmq>jF%;FWYm1h{Jt4eRlG(b2; zphOs4Vb`|-Cw6nSVMc@MHzJ(EI<<3VS%PclY0DAqKo$y1WCbLJ`{zEhqrv)l)lly zE5`p}gV-y@7#e#UZenns)IUkz=We!C&AP^ID5}oow1A}YY|r+qb$rAmPiBnU+ztVq zuSMZGj8*iKvZDPzMbW*-p!J!1)3mlg#;F2M^X+SUUb7 zGv<00Jh0EC4MK`@p)2Uzi;Gb9f>edCvIXAEW>Ni$upRu6e`-_toZ9kzf*ZZt^G6OI z>_vHF#SHo@QPNz>4}AJH(}R%>8Wf^P>%bJ;O*v)OqL|$Kv;`5UFI}}TC;iJmtkx$xczOSL&>==YZFGgk zN(wxAc+g+OiiK{X-QsP}xsG?Lqt0*kafph!L}JbrVHZZ|!tzzCz*y;R&$;e>)nqj) zPd7S51y6}N*U4k>^tR_*A9RYN^0c`_RPdCTa~1JbzR~2=LCsK|n%JD{oBwTc8gxjs0?E&s^;g zVN{l_Zx~bVdBz2eKHc0&zB|SoT5Nnk++wWp;U)V#oewSDKOSd%D8Cl}t1JL+=yD9p zFNcPf^>W;_l?i^{Gy?-zn;aujH!8?giVORrZ(#I~?YrH>fpWcq3Mdjc#WJZ>k3Vq} z%C`XJ4qSu)YoqPZrIYuv#_Odm8&l&IxTh{qUxzTPh$(Mb9N|&?mJtrJ{SZAf+OA!~ zk^?9<03#e*UGUL!g@5|*bK9d%zD?i)l%rKfRR-WaO*P)JW#imc=5YV}5Rriy?W541;^!j|edl23qCn3Jz?M5B`WqC>=_N+i{V z5pW`;!o++ZM>Hy_Z5$#d^;eRbK0#7pc7Fd$;|Z|SA!1T5l2jl5Or%y}ihimi8nspj zIz&urBT3DjAgM4<-}txjYW1)~#H3^!L8Q~@L8#oA8W<+)OB~UtwK~%wVp1=$R*NP` zD$Lk-bVQ?)dUa!kvj3f=swYS)OxtgDM5B`GaEQ28LnO6Ahn#T*80PL7M>Hy__c=sN z>SdCeIzdul0{`0=$5V?t9U><63P}}cJSJc*!mRx~M>J}!at;xb`frjN)t3HJZ0RkP zw)A~6DZ!1kFSI0V>5n0ucv|$fo??R^&rfE<;OqV^jtRB2q)Vn#k84`bG0VDSI+d-a zmD95rMffsV?*Yki)6WnVb3Nf+n*;x9?V~es*y>CJYLTc02Ns(QU>+emmoHQ5oK|q4 z_?*9{Cj(EG4E3=gzbq78aELtxLT2%{eR}cfACX4u zt!%V&Au0+Hp2RSIgG15`>ajnPydS6olPzrG@e9Uz6g)bK%_19ZaFG!9V}W+Wq1&#b z8W2|bZ7&SBP~g<}2bOH?Wa5}EPw-^~tQYXowEaD7mT2K|L%0C9TaJfZ^<~MD%_xkj zaG|slzpP-_T5c1Ju0LMx0YYvQa^(An0O;>|8qGa{dw|YS6{K?kC#@Pkc7vA4l#GNxqO2%7p-^ZDxi3m^~$JM02nS{^CEi|1%B`G(<)d(nqR(xNm5ELbxgY^IVt+n=k-*;xx zhI7vU`M&RYKAwkW-hExSz1G@m-%y^+?U8zjk12CkwhD8R+lHLheq8c|Tb0L9$TPTQ z)f^iK(T&Qu?-!o4d-t;YgVZvfuiPfi&j`I3@oPPPBxr2g;nH;js2AVT>CPK8p)n96 zx^t_yb%P&L>Pzn@UCLkzaN##Fk?Y39RloZXOeA!(jE=VQ0zW|k3^Lqu9^G9L_vaVK z=N8<&62)Ij!62Si23bv`?r4N0Q>WX zWI2?m30M1a?zV~G_Ofyix0Pt3b5}T z@2&uA9o6f<#^m}h+>O!upv~<3#s~hWXUmaboR5t}WhP9Cv)TLonjF3Day-m4;!`M+ z7{eS>sN`BAjs2Rr_$Rs)&vC_1pN0pv)+nSXjYGBpvThQik%Z1M?6PJf!Qr2Bm*S04 zYst3iG1$;X6>ZoNy>%{wp=0OeUd3LPZ0Ck;>TJn!!?ty~JqWD~hVs*O51=%1(55#f z2@$mSB$D^BgCsC0$MvS4q(O0yIFftA{sh-gu=5s;4uMEK;}a9fchR9#=^Y9lNGq!W z1BRj~lw#elYKLZIUunb@!*$(9E9gutY=_@RkJep9i+~EQ;PxzdCAqGN2pPVq?i!qt zN!(Dpqvd0l(hT+#UJW(uD*(g=Qb2-=xN}^0t&4r3py5%0I}stDRv5L+8|Ct(nX z%o&(mf@$JC%vU79Ji6|O0F&1#`?VEH$@%F!wg-j>q}Kj`GoQX=UV1~_6^tjq!Nu~_B9~gKyYhcb&tF1>jGpj> z*qa4Amagl=Ts_~@bE*Mi z`(O3G+6nhQlU;tLVLctaPeKE#L+~nuxhA|D|13q=PXzmy_=CbT>iSyn3px!gaUR3- z(0)YS`d;eOPF~SDyaD$a&cI|7GR@5JY%~N}n3o=}yE4}3s5a`& z$m!ZB4gc_;eWUlr8od!=D>TZ?kXlRBuKW}8>-3eRxIfjDR2Hzn#FaK35z?ehzZL0g zn($9#(X1~tOjn16rWajGCw|G#e(W0mJLJrE( zWVm___8Wd}!uXHtVfjt>h)s*n3=`%&d4H^z2k+dteXG-s6VKMEXbIpff=sxnkGh@w zl!eRN6#;nQiBpJ6A6G5v9&opO&-_oi{4Xc!dx@Lx@=r?S`%{ejx%_t~^8G2s87`kg zKwXm7*!5jI!9#EhqX4aJ&cE*WW&)~LezZTb(X0%4!`)x82i)VQ7#rrv&;e8BiZ(z~ zdH32bukgi~qJlZ~O>V9Kl80rq7|)Nd!=c0sfwvUg9Yw=1!fv)pGgmU88|QSCUNUq;u@xDxwI3F+Ko zDMuVH#&`&02FfQ9L^;G4mH@_P&!FGXM-O=&hWT!&B`fVov_I?{Ti_dtptlhxfZmA8k64*`q%r`i*-K%U#~is3dkK$tbY480--s5b50%%1BE)T zDU1Lto(-dy2I|gG^Udnc$EFeJ!SzWZnKU!s^)UU{w&mk zIm77&L-5UqD=5PwC+Gtn4BA22vs~G8Tv-!{iQu22rWr>Dt7OXt2E81kHm?nH!cC#+ zW{8H17?vO<&D2WaHLABc&F&Gr&{j`0*S^fp9+_A^*LDRl*S^fp9+Bwh+Lv9PzN~!q z*kd!+9yizSLEru8wjVv%l^2)Rb)O_0lti2N=R7PdSq=-+SP-z}JS<4`u;eaJ=Z@Ue zlfLxw^rhu6^&3q6;g>)#!jhQ>GUVWz)`XvtiB@NiB;$}x=Acn%+KV4}Swk85&Y>8O z?s`!9X=mV==Xw1z%j-TNl1|7>boY} zHZvx-8XKJOXPF$i$@g{O3x2v-oG%|E#04Pk{g5FIE%)8b&@yZgy97ljpG`;@#K0NE zzR zS2||U{6&C8ipoFn;6@RRReztcY?EsMXc&Qc2l@&Mo7 z)jH#RR!dM|sIx~w#zD#ka>!)tcd^$z>BqryC(%#^$``X5+_r_kMUnQOl9^prtRj zzy0>Nhkr-X-TJ4CUPE-(;Yf~lfLY)srvB5}9QC^$NQ%T|aKAbf7-8_EkpVRFX}0HA zXj%tIWZdnx9Cy3*2OpC?+)lt;=>O~5D5OZPO9!1>2e1^oJh%jkLI#y7>q!C|o`B-O zi4Fv)kJZfCy}7Rd6MUd*YEcZB6UDzEY%&?=ri5%~H~RmiRvsvumOp!sjbdGYlo{AS za2*_+a8i8;tKqMEE4UhBMIS~X)oeK()K+}$?Y0A~H&NUkS15<#ELSK2#Xf}M3kfK$ zxXWD6x49aznPWgQCaC{p2`w}wTDbBIx*%}3C)OM01$?QDD1nUzjml+c7J6$h-(nrF zbk!=&Zy`JvO=`EqhF8; zqwjxRXF$(%KtF|&CaVL%d$|m$n*xC02U@N0??w}fUB*y&tyV<2?e4U4x0IC=C^P^@ zik&!Y5^z~rIa1jsvm~`qH7z{y%cgD7=zj@;Ank zCMihx`I_+?C3pBmr2?$;)dsw`&c|?vtXKlC+-`h}u){1t%sEINRdD5bwZZiWH2Njr zi)#(m-W;Z+)aURpb1D2>!&pXe#UbK)Yu+-ZV|x)a+}*G*#o&+Vz0z15C~bCPztqt2 zHd1Ffly%8jy#BdSe@(u>y|h2g>ti}&@e{_|wVA>y&(V7vU8dq_39WcUuZBYbseuC} zRzoj@7DZbMehmi_ayA5WI)nlV%XbRu;SvN8W=L*ikt)#hdZQ*xW(gaDf;8&5iA+`| zD&_6$NQXvFbaiWxt+gL_o17~IGx6v{6u<)aOFgtERacdS6iT5YA_9Y7Fs?>Bn6_wGHF z7={{Xe&Dt-N&gufFtqiisoR=wJ`CcWehm4x9*^%3ITdXQsl|nJ&v_R?W^i1lCCfo% zPG1g&5gN&z2ze$%dHDs*$2qC)+YXs1KhF8|nSCsTT)WaY#Gt* zdGkRGI!366p&=;^b-AB1WkfFSVL!;6fUq@4i<~ay8s+B_RDn?TtK~*mC`Rh}DIBbwc+f`uPd0fl)`{6Hl`MNempyHR8e~*kYlZUEhves&q zHBKSu#w(xhxC(}{auX>!)n#7S?nS-h?X+9f`HZ54&$x9SQ!M=v*>$UISQx0tF9Y?* zu0+f_kHI>h$656MYzgLdRV; z8l8a){&@+CinnW=bw;fdfosV45WDuWzMdcGx$G4V+A!%HOV+~-nFoJ-4uqOw-MU*E ziJ#Szh#p$d_eT)I3l~Y5@>Y8`)9PUrt#aPweOBA3a?+qMkg?TCAi`D3_UOL8X|0dL z9Yf9W#G?3BFy~5yCF8cbyg-jsxK->qUJXuv;ri%<0PL2QlYs$OlHK}oqt}=AHZvMP zcriJZ$%9s9tHmXhE1}$MNBH4hgP8g(c!kl*du&ieq~0n$!_7%7Yxd$GIt6R2LD3?_p=@V(V1$Zz{lhq~cN&lJIwgR225x8gu15(0f{_}!>Q(p~C{%yDPT&n&*!XgALB1wzuP|JhpHoQ+ZY_>A8;$37qMnA$wMDDC%TDLEHp;E zn@`8O`4GE7HR`l6fL7*VC-#|@d)UXGBfJEoiIu(U3WKHFHs&jm*g@+AAo%>wsK6=1 zv_QKRQtV6t(4+}n==4qHeYYq%CU_*(waB=rYp1zseBOwXZn6BwKJHXLvX`#!LODOU z|FPTu&fq?OsOsRp)eY|BU4HfPc^arbwfnq-Ri46q-j|hyOw$AxhJ2F#00tl^Stm zS+^6W+WVtBT5W%tB*!p@7|C=2e+zzZj=t;I{VA=$blsj~Z!;QbOfPJQGCY}Mpt-W! z+e45JG^BgbmY`dGwGmr&s=eE2fEEnULih;;f-PtOoX!^X z5*jMmtV|XyUIm?-uuR{+(QLuTT=8F|9itGe$9_Nnv(5nZq0 zfgP3f7j-7*U^>fvCgVC=yB?48`DOO$>7N_aa{o}YXF%@c8^fJ^&=%31d}IDjK283x zM>Sy%E;6k$0Qbd` z13=~Oo3|?woO$#O_Z3Jq%biV9iGKjXMP79sit!h}2XiSvsec&W~gFrjGk}m7HBxWh4;5hc=U76%$p3m9XtRa4k zRCaINJ@vTgl+ zXdEk;o^t{zG1)}WpOZ0 zTmm4@^cT>)NSXnW(@7mMkQJ2T@Z+L4xzKQ-X{Su#8}1h!pdWnjPUtWxm6b%w!XKEDiu8(oPNQbOoC%J>N;XN}~CN1>?_h3*fzW)+HK+^5iSwSyw# z`mkN2Bm{&2w05gX2f7mf1|8#qE}*PLvo*mth_T-<-2Fl2$!I>40$_u>fstQ)^D@3SRanpqW%4#aU2e*v$er?0B({$o}9&egg@z>%bBhsSloaV3^9y64W_0fI4Cx_3mbW0 ztDykZonpE2FyUz^qs_-nZRE4q`^AZPT>P<`$dDS+ZdJ-g?o?0A>~gINN$#D3ztc?* z^jpmAr2)&2S-99MF|#NhW*#A^WfJ&ns~n$J$10DW>|`sZv}9GPEFx;NikMq95$9vg zT`@l1top^@m9h2yk3t2{F!*KP4X=(2=)IpRmAoGt!`{4ze(xe^xt3(yCQoGNKGGxup! z1D*xqfBgat+o4C}pea)gqj9xTzK`ZT*joZ|2kE@HBT5yCyIWsK$h*@I;2XnHM|xVN z18nMVFv4C_PS{WWC7P4xsoeE|y9E+ZRcRX5DmBLiC61?TM+3TP^4(xXm8ZXKqtBnL zABx9&F$^%bma}1V*@e?yZacbmX{1orUO-%m)P`0R`R7OApoc*&YrBD?bxrA%`}L z`PLQa*dB58aBBf-ODiCd$wQA3{MQQnEJ4`W#K=sYP$YoT3D8@WEEpUeXtotLwD;~+ za7Al^ZQuN=jnNXuXk$31T1l|0CiugyiIS=r>=21315b&nTr?)cPiz2!_?ZTi4{i@W z!sr?7e^MkHjG)RGhp^yhbaunZdxbqr%%&3aQ4WEGTg!mOnhvxY89*DFF~#}GIGaaS z#}wx*RL7X-e3Xp@_w427qvqUzz~W=pgUFCp`F$>alPGj@Qv93GWU}jVZ+QkE(K`I6 z(V*%R+CF>9N)L`>XXbctx__8u0&%c$DUFiZ0)GO}Jtf66Vib&UtDPUR!XsTJ{NjJ? zSyWSGh;1_bGP{vnZ+>m2`v=X5Tot_<;xPA|^XuV{SjucC);i*iSX z(>Sa4x+BJ_Nx@QB#YTdC_Y_~nF{qJ@7^zVO=h@Q~W82)<#hv11Ae)%F|Et_NrDrPc z9HTi?a%VICWR>wV4gP!^R4wyCDu>egIDfvfD#o8h5r5{AKVRG34JAFbBAz6NOl^!O zsty3 z-m5lDf{3dYp_EQq6cVpKVyFGtIVSPFX}*t)9*9;cJOMUgBz>Pza11X7r?1G`)4*>* zs?aNsv;YtL(iTPuc-8jlZG)! zMtk^oBmyY3(CiK@#OpuovNO%1aGM2zYzHZC3Y$tAIHl^*UW2t=;_vWVu5v2l-bakL zeWA;yGOtx-PIriH?__KefBFj?t_tY z_BRyN{TL&x;$ntuT>DN))b{jIFi)53eH7D<+Tf*OO+^BvO2gAS_wGW>WL)-NEqsXb zWA7%mbtSi8{ldZM?iK&SNg_u>UZTAm#kXKpl_NNdWFhDza%H3Mn>e|bPjB?MmT}A` zNAq!ZUu*LIGE|36Nvy)wV19`Xf_!RbQbxqP2%m-*B-xpnA|o?L((BL}+>Uh+hai)0 zNy)bFgRLB7B_&(GTagb(jvB))5Ce^T4F&=1KyT|{HrS=^vO#*fvM+e%Z&E)xxn@&| z$R;G7^WSio@f{%pMG?LNAeMJtRTuCBp^05llsN!mAr|+jug1b%;)(H$4{6`%@pZJh zaH=*n<3DvszP>h7Q?;oXKeaYvqgZHiLj-^0v}w{lRbQI%F5j0Q)za5{qrU2=-B)I+ zzBJT>*CBRjkk0Y3Q?zg;KM_=jENXQOeq z=6WLf5IZ4t^U&8zfL&WD`20Iw#1&3YB18@q)5pHutPx5DnDxNcm4ZF#V5pfa;qP)u z{POjZIDocFP;G@^&izzvysAQv`iOaa8hbTb3Ku%u8R7lGM?|R=DwP`Mdai$gR{nv) zkeTJWaIM@Hg;A;p@jH}M0mNV~pc(>hLppEnK321klxm3dQ|@3%W@v$>+Z%$NcxG@C zZyKrvf^tNt#ame|RwHf8B6SW6S{f&b&7qdA>q4_}C2H}q6r7<++;4}ugskOB@7Yd7 zMY|hO1F8IJVYx|BU0{$<8lq51u^)WqV0EQR62{S<;~m<>=SRoM{r%NU4LXkJ{x1fR=(g%A6_8cvj_i zLGLcJc@PKyp-tRv8@zgGWO~63w1=p(6E}j}0r=Kb!q=gF_je&Hcp2OA03yt-xQWM0 z@d!kKX2rW$T<<4<+jWO6zS8X?RI+}FA9O=%f-?wN3co0^5Y&laF_wm5fAB#t-GeTU zrs}-VXiC^TLL`n&Glr=x4YMAIZ*yE>4R956vIbq(1fT!Mq>Wr@3mc-~JjddxNEP{j zB3j?ToXkGW)ob18{?Lv}BwN60D z(nTIz4708WYi@IclZ*DAx*2A))_j zA|dhsFceV2u*m6L3Tz!oHKPLHiUcw?X39zGcF#>o(t81@D!98qC;i0*pcuqIai0S5 z?sd6qVhIqA1`uOuJPDd^X)|xcsLOr2EL}#v40FuH%vDBLj)(y+CBY{~?!pHBn`sOR z$>Dgu(u*cxT%gQ%GzT+Rh{7LNngR`=5hPTl; z{Hb;YMIa$ijU+@o2$#Bi?M^txi3PeWQQv2qYxVrM!U=YE%$`x#or*9R(;Q%M?5%V^JHrOJ@T!@s*xAS6ub3<-r_hk`%>UAjjxJym)BhkC@6O;vuVW5%cx*1Fe)8_h ztO@8hr{z0X0q9fU%`iz%HZ+*kgsi)eh>~btG(Onb-Xt~i3!8(<1Ci;~X*VgF zZrz8SdEO~X$%)z5vS^r#H^lFcO$59qFanHfV$L5?Y)Lf^8uRLbmLD()BLBn{N4^j+ zqHu{m1F6V>MDS%`qmoaEnQmQ}50{|eTvoFIg6gS8qo5lXF$&7*0k3@r$j69+7~d{> zqId7WoK(gK6_naC@u5G-regAwDoCE?p zOT%J+Nw(T@M%V4@_eU-C{*wS9>@W|e`%5}%=nBS|3UDK)iVrovA5nI?Ph{myCgr?`W?-w#cu^AZWA1Qg$R=tL9H zgNcjGa)WRwT_@Sm9gqGUXYqpg`)=S@wz(mxyq+^X2Nq?FYY%$nI0c3*9bz1w_zl7Q z9NZ5#%$TP8Of)~+0U6JoDS#%1o5?kI$=Jx0=KQd8TY6%{Za22#huuL3DDtMb?1Y{{ z#bbL|P(R-H+d45^8(EKEd7As%CxYvbBYQZOfI_roF|hU@P+DV1rJx^Css+fm)Xtlq zs_Xu~0G2M{5BcF?5Yf!1!7Q1nVl+wYbQ~0%i*oo2Gu(&S+x?gbLPkc>GH$|NYoKzS z=uv~zANkvgV2T4?zLB>iQ!@vIgPW7-GNYIn&{$WE^mUWpZ$YRdqgAh1Eo=x5K*U;4 z8=N4>di_(&BH*PJO*K?F7S4A~YR@zF6Lra}%EAiO*@QV;w4X4$vEJ(&otf>W1fQgb z+pTB1#KWgwF3LrtM(WQ3z)4WNJ$QjmXm(w_G~SIS{P-aL7_iRYx0?d!L1Wa%+J{2Z z_HPgX_&5vOhW_J}^(vThu-YlYOIgO9=c9Bu?R3r!V5RrgL?j5Hio~k-iAan=B*rNc zTZ{BkBw8O(g%SMqXpVNy#kL>{-lLSKVq*F`72`KeBk5*_nN$gXFX+)VLdd9|j!`0e zm1L8;l==4dV3ueCXQH}$neXmM_u~Naet`xifE-BOhlj+j;QCc;0L<{%<{h@LGz+%l zmDrAp;E$s-j=oZr!AlP+8UzXXhjn)H?|82xn65>Fg+xGYnK@(_A=LGV>BkZvqUj*S zb-Gk0Qo^jn-U=S?Qfx3#nXTooiI+Dg-CUNa5RNZzBD9e{Z;bJez=40=YQEDL|KQn- z3TIYTBC<0G-eZee24n~GJJU`_yBK^CvRn~V;h&Q zeRXOn@!f70-^Dx=?nq5z1>i55DbiRAN@%PFc>0OydmM>1`~v3y0s-uXU-+#KnaryC zF&jM39udXfzJ;d4%U%2N`Ebg&SQx}l$bYp)k93VLi#0l*jq)`)A*hb6YL!oOl^4Y- z&vfPB zfcQh2u0=Rx&GMU(B}`2d;CA6#y0Y*M#19cOrhvua1(tve?2b0P=d2LTf?Z1OR`L0-afS?rxfqF+}oyEr2&@qENU2x zq)wYDpo*fQF5cfkK76f7NoLiZPG0674kz)K<$?m+mY_V_C*|EN64-aNOPp;S0TW?Z z)@0lEimEyYu0NVAD+|1Ge~%+&u-iP+Zv)#lqRJLL-+{_M^l42dBmgO>OMzIiSF)CBh* z@*37GC>enAvq+I&eFx!}D&%c{?-cTZ_A59AbwDE-Pakjvu?#u9Z3KO*6^=vyVsip| z4m8mv2@OI=((l%B_CC8YqIY8NR1lF}z*%a;8ysl{LX85Q4AKUC#*9C_fx6_J>iw=N zokQi?CtP(TNz4gFglF%!3zEP~tm&5&IsAWF!UXj&Pp} z03@n=pLmiNo$!KcqO)VvXEo9J(oqTG>xC)=S43y7{-s;&#iv=sCtFNSB|BHYbqlgH zSt&bvqmGju4JHu=$W9FWYO-_NI}_l42MiF|@o;Ag6m!t*LgNiQHZsleXR%L~`7y=` zksV^Cpu-57J46a86J5)gDJ?RF@{sx-kL!2{c0Me@%nDBng6#dPXg^O(WzYrudL(r1 zn1IiyyRto&0tdBZEB$~5L6F*Pfc>HO$=-@9=4(l)GTiZoi#qZ%M>$84%qw|vB9D?R zKPo5iuGm(E$;yvf`7yLSuEcIvUG68ORdRuIxzP-hmGpr8 z)*ExUTcZ&Cm|KDJohanqcwIYO2cc~#^cqcZXu@f_-yDg;+0FuJq}IZ3)`+cZqP0?f z$$i1#91e&w1IRE#xIO;?prFNQwg^o(8saK!w>{es*Wj=%ju^I1O?RGWW9?UHL|&EY zHpIo20ZCW^oTHRslp^9ihIl`$qi$2VUSnG*)DL9qoX^BQGzyw_H}m| ziu^&a!za*@WJ9hgxcEKJ9a@i6*`f7_?9gg**yK?tz-(?0CS;>_8Zc$6$7fCWMgBv3 zCRR)z%t6l*z{0bwDF`#2fK&s9H-95-;X;>&^o8<_F;`f)EL$7QI-d^4#%$-tGBJA# zJDSCR@W0_x19X5j=li+;g1E)#TNZ%#_wTnme_|xP!5WIWu>c4KghbWmU@5gq7)#!F z`RsNAOwx1J&FlLMoKSMZ&;7yKcJHco&W5YHhgKe!`HU8K8{o7n-LK3iQ|JL6eVFt$ zuCtx4N?@Lbuc3T^cX{u{<*wS#ksb3cJEb&y_m0zM*5$sswKkq@p5+brxL;qn9&$$R z!HX=CY<1n=)|5adn={2)cUw|a=l~%BEngR_fwW_21rvVxL`qF)ejzZ76%l(m0aq)< z;tTR!W2`MdGa1>c&J&E{WwDXqbMJzUU`SEVK#Q2HhNVCi?CaGjgx}XoF$6@iG!IQK ze;I@5U{jjcGo(L}?S2wyrt&{1XsC5G(%Vy%&-7TFg=5N~BnyE!SomdFKI7165Wc`S z#^SSu?ErI(Lr-iID}Bk|%S$smR{ADVPFc(aWX{lt|?C#s*!@ z2LC7*iB5m+I(-^f?}R+fjY5zs$0NtCu-j1~wk1HuV2+a=R&sLho>5ULSGaU7&MiVn zdx%E<8nLN*(ai4u$ba~@h2P^VTCeSR%z`kOI{9jLdm( zswe1^VOY?5IstwsFjI+_h-ga24MJ_JAQUyhW4JX%7fK2i+(TutVlswb5vA0Mo;lbu z%^(rPh%91g0DhUf{zJZ*W!HiDd=`z#_dBgN1_0vYPCZEhMH?dQnn&NprxEo4sVTAe zj3@w$;8L#B*m|%0ft*Fb9_Ch&yGyhgjy^Oqjn327@6_-S0Pww879hGmZNO`aEHa)H zPcn(g&DTVFRDjCNd zOWO57S=Zk#>5z$cy*s;p3%b@<2WKh}ZmUQHvmhmvjD($+}#qn@<-&!3OzXjucXmKv8w5Y>c!5 zRg~kslB$eYNTjcz6|pi34p%4{pQb>=NBHZP%YB5)P$*_oPQj-y{d<^?q`hKxtn|V7 z+)T{pSY(@v7P^5bQO}y1E{piN@X&73Z#sx)qiPf)YEOnQ{Q7%6{JY6$y-IaZtG31+ zTXSmQ4v4oR3PxjLY1^)dED51gHn7|4m8*c=BsAumq`sw|unZ*8wX!Pllc@hZ7s+Pf zqEzb~CUq1)(VSnS>o^T>Jungmeol%_)+pg;RkA0XQxbgQ72d?e6?=?Xaag!E)q%E1 z@(f;BSR@Az-#usHt9%_wmi6j0!>>H2qiCpR(}STsCJWp;I)eLW#I~;V^h+x;BqpKI zn}Y{_C_qVB=`}yZGQnf4Mkv_E`u$uRptyS|Z!*GDF=wmMj!khAS_*SEDqymADQMaU zX7M9N2YU!BIQV6r!iAQu+RSTE)GdXUL^I*uXhztIrd0X`){!p4&i_2%!x)?)jeVMlUDLw*SkILYNDyQB^N0{d$K+vpGztj_ zUK9vSN>CJ|gtrVv5!lLjH}8jaE5%va0iB==pCtf5B>JDXkTmx*bmek zn8YQe;Jd%&aD}aq>8Wa(KX~v}uBoA*@6i;6w!Jo(QM(IS9$l}cK^*5<12rkwJ$7F+@0?@HoAYW`b$^g~r<~~vU z7J8VDGMFNPK|AAs5?W1YF2TYs^e^{m%s=UbjD-yI>BfAz0i~$GgWe?@@ID_ZwvORE z$c+c6gH!VoP@;#;071U9A?UdXNxkVtGz<4tPV8|=EzhSn z^ro-Nd^{$yY1s9x-oeJe<5$D?l2vB`{%yXmbdM-!7B1L@h0iY27Fa{ zQ`XxNQ=ks= z+6uu+9yRe%5Vw7HRMut-?1#Zw?tHfi-Kd-9=DsVrVyU4kIHky77aD{fex_~uba!*c zcAsHpR}<|%`#HQbRW0%!II5O1c>qt**P9x5P#7#3ql>vEKs=^}l@NI!fgam57OK6F za0^Pxbxo{+p~vQ>MmP#nApPj9*`h$*%h6rgWt1fV2=c}*qkJTO8D)Tb=FQ6tKPkYL zbv%MZ;H>dI3j_d+2u1M=^rS`%KSDbSHrA3m;m2VY%njD%&c)^9Ddum8l}8YE2c74O zpjlK_?3E;#hYm>E#)C5nA?>zWIq_OGr-dA14xR4>pmV}$9RAk|P8Lyl)!?-X zIUTB*FT05*CC{r-+b`ba<+;LM{rATIDV5{DUC00S(;EMKPJjGsgVo0Wc3T|(3e$)d zd>!Nef16&pMV0hQ3B3+B*i>58+*jJ?-|R7MdOcpNRH?MjMaw}~aFD9%ONHs%TJZlt zdbOQgNw191>%X?0j(jcKecJT8K^v?hU;UP|8G0#9=NL@Ww=e%4`Fe(fUhVM%{F(6o zPBMBODmk<`g?{-7lRUajCCRQvrYR-$@PacMjAWl-z0JCS7ixo5NcM5diIYsdTUrmg zfDu?n7+9O5n)6>$3H_!1v^n@VcLG~UU(N+BekF)Q+sn+UMZYGf)YS$M6hzam{hIi1 zNNgL!tbKT`%vIlJ+ctH|`<^;60?Z0Op$*wV@EMisI-I(phmu7@X2hZt0n=p<@4+xD zI2G&4y;y^jJBViBS}i*`uS;T6p7$9^m(UFvgv}n^Z&wEd&5QG4lLj5y+i0FFB4RrB zpV?sRy071cxqwqcFL(OuWisEtW1&zEIm1A z8$+N==5x(z^o08jn5r}cc;=Gk4b(tmD8)Hfv&x&Bv(a^!6nd*{93_27+ygcmZQx2V zZ6hfOQjNZJWq5%Usz-hh-pRVjDPD?u6S`5)@2B?imYDwsa;tz|C`9iovC)9^bEo7u z8|F8zcfcDwYwZgp!kL2ZU%F5AG)Rb2g5YGsq(7^cPhmT(uG|U1JG6QUt+k`INGjb< z=k5ho0^VVE{mfpsQgP`a)e1$c3F^u)D!c17V}^dcF317O+!8Zgx>*zhc` zj`$@5(pA1bIJz1=|E?4%fseR(2So?u-5z-gnE;NYZ={T9Ta?@;lmP|{7Y3(b7*z1* z$7oNe5RoFEY6l(#K*<@k&1wo7-#c8}7JgrZsuk^h6p5bSq0y*7sms>`5~v{#{uPw;?ts(?^E?Pz0fq>`JLy*~mC=8BAe+L{eLS;@1*#HV1Iht=<5gfUF6(H_MOM(wt zlX%)th$l+QkBa)H!-sWl2j{LkkE-ZqOjS;&enB5m0e#N$AaSxGYDKnlMNQomCs?vW zO^4QU3#2GQItbrv&3PRBAY3kLR;HwG+Y}89AYo1eNK!-$l^d$CWlHwV`u8FrdA+%I zpl5|K3v<`ppspN_#9v&&*Vow}wCzZ_T&=~Ib)XiHnnW*ZZsYdN+XgDme`^6qO>hYp zvh*F?Hw$Eb9@{VTCwfhQw{wiD;B@@15Di+RkjnvOta%(N(UNdqA@xM~A1*02kzBfN z0Ch2!tT+$B`6LIR+#yqsLYP&8V%V5lTX)5t_|B}!8eYM=?Zn@aL1)%xLWD4<#?oQM znDx;>jP2UA7(b&^V))7N>$eSIWrso`;cFKb&u410Yd2w5A95i{rn&(q(*O+z$+F=L zyoJ$s1mP3)f#-??yZkUOqXQsN*5OC&GKzX4$w9bES&hiAYn^b!2$fye=5F1n>mC@}~spYl1cyhvgq-KWJkdL*a}32?G&yUm`lq z#ggJW?e|iKLtf$?wN}T9T%3^O|$&fqatxYn-oyuiXs9mn#FIjjs>Nj zorO;jS{$G*lyLVKFHX=K-R4uEW@~BQ{6p}xk5ZTzG}Y8yQ^XPYUlo~~$zH^SwOvmm zWj&-KHzz6zWRpdi5G(qh4nW0yANMK9z&1*_rllFG184BbL!$zE>>kADNSgXYQysIF z$)8K)mP{1fI>Fnt68IyX!1rYbO4mC8eoe@sh|a)Na&RoX3mnXL-r=UumhBmQsmo5B z{iXvUOmMT5Bbb1e^&cV=qp>X(q=Rh7A;3>zlo$~>io13G0!?3`n4W_1b*(?FZiSPw zIz@qk1$yO-xK7UO{s&`dcP?TY3(wQKDoX053{fgM9T#90RRiXubW4mhBsnBf9GoFP z0x8T%MxCQQVHP8YZ&Uo#ffg;G*9zM?*36=V?o89+=G0y%j@E?@uDP-icqK=mhS3>m z*$hC~?Mlw8Z17UpT#70G7hvKllt_bP;7;lwIi74%NQ{Bq6Z#nuFsaslgKT(E_?O_5 z{8WC^k$CaC9N)?$p5EdKZ1VNtug;P<>2dY|u%al$4B0^5dwH6NxH^%N%0* zX;UInL&YqvE4n|Xg*8__pbxnEte{CpN|MYmQ4+T<&)622u3TjXSHc0j&iXm59|0=n z+J;()v4XM4wW^;j@qSggfD@*{T-ZMbRnFv<>;f7|{cVKsk?6AdYNONFy=@ynOZ6dg zCjo*r1Ng^Z$7*{MYNImyBO422cV>piZG|t>`@0}_b~HEQc|ewjr@&zt_Te9X=TmQ_ z3qW;w)t6ja=8d@6xHp5GnRA+Cvx9gbESNd-^KZYO6;lh;Q*RXiPg(;~EQxf;CB!&PQ(06ubE7l`-8I_jl)qoI~$Z#?S zujy5+CBvbK){^7?Up@FYi328+vJxWmN^a5Q;~$T|xDnclhra#!iTHg8^oKaaqb1(C z$}d$~81?cV1Kw{+-|M{%*$2z_6Yjk{eJ|fnkjTPQN)<+bg82R5IKgu}92*$|Erm<$ z7$3HL1^c`zV#3_8V72qH(~RBNibO&qYQ!x)8Z*nC?Gp8hP>Yj+U%FZb7l#vi+?Gni zjUNSY5vtl3ehG&v==}5VkK5&`A@WcL~=%^KVf395j zCA$EXp!+<2pf@QQ%wj3pA2Ds+_iG+TvRlfOzsRP`euJ-BgE|;zbny8Te`F-m(2kY(PVz&9wrue`_J9BsL@`njZ+P%zK#rwLD2RW*Ech@t zJX1Xyy(cQK$Z7Cir%|{;sxW}$L;aR_Y6KtziJp8d--Gb2L;6d3WKX&B;&=F#+VpfxS2$O>CGXC zorLR`7YbZjWEryw*E$c^#SX6BrwJFUhI1WUS$}gUmRLYCK#O?uO;GHjQ)TeR?yQJ7 zv(okZ^z#vC9(M_y8>;3IlyD%HR3^McMLW za}j(*TYidO6IPSW#~cNo`ddVS-@@Dicxk4aPCY+F9?ibH?a@Usi`Tp??A8)aVy}!< z>%wm#+eMm4F`nyWq&L?jKjD^9gfCknqN3T$m_<<;@uKpw1NiwDrzgU!8p?Y@hJ=Hr zn=@Nt7WoJ+!2eUtfeua8PBji2A_N-sCyKY%3KDmINs!PY%b1-+;vEmGZU_!~JxDYI z6TpjZDA$GX!)RB<2H-M>ve7QQx0~}dK`h~6b-CB1RA+Ix2I1@Ay>GEG9Aiptgj2oz zG^YIhi-M14FJl(*8TCx*bNHMxF+HZRYIyGU2DOgg*xZ`q4hlX!w6u8wu^;zA=OR;R6s5M=KDN`eqQ72Lac?Dr$pqeS?ok-wbY6-yHggN&e@;NZ))y zyDMU{I9S)MabEITHaQOB^~1M0S=|om1!>`N|vY;F4?ym6P4gzXyr=Uf;MUA`Jz9ZA1N2#NBxCWu{;A{I;x?qE@(caup zIa-H*R?yNS%a~2H#ynaZ9a`Udc6w;BYWNel>EO0UtJUdEcOj7-RaHS7eo(rTJ9zef zG@98RfG$BO=7uM5DWh4N74tr`4#R9oLn79mCUXNK;)6!Y3KzFl7}3eFfzHtNCLO` zXKC~E;;p??N?6hhl5~J1IeXK`(!-AezTjtAKh$&853xe4qt!0;)T!%6dP4k(Ql29&~Ks0VH2GkhX+ALjgOBgN%Rogrs?ELt@ z5e1Fk8u4K%7ELe1)gVi}#gWup6am^LSoa`)9UD+=WJr~}PK-D%n zAX=P6AWS=KSPA~uDEq))p#c8UO!0fb{))?j?|%F4vAdkE39tf- z$apQVF#4H^ex{<5|8kcMOIDO0pZ>YPB4jD!Uzp)nf zo6LZ{BUJ<&hU7jTR;9xio~>>2qer&bXpWBSmMC+1`0nVVD?HqPh^nzOIMU`|XnS|q z=0N3cSb$%HoUsu1eozEUm56T8)~7_Y-XVIe6wL9Phz9P#EOaf3KFmdMlJnt`=$q^h zKNWqG@nKu^y^!DO=$kSUz9agkbcA!FZ)zQP?t%R;;`c1%3r8JWJ@$C}m)_tI#_%z0 zL|ta6C;p^Qe~>gS8gK|?!vC4M!?(dPZYc~troNEw6W{e|@k!_%e^aVE z4UI;+0N14ZDbEYJnQK?RIaq)x77El7vb^vWiAOOpzginurj`3@Py{B8B@Lu~ey1SW z*{^8N+pqsD(Dg*nb)Xi$V$h8#NImF$-2GJOO7;mrZVm*xKvG0Lk@y`Z=2vS2%d~PI zD*-x|+!A!VD|F<-ua$P^Ds(khYFdth2J-UVg3sqo%+ME}9 z(M@9Tu|Gx_Q07+(GOIcC@bz;6BE8%&V5(s7$Ya$p*xzG-=z{kxaY7atu<}a$Z)gyQ z&OIt|V6h4uP@h0dfy1}{5a9qh%E=HmiD6Vq$M_5y#n>3nYh0dlZb|JvO_3c^WJxnf z+p~{W$Fv!X0iIXh0T*d&>z^+>+|x&_r>HI8-B}&cDh@iKC0{&KU2}S}b0CY(FPNh9 z+Yv_B&Ov5OXkcobsJAUw8aoJr-Cg%iPN}72zk0TlD#5VsGOT-~>g`CFtfw4PrL)VX=070+DS}{3lX{}e!-H8XQjPixn!XRy%#YVKR`NWEmH6i*gY$y7&< z<9C??ZZw!eKCg#~b%dmNgLLOrkd7I`z=Nki;v&Qq6{M<2uzuO_dJr31T)!rzl`Qju zdh1wq;?0QlYd3olb4R>LR!w$JjrB^wswybV5NzKwMX&koB5bSl%K8b3{R?JVf~!NA zqKK})D-tVF&`&DOnPHj}V+|^M74Gk-=AG1f5TFwxm3^Bw(AH%-K}`GEu6xL-A$?nU zceVtF9y3$)_^n!pG<0=rbZC#VPM1&%6PPrVODTJ=kWy_x{J$x+=+=)-C8ZI?A`6gv zpgPeWM##LHlo|@nfUZnR4+avBX-O%K_3NedO;hxHs_(Zd=^`nGdZQn68(dGr*jD<|~VoLGM*k7XEoVcdR-{ucTEl0FRkt0IZF!Z8#K4NX~i zw7JA$fCq-zTw>5@%v8a+=bq{`ehg7aKlt|-xe_NA4J>2jG8!M@UDHT7Sgb-gP(O|T zrx1=0KIny`a{w(F4vP{v3>Xef6&%*Bua3h`Q{aFGma%df4i|XGF~WhxDsVvkH2$9g zhf6UTkMY6HIE3Q5EDX$Cs^HLz)^xG>(h>(`d=gh0&n0Y zPJmZA_8!+k)KomSP~KE>W?p;%T!fynab=hT6~^wyLpjJTSmyF5RJPI72oTx*;a%(n z4eqiJuEPTYh$KU_HibkQAcNep%XM5gnqp(?2r@(%u$eUnKMbY(g}OudbjRHQ5(22Q z{}h#RcaBt(776NDh+DMT8(MhAwm;g#rB9%54{qcp+dfNR$F$bQR0(`Nd8rOpy{S z6cU)sdlCq?C|DD63#7xM1V+g6M)(fkX2?T++b5_&bDXH)qJIEq+;G>h*3?7x^g^1loJL-0qJ%5Usj2ljXQDSf-EfNb zs~5ilMj4^UNn+<@@E!ipefDJH3K%nwrZwGdxhMjMP{@_{b%A*wr zYO7Qg2jF!B>>72aB7}-cD^X)2UG6;|>LaCt0*!MMG8h1-mul_|P8n)2@}x6%K;fQ` z-Q9=E@I?3v5FP7p9J?Z&arGzXQ+ONVa%LJHJOb2%HtN0zRpqT z{=0)k?-CQm?w1?8Gx$9qC%bP%3Us+_ke9uejYJvkRxWDMJZ5}0!!DCHmAn-f9rXv$=)R|;rMs} zT5%n8TuRGwEp?;NXI$vhtj|hKD%!GWPWlw{>6i5M5se(IB~Fet2jBZGS3mTOQoijz z?k2|mkj%=1Y<(zLb%LNZUWr!hEP~!M>f|Z@z7v?++sf;L>^h^k;aUWji#f6h>)pVI zAKZK6&h+GHegGZt!_l3Ad*MiyzYDVq+VFZb-cYGpLnUeGx6C*3PUSfLP@ z;4RxO^sm6>h>xq^y#ci%_YG=XE^Ufq`2{pA_+x;G#j!C(^K1LC4#icBiYaw4GOz;_ z$E5SEPX;{y!w%j4Hx#Q0?Q(uKU}*)?%pEKd^`}wN{0nECgt%SEj-!Cjn(%)7gE~UA zF8r1Pzp%t;3*8v>1h))CE|+bgGsOX^vfay276LZ?1vHEd+d}vF`YK%f5K0*rWr_q6 zu*$+(l3)-Q<5rNsJSG&PavclLbgCZaa~w>e`z4w)eqhm`55gc;AI!T;xdDKH;WHAP z@&Yx6oiugtazuVr&V@T=0d1A+@?P0$qh&$w13YAV>B7i6{V>`EHWRoyY{>s?uh%4b zQX5&B+Tfv$9Ej!R=32Sh;K#aI9!(f-I8m86e}?gn{Tomay{#LLgY`R(<8CB9#u}M5 z-}uML{81BZzYQ<>mhnG^zoYB`df=P)iXMQjyE_=!$rZt-kl_oQb30_oauvJXzR3d1 zT!E{i0&uL9Lo9HSEAUw>5bj2pcni_+WiIcdzB2uYsK7T|fg`Md*1Ou_vxiRxPIB@x z9RQ!Z?h$;7#OLK56`yS9lW01E>qoBX$E-jME>EvjmWOWP9JS%8Wt_L*8oKbGhs4I$ ziiYI4z!V;MdA*LSMInSZns#=z^Ul?6_$|_e9$j=^rrBehEQ>3aoG%G#f66}cT?6qNARS({6 z_G)T99NL5-V0Sd+aRD0MD&nTfzFm-vM!+lHnS=D1P$}ucNcuWL5A#ukEt^G{ZkWji z2AM4Jtk$A5a3zw_Kv5eQv<8Nd1Wu&@AhyWmdGVCHpy`8J!R5Bca&bx1A<_#U<6x@{ zYha4Uc@(~e@P(oC48KOwJ@~^^I9RrS1)}%v!!WjcZFdkt3ca=?3c&Q{8o}l~E-Wbg z@CH?`nUxotQ3-DD$lnt=2ry6x-i z3eHHe#$6Ez0H;sZQiBgjmh3XxB6(|sh9s}7$_8&>-TZ0=Ob$?B&o5yCg$c)k{0}DO zj~u8O{jvz-nEb1rU5#ETZAG_uYp22u$Ztrf>HAL2cRAbqnc`d-HtRby}Yjb zpUP!MSGBebfgxcUSbOxr!rFp-%Md8)PY!`m{M;gs#-zOPh@AxIyjOUnJuK6P``9RW z#0D`6SY>z?bXUvD*QPfLw!-Wd%Z-ACGxDAdOcgdbBt-?6|ASRaHw74!TfPRvGjQ3t z6w7vA2gP*&37ze102$TFbW&rQ>cQod|Aw%LHa40vHXWmBj}QVh{mVf@(|-9Dnl9I$ zr0D>DZjq*gQeJ4vPJ*4^BQ(_>WSc+ao{fU0Y!EbMmEqS!;Lm7#b2#!^w3wjmsv~kCQicB`vR6xfs^&ab_$RDy zm!H_?*C)HyFi{ra=s@xo#h^>;QvGGnSMWyG&9Bzh``B{Xv4KtC{}B(h6jqo7R2mle zvv8fWZU8(*(tZYSv&RrP4&EwoZHz;gdW z6)4V>)dt^anNxzW&@CfBF`Bl0vk+_{zPCuQMOtYrcxYFtv{=4n9I>b15(%EH)^7UP z1qjHNVK`V92#3fGBCReQXkxU?q@%Wrw#h5*%yqj#d$+zBNJyfwY1QOcgT35iv3xi1DLxLEk-g z)YBY!L`+^5+NA5b%QxTJFmL|cx;~>!Q<5?@f*GfWxmx_(B4z5OJScPX&O(_6`4-Bs z<>2I_gfiM}ADaYaSP7J2+2L)CGFMMcnJ*3tWdza+$}m+Z6Gy}-BmO*4hsu-X07Uh0 z%7p$qVupJE58waDr$H5Y6NVOwK7BlXh*&G)t+@EHTD&zDCH)&#z94_a%=AFjFqSD7}D^Jos-tX!$Ilp8q zct<>8_)imRy@GwBu6S|bBES-Jf3qna~;;7+sD!}_AG>DEO#DXA+f zj|kek*XO(8(6d$aieUgo>rC!yS5F^4{IdJxtVmzDKQo?$wZvqERCJ6_Y zvGTZg)?K=nfaCp9J0w<ZstNRR-87m_$d< zI6rEDRT4(JJyhF5DRw(5oClkbIyLjS+S0`m!oTGG?<46anIlZfr`kmlg|m3ix_hnV z;8{hySbM8}Auf++k*{?hvX%ye)z1VMkfj9lrU#@|d6^3$kWXchHiR_Le#piNe#)iM zV?pDuVKVZasM9vcAP3L!&cyg>DSY>7Q;4lMLBDB;{>{?8S9J_UTHhcBtA)+*wZcR3 z4?C2*6)bY5>k2oO!~cCv2(Yk{Ey*jzxo$;i6o1$XQR+98mRCn(G&to~f(FX9Eq5r; zc(fF@`;(z@>5YQM=9khO8lQ*43Qq;=1r5G3?k-C&30HE*D{v70LXm*F6%vi(5!|vT zp1HDDebA{;NvDF089_JF_|Z!z{w8#9 z{rq~&VsHQ4WnJ;xl(KyJB6pCW1R)$=vO!VJtlHtnhV;7Y{6?a11wxo250Unf5!(H3 zCCX-2IxoQe85K*WXQ4g8M;q-LXEU}UjHN#Nq|zM&O&-@y;>@P`fFgpiq>;ml^wK+* zOA;JPD1im}t^l9G(D$wLyV;9#KK!9RHX6be}b;Ca42w9^*A zMmJbo{bjTz2%-a-Wf#J$F-{~&p3La}S^|i9=^N|%&QSosKZflc00V%@byJUS@a>}R z2WSPCOCVe>qV5vlX8@)Q5WL*(r~42td0Q@+dDSrJedIuZzJOu`OUXvReP?ILB&KcCOZ*a$Ksf;0+612?k5?v`2_IF3Vz znaLB0XesK{am<3W`5~s_XDO5K=g;6oxB;RlgxK?tBs7?F?4s8Bvn7b!B}!d zJ#$Gd@uYf5)F!-d9=m_IUi#OyN!3oAk2IoduX*&%bofa`4NR^HKdzvFgsFyXGu*xX z6A9b8(7MjBvdy*8sg;0xGGeYkY-tV|j(7?w*Y!QYY(CW_@KQ_a+)vk;4d%qOz@ADm zAh)f{Jt*yOBtt+)Nf*W8Csc{*?**n#FiRju7iy~z5NA9OsjCMR9425b%?Jh~gex8b zd#3>_xW}SHB*^qC(Zv&J5?i%+N%K{lV`6U}4yhn4iPWH%PlibAU=gNmOAKtZUUy4+ zBPHT{C>itaF;)vSC^1m5hh_9tE-!)5d2YFmB&4 z;S3*Tg8bq?Wi%F($21MAe#%OWr0Dl5jyiAN-F@aenu5c>>eO$l3F)p}GeFUqlAB#| zj($-yyhRer9w-r5oK|cGaFVIL{6iaq!j{SU2KVXc9MQZ0k!GCfHWZ0mNCelWMQ^T^ z_}Mz36F1Lh>qXG}!_qPKA*6SOcHj;RafjRhf^2UJJE7tMI@n=%NXs?O6pBm}(&5~Y z&7*=Hp0&`T$~lI&9R=R0&A=i_bgadpte@}FPc+K#i-a9YKI~x&3nGWjATQR~yvhv! z2xnIM)`m^uE&G1Se#wz?7qJp~Rqh))@_@46kR%YVyio*d#@^dU0dlO;`qjL^C%$ z3q5E%eXgBcR@xCEftJXT+EbzW&_(5_0=Lz;(q+rIJqxOOdDCHO;)REj&}B>y%BLHH zztnne44QyxRh7Rw1$c_Fa(=vDt*|I+lFV#Lewwqu9%LMtcOWB069}yhg}nCdhQep` zGuVQT&UciP(NTXII@%HDJFaUpIp<-#7~jZ7n;f~JpODx$RP+xv{tM5pZkdfXg;M&L zsWlzu;!>+uxR4Ho?O$EGv5Nq^WeQbF?I8cxjb@-Xwi+W4c3>g_J4F`96AAz$S6agrSO!Ehy}g(WbAFaAQ+HXg+#Zq7!*o5o4s|P?oxE(2ChcGJQootxh0X4H~-<@S&`c?%XZzEQDWSNvVkvGSu< z9_BAGm&Lc6%igRNsA(HWI&oVx7jxNu=0;Jk2>?4FC`#CN2~QOif@}6f5J_UQt%Hm+ z)j^XZsCj2gq4#kM?l^L-{1GH}OYtVORmv~9FZh1H#ZW}A?*nARe*zvE)-b;EkjrQ| zlZG0}B)wvh?N|(X_)R=1-?4ajHzWidkFrfNTNtwHa-}@XK$o4Z$siL;j)+=hooW%fwzVH>6b;nz}HwI|Kv;&{dSiaIjC-Wg-WmgGZ^KL5mli)|E#_0FfzOzr zoaT0N3m7=?=Vs)ng!6z?QQ;f0E`NPZM1>pBe#A}vb(O=y=)fZsQ#Sm3tl`sR4Sz%% zdHp=vJ=O^QFM-KqDi%BFMwYD)aeY0me9Ps>f#T$+JB6B&d$BMhTJ^uS;nK}sJB ze)TGK+4sb%aZQ+0-Xfwi-H6ruHE^(JBq4dz-qPt&4Ka zCd#uFoHvS`5>&cpLq#Dcf$8T@>|D*^L=TUw$_D@6Guy4R*#-yXAjlAh@G}YvRo#%Z z>t1iN_WLmPAC^5r49l`J?H8xef}b*-n=Ek-8ygLZ!{jA*19chUGrcos2V>t6B{){8 z1Y?VFumqc5=0e|247lYy{G=fdI&EE-+ta>ey=h-uvn!$@Bl+!;rTkR@5hcee+am@e z_0!&06A|A5y*V9{+*?YjpciPK%c4HQ80Fz>egrTy)>M?ZKGx~Z$xc7SPN%9jD~N!7;;IC&v~~(C zepFE80LVY+RoKV7~)2Vf#+&UdwG#e6_Wh_8K;W#6A+UL}B zjk$6MOJgPn&qQ|WT`??n1s3R+x#)|BEP^_Fa06dlMSq8agt(UjgQ!}+W5IPWzEX~p za}2&w{898x!0*)bBGZ%Jlv^-FB*CuaSuzTLqZmx=2-5cQrZaB6f|KJ90eQo>}}IK(qWN z5a@fuUlleev*>{yy*|{ux541Y*r0}NT@Mw44g^GF74PJ)a<?Up){o{}-Mv2yu0mV+RPf;7SB5{qbM7|@F8D4vbHWoZr zJHbKO6Po40P+CKva*e14fo_i!0Zddv3^4eZYgT9y_IQXcM1Z~7WNnxFw0 z98%~z$kiV1GBh%)zHh&RpJ7=H4%+`=?(O5_E~@?U6pExgZ4{L7B%u^(@hK=uu!xIv zbqftfq27YvtrnyxXh17Ljizo^lWx;iMQ^=SZ?2+7MXd-JN=X+iB=|*$iWU@l3=$J#0x>b}3kx)Sxu9D!AjW-ba`%OR7`B*CNWaCiM{KSTM8~l~Vj$6WkN^zW z0%S!_i>v>~k%C{{;zU@Aqrco|O~_r{KmbcrUhef<@%j_*5*;5l48&$DX|(D4LxN#S zS_v%-)6f&^8Y@(FEf80aH|JSfLNV2OydVf2c_Ua*J=zxQ_yiD(CWB6ZlVF5?xXKW)wq#Vmyuz@cJ{PDd{L_$_Q1qZQ z$_+{aVHFXg))Qa%Hjos+E9{tuD{rOx;>beV$eu!%TB^7AW*@5`e;{5BB;-KxrNj~K z_)Ur(G{`cH#`OaJ3ETAU>!DJ(I`3WxV@Mv|CF000`2TcxWe)eTfv*O)2#>eTWM=q~ z;$vGNV|LvF^`4jJLBG|dl~jV8+5F$ys--%bEGwiR{)1$G5~5@A@UP>=z`dv_D*>|- zx)^(|spADm#wM&lqqZ74Kpm1d=rn%YiDj6%0I>nL6Cs;0ps(rSLjw0C?~!@{6fc_E zx#H_2&(oHOZzxOBvxEN4#}qWWK^q{~0J=FyZ^Sw{prf@wH@&npeQBQ8MI=J|1guhAlj91XVI z+39CO1qb1zv9A2n^BcBGewYoxUhQoq>Tki(($&-BhJ*&WQ-u~MW$$rKdETtd&1Ici z@f@%6hwwi7J{XF^m${*AxMz-TJFVH;aU$=jWN=+w2BN@d(0?7_9S`7K8J19n)f$#&3X)O6Zrb7;Lf^TUEEh<_dTYE9PirlR^;)`+qX3xvRk0jXUiG1B&}lh?EOWh*M*C$ilC~e=mctdI zY@_d9ij5n%bWi*CsEJBea&WyoKD01*ZS$K2@a7PY*d(zef8p8640yrK$_!9@ z!^lb;gs4u7)M*5ul4R+{1;MX8{_YiCx~l$Bl0Pko2O4T|T>K?6Mgs%)~C= zoJPo$T_Ump#L|gU`&RchUk=LYlv!j94llWbh_ zb&@5&#lm970NmHY2VFMr!M~xrab9t`LPk53KX0)wkz6Xh1~HWeF>R>n8OT9be1@t= z1q%-1zv!Z?LbsF~MBOH^;Gpt2A)MEzt42FRnU z>$6e}(CC+QrOuYZqqDXE*{u5*2-Kfj%l3BHp&M~!evdj--Iom!viQApW2t?u>r>t` zlvZs(n)IVn=4LFY5!neuuNhp@2X!}4Y`Y`7FggCFqv8Q7RrW$oJ+U8CWw+hFZR(%u zcI}d~(S779nMZ~i@s{OA`n#NYwF{FmG?kQyc2#|zk9x+ZI(POBJOUnFe~?xsAb2*M zQjcRE`e2=wfm=))kFs$Lka4Asd4-2(xjZP_U;GGU0TXw}IT-AJg>!nM-s3koXMiob zvpB4&c ziI4@Zs`DyC?1ke$uja+F#a~d8v2`0hz=q8NPkBcP_vvZf*7J}MCgw6JFkm+NNx0yv z{=_YcygK3f{*qFpXu?m0uwSIYJb*QyW_-7lsQ6byC?2IzakWkEQw|OyG1ei((WF*~ zU}CArzx~BU_)9LWRwEjaI!%pWVoBZ(LsSQ?CUh#@#IMq43Cb-2(fj2INY8|B@%x30 z9Z?ncDox94S~N%M6VuAoBj&QIpI^xuespfqu1HpC z-~xjDnT$_uf#t}u0yly#I=^%`9*Sz$bd=wRW`sd)M6htrRdzFB6$c?3t2DtL?(Ws&H2?)r#^MR2be8*kS6*7>mQJUu24ndv;aNl4l1fKAv zjQ@Ruy+0Ioot9s+z+2q$NN6oYG-&}0&|tpM0P|-g-GW`~w_s;oPNUF+VoMS+uTj3l z;JlZbHruOcDD7aC2M5dte8_C~AE0D^@kqf~rm19nRuec1w(T9*^RYue78q9r7_7nSt<@QtUa%PpwBREN;`|Eqa7axqUA^46(OA+C5Ty?ZlrY3dosLpy!^LB6C%GloR!~+~o8pVAFuf_|GF4hG zd0*gcIbbtBPR{bx!i$EG99_-s`w|oPwkhI+79%#;Wsu~QH+YVs#oGLaOdY4OG zVL~s1x-p(o83(~~q)pC2ND#0McD)m_PX71#wFFP@u2~w^eo-mNVc07(pbHb((knK5 z*3!w-T1pWlG?NDrzw;En8fEvydDGC9AWUGAup8#KR(Hd=Ps$Ip<7_L;_{cCgjxkAB zFB-!@30x#hi^>i-w-wj<5c9DPmO{C|UPe^p&wf6T^Hh$R>dFN4ArUr68`j;e^5 zbwCdr=wSmr?2ZEHG>+OADJ56Rs^rzjdqM}YU7$%{1a+MBs6|$KH~LocOLw2p3>Q@2 z2$Rwb9k4^F-E@FWO+#Lqx`0gulVeIq_fuHX(w-IBv;G?CBGzx4uD#J56w6hvx0LJc z&uv1>HPf{xDyq}9rT)9&K|&8H zHy(8FqbV`vaHhis1fL%22f(obnYO~#*aUzK_$DJ=azkM$q->~;uTpj1 zf$I|c!eHHhJHl4W3nNs|q;;&P1&71V1wKJ0{5Ou4u)R~s;nFNbK-&u~MXd7C%LCI7 zh&8@T?7thG&mv&G2Z^DH`@P?{c?w`NWD?ckjV*m zBGSaY?%>D3VPopy$+IY!>8My9#Zvw@U$|M&4KMpu!){IEW1KN%U@{C$F5{%|*UzE@ zE|rhN?r$(Zp!jADp`#I!^c;v5BUW@R^gKUi6G!5b z`SZKw;d~JMs&U=Rs3O=Zul=-%yru`!@)|f6S9m<9oO}9Xo^zMkFZb`uQ_k%G9vI>l z*bkCLey9dkmEAM@2;aaGPDf>P3dO9u<7+Z3V<6Zh$JAYc4q==y2t4YLsGJeC8FNOc zR=f;&#i(MaORKhGaIwHTE+mVG-|zAF_h_!TOx&x1 zRBhOG1eOzsI};x63bU$bI1j0SMFmwvE7oD0$5c4by2rjM!-(FDxib#+%vAw%C5K9x zRXpw*b;nodsR1zX6=IBAk@?0_@i2&{NhyuW zWL(3v)xK&JjMuC$y&$U~kyxc{_Q=xp(H{w0g+EmXMn9snpn$m-0_z zsM^(7TJ-<~4#Zje*rHPVrX>TpLHB`oOVswnx`QTIZc}L~info#K~ajjmtN_EyI1)n zZuPvl<$gbx4!$s*OT6nW_o~*d0xlXZSojT71$zM?11Tu241&KaAg6S(_TBqBp}xNb z`iZb8<+gJrxd$c$Jz3NZC=$y;7WtDB7x0C!$(OLFl{{k*;{`R_(AzYv1H5VnM7)p< z+fswkeXqZfJFzzKJE|p}q~bZomO;xH|JWPl%)Ip!@4912D`;Np3A>CS;2bk@?~CQ$l_b zdPm9~3LpCtoZ==cu~_O=KmmS+0N;o?D4*(KOcg)diQ>cJSvm~Q()F2M+Z&5?pkwL! zHM#Y4EZt8a5=4*3v`Cv17_1edUuQ)Q3FLvQSG`KEG>yS*21cfn^N z{D9GeZ{`8Z`vLpmvUI@y6tyhFgl`=|U>fH1QlT_MyMI)hfXw~?eu2_250vJJ)}b_+ zAcx_MuT0dT^Q)j*#}nmTX{ctR%*Z9{rgO=yHtj($uxu1Pgl^I*- znRm3$yT$TAy$N^Z^XTOT0g(bZ+ZWt09msh;?*jpdSnZCZ*QG4NDVzs}44J%#bFuWy z%zV0Lr^SEwQ!9R$FMeWL{J0+c7WjusB0F@JJx$@|VB^4x^3osQczQspPC;`I-# z)%lU|*v_}CD%i%ZLxAhFU6vd2T_}cfNJd$>5jMF_->xwVF8px1G1mvX#7_x!S$40y zNbEYpRP;}dp^b!>d0Kq3%Y{aS{jH1dxcNAK9 z44Q#Rr`z2twj++54M$ueT(@{G3aA29i&`A`SgdHNOQ7h7)Ci#&i@wD{mJhFuslJ6= zNq_=o8X=`n^1G_i;C0J{;BQFo#2;v;SmPQJ^|-T}4$4|qRI>lm;82C^!EfOUD}c|2 z_0 z+)?W9!N={tops7sW`I92*bb6GXB@d2%l!)IBZX7BM|o)|(VOK@*$PLcN+*rE7kM;FQflR_Cc%PO*dr^KS=gqP$WOd3Hh%;hPx*pM7= z6v2L>nd6b^T`8E57?J`p>fF-~*y%owS6726q%_2$u32D!iXz_G=#IPA23|W(+`E>^X#AhE#HZKXlT{sChw3ueTEA<# zyZA!-vcmo3Qf;IH8n#Fy0&01FEsMa6B>JZ#K0YO;y}-%K;x_;8n{!R)Jtx zvmF7alMSbo;ef~lX=r4FmvePI<#7cwANei#uNnVw<6FC=*AGc=>-Q{dab&>=OMTfL z_|w1dTHXC;DwJN z8%eoCA2-UK?+c=way#Z3*N-Iw?Hk-D zw_>SY2#Nz?*=rToY6akNmdE2K|LwT~Y}{Yu88RPC4IV8>%aaFqs1k13R`7F~q>@Qt zV;I0*tqmw)5CpJTHo9q?l4Kv_JghJ3Fv#^Z*(oG z0d&$6Hui7d13*9A0zellphs!|{ksSB{5=4)nt%>fKs#yxebNKE=f8GOqc#G%8v})| z{iy~}*#j!<0iefj0iX{9kaE14lfjg;{o|Ieof(SgneKXmunP>RINw*CUB6;bPCvkU zXgN}@cJsLig+*fWDVnc*F^~zZ2Bmsknp`t)TVR=)@BT5oCn|BOPf&+ny`76kmA>aK zrlN28h^-FV15IKJ1y5?v5Ua=A2Q;2CenJ?htDa~gTpxCt$uiO{!xbIshAkOR)OpZh8jRPz7?t1@QNR#`lCUvcat74tzWOAsN4zy$5v`O5 z>~i?tdp70+k|(N+P&}$ZWB4n1SohmXtM1Paz=z=@NK~^14i{(zVCVBAZ#2HkZ&~3v zaIZYq%{@ld>vQ`nLfXTk=)vjRwP&v<+wsK5(J0@d2%_I@`H>C2;W?Y)LQ)p_G@?BQ zEi0|=bJ7jvebxE9i_9Vu22dtI(?)1N6Uo(GoZfl~FESWk>lR;we(}4c+9pmtlV2EA#QNH-jCz z;IIk364i_zsPj2#Lym&Dh3G&gqWt10_j!cQqm~C}@puJsMW{L;4|A28k>ssxuskHN zE8IPaZmwI4aTQdyz)i}Md*}I6(0{>_!Z2FpAc5y+M>jUz$)qI71_c@|`YY#!XK6Fk zdFSJ&92FH0W8${0=i5qk|60#FSn?a~vLgDiwL1OG0IK&j{3#O-%=wQW^XLiF{j$%; zaC|94G^tJk0@xp09)cIxvu(KP7sv*7{j1E-ET6W+GO)*S397yx(r6 z@-Fcc^ho+Dowe9Y$V|YDBtASlH%sJ$>^-)n5R#J%PjAf(EW@{y;`3eHgBN6%{4z=Q zgVqj!i;)eFqSC297TLxow8H3YZljdzWW$RfDi0{ejSnz%h^IgZWiTeMF9}r`pLy3cRY%h& zOZo0eIS?03XYugL>vRGmUM1pP`6C7QsaQA4B zCJl5#9>nlBhzi54sJ|=YZ*@7_0cK?!%n~a zkePfmFcB#x^`^8Q#!PJ{T(tFC)r4Jw9nX9}-wDtY!XiM>d?JzE%oZ^=d5n$G5!u;% zRHTJ9OZjZ!?w0<179XGhSAPD_YA-|WC;VqAy9`v|)W+g0fK8V|5&?@9rR=RJWdj2u z<~B;5{@ft`MeL3yyJ~1vHY2r+Qo~Y8Z8rdkAiPAzov;vtTp2NGeAG=&$dwPPw1}&^dtwo&?OjZ_l!^It(rU{mlMjGNO;`h>96`T%MsIb98jvLhe3&m;}@9Lpx5)eGdmxs-0rJ$!|H! z_v@9Xp><3G z5LN<0zz0zZ#xiOmHXK z@JQrOm2u_KEQ1uHlj3j40uXg_*_6Lq)Q!yMLRqBSEJ`;O-S0+K$dZZt$R~Zv-z=Kt zRW%PZi4`ngI_bEvN3L#g13p)@YG5&%y#VMnBu4~DYky#D_6}dRE~GPjZUl)PN$yd) z0H>GVY>*E1W$QwEy4Ns{AVK&wB;5g0$@lI@zHD7c-|@K-BrHJV!fFI{!Y2nd7epQ5mg^QMaTV1=*IZ(3A&*ukdJL@Hx-SAgYp z+FG1W@Pq&A`EP;!a!XIa1YdyOD6k>I&GcR<(80!St7lEGN=y} z^ZXwkH{m?~t!2n;7aRLhF#q7oxogI{_QdO8*ca5P2*A1J7W@@8z+q1mT00S`(rzT7 z(hi*LJ8(@KB@|jrUSrKpqky7&M8L|Q#B^YCwn^L64}B{1=4csBTfEq}IF~Ix1;$GT zLglXc?2!k8CA{jhqs6^+9<(cyR$i^icf_R%UBu^A06Ci5@v425B&Ah5OrN{Kny=C4 zE?xv=vP1?IWe`0Q3QtCAUzxKJe%TH&5`9^!Kr#*B^y{0)>@o45^rSfSWVHSWA z{)i^wpEWQ&k3H<~BZDNo&l7jJL@e+mjo9iV>WyZ(ZElcg5!Nek;*rPhF?vT#nK6t4`&pYRHs66uD%=b(-5L7i-9<2+CaR{pw|q<1FuJ0-=9Y4HYktB zH8eEoLGrV=b?&sbF09{HC)+y9w^bOXoe=Yrz2-bpzu3Q_S$$N<^W|vIT9iOF&Z{bQ zF6HuWPrFlJg*KWvZYWeIGqOF0+ zX>47MdreBOO6F#nN#4RoswDPILQTJcn&-kQk=Q$(6+6I+8we^`4h8NuKf}V>0JBc< z8RUsg@E*j3$@CtNPvJ&+iviJ@sY0X)*vq_~30v?7>RN?8_2~5H=O1>E_SfppmBQS=JZ>{MzvY6z*%JHwmqUzx z6T(+m-l$Zl#3BBK(8;!dL04xUXVcI*`f#w)3#at8?!SJC#@S-2tCN==^8G(|`;U>e zRP|iTIV%#n_zr`EPFph)c^Fb09d8f>WCh2UsM+0*6Ei#7l!*EH?pGJ+I@uA!mH?DB z9EQlv6k*gGQb05UZzzYVfHz?9kfs9>Y2_(fgb0)WcnR3z8qhj95p+_lvZJbNaM7ya7U~Atm3JwdA%(}itIdN0rzGi`$vvs zFJ@;#0dL@E7>?895`H*dB8f2-{cxb;7Wm+eZ_`mxP0hx0hEdV2Xbi7rR8p{$=ch{1 zp7cBn)4#nKJ^vF%C|R>N{-6i!Irfm(;8&rdevCiTREmQ}@b-xR6c7EXQE-Qja+gyR zdSroAkoT_Lt7+5p*Gs*fT(WRTrK^*NC@ZqtC#q18Yo?em^(4{~KbnOT(5J%!*YQfm zO-_F4~1`qVqIcQcq?9HEjHg+xmNuERA z{xZa3m^xnR>HTPwiv3EVqI2yMOU5KUu7_=M-Leg87IT|2Bi*3B!v>&6N8QeS1cS$h zDJ8E~Tn2cWB3tJQ=p*@cZGqZ&l<{Jtg{0sYI7YNX}xz zyyh+sAxEv_k(KE(@Y(QLePuO1uiqnl{#Jv}t=w=>N0Vvx?0R(?d&KAthG&-x!)pbIorQ_qoGfi7WVc_IL+Y(LfAm9C=vs+kCg~N6 zEHW_X%%%&pcu5i^TBL-^CwCB7Glj+5KtY(8wj0()Rh+Orm7zM-x;{ zVp6O-EhNl@Re-+poiX$|9=bJQXkT@{?maxMi)Q}|hg7@#Ayp1%m|`IU24OVrG<2}= zk1<_!ePWDGGXXwD%|#v-<^ z4I?eH?gYsJMMrK7hW2~Cq5UuOKwJqqHKluo!111Mirf!^gn^;MbqH$UOLurSr zAPeJ=h&4-n{D9AUzx?1KZ!7VY^O#!{S(5&{ESA6hp}leRyGMQbQ{0zNo*VV$49~OP zdtfzTX9kXA3(8~CE`12hB_Q<%7{jP0FRUpUGskS6>^fyBJp#mpY1p;_f5KSsyi-mG zQ_?@r4D3SsiE|=!sWRvVPhtO*B+8Bbhm3_M%`v^3Fm9 z#L{hfR0h?Jib+ccNf|%qB)&e-PaTP1sYx%J`15!lkAc)I47Y&b;7O{O+ZypF(82R0 z3n&|LL1Sqdhfp&m(@;#N@4hAK$~RFhIotr1dUR!^P@thKv%bfGmim|@r{r3sir*9w z;Wx>x;Wv+G+NTt=uf&)g8e_&guHuww%%xD4PL|dXwf=hxcg^a*fj`q584g8xCSE<7 zqt--z%WwT?KH3tIU`YFjfx~Pi31ys;PvJubd0Qub1>)CX!oS9SI48ao(JlbH$s+{f zKDWd3h&ILh$HJc4xmA;;b<(-}3Zt|7M||hNs~#)-3r~;Q=N1;#yoYCA9QMwEcT1xw z7HV~aYsHiWE0!^v%3v^+!N{D=%!8{l4?vn{EEW6Kn=Q(#y*d4VT+8y@m@**5bl676dN01zgm+r?}j!0mX^0$T%x=Dn^>NIQk@6$SF`yLm82Rz#T`d3&yZ?481`v z@=Qo-kcQw#Lk<+(8hXLR+FtmA=*8C13nT`LZe5exT8sUjQ1sS%6x|YV*$qXv1YBZ@ zZdsGtLWc`dXd_&mXwu7<r}u}#gz$!F|umcD;CntK4%SwATL>(jpcF7)N^zAu}ONc-|Xm>jGLt#h*gX`d{~ zs#}0rGF+b{^Se@NaIrIKN5iT4%~-x#?|KcN8KG9`m*@ZwEObx!fHB3~XLJl|_Jo_o zO|A;x`bulUNRdPvlx~9%s^E8ckfnGa*COfmZjWET{Tv!5bRB=TOFZpeot=xCXF;m?-Mao8!H~`l6`zm#sFqs}tiqhV^+2QsA8)pSp(f!u2$ihr;z5 z3)bkgO=4@D-XwT#Ii1BtZv`W zk3>!1O3Lts*n#&;OWk8j^pY6Z_OASZylj{s7`O=hf?H;n;UCxiLt5l%JeL5>i%Oqm zZeFVeEBY6#wJIz6Tjt4_=z-n?$=}hWNw?%7X?{=njyw@RhnCKKH9|e`is@Ww2-OIj z*By)Xr&SS|H?2};XI&|^A1dh(1gTn|m03tmFCUOl&oV7-9-nR zs7yKcXMgug<&*Zyz4rMj=azsBz(Zf>|L_ZsSIvh?_5%H~4VV{17qWEh)-1<<5pvV` z+%?UjbPiW@Aa&7-h1E-?wQpc&iUc%aJsN?;rpt^iJG1^#cR)`$Mh8^JYG-nz!bx2S zdL+RM{|_GqEK=bQV-=91?jr#S@o%;8-*FVBPn8Cek~N6?hYn83dJ-V|KF!B(;Tx6r zZ@ROdytl%tnq=$mXEE@ipQU0&cmX=6Y~<@v>)+~AYkzLpJZJAr7}knR5Us?Jy5Y6R z0QlAEFkD?9@C`>-0X~C(g*}TW`vIWWjg93D?lzYL2+_OQ7XUX`}WIieQwGrE$D|-DgIcoRm#ipOp#)Zj5%_0 zO0>Op)tvxsFN7HER}knIE)v{4ifHOI>%TV!tmgmMTN0M#4fu&dp{Y~SrdsMZ^`oQE z)FBGN^CA_^yJypBf#7QXNEa|P4Q?;Um1yFvBamoItrHMiINr+p;Ng+VMJrLQ%9T>K z%Mf+%Y)UD6mq$dGetQQo2rI$3Q3dlDaH^z8%UlSTE9VkPl@89`eyoWC+sk9&+?8Cw z68|)te?oUG!sh5I+NgCQX{(Y7xGopRA1Le)c|d=pV4@fU7|vunL%`iOeqfNtnNjTl zGaEAt2a51Qn1eiCdE>5HE0lUzK?aJm#FTSv#3wSncL~Gpz#5@9bg8&Ao>w3&Z#h(b z!bS4%v1c%W?(sgjds5}lA4?VZK356eyBn6VFNgq8v0v`;gVI5NnP7Jh`YJ|+U+MA& z^^#GFIX76KsCQSOvJqoniUUp?Xny2xzA?P*Hj29f7!MinF#|iAohQu{i4XuF z>NZDl;pr`z^_Tgy{5+bL^T-KyKJ@=;w21Luam74Xl=t!$<(W~LicmQUv0BC`-9>$ZvmfT^zi8Y+u%$dQl(l)_oZ@`CY;l?>Zcx2%zAQ9h-^~6e( z7c1Dl3zLqe9hTn8;kAF^hwM6mWCAxXuE_h7QdF<?tzEn1 za<7WJ$QB*NE|rFeYlG+`McM}WSJu>?2`1?r!o(DtB;uT@*2Yzdh{-+g>&-#sdR89I zZRI}*%DymneP-Y)P(FQ+9RtFPd$B){D9+LD7%7`+o#7)}lW zpB1`q1j9=6r|ZcDfsK4FFP|-2t zg8yEOBtpP+H2(8k3l<^&ErX|}4BeADbPk?X83_U!_)sTV++|VFX;uj_Qx=x{0z*<8d;P`8Bd{fwT(dO zY;gOYrC9Y&5tZ&i46Get69$KT2?YK!IY>P9xQ?ATP#k&c#^Izi%=q= z_6VhpfYQOJB3zM9w^bDDNVY|XyLDjVFuFD*VE<@HI9DacqS2Q2pr|^&DB+CR?gq0- zCJNW*xDnK6X0;cS=wHfWn*k7HN)O6K()EFyeHfsZNp23G;_jrIQG9Y$D0F2}f-4#t z&?E%s6?9ULCTKg(8@L3DGI5!iv9S>+1yP7>jvIZ#=ErEgF|CBnK?}vUTuVxJux`&`N&6UDfzeZ9a7w!PG?E@wLj5#(M z0mY)Kg+oA0E-w|jH-IV+YqMh@REMIik>6xmA*m$7g;Q!iAxW_kE~xQ$f4((&aauo* z!pkhf7e-oNpD%*)k}cN_>-J%xiEQ_Q+33T^AOf{f?0G)D%Wtlw;oShb$^&{a0lgZ4 zl>4;Pe=&)G-pmhvZS0(AyZElB@s~HMcGt8f(fC5EM^=oTxww z-PZxVQ;~yTGl-st{kY%OfY~+%b&42ctrV&FIpC(9{G^|EDgn4x*rR3Z?2G(LdS(g% zKG?ng1qe!CM4K%%-e?K z(-VsR_U@XT+YWrM{4-D7*`E`&P44x3ysakzGinNB>$s42H72KT6CvTIYMSepb z-?>ar-bUppj@TM%(=?K*^EW9Jg79JfQRVFHWSjb%k%MpJX`g#)f7(`W%i}k~?2Rk| z^YCbL@$eCQEn|BPIH?J-Ko(#RgU10`5i>x$?bi%Rg~cI7HF-+#g%E-Ozw&1aYRE+2Ud>%(LB4G~U=XyHE3S{r;TZ%te2wSqOLI+wEiaw%W6M{U<6 z7q%S5BMd0a6JsN18d2QWj|Dfu*l0Y9th0R9I%bK?LALUF%59&w{SJ8Q*$2){bID7j z4PnCFR={AGJLWiQP4ho!p?%*6j{#rT-E(~%HLC;tczqOd!1J7Kv?{jIcNiuo8~vi9 z3kxgfjkl0f_AhlK$9f7~hS>}}_$?BEMk5Ua)Q=uW)!mUt!#?P7MoVm43Go)tSK2P) zescc?+X**R4aueWW4@`fzepADH?mmOyhnFL&qs%8O1WTRZif%OMe82I;F3$MFHZX6 zlCQEa)*9+fO&gESaQ+s>#xp-KR2&A#251tKm|!B)3vvuYmC4%)Z}1XIFV8}(FJK)S zlSf_?{6605{XVXHdS@^((%xg89Aq83m~r2(i=u%+n8Fmyx4x%aN_Sxdrd7e9uI;IL z!nL&G&ie=C15dzs7=jp|i0=pI`=$EEldSlRMKh2aUV`Up5aloU`z+}{cV1H-FK#xw zn_zc^QCFi=kOJ@kqJsn9D*#=F(cLUj7u)$#fNvi+uOf<6_4kyS$GtPztCk z0w}uzNh%BCi-)J~#u2>s9omlh&zJL9(pgh(ehOKN&G;k$yjqEdsmbvR zx}Q3*X}Ud1D&U9R3*k1B7Ea=xxIG6+#SSPuc zCH!euhMvjL4SDwV#vLMTVCu z`AAZ%-rfUD;w4`1V|!o9{-u~aJlPaR2fO8~&RT*#P}tE4RGaI^P+t^3ixQ?z6f^yo ztAwy+u;+w(;0@x&g%60-k$>N8>*Af3jLzHxa zM#kKBgHPXN>0n#xd|=K^{HK)LRBFF}@Af9Xop7Mq5SnpHv&poRAstUWnf#54iy?6+ zes88o!!Y`f?<~&#-o9BlpiQb^*~<+ADt*HTMG+HrVk#V^%`yDi zOs}rL2JIsmMtr??P43!S2jmnK-&g>afWHdZqK#7fkh*KnIU{XZkOSYJuaYZNFLXB{ zwFQVOCYZ74f*~<%UFv<>@|7ZKS9NUf@MAb}vNX6^w%<|rR1DaP9-2;m1I#hL3v>5p z)+(gCJfw9Vk}Rj&j-s=KQvjo-IIStCcp9bPoIt*JH9c_Wl?N^4vRq zOUo1(=$!^jT0nVGwKpZd!?C%R9QPe<^R0>kia5r{YeE@lj7>))dR-=ZI^g?v7~?*y z)GVWsI7YYl8MXJ1x$`ficnC|5yxX`P8qT}o_^->Kb+Pw4{zT2XPoo|9F|7MsC{z#w z8K?1j_W$Ce&=$FZLtBiM20nTs>-xH!5K~rMa0@k~+_0{^FZ?g@Swd?2@Z$dR2;Z3G zBC94j_nptmRX+e~keEI}!$9i@#87qzeTHUH*c0^ZeZFrfJbmKy>5~sWpN{!-h?sy* zkeoQJ+?bX-yQ*A7RgRIYm}vAAd2`XcD;m*s8Dsix0a-N)LGxJbn}Zk=h_f{lb2>LsxBfdAvZ$dqft`N0d8%noqiWr$p?HB(RSkFTh6p z0F~O4zLeq_^<8xk`V2 zHb+4Ep-1}ojfX`WnZoU`PDr*h4lT4*;-kB>(A+c!o);1aDJDU0J^SMd9*q*ngo3jZ z+ofzgm16nX8p}_<=gYo@KwuH|C)ko0AH+d{xRUykOaw-=Q13x~8vAOf@3ESTEYdqa z@=l|E9zI&fMmH{aoQ~d)d*WYmqnun3qj6+`A8h*zw(Mhy^j%0E97sd52Ky2Flu!uq zuYWNJaVhMB;LvCO)XUCsj9Qz3(&OC)iU!zZwMTTzCO^r(_s5i97olKDh&C=evUHHg zB}%BM&xAf71Fqw#N2TLtuc#WN)_9QYeO_*PIYjC*Nb$iwb5@q+r+9yrdiEuIlvAC`o!1iz-NnIN`?o#Wq8Ze_RC%WP)de38wj=V>;uG-KCGBZ zX}UPHS4xXp^zu__b|1J1144VBkF|@&MT}OGOGMkG!y9}Ot_LUpDaV%%$|0uR6-o<8 zxC;UFAV?`0^D$^MH!q@DT*df;P74>MOkD6Lay%K>?s;Q5%DVcLTlFtoEu0&oKdhzMA@lLa4wn{wijrbaZ0dPJr z`#f;K@#37!I^NL5gURs8WH!AMXu9O@(QGT=WeSU~Qpybi)<%02VKY05Xl860)v*8+ zC-s>Sw(41ZN|P!`@~qyVtZt=*&HLQfh0M1pgaOt9o3mtK^S01`97pZTJ z?5I3e5u5MT2s(XSkd64Gv>2E!ZUmoXJ)fYL+Vhk-)`Yfy;Xa1D1ZF--E&@!fQG-T4 z?evNcfD#6|@mpN7milat#HKtiug!>Q zH~BI4$c;iifFXuaW=xHQlU@XZB{fwPl#q-Ggm&2@Bwa<)n-g71eA5_}0fBk@Z}-m60;O_2 zz`aN9sda(;Y&L*g0!ZlrtiGPMP!5wb151QlgaapEx$3ENrdSu;CkU>Yh>=7JiIY?g zqLVL4cR3(8kp!*@V*>ImS1OQR+=ukiZyr=(azT9KjzU6;pErAJi3qRK>@f^TBOtb+ z>S*y?{8cpg%XjEARUKju*bt<$$LFLjdKzV9rHth>&R0=W@T}x}5nw*(6&s2)J6z7680%=&|DZr+sr0-Jl9q@$^wE7UJ z*oA^U5CKh^DpC*_k@NtLF;tWRwC=}z(ld^U9I6JkvrV_SwWG`p15EhGO~}D z*Y!b$^96#h7lH-K7GG3FK=GNYeHzH9>WAx#*jFU~!D^$$7Bqoh7#ms9$ApnR>yKBl zHH*5(h3dCyxd9g7(TJ#~a*ots(UF5v*nuq*_)OZF#;!~icJ*ior((J60c)S2XsKkb zVf5*2AvLvntb(Fn72TR_P;eEfn&NKI<9lt_P8K4HiXB6PgGSPA&wT5WyXlvz->LxB zJw65+<44;0Jt@ZC?~E(ZK9OrygRo(Sp#ZnnC<%$3LBs3GPgHH(S8wP3kB7Q?zF8d~ zX&kjNZ%v%?BRL0u1eI`)#^DqHVQ=@1Yq_`M1W#~)rIw(|*KiDT;A zX1;Vvk1^0hy(dVhF+c%!0%hF&L^O@=&81Z+heJ)gkpvT~n2p_w-iQ`7ws(y^oi9Rr zob-sYrU0JK3dq;Ig&v)EHDNOjL>X@c|CUxwx?`8KNqMv?Tt=!LFCIpdK?=iDB#wqO z*v7F9Y9P(7<-O~Vl)>;Xr4;M@Spy{;3-u~J=z$fKM_T} z{x-s&jFtlJvX%`~`bOhH`UdZO_Y$=0Lv*Nh2fc!|L`EvDpAF-QGtYiTZZp2!7G7z7 z=TT%)8=uD1k85G>!OVcUtpaviK7GG2b3$AN!|AXMsEGcga||3Er?t6(9*X(yF~)yb zI_|!>j{4FAddc``8!)!P2l~FdAcmg2R`=+pi^tHY`a?RFXpCr~u2o7y*Ip}`=s;U9VY z@0=g^RS|2LZqPLU4=*3n`R0JBpKpWsIc>hNfPgIwTiJBJ{lu`4`SxMlH}I=xI^Srq zJOuwm^G%JIoNtrJi02z~WWH&UU>QK4Z&5sCzDaJ)e0w%D?~BpAAMPC<%^ByLLgRcR ziZ%PxI)?uOhLsFM>p^j;dmDw0-r8R=-ZGSHM1% zbaA7OAoulzX)JsRqH$2J;r*>PU?7*QR>c@U- zp^9Fjv3MbGL3!iT2MT4lr96;)0;ohyU_OT^1H;-T9&fq#GOl#eJxi;&El5iPh{$7! z>Gf6r-eF4>eU(rItC(QqpeX?ge^HK8s1?r3tw-(bGed2*Tb)R*dL0uSHi zF7dgqVXiFm>5FBeCv>&|6vT2zvwMv%3~QuG?8x&HbFiL1KzWMw0qdPPUlCj>>+cH7 zbpzc4U^Ul>VXjUj2aH{MUt#t5P6)%D{&i^#uGX!(V;ea0@S89KP#Z!fcuo6`0xS+vVMW9xCEJLU zkhy}l)UgI26NQHh-9WzgU@)@T$Y7hrq-fWMhe@*%?N>RPH{qsdHJJ=s)|WC~H^V*( zEYpxYfDJLY(%YpzhtK3%WTf(>8W8q5re?}H7~FEs^G&bdIVRha_BW$_`$oeHrZv1m z8^%Zo9tRT{{D=M8xM)@5$+h5~2(`a?@c;)pDRDo3EX-}sti>g3y~nF=AK$1Yj!BG& zI2DkysUCq=A5=@A5b#X#d?m4<&`b$59oWA}q}kINKMk#^A}vI^xjvD+(6nh)T!3Qk zkI!&5rRrY+U$@A=(IMx99+YHg?1ZQzCylwgE;5UaG<_q=Yf(A>!l7uhj|h1PhMd#d zD2hD~zf1XMIk0O^UXQBPV^+?reWxEYNLAGJjE;6s!yFb%k+d81K)4CXsPhr^g}Hk& zYkv(VFW>WxHa#{bJDv$Uf1CX%rq^H!^uP-H;WS<*T8D({DN7GUs+t1W`w&ds$aSC_ zoViEs%f#uh|McRt_p3}XA5B&RQq4q6CbhWFr_C%EQK(AN$x7Q$9(D4pheZt0XkiIf z)@#yYpq9wdWCZ;>u`J4FUv7P-SCy-Fta3PiYXXfmEGP!OlLH-S@4GFH4#SVF7#sI z>CKse8&X_2_mE-231ZEJnat>WG6NTD(cyH8icBe|-;gOk+mCZ~T)n1*Szd-}_^h!J z9gjW;qsX7YiOG7AFXLYHMH0w3Ejdj~Kt}P7iJXG<-XPLt0xf}9(m4>TMKt(NBg+$8 zsr0|@*C?F=cqO)P5?WxZi0=5 zu&~t_wqoCNIpnM@z%xbbjCf7k5c>f<-%A-uS5A=)WJYF!OE zHcD?5a}63$Q(%J>;PO<(4cPzTe!&CD3nP)qo>8N4Nd|8xM^>uU+smk4$6l)Xr`JvF zVoA(NL55Pe)oh{#r2`s`=hEwZ(}D{Z%3d@&@Pi%-=OBTbF$-0~5p-7zGEKO#C#pWG zoGi#eGOy$;!h}S%_u;RwdT?UI_?f7puoDscaxJvE%IR=37d5dzUQbACMasxMMI}6e zP#9AR!iS~!6%47cnn^`-^{8m637<6qDu3D9r6ttn<9rC4c%U+c(0}}}OYxs{qWT)vTqyoQDmak2tIg$V} z?|Lo}BGAuGS3nAMWXv8z#c|*|4q`}O=AulY`x}`*o2PJ0=K)G&KM3)0%&IXkL08ts~b7BG)CK@oWJs{c=-{>cbFJ zMiq_P@~{`^DhPg#&zN`{GXr~pco-tCk)dNs%(uk-A=QMK+7%<>=l8B9;-xZBgBZ7J z%m#=%Z33gYf1PM2Ol$5LEXq1&|2om0@I>2~=^X-w*jDk@yv~cDe;SQ8=1ZcOD!o)m zoEiKG}rDNN@Ct^yzAJZwF&i45|cFsX}!OaCKSe zeMb8SfuAQ0GR1Q=!QpfheM40xC&K8dpEawNWM@C28+-@yp^m@=DS?o^Qhs**sLzA)6bK>xmsa(!g=zFRw;7pQ>$1_1WLMOmNLM1N>fA*(CWrZ4F_@swjlw#XOEBq}YGWKam%MB$s2Fv3WvMYa?9U22 zS|fYcBz8`lrE!veF`Uq4si`QcUCS}(ixoF?kgN~JISy=@?tqs^MTIc_;{Ok{9zbQ6 z1KFuW_9W`6UJF?-WWj0NNA`+i=95ZjYy$ukvP@mc*M~N7DCny6Ax# zEOW+Jn2S==`S^tB;=}h)A}Jc&QWiXn^CRr{d_>Yo%(Q7@2jeMXXR=o8%-sIb(LDM_ zk~%w+UNP4#1qX0L4+(@b?&(q|QgsV*4p2p}ZSw&xoU~!O6vUx`gP>&C=}oru{|6eL z{t0J1<~H98A`JJgUb+zRj0aHsy>kqx4HQlwGDr8Kpv7Oe```8NqsqJAwO6^f-DVVV zAKvvBZpFsXJpRLt)H4s@(W51d{BF{0%dZT{;;}F!9t)d^AgHDHmZ`uE3ySG66vSO= z@ge@G=_EA4UW8LBk%o)mhJ-b9pu6mDyHkYRP-*GrMYs};T_5g|{Q%J(#!<0J0%@Ok zH-kJdwga{xixA)e2OlD5-Qzne|;m=yp{J zh3wl}AZ-DIk=ys{YIErtK%7h;ZW)Gzz=Ubm9f9F^24 z2ce#iE!AsI0N@#oX14ZniDpK~eKBMoiJ|vQ-*nipp_A-2C8FapY|-c@!4opQIE0Lh zQoJ8>(Xbw?hF#%jruQuTl>((6rT`$;I$8QC>X1`G(uDl0`=E*}*i-0d^3xPJ>+*jB z%AdbW=&#h2h1ox4C+Pz@U$)fa_|qHbWs>^-v}0;r-N-)q6g)(P3nympPKKm?pVtn8 z%GtXRfz%{q{*OqF_Dt%Bef>H53ioW{p&3U3_gmZ|kuHr&Fk{x?rws}cJtwP7lMQ* z-wdlA8L}jY)$S$?iGr1Lc=xJbKE2De{(?vNG<#3MBT0|<@v}e`p;x`dV)|XZ+!HUm z99TjN+TIbHK4SUNlFpajSA@33h(h*cBNQT+0}Ni8B{Xpb2M^$)#Q@}xVJlZ0cG$Iq z!zDRJY4QC0ilsa9rBi>5P>Tjdl;a)A_0z`x>iLGh9`W^9Bhdd~u%_N$719W#GrMle zj@dR&s};2Q%8*o2=A+wB4LerIj!w{V$=9k!1%7%T{~Wo(_ojPFki(J=HRcD{tm(nK zUvDXofe{G@C8*Xz5;^Lv3&tiDgm`wQ#!CLQO`M|Y>W|AQ@2&qn%#~N`R9L|72m;9g zL9!CtUcjA%KHO!^aam{tW_qrPsLto03{Ue<^<{O>7lS#*vP7?2r(81WpOplNjwXW8 zr|1Wc(QY9hl2=;CcH=n_Qa^=eC_EsTL30<|eg|y(w|Z+>`y>J+oU(Uc4o|wFZGi%7 z**+2;f$y}Xue5zw*oSg7+k&ojVB)>UYFHAsq`l2?l4wz~A;Bo-I|YqGS0`%j7WYGe zJIkX>AVY(`S|CzfTK^}SIs=TXM!|zJcC%bbfs{Gv?Q3Wp=tJS^#sdXYiWW~|K9rk<@?9y99JbIwnk+nXzQEHPJJN7VLB#nkVc=WVM+t953^=Gb;> zlltP{!3Lw$$63IWVELg#51!U5UG?U$2VGoaAUxJZS|PP@RXK_)Ex~39R}p%Nrj3ZB z3x?%&HK~~9<0v(*7$e>dh^M=W?s0cu5dkdpPT9B{2dQLoC)a^e;1*E6J%Xn6iD#0H z#r&vHJQlU2ZwFZE6zze}M*27SmBk{B{Vzz5%?+5ON}l(=I>Hy7!qlHvo$~x};39*K zG6!agB#mGX0onV;PytUdjBGt$cbzBxM1uf4XTzUhn}uQ{Y|mMU=U~ufNY5ZjDWZki zg5YSj6L|uER0KQLFMkl?7p}l9=Ud6ZEsH~faZ8&fOaODR#0mCQhXp3weucmS6YfVK zd~&ia9-+Of0(gpZ@XxzKg0)x0ifWO2y_FG$#o`k;{-T;Z@F=ze-D9r%;{lm5mo+Z% z!UXfG$0|aYK#VB&i>T|3C6-DQf4kfdAx6zk(R|8mi_(M%;9d#MN27(ugLE3kE)0?i zYYro*Afu*D|J`E}p(N?(px;zC3&%%_?I^G)Nu7fyFP~NLUX^(PJt2&Fm0z( z;v~>p`kYpW*`U+C2i`IfEsWJXg%8g7FpY@0K<1Gpfj^Sff0f;LCTs?b@ZbqZA6*>zTNRwQrod5NbeHG)ke;?Gs_ufNE{%ah zNk*EVY%3FLO6_>{O~P8K%xRJU6=g96dBWt=dFmA=T@U97V&H-m;DW&Uz#1x|Z1bdNOK52f#!dX<`Z+3V?Brl$Qm}lFNlR!4_|#20YBRTA+?z$ zFt<8f?~^b?mb!;vg4~QioIit7C)5fgD-6E`T;7mb=k+Z`D2P%)=u(uZ4ZzK6xUk|8 zFx#U%NObC$kbo?3QSlkb3-njJ^JZmk7EJo(Y7+JagpzpS3fasRugdnk9EOI}zF@XV zp-9zM;{{L<0YN8Fse zSLy=F!0A#K>Saw4^`MQ&fz?d3?fnTU_aIF=^n*@lA5?^}n8Pk%2hO zrwJ8?Ur?6{ACH)e#2lBx-+V3$cVj)giv%rYFU!xmYYS<2;@$4oz0{K*l#IM5Y5p?7 z%lo%;d|GV!8rQ(0oXWLy(GAV33N}!Hb;}_@P3~C&4>pX!;ZP{4PBsKMYBEf{heRnhj&h^g+myJ) zjJks_{nUtEE-{cEg59LJjZ+2_(?35Qw`H`33M#T{lW$9y4vcSb-f!UCV-aH!~?atk} z|4caGn8Klts#gT_wlf3043rTMBJ9(OFNilhLBuk>J@~8Sw2PXNp$(@v3s*Z9^Y8Y> zCpk&ZS1k#!TKc*1o++CXc-GFwV5-#jAgal>fRbmIQsXS977^VyAt!l}m{xdY}S zi;#fNRy>dwjVM1c<@G#~T>>?aOk2istYa_T#Zug2c|dX*z+j)u>fkV<*160r{+uCD z%65pVU$}i4m$9HZX%nlenz$tWIwaG3UiyWOpJiWYumcT>L{X+ZTyhY6Rom`xm;dHz z-8L(2J-f<=tixE=24^?D^b|m&%h4#Tt}?2aN6XzCFQrvN=z;Y;LKg4NMaVWiE3!?l z{Og&K#g5TWEgO<(5Mb68>M8HOTT%18Yg;gpC57Qr!BH1w2HxPyi2UixdOnk|hNKQ9 z1a`2nRBD!dmiky-<`RF%YoO5)7db{|R(b>#pKoz)O@ahop8zF0G1G;T-T}!EJMz-g zCSh^xl5uioVw8fmrMB*ib?_(M#{Gcg6qKMU(A4*oFSz4o|0vU|13tXV<-P|kV|K&l zhFw3lg(`U%-(lE;*B7p&v!Tq|Pv9@RRO;imTuB!UfK;nIQOA+IMG?Ty72j3-(vWrk z41Pz{!SBozKksVPlQ!4CnfQr&DUVb!jQxGO=ZA*8nwkA~6z-VS|0(&I+gT?(i64(_ zz4aL!+No=w=T_0@9C!z2j32Ra9MFPQxBxHG&x#svUhThv;bvZxB1Rit#Uk3Nv4*Zo z%_&H4<3$;7pm~*VGd0f4l_U}B&V5nUL8-x7vWPI+kU$mrElTU#eG<1GTxh7pvW$pI zyK*cv#iGTdNO&R4#a_VMELbkJS@0{hS)c}0UG8NdkJb2(->_MXQ z5{x6IYg`^Pm9B%B?!BjI*@@Vae1xRI%k+%P#Bz*j51+8-zz0(mbRqY5QxixHQGcaI zCiV>0tTt@`V#8ar%vJ`dsWoe1&iNORFf89>9qW>=(9-1D3Tj5OybSr$O&*p);p)qc zhIJSBBe2r*_S)#0+$fI(%Q(HOE`3*>(s!-N-Nn){)yOUtR95!Uz{06MJHJAO zNoh7VX2KtkYyq~<9i2U9bum>{!dE-6RK*w372y8|`u?&%Pwuh4zv<_ZVxQ{!7ymv= zCMDq{=Q=_nY4I%k4(R*$KRFW)|CGK@6dCd9C zq%bDaw`tn%NB2aNC?3W1ZLMKpa`&G12(E8ENXt#~iruvE&JRipqLIo(=p%kIi?CDO z!ySaTH$e(P#AE-^Pj@B1bzJIEP)mBObQS#8@kC!H9w7MYF5Tf;cg{E_+649t7yIgg z;OC?%F~Mn8l9BNQ*ETM=l2mXIF?-ZwU5_arbOfp-!>_doDra4(s0S}*yEtimm^3DI z$}AS8y;=b@!#xEq4395Si2Q=>l_n{4!DYUmzp`-mUhnG9UzvW+wok|l&z>(0aQpsQ%5V+P%FMpG74s5GXNkGBbF$pFQ)W}jf!)O9Hj;r)oSdM z%Biord^m%>`wkPKP7nDU+OC2P=ESse|K6e)%x z;`GBguyAz`5;FsFvA0{X*yTs+=OhD%3Ih-G?v%N3y}*jA3zs*%9EQ|@v_Luy6h$r} z1(mPL|J%oZQXY#b@VGSrTBZ8~;PD5f({%Y`pRX+DNBkg7))DtR)JgZ731Yuff;^C< z&=hedWQF+!tw|LYG;xC!ey_ob92ruG16F7;3R$O7^(sjvl`zTnM;4qR+3vAvDH+dB zEbNs`aZET4^VU{;7nA)tENhDHFB!5CFpO z5NiQw%$A>^+5W#URp?)DdY~Hd`9OSSoCIkCjONTpvG%IMdwK#wlZ!iwo}u7G^axu3 z8Z1Eunc;MH<8Ocah9Vi35!58*4}G`f58%k~4RGw;y!s@(0K zfO=fs!ZzJIw?kou&~$enEH$CA$&HFK<2L0^EHCQ6-QByDr;IoOnJ-=LuDBg5M9m&^ z=NyV!u56Q9CL~%gild6xqjC2EV8~nm z|HumnAr;Tq(!;Wg!^B=GWATEp*MPkBT~F=Xqzxd0j_2?S|8zQjTiTJe0+v0q&{bUV zP9=_i=e7d6jVs+w_<_;wQ_llta!w> z;rl+3_Pydh<|{q){AomJrFlE(yW0QV+h6wav##zE9wMEBl(K}Q+j2($D{Rhz({OlJ zpd#^R;4R`0F*FJeGWGJR1lX(A`ve)gf*A5_{Q$784)?wPBO2{gawSV%j6X6=Tc;RY z3s2!hg`3^Gm`(c-7p8>Uv}b!xyvLknZfV-rKU=;J>)}6!g_x3msS?%%cbkEp>3Y!! z18kFztECt$B`FfyvaH^sjiJDyhrC#uZ64 zEo0$aCk2BtfM`a~La&+DD^vHV`(Qoy3zjTpw)59T+2^orV+M3u4Txcdu7EeVtda?= zAOFI_1D>cpD5BgAAz`cJN&hMi>SXPpK8?j_TL)%RdUwtgk)keuwWhzd#*j4qc?L|r z2Pha`zFxD*wWZUwfY)@>Id!TsS6oLv?X zNsg8TTtQwcMt{_l;?3pVxayEE?Ge_0hZSmDL)>>Cc4@x0AWwoU7Np2g(xAI50Xnc+ z+Eu1KZ*Co$6S#QdLvGW#g~$81f#`W9Zu;zZo0dY_Ej{<0OA>*lEmzEa`7SBZpU zjb`)ssofpTc7)#wtj}l3bIBwv``VcT3k7O3Hu#zfXv}~1=a;8gji-Qo0WS&AR_dL~ z-(3-Etu#EiuRewGElkbM6jWH^wR>=PgM0h!CPBo-0tLH$!H-|y(I8eL!lX|M?}PAi z#N3$3_uqlYh7Pw;@47_*{^~#fl=5}Hh4_zVS9*L#vzM_{vM|8zns4>*z?0kkKX+f) zU40JJ+b{@>sWjP|rai}Wc7txugY&3vGyI9OOtHbtcO4O-dJ9(qvne?rZk*60fcySDf< zJysF*V^O$oO8rCZBZw#J00+O>2maS1ec%YknkYXdQe#OQoJN~nj&7*0M7;768 zR`A;dZZ6-Co6BRR3!4^|E^Nl_R~`dC!twU*&Gu1zGi$-;$F^f1W3jm^-I!A z2EE=nf02zaK;rYwFXp-^P95{a(`=Ak1kwcXq#WdNrExW4dE6iU~`4 z*CEa;4Wh(Fk!iN6oc>95;#NLjsg4iI{TP(dAly{%zw{$Ck2+ZDWS}E7vB(s=DrQ1 z;-CP#>1}P^#m&qck=xaM9q7U*02DCic<0W>4|% z^AxJ3*S#V55O&b_!&Bw9_1=Z$%-n>+dQ=5OoZI}=708qwk~3T{h{R0wD_3ac5wC?R zQ{Nmrwg5QsGJ3$NvnT2l&(5|j=sm(IsIy}W&lmy7&s_mWp0tO?+!Y#Kg-TQi(74ij zXqlmB>swZvV;f-b2(5Di5#c`+i)VWHBO$hNN1P(|1?dM2g<}E1{fh4yA$<=iH17kk z$yP(;j5riLO>r;pgYaf#f+JD{TkT;f0)(lNN|6io*fD3Q6tTri6sNU0S3BkfFKbin z9KdNS@|r%$YZI?5It{z_P|yfQqlq7k4z8DC8b5v9R!G2eVVeE}BGRZ|Ok_Cz)#{hI zbz<$VwKBvSWd|Sxc2S@hL{mg7zPi^~twp^09$5BViI!4ng_plNFgbQ_fT z)*uBd<>jDXqqte{#X3|6H|E~{RWdCQXFRCHL&uHypO)ef8Vp6pcQ@)W;Q^aIRn@D< zpNG&0HeBvTm4QZz&_O~-W*Ggo72`KRG)|Y0^EEh23Sc9^U<4RUC*&TpJEval!-_OZ zg|M|lp>h}73ivNPpX^lVhjJiI1_74Ls8KMF5*30aJf9~+L^7T^=K7B|VF8(FbNwSL z%RSd$(u)P>gv6eJ}B;&#oJ|j28w?6Y+>n zQ`ZGjgh$@|(r_|}ifO*+A*I-5f);XP)HKsi(_lEC;c#vPaC|Lf|4WS65q+^C4v_gM z-389!ZPm**m_%$PQ-If^o=x8p!fj)FX^D3dRA#>qfkH z{E`tilJIc~W-=bourL|EM)HwCt~aP6#Dr)&Se$&sm6mYcWej3xL7ll6sfuETHe&wpe7d9ogovLJ7L zTg$q2HDLtgLFVMKT52v_n#Yic`-t6w4kkSoS*c95=cNpT&{Y51mz6KomUL5nXOJ&d zs$rUiFL|n;c~W>&rvnaa;J%&MJ5Wps4~Xa*4=?OOBVrEXyX($lDmgeyCKlotZb-?U zoqmN%?kaLKP3uLKTtKUxZJq03N^ax6my5j?Q*ay?oY2P6e@)emBPR?3++Zvp2aU~N zk2`+Pp&)tpiUyK{wsgYQ=Pnlfm{?xFp10v=JgFx4L+Vj>MaW-`!w3RHU?DuLoQ4Cos;HlJiW)MV6!o)rB%a-e<2gY^ zjdezH7@s|`*Dk4|Mw>3ydi3&EqGV69%?=XW8t$G{wGm7)CImC@q(Afvz*$r48Uq1Y zQ|D?!(Fbe8irV835l~ntf`uOcDYp1fvEv8RuUWD$NX}n|)oQTlNh^xZ1C1rKk4sf? zcAUiQVv18-+K}S>9r%O=pPl@{;2R@~(^)X0IF;-WMPahbSB)X?RCOMLh*AqO^ZEeJ zfKF2~2st^3SxfKmI@Du4cggf6=q!2FSG2*?|Dk~n2IGMG6b+SYUGo(bAn?+?sZ+MNT>}_H%CYY@7 zjcd4SxQE5aE;t&vPuMOu;>me%DH^%0;Ql4 zCNX3uJobPx%EN?B*ap2v%Yt@7KXazfOvdzEWib6fTkQmz(}0~|kLPkfygH`y>bS%( z&}HbR*QDR)TnpkheBV95`g+&^qv9o~a-pkHnm~}!>y}~H4&SfCOjwC9oJvSkWQL>4 zBi`q&@>ud%^2ui6)i|8#_ED0PZo~pn{Umc8n$=GWHl{X%vzoS|oU^(uPzpL%f`{V4 ztaP$6DneBFjItz8zIf9(_me>M8#A$Pl0cCUQ=~k3;On}+ttXdbB$7@!Q=)^SpabU-6Hkl|8+P!EqBsz}SWYR_!0|}cueoC}o2{#C+ODvooV1;1rA%8jG@xR1r`wiV zbi#xFPMr09_I&TNNzKNo*Dq@G_5o8o)3#>4WqUj4-Fm{@Mi9>)*5Vt;U71l+&`I|<8HhZDcr7HCyqc8epq z>Ea65O90qIjgp;Tm%E|j#F(e)m#24Buy2W8Vb|`ukL+6MH7&i!Sqi{oB#d|Tqmzs{ z5eR%{vIM=xGI8pg%myJ)k!we#I>C<5{D_IuPcpyb_)j0T4)~yxU4x?j=m?^xZ_EY) z5(ZRXp339+KcDLmE|7y+L6=JeHdb$TfNh5L>t3Kt^VKLHX+7G--*`QO(H?=14!1!3 zmE7wmAYvLL1PJsA z81-FmMk&r$vpr6CF-A~M2F^(4r%*K7pb{CT?}*ic4Tjar$UKMoa#CB(_fogNJJxz` zxAhcS&*&hQ+2|MLpiz$75s=5=4*H76*OS<>?(|N}yZsFU1Y?@~%_*;4A3KU)xzDXD z!N{J-{5SrXl=`Xsh6NtWd=G!9J=RjA_wWDtJF)$pxTD;^eN}T6-pSPNBLai`%?znp zz$Onr^IrK)A?*w{IVhjqHViZ;jj@v9}!AuEZRk8fA()0!P2p# zDvqfRSng$lnkTX$?ms~u$QBY#YR{%@3c_oMLsUVh!a(0D%YynB0>JiXqC5~9zk035 zHU7XN9pXj$OIf54Oq0L4-xeuJ=OkpK`mI13Mzd&Yc3{Z*B9->Fe^m;p*D4i>N}rMv zkc^xV_o|N@KhF&$o1s7*uXCB038K|H!s)S}F1-fCLxgjk^>PX4f5BcKc!}j}Kvi%m zuv~g6F9)|CHr_iSiBlgO>a8VD2X^ zx7%__jz8x3t6j=L3=;1g+2{GyT@MY1hv;|q=R)*@^vCw)=`K_0cRKZFk$)0c_MrS$ zL?N}D`e9stdqReBT>K{Mt->b&jn>v%p#fBV?{*+W5SP)3-O<1nr3>h@`M1HtSDftUo6Huakdx^4YKmKm5Cwo|=Y_*;(I;q!e z_1+(Wr%PIDm0PXa@oE)Vt!0r~his7ww4=8uZf}X!vqdZQp0#=}$h7-outhBOzG(Hn z9jO-@Lyy(EZ@gO7R*Q@Zrg~Vh9D~tkTJz$pPQdf{a)?_P-qc>D!UWcMIG%rOeflfw z{W$np*7uU!!wzXH7J|O;>)4}$cbm2qHEQlWo}flU03fi0wxXNn+GE;u6I;`|(82%E zLT|B7atJ|~U3xzvU>}bw|4uN*J8t@{FkHiI5gJ~U!Q7k+yT;md;@c-mFO8X+EV;yR z@ac87WVsc>oG+q7I!$laPX8(NyWhGyZu)T;?lHIJS^8n+op(-@77J|f!aL-41sEmY z`{UgTG50_N=b3Swd7}LC^eY~3mb|c`%e1`Ms?&1gM8{uZ1D5fRJ@NU{!w0R0iO>TM z|Ag#S7Fq1UHR2NjJpCXKRUe= z@@}K$k-`7K1$lp_OQE-s-{bN;_>g3XafXe7#$y@ysRIcxwC$$`?8~r2>nxxgv9W?z zpnP~#a;KG)fufIdW4M@!A$>BGC&TOs=Fu?!-7-X8!s&Z*x5~=9P{g^uRx8B37DzT0 z5M4BDD@GOkw&P#xOJ&Vxu6ETLr_*Yc(_t4|F@;qaxI|(DZfAv8Y8a54&7E{XkDaP&ci2g1^=&wdUUlJg7 z?UQ~wNUweok$yUsAg(T}CgB{cyCN(@6(*9EF0NpY$_13{a5I0|S?*t^uuEovYk9RN zaKXycW2j@?6aAIC%%OXtl|%+VUM$B}PyZ6&6GS=2%G-E1JpeZG^SlKIlnGCvZv|1T#hyNHiuV4@4iF23uxH! z;`=%uSS``{!2IECFK+H}H2itNA!ygf{rvz|)thW()Aj`)*n!ZOI5t9LC*<9JsZ}yu8>~Z`_4?4#W7U6>7p^x7ShPQXXd^$JjCRBm9;Q zZ1)*&FGI7=rzZFCj|@jP5H!L|7Ab!u^yQvmt(~#jLD;uA*t(9;|0j?~_|tO3$u#<@ zFUutCsFeO$_?kBF1Up^ExK{X9Zu44{00un=8|X|C9YnP|jp*hV^Tm^;3^U$jJu01G z+3;kIKnB`mA)bQCQl-T4lsHcoa2jz_q{|K&Jg~48vH`$toNJ_`kuZ&eHVgR_R(qDB z#h+vSo4#lxF@mq^l2H~VLGJSc{;dbuR@30C43#e^ngl~<{uc_E61XUuE z6SH3DgcsTa;6y&#!m4BcUPhvPWWf)--IHH=;KJ77-%{U!6)BlNm_p z)v1&neRV3`(~<%6S1utA#LJ4_w~o9zl`(i3U5E|?-sujyP)7UAi*Kcl^6vZ;V}O#K z^vthLWenh<1YVsg2w?ZQ`b&bJygC(oj-7nge+5H{q7!^mDx;5sH)*~%{RqjakN)Y; zyk$Mu!+nF_8Q}!OvV&qfrR#NAbfm@g1H*(#4-ZA&s*2aB(v!YMm4Di6RB?#Lo#*%U zZ%AKmQyPGurhs{U^~rnEM>6Gpc@E~z$8?0isrVZm=-7>hKuhM1q>Aid=U_;)A4MPg z`Yp(SB-}x7+V<`>pwU~GAd%d<{KT*Md%8HB5xjMYCBs)LG0GwZ5xsRu5Qb6aeeQg| zbx9EDnf}on40Md}Z(l%d!4Rn=OEs<10(3e=ZQR{Zhvmze|0$M}kA)>IS#RC~jK!VG zpy4n(88Jdj)<2=p*DqKHLMGA_?00A=ZylB5gU$O-kzd~Mg-Wr`z9db%dsCm$6erNp za`&lPf67Htf1u-e2BlbqzS&D^lNO6=1E@JUpuqOft%vubpS;-zD{;ChZ}vltoIKFM z$$h&y`Q%+gp!`_g;b^IU=b$|6>@TS zoDfTSk57Ol5Nhge?e}&s#)Ei2 zFdLK$x@B3@HC1SeLmQrwN!%avKJZ3J*fSXbI!br+^G|w#?jwWzvvuSEP2qy4#=9nR z>k~AWB&<46SLDI}&M(i`KYM=nUwmBi`-kbro?lw-$3MRk?*)V6dke;>`>1&TYsRk(wxF*%%Fr}qu?!8jJ_5IK*PTc5lgXH`_69Fl%WJxrmYgd{cPcqi@V z`|YF+xQ5^02!5i0uTNOzxhwS~`>2X{V2*>pO%%dF2iMmpATWxbVFW10`{`RFd}x<8G_l(iP`-lw7|QoI8(qt!u&@a1z_>%o_w&_K zf1rcE?WR~k+mcNl)wXUuj{}LP@mGh`wa_Y1+~=n|IPRk!z^;5QW2>EDs$cpvGoXTi;o8MG3!;rc z7UYCp?riTz(QJW^N4u)7IQRQ!SZP36pwo$`vpr$CYMC>B#PXKk7sJYYG+lm}UYzAk zB?S2Nr~m!5qM(1+Q~n%q9gR%x|8Zheh%7T2oc?}Sqg#DTFoc8B?uvr3ZGVf=i*rmLkHawYTR1iKJ2j7Ql$H!OKFj)z?`N+_D0G+w0gjxs@ zRq(l;I@aS>1tan<9#Z=gQU!Z&ke-gM3ixze2XHrko#OLqzmYI$9fc&pEA+gBe}!Yh z?^Oxf^8tJBpC^BQ;IAcL{n!pD%isO3#w(FOO}0eLTMn3dBSeajsW*%auR&hL(SEkilp$d9w50%Pe{f{^(hEj1A*C-bU~7@mivyYiLbOy$(N7Ti9LrHkJv^L6DO+J*L)DDz zh`0rB040Xw7JRM+CRN9-h6e!MTJj_Ztwq4Nm5 zQm*ogazvJM9lI>|`e>(kamf^?wTZ44m&Z@pL<;R+{olVIvjxl)3R=zpqN+;v%1`)| zja%g0$}g^xLqVvZCsf@23O2?))TiYaHH=aMhisZD(BzS@>TzH72~OcOMKN8x!Zr?k zQ!lu`DfSy#PY43(7g2Jc`eB6!R4ah$>Gnu3;QnL%?{IVQ`HZp+$bvU#`o=kiX3Ns+ zY%89Ww@bGnsbZ2m_HZh>DH^?nJ>4hz}6*bJeE6*#($TwTiKiKAZ85{T- z>tF)o!(5C|OC4Zne($4vjxF#A{Znd<6?~rQ(H=JENAwf16ms|{4U^p?Hu>A8c>h_? zd+j6k#Yo223;{R}vRRWoV$-*Ar*E+fE930CnngafqzHQqFZ(SJZxR>q_RFwcS;#Jt z+($+WU3GO%UG+!ypPjqxk)k=SK>C2FWmK;q7x;I|r@QY13lMu@BN9 za+%A}y@hlGbz$|^9bvcSam#ma#S1_@!obIX*tdr59)c+K6yol+e><8vD@xT^5y8b^ zB2;~3BR9$3Z~2a70U$;)1MEgGI90Y%e!{xId*v(H8E}#9$ z{rq${hs$U84)K%5w>ct@Ft})m+wb#z8}GP z?l#>^-6A+IF?!i6NFO9T5u6{Tq^CPcReCt`pX_-^LiKkSai#|6d%Go8k1#}U0;V)J z_!G|*VITvEp?sU@p6)Gx2V;tY^F!VXXA%P(0D9oQ*R6;5gNy%n ze?*9$dw&EM$wqE^2^#L{&i1FFz3PSTh>AQdS}X6+*t@pejbeTOxXH4fo39)X6Jv` z4}{F|?=NEg?1fPy>jzd{X#Grr)%Qh7|wXd+A5iq)@nK| zi1)jxn*=WcpCatogUrCD2A(905Pctz#2$TLh++}KljeuO^QAo?+I$HVsvAQ4DS`7* zorf!f`yF`O!f+`*qM-g{oL~#2soV{sZ0nZ)p5A5#qwZ*C#}q>H8MvL3fcrB*0|7wy zjUH?!n3zeIb79ZUQdvQC#svTkc#?rr)SX|0ql*-ug2D^A<^8;8Sq*wW?++64eqQud z#8A+$dzGQ$`zCI{LIw1YSLp;_xKE*CA~}5d>G&&W)1PV||7?2hGkC$X=|-6iIHk$t z=;W{dP?$FR+dza^VW8H;!N&}|`}ohLk0D?~^yhmL$wvMyAODfO=*NGoW}DV5cC8yPpAA7UtC4{70l{KtUpv?BTVk7Vcg z_)m7hZfhC(_z#Vu(#I2jJ7~`{c7gBP4d^vp`RtYo7(8k;SQz|5+gX z41E>|u=%q<)LuUe^uA-Y2g0$;5dI7#9;M%c7DoJN<8P0q+aL96F2e}jrf(=1eld35 zUHv6<|4Q`+v497$DoTyd60aD|`0JbbGh;*)HxQYXi7(8}u&yn*MIvS|LCWju!e8l& z_VW7%!5zq@Ydn(Mv6p{RM9KfMLYH()YntJB?_A{8IEG+fEW*6*q~;lo@S!?CyZ(B( zX6AD4f+d8H18>)QlNM66S9UTeq$VvKfUK@SQuLyr+^3k375NmC<^(>)q&d%l07L@= z0!;x2@kGn%?28M9-eEcV35_ifq}*npgKMA|`ezoMs^*t>Ua9rv%T0a{OuyuzHz%$^ zg;-2t+@%=_P~S9fQUnS;hK& z_{`i^1kG=0l{(hk2$M<;! z?f1$G?MoSQBx1RPNo>zwMN;#T`2hT~5ZM$@7y99ApbxM2RWL_)DJIQFTbyYD9SgW* z9U*F589qN5x<6&{cCstt=)}U~Y`X-J_ZpA#zz|V{%OfAhko}I({cHz-y3hP4{zSfY zNbzZyU1Qu~%lWNCxq8~}*|!caeD2pIl|0{eqNjkR<2n69xs8O1)@ZZezJT|9S%#nb z5j0-Aumk155I!D7?YzIAXR854CP46$d_X2jJQ%Jy=6M;THNnml;tz%Mye%8ZZyu)K z_$DW||2>G35qxFqIgj^H{NBdg|0pJVmA$kz!y?O9O3RaS`akMJ7_sMl0E;9SN zXWjEmgS+nLo`+>|g?TD2D1tKO9;os>>0t_MS4bDbfi5BhDz^QS;-2;w?e+3FzSPWgW{e+c*wf!CFCgWi%w z*_0a!Qf??X-%Pn3FEHhX0>c93!v0}}(a$Cv`+q~FJ>^fM|IxsrCLA;O3ZjrMxG#u# z!nurxgd_S;y${t9_aX}dtF&txS0-nZzw&95UMVp80AtvDjSRLQP5S-8_Iax=&K_)k zaIoMqy1`ODglT-52Ycrqd9eL~!Bzy9RA|4rhwnR*ED3Ic^39m+ZCCdyOL3og8pW_F z@;9LJNE((Yu%8#fDjAamkX>< z2>&7K7wy-;v<6P&v+-Jd1!Oj^b5-~ zTCgM^AkQM~9h`oqlxUb>c7ia&dAfA#^N@h8C+8ufq`5XXX_#Wb3xZ~pq$*KIWJVDC08*e>Kp|WoL<-VQ*GDe--`Rc`LM{lk zCO1mu$WFH(21f5%${3mG3$_()1$pjEJ|Y>UpD*~mL%$1?%s(%jrhP3i0WD$GQ8cIg zUCQjqV>2+Dt?2S7%_;gFp{ar(I~<S5COu{Y!f>ULKx+HCqz&W z%iB1RmlzX&^Uq$u0JDf}D0>C)5wi7RhLR_PiS=xE-vd^*Ovs$i+=~jw|K+ek^mHph zVljp{Kj54Nvg(6bbe6c2jyA}VQ>!W2>ruNnRGVKNfq85!1TjXvU2{g|ouA@ovM+-Y zs@019F*pIvWJfR40Zt4?I`c=B@us|=8hrVV*G2RwnngS@nmw+X?~RoInS1M&fSkPx zhAgoi`Fuy{2zt0t02-;Uvqz8`QBOEXHF>>iQY-y;Rv?#q;Sd+WBO3%$(_=;anBGav zJHI}uhkvMZV`#MJh?Y8jentEcKJB4mllfsj9ArWmWC%CjG@fGF7Jx&^oN5kTKy+c=ax6r{kzB9Q%vIn98r(g1vi6CX4F#z)hJ18>b5VktR{`PV%S6yo(Y^v%c6 z$>%c#H*|_SpL7PTCpn!{RpudUFyuo;_J^1~%_rDlBNhwWj~y`0k7Q_d*~DSY{M~k} zQg%>S?2$#yOKJ=N&GJEm<$Ujy`eBAINhvPcOrh!>;BJk-cF{C$t7X28fT5 z4|?>pS@Gc=Y<3DJ-7~o}zKSuBJTR0ebLrhe**0flO>v-&fOy{-q(B>6Oc1qGFc5E` znA`vw6Mjzdf9BgyGXSJUh0FG-n(bdUI(u67Y%#y4`i`WN6{HH16+q+&T*c89=^KdX z-hv;LJn~wAU+{9-fxG@qR(Z1LS%iWHCeMW4hz*p^oI+_5KNvlvBtv2=@NN1y<&qb} z#YOZ384EQnrj)*3pG@|Y&aA+7_NE_z6rE2r2BQ&f{b6xI)&%6nM`6*MtUJPX`7Sl% zj(9t%j1Dwo5NOnv#9$*PFNuI8c_}Xv9`@Pml9Td!FT*ppqZc##AG}sZMmx=>P&d7L zn33?mcKs#4+ah#Z324zy;(5CKX%#?p`<=X*`!=@3Va0SAiiu&Dd|&02-_!l*$x#5K zoSu7>)4|)me9b|ILRWzh&QYPrRjABep^_>X*6mJ=2G7IG`~eT1s`s<#|FBXzoh+t} zhh#C~DO0KD1koo+T**h-=}=QLebOKg2b;?F5^U&|VrDCyHg1uuE(5&DgAg2}S^2sT z0e&LAA$;TTAH`@`i)G^<;J^1N@*sRZV5k`hgz+}P=|5#N60ElnMWUt+JWcAwj-aH$ za!?$~iE$1^(g=2u_w<23fUON$kl0 zAS<;vLM|r!>)l-fh|0F&i1BqFwISmH?yPqonSrcX_?xl8Ku0^*3{e~L}tQ}DzmfQR{d6XDz0K7yZWx{tsVfg2ed)X66p!9v-8 zg0uv}*rBnz#^>_r%|zY56OZ0{EDsw+D4x_u#yV;c44g|j35WmiYlI0a5x-&Y^RI?w ze*_16ge3_wBFHBq%*-tp^aJwL@+m^|v*qfO2`Ph1?o{cMgac&3h<7d)cyM(G&gZK? zLiQzGm~`ulw8Q1yM8g=@e?esgZ69&P;ALl z=g9-F&L`OlZLkQtuGViqGI;S3+G)~}BrZzx?%aj~&P$fkyY!N!)Up2}y&Yr|;oWsN z0Ref1o?aN92m+5_f7B2l>sS%MZqxfOGSy5%1AV~VtzKQ6>^W(OkO4<7q<+&S#qx%{ ztBM^*@pQn$)cq7*|GZhjjA9Ic-ta9Z(xt*Qi0$c;=aRUV=rjb2PP8J%3m?)vRID%W z^?ELTNy6abun|`g?o_AJ>ZG(z*TbfXYoR@jTGR{m zV26La6Rh?1qGJh*>Ci{8HlCxw$?ETVSzwci0iFJ=KFNT)2JO)y=LUK2!tfwRatyLV z>vVNEI3W}(t=uVL@6fm%e9KnD53QUJ z$aa0y9$^{?!EX=bDA8MjS=od?M`7D*s%c&ea}fUo!y&+hs27@mUtFk@coz4`ww!mM zf~m0HQNaysFIgL?DSwn6azLpFdNedK&8opAPzHr4t>|c)p^__$pinV_G%hk z%=-)sZ{Kw5o{zlbV~@V`8Y%trxg?dyXwC99W&)man*nV%-drs};r!8w5?xz}iXH0x z;W`0aae=apjEE_b`8ah>@xDX1rWC!xNIhzu5gkFjItxoj-#8sAXXro)Piv>4^Fw;% z5kwtS?5-+~z!-fyXAr?bOgbs?%wmW?pB1D}$YLBhx^e|uP_PI2fNPvVm>UIX;)1kx z^2T(Ze&dbGaaeVO=AvyMB;7`7JLqk1=i2)~hhgtVdDx2w{NK9Io9(yS=bR>o^gbTV z-t231N(wEL9OZb5%ZPrvs;Sma~U2?fL1T?%CfvkL}&%Ie4ENa0n2 z%lg6Q;9ypEm7VQhLEGsL)7HN9y2IX6n5Le@em))oqM)VZ{{aR!@&N!q48VRwYk$lD zNOu3OzU|1ce z57!x-0)KFOXmEdf2M>aeVv5J~2Gr0s#-K=|@5#_LT+Zd1y%Y`LcrWnc#JMW;F&{rwKuG~%CR`zCJ&YR49QFNz&OY(rti9D;A0 zXu?->H5Pwv7ZWl%r%n!Kz0snDL^47yF&S{UOr!{!y41JA4)JZ@HE>2); z0^1S^FMY%F*qs`U~#btd*0{&{;6KYs*!61P4<$X*wS58isXgNUT) zV{>N^kDw(TGeSb!&Lpic5_4pjhkhg)2|>hA_G6SSdcg}AIgeAee}pb#x zrauC&0S%2+`|}<~eC*7;E;7n6Yx0Z+5)S* z%*Zn$pr3`*mA7gc+dlg-Ea=(pxS-Jwx}XZkBeu_uTf~|%+Xv;X`@L$-MO#=gX8Y{- z-rd5rcVpcBUcEf*!~_0s-R;fwTkXz9dN+?|XLiBPknNLWtTOG<0-+9u7A@G%9TDDh z1EkMsHeCk;(kMBLooKdLz?n5)H~W^dNfP6#m-q299=}PUH39gT+I`x`gJ#zLjbBhl zre_pK*jNEu7G|Mg@o%F2&;#u;bbXe4pr{SJZ8$Vi5NF zD2l6DI6h@4UOPUDFmW%U)7-w@9l-SkEGUwr*peznH~5X}>&ux$7#<$}O7se~#as?y zW)e}f#He+Ydz`jVc%(TfXS8ZY|DElhK&XIX^_}ha;#VaBmWC9ZZb1`>Pm7ixL0xPrxby;XPy6+j8L9g?twPZ|D01hU zVLOR#rv0zSiUGhs?_f)PreH#3hI4+Y@ys2+0H4}<2lA1L?QyY)fOtRq3~lmLEVx^F z5laOHKv3)*L=`VS)1r#NjV6Rv(-f)$J{sZY$Z;yl!}LfM`dMf{(K4>TLBD)-YmrjS zG4upLh61$t(E#mqqC6zebTkdf&ftJQ`g4w&4|_wu42=8$fGg2?uTIuLe%_tixmU7n z@;OwSPbdUJwdj#UwLm2ts+|BTCmSk>ASz@!C@S_n6WISaVVquhQqT7~2PXCW%Sp7i z-gDZZP?ruS(8-Ch-v5U8=H0eTrJjhlC6W(rac%?7M^W^L z;~!pBQT!0QAhysSKui_w5cXgVFr7iM1xkXxpNpKpwdv~GBGu3%dpr1S))G=XS4Fc4 z33w4Gx{!+GtBqA+RfmdtS+qiwC zNWNw>oY{dsnXl0!%l}6+9gzRj7d*6{M4u9b5v9!J`p&0b#aHxMIShJ-AcVj{!|C!q zYDGm7G(3;{bwMh!O~&F2Bkq)`L|i&+X6VvYyU9b)D*0FtL;{ov4PQM&XebxKd~1Mh zAgU%uALhTExoeQW**U2v@o12=WQ-|XOb@fTBkiZbmK^pW(eEQv&MPjRoWtk6=CH_( z5b$G6Kx57#XqjQJ4VD#pLN9zBje$?4wI(*b>qc5RT^Iz_^s)ZN192uY@3kv#7G?%OX=D0rV;%O9p(y2|(; zS^!x4Ala`KS^}2MosfzE9azEUVYlix2@PEE2ja63fA~)j7RD4WP+NEgAl*K%=ogHQ zxgS;IbPChCUpwAsiuLQG)F({t!IS?uq0VpS&J+97v7YW0%xialUKhDuGUc4r>0wLl z^N~FIWbEX;+h~r0Rr~+KpIH52H2Vkvx&7;wEu4}~M;=l+)AA`B((iD)iih;l>n1j& zd&n_OBWNlDTTTA`;QuLf*y{ZYfCU4*cY**{10WBQ|1fC40?+IPYfw~rdsMLPT|6nT zS2ykUQpYf29~Ipq0nl^N0)YH7$UDMMKET+!1vAmx|D#A3|I2NFd69Y8Q0KI7pKsm7l`J*!Y zZfyR^Y=~SDeOZo4Hl}idq{z?H1*`U6Ms!LXkpgCXuFcU0V|JLo5{;&>ol*+3$*>3Nr^AS}%BIDl)Vj~ysz3S0JZ&E!M zYO;@-d{vt4$w}Vj=WvG|K(7N+`aY@K!5!YRg-F}oM$5AEASK5paEB83Jx1Wue**%~ zFci`c5g0EYc=?27(4m+|hedtD#0M12M_@1IGgu%#oOVQ!curs?IJ;|;v9|hUV_2I!=N00=-A*(*6nF>xf@D{o!!@l&%~PB=%Fg zfyDii+(ijE-t!h;#GG#XmB;Hw+?ny+h^3-D$l9ksQkistQALN`I30O|E5K+6mb1e8 zfz9hB07nbaJ0CaNP09b7j1tOhkPF8B{P23Z^DfcZ<3;*e&qunKf%}15nLZP2!4(Hn z<#NXMABwG*Dt7=_fLj8_$+-X>wb^kvo%8`lfKf1A=zuy5O9W{u-k_`POs>JDg;Kg? z@DLVt%)0@509f}!na?6ds9b5b`5snu0a}Ycw$ukkJ7Xdj#ZxNCRRq&Ad1#LAWOz$N zbf`_$^&V~kIeuE}UvNO|{?7LMkLGpjh;q&}bn5;CS1{c!Fre4`cZg&ZJ@uDlfPjBs zk?!~(^}Lgg@H<@g3IW&cC11_E{cX&{Dh<1ZeC>O^ycbY8C*+TavVgE-{{(yl)zhuP zu|3|0e@P7i;X8jE3xa-}Y#7Ww9n7vi&@fx(*L?Lacq!KX-u#acvSgtn(vl>TdBEHH z6W&#_TZ-+&hdMx0@BG*Oo;`|P@;O@aQSf%H`b*eBA-OCW?Ira7f!#h=El%vt>#b&i z-?}qd4cBnelhjYLcU_0~`|r~vb=}(DMekwC>m@bTHx+*tC%W?94`&t8#I9+1yZ$7< zUYFPPTdEPqAF8qI7xL29pe-zYN-Rse@Y`@PaPGSEHVmA{~pazMA0>8z`G7H<+NBHKIg3$oqL2f275 zgn5qR^4Ph9!H)X^uSGL3^C+l!5`LNl$R8V{da_cC6 z|C;X=*i8a-E)tGsaqYJWCXsNVz{A!25p491VQXf1JI|3kY`h8_U$o}=Mj@e{) zaIBj=_b0ter?Vg(0t*d+h3KdWQ~$}|V!SqzFKaIGx_AG#>4F{BMQ7i1BBH&g0hYz2 z(+HSy$WAJyiuPgpSILLz8T>ULKg>Wxl){7HnlME3LFAE45oOpnFu1Saogfm7`QGHu zun9$>Y@(2$okwWXhC?U>A3Pv$=VL1^*h=yE91EzEu;<+kd)*jn5f9rkqdqe?$QZ%x z#TDq&$auZr<9Y9WBWrIEE9>Ok8Qhenf@Dl1pFl|Ve9QaWM?_udj06|;@2N}bmxm}_ zsu|a{NV3TktAutsM;=FkR6lBaNc)fuf^?P86n)7<9lO;tN`H&QC1?hx3)KwZyTbtM ze1Q8E;69{70Juc}H*WDdUZ+vGi={S|Hfm|3x6w-9VxR??eF0?t@f17_6q6vMM9vLW zLNG?&?^BHVJA(ZmjF2w0;wHm~zR7ZpCUXQ7pfd~T`Uq}}6M|p~PH{OipB_1en84FX z@`S|gTZ|;DcZBvWsPS|L!VIe)ZI^SN$phaoTlSZPfp2|`z>T;~7zF*4N|Xa@HyR! z@SovRy11o(aQL%gQlhW*gp#~{6&MibKvMCkBhdOYrxDMP`wZ=eu;3e^Q*t1+Sdhx@ z6qgg{5PXN7##nqr9uh=QLy02984*Gr;RE?N+Fe{qTtcAy?F!m%OiDIR0i8sX()mO& zvk+?Q`S^;^`o{~JAaDA)(Lkb)Q&y_-*}_iRU+ZGwD9oi=mrO{u15HwX04;$Gq_N3@ zuA4cF%$Qb>w-{j>c$;5?dj47~p*rH(s4N^rX&?UY*L{j|qCYZ{MVRqE{6+=33qWb2 z&xFDd=vjn}q0D=QeEoO;KjHt*Co0B1Z=>%s0ttqA=z9J}R+2k^FQzlCFIXGLNtj3A zy#SBlbWEdm<$F54SLfY+m*nrkviW8V7ekI>!bu)-#IO%t^+ieCfEIdy4d>H{8WcX9 zFRQ(eTUM7p5ey%m7%d~#rz>7}aj%vm(lA`v)Y-!s4@f-fJ(>pQmw$WgohwFT_f#6p<%%NVQI_KGOHGdqy6?3=`RKfo| zx%)sBgxI^3*Y@#HcJol)WN=_@cM|3&=G|Utc_btQOt{bcKa-gW$LTCoCBDGwR!RfNWa`0bf;+0mGGvcrK13}As_cLTdj=Z=WymB<-bsVr^@4?T zNh%3LrH7qid?T&SqE>V!2sX^;9$?f+^%a3Gq%j$WkZaIK&Yfq>JdX2FnYW2-CT=T4 zhkJqX-YB4={Kt`${4pJ0M`V2AR##K2bbAMl?_2j{d=ei$ z8|`^K3`EB3B!-Q5Bs3%bpchkqA!87nkMdz}AFV<<89`CMjEf+nlOf7Rdc>W^Q2ALL z(!cV4oq#XGFt*9U1K06#CJ~0;)Dsy>;5qYN$n@kEi&bf-i?8pY!>5SrW1$6>4D$X) zi}dz9qeSL4XrnaYb1*=+F`rOQS6t7Sr<0YGBKovN(qx7AhV$5-Ct*g$!W^awiOIG$ zJWjXAbX%ME*GWN5+?JWiY~y$3{bXU#H|T;lOmln$V}NuTUR-j0UKbCJL;)kz*|r6p zTqKXM4f#_MU{uM_3qYaA02CTDL8qU5#s^{Iya>hI_B>JAjF3G7;40(q9^zd^6dcKws zN({pXKRIFotn`bf>U&8;f|uq5d$O&6VzDs9ZZO7%TwDbMYsI_+FR2F*Tz-6X#EmC> zUW8qk;E+szyF(;*0xsm(PD#2X>7e8l4gW?=Jn=>6!dGh`%nYCkEm4_jy6R-=30i|= z7Gaa=?S6}ekPLf(&>n~b@e%OmdqWfs^o3}hlua`cU0?azY_s6r`P2%!FclSvUdP-CFaeQUiV{)@IUfH-8mGnh{7B%>&?GxHO%+VBb#;*o$%EJ!Z0vNy8#nGqRg<8bDGI5SOXve2dA{muW^G>;T!RCOCk)FR%L& zWFz{96@6TMwSTpg%-8WMAvOA~U*Q0x2N|S*`25u1hav+#YT>D<^ zqILdmlE>du2FDI0c57WF@oYQ_iQmC6sKs5>f?pX2*3=lJy>EpuoeoU*`aHCT4s6pH zc+O4>a)KUKWxkl4*WDv%5)9%C-u&)7NC{>kz!#?tDqoOOCfLouFUJ7f&=`OoT%eSJ zdG~%piER`XpU|iBjXG9;e*Pf$Df)C$z**sm5iI6vJEhTEX{<~mdg~B`)}4}Y)Hbsi zb`j4^W*;>(Uk#LkjnUcv4@94Odg&9w7;AVY1-;FhMv zzvChM5<0)LZ6+9+XB|%i#dPx&G<89nBM92e3?4Q;0uQ+mG$f<05KUzmc)o12GdZ@s|9~%W>V|kgQFWpkK(L#4B)++Zb3E4lFiv-pn@yjw?09=D?TOHlw4iX zbF^e#$=VgYv)*1b6A`E0xsv_4X=Ra1={?BCR;VH?l|NR8-HPmtUZ(HIEeroZ} z6+ORR(erXCARImIxn$=zCM7TaP3x~Q;3?PLP;!0A4JGd?+3=0sen|U;$opTCJ%3F0 z{Nphanwj_x8W;LP>u(SN@NZJ=Rk8Yp`l@ZId2QPe)vYQn=KSw2mGnLO{1HvRtm$_& z^)x-9B;3y0zg_b$)^x3=4Uzi&`h1_JKh^YQO;1sL=4g7kriPdGXXzcuSqHp{A7s_Ggx$79PDoWBx%ty!@aSl3rK)L;PdSTlFh(gdo+YU^84 zP4!iE@r|vUHWA+IR+q(NI#y6CCIrS03?$yL38ZGqa&}CoW?J^#(6ZHk2a?77>q$+2 zpy|&w{k5hqYx=4(seiJjZ`SlIP0!WzQcbVW^lD8vYFe-9EtU=EHQlV~ zyBouJou&BPqUF7sPPCtBy>5lqq^XrZsBnL*=}}D&AEUq5HweD7G&Oi#k>}6p^Fd8t z*7U79-uaPnuhZu(n*LVPSOo8%X#Q6;y;#c^M*9CqX&F;~;e*U9rsHIlwjVa`BO-Y43 z=U1Yw8s=2(&8c`zsu4y?ZGF6^p}Lh!9#~H`@z&;4e0}+f4HYG;*CaM1*Ik~7H#Cxs zH7!=r(AY>OMr}RWJhN)1!9pmURWlprLq%)zmS7QCV)M=`f-wf8w}OnOWm~G6R;M;C zLTff<;wYdzGKN~o;sg8yDx{iV%A~}Q3unxl)x0=f-_R1@)X-X=T|Hjg%%xRiJHc#& z}pbKB#E&Z4|XTmHa4X&c`!k1v~7F~?6vxacy$9zsrr^|P!)+B zU{<1k7?6e%=ozOhu_UV-wl&t(RuQn3+txO0P1UP`bv039QM_PQbpgiMw6V6PCRHC# zVZs_|&^nyjRCBz^=mY|<+0opR+P0z=QDK1Hg!B}GesbHj9xG^tPB%nP9=K5yQhNgCr3luoOh%9{D=qUCQYSYLFPV{8xwdTWwPPV(FbgFn zmP8Vif?F2RGAHcDn^@*lT7kh~3ntQSP04y%}JAjGnbdGPm}`Dk`_qhjjb)Dg*H{S*0rb_2r>dYp^%X*A(Z7wY&fP1RGt=t zc&V=eL)SxsRypX7?L^D8khGh4^S%?98@V>tkomssSrvvDP~4jW}BD5sPB6O15}mOM?X3 zrp4+vZY8KbMc8tLf#{|u41lDiT8gf~S!Hp+ZLNnH+U(nr6qt02BVfRRc_4KuMyH}! zOooCb1vF!UJToTEnn9^s;v7&sK>!_ygQ!ugripPth>x5iEYtWQ6c$_G z17MFe^2zyNzTzl!ORi zGJ*a2L{N0PsIIDhbF93o4yD^bZojG(YE+mWo5|>nsq~7$nnN)6=2Xm7v$Q>9R`VGw zgIx7zEAUTes*Tw8@uvg5_jighDsCRx_p($rerBJpT{J^C;Z z^M*;hjoCCrFN}U!DNML{Gi*T$frqWYa2atcyqenPEl_xBL)XAVA}bOmxpdF`rl_iv zCELEWu7=EaG^bSsD|%C$(Tih@q)Ihl4`Z|m!R?k-*dtmEQ&&YmTOt+LtzABM!G$p- z_zQkv=QCbcwJ}vkL3}Aj$hw7{FM3>PVt*R7S{Peb-`v{R*w94iJHbEx?izQpJ zZ6WS*T|)yzaqM-m>ZTMdKCnK^ho(jGQ0N_!2qsLdu{qUR)6mq=&=R{^QQcPC4DwcQ ziEm7`Y)`?AF|UPvDiIXZVq02T8W+uS-Lhf5NhXb~Sj?Ap>n~*24gmje{&Cv%L8&skSO8gxYNoWW0=GSyhfvEUlc1k}ZgU zSi;hGjHNsij2IB3VX=@$6Kq5>w6Qjl>tuScDkhKBI89B#;(}OdaDA{g2uM`SW@FfE zXTji`0zt^l0rwF2xFL!bCarL_c>Yls>*`a@)m4pPa$~*mgnu{^5YGl?5+E)i1CnIs z&6j3XUxUB_MPlLwH{5Wk@O_|jl@BoqCom+A9L!;Vns%9>D!{QM<6{z3kRt2Qg%5%i zmubjgTPy5D;!x_Q3M4C-JGUTSSi|9gxe^|j?Uo*#V4hIOU3l!QN1Q}Q8L@rL4DyJ1 z7pKJ@E5P_%oCJ!qx~>61Fl!RDG`pp-paj_FR-L|*6nVrd zj8rL@QxJFk1-c8Y%te7kF(GR;W`a15`QjK4xC5KH5aWU%6^^BEB`XV|zmrw2hkjV}86afH+T9ULw6!!P7XgmVksj6)tro_8hbCW659N#Xr*r1hSi9Y$}Duu?glr@SY z(fO6jXyM01I6y=}U&GIeR5GY4$$c9*8=eV!VkVyrG6(*O+xKv8C=A)Cci=D72m+PmY$Ui8i3_gy$M@A*RJv zq^fQ{W+fk#h{o|DjZ?>%MRsQZ7BSGU$Bh~*8melfNQq5$GZ+!Wk(r9EPF3;A7x*G6 zvC}{s+N=SSVrekJv!RGpE>>o)ZhY3Q4)0Qhu?}f8=QqQo)9@yca$8El005n>2^AUG z++uiIOydbv@CIY68dG#wNezDJ#>=_bc&tU)Uxwgm3(wY zg>Y~|v?v0)`Lm6rF0FBhRubqok^m?gP_&w~o(3E^Y{Yg;7!`$|g#t)K@;^a}j<#k4 z9T~}FgUbj?wU0q_sxlVYeH|Q(q+^2MFXOKULO=rE>M{`-x0oVn37Ih+5ZX}W#sN^I znGD23u0c&av~I}mC(a41A6M0O;>HBJTn+?cme^*BUqwyT-5;}T5kin-7lLLeuh@uS zjBbQO)URB_RIi{|pGC{oaC8;^Bxjd)VMW>6#Ojh27|wVA#c}g1FWu3S0^=05%_=%~ea>VW zY&$v}pmQvCW}HJfbAUL+1>x#!z8TYIHKRpvJd5Hc2`^8ztf*>kf$ZXcOO|nRs-|aY zda3H8|1qN1f8oPc^mYiKegV zlJ;-a)Y{o|wA}Ke=}TkuZ|#5oW$EXNuSoi1eYW&T%`bXL%J=KDr59+vl^Z;Jj+TE> z>qpa%M&Lx-zvW@+|0Yd;@>O}Z^dZf^Nb@`O+0s(Yw{nAL&(ZP+wSK>*-_i8$2%Kp9 zk3AxIS$f?8d7fyx1%!^{j_TudtRO`Kdt$9oK(tkpZRA<`tYo9T7Q;2KT{~_s|qCjo<3XtKP!Du@v)S5#pq9c1H^W$T0(TO zjjiy2$OdJ_8WZ)}j7{|xzo_0U0Y9sBZK?m@6q!b1987rYel2H-`dJla{_lEtasJaL zjl}smjK72I+qiCb%&(dwD{Hu{hhvB{atNO~hk?rvEs(ZdT0=_^F}$*d~tP$6A}}7x^6-DPh+)x5S!LRZZ1=;LfKp z4kpojxC|)PHLK<>TzJ97a~JrV4ie9gZEkAVPPO&%teaXJS{BE2Lx2iOSC!AT&;h$s zvNwus3Og*La~3Nx_(B~13$&_2)E3hL4SuYO;$h64V0AYr=d1+x8~jOCU&TBc+i}RM z&`KtUo^&y%(anB*)`AOQbYN$W2%(k?j5oGo$PqKQTn#)#ayQa3xax++9Xta>f&fv- zRSB8xv03xZEo!!H$XPY=j1(~(y3!KIp)$A+aUAK}76jy|K&4|ANVEFp4Gb7(FzLr8 zfUW^oZrW6blbZB{gWUMxwxg13*H+M86q#=}<2EF?3VucLoRxE2b8Q*nuTb4h&L*#e zQy=FJu?5@E+JtQe+I5|VLr#2;2WESAm1(haz*q>AZLM$EPFv%8m=jCKU*A>OK7)~2 z$Ey;%g<836l?DqcXx_0c0bd4N5Vffqgbx%0P#ar{RZX>si?-HR-3(ON+g=J>Hvug) zXs&LmZER_1icuci9J-d|1K8Nwyn}pmJv9VpwK|0j&Dct8DNw+O_NPcDq?-LUHJBGn z`PO*V%?*6FskC8R6_`x|6U(XFR2!CjGj~~4gQ!z;bBy!ZgQq=@K%Z!dPBwETwyT?3 z8)=htQ)|8K5`#2#F8+$fy!R?b`+S{3>ADOD8{;)NI$DkK?ue~L{1UtIJ8&2nTaQGJ zWFdB7W#EFev_`wI_1E%;xGoNZD(lxhY&$A|Vb1io6 z?UAPgKBbReqAi7!aySA&yM*KyQC%V|hT&#%B|?p<`i9ocTjV4q!{c+Xb*W9b|3o~& z{VX?fQ5X^7a@iHKvpxaU-5N}sWESh?8+tU%M&^<9)T-c~2N(!gAVM*^4Be#k6 zxrs1AgKf1fn9tbKCO*m5Slh__M+fM9cA$XRTt4i|bW&25X_%)umD=ihRE`XAP)jYH zq5vzz%5 zYnHF1ZE6KW5=0W6GIKOkoNK`3AyQjaN1|&7QLUcOD?rZjFIvKo*@)=WKqjLSq&%G- zR>Wc;AukrlI1#k1wythRj7WwJbh=qsx22)EWxnOukJ$E&u}wT8 zNKXi)vQ;F=uAw0=iX+MamzLuUIBc8X006~{;Q3;Bpq;aMWcc&6PP5jqeF~~dLbqbw zS~e&sg5`Gx_1m2Cdz3IqwA-c>6d2eU{jxZ(Z<#l3T|JYir6I;=Gqe*oh#*{+&K!S1 zybOU342+-9%`60MHc}|SuoS61FK!|ohd}7uc1>zgtYX!gwNa_=LPi>{710kYaEb?X zUy8Zh+SmX}VSX{I#E$jxjVvXpYgcgvROO=hD(EYq2n~mjH!WsdOK3#C04tnT*E&1C zYO7|h77d%Kq5SyVOXIG%rHPd{NWze~e=sx0xF`qbWPpu=Sxy;+vjvybHhKiW^|OV6 zwGzVGIA&TXz0Z@Im2AD~^;JF%NxTjt6Gs%#Lt%NM9MP6FYgw9TfGj=({lxhnidU_^ zHeRw~#j0f`YZIjyCGejUFULvZ?YO6a2R{A2f#57%ohZ4oVpZA7wXs>PHMC#J*=tvq zEK7hwF~x$9xG-u|>t4A~Uvl{$>0$XC}-ZM0}Z1sd3fj zDl(X{FV~Eo<}a3(PQy3hhHML6Uy;t|U$$Z1nP)A&gls3Vh^ugM0vmaVNP{dJP;0}A z#LCOpCLzWkJT;gUi@iK2!G7VqxsskZU(#EPBz<{-q<_`)t>?<~dQDH!dT-G5d`&lN z`k=ynUeoS*(te(%-RH^kCpEq4e0jd-0!iO=k)&_e^g>NnYWm?)DgU0PQxfuAqUjms z^85i!V=Lu(kETzqlINdmT2LX+f6(;JtL6C}nqH(SHp7{2_3I>U*0fF2c1>^7^ma|} z)bsU~PJM>UGM}Ly;9Td&rA8AHQoN7@_fIhKYmf3J71P`uBK&? z^q@XRQ)_puG}1xV^YwK8Pze9E}{NdASkTJ)eW0-5%CKFW)Lr07$(0_Ggr!Y9(xZ|Y6jtNOFg^hsG zBFRQb6!(}Y`3-RBY<1bvb!!u<>&I*YXTaazW@huZ%XNRyi~t$1YalZ_){tE_Vqd`Z zhfHB6sCYO6Zr@OOg{smeP4a)XRqeplM}PC0cPsfer*OWzb_1R(D_xyfuE`ouk?)LY zT9!c0%JQ|Vu1u_SKPXG@#Kj9^@iSK^u3A^NI#G(BW#tts%J>&wa0<-91W1Yj8QZ~i zYuxIF*ZS~w$XtL8lxSb#SHRACV;~A2IdpdeIyawB|nN22m`WIA$@tA4R8YE zc-p{=d<6}-6NIe-te2C+e5n}ZOkr};WMdOhIr3`0azA#}npz6Y&ObS*+As<{%tp}`zVNv@$GipmiHMbBaR)aI+luI+7E&}9WwJY(0Got)EYjfw+UH=iY&^gf z6qIFwJuzmBAo2`b@|CUpB9$`fh|Kd{Xc zY8UHX9Ms#?Kxg$>hhZ-qp}Sganj>h*0oI_R zKW59df~{QR!iAIL>o?)fQEXz#C@0c6c;=$&swO&d8?Zb>vp-HfwlNaEJ!yBC zLcnOv>U(eO*y==^_%c05OP?X=7cYLZE&L*fyxevqYY!_WG(Nwwg9D7mYFLk}(6~rx z&LnPS;!Tb*&LZ0sz$NrigV%qcnsm#19aKy|*inK`BoiQIoU|M-%0Q3;J2n|5MEvK8P60k9O z0T#2LfmjgEwQ^N=dn0$HrFN<(1j2$#6Ilr3Ooh2`$Ngm74B-T;B$KT1F4RLL)w_fFFfTIQ}!nJde|24a75@a^vP>@k#FXu*^(| zl$hvV2Cm;&RlT)vRx^%LIoF*x!l#ACMe$JF#bXSarpAeN!FjA({(vyxLl#0p|F z1sm~(j{f=XJD2mXA8OisgFIh!lcWzeO8SLLNng_EmuuwtgIgrMN%Mc+AkRCr{ns@8 zyQY^lNqP51NpIEXZ)mz}Cwf~;h|DUcCgJW=CDZFq0 zM)=vrYtR2vxQ3s>wfQl)MyFRQHw><|kHWS7te(;5SoN&jQp3~Mm8~CJC$=7p?~T8I zp!59B_lZ3E{oRs&Y=fkgPl;Uo53To{rX!jf-rEjH{U||50*yDUml~se`vmy+w*HwK3jj*kL6o^dydw->FKb%HGGbDK1?3idbf3L z<21Zx4*h@Zy$4{FRrWT1hZ0PssemhHP!U7|Nk9YyAr+!&CIQ8UlVnH+CNp6Q5Nz1X zTClIX7F@gQu2@h}QEb>&7kfj+vTND3cMt3 zTkbmfpTfS3BgMV* z>HkKD`6C^?n7@(cHScouP`8lJ-zPbqVt)FhWcj|WcruB5$K`c1a> zq~5EZ+LTMZO8eUy|D`Y3^iuTy!xa8&*Y!W~zaRbIEaqV!|5O^s8P;^?zi!%-H&X5_ z?@~L`zBBx_4tvYVOS>fT-z$avRQV_4b_vfE+F#-DZ^e}4d=vBX-HE81f0eYKKh>I- zaohB1mS0a4`_c~B^mnO4X5jC&_PtBp@)P}+{z2^D{S)oWcvH&%Gqf+^73^2kb^gmZ3RTbi zdz1Fp(!98z%D#MOiTy8V-&y{g=_cVi#%_On}}t6D*WZNzt&-1;xFa| zWqe}muS?xZ`_Ax-`L*TA;gESmdH)#g_nTqO#llx%dFemal8+?xAGq30)o|WU+;if3 z+7r3V-x(hEU#0)k_qYCiL|)7vNxAUy{V4p`DdI2b=PZ9R5AbvC%lyI5wJ-AyKi9s@ zSNvT2GSBgI?aMe+`p+#)|CNq>QU@fLJMmBEL8bl9Nl|_z|J)9DCPr-gDgNiueyzh? zJNe}fxqOdF{hvVl&iW(%OSlDPd~JA)A7|3Ov;7wHD;)mIcZZB04oMMzcco1~DZlH< zKl~um)r|jKYJLj)pE~SIc;?@cm@hrlk`&=j)&HC#{+aQkQfCV<9yqXHb)tVt$@iW$ z=2CyA{cTPE2a^1AsYg@TuXXql;%3 zzfX#f_@dOZ8k=s?{>mHq-n4uVwf#J6ZhCEUIy?REcc6VQ^Qqdtj>2BFFa5vxBk1h^ zC(yive_!Fn0?|$XM0_Oqr1l-{e*^8e^SzAEo#7XEWZqQxb7)`EU&be?>@QUZi&bEc zSpU7O-lmV(Up~w7%VsC1tIS)ABd_v%a3#%2`4IotI_wXX{*w+o$?$KaIhoJ;)M0Pg zK{g!nUdErV(Ef71mvF6c@FI`RuW|hJAKFh<|D5Ij8=9B=-z>a%K%9PXa=Jj$5bUwLS9JY=4o)nEON{;#JwvA@w_PyCbh5aCDA zzO=t0Uv`-FxAyR4|M#JJYtE&nlkb%N4tupnSa)Q-K-#~9eq#7#okHw;e`5GErTu0C zF8+!Bi(Z4I)5$5~FXLA+Cn)(N{DrjN&h(M|k^EauxtN!A3MqdpXn$MFudGjK`}+I$ z!4&qzKW9C3uJ67~`>FcR6^`)Bx`1`xrQT2Bztdj{&k&z2N5hDti4%#%#Gza-tR_E) z*h~x%|3mzOcpdR(;)?m!zZ;0fY`-TFcV)o#q<>?Gdr&@u+jCQ+bBPrd?WF8 z%Ksj==C7fA73I&6e~EYp<)4xNns_JWyDhZtj3VAe`JquOpGWy>%FiKx0r76ipCrGY zcn{^9$h$(;y?ZHdAb%)v4ds`SznXX-3s8pCvv> zc`uf?4B|tS7m=Sye3#@mb3MLH!#U zkoYF$Yss%8Zlrt@`5s4Ef8L_JhWu>e+mxR|{!HRKls`cJG2*+Fe@lKd@t>3z9BuvE zhxjkbPa}Ue@jc3)CjSEQeaibBW8KLien9ztU_#etYApa@x zBg);!T7O3nKc@U3@`n>Yq5M4Z7ZX3F{7LfvAbv*q*W@=7Kc_tJIP33t;un-RlV3pm zlJY;1zmoVB_$}r0$uA^+NBLUvj}pJ9{2TH=5;svk z=6J@7_ygrW@&V#z%KuFM2I7yDze4^^;ugxYPhh-=bsWE!ldmM!Q@)7&(ZnMuznc7C zh#tycC;u*S3FX_LX#E{RJdg4k@(sjwJ#0XGvp-l)`3B01DSv?Sb20wb|2B|+n|L1O zy-%|KW)RP(d^Gt&;sul+PQHnFA?0V2zetesd&sXPUQGGh7X_q%6oMG`k z%Ja#OBi>K>9P%FGTFOr&|9j#Cl;1*r74bpJH;{ja_z>j-e$RX%K1_KL`7+`ol>5m? zi0df7g8Ws)M=5`T{L{q8DF2H5cf`jjcb{p)vj_1R%4^6UOnjE|lgOVze39~1ULpSmu_xtUlix&4r+na9Hat5KvnU@=eiAX8@@Dd_#2m`cA%8xxFXi`;zn?ge z^7qJpMBJY8UT53zWDo~aK8*Yb;tQ$ZiF;7KlKh>-e9Au}|0S`I@`1~3c!m(iQ9hk~ zIdKx@i^v~CoJ{$>7Xw zSDXG`@_u3u%1-ze`*c^|I-JxO^V$~TdBU1-C#9p!oC3yJBJSCOwL zW>Ov{zl7MA@;{MZLF`ZYQ{YL-dxm6VU5d>#2Gh$AVlUtq)YG39$w-uGfFA4nWU`2_NliF;B0#agS^ zF`M%7ln2Q#B2J-vIr$5SWt2Zn{yE}I%D*SC{$Rs(B<0!bt-tw{dnorXUR9JgQ-1El zHhtz(?xlPo>-loZPoP}Zi&j&9BIU9U^c>|UQT_?}FNvp6zWpW4cjBp(Pa|JSypVD~ z`4I79$}c5<74aI%pC$hi@e#`V{?YooJ#o9;Y<(;szYj5;@<#Hl#0<($A%7Mzlk&UB z-%s3=@+(;mU!!~!<=KC-;Tb@DVz>=Y8Tkt0k(@w3l6(uXiSkp)pGEXiekb|+i1R4_ zko>1a>#I_-o+5fhqTem+B(mNt>z<Lv^dDSJ*8R=2Cwk4YJ}r7CvfeJ`Sjw%e1B*Vm=tYTslB`q9dY|a+ zB2F)m0w#9eroxR>Cs3+5=B2%^h`xxRP;VYe^c}@ zWj$2%ilm&2o|fp#h<~C#EqY3#&o6pWqF*KZBt+j=^!7ymQuGK!-&gk4{8k=*UU`V= zMLEhtclCP>+k!GcXY|( z{d(hDr(Tkj&mY(>_hCDIyw}zn(M#`3`3^*}Cn)WGs`gvV3I5LEPIvZysqwz_r@qy8 zoG;`4VGQ54_KUw(_~m=cISv@b@Q)?#<4AAW&nWrvYlVM5hRfM*{@>nSioXA^oxU?1 z`7Ys+@uKjue^T~Yid@j?PIu)++?R1;1H&Qn7c#!Bq5N&)p+p(SO8so4d_HjzaT!tS z?MdWi{44cB;vx8dd-?k9d+g_ZkI6o-?#i#Tzv=Ef=D%H@e#_sVm%q+=k!_t1+17aw zX+M5y`T1|nPoBZ{?Ofs|L}@3TdgZt9y@XqEtwY{jd>(c9BkiuV-|P8)1Mvgm=S1;W zQ1*MvzHynKlK0((XSXc-J@EtGPc^O;_hjB!@>$MHk$G*IUzUB0GVYamadAh`**>^9 z&mr%n|4XM_+K*KIk?fzAeU6eo;-1q#kqb_CoP*U}`u)`WlzfzUNq?OxKHd56jL(0o zemLXh3}=7l$6!Z(NqLs>ilnRHuN5B|*GT=A@048_e)&$>!%@!0l6S_-8UOCSZ)87; z>`#&QM$$#_r>4&Vj`aVj_WxVurHKY~K!JI*7Rz@{*onPjE-BI|?uT!vF2*_S?Aj z=Z$Nn90>ka4*uVqPyV^ZkTYqCeH0K9tPIJN2I=9)iyACK(6Fc>Q{&$KQxD zP8IvNQ!czS-Q+wOXE_%0lK!dIYksNrLh7}A53gZ7q?}8Acj_O=_lJbv89o_j%6Gn) z6O{8YW!*#0d(5Pso17mZ=U_O`Q~0&gYaP=^%8RsjGH>!U-#<^>Nc;~`;xFxGpA_>k z|6AfK;p}ex>etE-(X0H9>H8z`=zDE{m*%(QyBy-S#%D*Gm;90Zmi|%lQSjG_ztmr; zuQKl-^;W)Do%Po_k09|7bk66ATu{zuk#kH$E-2|HytIeXzl&T@=7le!K-^tHUi=eY z>W7>cA?=2ory%Wy@Y0?LFM4%y9)ZmF$$owLz7t-~GnD<_43=u<4|y-{$ot)fN6kfU z`U19So4%{oad~xyYK=tNCyyPwc=6&fi^q)#hFZop)QznxE6Hn(wE4&9kM#$GVegpc zNVCctJNBS)C1c0xyWq@qf#b*IyBk8DK-k@73bjhWl8apRl5 zgHC(a`DOePtr7d;61kX>l2%X1*fy72;nGQ7_te=yn-8~3;u5Z~x6RiS^alf7x#A0$ zYg^^U_0Fz{0bD?(z2<$`!*Stb%q;H))0a%)`sjF&8a(<2FkDP!yhyMh*Wh)sAuseT z*xt7GNCz&Z@-8;%7AlD>iA;6}aq%YZU2F5=>Pftfg`uPs_qla)uQjAv3sh^NY8|Iq z$E()8RqF)R>{n60LbgX$voEA@*PzlDaw4g4r+K@I_#%F{Ve8Lbaf=SuOIw zaa{7KJdKSZ6cfvGm<5M`hB4hi4Z9z|xlbq?SrYfp=ACd9d*KiU>|+;S!_ z-3oV7%4OoXfzy-=lm#tE`Xaz4hR6kd*L;%~_ppg^T^7Af5tM3kJ*+}e@P>R%Zoenc z5=G*VH3^OInCm`K%;HwdPaA~zslCQ7|^ z+j@&Kj8?>r`ib=MpoMDodGfT+?WojnTziaC+I6im%@Oml%^UH=a!oUdbyj)&2xb5k z+GL$}H&!G}q1KlXn~ccQ6|fmM8N&CF$&YQZYKv@VyJ)R+Ic6~lqck_MZnXw|D9Eba zgGv(ew71%yZAy1-&2A)gJMyA~{f2IBZ386P!%FF99w*dz+tB7kTG5EMv?i7Z-6A3< z;Wm71(|rOe>u9$PJFcAcMw-Sb%i)4uq?N9`VYhB_btG))b@ON%@I;rpt97tqn*XFw zvBlOs7OpS#g~6juM2zMIVLsYuL!z5#Z-}8{OQJghX{2yJtjFEtMTepbrEX?bTht%% z<(UF&3aTxGw5z)kG*IMp71Pa?v2U(Kr6gXsl0uY}*w(tvfT2aJwtEob$yCLr)^ps67 ziI-^qJ?&oA6h!dDI^k@?5JW~bMRlke{m~HQ=!(#rqvh9CNO?lIsd^F6A5pC)iPRzs zfuQzF&BGnsu&i(11w`!+eKDu5E$Gl2TlDZNq!#HG0M6*YO@1$W^JZUIr&O~-i;KP; ze}ePop`X{ClF}CjM|^EMylw4heeIZ}(ImZU^);hWL9Ig$VnopHkG3EeU`&2TLw*$w zHK}O87YUwMX)FKrCwpGP*0)otbJw z%J>3{ea(?p{%-a9T3RD$`(YoQyRLM&q+AcB5alpxdvKl)!vhqpR+LYL48|A&EwcXG z)aq?ofViWiHzV~r;N%j&H_!sd5irxj;D_ytv`c8PbyJMEpk>9#FVddpT^RK(f~T#h z;pqQRxGcZLFh}=icV*F-YhQCPWs5OAD6y?ji2(1K~eB0mJ%7^vam4R-PqXgrbZ&Xt(NCLX@GLMp9SG$SDIX!oqW^79J|-4*pUfoPjT^M{rMk>ZO9 zu@|^eUivvZW<`+0XsmFFZ5U?q3=F@z1> zjFsq~#R#q2MfqaS=Uvj|N7I0+tJ`|bc{uRY@uTqqF|LPTW(1uO(4tt3+f79>e-q!2 zi`kBb(9x+T15F)?X2y$|4j8~=-XR7Z(WFEv+FQ&uh88uVHuA1&{DfgLIxapvLV}bL zh^2iPJt7JhMoGGhi6wT?KH@G)E!s@<4{%SXm`=HvjIK@8hIR373buEcKOtSg65X35 z?x7(-+k=n00NQ6X;V6a(8JaYN5aUR?SR}^%9+U`tW6X=>wFfbxGu{WIXnt_Tu^t%3 zyIz(*ZPpz#+k*SO^_|`5Xmx2UDi()vtu)FBXA+6c63 z!2s$M#dNV$T*TeeXcby8oHCt^PE6QLkVHagP4GE_YLbxBu_D`sZzHrO`U5E;tz!b+ zo9I3b?{pQ@Y&<{9bs%&OG$RmrLSAozAH}iajTSfDh6Wgrhb)MOjVU;3B*9RE&_=H~ zR@5;NC`=j+L>32iI1|PP&At|2#7+6aD4I3a_2O8Sfbnt3uAnp0aq7YyzG;f$gMgul zRUJojciXC)t>>v~TXC$mVQk-2FkUT+ z`diR4Y0fk_Ix4!H=po_MF2#&dtZEvE3cGZu)#IP%bVbYPM68}_C&qOS3r6fHhzyNx z?P8%!enaPC)z-H#>J3NYU4~(GYs&U05)J8rXp)$2m|Cm5#v*(XphNYeBSrb~wCj&a ze4t^B6ml227yBZu_=bTAgerv@^V&LFVro0g6{sRpAGYdlLX9agb=_KQ@?jK~!Y>mZ zZ6Mk<&+lDAUriOamLonthD}?uZA{RjsngbCw9UU&YmSbm#8h!>RevmQ)vo!P^faQ~ zOr46_3`1pF2kUeh2DT}jF6-=;uf>Bb_qvP9=#ptQj7ue^ig)c)iOuGuMxeyB7RGAX zR!T@&LJ6UtruDEEw^9UXF|i1kro&oHT?A;aQxP!jh_#$DCu!H2lcuFGRx7p=(~8b9 zH7$d+xRsdFVq#29dtfc5jw$VRim9pn)^f_2(ylY6rqUa$WeqdCE(>^J^RYBum8-W> zsj6+VBvh)>cvY_1N_y6GO3%`GHLlr8deUM-dX~nkaZT#J^;}@AA5OCC zNyv;?o9{4TEZg9e#Vf8SG2#vzrYB8^c3HgI;!7*m19xT1nM-Byii-jm?|-|pn^1wu z;?>p@&)lvoIkL7aUS%o6AYcgx}x+T%@;kDhoBPIsiw^>74S7O&g* zLcl!cFvM`4UDGD5?V{ll6dWlrpgl9>Xaq%`WH=+wzTO?+jtG^NEy@) z8^gq)#%rKnG!JxDAIuA5lhq<#^*U07ksdk27_WLYU41o4J6&VHjSBXb8d0c%om+b` z9ki`_!QN643RQg*79Aumjt}N~n+C>&iBG`q2XC{{Q0bOC;1xy5H^y9*|nl!RV$+(u#f^n+U>(}eVT{#S8gP6;v-7*%++QU99<#cVu zYhTirz11NpL%lQ}>IteWRS@Ea_E8P3DIJ4aOe~}(qfJOFp!LypFnxH#FiuhjKvN}! zxdr+a4Hl_NPg`Si3X@orz&jc>Es6<3RkZ5>v_)yOL{+CS5)dP$>R?~jt}OA<71KNz z4{OZaYKq(m+LyFcu4+@b+fH}wDvWWrt~Jt0cTs`s^|Dt!2alfqXNFMJK2 z6p@d382h5}YSz{YTr{!3*~J$V-rCkwach;xnd)f_m!vX`6C>y3TiHI^Gu88Gd8fRQ#??C$tE~@k}w* zzANJi?Ll$8Jz$mZ%0g0WP;AC9CP2FGcV#}_CfJ#M8+y|;C8bHMvKO0?i!o-JfUX=( zXd8;-8Khf)u1v>UhT?eUm}a0W(+TZ^owGMVv28(D<`Y{9I~Q*(v`H;Uilwv>#ip}J zl@`)W6q{j%F||YrYLau(SQN(_3$_Pcg*2(DC@yzbmmP!^nXXJqV_|2xO#sj)bY(Ku zRM>fKW7M<@^SUw(jW*1=C$t+SrU#DO>dI20@py?wYtohBSR-Snt&PiUPr5Rm)YO#3 zOLKdy^+-x@h;1#m;{fA2+LNwajx{rOe%TmByVjLai0Nv)ESnakE5iv*O-Z~on+g$z z%BSu0lLBqtx$zR3nbsdnTG#`VD^Cmf#`RPNE$$EctEI7?pGay+ffQC)8W`bkP+u&@?f@$Hj zg+^n6M*XRSV=@COH7zY#(ba(UyU=`p=%g#E4Gv;GMn`w+fn@<1n>Sg6dKUA{Z zw$|v8zu%1M3#nJ5&9_3I#|H(nxT2~NSd|UCcBxmWp}Ga_HwGy7tpJsrHcXEJuvQH( zW8dk8`QuEe%_m5ENNaSNzX+069Ef<$5~Qj!+Oetr!u;{$O%e4*p@5+OBqVQm!#rO)cML6*{r-79A6GPN0xrbXW=t3QS4yw1tCeu@~Qk?V>a)7HeU#J-8TI3UxUA zK1iFwR0?z$-R&me1qG&Z8aJRxh2qwQ|8=mcUmC9y+Ej$V)Forv=(MOVG+PP_5;VWi z6zLuSYJcUL!jKS8VDP8a_9zotU8blnD2Or%v2p^=$%4s9oj`u6tEG)*j0Ce{-UIqvqmNOYL^F1^@(b;k^)_r zlrrN{A#Kt`z(%zT!|}S@tPRJLr3z#GEm^aaaoiXi@nS zGa=9jV`EsDZ^l-pGzXy9>VXb8{-S_tWmug?u>dsLYL6Z~=7Uz#SJ2Hg`>}#X*QBs8 z-_$M>5vZ8KfL1hvW>6<{ruDMse9)USn#$3~eBZ-W)BPGlP)SD`n!mnC2ZL`uE6i)ttXrw=XiZi^&s6z?EyioTb!Mu2vA4N} z8CVz(vY0_Zoa$cW6$9}cM5_wF5p&U!)RopYqlJa>3~Yi9H?)?`L>_)KJn@)nConP1 z0$do+Q&WJ)>#bI1lK}%T&NL_{eqmo5ws&DNFP82)q*!!A7i<;~q5kGW=MBXwNj$47 zYiy%bwJ6Lhg@Q}anLu~G!wvo8goGY%ioZ=sG}7&8rQ3pNn8g%4^JsYlB^mo$m_6gA z0|}YJErxBh?R=|o5^Dgcw>tmD<^QeFbP$srkVZX#YSgGzs`*;)JV*}iL^Gf=kT?swzM4F%Vh=yA4DgoP%BO>nSadkNYwVIG%n>XR|!$80#%=8dc7C*9PY zQKGA+hFMpw4ePA=O-D^#vyOH#tZc-vZGjml;g_|MP^~dKfmW{`Jj4|u?Km=S54LG9 zUfun{rD%SZVq<`f{@x|#ogS}aEQx&ycF3i_CQ-4&QJ-~Uf~`8*Sd$;cji&T(V+e@= zErzxbc6S;tCrmH}*?tC~yA%u1;txT$8P386whZV>Xw^dtCrmKKNn6qVpxDsAF+xua zO6(({1S21J{*vJb%SKjo*%)79n--D+JAr4R4z=qhTx-k+u!BJtf#G3Q+=0)8$=YUq z;lUZIB7hA~dXuc~4t1lCvCyoB^1O+o@ljy(zx94LS|65y&CU(Ad1VLAs+g@xYN{K` zsvA_v%%ZybvWBVgEwuG|dj$6EcHTuB;r8UX3E34a{jg&nbKD>{A-7{hjOa|!dv*6i z&1p&4w%fHqd|z#oLA`w{wLzo{l-t|%pj&?nxjhkV-NMFDZ#Y90MIy8H_K(T#T`}Tm zht|FqJDTHCY|S>?L$IX|J9ski5vd1GdVqxul4g-Lw78)b^48=qsCAC+nTydi0>pmT{B^k=d0Rb~pL)(P_&@1$U(D zO-Lxs?vm1?h9XmEGP>MrUtspvcix5X*miHdtkA;`430XL@#JiDOYYWING%KN+JRz> zPgcE87u%I$d(W|JUFUWw_8%d=P;?~eb**rt`U&rAvvn0C2LuCyMfAo=8|jzW&{dR9 zcGu6TZz!u8t(}`ySCLR<$`TCK&MK~~C^3d=v6BO%iV8DI(2JZpuk_boxD}zU@4$$& ztrDA4F>p$H1AD&a*o#CCRRcZYh*$xzVW_}2k$zkE3yxGY%$ZwSR#Lf*MrRjQ z&MNE9Y*9l)T}AP%hO)WaWc=W&%DJ_=S+1LFvwv=7MMGI#QMX}Auvjspx~8t%fF)Rn zdC?S%`kMnI@O@=lIcy4X2fT}si@LMHtcTarmLW%I06#rWGv243D*CMTozqr*`|f`B z<)_mu?mpe(M(}I5Y}xW=QBA)YM&u(tLfpB(m5&=>F-%-bT)n-Ozel{7_6mnuc_nck zaT)PJ;)q?Wxfh9Lxt5>!>`e3UqGH)}3Te4n^@cPl@a_!r_|Y3~v8Gu_r)Bk^eB zMZ}fFCy4J7eFg!`A|VJ9_Zl3eq_8gcPjBQ;ws|h#5cM@ zv0pL4y5}LDMf@{yF>!S_DE5zPvF<%Y+(5j6_*&4uUr4NRV1t8~_m@$=jwtp!mRR?W zC0Yd;Vati0@OO z*ngeo_o4Z>$=6(B-6x6_Ag{OZlODWB>x%lapJLjp9;nP1&p7M_AViRC-Gmz z34EUl#s1*SY`lgN_aUA{ypH%tHz@Z1eVui0`1Kb5PCku%b2ljVi|(@aza^8YFJrazNQtbgUiBZzgxQ8VrPA;hK`mKWTYazT*`iu`|y_tD?)ud)8Wd!5DB zYb`D(iu^SPFY;~0J?OreuXgYvznAjO_t6YsU|r4zT+{W6+ga-X$-5;1qJ z z>P?Hj_br}EyoR`eIPC-b{&3<^#7l^G5(BF-c>e{AKK6Ni6p`95D*obipt zrNrk3SD1FJ*DgN|-=w{lce3_AB0lgt%P-m4;y1+Z+<$whH9wkoBEu8d-O9HW&!N2| zhgo}3V#ThOSG!p}k+`ky-bM4vOlsket4GgXz0>;OBU1l6&in-`m0yCVOpIC7GW{>V ztj3;nCWi^SM^?|OtlSfGRWUi%nJ}M$)leK>gPEB43y-^6pZr#j>Fmi#@__r``pO2* z4&s~G>v-=j4hEqh62MFl4hHgvF{zvADptR-9Eq0|W^zWKaMlvuTVl?A(#wOGQ^Z`O zo!G;y;*xexq;*V_I=B|7=bErYgVWdW+mA)Ph}OV>z6{*bCj{!4n;G5=s2N~YO!GRL zSZRvS>8296Tj88>Gy|s*=`)cMEIR~=W@A3#7#JMwl~9Nrp)jlKK~qW--e4uhgT*7K zxRC{}(+g&BC%H-4m=p)i=XFyXWieoZ$30JYg zs!%L3?TC3!n=8mKbABe~-ZAkzSzC*xfnKD?L1zgPJyDN5kG+`Z!6smx2T1G2C1D)D zC4p@DY>4_%*-oxWzh3^GwqRv}KvX)Nzxhbn&O=`+egSmsB;!SYGsyktV) zbo(Iw+mmnfJgWFw1|KjVu8U3b8bGoE6iSjH`+sd1V^Eefb=)!5GXy)>aOxcD= zLD|b3Q>$!}LDkV5z-4B;!+Cm9TyAEY`Zi zSR}(_yB9@lxIcWQ5X`Lw`Y>`8QWY^r{A}o@ij_Y$VGZdC&%=(jF$9-E=0|8h7Cx6rZH zN4)J~0Vz;js*3Q`)G4gR7FD{Z5{FGyB~`WVDdz8fs z9+AZ5;q)q;k~hyvW2>fyg~q$T+5FNc0%D=h6Not2BwE_!O4$QDq4>qmh zgU%O-oSZ_Q%Dhu9_MJG*;cke$ zU_#w6H2|M7wua+tCgGjvp5Plrv80MfXR#LB3WUx~pBTU)opsWT=&a_ILbJ_ZSmDP> zg8@6ljf7GZaqYU*s@6-wx)X$7EIwk%mi3Y0J(EhiF5IY2=(Cer04?Sinq^)=Jy`3H zOm>&(9;V*A5FY7OXN=YKpb4jPk1a@Y!z$dwk_sxLan&h%BCLDF@Gw+X5>n74t5OZu z*m5wRxQuuaF%X=KFNY;s#Us+rpIU`#Zf#x7!E=mMad2cttQiVzI))cmI@jNH_zKac zwcds*H)=vU0j>V#Je+x{bwcq~tzRdEjpsEpTBy4mH=FOK;bE010Xq$k@n&qnnEdRF znQ&C=*kosPCB>H)UX&!LCef^jD$TH8e}-gdz+^(O%<6w90o9!p>gb}FvP^<4$yFSr zjFO6vF&u?0IyG9Ln=w5ujp+wL`N~{HfR7OzD`%1@)-)hxp?ID0wboL>cO&+b7%y;Q z+!$j+w;vGNent-hp+M&@uc@mltE(IBt}82_RbN&*THCI!X{e~G9ivBm$UEJ48I>Ay zBDZ!0it89+hoGp6;gT2aDTWx@58FiIBL#O}uz4MW<4%ndq{P+?Qgwad6a$XUMWtP! z%XCFehO)1bTmgM@EQBa2rtsJp={(bKwDOu(!PlQY2mpr7u{YKu92g(bKI4e=v7a0p_fA#^9duBh&OCIk`rI$P ztJRgqAwxurUK~rBnV}p1lC6i6h+~OcUa<1PFIp6Hg7advvOHEPW3st=dPBw8c5K#J zj4afm#BvO)X6TR1Q_zfTK(S9q0iB+XlB-2J-5NV|32{p?77aJYYi3JQX-H@d%ruDB zu#xP+v;@jyovp&PMfLRwzdRV*cIeZhrz4Q{Pzkc{jQRLGQ~Bw}bi?QIOIZ(wJ2=4F{E4H%l=Fw!g}1>u19|1Vw{pL9&dvf8=^_tAw%4-f1AI#~FWL2ETS`9EG% zR@67R^D5)NY;1HxrHnpg1zy#aH87s~n~8TF zWBI&eEv_Li_!jv>zHdLyntO@3-!jWzL(Dqf@?qku#G(_d{Q6%Q(T1W!Gu=e}3{07z zwe?`vjjoNDK|!&`bc`R}XSgF=q3d&80v&aS1fvgQLTdt+mKD#MF&CeyMU^!(l$P-K zTzs{b)hm65KQ6->i+eT3;&Wgu{Z%E_f33cY6^|&snM%!t2D%@Uu$ieE^zQr`L%V~? zuNHr>5d%Y-K{%6NiyQ|BW640zp2}4*2_`YxNN}K@9jth(zjEx{olYIACu^pAOzL%Q z%IaLg3v;4>%un&fB$uA<@w=JOliiZ82}z#9gq71ammHWqVE4MlpMMCoFxm1?yL^enBatBQ;2%TjKL~O%M#s2 zQW^#3(nO&I#DrX7TjykJ%-4)jhP5!OuG($NwpLVzhPfV}1dWj?>iSKnH*o4J6 zJhcPKMw||mo3CpO%rTnRb;OP9Us};8+I<=3v$pdqj2mna6Kur$MtpuFeLzr~3X%!P=rZyC*w+ja}QER4x zF>iw#lTglW?!+8Sv>-<4ChhAlCah(2Wl+Du)`SRysq?^=cD)@tEHPt#*_d`IG`VMO z>aRz+_+gshSOTTCcnRPf?l>{($tfMyJV~)mbP~L?N-Ns88V#c*F$t<=`)D+cM)Y~fz%S<7% zEnL*>bV?;bup)^NCEZHe176mG?i2rt-xU{alJiaTLQiAoilIO2*hQcgDn%p4?qJ6bcH z;wj#<)lc!Z4&P0S9JWpG6m!2Ye^P#7-i(TdMTKJ~jVV-aw=yC-aafF)n0w?_-XDF;vBxbt{)7`x zI{B1SPdojL-=BHb+2<@j_q_8jxbUKj|8U74|8(hPmtV2s%0FLq^)=UCcl`}F{^h2> z{_WQ$?W^v%^RCr*-*fMp`|e-+z=IDx{K&dTAA9_XC;$G`)Bjli%(Kru|H6we zz5L3nuWfk!jW;*G_4YgO{_|h&z5l_7|NhTMAAj=cXPB4_Rojig*NZc*x3+j9A=E9C(7|_ac@M=MZ-|(Y}9%`21Ox|CqSl*_PjxIE6Ty z*iJlycs21p;>*O(iCO1Z_x2!8Cmup9IN!ei4S!1qU9tbSl!FM%=h?*Ti4PJt5Wgn& zTW<4j6tR?e1aS%RJmO8nb;OOt?}^)=Yuy_|oJnjX9!%X z#CgPJ#6J>mCq7MlpV))-b!TFTcqZ{$;#%UX#GDJP|09WCQvRoFt^79Pv)$l{-MsJ4 zzVrQpZrppaoA*xleky+s-M?-d{aL(?=C(B)bGvcxe!k!32AfZ*aL*L)MgD7{g!k9- z|Cjbx;+G14Y5!BX|NZs0yrg=c#_}TX2RL|c#(I9sp5V5eb)aAi8m8P{>}aN{q}2r89bEk z{)RSve@ln|9qI5(mG}R@xqBDu??*)8o%k@{@AZJq-<^mj5<|q#AGGh^A|COG<*SGR z;&H@YkJme0=e;>`o_E>tCV4d15;zG?(tEnoi zT(>}t0eh36SAdg;+rrrG)1bs#v+lM>JVNq!XUT7)vG8ub5x!G)JRm8C;G=zPOP-u;B$&H;g zhNV^&_Lvn{8)Bv7;)V#DSj;kF;ucJ;ziy2|W8Opy5!BuzB6$e3GKUEcZ!+2xdUYQs z{zBc;Yy`w>t@x_rBq24%p&sG3`t)J9-uZ}B3*m=RXmDd+N{4Y%|FHYqw14qmdRw_s z6V+nYD2M+M<$*>KPPht_%n06<1Wpg=N(xl{NK- zubx#^tev!|kH)L0!k#tZZSZ2O_*koVNV%aI1elAnMys*atOl-FL1|I_O!-|?TUIT< zwWo-(HH7dq95|~6TCNn7S5znQ;#Ykc4$Ff+fQGpyI>JB^3AXJEyez`+IaS3q2))I* zRYeU52$_;ub#;jNoR}b{JEShfT2)5t#H-;=?mV|H!+KW))T|NQ zh9YReVryBo&KRh|q7)}oGgEaf55rpXdyyBV-0USn;e!?kswt{9G;K$tis((nUR@Eu z=s=jwyr#a&Tb$#rSKf^YsVh*i&{c;O3^viG7!!OUbrp&iCfKrb#WJW=)O+{n9kIC3 z!fkdEyN_0Kc%(T|)41B=#hL$lSzlLoHaKP;U9Fg$01dUM%;tS3H5r@Z5 zvNWMJax`2a$2*7^Bv^?lOWFO*cE`So8?o)3&8!5mRv^%g3UmpQO<0-Pk)!pi>^5qh zFm^|>-KwLNSQgG6ljOcN*zX6+HPA zx6fe1sJVm@CT;OEiW&)WtMYAhckKQzt9xZPgXuhGhk(w*oH$Fip{BHEvQ|}_TUR!t z?BLqD^*DR8dPb67qfSof=?8QvN+{n4fsj9?|3jtDu3T4B`vq zD7FhEzR@9%S1DUh^hp$sOqRnbjOWn+)MWKu$Y%G5kt6hh7wER2!*BOHtD}ZDAEW<_ z#{L@nLksM-5A@dPUeL8B{CjVc9S>D)CjMaY)n5o#IsFrVQ(&j?r7#x@Ki`WzLFfBl ziWmO`Z)JEMB0f+2C-G}ypC4_y4<_zOoJ>4`co?ybcr5W8;tJv|#0QDb5#J?#MNHdb z{T)OcNt{I7pLi(IPdtWrHt`DLO5y{=XNm6+za;inm8KN#NE|_&NUR_pLR>&Rns^rR za^jUt$F^S9UBNwiTmF|u@vl2P-x0p<%*%VHyu)7~!~A94Q&hIenKql8Do9ogTeZ!HD``k&x3%GVrVyF?i^5UNpv+9z=lk*eJi+!g(iPtZU9kn+6r3YGcrt|BESoyiceTkpUvGRM4NXD}$ zpLVE~k0bs-9CnzM3;I2lUq#GsvV4!A#pP`l#}hvxe(AUJLjyG5Zt+LrET82s4q4nl z%%pr|qm?^xXgFDZQVMfo&uQMti@AT#v+n-VIG6D}irD&B>u(jYlsK2TFL5@pkhmvt zBk>X9y~LM@w-KKv-blQXn2WkP6pzMT9GFVBv%{R&>&pC`s?wQN^|0Xhr`^#1_O+nq z5SI`yBCaAnPyC$N-(`P{B~}yp+Qdiy<^lWaFupj7cnR??;!DJ@h}+Y>LgIlb+@C`8 zhY~x8e<0pLe1Z5SaRA*bAl9UCU()9g+LQFTn7lK6zMx#vC!g*nr_adg*4V}pgM+`a zy!$4~t1Vvo{#vE~UHblXgKFaRgl{_>n&kDnaSKSa9W$Ri_(o5InBxiY>9!cBQs`S1 z6W-!`5Zf5^C%Eir#-3_9E-7xo?6mICyXN&|VZAvV&v2Xx#Epp&Z-c%Tv}F!18?t|^ zFkg#ndlRA5)1g}QpXMmOU$OT{nF9fFqZD>z8MpN&s8;WiVsp=>(vvk4#*@*rDf%*1 z>?E%>N4_oc>QnHHh%-#WhjIUDMCsib`b-U6h39Rq)K{Mg19P$8^~S8c(YF-wM7ad# z<>0wyZU&147kC5eD3w1ZU*+NKHv3>TPxwN_3G&}7KZqVqI$ke z-}Hv851Ug%u!(l@;>BYYk25=^a136-SWH;d6o=1K!~OI0 z+?F}q1m^*1SCbEjLEd8vz1z8K(-s6PE<%=j0`{D|FgD7xw|a2(ysrsc^KkkB<`q${ zaG)A4vns;L8Q3joq0{TUqLgon@dk%$`8)wttm9t^NAVLUjNo_;Rg4<7pp1uhs$$$% z*cO}@jQuFX?KXN3Cj?7MLmqv#k}3}2=m5VL$9iJI2nQV&M_YX`(6LlcB?Y`y*j$IL zvGwNe>#!=>|9}!yV0hYy(-JZF!!~+CNc)ZuvJS;aek7z-DM}np6~d;{t`!`npj111>1XLubnh~9kS zW?>F5l2{yyiPTdSwMDU#6IQV@=4(PKqf8(U!GN9(=hEB(o>P5nqL zSmHho>TJS=-=2UMN3A3prU3-LTO-BEM!IyGLX;ca^BY_oPPWp3rNV%&!U`q31@~v8 zoK|&s0&N%?*mm0%vYHlLU#M#Q%@sHV0wuIYms1a}n`0)|;ozbceYiCS3N;~Lhey@m zDz*SHUa%5=7GW(?;k-Gxgj%vl`&#b{v?AeDz23K}J)NzOJ`JFH*0+0_P*tmNKcT*A zjFk~$tZm{%V1?{QyTSvPR z#gj(OiC5G)zIe+q$2T7#oatTSLHE@rAuU0ZI}h!@DnSK7WopBLO{y}YDx<2ZNmY4O zRX|lYt7^Zh4yxKFRokp;y{dMess)RrMJZT-j92wRb%rr#AI!;}o{t8lQ zJ=0zX_3hKQ&+UU&4a#))b&qn7aUbb!a?f|;knfk(%g4R8?6obgsSR7+R2#Q^3;J=( zkKb+Cw8f6Ul?p%OQcLl;RE~Mvz~k^J)z>_mxAax|!3jL(*}SD6c>UY{+m>)7`kC54 z>t2yMM0wOwbt7mM=x)$j^&+D3wfa^~=uz9_fgbC6Jkw)ik9T`~3|iWAY0pzYr}aFe z=b50hdtTY|s-92xT;KDnp5OG`)Km33zSkMOp6<22*H^v1?e$$R)w^%+g5I-x&jERQ zpW1tU?+<%_+WYg~!_p?FO;6iDEsz#WTbTA-+6$n6ru{4J7MkH)6YylCw+PP`RUiE-8sP% zfHtJRp8jU~Tj`&sf0o`mBO{}4M!$@K86z`BW#nfRW{k_&J7Yq|#EeN9b21LgI06*P zh-93caaP7T8Rur4pK*Q0jTtL5Zq2wYV^zlLj5VP3pp6-CW%SO>%IurjFLPk#$jnih z`I&{8<1+WooRm2gbXex$nR7EenF~QDf=D|2qmxh-c6Xl>5JIqN_ha$e6taqT<3?~J|`edqT*t?%#qs(!=z?bdHZ zzdien>Q~!uR=*Yf9_hEf-?#l#|2h5V_WyJL>-&G#Ukykbu-$<20W(4S52zYYJ7D&J zgF%N3IDEj715O!m8t9AxXAM|B;BNy~f^HqKYQS9s?i;Wc^x%L;20S+4=>h8pyg1pWb?27l&djaKt<60scMj-K(BYuDxyR%#%e_7K zj@)~5?*l!U`*7~M+`s3p&wVcU#oX6&H|G8)_w(E@bHC30A$OsBq5C*ck6}HA^#NrJ z8#rtS(2!w6hwTp912hseYFOT|vBL_6jT<&;*wkUuhLsJg7}h&KEx#at@BDr9r{ovq zUzC4Y{uTLG=6|36L;jZh-UXuz3JT6HSW$3i!KVdV3e(DY43n@Tp7 zZYtk&%ckcxP2F6(`JBz?ZGLp~r<*rzZvQdz-td@_K0&uE6tW zKGy)R#d8CmoACS%&uTpP@L2+!6`^B|sA@od2JJ)R%%Z2uD6#WNny1U%JvYVic{wBtDq z&lz~G$8#f|2k|_N=W#qr^)Szi*Y;5QQQ!7ZL%;8#oNfJ^rk&rST=>@$)Em?Xln%-S zWrO;H`hy07b^r|m4FUZQG!&Ez8V1@8G#oSnv?pjUP#$P3r~ot$v^QuU*F@K3&=k;q zpy{AuP${S!G}Be#IsjA!ssSAcst3&i9R!*KIuvv`XfDVDY65vdEg&Cg0jLcW1T6%G zK~d0R&{ELRpkrOjTqlA~2Au{v({+~XJkW)pOI&|)T@JbubQS0t(Dk4jU4L=?6|@p` zJLnG3YS-PaHLm+z>p+i#{tkK?v>x;<=y}kKpqD|ff;PBbcfARE3-k`?pP=_ZAAtT1 z`Uv!i>r>YkpszsRfi{6QgSLQNJ#eTBs5ht&C>@ju$_DiX^#=_E?Eo4C8Up$qXecNb zgl4D5ZlK|y5uiOmdx7#mV?hO=aXob3e{+xJJ(u^q$@K5f^n9V`OFdr!y#{(6^d{&n z&^w@ig5Cpt0QxuRBhV*3zrd*AtDfJ2Hi7bc&F$p@HG#aK7LX6L0MrHwf);|ppeSfD zr~`Bq=orv(pyNTm2b~2v2Xrpze9(oUi$Rxw{sg)VbOq>2&{d#oK-Yn80R08@SJ2I% zTR^vgR)OvWtp?o#S_8Tt^dRVA&^pj#peI0o2R#jX2J{^01<*^NS3s|UUI)DidJFUp z=%1kXKp%kq4f+W53FtG>7oe{|-+^@H>j~2T`he0wnV@V?UyvR@siAufZA8E1+Qqd? zPf%}AA5c0d6O;|=3+fL-x46p=ph2J^px=Rpf^tE_K)Zp4gGPY%1nmXN1C0e0fX0FL z2JHiy1lkug6*LW01S$cQfo6azKnH-TKsBHPLG_?npo2hjK!<`32h9a}KusVos0HK$ zEdaHFf}n+02Kz{-K6?8M`7SL^=RiHaTt3mgG)`0E@Jpg(L^a$ut(Bq&dK~I7H0eS}X9Ownm zOQ2UkuYq0%y$N~?^bY8sp!Yx@fc_2o2=oc)Gtd{HuRz~`zBA*EKDqrc=5XhZ$j#5) zCwDr=9eT`hWNu4tyBTYon!7yr;@lOv*X6D>2|9q)16@l9;pk%19M z&al21bqvJ#V(hT-ph;$oF?Cou#uzdt(Ea*I^tCm3c0#{54o@{6=|@}e`vg3H!gB|n zRQ=^Y@a{uAJ<;ds{&64ne+z)8;JE_N-FTkE^D&-2==*lXvoD_6c!GG&z@z)i#D4NE z@QMB8@6hih_LH-~C-#%)fOqzjE4%o<(cdc5@pYoVN6Il?)?;2hPAnN*GI;b*&(Pla zy*UQk7vrzXG4}c~zkN&lmdm$XvE?4uJ+8H`hg^x@IYo}|oZr52e(7(Vvj5RH&bEBt z{NM0xW4~*P2bXs7ZL{~ViNn(HEir}P5m)d#V$09`j`+FX5A(JJw=CRp*_IXmhrSLEGf~J9rKqa6u&g!9Sk}IbQtIe(2<}s;6Qt_xfjx&Gj~ z)ODHb3fBtPpFvlHu614Kx&d?(=x?r@UAMSybFBj1>AK5xFX&;=qo5~1Pl5gcdIt0y z=mpSApjSYzf!+XZ1icM<7xXXC`=Ad&{{ejr`V90X=xf)vuJ1uVfPMra`+Mkry+CQ8 z?LZlzEKm-pA7}t*d(e)c!JwT$JA-xsxk0;vb_eYN8VMQ&8Vwo)$_EvKlIPaW>3Oc1 zU;9hXXL~;1^JUPhpbelmKpR1CgWd)G3-mtdL(qRfAA`OGeFOTg=l7VG8{6whP$Q@r zG!N7Ynh)}W0-$zK2owP=0xbb81sx4K7PJg>2Ix%C*`Vd1^FSAXE&}}l^heO8pvyrk zKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx=zF(CZ=4BcMk?kAt2BJq211 zdKUCN=ta=WpjSZ~KyQFHg5Czb3;Gx6eb9%X|A0OQeG2*<^d;z9km{}U=Tz@rpfu2S zpbStJC*n z12hse3N#ut29ysf1dRtx08Io<22BC&2bvBl29<)!K{G-7gDOGQpjuEJr~xz^bTH@; z&|#n>Ku3ZaLCv6fpjOa)kRKEPwSz*S2xt*#31}(kXwb2sWuOy4CxK1@od!AsbSCI* z&~ngupbJ1NKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx;t{f*uB~13dH8+@hSMEKzkL5m@`!eSC-pAbDx4E0lhqa#1%N&+H ztlzK!n9=KcPA}ig>5UtZ*bZ0~@-=$}U5(eqV9@QlY(g{KwI@p$yy)wa%G zt%BM0cs{_>3*+jo&09^x`)!%G^26N8cvj$9jpunhAK}>!WAR~lrr?={rybAfcw~O- zZT!~rT03J5uIIC6tJuGu2lYI>XRzmqy-w+MTCdZ4o!k4$-dFWr-TR*2 zYkJ=gdZ71%y&nekOWPssfV6|t+CeX-ZAg0~?cKEZ(%w(|FzutX{(buQ$?vm&pKJT9 z#6(ul^eLeI(yP)BOm9eUOm9j*KK;b>dqMZ5Kb-z(`eW%&razVb66o#pchX%MJu{|& z_RA>Fn2|9vA8muJt+-aor4`ykK>*(YW{0s2Sw z^Vu(gUe10q`}6ECvI}wwa>nOO&Y6)@opTH5_MFu@_vGB0^H|PPIfMHS>AN>*AJ8Pw zetoC)UD)@ezNhp(weRx27x%rS@4bE3fkyW$>^Gs`q<*ve&H4YRdlUG&s%nq_K%sPi zHU*_E4m}~1B+%iuOr>K&lF~q%UXrvFDmH0y+lHpeH3Lm$FoHq_hlr?^LE{Ya#Q2^M zs!t*46A?uNPCUmv-&5N{Au1{g^!~qV@3qfxhf>t{`TzeM(%(Jj?BCw|?7jBdYtKa| zPJhkxh11WTUO&BIde`*s>Gx0n!Sr8nO`dVWjC;8JnP<*S%v>^a#6RGlk(i(ONaFUy z8()0mi{7EBhx|h&hl0H1M~bnoHvV?-*Tvt}{9VuAJNdhXzt8dadH%ekrg+csH;(*T zKCxnA?Znj+uP2`#oH(p`^j(ujy4a0Y~=h=q}<8*QAW;JOkOd$5?Nnk zH?9MGp zAiW~L=OMx87j4KR!w*dV+Vn@bzMUh>r_L;$SvGSa*ZD@KfA0S`*KZ2Q_Ez#vxMfo3q~A_@Zqk;? zos)kz`45w~9N&5TZ;yZO_$?=No{*e!*_4qf|24&*de+p6qS~Uildd`G*^|dk9-Y2_ z`q=cpPA{4VP$pm%lBn}Q~Z0LEATz#`aN$sNxsE>M>H;yhS}jp(^ArIjPyE#wCN&UBt7Ekuql=f z`My2-dyBmiZ?<=aH^-aLIMouyrz*USj7)9fx|-`+u8(uw%k==)e{em-b=|n@#@)nq z`LUaheb=!!ANwHJFxNM@{&?*3#~wfagz>NAn#FbH_#NYa$mJb(!f~w=Qxnr%&!6!8 z32UdUopSkzbGlMkMJ&h&Gq z|8V+`r$06Qr_;R|lV()UteIKlm--36%CGS+@f-X`|5C1N{pxu&?2tITuZr@b5(F%z*Wt)itBQ&H*vk0Yhq?1skh9eTT`Yf)50b4Z{@KR zi4>Wf z%9gJ(MwmBpNm*S?DO$>P2c_l|{}gF@Q8sEQ6W3BE-b0xvr%Zf_GO?}nO0IUU4z4s; z7grD0Z@Kny9pJj5{D$&(a^1xBF0Na+-oy1iuJ?0&fa`-?ALe?B>!(~VaZR9fG36w2 zJQve25>!`|wbvw0=9B;HIf1Lcc$t$L;m~zzAaZ^v4I(_OXQ)f**o9kSzMO+U~ z{pQqfP5tiF?{ocZ`p>3U%&eF>Ix{o#YqP#K>!Dc>&w6~;_h%^;~cDukmm8-|Y|jU-Uf&oyQfAFP>05vG_GyCl}9PSgWLXHdiTEIoCX{gmnciQQvRh)LwX?LEs|1@v*^wVdae(mY~r@#O7 z!P7r}`cb9Fl#VZ*SbBVEDSIqjT)Kv9ZE1b!daeznZ!T>v-CBAZ*PhZZlzy@F!P1e^ z-;|D(USIx^@}HFdy!^%TL**x&*+1_i^X{1UM~dx_=8w&PasDxhV-hDOPD-Gt6Xzz* zODs>UNZgUQGcmB>{R=*{;A0Cs8vkc3tXi1lYFc>h!nbkVyl`mY@WMk2y|XfB4X??p z8TiyApTc|2mw5T*&4)H0YCW{&P#f1VnPW1Oxn7@nV`e#51=pLn-pn&#_`8q4U-0Ms zfHoa}57Wkzzn|&fi=h0y7Mnr-&e6ZMp!{{}-@8EhyGQ@N0m`4q?*VTYsJW zS0h&^oz5LS4?%PK*|DE{_-|1vu(8>JW-re38xJ1rH#tX@IA^DR$a%uWMng0pG zaAnJtDJf513aALe>tc4l_x>7A!rxyzJ#yFl>2{n zdG|fv8|3Ogx&P!TGp5Y&{7HV9U+&N6+Qj80xcKj~Q`ZQ1U5bxop?iL$==j&EKmRCZ z`?us?8{cQ{iQ|a{o;!E@KNolJo`0;sbNBx5#bNdL`Il_CN4;!urs4|4HpTZT{=4Gi zijxmn-Y1W$Gx@YY?`svC6>rLN_r!ZVhNKLYd=O}Je>{h%*ai_ZfjehS@8cwO=kH*<>zO8s53kyBZc9(tc{4IpH z9b?0F=-mBT!>`fz*?8x%miI-)8;`U14&C#w6?pI5W#e-7=dtnDzif2xUkRPR&fUY4 zt$%$}Eq*Qwzca-?zi(px_u1~<{o9mR2!E>KUU0ni_hrT56YRa?IsaBou+R5Sv$(X# z;#$ScioJ@v74J~|j`Hr)`-c^OsQ5d@zbT%e?tR6x6jv%NKdpH6bQ{l= zCt7S$T&2(7s`s}kzE+>R_wK&_B+EbXwHE6Yf1voIlkM|H#V225@1IoOt&XqH>lJTR zbm9H$X_oisJd2;3Yw^a}@#p81#_w;@_f=)_=O?K@*C;xF-TimwSohs$TD(|shx+gM z%Q?YQ{`>PHizl6L@w#;uXX*X-6)#oy?){mUSa-7h!~eX6~=Z!S9^nzgf&UU5n8Tv9M z>)N$R&z;Mmvdny&gx}L?qmajU4m@P5I5{SM7n@s}MaA8oM!-In!|rpoSCdnMNte0{ z7t5ZM!Lhf&W1mw^S>;a1X%@&g?_eR?B(KEoCMuh*`C;PdE~82fQrd5C+uX%+P;=s@ z-^^B>&8@p+8#g)QyG!;YY_>=4nzVMV3;Gg%f%8I-@?EV#uT60KZlq4d$lJ%o3 z*6xv)c2_w$(X^oJ@Cr}|n_ z>7M!X?QJA!DIZoYBx}Wu>D%vmE%gq8`V$T zvKGCgCvp-nF{rh|j6!pV0=v+)8WO#&LKu&cK5Pw?ZlJ((BA@G&mFX zwDKhJY$A7?%|=O3vvY~;R2q04X!pZ-!1=St2fLf}Y~#dKQy}twQy8E!h``|k4a>Hz z9G7ZzmQ%H|Rf(j!?i=BUue5GjYQAduBu_a`f3$3)+GdLax7o8g4p-s-!pvPIAJl3akXxKgKV!N?YR0>EW^si|Bkm z#p3WTk$4TRdFxi{J1P+#u?=fnx{VQ{$-`c+TE*l9A7<>~2`<6wF_z*HnxnhbZZQgv zx*|}U`P`C|%{wSby=;8@N^Y%2JVM9pm5|Qk)CmZ}cDUTpDm%UxOJY8$!}cPf5)&bh zsC;uExXWs(vBh%9a(#(pzh7#6Dh-OJbF3AD6DD+?Q*N?@a%USBhWi408|VY6Fx;)%0_G^%PlA&SHNnYC+^fjmF3hzeZt7%|q#LMNVy^OQfr0pJZDdh@NfVg+i9I z%GrfRb0*3N3Ye1=V|Fg)aVtDqe5`vh6!SfQE4!Dh?OKD)6MQqd78IA&{+*U1gu6y5g^# z&^=?#5jx)38c`4g)q)MGY<^+vCV4p4m*}N-XIE@n3XwasyArh#q4dWqlKtV!w zQ5NR6`)CoKu)YnFBU(k;l5h0P;`t>jq>aMA| zBKWmx1RAMV;gw`FjWB8JB{YR>4~HnmjdC>?BX^AYZm>-%O8zUux@w zQmPB~5D#OHTt(b=`@L@4c5DA@mPo?lvVrZBeCOPS%7*Zy5ay#c8N#wlYba=dkl5zay1uEg1Ri#HQKjtVB#0cHL^(j%K!%hLQek zLQtg`aaCCr^Cu5C>XVahwkVsMiK}&M^V7dX`P_yH zK;0Tqc42GEZ`mcg&Jk5IBlrx;iEV3=dfG>zs@xX|4_d1bBKpl5ebS+1tz}7iTkVL? z_!%TyK9@K#Y1_fhT1OVTCPEp^^1=~rr^{*n{3CN4)Dqc*ny?2aa3kger*vTZs9rRh z$Jp?p<{(u?HRN|xD2;<4=Fbm)zS0LCfy2PQnm^xcdwE2@M@XSAIU;6EQjQ>cMr8B& z>^e9CF9H)Oh#R^NbB+y_Tq>!B{Awt#AnHL_E{I(B`T|ZSGBOz!6UWHQ$qHqM%KVxeYc4a?E43xrdVxMw&ryA(t z9mV`p?OsSPsE6t*7@*K>s&po9w`im->=4%@{dH7jY;j9J3Hv8X72~Q7D=n@MyM@)5 zTY@^Abdt_%we6%`*(gRH$}HZ0ZPHV_;%lpI6=Ib??c~rq>A9tSV=YDTtv1%`=NVqS;+$f4_;s$!=(jVEv(J;q1AxVp`5Kx{h)g4`r(SY}J*%E#O35ulHsyz%= zd})^caItobB;|7@q1uiS^^dr(H|>|ue>1^eT?ns;%N$o=}L^e zB@7R(VlO5{g$121OtMndg8f^v@AQ-rb6^d_&GdXT0D0yQ8bz7 zNZLG`J9oLhcMTNjenSXN)!@tPr3^%}nKV7)OEL4z;H~^NC3U|13fm0kR?^@6P?RJe0KNJ`J#}FpAlywIOduA5tu&aY3wfS{4?+3w>Ck{i}0tZx6HHP zSC~xZdHmLO8k$$po1k=?H?ccgxA3Wao&DIQ^X)TnOT&UhSbSijc|FQet%!c<-vf0aJLc zFjX#su0vh!R!&5-rNs_XNaiB{l0=@^*b-sq_SU!B`5D(Mb}4RFtXI51aiQX=iYF?5 z<-OLQ&ne!nc(dYL6|YphT=62s#foPr-upi5-yMp#C|<3&U2&u0#fnQ5&s2P!BIUfH za>K$}wOeF+TlTTmr!^`7`m}~U%6oQ|&F(G_G$m)Kc5SEQj%4d-W&2qg<1#YV#Zi52 z?5ZtQlN|x#)KNUf`ot7tzim-ToTx|J1~QH?N=_X3 z;Cb!~O@P&@mUi=5B8Geovm{WJ(!YoXb}@&sn7!I9aDH7-+^qG-Q3En*2Gc=Cd?P^w zivEZ~i4be7WWQQkU8k)h0-pPR>{x20BquDiweVYuXe_Qd+`}bEB&zE=P#m16X)_}T z`EYE_fCf?N)jAd}HiVg5f)cStwy~hA8>@AEtk_AWp=knnbrfK0fd;b}oOV#@G5z$! zcVU!Q*PWNS6Wd0z-gMy{ww1j96vn% zd*eqU`%NFK`$->eFX_K;AL(1zNxJY}(xdDooo^rMbF=o5{=e8i`fz(kA2ns3EK$_G zqF?PkYWJ~QbbP;PyGL}}RJ$MapV<%EV|&tZ(~f16j)`28ryW0S%Cr-wE#+FyRl&8I ztBxzl)i`Y(J4nkO(#_LaxKdnOx!SmPOzW7|HLZJEFV{!8?&i9e>%M7UnD)T5z0TU}Xv)qP z_dIKVha=q!VT#M(&bWMx96iGB`%fG#dke^(lx{ytw+E%$f6^U#oXq08y&q%;a0z0Z zhBJ`m?#|M+=FP_yFDSG3Ys)SEO`kue_up6isy=^@-tV4o-M>e1RPo7#eg35d7T>$j z;v;8S{Q5Z-FF)5}@;ZwxitkdqO7Smmv+t+$Tb!-9RIx$vO2xM;?os@L;vif{0^A=jLDZeoRdb5Q|~qn-{yAXQ|`>M#`^hv z+j@4iFOcB%=Uis_685~-p4L2z4DvFV`)VTdYB=F>;?3=bcY4W!#1fBx&ys)7=b!c- z{@E)3H19|+v2!5AbY<=){bFLhVXcObyE*wK?1Au>uE2qh%`68}E%Qz#S?Q5twiE}y zbZlMbMVhe7PVMOAUD&2wcIvJa-9;x%@A(^LCWrQrxweGuBctO^ z+exmgUs;o~yXzv80T-Nq{`od1PxY2EJ%*`3%<-Qq?enXaomyr4jOWTA$f>rorlV)s zsix;l1YwE!1mubY^XJn;*Vej>l;K+!bGFb{`K_2MOkv2PfU1UVx%lZ3;?yH__p^tN z%-_$be}DLeb-(kM7SH;X#nq!0pHSozD_dKud$dWrIPCGDQ6e2llHmnhxQTAA;jLW= zj?vj-o5_X!%;UoOX?g~wgV%OT7_k!>W>JSZut*w+w7BG$Bj$VCMsy)ZOd^W9T3TFF z*I3(l8A4bmqUj@-`ee2*epL7FNIU74HolHQ5u3%qq#HY)V0&~-A2YlvGh4}hbb+Wj zj|;{9J&LsrYv(RVoO|}UbJtZh%w6d5??NyB@N9Fx zy0WphZtep4?VI1e`8{{hqI1rNClu?%{8lISxp8uqabkX256#bW!l&nkKhFz)E((91 zZ+z(lb|{Q!?sOJ4MmdXzj^~ zf35AQE^53EyRJw^%ns*F>qK3hg5$N!Qlvka!(VsM1w`d4CyjMT?{F(qI?YNp<6|vz znDc}zm2Hlnq8t{SySm1+KQ7=$!`#Y-s@htKTfHvX%j4T(qu{Az?N`}vIjsA}&Q4Tr z$F6`APMl?tLCOxht*P9wsiv-KZFOzkg_~AY)>W^rsc-O7n_F5rWX-1X+;t6J?FDP* zCeAv~W`s#_lk_G_+89r{if`4V>bBi>TiV*`6u0BMwv#W>$FZ*){Ct3QA=*c}kzV_y5=Ul!o^U#a}BEiC@L`ORjU53fmHB_C=_w@8I7GxEY zeYCkvtbb8ZqSep#7cMyaEc@%MvllG%I#N5e5N+w|+~L>GU+Z+CwIyn$fYG2!k(?=O zC@nJzhczy7s(ouGba48j#Lx`0IGRKAGGbxmTEBLg{&=#Q|`P?Ui zZuP^vBi*SAq;=Y{HTqrBW<(gG-^J=u^3P}&zG&WA2_m2Mz34F(pUYQ;Gpu4uZZ$Hh zpT)TucbFuH-&&n*(udVU;jptww#Yfw1zZ?QSSE&LzYn7lII%50*5Q%Tc6PIqE9NvA zW1QrbX)5`g*h&^A|5$v7}`7>2uEXmYsU4i7m&UebvVIvtP6Lw4(oz zy}wlPLyC_p9zSf~S1I14_@LsSvfj^m*t%b?m{i=X*rRx(;@1?*zhik9E50cU`}N*o z_WQ+I@0~k`uk_xzD};_e=estZD;1j*->P_<;(dybD*jsWCB?+!)}MEd)A-7DW3U#d!JNXr+A~{1B&|;4=Vme@g>EhMyx-7(EB#MFNEXu{n{ri@17?u zUZwYUDgLM8(~2jmyYm&B6mL>I>W9{!YZV_-d|L7TXYKn@#ir-%{mqJBQv9XjgfaVm zq2ikqZ&Yl1-oF2U;-!DG_itCcSMf)R8O8EHTXzkL*DC(T{%W5u zQA{bmPw~r&|D$;Mi`M-+6t92D-v5i@j}^U_?ejAf8x^lpyj$^)hpf9dWGp_SIHq`t zcZty;)ruX8dlbK}_>AHkPPFbFo~8Haon)Vs7R7$WyA;n+yykV*-A5GfSNwtEnBs2Vy8E=^*A;)I_>$tR5{|{MI3;*4Nj@})cW#b-qZ_TanKHW(-VR)-u&(<~T(z@mb zb0*Y>4u3<#>PDT4iD^pUejW3mn^}8jmoya@V@9qF=F#uuXmHb96l*PfOrLx3w2`@+ zdP`p=W)+k6Wr9c8lPXK(WKLJ9@vT%E7c`Keynwa_eUu#=;y1jXqzk$&b^MYW+Uz>^(u}#cV*~CNovpZyB4X+D0ClKec@0)ed z?7Wm}Z=d8%WWue#QGC4u7cNw}mx)zum?0~jU8pUs{zjITZ4;+1)K=!i$?52kkd+Mt4wlX(l(3eXj~%+v|^Z3u3zSt1=D<3K_4uUm}8CKjviKy zO>FHAJ>)BxEF^5i#qQ@L`C%UPZk9}^RV3}NAYwSp`Y6eYAaUYpBl!}%a%sc-c$SIr zhPZ5z5Zr&xfts_u-OXE(xrxTw-zeWjvYDG^7C7zrP5%-G$SQmODj{@ zOE@+T>&Oya$mM27Bu$0047cMDr-z-(BOh=ST-;6L;Ha6DR zUa+o_Vc}q!q8s`Z@$gJ=+D=9nQTs4oRidEJ$Ul9+FN9wPs_7<{ZYk@$RJKP!%uKM( zBc_uYRb(c?wsoObrP`K=iIR9*VQM%T4f$Mb>sUceR>c4CklJ;xu)!NsMsqnOW55Rbgtl$~wOTS@wi1 z+kS1EG)x}FxU_ZB@Gt_*%9 zpJR?2v_#rTy=DN_$1trE9pnVh-N*+tyD76a;i9jMAjR|wBN<|wg?`AI)ivg&=+Ef$ zu*hYY)!H?Y2$~Kt_eIh8YVTMMePw;+ zg%N%jQ-)jTCSR+oSW%QF;dce%fG%S{&Dy%gn)Q@GKzmq;gFSl&Hh#Ll+w(6}lCSj0Uh;!K~M6xU8YEW{v$l$yAl@ zx9jUR&T6D)o8yOhX>AX?id6GaI%+-nZC08e$g!%Z^3hc%b(R&od_*6iRL>#A0-tFG}I8Y}A?!`qs= zYJ$07jhQSG%CfY^WQv%{H!ZfRN4YcQ*5|#rkr;b({N%a|R@YWZQJ>>$I`UhWP@ufR zbprXl3zxq}+b&k;4QZlgY!%UgujpJ&R#OFdeoY-3rrs1M zn#-niNp>xC6y{mcH~j7F5i*gJSDr()Y)#sr_{RCN(?MO_G@&7S8eq&DGGkW zE;hp5;qGX2+s9f!mwA%nc5TYxWH)pb`6!05u$9=|3d1&ZfOe9-VwXwXEF)ckliZp! z;x3o(6>#tJDJT|BpKVe_$e_NRHs#b|@WQIV!tb4u3|s_W2U;T*53cU_@Ch4F1_bOiYg!TU|qxo^{NA~$weroZqU*vaJi2pO?XTMLm@D?_j zeEw4w?myc;f9xEK?tbZ7d;j4qe0oj%`Dg0v{f`y1-5;-fx-_+4W?qZeU^mXU^Cej5 z>u%AxnBY2Bk6)1NJF~0XN_s)r&D%ByWViqWtBY;ubq`22>P(lqnc-XO+I2=B+eNM> zq|moHk!rx{c+(@r4b#p{8(90Iw@B#riJN02P0TR3M(zsHWD_4_{RV;L^}{x0ttW07 zuhdTL%-!l8&i_(6ccl>NS~PfCKKM_y_dcKDrjrJ8xL$$ zwQt&M>1=OrPSY)Q*hrd9{*8?l_-6cy4Ahv-Lu_C7j%L&Iur0Ntna}9%?CqixoL*_u z!x0YcyaFSXp`@6VUS)PY?RU1&X-WF(G#W`4mqgU?+C6PPEa-MrQ48+X{0^rx2>+YP5E z4Q?ylh$FL;NAwkWXqR0_4cMqRW!>~~(h5zL$9yld`-EgYB+<&f-i|gHtiiC&fw`m^ zwinsg<84pTT+ja;6DRMhoopxGBE4p1bgY+q8)cY=vM%XilJE-OZU7D6ZV;KzNi3D< zjPKmmw%Mj%o%9`PA93iZ=lhk?i)yEN1vhGd$}$wEtn6>EOtn-w`pWKH?0Xwg25l`@ z@T0p;GEaVKHkyZ;uI91XiCTV5!u`N#wb-_EI`B z*!7``Zthh?J=ls&zEmn9ry;Vd z8wz3PjcBDge+5KUrH_iAEq?rqu5@Ltp-=OV3JMOgX3FI5!XMrkX5 zM=w40Qh!l0nMylf4`g7kA)_|YUOnBZ_AOCLpx%ucprb78qhftXwK9VqUxevPW$ku( zQJ*>Pqlg(?e@lTVxd6HS5Q70$d|O#SvFQOB%;CCicz-IFrscclf+^P zdl=-qod0G-JbV@VAPp-VXwDx(Sk9dbaXfP=y z&LvqTA&~K_sKnTRM@IR@i>;WQGJs-?leiw3$JULwh-Y#kgF#$MbmFc9ODjw%Gr$-X zetjhamQsSkRJp(u6uY!dOzEf@WlNeZcAZ^$ywfD!Vn)~Ojme_69!BI$7l%1hC@R{X z2_W08lr%{w>l5|1S5kt~p_|3zYBS4f zAPImRC@=TSc9(yLH_oFK?1Us^-NrJvrB}+eF)G6Pp|-lzh}tW<$}!!kee8BK zrJ>v;*EhFU(seDJ&HQ8*m}HO@bW=wKQYm{2_RPgNm&ZYK0@<=FE%MXCB@A{GD_6dp zDHah9zQ^u`>fS{vBJ-`(oI#FyMmYy@Gh9tKlFX!!%m~L0a8)(a1qwQsxQpIw_s!RP zrSq~=Sg9r)`?8?->V}?Zwe#VYdLms+9aF>3iwKk#l><)=$3{uxpdvOFiC0#pbqpe? zYF{MNRy8~`^8t)nC_iJ4UshITB}csCZNy{lZ2JI?8?`V&l=H?J5|MX2rC?j1<#ZHx zb4K|Ylq{)-wsd+@r}z#Oos7~wubwd73GmUM}|ZuBGC!z$WlMBDVPYy%o1_Pu3>EZn^niU>1;Ny zM0r`gXTmv**RtJfA6kfJmCrmQ@ju%OH=dFmZf=u0Qkaa08@o#qWu70{5Mc-ry&zU@ zU211FRXNRltri2{$W$-iLtC}uVONT(gL+6D0)g2_{S#Ks#xju5os5JgixG8c109)j zEe5u&*O)IyG)tYC7Fd967HI2pBPmj2V}6hYv?IuX&`u%~jG;z8I&PSy1@j|sR7^-m z7N6K8nOt7p$Qb#`mW)6c)!KC5Kvj9T@0TiHGN_wj9ADB#gt2fskmuO}N6Q%6;O|gM z=!~$Oi&)m$Z&=$^ugVXt=}rhWJK&1VBGYSw86ox)SDP(r5h=+P{pz^nskI*{RognS z3jc5fl`3sb%tM<=j{*uten@DM;!fFMbNh--js!j5vgQs1w_Ra zjlqg?{v*3cFaDPfK~vkAVlJw_*GlBlNaeQN>SsMNf~{q3%N0$sT!h)|B5OKVmQx8b zv1_i`6FOQe8T%&Ex`+m98VuR#5($HE4JvtJUa-ERsZ<$MJ#&nRFoS(ZXrgGv6c$hU zMAH#gFgc`ACFRrhlNpmKFe2r7sdQR%T#d_Kw61nfM=COm1qyL%N}6J(DmPvbW=w|F zC#J=T$4f&)gA)biTtJ`Mf8;|C<~XOFambmT99u(63WH2YVKg*eWKMHFuS|7|LS}GO zG;%bjn2l*VG|Y0rNL7xI{qqGeJJ-XH7NL%wiHi_$YqXS{mn*lCb8+o$^ljvzTwXGr z+w_juqjGt`veK66A zjp%tf<1NOC4h@(>WV**>5^dB>6$Sdw7w+<$Fv9YA1WMW~OCW3u$~~Hx>|kAI4%57f zin=GYHPz*n<$Vkz=DogtuqeMvg3jaE zd70}tD@9|vLt8+!ZA9xi?T`5$9WDv$A**A9MuB7+V<0$=9tjonox9!+XJT+bZ8(1O zkAx?cV`TcTsMvgA*v_nG(MUFt=Z8tk`4L7rV?8a%mWQxe=!7q)awk7!=tk4c=9$YR zrpVK?A(|i0$uGu4Xl-L@FEEK5aV%X(38^>a8V*iws zSo60om{leu)3qRmOwMbbn3v%`ZZ2k#wj>foERm_6aMHF;n>XFJYM7FkfsJ4$IMeJ3 zb(mDhlC)yiuyciL*T|zb^qurOnez^%x6gF^vQ~m;GAsSng(`U!25S`WKN5Dt4$B(< z!`M#kkPJ3sd??d0cNPIT5kBU|ncC4BA-9Fk0E@Qm5x-LB7q)s%UjQXm=3*H$-dQD$ ze0FxzC%dOW5+fq+IZ+67h_%P`sN1lwKUB#w800>YTHoa+LlT(DX1Qg%Y*xgUD0E;; zYiMb}HFoy$f520gpfLGXda_J4X(wic{;`|5c4G!Xn!^Vp(amd8O3i4`QWOa~a+5Ny z$s>pIE`vN7_%)BM|h5MGPa;)DpcA^xfvRE~7o*rho;FtQcD4;C3PE~1P11(xS?ZquJ>r$W#S;2RT~?UR4R2XBY~^|lu-?i!^l&xvLm`yPN$NIaCHp`_GH1p7OKdS>=-Cbj7}fgmDz$m*tRb|mcHLwL%BZqgTg_Cnwp4rT znfT`(Vf*tW>b+FDxwB=WmSH3=&3>u#iR_hisINpW*b8B#ueQ3XK_gq)(YjLNHb<;2 zbMggNuSi19T44#7lSQiN*|Fb=(kvKEm8|#-0x^EsetJiC-5%YtX{Zd};ag*YU?n=) zJQLekf<{b`=B}>hUHQE;l|ZELkcF)DvdCy<%(I}w#F)O>IZf6eH#ydDIRgr6ZCYBL zn}Mb6Lot%fnLy+q>eh~%xc)+I`niNLA2=^Iq!jC3%;dcDzusGiacgBcP*m4FcLc-)xvB zM~3S&t3}jSGTqRj&lJCSMHTcD)4x{bI?Q4b%$_Y`V;2rl>#53eex3HWNqb%os;2xa z-=(VQLUR)s%&1M?Hi>+FPPbgp{YDij$tumE=CY1*`Uh108DTM#s_2osnpTgUv)FyD zwJWhw7dXSuW}9pNsefi91MN_Xgksr-QwI5r$X!Iuh`5EBWXE!_DMh+yewe8MIiAgt z4kw1e!ih5K+_ono0ojQ;s9AytgOP4s`^=P4nF1)o@|^7ChAfm38w!yR&f_$Uy!bg^ zb$eiUM{Fv-w56@9MP|u*Rr({0lxw9&VjoQ=Q=p7zXo|w@p#D^oE=CJPm2qM!(MqRe zOpRF2G0qHk2UA7Gr>Mbim-K~3cWCm5VP>@vj23Y6BI3>VAVFVOoMq&gd}*iA-pWKy zs}_t!5~g5bbzh4aCe7pe)D8{>lGR?VOlUQ8V^ywc%ChoX7c*E$9ks#gi2QH<7rA$R6GJ=44ob~Cj{ ztLMyhs?&{eOtjs=u_;U9wf$Zrd783};hOZbny=Ep9HiUMso%WIPH(|(G#@!9GMplX zPPx5ZHdP{D&*)$f;2fiugK~FOb5~o60!<9;u&Rk(sTu1sHVorzA-O<%2P-mYWke>h zSmR=CLqlV|zVG%T2boyR2mKxm@r z#ReugZbZ6SWl+P5j%s+OQi~}nJ&zj6(7t>MXS_?^bu?#XrW7oagnwgF&agvmb!an~ zT2O4rq^ymo66229`pjsg3u&t#eDZo*TduEa2u!H5JiX#JZ^F373b)D1&|r)Xj!JIQ zJz+&cM{FX#M1&;diV)z!hjrdsF)JHw}%w?~z{ z^iM}q%$S5>kvDB3>D6I~Lyj>lQ+_lCW zF}6e4ffUnxY%JN?G1sifG}fN$!Z3PorywzAkX1%SgHzuz1(T6Ek@heGVG2gS*dqzE{Sa;}B}$b+~3Lf#k0<6{74epe2C~^_Q=}S*=lW1nZFXGgzaXD^dH1M z4qJ^*OVXyxB1aXr4Z$`;ccF1z4jKa>=8*4{rml^tQHzq}u^uz+TvRKI#;-IbMS4ng zfOT#sW6|~tVt%`_E8n825{S8pNpKgWNLF4pN<9#EKpsJ&#JZG(o>h@y43SHRHF<+r z$$(DugRXVhQS~|8|$O8iuWSB}>$AX_~m~ z>9+Y(Zpw2009BG>-$gR1Z$>z*Eg5s6WhCp%O$$+k+eXD?v=J;#cW1Ola!S%LCUTyc z-Jqj*DrML*!31AAs`wCXhDKNB=@?G)7B&EGvxBuF1bMu$J(;FprHrBGhL`eqN5xmj zhw$?vWz?u}F+DYVx>8rt3bN*>l^^%-+Tdv84#fWEDy5rnTCDJVi5~%SM#<8%GYi#iv_QZ(x5+HYIZ;6## zc{6XGnE`6n)SD)&HEmT8vzwSWyN;*~ zdMr}r6J@kREC9P4%{HWQX67D7v}%|LfqsaYNJm~9huS<;9pRUn$s*=ctJXH~wQa4{ zy6jr|W0^o|d)o3ypa?`W`!kwTiR}cs2H9`J40SS6A4xH0Oz`Eh^gHHH=tGs6EMdF$ zu=sl!;*gz@Wo~%Xs6n4b4}y?aOzSZDAbv?p-x%&jtYc4{5|@J>yXcOkrzA{+3s?i) zT3Ka%SR*6qo~r7 zI!I2Kv@)s}C^jSP&0X8k6==6eUd>a@Cd-G6mDPL|3-*mI7U>$VkxgvFgvis8=!G*% zWN6FODtVWTBhzjhEJj`mIkBC%rjXkZ#>Xg4X2>K`C3+EOp?5j1tXUS} zx%`R@QglcCvd>M2RSq}mE(|l*SFATSR9=|bA<>0zrl&-EjAJjfmpEq*OVFl? z&L#+_f5+s{t(?jEbnSPSxV5Sp(c>JObx_QzYm=VQ1P;Y07%j7%|9KsuYa2&A7E zb!Uh3WbsDZj$U@guq(r|80OfNF3!b>b5Lb@Ia%K(QYS;ZVawa1}HA4(3I?G}cV+(yvKy-`$=vsKSerU!Sxt?pvQY_W-z7C2a^#=8* zDTp-`63&c3otqs9P2OM=cXqHyq#cp#GsvC*nAy~$))c0`>_> zm#360JNtxOmvHRt0SUtmFa|)}- z*qvHygu8^LJGM8sGFy{~YqAKZQqCk9H>c=L zW4AhnU|U0xh{;mnPZDv{Phw6xLLAh(HrIk}2IBD!$3RR}q-caeyCiXbd*a&0S>o%W z8jNU*g&g-V^h?Wzk$95Uv}@*?)m*vX)PS@$?{JJNS#~Nph74KZ&zkQpEl(rLX4e8Y zcSUj}TGPt}7I|jcSVE!dkj=J&;V*4|M>&Df8H|Q$k&!ujaz0aT++D0C!k6mqk;MA2 z8lW137&nbBc9F)D6mqlY$6?-@odt74FjLxVh_D>46^TNSLz-$PNkUkViGTVOBu1MOh=2nb=y{8*Rk|4%=^mjZkCy}r!LsFp`n%oZq1#j8f#Pb zH0N^~2rT-T=1gQGH8B`%TfiiW3)N^t-AuzaSwh=idemF&=y4>h-mM~2EErg9YIfIJ zq;|A#Fmh!zL6{vO*JX1coRl~jr(R`B&2 zXx>CM$ro~^a<^^2T#-|6FW4n&gWbf;mU}t+#Wad)Opm`60Znx)Nm()=q1z7aoVJwO z*&-<>jv+G`y{ASERti}48h%J#wIy~c!-Z~Ljn6ow^Ph>?OuD7#M!Ezj8j?#U=J_UT zWG9-&)n#%-lgkkt;l^h=YE#A@tI@~YUwy{4-qpIGda>t=i67c#5u43vc5ibtT|;{2 znjDUjQ=R0AOsK!C=(n<~w9y)*gA{Y=VryX^Ppv&-zDB+&^u{D|zJN$exAScN?+_8n z)gXELQC?Ywj2>x>XekwUqo|~HZw1UnGaQX}nk=g7)VyU*GlMT$FHz7*8M^FxtVUKf z%aNx!!v88&pcVfhqtW?j5Nf|v*BUdAg6$vV!%*57E(n=a3dU@Zlj8VHr$*eQLD}?} z)6?AUPYmdok&k$-V)}=qp1?57s%7F(p_+4xE?`5ld%dqKSq@wZ=_KE5d}VvGUm{NzQW(W4FH2jZiWv z(9DGK&=|6MeSS2P+uiFSd+YJ#M-oJI5gz zX`ZHMLklvqegL}1heYCEN8l|o-^r{N(6PvGL;7XA(h@?WYHBgQp zc5;~M01T(DyY!a)WfPWI)UrKxW9&KwB1mP_oV0U-ei=DM(sU--mGN5XmvP)&R8^P} zg?xi|s<)*`5d>;mJHDj!yC|9NPpJyzfw2mlX(2Ku=CkaFj@%sHmN3FdCodCy+O_Ea zJ!)5C#tvz+f6(8ryOCA&m6(5g`2W=iYnI|ANHcLENLMpWBOE0RrfY=NcfK5pX$L>q zu)fylmCdq^4<94OPF8s`ozV1=IfE)onRI(=;)+cyF=}PT5lr2jt)r|`rS3MhW>5_t zIip5fYm)mM;}9?WQt(Z;F~Q_SG$;iPl^a%(eC@IVw5vxwtn1E|`LMWPK#98?BPtxN z(j;Vc3t2@75qmAnk|5-o4%byixKbe4cqc9OsqIkBjcQdjBh?KuX+64edzBf*FpG=U zc9^9`QJraCBB^$XQM_|T4tDzQF?$ZvYkzOCSn(~2*DAhC@q>yVSNy!<6N+C}{APjo zztHE|=)%u_?)<;;c^f~6$N$ORpQgAp3+wfMn_|D>BZ_+zhYGx3{b%ccHvU}QXFqrT zkAK1P9B$G3_bT3>g+JH(qyK7oXDALT)+@fX!287CEH4`$QTN%;o&Wb7x6YjFHEDvy zEsA$5uAgY14=6sU__$);4UW#5zrk!viQSO*JsTjo_ei&N8l}28)+?+x>dhlg=iOl} z7zR*fFO5lFNeeYrGiI2T{SsOMW@E7u*P-YIzveOmX8H=nTd9kzpA1O#rgJ^U&6;RX za;h@V;84T1X!!EbcF#l}T-Dvd;@gg%EsBr>_Fkqu*s%+?+C&&OH@9qeZg$Z6 zZKI=|oVPEmLnc_8b3P+Bu{Eivh@#$3k|{sTL3Yg&YlINK)Eb<~#yigO(oO)G-qI=& zoRsBWHViapnCcdnPV99r9~xRR{9|^p#%tFt-Dfs>;8oDjl#@Y&1VZMqio#?vtrj}< z1Dd8A8`7A=G;$I^8JAWO?Glw+I87)?T$Yte}hji=qB9!r;wA#^ebb+s=M&a8k=wSm=%_o zNp6|N#S-PvRaeToGxJn~_s#^6{L9|N#thExGC8jU1tP$xK`);GAW@s!TG<)O$d)WA zwg;8TF9y}RFr?ewYI>!`v~$Xo?4oh#25u&KGL$N&Veo_CjhkRF*~q;b_tFMMq}y7h z6OL1tBhi##y+CGk>4RN@L(c=HO1?NKT`~$|EI8TiHs}(w2_}g?$*WwsdebE}Yu0V5 zuCHBRQ@^Qh?WR?0*Iq0Y+flC@x1{}2&wFN)=lMtP%k1U%==gn^-GayM%Z!3!ptr&E znkMYa_~6*YeVGa{F==0>3G4^^!69%EteCtnGYqD|QE+$){LAovCVatD;0wMUJ~%K7 zKIoOe2m4Ql4-S{Z2S*mbzntf1?aP#b!{91#4BQ4L&nCX$5O_D(f9}4_qw;+DzRW%_ zy<%Tx!baj%0UsQwgbxl~urHGa`>Xb42IP75zRVDquGyCv0h?Cs%Zz~)wfizfZz4U` z?#m=V|B`)~B-m6B9~`(0zThU(Po8hymw5{8Zz0}S@H|Dh;NVtxU~)S=FbxiX{tm(g zi@FFG9J_{a!Tx^2eKX(x4#EY!8{vb)U>Y2F7kn`NKKS6!hvCcpr{RNR_rl*qJ`KSK zNA8CYCjSFII0O#J`$yq}P2YnL4ufN${{#3<#N%i1!SpZTgM+_?4<-)62S@)5AME$` zXGR2%-k%u*hsW*D_|1IRl>M0saB$lGOcR(qd4HxK94*Z8 z7vO`#;Di+JzX%_!_!4|@_&?x-17F*p832dCA+YFS(hcl?jC2EszqdbAv<3fvyg!ow z2Y#|YlLW`c_GkLQk>Bsn>;Z@Wus^dG^q(hOaP$Sj-AeplBwWxxM7ZGSF$Xf+$Kl>5cH)z)kSM;THJd7`P3r*a2U#6FxWyJ}U3QePDkt{3{9n8u(!HTKM4b4e-IC zcfbezo8W^*yWxWga37ciCv3+bunZi07ksed7WiNq+%3<+yTRdi!w1K}eW3py`0b?M zd*Oo>?}HDf2jGK4;BIgfyc;ZfKYXz1R`~KBoUnuUU>WFr06y3RZUYm0;Dh~lzz2uG zN9FmQ@WH0L;CGO}U>R8PQTT!%gAX4Zge|hA;T=fy@iwz&8$LW~7PtBL^~zz>#ks$ZPBv&5dKc$w+cR3R1075V)$TsHGD9+20l0lJ|)lV;DZ%w;r9_ga1oeH!UspdKEZnU zV4?v&m|h1Tthf|DICvTSUAWr_9~`>^J~-SAAM`fE2P?q6f-UgDL@RvIPr-jHJa7>> zvIRbvXoC+9fqUfsO88(C_!KzM0Uu0v!oQk$fQ!K4UihGQ6?`xO?g2-3!k6cL@a6f{ z@WBCa#x;ZwE&`L+!3Wb|A2{3(U!LCr9~=Rn0>|DB9~^uS{A>A+_rnL9J^&x|Zi6rP z;2yyb!UxkIf)7^gfe(7O!@rJj?t%{%eH1=82=;+vABPWCd`X2U+}?Ea4%T#Q}|#K zd;uH;XS{=S{~3I+3EUv}KZg$v{|Y|n|2KSj|7-Z5_cVNP>>2p)(STLH~64 zf@Sc*Ch#e+XfAv(3C_3)|G`Dz@Iv^YcNTmw0qz0E&V~>A=fDS>z!$*bbK&pCzw_XO z!;9d9gG=Cp-U|3&65IN`-W#S!(cx+3J!qYEyS-8KG?JlJ~#?C zfko@#%lk{=gGq20OoO9f{|5N)CLW*<7F`A(OkWNk90vQrQE(7UY=jRc!BKD!^xlIz z&<6+K1Rw0b0zQ~{GkkCe90Z3q!3Ud~;Di03_g?Os;e!KU1vm;efkm6)%lj7i;7BWc za3BRA9Nq%|eYoES9~`_AKIm)?aQ8{mV98{vb);Hcd1hW`Q5@n-noAXotoflXlg7Wkn5Zunrud*Fj( z?}ZO02jJgEJZ^;#4uBP4#clAxq7T9ceQ*#Q`4D{2`!Ia4;v?`sNcf-+4uKV5;tu%W z=$-JvqPyUOJ~%Az!BKDo^gcv9J_;Wk1S`N%uu1Me1|ReX;e+1C;mdPyRGxnV{)dS- z=!1z*!k7C`!3T%Iez57&@WKAiz?b_6;e$mF!QVqVfj&6+pYXxqZ@~u>kHQE0zXKmk zJ^^3ue+nOL`ZfHI;O>9ngWhl8gTudt4;Jl%4>mmmAM~Gv4|;!q4<`Ns|91R+2|ify zGJLTA5PY!6JDBO0`=btK2EnFd4`znJkx2(Lqu}u5gBkA*^7Dj)86T`T>0qV;9D2>c zOcUr$hYt?SIG7m%N8flbGa~mT2Qy>x{; zd%!_(ue_gkF!L1H1ik>$5YEiFi|+y#ffe8eaQNJVnLaRm9(-^R+zXC?Pl02L;Dh~3 z;D40xmcs`}!3|*13i#k4xJT|Q;DbZpQ{d=@@WK97@IS`;iwDxm)hRN5Ot@A2^acn3*t$e+>sSWne`kd~g8V1`dO}<^6j2VDeJ!v~9Yz?bLXqjKK?AM6Jwd2OspVhYu#e37^5A z8_0Li-%Y-QgYP5X!GRBu@ACXE@*N!d82K*mKS93B{in$H&+cL0_~6jf z@WF~_;Dck}jC)C^gYdzMXW@fmzlRTw{s}&q{0n@!e*wPS{}n#yy$Jtb`2LsSgM)|A z7hq!CvzdOuW1h|24K_`DHuI?9NzZ2XfyviAo0;%=?qBz8rVR96|7>Ozm;kqdVq;H{{q+w zUoZt99N7XN^tQqWhql272ixF-=_}#OJvd>A^aabn^mh2*7`P4W-vJ*S=ztFws&t=l`e8O{?0eL>{xy%qa zdLn$V|0MYG{x$Hw0=^bL*ncv7!5Q$u#7y|0e+qngJ_|lr;ll@$#qj@w@J@vfCQ9Ig zO{c*ZoDClwI2}GXd?tL*n*$#l1dG1P{XF=fKOa6gn1C<$XTb-P=fDRO=fRiz#qhy_ zCGfvSyq3ZTE0)0rN5Ql_Uk)E^S^;04gCk&31$=p53I9RvtKfq})$qYFFbyVa;DZAz z;e$o1;DZ(57&rzNJ%qot@WG~w;e!KU8ceK)5Bh81gGq2ip4Y(#(_qms@7KZyi<0oc zB$x*K!2vLR34Cw}904op;e&|=_z!d62p=2(li<)g_~7Vz_+a8v_~0-&0wy=W2a7I) z|8;m^0`xD34_1I_a2Onr`!~Ut_gBCN)8H65@Miemz+DS`u%Z<{*pz|~4uS*n9vlL_ z?eM_?a7^yo;r}Q8feCN~OoILn_+S$_AkV=eaI6D9SkVO^90rTN$#-_c7wmx#_V>aE zy*~JIe=U44`8N21Z-)<#+yws-!oL|lIQl;La{mGN;K*(8!NiB)gGGDbgJa;By#EON zZ;{@&!w38Cf)5UU6h2t=G5GR+5I*RA5+>+!+#Wa_rM1Sz$Do8Irw1zz3}Dz z=i!4R_rV9pz5pNe{uTbWi8q)4oBj5z z!3T?m;e*MC;e-Bv!UxmegfH*E1z+yJ4IdnM4E}eB*LUE9!;ixk{62iaC*XtL58#7E zKY|Yq{TF<&>1Xi2OZdNl5Bj6vfg`_x52k+$A1wME{Kv_k{qVtI zFe&#>!1pj-ar#F^KfFnnZWs+dgxUozc95`kyGXQ$y z$1+3U@Px60J175B7oSMexC*#qhzQrSQRl74X5~3*i5N zbX^G_EV>9j=&yk<_m{v22O8jm{p;Ziz8O9^wi*5p@n;KsuxT57aHs=5INAkYo?itY z9PWb;`q#k+6W7E45$|t;4|==dgQM?<4;I}9U*6vVAM`&4A509w2mAjY#?A-4k!gY3 z*|t_u1VvEX-%%qc<1eW}p*FQ%dx?UhJ`5k%aPLr43 zAP@b^$ivuj@-VQH{15bRj6963CJ+77mWU?k$Xg=XCG(evZn+-z!x$Wc!Ga~Cq@Q}$ zUm_}C#J)t-Km#^Ge<^tw*p@tWY)4*tI0o$w@;|~I$V1nTW-K$n8!ZI`$wBqp%5j%gICg4DyoyAP<9Z3>tfq|C#aKi#&AABoA%-l9$T| zl85nw$itYMJPghv4}FJ{AE2Hp@-TJ;dFVQ7i3mV<^%4<+_Ss8B6h=>6BI3|?>Jnl5 z5ABBz=stakaKpeEON39ZKa;#%K8rkzpHE({zkoc9)|3B*dM+jpW6%x#4dmtWW#lFO zbJe5B=AZhrwp@Fa|@=aRYhjVI0PxEe>xd4~;v>%jLVs zLq{8VXupR%jKHYm{p4XB+Wt#!9(m}0kUaE0NghU?A`flz$wT`yv&N zBtHn>A`ku04Q=m`hu(L|Lst)Zx&90Cay^Vg_m|}V!1s}t{E9pbeoY?67m|m*e)4kt zPvoIJP9D0FOGM$Hye_>&IAP3KB0Mm%WQnMUp`}YiEA%c~BEm4Re2M6V(G^QX0=id{ zU(9;wgt0O5(6@>_bWD(!TumMtuot=ndASS=6ZC8SrNRmAMN5T8E^o9{)Jtx>RJ6kA zrb|T_dN*4tdL@gOiUjm;zEl(rQO*|RVPs44FjPVw`nDzyV=ye2OUc9dcI4&y?a2>Q z{*L5ftc*Mi>`WdSyO5X5yOM_?Cwb`FgFFnv!X)LElZT-h@^Zb4JTzb!y8cNX z`e6b_VPT4X?nNGYp+|CW@-PBhp?xNK=zzV@whwt2gN14QzT}|~dZ2$l@-SXO9!B>k z4{ZmMhwe)9(!;_G{vh(ubtrks!^uPMk>p|I81m449C_$Fg*|8Loe)yemDjruw*6ehZWFvBYEh6P0$6~p&NEXFYJdtI0pT&WQ_K}3K)VlFbbPs z47S5K?1sUc$U}R8Jha_ReieCG0o}KdhX!nd-WKw58Fs_yZR90yClB3skRPYLt>j?< z)_Ic!?@c?_Ym&?$WPi`4`7#SrG?JLMb+e(g`(vNZ6gvM%)o097;6A9=pTqX(& zsAuzK!U=6#E)yPTze2?bwq%jJU|dz~1DcV;}M`2*Yyye&nICKY6+SK=SKOv&Eqk`YOrG zWmpdb2a$)igUQ1n?3K%hkeAD_u#japdFX>47=rcCekgh9hhe!~MIO3g0>)wCdgPBM z4@1xc-Cpw0fUVGf0(lspO&WNW1PJ4_$M~%Vk&(BX^O9zPriG<@?D)|2*Hq2+}ga-6L#{%-u3tM3ThG7Ku!Z=Jo`zPc} zsUJF_A9`R2*25TVg|<)0Ll^9YKA3<(Shy|qLnkz#2Rc3@552Gz24EOQU@wfr1hn^( z-;VmB6Z)YChG0F6!B%MdoIG^FUg(1f7=(q}Q$KV<1A3t23-ZtlTVVi(VFdQVI7~qM zm*gGP51r5tJun38VGOoHTOWDog1yiO6EFx1cc6agga-6L$5-T`7q-Fx48sWQg>jgG z_OHqBNd3?W{m=tLupY)>E3_>n4_&Yq`d|VEVc|~H51r6}9_WaXhhEqU127CDuouQ* z0@}YJUq=1V3H{ImL$DskU@NqJOCGvlFZ96#48p>lsUJF_0X@+F9eEgntuO||(6)#? zbioAl!NOfA2RdOCdY}R8q2qh<&48c|ygJEd< zfjo4<1oXi|C-p-oj6x4IU_Es7lZRdyh5^_MBQOEuuy8l(|B*a&Lk|qWdKmnPJdDCH zwEs*Vx?w`DhlRV-o&oaE2R$$d>tPhOLIZ}O<3Hq~7bai;7VbfNpcA@(ArJkq9)@5m zjKMGr{7N21U;@TrVL7jhlZP?rfwupWhd$T}<1h^EzmbP-n1Fs*IDt~wekFMr86yvatH?v|1o?mB zp%aE|%Y_HVrY#qK=*?R$f-tzwauJd1H&`xWFtp)vVL;o)%Y}U}`U_pqfL`delZSy# z$V1y^mc^KN3JdAHg9!9q(FV{QB!^jTgp?_!cFt`W#nbcQK z9{OgGhqgV*!;p)-T)!827=I$_Ka)Ik??)a6E678~{^X@UfV^B^Nglcn zA`e5yli!zq&LI!uCzFScTJkUkgV1{>dFVQeJdF6r!{FKE_k(rhp{t%e3_(8(Ttprk zFal$jkcaNe$ivW8-BNLmqnXB@biwk%z%~9wHCj zo#bJxi#)WwMIL(JCNKR51@z=$6Zq%SAtQ{BOA!gVFpIqU0ca!3t3UL(^A?8fdJ$LNr0wdMiXbjKOXg-*AQK zhwhD5h%p$jlRuc(Z9^VL0)nP^3bs(c^KGrW*Q?WdE64%h^vuwAaNB@ex@ANtN9FFh=o#riYJ zL${AS44p?F#?L1YgBOs8kqgN~$7ST9_e%1I;;$tSjqAxvHj|g@Zz2zU0rD^k`=R}2 z@-P5P4&!yO0>)ttblpN824K5f54)lJR`M_e$6&C9d=>q_eT8sC+uRkx2V*b*qj#?m zA!z^C3egMwFaeEwSBS#HDfhk=!UY2ltPozwho~3YAEsUydxU!B`p2jj2H_aAg{b!k z%72n}L)-JTTk>V{(9uI4y53tMqA>9O3K5sScZIMW$vDPV2nURRL%U(%TiOj>KhSRI z{h4+{Ka4_SfIRg5Lf%6;zmkVu=!TBp$iol}z$gq!4w8p)7>CB6bbLj6o0dWyr%2Y=w4%JPg2I7=sDuUPAsD z`URcPHBMeG!+IEkt&$Vup?#7(j0y6Rww0o=nsTSD6i(tcQVJ$V1nzZL&q%g&~^lQ7=vLLJ(4^$JmjJGX!6I?Kj?%8^g#D9UF1M10u{+7np`N+qp$mGT57tZGMIL(F$V1~k@^blp^3p#*{v_5vL>@XG zCJ)_@kcWQQ3ZpPA{iEcetAjjrKSus!@=ub7{%6R;$aCaj=y~#T`9<>3@e+CHf0?}W zu<#VdKSCbHUL_ABuaSrGF7k5y8|0zwP4X}Z6EO4^`5HWQ!r;f`VHDQGz-Q!P1cv2$ z*b5DqfR0}Br!pSU38SBrhq157!@xrFFapCc4trtrTk_EUJ^9nf_mhXQpUF!OkcYNk z$U}deJdFI8JPiIx9tINRPsb0FhxX)3;e~GKhqly8p4X?|^h%!BC!bl#^ZIPJr7L+} zpL$lTLc0{$nBlUG6avg7L$~L=^fC9}{sHgEk-K zA3Y`<(00t2a6=dL!T53Hq5XLBl3wyK2IDYv0{OGyiR58)4tdFw$iw(4(^3Zh!dASS&(10Q6yOKPN!8mj`l0T0;bU*{Tq3bI0 z&<_JJ4nxp!HF@ZRap<~+{Q0z_i9B>eH;h9c^j%9H8ZZPM*O7-27>Dlb$zOnn4j2rO zm&>=2hrZj%L;D@%p}Up5Tz@Bd=$K2so_^j>9!8-X8V`_%kq61cI1EAiL*!xX5%SRe zDESL{9dtkgx}oDS@-X-~dAa@x^3eYzc^HCm7=yNpDCcSNFaq7sKc74dK0_XcUtP6bKO_%>ACZUtkI7%k`UT{n{}b{s z`YCzn>m?6kpOc5i7vy35EAlY-HTlb^Cqo{(4f4>wj6C#?l84ddt7>6O~+J-!g!Z>tnOa4l7 z&;g^+4P)DrhqfKaL*I_%p#h`P??PVs-N`pHj?e+Udyt25=!5=p^3XSfJhc6jJdDCP zH1;EZ7451Z52ID&B-_$zO+u4(Psx zyj+Gp=)ILZjKdK0wUCFl+sMNJv|Z2g?c|{!x?v3Zpz99uFakr+(MleMU|cTWNxqq7 z=zxy73vmQEO zWP@?xf$rjQQ7@Nw9T%-IG-F(Zq3@sLq8Hls9Ty20-)~$L-a-8pb1`Y4HFraVt zxUk>J>rNgQF6cOoyj-p)4~>h-!@#BF<@(FXOI|@92BCc}{kW1mbX-Rs`sR{{fgpKk zzn8q^!{nhK8qn84{x0&+1-*}xhrTDsL)%m2q2n3y(Df{N$>+$!$P47#$aRj33g~)i zT-3n$YvZB``d%Lw?a=ndxafv4*e}IFv;NC*p4Vr4^^Nnq zKI8e-IM3_T?r+9-;}&uUrHXj zw$9<@((wL;?nPpAd!jQ|=xU z!U>J?3E`2PK_2?{Bo9L_@-Vg!dFl5hFMS31d9>qT@-TJ?d1!N!hrU_lVH}2~Ka{*& zUqv3ejwJs8uRn!6bkvZS%a@UduFJ_o_m$*f5cW#nNM8D@CWQS#%7-o(XqpgS=)HDA z_@V9k2@#YYMqu!U2@!+7J14{#49%SoB@f~6nh+I|Z4;sfhVGdVO>+6Z3DFL1?GvIK z24FvQJxm@NkC1PteNU5zfoI9XXqY^-zeHZHe~rB48|0zyP4X}fOCF}aZt~E0n>=*C zLmt}SB@g|u8^(LcL!*y8j4dSp2<=-$9tL0ybp1eHuK$s|T#l26j^D{c?;v>?{geEo zl((2XbZ5xJ2yB9m5$2s-zl3=Qqsy3g(6^j<*Fn3X1KL(F@1T2vc?+X3Aea9~9>()0 zMHB|sofL5x*>qCa9%FlKJ}De9w&kR7!{|1X!Uyf8lOh1UJ5Gua^p%l^ekXYt+k^b$ zlwV06x(*@_W6%fVZt`+@7I|ntoIG^HIE)@e{t4P~40&ifo;(bB$;!z<971UaR+%Adw@K&x08qN4)T(ZlZT-v$wTi`kCA_l{(nba@_X_y@^A9c-cKHeU>F8|A`iVk zlZXBR@?qNh3wg<3$xFt`!{Be^Vd!`A(ElfSxqdNu7)y|Up6xe89>#{rLsyc#T!yVM zkRmVFr^!QGhP+%qLjDEHT|yp)pa;faJ#;N4592T_mzR-;KA3>^<>X(4E677X^uQRb zhpv_6p<@+!7=^vim>>^htI2mVUV=Qd+g1w?^yRM>_0X}-YS9Y4Fbw_ct>(FX+6fad z1`A)JeMPHzZlC;yP-Q=OWiadrUq5TN*FapES?IAChk0B4^ zu&@hy$wSv1^3Z^O=s10~2*MbQ$n|He7BT3$Xtgk)&A(dM-(b8iUoBkFcjao~g^sJp z%jIjxOE!^*p=R>XdlPx+2#|jh-cBCc?jR41R`SqwCwUl!5xG2fwHSkLXn%{>^G|X1 zzkKiRb+c{Ln(WiIDO$HMIBi|KTwlt+-d7fj-PgQE;;&!NSJvR<>wPaQ7Lfw}XCwO& z8f>}#sv80BsxSIpYTetX_w8%{rpir4r$n82TF_IYP! zUm)vf;opkLVsW$V!rFX(^ECMa>F4ur_|?VYK&brHx$+mVx)<*;`@F+c`Gc$huNQ>%U9uB@ki$K0@eOQ^W`gK`|I%CZ!8vPtZ(); z>#y}K_^}Tb3m)OfwRx$>8*@mV0t|7fweSgZehRsSHq@KbAFkY}^i ze7;y*tK}P2z6{^px0rk4&GjFsd=%2cM7JJJTYs%6h4YSQ}d@P zUnKkY(_-+&h}Go=W4v~_r+p!EpJ!(2I&VEi%+%s zKUDR%;q8Ac7Kds1gR^-#j-7b-pNqwIW-rIFIQtS=YId9!@w$q|*7c0y6Zmz_<>cq7 zb`}?~Jrj$?e`JAc`XL_-C zaJo5v@AS3#dHC=$_IIs)`>OVJ;d@6Hi%QM!r~D#(V)tx#~n=SiMijVP~<#Jx-`uSP5pJlA7#0S>lJIBrKklSO6-1d;KtK)S|(-R`k zT+VT~PH$W1o`Qc-t9-S5T^p~H-+^xb>({N8uaoWS;&mRr3;kubW3FA#tNn2izJEj7 zg;xIbsjkWV=o&BIdMTejUyWZe+ogVEzT2E}%K6_5WC=1q6JJrB5Wi~2v!B%QYz}^G zyM(w~YhSBsU!yF4$AmaWEB^>p{ycp9E(x)t*1m03`?~PqT@&I>+M?Q*_iDC-vVDv2 z9%n*)XdcJ>9yLEl@ngFu#J7xt%IANT-S{$J%)IG#CB%N(@ocX`)qi|{1>eQKp*jEh zhHL#CeA5vLaV_=a%5PNjyHVz=6Jjr||1)y^$B%gvqC?9+r1D*|{8JL5Ny}fU@{45o zrzgaTRIlpKJ5G(yD88gNA)1R!KL47cwe2sa-%a%iv9ngcL)AYM-+F06oUWCBvMPTL zz8617Yv1vzeU13SD-+@rsM?o5TaE8L)_bl`h#_tJ4XW+eg)g}=A!cZKr^+v4z4P{j zn5(t_Hr4)7e0v+;DZie%{ukF%{b#-N!Gw51^N%P$ll9>z5@JG|pDVKSvz#L5;9H+e zh<}>B_ttgWrr$la$CqYbDn~E7Keh1s_NNl!P;GxYNbOJa@x7f1(W327H>v$;0ltFo z;D1gV@2Avw56XNO`=d5rTeI`Ej5ZWdZ^cIm@uzIi+T%UPvAluoCY5Wm?JSq=`#2$v z*7lpj)qcZoqh!D9|6kg6o2#~413vUcLOiAU$CPiA`LFn`2F+iud?!A*Fd<%ts-5{S zt8wa+`JWQv18rWsqvk~lANwt#pFi`rQpc5|4e-D7+XUJ;C)GHY<3o!R;$t}=YsV?? zeKqf^@!mv29K`;me13&`f6##Uk0dPLhqmDZ`2T6!X_Y#zbmD!h6Cz`tSNTJ#{e5_s z;JBpK|GKI_g^x`i62;p1Zmh<)h~q)5a7etX_5aOW|MC8!Au*vHH&&?QMm6ibTMdbK zwDR9jpwoQ>yYS@e~7Hz zKKZX~w06Hv;T`)9iMO=+UsLrLG49a=hQuS<_&uP;uN?0_bV!_|&95`m{Hn$W`K^dU z%=6>AseMSER~qmU{GQtQ?5@VAP1avMBo5X5LCSaHjpK&IRa*P}>U~Wg-h1+p=rfPc z(YF@dlb`?I+9Qr^$0)BGJ7q|0Yi?&vuARkwed-=^0ZToJcwr`vC_Ya9pwQ=82jeDo`4-Sbpwe#Am z>b%y6_dhly_R_|6h8outJ~;nx_J2G6*&$J&ZC4&`UGu)L94~)^Bq%$)cK^z|OO0nW z-oSGyC+G7!)&AKa%jY*sTDAPGD&K~;y*4D;wDG$`jbA6;|K^bRNZbG3Q|;@+J3e50 z?P0F}xINakKZW-V4~hS2?OUbVSF{QHcM7kK|0*^9<#-3bk#e)v{$|zwYJ3pCSS$ZG zRel5B$8W00zrWP@<&UWH+hqMKhQx7N|BuS`AMYO@61$q~KPOv#cK-F@1NbU!`yHb8 z%M?D6KP*;i?OUqaSF|bZUuRgHWG+9?tNK@tkKvEj{Nc)1<89N2h5S1v*S|Z|@w)-< z-(Xn0pv~WB)ckFe`Avt#W?K6;Qtj)MezRdwr{&L5`98dt-vFy_Ek~ z$31zx>Xe?}%;BS=T>tXh)%f(`W7`jl8RqiqbLFS-alAZ+s_{81=Zm-)Xy7;1%HL3x zUoO34SnOcV*XHuo@?zo+*5x1g-i2$DBmaRFB=v! z&F#A^*S-|qfw$U!iZqk{mudNo$~WMn zGl#`STKm>h?Q6qF_8AsJJ3fu8<5MR-STQX4s3_O}{IJUR;T;DIixW7{sr@^@+AbR) z$1jEV9X%}OXxsnz-1aYF{Erszv=x@-qfLzS5Cbjs^#@@ zUe8BMruMv`+S`oxpExYe*ZO<5>Td@=deX4?NNdk~s=Ylj&u@cSoo@&5ZhkZD2(A2C zs{BcrKZEg*4OZ`Gj#t~Ol=qhr{PkM>SF8Ff@%FPho@nLosLHR!JI)=p{Clk#Z`2Ko zZ?*crQuTMp`p+8{r)cNX+3I}SBl8yxi#@dQ-9?S>0N&OxEOs-OUzaUDJ0B+Tc03;) z=lY-jq{^3W&3w3o_Y3BH-cr@RN_^nbVezH*e)CiHezO+ux_Vel=kE| zZTlUdwqNNs%%2B`#TDj!-X*#I<3so(G(SuET6_$DqULkg;hORGhla&*+V~%(#=k?> z&u_Y2rRDvq{2p09eo&jAzpD8;fcNv;Zovx zZJz)qkL>zXvaWJJ9O=+yFj?|3T~Dx2k`Wvi`ndu~740C|}AO zdG}YmU()J7Le*c1m%mkbu;%wyz7`)`_56RQ3JS^sxzAFX}ID?f>kEwVoUlsd?NKP;-u_1~1OKD+-^;-h%0_SNG3 z{~i`Gb3X4&)&6F@;|J^gvjgwOf1%|+QTZOcfxkxcS13P#_x4+l&m`XUllA^px&!UU zS7_tAx7vRz@j-rr@(XQzKT+dbi+BHGeSB%g2l$Q3J+$(7QRR2Y@_!o^TWWq&<$I(b z92Q?``+sk4|Cjai+n0Np$7kyFHFf;M`|xhFzdpBpOLwGwc&qobm3ZIK@Lyg(lgF1@ zyldFnH{)$dek0Uef8NJx`*q+W_#ZXDNckSTKQ$~)&*KGa-@oObtj1?R<}<_MIxT;d z%1`3$Bg5hb%{M7ux)bH&t&T61_yB%4?eDEJ_4igSKDcaH{Gyfrqbk1{?;YjuC9}Uc ztFzmu1MkCcqn%&2Q0JE(>Bon~KIZ(?+k_+qVaAOiNl`j~Q6wkJIMIQEGln z;vEG^anJhZ_TQ;KPb%dP;owF|ak+VX^QPWl%K2T1H}KnQarNSw8+O%}-sB%AWu6QT&+Zm#KW| zE}Vb2Oo~FSfBC9^mH1#uQhciU50$UQySGjXd23v5e!Zf6Gd{izUYkF!sQJ@@5Aa*L zUaft{sP^^XBlx>D->Uoo-r-1!Dy{rORQZ#5?@mc!H9tz(@dG<2#m-v$9jg76_~0%{ zv6r@eW~l8`i;wV|zVB-JH&wnF@7+BqzSi3RxoUq0-nK_lY@?OGg(|;C`WZ=amDWGM z>fZp~=Sqr%R{rm*{7Jm)pGk3w*1p-QeWgzJ&%Ki3>FE@pjt`Hk<4+~twtrGA)bd}b zd@Vk5KvL9e{#@moWuD(E-n776{)X!K*&)3d;j~|t^yq?`5^T#ADKQHRR$MBYa|Kkn(Kg{jB zFx$MT_dj@BHOGH#|G87`Kc#$*j#SYs1DOK~Q10Ux%$v4!FkA>>^*dz0okmqx~T>Yh+$N|nC|74!u7H`px-#4k_ z_axqXTT(nxWX?aL?&m0F$BFS<<2CD;{fX-OV9&CgQ)Fmb)a`Ny0$eO_6KcjFH> zd(-u`TD%Xh-9M3koGQN=A9^_{Jm$RVzWok-3~zOxYL6_R-<Hyo=wsKg^uJF*m-oc;DanW?4S|Hf{U^ zYJ58Iws-jZK=X~t_sH_!wLX3i;Qe^3`8z4=$6u(8U!5AiQiAdKtmki~Eckui|7*vW z53|P?{OzQYUl~4(mxp=PzQc0cxeDKo-`MPr z&iOigE55<(^Da>BYr*&9Pcn~FzE^GM`S_AAlA=k=U#ap7@J;w#%>L|L{e!Z8{2ykY z7gzZLJ}|HOGAWMIe3kNL_*OiZ3v>N9-PcgH#uu2|pC?ql4&T(56r65z`Kj(tZGV}^ zpJDcSQ#Yi^@t=?H#ams+T!1h9+WPOrL3{;%TXXrQ``rq-fFiwR|MB&BtNB^A#(T}> z=jHxRt;4tfO}=G~x4KR}A78UDX?Y!c0lp-b6fbJ^KdZ)n5Ff_hsQIY_wH)7qeHp)R zlA_4G{qomU^REm)hJQrMKcLF5!Z&?uJ-&5oyw(2Mg0J|Fzq8Hdo9;W9kN4oM-Uly` z<^N575Z{Wg()xFZ>R$mT=Hae?N~QN9dc`0u3XF}E-8tz7@{VZ2kz@1*i|viu*C zmiOJZNdIF}@CagV|Hyw?<>%vTeok6`4zvK@j(=Y}j=!yrotF_@>O`xuN>z!|1ah1@V$7e&zV~Ah4G~2b=dj%di*h3`A4Yo7vS6R z$7%j3rh zq&Q96{wL+Ozs`v5K9sPYT&g@gQ^s`=dWm4o;i{Pmi@TICCP1KN#0#OzJ?Etlc@ z|HfD0$M9Eb?Y~sDzYbsXXHwj+&Ch$({A`isCz4__bNy2vlTV%h*Z4cl-t>It0=#D^ zDYnwy=M}5>d4tlYlHv;OeflNpeR{!xjIWUtKWXjzUbU|bU%xDA`Fv;?;-!b+2_5jw(lT5fq!1}^OY~C zWd9#a^4m+iK>Z!NnQDKT^sADV_wiKW3n#4K=hxvqlS%#gxBTqmY*Xide8vBgme1GD zmw7y2F<@%n)2e+7@ckkw7HIwZK=p4B-)c(<`8HMcZ&p@k>n}Kn{^704FT)q+r7S-O zs=}Ax57f5rzH0l{;VTMKmiHyL;A`+!e`n3d*W+){`rnl6KfZUJl;A5Ya{bGHT=_v+ z{<_xfFW|sckGGm%Wq6sl@>O^b-tzd5@5Kkqm0kP z>m2j(HRUPGMz5$R;0uZ>)CSs z%P(C|^&j6pDr$dsYyYjP{e$?{^HSn`&7ZA& z!C`Fw^HXAx*1v_Se`Wagi`aj)_SdTRSK$+vrNn<3zTEsD$jyIzx1af)XY%>Gs`En& zzW0ihsMg9qQk6d+KXy&Z^8LjEyyx1KI9@CN=xq7&Z|*^S)Aj$?_?Yh7&A&1`6teZ% z{kgb`@n~i~O=pGL-w#&Tjc4KuZ%tV~Z#oCxen(2w$pY8r^QIm&kn^z-pTK{qZI4gY z_LwL0cc#QSTK)_*o?SAJKT_-Oq1pbHky(TQyl=+)9!ptX-|xVCLn+Ja!#(%_ekXJLP3OG}{Qa80NBK&84F6Z(Ga=`BEj}Jji6^xDBiX#%FPrhc=l}or%T8V&eIX^* z)5fzvjb|S|(wP#wX}(PPl+3@Jvb^7*hzs%lSFGnlIX>_=z8W9ITU}>qz(*sTN3{0k zuGhE8@?TGhyR`ATU5$4q-oS(0{$%>Rpbz2bvYrnqybC{~&DUWyUyI}gz&BHtpI4RR z19+?br5Ydn8{dEr;a6+zA5;BnljXma5-T*nMEOppQ&9*TyIJd`dY!_U_;GU*_@M+VS#rb-ZlA2R=wyKHt|SeKckH{7$FzAM!p$ z8=rU7`1Ii&AEm^w*1tbg|5A8kf%W_JA}%m_KS>F@x%{cixY^@vIo^%8-2Q9wdzkZ6 zhm&l+0q-M!jyAq$sQK51k9^ACIhwCfz7rq&EF~^7m!EfDuK##PZ%W*v`5Tl^;e+^u z=6_edsG9bDo)TAT{!-=3@lpKsn$KNFs>VCMus)tP;Qe^3`rGjCFH>Tgx&L{Ss{T&A ztIzs;*|)|Et$pJvpTgU}vd$NAflvBx%=PE@sqrtz$G*1CSFiC_^*7)n3$62QYy4^2 z{5?s{-%h;oO-jgfi+aCtO1691`PH|^Tg}fD-u7)u#I*hMOSOL%aRD{*eaiCt8_MzC z{*?HSmhV^jYP@|Q^_SOi%Bi{m@4(+_9$)kO(5a6$W$&{6>EQK&|D;510V~$Nzsf&F z{oT@okN!6$G1Roe3Jo@Ts#o3!v~{XZ<%e_8&vY4JJ5sO_7#K<&>xcmsce=BM5u%k~f8UE8HC z@86ol2ewa(`^@t(|8CX4Qd#g0X|Ymk-%{1SN_>2$w76ZX|7O*`TD-R`E#B1fuc~}A z-qXlZV*k;~ ze^Hg+Ec5vLG@tw2tpo2pG%e<9{t1=u!N>8>XvepZI=&6y{YRw5e>Fd#{3PCebXuIP z^{-a-uXGOE_n5S3)BGLESK@8QvVUpq%YE)ti}&KKuB$iWEcG&?`aD6<3a zJ|Qi(GS^>y>(qB>6=s`}ohJ);UBzs+gEmiEvhzfiGl&nLoEGEecFOO!GO|M{*JjHp zI*H@KDQWSKby%U!H@m6pFy;7QE#+wEi{qAG4=z;4ixl2>AIDoQze?>-MW?WR?oW$DwEg7(wZD|(eGjI^ z!P}VX&)YJA|;wB`GO2E4Z`ZF#?W8{YLsS}f7pms0KP#M|FYTi#FKhxfge zw!Ggjh4@wZ>L2@tA9w279HCB zc}UHla=h=Ov{* zefS7|g*JY<>jx=(us3b__jS=}_|MappQDxIU0`le_-ViT8cQ`BFPR->r_%efapdX)&VtVdYc!NPk*9rft7=wf%}tr++_l zzSR7H^5uBjFKN-QweLH%{i^ZNU(@0)?f7xKI({_B@_$c@Pqgugs_|*V$MII5V|3!Z zf21ux2kgTK|4fTBwf3E=+Lyw|7V~~pJAd7*&R<2f9RHT2MOy2BBG-SseKak0*7gsF z+CQrCjxoH}e@CwWc-KT)T%v8CdbNGp@Bv#!+^Cg*tt!70A1}y=-L&&dnL5Ap;f)P4 zmfs_u!uvMNSU&GvbO!y~DD#)sYfIT?<@g}}BW--AzFJTEYP{Q?5l?IVe>~TJd~CCf z*j3B#sJ2fVK3<%$e4ersZ)}+ndujO@D&L2U;osqrg1i~46~#5`?${-wsJ93R;)V|kxU zwe%Gk%kR5r!21r&2&Q4KeR)$CaOC`H!-w#dW`9k#d)f12Cq9bj&sI}Dcb{n=-oPJb z_BZD8DZHaHBQ`gCZ_XF_ru?>MZ@N#m{Qu#r{~x|#jep);e%}0S1Ik#}hL6y`Q_bUl zWcK?jkIilbUL(h;i`OL%v7RT3@MHLowe9@A+Rmf+@T`m|*8IlG7oUwkG$TIIj#E)} zoSKQR@npm;TK)!=pM&o`Dr5OvQ6s+an2hE9$n(~CtNT&A@HN#L%k#h@eEYE(vBNY5 zOYH|!Upg$uZxkOsE+a0{&I9%8JWzZN<9ABN^10WU_`*{&qJy$j`FRgzx1%h74!#xt zj^^J`z7g*{EhB{HbJuC-$?{Lnh<&v7yVUr0$$V|b^0}QwGJj^q@_y)1d^=0{UTe6Q6XQ}xfp*IbveydPYGs11If9iI^?EG7V zZ^HY`-t=7fD83tS_4^XV7f}Bl8F97N{>xSSXW}dFWdAdle}Sq0cn|(*v(I~6jc=nY zA8++{_B?!eF5|D&f1Rqo3t!k~UH>9{3H}MK{;B&8vd4dXJAPR6f2j5q*Ry@@&WJtD z-t^qxOnejmJG0Nr-7h%@UvZE1_G!e|;9t=4z6;S+eP@#(^M|0`p8zxpD4Ki;bS zqq2Ow)&5s}A>{|H+dmWEkDsfx|2EbBIe5>#*5liVFS##c`MnzR@P+qhEboWy!dKw6 z>!NFZ1V(P(MbgjX?<8&hl&SeMiuXK_v3%aCm=Bnn@V99F%YBYK6Q97}rujgw|M;2* zGvZavcPihAAH(0I`RkOQC-V+vgYnDYB*?Q^O2&BQyO%UFKy zH3#30XE)3BFYjD6K8^SU{xZ!^9bmHk$5(_imfy?Sg>S+iuI1gT{6+XMzQXLM9+%9H z?GCrsS}v2zxWdN&*!b*f6bKsg^cjz^J2CA4pV<8&cS(u( z>0i!RUZ?KDx4x3GyiaKnzA%yz&D#5$Yt;LjQGESt%zthBHmL1ed@1AeR>tys&1T}8 z-p+_s+WZ?;^KTBm=G}~FoNgYU%hcx#jri^lGvX1geGjPi&BIqL$cS^b_MNHP*M)EW zJoA^|Q=2{h;m7*84xqK~Sk=B!S^n47zL<&Gw2=K@%m1YEGw~JQWGtWOnu8z1_iOX( zJ2gKW@!j8A=jX}#zsraP+W35+#-|JK{P*AN|I+`Ev3%ZORF;po`d*e|c8sxpt}|%$ zAEWA@iFf|Ybq=k6pQ`@N!S~~T)W&a-8ox$-`+v9&qU}GYsQqW2%*T2Eu9ZJ^0F&Fd z3t#cyjOFv(i|`4&)&4aq{cjm@m)5@9Rr`uBXZ{Xm#2cEAC_fWF_6OHdG;ddaj`V+8 zUq@@iClZX0*1z2M+Rej(hlV9L|WiR{zhc{zdrSWJY|bmEWVb&nUhrl@a@E z`I#zT%)qy&t@AVSo(#udZGO1b{FsApGBRQV%}-ap5nsQQ@zs1p`FZ%l&kN;Ov{&+?_r1|^Q_{_vtOlHKH zTKT7{^5@{2{+F@*oTX8Ekr8`q<^MyKKM&t-8xg~r|3mpMe0|=CSgQH7@{91Ef)TMy z^BLtw@y_WZ;tiqYxx=ud_-@W08cuFh( zF;#w}EPvw>%j4@jeBmY|;zzCiMXLTTeD7u>;zI5CQKya{i|{2|j)-@)`SYflKco0= ze5>YfRlfKt#;0V&@^h@2_%ZxEEuVYdc@Dm5s}aldbEC}Tx6=Aotok=k`fWz6-~Zz4 zOGm_|+W20m#&;3Ed)pEHKD+!D@;He zy^M44?K_W%q7BURW8Dqp0L%TW5#Q<>`OD`wq@RcH-i!8WMN+;0q5L5w~jf z->B+u#5Wy0V)@+2yfuCwbN{El)-5}JUHEqLR?kx}!k5e%vAjMpig)6zzIVL1iS2vn zh&Vv&|310?|^^RD6pG5Js%n$s3wC&fgw%<&A_v{hzUZJUf z`Q6#inaWr-2VZmgh<^T-_c_cenr@e4!as7JH}kp(ue)2WSbH2b-Otj2chruE<266^ z#WFJAgZJW{T03*!J28OwoiSqhdoPoCKYp%O{%vYIm0ri^g?OvuXeB;yrgi&j@e#aL z|C;fRvqnTfYyb6XoI7Osz7g?=ww)hP+qnmCs~ZugXzib^+CPAIR~kn@=4e^R~{A8Z&AJ8A9TPPM-oAG&NroUi$_mG8hC zSBzLbm)L`kTsc`QMbE#QSd;5!Y$$ze=^gw3+_hG$MZ2{4dH^ z;zPHLh}G+|0oKmn{4w=;d@VjOcSKyQ?T6>9{jgbh+B4%rU zryi^RPOZf|o*xl*t^N&E{mpp$OUw@~zn#i=$oy*~;xTQ0x2yTxgAd_KR^iTA%hA`a8G-@$78mEK7CpNv?3KW`=8{rQNPuI*pb)c#eAcYR@f zd}zk|@TY0@pQP&VkoA8vV)?xpJ^0vn%s;2O|6@)$K&7l2z(*!W#QIyC{W@E(^^>yv zEey-&J4?BM=-Ap2bG7liO^shAK3Hm4o(F63vF!}Y<4-f*=P<-N+W6Vj_;ujDI~c;P z&5r}s{OG~^cQM4n+WeiT=I;RB*v$~H(0#Rk=Dnci&m=yuyJ2}hVrhW(?O}*R&H1Uz zz}fMw#0T*{vp0RtQj3q_KhXR;s{UrYzuXWnY5fbU{&nDOdl}*aZT~(;?cY6kZ-rs` zIlzD{AAh6vKJ;4kK6DZvJIt`WAF%Xh?zgBi!~--VH-16Y{z|<2a6^2g`S+Bs#T$65 z&vBcjKf(|bT7HGfci>}38kW!3_DJtB#7|oOdzBx+2ahtu8=8+OKZ$o8ZHS$;`MsT* z-=(+EziPwsbNWiW<5zEWaPU67M?Eu)H6&79Yf)I*kUX^Wz+~e>dY}a}04_ zp4t1<_;=tPrx=#^vGmA%jkO=Z2Tn6YnYMpzulBD=eDEwobZYfKr|K_lq5g9W%lnxt z@kX5?-qXgnTa9lmK6oDO(|qnaPBY$pz9CZD_$*fA(}B0wGrn5;uFkfvj52%h{)-GT z+w6~8^L#*6_GQ`Q)F7`5HyC1izImLdspDk9ZTvlTnIU?$ar#(|QyJcKm0|h)I#u}o zs||6GmakCxI{eu6hUI;`E%>HpLxi+(cvOwUe3`$&u>79+1^AMHVfpUwLP^m7f%-+61n7v61HeqKEv--^Fqn@9Jk zdA302?=i$_+V(w3ZQnt>=Uzkq-8$3n@D$v^-^2G=`!amt{f6cD7*ye#9xyDQGpob* zK4^$j%=0vVw%X5HWcd#pme)h(<0~FzKhgTXIM;uf@A#YTFa2YN<@eJSa3RczKT<3I zP*r{zz6S5n{9(#h;al;1te88_<(;p59ljr*{Q^~W92{5oWwzkEpS33gtS z@L~LcW^Z~9a6Z2GZ~Ov$;&1#QzHotI`91XocX50r|G2h)KCJf7GJMmghUMq|RroM| zM9UAWe4WgHPXDy=-&c))3%>me>-~4W^j{j5_f0Rrm-JcZ2c`dt`K#5xMAcu=M*qJy z#3q_AQoc<3h1T=C3SSsAEI$vb!&iK3SU%U(f-m{b_&@Bue|%ii_WwVfq;1+xYfz*F z!wrH_Q~DzarW&*if+8rLl2*!Kkh(=NuBc!zD2gB|C*L|MUzCX7Z3sg;CBw6QpbU-;jy*@razRJNXf3#?S@Otos zx&PV=^K%`y|4Gjq!ApMDpJ%p$_kwHRe+*vnFU-$M`DYc%4_^CAl3iM2F5g9R{w=-* z^KT!{6P5Zc?1wA|Uzbj@Wh2e@e>Ki;_<2}0c*Ss%xyG6JvDc0YizhY5^9wFMPX!Rq zH8RDXP||rswqqE)ZFEZe{7n=*G&ZHZ-id*G$ECFU+7jSSM@su1OvkM@TMM}Ed#-Nq zwh1ZieFqce|8!UvmIF4nB6Qsh<>$l*h3!c-Jl|=1}^_ zXxTra;2nQSv7eOkeJ9Ho1CQ*M(tfWl0Uq2v#a>plhW>+k8=CTDfXL^{x3597`SKO6njmn zpOry#zZ6@dv`3&+VY z_g|S}BNV<-=06G^IxxjnDdoSvP=0XdK`9ng%731;Pk{TYQrdls4qRY#fp4YQkC*mt z&JRwpo0a@E70M6p^`^A%xeS1Zz~4~vU)Yxs2KUU=&o5E%n!{4s`?fJ~XLX8oEB?Qb z^^*Ya0>|Z`ss9%CZ8~s6+k3cvesY8REw~Rn1b&3#f2K@70N!R{9|rHTu#bY* z<6_`(@RODFkC*8uz+Fe`+sA>0K0o+)v;Azt+&Is6gV%tsH*EWW=j@dBd#C~M z4)6ob_NMQ>gu&zBGtGQiA^j-#KPRQ#Hyi`E9hK7F*G_=f9G%jh2RZJ7e_u+wFT@S* zIY!TY;5EmlwCkk-@GkIA&E+%g8xMm=j!Us~mFuj9@;WOD9zQX~epkj{R*t_Ic*n^p zwxhyJB~Nf(n__bn|Hn!Hj=PbuGg8{?d^dP-eu}xqAf7x=+(F)N@o`>{-| zh5oz@JPy9UnVYWLo55|@puUv+zc2H@7QF3R^cS3wM3+`ciTUANc>?g5`-wht8Y zS9TBjGx&*SZa>zDz>oJ;;1LV^dEjjp_RGMN;0qN0^Q8Y~aPM_`zLuvC?ljvUUC4ho zc*ufp1P@y9vU@QfTJS3H8Vf!Toag^AbN)>CkCuU3rQb~H>+IKpTb3W(viyINe%XDZ z{JQk3z^&4s2X2-AGH}cCQ~J90T?<}gQUBfGR`tK}Ptq@I{*&^9Tb3W3mw&do{q2Qy z!)4%Y7Wr=mZ?Wh(XBa9zp(e={JM7fa}s< z`zO4c_$YJ!#p$>xKc%nZWi6upbi4|jw;x|tlIKHWcpLubf%E>Ojg(9HvP zUZ2vg3oZkXgX`>@!M#l>?Q`a9xjpzZO8SNU9o^u;8&cZu3T*^$yD_ER$6U4w^>b5- ztyBEJCC^W)z~kWk3jdGf^T0d8DR#NS#RU(qpJm{#oAuYL&D=k@U$N&KDaHBmT5f-f zzJ9yGli*(}_J!vxHiEa^it7o5XQlr#G<+n2@izhyc|C4XyV{?>AP@QW2*cuuC9+uxbe?myTF?!7Ce{r+rO zE5_%_ly)C(6}a!ukf7tGVr$hQri30&73!s0Iu-yNFA?N{lq*O!6U zJe*>a&Gw6pY%AHP-L-p4UNDfZ7x`+4B;CsS;ZV!uGv?=o;tG^Krxxta5)^vCbD z;5FcHEB*`b)9MDdJ&pNIX}?=#`)vddJ(FS!74Db3>@k$T4eP0j|H5~*s=$NK>iIly z=W{9cj$;2tq5R+-;JW_P%>6%~Vr|86Alv6jxn8jr+}56AbxQrum-XKbUh@i$FGXhi zi{yIuM)0;*Q_OBIzx{Wazp~YsUtYs{w&LF@{a10`f%SN$eBVj?dEmh}^n4k(_f1^i zD*oq5|IOf$&J^oY{Qq0}U(5Z!jrud^zvy+@e%;`%f9S{eMsPp4Zhv0c}_Y@y_}V$2hr zh*$YxiansDbB|1?2fY2G6x)XzXGY}t-=;O+60c7H%4_y+Lu5_9@H%lnh9;Jv*m)&eZ^Z@*9WgHE3Qzf#)o ztoMLd{+eRFO8xvG>!2Lb;usZP7;8!XB3*TRD z!0AZ;y&$nIs@Py@Qe5YyYwHB_u0eXkuCeQ z>(5c}wypZu_b`|C_OE3-#lS;b_i4|E65w(0K4m`qx10|hPhmdZu1|YC<_7NqU#HaH zTeALq;Gs!@3hKgZLUugdyZ?I;s3I#KSoc7um@?PKpK<$FVx&j;=)@6+yc z3xEfA?_;kj^F+IxC&J*)J^QrxFQVZ7z53X@ihZZFk8%5b`n1oBB)}t+``BWo{B?!$ z<3cJ9{vV}$|B~f%gSUD5wEGx+{6cJh)URS+cy2fV9-7*xeScq=`v=!u4@SYA)B4yl zCI8|Dfkyj-2f=Y!Z))FrW%&}|N${%`E*3<%y`v513)B0w@AYtlcYvR-*oy-RxA%cN zXXxz%;306GeHgq8{4~YCSa9L~quhUGpLYL54BP{LmQw$P@2ezu`UmuBzccQ57Ucui zwVxZ@dr+VDeufXc2K+81|F_Bd4}f=pPaKN~a{k+*u>XPc!~3-F)r)ffN9cKs+k>N- z3;s>ddnCa9M`Hd}xVYhAwEuG`Kloy${^|<-AKW=dZ|?&Sf{$0mXNer20dW7(ecJPY zFn9=DH$O$eZN5JCS7rXbSkB)u?*F(x_J&fvwX*&b;Le&pc7ejh1(#9&=V1^2&ICk| z?eoS2?tpVQxO0A=b|01xyvEo-j}UtUl&7+h1Xri}@cs z1pcd1{+|lv=jku%(_T*|xPJ@oScCSn;BN2`c$<>{CuRTefjjH<{U-qKU);xrmHsgx z`$rhu8|c&SV~c_Z&qx1I&QETa=O;1nAF}=v;PFfPSjb$zrti=?UO@T{ zeXPrDU-Z5#pBp^6q>uew;V(+=1CRVw??1rp!9P{X|6!s0;BA-pY4=e^!Q;#N7!Kow z{%Kz=%NGL=UTM+)!ChDN>EHkUBGSLQj~%HT{|_r1|H0$e^=Y4%@qvey_i4X35dg2b zv5)|^}0SdL%&Dp@}X@GfwlQvXNF z`ggnpyOo%~l<`#}$Cn#Cd2b(kPqBYn+WWv;?(bu7jW(rU^qPE*A^=|VNT2q-Y+-Q! zqkZfX#s3G=e-zyHcptk$slQ8Q{l&mTPxP^al<_fLj*kR*%QJoKKBax{lI`nghyNG* zwBOTlgZsfFO8Pg+^nKu6FZF5Pn-&0%v}1l#><^OmVeqz>``EQg`&}j5FADB@rH_51 z@Gm8gfycpdS#N6phb2#d2mjv3wpQwQf~;Q$7FvU^>gQ)Sc*|>jEU8@o{93sF;r8qL zwENEj;2rPwv38~ZJ}>)k7~KC!ADgD+&m;2}1rM#)kB=C55`2oe{HFa332^6Uee6v$ zx4$au$MFjC2R=bbe~e7u4c_)eA6uY|k9l%@_`q#n_38J2fqTIBGpBF5z6pcZfWK$v z_P1sJqTGKs`nQ>zo)d_HyTGqAb9-TbTLL@+exAY?N&k+&qyK=Psqj-JcZ0jW?qhz1 z7w$*+!2RI5_b~*(gWu@=hr!#xahY!FzmLlFqu}0e_2(Zk@KC&ujaAkQN6PiW1W&(5 zfBoTDi~bEh&VMeYN628{C`@Q$7OwfkXw;I^InweQ^wfIGq8Q^x<>h4Ih*yZW`? z6N+;CUHY}(4~&7w!M9h&*EVu|B{<)+U%Niwcop@#SHJc-7dN;cyiUpge3^eAc-!9n z+V}nhz&-AM?S7vycnJJRWqchb$5)j5-?v}8KQIO!2fsl%{xr(tPXfGVM!)ucxC0B_ zLGTN=GPnP^TgmnZ@0ioCyfm&UpRgj)+eIiwqyFW z`}1Sq&g1&o-^Q8ji>{Qi^AjfY2+<8vF_WU#qZmaKS4=L^6Txfsr$a(tukAVjR{mib6|KFv30^A?$*S>ez z(ShUlMg8nf#XchE4>x$trTwf&IX-+Vj}Ja@*Jb@|CkM(Qub(E#b>sl&*P(uu@l$xO zP8dACyq{g7l>Y*m|0uZk#(uV?lD01sL4FnGj* zN5NYxcnrMFf+xT`EV$zxw7&&+gU2nn4?JnX1K_qNEZQI3X~Co5E(;z5_gL@*xYvR^ z{(<(l;BIig1^0mmEqDMtWWmGW5eps#Z?WJp@HPvc0PnEij&*2%3+@JwTW}wE(t-!T zZBJUXKe*F^N5NedJO=Ku;0bWA1$VrQ_P5|}aK8ojfd?&k06b*D!{8AM9tCf);4$zv z3!VV)u;7mO(Eb+O4Ia1PKJcUk4}jaE7VQu2wBS*2mj#c3dn|YY+-t!d@1y-KxEtJW z!F}LC3myOuS@1A;#DYh`TP%1Cyv>3qz&k9sBZl_3;BN4^1^0m`EqDOj_LN2YgF7vF z6x?OOW8fYOo&fh+aK{H|e+%vg_giouc+i3ez(W>13?8xIQScV<22`UwKek^euP_q@C10of;&D!{aSE0 zc$)?Hfp=K&0C<-L4}-@ocoaNo!DHaIXDr$u+-bobU1)y`?gsZ*a38qWf(O8BEO;2) zZ^5JBK?@!O4_WX8c*KG`K1Tana5s3H1^0n>SnvRNmjw@l$1QjiJPCe+GX9S#jDK)X zTfhGO7vQ#M``KU2_GcEZuN|MDe}MbU+*qwHdc^&oKjA*&kDBf656SusfO}um&tGBi5O_|pFT4*m z3hsZYUweNy2A%{z#B49N*&6vzfIHju-0=n4AAHdWIFRet3*`MBH+bmfes-_fzx_^G zJ|DR4m45Ah?*MobT(^HD3?5nAumAo#cpMzXDCE!nu}nV(-tsEekCpsCAoHI9_q^WE z&Mh+87cG?Q>y8a5-<$nxXS4s)OzltndNa5GO{VVyPs08Vh2J8106h3szxH{ZFnC*M zKl7UH&HJCgyTDI0bJO$qF>vSG{o40bCb)la-FJ^1U!s2g(a&(1Y^vW*nSVEU930hX z;-5(F18-T^&t6vQe~qmF0J!%(+@DkI8>M|1ybb*IVw3-(SB(1;Au^WK+SjU-q*P zlya_<<(vz?`m28CSNQ3YH-Ptc>+gfC0I&EO_oPFA8R+)&m4K5XD)c}_qb1~_%D3ty#YM? zLq97UX|~@^?$cSpd2he=`>AWdXa9oxxQhS6_j}fZ*Z->Tr)lttL_g!FTZR7dfvmrY z-N-+@2k5THkSk~_vp8kk5J4z|v;j(<|!ApzM+Ic1o-UME3wzo4`{}aDK z`xK|yNlO2&k^Orrc>AcdcAwo`@Y$o&?3Arc{j2B%xsRX$ylGOJeXPuLF?k<$1-IWR z&E_lVpC;2^!|h#ZHbWUd`^oXM9(?s~Y4(s(zs<6IY4FP3)9fm9`HL=-^*8Zbw9g)C z?f94qUR$BJp9|i;r{2B+eCb|kHmH=ZPnK^5_rFh?-KMmExX}LK8$4<4KAH946;smM z`|N4(-u?9U6XU3#{nP9VC4ZmD{7nVVPD`@|O8w1~^*0xM_KY+;Q5pZo7REn#)4^#L zci0N^PtjL$pTG)ke^i=1rKG=FroRS!gD=fKQ|hNn*3WwIl{IO$h0?#q%KnuGZsvX#rh?aBmu9ai_5ZT0|GD5LH>9=S$7=weeN&pw>8bqQO3_%a{NpMuXsGI-N!eV+dq-kzVEjIy#2|v z_WPkL!0V%Ef2Dq|H|nPxMP9@GKb!v3^Wbj8i$9lUk1GA(A=wW$f(O^6weOoP`w{2s zFQFeP<7})PXI0>y*VD|d^poGE|9Rl9H`45Or5rcQc3uYF@=jX2AFmm_1N<(<|824# zt_AnLo7TSfxEnn9URwLU){Wqi_tV<<^_BgE>#10pjVLzvvyHN!RDs*N((H5ug>iVY z97prOz2Ju``9DzRe;K&{lQer~tjWIU3Hdx!GkCH)&0I?R?I7!SE$3gSnNR7*N6P$l zgS)=d=WioVA3Uq%zwq2|+0V%T_i63-SE@MwA+3ELXdZZ|C#`+|$TDvKBl^dV=JMaX zV}71*2Jf&BFrQNXBMapRPZkZZtrb2&@@~$H2ekXqHiCyn4``onFY879lnk(Al=hn~ z+ph{dGIoF+q8!H$kjL?P;BDIuu-laUg=PMhfqO~^wC^2n=6uqC_PZEsx&Q44wC@+{ z25$ksM`_;`vVU#_ckM8seIB#yU%1`|pJKKT80N-txC%T7u6wWlJaB*60GnsFx1S=@ zUk2U+ex1S#`_-GlojVR__tUNgkMA_V&KL;?a=ofn&M)2IuJQpkO{ss6tpAPR-rWYY z&kL6Qg5eFmmD2v>3+>PO9s{giN&jq_{ycEkJ_BqwW&Uu<g+)qwW>8)d(ueGVSbeqXQ( zJPv-8lK$Z`{dwTdLk6_ZyDkIwgY)4d+fUqXG5S|Ccn$b5W^SJ?{jUWNfzMHRwdCF4 zZ5DhZcpUr$#lCPqsVsr^J9I$1-c|+fx8U=@TfouH3gxr+82KxQY8iOYJHS3R_s`ka z78P|GU6flH_0WoV6^9M58RYz7+mG5BZh`QQj4ZxB8fY z&3@mN`&k2CQ8S=^|GBUZ_${wJexBKlc(xM;*fr*I6)h`_fAHXm1MEeGKP!3Jf6#wV z8qj_pstUa2lmRvY$;kdY$7o)ozUF~Pz|T?Y<19J;mVw7l9bm62>9@=Do54e;53v15 zoBS6|md`V+1#dZPfDIL!d0Ngd-Q5110k+))GvCU1o|o6-M$VTEsQdA$-R*saa+Lpu z^U+HOShbSRLuEdz!B_rufL%1koK8SK7gh(J4Gpl>C1(DxJdbPyZ@K~Vq~hNt{kL-e zH{v)7b6L;!u#rLD&Yj?;H(?%E>fs4l4?W*}uD>?cAqc5wGh3{qZUW9(r&i75B~ zwElcF25x&s?>_|Z=SEZQGD2tHFe zU#*hos}3wEwY)dL+)DZOkmYlOw|y|cZZZ3}-yrkv19yEmz^at?n<3jT0Pg*KKzqFz z=JsCWEF>b#B*9!{&m*ffXB={o=Z;{-Q!T9=efHf)nTFKqu zN$``Dd9p^%lRj|IR|DGT0|VgB?g5r?AOU&3^0T~N41>pe(SMcp*;}?xl&Ami0rrV< zocll?=VIV(eFLmp;a^Ce01plh=%0TcMEzxvKc)OX7s?Nw1m9ID|Bi+7gWHC2KCSR$ zBoBalbNci3FnG{{N5NYxcnrMDf+xUj8wa%SYj$8E!~=e?lK)DXe>Zr|?*lBX)X(*@ zeth5^;JWY71^7Y>(_asTxqtALivK&L|0sADI8J8@{m1@`BXHMV&Mh&Y;94fv5t`3{rii-L#1 z4>5Do{+1Yciv>@BcYuGbly8G9pJN#QOEcQ{&AP!|lQQgci|3$%_J7u)rS&V_Zz;*90N`MD<&afxU^=E%X)~|yf7+w1G z-QeC`GVIXth$rW-1IKd*{5;$T?w_1tE0p@VRn|`cJnqTp-+#c6Q`#}{$t=taDEyj%V+vNSAzSWo>AYEX#c6u{=cJs zW@OlH%J>M&@!WudNg$eLD_z_C|%q*1u4~(zFGur)=Ztxm#9m|?|=J(Kn4 zV5pdrGTQsvZt$9uGi;_(|5ei72Oc^lqkaEY06YS|L9zc-+K0LSQ}zC%-2Z7A?S0D_ zxcBr7+g&N&F0y_S-2WN+@$ImUu({66X!nP^!9C!AQ~J-9vj6zNTfoOE7XXjU z&#(%!{n>^2C(P}^*N#I3IlsPCc>W#Sd!By&ihUaf5Sv-Tdhz`@PKe3k&57fIHz|XCDT4f!8bbcebp*D0ncKVWXAtW0&J6 z2JUajutya87HOXVPcG5VzYhK)=u0iyAKVH4wbH*f$o}O6?^>E+)e1jU@&NaLMTS)= z?K4BRPZ->FRfb)u@THPR!9&+%wCnvbaR1-*^JfA)crEHz$zS0;#STnt9oOObuGC*) zU!5B~zC6ReQR@FoS^qxpmYXu#`!xaZ;LSMxDE@yk+NT_SCJgSqHKV@&gs%_ZEcy`d zR%Q6N2JzYv&&?J2adJ+fpREU92foJ4?avqyxP2PDK9XVID*5=Q>?aekF|6YDjP}0B zRPYVpk1OreD%)u;c>P@&wn(X`1+tzRz}xT5u%{LK$EE!W@YxS!*qMs`snUK8c+;v3 zYf;K~pDf>c@REl!+UwLb_uq${N4CL#-C?u~_ z=Ylsqm0>Ft|943L4d5luW|(fha0Phwxr}yy-x~0WH5u(X(t7Yp@B@_er^@ux;I%Jh z*nEYbCi%osBWx>Q$*_Brak4^=$NjRL%fMScMm;I~CCQt?y`N^-80CDl z*f<~M^Tk?l&zBjtli42gMbSi22A(ZG-g^+Q;-9!KQ2bmb&ufcIP~Y(kdq(LGPssjI z4qn=mVON{eDY{(dvl@Kqj~VTA3w7Y@z^_#L!&2EF8o?`m!EuXcI6t23g>|V`@OE&I znTusfqkNs*Klo!x{#VKT_kh>_M}OW?JO=X>I8F~u=?}^Iq#S(qZyENi!lRN`gZF~# z*6r%RS0*!TSgF4OS$~b-OZzfxM}?P4-pYAD?3MHj@0IEVuT5vzBxSrzl;fp`^9-&F zly%A7<+@}sPT1=Iz<4nGUuqQ3sNZt%Ch&Di`@JRGuNu6vXi)p!&N}eb;FV_o;;}%( ze&w{U3_`|aPJHeZZ2es$zJ>VNg4rGX|mH$t8 z^`G!M;?vCjg9ZPM;1x(;x6h{)ymri>cE5Qi_)2iyx^NG8FZiA2^z9K@f5rGfMg3U4 zeK~kLxX!*BymH*2cArxncouw>lK%ZN{YLO6#~}Ma;p-%C<^IPHvQ~vZD0wINI&j@S zj2@mo_#(xAfwV8ig9fuF46=a2#R(OkKg+>ag6r(7!Fw(2>%c3w(AzhHH-UT2>6`AG zwSun(pK9jfv41iDfv*GC^{*cAUhoUd_V&ev@=rkioP%tJnO|&RG5*18!FA)e8hk1E zKg{;_H>LkN@QN)5wf7wx!8d^KXSP4TkbWz87W{TIr;}pdKAk-Mtp>Hv9rtkm;JS6| zVr&$iz4f5>e7YRG7W@V!{YF{7YVdX7Hz|C%41N7ogSUgb&G|Q7kJf>& z0}m+v&yoHc!AlPqWc6ly``NPnTEXkVUs3oAl6Qia95|>wf9m1=$O&G1jhWw)2|+67n=Rs&z1Gl!_x=XjgR7q7+;6$?aRT}f$Q>L4c=>E zUk6@!#31`jslP5+e~sYTBlYRGg3q2k$evTm_mnJOCr=+-TYjGYoI&=yV*j+XFWv_A z1FqZmP!3*k)F8t)qC)-Kf0g#t;92kiW&Tde`MZw$KTd!AY~=Rf&nWftgsh)d@TTJj zwa;aD5`SIE-zzeIJ>V55=Vnk3V2<@}UE?Q;&D;I*}b+V8gXfNwZeKR*_42mhy|ew6ZU zFVipQeBPk;Igx7c?3shw>(@H)rul+<$10ty7MF zZxxPz;H$62@k7b~RGI%C@O6!Y+V5Bv;_RR{a4by zhx-RVSK$jKFP?Aw}c;xQcml=6#( zHskom(+Ag`pZ9S8;Fl@(h5ez$_+VS*>Ot+kv2yTw@J7YH@IHcS@D1R{E9Lje`mX~o zePWOur`R7Q+piIPHux+vH|<+%1z!qYqSQ~3te;Ns`skqcyM8^~{;5IjdU!EDfZ6`^ zp!T~P<=_?1V0Rm|`J)xQrqC>#KF( zy>AY({mto%*A9vKAH3wPK^Ac!f;_*wN$!hl1z-BnAUn%!Z$CqpuM>P7_?}AtE9@KS z0pHLysC`bX7z@Z7KF0c&VqbX9uAK8vF#eSKIY!n`HF)Xg`u3>;3Yp`ep2omC*^(P9`N4(46+b>N&lwz zp%ml5Kl?X5F9%-@9#HHH>qFJxS#aI_PzPS09MnGN)d;=;T(`d2%I#BwtX4_?#6tUn zuLjp$KlOlT!T+k*iv=EDzr|?y+P*`FQs~Wr)+^e)t;ry@; zyd;g|tHMp|-`svczy8$9?KArN>jYnF!F#xW@G0i}2aM`7%2&J#{0|OlzvEsG-UL2i zwznr`{a1t6X9u#9eAw;Z{+?hcq@1o z{BKJ7g?%TT;PoY0cDcfr$oA<0Uk84z!VBM(D*g-VcTAQoQMg#3=jAI0UkQG{!dFWF z)!?OL_4QK+z7+gQ#a`TC;r<)JH-IlxxY(G-c`JCuxUBZOm7U=A7Q6?1HMp+*ip$Y{ zj;!{(Naf(Q;LDW!72a1<4c>0S>%dFL>+KuCmx6~B|6&2$C_nfH@GBI4sjUA_@X85U z?Y`e0@OBGcyc_Jd(A$@Tw}U^Rq<@c*emQj2+}@d0->1X(Z44VxxRo)_1Q5@)WtKh7 z75U?w{c%~2FnAkyqcTrkEst|iZohSwwJG*bO8XeM2R~Keb0trJC&9gDZo1Fl*d6z? zCuX(py>Nqjw$19F{{c^e>yCo~aQ}8$?K*!LJOqBda-RD)d7c~P{wHO%_c3DN-tDv6 z<6r_j0(34D+##zyPWr$-;JV{*06b)2ALi+UW1F_Af23vl zQEp$R&wmU&0`4-~pKh2N{VzdWcb~{nf&K$~-8|(6ckY;FA1dwhu52G4c*oA@-%9^2 zoTmlAYj(jrtei()CC?+n+`c@kfBp+R3GOqO&vc(S2JYG|tG$j&@btlPI#{S*(>jv_ zC(t#!XE(e5m5*~bcm!OzkH*J&ov34;Exram7x6YAp7MT|nrlagN8LQ~mf~BBipCgA z7d*PrE{%x4Zf||PwSw2~lVz_c*9R}i>w`}4>;YN!qH_N5tUQ0{0bh9t&L4P!`FTfN zzKZi7-1u1s{*9U2zm)y19K7k!EW1(R*GXOto&|qcsn^1LC+oQV%q+W8;So8nHG-GS z%Cbil{|`z3t>7!cb>pfNycfJqu`fJ#*8^Tzon`#-7g>IKz?Zjc@!mK-9iCO+_r=>) z+=Av-Mm@O^uM6?s=Zbti+TStq$^H1iLq}xQ=XeXxWpBj`%#UXch}U#vmN}JiG)|7A z72r$f=+9@?fNuc5z1WnGqMK!VuLrL^Hp@;{>ic+E-)Zob$6+2;_&$8o<}h&uYJewF11vkN$+>73%o`*&o(` zuLQqS;f4JS>%mJGWVP%0Y4CdRTNL{nr2mQgAphVamGaqS`KE%eTbO0%E4*Ivx!|Se zX0`jg8@T`TvTO%)`r@@YMn79Yyi=+F*Jb^$0dG1#%U(0v+g~>F&*z`@;1w5SS%cZ$ zJpYJWgWOt-f81DHdLimtDbE8&dCC!|9K56=1?ec;Y#vg`|Uy%&8V+bsaz)t1%1 zA2Kr2VeP3 zR{MU$GV5hoz({LrQk;^^>c)* zpB3P%|Aq5xWxZsETrXJzzV0_%$2iU9KgcP|58lhNtW>ezTH2>MA33DmuQPFf)X%6P zHl*BdPs{u5Q^6}I3~9&7T=1pfKPvSbm-X8KK6}d{b`i2K+s`f*qMHOg_)S|N!*U!h-y+`+=Yjhx zhgd*4UYsM3tINRKs)m?y-=3d$imffO9$FD^_Q6BidAk!l3x23lj>2;*J>aE>qQ1Gu zd_K+lKc}NTz&}#j>pj^Y%E4#P8e(>3Jp3-lQ#E+yQA6w?CH?8L9_zqsj~-$NE90?J z+BbqPJ$^`g|Ed+d=>+|F>g4`U8e+dG{rwl&-+RC-YB%X`MTP5+;u#okr|SDbIe5kC z`u<)GUNUcpy`j|KT3LT};O+B=*mR|zPLchz5qv}45OXQ{-$CZTmGebIY=h$eQ|Z4G zeC4@A>_nyhkCpY`!|l%-(!LM1xDxYeV2H(({_ziaUQiCc^!y?AkmA2t`mY8rxp0W> zsN}y?=D&{fi-xq{O=tvf0zXAb{{)$SEBHF_gu;K8yc2xo#Y5WXPJ6ijONO-HRWCjO zbU>E4zUXr`*WpzBY6E~`uV;Uy#4YawpOu! zN!oXU*IqfqUQ+mTlJ|gTuO4D^mG(PMwqNmq7{AvHu}_rqr4Qu!QaO0`#v$$caW#1D zO+!p~y;28Wa`O;dsN~Nt^Vi7jZynm~bNl>w(F(pgGQ|gKn*H_)({yX*lec-{n^gI9_x?9h~;E|O>45#UZ zdAevX*-laLmV1UayN+R$pZmXeNc;R~0=(uA?)CcbTW{6>VsZf7>onR-U3AmM!&j!RR{dP$E z9*`B_tHE{e?OX$1@%@nYd4l!e8^9kk=c8zq><4M^`ko=}dgnx(NLBoZlD14ZyHM#vYhh}&)+x1aQH3MN6~&VAIrc){WvdB_!P;T!CTTp%x32H zoa~Qlx&6S9_Ioqk;I6?THnrHC{=Ra(Vk5XWH^jD4#=BFF_cAZIZCHEXuL`^cT(@pJ z58N|iSo^)BW#C=*VdhiTbB>hjInCgqX<-BLIJnvZx?wT;nDwY1ezwGbb;9lo2 zo28WhkV5&vgA<2YKq>z@h4Rltf1fnWnBsp}`mX|SDH~STjqM-E_L&Fn-*K2-#e0N2 z@4ig(W!yjb>*n??dZp0*+x-%`?lO{TvQJh;oScHev1 zVYog4KVM0|Ugoa~-1e7YHbJ=#A0w~B=Yc2p8`eI@yNvsvHq7=^+NWH$PcwMO0mIt! zjD`2SA& zuLAeZ9@aiLGY`CG&M-Smu|GrFF9UBm8s%5=SJ=1J4BqA&W=AR4O^3_trnTVl6NWeY zTpFLJy1_jsqJNv)pI={|Wpn|qHRj{uYMkFA-u6m9w~_fQ=lrB$cDcfrNL~%T;gn(R z_jc;QYfl~4@Biff!Ot+~(_Sn4X)Aa;_<_neohHX=Cr|%O{XEqJUO9i5EmiV=iOhfT z;W)ovFwE{z{I8Jy%fU;}8DU60HbvoX$y>pjE+1ySO8P&@^gF?8uNr2@D)l!<)?W{|2cMzzqy1z*Dn0`FYaG_@ zUoHn4(FY{LizV7B>Rj7Uh>YccK>|w9Q1$ihn4ad z?l+c$SN>y|B^Cd_%KTM>m%NMPv@(AjDd&$mZvWvh+g;(iNZtrO`%@ezl=Gl7?;Y1Nak4|9(XF?@sQ&AN@<2KP%<@ z*#q7*FwFK*#%F~bpT)Qlv2tjb<&^woWd6#*m*&vFl=9Wc@>PSk|1qq6KD`cnHXCNw zDgHy!e%P;`1D+j~)802M#tG)S(K+q?gmUoqlAQke zA8rp`s+6zrUb;HY$K;!KgpVPh1NZNrV>>AJ+e-TY=Tmd+afP=^9_Hy!%W0p(i-LDe*Y}SYc-xE|J5OoJrsVP z76y-ab8L*_zgX5!6g)IDr#()_xPS2bmE(M2pLzn^dl>3p;jM-8pMd%We?sApNbUyr z&&p}n6MW##>KwaB$$voRKL8#)Jf}U63WIx(#5`(Ff02>Aah@Foud(1Ua6kCzW_!EX zSjFo%0p0?xTd#892AXGfPWzmm8{7}B%byQC2>yst{=)kg1N;WvQ913ti7soc8`TS} zdg(s^-f_I1hrvT9V*XXy?^N0UqTC+*SY`g4Bj?W;c=F_&_Iox7@JOxxJjQ_wh!*fk z%6Z~Md7kLzd|pob{$U?@8@TQ{=>T{KxbC~YVQxQP??1}z!FBu7W8faYetu4X$H8w? z>NhOw*KsoX&w?ELSm80r-QcdXa_k3%e-F|AZogP>pWycAVg6I{*DCYpI0f_91-Z?xr}6p24ekejNh$wxh4O>j zF3f57rw712;O{Eed7bh)FAN_4EBd$Mzp#!I1$QpZY4`WVIKM2%7AW@fWd0K1e(+}$ z{)FU?TC^YdSqd*aXX*y`UXJ`Lyi?lyxIOq!3ja>>0C>k0Iqm()Fu3!|oOZoD3LXT% zPw{`3^dIBtgX_je0^EO9ZnMwv@b-0_iuwnCS@FL{`geneuEzPV(tnujpFZ&5H92;x zGC$oY=cfSo-ZExN%&P5SonfycqunbWtwCF?H$9=SoEewe3!V@`X&C<@+n6S(64 zMd?2V9t`KS&(S8pZ8zt%?=f>=0mKEqQSo2+o}imAklcd$QQG$m*}gvTn%i(4uh=h? z`3r!zfa}^P4BiI5quE|8gNySY;{P&p`ko%|zcKL8?RxtJ@n*&TZkay^zi_w%*9S`b zFPHt#4IW&fU#IYacigQnUjV!doGHiGVR?KFgSR#3*c_#PtBv~Q*TGTn_=7pN)|`Lb zccoVwbFEQN>k)5h3$Evt_3jCv2apT|TjWR^abV_PcY+#!z>Q#pS;$M$m| zLAl<#k9;0yE_me&IrgEl9`LSQ4`=}IeMNs9TLC_MZH|4aw8Mw89oB%CyoTeD!k?3T zJ^1R^bL>DR|I=jt)8Omg(D(C+XTttXT*oNwbdYSPso?A0$+1<6|NEu?x!|?$=Cu3C z8o*25LqAaJXIR$H3h>^Ka_lqSp!xc>cgcRb27GlF&O?;)e^V$w_|i{u>>#uKrG~lD zKhoeU!EZ8i`*I^fHFOi_BY&Uf#6E|^COB`kA2y-%mZHNaxNa^!Y(hnN*ftR7$4~yt^MOCa>kO9Ky(e3Zf$DSU^*&nf(g z!VHC@CQ|Hm6A8Gn6FVcsks?X^z@|A@lxD73E^`fVxP zl|m1NvnV{7!XSlLQg{P}cT(6&;VTrbr|?G#vlNd0Or*O5g?mwWEQNjwucGi~3Lm5J zWeQ^yeof&3g%ds({&%8qKMK7R)=_vBg?CZ7io)k9e3!z{Dg24TVG2vW5b5kiVI_st z6xL99DuoLvyoACKg|}1q2!$_G_%4MTDC}Cr&-4n%qkKERIM#Ry!B%_L$%g6-3U8+R zeuCuR?iBn&lDiiOxs$?D(qC}4&}T^h8-*tlpGo2SzlwC1Cq#HK>Cb;f*ndQJ!$X3P zAiuXzyhh^JQ+OkVH&Ym)@D2)3TQ2-wLiXprDCDC_eq*7K_a%AD(IVY{*9rYk3{8O~wBcxwUcK&yT{s@xe#J3CxKcA62o%r|jg}%H?*nL9$UeX^&@$&5@!ldzP zT73QO^;wjUi(V3b{zloWc!Xi1UNZm$%$2^rwo@d#ebW-V))tStATJPM&GQ zuWPHbjj-{HyNz(+2OsdzHNVAv7{cC5XV2i_sukOxkI?&Lvu72;$WEPWKSwxq_kr^q zvuvUGjLY7dIm_0v;kr|%UOLOR?$~qAf8)tnwu5i;_tbtj%Nu@S>5k8ABL)|oZH0gQ z_e{HJ&zot!6xzc7RrqrR{^id{Jajy+q2oe6jF23><0!-U-ye(m ze_?$8PVqu_8>_1}|6L;NpwLD7`29lP_J9a$9u{FTO7R~Rq5nw{wmnVqvmy*q7=K>K zEiZ`B`LPH)eiWhqCpE13O~_qI5eD}c`L}u0Fu6)_Z=VQj?iC>~EC2cLBzp=wD0EUe z^W_(@_5bI~uaBV;|9@Hjyj8yZ9xC_$Zu#^6@?pMw|Eukrx7UULZTU8B-+cMIZ^t=s{q;H!c z?9L&*ty0J>2Z%6#-I^qs+}gZ9iGEg|S5SDzC}G#N-e+hYBH8wtkY6R)Lvkm{ev-c- zIYM%lakn3~d-$8N>$rDKqk-RI(Z6xnaa-8HUlAT`&e@Bw+CHWMR zgCw6patp~zNbVweImxyS!e2AV9+F=o*-vse$q|zKNbVqcTnUw*WEaV>+t4 zlKmv_PI83gDI|B0d?3k5l50qIbqoIil50p_LUM@YCX(AoUP*GCG7RhZSpGR_>i;BfL$d38;eR)hYe+tr4(e-7~)l8+}jMDiIVw~>4{$#Ig;C)xRv@OJ~rUXpJmIY{!m)IKdF-%Y%W0S`E`=xB>#hCXRomTl4LK*Ns@yk50TtL^49tGAi08M+rNargGu&~ zJfCDg$ybsbA^AR%J4jwda+2gHNOt`q{69}}4aw~!he&>n7bH7>75=^< z*-P?|BnL_Uh2$2J`$+C0IY+WBA^hz$LG)J-$x}%7lYA`65t2_Oxr5||BqvGkzD`{K z1^*-bUqQTu#Y)PIEJ z)x?b)!a){)gW(oVhpC&?nj%@yINy0~qMZKHZ zfAjagw0@TlaoJ&9U;H<=JZ}D%&&NZwZkE^ox8XF(M?U;N&Bu|OU5ESg+zhpddd!Fa zr}?<(f3rSr?-%Wz5C2c|vFHD0K2CUDjE8*qznTvo-~8L@JW;<#o-4u&NM23hE~GCd z`Be(z)W82ld<^NgrE={~@|_gs(;QFNOY=KLeLnrRD9@3zW*z9NIO(h<7c?w!O`AM* zvS**^OAKksRa2%<_Dr2TWxqWIaP8-rGTk%XbAavaz=8|Tab3Fb;!74^c!6umev>_u zJ+6xShKArJ2kyJ?Ig1{D$;6XtAv;JAav*-PPT#E3a~zh?0+wmDn# z2Z~2-i$97ca14j#h>Q}F23OGz>>O! zHbV$pc=m$8zJbMO?Q8V3eMJwGacq|~)GfZCVRAh;U$7_;49>r3;rUDE*Im3AeRA^I z@XMprEnI{s{6K+?pkwU$HZB@BV&sIejU&g7Dybd0$Ec%67L7V;kbHTzo*V*+8F19T}g;maPu+5)8^Mn&-o;v@; zIj0>yf9|O@htHqStI%A5^Ns4AznD9+oxfo51-5`Ka3Kb~^ax+JOBP?g5dIcie9qbY zze{a(OU^(4GP2?=p#K%2-74+g{}G`GjWu_(`XbxX&FYKgz7DgqBCPb~_kXDRQMS$P zn<&CcXvqYxIjZq@5q6n0ZB{=C+xDB&kGFMf zRzE@Rn=v~pvTb4W(ta9M@3h6Yt~INSzl&^J+G@_*oPI00565g&WZPQqzftuQZSl?Q z3n{W~W82(*ks{l+w(Lh@eNgqY9VYY5=}T?FPd2BYWQ+g0IsNu#xAN~I+Ya(?^B+aV z%C%V|{w}f^JA3~JD6;MJKXiN&E4HQBroaKk2&~L*T0fJZx7)_slAE+I&mq@)cJSh_ z!f!JEG#-*WsLfxCbC{a1z( z|2=|#n=2PTd~Qz952W0G&CXu@WwRYgHweGP-#niV%BMJ*+iXM7^Y|?Xd+`^1(#EJt zoIr2RKR^ES`2OES{D08}z*eO9TrKo2_~O4kNT2-IVTSyP@xRSBh4i*wq5ltL{;MK= z+eo43M}Gd}&mtT3wo>TNw+lTU)i?BA#X`ScsBL(3&Cu8UGSkrP1eyP^l^ON0g{|u` zaTWo=_??H)DA#E-4LM2mc6na^meBK48~%%szUEA!e@m!st4QxXRp|5Swv)c?Ymv{N zA@koyr0@Dg=ue@IbKj9Zw2#m?iRiWg(kH(Y`nja%d#`!^UDpWxAo<^)^c|lG{WGMm zCcWo2p|8WK3ICl*`p^S24Vl+3{{=|zY!mT4q`wq;-mje0uk!oq_%}&-ep)^feqt2= zUeb5W5c;2ld)s5A51#KeG#jZNo+o|VN}=DC{Jfcuf0EGW>v=uty_X8Ti{kTl5*hg! zb(rBFkMH{zm+}Mf_ic+O{p}yI%Jin*C@X@n@8I{El`JKfj52 z2I+(Mi};^VxqPIrq4DxKrF$Of{oBqo{PS_be+_y6>xKV(zr8B&|5c$so;FF}Mf%7` zUc-JFp9t}LhV-6~MSSDiBGA7{`kLoOy7!JYqT7BVeR3C}Z-mT$*?jyyuOaV44evyK z@OtQ4B>ewD`L7^-$5`R#LAr5uDCu2|LZ732o=*D6BBB3-ZlwJ!um4!+=Tm<8w;g!8 zwi1!<%aHkR73q_&i1@}kL!j>P?61e$<$=KA=TLeJ}$|H?_<@pqwriu@l$`pA=BBVId|_c+pbeIVk`B|m47 zzU5n?Kf-R9*_Mz#_^T+df0EE&pZ60H{%NZ-;>KZBd&$uANBnYZlKkJiJHkvXK0*CjV3o zwu=n?B%5oK{9i+UyjKZ7#=F|!@lMhQ_pUbl*P>qd?{U(1?IiRMQvZLQ^ez3u&+(L> zuSst!67k39GlcQV>#fTp^xIMWxJV!WL-_fX{CM;6Z6f|I6#o>`dw&!09~arQokx1x zfY4WxpDRi4yjAFpXOUrZ8|iCq7y4t#|D&W2ZW8~ky#Fo{e=922KS}Ru7y8{O-3;mD zM+^OnMIxhPFc0y1=!gkDKfdzcj-+qv6nZ?`Y5exe$DbzZ!FVSY$dROv>@W1jJ2;?U zK>Eo@Q|PQEy539jNre6NFQkw`lE%~b`<$py8bdlgKQhW#S}lk zA2oj*Zz8?tZsF&jl+SxeU$b234g&7}7tTkAH)Re>Uk~CVk7_gub5i?~p!n zvC#81C;t1C^zn0q{v^`(6^_ z>9-+$#}W~LH_}&--n)tZK+=0!Mg07{dTc&^gV66teio44Px`M&AB3LI=blaG!!YTm zZlZsX^j^}(seWD{|1}SabRQ@GofO~oAJHF*N&g+`%Qw*vklsW3ynhFl0C>H*9uofZ z=fitJzq$TA9eQ3aS5i&4iu9GF&-YIs={=k1PbYoFCi;5ljr=?%@-vmnbp^$rxJkM< zlfHBlKlhN{xk>ydN$=ex{%g>0uDqSl^Zc}YCGr!b{Jc;4cvk3*cMgDkL3)q#a3ki= z6#w6OKRXM(o5rIZ$2acZIZo&&juZylk=|w(`p=4l-c5S%B%xnG@ed}wYfGWepSPbx zdjD2J-$ecDf_(fvgnlvUuP1$SYoT96`WDi+?IiTyQMsNaeSDxAJ~+qJFB2 zh5jqjdu<}V@$Oon|B$|G7oj)ag$KPI=Y2-~4+}rDC_h_~KKP>0-zD7J_9nf58{ua? z)ti^}-cLmQM=1UYdHu^mzccy&_1Mk#hqEYtO~3H}H2FD?^tL{sKb-t5A-(H0p+AW9 zA<{?Mh5jV!4`I^#&lY;Tder#cPx`i_g??MoNArHp6Z+pNKWj-Jze4EgGRPJqeXw5W z|3dM9B)$JQq0b-pbENM$L5;uF1ko;$bA!EO6b3!{Ljh9-%IH8 z{qt1PJMR+u8z}yHr1#HL<6lMk1}?Y-;?swOZxb~g?`6kVK7AcJLi+=BGBtA+kt^5e?uDgHsEp9=lvj#FDt;>YDJ z@P0IL-?o?H&qRE#@0cU>$e!^#Ca<5R>T3->t{>?3A0+=J zurrQpUmjs-9;SA8Qa;-#{%neWIr(vs{|eIIK>Em;YPxrk-hY_TcTxOR`TQIz^byiO zMS9P{~m@ZPM3xMf?uZf0Fl4`h0zULwe^-5x7A6He7*gJ^fgqU`Eu<~`p72jSVj6SN;ki5FgvfO z{O9ZQMAF-;MSj{TKl4f7@&EC4=W$cb|NqBN`=Vv+Wyw&{h7oBYofa)xOnXG8vLs|8 z6v>pLvP~gLX%Z@=k&;RpTe6Re3TYC`J`|GZcg}e}Uf)~S(dT#maOr-%uGe{=*ZY0m z=ggTiXK-&21j}$d)>QEo@iA7P_VPG+Mq7Tyt>wQPk91Ick@0z%_f}1C9h>+eSj+MXcZI8cH z@?IGF`%(5u?MIu~-lK7MgM2LB$ozEqqe|nn!c+fho{13O15b}u{LjQ+j^|&N|3rU{ zw)m&z_po2zhZmob+j0Cc+}$XDo%KF%K1x0WUxUXUl?UIo>9y%oJULl@1M%BD59T-K zhaBzy)$$yoc>nVt{<0sB&X&(&yCO%Z&Y4f;c08($C*ty9%-d(?+;2~c z&l}o)bQ$saPZa+V@z>+gZSuynGZo~i;iQ;{S*B_b$o=;({bi2l!F+p6 zpWxqiTzHB2VoSxRiGPRq)StbB__+6a&tEnLUeihNdOS*de#GOU*YAfg&nKGn3I0A6 z{MWlKhsQ(nc5OVvJZ#6KQ}O7T%Hz_`=6JfVydwF}_uStv+*7n&MZ7zndQNWFQR^|E zCuxt(0|UsP!AFwk8a&!X>&@af;RUw0Bkdf67m2TdPsUTUKSG{|@pw1o&){<`{vx@> zFS7i^PbB^^j@Q{fCF5VQJQvFCc>Ol+#^rhPY`~+O&oslg;*rpK&UbhcxATX+c)GXp z?<7wJui(Kv+*5AxN1M}rJ6>eS zOK#T(coDb!oAE5}l4qxRf93K187#Z-0-nLWOOQeT#@R1y+*ZL;mnx6d^H}ps-l>6u*Z&_3@ai{5O%O z6P_xgJi&L|dA}QKdHz+NhnW8-;#uGJWG7Bjn+FEe;HN8!%JxJ$pQ+Kw|AkDjmXP0^2|@N_%5 z)&G9WgIj&(;ITd0-ifSt6(0FVemA}eFRqu{dG9Vf)mH0WNqlwh!`yy7Gv6q_7419) zcQ(oG`fw|}_>R0e@x5{PZFvE|4v%k^KZ1|PBUj1&>l*$t6OYpVH^k0TJo%;K&m{f> z^QPLaRTcFI+wkJ0@d;4iCGn@=$)57s_&FATt9%;m>48V4 z5zl$!HMlcX?%%)SFL&Vio8@`(Pq+Ai@*Vgxyf{zZwu17!k7w?c_h7wS@yM(4f9fgz zH#}dbQvhSU_fh;M;@$G-*CAO$zK}fi@MtahRpk}m%HpfYUE;66vxmwbrTt^^+)A~l zGxeW^J1@$EXYG2cScWHt(tg`s%X61}B>BI>)8piIsPkSta!)^6mI|+?_1%i9dm7E|3S$toPRODjx45 zxBcjI^Lg4Y{QD98{L{9go(KUqw5gw|I^V_3*WLTafJM@b; zEd)yo&;5R%7^+)0;D7rS_j%T0R0#9HM!k9Pv{<_w%Pi$Jq?=@l%y& zG~;tAo;z9VovHNB8uPp5|Kguno(fuTqO^Xo3(r=P+x~TEZPh2TL+h>VoqzaCBRqbj z;undX)_C@4`D*-9+&N0V8@~lFv{pNhrw;ex(Nc={@2B*a1$eHkd@}9-0ME2nJ7*BT z4KJJ^zmxp?@W>LmomW(^qwRGU$(N9)4xX$a_wQrymzEaKd^k(&#PK+FNZBJf4zY%zp7C9=TWEfjTV1Q@6=&zkVOj-6~&3{x9%kZ}}Ve zZ@AM~{yJXi6!z2h#IwD%@JPp!-W*S!E3Zy`7d$&j-k0_#EYF4V=kQzcLMOR@Ke4|& z?D@gQe}?$zD#c%*aA*Hfn&)2*9Y>z=;{EwQ7n=XG_}WnX3i2mcD8G06M6kRa#Mf{t zZqo6zEdCMk>3NE8gcmFi?fix9-D~krDENIProF;kb2g~os8W79EHEM#EWy} zkBhzUA5)(EeEBHiFE@Wo{uASE1Rj4zUhwWS^OwnZiaI<_`)A=fw)YV7FZBHX*I$J# z${+5pe5n4`Upqtnwam-!_hTXC){h%PdEOwt81fJBO`$v+Jr7=&y{&dyKkmR|71VOO zPyR2wxJ&U-j$c*lD^H@5;$7-f7mvTE_`9j+xpm^S`+Vd~*k&6_6Jawz#-FV~Y&o_|U z`SxjetiQY$4Qk`LpT9;Ze{bTWgA^aFq!kavossgk%(vt4$l>zEv~wEyolqU-;gQgK zmy;*aTzQhz;axm?n%vGCzrf?S%SY0l-*DHJyW}b3?U;Uj(wE8Y{O1@vafm!l{AqX; zKacHdkGt&@KLH+FqF-*u^W)?j$o~i)X(jJXo~*?mD!1!MZ{Wof4S=q>ua`+J83gUL#+Pcg2&}%ip8^m*aW%Upp_l z!}8pu_{HRT)boSQKXW|~uJ`gBO52ZK#m@@)=D@w{tNXM++WztnemQP=>Yk?YKQR>F zCUEcdFZnG`KfGCJy`%7RL;fJ%G2|}>Ueg&8YR?Az+K}(Yv!Qk#f4bVA48^y==ZE5l z;3Gou_u|t-@z3KUL-B9p=}`O*JQZ@sdtu_wGowR!>fuf(zG>h!95+<|?w%iPob)G8 zWm2;>UaL&l}E4joX(Qw~yeNth^Wd*8)8Cc}ZXO zKk~ohxj)YBd8^*(L9l#^+w)k>cUb;morAbx#Q%vGw#pBuon_BZ`?F)^KXBYR3@?&r zO*JK|i^s1}yxkw(0(Y;HS0#TJi~myoCG8oA=laQysH|U%FyA7-llc4a810{rKZZwB zinsasS={|eZpVvNcznCO$nonv-1(|xp3m^uQ28y?r-I0&ZM5ID_!aW1v~vI+Jx)H{n~MD98q0I9-0lxa znNO1MrT$a!*j@50>s^Su&&jvrIXuxpZtov`glAUC-zERocrqvVKgZ}V|KhRTnh%E% ze^e9IE%KS-)2z2Hp7~t9RcV|ic>YlN-|W{N@xmX zM9WiIelk7_&u*4?r#%btd_(yS_$oZwRz8G0AL23gqeqDU0xy(P{35()@r>vD@cnqY zyyC~;)y`HuGo|D^S#K@#`{a)>&osu}2jyjm?|{c2lBdYu4^Nko@4>Ie^Tg-LbF0O- zQ~W#h`~7(83%N`DlX#?p+^#i&7{tg4-)!-v;*)Amtt!eB#S^pS57YkUxbuYkYwFh1bHDus)|*or=Vsz#uPOc>;_t(=ugHg! ze*s=xEWeTZe2hn4klTGPd+_wj@?*$zLUV0b@+EojU5;LxTH&z^h-aP|faliAd(-~g zEzgZ|>-UH7d`J0U;-9qmKUL=@Z0|}ueY4^pA^uZ~FC!m-@5Cc(~Q6|GYgGI;4g=K0-g!^EZq5bRIo*q*;$Nt48^~V z$3tGg-H`9Wr-!`yIojTdA+Lw0LhWgdj|_P~&;9+y-K&1|P9uZmdg9Ze{1YsH$Y)so zkT1cLA%71~gnS!5B;@<>Y{-u~S9KT?+OGO|GUToBi6QTU7eo1n;`xw|!#jrZJcjQK z#b@zEDE@6c9`Y~nLMYEZyk98(h?c5DI^?I~6+<4!H-+-wh&Kzx-;d`)@$>LlDE@7H zZ76;Vz9;0n@Ma;e>|Mz6_v?NkKLK|`>urM93waN`M#zWZk&xemM?=2AJk*|7EI-cl z?0o8Zuz%g7`DzRE{I7Vdiu??3Klhi4trVXaB_GFe`~UVb63FPh`Ai{z6ykL`!2 zd&}*4Vz+yKu=9$^p8K!s^IXTMq2@U0z^gm<{U+XFC|IW9_WdUv@tNe=8Ok%4c>6vS z%l`~+- zj5=>3Pb`#YEAjR{EphUEOMJ&r{7=N&_qJq+-;FzbuZ#bjDS!E!Jc&@A(yrfM)gAl3 zmwJA%w^VY~k0V3zk-)2ap9|1=)E+>$G#t?2HRUJaPK-#C{G>Y?fYWve5?U( z-zW1X$K@D#=7;h$CEmVYCgNy054Z21`2s&b@ET4ol&1^v_I)%~hn~27UyZ$fyqG+j zLU|Iz+xOR4o-1+tew+D@mTLpA;S@u8ZY18m@5Z+4R@}Z1rLI5^vw9V|kvy?fZ7(^w)gyGz;ZfM7(_ukL{-~5g!l5uOi;Q zpJ$(=L-oCHL+PMz5@AHY$&duaWh4K`Lx9|BWOZ*Pvr-$NyBHq6DC*x?@ zh1>T69bxCCfqT!%3FUEGYd^B@3-T@_1WSd$YdC8|@zsd8?-A-p{E@^LLh;8DZ{I6q z{azcl?;XmKrvZ8Pgz}t0ynPRm?AbN~35`bo#B?`i)-#7D?e1D_GNH}CPiNpFQ zzvQ{U-a_wgL541+l;~YN(Nw;f{9oa@`dtID&zJ4RqbDi8729=q8}gqeKZ^XP;L#n* zQ;X{x9r5B!d3BCom*Ls5@`2>J3D0bo+w%<`z@0gA`~2yAJT*yPsG<$?A3x~VA=+7f z0r@|+_`&jzY0po1_DFe(`jl=F#hv^qJ@W`Wbdp^wRxKot>OrEZI5g%SgzZi-a zDyW{-8E>QUWKHF1&hhI}+_^;YT}vy^V!T*gZqH5fA1~(DAy-~`9;7{6@k9l=T^HSl z$B4h1_@mk>PwWQ8ufrSR*`$07b#9A0hp9dGxyycd=4iQh8W1eQ@I+nZvHtZR!xfC@ zJ#xGMc9!Kivt)Y~;gOj9TH5nEp4=_Js;t(#8IND5_GF0Ph3EEa|Gg5gcs_Ngt~`@y zzyDYvznw1e-f3{Kw7}DUDUTgz<9M=5$vju$sZgGj#m5ytkNh)mr>oqK3yUpJJGouw zf7{|K$$OG#o8@mMe+A!*C$`DYX1w_y2M+q>bNRjaS$OV8d5bbibOD~)M|?T?U_A4! zJjHs);OP-^8*l!{c>VQ8Zj{@2TYx)^!#U*fKj!Sm7t5-Dx6#h^xEnk{-*KL%e|O@E zAYg7SR8dN08fW8{O0A8z?a zm-M@E=WMOF7kOsj=_ZQLQUAr3=XAx}`NkSNcCGwS@)YpoNadMAo zpQl2{qZ*$3^(nloczf>R8F=gi`PbCb{}_}XpL#+*m;C)L{wTS99^pnjIbUv{yYW9R z;pfS&mDeTD0?SW5?K)%*PfSz%LgK%){9EOApX8tBU&?={zxfwb? z<^FSx{iO{a&B@1Bl=sIo&&tOfA@^@v4YuoP`HS?|WIWIK*+~A`mVdqCU!@lm5P^@QU+_uHAgNqOuz?%$T$zW_>C}hAj?;?xSYPEooIHK;0>{T`)IW)5 znP*Co$bZ{0Snn~)(}_I(+laoWhsvkmAK~$Sa=R}5D;|rxdG%l)sd^4pU;QQlwd9O0$)Jw^YT`=tIK)-<7{m-t0O#&3BH(VNKljH?Ingx_Fqd6D_&89aKN{K`tfubmw3oG1U0 z6@QAS>&n|I-1!+VmXTkHJKhBZzdhN*<+i^ZZGMD&KJj(&!bS4e@w4%mUqEm92=9Ow zPm`ZZ$MnQAegVDZBL@%5P!(pMd9|mD};C37)%5-jY1$ z<59M^A?v*ekK^s};kf&_^6bLz$Ma9i?RYvDPv0fKnDxGhN5;sPljl{-KVIGl|Hyo{ z{0ICSJWrla89)0xKiGIH?Y-bVm{;}O-``WOEB_|ic?=%=LOukqho{%bPiDQ%@a#6Z zeQva?#c!9_ru~C0{yq6Chv*l#<8j(^8u9nyiO&^ZAD`p7f83e>ovsH?#Gl7w-QKbA0e;I zddFJ+!{s&~-sic0UX%}=|4hSohR&Cs!*ikdH}LmE@muh zRQbK+{}E5%L-GB1+&@wA78?)Mz0=fSo;gu@Ze)Pg#&atbZ`Yrj;>qQ5UOqZq@Qi=L z<1H@+|8<=H<~5Yx-X9redDbd^G4bQ@=o4( zd}7`}@%DM}9p?TCmA9Nlo>JZ$bAEkdC(D1wkH*u>)Xo*OzoEs~SNt&A>EapIYuCLm z!reEOXC-;A#*=T!t^T*0zaqEKiKp>gWv$oh`2?OiMDBktn!hZu_^R@ioUgub@rTO` zLA2u(aEJJ%_>Xv$et8N13(p^^JT}hDU!;1bkCK<6o=4%)vhuZfZ9KnD+q;_l&GGDd zd5Z1oWBE%f&scmY9;+xHijT)LmE=E>f3D@Bo~Pn3;>GfcZ%&>yo*!&KT~E9_UGcNX z^DUm6EuW45fu|lX>E$n`ZjZ^YA^vc@K>i!?I(T-5;xEOU;E^Zf&*L5N*dy{g@xFL! zrhGI$2zO}bZTQXRvr5L_g=eS9ZzcX=JVks8Uuf|UEB<=?P23In=Xf+!&)saT}z zXO80SeXIF+f;_jACui}Y{`vsVWxW%AZ?XAvD_&SCKaS($FSzT!0P&W`*dOQuW#^~~L^_;Y!^Ru^}-%I$e*=iuqR@`u@v5_s}U`CGx-9cL7tDiDuP$20y5 z7H>J5d2A8x{HXYI$o~c&{ZR35kmozgzf1AlnsNlG;SZ@7N*W7<$ z$@l#=d>XU6Kx6iZJ!qYEmz0Z^9 zEId;~`KQv(K6tK|@_dC4wfNKJ-etXDxeJd^ln-Kn&c!3!wBD(l=PbvwXUeVLKfrT& zwWnG{`M<-9anZEy4p#lOjR)xz@yd4c_?EuP&jx9^*~2G5)%Uq<{yyl|A< zuFuTJ-L~@cSnmgTvXFpL$IdnEb|IEsk@< zrsIjainsU8U$*@HuO;a?E*mJii@=W9IEPkFp<3YI@DzP~(5dk(om+m-oTZvA@_?p&+C@8Tm2fIUO(f z7xcX4b=uz*Pra^ouBf8z9g4dj$zLifzsvk$xxJ777#`zz>YZ){%VLW^P4T1fxA5q5 za_jdmaOZjX5aRdXY2wWf^Zv*0FK40RW5hScV|W_xfM?177v2w#GS7^~Z^CorITybV zPm;%czU5z3vOTZj1w2Zg4S4(v#ka+O#&guoywcU$Ubm&jgN@tTc=EiGejXn6FGPFG zt&E3D@zfVu?|ZEG4m{sldF=ZCEIhtJ@m~`EDxTaZxAXr^mM15-^TXe8hdk}bQ`Nh` z<@aOm6UEPEd^W`0to(N3JL0Lw)y}htzYdT1Z%lZL)n^QztgkwpK^>;!Y5&5zx7c$7 z7F(WkOXhhK&$N=C&U!ak{0QZ#9b|KyU(7kLo{m@aUikaln>a^#vUqJg`IojgiJyb# z%j)=kEPfH5*;}%m!|=#Lx!u2%w)}U?y=gF5p25=vt@l=ZB_7>FzuA2flZtdxVJAcaU`t2=vF0K08>(i-thIy|g z?aAVWL5jEgTi&z$Q{{FY_y;_HyWGAnvix=0u2dzt_cAJ2YT+(^9^Mo$+^#y!P?MugJV4R`#0ZN+jS=Kr{lThay#!mA9uT`ALnyi8;EDWQG6fTc>`X!U-35o zJY@OHYaG7HdY{1)&ne!<;oEp*hw?Wj{}*`jF6FWNYJSHvGgJrt)^VzM7n=O-EsjTlO2D&C+vWO*Iei1_1h zhjH5kZ-yuLb`PW+=aX^V?bai3JD(hcr~Xy^b;OUs3mhNsC;wx3?oY+r>&-=Yp5xcU z#J`0XOZN!G?tj=~{+!&-WB1_kh4OFMziM~`IG6`GF5C5@Gx5Zeiob{TUVuB5u*=~ zaQSD4Xaml`qxIz194_yGyN}E5^QV{LMe6WZ1;yWpr_WKmeed2B%kz`GWqHNV#k0HR zR{yumtIF+pS)bv>!{qv};}k8P`K@Us<&WG%KMqi2PwLqOk8YEHgm=WV@5t||t~^)Z z`8(tj87Ft*&M)){CEsxWWUs`;3`RDZGE7x3ltLPW+<1wz!&n5mlyx329PQokRrtK>5x~2u^?Z@D0&WHOEe;S^-RC&Io z{q6AF(el~Uxi20YuXg@Uo~!U8?-MoUxG)Zn9;Q5x(w^zK+e}`Gak$v>pDnlh7V>!E zN7cU}^UqE^u~WW?{wh71{{2C|hV80}7v`z`8)$zsJmKH?=PmU)p7y{q)#W3}e*+%H zy?+MFeRz!PB$M$4c>G-D=|eqpc=`tUUBs`$QW!I@IiPwC%5~SM_Qh|{36W+b@%gxWwBlc4dspH4*VWE{ ztqyqcS^25#N8jPu1@e}(bHDlV%5R^Cs&fZ*xIkW>{4MZUO?gf755Q9&DgTeOeeXht#Jj?%pk5R!R+u&CY1(7+ z(tO;Rr1%!4mH$;ddWqcji**)HomWz~ukrN7iob{T{^|L_#^E7%`qz1CdS8t0oj3)H zPF(yyJ6QbDLHwak#rJH6*I(5Q{0OJ;f#s3=|2;A!-|D;pcgM62;_Uf0JMes=OW-l3arWTFmpcV=HePMK+L`awK9GO$`sSBh z7)THL_bfa+OMWWxZSlzC+TPN5PrTSt{ti9}cS|dewP!dUbJfn(#NUe-wwBzkCoKNw zwn3zR>o`mCNI`k_kmsGi`Nsi23jf1*Tb_T;527F7Z%R*4-7>#ujo#(rV2R+_t?IAu zsoSY|w3XU96K{zZx_1u#-pU<7)_F4Q8)uATaTix40 zf4@lbe0Z1mWAIcj)zkKuGw@us<2R%F|ayHB?XM7{4ghuqCLd{nZF_+#+wt+q{#PJ#r?TJ4taQ<- zsq&mzLBG5hcfQnmkD!0A!=r7^4+2jh*PVD|dddBL2A<~g9X4M*XZfE}JMBDkIbJ+V zw(n#%mlzBCV=XR+6f0E}yJX=of=}*ebai@>^_Z0j(+`Zs} zKq`_a75IPK^RUG)(fsf-Ay4ADsme1KUxXLvN2~v9mgg4DKlZtsPx0hD?bnklDbde( z{$16fNdA8;zyE*~Z?VriSM_!ff4__P54`dg@8xr_)WwUT<9IVXKT-M5BK~~yj>>a7 z-U~0Br6ZSJHyeb)vclpI%CJVO1; z6aOCWysr9OLH};_{7~;aITiZex9!B|?o+&a*>TF;>o`$z9{A$~&;2}w(EF<2tnlM& zILUP-&sWd%;{AS!UZHw^PO^@8_EwG0{*3d!=6|W44-tQ@<+)e=H5I=NPq~V>_xGpZ z$p>|Od6W2Amj4!wH#-k}+Txe04%3K#0ndG>{q9|SJzjW5+jS1@U-_l#6WOOalqG%} z@y=ZuKh@~4-^^of5P3}*{XwbwRJYuhT>^-Sotk*0r~GpI_dGnxd6BlxaRyqRQra$i ze%JMQv4D^uR7Rvy@|)VX*{3HdN<;^{u*y< z7(ZX(PUyH(=HVkJd61JmCBzY z|M__KF|~gN+j|L~WW04GK8d?8r~+5uqw(|-<%yH$K|J?*ryz1V@lWCLya`V&RUSM49E)e0%QdTbpVPtbPHB^DfOR%#}mrGj{3~TbN&Owyrnk2 z5RY_Lzt^M=uUno$%9AI4ec=4#fFC=FFSgJ)SF5~hr4Oo}iG3Fa(Lb=g$KlCR+O8+b z)fjg|$Jw@c<~7YTCy=Kv9^YKDzsBIvdsNTk$UhBF{ZXPPFBm3aDhwf{@{ zH;-r9Y5crGd%nSQ$GX89tFhkS1Lq$H{HW-iPzB>{nZ|iv@*Ixm-_-nO&oSPg)%>4i z{x6X0RN_(y2` z&K%t3ISkLS-skbiRf@OIspatKe${yi@mulua=FWXvBz`&ytf!S?>*#U)ib-JYNB2XWJ5A2#ufacrtW7b_kv-uX-+E-6Ji}_a)nT7w)vv zxIL8k*?8tA)vYo99G(reXNBeOp&n^X{2II%ng=%ExyD_C$c@DRipM|H{BQ{MFYBF< z`{OnqTJK@Fd#~2}An^_Hz`&Yu|0X()xb?8B!6U;Z296xO=&mF4g5aI{mk?kepZwZ{B1Aa^) zzWAWp`6Iu}Se|s7KPAo4Nd$Kkm~>i4eH|K7j}I^f4_;)^RZe(ZhZ zC3s?<`mqUr^A?`=AFSss&CBQ)U*gf;>X(6H=WjfJhmMbvY0n{#vfqW?ANl?_-~YQb zB0k}0e|d(G4uStS{wm@#w`ly>`PiN27pgve_|r5V<$C5Kd^Vn{u6a9&FU4b@s17dM z^*Wvi9rwS&I$H-rK2IFdv&OoZ${DZp-)PB3p))r3;RvxeH!O|O# zmscGw!Ci0I_~SOs^Mab=gDn0wjjIXxZRTH;-0$wiQ=#*gS%LG%2mDxMd9K%fx0~^^ z3XjxsgXoU@%?8WQb9FAmzr(X*RR1WxA5V{H9f+OZ9^>sG{`M9pxPfo2tUqXiC*rE- zlk`hl+<8Isq@Dl7El(wl!+uKR497E}^Yav*49y!;J&$Hn&r^th0*`&J z?YaqHj3+|#c^)q;RQwX!vlUN%R&t#GiDxfYym!-Bu#}m_e$-Iy|AqC|#51kb&a?4T z1Lq$H{Af*lWSfo)y%>iV;`z36`<(BUc>GSa$L5V2@JxI4m-b@sb0mQuutNU#IpTA- zYyNM^dY9vg$JLKV5x)U1@P1zd{43nyx{dYwK6AcT_cY?GdKZrT{V`EWb$%B=1usli zJtKH4^9OVsS%$~)_@^cNE8)5Ser1a5#$}1Wf%sw{^~*H2cM|SCpgOFee;44X>s5zi z$+HYka-GfExgL*vq4?H}tL>g2>UiHn%5!&XkmoPrGY^#9-fFW|pXeQ(gUG*#KL(G- zG#>1AbOSthyW(y9G{YUP*R3Z{d&?i1uLj|T6Ev>Aru{cr9_Go5$P+7FD%ek}gsw|Z zB0f1%_57ZCK8P2O(hNVE`oD;$JGw#UxAE8TNa*#*_js-UX!j-7 z!V96}*Xeki=iu3X)C$jZa2IR|H$_GE3rFe0y>UoXWc`tDOalntQfqU;4|D*N{qdmLuSPwUd zw(D>I;K{{m&zr$-9jEdfZLc#{d79y;;O@B^=TDW@FPfR>G=6Sk{ItW+5RDb0hA2S8~68!2B_tKNM-t96a*9)_Zg*{bG^DM-^}P9le6bCuw`nAkQawf#*zK zg>T0b<@Dj=|@eS5f{b?R*I@UeZ>P_!>Op ze{qbr*!?_P@xqD9ze|7R>@lCDJg4J_JgIu7Hfevf>z`5FZLN9o(K7mjrWPN%kD@1D z9H9Jm92saHIxZ)1=TtXH{5$O#gGW!0H^iso3GxiY-@x-oPdhH6~de0w5ZJXQ5vz<%8kPt4SMt^IxQ)VcEeh`$DpHEa{CFU@*K;gM521o8v^ z0Pa-PdLP8+;mK2U{%_yw^cJ4yeRjJaax?B;;szN$CeJq(f2{gf|8<;Qc)YXvr7rOm z=BqvhUhmAtkH>SN<9H)H-&mDAj&a+@{8%^0Fqk|S;l;t4A6~$(vHX{I2*i#Tcj0a) z_2W+BXW>o@?MHUM(*lbRooBvm&ie&#ljj}0$o;PW;$PsI&^X+UNA~ObkN2`DSgI{h z-4YLL-l&3~h)36IeBM++zi4dn3)Oy`|Brk4;QNtFd?BX&WfS8qjytEhL1KF@*`;`f z<4Y6Tb1m-9Qy%YSOR(H#{+rtWD1INF;QpVE_&hxJi|TMJ{r(0X9jSh_d3!USi)x(L zC(j>vey02!{IF+K&uHkn;)!_iN$p?fv)-n7j_(azT~>)Ym{-((% z!*ewh-kZ96*W>Zw8b5ZPKN-*M>JlW*(Vpp^``eq~dys8==MbO%QSmY2mslQNubID( zySvoRdc^;V7kGco_Uj7Iv%haFnLmohmUap-h_ILG0MhqZs%>&KJvXnob83G0nnp3v*@-nctY z`_YFSrv{ndr~Tz#+H)Q53|9W1@w@P11;!!%5FQWRZ}2Rh`Aqrk^~G{LQA=BTGI`eH zsnGq0yYT2cTJLMbSIqkL{O?jTaPNK9bJZ{X==X+r;&aWO(yFLbpJ!V!O8E zG5?EWyv6eTWBKnW8R32^ZK-L={;?DbbYJhDdZnOk0e&;rl@P;$TSjA!|L zO;7S)gvWkSI}gQ2;Hd!@2BO)(aVFz&-j6m5LKD|}jYwrucfjjqUzOwE5 z5Ks2kcFiMy!SalX2V&PJcj3ivRG+WdU#cut-J-WB&yVCe5l>&C{+*0B!wc0kehw?6 zUv$Ka+e+5+GCUVLkNVp?VfK$NiO}(7B=M2Z`wJ8B*lhK?9j_n6Q_M?)82@v;H&%^^PjobsGY{35*AMB8hxzuvU^jPl!a5~6sK_w{PBUo^p^^A-OldD;ffKMwfOoA}H&ZI^u?<+Zr;w%XZ- zI*iBjH8g%ElvA?D@nm_m->!o#w|M50c9j&r!Q#0-e;aMufv3x<{@>$&;6?w7DZQmH z9$BLLr@FL?EqnAph#&OZ+L@gngK*FzHgZk6T#L-lEiufx+{_X?yA$@XVne~L6j;GpDXWH2gFP!ZLk)!CB{&*~Oo#&4S55C?B#OJu~VaJgf zc)Cj0AisB79xO|7Cv@Ih2%Mk;e(WdS{X_McR#Cq^e%Zm>b4K7^9k}ji@2j4V=lm~F z^Oob4#_5Nr;;jQ&P5$OjYM$>Gnul*7zVML7!_DMLS)R$7-&)~M;rWb?J9Y3S=0oKF zQvdhy^vycn+3{i%p4qN`+{JkK)#6ubfBz9b#5+Ot&nr@VzUEZc+XzpG?hm=Z;y+QH zcN5R)aZ?#?R7`Gqb zvB%^Qws#xu@P66p@~Wt@aD=pTSaLh3Zq_^O9P-_dN!9g3m2#G&;^{c%;1YJWZa#PijAUnf<6A z-qGS0sbB2*+x_tP7G<{af4w=Mw{1wCJMjD?8V`-}G@j)3qg@Y~ho?fXkCs}V>DsT? zlIIP)_>d}a9ljoq@c9=V-5h7T=l=a*;mJis}%6Jms?yA62aGu7vB^6bDPd`_(i z{u`b=v11^1eZKUos$2S3wdXG4BX|P0_140RpJ}@WaJ)MwaQ^s!AAN|AhF%w3g{Qfn z!RE=E{zsmP#HT`err|lRZ(G02$0PeSo-?#*1s+Rkyd6Tnuf-ELs}6P^@&%sZ`k0+B z?ZgX%)L%2nzuWTMrTx*4zok|)K3`CKhO*wn@Z2`VKSiEeczVCa^CbLqbMBM$Ru?Sg zzW4Kck6EhW3i$8Fk4zb3KX{^qn(t#X{JaW{0`W+a~Itvut&a~~eNTlH*JUMrr7 z=ih1_KpV!%^LXS>)!D|?O7qZq-^HCfRiDjl*Css5_shrdZ}HS#H;~D+=P$g-^~qMm z*U0&w_y6y5is$}$X_4yyq;Zmb96m6hl;JRiDWy-VP%?0_E$;*)%C zB~LrYcIKO0Y5$=J{Q`qZ}IqS)u#@B zv)l7SOV@BlhMpr)>UGt}3H4W9Ji+_6?~>Ux7H!^vHRH;<2lZ&^;eGb9`1J1 zIP6LO&+!!Vz|-Xa4lmrQEqaFd(r>Uo@_GN-#7FSRMaqA5Y5k%Op1oUp;aTOi z{~DfPzq9v?H+k-#kGZ_>UzR*Oh);2To4|MD(H83W4%Da0o2q9a^!nmBJh4^v{Ggl? z)yJJ(CC@ipycjwUk9+R7v)o78@7Ud)!Nf9Y!<}m9xn<;s z;mH=-u2ZO6Z9LEOou-oiEWFTM?ca}g#j|CV|8o2?JTdG+v=GW7n`1$d!>@_$AAMR+W99d864|3vHkmiX~_k>?=Y zfj@#5TByG!(*A{b;)}LHWRm!I@eI$`dJNx!JMU|poKKy1;n}qE>$l$Xi{4g!BDIv? z?(3*(evZb;MDj=R=&#DKnfxs*zNx$s?e7{me|*4?%ZN|i*(Oj`$#HJ;+~2RAtNSXN zJoghH*{AsOOrW#P%jtE8z0dd}UVOGgkY@wyehW|Xeo*~#`o(68U#xih9L*27`*gb? zupxQ&yaPGKN*jYK0k=G_tzf8qc^LayT~&ikFC%+IR}3QPp(i;jm6&%oPQkf<8#Z; zb>^Y`?oT`uIuEb#4*MzhHN9L$e^4DSj@5DYD)Q99bG#01il2qYF4A_LM;$uh$qPFK zk=u#C3{P<#=@@(@Uie(wYwssc#uN3Gzc1~aW_i|h3NjqZdgtTGuhjmUQLW$wJkRq9 zk7vDW@pu)r^9}NB!PDF)c{{!nFZNe_Bl7IC_b4h8h3=a=^gV5_vs?XjHRGot?uK5cw8r!M)sHrhb;jcx)t;@iv#)vm z3j#^e&Y_n73&mfK--0KZ-{#}v@z{Euk9lv$2g@wWQ$zhVzP$VeJjMMj=ZT%wc$Vw= zwjZs-6F)1@#tQm_Z}B+iQHPM{58NHDI$VNRcwhBQT%++^7e5Y9a=)VO7cKA@pL@N9 z_>LCO>r=}!7|+boIJ|=R8}USY)w2?HxC4*QRsHRKgnRJ(8OqazJo9m9i{icAAy}5< zvCwtJxA8~^)y{>a^3{)*C(-Aw4tQjwj=w+hH~sP0j~51VJMABir+-yHK27^mc=Sq*&+p0e zC?4ne9#*#{-UV3yex!P#_rVtt?|iI&Uqt@5J@?OJ3&Z*bnQM^$b6f9B#UDldZ+PTQ zH;A0ccq^Y*-D08V7RK=64;s(+kiRpY=6&iD@xFMfrAE{sdHve`>Vn{{6bq z(EBNO5%0WqVG!S%_D?e(tp2S_{^#&$W3Bg{iu%QBJbjnO=LX`p;JK%}1!B)B`px3& zs=w;8-pU`VKKTk=g80gex0CSLgzkaAN&cpIF{eCB$ZfurN{wZ5Ye{edU4aIlIRiBM<20TZ z68|Hf;B!4T5B!U#W~mN#AKFpgj_)5AoHd%q_K_!sN4{_asmnlbj~9N`dWTSli}CDO z`3UmdWO?q^xc!LuiFlN8Zr5REnQv9ysxTg2G{08)FDCzL%OCoj^=3SFjpjGIp0>lB z=R8=QOMRj`WFFEuyuY$m5W$N)XP^n|t&6+s)XpQ>t{Co|6b~Y+;~ntWF3qcXyf>b{ zUF*G_{6j5I=>6G|mgiyB;UV%&#gn1?D>8UtjOKy6$iEyHxO`Z*Seu1`kCBDm?_j9ks%Wq`=4ZV)2g%{dtp0T=}g(pX8zo9XfIz!r{dkOnjdEqH>j+yf*UhvR$4TQZ$4yQ{oY@v1x^A$@;;(dr zmNcrM2Cc@6JU?wk8TrR}zMkrK8NLnAT(A1;w~q6Z#fLsuTYi)38NaoAkl5;6AJ6f5 zPaC%_@Fe$#SpIIf^O7nsP|bAuTb?SK4+rB{;_=6|pAIgkUyQc=q3d;%@IvT)fhRoo zkDG4j`5udiPw+XBYOMDiJU&eAwDxbrBO5h-I1@nYz8Yacv6PW9}_c(@UF zc>U!a4uWM8o|&f#)MtC=1n!OBnl6$0@e=Wgxbo-t?Yp=e8dpEy*{Q1Y4QyC>@5I1A z{>J?W=y}U8Z-!_{?wUxn)`g35Z@7Z9_tmzGj#C9xEs13cs!mRsrI}=o>_Q? z`wTT(I?h7R{qxxH^W~NkpD(9=x6f<5kEi!&X0Z9~b38sn`{N|~9Yuf}ZA4~gBz_TyOcj2evkvp}$58)l~!ce(pW5?-(XSm)qf%vQNkePjemk5%RAy|6295 z*Ja;Y9zN%uCcexUs#}EXY4*CcBAzX3|EkY+9fud*k&h!!BRt(p^MlRLE?&GxviJG90=RsvCwtY zzIcZFx+l~AVR+$1_4_K?Ki2Z_`S+H@KZ55%_od7?AM6H^c7MWByhxsN$ny@K4IOtj z;`s^MuG5JB4tIZ4o$JtFWxn+5_TS~mz`gHB+tN1pwJ->4DTjd^<-9-FFmTAsP)9o-=F0P-)#i=p$h zEqHv8_KRnT-|e~Io{^#Zaw}}rc#9RZy`!jSO*|3$JVkrlxnJYf?qlzcC;!xXSF+ww zxr6u1)x^6qH4hA9yp6&0qjdaAk!Kp7IZwyadx@WG{*@a<_M)EizR_{NM(DWzGV$rI z$}@&}@@+i&h{nI2hZk^{`*Iu6p5O6oQ;oyg)UA3!^-PY}cG>&LC*q0g)bBfJe^We? zSDrV$m(Kpush~Xh(Cg4E@WKa*x9j1z2k!l0Xqj4|JzSUmncqK!CqmaDU&jkPFGaoV zI2$d#h3oi>%W<|?Q2x{<>aQO7e!O_2>fF-*BX2ouo8k*6bq)UAJNU2TG{WPvG!DJf zn_xK`&paU?j<>_}&&WTbTsL_)&P2=XSn~Pr@^NPo?+rGgxL= z{x6k(S}FN6=A*T}_PL(bc#O}nE+)^%c%rlBw<{Sx-{b$UwRew`JgMqLli@jdk@g~j zirT2IuHtg_wz#^mJZvAAMOfv2zvmGVzxZYK_{Z%JOy%!H#EFO#C(b!> z;zYy|J706e@;~-tO1JAjIV+H#d$cBet-)`eQ9RGE{LeP{Ws5U(KmYR$e&i8~=i2RB z;Do_zuU7tlmd&G620xy?m$zr|>lWuTwtD}i!Ef060T!r<5JoyY%a`QL8vqi1wn z4j!Qi?=krCw!**K@_*FxXZv5DF!)BMM{fUfrQ5Z)t6chH!~ZmcpZh+Af9Gvl!Eu8h zpHcpNg5^J9@Edid^GmHgFLnHOZs^+#e%|0$&uaUR8T_KbuRl{cAD{B?jqo?puG`D} z^FQYJ?f%cMwdWTNe)$6`XP#|%-evG3+4}c`j>qhfIm`dw3_kb`rNe(T_@n--(e3|I z_%Y8~mKbttnM&wU-(EYNnUJ z)8Lo?Q1LHXd%oY`M?awQ@aYD>YVa%Hcv2v{27kN3ul9~B(;5Q6j z`$~m>lfi4yFSOH+{-(C)tBrr2VDQ09m2MY|KHp&Qjeo6j@|xj!k;5~6S2y_a4{5*P zUXXv=2ES_OF1^1$_VcRmj%NCq!#!CgV+8><@VE!Zl5stHM_rJ(eOX|FO|-4#U_zNA+uPEjpwt6=Ve*8DJJzr_~|GB}hX6whH!H?Lz z>%Q*$ZioM>;`tAT=Ze8Ezkf?w^4r#)Hyiv~cF)P%4Ssc1@w~+Fe8AvGzC`)(QwIOI z!LOT~xzq4}!Qkg^S2^}}gForNDLt>-zL@LT=NP>9BMXxA`z-&Q=YRf^K%Vv(P1rK{ zwZ4w;Q;eQ%gI~$~Cl?KVgU=}cf9In$;g=15{Lge8 zf7R-Jx52NySLGp=tMczd2ES?d4!QjNn8A%D3OM{g{s{-LCvA zZKvmdvcb>2N89Q0@L2}G@dJwg8OHy|0hf44TNhZjYTsu0FK7E`n+D(bHtp}Ttev|C zznSghyu#quU!dcNZ5sLa0|vj^(RtzbSG*DMqn0QA^ES(W&D#HsmiQjWWBXaI?>=Ji zn{B248!i8T_52@Gdj6k})r7w@_+VM*uluo|@Cl{!Wjn9*rH1F(2EU%&?>b}fYuSF{ z%M5;GsC0Ox;d!OOZ)WkC@B9gspU1O!fSNQ7mwq5)PE-(s{g)9;E22UjLMS_S(fJ+e8&82XAC}T@N0ji zD&<=&8|B}t4ZiU)g?syd%-}bEK-=%~=jR>%FBE><@cf#= zk68W>8vOl^-|Uu`82k?ne*Co7>w56d41R4#;hUEKZw-F=;DkWjZv4_uDqkHRYkS`J zC@pZ*;18KU)Ah>>1#U=_Kbw~S=x24@pJ{0ggI}3ZKL2@>OBW43xNAmoo`0kkc&))V z?ET{B8lE>Ae8$@E^!#;$Uw^Ig^MU361A||_L*=~di@!4X@ekiCId6M}7WjLE-?018 zl#38Q@F}Iw^-b;9J%;~T2ET0UVz8_Hd$GXnBl)vt`5*e(-uE z8T@!%`{nU(KMFYQ;iqQy@K0I(>$MfBRi$yQ_7;O*Grj)`8{c;seB=LEll*Sy|AE0T z7s?NxxAuI};OG8S$MIVX&%ghDZO_@PJzuc=SAI?T?PWH;M?S6eJo-D!Qtw|Ijh<=n z%h`Q&cNqM}oQ|XKhb|lZW=HAs7l!Aw!OwlUw(|?t{#}P}YI}TL{7Q#g{KlUfp4S_^ z_M?je`4emZTRnd!C;!OcGk-TH`9EOt{1cwv-mM-O{x1sLK9WCA`i#=&obA7?TH4bM zUbA}$m3wg?j=_)qv_jxMm47D;e*Hb#-`kDfzTMzgZ5}=E(VG8)!3Te+zuVxiH~5v0s{DL{!LJ$o$Sdas@(l)mr@@b&y-y&oGx+Z~{w)6U&kcUr&e@%} z{GT=WmH(jqeXqga4~5SCtc^@haifRpk?RYZ-}UlS4Sw}+bf)~I;rRxGU%sIH^9~!w z7dw1k`}JI-=Q7~5Tb{bFn&qj6=Vg}v%CBpFpVy!IGi~S7vh~QzE&sJYToDY%4bQ6# ze$?)ne}%zcXYd>L-qV{5{!0e0nZ1Ee`S(tPAF=n8KV`>pZJu2-{Sdy zSmh_gto&Osc+KJje#qe8Zt%+=Q;p_){-D7hI=>+~pKIgwg9aarW(5Ab#^3RGoHUEzrp073d)j!d8KGqoPxWON~U*+T*EdQdw?IZbf z#`0hOl+yD*S$i%TeCC+e>-70vgI{}>=KmVY|9XROSlpDKJ9v}8lM3zUZ&>~#wvYea z2EXq3?cK3WgMZ=>JpW+%uRle{@&C2_Ps0W-`S3=zZ*rHx&;6Ft&EsI_0q42we4l#V z^Jn{C1A|}tsLqRDvU zo?`Rs%#2`otij)E`LDiqQQ%)^_&;Fq+B=m#dj|i1ygeso1mb?qzcu*HtiQMYoz{Eg z+jO2nZOOlJ!cL6&@U)`++Vco`RzW;8N>fQ z2A{F}&vg{=p0(ro616nmZ~1@O;oqt9%IEJN82s9kPfAXg=bte6##rUmUzpsu4Gc!U zy3*19`hNG53|_PI?5>xeVep$jt#aG<`(9-5>vlfW?T3>FzntmKe_`;A2b2OIv-S)C zKWcqU|9rpa&-}o@Z1AIR)AoFo@y|O9UbARzn*OH zfx)l6N%?ux+Vi~zzx*1dkIR#vb@`KXOd@?FUUyebn*% zuR8Di{(MfT4e=+#+H)=ayZt$lI z+&+>&FS7hIFFqyECm9{?HTcF&<)1ej{G7p$KB#i+O@`}&!)-tAn+*Ovj>qhL_j~-f z!Dmh@zq!Bns==@R!u^8b9-Hs)F!&(5@8Z1%KlcjFf6?mwn8P1Z{2r(A*N$gS;SX59 z9{Kl5&ztus{NEd%ry0EV2JP?Z+cn{N1|MYi04y5(+VAPOTrfVV8~nza!rhOtYw*kF zclu$=f6?H_GrRgn9KXF|@@8x2&l~)RwI5+%^6%{izxtF}`JQ{c!ryK1!G{&@^7+G_ z-~6u1y|vokIQ;S2{-L6&J>v69wFLge?#pcD!3|@Pp z;{U9T%fR3pyNc&=R_{fFUt3o_<$kd5H~4kiM}s>^{=MGdH|*T*ZyI0yn!#&7qw{_I zSk3=ogAXQJuhxS1uMB=Xi!=X%!7sOTUHmgv@8iCp^f~u(#q)0s{v3zfIoXcE?>6|+ z?0(?02EW$UcK&B;|GvQo**?yz4gS#Ul+Ja-|1$=^lHE`8E`y(YNawrH-;Wsl#-{e` zdkoLt8hj)3=RXn-Sjwe`ep}_$#PT0;covWG%?7{uS1PZ5+4z6K;2Uv?S#QEf2%@%#OiH0{PQ}F?>6|v;MYx_H*MZsG5GOktDZV%{PwdB|Ia$U?>6|` z4gS#M6#jsX<9iH#)9y`bS-l@L_?7Qd`a6Gq+VT99w*QINo_{d-@xRb{^z_>m(e3}J z^t}4HvVMQ2!Dl|J`QK-F?lkyiTOZ9?dsYp8JUb8AGWhk^tNiad-3)#+FH> zee}bYfB$#c&d1k2^5hwV=$|)O{ww=Bua(-h+S?3%w4wa$-C21j|_g~ zu|}US(}YiY{ugQcZ`gQ!!Smbun9njikNKj~^M>7<^wS1^vcU&g+`=;re)%<8?<*|- zjKR-k_V6jk|N0rp`Ky+H-{3PZQ2xQE{QEA0U%pK#bH&>K69zwG=hNSA`G3jaH*DYM z69#{u!3TEVwXTwCwU2s!dsnMr`9E&(TBZk&)E*)7?aH%tyw#^qe9FI{ zcKBPho!X09?H3Jx{na`ne(=$n|NREP`3%MXVZ;A%gP;4iI`6*A@PEPad{X7P$Ju_x zBb07eAJlrk-01dPgCEW2FH?&HnY4|5prt`K{Xi1(RdHZSZr?(s^{;^8XiuUu!G;Lk6D%<56yJncRMq z!9Qd9A3CS)d5OUv4}S>t=1j&9Pc`_B_v*a(W6OWc;McP_x)TP!dau&i<;fX?U;a_; z@0S`Kb^xc}dnWUHPdtCNfA@oq-{KrzW9@mP!E2dc@!uKz+>Gj-->`B2pur!yUE9;N z_WY^m&-VTQR^V1y^5;t)sdPJPe5+hqt35;DNk;qmEtdbf-GBH7gWm@@{ZTdZS3l0+ z4a+}xzRr}k!TSckY;g;(Gd_8(!Dnng>yqXFaf9D{r{Z~r_4nTx{G8dhPqh4RH~3Y% z=f~ek{D{CUQ}X9imjB8xE1&$9(fJ<@e)$zj=ijq3PlThA{C54S^7)$${Y^*HTw;GLFyBHR`ozb`$HpcsnR=3|P zM#$0bH+H-I?Pj;p9`}c%Mssqh*6QyMy2ZF?AAA1uUU>KPOpTpRuhVD_hs}dV(HjpB zYCFT`e$i-8_V*7^B>8F}=eU%0+#K!}<72H>tr!mbLp1f$es`le92LWjVW&4<>U4|w zes5e{8ZYC&!(Ou+bDVB=JMGT+U{Q+hHQT_y(`Wi-G3XD+0)L3eKk#3Z(O#{mfYAm&MuTRnUv(mVQ{$|l^vy#y9rAbf56XQU1o$blESeOhX&v3Xp+N~=Qme8XvGBLq_ zBQ^U()fpr!t_YFM;3qcM&#=UaV!VbymeJ$)@`#`F7`^ya2P2Lhw9;?3wG+a6TJKtM zQQ7E>GR|^uFkwwabDwC|M%IC~(V6D3N01O09S56Ez{H$Mmn!g-pk6>JB~%sAToWAI zD%$gVlivB&V!uB;s1%zg4g0$r%b^DLW&zN=X5pf(VY4^ta7bhR{{DW^8&|UTdzfR$ z*zDFZ++>1KWU*UFk-bj04JJ2gEflRTChvuqt=Haa?%t7o$Nnu|(wS|1iK1ZAkQ>9d z(j1Lrt={+gWP4NyPY9J(`u+2hLA`kS#HX8p*XB9e0h@m2on)5TUYlTuio zSRNPqLe+BW%O{;-5hN+HCRHf{vLyz0ZM4)MVlq|IPc+AS#c;V-Z}kVrm8P>^)X%DO z@Y1l5o?2__P@Ps7e5+%yH0Ia;JxOrUU^H!w6QxESOe;1Y83_^D+h&@sg%N zQsp!UXtQYbd#z5lQy6j9Ak3w&>{7jG4qJO`qqzg}oQO*DTT7-_Oxze2JDp2O%D6f1 zv^dIapdcziR$yijx&Uk2ih2ST1ad?5Hz(aglNU#==0NQjQ)2D;Zhs^MTWY)BTxy5v zX!b01X=wmCKh_5YuA@pm8c;maWv0e*p!3PCtqlQCbF;|uI#g36?eaQvNc|gq9i9|4 zu`(f3K(4tKcDm!x8U@81)QN6yWU@vm>uGC3wGwEnx!o0lto7G0b1q@%We%=S#)l&< zCo0x5ETG*iM*Z%Ef`2BM|D2SjGfAU;;XLrdHVnk`uoSl^yQ|GhpjsWm(!PuRIi}K( zWOAB@@{MtGw*f}#OW%;15de@?@THglEIaNGX2*h%4FCi>xdl@dHO!7{lVJy~>5LkC zT0*S4Q=3t}-}S;5+%r2F@Abi=!s((42*vzbZ;cbpNZ``2xl3Kmxwp8g?*2xo%){P%KWS9%SBWSvklL zPS*<~$Ug=8Pn*RQlEDflDgw-a^3SzCrKj3t3tT=W1_{2wFK$Icgi`deAQRjW<4Q@# zIDt~$mNNGy`^7M=2r1F*n& z$Ep!lJ&g`xj>7b2LBTUOf!RB2MlUTMk;jrm-4EN?5ef`^5o&Td7;vSD%k5hx1KFgI zZdcGsQfdl#4zbZzJD1e#DM3NpY1LWZlLe5MBApMdNUVp$Q}@UH^F{CB(np79Fg~5u z;`Lr3Yh!D9N?PNkGtKV#O^jg>A_SnW4wlq~aM;PM)s=yGA0T|2vf61hxl~7{-JbvK z_AhSCb7=)I+!>NSpr1s3k80b^QL%%m=%2f-ez!l=jG|wsFwi)C zfq-A_Vlb>>$vp0B#iLpat9?a--~Fx?~9xs`@PdCx^1k#V#XcNr2*<;LA(Ql-ShEh=$SZ!Sc+5|si&xf zWDiaROO&6X{?gYi4q3n|1V(d!FJsjYi#q~V3$RT{hK_CSVllL*AlP*9kn~%k zdWT}aNmeyJMY!?XTrK>GmSU-`Hh_EwDa9|W3E{{{+Df^Um7tZ9)rZwW>fIowwf?;F zkWqUi4c1l3PMWm09psCxj`5#*kjEQ_@xh&NWRTw0sR#)Q+S|Hc@GGtSS)8G zq|xj5mU|bPBbYTYRTn($w-Q-8ojEr`on^%QqRBui=NMl4i6fCqWMf-Ch!1Z?JU3 z(og9RT%fL|M>XAA&=zq20KOlm-FUAtR#MmWr3p%^CE7NPpNP=I+& zBiAl=+9)r5yfna~hby+CC>qay-rbE}vHM^#?CWj^*uh<#?M}0|+T885YTeE@OiAp! z>~kT}*zWY2!vkz#U;)BK0QXhe51VO(l~ZFx?{%IP%dggXpu5lf|pY#3oUw>x7^>p*Jk_|F~|KT=}9c^-RB{RzDX0thMiaSWBfFJlRzIQ*GA zM;DqqQ#^85?~WT3V0r5Q?(^gPK6+MXA#oO@Qt-Jjd=oE_=%jr8jsg9wy|7_9g2Gj<|>fQV6t%#do1tyo5O#h{pt2Ksjvj z>E}R005>E0{GYHm(82zMrQE@cx91d3_-Y$zqFF+Clr_%K30;4-c>53n}5 zC>X{mqC62|5erprO2+X@7AanIfqqhYqMXF3s0fMdcR*8umIPNRWhx?$*LobFP(TR7 zErwW2XT+i4ruIIRP!t&=8m10JnvxAeniL5wP^o&vC5w9XWC%*GB!~3jUK)*H4kj36 z+W-zo7dD~&*uvUxjx$L>fiJowW&@$D(=d0i+>Z4jp$>%`if0aNY3cH47Nb7G zHdo9xnuWKXYmWqUD`Bzr(#6g7ke3B39i$?nT8y~>0JoReb`A1ko_o)>ut+jr8beHA zmk;ZV3PW>v=V80R425+U811fE);4J^Bomgs|l;eZW!( zn+eHaL&O&Fc&U01Rc}suC8dOKOdCW?l%Vv$mN*9!yNq4uTB*ZWV=5}P7NRNCiOoeK z3y~hu-V}&p6Ygma)M|shE*%|1>tCQW6Bmnt#J#(THJS+KD2m3zdFU)6uwelJE=BI{ zOKwL=M+C5G#}G2WTr*O zL(J$|-ydQcz6Jf7L`fOM8|sLVNmtd@N_^8INNEGm8VpyqG$|!3aA}nTPr|Q|_kS6I zC+(s{s@3MWwWkB^CD*p0Go%9Sy9OY3wnlbdcmU4Z!{$<>Gq`Y14eRJj2m0R)ZiJ1n1qc^u zF&y@=DCz7MechDhmTZY-)__g+Y5Uj&hctt)4GVI%HcL5adwLFDDnM|txRjUyP8DL? z#tx$>&On=R(lU-AtqJi367l23IJ0Maql>CsQ|KvNJd-rB4z~wl@8HD{vIsFYum-%? zR+7+#r@y#0$C67^$N(6aauvR9#|?j zFrYLKRx#tSRI*?#0qHZZAhyeX+G1}}q9r5P+@!PEY?R;x%WYsNG`Q&!EV9Lyp)lcM zB}>d=Fi>d&i{(!1*uI9?Rp7Q}j_pE``ia#QEtWLE;OYs?;Nl&uR-t))RUNCyObu%j zg)Rt)Vd2(&QbRex_I9mM*krfw5EN8tKRZ>$eX7TG=c&!Lq&_r)aTX%*4eiu+MWDAy zR{vtn2wxDV*rkR=FxmhcNV9Z-Dh0rZz7>Sl1`EOlfZrr3C^J2lWG|RcZAEEP;KCf{ zDldUk4NHDcGZwH4B}wKhsz6e#x0DhG+scW9A4M2Y!xpBJiH2agoieLAc1bsL7%lEX zWm}%)=0*+&dvrvbNkVM8lPm)}#ixLsI9U=lD5a1_S&vjiXq*wJd`lx4w)TeL2W0{Y zD$*RZEz=|q;U-4oAJ~PHG*8&=7F`JQWO}|61p=r#Ey#+#FT!I*X<`Z;+dltjI!@XT zy)l;Y_1hN#VE7B@qJto+R%|n-1QgpYLXucQ3nc_D0#P0W*3b|G zQOa<65+f0j06id`&}Ipb0V+Bjf8{%_=^e6OO1Fgp5_N1!U0Fgjinxnr$NhcEVNow7 zXc;2LX#zrPG40^*+{gCWNP=CLW*56~lJwy1TO5o!I4u%m$E{?@Q15W>@z88^yRv0g zOk@ktLik0L9HgaLPnzc@1=v2XcxtZ0kUUK3Sj^hBJo2T^(yWXL+pIOpXADrbbY`FD zwndUDz!3YHfiWHQ5JXa(0lQf?8Jh&Q(SbuF{q9RUb8PodAc__*Ard6XE5HsyHq?IB zZb2e}jWidm_X#$ADr3J{v?r}YM^rEr)<65$glA>Wj+-pa8jzyRD?+73ivW)?fZ$*n zvXaoSnM2PF%>Q_f0RH!pRh7AA+ zkOU{bDkuRJXSPOb$#DORfrPnM+17NyKO#3fr=yS~v!T zE+>PGp^|0y8Mqf(CezWd;?e-hfkSFWY=FhUyip55r*KwK_Ca+tKxZ+lnsd-g_uP$8 z5E{x649m0Nj!zjf4-5~iZuJ+M2RIoQa0sza09b*oV)J6J0)2p9#H{!hmh;nKFU2Xm zTDysZJu5|Xz>;$ZidBFaV6@x|iT<1ANP6urI)&!KCQ*A|fus7#M_0LM{)_*S29y{ zRDm*)Z;_G{<^*Ly6%C<^Dlc%dxOB*XEOQN2?&oqFZl>u_F37UXz40^{M0K@+ZeUjm ztn_7NTE?u$^eTC2Rab$^-}_Ha1+J>B7wWyJJqgNUov z9K!80f<7Eh*@>y3tK$$zbs$ubRWefnRe=o4u0T)0Q@`6Q+H=$9rze8yhZdYVv|ey} zt4DJ2+vq=qea*nm|Czi{pE~F28paw4<;c0j>yaML;VG=_;tJu&x646}Yco zef{cdmc9bV3LNX#M877QWg@^;fvpN?RUs_}wG`G;Al}(V+gE!E>w>VZ5ba1^dr-#>9n5fE)0BAiea){ltZOZGt);HDAdZ70C`Yokw!6fUf<_4duE=r@ z0Mc}g-(>;37R3M7YeO7px+Fdm#^`}H-7(3Kl}l?UV8MxDENF5V+94Z+5iZ;qoF@+V zaAetGW5t#*hb{cXdY1}qZPo9zARtOU04t;!`um7fv}I9J?f{l%+EmFbi&Jb%A(T1R zEh(iam=yo!B*TNv<=#demm?+^2%E&?P$le|hS=|F0gnOk`m`&cgYK9{@Bkq<3@U(R zqj)LdR}YK$cev&+cRF31C~*LRS49K^T6Q7JJ~)tZ%ZCE>X50V>Pnc4o3H_4JrAgYj z>4_(85pLZCg>Vk6H)d#aByE7&u{F;O7aHm*4?O*93QP$^=m`V}ARH^j3+Pl9C7H`j z5JQN~|f zUt-Z&_v>SIVEsopd88KrB*SJD_Mfm)LJK{ zs^m<;$<|<620uwCcZ_`&M`O9SaE3us6~pP%*;9))(^I5=AhMkgtqLo#eRGXtNsvc*vo(cv zOfMrT6(to*WjYFL1f3xH92JiRP6;G5=c%FP-5w%9WE04^1F>QykD(}K08jC(k1RAi zBifuTG%Q7Cs5GD~!xDH|j7b6=i!ODOR#wuox$NoI=+aT(v^_u{vgpaYDV1;vkI}Db zNgQqo=e}j)A+2*OVM^av`Ok{HdPDT&wv*@f$mr{U7`y;-kwQ^^U2za?>5f>)(R zDLM4Ax61%4X`B9xp5@KnF3*5lT5=p5k?^>{tTsg4MPpRh#WH}we!oBJ$pwX!0USXX zhjX1>+fQV!2=og}66g{<)789$rkSCQC4h(pGoB_$H+p$-mn}|tQV5!j24>L?Tq{yy zjrUsF-9LJ@m3^>y$eONuO9^X&gdlajvxNKDNJ>qSnosM=sxXdBV%_1;Jpo%#jK0`s z2m%|^+PlEzllBEB1U&uReQS({y?%v_lB|@Wv9Lej2$nbTLE42`h;NDEO>Wsz06cYU0@7I# z_gL_?sb|X!NJwn3tatUmMFiSTPi&8`iep(eC*{8pmN^&$p7|uFa5D#Qeh`5c}G-^i^%XK;5{4~Gh5xY#IIRuBMoB%R}L zEv1<9OeSWTR2BdL)Gu}rx>~~E)P$d#^PXlALE1A{VY99kVUZ7tmgedxZCHZ|n zPTR72j=iRqzZk;E+bxlWYc}aAx3u*}gu(^@ggLdfbjLk&i(7sCc!7ScBwsI(ggfqG zivONlOutr=FF}B8%~7kJfUvYJe;CS;I4Lb(mZD-ED%T+Gfwltx(~lGo1pF-6bxBj(Gcu^wKMY-Q<2 ziEEQyQp*CM%}70jWon-(ab$_%ezE|7uCRy_g4iy$f;~>Zc5}wF(tyreCleSKnxxglX&*|;G*4~ka!QVsGM710 ztR!bRKjXy%FsD%7cGrz5Mh|;Uh%KIqQfJD8W>Kfa7M780%Nin{V5-(zxS^3%Xz->Q z<^KE5G~q6Od_PZC8c50I%irA9GBKiYlff@rb>#4|4&PsBSJ4?RRlX|4&@qrgpz01wNLnj z-3t1^C{zYk_+B%(HBxKHIshhr3LKT@_8oVz5e?M=(} ztQWRlor*YgLeC212F?P>88Muq)67G^9K}E7EJE7$5&Wp`KITDh@A`=Q3Z9~+1(XqZ z(i3fA#z`dfMZI@b3xdU<$4#nwupl7Nh3hSb?vZ!+-RZ^ez-hJ$6F!0&G~06u2*(Am zbJujJxOm0?8Qccyw;@I^iZd|NOCtfz-s^~l4&|t|Ff4YIE`W_fB}@k6$Vx~v1_*YP zU5F4$VqH}##VcF=SZ2s1ceP1(N_ivrkY1)&)CFXSkW9lOxIPhrV&F^I>G>)F(&#qB z#&My-O7dYJiea-Xt@1)gYp9;Lcs$K8U_WXf^J0#H+2Mx2Jnd{KFE}GwidYV1K35tyiTp4Q@ z=*pmJA_yym<~zgI1Q!y=u1!yu$lNKJ9;ObRZ-=#Fe!V`wrJ>{Pb-4gqi6KppM0I#1 zL*z-fD798sxtp~X`0BT+tiA>P3dPpaeb#bIM9G>(pX03;Jj2}|ijK|`w}Nb`q}+mZ z^QY&*qVTYpb3JX$>3N^BL9k}1g*Gzn*6;H^*>UUy(IL6+9QW_e@R1L1(O4!Q%7wut$A!ets+K17IQ|v2`5o8z~p@WLz(g zyXN!aTel!U?EE1OrPw^Y8(FGb8d(bvYJoEkw?s58OFnP8mY57mT0xv4RGrJXGcO$i zagtzg2~S!>u#(OuL|#TFOE6P)Txj+LzJ*Yteba=Ul$M1S#+7mGBP_S1Lf6hT`^#cj z@!%{yXu}F~(VeGPO7o&ik;G+vr+7Aqa=mvt>xy`31i0RlEJ;%*xRPSO+Fjcj;qb25Oe7_(;TKlmiFV_;en9(p69h^U zxp5@OUb4D{V%Jtf4n3|kkI$sifnv_KIWF-g_f z6L0F)K4}@Qu&^desuHX>*~fY-FR5A}eN7@QNwX3r0Aj{@UO$pe(6T-n5gf-nZE8CN znA+%^En=i6#R+nw>=1Bfj0hGl0_q%6N-c$wWzLeu+T}u^N(F$y8}srH_YD}GfFc^y z))|wO1QI=DTzyU;pd(Cvm#t|pV%VOM z31=#3QMI|{#I-Y`5XwxpJUSt7&1J(k@~Oi;Sh+1PX#qx>i~`=63M{*Mh?u#>#;)ei z?N!gt(XHl&QxGOk6|S*UWjOmO=2iq__=d$!iO3ocK4l#lb>mh){)W~NgD2tyt7R5~ z?CN8PwW>t{)B!8u^$~{OJggRy4772079*SPDPL_+_@W8u^4+oIhO7~N zgv~wDNO)|+m8}nkb6XP`aAuzZvl8Vcj@Re4I&r0sNL#y=R-9mJ}a?WM_-dH|l z!g+$oMm?%hZif|=bh4^Q-Ex-IjyR>Ooks`{yn=|N>{ip@d7w#AO;Cwmu0df_1;Iwt z0Oc~E0FfsIHi+y)VC|5eY}~LkSi}scXN*y`pgsd)w6+4Ibu}lUhvm*p9j}>1BngN$ zM66oTAxSw#ZtG6-o`b2GkSvNELPE)wP0|&~>~Jx3Kp0zJ-7;Ira+DfmO2NT~_IG%g zFC#B&vXxoIw$bv_mTi(!vHumyI4Hkj(8$P2go(4ZtAsy{08o8den8x#ho$%u-aSLgG#4+Ow6%Gah~-cCSU}s zV_Zs}&L$A#CC`#HRe@(ZxTr7Qt(%aby4I3nhY)P4KT`@Q%IW-~Xq4e8W|Tb{u|!H{u&A-J1kr`LuE!zEF>a$wvJQ*vTXqAnO;R>mgfirbvXubJ@Om;b zkW6Nbpn69W21xP{=fh+POY(=$cZ(c0BDcta8K?NJapT^(i$rLUL%@l%jA_;5}e0G_ky!T9|>QNjX``GxC^=J6N3I zs!L^P{jaCz3>JB}q&K6tx@5veaG9+l9L7g%8mV0NnGzyOmoo{j-GuEl3BI;+d9fws z+E|g>(+b3$^;lF!(C1oG=rsBhlx)m?I*5L;NBAg7SX?D(O06VGb=v9qNX9&InYAq- z(t!O-6LtMAT$_f$=y08eh~$e;Ndb&cZt9)Z&CX2opJtS4nMY0wPbJ8xf*F?YHxgHq z$bi$KWp|WlbD&~=r+2knK6YNJD%U+F@07I|ULFJu%Z_pCv9wbCArYdKOtl`zVc z7HWFAsCQ>$zUq^feLT9rC+K^`rh(F_TSOrmvvCsg*j{BrFWQB@A_PGETWj6j_JCRT@P+i{V6O83sycDBQms^HG49 z9Z&`?F9hdCIe`rHnI8$wwN~4jX9UTEB8Z zpR)SST#0Qx37lf_%dxedW+#=VBvklFitsgz>Nu5>NJClRWJpmo_T(0sl3lkd21}e$ zJQVAwov-1aXU)Dh%|qHHpe@zq4q>pjGkOklwoT#TCZiNsx^CNQU+9DL$;N5@rt`gQ zNyRvjlMLocS`2fdbfvac0kF?GFKj7!k9fw_Cco#D`&66V?zY{>mcpkM&*&yM(F>PZ z=&6^F3BnK##)2d3l$iN`fvRW2{Z2-fkh$`9u6Ud zrwReYTx#u!Z$-2mW#1C?PXD5L(1oO{%^}{pccbCde0_OzA4K8#W>3VS-?qJ3K)m$k zDdQPit#+y!Jc1_NMYlXU%b0F9ib2;LF@&0M}Rx8J;W0?@^Uyqa;vWr+S$);@D@d_Pr{Sl zpcAbqJ=(*Prmq0k;!(hgl-7`XMn_;>sf&X+`_=Rs8u43zT9!L>#3-hel- z_LPy8@>qi)&qPPi2?CL{jEMqXRx2&g*d7%Cjmfo`=K27K*-P3l-r|SXdBgo8va<0x zjQ%clarG_U1ucs5$f8HGF5q?dLQJCL-K(btG`bq;x3kF%pfa9AUxh=CHWkhIz7usE;V?v z`d|ZssMmQUiik5PdG)}ki>=QVWEAfDT*s-5uBZ|nh=U<^z&fq^giq3Pz039rF;J(h z9)0WECjxrHN?aAH#RIl4J58BvXGMG!<>Qu%b51kfp-8N$nGXg;U49do(GgQZpQ|?+ z;%tTn$b^%y6B*iQHh{o5yh3lAZ;4}$^WJ?qvVrApgV!#iF0&rMaN-&jW@f!fCCLq& zWNY?U2eLb#VI3Pn9MS0FkTqN4;ukkWHK;#z7aESa8RvP#8$9X zI5FGmps>M9MnEKJdZ>^Ud0!DQRN6pWftvx>1(WHRjmFQcHHzOU8Wj@D>x3_?ukxrD z2gBpd$m-a-)Tu)uqY6csP-lnBQPa`5*~1SViT>=;5)lIIXIiT#vsngQ26(;OUIypl zIY?z$-4z8N${}ssQeYQsL*Oh9?Tm<4I=jZ!>)qVbZ&j}~mbX^%Y~|3ehFArU_H@%2 zt;3^<%z;$il@Auhs3rgIkYOZ>K6}P^3SQ$dC^@aR`vJ zD54ea3J3Jux>w2z?{Eaw;Iye8wH(_=j!;LP-BzkRtO)cN7gx5v=AbgMVhh+pkZH2K zZmX=SkX%J}#3RF5-NcxSz?@~wBl2PQ=NZFf}iJC43+IahFkZ@%bsVZ5d<4Po|( z`s9h=q8;T>M3c*MG1G(uv$(ht?{CSwqImNb*ODW&vnmp7zcMJ#(!^j}qP>m!<=EU# z4Oi#o);T(-lN;7hWC;_|F_r>7f=vKD;)f+E9o#Y!YH_*Yt{)&;6_G&N=}g9}viL2n z6el`G^IWlmn_&XsPyxJBm9B;>lW=;3d`CQ?eX`3_ns7>O;d%Uo50&|)g?9Rcy2A|8 zQskIVMN9=MOFN}2W5ReUv=^%(xvzbt;Qa}>g<1@nvUWgGac0B$j|~c$tMV+ppF&1s z1SLKFm<`M#*QR5c-QR_Z$>Y|tI7fB{V*yEnXb*nqv@!dV0CdmC1;YhtP9sU?D%J)Q zk+hWfkv(YBVM^G%SA4ioB3U@7d=Li%Ye0d-ON({*sMqXOhAr|suPWuVfe4mW49icU z4BM%;zc6)dpfu^kWVk;$zbETmo3A|XkFMgGu0V%-@56owuGDXbi$LTEqwJ2)F`Eyv z`{P~UdbjH`c*b621I!NLF%}MdUa=w(MTu2MeGgoHzSel@J#rYb*toE9U+Y0GoSN+l zeK>)PBO|Fe73EgCv-`3!tJ5wTHe;CO&HUxgSlsT(aAOlqHj9?G;-`ibEDC=QKy{RJ zfHR9%S=J3Cf-B!?Lr9MdvY25HCFWcY!=_VZ5g~dVZ?5qO|AkR+0P>A@%9N5hriMV- zg1{Knqtv_)_Qa*mX0y#nB}^WKdS9cgrLwK&en)q_wJxKSsXlfO(dFj$P&XL@k$KDQAm&hsm#&Mh6Sh(g((%TQwOkcMwY84OO14X|aOOm9;#gLs zN0AGHPN3xVW#JT-Htv%t0VTWvT?HL)j~&_zf8$efWpw1zXi%&WRF86FDG3W9t*xzBWorroPN!dunsw`nh zo$ludqF3Xs|&{@Ay2z0fJ)l6<0JtGRrAlT;5lFGs{%V4t5X8PYD-am@^lo5&ZC6Dm83nb2D#)}%R?i^M4VR>D! z*bN()ZRrjoWg77Wr;O-tTO^P#%#5|(F{@xJi(S{jIzZqV0MPRkm$IzeHJF^TLoA(& z)DAt4HM2&N1*;io)<^_cr_BTWf4|niGhz9DWk7`YDJJ`7ixU;=g05&aqyG*D4bCJ;&lG!tDE3&H0gXyLFTN}cq$gJJ;}y2b~o7a+Vk;5brN zrLPbpEUtod4GLv>9dD?r167!S-30-%NB&qP22i(2(0qO`kAlMPwDi!BnsJa@$zyuV z3W`XB`P(+Cf+$8Bmx|DzOch@N#xOXN%j+(z=)rQb6fj3(5Ah7!Bio5_iNA;!+RcZ6 z)sgRva#`syE)cXdBFESZ<^?mX8pFE;qX4YTFClo+LHZK#fD0!w)uOEClEF366%8aB z$?d~Lz92tQ^oP5&i8%*%uo!md^bBSok!>+7DO-C2y1oefP~o$a4D{w zqbB>tVo9ojIWg{W(S-NYKyLVBDpN*kuTS>FWbANdB)h<9Jwyw(nJ8EAAz4dyoZY2j zG~Yw(G1G@n5*qquioz)cO;3WxkmK%OUMn9iwySn=3*2;*!bBI4?Qw(BV z_^l#x%#mq2zRPP%l2P}}az!P1TxxSD>~xuk7c`9Zh&iM4((i8xIyV>cf{#m276b?B z&8k&jjpTDt!}j@rm@h2|7ZRs@=MZyKYI6>)V&Zk^HXsn=0Y>02?YX|!$VLDJJYZCr zZW2=#qUn6h;ir+=$sHQX1N~r8SP?*?yBwS1*>~TKjJaKX3JZprF^fg{$Jf>A0S#}x z(RHfvEtzhM?=WL_x>5>;M0&!|)eLBsI`Ay%glQ6v}MMWY0DH%#9Ja{nV0#1-M7VAS>m}y2AxJ*(vx-pi!p2&$0i3sAv@VbD|7{)%Zh4B ziHvs`{+0&6HN+c=@HH4lL?=``S!@pr@%o{aaD)tn4C;nrCc`Pv&y zONcqR3sQy48fFJ`2yON~_(b|ZH*lN^$`e8Ba9E<%Douz10_uT~@sisTWrIm@Mza|R zG;9EanZ}L-E|tV3Ztx#)z}Q@l6aqU+k$L1dy(JwPur}bgXh(L>TxuqK)bB(@x>_2M z!!%Z#rA!zyot?DsY2oJ>lP%pcBQP?9?%OexDzF97NYC|PJo&MP5IsN}?f!lbJ!;^2 z#0J8uWwa$L7aQn;h_2FtF08b06{DUMmodNwc~DmiS@ludcCgTm6%e$tX^}aq=QBSyt9Mpj zDyXWxOJKwenHkb(eL|?4xsXCDbwFh1U#Av`JE`1$DMuHIGBb)Dh^ZiN*7{<=i8xnN3)ZaCh|QG2r@M9+40LgdO{?25 zzJDxjOXo+T5Gcyb9Af9{CstRmipD-qG_feCMOPyq95ou9HND;HN;I1kg4qJ*OzhHAy9oIK7qhD}Bg4Z>qBE+O&@v-flU0}v=0c~c@3<*%^J01*&=6XG zFh|-NYpr^93G&7}PmQd~JM4$a91B`cZDpB!vVY>v@Y2%K1Dm2((WGX}-B&WFC49*j zCK6Jkoq~*#N|O$WJI{9$A&lw8M(ar)Xd?V_U26MuW^M)kNF^t&j3maFIKaKZzsqrn z^kb@v+BFp){k6k=sWw^40W~!5%@*3(?^l^xTPdFTFvn1BYy?Lv8h02A)17&2hLSH{ zqGK;mvkx)=BogT@m$8JiKEMa}*!`TM^ae7wd8q@z&Cad*Jjk|KY&rXA1C~cJd_<%G zlGKms1%kpp7B(`S(BCg$jJB|$ZpI)&vpiB^mbdqtGr!r9TR`-fmzJG;2O2i+)OKK! zwknbdgoCS()nZ-4MGfVY$X=;FQaOuiVhI@;v6o;R@Kj(H8a<0Uqv6OK!mWvevYdWg zF^|MI=c-UQN+U5Sm!x`vRPDIoVoFHYpi%-QAm7B2`j!IL}PFwB^v6e?HF8+@|KQ%k3A%x05j0PuSi2HV*g0f?Iqs*2VD$=xyAQQNAXrVQTNP@ek*_++&5Ah-oE*8;^_D+io zCWli-JdV@Y$GPVUFIi--OZONpJQAYhp}C-dHH#u3EOW9TchX!M9F!!@3YYVo>e2c< z+?q(-C2Ss6ckZ@PPZ*aFWwPl0kVee92$Iv@K?uQxGN#6us`lc<$ySUdvcpL9xRyA! z!rF1|V#`2nop2x)MA*JjCghnNOe`GQK`4EJH!ooXGSto*m746jVYyq3M=-$qgUlA} zU>-Hcci8(OAi8W$1P_-wvV{=t+i~35GFfA!cA^tFOsUk2FruIj!s&6j$iY?8Bbb1_ zrJn>V1`!{a)iG?*EVIf^bdVl8+3~5adNLSipCW~e*X;JhD5AVB?Ttv+IF!zB)tayl)?j0lNHhr~c(+u}?}DRsb@Tw^|x9b@O_jaYNw*XqO>p)FIygdwXm&;*X5WLLVyd z33yw4zU&Vvt3rrh8B+viMj_P?r14gt*_b_A5aq(?24)I`H26~TsZq$ESg-N1HQl?V z{8D3m9Ty~G_m~zdbJ+wXKj~+1(q%2gxG7!Ip%3~F{1_YCc2|`Q z)k;%hYRC>?vFd{m(d+NBMCgjuL^@&#Sr-SR4o+OK!IHD;8x>!BCBj20V>w-4yquc%eQ343t6 z*}EufSI$Y@)vDnL)*Z(WE74hzR&X51v{5dYsRya+_keQRM#b22g0Y8^cQy|Nql(PWm(m6;MhJ$jJ}-=Q5_U+M%d}Y zQ!^#NMey48UECZ%VVIh5qJ~bZmCjELxT;F%)a30pS!duWm!c&Br0^Rvvr-`}lYkeV z?SOQlxPYWco{J=r-MPpk{gLLt;P?a#MoE`Q-t9 z@h||vU`rmaEb++t5M4kqc1(sqwnut!&BW7BTt+0X?GTkb>8<;H{8R(V9pjMVlfwNFSWDK5b(Mgsn(y%de1g5zBeM#`mjE;SP#xDh0$v!3xo8~;vKT3 z0Zyb)rOgtKsl$d~StM;XlkP+mY_9^&*!`1?7ura|RH(3=5CF-5t9zqd?fSVRb#gEu%nznE#XdIN3 zfu!fqGn)4pT! z6$~SxnZ}!UJLe1EnT&g>TwLn*F&ji;joYa=2a?MUcaRcX46hG62Qp?LtM2jpJd6kO zhzkP0K-6E<{>ENlM6n8mP%^*W1d8HSgrK;<%?ehj?s^kk<;DrINVCLmNbTmgHVVt4 zT79?QOD@J}jGOZ6l@mS04QVBu z*=ynXT!Dci!cRib%mFIWPaBST82q4m25t`W;{2eGqb(dI6&mEQ&JcEp-IC?aSX_6iS=7I#7A~TqpKk7FdmndiYup`yT@62*f~#Py>~p z9QVZ-zp3;F3|&@bL41|62rE}4IB^c&NDq4G7 zQ?ZCy1hZ|pz5;8A@@9VKuvw1lXF|xI1Rjzwd_2H{*_TJFSXjgTWTtssJ3;3X5A8Cy z!pcEGrYqWu7qGBOLzO^RP7EjwlEg!9QUxu-PgQ2%X59mk@q@lwqveb;$_k=N z#CQ;rm&QW0zc>{!D5_R#`{Gro3LDNpG2%yzNC=8zXNMO(RI)4cA(ri8r#+@I&IlR# zE&C18jX*-VTvP)aLk;;PloX*rBatMClS%A^*G z+|UAx#O_E^3>fTWbA+{75j%fM2*!H$0;0~e8zI2jDC_zTyezxM>hodzXutKs7dA$S ziB023pHD25&2gVhj>_p)Y7l?C!3Zu23}8td@qJOz?{^Z7P`JFkijV-YIu#vw3g@Ix zBAkWU)j7fOl!8KS!jlzK^pa6zP^wd;822Kp5L-=J^jiZKgbh~Hi)7M8t{JGZ2^P6b zch_u=u?>RQ!~vCroC5I0t2CGDBe6YI2(l=w8JJ+&D1K9G#l^R?TC7`SdZ-gFAqWMX z&T5Q9@iCPP>wv~tUR$E_5_skj{;#AJvlpT3-R1z=KP)T5!a_ZQiF=!Z49uukSV?P! z#f1)T;W45lu@jSyO9 zJRC0`H*>oT+`A5wwCq2e>t9+JHvJYkp%blgKjTZL4Zx z;x17+5VSJ80M3Eb^CfJBCW$rRGC;6l`oZIsL}6fpNJBVF(?Gg79Bc_Thl=4@jcAkX zdW>MD1F%M5Vg9;|)2)59ofB_bgdEw3f}q@zz-@~b&cFtvo0y?GyRqMckZ2igMthoB zE8|h8PNskpMzePdm)Ciy+1GeFiNOY7UM0O7)}SM4L~TXnm1~l$9ex1E#CdYmST*tN z*~GRLYs!@{jU*yb)@hDc#9Iq?6wxfZl{%w9!BRdEVL}%Ph(aUNqvbS9OxOzM6MdYd z6$BKXNHHPgOoA2=!b+tUi@SpP#{m(V7&=g$D`5O_HCuWB-3Wq#nYIcKy_9{D#DOI? zfw4DeUdM*6o|(~2QI{3Mukn!zL5HYs?D4C610M3Yq>-B><$#`qqqD5^1|6|(M;gbF zG!BTa&}0;04EDQigtVSnXhDL&Y}Ql$>?fHVi2P6_by;kh1RR~rOijCQmM;|m5WJTKR*_l zgDnwpxJ%m@0fMU%>^P&kjHT>Ga=;AD!~ly(rYq8J#?krig3~QJ8$2P5n$H|k@nA;2 zPclIuLM~~*oSQC69F}v(L+M0m=m}OUlU`r=UfS#|jcMYlQ6@pfpj9s;`b2J30-L!u z)Pn|<<%8g7i^x`>M`#0dp!&^4AMM}?>UhyZ%C=&6EXr9gmW^Fh25{jhU#_|`14=kf zmW9Mn))<5+riy7ss&aj6o)P9`M=H6Qz-20Wx5Ah3Fip2dBiqO)ca>M1%x+5yqT?s6 zKi4MFwJdyg0$Jp0o!D$HnxqtNk=4fVi-aIgX?SHyL1lI45#>G@%^D=lhGT7^G3dl& zf{)vQ{7kB)0>E2Y;>@gJz_vSWm^<*iFdy}*s(&ZGG;Mx?FJLeO@~Ne|Ag`$rB;5|N zUAmVP>w`bX6_cRkhC53^?o>25U?r;@ttng690s9|$sS=#k$X$s4jymaMUYPm%hg6} z>d|?X{A%7&p+^xdz4Tl1if~*NZVaC3O6Dua8ibC!RG$=MjbfvH3=?dCgZR$=K z0&$WUELG))9X}P~iiu7q9%X?{XPt%`EEw8B|1}dtK#Bibag!x`yn{PflINjrI zX6nz7M$HcQiyjYNV|?iMQkjkqFXJP|3?@JKx5c~wUyyazwkaS|)hqf6%F%xWeYW!$Dn57t2bR3l<_ene#{t1AdAbkGSSgS3E1apgt{1{7hc zb8w{2MP2cVUR&sklt;+nJWrKi7tmx%(7Y-pOY!!^4!?jNp47*92!gDJwo31%l1}F* zBEmWQQ4;&+{G{#*snep0TVsU2|YH-qH z zWMTF>G0mcbN|D4-futR&yA;1p%f^MC*HBy9uWTYd+L*L*gBO7gN?9ezCDddYS1lAn z{H8r66U5FL>LiT&eA*h|@b>CRV%>thiC9r$mW37mohk-nd~M~jV?kc!9*7Zhk%7vR z$AqT*PUbHa-r^;6S_FeOz2w`FA&jwYPW#k5X5L=GFlCpcw0}c#a+O6qVR!BfBoFR9 z_NAQ8U|gvk14qgS6x!eo@QW^Cb)ppT=)gu*p(LQ}PEX?w%pRGt97MLksSc93A7lJlz;|$UUGP$5SmgokX_5leb~bfOE8e+-2YES04~Hdlr;jl5h@_BV z3^Bq%L;$U{4P=z{9D@op8h}h_>wWTpLjk=AmrYPAary#1 z^hu0CGC_^iL2qF92nX4%6-F^(((e9=Zg)ts*ohb9Aepwy+u>%XRL$LFITtAO&|M+3 zV5VI$0vzVP?R9a}W2B9oiikU9(a}stf^t=9D<|~Z2o0N1xB$~1|BI$2XB=lNo97*1 zHHkrnsUKVn3``J98w*erwPR8kHeAVp+oBI7ng*y)CfFKryy*XQcJr~J^}5E|Z4E^c zdjNN+tZrjba4O8X3(k)$z{!`y^$--NvW}p$1S_^4CG~5bWI00?jBCi$q{Cd1O@Puo zfONwZ(|#$NQoOi`pg{y?b2eFx^r_%JI`{V*FF7VBdRiOpmJmoIco#bK+!XNdvYRT5 zRgLpoI%2l4xE)hvWXH&KDq;@lZKfP|3z0DHu{kRuR#}!SR$&^pN7pPeXJro%)lM_> zMT!p@mc@plppci&Cz&sedoMJ65k22+j&QvK^RYGLbtg*M<7yjDl!04)HOZvM36Hw4 zMuid_61?DGr^V7~D*CTrkRxVp>J3R^hE_a=VOo0I%{)K{?yKBE+jS_kHfc$;$El8)7h{h;Rs3`uaj=j~)C)Us2UYGlMcFu=Fpi8K z#w~ajX(#J)+qJbl22U3EuZ~lu!$TYh$B*LK$4?m)@twGwk&T9#avrVrPz`-aML5GN z(Od}1fb2;wjbSu-Ib@DJPPo&U~QL$g$ z?5MMq%6c*2(LG3tHnB@1wRt!>JklH5YAcG=13bkWA)5vn+pxjmi7?O_(}gYbW^RZH zt4sx|%h@vFsoBw~mA+j9gw@3|0t|S}&^#$SjCQW{J@$f@5BH7DsAG-J4P1!Dr6gMS{UsfhatKSz`B(2+eaops=5Xq~uvZ)@lM* z+Gw_2pj1j-W{`>LT7wcRtZ${NjpeQ85S&7^F7L^WAdR!WfL%=ZHklp?7vzwP!RYhu zNpmD`DX=asy;z@@j!|P`Rmws+D31}3(NyE6;_^7OoUybP(;Mn_GdhpUt~f}Q#6F0@RJs9=7L`R$8o=(CI0YgJzr`4y zAmd9craDcj7BgvEM;0cFBMDxuEI7QvJi++?KQB~}nrumt51#i7O~l_m#E zm9xv2F9^aa(5I_EbpXPUc5Y>Jl$U$r%3&LjsxyasGP)lK5bQj}gSj~vZNXH9$Z}nX z&x2RGOUO!8mO7zbkbyBLx(i!e>QrS&>^aTkz*bU#Vkyf>xi`b^Gs%o=craB?i#i*JX<8I4zX*+^dLhyQ{v9&sHuLGjh z!up3CA{SSfvUNU0kdctYL=GM@k;Jdq8*s0kSrd_f!L&OJEm{JZ1IHvcH&Q!6t4ny2 zhjCdO{duS?)EZk9tXal6_Zd=%>vpT(O3JLEUJkQsHdM;kK3^?PRdg|;-fe)ph%c_o zAQX}rA|s;T$udkyNv%O^EHs@>1A*wS#?Q%k_0zMH9ciH2#z$)sx}L{JP)Tg58Z6THvohPQQSM!eSIw<3z)~^m1TLMQW&u4`cuX<5n0n zD$S^5RH890vNohF-huO7DZ5O{`{SFB*p+1|GOGl*a#}mD1#KCmfD7vAB2t~?yQ6vF zPI;r0xT%2>fB{Ifl6t>`*J<)=7#(%pg3U6LUTw_h?lcW@HZ zpY>osQfcMNLO2skSNTh(P+HM9EN2JOnPI&%BLPDfLaZ^=z|WHpzF6Kxe0&>kq#|&k zB7Dh*l<_4X<$E|bZPko#B6jW$=4~Wma$k0Nvqo4@hE+{B9s6F}whdH_pz_1sH55}* zV5&er&lo7XU|z64zM7(8h9jzo?@TVEcdl7wPF+4&K#mtPyHXTPsi-wC48L2y*dnwC znBe7Hg$chW1H{n{?Q-Kusuzza=4#=$w~}xW=h*_=*(|PQaGzV;K;fleSwJo)WQfGc zeO$#bc)6q%s|U^AzQ4!|IpOD>G%<|?-YQyqxOYLPW4JGcTX!;4XeZ}n!S7JN{?|UT*f#%=zvU#!z2z&lIRsu{h`KanQ?6XCR^=n7z8+R$cmSjR7`L? zgr4z{(or+0Orc%i{gDjrWAL#{mkdNKN1a2!M`lFny(P${lF2kf2pQ1!r$Uk5QMr*o z^n(jO`Cz}`me?T`exo1JkQa<6Oto(Q7@K#(I^>;9TnC9w^zJQ#w@^P*Y{3$j;%}w5lejBuZ8}hLUo)Z2N+9 zz=zUI+pCjN!zK@BKYeMeT40-am9+FEQ`7^=-COQJgY%R(PcURAI8`Y`AoSINp|OMb zj9s!(d)SZ(5v#%%rjU7hT7|1lF_*(d{$Us+TZ(fObGEY$Z6f?S7(L-{ zVr2R_ipdSyWM5~DVAZ0>K$F51_xs{)@d>^;+AGh*1AEOB@{}lY+>-X~i5-`%$ zveiEF{vj(rc(rxJ3V6L<{z_K<_!~}1((yNFx!XOX{mr^ld!3c{ z@td*oGgkg*C!V4R^7`M9mA~<%vy$<~lXQf-XSAIEH?RMfvho|}wfx3;E&t92sT2R@ z^!!yMkyXf>{CEBL4(#t&%HKSH{{3#`dLsVsy2->~vG{)y%P z0A@T2ga5q!J`S$|EUo`@AJYDR?nAe3zvKD8v+}j;TE2E&%kPzk zKh*E#{~{|t_t>v$!Nbx(*`=mq4zvMGo z{`ViI{MT9ey#HVJS6cpSvI_mv|9% Date: Fri, 30 Apr 2021 13:44:59 +0200 Subject: [PATCH 167/441] fix statsd writing --- src/afl-fuzz-stats.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 22c0cbd2..fd9af5e4 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -544,7 +544,7 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_statsd)) { - if (unlikely(afl->force_ui_update && cur_ms - afl->statsd_last_send_ms > + if (unlikely(afl->force_ui_update || cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000)) { /* reset counter, even if send failed. */ From f4cc718fdc4571f56280a1efad3645125bee2154 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Apr 2021 13:56:23 +0200 Subject: [PATCH 168/441] let aflpp_qemu_driver_hook.so build fail gracefully --- utils/aflpp_driver/GNUmakefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/aflpp_driver/GNUmakefile b/utils/aflpp_driver/GNUmakefile index 556f6420..ad99b893 100644 --- a/utils/aflpp_driver/GNUmakefile +++ b/utils/aflpp_driver/GNUmakefile @@ -33,10 +33,10 @@ libAFLQemuDriver.a: aflpp_qemu_driver.o -cp -vf libAFLQemuDriver.a ../../ aflpp_qemu_driver_hook.so: aflpp_qemu_driver_hook.o - -$(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so + -test -e aflpp_qemu_driver_hook.o && $(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so || echo "Note: Optional aflpp_qemu_driver_hook.so not built." aflpp_qemu_driver_hook.o: aflpp_qemu_driver_hook.c - -$(LLVM_BINDIR)clang $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c + -test -e ../../qemu_mode/qemuafl/qemuafl/api.h && $(LLVM_BINDIR)clang $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c || echo "Note: Optional aflpp_qemu_driver_hook.o not built." test: debug #clang -S -emit-llvm -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -funroll-loops -o aflpp_driver_test.ll aflpp_driver_test.c From d0225c2c4d465968660a08c93857fed354e539b1 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Fri, 30 Apr 2021 14:01:26 +0200 Subject: [PATCH 169/441] disable QEMU static pie --- qemu_mode/build_qemu_support.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 6436d43a..02a44cef 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -211,8 +211,9 @@ if [ "$STATIC" = "1" ]; then echo Building STATIC binary + # static PIE causes https://github.com/AFLplusplus/AFLplusplus/issues/892 QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS \ - --static \ + --static --disable-pie \ --extra-cflags=-DAFL_QEMU_STATIC_BUILD=1 \ " From 86452cc959bd4b0d5fe6e60d0eefbc7848fe38e2 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 30 Apr 2021 23:41:06 +0200 Subject: [PATCH 170/441] fix stdin trimming --- docs/Changelog.md | 1 + src/afl-forkserver.c | 2 +- src/afl-fuzz-run.c | 10 ++++------ utils/afl_proxy/afl-proxy.c | 23 +++++++++++++++-------- 4 files changed, 21 insertions(+), 15 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 459c2f35..6a25865d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,7 @@ sending a mail to . - add recording of previous fuzz attempts for persistent mode to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h + - fixed a bug when trimming for stdin targets - default cmplog level (-l) is now 2, better efficiency. - cmplog level 3 (-l 3) now performs redqueen on everything. use with care. diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index d533fd4a..a07e78b4 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -1090,7 +1090,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { #endif - if (likely(fsrv->use_shmem_fuzz && fsrv->shmem_fuzz)) { + if (likely(fsrv->use_shmem_fuzz)) { if (unlikely(len > MAX_FILE)) len = MAX_FILE; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index a7b071a5..397d62bf 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -203,7 +203,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, } - if (afl->fsrv.shmem_fuzz) { + if (likely(afl->fsrv.use_shmem_fuzz)) { if (!post_process_skipped) { @@ -211,9 +211,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, memcpy(afl->fsrv.shmem_fuzz, new_mem, new_size); - } - - else { + } else { memcpy(afl->fsrv.shmem_fuzz, mem, skip_at); @@ -244,7 +242,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, return; - } else if (afl->fsrv.out_file) { + } else if (unlikely(!afl->fsrv.use_stdin)) { if (unlikely(afl->no_unlink)) { @@ -279,7 +277,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, } - if (!afl->fsrv.out_file) { + if (afl->fsrv.use_stdin) { if (ftruncate(fd, new_size)) { PFATAL("ftruncate() failed"); } lseek(fd, 0, SEEK_SET); diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index 2d8ba991..6006e238 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -195,10 +195,7 @@ static u32 __afl_next_testcase(u8 *buf, u32 max_len) { /* report that we are starting the target */ if (write(FORKSRV_FD + 1, &res, 4) != 4) return 0; - if (status < 1) - return 0; - else - return status; + return status; } @@ -216,7 +213,7 @@ int main(int argc, char *argv[]) { /* This is were the testcase data is written into */ u8 buf[1024]; // this is the maximum size for a test case! set it! - u32 len; + s32 len; /* here you specify the map size you need that you are reporting to afl-fuzz. Any value is fine as long as it can be divided by 32. */ @@ -228,10 +225,20 @@ int main(int argc, char *argv[]) { while ((len = __afl_next_testcase(buf, sizeof(buf))) > 0) { - /* here you have to create the magic that feeds the buf/len to the - target and write the coverage to __afl_area_ptr */ + if (len > 4) { // the minimum data size you need for the target - // ... the magic ... + /* here you have to create the magic that feeds the buf/len to the + target and write the coverage to __afl_area_ptr */ + + // ... the magic ... + + // remove this, this is just to make afl-fuzz not complain when run + if (buf[0] == 0xff) + __afl_area_ptr[1] = 1; + else + __afl_area_ptr[2] = 2; + + } /* report the test case is done and wait for the next */ __afl_end_testcase(); From c6e8314446344d3a65b828feb31f627ce11ba352 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 30 Apr 2021 22:42:50 +0100 Subject: [PATCH 171/441] Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 2 +- frida_mode/include/entry.h | 15 +++ frida_mode/include/stalker.h | 2 - frida_mode/src/entry.c | 50 ++++++++ frida_mode/src/instrument/instrument.c | 2 + frida_mode/src/main.c | 12 +- frida_mode/src/persistent/persistent_x64.c | 11 +- frida_mode/src/stalker.c | 19 --- frida_mode/test/entry_point/GNUmakefile | 61 +++++++++ frida_mode/test/entry_point/Makefile | 12 ++ frida_mode/test/entry_point/testinstr.c | 119 ++++++++++++++++++ frida_mode/test/fuzzbench/fuzzer | Bin 0 -> 1703936 bytes frida_mode/test/libxml/xml | Bin 0 -> 1849872 bytes frida_mode/test/png/persistent/GNUmakefile | 27 +++- frida_mode/test/png/persistent/Makefile | 8 +- .../test/png/persistent/hook/GNUmakefile | 30 ++++- frida_mode/test/png/persistent/hook/Makefile | 8 +- 17 files changed, 341 insertions(+), 37 deletions(-) create mode 100644 frida_mode/include/entry.h create mode 100644 frida_mode/src/entry.c create mode 100644 frida_mode/test/entry_point/GNUmakefile create mode 100644 frida_mode/test/entry_point/Makefile create mode 100644 frida_mode/test/entry_point/testinstr.c create mode 100755 frida_mode/test/fuzzbench/fuzzer create mode 100755 frida_mode/test/libxml/xml diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 8199b337..7284cf86 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -137,7 +137,7 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) ############################# SOURCE ########################################### define BUILD_SOURCE -$(2): $(1) GNUmakefile | $(OBJ_DIR) +$(2): $(1) $(INCLUDES) GNUmakefile | $(OBJ_DIR) $(CC) \ $(CFLAGS) \ -I $(ROOT)include \ diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h new file mode 100644 index 00000000..967831af --- /dev/null +++ b/frida_mode/include/entry.h @@ -0,0 +1,15 @@ +#ifndef _ENTRY_H +#define _ENTRY_H + +#include "frida-gum.h" + +extern guint64 entry_start; + +void entry_init(void); + +void entry_run(void); + +void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output); + +#endif + diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h index 1f1abb6b..186ead11 100644 --- a/frida_mode/include/stalker.h +++ b/frida_mode/include/stalker.h @@ -6,8 +6,6 @@ void stalker_init(void); GumStalker *stalker_get(void); void stalker_start(void); -void stalker_pause(void); -void stalker_resume(void); #endif diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c new file mode 100644 index 00000000..e71386a0 --- /dev/null +++ b/frida_mode/src/entry.c @@ -0,0 +1,50 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "entry.h" +#include "instrument.h" +#include "stalker.h" +#include "util.h" + +extern void __afl_manual_init(); + +guint64 entry_start = 0; + +static void entry_launch(void) { + + __afl_manual_init(); + + /* Child here */ + previous_pc = 0; + +} + +void entry_init(void) { + + entry_start = util_read_address("AFL_ENTRYPOINT"); + OKF("entry_point: 0x%016" G_GINT64_MODIFIER "X", entry_start); + +} + +void entry_run(void) { + + if (entry_start == 0) { entry_launch(); } + +} + +static void entry_callout(GumCpuContext *cpu_context, gpointer user_data) { + + UNUSED_PARAMETER(cpu_context); + UNUSED_PARAMETER(user_data); + entry_launch(); + +} + +void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + gum_stalker_iterator_put_callout(iterator, entry_callout, NULL, NULL); + +} + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index d93f37c7..971f80c0 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -5,6 +5,7 @@ #include "config.h" #include "debug.h" +#include "entry.h" #include "frida_cmplog.h" #include "instrument.h" #include "persistent.h" @@ -79,6 +80,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, gboolean begin = TRUE; while (gum_stalker_iterator_next(iterator, &instr)) { + if (instr->address == entry_start) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } if (begin) { diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 5c64d192..e031dbed 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -14,6 +14,7 @@ #include "config.h" #include "debug.h" +#include "entry.h" #include "instrument.h" #include "interceptor.h" #include "lib.h" @@ -37,8 +38,6 @@ typedef int *(*main_fn_t)(int argc, char **argv, char **envp); static main_fn_t main_fn = NULL; -extern void __afl_manual_init(); - static int on_fork(void) { prefetch_read(); @@ -79,6 +78,7 @@ static void on_main_os(int argc, char **argv, char **envp) { static int *on_main(int argc, char **argv, char **envp) { void *fork_addr; + on_main_os(argc, argv, envp); unintercept_self(); @@ -86,6 +86,7 @@ static int *on_main(int argc, char **argv, char **envp) { stalker_init(); lib_init(); + entry_init(); instrument_init(); persistent_init(); prefetch_init(); @@ -95,13 +96,8 @@ static int *on_main(int argc, char **argv, char **envp) { intercept(fork_addr, on_fork, NULL); stalker_start(); - stalker_pause(); + entry_run(); - __afl_manual_init(); - - /* Child here */ - previous_pc = 0; - stalker_resume(); return main_fn(argc, argv, envp); } diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 5b8493b2..49f1988c 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -252,15 +252,20 @@ static void persistent_prologue_hook(GumX86Writer * cw, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RCX, - GUM_ADDRESS(__afl_fuzz_len)); + GUM_ADDRESS(&__afl_fuzz_len)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RCX, GUM_REG_RDI); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); + gum_x86_writer_put_call_address_with_arguments( cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, - GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, - GUM_ADDRESS(__afl_fuzz_ptr), GUM_ARG_REGISTER, GUM_REG_RCX); + GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, + GUM_REG_RDX, GUM_ARG_REGISTER, GUM_REG_RCX); gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (GUM_RED_ZONE_SIZE)); diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 5ee519ba..81973e9c 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -21,12 +21,6 @@ GumStalker *stalker_get(void) { } -__attribute__((noinline)) static void stalker_activation(void) { - - asm volatile(""); - -} - void stalker_start(void) { GumStalkerTransformer *transformer = instrument_get_transformer(); @@ -34,16 +28,3 @@ void stalker_start(void) { } -void stalker_pause(void) { - - gum_stalker_deactivate(stalker); - -} - -void stalker_resume(void) { - - gum_stalker_activate(stalker, stalker_activation); - stalker_activation(); - -} - diff --git a/frida_mode/test/entry_point/GNUmakefile b/frida_mode/test/entry_point/GNUmakefile new file mode 100644 index 00000000..891827eb --- /dev/null +++ b/frida_mode/test/entry_point/GNUmakefile @@ -0,0 +1,61 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_entry: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_ENTRYPOINT=$(AFL_ENTRYPOINT) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/entry_point/Makefile b/frida_mode/test/entry_point/Makefile new file mode 100644 index 00000000..3b41b94e --- /dev/null +++ b/frida_mode/test/entry_point/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +frida_entry: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c new file mode 100644 index 00000000..a6c655f9 --- /dev/null +++ b/frida_mode/test/entry_point/testinstr.c @@ -0,0 +1,119 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + usleep(100000); +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return run(argv[1]); + +} + diff --git a/frida_mode/test/fuzzbench/fuzzer b/frida_mode/test/fuzzbench/fuzzer new file mode 100755 index 0000000000000000000000000000000000000000..5e8b7f70b3f04bebb98a9834642e6cc1c2c1eb52 GIT binary patch literal 1703936 zcmeFa3wTu3)jvFeAVIAYQIvYA@j?q;gO`d@UxP9_C~4y*8gET71VOn(k_g(S2E%A3 z<6yK}X{~KqeQUI~jaD#H69dvDTC4G%Dz)Q%kD^9INVS#!@3+>u>`8J&{rf%N^F7ap zkD0yJ+I#J_*IIk+>pAD@$jnnlWMzfiehIC_<_hfohC+D)vm9k@TdnlA)s=#Gf9n(sO}tj=ZaIp_ay|R*D*1c%y*%SL*OA}- zb=$|b@&B_O`q?8201+XHABm_P60?;d@`{Mm=ipSQ4P>0wK!eD|>L9({P#qQj4r zc9TEzp8EY_W)Hb~%o9lMzY=NJF3Yn+P+eUeaX)wR-1eH;<=XzA{dnsUqc%FIAwQ49 zk;V?ehC=kW;qX6%Aj9GR3q=lx-ys11LI9uF0_3?c0Dofuem6MzaPr&^BM*n462ND5 zfc&oq;P(yS|GNPEJpuLZ62O1w0KJ_Q!2i+!{u5#IykYEqYyh5}csRXn43P7v06BLG z;Pb}-e>*&Ye|12+ZVbr(Eb1Muy%PfD`C$NlQvm-*1N`l@0Q{W+^4A5_`+fkQp9bJ# z0dj7GeTTE-eF1#N1ju=6fPFgy>fI2)zbl}<^#S>B3-FVJ0_r^?fd9?`eqIt#@Am@u zKM=rwb%1^j3gCZS0G~Sp>ODO`{%HYxZVJHfA7I~00_rUfkpIGf{LcpD?+L&k9Dv_B z06#xK{&4~A{WQQX-wMe8N`Swe5g<=h0ROWC_!I}|ZC-#p`vl~#3CMp;fSf-G;PXy^ zKA#D|zZ8Jq9Dsj5ApZP4K%S0(cKth`U1J0A>jLoY0sQv~$bWeN{`Ud$-xtu{Hv;%P z6ri_d0seD)0H5pt{LcgU7X|2HVF11;fKOk59&QNe7wG`~91_spx&S`!2IQ{^kaI>r zyKWDV|J;E5ivr}I8leAJK>oD>a-I?(PfGy*KLp76;{g6k1NdAIysp?Fu=Ve=0C{!~ z!2czH|83wo+&pAm0RFQ8`L7GWUmD;Kc>(^jDnM^N0el_~XxCi<{7(qrb5a1GJp%H- z9?;(R0_y#KfL$&K;8PxeH_*?np>Sx*t24zLP@VjHGC*(dJNc(M`N3BIVck1>zOHji zXPjMFI=f%lFIqUebjd7>r(iB#ylB?!@>x}WRa&}w@s$}>33gU>_2SYDxqNh0MRoO+ zl@)`82*^CV#DlR_70|jX|DuKEKJ!Z|s;eq1%ID3QSMFti07Gz>Ra{wG4vSU$MWxkM z^DbF9Yra=haMkk`RLmZ#pus|2x@ewnz1bDjv&!d&7S39@sA_&iMJ0XYlJfG>DtgG| zP-*ePCG(*6Gb^fU7Qh=F@YIUxnX?vNQZwt4inE+nOrKRf%cj#y7cD%Ce(Ryns;Hh( z)i7wVI`vEnTdocc|EXS7Gk<>R{LqpG6$_xs z(40B*YpUjku9#I-xp>~f>N!FvUr-rB-Z|72@**D{8XaxH#bB_cJT$LrN%_L+#bh*R zQDp@*wWw;|(o*o8H6J<$eb)TSxwFWmdeIzKS6)@UX#Q;HmoNwmF4o#AuLR>N;anA} zfjekrFz9?Fl?lqux_A-PBrNC8523Eb<#QLiFzP5RWmiW8m@{i0gsxs(zDSxnud1qY z7Q9MI&eoqfY{Kk$m&~h{g5~t-Qn*{`f{RPbYZjL-n6=d59I7gxTQR%z%6SzK0fm;j zrJxW;y7^GRoW&Kc+zTrhDX6Z}((^7)IZoHnC0 z>_TDZR9E0P1jeo?5K-EGF@sYG8mNF!sFPAam=LOQIU)GE>Yj~8fQehBXcm6Of=lNt zUI6NxC5z{wJ3=k9L~Y^^z&p*EPsXUN3T#|azy&odT3jl%(6&%nWzE8J+6Y94bJdkq zR6SII--UC)z!d|$J(G)-)V;t+YIVF1E-ubU?ibIWweT`VP(!0tW&^1mIB-ob;IgIN9}HXDBxgP|B{;uO}hgvdd;5;rn58W=aP zTMz4IKK>;S{mcBsk>g1D>vH9S%{Uw#8=zHnUYex17(%txbRVSKBZW zXDY7DStyMO6#ix5zY6?vKRpls*X%WKObFaRW<&9h^q)g%F1_g6SMJ0UlC04#eMG1R zNz(K2|Ke}5e0FFI=)@_%kruz~&?%Vgkj8&E-}p1sG$u68$zLVqM~Ctpc(-};a8R*B z=+F#)BRqb6`{{WJ#oa?V>YtQ_=bpd&&scc(9DuZb3xAE98NUM-{udU0e4f?|v7jOU zU!H|`=YXV6wD8_s5BPiwkEy8lZ;FM-6xjP$VBsAT2`y^jDU-dO%~qu8Io68czYez zY~k(oQ;UV)&Enr`;di(2Z5DoJqJ{6b@C6orz`{?n@Sy{I|3AsX z=UDiYEqtzppKjsDTlk2D&$IBSSonz+{!|N}Z{edBeu{;kVc`ob{Am_GYTVv_$mwEWZ|nV{7MVY`M3M8*}`ApBJtZ|;g?wWRtvw>!naxY zD=mDdg}=(e_gMHJS@>QH|6>c^XW?rte9FTA#KId3f3=10xA1iqe!#*nv+$vVeE+Yv z@HrNKxrNWQ@G%QN-ojsN;qxr~bryc2g>SI%`4&EI;ip*mMhjnH;S&}W9@I@9r zY2iyO{0a+SX5nwJ@N+GElZCIe@Hblcr564s3twm9e`?_yEd0$DzRAMhV&PX>_@7z$ zW($9-g^$*6%!wvOMYiULqOs2EQRd_^p-{Abea@p+CM35Vb0)HEn{YP%hW9H#im*hc zbZQ&^O*oBk7P6*$1wM%|mwM?=fsZFVl5nfQM-t8^+$`|Hghvr>68HeZI}olDcrU`E z30Dd{mT(T?GJ$s_4B68Le#yAtjdcpc%fggXUZLwGmBtpeXqcz43h0^dV;9N{K` ze@mE4_jH}WzaYFP;YxvTBFv>$x=i3k!dzmdiv+%gFqc;80)ek0%q3MiU*N@rxs*!h z34AHxeF^6Zd@*4zozfwJ&nL_!Q@a1ZZ2y^r^9ZK|K8^7HgnI=(i7=N&=}v)(0?Jdtpjz&jG2M7T)c5rhvWTp;i# z9|JywaK6Bs2p>u~PvCb5A4WJ=;MWKrPB!0QMf zNw`zsHH42M+$!+>gpVfNEbu*qk0IP7@NWr!mvEiHzaV@p;YxvTBFrU7x=i3k!d!Z! ziv+%gFqa(Z0)ek0%%w&;U*N@rxx`5434AHx6A0%Dd@Jb^DId=cSX zfiEV^sdhRf@cD!}#ZLGCTkKD`jBrZe(+JNZ+$-=&ggKQ?cM5zw;c~*Q0v}0uHsNN0 z4<=kexJlpx2+tv0C-7c`FCknh@L0kefYN0G??`wa;Ua-Y5WbXffxw@91o$$-`2ueu zJfCo$!0!-VKsZ<6*9b2p91{2?!ixy^4~YEO(*n*{zX;VTH&3H%GfO9)pAd=p_#P19upHxlNQG+iX{HH0}8O&17! z6=6<6)A<4~Cd{d4I#1wB3D*+N75HMpoNA^+0-sNqQ_OV#RIS|Pb0jHaIe58 z5x$0Sr@+S(t|#0o@R5X<6K)pxV8SuNO#&Z4_*%ks0`EomI>MC#k0sndxJ=+33C9T+ z2|R*uBjEypKiLF0K{#LFO@yx}oG0)*gp-7G1%8e23c?|QUm|=1;r=aRf5J_KQvyFu z_(sCL0&jXRKQyOl+k{W#w|LsQ)6SW8_F0XiC%?D6GaS1O8Kdz}qsbG_95pRu+A+k& zfF}RxjpbR>wyYmfy?5fW>_^rBGr7}jKp&hD@0xzx$KmBS12r>wLOOd|D4INMEXp^Y zoYgX-dhE{G4JT*KjBks^-#3R~(0cdn$?ttHtNH+Ps|mZTZgg11tFpUJ&Kl94MNyI` zJPvl|O_8G}FK#ZFcHy)iPAk3WQIPJtXJ_O%rVKw2W&fX#Vg3gddAcHZR^%B9eYSE; z=-me z^BmThJYjD|h7>u?5#&5i5M;TReD_qo-|Id(8#)U)!jMCf1;|q1DFHTYl`=02@Sp;33viPH9|^EPfo%dr71#-WvSrkP3hXJsXIq5Zfdc$P zfg=QXK!K?O+@Qdz07@Q>CQj%94|CZc$AI0vk zaDoy(rvD~RC?MeuA?&P#v=YK3Gz#J6kEx>N|5U;&fXwAWxJL<3E8!0$lnCKUCHz$h zKPKTsAw-q%kP=P@RFa+mN_fBN*w5cGs#6r;_`_`qJSY~tLIL%MGZavNI8*`khtUeC zKfER_im5-eE1>?cQUUdcDh1RZzOR7#!z2aNAF>rtfB2U)BR!i7q3{GpVDtAucf5*&XxoP=3I_++yU|#{Yio#-(1b9Y)V+8nv0@DCU zgn9uInaA#?w=gWA19xk$`(F}Tg}|@?!e5k7O~S20U|0a*Pf9qMgr5k3VF83YlrWZr z3L!8ofN-l4UIk=k3V~q(1dg4EH&lQ*N(c-KAY844t4Y{P2n-7#R4L*6BxDI;FC|=} zgndacEo@*~+P?e(C2Ry_o)SWv5@fJWobVSCRtw=eC7i4!8cDca2wgNI|3gJ;D?52b+5{?tXO-dN8gj-0+6T&Pde2U=~x|&VG zXd&b);R7WcMZ)`cvE|z~N#(CAVFU@!3*kv6yr_hy0hxz|aJv%zri5k^?hwL!B|M^p zMSx1uaZu*CBR1o+m_Mfd@iqmtKVG4L_D79dG3}3sDnOoL z1++g_DWLt4?tmGC_Qy#IXn)LBK>Opr#9A@!k82dr{&hwoLKYm#V4=BOuj}MZtP6+i%aQfr5B-|~8GnL@<$6^wi zgs{I7oc?$a2}^{~|Dkj{r$2rK$oxdA|*Kev5bV> zgm9=5oc?$Oppx{z@5tMuxB1iETo%Abjo4NOnj5!&aux!`K^5MEb+4Lu*sH(L^CqGqSRJ=ENg!MU%BX z=6q&AV)7RAYb3)DM&7DVWz`Ra!pnCdOOQH%51HQxwdSq*w?;huKGD&5dozX$(?Sjj zNrxXKJ$vo@Bh3ASu{mqsA88&QjLlv9ezxfvjLlp7{wUKs7+bLR{T<9p7It;bTWjAR zZQiy}5Mb^5IrVR4nGXkJ#}La04lQBVzP}@}qec>2*dMK5J0cn{?38q(*hI6Q2G|x& z)Bsi7hE_MD)h%rGCSkOS>1eXOm#F=~B~7gZkrMnW;-ksp9`pL1nKW|}GB>PkNd6i* zq)=mw$rcPGqrf74x$^5Q(2ksD%YNX!Ke9MpQGysAR41rFP zV7j(9nyg8|*Za(9=}kZ+kO95OoI^zY`uvL?75mh0%=5~_NYQwNJo?SA)k$GE6OH5e z6sU)NR6Lpk9(lGk=cv8wH|7dI$YCx+H(~I)x$~f`@aj&KfLSu_5BdH2Rep$BVMUlmd&V*BZDKqUmtgVxsg=P-$9ijo@caI_0(@}MP9F;^C(lAI!j`D#H7FB zViq|VQHV6%^KUvg+U2%i+vD;-c3A#rkS$d0^DlKUgZXFZ6L~OpL@_2{{0xO}$c0$hj-3Np(Un2=b>vCZaogPXHqSlkDk|mOmB^!yls-CJ69rbFOk}1KSjAonpmiF_H1LfIFkd^@Oh- zBZjMOGgt0D3RTsn_6*k}{8KQFe<^dh!^NzWl99f2v653}wO>K6nZbcE-iAFTDTbicVrGJ{m#nFW?;A=qlV zFWn>7tnKTHJcWU)<|*@I=B{5~1ic0O4<=F>boD=QhHV1;Z&3a`Pyg(L6!So>cu)Xw zkJg=Adb2Q2!akAKBKXF#LUB=A&3+;Rg*)XdK$#PFMcY-xe`FY=0wv zR9o8*qf7YdjtuMpt*4Jx)q{rqS}NrY)h@HnJ;O210yKPxH4w)cyW!uA>w}`T<*(X) zjvs^cg+Ay9Yd?Pa`Z`^Q66EvkX~%Qn2mL@q^8<0qLI@P4K4A-2KST9d-y_X3dwXSu zj5e11L(8+ie~B`rz6^V~V)_#-iK?c1Ram>K(r#E4@I8h^yTkK{7XX?ju=jsF`f0ff(* z0VAj7ppjcD+A;7>C4o?MO+n8LNtx$ah(w)<7xu>^8%>cS`^{aiVN4muzD|EIr;=I5 zc$DdH@mlx^V$9V$BU0089_n>Ps9y`yIL>GJt8cH%ehSGx$A7+vJz*breqFQqA!>3B zB15SDv#jv+$KyHmwVOwTZ(b{N@@yLz1z=?O7NzX)#V7y1`Cb33%!s$~+E&D;9N=2a zr)+BU3_TY7>vVk^UC>Cb(FXl~^H>rfD3_1p%(pM2q=}CXBfy zMUQa%gG)n?OaXiIn;T(CjI(siWG~Q~>O;!JaKXZnSV}|_ zN#bQzEsgBNGPaF5Z$r*#VinU|!SP2_+1^R&--W6owcsz~7R=IY z@)wDy6bx{aY4xq^3Z7@CjtPaJ^yCA`B^pSqVv+@5wPy2a*GP!B7Ak9Tb3_xaj)=lw zQ4+0RS`rG!!m^HWh;?-oZff>~BJ2o-W48l(WIXD!uUb;wCKZotFh2+X^mEt~aGi$YL$^02+vhT3Cszr6?T&7BiFTF;o@8?+E)OZ!r9Rho zraN9`t^a^0DZSF8C)*2zGqisETAwX5fGug}0I+piCx{Psg@3C^=1omg7v^rN;anQW z>CB@4V+JGW3w92$61Kmv*sieHo=LWREmM@f{lOdDI?JuDF~+3l zh1elOezz~O2>N1Kda{jPT4K(-(^XZ0%g8T96id0@pE$J)K{KCN4hV&wny2_>+l8En z5f#nqj6QTuvHpv0O-JJ|_}jha`#X(rTy3IX+!dH8R6Q5LV=e;3-=Q;C3RXQ9ckbBw z@35ezq8~#?|(sO;f-3L=Z zo0|9iKG+WgI)&g*80}Vevp|)EV z>broi<=xW56Ya{)3aEP}5Kw1|4?08Km2=H8r6a|dTfx-PhSbxTBt~XFOO-bYY7ajN zB4M+XBRj87aXcdilSFfC-{ARR@cd@)aw(+qn_uCe!>Qhy-wa&rWU=NqZwStr-z?ea z7Ss97cW|-JXXDOqF30se#eTv0O{+{tF~7M>6D{UfnlNV7i}w7cej_@ivwz6>d%U(& zCmq;*n5x1Pk!L#6t_av20fzIpW;5Q+;!r+6V|XmXly#>ZaanpWt!Q}*F+ z^V(X!zHIneTZ%AB3t!{t*R==?*8ppwb)5JJdgxbtr zr{((XBJ#|O#*-AArrOLlGuh4JHM7&~>*6r|mz~uoyhh3WnQJlUu>xD)Xau;M3) znBqo+m%riS7y%jkcSk8N)NxbSoo=Kg%(u7UXH6sdpC(NdgxQ5wm8n%H=#GoFGu`nB zyZI|+E}e%VE?p}8DM%FaUYC$q#U$imROuUnQz{X?G zv5b?YnOS&$Ku$u^V~{x!*<9a~7mwhuLEE_zdDzaKl=zLC5l}7idkz`%vyjhVgq7o6 zJBP~!FUYXDylv<4#K^I@ylLm~xa4MVdDY3|G03tQyfGYuI!JBhNe!2WXFOJ(4R#){ zrd;HJ>JSd;XmWN$b(W_BoVzdbMd$Xraj`Ol=Efl2DWC-ZQOvlt?r;h|}{vmnC8 z>E?@I$prVJbi%F!$U-kizd2x;c)Y; zHnsbI89EQb2#Q8py*R+_#0?lI>j!3slg_q(OOy-wJ)osDrY0N?`f&`=wPrS3`oZtB z)cp&4;>B2W*7ku{Gu9G4=8ZDR%;L>!{04 zWk*tWBqagaGzfC1TGNaj=_*Z&_g|vv9f-d`)95Rq^ba%*j}N6!)-?SleXOP_dHN7d z)3MXsqlOGSGrgOpxr3P|Ge18sJG!)&!EXRL9X&%T8skfUd_RNgOisjADl!>@frVCCD&IC_NQ_pkn1} z%|KV8a@mM?e8};Gf=Wb}0l&O>@60mtz)sP!_4IL>X&Uog!D6O)*prz7*4_Utk|3qM zJ_Wxj!|e|~V}h29SP2JQe3p zvc0l=Prrf^^HZ+^VA%xJ3p?^`hgVUYaM@>Wqk|+6;jXzFCXs9fbCD18CM#dB8HqO` zBVVsM-_J*d^ zzL|(A)8mCt2&;HIAC5LF{;A{W(_&n~$x#2@v#r(5??H6O*ER|L?R=7Y&EBZP%ty{> zLJ%e&=jS?t&IR4kL_5udXv41;%ftOZ4pa4&p4fur`gAfw4x z6NP|;%hu*Hw8xWCLBxtgxOVx8w@(3NMv5V0Ok=Z9^3`|dV(!JK$Z=YS6tjn8>$%T-w#kokhsna?1jD`ya%x+ie z2%eC95OpH!jVJT@BZ0AuMH4YWByJ(M=-St^**snXOy)}d*m(Y6!%d*}9Q>Gx-kc<% zxe_trqimlvjG4o+E;h{JAD0FIVmr`uwpI<6Xjj2>5$fB`tXqn)MNab>H{-DotKc1x zI37-hM3n-sB09cydLr`1%tVsh6QZBV&&0D2GC#p=o3ZgQZ7OR8rvYxDi3%8^!HNiT zCh8O4=%Q)GBbMt{tls*3jn&3u+_Mug?iU#MNfb4y2a3bh3?2uUazkvE`6DA%CYvo(Ly1xp5aWqb)?3Yn59_=7Qa^I&gqE zp@gJ_%R|y~F-Iavdi~n0X!&E&wXbGJv*?^lsjCF08RbI8T8P+QR+nfe(Y$)DD5TFq zy-$>Lq?1@hN_?Hn&xabJhsA6o5Mlm)g=2(ikWV6n$}F9bVy364S2?Ea9L$9XbDeU@ zYK&~t(6?+o1D>qA>0xFMbUN!kf_N8=Y*RO`2mp93*a@6i5qcN ziwsjEsc`*DDU16}9oP}LFdSR#z=#`i6~)iVKuicZ|*Y!0vBTAN)mvRR7xf21m>+VuJ0%*`2@fjHx1FMFYT zO$8>6CS|WLBlg!hp^QH`6%?qwlI}H{%E6E&l%(X-*e@$t36ae1#D30sZUHDh{sa^4 z{JU#-#TdvhA*o4%0yQ0*3lcpm>Wpi*Jx>_((rd7r2{}lQubr8c{mMj)oUqp9xEz_> zIX%9PVUhRmj`qFKt7a0bNlLiGVHX#q=9gGr;<%h?)B%DOR~+ltYEd>3*qILQk}leIiCev>ba*GKQE6xC+ig!iJm1o;S&LHUV96_E`QDPNqb(^@YaJ#ylkL)bi9h>W< zq_KW$|8=<Dne z!6HLu#>rLew&;tjBZBD`#?@%|^n`P*THw)>dZ$1&Wd8P> zEGL8}+L;HOL*)EZkMk6-WTKtvj`Cf=`J(;dC6`B~6a3tFE!;62!0TV?jp zG!<%If{5vPunM#%GY)@9N>3Xe{jFiqU@nqBgl~?z75zceQqkqC=;!<5&v6Ky!<)Dt z6LOe156xJ!geIQJW+nt-ay?~Ew3^JcnmBcmtCI0P-8OL#xSPhmxu#6E_p!RnFy`03iJ1qSNj9ygxST^?NnAJ~ zXEAZE$9ceVKc+jHY2tpE$2GAqJn>!8yoi02rm0Y~6^ykd(t!DmrfvdKZPq)py6x_`n z*cEh@)4=MIs|0@;?piB8(a!R~lWY$3;zys)wVi1-bG=tEM}hMaqhI}On0oNna6wmLAw8iQ(O!F(6d&iv}v&^1Qr5-O>_oj-ogP`Xxg z3Khc$mSmj6O>4_y3v}R^{MgL+lhYa1?a^Zjo?GEyTbuo5Mvo}ot_GiLgvnIpPg-%7UgB>$$w;3w8*OHC{}dAp7`@ACL_a#m4Pi{ z;-zTDnwx3jUD!-aF@Z48culUen#{DC__yD4RZ{8GZ4>i#b7tmWT~j98`93-*T=2WU z;^MLMit@mdY@R?@QOB91kb-8Hc=%z9HyEMkBBhNP)b^AJS*x=bt;tyJbx(e+kEMXYG) zI5Alp$4TB^co%!T-pu+Mga&su*n*pG=+6ac(3+Jr_Wo=zCQ(3`H@(J3t;RFm@gW<( z3S8aBlaYCj+BlGrXUHrFp;ofo$1MNY-5J~-L1K6>T)9~U%co$!q+kuG41y71W_p56 zu>@mUy>K7ql|VDmr`ujw3GSwAo$GB___Dg>D#5RK*~R170Of%v*_`49l02VlJJafg zzdO#Yb-YK%?R@1dUU<;0z85kNIFoEPdc7*wD~YSZ=>|78Eoxrb4g>T?r%qvEL71I9g@!DJGOZ5uGS0cxf%;KiRg1@Yq&vwqoIG$hF+Ba} zsy(08VWc9y@E!Ks$Mydo4QC9edD$-uNoP_qe)zAgunik|+LU(sJR zEfvLC(S2|MXEB>T4g2g{WI+y3+1d4!*U)pO%0fJR!&dl$>nbaP9b*7b%D^!?(fBny z!8Z7UDjkCevx#Ym96gqzm{!MFcZ^GK^Xax@^n$yY-{Cp{#y3`n@s0SSabeqWrgoMG zo@BGpbH`SnYdh2G7&EU5+6Ywf)nt=w3}rMU|{*O`ZxS}Q#|9?VkC z;zTi=0J-kTJm5^SDfBqc^-AIlh@8cV{&1w*o-&KhwC_(T3f#XQY2V&_Wv}VoUXz6X(T!p2HFpqjIFR@zA zv|9S7%qy0T`gGgU`QUC&SmRn0Pq(o;j2Fa@de+6`014%RC)u=n;h@0h+Rn6EdS9>B zDIPu9K3+MCrEgo|Tbg;mnPgM$anAQjV$Ma*V(CZo-S$kh=uGQo${nD)mKKJa{vnnY zvER}(6>9E*h+mhbrJ}f1QLRSg@We<@$RSKTmWy=ya3ynzjwQX4 zg{P4HDUoiB!`uAH(QAO}+hylGy!?3p!w04TyeJBz+jy8{jiI|19U<;YgxTFQU!G+? zrqx~FfPCt%xjx-?*IsZpD;{*+5~CZd!{|o*IlV3(b61oHo@BF&7kF}fuI)^#yDs!< z4S95oZpvBQbz{PJSLOj{lFb8N_ZzVG9hp{l-QDBdZ_%0VDCFq28P{A~cNK;wzo>%_ znIEfZD%5-mMqih^N<}Zd;8*mdrlq2rSkW3BN`2mlHZxJ!s|RgR1f7V-?G1QO8kcyh z#A$d;0^rx;Z~g)1>xTxd1M%=0+$IIpta*=a^G&D*QH}`nPo^b`8B2{!cU(j@{sCNF zHMW3}d4hTkUI#ME-OTbd=5*38A4Ec)#`b1-6vFLc|Ahm&le}QhU-_;yp_fhIYvjy1 z5DQHp!tCWWq0edp)9U%}9O5>y$EVw#UkUE!<_BC4$BL2FVZ})Ng@1SP*pftf;7PXn zTc^*pooV&_YOmHdkB$|iau(0u)ZlwQ^MEtSW(|9_n55M!iHESrSpxN59_JQ|&UD9> zG}$Ky`z8~HGoBNN6tPdxG!<&HXxn*oqajQBFTY|W!_>2WMbBwkDq0DN)1BLy%MI)K zf5hI-c0E5mDZulic-j-5zY?lhGeEc552}IN5Mf?tTGZTZsgdc9Mym18;Ocrl8JTCO z*FevgEPrB_7e_jt-;P8&*r})BSxrdSK6W2JNJoT;c+xdl(lM=0J&t)r`Z}L( zJ9RF&n@8?*oj2K@$Lf-+1b-cFNNd|L&qR6PNj4{XU1_P$wVi2o>R(TEYpwL?$@T#} zjR_9o)caoRJ2mqFPqKNF9aiL>>y^Yjlbpq=BOd26i_Ub%U9`po&|PZ?!|JES*F@~O znx;a{p-{}%<otSPk3}avt#?DC5D2?Lz2-AITw)dB__~pD8v!Fj zA0?~jOqcgZ@g^2&GUjM0Brr$Q0TR!e0!+wX-bzW%V5PVu1gu=Cm^H!SP@ZH?_iAb) z$sBmI3tqv1gzzI>F1j$0Zo!2vq8~hbRbJTU zIT~+lHL!@@*lNKl~^T|@?P_B zA1*s)qjq(P-Gp7O>9`OH6UOFB`ZYoMrdxA>Wx9t!bWOLEmBrh0@w4V~nyw!?Q6mxN z0jNloKOUfKI;J}emA{;M#W*=W9m@aDBo`m@@p9=NoSD^}hLXxJsrSO?(Hi)l{N$K6 zL-~}_oWd-H$RaTbb4Vv9g;@&Q%<$iEN52VgK>L9L&hI7ZyKt*xQ1@o{l?#}x%1rqg zyZ3Sybo+Pi2#RC%?_uuqmeIcM1zUYn4>|%F9!n)SS4$H~$*1>uOISqi^Ug)ey3hMp zJX}2VKJU&D2v3AjuJjcU8BOgszqm)L?If#2On&0As6e3JD^x}nLCMv8#xUIWYsC*) z!RJ;YX+FdXw_9$~3fAE@HOB1W>#n2*5`0%*vVi6F3UM6^mfY=lgcga%j+P9l{WDNt z#e`t+goECxrPRAqE*wT7XX2JA%+H4~^kQ)Qt?BU{FmoVtTsp?~UN2JSL+p<6Io%Th zh*cY7Oj;L_G5X>4C+v!j=PU&sw-oW$ZRGbJgG-zuZEnIqAhzsZl?#}9w%@xb}0SBVOj|Nc`Z!b(uSw&#G4U8LdH@S8+8*y#&j=U)QJ;X@dERKXwvaG>-n!1$`u!bqBpSl zh`=JqNSVFFn8p-H@@dRyCPrcgvs*FaMm(!5YI_*?`gZ=cp8;qPg~&+LKo<6s{OFKX z7|$SrlH{>;c?y8`NyNy@zy3e>X}x1U1{@^-V-|<9c*giA`%41eQG=Jy^09{`8K7g6 zgLw+a<$MeIHfv@@P07m!taz*MyXn;TL13Pw?}h1#e1Q9In24dOe)A}X0C;@ibLwk} z+RjAbb6Jl?%Re;cDaX2aP!y8EV0eV1O-lU%tz@Z(r4(j2iNc4`qm%!jy}*_a(%g+a zd^+|)$SS8wWLhPere$(E-pTZU zlj#A;bbfe6j>T!5lj+Y+raw!j{7g>$PzeRU-^p~pWI8UqqQesWZ%(HBoJ{vgrqb~8 zpIe!J=VWSiGPNSpggRu9fU?NS`C}*NpPZb35_agR*uSH)Iy*{vpP&ZWBu9FdgLgu- zyxYqB?on9m3b%yJU8=kiKznNchEv@ig&FxbM*hg5etJfBSe!ipuUrnn@8CFDTkyZ$ z!eSwF3@X$~fxOg+Q}dHn;IRvRU*@unGT*hvdwC>Frt$+|=sci327-zIpFENhwkrvD z%8$JR!;bS9(FXT1q78gDKZ&~IawS8vuakyxe0x~5?6*vIFt@TSJ!AwFvhQ6QSE zX~OI3`q_gP>?1Wv`to&b!;s?bb1};|vn>uS7)u3t1WV&!h#8KO(lJ)9x6*%u)^x{a zgGPm8ZGhC&NMATv4=`H3im=FkC0K_$a@uG~^qm_{8$>@(=x~**!Z%>~mr?cvEnB}f z)sU0kl|&t>3mf8*<>@!FoMvn763kd_dLjQHH>HmvZ6eshM>?PB^URktsfsi0m8a5#-w+ZrbKF^_NAEl^Zvd` zs8C_@D;JsW8Ppb6xF@jhhO^z*DELjY372xL=%!OWd%4EhFf3>u+M}-+#hiz1S+MdZ@MV@Zg(sjTp*LaFh<#P zd{5SNnx}Bu;$l+3w3v1m!wIxs)@|)8kNB;9M$&Ne$28GtI*~}jSla&kUG&{V(-*8! zf&Gu8Yi)zMrxE>f@cWGOWil>97~goYvbHI zbS85&Lx()4i7go&O^rDbNKspx_q--IA$rkd%#znZEJCtnvA(``{e|J>qbTZ1hv0~( z*<;{Ezs38ZN8t5L{AU(@%L%Yg3oV0HOjvPlo2XrHYU-WIuFoakaQ`t5+w?eK^!eo=ez?e|h5^3> z*qx{PwB-l8O!-}2=xeysxm5aobh$LBaM-7? zr`4MkzJ3xQl?!ua(M z9==|tBT}ef1T)`TG};dbKO{mdI1^cj`c-!xR)7*f1Vi3T>x=#OP9=&SC@^ zMxiH)oLDv{@cd?Zaj&_(4%0K?Ia-_0-xWFx9N}7py)yfs3QFerYVm*M#1 z)AszmmAr@Z_g~2(T?UhWdF&qQ_dND0lrletfI~aN9x(hD>j>XN`LClRWbD`J_m-^w zEu9q6GFc4$Z!mo4EUoG_g+nkD*BcE#(uu*V*Xozp4;a!fo$dABIWqXA<_zhYm?zlr zaC`Ec>r6a7c?ukP!Vi9Z;w%SGXMbXQ^1O(LqB8V@tC*^vm4meNIRU*_l{1`f{OO!K zp2>X98PD|f7g&mW_Bs}BIIKMJ!Rq6aKE7D93G`+ieVJ6yLo;_5HjEheD+ z*U>Fp{eFIXg8M(8Ow!3@Q2+n&a1Gr8@xNgINBOU#p@aH=9_;7Mq3~*v1V3+AXeK`s z@IEW9${H}Sl}Qyx&UbNwml`xJ*vejzY|oWhA!Y`T30$~QAIUP8W8+hdKlewjPPRne z#c&`q2uu^OWRrDV&Q;sCeH1>wb5nTNScoGB_5skn{0w{kWZO2Eh@D$m7zRxzE=F0i z1spTAcsf}QnrR&ioJzzYbW=E2YTpD&5c^Ueg?A0fF`-K!5>jMN9ha@Asu6wMUNP8PLeO3L+>*-ANtCyGd=6vPyXz$gA=q z(XU({?cFJ}@E5UfOJ_U$8Y;>)=IPX(ZV) zEXiy7&E=dY3Zcyb_3jY~4YpwSsdiKj6-hLiEcRTc5w?iMh9r|wD zq3^yO`nc`T_t*}7&*ACb_bJ65*bUN;9GFEo2jhv6Y@?f9FZF#Q7k0Jxd-CDE`1k?M z2@h9CCL5%C&D?CqOJQsCBL#3&!7Zm=^C@|(h6LH)!1{wQMvJ^X`1B`-|Q ze(TroRj9EbF^1byh5d~)vh^E>3XBq9lma^lumgc;Vg}*{K3*+Fa)pqqz^(%9s=!zQ z#wxIz0J|x$y8yc@FiwDR3hW`k9t!L!0KU@gM{u{jxuP_UhyC5$dy}4T7RX62LP>W4 z7j5)$s@@y%-13&bv`Jx3;_F!6NENl2Ur#9v-^Vm*Xb`_e01MOs`49i zD=uib0mYaZsMy=nJcNzl0ndT7WxTs9vK4FGnysb^$8IFZRod?Y;58o2+S9;hAnO)p z-D0A4)*q25{=iYR(_{SEA|OexK*h=5*f3_P=LZWKKJ94DM%)7-Pxf_*1mJVCP}&1G@V? z(_-wa->y9+oA0xQd3 z3Os+|p_zPlR{CA1Gw%0DNR!=o%w#TEMhE8cEPzG=xDx{ZK`wkY26qW&#PNNXpNk(A z*dh<=kL+-P?V;`QN@T>cEcra~atfX4kFI|+mY#KlYZsfN=KlivaqPiwK$I754tHdW z0S5WMUEi~Rk>+JYFSmapeiStHQ>6`&tcQl6iM?M&=FErTi4|WG|^zYcOF*Ibj*YU!o7i0~| z;LK-Leptf1jJ-h#UN?72W~a@A_Tw_zYnHIg=jg|)f7I~xlMY?Si!l@S!XK|mu$$ZN z>iL^D{z(~jg=rYidA|-UcHP$NiVi0lru>($&(lwbtSC=GPgBJV)*qa+KiZMElXJu1 zB4nprn6y@!y#3`v9T{E1DW6ZL78^@vfNLUuGi$-M$7uIxgLD39_ouEqg0Fez zbWB9rJd8Z<&^sg}=FZrdu75Juyy<0=k;|Q78!ngRWSG@BSEY#bn-Im@8O`s01j(6& zVx5;KfH9RALWXOIv zjK*M&-n}z^HJR0oZez@Ugt;v1?D0zc!`COiKX!l$9c}A(Y=hMbtU4M^Dlq3@6Gp;E zcLDEZ;nZ_8zgaqDx#;H4wO}5NnwWW7zOuV59X{V94ylto(U#7S9nbF?i zb$HS*7*(N!EB8aK^^BB*tKoY&NyNgXUKS0hjUlHZz z86S?}AqCtE*nk!4;N1H&w|-xYp9PXHQe#<+O$W%+>UJYnz!q_=i>^dVMaUL;={G+5 z!>_zybdvi#ck-RD-vJNl!imV8@&QM7NFRYW4ObEIBmBWfs(SDfO4s9$2%RJI%t@pr z@U_l%EG3vg4J%DA0jYeYR^Fo*WSH@2KVy^O0z@-5xf!t+L)YmAqaMBSW9e;ATy6yNF`D7FtVujnt!62U$ z%a!JP#eNuAY&MJChhmOm;S;Jl=Q<-aHh@;t8S-~D*kJgEegJjoO%0g)Lm_R^k(@|G zOU(VCSu#W&(S=W}lI~UMv5GAv+%IrDY0<qtpQf*!X0*vLV1&)*+%2`qYwg< zQ-yqDz#cFy{^&Lw$YgCUUC@{hvLT*0n6bNH%HXvG4go?%OTa&sC@6DPE}ffG;~$7% z_@dd=X(i$MV^o7EK}+-+d@Y;G2OQ}$cugIFURVMRqa{*eg+rZ81{bc~+&yLsu_9QH z2*&eBvNE?L7w;c^j10Wm_ze)mBg{zL+3@aR7BF_zf#$ZqjB%d#2UG=pP83R+jU(Nf zQnm{E%(ET=@=^tOeBnfuk(TK-V+n|iy;3q4y+ZDSK4F&NKr&JL1iaxQ$my-6XFwkE zQ3bV`epVqc!r`L|v_V0gsvwNk>)>c`)zPRbQM=I`;k5b>!U#9FXcOr|v3#JI<$7uk zJR2epno6*2EX3mp{|5YnJ=FJ<=e(2*u{BHJM*YNCl^`t2K37k|+1A9BN&W60z!<}U0Wh?fc#I6TB7 z5$0RsP#RIt;(tNj!THJ_P@(z`;E`}%pwYe1A8r{qNo?+A(VZr0+&HpV1## zC{eQ#b1_~jZpCC1U#G8aHGlOqzcQK_Bg42KKj^EjCd{YU23H$FZ-sC-&I?-*Fk29* zQ{w*mpi6|-C_$6yeg7+sYbVI3JFZ1_G$4m_l6L^val2*f>1&zsK;~;)s1)R9hGTDj zmtqF`cRd9H1} z1+=^9isnKt19gwbZwkM8+b!=c*rNH!KhY^a1?Bwtqc1PxJ_~n1l8(a9 z5MKP6Jq_vlNbAOfPj37hX8!;;kIuMv=njIe|10Kz9<^*sQthkfr~!~1S!PJ#OQ5BbJ>LtB40cj*jR{?C&4GX5L6Ic7UwtQ zNTE-#@^bq2puXqzA6LKJ5BU^lBHZ<=Pkp9~nqmCcx!;cdj(*KOW$Y0qQ5IW3{^-q- zLV7+^TSk|0?N=o6OxJI%X7n2<8t?Adn@<3}!M8zW!9hMDlFr3 z*}eF-7P*_36BrBmm@d@U+7-$YWEYT7VUax2(`#Nlhl}SrWOC0M%^I5Zlas z9-$49vxJ4r37Gjw>3F2c;ef#rI}~>++ZJdVgyNNWV!)U`0V&_`hAvbFUDHf+WH3*% z3SAD?nOA+@4Z^d?=UE4y4dB^lE+9`)KN8v!*00?P3gE}iuM-N?uxx!Dl6FiVydPxV z#Y9CrjvY_YFD)OJ{dB^d-(%2DV#dKWFGL4IJCs>RgzR4VJuo1?i2oPkjsZ4^cmU;2 zIPkq?j{9O~o|2T}Z7e=BTfTw}`SjeR7nbjVNd4y21)^5WZzLhBuEP| z0jHXjIYXsvGfSl;9#$<@a?1S7A)$g^Gl>ySrcIb{c4e8gPeh|&iir{eg{$T`)kmbv zRRG*Uf)Asa@N!&#pcpKT?-5I8^b`NVF|15vzSo!T!4S%vd>RAhddghL+`2FC+rt^p zt??w+vk&d@BDu&A>*^Q%-I{+<40#%2NDtTez&%@u-OjvhQcvc5&yBAf4-ym*>*nsr zMzj)JMH@$k>p3DZoMX>A+MV4)0+u6aByKRI|Dn<$uDbDE@5jUDaBa@PG_K;~Zdk)7 zi~G#E^F%AY@Bgk*;u}U(r+;bt)Gtv6IyhNGK={Sw8gmK(X>4HrN7)k?{+Yka>lTt9 z`hc!|{oC@YtSK2nN>Pp1w}8oYl!8vo&bQGlv@@7aO2sOBqo=RWY3~4J z7?Azx!TK01|4{h3@d zQwO-M44JdBv&RVHJfDlaT_#U7g918h@c9jG-|+o`^LMvDBzBF)bEAnfFr6;S!4)F3 zh^uAvntyPThM1+xIX2ce*=>syVzBVCH;E`l^;M&nRE3!hz#WwOfxK|cc?7Z_X9k#xN1E+*P&3vz%~%T5$%2oIk}U3lH7Iu+ z1I_^EDYT%;yp75!Jz-bS;$3+9*#Iir_L&+&-}HNCvUh5 zH#3A2t_+6e?h%f@F@Gl!Ms>ILRY00yIT)l<5|3fEE=(1AnvR1rs!#N#* z^Fy3OajRKJ##1A$`Zz33#`>MYDo;M-QFYeWwxK)^%2Bp0+)?}#?7q_7LjAqWgPcPd z`m^rX-gyz!hA$V11+cwP+-A;@mT-&vyVWuCJU8X&Hl-RHMk~-6v~n-a5UdqG80`pO z+bdV^K4k&z$P%0TLcWV<`WWI~{LVJB!C*!sK9eE@rAV~wa z`0;?@W6qH`3)Zn9_SCd*3_Jcs`N*5UE9Z|N&UotFFTfQGGmgG7D0KVzo$&_y#pCVC znzi4Q=SOB|J>c#mabv5@9bUZoaK1cDh~cnCx5#J=43Jpx$|c4<#CvrC28aK^9OEq@ zhFkBtqXPAtz}|11qXRC=%06(!*fM91M~E*0^8qLvyaM*0>o*qI_rGLFfotHvp#38Z z<2*T-4eO`_^?Lp)H^dmB8T-2xoy3fN*!g=EI|fvO_>e^ zLt6o!J{|vp8atXMEkhOXoDc8db^Od5U*3GzmcMqOu@KkTMu$5-+*UNj^C{o{gZyPl z-cE3tYqrRmj*A6vwD;n70ki@AGt}`H1Hwn=SuTDQ>0j%b2 z(@bFoZFo5T66oKu-{iXYkp9l~fCyEPtCn!}@AH$fwPw5f$w!g4_j{Rkh zm4Ydaxtf}Xe6lxBe_lw$(Dj59Z{S&4A7G?y{$Bm8$8@VZpu(a2Uq5phaH5eXC2&u<>40`6uGb^gb&Q!BLohsc$=CC!gu>&>cpK? zx9_7^O~2Yp@_Rc5zr=@5hUq_E`^*J0zPTNFi2h~$F6$xb>6vtQy>ctX8ivmK)$d7z zO@8X-@x}4?dwhR&_j{c9Ze+&km~c4%|D5>h+1K?q%JY|MH>~*f9>yOSpRMwP<&*vq zUHjG!dTP1lKknq&>mvs~!#?892Rwa?KK1OV+ib%JCRA^k+ZUN#PLs`E$hky*zUFKj03I^}{a7v{S5jpN8fEdpZyi!9+zSTeTz442E z{4QaU!;p#j8h;UhF+@su1v80fvX6&xYS^)yOUzm1BDv7phs~w?Cf@91*!ikE{{A2K z-UU9+s@fY)Xn}B%2^U`~phOU9ElRj3m5Kym=v0Xmv4S8{tbhVaIaon3l8_9|bQp+7 zs#V|^1vCms6bj+eG68Jj0cE%dIa+0ade{R!FlvP$9QytLYwf+C{mdl^i0}J;-*@=^ zXy)0^zO1$Oy6v^s-p`&2bSzxx=v_H~*0u%sss3SKv`1SW6ZkrQfBH$}kq|{m4-&F| zpUD)?rpQb?{T=BuT{F;rBEEUFtB;4j@Ig!!yev3K596eoHRc{;?~e(;!r#vzunj1) z$&I~Ru0@(N%-(64d7GU!G7op8<6kDUjm&EXE%=wayy$ae2C_d`X5O(s#(gXdJ%Oq>2>(mj$}T}Dtn6sRhVvV$fWN>g>ExF(Q_u? zka4oMY@0+6PWQ#jc1rXtab>0Z@e2u1L=Oy$Ns`OIWy`mR=iRX49>P2G;+HTN_V;_9 zYr>~Ms~Qfn56S-ARvWUwyqA?v4Jvn^KLh8m=;Ps*V;%QvGt6mt7RW7`LWl-@#}*%yY?R7s5k$0z1wzpz zux{aPaT|gzPCN+dH1)2)^zv5?-)n^L(mbFDI{Pf(i2zAcQ10d|n#~Ppi;w}2r)~u( z0A2wfH5Z5-eu{E%ai@nKi)t*Ij@cj3H+2s;W|~Sk%qVoJLUA8dQl&aJ(nuPfHqtg7 zKt(h=gD`4(?s!RKVac)6vZ?8(q3hE!sp%jW)HeRFQooUZ*cK@Z+$QGdD=mk`qp?2z zei^F}fT_6f_;t1c89m5P>gqt&5+{2vMG9A#Z4@{vr>_CH+58&bGq(`|$)ICKAI8i+ z?6~~_gn1$;&Ic6sbZ4?)G2O%w2sl|+E=mK(7L0@xWeFMPZy^7|>qnXh{X)i*a7um9 zhf&(nB1U1dX_4TOHr2v%7LykQ^n66#TG8VwL`^2y-Z)5lu0uag*^W^Y=ymCLFid9- zMaCCIoc9fxX~TTU$Z|g(tsYs;-)pX>x_#ts_r5Q9&)+)UlIf>NdZeW!z(Z~X|nuzyH0VF=xO7@d`;78<6bbyV!mU%lm!*7Y(=5K*av)nLB zL8v^77w7ct^ieb%WJ$MN6pv{UqIPLrz6ls@dnuKQ<_pj__ISQ@5Kb{haV=%0-xsuN zvDf6Oc1FBO>*~gef`Zu-(kcqvP#0WEvt(K6DA1U=OjV)106*O;Xn?bNtZ`t0Y5tSb z+n904C5^SLM$?_XzSa3GFpI`XwbkcTius zoJPp=n3$n75xu(w|CqO;JF6yuZcAxI$RhQc5|`d0Pq=dWuo>C;GjN^bJ4c0hSJ_%{ z`dS#ILp*V~*qB;*JN0|&r6-}`5`Fp92zUg5Cfdf$jZeqM8A+~3O<>LItk=&yY(^qC z)Axy>-{OVqvpaoLOfxPS&g|5ST9U=E-ezjpwY%7xt)wM{b_j#WEXhAusgL2DZYq0Z zOZMY4G7ol-G-kdrBenQf=&n+wMfzQHFz+Tb=J=GB>#)k&bP7Tnum&;vYR3K%7^IM{$?!8hU_c=x-6k5Hjv=;I3>iQG+=N9TRwz z4zbic0Ly~u8DgNEXB@b-qVjTWjXqF~reXm(5?=l9_nj2K0gTZ- zzGZ;lttgoYzqQ3W_-#of#$Z3})XPzz0KX1FC%|vR>?z`R07zO3zgONjDSo3EqkDX- z0KdmjG7*0N`9vN3$m3=lR~FU5?`lCOz;D~B;&&`aS_{8jYv9+lp$Ir|1#hMUw>B>| znT6}Ief)0~ix*kB9Bk<8&=nW;Wo)P1Fk{5!?>T;GKwgSN-f0MbM z194}Ql6x|66)d|t){BpI+1DWUSxjGHb2_k@hf*t3U(7dlHgu+jO-tsUOd;3PByWa? zOS=z`CmKgH$y=1Hhy5X#wv;F90+MyBnsV zSEVvLjiMVd6jzn5=fL>tw2U82;^zQ`{Le4KR)wR$00rfZ(fC&qen}c7Lj$4)^ zITlqj<>gO z?Cft_R9`3QlfR25sU1dBTmgW+W*hWjPJ7-@kR;!V$6Bt!Q)1>7(+cW`8y;%|c14!#8ueE5Qcg81|Q2tY*l1QAAm;~H9J zb1!0vb&SRr1R?=ZjsD~B5)f(h6~tmDwHtFu;Q=VHMQ`CTkOC`Sz*`hpoR8d_;Z47v z*&6y&O(CEK1yuYgXw(L?O91E?s5Ui!>I(Kr@}7x-BNlM~_c{x0insLn+xV z7z@Y-lu5RHcA-(ba4B~39oc{?1a|~2F%oJ9lk`>$Ut$_4dWZef4KaW|hr65O^yb<0 zQa|YC;h<0m9CVO_(sMRD2ZIixWnm=w0LmfL572AKeF(n+LILx^i_ss*9@uMkgwuof zBF_($uo(h*=J|jC$R!xGq){2+Qk7MA!CKL@zT4lQ&}R8dNp#%f0f|E9XSl$85j(q% zM3_yQrFM30+#(t8$lCg*OBCm+nit^QDuM0exqomxEXx=Q*{L$uA_7g3s%rPyA z?dLZqwr|8hmy|MASHuRICHVkaH5-HgDiO*5! znQ!*UY;q=G;J8+aM@9fXBp6f7&mME_zZDuG!qrgvfqiT4eo9woKrW~Os*hG9<=N16LG>K(WZFzDTsm1k^Jd5ujxYTiIuPLB>fox*v&#Z23;heb zTNK6X)N!)vf%1@N0RG?5F~HBA%~9~XVR@QA>mu=8Q~|+AC@_e6bEUUa4{&a7dnah0 z9O&*Ca6ygFqCPx>?)+=1#b8`67UguTxdByE_N1&pUY2SIlax(g@Q(W?1leTU2fByR z%b(3R@mgRlT?_w+aaT)Xf#I)s>%*^I_w@q+F+M|P)*hAi8sGZ`BYF8C`)ovD-A2o) zb^pXieD`t)D1wWk&wLyUn=UhQFKY1n7mQFb0@H1FN-Vny>dr-3veSQA*!HM~O+|?i z@9NrJF9Y2`(s7`x@R(iAM{GOGm03PI7~D zy_vBeH3al*pUp8|=LY}23@)4XB>c@R*fvL1OSf&lYTD@IQ(4;$t2! zH}s~pkE0y|voHvj0}K;MCvVedi9vCU68Zs4>HAeuytsh1$7bgH@6a4zdX^eOTM!PFUZ6xQ8z$l!* zU0er0l@6A;4z83A_=pbv_#PpNbnq}3Ix}oZavt6%(kD8Se1HR`&vJe2jmK<`k8T>Y zK8h8`cT4>*xcWQu5je6yaO_R9!E*Um$#W(Jgw)+enl5rpUj>Bv30ybS>3Ee$ODZ?( zzk&)}ytxL?$up1TOOYLpjh3hRuMYPrxIl(mM+&4r>01AqkARc~!EF56Rp)!?q@plJ zULVHrP&AK7M@MN#W9B|QW^;UWa371`iS+N3L`8Er{n|{rRT~t|j`B>nr3iVn!{gIX zq0RNUgEpAso}Uu0Q@@3q)o<+1x+gXK_i4DlhGMDXo#Dp2nbkA))3k^yU8B!4-T3zX z4ENlv-Rtw}7AamOwRIF(Z2xT6h~YWjav4=gOcm}T@1ty1#`cQDv(emOwlk^+(Ksf2PC4P-0 zHv&6yRuNmusqBHj%)jd#+~0d6v4uk?d)kqA?e^3CdDN9UL_fVp$!-IOO3wUBo8DV8x4;J6=gy!L_Yet66qE_s!bcnP;4Z+=vaO7iCT1=Abk z+F)t??3vN!6gu!1erD&S-FY$=qOT-~_qBx^zZsA5@zuW^j0*oCEpU=o1IU#itZ^Wu-$s%hVe=L0jsHS? z{65HFG}I1Y$Exw)%R)Gnb;jRLUc-aiJT`vUhJr8ynVrcSI5I4$F!22lkiiTX^GPZR z-s^$@(%MFhfmE3h${Id_2)nm=;4(F<^MF9kqkM1X!%bF~HQ9^%k`lKq*g_na%8N9~B0fTb7j>|WfZ zTcJo)QLk9wsBgfK2MT$Nfs3iS&9p=hj}!<+ar8h^Ft+1h_+NWCQf+wN{3pa68nOj1 z%zH2?5X=hBnGAhJER89nDCF%nzLiG%N=HE_e{A8*j1Z}3B_ z^a^bHsqetTEPKqqP@a^MDf?UK$v$Z%lyJ&ljykKjo5 z40G$B*nwPE1Bm1`uF`Hf&TCA^H6I!^&m!UgkjU%ieHer6MzB`MrCFU%HTE`p&WzYF z*M<6c%q07jKl|NYG1hG8Lk7Sr4DiK2GV;+cgzUGG%nk^eg<<$fgp08dOQ(QE;>7&1Mwkj))q;qADSiE&*CV7SVHHIp+2!>pJaziox8N{ypsA|M; ztTY$x6dLs$vuYld8#JuyCWZPw!>gYAoT+yPFmOI(iq06?mvwXd7qz8-lfl4||PQ{B%t;=>8urNbV1D)Z1bO_?U> z$Wx+G9yP0R6Neq8zzM|g9Hn3$wJ-cA@NXv@(-;8r&Qc7RH{a4{(hM^`YIY?3xmlA#L?pL#$UKY+y;!fjINaEq-W}C!e#7Ak z_NdvOglXC@Kev5@t#J9?c*lTodRrL==TbIs7<&9HnS0pu#J^$f#@?38zdj$u&)0U) z$r1v+?AeF{7NrKX14`Y`Hv%ir8n6zStrZcz1Kb1V4w|FvYKz#QIanY__M75 zTt}zbQPJc(VAW~vg$YY}w0q6re6NS|P`@{olM58htElFYKTVPEHAfQgw&{vluQ|v* zrZ*^Ny=E_#7%ZIILQN*)S~%!WZycP^`hEML`Wr3X+PtHggpZz5vWr^2Weu zc+^DMn^RdUlU^W`uJ^R%R`JO^7a}OWh1l_&hO17(TO#VRHW#r;iiNp#9I-BPYGYJM zr?UD9@-_vc4SkdlB1UVg6wGXVRCKs;TB?bkO;B+xgqVtQK1R{v3t%cmpVb~`qO)H4 zEIMONK@^N?55eK;eA`yhr!FS#(x^|C?!c~G$nVeLB(qRdPSN}s#=*0~fyxTT%tbZI z!K2_BW8Nz;c8q10KAK%H-F)NkgcarQN6)3}h;v2Koz3TIBRq26Pqu9eN`&O7Y#44t z7e(_4F>a!4ie__tC;&iXdig*cR5^~Bc_?rP@C~G} zx?2x+Z&;%CM}X^BE4sto!6w3h-SRL;z3i=HN57Tcve`muIR?V^oBu#=7r>QO8AP#Q zR-(WY_RAv9uusAUkbJJ)9zzWh`3iX&<_Q@Z|OqW}snf22|D~oAcB1YPn-$64+9A)Qk zQGEX3QeyiC+UZh}sB^%ESd?Fo$Q=yq@aq(x`8r@tc8R_xMjE)CW^Q)-#ydDKk35@s zXwS%Cq2&pQ+(FvMVTqh*TC`E)U&3-oyP!Rebpgv7Y7}f)D|P$9U%b5x{DtwF8_a*9 zOHLAKSv39nfVl;e?TH+a7?b@11%B29&E*`Q+7NDp>bNTiHl4s{8HzqC@A!B|)aw7$d-H>1AuzT^p*?h2f;SiQlv)c<^ zg_N+Gqogge_t_xcjTwkoShX&YMhxhDR5kAwfYk@bDCR|d<~tsa=dDG1qR1*_sb}`L zNMv$eVW({F3L=Zr5^ll^?B ziT*NANp!275evE>iyeHWp9rqeCN5{!>_j=Z0HLLkk%qZI*9rg5D+Cq7ofucTLX&$lS4Jq z;ZQfu@-%;XI$VZ^h-hTe`=C_Dywi8w>e^&i$=j^B_Sx-uOKlE%XM5BPY1VJ{#T2@d zQFD&(sm1l=EL053FFM+nc1OLgj$1_1FMlsVTS`K#)H(XWwo&h#qm}0Fy7Up3zL^{~ zlI&CBF#RGu10$eE%%A19tQH{_+}6yF5MXj4wSBy@i{_eRAw~Vqo4TIFuW3jpNKKEP zQqym5XxP4CwwiIm@Nd*0?vty~D`V!WEko@Y#WRslkXnrYho6}STFfw?yq(sCrkIOY zC}3n4p4$m26s{;DbOU+ z5IsUybi!gvZ76|R65QrzIXC?`{r_2ISn8^as#t%&B$fJ zJ@)qe5N?~l9m=KQyDz;g&J+l<7&)~^jABW!A(6u#3bOXcprD0jz{suQK@}-S2XOk6 z>q;U<{A3-@oGo5BHh20%iQG19j*rCS^;Y;P8;Y0*t82arv>D)XeqZRpxO|aToqt(B zi#;+sLOL@e=Icx~lVn~X=O+0$l1g_~3g$f+5)bsQD8*xjmx*|VB*84QdbhM;3(5NDMK%gG?Z6&O*)750v=|sBeUGNcQZ}!q?zB^GReO>$MWXly*W|L)>b| z2WY;&1KcouLB7=j!9VhM5yAzWn!<$d2`(gxBj!-~i_6o#3hn__PzwQ~JI=>O2>;{# zjYs8h_Wzk2Q6@9p)qke%ps)%N<*Y$yabwP0cXc1wt4=>7`U7F z)`r^j6@MA;Z)@8uUcu%=b!}K+{R{8Hr@0LTe+@1mlmobTW8$_votmB;9@qQ=Bu(Yy zFc*A~A=JHN1G+FL(FWOrX^odtNsp`<=04Q=93QyZ&TSzzTDnC97tVa(?a}@dSAr&q zeqtv*#!#9`KZ<|tux1ZdIR?N0N*r)#C3zMnH$v~?N3C4{;hU+F;k5~Fs)XgIp6A&D zik@VUy(WKS=Xa{Z(;aqSO%` zQ#995z?}h`i`!wk5xqcLC=njbpN%A=){6k$d!!V6$~u=IL}cq6Bpj`|v1W@-)Wjt*m{TsUhmYlls_Sfy@cTm^U-NrP zOa(uM=f4U6GcX_ue_wM9{`hAQeSV`IAI5G5j9v7xM37)Y{?z?Cle)cf7+?ZkfJsH1 z+;M2xG<*{*!fE>Ppai6i*-nvZnczN1;i!H;6j_9hH5`>XcP=?AK&b3f`x6ZYutyQr>z@1*t1>S)*u#vOl*{>6vkrLR!D z`+tmtK?J92K0;dKE5$f?*~Az~YI@~;G9mmoLxd0XUt)%aK?-J^9KuTSYjAGoPx%;Q=nk$I4=2-qlRI3-RIzMH^K*de+9;=Im zq&mE5-(NHJs;AH11aT_#k@y?h%`r!u&L#|@0ChTCqT{VU64LWd@+sS1FCkB<%@pbFS3r{kCX4lz0zSa& z$}fS1A`Sb^zucie00bZs@3hanoqiQpwAhTLM~$5s^t{rnxYJhVzCa3F%xWFEar1XR z?ZRHI9Q)jjBHwJmH{CXxH)OVbITYy{_?>tUM{;cF=+{z#U(x#`zrR~X1_t7fbPFU@ z^8ZT4r1=N49Enafzl3kj58gb$;VS);a6a$0$j-k^_#Z zS=}kMg&LiJGH#FU+QZDd+JbJ{|LZlna1d&Zx56{oV7`FJ5^**sFRO`<_kRwk?0+)&CLh1zy2^_2(Y~UBwQn9icqpOwD-U%uGC0<%`P@u$DXu;>SYF3|2Z_bwd}!_Aetj# z)qILCf%Vvyi!h<4AG=NplW2Dd>mc3}tg(!_0rnn5HsRYYL8(< z(WaLFgYiT~MDo&%`Fg$e;S9~w4 zf`!1a=QjglsLAu2_5M0aExgXXFq-gJ30{j$;-DVsxTvJXcB(xA=n5hOIAslzXM5O3CO2ji2<$-Q(iR1B)$@hy~_oz9~a>M4pb z{)VA?Ck@q|*bY)sXe;wOsTmD`WhRi}0AH*aIxo)*)#*JyVo4Ce0(@!_H(kZJR@Bu^ zcvtFI7UG5dImX_7u9U%p`3y#vY;A?fTg$9oWN5x2uOku-9;c-1d=00)|*yMeOw3v3cl5M zirCOFq@zg_w!fs9wvt;q@!RRk_@@bVWxytl$8chqV+syY-Gv{5Ico)yD8c_K2tJ z55F^vIR@s{@V?&ptk%z-ekMyOh7G=f81BDD_P^48%KE>;en$KUYm}!R^$t^Pe^l)? z>Z~0%kBp05!kk5wBmJ-AJN~o&jqo1=S9pnyv^{tQitJkJCib+g8AuYyq8=STg#DF` z^ha%(rnJlV>P-~hdYe$B2#VkXpBPCQSR)R~e}b>XubOf0zbOb{IsVk~$bWJBx4E@{ zKXgjpi~Q42yb=D<{M6D%mHOv&LQEcfo)?M8@*aZv5WN(I-+qVgeXicEa(#?^F~YOs zW>Eh?6$(i*%>8@P|gt=`t0XnPM&w=SUuk#NNCO3pKz|z=KOl zD41JN$n*I6*#dm6z-K6^l9YJrV2Zo-zmoQJnTOOUVWZz%%R-)SfwR+u;pL6KW}8)b ztwqZfi&687zXOXAP(T`vn*E7yH-!0;q%9KcGs%AQxF2!Ajo1%X8%SmMQ_+3QB5Z!` z#~Ev_&Lw{~gF z9t83h7atpM!1p9DKVV$O%#r8zIFelPfb{`9$MafJ!_RM-%E<)@Me#FntDHFim~cX# z5R8{6pYRjnWh7t1S!+-o_s`J(%;M*K7`MoNNqz=CuaK2w*0R|otiVX7+fbkn`tnx< znOM9b4)2x@UJOC|$%WI7z6_2rO^eUSfkwqr2MlJ;#(1^B)|fWeLxjFK5y(eXfgCB5 zV82i0Gqf*3R`G@*&?qN;A&Qyf2*M%Gxco9xG34k($ zFkYX|x8^26fyMf*v@f8Ku0g=&XtQ*x-?s#PJrK41Ew1-QiXuN{^RsW(iI**Mq6-o%nKS9FUecmdj`+1{jb5 zev3EwF+g?uX>^85$83tWhWr*`5+nKr>nBWmo%r1cpm5B8f06y_YGoLnC6`6VaanXN zURZUm@wK zhWphIvw$3Houin3YXN_t9i~1Dw9yV7p)gT;}VlWXf_Ab=Cx09vah}jbR0Z=M40P2EJ`kepaWr^~K0U)lE>^CnG{2YB? za{xDlJ2_-7ypppa?m*uBCd-GVU|LuRHAqI*w_2fSzNA!jegf`KMu9t}mVDeEQ9D2x zcGP@XtAj^nH0v)2LBXs12sd&kzKG`o@oo9XmnR?hJdeZ`AjT*P?#0pv7|Q2a8f|QY zt7Sei_#%_cA59tjz6^9$d_B_Y@sA(AE?{4;h$Vqt=oAdLbTI-vFNFNM*S5%()*Jvx zz^p1KOk)BYXph-*enC-mAq##iz6L%EL;g8f&=tOG_4!@R5&u|yxF_75diF{6z4GVm z<(MLzAz;@}D3Qq0A`|}HZGSc75oLTK}E%N+Iea0IyBwW#?7DIL>il)fTLVNJZ z{8i})3xHE1-_|#jw=pxHQ0d9i0$>?6$19kFD(TIJ>)TB7zV43uAPMv)v&s8-dA<)- z&rRZZ0KMOlBphof{&&h?z?yF^v2W08LupH`g@4h@t3Z;L$9n@Y`Wf;Wa6`Tn4mRRp z3{V!$*0KdEOb77G<^+M(JE^O*gj4Z~MEDBt^{O{GQz2GB6v z@dir(C5kKlw?-|3FOqHO4b+7j1sn0N%FPw>>+Ffhj+ZfMQ`7$o{Ld-HtNi@bp;y<2 zLE^(D5mTbL4#koO8Fn@Ecx+1=4E3UIS#2Pz_a zHvzBex6eG(fL=%SIlE$!Jm<7{Y3KY*9;ELxJ#+)~PE$D$!~Xqg-ad03JI{6iE;(wO z%C69}UBl*n-f6)eekkJ$csvl-XC9I^uz5TVoYB*^e~>acW{YCX`ofzGzkb2FWtLRe zeWVO{riQ*%doXt^)VB8E?q+FOX%9k{tBm)U6S>TW!RyAS&Gto-J2(lpq;kBrnEa?t z8a0Q0OKFK&7&8|uzO<-g&?7T2QR*O)*r#%JXw51QpLE~TV$MOC=kAXwL*vaHG}h}6 zFo|+e8dV&ZkTTt4_GBYBSLjqU$sc(&UK&O(rSD2t7_`g~mJEt+#g-S%S>d3c@PjgQ zxn~b;h|0*3d7AU+M;47cR@zN!ghQjUgk#1_j8c@;MF=av48Vh#$(Q)Qp#<%w{P#I* zjp{m}0t+BCj#+4{3#a)}~j&3p*sxxV_$8a%CSYib1SjW6Q=L|O=^@c{s3 zvtkCBuX`~WOk#nA`zzE7S*1*HTj8L&@S$*p5v^ZAWU%?vo-6$&Nw^^S=^jD(x~LU@ zwox?$6u2qkzVh&s-73s9nX8!(1ZEX3-%~1rM9ZXe|7mgW@z zWCB%{e%ppgM6LGGw{7iqghz9E`wI#jWx11# zVc}DHM>g8wYs`hh$lS}h2L`V!&nh5-A5l5}6o#UE*q!Tdfy|%l&#MEW;}Dpp40`5; za<4Ens+P5AUegDtSFlne1EX%Snq4@GsVY!JUslW)MEc0lNBn(J7>+cKpFBU9UHM+< z7V=AkKi4PhY$wfzxo{(|htA!=3<&PB6 z26M0wa{$Hbh7Ysx{>I4Cwn9d z?L%<{3&Fp(W;a<_-Zq2rmnXtag)ub&%X$8N%Lac3|RcnJ5alP%RvX~Af{RHU5l!M&u4rkw-uBe zaFuEhC282Qbh#Vj5Hu$u?{)>-`u?1YlkC_2K#N29l2rUpqAXNg=|EfQM)jZ#`$~Gl z5GJQDsH8pJg)U2LKoRi>sNC#FTNBfuI!RwX+F3+PVt{Ea5l4%#VR zL{4gF>0#2q^Di7cMAxHb)lO1Nd{J}&9>T7G`pj%WUlJ{5kc?T~XVH-uW807K@K~1k zkj{>GL4JFDnC}|H2h;D+v3S5v5iRj~u|l;Aa{jcc$@^6WJwG>(y#l|zG5 zAymQO77rO)P^g%H>SI-;Xhht3dn!y$Eq#9GIuNVMp8;Vx2#8tF-v9;Br}K|my}w4_ z7z2|$K)7Kl<(L?mprS!|o|97)YcJ~ZtwJ(1$@@jMF+!mV@8A0uq5mQbMqS&4t#9kB zU^LDe#)fmnK)_n$1gm~4TCqe}hCX5rF9QDSmJbywKxC#lpm6o zOQrp*e2&3uC(rutaGRpZbN;*Tr;lL{3!oeRitAA@yE6bFTNi7c|4+m3g+FTF63s{8 zZ$0snlEDTVDp;pBe@t!uJ-=YwvUwb-9HhN@{wsC%FBdrY;`^6C7p;2lw)>Z9<&3gf z%bSR0|I*r4L}e=WFRwY*?O%?XWmv3($3{WC0+@e>^m;M-fF_r+_B^!53=nom-W|zz zSSsKK4LED-49<5!s&Tgi^y^P?Kdo*$E^zr?Q`&F*ER?RvA%Qk!_ZyG-H~|=0^9}Ad z9*7spiaFhHJQi=Kw%<65{n-7+FAay$fN1_beSt3Ik!Xti0c{ZYHd-v8c9Hx=tm{V` z6o0|F`aX-jNe(Pvd+om7GTZ(MkqN|$D(lgMQzwKMyF9r4cwKPbAj@lRY@9t}ES{PTIz)r~Cv`kNd7+<{6* z^b3gE1O%-W8n-hDP3`2N7vX(^TW1pMz3~;-8yB@J>B}Gn_%t5hJWfhu@y#QoD2i`Rm*+Xk2Ce3; z_%a|s7&F^qElj_7%JIz$nNvXsBvj}8troGLijy%fNu4OZ`3#?5M|@N2%K#BQWBy}R z{(+7!F%H-SwJ}ApEmsmj5d%C+Oo!2wKjFG2TRKU6^Y=JNN85A&*-(+L;oo?DC+nN< zP}v0VSI)n}2Zf_PDBv{aUQtk-L+;SsW4iI|cE;h9Rm3Cf<9ng@gFbY>pDw8Dr==o4 zVygZ$^?O9yGG-sE8SHl2z5CGRll5LbdmwXY{muW2;=Nz^*gp{O-R2qchd9KD_cH%j zqn2Z4d%k(y@m`7NR>_y=FEg9=UwA9@k0XAd3@Tqu8t)y%^-`3PDBimrcIDAI_@sj0 zqVenb-~SWut%x80gYn***9-R`-pf@e7{Uc$@6Z=RP!z8>-phO)HHNbNNws!XDvZ|n z^>Z8aIaJ6L;=j1&cS|U}CbLHy;FNx&1z_EH|K$8c9hq$iRZGb4Q)-XK&OZ720xC>G zOh4DtSCl2@cU9I8%|Z6%h@SSKF37=27B-a!5xtBO}_`rK68w?y+1 z#4GM*`^cr9QoLfe=e3AGEWg#|?`nP|JY`uQApnGA0!^KLlk%4)wdeKnr)~nn`4yJU zD8*u9()=mcALn#e(kH{k2^N2n&&dMLx{x=B9|LdHmynuUk49Bv@;7f z?{%k(cl@g?6oY)PVQCYOcl=t);_;6Ekg}=9JI>sW{HXDcv-w-6WL|;va93Y@i_j zYadN4>H}B>ppX17u8l!NZVNofmttna_{Z-=?tK0i_usq}G5*2#b>kn~qDyPC5i?wa zr#CzPfzP)_4qvohkMnn{x2OMD{NqNXrBF@9;~(FV(pdbXM~b5O$Gb%T%n@!te%D)z zLbNe+mehM4@sIl%Pap&n#6RSG3KsRMP|Ic>2N}VNteyGxLhDBl5q{vDB9>W%v_` z$?Kb4c>+vmQIj90wBPCc6Ur9(3+&15<_YuBk4=Lz5u{Jv8)f7;%yU%07# zjjt1F2ODpGQ}g+L&v9fvHJ^{qb}_;@22`u*{op?k-^3&<{CR>YJ#)GkrgAoPS(?fuBE#OHLX;T5=Df zMQ3)DTQynmAwE{DiK^D$b@_Q{q5ijdxa6-JKWMF?@37vZJApNV`1Aii&lf!RVd2iA zIYTz-VFPTw;05{u-u{~rKicO5|495uED+ZAjLW;sZVe&D^lSBcIO6|$@krXhdhw$- z*k9nU`|(8|R>p@a`>%WsQzbqWdMCV&Uudc z=L@8N=4aqNe$#pwbCH5J#Knf37s8L|==x#s#C-fgqJtyJakOYCy-(V?r1GVs2yPY3 zX0k$)o(twwdUZTffhPC~0!Tm*K2zXJLKbC0u0mTsJqvbj7U4Y0xY!J>k3 z^Q0m_h9;02xL$0s4`&goZ~EVa>;88nxUzHL8q%E9M=kL9F_YHiVi4Ha} z=I$F9Lm3%U4-*O-5($VKi9gwW11Ci6*jlll?)_)1e-1~s?8NsCjDsfQ<~fpr7u*E$ z=4FxdT_fIX<+rYXqx#0mgZT2mPs8h&?PvD}KmAN1bxHPeAM;s5b^x={l zaA1PXzEU9ys^~K-Fn|I&H<`Q2>|+jxGfQHWB3HaNyN*63zm5w%b`{+dr-%2K1P<`^ z9JA4e%4DmX8e16J>*qz%pUem2Ej;rohn*z)!nE(S-L3$UlB4bdjIwE$XdFFd{GZ{j z1pb%iHnAEdWRkqQlmgEZyUe3z9xrf0F*ydj;fr+e;)|$Rsu@*^%zXx)_&(=D!QM%m zP|6--)HHG#nWs+VvMgy*D3G=`REm%iwIVvS$6xKkkW{@+sNkJ~}YiJo6;cc87n3Ee4h;(Q!>@><;Hi7Q#+>F(6FgEICk9edD@jV_yH92izo z(=x}?z#q>X(7v{RH7nnL4h(mU3Nzho>n~5uU^jB?kH5xol%kwSTXGPJapC9}laC_- zdq`Ht9k^$r=SKa>NwIUU2QKMw2D2#5<~jiYHW+%MqpPGesR2JKaQ`(N0 zX#lx&HzusKDmH6JM|8sIXs}#+QV=?9>lK2qn>AduRb$#PXI_GUFm=kCFm10q5KWuT zteZBOM5m{eSDz4MpuzuyR@KvX6Z_I>>#s3w{h)roOk2*)N^LCO<6e702ebA)83cqp zOd;1@Mzdx)08O`$rX%JZAb)U{=mPlQfhbm7ZW8+cv=>kv)a@c4%DL1g zxRUsIf=@j#7eAywOnlk=9GMyiMpRRgLiyL2!GSY1rN?A>#7=mSN2GOJElcEdhWTwV z!!WMQFm@O~%;Z(|*JfA#M%c!9xfS^^LNw3x#9{&nSgWnM52 z3>L!|*q`981O8&!RCV+GyYWH^>DRUgyo)Prjc>ws$JQ6&`c-4n;y(b#QJINlKO~>( zI#$+)x*0}JGUo3;k*u^abBsVEpJDPl3ND`564-b4ZKU6QrC&UZ5EGzMc^!=R5A1w^ zc2ij|Iec8~MD{PBOE56*(@~$84|)6jBfjA(IUilpXv|ZDNE?ls_g^j)u=PfxdS!PX z82c+2n&qQN9X4cUC{sV^65>OH^BeQ#ONu6(=vwFB)o-)@&j)n;vYDj-m(3FUgJ`6( zyr18gOSKlB;V)+HF}tyj(lL@h=bv(J?OFJW`6qpq9pS6ZR3PD@Rp(=A{)ctn>cvOA z|HpL@=1lfiNClcw_x&Vg{2*Thp$@wGbhPf@A`Zz_9`>K7HWYJL=cC+;?$^qeAJ z5l^!8aquaTK_J&(YXyH}KE!3fF4E5$tr+LzF&INx#}NG8b9b3sH;t}P{LWK7qh%T)>n%_$_Ap1>-aukf-4 z1|VoTUeYQf@KLpe;@?3NW|IBr zrC_dQc+1^pDd&^%4L7uc8+VVPy0rN4WJY^IZ&JlyUJ3Op^rdgv^M&F@>&3i^q5odn zBEG_gm^nTB8kngQy;kpkO-0^9{i3dPnPEAR`1wt`uAubeH}&E0Q`1t751|;$Y30Aw z(^L2lW>Hr@=!d$F>n{L@ACMZ&w?CZEA`Z3rJJbhWw{gh=SA%!B#__G-f5@yG_j-|5 zS_i-p-7!(Y4{d-SZ6GrmZyPn|az>>S%<9}^F>%ROiovLv^8tPi6Zt~lmoU04@qibW zlf$J(ezfmm=li3B@luPlL#^RrBMKO|;Y4G-E=6qZt0Lwu+V-w&V#&ayAw6$^%`$VLwITZ`uph1-}N^(?C~CkPR7l#EVA zYbv_{qk!3Px3D>xNj}uFRPMYKc#SJS0<CxRo{aSyncw!2lEH+W&c$UT(v%-kB@o~{g6Mw9kjvLzRG@ZWDn$f6=8kWb>|m$ z4-H%me`PBA%k_1U*GI$;^FVo4zW~%4H#glBtm3SUV)CbuKdbZaf-|K@RD*V*52K4zGgD&AXt zTGM|}+(0+rg?NE*7DZFU8(vii%@OtZN%XHVcZ*S{?ltl)Q;BQ@_aFU0RvtVLGtJ(A z#1boeF@6p4X{tIO;O#?0J@|Zk^9uD&75}z+{p9s4)e-cNek@c)8pkulj5O`{aB9|H zyd8w%;}wCI`S`Zp8vt7go&VG{)6^qaVa7dw$K+4vhlY(~g6_|7z9fnVK5GK&8uO?x zD*LGj_@~XouR5w=p4NSs0wFh#MGtvX@(&ejrlR?oe}zj|hy4TV1#2eovwMXv3Ik23 zn|6b%wL~Y{mD1s?Qe_ZouV1VA(a)EBZ>vI|g!wv@bMdESvOvSy>ysG0sS})kUBS^# z-;p0cXzCB=OW0^}{QFp65;sr1i^}g~{opU66`&^8nzuqLh)-AXeXNsqiU;W3_!0h; zZw3sMXRGAf+{sa@_<2bMKMa_|MK84v$Qo|G`-TWSn{wh}8=Ap85M~!T+miH(JvDQe zA~8VTG%s8v7~uhD9YL4IwdO9})8+e>=0SNM^NayUzd1@ftK68_WL=Sh&F~p$x zJjc@Y!KgW}?CEN@A^B0u0g9GtNk-AzD4G;YH>z6Z7q!~+ndDti5M$;Ma+oMsKK+tV zNIVat<;{^7$r31ne?bNOdAL{2kmR!TCH91&bNanK$0^Kt(@A$l7i?qZ-WLSsA#yis z#9(&TZ>+Q`fYmR}Zex89>rdFf+#ms13+8*@2xl}FUwEDCW8qN^O~uy>)Hk6mmxYd= zRffig28pe5nnbne9Xcw1-rnF9Lzl7~3G9{aKhXDW5xqG!&^-Kkp&#ZD`uPLVL*C5y z4^{ekJNJqZdneqO7yrw5HfrX7ebXkyu)r@^9s~;7#jt+D%A%QFJfUkt0bJJ$?oy?f zS-76tRZpXbGH&)=fQ7m__M2?Q3wzSMyvluePQFW*S)D?aJNi*>u52PGQeaNr3cqpV z$+f)k;gW=Z`fth_c1tNE6zd1Qj%4&X~LqhnRJ`{ zTxzll*P~`Xp3Ik}(rS5=TO~!ihV2lneua2s(krF0{e!X7y-@)|Kiy_iB7LM2#Z)%O zakGc*)Scgy!N1tw%DtCtn-$`$o!8u$%B~8#SgiVf%j_)=tXl6K5fCJmTC=IZ=ruPy_G1$)be4g|yg)XB{TjJ_gIwT|-0ZZK0wng_i z_Q!UWvYZg0dw3^14i?ojN(-v1Uv^Nu>~@f|A@$OenASue(nazBcT+0SHg4|OhZpcT zxTQZ-b!set0iF`SKmghiE_1?pG9l;Vw}pkFw`@*W%eznFX)G!VB~5tN;X z%l=j2)8>K|!W7-5#?<0p=_l`U`f7zBy!aDMskzf1N~BMeW-=j;0=y6?8}A`|V6RML z3qw7YS$wV3;`vRPolrq%B-JF}ByK8696iRVa}>7#Mz&354;*!k7c_%~k0&{*jkA(wzTz(xT2+7YQWYZV?I77JxHA0@aOnF(VLbzr?99jvo z+_;20WH?tWFdv`Y6jSt893fWsT_)3~;)&<4@R{w?++NFy6j0LtMW@TxJB#(=;wU#e z^}LJCR#12>Is%x^kEMKxoBi2bP$!de{0xNcbZkOYfY;u4-A5%yw?V&(xj&|(mcJlt zJ44lHHVLqZKfuNv%ind@$5!9-E-NmdsGKFgma>s;-;had>x8l1`lQ-EbnA` zfjycg6NsgZyLh>cHq-m-M9kZ>t_{uPQZa)xXRA{{)I20T$Zx<=HpA>%zZ!M%M`T!i z#}Degx03~#c`fGmgbwzCY6R{(u{A*v<76w*QK?A))sdd*i`rz;Z5;f*ULs5F!$+<* zyKjodG=Gwy4hY!ueko1Mc$xGZ8MdRmhVYp0V@D3KNFhUi{Lsa7XjxLX%{6L`H9A8Z zNg>IfTRLVg(J~>+->-;(6$A@r%NT+Ma~pJcX%96K(&j}5rW*60MnCojSAy8QgQ_2W zuQUfgAMY|%+Z#^%B%^G%6vt>SCki^U=mC(OjNt@M8_;ZI4=y_?liuKSX%h6va7@!$HO#@;zAfNnRkMN3idc4+xt1rhy z&3jNw2SHP_j`ei5^ zVRS76m43$B_WSGS<98Ydjr^TSk5iu!xak-GeaSPlOPa4a@U|>xg*^#@q$cp`t?o%F*L5ES zP;?pbF{hnd;orAG+wuaL8t@6b=lwG3aj>@8yJd^_TkHJEy@pec_ zL+ZP!mtIyzkWmm^Wg zH|AwmNpW_?627%E`3M%ae!O!S^yxQG0CX#lmMrIhyE=N!+UNy8LV#}_kVyssvaPP5 zkZEVDfC=s))9x56kC^rq-WjK;m_u2|9zo{-M{65Z3u{e*Rat%>%419Rm6_xf^5!JI zIRT^!;W95>ta!UA$sI4ef^UkyrHAy9Z;42dVPV<)T_!>&kI8cK(LwxmpArGPtu&`D z;SSglJ{}3K0~2a24Cg_mS1#><+Wcl0)03!4$nCEEw^F{j3@pA(o$61w- zf5ZK{k;(`TyzskTn*b;5IMBuEr@AbD@s|RBRr%W~TgJ8)v*#*~R{yP%pWC6Q+dG}& zO|KWV$B+L|TMJv6Bep_!VroTmKtFe%FB1nFHIwhM>;QivajLJSAtZ4X4HXa5OOSkOKlcBGbmn_9d||g8sitTyb zRl%YsGziwevFkh8dyf`)5CN>bYJE@E<^P2-Mqxv2M`M(X(#o*JqEWvDsApt0SMJlup4Oog^xvmVb4wrqru1l-@tD9rxk#t`fm77ic9oVB6^qsRuOZZ3u-x;>F zwt)XPs#M#fzD2pY90^gPJ0Z zmpge-f6SQ2r4I8t045>@BYYkqWvN+^>QV7Mrb_;wg8h>3wMQg~*{@!#A>Ks$l_Aef z#eOx1<4$P5KJ`cPJ1sH^RGi3ui5S&l_=}lWBUakluWyo9l*WPmVt$z|4OsnDfND#v z{d!s^r^0^yCMt|L{B~PtT4+H7_LiVg*4wXdvL4x+(cs$b{SLlah{q;TezpFUIZjL-rvfYsFK(VZW4*~(AytVn2l}G2 zS`w_3gZ+8+*U10e&)u1oML^tm@%MYze=qmdRKIVHt#=+5U?@m)!u+H*Of}&L9$5Bk ze$oT13Ub!WPuhJc2P)g9Oa5m39Z*tpPfNDr^XL!1kt}(YbdG=v%_+i|56CmN zUgsvq5Bwq$L7X2G=bwd}1EGKueX-A7FA-t{0dVEy?9;WZyTj_+62JJ0NM z6F}v|b#i??NAln5#B-cJ_VWj#@>?%H*QKbZ=`PV7CrQA=Y8r86rn8hzV%iQxffHR%}7x;X)%{AX`y9+1FcdMI^KLm}#|F#TS%*vLqkPiI- z{ro9?&>5P~hd@7XMTUs!=UVeyQ(wH7O(h>JY4-b7YSu$eKPa<7>iOL#t4DtDX{$%9 z^5{fkw_dD(U-sn2z*7YQ|F$m)#0Bol-6_9e(87GnBLxo4xBMu7TXgJt&heME?|=&N z6RidruC0Hdw*vkQ=3ig~W+3Z7nlE`MVG!S@X1?SS>{xP~C|~k7EV1MZ^oPTbvW^%U z(Fa~pe3bm`_@`F>Z8g77JRh1PfNT@YhvWw{cPN~X(+GsUQ{xN;2pbI(*o(>O8|ac~ z!Yuz+!#{=oCcHnq+4)y>=^5vb*H^z9-q+VYobTU5CsfXNX#c3Mc;EH0tS3?rmW%AM znJeY6?69tq?qkzV(4>VkCm|U4yM7iU>ihW&;9e#H)g{*4*cN$ znF;9ge|diBubKHM5)Fd#Gur2417id;fY|Um&$KfDsrl0xcIUMsKlBiM5H=*R(~q7% zWIci9zLjz3pZoVF%TX%izm`6C_IkEVvbEPL6UV?sSpZ+_81#xnmF)Z(%+rm|z;C>%E(v|o7d|Ey80Sq+Al$E#Pd5ZV@yibRR&jBkf>9E0hHN}tF zG9sC>9>MyqgEv-uT#+c~`CQR?V7axsfqRjUf|tAuz~}qRvX}lXfuHO?n_UQ#!UI;X zo8QW%>lE&@fgIrcC7})UEA?ftw#&9n2dBqBAQM|}1p3;XDShR4tJNQ&298{GA)t0e zUhZ)X#ntE-q0c63Uu{3yls-PtFbW1Oo14@olD9FLSd@O2 z#86%yH(e)MUZ!`W=lIIzhT~W`Vy@szrei^*&)473_DhR;=JnfBB0ShulU}Wnya^w& ztznD-b&V{$&kU97%8=xC|X4xpgDVZbj}bkI2$o`Ac_e5Rj$%;9jR z6+U6anZ#<%(>3*><1gU{Np`D@SJ?R%-x!8{j=5zu`W8c27SE#M{vcZ)_)d0y{La(S zQN{eLe*^ur6w@Yp3RVT=lKZzbCRH^1EAq5An7(_AB#t8b+`DibjmpdMr^5Jnf2Nv$ zT7?_&jZ2jbU2$ImBsZRjJgjDr!S49*ep z6l8{ng~fUn^gNI|S|G#a*Cy}A=sYigs9$=KoojQj1cngMk_cJ9*@Xcwy#S(9s%MhD z;Iw}8q(+c1hP^*MGi=_%GQM2TA5i%igkL}GH#;&8%k$Z}j+ICNPl=(YcJ|^VhGKC@1w>x63mMu^&Gx18u`Z~T(xX2HRZpBs<%~|1~ zpYVgqB`SN^QH3=QkBuys54^eGC;XSIKs>v+q&}d}&nYGMll7sPT)fT2W07%~fd&G9 zIEj~N3N+=?PqDLPac%Mma6w0rfl}m8lC>CEWlmX+_ld|{?Rt1Mg#9F1mrz5Wx8FD9RWNuG)N zx|P7=_V!8uo{=$&$shK@rGB#zPZ+%y8`qs^A_3XF+5M=vx;r8suLI*&`=g{tYIv4ZB19&Fmv$i=+m|O+`&LnH#SpN5goN3-^?Y(9_?MQpO_DkQ6PL9w~}c z`L*9;!#UCq?$=+%3>2#P8_0vA-WyfV#@uNSzt^`$&qrAI!M|^j8CQSTnBzo-X)Fm0 z_CNUSk%Vfi*slxhwcfAK`hkB^z5XDVfhgdtS6J7sm~4y}d~n?*K&zJGjQLN1*F5)0 z)*LZ^y#Rk@%xE>?_}jr3#(!+Qw>i{Kwtlph;i;GxK=W~#&rH+u_7~*NtV!=9aQGQ> zqHrE;1l94KT2ZSQfkAD8dwr%O> zu%5m5^{3c>G@q)Y-q8KplJy{KyGg&_7SWHwpK;%tf0t-%XGukYi4D8tXb_c-AXWos z@b?5CmcKyWQ-jv^H*51V><+yf@pqvM;P2j~hjGU+EFDF&JHeaK#nt(kg1`BBc0DD3 zQ}6eU{LSS`qXJrY0$Ml)*55pb$4PnPPT+4|J&rQEmtWDdrjfsSjnt0&n`g^0^tiuy zrPQ0)-<;gPSS6dS{a3)1w6AIIn8zLO(Z{+ z`sYIS6SMcV_A|7-%6iefG)U|qUQ@VAkH;M=?5laS%D%SMun*+eQ49lr2f=du0PC(b z5`PHq&%5IU*_C-C_vgLv37Mt;7u=t>DkT(vW?^JFxC`Qc?$68oNqyxy_7CgW|G7W! z&A&hIT@O))eSBX12k(!zio(h-k*h41cAy+bX$@Ylez^=mY4Ni}Pad%Y(9dGw$+~>tA>?58p zSD;B_=uSe2_C7CGg%YfpFZX?BQiu)YGOp`4b@Sya)*sItC2+&w;QlD}Ul2jcH(BKW z>GwzNEd0fgtonn2zfXQN2UWbU_D2JLQ2&^8`)B7vEILjsujWIDoUUO>E&oCF1LnK# z`eF!v2>+{<4-u!w8_7qSeEj(OsnzKyIddTTf#QT9lF!kj=S7#Sh;YyAyN~Mp4+@nS z8FKR-%pYhZ{2;L&jEQ;NQe=-}hP998yKWTOaFXX}?&Ztl3;t=YaX(p`$4_Mt=h?+$ z;3LnLo|K(l<*P&G0SM>;Y>i_Zks?6-y zq#wvqly4LAPxid}`4CPYF|?);L;SIc;?n>eI<@hx*nClQI(vs@WT>#6eIh@VC7$kM zMm7i;zt8FqK{TK;UtxPvh#4c$QfUxWyy}X4h1{>=D-1V&$PW|WXEj^rp)UO<-5;VZ zt%w(OZ&(oVo4v0IM|X8^?gTX~gGTUk_tCyf*SmS)|CdUF`49-5=UV4_F^5UU~YduXjHNPx+H>6_Wb%xx31;;AP>fT;1B@-4|*T%x3w?6 zTxs4WFJrfEnH4fu5*p|S3I+4Yzo7@cZwmJnDn584iPPpg;5WDG>;vP$3mJy-!C&4- zyOo=3EX?!fPKr`@&HHHkRmz6U;|J0=>O`+P|FjqM&2;TIZiA=F;qx&NEjZ)j_#MmS zjrhIQ)5rCpd+zAd#XpUZh+478IXVD?1J2f3@?hKaqGRgH_9qT(mr$mkk@!9tEAa5Bryd+*K_>;(y-73bF(Z?|Q?&0Ww#g6`V9VHx{&YlFj z97C2z8vYwC?2O>LABcTqe}nl5NKKjQ~UD|0CD2-h2z5mdNoqZz^j< zY!Mn;+DUCw`Zg9L-al`pJps+SIyUHl_GC^ui?1vWaYznuEq-{30E8$klGC)wJXVwR zHvPzr`#Rv4SxydI+`fT#>bOtfKvAMkk{oZbHWs+bB_s?%mBO0mI@XzABSH;>1!Xfg zxuK#Z$;<>xHg+hMOQ%S4;3~G+tv{M+FEUFvLO+jZmu@tIo_KNLY#ib3S7rTEXUUQV z4nytwI)4%$!qDn7AYbQhw4$lwBIgr)V1R*;cL7xPW_o~*AHR+Bq5d@E zduR$PA(t86hdzwioF&8Ap%+x4N)-LW3>Abty! zD6EX$VwYGmo$gTq*Bo{~i)-y3PORB>`&hT1L;rwu3=_CsIcZcL=O%Fr)?xN#Vh!rF z7ZPi>inV<=UOSc& z4R^e)tM+)@`UCU7w46bT7jvo@Il|UEQWNmK6_RHq?gZScbNizj5-T*PQH3{%FGlk% z`AFbsgxll-!b?>W+evZ&0~Z$by`)*FuATDQyR^;%D$PkvBaeYPK(vwf=mMZ-{nI3W zTLck{&7W9fmiy_90Fub@D!_(d1RT$=w+r7CUvyh-!WVTl5 zACgrX#N{}#BixOg+FmE#KRs`P~lN>$`ODO?@&#yE3Fno;6=nUW~jj1-2AqR;QC}pUc4dP5=or$3YeebBMRQK6X$0( z)>4sJ+DfWr$c~tZR{SYK9+@o2RN(b@(HbPnS(g?Xu4gOraa{bKR*`avrJK2#M4Vv# z8Lo$U33tzaO7(G7)J7F`TKs&6t0iF%uWZyk3rXkqlRlSpG_*Ww7pb;0@Dc^D_y4( z1T>N>g*=iPiS$UV&%b$ivavKK|rHG`GpUTLb44$yJ-yflU@S+h(toQH7 zX>V=32d8_0V7uk$=+r>y543vurbl#8IR5gA@%4Gq@gXT-MJEp}F?paAIUn$T5=MLr z@U@;P2L!7sN_o{0Q*^XH8$X&-|2Tg2y8BoE2=s%zO(cJ~IEy+4?pQpY=;f`5E--Pl zyX~WpH^>^TC^VzU+Ysb!2=Znf2h@baZ-WWoawttJmRYdo+~iOq7pp1DTdK`$J9;WL zs_#jOWKaE;<;nVFTYB2=iiP9=x`VjIy8D()bO&I>MI_y8QC}`3S!o8aqZk)8;cJT8Y2C7^@du7kt-!C><}&iModLN!NYg-(KW}W0-}#CRsJaFEDQNelYG-K#U?&x&UGLj%-~Wn!*D9>Gny_Ga3Wk>sPTKnIs- z((_oGe6YbRl#fu_ak;i!STLvHrK;y#vVdAh@qQ3W?tLuQrL-lIeijYh?Oo=OW2ZHg z#HUvz%swc<)p{f&)E=kJ=6WCSj%feBYr~@HkfhLL=F)jA(81ZpoqJ3)Hzu}+Sz29` z7Ym6Q>#S)&TeEQ&EcnuQ@s&31Ud;zMNc#fb)M9;g2u9w_S=p`$~_=;FYe#jRTveGdOik77ouVz#8{s*@NKIuXHw(!(ICA(VQ zFJ8qa5C?~m*}E<>Ji(wt&J`FExi+H5z-)Gv_NKT@2QHwy6lKx_93Z?+oCT%h;E%Rm#k($=Vb|awP;&Mw*$Ek!Grp&%9bjnt7d!H1kFoY33>!Y36E< z1VL2MTcx6Rql(_C5WSNidJFp@f`bsjJSZo_W^*D@_NwLVDv>0;H5ig;p+;&J6-Jx< zSv5!gtZ0=#?GQm&%AA!?sOnr2BABcYLC&A~;q?;#z(iX4dy?4XgLx)Y!DZGYS?MFJ8)(Bnoy^WD*a>HYFbN5?fPdMy!1c zAc%N{mnvlrjNq9r7{WB#A$Hv+>mn57RYyVwI!o{)nzcb+kFbA3}`1RYp2UGV~ zdX3xR034{QzIf8q&lkV;&sF$hap^x-;Y&rH4x6;`$x%ACxEme$Cn}s+-1N^?xL905 z9FNpkZR{EvLi%!LY%K@Ejb>HpXj&Ty%U*otv@##t)c8=cF9XjN|8-ZGHyln!*!EPe z3ZFq0E!lw*b}SxF4ODu~9E;4X>Y~_CtR_r=GNX2FF z0?+M%y8(8n&PF2#R?!+#*L2UUPqwIbOqFGmQHIGwg)2+Je1_W)4g z!yCzRDT97)pO@R0*n^`(x9avls&#us?0Y%9cO-5N4BIP-@d^wNE5G=kuul3a=3uL+ z;ywHmOD~G#C-e7na+~*F0*e9Z90qZ#Y%ji@#Ucma1l$Sdpxoyo0L=Ahprg92zcN#e zepMDf3~)p;mOh%raC)xq$T{^DX4#Ky`X^1czOVlCr-oaPLZHBbdw^XRQ z0aRUW?W~7pMI%BSe?SS*WPsZF(@CJ$gm{fwM|76KGpsQ1Cq7HcQ?!G3aI}%e*tC1) zC1D2Qb8!~%B>X=ayKHe9m=*ar4S&AI`J0a?`GeO6eO+!}oAh<1{#+)hvfK;Sk9CT# ztQ&z#ya7y#`4Zu@Q8RA3u_}NTXqRD)p z@Fl@4yA{ts$IH@6vZ6;;DSZW0H%FqZrYaz_02O5O z=t7*&jjKBkC6;-!6~7Q_*ls&0rcOMr;AD#@t&5k|A(V&JZA=f!24WyCP0^orR+E3u zN>7CL7gurzt^e67H2|IA6F?`5pG7Ni zr#SfPJmD*BP0(|`y(|s0ry339GS#`U#AufTc{F(+?yuWRWaix3Zsr zvc;YR)Z&pS;wQFv>6w6*#wv%tRDtG864Y3%{dA^@7Q**hq*WP^d#D!7-AE8>-^)(I z_IN)im`~8i78+Iniuy03) zi!-QyIE*8N)juzX-IQy8;7IWV60IayuqYYJW+X!Xvj&x~F6PNOl{%1hIeN=NVB$O>Rv!`sI+=wDExJ6Kj`dsif%&t%{92_gHk8FL1}6xIo?3um= zU}-JEV9uGF=1jv7`jVLX%lI*aVT{_5LT%K3v04e%<`Q<<1RhDW@(Nx< zWs+}RwVz#%2dZ?zNW6P2SVSCzV!QD~iXA zjgNOEp5YA#__d)PYqrvG5c>(tHEv$5p45KQ^TUfXxy3%+OSCO?=Yp3b)CNwgDL2TF$zfJYe)T!a&^R97JV92zoE3~15)$`Eqa3# zJ&8U2G1DRA5*sA#WRL_ZCRyj#*LcbKfoG_G1D1rs$_vD3UhWIC=Txop*s_gd5+5OvEP7WDlDXi73uBE!!GLNvyH+7H!&VKbHY)Uv_g z3tb3DNG`_`W%<-!4$bt~B?|EJk`0)%4Op8j$J%7tynW`guf8HEql2>ENv2wo@Nq## z3t6$K1HF~PE8@v}Ag3l@2pwC}N*t}k(Mpn6TBDUJ+e$uuSp|jAe%Dk_{342Q)4upz z2q2w&AkIBPDMo&P%oJXSaoqljiR2~Pg?u-%1ir5AH@7oXefi#T%s0%tVu$nuFq)Ox z-2l=Jt=S@G0Mc6}ohnX}z;{=l?|ScJcROq^h4$En*e2a(FG9dDk+hU#R4+xzgd$43#hKaG*|5(l9*d|GjZOXFfQt!Eh_m*QDOp@%d7BvF$H}?2+}9}# zj}UH{n-Cck7wa+PgW&H14P+_Rb^}XMHH#Me!A&dPy<#EdX)ItPDQgOPeF0lsE#_KNa-1-%Q6|Q*b+t z>#xg?SC!^M1WbNDi_-z85N_poLVn`dLc1(5^9BlOoIZOS7J-#}Z4_pJj~gF=X=^zU z4$foH*PccAvmmiIb}bnM@y8#DT}vAHiM;=gJooJ8D!21kW(F2vC!LLuL&7ndfU??DIjzI~;(UyJivs?VMue%;%cnO% zA|9-MY+~bMu5s%pDwtnmHO5x3Wdja}OQtv*uevQFjTU2>hGh!(pG0i@^%7Q^gF4#8mNbRZw4XFSTgQF_MF69^aa zt;jDq9(5}Qmdu6McZvFhmxxa|zhog{=a-zy0?3T>Rj;w* z@)fJB`mMI1dJNQ7TD1OB7)|)iF8qu6`9VROi9$YpDyw4%K>@2A>MY$pG0d z0Nen2Y(Tfyo8fsOPF=v0(L@ZhW}#U6*A5SH4Q z8cG$9)oy`S^XWsbADNDa}bM~2N^|A-E^(=WmKJiFg;&k$w_|KVI_O_E;U z_-vqPHz0Iqz&o|o(|{r#zH*n~YHU{uC0!|)jAYCHNz!~2vjUZj`S=-xU#flr{zI$5 z{Kb68u?GweTM?fR^m9{l%$M(U9FyY& z$N!-cju{d&A<8k}tV9p`f#JXxrGE6bkYi{=V=3r3rYGPSNJ=i95TZnHc$8xfdP!IT z1%ws4O6b>RlEjYv;GtD6y*RuJ9YX+HWe9^KA?8SwEyBA>GBwc*1EqVwkY(p5YJv7B zBHeQ*UXE3QVGuDc|HZoGWq4iD)|ed`w|}-8D{Qo_8Up!XNiIu8H~=q*7T#w_GnSFp z$S^1Xs=*RH*k*__u)MS0@PpVWGFB{Tc>s&ov44S*1?S_4>Ilver^XJ9rI(@{v^JIT zvz0I-(iE#w2ymq9F8%uB`(DvIlWV zxMAF^Kpm(YfzwTS!H+jReHzA@e(A6Z?1&B0%mz~@RYt`Q?eZJ3Wr-?3MirDMK`{vf z`%1KY7@Hc{AR#|bpm#UGU<^d#>iu)U0*f9Mc zRlwJVWw>k?XYELJ+xt~exKZH(jTQ(y?6X+8){LNa+{ZFrNff&2fUUnXG6b~BdoT)q zV~<&jW8!}EowOAYlTGqm14U-Z19lDOe*^EpBn4UxSE{=)(CA!iP7%Eb4n5uM!cjPj zXwDo1Lq~dbuOgbWh~lWD2;g~-dA~6`UllYZPsVl_OE<(=n=8OY`x3jcuoedfeBcaF zQ@2IIyKu0Ic2!~vWP1PZO0yAc3BM_L+{e}#JMzFOV2wqSx6Jzzt~if_qzgev;vAH2O`@;`5d2&9?A|wu%+Q=9ilxwB=#411Wh8MA_Doi5HhW%GI_9i z0(@bnF5nWfTpR=r_{fsI%P<5-$UZEc$3{LTe1-Wrh8h|w)w&}bqb}1*{~$T<$0(!Z z)(wsXni96!;n=Ei6yoT#S1K#~)*U4IS@2r0KRl8%RD|*%p(fPAF{{VSOE@R3wMgX| zQV|wrPDE0o%dg+z)!(8l3KiKcd;sSNruhc*CzSS^ZxKPzBO}X@K|3ax!O_)Oxc;i6 zJOz`IW9{X{{{@DE@g=8D9g`N!H|WnM0p6n>DA;a~I40d^ZepJ~Yj*mrBkXw+z7)S1 zgX!e7`A~>bT@@a@{AVG_-#jd?rp3J4O zYtGlSOJiAV?ZQtpa;av0Ew)w@%-4_rS}ee_@>&fPVOs(|HLxi4{H4Grb^oH&A1^iM zqp2c_>nz)DC+f@>NW1Nv5sf@)GiKg0HyBP#1S@Z4{OC{6AskjJ?Ger~sa7n0+z<|% zd#FuFCCh`*e?leWI2Ws|PSAzg!)e$8kFl`zTi`0N%*2s%`ZaDx%eHSv=?jyzKV;5y z?H_@Oro=CAA9LXGzY7Z!@-PDj*AM51mHhrV4dZ58RU1Oc}r$WyFk4NY&U&_?)qtJPAF&7OAH5c2|{1V~^_jM#*B(LE9 zB-I6&UT`?HTf0$+B+?I~4@0bAe)l|v+}d248~+5mP6-K@186X4-i4mZ{y+}l{_rk% z$xm=lCtOGp^tU0zcQn(uCsY4C@%=OK#Ue)7AeU-6ep;-Zt9GRD4aV(7_DyU@F-c>a z>i6`tAsHNgEj<^As(k)E_wixvN%)K2=Q`^t1lh(f7S_w3@~CrTp2t9I_r3COBk5rcLfuu@bq}s zka;^20*)4Ozzc-Ffm9!RV!-14uZ1qcw&+fT8r?2onDn(K5tmmmpCXj{E!feCglB@o z0{K=;#)$Y7Q!Pyu!Tys$c#)TEDqf%n$X8G+%ojPP@UxLS>~Y$JvD{dM4Ck<5usEgM zvf&X#nfZ--%}aY_J^}71;ObH)dY)2rH90fh1QLPoF=a?i2Ek<(A-7>tXP#rC=F8 zJuqH)oO7)#uO5Opa(6_e$$o2EAsTBy>LaDmM2~Xrp^8F}c@G*bcA^%pnt))3hBk-* zz6?)XIP!bpa?b#o*cH3>EG8#*vAL`bOMzjJ4(SFM3_Bw_Y2FPd6G+TNBz5wiZ z1JtVe!hsS$`gj3DMN^7P$DI;>0Iu*Gccxw#Kju+P+V=mDUhO>&2ZiZ?(FxBUpksRv zY1|p~?Q&&*<{Z+zv#fg;BD1&*NC0bqT9DWoYqt|hLD3vfjgB94KQvkZ@~r_#myH9# zA-jyTe=h+)p_wI|D&s;iMqR0sd#_2~!^y(Qz5^2y-^<{8KN!2mtKXha3<5@lE_gqH zr+i{76A*~cX#QX85=?GtlY;*7~&Fm(dD34 zX{hf>TAeY#=5v3T(tiqX0lXFHQ~}gA($KZhhD5YG`?C(dw6MIKcjq1daI&|Px**B$ zKm|X1G-eJ4rSVP&5>^b(Kg9LAtna9t{)Bu$gCmN{>26U@i#bU6kLig7D5t>O7N~c> z1=+usrWhB1b=^ou;!mojdj6vHDL#Pw;0B=D$qW0g@D0q*w(f@f88I*3EpuiA6ejGx z-LU(1Bk=GNEz8qj6xXmmJ9t;-RPC755_2 zpY-p45=`ML$pTdFujZ2*n5#x`@Cf?kIL>j=tE+#+Ll zOYtYv1s^JFDE$qjN?Yy8W?5bvO*hHoM$PQxo4H=dpI$9F`a>K9 zHqnrW;yPp(w;#x{v|Uawml_!NFFu2qqELo(V0v78(9z@xzux5pDLS< z71xx2YH*-VjDT7-2`Cn{phg_1ca?xjI#4^G4za481QZKeP?c6X75@a=QCKs*IPu)7ALxQ$hkk`=}_| zEK!2?Poep2+)%2QfPgQ>B<5Eg-jKx@mg2dRWVu?BkWbf01324H;WRc}tkPm^Pv)6k5iV_-<)ds$p66}bOncsY*jxaopiML<@|m;qm?|P4 zlteoyS#&HjU2?&?Cz5oYJ@VUIgEr0aSd|2;LyB^ziYuV@5OlmAwA=g^NKJF{D&Yhs znCJN{lCKM|P8IXH?-HuwzR!lLn1IYvTAAWZH00<0+hYD{5y%=TKL)ecOJjSKQBG3r zN2pdjk41b%w-ZcbI|>Du{wvCwc@&;D|G)nrJv4;jr{xEM!f4eM*d+xhNhOsF0dm$p z0R=4#Z#^2wvZhA8RK~7Fn@AIAsg^3lzJQA>iXQ%SNHt=zJ8UsEe^KmOWq*Z3XXb)M zRk5{mN&qd2T_ekJ+nSU@q#ER3#el$bJ+*E7b?%{|szVB>+Fm3wUOOvy1j}RbWe%Y7 zgn5;mL`H!p2~fcbTZ%eQ-3r?Y_Tq1(gp+#1(k+y~2IVa@UN*In8RiZ*uYVwwg#S7| zI9Hsg{1{)wK7?Q;Mor9d;#W({v4~iUw%l%~8_z2(2mY-PYtxpy&y_o=v>Y^GMGp(x zayPnim0`KQ8swW+m$MshwqJd<%vs@beuXzT83xHgUT+(IHshj)3Uky-AqNx8vwW7x zkin~)41DhU3Ma$QKJD^b!hDc)#&0R%yzG};s=twsz=q|_ANScamzWG}-`u2a26O17 z=j@;!$3Ez0aJFO)NwtroTG4J4@`4eXKoY0NqUQQ1xknuM$7*R^fUA=}t*VN@~|axoTL>r(k3jD=>m}JU}STN6Nknv?d!w!P_7mS@6}MpgfWmS$u~G zZDdIbSj`3{AZrC*y&D6~Q4^X&u>iJ&-UvgObApBa`dcb-W~WoiJcx;`G$^>10F2K7 zO>+m82-^JYHmi*GCDuX0L*a3>%L#Ha$UTr)4{l3KWfxW~BUGTmwA}WECcqhF5P0)nlU%v+$qQI5r=C>nva2jaHd5GvM`5q zbJcIaIS^rkuDrjIj})lPegckh0babC6)j1w6QfaDnCvk+Z&_Yi&SRKADC94PaqO+PsH!`;g0VxNW3?D#NuQ1e@kF)n_<= zg7Uv(Zz0qoCxBP7&4s^-It&7T_-cv;*>9v98cora-&%msIYNifLQyf$QP<&@tZP-#M&>$j1Cjt7;AsjB^3Wgc|;IL?oi>n_GFiG z4uJB&z_-3n^~A`55%@Nf+#L8IdJv5HsM4%pe)~8IuAe%X>ZGd~OhwB^Bo8egrUA)`x(cQzksm8z~+QjpC#Qm zdO5fkxeG?#__dyliZbilqs;my2kKM~*M6Aw8}PR&v&v9)2kb#A??LD229f4_Z1Z44 zd+JHpnI2itTgU)EEDCXz8gTRoKFSnu^wEMf-L{i(G`$|S^>qUCa>7i&aRT@UkRpET zI!314Z{7?+G=ZbLN;ta9ypcU)-Fwh#DM#Odl#rvB5=97rH9QPmDgd5_X*d~2w+Z0Y zsOTlGk>@WxB?z|p&DQ|Iectb&*WE$>4`~)d4g=H-KB9hs^fA%Yk3;^72g917!?@i8 zTt%7=8%6;GJnA>pG4=%~Mr(b<|Kia*ZzgX1s6$B<1@w3SSvDiJsi&T`FR7L|EL5>U z1We29zKV*P3NsU}+AuOo&qZ--tgcv!IAWYXIEhX)>}*R&iZxA*wxzwHS#Ac9qv#Pe z1Q6%rvu&XQ>W?9>)Sp}feFTqSGib(r42iv(hv+nzwKY+3;r!PV%4@*Ps|Z-pDrNqD zYY#iE7qNuT9U>)R%T7a-Ds2dQLR5>T`RJuD!(U(i!YM!v%+gg&${}8MEL6~)eD*i8 z5Klr_6XC1yjtIce;)M7G7zS3W@tN(Vt!Hk9ZL1}Hy%y1zYt)>%DP=xNzZ+Py#Qw8a zDrOr11?Uw_Vm)}96jxib)c9VEQsks!6-A&mzMGKfr7tD`i}$6E0dGX{&>VmP{|(e| zSs!`<#RLh+2xm>&>mAi~<);Og{h6f4>~KH^BS82Ji%U&XXMfp#!9eAcxdYabr4x-- zN&9OwO}T;2z@V5W-4!I+PA=n0S9+3*Ai-xKA@*BJj^BX*r3QOI#QQ*(zHjTkQ8lr< z=ORmcn4bc{dp4QvJerin(a8KF&YFsO+ZN$OPgXA7lav38dNBAHjo+B18H@J5G%I1L zpt{^%YNr;eEKoV8&j#ON#(g^#!@R@nA)|95<|A7y^!ERwVht z?0X1SWK_P@a=tR2f+5+MvRFi8)*6!~Ib{hRjd!r|{Stp6AwCA%;RuRlz_>ri$+C;i zoP?S2D1!ZM^>&iU$x~@hP-8^TJwqTj|Jm~a_fguJ>%Ku%ng?dad=hpCCKzy|2u@ZH z#A{HvG}wPae=K|~d@;cY;RV~-AL5Ht7x`}YTJwTKK907^<-f`&5XSro;u}>V z#lrSpqrTqT?`$DR5}s5Z!&xL7za7tv;qWZta?~{leSa+@#F)@snflvDGKp7XYcH@V zJ(uF4yvWz22&pDe_)uQtOesR8g@_{9N0&$d-K!mmSLyA`$(CxU?;`!hRVwBE)$zwb z;4Be+I#dx?yanYbhY@21f{&TA!hOct3H#d$KhO^tk_S*+Fma7d;1}wWQS%VNT6dAO z^E)=I`UmY;eI4R|Gp-Tgg+|k{+05Tnd@mcnlJBcQlhK@4U7wRScO#e#iNof-Pz6Xq zE;bA|&v#s#mHWhp%(c>1qL7i}5BPq$ZTo8B8JyslBL2Yg51hai?jU8!c-Z_7CD26u ziF_LiC6Q0FrE&@V>Z1F@`T+{Vc$WW2PqLzwcs&n0t`bT^{a!+=LOU!v{t6lqjH z>$e!jxRd-6N2a6xC33UO0G$W3ex?1 zCBVaYpt$r$PK;0?icA;+?FNAo;%mPoVgRP|fccX=i{oHe@crylJbVS4UN#%bLPnjv z8>JV{qroT>;+KBEmzUJCJ+uqZ`u$#RkBfa%Z!D`3KZy|;Hg995k`sOF|4{h--u?II z#9xQ~IYsCm>Cbm}y8bX{ivH+$xH%=_8FYGN2jOCQp_*0MJsiu({y+`rt@3>`{sM1J z!jJ!KdF4-jzw~PD33Rv{j}U)r0D-1}52pF3(o|HKo1YQ+0M?#uzM^F!@Yo+WA4bj9 z%%`A%XU_j${T`~sPs+l#fOQ+VsHFxNL&LSym`i1(^?Rsu@GSgP_C3_r3!{@SoFCf1 zsQx}KplNh~)!q|YM80Rhchtq0PDOu^3bqBmU(RW5HeKmV@IYez{(|uS^T>Ei`F&)} z;YfSo_;CCvLcpApjo<5n2i`5?&$>Wec2FM`g@vrqtkw3X;GSjgU|XbNYO= zfXPXg?2Zka-^&YzP%P>?6<<%EUphP``)!W@@I9X|$owvtpAd+UFse_J<==x*d55MT z1}N`d()vS`cmI%Q2qdxfAfGz|EC)e?zUf>Df z@_OV$IlnpnP<|aXPjKxv#dtr-{!P$tA^sR^Lvf~pd0e3Cc)p;UH_~$j8nMVq*Ml6N3G!Fl zno9moO8@flf30_SUOj9dgM-B;Z}!Zdu~cQy+rKtJ23_*OC^18O%JCcLKIgr78o=*w z!#0>D>{Ro^ENFFQLU?ON;v5y*4LCCBrNKQ?)!5(Rh+~^eQv8-`a|BD$=Dg|=Z+BGIuXQGrlC4mL#4LdUg!TnvWtwxhN}pqvmVOjWn=X280cKrmX3l zyvOGPL25WNqs&6P-g@4*#(izm=4b zFawq~r`;Rf4lCDBpubrK57B<+vwlB#>iKSjfA^Db?E_4faJ(YpulxzUudMI%T`)hu zA9MGse}0USorr&3#J(sPnU5k8oKYwe1wx=AIekfO5&^srA*1FCB%#QX#OOVZc$xQD z@+CwRa5n@3rV0ivEzOcldXrZ@SjT|!K!|*L8Fg9p%~5to^R?4vl1?uiq=b!Rthyha&8z(78U{LViEYmu z8nlJAd_N{lwYnicr5%ReEB8Oh`0g&FhvN^`N6^#Fqvo$cnb)?TpkM6w4!Oq0Q6i12 zF?3yG?oW%Q;CO(mnAf4xu|`^%+cXm*!|t{hWIxu@ao9Yk1u_10o5>sI2d<{U!{l2f z!Vwekb^YV~n?hfM=%GDE{s1i|(>La3G#(k9G7aM9Q*B^xmFo|chx8PN^E2c}Si?Eu z5vZgIV!&I?9hKV)I3e zu@GWue-z%R!lN{m8Ax$SVhC*TOQ0G;+(Y`l*7&>j9KAm6IPGDEaJY%hXan|CsKpc8a)Yz*@(tqU z&r6PD*B7w2CNqfI#Vh$iX0`hqwng7{2Vk(WN7%o2g(yRi>pHLQlK?r&Xiph z2uM#(eA9zGWcDHv5iRw3(MuhPe6X$gLFtSLpKdrP3uXp30@PsZQ6&ZkqS-~DxcZmk z#h}-cquH$UBC<89Lwhl3zRlp`Jb){D=2&V;PWG!3Hc5K#CA!R;gBCZq7Q4WD8~?drLS=$vr;7VS^Y`Q6v6rt~+OdH&V)~x6+t*$_qeCLbZ93 zvGi7WP3C{73FI-nBKx(6zdkUTJ=}!)wom+p^wwo_kHeSZJZC;HA^ma|36qa9zTe1t z#>#v1Ir2Y^VEtV1u;KN38Qd3-$nQ+z33~Q+EH3Z%B1RTawG+BGnUgl`W3%mrLDYd`rg8q95^wsl! zpaYbaMge|6F~)s9(gHLmT*j$^T5)kQ426j4_A|8}2*5*YB0UODuH#*{Gz!H#L|4G= zzonLZ~pge9-v@K?(`<(4VP(1_bmog0+B#K#B5aO$om&AqpaN zoV+DHO6Qzi*`ROe2i#VVD@D*zPy(a$9lSg2>eyIBUPR=9IYipZ)t0tbJ4t(NXVk3H zcF+bcgoQP6N~9f3PNA2>Rpz_MhSKqM`C{8rI9G`5SWp@Jwj5>8mEp_sli1fx)4C8R zxO&*t4F$wRf6wc--xYSLv?u;E^8C3ja|j(LIp(Dd>$??#`seoyP5* zvvAA;o({%S0LqZLUyQEwN@qt&zAvW(5kIcU&239P8V~EtVl^IefUsI>0KUB^o7ssf z;On;nuZ^1B*&=l5H>=nTi=4$GiXNkD*O|+u4rETYHG@Fv<)~m6`>Dtb}P^4sAwHFA6I-Sk%qAd zosD_qjMG6g#~JjPjJ#MWb$_jyhqORmp34EG*&|zIT;2lku=$k?0>qpIy^$Wna*`bL zV;E@|?`rvxksK@bqh9eQtvqP>F$=O9KZ&ifuwYJ&HhO;0sJPmWwXKRz?}Cz+MKBKA zFSkaU24w8}Q^?awx3}m<3k*r-TxQ~bMG;3Pg=Xe{L+t39DeDDN#xMeLPI}enYeu?I z75u$UKKZ71t4Di-Gr*(`#25mnfEimexFU$_10*3C z9~(xzs5w;<&=5UFxUgBaRhATp-KF8EQJKDl zmqNkV<#!Cg>tzm^0RI}`I)(~k=A-n7q7fCVu79;IAHT-jC}p?+BQn^(W*K`I-L389E1mDrcqQ5d!Sn_qrLjxK+|1(`s_6>mt+KYK zxCHC`Kn`lyU?$$533lU@ld~NXsZ>rM((?$;_X+$H^4BTMpP(Ow1{m6!`A~bdE*=$NNxk4A6P`9Z`2m zAkR>rQwECL!+ohDXvLTt*6~0^5w6yABD8aoStD3V=F`OSe{FseSq3E%4o1`-dR_HV zc>@26ZE+CjpggSk|3myD@aux{#2m)6-uKJ#(xC&t$($^ho5dPsC_A`~rvlnF%otS~ zgdJ%w86zjm%d|~|e)J%0v#3)rZV| z;&P@NVZhY~+fG)$Hl%-Ket*-tTCIs!Hn~Imah?k18Lwgd!CZMVl|#PocJBOMiVUTGR`-S5n5%p- zR{TG-0qiy{cXz!sKh2P|MH^AH_#H7D(!@qx1?fR~PwC}Jz zX$=Dhp-Ai(@dHz1aO)f)X<2C_)qkX=6vY1A;sI(Ev-hs}+L2NaK(ZSIocefXM?J&z zu}+b4ILFe%LC0lU{E-lVCWR;oekY+tKbDZ~lJe;d{J~dt<*j!;e#|99!C@3F<)@i0 zs+ONmkUFvSfQT$@(2|0k6Age96ar9h0?DDH%DCoipj~{{v5DoC2;p#kaD`B(m((#| zx{)&_9S_Hg&M-f#q+5C*%$MxxD8CP%{fo8Vr#&XgB}!xMPc%WR%TPe`y7PxskS1Bp z>XcDhaej4jLDi!=ku8I{Ve=7R;ZFhq=gI}Qjrs$Qh0ICM5Ans6bTyMJp!WSv$@FHS zb)7rOYOEq)4HWHw4U=->^GmOjN85d6C4q5y#gR*UE!RMS+mrSOJ72 zUb6VFSZQ0b%M6-y>KJWTsG=PXSV0(9H?(@0U=BYQ{DQJhtb}5z_!P+$zTd=m)=xu_RTNii14>LtvF|b) zuAa!qq*~?%%R!q_Hdb)eV4#X(AX^rfPdq2xbVmQ};Ps0=1}(E@E42ofxf*>_x&D=L zXK#QvXa_LHHKLD>mZ73b8F2AhwNvUdqEzB@r<6z4gAj_12?>%A@{*ZQ@Uu+kb|%1N zOXZI=8F`V#vI;C!e4)Nmf0D&d?3E$&!>0wp5M-b+R~7IgB%UGEg)Y9rJ}46K^?z#@ z%81oY*B)$%HFDEJ-h4*y2mlOehRtu8a$`K@mtpoXls;1>}_M8%#ulxX8>Zf6grbzuN{QXWzb@x)tmu6c>`?z;& zeh5DX;7TIb;=Go34{8=KDXCOfQt9(rNfJr=EIx$Lp=s=txsqcN?ck8{BT3v?zn3EU zSp2c&%zx4fsLX*HU5Myk4?@#A=mPBZ=J_|2!jo$rO!YHisvi0?2{9$yg%7nv8U)JX zQ!A^)r|Eiq7ff&Fc-grqW5p9@Nw&91>hzMebr1aosko8lAbFS$cx^DXYVc^Punt8J zsTkL=|y0a~S(91FL0TnlP?=`Z1L@ix|-kjx$#uLgC$C9st>v&|dKE{GzF zE0-)7jSaF*y1gX5#-`VpyTf!d#%JgXN5B3`(BCMClA$kE;U!u*t2>fOA;Bm!PO!@_pyjd-?2-?3gc9oJm zOp~o|2JTQWh?v85Z*rSY__b2&`sK!J3l!pNtneGE5$tdZYRFeh?l9o06mu?n47bSF$@ps1)l6NhG{~`d}7GXOV0TroUdeGZI{te z$PZbg>+VRuK`n6ro4X!nL3fklY67?O@^Sk8Tzi*;!CJe_GeF(WNsGwk;4s`TGZ1Fb zi40#g*`^yP+v17}8TS;OWYUi);~rj;9y0DfUs`FLAx(e2h6C33yjYWbQy1xXxuA61}f z>y$?S`~3Vh*YrQf&sT_mex3Y$)j_Y5pPzbYDt^|>5*^zrKgY-o7_qh? z5g?Ze<5X@sZmtUi@{!x7V&JocDs0V4($XSI zQKnrRCWajQRhwvXVw~xYJK1tbGOT4bV9w(!(|Muz5|XnB=`VlUi) z>ck;A6DKVq%vvFAS;4zt6?s_|(ycpoMA`mV`TV6?v&M$CuiSlW{~ze1KXQ2$N{ZKOUrlEz? zY<`GMXN;9i>Bw~cn23nU?5itYA&63a^i7PtWgM5GlloI(Mr2Yqa5<=q8roM6>DqLH zef9H_^l*0H9Hz_nL8AI-kLEdjw3@G+;BQ7K$>bCK6%?7Mk1nEQhzyCF<~8PHzbu{N zN6p|Uluz-z%!$`9xo*2^fOplZun{q=hpoHG6OaF`f!_&qk!)KY^+%q?*m`GNkrj^)VS zjK`duz2C|lx@Q7h%-1m&0&2U3gX*ug`$bADmsOQ69(sl3P<2x(t0z;@<#Q>&TKmde zBq|ThavcgQZi&1@o6zG&)7F?Xf}~N^Bv>g&_6MPT?0SUfuiwnVGC^E>rTHgLoiFhw z6Z7i=_&l%sgdoF-#IT!p>v)WsIEI?|%M#Y!udtm(!Mw1~ER7q{NA6(3gZRjOAgK5R zsFp5$Q+U6EwioC`%=_u2v^W`nz&;sy8eSkxkuMQX!&mt(P@R9#-JjSDa@rj~AEfpY zUD)~nX%ZWh)ZFrxZQC5+;TiFZaz6yW!a#KjGlBPHqR>!sL1H-8p3<&&nS^4OLA@cf zJVzmzSceK@=3L1k0oFSLtOw+ED4CHjX-TTh0$dGy7?QegLtV}GbR{p*Soj|4-GWOU zv*jifVkSPmHCx+&k}O(#Ow*cI#$Q)FZ1jBfRQ{Z^b#McJ&R^NDDf~GT<8!byhETQZ zVyagOqrOV_ped*^Gz=N#_qlIs3NYjBAq|n(0l$~~i=+6fEriN4kisG4H~IeY zRQM8Jz-yRu5^SciQC!sHlmwVI^y5fA><}1cZhn>VtLy=QR3Q$A@!C-?<@cDU!pFr= zQJ-->m&aq<{zDB$ZNtz%5#-Z=u7!fm~FAqF#BaUR={Jd!LK>%S2P~&{elM=YN!*lp!jIUXy=nv7yO!lKs1)&UG%4Q3U-8+h>13Hu-mSw8K_jPVDdg$K(J1@qw>BAEDPG^5LH=Kat-5T>a>H zKS@iZY`mlLfc(aIINoZnv)-x#)rDq(q)!?TS4&nB7YyuOWvjC7qO$qLw&3ov=eZ}| zHzf0q`g}g8Ah&MJk^K(+{hX(a^q1!qr-ZM4b@$g;|G!;$S@*x)FDsMhkOwwCZVG+M z`7jEbBx1+Vrv;;E!J?X2y9UW3SoBx;io32>Ad7emB61(qqZ{oAKuC4sSuM$*>-d4N zw7LI0qcpKoN9E6?`dUMI^$U!D|8gi}BL1)_zpoi- zg7vw`!{^`97sAi7)Eo6T@?jagiSmvy?&T9sWsv>kZqUFB*t-%rYP7|8Tj&R?5v7I> z!87RfHX+Y^xrzc`%jK6epu6xFELm=Uo8&i@Uyb6cS$qkKTZ`SohDGaLy@A!%qt3#!pB4lTC`d+sa!r4mJZ0m=%S$KugH369>#bwG15nSlpr!C7D`s=KB9U4w z>>{-U{6Je1EJ}R-aR`4a@^QF4a5HfWqD0eQz?0~YST%#LWH%nwE&TLcJUh+z25e_z zk1czAB!4BIeM#|>GmFO(nB9gO=9l~ibipi36G`|U6R57b4sy-SE&~Tg8I!z6a5~2O zi}z}F=H*^;Wzx?m3H#S`E8EjI+L-U&-0y)i7_{6KyDXT$0w;T+H;X0Qh<1xSlqd?cIPjOdq7AVf zXteov9GJzgh6BS?GaVh$fhkOAb-sC1(3#;dx0BBk2BwA3=A0i64B=s5B>fH3!hw;5 zoj;O+5fr+BQ*>ZH#3f#Is!TF40_4UBkdLxsA3;sMw0Y;T8V!o?(u9bo`3%9qPfW>7 zdl%)GOl*Ei%5jutXPM+ZjH_tPp7#V&#SNsC@sbVN+UJATdO|q*l}rSOy4D84o!VM= zSgKdEvrN*~)=X?o%6Q4;$rbUH_drZkBwu=#8b1$@3Az%Cj~PEep(_OLuw@eVgPO1( zM2#RpDoP7Is7Co?JV3Aq1AEzx=n$C82p(Zr9OOD6i09RO{saaV&!P>M%QI}4qmdQ0 z))xoshq$gE-8w(sfaPvMgTU<7v<35*g#-^JJ$4M+*xEjMJgX}KXY z6qaj3xj`*AL*^q+e?BYOK&u5Qc8n2UqYB5YP$*cZi6Ja{xSuJ-eLwInsDR%pKD6j>H|oQPvNWKqzKLgKEyz*1VpG znXjM?sist8*{wlRikugjrBY)KBv>({ln>DACaU>F50W{aJwTg2zJmFM^nuYD>m)i5 z{X_v=i@?my%=FpEOv!*|Oiir~ffZl~K0=wE;%&r-6@S2r5r^Kex%P8Y@gqzV-hIQd z09rJ`n@0x{d+@!AF~}r*e*MTf^}qs3`Rj1kTH0D3!gpLWcxxEHT~g@FK_PeH4KwOD zNLbw6N*22GhW&Zwvnb1fxz!HLt--)xy0FdezDo|S$A$ixLG$o=PCE4vA^t;~h2puk zq#K7JFR|UM`N1^ZTqX=%^`pTVeQTjb@y+?gnVh*Yg!gYVBJc#TF50Wux#C+vRM4YR z@9>&on=@}k6H0u!S%=QsQ!b0r*x9>Hlh9XpknJrGz_9N-K#c#)iLXG0^XiKp{I5u! znHY7KL9ke-D^|f`?`JV+@Cn71PS*~Z-@c4u5=zXk$$Qw)__uvjG?+uM_H z#bulT0OOxGv+ow$DQRe3P@N3Hjr@m?f@mWSjljVUWRrNm2hGPni-FYf3-CyTtzV^ z)mtTZ-@78YXCpV&x&sF+WYG+^_v?4)SqK^5_M=b$sKP9kEbl>>US8u4e5)y6l>xC4 ztqLYYF6c3zjlc9sibULM1Uj38Kc!28Z=hg07i;G?I(5YKW6TEqs3U^-kI&|^nA~ag z+p@IW%S`^({Y;)~+e5#n$J+lBNo-xHAlyhY!M>6BMbdWwk<}DhIEe%BltSrdTZuUG z=GX54&46IbLx@=aU<(T8NFK&h98Z2?*BpGwN4_1@{x&U$X{Di*qM5mLN@6vLrp#q; zImk{=o)tO*V<7z`f_@GDlGfhC_#m6tOoDo|$Wz_s*Pq}gi>hL2#2x__QhpEo4oN_; zVT$1OZYgkplM6z6^9%$6`#@IYk$gs$M->;TlFCt{<%-wAYSB@zl_ttZJv{@-^1XE| z?slYFhwN>4uKTzXUaF_hM7dP!E@VfDAt3@$Vlcs6@~)nm>-u zbZcsdny}0@BEaoXBS6Ach9)fxuo27)1Lp>ID9TETfK~+q2C*X5~BBMXgGqV@<7o zCUe$iar`3N+-=&B5Kv9F+K^)&l-fFk8u})I82QAVwQLV7zYRE6DwB;tCp-lM#lHgo zxfhq}pPgI*0m{X6<)dCbzL(d=6|`S}d#b+{GeFjCM++nk@W@L(AkhvPLqHUDC*Y<4)RfY1n}{fA&o1*UJ{V4Rv5hFlGB2mM&vv<9pB-r zyO?T|73O1bOVA<={s4mwA8vit98 za~%ZnWv?dpVRd6`LzFS~JD`AVsEkKc86#W^iKsLUm5Oh+Z;@jD85#2~<{=9cd_=V7 zNb!dx@Pr)!=g(_!Mxoa@BB7FKRgCU<6MhT%#7=?M2;>q4zka6`X**SM6C6F-b4LhK%*hi>8Pm1YC-1HP18JtVEU zAJGXsD7t9GthxjhRca2IEAgW1f|NNZcJ(_|0_AYk?k{U#DU272$0DhCl%&I$doRQm zHtr|uQ<1C)jE2maQx}qf_$m;5+6UYg&JvoG`ok{u}d|( zhw5LoyHZy*FbQZiupqLIy_*7C*<~WOHv`+_5=K9zIb^OO^1$G3Vo>Y4^#1)oLYayp zju(?#8lsysp}dNo7lZ${It0yo%?Z}Jnf z{X~u9dW3zj7mLB_%k(lgvOmTMz4=?$H%EX_jb z&F7FE^rqG#whtexZWq3OyOzfNeQ2b3xV*91`XPUY$Iqz3+}dt37YmE$05@lD#tSU$ z`a8v1`XE5si7pB4H1>jo+$&P(hkV~L^OB(0|TJDpX|qcbLxv~vPgI7(pUpi0{yfE(6iEs;em?E zRBMeB222(F_482io649l;v@Pq!jF(&U>1xXJ{Xl6mA_g zsvA=cNF|BX6GZAUGz2Zl1akus6r>s=Nb$Mvej@d$2vP)O(yZW+xe7XU~;ILtBK@} z>t%5#4221Y239wipK)&wt@-hp{ieoCUnB73ea<-66*yUq6kq;&>2^Hl(`^Kge=z6| zj-}srMXl<;PTX&pNq-Zy=H+a?O!{qj zjkO=fh7!ACo5sx7*Nu;Ba))HH&Xp+CA%EpY$c`+5;9{rPrfpPPvm$8LYTI%$+u?)0 zhduSP>}l#RRWr4-stmD1K$5)%105PB&drqG}agxQXT5J>A zyBkY=g^B|(D7;S^g`N=7Nzxm*Ds{OeSy^ta%Z+r@?<6quFMG%;+I`DvA)D5s1ljb_ zQ!JY@LD;lYn9}Q9%>-Y6yjf7=0b_y(xT2x>6K6Z8tEv9*g!31e4(fE23iJVa_@-nv zNHgEeK-VF4B|^m6qgtN8agtl^va!YsT~qVTzp#q9spgw=X403P809^63MO>P2l{>@ zymqx9=#4tl90+(aiLG6ssofxmreY8+irf?*h6F8%A6qlBnyNe6Mf*t(8a&$o#$H^8 zwyJT~5OG;MEBr zKKC8`CdjoamK6!i4MUgD=e|1T?|RPVb6?Hn=kV;7i*G!UH13scH*df^{^jYaG_%}% zbrtyB_dWvr4ghLuws#n*=D!46>7MRASLzKR>K@Ee7kTOJ_zP_#71p3a@di*jpC%iT z<|(-t2Y$&$4uG$pIYF=1^cR@0qLT%&daL3I+B|57!~---)ESnf$Qs1GEwmhcfy?!f zJQTlAyUC$+L|yWHsK9E!p~g?nGCj|uvhX^mhGoq(p8>9*p~Pt)$hetBHsAbfPN|~`A=fh1 z>_oy8^Cn3)zw?>03J(zi6g;{Y?lBhOLn%oBj|=$kv9wAajtJx%gZH2KZ=@c|Dtz0< zw>R)jg)3<%KI>uglMAA}7wosWc%(=?AvZw0`xkrt=Chc`?xJPL*ibk|*K-m13^@%u z8Q)hHYt(ztoHR9nfL|umNBi|De8f9z+2BigTvy{?znyy_X@pV=4$``Yl2~@XlzerLH3OJ^A`cNAeh^ zbi|L1ZF(&A94)KVvz3eS@qk6CLZx~CR1LWOt-4UTAx_;5>pj;L3?nh5*k=1o@J!sKK%Sf$^B$$)O4?7wPRMrz=F*vtsZ zN)pOm^&OOT!ben=Cvjn$mmCNgbkmcRYm#6-#*crBC|eD1R+LEuLf>T+Kc}IrrrL|( zmdV#b@j)f>J4F0k`Ebzk$hw7cr}Xl;*{D-|KZ~II`{Kt!3_syIbE?=4=_c2iBds0b zYZA?II;!#_o$-LDyU~Cw@3RibZrB2`zBqO`u*e9DV+?F@B3t~hE8b&^&!Nue8sVb$ zh}R*k4}op#SJa|Db*AD0D!L3j34Qd>ukk8l)GX$X1Ov(#eNx_`7d2_W-J<3YAa#N# ze0}@t)pA#QnwAba^(_Pv1g@a}n@*ttJ94#9%Q{;uH_tb>V7!7>xVfYXQxgF;&I$l zJzi1#C~>q_W(o64@gq>YxD-V!Xxrgx6$Qz;Uo~bO685Vr zYqnCVh+!zY{jg>3zOUeZ@KFiT#U~=<6X5g-aU%~tUO-Rm!0sF54X$U$3V8-FlBwH5 zN#!>q7DT*PgQnvt=^yK)#!!+LBTMEJTV)!(S1Qy4?pGU3FWA9$j4j0*&|({r-xmk7 zw9^xaH{{GW-#$kiiP>+!3YIFmH>>wA6r&|)V>*JKS-H3f5WrJ>v?ZAUgwYB%%H-O7 zYygrrAD6)Ae#W`sysK9zEcO z`|c^oBnQ=10-jkNOCKW`ao2(lqj4YilP9aABs+w_SOug*Tt!KhJGIK4WmSezGN0JM z%zWZ@yugupyErnlw-E?BFUb3Ke&g-t54?z9Itur@>!@C&z+KH$>w0vtR_f8=zrm}& z-mkx2n+&@ANzGpmTfZQe7KxCBEduY&hFA34WPajy?pDr3BCx|u9WNe^XC2SP?XvfC zdl6AEakLM?aV4lh>B2dI4%WbpOr|N0$pGthTmU^#2`ge?HTwx5 zbwI{^LOdc_KC86j)epU^nY9!^EpJML_?8uMSl5vdT(0X#JjM5KV_a%sxnM678#3abO?vmI&=|q&1cYYHl|{c zj0Upfdu&0`*^#1rwnb%Xg}8iCD(YBS(rkKBN%Lk0pd-ykkTHD;e)lE1A)IuxXEOTK z3dH&z+n(!5<_f}hJ)y!~>$*C$Yyd{;I05*gra>CSSC?Hv#*l^jo_+CYAR@Njh(Det=?SU= zjUKh4ZJ?sC<$WuGm|3^)K+0GETW6USn964!{)V&+wobtEJ;r-D5NT-HhvwmySw7w} zG;)?D1m5vY3gmUEP%r6;@St5RcjLNeLbj;@f))<@Q#q002d#n+?60=}1si6kuQ88>J z?0~#}pD7?ALz}e)>@32uPX~QAu=f(ebMTtX?4ygkqt)$)g=jbw6kO?ip{9rjcvW1nB|{F z1sBdHJu-iV9hd3vuH=WlG&{`^#iW^rFC}SGhh(rDTLu#MG7s}o(Yv=&d@NGjZk;RK zdjXdsSCr);(v^E*D-CnX3Re##He-|}-sw$9+n2Z(rM2K@SI`atLVe6b*wN&qaM$=a{94Aj z0dy~_c7!DVLYN2u%ViMtZkCdP+d?2hq4vANwzPq>B>}-SIF{s?U^c<}8}%IsoivCj z1%4sv5psvD&=Hm6RU?=ShDY&2hhuJs;5c942*|ht`5(;kH%gWeUvezqHuL2WaGLUfZ7#Y0-1T(4kPENG4(Q`6>pPO@nQ#ErV-%Jx0YaHsY z;6-Vg=A*W26No}E_TQd}$uey~$LP~2jNYvb;AJHR_kBvnMlMq`x-p{k1Y=5nzKoHU z28(ZF6B9Vc4d?0P5Zkpk!oVng3B{$NFGC@FE2MRCmBYb}HnKpQF(&_m3u-%{x1eP& z@p8z!F5>|*pKa=n8GMGT?etx!Zq0y#spT7ItDkron~2CKP+W^V!R|N7Q)bpqc{Vv;a=0Mo092MZDs`ASR3Whne1v%il zZuHYGIl9dlzM~*SvI2rq%{)F(Dm6GMO`l6d&qbVORRm@`WzJ^nyUmZ`Iuc-*scdCH z0+XRpME;tYSb37Ce(LDok>(?jeK(Mmn!0v49u0zG6~$|yD(#SCC7QUscyoEe8YI~D zhnNX52?_>5OdpRIm?wsuu!BETleW4fT^t0B9ZgU=$tl&nERe27g8Xt3oEHq^z@qPR4?T!EX7HvGzi_~Munwf68zsyQR!5qTfpo#hR1}W~UIXcIq{E}i*@{F+S9wBKEK5g-Wj)&$zmvJ<1$#lZmu|$B`H@emZpU;aui_gJCLBrR+2#!kv=lDsaoI;V%iJ4J-Mq~ zK2RsPsS*-_Mf8j0vVGEVOcfyoeYCbHxk-xhq4<4~UofVBieL^5ukxwD2O0&F8GHq* zX|E-oFHgdYHvqLL)7*!hKpp><2+8;y;YGpa;#L)0U}lc+5w=SJ~SU=X1_rLcZ(&kZ2!#oPe$B|3n_ zlml2$J*@+H_L<=TvI3L`hbTIL#F}53kv)eU@g5X0ht;AmfMCe6@s!;-$i$JYkV$qgX7sbuB+py~2@y=I zNoFoJSgBkD2r#FkXG9z7MHdi4Ptp>;1f;wD(OS|M_64qwgBt)L@A-t0 zj?msn?3DnGn_l``a>Xc?ej```7<25VN`~iSQ?%AcM8*t8p4LX2ijH56j30oR1@Ox` zi^Ywv#m9O@ZL~||{y&?K54ubRKY~BV2To}NR$PtTD zsbVB`GHs@Brv#-E@fMXMRjNcK5Go1NTAKk2OaUdFQ(=G#d!)(;Sb`S&JiO{FL!RYCxFGua6TvBgF&% zlJqM{P>5b4f&*HfOUt@MKlV#%KU2<+d;eq0Rc<` zmn_gh-(#LTn~k9)JFBI;%q6soye*OEA~1^Rk)?4T|8BEwVIKMF#}8H9RH&bA!7qt5 zTis%pld`6jIdJ5O?*fS@_M6k1D)mFc@r&~N`}3td7*w4<|6+caKL=5ed^xcEX)L2h z0e7L-vzmE#E9;XUxZ4NOpM8}cC;*{+1i;;E_L}m^3j`gCX@HN@4~R0#6?l@_LH*?H zgOv~JmyZd6NPmLyCIIxB#^`v{u|oMm=dgWJ?`5>_t%vA^e&Rl)kB|iTxF#eV)$x(? zPs*$xn@$o3rxQmwX=<;;AMMM2(a9i`_)YeF0XBzD1{H_A1xKX+F7GxSVSYrQWh1~J z|3VKtU)*rkE^k8T z)a>-}cuz2vY?M6S-2`36*FopQJj|bPGY(Eok8fopH2#cTfbv&1!a6Z*kFb9(oE7k2 z?^{wFWwE2M7$>hVbaZbuWDD(2GkI)W#$4PUD$}%$obdza*gbXi$m2{~RDPNMipa0I z10g4+;TLG zCFX7M7cizYyo?YpaZV=^bYhEqv0l`x>R48o9?!-)7S}O|{UWOUjA-eZ+u>O1yZ9yO z%6t_~qi1pBEoj0R$x3@u)|vGai0zPB&iA(6T_@T2rZic zh)wTPI?fs$#M2Vq1;P@Y0!%=&xQT_3&acIRQpB!Wa%`#0?Giv<&U`?fcYAYgF~`b-9e#q3=AHlfq|vjoA~DSW&$w)8{%3A4ewNIG?A9|Ug|J3wuKOLwT; zb`&4P$V7$=N?%RfEs2n9IoA(;GXt)cuW!x;RA?kzzyduchh6}cfgGBf(pr4jBf|leepeMQNzeZ8+nGD00Uhp4ZNpQg( zss)$YLm0h2VrUM;{8k1z)8yPv9TmX{qg04;@ecxUD2ezD|3LBBH$rv5L*`cspk6%e zT2b^i@vyCKkin10F5cUFl+dH&zO>N|7Mvesp&cwF<9=>v9PwL(K$gJYFWsv;0{+ab z$^rX&m>@p#ugc339J8&Vw)kDqrSQnjqQIJs9J%}U1|yfLW)l)%f(HM{k$d-DWx0qhLXs5V-^Od%AlZ3+7^Zo#;Ysel9NQ1)VAxxtD(K-N}A z2jK~*6O>spL70oN*ath~kHu|($+0K{4ug%|Oe7bzLQDTqo1@?$f``@k-$?@Uz2;UB zx}WsMiYDnd6;#FUV0@wsLh}5AR_K8!7Yaf<5o!>xjWAM z5J|}qT!}*Bq0iD5mZ3vMR-j2V&!lwfc4lPy_{Z#q455{xA;CX3Rm4p;s^BdpE45iD zz(%i5R+wb5=Fr33ej+=+TGrfPXY8CCb+Feuzhb_Py}`B?(AyCZ0)FW}i8TBKc>P$u zMhd8i6r9V^q)8i^8*wP;Q2c)w&j3v(z@cUuUlOu_TGL=Sn3Z4_{$jEiUGVnj2Qt@Y zyC4vn##Hha7ZeG0yZG~;MwyR_zb+vR_|IqpdaeN1vSeQ15AoTpzYX5oK5CtQ^s$6N zo<$YBmvjz_!_u2;X3M>E$i?yOHLW;+%l{A#8=jqs=gl*mwIgQIi8EAO?mI#14VeR& zp3K&x$=2u$C!jCd#X(sA=AJ5{yYPGnDwJ^@`1k+%IANE^CxZOn&#IO$^pW|YOi_$P z#OiR!K|_62?}^&9Nh7CfEiu#ES>f9wg&WLgWL=LVk+X=zBt1PvwhzTiBqHcNJ^orO zBYqT{kXujYl!oeVz7zjpd~)uIpPl@P(i{WvQgOW-0EDgEDwVUL_<_5xS9!~^4v7VS z#c>-)4wB245oKwa77Ah$&MufUm@P6>A#Zm4XzO7HTX{sjjpt$b7>Vg&evKhr!?QKg zsMmxJbN2jN`ox8 z^Vt*qB#1o)6;tt0Jk6IEIUXo$&6TN6;b93PF@NE-z|-X!ls(VakFp(K(z4??GZb%~7K z0&i;k78GGo4GeO+LpcZ2%Tq1~t!>obXOI{h%{|AjIXj*Bt0Cp-0|4u4K)F>B9yah)HAq$eO48AEZ*&hMy_% z=KC&7LtyrDE4-iW(lL`YvoPXj)43%;Y%$Z&5S0Jg!kAgLS#t^t%PkZxzKs3>*MMG; z`_x4Nfqyb4Arcsu)8i)AaUy%k<;XAd!v+`Nm2MZ2qIE*^D&$#$4#qdl5EDOds{QY&h|97bVsP742 zEc)ebeGwkmTkI?!E~B572in7FW)XWGl?R&-`@o%nni;0QpATY|43>dGOpuJm)ybb$ zipHaC|1sURFrB>n@T#^~PM;7xgq}-PVj$2CUTYxFcA*cqAnH=wGL^+%a~Y=uddp40 zT&F*>kcpDH{z3Y-ZEB`*0PY*pCA4FtU~~ zut65zW{w+1Mu8jt;-JG9L3IT}!xJyWmW%^Ak)1Om>&EEErR2P5GKNaw0Ix09%2`Z= zHc9g`Uk|Nv;XoT{J8W5`#pdV*}K}@l^n~ zXwH~EuNl3AxR<>bdN_q6JtQXjMeWaPyq< zy<}vc73T*qC{OxuAb@nsL=fxExrkH{2bR(IH-XPV3{qN??&GiWthi(SK+vGWISq5r zQ&lcXCaW5TvIlY4gQ%GMSybF4V@Eg!3^#Z1WbWsg>6^5D?r`%r=kK9Cb2XvE;E6qh zlWRW9$A0Mf>8htO2Y!eN^u!9b35q@e!{=kw{-01CbO2BleSo!B7RAsF%Ugr+i~SwV zKK8>%@xRl<9QXYfzy2=T52Y{dcUWKOq3V)ZdW5)odGhHy#8+=qqtj19;=WZ$RAxV< z9crrLZ-xDX=ly<%1-3$8a(t=3D>QQU%Fve~?2Ng9JCt?GF>F2({K%S%{U2pC zFPQiGS)ln;|3?|kjoGH`0GWg7$E6=Boa60G~RP^O600xYhIx1Vv4mmT!ns3wj zg9>}8^dT>8cneUub5u!oOfE0X~L}tmc-D7-ye$4*z<^PvGAm-y!(Rb_ITeFt2zhFCM5vcWlb{D(9a&r^oeN5#+uE@cRb&4)Nok z2>T1aWkF^Xe(xNA(5p&3Li;i%+rN4D^!VaR!UwM0=ZKVBoz`s{x4YjYv_OYWW zP_Z(%hJh)W7C@0XiMtwa!PKpT^rp?Pe2<+G%94Or?yWtE3}15)bp`!Q7w) zMw1uumn!X3lZ>ALzhRRk9P9H~BVo)6O$5@k91Z4pZLEpDZ^%C@r)T-^Fg?oc;YStZ zX!cO&Cl&hqt@ZY$$U;TDfdsB5hR`xHzXZm~LgO84{jC0zX z-zsS#h)o< zbH9-c&gS%;5wJFo8aeX~WH^TCgv7(Ua}N0^Sb15CzD+Hu)pR}OAMPm)wZ)ByLFD;<7H5EJm7!&G*>!^mtx2jt=5306@Xb z0RGbcwXV_;ti&)|YL+Hpzo5Xu20=>ybsCPvj|B}fW}xl(p1co9_aQILAuKXtb{~te zax4JZ0YkqD=wd_N2^b-g=!R0(yrJ#DO_vy4YgKzi`IZ6_1f{P~CBC5Xl1b)CLX3=` zCZB(LbF~Br-Tl&2rN__%PCwvtK9)}~^GU}yqx%I9E-Vy<*E+$x8(S^V6NfESePHaW z_~S;YNgqjEP6T#)^vzal$?O&zK{+6th9&8{ha({hUoT!{H{_egNZ z#FzZc37R<}lzA~S-OCl^Ym1SsCwMjuT~+qaZ`thCb+RfamhKRTnrORiAyI+^^a{(b3U51rx%pp%$R~!5`0GP7BRU!ys=*7}lU>oT;qu3z zQO8ZEAH(_T@7p2~{~IC*JF}Dc5>TzQS69Dlr}qAB`wzR;UygU!b;fzYSe>>M%(>WM zh)xW{kLMz*`8;U>yWNR_gRvJJTk%7Ju0M@{CpK2tBI5{7#G?}h9vawSE}(0|U>ymx z1P25e5=P_8#>obadbKMGZ}HYfu@Dx;G~!AU1s|9P#+xY;V_-lY*f*I|1+ZiR*Sxt+ zvg5f8@gWWq8jOi*VDeD;IrFnf`Cg>;n*C*ojD77#m3~y&%&zlILJV`HijC>7(d(CD z9pY7UC2KEPVNo-a?@WCP_{BO7le)-#*24IG%klcmhQu&*?{7w9TRqm|-Ph&X+d|CuBGYE*O7Gc8YPbSMo zY=h1qQ7$uMCL4VL_=vg+7%iTl6}{@0$Enqx{16iCF*fOD_cGT}~|gkHsB zj`*UE*mR}=?O5s2LFY*luE;ib(XAmsCn|f709Bnm=-@j}6M7>D$~x2Wjs&IbE+AUG zU#MI z=5F&xsWW6&NS4(lP*3)#It-~hv|b~`2U^d|ILydz3uOUo%aR-R;UUC=w%RP<56WM; zghkTh($F;f-aLKLoY_Z5_B^%#h52=Dpd=d&>WjLH7wV63{n7QsjQqBk>@LlPJ3wR_ zq*2?uc)wi_gy!XO4P5v*gj+FCY>E`)Ype2PAMWrdpeb{{@ImfBK`{mwhs=AWs9J`_ z>#4LQZrN!*IIupYID5kq)}H^iTWK(!6)Iro2Y zB+0d)2*vC1#jdH3nTd)tT$4FnDBNv6APH^V&?c~F@gDOSgp(5zPM){@T|low$%6T* z2vV@yVHRpyDFz&#QXoKiEmFw6Hop>pIPYnw8uEDTI{apw<+{HLBu+cc^y_mOYI}H9_o>Bj2!@z-1Bf z2jIJNpVbnb2e(d$7;fS{UXM)?{_#d?85Vd7i zwdIJ(Atr=A=88SYC46%^$0oJT&XK&|BAE@4yq{=g9gNh7_B>R0Ne}|TcpBj#}D_9?jbPXeJWYZ>#U>WT1ezVAWpx9+L!r>l#k4> z6+Y)U5>EteT%hevwk57`fm13daLWF>PH+x#A?hGkn~w^U#&Xz5n-%lt&b%AlJZ|(d zx&TsQww$hC*7CA?-wYPCgKdu9qv31JbRC`r$~L#Q^S6@=1jT59O-IH0RFlIX)PD#U z#7*g7%;Dme2m7s_*Z#a^{NP`HzXN*{j^9xyYCFd8{Fj|}$XWTa{R9j4#!AK2ZKX+r z;CGGL#GlIQiuq21lb2EFXZ=6Z|Hg+WsH5ud>hy8@OYC}6o^FB8KdGQ)y$M1Cak-ow zDQcY~h{>m(n9K+|UQU)jX*bbB^wqWXL(n~W}+5Kz0K~n}xk6FWD5um=G zQ0Vvsq8>MAx{bkdDZ7N%k>{ zOqU{)M>_i_NEJ6J;h5MD(#ov=6a4KKMwif$NZV)!e366FELcM9` z3Q3dOF3~2ETN}*bs0T>P;y3v|4G#oZX8VDLVu#~|z=Aa(A@K)2TR;7HhdX~8w)_*h&4mm-wod`^wOxbc*18yVwbr(&{7?v`uV^_OeSO`v;v zZGSWRfvZNd_(VcY;_(6qSOR_s_QY`OvK(VmA}vOs zb1mT*N$24%Ok~3Apu?t#St3EWzgwFrGbhc?-Zezp3+;y)CBE1gEiXg!E$vG~y{v?D zzuH(eG1oA~>cS3?&bPmc5Bfg3eSw_tze7g1FNxSdHjykvc0fk_hn>NPU8owb+!cKo zId37#aM;K`pDO(O4*DSRj{7BTxsq8El*^lk@ne+z zl4E(6=yN`es`fj;5+ zvbmN03FJ}aojyDrE9_@`NejzxtTO*n{FKN*-_fVZA3w@N@B_Vy%C^AP}{0yUrgS zpCOsVNFyQOrByl4aj(!@R4AXwMcKUhfV!#Vn_KVSweuW0aLdng*x{TtGT(a#=Q)x( zzcdCHjjLBc<~K#oa~vWeIL`YaY&_5LHJ5-zE1TG0uCj@ySABQL62{Pc9sC6f$XTu$ zU7*l;j%Q#5Q5cF~gZZX|a%!E^2qAe8k z66b!c&xeSrJJ0ch?P%ZMYdd3MaGoO=AAx;=tkXG1LwCF?CL~Y1f6w_?`T2$=iivc7 znGR4`>QH|gg7K$g+5A|GQHlBPVJIFX<=Ovta=xKb-!%s9tA8N<3eR`xe#p+25H^8+ z3Dqb5yXNmT{u_ZT&@b@!zQz=3X0-Y1X!bJ!11JAg^Y=pf7xenyoo^V$exuJ}e=sU9 z73T-Wsz`FPJWZj0egLBwj~CKWA0GAmz*sY_AXI_``SvYBe|x^W28}?rA)mV69V3*y z)$;?~<*JjUk~B!xR>-5uSA&uB2V(A=y=V^PMfINfqAY)KOE%6oUmpC(nlJl5%6yc9 z`LLe_ALTs%2g`+g6l3;xSyj&$h-dORmxIc7&${sfc?Yec{zQ~tI{wgKa|{hxnST(L zAMg5lBk`sPJ^cEh3+^Kn;v#~Gxfo(HdcUCpwf;hcUt$CP@0>6A6ScUFmImhwz;&E2 z(DgGl(J2sAr?)ci@O56xg6Iyo3i~MfW@rA*G0F$%t$^NP`iZ_0`q0lSQ*UMd0Qqq> zb!%0AfV{F@0`mDs>f9!T>~VkQW`0A^Bm8L%@=t1lm4?}J)^3O1Ev!_13 zfLky};Q{l z_#}#H70?smX>RDj)=3)-E|?!Y8x&CINbO^}e+5~H*q_Sy4?9qAE=6zLIFv5oX*eXI zhjXx>VBuDCO}K!`N)}f&U~-?AAG`pajvBkqw3t(uTgqlu~ht5oM$4CYW`P~ z@YBtAC|sNXI{)`pt)Hj=`yKg~Oi&RsL-BX*+RF-s5A4eHUszu1%~BQv`VSD68i`2x za{8)$5qmJ2e;A>E_4??OEKWc_a)ukRA3lEO1|O&Jc=Gc>Cujeu05(*`C&GWBCAclq z!!HUKDZ-o?H5n&r`g=jWxu2+knogfU!9X%CBOpYL<~AW7XE?)Fmgr`}1YC;@CtaxK z;&)QsmzddCh9$=LFa7@6^-W4i18C~}K|f#Q_b?;a|K$VuPfHS zILEN@j!$S?qs2R_(!ZSlZ}q#feK1GP6VwIg2_Cz-BF3=e@-Q*0%L~W-0hR`jVqv(N zyodZJ^FOz^G6B5BTYCjUXg?^7H^O8&jzEZHJGZNfF_(uw#L00>D!m)xcR|D8rz{GI zIB<`~VWRfsJxmdwS2!V0r>;~1%xS*2Qnq7x8BJc;&Qrg9s!h%pFe2%8ngM>WYtAf` z89VWkw@wrK&@b$&k^7`UI(IeaC>lVfw$sGFUX>Pp^q%hpf)oQIj0kayNtw>=!xrEYq!z;cPbw-I~&70 zCcfe|5B(bh*dIp)tFP?>C0Ho=*ieUNdN3|@V99zV#+Er22sl_><`?+Ijd#EuyXhV+ z+f9ew>l}oyqMA=rzz$SicbN-iHlmbSyuJs?vZ1cmeCN^dhPvwhOxS)g9wzY(nYWPB zSkVDE(utqVx~fB$pTBX*ka)H#i$?al(wC$ZA1;+Zf&+9S0bl?kgT&NH5@sZ1J<C z3C=XYG_;c+tfT9T^zGO%$GC>>*@RfY*9ay6mG;V9Efw4_cJ{0h{2l>7_yllaUX(J7 zdlDJ=2mI}KlB>8dKcVeA_H@d>j}T%?l6t$^K$>d@mKvt z@NgmStK)#GPS5|V`^#>SflH@f_m}avDg=K%*7>Q5`B-a&U%vVi-?QKHEh~IGhHItj zITXylMS)3_d)Q3XRa6wmWvkwt9B7uON_sej8%JxT_fA-JO|8}dQKPu&+`gm~jqmxyJ z^PCS*e$gRk2Ma><%L5@d|6lG;8%@4S5G4o<^ugn=L#{Y+`I#(`)L0oCHvg>|6sw$( zeYJK2Z99mf@fz``;O}GZPY`fqF&&03;E`1)`!N5UGA{o_*yZ;1eY4a}V$iN%mZx})Nc&v zuk>Ko&C7DuSof>KZ&EiUG`pVZk1tX>4A3mz07{mV|oq2WDE2t1>?2`}+_*3E@x#xfDMce{-f2 zdIEr$Fjr*rdL&pmpluTmOmKSSxBte|2kDmeey-QD9^v7kX3X^HYB%72Tv9UB%!v#C zHp*Z4W68B>tfiOR8z)^v6H008w{W<}vZX)$h{;4+mTEwW&m2xO&wk8R^S8Jn9Z%>! zVm=nBhO&Kr*=`?Il%x;Ee|>cE z)&|+V0bv!_L|&zpIk9`}on$WFkJ%Yc#z@MoT8|idK1b}tTGEw#gZY#Zwwg-82-mQ9{kDDhx?`Z;;Jhx*@)J# z6mAUc_^Wtl`l>G87s3szEvtc~w-EEiK^ykZ%nbqHH=64KoqEirC_=Ve=n8l#ehQ8W zd?d{tv89KRJzk2x@odrWYWAO9v!mb`kWI($FD?NRgFQ%3WCprWY)u=eYaW~J;%S;{ zZf>#TBh!pRwnqc}9=sEk&1I;d^qCgq1Izmc6w4D`s@KO)(3$1TZT~Z-MypMB1(3z> z!K?64fEizo#}wdE{Jsc)N)bC@Q8yEq$=5H2;t2NeN%`e~1P{5Ucr&YzY?HA;jby{E zn64X0eZNg@bg5p71-uLs$SZDwtb{t2_?5667@P6iG+twYi)Df<=(=CvO00=*ESzGZOl)=Mx z=~O)ugev>m!hAYLnCnTNmtn$A`j2L%cyUjB38en}mEnj9I7s{yN}S+u`=%{a;}`1V zr;MGm-sfPVbWKq%ln{Bhb+*HFSrqvh1$?S4#D{XUP#-@9@ZWIQK#?V2LG~D1{58LL zil0%KyW2t~zfd1P1?FuLn8n?QF`>&pq80Rl?cU;3n9Y&q@$G?B3WzJd4^;OiM${Y^ z^B3(MALm=Vo~lk_Ls@g4p4 zFX7J-gnn#^y!p?d#43e>bvN0zevtriz8y6$yaS0d<|3`+%w&aOfIv2ql{J652Cw@9 z5YW**N=0;*^2Z?NTyqZMWA?{nGlM_W`}ch&^|u#qZRV(>+XH_iJ!dO+lOfuUjj0mJ zL~4rc!DzraY+*=NO#xGf;!h|7js!VxAztvs)dj86dOYW~Jdu7Vxvn-n=LtT)wD#FL z9+Q_xjqC9z%LVIX+Y{I!bd`XW8hAM_-4ZTuZ9;NU9Uke{I4i9LuVA^B)M_7PsC_?yrU!XSqthsasv2^RS=iWIw8&Ksbpn7u_J z)pdl*mCEKhh7(cR^sz$Db3y3G_I$UCC}i)nL>wmHzZfEo%;hKhFM zWA|9v)}x^5hFiHaxGbb_Y5h2Qi+2j1%H%0n{<91poyoULA)m=bi4s{3jQ|_OFOz@Y zacEBTtqjtHHX#E2lRk?tEs;#FcZRQ+D+*FZEF$sEFc7$SJ=GplHsjYu-2t#V>gPl23`(1l#r1(RdXNObEa60~kS@%+HP4PDt5H`)Ve2NN5 z!{)$y%J+vY-Z~E}4rphl7jFQiLDz+_ZgUFq0_-z9wfr<}PhLr#D&bs^&PHff<;mc! z2&^Huz@?EiEQm9l+|iYu1w}}?NvX1>U6oQOB#{WN;>rXghrj&*V+-_HFsp!euZIgU zyg5CXubNe8j0PizvFcQHmq`9V0jRC{4${qj(3cP-CYXC66{?C2ep>rH!0*A$RH#dv zUH-72Ps|@pxb(cA?)C8-kXh7Z{^V43E+{d;@4;`4Z>cfI`H-`IJ|X`O#)B^U{Vvt( z<0rtfoVol_2e#K0Ko-9TUnbZ;p6(D^733ob`d%O5o*=!C->A-_X7gqTxjQH^z;8wP zt3KqeARmw?T7;LoRIiVp0LyZw?~yUq@3E7q^@DHn+OeAAV+epdv(yPDrBfYbl`Zx? z6f0&~1m;`dO%r+X{ecg1ppar`in&d-OCcci0c(CS|78*#cwZVn6$LmK0$2%fUj?|x z0UYB4l%xp2y`lhL1erU<<3MGMk=Q+(mbE-19}kY(lzgKmwsNfw9ZtxfLTSHwc>b=h z8{$vbBHB|6>Bfn&I^q!W$FwuYKm=5~~KGQI%H74FEDXmrh8l=0YyAqJi#n8*1o z?#2S-I~nKq;BK5|{`f;Ke_kk`-`>Io^N)=I|JaPV9pHq2`;H%le^RUs#fmj7qKJDf z4QrpRO(!NSYk8U!NHj<{QsVq;5yZNn~G^wu^>ZPIRFk4Y2m6RCh?a<&@xw&h{^0+#xnQ`^0B`c zLO0=?NhTrRRvyb6`3;_Ultz9vlZ~Y2qQ+1PF&Fu7DAkHDpao#y>Iz#1RF*nllix&a zE|VZ*OQyQApGIEjK~+LTxC8&j?in%v`18Ma$m(WV8W7-96*!~|2;kc`n_>bGYjur| z^Ba{UG@4@c+mkxU+-_<4DC*`5S3BWqzjUUfr6i&D(!&L1DM^HrBjfc2S_iS#LPRmL z+2YgeAb#72C`sk`jJLJVi`1UxYJbA7ElH@IJS-@Q$8Iao852ThCdYLCMg3_teSTZA0n#f2!a|4=lf_oDRB?njtQ{Gh=Wg;h2&JaNrHrNq? z2wWeFnLqtZ=15J1>kaUa`3sVg**8U%Oa_8UGuEFb@i(VQ?Xa3V3QjLIa@$dQU=lLd za5itQKLss%l3=Evs`7)|+mP?{62AuzqF&mQWu>u(P`+R?517zMPH-7`Kp3BZ%%WyS zF3?#-!IS{1cn1_C;K?*7VsE6#!z|JY|JCURB{8NP}7rR0t;!LQ;__1Nwzv=rSd|wSt5O2y=t`D;!7gP%7!FbO&0zk z{`UPycf@XxCG!CTY}Oo3VvnCD#Abqdgx^BU5`H>j^Ly}g68rlnyZk~ZU%Id#+9R zlo%Zt$$r{f#543tWHk*}!5oPD$_F9>eU^2=AGDU&OGy&d#*>0ZM#r~Rl==$y^u=r; z*3l;=tUSmthYa=tq}R>@>D2uW{AURs&L8voBo#X|tX7?}&U|z^2cPyhIY7aJqmA_i zUv|@l)u5R~PH9o&>xmPM3{cT-Dbk)StH|tA^pST_ zy_aFR*^1(9?DV!V_jk&o1@ zYJUmMKJpnMd0MQf>S$*^ExowmUOtO!WdE0<(g~PIujfd!*!@A1YM7K6keo~(e;E%s zzIS&l(bjzPjXk7uN~|XHJR#VuqtMqPR%8G^BFG&-l+J92@?mGZ6u+j&8)BIo2^gUW zQA=3ZnlD+n0UDt@ENCw#jlGpDzVl&ylLO)XBSS616IATR!%Vyl?7Q1CF=JBZ= zv6b1`Aem0uU!0lV19zUzBoQoBy%!uD=2G&a{(mP2F*HzV+QxP#?{e< zWRYniStO77^nXFJgrDXjsBG$rDvxH{cu^DhHv%*vaBahS0m#r<6kaU*hVB93!&MJy z=z<%jCPN$x<_%mZ0lxSLxDlB_@XMdn)kDUx%YwAAenyKt5A-8}17W=nFSwVVzY~1q zO=v~Q+_Epp+cIn)hhD*${mx(5KI3C{F2oHS7(%*7I>~wxaOd_>L~Q4`*2yDahyM`s z6l82`o(#J<%@)Ix##p%a;#=hHZQa%_VX-a#L)%+8?6J7bLn>DI7|)lL5NvUXtfssd zIN35-;b7n8oe9dHGIBg%(GwQtB=`-qLE5>Zc=|5Pz;)Br*I?euhKjAH&bZ>c$JG(~3SoM+O3w^j1Z_cw(5uWb>)v(Op7CAHyME}J!&vv8{gm?ClxVud>_7U3ev$F_b9LB;S$iy^9v zIN54PrrYn=p!xxs2++(0)lsM+v>&b!`6W~aAsEzbUq!&!IHYTZsdMr30T}TbGvRzU zDho0ycN)&P(JzdFBF~KCFVH@S&?S1x9ZA?6*eUJFcp{3@hsI$4t6dnh(QoLu`0!AC z3xEI$Rmv6#dM6YrgWg-XRw3Qtx30+B7`bUcR#u=NiXZ_Pv13(0NZIbwFn1>JZe`#Y%&Xn>yO zG)}j&8FM1M5d47c!=@LWDt;BYzBC=hqFj4^Q#@Ff><26RVV%X@)GM5&jcv^h(3dpg zaL%|4;bs{fCkJVeh)(%Mg7?d#$9#KUxBtlE1@`3O{&@f|eh+5HDkIy8mVWMoxm%Vg z?=~MtXdn2jLZ4Qd&*2AWVO+XP8X$6-a{)YA&P$pxv5rU3v_N!ey8&U$q9o1D6T4}F z)3P|X=2QSN&rOkeL;~sNCr8uu8XEi>CxvNd$fU6qc@|aR^6YJ#_YN=-`|2LY`l6O< z4od0nm^7iB2`E}OGr+dZr_n~Si?cuL6qc;8~rElI?7cCqMSID8Z!o5+Ne;lq6VY->c%l)r;18bCI0G3gqBLwomap z9T!bisu26s0FQAngD^j5^k#I!acSLFGK&ootMC2+>vtMg7qr z$L?hx8EgUO8+MQ&)}iC;yCG`YS$xNplIB_fCE;>-Ktkp!JUsFBkGxfh)alhq5RL_c z$5`z3$W<$Wd3EV+U}9(bdJynhWvICgRDMN$!g4POu>1qfYtmo z7a-YZiqGmxWTtByXfnTW(EfpsfYo;h8evvr-xjd0k!??wZ3tN{V4FVe_wmIdkjxg> z0N;ly{z~9NJU@aD3sN`fP(O<+&OvOR{C4#Ih4A@R_+aLGSxiQ+VKBKB_X_z90>O}h zP8qatp`QfhPM2EDTi{QzEVs8?|Ah7$_89-uA2^xo`hjaf!(Da%yxXkH{n1JE;6yvM zP+K3^C&gdk^9%snc$|yw;&T+#ur~?bTO~PclmlPN_ivnimi~&jXfy!EZ`mz2F|kcH^|lJD{%Xxzu{S>s{J zH9`$MR?w724r}sIlQg@bowT2kL-CH z+OE)m^XFHTmk_-IeJT2Zwh;2R_JulqYx16Ro%1ca9j?83{)n)Cd3*eUyrAtse#`7T z2!i`TIFk~c4gDc^+rTJ8e0YQoanfUO#;O?!MO~4xWtOOt;@oO~^i@!{x~hPNu`VX+%XWOi1)UV>I9n0(y^Dv$@m&&f~mHpOj~(S4S1?WtlO z5SN)haP}A20F#Y6#+l!3nt~Cu24)#cd0LZupL27p5}2-pla3c)k$QFo`pcWV@W&&sOW7E zn}2Xllw3bgsF*b;-6SE{nZAG24E#&7t4)JjIkO+}7DXoHG+ObkON3bBrhq$`mB21TlHS38i*K z|4w$*sB{pnKwA*bdUJv-LUQ40gPHH3jE9CmcQ9~6_M}PhS6zVnH(7)*zNbuofW1pWn&+ zg#MPykED!`uYVtHEbKt|^Q!c1-Y!$$L8_hAL}iT1D2 z?;qua++)9R{F%xG-NBHvL5MImGkt!A>I>~kgkkVVlwTiaVTq`q2VUEqi#Le4_F%=5 z?co05I=wRD-%PP%xw<@{zyG`YgRiF2DU+va<5BJ)&>=YviaIn3b)d>&tS9A96g zJRn#iyw-S=tglKESZ7%s(x=Tn{;E^+X8tRbbFT5?F0GFRKeFa3{|6<9Zz5P@Sun@@ zS-5X_hX12%&T7o=F01N&!!lF-t=)QBL{)JG@W0PKBtdy`(<2 z^B0(<@Q88oD9Qr}y$~`$(?&JHbvww!^cfAY4w=MqF~`2&i<|LQ!g=kpYWRpL>FXT`wf2osXxl~y_=6wzkfpM+)%z=6`g-o%Ey`5T;a>d zNx_e-ndSeekdM7x7Dt9JH^yw!3k>q0RL)F6A;d6p0zD)koGdYh@lzHSUos>Q5?`Ra zV;BU${rG7k>0#HXIZQk_HZYd+=e(9a@n$Ysb6HSVljk>?dog~zIY<%Jh@ib!kCj3< zY^w2_^eJ0E&YNCgARJ=yKHZXYEihc})~j`$8+kI+>djY`>GXRW43}9I2~dX85mXev zPi7Yp?>f-`VrxdF2jv6K2>-Y5Uj$$v3PBe`@?Y}hSyT;34e{o+e!6ghw#p{2A^k%7 z+xoVWj2|*gD@FVRj$I#rNJ{zrUFG?dq_MEZ(943ajQt?qQqdpWX93r+?5t1al50EW zkIA;pSp4Y%BV>0|2QB^JFc$n0nSrdBzkvlPwubuE+_)G01W7Pw^7TGCnwdq&w~qV( zzXxCBdf|R3tEmdeydM>0>%(e#vv$p}A5ElFce5c|Y)=#`-i9JT9}}*0su!8b0scEC zmKhH;h9n6c#2435@qw*${F*K~v5fdr^Ywh>P{;4Muoe`OU2iO19D;i=l;R0&&E;1a z2qq-}qQ(co6x}$74*?;{4W=iZF)S^MMS4~>Gr$yc;Hjel{QG_aklWHRQn21G zzX?#1A^=A?m9qeg?+Rf^)r;vXxq*u8LBi|oWsoJEDd?|N`fC`!yu`uj%o9xBt%o(z zshpHS>t`x9S@-(_{oRk>8&Y@SU&5E%bc);vev!TS#nx~PIkie4xT3xKOa4qx5n3$y z4VgFDrZdcn4USvZ}!71iYsuNZ5fzIk*XTp%Sh_8arVD#yL@oK`St})^wuhsJYsaLq zQ?hv?c20q*YYSr-q=2`(xNWO>6M!=kY{8y;K!hD$z?+s=DaK^t>^_=UQpx1R#iq~Rdcdbp#A2DZ1Q3mbcC*yydu=W;iNo24TaqwIy5czI54fqy@ zSfZIruh-pVIIX4`ULQZD;*Sv+3KxdxX4T|=~R}9?9Rh}om{AnWP2GV$)@u4 z^%M+&L5uzwfd%yE%Z*)LT_?5+N?KbEKDyo^ZXT0pEFDq~PTTbqzkv=Y$5Wj6SNesM z7D&hOOC(I6F)^08jGe-%O+uZYVe$}6JT0mg60N}GVwOd$_qqt*>C|;h9tY2~G8uht zH?uB6ei8D9ee;4xE#XSm3T6?b4XFzN1xjx=|KLAwrR_CDEW<<$MzCVo(;srZ%Sxt` zTQhSML0EgK9b0iFyt0H2EY@)l9!YN4k?vy|Z)R=;2V?lv$A3-V7Z~&;@p?nV<2Q)c z%w_^Os0`=lG)Wv_p1BpZL6XdBSJzANQ{eUBLvCVugl<1C*g2f zA$%y_r=*i^*h+qe zflbVLD;+S)XRxeRSq46*FU-{ym&&?jN!xU7OQ8NvwCI|R0 zuGzW|o%Uo%b2s^N@%+|s;w5R=l*xWYHGn6H7?IMlAaSL9DiSwdt6aPeX>I^A-|J%q zFT-^9{mPBSH3r)!pc<$U# z=B;FU6iE8Q&N{gt-%GLhbg620Y`z9{5RgiHDzqjp#W4a)Irbjg(8idpS9(d6o(34XJQ8A)?lIyDIeaTy-|O{XTvH~*b3 z>E%3SPQcT8{K8&v%TxYRp0ZTH4yG$l>-Z&OB*fDiNn}=(r%aCm3GtN0r^~r5%hN{8 zAj3Q*3c^!<6sPbXP^YGNMTl!VuF>&$tRoF%1)n@Yud^}B-6w6i$$q&EKl>X2@bQ9^ zO{%8i2a)82B5SK1;a8Iz2P5T0tDufw=@Xw*oErT~ef-1_Z#OT)i=?JM#N{nZ@iVHS z51^}Q5#QSao8&5ZEBX1hl`5w+zD5z0Dg0`bYrTvrWf{VF@7?cG(HpT;2OF;hb>NO- zB}6`pJMjLRYPrDAyR=aclcX~Z4q?>fH{B~ZiuiwFPHV;Pq8FYw)3M-#{=fm#s}5yo z!eu25>QU2tg+P5{p9Lg33M_9hi-9knmJ0!qM*nXFY33+PwmOG}*Y_II0fkk75=(g* zX47&^>@*9xDk%1xQ4oF*G`6f(Cu{MU{CIG#e@Z&*@T$%g2WWA z1TPR4!5wAQaF>{1?l^>95`6RJ1(;x#pa7?4h~5DOG*(l*R!9P8$HtVxKy$2fegHIE z4wMOIsum#S`pXM2!8B;A@X}nX2}V#E&j4XMQUEu&tU4^`-!MnPv|yh^ns))tss}q8bO|7Vtt`!rK)zx}T(`vBlix$QW?9k^R@{DtT*TC}MP!zTo<{bMrH%`#5gHb|8Bp3+D-D}_ zf51z%uwmkF2M6aLjme&9L)upUW#!8hua%MS?)d)bo8j#!I)At4;beUw$;&8Hd$FmZ z_z3>g6g#EeFye6&y9Yt8iLumYTwZcfBT$^%UE)e>=_5E~Pb`YK3fd_347Hu3aIedSD!3Y>& z#G*!X!UD<}{Oh!$t*K94Llm(f$iv>7AsLwC#c`$(3-+J-z?(ZBpyZfa4x$QZfjS#X zr2mPNaJ~Ac-`i&pmJs(H9q-l``1BN5@8N_b8b+s!2MZFoG+XCsdcWIY?*=a~38UBb zd7_82&@YD3J5|xk0ll30kVP-wKLcgB?x;eHKv0xQ=1_#; zI(g3(!FMM3CyVV;jbKX&x0-Ow<8Pv|x7HoaUm#nuhRv;4l%F4Iw)zbrDMADGIXjXI zI`(vPDc6x@AgjR2HFpvx6AuisEMhh`)^VU9X@A#+Rz9v*1`n4N)ZgKP=V-w~?B3=v zNrVn@$}D#8tTD-FYat zWatf~JLDaOhneOrm}KgySH6hKL-9Oe(DETZH+{yWScWSK;D(eHip_7ydpHOD1V#$V z(F2U1wn8HhZ;g=_d!N$zWw?e>G)>gg&1hdW?R(5;54zDB-9N}M$w!<2bqrn z&L$qczKQH9s|5Ot2;r$M%c|7IGBi$Jd^4|`CL4G;1MY;Bb{`BdgyLa3utOvnML(*% zD9L8Xq$qlo_>p2gQLtJcaIgv6#dr0rIFuN#Of*TeBi8X43ab)e0%p2bgc4}Ln)Nyy zSLQfKDw602*(B)0meSZ6fVjPQ7m|S@Q;w;1WK8}OCPjO>m4z60cXh*M924uiIrM8bB-7Qo?~k%fS(%$sDRR>|ZrY;WQ$RN8ieJ94bE+Z|!1fyX8T-mvtKY zAlOcE7cK+AJw%=_2E!Ra>1aiQTCYFuSEl1vLC4D_$^E>|w#Ll4O4a=RO74aC^DfUU zlreSx?V32}cHrAPIFaT1jtX=?%v!vl?OY@6z(T$O_+9#^+pKEw3-hvMZoNq~g2>#v z3>}V+)Ibu=d1y{L!sr)<+4xuoi7FLfz2S3ubGDlA5SVH`Zlu>6>*d1KO=!HxbA>9$7GL)kcsm_>S=7ry&SKRJEx;rI*Xc0mjY~qIZ61y{b!d(Dd6yFZ0ZSj|(W^LySN)t}~Bb_e{lHP{VBuS5U-ue4s`W7603-c^}&lEbs_}6ni z3&XJ;5D$Zo2I3addkm7!W*x>2FCmTVExj*6IMVgY;xCn9L%n9cg|bz!ar?)TTjz!N zokxqbM5fi@GZnwk5HmzGoNP1X8X@46A7sG6Fsi1l?}HJgEZn-c({$hty;=C;SiOQr zpHoeDHD)kiP0L2B={EA<#UC$KO?S7|bhs-4Qwq^^zsJcHJ2v3FfZ^IshqPlgU5{$I zRc0{Z7v@PJPGRVjP)ZgxPTjU<9MR_etn3{$4$`4ZFTBLH5H>@Jo!V0ijuW+8{nd} z&!yw*%{f4`I_-02-%o({ZamJz<=2+rbTbjrh|nC9a(G-6a>$OXhOjv7Xj;r6^hXO4kQT8&&4>AoGLv1G+%jw*#}Rbd~K&ZomLM2EC>H(AV&D3 z@$?$_Dn3tV>{*ScbA|_L|IG!5lyOy!QJyh8Sp~)yB+7Am3m=dI_EkB(2Y0Zhl!dIkyT(g!IW*fTIii0Y)fi9&@aD%8JtZ6rMSAcCgjzoP*|ub&lQN+AQ=? zTI6(yzn{oTxYkBkFj7g2VMmJ@IM!lu#?f@nYc;@D!YmWk59~+BHvcuiKrJ!AD9#2u zDa>kV1!E_POH%@Sw19&V@>9a!{y{=REGe(Mr2EZ~29-c47wjXQ7ll(bOkjftpOPGy z`@P{vCPxm4rDkgi;(r$~1rdWIz#uee%wHsBq95)vW>``t#8Q9O;aZ3UAvzwFR0PX< zQ4W1;xtmw!@_{2aSwg~uSjUYhC-m~-NI(Nzt|~57n2~_NM4_ggtSdKe#~CkQ;r2ND z_B1ZGcVe?jS&(Ryzv7@v{J{n=D2gkyv3v5#=W5NzT=(C^D|zgG>TKygc!-JsU=VlU zpK6s4MCIZ~lw80hq;8)9lErD z*4*{U(0(;NGr$~SdUqry+ihNL6@}AnK2AzSqAZNTOt5XyU~=mc$pmKa1+6CL;~Zcj zMWW?A31h(^@GoOitSe~(L#kS@w||gZ2F)?zdPZ+t)3{g8`~at5gWz@8-);_#zr5|C zo3kFOL@Jrq^Q4P;ScKnUVEa}c9+dUAzP6i;Sqw2dX0tkGa~QMWT8+sZ7*HMUa2d$D z%pdp*mLseYMXiup8MiyQO5Y0<%MWsO%e)UP#ne~_bioW=P#(`~&^L+U(bJB;ikc(z z+2_1wuEzDE+v2ank!CDL9tPuGgg4QjK?DfTf4y6qVuj>}8Ogt0hHA-mGm?L~%p8x( zIwddD=cJ$07kOhRhK`U}44{6nK`by)LWov3*r0yFyn-|I4E}dm1CH8@CJka!L5+Fx zVs@U7XMSyxocnwM31Yy1Cb)|4Sio9Gg9;XB)D%?cg!=(if@FC*GV$T$qDk-(TD2PF za!;1h3Ft3Tlq43-z2!xn@(GXwB!?Tn00ThpxGspi4kPj^Q#{G}(7}X3^C9gM*07mt ztm_)`K*74O{57il(I#S4T>npMZwdy6NgAOt#=iXCA@uvlcMGaU$ukKf09w*FOX8EPcz$~CgghviIx)QTezv?{eryqid;pf?CqRF zvwp2zkZ%5$mM&fHC3e3YH`yarygN#P3=6^d4fUv9f|c1ly^gOqnE#wD%h|B|AkkH> z?JuDR64OPGKMv?>6T50cHWAY?x>H$i&Sq70Kbq*PI+-ZCYZl>?TJ6U39p=2lo0+UrqZ9 zCka$lDJT_tb!dPD39c;wiGmFBlKC`BiD_1S7&k*Tu&hKAh9Nsi2y})c&lnw@>n9Px)B1usE&y6J8^Co}%;(QQ|xQ1kg;v1zf56eArHgUpe_#l#! zZ5!)i8C{rZ8S&y9)9d6>xsBL+o1XoRb|w8SxD;o_|(+^vkooz&;Tz|o@S*gbNxd&0HbS>7%aO#SHX%JWe15t$^!fx*}! z-5MA;b_P6~vdLyyKMV~mXym=X3GQaDCV&`M4{=n+dMSA}*M)j?oR-R>EbwY33FD7Ok~JsIQ5C#aSM-nRPcrk)^Z16pSF* zILP}bzfMK04a?g;a!2JRrqu(|;NHK|W9!oTaFI#--{`LeynBbI9evqXlf=JR)s^guc2W6UG!* zkmITqGOJJ!=X>yPA|uDjOgCy3zs4f6!bz={>Sn$WMz1BNu;Z8slTAIsw?IL@S5pg} zpmj&ebRfvSFl%+-NJs}>d6whr``OCk^&E|yy$ujIbMe{mBFp@r20K{g41o2uO0q@W zh;Fk7!fkwM@m9GSLIX^QciLLcsRo(WnOnF^m+fJJPzi2)B$<;8nt zB_NH0L-Ey8w`DbMKW=%VGxd9{=fpB}9r0Kp)9!X@hbUa^W^P%H&8$!r{aE5#J-zN` z-h?a_m&w1rLf)HD@GK?QNLLrTp`GM~$`wk5)mXnRP6Opd996#A$&L23)GJbZz1Ol4 zlYgoWPWWucFw`dI_>J+NmOZ))bI>1hVxmuq@t))-a5bhm2GKI~x{HH0zTCq*gYosT z%wYknyKHu5z`c&B`MaL21pAY=!R%U zOLd}%`86ULXtz6oH#G5EZRYWk$S_+q%z=~RbA~eo@SHcWFbD~E6SG=S49w$#vn?vP zt}i|VreUsu)z7HxKv3FQawzpx^hWB)mq^l6AbmoQ6hw0}E%>d3&afWoV~#-B6T?zg zK$30ka3__7ShMl^m};H_p?%hK7E_$>nCsbAH(J&nh73)6+uVIlaKo;zAIC^vIfp>j zralQAu)i4pPM6kVnNx#qFj>0sCT5SgM$Yz5lG78hd6k)nt|-AoAe0SwP*mkW$_e(wu{a50 zSxp*(^B4Bu1@*~L9U)(cdK8L`oiae4=e9jBq1DK1*2vOG7pwa1R;du{}F=b zn7xmm_O_Y52?1XiiOImuT+qY~7hp73esnkSbio^2X<1A(UWS=C-H-#(86$&A=O6PW z#Bpd+*JGeqn(yWSqF&U`(Vu&1%VoE}?b-Qv7z&$qOmhud~ z$H*F8F2j>gZzW5@eB)o&n=`;Q=}3`R%{e#5pv0PW$THt}#D#1#dW`$LN1c<>>7WB2 zeh)U&i8&M%lzHu;eC0pl8bs@>F2n2NC#tikx#*HHbWd>lW`Qe!EPm^AkV6kU$X5pW zeIj5PeNy%8p*9jc(b4lVI_U!MEsu;?cPAuDZ_K2vpGm zlpMcA$^F>>35rMx!X6F>mJ+ph#)quGZUdtwFT*@;L4v12o7m_|Xrx3GqhEc$@#t@; zZ<;Zh*P_@7gIKV54k)4hQFl>qiKbU6ekupI`Q_=`cZB0XT;GR(iY0B3a|A9!0lQ-c zp?%@si~j4a#VaeF@xR16IH_c&tTsQ0OpRV6Z&~~=j3~aeE&dWhh!>+Af`;Q`H=T>G ze!9B6it?rzE?q2B0;}eXKDKPt1z&E($9ACcu@$sik~;^YvQ<}o&ql7!%76gmp~fUE z0)mzUHm5Z8LGyiTF0QZ#sb<;HkVuJ!h2l-~tbcBM-a8a8p%y)5BY$;*Ucl2w$+iM$ zaF^S{h(!x|?+8165cYj!c*l+tcOZLN{4U>@Ia}J7=o+R03^2)7LPk|nh|E!NxQlW3 zvDo|?FY%xuJhu{giC@|}DuErvHgp}Od+idl4LtP9B%47~ZlO~{`h5@vo~KSRsy^NM zO+0?Ufk|+@yT$etkwiWtU*6weg!+3GUkud#KK-Qj_ZQ3JzwrC}o1OIcD#-)Uwwyw} zAd_|Jylh5WpKM!?$K6g+0Px6l24Y^{jfLs!U<3OT!Atjaz2fVWS$NUw^zME8(ggk@ZY#H8>iEO^&g7TIb94yGey$at z2Y6@MhQ%F_8Sk1iP~7}-2v!9T&mr9`%+bOO4Stn|Y%VgiUzq{cGS?%wSc9eu9-vKy9QVy`nwo6KrQp2w?R-n5!9GtNN7l%gxt@tC<@}yX>krLY- zsY^7OQYZQF?@%Eqh0bazCW}TEfQ(O<1N4isv!ep^n~eelJY`lNYkMo13ndBrV(t(d zWcyVon&h?OOyu)9IPgGh0A;}Z{FLa5m)l>}3}NJ+Rx0^+G-S5mQ8z02=*fp~D-I>I z^8c{+F7Q!%$hZ8)~s2xX3guVZAgaGT|I`?op|oI306;Jbz{8i>_}~v^M0Dk6%o6r8ExCX z3euTlHq%7ojieO>;no!F)bC!Xc5RH7R38K$j=~|ftx&)XPcn#n;zh$KCW~Ofnw}f) zpor-Yf~XHYWKc2Q)~VQsELVbUJ2UN>C_U4$m-Mi*Dm&B%j& z=V(=ov`9=05-QrzkI0G67_TZSZ-hq2uP|(h86;dnIl}bR6XY3gOvUCP@N=D+g6MFC zh}%1ck=5(2j?_|;0oQ0I5e*(80^Y?aYB4%Jr>Iix(Ne@x{l?xd-qL|g3(an{veWQu z;7R#(bP@bX9-UWGZR{b+Ikqvi#{6@49A_s;JwWSYC*&Vev*!fJfx4A(O(BcF0TfX^ zSq=)7Df|mm?P|6>e3E{_h1F=D!v~lqVCO4Xr^&GHa=UcB&{tzFp-iTuHA-KS8@lM9 zAsOsQ&F0L<2_Q5qF}wFd!!AIs3Wro4DJ3K(ImUcJzo+n<>AMN{mr6Q^V|559yJW+t z`J0Hho3l6Sc2n1s2Y?#3)x4v%RhFRR#eh=8>j#kpEwy7CkBqjlGi9(Hne{in;BbL2 z(?CX82SdDph8MW3jxxu@t4<6tF@q1sM4is_`s$_32xl48kJ$)}fIulw_1mCu*mc;K zY8mD9%OvU-IZvhQHMsv;MlgD{vA}sMKd_|`?EdyZy;P+34CF>LAeS_WF}Vta(G=_L zc{r6CT`#wxB?>L%+_9g)bdS_pon-ie(XAL8Cnps5S8xobbSij?1vuG_yF}{$FD4!?_wY&2>3&_io$*SdG4kfU=Wpx zBW9_JO{sDN0|tHbF2viX&v14RHc+RWiUASeGc_<36f9Rfdlp$f8m`dr_xF-{>2hPf zkDZg3?A(p-D(l)C$3*0zQKYod?k*z9YPDa z)6VhXXw~QPju&_d0jsVzd(-vGjq=cxz``|~9J3v5C0(7FF&5xF12U(Y>`ZCCn<*Kc zDcx={FTm2{{JQ9T&XoSRHTp-)ltz<&l(mX;q|{%{2Df=D>uUNXaD)@e{O8fIalgaP z%dh3Z)_CwVgJ+JG`nzzMeg&cTmyUTS(4$2b@dxVHZ;|um8z&a*PJ(F_iz3U1+yKA1 z^>x!KM6%yLNFJJuznM#pF4v1BT~i{dESV=}$DJrc0*kzP5a5>Rty=J{e#4!URWKT= z;?@)L*G4i2Bc37>l*&fD6@GhL=*dB$nu2RhT$#5@;8ySFD06Q0ojjTvnQteP#K;C@ zr1_-NHXsyL4N8VNJmei(Hg=TZ`Yxqs zhg>0nRHV!@Of|p4G6eMpPikdvb1HHA0_(@b8&bizToOn+O*QC2CkMIsXk5c8fw+)S zw+R5wbg?vdXtxplpt>^&scaP8dD1G;J&3>vJP8^^s{dPb6)E8dQUdOU^id50VP+6j zjiRanswINz-Ian05wn((7M0Slx`{Ai%5)&(-6n$rAKA+EP-Kurr8eWSb3o}P$@i^(C$3*6dTYNY%0lyG#Mx~d zEMp)%6C`gd4xp|Wg;@08`6>Kj;cQG~{?7!(omh<;fMqowk@D`EM&WO#c^m;!I`7*7 z+V@cuD24hFv?oOGj?6#I$4g5f9qj|}5kM!z+Zx~=j3IZ?~2-D%(uaIy#R!2q^OuqApYsF%hq1jnR_u9Es##U&NP zg-J6Z85Dst0hMY>%Xe-o+5!MUl`f-BX5++RH4vFr;0%cl(X<8YVc8YP0K}U`ajd?( zTCX&US1)o1_`p&&tMn)|O4={0q)nhb)CCrsx*jEcnYd7sqGN1*Df@igGGZf?=HFVj zT!dI$ZLEuT1e<~gy%!>v{v+3RPf5v9Y+m6QCS72qAH@lvME%Z>8tkHe?nklr3sj9C zHN-_-=0|b;SD?<6C>U>O&K$G$Sk|1zn_lK2)4*Ux@>~Pu+s#PY+>E5&Tq#OJj9=)M zdh>hW0s7!P2p0H(KV`P87w_k;GqZwD#JwUCKF;+J~}I?t_ya2tkbu3>~rfntZ?b zL%J7#gXD$Fw}e0)^vztT=-Sk{57E!&MYlvTFXdrr)ek_!f3#H^)_3B<+ z=s3N^L{!BfKUDb1Ku9)w`=T8CGBA%+u?g``EgLvw>rN;8%j|eOcav}{G=6bNMn1M>JzLKWLS(n-YMx`-9)Y+q2w`N4Md#267Ih?LaEiGni5`5?y#dIoqId zFt%m`PHMtOZkwaa?PlK_{$@R_N)k_3Egj3@C6y_mF2T)sG5qQ=t9;<#3eyC{sG`)1 z-WmvED&ezc>S#Z80fQidnDpS)ci(beKU~qoM9j){A6|hFqKAPpMUsTAc$tw1nG^Sh zX@~|uMI{3D#XLS%M0Tl!U93a6G4~=sl{HU$bu|U^?_j7f4^vI*iy+%^l1-`(mgM4S z8V24Rb1RwW7U3`#*S7A@+2Em+U;vn!MGEad{y=#t397c5bdj!^rdeVw|Jvw1h+wM;*D5>JssYRztnrhg)SofD57#X`I za6Z-6u6i`SM?g`U%&rC&pBBx}pYq31b=cP>hid-ylF4-Oces$&10_ z+Ya|I;0E(WM9c+1LnSv)s~{}D0Ts3#G4Tt_1+B&vF6H=0Votz25|kb#5}TH5E!xe~ z;3Yc>9r=mINbS*p*6t)XhlxX&Q{1dLJlRZX6jR#k5Z@^Xzj3o=$`623;N>6T!ta(_ z@>_%&A^$m4NytAtl2~G+mHZVh1x~#Evr=wzDe&9vykavqqTx`nf}Ry)RQHN$Tvo*f zxr(iXq7ZeJz>pKJm{px*s@dXEgXlo&97A^Jy#?ce%`2fN#Q6j5aUsY^^C<#ja1O{@ zs7u6C5o_)`LVBk7yf7N!@dP*{7BDH6DQ`84yR`H8@;J;<_?mDlRN(j`D6THdy3-kE zPi1mgs$46Y%H%U_^~_C&OOXP)RDc#RIn`u#eGSxoq%WKqvwo>6HG8EHR6i|llaTDV zwu3&Oh5E7B{A`ouoVARthKvEnR_HkE=B5UP;xY&0?F;A6lZWv1u>8fcWmAs3!c>u| zfo|iVC@R7`h$hJIMcrxR_|Gn1g$^-;kzU^-gSJoo0%K!m}vdIjlhII z9Qcl}*^X7w;?UC!y=?T>sSzSQQd3-W@n~xWf#Cr}-IU%|(dK+@oMQ``DrkDZ9 zF9_&sMb#R;o6u;)i1JWY({^rfxt2B|oN(xuIo|C-4mzR%$a5f)!ME|2m<8ytP>V~< z`a@6v{nhd6#XVe|oYH`QZ1pAPxA<_bP91k-womQ4#Qdk20M+$y4}MF79Vi&>9$kzF z#_0!rZ4=!c+dv(rMsyU41*87Yxtlu3PG`TU-NGHQsHKVVW-h2~xtR-2ES%})05J_7 z9T_-JVTI{JJQxK_L&9E_7>qaNkOEOcBO?h>H2_p4bev21W~BBOWN^!htt>XxFaA%G#l4!zE_&9-F)pnt8nRFW;*J69_lZ3h4Nfy zqqVN%T*`@&glw)R!fybft}-RxN5{nKg1j~XYPo_MtT9XmoL>ccU2wzCp*Va+K^=@V zQJsGlTO+9F?xc1SWhXMkmC>me;@H^cgAhPNqDOmMr zHXr?2lx(i|Z9yeGZcfZcPF(0Xk3Y1WlL#~?;{2?WpV5K+RSMY=4(UmWZ}CkQhQ$axGH_#Mc}+Y0gG}WcdPIOgU%O_Lnjdre<>&D%fcFE zkZgTPOGLaCn^Va&@4#MA&^7Ad@S=slQ6E2Ch=0t5-O;{;*j}k9Ab4?i@CafZ_5zE2 zVP7aph+^x(JE;h62^IpmM(i^IY9q(1$3H46xmHv>Ofu2vdfZ^inr^~Mo~jV#dQg3S z_zy6Ze9W{;wu<1P-$*fs3r-PCyhs3^rV60=p(%K&7L-4xuj&Cz1%RRr>9{aQpl-ex zmJCNn8A~x_uh?-9dwgOfzo`M<*6&d+{bhcqmrAct{d zEZd#I(MR?GPzjsg@7MFZLXiwkG$kH{MwdP`7{rSjxC?=n=qCJ&k!=&N+b7)50SC8O zbOVYDFuUIEkIdMX zgN2U6WvQ6k6N-?{9I?Op4rMvTmVe_-=vRpCWBq-wthu%)TQJqC6A5o=J&}|wATCL z@NN+U5WyPe0n)^9;*fJA|JrgmXI%}q06@vG#BM}e6PSI&vV%dgW8MOmE06d#e2>+% zbJ^G{oH(R1mj+oFlmSB=N%q8Ri@1r!Q=D)2xox2< zh_f9{db_$XVoHEv6dUa)4g*k5M+B^|*T6?s=`5GMF2NuTvc~mdGETy0+)VM8R`|`O zm8tvd%K>~Wx#6e~pF3VwK2LBc(+LK5#^?3>kk5()EZTmr^7-2iLtTQw{`mY0VDU=u zk94Su&?Ibb4*M!04GgLoz85+0W9^-6MJr~t=)8nGF@R%G>~)#xE1cS^ zH=`-Y%M%=MU4lU|Zoi4kFa$4_o~=BtzydbGc{7_3SeIb1zgjNADDRz#f25Xim<=Rw zv_q0^U~qK~hJ3RXb5tgd@)PAscBy65Qe)10P|4sctCkD~`y=CUk}(ZPtcVV$fbDae z(+W^&sHa4B;y^0v`IVpm21Ax!AHA;`8ymv1u3Y{N9(R>kuL9}9gs<2t937OvV1HGp zl>E{Y6!ob->W?rG3F-k4EAdAKs2S`J^={o!Z@kk{eY->5Wu^Sc05yaCp@aBi z2HZ;YLYlw8pr`22RI;+kV1I>iKPtv6b!0-Htp1&%IV?cKV1H;%1sbmt9jQgUjx;U3 z{qT=|axnL3$LQx^gd!tl%*N2&3G~g0xA8By7OM3I48m5VL02;bpZ&AQ(FM0Rf~um5 z;VEb00e)hFLFv2~V{~#V>J^|Q-0%R7LBh?O2%;<;bo~clIk`E^LDnT0boz^agz?wwc9ZGlO1fmBZl=F^G~?y&U8KQ6+5Pb-<#7VS&Tr z>b25O>Vh4gRrYOuQm3DkUP=sjiH*>(bC`1Y6F}CEXmhsf*|BtkmcLZuYdK^HZ9RwW zahUM9V%eT%@^2imJh$VLIFOnX{Ukb`U6SNF*iUNrlhX1WA&6Bsb%rTItmHVz5u08* z1jr-HG880UTOe9>fdCzEwZ{t%X*Q-e8-C2CfTJk=H7K1ymVN=)X&F#mzxrx?nXmjo``=#zXa@VEwHfXVTf9o* z?{0TG<4hzqCmseVfIv^0gVBhcfXAYw@U)ze(w_7-_WUzZj?}QR?J*k;_Tip%Gtd*R z)kh+aQ})u6?tvl2>bE$^x&(vSJ&Dw1_oRQi;n4|*^noH)l_wr20^j`zLIP&xD{=_{^B zwW2WFqn2QZ5E1+B{K=8Tb=~pbW#MN9@C+Vx zK5hbtEW_j(9dmEn^=Ae!4ED#=CkF?0k;&m7Z*g7!TuB1zBt~X3bh<-r&uWUF{bQWF zW8$TLVuC?oXdP$iR^09YUcy}%z%eKcJwJd`{j&_*Cxd?Efa?+r3WG``iK)UMC_QwA z9FtnC;#3&`GuU6v*TSxFttd6W_gAjw7le{HJvE0~dT_m@N=;pYL80fW5IrzPbIgZ# zDLuGu+5t1zA3dd^LWQ1#eR}=^i^!2G^!x(MB!6&0v@3!^q34tkJ>sUm$kKCu0L);2 z^xPXNROq?kmySQtP?FFy(9&~WPy~ZQ&vzmTo?~+K3#wCnRA87(GBt>$h@9=PV1|vL z=;yBmD9jWKHzj~$P(*2VfDeY)e}IML(_{x(mtaun!m_h0ONKki~_ z?bUHV5JLf@N4V(pQU)<4$G_&nfvS><{L}>u#?lSMtGj=`_qc626e^|Z6*x-UAfLA3 z4h1qZESGX+3K242#YPR~Yg!_JXdzpkn}JCBcP)(=a1;(kCNWqr-GR|znQb0@LItJ3 zhfXlaJsCej+etxbiIS}gT*b|b!`6lS8TTj~I^Cdr)J;9~2%4d&lJ^PqtgA>U@q-7D z*dd8>;39j*nDALgp39G`mHE9D`$?>acCmvWYT+!fM@!cEFup$tiPi=_^nNFNouNz&BU1-| zSaSVfEqRlJQQ=ELQInwcE;_xG!E^)R%*FvKeC>Yf0tUf$;#J{$q1mwn&$u&DS7?;B zy89e$Z4L!8GpxdgQ#^RT6lK}EW*7mfN;=`QK{=9~SfYvbl9*V5uQZd1~N%yTNH!T>X$kn$h7TA9d3xoY(@fqX9mD58A0cQ&C$qj01s2Gamr(1$5!C1{X}QghgDxbji~txjJcH z*#0r@Dy~7@+<7yu_jCs5&3K9h$04y92GWBPvEu`Gnz!AcOI>>P*p0iuY$r44VN+P4%`BP zZ$Rl{`pV$0w0a;!#=q(iOQaN}E74!qhTdIFY2+wGF5zthPcAnVaSsR}-L4pOjc z)*%m`Peqt?@kAG1?HR@GOxX3u+Pr+7aGn!}HuGwJ=wus~hk9h<@itmKQe9w|HMtJm zVPsXg2$v--Sf9gt>~`sLTVy`Di@ic4~xF~p#UzBi9j-!=CQuKJn_-v3zoMYqn(%yp6(`|D((L^Cgw z%s2`^Dq^o^b%(rf%|g3}MH{G^g(%G)pd=yYC}4NHmT|4=yh8#CzY|84!bKR3Ta-v{ zxO=%S`ZDzrjOQHh>-c9bE);y_{aqs0`b$#v6mDi&Y=1`lL zBNj{K+1nQN)yH6ezMQSceVHW%;lr_hI{H&;7A_>+wi}<&>e+rsM`FBlhdZwZeD>`b zdA~B8NABbG*YbHfl?NE*ZA)yR!_yUEV0VALrEl(R7z=ym!0BMSU$^uYFa+E$f#6f< zeERME#CHDx%9KTaZsmZM5^c$OJetdxqmRaQO$_|-53qvhd?S6lLo^<`kJ<4Hh4}SB z7f+WQl}&w_Kc1<4yZ0PCKlN-*kpU5Y1OF-hMsbA+Rww(EpOP*52{`0%Sbrt56gqJhsbDk z*J@07@xCSVc6*)7$yZ1}t%i}8V}9ZThwhhdi=`-9?V`%GsUbS(*XCWCC@9Ac;br6UafbnZ zcHu40yI9z=oN&%F@XLZq0hC@xK9?hPgu^~6#&g8knRKqdruFs_uc^LYyv@G$=IZ|A zlaYdEYKKrv>d`+(Nh8}X)jTMtd0a03^6)nxr)8Wdpq6paR!~RdXsF=_PE7tla`;1o z2S40Rf}JGeisU!mG7@;(&7f;&Ct+_+%ebkM&@%2q`#atK($55WeY?i&@B8Dau3Bmq zq5UPXrH0Q!+u#xx6x|Qx5L2DmbmAIOlSoL3oo2#&;St)`CnZ{6t2^VfXJa}mcCV<& zlBudjIZnZ{hCH7(8+Xi4-LY0pReMQ6N4UrsDr@#YvEF}5E~?s+3l)!AgFc=M9Uj)j znkodB`bm!yCC-776*KL3I^8YTbYl-Zz3Vo)&8+m3g;zk(ng!8nZWajepEO=v3)Z-| z89L2N_zZ?XcOO(e%T6`S#*nM`rq>9=L__J>do;GECuJ}>e54b-ypD@@*Fw^%RG}Y zydY)nqofkXm~D7oPM}vQha;pfgd#|Q+1Fux3j_<+e8GyH^WfZ=ugWj9tyqH*(DRSBr=m^S1`jAo_HXWm9yK zNP*t;RfCd@S?2>K9S{=G4A>l4i_S`xv}0qk9M#9Z$5!*Dx6t2-Hp5o5nIw$nqmsjh zH8wBrn9kt5Q6A3iJH9VAGcnIV!S(3{0+ec6-3V0@J+=`KVVMu8WWWQq%wqHS2x$;* zxt3jdxHrWtW#QQNiULy2W;twSO90Y-zsa5?uvSW=xmjXh9a1aEP~whJ0=y2W(0+2p zMv&kRZ=t&ZoZn&m{a@aZ%xqh_4NBenUbhIL_6wj^w5TPB3b8St{Pxly6HSx56@NN| zCI^g%^U5G=C{G5vBMkDgYfyI8yi|K`DJf*WxHddJGXQ=AS zmjLC8^yLL6dR)XJx#0{9s?AXJrBM7B{M;NN_#vx1YWQ^3(D6mDOXWeZ+_8jK1E+bMI2EP`WZAhl{ zjdqFY1cULefiT+@Wt|}QCpSFj!Im@kf@Wr=GfL{4mTe2vQWpz)9j_>=!rk-G0^SLj zAh9|mt*yv!2Gs9-i;kNO6`k96*ly0iaWczNK*lW1BYnsOgB&#yo0YmH<~WOPL;%EK zh+SXCXAgEgWgNSPyNqBL!@{nok<2;|b&2T&gN|K9S(o6yKD$OZc3oqsE)23V=-8!q zTP&dk&eoo3p}Eh*a)Uu(WXx$YNw9o@G-^L@^thBJfD@nc8Js2OgB${ZDqi8_oDMCE zPH$7@{pfO+nC?qquQ<|&?h3S?Ca2}(pvXBd4+h_;ABlj9`=<1)o6KczIQG){;L1`r zh}_hkG-p~CZ*TzVr3?zGr{P$=%>*}O36QZd=&F!dc*hYGIXFhyo-{{Vbo6;B&{B1O zpe{SQY+QhI(?1nwyAPgVP;gF`&WnPV+k&}u!QzxXI9g$o1P&dUS{(p7GsEc2HE7HyM98MG`jr}`McZC7KxmQlBG14)f3v9vzmVA2T&xiFV_Nb6r?cC#fd34j

ojD7Bv9fZnk{ivu7APvTtEu8q1DUpgBNZ>B;i(`SB{%TSkK z(C->*HoCLa&tY08%=ETMiB@=K)tKQH&+h^}4ElIhDZG?<)a%-QiyUk^!JzQu#t_^V z3wLV($Dpv~;t<^WiOQLU0UU$EnUh0s>nz+&0UU#tIoUNe(1BW0AP9w|t7#`*=)r7N znLh%8Lx((=K*tD0O^}?;2ikqOvNIC{Og! zcb*lOAE|xIk)#qEH@o22ZFjhV5xKl8EAOC4?Y%DV>Q)$2G2P;a0hmI(>Rlw7b7s&e zln8Th6~bb`H9DptiQ(1jklnm-p3t1lln0Gor1h$y4dQOxwE#<7$a`=sM?thh?I%?$pV4i*P(26rLJ_1MoHh|9G}5yp7;-?yDtra*8=zT3)x( zuxfzPZuPUbN@<4%_!|Y_79Rkono&97;@<F%0W zawE$g=PV_g6ciNd+9a`~P_%{*Rs@O>uV!vmf7bWee1D?M;td{q!Hw1#u6fL@-XcnO z{=QNj9HO1uQiCAoYw^vwW+cWbLgNzQBE-(cr4;yy%;#<+a5sSNG@np!h|93&dR`Y> z0&)uf1_wUemfakE8_seAG|p#EFE>y`GT%oWFA?lGNGfTkKA5O&XxhGu`6pn+rx|Up zt9TnLO&gLo6)a*F_}Iumye!^|m&V~`YcddH6WmAmD>Wh7Bg>Mv1B*N~J2W zF)Hj5R)30lqf#$&THqYnfkVOhlb!DuUgh#FO|J~t4gOwu=iU6ei2dFAFA+3mCfShJH^ zQ!VDgo6x1jgVby;l`t}CO_e@Jn-Cv=<)BsIQ_l0RvL+wy5}Wq;ZbOr)p-DQ`bi9#? z7Nl~Q8o>4BmtR+aOe^1l$B26Pg?k2rW@s16Xw1QV_}T9yGFySX=Uw zOu${%(tcaKzoGrCe_#0%Vv6)2=r_4xfNIg0FSA@dO^EwY`9X&w@15nYtW=Zv?tYjS z_bLyuxtr=KNul$E_R0u7JJ@cnZGkND<_NuBnO$CnnIo8uLwHp3i!-CmByrRWkgc$y z+5owF#Yh=EIcj3?tijJJ`W;QtC2U8DFdG<_!83_;56M8>!0_r;WH%37?9yk4(iuh_ zJI!PF`5q1(j2|Grcy&9xKc@&Tcdx-quQLnWkIc3iA6e^(G6>6E;IWJ%x&(;2kE?k6 z$sV5nHD;&4))BMk+t0ZS#oDy<_NE^K6Z_fNhQSdwG_I20vMk90&E$V{-+wTPjbYoj zv1WEIs$o@7quK8+vI2|KXR>0L!vJ=Pc@OC*Z3*hds}$FmFF`#DN6S}OcH$mf-p9&W zPZWt+H--AM+9R35(?l5b_F_*lp_Ozy|O_cW&gGyvv)b*+Ldo%={t#sAGbE;CKG=~!I6ZTw*klp zugS9ol8Ws;fYG}&MgLmlc;wU^G?as=MfIm%Pz^WR3UhMs;zNR|b@H#GvRi(HA6@Or z4^a*29H}i;HLvf)`XCsjm-x5!0vB*)fIxDYCkIWFO3>~@1IY`2?0zB?X&e0^qh)1C zqNQ`MaX`Yz2k<4)e?-7_={Dd*mtKgURp%n!l>Z2%+o$sOypYwPJaES1x-`S9*RxB% zQt8s`L+K1-c1cD=mW?u-;Mdfw8QC3RUP1{%2Mq_Hm-h);0i8<7jMIWW05BdU3*XA; zrX0E*;nf#m%)0SR^|xI#Gs|&)Np-lU&)qah^jk14IR>5Ea zP8}41K2Znn!Z=3T@|)^l(P6sy2nTyft`c*SBj!5Ho|~gj0vyQR_zM{sZET6s4S;U` z5Ue1)Wv<%cTcn#e_)IHDe10n+p#?Em1>cMDy%^7(EK#c#h;uz!kHUSRlOgvZ?+$2< ztw@U`&O%~~z3G#;rv{~2%bnN}FQqL6kqga@ARSkG3aUHh`fc*uuh}#?odq`E119KB z$3-bM_;5=XIg&~g3S&^=ucN~BUmSo4D>sNOv9b9sHobts^iqOB=$PGHjk6Lqi{jHO z7wbt(Wcl=gW`8o1e)1dEk*jiozC~^)MV)bCX(sK)P=&vXSY@YOe;C?|Hl%X`@3IN7 zylBS|>n{1_)@@Lv^$P7^%%IBNihRLXue`xU`5erCp^uWDMh74T;UCYF zWSE&6gDV1k^^(uqd zaAYEwvc);(ySzCA$gTz@H^j?Q)Wo|~5_zW=l%c)&Ocz?-eU6)w;5x&IgZ!FCP9G&% z?02F~=mT%B0le~7qC&i#LfY>qE5p3KQI1vt-+Jl-woVN&z$u{>mQ4S_7~Fl!I8KgF z5K;g-OF&ygpwlcU;|SWF>Ytz#ZNZDKbuGAr`SAdYpaIq$YqbR*MMThT1`B3516^!- z0fX>RO1=hWH)Zay2{{5tc+o=uP0rWm2-8*}5BJMD!N{Sp{lZKUL6x)sj5D9-k z24p?UrsI}w`MnbL@$QsF*N!pf!F5N(eFSia+fmZkjz5$vc2Ol!FO`8rl^lSr{Qk%A zRN_|o0DE$T$_7H}X}0tNreSU%8&q}wtt<8s=n+)51SHssFenv~DI6R87$|A*f2>d| zKNeJCNMj=!+>MnZsik25qsUdfQrHxo%OdniybTP?SeZn+Z9IK!?@JsjANYYwpBGILH}*bl1#s2Qh~{ zv4xZ7uIIAtb=)t@KA`g_%v$CBT?0dsr*`nL0VYB^)x*$!mXwRPT{oC|H`uL(cGC9` ze6Z00SjvqYypvSBKxLd=z~0b0Mfl1aTBjnEuGpZPk!IW+s46C)vY7Pno!U)i-)G5r z%mXsd2p2*lE4E$fv)P$b$TsdFT#UY<&td5pE6-@TG4pY0e7XJ&?I#=AIhQbZfJAQ> zQR+Z(fuN9DuflG0i%rYIgq#oQLb+fj1DSaQ`bn8a$2G3~0sE#Rq*cGAx{SSt+BsQ z!^h1Qiwz>J;mnR_v^BK+P;2bNN?rlxNN0c=C(e042T{_(%?nwkG|x-YJXqqgmm}Sj zj^4yOl`>y*z`s;rOf(ll*vy$=oy~i@pZ6v)gKqL3COz@$C1}FkB|jG6P-$gszi%k6RcrT?kPRfKhm# z>gR#bF+n7mleKVn^<>H$>c5UTx8?=qPDQz%&cz$Fu#kk^4^r$#HV8HPF$9!qlbX@G z5T-x<@s7}b#ZD2um;OdRaGDCG{14c({xaAFpi!%N#ZOsHG%)V;boZAYhewM*Z+W{) zbOm*rJxwtCM!&`wP^nUW%j&`vz^-}btqEi%)~LY*OVvD?~>laCd-2d+q)Hpq^jmhE^#SiWhrK zc-bpWQtpOkFov*rRn`B40<^8$@w}L6Vc8r$ZhJC&L8v6lpBl%0>0q;TWiWrV{?NIz zF+B9PpBnpJOOl3WCpS)(7ImHD~_}MC&%$0AFZ-EC*q;TpAV5(Umbc8u%Zs zf-PkIx^1xa=l?~Hzt-v8g^iLWCr40Ad4s{Ml&&-pb4H*jf{VD@`Ua4LO8U2D$7v7$ zwx2Ha!JEn^=rli_14dflS|QZ-52c4a2+I_)l{HXfp=vxl3LoaYt0|h00Cb!~5Wz_s z8V!8Ib%G^@j?%vO9}B&``{Ql-lsQcDTL#sOzXF4p)vhQ7yY)ew(XESitTbj5O+t3% zJ4l`I3N)HS&c1FL9<0ApxZZ_-6Sk}vt8(|>yWjCb|cS6_3=Jpm|vY{GJ1U1{I*n+F4#H1|xs`FE+Km-0F8XlmE%<&66P2B)+bb9`oxg79^%>V5 z)aOWYPv4=?`mB1{)kpaHXh~Q^9DbF5@=JLIn!u;GUm#w{d<)ybig%dZR{yDd>G;;0 zd_g|5{p)A1tguhcayw7=?s*a@YDky`6F=rHBf zoDdg|O|nKcyATvZJIpRL=dlEc4W*d+P~^$OEn*xnMrr@}_2l0Bht@Al@0Wd^_N15k z1#*ElRC%%b#{ahK-68%%7G{}P(?18SqL#^%-VJ z=|MnhMl*UMyN-I^yBNknz=Hv6UOLUOBBKZRJ`%{F0ND-2Mfhtk>Q;24e3y&_fsH~S zfNFKGw`{vH2hF0L5}^7sGI)zrgg620<@n$nlT?(pl;)s6Qg6dV2`hKsJ_z*}^My}Q-e&9M;j&|w}H9Ply6>9^X7O)vKH zQBE&p&c%LPtDDgfg*}Bb^$v8hIab2Ncsc$shdJ3(y*C|CIW2QdwFk&r+y? zK#sWn+ns+P8;_MVFU*da=X6pU4qQQk=NrJRgn0PPAwN^Lvk4={9DIG#y01*T2(4`m@!H zlcu3N0>xg%V#PN>n+9fmF+3(nX~PHandrb2qs?qVB=#Pcx5&6u7j5x<6%(a0po7jt zfSbYMOQW~MZT!H&l?_D7?IAFZj5~dxV;u9mk7W7s>a-TE=01yUJD~F);+W)e0#*G|JnC{+S0+{PTtik_Sh?h~#*hwIa5TBu8K z%*zc~oOnI&;$#vS?Fi8z_BCw!R|e=)Kv2=*nr|~dg{=C5=hth6H&W{bKuYcsz=!dr z5#!eh6_z@!kUEu%@I#E!u1-7a-{JA=6yzKoKEd9zz5V_d=-=M$0jIB0^nR6MsBIh- zOW_wSB-5Lf^tZ%*8T;TvcsnZG{vcA#VHv$2paQLKvrZJ8P`6 z(}X$FQ@@^2S`hNF1@@0WHqj2^5l|4w!625!f^2weGYNb)UVp&&m*#i$A*C??p}q)+ z2>R#TO}t7m34Le*v1x^t#>)^|SepW3)ym{henQ1V> z%sWMA8h3K0aXAuHuVi!{QqNSGNy0^ZIgAbHFqsx`Hj(|-&;F-VuwGbYXupJ)B4+M|2isL{UlUn6V2*YS#Kx-C> zLFbt7;9}FpLk|rFh@_-r1+ufe!27OJ84}t;AtFqsWKI*mMJulzjRKr`NZBKKGD{`u zB8ueE7_}`wE#*B0$s&slw|FN=wIsF-1WIk3@Bm~w%5$PIPq(^T4B$p8Q9!cUWNwPj z2y^KLSV=(@T_>@<6P;{LCwU!w&)_%nyR9Yc5*V$zyq|><+x0GuEPkrI~{)vU+orv8VW~11i(9UxorS=maLnEs+{yz8^vc?Z*zsmS0YXXLv z(d-a7-!`$+uri#C~<-ZwmW?%&H=nTMt3TfR@BL!v;}l6Z(ySE>5(XWerirLIo?lZUv}y|N zy|}?JH?GKhQ*0y~4~>GFP6$P1uuyv|kaz_`q?YpWyX1>4MYhkF6>qYlR7bLf2D_W$ z^h8-G6=Y$foxt9XKSzNa>0%hW zEU6DkTmcF|z2zI4CBtM`?jj@?{oKiP#4fmBRYZ1#_SF@ zPPE3nkJ?Zq($Sh2cRs!=!=B#0!5IPKu2q%?aly(56oaTaYt^Q$%HTf%*62ZfCRW)|RM1@M+0{%)-4Re-If;qK|WnzHp2 zQjAx&q!tL-Wf;C`ign6po9&nE^KE7sZU;t-I$+^3y$y*AnZ3y%mpmw9-jdTX_KDsF z)0t}f<@2(zYs`uu*0DK!)*rZIu&fvV zHTNrw`6oq@lTTD_d|}ptT3DQ2{{H3p5LW$vN1m^8MSnJVt`Y_PDdqW}2Y*U={vuB9 z#N3n9S@JBeoVxyFSPl_^4#H%7Pf0q5uYW)kji&ho=?e&59ImC zAm03#;gCH4Ow*h^=kSyAd=~<}%X5Y)mvxutVXtq}R(ij~ zwpZzuSXIR*1hFB}Jp?SWu%Lo+dj~Bok`xx&c|l|#u~*ti(7u%$m)2 z_{sP#1bP?Oe=z03KwQDZOJ26J%0|gpL502F(q(GMi;%G9h*&l#j4!NzK!s%-=M*#E z1X03omNGVXQW@8hRq9WRZz}QSmG+4Ebt%7?-sr}gcEUp4cYs&z<^vWSukM7&Zm*WZ ze2B$zi2$-bMy!cws|N+4%O|al*=-;V6PrPp{E92gIaz6kjDv;1*v`Q9+GwtpaksqD zpY((W1na+cea+cY{rUUC^GTP-*^_x}rbZcr<|7+%SO9PW$s2U-*>c(K(_bdb6*pWI4$VJ8ED33~g@($0cZ| zt_%`Foq7_dgDR+jef6ZyO?%i^_h-ciz5A9R-t1sFG#L4{M`+o>hvlQ-{nYjU;)@GC$D_&A41x0YyLqAc_4@2C{>8y;h3;LvMfyZPCRg5XdW=Uf{LPazPoQ?Q z_eT^-|JU_FV_py#E(n24cnVth-9pYHD}31MW(n-M?(+XB#;-duPYAIfYy3(w?cXsa`>kmzb=(-)SJLx!}Uce&5mC;P*#-3q4DeLAT}iGJU(t= z?fCVYG)}ki>zN=jknoi@(iCw74T*Q5jHv$jbpzoj-tyu?ui||ma(Hyl__Ua-(HDGf zyNQF2UyZoZ0m7_Sl};WSq^U8~^*LCba9eo#?Ch%|f4rhhPnIDM#d01BD{h>8V>IEs znySQ@(SB5?jwF~V`}5=Q`V;s64I{905LcesbL<~XKdkR`xu~OO`lwL<>NGD1G3-cV zF@zqk?a^sU(A1<~rm%K@=u-rRs(^iFd5rPd?GKH-0EYUzgqn^C_J?YDzRwdp8Xz4G zb7L}StF$}~FR%tjEm*AYX}FT#f;F&DYe*w5A&2u4{s(@)+0?V5l%dxqON?uFvK7Sg$_(IX&$YOpT#b z?M73YD)P?xwfiXl3>eZS))|~7=EIx0!IxbDOY_#g5{>Q4yY(0O{^IccD$-||IiQ{L zW_V(;FM1t+T-{|VkJbGGkO0cDiVUF*{5TS;SIxWr)j$7u>M1OxJENz2f0p}ZL;cy- zAH!R=yR6LG!+tsq=mOi^A$u>B&Mi$U4x#jL`(ft-?8vTu_Wx$0Qt9&IDYuUevU*8y@BJ>Z&SoUSp3=L+x>K&-Un9UZ{Wd!QYTB31;k8{{JO>c%!6Hc2m-Zw><48FSG^eazHZVBxui` z<@L{hjDx*DA@=W?(LYsD{FKhgz^8l;ErxQ-BGN|WZJT@mtJU88e3)~IFm$lKU zk)?48 zJf9=-7aAYJ>Gc0|YN@6Ie(c2Sf95>R(_HNpzYG{!4iy_ZPqQbUyOS1xlKRV2cDqNn z^EBln!n+RxeeBDZ%onaTt654nc@68IUdLP&ydlsrwmZ-F$mU!cmy9qt+I{~UvX(OT57+!3=14u_nTi>}ShF=zQ{gv{WJ z+j4Ig@Ve;j{_eh~0bU9m#m>CTYZ*Bp!^ItO%i?f~6dR6cER^ zqg%}>h|wMPGX7yJugQ6gViR2i_DvU)eTjMNQAXhw{``9SIDP$4;wp{v!)WLZWJ5QL zw&IjOjzYIYt$!1;_#mEcvKKd%x5=$d2fHZ?u54<=InW&)7T)7tsCf1IJo}cbY;2u9 zJhpl%s?7h)_Lq5$Qaeoj9PdT^1KTrgn|B@yJ;$CI}}T(6f^;5vpB@sfkUk8wIvcUEWS%)pbvu5uciG~ z$V@_#G{lW)c`U>58~e!~yYL9TK1=c{qZ(ZG6aN7H=K~&BAm&FhVngHpeaT6VwmHDF z30SO%HCguajTJ}`aw2YsW-u2TlBOC?4-Ji8DrE(T%*EYZwG072D46pVDBA1y>fO)FoAYd7)gxr-egB4qY_ zHl=JsOUo9uEJA(-8q(2qav{Y!Zx)6R@B|{;gD02mVWl?qcaVMvvh@de5COMAyZNMJ zuUjfpBt+sqz=z?21Yz=x)neXd`_#ekov+S`cg=|;jt^H_at?Pn6Pi=LHD|144M^W% zKK={JT#THn|AID*W#ptAH^Lz6s{0Uc9v>#`V1&sGN0{!DOd&o!B!gDDC~WoX$ZpOd ztfc3J(i!%vG#%$badnaA)#A(BOi)J=j{RGH}ttI`o!)< z|H7dtaYeUW7Zkl)|3w#kilR5Xh@zXsIU4GgKJ||wS!z8YRCGO6^UiCXLB9TKeG!X3 zRf{5wZ z96Hju5Q1SQuSSWNa2T;WnzF=2Kt>a!Bj48gP!^cjBugSFe+)mNEf@i9(F>{V4s;Xl z0|u$v9H})F<&<2WW;!nvQWbV7?^83M;Gl?;Y=WA*8$ic{>?XaDDj+F>d`(CVbBh<3 zNt0bf5)yj37>K_LpXmks#G^d9M_CqLsC2cFh$%{!B3LR>7lh~{s2R#azuXsH0`ks7 z0QohBPutB=Hs7~$edfE+nEgo4M3@2nNzajhu^S#kf_v$%R(B3zvd7WRX><1G!KgO> zGjF|sditk>tEx1sJ=CVyS z5ByXWzilPGJ4}rTzcoq(yI?cxp!QI}6e&P|+{Jqe@Vo$U8`}zY1nz%4z8g1j2O+Yj zM*&6xlk&~c%27cp4iZW6ekqeYtxhVj#PzH{<5nAvR=6J4l`$k#r$!uw%4*zcZbbhH z2Tj=_9hORe9GJ{xnK8O#F@hGma)+_pbc1|P!z+D3HIF`_QR#{;YOPgW3r+V2ByEkphr#N+vO@8*voP`*{c64}CeS{NSX}oL=eIi6S`G+0>D@%iF8(`Nsgx)zSSn&>e=| zM*||)9w#FMo;k=F0PcvF46gv^4OMpjwbJb z!L7$hM%j5kyqTRJRn!Rc3aBiGG7Om?kc zEK9-QSN0>b%^)T_=7*6N3i86fkmn2X1NuS^(tun@>kavEL0%9b7v&3-zCY8-H&3Tq z=MjATRx07QGz0L&$vW&ihbsx(>Yy~@b6qb&x?Vw)p@0X|EvuO!jahzlJ%wsLX6z!Q z>ulpPBYZ51I9<*#;qVm7dJ)p~R!E5xc?U!#1D{G+M>ybZ7a?u8LMp{Y*AF1k?cK|T zkfK}>(w&wIAw{_&q&qDaLW*)lNVCdC<@*)V)+`}~KP&$+lP#peYA2*VPtgXJ_T!{6 zNCJhl-AaOE%evz%tJaB-uCqewT4DWhmP6}BNY`5-b@*$RVUaE<)NH za*zh(BBZ?`hmZof2&p1hA(czuObXhElGMSK=s=tL_CiavF}Dx{PD`{^1|A%bu)mnC zNPLI=HS(K@HXi$U>WNrW3-;o+?2f;a@OND7x|h%eR-m92sVJYE$3}{D^nq}Z{`$eO zJK$tH>~f;ZS(TGhm}B0pf-^{NdBk3Yhh3W4m=gE3j09ylI$q%X+M);?XWN+DcD@x1 z#}bYD5Qy4G*dHQ$G$#}F!v#z2tYFF&L`g@%uE=99!sz9VVD3yq=eeCbj@`N{2k1@H zYF+OwZ_E@TH zMB#+g#__4YPe{Ep;czb&|8SScwQ?tT{KEqy^R9xGIzIL6__c4B=e`}A`=P=2oGW8Z zUf#DdqYs~u`{9Jt+Y?eBm8Uu;q=$?!oAPsVO6w}{chJ}uBiGLo-8^SRp<9n1U;N3; zOCrl6SXbCF_HWglrOEP~i@mZM$Ekv~E~w zT{+MnFkNgTEmoRsb@`yBZv`@Z&Sl+|s%s0FGQg4`~yMJ8(`9 zL?R&%_IqU6lpSMVobzLhFS+B3n`gc44M$=igU2?qh$DcoG`FhZ!g3ml!0dPUcxO6#ga zrB~KRmKBn;lCdvT45wnmkCV`oe@r*^bh>F|qh#5bHNx{>ZX3(HLt`;CsNIxi~jqh4{lG z%O;}y7L@-^HOl|!Cx42i{(_d8xi=UCzKmU4Js3@j3Zs-ng5Tkt&DsPk+qGpDx$SJCZv%il7M3hl$i;K!`J>!43b&g zT795milv8+FgQa3QXT^iNbg(TN&L)I=K`N3=iz&NYO}YO{sM2Lb|Avu7+U+8U1oeV z2#;?KNyc)UcDzzrcPf}so--D{Y|aKslTrMgw!_<%A9eVsD~BANv14pgB$GrdvSl~n zS6lql9o{RDJe5oeTtyx+agsK6O(e6y0(u(}7@wI1Ij_hYpD7Q;$<6~a zcKBJPXP2H+`h(JQ&+&fK17r0RVte0Vqk177l>|&yZf@d6D~BbmEwIq0If-mm0Cah2AcCVbeeamc{>%Llnuo(tSV zw4Cz1RO`mPRGZ5}&m17~m_=ENvcRc3G&fKo&9=k*5JovKsg2Sbdhm0=gyMH+p1TrK zlvB6=*hi|ry>TDvzsRyYbQj3TyOCv#9vw?P6Nq$WeQC1nYnaJw&z-qXX=GX1*S6!- z<&LqB%z0x%?&giVRMt;OZB8B-%go4~P`q{4ec3I975bdAx;@J3hLzRrABE)a6&?Fz z^{HjagUXV7iGtWT`PfFpMKY{QS@OWL zDbczD$+dRQ7dQSen);h9tzqK;bXGsHdOYw&lZ9n#<Enjb8|emzTje?&@&O zd7v!Sc~hrsQoE+~;Mm_@Ha1Ysau9ho;5{NbM9rZ>Nd zL%^~4tJ^1JPOJdya@0)vbp$5M_4LcdGB|0LXpBY1V=C~YUVf^6{C^Q9N^5eysTE$TfUQM9ifH z2zYnkA6MVf^sv%2)OLFGh+^1F#ecQ-Qfd~4U~4aJtPPqJW>J1A#-ie|y>y7$OK8!Y z^z?1T@6MSHnJs^Ld#9qOZOte+DobZQ^n+TG3})f(LRvd zZ6SLpeH9vGO@8qQz@ND|zdrqaE$_W*l=s9>8hz_19RU}LVI8HU?!eiHb@UOcr`Az^ zU>&`V$ZYHAESftzv5xj;di*iq5bNj|erBrkoprPYn=)w~#vjgNFWq~?rm(1l_hu^q)alJ-4yoA(+-Qst21 zRZ&1pw2q3Q3B@`BptFwhF`5^^IvN7&Xj`Aw5rsS(WAzkb6YGfBXdRJ`3kjI2$S1*$ zR?<01;@KF{eD4%|6w^8qz-R&b%Ec<2<@p<@60cZCeyX*OqHp^u*E z!OtPIj?P;-1aRrE7B^RyZ`?=c8)=$H5R!K#`s=aOvq9gW{ZyJNI|(XpM?UPMblFMp z!?kQHZk}T%nD$X>SQ!%1);>z_87)@(C>1G70o2+@z`jRW3jYW8k$}QJO6^sa z8Vo>SCK00*tV{@F#HD3|iuO^upp3bE`$$W(_K{13eUus;O%;}4^}~Nf6NL+3Xy&k*I4+ws~)(3#g5ROFSpz)X_wA zz{YLncql{fIV6Vgo=?2Ak${&r5)e^5#CtB3_?Lf%M)OvVIn$~Ef_Y^ zJ`Sc0W5g3LzN<#H9QW3F^fG2DnX%mdc*elkN;0jqs{_;xwPVA%4{YB7s zpZkmc|LQOLEshC&?k^Jm&gcH3&;3RJ+y0^>Uk}?tpZkkwrF`x$`k(X{{SVkf*YvY~ zR`p+7Kda*US^U$kpIy`U`q_+~ub;*HUO$WXw|*A?cdegQbzeW5@!!0D2K+l+Kdb6} z{jBQ$$okoumwUH|;{C0k#qIi8Ts%awV%q!qS)3js_{!trAp)TD5dEv`XH{H3i;IVd z*zEdQypQ#>crWW`RiX8>s_gZ%xOj+U8BW&E;{C0k#dorPR@M9ZS-g++v-ln06qorz z>t}JUIk_dXZtG{=(f3?GtLlCItm;#)pUwDJ*3YWAepc1n`kBu2$-^|LsAL$cTf7fsLgvv@D-XYn5EXYs7{ zvv~LQvuk>+pT$4j`dPfM^|N>{>u1-{3ER*5S=DD>Kb!Gc*Ux5z*3YWCub)+g*3YUw z+xppz&$NEF9qVUU8tG;IY%M%rTt3?ks~A{5J1H{nL4?MqTE;iM{mt>YE#u>FY}aM8 zX9scFj220F*{tb9EZL5hGbUJ;AD)Wclb3 zm2j?~Q^^%B?%xI~EI#?mXx^1@uW?%uK!*@Ca{aA(aYxR-k(?Q3(bLL=~ zDvv8@n?1gw>-!InZ4~rh0V-e~gFh^xMV3eKXBW{bxr)Yz#gJCc;)iWK1pihrNHDvU z#_}_7z;{as{9&yRzTq5i9ivjQ?TE7LY21zztfxhmhZod9FBjDEKos{M&E6haei2rA z$;-{$fAnnC9+jzMDzT>4to}@FE%OGT2whJjXJ;JX{U;*qdRk>_|H`ZtHMAIfo!Ezl zEl6eH`SPpKGHX!a2eSVtFT5Nf>EE~IzsLPYPx$+fhLcNV68KZSTcu@9-^*-qa9x+# zaCx%Zg!CVX%wA?2-On=HCSGn5e+)QenXN#V+49^n+tYTL?eF?4%WP}8%oayuVAsPv ze+_Hx$nsOSqZ(*cy7hV91g#Y1Kc{W?zJpIBVhsrpl(93=2ymOpkugDj)l*vkZ*9SXzZ*PRKEeTtaDzNxgJ`f9U+xuL2dlA4r@m60dI1lx4 zj$(*p{nAF|Ni|4})H|d6P)5$fsim7aVTsLB4KKIzFnd7^FCp5=1X2Og1jY- zXtH}OCe6x3ZOR2%C3x3nefC-)nqnZ=?0&FvAb=ywzgme^yV%CPBFjZ_aX*vB!5|AQ z+0}z8U9iiWITYoWorLA+7Sy_V&g)#V8-Ql5lm)vyF4*1MZ9`LKeOYAr9{3xEzx^w@ zI<^n~eX{zDO03%9&o0|t0yTx`NJcn}^*JQ%iY)u$PuK2{{9^SuL=VH?frz&2cai0L zBI$`aU-vkhL|O!Y%%KU)osB{ZEdX#kvD31R+HYuH-UbWO*+Bc16C{>aPM}9tqI$2Uc>q z@3=}KHxH$QbJRbFRH9g2_1gz3NOnbqkk7fp-xyU9-VYU9>u-tr3Y5d*=dzVU3AArS z}cVBM=;QB@63hsTCE$)04u^ae3Z6fkpwm`Z243Jtaa4 zKpio>aejH)~` z$8gDTpzOceUg<9wPQij9`f>BjD0kTrv=7Ca!?_F=sqDiU|C)VRCH7%eANFB*eOM*-p^AAQ_MvizYU96R zA6AKd81HT$#=F~x;*;O0eHib{K8*KfAI7`ehwk`4?o|3j{)oR{r8{mzo%nx%bKum z|9t=b=lkzJ-+ym6=l}2RzrW()tWNp){(HFBKHq=;Kehk<{~7z}n!e5_R{a;xCsy%% zqV7k-%BsJx+Q<3CU_V;-^NBP1IiDEs`+Q=&zw?Rlf6w{Es_y3#XZ$yxPXzv~^NCfx zpHHm%KXN`Xe^r($_RlBA`#YZ~yU#eUmEC9mAA8>dA60SoorMJg0%t)2Q4mv!LIgEY zR3e~RNXS{)1r#sTE3Hbs;4QmJPy~g9%d)ObZEJ7V)?T%(R;#7nO$ZRc8)!>`h+MpI zmMsvVB>|Cq|Nk@R?4GmP1#I8<`}+NUqDjsGmhqYy*x`_9xCij{S+jFSS3h;!EyNtg!7*45sc+4BGZ5 z2EW|?L|gRPaqUlRL;M*I7D*F-*3gFAI2eGI%>cA{2U~$g?UASWl6r&#J@Mud4#hZh zRC}1{wa22lR^t?hwzQ`>co2r>!!CaxP6=QT+AJ&=t79CJ?U#5oT@G|;(;1KELpYiq zzAPI{uGt6`z##qG}1EG8eL zypS_Xj>%W~qh;B?2+kIQG(Ak6Ea7NZBF+h(CY&#UJMGbqeGlA=D6ec4k2VU4wsJWW)!7-xGcB|+!z>w&(9xD0_$8D)2u--GH&$ig2&pu%E*_EII zoJ@P3v*~MJWI`KROJ^X{NM!IKBFYz@)D|1c7o75dRPfSOz&*mwqLd2~_W&Lg)hD#Y z4uks?f0FI4^awDroeqs0-DPHtF&qQ|XE^2IN)H0gauIOWmNDS$<&H4tTrcoCF@?4i zgLb7cTrb3zY_{8KvNV_Cq)ul%#9X z=grmwOm^&7@t`ugql}*^HNSkyVeJt0RtVO8jIiUPG4yAizNT z%(RsCLZ2BT7-U=DJ7^l1S@JIUl&GR1uJpaKT9>4_i{0D!ePe7gj;16s5FtVz+ zF+%U{595CoG!_W2Q(5Qe_~Z|FM@B$qwvj5EY8XFY%pxd+hy^0qQi|t4+z|+GG;34w z{fWdmQvfdz_V^<%Kn);}<}8005udmw5_K@zXAU$Hn$k&+^wuK-s1Z)n!R6ZG;J4JCWBN9b`xFm*5zHmvK9Jr-|!EhP`AVnubQ0v=_VNj>B6FXLO zuT;Zr1FVMpFCSb25+_Q8aY;Hg2A9QrDhR!$ZV=e@e}eL zm@LnZJt~=@Rr1Zu3HXfkH{tst0KibN6Ywo|qa<{birJ8&M9ImNO0zMQH^nZH1gXb@ z5Is%40cS)FkCfmo@azI19h5Gyj{?am^zirCEiQjT-mSjY^1v;Gf+>MKNk=GHd1Aax zjR(_JJXm(9zm5|mAbu;+A7?z6o`?s#8u4I|L&SsWa)Jb!vsaI>2F8Pl$`N$T`8wOl zj*tn!DZ(YCM5}Z_xQa*RNeAP@X`5K#V1sQvS#W{GgCzlfsd%veHhXRUaoB6Y|IA(s zPNy{`9UoCP2$0hVy`*l z!EE+g@c$Qk?e5UGqO?uLZ?ktLb2`Nqkp2d#xs& zy%x0FYrzzIttQo8t2w5tI1@q)ugl6YK~^FrKu#1y%s!*y_Oo^mBC)) ze#|dzuLWtZ1=HDU;txw_uLaZEYxIY8u-AfV?X_U4y%tQh*Me#6HTc7l_L}JrOW0Sz zRC_I$YOe)T?X}?1?6r#Hw%7jtONYEB>@|tc!swd8UJHu7CelJfDviBXW7%usf)C6DFUi(t< zS^sVJ+E@NH&MP?kU>N^@Y_G}wPP@Hk?(h6xv)5#Q=TYo6=l)Kcz4rf)f9{A+9ei~MVK4tY)3YhU@-bep~Q zm4B_{dgyaMwO{j`pq;%+Tl6fJ zxBcORIB$gUYP0dZ57vMWYiF;i+KsGzu0+;8-VWCg@y0s6c(b-(8y;c@@T-m>6>#nB z20rx5uet+pw1q!G`%GAX=r#k_f>=>bhFszPBOIE>VmW9<;z2KZCZ zuC>~tIqa`_Em17yMmo<|DXN#s1_3OZd?G9CnU6x92{fRh*a&&yA^6akN-Xp_AwG=H z0X|DkGp-JO&=#&`PUK+@G#hacIL1bO(+~4wKXp&hJdla!swIN|*dC;#+T=GhMOqEW zRX8tp%Hd>^#P1>fGMoZK+^?(N2X9}n7wYbdA6NVZ(kJ}4*n0^3vfW=aI5rEdG0$5w zGj~TQnqK^Yu9a?N=MnOzE-@m>FO?gN&;Y>476E$$(B5SI%c@v^)ib!#2t*E@OhEVv zWC4FwJyDTDoeFxJ=nv!8&p@~}5dKW~ZMPn|E+63qn~a#S?9^<}l61j7Fegpc?myft(|3&Pb>uQ@{a5EvK$Aw0(KnIU=4Q6pcidybeM!3SP+ z^tk#9_*!ipo@3h?z!L5C`z5w9gw&Zp8meAt3tvYjk`!ITZ`^qF2lau%!dz~XtFJn& zE&K%-L70sv2{AjQ1i!JnpxP`1enO!#6k5fHE3>tQPf4L=+QNcFq1gF&M08x*eFhL% z=b2q{mzziVf_PZAjQi$A;*lGsC!UWOZB_ErAe$t;bmuPc5uvY_VaTh$Ld zQZ*Gt2C$d}^~S$Nr3q5MD6Q_(A1R%Xxi@|WNDkn0} zy5Wa~I+=x5ReA6Q)uSRvL>35TmZ`d)AMxX2cKr0FPGJ?28y~DjYYTa991;XLV)lp= z6Su3X^JDV_?lKc@wK}-No~P=YQVr0`v4i#XU|kpDD=O~O9Ul@67=;h14X7H5k7niW zxOKXly@u*1Z1H@_%Pu*RzW`d}zRP~lI};b$^iFugwT-A4`1F*EcF;UmLpl76ogpQP z$@8F5tXwg_r{plRv*F97Ip~gl*o1<{d2pte8g4N-F62SbBBrOBV9?q=C6Ybeg-;tX zoTP0~)dSKPp0z8D;li|h`I`E2wHu$yl}6xs8_a|s-T_q(L8#Xj@GOxSPkfi=bX9{g zib?a)>_pSGg)udvlEtvW68MptF6mg)Irf@J2VE(SrvM;kwv6;5N?>*{1`u!3*2&Zr zX5%XFj#b&Kv_ZN-eV;7tRCogf8%&-y;(%!@{53X%x9375S$L@JiH}9AUoq7JFxF62 zX2zd~*V_e}V9gt(a)2N64k=36XFL(kU5ERlkfk@S!>l=&9je9^(Y!%QtNk5_hyqX? z%b;6Y@W@)Ke;(g#YDN=F^Ce%O$)XsAtI$nwp;C)CtJHE57FiU_X$u4Dv%&yrLk&g( zf3Hy}mF($){-AN}6y$eSdjh`17r}l>Jul8~54XV{Zs}+bn|nDbXb)R^InGUI5`Q09 zH%(%-mxF>}H;I$J%Z^s@5S-Mv58PCiwGSrj42YVxs0nn2S)3%0x}S44a?n0*L#{Pd zyHE;4|2`PV9X5452LNIq@5Mu`8PgT#ip>%)i*5rY}_vZ~vKTF`|PS%1%b zl>F^IpwtjNSHmdX4x^-XW%N7H0}BGqKB zLn3NTb^VP>dV0XVX0*)t=BNyp2fh07$r7he z6pP~>%w7VCU@=Gzeq;Z{qh>L%6f&2w*eX6<>CqN4v=8qX85yaqipd?GnKqSlG@HjC z1$<2c{0&L)ci>SqwaxlS$wLpNebP$RIc?#3Gl#Uj4|bf;o>mQ}^(YON!q|c(z2_l) zsvG=`{Ur?WQU%(rBu4>;W;zOdXnwG&M51RBB^}~Nt3ko#Z{XI#nvew5u@O~$1)kIr zK(k;)yYYLO9S{R11&~JpVp@PDJkk*u(pED>EA7_8ickSF;-}da0263WgSpow@{EH)ZN+P`-O8TM4h>=BN^=lYzf2HSy`2WN zLu1mOhMdx#Mg)8sdm5E=#gB%@tis>ERk&9b7WGvqG=K$_Ma}b)gt#|aDDVPAK)+1CSS+q4v| z64U|Q!m?q5@NhNs2!#=^&?7#I2rcYsN>)52Z7d*-2RhLp^hs|s0ik)G$q7X^1&Zv4 z3KA6A*(M|wD3Jo`_RuWH7?i11^AfG%zBXyqNqA5V!CaoA!F`z5{je$aH|iAo8~fjYF>?nFaMMuzDGhM!<2!;Zmi_$z>~C(s z(Q22VA{3zg4PDfNN2#p(XYmg$rD~z=M#(o^BUH1^wyfT`X5(sY;S&%dK#@W`dJimm z4;p3BJJBAJdgGd^J<_JCr`S_v*K4&Ope^7&uwbl;aKKull}&$TJe!SNP+xfzfB0&k zE@9ncAEH?IFXAJt`_fc@_`?v`RO|i%yFYw1Gt{gA9I@_i#4C(>fKl?I)fVGRY(H2U zM!!dPiqq(Kt9-E>7LWG&S1>Vps&egHmFRn$?*i%B)s4HW3u3#`{}b>usLf65GxXqDW96QRvP*Z6VEIRcNrSQ0(+X0oeE0Fn(notieKT8i#ja zPaxdlk94%}&qK?c;H&Obptsn>HTD@_HVW}Y0(rZMDHv$kT=vxy8-S0h?3--hGDwYQ zV?BQ7p&%3hC*2#@h%8Z}JTZFpRRLOU9Sg)$3w(qRNqHm;V$p1tDU9@eZQda8{|rW# z>evX%(g+b{vr+L8j`K2m=BE{b3QOJEJAe`ZVe!c_xITmzxqY1?P+sOj| z0>4`y&A*)+9r$zD<8GTh{_5QcjnclA=1TM39zpfpkbB;ipycIbVRE)4MsKy3qZbHL zeOjy>0&SMzSG5qJ3el~s2<64dMBvKg#+LP~^RQ(Js-nKdpeNQ@aaE-%&zne8dASQn zee43D8<#ad2%&0z&=mBI{I&-Cuo~ZCU4f%vB**2Rl#R30VSp_T*Q(C@k==IK??j#fiF!n+fjLIY$CEG*p9VZ045Nw z)gZwE8Iyptg*>7?2`pKL*9F9WBbdQZXZE$0d)Z+?i|h_#>#7FFhbK9pj-&fBNN!8B zq*iO9Xzb??IsMzsV{rb;5l?79^UMn&%quC(anuLfx*NxP*wl)I$vhv5V zS2_F(L0OEezoia@73O`yjM(}qR(sR4KLM`UL|TUf_^-+8;nM@e~ljAsIQAf zMlRtI1FdUy*9N`#h^~#t%7cH28xP3QsKZA1pfrN*lki?H&%V}so%aUsjc8%}O0A}g z29PgznY7i-|8-<(-R29g^)(n>1GjD9;;Fx2i|A8-^!zjL>}KNhBZD5% z!|&>?>vh*ky?9F?8hQkkPuT0%CLl|TzTiOR`~GOJINBX3c-Pl(q?13Ia|+&))J1>F zBV(QqxVFfxRKD=xI&b8GC5N$quQ%+@3*n%Rwxaj-*4DUY;ir^eT3gve?T=f0#ap!R zEz^tJv`6dx;T=A0T)Q@ZV=pXsBcXOJ9?;AsXi5l&eh8@j@qUi_6}G+IVn|#GhTCK)fqLGU%K#0@Jk`FpX|G!N zo2}saGsEku`ukWKcudmfKVXM9T)~@^8J^kS32ERddW^8cYwjWay&^L_vwa6X@7Q0} zz7LU-=x;>9o92Yq-^MS3zmsCWL8&CCD9k--hvZd|uE`8ZdU{gqItL`xN8JvowY&83 zhRl%6HuZHtQf)eN$kw}O6r`IoLlSJA6kCN-$=)eEy=aGYlY(^nF(J)O1L<}~h+ znVBJ(cpB+|r0|qyhxA^y;He@rB(rxr4|eR`dVEW8!2$)TDl;S#<3D#mQW$^O4r#Q4 zG%GVCvv*fHAgSJsvqRe3O?o#sGbFQjJspq~?b_OGy~B|g(1{c0gQ@lIO39{S@D(VM zWC7K+=j~voD=>>QfH7M$*8xVg=5{-nlN1xpf_lVTS-!0@9se~2B-`|w|( zQ{T$~#-vwEYsXG~h;IqXM--UHGJr9O^|S+wBG&iqU`iF3A7=n#w&t4-Fbc(!>|nlt z4+@=nJOdcBH3J=BRBO7~!7No^ex3o0*_yu|=!lzod`sZwZUyG43}8%3MIB%irS7wX z8K%HIn*of;HxnFS6yKa{2eS?C9N^|p8NisGYX4WqPQ~#p(WxIRFfU~QW47ic2N>0w zU)jM-RbXDp0LG-$y$&#nQrFwT^i*Kp$N49g?9QMY$B|DKRH%W)%ZW!i*hL+6xn&KqN>)A zz332Cboa4}s=gN6i*mkazqsv3M`udT1osG|QoR#8=JW3p(d3N;=$RxwrM z!?t3VpoqWw2ARmHM*3R!$FqeX-q!u*lt!CB4P|`V9~*u18aemm)Mdd_=rm?@@w1Xs z9r4$}KVMrPIx&8cIiJ$Q2aye)?Sk6(L#M-q>nf`E)f_3*zE}S;U}gEW(!D-cy*aIo zMNw64Jw6_cZEpc?qGM0Ev0Ijb0gFp0rI;^XHFb(FeB@0Jz8I%Q+?a4T>ft8%wT&Wt z(xc~J^qt}OlXD*K_J(iWcolhkm_6dL1dsl3tMSA2hcMl%MfR+$se1TxV*vPEk9OHm zhmzul?92(j>?g41`@V21szs*#k64+y9q8%`bqz!w^u*o1nkJV&+-{6rcL?rx1iH^U z$+&lsw9X&KByoCnQwf_4_>DMJak)#m{r%zX#-(VDFMI=njBIXza3dRf&P>&Z9e-nk zA7c3q?YSx09vwwqTbpb^%fjPoz-mCx(12&}Pz{)YEDHa?z}{#A1A1fvRy)hHTWU($ zTtHcg;8Tx0h(iXMGG3*;1hcTcMQbQ;tEq3F)kRmnm?pzGTTle|3V?r!>P#_qm(yXtN=vSh;dz+`)fZ@;Yp4=p$@e1AQ211>fjaNq+QzMp>h ze+=JmNDG1QIt$mt0&Lu)1Z)Vdc zE>6hXT4X014?}OP`W*3}qXOX-zVKfmSlZH44>Uq3LiyR1*XrxAl(ofI(5lUMp&5bV z9dz{g!&~(NE^7Ao7aN*fBYJ7nJ=|XaH)8!xtV3_m7BLo04_}uLhonD0&ljBpkpBGK z*ZZS0u^RmHMQ*_UD+T-4$ZW#)Mb6f1K0RVq;W7ZRU25^lNYHNtYtjqW;=9Y&)U*fe ztT!!_KLtB^bl!Yk&YG+l3v%r^?pKVMIHtQ|IH^_F#=$G7 zV?lBo7D3wvc;6g=M*6k!P@19qLTZ%ZHNsRl4HP>;7SxAujOrFW63Wk2+hKaXf2duh zq1(g!(UG|Ey_M-uIy;TsP)9tG90xDEd$NE>FIW~jE#Sgtno@v>j?DJEuwMuMx(|#7 zW)5$X{Cdq7{X;oA_T=O;X`wViCHVooP>;;aALa|+!fU%Bz@`0sRChCg82 zx4$FJximWFOuuV8;xzo>L&iJ&h>b;_K*6Uz*JdwNf>!$~pv7yrbX=;FPQ|OLMq@b? zG&_yYBLfRQ37w>1L*eS-cZ`JsJ4QSS0zi!LI{;Z$^hvxAipIP98Bw`acQqhE*iv_W zgr=M==sIMSnE=9@Rcp}t(}}HY-G!}6@3Q@;A&ae*3%0=X7eBGAXqWxt8hjidEj=sC zySS_0wQFS=qZz;o%SX{8d_8@_*UM0FGyF=FB|kk+i3nJpA54ezm2gSxHUG%fo9cIi z(e#2Ay?CuQpW#G-@Y{iKlOEoGpc{k%Ev)Pcr?)HamSbSU?tDs!$Jew%xcQ|dt2S2W z>#j{e=s++y7RD+x_154i9h48Oztt}k@g-}LaU+1{1zvoY2#&$Xe^@W2B_bWK&-rm{OM z92b;L9HZ5Z_`wnnx6F09rIi1l?B4}*zEuCZnf*HlKBpw|9qsdl-}8n4DI;ySr(BiY1y}2gIF1CL zkR6CrdGzQth?!Z76`~Ck;o+A3zMwf&2>uKWR_Hin9BKqI!Pi{D+U9rdkN4D(rzf8H z)nBkb-p%B6ijj>yq&?6=m99q0TC512wCOLH_3uITTdh2&Tc=&l55pGRCpp7(jcHsW?DaejM+L=F0ACjQEO=O_iIl zN1giBODwL}!~X(1YfFhp$i@oax?OR%KXM1|)7YiW=Q-t&7Ol1#56Cg*C0ZZ;0>fY2 zqSa{lSPC`lhW3NaA%@FFZP6|GEMKA%#bn8TlZE2f>X8#*8(`jX9~ijJ0sC`ncIpK?xqP<+y4&x9-iJ(mg+MP5Ht zi--@+jmoaLb_T;IU`KOAZq?m$4?HO<@ZtCS5S@s6C)sWE-W$Q z9ISN6g)$h0Pw*8qg>V@A9^JJ?@BBdi6umR|SG(TQ!yj>+?Toy>n!^cPe*l=uKzj!U z8d%MN4w@1!IHT&oRTN1LR;X)bR;QB1MJr+RLO@}ZHkB~YBFp-gqEC*%4rmEZ7yBK9 z%b@|mzEIlvFk~pRu(>Kvj~Dr(G{()rW%?{O322kCWpE%o1JVQkU8@W#+l>?!CuS`Xo&d>xP>08j4T+QnV%O3e*u+%yB*40@iU>Xv|8@fc*>N_6k~3q*B87W>Lao|GT&GQ>5{L3=$L*Gc=BH!P1rw50-3R3f2eN&wpnKy zbr7OW#&?m%p*nuNd|9BaV?Ku=Z_#+dKVf><1XqR zG%?!q9L%$P+Jtxf#k&!i5QDg1Z0u-YgHSKBVUq0+!xMMNSck8E*XIYyvY>WhmM$*K zf)yLS9?(C8y_XLWq8cA&Gx;Dc#+meZ;cs93ol#c`N_!8~yDIyUb9~?;)3jQ!x-zHH zFPCV5e-a-Kd#Utdg!bHE{6p7hq1?pv@l#fIbYc zs^Z9=XPXU@a*6WJX;0j!6x2-zfOLOAw3ASq2=gUCaSC+>1ynQ zO0wyq<<(zPW8DUrkd1a-l$a~VIM!WTp~gD;Y>yC0mqM&%;8KcYV9+sc(J{HQ^c2`a zqkPf3TtG6&fh*DO@(|y>fg}^m3$Gt)my9w33caP98=)$ z;^d-I>Hpq%>0dQN1yIHN>9`k###c>4yI#CEI7u!~Dc-AV<=6*030iI&Ic}v2gJ-&mhezt zcoz&!F(#>ZD=z|FaUs!7p66ZA7jExgXhg+t7dw>c7}CePR2ma5)gzcrsYdvsbD^bL zg58XF?r~?uyBI6+N9^rf8e=7Eca>;M|JGER??&UZ%8KB(&?8f`tq-ge)#>faD*Khy zwpX715bU_D(0OH9yGj=ik7I%l+Cp)!Fz%vogbid0HFLDVr_uM4{)QB(e21ojujXAe z9cKC+P)Xx~R)-}HV8#wgs^fF)ib}Wm=acxN{{xydF~uoVgSqHDI^1NSu7EQLgDykV zIq2>|_X1$6*iJma2}t)K9f6!4B+3Ne#-N08{h$v0rp9&Hsv-;wBz+3v6w3EF?Lthj zO`Vqz5xsat^$-qG(5l5v7@M0MLXuE;9IU~!JB*^cDG6c~!l44I5LW;~UQT|4!(beS zEQd(g%7=_@_#_@XB|;le5Uw~;XMyk;9ED+MO~5$0B0ekt(LsNPv)p@-8H}hRF&t50 zyD5>OYc1)EvfI%#99PAX_A~6UuHgCJVvnt@Kpgia|BKgFV7iZ)C0r?Vbs_-L zg}KwRX|ZxRVvI)tWkwy=U*K+O)0Pf6u#E13b+G)`RCx8`O>o3)lEDQcKQMl#9+?6& zWKG2xR#K!yR6rlywF))@0|bGbFJ2?VG1L=mQ-~T8?lEPj3U>^KtC=m1`-?xWcz{bc z@m@Z7fcSbR*K_;@AM3?$p~V}aMO%X3!0!RUJ_5L~Eisg5uL6GsADCHc2O2Q&N6)AVPAwq^2Nr11wp zKbw`G0ZRMU?e;zdwZDKHCZG@8f#?JIE>S*S864u{eUTCQ0h!vF8pc<=TU)?m(IC5f zwAz=fk~|5^8hjnE6X%pSLREHOaBE3jg0>gGZYLE3_izyrtn*kAdel(H}U5BUBt=~@o5 znfZfjFOBwuUVhJCumkQ7TA2QV&k$>^&F4Y`YD%4|hp&K%oa*W3Or6sxOw${nb8su1 z7fen!_rU>zQRo4K9RK8P34IK$o1CSGUvkd8zYfe({hE>io3x*Ftad0`D3%MOR!`*e79=+6b?5%>mLmxIQ z18;lDsE|etQMt?VF3b9Dl73T^DuBi;S)xo3)23Vonl-lN0xNM{Ikt_ zpb0Zr>{>;bJ{?Ju;9c0O&6m?^pq^%9xM{EK3;rGGU0I5w8%nYcco$y~zX@Lk_}1-# zBit3o^%xU8E8T?I@8 zIL_Rc$e14p&!yvR45skld%H)!)!4bs-lr+JrAAxYpMy0Zd&Xr#Ksv<0#IT-K;kLjX>T=pJO}X!uLRZy<#S-xVBNNdrb0tdr^lh7 z@LEbeq%^v}ct1$v)5_P=i2=)qPI_Y`v^bdGQ?wfC+7B8eapd@LaRCgz3si39e7S4UOad0NWMmSlLE*IfKn$Jq3!Qf~UhGN(w?;1Y` zvLS)6D2dS<8q>G!hDKx2)`Wk{X0O22jHPk9nzy|e+HPSEb5$CVL|*Ij7V?nAhP9t~i&502Y$>`(3~&ET&CxdCVEk!89DF!>$%Y1^E%_Z{>&f?Kn(6&xb~ zND9q%vCJd}Q@?2o)=}d}uto=~7zZKY5Q?rbE{RBL?GB{+BeTVnwOkMgn_l!8zjLYu z$!$Qag>oD@T@d40A={boCt-e3ou|9%5t`=9II*IFr=7C#8!{-6A+Vx}<$Cd-H$n|@ zK>5ix9g`=e8B52)8B5EKP3H91SJU3Vdb+7U2}$#DPR+AV4;ixnYW&L5i(OfAtPi;W zYTMS!g(qX2V{-^y+JTzQc8o@0m{_PV?)OE@>ABe$yaM%&czpyK0O{R>*(r<*Wrp`e zXB@ouIV=hoHqMC|E63ZfPaaMnfaK2 zxO@e>flcp2?J%~vI#UYwCj31A@Tw)VQj#YCJ228&_=_%&sE%l!gW7^8t?WQ*i&oo8 ze0DSko2pL-;$84@rd=O%SlQ7V#hWFox5*2UpSqGIfrEQ!theKA>DE8{`xdocI4SsdE#(tL~TNS^ybts-qRnRosA?cf;YOjFq>S6HEBeCtCSS$!(8JZ)(;T~jK|k0BtF)y(IDdtGKz}f~VVU>@ zaF7~a!3~##8?b2EfIEgEuB)cSW+3dun76UR`~i_GK5nRli{M`vGQbGuc)2V*7M`#G zrUV85(B}UE+5nzQ>@EBd{lu6D)!=@Eo-2QGTSYm7z;IL{hEPPg;QSe$GXNJzwpIGB zWNBaI0v!uGCJ+}4AqIi91BurRX~wvu#=x_$yh2lWSsvrwa-pCW?q5E8ap$#%kfM8 z;`f7>A&v>f)>i4T<9^JC^Ert<#VWtak7-S|vHvMRfFm5&l;c%*ZJr$M_lhLJ*ehy| z!%%`xA4j?L!`2$+08~`>5~}+lsxw|dc`3@q6{uyL=$NO_M7HnyNCg}$0f~ywwJb-( zGugg}45}L`JFdyi`K+mSQl~JF{asXuL*6BR39g5ixNwGlm(ZnC@R2NMbN;9TndsX_ z08_P_0Zi2%Jq)MV8)nebsaT{FI*SXfx>&-OdLn!YR_M5Om4b2DW)H z&JGJU^?k6AR&^oKvB zEJR~v9PxOFZ$j?ZnVW0j;hn~jCsV?l&HypZ3{nSg1Bg04IX@1g=^W?=hney5TTlsN7g( z3tb+$=J4q29ywgOv#8m!{}>;2Vr1sYC_4VIcl3yX80Q~65red-KJvCnHbZmum#1H&$ z_OI>gFV(-VKcV`!_kCOcRKN$u98*}}_Eo}?AztcCz2W0d;$LYFjr2xBgAWTf4jH2% z(O{gzbj{$r!ToTKLwmz481w``BLGQn_`Fjlzhj*(Udjcs+5BtpKfa@OC79uijFmzg z<1m`Z)re(8tkg6vX>cx-{90A&i;j4VI;)6{)*H5W(hEK?<0}x|AkNpF#{8e7;g~2O zUTOu{zVR^PrF!@a{-rm3(Fx`jW2McxwP{lbeQomtZ}@Fl+2+Wtu$WCt74eqvd0?HT zIIhiq3k-;#u-&~bb$SgvZB=nBGftBd*XTgt)O7!jgAy`>38jhOuS*dL=r{EnBVr4Dl2~b zufWmi7Dv2Ir6T@76l?^?VihVkURi4w=p;VW`qUBqbvi2X591qs3=*iTW<4s(=wC9z z(shY3E)ivvSZY1hR}7aa#`)^=aRLs*l)0W{1?YlMTV;fMnFAc0FRNs-P>fmbJK7>D zZ>yum`&UqTA*u^ON8nY7w*ZEWOMe1vz=l9Xp!-Ay9i7GjeTpyI^Kq1&C#y+F`XR7b z#{uwU_-EcX|G276&EglegA6SOKG%mUWTD1fg}f?le%Y*|q2#udjKv9@f<6rxvBWUAem z@s5RGOaYSdJMQC--|wd)8XPko+j_mSUsW)VIawL%J+RzWS>#&>ZMhu^OqC#qi`}f~ZPt23gD!rtageJ#I~a@?ku|hTtVqj5PH{`wfDH zc`<#j2;P>N$~Nf2K=`0hfkjtp!BR+bzjz7NstRr?@W&SFGqc3IYe(#7X7pp=2-8&t5pjBiuy zT4tp^aKv3T1IsCN=^rC-1Zsz~5D6Sn6IDi(K=c?m;!XsPoQB3^3LKfR#==)}e1ScH z6;mu8tHqi#&3F;9zyY^%EG%e5DLdmu(TbtMT;rFhH3>C5R}Y5&ape!l&a8Dv6H0 zumYpcT&{^m#}4On1)s4paR23iS2SQbJhIj+fZ@J@_K>sq*z+&D+&ft27F875uz>mZy?O033kwM4S2VyKnGK@Uo!FLcYd)k+jCjjfLo;|SI;76LL{ zilyfMR&HmKP#(2mLE<$qq9R`7b8UVUeZ$I-JFdx^5WZE+k)?h{+L=)swwYaH@LQNo zcd>Ya|7mIN?Q5M@<`oIacf4*9nY-KUVaCis!H)VP)`^L|{i6RGbgLDzwt4oY^W= z{P|ML7_vuqpr@rOmSx3{l9*7!l8Ep49d>FYQ6TzU7C)`{j{Cm@#_bT_@lTj6iS<%N zf2@C@j2W7Z$qi;9a4)OL4dx7${o_~rB4wD|NPsDEO4rqR-4^VD=}odJ!e3;=Jj~Bd z!Te0ZKYju^GUsQZ?VO7F!XIL8lO(SlfbySUr1yADWlK-WiD=jB)Uz-1*BE!GfBYhD z+`x{IWc=Vel_T{g1S#VmW6GhfwqP~J7hc7A%6be`7YCA0p29oqc}ZiTSxk@ z4k5(jvctt84a?8#DtA+!pcIM1QZxQ?Dq|niaJobYEcVAZZRx6n2?8%R)(8`Lq7{O9 zQo;%`DV?xJjDKQLQ{43@P}b;Bf++$HQKks|i4ZKBA~PSu@=sH#xE#~kA~tDD$P3RS zbOYh=DtP5+|QcZqCdxF+!BVgp5%J z9GG6jnDH}XCRJpH0D~qsuS2j;o0Su+)mR9XXw(1bkN6A{iXXlVZT=dRm7xk-N$Ebo zCt7SO#P9=C^&^bn;u6MJ^upMTo`^_tsOZhcC&V%8ehgu8T+A)r6dVGx`BcOf3QJ?} z?!iE~jl=I$;|4?!k|E>ch`6x=xGVi>aW|tau$%QYG6BZ2eh*_7?AjuhZ%SN6=5Bu* z3(j`+0{%a2>0>EM=S@FuM zU>-`_{26d#Vbu!sUm_jTmYzU6QcZ=%B=k_~ROl?560)X3HOuD=4sO#-XWde}L0}wk`MpeKj~LfevWpe5O$Z zsk_2B#cUOQI!TKNJ`*Sva^B_zXbZNlabqcm4Q`*r*b<(RJ-(?_R%VUHNCAXf;A~)h-7fEI zBwfivaP^i$NEzMmEwHGVD$14qXJ$a>j2X~b@k`-X@L0tejd2s0SZzRIj6?C(%9m+O z(ipZZVu_#F76`Y{sBBzdvUqsdNJc&&p2CWJ zaKjV!LW+7Y{jJJARyHxXLX5o2lvRxRWbkg`F06N}vqdbnIEE422klix@a19zL)BsP z5x^AzQmB&gKVaxo!@A-R@pnLLsWA(o9A%3yj{9hNSu5yVQjf!HkYt~vL47d>(4!jE z=zh|gro9M5F*QB|+_OyP|0+HM+=KWGgbCOKG_HgpWNiIQdwY^!)OrTIAQ*wa(5|k> z9YA_hxd+sQj%hW{gOowE5H*LWFdmMDpmv^?h0b&q3p4*z1npu+d_)S<9A@K&EI zPT?|y6yM2h7S8?9r$T#6VDy2~e2*&xmq?W-el`YmjEd@Dh%ZLd5rjj9%JAuJY<#{2 zrYm;u!Y{EjzMOkE5b=er1zfmjfYTA{CqR+Y9l6KYv6MQ$(aSx1q3*uO9FI{uhJd#i z*MYN>1B`Y4ittlOV$!g(G(V5KrM?yn-F+KgPS4WuHj1c$<2%$Q_WGSj=%*%$8WyQv9F zW!eI+rU5m1F0~d@XuJz_ATS7BEJ@6%a8}cRzBrp7`x6iZf}Os`s*zb)>Oi%3#|rxR z8MDnM>G-eY|IV*HKf{Hc!vXfOfvz7(KOE1;K; za{#@AuhE=;oT`Aj70^4KKnEv)=BEI?LIIuQ1p1f)`U4Z_A5kdYHQqhmDUL(P8sjHW z_oD|x@f~=}M)0wqukv(~`rgGL4fbN>8jCKHbl`PIya&oC95*wu(6}9m%svj;|5JW& z8#6H=Wa5X1I`Bhzk{@_YGWnq!?;SoGPrOo`mM1!U9OQfPT#F}OQ6iP#iJi|0Pn_s= zkZ%NEqd8{{R^%(AxI}ZF&>TQ-OaQ$l1?cw`(2GkPK(FR&G-typ3TO)pMRUIH1ll73 z)RO|VL;=0c33R>!T4MtJ2@0j-i4*a?BTrmUttLDX9CZ|)xC)8niL;SCsV%5~ZT=aD zzR0G&=nj1`6Z)c;=!-m1w1d9z*L38MJX2qk%%@>v*B9rJKk}e2LUS!$A$?N%A=h~J zLPi#K&=0M>6xoIe(T%4HEnavQyaVp!=V8!MRpCo`jnF4g(9|Y+A zV;n%g%hza5KNIK(08ORaQvlSFZu@{8irOe68@*NCPpID{-Qpt^-5QZSF(2(X9%uJ3 z<*RZA9(v8pEMYqz%uKPl9Vm7z3G<_QX(a6XJse1#aF#_Wzp!Ca!XEg&AobUy9Y}qH zuhE=0a}}lj&O*_gLMPC@h!F;k=_z%8Nuw*h$Ea$yqJcTV{QDob+-V7tPH~ue*@u)QHC`Vc)|I<7w!&Iom-u zoV{wI_JNxCh6TIjZ`*n#4%3dP+9D7u|WxgD~isV_KPqN=h;B{SgT2REozEvPEa5CDz)`4r0wa!@}z#;lw1d z{_-m!*4B{@ydLChH0MwsMXbIgMl|ORC(scIpy#Fl{iXtXf)i-I0{Uwc=<6tyN~~gh z>qx8`vbhlJM9Dz&2K_J`$)(lO-my)> z;J@lme#_gB3+nTG8bi>){kU;DAMw`9b#Y-|k7JZ_?#NPjE##!jV+7b4t?Cl*FcAK^tsPQpK(e0EH>$5IZ)94R2n@vEIo~yj&ub^;0#hUn)NjcpL0P} zJ3gQNnc(y9=h*SNmv7OWeLWS8dH{ELy~znPKLPX16qwg2n4KLkPf;+RFkvo5nN%8` zi*Fri^Z=P!X!PjNqtK`liKI~g*^}aA&A*)VO1L&|PUG6J$#4w$nNFz2SgeDFbfpS-Ju^*0`K5pZoJJZwW)^8>0GuEPyR?GV<93H_G zI&J$}dO8)f+357)$rhcqgRFKs_5G31X>@^|PFM0RnsZfGMW?&Krb4F`tu~m86EGi1 zf%(P{1?IPg*+_1AJg2&GUDn^g|LCvNtp8Xoe$#Lr*@GuTwrSTs9J3Ksk zxgXX+F9s;{Jh@x(yMMJuj;Q46gSdpGvLHShfq~e3q>gnsA1hWoSzPubB|>nKG1M9VQg30TPqE9yh<*UfF?!_R9Vh{K!O1}J8WSfzoZNH#7#V_nQj*K^(qc9v>%S{pxt|5x?VD_&E53qvHddD`yxQS#*QpW-60t z_w#T{a5m`|PZIJC=cj+T2=aW92=e(-1R8e{gJ7w>7JxwA7i7jmDJyjQWnl)kw` zlFfbWcGcXHFVWsdA3H{SUH?{lPdJ|TeufdB=>0P7-Tr;HHxVAhpm$N97!57;*~L1k zC#gQWLVb1-^{LMAIoSOe>NCFAral9RJl4>owbP>_9~u55(k=P(00v@$@cahb^Gj>^P#gZYesDRIfAYW@vYnj_fi+ zn_fRd`v!jQ@{jC}x7B#VPsP?;{MwegUwhE~9Dezq^GJbSjskts7ASoVt^$-OMA#i9 zsi{-tcNwEsWYuWaWY#M+C8~AQh)p zR^AOIgAz+5k(P}`2N*gyKmI)D`%AwoDx}o5e+T@MXYz|}crlqG&G2HS9D8_)?Xjy< zlVz;o<+UWwgg@@cF?VO=nDf(e%rjW2NyjnWQaI+*qjL<;8P32l||b0yytPU$`8pZg#h3Nc$Bl%cpRKEh@65U6ZAbgf8-@2 z6%~I(nQy3I2?<@k{? zPaI!35Ndfxxt?Xob&eTCn;Z(pq!sMHVl^in;d(1T7zFk~W@!)CY{MXM83uv%dc$rE z0zCfteXaJeh%_!fQG)0-RtC zhoBjNy+aNiFM8j&1Iwh^QtpXDXebZSjUx=5r|`&P6YhJMneW=KT~jY^bG)AZ@uyuu zDoo7wph#i7AZZ=S{2}}i4g-W25uiOLXqB~#ILh>B5KfTo;?>Q4&Si|al3QzLjlx0| zcUJ8W-k=&&c|Nz06*pEtyRvkUD+^KIxRj7d0<7|d_)=wW=&oj3qh=4@qBjg%|2Amz zgWQ*cHylNn3rR-DV)t;1&eERw+}MH(qHy@&ULI&T5*nl)(BnhZZ7;aWL*qSZ;T`CM z|ChLx6Q?E$ph5s* z@`OKaSeGZacFm%eeWf4C8Ez^%V7vh!P2;EF9UpeQF#vzjogZRjNk$QME4^!1xnti1 zWMB9bMaI5%g^S(IK#@|ahZ0J4z!V|ri55vKJn>&oapUX5)vE3ke67Iee+yrJ!NC?I|EiAovg-?lv5T>GWpZ2|IPRQ} zh%s=VjpZf+kcBc)DJIhmk%l90T9widSi1$#xcXtLlpbO~lE0if;}CSl(tseWZ-T+J z_%O$KoZzoNtTHv3LfCWh7c8NE6e$TI)`p>FNgg|fj1CYqY%%s+VOO=%UY@67w9W~4LjZbrfwNqAmI4>Jw{|QqpMcPEkGyA**y4I zr9Lt^VN!JDaBLWF3C`BTBl7Xozq(BJsNsqy+D@`r6@W}f_5*0Ld3VPSbwun=V;VfE z9gj=IW;EcijkqKQ$cP#e+OFZ2*fMacWJBw^w`$ha&pxe0oA#|FX(zxu`!zZhf zyQSO~V3{)A)WKiqpRy?Q+Ly-Lil#HQymVYYw?W zIS9(uva%k;&3IdkayUukV4gRzNh8a6%FS2Y**vVvDFB6gn>A0D@$yuHJ;Pmw$zxVi z$*C0;cUP<|8KMd+dM)Ylyl-??Z9VRZjCOefk2vrqI`*e{FrE|JBD6z~p0WV%tocp` zi$%K}*l;FZyWGvM(XqPPh~S$5a>EbM9n6WZ*AT={fNtcUfM>Em3D4Wvi!MdZ#V*Ed zV=iJfkvx>(YU(}0D0cOlntw0@d81ug|DG{_>~pNwBth{0s?UubvWBze+Sm=iR5Fq6 z;d#4y|M`yi6&@Ebn%aM%s zJLL0o|4pCKOYg#&5x3%8%c}cy7q++KKG1P1^p{~w@SlduBK6nRbNi_{pxDqOv#0r^ zV>pFJ^N$$QFdTAI|2MFlO*ejc{4^Z$Hr-deXAVvVb$`KpILHCc`n7trA3WR3;Njlh zhVlC@9VNqe+#1KB{y`~(1+0KJ?h72CJ{_kTeg>=FesN%Ad|u5eS9pBhg7Nv#AWdDi zO&Cq+WSUKQjK2rQ9J>kP_F^aaN`?N3{ng+UtH1uye|!j~w1xZ)7Pu8%y63q1ZtwSW zXesvl=0v~mLBD4mN58Ae+3(-8cImp5OLl$M@pOH6S)%JZ@F-m$w-H@`8MMb>q4bN; zo9F4Qhb{&NaEGFfD=nawyu6i2TR4vxaJ_FGVVa;iu5@rveJ4;f3P;Qc)s0&)qND4T zy(1IzYF4|#6Y~~K%&)u}q=z)kEHT~l^9C%$O)KNG*b`5Sh zEW!CoOOUQB(#x?{AnL6f(6cQ7X=iuJBhG_>5Q6?YKd_Vr=7l$k?42^B4m-IaZ<9pc ziZBWsNC?}fzUbUSS#*&9lE>@{{G{uAAAeBbJRXT+WMA~K>m?;etd85eY7 zp0U40QR5Y{Ekb{$9fx-YBvlU;5Lqk~?s6Y1h>pEnbaBp9Y}cfapGcOCj=h;6eho~- z?nS4;_*6~bLNlqV-t>2{7jQ|zFrWa-cHgT<_nXS|(XXtg^6XAIL;$?E&DK>9h3W zS06$Z!J(4nW`d9`mAOVYgin#OV zLr^?Ze4|VA^&qBYvqu@ZKp#%L6bUj;keAsdJSInnJWN3+%Zd)@P2+X;)Q5}R^{mh( zsrMoKFuwzUo(&Ks>|^h_j2}uOJ#lXE)RJ(|`51}TJu5T>k~^*F{TX$zvDV@e005dg9f}>Wr%v~cz9N5m z#ix3t<{=az_*ub$0Dq5h0l-7xv9(b3J=&#BmGW>cU(S&n0%z8eUpm?Z#xY#=m0GS`Ff3SrH2U z6b0=X%yu7BWI}ehJX`bNwjRhsWI`UqB{CsDTn@Klxdgy-+{eOmq0#!JFwZDVx<>(d zaZ<`8W}$g=_KSdl|FGg(kD#^UrtBjJxIIo*>C~CkiZq>lVIsh#t$M+BIUVw&&4}_ zCgeuYr%8F?$$8-kd6Dw`$fW%60tbc(~(ZJ+=};G@qR1bZxu8}CV>wpDs)B0&qDevyw5`VEQ{kKk30k{>fs3g z_`=G{s8J_@D9=b@{Fw64PPnR4^uW96ylmM!H+l&+d@Eq|2k&;9IhIYy^LB zUZ0FdKj4tS@o3UPj7N1zhMQ3rd#epgeF>XZ<^K!5N&dmipGc(r#PO9{wzxHPxtz#{ zcnjmVxQ7P$F`62P_QJ5akio`~Xa4a<7S`cUxQ4%x>ka7GEF**>Ub6G}{75hlpN;KO z>4qeCJ%oH&vEgajH^6G&+_vLtU$_g4d!XWba6S}{aoNxNS9wMa%(V6GQ?SI?NcF`TS2tCf z_#T8u?AudEEMYz=_0_D*Ha`Ao`uPB^zK)dSwr{okQ}Ujd@;=P|-afrB$pf$#A;9H% zxH%~3#&NSaEwx+w^ic`^mHI`)lfAwMS4-HGpdvb7wK z*xwRcf1rSh%RQmKC8O?Xuf%dI&g>4C3skwTSMpEmn7@=JZhksj> z6^i_T-Z^U=JYoFpC$Lv|CeQdn{N&-sqvprTUZvVZsV%D=rJ&!lje(DM!XaQX3XF%x z#xsG1^Y}nW(EsWfGRyw7!9!{Cqj3;*9}Pm-CUfcZIdpM0bTNLCx_AL#n!5PM@+i9a z+w!=_sK#H=)dO7!tv}HNT?oxTJ{RxM`V({U4w{e8!#hNOVjkY}@IDOh!|*-~@5At3 zi1$Lg7vjAT?=;+#x;?%A)Nfj;yUKGD{*=`DE{?^veVS1RTeN8ziD;fT+VS0%9r9IF z?|e^=e+WW&9K$lnfhb{wz?11w&8P9n+0l~GZze_S4z<>~YOlivT zF78Ip8IE8==;!}o?@QpDDz^U{+Co?p_JRr#tF(gBDrzgB4Q=U-O`!@3Dr$dE#j2<% ziJ)x7w#X$!ap$?~b9A^ReK9sPuE&Xq#GTA|g~TEkS8IG} z@O$L<;dqb;55uE_VyShhQ!)UH2FB&s&IuizpM^u%F;!3B9}WhZ|AD5;dnJdOKP4mh zR;c-NuxlLl;?giEr8;*o1Mp$p6d2zmoF*{>G(u9P%G!|L*c1dFt|?FQxqFOUQrxf;Rpt`M-2i zGi?mO{6M8c=|*DM8Ro#CkU-;ue4oMkX}re}GXcZS$Sitq5`~gp|J?DSYmtB8V>Dp+ zlV+GkjO)xJ#z2f1#HQhbvcahFx;ARGI#nAro}&4ZAuDuP^bxmTUk}kl9aF-gSn=iv=p|_HMJrlE0?X|ihf|?w8ZUnNzP|pP znu=3tVMPB8#x<>rXa=HB^g3 zm74OooHev+<&Q^Xt!W?DZ|C)z=$Rd^eL(*i&pBlF3K02$f^s1E=( zz?}$iX{F@$mEdZtxEcp~o#U$*Ko}SLW}iU6=cu#gy;{NdgYlkl&&7NC9gO#UkN5N| z`$F!j9M(Rb-*A2CER2=d3jjUO?HSnI=V|W1j(;7?S7R?pX{Ug?I?xi$!-=WBcc>x? zbVA8u2$YBw8*G(HtV~QwRX`!my1f1^?Y4^DNJWRllcQ#>IGVPJ_Mi58KWUHq5TgN{ z0O2$sI?N$WHGP{SaPme{8f~h1Y=AmHRO30u@~d)#tzt4&fM#?UvvC}(whrT&-WB?D zPg~6MDynYj7|fRIE4f%xDyk-8em)HTC{=ZNPK$$1#@2FrNYAO5s_WLsK-hhp2Ukp83Lt%0ZIlUq9yy!ndn?bdoPSVa{voiCA6!r}#* z^i590x&xEn45}`criohDCi*;ysH{Z{LS@OIZWY4|fh8}U5D0ZC;>A`5vBf>Mf1sDA z<0UcVl3*eLM=le=F}0%SPVCxx;`fOOL7bgaEgZO_KAw9TDFbUn&MGKRwuU;7@Ym+! zS`PKl3xrJp<$9A^&LuQ_&-PA$6Ou;UBukBNY@&m7rR5(c1-=1YkTNGkqFu$m4l_8E zx_ok?Bf(a=45>)tnX)(uSAj?H2lFF31Rb*|6MmRr(Ski0bc7u}2~MW4(X^U#4H%l` zfw%0rIM4NhjG308!`xiRAKSv+F0it?ufCXP^Em7`mwE>nqHleZTcd+e+JIpWZw2RF zjCaB5i%6+NXR`Q9!F!Xe3ATKsHoC7h8Vg_mJ?FI2R^(gx83fxlPeTC7LvZ`1q{Ye6?2^M3xo1@XE zJiG$FXKnBrA{;~_{efP%$O{)Ou zxe%XiI^u-Dj%jY6-Hou&HmF19x*~Otv;I6R*eLa0AEh=RAPR2n!Nw-HZeb9>U=0Y@ zE*9e>BHZLaVghvXZOFPxxyw>p=5+)nPR7InOfEyJ;6vg$#-dsjotl(1W>G>J9N3x%k5UFDlqDog)*shTuxnVeRZcT)}sqXySM}&5h_n_jfcMKkqY#sFdEfjH*N`) z(hP};z4}P$>#Y4ceetPi5%l%)Mh0Z<2|9gUMk7vihKovH(`M@QMP_qQ81lUUo*Tn9k0_{!W}W;HOn)28IU~db$fJrdwx?)bnIfs z42jNZ-^D|3cOn(g`J7Ry7G=04boQSl(RsY8X?ly~zYl(jiHGwm#^WEUIv%@c$At$A zGrQ=3rZtpGZN!7Mjo|ThrNra-Z{xvZ8d3p|Rg6Qm7>8TJL-dt+%z5X?@pv1im>Bet zxqHTgO+11%Io{<+`e=rxMZ;qjadmX=v5OBYBp#hN$AiZWNCi9=F%H$D1h<68 z=Y1p|WlN46j~8HPih;+mUoswpd+B(r;o+-EJg}1zkN@S-@wk=PFcuz*@ez;z-^7E* zWk>})o?{#^{^OSLSaqVrW8C5+$K&C>G4W{s1>r-5pK9a5W7sCfV=m)REpl*6cq~enc$B<-8bm*z$@i>ndP2w?1;<2nOIv(c`8^*%JkBQj>;W4+j z#3Sd;BgbPblpQhXMaSbzV#8Q?OuEekEEE#5Yw7a);UeO`>=mR5^) zct$Orkt$n!@*9!!QPPLX#kAN14Fy#$5z$Dp1K=8bX_x|&{Jo(-q)!ZgSLjM;O$p`j z7V;B&YaLU?2%-wyj^$Aki}RW#tv*p_^V+Ci~QCqwqaYpJD@ zKB-bkH5uus1F_VJ z-SH+}_^(3m7FsiRAdKARe*=$ne}M2FZcjRyt|9dV`$uT{nMs*D^0I{I7DAKOJUHJ} zx^7r;d=-=_Ce@3lo38fZ6MV8aO+G5<)a`pjHT1RiYD$_;F;crGY0Xwi;cCI@OKANc z?6R2DH`D^Z7pDQgYs>%1xe}X3M37n)7#MAyn#3=e<;>3DR3Jrp)`)`7W0T!HyklS4 z;KP)S2!25%S1sOp<+L8KagL=prf(T~P8m6C4-6j3>+y-0n?MFzdI`){au5?z2(6fk|szu2ciH)L{h`6#JD;UFbm4gKj*W=1hE2t7L&jV zE)G#U=~E3nW66VgtGPe(Qe=OQ=20-BKOqn9ofw}y7>jh&p|ABc%YzZaohlAz)XuaG zQ_e!mY5BCgKl7Sr3r zLcHS;n80iJ%D__W{8Tdk{q!w*sa+4r{0m>!^=%rxL}xye3f;z1n>#dwc~^1CHVtz_ zi%#(pMl8)VSN3Y}B_RqWdCWEl4eIux5ji2)QQBh&0StS#3N~aA6nWYEJ-0@K(_4io z5Z`!=3&Eaxe;GqO#5=lJ9dFIcKH$m2fyq$URvT z;OKHP?F~%S6z=UlVtO#RFp4CQ{Q7Il;!{d4`%vVXeFH~J^u z`OrlsxtJnWkP=+VMbms}KsfraV5Gs3n=KgXip;w5U+Qyg_pY=wm;?2O%rNFaGytt! z8>@Zo#ffN(oF}n-S|F}QgJ}e6uQgIVN;Wd{CF~E((-$pNC)TvVMq=V$AJ*5)(bPrm zqah+p5ucNuS~iwb$jKj$$Cl+Mhpf9a-dx#W^mK0#mR&V`th0WvWY`qY%sqIxA(?sawawT7a3UK?ba^OtN@%h;G5Ifk^dkQn_=v>@;in0$C*@kV? z%QQg58HSrpAa2q@3|tBk#zX|4bk55A`VyM&1oG(xsAcX)u~4*$LwLt12D&1(7{mZp zi!JmCfV`xe1Ty&rW4>?!#uj6)q6ptuo1=WoFQGAp4TUg<-GoSVy%FeOvJYX%Nhe@O z;uY+IrneeDpGDv32DA`~brfE*RY^1@byZ0qVeLjN3#1vj+}iWV<+c?>JTifZe++yup7?vW@*!Mi4 zQ3i|?wDpp-4adY{%zH-lNqT8m^dT$?@hU17r_eXr`~x#MGa6Ts!rqL=5(AA?1C0<4 z{{jX}&>qa07>Iia2%NiIBc^`X7!aHAHgGusaRQS=wOEZO1jLZ85{RAuj^r;B9+1>9 z1IunFp9N8ZkoC+RAwd>uQfF~5Y1w6yGIz)>hLC{(VNph24K>`884!~gC*IW3@>qZ( zf=^O&=6`_dQ6^EAgB?+IDK3_ak=&ovqMp*DITO0b=Jbqc4(7)pe~iN@pNAhyjng+8 zo)|dpxcvPjS4|BeOU}3#n>xuMmerEq0XuKN?V!0M!PCZ+7Do$DZjPl(i_8s~b$lG| zf2<&<`eFy~R<~aJ(&Zo6+}RqX!7KmRRUB51qfF&^C%s3g-EX{~2v-dhr3h!ayPaGI z!{4Jh7Q$UbH?;CC8VgLtKQ4xIS5}Lk@hxF6zO%&OsOQXGs_h>ivA&f(i`fYnADliD z2$=fA=LV<0>uFK`Zj$<85NkDKq1jQqxY0-|J2^`eh?vsTs#gOcO%>&h@}gu*ND#U|z!q9fWFd`*nzF0U3zTC*p2lFd$i)--<(i(l0{-Dk9S?nRjBGC{ zFW9*yKL4^uP?O){U-n?5{$*!VJLB*#o3Nbls1@&YFw-ipXT#Jp;9vG4D?oaEerhl= zzc~qSLepdT!x{c%9c3982X0;7lz*A1=IUG=7#5cF*ZP;WgqZwe{mZod`s|2kjpbz4 z83J3X4@NsVge>qRS{dPHM!Tz$n;GrdCta*UZf3m4F5Jxgqe+iZD;B&1ko>0&Y)R|h zT5-iV>1f7UiD$14xtbOE#wMjv2xOPQV#q8E=J1NnO~Dge1sT=hU76wM(nDM zN92))zJtt#Y|=f_Y!&1HfZf}n4<_#)9t$Sh$Scj|d)pTBN_&%=(gG=2U5at21&u?R zQySt%Sm0scX#p3y7VMSw>{9d{?Iov+V#qT1z?~ySS}ruMEghbLq6Bt_iYja~r3q|p z>Z;`oZ+qZ%5hv^>cmz!q5FqbJ!P?&2_ixFqt2Q!T-s5$$*R z+QELHuB<<|DR;O^&KkpcV(_;3+~LL%%j>gwbfUdFes{PlkQVN6FQR{`C(p+%_2h?b zWKVh@)A->?{gn=p2N?Jxia%WYw^%|APK1PFi*D7mV7}&I{NWr}3&cRuDlSJ^gyg&`MzRTi zxMbiBB!@DB(Es2gLh|}n63H%)Kv1x}Z3@pwf1HQO11vgyy#hxpz_~d=r>_zWdvVa0 z<_~wi_UOS>Fb97)9LGX^@m$TbkEc61{`Y@KbJ^EbC<+JXOAEi z5Z%g1R*O4uONchNNqJkC3$6%QVlArMoQ zJa`Oylku3#IAHw8E#a{!QQ}c@|B>VIeIx!~uQDE|9Mti6nMa@|@lYfl>n@It$3?`3 zvG8~V9}yl~7R7_d*+32SF_UqC{}*lvkLQ|6Jc{o-ay-6j#Q*DM#-rB(9goL(_-PUk z%^z;rMbYs%huAO{9)5g8czpUsJb3g2YQSS6;{g9J+!7vhEfSBMdygEC4;u0Rn$LK2 z*stR;hewPi@zDI?UcE3n9%m98#=>I?J|a9;EQ|+_ov{Q;CvBOG@hIUX;-b124qcj=3a$KIcGJjP)#j4{14&p%2f9(Rw7jz{-b8o}cd zd_;IW{aQSD)FTz}P#6cqf8dtzC_OCku-|nA{%{_Xo;yXH4>Hjv3v9rUnv(N1Ww&O1 zN1Pgm{HOTRVETpAli>sxgdLoX;w$jNyN$D8d!K0n(i#g)(H1f(WKcmLzOVpoh+zV; zqkWuJ@DVWr1VeNDLzEtE_WUB-eDoaij1>C?Me~P4xDpfOuknYQH;<{JKT!qTn@01f zY4U#=CH>*{s~1K_}DEtZ_l#==vG*hs!2^I12uPkZ8&uj@3SJN5P3_vHaoaRXqN1 z-86R!vp-x7c~zPxxJ+L!f``eSrG-;_ulKvA6~3gJY9yU5GGB>JdiUX-w7%W1 zDU*n+P!-+2tNV90?H?CFo{|1>MGgGpRv}fme_WjUyz7Zxc6-K#`Nu)6Hf1K}G z?$1tpWPc9iQ8A)F!TFwZa+8r9 zutfKeJG-HW+%x1`8$8yqUtmv5(8I_SVk_x8SqO!Bq>Efj$d%Ttp9;y7(;!UXU{r`B z4!@alo*wE~EHLJDOv4tu2x=bb@IGc}aVcqVE^BfF$G|3_4=qw_uMJT+FOcjnaHgqla>Tl06i>-P}WS z;*KAxob&?o=qsL!g``ca!aGJX&=ILcOD2?R@d|wcFw^%+FxOVV zzmn!J@%hUQe#!vA+ z5b?aHnX~+Gz4xJD2jG&2eankSIn|Z?>~``OyNys8`fO~MlUCwoybX*bNa`30#DC)n zLDFT9gk%XkdP35b{pB_H6Sic>^q)K7U(v8(|GCz96&0JkPck;VXo&Eidn4p*CKqNQ z|GC}Z{QZh{5;HsF62u%;F-oCc?55zFX6WgMYZtZ2|<#$TS7ALHZvr;{4~5& z%>Hu@v?!MU+;_DGLciXB?uMsh5q%r+G2Th>v0QZ3+VT#iM_bO=CEHRv-P{(#UqSA# zbfo@s9nhlR)qn1r$7A`=O?av?|G6*lwxR!ANAAaJ@fO|^2B*T7N-VOW%#1-?{&NZ{ zW*V>?^Pl_WYa^+o++XECxBjsZYv}9g8gb*lVpDPp@iE@QpX_Mv@@lahx76%`J7lxJ zn-;(S+$btun;MZfY$N`2Z5wNE-2QXh9*x%C=}$J+-f!_1?d{9mTP;4pEw$JEy=?D~ zQ^Wk{-2Mqx?4Nd)C(^$STPp7pS5bp&c!O%pF|cnMZK73=|1^yT#b;5v#~z`2){1RG zWBnP$pUoPWfOOIP*{p#}@Ww1)b$>Ri$d!3t9C-eb#{Jo>B1KO+Ei7pSKWjeV4fjWL zK}`K&{%gZ&OEeW=OV3*ASlbMnKGOzWZ#UQ7oRUQ@)aok}Es^Kd42OKj$M_#kNad5Q zaAPXQ58R|&b$M2}F%3pe;(k~Z;K_74Pg=CZJ|yNT18?4Sl=+p(nQ8LFw5>D=f?khf zA^Zsb1b5MG^<*NLKfvF}v_U>?Q>N`ph8+n|Sz0+_zcSigYb{8QCL&=wl=UE8yRkzV zg{^KR@2VDa@z{TwvWeE<+r%Qp*c9#;r=gT}`}-!keODx=`6?1=OFMG0AB5zzY5vLw zID^Z+kr_-t2820+UL8dFdeG~9Ezzdw!wM zc8Oaa1#46Oauc;LA&tcrJPXdFWxxh{3!WSr}MFd3&FhT)&c z3(^SuA0=Hj<8NnYJe*^bmPf?x!Z6R<#i@@`IBLs3%s)n;UaXeK8RA_k{ID z5uI(ywrj|s!{St#*9WzFUYmzR=@c#{1sTh3xt;ea^dTQ-`FH0yanQ2U_QqBwo@VYb(C><%!_-B0oE_F@ zb}@)Q+$B~#9M)$iK){MjNUPw#sn2@jiu&xat+LMwZXw<)1Bprff!<$7%r861sgGjw%l$Hge$>%mxB_GljbElAHxs|)+um3So(bodj9BPz zW}YOn+7BPNrun4<3Jc?xrTp10;d&?x`{yxQh}ZE<^2vO3iv^^6C4>EN{Lv|S&&MrwZuSdSp^ICws!u!Oj zGolzs8z7SyYsfEZzY&MW^wElmAo7w!4OUE-hr z4C}9hkeed;L7i8Arnl&?@!!h+I_l=w{nZ%1tU-S@7+;pWpm!MUv1p7h&)&ryCBBg4 zK5DSRFOLi`by94886z{O|59eq6&Zy0jTHIAkeiubRP6m2FS{&YmLzt0cc0z?jSVl~ zo*4$eRou;=?GoMRhQUASLBKx)&m_A{rni9q$8RM34|~k;kCE$#c;yxQ6q_05EK<@p zlvlmyF#e^VOZYyAyw^5;JqE472V@a&`%^K#k4-d>?`QG&zEy0!lQWp6b>IU$5;Yv( zKg!neuSnGfcwJcSL^NZOy1S9l;uPjU>HwuKdIyk0IL3F)CHx;KjOgEB`1bgWX4U_^ zKdb`|VsayrAJ9ACXL?KYze%J2@#YTrjrcDi<5WZZpS^?O6Q61Hk5Nv;|BH zs9&$qKQf3)|Hw_!e{B3?ju)>oj}iW>evAkI&1Xd5e-}O@{JY&3hX1V?heRcwNd}li zZ-M_08zue^-S|7=f7WwR@$cUyYLy) z|J`Bu-->}nRN|RN|MZsVe}hK<*GIvB1cm%K8d+U@iP4u&GsjlC<^f<3Yu;%KYFc0z z1Mms6xC5?QC-GYksjo@VqtOb30S3lc;2joQRL)?k)`R!+u+fkKR-dYO0MCs0DD*aT z6uQf2%!07Y!=fQ4RyXuvUZshUbGP0N4#T_}>=Hf*T!I2kOkfvn@DX*wy>r4k;itRN z2?=+h6JDeRLmjZ&n5N`UTbCm6aG1%{|#eP#{oD6)c)Z;Fo4VeEP^O3TJ`|epefkzmHXiGj{qS*SPR*&O&(H2Cp4xJ zKFH-yXkEQw24~};uH+Ff~_2)sHfwhvB(nf=FQMidS9AYngoTzth z^@sJ&22Ab5Ry>nS>96Q5dS}FX**k}>HuuhNou57`HQ$l!aeF0Wy6Qto-B}pfwDDm| zKU25Fo}Uhp8Pu+p8SLXxC8A5P&hCfYni?N)=0NoE`EF)GVvgs6dKZK*5U2}6^V4M~ zhjoBe+=$Pp0}lAYI^ZIVJL1aO`uK1$uBZb({#16rq*8MSuss^~6*{AULU|Ek$*duj zf3zu33v4{ljY!2R61c$K(7JFvrP25YM2DKxrfr}};qGA53q@7#!=Vedil@O`Zr?OS z=3-}{=Ws(C9<-x)L_XgY{wmACW>JrR_=o=7(}8w&>Jp}(Ci+$>{?>47g5Ay7_N&93 z$o;-L>zR4sza&2`4&H{1Q*4!8p->MF@J-;L(jUQ=fn-v#N3RsTC$!48)bl|Vc((@L zbAisPU4MOKTaaT7%Kv~AaB z1c*Yg|5NyPH_&&t(sx&C-(80rO1R}?+1vgx=H4d%7yUSjh_2T3yxyxKbtVHynQu(N zuyX_Z_rMN(5;WnVqo-(J#*CbqX~7e4N+HxP@bIC4&?uT$iy)&=n%+SG9Qw0)~rJ3fMDcdjSL9RqWm>|F1dQvh|gw1 zmwv7aOcA(PBPLu)4%{oShor88IbP5wyTpq~Nd2kla@%156W!>$`83Sia7F0ezD}as z5BZp>(eO{xj{JzgI0u{Ew4g&RIO5YPUfvd}r!=E!+d%r>P7E0$-h{q|ISR47o|On} zU&a;GdxC<_Y3Gaj;u7qP#g zFw7#w{vldCy0+sTg`m?63EgU=!yJ4gfY~}vi@IgW-iw1LC?;^M;t^;=;QcCt(J5`B zgVG^{91-TInzk#5EIW-h1c^eCNuqf<^~5&OW2@dHS|~Z`l0iY+L=wNj{ugWD31}Rj zLE{%6@M0&&O|TB^Cr48Kjik|Tr22}wlZ=!abTO-6aGR|DWn0YEzogoz{SbapD^`DG zu08wb#N5AwjxI9Jh1!A=n%cKR+V^CBZfVb4Ju<32^8u=F9QMqQ%BVfHqARMc>EFYs z2mD4Shz6cTy6E;yKi-78E3`ic&cBd(!`c>o#4!l#ln+J#J+6HpG#<&EL5PBUe`G(BuIuwmd3 z-ETveu_@DzD`Ll)@5`Ye<5DcV*}*Rk`{ggu@V@>n9q*|2%Xe;J*zC&y8#nLz6D9I| z^U85y*h~9m2z!^=AhT19mw6pB^6G`W8gv3@JPH|W-GEHPY?muxyR3parb@G2LJ>im zzQEE<9Td}Y`OIY5L3S}aPRr#dy~4W4E{1EC%hr%VrWwjuh*B{D&*XCJI(myP+VZY8 z{~K){t#$wBc@{Zv{d$$M3r!5?kW3~fddviFDjNav5wCU6Fq zEtMJEjtm-f4F=(Njx{<)+AbybWauaOW2&NiGyf8QwEY-%={5yupCOU;Vh4$^2cL0GiB2ct4svdvu}RUt#>Q&%^zsESBW`90mb&Z9;{yx%#hQM_Zze=lXv^8Y7XHHr5~lw;C$ zTE%CYDe{hqVR-Mtv`!qvGfn=}Tay3FH2Hu2Z^e5k#cnsG?`Ov`T>BSEyhmZU((rzy zdt7*rks0jzkIbMeGH4*`A!mjmw?^nYrs?qwW*@@)kssp0dt0{%yvN`(qVFCP!tkDk zfkMo}Gl_Q@y#?O;t0dl!5C5%rZ+tl_-e=svc+Y%8!X+^JXn3E5n#V!kb=PwS)3gqI z78yjtyEdg!yknXg3z+{1@00e%gZBiK6Gq>4nyK+6Zy4S-3=E?C%{tz8ToK+g-;sD{ zoTuY$wr@rCUi=i&JDPp*y7@ZbVfMw9*D+pQ7fQeyg%Js-io5`4Mi*nL}X(i8FVwx7$Fc;ChW#Mie_SmMyW+=-9x?N1i zM?~b=o-oiK#NZ&F#xrT&dWhZv^o~m;=x-I9=Pa6ki5Y*h0zb@qH=2EM$BR1tVH1`i zV;TPkUX%FmgA~{BAJ`=>{F7w{cf2k$SjfXbL;QDkHt>h?oTrKsbO$kPew3H z63L&rt7+_Kpd1tSR*{U42>Zo1g<;NpyL8Sh_Ne0+=x+0n*pSV*E%)Y4`=fyWM7;lvq_?^?6HrbVJJe~W#FuUe1Kfsj zMRXr$$bVe1{Qr+8|J?`c&FUZQDSOzY{)TNmWI%-IzRNHlns%zi(GlSWMB0ym)cGO% zA)5@p0`uU=1K1D0vsKjMCLhOoNc$lIs&ipKT!Cn>0&MMzqrF=pyqZFuv7VEQAZ<(2 z4sP{lZ>K;dKG*j%)Fj7f7p{?>2x&iWZvVg6)F3bQq1S6TqydGws;jBQc7OA+A z21xYWdd>WJXZTmUA%n%wcosNb`)Vg{h(gA^At|KYIpG2m=NmO)f4nx*{#ZzH=f)IR zw|c?;m}%G_=@c4@s?Shq9~^I55O$*$>P}c7aXK6xG>rbRh)%@Pao8X~nDOgukgpNP zhuI*{8%z3c{E;@uACyQN z(y9qIPYPKzJx_~egpgG0<#72x7t6i zXZN<)=G%DfpP(D6e!sBlo9v%mwA!zJ)m(dhe}duiz(&P41Vb`Lt)ZZ62pY9bi_obw zFoyCL;fng1_#DN-7&?Hcnf@D$Yf^@STtK};pjFAWWAki>%*CCE8*F%$h)1Aj&KTE2 zGANncu-weQhW!*y0?9)MMcPkO^eWN(Xc)D-ru=cL1pccjC&wD91wLJHrv7Pbh{sYz zElh#0O%4@`?zN&|*tI!o^y~QRESul zr|cP)RaARy0o(|NqFaaIAG()}+Oi+9-0+ov;kSw}AUXap`)s6r><8L+-=BQn>FAyE zD!ZcQACD=w*Ic@C=GU$(k{@C%!tFw~%6PMb89_6@d3W}-MeYqu0 zwV*`t=Q`_hb8z6{a!-=mcR2)8p&e&cdOEt(zj6D9r?`EEj-vF`a}?jT(CqA>54X5|xfyQX#aTt^n~KuE4R%&)R>%*l61g~Feq^3dk5W`L`mozS#922a$KqD2Wb@FK z_9ArcNv`yz3c6PDO>!vd%arsQ9Dj$ttHb0deI@!0eK$PIm0s;iUlu%7ktYplE;TbK(9x*;%zEsVVkzndy1h21$bWqfSH^Q8(QB5=H?`OeB38)SnxoL9 z*sZ!#)7-cMild3T;XE!pm&umf-I#fR7U``I=@eXL5ER&m02#Oej)EOp;PQplL_Vk} zAE9yW^ApC@SvFAh~)VF@M``K~W6YPqe@pOo&lY3Z26$HA)}bZhLlM90!yI9xgek16#PRY!6Kk9{L8{WjlR&gL_;8#gGoeRQn_&$ z^yTtj3i_LzicI+Zmv~R~2wJN}(6ZQ0_aLuz{JTxO$G_xtIm#64s!^C#%)@J|AeYv>4!629>c?LNny4zDIpYL?qK zi99zw1B=qvgTFvlXlwc!>RM}2`kLSXr6w;mhh+gSvh<4#y3oG$F4vBaqNG-O;i_RF zf-*;Cu7gm3^jHTGA<4^oqT-)wDZ*Gxgnptc{ea7NJq{Nc0z&^qQOAOE()UyOj^GJI zgIY@OXF6S@lr$=ZigVC~+kbHmNQTaaA%dN#sBfp10U%FTSNbo=JOi0$aprwfkvAd( zq^whFl2TD>w)U1xOy1#O2$og)R4_hn%SK|XpDA-l=c!p>6GPPE zfqw0}IL!6ej%b}MyRKBaQTDV8;E^;*=X zFBZ<%qB0oCWMvXEt4L_OEt`oQ50RW-MiSiZznlZy!9iQaLzZSZUwSH7YHX^)A>@a} z?Rci}!X29lut=9SI)1%Xl+tSmbR_2yU?T4EN|exZu+k{}f@2lGhnRF9XYg7o&GuLk zc3AY*GSFH049)=hDlLPq^gDeyv0pgLlE*2J42t+6fhqwpAOduSVl$t^{ENgtogwAM zU`$iIx9bjrgmXtBD;nvavwHgDRKj+3OD))VX>Gu5*+W~nx%?McXpbRgX+^Psn+r!N z>Tp1g(LpVAJZHC6&<+mpDLTtpSA%2STx)kha$h&0!}X{@^XDwkJJ12GYef*#s$9kG8;>t`yVda-_?Jc z`#Ab7RAlbA{>iT`^V?}*1rfd}dhIKyf`ow|PzeoQrcwrzU8M#rkY^;9zd1~eFSw#i`jje7I zFBF+|N@bO&CD;b*g^~637_;cWF}ghyw;{Y~Kf&^86B9fwAxx-8E~!>OE#Hg*zI<7I z`N07bwu9Lef7@PnVRr2wG^HPob-%pR0}8f0-;BpM3~Zhd#D?Q-yPb-QVYp~T7ejE- znJxz5;^$Lv(H|GrJ(iph?1PJ4^rROq{8Mm&=!v$Q=m}==ZCBAn3tX(jg`#3t*wy0m zM@X-bI}uH?Rh$o!SLc!F$f;Y=45yQ-HSnM&b`hH%K2VQVcfoXTqNsinAJybe#EXOg z4RCVZP7MsTe#{&bel!imz;m-bh@C-KS_CN`qriC(H88;$#BC@;JwI#tdv@`7^bGzJ zp272B8EEyP?<4DTZuIP~3D550uT58J$hkQHvzWldbqW5Bv$ZcTx$d8}E$H7G0y4B;T)py~ZCX!z~ zLF820^gEZUV(=l+38l%{*f0zC&8)F;06j|ASaN4E~QQZFA5`2g$(gpaPREl{=DelMNejI)$ z;&-CryN7^ssrS>5+wUX6jfeDuhuR%=9`5MJcMq|ZQ@x*leD~0SXt<%DS@%3nH#6_2 zpIP@jA#dns);-h#cq98^I96BdJU5{gm@0ne_IILHs4`%9DdspeST5{Et26K~4U;6S zXohDfeej888S0xc#NyG-%cb8ws76pK=6iCj6TAlk44s3?@@~blUrq(-)euL(3t16j zXnnqce$52qNSy=*r3n)$+~jzgm;9#*ppWl)Xg&%EzVh@uPT*k{&o-FDa2$<0Q5z{v}Ym&w{?Hp;P)m#QQ`o1S3&! z*Ylyyy&Hdm_p%wfRvdpJjcNPDi=9%Ch{!+XTjR~NB#t`&Eq`BI*W8a8)eta-H9tjp5%iMsnBx}%O|(lpFY z$M6gl;s}BR@y~V4n>2wv$d}t_+pArCxl63aFM5xZh!ARp$Y+Qh_gMZ6rP&@^Lw?>alwW(wuZV>KN>rBxyHQb{@Cq6s6ysJ4bGQQPYAj5!KEV8S50!z10Tt`A ztiz(b7-f|p_Y%A*!Q&F#m*Tz@_mB=lARThY;eH(M$Kf7QB6lM0C*po0?jbE$&boYe zlz}J})ki-rbq3%0%2{am?qH#zvLwMfDMDEO<2w=|_)ZFx87xqEBR;3^4iYG;PfC{= zEM3Z3y7=y(AJr#C%?uVbtgdy=y5n)Yndzgy&Y3glXI44OomqF#&rBcR%$z|#vv?H1 zHzb5+`lLjfK|k*7T)XEA{7v(6k3-;QxznrM&(*OaMh@XSEM`4p>ukckf3I;8fgzH=!aN4#mNGW;8#RcVN-xO5*SmniVdCET%PNF4(7Vq8o!p`avX6 zY`JT|Kax3^9c0}eqnt4#y+xn1P;l>ks0xN}MM=az{{s0DR+B!gMp5)If16X>iNnXa zeLYDFh60yj3_8zQk9K2PQ@%gZ+YW2V98{th3p{%eqY4y8?!@tSif?R(XXr+nmMm-@ zOy*vaU6NgB_jbT=VrMEz1d-TL6O3rOElZT()*z-~oU8!ERG<^nJBXXZSmGBVKot$q*Kn8gb4kH0GT)Z#c$0e`hz{VNe}W zln5V$97$%9*83_xWSTw9KE4;JDtpx3PLjm#ZJv{LW4*VX;&);iSCEo3^Tv90cQu$B zx5H90tHS2{Vfy1V&e&FgJvlJb`4PNS$Mv;)rGf?2T9fNQA)uYy5}f+l@}|)`L0$zl zKu+*#(%zvvFkBR7Am*jsGYvKcZx_X%2MrNe!3I{yz&{9?+^oEr$D)fNi10{mERRl4D zH4}3?daDsJAaYw)DZYMg{|KnC2?4ADoaYtOCX=8t@K>6W4XwYeq8e4k_HLMuILm)Y zv{lTe`|@8bw%h;BjTuX&V6McB{)<-i?c&b+Q15JEt1Q>jd&iT0961xl0G0%~wmiTz z%R^PBo(AqA(Kd5N%_`w3R3GdO6Hi8D;T>e*-d1jkc?x`p zIgSJ{+_WLOBUUUlf7A);ddW^8r~(Hnj}C)LiU_J#nPe*u3LOT)vkF5B5iS}u3=JyC z3Z}!FWw0Tspb9_`!=M*jDrp>1<|-1X!?Gl|5j|kAsGwr>^Bj!BIAk@j%qze$ufSgR z&f}EIJT>iJ5Or#rh{qt25~xaB-qa&!);tmhGzZS7RU9Z|e9lT~X$>Bykla+U^r^`$ zA$HeZXdhAfw3R%VYpc%EU?ELoGlmfF=W6*_kk0!#inFrFaM^|dmPzBN$hIi0RLdb~ z7yI-1JM9S~?J@T9s(?;13UvjKpCSG)2D{^ogfi3*lW$waEL=EMoM`c*oD;jG!AB{d z1no#$PzhYCJV)nO?wHmU=Rc?dBa|%0*b!A>l`5vwnLFT>`IWQ0zS#sQd?!tGQPj`; zP4w7p8@dIv+C253xbbdMS9o8e6k^1k2j~E9#W#-zgy3W1V}w)@e^B@b^mRsUNLO<_ zcPGg!SykkMUF9cD#LO8g$Znjkr!!RWa5OPhlYC9w>c6OfBK2@^bGSXN7#?GqJbVCL z?NSe!(OHj2PG3bTPc`h`Qy|VOuA^jlMpHdSO-gl^y`3tDh>GP@2JuNzA5UsZ;9K0f zFigQg3}y#U5Ar8*E~Xg-RLo20S8j)3t2i2Y7Wt(%*`;oii9&ri#|3`JbXb}uTu|=w zh(qSdx*~OdeQ_EF6<^;}ILA;jHAC|GAlsx7(l(CW@g9 zovreIybs)gKN=|@BZZn%>`Gq^B@|DCDR+mf4+NrGrP$^}A-g(r183vfw-MEO6D>&) zv*)l*$|@TY%&FMm!4^_UsV=pGHRgm$jtgduV)~;vYb3<@RI_qJin_=|Lr>5{h#`xh zx+3I|QUqKbwhF}Y!NbCYP*EQmhu|WhZmoy2@Z6$A5A27DRA&0h1(tvtABfWZL~6Rc zxL~+kmdU1LWNxXR3C`aq+V94yOXXF9#>vu67TXO=HB3&{3eWj0U_yGNSv-TUsPZ@~ z-Ze{^*9IqQ6Z)AfH6W%T)e6T!gqKJe@C3D3=2ptx6M0){^d(H6@G*1!3aKRk+NBMRm)Ht8L5XBlb((VU~G1*9Cyy9WAD zc2FotsVf)-12zgQ6)#c={^ZX(>kD{H`~8y~;&=h<%7bOJlnk1UTk*jjJk$XCs8d+ZLplRD6lnYwXZgOemILJ+;TsAfAR{WZ)_UTPXs*-7HUqvZf}GHU+2#u)u=&VQ85e|lv8YrZ2Q$KY8r zNTcwRkunOsh4uILNPNpzP6UA5!DwXLYq$~;P&+!pKIr31q{v=@?-KF*)KhD+3h*<*_g zL3X>mtg(wOa6RW{4 zu>0EdYMCqb#q1V*%^q#o&m1{({k|R$t$wn9iFwg~n^Qvk+(foLWwzpW zj)#O_X{hCj|FM@t_{mH7=6xm|z%LFAidsL$uU9A+;1?~IImiXo5c|&z>&OdH9YcPZ z@LSukp)yyAA73+mR&lyszekXD!~PA!@7DOUt!0nwT2X*pP53=`W(dDP;YDVaWc!#n z1JAfSry`}fIyq3-E%ltt>na(apk(j$oB*SIo^4^vysVEVcXwtTnB0ZzbF_kXWv}vn z4Z~&jXSVyQs`>1@unE7}Uknqh!;1R8lK!z${`2nfV_oV8m`3Be%Y^p+q@$cOo5Od@ zQk1>Tn~qJ${MXu*@-4f`YIPtB4$vw&I^ofWa3DO{rCw@9LQi|Ctya`8#V5C8{%-l& zxiTLMVs&@K9F2N)^Mb?Bk8@=`IWD4Z`fsQR0nPpt4^hyU^R97PZ~XiCg-$QoIiOS zrWxcR1s`Z_!Qi5u;Sdqy=_?gdw9cTbVoC<>z5PE7+SWIGU8fC-tEc zvs^9`p0-`sT?l-nolod>*3Sxnd zI%58^k#p3`62u9*e4F zo(RyPJTIdxP(ON#jIlQ(W$eOJaJM*?oH2dvS;qLs9FD81O z{yhmHkSw|TDJyW=y;a0-_b%faV!Kc*vl24aAkvQ+P^;~67$niqZ=r_SO*z^syFlgy z`-O6&^Hw1dxIRDvX}QeM2U`x4Xo2nok_ty|z_%|Y@GhPi@(z+EmGXwD$Kgciz7s>a zvwfEX9Lqtk)D;LjT#kMW*edSDH_ozwsTQwbALXu!Ki>k|OkPI4Ub?4iFpcVG4}a|K zs8z^jTe7oh{inN{Px*S0V}0e*Jy^AoRH;7^?j1Bh1*B7MHqcwno<-Z1q}R14#h ztQI_QErCn%6!ZqpO0{t3Q*$6qKr6P2ccH^|`Ob!_6?8xWlb}iH6>&^29aKn%^HL>T z{!V>$GKM9qneDc_@ST~Ufp>_QZ521+b=g_XyxTRZ?f|NGV}kQ#u)RLtBzmStpl3+# z74^X-M3Jzq$UY|BbA}h>qxT{RitA#lcm)W9JU}N9THcfZ>9{g?@CWjlt>RytL?hax z!ibhL!H2ersYpa+COOO6HG@fx#-$WbH*GyrmemZWAeXNMhXRr8J>H#223sPDQmEWp zW9$=-X(X7wAcNoZi7j(qr4DFn$MS*{ymvFAnz3QQ@B6+oYwM9=Xg4l@6Vw> zR&QtLVmm$#b_CA_+c_7L<~rEixwsX6Nko>=fPrCQMCv#aYOw4er={Y{Yo(eh9mHh} zygbaX&nOhK0s*Tekw&o?CtvpVo@6372T7$YxBqQcp}OG@odN#pi}Df>yUX%M5+1Zj zh)M+M<6=Or10+ww7H#W`{`WS^+&~?csuPJ9!-t7J&?)%1Q=lJOKW8yz&O>7l79HRP zNDWV_-C4KN;>~oe-C5{w)1Um6PSs13%!{ps17x}kVaxR+`byD0@qVZvpaEKwV4=VN z>11ZXNV^LFY+DT{T_nWxM*7M!5R1A{Rcv`Q$ws1ONYntJA`A9AfP+2FEFpKHB9sW& z*id7jkY`&0Q=4tc{ydfT7oxEoumVczsBt{y$tre^q`OhY;<sA^r3>q14U?H`d6`v z00L{Fl>P2>%x?E5+h+3w$6s*Bm0j-{uU;gfE=gXLvpdcCsyO@-UAv0WEug(T%i##M{J|TUl7-~437M4$(4;CZ-iB z3LN6JzC8Ovd=pQ{ibX0OkZhj5oS5D$fGRh5mj{;^B89W@+VGQO@pdC|^6o7(v!R(* zZ67_?ZSrTs3*K6Ax&9vl2=EDtR;O(x&9i+-3jc^5%i1ambsSkm%2u-;6r?uaq|rZr9{Z zlj7#xXv?YB=%KcpI*V35*{0>xnE%!F)RrE)WYFd}pWwl-lsC7G)#c5dMy{H?naa7= ziVKkBuaY<2FKSBOq%HX$mp8p}KvR?Yn`TJ#=g1q;^{aUYG&!69vyjk?0|8aTq#-cdn&D}`!=g6Ch9sf#s z^WL|A%bVX_-XwR4kT*Ye{?+p4pO@?MW`3s_&`nNc(`cvJolbE#B}c}+4mN`EyF_CXkF+~cEDvldh;DsKvpc~E1-ny! z%!CuLBW4>5{RH<=p9!-y(LND~^&(@Fq8podFXL9hQ#51KiDi>h+aySv z6O3W7IelZcIbnAVX>-bwHm4l&#)Byvwz%y=-9!Qe_DgIqpFkET*qBTfCs=<%7N_;p zIWTpg3|O2tNsH4mddN$pL!Lr+_NJS$y@z3Oim(SZZhul}7Fir=e}W|p_NPs-Ke2Vy zMMa$6i2Z3f>`%+b!`NiDKlM-bd>q{X1^2MH3{aq97@#i8+(5*PnD3~>EbUKaMG4KA zf^_@S>+PBI;UdrLrBUK3JUGJni=x?|T$kzc;Tg(3CuJ zyz)OMPfmI{4tZilqCZQXe1%^6i{(knuQhps0~7w1C$SCMzeS#0*)~F+jKG6mDNhbu zq{|bVk*g+84!5CPYsF_s@_WmZyK|e8Cu?5#pOYtF&x=EzEJC6`OPxMEydO zCmXVwn4Rbf+_2e6NP&BZ{9!g7i9gI=Js;_=lm2(Kg+OVMx?HYrD83VpbBGj&Q#!8<*eM&EzI~e{o!ryh{?jH5B`5dS zWT3G>dFC7BMqZIRm*%Ain0=f+#D6aANl94111l7itYEKwtfw4scF#aIaCSei8uW%q zyhGUfk+b`dn9lAWH$wrw$>d9p0Pz)khY+LFYPKgMhYPxspV>HytHq2tO*{c(J+~(* zm6}7ogsA2=-3xH@v!vCz0;@4NnbVR54yAB5^(50o-A>mIw_moAmS<`Dij3S-`Uh>s z{^GnJWmEouG=*(qJx0r~u=UtaR9~zU99WO_P37g-u~?2NDt6Hf(1Ofx-}2l@3o zLeOGmL-0F_)J^%==Gs_-WfVIv(ER+WXn`sH{7h@FH^bImSPIhGi`FF$C4DFQ3$BP~ zaIINMjvS~diYBEY<7O*#fMfg+Cw`#nRzkf`<8|WF?oDN@EtMXP4Jd~(3*43 zOc0ZXQ-Hdyq8~Zl`cIotl$`L+J3Zk#yiV*s2kfpUKY?UO{UoOzaiBf`&aB5l^Bk6d zQu_vTgDDh}w@CqVy2ZE2 ze48Aw$=l|9+dPmUZ(Hzfi@+XK2#KwHYYl9cw=Ma$W#D6Z+lp^n1(wU()_mJK@VdNh z!?$e$&&b=heA_ngfV^$Tx9tM7BLoVvVdrrFBwKJYuCc8SuI<5bxNgta?Sog~x&vQ# z2#&&aN51YDbmO`cUv~=T;JPzkcMkT)br-(w5=_H&SHA8VJQ~+2e4P@syldb5@^7<}Qjz-MWz%9uMvy!r0 z{`1h|?VafI@&pU@w;SPT>7RK%f!k`cX{()Ox7KHPYqZY9cS(`o(Km<(I3EGK%JlEo z01*yo!(Q6tOAO|RP6fL_U?+n!c*AO2I`*Ehr9(4kOMf`E4C!s@QlDl^e@+^@rYE?uDvMHZnZdUhIS?smbrauJD- zGMhDW&~cIfHsam5k)7*S$|-;%+F;QBHSun*^@O0pTm>DnQJldQl<{tbR075>baHa- zOOX|1$9!#$619SDWChPRDtPS)DCk$jyLF@rVor%VV(j|;k~8-Wdv&D5ILNW2>Y zPqEdH7VidceY+O)rYzQj-ms|)_FDPn%9{}6vrFXW6PFObs!Qn?;Vu|8`$DtG(}T2IMY z4|b$@HwtxgXM-Ybl{EZlk#1)%uu#AbCPrF})A2sEgg)vWsvgCQ;SqK|^7aajV|xIF zKVjK~r$olZuJW_7yFH4UfvsHGWiAicGJIE^z z*HVB&DAo5o0hBRrc`A;a$O?RhM^gXcR)d&$r$Vsu)RqIntjJT3FQWKviX%(Gp&u&{ z1hoRt2IZ!HWm6I?-he!U1Dl=aCk^)Hy?jV7*OL-F4)uYAvWGqQwk6unQG7N!6EDk| zUE_TSd-oZUZLe4`>~Lh;9YLIFmv1#5*eY?{Z#^o+fo&-u14sr8$!sd@8q=;x`eA^TFC|Z0Q6R)k}HoPv& zjx)XuqOrUh@okb05ws`ikOS5{9YH^x`I0ChHNcB}COuG{ggZoe+I@)nl6+R2*0q?t1?sJkOJX;CGHdb!C63#kYY|l7*tscDpq2 zMg+A%mVlSM8-w43$k$eREjprNgQ-Y=@J{i_Ar>*k+|GJ+!TqhKU@*&Ul4p zV!U%eQ!2c+|0EUO=-8ocFQjflxin&DpgeE^Z#x+LYA8xbT6L({;5|CfnM97>-_jll zxl;Kv>Phr&j)%kg*NBJ1>Q}3s2PNF9^$*dg5&!nJjC(_TFvcq^pmsgbgtm_oy@y1a zwl5SIXvCrDVNkO}4bKA+U!m5Z;5M;i-Okt6z_a_1yy93lhu#2N$338jyJ765a5q}WNaN!#9{6Vp>7V%> zJynAE;TefM#LykR-&AbN*8KwCnVyJX&^4sv>NafSXXX)}O&&W=bPp5KrwW2kW{I|%b zVW%`DpFX_vZ}}8kKFz-)4*4_-iT*hG96=CrI;P2|1r!y5`I8Sx;+0QxrTs1x@Ap%<9d0y* zmmxZe_nB;VR8zvHY>E^%B^tYg$NOPJ#HZNnh@4OjV;n;L+EKipEfnwfXWQeBi*Aq8 z!vo142j>ODA5{+z4B6vu_9X;v!8$_sM>XODb#GL^VUfFJavTyT3yB&)sKp0n=@uRD ztdRMJEOMh^Rv(4Uh2dC?qv%GY+O+6E?9Ql12li)Qq#P|eu%vjnSlyka4@C!>taB5? zt#da@>s&O$oH;zOofaOL(J(wPihXV$87|2_C$4!8gbTZ;5gwQm79OaW!vn)Nq}(Je zbfFC?4|xWX1O6Gbg!@ri=zjhB&4>qteeQRS2mEX7bN3+1K?)3A|4m^JynZ7w5TAYS z$7r{1ZJpeg1<7JpVzGKScgC z>(G?^Df9d-f0~d#myC}?{$wH1pCf-(xBu(qPpc<1`6I&*8<9TY`XO!h6Y@_wME*&e zq<@k&`}r;YNq_$Q=NR3-c0Bx(&Io3QCb&jSqRB@IXI;u25pQk%(t~SsNuf=A zR6K|(cnn`XEvS)QojflEUk*kKO4PUO?%qR}Nf|~-noR1+CDn?3#~A*UVeyC)dHu!l zh%4bl34d^Hf)gbkarg(sIfzBVnKtV?OCSGn@bUk7s`T-nNRfzTnDo+rj2w9!rt|Dy zQ7N!v6S<8$5QH$7KKFON@qXaIafr9q;i?fI|Bi?zgIksshluDd+)*6j*{>!e2Z}?S zjq_m=66%Xf*qv2$+10GEP{ffp$PK0%4Mp^%jth%J47O$eZ}@A{Nu}fy?m-x;;ql!C z4sJ(}nG@-+8S=tq5~*hYZ*p-v-5{Sf_|iE4!k_^{Px@IRM-F6kU)6I1SAjjy-}l^e&ONW|_$$5%+680GiXU*5JM~v&mchtEmo{^jv(Szw%sEYPiu)A_*Y;9zlrC7qnBR=i>e++SR`vQ9vt(@V&Up1x?eN7#c!7(IVRp^^>NzMG_bwDa#ykwgcwn&d zV>}vG*Vq~>2e=MS#r=UH61kiEal{p`;Kz92Ncb`C#SC`p$M}3&f#0bgLf#sJ&{>HL_l{22rA{$p~0@@EXdxsS<0<qDf1y#B7p4_Z6m*n7zp-%i7afu=P8lP5vjcZ-M#uE-INXJGO z1U>YxVTbrNmWC3~%H>}N;QVY%N0f3sd4eBa_dboTb}(;;+g$;+p7O|s6@M{FoX6Q7 zSeB#>9&ffw8yxB@n)?cVx%pN_zH+}~7I&oIR>M}3F`fNTt-}d2;?YxGZ-xoFhR%1c|c@(+t z9XJBl!qD-#Ok7~-yHiZ(}KAil0aEV=9r`lC=0J@ zBy-L0sU*Crk?b!1+V~2uY9xDzzc!Naszx$T{I!vUS2dD7#a|mqcvU0WOYj?#@Tx|# zx8OGv}WKLe%5#%WKG30{H*a@Xidg5 z{H*bOgcZi~V0j*FRpR+bc|Ot_h36siJj5!-^H6ynY7N2jFnJzk<>UD%c|OX@L2U?{ z(Bk-OA9Z7QdxcX&@BCA4R@IU|WAxNz+i}Ng_RJA@f=kDK-<&ZaxYy%mPi@J$ZS}8T zwxoak8w<)dMpx^pvjEXqRg3#t`D?S`P3XXQ)nb6Psu^&+zTx%Dw3XR`rf6lK`o-A< z;#09D6of~*6T0C;s_tkS7UHHww7mBmca=Utc>N<-UMO*RBClN&a4Ij*ZViBe2sUK< zRD+rLGL(2Glz5R&qjdc>&S+F;0^qw5&-YXq2|+xDzdMuIaw^UWz?Ssv28&eU7QINf^^Vjv$R2UdHf&MnE)563c6HY$#Kq`* zP55IYNM;S$n*Wjc``WzmWICi@_aIicO}|Fwx%6w&4-b`oeb7S|+n1qVJ5{evN%ty@UUd#89n-HwJNlJ4n0~#8n2{aOuhVB^c>?(3 z(yzZFCpq1p_D$2T;6$NdIw=^)7_UIXnwR2kVMW2N>x_b3?NYF7Ot@rZjRE1);wb>P zy}fU6h}V4X`_eSY@er>cbxgd>tMOhim05=;mvo(vRJxut=_+qmi+Q{h63P`L<*E&U zaD@`9&D%k30&_u%!l}9(bBUxtT#(8$=SvFY0;xXc4zsbXKU@n+uq>9Zxk^;|+)CuNin76=Ou*^u6 zntLP#jv1*@LYx9~!7w9LX1*Zb$|Y59u9Z}!q$*ANx(4P}Nvg{Hi==c(>E<1h3QH<% z-Xf`5N!6P5k^=9H7A9KJz+AA-c${oq9heKw8IMz}%K~%3IODO-ni!Z1z8Q~Gtx#a@ zGe${$f83S51c5Jb)h<~1>HeP9aKubdZz8)Srhs+0<4=w28xa$MwhGLD^aev) z-l+R<5NhnH2i72p#5L|&ROE?h79k0EaP+kz2hLeIY(2~X2zv6IQhm%hWw?(ybsnPo zOu#|Q`kl9U6*NN2_c)BkG)fp_^T58DbMePGTAcbexl`Y4+<2`79U%)+WV~l<%s2O- zc!)7a^6c=vg~rPH9hf6!#ig;d{!A@ z)T3wtGE`!Gw>34so?E|uveo_mYpv}2r|O9-?^~?b-A;8C=VCpQb zVcVWi;@waQ?sYz}B=`N#0tf?ylf4#uRaU!T6W-{lnhoIu!WisD;53N)?g7OJU$L#m zcVNjmdG)W~SCe?BejlLowaDoDefiN5!6jP#z7dh!`hCYoyVs=V_^hD~t=aPn>i3mK z^Mgyq`T7)<0|Dbpw$-gB@tKY*r5l#OB~6<5bethSiA7a6_YU@g{=cq}y@({4zw|#@r@vxEmb`C#zQ&sYfYtyYfCg zb>$|{!5Ukj8wO|my}J?uYDx(BaF#0s{KjXvDLIk*!l#^riWl)?{2hyHz6Bv5gDtV? ztuL!pZ^=#T3+zSAw-<2GlI}6w8fyjC_BdW|Xz|&rXs+#nRc!I`EAD?sz!hgdKvsbF z+HyoDTpa%6WV&w@SE(>3S?BBs>w2Hs*F;wvD@`Toh_(@}%QP+5)XgV%th$TbOfI82brB1^3Sfv;f@qLX&PFKobv(-u6A%KA){- zw!cZWKQi6^IBDO(_6N7W0{aX1O|$*CwAf#eqQIUw9xcCvGa2!9{@pkROu;q9K#r5O zSONDW@G>HEAkNX@OeHSO3NGnUK7!ebBR#^2&&rRF;)so?_G9N~33`@kTkO8YNc}xmVA*oNVg|frhe^rTA5Q=aw!DjlOQIg zw!Duowmwn;+8+!&6&>yEH)CLEi~I35=6p)+z$AnbbO{m*6JclC5N9*k@G@F{3&W2R z6gjg8O-;jUV0{&PDE>VlJ6SYNLoM%#<}xBWhVI)GPDZoBfjyDyLaEuPdo70pNhVHX zvuEh3K7-Mu&+R?rkJ|De=4;^M^V)D~Z&-`@3i6tF2vKIf#mb-+7SW0p-zfov*gXIO zPkETU_mz;grsT7b50^6_JMKAmTEu>5=dizdtP5#XuY~|nGMi2iiy!<0TdHC8G!JSw zp7<`fFXsaIjNFyX4Mwami|9JWt=koS*1sfazN#f_`XLeL?9V68lRj=woX6lzd*ZBp zf|dQ+iSu=T>ykMC5}imB=f|i~?~FL_d9X9$eAQl%+kS1W5^2;X&O`R)q$7)C}T$rmf6B4usqV+5a^^7X8Bf*mpi^zvMdJv|sWet^bWBU&Juvo%3UV zLMPHo{=_p~EcvJZ=xoVneTXF=_G!kFmwfCl`A!?a`FJ*s4SwnY zaP~*l|Ihcgz1Ux1e@8!Pzu1@HP5Z?@Y43kyv48RBE*JX|bRxajuR_<}>Hf~Yzq7?& z^gb4Q_5IQi+v%oVX-GmZmem>VtD2fW&+R6{f zuH|PQwKTG6{lHS^;H)*kI)cgmaBk?w(-z*PPg{v67QT^#lh49W_!ow!;B&P&0nFjY z)u}7E7$;~DRq|kkOLBkv9#>V1Q9q_93l<|uCaRW!sPk72L-G53#>F4ffMTe2%Lhm= z$^E`v=5{GFdZJwh(tpI9d|%5)%P3Th-kCI{2eCQvxP_mP`^E|3lbq-=nLRqoD$0CO zZE2Y=#x2$%;&MB^eUIw2ikn#QJd#z(vH1sg{C6Kn$8S7+N$zsH%rUCdzeO?$wi07) z*YA|rB26Th_*}Gy@yv7C2pp}#3|`S1PK`QAohr#|myzioMUMZ3B{f-TmLDR&sLvY0 zL#55@SKDVwe88D9lt57KiHQ9Q7P+(v?3q85*s8_{X+fdxYcuYCueA-5Sf1jbS3Jzn z(F+}ty&2%5!Vp-1F+mvJ&y1xA>m5!|w++Q(7;9Fk;_EURGy-OBHWtWez?>K_uIE0O zNL~rq;h-~A+imss3Eg&+$D^}RwEa`a^C!Sl?Y*m;g?8Zcw)nFZutuS0U-7T13%h2$2rYQ zrpOliH1EwDdEu&-9w#1$!+bUi0r2FIpS4(1=li~LzF!~RT_IcdsD{>@=qNN=>56d9 zl18WXSw7&hv%xwErLCSL@i1Tt$j^B!2a=J6pZNfnt0Y z;lKtUJO~Fa?d&{1wR6dmg|h*CbBl5wS?l?~xugi32>kbI(Bds^R>O!+TBYyEtw`TzMYU z@B`)OuC9Q~rlzu1yP2|_V12p2REs~&M~Hw0RcrB;GRIO`59cuNtqNz^2rMR5a|kYr z)BNgeZ-!6+mY7o!qPXEBRE0VGY)6jx^J&X-OSY4MMM@Bmd>|enRG${oR`&7ltGte6$Q)2kcy0GwF$N;!p6o89N4Qa(7H*Vg3O8QN8o3kj0HKY77ea#v>LAsC zsK-|mIH1KLtry8g5vL;`!UKV2NH)SggJlBi)Mh$GNluz(k2pIu3OIVLSN?Mr>HMI^O@n9d!Rp^WR(U@r#W3D`UeqH*UeSYw=srN}8oz zn-v!QM-Vy>qU<^%+|nhv1Kv?w?F7Y&fBJSHYfHHwW&rqHOh&cNWy+!ESYy~sc`t0I zCAlvlI~n==6o30TOT(BDHLz%@@a8CWFV4Z{Ds)G<^0k%O;s2B~M?8La47GMIUXcx7 z5I~Zgc~|53^j*cHpS2{nzg=1k6OyC%za>0+N5e2a29pKwDFyf_v3UGBEr!bzfMyVv zS#Qs&7k+6@oj6=4lU{B!>2*};36tLK9WRrfZ~Q@SIJm=KkLk7fbnGzU(~V!ceEMYa z>9sDO4*qYm@v;mE5vz?63@nVHO(s696+XS3I}DUv`1DJEpUJ1kcL3|+d$HovXEP~$ zIzijBTVCA+@^IgqAP<)y3n!I)@lV06^2_MDcU<=Ri8lqW&qHREna?tl!0)h(`5n7J z#g%-W@2RQ}FpX4I;HheXs;X2~HIij|IaO^zRmKl+2NfC_#4oEX#jKZ;g-(rr`fayM zr>c64H>67@evDOU+w3Pm^(gI&By6~Dz(y!8zk(VtcEzesKt|2eZNX1zF*S+6wi ze6&5YUTib#*MsDeS?`4g?QrM9tQQ-tLX5W>lkuCD-+Iscw_{Pli8WyU20)KV*01a; zpqnAkvV!XxK7(7iH@e5IJV$M!4__zgo(cs!;HGfp0IA{KP{P1=ZhVX4mezAqCzL~Y zUgRh|cM;riI?a!kE`jhqeKLg+NyLA&HH=5ofmB2F1H*H)=sV@pF;sZILxhn>&J(Em zHDko>khMVk4#sgr6S_jqX);v$FP^Pb`gP<6r=e4TT5xI5SSwBt%q>ssKn{R);Z7@l z#Nw%fbH2kRN0c+;@>O{1)BgL(Z3XqZx*NMV@tDzh1;Gw;J z#bA$p1!f(T4n~CSj4S@|bFPFku6PLTImQ*|gbvlX;yUSc!77-IDdUPwja{?k2V{92 zmVB3_XmC(Zqk?wE6@@ge!2Jr~mTQJ+ZgQ zA+J>+OcG}j_2k?{Ym0%_<%xC51S6FbgZirv(ee3&krwvDF|dFG*?BoMut@l|>0l-p& zPjSsGZj`cHjSKJ%Dm#p4(!ur>YyKDZ70HY9nyj7;Z~DTiSsfTx{Ona?olxQhE%vUg zZ^1mg@yd6JaK>*V!ZB)mp9VQ=VqQUPgH81%%_~wlul@_|!P0|<79}`i!_MN$Mq0Mf z&f@Q2U^|lQZ>OEbM1!0a)(QG)7(2YboY1K3EIcL_RmqyCjM;LG?8waGj(=mLk9%8f z^ju|TasF0!qd)p@+343G8#ek6BsUhR=T;x827jP*uVD8SbVM}xxsP?N!9P7igI}7~;9n};IAjg} zH&y%BrrVE$e7dLngEjbIb37V+vaKC!@I?>IQ&OoGdq5~6#S=o1h?(!lt8n559Nnw4 z%12OzzYB7JZ{XnJsPHF;Ada>5)j$c8vS=JkdgjsNe>DI6ATGNpjh=&gl(06Kp~wd} zCN=hA$FVd*AnA-RI& z1wN2k!%hG^l=$E;W-U%RU2jPqu9k50Zk6dEC7`2^88j`cEX>k{@< zmY>9+4w-ORmV7)aBU>Z@ihlqG5VK1|sZsxjqjHWrc%Ju?XB|lPOI&aO%g&6cvvTay z@;iE9E2OX>8}QKp5{C)I;ntDilHI8Oap#qz$N%F`u(8_d@w4^L^!Rg`8~C6WOhN`e zAeRnp3xKvJ0SE18fp0^JPpg0&Fp=wMSJDK#lB8Y;Dp=B_YvVUl0#ou4j2dqotT%m% zZ`FWz*r09atOX1$ZW0B?w`jMB-~Ng{n0)*@Lk~1-4R7EZaY_+vfOBW{P30W97{rQP zU>|D~Kr=^w?10L@KtFnoo+|$v3S=3ZmtybI_>)_$;c1w>OjjIXK8zxAU>|{XGv39=>Nr6|R$Jdm+3&+|Uj|jn( z*)BmQE%6Bo!Tu%ME7WpUA)B#q)fTQ%h11RIVh_tE468A*Hz-9rYP<&n;X15)&BK3n zPLKb4_7tB(jPqVGQ{M?OHUV@U+dOI* zrt!$D8N_(a%PuiK=|v&N+g=c2{5pP&N3gaT#Mt_~TJ+~ZxPc%4*Zf!1wx{@b1-+ta*?C~3Av9pj3%(hQ*V@)&m zcW<@~r2fGswZFacmC2y2!32!gpNDZKB@_Q;dy4TJxUgw^iZUcgogfGC*i-a+KEs~k zNV|+}PmyDn!I{@`XuO^%!?Tt`W_nu<+HF0NKc7+fzKlq{wLr zvKh=wMXzVDN&blp2ia3RvccUd{%2&Xy!fzE^4L=x=c(j2RY|p~l~T|D8MRRwh}aR76FZ%-)$`%x z34SG$?Vuw+P#t+F>~!R5kW%;DUW4-yq<9|7{|V9&C70D=)sm7snNc~Np?T&jt4W-$ z4&;>cO{R8!hohZGg-WA1xh8d`t(}MO`am4d5=L4(KZV-)S1^&bcK%sDy4v|hnPLbj zp!>D8^Ei-B!S)xutE$gc(KB0HEzaqVie6<11$J=4@*EZYh)bT%$yy5ic;X2nMA6UB z#$$$l9Qyh5D6A0u{M*paS0aTKorH`=7I+npetsA9^EW&pd+S8jld3q0x$*#d)X%Hd zXU&$LBP7YcpUTO)itYDAF1!7`>)W-Tr^Pk`W4P@%5+lL?2N{j}=MHNB)AiE+-&s$p z;$G%jj9yxQkXEUpFQkh87Qt(97ZK39nJwUoU1;g^BB!Ob^m(&Sq*e;TQrOr#`i(EB zp9kQV@(7=Yh;q1+SZg3H8@V%-SOal}dt$$8si^AqoN`XjCLz2DgbxOen% z^z}hFVI$@TtvtA_z{sUannC%paz-ff>gyX`qyU8y94xE?A;Ly-Af*|hL|+OsTErKj zCa^<`UxV|pz_fretoM?AxuMihD6$v;!SoZ6Z$bYK&jJV{Hq1U2FCWqyR^uX(hfrb%D|J>QK9jOVTZ4}fkd6kQaLm4d zpuj~58vHuwJ)l0GR!LVJ2t7 zM42xV2(@RMwxNAd=mS$ip>OJe?V(hkTXn5!9X0xi-Z=Re+RFK2n~m9c$?q`#lIR&i0b{=NdquJqoy>ofHC z1MSijgzCxBZEHH#-|xne|7+CWFGaItUv2&Ubx3}m{=Q;eT7Q4OUE0>)k3kYVVMqG= zVhrQIrN4*j+-3^Pm8n9SDLiwnmnqCQ-uNSlV229)V-cIq;R`!d;4e=r@TdOaYe2FibwWqt ztV{jwVx`8@soIp`iY(QM+P zWWgvTJJa81t>Fp(Yt`RhgV_5d_0-?L*M#|lESLKGg5wWafBz2_PZcE3Cn|YTC?mou;}ZAdp1jAuRDRJ_Gp_5lZ zkl57~ECCw7iGefwTBC*E8M%c~GE1CbsL{R|0Z{uJ4ixwcxpe0cOyL>PcE>>kB=Yb(L!yWfL}HRYv|?!o#`tD_epW42_RtZITf!OdBf zfIsS*ZYW@lav4hS+cjCS^>h0$B4|D>aEqejo#95V*Oq5lH=O zTlp%GI#d)y@-W=ST-AUTLZY}fI3d_}zAjSHM6-DVu>f>`X?`pect(p+Zw({P*mK%q z#+YG*2{P4tt7_5wtLBgS&Y9>?vX5VsneVopSBTzwW~i;UFj%&RH*Kipk&Z;*xZjA= z6kefPleQc3o=c45T9&!pQ+uuC*~B~vXqmPk62K@u@idx>d?EY2+HkNy*JDDvm&f7=&W~Sl2civH>Nq(cwIkm`b*RG#v1324Pi#}5pZK~ zRnP}t8>fI4y9#W1dYI6D#jn5%b2k2r+>&viSPF=a_=62MV8Uaiu=lbCITOJ_YSx*a zWCV`QHlX)U_d~9-2b6Cnlpkr;WK1UOcv201R40QU!olYT85Ne4yDVNn`C8q{0VCH6~pz@hS!`ne1e|H5kXg8DDg&Z@O$8`(;oB&I^-$RBGsIfq&V2|8RG@q0z<--55hF< zUy3jR&E?MbE5ukv#8`>3V<%K&hd7315Y0fyLd;mqry^j+5*AMtygx=^#v&sRw7+x0 zq%Go^3rLy7X{Q$ZrKE@n@4F2c6|(`2KH>=MZUY)`)>DgXv4>l7{L&X7cZgYF%e)FE zcr}TA#{4rd=_Q-=it)&`paKfqZu-N2{fqjiYxl0x9~mC{iJ$*b#rrWdCmZx8;|zV{ zcHgR0&Wo(IWR-7YFmWz+muOs9>z)}kepTWDjlSq1Nz&e?w0%*U9@W+)o|4IaTIAn* z_2f7h)VJhw7*OtJ3?s2s)bFbhGlheA=yVRkum@589}EI+L#y*V-T%Vyuo@w}9e9}h zunP~k1z35(seM;r}E>cvuEKz84;9^Atc(=F=%ae80j5 zh%=CDL7=0#w87)J41gd!G`*3X$~nKJ3BZ7D*#R)za;yg!e72c^`FMx?NvH6@VGtm^ z!)ON(e=N5FLIzRxB?r+S7zF>P&F>p_R0?`nEzA>Qm)Mr4&loEt=r@>FNX5brk!ga@ zBXC1qk%9%U3z8Q%I2eIw0k{Fkrs6OZ2Q0jVh&*Ik3ymHBN3N+F{BSMct-WE=Y_O^} z(|Va=TJN9@0a-dFbfMkZ3X)Ny`7p>H5H}qjt*ONudSqp#mQKgthSsTC&4z~7YAw8R z;i}tUa34%u0Mk=&7uXt=>8;UhtQwwP%RFPWZK^PICD!sp=kUS!xfe_T;syprG=E@h zxR0$0C)V42I0Jpy+bt)0^yl?ppxTz-Zf>_9$-iP`&7s88Vv7Rica%RJd|7lF&ln}s z6%Shq9`><+DjpVdo4awCS`M$s*~7z%xVe&;+Tms^7N9g%Lx;aHSEJ1MwvalkbXSaQ z&+cAyy+0RL((07X6)H78xg{HHV{=2}mWI}e+D+5&T~8f0{hVCv`J9EiZ(Z9qkY*tD z7L2s5&AW-I+7_rwqjd6c`B!HdcOhyjX{n%gZUXJr*RkwhY9q+vC-i*tx2z%YE*q00 zS>hE0?hguuHzK_eW2^VxrW`GPBC_G!a?3aI+t7NHcI!}YL?+cF?-5kS&pe5quu%sJlKVEOoY<*bPnX%(>ds#+|J=7 z#-Uzw((tJ#4ZqF|VuCwc=bL+`8$Ao98e02kw^r~0p?uU5=bLj>bvB!4N^HAMz^1~j z?qjst&^qYG$>vTxAxglI8q9YgxkYEbhnf$PxOGz3dwJ=u{S`G31pgp)qKm)8gWbP8 z^JOLuTJ)K~e&(a{>7Zr8fU=AqyY(|Be?x1zcI%nxdVOX+pH~dOXvFYqMhu^-Ft`mU zMYJRb<3%V#AYd8?=E+vAog@LTI~bBc#xOJq1gXWrRc3XKBo#>44lws|iqNh)xVCQ) zoU*y4<4FXlWf}Ki76hoGS69&0alsY#v<)$r;k$R|)^h9O=mP~zT$qlHhWXQut42jx z#(C+gwT9O23*hP|D520gyJ3A!qPI0xG3@Ys#O&z4HEO!70_QcR&ie(ki1L$ajgs9q za!BAjk;MNE85}6iM0wisbHrXh7g3!MCOdgf5%6jhJwQwKc{$cPJ%!kY8QAm{AOZ)Q zUO38bfh{IOdBCdC!yESXK`cSkkl#{?WrBU*kHF@`Uv4graSi)=Yq!!}vZ1MujcoGF z%aAsb!%&wJ(UcmWF>WyU;dhoh{BURVQXo(RUQ&xQAl`UmK9K8z-a#lRglGMBvrMCt zaO4x6&|j(VanKr7AL<&^d0j3=U)p8=u1(ix_peXqb$(9&1Q?G>*VkVGW2d7{%O|?* z9~AcXcn=5STF@6rtMloLaZNkrUu6Ckr0c`{jp=->-uZL*N5rXgqL+V+=yNfn0wQk>~J<&z$5N@2BDcmUb zl-A1Ec={A5UsE1^=WB3@v-F2Y{LL-AI89kDX zRKh6R^Cb%27I3S(VoS(z&!Zf7C_&loPy`1OC8V^50_?h57vXP?HNoko4fYYd=x_uO zws8b7PUxh^N3(0~Alf_D=vofxP3u(`zCpeUt8i@WgTs(O_=mg~p&c55F$?xZu{Fi% zsbB>)p$O_?Re2hDi+6&70}CO-fglp^Cgt2k5tiFU8N(FHI2xdjzMqIa>-ic5bIoZ5 z;($cG213ydd#ld#y5^?jv`KZM;_=hpado?SU{$Rsjb+w?V3c^5Nhh3o)+H zf&!liM_XwroD&^n&7nM&FB>o|Fhd}gjeN&hlL*m9^kQq43ymK6EwQCDFQ-`J?Rl~M zZf1oK?dCl#M1MnYd@FLKXZA8toLsurux10ggFE$*7g2?4lBdGbt55d)YfINfz8^}S zg?T@#D59xZJ;K}u)eg?nP5?^Gq_+4eyz|bc7JCG5Qd9nhY#9@$t!zx404tI7YH9JY zM98lpJ7S%TKoh& z2=`N;mu((}L_7Ja=%0!l{nJO(KY^!&>l|E#seQV33Qz7sc=^$Xce%=^LQNgqzqs;g zIZET;e(N{Y!M)VDYmry^)Lx9DExH!?%Z<=_IZ}G^4pBaZlMmX;CtMbE`T|$?6bihi z#s0|iT52q=Zi0YUlu+&A1-l+GC#peatBWEdae3RR-W*xZm5-y9q9L{=a;bSLDs@CE zB29*DSI9Z;b#s(h1{D}jf;|V=fPUwp;=?Gf@~W=@YY&q+AyUP@(q=8T6--PpiA|o? zGEJktDnutEd$f9BlNLklt*j)FtD8-!t$I;yrNyZNLYX|tTY$a>le2M^i<=v&D}=-b zom*plKbRb7e_EMU#2~YUu|}t{$jMhh-+{oTksE@^3vy5<=b*gN*Q|&;Vcf53DiLU$ z#H&`8B6rH#@YO^z5Wrf zSN2j4m9`?^#2uie=BJozZv`3a8~yiHOC7M$;?2nFbT~c3`N@2%(5*n`4<``96I23f z&D@32Vn6d#qQ!U1eul`B1)x#e3I8p;GRFzKXTOIjnOzZFrW4IBfFT)Zj^Z${CNbTo zvz$4W1rNLi^7I`?t7T~!>M-_KZA0v~NV%;SyBiKU)=BA^u663!W({`g;d=HrmtZuW zH<25hzC?1cUvM0Bh9F8a&)uq*rdQ(|p1V~Ytr$JJyjrn#d#ndw@`2~n&yVj@C2c8aux~osiAtRd_vbbY~TG7D@wRZB_&h=@r3tat4-ZEfo zPQrXlxjwB9dVVlyhony%atRjk>(r;6)7OR) zYIs)8RbcYRKRWUQ&-#9OecFW=a}fVieOhFq3lFWocHv=2k3)ushgm#T@RMNsG`1NecI`LJiu`OYy}LzxKn^3hEaI! zef|@D+F6rrfRI7_xAke$&R4KNecFy+x%#yHTm=h5rDKz*)yoJXQUD%5uKTmfK$MZBogaQN}4)O>wxX^a-X4jHM> z_#u8pr8bQv*)^)v?nc5Zm`62^-G?L7K6pU0CVB>>RBCms^gmIlVNiwUVAcZdCoDcBb8z4PokeIgnq8)E*sMTpm3DnpG@x=2;{ob z(B)G@*W%UCDQxCw=!l;08gIA3)jLQ-SLkTy7EDjK>U@Ih(lfV=X{ZzFA( z*{Dlt=xU8A*C;|<^()%cS9Yxr8V?lrRqE&3Kw;AI_^&`ecW=7BuSP$2S-QTjMn9*e z>-%c-bB|-MrswZJ($AgofDf^6qTlew-W7R|l3h?=r?OCEXY0@gD8Wr(sNoD;8`o?N zB>X5bIE2el!xpP%=<6byT?jIPVU%CvyaD?$TizEnmj)lhX3fIaOFYutNKc4$AnvOo zZl##L16fYwI8OmBUL_(M%Eq0ZYwIy|7 zL#?CSF>Z9n7~Ke2W_yi>cW{tSLQ?XYwapbzG5$$fLG-og@2)xLf2qGainNwSQ&H%T zzXJW;v%uu(`o04F-2&A2<@9%_%YN~|&(R8ghI`-#iUg&ui})dZJI;lgEgq=ZLa`@Q zbk<;ZC)m=tM#!;EfJ{FRU`Gy1mRkL&l2hbP?FL66NtXM}hTz(Rwq^m{hi zad)bcP)3eT&-7b(PV4d7&-Lc?T)!3FjJX~Sy&dOTr1!uip1FPCeTC|(vTdF2B`enHkB`KHo5Cg5F;#enOPtCT{t3z4=%nWuthg7A;r zY2M}3T3e~Dq^?%M)+IK+vk}xl1z>|6Y+DWyd>S7T-@apy)H=pRFphkGTw$sQ8M~INltJ$M#!tgqpFD z9zX#=I||>(nI4cHYJI~6>1RD4Lx2{Z4oq5h2kKh~jMQWRfS$KDyVIY6-vQr{KRn5J zlVu2M4)~@%u$adT9B3t4_Dja4l}hwLf3)`!O7u_*(L?SBAblt~nQj+#B#{}S2T;T+ zII`kAsq+bZf5ihR4bj8=UP|;(Y5W8il6NI_*bFd)5TBPe?$lyW3Q*qTUxubAcE~qQ zhX0q2`%+@`>4UVNycTOlcI2elpPSV>X(_Zz>JDCQ zIh_B;mxjiSFN=f`Z2)&lT!;&N&F=#;5QGtZtig<9B*m~9Kuymk`uGudcpZEm|SLZrux<|0P~mvm1L>}XF;MB9V>p|#yv!&_XMrZUue z+4yiT0826b`NnrIS4{u-TQj9^z$au!c-?EgEKd{SG%bk<5Wrxy&+w|nVgF$WQrH(M z4L)I!o=63cNT$V1V-w!aw^Ij+AVP7M8u66gex4m#nP}J&}o7Q)mx`>9(E(D z!jSy*08xdra@Nb_C%xmr>_;BA8ae2NtJy&b!tC*;Lj9BK2?ZIG9P=jtYE={4wzDhBJcQfWEgI-}jOZ?a} zh!y?b4GrzSy`gU|hif`O41s7W@)vPKOT4MvQM(V`(4JdZJJ`_A#brbPwY#&So37%9 zR=2Q*lILO)XJ^EMF|h;PTVS^!Mdji$%p12sp>g?TaKVQD@hvzRA{a&tAMh#gsuue- z^5X7IWhx=q7h89dT$qCBzd5*%0zrb1IVfhhw5O0v-klr9bo@QjL<%ja{&hk_rYi(KC8yrzi-?7_oR0FH{aR6hyuj@I|=)DbvUt; z12d09<+OH!Pq`CT+S$X~BtuVRAT^@xpccCc-9=wu9H%Y=pU9rrv8rM2L}U%Hohn(z zBMZDW%RnIMp9Iocz0(+ibuwLZ(uP?yI8FQr3YVvM4)!*Qx;6w)}VQ&K`!Ci4}j$d}S zkJ~vLyStmayYa5dpIt*rk-{?IVkp5!j4Cicfemgevn0GwC^;-#vR`l74{zifvWx?Z zRMZIycyZx0gg}g@x*TtTJ;^rZv6h#ZZrI-zDMU2d-x6Cm2x&_2QbvY{e7fQWxCK9`|zjO zvKe#9{bPSGHNMg1cirgL<@Y+{%@rNipBy(gqd&=U^E1;o)nk#H)Aa8Pk7riL?WM;v zq08^O@vSbu*BOU*{QXeJ11>OgyyFIBq|@v3hle_xzw~$>_;**|b>pX9ey=lTb^QHn z8_)C0yXtSL@g@TDbPkWY(cIAXXv0|h;q~gFiG&~PnDZbX>kXrW^b5{AM@sK(LRe+1~ z+=E!hZ{UOY2Tx!tD*Cc?s^Db^R;W_VH+EhE#-)oui*Tt%rH<)J45=_!mQfgooJgvZ zFw+z_rzzCGL%|mY12YIg)?Q}sao9%CCn%%g+7LW{LhYpB1Y-+pY*<~&m_QNKL!;Ko z`ijz#Cx2_y=u=LWK4Um%oLa`NPV}ECR&?lW83VP0w}8XMd%UfU1_QJjC}sfolHGbk z+ZEc)qO!vsoNf0htgYx83HS!NvnSwFXMSIUD`h<^JsQ z;k=Y;Kp3qTa6AKf$?PC&DDhdi?4_ngNi4DR>A0W3`qK^1_OH6J!<+y3FP{|(Ds#MHhj|b*h$`|;@9Cgeg zJDqhj;w^J*;Ai|JtinnYH)Di>Q|jf-L<*;H{V_MsH+V7fG2ztB{$==v%|ZA1_kt59 zf#E;j_(vgXYgk>RCu9C?+@y(^p9eP@sBdB#?>F!l<@eydo_f#^LrCOvq9|cbyC?4O z11n{zyLFJ*COLCo1h6m^%}(xbOe_2z#VX%A4Vq+bxuEWA(gROw@nidY8Th4c>+p&f zVOPWc94+>jd`jdHcoIuBByDwj3|2pSsX(lA-c|O{A#09p5AE9I^5}Rt>u{Q2;UeqY zkbPR=m6>YfgsD^Q@{Zwd6lUi=0A~=hp&}0v_kl(UUDc2> z+#Rgl1V=A`@L}`&V%I9ae4_QdHXJnfchlkvpt>|yqeM7ykKe!~QfJX$aeBeowjb{*UKQL8%t0{7aQrRp_(d3> z4{t-sa`?>JBJ{(76HBXOd#@|BMmp=E#J-S6&k%W3>2iJTkV|?Sw&y z1`73nsm1#Or6{>V31aXdoR5VylNc5{Vt46e;Q4O>!e#3%jeOL#v710{`|+NJ0F78; z$}Radqc5loTaELD`MrLuIcDz`Jl-rD2-lcK4%6-RQYIPBR!WxXh*z3Ap{E{SFUJ#f z0TFSY)E{BH_=jF>)LWYPh+e=}`miLU8U^$`#EVMoGE&z|2cj35?*Zf}QJWW0U5aht zi-tGhIs#w8CW%^vC|%?OlDXghUI{XDCj!gmRV7LgZYzfnb_Fn=QRYsC&a6b~y0zRe@~s$qY&_M;}uF=gd(VkLQXTO$b4m@MsQO+`(;ZWdfqzYkRJGO$o0 z1gu&j_^-+z4DMa!3qpUQ#r`DF07Ps48c*8toBj3pO*~Qm1`NO+#iNwuIxa>+TMl%Z zu>d~beEIYf;HHy#r~Ru4&X|i*mi6qbf0|cLJT$b z95pm5VxB5A2g<_Bipr|9wD=NkIXW&GKnA?1S5NRO03!CBv!oastF|XtMFA1LDqYZu zF?-xN3M+)t(ayA3-*)qg3-JWT#?!ahsoR1FJ&h2YG@SkP)T91J^xOF1W1qHJ$9d5m z=(VQ~Z{BL;bx-%mUOTPyEI>;P=8zb7|*T|go3eh2}2L^5B(SL>N zQO+DLAi^4VG;?e4#amd5cNcizM45baW=jl7iQ@9%&j)BSaTkT7LBNJX+z7}`+RPDH zTat3Bp5*OJz9mt}XeD+$N(<|0A^}i89xw2tEOl`T$#>ZRhZ8Y8 zoCp|#K$FXifML#!eSq0e%*Z?F6?uV$*oMN4@P%n{M-dY*kzLqbkg&N}ZRmrhI{q^( zfO+eOoMIxBB_68iB7QC24J5@Nsmz`7l$`a^(_-Z0RY%8_0@vF!_hf$*;a| z^EbT&WxNgkX0z}&aLBZo44cWhuC49aW$r*k z!cZLaN!H~aMCC%nRah9aH>TO)ujK?1=^`8^IGU3Iw_aF`9L22%It5y!hv*S5mT;Pn~%}e~DW+RY3MrFpsMVJE2hQIxQ5CbdA8m@`` z4X30VGPIwPf4h|MEy2?cO-S<)xGUlbeBtE?pfJKj2AU$nyi=#emID^hnkh#R^fx_W z$$(zc3K-`p!^5gKds+1jnR|2_0|^C!d6E9yo^Sj>vFZa&gkr;n-EC}`W`pu+e38Lt zKXxf$7kst=H?A@e7Td#LXY@LLwnNVmXM$Hhz!+oTVjrlCA6EU?4zS`NULOxH@$p4k zd=N1(cUvv9fCId>AGbdwxb`L#WRZyj+9OjfelKysKLi)Bs)NdSIKFt_y~ul?lNVwq zaD+?3;H;mZVZA zY=g3DaR2JRKo4MD1A!q^Jvqzh4Q=ny-FhHi;WgTMh&V0uaxHt_an%MeA113C!i3K?>WDEt2IfE<+ zAJ&*jwwSuv|2ura>)DlLbrajIZ@Lh>lo!E(5lCH!qrzuCT;cjGuYw5&R?X_KEgzY> zv8}Sc?S?s<11Cpbgn)gyFQvED@4G>}=_J%0Oy)H-wFR2AA05q>u&32(oBfeA&aBGL zGAj6|jDNm`Ka|k^>Hy@v2-*#cfZWTrqnL;}QZXg7Bx_(DVGXeQTlrRBtB=*o%Cov# zIaaoX(#>fQI#Gep7zYHR)e3~pPlFI5-YDCY==ZGer{O4dqytB56dcXx3kQz=m4>4$ zRX)Jc-xVB9RQb5{zQ~7uvT!`s;*rAcyFr&6d0mG7iZoMP?$_X! z83|L%xRp~Vw-Av}?k?U!AnaF40z2j-5Z4;#$T>(+ zdBu>AP+k>fRRhl|<<)cw$pIM@pcezJzM!M~5MeQxed4nk$jHy1R67C6t6>~pgHm2G z_(M2(r@$2*b$!wNt8fFbUvy1HS<%6kSik14#pb{m!L8a~V3w@RaA}HwAQmc`z46>V zSRVC(^MMZ}h&Zx9dXLMPz)3tatKZVH?$JJqZGJEMfe7&5HCheKNOA~-;oiFm+>q^@ z)ZWZMI?&I$+Ofx>(xxo}#}5@5q+OKyv8+xUETnEgd!g~0G6jx#Ts0Yyqp!iin<$PD z;z4oL*ECuGGTwRmvo>q6QpSAJO5lZT)vm!hhFedzOQBIA4G@@|&+G-T=vH7+w6WXh zeU*a!2T%>p_a69c*nykYo}#^PDY^V&M0F=Yu1A+>K{W$Wz-YXB4WS}6;>b%0jL;yY zatm7&EJ~x?I4&$guDOkn2#~d55`bK>b&5dZQYaS5z7!gN#9^{aNCf8hK%%6&aZt6B zgL1<+5|BvX#<&Z=T0d~`>AV1t>HfJSqLH3@ z@`ijva|$5Bj1)&D5~WmreU$`sjyh!m|?1b+Ki@w>EP+{k6|N=b!9lCFMFTT7KJBNSL3cIX8w=9o?RdH=T%GG#pJkmEz``E#bf53m z*4cD>mfG*+?r5pOU*9a!Yg{APu)55%A&n_deCAPLUbPe|8m%VrWN4!m1i23gi{xQ%UG4>_o|a;A4p~g z6K5W%O5hy2>Od%UCae>m3nf;~d=rfw#U`o|H5{#>Q5p#2IJO|a26xm3_RQ&R;R1Wy zH;1ZAL%#jEfF5Xt=dKGe5(r_m@t*+ufqz!>pcsWaQkZpl$S-K3fu|{vTgm^_@wqP2z~`xao~p%Wkw-^*n)y9Efe8TX z^{;nx@bjnu3#>GXF0rjNUIp-g6m#0wNpPr&L&6w$$W~ks)p`^z=LwqHpu6YIyC4hC~-cn*jo-?rO zh3F*CG|D`qNRj(?CmLoG`bo=?Tj2fmck6y*`x>#;xb1_SEaTfa6dMW9_)J@kXTR;* zYHZmO&;b)){;F zC3V=TuR;fu8lAH%2lmOtM`h{<3>TCd5_VAhD6Ddv2f6z|#c`ED0B6=m5vSh_V$oqd zuk-`FDOiMvI19@2KG3{!gx2L{IP^Y~{Mr3b^9Z(z@y{rBbj|8uA_KEMAnkPB$Y>+jgV z3eJ-QJD5*|O0)$(;yYR8I8Tlw_$V;KTtH$#siyY$S)_!8_yqK~YRo+X(PigMr<;8 znoAp6bfjTvuU;80)qx}+_^lR`3&>#S3@PpqRkIf7JM&$DHI2=>PmuPs*i(2x0m?Sn zdbF7MV4RZVh8o^IfFShF#OjF?!`)8fCC`aRW!iZ}sij_h6N{#FKw00aL~#%*63mfj zl@Smga$4&W8eZc(lsw;V`VuzX@b-Za8o_^1hR7siH{%SMJ6*bg0Xa=nC*UH~um)Bi zdowB*dkc|lnuTI|fn5OOi&b0_MNs0Dk<0GL2HgMwx+HCZu?Jto0;3g!s9XZ;*2H^Y z^t9Vnk&NJ2_Nkt#0`}0VjE<}?R-m|w$q#5)jD*LALA9D;eSwi_u`$>N=6z0&V1Mxx zFp_sfv3>xrWR{tapRT(UN?02kHoYJR$j|HN=S+t61%xB8ebC~+!7o4Iic*+j zG$Ca!gjzxM`yk5;C7JhFUPz}GIlJS1bjsM12RO{_JJTnVd+W77P;o7a=)W3i^N{j3pK)3Faj zg#|8h(L}%V72wagVm`q+!$4H5VKOA`@c%i;Jb}Gz~ zXrOY#E~wg`ab6aS$&3rU!e6#$KzTh4;7Fa55LLj&Ej_TCdwxayK>=ksH~R~80Sq@xo&&@T2e!bf&!UxNc2JcO4+;s|@0nDUo}tWND+oAZwMz~aD;gZz9Jz#}p` zUEo47<7ihPQegfP7zJ#)r%?1sXPcU1SqS{Zn6qtuqCn8i!TbbRnA~A!DANkv;Ud5p z3;_vLOe1CddD<;csR>alQUc5L#w9yb4651Y?y5JYAkQk`()ua_a*_??*;BvOnL z$9eGmKgi`TKqidYGxyO=YIlr@$pK7@Pia>V%_r2_C~m%12Dcz+n@?=x<^+O{og+Kn zId+X+yDbOt2w_s;1z2FTCZV0Mr+6HlsQf46K0(Fdz$xN0S^eA+HvQrGeG(_8QoC&p zkM9#bGt&n}`lsQs-3-Z90F`ApncahadWIc24#iGb>Y1N=U>K*x-I35a6_dnun1Ft-~6_;thVeZrBwqb}!z7(_ZrCs47JNgejMC_#=I&HUA~kM)qt;+CpNgYat=T6Inb%hzxT; z*3$#;tJ-X%35R)jF1kgmBrM4C$jNwUhC3K;q+feXAso_9i7X}oB2#qK z0)Ao*-eHoC$074^4KY-9MZa`y90YDCZ>|+{3P|Ok&4*A+SSFLwNI<68ir7bw*dkB~ zX)>Iek@Fa7k~P%bJ;e9+-i6V*eWHS^3G~W$`=SHDupmYO^w&q2r=zINZwB+^rMBoe zyu+jhACfJK`LIa|_gi0QzsVRWpU`5zlXaric0(DgIc{sgM%7}=WNFe-Z@9lbJTCn2 zGclU%*I-!-)qJ&7_~nBmL`U@GY3UBkN@hVRB!&_?;!cdo`7^G<$jk%FJO_wt%`7~+ z{bdJR&?$---_qiB_*fmo6sOyZZ^Jj4=ya3Olp3d-OLaht&qHzZdi=pOg&B9|0ThNI z?H96J_!N10(XL~%uoG#VK@WriI~{uk)4Q5gKqFtqUIFfF9(#qIbNtqo1R4jr60cgb z5v{`dp=-RbbM{!e=;jWI5@B2PH#2Z_OtTgKFR0K%A0&)+XHzFcb>v) z@2pU|b32I)##{MHYg>l?2zvLf?IB(R3oRIqdJ8B+)*3rLqLyFTL(DjXx+7%|aogS8 zMu%h%F_Oho1-%-T!l=?HDx$&&MhzX_<*O~aU2ukD53vL(+Cyx^@0YcQ_>IRN;{O0& zw1+?^ByhPeimT-j69})ff`}eM{SM3`hFXYG1)Q%?QV2P~XF_VkkBsj}<+KE8fNoqu z$QTd*t({@STBJkm|SvB2*a2>JdMO9YRolv`KyuLeh6C7}4XY8Kbt*;l zlz3Nx1k9NEgC)5|fj|}ouqI_o~|+|fm_seht?jGe_lxjBGnywXX5dj@~O6shIS_*Ev4DXd92b%%^W zTMqj&ShwtDqf%FOVD}BMgoW;>a&L=| zC${C8;A<1zh94_mXcEtTTR(+Xmcc>|a+bJ&rKa08k1T*Joej9t6zK1ar??!L+wPIsqR2*1*7UB=Ch z8L(ZEBbQlokig_dk5%*efDAkOSh^s@uJ$-nsLvWezH5KEJ^hi5){j^jI*@N%it8YF zmY|{Cdqmi3A<{Hg>k}r{W_$JS|pKp+-AAY^|9N=eY%uz~`in?3_o+cwv;gZgdrz^bcPn+iYyW-Ae{IJh8dTk{cwV|*16N~Xy12= zB`GiL*mlydy8iY9PS^JzPTt_GP7etiNEFgW)2k$v?mGL`S=Tw|=sGWhH&wpcU?O9P zW$qAZ;R=J*Z|~r?067oY2CJ}eJv56|56SQ6RCW-_SKJ${Rnw-mZ(HexU0YA{A2Pg- zyDh`ByZtA(w6e23Vm7eY8kj1k#~9cnT8!O z?SU~=FagaOqC9>Cp-CfVAZ#O7$`Xn0!^u1TAA4^C9#xUOji-||1X*rSA`tSW!axx! z)g85;D=-RM2C>P-hqD)6!a=pL!6AU1GB8y9NC`N&3#}c-kQ|hlNROhvp^MOR!FS8* zBtgaUx^s=gh)uXxUK9{;Dj3JE4rG6WH7j2wlpbi(qIQ0Bg+@_8fjw59;=)Owf zb9^W`0au7eMf_E+je9r`?G`+bZ%UeTYx8yZDU^-@h?hZA*|i991+r}gp9#GR+lL32 za;*(2Ted56!{js;TY#GL2o$_f7PTx~GxZ#C5DHe_xy3&7J1eX0C4Yx5|

H_m^I<%l>_B1 zF}NFMb(e2u0ywaPKmFGxme{PD9D`pl7)!Lv@vRdG2jhm?8<=r(t19ocg-IMD*K9HA zs5x#6Mnee~4s8MyC|VP)A6+v0hHE(Ep&T5>f$rk)?TGW7pTYeHF8{gCz$8JbSU4^_ zGLL$9ryX_p{)h`_IVlHAK!$&WHGX4$W0RKeX#C98l=3+40_-i3`^byQ1Wy-73GRD9 z%j1@QhgeUcJWVeE=Y1-|f}*F^!Hjlh!5oH%zF;LROUzt_VFimIFq%)f5Q~yF_1V;QF#Cd+Ly>X$rX|F1Kf$0x=x*3)C99aRCSy~m4^IQn z*i@(eDT~mQeJjA|tDS*-LD%NKS#s@7xHf0LOicBDx}$iBM0TZ?aFjCmjk(ApTO)14m#9GQhw6 zJx9UOL{EEsrg(8jQ!|Q07#X-Uz&#(nl}?LJ8Ma?phM-c=!})<< zn7U;B+Fd9+AHFR$hD2>m%jn9^a-rUY{m?(claPj-98y>Jo;4tLQW}SXP)pI1Jy=g0 znpgr-fC_Lv>WN5bj#$!_Gc%436UFq5wF*zZI5A7)QwpNjnWoVV9E*yWka21zwsDOF zCr^fFWS|iJSb;K*)3I1F9lL=Wy57O!6sKc3m=3uID~m3p7t71J-} zWGr1w&jwQ??W-(;WJ0g=4#GWEp+P{CAfrCK#W`-X85>JTi0w?6zyURmOMHpsVu_-pW5%-sqA9& zF0ptn&h=lLkc%A_AzXX@QR)Ju7i&Fc6z>l%O0Erifd4BByotHCqny;mDNDzv!dG8T z>X?#~x@Yl?NnNg5Gm6yC7N6b3=fqJrh&f#WqHs=Eif?>vz?bI3`XMMS=5)-0b2`c< zNCA5DbL+riPAaErDi%Z`u`%J0hd;lM?j>g&SK%ws=5>f^2+z>qoTkH1ROL8Ph>7Lw zhxS%>982fo>ul{eY#bCBc$P6BMXQnlm?16e%*k49PYY(j2~@hxb9+dUryqs` z#4IXXd(+5B%%W1XXTlkIGG(3SAVAh>yp0)FYS&*D1|?=u={7HCQ2_I~0OQ3<2q9$Y z(YqizXHg6BEh}Trq7t8$d9Q|p$2o& zGNq-8tt(k)DbOLxd_O!TryVG9{dz`3T9lAK&~l zB%`oXRWalgcB)Uh2>JNL>ry_ZYyaX60a2D+C?7FB=S3fw{ZT%0P@$a)_i%7!L1>J% zBggXm_SRy6_^-`Wg#>`!iSB4IQ$Z#khfJ)}tyCCC+<`)2hN1@?g>{a)OE*;U{3l9A z=eQSy|6We!!80^e{pL*D7Pd;A(op3L43~x~XQ0(^X{dTl8Xtv?io%Yb(lq)^I*$%( z+T&d)_*TJQC5=^=gAMM$Yl6{eCe+|c5!(UrCyZ6s23oxb{g4JcSP2L=EZM5~8Pqp>PR8mlt8n8vE-FQTBcyAch_ zM6QV41IDT?!dSIO^T%Tac@93Lm~GfjH6&c!u$`)pwWg+>3Z0#@LYj-hcB(y%uv7iA zUD~PkX`?WH3K1M(r&@?bbY?rTj-4uy26Q0JMD2W}i?maRk4bM-<>X$T6(U7tL z0+!;J3TD_A95z$QO=++fLzRY0CS5H8gT#*nD#U@FJ#iFPs1ui3X?ehIIrX3vM3o-OPt<`${nF&1T+Dq z@D9W%;PIw6GOC<#b_@QBI3<|VDn*?{4(`+hnv{6IY_J1Da{ZUN0z=~AH8GVYrTy5| z>h6!3s<0nV?v6+Od_O<@tmQN-CV|r|UYXYt6YO|r|65a2CRO?5fi*G8yq%<3=0Ro7 zXyh*zoLAs%weK)ia?o>wx}>Ta^k1$D5(fT?N$)MNP6&Gt4rKf;|0ibbQk&Bd_~>~e z8-?TEd?XAO0B#tzXS~yYGnOj1d&Ws45$2=qUPLU6zx%Z03n54Y@$%WGAwz?gfu3_0 zLao$U9=x5tn6xn{g`t_@=#T3*tH`2yEFxf;?0v3?y7HLN0=MM5dBX z>8J%*CvtfZXa=%F%M4tZCuk3;IPS&)I~Q{I)O?43@NvK5P;-x~IKlv@?*s;8yZZ?! zCX>W^SpjlG+uHaMoP*z^g-VjsXeefBMSDI0#bT5ZTO2qoKW(GKceJ@OyECZ>6GyJP z+U2XN$y4qx%~K|p!lpQ~#>w3c`>?UR!ls_|?Lzr~^qt&1W0SDRIepbN&LfqP2A1rY zgUZbK$MBK!Sfcn$5ufSeGh2L)6rW?o=R|xKK1K}U2l*&|EC~O2FZ`o4{9{A-M^*U8 ze*C~m0NJP~&UU5)Ar3JD9kF2m!HLeYU3Qw%sIrRebNcN^A@ThXKgF4O(z|8jUogO>T`lp?p(e#=??CcA~PhTgWaV2qV@7@DKD4I*xXavy^6t*3wLv zt8nmQIkH4Q%KX*)9gL}XcU6v>Agxt6_siQww^o(XT9sfEdBRxreyEFC{k-|KS2+`= zJTJaM`>NyKv`~Leiv9P& zfOWzqqNLN{mIZoRAPSCJzdvn#R3UWi@A7 zVakH^rTIcdvWRmg8q$Ae?RKJ@HDJ$@QxBT7)~z#5TGu600n)omz&?2vS`nsXOTaiz z+)DAyKV#x1Oj>M@tlU_dw8rum=73qvnN=XE3J!48hZ42JHTV@pAKEJ9LD;0V8c&8v zi$c&aX~jpFwET5US~tT!A2w;pbxGZ-HI{a)iL8ASty*L2S+#Hk0*)b|RqJNcsx{YQ z)w=%w2CLS5vdy$=T_GlT@3)VzYz>7ZqP_c_1b{}5Hc1s*B9t*!qnrnn7PKx}M~I_(xfsHN)?5U0yootzeyxPWMdxkHgUey!G6Hkd<=WUJc7Sr! zRID$%Dh4M4DKf9n?B@a__7rsmu`~9V1IB#b+1iUrly59VDQb($VZFb~_8<(VDOwQw zP-)=yt?XuPJnAa3JnvOx{ZhHI@sAFu0T=2QB8|*MqgTl)`5R}h(vJEpUNZJX#C8S- zT#1wZ$bgf{CT`8R8~Cc4sBCil`QNV5e|@FQ9L2-uf=&pGapibdi}!L9vSg`W%n{#_>}Io3U=# z8q>wzHVmIQK8Kb^gx`#z(v6!7A%_!iR2*AEiZB~dK#Z#0AkC+-N}+HO1d|hZ4MpKA zXthFRpNv*{$QUn`rCun%eon&;D@;Qi*L4?Yh}MfGX~IN{dje@_ zpq)p58W`PjZNCfeaXgvLFK<3i?uJFH%AK~~6&R6%+N5Bk=$DYwDJI3->H$G6(rPT6 z$Y`WY!F{J&9M@UsC0y+Q3%K_yg)>l)n6qGK@8qtz>Q;~}2P451Z0t|ZB(=hm8Z6og zUL0^|R!weA&nV2-%Y%0s1bZeZS~KV)xT=UO&N$jkl z{QVq$i!BUSh5FD-Tks$US(^O^a<3PA#O)ly*nhkzKypM2wKEbaMm;vMCuM6R5RK`& zBAvt+(Vr%?t=FG|YvEgNGGIRMbJG?h4AOW^@Z@UiOUfsn56P1w0`@=uE8I&ky~1nUYin8n zpKHSu_F;&En8O(}H5mu|yb)RcPjA*K|3bt>`DrM>4Swq7Pm|?qJ8?vmr5>q3hTQkG zM()o-7@{87gVN`XM6(`kWj&T73SzEc%okAO&`Tz{^5zHq$kz;z^vjoJjR`KTu)bvd zgJT+qKQtVFUj6u&HW0skIR5SR;~(2)EmGE}8exK;z3Rn}7~h;w-a-0&tasX<_$SDV znR6f?Qfh7rm8Zb9>E+^=%^jEkrTtoTZ1{*e)uAaI4ciV)$A32dN8*1h{wFGJ=N6zt z;A_78S|GouDIu^_eo+I$QD_xc+Dn#?>@H%b6~abdCWiEfUaKI-s9$p93#%r%y-PYG+vu0DWr# zR4xGx$37rLk$~d23D*Sw^q>yt9gzvH3`U4(BlZ>TSiJqqR}DP>LP)v&6MV*$*lz{7 z>BIhZd$7}QA57}|v+sdCcw8jx={MNfG}xmgA4z}7$IIypXY%o4WKTYZb~Xz3^=dTO zi$o?8HuxAi$KYeD*A3ho5eh!Ob%uPLB>71COF(yW7&ie;LiPmIp>cqG#nAx$f<3K^Y?ft+AgOpvRaF=U*Fu(y11hP3~ny0t)`v zC_vX0M&r;&A`=79XymOoxnX9L8;DSFDESNlRmBTHE>Ko-=nf2@7C=?d0?DD|#sQk; ziw0=t58`cD0zQkpbwD5g!)S6d5SmwEFTz)^9&)_%;Ws2^u@S##CaZl04bmpz-U7Ny zxDzqBTHxAH1mUKMnx0lZK0Z4d+~2WaZV~v~p#AD_JD6~nQ8ixD3om-$A3|{{0wnCu z_^QHQW~A$RUEG<$?!a_`q;cSmg#91}Gz;v0D1xvr7d1XD?B{1igM9+)`WDz{8`ZbJ z`nJL4npUh)Pc`Pu0R4&S0!gI51oS4xA`77BkUat2De7`sKwlI@1JolD(4UaE&d22@ zpsOUH)wO-ksA0}$xM0d;B|pg9jm1EhT;-iAegF7nnn^tuV?3JECw3;}(4 zTmX6)l$C&ZvuK>XsA7BA3HNZ!lX{fPTY(V*zv>vL}b$+R`XM=R^hM6`2@-&N2ZF|Ip||`-O(uv+R#E1Eew?&i^m~ zr9=XH4A~RVwyzrn=$eP3ap*OXi2=xkymb!!VOZPkmq|b|X9#HZQ2{6ul$9L17K5LK zLmQxH5>P_p06p+vG(ej-i??B+P>j5FK>soU-7i$`o&#C2Gw4IjC7^piSqW$c20sfR zMF(`1sLN^l(1NMa0L4ZEs(`ks1G?D+^p4O$d(NmiGeAR_E|ByLC@TTIgTc=NXauq+ zhw?VDrl$q8K0g|u43UY^VniH7Y4k%@tA81mMcHO<79Zer^rv2{H|Yh79ZvXXc8}NaOVginl=y#yj68#YjH|}xc5?ok+q7As( zCgJ}FOXrPfw#nXltR3c`zC$;eJ|r?}GeTuZh5bLsTfkR)F2K(cdq32Mn1@Kr7Yj`G zC-DxL|6*dEBtklk`aO&}&}G8y_08YWp(inQAZZtBETJFAz~meUUm$7yZjD0Ns25@- zzY)kgd+H&F^*d}VE)ba*jNgKJl4QL7#&-=?ekx{9omv^N>X@mb$biDwAtD*1CO#x@IoUPSK1 zlhimoGbTmDQ}v~ID~G(u?T1(>dF4Rg7%lhM5#iYH;K5#jJ~tnVGftsce&7g~^(G@4 zVtYjF<40~ey@m{mCAtif5_5*!(IU- z|L%9Q^c^2H)HlTYI&RqT)o zWL<$NmbP@QEhcywylP~a!mzg(hHLoruJsuZNw_uptavY=j+w?yX(Uuvd++%?#_zut$xs|1j(>GwX&agNm>_djlVAwu% zdP##v8Fnwjcq)Vp8_uvB8O9UfWLR^CUBfW?VaTwZP$IQn41384TgI>s4D%ad&oitU z!a@(pgby*`5Ejxyf0Y3)2K>x`n`J;Z25e@)P#Msi0m~V1r3}~##Z7yk0bOLkLIx~g zKsy=mBm*90KpX?$aFBkufUBG~ZwKyO#>sA%a!o&7>yAk5!q*)^|6x3*e@QkXYIpvN z-H}l}TU_eH@NR$$0FFaJoWA8851D#5*14Iw9a3wTA%zUyq6eQid?fO`;fVEM__~~c zi!HkCO%V9@g1L~wa8nKp6|19IP+gpYir_iCF3d&K6s!ls?IZtxcTE@tp!{W|7~$E| zPSlpzui7hz#;M#<<+mr}5j)T6t1}Ufro2)O2W)9A#*+$z5t5sX`#?N>KSd@uCnwY% z`|;K9;77`P$IDK}iNh1NPC>E(8%X7y+PVreY3S=^bQse9cpYruVSCvL!tXa=pEyU3 zR$L3s4cu)zTqGEayRzs{vyjXSAIC%B;Eetz{!?_+Np=JVyqaZ zwGKz!7#X#sUeu9o5H+23eVtLk8J#$J71@dUdIB8BDzc^LLcm_BbHb^{HB1?;^(up< z2aMdEk-1wf_&C&no*aWv%Ajy5YwDHafyd83*^EJav}$eWYNM1#aM97SVq*9SV~@3U zP2x>Dk|}qCAu`hEbs}{-$B19 zp+_B^~}S4^{(>_c%vaFWTXjoB2{)UB7KecvT+Y% zB!d90kBRj~Ym0TAAC7uKWYlhA<<1(lb4L_V#}71+^`3^YZP0I07xVDa_CTjpOjDLp z&Vsty-0cWcJ55DAQ0W1FsrE_YDQhwl_lCL^>?cz8*;a%NJ8HFC{X^S#7u@vV?ptvk z@(J`gVZPa-zj;T#xo?h<=2QL66L`bDzJaW^EMW{w-~lJ_#5)hSHz(m8FX8pzhIsl! z#sfNs=9P30e4~tm=)O=^s88sMkjMro9z!T@m%AvG66zf4$h;A_dnvL!TYs3q2fLBr zy_b;yhj*;x5RFl#F9#KG@Hx~%6jZI8aRr2N(>5n7E zrV@AO*a2H2q zy5rgB;pZ6Kteq9W4=rUMn~0|x&BKm)jL|&q*(RFDXv9JDxQ<_{eUy00x}FJ>_Or(J zZ2U%UkduL|0SuqRa4_K#R6^gs=D5jmqvHn0^`qdVpN=C8;QNc>-u;<*ic^&Bw_M9c zNxjAN35!07oXFIHq>XuiE?mN@%Rx!Q9sn<|*O%Ea@;{7&UIybIYQ`x&!fLg%{z5gb zxy2(a8P}K^;Jq;Bo6d;BU$Q~`OLtoE zk7z3X0;UFjR9wfusxE%;veEeOii#gOH3C0k3H;DG8iRj`mH)X-#h;+_9~IZ}udIvz z^CsXQ7ZpEpY6O1768J-n!+)if|L&&ZulY&x9~IZ}uc(XvvnJsGb5#7usS)@QOW^;t zarkc}f^h#I-cio0f3R`*^LAM94{Iv^ZcL5- zkBaN~G3-RjzfYQge{59z$f*(d5li6L8i#*Ml?A`6srdUcHSnY2I(`m*5%T}zCg8s# zDt_eD2>gg8@K-ku|I?Kg{LZH0znQ6l9~IZ}WB7^0zoZHHZ;y%}IW+=5VhQ}a8i#+* zj~4txn~LAb)WDC5>-aJJMB;}nuF?Jfwy5}#QzP&rmcai@sevCA*YRWciNyb56Y!6YiXS;O0zYC2{5u-L&pllhGj4F6G*7~mD~vru zld)B&8~*#^---X5@qdrLNp_0ZBwLOhKhv-|rcxV!kq!IXZg<>)3(?9C55kt*iw@)J zBk!e$2Vv7%Z!y)(V#LWGfF_ulJYU7R+O&z<2ajV58=`u);PGbdRq==|bYJ2zTYD0Z zOzgqYw$r+4MR;T`JwK4S+<;ufe!Yh0bMwA2`B~ypfA=hpWd z&(D50MdRlS$m#U_oPt<{e|u#k`1x|+zu>1kt&#kE^*zanwLj|o{Aqp!KR1gkV_PPuG?br^OJ#1<>!2+4kTrO5t5%nF+4`_vl*(<*zx(^8=~>^ z%l|ZnpRXep;m`Y_5&Rte$bZ4l{y6O54j%*SvS!OtsEjmGlx?^we`4?Kmv<@h^| z;pbMwBK)P>8^O=E{{MoX?!JxWXB?_Td3!0UB;@Tife3zHAs!8WrsC1kKa=oCK%f6x z=JLyTQTe%Uqsh+>1DeXu`Ai*1dJK$^{Coq$R|G%vP>sg&^NT-4<7W@#bb5K)46z7* z@3w~cS>Jy6;|2@<{!PWdfT@B1Is-pPIqUo}@9iew9~l)ta%u#A#1in-^E zH5LDRObz^CoX&p?caiwtY6AXiqvA(Sjlhps0{=Jl@ZU(wF^u+yBbBK5@kXZ>nv%;; zP01CQVhbZnTXJgnlgr#n#D`3>tsx34q#^HATW@+XC<14+Muu#!K`Ici(mXZf3r z=TG+$(fIQSaymVK@(_#AM{I2@f9|?BOzq~U;LqjjBKh-OK{$n#Ka2im@aKVHl0PmG zv<`o^&b9F8K`hyjKQC`NC4WYIW%B2{E1SxnM5YcT{RxDX{JEQ>u$4buQH93J&k}bu z{_N)R|7q7B$`OnFdH3sj{AqCg;r1^r`1>>!e+p9rf3AW5ox1o@pGM;!9u+^<&l-Ur zu>}6jb@5Ao8Z19y3RW>R>>+aHU1)3Yr11|)c3wIJ2hQV=1#YnS)pY*6GZ#sfp_)8u zL2Rc>gTqb5&=kBtD$QA@Whq5iaz`sXf-~7V=bz&YOiM5KrCUD1^?z=`(wn zfGd1A6|#Cb$9o#ia)`&W^`I12pvQoW!*2B_?Yl475AK6E&8z9iz!g}`FD84>exlZ$ zdCY?)EZ$jg6PCn}XltFw3zr|@UO?eJ(+{>E;XQMn(Erq5E&ek+Jt)F|X5MRN;?UPz z%fd|ZHe9)KMEh_CjyqB-97621b^1TeM!wp^sJZZv(jA?y00tbLGbr7eS>e4Je69OKwhc+f`xzj3ANr7$)K1>ezTww&kVYHK$+0%86pAyX{X@W&8xd5lbs1_B8a_@+QGfUr zIS#K(Pzv8gYUwVJJ)6zK>bbP&&ae!m=h6flHAJ{0dE(gu!UNmU)od`j&r(O>vsCGX z&(dQ*)z-?4t7p~C_(e;`LhX#t^-qvFB7ZpWyk^aGhwv5>nGV>Aa}^J-v?+y80Jij7 zD%P_P`$8-cE0`jB>z~7Q7+0?jX=J3>8Xg5)M{7MMoAvmJ87G2t+F8ul^q;uT$6R%% z2-KlmQ-2B9p|U{G!32zzatZf_F>FTm*F|EUG=)=0;C2Ek4&N0n=w+rh3p!A*pp@!x z)G3is2Nu??(;*}3@W`l-)QkEB{Bb4Hl*p*t>P3AiD42sQ$8leX?uQeaDS01e&a^#T z%oorm?nchSH>kW$q^`WbT}C>8Z#dG+bs}xtZ$#pK?=q+9bs|kaU_^T0H&HvBoCP-w z-LWcHkFJyTRE|}1EX}oEKcKtALO7M`75+PjAicKs&ydi=JhSYK#x-B`s~QZys=?h* z8#4a^OCfcei1zy{Mgf`da7Guvl~xJt0>Y80s7_Hh-*OUoE*zO~qKxolLJx(zmF~&p z35qgr^H^fp-(*GDlO^dBK|7g!*LvBfPPQbhpS`z6WPi2S602_Z?=yS&D#d6O4@b6< zXMQ)B_Q=6-q*v-hI{UB@sX5N41VvIjH_C>Z&!}Ol2U>TViCRQ-$tg%Hqq-xb-cT>< zaCroy^=Lb{`rGG}xo{Cpu0Oshb6%sPlI|l~slD|gDx(jOp$$;+lkYT~k$PoI6|z|` zlB>@E^G!Sb&F-G!&0FT1KL*M)oA3tCO6hP`>Vff2jFVlZv(ilfg^SXYgnN=ge_}Mz zKmQ%^;hv;F?tB4pFpm-Mw!-Hq)DpSHBR8lKBCsuUf$Qa}(CrA}Xes2Ee>g^!$r$VD zj`Sji3`vXHP%`~X=+I~QBXPX1nev_KkMu4I4PPJ}`Wjhltsp%Qi=j++NlKA^P;^PE z)UIZH)IE*;tejZ8pX9h{>C;!oRs3r%_q_o7;n58>Ro)-oG1Jgtp*Z z-~?=1?4cB5dXDDWY3eemwL^)tr*=n>P(a`{m4br6Bk47j#-no~QpE9D{7`X;V<4+P z69B z97<)`VU;X0X){b6j~!NlPVX-@VdbVZ5tfIE14*m0C9EG7;CtK{c+201gZt{B3MzBD z00-_I{uXz+{HzqV=Mxm|{O1g^8>loMwS^9)?u9qHJZh`zYDNpA3hGB~ZPPu)t`V7F zx6xhOYH%uT4<74`>tdP#P@vNd7S{b015lG#mn>Pg14Je3j=m%@x&!0tV#EoP%A6tM z=&teKO3wA=6FB$8vvo1zbjAFOc|JZ|hz*R#vkZ*G0`WWQV7y&q(gu5JfjZD>f`xNW zT+&2TmrKsI)KOimqdFDmyzuiiId?aoz`4(#sf!954(fBRtBDE|u)3Tp7MV!S0oBK! zo9*%Qu1!QWor!V(1)2(ZmHUtA?eR6ZMw_Uf<`Ym=Kiw!)BL^6~Y5>&-A`=5uoCQ^N zmnNbr|4g8|17sws{1>C6+6)JA6V)m{0ae?^p?au)G*sU|CEki&243Z|VsIp*NNn3w zREZLm3NjMa%N)d_$d2X_sE)$(ov8YY3Po;}ZlDFe)-M{WW|64w{?tU(KedUx>dwT0 zqz^$xqFT#QI0~x%#9>Ipo;s?(Jjv>w7S+1UXsFUfCPoW<{}U6{UoLJUDi0F}l70Xg ziRuuBkZ7nTVDo~B>P|j^SC3*2+Xz%OSo1lxoWDh6VxW5dV-wY*7c~*p?Mxg!NCK^t$It162cZ{tJfuA>?yDs)lUL9138>z{YI-A3B}PRxNn~Q6I`)By>J4tYYRcqmDH8{hF3?e3g@G{|ueM<) zq={-RpMYxPBaK4U5BBL(k6tf`Obk?gET}eO-&vDT)x0lIxj;tp>P`%d(NLWofht}{ zb9(+Q3bchO_R(8B~nSrW-(W{k271rk$zH6d#V9R8a+T&Cv4kUdHG7{BB zj6=~--Jf7ZHI`36bsv`c8zDQs?iCHyl_C?Pm+gDUM0KCAq%@%ge!#?mq@5rmQ60k& z5)IWW*j{e(>PbEU)lzFu@Gzvr|#``c#662{PVtWc< zL!WQKCrCtlJ&X-X#QQHbFg73&Hx!AtVTrirEfbZ!si+=d;y}{FASzKkg<&!p=Z0ft z(rk}ed_sG?OjPK!67kvY2C4=m;vZNtw`jg`7F3tP0?{O1mH$hidIMx6s%035qM@3J z=3%0GfKNa*T2$z?sFtTiLzNndDvK4Yf(W?rzagjS!hc^fEXD{9BsqgKwG`y|6$u3FE(+IFPglL?uSMj`38z>+RgkJU%R*NDrHrUG&OpFcmvU^1)#;o~b3#ymIkrGXi`n%o`sM_nOF2gVxjdO9p zVRG&e7CFedHCV!mMAhJ|`SMGmaqdZxi7xdc&(hLr&czjL2l=s=A3=Wn%#TWbe8-P1 z{Mf*cwfrdOM;Sjp`0*S+p5(`){3zi^5kCs}F^wNn`0)Tg z#`EKDe1xtH^$rch@?)=1k5G54G+3(8ohUsSiC*uN@wP8SZM5>XP$d-fw_P+pDWd?ooV~& zE~TG;uo>%DC-w6Wkg=XkXbYDcUqrrKJUrFmN?*-n``)J=dWQ>+mcy0e$15lR_DR^c3oc=|jbA|eBawigbJ5BBN6?t8dpT8z)6BlYd9ayKY z5sgh)gy0N@T5UN(9ESysY@Svw|I%!r);_z9^}*p>NZ1DyPId)`(0R?1qP>h)p$m~k z_&vIZ@!ngdGYoY-qIE^yT+$x#cBK0n?&G3=<@KY`m~h;O@KHweOAs9!w!jdb336Q( zt8@9OuE6!Fl49aUBJ_W73m%U8euxcDbvVwS7*NFuCun=7iPd)N{?}q8*fmI-4CD?u_ae&a^+AWq-tp+Xk0U z>Fo5!SI}#ECp*u5%pMnsF_X|nr@CJE9$=G`K7ylf)nlN>=Ud(Xnrm0%Rj9e{CWuN3 z47UZpnP!X8&j&H;`)a@cnfiW;yrb9mUt>;L-+6dtt*_RTxf%7IfY&DJgumrTCsvuA z*0uBBrnCeB_mhCJqgQBeC*msfUg7I6aUWQq)3ca3EhQ_+wqsAwt)|oN1soaezu;@k z3Tyll`woQR{1&(yWR)|Pn)Qu{+-U>8v`-&m4Zjtqx-4eEuz!hDT{fbi%d7=GE(`LB zwD#%zQtc0mr>q%FI1mje^mjBZcnkcE0gDm9D&G7iH=`7y!nhEz#Qs;j)6bK+5kE!A zH!%JN#N&A~+E8&*pFJIcC?kVkfvn3JWjiY8^xHe*clhL(4h(neMeTVbvV+CYaks>N z_$5&!2%WVZKb>m-F~Q{z0(d|?Yd6Z0tF*6pU3kF0NJO$P=2swV3BGVzA4|@9A)MUD zlJ-@^PRX(435HTMesT#;Pb%X&G;3j2k+z4JHG#Ftrs)(_t&n( zH!mVn<9N}lkY=~95bebrf4HrIcU2aC2(r4=-!U958%dFsb~6&w0jOI0@nzJ?SF>O7 z!I?-@*H_bi^4Wp-^NZtC-GT9tBt_f3-9uM8)gQ#cyuM%db2!~~6SG)FjWf~d`wH@= z2kryCl{Y)W0dg1ade>IGex%k>o+IqDyC6T|16uH(+FIe(ByLqq)Cy3MT=i-S*Bhn+ zn2)oJ=E3Dfl1|owHNB{|r`$6zP3ZI37%?3{SISPK% z2Kq};b@CCN^SJAu6Twl7E`*GlIU|oJE_I!mS{kLtGo{ zR52)@kW^lAqa>04d=lEbAWZ0w1UD*ja1SPKrvi5?WbGufbgO^E|2}Qg6u|qj}%^%%mO>LG&>uiPLRLFItV_$fy{s^y}FVQxt0 z@nApJi*2n^yH;erPrF29UI0o)$^RNNf0w@*znVC^egj@RO*`P2lptYC*YCk>tZLn@~> zPwUWC&W)OU@Zu)L*8lLp=aI=AOE}O#m8@9K(=oNu9!Jkh!+t6?sJ6FA&<=IY))$KK>lVyZr>e0$C^VrM&?H2g@kfg}DBe zVI9%J*y27%VN?Svv~j(8YpIYlOD2=2mD&QlgmeKnx`7*R|5Z+OYI=%P!v-L`sksW! z41}!pbZO9eE-9}AbKJ#Dr*XU;HwYePBjJ5Tr5Fd4N`F3XwrK10O)sm7QJyLVUi8)5 zS7aE!#CdF}O*-1F6Z;0Rk-~nfUKQ)|?)Pp)n0%&hGKWXR>y1d6Za2SmT zI{jCo(Pkb|3jJtOIm)6(+4$V*8e9YJI9z6P`k(15>bk+HuhB<3SC^8y?d+m$AL6lsj){l;+J>7CqUV zDf_i+raZaA`wSQd0+e~HLys`dTsN9>x93H_cydM1OGOGHb27sB2~*x_&rBpca6j;m zBO?{kYzUI(wPO=Zd4wib_H^Hvk5OdIex)qIS7uYMO;`cpDfPLqyh59Vyh0l?P8;ri z85DA{U88w;=gG{cd891#T~PQe(cA=)C?(KPf7B*ihCUcbdgBTye3CN`Ypr%d9{YLK zgBusDC&nmg@u|WUpAO^P&jBFS+7x{2Tl&21AykrW-k#JM-kl(2?A902-Nm_(yD`5O z5j>TlvzUaDJupE`$GzC=@si2%^<*z08R9VLE+hNx|MPRP?S!2w8Wr4QR1;&-YO|DQ6x)>@V{CU`x{H}whqz(=Q3-Rw*|==2?f z20Io_Fqc-2FP-WZjK&B(mr^i0{~YSGVFk;TxyO4|Xb29uPwmS&w98k$pA0-FSEoA| z?((gN(<(+c-VNSY*pZRU(^jZhdr7HZ(1l#KA9-XZv^00xPFaUtY;P!6nfnj?lEuQ- zGCuXf+|1)lAJ&flDboLtQ^FziaD~myagXi1g-aQH(osGbcjZE-JB-VPvEH0cd3>Q$ z8GMK~tZW>0ov3XFI~_RFbcGF)5bE0%s6TU(2S#?mQ^uOXa6*2nYzYTu#Rc)U(ix#& z-v`xF>htHirLqc{oi6oxT)0l$-B53(C3#>Y# z-7}meh}j2NwGOP}o${cdsB$8bdD?;`IN+D8>W6wbZ9kBtqMmM28SgxHp=@xB&EV{0 z`QwNu=0Y2V)L4aw_LKVsa(c!%FdNF1v!OlSk(kx=glJY4wM&)2?QAB=hnL$tH@NT% zLpIdz(4U-Y$f~}7Fig4{T$`p~g_tntrF4WlO-1sZH zyN%W5$;ItZ+X%8>0iw`ISogGEYVCKgI$q0J$Q}5u%dTUn7TLA=Sqd3pZ=yz1UtWKb zW=NQ@yk0*)y1ZVNCggRWUZ%Xh^#@epwDP(fJ8l}1*C+ofC1O`pR?6!Es6OZb8Qp-q zz5p-Tw=48y`<^l6^+$Tp_Xx7eBdO0|w4ruwk*}Y1Gti$xzAk^XVflJhPeZ;ct)zUd zrY;&OUp+31d~J`)ktYKqDrc3iJ7l;n~jhN^hXX7qA7K=_B@21qqZ_k~}8@1Gv!g7GgZEofXZ~xFO zyk;1Jc3iy6_w(^#fdT(S=Zew(InQsdDuV4tm#;kDQNeivG!i$2mim<&f->8kwnr(hWvE%d{F{ubp`mb=-O-i#)u{?- zS+4+LaTq3=n`mj?VHC$5Lrx4IKvhjtpR*>~`XL6YZs9QmO$mZrR1&3nOG5vm=!}+Sal;$wmphX4-yvQ_KWscx?Ln8f%6zO}OfJm=fg!jeJ0?PDwL#F2nnLaWAna(Qc zyc!G2H6YT#;-{BMfj$r4br^i9Aa|t}hms-Bg+5=wRWj=HZSc~RcI3bBkD2*BU?f+! zs0T~zOG|_u6c&2>+xY49XWyd+^NKn;<$N0?OnjD6!WD%&T}l zE+G@__cDV()_shb16GFKVtFG=?4uC^`)+F#GK6tZ$Y|#2V9ebZ*O2E<g?cMVyg^oR1pkQNR|Lxm78g1x5*j%vN`x%a1CqOA7RS898%%V-74A zrFjn6U%^?IuOgO9T_b({XXb0lBK!M@jC!_1A^*Tn*3&tzrLs8Q8CuKH)FG={B}PNJ z?R%*zpif{ih>?pbhDzPE3Sz#e+juP2ckm}{AEPFl`Gsc&I-Gh4SB~`-HSKc5kD9hK zSvFtP6t%pLwLE}Ywv@HR{L)@iY}7KZsE5D z7WF+^*NY`)>uN5GTf$_4tdAMUr3uqMc@4iAbRCQ5D=zi=Z!ZXshRd z#^{eP#u5M2Ee{^2>SvUd~7`*(~hAaA*ayzOP}RwEW;ybcVZ*ClzO zKZ>PMt^%^Zn)H1|kUb7pRw+sSC$oV)$q`>^K0`to9SnrdxUU|~>67`bwaz#l-u@NQaW^VAL4GXlI z<+hc&fG@2y!=j-pOMCZKdw+~VY_7~2?|!GcVMPWG3xJ*M>Cj5}A8eR)l0cPf%0>GP z)AP@;gSynsuCx^{--_ePqBSnxv5v~@o(wJv#e%BOqSEp1%@5@u}!)nAh{7?8j z9AP6OY{ko+`2PtJHX#E3@7^Q-D^bzV3H<(9{#S0m^Vdi`V?bYiUf(w!g^phWo}p;) zXu=lej93$XL(T{EqW2=_!^j!`6PQ{=VBP-Ei>@~7W)zM3hYneaW>t=}P!AdszNYtW z6>cL+(Q(+_9Z10fxO7<3-{2spps2C!->e>PdhzmQ};3sVrJsVvNV5SkaRhcmZiUAhotY z$}bR*x-nfKD~&N@3F$-FQ+0nBeY~70$IE7j0(rh>HstxGR)(Qm`;M8ic&DyV=~RxGD-j72eFNq7J+f9SEhFYHGewP_Ml8ngfEA(F>W`Rt^G*CB zLy2EjU}7YG1ZpQS5Qp)j?&0w=UzXO5>42XxV_D*<@goZH&uS3=41s@Qbo_{9;Fqb=F!*Q$!ByI}`*eMsg;2%V{LHKx`%vb{k zDKNLe`j2r8N0Q+9kqr>pM^h#z49?gd3_?ics%u@oomH;Dm`VTh5F zp3N|v^p%s5&9IRS8_O`9`jwM0mSGc}zP$w~Jl^|eF4&mu4zx?hW1`cBako6tRaRw> z7`vcPIgm}i{rGIv57}J3UuoOwYDmKr4rV(cc9g=F5FHrLI(n|iRaawlKRzPR&IS_$ z%-unlfb#^-qon>G-%cJrNQgBf(ue@D1sHR}j)2lE1PF(i`F1 zf6yg)=%7QHnVQbe@#%?3dVM-axm(lIo07p@NF;KAj4#hdYm8NjCJN5LFpz`%TCrBw zvsP2KBV*L+E{;*Z;#(hkM9mPseT!bRUn6Sf&Rnk)t`fsvS+eK8ToAuJ= zN~}w^DHy1vzA&R*UzGD5%E36deKYd@78Ljn3AT3Z3w|WHGXL;?o16KCQZ#_g;?MZV zI4s6kVaN~7aoTEJwwhovUT}R1*51Cli;=lH*Q%X4R#glY3u)y;lW{%u^A8ERo&~{L zjGy6Q3d5VjND`+@&co3C-+qXaV^9j0oj}KxeYs{0sWu9UwUe`j{QHpd|6z;#6KU+- zm_OtnW5yOj;`qg?gIhhU{pB2CSx!rqmgN+z1jceL;MzA*^&M7Rxezi{HOU|AT_Qus7Pf;irYZJB%c8j#Hd@di8@Qu?KuBjm5W2g|A@H&XS zV46wnvqT#Er-%Y#f5wMi+i7rOnaVX}@6m8YRs3^|IYa6CQobai%s3lJzN0PH8)hQ230J}^=AlB^`zOSoSC{ffr)k|8?` z4o9q)&wxJwd&%om2ShLV489VlTz`29FR3mJ)ssy?GPDr}_11%KMUY8wqrcQ!e{m;< zTZ%mIm;UIH>)Y2%VdnMMw+FTp4VX)Tj~`0lED>o31!$kLtIj%d$ZE8E^OG!nCN zR(<+&#i)*0PdOwc7VbZgDaQm~Lw+2;g#B#PNQb&r_&*#ek4b^QMyrfHM^?mS<5$N} zFP^=b1ERi<=2cXhtvt0#zVoyTzqtvGhfYDjR+Voz0>fG>8VomC`NYt zj_2=JO9 z7(y4oF=x;PUYf+=$vzTM5c5xr*?l^Onnj3~OZU~9u=!DL)>sktAK>}Qw2z1FVz7}z zu!j`*OH1P?)Mn5*$A9sWRWT_sG2ymdt=%eMDnnPfccQ{Qg)_n7{ zY;;8*%T&nPd{?69_@aD={%5}HtmimOzC(YMhb!k`)I1uQf!Ua!N80n1!V7>+ ztT~XL7v#+k=awpvcwh$;#$~1OARrm^^?s|<5-ozlt6KX=v=Z+IK}REWgrJr86T~JB zjqo8Ncke3*C;g1@A7w5j2q*1y0a&dq65&eG{b*x&NBSA>9@5`khj)U8#+%ZKq7@eP zm8nQa<6XN4b<{)xl>o&!1|bxKif;A^IwI?jmn=(eefcJOV%r(8`cgXhmyf1ESeT=rzcUR zrs9P@4BWQDl#f(ng_j+Dt1yGSi9S0jJY9e~H*N3Wj9M&IVgCZWhObe3EP)WTK>&I# z9i%KBp9P^uow}D%=4)sHvdphoW)fb6R&bdY?l2sJpt%}50n8zo^591Jl5f>9{0Op2 z3?G4O77VNK!grz;tGeaN;8mD%+=e+Q=T9acvE-r-z&5k3p4)QOa;$S>HoPO0Y8J=! zEM}6k+fm$0^aNOiU73}h?*2=iejI!0pPH!Mf}*e&0(49lb;vE+<5@$8dIw&FmeGkn zyhoz}MAVP9OXQ;bnBe^|`&*08#>fJCx>T$WCoI9(5fh=E0?+B*BdJWMk6*%F+mgw9 zHp>I>(jhf%qZ>zxUsDE~K}_BFLZA1QgX;M-X=XJy^q>-Z!FVxs;ll3U@RMh!3+v@Q zc+k#~0)-1@7fmo{ACHU|LqZng2ePha%=T!G$fCQEg-H=<|7+Mk>4RoQRl;_(%aD0A z{rCdA(2s99%hZoQThbW)xa-!2_2b*civ1C74%@kC@h^0Vq94!1ODe;c=*g}{GF?Az zrw0u{Py~ML2a+b*<#q$F8zQE}Zo5yAKh530&)$3c#_&S!X^Gkx2toF+74TKSx31j< z<54sS{uLr>Q&9#+{R*&V?%zz-{C2Nk%`1q4n6EPCbcmVIOV;|B{R#5HnF}`@75zfG zk$?n+sl{ltZhRNuTVLevi0`oeAov4?yj5tKCG`QsKw9N-6vfmX;^D?^r~lug(n{e*j*UL}mWyAxSeK9ERvG;3cu+&S z{^20IOIS@fBEfnF6J7ac8;_!UXI6*_pP%8EDlG#;p{_e{1*ylJ|ILDcMIoWs{*!GWosjZfH8+o@r)tElVda$^*7KrUX;^6 z!TVmQXBZJ%3-)fHa$+xs)iswVO2mZNPDNyhei5(@@;IWu^%eaM&bQ*A>#gi|DRg;G zB#|bH-uA1fGn5SzPl4Xw&;ouSy+Ry7rixC7eB5d}oYa)U)+o=FxmPKSXOo1JYBD=q z3d#@nw{(|UNx$1}xoJn}e3!O|y-tiqVpPnzPZwqAbo9*)lYtQ3wyFJKX174}$%l)~wtlUe2lA+T0_f>;!* zuoE(Uil+TV)Wzs=Zz3K$Q&C4fzo|}N3|J&HMi+uRVmhb>3Wy3Qg@3S32>sy{^z(NU zblZY>q+8JzDB(eh0p@Cw7o_Os?w>BDS0Q^FJ=xOXgAkU7x$0h4Kqf=3bbg~mWZn9w zdv1rAbEgS6a4;F#$M=6dLZD*Q*hkHb;_aw*=q?JLRR)z8A{zYNJPY6lcM@fIuE&pB z&p?-LZ|I3I^3ZwmmzthYnwz;Rq{wF1(uK)eDPf6*3Ind8$Asg{h(8&RR_t=6?RN)y_eNWdn{<0dDaD`Azgj}c z^qh+X4w} zKEcE$1}^M}wg3D%LJ2O#`z4sg)PnJLp#!`8GsN2OrP^yE?JBKfp2&l315#w4_6Wkc zqwJVXd9qZb5%d+m$WOTcnZl&5JnCjhpya_BKZ{|Tn~$+JrWC$~AJVFVSB_<}k3zQ< z!?~HIJMAD_5jFy%ao38-?3&^|f@;UW8{1R2)-_5ImG-@hunU2#kRqPSEH zk8&YE^ha99`?=H>T-u2BWMV&CXH{nR_;Z^L({4^E)GzRAji$_vkmEN$?~-bb8LJ zt;G>?`F(T!=OLCmZJX%gk9?09>d~@bvw}6HuD~GH#!=idI1j;QTOl5#{|4!^t?7Z{ z1wDPMf;Ctu4yRXZ%Cu&w16vg!wkt54upGs4!M=!$e72)fbGd`Z1<{|jR?q}qLh;HY z4n)XN7LSh2QMb?98FL)bkHvhC=tY;}4W-(p=g|{hd89qdttqQIt4qvrB}PQA#k9?7 zTj89w0;jXY2r=f)+^o!{CdYL}r+SvCm#<2JCy82C8jLMivp?6L;R@W28lLAUZc|nj z@2g5DJz{-3lon+LYYGG}Zsz;qgtF>*Uv+wp`Yq5Qmlidx@VW)%ic8HbwmAxR4s;Z( zl}Q9IbBdEgV?<46)y7oC#7r7zGRb!|Zu*@pillP}^dbz(iHt{!a&4r4c0u*P?1J@{ z%(IIzY;*md$k;??YtX$iC`?v}GQ|(jDTY7(x7)kWm&_)g9`E*d@N~x_xI67zZ19Pj z-q}&mf1fwmQ83N+skbe@VwZW(!siD)h<_N4`954+RFS~EOfZjwxjXHDvw-_P~6>vzWghVEYS}t z5jt2|G}(rH??dxFh$wqJx8k$PJEmY~Rl%_Zo;!jc$h5yJb6>?TnO+wOY}DKcfJ~;@ zm{Tl1#>63m-#z2;x!*g*5tuMByWm9nq-jC;na3d4P+Y;z(t=|JO3}>-P(!|*rL&Gn zG_Z8UD2pqcWmT;lzFh-dWxJZWT9o^K8R%|tNLhTsBxPqr%v00IiC{Gdk)s|f*ts8> zdfEj~gr8+0d&T2HODX7^?0lAxFAzeBnzmMU)Ma>9YkXDBQIoTgH%VKzvz4>OiX8P2 zs^cvCrJ1wE4-SO8Tl}C`Yl|{>F4Fm`o9D1Ypi{;L;+K?FHFNl?m22=5%Q$8G&>7=w zHTKehF)^)Uz9kBbIJ*=FpyH^9&UQ);bk10G&OFr-iv|gh@wz;et&Y71!ild$`j_4M4(RFY+I#Ab*L9!82=dLx96#LZ^1&IUL7XsaX|mKe zoN5g=C&znwpk+AIV9u%m4dbSFDi{dwoEmRZ!A#qy{L#u87#deFGj4a6Tq3fD}Ww-$+}Iy4k|&#~InT;{sRN4lw4Yfw?WdaAB4;_aTI%uvnw8u?P@N z7Fo-F<4j}L=r`DH%B*j;F@K7EMA_rH8=qC)JiXuC8^pPGtQPtWTPx;UZjl};Y8&wk zYB4`_p_3pgvYM#phn(Y>&~q<7_j|`X0{6=<^ta&Gh#Ap^Fl?YLTLHe05J%aLRt{zH zHa1XK*-mt#?Go#E0xPE$z>1|PLD)%CLo?C&(SbtE#5X&RcRaF{9o2iMwYPXjfqczD zzO(f%+A6ojI_B;w`>9!Oivuh(x5Z{x=GuJpPo7^Uy&%CsTx4h*RU!3baDO)T=hvpy zpuM8C!me*MVhVle5-jb*HU<0V+5eOJP@=r*>$LjNnd(~$xQ*{L`qqEnA0IjnUoL~F z4bra~>+FJlz1r5LA62tNX=diXF{O|$=x)sV)7Epx#ktUcm3id|a};OL>pb+4(8o>+eXbjnNsMT3h-}LC zHG_&!>L||4F4zTaVO@cv_yP3!ve-}o3#9%><#YNpiqBSvTZOp%jdW7Ia1=jivm{0z zE{h9hLs3V%`00Zf_iUuwuct#EX1cl=#ac2#2PumW9zi9fx(BPHdX`jEz`44=G2bzi z=fsATXNrx+DbKM&EYbi$4kd)H49jn;wmc7{L4HDK6KWOaH?VZ6GI1qd`unO!XYC-D z#E>xSsALt{BGmBD@dH};ls9!fJKd@$gF)P;USH1+r}&s1DH2tdZDHn|5An4kUfn0? zuVO|_y&oD_d;=O-79<5Uu(0X{^(H2CKx$wik^aAz_mTS7f2DqL7A@q=X8e#R*+2$AX236^)eoU)TzwT2J3A?|Kbb)zbf-_sDZB3pef=M%7*l>JVtIn{}RHH z`WF>FoOTiu93Zo;qkDCg+1Am$ZbtdmMoEVP1ffwL1`~{Gp;2-QUq{zM8)00}SbXmH z-k~?jJA$7gYDA-?l`2x%dKMv3m96{-g`$j_YbCCTrVxk*}^6 z3-hBN=M<|jq|>M!>G5K&=l>VwxuE?ty1b^!XRH(81lHsn|IidCu98*Pxw&1XEO-}A zD51VvGBhPMzEq3Fpb&`9hISUw9kZ#gP{B)~-i<}H{KUgUlVd%pZuLiZ+Bz|CV8;q3 zoEpSTo})WP`eWH%^r3ao(=*CK&0t`JebG@o8ale6cMBa|r0t8eLa%}0 z0#Y0HRch8~3-Ip~?Ty4q0b$}j7mL%sHwepI`+|P^yk{3Y1iKt83)jRIJVeXF|6%W2 zz?-VFwv%44K=Bl%SOlao@&&;qu283nH>3RMJ73?QJEBGCTtTI-zTq)id#n|Yr9|G(jRXwF{mzVEfy zUi-Fo{syYgEUK49*robf@pMO=TumAHpei@a1fc)0arRZu;pcSE9cG#tdjOh6w^y&kUGQ`dXP^FG@?K+HuBR znq#+UE<2(XR&l)j1N==5hmCn!9{O0#hP*)Yfl0ce`S6Y9A+#WUm>RKQ4etrj_^;yr zlIKs{a--7htMCz{e<;gysQs|LiiPA(_?F|ZM;enCIa=>8%H1fP3S%!$@ggxF{P6Js#EO>n zz!`}-an3BXDq_W|4x05dcxm3O&{-qPqVB?c|JFzb+_`90<;^-{fyEJ7U_s+e??TE2 zvM}Rh;aA=qMwQLqM&thm?nLJDmltNl$fLxj@`&$8cy=9wyoEioIPyJBI|$<{$1HD; zV?1doy&LeZ{4u9@y!(h*3rTs>Gy@6#wb)^zRhL5~ z{wMK|XLIyO_*i{c8uW9q*EljdMkuj=PE{zIkPDo>z!;ZW<= z(i&QiE?rB1tHLQIA8sl;EwAh@tA8!Iwk4K)2%`;mC6-NqxUWtMT?diZH;Q~e#P^5 zI3Tt&SSBgU2Vu&VqAb6{imeVTKpjS|c>&60!^{w$5YsS|k-KF&PHn77u+#Pj&e!Db zpMF_*0?s=bqC08MH6&*JM_^N^^a#mzccHTU#>A>^ZD*RR(57IM}r6)$dsPs&j(*d<-2u-~Lb)iW+>dxTk zMkl6Go@cr4MrGJ(CWjRS3{?ZA{-&Y+8d|Eq=@6&WZx-pc78N%svc3|LYDsg7l;yJ% zXaG7~dWh?9FfChG?Pvon#9V({Rciwbl+x}dMca`kEJe9%XSAc04a(*G>rr`-Rdk-z zq%T=3o2p9~kDKaC(wn-;x}&Zy(aPc)6qod+#s(VhNL7;cA?``UQGr3k|IwbLcu8pU zIDH2`oc_(u><^=hT89$m+>F7K)Fo1QlETYH-qP~@oH71GRpB=NEu}lSKW!Uo{Y83G zX*KmHds(NdJt;WxgZmN0u#8B39l3|5_vUFszsXfK zFzFHLH8gfKApG?AbrES^NgpRmxdx)IcawgA_f2RB$>JHn9}gipJcN)&<_um9G5CYx znGFZjuR;0#2G5Rq9!N?XFnn5EH_(Iti+?<#I9neg34aL<9D4f5Jq;iUh-StBL_8x0 zGX`2wtXG3~B$OWFNKS_4tq)1RsQ%v(#|)^HH4xChhxId@iz+f9A7~(b0(PLFf1}Q>ZU(iI*kDoJk=4L z4!wE}EGkU@FndEJ|0aEsrQ1uT@@4@_aMm*m7r@=wo z%n=8Te}*Gk0fxPhD1W7!RFu{wgK+MYrfsCW3187FbcC-Sg@b2o%@|AZ-p#=b<~mj9 ztr^5yru5DHHH!G_B4zn>Yf}b0Nty*Bx*30+j;XIMuw?4X*_?lQ9DPJMFPb>%Xa7F_ ziz_~lf&Zpi%?xOhk`DZL@n3WOTV&k-Lj4=dCx0wFVbB>%Ch_#|wEwO8x2#?qqrjEt zbeihlY5x!D-;w$3G3npZoBmho-_85eap~VifBIjif49`1;tn8x+@Jn$*T4UuKOOse zTTA;X*-$i&dHw4W9H=_l@$TVtBJY@vcb}@_=%J?r{PW6|t}o+y#G9Wuu|B$>5gM20 z;JjH~qi2WdfOj>>p)mf){Gs%qobQf$qAMKtd;kxA{d{-ika1`p1v9N?Lcc_KI^R8r z!{hj-em<`pKL7ZLa;Pu7A%@LZ8d>lIs*z82Z{~>)PIjj#_nZe0`GIjs`Tp-pxAR)l z5jogRn+i_cOzD%2i!#_$rZW&#-?u6KUe0xI>M6&%tJKme)3I(;%XV%p+-LNk%4b|+ zk99i&oz&n>I6j?S*7iSfs{0a|`y8~?;#Bu|uC({mY&>OfByrB=Mukn`^iv{7aQIC3 z4NQz|;2@~^;1Q1faFK{7=GV)4ZmfQRIV@NbQ1AxscsxiuSuj%fe+_Vs@v#%x3l$TPL9v-(D`moC?T{CpNP>oDnT(~N2wN6+;yC;NRldw1{@eIBsNBZQS&Za&fk<6k<=3ygq9*(9S`qgz4{_b_VBS%y32u+4Z z(>8|UyMjWRj^8Lgydr?p65Ar%RCJOD$5c0CcI0gROSEK}@W&-f4E+Qi;xnoG;chzE z!EQO+y^rDOHkjD2G3|>fzK`K0a<&_tT29PviX867Y(9Fp8|%Tw;chI9tF4VA=Qv$Vc49>^Ns?Kjq4t^a5w(o$qdG|JsI!_GEwK5B9H*ef(-^|Hl8}aqQn5 zhx}+Mz1ANeM|#IQKW=Hi=<^LmeManuIPP1ZW8wUGzaL{22-q)&u>`Hgz)y^iKWE^3uyJheu6pSW}n<$zs9qm)}fr%oP1g_y614NZw5T8-HN`+H>&E;r4(KO^x!a zhfj{1-f9UyE;PAmdSAp%?>;@f^NjTFYL;GkVVY@)adHJ-KaO#i7q*Xa2MRmHxH-R` z>J06(No4B{4|T>V58W&^~}qhksr4jS@%hx*6BvA@}4NC*gjO z&0f|DoBT;dz8~Fv!?*;$ja4u6vm;Y#Nt1=8J3Io52So9DJC0ewsvZnzHQ*gpZBsA2 z|5}qodxJD_h}iRo5ADivhfTK$XulNYZG-YozIy5mux;{n<`Uz44!=L#usRcQX+LkJ z(%}yG@H8bW`Rd9E_P+=-yloYv259fjH_);UV7xLOzhUQ!^dLeUGe2$eH#z0+0rsYJ?T^T z&|3H4ewM)Ync*k&B5cwA{4O#ZOy9l+EltJ3efXcJ9g8ua%kRbb7W*34j_+`;8Rvc^+^2?1BAJMPCgwqPV|FFgM=q) z{|D-`{Pfd83#;D}h}f+%EcYJzhFBe36~pS=L8aWh%Y0p zwHLY4JoS056Fv1QZe<0T&!A_mR;19!3c7z0y>B$8Jb7Uz+tq?Ot>nA#$tKO_;zP?r zo?tg?r&fp{$W&!_GJ2MLIWQQ^x`MonAX$fZt|XivmY{}QNc5E~Mqw`&BH5fldLQfk z)5X3hS+s=z8!6V{fU8$0TC@{gXyxFLTZME9kq*sZl1oSqB56XpT}T%Y=?fvq{oD$5vf>6PYLO3 zA`KDJvqJiSNM{J?1tGly(%4W(p}h>6M*W*a!S^@-iMkkp>U3KMQFZk-$ zLaHRv(?aSZq<4u_A*Aj?dYeddh15$(ZxZQ7A@vc`>mZE{T`IJ*K+}GLJT zt90R}%%aW{O!uF{?R(K_O#B5!*SL&Pksv+ z+V^ep5+Fq_ko>HK*Sp;~V60mymoydX7k63#nX4j}WO^ zNcRaTNTk<<^nj4OL|QDQM}%}ck%B^cLP)m~=?)=1Eu`y+biI(421!cBD5bs(~6*o5Odl@_}q)W{&rph3!mwom=FId z!ekS-_E5+P*^X#$ZR6jDDXb-e~8YQK3x%@L2|$>UTZ4KRhhTu6h2bQSp;E~KGC znnI*M2`OJlbBUBGB!`g7iPTO=BZc%=BK;oZGK~?^QX=gX(pVuqPo&ReJA@P<(qtjc6H*zG#t6wPBp;FT zgya{}d?KAGqKBXln8&W!YA|RyZF%ZII*bw%%oiTlOF*F{(O|YjG)0ckbJjKkQPvd+Jc$381g#j*G46#U(0YTWtwB`L@+N_V^6o~1i;^n({Z`Lq^gM<3R*%wXoO*khIZA z0WmI>7`Y}^5Pc2NQ4`l-ESLJO0$ET03Gp2q@*;Vyg%^^4NZ$uH61#CZ(tmyzD}HBV zq6E@SjHJ(@^oL6N(Sgje;Ebd$huPUJ@_`t|1i-nq619o$I2>#J1$7o_~7IQG#FAk^VrU zuOT|MeO8ocyPf~uK3k?XLOi211N`I)NzZWEJ zBQg*E`v~7g`kRP;p`QLWNIq%*??KknUnRa_7n!_HjHds0xRL(ZuTc5_A>|**3?hUirONcyE9>*-Gr-@zd_lh;~!(aT=|H_~s#A*#}@bM};|g zB#xDC%5%#3?vb#g>Blg2yTn_#IsvN`DGW|P9?jVS4eu-WAwkhGRsM1we!>OHiCGiDTsMYhatgU!e zWJXzD0Cu0PIB;IQF5hm=RD3%*D7@9=+q&S}VyvZO9T(P{$f_~UXRDNLm^`j0)0bVe zv#DT^>wT^SQhEpv?^x#br<8kA%Fke*15`TAt=u;il}d=6ka8d)x{<{9@5s1uTHNH= z_;5}nxwT2uw(mLnOtlSklpYxhrGMV-k>my-Qc$}g6Uu%0_)Exzlw4;@ZYU_S{z>#q zq9;-aQ~{p1N6qdr_{ov`E1s}HTB`pyWqB*?F_cyET*GbU%5rZBEh9Hs1XY$>mRQ}V zs~a_{o-Ac~IXa|;9^LJw2Fl6oziM6YK0Q2(VKp#+F-TEg?r+qMA^31z)^a7}P@PYV zR00-bENUMzM(U|QYhJfV@z1@2JI|_VRI+S1Lb&IMzK*(;=2ptc_O{XFDTd2&G2Y( zT2U3??K*E2v9#6QPYotjsmaXWu$+M!^H$#8H#7yYD694&0qsu2O>GdmoE9Gg-l{3o zhU8Bvvr}R^o2Dq2*`H*O?Ti!vVT5unuz)De*;U!bl^njBiV2)u}(D|Z8Syh=I?5lDth>fi7wezgS zeUGWODcHVozoO>m+lpN$VcQu@^qxIf@Vlq}yqW3YQ6=aiu%wM%rxRxlR)g*KJOhb+ zO;RaZy|Fe@^|QxH)z3mEw42}v6=8pkD#eI!9kyMjQoVSu$6q+wVXf31?QQ4kF-O*XdS#o z^0@(?$l<0`*1{3`yBU5(haChzL-5^Zc##ehqi8;YuQ$UpbXX;LGQp}DzF3Dz+-ijc zXPe;xI$T6>7Qt=Ia7P^;LvU+?!#GqCDcFHarC_%c{1Y6ZkIe8U9lnv^4+(ye;k|0< zIvR3J8)@OBa6*{GBEJyWn(RGmoz{{x*{bcsFo^e4XhZrEY)Px7yVfJZBL62&c|XBr z!!w0PV4#~V4Lh_q|e?-e_L*pWiD}LPg z=N&3qBf*2dFn=JeG-L7EP^yVD5)$puM*#?iDPq%4>0b5867-*X2^qC)O>ME82t zib1E&aVUgv&fHHCltaJ_CxAn!qf;f{VF`-g|{NZ9rXQvX;gY}qRKU_WKe<| zk1glq)m2;F>FUNk>iI64>e`HlgN*S{4NOZB>U-4*sM+@#!z<0{lils>X<%U^`l>Xy z?_7*F;bLddWt-R^+M=1~eD^?VQvq?H!qtQQb9Uvy@sgFy8xU-ZP*CW@VVuzbGf9bv zm)KA^8SDr9J_0`^r7|74H7-0ql26TiL4xZ%v^-iL?*`y0+}-w)R9g}q7dR2U4*fw( zI}!Z@cEC&5QHL}2R(kNvx7ocZ{G%iqo1XiDa34>#DZM9{SvDxVZ?^xaHNrT#L3Xg|faD`lzjvP_+Ft(uiljO`&O{av}SO zKF;w9x$)|O;vLos`EIH!?^e7WL05xamckkU$BCu}kE>9VofvO}Wuhk2YazihQIkoJ zP8KaWpS0xRIQN}z8>2hq%~=XZm7-;H*Uwp7H)V{G1-Y z(|@fk1yz`aILvA_%Cv=88)^jG)rVfKkzSpq-H526OQ_l3sij9)tL_sSs74|apptx> zH;<@x%Gy9sLp?~hr1zsJJ^d&Q)c2H#`p)`vRwS83Btx(A^qE8YbR+B27eo@;ejDl2 zjiOJ#!qQvUr#}P|TB=j7rsUru$}_}7XfJ5NW~CT9^3jxHbfp%R;+9L2MY0%5v0h=h zNl3a6l5V0DcSpXcK&%vZpiDM$woySbjSW?b#+yK28=WYE1y^W-dZPmJ|HPc2crT9v z^q68}@f0YT^)xmm**!I)Wh!1eCr%?>hJ6*Xg(|tyRvaTgAh)ATV~(H9BkKw4@ed28 zu4WB%Ff`Db4SG^|`v=Fnt8wvq8%|=lUm_J09621pA?$JVd0mLj`Jm*JsCiDs)|IZj zH^S|xYK&Fh@#J;VJgU*0h}M2#jMknM#*t~R5ItXmdn!H;qKa_Ko7fbJIQ{`gc!r_L z2cV%xD^ohvoub6ME;bbS@SmYBr|B=iY8WoQhB+$_(AOfi8`&vOw4n0XVkH9qSW`q^~ zp$uVMy_WR%LQ?8y^@aX^;-m5O_Z7ED@mYU=0gmt!_R>bt*KLR!4${{ZUuTHnNIlKh zL$S{8hJ%g1MBr<5n3e5I2_9|^ov*{JY@bJPZ!_FehgsRqAUMSgx6)yi806s1fI}F; zBWdphg&ZWwwQmUizzna~VOF-^A@~I|{Jajcvi%sr_n6^w9cE>FF2OgO;hS`rmF)=x zk7SsXZ5j_v!#CEYFMS*ff=eE2XbiU%)tmbs#wFsGj5>=IN&tQFb0!sUqKjZyo08nZ z`q6rnw~0R9R2g@e=e?B zTq~zrFS=H~2d^N8dqjDb^mC|u|Ehitb-Kt`Np%ACya>sVstWb|Li!{n4(fS+`RlrV zj+GU9y(&gO&ktl3cN)1e!h(k3-?4XE;5gZ+ogR=_397!-#&~ z|ET);ZAaD5(cEVJT-rOLpHH<-ERc8bqLV^jDKET$QJ|l*e_cQKqij+A{C>DtKWA=Y zFS=(i7puul^z%--em>U{QPAIG1$`GQ==4_4i4ZcRpx>H6x@3F>9sWo`=Tw^{=)OOE z2B&Q5FL;v804cjsk9ajMq^)C*tCt~K^6Q3QN(Q5i1!1C|Io5|H)=cs_ zLSl{j;ON{EofK$`)=Q5LVj@m-szitC-J%_KaweNZ*Gr(nw>1r(8WcD8zB18z-Ji z^t4ms#(1uHf|*~AapwprFQzkbVr(s*AJ$`h8=hlI!42}`5vr8cd3uZw!jmKT@@zB+ zL^fFB&c9&JhxNOB==(4#A8B!H3ylZlB;Im@PaZ=&YVh4!jG<&^LAq}}NZboKLM&`>@6T9qfcaVNEXlM?&Gu-u7jZRY zwTr0+!*haorX_Q%ziY3-GaaVIdHjaAuc5kufE`P$-f0I`frC%dEYDuIfPSp5R7YU- zCVXitu?Zq0JYKt1(x4eC?eWT+9?x{H<^2co=utrr?r=E`N$i z^oS55`7;qoW4Qp;LLc--^yyJyN&Hh_*_~h3hgQz;u-*xZw?BG8K9m5pD3D~6ULAbQ zX5oakg1LUbpV}Xj1?|E^U>YN4np8v6A8gY;tS4St%c}s?4phgrN7kzx z*p!1-;Mvi@H@k9wn`s*naPCUOfpRr_zj6K?;|yNEarocY24nHpUXCpUcRH^Y1XEwc z6af0w!7kH>g*#M?2;}3LZ8P;uHP~SZ6~d(k&v^-{;64i#3$Ls#TEo`eH=%oY@!HM? z>Z~Xzirir-2K8weF9ZGk*sOtpM4Gtde&GJOh8hCx-^%JfInS~i4_k*#26HP$_^0kl zYoYE-7a4V5eK2m_k2=tD-6sNL9aMj1ya%}>b-(dMOo4)h=;7z&jRZ7(?~?UwO&l#_~j7J`D~_y2xD7`Qh}*RR6zb z#E{Rt$f*B|TBv`Lq*VVE_~rUXh(D$&skKSvrwKhs61z2Bt&`kn9B2(xjYqckX$`g^uri=nyPq5>+&?Og+9IPUZYR% z|1EBxzVnxs`}A3iMdj%za!2~~kv1lIT3Stur^CvG};iUr#BO+W5PBQ?_#_e5%BJ!9p2*v}>QZ7sj&0)jzT!y!6evR84yY{u*9E*XOMQkOxBh7J3YZkGo5fNLuR&SDD^(Hx) z1?_NilXPw_UwffFex>$kNyJ``gK;ckd#FuC?8V`p(YoOI8QSAlYLDX-xer2MPP&>k#rsq2sOFXhbZA~#j>ZJ{N&GoWB_e$?ZXm;aTw&E@Su)M!NBe)j*FyuBat z7Fy>(@GPbzNqAx!8(Mm&ZK|(oPwZ{diL+Qo?Y)OOF>c>pDe7q!v2cp0teEX@+O79v z{Y~b2a%1C4eb-O`6z^il^`hYGHk#|$%f0*ysVZFmN%OGmyW8^p7Pugy{Om(n=j6{bNZnA-evtv{pw*|5yV310!xk|Hy^v zfgQn`68KSreU|{$wGTeOV$wglV!U>CMQ%j_`4PJq6>9EA7gp}OJOJu6bPCi+)wHM# ztO%Tpr_jl^66@z*$LQxN7|aWxpQjZ0mvVCv-^pZ_`R>KLTjIN3#9-#Rk?`Hi;iK~1 zM8JHLR_D7Ca(i%2$9pz4Ik=4`%fxN;E8NzYH1p`(c0jmo1w!C?cau&Y<+dzLy<@no z5!~j|xvi3t##4jdYlPe0g*@Tuk}{vHdl}re0^GJT4!5O{AA{Q>3bfiCkGOmW3%}sI z2DNGrROf1|f4}Dkd^8f@HHJ#5xjj3e|8D7TKC+*czmoWGC9wneZv~os1@YfXo&Q!Y zW*~nB@!tyKzm+=wt*q1$;=dKde=BwVTUo0k#D6Qme>LF0YSw>0CH)sAE3GbpAF$#I zpy0nBlKb!0`LEwz=!^ZJFG6u_pNaz+q%Z#D-VXMASk3*~g$ZPr$8`2X6`9!&_BD>q ze~krY7ZCrgv{3_+CXSiaj>!557P&&&`&(&o<1w2oka+pm>T2f*th8-HAng&Hb)%Jq zOjTbZNz<1|I4Wa_#G}U|Yb0KqERt|6yh<|WsIeHUBt!IA>XER$&TFGzJukda((b6S z7z-r_wn&L&rNoP^!ALB;R#NkLyb_hJqxF#3{h@Pl2udrP-w-)3Y}n(;;SYj)UB5pXv<_7z-)16o5slMr|LT15f^74gfYg zLm(EPv$X3qiX>TWie%8Kk5p{NW?FFgqd%2`lG2{TSp}T)&cVTGybXiRA|Y?U`XOHp zH&%-j-#C;IF0NL^cfGi{sTAJ~aq$9~;-gI^_#{bTReS+)JuI$=#8o1$r^PizTrZ2O zSX}RjYoNGl#FZ(o&%~7?uC3zQiyx#H7S|?m9S~QgxDpWnIa?wwMO+o)>MSl==R_>M z#Whh}e-f7}uA$<}5!VQDWr*uCanY(3V!1|K8YB^1w~C9_YT&w4Tr0%2KwOK(g_SPK zXPLO36xTFyy&x`9+z|`zLXl5etc7c>xU$6ciMVL78Q5lV)kBuRwNqTR;`&8gv<45X zQCuXu;A#u*L<$d!>lAU7h^q&?3a7x^S@Kzo&w=te5TADW%*5wK@|l9qG5B-@hH7tb zucOUg?ayFZtg3PcoBSvzCv4_@1S%I0?!Zn#gypFDSEVNvgRK`IFOKoDV9?`T106S7PYVO?*5AQK7siy*?r z-dsUcLgomPiErfKOhIx8nIuSxAl(JYAVd{JSlyd0h=q`Tf(YC5x(Dh&0~=}`1d%S_ zJ%T|L$Ob}wN25l%gLj`GD+s9-M7oA|yC91RsTM@KiT7(k$_QC1h;$k6KLwda$Ra_c z`*^Da8B54)L2~eoI(S2nJVGW2k|D_Rf@BerFNj5u#|23vATnEw(y|)Xpo{(<^kuK@IS&(IftPw=Ir}t_>9wuaoAktO6Sa77eE+OPz zL8RMy9fC|D#3hJyVeb$@iV3+wkSu(ocKQo4kdQn<(gf)#NG2h@1gYl^>g^;*3L&Y2 z)C$s0kiBqe`~SjqAl=_<6=V}3n*Dd|j`)q=GqA~JWIi(D zyK6cBmo`OWNBp5!Hj$zIjn~a1J}yIDdk1aWv1Y;7p{|t^>)PM~w6>uTti~>06NO+r zx*Vj3NNV2=;;Lnt<#UT`y|_xnB~sWI6xYLoJtD3Was6FfB4K^6h)blZj~=B$dLl`E z?~6;Mr|%1KiNy4MFRs1#!DzEvT${voP+XPbN=C8~3FvDtt_s1ric2J&FI!w9-FySY zB@)eN7neveUy-;(a``S7mq;t$b>h;v-}-J7*9LLT6_-dN9~KrUXCi%k*!m<_nfQE4 zTq0$BFN#Yfi|;LQi8S%OCoYj7zK!A%sp0!hTp}raA#v4mul4;VE?pt8^3c6NR|wjP zOM1SqlekJGTu*kfLeO76Ng)^{pQI2BlTUPGpHn_lV8YN5n3thV#W`&1xzBu8*BJUU zK!_Sv3B~|G;f2w>56Pg%DnYIw!gSt%AbXK_t(zdifZln6Y$7CC5Mf5|3_&Uh2`}Vy zgfYF>3$lceje-c1ddCS;LCBke2*Y|u2{N0I#|07Q^$rtcA|W0@2I3o%>pVeJLT(Tw zQ;36ep`06~P=y(bG|A*8b)!uZ}31ku3UnpF_#1l~g;@HY^$6M{O@ zA-q2evVxF*3L>4uyG@YAguEt*bQJGbf|L>Rh#=BwydMfOjgWbQNC)z+7Gx|T*9nq? zZ`96fg5(i0LXZqWo)aXCkp6;L1o^8VX@s02h;%sbeS*}}aCijL7$ud?=k*9uOUO1s zq$7G~39_D$_XUwo>AgviWrVyeh;&fzRf0TB$b*7NXZ4N|q=b+=1(A;HEfi!5Ay*3` zo!EQ6AjO0f3X+9y)XrIg3?$@CLDB^2AxI`6CkrAS-Fu24DTExnm+L?}y|=9(d(oA( zt%B$(K_ic@t2Ytyo*>J(!+U=bq>_*q1QEgD-6;sG1PcWzkuaMDLCaXQS&Xns@ClQl z5?muRQVFVsHc=ZTG*SuP6`HD@FEq#!@9RR#(RvGwW*N_c7J7jIws4kWbz|;)K-*4( zF6PP^+97Nq5alyau>WL?=UA-3jp9b_+cgMk8m;g7tm$Zd(Um+XKfS2wXuT1u2+%1O z-P~lf&d_Q$>5*t>zR2TnW|Nusm;ar4Gf#@l@cnn@{U4cm=Y1*K@g}gNG0g5N=ZdeF zA;vuO{#1}!LCiDn6@si6#60tULJ)nJHP5`gf;=o?%royB1t}54Jo7FVL?33&Gw*W+ z(T7>{%)5&q`Y>yrc_#>>53}Z(w}z9a7!>qj);#n6SdhIk#F%H^uM4tC5IS*y8s%a3 zQ9&vNG0(h91X&`8dFDM?kP1P}GjFFL`Y>yrd7mwabeWi$cZMMPFl(N9H7j^y+PRaBL6PR)Y1$j`&a>+- z&zfh~`up&(P@<2=EzGZne`L(BU1QCo^_CCyftD81N1s5mUw!fXoUeFr{_Q#=ANo`} zLpy`A!pq_ne>V@#m?RIqDRz=PRONdr+9~InCdsE_f9k)Jz62!|0>8d6HZ!h(3CoC&|@<=%crJlDt$9ee^a@ zk{1c0kKX1<@@zr$(c3&po*;-mdYdQ7`GV-9w|SC$h9LUrZJs2j38IhQ=1Fp0Dc6BM zdYdQ7-wINhz*8;rBzcV>`si(*Brg#}AHB_!FYl5`@=KsZM{_!VpxfVa`0L0DcuipnGLBI; z`LPMczb;C=O&N#L3uFCFIl zD>rKPx=O1%2e<40?DSXROn?8nXqie@o_7%bd*avyj)dgybML{`$)Lj;K2HtYXTf@; z>U-aHx*B+hmLB`pRg?@qyQixI+3C;SH*0^mP5(Of-I{K>-A8_cms*uosqH;g&v_1J zDhnpz+!h@fy9!0SCbe9(ZfyMCQ=LFrQhYC?LzrTYDyaQk~{1A5O;a}3jzj3ti_r`>u50_pe{{1-Q zq}+`SMo`|QGDq`(`ss+g(=koHWVmtGp0L}$KQx~`bA{@`>8gLT;FI<6_fcu-k|M%~ z4m1nflpvMm-ZLrc7L`_zsfyYRbe} zv6-ml!b#tpZbc^G`6G^-8{J(%ZSeu3Z_?gasWYYj6s7-V=tKEwi|}xLDlU2}GA7Nt z`CO#P3>FxZ4S^BD%Ti7Jc4P|67xt?}{5Ej(T=A#)_Y?DWfM3*!z1-Q}8u|sWo^0r| zW?n;}M7%y_@>&}8dLlJuCEO0&I0<($%CHy4dlc^y(48XFkfRk~G8n(%Cd6v1B}9+s z`M>1MwaKk^&E+UyjY#@9Md7-^6dbI|!LN0X36JrAiT4`efkdtvSU@7AJT+$p8q`v9 z@OIaq_$%Dg@YX%n8|r|)rIH$gughHtc+J7Ee{!7i-?Q?~!^m4x`JdF1{PzrgwYmIH z3dhL*K8Y%cznBKsu%zs0X{{|EBhGsmCwKau}>_*4=3`R^J0 zm;aIcm+;3f|Hc3D%l{KXiU*guq|9Eg%MCMWd zqeR{S_f97HugCwNk^jW6$0Ps6|1rvc%K5R&f6w4oj!FLO^>M87pS&Nt{6{AKNdD{T z|C{7L3yfow|LpfzV~sCvWICc!>ITm&kulto)B_-}sajH1%lNzVQj8VRj*y{wU6IVp4%q zxz8q%{T~&#dSRAFNrSbsBpY3LZjZaod1*+W<|$g*=~z>YW8Zl8YMDo+Y4_fC6#K@v z0i-#M1Ky$hcqv+Aesxs)#_F52`q|9B@#ag-_KolVldM(V)IE|(!@hC-G)Z{Fs=7wh z7YrdBat6*TPhPhCJeWasWjfCv@Hjqc!gap>z*i_~CCcQXw*|?T@(>?zEe9FLWNrhk zl)jZ9?|0#Gz2}!xZ6{v=FYq~ze4bNT*BD+x^GDNta+sl(O;=-vIE@05B}p=DLx+%H z*k;$;6xmws9Hei)>-IV5j==aVdjHN<#Bbk?H*Q~3rT&U0hiNLB8$Qob#J+v^gSPe! zjyUr6oriqk?YrrH?A3*7^ALAVUU{E9?{4>{i04qF>m+;GRptnKhF$j3!)ImU6+Aq0cX%;kbNeXi%xEgE z(Oj^R=7M#O7Hk7j;%h}X;4NQ}OqoyGcHSHF>}9v&oj&(KESzU( zOIySKLcpC_6ucgmuXbvW!3}d+1*7}FKX{%}uwGeJW%n1(wwKJk6bu2Mc?hOzZg>l) z(I*=J(8D9L?jVZk`R-k1p?_$lwqU39OOW`ZD3SMZt z05!fv``F2XqkIem2hkupZn7MU==h>*v{#~=Q4uEH9PaK#09|e^3f=(osI-#e2#f|#!$Oet%OzGv z5DOQoQqbU33Vy;p)I>G6Uhx(nkRwHq10eJX4VfC0Lw{*9`CjoSJHwd$u#*LL+0^}s>F+&^O33$L9b z65O-OhKX^-_aq`y{d+^-;FmLHO@MI^s)GbexR5_AiQx+*zt->x{E=j3&gn(f&+O*5 zQ!@tDM$7y5vex$MB&#JvGkFQ0M819XNY?59WK|}m$YYN2aA@e=BM=(kRY$-98z03G z@uO47+_WXM7J<~@@W%Y|;ShJ#2@s4l-l+cl%JS37#^d9Nn*Ey^oRElGQ?vKL57r)G zSX>$Pi|YSE&8>ESmR|!)pZx)$EWO zyae&>R!`x!WbSUoH`C1LwCX^%y>SO6hR>5M3B<5q9Pe^?VGd^{7M@Rsx;WnJxbajffqRphUO?as>j3|MrVBZD%~Tcfh}QY(W9cy zmsx(&vl+4aO67}?$yD7>fq`{>W$>#!`fA?SV)Ydp=tt96@|Q*Qm4mNP6ixM&lPNKi zUhx_E`j_>U2PF*}3vWcqrg-lJ^6%7FZhARVu*|px8?-dGV80_jqOZ`xZ&Q8cFosuX zAsL3gvI}l|prE*!x^ksiU8#nzh`QpefFklbg)5mm-mI=HHhfKly3&h$-3yAYuFTjG zRaeH6Mshi6Bv(RRVaCz!$6akhW4VIxafFW-jYYgngBP>XGVMB1T9$B$<0~z@PrPWh~~d~s1!X<2^Y&@s$+GSizWEiYahPic7wR8m@Q z<<3x}U60>pO3QR3C@C#}=VETvhQMdccx9R|l(99xK zlZx~f>WQWdR_;>KhrFKx9WVN3(Tlzp(QWBG@E7N^1}upFOZx8|4y<=R+|tj3nnxQ_ z4?NG2M%4O?$sZmIo_VsprXUTXVjiN-LDcS(!{g}kE7TUKMoemw+U3#IPHZ8yUQJTl zL7kscYlGA}P-@{6JrR0L7^?hS*p9yz$6LR}07+%zNvb1Im?_q4QL?}30tCj?^7vQ` z86im1jS&2-jR8zD%+QHvklTZctlqgeM^hBME(eNQj$8t7NSf&|n;gh+kYNM_*3Du$ za_eT|26_?9@9&Sf0lp1YtQ%(Pk&2G&|CSAhba0SWV_06~-ADH+p|NOa*zwIXNMddn z*XilV8fxNT7iGS}13n4^+XKs>rM!+2Jx|U3!fbmWObr~h@Zs>(!hrG=Tms+IY`8Yu{u(p*U)D0C&DOBmL9pzV~Se7h`YW8~2a8!6O$e zR`rFkqxVn~si=jjyl4-q2wY+zg9GpB1_wg!Jv5nx8bE@`-5T!z6qKD~3nvx%-2hbe_7&wB#->e- zujc+Tvj-R-ODf-(7$55ZI@h0x`7h=>=td{1!2)_Uzez-Rch`A7}6?*c#Md%KLzUurtG6B_3Yo0g34!WcDkLAACdh#CHvE0&{gr? z0teXe@6mpG9w=nNk^1Rk^wVeJ^ix`JH~J~r2=V+--;$9K#d9X|4MQOh;m0r(@@ZuK zjO=?+e|>=ZYX$ll87s?wfch)!eziB7DJwxWz_NoFG6O>WRm_wv))BqGR#1O6nJGhm zt#kEFYGh4L5GBWhL6RbR}pr-`i%^ph8VdX$mS-^I#`Obv1~V#LKQT5`j=_Ek3|RC<)v`PTx0oyFDDn&j z4q-s$$AYq6B+agyB8xOI>ItoVkM<*u*+PuaYSSoMZ7QVIrcsyDK$zM8Q!?h9q0ubg z;n_`#PNQhisgM?(Mq$wjmP%oPU!wy=@>(6QI^}3Dk3;1`&)NAbX-nJEa?_A4d1%m_yaxLIl)i29T}|H^ z^ofe#57RGs2i@>OOfjDo6Vq zJ~=!O$yzd%5G8#a0ivS|_$jKNMb?){KhxKjV0aOxi@<`8z_66iqxdkbFVTVmt#T}e z#HD$^_cdA-2_zN;XC(QnO24P=Z(3E#AAtu9MnIVwlLDSvs4DsOSYg`d2o6u>6{a}| zhWF~yc!g;Y+90yR1Z!X8;kE}_*#jd}?fw(({^79XIvnxgB`^O-JYFz7Ei{;hk>+bl zxRe`RTcSN;%(?G{U(=ksz`~15bSTkY4F~?1R+lP}G|zSEg9=J!8^TwTPb~Ztn3k8y z4WF;-KFMf1=B8K$O$zzr$9}dEhCV2Ex^v25u)cJO9){D2E-(=TbB^eP!t^x4V1cPS zzOle`I8b=lnZ4iDjn|jzoc_)E{x2}tCus|xu4{zSnPm6>R3WHTL(hv=TVi|0goz zll>*;0%}z_!5RE>D&2s!sM%kuo`zJ4(xHrkiQvy@S?8mCe**FxS_~gtLHfc~0WDlz zB-NZ4w)01#EL;^>^@Xccln`nW84%4kEnKy=*Ccrmoh1}T5hMy(yV?x5)4w&|+LaY| z0H_}jGt1i5m=t<7g5!A_;jp?^M9Xe3fMV#M&Y+4~$b${oX}HMt0oIRxLHW;S7XL=Y zv7f3v32N{rqx}1@uFB=dGSqKSLYx?QP<~h_9$SxS>e=j+|LbTMhVl}y_^}*SuV(M1 zMP1UCgSVv8Vk+trLvcOgOZp4q!~0lRm)b<}!3ORoXYMcPUgl213Q@4#+}x&}#I!Q? z4x;7dB-%b9Ui3YM4?g2X9Ro{K=8mDSIk`tm6(@u~foJl^UCmfhQoJNen6X8sxQp38 z)__Jei_|p&9$llbIMpXSDS{eNxo+fWsBPhcR;SPh6T>O^wZvbZ0v9z|p27yAEKlV$ z@bVO5NZ{qE0;|3}1@@BVsRC>4@>C?~Z=Lr-TPp4e*DOjB+J)o-!CQ|I66Nr1wH=!__@c)C(n= z%#RakrTf40V={~Of6e?jP#Ck$$kXF1k1{oI2EmZrzG)HzMlV+(ob>G9xyWqRCt z5Ol%ASXRM&U_7SBX%OLNRyR+NAJmg>f!T)xHcyWylbffa%3O6P$>-W7R_tZ!OP~=l9`R@&&LxYRr3@>|xlU zo%J$!C}F%PCTG4v>n`Ga1S$4`l8+kXqtKL(S1LFkli&q8zJ`1brhGgZoo&c{V6C^r zJuY+$VvVAdU$WPwonYW2o8i&&yn05H^6a}WQl2gN)XOvCL1~lMZip$*uMRHHyYQ$@ zd6?^!$}?+Gv|hizkIS&t!gqZR~^K*LB{9KI?di{>Xr=Fj89+3R>h|SNn zlAkjvl}+dI>mllB>XZ=^mhz^7gxFWfKnak9i|@Y}_R8KvwBkJ@^$q+TCi z;gY4X_h-MC+h>1}>*E*vXdj{G;?&2R*X#AsP#Cwo4;lED`1mXXUlkv}%)pj<}6om`|bn{eREu>UvvK-#_|8A;lE+HIWnWaVU;#ROYEx0SsoJs zrN{WTE{tn88F9Tzaa9l&TCkoTcQ3)D8EsaWxi-pj6>4z7G-x7NzLEVjxR*gMHM?t@ zxa*s^$r`WOe^#u!Fs(^?6Pu*BxJi5)nz*$lZcA+Z3o^{^NPP@DU9Ybzt~1wZ1n(iZ zc0OQktN8_y`nv3&|7+??mj^Q9jVg~wfWi3GCBXA6*S2cyujQIDB*35ZiJOLWhDWV> zQA7fKfmi4a2{5#rCBR-kOMrd&(LR7UF-w4$^gn?QT_Ufy~cJt(%1F|_L= z{&z5`Y?QlD(ycG!bPwW3`xH40KZpGz<2*NM7+Znp<^2esdV0B%p7zwFnDYK`A*cHS z#dfKrOC!*ArgT3k88L7e6}W^KOl$A%KP(zNO`}-r=Ffe($ikKI;On)?VRpA@Tg6e zbg8^1?es%pEpvvrt-2pzD!~s7kUD5MundtU$yfL{I2-;DF!~F86G+` z(Hx~N|3MS^-^@SDpJ4JAgCm1)UExHlyK~(z)#|p@4a>2*&#W7kVRfI&5j;*Y1@4@t z{g{WnE%K0A@2HJqUV>_jo%3Rjvdob^YfKfX!& zEtdZ(qx?f-%g@ee`PmsQKb%tjt6C`kcjw2}e~aapn6z|6B;_XpmmeSI^0PBqes;E8 z{_RcDZ?XInjPhR)TYh#%%g@ee`QeoEPiUe1*ELDM#qvu`S~?<<@)Lo}j}LSC*%>WA zJ6kUQ%}vs8vHatW@(+nEKRcu4XJ@qha7y{dw^07wgO0KNB_=H$5lQ)pz~#q>x%}*m zmYaQczB}~aX1HlT8r#qg|Cf&Jx+4DpeuX~JO$`*L(Iyx639Ak!I&wdm*^3X|JYm6F zpMQJ`ZY|)f##+}bv;}tBw2#lHirf;u)#3lVDBwZ4#&)^>Jyx~^$z928ue{#!qGnk z_7c>0<-4()s$8hy{J2`B4RPOylkTU@%CMKb%h9`WdS`s5o|qMz|G~k#DH$sApCE4LhoK;w1mi{juZyyY`oPwEq2Fk^h#I5Z!j{Ux`Y}U8}HZ zC)Cz=6iC}J&|(=G?2GFRT{hteo*vWgn3$XtQ{Y@j;L;SFs6r8O*6*&iR7s1VTmUKZ z_j4c_hkpVrqtv;2ICFQna2n%4Y_*2+(JXrYv8)?&MxIXE72viXRFuD6nPAaE*r$)2 zhr(0hY5*0UtK!y#ns|HK5-aXJ1#rqEKc%s;mh}mYm+p*+ykh(4>0a<~FuCp&gWSwM z`Zg3E%%F`M%fI77e*+<6?=2V;Uz+xwhjl*fOvASezDZw*;SX4iIN-X??*GU^?{pv0 zp5#z#@g{r?Rk)=*x!ql?;a#T&+WkHkTA6)()prK7vDLkWVMtG&B*s7^(lGmT&cZiosmIGZ70kW-8yQ6mO(_&w!8q1Lb>n z4st!k7b)K?JmX@_GQOX~AO2~ueGJQd!u<>`Rb6yMvGZmrmxd|Oojjne}iH!y%WW}4BStf=5z%FjXntmPK-+V=uWPbx$p+xcd>6&U#JjX zWBEB+AH>ov)y1XS+u&Rf>~(kAZrD)S4<}s4r6?aNijKZ#-!4hxX&Q)>Cvq zDu!3n{mWx6|6TFQk64ZJb2_H-8gv4 zp!7I##{&LJmhOi%lAqXQjtci21VtgosDbpZ92snP(h!q^6563qK?bKgbMb(cyOXE> zboXg`GltXc{=PN_T(}>>A|DDA8a9niWAZ&RWbD&fD8^hc3!-@(+_X$PseEcwEb?A zPW>7;Fk>62KV|bRaBdX7W}WA>hRF9>crJ0T;u%ApJ&hfe1(k?qSTJd58Lmn=ak!$rGk2Tf`vTO^ z_mqNvpEEn;%sn`x$B1BuvtrNKJN=;|zgE!yeeF3|wwGh}CsF1w<$zYR4UZ&NLVcyP zt2#yTzDxv9W2Q3yetbD|YiFeM8=v1etv{&N57gXmlm)i~De~9jPCzYQ5wBJG74c*& z+(%v!pQw1skUN|jptF~b;H|hZvVAXEFW7x1+?e8EoX%7||HL`Lsq`Ws4Cy07uJ*j| zi~CW(YwN%)Mb;y9pbnQLF1DrBt+BdN)c}rHtAUGc8Q~OlBOd;Ap+=yt-u><&+9OWG z>ELAKj&@HowX6G~mgu}XE(&DRbN0sZh27B>u29mF`Y376K4~~#e+HfJKVz|ymft6n zXgNe%Mzl(z!NzdkN{@7vLy=A9`%uY2B@&fjw37 z@TZBxkbeH4y-Hf@AjFYNapWRA=8O&Q?M`cDQEt7fo6~CAkWiMlEyENEw|_lrt&ZGp z-FvFh8rGlfu#!mU)%n3ioL9dKr#tteM`SfQK%S;OiYE;)9&&Ywxr0pYTr>+w#uK59 zL@OsMpDwYpgaZG673KfW9ofHv|9kU2jSVsUpR|hfWT$_-T6F|-s;_6B8J^7Eo^P=m zL_N3gZU+_XssN zG@~cp`*vD?YN=2B@PoqU)hhY7Tbj&gPI)bTwA$+YYcu>ON?o92`@6OQKT-=>$2mek#nA;h2CpqwJ z=taT7Zve7r@0=0oF&Pfe$CzxA1#0dG+;?&hx$tcHR2$AUZ$}n?JZ$u#AG8uE5)SKb z2X1T8c~kmFT`48fl`^O+rA4|@Ds`n7zU8izg06HJ0puV;$3CcDn$n}7&!do$uJkGT z&;95F_osn>7gnHOEL;qhzCV*_IYe7Vv`V7o5v`bL8;Dj*w24HUMzp=){e|c(5DTXM zlX^e(8Z@IL*n!Yy9SD)2+oYxDA`Wz<_Njv+{Rcv=q$qctt1D*Z9%H{S(AH1g2iIZN zCOLAq8t>(zhe{91v+TCx$y}V|zoms9l%kD&#^^zKc8Cw9WN5!;OAq=8BW1J)$^5l$ z0Y3n$__D#tbspM}#5v^w?4Zp`IPB~Y8_K>ScF?vakjvTeusFy7Vx6Z%9JjGU>>>N0 zN&_ht#Ltd_;&_l9nc|?E<#ishZR~rI9eeQ?>A>I)kWJ!vj~$ib*vO70;`ojo*fpmx zA$DL`CC6{INGrzM;x8lks%JcFHq;Phy#ae;1K)4z9H<`fNp`PaZeA( z3USa~ggVb+aa_#~u?6hAnH|#vxt$$j#o=Q|o;Vh=L+twc9%lzH<0!u8*-;NZN1|`A zqgEVM>{u_3f3kzt*Wm4Ic04SO?d&KK$3Ailn*u*a_zPBceWXm*4TEi6pTb|6_@e#b zx?$*WzV7&fjihm*9n+zn1m4MnTYI!Ol~_tl26b6Ku zysrtciGWcI2xEDl6QGiSa~TjO^Zr$UB?NS3Kp4(@p8ypEBrzb&=f$;g%GGQF!o4WF z!ie5k0!$>}Qw9d&6QboN0aOCsVjxq1s|3g)U@-$J0*nzLgMbAL2;+JS1+Wls3j@N$ z-tz?@qbJ%W36iz>iphBrrtSQ+sGucwT)BBNb}B#+A1bN9C-H$N!4CpQYJ{6 zkaDz#nM5Np&M#8H49y1;ONy1Z{CB*8=mhN9&Z}DQOP$6U>%p7d3cTFSUIuEgs)z+q z418ap60!96BL=f9Z7fl7E= zqsP91*V2|0v;CBRnP0JCm|8q)w>MGj*-Dkf>M$dF!xb;}!f?&_&i@yMEKK z@VNl%FgSmj+?^aKZw0N7ApIe=63^9$r-Iyj#66na=A|2|pU{V$&1InYD0t*NYUqV# z_$Ou@{#$o9Hc?MlTM@dmng3Ut__xORAJNSJLbHGUyw~H=FxbCM;T`k6N>yRKr?PQ& zYt+)X5RBF0c3F+49XyrmZCr@V7U|)~A0_G%A@D!Y&}008Tsjcl>E&7 zm!I@sE_R|-o~LBz+lrNJr){E=eX(ttlKq&i1gMhzjEyEDO7>FQV*Y*IMgxtKz0y{R zUlq%US*rhHTMpTzhG8uj`*7k*RRdj@j3I&E7Lx2uB)#hYuy!W!Q54zZ&x8a51Scpc zoy z%-`qvVzmX^6)2`+eG77UELN|a-NixAk&S^!v+;jdh-Z1q;tr%3f9AzF@iKZ4Y-cTB zu!j>+HwS&a9qkvPXDYu^-!(rhm7U14i@Ur^Z)c^CNT0sN67iGLr#D&Y2c=I}uC4Iz zyRK>LpJ|nUFMawrEB(3j>BFq_yV9qhV5Lt?pWe<&AJHmZ?5%I$&>ZjG_4Gld^s+7r zw|Y;_Z{2rXolK~m30q}pR_zk2I0jjYb-jR}%DxCWaX8Cak$M$r5hvkFiExum#Uecj z<)w%fZ{6rgTGa716$NK8vs;iae~L-*;q=2K(%w&Kjtw|rXt_|`TPr4rFhg&x932}jhx+B3`sE`$af5Gib`oa~diKuElo@FbOR0QM@QHlc zQazw7{7a_yjs`ya8#ZP6JzH6p=|&XL0I7I<*&9;8ss8v|9H_>rWfn&5OpK^wyQ-st z`%%0V?OYz*cV`MT z4d{IhsP7t(RiL^#Kz*3#5T1@eWeG53lC$rV;X_IJQu?HCLu($E*DZJi$D$B<7@f{B zFH>@i%P^jG#B$!WUxQ$+Fu=^RIJ01O2t^iLBB4@*80`0xiqg^Xc6>B!iMG~ zmZ1^C^%m5^R0)T;KrgAk%v|oP7A=krh0oa!Rh^I#9IV##8(8x--cq~h!+*zUg zh#w`U=JK52f5`po;i`>ilDo3+HeKLmvp_M2j>yJ(w7RXXuZ*zVGUAu=B5&I&+NNSy;a%?{A?5^Pul@8G$Y z$qA{eyi6~lKF5KX*rFyE$an>!B2E1p1s@SWktWK%smsE@WpN3DQWg8^I41BK-l(&y zZs(o4sy~}m_0&~)YtK?;(p0yM>TFpQf+nJ@VwA8O|j^3 z_b}rTovvp;%v{#oV8aq0fSVWF@Yz{q~C=uW+U$S1#I?q{zR!=Qw4AXh zLIUK;A{jyyA-H$=j@cUU6n^@yOZJ{qP3YY@hAfY^`0_%i z;s`3M=D(k&oShTQ?Yl1Wi8eErBjF?R=~ehIsXn^<#>7|BKbZDrpQ-1s`Vsct=y_T5 zP^{0TmK+S;gNfdzCFyA)a;$&#p^6&+<_8wMB_GB1 zD;C7E|ImTM!Nf-(=kYq{Ir5{7z(YE7Fi#nQ8Jw-AZNOz@-qTfqy^hSvl@OzGgPFgS z%T>yvBl993@A~-I_ez_Ww+kJ)YxS|Kn;S-_A-{GyJWLhA47IEj>ec}Y%P9MX z0#KZ|2$!fDX~57r;rSw;mdQ*Tgj(5BU5IZqz!UIR{E#S8kHKzK%abo7)Qz7(o=|6g zN~pi%QWS4=vB$_f^xv-_)10!?C@=;dV+f* zBTjWxuKHVd{AWdEnTqcIScjO2V^S%iCNcIBUtfD2L*1BXkec~n~H`l^zt`QF+Q%XrNp2ucn{^+ktk#j9NlZc?>4Pj^>DC*V2Z964Q-gT!f) zWuAa%r|ky41B(H=EfCpP7BP^Nvhc5XLl=O8zu}uKq8*4e(m3QqxfV6tSU5K`)Df%) zu|U!v9JGU!IL*mVMrx{-ipW={Bb0;>ggoECOAB(mh#;kFZXdy^C*P>Xlq2hwQ}wz( zsxVHx483x^b#ik8wVukvu*e{!J2ftGWq5BO@`OA!4I98uhB{QH^i@xDxkPRS_(ZHq zUSJ?GVczgyUO6vqSU|{CNqw9pw@2JcoH*S7+z$Tet!%W|5#GQh3%fm9-pj(PL=|WQ zyGkn1n;gX7#C$6?@>rD-yq}*yMz9Vn*#VWOF~}@?1@xxVby8^s9bZO#kCaeeC2>wC z$Ln}KFnZNXK~1k$nH=6!bvnWdS(pm%2s! z|7HR)o5^AGax{DeH+i@Q2Q3>wB`0)7cse%mRFF9}aZ*{h#SJDoRO6qp2MVC_fedGo;|orQZjgoP-s#hdW}iJEykDCLc!qWCiQx1 z)49c1uD*w^N#H4&tvthQWvDt(GCe;yn7@U=(;50O*EBsXmS!Uo-N`B;+0xuYC~#_` zQ(1VQC)Cbtt_Y;C?mNR2DjkEUhsjO^j{WD@RmbWh9Oy%^n_@ zU0zj|^L|;*atYSU3Gc<`zpR9^cY&{ABVEt8#KqC|kQj*FP?$K!Ht&qzD{vvQRG8nJ zbQHYi7HGRk{nQFjJ+?0N&Kn-^&a>*W>~PNHv(-4ZqIM;>R8PlRp3z*Hml-;kYf)5x z%oJo>zIcK?v|hMPH4a=CX>*5oQ0!{W7Ei^j>4CDE&HPTTO0h7$$a(k;<<>Y`{D$D6 ziO-_tmd8-8JO+G)<>BeL4fVo`#B0vxI_06dBJ!@{HoL#p`XiiP`m;6>D}!fAzb`$k z5(y(`gz{%kA=tReQ&n;eaxe>8@fz^Z9_8SaF>4V#zbssdhcn*l%!5oEOgATNIH!Bw zyXpd^y@AMA2$oyvS~gTgZq2WZ$R;vi2zX>Vcv#|CZX3}Jl*Ee2cA6c+5Z_7*F~pU> zp}k4@KMz~T?RLn%gy&kV?B*+J62WJ(3J=HVQKecrCPBoa9_5BE6v6kEOvnjUIfOpQ zZl~SBqea*geN!es6w-$#jFxxXuK^h7Ka)}nv9HZ)UbASTQv@NObSxsI=X6G z2C9wONZLgzep54bH_&J^z0R+3n(Us*P`xr&p|PI>>G{MP&`n>ky`-V{Oxyp?R`+?TUR$m8=4`_i61<%DlM0d>E~E0r?u zE>kGb`t*RLsP-BIzt;5b1HBnM2oU-WD5;9w>L?cc01;-(3w$(rah8}p&5NLbiS@6{ zR=hY=-r&WTWUz@L@>y-1k)-Dfu+r!SyDWa3v))NN&5w?5`Z)PJ$13klQ~v9K z6Xu*$esIKb{1d9M{E_(Y@FO+9FLJu8|HOW#zO&Of$G5Ooukv9d0_AibEA-rYtx!67 ze%g%2KlA1bf6cat^~T6{nT$iZETukpluY2sn9#Vgobc`NcQtw>rf$kK9@-#;ZZi5G z#7wQMCs(uNS!0ZBpP4aA$^20y*c=!;r+RS>^%y_3%~bOd`qt4>BCbohgrKyV|E2sd z=08*HrFq;)dQqcsI<=VoUi{~rOb5U@$@xL%2F-mv#Wyp83cFC8TwHN0)IVk7f z823ueDw-l#Bw`XRAKgmGLWf1m2h`P1>%|IvqXra&$5hpzdYbCYR zlQYB|Z#i?QZLP27Yt8i0p3oryCU?QKMj&iQhysxxgcCWQ&_Bt?v`;-Juf!JBKuvAH z-zHNcEOh@13y1O>;nzWbrs~<6@iS0voaG4}0hId$N;WkpcB-oCfC4)yJ=}y+&M*E9 z_MJ2Gr2x*S`lW~SL5_HilP9Y~Oa+(bUDPP1!sagL8Cmn&#!H+wZ-%I38|u`(bdenpH2|SKzOYfFsU)?0+1@F8QlFyN z`JDMEGsPd#Zj?crl*e?v-rBeMO0S@1yD~5$`!z0s$W1xh{o$drJpR{hQcoMrEZ-ay zKhJoc&XNcABYmzO3jHiLvq!9aw2{T(`U>Az_IOoa`L*;~Myw1|5uH5R*hGw)f5v8E zK~>4-P|xV_0ZjgX<_)Y4FY!dq8z6@klzhr?H8Q-|7wIPYm>>=XUG(y*MPCgo8jTW# zMU%0bzR}eGW-&o$`lFY#uWMbfhiJh5Wp^b4ipo5KgqSK7pC_N9x2-U4Fky#)Ed;-T zUt2ttd_PS~lv;(SAi7@r%4#WUoQ;d7IJ7dWwoCU=m^)b_j(G+~a}*az8x=T`&EOC_Zv-H*pR zf2B-_`)2HEQT4FO6FjZ&%Dxf@GVhSc$KlPl`##t#IeqQXnTB??Yo=}XdDi^=cqhS9!R>VuIQ}I$(AiK&>(T6~QI4E4&4OTjYEQU;DiRu(Y;$+9ug- zIzaBIWo1zIWAckFxV~T%L$}?smvEG98H{|LIK*a&+)8oB1(3}*kXRXS_-r2WO)4V$ zjLtL`dYEr*)EgIstF)gGHGiaDq;wS6)hGKu@4S9CdP_iWw}l?d&17b^Woop_^CR0~ zCx?}mZi1JAHjqp)>P6l}Flj&o2gelQ%g7}vx#10MVa3(HC~I`#`g}bT&9bJC>7?*i z-UUY=B@BK`wfO@!1#j}sH^Sd|IMYZ%fAXP1Z{<&d>^j+HTW!*l%StLUB1^&>A?QYC z1;ChL0UWA_o=r=z8Z9KuErsPDa*rOr)$s&7GU=t$PGqz^V3qzR~}Pu(IR(faEpFevC|t z0IUiY`#sB0hWInA<_ZD`s4V;(E`!o;Ngt}TTT^MFm}NQ#N#IRX9m{>KWA0gK!usnm zvaPu)GL$vWqu};><91FDcae%SVWQynM(P+ zDc@{xTrJW^2Nf9i!*wOn690qxMyIVXDnDpxFw707>7!xGBUBaZnWn` zt}gA%!RwJmCiwEJu#Jz%f_HrtoLJ!>Q&E6Zfd2WBMMb7FxjYkj6&lb`OIx;g%z_0mesVhgrL(dW2h9SJ3ty8oAt%N z;qD~M8tMMxBhwmfHg4YK0TdG+D}##!J8V0hyD#>~(bA7}Gp^hYP*0+^URaeAyeLp& z$k`LuA}W&HPm-N_7wV`o2Jo}AbTYqMQv?68iEGsn18T08Ll(X=E`T`};E*rYXWI|Q zBgD({qFLINDN2!9r!^GC*8Sg3&8~wf^3D~JHCBJrK!3DKB!COwrhT0Vm3il9Bqo$aGvbd6gw)bw z=lo`QyF;t&yN=~7F>3U7s#p7fiY#nHN5;=ZyZzq9(uhp!v$u92U%Bu-G>Dc259R;| z`RyRi2Yc(i;;pM6Mr!KUKSs)DS>;1Z;}V!-k8mNfBCBi64*vtg=lKceW>4Rh72f$9%EFsGa;={-b-bBxK~ zL79g+=z8oNTN;SxjBKC5xpO~dPd$D{i}wVM@A8FP#&~D814g)|y?5rVJe1Zn6_?H$ zAP#FIt83#|M+R=bfbnt3_?;PF{gfTqQ?vshD<2p*b$HE^;#ql;F>!ubWcO*JmOal^Nnl+*KF{M+V)99W5e&j7@{s}v;p3$-e z|I0gbHZ4$C7wr%yJ=Qf>;hTFlrI{P3Z__xV<@UedN6s)gz4Lc+J>2+ah3V8GEUX~fg+eqboI*AbK1P)v1b2kk zigwgCB3awmIsV8_pDAEPrhwh51ng(%p#)5>6A}R{n{|etxrRVwRim6RS%2fsJC9@b zw@DM(xA52ZuB`1m^_^!VbZFOC2-Fedmx%NgHO<&7g6o~RS3vGXc)t?i-HY&!XS4x( z%4QubpyNm4)ghG&O{wHe%XpvhtCdvlE?PCCMN4HfU@WQpR;024038$niSYF;yl~nf zFP?nO6D3JZPGRJq(V!9bKEK3Q)TGe(Uf}~8GP-x5u?i^O`ArQ*=J`?Rq>}N=aC`KJe|~z%D7T_Nv5>dJAX;Kx}Ji#zhBoi zt?Fu_TtqbZY?Y)MCQQ$aH^N46=%U!`^TThZOeR35amEOKxP zvn)2Di{}V`6b|0`E1cp)OGhgRgM@`=SkeXBLwFyOL|a<;mTqCOjTJ3i;%Z?!{q$)C zMI8{r1x}@-mCp7DVx2zRr0n*oBGdh##P}V`a0@-K##+=f#ZJ1IE{0l4oSh}a1EVF$ z%x%$5dY*bF`spTIO(#zmKc)VVL#xNHQWc42CChdwTAQMu$%=BNBADBh%zO|GW~ygZ zqX!e7ol85wHxuwmQsYk{J)CM7>$LOhBu`aJ;$jDBKXN3}io`ho_ic$o;@$EVaD6=egn4 zTkvG3PJJ*_*1ZT-QNSdSQ-%`0rerSlCG?q(ATk)xGCJRuF8Iy*r7CfVqlEqDBJ9Gv&Xb8{>$T{e+Z)c&34J&v<)^U^c z3NLF3b~FBdybLVY8}F$+AtIL8{c;)Y)VFqA7Vp|yhCIwqh<+?kFIu0(M`#)ctTm2N%5}y8}_2z9wJMuE}l49f)=~J9a8w?(!Dju1|c&ZfC<=py)kL z^qV5dKFn$n%O|pzT#c8FBYLU0oJ`j5WBr@gXJ#+}ADO2}2tBGf|4Gu3Fl|pBB)g3O z=fSFgbY{BPE+FHipHEcaO4XZMmN7ojRPXDHT`Hr;T})dTclT^=k#iW=8%GpSU|XnH zq>)IGBjJpMd|cKTS(fNV1_g81aa>Z;L3Hz7phvy{(R@Mld*fNJbGB3L-81BH;79z2 zMo70WSGRA96jS_;znz-@X=KH2uU`1@dpi#+!}9qr3n7Rj^fB$F@nMl__L0(} zX@F#MsL&FxvdiNiajG9!-}|K^?=FHQ#OUZe#sU(harLir?kMZS=jp>`_xU1&3YJTN zf-yxyKfA2vwow_uUjEqSEDUW?_C?OG-)H<3_Ym+)V(2?Hl~=ZW=qMr<69=gWpG@;@ z1cpgn0%|~}gGS~$SHy;zZ~57H0`{QyS$(%94y~C!Dx;JgLlRpxiutqk#=U@2dzeIt zY+?&O%HB6=h963PTFol*X`n~JOX8Oa60!b&{zB2=dox0!X;E^%N7K7H4ZT@-8jWVV zcjPANf4;6#(SJA3DfGX9fe7^;rt6(by$<>hAW`UF3L55mvjlT8wQk&iaH=&HL>pG* zp=m9Kp*5l|0yga08Z8^)juA6?jGyb-59iY;WyWryM`S`{*r-H6Qn&cSx5K?t{jnbkwyd~FGHUfm}7iM8-$hr;MeA$#N#4WO=h2jf zAxv+NlD7091aWlVZPM~wneaT;U-DkCUE&CyLtRzlz0!ExfKf!>j3&ZeD!YQpWZx0$ zZTDwXcCS*oP#<5od{hhbdm<^P2!c)JqiKK;$v95lwZd>d-Dbs3-#XRcxwKNI4Qm#f z{FD8I$@m~#{i!E&zHUG11L(9QzOhdr)^j!=1F=4r@M9BT4inD=QF1<5GIMaNFFY`V z4ZE?yCzCfhPZa-)0BmX_Y$ELtspB?2At7ZgAG1ZwBNZT43(+O=NiQp}7fZ3&;Epa> zJ>?@!=tSTFMVFtXi{7S-3Js)acU^Q9sm2c^8PBQcj7DRmidUe2ll*|0vH-3s`+lCD zyv_bhJQS>dlX1rDJjVKW{8CNge!fV#F2=vepyV-@{phx&FNa^5vLBwf(#T$i&Lb=z zC|{wQZ{T@3-n$zHwxO%YUxA~i`_q!!H>T9F({O}oD6p3>p%NIux0TbCGS0A95?{^1Ec=z_n z6Ie^;;jqbFV-vr#_>Z&k4`}?Cm*#{0u{QRZt+A)Smi{yH!;F23LIY-J z4+0$&pbtN_^`QYEd!itFkG4UqK4f2~o6?cbq~`LID4(7EV=q(gDV~#@|6Gvj1mHU1$x_!}Z)!iCrP2!B<=wWOSW(kjgMLIF|ZT;pMykdNf`B#}| z@LH$K{`~`Z&R9TH#GBWq%-gxG>Zsdbp%HD-M+O#4^L4N;ipE zr7q=Smu6)Zh#%l#5h8SA;kL>mH2x`*0~PB zCiz>VhuJ74*j;s_Y@I0(ED&6iO~u9`x>bSANx^0(7V~Co@78i%c7+UR9ip92)Usf^ z@Muf4-+$i%niOp+P@-LIyhNg8pG|h#A#$z%(MH+K68VX+9lMoC`N(dTl*?{w#pN;>jI!s#E_c4VyGD;!thci$Ut4O8-AQ|?p1LrR;rE2O?yw&xp5;wzcvzafte zGA1pPn+}yJG7O(3^N>`G2GPfgvRB}Jh|m-pp=2FN%2J=AY&S!<5Bo=UbG(eH_!uH6 zVcEajx9rjF>Lz^IIW$G?JyNGbk$12-NwZGel$4Oj1WQ2BVw~=Dg8!fxD5bbBQeMGp zE%<*I(BLqU%(iTZzZhTlQtSD!CccsVlKADaUg|jDqm=lMk+|l~kzW_*BPqrWO6VGA zXIB)cj{8KMyuLhAI`SP`8jXJ_*7m>kYZ?{ndKW&l;L$9_VuQWpG;RSWyqx7U{Tyj} zBzyaDs#o5@k1-pXC!Q8}kYeYk+P*iQIwGmR4p&y$^HhH~{@^>#Cd`RPdB<`C{0Hi*mF)pUJa3=0o-4 ziKBec{u^181H!=?LM;${v2YDU(>+4;5`9vUc*8_$>kd=YfqsB1ql{DdPFz@SMkpJ7 zOk_zQJ>ZtEhC~t$!4^N}VN|qPut=F_PTra*b?TYF*x(`W6EC5*<*<{GMtB5;X#cY{ zUgwgEQu00iG8D4tQ4Jd&PzAG(C8Kfub58OxzgH(R`mylQTiL|i*bfI$B}W^Y_Ee`o zDV@Gfe><73=;GOw4OGYg3`($RT>xb`2@JQ}#pJ#Q;R}7;@ z#UIn7&QWpynUaq$89wu2%a!KCNzARNq-9JvsfTwCF&`##l$ZK)B4@6thZ&r2ryk~V z@Sl44=h5cFp+)Ay;1kVccVRGAOHbIphDBh81?Mwt(9Tw*>{Ty8%6Y(4ZCZGKs3QKNc{`Q>yqApym{ z(-T0W;@4R88H78j+CGM9T=npp^>8IY3hGOtMX|Fi`n2UVSe0}`5A&hmIP+n+coV{% zNj=Sn`;Rvt@-1TS>Sca;&Z6o^eatUMF=kW6Kd>IYwW#{2Mb)`yn0dap9!3r}zr-vW zR-9vgSyyd7EV;mZ@Ly;?(2Cfw0@>Y$`OboBQ#w$4IW{gHRk$>1UOd;KHGdbFzbnk&Pt0G#{M~K-<^WmBcQbzr&EEm$ zuh0CINjAZxMt&m}Mt>@hvwhWfWdr_HFir9o)vA2*JI8#NQ-kIG1@pJw{9R@KZZLnh zo4*otEBW)x-+c48*!(Ruf2+;k(dO?>{0ctz$uD@;n7^~k?~J+C_c{D3x|zQcTrBSk z%->IotJ2mMn`|!%eGH+pQ>4>niW>7m* zNk8GmvQtkzufa{mg$kPflK2QJAtT3#uuN}*gmjTwxrWCf zA;*m66NDx(8E!r#8KTfj0)%0}r@o>FT!T*DJHi5F0MKrchiRUxymdFJr_AfUbz{|2 zn;X4#m#U|%G2S{k@26&3_5^R8Se}|`Z7F-EdTKY`tK#x&rsYiZ)~P7IY3--zn}Tbm zbpVPI?`a(=E1Q*SrsZDat;^&o5F6bIaVaR}C_KG4u55O0!7Mg1h*0D*|IY2kV2{Yl zFsJd?_@VI|$QoRGEHht~l3|6B^OCUXBguyD1Swu(CPj5Q7dJZ`}fUP^5cK zJ+Dsj1Ru^(g4jD>7?D0w@0q|f^%#~lBt83sEhv*9zVAaSD4)9fpGk4v0)h?M|7OK(k` zM1ldy=wO^KDTN?U&ho6h3|U117UN1LU*tf{qY9*JtsBP-L3}KK)HS9`Q;{V3c&?f| z7<|ZD)t{fNemY&m&udp97{=PRtPSjZ49@6y>r$huvPSETXTiidAhXub0FZhjdt%9LG zB-YAIALBIJpTX_;IovLj!Dk@av-0QTVKOoh>pxOauj_gIa7bajadEC}s-2j}c4<7E z=HLK1H$|Txd`>&Y46Frp@4L+!@2JFlNM-bsLi@gIh(Splz`qukP z@V*`aLKWvw&GiJkiUtH(29f3U{sh}6*3y1eJ6>&u@mGYxZb~h0(v;&lYR#^JcvER? zzU04(9A)e#uNZhrC@w7mzPI*#=x)}rdMA>2J@2h>?<%-IhKH_js0qK=W+q6g< z5}j2|>htbw^;vyjphJJEKI~J&GUo|U70&%5Nq+7MMEivH2tRK{ruyIcktjvi2l-L_ zoDCjT(Q)u|YPYKB?fL#_C_}TeMyi1ZjtCaoPpWReq}u$%&~S)QWQ$OD?T!}J2pnB~ zR-^F*9=j^4@IN6f{{AR^Y;5rE4_U*KZ9Mu+>*?*8pm-@ceoiB=(!P6kC)@WVL~_Hmn|Lm3y~ z{FutP@&nbl-TbJ=y-Vq;=xuqG(J8sM@HVy44Li&!uP@0*XM0+Lr<#&_g59190^06V zjX@|Cvu=@cZT5*@p|*M%Gj{_7g1Z zy$bs&>{vcsOWZ*w;zuX>ElEn;e#o@Y->Q|ZIe4O46#3G)_Iu3^$*WLqlDroEO{9r4 z8vM{27tZ;D^Kx6e#eVEZzWS>+DE%1<5ajC(eiRGN7ORz3e@X?7{pwGTWP_AFbn4H& z-=)geHOws7`m@F3XkT(N)|9UW+z04j%s^~PEBTTD04I<7T<}v;f5uXt_U+_HweLCr zh=^51$6_C*x(Q} z(KE7%ClDRni(O(`ng>%1LT%uOW|UKkaZq0LJWeV;tB7q9{fFq3B2to~*&9U4!fjC} z2}-ffcXRPW?AbE5keT-SW0@_Cb-hD?N&ov9#wESHt!nw{H~8_Aq&n$k+v^jyrpnt- z=Q-tVsubNH^?cyxpx)c4@bAi7&u?~0`;>ptEHj6(uFnESwQnx~_TyiCzfU(Xt$(pb z67BY-@h@H=#{v5nH-nb34;^*ehXeF4J|e0(#lPrB?Y4<7Fq^V}|00tdzv*AxOdaX{ zi&x(T_aWe(;$J-ftMIXve{rAwZ2K28)rZvnOU?i9$3Ax5k(AftsT_WO%a7vciQti5 zUh}1z{o0RANwxXuw2xEcsq$LM6s&C@n|_gYrs8kf$NS!K$?K6AoK$&r*~Y;o+bxYB zPEne6wAHk8D2qw7`>zpFF)d2df1M&psyVItuek(}E4i}zuXaxS9sSoAOu0K$Z8Wwd zeg9?q4;Yi4)4oqCTLcKSU>prm%!vU4#}EJEcFdOL$Itv(H^b#WOp=dIel!PfGVSda z;=gqRfS}BHC7Eq_r(5v)Zc`sshu*^tuM+S4EIBrlqqPMQWw!V2rOwvA$476u=r9WN z6#qXN@Wci`NCP2+{w`)qp6WaojKUf=9?(rYbm3Z9c*OXQ=I{x-c%cfwQjx<@j%rq}h%2Rjt* zd-T#tuPS%)Dw5OF%e=6Gb!u^oeUYE&;x`f^Wp?pDG%2bH@fdE>$2S8hzzMdT?aILg za#SgkAJNJ}ezIm)_9kYa4WEnUGsednudUjp$;vkAWE8w}4`Y^>q0HoEyd7=Iv{^8*IT zY9dF?ILUs>s@SPZ_4vNZL1|=h$8!3x+prOKW9;$$QpWdHB|qx%y+7Jpt_A2y@FGWb zNI1!t#syy|`(LXuFEu+G^Do{+Waxh#HOP30{Hi^7kfSWz#Q1)o9^V6BkMGSoc5F=c zzbUx)7u=Vi#Ag2sNHvf@St_;rU+Z%>{h84+^JQ7a;lrUWyR}&xT5nuB!lbcc$agNB0EN}GM=)y#)G^k56B z8eh$%qM2OjPF_KB;!#kt<|EwwY1|OOm+|1wOO@RJ19B;A(LzC2f4c8S-NH2e>DQ8^ zn%Am79rcyfICDHWU-DZ1fTKT+QNN>Ed4l)vj|ZiT=&9PE{MXZTBQ`+;)rd1xBht=~ zooqHIt^ay(vO)WsAKU)Jf8oEr*oX|CiCIghKfgOa)|HJ~DgNsuYPY+nt9di^XFu~} zL&(wE-Z^`Xi^_i{XbhCtqXKm zK1$l-{(m5H%+I#ISpTc3o=)rp7>jkl9FGGP4k~A|x)KwP&BZR~^FnzE$ucc*ezbA` z@42%p2VtN)`lF}mNsSW01~olG?3a91=H)oPTIS_jv6E`Gc$_lF%7p#(OG}DR)7E&$ z4q<=^bQ3QE^thDxjU@a=$zbb;rT*Sp*&i$>pkFHdzc}I7n($9h#@?2pB>XXCu+06p zDdzsP#md^3l0~dN(LSse#g(=1E!MsdXW-j0^0?koIiTQ1@?_0gK4^zl# z-zS^4H}pkPK27R;u-!qO<-7=WPHNJIuPTBlANPm@gWx;#%E-xKun9*GlLGu{re7PwfZ6wXjzkFGD zsI8%-@Nd%RT0V5Qk!x(k+Df<4QM!$uKB3!b+KXQBy^cs79ol zFDo`%lYTz^;ADf8{kP}Ke&&V?xsb@5FZ&F`p}Z6&PoHly-;_YT$D0zUH2%O#lBNh| z&NtfgWhbz?#qAB$NoI>;sq}267Qq4&hbGXck&A)ryn1<$Db?KC+YR+B1NxaG)>X#3qZ7{*V=^HKIeS@68Y%l zw@t6pKS`z6J!H1&HPeFUq}QZWcs9MZtaZRs^s1E1t?6|X&2dQ1KQT;Bdj0yEE4hZ` z1EJS_Y}GR5>)${?z8;70ieAqGqBXsq`Zf){{wg2S)2p4ceM;@FA+t@d3oUp~dJRd1 zXVYsw@ts=Vtci}UlDRd#wsOa!gI+gcBAoPk*PUEV@`2Fn+Aosy`Xdma*KP1c(d$+~ zw5He8cp7?LB_Gq%Yb{&2lI>IU>Q82yUME=aob)<46`oD6nNE00zP>Ti((CmFE_$7X z9dXj@A$M{<$p=EO0iP%7^r`|xYkCb6?8M$U^|7CPOi!<;K1`)oHkoaD z?b>3(bJA<0e00LI>2;wKo}$;QlDV~f{b|07US6!6lU_HtleeSPY3b!2-?d*Sfets8o2FZzG%59V#GCRK!kuVoZ zzu`qBEG2wf#uw&#X`|#&;-ToL8FB;&=%Dnw0iIlxx>xdAy}hDe(tl9>xtl&kpIY=8 z$U&{p=N;Ir_Yv@eu3cp{!171>liAki6D)X6 zeLgr9o~_R_o$$2%`&v;Xby5EHmt6!o3oGK(=ZD+XEi=ft`Ex+LjSc%k_`n2 zB-;k>71PfKiYy^iMQ=3YM`*P2MoR@r$maHUNzF&bjUJNfq#uDl|7OzAoYVdrdr{nd z$c~Lp8h*{205=Dy_WYLxe+e0^0cz@eBze>b^fy zZ!4z8IlfUS{(ijCGB&cL%%}8lHK&W&oc*r{?))mi(h%;0p($D{y%}GE1mu%2}=l|A=v>sr5+>6h{^E0t2wzS&w=f6My$1biE zd7VVNITi5)b{%p%@llqV< zuPO6?N&6=JykJezzKx}F?Avg}S_$QK;IW^0ge#;Th>(__LnP6*Z)xHY^2u?){QT-! zXfhEi@jvmi@~u|6c^ce%fP0EO{uz*I&91_Y{f%7waii|8mHz9vdL`2+x3a2 zfouM5qkOd6FAjhe4{@Oro^HQncC}xz<4<#43hKr1IQ``t+{xQf^R)i5+y1nF$Fe_1 zQl75l5>!P|OYEJ?{v2aAERFqXlWbn=@h`_Iy8N59YgOx7kAFF=)?t5&1^)vW|GsVE ze+lKm|9R9!;eQ1HT=-uu6{okK<&u=%elFmIMi>5v?FavDPrC5G37e3LzdrxP5p5iO z%fkL4N`rl-U|(-MPT?}5q-Awv?a8t_Von}B@UbZx816=O|Cn>IICx+ZUX_OT8Y%$1 z^BnMII^mt|f|n*x~C#i=LFoEl{%(H%ei9Rw99B zCWa(uB`&2_8^aMMhH62pMg~(VEuROYpBq23^&!?5^^8O&SgG7fVY4K6t1dt7deZ$X zERH|(FGb2G)K1Ck^Wf@|*XKUe6ilOUf0Ly2@|x3-BCq2luZ5hWzaLEf4m#JP!fEBz z8Be^f$-;iy;|lx31p9j92MVXe6YnGgDW8&(l-|!jkX|rdJTYgkIM=raPfAu)t1EgF z?dC=hAkG9LOWLe&U(hWOWnWpeiVa*kzDU-&IgjNdz0@6HOBUPGeC<~S`w9+foIeU2 z#0ne^H2J95U9J#YM)*vxkXqkPw5f>pDucuvMkcw`0Q_ijsfE{s$V#mD))(0J#g!b1 zgh&3KF(Lk6C;&~F;=vh$~4`DkKsLRLd)YfGWbqSEs@maq$XY$q;3__ zKV9n5er_OobwN&oJD$y?qjZvJoJtCD4$LNfn{~2HyH`8fl;B0$bd==}nC6#6b#d#Aqh);^%U}w{jDA?<0_JCdwb5l!myU zOX_%16AeiUezqz}+yp+2N!O+ND;7;QAtJ;a{9$zGhy%%?EX-pnhd6QWRdJcholZRt zo3{&nkM@fHhgpsN*z>MSllJ_0%F^xJge_3Ybt35Q$6xO*D8S3K{(7b)+V(un_;JJg z!qEeq4|w#SknSWJ@;~|O*{`?q*RP^>+wz~!n>1zr{(3)h{O0)aQI1+n@2`LJFt|^` zRHXRp>)*3k@0h<@p+DQ5$$a(UH~jTh^E;JGlKdP=r@DA!^V4U~m0 zPt2#6DYS_(OzMLehr8B)_-F;3nEM5ZC%hjeGnL}e*R)b7nLU;Lwci>Odzd|_vTfVn zby9pIZ&FDQX9N)XWQ`A&NV+XQ;vbJN=T=WQYqBYHk7TxbG{<_sav#P%o|qp4ccKo$a&76Bn`} zSUZ^3c;Zzu+x&UTg6Eun|7$8ddpyz32~Qc1Yb0~)@x&mSWA_!tVpP~Uo;cc_{0PZu z#}lpQ-}}6}SV*SgO_o2XNLGQFQTF96prqelQUA6ko7-Qs;zJ*kR44uH{XmCtKZ?)~ zNi_Fwe!~GWD(FPDew-9dBQ0wG<^b?>&|nd2pSr)o-9G%`J|DfAY~SVwwEe_hsrG#f z0QR0S#AKZ8+JCm;t>0?j5=nKnPhS>j?omBuz9l0NM5)(bD4^P?e21_J+!bKwj1Rsl z6+W?9Pb+O!JB&Y=mkPhH3;uDx2R}0vesk~!Q-7yAVJnV&wDLDN^5p$4juc^t;vUtz zDu&H;CwGwKA$Ib$?&JiPB5{X%eXtcjduG3pRPjS8kNtcBE1~V@;Z*S3_OqR|Ce?oK zT=6^h^U7C~QY#noiTyn3Xs7*r0SLAcc#OB-vY&TIx>J5^`?>2Ci?`SpMgI#Va~h3M z2J-m(T=f4pw!>*Z+qsixlbmWl&HV#Tf4=`?i-g1yulmZpiozFRT{MN~1Hu)riVv^$ z5ZFPhxckN0vu9_)?8;IiR@)`x5@$AP(sUDfH{%f}^UdnM?0D6D28L$$wee+EqBtlo zM_XPq-fn{;>*4A_;yR;) zE6JZ6p1!f%QT+?N2*;0g#mk%Z|4kBg{VD#l8O=J0461_d+JF89|M}F^K-PhO$5UB> z=34!qB8EL?k$BcB#{JfL1e48C_!FE6Xs)-Iglpr(ym^_%oOsrh`xcY@`G72HbY+dV z6t0(|$7U5ns3L7V>&$z=xeGYE<5};JI$OoFUa!AOpecvRtT(P#9fKKYdX7qL?NUo9 z>9N$}=obEkipSqghLW~%r`{>4UfgX8et$Ow?fHiZB;kvXCQ;@?ZGW8cu5*9Q;5!zG zen=R~-9W$s4Z{#IQenJ%FEB(u80(tbYdCwv4Cj_0Z?&-|M@9;&E10%aQ~z*vUW7Tm z8N)}{_=dVFi@u|};Z!H_nmYsP2<{W9OhBnVrVpi(aPv*L-EEf~eKX;=kwm9HFj>Tu z>0nWXsV}%x0hHyG&$4cg(aq9E;hwO_2RO^pCVc!-F$;lD(JYy2T5h9jXd z8F!+ULf7ukJM6mR*R3wtH=3~1j@SMmiFSWs88E%yW*NskYP)Fl7{^KWGz?Nb#*cq- zacC;GATFWl=6v2q?&MJ<|HgisKfY=yLX>jw?E;LHa;^R>Ce68j^{xh+c(o8k3sgS8 z#$-vd8P`Ae?P%6|A)Uy(Lw|96gR z#J{i@+W!U0e*E8h-J1RQzmjV6%elY!Ftb6n|J#+gE{FdsMXmNZMoZfN1wV(OTZA5` z^?&X8IgTr*iECa?Hu38}t0ulBhJ^D&fuI9y#-Uuplyb>~rCh_5xymn_J!}BI_(A-Z z@Jq-Uj;+$V1&cKudZ+B=(CbOoc;K((+F!g3dDL{>MDnOPq-}`AIk7=9hg2+^!0ZNN zUrqykqY-t+Uh4i&=9H>R_UZi`Rng<={tgv_)BULfW1f75?(dT%K1%g6smpG|k8kQW zqy)TarYHejBRO3B^wwUfx<6G#IaS0bnr^KN-I;eu{|CBe|3_ohtlbO&Xs=FNpRd!O z6>196i}+w8I$V;mKgsnvi@yCN!NyPQ0~=$oKChb&&ZAFTYD5tQx#bNfT1y&i@lgSAcX1KVN(ufUWuYfc`8V z4d=nFHy$`t@1ya`ON9ZZ~lh#vm}NNv%dePg%E*|&3jj@8v|SfmBQZQn>$`mjV&o%CxC4zuQe=4wgf z;%l|$^AvmJdFF6-)_-_bRj3x!08>YcSEI0rxz6TV`#)Qa5Bq%cT+-Mz z&sOc-j?qx<-77XG?RhiXUrX0sOTX4gs@-0D|I8vPaO|IXz_Ke!#r{DlTY2v?Ye;wA z%p^B_=>VGofO?4^*)*9qTVH#iT(Aj=6FE$uRSOI zC#hm#K;Q@c9qXp|+usQg;#c$NRVl-W*y?BTXm58+>`q)@wb&Zp+5Y7pNOSp@YD4FP zVq^89N5j7?DM3Y*@O7t%t^1u4 zIyL!aDXwVh9uO!^uAS+kX*=wkIn}O`uW=_E7=^@Nw12%He=Yl&q<$YtVHtg49+f;D z0r2$llqV>v(Lu8L4td%+&((gXJdJxiRi3Wtm1M6!SLzzPRkYMwv0LC6;~<>L`5c+{Ivv2O0wrY&Uv-+eXLyt9 zTKOk`l>}Q~t?`RJI`TYb$uB4>$XB=^pKC%+kzcDl{oL@K>k&^q>VT}wR<>kLBdyAQ zeq8I~*hN?ib9AJV=ev{7AUS0|%^k0E(Ok>IPM{=wd`ax6n7$h+>KY$Sd_@y4P5i)l zlBCGjDqd&BBUbZFqkMwowdBz;KKeE6YFG^hA?^6cjsN{mS@=IgdGP-Q^QQ2B9sn-< zpL=<~`2S6k(&L|#ivKvtn+E^EZv5*J%T)YZ^>6E*w6NcHhr-@3*c1Oi;hO2WBJx{D zNW$PfqGd|tPd7qPFxkg_@{+5MOB#=)zvZUa_+*XKb&VUaP>No+Q>Tkww*gs{B@MsF zNK$%wee!S$zfYIEY3S97`W=qI95g8F;(qae zT$0k`-z^pYsggGh{#DfPz<(7=n-+h!|0jdpZ~i51Q2s`9jcP;??kXni1xota+snc zq^D<&YMcu0I$SsI@j4~b-D#TXvjw8lnT)@LPGL}iIxMg&IT8C`0FRfhZr1zEn3(14 z!nZ%KVlkPk5-?{~d%=d&sBn}ZjdrSD%;;lsbDZT_`s1^-GH z{PTVfe!o=s_ImD9_c?Ia{*PqdAJ0CX?&8@+STE;#?tFLh8ItT+&%Mu`d?d-O)^p{0 z*tNL1HMdJxTF=w}Dcm&UL9dYV_Ik`Z6gn}4?Ul+Ul#QzXXN2z7B*j49gziay)0&^? zAqlp=h#{;j+Qm4xBNbFc_Hw&b-+F6QX*b4<4k}3W4N)3w=~Mi+{?PUKW2rDZFGU69Db4EXKVgl!Z6%3*M(843%V#n>Tj} zOp|0ms&<0XOo7l|vM|6ivs|Dd{OYa!Lo!Q-8%jS7CCgiTax%-RKf0iJCCjemKa=jQ zZJ*3FUvddL@e}!GYk!g-x_{Rq0~=L&%XFzscZDO`Kl_1cQR8q8Z6uIPq?jBmLZDdbXq=Wz`Vhjj15LZ!$eo(wQ077{ou( z>7A45dqiR6BmiXr;tO>84ldTx_3v<}->1`8C)4AS&T6h%ej4ePztM_c4^j$3sZjl; zAnf5U(sWv|uhW!z&Al~I=%yQH=bNw8X52xE~ zjeqqd=XcrjL0tQHA5Fk9_C>g`CJ?*6fb(LnFW|!S>kCHvVq6kMvP_6vYhG`4liY|@ zBOjyB-$yfiv6<|x|yd4L`TRn5^@~vOeejmz$(^06iz!{n57m=m;*>Xz*{?? zY%wD;!|UJft7|S>gjvrBct?CGH;?RE@AC$B50Cc#&=;2)zmUCiRANpgraAilMN7-jzWVbJx3$Utg{*s@)wcDhv(Gm%L=*~fK zO9ieEv5RsGVbKm>!=5(2*fj2!d3(|_U&*S;hsIy!JP7X{nRKqh1$IPJ%j9k3Enm?R zZ|&XWDV<#$yKRjR^lNB9W=3gEOW&ynm3rsVvd4e+-fZu(UA#h5*{zyhB_fb{^-bV{$3;Vgne?GE>{YT zWJQ?!f9R3o|6<^%#qtS?c;EDS!h8PUtvv*0h4+lqAZ=mn+iY~f+{rDV!stm9L5K8} zHp4NP$(y}S)c1KE_6VvZIbRcYMw0h=L2W6duk$i5@e0HSb@Ydu^5inFF8VUB!kaLJ za+w!KWg#7bJm>RVZ$8tE>pK?5zf*0f=f3&2C}pr)&44N1yVZ5_Gf|M*dT-rIawHD! zyH1p5via>*zNvS-7+b&oDX>fxsa@x-eFdf(871i1D&ccdEulmQBFf}mX=&fJ6f^C@ zO9)v*a0Ft52o(QcC4bNOzxJ`)79%)^PdyC~9tf|#b||e`&gXrHPd!}Y&Y_C{^3LOe zr+Nh_5?qY9?jj4C#t3*|Pp;&`Q4x+DpW!Uwnr?QCWNq1u?FL&SF1mlM7hLR-Dxc8 z8K*&uJgpL@S%rUR)3Mu(f6^?a4C{?jV7-WfjqLcf&Nzor7I<9OPWza3*vrPIYSJGUFs`{XGyPdwqSLHJNuKa z>@PX9FOuvDH;0Dx)A|!3qhN5l`Tj@ieYaD0#yG)kJq2+85OB;hcpt-^h%A*`?-j3~ zQQr+^?Hhj0^v80yvZsr5qQW90U|c0Pcn#&+^&2d$5(UVv8BiI#QSdmYP*hKhQ1Al6 z$-4OmPRtLj^vk+Q5f>DH=kw5$H~P4uZ-BRMx^zMmn*E?D<9(=IDeku5LE6QZwUD<_ zfvU*ZJheigoRGK-?QAiV^|E5)l@m3=^TmX610ixI7#(eX_NkI~Zy`NHDPS_V`z$Ae z8wR-oEhBia6j7`}YD=XVCyMn@Lf!`|iUq4H5OQiER~HB(-|=G*3#^CSqgO5Q8QlK) zjBtDYT=^&ji#(%%MV?VbVqxV>L=-R~$S64k6^~)GuV`oR4CBs+C=%60R4O=< zr26&5(azcvrv%`WSu(V|Z#}NoGHTE8c??>h5!ASGryJz@fW9O^r$1wHdGwnEvNyk;(k+#wn*8?GFe_kie$H1AhOY@`-e!;M6RFQAo%zje#tyL zmirBPIW8z(6}x&F_Ij+6@)Sw&b5Wy`dVi!hTZP*CONQof6!5%^tTluBdS{-36np2@ z<8$C09nT9b(-PSOWe{HGn-YohC%cVAG)sN4yR~=6HG>I%7&N%q&cpaw!|2A1h#h@Vx$ce|5zppE z#LYamB$fmsUnkzMry!j8ee91gwfnrf?=E^7ZcDj!A!!lFYtQ8}nk{-cHV`SaZXxwY zW-6~`otPd9`6HD%BVvPkiPwT1G48()3H59s)Vr*y;%L)}={jZ{Vu0A^7 zAE`LH&>smLU5qT-Z8Kv1+!H1lYQ4Y==cm*@pLtt%AbNr?dIcKs30}FkR%}_B_suQ^ zv9lM4_mp^N9wnwV*1z%s_&6r_E}v&d%U6AyYxYhGbzO)-!J_QWoYbRi_W1=K)z$W0 zS+jSf_wEMI4t(B{RZ|a=KgT34R&P^w_H8b!8PsKXsrT;X9xh^(EK|-bo86^L&EBEj z+7AF&v$rDDJF-%)q{K*1Iks$eR&LgdgNmjeCgQ5<^axJg#~ZwNJSKX87M;}3lOcmw zF=p!4%>;2BHG9jvbsKr8LcTmzku$}3(kqHx!^1yBQoL`T9Ph*f+k44zyuez6O50sv zR%dCyIY8PnkZR6Tc2w@SHS!d(xKXojeYoMp@SY;?%#ZoTtn;tuD|+c`$pz~F^`hun ziaKh#)>YF3s-#)d(Syhy2UV*dFwj6u`O`H_?3IjrM832ulfY+Eppqrv_ZOl zdcj@Bb7up7DW4tKd?t#E-fQvuVAN(j!WwR>^Jhmm)%8bsQuSv&I4I9M z^A=ta!G#_!$5hf6zLqb7OZDkV^wqTBDj_W67~%H7hX?Qzy1gp;oZPJ$C`$Nacgppe zer6Z)eX&!I#Mm2WVziV)bEmq1ld~O9jc-$28+4>`?BC2TVx7R15yCpM&FhrSLDyq{ zHLJf=5ZbRVpD#Bj)9H4^$54Z=c52Yo_3<&{%bzcUuCCoCpcOpR?yiTK&xP^FC1ytJ z-)|yvxP{0E6!`BEIl_U+`D(@Tg>Oec+LSLa@!n}A_M*>L~g&*rpQj_5-l0o zVLlheZ|`_u6#41TCL+&M;J>Fx^Jp89F%Cp7O(N3V;lL2N-a_Q~{|S*B9Efa{L7S;H z-b@f!{hk+1JEDe@2n{(FjSy27T&h2v~QMw!or@lCjO2O_K&TZnY|pAfmkfym>N zZA2b0p9|xc93UdAVpDe{i_Tp0g9}heX98t-ZcmP{|xJ1&tUUMEc`rhf!*s*=h*0f zS6>&H4?v;T96-8SfP6p=+z|uP%>l?tT81EkN_(fy*5++C}zB8h+1q;Nvo!C(l-%fS%es4pr*zLm{$h8Z+AO zgBdz6u68jmg<;43WI2Y&3}HuVKkAJ~)n)emskpCK%iG^Mi?m~rc6O1>WJQL;ABlLw_jPcKd^_?d6&a&OV1{B6r9UEQ6Ft4A7$h2yqM4Jxp(l3`P{J^m1kgg=?(wjjy#&r z&Aq#Dw>uijr|tlr2}Wowwp!3K4}-=$b{G>@)XO3Hl#NwZ;k`MBy=Aw%aq}({D=VMM z#W%iCY4}K*8#XE&y-nkKVyjkj5?<>rQhA55c{}ZJj)wsW%ri5Qh~I))H^5#KljJXzsTKzwD~6ou1od#yTM?dZY&o);&o{r zSZXkfRWYS9+J@Im zE7ziIYei}*Ckr$hqFUP-JF_Rh++;qEZ$MxCETb$u4Sm_@>$R#)fadUb08F4}tp9jd za3iqVF<(Nq-o#T>n3*QP%A*(bqZISsxUy(dQZ71~s%R+O-e^06k82ZVzQVpK=A4sq$>7rWa@D*+{D# z1SOxjp1WMTGlH4SR9E3PrAoV-9Ue5^sQeQzu21zDm7J?6fyvepWOuiQT&(_pd^hNJ zp@#fK3-Z4UN*yAw4LNKGgnUG%)9kM_P%Tb8M<5rof97P09Lnrpi)qj6g6ec?S*^JR z;y@oU530}O)Vja2-qZ@^3LtS^n=6|2IeJ5j3=p?PT~@opH_Jr!hJOX=L;D73F?XSU z6Xe0f{Dih3fvj7ku0puJkmT2JK4Df3cxndPr5n5%EA+}ySj_NFhZlT2m#r^ zVC8UJx}#&jEwJ1be{6(20CiPriQ5k^m#xBg;kYdOrZe!Sd{tptbmCiq0~yAOlSn<9 z^}8ZWq+0o^FMVq&3wOpy(Cn8Pi_rGY;rLmGz?zWM>ALbj2HMOY5O7Ns26 z;_#~SqTEx|aD95osVSqvb(G{1>tKp~;Dci|IVRx|3!`5p;5mz6M zVjtP1t4UQ0d^A3()?KgBFqF;IM?=Em;FwecJPl5&I3Cb6h$#UN-yeY0+?H(MFiBLn z1QnGl@RFACo)%0GQ$vBZNtr!h85gt1m6&qgu)?J|7iGv(CY`Lif0}I9rTdkVaxT1` z3u+}D*-if8*Zbj0E67SwUxU)fj<0DPSAV=toq z$bqZycA5Df*U+z^u0#k2e;G(E4vO@r=qH2BAN2DpxMN*G@L0SvXQ7L$Fb@x<8lm7!RB#6@u*U{8$_)VC z?Tr2R6iqr?I3$$4>e6^7_^Ej;7#3-Hx`GY65n>V2w4!BDq0sVuAa!r}MK$FUYF$%K42x|e>qC~k*qjt04qp$58qa`PJ z$82RWxK3q4T@t#u1Nz5M5|4T8Za4 z99{}H`mp)!8$3M9cR}zlr0+qX#o*z|esSg1!xNiUs44Y4QYu2=+=C&w86g*L1H};4 zi*RAGCH~PR-Brzr--t98clTT>6=#tMYOz%j94E=4+B@FW{(!AB!7O0@L4NJ|?3Z`?DMg zQo@EmZT{KtiNC;KicVt^2z|%C$60J#p^l3q&u0K}{x+5*jBt$giHL)XcU@Gr90G*c zvxeziV`&1_CPtk#N?})AqbO`lLlmagA8xigVza$bi0ecpTuv9_vKWUj3|DxY=>djf zPi2w5bbRz)SL8mm=eKswBB$GqXJ5}#P>f1gdX?iDcKq>uv*o#gP?wfm5L+uMudvKE z2z_Y_O()MPiS-2pj(8j9zl@xRq?VWFdc)ti3*UEdIF#-#{?%CC4yb|)9GyZjkNWR% z7yeQfotke1zxvS=S*sl85cv|#=%RL1#_}NOgr7q#`~Hmwf8z3929^Q_x;@rKb;St% zDj#ivX4w@^cU6sm=+1U9UHRd6vY&w;r5vT;_g2qRGyapgnyl8~Yfsq0X*4#-Xmn{; z>g(?CbnF+plA%F8tSa*z2RP`K`2$GQjXv}2$#{o%%`b(2CgMUezH^6}&*vk23KDbX zy@6-s@#kWz94%Tij6c~uarb-}+o;&{a{ym-$N`VM{gRBu#^T;W3=Y#bFL-eyCblq(Yv;R;uZKjN!Ega<5#-n6A4 z(o(WsutT5%>@adB^Cy5zIO$I>i*zYpl?J}tF87!eX#As{g0QQ=Kd~M5xxRLJ?(pJv z1!W+fc6~8t+m)7ur?zudtSoQmsWbOtpCazl)=;eGSvaofqRf}YT{wMk?05j{irfI5 z@1{Ig@pfO!DP|5h!IVu3A2J_+0J=6t27o=~dZNofm&2f^^$m1~2Y8BWee+yYzMP$j zcz$p%P#zRUxJRc(1Kcqno)Nf4Sjz|%It$}Lt?#(lgIJ^BKIjcE|~$u{4fH zG|(R3fY|4tO)runN6vIbuw~XB%6Uf4h)nbzErL+RKWfB4Hlij{zxBW>#*VKS=oT&g zPV)I(-?22~YBj$vY!++|-cga=12fl?RHhg8}HhiV}Isv}FwmJ&jd~}S{?;_`M(Rk0S@?jI^gS-48HS^2ENc0zXyMJ46^a}7sPj3^mnhm zPQc%PS~&1$uRr4;T+uzeY)z`Cc!v>sLe}Slfq|F#ukj#84+>Xr@lNE#z;hTe;WmDV zQo#B&nUh=ONS_<<4pQ0GDKQ`M4fpZA<(Jdia1kp*IO=L70CwR}8=n6IlNb#W?Ol<+ zuIS}(6Q2YbcsstTtzImV77V#?w%o0emSHB0^;$ot(Op2x3FNKZ}qq2B#MH0Ki#bp-g15yVC$%JOfoj@?m}c zym|KT!QTf1Z2T3_1fcO(uCEjDR|7>{JpRAA>qq|Yf^UEWzGsKn@I9}u6W}}lXy6OY z`aSr&qsYczdk1{SC4=ujDGvPgTffO3Zsa>|>K^gUjsiNqM)F7PgUAH_36W+-uBY%T zdSfhuRI~^(LB-meWnw2+u?tDzt37I+W;K)okw@g<8qoaeqEJv52g&3=mSq2ku!^kX& zH|{HCnW~J;K9|qw!&WlT3MAP&Xl$vZvIGRmBcSfq!%ox*zRW9+Pry&Y`gwwcR~3I{ zgmSPP1qQ=VOaBStE_x-n^yygld@ajYElCkmX>9BzAo@rOeD2<&RX)u>Ko&+ZyDv$> zn)8^fIaEn?cSj_q!97@l4~)>`Tz?`1&4-9#>o`4QT?Hdug6r=K?mxy@5oPgc_Jb#3 z#@a?jU7a&N+_J>!P=$RL%49S`_e1lUz-klX!zt&3T3_eZ4pymlQ0lGn!UEcNamPT- zAmiqxcn~dnxulD66a0G#7!{C-3lz$#-ZcWwWfnLcn+?u$KzoY07=N47Kr5?(r$sO6 zSXvtF?{lyNq?pGyvw;U@YJ_5!+DwE#hrXtm&vOKufuahlfu9JGb8&3A2N|fldTMiO z-#J5r|EK2Hj*g~4rBEo#ZuUP%l0ml(kH~_;j0tbwqxS@C=M$kmb|=L67?sDNm1J=~ zMu;{P>bYp*I~OZPLaYy5b@1BUjX%)mo2zLv0O~+?{niI+ikG!E*1QS*1`Xi$-8D=4C(ma$G7uk-2$` zn35uEsJC|&zUkU<7z*A!Mlcf};!vFpnP#dKK^W4V(*>DWAL@l5Z3i75VF;4>5Udrk zZ)?D)>gY3&@Afk4O9zjH{4EJD=*RdA=$86q(QLZHtx7|?REAi0WCc|O2&QC=uY2$c z#wGhb?&z%&$PAU_@yHMYN5xMrCf?;^ELr}pW-07<{c2+yr)eVTD|W_&+QL#B>MBL0 zuIM;u4gRb`iNVxY@F8k+@dpW<-MvPFvy|tLb4N#FMJvxQ6(F~PUKyL4=Z-!>klfJ~ zD(Ja9-{pdSygHlttRzX3flgwvb))NAk=hPV#2LkfVB1nwnv39Vs1z!4_y=FB4k1t* zC$vD-558AtCz5nEds3`OM@-u!{Owfwi?@)4Rb0~M!oZWCyk0`P>+kGEi(UIk&bNx z*SAUaXM@$zlHlL9_3SoC0JPWF!~WDJ3H5#3#P8dx@7)`|P4Bnf{+8p5mYu1 z!PY<1UA&d`w@$5Yqt73L43GdtZ$UPWh}dIk^Fyo zeuOshcm^YXfPW>=9A<1Y|$f z9DPDN-IJrxCn(eOkgn39hV==aJ6P)kha<8aktMxL*(l zW$0*A0!yIXQof$iF%X#Py!MI_D#R;0w1-~QuBwd?2x`Gl!9&u?QenS}Px z3QLuu?bwSa3T+v}^OJc1?xG75iqZWK_L4ri`HDwg+(YcxeR8~EU!OcT-V~roI0BdV z>5Dd>$^Qu0@eY0_e+Pbz%DsSu&L$Kg+=XEGAy_2QQ$#t0DCNQ@XaLFUdvI>IawHRJ z1NNTE`|#d;4}VroObKk<7C3;gDy1FVf*ewqd*9gv3H*Ed%QtW81T}4??G^eBlc4??CeYUYPpu z+|0xE!}_{F^54SSWk77IYRWemgTh4(IbOg9kmF@f?C; zjBD5igpY+*)(CxtM{rGlH7`&Dufq5Ffu$ec9%D2s7BeIC5}uRGLK87~1Y~n=@@eg_ z{D&%l>e4-t7t|a zzN_LsBJedv=CW*LCu~Xg0pw@$%?=D4?!N@R1@Dpkj0-*hx{J5@us48@!F%q=<7z<@ z@yud6H>w4#)j0~GnDGwUjqjYdn3KR#v5%}yM|1Uc7_m#gKa7Bz0Q%^Nw?Y5o{wjqV zd^a#3TKyMFn?nLL)A3(`o*&oyw)aph7Bznsz=YKk7!I=l6BNJ#CSH3!KCU<>- zXC#3S8h0~ESCIOqCeT0={OdF|sdkF`d4l#&gJ=UEroRH4^*m!@L%vI#G0Ohyi7eA< z10p+%i#fybzk>p|P?$qhp7#`bd zqFKE^fRGwFFL#rsSMx4fE8_-_M1AiJt(4U&=LR*h2;yp3Bl|EowpMQsqegZ%RI-Bx zQ6Zal#0uHNu|)KhVn0IfgjTgP`>Ot#uhY6|_s3NQZ3GBDVt5ep_9T)MZS)qt=9^w- ziA{^fBP@E62m2g_pVakOAOfy%OK;^nzSG=MH`uWO4Q+c@DuQqj5{=ZIRE8L9+GFi^ z!!qX%BUe+K`CF=6>G!lDIQ#x5{|-`VM5U>0)WM7Gp-p zUV`=je_{0nvf-KSQ4GqHAmz*c^%2mmH{8Rq({b!Ku)2)}rL=TK>8OFVB%B`K0&I#s zx$|(XZGXeD9{*Bn4kBu>8M3yp@PRt4*yN7U3W^Io;XG^Iu~LS@y>K%N(U~n1%WYSB zYjaO=yqDRx_G1m|s+arhkGgUV@^po$wzw-xbOk$)TQ0>6*9oA>c#ID$%S-XK?DuN; zl_{Ix%d&N3UMk0Y)yUQ*X@0~pwyMnuZ`e8_FNGfW%d7 z1r&DByMiYz0awzgJQkJ;rC3PXEKOog$tN7 zP7UtBIORsr3MZl@DV94L|Bq7zqogbN8*N6xuwsh8tZ-zZhb3w zc*H`Z`pka2;Aq_k^WUT#!=Bv-92F)H7btIWAZ zJ}rzlwS2+#OGPh=Hj9$h!0d~h(kc;kwe_8 zF2q+lAfBnO;byZqd!YFhv}uxZ{lHc5qQpKlc;H&2@--^l^!Tzze-#Cso;RUKamS}Y z{Z!H69lV3EYt!MM%0P!ql^3VO$AUE{8Y||?m!1A5T%-P+IefBE(*gXLCTvs$k27xL z+TekFV?{qHUG!#aQgK33c$slKROwGy`VlFu=j(mJnq!R>KQkl?^Hoagw$Yb59P8Dy z9Y8-WljnI=a6u-Utq=4z)$HqRw!ahTXMzU`j1`NebkQGLB?tOxRr+z3-iwG_@I~;u zau#xoLI>Vk+$(e{?l=mE5MO0;gB<;Ir+(U32=M^#;$!1NmQxJ>?%2jr7@*vCj=nw} ztU1+K@uqy7r>ZlJwObnTS2pMD4;qftI9+ z1<*C*7hr_VJ1~*rv~pLl2KMt23Y5(mNkCy2YMptOD<923hq6(GV$U-!%p%cXtB`=R zFf0xkt)Y+rZytmwh-wuyG`J%)Oku+sj|X_6t*i{OZ{Gw;$(H^O2q-Q_reT9NEziHf z8(9KPF|-mek`6|Mf>Fscv$+*JX}F%(k4n_FBOE|>3>RbCLuH;LdtGbb8^u`lICk{) zk%=80lRT!oZtO!79eohYo*2G*DA2}^J||IH&FW}zneON&V2kXPdroXq_15V6@+2L_ z3iR9w80BcEr}1O%hR)f-0bV_*Ufs`E?bA zD52nS!$tFnbZ~`bXdMf<2+!BQY6`8zg_A-z*Qd~HG=&C+>49q_aMT^R4Ip5l(DV7d zEdczjn+)8Y_%R2_S|68yZdI?seATs8GN~%-G-$FvjcqAK(~*?D<&)uWiD2%!JbBis z$qGMlQUaMg+g$+pH-5~=(3%A!@v-?|YJ5ca3+?wp(^r#XPBAE!R#6#rJ^C4lwKwp>hXYu817`G^h77- z;Hf+KE^i`&G69FZ6dunzjvBH25c z@O~DY<|v3d*L9RSpTmzioUfweAoWkA7qSr=i3fo}*vAZ2g`l+*>1491Z#?U3hsDa# z)OqUFxqP)J@zu%dRX4u+2r`jn$^3Fn1?r52UZUkkwaH75bWmPI7<-+`XkZfW(^pw7I`XkGaQRSg@mOUPgs(G=3*Q~BPQhDu;od`NMdnAtIjxN%- zPw-=2?|=nh{;0TpHM#wa#8)4vSKIii!ntvd7QLWeJ}p3Z^E>#1l4Xd}TLi zg!VB1m_-Bs7>TOvQ!vyH`97RbZ2@S6HsX8M@>iX=Okw{~tCskV^HoavZzcA%&cvDo zigR}LY+a@5>iJfcZ0+?5)OKTHZLyXPz<{{|7I0v0Up#jk*;E^;uBf8D19QK!)?RgL zU7t|wUEGx-THiv^f1oi>i7iGV3UiNRj0xi+oVRV`=}r{n(`$5f3Qr;4B`hXyv#NhN zs>1Lt%n|yVhaXf?2Wvm(Ct@u}H=wX~GVYx4_IowePXFs>XpLrVS0+*jWIJfCM)&FMoMiZdESgtforMja-mB~*ELkG zsO#!4SJZX&lq>4G^5m+`^+si9Tw#dfx~^}kt&VXO~WhaHoTAvrur%2=g-%^j$vZtJ`^m!4b z;N1!5MO;20;k*cKIKBT^F`U*rF9Ld)iMceDmUn}xw8bcWT?#W{T;aJXR39$n}X^lN;)J z($W@(b{g>&?2S0hvhaU>A3`0+b3)V^Azw1*Byv3Dv%DasH^D|qt;&<7GJ4yhAV>*z zPkg;I_S+amDCu}lv;=FAw{CA|tV1x-|A1elp-RI^ZadUvI;wgfm&p8);bmjdqWx{j z`xvqA2rxE(!HiJ#AqCe1tPk?ky}G^&jLOxjl5|!=I5yt`+!ODM_`*&!a2alyXrOWi zF6c)?-yKr+xw!X6=OW`2j+H6?9OI7%FM&G);w33_{Mi_O2s0V^6s%I*sk`N{jV>%@ ztUD{#vA+Y~MktlFbBkN!+V{3A^<#kE?^AcQ;|Yu{V`@0bb@fFjd}XXVh7ord1Ql`j z@pEj{Rk)wsWdgP5@KxXdKz;%j@F74QD&IvN1FB_2*G?cC`)QGT6ri%}+w60gc2ZeKis*P$a>R-$r6Q*8nicq-F4=X`Aa( z7UFi8Kpt90TWGX`@)0;Ro&2TfAi6D&nadzj;D&1{5!;(61Q=HpjQQrZ}NC6rcy zi{?|>>lz`NjWAz|jj)ad8e!(Ss4oFi*Wp2v zn3}*+#MD?0q>ZT(fvzbg)`ed+iK(Aqybw%%hl}Q8>QHZusV#MlAI-+psM=G6oZw;A z;{FQB-YiV)FSs^OM70SBbKyag2s@djh_LP)NE=~o1<0ll7K0I_X@qUWSAsCwOq!3d zH+pG=-NsgqitBedY$I$uRqc8%dT?$22m?U^!j45dO(JX$OA%qaIG#4bKEd;*=i*v^ z)g*=e0bdEiR^p=h2)nDNM%cvy%h52e*l#w%x}@6(J092O%P=$~AnaQ_XcA!?Sc(XH zk>hD2>>)gF8euo_t0oaP6JH6!&cj9X5q3qPMi}!rA036QJ!m8B>$Ucj`~=tLEihOl zAnaK@XcA$oS&9gYa6D~UBWxnSY7$|m<10bfskmr9!iozt!cqm6qoJ^y4%i5L zf0K={H*jrEqge%xiN^8>t|(t$WmE=m2>}wKFha!68%!kVjmYJAgnVt&=+z)r$fGO%7;G=E@co~j47KwvqV zfqiVhJ+L1iwg>iYT$>@-ZY+ewCG7Ub@_*oY?EW4^M}mZXGoCvo?8W-tlCZDR_m+e` zRo`0@wnyJv5_XBcwpRMmd)A#N4 z{Tuq;(DyIud+bJK2l1%BZ?Es~=6!VTF>wh$f(J^%zmczkRUMj^@bAjkgLpBD9EpVQ zRucYTjG);CbEMu#buyM8faM`pb4tCD`V!BbBlV8Hw?=BCzPCo|DSdB^)c@&wYoz|D z@2!zquJ5gpny>Gzk-A9VTO)O@zPCndxW2bW>I{8vjnql{-WsW6^u0AwY5Lw8sXZ_* zu)oLXk^55LchL9m==+ZPexttcr0<{NeROW;_(=a957bEinXiIX$2L9E|2|2N^mQn5 zBqKdajr4}S80ph-T81^!q9!;Nl{Lx4_O#GUY}d)81*YMFTE+-{g6B;$v9+#8*oG!A0{Cc14~>*ck%L(I9N?9vflTA+Eqe*j!wjw?My?Kw;0~ zL6Znu%~B%&a6D~UBWxnSY7$|m<0~cq;G+2mD?ULZOwPAGsx8S)KiLR-YoCp< z*Kuu5gT5>QVIe$d5@9n~iU_-a<7p#oB%U{ouzY^iB*L(WD}?=ui{>LNv%5yvHrgnT z3Skp}v=MeYV(TmlyA#)DZ&aIru<>}%B*JJg5rh?TJZ*$^79gA2^!`kpW|Ii}FTN5A z+e{s6vsIlRcGU=zsK28^SpIGsVZ$(77QzPUYk0(8m95+)tD$#?l`k%P);eP*#NS_^U!5ZnN=RC>2)+wHx(boDcz^l=Lyj7$ya02~e2DlN z3`@`7cyUAOJfrdsxk`hT_hwu{jSM9<54^FGmm`y7bU0!MoF|X`>v)Z?T+VxEb`q^s zc?XWFQcQ9?W_5s~99qo|R*vF-eJ{xBK$Xg*8bMYE>V?PX>jLv}%nt!Hr~&ma@kDQc za=j$qTf7g)9pgQ$7xQ_-kcJp3zxjra=Xf&-MvY(bKul0M?+>2}4hjctm_+z0Dz@D$mxT5E4(*v@);!Jo0 znK+C>oTR)HCD9GEXoNl$;9zrk2Nzb$b_(oCn#!D~X_R%*RQ8nA<48%bj~eN0#_cEN!al^GcKhwzM9&(pn9?^dJU{_dl)^9SXv*m^9^!EU~rv} zPTT`wC_%GMMUIeVbw@ zK6AL%5l=DB6**QN)3woePGHb%zeiHJj$%9#Jwk_+uR5^|&a}@2YEE6$*I4tD>*X?Z zod0pG_Pzz(+%LZjN4a6RcfY$EqmOiiZC!g!=&I=;pS-;t3;`+S2R^E*z2 z>(j6HhwZ z|Aui6(LVcBO?&X8`uCv|8~EUT^}*Y03g#)RlC^=FlZ_RBQe{HSg}^F`vYzMwu>gC7aqv!bu zxr@Q*`pi_1rtr}&z>7!azX;NY;m7<$J=(uZ9{r3Tvr0WWQ+;(Bzj{VJ>Z~5+@X_DZ zqaEter+jpadi0!n^fZ2|m!i29>i$OF&%you2c)fg@KZe<_ifetmV7@3_rJl(1T?W1 zKh;BVf1-NdmG4i(y;s3H5s6WIg4peGou!chsl z*jg6cnOYY3?Ob0={Pp;I@tfzZZ!VXB4J7)ngcW~-+bDn23kL_Ie1|*yCSnU=C$8v+ z{MnB22V*;5)!kl&!C}-dy7{hp z=DVJOf(f0l?8v$k*LP5zxTxVyNVJTz6DnG!(-U?lu3{%}J_Nf1G3t`+fk_e|#2$a# zDH}1rOf5AV2liFV>u?i7#sHWKq#-1 zQ^x0l3T5tO)prO0G{9&^M>Be0FhJ?&fS@PhNW{hJUY*Y6TV=w$&~a2l0L(vj1_zMp~JNnfg)P^N~|G{cw)uhCyXx(zgdP<8{uDE zNi#zg;$#Gc*%z`EtXPBMc{E+&1SSYv*-X%l1*RfYYut{BSrOVxo;XO&-1Y)`eCFbV zLb5`zlWCh`zdU#}{G_`EZk_`;HxHDABMC+FX7Ill@u~PRURk`Nr@)J0S7-=ejz;qzkr}rMlFnHI;uMS_bk+B<0RR4=t_{)FTU?RHF`j z3m=M`7BwTg7HVZ8V$($$5pRgv6kTf!5nCSBh`1MDb4E6bh!5LnL_E@n4jZez^u&RP z-EqZr;yG5x7m~a|V>vR*Xjj&YtVRbk(x~|&zDHnvnQ_||e=&$&iMc9+)#?nZg zRtT4$0GCb$30P+6YAnE9BWyC*%t^$Ys4w6G-@|ad?qRNHR;clFT(je6yYGzs?ccJR zvr2OX${=nm%0bbM`XX#}^h`&i3#A5|_I!QOpud-D?3{$gM%QWVOf&|D}CWYtS0&W39%j(b0w)v#8DKr>i;f&M)H(9YZgpuFv69;;RMK zTjvW@zWFloEDdo2lhDV=Rko1sbLZMPgRuAj8HI-CdAbHWdUGRn=?t=tY#SVI6M7bj2TeoCV52oC|IvS5hlw{=MrJzD@3;M1&UXDHzL-8%3y`L4S>+w4($Fn!*4o&NkGRriN`Fh_ij zqd#15(4UITQCedKb$xcOM|J0a|C8=yvpd=B4zeOME1-FQBIeIutAPsRxyF1a1*q@3 zhOw^qUezgz1g9Jg#^2nL9OJ2V^g5^B4Js7*SMp6ZZAF{&(3l8=+3zG2AFRr%0s;OM7aMyLb6^uVHm&>??H%tb;7Z-5*HGuS+s zR8GNu9=?PTd{Dg0KgIkSfY7(_8$9O|x2dc`TT=V2=T|mMUv0JUG>SkhL_~C?AM>cH zSeO6d5>5SpN{kRS$I7QC#E-8gXcgyI;}z%WL{Cm8mX3fw*# z+)EwvD=yLL063XoW1{(3t2Se;8o&EHUtpJ>+ zTVGFjN1ShLicLk{Lwh)!`Hqw32Q!ur5O(+*Hzb$(3%O%4Dsf&3rJFjt7Gt^CS#nC( zaQf_BH5o~BFDx}~s|p-IfY%QosldTS*aaTE5aC|9D_yxbzb(vhHaE~nL#X0K-F_k+=L>kK}s6l*g@Hm{c#qp=K?lH3~-rm%8Y>yY7lhVL?p0k1u! zrwcV~pcr=~ewHh;w?L3|q;JVpC#_S(cJXgQct+@5L0CMKrp{{e4-A-O(lp0&QL#ls zDw=X)w@0+13F%9be{_}xfyeU*2o|LF7I8>m;5`38jK}5vGh9f~3E2d>L@DVacC0~s z0*mI$tQ1|I0a@CAfdxvPO`^737|YXv1x2ej9@IVjNf7fL&OJ_GZjNQ&d>3tqyD{Az z2FB@cnk48NDEwrTJ$`>fg;d7bXI~%0z5yQ~r>Hy1!?=;p%pE@6%{_rNV(J9m=g|;R z){)yW%=;+N#Zk)jBD;>{+d)25Z{cp9A@9K%@)$Abe8FS(#r}Oj_vb|E&n7uP9IGT) z1kVrObLbaP8IBJyFO&k(Uop^7at>c=|Juxv9rSWS2;}WZ->iJO}F@7%9)s zT3O!KwW>V7Eq>kR4lZ$Z=^z>=Y#?nMx|<-6Tb3j(kN;Yu*xcm}jR2TjsgiN)LE1VF zDPW>Bi$FA7fyq(#j;lOg;r6PwkZ>2bEj3GlfY?d5gL7E1)AgTmf=qxhBid=MzSdcg zW7pgUd%c4nWA{*BL29vNd-rhXeudiU36Li!NP!z$r1c6>p5=}V<(}sZwUAUw2e5v7 z1id2G0+l#oH11CD&YvuNHgvw81)D8zAKs^6o0kBaW8$f`%?7TXeJJZ)Vpi!#PlZ33 zWgqIPuQg@?aH4%EAJ8_nKd2AynBNWW)OT!nS0L%V1@BGzx*>Rde^l_=@)6fJnhQUf zA)Er)Fl5ybj`V@0UhE*xWC~2phtjVC!akO69E3C=FmMiLCfsbImtk8E6HRfo4@+~E zl9BRBHE}1n%I#PLs1xc$tu=QG;Vrz)#vfPsb2xW^qoGIy|)pK))Ip$F9!9`554kwyDGm zX6l8xi5txL+P3JId_LuMTH!_~@<18#oy<-*BtXsnzgDgC>S4psC`0)OxK zsWF1@(ExWYS|d|tI(_wLL4`GI?&EcD|1SjhRl3?Px=D7b6ka=D=U@@ zC#d)JVRN}XmVw2GdfzY-W+CzJT=OM>$$0hPmNXkXvsdepF+vxkLI{{%2$(raz#Ik1 zb%zo#tIcx0#v<_OFB-b5Q6D!S$}+|?uxJ_Eg>C~8IXwABPKy__-48I^0TgeZ$qb*s z1LN$Cl6mxA=Iw$G13-)xq`G3fD18Cz+-J)fh-0$|&5V;U@O>Et)^qKVMms z(R_P7$@p2u35T&ZxSv9QoQzM-e?CbtP_*?8YdyhQk*9Z2=UD9@LB5J5dlVQ)lCR=F z0A1;ousiN%CHnvQy;DGM6O!et_~-j1MU}7OPJNBx*zZ_8ZjX|^mBXDZ>G{<4@wfS> zqr%@=3V(OJp9FvH0YkIpfpXpc(a8f_Wz|yhz#XsJ^1$u-TCW1pPFFztW61+E^tB}q zTzGSX@YcuIZ9gh}HTMi1YyY02*8lf0x`ZQ#vY$n8J0i|}-p$bmw$o4?jemvGBow{A z%{g@S{VPTTD4T&Qc}bm@>S-$9_`KZ;M@N)z{1J4iPQLNW)^jQ}ns5A{tB#P~-}~XH z=)FwQ`%Q6rbMT830Yd}yUY~v@99{dvRr?E*wf}dVEerpbNwD=p{1&}}KFusgFBgSS z0jWjz{avd2t_IW~kQ2f5Z5>EOB`o{dxg!+y{uu)T>dnr9)jzu{*d+}5C!=+(-)IiM zo}d9ZLVjJY`v1WOC(&wt{r8m`|4LqNIv@VF?~j5$+hXAA(B~^JHA$Z>0Gse*hrD^? z_bahn^Ke<7gX50eBu4{7?nrlUWKJdx2;$a{U|pVV8W=ng`LijDjYuuI$X5aH z&=CDq=p6eeicjLBKGa)$2#Rc0W2`$p_7G7`S9hM|UbzOJQwQ$N=W72_q;bEurI)SDoM!7+cg5u%>FG;nCfbLgaXV3T<0 z59N8GkO{?si6+qmE&1ST85AS*vzW;p%F+0FE^%wKwK=3L(@K$M$%~q?V#8N0kmDp z#U~4DiXq^B*fZc%1_DM+Z6#fDO$Nbn5Fo$etW)6spDfk@{y*~+S7ZF~MI8VB>p4m+ z+!*d(HZ|@Su{oz8)i~~ZE8IW1PUD_hfjr8G1=N$fZrn`l#HEvIH~?X{D|L5loYh<= znnSO(Yz+%3PS5@>_6JN)Z+M*`Vgu#sjP1aS%#LW*Zg=<=B2>~*Bcmj?EqCyhD~z)> z&qm_hv%$Zh4T_$PwV!TfIBJOJU(*(}572m`r&Mi7g$qFSIov*M!K@a%qZsWZ%JA=$ z>32h>$GFUao@q>8zfWCo#zP!}IO93%z6*5+1|quVkGP=I;ry1yno_YB80&s~9vuZ8 z?TpPr23e}3=6VXT<=9{An@xwnTag-tK6`}V9ui0d%?+ND=l_G72W&gHJ#gN$wkWM* zdekb?QMHz(&*F?(}M18qBx6+>%KiN}U6qR`~G`FCC{XTWb3+&d)ak7h%Zt*xeZ)7&q zZ?p6K3%rq~Io`tGpnS_`w(A^U7wT^ZlJ~$`AC|$uQJ^tSSyXg_!kQ8KP#!=d_cb#^ zLnC+C6aF$b^E(dWbm&xeC{^KaX``Z9UwNYWo4n!Kdf>Q0mXTv@FuQ}(r;N}<;6}0< zc!(s?y0rx8Q1!)*gOel&CH$^8aw-6ZVPvPTBRFgC{MZQfBp@eAo`l&6jozQ1 zzJSg@v~r29Y>&AyA+VT*faB)x zkN&}CF=3BTUa1h=7Cj)V689$#dGV)Z3GzyFF3hvJ^mj40-(l+dlKm!sjgG%Ga1z@ukDb)q8R46^Rx{TpJx}hH7 zA+fOw!S0!7SNOnS@+uVFnvn@z)Dj30RiNf2ndAsycDXR3_$FX|2UkMfjn>=RS?^ci z3{qeGD6LVLRPJ;h77Ilk9CwkGvFSRW#l()odaJH;YsNr$K2~I+{PeuQ;5mNyDkOHk zk92-4I#J**L{3Ok5VS-P1QYl$c4Q8}F{5~s1V=-h?H()b3XV{*jUy~@d2E8JvEr&S zM2uAwJ12Gds z=}k=-I@mJ7MfayI^72zf9_lDGMIQM{S{ZJ);>(M-AZHt_Knw2FX%dYfjx?KM&n%`u zU7BLvm0++``>(*VEHH-_{g%@|DOc%a7BHwI$c|duLx2KR0gM8148@Y04hHN#`5&JYGTBe^?c&K`o^z z2T)0CrtEBk@5g80`*ZrOw`y7+%~+qZjW1g8MV*RDQ$Ae316Ax_SuUkVv;@#){c081 zH2p?9)~0Mk@e!?zwOM8RHW0oFqx_Y!lnrRSJmod^fZb^83jfIQHr9-(HP+;;oK(9K zJYzkUf-zt_aAFDV{QLYz}Hqy09DccwWTR<0%12`{IjlC z2vg&)M(ue`1=}!irR%>1@;|`wn?eQS(;y;XlqU6i)f&DH(X3Zf-sbRu4*E}0?X1&P z{D`va|A!iWTIm4=80$u7GzQUVP(a5~YG~t7q`c+;f&?@ghub#XtI;5X#_MRyIx-ur zqjghtWU-Dm$?7NpcHiRLwn^%cIlvC>1WrDrcS1Hl%|b=x{JdXnnS-$7Rb?lsDxsEk ztfd{iXYiq`?&NrlFAcB(moNd&4GK~1%2Hm9PY`1jEJ&Ov7$?JCyG7q%tjRRiV6u#< zU5Q0I>3qpE3NdN+$XvlZIe48lPdJA#Pr7_^#Peh!=RyPXO&;zmj5OTygm#5y=t8suoB8=5F_Cf1pCV4~EoBR<(MQ|j>#&f8-WX56u? z2th#xaKy8AJr=|yvo;U=##qLu@mV`rX6=~^MBi&3 zzdCWgDti;O3)m|_-y(}@S)&Kcx}{m3mx|zGeZcHVCDsA67$&-~V$b`#PO<$OJVKvh z+sSHV=tl1mbtP`0p5?#IxTr^2^}F(-mASIwG|UVQjqgMwI72%d#-92rYu#~?#LT%{#x_e9rm!SQyeOTf_EY84&6JS?E|E51` z=`a{NV%|kaH84bVo{ef=Hje72-qWxwY}s5?qq#V$J3QPts!w6938-c&i#n*@jlmOC zpMo{mfodE;m|}iG1-YYlOwOYTiI!#|y~60LY3VV zRmL9FRA~o3R;O$4$0WLOtLOc!W`D(KV({zrd>&>?<2{G|txpb!QaoLGF5yU^42upj z$+#nMc69f`0s@s@KJ*FCA!v)QI!dEQC|_AU&gIrN8p>B@ zkF7@NS3o6)973(@`jA8b<+@@+!c1DAfcYEABu)t@;(Rq>CEpOvB>0$#8QVBMJgEpg z+=6YMg^ONw+$ihtqsO=DCgpfzr$NN#M{#SE)9JIT8u_IU$jDRg2d7U{&fXBHXW=M3tB(ib%<970o!=_G!)3{s|> zbcJ%0-XtemDqBX3e9?B3#<_3UhCAG(VV1mvdUw!5$y*xZGPC=96qFU9zn+j;fo<)RB8@GlB?MUi{? zlRX7@&!0$T_pSd$N1{XaJtVKMQm;>b*ix0x<7-P34udQDx;-`;lf<#V8fVEf4e9Vt zP5_pg->L#v@qS-x9L+x2ydAYo#tay;K*12ZM?ky}cS>FV{Tt5aobhf=+vocden^E! zbLL!l^{h)^UV{{T0~Orhy*G%0+Z$P!>n%L&^Fm*HmJ4|~;?>U}e%BGGJn!h2%#FjqY33$UQ^|2}HAo2u+{@=$@*2le6&P`?jEj*JnRsago0 zcBxbPg+GTmIOKd{`Tt-~4qosJuoM}Y1x2r~S8#u-ubg7wA)vquJsT8iP)oQOz5v^R z>;NjrD5@{5|2CZnI8WYQSO2Y)UBI`dSXCXS1yt^il;p=+pkItyl|lFe7n_JNyDB3y ze?s+THcH)L>-+b?faBj^sJ`D?o|!g56=LLgO7)q^O5Wux*~8J&nCHODanMhzvdGyv zq=mz{g~r8qMR)`3#q0k2hWckuKI$`>MsDA?t_|O%M>CFzW(2}-6;_o7-s%hWQrC{K z&_Rt}gQ@oRq7T3cm9wrJ+*9KfF%eK819vc!0JG5jLkpx)jzn|CKP_;}i>s6M;6>0H0#j-I4-Gx*0Gc_`xdK~_fjmBFXRlv0XjU!JT>^KmE5Nn% z)*IW?F*J)IUFg}FunZ_DW1B9P{kHb!RQqe{kR5&Uq3QTuxd8fUmH(&|3)5kl-?ckd zn^(fTYLnn<_NN}ZvqvEbySr0X6~*pu0*UL9n058Mt1e_%of?S}83`<$kPqlA9edjP zl)P(<^nu$Y$iEW?>u*8E+}{l_SyJFTTnxd zigexKAb`BU4Xsn_k_6=c;w?sK5~MANhR_uxz*zDA32^o=U6(Kldy=6^_QO|Q|#c4a3gtkG&FS>pqyYIa9oVh_y#hT{Ax zLepb{{@lVll#aUx@z$%U60|+>s*Sb-8g1_A(j0Inncs*9{v!4X(;iaf zQFNf#9Oy8as5ISCA#IjI3mKV1r97Nhkmd|4NFBhE&{OAlJ>WQ`CwLKv7z2irry0)h zhTuw4-_}>Gj`}+3`rsY|u_(@7%BPb&OH-2aOQqgqpOe&mg7Imb#Y;|Oa##EPCyresM_e*$60C8&iW2g#}rcaC6rzW7M!)d}u=^;EZb zf(6PUA2!uozOy-|PLf5IZ0jVcO>Mm`gu|Cuku>`h~yo?!uz1ES&GpN+do&Nb3Zi(x}GvolY-#S zp4t(4qI19uk>OfwA4&{AlS7G!uoQ^J1!aMyeN+5X>j~>d@CTtU>~oF*g$p&-5xBdd zBk@@`1uA5B1St|k=62NW`v+a9WWz9lDl{z>HZ%?E?itjq?~|_sOhHPFd{&PEm{G@>>ZU>#>eA(Nk@!nd+p{h8E< zchJR9GlgjerV|?{MUS9&FM}B3y*osGa~!*>VKAE`sBWIKy2lf$lfkNwtZeK%6Or{F zDhNS4=Eoe!B>btZvk|v6vIHMuBliWJvpksB-t;9Y-tZDgp^!hu!h4Nda_kKo8Rus= zI56=u_0JejDJ(QR5THAlcLrrIRa;>)7%z3!_D`wJnLTBc`uu!obqZ7nqQ8Ib*O{t36D>Y0dx1r-pAx|Sil*=JN#*7}jcU@GE%+seo} zI16``M(`zTS^NYSD1>OJ|KW-u-YL~xoGWw+f{x1=eY8P}IBF7+qrHfMMRtjV{kA3A zJ_j0%kNE9YMS9;&;Wn*|HWiF}Jqgzc-5^L%Y8Xnn<`sO9gmIs1x8j3%K(1o%ibaM_ zhh&>kh9#|Q1>3X4J}Z^nzt1@gS9cV|Hy-O7WB|S#72Es48|Ea8ALTI}A1CrYZ2FP& z@}OWuWDHb|ss356;%&a;5zvhTB<|oT0$pjOfAO3zY=$-RuSJM=8es21R$=Xnah@|~lWC#A`02nBN;)sB^FQ5jbz#5a8s`}bNj znobk-3y`<|BAG)qkO@_<*lFa#%#W^@mXr^0TofYtW#q6Z|8& z0df@|_Wz*vWe&tS_RQ9J42U=HJI;$Hhi}bDffWvfV@(2))}I*Tq-`aiN3L`}v*mMy zJAvRmkxO&HohJ<<7=Ng@b;c723yEr>MQ z!<0GMBysacceX#fj`wDd(YG zh;=rpY-nD6ciQ!J(DkXQskhL_p;vZ?%!3IQMVXI?53l1N*eEY5j5lb6UcqoDcEYg; zH_7r84Upv}!P7<%qQ=uKHo^72Q1ewAQ{V4wKBnf`H73Q>k8Y0tY$v*$_z7rzEp#%l zpITOfhL(o(cwa7zhPJ-c?@rr%rGKi3O@(AOUY2@vQxvsyS`&%lq zB0sdObe1tI_JqrcJI()TW_0MkDepM)!4{9q^j)$lrKH?9w`2mc+rcBE5Y`Z?zOIB% z5l^uIi}DP9VIY2t%6oxHBtb2}4U)vUqQO#Jxr?{>Mo7ZA@a|aTDPn6ga!B$c)Z-s- z2FaAdj&!VdxX}cfnsdH1<-Z-qm+JAOqb0*)qaOw9LF?zD63H+JXBM4dZuJvjjp6%Q zuOs{2=xEk&-e?J0j1We+WkPxg5^DH9;T%8*U%z#v6BmM?1o<7yVGpc^ShEgNrfFHW zs&_sjws*xAJ_ev73>|uZZ}~Zh?7z$vJP4^fAFY(F%E}Ma;Os8)@<0s|>9*t3z~cN= zq;X8cHEc>ax$jiO$r>TVXEF-`4pw89br&-bJcUQl(Z^s{0_NcR1g8P|KAO+s4_~~3 zUp@`}gBSD}ZRsv%lrAHZC24n5eTj_kZ@>>ozP%QYP#Z$}ohf)Nf3BV?!1jxW1=&Vu zx>S&7=bF+1?i@*^BydCM&O|nztlU$S*W<5$60gUs9PCrFkaMsrl2UF$CQYQ^HB(TR z>b}2~?mEvB+z05U)0L4uk-ajr*IPXSg{Yq3!umSJ>We;w#jC=Fx!4n^#5@Tdtgie? z(CIkLA>I}7l%*r^sHlqemF&B^M<=TuG5aoZfHU!Kfl19AXu&)Uzer4GjaUd`76@@) z>~uVr?#MpP(H$z!r8_Ge-RU=456yNw1Y#RaJy8CT9+}PfxQWyQO!uIBG3}33lOT1K zN;wcMX^T@J>CxD>paDwIX@TE+P))nZj7;7gLSYs{J&`VLnu{UXIAOYlI#(YZe zIjxnqwr9tbWAZuWPgqxmc_TQwuyDT-x(ujX)hc6KNo!-pRH8Ll_4YdaA~(mYHv3}! ztOJsLZIO(1oW1@GY&|xI7D${as!1EF>N>il@am;DmAT^+sO2 z@${S=^)Eg0Z{y1*Mjo3kSp3&Z@-m(9WAwG809YOn1d(0|?=wbN<2p-UO9~2`CpJzM z>mE>4;cl8L9O=0=BpViyDkMGkRXRO)^-Zz1!<{_XTHovB$F%0QozJYlhU7@?F&dU4 zz*5g16DZU67)$l?{t$M@~7kp6iE4c|m2NrbhN8`#SOE_zELI0xEi7fGt z(q1+*`|5bwM_|abCx|-lYy3D5LKM)prx2MJ-a!m$nX&HJe(Qr9?+YI2WUSbTC)&v+ zTGVD9h~(mqceqmb)FNR`4VJaPsS;z6jykyEsbEc>vEo)1iFUeY0YA<{T*uqB{{w5m zy4HC5n#KRn)O-aTG>@E`m-uaJp0wPi=JEQvz}zbV7KHjcT%n%|>W2mDkNGm%>8$zn zp@u%^I#gml!j4I=A7=T$veavh%KLEHoZj7gzwX`5g3%*Q&U2s7?p<$3?|R02m&*fJNJngU}5k3>T6hRjXcyF1xCZ@l~)_?W%(8&{0|T; z*gGWK{)$$vX7ujMzw6#@V=YJAyRYWky;}`nEIxayzAiAQQrMB+(eM`U-ECZSRt)3I zXr~ip@+HnE^lsHM^sarpcR8y3$kgEeu|}vrY&yaH*BGIpaxvGa{E=oZ)nycZjD;t} z8-Eus(KrkHjF1b$S#UoNWqr{uQ*SwPp3?Bb-!z&YVvR?PrWdcV(bOM+S!g;#Ul*7~ z07RjwP(i9D@MA%qUYpC8$X1n{2)eMR%ps)8o4`jL&1-`-`NoQm@CfCPOJ2SP=?~0@ zs3aX|;HH_6#kt8;RT;aTbAb^CnFI!h8JFBJ9_?b>3_M5d{^q0aC5I_JD+-ZOw;_w)HYet&#<@tW6ppZ9sc&N;8Mz0ST; z_VrHY>&@1XtIY1~Bdv00pKB|*8TCH|>Xzf(uy@RIhYiIc7@s*(JggohS1)>4Rg={w z536zXAzifYX5X8vE_?X6o~+oR|E>Z!ovc3fa5a;xl010rTmh@+JY3a~)gx}JT-UtFoKJXWMlGyEn`)D=8gLQ#*$?NZ!36>4pTB-+50XVyOp?rur>HhSOgBXntIl^+wW%5KzxsS@O8qfev;csIQjE$ z4<`X+^`wVY7+JANNLK*;VdWX;@7$q0nwD-2d9h{f8bh zJVgNyce}SYa{mT`9KSDRJEYL%p7z+EVxNyT&#f#ryMFJ6W4X0d zBk@(|7{p*}4OjEEhFG@8m#S(p+AJzX=W%;i1jRl7)^NLrzN(miOKa);RNW)22D{1q zFOSlKrc3CqMu;;J!(tY-y#Hkw%>Yb5p>xjP(}D! zbH3>LfAX;1h=XE6`47@+z+VgKk7;b9+(sl^dOFjjr7UlEIkeigx ze;)c%@@dZ+$6*&(H^oan(Fns$$tP2U;ilwM1)+M$M_~#+~n~84jtxC9>v_HyNZ{`SG?wz_->PC!uKv}BoV%;jl*{kyG<-T zdul0&*ff2UK@39>-J!#LxT8KzY12%2Z#dx6)g9g@23%ZAQd%|OQZz^z8iY^mzi_(7 zTShewuQ(5%p9k3N7!u7>vy(otM1XCipgC@u7H4zDe8FHdQ{%Uy4wNUYGw3t-RQpQg zc{*$kDdAe`AkUH8g5BeM%K4(-T-IovSHvk}ywNeoW4f}L^tj>tWF=}Oo`2Nqz9yXt z15y9&8kHty&w9GNu`ZLx+4{|CcAU+7=Z|YJ&mEU0JlTudL6ik~%972^$@@bSW0lgQ z{M;S;72G-8Q-1C>&}D11k~NqXopz#9I0`0p`4%RuHjYD}Y=x9q$;Q_Y4R!?u$Fq{& zSv3>WAhf%X#H*RpR9W}yk`s__RQ2*{Uj4Mjq5Hey z8yXJx`UZ;*8`l)xp_|`j!}vhImq+_pSiQ)Dn#?y+HB(nby1ez8Le(ZxPM|5&n;UU0 z9H2}-I{(IFPPMu8ypcGUKj;=`@t;gMS8ny!qo!zX&RebUi7w7%B@YwTTFfc4m7fp^ zzHKZL@04g=KH2nWy88iHI#!ccX;>llfzncw?FVQ9MeA4&aT}mRzDA|kJIlICh&wJ# z)aR%ED#yht*XJIKb&C2brA77m6q>g5T0g=1J2$yMtd#jIcI4Yx4apYH|M&aDJd#Xa zv+L*fj#krgudrNEx%CR$3)t2x*U<}JE6bZ?ynQ1{kj2B=i}Q2s$U0q3%81o#M^@K9 zkf3WnWqn_d%O*W6tm1FXs{5c_uj1QskwyG^bcz?BgpI`y@zMk5s-7)#{D8mMXa7 zRz4P9vDSw|?plv@8`c67r?aJ4p4cX}awh3c(6+Ho-!_ij6UiFi&vEd;S$Tz0X9aJY z;EfgjPz@AcW4Q>+bxjl$kA&vh#@qL~h0s&5Oyyf$S(#K(-F3RInZ;jCFf3Itq?v8j zHqmxPv`L8a{6>|!R{<}_9x?U0zcv?zCd#_X<)by1d_$!hO&5d&8`@_cfWo;MNc*Y9;jx~HedKEh*pod;Wi9NSY_TT=ZQ zGFEBxXWE|xR}j?eGG(piPpx^sq4M-el^j#~oO0;ZP@ZB?>icQOvJP*nlqXjKb9>i> zU~^sGSy!{N;PPsu%d3{k1Z8TfER;JBn(*opr4&1qu<1r`nU)4y)*)+Qeqc^wQ|Z;> z`i#G?<6}dAa(%{w)5Saw9l-Cp|0_z||3&K+`FeFKJX}3%X&pElGT`gLW0c!X#Nqot zRgz3n`0}mQtd>t_OI+h{(q;-t)uA)SFO?P;&EFnS{iH{V$1W@<<+b*z~T9{=t%LV z6zx1l5~g63LA{O^BPtg4tIJ=PzoNc*6Owsvy+Sg1th}+c_&PT5Ag(2#a~tGv+)Xzc zIeg)=32rNu+&a0rHF1Fd5**;~wFjKGBVbQD-;Qtxi`B9wJn5|TWG9QCa*SkFMYG!x zG8xa}CV1|@$0Y_j4M^}~d!z#yKO43;*sxTToiioEXxY&Or{xMxXw#W6F$?6m<=}h- zmBA#*@pXb{`D5ojpui*(|Tyh-teDARzz$J|USFczRAXz)QjN}s4 z-z2JODeittsZVSzu$W2zK+$bHI&s5=St;Gc__Sj{Yr^Lq4{ky;n(YdodR+ygOkvdT z$hk9hGt}IU_dvZIv}F!xl_fc# zlQ6v;Ok@r&2nX#^i+DMRXAZ_u6$B31%{f>o9IR{XU@+tGh;Z-{QP&g ziM913y+gBbS6ljgW|N=yR(#Hu;Iq$PW1mk5)PdC|Vb;Q2F3cL37YZ-*dq(FL7%XG7 zW3VJAaLlfWGI;zse_b+DoerdRt3NAf*%!rop#Kw!4wZwfS9G;Z?|^l z^{+k`nY%hHjI9{#fc*R(o;tH9mb)9De}P$0ukiusDmZ1df%dCdlUsY@S=L%Aj{#Ut zZncOL&sOsj&#G3?w7N4>hby=A{r1xhEm%0;x(hn4mASY^&^K)2fZZW8el^~>Z)mZ0 z67A0%%vvhqL$?i}6=p;2~m2_;DWvAUGd|VnF{|WB6 zD}P%vXTM(cmcFt*H;ek5)!%Y!#*Vh~+?K|5X0TOmp_Q}HAjC#)*Vz5g@S0Tgk*Le( z7#3iw8ar3gUz~~JIk@4mEl<%*$jm=kBQy6tSF+10Okv*KxsnxbX7ag`^VlK@F-+&* zQEor#F_Wl}xAHtC_jCapUUmzGjWf#O?&kJtk-jR6%?Z#cN^DL52ep!hf+l?Yi`0bU zHEY7f1VA$^4id`0`8fX#H@RJy zkf{o^PQ(}qK0a*wwSJ=g#B#-FR$Ts;q2lYI;lN7Q8MGzW>_fQkgs#6&J@%@6SC8fL zb*i!}*=gztzq8Fj)NNJD-?iSO@%>}21$8*Yp6{P|Vkv@w52;6Y`^sALF zMWBi4(?;X2H&lz_JVML#*$|HzRd&9jOMjqUM_hmSKIMN?f1v)Ey8H(ELnw35jhb5M z54VDPDHz;Af8l@*)bMf;#yCt84swV#Y5_}D$i+&%ZV_CxPJf_HNR4^*Qt*o6ywI91 z!^EJM{&11%>_$O3LB)|W4i_vaOm``@vSkQpCfis{#S3?Z;H~4uCYfwjFyRAJ z(1#ckQ>nFnKx1Fct`DrmZXeC1R??Q>W1z)oDB2YY&+5lF{yN_MHTt6P%7icJ3sPYG zWuMKgKfNoABBf~G|E~6E-{;*)`Au%$7qX|O+xIC0l?8BP`RWL#^%k62hV2!&{-JKk zKp4izUo>A)7uYnzPhAY<@tYg*3vu()+!Vh^Mfm#2;o|}8(ljGn)p=<@m46nV8+@;A z=6ifxMuKbUdz^~dl%&6szjsvi_eeiw`|9dG@+l*CW617ll-t)mRL6^=@)klw`VNMX z#qN4{1N%d*=p$FWYn=mLWh+(AF}ATZ4$oDOvlgy(u%Ua#9V;^Dy0}{l1ZQL+XjIhL zd7b`9+E#r$HX^!DgtYwHxSRyJS;~huj!|s3M+f|#P$~>ezK%s6)1&hEERI4&v)t@j zmJ6(-DG$Zb>Asn4rnITX;Q~{6oX17`%+E7*ucxW^n6Q-n_gb%X!;#dkOI!_Diae4^ z8X?t0)VrraTh~}#tEP+>hPdR@c>RxOc-eTx$r|@~MR(8lP3AXhP5ANYP3WPMZE}9I z-ob#(koh3}QWVR`PBqeAl)EZg6%R>-atKQkIE+3j#?{b4l2I&8L%!qE> zp;Bl|c<=q}F+KzRzQRc-lHy!n5nsJ^ z8xC9jOTiYSKTsiP*h;&^jAO4&Z2SXVvp^&94r09htkYV{d!mB(S=70Lx5bDC-;^s4 ziCH=C4HHL?_ObRDtx{KbO%F1?w>u@{2!+pVLD5jMz0F;D%7caPFP4R6T}j{26s@)o zJIcO(aAW6>yPe}|S2khf(?@)Rwfs;)=v<)rI$BqPtI<5yl{8gby3TU=F@Tr9!9~-;4^ z+n0X?=^j$AqjFF-VhXf2_Zu|h@9F!!r7ypNJ*qTTSKpp4IZ#**U|&s8SI|WJhD>x% zvCHouDuS{rI99@jd{lO2sk(wzbWMQ#$y+2u3QEOv+*mYSqp!Pyj5V#7CcWAgQ$Nq0 zTTnmK{Wh11slI;)pP(ke;S2t3C*K!zCp_Jzg9}Z*MYPaMaOkTe-r>f29L}oMvwMM3 zaAf^0G*7|~UO?o7=w|qJr3hCV4*b~jG45m`wp2*iu?F+Hq>h@Wwbi9pt%!!y;4-=pJ8uH{3%ypTtc)Up(fbE%a*B@ z(M<+iJ}gOkk{m}&R9AF`L0_GTgv4=$3GZ3M%0|w1yQP?%IU-{68zjw-PQ^KMS|)RN z30XscBs7{CAz8b^k#NY?y?!O>yK=%SURiT-L2ucWCDtFyuB6yzIN}fxm;R5_P3*If z{b@{3P9GyAtFN^4^ttAP>$^^;Ru9B`N|6+tkCuY@Ae`XoP7>SW{J1(F%OG5sSax}; zRa18Pc3V%#BgGcsm`gH%QN3;s`R!WG#PY{!`=yUWyjc&K&KD^{3KnT?e@(A4A_Y(2 zG9kU{xAcVb>I!zv5Yq7Je36Dc)p2UcDRE;H&T{+3e!_$jUAao*7)og<(t~9DSOlIa z?Ke=4BfpTZMx_K=S0Pi`mdWBvuX>puTY@IJ(NP~UvfrZ-o3u)u`_z&O`Y8Tgx(th* zT7ttRst2O@zN5kZpYSdkeq6;Dx6%HC3E>zJnj5ZlJdd*-alT*W5e&Sco9IUX??h~cMq6sI-#KR%p>e{fz0ZjyU! z3himc^f%1^6y_L*hK`~{ZGsbW98Z(XM9l(W(v@!-`-bz^k$Z5t+tEe=Rqo?GmnQ;B zhlSrnK-+Seb%4xRK+`Zp1r29qNX!J(x1o*_I#wPDjC&vI+i(M`oLu4iz z8NMWOev3GOB#Vd7x~TcECFz+EJ3xqUF(IlYNUYl5o+%3v2SlQ1K!hxSbjg?wR-v#N zF=4$mWHi5w3Xe$+bb*}q)y`{*#+Ayi=XpT-Ds>uKbuFNr0{|>ri7`abPs8g?_iv~AH{1}r^nA0l{rS?0NTE6c(M#WE|yiqo*9!is8sBeGM zS5IpTY0*WlD^<8naNttpk0YrGC?AL#4h!s7wjb`%Bs2tD-cG9?*cKP}Vd>R-Y5jiD zC;Xzmn{JbHoFr!GFQ!(8^A-w$we~Jcm|8K z;`~wdy4zq*<>&2qT}|1a4}CthK;)+*?5oD-?NG%|#Rcc>s9zl)v>_|x0Cp4m=Hq&> zuIs0Tbw|Rj;RzR}K@}So!8R771;Wnb{Tjy+#6P|A14Ue4XEwj4s(!^`N~mve`wwO1 z@@qlryRSh6bcPEyR+GMnzPIlJbp;6qM!!4N72j~9f3CXXV{Qy6QCA$`#x@pp#cSLc z2o5{AG03W}c!nE;VfzS-`sxliQ|2u!&*+q1nU99%8qSZ2L?|}2D|_om*%cgKqsCL} z#c$K9{g$R){33-ambc2c9sb>VXoPRZ(@raGWkeW=H8`E}eq!tURwj=+HR{?OFQ z9+VZ@hUit-C?~+h+v;`C!)Ns?-H{bi>CjOiWrt@)b_j8h)=LSQL{$aVt&}U-B$0AE zI4*rt)(1c4i1gEt5S!f&j!7q4k-`&&wuAfd`e0fHD|2D!f8w|#y2vpGrwoPZ>bq08 z(<@J;RUS|4XV)j#OS`96Wa`_(gqj3lG0_ zS~Ew}(A9?3$vSp&mB*Py!8`)Dq_ajKlpR`y^PUPrq5Tzx>KrrCV%d!i*SNk&{lnJo zkK35dM0#`kQx78^Ui;(L>nLbx5frotEn*M>*`D#37I^21GJN8^eGGC$@#D+bHCVWY zOno<9Fj+PVy5&|ftWYgcS3FKdyYeaquzk`hZzaua9nI>ds9%XoF1r@5zL!)$m=e}R z*;kR2s{%1SW1^$VOvo!}h)^FoXbv5Y#NkHByjTz$K{pTDw;dGq$x!Cefg4{bIcL7e zhn?Wsqwc@KGzv|ibY%8(cYUvlh5_$V|3I*3BS&ap*1S%r%S zMxleCUPsqFmeKJ{RWP9GLIuk1PPCsqAYy=dUx*5`t&jEcQ~_8?5|{KoJWs@68nIEH zkkPsr%uaK~U?sI&m;!P%APTZfQxlF^yP{eM!3Ev0!>rb1OqHF05$)=+8;9-MToE=} zqjfW36KA+wi*hF^mc4QSzq}By}6Iv_=xFa*RkpLqd1RSj8}TJ&&Zm%841G< z?5t)V%WzygZHvd@L}izaJX4olE>*Al32`sGY_oOdA!?IW9h-}_B5BpV4IuRaxUVWD z{uG@$=foLxj~o?=zZRcCu}V)kVO^41^#acT?C3eUDiTfMKj#P`((${q?PxZ;cb7GI@mR2E`2Xt;toxlQ!JNLKcc!1Qj7mRI`xD zldn|p5dMKEc!~+wIe#csM0vc>Ydx%-A>8s?H=E1P;1N;}`5`}0pTH$Qs?_{hmKgT) zWXck<$Z&v7;aKV$OvB`Gb;kl>)`_(QyU!zp^8Ak&&ulS#Kh64Y!Z*=7e4mYRhwoEi zmc!SziST)i@858sF##FY zJjdsnx<8N)&(iEo6XX4NQ1ij&moW2+nIFD9kyf44@kP1TMvabCC)vGa_b=^Mn{??Dr??U}9 zGfa0gRE*Dy2@V>XkGYwl`S}XY=SbH;P+9sn8k&!(xrw3qHVU?n3AQ&FnvbcuiJ|%J zsDfo-&}b$F8N8btnja_+&C?xw3?#x zU#DQ|8tuo*GH8UMT*d``FmPvQr-M7O@#VJaer?$k}5?*t8M)7Zbe!M>APv=MM-9X7m95{+fM)Ub`G{Wglp8OW|WuYshV#Ufgly{Hx z3}E-oV*OYfT0Az-I-YIf=G(z7yrOjN`=;akqHc31-6taHNP}iMnoS5mH>25!7WSqe z&2;mjc{%zXeAr<+d|}Q1T*5DM`DMk1V&)Ie{j@kp)Pzvb#iB9$Hzz#h>v+xQzsL{2 zrSklc>(MK};rId8L=WFEgAE^qt)HeCJ?OYLfwBfh9w~ol8&_4)2>M2(cb6Nrw;t(F z_b|~l;t&Ns3SPI*8jFUuEiBpksX*+wpj{kz7lLzM4Z(^AR@S6X zqMDY~;{9@wSJmx^smFGe*0Fe6!JoG|JmP1h%O`6$mSLd3_ornk z{7`jY(OSLqBUKn4_feDNl|p29AT=Sx49a$u-#If$h{=j(pVwf`s1yH6M_%GxSNR-F zey0(o5OJ(ZiUC*A>f@xXwg}-yM}xO=+BsMoLbZ_DDumH=SND$o z>v0K;UoVdiTH}uTbj8;%v9CjWQAd3=6?9WxY89B3AH)>X=w4}6r6^u=v}yg$S<^9m z8s*WtDF)c&+U_zceI7;Y9L9*w&cFt}uk2$d;f-$uE~1XWECt;-D9VP=mYQJpteaW5 zV76n7gRc6t#~&koSuy^%hHkMB##MjVA;9uxqP}XeJ8%BZ@@7AM!sphA_)pTR{lD!; z_e=V98aL99YJHmP#RZe6ZVHK?Fz3S5-qB0*b?(o6{nKbf5(yv|C&B*+GjHn^@QW{NiJzvF?R6_z3LK85V;io zCbF<&q8vx-U~#0&YZ%p(()!hln>hPUfD4={lYC%egljfLzQEjscfE^1smMX#cNJ^`XzDRjm+JRs)^9)4Hv@ z<5(EkhG0_q6kB)KkE7(7k4=K?%$?m|Aq28K9gniPQd~94#}~5Dhj}_<7*?(ft3w*w zUmt(oi96Yns}eWB*8ah0D);*_a$xKCCi1)VhK5|Rxp<5wK!Mp`m6$`{S01qMNMzqe zV@?u#d#e+l7^cF;Ci}yv_wY25KUMLkbpEsoPww0S{VWqMJMi$tlTQPActWcZucQx? zW;sSvfT|P6^Uue4eV)X=KLVGCPc(g>hOCOf`^=&Mjp1Jf;ww4+nRdE(pepe(e1pl| zQ(*6Mp30qniK=X)?4H%%70%>0NEm7Al#BXwfbA zMVB+IAFSg)k;mgI_p4t`@<~lNV2QMjQolL`E#6Lj-OoN~zw~Rb(_L$}uj9Y2pD>}{ znf%J}KI&KZp~)=AD$fa()^e=vjVQ-L0l)fQ>Q{aB6`xrB^DBMo!{G{i)*>YTP8%lW zAB2d=6{4{c&-R5B4fzJI`HBr6uJIPyA7tO0OwK6t;0h8hg+%&%8S>}`7qLGWOOowAsKQk77ckcuiI*PvM_+kZ z{c0+$wzl-MCaYf^h1JV@^mQj8kMHzrom?J>$G@i_Ae#^n$Yy50y8Oy15Y4*~O%+5_ zIiZRqQ&q2JQn^4<36Q07H>C0ezE(;lpSayd(W*Qae}S^V`2;2+UIg7Cbm{Xb|7q2U z^YL9;f>V8W8N`G21{p}&w1gi^typ|>6`>3#zNrvnT9to)nA4GI64MioTSq`4sH{VI zQNOwvK^?s_E#ac|HubA3uBTS}y+Nxk@IWieu{ii1ecf>%eIkoG77O}2CJ&R6`|V4H z9P?8u1JWvoeFU5ObkcC#db;Bmc#DO3*Yj1#ILSWsv8s#tl`F1OCg}h!PcbeBl94Zw zl?K;`gU>y%gSYv~IH#aG@isgu8ODR5cl_bRBmPKEkND%gJvE8PALjp=_@_3CKWrMu zAKu<5{)~%P{9&hvKb}0|4~82ZUytx;4;>9-J)SemRtHKb5>>>s6AC(!_Mkd z603mi8+u{=32x?yS4n7TR?-vbv`;9%9ki!`y0aVh$Cv-wg|VEk-<|A0E*n%Z8%uEX z>a_RtdtUnc=Y8xUacyb8!Np%_>1myPEOrZYV+S)#!vY-BThegj+c>p_*5jZF9*z~M zINo6fayPP~fBB_iTPMV^3kC6ER}fEPPYNt{!vaD2lAb_!e$0co4b;^h$^A8cFKx-o?M( zb48i~Unxd$%~n*v2p^rtQKd%3x*8?=5K=TqzbEUCM>h}JH9^u} z{6Sy$ONcUAu_B8twW|D)^|z@Kz-bV+QRkiImz=g>`)i0{`3OJj&q!t**^#xuf2V$! z1Z6e|mB14)vZnrV80`C4`)@sovR^^ZIwp$5wPgMTV#WtW`~zC^o@gTb@yPy^3_n2> zG@gt0e;8fLWPd=>5)XSLj!ET}20)6OPZy_XlEuo$X|5 z)fh_jVA|oNwNJ;SEbHFEsv}upt*>i{!*MI#DxUXai6AXrCDn zv$PJnTvT7Z0+PBltshPZJ(^nQ^h-t0R$p1CuXBu6SFi=gIAM$Zsnh!XLEAg(uKVfh zu3@m_9ULrb*Y6Uq+vpRp8G5{f7U=fTW6MF^NxyWcg3~d>m|l5?_riy&QrBz-|g}aREfg|*FC;arPcQPt_jmW5+Fd{HjbrAR2U>D8zeyROFKwGmq1RDj= z9k=@;N2XOS!s3h-T7BiBnDmMZ)=rSBEN9;RaJ&wWJ+1cJ5B+@ErSEyji)-OHCwbIN zjTH+-2SZAMkW!#y4<%96sI-1pQn4=q5l^j75fVzojl3j7Swd0Rxd72XK824Y`)JJVfiW%70dp=CUoI3!Ms+Vc7XRBbDu>!9R}ZvfrF0-9;hWm;eUe05 zv%M!SE1CyUAH7Kh)&4I` z=c#AzQ@6zl5lI>##Oymqkr!Ec!z67KP4l45IA&i%&)Hd zZ>(cIwofUDk9C%P2%%{Fk1`|L^?kFj#)S2B-qeymxo&^fbARCaJFMHD~^RXz8gLUn{2DO4|WBZcY_W+di%7ju@V zA7HLf#QrTBJ!_!@&f#hO;}6 zloW?xCCe<)eyknmYCno$WbH>04E8d#=Flq8end{kGv%;Es=2HEf9pw8DgI;0wmPv3 z&Ig3<-?cwkerNwuM@>s&e`2u+?IPTFf|=(>WHq#i=%+SR4n<1`r8ouDFI}`@B#;=#U?RYG*rhQ=Z_oHv) z@kJ67)G>P(Xd-g{bTquL?BO!~!G02UtlWg-3%9n$_6K5uCnwNt$Hoi98Cz-9OHut@ zw0FUhl?&rbRJJj$Q@1dJpwU;O8M4=7J{Xk&_V!IF@ki^GL}L8MAG~yh<4c5I!@DJK z(x{HT8-5TIVtg8FLCE<`rURAX1@=45$f~@?v-n1qQ}=K1e=~`tU|%G{voPY5%HQmN zLn%k&{izo6s_y8A27*{cP^WZ^k&uNmr=cT@7R2MT$mHX*OqFn>() ziiNyX_Q;D)Cv?fr2T;q5J!#+BM>TNKeF`StqB}-W=A!#Iy{7mgEbi3f{b4a5fjlUu z;0#5G`0znmRW7pFN&7$+oS$quw9%*-uiHn#0zvbWlkzZbyd%kt=izak1jQ2*m;1;e z>M26BVTdwBZhZ--e!0SP0E?pWGvx3*=1b!F$#$z8p6#%(UqF6>m|p1b5>tmO zJXp_y6R*7a0aZL$uh7mTE~qMU070D_%=B!zDG*sZ5pR{T{q`(l%Q?<>WZ<=1x>R1| z^wwg)flGHNCI)&1vYl(Eu}40+YEns!pG{vAXzQC=ot>0g`Lmk?+7n*-E8tJ^g-IoT z*5B$Q%a317uAEdtQvMbkh#jW9F^}rRz$9fMc4SW~9e;u%*TudJQ_g4;ZQaUH03|5K zn2oSMg)b3oaaJ)?YO3c_#e>@Bx_vr*0x1+hnh;Dq?kvj(1)@4TjkNS^qE~6-&J&v07V3Ig=F|4#ZwNrJ-V1Z1F z<0>4~8XZ$@+9qX!<{V5a;o*R0r|dtWg_%XuIH;aSp(}ME39U;%%IX^CoQB_7?yPpg zQ)Kn9^s1p48J|d7bk=mFo{)VokHakaXu1vl{~SrpgnAwAj0CF~KTuTm%VAA@PE>Ko z@U*=r#{Ler+tT9*deqqSXL&WoCn&Pjkr~}6lKT~`m9C|H_+~RPx13iJ4BpVI_TvJ2+Yqob>}0`hh5qh(791rUbrwl?jbhjSS=qYK6Cu z73m4vN8@EBcW;je+l?sPV`*FV|7N@WD;E9@Z{*)P zw|`xQe|1nw-1Wq;dfP87E$6v53~qE6h;#c(WKRb!C zzhn_~wV)dW{fD6c67+dN_Xv7G&`$*YPS9Tjy&$Mh4)=$7CY4Et$WPqKO?n$=k|rXty(H8OTiL%RUn1p zZs5AeR%+EQK+2oNCkvKq4ca`@LKCjJun@yWUyBfzYJ2DLlr4n|`ojwg`~4y$jnU(Wk{CVm9;etw z$Npq0yOR#{_gX>i!TkGKf=`*C8bQ7N)4k4Z%2FmW|8@u}`y*4?-A3{Lh@cr+)*;#1 z@$m@@45g;rY&zi-*@T~Snwp!Dg;#WJd$!eLFj-4eb5l}am*A?=$RZ^LK3}@P!?96> zQ}&Mq3O~C-dA#deTDi>`k8& z_H)~L@{{?tmOd-|zasb?7F1N?R5+;~znvFTDsg#q$enq)5ru7>ArHkM--ukFOI5I~ z*s7J{sO|@{PYa~+hGP0EncB20+X5|`1n|UO29ywU2~`1{_sEeci*1HN6nIpltdL7K zw@YpzR}#k3TtkUbTS^rQe0EhHl=BSWY|-WxqB3mGUTZNFFEmO;CX`H6ar0cJeiCI{ z)&$L^V4&f#6`@3<&afb&B}S{sin5Gw^ZSrp9w^?i)^`CDO!MyXePLrR)2B_09pU0x zY$$?=5K*hmV&qk(knK`K;Uc3Y)>K>=S0JHk&t1f-LSs>h6%9y+t!O;|sB|WCIC5lG z0W^adrc%^&xhRTgJTr)S%g%%ga(x44sO`=ovvZ zW4XOn(2OC-J@L0TibRUU-VEoNWjK#ns)^Ml=HZAD_B?cwBtIV) z{w5{yaAXSV9lnx-sq&|co)P@Y28(#z#_173y}v(xJAcpPm(Ya#dA%fu`-tE#hg0^v zpe>J2<`B*=rqH%(9Z(a43UhtRw70r-yZg1TXGXl}S=QtLWVYhI) zThQoU{P}!uPN((ZbiAPbqxmz{4GYjRFogsa%VhHcEgq1C&CrkX(U`}1))3Geji?l; zENWSWLk83ui&BeAts**jADzzm4;OUTRQ~Ln$>~qRK0Sj!9~HExa91Q~gmAY#i@Qs^ zjnlgY^_j+>`wRLnL0=d2c0unFbhG$wir_1!qqaRy#~s5szog-uYNv3zIZZrI=Jbr9 zEdPuc&s1fjCB>C)8o_U$psfBD8Z%Yk@)sjVjyIPq7u7(tlwszTVJV4}s!vgKri;2U z*8trbuUwyNr2-?W@`2i=W=kRJ5h|`;g%S<^(1{kqLe|jB<#Ll8E+GIpoEz^H@e@>9 z#GiG7<_Id6zwnRvdzt?9A%AuV`nq`UZGTL>7v5)6KFrHEkZ4GSHbbd1=WC0MMP|$L zk=hcAc_HgZX?qtILiaNkF@w~*w0EAAEzOc*dYAN*wE2aGg^9gyStd=ubRN^ONmjSp zikW$8@wnwyqeK-WWpOCAjbADn!%{SgCPQJfPAQl?d`La$!qna(Y|v<_lT=!SiXG*E zsiPLNxrnt{=qQlKP(E3RvJ5C=qW6KX(4>`OOCcIk-aVLRTxQjpN?BuKLYE|u{3y1< zHcpzzI$iXUq1aHk{4Vy9#VUX58RzN6XzUlE_2L~Jts$S<5yeS zOEQ_N7xQPcu$SrO5>I}+Yh-WPbR(d`pLCf=}1}3+B~z7 zi=X6fKz1SFyQ)1nEJmk-btn@X*OHXIN~xvS=9(DX&rE;8-7mp>1y-uV`Pep@_0B%Vob=3-+B z^;xNU;#wj)(^}6?DQRA|VncB*A_mE_xKn=4@SVW&h2Ni~Z}{-<{~!JDFb#eQ(H*S|Lt)7U-AF-79Q`1MZTo^lm=CeT-hteh%qTN zd^A(hkv5m0RiJ)5bp)w7&!mr-b}(`zGiRc2IuVLZse~46qPZ~7n0Gt%m!U1>+Tga7 z=^I5h8s|(dUe1^m7?+8WG-+<0GzcG?eC=Ov2J-Tu^8zUc@ck#@u47rI1^?jchcJTe^)4EryZ;Zs|7CsG)^hx{W0m z%d&Dyx3R=loGV+pjHM-pTqAesHev)`=IJ&iaBGd(!>Uy9=4_w!`ydfMm3za{qp_>yEuG9!7(RFc*}u0c$uk`#rfHOyVKw3@lo zg3@2KG)NjLB}sFn9BBpYf;Kjcs_YZpUFBANmD_@(u__yS~){Fo87Uc79Fa9mLf76Tq#unsr z$cukV?mzM3zgh5au73O0i+@Y*BSZ!B$SAJg91!%Zpjo52{aQg^5cEHSUKZ3`LIa1G zxWjC^RU12ortnsZN7ji{+AY91P480eoZh;@%VOzg9)BwhGD*2&03P2nE)wfU^KLYT zeuO1s8BP3)F{!~F(%^^GJ1$$I++~sb`8#xdPePe#j z`QvS0GtZNc$X3$k7~UT5$mj2m2%03~v02cP8T|c5LHW4-&@59?Nueo!IiG*P*ttAj zzh3Yy>Bsq#K3*yuQ<}>k%0pt9MZ%y5hC66-OddCK55X|!H0~{b*ZfqD>;f9SCp&zd zZYab63e6+Y3>CTrO%B**X6dr!i4=LfHdDkymYW=}vV~kO#|1qjsHTA1CkZN#*FN(k zxA&$yg}qF_6VDs}CFI@=4H5R<{QleL_@}tPnSw4C^bvBWQ}C#{^w1_zir4e>Xu;wV-na?I5U}ZW{;i z{Ft+Ye^(}GrjYj$Ay0W8Zijd;^7}M%7MtL2l;4*LzVbYgc8=A8-Vp|y^X6f+bEGsj zbF?&PKCQ2box5yBye=PqtJtf4tTMEUr2|wrs6U!-!niVIKHJMI+~9AeCsZe$w2#q`3>Ex#M7=$JjQnL1}0;rr(NHbLRCQFm`3!{9bdVIrHYn z&Xwj`q`6jUZm~2sUz)p&>UoeAy_c<$g$0@nBu!rnGyv}e9*6R|2$YbPdKQ9OfMj0^ zN*D?S*$R4>uzwkp@FWz6eW0HMwZJcc-w88qg(G}361+fv0us*?po9~(lJqkuU3*0K zmq4!zGj-+&mjfmEjSZVbq`~;1`+>=vfFC^&pE@UlE(PLWT81COdtkpDbTyFNtN|tb z4;FxyffDYA`?a8ibcEa8pcO#;OMk%+;fFBa1G*kad@4aV06&0z73jUf{ytE`sj$Bv zl<+;6H-Zu#hWW3ce*+Sq2S5pl58Z`8_z}zxf)W~F{s$-_opSIHDB;I2{}c3KApWIC z@I&|%%yir^A-Si`zJ#B_`~)cB-7s$gC8RXl3`&<0;$PZ=AHuI--U?a+q;PHnB_#W2 zL7xNSUwR%tgk=8$=nf#c-wFC6@Jrag1p11we-)JQYuN7sr7I%vFTIYRy~6w^DB%d$ zzYR)=f9W0k5EB0bpoB<9=Rr_HvOfe$h=1u_{1B3x_dp5pFCE4YA-R7al#twf0Q!xv z{}z;RC+xoiJq^Ua^gDhC>D#lQg!q@v;fIj;oCo~_h=1t7z^_vP{ND- zB*_d)NcM|C39rH40!lal_BK$${xGisB|Hf?WuSz8U|$YONappRgk-J+C43F$4WL!P zzA)blN=Q3Z{{~9f8|D;r76@r4c?l@p)JL*i0=iU~SAebp-VOV|fD-nBc|GU`U~ic3 z1tm;^`99G5fn#C*E9jFzEzD1W5=O!NH0X9=|12osR|wB@pf3QwhIuC_;c=K>1SRZ& zZ(joax3GU1lrRbQuYkTP?010@c7^?JP(punX!d{-4u}0~poGN#bx^{~*n7Gclva9^ z{XS5_PHkXF&bFL49XDZD=;?ziT^cv52X4*@`DV3 znXuP@4gzXn)`3n1lB_a8vw;+b9MH8u;pGP^K?)`GS37hB=c-gLdrjL zKnck_50sG1*`S1E&H-Hrq;CsA&BDF}bTM!;>@A=+;0&0TfG!2*!MqG~Ij{`oyFga} zOJH6Jx(c`&<}%QGfW&`2=>0(QcO&RS!v3G2n}q#l(5=G02J{7CzXNoquzv}ZFbF(% zf$jzp&pn{80bhanbx=a=<#4_MN_fwYPUn75Li+X)=wTq0srNw%$^8+~kAW2CFF?Np z692D2zXm=A^KsDcf#l`{C?SO0ZRB2zRdwO15r$*63{ik zGq5iQT?d5G`ARR8M_@O&IRfec{tSC*AlhD_4)!|G`9La>ONt3lTQ>)@sg^hY4MsR#WHNN&!8o)h*`EZRWeX5@{&poCP6R|3heRiK1dZ3r9aJwS3_1$r-#+*E@SesKrN1?U4n zau zQm1$SXC3V6+rNMk%Ke{vU?#a#f^GnQ07q4zgk*moC}B(epT7$C4}cO9A7%gNAFv~A zs?YOJ*yF$1e$FPmBqZ5w27Q_wBQ9G&38}BL6_k*|O#K={vZuZcA^scnZK!`k?stMJ z`!+9g_etJ;n_b+V^=+tsgMU|l25O>5f94=w5|X{L5Az=E2+961=+{8}CsCi|Hz59! zs6RqTZm2&({SUIg07|$CVfOBO^dQG@qXi|D`yPXZy?5V(`X3bc=K3Dg-ykG6<3R~q z>ThJg4TVA0m1%6D1o_?qBzw}82`M`Nt$r-)#7h0LDP0iNxJws23A3yVl0GEsg1^8_ z`rmINoU;B$I-;!qQC%$Sd~d@n>wNoQCY_HE#zs0H>3tO6*64gWeyH<+_)8+)?hRqy z2TCaGb|1hDo=K$7^?}|-?v?snYjil$)&35oZ)KhA0K)IBlU)~X0;Ak|SQnThfzcm}NcYpD@e1OAXAjzOoDE z-9X~gl3vn)Hs%oAHl>Sv0sAinAEo|bhh0m0#wED93@k$!TGB0^Qs@@R$K1Nb9+;K7 zg;Jj&9fA<-J#+}A-axtnA?3H$=nAA0EaL8y{)|pQdI9-GIsqYt&08n<0rvPyBAwtA z5bl#mCm^J6sl6`*l9Af`e+VeDHjC$YfOe>DR~LjB7=^@PRwE~6ovu2TJdW&ERx0jTc;3iZ41RmwgOWgEhaVOfoXQ~0<#7C`!KK!I}3R;9!pL0 zrSS!ZMMVZ8MffpV%!`ahtdOTg@lF@8gNMV?S#Z~4)>?DGn z8E-)>M&lxBlI>1xU$UBDuoT%A6__MFTmu){3W?Z?&1Ok&T!1Z-lHP;`_V8CqEy9{3 zEE~^;K#L6Em0FAlVFzU%Or^ON6GCK$0J1X;1%-wsrbf0FgaF=5HXs@#_bJ%72d}4K zL9QXs0Ez@4kER%w8w#@1@CLgC%%ug)Q9+T>BBdG3K&z=(N;8&V4}p|sDq3K}Z!xx) zW{-oR6iCX=58w19S;_oMpno>_R**lCp}VEHnNs1_Tb70lczo5F$&= ztmTDft0_Cfun^fZ3t88YD@{YjDKsx6y1-Dp)BpqIVPs?)$$_3{n2@!n85ZHQX@(+G zp)}1{Xj^EL;D9m%2ws>L7%8aJOf+}1ut1tlrGT>a47{Cfg5G{dp>#)ybO%k4$bSKT z0RaIa0bv2%0wMrC0NQ}D0m%WA17-wd2izH84pRyf_@D8IjAA%7oU0`|M=MW&GCEaoNf1?1~LWS4m1O$7-x*st$Vi~-J-fB zbE4N0-e$D(MJN_8$iJ*V=H% zVQA6+w#bXX;lS}gsdjj6Qf+!|X6@|SxwYA~o7?`$48<06*_5dkvRNR?C4TCU{s|x@G>a;qY?pEDs-B{hDy2o^z0S&sVx{dLh z;`hb>7_S|iJ$TLFj|R^g;vBLs-I*?Jjo!L`>xQkmnuMBvi4r z+pkZ%o`1dI`Xb~K=XI4+>m21wa?WuYoh5)LoSU4-oj*J6&flDuo!6X_N+tOKasRk9 z1b8cOEN~<6QQ#5aRUiz~A3*72mDC5=510?U6G-{49Jmg6FK`?1dEmD|=~I<71DFF` z43z$ZIt4fb_!#gB;3nX|1U>`01-K3PEbw{YZs2PI_k!*Rz613C4B-X_1H*tFfSrI5 zz#hN^;3(i2U=nZwaH7D;pqaqifzN!dl4^j5kE)~(fli=wMkNgZ>VOXbHv^vs?gYL8 ztOI@o{1|u)NS*RvpavKR)BzU(OMs66e+D{%DsPzM|a zycM_-SO$CmxEc61@Br{V;Bnv?APoeJ0VW9?2YL~B8F&>)laz_TB;a^pCU7CJ0Z4-f zDZr_~GT=Kvn!GFpdet_mI7UWfk-D{ zpuk|zVZd8~BY>j?js+!@{MPy1$ za)a`NmIf^kS`&1eF5|*4U8M88#sTU&Q~Q(2A24i`r3S#`rhTc%6A>$ zFM##F8+`8t+~@nG?^C|t`=0T2`u2(JA2~155Sbr&XXKjzDXL>sm#D}nZB$B>J}Nyb zGiqkkY``4AJV18Ts;IK4e@DF%^>);Os86FlkNP_5+o;n~XQR$XU5L6K)hD`7G|4py zWqkvc_fL=~fNO)xgDZlogYOUiYw!cXHNmyPJAz*feku6n;N8Km2fq`1F!{xSIH;NOFl>7xqv4fYQX4ps+ig4+kj1osct1rH7$5l;-o>J4f5Cd>)HUKb^UZBbfa|A(3jJt zjQ2N5my52HT>0_}_t!`IdG0 za|W*-oU?7^HtE@?j_x>m;OOC_4M#US-*CR=Jm`GS`H}Mz=TYZZ&TpLB&O^~wV=mVJ zp#Ks7U;NMbpZAY!7~U|VVRXY7KvF|;!}x{?4HFxtHYDr*p?h4niH7SX)ee*)ARDYh z`A$L}pAMV}%%=SAYxb@1`-|U{faw7xfZKv@4>}U@NyL95jz|0uVUIWkI1ktt`E%se zNM~fIHcWd&dq&$|7pr?%_lQoquD-6l-p8dcUPIauF8o*}nSd*RcLOVcRlr){b3jQI zj&%;LTf^6LthGgIdpgE>!ELl9tb@Y`d;VR80ZfS0EPnF13Lmc z1G@r;07n2v0>=U;0W*QKfMuP(?R>nmqw|^0mpdQt>g+1-r>K=`F&_W2veu9qitIuzM66hIAMEPu7HvjOw=)2Z$1L`lXm(FH-DbFuw{k7;5 z6tn)orvaY=@V$&Vo&@hp_yr{dB?2-5vw{pki$z`7oF2P3XfHI_4~72vebAYp--B*c zM&ekjDT|glr0VD&*;qnvmL%=Rbg#&F-?KdD9~K%G9;OLv7dA315s(4M2{VM< z6}Bd0-?e9D?eA|-I=8ArVJCB^ zHJ#RWdZg3lPQP@LI)`=+@7%VtwsU;vq|Uc>&gop(xwvyl=d#W(bv_FC2B7V-v`bl+ znl7~f>O)|YY1hoIMO{m}TDz8Y-QKmX>%p#4w@%%(-KKTh3h?hfqz62=t0p5(W9fsMyEulMrQ!Z zqcJNh+UA^rKMkxO_}jp<(0i0^w=Q;JtQpW6-C$7Mpg4c%`tiD9Xt_q~-zTavaEZ&?GKX!Dj6TRLxz+S(Jn zfvTDH80hit+@#8sG%l!TkmbU zZ46Yz5FE4908_tx$Myao8W z_S@RywZGJ!tvz4cl+Lqn`w!cd?WwDMZU|_gzIh}dsv)MKf0OO!POmYM2G^KKv~whm zA-uzx-$eWDY9FAnh5*BWeSk5*k-*WwMBrFpIxrJB4_F4gLKJ=B$AGSWF?6vWK+?;S zfa8Fvz%thpHOCy&@zJYee*+bbr^p748Js3ds zeoplI=$wIT2KL-~k5`@Q+$y2|lItKT;?{^!5vi;#bJsmEp-t3w9ne+RbyU|Rz=W<- zY5An$@6XjwN1k>*O-yJHFzKnsn0`vbH!77cz#q^C5CjMTgaOomwt)74j)2a9u7K`< zNI(=I8gL7sH=r+|A7B6=7BC194;TU%2DnuZ|k1_A>x-0Y<<=fC;b& zPy{do76VEFHo#KAa=;3}D!>}RT0j+`8gM`0uYd;t4+0(nJPddg@Hk)-;7Pz!fM)<( z0owrE0nY(m0PF<31b7+nDquI@HNalLn}D|fZvzeh4guZ+ybt)$?<2pD0iOas0~`f> z3HTcDE#Mg7d%%x?6M&Nd2cRBs3UC_mJK!AP55PshWk3Vq8o&vl!s`p5zczp%KnNfV zpa!%Bv+y=-3Ob5&a%m&N>%mZWt41ipK5wH+o0xSX)0nC8KfKq@BuoSQy zumZ3Oum-ReP!6a7+ykftQ~|01_XGY4cmVKVkH>p#0z3(L3h)eID_|R7JK#CM3xJ(~ zmjEvVUIpw1yaw0{coR?u*bjIIa1ikSvG*=;QPuhX|DfcJQP^U=!N#DVqG${Zia2>m zG)+`W>`INm3`!1{VDM68WOlKrtmw{`wdR$|jI1`+wCql0#kRGv)wb4JQCYIB6*B+l z`&?#*1ISeS-S7YR`2BeK_IW;^&-?Q^pL5RV+&<@X&b)$NL$9MZ(Oc*p^k?)J^gj9k z{SAGD{*L~EK1KgTpQA6)SLhq`Ejoh!h5n6xKtG{l$a`|%m)-E$B9MJGv9yjqXLiNB5%#&>zr4XbakgcA$sRqv$d8IC=s-iJnH!pg*B! z(LVG%dI7zJUO}&+*U_8kE%XlhGx`g9AANxShCV`nNB`h{umydMju`F6OG(5a!WiKjS|o}G#;I@#kwU0rJ_k_GMa);Mbpp>G!xB2r=z)O9-5C9qBGGV zv>2U(&O;ZV3y}lmqI~2+OHm zX2OB@8LtqQdky7&LtEgTy*l?%%Cpc*(Rn->m*<|+n!2KFIdLQmmr`nIHhs*NWT z($6z<=**$gce9HAnM9r~$TOIG>6;0>Uam~MJW={R)IN<9v_6d~^m*S$Uq*YhQ(U3+QIu{erI+G5`X+wZBK-}e+e_(1_}lg)^dacaC4Kjh`o@IPFDuve z&xAY^vNz=UkeXgKz5M;D>NtzQKGmN3Q>7pEczvg3|F7><>A(Na^_|Z8Reh(wwBJ;o zwH=H2@As9e{iLT2&G;F8rN{3lUD=_ZG&MFYR{9-->2s8^1$M2k@qV61NnfM)xP6V0 z8wV@>jsK>QZzof^0#b&Kv@w=bZulP&*6ZPjzT|Mvf zAA)|_{ra!%Pt5wiyg$*`kH}cB|2OW9{>2{p)%5oILdXjtFQeDccj&s9n`7>Zxj$xW z%%d?4s1dax-Cz38)aRWa%D`#qq6i5^eNaC%0GZJs6oF1ek!Ua)iiV?T#4Tos1&u&) zXcQWQ#-cI`l}$qalxlJRb4{dNSmxkOs6Ly@XyxucJ57Tj(A1 zXY?2JKKcNCh(1Q2po8c$bO?QcTF}?%Thxla4>=n0BWgqKi005s{z6e7)DI0nW;6&z zpc7Ff8jOab;V2rNj4WsbibJE&7&I0oq6sJoC8P9SQ+l1+Yih3(H>GoBEN`k;P@ zfjB3a(I6CoPDGJtFp`0f!%;Mnjv@;hf#T38B;y$ZpGEVIkTj!{Ly-)6?uP~-Ga7^< z(1|D#4Msx|gI-ULM)GGtBTyU~g~p(S&C)?0Ol!nrg9Zf~k(P=0H%|>(3 z87LDiKw0Q4l#R|t=c4mb4!Q^}L3zlD3eYliF><3~REo-w2dzM>(50vntwB|2En0`J zLD!+{Q8l^=Z9uo88gw7ph#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09cFM1B`M=zq6 z(W|Hty@3v(w^0*%7rlr6iki`f=wtK=I*2|)htLWLL1Pns0Q7E?n3vVT67=Uh#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09c zFM1B`M=zq6(W|Hty@3v(w^0*%7rlr6iki`f=wtK=`VxJGzC+V_!hagdK(o;tbOy>q z3s4q13uU9T(Yfe+l!GopOHdwiq5`xGU5wnQ3av%!&^72fbUms@H=zyaR#b!TKqDAk z5Qj#gF=#B3j<*RY8QIW8l!nrg9Zf~k(P=0H%|>(387LDiKw0Q4l#R|t=c4mb4!Q^} zL3zlD3eYliF><3~v>IK8F5j|dOBGs+)}d?A4d_O+0o{r=q6g6?v>9zh+mSrWljrvG zuC|Oz9){Vl`Pee-N=(Km2Rlyr349M=pJSo)3mtEKavJHuj8AsscQv*Vdm3xPzQX#^ zmlTWHvBg*^wjPsl%<_Eu6HK0KN7G*<&$G|Q^ROrBrAs+oSDqF)bM7;_-w5TOsUsS)5{o?zL?w8PSe82PhU7)-JW9r|#e|mp= z|Ec{K_CK@#IsNk(%Pa3-G@w1c_bpym-naOKcP(T*X;))LO9x!SXwixRGG4U-?Fks0 z`U&GwL&AE8+0oRnjIh(g=7h})n;&*|*g0W&VfkTe(Vnp9!d?t}IqcQ2*TepTLd?C* zQ_UIX+2%RsGtBeNi_K@7^UV2X8SmJD_87)De!|$sUITj%oH{UL;Ov2O2A(l+{=jok z-oX5UYX@F6@KyBYz@~xkqW1=VH1NBDM+RC4SqIq$r4KrN(1Jmaq547cyt`qLJm(%7 zJ}f*HO+u5=)bMHHmxQkizb5?J@EgPL48J?PA^b%&E@EoL*%9YOTokb+A}_)ju{5G6 z;*tnY#M+1(BW_0bMEpMD!jl{)oj4?NNHSws&*GhvvLWR|>W93;NXWkp2^%_a=r*K3 zv)(yu@35DLy)tYF@2D&ue$ntH!z+hhflN`MQMRazsO3@RQB_fEqaKKQIO;Rrn~CE& zxH?`{9jp3Xz*toor}|Cew~1Gbzhb4@dNIvikT~ZfiP?BMm1m zaNMYj9W^mVrWclm&BkO5>{@Im_D9UbSeahfXiVO7slwJ`k7IkW9fKLqgPqCPm^IkV z*sYlBEp>cu5iG;H8>f33W3V$YeY~!;v5w;y_4c+vX>UttZv_J@2CimI<8=11i;%u= z3wyJ_O+i!pPwzjse`fy$?00L~-}dz1tG(OQsO)RK+0Uj9n9kmG75ma&MtRFP@5TYW z*pH^7=}6s=GTDpHVgGqHY@cr*YV_?xGuVe@pV@=?>~$e9O0wNV~rRjf+T(u%a|HCBjadKgZYJuZma~acxAk*4}F)b`RM-WY3TnhP*W7 zCZox_WUmkkf4ou{HH=+vkgQ8Q`t zYnAr?K-A`_Em7N19c}-g=!>Y9sISp?%6>2|+7_Lvyf^e6?+nQp^O0NQXw7`ozohkkt+d~N(S8r^_-w~NcYLn2h19frk};6UDnYi#U8;P#dd3^w^M1K1(@DG z^)_@J=YqdkKDK;fIcOC$GzUjsJM$S0){xkZ|=|3O&&pTHt=be3=cV0*8`KFh0zL{ZoN5Ox-S*x6H z_9^F^mw6N7^#PwK=bI4ad^0UCi|Cb3=amt|Mh_b^EE!E^Ow^F!LpifV4L=*5 ztDIk!49`QZ;qKw(zH?1)&Na5EiBaiMc61t2&pTH}Js9;+)YhnNQ9ICQ=up(>QD32N zqP~qvj82K3=sO>E{rAS5TWwiasy8)FSVIuC`QJ)?2b-*T!BQyFPYF+`VyM#ChXZjJ|F3vBYDET>NV9DWxaf zYQ3FzI1`fRBri-plXp3*lGi6cmi%n8Wpl#j&o+OvIcaO^)&pDL-)h>{UwPL?-i?*x zX@qx}SAQ>4-pg8r$-7x%7RDTp#AawF?~aMRh5Z@Z$UV(A>|Dke%X>zHIR-~z)48UR z_hBx_)?oU3KKlDVO9rX$o9pi@AEv$hfXVy2)35{B``BK#{VSL$PJQoBf4|fB{^Ymn z`;fBzy4q%e+v~HiZUU@es;7{7p5~WRC7aQ0HWIKzSY)22)-FDO0r(R@W z+n07OZTm27TiSIgZF($iS=z9?&-7R7)Uj=j?2WLfJA)m`r|7g21?p|--8=2O}*-N`#LYut;)5o>TeO-6&8`%x_dg{AJ z`C$dDLw$Bt>?1O6UvC$&d=)g_G?q{2$nWM%;e7#l|NKJb_lhp#7j!O151=h*2ik3V zl6TVOt@LM2^8UHJdwxFOBUsP32=<`8=y~)aI>I}H{re2yt@MG)d+8_hUi!s-iuyDm zQ{RDo|K0b8zDfP2D%b4tj(RCNJmBzv)`6`97YmL$te%Ph;8mPM9}ESK}% z`;EN!-fv{s$b^w&M=l#(G5UqkFOL3f^f#lgO1LZGy@U@E+7gZ>{E*m|*v|XGrQ=J- z%df;I@xFUVQg7aK|4mY4QVj39CncSV)c4$fN@{0p^T5sFo6FG}^c~-3@N8YV^^L7> zZaup7$E_21|IdN;@h+mghbZ3-_;CA2+YfL5cKeq*zT6@2zx&^P&uz~~%h1KV10Uk; z?LEOez-#t~dxv|YyfMoA@TYpGp$pK3$ichudV4U@?&W>>`)O-p2Q-uSHN|2$hKfzo zOn+;=)XRror54I1R&arbQ_5$`YW_({-eurtAWx6FBrL^1H=eI9x zm%8fp8_$Ol}C4364=+y99+R1FoY_{$iw(d=q{v-Rdg~QmwV@DQ_E*!la6`>Mz2`Wbw z=tcBT^f~$xeTBY3>k`%_T!XGd*Q0856WV}oMK$OSbQgLbeSnUkkrPHvh)1JQ0_vaC zKZ(}|lLn%2^c(bBGz2lgJ}C;FOnaKf_8;0lw0$B)D(MW2a)jqp@ZhK~Xmhw%F zbJ`v4xrXCPUydwtY%zNW1sq@OUb{CJIpw(WzkECy!y9lHAUSuXbJnnb&~4~;bSHWb{S~#L5fesCh(n{$7}Sq51)m8>G9zBWP2%>H^G0OSU^EmB zN54Z;k4-%`q2QqbcZAG!4x_GtuejJahrN5cTu+4NXL8 zXixYH;V*?ZhQAU1X1ILo=05JJHt;Qr4~Bd&MBYvMkoVtnqb`o}@I9nI#r!Ge*_eGX zugAQ}cOgEC`HF8t9OJtX8I}yoS?E%JZR&bUwMG5rO-O9-*gmoSV*AHNqQS94c|~Ak zY&;sRd<`c-4w13xu~TBF$7aNyp?nu-A>YL5JJLLI%*b&g{olr^jpHlF@$!9~rK4*` z?;rir=ubx<9=$flA>Ypl<@-4&CY{9Bb1X>{`F_q+ z?fW?!thZS2(7v4`-*_0Ce0p*gTEbU!u20^XyjS_ofch<+4VzxvWZE)#i-m9Mtmm6L zW44alI+5?{tlYkOJG1|37vJb=>bPOI-_@Z{cm^il=nyl#qkd;+-@9CAU>|7q6BPR` z&wIpDHCqV9N;F#!#kOhoJQVYNZ|m^S`yS5mzJv3B()VvnJgbsx@+$g$-rycxjt38# z9x};(EBmbMpFe5)=MP~&gvmZB`kd+ zhkk6-kBM?Dd<^NwKsnCI@y&P~8Okw3jt%qBhS-|edt&d6-H85xHls(-8?kT3zKxnt zYpi#KWn}EgN_6kY$454g{QJl!;th6#%_vzD0WNi!?BOXz8-rZ z_N~}=(4S+EaCs}o{Fsp=l;i$oBQGC$&&c|bAB_B@(>Y*w{8RCJK z`Z?j*(aJaT#+@>5*0|Zq_tSzs7yR7wfO_no#L-_p{>wMj4tfvrt+YelulQb?9Mk{X z$8*#Ft;bz$|Ioivp!d^NMLioO{Szk6)6!=W&KQIFeHZpszh4sR`)-Lm(wFjg*x+AfNH^yH z!Qg+L=C3bLwIS>^_}BDM{t2gbTt6E%|Bf5kU#o!z|MxV1J{{lX-(Z8k(dn?Ee!nyN z&*@k{WBz!9f2iiKuWzIO1cSf1hw=v`cAS5N<}Y6`mA@=4thW!Fq5P^I>NCgSua@fn z|2jkc78?9F^icj;2LFwkzge5b0WHku`IW!L27fKuhr@>XW_q{5KOjk&v}^hG<$1v1pQWX%KjmP| z&F_~O{EZ$?L;3p*{-s*F#h6hGziRM5toe5sR1}c+9fNhkIjn3iZ^ zeg6!Zsiy18Q>CSMcl_^X@PA74*Yg|e6k+h+tNF`sTy^y~#NdBW^Vhf6VMEwr@b6S+ zR>$paHTXwp=_hI#muO*q|C(a(H)Y7{<{#;`4H`b>?%dc;b zRR;e9T6%Zex60rjai+Td^y5jQ7S_vOZ}7Jn(v9`I)!=VTpRVQC_vham{HwHdz5N>V z*M)a%&l@!VGOfZ(&Qa6l_kQH>4~Fth7pUoadr-an|8Ft)XKDT?`&~LrJ#6rQS@Z91 z`_>!$Ki2%aJKp}$;NM~963FSe{hl}Yr)lZ>_B7^y+2B82^OxUjmA@q}wS0b7QTcn# z;Gb2Xrl)A>(M#2^KEF2%{z+Q;$(qB?<*NT;E&p2v|0Tt0dWVnvYQBOdgZ~E2f4Wxx z4J+0B7A?tpA5S_;1ww_2bvsuXfD8Q%kSc=1_H+nm$wue`+XydZn7K zAJ2Ui(*o{W@|-NjKQ_$Ybd6dc{dkvW@K4gx^#M8?wXl9Za~b?2u2swHu0G2R z{*gWSdkp@@<+Et{_3d{>5B^C8{~LPnpKhq%?|bl{WANW<@XylH_4Q|5o<|J+#`Fz_ z`tLUQZ`9J)Xc;%ISGR|LJbB9CZ@FGg?{0s2#^66)^Y89@c#pxqO7ov%To5h1&)~oD z2DLujonQ7F{9o4myK8T+8~lycIH2X%+s}Ij|Btow?vDQ-82lru)%vf}W_0+*j_dzJ zgMaBwYWf+*ifQ4$8~pFOS@qZJYs_}Y;J>j4|3AH~mZz`3otpp6di`%v)6=x@*M{FE;pB zY5w~8(^&sy>->Ic{cYMCi;D1>2@9unbv%!DNJ!*UDZu{P0 z@K4nI_4Z|4o_h`c(=~tn`pD@22ZMi(=HFfWsWbQ+%PTe1?+Jr{m6qP!@;+_wUuP)K zIKKvi{|3!pzyCJ+?=krA?4dsU4F2^!`0qFP@74UfTmRQ<6?f5Uq9 zIqE$pOtnG%k9tqTuE6rJMVQf~UYQ0W8>Ya#{V`pPG4O4CDkfYvp z*u&V{*y!J>_TliO-V>vadKY5JSn&wePPZKOIQ&r1MVLsS>*elqf$*P?>>8N)D_8#^OHg%e6 zzde=uVHaRk*q={R?bhi>y)R?S$D!y(6%BSSj|xJk{3DJ?hU|3P2R7imqu!S zsJ8@r0=o-yI8_^-NBLMjc0D#{nQFUSl#itrP(Joik!trWr+n-m*Z?^1CBOm-4E_Q~-{&JnU-$+=wmpXHk7Busu- zNcwZ64?7-9z{X*xU~(NW1v?d+iJgwk#TH_Vu=B87%!Mt*mSaWOCD;|%RoHs$2JCk1 zPVD#CAFwUh!`S246WFuZKI{eTCF~tcj(h*D`mSbP#yZP&Xjk>#Mtor1pCN3l|69a4 z9L26x9tS^mTja8otZ0#kfufhpZm zTw=*DDW;@yeu$PZzo2Rtz zOv_nS4{Omr$i0vgJ47Rj7|lCO*YF;}Y2l`-JMJ=>{{F8MOt0P}O{Bx0e*Yx-n~h2E1#J-w>-Z4W19P+^`RqQx_*T#-&3Nk6P!#|`Hw%zA%DjE z(2C;nQdd5|$m()h3QJg>uG}I=ey+#0w4`jc#Z^{DVZ=M~a?4%m>G^JcqE~6NQs+=i z&Z}}QWWlCmRoL+yc9JajVlo6z){tHflO4i=*wN@W&>AHJQrQ3X~T-m95EI!S* zHaWr_Z-Ln=lXKnf686%PvW^?is&75=|B6!dsuvuu8vZ6@)%;6>_1CsjL804qyk@g< zoGEvlX=R=%H_ueYzj1k{l~^ujI{f61-hVy)-?O48e)RsnUY%cvHt*A)Qo|0yI}G)? zcX#KyZNMjtJXr?cDfl|O@DE%*eg5y^H-@^1>FIjC4r}$1_z33lljbv8TTg?vdFb)t zHxGM*d~2}yw}14`Z2Iq+`^_J{_q?IbFY+ywRazacA^f2hr`M_OK?JznzPM%qc(KI(Prw?BF_ z|MjEyq1GS0Cinp1J}3R;-97jxuNk`-8$vjH;!oZU*hg5*q@TQY?9X$4^7ftklXo=c zz%Ii$g;fO_fvP|ghd`4{2>DYlI@D|3NrdHEBL?Ht)pE!CCYJJ^SSZ;S)GNnZJYi@7fWZ-4%rIdqMaF z&QIol`eSY0MOY>FDE0{!Ro~`yV|QUsV6(8xo^SJBhwZ{X!-nr~^H#su=KTmWztrX( zi#^G-zMCXjlT&P|6DOrj&dtkrx(a5THZx<^>{aKE8(*4LIJbC#si>sbwc4@N<&krTPwCHFj>Z7cFUT!^nM^enR!%e_%P_eorgJMvZ+=N7r_a@97K%kU1d z7Ph8DRiI^0w8+9FT8g*@lojMrmMYM*`|1?ry31Xr;)etM0a0` z!O`wtE<;N9MZ_1K67M`EezhrnPI~@K zY-vr}>gc{~tyvY9cr4`=rKKfhG%Qp64CY{pKg|@Mrk3l3aW-OqGUMX@t? zwP}8dg6s-cxdhK~Ig8b)>}3^YO4RJKLP=Sa>!~PHCMt?0mx(OmZo<)ok2sjl$StnO zEn97x?aC`tCg$gs zE}&~diO6u}s}qzeB~n0{6eWd78B&Dgmz&kvZE{wPVG8xUtqw`e{}EwyQ5 zdE96#XL`BEmI=9k*YCqEOi#m17SnX%_*etC`Tat1!qXgTmT_j%y-Sc80qc0-waIl2gxVvL)xkQ>HhjWqz?Kr%e>@IkCQyQpOhzl zOEt>+mvt$BvRsl^<|lD7E&G7fTc)KB^0yF^I*O097i0PYEq(>;u8a&VP0H!cCvd&u zrfdiCmHEk^z7F(y1+FVe*OyLhGx^l1{*CC_4ry|6ohcXI#ECY|gGLn-zEJ>Pd30WNfvUcN< z5wJSCa|u|T`hG*Ncu}cuhp^f@-bqMjqP_>Q{ghjez_?ES0rm9x2gGUnWk9LcWNp7x z?q@ob-7zJglr;T%I?&x88Q^J6)m^pAu969aNiBBNYZtG%?73)PNKIwu{49#@&# z(b}muTp z;-8G}%qC!KSyO%0Q19}8&4OCf0+y<)6F=_@{9KhTQ*wL5~Zc%>l!9uiReuW54~iVvuLT9K=~oa3eP@L0cO zu%_s-9UG$GIiLhB~h>huLRzdo|zL zwfmcc&c4UF1K{%3chaDzt2D6PT014my5ll)Rjy+x{bx=`ZvG_|g=Ma;;w(;=hY=+7 zCYQPL>8mST;j$DK7kUbF-G!ItdSpaSe0f0spH`HmsKVn~)iJ5e#bA+gmzESbe=Vh> zdtO;dt}{QE-n&58+&nriP4w@rVw4KiaxBX&cDh|<7Jrm`HFc#Mv6yZ{uGNYPi={vK zSNVCCmAO`0a*HjlRrz!!%2H=By2P@gu*_4D>$Vg~zcH~EdhY3YkEN5)&3bco?@;b> zrlpbiy&FaCSwEe zO-|~j5Nootq$szr*r5*Zp&+ZfWGTZ#eBp_O#Vgq2QiY`zMXqAHR6W*YwHAJ_WQJxr zN(vn6&@3rNnescNlvNZf?bKJWO&=oWcS@ztSRFQ|#ral_(i(grxy3JZ$~sUU8x$57 zln`Llgp=_~(&_85DhsUnxeN31$BoO)D@?bT7RdEN{;E}kR#@fcxO`b*k;7LER}dW> zxbe+*=a!cr*P~RfCcF3G%Dl9su$Ttft&dz9>Mf~zr@(?r97Rg!b)dJ>Q_}fAeJosu zB}-0G=IG>6Qn4r39azi?Qx^Z`(cev57n{d_d8RD>&12YwDT{yeR?=ma#lLy^^sQy_ zZ{9LG+_LyLFPC1(EdI?ar%Nk~fAc)_wPo>dUZLq?Qx^Z`T};ng7XRkC=@QH0-@GEz zDpMB!=B=W0EsKBiR?`ERC9^N4TP%xz^GZw^%t>q>{}q_B_&2YBPR%U-&2!T8mBqh# zF1q8g_&0Bo_Zw{3z(s?um~xez<(5&DHN!D8bJmOni?bYAb7m}>C9V9Z z*06Q9YvDFSyq?|@yUVZdQGDpxnv|TBl4MItRX&25mNeO#WVKq8ttnQUHPt%NI?0-5 zot&JMY)wv1PD!>UrzTHKo|K%HJUJyP#hQ|wl9FOeNllrUGASi3WwI^FX0;{TQfxL` zs%@fek}b_PIW;NOnwp%Nl4?s$O`VuJDK#y1^2DTx)``gzQzqIbrcRtVani)JiIXQK zO|ni(o|H1lHYs(|#7UDTrA?ZgmXu~qOHNBkv!$h`O-!4VmX?c$7WU@^r zilgI19>U2f)PD+5&N3@qxyv1;jHA`MSgpx&NY!I~cUN-jU(O>}3dk?vu!L{%P ztOol%ww$=l&;u{W9%cF(cr$hv_7vfL*sIt(STpu1_BHkZ>D#e?GyOO;r5yA2$4A!P$|>8owwzNk&N!jL*OUed(&Z&#V5#or8fYtx^=czhnh&LXewtLHr)Z+e9D>7&QI8?l6) z$Gp3+DUVSGHhjpP%+I|0nD=(<^9 zv_s5Hz21JNqrLLSj$vbZSK)WHJU>7)w^Xg=5~_zj1AXeTbd;p-P$7ZC4j@l6KNZ zejf>6LiotPdba-GQ}_RXZSJ9rh91(ps>9n_o``?5Ph$<(_gKtPwayRy;IDh1ACGx6 zu(jAT*bmsGpN@IAV4q^iZO6Q`;Hp-?earVy^>CD_-8Zer35SGqj<*w6NBN1Q_hjw8 z+k5nx8``r^;CyQE-=*cbQ>()#-INh>Lc8}l)>GAy&URsY=eVx?x{F&CWd7&7@%xbY zRcy+NpZ|1T-0 zo_ud&=gGFG9>G{9?M3{q)_6c;S9#mCv>jcPo!qP4yAG3lZ^EUr?Y}v`MN-!Yj!WV< zPGeVjW|Q_l<+||;v`W@_U^v+6I|K6V3Yb1#{@1(lJJd~lU)pFi$GBY0EF9PL>0iQ; z(e2(FB7!TURGZgZ@C)*!{HEROJh9z7D6-w#tFKzdlz#1AcYlr*1Jv-*-?n=bhO~Rn zAIf}&b)3&jVeQ_dW`A76aC`^h8{Y1{E2iChG4?+89cHnp;RPBcO*ap5Ph;&^RBXF< zE+%Qq;bLqA(?+{+MCUl8&wnC(SvT`3BEB#6z2;=q9-yB3^nZ&V1dxhMl~4RkyV||6*lAckwhns;8}mobY1qZs4OkuaI+m4N zR_-dBFuSB|C68OPc|I%e@SMflH4~WjtR9mPRIj|#Rm3+B+%Ba{UfxczjP2M7FJ1S# z(-`IbA?2kQ=~!3Y6D``CJ;cxvFWu|$x$>Qb+)PuFWz;CkhzhOiQkj$V`V~uG|8hG2 zNAy@neb%SU_2d>8RupCE^<8FKQBvr%jL9u7DPCPvQc-S^mzT;*8MB*^o?fVW`)Zz^ zzJPhAr>`h1FZ7I=U7Voy6I(8r%_9wq^7xMzlU!x4;(V85Wm#@1Pb=)*l%2slJ!eZf zC1q1DL<_%>?pah(P*AwaG$MY&*zyskvt7l`lCoK= zJZJKRH=90DlT7enf=7!ob#@6Gk@u{Wz*+R9(~Ime@vB`Xe6+7sETn2OR#3^F#mFYg zm%Pg76_m(XZh4|jYj8?%QK_pyiC)0^Q6^^O6=vryo#CN7epYdAp4&CIKnX0&yLe_+ zS&64aJb5mrJXut7(5%#T(=jxUO_-jZd3LUwH)?!7YV28RtX@jVeC45{I)7PJ%G7M_ z8Fz;O1HR3)2**?(@fU-*&bP8;?HOWWj!rW9(X8|nevvMy7CHFx!h+fpUF^`ZPDst z&oY;%FkjzM*?n`16xR+h>bg_1bP>;r=q^e3HpRQ$6*Nf2QIAw+#yduClOCh9bBYp^ zm7Bj@@mE5OIw+GEU+x*&1A8U1gUhT{rMbn*H&r?xnA8@;-a_j-hnElaI#61<>2!BV zUas5Mj+HgD$m8r7p_J})IknZlNIuO{=&4Y~PWa>0b?EzefytN>_z8qgiL%SF>5X}` zvAUh&wSk45;`PshC~YQ#cB3p1uU@)Li;Ig{0m`naM9y@Vlr!!_HmtVP@`5HY&ePbv zsEiWJG_R+z0(g;3b{|>x{IbGQj}oOF29#-z6i&v{$fH&ztnPTqB$-O`R1$IGK;;maFsHt??Fmt-vLD1_5DXM#dj_P zell6DYQ_?`Q<=zK#v2F9)Z)c+GZq#olc$xGsB>SWY#eR3G-c)%m*g@dnsBb$lvz@|G^3<~Jy?%9t&9_fI&XFIEcpbGQYgby?>sNg<_U!Czb;858m7yetkhBB+9oiMSWrew% zJ=IZ07SA$Hn)0%(NrnmKI>$3l#sq0+CQBKEVhW43%pE*Bj-%@6$eD7yKDx+117*0D zMVUYAMXe8;RNY%GvWT2Z_)L#1IxqWbFA&RGS)m*Y)dWtVrrZioiHT8bZdu+jCQeC9 zi+T1pM$N_JLe6qd^~kFRCX6)|YlmgLc(5l!SxQ+2YO=g^%YY$ugpSfG@sf*;k^+7- zmT6_Zat$CWi4Q_)FUQKmROZY`DY-!Lhsu|!!@RUa-cl%LyipqO=(^qVXnJ+2r`R-F z*}CK1YJ(YVip$QXp_O|qv8P&Q7nU(0S2Qy@y0GI|@;EAvNwBaklxr@F`eCHl5vFX* zsBW$vI$xP&EzDR{M1kt*qPwe(|6D$~NRi98w5jsHjdz;0#ke4wYoY(~YImId0%mEu z(6=Y?3$4ntVrAFpV#Q~bl$OehH>~cTcPaS4zrssPN*TSXw4MLOl|I_796=ddCASje zr|KtUSn&&Y_I{IYtEfK)6*B_my~i^)(+{)I*^4-PhZnb3hU;A490n^;7Ic`_M2b4 zD9U1WKPTfNU1*xin8#HXJNGy0mXsrxv#g}_G_~dB=N6CVgAsDY=H!rd8OPMiIg%EZ zn=ZJ}()Fe_v5J(Nk5Qxilm4kweUttv?nCuViN2{dzA456%c#~1F7(BW^-XDMzVIpj zDS!DF`64g!N1p1RoEk9ca}AiC-Jfo^`yA|n(Z1O6{waU1vHr>Neg_L9Y6IpH>vxLv z6(T;qKxL(W(m&#>T{Upn~L{O`7=%Rdrl2lQ}$E+@gqi9 zOtd$>!6HayIt$Uuhrd`TzTg?Z0!mr(dY1By)-U zD;us}mNe3oFwj(Dhp`JHX%aK=!llvU*%nG^Bm}t|d0wPnAeUTGQa+FO;c6gKt-egcG(xC6=PHy!Q z)T5Dh`$Q@W#r-g^=vbJ~Ql-PfcYo)b(9Q{COr_FArrj}Jzb$daaa#024Mofz2hGM9ESw_w&U z%jf)s`CLKeOIZ}ysT52NQw=?MLF7rE*nJ0ZFxjorfI8foNbhVgIceZscLfKNIaQyf zPUWsB*jZaU7xTke~v=B_TB!4G* zFz%^_j`m>kBnLh&2qHuBWW$3;|Mrr;{UA!PS_2-c1mQnPdo&V+t2L#=qnBWEq*DLD zr#ivpN$K#oCzu?Q7b%_V%E3sE*TJr;6yFU*ke5@Feb0Gv#a1a@-6BijC2?voWIVqre%6sNY(++020!K##F(@xl9Rh0(i24e0zz+SABgv*Wp^`SgMRBDOWov91eLIy|mQfahE%!gIfC?7e=co zFP!tm5}r6~S$JIGTE$mMJp9lQW5JH=>nPyrm<(Dq@_A5CHuZ75rCj~Rn|#Z1m-_5n zhSeEorRBWTRaT<>1d*1P&tg=lPvX1Gq+bd+^oRE8=_~n-m2~whD2%T2&>NJ$oR^mK zJGolKQ-Arnb8>pR@*1?_6+s|OwN$X$P4AOg6IaW_l3RdT#6qf5&;?+VK0Z~@ylIM!@;Y_7Gea6h8 zlq)m7isW>7a?6*i1*x-;_pF(8f3{ihVN)9$5QN5?kxt3q3;zQHX zy^nZnn9eaD@!B8lWx9Ug5$`&9(x4;WdRPZTm-jL?L>%$P!NwDhcr#$m;3Hl)Y#By= z7(E<+m*99RphVS}W@X4nSXU}h}&ug4GCVI9nY&9D-- z!CII&g8VQOHp3j)1}kASKQdPh?XV8!z-Cwp+h8rs8A*Ov9Y=mx3)^5FjIO3$&<>kn z4m8J;AKGCpbi)Q%3!5c<6!|3`M&C&J&mH2(Kk^p zw8I9N0~=u_Y=O0~4K~2&G31AdunlIyXtr-1jN3qZ0_704!yH%%D`73Hg$=L)Ho^@2 zGsn_S9;3W*v>RaxOz?P*86n{Fi@HcI?t=6f5(eW&Cm&>H;^CZz)i3g?uU)=AT-}X{#xb-<6t$+ zfDOPY=oir zQIFfn4>Mr~tb|V30N24bxCz?tAU|}&YT8*HbkYvZcj71Q7jA-fxF1%+O4?cGUCfWL z8*U=p3`1|BTo?zV?`FQx4xKOuu7j0u6Rd^%VFNq}n_(#JxDCcZ`#t1`)zAqW;5t}& zFZm=44?=S-`EFxItjPIbujby%okR}{jdRMJkI)t2MH(MM>#e4!8lk6 zov;=jgpDwR_TM7$(0o7T!bG?U*24X;0Um_SFqHkkypen`5jtTeTn8)RCRhje!{`Ud zC+RSh{i71b$^HT}U?W@yTi_;Wevo|74nt+XfpM@JX2|{nov=;P*)J0RK>2LvOc;7U zez2{c@Fwy}7-qm`=!Eu%m>+b*O_C1x!#a2nHp0-2)O$1eVIs_cZs>%ya2;&iMt(`( zPJZDI^23HY@;$+P9;KWIXdf^R*1`SEwQwDbew_T04);quJO~?M=qAdq zKjO_~d0JqcgrA@sn6sO5U?p4!8=(ik=qD*p;^BT+_Y~#91{nGf%K_t{`Dx05iO>lv z;X2p=H^COTA4dO?{4f#LQhpr_-Ap+!4%(lg9O#BlSP9p`TDS=|!2Pfp9)vA0bPMYd z#zA`n`C%q>LN{CotKlYC2lvAUcn~(i(5;jw@zf{hPn1Kr8fL&2=!DUGCeX!VKvMkz79Gi{RPT}cDM<;;eJ>R55fi*x`X+@NO{l>GhhyM!b&0KnqQ(ENr#)D z8}5g-@SucWrkpy$Fb+1r4A=sz$)ETNtH3^1Z&}b*bEQC78v?4%Ln6N;;URg zkiQvbNIZ1H=+`I*+TkYXhWlYHJO~?L=p$@D7zbNm25f^)Xl~?sgmN?CI>ME36Rd^% zVI4dOn_=jatgqMMqr}5F*a$OV3v|NhHz)^Y!cEW(_rpqf5Z1!bo#cmcumL7gZX3)X zocJc?z)ZMK{NN^NKR`Lq4G+Rf82T9XfpM@IX28U^xQ>!~!uo+BCigq+pM>jRJv29Q z{UTu)`4sd2GybsdUDgBsIq%~~xcaY@KPbdx{($Y*xzM-w&`ezBlCfImFtJk)daGzFhHgxxG_14Jxg{`ta`;pH2vO^Da!x~wi zun9K8R@efwSs&&Bq_ezm@V4}dSD%_fz7ZLw!uiYQ*fS@uwMLN6Ey#h`M^vV`2ytGFR zg!QluHo@qV$qzGOq#&!%FCZwXg;@z@blSO=S6BW#s)82Jk6apZ?}FdH^P4{U}tum#pbb3FN>9k#+882KvO6WU-i%!Y}h z$PY7NCiSa^HH7P6y`+yOo%p&jlt;J`))KBvpj=5GOS!L6KD0qM%!bv_16yDXG>@Y^ zXopQO2e!g$7}?1BfHv3yv!OYW{Ll_-VCH!C2j<%X>j_6spd6S3TVXYfe4Tu!P!6=i zY#5zHITD67uo2e7HrNCct>lN9F!BwyC$zx^m<`*Y2Sz88A7;XOm;;+&HEfZ3!B)bJ zDU|aj{x-^ic9;#Tp$FE%8rTf$VPY!fz#P~Lt6}5;{Gbgsz--tIJtQWyf(@`0Hp9rbsh^$vFb8HsH}t?- zSOXiOo%uzdN;!n9VH2!_t&$ES-=UnTlmjziHgrP|tb{eN8P>xV*aQ=&kssP&WD|bS z2Ag3vG*2f#%z-t~4eMbwY=U*L6*j`iKa&sIU>nSa<{7PCC-u(Bpd7-Lum;w`de{i7 zNw1wnd4zLjQ=a(2$anFBHrN2OVI%ZF`|0E-Un8s`+$>?(0-Ip;9Lj+?F!C>y18uMY zX2VA4fo-rx;^(${o28y-P!8c{*aXd)lmqQB@;%low82W44cq3odP9FpJ6K40gmYjG zjLxDQXopR(61Kux82LW)gEnYBlX9RPdSDK$fpxGRw!kK6K8yS?8buHum(26dKkT!{4f!=LN|tQ2og3YiMw!z51v3%!{A11EDyB7I+zU`p$9g@8kl);t2cTu_f4>#a0_gL z(aT%C8N|C`E8$8Qd5H3$4K~7TXm(Q`%!D=24eMbwY=X7071lvFH=+hi=#;>9AGOVdR(O zhc(ovvW#*F*TQUxhaOnBigcK`nsQ(cY=X_OfqeE$DUWa_jBLRl+F%RJhUUvC2S&ph z*a+)kVkPCkOxOzDF!C$v2W_wxX2VA4fi18GnlC3mjD}6n4qKrcMt)6xc#wLT*H8{& zJIsce&^(0eHs~Q-2WwyhtcT6eMtbEHT#v(?D#|Cm61Ku>82JtLfi@U@CFR0I=z*EA z23Es*iC;^8*aBN&-Bn!IQ*QJ+uDfMEF!C_*&;}b}Hf(_&*amB0^wpFH?XU@E!d93A zBflj-v_bPVFE%4Vz#iY=w!}lK(r(gEr`f*{~XVU>mHF^y|nkVb}!C z>&XwJVdN3!2W`*|vtcc4lI6UfawHwrz#P~n>-7e%?}u`~2{U13HGVMhM&=`aunAVe zR@eX|TiHI)23ue@tiFlsYw}g!Mt;JLum+lIClo1v5V#0RXhwn8_IJj(Jw8*GHx(EKp@VKl6Pc32N{U=yr`t*{P8{=od84Msmg zerSgtm;-BI9jur1N68N>VXMT$$REiMZLkey!x#*aXf0A7S?bXURF|kAE`L5|={I2nsz?gxXmyC^GWCYf6$=l_0Yj_EV|`kx-J z*X}z{eV*t0T&m9L(>*=Or;KOJ$<}%~&5X0mInO>9*>ai5r;TUIJ?wDuQqLc!Sut_n z(q(nDJDg{ii>$fKK3AE1MnC;a?g`g9d71j3RgWFcGUq(ITx5^Sq5U~^7=7M&rkorY z$7vRvWyyK=xyY8wjJ{wz6YgQg$xXh#ahhGuGWw#=Y1UbBUc1l5aQ#c_FySgQ?qSKv zfSV zzOGKlxraSYZc(4pjQ>L&rkrPoi_E#qnyc({591Z%C)DLMbI!8lJZmnp&t znQ-!Q=HoO=&NBX{@l3cFaxSyrD!bn@-hPU2Q@h8>_TSbr{tem_%}U9PgnJ?wMRpAU3@uAct=pmxhy#=lUP2^ZO8N5A}6Ubmrt z-`7XBtXTfq*Bd6k@pb0<*6~|khnaGQIpS;xgbf3Us8`#0mg&XXk#r5~dQ$giS4;}i9By=22aJFZ7p*Z-#OFLM^xxOh;oWEq?^ zj@31dV|*=jZ{|F&Z5$hBjIU!ndn_1T&$w_sHjW)8H+TK|`m=ijbxzT~q3cYTv0~2p z#_F(h6YF3)r5+0|JizsvsvFvjZlOODMmN`Ao}8+lc9$jd+c`hii#r;p9pA;cTU!6! zv>B)R-^%mAoL#p1*Y~mx?Us>qOHb2}J?5-guwlvQbp4!D!i*V9`|pSA_T4gPdT-;H zvt*AoYc|a8qhDAz3l^+dGO^y4Sy=aseoR@g!;)Rr>@l+biV6E65BuTN1NFbJe%d)3 z_82AB!GsMnM)#xsUCy)5-1YSS7Y};cC5zDS0qQej&72LpjBc$y6PCD*|KKzVEq|$@V^_VhahdH}kHa>c|I@$?KW~`aBVf+Yn?qEC<=FHe- z&Un`Nkh5gQnjJPQ7)@Ir6ZV-gdZh8}uwcoOHTz+|k5WfFWy6XS57s_Yy*nDmL_2v5 zwOeLP9;+@>7NH+YR;<})!{~A9+(~~X>@Z`&oD~c9Su*Pw&zublMt9bJyzwlUF@A#a z%vi9?l0DXJ*f4sc@psXW33F!bF=xqweU@xlGdjz7CXDWCJQH@AvB#Vx3-+I6JfkNY z&*CY*&N#RJoI2VKqr2(bl%UxH$WTIU$W5b-uv(;hFJ^EEIP*1yM&Ca}fq0Q)C&f$d@58_O{ zbJWvrnK6FJ#e=W-OVrV!@UrmN~{#mCfR_HoxAuI?v1H^%k2!0J=xalK*5^wSJE zSA(BX_YuzFv-ZJ?t?TjUjnnS1V2>sHtQmj7ydh^aD`&z!Gsa&uo?RA9zvTLM`~0fU zEiAt7^9r+X_*}vCTk3`Wj2`Lw_q4>S+iurn$ym)_?7Wn zU1!2RGp2oY*kQpgOZHf^V#9`s`y2n-IOfdRV;QdhMt`PE+}|FvaKBkF`K_Ee8y1Y* zw~|xNxA!M?oO{JO+^0XQ6V97Cdn_3LML%Y&L(YZ;Bj?|3%*#G=wk(+a)i~yCSTTCE z^>NO9%>LJW+7&bQnTMPO@Z`_oFxlJ2aIRJni(7B zj2>_NLE~94W1o3wx5l%_k`-$zXU&!knKFKj*AE-*9-}84&xAEIMwh!}Fr#0|JX~kN zhGoc)SC26pri`9q-Aq_8V~;s27OYvaAFjW~xu2kpcFKl1qdD_jUL8hPP=^U~_E@lH z$?S^8v&$yrjJz*bOjusYc-G9r`!x&3k?~B}Fk|#I^D|+=j6LS8Sg_BM4QobMHl8t~ zryI|N6&LNVxQ05~JyzQNN%gcF7L2Z`9uwBgudNw?@yr=5 zI9F!c$xYM=*IBS&$sTKFQ|ho}^c>@uuwlmNrp7a7!Hgwy)-2et$LP8C!-NepMmM`; zFl{{r^N_P(&5rBQ&DGORSTkkAmeDr-Pq}2UpkHzeb+rp-;W~5nS+Hfv=$7g*W5bfs z^UTMD4Kqf!GM)(wW-QrZ&6*A4#Q5i17ZWzj*fM8yYvY-)WX76ZHY~&Su>RYq^8z^& z=FHe*&WZ&au7>lv?InYj`KiXcUb1G(hVkvxo3~yjY&rE>?c1xX-DS=m3zjU|xq~{) z*|5vZxR%iit#evE7R*>NXU&2QOSY^T-BBGTj9z4aOxWeTy2+i?3D=o3XAyFiELpS9 zhApEPt9xg47&BwSo_by8+9eCtEZN>gozU;D>afG;9Chz@$zUa{BUMj3WyY2{<9n#X z4oh}fv&V)FqnGG+Pve;~W5Jv?3pOm-vSxBGkU`5<7fE# z!IBf|#Lx6PVvjSdILFSjjAx%qjB?|cuxsAtdB&e>p646Sj5F+VjwKh^aw+65Fh6sy zg`5-CU2}>JXBf>J&zKABaEV>6vB!xw8pql?k{24UU2rB`=Nua@u;miV7nz^Yi`8Mm zi8omnrU3jAzV=!u~nMoHH!AC)}r(s1tH7Fk}2qIhV9cuCU@7 zYfijbzn7|`U-mN36-!RJUUM;w@5;54m#fc)mFvA%m`A(wO7*mBE`^*cY{PY?+s*S9 z>*W*+&amVhD@O0KzgMZJopOmCuCU8B_BioY<2c3W)#@PTNoSb?StiE3CK{`f=jz z>bzbZ7Mx+jId;!ghdnN_<_e=X7|)awUSAzfvCA12?3lO5_}%)y&Fe-xXD?i5#pvz& z%d_`;ooZKX*=O#0e!lmKe|BCU@cPznI3LHW^Hvfh6(|Cg;-JO3KBdz{sdYW1|E?^{2MA38VJ;~%N7-Lhoz zWA)knsru~vOx^dX&xF~}-7n*kU#X|vGH3cbby)r0czO9J^|ZTx@wyH3>{2iEXVf$Q zZujqe=N|1H~-X5>6- zCgGfzGrorYVSP-(Jj_CU7OXOK-{s*n|6zgQgob@e?XTu__$(DhUI`uontv(hear=NCo z`@MrT?f9){k@&ah#rf9F1X{k=u!#yQvHnZ1KnyWm3T$0a8BRhJpp z*x|&#sn01EoMFj1_PM~8OHA%(JUg8Ff}CsG(f!r=hw-F1f~<6CYEbQ|vuh9afwR*SWx! zOCisU4>{LZbK>LX;S{5X7|)b*>~Mhvm)PeDlZP75j4RgF<3y=0r`un4eQDIKz^2>~n$9tno~_!VXjObRVORcEySR zXaAgH@3HEz@ffb8z{YmO-7hKj(=G52ju&>>Jn)+ef)7Af^a}0jT{XN_3 zkJU5H=X#$rjGwjF-+xu_+2#w^xxki7A%BkgOxe}1{Nu;v{5 zTnPE|^k;`FEV;&-6aVgc;1r|h8_$Gu>~MiSF0tYYTdpyBf$^WxpHs{@!-8|{ae*b5 z7|k2cglo(=@oD`y#ps2`Gv{2m&IOiSV#5_?FEXAvCzj2}DfT$SmUE0=Y&oMUv3@l3eHlq>9TjWs7eYaFK-zr=VZoMXlXcDclowfmO5RGpA> zjX5X6`!1(garVo6nfHgvyf1hEwL7o(eyv@c>-l5DY1flC?)CSh)#0S;C8t?)HuU2v z<2UKYl#|BgTw?oX>tS`C^@MtFv!1WWImMPU?7Z9iE{pf*&***Xv3tI+2VXVs2dtOL zlDaHD>g&c1bw8#K(@$6rd!O=khV`edi`i$*_ch}xUzgbXvU6j;!#lXZ);@o4SN-em8%%whH`+HSnBREcV2PcZ?(_F>^_$-3@7v1nxX<6iwGT$$ zb)6YIciK1Tx!&b6D;BP2ciuOsS##C(h7FUu82>%z&naeH{Dbu|)o$)?JmY)p8}!*S zs_pBZ=3{a%^D*Ztqtn#+zVYm^tMqrCJ%NVtXNrZlkFSC7h1nGO1c~)Fxd6xAvezNoUDW76ptXQ%$XFPkH{+aqu_1v*$#XeWreVX?{1ooCz6FOB1zbLc$R{P7kmU+j4{Z+4D#{@Oa3 zvv`SqtXMODsr~#${g+uMqptM@Uv9tbGybh}e}#21ex-8@Zr?XpVTaKl)p?cmu=^V4 zz}{=EgW2oN|6kU9uKlolqjBsM#{IW>-r`(Xz16(T-?neC#^fE&?|^#}~jPv}9{+~6EaV_a)4l@>$C5~Clh!<1_wXJuUHC(ieZn>QstRri3L)9i4TUCzjx zpQ)?eva8+xTz&267tTpL`=xopIQF$Wzfxa2XLKe1Ue&&H(5{(k*S~fi+I{BQ{ogp3 zgVxKQcJo{7(Qa95w>zy%JNljHT08o^^U{u)MEM*^?_^X=t@6L_+ zF7vUw+xl7Tv2J!Qw%!wYiG4HMs}9qB&c`}>Y_y~O`fJCWZ0(B)GtMyQ9D7^{`2q7^ z&AA=4Z>E>pXXww>(4Tu)a9Q47rtYQAb6`I0Xw&{dq8&57y7e8me=wt+GtG`^Q>4y^?ilXKb~zXurRo=Xql?X}wprzTj1?*Y$#hc63$a z*+0?vYs#;--@jkM>*ebE2a8OuVI6EH<=1kbuB8t1Ya7qbN&5#Y>|MutuI;{G*ZNss z&$`)*tv7gm`(|+ibxv~MZ>SFYoVT8a1zRpLKG}INWuG})Hk=+fha2f{e92kuiaGn? zI$JJ>d2V7|*RhYA>c{eC>a%mo{=pvhZ{a>(SNm4>%YL$duol|4G0*k1Z@Yi6z|QTQ zQ)u6Q|6np!ciQ^d-qHPKb7%L5*3pOkn9j6YbZeZML&X>*U?h`xrvHlyXd*A*3{*v+c zQ;*I4ozuzk2RbL#4{}aSGwWmZ5bL>-_8HED^;YW-?T6d%jXe*u>al*LeKLKt=gvC1 zTn+6rt?MS%&CK=UG0t5(daQkE$6RE>k||f%VV_;L>@nVK9;WO(&i>RX9Y1Y9$^Wf9e#l>G94p3`H}7`m&Wbr(7R+8{9D7_1*V!_CwQ;@<7Mx+9 zb4*|3{@&C$&M@a3D|W;61Zcw3%(`A`eZR6V?UHNS=}xZ~?TiaA zQ*X_Bv}-0^`Jc=ia;|FEe>MK)+Pj=r=(oo?zQTN$SobZ=x8HN1T^y7%xl~=(i%kax z$t$gY^MOH^(Zm72H?9BW4h*W0AFs{qgad=gTUsZR?bdmv1A_(ju6$t7XK~d7gXvc} zm#ZD{`>NJ^P5tyQuXSKB!~EI@25YXj@qt15YV8{x7%Z}TlLLb$v~Q~4Yn;=~4-9(D zZ*^d>hi&5eg8OkB*V#YSb=J2(;P+&#_s$0fORUlZgO`nkqG#5nDinRb8Hxo9Vkw2sh^Numzt z7(dE7nRAsDqg(5LrtxgJ$n-G>{Jk^h#);b)&xFzA4)}Xz#y#G?-(cP+n=f2{ih4}B zhhd)+r=6SmF*RHvw-JWfncJ>VCtliz_oI=j&Q;mO~`IvKw75j{y?|$FT zIWc4N0(Du=tH+kn?bUsu`B^Y$^CIWS`X%Ojlli*l(@tM*zB_ncI8&&*{lK839lgqV zu+Kgl?qSPl+WKC7U@*m$DLb5H&YWE?uwaipF0*9Kifin%Wy{Gss{0z}&4e>d*mQ>~rEy_OW1{jF~dwEK}ypxWEp3>~fhs)~vY3h7)(TPR5L0>)aSK zW5PM6?6SiiyR6t_pA}oyoV<&5GGW6Rw(Kx^o&7T5A~P;C=PC>CVUN*WohzqUF=fqJ z_L;L~!T9x_1E#FmVZ)pgce7r`EI7>`GnSlV%>_1GVs!3-!3q zy*=jDuGnMEWj0)8ez9}Ar*(6h(IwWwggH|#u)`(htXQzm9`~?fYrcB&;9&OM_ILe* z{{8E6*1;Pb98A84H#|7#1W%R+Z*TUYeoWbY^1;CzOD?d_RsHg(sLMX%4>hUB<2WO)o~k~hr#UaC zPdCp8od;*xveiF6TR-iBtBjwi{%PuPmhrRfKeQSBtLGy(uXglobwkcRQ_jfK=Qs}* zTw?NE>y~#odAjRd4gH?y9G293zW%`%92_jOn0K!FRh(tRHP`zuay}n&{T%CYz0XBv zFR>1mTw~{@2M1I4wm;6X_cH4UZLYA>)i1Oe-$(o9>at=dv|phvbCxV$XmM3-IurUe#Uc#{kM9K*nOLIuztJyaDV+4&C8fMbN1NfGHb4} zW%K~+c&GlXxxmi5ynfkb!yYFdXkUz3bDDi-Y&gf3T}JP=FBY8rFyCWd?fAXs4cB|d zKgd4bZ$1|1n~%{4tpCCKF=6yU=fsRX=B!w=Vdq26BeO2fviyj14s9;6X2m{N*|K5w zar=0P@tkItv+Q$$X=%O8ShK@5=4@GT@}bU!2`grd{-1MT@k!^vh9#3v8PAk0GftkN zE)#Y+!*bdEV#Njaxy0nN_Q8S;dz{#+KVw#$W}g`w&av}3=f;|=A!ieEPCU$cFlPLD zQ_guD?6AjqmMlVh#eHDK6?VR1JkxJ_ejceV zQ+7DZoH<)AF#eWxu;NPa+t$yTlaI15CTuvv?su$%JdP&i&uCxhij%YG=Q*55|Acj|KP0Yfe5vJvOfAYn~hJ{vTcch;jer9JH(d zR!2MeA9b`le|E0gHH$F5p?3aP>(Xwxtljxv=cL_dKeYemyg#bVgq@4*E40}S?Z11j zLYsAH@3PL&X8bYdwcC0a?Xg~UV|KOc1NO`2GIc+0-0`j7H?z+xwu6Z$>VMUCFw5-Z zcF=ddzIi)X(vDAQ2a~07w`~U*vpctg71z65(2nob4k}h$bG^E6J7|LsZU>F)-K-tN zpD>=2XPNgQ>S)(nsU1D49rUz|$LP=GDeYj{_44f2?~j@9`NlsMF=Ni01q=4L#EL7d*=NI+(TmML zrw&u5oMpzG9WF3uk6kXaV9g%aSh8is$)}o!3HzL3!wy@{Gdjom7;}j!SJ>eibGGbq z@@eK{!X9T>vcrn=tXZ(nB{rwJyzx&19zFB>i~eXah?xyI~u&g0qk_j+}i zo@+d_HyHmMzR`IH-((!)!nr(GJ-j(F&;I%5`K11wzd-#D zxX;=hPHN{&*ySQC&ah^OeJ-~GhxaZX6&%TdFCwG~WPP z8#atSrQW})$CNYda*h=jShL4yNgZbFvtS!?#-Emd$n(RD9Tx1e$3>PbS#gCm`)t^< z<>azDAGRLGoMFm2X6%OR|7JZ*xEylUA?F%9Y}sY}8S^t`#SZ)IvSp9)N9>C!`|Pk~ zm+@zfXUdYZteCUr0{iT-_^5S+>s({}F?HDGG}J->le6x>~V?p zzq?<-PpK2~Ppk6<`((oUv+6MVobwIWS+e(e{k~`)U$9>0Us5l$E3daN**8<>U$)Ll ze|EG>Mqjoc&TBU;LVqqX`igU6%vC0Am~uj$mea;3UsYc_Wk);btag_<3ofw79!oB> zV$C|_VI3i76LLm7w7+5>tl15^Ua?`#3D?uFX|v!oOJ=MXeO3N->tpmE=3&OU(4R}8 zz2drdhpXBZ+u%2h+hKp-v=3%nWX>vF|F(WCeqjEu>3^Yl*)V7NBkO19$L{ynW2Kk)MLuY?^qubb~wW>=UA}I{J*U$T<045ocOLf|6@L;Oxa^6T>q2#*ku{6 zvu4GG@2UG|&l@{`@tm>O*jKInSL2!fujhuv-|Q<~zeqphb54ZuOup~j{%(Hlgegc78Y+;Nuaw|px<7IK+LsRI7@uT4%&ub`yVo`Dr`CBrb=i;A zWpo2M(;LcvWIvV z>fc6Pwp?a)TREdsFC9$%N?p#fyq)pPZ|^)7Xvka|1SeXw<~$gG16S6M&A zxZkONhJ7&JYX58=W_`c6?uQ%4{1Mi{K3CYARre3-KGHgwK1$AtHRDHLI%wHtvSu7R zOdoUUpk(woIZLL0bp7#{4hptUxOC8G{Y2ybOMaI6%${Uicut>vso!@s4=d)+QHSxX ztn0tc^ET`LAN3ZkhZR>s`(3X8NxyeHA7)$#?e|zOE4J*s*SvqW4tCi4C+lMRKJzjD z=Sv6CU-W0n&c9d>TbAs--};%JuU}&xPO-z3IcM2r&g28?GUX~WHtcZXulj$`{@G=R z(Z9KVgDrmUW-6hWqzO2b=EA8yKE3$V%+A- z{GO(HCN3K+v2(f0{QLK<=lIJ8Q+w_6gv$nVtgm#Lf4{zUM3)WL7++bw&vnkRdllmu zU;Q%w-hAUYwO_q!$l2#2i^@nK3Wm9=C>tb}8`^lJ#Ojt5I{W8DDy^iOpO5_p9`0$&3}}!u5x!AFgxmWaG}TAMKodW)Ht?5N~mv(<~lgKkTt!JL|j| zJ<@$*pOX_?HZ@GxKFYorJ=!>CXSz@9ux9=k^)F{!$NgmU1nXh`MDsH~OMbj_;51V% zTW9`E`_S&Q%Z7_Ao@L)ma_cz3zBt3|*`5>DTxR|p=g;W5>Rw(y&NJO6XU3Whqbt}4 zr&v7CIkCqsOD?keeESbMTUIZy|0|l0Gb~Vr`g$?_xUT$5H`kV^B!n)XJm)-5okp)*6y~;dnUt_;l)?RRaY}jSX#c=(##xdp! zOHN$He2iJV&N%is$L<@9W66>gSHkr-nvVset6CSQ*}Ta(w(PPjjAO+WcHe9q>pUlUYd)RrO^-ju}vHJo2SbWI- zn0#2hYwG_|=fTd$teXw@u=jD}uVw$GeX`F*mY>j%75nV|KlkI>>T-%brYt$j=#$Qe z?Y}$c(EgNjX7*|OI?23Dm@RugLz@fivd12mS+QpG8LtPnoV<>DpEaHZJ4`-jT)6&u z{TXvDw7;PLb+wtWV$PZi?6b#)%Z$Hd922&znO;xMS*Bk$j(skN>#T!c@w~*=$7#l2 zb^ffr=6PfJb>|n_?6c4AjkH&cXZa21A96-Mr={OCFEd6r)}IOEZ>h_SIlC;_`?hmt z^&R&)_+8^~!tcphbBTRcOls>0*V(f3ef_6AH=Jdc^Q^eYmdlKPV7(#d;?2}!qaFQF zUG19DO`Qj)7+t6?)BiL-vmefqBVa-+jqhB~5?Ut=}_m}RIcJeFhIz@lB+C664 zC6im}&pGX^?>=a!zi~b+xfa^L^*kh=PcDRU%(PoBX-7M)H;m^RyPUAjic{>ftAF-8 z>*3_4!~Z+(r4Qe9+&L#6cfII@%b$1L2`7f@vH#oo_FaQp4*LZD|NC#+G$jlDx4&%H z;M6PlhpU`;zpI?|psQZ##h2f{>0Z~p`z`M*D{d^}jZ`yRO`!h3|zj8gFl7C))v(fxX>-miQ+w$9w z=FeWw=j8t*zsYF+g!OzuzE6I}XukPDhdP93a7lj3yLSz)GMYbdef*02B>A}UYw`!k zZ!22#!e)G}sPhKBCBR|{t>y74*TF>W(`MC8j4C{{@zckFp zjbD+6{f%4y+AzP#==w&^e`4bB{tmqt{Nwd|#`^lFhWW!s$8Ubfp$_5x%*fwk{#$y^ zjyzvmZhBnk5b`g&&Qnn^YSN;*5Ca2Bj>juzx;d0uWw0yl6>s`hxxemt;tU@ ze%$MG;&{)GeBAgc`I++Tj;{Za>*q5w%&#+=&#vcl!+hNO7mkrH4fCsw*3Z`KuN-6i z+AtsY`k6T4@czfGZ)%v28$Tnz%LeynZkUf7zaS6yXYAL%VSeW5{x?73$n&!z|GDvF zU;o2A9UcGT_4AwXb$Z_h>z_JCJ~Pb6?JrDw+)KA+hdz;<;Ir2QH*Gomx#aNYj4Am8 z-n47*Veiuu^AF#;{vPtq%~pAObo_~j-bXV1wtF2tgA?bC^wSRSGqrVWw~rV4=OZ;X zZ#!~Mjr_FZcMl$MRQ}K-dE|4>cKL~;`GeQbDUolJkGoIVFu&L6_?NDa&*f*GuzPUz z(fsh+=%Mu&@(bnT>X*mJ>tp22G4jY8=tlD=$H=o|F#N3*|GT`N-$2LcZw=D)gSl#Hu7y7 z)Q_UWd3c?zzkcq2q<$hl-}rIopUHQ~Z!tQ4?$GeV`np+<(S+?*F6L_m>RwxzT*{6OYWF$uHbs{(P99G&=t9m$Ad|f5Uv-=d@CO-XC@i z?tIke%-bLNoLS4m^EYrvtC5HE8}~Ul^5E>WzBe58 zd@US#z7qM?zw8>^V6^^Y*3Ty!<_{XpHy{2+Cft);zTNl-9+l6m?_YkA=V#pdOZj=m zZ#`=K;SVUGel6dzLEeP=@*f;E{yRtJkGwIS-}pYm=ddHM|1H-FpTQ2DUlQ{F-8J~{ zqsIUK$oNdY?QhQSsC?l_p38U2&pj%C&5^v2Z@p;O;I&8P+mGa>e8&cPEkE_|)iW0#+Ijn4n9L(?DLzkG-ME=N5dcR2EVWb&Q6cMa|^I{rE9<8%3@J>&C2 ze)0x+DL-w4yq2FOAGiKSzHNi?kskn@w?UrBFW4Z@EiL{Q_4@? zAg|@8$;a+rzIB7~kvG0=8{~=nybbb9e!&Lw=kgsJj4$LnH^@u*rc1`3Pc1)LK6d}| zQ#TkNd1K$YL7vFBZIEa3^EQ}2m!H4E_(Hy8gS?dQ+#s*zoAz$7fBA{>JLq=g{cYs+ z8C~1?Y>+4NtsCT-eA@=|=kn7gb`MS-o&Ry`?+?W=ztd>`y!E`4pM1I9{(JNO_m7{` zJ$F5?!+80)uRo1^oBZLU<41mu7x`dzf&7%w{3+}86ZsDLQJ*hHKEGwh$n#-7?&lQ6 zFu(uk{G0E6XaQl)Qht&7eH*jB|NE`4ua@tWkNbSy$T#`^ecb*cKfpRs?vJ_F>u+>W0^O5u4y#DipOn#Pp|55p#BkRxQ;q%p7kNW!Y#v@-p3i+v58UOuB zIn2jBAGLhz2IHG!c+-^kDTGx;|2-*Pm6>iYf3<=Zz{Uop(be*Tf4 zx54=O79&4-@N|)aVEdO`0(?rBhSa-Z;uW= zKe>E|+{f_s{O})h9LkH~_?wRAXRV)KIUGMbnr}Y*gZe|C|Kyvlx_j*B(`J~D`~D+R zXH!{302HkBbi zarfYMqj|o5KDB(O{ANeJzHW5n_0`BPy4v`kFGSZroR9nYOd{WQ_3`V=(AH7&*7V4KJNZRzOlK;{HKkMAN~1<{KU!K zV?SSH@{>2nbNQ)qKZaXh-^icy6!P=s!pTkEdAD(~g{*RGo!+hNQxjd|YTwcg`$j6;eDL>Wy8~1$F^3&wwo{vVp zT|Vylh;HQT%LdO!A`j!ooliE*$E`n?Z`+`LAwNq#?*5d+eBAu?Fn`b{|NF=1!;zmq zH1du17kOh3`+LYyUVHrcmcxA9>#LTZcHIqr z{x{5@e$@UB|9~odeTlrWo@e~num8i`F|MC)XZ`C>CO_YJKW13ZNB(>#ALhwu{`B?n zh5Q2JPan+>|9I}u=YvwdQ+~72{7LKMYxza;anDCH%*U-S^1)^M^>z=&ef~(~=gG(Y z{5q4LFUR`+M?e1vE|7n7G~fKSLmLR^U&zmj$Ja0A+vMY3AN4S|&Gq?5e$Szi?=XJs z>)*yN+@O9k%*UN?Hq7rbI{ypS?@unjNd2+zfAXF3aql1Hu>QF7ujS`me}m6|!+hNN zMINj$eq5dm^Ks{!$6)1@dv{R}AxU=Ti>rj~ibP^Ks)FdD!2$Jn~@dkdJ#l z62XNVtUnv(0kZ-@i`1@B5^Ktj5K1SXQ^Ktht@`d$0^N(9!B0pa~?)$#~M)TpH zFMI3T6h2?VPe&IvF`n-GeJLz@1244yN@{xHD{Vu_Jzu1Fv znm=!PN9dQ1)_dJi^=9-t`}Mm9Tej%8eWc!&=BRz-`fdC3u0yZiiEN}^_!>BJ-xl>d z<&C=r_Y3Dzj@G-&QS~bQ&M$TiPB>1#YNX%h{YMIh^IOyJ+&2&VT{ym9r1J%D@q2!k zQ*Ujg-`lUvqvF`h9z}-*t~#-)gA$&0T|6g!Szl z?YHfy^|kt)|Lt9acZGQ`8tr%PQS(k&|GEBLZHMV6IwSXObNJ!!`tuS#U!3RX%P$G@ z&X4rlG9TtO`ta{l&FlB`%XSUE5b6~p{WgF6sCqs9wjOu*^XA0)BmL%&bUXCiuY~pa zxpnxt(8L8J{Wgam?yaw{(eFgRe{-ncj`95_eI4HC=cNAg8=EFB9O<{^qv2;YNA5?e z-==8y;2MXXgGZ0tx62)M&U2yOm3JTdbJ2--q~D?6L0?~A_?0ZN7e1t} z_gmKQOh3oDYv`Ab^b0?0I^6B>`=5T>{Jdl-^vg#2ZGQKWjvj$c6TTpw;`^R^gn#ag z^!q>Wr-^UXGKKGN_1)SK1sT;C@hs@EOqH&QQrz3Sgqz3Ytsez=uif63>B2L{e;!QbVSHzF{N}^IFcQXhBkSAT9vNTB!}_qEkNkOUUvQSsYkwNeH?JKT-^zCw@9k@S{K)qUu^%*s z`lpTNBR>yI<>#O5`<>DCZMk81h7X-zXE^?9qvJ<@Z?!wj$9+H63;8L#$NpY!CEqE( z{b>D>pU3y*n{F|Fd@DaM**$pr==jY~K5{;>!rQiv|GbwD^Kt9%4D-hxRsZl0)DPW% z`335Se?D@5M}FU^H_T5S%}4&ctQzJo9L-05-?J}2@nPeCUewBWPLKcdoH+bJq4DE> z9+1kn-f8z>-1qYx`A+-0`{?>ce&4M-tUvDc*OQ-Y{;Q3SA9;SNVLtBjcz>9uqvKzE z==L6ZK3n-|>fd-YANhTm*bf@F%E$dYEtQ`qA6LI4zhHyi6WE9zOo(DV6-h zyN^HLzWhAn$9=!i4#!Vi&OHD4dD)gh_*#GX{m+frX8gGKhg80OgS;aT^N;&^Kv#aj z2J7n$^IMMIpOHULtK>V3_vK)H{fA$^ht}VhU${Zu%6H078y!FL{uYNH=zk+i`=m5+OURq~6}pF67l;U74K z`TO$I?lu1YweoGJ?H-(e)cg1Qj=X=zcRqYR%nBQ}B{+F!3zB=-7e&b%BUHJ}q z_+yD9&)>-Jll6vq_m$!!D?fjO`xE;B81ivH4@u=`IiGR&uQSZY zJwM%HKJNSdo_y;D_qQ76VKJM#d{}_3DjQVl-!fpO>_0wbIonz$PVLtZxKgRg#7~}iL z7~c-_hmD^9=EEN_!s|Cqy?@&O*w?>&tNi{)jlcJi*H=frT|V~tALb{Hjvx7bjGp|& zM~#1ftK{3{NBz7!)bhXB|Mlf($xjLw{_*vF6m(Lf*k2}9~ zn2#IZk?%Bq?EZ)Oxca?eKCXTx-}Kn=>+2sQZ;z43r)^w69p*RC?a1qEv5&xaYek-)a1~`K#ghcN{hUTaL`%mv4RC_~)Y?=Hu$e_xAp8{J1=opDG`B z{+(ey?){-VtbeW1^^g2}A9}-l-1$`Uu)q6`j^BLR`u^qH<>P*zp_N}Czy9d>k=kt92|NVaFxuN(g_gUNf$Y1PR`U%G$to7CYSqeUk{&||K{vqQy z+s2jlqwYJ-!pG2Oo3+BP_Oizt-}CSZxE22jd>Vd^)>rpAcO19oH|emi@?wV7j`)jW53${Pi=hK=;#O~Z9ry(LX8M`f3b*zj67Xrb)&5dW|4()N>b)Zw_y+m~%_H9r z(l-k~a$xuKT(A7$t8lA*t~hSx-wwR>CHDHJ9Yx_*`%1t&;8y>df)Bzwb^6r)K?Xhy ze~9L~{lmxLR{xuK+{*tIXWv@C?KplxsC_>uXy5IZ6aP!?`kR1Hz|YqHU*r{^*FUA4 z{so$={ke?Oe`6^A@gV+Lc=yZg`jv-w)Zr`e);fF#-T=>O|016b>Rd=Y)CePgW7(?Um$w*AHIQotA4J)8(v}O-_9QT?N9ghAEx71 z`x6QHF!o=idBlGp*c<=hN8nceWgNHa_pIYXA^ZLU)=NKp1N)Z#isLb@?>{c!)z2Nr zt@hJCK>vdMl-5`0dkJ{QEA9ME!CT>MvsdcJb(Q*&fp^!@pLO;VT3?-Cj(-XG5xABADaWn;C$oqCtm9Vs386R#D9(E>b*?uT(s(bja|PJ@Qyk>1#g90{Zq#2a|~ChfBy8&YoD|5Ui2TO z`Dms6-{kK6kx+exH(#`v%%yXnd=T zuNio2+8$qL;T>?x|Gd+;+V_gnx5n2U`0{IQ`|WIuF2b$xF##Wbo!!5u9Jj{D415B8 ztNqS8ZjFz5$4N$|{;2VB1%3qkR{h(7FV=~_{W(5onxyPk=HChU2Kv34tNC>b-a2mA z&y3?%`Od-{(0{15f3>Rrd+4t?eKY+|-x}ZBSs0HI|EqNTYJ5+?7va|Uo^sr3pBcxk z@qHHF@OnG{@{U{M`-*;2rR|&L1_tr{KMH^fS)BHNMZn z2hq32_dI+V&N9AIKiz#-Z~TWh++_Q|1K&X3Dxdb}`TSnmzPf*raNN>QId0`&2EI!C zX8U*C($B*s{g(cU`}VE)6Yxdix5m#De6CLZXW-ND$LRdk;~)G;9iE3T z!yl#f)%dsq-+-Ixcibx9_A7jSGyU*Y>@$t3)W1mOd8rh<^$m9am4SD_E&W;eAiP`K zSNGfU@L~9cnydFot-#0N*7&jGxHW#Z(=kod(N8#TKSe`Mf;H{0>g!h7L4UA}64o`Y9}ZUUxr)yEAT~lTGNpVfX+j$8T}_;9`S!w2iw&pU4A&&nQr$8pQQ_F?*8;+n2$5N^#MSDbx|@4%h(<5vD=;B(l& zTLYi+{Q-4E8xeeanxcm4|>gIo4f@Co?qLi*QN${*hQ&N}rU-VL|L z-@L>Rf3&u*?$52jr{QM(cigQ1FTsEGKd$XZ4hQ}x;H|fvDlv_$@u%Ptzm>j><5v5f zb@na)^6+KsKUn9Vx_`0)Uxi!#?Z8{7?fTLFGM`)e33vngmVYVu#9!FMVKe^0>&-*u|= z8Lc1rWYB&x@C|rA#J>>mS@>|)F5f(S3~trW700de*>U{tI)3#&!SmPK_OSzBgj@O3{)+lM;kcE) z6kOtel=e^U&t>4taBKcD3vYdo?O)z;YkXXB+$x_P$6u}ei})9Gyz%dqlt1xvOsx9% z%KQEj@M-uRA^xGD{-)p^@3qIb47?R?<=-s40dAE~-f^pcUvc)$@`umWvEM%Gb1VN6 z@Ug$N>sJas0k`^>jN?z%`R8As^y|OGkA9ox>i&M-aV!5;;M3@TQ0qr#g7Vpcx882A zAKE$i>4sbNHvu1nTlQ1%Ww_;E20na;-G9%*r{VY3{;TJs^6-w2+5WA-SLf~W*@2IJ z!tS5jX&9{w_Wi7c@K4+0d&==AX#dsypbUKOZ|wFp3txtt^?wh(vIpOR_kPCiU)!%E ze?Dv1--P4V_?v>yp>Ori8Tcx^Mdy#YpD+twhFj~`JbVLgwVxGuYtF7;JMdn(mA~y{ zKDYYUgyUBGOzpulj$8fHEPN3EtooCOkHIbfRvfqHFFWvQ^sW4Fe+~Uto%~5SZpEK+ z+=@Q~pQ{u9EWDn7d1rq}*B`z9hc9B^>c4j!x8^tP*Zca<2-&ZkZzbRx*k>A{#z+5x zoQ$6-c<<-x)PMK{+$?|iG~6nmywiV_j$h3$R^W5!TlupCUxi!w(|&``t^7$iZuysj zFJs?q|M1q&+v%HyH^8m^+dRCZj{b_XpV0ZE_HTFK-RPU?Py5_TUji=iTly)-E&U9< zZu;Spe#?H|am)S+e4|eJ?l{gikgC7_3lOCKw%Q+fjXM6fvvIWwH_PAgRc&8AUy*{(;oo$K zSN0Dx@YXNd`-ije4!9M6-th~xeRaQl1>Rjpf5-9tT3?$zt1>s*`M7*Kkv8|{|a34?~sl^qV|8`ymvQ_#+P?ZehFSPD_O0~g;S=yHLi*1M);BBgMffj5d^O-ZV*ksw{q~!%54Y|w zB;XrgvGr5%Rd_BG|EGiaGh+X%_WEJg@h50~wSLIM=g_zEf5maD|Js2sqi^+}?Qg*U zIy?d2fIm$8r=AZ;!3V!)&%ZP93AnXCI_vnk+P*r!&pZA+%_Eib=@s}Q_AUJ#$75Pw zolm!Ce0{6_CE!P}pVInj|0xCEfLr<*_$oZE_0{?GEWBaS*3Ucp39YZ@H!JW~^m{Z{ z`r38dB@Mw zT%8}SIBxmBU?AtJ_pZ-c;$Q~4?prv zyZ>E*Z@{he?MVFJvdgdi&+GGq<5v1oaEaeqpJ(8$#6J{DU*-9>S@OV4YiT}ac|EntNgIV}8+_Il{-12W_5B;4z z^xNM|{(aj%e@(#0;FoCs)%cWx&%y7nxw=1_alA)!H9wh!FQWe!nydRWdC~uloj)s% zTlur&xLN+UQa`cJF{$dG`~~`cf@FTN{0+X3dLQq#ol@_iZTz}C!yLTFH_AABocADm z-|s%JRn^^L{zdgFBf)! z3)K6A?-}y%FmfZ`b@oo$_Lh+A_@0y7w&jZAA99b25^wX6iuYmBvV)S|_M7qV2X~fk zmvrxp^hmc-O|VgOc9n3C62`y0er! z3%NxtcZb|L3gV3;H~*76Oa0n39V~CsB!a|1Go+zIXS2 zlHMLA*Vq(F?*MYce1C3M@_9hZ-5Sd0G;;F|{<=GQNXbP$7K&Hq7aI}xzUdh)_r8$a zG317#?mgl2N-iCUdHXr*$TghheUqLv&5cT@sQzgj~~I{rCJvx3!#H_Ndrf5dVuGr{2>o`Lh2Y{_+0u2k%3!N69tb zJ6!(A$@lwlZGrMva^5q`m3Y(0ZQr~6zHud26|c-M{G#@8}!_XHUz_D&+#cI~Osi$rc&%gJ6`r9L;mh5Gl>Qzf>Y8ltOOPBy(N za&hE(Ugp~GhLWplzbUbY-222{LrT@FN`l3|L&&v_oGSg3$Te%Z&xhh&K(1rd^?w~& zP7W0+{uPiLL2gLwb!$1fyjGFhL2mIiuAl7Ha^Ze*|0Ltf^`}Zju{WsYei^bifL!+t zZd^E^<-+4a8o3eVz9jb2T5cg^Zx*?R^r_OvMDCE5lRH9{bR0u&?Z#83-$#*~R&tHM z361yb$Zhbv;`^n4IjrU08tPwSZ>2xDnfe?-Zc)p8=G|Pvgt*Y`cl;{bI8pg=f&HmNWSFc93T)19kkXwGg zYv&m)Cx^6^@;xl}Zg=f`O3Q`Y`4Vy)clh5&5uMd?r$Y9M$Tj_y%jY9Xt}36~88{{u zoV`UQ7YWJ$cMzdS6>gnkE74Bu%drcP-P_4^J5CRj<268{X_!F`{}f!(cZudQmE>=){Nb`6_`#5W zGl73gV*l^#_hGEV$KY1^HP28!b@aR7N8r|e(Exl7{w(c(r1JfAqwwWA`cv@5I{FLn z4fx}<{p&0FvjlHtzwE`K{CQ!JKkM+0@181sA;dou@aDfH{_olSKo`7qd3XCVUawE% zAMt+|`_ZK8j~c%wad-oclw%q@oqx}Jl^8dJdfxaY88f|d&ccuXz+{iOFF{eHc|{RSuLNWhnWbjtfa z!3zJ!KtBaP@=My2wtuCEy>wt*_o6-2MUDBlcet;{F9gFa7WhxMe@J2hYHle{!ny8|I5a{xz=2T+vUzaKpZo zbL!p1PdPtF%6VLu^F={9i`*gPnkc8|kg?IJkX#dSdG%7{7Le=y`Ki(|v6t6!pAGCu zy5qCV*YWG#{2utN?xiOkzgqK%KTwH&8a|KyM2O4e$S?OSeC^z#d9Irij{es}`uRY= z;Pjsz;{L^>cEXDA&h}!-I+uujkntXVuGUxgF5-LeB)tFM?R!UQ_)&PLwtubXzTf`g z+oa!$KLWVidxY$Jdzqg7H2nB)?R!gEc+&>wh9Ui~z`q>4^FQtU zEx>2svcFwP--UsG5k7xs)qG67w>x$_@tzhg|MDRIB7742Jz8I#JH_V6 zAGlRN|(;3v*5mY%BhBNqk!6@}lwXy#vxiY5HM zTHl{0d-2EN$Fct(nn!*W*iXWbqW>qF%MlcRd*u(GxqGp6YlMKn|679m&%&Epily&_ z_%{QdgO6k1N?!p!Unl;et@OnmxBO4SkJquEh98An`I~jzia+PL zReuZc@dp&m{ko##R{XJ#`}$V?#Ni{@x9V@w>0AD#;gjfF>B~B9#h-KbEna|&e-;cD{`HW)+W&yh?=PDByhZp? zxK)0!Px<;*{f;|+MJRrMg72jtzJ`5EKkc|xK3VuS`d0hSId0XT0=(%VMf1JkMR*(B zia+*g@*i%^FXN7ngwpSC;CShWkE3t(KWWFU_LX&fHDtfCzRbaU9$GZ-l@=VI4(V5( zJ1oNI(SNw+>KrFV$8;2KwZAz0INVBK((!(6U!60h;oEievyS&_eZBsLw_Q*t{f>8P zeYL+f-~N8h)pLgm{5bYgT3BOuK=a| z((n^?;?Kg5!>#e)J!u`Dms6#oeDb2AdCwsU@4VQa-=~FNYWGiB$F2T52S0jQ(R^;I0AGV!^|!bOkA1PeejGm3 zZ?6xM@X5>V`AORGOLY0DdmdT%QS{CJ555hz>PG>-2Dj>W5#IE)qWRva*q10DxaD6Q zJ_NV&H|e<5KcyXS)9HV1rF~`h;5o;w_FaIF;NKIpeLeoeC*hWVu`m0)N9(Keu{eAl zeJlTy@R>UKlXl#SKkK*^e-3`MPW%OUJ^zZ%{_}MD)O!PBdB!K~pR2h(|8_j4xfE@F93Aq<=-wKjz>waI^g3^Kh$tica6^-(z1Pf6*Tb#qU?p zcEaNDZMc;`Nyn}HNjq-&mxZrkKNX5!r61loV5hGDZ-bljA9zn4{n%H1`w1Ptp8vr6 z(KplYxRt&%T;jL%vyNN(Ie6Xl!zKNe{i5TR{n*#2pLO)(j$8ASBzy>ctA9*8Zmqww z@DcPa|8jfSFF4+<%kPzy{c0Zza8HCFk9Bu9Qaxx$ZXhxuxD8QgT(#YaK>zp7UDSuZzwoIoWgb&3XB< zgxoaeJ~FOE=apR5^I9^$=x2ZY7LhxuOZ#Zgb03*~@@Jim+;Jt>_~f(8F^gOu za%=1-y;s`DnwEQWqm~;*Zn>-IKUWjIx>64s!_U>o{9^o(MgRGhb}bivz9o-b$D@n> zb2V`-7k;khByzHz^YU*%$yMcFGvn?wa^7<_DJ56+TumIgk)EReTuoZbg`cZQAvgTQ zqTep3lw8&G8HbSDMy^5X!K{`GKUcGW+{9D;ds)#VTCUQ5+bNIuH!0t@+2d={aghz~ zclgs6|NP%^bN=hNbv~1WkJpL6um>+XesArcS|7*0<=eOXk2`+8)>rp~lJLpr(2nW% zgY-AvD1E-4e)tgnTl2%L&|So$sHS+W1?%Kb06luwWLPpw~y@DaE*|A-y; z({Ifm;_ylIt@}Gk_ze8XI)3$D?=<`<{9Mh|`XVdwzuo3J$1VQ~@JaMvsO_u$mm>T) z{7*Dj_tRp3=X1-yxZ_s+NIKr3?O!RS@9*!V9q-g!olj)pM=9TfntRW>`uaKH`2R4? z)&6k7+3(Zbf9;`H|BCQ!^sV!=*tbbP@jozvf%5&V#`fU;T^zoK{%f^;^}R4jc>k2W zzD~nuhKePo;T8LlFM1gyd76dyyr5`4ua$#0VSgy3Us<0OT>Jweepz6@D15kBdW7a9 zmGX&whxUp6$7=qX3Xj8k(6{n8xrcrlK8}5>eq|lMpN?PMzs|u&t|^w5G>?2MNM8Zo zcC9}i1?8vC--_`019kTQFnk>TXl-A;7cCB7gIoJcNqEysY@UX9*5O%re;uBKkH9Ve z3h+s|x&DRE!_EDV?~*=vPN!d;KgES-i={Tr{p#nnucYHv`$)t4uea-07Cr+1Tjo1K z`86)eT*tGYgEzgWSdzI>z}5L=LE?YC-9HrJ+xTzwpRw=x_HWSk)&1-^e1!NPsJVI$ zF$o`sTlG7=2hTeGYi&RBi=ckz;61k#&F2#e@Xq%ZOUaPFzd>9&YvTIe6Rqir#xbg7Wv)M81Co z_z2vZUlkp1(edl^?`8Tw^sV^gaItTWe~zE0?W_CMX~#dPx%ys?EPM_7chg+mkIlh{ zX6o$!iG8>=KPx(JrvLAK`xcMG`>}7;@1*0Fej46`{y92*>iLDN<5vFV9Jk^xINq)8 z>-`_N_;2M;>>uiV8N8ejI*@=IVT< z2;YX^U-P8byuJQ4_5+`r<3GIZ{YCS=Y)SYG{4?6Vdaq*|-t&Q?`Ci8?e16u>pPb`X z{uUg!`nTd9_G1M1^TgnB!A#$`NP-XX8Ik!P}`R+1pfBMKWE?SpR(|# z+wJ<3gP(v~@fRGo^0x>-I%nUnkNt@L1O7bizd9d_!<#;A^CY|duJ`Rs-eRaR30H1-I>4%?yTj`6Pp#Fcv){i@Gjn7GVQyu;E9z5&#eRcZO z^Jh87t@sP@ZPI7)B76;Q*PRH%l|aIvrhb3$F2O&Is518^r`)`g5y^FMQ7jAkFEIrS^9B! z8~$572_LG%)9`-y1=@f0d{Wlw-x%8891He0bMT{w?e#~&ajX1_j$f-?Mc7sQ2s?gfH0bvj`vgq|IZi z)F1fy+P*s9i0{FZj`xK2j~^54AE)8tpZ3pxgZ+!~%KR`3pMgK1flqn=Sv_BqbKI(* z1;?%WQ{02ce(J~n1fmb(SNF%_@T2%=mn_)H!Dl8#&YY4{}iR{mw-C*Y&n|A<_&aOZ#U&d=HP zy8s`DTkX3DKMJ?@Ph!6$ez;XXo=~w%sImfO3 zz2Lazf6;NPd}9Ab`4GRgKM{wEe`fo4+=@T#xD|ia#c!oA=eV^#C^-9;e?@rP7wq;K zTcdu#E&t;1A-I*kq~n%;8s3k-wLhALufg-W{3Bne)PMN)QG5I-z`jS!>#;@ z{i;5XJ8q>f377b-{lzqV2yXU&@EN$3zd6Uv{?BnMeMQHu{mIy`>&G8=+)O`w68~Qv zD!LiQ{Bmj(C?`ghY@ogWq9lW@!b*uT?%!ma#|J8tD~ z(s8T*NW&$5YkbVY+rC^U{f=Ay6&!z%PQQA;P7&UTeM>*K?(;`#{Z~}R?>PKu-adax z!cV|2(fV(y=%?XLU$NJxS;wvUR}S8Z{$FVO>U(htqW@Jp|B8;A>Hm$dZ`F@De4F?` z6^j4kLI0G5PZGbSpN5aat@@dTufaRDeRV%5C-K9r{-Xfz`I^1IQiS)zE&pQw;p$nwv&hZO%{;2bX0{jH_t?{$yxD|iwx4wRhwy(~|0AD#;cMty>B~B9#h-KbEna|&e-3+xy39 zcn|ynoxghj58e;Ao*&P_x4&VhuK-_z=d^uwf2RnaJZ9IA*nj%mT>r!8(YNYP(((K2 z_|^Gx+VMfn)&4*heggYe{mQ}D>cn4gygy|BlAwPo!rT7V?!RMqQa*6A{2jOIR}$Wd zzSV!F_t4KeeKY+||6w|P`u-z)hWKBldBop-=Nz}#t^I`}`~?14`mrs>54hF-;&9P_jLv`c{CpC=4S$s8>V8EU-gewB z->lXkN6X){e;QfDGaes(Y|(#@d0xx) zh2#d1n|LwLJ=_(0IhEeVAKz8`C-aN7C-7WM6uE-7cU9=QyIJJApHeLSD1zL!mis%| zD-G(wF|l`1(R*Kiv{}ddsgT^d_}5n~os{%;Yq@_6r6b1pE6>l%d*7o2T5d(|_y+MN zkQ;m^@4=ONI-=#i5~`;MklRjjA6Vi&q~-1rigyaRiBa-d>cP5_i^$@*Qf@N87=Lxq z{~nngEhmFSMQ#PTv9Y56eJ;%hRQ(G-=M|Ol7CEjRG(_99+~-5~x{zBu_r6Fy&0ufiCigtkfR>ZRLdD);o<~e6xvJ+8mynx7Zbs5E zs^lVaI8?DG^NY5Oe|`|nC^@-<>5F;ovYm0b^-V?Z`z)eUN>0|=O0EyNwp*Nkvr4YY zzft5Ck((3$7L;7%-GM>L7nxs-9CXhk=9OHf*gXI8$aV0X&Ud6gSWptx2UqZ=MJx?d|i|zSxz0z{wdbNXG>tDO}ku=IzQ!}o1M~fFA3$}EOHH;qa7A| zvs&(bA-QAXALmIIiQIyct0cp#FYCy)vhVLbZ<<$fRnMEo7@z0a|C9AebXmz&)q@0b z)9fR~MQ&Be$x(=E9|w?={ghioZbQkb=S^kazy5pL?<)5)sHc^4u}-O@-o3=;64~)n zd*0IppJQIb@kvELvMTDH{s6q=XZCYdqwsF{ts(te0{tnm4<8Nj%DK-1d;|Xa5SK#m z<6nXg{@h;ItULa}kbdR8L(M!Ox{SVMzYE@d(q7jOzW)bYn_?iZiu{}g-<{d;S!?gcIE!I$>n>yBIV=H|%0hH2t| zvW{Opx7h_h0>78$YTY#;`jr3uG*{=Yqt3py?wNADQ|qgJ&jonHzuV`UOYmO!qqV-e z7rqW3hFkGBH~QS#*X)81qW^JiU){?dfUm+|7~=lHrPR++c*nYZt~uqnwJ)*YxaI$n z;}TcU{`_nCUj15k+${en?F;|9wZ6<*_*-mt!NvdcHCOk71{}Bi8+F`@f6B#grr&XE zUvw>Sst@I5zZt0K0m(jQC*A#paexuG`)qgI)C;r3E z|0Q_uZ|!rDb+HfsOvwHxy#kiGZ36 zQ%ms0I{CK_Uxr)$H}l1h^>~-#mVX0qiT_dBKeg{O3SWg==T=kjj#IXO3yxdk&ywR- z`&@V28sD1lO8p{!Yy9qV{M9;rk;=LD0DKz#fe^1e*EtGbgx?Y3m2>MU_+ZiQ9~LBj zxRw7)@NT$OzUz)#{d@D>eEU}W>w+)Wu|MFrmH(rTTmDbM7qM^6PZ!|5o5fOx&c7>F z`*-}gntSg?^2e`r_yqd5h4|Yl{omd9HEh(e-{ts2wf@zW_y^z(TlV~86y5>1=BHEe zZn)LIEjZqx$zMDpb@a`QhbmcA(Qu4%dX&_0LEFIK-_ zEPYSnUC?r03B_APZu=*0|Dxe#m3;P|A*#dCBbE}pM?_cyG*U7rc+rQ{g za#i~mqsTS&zcZ~JjbrSEGmJ9Fi#gUt5o#E|sOlZ0AK1T{Una|uH_NKL5 zWgkZ7H78r}kA9bJ)XKd0B3$E7;n90iKYwShEB3>W!yl;i)%y`Z%WDxrY z;3G|&=6TE^_)++7>n16$KE~~F#?7(2;Om@9XXA_SQqEwJ8hSc&v_Xp`f>Pp^JeM)Qr!aHSd=#4`a?Q3Yl z|9fiwG|#-3zPRxF*yWjoufboe^&|d5N$jWLow3c*J3@Ri@IMQmdHwG7LG*KuTjO*A zK7ZckuIFE(UxZI${{cFF^?XI_-qdIGpBT!&#|Gsahi{+1S$d|{kN6j4#C{Uq*|AxA zSBSqONM9O051$M14+K05Kl-3e^ZNyJ@SY1cOI=#u-zM|Qry%-|+Vsxtg8CUb9oR3z zXCA#-x|wk>;EgxQ80hK8?nC}OZnN}5Z9lRc=*QvxJ$C#__z=9mQQN;n&UQTeX|eyr z%~By`|NDXctk_R%di`YJU&OzF=aoNv2A&D&zb?=(z)w77v-JHC|8~HO5`XVzDZzLb z*l&ECjCFqcW0cROo255|%Kx>M@`rCfW7GSd>x%yIfG6SouiG@&$!U1!^EXQ?A^(09 z_?LyR!6!rfV8CG=3u_w~pK}{q8}Dw_nLc zq;IXn8)G~^O8@)k_#Yioa*b(8gC{8INFdj7FY-y`#TX)@Fmg@Zl$)euNXuOxO2-m%bM$NfEOMh-ZYd-u^NY2MH%q^jbL&G| z?x$z#c-t9=C!W4pdY{N0)^fLo>{N;PkEeK@r}RW`3moQ|rjsIX;*66y#6i&m|AN{E5RS ziQii1C*dc?H_i74q~RmzTm5%d;y<)mYNMW2;=hm7F)#j{@LM;{bE*P-2>XxF=~K^N z7vcTrvrMblkCeOu^2+~QIQrH;UfgkOpC}36#{O>ed9j~{chQ*z zzcLEnfLrZ;3f?+vx2pyCk+<9Z(h_`lYSVn~ejP6Ub!z{wt<70DKs3#XstJD1R=kLZle;v2Z z&ze~-XZ;d;n@Qpfr3f^%0rn$ep;PlzftJEL$T*eZ-1AQz1*B!U? zn;%H~L*Gol}p^}V@E@WBt;@vl2>)z9V!Q-9I7%C8G9_TL?f|D9d~mi}!3z6`hg zA9dWaKLuZ`6aNDI2>c;Be)YY%OHSWv-|H@ZYhKd4-}m3jpDy?+@n5RrSKpgE0B`-s zrun_Oqwrq1HNH;4r{PxqEja$BQ2hP{70Lf4_}Jl1^Zv}b#Q)LF($_=!mG8}MehB>& z+#27z;0+(M>&Jl8x9az(<5z^@uY7Or6ucYzmi~g{R{1Q!d(pSr_qyX&{b_zE^&9<% zYX7dTj89$gVYn6l0DKH?jqjuI=}&B$&kan$kHD?@(*k@M{z2`ZdT;C!d~m@opLO`^ zr#H>}Tg?|xe~;Mt-vyuhjJ+-!fDeDp&Yw~E#uqlt`xjI2>7#c0UJ(9eyL^`%e}c{* zxth%1(mvMV9berv&!?L^$v?Q&e|PP{2ln8j@I~xDL;I(`7iE4+%)e;tiy-lR{z`lFwzfyjJE&kO8#}h$KX%aT-}cwfKS6M|3=}9a4UbO9Jlrz z7aX_NolAT0b;qst+x&3a7yeoGrwhITxBMG$yhrDcdhgySy!GpL{!hUh;8y-DIBvzi zlU|J2+?`r%gl=z@#>qqKc>zh?m60Uy#_z1L?HJ`A_=XUcIa ze-<3K{9A$#V&6U@)H$Q^)E8H4?y5Mtl^atQ#KcUm_AItdbU-%KYnSRGD{}x>Q zmj06Cmi{`tZua|53-S{GD>#sy_?x3GDBdKG|0rmGPf_zqis%qYHW; zY&_Tp6S*vMvY#jOsOT{z7rBkTq_Y2(M{bOBtnbNwe?iGLekHWue-gPK_US$;_STe~ z_nkErd(ARFbFO|@xyP`hh7T#$T!S@gEerkCQ^K_14W2+0qc5 z&~laieo5~k>2lI}a8AWPUNszWv`Lz|NVN4TJDli z{_P+)ft=h&i!N)qr-tPAGcLEWujk#1S=DmagyaU0>wd?kf8S+8%e^!tmqzXca!-y!H~sICJFexz z-y_#0<2UPIcDL5aBDoy!^hy(e#VO9R)4z#?`6I58tQ)#f8(h1mEL&W{%7Rhw>L{{8!7&P zfG6O~-`Ok;g9H7De~>2WOTk<5&)RR#z&qgg(fZQW@VDsCI{rY-)xEPk{0Q+ULjFC@ z^H1tYhVg!wa@gVbXi}HMFM!8?Ayy(7#A_Fr4cj|F%y{Oy`YZuJBX5VizA z0)G+xfaqV`(spr6$Hgt37q@g@)Y8+}GI;PVQ)j>9tanClYrHkm_>snzo{L(#J&qKz ztrxX4UD`6(`0jnX5s9@y=BDw-aX;q7W{F`h_{d$P0m2vmX|wb?mws$s)Y5S<`c8@M zx=1+&Pe=UCAm6&OS$fr(`Fq6l_dWIfJxM%mKdtq5hw$#7ZI*7_&EHqm`rFk*|9X^XS^Dvr)rVi1 z_2Ikq>qC)vj{a`5G*(rAo1Z{^+}SK0->p6@*4Bpv@<)FE$M^Rz@pMMFYW&R;K5^F8 z8T-4Ad`HvPAHBULpNPNr*sAFtMhWk2**fF)HjDgp>mT3WC+eGS`kN!3{`0mzSiFr@%IU5?r-x` z@b^hurJK2Lat8B<$47UYCCL2YyvT0EtE)19NE1)nC0pLTMlX>6jAQWqz@Oz23{VN?$v(^bDKn zd0hSU^!3tzJY%agLH3nDlAaXd4bR#tU0R) ztPwXPnGqhEDOjUZi2w!}`R%y+Rk3spQR7x5fecvPh?FC-u{qGmd z^S$4n*CO-#1phMF8%}MNZn`IbF#BY_$b9vpmQH4+2hW;f-gsLi@+|q&O;0Zt1K#eG zw?4?Dzwyeg;5mtdkt;mgSo662+;`L9z;hb*jkn(A1Mhj5_TB{2NB! zTW`MoP5Z=$i~Kojqc_KgOMTscG4qAdE&ux-`CC4+9!LLNjzdN)`z{Ztx~tt|Gn2y_uh51zNlqT>~-<)0QP!bvsL?>HkGP7O=O9J#YPM_z`(S*b%8WC(-M ziNEF3$G;uIy9s}v1k{%EMJ>I$-b8NMZBUc^?t3cvgPjv+R$o3{ufB-AEcV)N+$xoJ z_p53hANlcae!1%BwVRXJJB~f?UX0k}>TrJQ{x@;izJ`w1GERs- z`S(Jv_j|VYzoa7t?}h)~%9mlCzl}dM@?}`ed+i^48?R%Wl>qmVc#aW1G`>}ObYt{Z7(^g5Q@#T-i(?xhM;W7=~yS_A@Z=|PJY|7Y^!Cv

NrRT|$t-m3c0c!d$K*B`ZGuZX?vH*N*z_&0db zN^JhP7Q3AK_ol7Vums@O!AKgk)UdfGm~{0{xy`ZsC63HU1f0%yPC*Og^gy!<|Z+!}J;`0u$J z+Lx`WCz15-{dup%;?>t2_Qv15RhpN8aDLoWj+hGneD%BM$2xi&=>6c#%KdZo%H2!< zGuVH6Oa1gqdq05OBytytzoh@Qs(htB9)cf*Uw3AHJ$o;|3fMa_S&7eIVzKTZZdM}V zg*SiSL9XGgyVtv<$UKwr4gTxh{i+f!jME( z551;$*3K_egf|fW0kOAtyMOa;?OyWxFm{HpbN24_rMmxE+szI_;)UP;W3TPDE$@A~ zyZBXIuTSr8&l_gE`BLArnNMKvkzNe`e^Spaga?o3ub)zr!`J}`* zvsHS9=(~^9za7FC315(~z;0E(eJGr7UizQMdipQ7O5YZ}ApK=Mw{Q0urKje5QZLi! zA4mT`>**hoHY)Wp^7P#-iT`=*w0@w{zf|U5k(a2sPtClrh~5Z#9}dM|Qy<@=axzFk zJ38^_Qy%E=)-Or=lJGUS+y^uB=b7bp7wHS9Pn7(AdKNo_vs8F{_Ruh6_v@_GLi@mPye)AK1sc99%8+8`&RJYl)w%N47am?t7&IaF9y&boZG#hl<{K}-tiUo70zh< zh@9Nb&+@*G*vn&Y6?=C%Gkd?>%U<&fSkHd-f6rbDd&6II`vkT1w`#nMykjr_7O=PY zzi4jrb36O5WWM;#ti2g zyV}v|`t#lF1nJ6QXZ!g7%#O6z9qbJMVE6N*{o?aEybnF;&WAp6VAu1Z1IUdcxBW8a z52P#lZscm~dUap@U%S`!-hti1iNc#l6^Lhy{qHIMjy~P@$M2)6#@=1d2E@)Dr!pXZ;6pN$>H9Jcp>;i&YZ8RA)EUhDb!^K0$%r(OK?`Ze_X89$@q=NHhg&Clw- z>S+7&WBAq zv)GwuocXAv@9lfpd53A|Bz9Uq%sfNv?3u3jn0C4zz_nCI`*y;bM^XKV%*|GhJ@*wDuk2!yyxR)K|zD&^UUI(MZfdYF8)(>^o{se(4RT7RmzJ0|6WI* zon01IUKc5ADLLZx(%(V;{moWsR`h>fM}L?6ll~-yekbGVH%0$n(61R2^;kB&>sTgs z4rAxY-)@yYFLpk?mz@dI&bs)+xcU{bb8t61UjOFi9=GmhXH5KwKalU=U|f~+|L7IF z+0p4bdpA3SVkd*0nZI-6;Uo936WI#ab8jl-_uI#?Gx6=M(xb$myX>zC+Hu2%KcTq9(6A5VI{{h>HRXa7>|{e%I+dv^&xKzI+~{?0QQ#D}iC zAwzgK;a5rkZRlXczetl|k6QRFd<;Gs@aOpZ9$a$~o`)~ONuJXm4&8rQfiD|e_62s} zt8jhJDRyHoVSP(@`8oW9k%7Q&7d-CxMf~pCzT3CDRTh%81{#|%K4R|x^5fst_67qk zejIY#d#+WK_{cn9mhcJm)+He5W6Uy}x5`Y^#ojvhI=;76IxPWv+xu)idkIV=UP}IA z@9#tQ%5yQdCG&;qKB!xy{qjeDaD)}t=HtYCJ>3iO z|J%=x0^ui^*M35RywV8P`FE7p`O;2zkQ**+l{h}%V_x4~+t$T4AMvw~1Iv*gR?_kG z^5&o82kLOI{2lk6>l34Vyz~=3tnBJ~DE^;(2>liP!<+a$dhS&<{cvTW6nQ~-YvCey zi_G7T>v|~jRqC0X|3-iEqN;g*i{0g7nRqVNsmwv*xiKjX|LAb=>?AP8{7W3w3S>$Gr`+~FQuW|i-!_YoTWUgk+mvj`+Z~Mpacq`%S zgtrnd-Cg-3;n7j{{|S$l1NkZ8?SwZF&SPQ0N5bQTZ{uHe_yFM>gv&L=@<-$k5WZFw zo*+C!_$uLlBf@_D_3tgwJ*mFy_Hf@N!mj^Ee;EICJ(Kb(5I#h>cQ2vbZuluRN&G3o zN2>J1pXOKj_CCVzb^MvO{24%hxyr7We!`CvuIs({nQ`(`H+E~^v+z~)%JoI}vAebJ zCFD1duk?4}_Py?Sb$f`un({%fI=r25iN88LPWTDJb-qhF2MCw+vwabKBy9(r{L>`V zE033Z?K|oH&kbpUMSlvph98CXCHyeqO@!Zv-^(8f&lBECc(s28C-2Q0oPx-&6W)Qm zm)|NpdL8pq!aH1;{1Ewe!h5UiOS#3Jywx8h;r;0C)gNS#8$+&KzE*#57`aL0{(t*} zljt{{*eW$k!rVvFw?lXX;rA#9@>9ZNW3+GLtCsH~e1q_6`98we2(Ru}QiQJ(Ufr*x z2|q!2b^kF%`0_5{hY3GUcy+&$Cw#FgT-tGg@S}wP|Mn}f*H9nG7hS)l+`9@Ke6jcKjFH)dFdxyGx7nZA? zzfM4IcxUhWc?h|t|E{f{vxGMgUR^(Pgl}WFx_&M>d8>Y|J8sp_<{KGLi0==rpMB_! zH=M4ipDDt}2)F8IrVf{SI169hcRIALk?eIcWMdhH*%;Rl|s8Mk7uWBy2Zb-n8%e30cmAa@<=V zdG(lQXvB9uQqK=NZk69LxcL8v^xKk8JLt7ueY*5mseo1a)Y!Ezlu>a+y52zlbj|6~ zd->gLr?-aNspuU*ZxX#*>*>9=R&N%))ju#k$*%%>{nwH%iO{3*gm z;6=yF^Tt~v&+wY3cU08Db5+t--Bz~P?c%}4?gOWT_x~P@j0JXu55R}vyTvPf6h2|- zOLeY)p@*5+k)q1zGf82-6isMg|g@a$d!Tv&M zAEj}BW6eg2M8YS*zx{7yee=rGrD5lnzYcfz6>p0){)S5e+#&7fuHN&?R~J1`+3Jp= ze*pcaSD*I34@`{mk?;)RgM>@k{c`fdvxJWjE@>!#Qv9+&_#ELc6+gV(pec6*=K*~! z;pe zZ+H9rr&Rr=&I}-$LT>}TPx5<3FYveePRLV@End;~%3%R}gV&$--|rZdXW0+8e&|(x zlnViU@n;?VG4z{u&%Y{v8h3vS1yY#u?n5MQrah!j`}a8gd@44}GX{^G74M-VpkHIJ5*9#A|o5)Mc%|_(b zky}OXb+vM@)N(N%_4u4g%#5e?D;-J_9d5r&;c=xVQPLay*j0CFC}clk#ZlV3bFRQV`;OUjKe?FN&ZW_5uM9xds8$)(d@I|=yKGbkN4wMaf=|^t6 zjz5RtZLimu&|aQ@XGdY`U|=e;@}kxwB% z#QE0~M84Lqq0plHTLsjpL5NN#r~IT(-tr0L=h;8>F_gWXA8ivApV>S?)8 z)@Rh1DdHUVnxYyjr{SWlNBK1k?tKTm4 z+@X5xd!BXgQRV|F?8$!I8^r$)1omiCm1j6!P@V`mKN84h(Hlh1tJgOKdiW7ehrIr! z>f%zj=oio*X1^{Y@m^``M|Q~vR2yQKa$b)9UrRn*sP+A`HFXK{Dzz8uQh)(I;ztTQ zP3!}{U+kQ(?Np`X;@Wgb|1pdH2>XRU;rHmD`1-2+r*!#CelH>4#y;ZD%JTFd`Yb3i z?R9IF$uV-`XY{Gu*F^7$;^#ey$JbN&?dD9EtL%1jCW*IC^x3DptLRIqRrROLQmVUC zuRqP8H_tw1MD$MkdMbTrc@^I4ge5-~ke_6K^XuYsjlBOTi)#*Ex>k_yWZ!dBdnxXV_o$^ndV&>3ijm{yh7zS4;fg z@cl36593;Bd`%&b_)5X zJDvP>d&}pMUn|Ssu($j=^2bj(`>)$uzMX^E`J$75!`|`($WLxM`J4Ba&mcdt<>U|U zEx&+#|7j=xmc8Xyknh}f@^9Z;zL^VR+sGHG>(Seg50AGW)BTb34+)X~zwZ4_PJY+% zmRnU+b`SaYYyI&ygMQEN-2GUouX~TTSJoSEm#}yAzx?;qL@x{MRoW+$hAYbLQ}t8P z0TRPGiPx^r5Ac%k#b z-SKceEpIcytx!&4fRFgGgq`ER=Xrgx^BrxcYP@|?Z92NpZ+-^#g>#r6^Lz9gzJ9sC zCF|a<%U}A#1o9`4_r_b1Kg01hjo$RW)1{|~pI;92RDRbVZ*!s_VLwasKM|xe=ufTj zb{)O(M$SP*?~a=E)r`08&tyKyInmc8KWgM_$J+tqw~_b8+uQ4;%NTE`&_Bxg)4IfW zTaYf5FZIXUCGDhG2ekRDE4yL8{@p}<6`d; z!(Mog?=eQdF)a3?gN)Cdvw8kqX4nhA6We-6kLO3!}Q*{hr0zGpWyEOL(M<=++mb9-6rZQRS* zyYhc-?)o*WA{eIX^^>Y*zJIAoIc)!#Bb1rY#%^&ai2fy=>NAF1KZw_{JQKjdJ+y}PsK@xESvziAfz?Q>3-o-O*W zpQk_a=D&S37pWISt5lKuyrF6Bi3 z3xU6t`2+L&>GJ$R&F}lrn?vt2qW8Wa-zs`I8|b-tM;Edg^v2I~{q5`g`0Dky3&?Mu z@A_NUZg=Z%3*t`)`{0sqXVjlXc6L8g81(w@{m-L*aejV>*gLcS>=8!)`>~%cY z`FBSBS$+SGVXt@pY5#kzt^O?B-(FbHzu5E1zlWUm-ZK?Fqy8*nJg4jD-vR6`KGdc6 zjQX?s>CItp^#W(_jQX?s_M%r%86W2CRrhDRw)^__lGy8bxU=`Npgnj!j(aCX)p&2) zlm7NF_IfXL{n9I|?A7$QXYJO%dHwA=cE-C-d*5RcmG)M*zol!d?I%4uaSjHKJmPfe zHfawBceA7WTVC>2Ysc$vGuYYwQJa*K zao6vDC(y6-pGLo%N3ZkGT)*qa2m1Spp3(0X(d&Ke>C(-_T^^Sz{ch-8fqwt@LfYHo zIDeLWwd!-YfB9Fdf1zt`NMmpD@uy2q5_=a^)t_>Eo8A|C>FGUpecV;*Z%aog?y59Y*y*|KwD*3e=t1mMuNM!N_h;n^D*q$(<1l*5=v~F{(d&ZvDQEX0ByLM# z%8RMPSM%--Q&);Z|(3U!W#&`x5&~5=;y^^1g$%Mv2geC)(IctycfN9N|^3D z{JgC?8{pDM51HdN^v)1_C@ zUj6zK@n2UT>GhVnjZ^!)pI3YT^Oju1L@z!^eaW6KeV*T4zEfu}YuVW6>g~tMlS!(s z$ncT+If~vQdQ4|MJ^yLmH+eFWZ&UEG*|47yewgs>x!UkN;S(RN4KEPh^w+iF>x55# zsy00OVe<2{wc+iA&wZgbJWhC1zBYV-@Ug{kxa8LX!bkp&^^ld%eBTs@A+6VV|MT`& zbVm6%i{9XOPnV|Y_iFkSP6@qk2E`6e41(YN`z78e)X_+HT_IdfQh$t=|G+jM@w53O zr1uBhbE?GW@6nVOG>wtQ@+O@ZL8o8e`_SuIarZ?$YyQ4nitre;(eM7((`ZoSmuAn*um8v1`@rWl-v9sCIrn|HX(VYnQQc%@lTKMg zOi*N`L>mOLrW8SFQ3OFoQ4<cbDuj&vwl9`{l1UydARlD_5O3culM!7-q&@mbIx_H_S2JzYc@j&mZiMU z)69u1nu*^F;G4GdV3^ww9=^&58$o(VPCLeE`wto7w`6Ke`(kB2gpA^-Td|`L2l7z%1OM{ zAXkOlUYxt*;hcz{^?FDve0A{UkL;iC`}s%u?SRN<4Tc}J^RcJjdavPL@$*k)A3Dh& z1rL({a%1yHDR>Sz%>q+OPMN*YpX7J3V+r(p=;sQ3^!|S2X!&C``nvY~&+|uG6aLxz zKhGbf=*ie;^!!l`-{Snu&mZl`)grgK`C|aNrg4;)#ln0Ca+{k!79zI>xy{WV^~m*a zX8k08bR(BAYcRZY}uNB{hh#sf0*5B$&bM=5%`(6hPivl6*=n<*#xW3@ckbI|Dd zV*tKs@EtRmTX2xewFd3kJjQk12ly8sl8za<{@72dmMy_>jTylLF|8oQ#8W zQX2Gpnni+pBJ*joyzp>HecO>!hYp6h4dBU_W^^!;JiZpb!JqNnv>FE439s#edBEoP+LQE%WzU3&k^C#=W`c`7UOW%H z*T?=6@HIYoIe3>(y{c_~ul@D5elOk%F7_mQ>|Aa0d+W8<*6+1{6S&yp#nT?;eN!Ji z3%tVzF92@?_u5%%^Lz11TfY;R>%$swvF9gJFUG^Aa?91Oqi%obe*W$R7k_)}(PQiL z;sfA*^-FrpzkZqEe)Y?<`JMF;J4?VtzY~}Gm4lB|zZ&R%^=kz8t6#gV&s)E4a4A1% z`%eB5yZXST{hYYi6{M#|>!)>A9oOOGcneJt}Rwx8612WgdHlzY%;sxVPTz z;Ke@t-Qa~DT-wh3J&>(_3kevj@Xp31A<3{sTT^ z#g-{Y^i`v;>E^-kzGJgHeI&a@UpM;demxkj3-O1aAF4d}3POHYcvgi)U*=Qf$NRUO zeU<2IY8nhb6VE<(JKZ&cdAglC(YNRc`#O{Q@}XFb_kj05IT)T|RYm__+I0YY5L{oE zI{1^GX1(W`SpH1#Y2adRS5E1?w_{%7# zI)hrh$eu5R!)a6h|r{cXCpK1t6o-i#oZWz)TK1>j91$St(#Ub!XU z4RPc$sb4+x{vQp6erlTa?q+`6ab+z3!kdW$QoZ{3{E3OXg5GMN3%!6Mq(fH-SfZg(7y9f;WKwQ~+1| zN4FHzLwY}LTaP^TBJY4*6p0HKN2AZpOL0=49^{I58Pd<$ zi~mH(G>_Bkw-Rrg#6IZDMZmHzqBk0#=oPBgm-Q^;L)K8-xGJ*g-uc)<@R`VMt2J5w z6Z@8c=VTB0?(Zk`deH}6Y!&;L@;Yb4$3kz1Uc5(q`5x$H(BsK(68(Go*GFX1pR?%Y zQvPgb{GApFtCwFb;BIB$YE$efg1-uV+}70gTDwu0`l2-ts2q9+^!tQvUFZ6&YnnVo zs$u(Pg)m$96Pl6FnK=}`T>$(MUAME>MeV0ZuXV^rZzxFleaP32Q(o$q#S0ky$jkj& zt38Gv3Dxz7p0kgC{Uwgep;th!7x`%YXUYAK;qN{3)krS>t^2BYPV_b+w+6X*<#s}! zwr~7$*Fv8UeRIl{ex2S>p>5b-(O{-UNN`DE&MaeJ%7=(Ea=; z?Goh0xP$|S!gq;$ymq-hwq5d&t3WQE-csl-o2gg)xDvT(`LTX)22TaQ#N+o)@Wr!+ zT>Es0-+I6+z$XviceFkQ2u}WSCG}Yd|Fqe$dX|7^fR9Cw*xL+$?;QVpmIr+`^nU1d;-6@K zi1aTzJ3QuSN3sK54`ypUKIsMW=^?~{OFrKHx4?4WXJNE9`~D~T8V((@_7{%YV?DFv zc#w8)=Q?8~VM%@Jk#9L{NWV`oT%Q)NJI1I-`g=M2z3@loox}5)Gb7`PUUysx-#YlJ#XhIsBF_-H zpB+2PZ}u*6+Jl~)!-vBA4(qYw^lCo4C-sbY%UbVDdXant|JB3%*7&p;&%sEXmY`=j zdLsSC`y5WCP4~{rYrt!f^Wu%*b>Nf4F8h#nX}9^k^Nns>zc+99fmfl&yKWeKN!AaB zTv7{}g@g=qvukP`EkXI=uTj>X&iW;VV$3<1XoC`b!DvM#QQEg2J^ko$wqpT! zEBHF_uQ~ViqwASHv&*l4NPpafp4y{_qTd~j^vCPX=zVQHPGokHFW~cwXNiLXn_epR zSaD##%Xx0fOx`}_BX-em(B;BX3I7`O)k?cr{4$vjEH>>Oex@7sUFjTJ(W? z{Z$X1M+rg{Aoqo{mZ}U6jM%t~<=3mJ9@VrM-h`tSa zVam*dbh4W3xE(5TnXi-2DQ9!!#Ew$r`jPY2vl4urPkm~@dwuXm@HOBP`;kNRx7+-> zy=;QSLAR}cdwU!sPwMw?a>Ne2fjJ&A##1l zb#11c*pc}r`QfbCdgp;FaBsa!zy~SEiw<+1fiTFv|i+-r9xc#{X0I^=;jfd7?q zDVN2yzc{ZSOQBbs?Viu-_6J`KJ}7d-8(Xin;4{Fz z_1XlU;lZU|X>T$9gU72^F7$QKo%3|5R}pwW_-#@z%O7kA#tF;f*8i>et%Pq;#ZY*S z@KJwj9ZQcN_6sF%M5ZOt3u$S$X5>=Oi>+TLcmlY$em&sI2Oj_*r2OSlzI}-Pq_=4= z_`UVY1YZn(i||_Yx;RoJXT6Hx>xWOrt8cy5`qrx&xwi9T>s1fl0`9F>D|nL+z8bs% z+*_};;L|RMt=A^-4DiwVSLQqT3%;@TuM+szRL0h)9J~wMTc2w1RUTa8upYbvJYF2O zL$Cd1Y`wa{>%d3rUz^~oxNz+C%Icy&UKCre0`Nj`Z@o&v^F6rKs}g)Bc)WV8gr2b2 zU9Vi^n!!`SH#hIEMXnGzz5YnR+Ici^2J<34@0ZIA=Luy=dFk)s-%B>Xyb|PAA-B2L z9W}^RT^8%#M)1YpUjMd(SNP!F;ETY;*O5c|cc0Dg9A~7S!S^ivo9ov+QqbLzq&vu*NSx@2Vw)JaV=j-A7vO*sig`U=J*%wbfcLch$Z;4Hp zxk=;@yd1oYdWcUWhuBjMz8riP0kyru&wUBK5qcf;pGE2Ak!gmt{tvxv1o^elSH+PR zyMiAOkI;jn-#!FS2k-U4bHUg6;6>nF9$f5S2rlIh`_uh=RrLsTv7^yRx9t;9wqEk7 z%s1tJtUi^s8?mnxzOF0dx7!lvwO9GmrTlv6Ezoz8a_mF&wt~;RdMJFlJ>Lza8G0XT zVG(*a^ucBE=>yQ)uHn9^ef_@F47?lBAo6J+qQ53SJr{c0^^7M{An{5xvb(nYVU=G3 zefbUkbg5S*^l7)a@0S;W*ML_&JQS{yKt!)KFO1%Q&~HsSAK+OS^jq0OmP7RQps(ez zq3}$Z(D~_W2)P~zN}b}TZ&peJ4=#vbveqzPS~X<7kEQ#myeJ5PL+C}&t3LF&ZgD^N zC#9U&dUH$PRqbbe*M()*yg&Nh;X$50jq1EVF#ehw!k3M$oNauUv!$HQ_~l3rZKRwT zQ#M%Z$u2)cA5(}t7Nf75y5V08e>Jl9^;M*Q#ym$O?H2rqd0_y%__GB5!4d4O9EHAe6ng6@ z^zKpU10&F-Kc@9q_B*<%)&If! z2QLS2@xiOXo4~zx)`K_r@VA0XfAHGB8obsAUkkq62j2u<<%6evO8)TR(oR|672xsO zsmP|sYo~IX?ro=P@I~m2sXus`#|~+~R`B^g_-gQCAABu%p%1>7`(`}o$lEQMS5?H0nn2L7??UkU$=t;epv6aGc;k43-4@c{g7 z@W&fZ(*8IyJ$D4U#Ak_3cgBg7TMphbLb)|I{d{<>JjZtlm|0%JBunI*p{J&8u)b5I z^B{XC*fUR|uZCU$J)V3Y^sW))lm0|}ZxdfW3wkZ|3!?V9%P)f7KZ1NY^x~=Uk{)By~-LmoQo6P{?Kdh z_ort{`$MmKus^&^78Zz)z&;4dzjMsUG+hbb0DS8n8ktYZOJ7TSJ=!16=3Mlhq_tU( zhzUIpdRZKL5%f~%y~M*c!}lfh6B9f)kuys!HQe*?v*OQ!t@(B{`ZBiNVBNpP9?$iW zSKrTk^)cTr^1sZ<$7DSZNc)2PKW#&J2LbFu>YD|g5AOH8oY0G)S3s8>Z1vya>v8c% zIrJ*%AKLVh?Kge*WzZKN$cw&q^re1(%jrw{lK4Ykl7D-7-;4L%Hz4v}yl#K=mHl8t zI5;+a%l(_BSiGg{+l;=9?KXtN0>rkz*SrYSHtuD0ccQ#-0n}+9UZQa~<=o%njj% zazh$WZOjGt$puw8sF z(%t)n4WPG*eLmL&(R-G!UcE`t=xZpm*vkk*#a4br4_fKFgE-GA_tdb7lBwH0_XB?X{$PWKifdf;P2WF?#1`bK-H|N3gi)=X? z`gezZ^Tcd*xaK&R#4PspVc$CT#nkq_HsI$^>ivJtzM3ZXe`X&`ZQtDgKKrtM!+y0h zZ2La@=YO65R%73M_IK3&JL|vCzVe6Y&+N~r?OXrNf0h3l=^sfCvmYhlB8~RrBk6cPCphqTd}i& z{TQ{K6aRbdENy20WAwQ%ITh`WdLVmtl}KEnQ%`>zl0 zCw5LAlbzDq$MQQQTg}f_l9%leI6GUNmaWdsRprTq%mho2R{T;QuW zW}H04_g;g0oUBA|M-kth6}<<=(aWYIj`7!=Z4H!HYTugpmwt0zwmM7(%2jl(E;`v7 z{_UlMbp&v+NxKAgAs`lw(!n|c$2bB)#>uqDu&>y*@BP2~`Ew41{2#NgRqQLV?OX8Q zXJ1JR_RY8L`{&>O>-;w$_LbW9E&cDaZ{_3IS7zI{^?#Rrjr5P)C$Mkf`tYgJfA8bz z9OpHIH7{qMU046G^ZHd*_od@n-S^1soa5|nJ3D0^UAUhvJjgg%6+8qD(v4-D97{Lu za&==RcJ^Rr9pC-ccJB1wYiBhZI#rbO-BR)A!+rld{xoNeH1u=@4$@5(9d2Zt%xYyk zsNnnOV&`sg>}+whyNr_za57FFZ;g|eSRrtM9w*P&<78P%8_nK9^IMtxkd&4H+1nZ? zO-vw#k2p}a1V$Yvi?F{B`;s3qJf8KR5FTh%rml{raxV2f6rp$pB?_= znN<0zbjVt^IN9;22ul_Rrj!LPFx=Rzlrj`@h~8@S=2Wi_e=T;tY3aS%JScg>;lo3$ zd40AznLuLlc4)RL&Q3jD589_EO-z`TG$A!INg{0IYS+@+gWg5U_>Qy0>k6m6(Pt$J zWb-t~JR`8m_vSkjcl$bD?9F{fsf-ot!z>H&eaSfXuGoBgYtY+PWBXydIC{t7hqdS} zzTUR?shOenIAqGXMHBJjw1eDiQcMP)`zd;#z^oi zU%dsgt(>#n@_jcynFX6fgB1^b=xw{5eflLH4)fI;^X$yWaqO*bcCY+zl;e&X7% zudy2v^P(-`*GBaAK5W~&ERNoB*t-e6iyyK3?;J~SO#iKQjpu=Q{a5cjj&H@kB}^8| z9$z1RO#1J(zItQw?%8qruQTs9qqps8yZ^5L($OEH@x^ACZhPbP-v;}kTCq3yJNoZ) z>%$Xeo%yvmdOKX}qJf*@1Xzci7aGx9ir(ezd`Cz6!wtTAz1QV)8RBF$fyok+WTr>V zlNj=tEt~YgvXnaGK!&11uI9~rJrc4uAZIWz^f5`gn7;`H){sm66HKkaq5^X&YnasS z6?`6JUtAwPQ}>5Bc6#2qW-|ic{8fbxImEA}=xuvxy?*{O_|6x8?NyNC(VIJp-U9Tt zqPL=ReRxN)_g3^qpIIdi^gRpx{h8~mO-sLV-?QMM1Ez0k06m+~)AY*v@JAESbMBbz zE7c95OqLAD3^YkW%5q~K&2b17(KB6Kd!z@ZK`+ftg}?;nA{5|ySu{M7-<<4J{t|>1 zH%qcpk42x{tvDEcAd~~)a$1u=3bRv>%jP8^i$h9`bBD6ZIKyKCvw5q{o2mD}3;3^l zeRvP)pSP~{Zx{D^k;El;9^`7wqzbIRu*k*~jMX;m!xaRf4o{gW>F^{RO_}|3nNgIj zPSx?riBy^eGV?$})jxu24U8r1Va6>IM~xli>pw)|GmgEUI2ucQZbI*(k0bH(Mj+Q@*=1QQ|X>eGRU8#R<5!n4cp)n~2XA;H&_wsFd`bERGdTFz5XS>uliSeUGs)N`L~a|{()oS%-5Xb$N+ka|G{^YO#FJx z*z{gLieBkgMK6=@Hm(o9A3*O8zIwg)*Q~@Y?ZutnLGx5@_|4*m0U3Z_9aqHG4TH1w zaA5Z9i)QIn^hN%mkHztCzqBFU$LewXpFxBM1S!;)N2-L}xe0p*zvFvgQ?d7jKl=HX zbxzl_-z;-yEKXS!nw8QOV!@SPZ-@ogkohN!Vxnk1$dBAwdQ+>5Wx^z=J}wWyz0$h4MF9%Y-O(7H)~{0=*z$p2DecOR2Y6r4Yzu zCSsrUb<{_cF&LUp+kfJLvp7YVWeGT~|H~z%f1q}R0{deJV$uJkPEKKZ6eihz%~Zth zEA;;~YajPu0KdAPeS?9ck>3*d3gNp`;_xrM{{HWG^>0a?lx@e0LA;p63%^=^b!@oO zz?R}}zDE5#DmyT!4$D<-agWgB>4)WEKg`4_9_-C+HLZG?*Xg|3-8mVYkgM*<9dPLSZY z^RgA8&e%w>axUEfR4Ug6)73B`bULSroZ1Y;x`eoiGZyg=K`h>*$%IaIX+?9X72t$F zBQEkZEA4ASI+cHDZF4QZS^TUttOD0lz)|iHKgvJEyF$^>woc4tF``t$3JHnZ+*RCv z{Mlf*MdJ3{&-~-IA?Un5cg1Z}@YIx+;H;E3ejWT)1rJQ=V!^i|Xwt6Ki%!o3052jo zV%#lL4+Er8l?$d(N~@Pvn#~lLnH8vL-?q zm#3`3@LqoFFuq?_tAplBnGw=z#RX93L1j&wpHK(ktRnQ66ZW;CIVpAg8aVF?B0+f2 z;sh4;{zaTN3eq$zh?243!%O^0XdI{i&-tmk#Uwq_QkY8+(OzU;xb@M)|NCAi-yA#` z-aUvv4*1l+-Q3qXl%x}_RGmATzf4(0p6TMZhFsH2uIVt%XEhI%Ud7ktyLf124ZmJ~ z>)`9>Hwa%PcpuZtx4F!P_R4K%EVhdy!Drz}d@h9q0X%=A;brt4b6p>P|PO22>?} zgSSkgUL!O(nHq1zZ*Xbvo;P{k;%LSpY3~<6X2m=UiBYaRDD8bJKdJg5(%#Dn+FE{f z~eR;8WGgsE{ZFU#sBhTh`)jK>d#H%MOl@MC{}HMrIRxYkZRF{OzB zZz13tOtLdAd!d!PXUio~lXc-k~h#5b6_XVb+QsA&kC0kaj}dOqBYeQhW4 zeT?m~?{r`LVy>sNf8d``s^~9rh#!M*GrnIo7%ocSeCe3{IAemp+Okaam59Ep2E!MN z?wzcDxYV@1;%6SN9}d>fFD`*^6?{CwqJmq&7jvCdHoTXb`LfS-e3{nMiJq#fZ9N}i z|2Xv|y+iviv-R9Jemy1V>5u3+cl>(l(bKftwr9Wb>sgDQvTJNT6UVP7tBdCwueJ5O zPyCJ3&z0!uis-p}{Ce8avz-0qb^M$)em%i=`Mzt7t!MA?>nTFdU_?(~{CZZRr{y}^ zo_9VPx1W2^v*>zT&mH5_lS|*se2?py8wSG+C*+-|9(h;PT4F19Z2<+B^?Y(Ea&5@z z_Sr8gXFc1m*Xc&@-%@@fdMaw|@+U_1j9PvVatSxu<$wH#arsf#|9zf!K##8fgHb)B zmS2k8{G06ZFOAA=e*Mvt%6AWR`E#OrMlHVwIr(0K_WyQKxy>rS0RLxplRsA4dcImS zEz={z;&k-wgrA&tMf7>rVXqx!Ub7IrJ?I_$-C+1YeVt1D$LjUI3$(&_e#pB(1^)A$ z{5;Ajzy-Z842G}gJh+>)pUu+uBO;&0HBWQgl(plNDywSb)k}kVKdRtHtNu&PMS7x? z38@i!1@r}?U-}>Qh|H%hvZhn|eXZ5-wZT^@d~Zhhcn8{gH&DL;DD5`@U)jri2TS7M znK=G-@16X(fAx!%^v42JWOUl=T{rND6`#@kbb4fX;B8VVzY>;w__L(^bK{iniXXGv zzx*=&ozG4w|CPb;u~P3j9(}I3KHnYH2dCsn`vqyTeB_Ul^KD0xzra_%0QoB9PZRmC zaIU9+4o_k)bI20_l%I=CHS#UU*Xs6&%HuzI8%Pha0Xk#`IZkUPvE_?gJ92fa_})yU zKYRRc-ajmm0lyp~H-KFK>x1C|&V$R`etQ#rQGd%TWxAbW{3iZbh+NJ)wm%-T zETl`%w{9oGs-pJrJ zMt^rBm;aUR@6Rl`c>b1hf?Rs${KGEig|U~Dhg{oUL*ZYDj{BnJNZwn)!(iRe5iL-)%*_?zHAPWX58 z@?Y*`*Zn7*B|`b02-_cWeLg08cO1#ya`esT`yS;|{%75~J%{s$d6d%t$v5@zC*%!T zT!pZ|C6G`RMFne&)U<@MQgw{0aYK^1R4KE-qvH zFAJWo^})aeaVEZ9pd^db8}S=y*=n{n>!Rot^Wp6C;HE{`dL$#L+s7{6T{PS?87JaULHrU$KESPu{RgJHRxT$KBkw5y$7K; zHs6~oJrfg=>qJg184AB8ay$CVJ?$g63AwtZL*WvUo9vde=UwJGF1dU?F6DksdtEye zzDeZ%&LWG$&WPNl9yy7(a^&XUG!(vr^WevpoMT)%!WnSFUl0GPyX<&=!NDIVo>z(82E$&qe6p1b;%qQ23kx_AG-xHlDrD!yg;xF$n$qdeK_iuW2ZJf#^GZO!`iY zr%&Rn9({G}b9eJ3^v&_r#|33I6e0ORUNvdI!*3_8j{!i{9PFruY6)^ol== zzF>WWee1q4(Yvj$Uhn;gc#l(-iN1RDt@+)|O_k8W!IQ}dvKwqEOcLMu# z$awysN1y9D$$ZFhp`v#kAO-3};xhM3rM^SYHJk@;u=GU6akd>V)N!n(ta-;m_>VcU zKYX3=UlhY%}ZOKQ*~taQj2Y3HXdS zaym|+7mh$*2wmdOuUwI@hQ53RdL#6v5$K)JSB*el3w>Q2y7)7gMf`me8<*+e3fvnX zx!{B7^TtyVct5z4U+T9IT+06*=T^H6?=LCkSKIVR8w;D@_29ie<+OsY@hN9Dc-IK! z^x1T0IbvUMSId8|O2O9LQorBA#h$h!6Z&EwKjeW|fZHiUq^{? zd~iSi2)%I>dgmzgwWH93*&~;qISRdC6#BwZ=+&dp8%Ll^oOIgsBxwNq5WEMx7{4;i zMi0RUzzcowq}>>Az@2(zT+9TY3I3>Pam)!T?Av5_JLZIF9ZL11mxc$ey!lk!6W-0d*1Ds<=I#3DBo*$Tc^}7m_vRU z7z&>!ShRk2<)VwcmOv%{w=};&6JzEeklBfAf9p^Wxn9moHNIbh`7{y6Z%@vS1thhB6A(~u|9Hm&YmGu z&7ZY9`3?S^WB~X0DKOD+Ey`xXQY!p|LwY^d)-UsJ*(dw!h<@Gv@U0pe3ZEne*@td_ z@YD_N?;waDTEVA*Uo3&mIOl19&pudzGT%!yM>)Zt(I5WJKG8NN|48}i;1%G`I9>>z z3tk6aAbyA~-xGhtfX^Ex2d3nkzV}{GDMuc^ddjK#ZYbO?fU_L;oVMA~y39_6*wL=T z0Z$FY)_VXv!3R&;lRyD?&JRR?CitL_{ygx0AG`!y>~ZRme6aGL+)pBYe#Ck3)|Yh* z&DP6*>~~B&0qb?ZcKGTdd@JJft%a|HcGvnYkI$DhzZ9asOqaJ!8^_(O0ohZ5gg@Zrzr?|QjN{z#I7NnKckaK4Py8nHjo@c5 z+CDuiYF7#LUg+&Y{}B2JZIlU5wdlj&zYzWxEPW(>sU}Y6|KNH2n&E4MFD!fyJM~6# zpZ!^^KRI%reV<+Y)rb6I+HHZzFSF!_$MRoA>a6!X7Q52dQy%;o!hf!1m-Q55)GXZ( z3*c*kPueVayv4^il%3{l`wR9V-r;-FfDx)S9%H*>?}Wev!(qH$L@9$?&*!R|k|Fv}0Dr*$}d=FsW7 zUuN~|X6(peU+WW*iyYF&I>8sSukudfKl>282fUX3Op^t}4~Nmy1s?!k4(`l9f+z7o z&nj?d-WEI)d@;ClT}k3754-|gk3{r^h@Y?L84tUQ>h@S@%l{A=v16&pXV~SOL)xp_ zrcV(-(~peOrTj*lzOB&hL*&}Q#a^++k~`5Q*8{ybVmEq)O~?NR`U|+uKYxGTlh1_9 z@^^Y3^JDm&ev)!?!JEMSu2;q05}O{WV?s><@DM5oN|H(f9|g@9bEJs6xBCZ>mws-eR-DcVvu|KSi$IrhEHuE4bL}jLTg3SA&baOGN?t$iw@ESHkDS-;a`0mC?ZiI&5WB0v zo4_v=%xB(vY{YJR%o8^0$L+}VBlj}_Tyaw#jTNzHEqsOSbG)PQ*@wjDCh!*aD_$g6 z)L(MlkF)s1j!tQIa0!3OcZ`R$V=?E!m!I?GjguldPmiZt*+D+WhGAcn>&+TJ5uZ?XNT@7&+8emp3uEabi0(Z2=EIjrM+qL_EQj&QzV@^?Avo4??MX>I_;q;0A4q{(zxz8WeKy@$P7$oZ1L@D``^c8_ ztS9iUaDww?8}n)Z0lq^*MdGaleRb$_<|T=Ta&Xy?dY)Yl-;1>-8!QJ4y#{(0bQzb# zerry~)dPQu-e%}(`&hl5;DgA`wdK%j%`(v|zFrG`CUUhxca76#X(VV#6hhU0Ogjks z;rFvc?97F}3c9}T(SANUI_?U+WCXg@qZ0a}>F)fc>knQA9&cQ2hTad|o4-53*MWQE zqzAm$Q;w8B0KUe9=SsayzW+eIx;PJB^o%PPMecv!@5)8_dR?p>Iq}DvA~)BPV+@no zudH=Bp8qOS1@P3vzi0>Yg7mNbqUAW&5S{ycd=RrJDEoX!{#%QlvWyMkXQkZ9=%FoS z@yj&NmO+$>da<6LCk6N(3Vgp8zKu_7K1bfDSZeQYX7U&(aiB?-e1*;jMab9vh`b^8 zzVDQG%vasd?U`Tr_mRkBdwSe&L~rent$p5uw?_5qF{{i@!xa&K>-v=GdiNkVe@DKn zAoaPxDQ5`*>p1Q?n22EC_K6ZOR^02p9J#Nt33@+ti3#zY{3GXSv*}OZ-xt6>1kVCj z#Elb|b|?T(0526@^bF5m%%dX%5ua{Qs z6f)n)-Vpvo0C&EtooC}+bLp8|tBPX9dm-z6EL!R~3z*D~KwW5qe^!1>x zB4^Cs$GG3W%jSzZtuN~k0(bW^Y|>U<`KX|gj%=8Lq}S9GYUGWOv5 zYfSCOm+42)C*yWK`cy90`%(aLL_Cli?fX(Ck=rdow8~!%e-8Xxsy^w5u^x!NEftUD z=*!=0%h;#eAAMcudqNx#ZNIU#zsPSwzIbo0U%l<+j=#6##a~_#^_e-U{D<-6mmr_B z&-mn}f43u_vF`@`UiWbQqw(v#5B5NuXQ+zBed3R#!|`X{`1~pM6d_;y^DP%I^)40UxIuu@}uM*-~6HbKk{9NZV1aT;nP1n<5ystIQ=6ZX{-Mqg}$Qk)kpV# zo=_|fr?e8=4J`9sJ5T=GxJ_~f&s{>XPAf27pkJHI*DJ--qDX83!@$S?8O1HYQb zICu|Cl+_d|K+8Rf4{w$6w!awK;r{ucPl#y0-#zz;X>aK5l z>iMMDS1S4zZU{d&HhuBlQH{<|o6*;B>iGJf*wcr6#%WtFKJw<%KhgKi*!=(8X#KMW zePw5E2>($U#5o>V&ue+|mHC*z`}0Lww`ULf)LC0*zM6&3tYgW)=o@SPDuq9_e9QT} z8GQ}tll`21{Ns(!siVc`CiHcjz2)pHI*$H*&W7-+vDsHSl6{g7>(SSB?)c(e`oMlBr^2zm#2qm4TM2UOkQ+-s5&mlUr(H01{#N)4$H*^!SquMS_+@Wg zpMK-XD}g|qxXedd=at+OcwV4#%Z!WC?$zi^xNt+bUJ7vLJ@-6#xqBWg%$7Z!$S*?v zN>}|N?PRY5Ryx|rT18~j3+LSq?p@mY(oW=l^hF!O&$#r(oi|pG=C6h5n|85vUun30 z9{Zeos95&#%CpNrU0=Bm(Tcu0^sUi|^*@Q%)!=29Y|#7o#4YDKw^H$c@FetIy&-&y zsIuna(R)#j=gNy6{*T^?7x@C@2a&&TWceCD`A%f2kzcfIL%2z9{CUckq#k{oK5)d8 zn44h-rxY*t15X_@cwP)AH_qn8fE45lN~NthEGi@4-o|=%Du6SNBhOpA*Q?4W`w!q{ zqHhVmdh~VthP=Qq?xWAsZ`owqXFA3fKYV7)kAnCdKO6~)lf0CEGWqXeSNY_Z#o{ynP(AqVvak^kqD_cA*`gRe3 z_E~D4qVK)Y-SmCgq*L%W^i@LlUXSuNr-l-!uX(KF4_=k92qLBZR)U_wM>m9T6~L=! zd4%2aoA|jJ{X)g=#%D;9DXj3Ji%+gQ^7BaF!Qh2 z(Fnd6yg_iw4!`*sce*tkwM+V^$gf3y4f3)-$FO{4{%K#wTpiQjgkYTP zmBd;ecnA0*F+MhKJbP@M;6FT9@T8^hyrsfyj6;YsZK()+)=&Sh7l|TIY?Fzqk z68U=Mdy#Jz1EYTO^jq!@`ORxYz6bf@u=l#oBVQF?KK*R^x4Ch&>+)p|`(4lHlp>!I z*f=ixWgMwTz83i_<%NaOWp|);|I# z8*U5%v4KOz+pKeG&yGd_9oU)Fi7 z2P3cZc5Hik{Wr^Z*pr8sMHjy%=*#&2#_;6=c>Pxq>%V6BE8ri`xF_ZHA>Tj7@`OMA zd{gEBU~KIx{6+A0z+c6AOnp4-CDNWt;7{Fdqi5aC)1D*b=XT^PkRQ*yPVC);d>8U# z@xSnAT|j%KkDb31{tEanL)Py9cK_i08moQvc#$Ex`PIPRF-HC3zjpXjfA}BNA9*!> zZ1s`yvML!*;dif-j=jCgk#9l1e#E>SxXScNU^2ySMm}}MM%Q(N_^lH>0sLCdW8&^o zcRvz61Mn~M(UbH`@&owa?dwSW4nw}Y!w~q4t4Q7BN$>emjOfXOKVz3zdrH8kfp2Ti z@3bDhw_jjlU|0{MucfCN{)Am)_0)qa@H?G)^!_1%>l}J?J`sCX!(WjTt7k3vBJk&> zKyRLTEY?417czc&^rR!21>UvKM!hes#Pem5)kDrDK8m1c>^uH=tU=6ma3{j)=$7=X{(Q|+Ro_4N`xKC&t5-*$J@AoM;Z87)nz~2%^cex$ja&uuRfPeY^ zn_urG$kig}Tn8vZ-%4Ab>|;Oryvh8_Nb^x?x3%aiJYZw^1kUYtJRE|jgI9q&?UVS*1z!xVpPRJ&%sj@E2fuTNmvwi|(p!oA{Cu}wY3~~FV(_Bj z{A0&Y-~dPd$$(Y2cRTzQvo>1$Ogn7QlB6bJw-& z+!eB?#-g_X`Q-<>^-6t8!K=WlIQPb*>6s7c`orG^|C4_FjgbJxCD5hZcKFK*HpZ;G zc7x9cceYyr{C(iX;JxzVWVGF^>jL+Ewh1Ah>+Wd2&b^fWaj09r*i!^vTja*YzYD>a zgTL#|M{+$9$w%!m`6vfbUC&13XB-);w;enKT)%JOsgGk3;d``P%msniy9xQ!;#j?D zOBj#9%SMWa!{Wz73Gy?Ja_g1$EeFp4e^n}G*(>pFeQW5M*!Hc5zr#mQD|j1t>acxL zJpqHBqIFvrVp7kw@YnsqZI86eCh%JD-Tm~WIQ7IXaEji%%aEVz)>{N#0=^vFv5xO| zox>e@XS0wY%ro2&@ge#e(N|cqQSawFdOi%yjdR_Rk1Bl~Ie@-J$6&WB9<6@hh?`&e z#f`LM?yp$CI(BURTE{>9%i+IQ4Dh!57}k*+ksn0fyN=ur-Vg5V=VD(s__T!^!>8Nj z4UfZe8DcwVSh{=b}j0l!m^*qshu3_hOg3z08HzGa;9QjdD%Q%@cH{CqY1W$=&3 zUMVk$O~yMmqr5!$Q%@UTdE%cX$XEOa^6kiX{Ri@!kk2`NWAwdn*ZXB`6CX_@vE5(C zP2LrZZ^(P&rUZO3_|4QYCf=Rb^>OsBM1GBr-e&MF@TGowt^FGGdP%(dF@4BqEQ;+% z!7J%6;Lds!QARp=D)=kI<@x2YU&kb^BixAGDV2O#j=ow?ITCl(;LE{x^vlC(&OB`O z*H+;_!)>p`(`xW4@K!%PH#+siI$rEcT1rAZD^_nN_~4lv!%zF^y?J!K3z1)3?$#^y zUIJbL-pzSToV?p9Vfw{|yNLIc`1Tzocr~8+`BKdeYvrtaa1K zJmtsn$NeIaKi92S>bVd+0sNie@n(3u?l4^ym3pp(zv(=;9L%!^Mw_dR?coq2{yl%MO!}eX{Y+tJ#a^YWfL9Cu4@DA{*Vf&(byz^b1 z|KLxp+!*c~_KQ#d3VguKP~*{rM3ux(?NZ)_v37KWw}I>D<49t&hQFb=Dl+~>R<=b? z@M`7*7rFHao(^6H?!8}}3qIe&FZC$`F9u)1c}zUBCDv&9v!+YzGS1`UlDPA2%ZZ* z2=2_6qQ3~dAG}>Sz4M$$V(nZ4f7PXKJ(-BE1YZn(i0Hwp0*o{-w70a#I8>iVdF}8u zz_*o8+?tzW%j=W!mbl9kJ;CLa2Oinqc-SxIJs!7c|K`F!=%c3yydV52vD;h!ha>g~ z(VB-Yfxqgq@!jWfq01Fd)1AAxiI;-mon zx~kYXDFtrIHH~8SeYsqKePCF$o(!o2xC)x2e><5W1S9j6+i{Nj#(yb>KJqy9>z>nkH z+fGX&VL?xfj>@o!z4cN)a^87=D|nly9Pz7`KZk6_xjSBlw7!pPwX5UEbtPvd@9c<$c*2=>qY*KSiP;_Gr+%=3RrO#qn9ts#=Q<0Kz@x!ulP6V zM&bk9xxba*nc%{&_tld!IRwuG@Acr)-X-Acz-Ppan}O{NPlJn|YT>Vsz5h@z`oX>N z)C#@^d@T2^r5)D7KjY5v&9kIFnKuz1$m@M|y#1OhifH=I3@Rh@QV%tB?^Fda$Ahx^&L zKauEYIN?uP$^7Y_VLKdo>c&Xe>dL??e$0bE<6d`tioi?2r-A>2^SJeSDW*PgpRaF3 z-zrZzQhqyl2e`A|;?HiI|L);@784(`dzfE>$VEQw7TV+f;W%~pVQ$0^G_<)a@(0?* zo+9LWk#qJ}!54zB0e9Ld_!97zCO5yd!%FZbaQz${Bqu~`jo$wEO^pt=HdEv2Z z%~1Gro*xVzf12N1i2VR}a!p=peJ4W)!-hf*(OZh%I`-{(dn@#A8%J-K;nJI(=s$bt zlGx-By{+g~*K7!X%e*ZZKGo0On7za)`eoYDhU)F+Id&!xL3xUU@|epLy^guD z``PD%eV-}iNoHxUh3L!S`Qv30UoZITBfi{m@O2!89ga9?NAGf;oBV){UxO>grgxri z+|HtS4CT=EKgLk`JWul=Snx1ky`DL5Al^Ib`JL!oh(38f;Ky8`1}8i9&63>0y_`LMPa~7{vPuEJ|5O99{0z7@k-}yG8pYiw#WXllMOm zzZ|o`FD|@(c{tv)s*-<~pl=;{`OlmOcSN5jhq04+bmTF4q9pnU{OSBw-p+X2Xy4}` zMtRPLO`5F^D)d(9P0%CzUbE{xJBUKy5PCQCRnTV$fEc?VTf#Pd0Qwr}I;BC0Du*t8 zE$t5G7tqrrb}()@{|Ay7HId*p3nV#&zW{#8@7vh?wCV6XU@Ii73Tl3d!%Fy9J+M)K z@51&?%=l#9?r1{m>16X@Hx$*^iN3`TZW(=PXickU{PT<_f@gtecyRG|`EiDt2428< z@UWA$&#j&Et@fyaUI<;@2Mx}F&VnXyBhV-r)^p9!S3$ojLf8J1ycFq2_B%Q!x*b55 zvBp2_n)Vy_I4XAafTx1%?>5kCk#AZ+(s8m0x`Muk0MM73L=yi-=;p8%J?bbVGrZ+pnrt5FMY z2Ji6TWF6HBz6xAlZ|LY0-$iq}r|+5@{6=EldM@z85!Mz++-BXyeDY!Y`MlA~`J+NdG|4YzU+&t`urRGV|ekFdYhh7F<&aL+0aXWfCZq$Bix9O3-C~VR$-Qe?)bK=rZ z`|R>^g>jCvU!M}`)d#=)wh*oHx8MZEOZrtQe+OS+Hwzsj)~@6gb|jQQD~C_wyF>Wy zgD+nEUKJC+1#TpASH`MGJrmeo{OzoV*xm}h2E0Y`jkd|WLYuQ#|DR3GC5lb!V>TxC z!X`fKL$3Idjn?<>9CeZGDt=39Al@I1?MIp5)4=2HOI~2pWw|YKWO7mp-rr*9X;&U) zF_!Wri%NZ};TwE>WB7a#wtN@OpXWrfCkU;isR;*J^X+!g{{-uDB8NWtN9xfHUihTl z?*-)0^#`v7KTH5!e?CNLJ6GsQ_mB^svFGW~Ax6g)(VGRm7`o0UqJu-~SpZ%LF7r9D ze|WrzersNrUk+axe7g#tF8}mM@tR%(y&|GV)6aF$o1xc2_iG1c`7;;I^?et`AbKTFN>8IyYo)wdVzTVtH>V~m8U3irS-U4oy%^^pOwh9JhoB4S04PS zTTXw2*!VxvFd5?4mGF1Kzg+m2I{Am=;TJysS&iH@`t6Y-cf7a0XS(Vrc5Q-x zeuRJTk@>|R!TT96S~toSr}pIyCf>L{fWNN`GK$uO3R7~fo=})FbLqsxQ}WN(!y2B_ zW2{|6op*}RQ-vPg0YsO5gu}+R>J~1#ZVAk|Kd4>`9NQjLcLZ06FQFw#r^*Z+rgqNP ze^1^ubUPn5*zI9M-Cz`1JSV8xO3et>7zx`>U8>ZjN3bKu>qZ~#@l>7M_a697X$wA>sy3v}>zk^&x0$-_1mdCwi7*Hr!Q#ULB0FKc`xsv9^QWLM?0wRwqFDO`;6%~{zz@i zz?pyl(Sj#3)rUWx_j;y!e8;)HnW{Ro8I>(RS@6#ps&1!w*Y2#o*=g=QJF8b_@Vtw9 zeU}9_yQ;^3I`6(+)rzdS&+V!{&1wO^ezyhh?yml|+q`wVtFD~6OmgqrT`m9zf41Pa zd#c_&=DoM4dMC(@nOnD?YTx%>^n98({kEU0 zr9YPjyJ!CeYxC7L2h7`;uRcFu?oG4Q)A_=)=D_JUAEf?$AOp?64qEW+Z1riuysp`* z?cljz%~mUB3(F&g)7KTM_X=O*oOa$`Nu8R_JB`l*>h%B3MU~DwM!+u=_E1r*0>X>BG>cR*wWu{NsC#q9yNdL*1@&Df4_{sK@ zJ}`}}yUj06<4to8VHXI!7*Mwc_EzfcKtNTIe*6xYD~5Fd^{-`qw|HZV%cr}_+l4S77N<2pG#fvUFCottcF|mn{%A9TaTk^!%u-z4t z&hsTdEje1L_l!hb(PMPso91BX=@3cjWzGjCgg&0Ah9*4kXtx}`C6#!Eq4w3IhGhpA zl6xdxZ>XQ28?nP{>$X;W9IXn@QtB}yaigK0HDsNadL$_(hPx&nr}mzu|DK{Si{IP9 zRfhU3q~9tMzEt%P3r-Iu<_sjNk6;(<`-+=HJ zr}9yw%aXsRouFnBuRedLs(-Vn_wR{2|29EAkie7#o)op4QoDs-H&pJQv?D~W@XgSA zL)|<9PYBOsb&67_%xEywwZ^Z72`pKirsxm61%1|D5qpvq-S7gsl3Hx%UcXq$Omz2y zG*@3sQU@|zC!V2-2zecw+lA&v<40mOCwVxQ+ORe#Z$mT*d3nZOid!U5gJH)e#xvNJSu;@#0cBkk_3#~xc98Iiz$sj7zJ zYK-|jzO&Xi*{*BWr2Ht4F6V{N^AjS7UC#cOyc{h@{JZD&OQU~#%N)2u?QX|}lF-HK*!}U5)VUhpRvSAq z(m!bY%=WD}E_O*RcIk7*iRico9rqa9zR6{gK{#7^(h-YcV^UdYxuH(Ab9~sqhDvqp z;o622*)(Wj;&k?-CLBtIKcPX{mV3aQ6Jf1wnyd5T&?PFiEmygn$~ zLkQ}F^Q=P@f0grB%{~7bP#evE+x+5ZXAF7u#*_cEL*D5p=^sm2`#l&hyl9Y_u}R8s z`bz#DsV&8qccK3-BSgx(&mf0u9d0}Qd1fZN+i0X15IdZj3I`_Nb);`Hr_T)bF1 z)0K=n?-{IQY&7OFJu$yFIe#W}GllB5{-4a@e(~p>zc_PGoSYv@OSr<7f1EP$a(>~& z-$iA{nQMc4CR`lNLt*0wimAt`iClP{D_h+CEwuFu6Vw$G-kxCldRr#W%>M()PlePI z!HZXi)WiQ5=GT@TX=;H|3-U?AO-2@7 zx!d@aF87CYb;WP`21C7Xd_uo$nK*s@MD@W$mJ)2+QWd@NHz5esg2S(1vXn2Ab@Wc}yH7-^wOuaY; z-(Jkxc?i$=%KRdz-VFYm&a`UcLH8%96$$c$LvQLyA52j%OpyuKTU(#>QkrT`YtnZm zko~^m+UxivhUC*Fk$h!b!s#FNXs>NZIB?<_>X7~ISWgQ%^T!k=Mg7|>{ye};lK9Z} zZElq;AEV(4bn#g{kQ&s*!x-EX7 z*BtkK##B#yC!Rh4Z0v5FE4TWk`elysa`YWArwo`6m=g(-Df5~6Ht$szm4M4 z^jt3SaYG%%sPk(h#LW5*gYZLFlHz95o{8tG1CG#tPeGDJG&9s3P*0eT5to+kWOas8 zXC$&_b^+@f7M7|y;q5dNdrjtF)*8wb^({H`+hFO2ka{=7$Y=9TSGR1%ptaSrfh&^L z`zcMvQ>m&db?eosYT1-xpbw`o9N4_c3R{jyJV(uc*v`L_pIArbcc1Yk?hU*^!P?$* z)>>q}rRd6_y31tU?Hx08cTjbkcTk-6)g#a!F{WQ(!u1NEB{y6BT&bT=y3JIj13zI2 z_s=_>(zuKIY(_HY*X$g6aTj&}&P@US_$up^)w`*lU4?LUcIfNf)SKB)3gNrm=~23j zRP_X9JYmdWl={e+ud%IeG(xW$IGd_iijg8ORqLA z*K*T-R%5X4{|6(rmK9|4WX``eC2DkA(LeX!?mTrY%OCtbS?8bXWL8z%lJhNFrl{v& ze$F`TZc|-l)^i@gSw>XLjDlsRdeeA5iYKXql{z@7LLEhxK__cM`23;Zq1T7hK+swf zO4ji?oq@cJ3r$O3uKI!|_`=MmiS7?P#ra2}o!3ubOudbEte=$sLZa%Kv=RKnq|)Cf zt0$8Q8}!eym&FsWGPycqk&GUc_-H`g7GSwcJs3>9S=P#=6E2-t@Y_jh^~4*D)sxi6 z3A03N;5>(RBXD&(_u8JDO1(nP=X$Rp{BR)O}k?ettSB^lp;+ZPK6YF-r1V8u#+I+EeYo^&&Bouy5!>b-!Gl}!J&Fx$oeC4H2-hs#+#u3cjzvjwa>T&23##BC+w2F&suHTcN52$|_ zQ=bi}Wv0M)n!pd4$qWRqnp2+&s2&Y}BXHPEelkD`oyzF-ctCGuB>J8Z7sW%2xhseEUB!6O3m$I z-;T;P8&hxQazy0bF_J$s)nAOMADQY3Q{Y=guF*`!fDUsirT#uD_rG1x`+?@;eQ$6gz1o-26LpDl0+nN9}yvm?{@qBG+vsujN4(L+%`2Z3>J_n0T7v z=2y(AADimqsN7w~RPJH6irkAv@;fGXGp4>_s&6#BT;ynsRXlfYPGwc_)uv%yHa!pAQI8usyvEjRTilYbLnluvwEx=`YS0YXmNqq zow6J@%T4Dt4$aT2JAX71c~S2#4mx9g(G*_pfPRZiG3CXjzZnPF@~KJ|HLfw{eJZzr z(slh4ijvM!^MArQxsG+;a~-Kp>`hTSD7C}3EF$c+0%0xlL)KaPd49lNc9J06~xlJbHWj7ckYFuW3s;2KY74ZOAWd6Oj)}dnftNuZItYAonc(S(qyv{ zYBSX128)Qll|^2ogEZ;P#^L&1jUSm>v5tdzw$=F_r9~(yg-o1u#kqk+9nxT75b-x*U z!ZaRo7o%nVgK|EXa@J9fEYnZ|6HzAX&zZ&(Td17z*!KTq#uq!A@3&ofpn*6(o2yQv z;#3*>Lm$byeCW>x5$+0Tt6wFl>1@sV!!y)@vW{54Cl{15|G3ZKE8oUHjlf?_<6nkc z!Zrj#_Xku{AoNtgcqHJ~M4z^M&iDvtVcStw6JBJZ)q>Dm|>s)dO{3_LRSm zu`A1p+^8@Dzc-C5%|MrFyl4iP3w4?#v+Dw(n;7K-p?d?y?QSE)_MPmD@W6YfakZAc zMzZ0*&Crzrb(P2(*Se*|R`D6GIyG>UVJzZ`h70G{4E2T)`p_`miS?Q0U%=w%B<>BC zGrf4l2)$u28Nt)Wd%pZXV!TuQruQ4hCz4+8GDBR7KVXKQG>wPd9n;E7+{|EX4ZLU= z&lp^Q_ZcBBg$9h!6{a!dF2dq(g1^Z~c+N0dg#Qa^aP?Osw81dG@$&D?V#SF($Pl>L zIGI%5XoOf|ZZ<;C8ph*ZUh&PzELuz<=be8VHv^5(C-RU)=&y$Hg_~LDVc|c6g@BX? zNkLrczGH;C4Thi4TEpo1&-t03yT$>zmo%B>^%~_x z6@@_(g`wo4m`FkxBq8-(`|Q_BXSwrs-#&kSkKgxe9*9vb#`w`S8O_}p;*G>^4GpBvur_~>e7 zt;hF?$NIp%$zSINowNU~KJG6+e=gVh*u0)5D|+Wy*1xFVqN9?gcz$I0wpiB2-yfU1 z`}9lHv3f4gp67-iopS@7A-2&$riZ3|G(_`+*Y}*)S|~c$-_8yF)Uh;A%yn*fL?5Ib z9@R%!{&NHS-{ah{&O;Y|`V8@k$GgU3y{3o2r+9sIfqbvm_lVb;=?=nmZg|~ejq-R` z>N5mgU~l*Mex>VqukSXmb(4E5(+}+DOq%fCVOf{Zx#0z8)b3S_MlP*4exI{Hb#7Qn z8C+@|xYeR89HVbveGhu*=G?c)L%o`-YchTPLegJo6~1O!OD#It{-Aq#^{eH(MV~P1 z(0_#VAF*tD>NsDY8#e3Co9^;_ztT)NcNO$l#Q&eq4F}lAt2QCM-}bV~j%hK#>PMaY z6~1AvdypBYTE`ygo8hrewNoDJ?24HlYl2luSK@bD``+)NGk!xV|77{@_E_ER3~ zoQk;~D`AyV2Q%H;caFz;->RT;oSuw$teZTi(ll_7?_)jKL;L7ckMBE=^+nzL=qTSk z+9vJbb1G&zHtB+vY*HJ@SdFQ?!}3wfxKZ1D+vEFC-&>Q-4Ibau9(qvY>a6%U3hQgK z-X+u=&u@_SSko*&wbI$v{?F+ICOUUz)KTJ4xql? z>s#qnFL-GPi6%`GT`hy&HG{5WL%wkyYta6;)2)xy@;l4gOwYK~&(1BtE{o=Y&~5$G z9(o2xbzkc7y{hk%exJ{d)`6$$IgCRNq=}%@EE<=2&hpXI$(QuFRz_dUTknW-06lwh z=J=N1uV2OR-KS@2wWa)Ou5TO4iHx>&O-eeH4+*G9D5$^!S!}thqW)x?`om@sT>t@m}9uUh9s0aZb_sd|2m`jzl_-(cL!X zla9GJta2)UZ}}$a-k0*Z(&MA?;Ec}a`yStCx~2ZUy*T;ITlZB~gFjpM|95R3rLQ$k z)7Kj3=xYt?cj??keI)h9YprrB|KeP0#C0E8-)oJdd~{cOnoT?S92(x$HXn0rQX5!h zHKOv5mXBJ-4vTEQ?(w}x&$jh`U+3{r54EB0{T`;-2-NS=#liUvmN@uzU=j_@mjBW^~!g>zPk&obzT~F{>AH~c}wvE>iTXg&~##fJ8Ja1 zw^6^_Vxq@dVYS?5SzC0!yVLUBr27-uy%K|dh)!JJ;A4o)#!o_^zeVFuW(VZT2^S!FIKM=o%B?(nry#BCP}ZA zGpDh^-8Rj*IOtxRnrY`5w#s_XqVn{jj?-+KIiP10{NJwITAiZQDGjz4sb{PMcNWp3 zqs}{u=q|ZGmESFR$MbWMn&%{fa`q>5bB3Fs(5?Z^)^F`7=)4bE4sp>@<^|~&bry##IYZA9s``S z-9tKO{!C9gJw7Ub@9|N2yQe91XcTPM4t3^ zL_4GTS~Rl#jHksrUg|0J`&lLz&1nolk0bQ^qDZ9+O6Z{Z*jGqXFK;YrM2FGjq9MDt zUqst4^0auHUR~W|`+RmAkZxW2E!2FPS2MrBN8fl$7X)skW1`@I?~2q-z9!TMO!p-z z8oiG?)7==2NqGvhCG;xufghKsjfF)YmZoLB@BG=!O-S0hxx0R~2x9x;do$Fgm)hOG0XQ_I; zxSYth#f5j2s=G>BQu*24xqgrAzvtxob0^n7Ik|q!*SPLnf2VUjfolGk*GJ{~$o1ap z8l|qOdf!&JTd&ZJs&{N3mEX4;qwVdjVoJrTXwu18x|VWAeyIG8N35q=IAbmSC&B1S zmCA4Lv3@Ykjjp2k%A>8DX#F^kkIJ|2v7Rn$uB&?4uO?cLmC@yx-$&(_{lD3#qhLtY zeI+ziY(gc zU-69h{kC4emr-?(k3P>Zj`r9zpO4D-VEv4ft?&{4aYayr(?c zPEGP1zo;F($L@WqoqD;%OXa7_y~IaX?DJqdwWK1jq@CJYG17XvoqDu^mloDEnrJ=V zPTkqW`%pWzY_ETk?%I8xw{9Y}eV2HjXs2E};4u%uSqILy9%-i%t&4tbYkl6fWPUsK zecO`R?bQ1A1)sOKHnev~<{WQgo?TDth_3#%1=Mh=HWkn_j0x7p0`;w@bX5U8sJ34# zP|ta5h|Df1c%#62xxhzCV|+!Eeb#M0VSJa#--{WgbnGM_!D1< z%F7B1?kTdqE%edaZG~l&@sUM7`V`^&MZV99tdD+|M|w^Dc56hhPutRg()AXqTS3<; z?P%g_)wFi>*RQ=)o?hOF`0Db?oo&_6Qd9TN0=>f9oLl0KeZ{AQv*X7?>r4y*ZdXAk`q$c`?t<&$o`-tx>^o^qTaEkO~7PC#4 z5zV(0Q)6%SSuqVCpZ8n|UE2M9VX^wj=XS*3G|)Dq9Jj})m{zU#g(Qi&oT@ySKLyNlG_#-r}%ud!)H&<~bP&y0Vys6Qdr z<}T~t=`{V>ve)?3N^d)QY4U*r`#zuARZvC;=&imon!7aBcQMEOwdY<>)us53ADY{@)~M|*ba{D8`^T>8)dO{T>OuA=UDe&K zba`_t`^~QE%htO5bQ^m~SM^F;U7p;|ez2>W*UG|?hUkGt%T%W3kKe`t*TIOR``|$tTh$GU3cP6yR=(2x=7U=YeSP4mQg z{3FY)Tj&KLTBt4b$IGox3ma4U*FyhJzjaHIEzx7?2z0hy{TvoZjZ;kicPx`G%{>qf!n&Y=0BTfCK8}(SZZ%euQrrh^gg|)Su zF2;!QZ`X_&UTeH}ja7PUSGCR4B+=FS*lX{swq7sL<;6bx+iL5HLS3FwWPej_-E8af zceediwY9!jmsgZfUu4ZM)#ZE3?9Z#MaeiIi>bF0uwmvG?<<~0gPpau%Z+t8)x_RVZB1{g%VVnS_0`t5Rl2-xFZ;b}>y^EA z`N@6kcdD&>n(6Y`eeKoN*7y7B@`wA`Z&q8c?yt)Wg7(U4>(K*rd0KPoC#_K}bouKR z_FL7~do6W&*@5=!)z;$&>GIvJ>{qL;n_BB~uC@Jgwe>+8U0&YSexcfWzMU>V+}?hr z+M0Z@F2_4ie`|f&L6_GaVn1JPy%5snc^&N~)z<7obve<=ezw~BrIRji>TEwdVzw-*?s5_j~Le=NM>_poUnWKg>gq-YtC>x6WfP)%S85 zFZGVm8_=<0A7x*ojyL0r_Ti1LQh%pmO3hpPdZ{+Ltmh(k@SP{dC0jV(kg>nF)TQ(w z>rTs0^O%$L7NuHiY51X~k4CanrmB>x@^?`Ows4kPIAe?UT^@CVehz0f8l^``X^zZK zRtdpT9X>XZ73Qdt}FX52WWl^z7g_NcJ0d_iwP&sSTf{_s1=p-h#Tty3}dzj&Hi_ z+2cKzvQsMmr7pAwsXFHP$<>&MXgF&>-dE!^&* zLunlC1pP%dtpB&Zg|BAxz|whW`4&9}_2|9$inoNyZ|RRmIk8|py=C%(=N~lu;kBvw zqF$}n)9i8oN{?D%HKd6$TP%C4o*JoZO6wXtXI0YlmW*ZB(zgelJ?QZNB))&AYai-6 zT6HyX?mN|M)4cU>z5dMwYNxj$-F!S=U@t0Aiwfw3YvQqwu}@V!jXu3wbb>k>+uq}` z>1~;%&dWBhdK%KK{+~TIO;a7|{cYQx_Sx!GY`eQH@7b>ZOu69z)%AEMCw9yK{&EB7 zUD5{hLefAxreY^>9?I0oN}X(dZV}5(sJq^O4D@N z=Y7-rT)FzZsKw%P^{PG1qJ@bi_A}*be#u9A&BXFE+2(vt;qA6s?A3!$?-zM*w$=I~ z3RkzMhR$~YE9v^{SpQ5*o$^Sz;rlt?Nvx!9qMx7My1wc%db&n82^IAE_2=|J$Jw^h zY)j|%WBvbBr`)7B)i(E2$I|zt{4^){6hBS9?R%X5sE_@1IXyhty{-T3%CYnvD|?6< zqI)4{yZYv~%>?hz59n3Pg3@J$>i&YZ%L~=ZKL64}^|r5JQon*}-&&|{E!=&7Li$6p zg=%C$>8ph*SrA%TNIS&;LZN!s*Kl^B8e3>53RU7a{caC?N;Xx}2PJ+f*;%Qc2~>Vu zsXhvH++3-aH1NM)sa7;-_*|v>xk1U?N;SH&Y-6QLR92DZ+)Bz4)n9MF#cV&iq28Xh z{3y_sK5Y0x1An$sz0siIvPu=NEP1R_-BMZhMWvcjSw)(UVSD=K0F9PB;I-HK)WcqS z$7pwc=)*(waT|MDq58qA$KvRx=gb8!E!{>RiaAHmM{Z2>>^55E-&u4ENY4cC@HC#Y zXE#dvjjiId8sA8ByZ7C*({=c{jc=lP^}pk`*oxR=^50uo~D(?N#2& zYU}IjUQct>ET3%^(u2f+Z?FIPb$-jPwEt%9O+(9c-)(Y3%;zh!N+^citbtXwpQo$U z(mvX1PY3I6PP!$&E3Ar3_F((cJbyF4(6h***$npc7JbQt9++Y)oqw{ox9?!9h26z! z_uCrH{razQ^rkQOSZ7mXG@I<2L4GXymPR4IB0D`#{n4V?YIHu_y^ic3 zMBl(V#6H*R+I|o2*r~D#_m-@YRoG+?b_Tt4Jdi#F;JcizeSLIg@q<-DpAebkIpMYf zdcqLgNiSOKQx6R^Q*nWwxATIx2^Bx}?nN4t3Vin$Sa*p>$-14}?d{I0b3>DZf_CM* zzcFWWPuC9&q`m<9A4hT-DdRrOy(h0;SxQRM^9tv z4FGEBG((ggMgL58_PB_k`26ZBrLMB+U4ws|W!i)8?^-C;qVjP|b@7j)j!QqG)pcn~ z@21iD->Rf9WYUx@I_1u`^y59fuDod_-K@0n4^`E)iD3;D?TYr5&(OQNetOP&k~6~Y z*rC^V)nu#D0uOa}e)?j|LYlAwJNsACKJG|;4tzZ{IKIMt3p#WheWoru3Y~|8!IJWYJW;@N~d_qN#czKo>-6X9IgaRibhOseabT zUer{5(}>=4)bZ0-rKsOn=(Rua)41UxIu?v?ySe8G)spf-I(Bn!H@^OJmG}0xQTx*M zq1I{Y4XVAViHmZ{$-Zqqb=rI%?Cz`XqCVj++um4CpAgdD>dF<{o66~Z$cvp-#YJ>jA8WAatDy}};fh(4F_01Xn;a+5ZN%f0Hj z;uT(X`gHw0%df4^IG>H0>qi(z>QS*Xhf!&z?gX9rvL(K5R^tYpt%J(Dx!cvgRz;*_ z0=*m4;AYGEM>&-oV@{Tgf9HFR_SLHE-<@TlPCeZ>d(SO&ysEiU%}e{L zgXzTWEcc~vxR(r21N5j|`!=A4(&0MCi=(5zZP4i|b(PU6GvAw_(<3j_S@gIr z*Qx8wawF#(iiIy(beU+=!-tnJhs|#|HOH&E{ARnWQe8`qQOB5V?Q;82)ugkIpWZ1N zQSrXly49+nx$Spbr|DNo=>1=sX-yZLTRikdSnFGlf2#NQIic>WSIL>`OpfnDdX1)J zn7WMWM)k3qmUdIk4|bQ4(!a!C8Tcy$e`VmW4E&XWzcTPw2L8&xUm5sc%Rnj|c6=ou zrQ_C%Vh+lENEh7t_mPp2S9_Xe{9gq<^@&*@hn&03Y`NmSbNUdkM(EH)c5q8G;N$ zMj)e*G00HPY!`-%LB=6N-qW6X3AuQ&$zv8$+P9aQ^{M@6@R@#DNVdz8_0m|c z_BZ-fPn+$-kaP#_`h{RWew@)yL2gIqW6X z30Vuf>KRiH8ZvPGg3ls9HyHalNUkU6hxO7}ABY?M&8R0!*2_RI1ic#gpN9IRAvZ$? z5XV^PMIkxZ+80cmi93wn^hD$%X=G%EkEDkBT)|; zfm0s($NqI$|JaXyH%9;B&i}vtSM$8t5Apj=yU9TsN<(WnE?6)6fYHlB#<8B|ZoQeX z2N}b0QS+R!oPw-{REVQBi8le+1NCCbdReRwJ!tg9 z*ggeW3po%{`r|lcz1R;+*2`C~BcC_@7VD)%z0!Q%K%5!K2^@4LvePWPR*nTWz z3Np;g!XLLU*$&wcOV-QR4lhT&SdaJPJ>Y4aSJ-{@Ez>TOV|q9!aYTpWp+=P8|D%GRC*umQ5cz{$jw|q%@e_m0KxQFxkn|@h zom~=y@Ij$I% z(;pxo>x>LRh9M)6F-VSU@t=&#e$5?MXqWNJasAo$#r?@T#KrBHkH5I^8xem0?0#au zJK>kx1N+@B{Kkae|7v}MZ<+o{);EUpBlo`v;rG8<-@n1HtZ#6Y*}r^Vj!tu*N8)Hl zIc`tu&Hj%;#vv1sDM)U2BjLBc{TlC|0oabO8+iXrL%f`)oQO9A|G5uMobjxY3CJX5 z3Nrk$S-f*{zwD7AwGj`NwBLkls8H5Z$hI#o5x8GfP{0@g- z-oKH%-Fc3{P7X5jrLmiZ%t5Lxh9@97&%w9rKK^pTZ%p`2!A|5WV>j}(kx|GPWE?W^ zjakorkImzE;G6Dtl@NYIuoKD|d*N^4A2JFV+|1rooWCAh?nTBM)U%@Y* zPnZW*n|99EyUdTx!w&)OA^qg3pCM_xEGK^Y!=gdYk=B!*+cC&HPDlzQ16; z3S8E2Lms{jobMCaPQx`OPkg_}=NZmJ2IDMQ$lcdH7LQC^1p z-8jT*cfXJn?IwkBi|~A7Kefon;8G(KX(QFkM#f$>GW)ubp|_2UuQf9BzL9)?atrdp z`*kRmb$;}CeiHFNj%_y}Ig`Ks_9%d;FJp$6ddys9&m; zi6_~{$Z$s^L!FEab}=&0)yTxLMyeBx6K8S-uW4&Mhpk4#T zcD#L`weEVU8SZ{H&=YZNH2hs;6pJ3WD`jb37ikvWXxvi$_cX(E1;r$nWZu_lmBAsaz9 zHj?*m#adjyV17VzEc1SRZIAlvXGh#W^0+|_>dDJJu&e@{2_yT|ntVi%hp5O$VyvlO z5;6lB9)~>LYGm{_BeS;~xjP@QA1gKW%T*W|Z-`~&BZqwCkdK_m$2d{{?pW5fs8{_F zhphkH_e}lcTyK^WaeaX0$bZ-#GT1H)nS)gKn0f~wgODLe&Kt)S29H2SA!Cqn$OL2( zlG{<$yQUrSd2l=O7Dv6gJw38VK6RVncFgT30e$^0=$^mY_f7s%@SEW{kiQ%+|A*~I z-HSXy1|dU`VaNz%6q57DamB#nkO{~nWC}73nStbdU5EV1d>ss~bK&F*?Tho3MqXsT zA|IH1W$!cf%fcUDF9aSi#}DtnkKl**)7`?aJnqA=FWdQI@J!P9jlw_s&CSMfjDC3Q zpY#)4=dND_{@4%KkMnz2t!bZ}7j9bvVTa=l-*4h(I~*_D83Q|9Pqw4hn|SzsAT8{~ z9yIliLna_okQvAvq?&8=1CT*T-e2D!4&Gm@vCQp6?ynr`$?b;Yo-5+cinv4Y8-|QP z#vl`rDabTr1~LoDaTdI1_QQV~XXHb7eiiP2cJC+nQ4b++kRiwjWDGJ1nSxA1a-6|G z8RvEpXGp}EfuAg74l?kti8}-tfs8{YAd`?BXSY8YXYwPH&j{knh&WU5lZMPd<{$%) zAYRA_WE3(6$;V9}juY*T+h6M};+ScUy9^}n*EsAXAd`@3$SkCqXW|J$h9JX`9LM#D zgWEmFk>WUJAr456BLX{7$QWb-G6k7|%t5M0(HaG7{H8y5`yVI#{|(F9Ze9Lu_+h^+rwRWF;Xn0_@f+Of z_P<&9f8Y=NkIm!1>JxYUQ^J4LW3C%>0V6s8Cw$<}zlG(z^@ks>H_N2(pAr7Ujg8+J zWLAH8n0_3`FcC-e58_C`pFBTRZFJ`$C*n{|jo%QJKEbNAa-F)?7yU)We=Y{P?KSjU6^@rqsBd`>Cf~@cJW%j!ce)%~z`>loF zIQ*%7j34&%~N-^K77gujsR`)8jcv)?D-m!DU&-P_`>)PtV*ek)KhK|H|F!VX^PDom|NrznCywtI#K-flIKIW7qy4{P@{)s8 zE6g(MWrSW3>qA0spwLUgUJ8=?_4ObAcKxn>B*k`V=w~3g9$#QP_QQNf9$x&B@x%4x z`b57l^$sKcIAmJXXZV*!F9ROHdo%L=nc>1-6nbor@T$n?FljinT3qu_}{%9 z{PK3WJllodFm^et`1F$LmwjJBGK1z3#kh z)K&Ov~3wykt?Ony&!`={HhP{lica5;e>)GCQ zyglrV;APkg=G^tYLD=K^;QGu$L0{<_UYe zp6#W0d)RxDmtjwR=dSNl!XB?@dr$NBu(yPlVJ{-=Jtyq(dbal>Zx4IRcp3JR!rm*w z9RrihneFC*-g3VXbs?FD#y#Mh9QVK4ZDyS`0@JzmfDn(_9q zw?8k#UQF0)A?)p55B=@X=j(&O>*hK@URQ+0^+9Xcoc|&%VRGFd$|p!-k}eTjJ|0k$5(^rW^6C<2lf=~W!D)yDcIxd ztIH5K$H{(@!cXcC{NxaCw$}KGWQ=4#i9CMzdX(#v$>S&emOBqYv43-UwhO=Q-Yz1x z3n1?qas3)v>)tMob{_JW?;b=T`8vPqQ*%6X{uV<&3%wj_g6o&nDG_KkdkEdXl>&f=# z{%rEf_A{`r{3iZ<_5)bY_E*6^$IJHZU)=Vyu%E{Ep>pF#et#n)?0=KT{#e-0yo`7u zbC7De;Q`1rWCk)cSbzPO-W$grq$D59QN}1>*e<6X;^oAv3J$4esS2#=P!AR+uz}N{0*b1j`BQ`3{;tmBueP540rqg@`o%8$_w@_ox`y}PTY3B~ zuBX2U?B%OpXo$Oh-X?Xom)5@e)h`Tt`TXUEy8RuJ$KSMi`cuRHeLl0-y8T_6$DdtT zzxw51FJJwF|8V=eE04e7_4F5ly?p)>*SY$Mm+kfR zmw-Lqf5EB7KJUK}mbreX-WcVixZw!eP$3&CE#`o)rNe=p_nH@u$y;;@&`Uu34+-}ia^ZLX)k zDD36)7oFwyx8L4%x0gQU^~+}r_VW1)%yIjR)USR? z*vscH{;=EM!aV-w*3(}C_VW2l3V&bc@mCe7U;R>l;4l1$yMDoa>TWM%>*+57d->`Y zoagp;avp!%>*+59d+aapxUtXYzc7}$KO2$9-@pd-%Vz}k*x&EYe<^qUmgezSTTg#6 z*vscH{)F4#S9$#PsH|W860n!gU-(J4zh=$qZZC`L=`S_k*vscHy1?!4%sl>DH>_X% zVz9^latn=pZZE+_Zhxcl_?rfQA?U{;Gmyc>#!eJ62`Sr47M$DXl05!w`um~v8L!L1 z9@kI$Q_r~T_f;N$!|UlU0DJ5&hGouYT=?5>-@4n&=6d=|2!FvP?)?|SGUxNGJpTGL zu3tXGu*db2`HTpEfV1Z=kZt5#MCbY{Vbkag|V#gTqDBE&l*2`g_mq@4)@*ZZAFdGWE+rKk&ZUE(FQ>j9@wbfm#2%e1dcTa&8`fi{bB& zj)(L*<0oJJlIz{|yE%`))_d1)|D|9rufGr7{+8tNHx2$G9~u29WKKLEkAcS_Wj<3` zx4$p)__Oyh^^0yW`g}Y{e{rnOd~Ecjzt|^ke@%mRx0m7Y_ec9L4tx3X8Qmy&}@%N?M-!pmqt$@Ej%4Y=j z^5rul{B6nO&)(P6FZ_#%F9Ipw=Q#2}v;XD$C=qO*^_lrJfkGo=Y)6@8?gx6qj+_US zf*qa*6M>z?b`w{=c`!+=XZtbO=Xo$Z4^qnh&Q;=Xe^GUqSf)P&@BDbXAuUhNDMcU`HMhkL?WD4+8` z{T+n{VW(7x<+&cST!Q85B2y^EGJoczF_u}N8uUk5&3@)sV+S zo(VYs@*2o7kW(P%KrVz_4!IU`6XZ6?!glZvc@ShZ10b(~90NH8at`D|$mNi0AvZy8gDgB4{vi*7tcE-u z@=VA9kk>$tft&(42XZ0ga>%uin;^GA7IuJt$b%rOA&-YV6LJ9LHIQQ0Xgj^1}7IG8hHps#d{6iiDSq*tS z` z2<0S6&Goq^i+?1XzXhbZJ{N4Df8U^-AgQ@N*X8g}>%{4w<~IHNmi~QD|CmppatZz0 zihq3GrbXwMT7N7T9hno$p%2~bV`4camUCh`^pV(JEZ@7Y$v?*xKggVad3m&0)_+-A zU!CmQ6)FG$;PjtP}SzZj8g|ur74?*^Uj6=?a%s_633?62->j4>qoCcYO+zgrH zdCFBMI&s|fnW^6ifBW0v!PaM7H0+9@!-8EpbnXy3xO$kg)bU>(t2=}`cj$O%8?z#K zXsBa#s5*3*x_Iz~S6mXjrvKGL23>hYu;ZZ}LLEZE)&qwQjSV^ckV7sRG<4vwi#l9< z<>iMA9(;}Y@8HEvUHbRy(!c9r9c$W1N1f{L=#b!rT{|CkQNOO$oet}Kaj45hoew4B)tx(4ck0x! zrl$Wzp~D7rIc&g1{mDyg=)kM{U)WDIrk$nRC$(5A>1)S9TF~#G^e?@zyHj3C|9d9W ze@E*=NwGK6$}|n{-w6~%=|82Y5%|s~`8fTvLWTE}u&ts+S`^uA=?J~@OvheXvFDEA zTWHx+zKQ;)Lt~NgcB`ZFnO@WIBl^FT^ol6D-Al1DXK6dFE9;AmTGB#s!5z8hk7=M+ z?pI9z)8V;;{__?1^r5J~+3D?2_%)S^Z2zw${2oGu4^yeo+M_1P3a#A0IR zD^Npqpy^0beCD+QN%LR(PtHI@~OvsMJ4uV-@b)*2VYU)N-cba1AX3eeExHM&Fn*H zX((ww;3=i>|JRPVx+-`G!9#`(9W;1|E>ZnW)zvWr2KT%oHf-pz!v?5fR}2|+$rb(k z1uq_W;nivwC9LLxq3VJQjydhLW6r+d^q%J&cR}y7Bgb8EfllF`3B15b?*)UjA$9qM zgRW46)!-|sd)aM~Y^foGuIo?sF1-4Zi}ioksD8sPzx*HAO7DSx_w&-8tMPeXX09 zsub>T+`LR>JBIf}PT8ycDpw~jSA3tm=SE&tp>nu?cJqLmbl}N*BG_-Bvh(WVm1^i| zkvjAnD!w1zbEQ``qFy+*CxZRPYDJyAiOST;o2t6*7rpfH%-a1;XTGNsucAH&_up>5 zw@S6FOMf2~#!11g&!Y!>QvE&Iecb>{UbSByzJDGb%)<}(9oOAqf%=xNS=_%eTC~*f z^GO+?qs6ZR;jn81Jzk=DMDPya^6wh!vzn!T%a4vj|4yfWRvr8II^x=XO4uLc=>NW* z%qCt}z2-am`=}_cyIRw-{^?Vnjwb{ja;Q>0oxm#9*xBy(c`o>3!7m5T2z~?cy5hNo zxUN_9VRN0xd-Ma?X>_aG@7LhH1-JAWM^&m3f;R%6D|jpLHG&@wuEx9lo($ez@F;j6 z!H0m47JLkNN^mo7SE<$sK9BUBcGBiXXOHN62>p8vyhiX%uy5byj{hg{?t+&&18bFP zwBY-L&lCJm@O6S82VQo&+ixH6Zh~J1K3MR7fzJ^94)9fi&jQ~r_#*I@6WsB<1|AW7 zJ@|ORbKoh#y#;zNRH`+CHv!)+cpLC$33oi*z`F~63V2_^F9IJe_%QGpf{z7XAoz6f zRf0bTzE$uSz}w&9j(-h!Z^1tUA1e6I;4=jGI|Ig*YJuQE@O6TB0?!G4Jh(m49p~BL zLBR)u*9d+CcvSF-;L`-34W1T!F?d$+mEh`5cbp%B2L=BYJS=zt-DK!?7!|xJcwF#y z;7P%c22TrqI(Sy_OTg76cl_6b2L+!19u|BicvSF3;3>gZg7=#2_WKcdU%|fzpDTEg z^Pr$oZ5MnW@M%-r_74HyDEQyNgHzr5XMy(?{4(%_;5UFT6Z}r_TEQPAuFnh6PUgH2 z(9M8;pMb{%-=9t#T0agRbhMSa2s|nDXMm>!-vpi(c0$F*epcvT51tczIk@WVj=z!y z!*rYh!OsT|f`<_QbnuAawcv4Kr#szoYx@boQ{YL#o6&`!)=vpO7CbHZD)5Zp0YCC1 zcyI8W;M2fW7k7RN%aI?!hk^$M{}?jFt2FUMg#MAl_4Q}w z&K{1U`CqArh&$Jlce&$v7Cd&ho4>{Sf`1C05d0_bS%Ui;8o!GLKLC7{;9bD8f;;0s zl+Ue#p9g(=x;y@>z?%tv6L?7QyTH2({wR1K!CwF$EciR%altabce*(Ol;4gzm1b+{_pWt7C z4;S2W9;jEU@q#x7Um$oJ@Z>%2dL0QKzR%511s^DQf8x5|h>GLx4(JaR`m>=Q6Z)@! z4;1_}*og}}zkrVyyrPLYzLJ8s0AC?^SMXZFPXbp-cOEVP4+uU4JSh0h;32`MgZCBu zaqyVnFM*F2{9W)Ff`17-zQ*ez!qC)86fOFB+KB_QRdSdP90{ zlPz_}`84#i@XK+2KwQV!N5uIJ+wb6xvmp(MI_<4G>;%Yhb|9|f>>=VA2p$$Z2|H=O ziL)i@`wZ*DZy0<%aUEwr5$CtikB8iGHlZO}9cQ%0#CfwbKB81d;yTVgBA&~@BZALl zI{|l`&p|%{zZ~bs#C4o85$87OXAX78*^Gvab)2~)+;P?r*KrOM@x;KRg3o~+g}t;VaGba*hvaIjfrbJwZhJE;AvrJ2<*%gc5a6Lc421`cvjf?6m}L1 zJ3m3c3jG-G_cqN|g`HPnCnM~vhkhSn$KS%l6Bc%k zAg<$CC+wU8{o%sS4d78>=TX?%EbP1hzE$vdz{_U3&r_d+Hxv9<@ZN$qXlde)34S2> zT)__mUncm;;Ohjx5M0f2$2knVO7L;u-2}e}JR25p6BhIQb-TZ9uzJgy4-d^xH_)x(ofsYq_E_hP# z%Po^nTkxgOPYKTB18KqezAqy<-^Uf4<*qN^$2Ai?1HbJB=lhp#g7bY!FTwe~ps(N? zVSljLFF!ID`lYQ*entq+&#k(N`tA??1)@FhbE~-U%g?QP2|FEOXP(gK=TJ)p=jTuv z!MnrGM#0YluM(V}6BYD!@2^47ZzecDKbm!hTc4j3tq`1_`(y&7J)~=`TY1Mai?E;B<$$z<8g%g9z1-3;qM!)4kUwGKm4HK z3&DF3*M6hIet+;jf{%h7HQ(5&agIa!J6_=N^9_Fv_E&;u&NKXe@T_CMLZym&Iivu* zVVk=9J?^i@i}uX@%v{0wIdxj_eaXH)UuOglfloWz-5$Dw&lNoCE z>}(W%F9Tm8^lt#K6`Y@&Zx?p%g#Kos&*QY)1?TZt`y6+DAB3H;61o~A%|3~olf|s^4`=y)U`-ArqoX-neh2Kul?<@3A051^j{~Yj`(7ysaF8E0B zM#9cy@PyER2s|nHv*0Pg-vUny{wa7%;deWDM(CHdH~Gv89t6(`-Wgo=b?@IE;AMjM z1rG`y0}ly48ayWAp9&rp`j3D|1b-g9pWv&(hYJ1~_-Mg@0Z#~Caj?nTEWulVrv>i{ zUMu)X;5orB0JqO`=XnTtmEbpnhXkJv-b3)m!TSjQ68K=j-vu8b_?O`01>XfeL-2;q zfJ~)I3Em1kE%*`OHKINI9ej<@zX*Jz;Mag}75ojdZP#w~*L^Yk5p^K;&^s5^ds9@0_zc0n1aB?c!%py&(C2xc-GqMSp(dZ} z#Bssr_r5}(=k<*cyd~Mu{X^d?@2TKB1n2w5 zvVQJ(c-~Hx;5?6|z2H2LrJLY9f1sD(Jb$3C;QbNjV8Qiil`QCE{=Xu&o1?TzL3qC(eZKzOE;!GBE)#aPk{#U-t6$yy zVQCj!XM&%qn;-o`;6d+pTlGSScP zO$Ps6Kdc70+dq#Jt`htJC$LJTE^+Jg{OW+}o1m}76_N8w7 zJT5(4=yN+s2+rfNa|P$|&t-!1`%`NK=W)?3g7bS%YLGil9&ch{-V2^;YW%JPe-k|VtFb=obTB0 zFW_6j%V59s2pwmIQu`bI0Qf%Oor8w6emn3mILChkcn@&)dlGmrp?@xTZ^17E?#RNC^wUsI^IQNH>1TUrd^?5KHHtpOQ_NTVO=db7~hBra` z=?MK8^ta)-xCmUGX!P#~AD1UTe4jf{#KY&=Wr9y8JG%c&UFPn$9|BJc{w#P#@VCIT zf`1C06Z|J|HQ4Rff24^gAou~`Ed}TE>1I){F3|5R^m~GL7yLZ%K7wBbzC+j_4L(rl z^LsQS1n2wfX@YZm>n!ra^IlRypWlC3AvnLck`@>&QV4`H_zxdhyFt1b;a{q9=?vaK3^nynDYYnliz_S!9&KavX3_U8So(Z ze&CII8aoBxoxy|P0q_&SSM_r1N5R8=4X-LT8(ae(?Qi&I*clHV8DRJ-@CU$~U1B)b zYcY5Td^iGq13Yz^(VvU+@<#CJ6^6Hl{hz@T;0kdD!pP^fMxT=F{0;(-k1%{GcsKCy zzYHI4)YWO=X>iWlK=9xVM&I_D4gLil8fkc~!DX-()ylo;klXcow`F z_*!r^#^`e%wt$DgW6<{;WAcy`yb3&ci?LG${SM$^a5C%sx`W5TgO=gvfG2Nt#}fn3 zg13jAG2nsmMn4NXGr)7V8P55C5_dMAc=}Gm&C#dShv3mkh7X3{t>77OzK$(9 z*5oHO+35Fyeh@q`#qbpTR)eRf8a@!b7x?JA4d-@#5!(mn<8e6n0>N)*`{2CaXMu-K zG4|Ud&L!Yc@F4ix;ObnX-vj(}@C@1&$D`TaCHjp+z-!Pyu$>cFAIAl^ zs|&!}!#?NdTJW(am^j%^0(?9;>puiON$?lJ%g`UPoe#i+e>e6=AP-x?li++@`@16# zry70c2Z2YBPi~(_gJ;2=(;WHe10J~9U9YRy4tNdXxdl8q!RT{+XEMLb9nVtm6nGeR z-T}`XXY{!}e*+#m-ta24+v4L)eRIes*S7`uSaCi&lJ&t^|19tj+DR1luL4h;X#9pe zCeT~K(>U*xA^zFmRoE|_hv&iLXy=@__t*}2OW64yd}+k^Wjp@kO?_8jf3e?I;ECaG z{bRtB;9TEx!KaD+H4MBL_6yse06rL;<9P@?2hR0+3B0v99@m4%#Qxe2o&;w*4e0@y za~~>>iw@v9R#O-(C$KK|ZTs=XUToxDEa=cr7^Z z_vPRP;yC&kJRq*qc7g|yfA0VH?rG{91CPURHFyp@2!0xP3dd1r@GDp!JPdvd_(tqs z8+;DygLD30Wc%3fT;C7D1L!|F{-43ygR_18Ia1v|JA-q(Iuu;t{KD<(@8FHlPFVj^ z@D;e;U_J&sDvrkoz~kWDZ$Ae4W+shEA|6~(?2zg*T2ZQ$j=k{|lxWay6{j0#U;=W)qcv#f;8SuF12R4BBL;g8G z#eX+(=3t+BNAQG*=N#~);G@9<@Y@Y}mpY5at=l6+L3C{EVY6agXQn%j$PQ$BI z8-+f<2eDP~gUF5^hir6(Q^4L*il6Va7M$lP^%k7x^9&UHFxVd<_{rd_1UJ)!==%Uy zy5r$_LA?bZ20P;g9|yin@O!{_2+s41I>+38pMd^g!CwZSB{+X4ZJprnLBG*eZu?(> z_Y&N4CKAwh6b0w+tt}P2G4!_z-iEk7?}VN)?YTAfa1Zb(coO^)*lB;YJI?FDdk8)O zyr1AR!Q+B20#6FQ5f!^b8b)!>L?*H3?X9VZ>)V2!0 ze~12Np??*4PH=vnu7@DspWUh9tYT=33u*)dkfCb*P?>+d)z|>pNjk}75owKErLG}9=y&S&uZ}Af`0}+ zR&ajaw^VR`e>^8RKL>1iz1#0Eu-`}Uir%Ijju*TIcv|qT;9CVh3B2_Px8DoE`wBh; zJR$ha;Az39gJ%SP9Nhk=+b=)gtP=bs=!XS=7d#^Pm*C?C-vz!*@P^I=C;FbA;H|)0 z{>vTb5#YTAKLvcW;QW1n1%mUuzO3LE!%pA^x8G~Q!-Dg724aHW3jGm+-v>TTaDIWvE8vp^{{Vcm;5=Wk+l_8J-#|YhIDaR0qu@Nhv1X*(4!_SbUT}U7IxD!B z?iciVu=6Ol9saKDSi$+bvg-ur@5*)??Y1*2WbBU?oab9E7JMr7GlKJb*_#FD@5gQx zoab8xZgR)-2<-P0yeaaqSnzh>WnS+KQp`u zINyIQ7It`^Nk(w4*G9p4-kSZOyFKvVaR>^|^VwTHwG^j9XHbDZl}rLF~!Z!^3H#^oLW&-`e3CAf8tu@ixQ zbJUBEueldXG}P zZ~ip&75)xjBcra?=du4a^rO)43;q46p#7%7&3gh$jRH@!qz7d5TZwp@o@eyKXBqw^ z?92vN7aINw^p7|n^}5dRccK3}c(|3D_rJjCXIs1Nd!n$@-f)g*GI;V3w|=V&jeay_ zIM3@_0-n|nDCx)i#EW3Rli@$(xL(h^+HF5Z9kR|_>{z#*UEs;Txp|_W(N7#_cvIx3 zV}HZrCmYW7S_K|C#cY`kkL<^XLujPzY9EfzT5t^OO1XoYB=xrwwJ;0C5D^l7D_z_9=y!0 z-)peZS24pkAfEN$!K)4DIIp_g=%_{oAfK`ti1gw}Jh( zLkv%~Go16V7(9UEh5hy%YV^|`-1gUlCpsF=?c~~Fu;0~iZl9IcAfCev?}z7!4}s^p z8P0h-`dZjI(r}LdE%5A7hO^(xha3Gs*v+kf7#=>x%_o9qx*N`ZTVDsi$GiD5@Yo4% zI~QMX^piadKN0Nm=>K1+d(?ms@&;d?Ay3BTd9f|Axr6w8uxs`@L0v@^3@R`s*^;X2w!tnLreEr;8 zTyMMt{bbze&w&2kFo%%qL}N2pix zgyD&0Zu=|1Lod7e6?Y(>iH1)$Zq=9Ik(Ugg1U_}5(a(W%{72pit|unZkNL;o5y8ij zK^=eMdAEKC3PAG^>cw`}fTvz`>t8p;=trJ0{5s@82jJxAX~W}AR7yRX99TY4P)mB z^c#W|$2mQ<|;K|j7bNjhEY4n40jQu#`-1~mSxxwfUY-CnU z0#AKt^x00Q2aJAvwA;=)@Z7t`&H;%3T6@g*fkU^Z!HF zxyMg6egFTwyQ#!`lJ3#yo}wwYt~#Z3Q5p(e#2_guA>rXsmiQ$m#d*4nSv`aPPX@BHDd=lk`3?X}lld!K#IoH=v0BvyUA8HM~a^7MJ& zn@1giuxQht86(XR;SX^Q>2L%6H+ z6AIg1M4kxL=T`cJ)2O#@^tnzpJUWhv^T8(`hhH2dkKY4cn#b!&uQ1Q|gV!k!eT`QU zPd?CYU*YN>-GcGGk?lTDo*^$szMVWvZuzey6UWsjxh!k$bsc%~Tlg~^?>X`mx%qrW zo+iJOK36S=fBZZ6bRoC<0WyK{`iS}r^`VFCqT4@6o>{e5~Dz-lxx5;1++L zJajg=_4oGG&`0QF{&hZ}e=X=`yX9W*lP6Cp^dIse^tr0wHh=#j&(;T*>F-{tkDyOB zDD>$f2PUnP5PhVZ?zM?L(G>c5s5TaS4W`zP)q>C1TflKV#r`3&JM5A-qr7N5c= z9ng;;5C2=}vrxEOSJ|&|Y`0^U>v_q-c{)nC>hm`u{si?6H!%KEh59SV(}DRug*;rQ zP`{Eq8Q?#Yd&d>(Py0**kni7I7-b~*agK03KE?z3A;Mk!;}Cz59rvlv1@v`4hu#|x z{RplDi-oIys$5|_yU0W33wh0r&?f@?a`JqDPbQBYU+D8Lc{afRAonX2>f3&ScGCeK zCl3eq4|B=A6AOL5B9907317lL8yNQ<(qCcyWSM*{ovI$yEfzl2;yp*~5TAm7XS|H<_F zfhKvGe}m2NPmot-{f{S4^(xfAMV=;qiu%f1;1lg#sK1mvMlOd@_j;Z@%yF@Jwg`9g zIxvp4zXgv3#%myXw5V_#pC-=*e72Bh0(!e|t!-d@Pu-Ay1MIV7uLN@XwRCB!7WCa&4i{59B`iIO;Fh2A>Rh zd-CVVz3T!#f%e}^sM}~pZ#(R<6CpVw1~$YYGZ zCwX#Aq5f|26#0h;$6H4pzpGGxm^?uqqJQ*fw3{4TsGmfhB5zLpCh{Ej8F5rax;BcxpzWegk>z(L!$bLkmOKv{zlIO@DrM}8O_#_^KkLi1nC&}-nem;447W6hQ`^Y2Y=5ywL#!3DG zeeNa?%`R+r8F`qzF6*lNZ}5rEDb!y`9wUF1`p3w_PZa9cl1IpwQ(yZ4{PRy1>id#= zPl3y})4djw=g6(UIrAa6_%HY!{^7ZW{!_>!&c_!b{s$TZ}^877wRu1kC1O+ ze_tUFErtFxwp;2De0*{nmu}=yayy><3cLH2a@N=E&nsf^W^22|DELC%EErt zk`rz950Uq0yCcctyd?FPm4d$?;LFIPjRofilAHRRdqg+4QcyZYRW_-!9@URm()7VsI2bCYoO57#X8sVar4JQ?5@k$bfY z^%KbB0lrGO#uNVx?bZgq?blPqtz-N&A zJw`l;l3 z^6J!oPagUP`WoctoXGwL_+;`Zc_YU8C3%8%B0FjKs$b0hl3V>>E?ny&7O1!B)Mr>% zU(sg=dFtE3e$|o_1Ra+&xooH1YZ!To@7G(qDdF0#U!$RX)*pTzft`qAV`a*O8+@-+Eeu9FQa!zcP9d~94sll!|0{g;@Y z-25w4flr+L3-{~zjS2lTCKqQ507p}#HZe~05$yt2Gr zZT>G)-#Vb*P5r2VzHu%1-x|fjh{vYbkr{3~&PFUNm;tk<-ev4;_s z)LT72LH(wH{!{9oq2A_i$TqX$Y(R^+c2L!9k1fe4(Joq-$=dn_Z8~P^8G&Z-%0(PfWCTN^mkN1-_7x2Z%rWn z(bVq>=oe6bAfW%6`o4T0(BcWn0aVw?a8=~T)`u>ROZ^A*W2o;Ra-r-|y{K==diaj|A$)(+;yI}y{3lXx`RVMqtp5Rhg8JpupGW^Usqf17L(P8= z^}7T9r^!Z9=i`cizMtd8Uajhd{e77FMtuL&{6C~VN_}(2bBOxc0ey$Y=|4b(5Ez9r*7p(*_52lN*>UhM4&_>ZQ( z8s9HA|Ao|tYofnr(0?=alLGn^&p$E zH{yMa=Kl)y_fp@I{oPCb?0~+01o?cEdaJhqj!XUXK3nroQooye%g+bYj|%8Z$Qv%Y zKA(CD`rC@}w0B(UKcF8){T0-oL;cIt_vQVu7SA5)rw06+v_L-B1oSb-i@gu1xAXBty~Xo6^^*en(Ami6 zWa=%SJsp?&59sfq{=I(me7bsmdnH}$_!Z}m|39Q1cnKtIs&Vy}K}^!Hqj*DUJ0 z^8DTWKcapB^>%#xllm0_eY11X--*=Q`gVikRlG(#FE;b)J39hH5*xzNs-SvuJ zab9far(3C?6wsGw4SkOKhV(f@__5mUAY7l^?pu*z9{M&O@YX!J{ z?@yxu*X|x`yzX-2QqhZFTIfI7@ygzs#n0aINzFVWlGy3?=;!x?^=cUt#^Bc zt3LGeg-&VLKQC(s?hgX5OrIx(pQL&|PsY}My{YK>_7SV0)u99Y#eVvP-t`@^eN+V> z@np+%cihIMp>Q3S>|2H7a;I>OCwed5@x=EydfpE5$V=e1Ue)S=e&uH&e%s&95U%4D zo{2b@6d}-c)Q6X0yy^mbH*|zgx(@Pbe6e!z@l(jB9q;xFSO4hG$mhTGIq3rUq?$o* z{q3$?<9Qg|t{dD(?(f6+R;ABM;T2^cyY#yrj+{*X8TFAG=$F;W0p&8jxtq~1yAIZ> z6M0YHIrOE^0O1;cp5tQkVx;PoKY}<-e~3Pji{NuDeY$ssKJ+d0N%CqJVtiBIVSH`> z&|Y{&8TUr77xIC^U7m*^|F-Y?pYW6DdGwF1j!QnDMgDF69@hmv@sX&95BNs|luLeM z!x5*=$CJAv&NVs2ga3M78{w+=Vukv9$WwPB&$a3Q8F@4TZZS9LhCGL!^PTdslK6vZ z!nMDl^H9%iSkQZnw@14n`k&Yx`s4-h!RUKl1LfMUp9}ap28{ENa_Lv>OvGb(sNREdt_44p`f=o`%h02BbA(Jbe{-gcIOL;X1!Y{fbHsQ-6^9NFME$VSYMaqV-?w)mw#i#?D_x3DRR9eBir(+j=HJr#%fcs0eVNNq4~gFk>)}M<+OO~o)WgHn-$b4(0UujeCkl7txT0{~ z$O%8KL=7+5;1=glmOh77ul2)uQHH$973}XVz9Vz$;}_SHN3Tad|6;?B3)gmYoWGXO zwZgT|=l>7=iowRqt6thohmfDs$WQ1?el6jyVPfw(wTK$s~`Fmxu|eGxlXx`%bD;A)BjH4+HT}J-;oO$ z&_wz~%b-rIZkLe9pDtWaPUsJx=+lVD^!3P7>k9R)$$dUA(dyw+;W{qiPmu??%WY39EX^%VxdC%MKi@Ht($%fnLSEzSuuPW2K` zhU>Y_iwmxVKKulHns8xS;W!&R>c`i@HJ;po!uhgIxcaC6?BLWR_&1jfgunMA;%Q3$ zAbDE9AW2?KkGDX$`b3_BK0+MI%Wqh+W3+v}k>NCSo54Qhoe+~5M zlIX9k!vlm{?J*ShW1R5QN>uS$?n3@;oqXEqWxrGr{8w@&%Ow5<1(2%b}QPoedapT zkH>gf-)jxh_-lHh(%bZG=}sQ) zf^oEc%M|6}<8KDHyww^Eo*#ic#EW1QRj&0=3H@zM|J%rOPh#CDOa2LcqBlTq`}vMH zz(02qxb4UK3D?}*ja@8lt_dv?BAWeEJ!oe_T(`g9krbu#}K z)Rp!38tQZX5s&SYzgI5pde0(1HjnBJg@1`xQNe{ezAB zA?nj3P!Cq0y>En1d@uTI_49;qofp|35&sbO>n+u*|8UepeexzZ!6)+!;;BJCUAgGJ z*U;{j)bl!JLtItxy(XMwd+O_!G3fDX&e?uPZ zy2|yc7w!+ie6jpYA@^#aU0Z+FlExF?>oDp#x_KclGl#;<0gDq+Hs~ z_JGea$h`yP;X%m5!{lvmrhjSVtt|boFYKJ2YLGCu8!cho>xyMrp6zw4{{mxkMQ zXI?~ptR4mmcl&|8h%?N74Wd5P814SVcs@`rd5-UcPlWp7+Yx{ML#&h5-_yvw9q5&Z^STZB&-6)tgh-f9?+EqrACWgyk>`Cj z8vgm`5&yIFX*~w<_|HRGfqZ~)T?hK=gFxkF<37sqV(;CrF;DAKKUcWM?_FQG{`~6v zDLU#$(OqaadK2Qe^QLpjy=92!0RN`1aP?0-g!xs5>-j^be+7D5_kLEr)K4N%Kdr{X zC&}ZK9XGcq7rnpEcP(1I{YIV+>`Nz(llVm+&EvT6FXK#;=eMC>De`i6v%fn~pD%LY z&mxbMM?FNTA1GY=8?A)?KF$H2MScDU_}e~YG4+WlsOMMdGiW^e6~74e(35dpt*F4`)xQ_ixpGZ&Sc|ZTCT>|=W;QIDR^7x;qhu+kGpj`5nx({*su25b|{c_>%xLghE;Uw}#_rTxZ4!s@6M+w*Q@;ENrso$ua|9|w4pUh_) z@@78Io?Ygc`pCVAC%+Z_I*Volglqg>AU_W)*ZTR+cghI$rSF4JbPIeg<+wK#uKL(R zh4IWF&%c1WvU=DhT-X25&zQfB=zoO%;lmima^x4@f9yOAaQp->oJBmVsDDVf>sMEd z@2(Q~#YW{4XOjD8%iG8YppSix@w$`xH-)?7ax3u5>Ay|&;*-A?{j&KubRu||`vF`3 z-%u`j4$VQ`!p-x37q0$3uMZT{zw9KeZ^qGY?E|el4C|vs$<#Ayg^Kd_TY$e*Yx?OBO zb>I`@`qp$Rd~!VBp^ev;JU#&RGluP6M(*>u?zVp(A>8F>4l>+|`pLqz&R6`2OtvIn zN}uR+i1SJEFVsisD)a~PV|lJUjs3k6@l2+Ev~b-&obdyWcTBVQDD~kG*6nrF|1I3b zsb8=zua4x6r^7$CAIFRP$?qqR&PSYf9s5c0@F|G1RB8Odd%`vTNH5<3tN$||Lc3wk zqY(Y0!Zkm;0_Tq{dX|#${qJjt=yjb;9z>jFDS1@=h39TU{%u}=rFyB8;QLueT)V~I zu)zMOS`zu}#p{zS6R);#_0Rr={?=u?cTzu+daKXz#nOtwjC&|GWv;ag6+odSLp!@yaDmkJo7nq4&VL;BV}x+cPhuYGe;|MN26=|>``frQ zdJOSL%VXWJJWp4ydA=0$!sge0@?1ys*Ww&F3;F4>4*9WlW{mJ-)%nB1)!%;xGqgG5 z+@oCb6I%)1mc0FJ@bpHsYv(nyg=;?JC7`$KR0~xv{`p!>+ z=%^nn=#ziLcQnG^?NA@hLn-*5Mt(@Ru48+6e@F%L<5S?X1ILSo!ZjZMG4v}*eZyzq zpWfj+VtM{dxb`cN2EU*B!>SjaoP>3z40)etRsY}DP~jSX;!KQ)&6gu`f06p<+WYR0 zPUoL~CVHJ;`4HA0%kzHcFZ1_&27J4d*VORhJ3Y<}HKefoRM(=tT}XuWdL2k(nG zq&^aVdOPx9$NiZL;GgI5w=Vm&SGcZAF`ma+U6ou&pW*Pa^UWN2;w8lS5PfPaf`76- zxSbbVqg>+2PC=cRex-0%=Nr(kk`@nn;v@L9DuG|rT#Pzg7ub)TCfwDbkMSza{Pa^U z`H7zl9~-Yn$C6H6Nw}^v4{X9Z(~~}})9_Cf;W%5CytibySnzmfYt`;Oc|-rzNiOX3fVi^X%1 zaE&M43_ciT&l{>-+6|4we6f61Tn>F`0P-`B{>y~B`FJ_%>Lv1>+nhO z{XW~D4->9FQI1z>>cWXz zlgD}8%<8=18)(;Sjq%-h9R8q#aBVksEBa-1`=xS;KhNte=5xYIwCn$b`rplVqvRQ$ z4_be360SapN8oSkfAO1WH{S$xczP)qO;axV)N0=W+t0ipT=SL=BYvL^yiK3X9_Smw z#@j}p9QOkje~q``AG;CxwDYxo!c9X9_hXpjQa=@-x974>Rv)da{oqabN8i#v_X&?9 z)tl{WFAI6zrp;}S_S{)gNWxb z`rN2od{VqlV&lGwJT@KUW$VVp@4zR;_rGj>FB7ioWMY5eIyq3du9MjlP@i^P{XzO< z24mejt^@+wqk73h*ke5~&QRvq!5neUTPhqqIIp>U0->xRPhVYqP3b2P9&oTpsk zjGTvYJfA)X$^ALVv+YA#z6*W)AoRAL+#_7$k8!?REzK0J$H8{*pl&1d|DXDZKJ*=Y z?j!H>9(az|;WgHybQm`xWK=+qcqxx^RutZ-wzaLY^k~ zK1BVzM*b;z^eyDM9Qg^W;UAs{pStAXu%37P_cd7b+OGGS?|y0PK$1LoUG8=DSN$y1 z3I6MOXMCXjm31I+{?%2u_SfhA9yTsd3fJ@K$d{;xMhtB^eOfl*dP2TIeWcykK;)qz z^Zdt$%-av>?^mqbb|0bL)OL)c&6f$}i8h6Nsc@|aZzb9-%XWVkuKjAX9lQ>C%{7Q8 zHyh(_`?On?OMjC*?pV8D3)ej7YN6dW^!d|#-u4}_F$(<;`b0gSeJ@25JQ zKJ%y#^L`2QS+9D{+g#-B4(gk&CBLh19G_P%@h1ZJbN(P)$1CwQ#w$dhBh*K_qYn3z zcVCD2)8AoSY@XibI7LVOctp6i8{_@Gwr*GX7;#1hcXnzSA@}O9T=dZa$fq5beKEEIQOzI~HSO0WFpJY;fV_?30d+U^saxP+6~3PUu8TMvpOy{y+(~DIAY_{ zU%2*bC+DN>Lq-YL_@mR2&t~*_%jxC*&yO&^G4k(KFLB0yM!PnDuiK#hav#g5(A$1* zvT*ee^Y~?XZuc4TAAiGl&c?4N_ufT3PZpu!SB0xjem3|l#^ZespZrNUetk(kLb&Qv zmmp4CPadM)Z;kOff&OXgBO}4>I9qBX`kQzj<8Jf!CgE=WcE)@h!}<6K_32ZfH=p(7 zdDcUH##!?VO)teU8}=$zC@fM?)PlI zT&7(7W3A!SqbveiEL_{oz3)3<@t^t?^N>V5R)>!(mw0k7W8Jt#P7U>S_9nEO44emb z7w+`U3-?_K^2BWLt6}54BV6ltW)|zM^=l{f(ccPvdVGyIy&)LK2z{n2*ZSdc>Ryg} z(Kq1PtKnmH*h;zNA#^wTYvaD3-2bAGM>oSK#m@(s{$t@9e_yUAbr{cn;aWct?$1k- zH{JrC4(w0b3wQBP#_?rT3H-ra;p)FSaGYJKJ`%q_3FB+^wv9gC0nDRzY`5mO@XvMf z9kF@cS-JS6dHuoaVFLBZ?Wq63^qFY-E0CY2dv8c3;LxVIYdSUwL3cl*-7x>qv? z{}4a#Hkol=CtUqgz0srf9G82k&)x!mi}OwLH0#9rRcagk`(EIjEzg$w>;cgw6UKoGT4)~{@K|cSczMF83 zGr1MK4*6^3+0v+!LFARbhfnSW_}hM|FL^Yuk9tYC`lsJOonZ7mZ?o#9PP`|Of6Hgf zAE5UG{p}-M^AkQB`5D7_rc$4J5dKYz@QVei7yszvh~JLaS@KLfj8|*=blb@|dB3IA z|8>H3zZBk5czk?SxW*H`7VGDbQZTCgBjc=vcuLd%Lg8AUsXTnbz2- zp-*}b`fEPxsgJ$@ZtGsjU5Gzi4*hLG|N6pRUGe>k>&SZu*LWIzf_P%&w@@E@5b@Y? z=QZJ)htxZT@&8M`|Ca9@def)IPeops|9|w4#=>ra63U-uXX+=Xjn{m;Up}W8BXhKSCbo`=>S^`}_i*5bNCdEa95BP5iu%?U$BO zpM0UP-u@Bp>i;vuIgRl&_!W7`P6M}i+AG(3cog%iJoOKgC-?b|SUkTA*LYe6?w2dS z8{A)m@v?c^Lb&=TS#P!uOe4>BLc8X_+W8cFhg;z|&NBCQP#^ynGuqByTJ3?q|1kKq zjDLl2%|keFKhJ06{&Cm`j-){T@EX+x&@f%yM5%8}D-AF3)LyCp z`ItC}e#NSR+xz~jg=^i84eTek2-mtw1nTfN^7Kl?Gl2zE>o3F^OQ64YJeooteh7Mt zr`F%dTaNx8GXB$rYyJ~+P=|KCYmVxvIr_&E)l2?Ud_Tpm1C%<%{*FW?$C=R9%5}VW z|1f5a99D#Df0GM*XK(Aq%k+t!g?`yQ+CZM1jeO$2p7$qxGJoUx!zcz@=P>+Jyf38& z`T4@#yuK0nv32`8?P?C%oH zqZjEjP`I|6Jm5QJL+Xz^0v_)LA6v)z2-m!MMW}yU=f|sF$FUE_F;D*-eR7-N-;@58 z{uLi-*W-2RvgGZBt55g{e44X?PgJk%z5$;I^?wR?`z}8B#`1rqJg7>2ve%*>ZlnG& z<kBNPU#!Zh6>D|2U7!7Jn1@qG$EVR>D3Z%6MYJ zHGY3?Cl|TZ&rao{550`}cs~2pyA0!8h<@2Ve3)<-XW;WekCA5|!HRT%J}XWC6Y_Q` z`8SU9A4mNtk~eNNp6o4X_YTH?j&MC*G&)$gue(9G>u*o=Yc#zcP#^8@#l9m$$rsW; z%{sBXeMo&eu>N-{tN#CeT`gSwQ!k=^>Qb`aIL|w5+}o8yoj)AdUv(C){f%`%f8V9g zSmolM9E>`#dT3Q1{f)fgJEa{@2MX8g|D^)=H;xmoKB2*dbsjn%JaP^EEzT9>KA$sl z3gf9z0s3eXdA8%rSn}{Ag>k+uT*oC=7raUljJA?T+hG3wO8?>$#9#CYzF%zD>+V)A z@#mjGelYr;w}w3Oh3_0}j7pq{cGEpkZ=W282CfyZ^^;f&hiYthl5kxoXKyR4tIveH zI_v>|tCOn5h$nsp>U=+a?kCTki~ibv@=J2BYGMA53n9*EQ_Q>7%+CPfuD|`^Q=k5i zk>@T4x8r`}iik78`%$e9Ul*?RP_|+Z=YU>#-j}MEe5QGxGJ*bWPl8XTT;Y7bMY-s` zz`pkgxzGDK?YKXn5`6N3{qQv5S`X1@P(Qb@zpI2-l+Qi7rE&b{*-8 z8sM39VV)mTE_ujJN4rfqAB$>&XO^NKeEJVmF8;A6Fn=w!`-SWLjRo!pm`Z*0BIMcD zjcw$qPml*2ujaLo|L~t^@f+r$lW^UKL<9HFUn5-OPaT4fop-DduJbF)`(5q4brbbo zZN$@@{W^E5?)OggzUSwFh`lDT<1~zNz4?vOzmD@ zQ6Gw-9<1IPoC;{Wze>`pxo~~XMyBxuN30I}QSYsX&-K*bDqQmxJ`MHu6!Y^c zd2$xc7apMg2z}yP&@Q{>opTy|yfcsotDoNF=~I#Ca`c%fT_v;IA*upcU@n`OX3NhFPtk}^Kfxs9`zQktW+^FPCQ)uGQL>LYPx zczwp+Z`w@%>_YfkJ)hYS?S}vGokK7Bj3@VaebwUMOrGQCr;MM~2<@g{Ks_5@pj`40 zy$|c;gC)>F*~ZX&cVI;77J)ZcF8c5w`1p+H3FCYYn8m+axaQ}A4ah@X>Q6phxxAmg z2ghZbcQu6T`jdPX^W`e)+X~mbh4x}x7>;)jd2Br9qt9RLGd+(Nh}QG2ZG!kS(~)PJ zcL&H*TfyzTsY_F|o9F$vCo`T2!o&RkqklX`y|7EryZ#GZg7q0ow{9PD-J$7N=t$$s5zqDXc~pHQ&wjVU zJbx=(>$wxxpHkHSMty|y$o3W8T4=lfeO=|aoTt}?zs-vW$b-)Zn-ld z7Ua|B*HglewVto0K6|n6oGt#X=EME7ttXeA1OLow=m#;L=gG6rqi*jeKPX)5{21?ku3kcg=>DYr7-Voy`4;bwmb4^$FK>$Yv6Zto?p z%HyNWuc^W{4-izyucUcvlbC{XFT=Vz~AozekS=X z%GE#c+?7@2$uh`*_2F00FN^aCd3p)z#PZO|*F609 zb*1BS-0bVSUv8%4CE?ny%+St`*!kT)3fJTH+)7v{!{i54uXQ*8{j&G_ zT6KoM|1-G7vqHJ(Q&Uk_XE2^!)MtAm&UN(faUp!tUEpJJ-XmP=KXDo6T_0Wt=+^Vt z&tX^~dL5S(pTlN(`;b222JoLz5)J>vc0;2vE{`&vE?p2$cyeLC-Y3uSK2NLLrd<(d z@cK+A;hKkB1*|7^=zo`T8OMC!{)d_L$@NFwPNsf0^|>_i@E&=UZtzd@er9A<_J_hX z56O+F%tqAD6|VUV-rxQac_^^1=E(DWKCsQf!@@QG>~n?Vbw+o@lYJ5URnuRsT=bc} zh57uDJogKZYw;ok`mb=U!wl=t#@WZmpjf*9`)nK|AUVcuJbFj4*7}k zZ{`WtIAgpI*6O)p5A-YZf$x-dTx%j+eIoq)yT#dDxb>aZ?nl&dnHT4w-p=GNZ&H70 z*XQR1t=;G89}0Y)VkLcIe2&@i^x2?3GQR0Ak>|6?PwffrH^;ch?O5(Lo;>{!=Bd38 z@{(}fSIi82F7*}RT0iN)eP5r@C(rfPe5zl}e(}1NU1w;cTzulE7anKh!nNIh*shK5 zo%D(SgMK~Ce!Wef6hEIHA#d6X?M6mGZ~0sxT>ZZaoY%jsdWk1=KJ=H+XFYj#7V=}` z`ww}T&pG^=`btr>n_mPUJAMr$kKBwpxA#F72-kc@{)K*R5scm^Pw_cLmWMyoNAq?g z)(3kZr|l(ZH_p$w_hdW|ktaLC-`3T&r%gyJjZ!$*D-2c%69qwsU0^jRxWj$ z=KUnLPfH1R`^ha>uWWyKgg)8v823tSw@q*OB=-1@v?9M&__5~E7}ZN2vb;ax8S1a> z10Sy;{Ox_!*Mz&{$R4a4lc@iT`rJ~)`7e31%cy7m%aPwoo@4#n{F*9U*MV%{^Kp-o zhXbG6eVjbc{lC>!O1Snby$$2?1KaI?Ir<4{_ z`-F+)mns*1b`yMT9z88w-(MKgXo6E(-gZ%+$ND_3d`@B+uV%?z|ve+s$r|J7=4ZdDTmvLnW}j*>SDe zK=Aan;P!sa+sY-*%#Ros{8l~(aTV%66!;#89*)cB0s`xKZ{gZ*ZY+E({^PDjK4Xh9 zPm4<+5zU0FKJqN|mbW{}Lx1>AXyg7deWJY28E&3eD~9#If8aWEE8*I&e1pKeP%iC; z1NXarMxXh|VV_)tFuk9s&v6|_w4N8a2JLR-{VFyt7YcXl(i}u+$F=8#YrE;6;9&h~ zb}iye^M2q5*zR@0)hDw8^)r_Ny-a;JisKHl%em*upVAY-cq>6 z<8{S|+jWe)s1L{BQ?exfU>5cMM#MjqKG8w&58fxgM7XY>slau=*Mw`kF<$Qq(`UDG z>2Gu_X0+`aW7lKfc;G9H3$o#P3xvCT_Vk^D<#P@7tpd-5s6H6u)ibdFsqJ_bFB7Qq z7Q)rvpI10u_tB>vzaOnCO+ywF}yAjqW%ow>hEvIyz5Qw3)g<-zQuZl|H^ZIgu8KUfjYGD{enKR z!1>E=>JvPVvwk(W5kA>pkO%XbC|u)72A(6mlsvo(`FV%y(s4IIpWx?_?YP-NxW<{_ z`<1r7{iR&|6F>N_r+b*6e#5}iyg#`V^Y93H@;21@H)ZgPf5`L85WgKy+YN`0KMlMe zeSRem^E&_eVW|KC?_ z$E8l*M&_TR|8U{zpW*(n9RGB_a>-}BFZ}nDSBXO(=5yWak`GfZ`sjmaf5lrxFaE*zG0zvS_oc)F_oZAfT;qw1fKPe)JfS|)-!Sh7 zW|-bm;adL*evZcK|5N(-t2#Ibi@Ex3@K3bHys-V!-O9z^+k-sYetrdc>Pz4G)L=Z@ zg_|dl`%&h0_k!^t`Y8zgBi?}YSf=}m-xsy#smA|j^wex^EXB*m-zD+`p%&jebx%sagTpi=>H4# zq0@%%#5p#w@4ZR5<{{A^{u%l|DO}sl?n2$#xbL7(JaC`$A=Qgd@-XV5G<~ia z2cO6i#M6NMUE$hp=yKHm9&+z)aQ|KK!{j018jt@M;<5QPh&=lo*45jnpGu#w2fdxA zte`&1^OU~S|4JTNgg7JQ{bk}GYyG)PxQmC+!LU4^mO%XZUof*u(x;zr)yM8azYvw@ zJ>~Qi9rfc~>XTi3M;r2Y)hECw!_S+W&sgEdTK}J;K0XLan@1h*LH&ex7uL^>!Zpq$ z?=v_3`{bdnh{yO2^4MdYT!hB!-wU7kTIerj{KLqTe4c~l?MLNO51CHT+jGs#da&-5C0^uqoNhhn<`xI%j(MSpDLpM1=HV#ymjU;es}=! zWN*MY+WOOHBK`TCMjQ7>luJG%1w}CwNCVU>CPtg?im+xEIesUFgg4b#7dRo;75l`^G zf)>Kvyn7J&xBPrTp5yv&`9Dma%0X{+)pIKRb6+7&8{Y?n>+!KZ&)=CgZ-H=aH~brX zY@f4DxUSn}`Tfy$TsTa9WGVEvj>V@T|6U69+?M%SEnM@T;`g@HCI3$Ky3T}=;Tomz zi-FVO6W-xFVC!D_hfpWEzC>V@a|TuRGxg(Q5^?3ejm zA>7qZ;5qFtQ=jE?Yi%Fc@?qp{KA#WJlKs6}xV9TxjCx~tz1hNbT++oj??$gZZ@Kd+ z_Bsacm)oK~(%%g0p#=R8(m(NAXGfZnpZSQ!|KC?v;o9!$-=JNq+v}ZP<`>Tgt={et zuI=V|zm1)zeCd4Tygu-J>2i;vzdoYZ*zp{PNr>1`h`=2r_pfa-u}H$@bN!Fp6_6P7YNt<=Vl>qW9gqI4}Kme@+8{z zu1C9#seh3?{j=|gtz$o$eoJ9I=RL)7=W(z#ePZMh-gji_5I3+rSbd7Pg+v;B7M`DizC7?G5u z|E1*NwP?3J`HjN$IG#Tq6_p@QQ=bdy*EvqnQ9rf`*F0n&!noM+sNDj@lV9jN^?Lrz z4Z>BQn_j5@Sh&u|)QY%MMydaoyxIZQM4NBDor`rj{H z*Wq*r+9Po@XzWDM)A)=TJbhR?&Xd`=+G@w$r7rsfD& zfA12ktCQ$cVF~Q7ioAD%zj`Q6pRbzJ&x!uZ-e znooUt7<>|p^N4b3H#QXcwE6Nx8a%Na`7~bZW$<*BLj5($C2#T1(cdUi4I^@Up^F4*@bp!A8 z3C;wkdnN6?>6{+e)|U!wx?d?H-e$rL{~6o!qrQMk4np4iC|J6^YV z13bs?3&W^+-W9^NU*QADb7QtUoIKH@qw_hN^>z<^lH8}A!**XVA3m?RH2He+4C}<^ zMX8m@Ta4FBZ9m*gxM^tNehgN<#>sjp%U_P8Pj;K{h}F+|Z$h8o^ZW-;e}!@xujmT& z>ss=UjE_RzEQXqIAwS8$bFI%2?&>^=Iv-7+%gH0dF^(;m&*$iq@!E5qlx-Cqj7D7^|iaS7(N?ei1L#U~W_p4nf8 zyLq%3@ib?i6raoYA>(OF9t}L-;}YfSQy=l$@oNh8@teU*v)wPLkALYqV&h)%UG%ro zMywC^epUa6K*z3cOEL=0o@-_&%mY=3Zgt;uEcf{+48cwh^xD zaHGKcT>XT*{5LHe_YdhGyuP%V{+Uf!hb{hgA2AQyC*&B%znQ|D%6=PJJwXp~E)r$Ndle@&=<$tge#6wcXTm-|1~%w4C}F z@6)#Y|4N?Y=VBskywzIzyn=bUvJ9kcMqch?9GBy~{!oqlJmIR(HpaNyb@jQz z)j!7b^jg%vNqv<2Qp-=#Cx|o6^CO!Vrzscz{K@dQb@fW&F8*G=bKXq<5!5H2Lf*{( zL*crwNb-BP?fm7$_3+O;i2mAs@*3glpUt7&X&jd+)aUMpz9HM)LLT3VIMuzw7b?^DzzulG6plN|Rb`BddPj{IIT)Bhk`eSQdx%WnE)_&lFk z^f`B<_Upf|9{&fwM!5Dj%ypaT@g7kw@npCUwE8Uj1@wvG7#E9kh;Yqw@N;u-P@m@g zz?fz7F-+y+ALe}~=6~v!@K2o&f1J(9_ga$2KJs1XDzl3>D;J+6KR@1t{N%65D_`J< zosVB3{8;%JPQ8Bv^fq61IKA|Xb#D1NOnr#+%l2c>Z$ch|&prD_xaQgC{d;yDsrT35 z9>0IH9OGXg+|93FvEyw)o>9H@H#Q0R@yQ#010LtNSp3%tSD)0`n7=J~;G9i;g2xxj z&u;4T{2cwg^slfP{%O9SV)y&qAzas`zVG2UV)4wRJ`#A|-Pg(`p6rPjS<7epE#Q6x z>!cmuuMmE$@k*#(^5FA63LE!-onHK3!EtJK5js%sTg;&+9FA99b<~<4_RE-|UxM>^OP4&Sz z?q}YX3fKI!U};J-Oi_WlE=m%e)GBi2eccy z9=sppyke*3r`VhPC64cP$j1rSJY>1gvHpH7+{Lp2dA^eR@Q)bZ^v8wu-$A(Qqn(i- zyFY)3aP`kWk9f@gW#bDA*Wre{#7FD%0kk`v?e>dV!x)q-`0l)snM8dr;d-3y&gUDPMt-|+Z8vunTKs{0sng5;FmT=J zQ`Kv|jl}%2wX5FG@P9IJKGo52@d@1jIY7Ajgg!vK{W)Pa3fKH(cpr<^TcuyXJ$|2p z?R(D=my5?*;Bx`Q34O{zl;ai1NEtFYjZ1fI77C3JX_%pWoAj>hipcg=>E!yzj{7 z``5yCUc@V)Ul@JQtGx&M=sv`6{aU45{KNM^nPdDn?u9=5C-QJI`IF?aXE9#4lK)Dc zNI`G&;*vb#k3Nq2Y)bvD!rgfBxk(n!Vd1*&h57zbg8JtBsDB0iHtu(k$5w$qSOR~r zUbyBh^*S=<^90~W>eCNEZ~K{>_rpKR^9zgTRq|L}__Sj@o5|C^z{m8L{f2h4WiT)9 zD#9PEAkVz&J7C9)oNyiYB*(oG{r?uO;}YZboJ!>99)NyR;CcH49WVB-VZD{4evojR zn?&x%ox;^W#Or3JneOy*oH_^fa3BBZIqLo4;FpnC|DAc;<2zE9{5Ij{N#uS^qCOo) zK1cAEKPs1a@`3xKPW=P(Xlh_RX)9doJi_Ne*}8X=aILHGiHH-U;CUY_7k~duaLeb9 z)MxGox4NzSC-NL!jrka5oNa}>yiLXNw+zR3qH<|B%j;UU-^)?&b-_NcYzY`$a1cHz z-WNd|?@r-b|GNVBV=q#@_~&?k)JVqjJ9&uL4Q!uN?JxL8C!#(r{zrwo^(yc^;Jbut zyQ$aF-vs?n`5Qhy?;|>cytQ!6|4hDb(wzKe)k~boZfMu$#dGw@FdnOuGY>%@3*7g0 zuW(&ITL#w8$&SnWGJI}8nC(7HpXhSz|Ig+GIB5RdZ`k;DK8*NV@_CZBue(mTj&F+3 z?Rky<(^W6utGku;X8V?r&H&j&8#glK1 zb}i1kgdc02nI>H8vxxU=p% zdjAyk>o)SC;cw$Ul018n@0>0E zjB<%5QiO4|b-2NCh%@^E`n81dv=y%P5aII#!sMM)uW|l?{bWhTGe@|_A9)LL+J5z< zvdmiu{ar_&(Zba~8n};oj&SFbz&c?4+N)gRkIqG$FVUxUIn;BK_xYf8&$~~!>chOB z8KdlZN0dvP`9R)!mq(oOav1kJ=s!WY>SH|bv-Rg2;aZ|Iqsn5>CJhgE@<#_e~ z@2k0R^-niKgf?EEDA)e-`CU8sr+<;hc)b3UyjBJ1^C9dfyOzQ)7Lup=IUw_|bOPpS zl=mI^^l2*Gt&`K>WAmc3aE&t?I3A_Q<4KH{-S=4OM8uN}T%T_t-1)CZ9sbC6A0bci z{cBX0=Pja7b{s}_8TALrJ-&Z^33;_*^eYv(pQ^cVjX%ZXtnF`KCl7TgobRPVh(FX1 z<8mwgA0*E_f_Q99-x03;ihqv!wD)1Zpg#J6?;PxSx{vzAe&qQe{o7YWUB#RBaAc}1 znfmH4T;tEZhWXwX*qcrLnm`>crQSP?OwOl%n{b`K!S72gbrR-Lv@zPXI;kt%jeCc} z`n*QD_V+U6!S2hNNqxRG@{r*AuwHnWF&zD47xhuj7t3>~65E_#pir8IpO z3)giu6nMXNE%mWyFpev!Z&?*S;r59CQS#x+rC;$cd`GO#=L>iFX$<|<)Mv=kf5QI@ z^77T-ljQSkZCrYg=lQwXp45*KuKtm)(ceFqhiA=aSz#V_2-p3_3O<*tC4HJyN4x%m z(A#`}fjqPX-1Zxx8fZ6s5x7sEj>0t$9-kj>=ll1O=lQwFF!dYBGd++8JAO5;DL&G# z1g{hJqJEHY?XUMc+Fe%$zgVk!X*Yc`eC++uKk1Vx1%57lD%XNO!T0g4UssW51J7j| zBV5~!zverKv*w$CuitfG2B%+kW^;lxhuZYN&UYEM8^KhKfppGQ2U7|#*qS`WOB%jQMxu=@Y^b++Sj9N&R;z9c2r3Rj;L&#!G> zzeye$iukR5nx2OBITW}bufK4O-{?P)VSYBF z4nHREM;;5@FC7=I^Dac61obPZ&+-0t%SleStLFj8!+z>dt&8|`@A;0{{-LFE%})Y# zwS?pKBK6U|7#GWDPB`ir{!cRz$Jc{T?n30#j%!ndt3KTk`q7N%dFo?}p||U4mFh#E zEP?zyM}1@An*V$Y)Th1ga5eS0pRfa<`$N9VhYxi^Viee2V<+Er|wxp+3U8vihmo5I)}d@Ui(ag*?vlT-)C+5pHA0(A|&Ks+V>%t>M#> zIT=N{|=f#@StS5PP6Y^>MnZd$czy87amZts*a{nvekz(=>%!lVw z49D9cT=(ajc)xKK>iRJty>GvwK3}mo>7Tg=ddtsO^oezXztzv*nq8aS`ns$ApbzGwh_4pAQ;i*_v!>1NP-7hyi;+24v0@Niq?VJm&QDwlTC zf#u06QO=9eX_l9o@M?0i~4Xk=*v@IuQ}R{PR2Z%OFm4wwCl$)UN*j;2-p0i zI)aa2{J)X=MK~|OS-gC`U<>%C`963h`nOju{;ArC$MSO*c_e|nHKBeTdHe(4k-Fsd z&Vo<27(VsL$0(OLqc+qXX^T;umHKz2l@L-x!~JY~%7Y_4)0-3&iSh@Hx=uQs|e})tAEcye#tt z=HoDg?=?Rc@ehBeF#hYwd$V75{d2Z(jVBRBo^5T}pdq=qX zB-=pGzw#=y1o!y72-{zMq+I+%(~zIxjQ_q?;PI2tU)w)Ftz7$iGxS!6Td4Q{!nh3Q zL_NMWd^|pPr6m2^2-k7<58*u5=JgfSho_#@J{sgH4=e?IwY)k{24-p^ylBfkyW zjonmOZ#N3p_3G8YdG`aV7a#u_^w;WtKYfz?{G+{J)~2n-|KC?1;Vz&3v2NIPzbV4C zo+k%BpZ=n7J@1eH5^zqNc2--e#vvP?udotp*eMP7pc2{w++&d0c9`8`T@ec&?T+HU+NjIZTqiE^#aQSi6=d7?e^;iibw{7d`b-n|$X zJFgre{8;(CkNVtD_*~1BSLy(t{1t`cHBh+jZzu8l_(If=5w7(XE{T<}i2Nz~WOKeF z4avKAM4c?=a~(^O-z;4F8|Qfks?_t|RxbI;k3qkBQh&k)(1#n~_+sZ--GysB@$aBN zoBBIcuX*M?we!1u^!a~uoq4=fwkhG7{~;aaccWoSox9`r4F z>OpW@2cFUjekL0r{+4eY$n)IaV(tEpa?#IZeOFV9!>O&|fA$OL>?%Ycnh96?!~jHi z2pjA%^6(hMEy=hIxeEUHE5L2O*gzf&?4N1d2Kv#St5>Y2(9Q)tB}S zf8aZX40Re_%lPnl*6ZX0$diqbht}_=2zTRE;JvezYA^b^$?(Ve-3c9FAA29;gT+50 zTY^|-0WKTWA`B!D3^LgJ0m_e-d=Vic)kGK;*cWGY(xH-eWjb=PoC#s zSf9OIxR#p?oR2q9xVCRRTfBW|&_1#o`E29NE@xlC8@~tZVTRK?DqQnC!TSmLE6)qx z4FCOo@YCkCgmSS@|A~lIV?3V~?)oWp>XE-m`^e+4x9jL@JHh`@;9R5og}eND0V7Oz z>a3-`AK0g{-gw|Ucb^DXe^Pwksw{QBQ+?&rP*ZD{wzt4O6nM{Tf^hXmE|8ppjsHhz zALn`FHa?%(8TI-;a9%_M;Vw^lLuVBInX6p<@pyl}DtU!2@F&ZC0@sqCFI??o2Yg4& z|Ka4}BE;<;Htn{W{H2J4t#3nJ;lCHSe^N!bmK%Q$`C$F-3*j2)?AIV? zvD_NnP~R-?7ukH;UAfr%r4WbxoYz2Y6*-KRzE^)}zN4fo}^9%K( zfp!dchfaJR^46{&y9w8Fqdb?x{7DMeb{uj(#xc8}@G|*5-1lPZhfS(4{v-qMPZjil zes(3s&jkIvNVxO=L*&C9h4{sIR6yh?lqof!R`E?n!I zZUFmrv++tA6nNO7+O|Jil=p?S~52c287C zyEHGrFBa3@FM;}AS`z#Z+Gidt?tj}}Qm*)!=l930uMHBe{-?G;$L9TaluNl;-XF8} z-A#M{Tx5ui^F!~3eT?TOAzS2g0KLH@{7#~+e+CQJew_-u7oVVgJn)|TQ_989>;lxw z^1ReN)DPT8x>UI4Rg8I6iSdlmKF0H+?LOxO<)Rhc zs**Pn?sP6iJS{#0gloG;xDTf@?H{Loek$e{YnRu^!=0dWGwr=T&`+L#INV5HL>@T@ zewzO?$-NfPvH9*J;o85-a9m>gcpKGT^YeY*Dc7L>e(Ly>P_EtgySy*z75%yR`2VPI z)rs&uIE%x2;o9z@1L$`l>VK^E5`T~TvaDa9)ekzU*{z)AXSBbYJk0NI-$lNdJT?{e z-N1y~uUzzV^AI0fSKJwgzQ_8?jN<-H5U%Z&D1eUbe|Vkt@t-iFUQ`11z52sG7Pzl6 zi9ERk>zT!cuwNitXCE#I!Z4?H&yehx0c zA513q8=zdfzjsKv=%)uDuU?@3sQaOl7zzDz$W!F`=EdW)S-9p^nC~}Pe>|-A8i&C1 zvdROY@A11-WvPFUaE-$b#-TcSQtd^@=lzx#`IpXK)+d2=(Ko_1Zt?5T?slCxbP#kR zpJP0?@h~S`?Q^gDPTB77l^x7>=liM*r&pUiN^bFQVLb4Cir&Wiqg~#h{|^h-dL`x{ zo-dLAMV{;eKXYlgr+UlDvK?Z=X*GN^AKR&0rI*Dk!D6QTV^+Gi?5rwR2#4=@h< z;HO>3ohMxVjAneNu#7rwl}jFGc7R_){)E%v|M}aGxzq`DXzu82{_bb;cinrv;yq2w4X>G;`4gTs~3f9+>*RrwtAHvAv(fyTqm$u zybFcveal9H`QI))jX>NFAP6Z|C{s$h{j7{~FY9 zJreOubVEF^qoc!xYrCYE`OfnH>q{Qpj(N&r{;6>7?}q~SAHJl0@Oz!V3fDZ0J%n=C zmViTkg8t8dpSI3?k375-^|g7k)F{|THX?4;e{WDO`pIjcvzql?Py6r-u($RKjfQ=E z0{l5d`*!3}o_{rod?2|u5jvNXpE?Hq#Ac#gYnOy_@h7|5cb3g)|CVr#bNEff)5`sc z_Nl=4Q^I4Rlj3{IHaHKxNf?d`Y))x&M$#=X|;!7pRZ7S9=uw(`k9yn|7%gF zr*J)oEqCrHM@o{9rhSUz`6BWS)XyG5d(|QTOYOynBe$@@N(c`{)eRx1a!j&{4RyW9q2yz?0Oui}s-e?CrXE zwsP?^HUWMX(Z2k6wlDYpSU+kfT-!G~2|D#z?t|pvi{bxwP%id)ez(ZhnL~uD zPH_LsIJ3VV^|j~4tI0FG-!-cc4po?leCr)pPgWML<$B*?UfaQWt(9;s*ISQz*?ihl z?WJA9qu{^Yw|Sj9v1#z?!gHpUc}g*5+~8=RQC@ zFQU$1;o6UG;{7q}7thc>%6;RevtRhX-OoQgi8w?DV!pQPg&yRoIq=`|@O9y?T>{?? z`N4DwQ7?wmJ8LrhkMxF4b^3psa*1=I5OKEg*R+s2xv8+Xaq<{-GFj-` z{odFUDA(T#ZgKd8JUamGZuwR;1@@`q=ywtNIZnCw>AwzcIzP}p&V3`6&mEtHeQ-b0 zv&NrBoZqJY55hH`@v7*Lw*D;j6t2_f@Z33g>v`9Zds)m2m8f&4aF?Ie5g+{4^L8oM zeCB;W%b!c1Cg;BW`>4~OJQUb(|CDmce}6CHY3=o!aP>bt68=vq2ce>8ke_D-(RqC z(wl{PWlJE#@1|=-9vyn&)UCO0v%|1)bP;=tpttoTgm-%?+@-F_jqm$qU3p3Kacoi7lGJ)iJ8hpC&T%| z`rTf$zZWg|82uSBTm6*#4}s^}bA)UBJ+7ad(tfXU(T}(B9jQoOI7j32&wte%mwf&K zqGn0GZ@DZZF$T@`<{Vw08W{UdgTWf zkLLp8yuVbAaV|d(^L{jN9@GuOwSW0vApR3+|A=sHuh{9}w*FjA`}ju~C-)cN54HE6OnCI47oD1ed$G;r)dY$@>g=@K~_2{7`$Oq6q&;1*wlOc~hf%@9`dG-S6do$su ztuG8+;D3kvfS5$hT|h&tclnz0h~W;#1~jl$%`#K85xj$diHf z;funx+$g`NS&H_{)n5JF4xMx8XW>Hd=o9dNI_<9|_Zf!)))UTTh$T&qepNhZtK7Xufd-P*9q1x9fYgB z$9DYxd4xQDUGaE&i{YogANgSUe}i!KCm!%;811tqpkwQq$!afgi~a|B-h=VXsJ-aq z`5XjMlILhkP;PV&;=GjhJIP}_*BV~Q`gtk!1N&a$!c{-a=b=T^*+QOv0ON_}$@$Az z?zQm0AMNA9_4=jJR?IIp?>s_#e-J#WOZ$!FA?|0h+&iLNxYG_ zpSh2qbDTP9wHNM9K|6L}fW9YB)-2w?&Rhwda9P;DNu4IbwZ8rk#M9zGM7iiE?m)SH zXn)lz*hjX(Pa6+MDOZ1fFCPER!qxvU_tVB3bf)fMygtEHgxqi`J$9|~OG9dKOkUvXbV4CY>y zwa`hwQM}zp2zUEf_+9u$v|q3G((bXq`EqqKDEFqo{=?S7)z1*u`Q@lHTDZ1vawqcS z3G#X5F@C3s;qi8n=XoCW&$O?(4*o;~?^X39PnAZ!?7HcF;WoBV!u|M)_K`yP6Xq|g zyv6!HhjG}}`L`<<|I^&Zf^6};>EyAAXqTb_2$g>u^^I}AnZ=>KaE)iK0m`-O$B)eZ z8kEagct5JWlpCFj5y0Zs>>cQ&_&$z}V{a+f`1eGv#_|I6O?PaaKCp0`uPFvJzh6)*zjt6jC!Sf#MAPjHF@rKaBHtV!u2|0Kd&Qd zP=AVWjYBf`&-Np4{cT5-(!8FOkRI0k?J9 z+vJ&v$iqu$|CewrH^uY8E+((>DR@3`{_`cmHJ*OpJB+<)@2AlpUuC|n6t2&el7V*I zpgIztcq_D*_0#H~K|k{nxZP)n3s*n0_qT8!hS*@s$n%xZe@D>&oz#i*eH@GPQRDmI zr(H+a&%&S7O0=)d<70(uxv>LSCtIGRh3j>3o0HqS63ze5Xdj&Key4t#+kk$T z{I>Z0hnR4UPb>|8Y`m)aIpULLz0PNS?^G`K(ZG5Bt7xAO>=WB0T=Ol&wEdHaWO zt#33i?_97^{XD}v61dKKK)5USIWTa; zB!8Ut>0fBUA#n+Qll#4%+ zb%?V)&)Oqg%ME$R!olf7!PgN z{5joQ9ynj79_`zUem+E=<^4v>pQ>M?UinJxoTc@?%rgOsATJAspo$0uYKUEN)VKlj1 zxcU=*4tZ!g3&_1w!O=RNcg_yfE5~uw?n^Wlt~!|n@~{^5A1BXlMY%R^Y!j||elU>d zJ819oxu@yW+sSyohB(YEKmj9!Yq{wK&^Q0zCr@^O|5k2M4mz1L&@Q{nK&PQ_>(P z70;`ig*$!vZ~89@*F3D9D{lXZ(`V)X_TwAsB<91PzWm+&yWmeau%4MDT=OBj9r@Oz zB>vzqd2);IK!`eLeFOVgD{%bR^X?U{{VRBW!ehd9JS-cS*S1h6Tp4~AQUCPah(n0` zdo9PBDi{4!Z}{1d?b4t2sfNYlzsl@ShW!HCAEABhN3^50*Y)2r4xeK@vHe=3m211# zfxfkiw+B2mxVX-%!Zi-LACaHmvfPcrwZHe`JZS62gQ_F;ab6ET!#G^~9rW`V=-Ya1 zws4CHP2G>>YA-teT=;3@aQ(gDY3{qW>xC$J^c>{5y+8Goa;a~Q{joO-d5=8RzIYre zeh>ZFW6-gF+KJph1pWqfo>VUSS$@}k9r+UB8n?^`&_Bw!9imQx-%YUVqpClk+#L6P zMXB?!a?y`Jhq!ekUr+l8pNrXjrz$_9e@$J3{$)DDgu8a(eW$_H$toB9NMN65t$pA* z-tV%!>M8u++G{ZF)8`kD=PKozKivOw3(GD46XFxxKUQ71i|2LFnM3<~gzLDmZ9D2^ z*W;_zUi6dgeP?O&&Ti@?*pDpFYy6Dyb3x#K>7~L|C(re*EMwfilyZqrqFwQN?Iuso zLcg$>T=EO-GdZ-Em3tp~I`F*aQ{ncvC=vhtM!44Z$d2OmE!+=3Q+epyyw*~=_?dg( zcLKJ~f1LK=pJ2a-gO=s|DasPy%z%ez>k^!^C;KWX*VB& zzP|wZGl%+b3DiAD04!An-yehxZpTK_UX2Ny+-^+a|=Kn3iwcIGzMdexU zH02WK&@Pl{{UY=`c%J!oE$w@gXX_$v=aN6ITVd1RJg9Ajs)JfIwV~EOm{^F9z=D$hJUC(|NPh1acN(^U)hr;lgU%V(C+t@z%SMa zSN&|@{^2&`Pa{6oFRu76?7bz3vyBf^g=>9h^4y;KEcYX|m-b5VeIm<~D^ zFzxFe`}cTu6t3e&Y!AjmTW=)PUUYJI`c9z?`}+&z5xy^G_d~Xk`#hhp9Lqi9Pt?or z0e>t%KUFUJ@hiY<)Bb1L$6F&mE0TBk3;x79_>K%DA4=|xM?01!f1Esc-(b0LZI?uI z=v$l{9S4u!h4`DF!s+86P$em79Kwu`qN_H|jnMA|2L-ksf-{!Y2rCw_sB&F@zhLML+s zakG4$BwX#I%qwfhx5%?EAwG-gXO$ALkKB*(&Ej^OaP>3E`_k2DKa)JpbCzuU{FFM$ zwZ5}#O#7U2X|E)&XDvS~mMrPwJf7pE-Pda1cx5lgdC>Bzr*PFt@%&qBuT{#$&-ml0 zm#w3^l!E^`=G&L_r;l*84-LD@5%hY`+d=NtL;DV7y9_H0`@{|4wr=09T>J^MU)cOI zrVMztKCVZs9lug8xj`|Fg8|9L*wwsB)V?Xy3^zB=u9k|()u zzYclpli_E04eB+PypM2=L-JO%m)+-l!`aj5Z$Ca3?$!z1M`z>Auc{+{=D6-U#J{=e z6qK9$6Xo_Ke^I#FM|r)_kbIqT@h9~)+QsJmil@Rpv;_PL+7A$}>*3I;xYHFPe^|J- zS7ayRkN!qZ(kM;)vJPbOddgGYSYg)!c{-Qeo>SBd1o)*r{;Y>rnxs?_`j_`zoJeea6MkP zD(dC&evyq=4=a~)J+8Mc&%M*YbBz#B;~mITTnE~?IzhO$W3CnY*U&Pkz!KW$)6nU{ zdL5^IqI5e)Y+OC-bmUbk@EpGu`6W5zn~hgj3)g&(^SdFHsQ-j;^(PWI=lM(^6F{wk-}ZM+<#kze7bP$zgd3w&DuS!IuifP$yhI4 zz&!kcJkI+Gc7OY#YVapJ4CCH|)E^~W%Z*nlKEAz7p17=~v$THkzUoN1;RnENeh;4s zoor>a*AVJoAzbaFFQUE=kWZ$4FrEu&ALmxf%e=hpPFzOstd-31j0(-mf7e7n< z(fIradBSewO;@h=f$P~N$S1MRX@gc=0N)Ms&F0u z8}T~A#-$IOJ&peM<40#N&!Kp}L72ZgDBShmB=Ua@d7Bz2H+X#%7q0eEo>Nzv_6wCu zee>hdE=A;pMc_W4zgzp>p~Fnc+NQe)g{go|pvx?Rsi~a`7{9JK_^5fI}yo10H-&v$Jr$?@>GO zoZ^1r+Fq*z?_EwH-xnBfr;yJLJa3vN+~q^yod1u7>%2dY*EQB({-AxD?^(wf&yMFp zC)*csE8qk$K)BX7&3W)#+CNGATp`A{j^r!UUgGKTe75f7;o9Jls}N6X_dd!+KX)AC z-oQfq!D8|h``2sK*)LqjflT0ht=}D&^JxR`N1s#&_S*vICN&nWex|PWowBw25aDio z_z>-TI{isHoeJKHK>VLp9nIURh#N)~&wHEtUf}!nzmwmi<5o+B4xxhD#DaaaQXnLgeC^4PP8XK&iC7Owdj2z_@)xb;SP&_gO_~ z-{=DP8T}mn`Wn`EgmCpI|9f$Nz7?+J=Dx#t9-~gh`p}PZU#pF`cL{g*nFIawA@bva z^EVaA8#_^(2l%v1pcR9!btTF{b?y&>+AD<{Av}!DA(5c$CYc|_CdKeZr|JhJU0{eQfJpapG1pE9dX_xQeVa9DzeTv_+i!dxVfR~pH~YZ%STDE){%6Y}{&xT85#{24nBT=S|9_@^ zu1oRw48Iih$~W+xC${cQI!@>Q_Twem=du{_K4d=sDBR_33h}h@?aD^*C&v9naoP_O zuKlq#&jqr$EfB78j`MzC36{N;I+@>~Z}Ua9%U~Z3>=SDv+~pg;r)=ZiV&$Tr-i`iZ z@p(_U=Iyw^cdWjrPK@7QuzHPd4EqefKVo@4PPqD?TZn%23hTR7xcU?3InS1#b(_GS zR2$^aG}gDDaJ@e~jOXMRkv~oQSRuxlM_7SBgloC^%h4`lX@BzN&`-n>w={W7x%iV@ zfjIPJLO(?N)Sd9BH5(vHo_rAb_7HW#O`(%3UpxF4i=!|k-cLAdHVx(8`05z!E=@@fBFhn|2y%$DrA=&Yarb9 zqrJW>@zg>Td|q4V_@5$wm{#8X!qq;*_X4ckOWMKz5ec~S2TYGgD?&8Du6AP%{mpsjLkIkR)%7m z8O5TGslDda6Npa(@_N^zy<$9fq9l1Q;c6cb+?SY0p5^#&dGfaEXufqt{tu5m@nFjt8id=6UinnTMlgUeLJp z+8lTGwdv1{|1n=I7OwMDD)8O;kA!O+qC0%2VB>S;>)>aS_hT)8dXq=^UWT>xQsFwk zXL;WqYI6B3+}&pzgPwII{V&-O`mtX*|FU6580Y+MaoeO^{LJ2q_OgT>Z_l;uCejwEwc|i$2=fh+dakcY99S;d?R!sJZHwn;TOm=(~yT1 zX}?Ff`XBiid29Cv{v;1|Lw|pw4E~_oO^m}G&^ettBb94E{n&S;Hu-wtE;vc3RJsNA3VwI*0`hztv~Q07M1^Z!d3^82;xJmdl$&ac za;MOKtJC5C`P+|u)QNY3|4-8YvpXX`e+Ax0Xhohq1#$DKb&GIU?jI=E`o&AawY@T& zFCw&mi}o?@->^7e-UaoF%(=>0E-u6$yeM49f!X}N61?@i{c11ujdno$+Bnm=D|C`P z#|GIb->nv|I@?Zw|28ii7Os9K0_VP-(G5JBLOvX${}&6_{<1Bw&!>mlYy7`Lp4&Qe zjc_;4@VxHo)cHfW=3ym1Co+Eat+0>toEaM@7bq9~aC_e=G^EZk@)+L}vFEehZi9Wk z7yP&9<7wsEE`fD#PPmTeQ@J0Y7xjM=?)vpkQeLKoc1m0g5DO~HDVts9X zd6o9Dz&^Aiv`_HFWBM`5w3B_e%ahvn$7~@>QDGQaG&MAOZ(I~a2uC8^n`uz z{pFFuRX-NEeo50l$M0pApr1dGC)mE7$xph2`s>k8SCU^Y-1)!RcjP?s2ZU?CSQxmk z_#|~=2N7qxzWabW9^X5wMx8QuLgxgY>s5+8BwWi)Tm^sbCGW3X;ugQR`1rqt_K{Ao zxBgi7F4%ibk^kRN=MLqfA6xT=W3SfMSlYO+hgSUUwo%*dH$qw@zbAx zcI?V>BX>h5)D3=G`>qjgIZspfW0TqQIi}6y<$FUv+7J3RkNCnhukv#c{}L3tjrJbz zpIdx>R<3bw3V*D>+a~}z37BL zD?TsJ5w8025?oOfK zv`;Mnw|4)}{m=*B4-C7!7rzO%G^xN;D9obzUH>O7)cf~QRKQezV z9s)nJd{5cN(zeQ_zB!)5WA>|PA39XLUMD^Po%|Wdx1Z=w7vbtp7d}5NN!~;4ML*pF z^@@-$CQlWir(3zdkcWOkxua=cV<^_W$xwSo@LSKjQn*|1{T6rJ^01e1ja#@b%H2Sn zCxoj%ncGpWwaZV&>5t`k?P1V~1ojuT6z<~2?@pTiI@%{{qTEyg3jUGyv3V%h=7pxi z5zlN5#M9bwsB-bs{~bCOpZ91VkAt5}{Spt-pG6oSjb*nvx zdV@U9e)k%64pAq>=ioLDUpEpu(fiUkH85*@LR-UglhWgs+OxL!9MS%Lg1OZ}{HH_lv% zc-p?5rlY}AE5Pl($5`R!GbP-QX^zV{!0)-+KK$2JNBqg~+?&qq81=@0`#cZ9^5+rq zXa)3NtMA+7`C;(K_+R8OdO1pS{2@QcrcJALj~v31~Y)QLQca%)qk<0H_CzEr$FzAjvKQY(FD zY3rrkw9oQ>=9MhB-ZZx3Gl7Vwsr_(+(0`=`qKif^9PGDXAfp8tSQ{3+tqx~Ir@0^OAa#}sSO0U| zM_rZtfO7FO#_^;B`PoVMnGbw7}=gse6&n7Pl&s zsUJstEI;Gq`T5YtDCBw7o`8Lf`}Ay_x!(99wEH%WGy8>WJ_ny?Rh@!3M6>W`a3P%S zCS2Pw(-QuSWgQY~uW{h@c$j=8?ZcDM?n$=qHrmJ9!G9Zvt30XgF6ZC!K3j}Bt%Pg4 zq?7Q+uGi)YSAUW}LEq~8747r=(7%RJr^8bix7YJLSi24#EnIc-k3z@dKi%2O^;+P4 z=T*Wr-?D*xdt121!RI~!Yp)?sqyNSO`%6a(*Lr0F_jMNux4DL{yC0irpPqtxP3AA} zeFpw#7x|7nO8$&+^~dA7)arG~RFs>Yj(iwG`$5Xp|A75=;X3~01N#hj3D>yAINp|^ zPQ_`^k5ofEtuC#EYurk5JTd$B!c`~oy6+Ss)ES~W>JRTnSv*&ghq>OcdFO;@q2s-e za=TI|DqQ0n9)|0q_2ko(i+&_f-@m96<^8Unv~NEh_L;!-=33#Jw^8md4b%Q-;aaaS z?-SM}KWPU2{2qRmX1};axcZakbNR>E@0OA0H~CKC66$OfuI&=xew#4)4(exkPNS83 zoH}8?zlLbYIi)k?IB!_ivd0 zR|wa9XcM?D>q7hF%@`kS{Xa{%#xs}4`13OpXtmmlKcT7U7q(8Q{v3F!F7n)CoQIM} zxxdKr^IhTEj#C5suPUaX6XkO~%eTJ5HU81S_ebuhee5atW9ymUl&k-rfcIlOuXvvR zUx)GS2J#8yDPGrDoHr;Joye7_*J0Y1n+=`JOz4>Xt;)qd83nibZUpTkbD?8#UP&I$ z!cWu53wQbaCi3AB%RPM#^kW{{Ybkjb^7M7 z^Iu2dY9HbL0b5TlQZD+jz`pu-oQ|x20{iHGqfRW)uWP*s{qS{&!#Q+epz$u?HZGm{ z63R_KjW}OH`-#Fe&pUEIw%xB-p!VW_j{7%E$DfP%q~1c@N)$ml4E%KK9j)V30zK%Q7=T^eqp6Q7-Y!-GzFUr~OIuVV~kU z$NU+oT;tF8Aga)QweWvy#|^@@-_7IxAC&HS2mgnC*#*##G((=8!uVXNT>TH^|I_4= z?r5(%^rzm-un%=XK0inPs&er^^ff#=kNO=JqFoZ}5y?fgzeBi|8=r#sSR69s;S6+a z94PY&bfSC@s4{h03fDM<*)BuKhX_}H!WY8-8sxJ~X94tW++L^l;!i4Y9q}i1@|*{o zQK$VP*!z4QQHuO!;hMKz;5#Wxg#TMRzNb3kXM*2Hw)y=i_2XB;Pm53VRoKUQ4y5Jh z67ukV)YtlTwKV*U^#Hf=YAU(M{ixQD_L@DfM~n}C4RMZhzrDq6z3_jl*LLBqUL`TU z+5GjJa2@~Cf$yRoQ+v%r_R}K9^TEZ?N#6t=>v!vwYySL&dRcrbEMd7@kmuGe1Ia@J zaHVPQHGeDI&5wcoMaOBMy9?#ob>eGF;eTzOlUAF4t`n~QM7}_K8Q&vZuNQKBzx9C< z_=9H4kSEmw>$=v$HExl5@Uv`5*gr}81kdRz%W_{8uKxRfpxlB2{Ng>;k#b}0;eS)w zd#|&;)eyHP!^CH1o~uYp;NQ?o7nl{JfVu5jdx4x^UNC+@Hy?c^S1A{S^D7 z<#YFy(9aA-K3IRxDi`}a_iftx|Lj%ZxdXoQ{9O9~33)8Af2_)C_>=q-@nm{>QQ@i| ziGqJbou%Z_Le#f5`F`pI&m$`TCj1Y6&+ZE0Iu0cH-If@2deS~K0rj0hzSVeOzx__- z;-|;wmF7>CHRxaSdA(`%I?H(A+_1}pyZH0E$>Kj&x#UUmFGSwPlNGf0e)gS*HO)`q z+P?W^;I{59T#NO_&aJrfP>J?u2v_|SzvEMyyd8PI8sco@_Auc(zpM(>YqW4JH})#Z z9Y>u-sw45q^@fh+?G+h}=Vf=ton?sjU4%RP+2}8W$zLW9KZ9|@)?=5igMEzW-Pyjc zmCChVoJTC4?cPEhss`fFL%5ck?TCD{em$2wzZlmq=Kr6&)@APmf35K1Y9!lY8I#j#wO) zzN_tchL^1~%5jVT*TU7$NH5ga)<3P*gQxjDvc?=Z7Aw~{?1%mfPR;Y~dk;MJ8~nGt zdQG^?la=6esB>JnuA`D)ARnqyr|5m?L@t8;S_*X(u6fupa6hLr`J_O8-Y#6r4Rifw z_nBuq&cgooVl;PDvpycO%!?nC5Tq7M2U{>t<27Ors) zy$4d{)I9H1^8B{ujzq|hlV^SbxBl4tBl@!#{3Y5yMV_F(tyk0J(F(1dAYA>AHiSQR-7!tL#w`>$fA2H37yZOo^miK{s&7Evp3D0@ z41?EFxZ39i!`{~CQ-y0g4%t_{|1J{l`rYrS*LDi6bM_UyRAB$uH{`qc{-DiM{}rzF zig!djZ5>trbMX8r7$0n$ykEKa>HUUsEpPXc=lC3as*ARK$7dtjch^qzQ~68x?^faJ ze`2}s{=dzq4++=tD!l^r4Z+-7PJ4eC+V=()`~!I=3Z0{6@CRpZQvHAayI8o!v)9|u zxB2vX;Ti{z`y|KmPe&V1qyJt+zQpNE{shi9-mLZ#pAh#Mq8E7H<(t`Fd~Sj)^1MF6 zwcIrKSDZ}!N0e)v`JIB==>B(E5lh_aChP1y$xc09@fpI%V`|LRMT)Y4F znQ-?Ug!{P4Qs+0d7k{!b=v#kzek*uBus`qz{GDsOMkWs*LEBiIQQcid5q`wglS*t3&y`J{IPkw1$kyK%6*ykG2xnr z*Nxt;ZzjW{o%{Q~6@&*Zb{@79n0qFkMjPQ*~f%y`*vdgviun+T%XG?-Hd)`8 zw}pjp=)$kyPig@Ag{^0vRxUcRm*Kz73#){yeyp$W1oEuc_tXjTxwegaBff@y_9xhz z{xsoEXDjmI5OwCMz369n{*U?pChgN-BhC%1T$ycHBZI_=GnW1tDouXkq?&VyM()S;}+!qJnEmfOLXMi-Fbh2+x&Q) za2NmEp;JWr%R{dZG}DQ~C#v$T(MpL{v; zt->|V*Yf=li^E@PFFKj$&|hqP=<+RimhWFYNu3wT(<#JrKKXv(+Ah7mDjt7-58{)G zz<-|=p_+B3*A{O+MWS2|3dnp(WR z9rr>%#ylUxdQBt`{Rw~UI&_C{ZTB$0H}MwjL*LW?z<$ME!qwjU3UR=w<#}VteV!L; z<3ox(_6h9GpN*<7I>GluO8fxsZH1qg)1Tqwk#E5Z3h;|de`I~H1)od%k;1Kwh}@5- zh3mMze;fLXt>|3xgM(LU8b!`oJSlq1$( z#t8p6e_j&q;=u2ZkD$&j@?15H^FNVa@DuEl{SZ&f|DScLSZa>P+XHl-js-bWfpJpicR}RFtE0=QPy%7hSUzX86#`n}LKL5$n{sFYtIrOKO za?NM%H?w~6C3*J0DA)3&&H>n`8$rj)ZAKpEcNy$CR43))XO8El-ob|1N*>yayfr^B zI|%(K-{UJwKcm96-(}xMeQ#vD+^6;$hh}I;^XCA$&-aV1UHbnD{lq+!Yxik$%2g+D z4)*znV4n)y54oE>b`Q$6d4GX$^)t%r)|&Kxz1oX@q%GR_Ao(eWp`Y!Al}taz=RxIS zpXB@0$ZF3k{TsN?b3UzJ!^v}ezr)sPpOL5QA>VBLto=Lu%#_2t(~JJxAYAhy#dYJ; zCGd-dv`-&HCXc249^pD)ObvXmx&9I8_l~sir>wwO@6{(@Y8=7es(9nSGcxUgyW~>`B?IN7uZ{z zX9-t-7Oz21!Efa?7PXgh6C6)$Jz4WO@^&8YTUve&6s~cLy@dE6i{uy$XMct_Brva4 z_e!~WXL+CXk;h{ydET7U$c@vumJZ*ViM+qr(xmq3kc8DwlGz zf$#NPPzF57^`!YTNVxhF4ZOGVgxYJIUqyZG`ga3)cqHbLk&I9EvanC}fjwUbkfpa(q2-k9RU7>ID z>15Rrp5pr~XdTbHRX#kb8IGF#t1AY9|02%NjJLAmH8EDU z$5{ zV8?{3KMC#=wPR)Kz$`$lYBx>C93C+B@@uP24O_yoSMy@Wh<8v2FJr=L(i!|xg( zs-8EuDs<9Gka29APsrne?=1W-T;q^gjP@#`{SBvKUGYB8N9sjBL%7UhW5KNym6O~a+YOjU(NB#Ui>5U zM{C~}!Zn_`#?ZHV-6mY)AD#n0hf`+>?IZ7E-dt0FUu>a$p63Qwzl&DG_|q$JALb_E zIxmE>XfNwWD}`&hX+8(BdhJp!ex~>y1k=_#`ApbHzkr{1pZPK2_P2E1{di8e=53t! z|81Py>+GezJRjTg@T9ZQzLC|4TWyLp7p{ILlZb=$-+ReJ+;`EP_TMQN|6`ZKPyE;O zjtl=cKTkay?UHW}{n=J7d1^@;N9vNtgsVT9mQc3%KSiGU$#<5uX#XK~g8P@grG5Sp z=-9fkZy5TqXbY!c^WgK!rCymf;0>w&BkjXSpkw3J{nc5oz&Zc3jBiD~tiOLDT=l)C zSQm|E!_=t(9zEE~m55b}Tt|?{Mxk7LpZB36_#fi@ZsTO#n&7d(I&+|K?HAd1;7^MJ zRBVab3(vm^ebn0Xs@8%|WFj)k;(VWQ)ro!%%i9>A*~+E8a$h0;TT=hOrgJsQJxKdD z=RiOE3hYbL{z2h-T@&Vc)QxDrnD(*qh@0KNYH%+6iT#E3n6=lf!gZZ+A)l9ps53yg z);F2KJjn2SUntjnptOdZ&V0@sOM$^Fi-FQWYra&MpSi1m>t zg{z-K0@tmtsJ-~}0MfdYyA9(@ovYO={Rxb65v?(5c|9seoA4ME4 zVfm}%@e;1>N~m+LYv4#f$vWpCy$jw zKAg*PFRI6UTL}Nlk>4m>{fuo#d@K&nE0=P^^}vVG{;+VDR~s?zCCHmz0Q+oD*k4Zm zVUq&)esu2gQ6%{Bm)L8)()@l%$+fE#hzOHD9^dXMRB5rWuFE5%7E;l-q!% zyr5j_mF0TO>UESnG7a%J9&G@f_y@)F`E}uzV}Gx}hmK1>ea&}xFMoNII*|p%bxvvc z?>e=FtDote(6Q^LG%AJ}y@acN?g6yd%?0?yIN`d^j|R@4PpXd8H{1mE zvg?JT!u2`Jk#k2m0UKvdxfu4bsi@ajmV2RaEjPRX`8?Asu|nuC;(&POrSLz|54Rp4Z(;BT zIWGN(_y4Wj=g2ej5r4ZswvPI7&YRYM>ota-S)R96mW8wvuK5sJk9@Ovd5mzEKYUId zru_u!#JOLtEBWWDBlXSlInK4@4V!>xh9V9&F8xZLAAxqU^>(An;b-V)^p|%zE-e(U zex`OpXEycEZ3^x!hrQKzBzd?l+Hn=_mkW1!dp7L9B;Q2)SOfHzu@(6L;7>tm8frgJ^Zgu-dMQW$9djb8S=QZm+vKgfcY*)K9%;F+3;sE zd0`8U+duzR7Owiy!1ug*I{Sa#FB(gGZxZGaWU1W$C(l2GJY346(k&66Fz37B#_=0fhTz`rM2%J$|Y{G9}$7O>E|rk``5!C)2Y-3_7U!juyL<5dG-p} zW7P7z`fU-P?9(8xuwLDTJ3qN@EMmD2lE=rR|5|b2DI z&@P+F-x99lPlof9<=gkP4_-$fCl8))d|L$9_^S7>>F<@Ty@fXPE?Ne50Z!Y9$Y8#jB@cO!S{V^Jzwbt z@XS8skL7I#;nt>R=H-NN&7XAOe(b}- zHEtoE=g^gLxVQ`3@ngito(FXjuJ-Z3{hTGrH4aas9r0J5SF0=SHz017SDneTkAfGm z+|PvT{fB5^pZRIspp)K)2-Kkcz2tH3m$r5}NS@=luXdm6>|3D|X8*PEaG`SXKOQ)b zD@Xg>bEucKOVisB=jDMo-zr?=6PsN;Pv(+`1NS8gW3bOmM7!U}dRW?=b{i`hP`>MUhpYgQ$aVB*lf#=r; zsT17qeZrm4Pv)Rsg8G+{hk4y?_dRYCuImv0U5vC*+9!l-y;8i7XXDideEF+bY% z!hi09eUj(e&8N;Va&G|QV|o5x<)V}1dqAaVe||6ML=O6nSi3wy?(;dU>6~yk{Lcr@ zBRW;M>Zkd9#K!7I!v8HFZl`^C4C>Xi5DvYpT;kvlM?PD*vEI=%=Ns$BGg=b;^Cd)x#4;J)jT!nM9W&v`)BdEU3e^}742 zFLB*!`&tX`g-)F3kKIpyDht>8#`s*LJNdh`PyC8{m1YM%r4P!@&q90#)4siN-Vg6b zzF4^CTP|=e*-GIWxBMrFPxV6l!7l0qzXSM(v#03aew@;m{si9d=qlW`dtm?GAhnnJ zW?wDdzU!zHeda2sj#_(Oq#yJ{TYblCvh1jG(aG?+Lv8YYAiJx#;Ak!rty1{7Cy~1=QD`Yt+3D_6d#~ww@fK zTd%ir5Ji_&x=`2&O{v1U7ZT){h^`+bpzr$tYQq4gq*FOq>Y`xS% zxRx8@JZ1MQ-c>I8@&1U+3|BkPYc!ZTyso!)>_+Z|(Z4#D#UG3y5B-34G(X=FZn34b z`>{>!)gN9LH{&n&J9{~wFp#(9hQOaV_n$CLyyn8SUfI6I*FQ689|@d`o>qIQZ-o82 zI?Mf;IzG>JJe~a4!3B~J|NM9T1MnwW8F9Fcd6E{c<5D>A++jI+p6BP=^+is&`ky)p zI+iERhl1yCZte=dfG$i`F8=3lMgEUqxpxhNePX}wEG>WD75;DY!hYfEXCwMkmHJhO zL*J{0cC@;;RjzT~2!HIl;6dYE!AnzTnelz_$HuE4s2^Ja`v$Z>X$0b#<9&Xc$Ilb) z+Uo@P^9FzMt#a`vGPkW$Fh5H_2%X?Q=d*VJW~mL5#v)XfpYVKavKWQI6TX9Kk!$cH%z#T1HX?ml=^Qd z7e7-kBMvqW6pmt?ze2lMf4o$<+t1ABvzF&0g}Zj-xNZ41nL6nvh+BgK6ud;alpAFp zmf!`_r>djz|J8SfwjO?9H2m>6o}57cCkfa3KKvC%Y@0{c2-p0N@w>)h+OH?~0_(s} zg{%L`ixCIAF8hVtKS=86ATW1J&?Rz>h=P>Ozkw@40 zj@bCndMx4){s_Dp?WYOX>*(b9sISF&soIPGkvq}iHt!#yPJTb?HJ>^yAA)}NIdB_K z`U+S76TA;*W=!hW1^h(F#HLR#JqC}%bh4(_5IE8^YsG!VvgEN zyC+_Oj?KS~9|6zZ2X6O==L=Vz_)h3NNc}ABz3!-&<#Vrb$cIGWd+2?IYq`-qXqOcw zAyocR_@85Z?7FzWa`ltf*VeCB(ca_xT$Sk0m%`Q0(0urLN+Eu6-gxNeZ$i0)7>8Sh zYrpV6$N2CF?H8!M@bo~`%kC%K_!xM+o$rLLzO%?9+*fAf-df@6PjJ8D7v#a~-+~G7 zC-MpWF`e^;t3TdO_+!^!oz-6Sqi?_;yUrb<_QDfygEw*BdfwyYeqfyZmim#F7=I4Z zzWPMQfzO>S4+jX>a{cAS%YBMGxNmtWd4}u!hSdL5_0@mwZ#;+Gn*@FD1^9CX+v^aTY?^1ct} zBX%QikJ?LolABR(C)%I>1bFxtaLb=NgzNZLm+y&~&Pd_fzPZjQ_fhI>RUP4xPzy&a zJ{L>@PyP!1#k3zJTy?_h(T>B(=aWY_K&Lx-R=Cb1ow%Re;`5v8OT8lBL*Lr{z9&&` zd=~tCo;q)l`y;{Ukym;O{sf=nTp(Qa!*iiOnf3$7{fCfO7XOdPJ-!EF<9WTO8MiFz zTbepO$fL{P&%y%yVySQ~*W>wYwoX3n8PqHK0?Hjy2>U_8HJ+IZ!FN+@VjQrN_jfHFbdhf!%6#Y**dwDL;b7NxU>xHX7A-?xv*GGG) z6FCbyx6}TTX|RuML%ZAkiUGpa|5RXq<{H|kxNq6kw_mBfl6F(||AJ?+PH4pY z$(BDi3RnAhEBM2(d5RO@J@>Jk zM}KP1guQ>zcf{uR_mpcMa=(H3(_j|tQ-g|^`=#)I8xQxZz3BLX`=TwM0}qdcj*UOB zk;ktBw{nk?=ZBzuEe=68e6#pp{5*J$?QY}P zRN<-<<@)(%>a0*MI_Ylc*Ha4ci*2eS_UT_yE`IBIr_6@FKMD1+@v5(KvCj;Ly^X7D zg#TMScTp$D>sE_f>p9TRE`q-0ZBn`D`@FAf@jUSb+8_3v;}*{r%Edm}ubCW&7HExmjP_IR_|F7u>_N}#k5&n1?taEyn#vj~69uK_#wNAO{ zdl#U-KJ~ZIKF9kER^J*gQNJhbEpFck|F<|7&V_xR_i1hXZ%dxO1v>V(4=ERa(q)T} zlPiV0>#Y4(I}eZ3&wa|(|JRVulQ^Ci&eL(Df>)mJIof!2mT=A6EZ-}yL7hIrRVO{) zccdNp6Xdbi!7n6VqWUua{Fm2jXOeHCee^rTzZCheYA^oO8`mlc#z8Se82D$n)(mf7K^nC0y&9;e8mp9z1gac$oM3tzTay+&wo8oD<%Q_KAzo zUX~9_$i4X(2dqCgU`0 z?w8i?N%GvU#raLIA#S_a7IoaqthLUUt8|&SJzfc+O{Y;p$Ja z8uH5gd5k<0I4{dv0v(U<^I9FN33qXO9{tyNQ}XbS7?*4x=2GRFx1-Qr7U$!%j~+rC z?Ed-arO*!r-VZ9X3_78m(C<^|!s?AyF7?WOUA*6I7p~VA;{y9wzM)Qx?*p3uC%=yR z=F34R!aQjy+_mEbaLfPQ%B5cEz84bCG_KaeWz^v7V><1G2iJhh=2R>3GJ5!@@+Hqy*-GJT?hTBT>KBcigvNQYO`9)t?YS$eaL-;t9^7~ zar?dGnYW>D@$d2`>Kpt{*--N24)n(wtiyN0HExMX;N!^~u0gqBuIuc2bFgrYPiATH z>$oRr?{U3t@jquR^y4}B*@^mFh3mNbE#LD+@Akav8S!808+;CagK!r&?vp8^&T8Qr zw_bdo-TKQe)scFozQ=fF<4nnQ(1~ory69Z?_om9lKK&K^wCkGpg{z<6Z!g}z_E5)< zV0^IoxB6Su-wz%0XPR*JC(m=$O40viYA@X9^IXXQ_ivwYEq5TF*Hpx#m^i`R2-SZF<>vZ;TfWT^uJNzR z_q%O;TOnNi$^DLXLUsDHO?5O5GZ6pF$-BL)_W%4hLb$ej_HD%3+Wix?SN<{Dm(A!M zp?&Nd--%h?j$99&NNcPs4zj3~!qrc2H}c>1Eo@MG;o1A)r=2TO>pkeim?!W`&XrZJ zI-{Xue68`J$nYEK=wa%3ufo#mb@lt`UtjM)zS+FcRk+3>{a5k4eM-3cAH1*oCUu7L zoSB-eZ>O#Q{yz8~)fb&i5BOv4JN5&V>vJESjaMgp2>aZ3#r^LoT*rqScz=)S4K0>*<`WW}>(f(ud6z|WQKcSE5{};ZqTtWNVFr?(x0p$>i?}*LcRif&BpTUZ0}eDBu6G`T7uf zygJIAL;Jd)q1@P7s+gE>(5~yYk~YZpE|S1v*WA){h5A_6z=-hYV)G;xOkd#$fOQ1BYVP}{>@0!k?|tF_~MH%zB{=6$EE)m?KIA_U&i!yAno5O{U7>+%c^B4?eCQS z>H0r^Deccl{LEDPzxo#$p69P#QZ4$NJ}T``OCFqV|HW@0c(Q-~DfI`Oci+VDgM!tc z|E9-(p5fe)_D}pJ?qB#l?*Bg0K9lyA+=D~G&(Bah@b;Y8S2YYD_uskwiJ!crM%a~c zo~Cxd^U(jp?f+5QzfIa-csI|h_xJ5G&fN*03vGA$q+jN79_}*TYQOClqn+fdSIYZz zA0*>{lk~szyFC8)N&7FMUGbCDd&i~cdHhkx_|g38N6}9GTYtvz|E7%dJoN`2Uid9; z*Le7I8Ruca=X*;3#;N1t3|JJW^|4SprgC74Gw3D3nZ=_DU zmM8yj>HpBX86M3~KKIuIPKg)N=j$%o)w)uC)n7n6;q!8;{`v3IIDoV8XN;e(5jb0K z<8jjVibH9?`==~7o=X3(l=dfnmCx_*O8bxLarz9umh)f!cEQ7^^Sqk=|2^6X{-^(( z&tq4{dH-Lh_UxZmqn+S?_NRCpjkmYX>HqE2ANzah4;Y@$lOfyh;Pz+U^NMQuNNN8( z-7a=@4d;(adr{;cP3N`WVE79!<8ie7{6@6Xyw6MgzuvEZhIZPQ?@qpYs!F zr+vBf%e=q01V4Ww?azM$@7JeG```F2zF*2IKXM)IgolSD4^-3hKSw)_|E$=-zFfxn zF=>BJ-V69NY5yY`=UJ)$ug~?Hf1C077eB)i4xh3@;rr1}^R}d})O*P|FZ~^Ee^~Nc zwY+gC?azHV@1x%LpP+WY`S4$3JZQVYUrGCOf1mNp+^K+fOc@XVN6P+iigp_3uJF}A z5qN$?^~XC4zsdKhrsuaw|7X9O;nDkB{XK^Nxqrs@pw=Hh6Yc68{afCbx61fmO8wQm zOjo=L$bovCcXIo_^zXkQeCeGwJYRrzh0lM@eEW?;KYxLCn)i9J^S@HY`M`H^|4Skd zT$lDcXjgXoU$@8qI<(U`&wM4r|K8I7hiDuc|5e(N9+`mIR;W@3J{%7gm`hBJcEnjW^A&>vC#LsIyJSFYVr0lW(1MQ@5z9FS=e&8R; zdN&x)T0XB)JK(>2joUSU_-1K;THYfr2_Ak9?TXIDzN**zM`)*cAO0!k1DZd7#2@p# z4`1c+eHrH;p`FGldVIc~lJ*~<{($F&UB*LE+ADv;?M2b=K0(^Qi`p^H=yQ3TBWZv5 zPx%}@k$MmGHE5^tA8zsZTD}@kJH~lR{FPdMc*UP_`?J5pbk3)sP`FC%wC|EH{6?Ag z%h0ayBj@oY(*CV7&fUMx96;~yd;U4~&;I!^v{RkH_xUsXoPH|W3C_FMnGeilf(i8p z{)-PY{)IghzKr?<&ZjT&dJkl(pOSGN{zhKc>!kfvf5GsNewg{&%ccF}(N5zOUc&QU zk$JyX`al0Q-2bzr|6S@&`9?Sr`0buaU`IjKXd$N6R5|KIVvA0r#~ zq3_A_7B_6VeN5Uf{WPDKPmlxoGicW|Z;(&n9cU*w3#s?(e+TXAzWxEGpO$=7doLOX za$U&qe6zHlqMh*n#Lr(+E!uAXgJ`Go@(C&X!;e#c;tvx4qxa=i@6F@f{Wj*Syt+c+ zS9H77b=B~{!b4XZ~sun{|;&g-kuWsgTCMY z677VycZ&U4ulIxBkNdyyO2&`Qm-#HTE4@`E^QC|w3qY# zKJg}A>4yuPeYC6ny2^B`{UcvU?STL3xAJIu&pWi6`AO6)#Y5+~Q-B&W5Ohq5j`1$*2C-_IV?R)dPsU7%# zLDr@1qA!1l+wcA;kN>cmrBHYr?L-eBlzNB#Gtus{Gk-pfgL$9(I>y`oDdYU4jQ_%~ z@%S45pZ|fp-se;D=a-<6pRfNQ?O%g-T2~2vpU z)DHLyAI|r}(*n>NKA8JodX(|-Q3B6*N&6F5?e;&={hLfD8gDm0gvY-mb@n_N=X=qv z_~fTBJRc%>`w{97JUnro$Jh7EuS$DM;u5tT{?)Hy{CrL79DO|6X`F({6}s3=jWrq44d}{*2fyHJpD)?ZD?#uV8xkdRbTW zq1@gQd+)x?d;P<>{dtK8j?aa(Kk@e&PA%vE&A-O|i@(e5e7XyTe?skqw{3<{%ZX}LE2RHpXeanbAIp3|pZ9-3{Q>{86~^aVrT-67f3&|KaWz^$eV2^$ zP>u1U>3rjF@c7ROKiBQQP3;)x;eWz>;NxZd`bTj8!mnIXEt;O+A?;878n^3tpZ=Sm zALs>lrS3PM%0l6L(N62Sn~F#JIkeNdo)WoK_kRcVNBgBs9$&-x(8G+kVhV3hP&@iR zE%9lZpMN{rX`JWf{XreC@*kxCbKk}@{ynw2LgAOtPW=42l)dY1XeT-6S*dTM@6DHg zq`>dYd^b{98Q! zGh)Be{=|;7Kl=$huWtW7v=jgQ)f9jD_tYQrJ}2)&ex%^xSERl0TBbvNpT6p&`2H%U z>}j8gb{gk}uVVW7ei`RGrM>mRd_uJx`y?xx~@J`3$c4-fqt#&c2N`BoYK+3#dLYy5oBtGWN^L;2p(euUSdo#1@_ z3m8tlUtdA(7=QHN7|(Bz@&Ajozwp^S{trp}$GnF7KlNTVK0ia+pZ`j3|HPN_2VX7i z={U)sk@kllV|@O+jQ_~TFr3evF`OSI?O!A9FZ=|LujTw#y_WIz=2Tqkr>OQ<6`o1i z8~3FD7yLByx4$LhzXk1zFa0*3qkk;zKPv6TcQBkoxfovYvE0A-$Lue7AL)OHcG};& z|L;h(==1eY(N1`7NqrT~lYdmkx%<7m-cOWq-X{H@c&Ux&5BuAUpXbD%uJ`>8+6n$A zdJO0Od+owGUNZ=E&W^nn(0Bqf8*mYKGAt9U+)<0q%XWy z;<`0Gf2FklXL;XH%hlhFcA~@Qev{#8$=vVt@eF6-r40Y8rTx{?-ufzr=Xq&=8`=q; zyT8Qe^wXvN1O5)<;RUI)`ci3s6zw$c6Mw|x==1ya(*L>N;(gcr_U+UkczgI`dHm0L zZyxA_AK`JH`ZD|6eVMcuQ}%&Bm-b6?&t4LE{^9F*{3rf|$N$2Y@DD#q?SS)nc~4yH zDceO}*InTQT7Hy_V+b1{uiR1`0b@sp7NJde~e%J$Bc)Mmj1u5`oFU9p%Uk* z{gvmxR=;|}jPV95|e#{KV#pGD)Ri*|x@ z^f<3quj|XHKiZ%FcBT`}55G;uX-OQ*YXzX6mi8wkUt9CNYjvLYVX1Rfl>Selo$k}O zr1Y#Wkp3@7{@_6R{}HtVo@eDf4ms|H*EG2OiLYlkzf1ZbOZ(^tE~yqR=YKV|<9t0M zc5h9GZn z^G4Es8SMnm(_$C;+tU6O)F17w)IIWl$vAgk#^>Fa{y!(HizhuFlJ+^Z0L(@xM>TX{GGC zdzYmD5AnHvtMva4v@86}xzOkFdFlVczr3V+e!ld7-^)DC)8EJK`hF>*o$mL4F7YZi zrT^zj`-a3PGZhsI{|W6hZ$b2NJ#Y64ulI#_@w)Uq`z_M`%-^x;@aL%=<6M&bbj{~K zc|+R2g7K;8^Z%3fr=;GahW}GGd0pvv;5VV2#((O^cwX)2{V&pf_jCAsY4{&%a{t1+ z7(W`Ge~EUrUy=`{*Y(G`y~^Xf_9cwChpzHCPo(VaPokap>TgJ%mzKM}MEZ|pAN6{F znA$-<1*!A@NwP0H*96WlX8e4twEwWQKlDC~|3?I#zd}2~|H9k2{Rf3^AAXd_zxz6S zUml}&;O%*-+oSo+^V0um$rIOn=8Lwtf9p>e9*xiE&`$HF^Xc9p?ZsCzAJBLxbjH)k zbars?NT(14*Ee>8?XBItASiUhad;R_rr|i4_JdAuI0z@`(H#bdz2Sbl7j&n?@g!)^ zP79r3f7A=7VfT?*rBQZw3J#({6tu_V_E``PrsK21!MNQIgYK-~Kf@=+-vacUT3tJ* z?ci|M9(NzSgUtO98;GVR7wVFBk&IU^E_{o?#t9WjX_vx31sDf2Y>$0e|f~VXz+! zx=r=xxOJSF&2xa1g~=;rKdfY%YT2enrpeC^?`Mbiv%~w@;r#}->)PXQyv0bW0!Khz z^SD_Zhm%=vieKmdmfng|78Rv(2K-VMuu>MVQg+?t?7GX@b(gclm$So{v%^=i!&kDy zSF#JLR5NR=)U!?58LQbDtA6IgY8HrUc0twb@U`rA)Uq?yvNP7QD6D1ISjz%Y%PzZ? zg{z*0tDc3co`tKP#Y8>39rY~q^(^%DEcEp(^z|(CjVut2?2L`<@Qv(Po{KGb*-t&s z@vVamcn&_`IS!Xs&TfJ4Wmn-lVDY^yntTU*zMtJd-vOWRXSdMzvm54vRizn@@8CFo zDZ4?wgXj3Ay20FR)?e;}@6+v2>kNCn_B7n;G@DO0n>%~KUNLBv_Gbs@`1a)d-&Q)) zvyqy0bFd#zyypdbe%|S2hzm@PMR&u_@pP-x@o)$B_i?dL!(e*;WyB+$tZbys$?ArR zRyWjSbG9m6ZASMzR(&w*k7k1ow($I$mVA5>+QH1hVTg%Io@zkS9f$2c&PxzM=50f` zcrWF-}$h2gbMv91Vqz`$fUVZ1;hNWw!f7#l~#+fsX6b2x{+r zVm!%Y_hHv~vir1Y$z=Cq&-&qH(mo8;1#n*GUynb|-clJcvEtiWF53rconCt~iAdY^ zV5UhFUH-We1W|wF`6LTME7o1}34c{{jQKa4bW1}b+PE#0`jEw@N8{m1FrEz*xrgKN zaNOLvp-dP1Z7e0gy%Y@&-FGayHDCaNZA4webPZ-DYKMO7R~(vwL+SM^S_KXwcD>bG?$uV z9S;56cPQw-Lqqo+D!T8`(S3)K?mM(}-=U`a4n5s>Xyv{`E%zOIx$jWSeQ4(MPOPU+ zEZb9Yw$*{numtGrmf?%fYdsJ

jv!gnw$zcj86|?q^QZcJ9mx@`6C>665 zQ7UFByHw1c#!@j$#U;-%ua{j%$zcm9IcxzXhh3uNumzMHwt$ku7Ep3nEla**9S)9E za&V-QgIkmw+@b_ZgiW07qT60+Ha+mF!E_klKkCiajp?oz?BL(l(QXOMu4SKGXxZ+s;$?fhY}dN&pXM*z7B06v_jhwv{s=D6e0z?& z2g>R6h&H{-|E0ER*{-|4OCdmytVYy3$P3Xw#gk^Y9^OgAiKH=*`EVWza6{%n!AaA- zlsDd5jDmUJ#VGKZ1~j}D4pP4@KteTzgn3`i!-9v4GY=Zn>2LRgQJ+q~`VR&1VkEe~ zic!FaRYtWCVEv-!%aQ;Y(-S|UW*TWQ$-SIC{f~HHka?D_&T@K8=xvLa?*1xXx*S*6 z+U=j_E*`pzy?FO`b2q-Mk+*mqohJO)rzDvoWMJv4&EA>qf)-q{(m_KAu^udg`t`iet`uQ+u0ibIF5ICS`mLpQHD^ze#9 z53e|!;}wSp3DByhe67-=XD{idl1=!|z@yWfi27 zLqW=}tDJ3eSRu0ub(r|FDk+q+tCEv>)ci+`7OD4V}+RJx@d-;ywE?3w|BMV(A3tY(&23T@L_mmt_Hm*bB z2y7{3slDVN_mab^T6S=pvcrZ}c7RfLMdCSZZDq&pRd%qGiUR``$8sx^RR`j$ z4wIpS0ahKHsOm7wR2{3WI_`9bi=gVbs%sA3S#ubAYYqc$&0)Z;IfAchj;h6BqDhwrH2kWU?l zz5yibyT&WsQFkNXGR93+8;1u$zdcHBw))<1)O_=--D|dRhw6(JH)A|lLwyt9-r922 z7}4c*65-zK3=x<qO%bn8o?sCUN(|!V(I`Y@I>Eq^ ze%l1%x~90N=qCOAfj$InH&-q1BWeF|=g|Yb!f$%d*42RCf56%8mn3cC5GT zh#@UI?w+zkmMtS*G|dCcjyPHeOD#KGfXcZfGU(Ri@}P4BS3dF#S|+6%0$@pZf&@8+ z05`AOVAkuk+SAU_HYhAPNnRNl4~Ib=lv+H%pX8SsM6?|ojAk-fV{3A2c#{Sp(Y1UP zPKRcpd(d`~mFI9qE4h*l9Fe~z2U{#TZlscflb0Mi zb=jepl^q_`vO{hxJ7NvW4#}tNIz`9|N>gOTfxn8wt6FiKj*0`mii7H_j#ESlN}6pJ zNmIBP_J?Cu6_}g)#YfwdqiUIX>g%KF(QX)m-l2&+8Gl>5ayAWHQ|MJU66K_^8B!k9 z=GDvU8Yt0!;0vCP{^pghwkOlwussIZ4{>GSaDdQ#ZfUiV5;Z|q5&xC)t;}!hts#Pd zpc*NH-)RpH!v&n)b8&hv!|8YHLDcl>r2aH})17b>PNQjro2W3DbBr8&={v+&-$CPG z;xX**d z*gM;3kES!E1~s3g%goYI%a^;|Pg6V8*i}m5Za6iVN^KXZW0Qlk=93(-WC4W13hEmd zi-D*eLs-Nl+bWcpWdg6dfk5I7iq5(+i+V_}Ynr;aw>5dZ-HW=9?OmgKE}TrnDRhzlW=3>7W8q256@a_BFT6~)$?kveK_Hc z+0`tDP<`K=blM}=Os&ZAwE?KFKHnNlp_=2!5iTr9TSi~n-K#?&xEmi47&WrUH%X?# z2yBJp-drRmTU(Xh!%1|SqkGMubeLJ_29x#LYgn|ybs-O-YPDew>P%p)GmMW7B8u}^ z4y9kb**@D36`m6=;6(MVpGdWpt;wTEs!Y&dd2EnsXb;X1MG`|+!QV@M^7lIaey9jH z?$W>x3bCrK&Td}IBIr4ES{PwF#mZzdj|ySLOCV5xHy~1fFQtAjr~Y0^{oPz4jbBUs zUQhkKk^H@?;3=jX3<$Z00U|dTFmi(dBsUmPa)SXTHvmqOw@mza#Jcu|pEe6;d{&)Y z((_yRZg0rMtq7$|E$Y9FFXCOTZB1BGqdkqg7K8E@)ShNxf)LhTba3Y4tDfU-_Z+ej zd1updhUc)dd5+jj&mmWN4lTiR$W^{0(#>~h4t_D~uW?A0J|a}6!->-Utc~$m!Q0p% zZbpc{H!UwYwd&4<>bS8H^UQl3Iy<&;8Q$aA`-K^^HKa*T!UOPn!jf)N%*2)!iW{9^ zO!AV+h`i#)!J<}^Nulr1*;iUqeJ8HI+r34t_6Xa3XJ2Ve^>sqF?SyQ5>Ku2rsMVhB zrW2F8HPttCjeB#jsMQ|fR@c>6x2F0!@q0^JQ+=H{yXC}L%emr~6S9_b#VseDwIbKr zT29DxtG$Yrlg@UX@b2Dm&9>{LGu>*>w(EpUx7vOGu5)c~bneg_M=r?T=vtfiXxl|R zNwWoox7~Ju?A^NKY<|4$0@??wbs@=z)xvdb{F{-U)dI%fJ93U+y3+0=5i!f1%pa_g z@WZt2+Rf6H*-_*o%hI(mLNHx(7(du^+&Jo^@P`AcZRkd>JwRm)Bu~1&xP9oxVCnWa zI%~VWfQXC)5y#|v?K@-HBpcklc0Y0vSNZZ7H9}ltS-)6=m9LE3M}5~c<&E|@(iCWa z11h=Gm&K%h8TJvb=U7d7!}ulr%?QOyT;E(9PLK32_BS{hhchP*9u4=$A#!mt7hw4Y zl3I_PE8Px9og>%gl()}1b8xVI)}8aqPWU7ycR{dw28=pax`*Sk?P90py|6bsbdg#a zXRJMNL0!3g9Kt>=+h8HCas^&rXxy`*pxp~$e^pT(JfbjOD57o*=la*bFkMUeK@c8N2 zy^EFIXmHf-IU(F@1BI~KI>6YA_QM$S7Vy=}<9;}ZC$oRMf-OPCAs6neSB9fue|X?R zWA)1HaPD^-N8xyQCv=Xv0YdEcoJg)VaY%+E_ixw2;rMXQ8m`Tr1fHiZ(yCsYjr+4Z z`taFne>8#}+fB$-`!{Rvs@L1c?Rhx6L6^pyG40>%F>kcb+DE~*a}C?TG-&S%Z@c~7 z?Ow2P6y0%t*E)h3DQLMUsR~NkZx2r9{1yc`;;!2g-$lXWkv?@cKKCLNpK2c-Imom6 z*dcg&%xtYS)HYzMi4KNinb7`mYXEA3eb05_)>1#(U*5zaI>W!Nb<}PS2ZzI+o1kEr z#95Err>V9(1DBYy{q@ZdqyeJR*QbS``Zd_~Flmei`_~)b7Q@Mr`=+Sh?sbE$DNd_! zaciyW*S*>Jj{Dcv(GUz^&V5qfZO_Iq#G~|rW8)gPaHXj`V&*!}4FU`1yh)5n6D}CL zLfGk}05&g|VB{Bfk-rk`qOKV(hb(#H_p{y*2m4n0(1lUIyoE1uv-JW9ApMwkTQHPw zf*UEEZ_EJau`I*tQ=w(-4rkLN8ff3WnA!%mR$aZ9_lM&M{15YHII&-E9-cw0z$N%- zgqaU}XQLw#vaLDmFxUrE1Teq1Y zHntu8q|NGg)6q}btbVr~{iMz6*K+ieHml#Rqo1@{{oa`LI|8MX72~+w14#{(MWcPt z8;ycDhy7X59fLr|sL^-%ptm(Zj{OxB_CZ(d_w=Z*>c{a2Tpv#xhV06C5C~9J4sweQ z%5!zAVe+U$QG40|g(1^MHHSCZa|8x?4!fA=$N=>mwldEVK;${>XPzSf4^;p&AbSqq zr{{?9@*Mt9557t`b{Ji#JQq!eZ6uBa!Dx7b|C2qP_j46y*)#$@hX>Phc#l1Yf8TR> z);x#z*mK0;d5Doa4m(I>Q#2C|VJK51lVrqrHMFW?I54ll;i8j)o+H}8b3_?>j#xL(5t-#VBC|Y4IHKps9Pk|RYMvub&T~X6 zc#haP&yiu^IU*W7N3gBui2U~)L2;g=3ZLhQZ1Ww#DZV2(#dmN!-w~taJ2;^4;C8+v zZpn9eTYQJN#dk!d`i?*&-w}`K1AkQM^$6;252Bkoywq?Uji(5$Q-8{iq!BDleAs|fyDafK)a2p zn7b-IMJ=2V%h=Lb#0_VzdE58n-%(X2gy~`w98mDR*9aaPoIp+pcEa`q#;pxFJXNOTD$`5LN<=481OF_WLV48reK{^LCG!4XZ zKn!(d3Qr>oOV(VThZu!H5FSw#Ur7>5Nm2AW*PNZ;4$_Oh+@Tw1--U*jSJAyF(j`2d zW)V|I^|@|yK(63!izyAEb2pBTGF|<0vMrNQ*a6{b;_J}|^C+-&?1C*byjNDWhe7F_ zKGJk9sQ~NX7y+xt8i{G)r?Uw~WIEZN!L^Iy0wF?r>f0YBgQyBtFd0!!3x!cN%lHq9 zc@jZuyN6HKuRawVJ#t*%KnTAautv#Z;A1mwTkrXTS*U0^9Bn zD#y_znxYaZ`*tZp8b(kmV0|)fBP@ALMM^zy6T?1EJrP4ne~$N5EQutAdaln>)7wLI zdRy0t;1TVXfy*n=N-k5$aTO+p=@bl9vi!<)1vEEDw|B3+ zcrevBv2qo?vkuUB74W03iuXh0`sqmR$pgoc=QU9;Q-=$z1)ge;%8|=gHN&K1eFvOXdA6HhUwb?Six_gF_M2K$h>>&x6 zN~I&#wcTGEjQK?k*X8ly435!hizMH5V4FULUn4{u@~DF8bkrWum9rMWdA@-+Bu}h? zkmr}L4#y{Wu0}%^^Z4}uuSi5sc`X_~P~4het_CR-=AW=jj1~T~-5F~7M^hvot_!&# zz-%M4%Y^z z`UX6OYXgl}bI~I}F0#Ux- z?2+paN}rP3AY2}-jb>UWDROO~LGs^zgdoiIvDuYw??1VL%);q#eZ=jCwj&NvJpiuY zwb?$uxOoQk1W$!%AMDy#sJyBcnv|Q9#NBmZqFzO=JZ(T<52!p*fY*lReQyKag~!#~ zw(AC)SBmePwZWHHyoHpLu)970Ra(($*jqQdtVg_48={mtwHbDLYjFsDxWbjwVNJn9 zjZd~@>;GRf^m!IsWIA4(t@TQ_Nqa4Bq6R-*zJ|Q4x;yQzAy_Cgv8GmHpDxRFi}iq! z5fzb$->%K21VbZ=f2@ms?=^O#w}it3#T&%cwH}cRHKaSO51NWCgmD(6QA37r<&?BCz()!0!xIqtf8geQRu zywK1u9)xCLfSQflNVDz~^kC+AU6USgF{FQPaR}}f*T0|2Wkwlp-ttg%?AZ23Pv+=Y zFXG+l@l%Bwc`9V>!3ko%JFd^7ft}05kRIF(?%`Qi*fq3P_+SkN`4HxjWbxoIW}NS| zpF&~J+TOL1&UDxvC16_+t_31fxx5yDiXSE&lwIM$0WIgn%C5T4nx255Lqt>x+I`kh zgwLusd8p(-%rC!S;Kj$bCViv(D_b1m z3|7Hl+LX2m;7X|TN!6Fyrz%|L!b`P0;|&$ovK<~w?-h4NHPTLWcy!N0d06Qcyh*6; zr(CzBwWiG?s|`yDX^u}d2Tqo<{S(L~2? z8Jf<;U>c*@yUzz#ac~-K*dxdZ8EA4TJCrieibDVtPNrHg$*Kgc`BSWd*5{AzyDuk?QW_VJR_1lkGN-69=yNuMzSu?Rc&yIhJHVQ~Z6wU{>{n>Kw zX&hw@8TS)S9DHol{JPJWlGB>X)4bn6aEeY`&F_9s&#^~Z{eQsznCzc)&l5)Aa7AE@yI3u0bI_wY55mPEFv#<{3kqTN5_RuBxN^9M&i*o0(AMDoC zm*oSYy;K7C_02&l7W2Woj~3&WoUEo0vQD^lR)biRQ}|bFIDDWIxN%k%fJrRofr2UKRHNkm`fRUNUf!|4>u_?@52LMf_6fL*RHC<#nU!)L zeD0uKOK0uDH7m4Rz^(_0+K(cT7@ihw*6FfN6-`+`d|GenS>QQ?Y0cA=#|oG(ACK!b z&u7`{DJZV=;I3w)D8GfG)QPy*%22W9!dM9(99EKt6Rtz?)Ny2@V8uQHF%;k*0DSABM5TFHm1q&M00^6;k0Mydw!eTKiZ z+Zm1!7G}NxO4UzQj(_H+s~2-Ft7r(0IX|)Fal*pVIGOYlO*uj_mW4{BhtvTQOJRx0 zeFZ?oW96RRS(9}IkT}P^7pS_;7YC|t^Io6|UnHo)b3kS5%d5bWJ)+&Ea(=zw6$y-RA8(h$`fPdBy+tndrJTx3Uzw|*we*;|PvatD zTLEB;hR+Y9o1Aihw{$abP+X6_tS0QwJ$C+O&pn1KS^3=2SF`xJ!{=ZBd_J%W1SG{v z(*R~yTQ)AY^bERq`!&HRA40rb` zU@?Zv4@262z6wCnW9Em(^2)CQ6l=iTa4d23uK=(mGvtQUGlL0M0GBmhZYXqk!U_P; zL*<@3mBg_E5K<%Nhok~oxQmJh!vP+kLNTpXz>*#_KQwkM$0}g4N6Zh2D{X2O@VLg! z50xD{vI=j``s*ibSmf3S+q3FwChOv;uJEjGP;?q%h+OfJp|+J-@SpS`JW_9t!8c z7dQ;gaq=&(WSPiUT;wNJLe5)JWuNr0t1IV|9(h$Yd{X1Cgnm*xw~A^#DKPU>kyZ3B z$Lf}|QXLgYPf_HC!*`bF%>mES)9N1i0>{-oQ0^6anS#lySY3A13#=?VNbXg+OWEdF z*)lqE51bn=&w3ba1@PDd=7%Fwcz4x|Iy=D%nQCV69GF~sA`u@t8+1tF(+_B`B-SE3 zZ0=o39_G%mzGak~3?}pE@P>K*tzmfD2}e_^`kFJr%`a}Ap*&~QX{s-Q&vSh2`Fazy z<0%K2b$Uzf9R0o8ibi$)2jxriDy`@= zl#1C3S!?G5vhZX8*?V9W&}2u=4N-iPt(Z`gaaW`3@;8ZX!7LSfQ>#iz&^ctyu388HWT zm(qMP+DeE%87}``dCuo%b8VaR(-rTabBm71aKJyL=uVm5J z%i&DYPC+_*%V)FuFCX80r6cEpGM_A;W&ZODIp-=o_Y;pa7oYUC- zmyhqP3XpTI`QKh>UMV5AoH8Br%C{Gqm&=dkI1!F{<=Y(d+8O+LG3@v%$6VAV0e_&Uejb2F6lPQQ4791zUU=FJPjk`Z#i;7+T}JO6^O zm(QKap3OO{`@0dmybU$ zF*N6N3qM~zyO{=>bH>akd1grxJ#){J`egYmaW-epDeV5a#y840F2DCNzR`dA_~}&4 zoXc>2mSZ*};WF<`=}&UZVkbA|oyhUk^10&ls+_af{g;nFFY_tqbPGRUK6@s`Dd)8A z?{duN$~($C=iF~|%xh#U<()45Nsd_@$wPT(oA+ssS&cNIytAc0$uUbh2Pp4U&hK)} zXC?aNoh+ko{))JUS^S=i;pH%STV;+vJ?Y^;M3! z()l!bXLEj+V?H})Chu&HuX4=g%7@822{q&`?agPFdP zbB@d>%V$}bK9Y0VOztrFoHH)?c=^oPF!h|X&iQcp zjP4-xoU<Na8)be>jCmkiKm0mIM5Q7sP^kG@JyOFl_ETxzjT+oq|Hml^L-&X|}G~ z!|Yb*WP%g41KE}k#6H3nhl6RtJ!q!VIP}X%I6JJU{pM58YxJ>aone184kwea8;sh~ zI0$=Te+v(sE#2Xk8o9K2^>Sr*3hHj+`8V3Z?Wow?-Y+(rl|W$uTt>kOto5S-ItEAW zLAMu%KKk7vXXRmMf z?u267tpNpr(%YILdZecl$@+u3BpxAw&&XuHhA@tu0!CqA5IK3O37 z1qTxd%y$m!8Zj3*h*T?K&M9p9Q&7hVGnRN4YW?9LJR4CKZ;Y7jeUE^}nVudEXA{uw zB$$LF6CeF(tHsBmLC99efk?&+WaqIvyEX8a%{^qb_PW!9Q9xJ4!$JwO6#6l$YMd4(Jk)(xGmTL)y^YQo#Qt=YYh6E*M&S&|%h{nlQT- zqW44qD%fqXI zhl=lN!VH25$QJmY(MVfS>TuE{lU@xA(1J%B{BF=~wxVQ#a}T<#Oz%p}s&HsG2l~t^ zZZ!@e5e!cP6p-(?$GALoDsnPQ^*HR%HNZQs$Fx}qP!D+R(^HwwM!j(B`fd9|>b7;A zJ|OO?IB1ie&{SMRkW=BK72id3uAoghlDoT8uQCIh8XxqqmT){CDy}O`r{2d#K(?H0 zoiyu2H7Lm+HjV4a;E5UXChCq!0z?<;dk74!5*S?97^Ksz$Gwamp2<#hId@qxb~<%K zZS{%zAhPu#MY6;p>gUt#BVf&S;;+(es*C;>u(C*}S_M?qqU0C4+X!7i4uZ|~ z9%Z>^hw0bs7Rx}jgLc$|uxy|4oN%LF)J47d!s1qgeTD?1Yu}Z zW=cQlbG11lj)|7b!Pa&Bg?MJOaMFP$)$3lmbZvX<%0}Qn;y+SJwz$@T7~46XZf#CB zXS8$ueeg$IkJDy~AVE>x@XZi&iGRx;&Sm2JnV+4LWoXeoO-o$yY)a_aHe)LnoUJa z9L6_7e6PCoA>e@|8GK1{k*!m7pdMQCYLz9&t*D7te@ACc1%O^=?e>T&ounkgn3Q+2 zbe86KtnPu^&ZD@xNdq)5WOAiSwul9IXi+o@_2nQsW#|~o6?H;0hjST)q)vL8JY14U zrPB-BW0R_4?oNl)x_$b5_qeaFKG-ryj4!6XzLru%M=ENQMkS@26+d(8@XaDX0tV($ z2@@go8N#WFiWX4<{-t}nx818(FbQ~PiWodksY3x-nM6s`x=V33h=?POrdk*>X5vMY zL>Ai*V%ZJCQ)-1uT!Jb?g1a(L&A(!p%|Ntbp*eG~T<0po5RGd&CS8C;;Hs-sAzF)? z8F10lW~J0%Z+fJfVzF(39mG%DL9h)A4u{E(g}LMxNPREZ(3j^Pdl`SGw$~qcCLV;yLbPU_p45@s?C2y4W z2huqh>W;FKG*``By0|z@y_ty01i4B)5QN(A16P_yc`0K@^7kDW#oALP^=J((!kNUa zTSS@3NqAMUGmNwM`0lhp@{IzT2G&G?^@?;D%%%rkb!#(X`xY)z2y#1?xJVjz1?;pE zv^FCmdi+bH?`i=cW$~M1%%S-OVM~p%Db^1B`G(yA*lNUr@)l0_b^Hq}bn}=%YwZQ3 zW3skG1Caz%LWRSG-46+UH#!mQ`!P_lEMFQzl1SPwCYF*yqi*sxx{tckq_Q4_*dB;j%Md^Nm5L0Vu((O|Ws+ZMShONxA^g5Eaw82}u ze&HS?(+;MCUos4aW7zYojU#(dv=0Yy0H0MjhR3ZJ^~r13Q{1uyf12u#nnU_dfeHbq zAZ&uuAzf(sU;yck}gjBp{|Q5hdZWU7T%hPFF_r!2<~>r+lr z`f>M=fFW3t+ng2BI`Xg{k0x}iK}h;qC%e|Z{zO?O!D@{=%kw+xde{CH5+YVbu-E}M z2D4QtBL~{_4qXeVHdV)jEk-bD*^0JJ|30P?m$HpBT>@f>Tj~7XOdPnAFuY?q<|+!6 zFdHXcC9g<_mM|Q38DwQgCy&+~o{fPg!|}ATMJE*eOxa}HZJ4O=?~{;8AO^($SY~jM zp|p&~GvV`tOE1XE)RlN%I8<+XL2OlkYOKEpvXG4C#Bz z5J(Ld)n03{_R1~~(D#9`SUJVYHdeaU8}7Gzkjj;Z7U%cg%wjOv7Xv=U=B_jgBMImL z{Y_ALHadtpY18i>uC!S~9%ax+EGXj~ckYl)HaLOWYf$jv3@-^oEQQk~g-s$2!W2n6?qOLl0fqJa52-oszSD|_j$CrC>kHa|*i(0cq9%6M%q;(XHtrWY|8kQDf zQrw7nXxg3aEpTVsD}$N{b<@SO#K863GL)%gM!wL;BVZz{)Wj&86wCru#MjIcV$mA)fX4$j6F@^ zMSYHgnGvPPKbiJgX{g9S^CF#AGBE1XXGz_1$Q)2D^Q9TWBQ3z@4q(n~-4k~jNmi_% zS%+U{PfLurJkH%1H(KGi$0iQOkzqfluj8vO zR_HC~oMtF1vDr8oh?ntbJN1QT^>hMN4ZQJ2$M8?y&6=`Y56?i1Yys8F$5nT4 z4uY70C-2o+_H{_hC6ofIJ;+twe?01gFkF^`&fMR!p=wRy&d~LLD97mS@ zeFaf*P^e)$pB`EI3(;2!g)0nv1dev#Km(58ztKEe+45@pXW-p%NdS3r?{(UYv?^$| zUf&l>1pw3FmO_`}(N1)g$>^`tabsVUT5y|)ARB{%xE>A)xy|=kEWRjt-z6Q%0+Jw7 zMWE*jtMxos-UwkNeo@o}{-Mh{7MT#!P0^%uaL-LfC2VJVFc_*>BW&q3I-DWMloZiv zI~u^y2c8JEk^f0}gG5D=dTIGWZ3{Tn=0N!z!Kt(xNTluyS@>{>wY^=L_!L=E z+%!cO18Is2n)1QY6SG3jr!x&S=Yt(w1SDcQqRRr)`2CpAAcEs8!;`K5*jyrN5{o86 zQ9+3&m#nfe!Y{&W(1le&g|5NYPI0oLPt$cP{6>e}kQqQCZy={6d#{-kOavxF1Jv_e zxthxfqm{VT{NIzM6pTrcI04FjDFg*U>YIjFaHrkmJ58I~oa6~`QfU*t!DXY1PFGnOL1)w%t z9d@i~d^x2317-nmCwN7rnKsq>DcJddC<3=pH#}(1dQ-(YR5-X2oP-@={e(o<*-)#> zeMPa*VB9oph9_?v^lw)jP2N|8 z^W_90GlGJelo6({kJ!4da6Rd?2SGGxPAOfXWbgs_bw*hqADwC=ycvHpmQ25Ks4W&x z3?r6+$ot)h4fP4L$t~KOYPq?vCyj;OLrxX>J>(unEISOPgF_BA*$QFwQkOFRH+?Tl z$dTM=xSX6`FD>oNqqD@{gaeCz*v%w^x#w6)Gq0%Lhdo1+Cm4xW%o!3bo;t);5`8_55F?$3k0H&dM z&7*LU<4W-n?PKsB`%Ew!Ah}wJ)G9Srh5eBueG7cL9EeGp79IyWVi3B`5^p>D85daG z&Xzso+p6e6xJh=e@x9gTV_|Xd&ESO69H$M4f-3LCj6gA`%@|LZt>rbCNPMLh2sBl= z_DHeaa~Z`_cvTiG(+jk4wlq33O5bwinw*ZE7B1-^rqjB5n+@)MlP5bcK{j%ehZ37G z0$fwMQMlKL1uwnVG_&`0C<;lAlq;*!yN`KXk07GF8dLVtfcJjpoAX zcU%kxei`0Sb_M1NkW2BH3(09UD^HZKyaqY3l|M%x5rN7)gS5Rk`iZwe9Tme*WRPmy z$>swlL1{r2lq04!GS|{1%1o=1ddaoEg;pOVn(!eEtMD335L(ej$~0v#y#b1HlL+f@ zIP3;v=p)EPI^cvn2*TDB;$5y(XK;#x_43?Kul;+{)+x3XVFSKnGgGe8P-(-^j z!TF)X<7bhA=^A45@-6K27Jf^l-ZWPOJs1*APA!&JVI_KGt}cLkPL@EY7=O&$(=6&i zXPfF|aCCw$yMam6sWW@3HT2+*NCL7w_=YJsCBW0Bi1q6t;7C~ufz2+zyQ@NAp^hC4 zmH7#(LL68ng00usQOP&ksHXu@oRuZGnGm=@An?xn?uf$bY=F>1@_@!YwU)8ikyk}< zFyddEJr95|FF}p6bSKMDQ4sbS z7D8bjqVusj%5DRn;SFM!q%wORqJa(((V(^j*M6fD-~FKC6t(-I8>mA66%*bC1QJ5 zgJS^quI>?a7I8~(0|GPJeOqvLpAG~=c@$*~G24nV=Dkwpp9>RJGs35GLy{-#7IXpH zFl`>Hig`%ih=dI?po${B+Xh+Hc2I+X7_!01SKwLIwiCHE<01_>2T);nGGQxewd`E# zYST_MqXZ!2lp>a&97*wkmYInDbmR~POiL;d#6POHF&j*dqJwEV7pOxD7XF1!1tcm8D_9buXH*IFjwS2-)nTez{j(iU<- z$X&rn*-;c37ct91V?+_J zRGC31QpdSa!UAG<19W7n>V^6~b0h~tEz7@u(<$~3|62Q}rH2b?30{@54FcR4B&AJ* z;Q@t@v0GBEJEy?{vfUU;bsH5X*qWhO&fdxc>v4-4kts2HJ;!ChDW3|jie(^4Pv_rz z*zzf5t{_W}E=N?*Qo=f~Fh1ca8!Hp9=Cn)BB{Zm{7K7drD2XONMB$7ksrS8ba5z0m zGeVUVX{wkG8ed{&1Ht3Zd97=S&Fmf=|CDx<&+$KJ@8}|*Q$R}4=`xY9zo*kOO(_|* zpX&CUM5y}KRNZ*jLDoj_8xc7NzbVg&gum_V?_g-UolfpK0Imr$B89-IG^C(2nFTm` zq6m6kZ+HlHp)OPs)Kw-PUA08Fun2NdxYkv;+)0Wg`fhOPwcT)9i@lQy?w`yfs`6<9H-K#}O3qq8$NctCIo+c`hA+Ku1Q6k#%>SBHc%ob(m$c!4G zIF}@1gr~^YQa67cewI}IP6fFqR!uSv(0yCs5}~ZWF=5Lw>BMncL@i!*1924_#Qd(z zq8_s2>X*A+eZ?o5iOZZr7`qUD45iGva|s}ABQe6URdH4hK~!?)f~s6|GrY=F7toZo zQ>xZ-@x)TE7^7rkb~{BaQ&?>GhehfX8OWsm?k@C$<~m8VCAzu>(F(Lg7?D)43x>Zz zuF<{SrRVirQh)kHvzN*!<6`V!mE$57WaRAaY0Ww1ws7a9sZ%99I+3F01Wj5Suo`DS zc!Z&=Wun$IB5fL3nZ(5$I=WwjFO;&^`}-2yHk$4Ca3c`!USxSZHcW~0EqWI|!S`-N zCbO>+F;z&}`U2Vx;^StJO*td{VHlHrJE|Vm8Dz#-;5YgU3nL14f-5 z5zAaATVuP65@iRLSm_L=V~R--b3UZtYde+|-%!D3CC_=~K<(QcD9>HW!d-*C4!Zh4 z8!ZrQ;AsPHZaWMyCyNKAWfx*d{Aalhm@AdX5rMf<)eW(Lwq!wlNfY@t88YfYZR`W& zV-lCOJV_-vnyNaI7@?HGy`U8I+{6WLXJ$X9pi$Ws&^)c!N*TL+0E_k(p**Rw**TUP z6>*^?v*dFp$#B)1W^yk3CSxr#5b>|)2hQ;L(a2aAj;`z1-Dn3N!17;CZe$= zZtMVC<&5x4<#=Yd5lq21kaVK29#Il1DoxYnlTj`Mvq+V?D}6IcSkXF3307nXy2)cX)PU}+esY@LMTEqZycp|$xyvw zbf@fJ@C1;rhTbj^8<=?z=iVh+0E*)Uv*C=yeVk4ZKI8Yba1cnjC66(r!nUO9`|x0q ztkSea6LBhI?{G9wA_3`{2?^w<9*W%@%}@-9?=mWNJ!(%?>?TpyG470HSb7D4>eK7>iRc=@)>qhXUfU8z4bpYz(NuVlze1l5u~{S43lP=Uz6mFN8(JvBu3btrft~#Dj zPD7Spg`Z)26gO1i*hz+?-nu26k_2v606^5Luc>b;W1^&#c#T^ysC75mBYL`L!l@pL zl&#B6N_iQaiLB7N7DGJSh165m!BLDUi8~-pk*g{^gpqVvVA;JnQAI%L0s)TCR#rhE zyIh#idw$^|RGgx9Lg@&^SUexEK_JIbTDXIWKa`*y+`W(ntP4%l9cHiRQt9)Av|KT+PA}&j z@5~U_p?z-IvNA!5vBTymSXpwrP+K<|8;2xO?JmqomuqlbR#s>P2S72A6{eb)RX!6+ zq}UDP9VUo@>6?lgY>nfdX$wOxh*dC(cna;&BLLZa9I~;g2i?j^TxWc4NlZ?yETc;~ zb$&DURgVUiZaAG$iWiC@y)=azW>F>H6PRYD5U=GzWLL|ei)#Ss*1g1$m=aSthD~I~ zi?L?YPE0Y07qJslK~-%h7Q#vUFB!FlT)UXbD=ob~8jh6ctb_xOYBYSd2CoP8NmVVx z8Ig-l$yj!sEmgw{RlM%S2&eq~QVopa8c`aod0hoKD#4kHcL5nJ7eW4GsK^hDN?)7u z6=2n1=QJbpyd$%bBxT$-T~p3O)w1U#a&KNHkO47!)?$>L^e8o)nR!@V6=zqc=cy z870%2VfF+O%S?Ro+JBjO9e~vnMaxuGKOLZ(oM3~c)lpnLRe_A;{%lqifq-(uMu5_- zY(42JN-0C3Lt4AB=Ea#z5AcquNz@hVD1x41yE`0_{{{&IvDRi+9dx#@3=gGL=$cd)0&_oR4Oz3mxiV%p8;hG`{EKX14)|m|YUEx`mok zkOL`Ybkm^c{LyyZE@A=juNiF@`xxahLY0igj}fxgH)PXJt~W46X!GoX-Eyxc2Dx-i zUiF#ghf6Ov;_&(nva}4L^p`mXXjdf2lJGO^Udp#;$|pjs%SZtFx#=;9u18Yq2RY@Y z%S0m}o6n#qIu(!Ktb(KBfbhAIZ^g8xo`ivE4M&IUnnseomC(T@E8quE@x}*uJacN6 zx0_=#%W_6-KU3Bl;~*xiFfl-g$xCXSB3A_k-~G+uPK0t;Fp9&clL}QZ69h>R=EB<$ z{E&P@btv}DQUe#$4@jN?GTB{hz84i+!GI|OODV7jPJ^x(Az^fUh{D?gBVA^`%9s&; z=a_cA%;>s`R_q}G4#?t+WDAtGqmu)}Mmj={pZ>KY82Q- z^IpQ4)xon=9N*eQ=n0v(WV-I)mz;0O@Je#t$LWhblenEcej|rSJK^E2a)XHo2fRI@ z2qJ}gF#3=P*2X;DUP;VB^$;n1U8>G#y*9YE7qq?q^DUhj5?^TSJy*T9niOo}xFOq+ zTUCbKc|rmbSMYd-qlydoy8b41Xz_bzI0JmU(C-PUrSw@Y9GJR(GJ2RzY}RYRb<3m^ za~i=maT;IMR_CJ(AD1|o2r41e*k)qH84ASnw~6i&Tjg*Pxy=cbNWE}B^Q7NqZ1xm| zNAQ6EDr1^yvsHqVz13EX(C&?M+U&QK>X>XQ2byM$7xQy|T%JB9nL@pZNSufI!4;B{ zSzJPgx#WBqa`tY}_ZDWT0oQ^uVJhCUWfp}tMHVe%xDBfmv0ldILPg4g$ytAY$ZSp% z9Bq`Lwy-4z(Jp3Of#u*Q4K0Zk1QOrNIqA|$@Xikv?jI9OosHce|eIqSJ2!@6x% zq=6{njKC8%OqOW#u@Q<9RZro>4^WxzSVgT+&sSWx#niVPS^Y{N(M9WF51sd}h88?H z6h|veFc+(gm^qg!(#I^_fAO_+Fm8A7g#96?!_+V+rRc&|dYx(nn~GU&)6inm3IyoV zbfC_8+&rabrMZ)RrZF|y2vTu#MifRy2^61Pv^efY%rSt45o7aNI`VKH#2L zix`VwCL;F&xuugA8J2A`$NH&Ys`T?(#??E*BVBke?EueHi^0t1gyzPiWOJ_kOt+Sb zFi-{GIQK-kG)n3z!dL*McO0-Kv|h7d`DCn&ZK%{c8bPv?7p{|Ng*|*!QDPWOJe)m= z!f*J8t^>+6pI0~{dFV5)r=fgYTKOVo9qTD21UM38tft5{Y22ZvaYg&IgyY0cfpiR< zozRXkTX7nDtOj}c?qD-$*pDrBKxX0qiQk)5mymvZvc@qfs4<2LE5imw znZ%`%pI9lhYNR7IgjtFoI+qcXXoSo`-S$~#J1C>3@o*RnK71y?F~mHECm3ipm{isVKH3>p8FH}B86s!oThaP{@Ma&>TlL2kAg-_XQ=zAl2;QJ&(z*=%d6`|{w zf3%JM76P`ms5~S75DcogDZ!dmBw-$)A1rkVKuPe|KD$(M3Wb=Afb+P^l_OS7X~ z;E7(B@PI)mA!;~-_x28peyCk*^J#yIBtOqaM6^bRxDKvmCULKCgP|ynGM1YfRT46I zewFGxeAh~YQ(2Pzh&X}bMlcQFzYY4NU$_7=*+uY2TiG-tHDmisX34@VxC)-Ww#r|n zL&`JnNnsLQ3@hd-F6&r0WA6w;dTle7YT=YwRx;fdd3(3Du~H$zX8hWMC^x+Q7={vT zmAZ?-CVo7So*P!;A;Bs?O-XcA8D2_rQoE}q7*H9-TT{3-{hNp{@Uogd8XpWJ(OM~F zaX%cVyasx^FT9i5MkM&2fAg=ZJRZE{;~`3}0BOuK^-eE!>9T3rII*19WSB~{%AAcn zby8omJc^-UMB1KDm3!a?um_nDzEv&IBXwDsBDdhHRm?<7AS5Y}VgUFO#y%gj_e8(+ zG3X>4{hh1UC24$IMneLGFIcSbdVoyjWUaBujDrKtBUj5CVR67gEG}EG&k5Pv944nA z1EUg^4Tu8`Vr?fI0%dS{mx(^hJJK>6Ns!o~SjJOP*h`~=%+%RfjL(|YHzTF}nLwV; zI-U{cEo(W7p|Z7HRYkogYq>nZ=?JciQw=JTYM_!(jzS{?MbsDs8Vq|~5sogj@y*u! z+bJjQG~!$$MMGNOOcz^;IKr`Pr`jigUsq$U@~5tvgK!=3;f$w}~r! zkAy$t`XH`t9yPt2;E78lZ+zLpt+0cCTR=x|yXX0Jb=yN_VXhyu7yI=r^RT)vJRN0` zwoIuo3#>|ol36!rUBWz2bFHa84!uZd@M0$=VdXLF%BZIqIV{6Y2*IMX(mhM|93I&1 zwAP}C>nir{>F^lmUa0{@2q`T%?>WSmaY9w9FlNO1YWid>H;4fkO9EBUIeZ$LG>H6g zvEWZi2EPn)Y?v~5LzxW8Y#`5uxUOR7(lI#XU$}YkEp|>l2(Yi%n#f4aC-FW2x5TBF zI5fu$Qt6<0mx6T%rox-D{pNe{_NMFd!vf}E%9u-CH+sl;X+qWBz|-aVXK92uI#I%ha5 zV&YSoEAtFPNNh>qp#!5xM>Q-Q@{V0i z-myz5pF{`?O6X;!QSr?XrMG)0?Xw9q3Rq~5nKa?mP=QJm^A>fryduZfeGwW~JZzom zw81)zYn-_*9K4j~eK5xBh;SO~n}%eD_^4I)@eaoL%(#Oseb4jz?K?0lQ?X}yYR!bZo;tS)z6Zi%DuD)3K#2Q+ zg#pQHW(9)=o{eK0n0ilHOSDT57?_1k54fnXN2x=l%o(v@n_QX`N2v^%dQN`vf(=s> z!*i`)fgq(v1Rt-ofqX$cE4d3xYtO={1aV*;%kzXxU&uMcTV)lt#94O1=u_g-I5Hx! z3(J-cqV2#^A^z&#{0i~Ro8~KC>cRt+U)09CNDUKuTzuhUVW?MircJuI15z(MYrnI# z$5!UOd1~ga6iAKtaj}Jkj*=w;P=jqv<}J&L+ETWQQc9JGWI~qWx6aGK-g!#TdCmK+hlInX};ms;wXw7Mo~WwO%|8^wb1g%Fiwi8`Hd7OUQ^Z8O;VAL|#c= zV4SPUW!WqtmTE=eZ9zO>p_02uB9G+?r)mMVYl!U^m)}=aiMs>H-ax5-hvjW8D$|c#SIZ}%30tsu`pjtq24UzCn%Q0ab zAh8QlobdU%sMgL*sV!3tV3X>?i-(swQV==SURUQGjLq17gH(ttFC?GYBc?<;8udat zEb2fLI7GH8GD|_Ns$f`rnz$EeUd1pQT2Y$a8~8_w4CftX9~`BWXMx`fwE73(2_`IE zI+6h}u$dugvPNlZ5Ih*{o~GULixeWL6O_nEaX`+tq;A(;yB%_}9 zT^()I0#0%Y{3_-UtF9mni9{v*9n+I0Le`k%vFiAZ3AxTZ5;kBehO&8@&Hh?Jpk|Wa zp#?tctU~&k<3ub(sOqOK+BxN+wHUU-vP5*Alwy@QpVXu9@r$^00#N)*r7Z{sUFtB= z@{;3y@h!I0XnpNfbck;(mJkfiBp$bfjROOp8=jw)2tN#LS~86UH9AKsfyXZrZSm!g z+V+DELY46@f|;c;FVi8)l_f_rIV;p@5kjv%TPJtHqj5yk5-6;K!N}E0ug9ndJ4UD| zLgj7X#X-IqJqsP{s)|cwO7D6lN_`9Vhcnbrg3Z<7_sY_*!y~6S2=H5~JLQ0?dS%MI z315|{8&N;>^|#Qp4pUNMT6f`u-%eV9lleBndvZl68gvEiEG^lXaPQ1nlIr*dcg zop%n$IqKvc@O6}qL1nzQ$zC4uX;`8=L3|@FpPZ*`a^@7W&~YATBxGW)04uIEmQ)8d!?zQ*EM!3L$Hs<#D{-lb%JJWFWS zAh12E4(_d9LUo3k@ma7o;a-nN>|^JmrOr4F2aL4U+K>1mB~9mFSuMb;Na_!pxFCfb zL}NUuZ1O_TE<9#<7U@W_SL3I87v}@FhkDuFOQ#-XWV@8QLKYdXqEnTS)}_)V5tisx zx)G&Dp|Tf0k416f_=m3WxHNs%PLzo?v(qMX7=DCd#Xa4IBu3bBBR;>4%y)y1Sf{Nq z#9xwj=hc74Z+7kH_&O^gr--jKBegDd&6DwqLXI$>y77T*FKFDPw>xg&T@$lD&b&mp zOr)ToM`cTstd(TNLARkFHC^jHr4BH2;x&|nvBZ99e2`N@&df^Pmne5H{6bjVi zlM7d+aO?Ur1fN{L_Y|8Tsu)XSJCQ`CWaARRRZkDb{W{~+gMAE z^gF5QUhygtK_#ynbe<%6C&Xq)w&6Sw<)obrG+-Q(SZ@yG@im15L!Qvp%rS&i?b6qr zs1vyV&5A_nP6kzl6d@&MyxMLvo^gUwCybrUI01B3 zciIvfq&bB)DAUt|6jkDQ2wu9rD5iYFnT43F)2$ZCtk?@qWkgm0`QPE4$Kzb!!uSV9 z8H3UJK*nJ>2*>(;%Q$U6`(VU9S>p&bu;Wp(!9L+PzQ`oWEN%IMEMgxPC8H4J>g?+z z6-l#oz6r3mp=}nZNJQ`bUPO#-76}erHySSnt28=^4l$TaF1}ixoPc~N9@qF1ml(n! zptw@)!4)m}#|Vx$f;Nn4BJ+)QPhWErVB zgRCa?sKjw(9JrW<>qzrHiBYbv0w%hcViYpdg%7oRO5d{%QwW`$>CtdDX%D&+1Z4^T zaokE&Xr@`Fly!MpBcZbMNfV3w#Bt#-Acx$#@fBIQNmfWa@i8XR@3Da@cpCpo7e1~i zzHiLxKZaOH_$Jd18M4(wzgrS%H> zgj*a^`S~8wR#8)Cj5_DauHVM0_A|*vOQA5mbZHQjn-0p*#&7^mkL1WbxVR_n&NLbh zNWvn^yuktBM$wE|Z-|^^GM&aoUAlUPW0bgr2@w*a9kdAtyc$EBevu}kL^({OURXXIO0d9`0)&qUFitW5MHV{vd!4D3T9f!R$gQ4+Jd0X5!8fP zI@4N7U1oe?(GM&tpm*uvB|m6KhQU#uDH8Hu7K6i!OJ}P4wtL+xZVkHO>ErF*ETq$E z))}#KCP?{JMv7HBP)cgV1M=H|z!bY8hlv@Rlgr^>o}3LVDxZ7*U^iB00idnT!6R)MBbFp-QY3kUDqnDFP$a+k3@fj;6n1p#z36aK;BManNHC>Y<-jwje z%pu1^=h|1KBvi=!IuA{;#7vD3uJ3BhknxKFX;NQW$x>Wl+7P1VE9_)Qqs?|3eZWld zV_cm=Ki6d;ol|J7@Col8lrU{%(R-KEV^ls&<;~Ae%e)smh^d)5AET$5PQ(gg{q3Ie z-Atyk?8>3jSEmOZiT=qFix|kn5XYoxC6`!*K{Ea@C5oQQD~sqB}U0Lsz12&&EFsHPyrT@v? zmuGH~?}!{ChXWjdboZ?#bz3Bc zJeiR(?AQ^(FRZEx_{#V${Mvmlbz@asNCPDz6-mnt-^|Qt0pv5UHrSntt6FoX5q#4YW$B0s?Eeb50>zn-2h^` z4^IFr#7qltj~4bBQof~x5lCp{S?H#;q+1$!r$Tjpz*tJfO*EM18e5=W#qqY038--W zZ+G_biviOZFBqIrPThp&HYhfbqfdy{%KlVb_iCAd=d-?n3NNS@<%!F8ODamkG5 z_J5;o@vR@xQl~#a|3X!H={U^b!^?fQh#vrtB}PV!>`bSR)8g%k516ec1~XJ3!!~m~ zrD;LZUhNw-U?jZ71#iFJqjbHd4l4GlO};~{Pt1QDxqmrlFk`X+Je6OdqrTv#(aLiY#LN6`HC#&X+#M?* zpp7#!iX-ms{_Zt%0|eolw{&D+wbbS+7A9=)($mDm-rRNNJ{r-Ms}pyjnJVg(Hu{BI z-tDf)rEoMMs975kxI!r!yPNL}anBK7>iD8vHFcKrLOibP9EPKj%)_DFoaXZ}d?cc_ zHMZ~1teynNO^hGm1USwQpe0eBwO&e@2VC{+vPZ?k2apTnCJ^96Bj%p2(z9F}CIoHn zUU*Pw(m9uLhr%u+mkbqT#L?0b4mli-!bgl*CNpflCZ2(Jyrl`$EcGfnDi_|KjOSev z);M`YhuA*d>KR50(j;#zH>r~^z_)D@4bStSH>j6qC#|aHHtiVGMvYvh;DP5H5(++@ zFly}9it9-V{tsy}-#{@6elvE32Dk;jmAj1q%8m!#Uze5R|7`KWBlRi%q5XasRQ;!NaseUzN@3T$d?2X*1Z*@uDPsz3}W4el~oW=O`$< zf(U;{@y-06I$i_EtUb}37Hl<^Q3FzR;}hR7rUHf^$43 zJJn+)kT;~RWlNJFo3SZp{<^v=Zap4tJ`fL*#u9|L*HBJfHYatTc6WPa3w;}U zJF0X#-VZh)y|(xPHWiG8n9Xr(ED{3M{pp?kSc5b&rwbu-M7PM6Q$pLFI75_Ynv|Ox z(t!;Qu`;&YrEl8+_+t5TKbhSlBP@9ehuF)7a*sgsUG)Le9ZUfb?++r5!i``YVNi*~ zv?_xkMtfcv*bl7S;4)gvbbY#f3Eyg0R@%`OAp=8e2R+lvPd|&l(?05o`arJCSPFkY zyTTN8(D%*h$BfLS&&X&iD<{r7^PMer$@GB5)mJQ=2G|*blF58}BekcAWv!ZtVxO^< z85Li*G~NC@{IPYtw#Y_kNKEQbCnp1#l!g)6A{HEoLE;MmdN(?Xa=B&Dz%KIs=jf zV`j}-jU|}|hG{xL}>l#_H(~)7uw0%?fd(} zPZ4s;NgveX?(@XHsnI`z93F_=5x8?TY`8~06oC8?8cqj#V<$Qu+fGe&dOP%VYNM2R zA$_C>M-0Q3-BbuBFwje^caz|;kkJXE)f@apCkHeSbr};hwK!hApw+`{th8ajc}|*g zzj=}=F31zXquC5AH5NE$ZekO*4R72ov*pz;L@SlwJQ~m18OKNLbS+~V&*3=J`-OmY z?Z2Ic9J1dZ6(;7m1TEd`(O`~pG#`1rr|VfrIr$HxU_9d%qka#aK9XUEySyUGOoXIv z;6@0Bq7rw$L}-B_fBjcT4BM#$a(<7p8veyGLKL_LIW0V|Qt?Te%JiGnPx70Dgho9c zNf{F!gIahTQOsBlIidhy&D_ELbU6RB(01+-pc9Hh*LPDvAkz##VWj3}w`xH}v18e_ z%PzhG2heO+bD*x0q4@3!A>H%5`%=eyD(X_Ft({O+i5~}eNC7bSeZD*dcof0Dca-6B zr;;Wcl5}Es@CfO3&yh1hmU=k5pFF*wmJGF+_fwQa((I}?gHZp0EfMiUG}hXH9D)Im z*RQt3*HpX6R6d8GyNn!ks#B}_i2IKSIAMAaaczUi_)7&joQ94Wn020kxr7~b$(I|1G7y#*!nJw} zQpJDBm8P-aT`xCN!XgnNe-RGxiSf{rwTz0hUdv(5rCbME|E~Zzj2g&dpSl<@_7R$a zwW@?-D|N3)Gg*<=_FSAID8TM2)F`U^WWa1r;Nz4pN?ajad$`rHS7pK zPI8v10Gu3xVYD0n>+uiAsT2;{dc8m?+RHujkl>)1&GqvAfyG2;yes2>sX)-XJ^$QW zgOKe&?4%*7b=kN1x`#;=c8lqrI$8)jU3N*l-CPRIgG$is(tpJ0rH13MC&c}h{7zh} zSAL~}YN7gU5%vz=Xl8d28V7!p%4&iDbUGrX7$|v~rjo{I?|(fv z%|)as(5eBz%go9Ju90^ptA#hH4tBjB;)13pCQL4Tl?V(Iji|O#;!Sf~)u}@<$f|Wt zVAda3!_h!!IBVU9zDR=b2iPN8 zSp2=dS|^M#uxD=YuEt zmV6H^T@1H4fh!#af{pqnrbCOhYuP8`+HlXFU6T{6uHY7}EyO(`HU_ct%gELZMjB zhCjh;auKr8_FAVN#J8D4SZ! z5dA+Qu4ylo$Gn${+tPRCq@hR{?FzYnd;TlPHe$s{iZrU)M8{bIFnY*2{F{VuROb(a zxAE{#!fkPzY0`|arxIx!jqe17rHR!-hoVXMS$pdmH9~sVaxLkRceo1>0bURY*Ll+(~q)9%O zI2rvc5uTLTRfd^*m0ma#HDAJNCWg)3A<74g5Fh?{g2X0$7*xbU^~u$IYspBZY+E{A zLWrcRWtMg@mpQZaN%1#8C01GU2&Xf)vgAE3>JB`KL(j@= zD%zYLg&|51P$*Jn6IZLnYOu(i9q_Th3ugL0 z&5;QAt@QdoZCqf}eN|m^1UC?$@jQ7fNE;(s75t6663sV)Tt6u9>IE-AikD{ou5aM= zfYpe`jyOVFZr@f|rHf&UQg{hb+6It-`YHFp;+=S-hKjucAaSQ(HzTP7mLb{LC|W@r zO*s+F?qNZXyvpa;1})+ilU}x}4Dvq3(2*r$z8os86mg%}D(I#6W5tJAH$xGC5YG@M z_C#Rg=L*q;8YI4#O5s2ig-A;ay5{ z>2?rWysXxAXBY{TgTwfg1kU_e=P!5kF#tYwwPDuva5bE*d2eD^uYM4l@w$Yt$7g#jU#di;IPMx@%081t>?zVU&^EO z75_My8e>+d4kLvfHGS6gDlC+)mCTNLZlw=ARWTVr6yj~vzgi*_g*bg`J0zAD zqCx$cZ*dy1{jI~4Kt4fr=I#Lsx_)JiHpYYh%7<57npU*P_{3981sku>KJiWIrj+~J zYg-mng{$aK8#PnOml6s(Fm_h6vVBucD@}tic`Xx&+VmjjDE?f$5fFh*99;`$?L{}E zJEZmvE3h&o`SPsao|7Z^b?kc|+Y4|*%zGtE`+5W30NI~|R$ZPQt3bFyd{3%0+NOq$ z{kK)FLVUE&LFWI|?;iahHy?SAB&u$z@f4w-(xRJcMpe`tTB=`u!Qd2yALGNAz0I{2 zKHb6*SuE$mhESRlfxP(P72W`xg7**@O{5Yq0i5Yao9e9~L(-R`4Zw6sLM7;mW5tbK z7=JpH_ctuevsvHNwSj&wx^x0Y(RbE#;D;T)IIh|NyYkb$F#6h^JYHFr(#DDI4lf!nCb+u9idzXrqoZs6*HZg zT-T0|b!I0(BU>Uw9-2{6jpbBE25_azl>e>ZWq$X4SpaWeoEkCW)QEp3O7kFxC)Djh zoJ7^!az*H@_2k4ciawmSkuR|ekx2z4w{8+*Yaz*hAc>eX2G^z%W556PLh>+7fvz)a zIO)g$-h15+&d@{WCJTwt?(BO}$m)u9nw#^7p$k~Q*(%e;(9Hw?JdbdrwbcVo45c^*5P>>J zYZ~|~=-sEmNS_I6O?+k%53_j)VKm|C#?8mvC4wH8@?5VvXMCMcK1?LMk)B%R#AQZ0 zm#eWGxQu1E5a`v#KlnZVP>j9QZC81D+I&5FhQ;_f8BZS?a>T*z63t2I`X4loL{JKs z=}4->;9Fth(F20WIp(OwguBbD1@EVMR;F=+%$>-w7t6m5WENX#lz(C3ZmB(yZ*oV_ zK*@kMP4A`%5?c^v{R~2k$^HIl$E}2uTUNWFgas~MG9fb~Cv-aFe=&V6C)Jxw!W^{K z8)pux&t48eYbY?MdEbAyeMelz=^AEND}FL(p~g|w0Xrj~2GcqaDau{fKu)wZ+ zJ)izf7vgyZRo$)QiNwh%PUTI~0~z9tozd*`9bQ_du^4w1FF=M z_^lJ#VPv~34oA-Vk|kFrlXxEotIcNV?T@l;QLA1~n>-9IL8&yXL)yl5XPy{Gf#@jQhEj<;?m#3O-yrd+ zaE!MmP*=vKzd-kBZf+={==i=LhuAJTCa)K5w4pN#rDl;cM*#!Q?ia2~*T25m>tnQm zAjQp`OSSJoyH8_CgvPcKjXO}m-gn4f)^}YrCY;W2Q2RF%xBUi@7nZV4+65^G_KAQ* zO;d9p4bH#I{8r&ncz@dZjVeKbrsCRSMM9hiP+%VDR_kpD3A^KGB&Mj{-N6aDAG_&* z`C2ld?kON3*@`pVNX|jO-2+hG#}Ur;CpH&mwcxf`8@j=4fSQTZ`|*<>nao`cvGXZt z+%M9~Ked-?9H;m!9)KU*#!Zkz0ifpnjmmP3Eyxz5;~F3-lR3b`$pa`QjNC%VrB%KD z=GHF=SRdXo;9A_eFaI`t9c%Iy8XPPeYvj3ZU8mU@c@pEb5Za4+#HN1=YS#XTLjTZw zx1LIp;{W^n4f)5xm5wy>bBPh)ef~T+{;wk=e>9XCbV$^YV5!LYu0g!2Gt&j}{jG2) z6T4%>G#r9ikvSBpqQY{F-gR7C&pfP9>~|he67!|RX~7Wv2xn$fl#}%~oNQuAQ+%FCQb|-lb>}aT7LCz4W0nL))jSY`cgc+g--Sx-a-O5QoZFfGe&SXZv z`qXHWTY$~nK8vVW0BAP}kv#^4h>Afut3%}JO{ABGK*bbpZS#ALPH|T_*x)8-DR5vU z96~oj4-h24_D==r-e3)st4csFo-+a;-Zd zO)SexC@6Beg-1Nczv6AuZzm2aQ^ddu3f5v$F+=I%7( zfbF9kYqltx_>Yo?TMI&s>svx=#PJ^!h(CTAnl}~Q8YpZ5MAZf;?Xwj$(2=yQ%h<}R z#A>LSu%a#DAv;O@H?bf5ceQk7oGN9Z1ujAeK5VFk;RbkXoBXf@TT9&wo5@w7yDjYJ zFGhUIj$(B;@)E}9Z8n_$Oggk_9T!%HEtWdw3HJ;529%OiF(cy^MYVGp>C3a1&G?6H zY@0Z`zyJ=Q9|$eCTE#k!i}3eF^@P{tcm$)>)WhiFp<20&B|5WkLr3MZsf^yQnam)^A&qzxEJp zSz!i@GG{oa5z_yu*Y59@aoKIa?L5XtzLJl(^yq_C;r&Qry+ixPH{)PU^|($5OUUH} z*HpV!>r0F((SR?8{yAY+yU|9KP?F2sx7Go0zsI=?BZR^_TTBy(NXw$8WrcK^n8x9J z)4$iMlPIypW5nW#+zU0#04RcA@fWgRqag%~*XaCt~j|4arb{=hh#mjz2V4l4 zvZV4K`ZH}uPCpk2UqcVT{d@S-*J$vc>>g#uAti$}z_!9vQMGF%!g)FB_ZV;$El*G@ zQP<_Qr(&S|mR7JYQ%S#hM&DudFacj1%{Vp9pb~ff`^)UJ#%F7t2QS|q2KiK-6Su~& z+jz<_8$Q+jZGBWoBUU8^dcgS5I5omB-Tyk}euNdl#-o-M{Y?p}BEq23!!BgvaPszy zE((dmf;XB;!TVpho=z-wyXPb=%RM*v1W_?(YNq=7RFp{XG33!Vi!^$Vc>jkkMP`H|J`)%^szNBUDGK&_p+la`N~p6=a?q^En{SC)GHlMA9*0G{ z_q96Ill9NJ15y%Lnyyzi%hOF%@Z}jFp-;uyrOWj(W?kM<8Ht_?l#$SSrmr+3b~V7R z1xJH7UJa{2IO>H2tD6rS&H3xz3=@QC1fbCk0g40)G>F@tiQmvj4FUw&No2~Mp5Kl- z>*<6|+R->?*9g*?SX3sjE`@jXw;|BmByFXK5RAcY1<6N;KUkumB$2lt{o8Clgq%8G zV<<95zOhjuKnp^x)A44Uv@CpsPjQXE_Xw@<)s{RP+|7IvTxOMOL50*W)=13Nvq<%p zK*dp0ZUJCz)Wbb(WvJ3Lq}n`DIS43|w8S30_s$-NQ2)tHt*BTX*)SW6w>9U4z&qxg zykEZsWqUI;t8i=uGsu~ioPn9$mb&ur+;F#;_tcjiL#eP_f~qJ03BA$v*Y0M9I25rm z51;m`Q-&nooO%6DE1HzT^vgagEy6Q|=~r`#5QNzm*oCB4!j40}Tm#FPp;LE5IUR|M zMt|L?=|*Lk;Xd;01|9RIjINMQxbDn0fNBNU=P{3u`~uy%I)|uXd8eE4bgFTndtb92 zRGGs5QP@?m$AK6gcuqEgaGCXg3Y+F9KXF)&`_aCN5e3yAccB5ht7xDwE zUAK0yL$eyGebq~z^stk4gru%GxbR4VgWHGAQ+K1Oe;r)e9W59#QzimY(KR35j)C}f zXvctm_;w7?LVq3HUh$@qt$Z19n5cr7zwrGYF?eYHIG7S{z9uZ8XxWD`n`9EnkTe2649~5_ z(!`|j0{Y&d^J2Q%5DhNCYwG=zx}Ol$(_(=}WYDBwVLWO<4R<0auc#nRGGM|-{`HB4i*gUmT>GCMybyv47N$=1+y70Pf0KE-&=?5Fcd!PeJ-Ms zPL1*&Zj7_7L^Q%PSew}~6MvM6S(X(5&O%ZCdfec6xr$mCSV+pRWDWFK&P$Q#EZOAz z4WlYGVMnnaNHO9mxU}ed^6S--GJzLE;P{Ut{>#e(3AOA_(K!=NuS|LyG<2qDK0YjD zSENMefT}8-DxTy9OTv%nc=EFQYnnw5)%Z>U1n)V&zp+~9=-cAyH`?PNUi$q; z3-Fs^YbG4|Pnb@GPpdI4o;JbZo&>^p=jazw$#2-_0=LL>ZiPbxc%n@7_^pQ`&4axE z)0}R=wWG0u7qb5VZPR`8?z4Yb56&G_Q*tEcD8G_YN@%4YccfO?1^v84`yC_)Nj4(% zSH}XV$~ska#5ZR^88(|UfOdmFX`GKAV=4Y=+r_AFD|l6K8r}q}(@PNW73x**1WJhL z)2vPHM59Bdw$T7W4h@3J-2!q4_a{CFB($6c^5X}TDE?Nbf%pw*i6VePJN|R=_}Ke_ z#|?hI{Pbb663TDTfU)J29N%6^I#CbK5Fh5FcaAweb|9?&0rFFD^=8IjZ!}Bp7(=-Y z?vuKOO~)8s33XRbNtuIn_6!GGt+aEe;ifgZr3ln81WRJeQmEhz5g>0r1Ucg35Vwe5 z59e--Y!@1yz{sl${T(i3l%s9CV>}e`w>mnYsf53seFZ3fK$#KoFKuYzI*r{6itCyu z^!~W{<3@ktXgPqmc)vT=TYtO$@+vp!=KAgSH}iPD1p_E_vt`m!qQY5lmG(+Nid)nv zc$zs)(_o>#SaqRE!3KSXN!vz3OMIyA99)L3q!#z^e%yDQ5#7HDPU%SgMvibGFvLB? z^P%CKPTf%b)+`F*Xk=)zVdnP{o_3?B<|BDJ111w5i)w7UAxZq8*pkIn8)C7pfxXiR z|B=}=vh{o>$AYsp?ic;_Z^PA};}uO#t-w7pR7bs(Kagp!swKmRnp;J*HXsb9yR6p= z*>6Qc~k(p+QKB<~t6 z`UXnR4gT`My=ljei~S5}m7HAysHpsSYAOvVUz4QRpdP5_r@aTqmC)VFgrM!!Be7bB zLcOWO!28CC_xxtOoU->N7SO=y1A910ydZ=pL}@O!1ohC2Adr@A8;o^1+AIcd>U--c z`x6O1Gd@YRwWXcrF!CPxAAImWs zt4Zrj?p_GJJm-TybSHYI6hDl0IpO~T`g1fejV*&vmsvzdDA}pKs<^T{!HV{9TNX*y z*&ay&a0tC{L};QlO`2%^*D(%;ohxUEojWKJewwq&Xkgkwhp0iNpqh}9t6*`XwzYQ> z7a!IQY z47?t$JJ;iNh@hTm;1_vTc>*p&tFQ3^Qmg`bpMINOoc1!s5v}=KcskJnzkm7E>3l|y zV8>5In>Q!^A(A}E@SMZ!h-#V5X5u!Qy|#Wx=S=$UeE$5|_bznW@YXaCx+c-v4X){G zGaeE~UbMkLW=K$MKwTH8S>dX7j(W4@=I8&&sBj3*x%@Nf>T_UH=3=>6YTC$Vz~0f4 zfG(v53o@2#{Ln|V%dlVmq+vhe2Enzw3g4+P_1YK>uEN;Fqu$oD-gA_l;Jzn5RySkt zF#OpxW))r}FNxE0)|`y-^Wge-x=Evy_?F15(CFQTF0J^Csk7D~CfTLTw5)bnvKdCX z^axJA%ETyt`xCmc;VNVwCrbMS%^HR_Nb+HsCumhY1nrJ>{Wi^;V8ymly2(}W>cV@ObN8vi2~T&SIR;MxN9;-J7xM?HA0R(z<5P47IzpQM zHe72DS3!kgm-#8My6Rs9dQ#l5#`R`Ag2Fw(xA|{!B%^bKAUIvtMrCJTq&gcbpUqqV zvgOLI*LY_9tzX&g?&h2H$ElUbzImr(582wVeXP(82wJ4Kp#( z%JLS2=bnf1K2F5}ClUZ7}UJzeXK|1R-33jD;Iw=F9uVVmh2IpNF)J zaLq3eZ4Y0bo(=0?HprHMRvZ=Qy@47Npy7VZnMONDh?=krx1Vu)(Tj@0 z)5$PFJiT?F)D#n(?@L06n^V95-hWNQ{4jWtEdi=BiIQOUv{_GnpkEpKxBgI(bbE!P z+$@HGmS4_J@IQJp9dHzWtB-WJ(zMShfxbGA@8BCk?%>Q5XX@Ym2K;}8%q6-=uI_&O zjBya-JDMMEgg!z$+X9&RXME2w@%eAFBiC~~!%V7*B|T7iP^fKz-;aepAh#48ls<_i zc(n%uJ&(ZU9B!1b6EurZ3XYXhz=p1DS_Tb)Nf&Xsji%*#Qq=)INUR$Tqd}?`BWZ8t zcNq;>pthX@lsXwz2Qu9*qPu8~ZSE3H^p>P;3qRR(*QJ)eyaqAk`5Oe~^a>J#+!vM* z>xz2H#|s>Upddwu`385P+fX3r&8qwG+Yd00qLI(LENt8e}=aY1-$pilhD3X*f zG!(S5vo=I3Xmf*!Rt4UMQbv_=Ti;VUl2`BlqAhV?nJRU}>0pp1%b3auSnD?AnfPCEE_5mjqQW``S9q`h&osKQcUOi#QL6Y@uCi_36u zA*?dK6C*4~(p(_ElC1Z9{MP@KRK4q0veKe0h*_YPOD}h#IAh9sI~!Q`&TS*Rf8+Y^ zFlYxl2NV}J_mUr6e>E^ZiNCIAjzhHIylI0CLR)v@Hy@+p1gwbQ?o0GC8@x_do0p-X zrgR#!*$(y7AlD0_)%b2)$q7_<(fn0?4W5)Zv{FS7u~$)w{&&q?qI*kM>>&m#$Rh3# zI=Bai#;2d8uTP?~B|{u)?j1}K_1e`!8);S~lJe-gfnK9Aa6Ssp$2sDSTttGSjNhuc zB&`$mS<@@O?>KCeNsAS@I~vEd#Ca~)AW)G5KkBKZIbX54BHdiagjSv<>e7R&W#vMb zuzOMv$iQ+t<241zu~f0K~)KDUcSO=dI{I4FHs2!-cBea>kI-0^;q@vp$suAcOipWy zQ*8UY!^>m($|kzn;_>b1U-$aBl=gD*dT5grckD6W>Fq=CG?3WN9jyZG#e*se*`5x` zSlA3(@PMk9lXrwsp`laxgU4;8BqvR7` zyE#UFZ^RNpZ0hsRB{W;uq-sD+JPWP#cQHxDvjI9Wz~sw&H2fPp4%bPS!fMuBWyjyo zQno-=&}-u|;p}ZDO+H5q=?T)N<7T4dqFQQ;_yN|6rP5B<0ci>tEMja zn{OyActJ(TEl4nv$I0jlSx2bF*aY1@>CQ?H+;ePeP#JqE$`o6;0lSyuiv`H{Dlmtz z1(#p}jUoxmy}?06R%r5Zz7sz!5}()}TfuIeYv#e3`PH#{`vQ!zXzh ze{y@@VefmnV>!qPg@eV#;Dq6l@}UOIQ~xqtkNf|`oNq`|n=yIJnGJe6{QI$wMkRfK zBe*&E6XnLMXxXe?Rrra@Og9^uKcK%E9Jn9mwl-zW*~T{CZ9onL0%0+x=n~c7@y%s4GSl>b@TokDV2wa{8}G199$+MYr*Z0Q`?=N>-5DT&P}dA za_=VizrKj#YMld4p@F-QFRnt{_Ny1qO0fzTYRDjy7i?D<>`x?$o_%_F2mtQi@4j3B z!Zl#Fun_9Kk-QnfnHW(jK)iW)yG zUdRrMDQv#TJ+r61Qyjk_FofT6D*X2!OF)qG&4hLw-vRAr@bH$?iBq$K%{-U<=(YjH zN_NqHH`=a+i;ahTVGsEms3UV=5pv9sd+WC_Av$LAB9yR*$T+dj>TIiut#|6{Y^5h& zaJM^om!=fppcMwv!rqHPpR?Jzj$ zB!!dc(+Qk}Tek%*s?=_W3^bdHyTlnRpu>%|>lkd`xGx@{3mSYNd-*U1F%?O`Ima$C zS;#J%BjK#w&MC6e#{qHr6L)#FTC7Bl-TPA<%7<|&K)~`=2EOz{=Q$+aOZA2I^^j~sgTuBp zP$}uU5efP0prNPj42Nz5=q5c*Hx@(yB+Zx;_!R;6I#nNAr&uPmj3DFQbyqi?_U`p)FbBBe^-JcBRuLdyz7gEeW*3Xr1H6OL zUmg+4kBUsF*`d=Fie#Ob^2fo?_87RkC#|AH3+-f=MyOg+(n3k7sV_O;jEr#*_#g^w z@e1|?%41OQs-PCB{ePLPA0|(YZI#~X4&s7Ntp9fg|1aquS7SjrLM!P_j~F^Qko6^v zA%lx8qw2(^(&P2AQ;<9IexSyexSS3D9HXbvWYxcc*CaX;2NKyeI2kvm6LekZmJwzo zBZ;QB>v!y-I59lncXe{3_LIJ%XNx5RcB^;FJ|*FsztUA80HzKjTs!pYl;Hs3 z3dKs;G}uZ-q{+eJ-E&V_v8)f z3h!~L%Te+2i;d^LS0h-$27C1K#}TX+3l!0~;!wYoj~Eq!rlJ27-E?=$Tf}UvDYMK@ zx}{R##J?eGG1=>Du@WQ!xXJJlaWZrc?GH9p00FPL5jq`MiG>T{w*~G1Pq0E16TR=w z559tLa3^ysG2wQ;#xiHjA30U)8?%U`mUKyUDpw>@iQ}E_@8dVt{=2?1)UolOTZYEh zKv?!JG@fTJk#NIp-6&-8={yLXveVfYzzR(!o$L~Sqp?4BIO#3^XBv&G{P<4X|3uThmjgYOg>X9gCZ&ctzK^!s|FmrONYe+9XEO9Tn zj{e+2l2J~qnq;h=B|dKl&DE5LUm|8fw29EmHTS*#`oml`*g$PSz!$xsi9B+Lq}mDK zLEhxgd`hO=GCoh1LF9*euQ|+%=ar~FSashh1Nh`Td%D@3J#`|NlkNHSM_xuB#_#3k z1PD>!@yhe-GJIL1Sl1|E*tkyOkMC~jt7SO;;X)A1IJznsso)7@qi7!QISwco>yE3K zUZ`l`|H7x-CpHh-J@9{ktq&)gJlV?=fJzSWT4^Pn(_t7sK*#6>f*qsIhqSV%^QOFp zWRpvJxxL5mfw_RKZId;$&H}0P0&W ziEx88I9vZYS-#otYz9LGC&ED@MV$L+{;+VjvUV&Sa>flZC$wj86TF?(uJ7(&yyOld#fV-Cd@TXOK89x#!?6NyxSK;Vj~E z%y3PlA8YX2>>Okp*t%5833>s!T)QS}y@f9@-2H7*0EfJ|+32k>x0yDi7{S8}g0m$* z=gQaNC{4#hKU_Cf4!fpE=TmosE!@j+^Lae_bMUkR3xYPWcAiz+lpZi`dhhxVmc;(y zXN=R`W;cb}=%UPXsVeW@DJ!a$4W0SD_&X)#>1Wcw6W*=Dac<`uh2Vc3jl_l%jI{ZT z22=_DJGR)h8Z0i9_neP69!b)h<${Ywd^HUac+Kh%>*)aI2EQ(H@aeJBCJEmk_s-T6 zcqnK4>}HST>(Y&5rg1No8+2N11RBX~;g(W?BfIpv3G>H=DiBzq)FLxqos3S46TqiM zcP{xN1iBM`7Q&46n1iZ~zA_rSxVMRUy>Rz+Z2R5^>(!mi&4&uB_IZUqRf>lxiHV2a z>BOIm%sYJgSE>#qod5?4lHibhW3rRmU_PM+=RJyUrC?ZtliDPwwzFGX)eAku8oAfD5j1X2|4JV0T98YqQP(^9nRvrr96p!@P?!-uE^Ak zu58M3OJItQ1>z(qGD3609KO{|EeRqbv8qXx=Eon@&0KXaHTQr>*`ldhuwyNEsnHK2qivgnIBU<~|H>{hzk|o$=O8rs-zEv~ zu^TTpB(I8lo48gEHkNcI%>UgWMi%~Z>@0svl;DF35&MOg?ZRWon2M=O4Y}=i2%>1F zcbB7)CK5q)*H253MN$0aC}ikCbUfHpnj_HZ@SD=I9Orb2Fx6cveqT&)9V4t#fQUcu zc7GfGya(HBwH{xOSJTg*dl>4t96J=xm_eEdca<6fvChr|%e+lul2u>_y|Kq{^uJ~2k6mhH*M#_5=n}c&_Qh8fe|GOvA%c<1ty)c5Mbb? zEwv&X4Y`pyZ7#{-Z1pDGceM!t1maFRSOo@Fz0U_eT+1}H--i?GZH`VZG9mV|CWDGK zmd)$q?R9~B%Wpl?@u?B6#QKZH8s~N^>9CSH#K#qbE?{Ob_+c~B=L?d4alHT`40SNl zkSVYL-(D)Xd&Qp;*XEO0)x?231Nsbv?uV2w9#eEZ4Obv zO8^Ybi;Zpw>?V!0od=Lmg6d(SqQ6yk)0?RhMxYa5Sb-Iz*AWF?R9UtPGAIJ3;x7gNa} z*S$;#9aGVBPk_;_Zq)Oozgm8yni+HOP*Vg5YgwxhChgNAwcYK{u05a_%~uEaTS3gm z1W09y3*9o*mJ9tiK$<~OiYV>hAJiKF7w+E=P~zPX-oI_E%h{JI$DC&fbIulHgENn(y?$Kp-h&T=vyjotZulL?qZ_+wFv_*@^?_pdv^sty5wlN z$JGLyKx8xr(l%Pu-0YrxtU*iqk$d*M;){62$^EndKm}5uw@}O*kUL3N(Ls&pR~#F@ za7`5Wi_V1`8u&YM=xc3800A}mW#1!TY`sVS+i+0gY+r&4VL(rZ6iJ`QPW#kKwHU^> zqh%P%oUB4=o3ujS+BM|GP(-KmLbTA7Sin@JxYbFak=*#;`nT2tT2l0>R#N0`OP#gC z6G_W&s`0exLK866+{>u@L*_w4M)Uk}IGKXW?@feX;>WNjenf-hgvaMKCs_xMZT@b! zww0tfFT;VlR71?|s=;)@P3j@sHibY=HoO|hH5`TT9qWjf0Z-eV>&X%<3wvwdMHTWP zo0o)4`xK#irt}1U%!bs65=sl$QZ-|=X7Tws`#Lq8)$L7}g#0N#189pDvhBbt(l_gJ z%(bM$=Gr6SbE}2%eB1!ucTUKb{^jRpeEahFIQh|ge!e%#?JShiL|0r?bJmG;dq&GS zb~U{+$&?5Y=tPvAd*X>SqJ<*Co93-e-AiP4=;xiR-%zdC)~$J!U@AS?2$m(pl<~h5 zKP5#`G_)iJ_aFAq19Q*Y3+8kPi`63S*B)LnmG zYhZ9fYe4I#eLgT;v?&WOCq%pOw??K2cxjFtK%x;7ha{-Bo1pa+I)SyHhYveVFKJCh z<0(G4z<}x;{tjb62`#j~FBOdju{w7x_JCbWzcwikB%25xpz&#ZYUbnci^BDCnb>6X zT^DY1ENiEb-E&&!&n2crV+>yBY&4t$CC8Yo0U9x2RJrg)g~_^po@C9-3K3lFuH26A z$sDSx4z*I-fczV+sF8tD3d(`~Q(d%awi=G8CEW{w zFMHPEaJ~BQ&Z+1R7CWbgW?>}%-2Qdo#^yOYv_Cnxxb;3=4{K$3^mtC!DU-i%&$3aL z_U~Az(rl;@TnS+0%82E=l^!m)m&e;5V<#HYphYU7dOE!eOsAO4?tzO6z1v}EShNEa?gxOEB93rupGMQW+g%h; zKDCWVRCQ2avuv7GNE^{07~1Xy1;&eqJBDsbYtA>72X90Lx4CC;oDV)K9_>ueBb(@& zG-vhit^!pmatFE?cFh9F3AUt=7oI_=%K{Z+CM0UQGz(mq2QD3?ELzn_uqFSboal(EKCGvY;736Q|^Ah z{g#-8&#VlOW2Drv2Pl@d5R?R7t&j*DSxpQ zPvu%t_q>SLv8B5qS9_1(LEsc{|4Eo(<+RqX`Ad8V{*Z`kM9C7Bmhe@pof8_kB*hlU zrl^($z`9RMAnX<2T-8(X9&lXv^;STgX)4#8HDYZERekk&5`K^AK6mB@?Vw$e1Q?Dq#Ix|CUzXD`u#e%RjQRdPktsavOVG?me-e(5lyc`w zCEY8JuNMCpufX&hPJhV*ltYxznYOA5Xp%lgbNY~xSEJIJ;c^6(h0+FX`_V;_l3r7RStc)*#K^ooJDtKgM|Xd_yV9R7ZIV zTFlR@b~;}ArfITaS>%Y^RMI5*FgtnX`V>gsA>m0^9z+J~&c{!fVt{_7>{e=Zrec&Rxk$ZTUG*aL7z7Ryh^n{fg|OmUB{Sv_Q6h!6)#k)v;$ z6Gw-rX)ytzi!yh^kZyUqqX)rbBG(cROSNG;4A(lU9OS+_0q}Kg?g|Edv*il9*2=J5 z4rsnsr;SX9hcSBql5$1^Nvx7*f-2R20o#TE;srblOlC!6^Wm7|D|@|vl58l1#>L`c zumTWHnwoqGFBl6iT$bj%cBc(VH9CO0@8|*-xm!Ee)g84jC(|sK3X)oKEm`BPqGP#Mm*+ z>>MG?2qRLwjXk*m-)n;Ic9^QmJRPjg`zk`N@2|3c)L1hp;O~8FOw&u@~RC3-Hk)u4Y$+b-cR(@QaSTSKEF1XZ>kq7x#p5K{Fs%&pmikJa%v z*T?`@xH^o>EJ-guZ+M`ND5#TYvTMld4S^aga{6uB>0b1D51L){Vpnk;cC^P-4QZ3R zQ9t9;1Rx?6X~t6f3%K5$GiX$<-J53FXx5V?ZI2hK7m`Ar22Vf}?KHYs#tzSlpPI`` zJ8Wz0ciRJ6azoE+B*P(XC(* zwUsxkw3E_H`W>Q~pO=x9J?(6JpuhOiHh7ZZ=~z?z3x)0=Q;flI+f8x2HLdBirm4d2 zj4IA5iwewPC@7m*x=v0JkcxQ}oH5G6pjd5~<;CPoh)}hp?_~K0+1b zHW0XF%vP}lRD@fI!_5}h1t~uGsWjC<-VmKVCAiq2v(y^RC~%snloU|MHzRMNM&jh+ zg>N5DtU;-~#$Ovwc&Y24=>wCfQsl}H_c|?b)jKEOP;~xfvHBmBG_s$Okvi^i3#XiS zp6&yBySjE3{FXfV?s``kqN<>VY{tlt{DRJnmhIXN!s4=CWCQs3Gx7Tm zT{sPClBzO!@hCJv7=b{3+6M$s|L_Rc5^RIuIqg#e!0-Ql@iuY0L(||) zQ1Em_xYyFh*d?f)CUGBQ>|-lj z0bSsY6GSE<3|y^+0Zpp^O%hlFq6i~kM~L4@(}@CaPEpQzcRY~m@y>aFKAm8MrKW?v zEx=R2k)kDLnjpHr7g9?~;e%DFw3+UnBi{>LXE?i`JiWloVo=Nd6t|VmmC6fpH4i`W z0{jr&$vC6_ae*``iNMg-*8Qh3Ms7uVXlIF)EqmEH1_J=4BuJ`ooT4?FzISVDSUGo5 zusg@TT@8H|`EPd@($9)~xceHY3fAyMONz3Kc~X;nb~Cou*J$r!+lziO-N7+RcFyje z*`JvpZy&hnkAFxZD88dPqA%kWZ2}Ghdn7UcU0+;XIAIFrm8?1uNO!dw9sEM;+I� zOMzS>A!Tb_leC(_e6`w*$B72?47WHV2Frckt=Rk`Jr1hbDt+Doy2sGZIT?r)y4bHsxsU>{eTmw9AKRbg@X2btXS zq`RvV$J6ysP`zgnrZ*SUZ^dGpPu^qShpI<1k~}M~dtG>T%=+>mlP=UL3FO<#%GLtQ zPy-TcNb=p6{BIduSDY%b@z$3kG4*r}gmTmqwuj%wkoex7Q(T6eV#sfGYON=@Yq!^5 zbxN@lG-tsa)6ppmUrV4O;<0TkyD%3aWU;on*t$a0te(j}R?^PIRc!fz;3MEr$#|^} z)H%{WE98)*N(RHL`xtcQhJ8eE7-wpnv(8!n3XBZ*Dm~0=)+KyHjCl4*23v{DMfKK$ zwvDL{lbAX2oFe!*Ec_1L5S>JWTnr4*0CDpY> z3PhE~>Z?RIH_>#`^me4l6w(Jpx0U~b=E1QTpFxd?MCXJN4;rVUix_>CR?{m|;TDyK zm?RJ>eeW}bDy@; z%^~5|rxxLs>O-H^U99WmBR{r_h2~dMjL5Td(tPYaOK)JeZcQecZTCf_7H#Sho9OR# z<}i2!6J4SwGpI80mE;lzC7!nj&rM$D_|%hEnZ-+HAZ^p^ii{#rKS4X+nD#>yh)560 zE%w^Rda~TbBH-C@hxht zgh)kK>;k!%;VUVNDzwJ(A2SbA3S_%#;t<5ynw<<4sG8_h;<>~~Z%iiqrgGczvvgT+ zrb>_Tx||t$OKG*9D)(@X&TavlXPK9urK%Fu7;R<_vlk^PP5VUnf((!CF>^Jc6cWav zAII@@f!=Tcq-J#R3eV;Q`EjHU;kXpeOT4w>W|>MM?g@x&&%iqc=DJTxmiTOr04IBM zz8r4oH1%%YkfxX4re{-C*6BG5po_O&4%o-;6aFuepwIIE0Ra6vz@Hm?@!||=P|G`< z&g7?ONc_dCdr8;h4M|1b+COHPjG<2ItuUyZZM<}|a~F?p_G(A#2g4zCQVpL08`pP$ zH?>O0U1F+xAz={rwro4F3Wl@6a;6t8MD%;iZT4!yT30u8yuJg3WICNsbjBSpBbVIw zaVo6?w4hgf&R*jGkyKHapouXxL9KsJBdM)Q8qQU&q`f7i|LB1&<$F==pdm5hDpG6v zu+86Q#~_kIm0^Q5w6WJ4?+_O>aCyWrZQ+4Z+4Cz)9~K90^Qw3Ol?Ahe6@Aa2BEn-m z5F8AUik#)_w^=10`VeJ3h`h)a&1gg?>{ToQousW8gU?85Fy0NKUcC)=J2I2gQWXI=MZM|u zNJzi%u|r*oyA_?2Tg;@JP9A?M&8SAzDfBH)uYrzuni*zjL$=&9&V}elIsUF~qG_Kr zbYK&z(_>PN&a@{n{Lq<6kK5}{z?F`M>= zdpUoYj#n5Z`6>_Mwg(bC2gHxUWzY;9&+WL2#$G9<+v{0CN$QswdzK@Lb^E(bwR029 z{sZQRhN(3$NEmP~N?B~h`&g+wyFj%5vXsr-E{g2d~Bnoa-!l^2Y+1OL2>xhW$?vW1xfOE0T0O zou{<*&FLKJ`lPo-=)k6SYoWTc6;;_659wo>`f<4Kr+^edAj z6F)1xEIh+1_X{uG^U7q%c`){}&b^*MI!z*8f)Re1vrcI&rF&qJ=%2#;r%g@pK;ln- zU~^nEPQwdmise_mw%#$D?@5-yTa@EZtEbMH`X)L7WAHpi9Y{6>BT&n(igdX1F>W{K z^Mw>Is8iADg61+9Q zGBb*)pl?nRAf?kOYk^SC-37pbQO5H%=r%LHuw78sUd^=7U8zouen(1T{TxZGJ|fK- zG5b5?*+Gjh4m)c}G;Y7AGV3{oIVE*4WA49_VPMSvyXj;&d;M=Wg-l7O zZoe9!u{R<&u*sX}wJuYxIiRbHPY(}L-h-_-NK}OffAZ~lY zi@HXXX`!nunykAd6ia?t5lu!utBPLOwo|Dzlx2IP(}-a4lMi!4HHNA~UwBSnX!z`H zjZvV;E2OfqD`B=ekhF)zujBJYH0 za|iwWEB@k#WY@)3L~g_1(=>#}iO$;_S_Y$Y2q>w@!nNrh@?qhpw}H_H1UI0Mn9jwX z3E#Yx8HD|`CB!^)_f^L?<44gAcRC^5D^tDdlc3Nku1SiEcRRz4K42S62}kT=N1AhD z9kLL!bHwUoV8AFR$CMh0LQka{03hc40i`kvJDS)VtL>fxZofudx+Cw1rHBF2p{6^8 zZ4BC?HGMS^GFU-L4ZxLuTrUz#=wB0G0mMw|BRLhFkEkCjGUV66Q3?Pwm zxc)l9bq1)7+F@~*t4Z?Q9}%Y;<^P~z3Y+@7T2JKA*`~lf5`FT#bLM6PMI(F_iuqWOr>w9LrdnGXjmV0C;!PQ zzL*O_%0|K^U-<4aR8BFRqNn!g&t09(T=@V*I6FW`b}~Rk!qUTjR*Fiz)Vd`c=0_=E zLA!*z)7)ji(m)Lc(B}{PcrX}e^vykGgG3YVmzlIHC1O^_5V}>g%1v+tkztfb0Kl5g z$r?$@M+E54=vhH3grr#`f(*Nk9vE0FYfxpOqUIR-|IcFe=f4c~IOZr@xy!~|=QVie zoLnu#4T}3v{n-%D(Y0rLiNvd@*wiA1RNtFdFfg9Bfby=>y6tA*&UmK_odv7et&v#O z6xn#m`43cj=c$>Uy(o%3BONDBg^0jbQJ<<$(P-M!J)mT#+BP#T>kGDnvy4jn!o_4a93m=-&UpVMp>&Tqtup~6PUPaCbZWW1Ua`14ie^}F< z>W8Z2r22s|vGHW|G}`;I#@UC!DK*-iXo*3IOy%W2A$RNJ1Mh!(ia}L5_2^6pfxtOb z5k!&K@0SFFQl{(q6CGtwn&1<4A)_*agC3ZD=;F4*=yHJbqL;jT(zy`-!GD}#luM(CH;9FUS@ZR&Bl8MelL=AnR!sFvhT3s_g;=m(g5~VDW zNCY_sU0bG)MawB49BdEKDo#WD15-4!*IU-6St6f}cv`gd>t7x>V{k=_HR|5)w`D2< zIZ~Lx-L9#Z(;hp$O$*rOIE0qc;f4mIKNx~|gtoLiyu2s0+Yz}jxMbc4n|KJMx5dYcy$SLw8 zxU&jJAO&laByQiaRqqSWp?w`U-+f{$9d2D>x=LO>&Pb5wi$ z7=MvG4H`^U+zC`+VY>2sEEU&5y&Eo&yw^S6yCNV&nRHNQlQ}w-wGDxa2(NAn_quG* zfKc@T{H^%k?GqASOKKh>ySJZHB=rMiLp%zp8J6CaqO^iCHZy!>m#V{s8}=_omCl8> z>9Fq6)#4lA^J|1j^WPC_E;pF}oM=oR&U5FC<4#?~&8}rN0j_sCN!U7>5W5dT*oE4D z8iO?GyV%8^C+1qfWtmRyN6RHj3YO?cxOp6)Jmh+G%^U*?(UAXUH&UQ-K!yIzH|B0z zPP`I#Z#aD${#>IOBn-u?KC078J6&JZab_2w_b3@0>mEBmxlhCL%TleKiu5>Dqy!R0 zk{6&ilrBfo2;pp{EwC6k_($?7;I`!Q*|W1O@XnG3cjVFNdxFAtW&(#DVg zZ_6AzhA{gNhpFgfhOKHA(z7I9??+9b!>>Ur;mv8Ln@(b4x>Jc%39sWu5O!D`d}Cqc z(^Y6l41tAfBICR6Zin$e&Fz_ld?H33^A$8?PD`EsH_-KlV$t|vfu*9xcu`^eSGNuO z6zTUJX$8lz43meH-?(enQd|nV(6Dj)bv8bd)B^lij65-9%NmuqnFFK8Y8J@Vr6-Sb zN}M(VAI@ou{A2HpOA}Ja&`&7dKMS|q=CHX=j4#4)g)j=rg~7p|c^x5h7>tGAwciE= zYToRF-y!8U+Aa7+N2QYx4m7O07mI5NgFg&EWL`RoL_ycGWEPfmJ*rAVJb=WxpN@Z^+Q}D+in^rvws@~AN(*Y)9a<>gE^kDk3q=wVmlBtTiPkBZ#&mk; z=^e#FlsM*7J+fWf3k|SO75;fi!>v1b=WCGVmWwqLnALd{!kS19hN0gS>B{1QY9xWx zp8xW5GyZMpMlQJ>Y#?1@;%G{`R{!T+JwL!^gaY9siHPv72^t&cXdvjV98MSo7EMIZ zDLjb-I9`;xiHuH?s}2ctEa_YaY|$Ff4Je>&n)au*%Vn&RYPBZY#nYtlp^ZCAQR<9c z$6E687ka8Q#g2U~T9&hg!*1&^KEhcVql=j9=V#mkF=?O@AJGp0Ka9U=}&$ewe2)6coKS8&IJ3si76*KRIA z!r9c*+?H6hi{BmWm+Bmv+s{`3G7T3MC&CM^9+&L}7h=^$LYotk&WR^;YD4za!W{~5 zTafU~mU3vXb1a*RQHTYZV)R-ukPaH^MSAymes5{z#lbMbYX@6S+9&o(KHQ`LB2y8lI^vu&}drMFxmJon@lXM!5KGH=mLa?|PMF+PWaW2dpq zsrDcPo7*tS9;e%L{>0+Xm*r>ZgfENf1IS6(`HS#R?OMaj?XLBi!iU^e#{lbe`J+Bs zZ=x3@;0wBM-GuSd7X7;snoLuZW6SHbBoHpnC{sv>tqF5%5UU?{N-VET;u7%(X=G6Z zAJ8mHPqUdDZqjl%S@pjHgTO0VPwKuwq7?V|_uH?@tnOc`xu2FeqiZBKg2$ttTxaAjPwG?qJoU_kn1( zNa4TM-T6=qTB#IIK(YoEr;)nd5&1IuT0 z_tc=Jrtfi{0fW+ToxH9S^GxcVmTAHBSWUY{A9V0x|!@cRlt8;z<%$`J{s;pu@ef^sJQWd5L3k zqbu@pAZ*)gZnn#dVCn9Z_K}9nQ9}?rnd7`M6JoM?o{ce7yZ^J{gc(lcunFhxcAynu z%g8=K7_?cGBrP=qUMdPZnduX8URQCoU{wJ=}z10P3XdOm}kc$`(pN zJAzjdCL6Beb$27D>;(n3!*pl6fYy<5c4#{CJb5gJ#*BEm@s|qAeL@%U)BVfnPkikZ zGJ+C@P|iSK&8StmpNI&8`|N=n^?JgOo4jgV-XfQhkq(gbNNX(*1Nu8%0WJaLu%8H& z`kOkg&ePaV11wxNUx4T#d0bs)K|^fG z!}VZB^20QO;L8q|0lqsCGDNhB+G2Zw)k8Co$tDOhngfP81D44aMm$K%Am2MT;&i89bT}5|(QK?66FG&-ODO z1$1LWCh=Wo#y7*SEHmb?r@K2mR8+1TrXq5!zAeh;(F<}Vro=o@JS_F}_VOVT*S&db zr~(d@XHgjSt(n-3L4csiJNEnR<2MlXkHW5{X)?{Jw=K!MSPXqP+Zmkrt4T(h^%+-Z zlSA%ye+Rp{!$49>M6Y4CM3A~h4S*=wto2e33rk2<1DK(lWF{H>(%~b9Wgqpj-oyfy z!JNQPDnP5w2hf9{t4vb_`sWv)@oW<`Jw5lV9mtr1PI)f9d*ohwx47Zx!S$G=ahZA_ zU`~c{_R7>4IgLPHu8bUy>K3+^f&LKOVr)sPO{Gb(kx%z!~JLw2GjK>696gfv}6Mf zQ_O05w!igoz5c1PAyWMriR#bH!B(WYh|B6xsHYvNz{Gkc`TT|^d-QT8cs+AHk5*%J zvm4Jx04zcO$ZMNA6`-PXgt}0)t0pQT4+Iq=R{^lNum{=0+x6}?W`W+8!bFc~Cgz(l zv#!7&gFZ*&Jq)?&ODTo>8#?mGxjyhH;WFuR5YTCJ?1o`p?$;y<)&Y zwxd^;m>E@Rnk|cp+gzgPLKKJ+br{5T@cK4zM*V*_{o^V=lQGKDA0JSiij&T#&Dm za=#l~2;LHd1QzUtN#@((%z7Cze|Jlx6%HmyT@`)SEi`toxF0qN$s~l$GP<4L-W8}F zlZV&d89SeCob)>2jxI2<0z9_iYWh>Z+q}}ExSbQQz1QP#OTD3!u<&{^9s!GHno^*e zt_2Aw4j5r@C8g84A<^t8ZWLg(<}M+sB&>lt_Q_JZ68LY6kwRuVH&S5<*@+higa^t- z$8Y;4bQI6OsSvW_D;hL|DRg&Tt-OtbRfHK>AS!>kM`Vul^U2!~#J0qZ#fvf(t&MIH zh@-r2x;pO|VQGXw@Uph}o`jGvOOKNkn7CX~#1aZ6wl2m2Q=zMnG{?oo68RK$7+`N& zCyAMwI;C!Tk63&I2Z=u?X z*Sd55`^(JvTNPjH9Y{~=Rg!4-06+xu8`amz%b#mEfLEB0e(Lc(I6jc+HC?05>BEE# zl<9H`{jdjU4uA0a?ipP32l$4=(Fh@XfDH5Lj7i)3Y`K-2A}iU8tA}?OJ27mWvC zGUFO!AiKCmgFkflvwFX!EAOp^50p~mvtZ!44gW-kuNG_M%7NzTC$9 z(QH{T&8<=E+K40B_sV0dr0zvVN(BLT7b~rtvg;xA^;xm~EL1qWi4fyn7Zb!LLQsPm zaN7B}Y1INzKb;@zFW}a0b?ghqbQ$LaPrpqsPK6kUZ^6H#4sX<(4pK9L0uHkl9NgWG z(~mpASHMT(KU^0!o-^(rAq<40H3*{`Jf|lsBIqCte+6q2lv=CwGgN#l(y`q=F&tGs z*%r?S*4X&G`gSbBun<#Jn*j!-1sxZu|9*?CTyH(6$2y=jD`y@of)3B?r zH%Q$fJiony;9nUbkKLY-qjg0odbXJavb(g_v1cZVet;9CH) z!VcWg=EmC?>gmHkpQHt>39iK!Rm)GSRth4W1=nqA+|L~cS>RUmm;{ALD{I`d!$B;7 zUk`)2m$VIaZA-}}BqShDog?kS#8ROu_T;_#jM7pToF3> zHPsva@Pdf_46AjGzcnKE|0!vr(cnNa)k6e@7Y;-mtjj0%K#aM%=`?8UWKutKsv+s_ zfA-h$2DLNreegsJo@GO{D=L`DlYEF2RhSIkq3;W-J^$nxu5wn2lXwrc?nHzjn zLjO{b0L99%dOF5r6n-7dk<7dN`4d+HfA47`P6t-?_#>jI8B;{J#K!n08B*O2btH`K zPd^UM7(TG#OJrKVs&dnhVs^$`GN&4gn56nKU@>9#4g9RMEuW`Mu;B_j1;Cu}=y?VX zXh@)@^WTO)@5e~KfLMPk08f*W7$5XH(Hl3GEZ$5hh2)|=;JIrsjZV6ue`bD?KNuFsF$efHMn z9npP{!)+e)<|)eWib=g=&n_So&pyEwrqL;RliG5E%uUn>#pA=_W? zh}XdNw<;mMW@;HY1`AnKgay@lrW`Atsq=9ha)sXjucf%|f1=gV3Wy9Y00Q&;s>Rqb zn?Ft;%U+{Y_v#G~PeF{)+1PI_>M4|MMd5&3W^;O+O0G!MoC~WFVvC$&`-M z%Y5=LjPIs~0pW7Z(c5&~P7r);JEOj4<9-JRpl%EP)_1X5M7c&Qn! zngM)~5n|ef&bjcqCF_Ec^BTE32qQ!RyQ9^sl47O9LjkGgP}UZkJbV6=Wg=ru7-o+3u7zKlU4vFT~SDk49cDGFIXcyW!5oO;DHpH2seUn zO1R64BI0z2PmE|_r42kP?ROGn3@X5tFQ8sVgv-|sOD*81)oS=t^2p@A1y&n6!j11= zo<2X1G2~`0)oJrhGK*^~Fas+m*Ee*=!GkqVWC>UmRJMCvS&8pXV>#U~?;6gIvm2#; zUCOgyXD$K(T8vSPlZ1NTT5t+ke8!ceDM4EvagCM9<^RvUmOF;sST~8n;e% zDa|rgRr?Nr?;RkuhiNk{u{-5a)d2qfd#9=TFg)@1+9~9xy{Ksd(1!*b;M{dpuVJj( zU@_XT2tU-n+O!GV+pH%=XBzgixp9ql{cCrrqL*QPS)Txb-}4W*7Y&VB-PLqX zrgk;NC7R5Z=jb7V)lLzkA(!sI*0aXwDab^~zo08Mob0zz8PU44ERD^iCq*suUah`T zW;$I>pn^Du(1?CxqQ{Qra8Dbz$+!6P8W{~q-NZttDq@ndkdjpTa3{-q0^{beoP;G= z3oT2nYXhw+_F^%(AOb$T-_GW;=Dd~5>oXXX;Lcf~XUW9a@v1{|a`>V2k>Jr-0jATI z=KY-Qi87k|NmZ&_Y|MPA33h1EzpfT9OJVlvHS?kcQ8j){=dAB~ejkIU$zBMqjyIt* z6}}JnYe#r}i*ioq?rn7@d0kScSbmb&gQ^pNml;>w^AdJDrlz22Grsj~S)RQmY-=EKyqYgdR zWY<^Khb@M|HTiq&1^pQX2YBy zmPlN|&JptMZ;BT69^xW6akJ>VuS^u}v_-D^kfAmZfc%FWPQuYKbQD!GieOY4io;=jkMg=<3@)vq?&%Q8c)sFX`>FByFgtlAf)!=jC; z5u$l-bx7Nk$o?l(Q(s$!y12u>^MDoYR7bamo^Y9QM=bV~4o&BcV&Z_g7tKUCX?RZ& zFyVM6g5Y&*Ysd(P!YCAYC}QU}Qvaj-o+O0315@Zk=6b?D$pl;y#xmelTi8;Uz%`R^ z2>!Kqo`ZemYelKRBd=w-E32{|65fr?)|j?|iy*Hkxd{K?`furAtE$$2s0aLeX?^PX z8Rj$mlpadbK=pC4nn}+j(w(5$|A2f#Z%L>W3MzZ|8aknJ}JIX(PgaF`I{EHnD`ISOUc)<$bGCWMcW$*v`&-GHw zKY#xPujaoc-D6aOd0c+TZdV}YWQ@BMl1ELAb2Zl!vuIu`1k{~1?9>WVFknEnRrn!~ z)$tnm2z*JkO{5R@8@le7*4mkMNIah1?1Y+bB>qv}r1sPaQGmMSI#x*p4HtD+8!&dc z25Ms?YX$Y^52*N@1Coh-lX-jr;VF92r5Ydp!TVU*&KGb9i^Mq;l*2B343MO!*zdSu zJZX0|@H35#(0uCV_LD(@fQWFs7#?d#YgatnGh#c~X|@f{XQ-fNo&dSF#uH)%%5>#!F&S=28D)^yX* zbgn>+p67MXhLACX{T>3A*`mf%hd-GD4F_HEf~I$YTnLbCbk@z-*1_Zi#6c3hR{!%vQ%gvVSERhvi`BxAWS(?@t%{7W zX3Ly1?VQ2?lInvY%JgZw;TL=@{9m>2(E&g%5lR1|~FRK@Y2|d?ezhkw#Tzbe} zywGx=e}~LPhdzE$=RIsPwD0+jJH$`3TXT%0<8X>LAS5pd4y^T0kNDp*QOvmZJ6kXm z3OpN~V5g>@VQMPyXXtYj*qpP#Cc=l#UhD*@GB>^_4(i(o*~r;_t_hu@O&B4N(f4=+ z+?wco!$zWZY&`r^2)Xgpd?&(p#6y`fLfc}+j_g5p0bz$}H^_aBXZILEDpEa}KQ27@ z=uNT7h3uE!fmVN6a_X4P7Z}}NsL~?dtDwldCYntygaCFc=acd)5X=M^X}bBJ46#XK0K5^bimQzRKOSajh7*|%F+R?Rsl(vW6Bt;k}Ex#zs(S|bwo*$ z={VTH|J+<6ka=dt$gs%X)8NvmXMEe)9Aj+QOvOiuK9SD&v8y?4Wp_nAgA*+WCeDz3 zyvE;c0~0HCEbaZH6ceCltQZ4x16!-UGpQ7y)+;IFDh8=%-%v02h)+oFcCo%V4Z;CF z?}OF%X}anCA&$QLnB75gW=FE6NtW~!-04lFuT97F!H^~0y&etbm@n!bdmo*=j{%;6 z2H8eY8^%~hwjSOq&lOBNj!Fl!VfZ+<8aqI`0y1pwt(mW=+`_UeLfVqZs_LC}^L-Yo zh{{Fi;tS~fapPF49UxEUz`gw9J6*&G=r=tOietVJWloLAaV@HND}sub^;qdo(RHw8 zg}b6xNX;IRq6uoxeNZc8rDug5CYEQ^*E|B+-;9&Qry&Qz?*ofn!rIP&R@O zfnPD6Av4d#IoE}wHsOnUNEBdRG{;MsqBW^+L@6fsBb3qEmLr}21RCr$7H_ep<qZsAw3O$(wuDQ!u5-X|^NcV0g1r?chY?DXuDQyVdmc~*taS^X?*;pzi z8YRaPQ3V_`LgkDYn_kfJDa#8tJHfN7o0GrOfqAKuILbUa=T z0M9B`aE5*|i}~W>;bjHfXff~qzzLtq|L%XAc6#`GKj!@Rx)Q|e?#~KPB!-n1@l7$hJ!NU4jZ1jo#aQ~0FcWG`c zOVY$bEvY4$9;VsNjASyIX)_z85q#6MsmKUKH8P_z*d(jEb{G%@No3){0zfjNw9;-& zE3LGYjcGN@{t5aKTFi15^8?zn&{D1Mb3YG1j|*G?%&v}#sEh!Ci+j)Uf0si-`qC!6Im&=!%9vgefBwQ@pIuCBcTN9)dbrF{t*(fP7 z)QW;OXci8iW|=4qPF8nP{H8Q7aTn@98_jhxY8*DPxu7aN?R@8k&MC1F9i z7+vg}{B%o)*rm*e9UX>lB{#hR7utIt?ilSb<|{4fXNo9TIac)Zg!^yF>}*wgr7KMT z`(#1?yZcHV5_81uTK|iUg#t8ZXnX#;KRAA^Tzao;EFEHTan%~~db&Tqn7U9hZxpAz zBBd-ZaIm8I8eSLv0#iyB+vSg#n>MscMN>GwwO((1 z1r+l^T@uxa5FsaIPeyGOkOFO2w$;Ku_h@H>t9&|rOF4hIpI7a>X z;%?-yO22@q(r&vQOoDKB@DwAx<){ax;We}mN`x@CA?Ot)o~UNVOhUTLD5x2wyL!9b zljUgihX-a>j_;q~VpHp*ERdXw{z_cno8Bl&WOKNl0nce{F8rPxU(G=M`u+KcS1uol z*iJu=*n2Cn`aIwmjR8+-IDek4GKj)@*6+0wMjO*z7&$fMSg!VS0j2906o|(UoHY5A zPu)G-wwgZc665rTed;2ffF#)xBR&&k&-pkQcIC571+zx=ADc&A<&sw;+7#bwx@Ei!ss_`_SLO5`wDE9016%> z$2tPjc?P~B`imq&S|DY0sXtpjqYJ=lD4#V31-{G^$F%xVUPlx4`l*f^p*2p2li}_c zgCSaSKcJs>a!;@YMS;?&x^8U?l>CnWVy>4--MIuxqv}i@R0>G7a2zrXBZeQl_UbhG zekfWJ21`zfa+fxV7emE{vv+7h{>SI>V)PE(4xhoILO>ePTS-e$mnp7~^z`4%7k~KU zmzf|65J6-_8IV?I1ljQO16Xr-Hx z_NDh}JTf>!Amohi*Jg{w|M4Q5Bm9nWS{u~T9%*0?hD-dZAr0&15}~dlIT@97nv5l@ zN>J;8Wp*sW-Qe=2NJ$a&%WF z;voO1m>U(Z-L1WPAu|A@yACWN>n-;x?iqDTU?Ly= zoEGoj=y&q83jA<8m~aL}e{hdtBUl>tQPm+N)!a9Boy}8{Y>tbFedp!|vM}QSig{sU zW0Oj!-D(!^@?{s3hyI_o{H-?i%o9Kmt4lQI?xDEL>X`^mqx)3m)7Nh~?Z4_Yt)mTW zWc2UmKb?BMun8fLrsJ6mZo)oGcU*0a!-7FtTeQcu?QuNWu8p53%1mvIk~8WOkqR`S zTN(4rPbaz&F{=hpT~t`bSck=#HjS<})-uYhzJk5R^-Be_S!-p-FjrjSaQL(3HnUOj zHl^%CZHu9U0l3$ZDxPrLN48zG-=iy39-BDN~51Y%!h=nH!<2SNSMEY24zib ziZjsO?WtN1h15^c=KHO}hnZ-x-QS7U+DERd$rz)MQ-5 zMxJ^e=d7WrpMa(grw@)QXzHgaO?{IZRdFeDcI!ZyH3HSKFbqW|u|6V0iD$l-RMC>* z0zrr+OiiF1({u<>F~(A(7leVeg%AwL65vi8e%;3QMI{KM+&sJG0!dP}+Fg3CA=t6p z0y)zvs3bc)&oK6K0&EXdhr#fXeGf2^E=pnEGNtZHrTk!%H>o`__rSxmzD?YEuN9v# zXN8|nx0$EWv}EzAGBYDj7FkRKTv_vY8yOHDBy}s+6csv!5R{-aa}LwvtO2*>2{fiz zZ!o>PxO1NByF-r6>@>gV36&V6w1D@CXs7PhX{CI%SW}ucqO1mJi2<8h#;S`8mb_y0!0-_ojGI}kLifswU_@fpp1t)Vg0I2efvJub&(f2Z zUtB2anw~z4)6f*5rf;^U-|43c=EFru2TF2{mY6Onb0xWqosMfjO^yX2H`V|6u6P*N z9)jWtLkpK=Oe+V9Sw}DP#8o|eY87t7e5anP(hqNlfh}Z^T}X)S@g!cvikx7xI!A%$ z&)Om7P1z8lhBo1#A(-cxLDdl_cCKGp+?8W4p~VzFq_sj={1eEAV_gr0^TLMd^)evK?H{VzQ@iaS3gdr(*`*F2vXr5Kre6y6AcJRlRPnB zwIT!NyO+5C-_BkEI`_j*rOXIH$);i}F%5(&_ymwAW`D$p zL({yXs&P7h85PGWv|{k7E#Gl^lP{B;8hm~5V_2%fi3m~9^-@j=6?p+Oe|}aEdr55&gdS)Ay(Rf+=;{8ceJ^Rn{ri-P;VK*?mmEk6~a)zXu786B}Jp z#eGrr{<%eY^=Mjp%6FW9KgO&oWWP_fG^b`eadd8PL$SMl=Z?OKp#%Ea;G&pQdoDC7 z8%{6*>X;Hz^sICV7jgK=7@nWuF8N*$uAf)Q)|M@e`G*haM;1glp)`pDAmx|P28(;> zF?BV(j@Jb-eZd^4UplAMe(tvoU zQNHN-%WQOsc%(1$1nA=+8e=P<+=TcArNj8T7(B`JZ`UPwD+H(O`BVD+h;(=YSZVS6 zWSbmsRz=wcrcWx?9-~@VZwnmc8Eg(6!HA-0%cPl(E2KN*B}JQkyqS)Nle^XZQ=iE( z40x4)9Jqfu#gnyRV2cW3rx=GK9p{YDWcmIoirGcJUpsX8eReqM8v5FPNoFiu8U}<+ zjoT`w&o`EMb2}L)oL~LTXN0YzFjs>=2s*2Cgf8j*a}F51$1goZQgw2lmYJeFt03IxYNAvX6{W$^! zGN_$SO%}%bnbmkk&3QnTB%C$Y-X+FNM1vhm<7Sl5Lp|EKIcMvt^4VtOOdeOQZBfmW z;P!f-o?u5VL!UZGuR^Y6=d=%e#IOs74NUg>g{zvna(Ku!Nb&}K(VAEp1q~q5|IQu4BQ6sHE967ct zb@F8!4P%=SyURxJhDd0v*y@^?0F{?^t=Ac zc(KA%cXPgSJyMp>yAFchy~s(BTesA6+Zr8jH+8HY@_6ZUUr)Su=XOb^v2u7CM*;UF zWdx0!(c;S>w1p_bVEpEyiL>DY=L>KPUJ*iPMfDv;%k7Lt`5gN!u!~>^y{s2d!!oW3 z{YCE3d={YL`0|AgYt--uuDdBc=D1;$fhvtMJ-VWtoXab74Rgmwb)W&FsJkfDn$h72 z=&yk3_@}-IoQTt(Mh}1u>@mW}NJ5|@-K2Z@mMSHcaE-J@cBE$7{VJ(h01_HDpX$^* zF*Xya4SY>(i7omiAI0s&5X%X-a&ULY6mlV1uoX81lDG;^WE!ST;24OTU4a|CzMM9DX?IKu@7G|%HplHmC`(V&HRdr>LayrE<19P5E-XS< zswDdoNZVNL@YK76XTz2qI2#xCY;@|}Vph-zCm3lLR+(V_+`~-$*$oq!HP&#ZALxwW zC4g2IP1$yiPIrZHx@M&ILZL@L3DPyYL(}@@_)qA53ki9-e3^cHN<2M$CeyJ>r$|W> zo0T1vEF_gOEhMdy-;x{+=@IDqS79FJM`*yZf7K>kn`Rk#PU`A*yBd;I-6HE)Z(`-7 z-<@jjjq@;d5-W)LJL)Y2GY; zNY`~u2ytdYi0?DCka&FUbeNN$7CI5i2y2T5JGXenU*3 z3C+1W8zY%ffI>TvZRkias{>*-I+-*D=ukw_c5FHt{%#f8YB(2LxgpVxdH29uL4t{9 zxhVBVP#>5@HM)8!N+m%!u)r_VVzz1G+0;}!RSR9;c*cm6 z1eG6NZgMhsL}9IOp8?n+(ucW<_NMS$sx)jpEsw{I> z6!gKqkv+`?po;$^flWN|F%QqpD}mz;c_ zoS)!}uqM2;-~Eag;pT1DguwYYF5!GUV_{spQR5?Tm*7dqT?ZhvbL>WBAOw1tFTT~k zYV9EHq+nLgc%<0-a5r`M<_`O)1FR?a6P(`U05xFxRuQE7384Y@p;TvOB%nJHdTcP~ z5o+)mE?1i9>%*jt$M!jI5|v$fp|Ki3F#oIt`>}7qeveZ7I|G5PgE=J@_ug}@1Zz^? z3+2aUema{?>1EX{+q}`WQxRVrcr~=ioGXRmmr5123Mt=x* z3K=>_G}!^8QkhKbh@VwW2gJc1@vz4GZ2%Rs({j#wluuw9@r#(7pUp|_myT&oNvHyM zs&C{Odri!dTVvz35G%{8cjJXryOb@P`6PT=InSMg-V)`}GR?T_+JO*3U5DVbj1;J@ z6ZJ0NYAl9xPh-Us`E(Zr&8YEKGB2SqOhshJD@zpYn0iig!J6E`5VD$5!bRTliBGnattqVUZBKYDXP67LB{*7X1)Tih=Tj^HeMbY1@3lY8*UO?86q(wf`CpG#0n@gEWUC|m$dvk!q_tHG z7||L#Rrr;wMIW`*OF4y=M*Ud?7)EkvCQ?p&suA{)QYIS1H_U(Oo2K6@>E zquLr{5AZ`(TR3lCZJqRc_zBJ*15&WvCg9qF7(4zWs&v@38buPz-njLo;V(SOKV7q3 zGX5fecd7Ea$p8$_AEbsRRIJ~U(p662Aw*05HC;!~;YA8oXR!A$R-)QLGz}-5F6Ni- zWO!L@@4^Zl14-eIIj`gU=ZQiN-WzD?MusM^Lz8r!5nGVcvkgfIEn;+x5LP#G2jN0> zffO6Dc4uO~HeU{UoSpj)T_GsP8;)tVRZU*~;gke0MFO$b7>oO)>S=emfc#3zb_M1m z8W*jg|e}ZZ@t61HQUUlkTFenX951wED8~jTm)dTC{~w-;>omjcI@GpRU%%{By2uvbF&sF;mPb)p`nB z{Afa!TyDixs>*HMiNf$Q6>rll1+rb4$lqk4ISGV5p)g`K(TViYa{O)U$%<{VDuXARlak^XJ zgxPtBCBukAv{y8vg?QW&%wj7?I8&RF^7B!oyM?#Cc#t=>z1(1*6goW6q!9B#k`tN_ zF*dwF^>#BXr>LhOO<-!eG&NJY_g=$oO;2r%9vaq#A6%L9m^ubqI^DSV_`r3eKJj+0lj1|k)w^(iyXOvjJUKpu64ejx%s*)ewYqD0Gf-&9$$aQeg{~$oH$o=SahGu z;2kc7;8yOq>a2&=GdhN(sio>1DBoUgecMW3o#eiv#>+t-hrFCM8MPW&A<$TQrBv<} z=@N@vFTSP~jBDn5=~6%{w{3TO_v2-@-H@|FU0*5InkzHjvGd;nxgyJc(0?n>9bj8o zB$-bBc2VK|crt3Na_gRqr?(Jqxh;3Ay!n{?gucq!Zs^a!;WNE7Lvk3aBmxsK_<$w|iw|fSlu&Dva;~9h$&5tKMV1*t>{NsbJ>*LleSDO03|2}i^Ou)3T}gWs}f6}nsSF;5XNg$f`Q2VW)6u!Fn2wugq2 zcndiy#AU4r#E~=OJLz_vq@JNIq)0=$!las7FT!y@%o&{|#R6-1BOBcQ(WW>#Hr>4)u7Sk$)b?rfMr(( zCJ*8XrdSMQ52H2BD^v1X8e>*BQ{b`#m&5wnDE%O1!D)eWqxz)JN)PG?iaww5scJ@M z-0a~MVWk4V{}Wta3bIc+YHb#p#D495k-CvE$tBB)G|0F*rxJ^%Ko{*jzDOG{mOMOf z@8@Q#>tR`L({b}z7$dKwr;IP<^$U0{KX%ag+c}J}q8C)fWEfKUh_a)z(F0lUQ>hnw zat2mvdIqZ%NQk2q6YUM^zd0L}sxS3I>WOLWH17XyIuUF9i@wNn+=lWCG(5td#n#*q%L;fA3nljRf04kB&4xS%zhTjtqI5AgSsi8RY{ z{R{o+^`M1BKe0GX9Gjg9d6}uIv5&ttBq`|E`jm<Gy4Rn$8a=-M@a|bYGPl** z=Rt}@N?v{FlkAvU(ZMEk4`EHB$y=ia=wO)WFdRyNN_q61ZEjssPgbMJp#Dz}`G8 zjH|dCyGTBn*g?2yYE@iR%lx%QwY5~_W;L0qf?Q<^t^?Zq2aitPEC#dXV7MC3XK>gq zeZQQT;h@)O`n*_oqPA*$LIUu=;OuH&2=Zjoo;tB z+Q&M1;NCqeJ1dc}iduU(aOkY`!IeeFWj~ps{l?&7wDgX$>%8Srt$liZaSw}$)f?t> zCHuaU@MkeI^@l^Pec#+mWB`32@7*Z)_is(a?3@TXIY+q}I`5))g0;G)JaTQ#;`w;i zAG~O#)$0(m@}AA0NH!wJ5(lPKbu%$xayVNpCJl7E+-t3yhcggxWTc&$PS)%=ne zSycT7)z7?UNOiAahHkbmt(B)gMBe_evIYeZ$_)Z_dqLqzef%UsV-!QhEGpWu)fhq z$Qa*1YiK5kP@yK}xb`D#>E@{<`(HM)GsMc-c>}K$X(QnY9PEZB$ zcYMbx$MdSzY*ulynpfrgnk37)lV(k3M~Q=a^X6@2Ad_qjso_3*6g|8XwU>=wi0Q68 zPtVK{z2em)T0EfR42Y&9x3u1A-09&-jV5(i_;xObm?(5F3F`?$$Lvn5M2}p8p$Ag& z7aj0(3=?a9kc-h`k}Hh-pCTEwKXOr-chYG5=h z(PT7w=}kwoRqyxEP56e$@RLTx2s4=(g6g(mU!##q*GX>Jn4TVANOKjnqs3g9$(O)z z@N>|*l9Y%Pda8^Zv6-(IloYWE>O~P7D4XH*sYrrRcbxnNU0c3(4zAFQYP9%_UdAG& zH$9`4gOz1vlHMwp4sFE+UvF!{p_Fu*iCDH_S)iHtPsaUhwhXllDhVFA?*!5G{oep6xtd4>e-5l^tY z-RMq>q1c8Tq5W#PoZrA#YWT9t!3uVgtD8y9VoKt8f{YBgX-RGu67* z?Fxhq$jVRGy-@9zZ1v6Wu2<)5+Q4qOW-W2dWMb^)5XmX_n}eWqxC8PYOZ#B`cBMZ} zXQu|d*OqYy0gn?*_%%{RE7QrOB|KCB8k&-FrN4!A1(bk}pdtEsCTyIO8OwWY0MnZd z7bDkpyx7O`AR+A#+td=35ZMqvq-fC(-DSzKokIukYqMF`o^wfd&v@BgX@5>GwBAOI z=&GbSkJz~PrM9=~D`RQQktH++kWC6Iktf6#8%0K=Jf0yoL4D3vU!3S%B za9Pi;7^@DYh6hHTNd_rwb{~D}OjD%%DB>zN0$|= z!b4(qfRR&dli(#v3I*PCY#jhE+{w{TpWdI|2yGFLQp&By^%9@nhlauUh^ELon6cr% z*^!|6Iwu(OG{kvWJpw1W8_%_;LorehBO6f+MDv54yr1uMCcSoTYwURf45)4_cm-Ck z5dv$a)cB}&y;RpF#+ zOgth*VC(A(fYz3lm|U28dnA>WTd5+^)QW{yyL+`O7wPtkY9BQf%as>lfF zT1#UQ%zgHS@HS5X`uD9KrH-xP7${=PDJP9f&!Zbm#EJi z4<^5n`KDB6d$`;U7*3Y5te>$Nm{=N3byG-~z%@qDQ5~$o|Hq)%UsUny6H)tUNBF z-%v6h*t6S~U<%5EDY=PpLA+QpRx+LoPJ7mH6>BWn@HMw;Nn@t6Bb55$D?;8QV0C=4 zMX<`ZC5}FnjH~uoOTM@D7m=chD?v07KuT4o`bG)|Iad!p`w}xOG)b}!9!r;vn$qhe zcO{$z0fjd{u$OaUx#iQE#!K>3e_7wpoF0-y?-7B zZ)iy@b$#Ob7PGh4c{z34Qqz~2z`(|+bt+18OvN2%Cccl&%*u1bC^))3Te-Db6ob7_ z-P$1d`V0*<7;D8BxyV>P#G_X>B?4n#TEV*6RWKRI#se4`W6<>C;hCsY8pnj&qQpRs zBzF|V)63ol_7)y?UD^Kk_P(8Gh*O?5$nFyrqZep24{s_t=zO83AnbWbp)55%*2idH z81WT-6)y3oD2&i{n;)O2DImL-m4tgvE9vG5ZMKunUEKZ579F4LJ7Bw+V-lo@0>ghe6xf0I@%&OPpxnYFauoB#<@Yp%>3o&vMnX}` zuK=#yT+{PCLeRhFrSVHzDsaE6Q;CILVWeocSQ&|0hgTbowtSkPClSi1(YMs`w~Rx8 zEuf?tJE(zRMhI~(+zxpI50Sbn)N|Y3q~^CGu@>>lxVLViX9&Ao_gb`WMHf=G-?Ycy zN2#7&T#uEcBvX{?nwD1dfnw+DPKV8WU6;r1*yJ07lT-L!Sn9Q|3xqJbT*V|u0R(iC zV{JzK2wW9G1xM-7`Very-a}EzB*DSz5qw0Mkf%-BJg6>fpe1I~@C>t`R;$qhsn;RT zIS<87>Y{u7sjt7Ur1~#ygwNF9hzWs!XUaivBJAVD?XlTRtR)_arJK$^p1@ya-U+je9|}@GBk1u3KDbQTOrvwW7@;~3g9~SvP&;z6T6|;SsH{`{ zF`du~7yzupfP-m^n`@~pq-4kDfrVEu?ECD}RpTj`gEX^0GVpALi_rk^=NS;(u*5f%;#?5drtbO+6s3~#Q`eD(o(M(S*_1Q{4LDe*Gr0TtdAYhDk0y7#yAYSho>*=pyzSGFWxfuSVP3~f z3~wL(P0={?5`U8DPrumpjo4ZFB7i|Akfw*1Sle|%i~Zd5BF1@Za;NhJZmzFa7eU$k z{qlXfI!K5wP#RpB+j8TNjZ;VK_d;Zjk|60j9oXqY0o!(tbmiOIOZd~`hsy^5Y0Ws=l9Urj=CB^5AV55vgaRe_2}kG?u` zweo-D$1dS|AM{T~FL;EoY3_?r=(fVN-*IXx6$6+me_@I{iC@!W$V$`i4ZmIfmH8}a6yLf#A2VTCqf9kizyZJ@e%{f`ub=ayqTbV$r`?EmNA zwl)+hMPp}O#m2^)!z$BTEAOV_o9qNPLn~lfX+Q0CS3hQlJZ3#~d0x!?88b}h2IKph zL-LsyRgXs40GtcBCKhoA%4cDAXbPW))PQUi7;cjD5316QZfCS2PG*(tRd+wJ$>t=Ph?c8~IA{~FoYmAi+269{83!ts zJoj&592_k-J>g9M$o5y+@O8n^rl$BL&o+axu$0~5<&WU74NZ}>_ZqlGCfv7Gsck%h zr2nH6-}Nb9bkd$<2CyymF3?i$1{IaCC|xK58B1U)3ZAd0!J>M?Sn8AE%35J2DJPLf z^RQ~3j38)XQsi9VI{_OG2hR_WtN!TgaP-7dtEHuMg)lI$fJ}%=q0d33vj22baZ|QM zIQ-cF*MyOl3{H14ikp znvm#&^2ovc8pO9*p(pT@>-A}ze1CL8XMmG1cB6kssvRJ6M{~qKu&Esh>M34*;XcX= zNX!Wm=DQ#n;T5mxfJKhO^!sB9YqM5r6VD7%zH1GDCr1Xum|DV&gvZe#|+tN(0xV&l6?3 zap_0kJ#T)*=; zhtC2bhs$q3d!~w0fD?m7>>RlEsU#(dt}|`DWoP-O-O#ou5>gA4HRDpEF{I)6ehjqK zwRi~zIC`LJpK7eACi^50;$4bEK)nwm3<|~ROk2fTGu@2S?D71PC#**`Kh}-ATZa|h@4X@aX!uFFu8{WwA zJZ7+2s948&)fmJBLhY`$tF?-Mo>)TX#H_*D$ zvtCs%I1)y^Gd(H6Bx0syf|iHOiwNF)SY08S`7q@74x|VKj)DyPL)>|bpqchY4#p*8 z`OnZOhrjuQ^3O78;OrhnyXY;A{YN58#WYit-Wf2@LQR2lvd%A|N^GZ1eZ7?iq8S&> ze|e3$ZzyjVG7{VILCSuKg1^DE|1?e9Y+%U+t^d9%N39xH1mLFX3p#uwnKNTMt}{L{ zTO@|4-ZUXN1K7XDT2N^O3uR%w0Wan%TS3WI6>LLSg%lj_q;?uQNF{L15Z!t@v)OmD zOCm|0#*{-ap6w>;7lqbBFS|n>o72{Nay85`e79OYZOb zI*+8gT;?%&epABa7e}6w!~ri*~F~!+p)7?wB6G2K(~jh+oBV?TgSEMiC0b?!|Dy-yYNm5Wiai{ z-7QdrMJ2);V-^CRy~IoWCY<}b5emrfu;0QlfOFGlYR*j>M4>I-K;H+QauE{^klSE! zB`c=8gmxe1^Sl0nXu@K2FISK==AJao?F{K(!*{V%f_9FFHJ4;N!X=&J;Es5;C{w0^ zfozb|ilWct`1iO)cz8DNwCNWUySOx*S56r!UH2GRPcVwNVf^KsRGHGyaeoCJZZyLE z;g6-mxtn>LW_sBJZaRi_dvxa80s+XtlH%}z3U7-Cx9D?)t+LM1B`zhGgQ`T&tMe0V zSTY?Xac%aV7Szu9$;6-@(f5Wui{bNRuyC|T?bDb0>If!y2rYTn_$i_W zx5_@HiqBw`u2)rEv0gkeU&OfAM#MCa*)WO9RA({1w8W{$RVM4wTWd~{7qLLz+8Q$M z6X5RT?t>Rf_EwK*em>cg0frAgMl?EZ8b~S&;v>A>q!0Gsa~+)Gq>t0I#JkZ=rd|xl zxOUYjly}QXT{vqvlJ+PzerpzL=gXr75-2GxFInvb@U1SVZF*gXpz^S@7!98n%kj%d z_-%K68Afmpe;d3W*ImV%e97Rs9wZS@$dV3bT_G?KL&Cd*yF1Oc4hQI_JYIdX>m}IM zaydsa-SaKD`d~L49@F~3k;8mx@QB@+w8l3yH?6zU01PC}TTY~T zi+}?>Y78Z9S^ReSXm5X=Hmx{go_SVr#*W2vyF@JT0;0d*v>{EvNE{0c-z}ySTsfdF{u%}Ckb|o=F^B%l`v{>t6ywBF0XS0J11^b)Xn@_x&S3zWuc**h6iOAqvqHr=I~@ThY);Y0y{SWBHQQOhB0X% zuoH_h$A8HVo`?anqLc1M)o7->!F&z#d4OtO(KuH69mO6!Q~Yvi9H*=m=1p>qoet>k zKA$RyJgEqY=W37gae2190n~W;1+7FpGv))^&fw(1wElMXO3e^{1UZeVbxj&Eq`1{i zNZW&ccBMDP@43g5nA6Y;&BXAzO;sOuH*@c6NHc|VM$qUMjzzLChu&&Yt;r*X!xOT+ zYoi4_SMcrAN{FPtste_A%S8$o2qoE$7Y-?$&4YgW%o)7Z@+A0)$-)xW#_c@Wos&y| zY-8}0hC^g~(f?O-FbQMZD#bUDH6}qrHjM#$C0_UYWHpn^_;D!h{bDfe-;EzowyUnB zZ!diATSbGLWjEY$nOuu7)NVdKjTT)t3dUhhP9Xrudyv#bB?Uuhk4J^8MAPUEQ?SHq zY_|qcCUn8)6X=&0Oc7f~`kF+xn5!X6G{!5bR)mc*CET>Tj7o|!Aa1!HvA_bOE|rou zR!mEa{gtR|xd-gm;Q{;K4cNvD{Z!83IGNC z4*a-iF@e`id_njPA>NQ5d>j1A)P}Y6C`i(7zTbBI8jZn-aNC>h9GC$)PncwB z8)F10N)&>5bn$cHqA?Dx)VC1g33ZjRp{N5ev7wxpxvr=uU1<5XWH1abA(?9kKyt>D zVkqrE*Vtv3x{oAHUsr-iVbz~alGVWhT*G$V6fl>v(ei}m@OYY}3Wpc^rY&Mo1jCT1 zkU})qL9}VSy;${Pw4V>`QXe4QGF4O1Dg!84P~IdrqspY?8xV(0q!8s@cqOO99~2}b znG0-gr*TQkc`J6m!ov%n2c8PVIcmJdi}IFmz$4I0w?Z58KsSb$UDdbIIGQ6e-zoZlIw~-G+J;ovd+uLd;xS=oX3EDQ>X1XO}u1ktF^=7 zc3-;jdwaf3s(AQvtLM>ucrTcUP=Mp|-=^T_aAf_PdWX0U05H~dCWAknNxQg~eE;=m z)j81dI5dArXhe@EgT~kxEOOxU*a#lcQ6R{Z7HOojk>{DA&K2-!jDxTEQf!RzlRKFy z8K)%8Cef@h2f4a}rM9^@B#0BGTJfHmhszYEnscA5ZWSBJ0cM9v# z`WMk^8Wpcq1KW9f;pAIoyMd)9$84*FNa9xq6r*9m*X&?waN<}QkDT0LKEv=a!X`T5 z!^=^2!mHYX%(My_q{f~VW}>kmjk_Z5_68?f#3w|4GP#>C<@N`!ndK1=ga-%8v9^(Z zrOijiIgb$qxZyab{4T~GzOc;69|C(Z0+}~#%%1tG;)n!&4xsdyRt=Z40S-y8euJ^WQS2oX;BZ8#v?u0Y`&B2=zQF zS>yZ`&XaW{#B*qJgfY`7IKtMkI)Bf`?$^(^iH+EVx=;+W$|M9qw%aa!6U<5xKjeu4 z+M&2!A&1aVHu-UBQ?h%tsP)3)40dF#j5Cg7wMl|AL}$LOFuZ*9aTY|-#JQzYSXVJ8 z&!8u~CbnnO5{oWq;mCy}CYfOMnJ&D~#G^~s@BHd-J|p!uT6E5POZnT~r}^S<&;lHK zM{i3`dC}w?RY`YuS1c{~q`VEDHjls_T#{R;KcFPP9Q0?X{P4%o0cjvc}k0;sdJ>tB%IVJ^T;nXe>iZt{=#c13;gs1WJ?_`di1!2kn}Iykb^ITE*l zEIY=}dsKCr7+*qy{CnUjCLkuhhbQUXx-yV*Nwxu3Pz~qSuLfUa9t$v6ygi;%0i39GI z9?W9=doG!&6YB~}_R0--t?q9)8M+X=Teu&4e+FNfeXzo;iU*NGm7ZSVHbJ@KClurG z);07h$>Ljll*~U~8J2NtPAUnmn>eXXC3)Qb8Qx0;xA%(6EKQ$1hkZN4md-#4HH!aiT0eXMP_Yp9@kfMeEbvhH@CbMa4Tf*Z2lX zQOJXYOV1bFZ}aVP@!Xo?IoHt}t^0j*EtQiA-+^CE08f(|k@RqQ2FV3keK5TpKRjbV z8*roB36dUsv$_zl8@3Q$d;49!SRf9v>XVPyn9eC0j0$DOYjZCOS%M4Zp;Jq6d25lA zDhtaEKZEgzSv$wys_vYONAF;o3tG`EK)4qlWPtHyuFyc|+TG=`elT)xqe`frXGk0& zPmk#^Mvh}Z>=a`LE>trpHkye_1c{n^8QBKDi7*`URyMVgqzx*}$!~a9v-~Qp3LYIN zaU+}MC`_G`&+~`hXqD}!0S4-b#bmRl`7mE|IRfYwIDHyJ4;&u;7L7E9kE1&l;(h;Z zHM&N}QSi1NA8)M~rqvQfhaBqIIFF|$OmLb(Mzd6$i(ut=NQ0Y#!${hZxOL7RI&Y?P z4ENSfwnz{`>^)7pD0tkCBI45VDpf}iY1q4(Bo1d9t;d-rjcTRRsvsGf_pmGaDQ$F}9;7a;>Oo;r4Oy_@pd z#RI!sr+a6Jjy~q`eKD1k9a{{F2L%W3qLSrb>vZfFX zd*Ge3;7!K}7*%F+f`h~8Z4N94j|x=Ra&*_14kyi!JR#sq5z;J_0+p#O>U|l z>j+B2tMGCQ?UCK5&K;rPPjqftX5b?6T7ZGvf#=TF ze0bw~@8C5RQ9YA0zH&xXPc3vmW$2DFnY-`j==nZae5(veBeb|2=blt&m)V8x5uFLa z_T=N{%A$$9Bn}6`S52sTVD+J^c*2PzgaSeKPEYS=Hdbfx0}51rrtyp(cDr=7_3gum zP7SVV?Of`r31mg+K|leF)w9Yf^sOdJ~R$# z=m1C~1a&vfT9`I^SJ)xrtL4FAq2>a3X_dXMg6FfyHTJHX*r6zn9n6U|MGMki^X2xb z(0eP+Oj##02}(x%BCHTFO9W{cnh z)3~$_0z{;Cz-aIgkr}-k zy|8RrsQfK)YI6_U8buKg{{c6 zWmirFwXrphw8v>0B^f)cDkL@ z(yc|qIyF=g&&i=#$t2+Z>1Lv+HqrtjsW45Vh44ac>^7>=BhS?Ooudz3%t?P5U27c| zS@@Sq#NS_1BuSugj1RULW3`K5%yBB>_FVd7`v-xR_+ZWol}X!k)Va7)0?pZ8O14>& z7N|++9D$sHPQ9V6w$dHZa#5y+`DkIIV^SClv9VDAlnI;@dElD>Vm0^}kTvZv40H^= z_@hFngqgg;Im%r8zPgPI=3mf?)m%z7fTSh-&2atraXn0kA6bQblFU;>Hobd^KR@d{ zHJBUy4bt?zw4ZJ`nd__%f7Svx=V5Hat@Z{B#6IK zJf}IS5)pKd=nN;GuAjBDgCoaXr?0D(VhvNJ@j%A$Z4@`?jg5X>8k{;OZ5>M3%%*Fs zz%?sY=r%gTSr%Vcwbqn?-c6AxNgxxyeDW@AiYHdNer~S|WSEM6Za{_3{J^Y0SFKXf z*XkNm^-NQcVY1bkc-SEBUJFbUjvqa}902CzITX(O%2`u&wnneL!fCw3pNd{12zdFU zwA~HJnD@p%7W2ZA=Jc2n=?9c8jYBSG_wZ`;F#0Ol@#iI|N+|n4NfzYOae;EZgLcLx zIk{txp17ycJ~W;Ix57a&?G^Me#%rg3eALq-=xJJm+7jd|aEKbi-~(vmEA8nHK7zwB zl8ROd9}fDb?`4c30-S^Xh0Kuukv+OOoapk_?}~?r@X+V>dnJ60D<2Te%;M8yZ_|^S zw8q6qn1C{N+cj;jaTc|oLHz3KDJwLL8=Z5FHkK@#DyIN6Rji`U-x@KqPLz62KII-Y=ByJ{tj)>- z)|p(~%a(4I`B=6=MBKXE=4$t7!ujP;Hox3SGkgu^ZI5T~=z1L#GpXAVFRdjmyws25 zu1yJZ6{ojLZfc*R0|7M7ZxKbU73Dmn(iA_Is^lppqZmRYwSA(d7T|o_9N;*k`HP*_ z+;7_+j>y+ingM0uX-tkm2bfTV6sM(TXQO6nG)HB9W)|E9*9+KKNtd9ASY#BpvRr7V znXt;}+dumD#8Upy7DHg1S|MMA9)poD#*k)FSTg7Ljg}gC!gNYR0ZJ8vwEG54akHf* z8`O#gh0%zYpJYSTso?kzEuSSLQn#pHvY#RjzGQcPkDFT4F?^0%-^P?ds?Nk`F#|h- z>7-Xt@oWRM{B{%|e5J3|gdzu(QSB_`NIax=X}>ElFYr5xJE^3WP`SNWqzeW2(dqqC znZ@yGoy4m={(xaF*a)~ZxG_ofX8bF2zy5h+H>J&6P)1Ww-x}jS83fC1T1P8Z#DJfX zN$}APW%X`#vx;b8Zuyp0=(}}yMEur8cxpKfMp9xh$>}fb6E2=@WH8|6MsDO_2IA~? zhB3PXv5WK|NG?<-M4!{PmX#&XQWxxuTptgV8=S(6$?eITtb%pOGG9B1pbz^$z<0#? zsYcM1VuS!kl};(e8*4*Z4etsLM!{CrV{4Q7Bz$shp?0>eL--!g(6SDJ#UWXrx6UDQ zMVJsXTiyfUWOHjxwmEkXqmRCpEC6=^@QK&K;*M^v=bUM`wza%#2wF@Na)Z1kIQk3* z3YQtGU>2Zk1s1(JBVE9lY1kqC^!keh5#Z_v}{86hB11Q?1s zpi%IyQO1&n z_IEe87xU-CZc~4kOn`-y+{CC{yFZnj_imEV%pA~rZ8U>B%N}--gQ$ZejenD!C9$nr z=FE|-A3QjcoIVAGVQSb9^g5z{BbSk`fp^xJIEMbkZ{u%N;6Of~cSG8_UHF8x0r>oe zpuF`Gp2Zx!#~BfRFsLCJlh0xF+41G%8FCISM)=72Ik7VLcSY5`w#LePigh|NMoee6 zWl9d3z(eSvTx{=&Vse!D9K=Zu4}KazCurIWy7|`&v_{jOYR*CgzSj|)TOyVKTG41v z+9|SJWPFD?4h}WeHS%iY=y?X#=x70zgU^*lbr+;34ijCYtx#!$JkS<^1KpyuKMM>g zyl8t?cGCa8>z;xvZbd!8ODYBPa?OAMyS{{Vy>Ggh+iDM-1DW*A^6Bo?@1~b8m!Dqf z1jQrR(9bxtmgx~we2}FV^$yU01Sn6TI3zo(+I`0;jy6FJ~Y!39= z5t+R(x)bctN!eY~G%Ax0ak4XfQ+HxJHC==cE=HpzF()y&XsB0M!&XDhrt_=>OnIId zFohj!?xj$?A#Ri(g?n_b`;etKc+Pcl$)KdpId#b9k10u-wI$J zvzfuv*xF>HIvQP+%(uq21!kLdI`&#Oot_FkD!oesURNunjib~>aD6(!laI(d67Eqx z7dR|N>`$xM@LZ9v_7&39hLVNq9J3hqx0on4L=s};(&Nti+G&5EJ`>wfB%5E;Id_y5 z+VQ3K%`{vW?7er$#>#lv;cOFk2#E*wHk%Tlycc;fr^-N-UUM)}Xp{gXBk7sxB_anB za)px#n5fV0IrvNE6oULxZLygeGLi>Ybz2-}^aM|-OM^-EE?yQ=key>NfCK{jGGnbK z?LsJw76a~9!mL$s<2HX6sq{mRIFXtn zba`E=u4ZQ!HB8dK%J+CVWRDl{jb6q8=)NJb@`Q>&)9vLwP#{;jdC8V`dI{o6U=F)s zRus33_fJogZ=dE9q_NquAL;@9g7{CVY}(LtZhKZCf`SB1Y*_`8a$3_~GYN`!1{4n{ zxE8~mv&mAdPxR{JNV4Vu!!C16)H`>hL56@Ocb>$62~cO^){$vi%a?RhA2O0d4Te{miWNbZ3n9=FZWTfn-KvC~_?g znHdacc?GQ&8^WD0u%s=lsnZj4j1E3`^^~XFYnDez*He;Em-g;bcd!~#rk7yJ!&#hY zkq#xVHN#%lSfr8<30$#8o{JY1teMG>gwL(Xkf1pWf8qAgm;-H9Ong^~my6}(qo0hY zx6gn%XyshIMhzKsZP6*KK5KqMASMxfDt2OKQ%ZLLSpgT;2J$wBPU()ymqDuqOhQV% z;CQI$hnE|n3Kw{xY{v#(F5cK^@+6+f8~v>xpqAL`^U!%px*KZ;O&rp-b`zO&mvu#{=%aP&dpo*?-07sA zD&IgXC*Kfaf7r*fS za@JzFhE(i&jgiNFW)J-!2mkhB7Knz+wW5@&I>Tz`?xPu->#=bEZSY+T-RK-_Bh1mn z-Hm2=8BS1QjPoi8o%i9ZAfk?_v>Y~w2ePC4mN%x@RlA7t3_jXqjEPZ~!wJI>w*uZZ z68YV`R=J5y=xlmRjpZ~`Q27;8;iF5B3dNd2XgX!FCk^o3AuHQFG-wUCI_qwD%LG%< z<`pGc@gcYddnj#u+^9TojA`4VH%A`2Km^pzqdE15GrLL32`u9nu?9{1v0$QaJY)uW{#f}EAAT*JqS1)8u4ruUmoAeHx zo$?#vZfi?lb$0=4<=0vX^X=Wfm&54g2WrGvuGkCEmyO5*q;zN*SN?HK3J3nglN}=< zG#^mM5b_k%uk#nN-0W$SxTW6nd2&D7Qp?#Uo46SVQ_VG8YV zg3xK2lELt8(j)N)AIPUin-ASN(x$A4+oqV|&?7SqFMEF2N7t3#;geSmnbajudSfS- z#uah|^_Ojo9kBY&f%ICsACCZ$awRFh!$vb}*4k>J_u5!(KQDlN;clPNG9CaOd}u_^ z5ia8b#eW5hrurr+QQj#y!Re5!68=vE46Z_?Y(f7r20alDmyx&gJKQI7TfoMFXW$*3 z6OY1@bBO7DM7ujDcVlw&;Hc|t*)F6m5j^h}-=no<i_c(5+$%R{YLL)VzWbcq$O*lui&XwooS!0d$)kL@*kmST53 zT2ef4j5o3AAXMF6!#l8Arp2<7znX`4^jx=QAsK`Ns>#)(TjbIRK?{RQ<3BEEK1Z-~ z=I082cpNO;R8?%HSLWtWXVsQx7+>2T&F}4`4!h8hc!*&zzm@2xy?cA$$Y<)+W;@cU z49Y#`^kSV8-+7*m|A;B;q;&Eo-1uB;8_aDNunPQ~v?T#Y#~5tVd{$)3;Jf^2=AOlv z!t-6I8IqOd0XbR1+{{pbD>1Hhkq-e{xbjD~r=5Z_&UpC}J9||4*_463i(h>5~ z0E8@>n7cj2!`r-SdcNU5abe&Ml&pR2E5D|5a*W%f53qgChmmXW0c1!v=TQ6ycG`=%?O>EoP*XZf%DF;Bn`4K<03J+U2j74wc|;c1Mzq zIKnyxP6i%(<$9I#uLEF53#5NvV43tccU3gwk%p*95+jH8iB`QKzyzZ;Ik95jQ6(Ln z5V3xMC|UPQ@1KVbz?wbCOc92IjOO}knRzq%wHMNuQW}C?d9V`?8~b&Dw)8v`sB|&9 z$0-~RzQz3cPuQ#;ljxcY2OA7X?H4?7{DO(=Ayz(0@g(XlWJttKKalA)q|^I$Ay-A+ z7ZEY^BcA9ja;3~ZD>TeHXi6$FRdmY;J_QpLBS8Hb&anKNALA-z58cx9 zVY9>W3;^C3d0CXuVZyt2{v3hWiUN5ZxeJyeVa=E+x9a-@(g`{z_s_ov-bE6YD|3 zL5%0S?cnCli67bR%XIUeM5p)9tLMe2_u^}SB60-dPACnyk;r}OA0Bh^#^GeXojafh z*2oJs7hCKh0;ey-kpm3l(l|Vc#c5k}J|Q+d!lGh$7R4%maQ*$yP$mh&nCrK$Um7;e zr}5prG@}(J#%6?5Jd_12f@T}9<^$^8qeJ|q`}3u3=aPy-HK~(+4>$abQR?DlWCsCb z{fb^kU%$fj#h*&AqhS6^KszwDoK1=3P4%|sa0%594eF^rOA2>tRZJ_2cg)nN7we@X zSVl|%R`^~^8FIZ4oZ?#ZQR%x%m8u1ek`nS|e7eKojIjZDnXElxZ-E*8!r62XSNzRzVY{o&<=Kk%kPkXDNt+*W zJ>F}}tj)2fpSkm5>0$~EdduP800o1V15~u$z`36wW+_J(c1{szx$bLrhZ?X0ho0#b zFHo9_IAb}#@BNrtO(+16j$M#W@$@BOodeg88na-q&**_HTgta+t}BoFTKV-R>Y{6p z4jVu-{)CCWr+&zV9jBH!%)pZYSWa}@W!}s~g6DLw&6?wCY*CYW#&{mUg{~;Awl1s_ zFze#>E~mrzEz=*zyn2k|!x@P^xq1#uX7Bge2#Gsl)tt7n$-#oLxJVg&FFzXJc^u7W<3`PrD-S<$95aPT%Vlqnhsq-w2=KH$BMUM|7`#zC2vnaATtr3MVnc^v&ku z?BOi(xRj|JDOXuH1QT8#`e>UnAPE%`WKzq?*fMBSsud$w{g0*HncAadTDSVgKCic`A}yvm_uAdW833 zQ*Q+e&@xpLCC1Q-jjbRE;)g|H9-adfJpe0EGm})HVG@@FY#2WG&E|nKU;?2I0T}Odj zsR=q%KzCp<0qIFhPVT>BVlcA#tUq@<}W9_ z94UH-0A_7oz2$Y*(i6lt>k)dVND%`HKwijVbRdi==(&t7y)Km_7(DU_6Syd;B1_MWIi%ah19&r-(yPu3U{os>&_h zdv2DGM6zATPha{$XQ^9daZ%$dztq~nNkx8#aeC=`$cnafqB)n^cWFu&0JPJ3qe^E%cXO07n~T^J$B zCKWdLRb+|J&XuVs<4)(}{4<92fm#-Nv|6sZxmQ1UsE{X|LEr^Eo~N#weKB&JzL=5! z;tnM5LnvC3g1g}8dFcm`2ojF@evN^mn+xTnG=_Q!E-FsUBl^{zYhtL5Mu&W#JJf}3 z9cLoW^{IEHDE6zWR=B+qeCm@(Uq*UiGM>=~-ocDYen;5y+>s0SD6Jcm!~`lt6ODl- zVL-TJ^f1SK*QjTVSrXyes_G~y1wb7?R;bpB(&;`%`}~; zox0PnG*>S+ZFE}g+PK}8_?mtbL)C~O_)w&1AgZP#(v`9bMNqfXlE>zVl1^pj(Nx7R zeK@gdYeLbDnY9cz$?D9v7p3&}U=1NlNi5`jfPZu=!3d2*XZuf>sQL2lUJ841TAaW8 za?Y!mf^9HpGo@Wc&H!T~3m%vtg{`-jcsN)s88AoZZH-n}PtIr+g{e&&2zMgiBHF)r znm;)Q$7t3vT(6s3p{FLTO#(P^`ZWgOVe7WUe+$nSOS5Gt!?CgWmE*gGqO6&!s!|kb zSWjt9JVfn)38~u10zeRB>l54VfyCVqk!S_@uv((>MOV}cyW9lEiZZ5SP%F4&8q(HJlV7^blhGqt^<~x}tqq`MsdF62 zncK%ooMjn#|8QzeHLP2cod zx_B;L!3QXt0VN73Z|Pb=M{G#ViO9A&gnqb{Q{7a?ZDJ%$jPT>wrfiBWRU1tTBE@t} zh+SKw3ak@^(>_rDWjuOq2z*LgoY9f0{$m$i@UA4cY9Z-ENFMmX4>KSI_lwa8DV!BB z2b|zru<~K=DDPrY*xH0SccgcIo-)cuh+;&@*Jxv<`4RU}9GN9OQIN%2Dh+e6!j4Or z?0+VMnhFV{sSPc`_(dTlc&I5s$Mi^(g8oex`ko|f7-K3zXD;gr9@+GXtk-wY9bX5! z2yp^Hm{+F{?0la$XsgkE2e^UoO(9nL9S-v*r0}EgJF%j%ySJI1C!6yDcn>P`7N`{G zC@nWe6$0oj2>z-rfZ3eDg?M(az7o zBZ|7aAQ{72@Md*6j@X}CgRTfHQ}wkO+y)%dx|cP4Z2N#Gx5*Om7?wqlwg5nt%vgEA zWCJfQ5$mtnJ|7EMRMtsx~L1RQ4^HRwjLdx0Gdp^vRr}n{x52VN! z0^b=L%+Ft0G55T>KgWR}pTbCa!Zh&K-`fW$E#ut89tAD-%iluDR}lZ5=Xob5%;qK9 zr!W1m;#&GLBMH?5Kfu(p)#4lP-Gv@*jrIWD2q^=uW2T!D5F*L$t8l#B7X%465Bz-Boz6Qai5rKq^wbJF3U+mpUa`r9Ij?`A!=n0PEVa*YAK;oh^>4dbHjz-X7C)eKEat zcI%*3Zrn;7I_Mz8>JOts5O~o7-uc*oEyS+@)B)Vno9DSCUVsfo){L3*EWI2Jy?Vxqe-VP(E?lZ&xwO-yw z>*aatRDq3L+hFk;=F4#dH&QFsHEfBwqV+U5&HV#QVE~S*4rGM;w=kc7(30I~A&z2I z<^cU!&G|lwy#)lmIES+&5JsXdVZkIcf5R!y?oh<=0FSXmLl1xpucN^qV9}nzWr%lb zdPyE0!%J|C%mJ#qG#fwqivAg!biBl)I0m8ls;jVe${@U4mhB71K(5gCjeU?;y#7G8 z=SJdwT#b~L>*8B4WL3n?t0{bsQMKwh{3CLIYAAtsZz?u3tM&J`+yNblM%8|Egprht zJ^;WdeY&YyL4t%T#BWwmqhS$T_pH^h*D#)Hvb~-4+RZ7${AeBXWKu#$q>Mz#uJ~^{ zdf8u(+A^mHM=RGfg&!1s(cxzz>6!d{`j+dFpt1^-bpK@gi4lYql}|(yn_7#GmiC&`mFGHm49y3g-2Rj z-9qP}H@h2s{oP=K?snPv5v)c7Rv16+j^IJCW&eqtpE$Q6Zl~};`9Qn5!we4`IgTvn zpCGA#1p;66)bT}ApF(05RfB*!pNFgT$6=$-?g!%us_*v<<<%{*bLZpZXOCTt%F`t# z;}R;F!Um7=)$oFi9^-;;2&_Vdo5%1dp&eE*1ZtV6gQbXx*QGw%^Lxt0-Z^5kn%B`T zDhMbBUkIlXcsft+EXjcg@jIjBO?gkSk7XHw+^kIo)bjv%n^{Y_v+^+^#c*-)x)VQ2 zzLq7hSJ)UysSkJsX*^eD7L3*Yb1)K&3=is+S*>4Gs{886P!q*v9#js+uB{}X&dGY< zKv1*FF_#R03I&x8U{gQj0YJ*V7dIxJ4!ZjQ-A@vZ{^KKna{T#OIr?BV>+d8GYXB>D zQZkTv4ihDP8aqo#s8tk7&a}GWIdotTlvli|Pn`;&+WW#DWvZi^no2K3NtT0wi9T+? zjw`8P%T+#DodA(>2-CpaWdKBb9O`&uH1AkFFVE?A5^3Qf={SE&fAoQ`Qd~lFfo7K* zxSpgo(KTy5w1nh$91X^7RZ!an-;*~Rnt*vCx%wdqP%KwKDrBF)(iUoNJbo5L$r$#mUq*oXK?_HXn$X+f`GG=Gp(zhUH6EI z5mU}do=v6Qgb!A8l^{5GmCgp6A^O#(w&UYg?ds1z!>;1bCc9eJE*~9+9#PQfiNIU$ zq|yX$^Sly>{RT%?PDUH2&eyFvWRmAK)+c}P^~oPhaI#KU)z4{R$FoC=_$2WfNnBE| zF{oa+8}M^gWjeQeelgzrB71<2ohK?CIyTdD~o7I_Mx>}DXgmr$-}{YbL(AKKO2h^)bv>$C+-^gX=_6I-PeM;mY+^^I1avs^tc;D z$y7OB(YZFTba#xVz*V|5jiKqQ4&n`Z3Qa{3g=$NE4YrO>QM!vhs2ZB>Z)p_i5>C)th0z#fOoHm;mmML(MTTyKOq^htB z9FoQ*sSBjuPF-8U8NyYu%6WOStbB;TwB0Xmse$2B6dBfi?K2L&$2d1${P-S!=?O67 zXV1X#HHs(-;P#0PVc$^#<#b8oaz1HJe=53sq-JQys>ppbn%%8R(gbu-((^gvj$Uxd z`XG;yPx1UjTHUNK{^4>5LPd9crBEH%5~cw!@)f9w^&z>k!KEs2{;i10#jc|zr;gF# zfa&RA@dqub^*Xx&^7DxGFT_tOq+QWEob@=y%=;OYJ9Nh{GH)|?2`M<7Mtd#yxIs^= ze9oZ<@=mYyV}R^IBO%WW{tiL>$&+x?1;$#l)P)`?KFTHm?)%fcA*E}FUU4O=`6dEqZkymgkFU_#@uq-q~>sS-J!9eh0Q!I8P zsv#~hVuL`S*pgR)=d@7cM?0^iIn*47=n^saM+}P)Of)#rKIV3+q@EgM8^Oy@juQZ| zKq@;HBb+*l zX>NOgKTz@?^9afZJmsI|q3(&~UBj`a_h|5Gy>;*+VDygCU?98QS8G zP!8BBFuXyZM@<3x@15pg(lkUkz#Sy!^1@Z>e)jjg3W=>_BNXjofM@w-fDKW6`o`HntlK*v=)k_!GpBWnl&- zjNiR>;?czt>VSExq2k@%m3WI4DO00uZ7)G3>R9gs`K0~q^1q;O38rX z2(0aWC*ftNr%<)wRE_2r(f^j#Za3p&-3Mnv_qY}l+&{3#F~*!JsIl1ue|(}R4-@>s z3^${I@N~P(#py@p``y?NxAoD(G$TR0qt|X};h(KIO(dNaZB7iA;;kGQ&zy#PBJ9SH zJg}>h^IZ=_ zMgrXdZYX(Hq+nvtqcZjQPwqsdVxlpjnsx6K&u3tCfJ`&H>;0fVf8nrUm&-~TI!5P1 z@|1@r!^jRiF&NK}yZ1$Nl(m31O1i$3wcf z`17v++u187Y4@*2OZd$|MLvA!AANTa1*RcioXThpDKO`VO=(6CJto5j$^F~Kd~nB+ zoe`8d`tC5^f}*Fbk6y0tpb|)~dSkGa?O_VA6$9ZU*?_i(i{azqw*w3AY7+L+x;CDd ztNPOC;1MA`x_Yh)@#y3K&P^4-8;U7a5ILmE&$H#X_ z*a1r=2)-$~AuSg|N=<-5d_*0PYCElZbOap%1K}#+WKcA;zH&`_qm31Dm;)rGPS$jo z9=V;PkMs8v4k1SO^SNt$u3PK+p0mVKGGRaqq>#qCSx_l*wNwCO z>CjF*IJrn55;8V|YLME4#2aEj%%&Ky_axM5IW()*I{nKZ(dj!MQ_d`6C9(2G9ny^to(0xKf;q)QxX4zjkgeOH?eP6$AS1z=VvAbJM$C z9ZD%RS~Cp3q51i%1B9X_GRsl~B^HaaO9m(D2Tc)F`#sew3X$pZ)*)DBM}1Q3@!DNC zWuXP2OFfsmUD#NIaPzi>Bs2No_LYC$( zb%0+YSQg7ef^0fR~D#ZZAijTV@YB?Xy!&;As9HwFF)C2TmE14ODHx3wq|#zyO~Jh<7($X#QID4Q{F!F*z6jxWJ#vh{*uRLgdo)&Rf|WT-D6)1tDaY z>AhXJp>Hw0moX!qs3ki(`RW-fYK=Zb7D^RLi`qPL&msT#8ojXbgM33T`U;;GgNI0- z-9YitRBz1?RFfXK6*zET<@>4R?YOTBKttapQ#ge<=mQ&K3Lbb%HRL*X!Zp4^og&75 ziRR;z{1hommWWZR@+dF?$HrS~*5( zjO?UhZBUo+HeFC>=*XvEBOjS(hpf&sHy^Ph744JxgMwDeu5BdLL|fh|v*XYS`WqEG zf@|PEU*Et#m4VKYOF%adcE;H(IrgESm4^9eze8pfINb2l^Gs-8hdnpVI)l}42Do&9 z^^O%+`~BeVGjqPjfcZXQ`h&ydfP=Ev91u7}`&46Sw5_kvT@%mak|W_hL;ak{-(s*M zo$iS-2!l%Z@*k$IH?+a`NAw?nxQVI{l%c?i8{gy?H=u@Kebck<1HM^%PDlE#Y*vhH zc^I*i%-LUJ*C(GRox}5P_bI8PZM1l8tO5|+D{4SbS= zSt8)7Gq-}bN?gV^N2*OPXwBvbC{2glss7VwG0{E{TKMfWGfdz1t<6*aJrj|t%aZO2 zc^Ze9qD0GzeK@Ai_KYD~Pov>#bZ3rVYre_2A!4Rq=T~eK-=vY6;Uy#3Ug;P1LyKT#tR!`IB0)~ppga}qVPPRIUs;ZINIw}XjQy$vZ457+14A|-Qj zt3J!2%+q?Sa!4H{Kg!(Yr%=zG##c*yx8%Be&#sX&|md1)=yobD+%qh zx|q$CMPoWfd2N#~WqNFMCH;1&1f`P@T$Y-CvN*AJKB!wbAEb=C=a-9->zfJ_Kfbgy z$epx4QYV}V+MNnBhSo|T)6O9a#uuZP(E`(zQlCyU7Qw_-Q?Xqxv$M)x2C;cSHl8sh zi4z|RBe1S<{5~)yg+>BQoiW+~zoj^R&2MEV3uC3k7Q?FSK^wGQELXl5YSTaZ>C^ku z8|jXM99mIv+vq5WOfoXOV2%Iiuh7)mMZy5zUb0NY|!0?Y|wNx9X=USf9F_KDB0$*OSLCqK}W*wtkaa~p^&G73CuUi~# z)#!=S4%KW=tGkp9a8zCm>TEG{tP%w^u#1|<0;uyV1Jhk4F5+DtSBWj2V2|0SMKmZc zittofmmKSZtI8P3{u1!s0CS!R@BE&GFex9I&+qyRXkhkskt>K<^xC|kNn%u$vm6!0>%FP(4SRy*D9WNvVF5$%4Q38@#+u17$xi-?oT&7Xb` zql4!qF$>(!(I202z*h5~SPx7Hca$_-7{5W82cUDq^L%)UDnaxM?hl4T`2C^a7wPo} zH?TDLwO*2y@E-5LYiUwtDSk=ALCUlbg4_)wWD)o^xNiK=+X+*<;$p7o0{tH0nTeJzQi+#~3>x~%jb6KBU}W)$$})nw$cNNi z+v3taoG_9Hp*>wcYN~*c2gKO;D-)ZUxS_=c6vC_&XXia2R>QK~^h_vP(|Y_Kf8c+i za!U~%o71QV(?3Dyky?ui(<;R`P+o9eiF#p4QzotlgXje|hwLbZGN1~>o4o3&x2lWh zb`?(hxTMf^^hI%sJ}xQSiK{`An{^vVa_+lfcBg|S6aL+)DG4(H9QUxQC)KS;LiT+; z4Ju^SxD3Tu?TlZrv|>0*{wCV$+h|dG|3`4*{Bn+mx}A(9Uvf2=J&b64bO1@=l452> zVi_Td^eoJo6yXGyQtN6rY)bo~EZ()oF-(UXXv^2i5c_DT-9hLJ*RO}5?gsgwAyWrB zl*$iF5=1^PR!75tIh+ukMQux-s$Lx=Af>k8h14r(eb9?V#b$4|XQ!}d$UyQ}CCJL5 z%OcRq{KOn&ls1_V@d}igC>$OG*Uw%S-F39Ty1g2b9(ddz?%mVAi`~P8c=Ek$6w+D~ z)_hqR3<{(roC(42k`Q;Niyr4m=SC+2;$RL>u^-s;wP;J@b+er-E{u&nOj--p8w)!4 zL2%5}12%V!jt;4EJ&nQnYB69vZ2Fjds;m(QI&zQ27GGbQWNU$eYh1G-{GbW z2r`8PN17Ue9^i&3NvborsN&qyM-5lnW$IviE$@4{=^4lE$UNxph0K-qo+bXU9OvfE z+m<7oH?ao;cJ z=ubad0N7)q0Nn8&(Wb1}1ML8!oO)l*C-&-Ie2O_f*7MBXN&;4_rvEY z4@CC|RO?CAp8Wd<7)%uJ;eR~7wEDdte!qO;O=>U(^Qoj}B5Jq_>L(BQ!}!*YdoO%g z{#06kFz8BxlTFHlx18Eofl{JQ5D!1)sD@#x+C|~4%2C}(({uG0Ww93jN-W95|qGK z?n@aRlOlt#!6SNU(zJ0ryPvmr44s=-3sHWqABdJA3Z?4YPs#MQPf1EgLD)V6Z<3|q z*$%IgU}PKTo9Jm$x z;Qs_132#=2qBzc+OMCaqQ@^3a)~}$-71E3$%r@L%*``Q#Zya^ zOKKJhpSSScRcg(l!M#HkZBE-S#XbPb5g;O!Xfd!chsQIa{BAA){uL6Cod$mu8!Kea zxU1G*EoLKcpVRS9j(hHK_~g!`UZyM3X8bQcznIUJ;SPZ59y^O#Ou+3OnS4!C*IzY} zS=zZ}#BoJp{HTCEz*D=JsUmEval@oOox8$ii=&3n5CUhmKfY6G@UoSDQ_C>pgj^yg zR?c+SfE4OTBjEHn>q9S9ElHaxvkCz_K7vvT2aZaKCHS2)9rgXpS$o3;*v4O_`AeGH zw$Vdz1Sv@F4A6qmT?;m>IbzgvYFnhbB`{?|6{f>kJ5|HG zr^-1<-5d!8IR1rhd(7+kU<)g-hDe#Mm)TmUyJ8y-f5Fz-5YybxAHDVMwQG%Q{3quQ z7q1>1%Akx9*1mbhH*xKKRZdJ9NwycFr|AxcX&3z^kVVXoS|KndH5a*atZlsV+w49Z z91Do(VqZcujGXPEf0`LI_Zt{A#P8jP2m0y9Wv$R&3i?vUGHyP6nsHbP3_GJQr{Alr z@=ZEoZJX8=N&lb2(@*G5J71WR@2e3A9?S6yVDwA!3X2XRNs}o=26kZAA?9YR!1AFs zA#~+_C_@b;JYegCI}DFRY2FJfB>>!u2|f|FCm%MtAnnRHk_F1VJT_A8Ff+H9KRbVWq)7gM3mL5Zd7 zv~1u83I*ztO&IYG)?V+I?@(s@T~2KGm#xF@-fPOBTEZ;r+n8j@F6xt)X@Lkjmk8p( zXD-;UA}apu<#UHqJhZb##XOf2N-tNZoVutGD{n>=qzohM9JqdWlBJFU6dX8)c1hw) zRjgmTwE^5#?1W>MarQ(5^ZubJBxDc#4zdaO10Tx^f5A}B)~ss zu4XoA@4H6rNx$X6FYza-)Aj3Ry{%%I`9dlM9@WB6T0&*mDjX}62PM;C8y685HcrYGcjT8BsuN2| zN<)%PszMEl2qa>@FG%2VJ4NFKq5@(82rr&7e?~ogT=n2Hm&foh$|KUSO~v8`RLg1S zaHUP$3gRG1{ zv?bFGS#PIGY>cH=@#~K<;9>0UV5fMhdpVUYb?4~Zl;wL$&14L(U7n^5zr>2Y;DYgH z+X+nGh$MsNs+JpfXHFY2KrzcWvr`gVeZ?9R^yYo4*&;5%C^1PZvOF+>|w3UriMjq=}eS*9XS^Wdt1*!G69T~ z$Rlxe17h_9!VV{IG658oa`76SkJ7H>hm8ll#wnHeb&k_wk>d~Zr*8>R8^zGvS%#si z2a&D~SqYE;DXHf*oYiUe)*UyXo?)575x_F*7kT0U7vAW2i5ocTAmFk7OW6xbVHa&O zPYE#}q%k;0x#eIucIf@hweSS>6ddD{l8)n)na~Rr{Rvi&(N6ato(G_ouSQ5`r&rfy zG0GP>#|bCxyj!1_i7&`qUg!lGn?+Q`$;XON*QhjdLVrY4b7X z?5R2#&ysZ2W}HbwEwjSvja@v=pZaCzZY=MH@_h)oElFVCCTS81R0^g1=O?j}-z^}C zFTTTIQj!V)nGL}>?&6+UDY_EBTj#j1qq|H8(1(-4ryf$=O*P-Oy^#x@+UoF0Y z@R3%_n1hikYctbAH&(>af>1_~JZ4ngby@!C@Mfqw?MaJ;aZwbRJv?wy*=F$kAa+q* z`6_>-wPvG-q{`oERd)8NG?dQHx>#3Bg&GV%hU#$o5j#@{y-ZrNVL>eyopb*lWnvTl z)Y80+Cv}CVauL|eL4S653`3(3Un^wNZ@yoPR6A79ZK@p@!oajn5tss>RT={~PYc2i zx=bl+fu@FLRv759MFZ`c+6Ek|TD`|`30rAQazp-^fG*=g7#)DfSZm?43qq0kNRp9{Ba?|Vxs71%=@s#5N*p)I*kT3!0Aaz*eQH*1;p+WG$adQ)DB^b#ZKLLhZNv*+`$%9 zXC*tq;VEXno!{Zi4rW8`>)WcG1!RbKeBxCaZa_HVV3Kw)teK7AM!2AsRa1}KNs@vU z+Kd@Ap9NU=$YKg@T&mDW5<;EN=&tu|WB$?|1>1*&$J^|(wbFoSP^aTmwUgCNV$))K z`Igj1RrLVxBvg+%tSAA@WWX5Ito1+XcAL!VdH;EJ-#P7lT((XLa6JN(^7v*kp6ZtA z^Bc!$Uu!}$NMVR6&=Ze`1{X%NQ0r`3C6FxTzESnLLlw~upLlPo9|-R(+qk$bio9L8 zY}g%ynF&Xrt3m3^E(McoF?q#Oe7Yk^(nD9f?(iOn8or@J7X&*SxTt}iSe`k1~(-+bkp$( zb1;hU<_l@KS0EC&XH6vwamO{laGoB4bUy{6h*nz6fw1#nTtz)ZB=Z-|u$7Sce0lfo zJG8z)-+TNQ-QeWEkN$5`0P*zhJ8&RI-@X67_dlY5|J`>Fv*+)4NZx&S_ics`>wi}Z z{fR4){J6y#73s)Zw9WJCz`}JaIERDizy@vn$&qI8W7vnA9x^laN>3E2X%vbz&{qei+ zZkNk<-*LhmJ5zsmH$s1xTfA~Nx_y2CqvD<)mA?;eZ_z%=|BKL#|2tOh-P`>7Z*ZCa z0Du0%UGDrZekFf9cQ5?6?sfkkzSsWxAMlU=1b_VJZ~o#}_}9C4H|~Z1Uj7yT?>~xv zmA`fH|Nrmb|NY#5{_9`-N?!l!UO13{y?f_B_n*3d`~Un;_{)EeKmPOo<}ZGQf4zJ6 zZ`=$2>c5hIzWa~yAKttF{6E!~-+jP;|3m!opFj8~zmlIE{1f@lyHh@#`ISHakNDZ& zoBO~2r@xYS-@7k3bszBe@4v_Y_xE`B|7Sk`um72T{$Kwyxy-x&OaCMH&ujSmcQ3zt zz+d>fzuv$6=f9F4{mXwY|9SUS|5L1=yS;aR#LxNp@7??Ut^54Hb)Wy+|5AUz_wbhd z_xsQP&v=cG_?P&@U;pY~{L1}T{`1aVM*o5T=XLBaXolqTf9pQ~xBo)lb?~3rcfWi0 zU%P+$|Nbx8=l@;jSMrX3N5R4`|33X!ynp}i{}q3+_y2e9^MB_)|Ns2ol&<(Izuy0b zAKB0U`@j4wZ~pgx`CrI?v)eD8|9^L%_xtyE?(=`=KL3CIcf5N1m4E;Lfgk<KpwzG5KNIOSf;!(h()@j z@dX4yu+W+P_cxo-U>1_u*`06xo!i@6jUeAF9r@s92^&|t8L`^4&%Y&OF+Xg9AGW|Z z@0l5Sxc~5+>lnU~9{Z_Aij{Ux7zu0jGa1$+s%KE!Q|B^R@K(?IFA_a3Kl0tccRSPZ zLt(Xk@>$@sDfw5!_X6Jw{KuIDM9r@MP3H9M{OITPL^_w{7rk8wk6*uE+Q_3i=dNWe zUVpy;zFz=e@zm&#Jng69T@k!1f`2d@MvgWo;<0`^0pCu*-;TdNzs}>Vz?zHo@0G!C zm%-mHvr^PB?#bQ<{jE`nzDHiy7dN`JE7Hl;zAh}kTY*07WDat)Ytmt#F>3b%ziK9p z>#7s@({<>#USoSTv}-Z!G6B4+8btt(|zZg!z+*)yBr) z_qf>GV}~F-T40P}Tq5!uGDX{GrNqW!Bk>%C|Ft6&P&*Znf+ox?G z+s6MFoA`@IBoJaa!G|fm@MK#4)&J*;`Fzj6ah!znZ=4l*F1}QPG5fUnETtYhjAHX})5bu_Xcx-J&)yD{{!+-u&AG7-C-Z$jWzGd)VZ&)~UUe!5& z+y8?p-<)*Vq(9{>S!hD%_iPmSFHYFLRsw-i@LnV+1>aQ$etwzqk1PW}6y?P6zxZ!t zne<;N1HZHk{{L16esY;|PAikXyG;6}K)h7{{IU%Eq%!4yw@mt#Wzs)g2A{4n>2EBP z{(EKMXOw|^W#Hc~ga5QL_CKY`SnHRdq_`wV*8@_#Go(C zU#$AUoaql7OMI?uXqdB{=_fL@Y{gaAE|@o;;hNa;1xx0mkgMh_xc1s5OXn*Dh%I1mH!`g$+wqERHoSU9x0B!wQzwpja$l+Hm!P6|sd27q47?Rc!f+Ya5nb z7hAAu(TdnrE0!)uhYVe{boq)au3It>?LnyF zlk;N>KY8t<6$@euIU2D==+#fm(X!crXp=!tvPiT^v~(Goh+N2K+PHY$70Zd=HA_E% z@)&>S>Ff*bbB>cCv}@*}%N7D75XL7Knx?WSv|trzaRu_tm~lzn`&M3m{eo+!FIlu= z(Y(cru3r#4f5!Cl-aF^CQ%*bOjPU(E;oHR1G51E`-$?x9Q$u{yf1@Nu<1CD+3-6=w zJ`x%=AyK$3i`I~)Kg2vWr9uliX^#}jb>C1xtOEZQ;7Pqbj{hr(}yM2N+ma_!oEJrl}HF?ZB-)!iX9NP8-(#)jDu% zlQAygz=@OnOF3}YZmW0TmX|ZnEC-H(3IFCg@UbB@7Q4!Uzuti_bKta1?B6N}j)4pR znjH8WLTD`3>cBk*zSem60$AQ1e zf%iG^H#_it2d);lMh-Y|NVo7W@4$}=q3{8l)g+<}jC;Kw@fxC1}Vfmb{5cR27G2R`0`*E;YC4m{z&k9XiH2mVe6UhlxE ztJ}X>4*UcQ#B;6#f0qNl%7LHgz?V7jlN|Ue2mT=k-sHefap0{E{8R_N)`8bJ@bwOS zq66=A;HNq84G#R>4t%2nr*yG@T@Jk70`cr|;Ac4SJ_mlL1Mhd>)Ya|ZfCHalfq3Q} zc&!8X9rz>%KIp*Da^OP_e6jB?!f0d@b^3LRC-@!DmVJbEt6uY zOwWqZ{sWLosq~J@2b@HB-G9aiB-uY<6n?$8C-BDbRZJA*_v3HE-|s`1A~Wch@Shl_ zs0?}}{4B#1g~3J%Kf^FZV9+Vy#~G&R3)V{bQHCkpqvOc58xQ$_ouwd{7 z04ChbFhy68m+O+ONx@nPU&t^; zQP3pe_cKfp6fBeQc??tZ1al>P7Q+-dLA``eW0;~QNJ#iy3{%7eH4;9KVTzU@F5#mX zrbr2@B>XQ7QZj%!CVQS#V}cDP%q)r7$)ls5)ytF!(^F3jf9V5n5;60OZX^;&t|wv!vDfBS!NKE z@K}b)Ducm)$oMmyU^p+~zkd&5vc{la!hd3zEHUVj@Usk)6$Tq6{0zfnfkCH)A7?np z@LCB!$}m}B&?Mo97$yr0mPvR!!(@HITnTSsm@F@-m+*O;CdC%6MOgkO{%(5qk&mXb z&!p0O2kS4M-rH04#hI~G@3zi6`RJ{}!@m^+{oF$D?ZB$*DL6Q0rcNHfBb6R{Ln`~9 zpLlB*iz1smeD?i}*q=w@7Ab%B1LTSePqE={#?MSO|6U5%_QFUMkjf6Gw)y9#Dt4wG zd11woVQH_orFn0U&3-`ZZ#w(7ehlWy!)GF+zXTmVd*|pI0jl`3)O3Fy3rwl>xv`a_ zfBPBa3k&-rGwko59bAt*1$+oiWgCZ5*_DH+W37bK`{EWhu_xP`>h5`KLR#Y=1IC@o zA$cx2nBAG$G7X)@KP20hoY>>vxo$)(l}-AobfX{hTF7>h-1qQG9(Qh($GRSQwD-#+lgDF5wtY|@nISw<*>>{f zRCZmZJT{SQr?Oke;nC9Lwaf!bUUg;}^H;Y^P1WnxO6X3hsrv4X68fgpRK2NRLR(oA zFr*9thI8fd&1Ldf(Bz#kd#!iE%uerwx{clm$(~d$Bh}{GS#2t(xa2koX1T4zb4D&R z$VWDlVv_9EggiFY%41!PJnAqm$-z{5%7psouLIs0%9T`Z)C8KTsq82Lr`j`dNuA86 z+LKktG0>abO%BwX?AHuu-~A-ycy8rjs(og^UyFI0YTm&Bd121mz%UCoGAAaCikQOy^ICk5k?( z^o1=Xg?G0RhJMitAW~^V%VLXcdQ~M*Agi5$E@VSeIqg|(OFcB6HizxM=6#)n znrWHJ&g6XJaEKc8W++RFa3YSu&YSmf9QahOE{}OOxo)5}b0vtvyM>YgDe~Ut%8eE2 zzm09pEF`>z8i>>7m2C+j}&kO`b*~+IZWLqzhQGI&jq{ewiLQCm95LSff^Ns?DkZ8J7DXGP-`WM zLL0Kl-N77$O`@I5Uxz8z=%?D(Ndvks{L3XMHWu3$+y6+(#^vgEPwbgo*Wa3HKuKPj zv{Gs$KV%b7?KBlizs5Wc4>PyPZ`dB{FK)syUJF(35ZSnS)6tM-1{7u%Y`dYIP2L&% zXqXX29H5opYMrPC3?afln)k&ax4^vzA;`hKW5Ub7StXCV8>G!ke0PtV6KTk zw2ayhk|iqf?i-db?3vh7I#Vb~Iu$_5dLVHW9A=q?J{ZR=_g`;hh=0tIvCP>O91h{! zn_Q2<-GBeTBF+9ICd4VQ5Qj!}0kvlV?M>dn$mYg7Vt)s^?T@fD!@t_wJ4puFR8^|I zZZ4jcy@^pZ%oO7+ zuboz5F1dbk@^&K<=4oU$xn8`M9l;m@+>!2?j}ZH(MntdHzrP=C zY6Wk!G(uAw9o#D2a2(K*qHQ;GIPYSLbYmPjnl&*;qZS!90=y9^Xx^X<1S#?}M%47B zS0yUE4%)JaWS$hbNndVyA{~rKH9QE^`kX@Iwh$fZI19`rPR}N*^{qCWtXH&H*yveQ zjY0N79fl5g^Z*a;CNh|w#@8I?43I#KA*>!CkpQ{1qAoxywaOlp)7hI@jK&iV;j@+R zkllYE18W~IK&iuktYX!J23H7EX3926A2Q`QvIz>gL^W#Y$w>{ACGry7jyh0iCwi=w zNwp0$eP0&hCf{33KEWs>Y7Uz3eJ`;LJ(zB+MsqpT&5hM;rDp_mV~_ufMI&QK;tYGP zafAPvQJ|{2-N0l+wh}B#UQ(klfL(kgeS>)^vV9UCst5kSts~vuG5L|4I%05a$vj_)<_X>|sgj*S&pDxIzkX4q*QNKQcG|(Mz6uJYbE^ppbse%Zcl-yv|?8XhLZYvu72gxW@ zG8iQs0tISYZsi8p8h0salFy0ZB6d?|o^;q0ku2!H3$@dXK!e!;fk-(j=9-aVxuy+F z1^Y1&BP#?`R1*x8`_Rpmc=v-Ofm#=RP2|#IAc^@YLe%hOa!5b0B8_IL0FVa`A?DOV zgr0xOa96A*!H8IDQgYC1p=T-8wd~yqf((o@Ce@WcGeMAn$xwF9JhR|jR(gmEGaVd>|ttAsG5 zRV|aGRDy9~06aTVh7Vz~CeU^%4atOKuf*4)e zwgnH4^%o^VZBgxfVfW$#629J>q^od$z}<@|4WzfK(x141b5!hC0>=4q1q_%J)xM_y zb_!F}_%F3;RYeq{nMpW;R{f%YpCl;~F`(0*lt68*{q+OJGd zqF*b&R&V^~_` zO)(mI@f1$QcVJM*p62^Fy!V^;YP|QE_ZqzSnD<(YAt@l2d>%xQ5EBcGNBkSj`+6|2 zuwD|-IALFjNpr$C=St}AW%9U_MhUDJS|hMtsGGui*@y@HcRljR^x*;fs$U-K2IL{8 z5Zq%vLbR_w1{`2tB@l%Fu3jGN=E~#FW%9VYNgnDxtlrcqp{=Y57{)<{z)+2+Zzd#k zcfCCBq|^k4RE6QlgHtcL7P2spj4-WOKOA|2R8E|N5TryHrd1Cg*^K!5vRkW=Kb757 zDUWqAc^F3?CpXw9ETcU863+p7s<-qCf;b|o%;v#L^Pt!B6pWxKv+p*kRGFP%BgOe6 zc~clQzgVfwV^Zh+C-<=tMUJfQ&uq99rC2{f9}q6KIr@Q0KTvrZsd|&U)aKZwHb);| zsrF=Ns$JZ$ASW6eaKJeR2N)|_*4Ph&V;2}V+>mvh{+IUB+StLo>Bb$Qsj*{na+ftV z`X(oLL`;nx*<_!H8O@=l#ttzxc4d>hjH$6pObyf&ni^6wIGdPHLzW{Ok=6xpe{dq2 ztrD!bgK{(bqf)^11{VQYhjQ@7ew42RIbEBZ_h0xe`a9h?fUYw(*MNT+VZ~K+e{Z`g zWAxRarw057kWA5O-oe@B`d9yNzWx7XzAXt#jrDIFk1;$d|F7oT#Hat)&$kYL_Jj4*nGPPS^saoy~^?}*Er}u-Y^#C{BHQ^;CtC5oDnKZ-EQ@{c-^Ba(?e%@Eni?v z8969!d)JfWM?5(cn5Bgte2s^4L#LM+V_EVO|7pj07!UrjJ1<9RPGk$H%=T&+jFV3>%c)GHE^1EGi%!%X#? zaA^9W5Ws_PrCk#n@qhZ|E731G|1O&=^Uut!<>*sPMGVa%yg}R4saOH`XE+rZHg2x6Y_=8f78p!)avZPYoDXWIY)Rj9BCu zfCbWz(I!vRhiD^!b}@)&r+KcIr{m!GBDUOtreL7x8U`4NaTtMK%*F(@N#NN?jH8MT zIvUC);^0sEHj1o`Fvy1;3aZK`zriVJo!`Q&`K12*Q(u z4rm-e_RdsJwiI-h*ivvNlBOGX0U>T(gEfPO=)wdobj@CRdqIHovEZ}#L5paVaqnEA z)|vgex?RN^80I61)<##B)Mgghb{uXO*>+UfMYbJSZXez@eb?KH5{{xROIH;&+l8H0P&59_hFXg{)> z4(a}6r{jm?dFDdY3r@+wlt@&oo9oy})EGDFkVw><+^FAj@`Px-&5i1hL>=!&ZHh#l z=tg}$5_N_fbyFlN(&YJ(s3~r)>5-^uZqzA}s2Oh58zWI4b)$wb{Dmejaie}2iMq*+ z+8&Aev>SDAB{EkFacU~$?}E!3YL2?BU1iP-SQ_!qMmf4-c&XUbIHeCS|SOs zkFI?dh57ARXpMOtvWfzKQLgUxbWo7s*!-faD3+68`%q*ri1l&jmC-Od;^U4-(6PHn zQd@rG;0(mbWWTJ4b;2W$(q<0$Q=WkENjI)XT(iW1kqW0RW{%*m!W`ENbNokGH1}J* z1m?J2nB%A~IV=Iy#n2)YY;f5KSuY$3jO>hs#~mXx+{nW(-x+P}S-eJB9Qu+qmjkm=CmsR^&0oI2GY zu$?WV2N4z56tV`(q`^ZlEfl8vsoJH0^(Og8qq)&sgGc*1mKH?=IsnDK>#o=Roflzq z|Eg@`bKFwLy=6uhz=)23G$m6|msJbU<-!PdggiGRH+ujgZD8Vq6Ca(v<#xkwQ`v`8 z*`K7c5A}}X#R0M2Y2z!gI}M7%wDI)$5ipL=8QIIn#|h<9k3`cS#^_q}Oz=4)d-3>G zDm!g_{l=I-br1T3lh5M7O{Umc*7cp2TRSU`v-}swfR(3E`3}%=r1IQsEE3Hgn32P7 z7}F17>$69XM-99paJI}A!G?zQ?_0Ib= z=e^c>KgoHIJMTw0?_8L-<#UzAz7IO@d!6?I=Y5y+-s8M~*LmOIyx-xxuXWxz+iks^ zb@qL+^FG&kzu0+C={tU70T+0YSKc|v?fZD=eVp@tDBgujn}k?k5@I1f;eO;|dSoVB z@EtS^Kyb1nagmpy$3w%3iuBOQUW@Dmvk9h`NN`@51A9eRl}K=`n_!lgVSl<+WJDb& z(WiSx$h5K5P4!kE877t;xR@=0&C61Hi{_1+hI0BuV?i41MY zr^0PKwtZ$Nt1tU-!w!gHEARLUZ*xyJ`FzlPh}Hs>@<^eZVGAhPO~F9vmmx|7a=R-~ z+7qIrITfWnZOJ{z(3bpVF-m!Zl5P!Vg%D6acGtq8G|F3jwzk;;R(fkpo3#RnWp`w^ zW4dFMF*#zvX1qsB9O1RQiPxC~W@D;dcb3f8xpANfH{WbqFodw}Co_bKR82U98lL2> zL6%t1H_8z1fqV9eQa$^4$)0_@E%|tB@`<+O6ECl4&He&3wYY~g<{5CwXv}DDwK1Zj zqah9ZIz)IhId)yTUG^@tJZv=hzloEseuEoV)YX5o1;5;`o{fxZTON>ze^IKd2TFGJ zKwEO4HTjFSDIE7c>rOZLd_w&d>ClYKYN)yVx&gCz(Fg$4wq)`CJ(~@0$mi* z36odwO}u9t03SIDLpyM|E*HQ_pO*rggi zJ}tHF*CV-}!EK+YOLoCP*IboCKk@t^RY;f=JN<#*dJOpf+pDUiXtp4in06oLN9=Qd z{hO4KXHC6HA0YM|SAYUK8q5&DjAAW0S%?};HB3*WvPZzX3Gt`3*Rlb*sfp}%oaM+~ zkbrpBtu%30W7qvu+<7nk64kpqQ5{Qz#TxV0L~MbKiOQuC>23S7sYIBr<9HKgaT8xA zy#?5W00gCLYR!f|1bP#-$e`Wewk9{K&q&2+D|<)vne;FuX$_06A0F`&|MRf%wi1Im z19d}TKohfckT3UE&leOT<2qM5aQfvK^i;zi?chSiP$#rHC(Vc+@~jsQ67^tY&6}p8 z7}5@l$)+xsKw{S9Q4^YQ5Z=4x0!fSnO{ZhS}2m#F`-!^0vcRYD@nH zbwBtEO}5^qD#VaBEQ!#S0mq1?4%7}JZJ0i*h&t+}aZ_g*>X=oUI*dIh_B%J+WmoRw z>5OdM9y5*TOJ>$(G`=;e)@1d=m zOYWKY=+tcg)caWA#7AdjduL>K&d6>zHZKJ8aGUo4_VzS50%~C_Cy-CgePiukghf?@ z)2S>I2=yjtCzuBHNP{xEpoq98wvaHLfN8Oo&H2?Aoj# zA)&P_la!fDqT?)<%y!wXen&Hqeg~im2wgxiUxkXxm$k8K zXpi+WV2^?hYljz?$3Jm)7WfeWIl}%4jAkIPT&h+Q)glp1W!hVQF8LhZvdQNNw8q?laqVBHT025BzooxKZjE>S^{Y}X+6I>e)SlqdOgTk`3!!nou?h1=z&xWeF0 z)Dt#e8=4-P5N?1O@_AFEAkqvp@b0z04<*^2$RDUD@XL5fm_#9ripGQ2QElPVu zJ6SOibM=W-_v^o^a@lOA9Q5z`3pyp+>z{LoQSi94!FCSB`$;GporY;_$?FI(AvVBh zw%A8;Av(4-x!)2rwIC^@4P&|A+nls6$WZlh{hczOt@>DEcv^(z&N)OUR8G_g&I+uL z*7c|T!@XP0RPUz)v--<)U#CHE-kZ~~9g5PMtT?GFb zH3q-O4>aGQZZcrWatGrcW89+>M@qaMk?17m7t$17gxFZ{EtAIf1q=k35OJ@C_C>Ur zsfv*KsH)~tE_03bI&{_-M;vAkaur7aC&8i`zk$5HP4L0w_~CCvr62Nlp=IDQg9XYt zPEaeR9BjDizS<=l)xX~?iP1sSM5Kd01@a6wk1B2+h-I>uxmDn(KPmMCVL5SnM%Wur zySjQ1f@&7WuXYh0O+6CQQy^Ht8kCJ#!pEYj+Z5KIKKZ9j0XUO@Gqc((4%ceH(KWU+ z(_OTf05}%E9BfMAZt?zXxxuv9UkOD~mOEsCyXYeZinIg-#dOyOg&Z#sQ^s2v2+NSe zIQ|UuSP-eHRH`#U0xY<vi&!1%!Y^s39@d@($Rq0wIE?h%5H3Edz?V_S;Y z0O>p|T=d?;B50LBsq3*JHti^Zo>c_J4o8%r+#Vye>S%h4HjW}|Otoe}Z)qmU7BXGb9;;o45MH}2^MRmc2%)`L(U(8Wi( zI*4U%<$!58wMwDIoHelV0Z)u7S8^E8y+z-J#>wiX&WAa z;a%)yK0Z8Rv~ax-4U0&PJ`mSKE^xgP><|%$IU@VB$AEy3mcq@{lap{;K5wV*X0Uvb zvid^-z`pBd(ZaQUh(VXQVi{b*KF5XwYoCjK@p=$MfqiDRjdY~cf<;WXK~jq@^wZ=m zalwian6l_E@3QcJOvrPw@Lwty1UfIjpu)&AQQgP88PG@+1rBic@3^gRFOn5ZT~d%W z!_PNp7S9!f6wX7_E-yP*27L<1Tyn2#m%H*E>Ze)HEHi8Lyrr@-YO95*IgV2kdT^?_ zaj@xM*T=kDg*i1h`VzWjsiLk~MV!obA-P!UzWOVt0faH1l&bVv&N0!&J`Bsdjq~E{ zE>)8Juj=|4n6dZ>LjBRILSugEXxiyjag6#DQ$<1U3ttLZTtSc8wa4gDAV8r>e=K#e zG%td3^gs6BU~h6C5@F1IeeC6fLmH{(crWuYWn2!Nll&cC=7Ql7I>~Dhq4Y1swbC}h zMJw=C>T6gDNKC+DZb$`Uw2aKAz($KODQMN854Nf}0Va}R`Y6eE=awg;Ju>JIJ!f=e zCEqAFw~c&J3cVHw{+%W|3hrdDC6D%E3Yj~4{PfTfUI$OonZABS75@#+P%S{{CuANR zz2IExW_%mgIdC)^Icb|nqfETX$02<#xo=y3lshfG&12F*O+{Zexi9#2sS@XTtL;3G zP|QMa&8bKat?3A_eM0%N=T-Ejd&aW(n@bgsrGS#fzwad$KQ$~~xHni=_aUf9`11q^ zKtuk)=>STX$xm}5&g@meHOaK-6yb6(M}CEgg%K6g*$*nY`=^-vppeo-ZQ-un`mGEQ;C+AoM;ye z6i>7@xZfm1?x01%n7=!vLqHnM+=QBkdKTL7UC3p!I62$zHiB57h6rNV^7OFR0v3xY@pV;o_ z-9l5Ri(YBTb)3n?*?a4e2+;52$xSFSkDm{if+`Fg@ZDqhz9nHbx+8ELt+0L;m6sQ# zn)g)#H_A-21dwW%n+b7hzZvEDmwXMBq7MFdN*z>-=rD)uHikz*PXdRI1^RbWc;DSyP(AQniTLko=3pzwVLoVpgA)p2qbew>4E{LCYNp)>@LEPGt z>Uz=z1p*qi)j@)+E!Fi-7bF+>bk(__jgqR(1#xRYs_U~Zs7*jWa6$Y;Q>yD}7c^f$ zl<^M?e?5pw9?si3@5H(Cseh8Ufwof-V!#!!Agapsr_K5LK2`*HJwVs>cfGJQpN( zP1na95O`D`Eb(}zRSpJ8G|=6|@D{uA9J_HB-VKo}B@RoKF~uQO0;vqwE4QqPExh>| z?dy2q1Jt7Y%U{|&n2pS5 zf(Wevb{Gw9vk(J?IQz8{{WJ7 zoUNILZAefQVM0)iNo{%kHl2F@p1)!|?GEwVOy*Rst55sgXn@P&xtV+Xxi1_B9l~tV zw8jG!@&;@uV0fhJ?5euw3=j^Ek*Qj$={k8i)u_b4j@jwA_ld6{k79=cYG+0zg~4*g z8AxY#h^QCJ(sS{C2HrOL^0b$SiNk?6G(Rl(aWE)t)5AGF0-a^l`;*(nD)Td@MCO0c7(nmbNvkfX$j zlFP@Zc&wzJCp%_AN<8~j;dlduwTB=p2ocrtNEuNqZ5^c)M5Ph3F-sxZM|R#{YYoIBD(xl7QqN!xFT01D8laaT3 zYg6mdZfcybZa-d~^vj^N3}^%?#l?{NQHAdkDDA)1%NR8iXUw`twpEa+-mPx)s#y;H zJ3rKdx<3q%xO6Z4y?AiY3vjI1JM-*)iB*`dSkVcoZ-^J8@M=XfpKHSTtZV(Dy2s*D zTRM!<Z~4l2nxm! zA?vCtf9%m?W9gpJGH{^bQ4^~5HfLUc#tR>0-elN4p;q|GZfb>LWAifAs58U@)e@2e zJ7aOwFt9UGF@aCa9&|`Ba_6YZ$xe6#!jjI!S0K!4P;2i9#c){_wj?6&v!nfGxIP=e ze5$Z_K<_|A@qp^RhxVPt_S>D_H556ik#Z>_6IN>mZb0Fl4sK(Le%~RkuxS#(`~{gT|<=2Nit#$Y>YQR`x`F`$PVBeqp@wfhrkT z{jLSRG8KDqiD`58~XY(_E0l6?(Ij^;s2;7Qi>sCp_BY`Ne&#wxo7 z>;z;w@)9FzDM0&b6J~nXrH{TbgWL z3s9F7`~2<_B!KN3J*K3>{Ng-1$IFx9T<=Y;!M7enw{-7A39~U?}WD;J4SdW6|U%H}V8+N^1H!S||a-W^cY0TG2u;Efu=FTbh4YZdTLqWeO%Psre!mSB6YSe z*Dg=_F| zt*G`o%q$oj zn`b^Xv1igF7JLFyEBHwlOq)H2?>KC(tAcvTFSoFiHu()HqrH*~Rd-l4Z`2@`d^aIC z5!OAP*lh6?0RZQAY{1!pboOErbM+6ddmY)>lUsSa|54t1pwCZALh7gUU>ne%Ka5~OS2|9RDAtv5YNz{$;dUd{lccd%z8+PmYWHnKsxGAJG73kF_!AN4 z;X(ZzQ&(FR67)ka1P%WrmEH+KdET)p^gd#4)FEY9P z&5Nh8$SRLQe;+LgBmK=3(%)AxM|vwCw!eP|ibf$4qx~)AaTcg2I@G^6q6ou7gY&gB zI)UALw0qHy(DKJu;no}Z)&y_`h*zs+%(98;g@^R3R5N>^gdZ>6(9nK4@q&39PVZIP z!`j+td{(|)1e6oZRA~2jX-K5qOd;(~F==`$AGY29MbCs;q1JXwd2Bc8j-|H}Cvfhm zf{C`l4r@DGRBmMLH#f{@I)eXT-60LQt)DD4>Ccfs2OI|)#7STS!f|8+aSK14_)<7d z)z?&Mw1*djAwFE#_a zl~Mk;&%mE!4^?3X_G=5>8CWA@n~_I>67|xU2qiLwP+~1}q_^^6De-D4HzP4hiBjH+ z%s>)p@Hi>8aXq9)9B&ZPt=kKv=CT`ecbAo|cleXJ;u6Z%T-|!)gQoMKDmqlp9rjd$ z*T>n8oPI&F(DF`TQN-(+P+DHi9OrW#|wfg15Pnot#cDNi2$>v%=_XD1QiERcf@eAF%$J z8tZ>CH}u=j=c%5lg`u129=Cg?QFAPqDzgzWIZoF+%Fc6Z{8Km|^i+BXYDm4(9*@%N zmeq3$0JZ=1!an3RN9l{oz#g;Tqb4m7OP%Ax0QPgy^o92X8z-UUJ!N)F4g_n%G+5E4 z%AvWjFY>6O40a3TKtM}WlVQ=dkO!L`i}TohjRQfrT@0dMjhQ;!WM#TAcn^RDN`Oz* z-Pbt4&&$y(L*K63bHQlPnIeMyjP$^{$%21`Xrgm}WMae4-BL&n%Wv3tpf9fv^P?}R z25MF4OWGAzCkMtxdNOR`>kupE+STw`*cP4);7e}Tbq8!$SP^tzt!RW)^gM#fE~G1= zkC4dxRJIZolZL(Y8AxF^ybah5Z)k?u@HP?7wM5 zV#`M!P+{$VMe^G(s#J#MHkxupvjn}>G8_HGoT@@V@4`GFt2Hc(&QUrabx^}{&KQQD zvzSu_BOe|8UM)NC|MdhgL@-};QXe`=J;CK_peoAM`kz8SF*F6!BWG+5ev4FJX^_Zr z;5w;>X)p?Ml_HjDI4cFh&!Ne7hU=gjuViaNMC^g#f}yR5>qzkXB%Bz9&if}NyKN6yf}rsHA-dh|3KU37*H zEv?I&Gjy;2t|5VmPr=!9wB#UmNFX?D2@|aC)Uk(Q&}VJIDY&~XFq(HCY`T%*IXx{x z%G)yD*74&fk$j|z44}#7{6oFWsfs4^ zxjtZmy4H8Ljm)j8*A=!qN7xm%NUcI~TRv%PeKTuS>P+_K5|^iYo=^J~-mOe#M$Yt@ zu)Qtcwi%zq{r7sZ6Db|xA(>3h7ols=B|Y{Ddh9W0&HBnR`s=eRpOgD9^;>L|aZFsi zYXSgv^L}H{gC(-BXwH${;A%`}vb!eghH!C)oMew|Et|f@Ua%V8pE2zqFVMhxHhBow zwG(_suFQNxma3T`XJ`T+?xMAATGoSxfUFJI#EBp72_{VYGQDG2sr?4HF0_6cZtaGr zuWlFAJNWo!;!^_Hf-;!nMwH}$`1KkG;MBu*ltJUrYn}P4*1BhKd>t6U$K3*3fISDc z9lh2jspuga3~ph2T=B(qJe?IFE`FvIdqlF^b9H;C;Wh#szE9$IyJ_C$K5+71)Y+r+=L?e@c~VpFX%5KKk|MK0|Df$@2^OH9KORa zkNG&gL!O}>P>>&g#^?a%YLO+S$lgaHQiS?#iPG*ir4_Iw(=N~I&#*&7R^Qcw5XLc% zU!a7Hcr^7$hzkV5@L4e#KH|f9Q^blL-8_M>N{^H}z_i!;tXMix4 ze#46Gd1pPVym1fvjCaYfZvIg+8_vvA$aj%%ohR@lnJW$sJFFI;CqCBXL0{V{Ubjg{ zRI8{%6^2i-9xCE!G3p7qR?$cqX$-Us*D8E#&*fhUs}Grr`^^;N*#wdM;kmrVimVEDg1Yb5C(iWT>!Wy;kx-l^;9QHqb8?0jpl=rVca&m%uoYzNl|EUtTh z!m-46vnHQ25)Sj{1?lyLg7W^q{7`)W?MG@61Adj0^cqP@qCLptcYj9lL<~yfZvPXo zNW~83EJ@X3Z`0(ud~5PYUgodb^#F67I29-Tq1PnI`>UBGy&FlIu~2}~@Y>&xfKlfA z3)hnL<64r3^h?IPxTF6t24#@D;>f_y!|?LZhuV@4nfp0*1hmo3krtH1wSbKksD?Uz zYw`iF<9!mJ*W878D*6)7F`w9T9|@SBj8AUYE67*`Pq?tY?QO~JNZXctz}CuZ{vj&4 z{`8}^7>yMkL%cl%qDBVoYqGUpU`rHAHw9XxAp$z0gVL5|P`J9N5- zd?_S^*G(zV%zUc`htpPv%B)5guDy{Vbg#V;K+&}~CXu=J1}!W!7-Qe?XsY57vrH~2 zQB_&@Q~^3v6$8(*dFIqiXR-Q!~l+bNaQfm1SH^L4=^I6{OM z2^k|f8Q07@7pmxX2rx**;wpm4Q>(q3l^bDC@C)~$X|(4;dZ)xG(7P_^^<%~Ti-42R zy_VaVB90$YdB-hy2`(Ur^MxR}7|#&4*RfEd^3fxN%wW!L{<3>o@R@To$gaGgXP>d2DK%m6-EtlY{c)+}qPzPi1fWO^j-duC0WtE=RHBRbkla-~Ks>DQjTPJA^T^I+JRb zMY2?bVCnyId8AiP0XBL@LObd#S(PQUEyLfi?X)@+Nt{qN-PCcN07(N8%ypSmYj4=Z zXk3=44M;GM-pU7t{6uMh)kGu%)kfo0-M-#w5pO)UD>d2=W+dRImTt+l%Ygg@3uD<$ zG9V2P%IeqwN8^t#$bel%v>K!YdU6WcDQ^Cs!-Q53!%PwV6v59~2S4q8?Q752~!t~Y*@Yr%{Y5)gt{sZKy0r+JLF*tg& zK8(S+n_L*cxAksBfa99VZK@|i?dzuC;n!1)$Z|!qu45pX*Dm~ZDyp0;QOZwsp#zoB zJKZ&}WGs-Qp)6*C&0B?(TKLcL=5_o5zg+`P_CkWcNP?d*!B8PV$5yu@{rn<*n zqaEj8aPb?|@AY{kaa%z3c480bP7^aTOfZwmZJRV0--h9v<_;wdb}dOMnT z{PFXAKbtj7@n$qd%;kyQ5aaAfq?~mSYeoYAJR8)II5+% z&#(vWRIZ4Ca-0)2hCC;XQC4%f#*o>BG5ewYdmVoT2n8$~>BP{H?{)lAV{UR|_P?Dm z4`|GxaVO7V40L=|W0tuwYmQ~i8jXpa8;~b5j7#95%VFa@FBy>=fnQC_2fhJgAkgZ4X_n9Z z-wN5MSU$dg%w0lU+y%#bJD>7eR${~?c#Z@Y+Tf`Y9zb7)FVNh4n@$nL7X5(@E10CiUc2$Aja@} zz(OEhfFRt1u(#S8<3h5G?)aQWE7gY4q+5x;UZa(C!)Ow(M1Mr1V?w22^il*RdWuFX zd56&?aEU%fqm{tqOXb2>=wFKM*S zh%lOSLZWZhXq^^ew7M|RYYis1%#ARbvqN%E(`cO_VYE6pkb456C-$Ievyp1I(-P!3e1<1jxV2i~S{kOTAya}@CK+G*o-O~sE~%Uciv&l5hc2o8aP z!7~~tukj^&Ls2RT9%K|}loVy6R1|!RQJhVT>gdEvK&N%Caj&CqK0V#&n@xxc5hRyT zWpfeUWR**mO{acUGpB1d)iG(ubcv4Xq*LwkSVW;uAm84sZ;)>hKD`sh*#D^Eelw1( z3K5Et!R^2+VGctHuzY%t*RmAM$?|Cg=h`6nG=di(7shin-98Atv33D3g7 zhmqjwh#bYp9%Ppx4yQQBU*h*xAU-64Fkbm8^3$`pvEn|Vgu11Ts z#IoBU0RAQ=XLzqj*Z`{X8!IM0_?KDm-%F?Qw!=1&(~}u5;Wm5H_)ENU$1PR=i4hXlzfkd2XE$87yPYIZBmC~0cx=;P9hwvA0m6;H#o-Tk> zXFLke2~zX}vww^qn6K~y&luelOkh7XNF?qTZc0`38srbX(~FJNO!8~yz;ODI5{$|6 zGFN%lvF{GT-0A;PWKQZ3ocL)w1nI5peoW4rUcKHun-@-qW1y5>{{&0|mmKc8t$+(V zd%m}t_X6l3h!0vkzXk8P1Yd&p{F0j;w~^ewX1(Vto8UTUUH+FZC#oS8UWAH;3fFCUod3F&`YF0B38> z{XVm;NAdY@6Om$%w`F$klD=T+k^0lgbRe(U{Sc_3H%k0e z;RNNnf|;O&=Rt@3pE^}1e6hq-ZR)VoBe+Ob zMAd!Q(9QvXli#M{D!3J}i zSe0M-(=oDwhl$Uf@02yA&a=zilHd&?X&Nuyp&&9`p$RYEKS2X{gZ0L3N_d0y#?6&@ z3%z*zV3a+mu+WRQ4_>@Y3WJ|TjkM-I*WnG? zfvAQpi#5=LR#=OD-_IH7xKLxL?}ssekr-b8i~^|VhcW8#ew5Zsy0f;j;Cylt-jCe zn2nIJ)%Q8J`Wa^#Tm5Xrvn_ad?FC!?cxHPq$~U%pp%S&#dE*7LsjZH_vvyb^o!aV8 zA}TEY7^bVik0AXnynvWN*7xD9fMaNV-8RYK_&H4p!d|0qAoh&DVJdt|-!K(Ej<>L~ zLR+|eRVY3*u1>SXpXFww6^Sx*>cp9o&f#1mIxjS+hH4ctdpi*NA|@X=6J-hGk1&iW z-f0qd_gdQf+^}DCS-5$@SP|x~LY$PCkIdjqJuC#zE_sH&VWXfQr(ZwVnSA)TAjyQq z3EmkdcxUi-NdQ?%%~1B#|D595a=(9!2KriyUDn6OBcqk@#7Scw+?Pa8fs6b*{hil2 z`pEZ@pY`kg`0$YzurY^A4|>yB_g$3c<+n<5`@C(&>4F9}%>*Ks#cJyJ4{e3aN$zfL z+^rTKMt zYYqvC%9F4QQOYYOAS&DyCZ(;JE+AmUePJwr&3gcWd5)7b4|50qn-SCjHCy90GL>_H zT6Ixw8v9~f@{6GjpP+Vw?@INIo}9#2eLpIt;;>T%w--VuGUvndsfLvpUsZ5$`&hbh z1IAZ14Ku#K{-mqgG`ijVV=#Llw*gyR^4M?$dxPW!?BzsW9=9N>7PE4XQDMj+K{%)t zUqFHKg6)6zu7&23++)9mrES%XP_muo6>cKK9t~@+q~b4eDP_evqp*}Pcq-wSqZ{ka zaA!C_Fg#oy;EqP}+0JmffW6lEfA;Kr}QDlIX%SJS9#t4a3+Feyn1x@i>n5 zR2bH?el0&S0G>m-i#g3cY?La!(B)H{p_)z*Z6_@3s;~suI@tGpw1gW6F_Z40`mkhEP5=@9SX#yT1;OIXSN> z%6Vb`jbgJ&wg9!Spi7Yo1$m`1RY1>e_yI(O_6pR zYhG|~*rd%r!2UiX^8UQc6?w%~kxPJ<66{*N=OH8rwdP5Klz_5#smx|SYt1WWO2)M2 zg?>MSsdLcudk=+!&~GqTw+w0>;g&&cwUc?ushq|3TitENU8@={?@f_n5|;RO67U zlNB6vXFT^A=?oMSZgd|PHq#T|y@9*VaSzlJdf}5qwOm<<;!0(_HFF8Gw9xQno#uMgQXTwwP5ZPGZ+IAl22VJ}Cjd1Rk1AedG}r2Awjwb{ zvo*w8-`Nt2bAb|bb$!fsw%jTE;y1jD<+7#Eo)kQb2aT*zctfS3i{MvaaYpYcP{>T7 z5VAlZ!r?AZh(xt;H<^i|5daDi_-cnj2*1g|*EkeH`0)mA@7LAwo+7*0Sx}o47om#i zfEQ-4P)akXCyB}V0RS0R?9VF~%wVpE^#aR`#PYbZfJWC`+>F~Kw3(m#pP zN#qz_7{*V)#iTc_oyl5PK+_*as~3>)(k1z#M3vx+0x!WA1zv(LYB>>FRldlGwhVtm z`n=S#HzWU|JW@#S)ZwHzm*f3PNG}18ffk?+x2OTjjaDE%t;Hq1$-_xc67e&px;tH& zpDZm}DL&HfTYoK>-#fbla0gdhZAx6o{X62Y%%oXU7{OSflMFNfg#1wG}J4fv6gS;p8Xv1+B2FC-zp^2 zuU$(r`?c#q|I^SUY$u>2^qei$8Mq=s6U)DCkr&&UeC)X3g9b}u9B4``ID{#$)RfN3 z17($%EtgZ3uyS}Tsx-u4-4*Z?+m#0#zn9A}B3_Ca^BgaQ99Tn7sM#YLDt$Y=mgoqW z^ZK2jVSfKT*6+V3^!x8A_WSQ?P2O+({vQMC#_x}u>i6F>%WHG0D*i7oUxV zo)CDrFXBtq`?T1S4H-yHHnGd6`k@+Cja)t}8uc(`kZy_}~4Ya~nuWf|gwFtuUciL^6jQ|UGZ|B`;~KoU2jvSB zTIYHlQ^)d}+Oh$i>!(Q+s%1eoN-llq(4{;~$CHpo7~n^sRET9SJoW7P^g7Zh7dql2 z*Ynu>7ONmHhL8~dSJnFGUm>{=a2Cxl9o6%uiMs!e8vSeL7GJskb=<25cR&1M!|zKe zDUZzMeH?BpmgJU(aE`u4V?V;EZ;?j2@~EPL^61HzAdenHe<5Wld9;f+LRopl&3Z3W z9{u1lM;`r6R6;9{sxScTHQNCC;N+r9Z}Xv}V~Z{YJ;<_RuP)i}Vns-TCygZNZA_dtjo7yuJ~HRM3%rtsED4#7*213dL*1|Q1KS1@r( z4jvafGFwcahjXCD0L)ldJ35&vTbzwvLD~Ax8-<4z1l?;iiMC?1_^@UKpHw3=MbtE%86VT4q)VZlzk;!hxB}J5XS-+%0vAm-&>=N7NtbBhC>&C|3DXryZk9zN71u-+J~V)Yc8Ta;0nw3HhH52nHb zH3a7t3?4fHK=K0|K2S;1l+pe7&SaMzrB#Jv8nVaW5g@16p8{dERyDIMBfL5UGsh*E z*oXxL=z;$TNfc!X@z`frUI6C zuvc9YWoh#;m9S<+xX;y&NNL(Lo+GIR{iUXA+-sSkO>*Eb{!ycG!}7>#Pv*}>aBzUW z;--V6qOO&FAl-=%`sYK>I7s4W2?s^|n(?I*zox{Oskl;^FNDaV149vJ7>q5720AlQ zNuu;jw0!5|xYG=+DHL9!Ds--lv5N558Q0}sF!F{oMrjOXDfh!krA3-GoJCjaJ%Y;dJ_wJ8H$?u$bks;3AVi*gtkV3D9`RUvmNX!#}@5 z0XOXvwgBV%6!dR0gJD(LNWY!|8+Mf(M6>|%a)=H9GqeS+Ezy0HQYp->=2E~LLh845NR zbWtLJ_sVjjsO?5ZRN%<9HUXs=*bC8X?Jq$o;u6eohqBqr3(pRZ*|vYuw4dARyv?I3 zsSLDyC;~jRzcX z&GKcXPe$QNw-(yBs25FKRi)2FJ#HPW^4mT=3Z677=FoOb0qm(@9)8tl;uiY>i-{?u zHe|a~ycT1iq7uh&Eo#bGi&qW^q*skYt#&&~Bpc@0gb-(295)i48ls74d@m47; z7-!$IPgjle7naJ%WyFH6V2%;!Hu9S2`IF{-bJAS$&p9fPqo9V(U4CAeQPHD}28xQ^Tjs;>(U4h4;51J*N zdVCh33)JHyh3FRwurex1usZrJ7A1F6S>Ry?DDzugL7EkpSxE9W`PH-4nGMJve1Vm) zzR9K%Y6Z9`R4S2+HZu20JtPwK7nMjzzfr46NM*|I5N~IzTQm2tgf(0nGv%5KL?xn4 zel>TSl;Pl)6D+A)z?&@n)F!{7CxIW}&>n#vR}kFp{6WOIsG2lXm~ckXJ01~Y_vi}Z zpM`t6dfyGJ4A)6-<)DUpJEdVbj!IfJ$5Htz*An*N#qRACVEa~rWN#<)`JaUUW~647 z-{!4Mb`nOxTP+f`LBKm(Ml+vcE-E`uV(46$fy9{bzZHPc9FykOu^?zhwb!YmB49pnU$;TE%Ep5$s17h4RBCg;){ z^y7lxTw5%zZ z3y(@#=nq4}({MOOO(J>)#8->2_=q|1zl-=}RF&7DtFA;>x!igxs4K#)4+FsPYOjME znlu3IfD_&2&K++BAZTC#E+?j*S>VH7$A3wJe1TOL5~$yPw+lG88<2zNB8zh13(yyP8SX(Z zioh43lU`=&@CbYXy3Whc*JZg6FtDF&KBVx;W`h^_M|vB;cp6;AX>o{tve`i%jViE{ zLI3D^LL|`y5JUw{*nYBk`}?9xHG_T(+eRGZtc*qt@$j?EPQe8mf;x#sGh}iwBWg;) zF~KxFe7;keV9R}Wso)P^AoB2r--0db@^bc5cq!agZ&&=g>39;q&kfjR73>FNA69?8 zmw9FwoI^d+%RD$d0z-YCm)STx0z*B+%Y1ft1crLLm$`9x1cv&(UWV5uIKBDm5A{U& z&4#tQ32Zr6x1~ zy-$!F!tYdsR1nVmn-?1rwyhgLa_Cw3Z(TOi!t)*VG+xmsgQ$#sdX z_F(dVfaxM|vXEoLPfi**Fs4G)Bv_OWWdh()~oEos7A}d>*iq ziY@0DRS*)URuK{ai;xhQ2#HZDBplQtLSo4OtIW9~^|!z|kkJZ>I}=gPG2}n-;R5G) z&29cAWdG=d;^}3Z#_5Ika?@+b|DB3Mo1Uv>{U}f=^JT7hh4k$dpetS^9!rH%6<11< zJHm7)dmTj+3!cjFc^zlyh$}V)cP7FzO>xcJ_q^4S*{<%)@3ker7tTJjb`xU9Pkivy z&5i(@aeRA%O-Kl zn9M+3S`JoW4uU)6kt!BsB`ww>MoQro*plyiH_J&h9zIs+d_1|EMyfRj-ofx!qH42u ztqWCmVRD@;#f3W-2DuJl5cy4QF(Q8$CEe78k_QcCL7yIp-HIVES{6^?yLJ9s-zZar zr(N<$%><~wF3+7xniD%WIrI9Rb$~4Eo1}* z&hi?q{D0%|SIEImoNWs*t_-^AibiCcxWx+m+%!&m4s+%#jYrr_qSqAwx}bVnI4!vX zH=kSFt(HF2eHm-qGRcsIKOI|Y9d2jE)5y}|3E(2}H1fs7(=42Mv4a_!6D7sd3z)(5 zWULt@odS2t6dX4xASX__>y#crs}9Q%`7h&dJarc_l^y^+*2$1->XZ=0j4bM7-pb9H ziXcWJnxNZ$M*_)^(H2>BCSE2#iBHE=6rw06`h6js$_RP;ae8lv8baGWNslC zGLh@t`Fj!)09AKF$)pXJzz-N1oCrUq?M@}9;bIE1Y;%#4sA6h!TXHkSR1T|d9aGzUa`VvZ>TZ+PZXpd7_OdTr!Uf+!9`Kp0fp(%3aV= z36If>Z5X`+DRsl>r}3tKC~g>SVF?!yBu*%I>*r$-q8)5>nGK`UC5nzGHtZ=)A#4Y@$U)iLBxtPg3E zp3{~6{u*ejxO_+NERh~R8VHAX@lf3oOGmEF;Ykjpg#DyF&bxS=9^XB@#|wAu=oVe4 z#|u&F>T`O$5T#DO1N8W}&mY#~nL}Qq9vA7SL->+={QeI{d%Vv-=3MqTchiGEOOJmI zzcP`U0fSWW+RrL<`!0JFVi&r-Q3hZax_vp`!Yhz=wI=U1MH*U_I*O4 z^4uO>h|<2FfGE4bRVSsbVQL>QD=vcMAC6ky`vlWC5?X z*Dmp(0&`-uUk)lD3R_vSKS|;9QuOlj>PWRiL`(H~OyRWiv7>dpRgZBG4K@it5W%G9 z2L*XQbf4;AJw}1Uv$5wi@0M!?MMpJzxmw2!4arER-tr zLkmS2M?}L>Bjm$Y3SHfR?l=#OB;+R!8;|gl4)hGl13ziOn-QG5ybc~Kbp>aEUnncN zgsEfsQmkaMM2X;Za*5!KBT5D5u42LIPX)?th|eW|fQbSLHobQ8)cM0S>Kkku|0>5@ zpuK+aG}#4iY~}N$3aa%`Bdx70-Qy~*s{LuIB4rf%mQh0ub-VLEc$aB`G5fx4umS7Z z=Kq)YP2A*A&*sj4!0xYxBLy>^uKIt#lMH47ek7Mc-H4IG0PEJYRrYcy6Q1Q|J{rc; z6uBn6WsZA00jR?lqO=HB2QOBq)?q*w@p2XmJFWkM&Ic3rQeW>YA&GyW| zur0x4F#|EhRMbuJ>t|ZVfQHa=vn7gySLb*Cn2EN$^&8gUpPJoPm+kZ4EP1t6ZMaJnL2ao#TTWT_pN8rY-4|RK47k|ec z0C#bIJCkXS!|;kPo1^Cb@H_7P({k7Bnvq-3H6z!!aYk+>q}=SD8M)aA&)kTV8_f6J z!Omk7A9cR!e$se+nY|MBE-Zv;c>H2~L|=mejs z?B(NAGw@T-Z@SM)Wv7jwyD{dU^?K=JZ0E9HaqjPJs$m7p)4YQ{@{y^RPn|vWqf_U& zhZEfMPjid?(URGiF7}h?1;azP4Zt1!w=t+A0_Utb*URMH2;(}oK4$jhkouUVA0)pu z+eef(+W}6+ZB1e^&H815xI|Do#Q&aXVrMNWJsTxDT#cG8-Yw^kOB#zFsalS;R~5~$)%Pd`k2 zF#C{hwzf0f_&J0gjmNbb1{xJsxjc@ycG}a})>MypY`fnr!0W(rT5u zAhs?s)fg<2U|pi3rWQ3;s&_2bsjV8VmEZHc?>YCLJNE_sgtc1XMLj11jsk_k1^wizH^;4mKRL2DQ9(uqmSQ7*cIb?z?5ECTq z2sf_p6+=Vk_@J+Z=eK;2v@DKr^gz3$2bP2EaCBmW0dZq5YUgY3wdoYIJ8;Lv*$EA> zi!5KBW=*=|P0ytcbt8MhFz{Zrc-LEhW~t^D+2C|FtMGugK}SM%8tPn$F20D>^(Z`| zfz@T`m&?|P=J+4@YO>$(S&aB48iAw~U&v{Xx0pTJI zf(OLci72kYJ#btzdhcX?WEJ#>+y?cF(xzt9vP13twuU(=ncZ*6Y+tlk;0^t#)*d6D z#*%bfefd;t!)Q?)#Pa1U2aN|S=0k)SE1!1XsZ>5q8DoeC)*V9T)j30l(>G=P)pw=a zp0nfLq1LFy9@@A-IJ-mr@yUt&j9nXgK)BY^q8m*i14=OpQcS+R>sE=%eL#o_euwARg8Yd_@Y@l=S$n3jiYE zW)!?)n|M-NdwfR-tZHw2ZboVcn@L%>I#wi($^^tG5j^Kp>R}b+HtU3aj zwglpd&WvWjcX2c#kfIszVH|@9q-X|05)qcVZ8QTRiDMJlvS`KzQsW)f=v=5al<3B1 zqZv3)hRz?1W(*c^Z*?=2NCVAmJsEUI{@&LvT&L2WK0kxE0M>lB_*6~dtmbhds0A9%02qr4u(o)ow}FD@^x zRPV8iv7TK&768Mpxcag7G8IR+8$Z@D@0qdgKT3bVLi0wy;GOuq482G2u$|<&Q-Be| zxSy_Q?(S20I@Q8iB{4EU=^Hz^?%QfJPreQPb(0|eT;45hUnsyJFh){F5M}`V!NWIi z&-WDuTC*}W*U;M6JK;*063X|1Oua|r#f zcQd$ICd%0Qy%Xdo4~6)GRk_RKnHG{um{$4fnAYa9(n|X$M>F-0qPnsrpUvEASHV6SX#!eySRD52jmNv!TevM(2b!C=isl}(&AoM=+^mMx zua&MlLe{KhS6?;hZL-Q*U$NEhLAAnsmA1>pni&olRJ)hHQHE-_R3=Ft=22{u8uR6I6?Han zn!y?CMuDsBZYu~^8Rc@7aq#-LLJKGxy<}{z6I%v$e@ORK)Hdfqm@;plrv(aVdi6b+ zc0srv%J%sY{U5@QK7x5~_|enSd3}%f!8HS@Epi)x@BIwbbbwjY({>6!T92|=+;A`q zgPBr*O! zjb37K0m_-@E&A~QwF-r47EX$~88f}Bn9nn1{so=wUfuO(KB@P8S(C^)3MNs;tOx6d z`2$W?Adq`Xy6t3(=apv}GYw#B7p8Mhc@ywzi|v$ka_RA8 z7K|AaqLuMNu**Kz*_UiuR(KqAEJYA(r6l`9I`(P9tpUj%PKShw&?y2dNcPZ1A=$Y| zpSv28J)UtnW}%_HkgUHhe3E?~o(q6D*Q?DMa#G@SI3ylxygI;Dl`ll0W1SgEU%he| z7(q@S*b*<{+B5C+T`dtNV9HzWN>F7A10W!N`I2Nfoszsdk$p9q0Z9%kV_`G{k{osk zUl}NA3X&W(W+6kB69K@A!a?z(5XmK?aM0>R;Rd_M3=T6KtQEU8bx)#H6uvvc7lkF* zS-(?subrYlohd}r>rEYQe*E}Q{4fE`%1|T%63Fuz;Q>DFkP(gtLmlp<PEJ3rz5IJ5R!^z9b$C`$KswDIim~10edBg=n>m>xk10<60Q1Qp&g<|2W_wt7Tl5 z3;;{cFfL!faPXpGc=ucY&V?`MA3;cHFZ}N^0a%nj*g1x7!7+vk z8pQLf&v~U=|7gkOpd{$km>LUYmg9CNKe5HXkE6WgqTWswP|xI=T|H*rk(xs|B|@js z(w9ZB{A6nnp3z`lCh42wDjNsR~3nL1R7DbPE-7NTN`%`lAi+z z=V0OPV%y0l%cUE*G0o8sl^Nb`=g5=pbCj=0tww_tG*XvFXIn}mzCWiOq`!%R-Hth# z12&T`eawtyP=tu$(`O~d7aU5+fVNbcp;lRUG^5*ZPai~+^V1XXU}qf+GI{V9j|Cy9 zq8sfNQQZVn;Jl%Rtv7x}0CsMi6#v}~3L|2U8UDr>#Kj1e6~JW2d@J z>;$OJjh)Etu&U6BQ-@VDpkf5-NMr>C4pSA$0f4zP#=BXL5A9u)zKP|M#m`HXr6U~5K38S_nngRD2gy(!@Sc!-Bti&4}NIcUEBwc19 zl11W4ngnAER*C0;0;fd~99{IbQqB=B5J)_vTZz|N9+r4TuXm`Cc(@aYoU1TLeR|=> zFdH#Q$85j?k3l+S1HoM}NXKm8sCEp}F&pC$@e)O$&PGo(1G5p2bj(KINOvr5GeSYS zwYViskY2tzr2hhl3lj)tB^K$a4NH-psSJ<~be9!&2I>(=24XBBI6##gYJOTNfyW1RcDEb%<_>Wax9$@OW>cjTcUSVS3yLqZN9*8Gbk)2dV!OJ$^XX zrN<3rY#8L%z{$t=O@Mz15#W`& z85JVH+GE#>0GllVK3HK0u!OL`+IPDcNEg_aPpkbmcWCuz>q4tdUlH8-JVy5GL90{y zpj99H)bE96&Q^P0h|%2Fh1p9Eh$GQp_tt-pIJ2VC(MQ8@z$LQ1AwowFgy_YlXb`4j z7a8Nv;rS>i0XQvD^uqID{KResL@#PQ9Ic^h&(EV7PF?vPkiFIPa_JA0vcXmy5q{juqpLBO($G${wUYXq&i}%`_(v)Z{P*fBGCBs0 z48|Xo;s~-g_E3oa*0=C2zcpt54v*EzLFZ8aVsvuQImo$3hVM=o=^W%7V+euHQKJt- z$Z`FdnG~Jey8a|hbaLbR3s1Le2yGn4Ok#=i{(qMe=ldW7Ax_K^7ExKD9CHOm9_|gQ zb&Oe~n2IrLfGL=aF(?G4pmWEd5SW5qAA>@01YA$n2MWJDWxP{XL&>OPQF!5}r6{}y z*Hc&&QW-Bi3964nVGO2LMQrg_x1ulxQ;NbqF!kjT+s`rD$lzizRsBgRrhc?VfGIHm zZ_z!c2(iTsPchZU@SH;irY%`Z_JoI|xhFir9lC4jae%mH!#k_Dba=OI9t;oiv#jta zJXMj#umIxM669D6g{X9mUrSh)@oOob9bqjY5TFkfetB!@YM>!9>R1Zd>EluqPO1n{ zC~m$hv7#c40fq5?8K5xUF9U?cARTK7D2ze6Dkw2XR|O>o>8tX~^v%G&JOyP#ATENZ zSft3}MRSwJiN zZy^0AKwJb*u}H7_S1Hmj-!wpaIgxHGs4#1aCus1(ct@i$ix}L3(t-3Cf(E4n=`jSY zNRPp-BE1hTf_P_j^!gfvFk&R*uSpX|yy5B`jr#*Xwg#+_O0ke)al7n;QrvF0Nr2l8 ziCbDtBBEFQ57k8;C;91{{W+-bK9nHXmjYIfCGy@X`F1HehDCt~R$=lHkIPlT=Gj4_n zbB*=mn~};)TR*;}$xItRzJm^+DG<56-nflrro#n-nMS(x<9|>L&vdUh3YW9VoQ8*{ zw$+)K^>BK`whDI|ctFGHfd|w^o+hnrwIgG;xVQMw2Ij{z^y>yerzKHbXV{8wGxYR( zqW_?Foz&*$_9ANGiLCL&S~y1NMx!_(V=me3_1>|%N6CO0Igk549{10f`zJ6WZ=*6U z-mQ&6bipgt4tOMetzr8X6$0z1C9dv*``U3Wm7u7>qUaAeZCfzc#H~GMo>9qYF{z9M zmiM`4Siv$~J#_@T!ggt^D=sKuhi;*4`siPyMuaxv|d<;wMNVf^Xbq8ya9`D8fAR=gQ(IqhY z8wU8JZ}+^vaP*zxBc4S+C|qsr*vj2Z>bm>Y$lz|X-{=q6=&Mk#^`z90pf0z80a`ma zc)Q1keu;~IDQ1B>L}js*(W6j2jD z1ETH+Hxc%2GgUkrX8*LH##!61j8p@h1ojE z49xD~+v_TTP0X}Jk_Af%049?Pmxe(wE*vLDtFdu`xHw#aFtKM`ZmVI4BiNShmJq}R z>>lZ6x_gCxHj0-@N3a|6KxhMWCkVfAP;P4}uW=M6487eO0IE`&F^z0hQVKwM&yq{_ ziJEnxxM9><4*68(sg&%pChD_W@FdYLl?FI-ci~}X?qmmt7iH}CHMWF>x95AC83f7o zbGlz)V-YmwLblx`-Xklk$nM7wuNJpO(ZE17W@iRr%5ptvvG4}Ad%~qa0*wM*%CA+k z#!X=gv=&;?cth?5E<}(3POsH?i_0qQ?Su%Yu*t>g+z~>#C(@ZGP;R2vR9-lr`%p+- zEc5E&E~%n98EFRyZHZHkdR)<|UZ{F@KS%XD_kKRI)=bL?PzfO0Q){A@q%eq+gyfC< zdw0zP?Qwcmy%%3cRq@33LXBogf)rE|DKRE!5Xx$E z?NV>gIgHM-`+ivyu}Q$p=3TKBcv$HzA0pvGomQq7s)8YylAT(z)s|%UK{NS@OTAxc zR=Yr!m*HUOofvw%_x1M(zki?g6=?qPF8s4{tKpU1SGrj;l8beK-5n?*L+$QJ4ulNU zQHR?G*>~&S#L2cnuwLYo+7v?E$9{Khl}PJ>Eg#tux(xK@(<^ZMP)$R9Ou;hX)= zTQVp;`5(B*b^z}A8WlRjFEE<3K`k;Ygc0S_td&a-j2V9b3utCd7 zJm<#MOrob#v*R{vI*A{C#gq(9qQ^;mRkJXOa($QJb%TVn+VZMYBV^~M zh(njQFM^*Mq8YG#u>*5XGy}FTc3_Tw1bt`M4ow0(bMTsQ_i% zN+L<9B4s@{yf%4-jf2HTZ8i0B_N5K5=!>V#FO(2)yT`zr#P zM4ZHd_o9`)4mnv#*6jX*JwfMYBYIwMafBDn|27zo@l8l=%(_*rZZPvhA#ppbFBjCKeq zfNv>J6PPIHTk&1y-7GbDdIljla(V`p<;lwm=|O^Yy1+{+w0j%0lOCddSO^I?TOfq^ zOCFACJ^w>40sP3&o(&Y6{iSU`BI-G7tlY}LDMMs{vD@4JbqvUActd3bXl-k0)`|1_ zqCBs$3~KJ+_yCRUc`~8y1|k_B2=_Q<$OJd09P|gsta*v(Co(x%L*%c#(b;H_Ni5;N zo>OdEHu>dkuATAmnzG6A*Gk#s5g!>gSqSEh&#JyjzSEUIu_!p?o(l(#TFVnl8ix+PJH=v|z89Cv+s4M@>zP=+vUYa;phS)YSX(m*f8&2*=4wPDn-fTs z(B+2m7U{3!b#i(vv-$sEJwRI90&@tqn752eCPxls7I`s z0g6?g^+Tn|FJz|2P+74UIt+0wO5Z{~?aI+QpXVYpFlqqeb_V5?Ti%G5F+AJEN-R7! z;mhbRira(Y)CJtaC+-a_b_hB0S;6OpSP2E1QVO&cHgFVyxi}Sksdxx0jE$?XN2r2Y zT9~m-Si$fTb`89SER=N^=&>Q)=DPPwXmUO2HrqQlJwb9=l!<)attoY%?+eEa>iwLQ z&-YDF-RIxTa&JVH1j6@BWS;s=d@r`nHgc8_3nA|0IUpM;h7M>~1;|lnLsS&6ID9P*bDw${L^u)ow z+KXu({^t^1j1=QNhwD#3_$FpEnHvY%?eTui1l#p8a4l^o zOQvkJkxoc3Dk(h}B*V*)49|h+E|vI;Y|22y`koMEs!&t`YU)rRvMJON&B8WI+&Rr! z%|e^)NC^ur93%RGE2uHE&F||-g<1!84VOO`>j8f z%&aJmA3lu=!OTurkpTy+T+>N-4LW{b zldzC^cKE%}s*HT9DyL><6U3tzR(``?G>V zkgt8fNbKD|7KsWC9@O<3vI|FJb;#HI+{Fomt-7UwXkXYqOTD2F8vfA>4*DJem2$i^ zcfi+-AU^ad6bX!x-IQv{Fe1EeU$?dM{MIbH$KV5z+U1JW?IFxpCsJ9#7pd>Qw0e=s z3S4)BrAJu7h*V~TMQX5er;#bbL_dWK<9IpL zqJIXRy&7&1$nF7o!IvxuYf8;GPc=g8%2W+ZTn|NH{`Ay*UlF)L>vtRbmVqQ_gXUNT zAjVFT*`cs07(>D-W9D9}s8Q#%FeK6fQ^G9_aa#}@Fx6f7MzG-ml#hE6s4$n#V>LN= zhr&0O3s;xpUijIOS^(%c1R@;Z>xSzZpr5oY==V`~ZxnU+PEXzIqwY3~2Xze`WItDd zI-^kuGR?pNF;|a+L8qZUG3Yd8G3YjA5jhHo%<$2W#u8gPAhf?f59|T}OM5~;y#R*> z<0NOlXcYaea=w@6nXR)`7@RyfrY>{jurZD&JXdg4StAc>jVBB>-CFirW91#$Ph$AF zkyDt;IVEd84zRJIwKhcV_ce0WgR@kh5D6~b47T0;`7PyAA==tGk^OCC9LCvuQ#3=J zy$#U}b@rYU%}{6W(a{Wb_U;$WP-pKBl0gG>srL_0q*XVRKQeRsj2QFOo=+kQgZuym zeCEC4FC4D*s+Gev<%fdtCPceGnB;up^eS;xI^DpOy2KF1G7w(Q=1dYX? zI|8QS!=HhvzQ^r6Vrj@4hID43eZ*4IByiI_Vi~6W;fd^EK{UwgI=~*Gtk`iM*iky} zE3iI9tYX}v+0BnkAI1&qMO|DPmz!>$*zGmryc!>hsf()s@Qiv1p?Ez?0GvHcL0K$% z$r~1C+ty5O{e>mf6Lx@PRbQ+zXVR^&*~|lxX~p6_m>^dn03ur9;tV6guGME_*6Op< zQ_uQJlD}5Z#tJcO6)jGQvNlA7kBx1(5Ij#mp zO?+1)+JJ=X^%g%V?v!5d8ScFF8UOvp17@+k%~QcgNNtx=(DWGRW=LXBmiZMcz#g`- zoqbz6W4)#p+Q1STr$5CoVGO2GkWmKtU*HBSPuGMo2!slLA${;VsO%hr3|zyBcM2@l zGc7ZSC0y8Tvs-3sf~7F7{kH9x+j{kH3<@s&7sg}>QVMJzDxd*h^}1<@DP!OKAMp*O zVAVX!YZcG`1kLDuVks|EcPg9;>W-AJL5ap)OdY3-|CnjeF1AA#g**GPWiuC#jQU}c zU6rK|Os5l#qxlQH!cXOSPjmN%dqtXn{YS__3jAh4)+K1CFi{#a75<2rk5GkAA^d_0 zVxs2_u-UJ;U^r&P=K_LDDx`cY!oNl{K>2tx?&)X-*un*g?C+u((3H+kWN(gUz>I*d zcuXWCJ*b7NpHC~OgbqQ5T2P+jGd8tUf<-f0HyOc#o6uNg!aPf3*C#aBl@jZzybDDf z?yk$2WCo0Z#6$15;d(LJh-2~ z#|Q$f24k|IqBU7YwS^U-Uhl$JKzkgSaFMA?V_L%LodF;%I~KqSrFF=ORQUk;~aa9Iqf>?V9EI_O|1lBiV zM*}(GVS_)$BKDO>OA)*E%PwNKc`>G?Qyfk^0aGBHcGGuI?+}>~pLWKi{^dtK*~j9q zF*|pD!1W?(ViX0xe;lwJJbaVSpeQ98FSku)?bKMQ&)}>^qr5x(>NzFNH%}) z@bRb^jCy>z{hd$mn{NB6;hqc1#zJ|@ZxXK6)?uJpP`2`UXKJjpw0h|)iN;ATAePab zmdG9uNhhfx<7<(ObboWa2+bLd4NF-i2e(vTnVx#Z*L2NwAO2*6BZ{aoB0dS7-VRhL zTqS-o(yNj9F_ zW_aMkt^Ye7xWyk-!6XkPuJaANNmMj8evm)mSvKZCFQ)PkEUXSGDhdU%)k@%g4)`4Q z*P2oGO<1XgdHB*O-QHXiDKuXr zM5)h){;zoM0nXyFQIoxG-v#(07~X%)=O`s|5Gc6-rF2=DQ_Lrt1S`yZv6DY4<|;)? zA0wP%df542z)qss7nuhgXGCUXB>@Oun9)}tFpnY3e|A8DHLyk+-3M^+tXJAP_UScU zULW6IN?ZH=(WNceKiHgd@5iM7BK%gK>!!Lqk-b`3k>lSb%Q-8NogB@;>bnHTMWY!I zoR=oDqoWxRoaf>?f@lT==S8@V05gi&b32DkabY6+HZm;Ek!#npV^f$qA)7+d#8_MH z#S*VQB{+9_h8_{DXQW$WEwdnu^P;zKiBAx4(*9v_OiOrl&yPU;mZiW)UPVb8H?)Zi zo&NLRiOZk{^}GYi^eFU6ACY1-PI}o?ufxtEQSB_-ckyG z1Egqx1IFL{LrhDt6#fb=bxYx2Q$Hon|6m0PRn3WO$ffWf+mfHxeGv+uMDNL9OS^}m zk=0Z94z{c7`syl{!at-x!SCvo`(i1)D{wmCisOcT!TyHBu_YX)QM{Y5^UV{uyh`6< zYz29OUbz2=j>b#3O?cQiN?+|~E>1PE4ahs$=Czr;>@=wdjw;U#WRvz&{0voaGZ@9y zEE9BBHv~kXHZ69Pj%9_`Nw(c15O5+4T3;>DFeeK;4+ma3g8qjZ+VBW_NslOOAB^F9 z(m9T{w%vF+bpQk!eG9f4qj!fw(9QxKt3$&c0>>>z#(EyJHrPLwR8 zl79eSDbKUq(!YTSrfN0V)D|1b5}j6Ta`>Xk!sIE7Oa! z(wA~nj)B6U_K;&{da_?r>aU?9$^K2Lx5Fs|no{qio9maifeV&-S01++?Jq^^Cei~B z)%18haFq#)+}dIuU?1(q5>V9X372<$Gy{AcF7Gp=8Q|-1c~cUHyGVks!{x0T7C`nL z(DhhiRj%mw9L`OoRsg9YI3M4j+K~B?qaXK5#3`H&i}5Cka2`1SfN=$HBA(54g~ z-0k>+wT4P9vlcC-(u>6=hfC&VktQXxvMGhfb%hN%^yfa}{MGo1c+44(?e^iEV?-w( z-9^vtBf-4k!zBnPBHhk+(j0JK>!o*Mr&)Tg(hZtUMuuSQ{9U6NplNJi`d+`84kGv4XMJ`+3hAx-*}*Lv!4j&reT1?>mhBfqx7BgE)6)w{>UYE`n9N zGY^CtL*1GGMr@-q&l;r%;b?fh;{qK-*GI|Y$F6;)@dKH9+74jUWrbZWNlDa1uw_;@ zt)(0J_qDzEdLmopPcy_;i|j2YvRj7|=@kJ)I(#l=(rU1H^;VCz<`-2tXa!Fy^U7b^ z1a^UW&#tM*LSpXjXj||tWl!=9p!escZeg#q@O>?&4Y` zQxuhyIxQ>?^vIE7NHk$lul*cCRyN%eJ2oI&<1wbK=)zC4nE@z{MSBZ@^&(K|PR5E8Q} zSMsSxn^KDxr#j4VsZt&31IXFr9wri1q)?L3se|DUbxP$MSW4*?w;eUt>X~?4UNR5q zIKfz#Xyj!u_=RUnXvsl}F3#6H+Q!s$>m4Ro2agRcx*S9;EHPB#?x4i4P(tU1z#hg1 zgtHRZ27DoLFO%p4t12d~G8ArLDHmAtmQ&#>rcXu?D7sGf>&VwW>J5Krv$6qt-pbO@Qq2L1?wEo3TBluU9J z>bH_qtx3?x8&O?%ny6$#fZKJ3Sjtm3NM!F&m>^M;L(P#Y+8QSd)_vml%v99n)M))akEigY61zD zDI|z-<9IO2%LfW*97KQnU;%yIG(a*vThPJLc$}6&uMHA3Vjck&Ajm)YzL>1kjudIJ z%)AuF=^&V?c^Er8Kp2mu`+QRqNSwE;$PZ2l3*otu@lZ?VrJHNIy`RB8QS{Fy#^uv>`gi=KbaSek7l!dwu5#}& z7y*6szcYFSn>k53#`YJNYr6G5vw*;@7JA2A7jiW!=JrS}kjt+Y_Vg2;i)Y6;5A0tR zw8p*dXTEN{?5cThe~1Z{dDznA<)u<)3C79Vnfj#&+N_jJ!18VU5btHZXcG0^-tv6E zvcgq^*$>e?u}AB5 zbagZ|pg1}zE8L*lk_=~L`Fia(KQ-w+_^7Dj z-Jpn3z$Q2lklP1X_W&&I%Yf1CeUw9WgDH7aP^Pl+a5RHo+b0?ilm_jBOIMias;3O~ zdRxoZO_)-~BD|z9loj15O3+r5+Z*zIqby)CMjyfakXkXdcoP@@5Y5VlAT)KV>G@!p zM_A~lk3UII?nJ5H^Z<=e%gG-ZuFR40=_i5LO#O23spIiW%DWFA8pbpiEk+pAT!G;W zFs8Y(vjxNKaMU!{{N;?}eY-lzhnvE%-!VBg;TPshk&@)Q+yiS)wY7Pp`K_P=c zd{$w!W>um}Icm+}!&sU6CS;JnG$qxf?bVG(_~IO|d9i6OpF%A#uQ6jQ6MFDpCc=7Emd0H4;1gPz*5!b+Q>Cn?bR?zvp*?p!95(f}+p zpxslYS_+?>V?~mfRe=4kdL(-+r-Di#V*vzq~dUcnw^W|Vk`BpMCVkkr1aVj`s~pdc>T#MB|)B&bF{ zbL?oC3wq=Kh_jA{Tg_Jx3ZI^~h-RvL`%frdocpakrU6JrU>cm&-sMg3s_@?kS#_(p zTyOh_#B4(Y8cJui@?N%FILI%bS#g?`=vEbD42-*#ImIL_?Ekcx#yyRKp@&7 z;AUcjieEZwsmR~9QD_yhgmy~{t&luxk7n0eTZ7DnGOf&yn z5YTT=uj5SmsW2!)!;mgohuL8qN|k1J04R8o1+qyZYs@XyhrSl7FAkE{akl_5{;LdFI8wWJ@7F33>o_w*8D!w6f@RemHqUsKkprD{VB@K z90}31USWYdgTNhbyG)*%Y5y$a^-KJi#T-;(a>ZxgdY`Sh8!Ha7rKD)dKR{Oxh!5Nk z|JlvA~G0rV7ct@Ecaq?WfJzsK#A^7o^MWgXmr8R1)NGMno0BsgUBx zQQ_sye+;Ww)>wBENm$@~SK@n~e#=ds3)8Ka z8=pG)-wwZ&0kwl3+c8{S@2ecpK?o~H=}wU2U>#(qx4{+t{6YQ^qSEg_&|fi3z!#ju z#J66xOzZd6~5f1dxuz%Y!lPh1l*D;IHktTmqH<-GQZFQGo866^9xc* zN?84rQVbSfqw#)q<)vU|NqJBM!CpS4m|sQAl(`5UShqi!I>Ho1s{RB49tK8fhE(P2 zE7)`sAy0boRVHo~?Cr-2cC~TGLll|BgW#k_oH*r`i@{nKw6&dJi}yT$;`p%LjtAYK z+EEp-s-T$q75w(^Lj{7U#*^*H`i~8p6E)P_^_=Qbw{b2tx4=2ETvyGdzaS-3KNn=w z9RN`wG^uns8vx-ydd+AV(#pJ9OZpSkc)m@b{oME+^QEiN9{nl`EooH6!CGRr+JhtI z3j%Fg$6Q-AKNT=cob8?d)q!Q|A>CP4nZMR%gDj0TnlTW{2mE&(TB zH^e*oB9d~=0yFOwSg=FzZPp*!p$kx7IWXJDsB4c(7Q;R%nV6PSL0Q0qs7G8Q(>hKP zTEmsy(-!lmch#kw#J-oTuq3(ZUlBqMMIz<@ghQSCNOVE(cWFN`?YaJ4BU52zxciM$ z0Ubt`!ia!uM^0D6gETG&c4hqb9jV*d5u8F0$UC!3jgJ{Fy{9~1zcsR%TK6>gi6cUJ znF?hRg%Qd_0-+3Mq@lK%dNOTSKHskOiY3X-OwQMX&DK@`d!DSfW1d7Jx8;->x-whu zN2zJYnA<6+%`k2;!@w*W8G>B<(^Iy>Dn4I98aa`snO{h|-cK{XynK3!6p}w)I-e%W z*){+2yUu*`FTR@^OcUszKMM!i?~Vq7#{aQKh*#o^{gE0pkNlGV!|-~5Y4N+TTM@JK zfT$krmE)&=L=+*lTT`LGNM*cx<4t}O@;4Bi*K=i1QfKO0FcoIiwqxZ@)hg(uBUu;x zZfM|d{13C#?mdb9JS#32qv zvdpj11frmxY^8dcm!LEY`(XVh1*}EPh>$@2<4rQq1sLc83{-S>MW&LiFaykEIe=Q@ z;V;H{1{q98a=hXM1MNtjWbo7CWr1FcpWlj>QQrd6Uf}KdI}xt!Qk#PHyc>jFU|d2? z6_`E#UI4r$nO5p3KuzCKfZs<|;lG$izuLVIel5bJ&+=|Smn~GufUda$ijjsA(Dlo3 z3Ie)*6;44w*KOGCovQ&|^Y&yw*R7fQTYZYGZ_n4>>LqRt0=oPzZ9vycGKHjV86W%! zl*0(6rENe0gR8AYt! zyP#bsAyAw0H3&!{1ES_6Yw0%-JuW&eLX2YKwjNSU+5^Sp@_Pcs#3>(AOxgp*H%L3Ax4rNn7_I}|2(A*BRl$tCAA@!QF#tWwf$m6F>FXR(t^J*C71{v<=7?h)2M zhH&|*{$a#$yb92*Du6a&#J>?}s18f8(NqTxtQ7YmQXJw$4%>c90W$cK)yBf@l;=79 z!!;@7C_9DbH^ASG!89?2GbQ>#d!Qe9RzEoTJm9l$4y1wwcD4~PDp>ekr$k}}3zF>5 zHRfBJ;h>1jL0^39neS20xILt2j7;p<2vlLRcTC#*Q7R=E$Ht@LI8w!mE2$S@I~^Si zlurpVsn|S7LkNl+@!av;MTpos0@&-&sX5m`AC0TZp zP_k*ocq~D}!w7@)X%BbY@q=*ad#|_rr~Z;bh|t^DvnBla&wTs{LQIB8OW0+r=8x79 z4^p*4X#t$%>3p(zcr)9St+kB-a~S z>=C$gO_QWWiMM74Q)~x^NC))lRAF`wlS)J`79|sm!W`_dRXQb5NFwKgch}eqKt-Ts-QYZkPK08h&#Oi{;X3AQ+(U<;Q`YL*3?v)v|2p=vD`>yX}?F=5zgSOW7{R>5J(R=+TY(@OK zpi4thhgjz;oZQd+kP8k!9*~mwkuR4C?q;<>D!9SpJ#D)Yh}Mg2-&5{$`rcXkre9Zh zE_TEf;+}Nd&uoQlo-^8emF9JOsf_M!x$e*Iwlk!kJ4`jb?qrYO2850_m)JJ{@T_Tb zmT5EH_M*+Z)8^^&7bntGz^U_8pjreZbf???Y-`l^Sp(I~T~4x3Rny&ewm`W&1ZDPq z1EmpTqVa+wQj6=s`T>cP=y~kTeV*6nUz3EMWab*Wh*5Y3J5o=hClWF|l-)?AU#WC* z4=&kD*+%RZr2sjAgZIBc3YH{oqg?7N0ci_z1O}aKiGW)-zDY__L+oYz z>_{y_zmTVk#-yH3G;?y$5F#LJ7U3oj&=$@(oc~9&tW*g3n<0z67X%J_Jf)sb*m1=R z!J|oWye=yIf+~?-vwj)chgaT;V0l$!>@BddXGN53Qb%o>iR@b8&^o-S{dKdnf8HWQk{vJ_43)t&^N9f|4}`R8P5RX zAw211Otp}sSXdoFcusyWlxNc#-HWXm|M3Z1K==TtNu-qbagi|c$U^&h^ zZi%G^x?5}hIq60~+y1Gxq6*l>KByRV-BhS#-}Ogh0>qC-0-iI*p4d)K;e2wc!mGQf zAZ*4zE1o#pSOnn`qnG5KLJ2fM{C1%yDh^;#M5$#_#toz_DswRR6f8T@bBS1alP8jU zJ#X3yI8h5Yk)?h}VqXOF8f@Q$5Pfd!2@}%ORx}Wj9F76zY9X<)E>+FlmB~=@Y|xhh zfC3yj>{cC zEY0xZ@rc9UGEFCU+M)*hK4t88c%gu=PgRIL2#aX+N8VuM zL-nd~-^&7&=DjT14nlMO&P%UZr(A&e-IqtJ*Q>lvIHN7E5hvKe*_IuO{bqFp-N7;5 z0GMOnWQo=(2EX2qd5-z_u=6dwqDiZnIS-ndjzot;vgmMDF)!of=?erLMfmxOG zTpw1yI{?R37&|aaP)ED6HU|g+G{z-CyePb&5|iL9^N^OKgLxeg`O39~4BdR~no(dD3d?Hj>1V29?lLnOVtr4nhp1(3@pJVU4hndV2O9)$v81KtB0z3@G!xT{nf zSY$%1QjIh_b&gUUh8jpWN;T3g(x14{I3rs~-01^x0hWeO%G%Iiww5MCGKz9L6-}H9 zyg>dhyg=@?jbruJ>n(9@2PeIZRV?ho{h?q@)YXBZ8advF&7G{%RY11R)o?$%qRoxj znhhgPe!PQ)8@7+Jx&fT=r*x!NpjYsA?@ak)&6+S$uyEj{E}0fCoS}*A3DFEaZ+J*F z11{IYLDbOS;`uNbH5sl<`8bV3<*=$3|pYr6SFqL55&M@1zxAWu;y|sQHg(8V&?bpqi`&fSYImX_TBQ8ub{n|r$|;$ zIO{(MnoZ11N*1bxYOSn5mhp)6wlU;O)@V8O7*e?7zW6hYOlJn{i~>s=C2Z`RkRPro zL5bi#sA+2)K&@GnzwWf9BXFMg>K<|HH)a`?v(JZkE+ zEY)dAN>-0))MV+jkgCxdH5=2~ES4VK4v08AY=72Bq~K(F{qobAQf;bd@N=1d>VjPQ zjRai?ZPQb2s53qFxbH~#1{92ZY6T7h@N&f&_o1l;U_@+tTX;3Rk&md!qindeIz z>!8sLg1$t2`bNT*k?|G|zvC{s}jQr9c`XdL{L|1C^ zslb@NSC|CZuW0GS7xbq6hGwZ;6z6<8MshAOgMR3shi6tSXqMioocXgf%B6pEML@_&7;e1G9It#n1YwTe4Hofjw&&Gt2=#Pm6&wKV zpfR_)t@g5yd^;GUYCaatP*wBxXojkq`Dli!nwLZ~RMq@;G(%O*WHdun&0V7zs%rY9 z&HM|aeMXD<$T=rkO%-Z7al&Zf3j}*5vefZPGB8SHs5u3+9#km~BWLl8j_1ya57f`O z!biG5?P4u?w6vfNAj^&-S^q~~7vAL)5-jU_OC}k6%|jR5|L);m8$u8C=NlNAE#d3@7=e#5 z1BW-faAjHI8gXVw8FPb}?jZQL72(=%7Bs%nu6gR^@{YU2)!GHV3S*08>ZX7{euJPm zjKCi@1B~($f%4<3@E_3pe7avJ_(Hp1dUA4Ke0M70)B#v%94djK%CIZ%0U8L0`8_mD zMWIa9=cUD(SxjAy6lzRgiW ztuf&#SO_1#g(;zaiViHFRJY>i(6*s56#>6bh*wquroS=+%Z33B-p2-&&>moTOE@>$ zxfP=W8mF2;O1wAU@1x4fmm6nlOzp>LB(9pnAis905hQcwS#*GUc=(G+SoeENl zQA5+8b^*ZyyQUup9p>=n2 zGa-XM7J6qBIYe;H1qQFfE;2v9zx^5_cpuC}q0KwJ~oK)49Kz_hO28$V3~7=^N|KqD?Rys7Q=RUe{qxaV0b-Xk7IPE zbYFhy1crP-MA2AoV0n9ChQvH~YYzx97D0ZVRF!Bj)M#Q)uxF$`?n&_b%@Oe2R!y2A z#pLH?9nr#`{^@>UlanpAos^F+VgwemCdSw8idYBYMjnY($^P@vNUyLma; zq{p1w_?kIr*t3B(*Xze;geQ9{#=!58ya)nqguxg7iai8d$Yn{U7A$V=)$1k=(yUZ- z_5{N11L5kIV!u`%%|8JP7r2z3d==Q}oPK?v1;1sVDn{qD#YQ;AV)m0g?^=D5-IhlX zti4RYCRI93NKf_zzv7AtQ1&thdEnN1$v{VH21n76B4y%_Sil|Gt5H@G|Dt&%fP8H` zcy%YW=W)%cx#OCfdB<3~SxWJe8t=(BQB(t?Y@-3{zs`2#;F+A0$~-2G+so8^zsg*2 zzmC*g6h^=w#)c{_(0r-}`?dGN&&*@&8&jS@Inc~pZ`*rtu-9CMMui58am+Li#GAX5p=XV0nyxQ1b|F-AlK9?MY)W9ecDyB+Ug( zkbwYXRl`swmE9&p#|xT=n%6K!SXg4#;nD=TpdMBR4dip=U$|Ce;a~c}Kt;S)hVd(E*3lM~rqG7? zof``CfeWWaV{@X#i7nz4pYR$$(7jrs_Xf_5WbA$ihT01sJ_#}}0I^B=A$`a{tD=@t zQ5OVvp`)-72ek;3<%&jQ#0h<-LfBkX0rc&yCbtJ!3NVQy2m;CTNC$px$d6%O9Sx!4$ah(+3_zBiA@V_Nbc|Zm7E)z7CDc4VrgA5)IVyY} zvqEI(!3vr5%Qasim$A*e&?Zgjx{7 z4aBy$4GgpYBP`*Y{&I5|$$yC@jQS;*z>)!+F|dRuPFK~=u(Uuu5Y{ycN=o7Ek4R#2 zahWjF)C}1yy*@GXyN2BIwKFn{2YGM5rU-7RLs~zDoO&Wh3CILo|7ew5+f{QKnkgE`q%^!V*gAq9P*J zS_{9%SK})Hi#--Z4>X&Nr+|@w-^o>H##)QQufkcP!t;W2(EU^2L9nyv z*CGdLC(3TZI4NLMabrM^8C&UxJhxc3s8=@la+j0qggocrdoBp8T$c%Z>D*N<&g-C8 z6qbBoR!62qZYxMMHu}6pQs4^j1evybC)J3+7{cY0d5nJ`jd-DON2(FPLvd?_e#-PQ z{SwXlN-J4@o>$X|ixQWl^VOZ@YEAgbCh*?maIuBO?%#IY zKHgK!Bdl5dIdA~3f_Y{M%wffUP%hOVR~1ppvr#E?16fC` z6dEh7*Ly|^O?t&hp-q`?y&mH>5WxDBGgKV__!pBRO4(+wU8+U}NXz>0yqgXq=3}nsB)t%+w1v*QrhK|dpI@`7*DYbrJR6Xxb zIC1i+Cb7(#3P7$k)*2LUU{ymvqg17I>S= zCUsXyeE$M$gJnXZ6wmXItO^pe{wAH6t9fmIWcAiF%$Rk*;G?b3E`z#*NfFCh78s7n z=wyNKL!Zl~8Vfjb07MC;wtJu4fCd%&?H~^E_~}Fpm%$62vy)jH;w)HQy33yC-(<%N%m8nKdlJ|L+0dm7*>rV9pyZ_qc-kffLq z-5C_qkU6*sRd&-1r9oYY>RYkOxllXE(>X$9$V5m8L4gg08_~Ux7P?@hL9y^Qn*Bco z7En(MD?KDVpm`F&Rb(IuTM+qX*DH@;=X~>2r-&XL0psK?p(28sxyfa3L*V|)v_;%d zIpwrJ$o>=WbV6#Th5Ii!CIZ_D^YIz}Ei2rGf0&tXVrFI`o=@NpxBN`CSR!g*Z$0eM|&KsDi&G#MII~rToAq4I7Ke>loOCu`{|xZrEEFqdhi?$|AD7!h`OZv0H}A3~c<**b~Q|Fm~eDih*ykISD0Z%aM+RxNg6PXmuVt))6Ykvp>ULWkr0BXQNaJ%{0FSzqVj&Ky=b zE_bza{H!{6*{~{m5RNC)aQ5ufVdJa8%T7w;0NNxRK>K7n*d7Y$-U1ws-X|$ch+B-R zU8cu|iQzKA(gSG3*(qaB9edi??~MJfOHPR$?foR9B)-brPm-%y4xIK>=ky8XQY#k> zQhX&Nz&Y_7_FC+XO1<9PQ^jbq<<-VSNaVH(x|2>P?cUDurf;GIRQ)HsXU>H6wlORq z%iU1PZdHDH0XW+n9|I`X(=Z=UyW#oRfu#XB|2_^7q8y^`m%+*XTfYi%R9A^90?2X} zEkALY_t;Dmd^SB)4tsx-YnG{Z2H_<8ArqykolA9LoG4;XbKq@jYHlWPK)MPXvTz1? z04mwk@F@lJ8a8K6i?@(yASt>ENAZV-a2XpK0Q*3Dx7=^aAzT3jry)3IM9}4m-pMbS z0>~#tBJO7`&nr$nS*IbqP&ZXGs@MDF(WSE#@zMiwAx$MUY#*-Q!*_e1fw?#OhIH+2 zv>RB`mCi;x(k%5l8|`7JL3d`O9qE?tQU{ogcAd8aQ(XzYX;S!tu6_6LU6;K65rjVL zU6Z;c$hl39PduEQDsMO08MTM>mP2#zDm|oEi>-=a35w2mteI}r8D&2&(P*}7gV-+yC;jKp!|JA#4rG$8x>-qF`%l@BO5KM4r0}0N=npMQ>S^iCc+w zGtyq08Qb!lkK*Tudw*_v>N$T~{C12A$5Y=3VT^C zadORabLayRH6(ESmsylF`e0_oD(NG3l23Qhb5&v{DMe>|Y+}as;7R&%a$?qxg+Z+; zk?pa!GyJnrb(O<@Z2y>HYtI0Xd?N8s%^Q3T^eWEi%!^zo-RzSkd%T|w8g{b}lx*s~ zw!M)|kuxAR<-3v+Q2t&CJ_j12ne#xD>qs+(N(PSPz+)+Yw64t6(@evDeIgG_zZHWe zMfu{&gf00i9vlh3MZJj$Te8Kd1=(UTVM|5t)h-cRK|f-^2b?9^z^9ys=D`9VSj4v{ zXagZmRQUKm#)dMaUr?ceJ3o#=MNyt+pCT1YRzz^Qgw?MRuUAR_iF42}cVU^K(|wN& zcPcxim*PH9_1@XhSL(5r%M#g>qZv4{ae5*f~ z!T58T06NFHl=BnW*P6b!YOOj5g6}psZCmv2Iw}UUphu%@qM{Z0hZw(Z;)XQ)hli+79Ew{#UheRuxKue=o^b?0uvVRSQwx~K~)SEHv%UK zV=)cdmMJc56q-@f%9V*Mw+h0ob7Y{7m?4A8u`bMz(VnSjhddyjaFARwQAoQva@ zWGvxqvsdYmCmvyk?6ZlZ0jjWxb5Hb%%AHFfZCBqUE4J-qiyy?|gJql`o*f{~3*Qz> zDXF}ZLqQ)==mjiKXX}4VK|28@5tw4p*||q4Iyba08Y89b-=V>J40@OgMG0ZV`q?{}8x)uL(n&Z;mf`kN$wb%9#dO;S)l`%a%lzi|jW6R4$#V|p_ZNoS$hl-+)R5ZF z=SS;P7LG;GO$t-AVo{j)=tTAa|C{V~WFotZ+rsIg7Pzs}?%j*vfkNP!i1u?T`$0ut zro%3%tAv|Ssn{x*G)1qhr2R={4s_#Cg)d$(MF)eyOTIDJ5F6b>Ubw1LDCLnlIz=>@ z!)+lQ_jk8P(uobYh3-U#j74i%%65dRAp=k}x2v2n2xYJK2ByT=HKptacPXXpe}bMA z(KqOpza_opcFM{f?Z#F~v2rBgdSSe=!!Y=LlYj|=0h5Qil& z^)XgU;mSyUv8EIrdz-=gmVuX0f!>|+{`A!QzMCfOOqZ1}$9f9CQd6$iyOO=5b9i~V zs}jgg$NsBO`B{S-PBM?kHc3F=XNsE1K7`A($8g)_R5)A*_8S)(HOWVtw%WE)M_BP07}J;SaGIGPB&B7 zHGLf)PEUP^o~Nfi0(PdSKK3VJQ3Mjy!HCUXlmkCUj76aFmmrNDJ_21e#8rp1(GWNn zlwb_8V8Y`an~oy#VG&EYj+HO!@R$N63BVP-H@+`|0-Z2Of!-;$D-P$nlaONKeIzBHJV}K& z&MUW#{}Wf6UIZ6hT^xe)YX(XTU<3v*$8TK7CE}EEU;jXVN>lU+n^S`(A=$4f^_~K0 zQ}Fu7-@_?*{o{SS{;@(||G2AjQ(Ro&i9gypyo-F|a&!3ptho2Pw05qqgu|RyZu6_K zUm<1$J13ftFvIknUSD)>o=zHiafc*8f!w!HcHsbP$o-QrcIh>O*<6>%_Czz_9J(Np z?TBXRlO*$_8E_6^vC!=m1}gd_i3=HOVYwLgS(1VEqL=~^-VEu+cJ&1hXe(xyU1+`A zaU?1ry-~JccuJVD$0;`(@+E&$<-I`PMTRTPa zNpwX`^~!SUtbLI97zkE$Xa<~>sYG_9$>?Ypk6-vd z2pxFqxy7(Y-xz_^!S#*@nt9ZlRTzvU#h+IN8x&>YAY4M`%?3WR(SD#nq9W#6h(k{p z81CEBg*=cH_vv-!43XNdb-RzHES>7#`%jXgkaVw|;{VJMC95FhON@U>;bPY^pmuR( z+Gioi2qk&9kJpi$JW*_g$VteSoC3e9bk+K?HEgEf?0?~G>D~gfp#|pPM-&*H3nPS! zUX~|0bR7j<0HHox$I?}{{zvsTn71#;bb>iC>IINVt}zAm!%Sj|MZV$|Wyl8(F_3Z% z!NU#8_->?c~zH{FA; z%o3dK=MSkPFM`! z^MCec08X3<71LAuA&pt}Aw1tRM4#{BEETT6Ki=`@l$Uwm{WjQpOLB)KQZVEL2M#|8 z7Y!O^3AOkIU4zOO41^Bvm=FH5(!2TU{$<`-hi_8mjbFNHnfJG+@N01jX%`=Xf3EHt zQ09I7G}3cBGZnTqnV4md5)J=uW2zZvp>`7{e&U`^-{FX;8o+D;s@y(ntvPfQP7 z)cCjfE7AToJ@q$V-PLs+=%wO5GUgvzOiFAUl-u|B6h*Grd-+(BEmGc_AoN?>FZ8H) zt%`~O5_{3ryVFze`knd;Y;JEXw}*8h_zmHtT2X^?BiB;ds1|d<)6OQ?&AXVYjLhH% za2J9={l-L}InBml0POv@mA#T)@2eP*rKNCjoWwDU*Lk65Gjt*2{%{Byh?rm1e*A*5 zzW_p}MIN^_P7%X((Ul}4P@*^8R($g?(pQ;x(QqD3Cft(iJ%=qDZgpgLMy`_qVq5HO zv56@hJfEo}F;|Z_N}G;9)p!I~rRpCGPUs!j$+rg~k47PAQ`h-gY6KVUF9z|t>idSM zBMQj+)8XHKv=1G=27Yu)FJbirv*a^-$`kPzybdqJI$?0H{R{^Eb*+Xdxdj^z*1OTn z-%(0&GgLEwHkzTD`Ge66)y!{=W~>*@Tw}UGZ)KjPH{(Zi6`F@+#3=Q>5m>S%didLu z|C@UF9tQc!gH<)4>>pnu2u}5L#$$P)K!WS?eGg~A}WR5>57xPzJF@kirMVV zJk^_e%AOb^6mVT$jTAhkd$8zyNitbTSq^1>pP z;AZ*0ew`S^ZxhNia$OkVuIDj;Z8^e0B`8`=dy=hQT(moWVa`27gk=gifVCvi#$&lK zIxCQafe~H_qgjavJ;AiL_I>KX+S*j35<~N%Z{&3Q$#pL?a*Ro_+I}OiR}NSJeoAmE zrh96Y_t9^-9^`^TfBsc>48mVR&pJtU@BLX)t&7cSKfuE2fL{7h$jm`gZB`&l+5*C( zsJRZo2zEy*E_B>WabuuBL&+iOd{w$_f>pNfhN6`gA!kAhBSlZPMH_5UajT&5lhJtL zj6Qle=E@V119^6ot!5rvvRpF&W;^o$z4tX+v{C7I!2@U@SQ=)4_`^4~u}72{g8a}V z;LdiuUAtQ+9=*qmk4Y^^T(cF*;P)P>1#msnA21J2I+d%^@-Y4_Q%L+XE6HGI10a|HCqSO30 z`^ko6n*Zdcz(BF*K6Sc{7ac+Sb(NU?JGC%B;f-sgR*v50g^2XnJB8Zj1o)FHlQ91- zkVa^a&7>9!rsJo4NFFhZAcVJw7kY1cpndaar5{T(0( z{)2z?bt^7hE`8h*yB!)R+^z$FCL_z!tav3=!A^t_>MFgtGh~3B$|c6LiD~tnasm2} z595~}0ysc_b^=d(N;i7iMfv|!oUf_v!T>tcd*C?36W-t8)!}k+T#G&4<*v1FIfM;6 zcKIL53A%L{Go(Aa9%4K^0_&_m7^rbk%1I80$+lO`6gq@!S7O3+@-VgSRu_1od+#%q}wd>1`L@DGD@{E{%$c5YNuoVl}+fSd= zf8?fs)Lqtk3$F12?KcS;WtGKIZ9|Y zX+D{J)W5k*npLnHT_8z=a?HT*cXD!+Gf$Oh865@}*n&gpjXhOvGYXCOP7Y&q!yx;r zjJhajg$1|>=OIYg%(tP6ZN3BKsePUi^629r3$ZM`fH*06 zR_QbGIc*8WQC`I?78L=Xag1~wOj|S?zhd{>@R%3bDfAf};W9z%!Aw~PGaD*w2`Lw3 zHHtpr=XjkhLLLl}-qC zAkdT9D+{zFqf;@rP>a$&mI4LTY-47B0lPYp-5e#QNn_Sa@^tyP)VMEt_v{GWl6Or7 zgVykX3wP62q!%IIeN4NOvU>7`6z#Q;hzAsd`>opqh*_mi*pLD2btAm%n+$jQVM!Ht zt=~6S)_S|Z-sf6x39_q3f0S;0^kk!WjN-iz{^YXXO8uN#BplS3)lW(bjdt*E(XV_Mtdq{hkuj?;GJZ(eLXTGY_zDvhye0U@i9)A)FxP)p*){ zWSm%19SE?Q*;+lb`3dBnLW!M=xsX)&cwIJ&uM@Ggd{Cl!W3&g6MbqR{6wlPJz=*Ig z&&D|fL$U;ONo;yVfc`*^k~AiP8DVy$xi#DIQ<=o2Sh$cCgH6W46WlH<*GreacW50* zDS-II5RweUv|f^;Wpp2UsTvyiueL5_cMt;^9*{!gxiCs09u|im@K!og(`5fe(WJ z^g$`P=0Na5qoW?PvWk~mfO;+OQKH=pX$Ag6ir1tK{V(zXRw|5^)`I0PvjH;DijasW ze-5rXQYvyi*32_c3Y>2D$+i^*2PG$M#)-v`pFU~<>lMJvB_^z1>!X%XRV!w3ZT zjOfA0Dlp32FMNq#7_oe3;X~Q5YLg|J*!RE~L=y`d<>d5dqd!NZg3+y?bwxtVG%g+B zbYJOrKh$1hYO%Nhn?1yZ^$n+R_62;n7*QQ=uSE8dXa;mRWXwf|qvo&J-fciw#6S&Y zsxP+EdHV>(NbY6tQUn9wYMP)kDf=1ADza!;X6hTDqJ|M8EITXRfYi=^Xf=qrABgnl zr5=b4dSv7VnH~au&WvVYn+yBn-->2n+=%PhCz=7>wHmiqL^Ghfj!k5_-by;xSF_&1 zNJ}#G)vRZu8Q2E^RNP~W;nB_mtyn>Ht_f0+jK5fJOcNeGcy(vVhHt*6Jo=9xmGbDp z6%LP9zEe(kJHYJxnE(ay0|pGR&tOr|&|qV-&GQT5wJqwwN)VO!#l_Gz20!@xy0`aD z$fFS>G;uMi$zmCTAOim$AJxNtgerIkc27(}qPZ3ytJaIUz`bMiqOQa>($j|MDbR}! zw&2W#P8fjmmmy}3WTJxE3VT}M5Wa~|G^34D&v8kboj^*t(xn)acz`2oa{c()#RkY0uo)3cn9)uM8|)i>sYvA2vndV6_#V~u3bM^-SJ z{X)Ue0aAcs{)@@b(g6Ztjw>g zY~#A{-UP5Yx&PK)4Ax8wc69q5lBikv8+esjK#O23{qeNz4QFFhiU9iz~HTs6>HEOy$n_Agx-ZQH4y@x_z{Pe3wkzsn`o6 z5X5%KLm(`fmtSK92Z`pAEe@_F#566Ozk$Dl_CoY@7bJf`PxH~7_3LMUi4Uzs zI_Sg~Shk%UU%mdmUn+j5DbqVRF+**>U^S#O9UrIL8jX6}Iv8zuXZ_(nD~TWH{5ZM~ zlWUuG)Q)}ugxY4imbGvFl_+H2orTzM*=fyR>%41l*RK|{>nGA zh0MYM*u(xGFA;(xON2iPr{SM~xMG&b!R2eZME>$#=@O~jFn)=!!@%AuJclh8kp^W0 zoxVsG*?oXPAG|f%qS()^VYb(rE?hJJzIBPG1t3fC@Vvtn|Ar3+)C+ON8<#ko%@DLk zSA#V(9UrT(W^SEjq;gnkhrlT-bV1J(L>#$L5fOI7+%MS{b&yDcnvMo*stSY-BRat~ zd6xJvLZ5up)Kwi=)O=|3Fjj7hW~dbt9aYF!Sv)g#R3g1U-OP;Y&ELe0>d%tB=A&W^ zkFOkG*$+kE^Qo$I}PU@^GS}L|zVsLQo5-f(8mYg$@kTXm~_=@j z(i1ppi;Q}*q2%zwgpJxIRU{JuFZd)Ik{iY#lp{G%XJHLiNyrY;<<~EgP`_XeyCvQ) zz+Mui9{Fca0RRKGVe9Lm{`@DZtVce-Z7S;;7|}BDBL{Olb!Y>sdkK|AD_{hb6+rka zFr%ofy`)_b;_6kEg!_MXbfhJrIY=R)kx&)X<6n=|N{wRo>?&I}$`W&n-LHprVuJ zGFE)5BgTr~5@5i(_qBfw7k-@E^SqaFT(ZKZ7Fif~6KBHq&W+h<6X&*Y;an6Rjtjp% ziBtt4-mmqfS{qwM(E1&~!wz6$Q$&~XYN3AG(dMA(TNZuAMt?CP^w zF0mMD6`NRJ!@sx`$#xfRL<-}B7kF5RyFk0&>M@cm|Bj{g2+<&R1OD1o zjGA@98IqMjR!-l*oFVV~C9;b#+a>N4w8?Dk)1)N@q6qMk*~FcT*)gEf0VG{FgCpXV zJI*HBxzfs_BN~tuK7y!7WD66!3V2VFXeF|Gd%RT6Nze7I0lniE`f>XZxXWiCM)RQ! z{}^KK@)^kS`5TZgBjp;O5NZ6Xu(GAQulJcS%fXc`*zz(G+Wl~Oeux*=P4-5<_8c96 zd&EJ_7RKus1_&I+v4Stp62T`}%)W@ItHyso{op?SgE|%Ij2pDbP|Af<0=3=BhXYr& zg~bjC&JPJ2>pRXfoq#Nd@wkv&x)`h*wTBrnRF-YYw!5xZyg#kC;|%l-KP>18@*P6Y zJ{opUDL!E_YxuzgQAK_193oz^Tr$!Al@UPg9Nvwv?+C@X(;nx(Yey-9E0hE&g0gHz zq{Z{(k08N+$PB73@FPN69rNbb__CZAMm>08)c~VtU7b`60o)=CKfWWrPlxjb!ZgvW zyY#7Mi+fh5*wSwv>vrmWmGHbpM%c{&&YX(&J1Zqh_i4}i(I-gXDtAA9#Q9dPEv?XP zgFEpGP;YoSwPFij9KMA?)XL;aTUcDNg0!%j zUlSXs!t=Pe8_y${dA9ONuSO{A` z1~C;P@{9SOw?4PS9Oeo}IAKGUw+7B>R@vG<(QycC-g z>+R+to|omJr)+B;p*+MIxGijmAcBPubh9pjGri%H-v=TC+thk9Yff-G_doK;E@Ys* zIR>|J`N|EbjDhLvZR0u($cnFtQn*`E?jxUQ?^o z--w6xu*0_YuO)(8cUANpDinI4!3bvzg^xQFKH*UK?c@jwIG_Z?P&0>p&npSooO=_+ zK0UY~KL9jtS@YbJen%#YVVlUH7ChtT*S7{D!U{lgil}2giX1D~6iU$0NF!aDNut4! zhvi-|UnIS^t%fwme*xAMNvVGGt%Et%+@&dmM!pd6fgzBT$KtZB1%P)eOhu2ul%Uj6p94;Pz=ehay&6o;Q{&^Q@wiW)58kT2i2Zq9h zY}U}DabNOzT*M?z6q?ZDAooceSGeULyW0ZI5_8#kp})H_HSyU9ie1om<`qJGLVx~u#IGF)wlx*#Xx^VK| z3?OFjokT@B2F6-40r!|YcZ~4u2icrzhW}Dng^@KwVHnK-j-CWe&>A(vzS>wpl+&U8 zqMQn5)pikuVB`3J=M}=Iem1N^U@?%yDuk1M9x4Q%Q$(BQFyx>=oaiG8LB!1pP%A3T z@5wdYZ*KaFNVrq-mOusbjwqU{cBE3?{QVDtAi#OXYs9E0-rbJ2%f}msl`$k#Zd4R~ z@>g(+Pbjx=LYYTp3BCaG)L0f7VJne^L`c51w}r?YmYa&NtH^GFQAT)PZW?PGUVTri>ygg*AKG zBQ%MJTu;ZAQ-LxtAu`5~h|(93edc2?=`!nLnKp(41$`WaV2?le;cV^4kyrDQu?oPd zSoEW>H+2YjnFPR38dOS)P)?yPGBwiUcv_NGpsX|68Q2PP(-KgRZmeH&H$G*SAjPT$ zj_m90NJ>-av{YwSeA!wInXcbuuKNKQ$zXuDJms#w8wr_}P1B6&cqW07Eh);%i*oQ%CVN@KX* zXflUYc-dZWG(2DaPZcB;uC*i`0Goo<4plj_3EN<9 z%hSMx=&6E{fgYavZERPp@pcV@J6pAtV4SS2i7K2Yp0^5T6wp)01bVK379Jg5{HA&m zP)4!&Y9bQM`tvD25JPIO_2$scR(q-Kr;54(EK7?9hHHiX{pTE5Shn?D2+@F}HUa|NFH zwO6(}4OGehrM(I9$YT)UF*_$1Bj-*UOZek;C`Vubr@RxhRjoTj%wwW7Fu>OKZa4;l zS#W_A?*n}!yg@&CY|;C2F1&22dYts_HHVU=kdR284CCkR|@5zy%(hTG|qCGX)D zX}_TN_rTrU>>K}}asU^tebSb=abaUi<1dSL0aPX+116KHqbCa|0$vKC*z*#$?= z&@aJn(+(&@DU43wfQ$JHhho`3++xCBN^6|eI+@BU@ZSB;oRl^D4(+5Rb#knYRm?PM zE%~cW-VU-= zd??JJ$y5jXDR}hH8dz#*xo;HYyq`(2f?sy7(@JQivRM?rd9>f`@T?#)Z24i$s2;&n zThU!qx5iUoM*T9L0yFA1m{C1C4XmEWY2e0e>x~#Sax9rKH~&Vn-;>^q^7BhlHlJce zUOY5X$hOQdtDFqpE3_-?k%k%=8TINK`oMp>&)L39^&gGAl3tZss z(LJI&_i`!7Je(e`cUp!6Uczvbf@*DM5DbS>n#jN58Uw!YTJW_Noi6taX;!B3YOMW* zv>r?OF82#*RH*u3Cm)#A0)x5Co@}Q}|77!Q08BC6l#{%1d#&HwCYpMJ?_Z(AYuwLbEN^_YD06WecrGElRm0_`Nl48CMlSgw;Lq?xYp zrB ztrCI#B@`wa;*oW@M%=c0I|H-(?%-a!-`$ONd+<3nqSO3I+MX(BQPAmSXczydt27Cv zmVtft(o)M{N!8*fF+>UR(UyrNg#-m*pEq{4iUvG&HiCfmwh2Ef1b%WX`5(K2PmY{^ zVx(rjG|JSq(@k9Dx*b<4=qduEh@<&)YEKo|h`IZ(XdtvgVvgF4jsA65~N4s)!AKsCZG*mEON2UZxwC?H9F$=!WPdnsr`L1>P(34jXjQ0!oC zS?msuW2bX_%xR-3_A{JK@VIh4f^(wadc^~yBai zbM}2|MA$U@n+)!&nhkE@^Ssjwy%R~zDkC<8ymX2Xm_amTs!4HV|InNGt*cek8n2cK52^Quk-iGTCyVBS4cW(Z*=60C= z!a&Mc(JGrJvWl=yfzB?VGFJP3Ho)j{jum@Q!pNuSk0J_4SLr9R5S?T}DYW7LEKZ{f z33XT-zF>}fA++I}rR{V+V#BKs`v+}(Ff`@+Jw7_yjeiakmss9Ttpf`;+W~7WHG7Mc za^I!1-%ZaWTV_92wzFSYI6nKe#R}WmFDx9N{Z5J%wzFR$Tw`=ktQFSqiYRfQ>NrN) z{iN%DPF#*W=-a5B6}N-ma64M_XT(=Us$dLAs=V{7K%YIcLp5_30G7HM+;bS zV9+eR2$+6s(t8e~KL;}_9RbY+yN@F#D3)oKqVk4O8q}+XUW40*yW;q;dcj+7$P#-^ zyMQm6ef&>)dBARzbcu~vt_J87{1)D5$c;WJ>Rc`RICh2sMa@8T+C9xuFzY0T0wG?F z_Xg^uYBW85v1=hT9=iWKG#=t`AWznKD1^qtX)Lao3HU}JmX8?^5!mlXVbUaKJQPZd z2U%sbr~cCgXFM#m_gOBLwp7)84ZpLkOMw>`w6d+$%B`Ve6*IaufNmvOMVUxcnc}I$iELdV-vx(= z&kZ*vHK{ATC|kfqUfU%uC1GSZb4+_RYbGQvrG?%)VicjF9;5u z>0F}y5EP{};f<&ZC*f`dB<&MTnk-2gxfpaJ(&Y@Ezpo=nngf` zr1YazimbSAf)v4P=etxPqbpsE(WV!3h|mU?7~1gk6|4r?~^ZFm|p0)56Xc6ITtje<}%d7q~)#w zq@`=e=vYTy>zC$G7U8Rv37=oN(8vT&9Q0Y)VhaTNq|}{{dZ;%Sq9jK~N~>)zVa!<5pM1l7E9_ za}!tPsi`WgYyKPs(3Qd5{4Lm9@b*_=bA^7h^<0bQdrt#`^IR{`Dn*liSl|u-F6KtJ z6RY1m_Y5t!)}lEhS}i5jIKS%lD~t~qO^Gl5HtKM@(fk4P+VRkgcCU?j_c~#jBJdhQ z`5~;W)J46u#Jk;oo}{A>wij9&Syf355lrWNtP7}zDlTv=DkN0|{~G6%G#RND z@0etZ2=ijZExQjQY6l&N|6%yHWDS&pygui)g5aqguGB>Cgko|2C$JFbjlm+rQ|Ah- zi6yY?wvq@eXW8+Ol`vtfum*#ca>icI2P12X2*anxKENwNyIw*4~R`=WdS)G34&T%#%A-2 z%6CQG3m=p6n4*_xwP~zY(v&2XHbqzjCp4&*hQ8<@_Dao|*3xAtIToBs zA6O6ynTNq){s+XTF}t)rlS)UFb!?kct5O!^2LL3*vyU+GpMXu3gJn{PR?@=Q2Q>&o zMH|>7!xx(-Uot9Fu_&t@DXW2uNDY438o*e(URDDcksADRHDV8XN3a4>qc!*d0eNLA z&&m$d#>7|+e7PES*~f{V?>TxHZG%xJeRIpQ8js_0Y?hfZ}2 zIKCV@$>C}wV>R&QYNUp%k&4y8mv*4HjiGh?kG$di#$ZveUEUnyDV?m&_iNtB7r{71wA$0`U;)GlJe@lg}ODEK@LSUb(5UqdDKN6I#XT|~+Oe|U=P$b#UC=TP1hhALT>>?Qn5@XGC#1!Qz4;@5@P#R{(U?cmDdS?n2NO z9DZuriCyOUX-V2dMkh~e>+=V5-Esr(1KHkjU2FK07jkv&3RhEkV@yTSRiV2VG{oUU zd#=v&TMj!}A7i%|pHXWw#_YE;Ps1`Fl-{#gJ%(Rn6y61gd5+@~BCZk3(;K9%1Ln%B z#FZKluf$ddFm(@$!9IlEn=axHhZq^ytN7`w>_=}3^O48Inn$4<0PrUc2x}B6fv9hd zS-U@|8vR9T>kuw2W6)oB5ry=y`SbA}I2`xKc0R+BbbZhwIe~c2&5x5We;&a$VXr9*D zf(rMTFTN~PEQZuM97& zzy-21UbpTG!ZVOfyObslyp(hcWZ(c4&;>I6866G3Uo_?TkNd^3ylAdo%x-}fk0yc8N(~)vZR-m9!mGpA+bu z1NjSg6){(zQR(aIEKo8DxQ{n61CqMiRC~H@_>&GtWpS%S+?y6ak|70scDS3|4H)p= zGn4T%a`Zr;n#h6c%wZ}W;PzqUXC(+zWn_97?tS&x_>XW-01-6O*qC;Dn4$X|V~ZXZQnr{P z<riV_wD90$#!_{{mKhJKdR(+-V2+@Pjd5sh;9>y!ym zZmMK4vf9;V#X#PDG8GiJ=@sGiV_0Ohioa_jzmv!x#0Ww{p?r@0+YSH^ab21j=W5on zJ!s*g`42ge$;d^>kL(}n!-j-CWuMMNg`(NQx3@z+iUu)W6tpp1BOVh3JA}HW-wo|l z7*MvS1PNq~jy!t^9=qWZQ4z{x5-hVw`K>N4I_JzPACcQ+BXXNygjp+0dEHKe;A*sJ znNT-ZzRP`5E9{;tVNl{T^+ATjHhJTKVV~%FddksHA0Oo6jrsHC>_e;JvckPvgpAOb za#AKHj!&`mH>{-}|C>;902W3CEv?JpQRRF5H-xe=<%=2C*%y6Qdi$O9##QF)T|yk5 zg`oy^cw5rOROX8hi1cE}qta{bi=>k$=*upSy;qsw1U=1-J7Or0P@5Ixv6}U}=D!Sv z9?CVnO!2~_CO^c8s~u8$-l{_R6{2-{OQ5e3>W4Zvo|Ffi54I;X%wCs~dU_W4&(Grb zKVLL^qJ( ze3bHF@tz`j&{^O7%MR-JN&whg9SCuuvA{jb1yOmE@#Nsk$UkHr8A9=r$ulf3wk+Uu zO`KYdm$9Q9MSk?}b*mmf3MiS4*obRRyLN{v^K9QvRVKZ9T$SMs$mWYDO|CLOIeo_} zvtSus=U(*$id_CD{BzCN zi-28l88n}}8}r2D?nII(Y z>YRt4?yeEQl{YsWuwHxKih~jE%)k-ZS~h|I1O|56ML+d?&xe?+bDCYgLPx0)<|R$y zPdiCW#6IKVeIw*vn3Uy7Hkb4bXo!4xh_z<*v%^Ew1y4e(4Ix?sRv*1rG<6>$4-*j0 z9@?e^(1dxrvP<|+K%_`oTd5AQg7AxnvH732v=qO5Ug~U@0Vb}Gl*4B#@)^Bv z(Vg~oHF5SkR&pu6m>_h=_UA|@pyq*^tBKD-{L}bP%yHS?dFDGj8AY0A^GW6<+BIZD zZj+Qu?vSZ92(p+7i`?Qwo(cyUfT7dgma;47EWgsSbAfyxGl<)*pqzgZnd9p`tYj+$KO$Dwxbg zdv%ca(-Pd!N2?2tUwFfYSW0()geM?YMCYJS-K7{B{|f_al`qs7q)#qDqIIVbdw>-}FSt^S_=4&D zP1rDQEzoEnu!BwJu9e^#O${-_f9_g|0rQdPoU<&=AzyHAxf6gxm)>_U8EHo@qtPa; z-$k1YQGCF+zQcgIB;$MsIQ8N?6hI4g@VQbgYn*+i=3rUl9K?Kz{lC}aM5Me;{S&}K zFE~`+<4>Vt^bQDAfU_+Dg^OGP_0bhHD91Y>RuH`G*kpok3sBePxOyB;mUk)L&Ns>S zPZob=j-Hu z2*Oui!H>{djd>tMoHPIfVAg9YVmD)YdclYu2(5SeJkj=HPicG)d!1*=?jz!kH3K|0 z{g)zf7v9mx6Fk|so+ku$VI7@X#P07mO~156(vG+{S)uBL;od6>Y~!H43MITqEYE^ST3Yv z6d#r{dpkw`U_6z}BZwDbd^Vb9-|iN3$ddx3qC;xgp%3g(MB4+ohK+1@T)f>>G=7lk zYJJ&-58y6kTVKZIS+UM+0Da7pcswH4`Z9vb`(f<_ov7Hp)i&PAG#6}$a*jJ_-e(dU z0K|oWKc@pgChkK7=%rhwP634FwjZZ9!YRci1z-LGQk`mDIS)MQlei(=HR|IJ}NZH1LZtWmdQqCh(R{+6biN$ zVXir>5x=Z5r`{XusEuIf&5O9!%a^poDS$Y65a-bzsndg&dP3sl%^KF>ZlXgA<-}p- z9<#>}ggE>lWAgGDGRI~fH4d4wak%(Mlp)bN*AruGA`?jkW%gNi^@r!95h}Bvyr@5b zgfXu|IS#>t`!@Trr|ZYQwjWSpjJNhnC!Dm!hV(ST!>EDm1r$B?W*IKW<(6Ly=BRrj z{2J+a-Yox~>$qn*+wt=>Ite9Cb9z0v&W=|l{U_@~aiw&ZcC~ECe#ov)|C$}L`ax=~ zEznx${Z6`BQEPosx(SWuLSx!x>Y}r5k}f;y*e>^(kFTrT<$}56yS~dMton6EI>NCA ztA^pRFrM33a=yo@Bst(yLG11uh7h-s5Vc>mggE#G`2pTl0fNrD_QBY|Tb)(J1Z#B` z&~F`x=&TZMn0;eqZa4(fwAWrSZustZJZYfooBDDM)s`EY{~99=b&#`Hl5ReP`RMN} z&|NDX*TEnFZzL1#SL?42C)yY4uY(iqZTjo<#3Ehk*m6;#yIIp_`m|FM-SkKS<+Mcm zQTprfM0-7cEoj|R01*?5C=>X2lpo!DYYt}upYw|3Ow^pAXwFtR6^ZU=kpuwq;7s{C zt^DZj*PKhDIa@K~CA#m_oSl=AI=k?r`&!MJ7tOh1ALd-DIaTkA)Oq1x=FqbS2IJ}? zIa?oN4)RpXFDXAmD-x4s3B5Yc>gp4@cM zBj5=|7R8^$;tP?RpNW5Fq_-rlu%m(zc!BAsm!xB~fM8X=;L>Bmu!>n61Oa8UbR2%f zERF)Ry1$7ZV&6j#WY*N2dkVfG88^?|Swkyd#g|7gfsg40ZYuv2e#wEOd=)4ZZR7^1 zm_+vxT5SgsRCaOZ_rcF-xdWNiO^;5Q%XathxI0XOmHQaUaD83$q2D8kq{4GYpym%NxJclvw5mLzFtm*g;IZ%98)`jS)m zx8MHlvwsWx>rO-Wrk6{yLr|`LKxc4UcoG>zT+gkMX#jYNSX5u@gabx)^&NBdaD6!I zq2vMax>D~5)`O}+Jv{KjK$iHfhw^$>XQrM5fe`LQO5qGCJ8^2Q>>_F{U~1sNs{14B zsIP!jgoYPN@@8jjB1bqVjukGbZ+d!q;jjlgJ6?cOl4ySrKo`LC2GtUakHm+J=Zy3! zryo{fC@(`g+;iOAeKCGbFRV!7&y0pu7DzYkv;Zp{Re8dZ%Bm4osg65FvWoF6Rb`x@ z0FbII1bD>^Nd;b8w^mo#R<77z5`o7N4tWjNgwljFQPQo2@~@YL-|YmlENJa(`_|H` z#ASy942j|=GuIv6|m09I*r(u>`6~N^J(KqT&+a6arvSkZOT<7j*qP zlf4HTp{Z}f#7X-HoF(IEsPBUs9u0ZR4=)$M8{HZ~rd67WB69~z2tIAVr_JGWvf|UG z_$Zj+QL2pTzLk?dP&v82a`KGe7w9fV1JlQ~WgS1SjQ$;bYXBXWKO7?+1#V@CkHQ@+ z!H&yQeHr(ppAJWp6xSS4$_h^?01JJ>{Jvb%wbQqns&B)#Tbh{wo`9z>8X&0Io=rhR zeqalhIlI!!&@m{|PR7tP+-uoof3_||pOl+XXl`elc4ja$K?}sn@wo{AT9$43)b@#v zkLXu~6Dv?+j#5JYgp{}l^J@tuSVAb#%o^F%{Notmcq!f?IZ6qEr@SyIa?!C!5l2T; zjWQEKa#}R45(8Hr=zkKoBqO*itPY#{T_(E$q@Ul{x$C50-b4It^+slu3k zg;j7Mj;z8zj#ZLUyhC!7RRkC~QZFFKfL_uI3*%)YnMy4$0A>7O-T+ zvrsG`(%IES46cXLL5Il6(qazSaN?Ac(Zv~a9p>PdC|j8XGo+=+Ki7a$V2~se?KHFT z3kpG9AJ}j9-2W;l0eKrpcT%Z8g!AqlTcirFpVhS6kw&`^!Blu+d*WARERt?v2Qyb| z-Z(b-G3qd)^YzgOZ~i6nN|)u(xhP%mfubtYa!Nfg$9V zPuOqE`^vaP)>X{#Hg^A9b(qSF@z6~4>E!*cvZsm#Ef#&l-tr0;u%bV6#HHfT1n+%G zq#|^oA(Oa&SOfr^+kO^4byxJK9a-cUdmkK$=RwcJWigJ<2IKSvt0bLhDX~!g_3p!4 zm4M`7+FgCYO^%H{z!FLPL+`7bLKd9Bq{z!XE<}FG*bL zp=w3%cb&tE`w^N|P^wN)@REUQ ziPbQKL=NImX2JR-1}GjKp5@mwqVb?N&e>0W3ll2|atug=UKD{^5t1$|A*Di$kd-=w zDF4nIWJb2-+d0J&4kJNpe$9`Scl9dexfgU@1MJC%kA=U$C9qz0k$o%*-R47NR7PF6 z!QR3gWz6glTCW#71g&>o0P1ReFg_CK{zlN}tYOg^u;@Hoiq0%S2X)`eyF$aRPm#Lt zg4Vj{AQ%rpp#15iw9y}^CeyFx{BcA&^RC0*!_Ys1ox_Jh&Rnp2M<;nC9*a7DHJm~)+U8LC7s0sEYi ztBgxM2fwep3w`Xk#Mg{$7PrIPt#mDx(KR0TOAMZg34$0Ho`LJFH&&?FQ6wg2Ur@KxQ!9U#5a7W5~T^ zfNZejQbZvL&Lpr*!F;`i=YW^%1u^g;*ekG=o5{g9lP@P;I(7Sb<;Xd> zwt|<jY$?lqYd`;L)X3fJ6tNmQ@cS?gCJ=qbg z+BcY^X!K;(Jnm||xX$*YtOmOt#1KDI5Z@d_e7r+kvDdpyO7vUL)_&W!2I7xs!X*4D zfJ{U9OL1(D&v>$aKl7BCpP1P+^W>8<3$`p}%U!MgUGwip$PhIf^4O};gLTp6;2Nsb z1Eg!bB!^3SNU;4uf?e$pQ|(GA*3dsIckcbObDzu4#xTvsy-1ndrwg-lpT;*gsHK-r ze`sb`|I8IId#k2DG`p*JcGrg4UH8oDdf$G%xb%@NWbmUJf2;79_D9w1t~2&a&hEN+ zzuMVdU)!$^$@Mln#lM-ZPwkhPjeiQ1=H^>XEhWHb{G+CSLXnr27M@iBk$S5b`+)= z3z(SbzR9Q3VNauib2=b!xfO!X-1$J>oOQwpoh2gq^7+*{57yP$}t0Av5>S zfLWm*9~iA4$OnlSqh}9rK*H_J)QulA&+_+9>YhMMC2qaCj&p}UhZX8h&=MLL2lDB! zU`?8Q$nR={r zLQ@qXO>}E$kcrFi(iz^U9SXR4)lC9}hDs%(BDp=tZy1d3Z|Y4mh60UH9n>){@a zG{TDsA6=M!6g3v6AM>oXE0tBc*tHHZ<*tTecIb>m_Z@(Twf{H9H9I5D;LV5w0R5jq z{bRe7`hLcWQ4E`olw!~$6L_1MSTyuaR4(t;8#I;3_7buV-h=Qs#hsav=*!8D&|0T zy*x!CDV|-=)qMDA;_3Ctq?C+2(5X8$`rs|#7p#Eb(MZfmivyF-Xs>;Bt9Tiy!kSbJ zw7uOS?dsYyAsc~6RX{sUE~JFw@s$HyqJi@a8_~|W(hi^Ng*`H^7Y|Locm4p@z0AOE zVgfr~$%aW)tzLT?)T$%M#R{PShofMoTqJ&R!5mgk9fC%Sp*1RDD-Gaqp2H?;=I16I z_#n&3Lp2r;zN!Wav#)de&AEpQJCdYBa@U}Wghc>Foy%Er|9E3`yzTU$b}PMm=-ihd z7k_Xl*a12QaNf9Tf3{sEM&~n8?fvY7s`zw&xXov6Xgh;7Fx6tGjoaq4c42z0*Qy#k zgE_AwPH+SE_du{*Cv)x;;ylnXLAeg?;2X2SOEM_2$|N5N9>HbJ2)L|Sm|pY7aIrg# z6qj&^k$xxr4kO|rfzQYeBP|o|Fw*aEhY^W@p@Yp3+hLSJZ>^e?*|cEZt(Bv zjSLrMu~P2%%u_&wrx5Al@b~cpf5}eVCt1lJ7((mdYZ+8H0M=}bSBxYSymx|{3> zxvBW6h3Tg}qr6oq>A?iIE29z~U}5(hU)9L&p~Y|j3_k=<7f1?pSB>+ipce!u>b!EC zYCF?UCbBV{J}fvrxiI~t$LSE24aFH7w=U5ZiQ}+fpC|!)fPj5sVfqOVHquoAQ>m-9 ziL8xn`__VGws{d%>^~a|I-5$+nIht>2 z3cjOVfkaY{P*}!FBfk~+=kXH$(Xp!JwT!|)mJLHhL^Q%^r04?uNA*2Kw2aeK45R1K z>pJ^7A53+=$Z4aq>4naQ=R4ESp;K1lQ2okzB$CYC$n}&m7t{chzJzGy>|R&eh#9ds zTJ|;ZD6>`4Jno;oNw~EHWrCp7MJf5=)pk>rq6aop~m7udWg4S&>!<`+%Nk&^r8JdL>)XCvq2{SYaZoe_&`)akoy8srk+ShM{V1 zA}yEUXx=-Kp+nY%&Q|*-YTJ1K2>s*PNVPRIuCOIMc0drp{*cw)GUqxRei?Yy970&?vqlD-$_rF)^aT z3atidL}e%#KZ^VYVk2rO%Im%3@k#)0+cf=#5G>K+XFUcFB?@{ zbmy}G;2w@C0uxM8@=7fNHBB4MgjxxEV9RF1M(mV2oS9hjqGN?y_Ily^LbjU*%;N`W zIfnvy*zT<2)HMX&rPGbIo~S)uO@A2c=|g;-99q9?UDsc6vcXI{8PKxpt691YIc4XO zd()elj1bj;{Eg7l^-DKuV@m9036dP~zxYt_$RdTx#Z)-_KI+BEMFyQE(EZJcJ9nOB zL*@v!zk_9c&P3e&f4I18vADUj$7z6W4sKIV*#cvgQiN_5pu9k1vpH-TjeQ2#=!wZ6 z@fUO~_jhCYOZsuH&zx#7LWA@H>zqi0ZMKUn8OHeWtrn0Aj09JLB^@obR=B#V-{I=2eut~8 z`W>#W>Ni$b%UTf!@T(Dd(xPapq!(Chebg_u`u0i+VX+m3PV+QDSHs0tR1(5ru@!|5 z_l4YID;B$^#uKsFio{rmNf%qW4(1uAtWR8Q9dXLlb zV%ZAas|t<;&E3E%>*+SN-ppcX>uI0nni3W_$amjoc~-(2u-dfL5#YYoO<=!`x;4a_ zxSJAJ@R+Y;g5@?Qy48=^q|CN)VS3|!*pgf5!c$_*fl9|O{J^}`FJAw9_*-^C6zLL) z^b|3T6j4->Tk4Ol1bRO5J%Zs8Xs+%AN8=xR1R8kR zM)U~uhqam>fu7ECdIUNwr$?X}-NHcNe7zlANKsXA+Jw=Fc>E`Yh#s@6*u+fyBmMPb z2w8d{(fu~ez9Id5CZrLWe?f~O5xK^+d^_zYp3h{TYYGZa^i zk9XouB#O8kB<=syeM0R3ou%#*`#|v7h0kGod=4_h28-v}2KOmxFdc=ln||DdKbQ@y zX!gmq;X?ZshxX&+fHt=?^-)T>4Ip+ReRQe)&p9f!*a2bn;>dcXcO<>iTcTHb7p8kH z@&&I~3RbTa#;8~7ErwpN$io;hxx!q`m>~XzzT$mlCH86~?fa4E^9LZOBhCx39mh5= zyvgVD`=B&r1Yq3!e`G%QJ;D0wF;E2jcBYcg`GX|sn*wAsT8(+^v1cE8tV_Y19Z>HEj1&AxEbzk!w1@ppR%@BfLFGz;o{WK(nM ziDR{relwDlgv=4GB;=21B_Y4mNB_VTkD+vviSV_Mb#Y#er zFhq03WJ``_obSr6n1uN+eLP@XB zrPn(v={F10zwruabSvrhk4LSfO_*mMAJvp^(>lJ#Zz3<~hQIz_%J&(gk}mzRvC8+a zMv`x2jws*AA5p%MUn<{78b-cPcqPKAzZyxtkvY12qoES{{?#b*jT&Q=Z4I2c(~mf54Vrec$j9<+!j}e>*VqHZg$HU;+qd) z5+2b4{J-~yQYGee%+5r3DH+X2Bqo**6UyuBfaOkbn z6pS^-!=ahyBXcMsp1hpZ6S*`T%0mgGhC?&bHemR0=m(J!65V6#!=XGX@7pAb!-hk* zAT#WQ4~J%-i+AE)6pMsI?{uGsOZ+ox7yNUgqZ3NnPoqKKp)p5CS8t(R(D%lpqpOZq zasK+7Hafby#n3C9u|`MRKvB0oKL&eX6PAwO_p)UG8&0i;`LDPf&e|y5mSc5mYJ(1iVIu3(L?kKk>2IL8!H|e743`K4m7FF-% z)NndFD-&I4Pu#@xf=jpaIj6rw_f^aqD9Pf?m*~ELS>B%bJiaO{s(#`bYfl`9e6OWL zdxEzqj$}`~O{=Lru^m3bsml88B@ccte1x+aLpWUGOLTLl3UTxk+AsfTalAoG zLVmxezhIPHslOoOm+LP`e=C0Z#=^dwiR2KxU(Gwof#({$uf~ZPAF_HJ zS99AeqbW!J`&mW@{de4`__wr-KEFBMiT`cOD0n*F{u{H5t|OFx#4`Hv;cs@!sLEov zjh0auEV1{SceTEjZGCN=yW8>6bAu(v%ki<_NV znz27h<23FDmP~W-q*TXLo=Y`jdmhhK;V`Z|oJB=Vbo5g$=9JuAON}Jw=GB4Q(t?gAP?FP{RVQO6w55 zWFv1>98&5pxU;a4_G@kX%DmjA32Ng&>!k6zy^SZXm;xTiM1{oO=TX)l?yOQ8=waJ^ zT>oSM017Xr=>?x+&wOrCE_m9*D%&WKjh)dw_`nGrYxJ0>iD**g7vLaGx~JO|nLCpGbj# zXmm|S*~RfcGIftK-?!pjb++e8X$yPtPZoB7c*Mu_+Xy&~IHo7MF@5`kkuhyXHPXb5 z>1BVdG^QtN+@{u^U(S^@zx)H zfL$B4b%%T<^v;ecq$qLv-TY;TU2p#I4Br@G_}a+t6cD1Q*8p8*JzoWrga4fjLMU&f`Eu64IyrVFAhxn(bQ zyM$epC|IE=1nY#CTMNMYNDnoWw9OKQe)+AJF8~dogLjTm6igfG)f`O#V23Yn5@R3a zTmQ-fmTtx++(C4$Ca4a9AyIC5Ktlq&KspGkhX1^AEfZU<^7k(!Wxnf8ld3c^AlN$Z z9ScSUlAP93;M2DYnp9b-6b^GPro)ZP~$GOU8UPJzj~OZE1|>HJS^i`n);uyg6p4BYj?TJg?bYamUUMW=lM;#e7xr zyz*0XCmEe}}wHp`0t875(#vs|K_2o|(McdRnSAeg5S@-xI+ z24w#~fZ;rGsuB4F%mQ;N6`&C7#NZi3SgNB*ILWepIQw!B0pMXW7P{sXJeZd4w=}a4 z!a~=*8`qyWgd+2DtQ5BT-(xJEGJ&V-Gix4*!sYen0-J7cS5Zz3YT@UGS_Sdlbc$!#BLKO&s+LSQW55@7z z;H_aEWX9(mh^ys;zl6dAYWlqIqi4bIk+#-!0Ms6Ke1Y|LF~wP9o`wHsJA|--b!gbV zw|hf_U%UD@CCC93xQP0lgY&9UDBlm+iORS;)_Pm`wQHjNE8!O!Ji~s0o1i$L-m>fF zP{rBHf~7x%SeZ0n!g-D6XJ=I=4RSARjFYAspw0>rn2>1ykML_!tW_2rzSU~;fe~88 z6zZi7q#Qe$%VwlqDywb^+;*+g0yc{XR*U)5QPw``O|?klqNVd~{Owl|(Wa!B zX$`J)o0LEybPL(3IUIQV8{V%~S2J)1x?>Vcg|_h^;7;)sTjrR0zB5ZGy(zICzz2io zx|flt4tk_;quD7e+z24TH0FF37Q`iZ6zO1%`GT`MROv=Z*lSq9I%X$~<$x2vEEsobM!g67AxWsb`>O6Q4@pkoB;D zdHl1sU)=Z+`uYsXtzZH2ZCoFSlVOFjXg)b}Com}I-g0}?UihN?tNzf< zufe5z!Bt`2NWW=q-u% zamd+rsTySpd`8d0v(sbO&1F;IgYWjF1C+>|hk30{22aQupYt#qZ{wV2LhgqtKt{ow zcSrN^+#j9uwyB5BXelO+S3K**@r})#6>zUMubwtM?%~WC<8k^ojQ{->yJ{SBw}ZrX zKgxnFRR1o-$0y+3brJ3@SylCU&@ay$9`rPFkLt7dRS{S2AcvWI%^xo2?3P}NLQ4@n z5W=`%+c_u%t+;f}M6_$_@wS{mmbd>J^1NiRp{KLs0!(9xtY!ba9MzW-my)qi{`EVK z55$fG!jMvUL2(kkd(#Y~Dd-t^Qm}oRe6=pcDeC3YU=FwX;~KPk%=~ZJ6$%ONuR>*K zfaK8!Eu1Zkhj-AE$nyM|wq>6`Ju6HYpB-vRbbP`l;7r^E)K|JmU6u57ejy@L-wfFO z4e4)cW4Hw8o7tfmiS`$fsvp=hv!DMsEOEtd_{gQNURRumo9Din4eG}Ab)~NkIC@$E zXYLO0A7>`6pxTdCIDK3no?m4hS~pq;8+XDw$CTHZ>Fex`I=ska?XDn`xNocR!;(3e zfn1?lNIJb%a`f(x<4D`?JMTPi4-{%`3_`F;{Ta;=YQ7{0an$Wd{J|!m?)Ysd{5MeB z6Ml;S0O2{Ad@+6Xjxn-(a=gQl<7Nz~BL`PhgvrKAg!yA4!b7U+%cukE-wV$9A~^50 z2;iazy^W)5^$g6t{X z)`W7VT|g&p{5YsDaf^!0SYB50vBvkTKnf3bkONPJz#t z2AHPSL}ze6hF*kP{uxuxuP55>N{fia1(E`^=PLP4*#;`uPINV}I*wQ^Ui}TUnVWyL z`Q%>M_MlHF&y_zL+P7mKIs_(Idww^-P?zSy27~Xt>e+b28DZ{{C|ms; zAhq*o)$}g3Y;_iK1=~UwZZKaa*M)3_K?eV8fu&}aUw0on_cSZOe!bpQcM7PSfsxj@ z_ruJqYy<2k_=QM5M1JMMymQeOtmixtkGT5vTI{*-*E!pJ^RdffyDf+#fupeCmo*a- zm!B%#0nFUQdpmK(^44M|f5n4MNEH-{`bu5?_Gr=}%*#I#P1;A2UX3QnyqJIMLm{l( z{MT?JCNu&rmxlSV77SHoj+`v_U14c7e&1D6)+=})HGQqiX<3FLS>*wG0CZT@8&)eQ zw%!2~3C~w)#NSTS+#3S3K4!bf)tgyaX|<(Hg;Fna>}Yn$joUE*k4YBpEUONL6jdG=3IOAWf5YewUcS6CR7T!qsbrc{HJfOlLSE}pLT z0ds@EZKJuNNpx@#P2&G_d=bE8v*&!)WiYV?iSvtQH^IeQm_^Do`qStzQ@t@1Jcq^u zHM-L5B_fS9NVH!Zt0rT1!Zbw|4GJub|0A2ub}A+4&X}1>v|F8uR3b4iW&Vg+KtHIp zWK{82c06!|>unyel|1})H?2y*6{9R+Tb;ygm_(44s?4s1CPIkLAp__V8;18^QmGd0 zCAA&;7Wlt)9^2U$FJI2M27ke*k8>0~`n3#JgdwIP$`w&g!i#JF;6hB#--@w!M)U`i zkBSH}v9dXRKtfDKgqWy%EIo>jcFZbW}BNz@-#4x24f+HpC#A+H|HZC%m%>QYp8!c;)7ZA;clw%5R;>6H2_`>Gm2 z7sX!z*mQv&%5|`YuM?l-aiF0ep-+Mw?~`1wKFM{~C%NAFBq$U5B>3pk z!3z!nVdUSc@`^F>26NuWM2h-UJ-~q8HCR`mM;?Ojz$Ab!i969FlhqFw zMP=X{XfQZM+gWbjzQEdSr)Vv;*;X_9DjOPGmz!nhIvv$7I!7%oYvChF^v8g+@CP7+ z{brQ{P~*#^y*h?8k0~oi6Y>cJ1zk5ac<$4?K z2Ac3JA-^d!z#mrq^}ytCc4cvEcW(amrt_`b$=r!|b~-oA+OAv2aPjgIo6a`_n1A|FkR2;C8LCv6oTZ|wL(HaHwX;aD z-ZalpRt0bi`5XV*IYH;y+eI|+_7crc%b4xoEHmiKoQbzSP$n-o2dGro+DBZWIp|a#HLYm@=y?0Q%0iB~i+Q^e81Qfm!2{Xt z5*<%_^sc~7r~+j zSm<&B{d(Jz6Ky%UqkKd9=KVLMZy|s6;|;r;wV8xk)u`j^Rh!*yJye-dUS-qCmbyUG z&*12p?AII!W)gAPKIRRX=BP)v#P08H+(v#{4zlPJsl2gd1m2(lISg-n_!AcUStt`5 z_pjmk4^SKeEP<8?#S3PVtrej-BQHXMF^~JxmyBWDpVVqNe``JEPGYhf1cgq`N{47okeeep z=&v}VjP=x7^3*t7*l)2c8wwx`i=Na;92Qsx)d z?go!SLjJ#g4rEZwWNuh{cfSU0OtWvKfY#?(F2*aY66agCp1ysfQs>5$&3PJ0&uS&$D*rqoBA=iAaB?T&= znWjE-;gs>9Ed=9TK6f5+`7lpIpE#3u?Tr#+JU0LfQjzczLTpEG^!-+^A9Vjd;|seG z1;^8&jzAnto^fv&ppF<4tJA}W=N#&YZGmrqr(l3^4JA*hnXF?mE@q!Z<7NNMn9`xb@RuOUON7a6? zxfK^A%g*vz`73Pf#Dz>kNE8?R7IEnh#bvDAHXz&vK$W?{$5X2@UPC~RDg=t7Dxl}) zganC^4KsoYXn|de${>(N#seRwxRo3*DuEyF!SU_JG`PMxN*eao~Mk@ zl?W=(MJYMzB(p0Nv%BqyS#{u5@}%&y$-sEAmjwskK%(OVcr|V}AzDHuX(?36Hdd>f zWa;XJt(3-W5%m89_BOayY7|?Aihcy$U?$s9y{{OCPIQ0IsQP6`>K96AXnDl-OU{`I zAH6oBUmjK(@bD%po7MMt{X(zIP7~XpUvAuc82$3}k#YT^I>p9ci)MW+yD_SM{vp|q zohOv_m-%4hCPr6!%@1j{st8xyZ`md5EoIK_4WLX3t&6H7tuFtzqxF;DjnMi$rL~WT zpRmry!!dYdMPpVU;iyyu_f}gn@HbE9jp?9Xc_^7i^S1Qw`(y6k|9mIXzcWkv_vJ!K z|3oPMx&3nbBqjPh^4_cJ_I9flpl;pF_(8!^baz-|D_<$T3u0LrBX0PSq) zG`F8n<%obPB~Fg2XLN6&tTglkWGz7Vi;`mKLk_>{l7!8alUZy#DS*O%1f{b3(W!5S z{DNy&L(xwB#@xN_ov(l9&Di;4NPMx>+Jz@{ry^GSF#4S8JX@IB!z#O9*kkNQ1-f=U z?M}y!mFP!K00T7{=$>`v=xwKC&wsrc=?H?6VwM6{-zGV~m*_~$kP;{qGk)z2PDif1 z2EB47{;2{?wx!E_G;NjW5CeNxVyNL7YHFAZ|{#LReQ=ze#I+m;GlDO1GeVXC=+ zyH!{p4PfK3-KD@UY&AYMY)+%b5)&$7CLDm=Y%t$*K-4>BZlsA;mn%-LHnCHpV@eG1 zNcjd=KIUlNgyInmsf#4B5;+CPL;N~-i?`$yF>qqc1PWPVCt`uZKd+s_W9~ z?UyU_etxG51-#I2t|Lg_@%}KP2v{dRS4jowmxVzicFyNu=io+ulsCDCO~bC|Z{m9X ztM7LrLfFyu{7vSGl03hj|FsXqDvedH%8jR3G{Nh4(QkM^q(o)J$>>$aW4O%2tGG*r z9w8Y&dY31oRT;&KDnpko`J~(y^T+AY-i=vnl=p79cq;oR^M6+p-aOMrxd|4GY5OSm zc4Ew_RNa^(iw6_J=u4blCB%x)2Y+!q_wy?v#46RVd)?{v>m=Zm0>d4L z{+5mx_$8GRPrAL`rszEL(J+4w*vvJ4P)Lukak;!_{-F7o)`3ouC=DKK1&=zLYzUSz zw65KqMJ35Ae^5)kZy_=IOcG09qW<<6`g63yH^kMdaH3IsS6%8KCRGc>ez7iz415%->5~iGO7NKHdSTIDb!bxnrEaU+4KrniR1K?j{V) zzxVuI!hanSqkJDZPWeE-WwNHc?sh0=Qz~jO`TW6L(-w2}$t)Y!#u59lB7D9c2mTz& zr6y$yx~;aDHM=G*f0c$J)jYP2i+p@CW(0wc!I7x|?`FVQ~L6=JIM7}@)IjpoJo3?CmBVW7RI1Jog@4#TcI?_cYtQ_QWRte;@XEjG=rA^cpH#* zj^N3T<+3dqOs3X=$3VB#qKzUW(QpUuF{|Jff`bMEI~1`JS~8W%SO&o455Ugs#K1_F}jOvESq*X=Lw!IBj4A;VyQ`NohL@O6rQfi~Fv{nG=;;-sA0{SEp0 z${{`xBY+s&K3t;<&(4ami;(K6tECn64vRLQRJP*!LOlrfN!uodq+YQ&E=;KghXC?% z^|~MZV4u^%(IKZanufm-I9hpmm2E|?%|J_kM)6>}*0Ca?{w&>QLa_VGf1w`ew(T#! zjQiZg0T%|fdQcdYzw2zC;;B9(xr|(?Y1;j2LC>#M)Z41mwB$7F?xUuxxbSw8%KOV} zgdVW~ONqWndV6M6{`wP#NW4~OMUs4_TzIb=$nx_GKet(`RZe%qrhPimeX>tFfqf*N zltj;ErWN{1&yy%w2Q8#~Z8(578AtGg_n^8nImuTj=uA!)gs7ts*XC^@Fw0$c>F_Db z9k1=Pmtg!OLu{(8io#(CRiO-aSjOAPeVt^yud5I#d)qy~1XbxQ!$-)i6obnnICFSY z!s=0FsO&;zxVxV9*G`KNdOlNLau>p2*N*Z5c~Y2){8opt#7e$%A_$j?GFgdbu(THO zM^Jk#`bdtejLI*3nn9Y>>70XxPmUK?PVGcgLW*z-)RJ%}+zt&T4-A@MMQrp)Sb>Wm zj*jPin-3~;JVD0elB!Tb<0Dd%5l3(Z4C3(d1V=Zfh=JNiw>>~3AsXD zAnHhSX1sLKjt2=}hu`={1x`T#LVRs=?Yg$<$G29pMrMz{%MB)B`@v0gYQi|}SYX^G zFg(jBHDcR@vsjA5T&_=MYnGMI$CYBVSs<;m?H7iN*5nw4 zcQ+9!jOv;@?Wl4@H>>$go}>;s*Mat|6fz8WK-q~F4AjHSNLlGYdt|m!a+0}zh?|u} zX&mF)b=-6|+76jP*3LQIZWAZ`nOj0A-7-yBw*YL0u1&UGQ=%!CiSUtVhdSg*`t~wS z_bgpPYPu`$h!E>8E6=LwQu@U~!Bq{?v@;~TZ5F6H2aVmNjgjGLSB4>Ga10wuXQ26!si*WCy%nFz+1Gv>{LG>qQ)DJlG+k?1j876n}QlJck_r8u1hu#Jt5uk z6*LAff(eQ}hVpJe$PvK3RQHta4(kVg{U{rmfsiC>q2KKeLoX#PO*O#sss>J1T-gwn zoOQ8SmMR?6dnlVhNt~Ko!h&VGB~}UWtF*PK2^!xY3ikyzQCAb7sUOR=vfR#7mp^o2 zl{w^8O7SrMEOo)Cc7^qe2Au{4Izu*I&id}|6nD5v;KkQPR$D5;Kjv$)2CQ}*l4O{2 zOxRv`I)w>X-5@`Q2|Fd)-x*85iib}Sa;ryNj0ZH1c6HEAPNwh0H)$^XZnscjD1C&T zvMb|W41O)@nB%OJkA`O*{iFS_(C;k!1E;HKin2Hg%QsonqgS$G|Y5^Tn6HbX>Q{xK48f z&!x9y3$Jr%FC}Fy2P5q{mb<)^XNkh#@MAX!o^>{LZ0sQKPk5Pw|^_!B>Qth zRh6g8S{75^mT;GrQIo@ki__=NoUtld${bB7-9fYWFCtUyJuFU%iq7XcU_aF?4cv4% z>lq{K!Z)P1f_hsiX8G^^T;@led+2|Bm%B$;OoK6;uxjmhouH@w zt}|gvd|HrOTwYdJcV(Mg;H!i(X(}8zRJs-cim3lL2UFajT-aLDXe}C@Bj+y!K`lL+ z`|Nzm;hgNG@Udz`lEd#{l;50{h53wjCFuM=l^yr+Ura0V@7zy?mYpT3mj^Q!f4 zV~uQ}`|$TMHf37Ougt}ohY1gL9`WxGp|tlmySZ1_juZuKw{7Iqr3;S6n?E!(WHuWN zbn~q9W+nkM&699$6^ac7KhxO{;y}~E&3D-?)$kwG-oVaSzaKC`8dls7*y#NYJ->oU zI4)Z+gJR--e~8=y-vbWG_Y0Tc1CFPe94{LcQX9IW`KpecL?2KYW6^p6@=VZK{8YBHQE?2T zTkNE70K`qW&~HPWIjY{Ek+Ou(Q>6ZHrc0OSO4s7q>*InE(`-DO5#(BH|ge ze?ptVlr15(W9=t0aku7S;TP`Rv~Dmf;!aLy2&2hH^R-x$jk4HDs!JR0hV{WSbD4P@ zlQaEsKvhpv)MMQ;*3bQ=tr%L|w(uF=FeH2TFr~~$_xn>eoKc2?Dop>1=S6@N&9}R#KZuxZX@;hOGF)Ic^8WJ%qw4jFSnT`ZxSe2J4l4 z93dK8J@^C*z*+i<%h0_^kgcYEGlvFH*aUEcu6Kt8fJLeXwC+JNrZ2Z=0%wp@NdSxQ znLr_l2HJog>dMhj>YpAvP4~FN0+GxHWJ*tx;fxplLc>KgOnPsVj1Z!qOq%28o085R z*Zqb=TprCeY>_4Y6{^S~VVLhrLV&UPNaBY&Qw~W@vFBsckt?5y&PPz_10)^(_RC+L zqZ>I4$|ZQZ;CdDiE^#Cuv=kf+{vUa7A0Jm$t&gWrAV4Kic?oY4u!R&GH7X{RESt5UO`9RJVz=< z1dLMb?|If*d!Kz~CT&5#_n%)spJvY4FKe&8_IlfEznq8ESkjwm1!X?MqMS~jD+5XI zl6O6%t=-?HkeCN32X7wujNy^(z7d{VO}7k1J76B{A|>FHOe?54d|{1o;A#V)r9Z45?FeNL!^F>HgcnjWjWUF9lz_)BLveZb+GulR``4%Brn+V~qd zlOoeBma}5umQbs=MnCNji?v!Y>azgayyz_4$&)~vXT|6z2gQ~|TizSuwnU0qd>P$@ z5O>HmM~>|wU(kqetn0i^N4q3kgK;fn&hE;74^9~`S-dugpCN5?KH8z~T81A)LljVs z@n9P2SgkdcJUJE0Q^G;quBUrif*jriLvBm<9mOJXic?+iK^2*rNzI}SCVpGzM?3t5 zGyw#0VzeIIs-u#=^g&vP3w{?Z(%;s4{moqvo$BfzVl_aE+PY5BA+Yb$UXE(GHp>=J zAn;#6O6X^&6-vhMrT8|oZ0L`RkZ|}LY@#-vKkl8zCSXU+ZqXeNpi$E4+*2pIP=Ax# zUz!LQCML;lY#;y5%lC^$gZ1@k+GiRldKyLoNK0ludWz$cdm@Ry|EzkNI5HxoYg--EuR<;Lc9h11VL26Q@kqZ)BqL@MtirO3P&N>=MN#dJ&b?)^MOw^#4nRXU zR6LRr{d$L>@Umq__rkIj`c&$2PnbsJ0IFo#qL7=TZ*%f(n_QPU`gAPyngG1GJ%Y?g z_6`#3R$%>6H_G&o<%TNXxmE(#VzMB`5sw}r@!TZo=Y}BNYZ#bPG~rR?>ZFD|2o-FB z*(zFcCwy-}6&6V}Ur8jskXRrRRy`m*|k8&T%IMXIog#S7n7634;vl-VS3N`55{Dty5)|$m=fh8-dIvMv1g9kR)cuM8Y zMtcJpF2G=$Zw|s{E})FXw5{sZISe>ql3za|dLw!v71f^+-fvD9ZMLG% zs&y{K0o3UzYI9l+?sO~qKdvaS36!YlR0`=9>vuaIrIR`dz|J%DThO^T=_lJb&%Np% zKG5{IbPDJ?Ih_L92A)25{(-&$1stw*4%d@ieVz79b+4HApfac#bhODj`sk}hJ`~oD zDm#1UC()Pfn@WVJE{wRKgPkXV`mCue>@oJ*vp+rnRzx4bkhA2xSYYRipqVc+=t4-s7d9CtekANC2d z#9A%R=3~|~&`n67`hv3}3!)_o29U4?PFwcB1r_r5OULRum-yN)v1wY^rv*HveB@^LS z<(u=>neUq*Ya84(C!rIXOya|V3R?B|ZHkF13a-?8 z-uq@5-MpeW7NshAkEu6w@~`K;?Lck9woy}(UlX9VJ)HSV!yY4nO#_(GfEVW`+}CSV zt@rY)3b!rkw6i+m$%NxZ^)3GJI9BJ0t2S@ZqcCADKicQw@D~4JwC_R5GW!&cwp&W1 z_=`Cb`&8`@W(vd6t z{8*E#D3kk%Q<~L<8OA)LC@u_2NC<5@VJ2S4HSbS(A-E579G_%wwLC*0xfHPm`nJ`; zf!o`_z1mqe(C67$e5L}U;fsqfyS?~M#OgVWm93qZh~42=V#w6RNtc{e=%%5-sG!2R zo_{7z#^}AYgiB4ly;C6fp+GXUBa$gAe-Y@$aMowIT9CMFLMVWBfr9pRCE)Mp@8j&R zI$irX3YKU%w{IzFNcCkVvLq!e-WTIy?anBv@Y@mG}fESO8*f za5^majHaW1&OIg$kyh_07B%pz%*=udsE%@G-4{tXSgSf${40;8K5(kTYGn(DvC%< zl^<(uXMbr&_UM9`pyArD-fP8mv%T)MS&CwAJTo%6>B9a6?w?Wi;IxEe=a@vsu48us zuM(^|M9e+HQ2ida%!_7QedwSU0s>J@+)@50*vWox`!(QY-dijFx0b)h?2o2 zL0aC)X0;nrts4+Ekd91M8Rx1;aT!DaVuS~QyH1_fV(DRBBVbVk|Dc+W%spQcex(T% zl^yDCDNdeH_x)m5c7qMZJxMN>TMsZaP!=&=TW@1c1c_a+14U}$j-(pMevZ9an+VLv z7WvO9G`vc@?NYw##KuClAPHRu#Fox~!G^X4h4O71z$WBb^pv$ZAv;oDWn08BVn!e? zr%btqXl)~E@cL5IL?AcF@Dz$WVxb&qGZLTY)T=D@{g*ZXNU*Y;fGO4%4BsBC?*=#I z$AH{x$9iH_tl#diR$;}P?*!3o0-8~LDx(y}x}d@sVpUjIN$*E#P063$uS(f-1FS=m z9#f4c$OOI*a7$>cXk23Yi#X7W>5VD1aMJilBr%3X=v-8r+dJ*Y(G@U+$g?;^$7hv2 zhVybyrJ(=@73DJ={c0G2d>B2PUj~QEqm8+ZD8?ICR_;&`18}w6owNfZQSIje zLX-k5taxjFb(Z}?#RgErTpD*bDw1UZtx0}Uk<1~frIAcL%S2!(xf_+aN=nnDz{FqJ zJ1mP^I}a*J(d<~P1lJ8kjJ8r2@fzLl@c!t;+Q^L6?89 z242a`l|uqVJo2}{-%aeJJF&!OXg@|U@F=x-RQHlyFy!`DG@gF?P?*3W z!Mgd3FbxNwI*thwiWs9^>aN{8OpEX#ZW*A{uXHcn z_r#SIZ49wDcqvyM`OkeCZ8Uo3J#It6NUlp(CFKKIN@lUk;iTX&o?rE%t4#hez{4<( zMqd9rW=ks!mXwSU{-;{uMYAKHhiLQ$_P|ko%`! zW)yrrRt@Pk9}qohIc`r?nDp_pNO9cnJZ=R!Y#}1f7ChCLy9(wtK+`^Xp#jUlJp*=Q z@xgqMy5gHe@s5GDj(0?^vkLS%uTUzntC&WJgT=aT+hk$MlIZ(SQJMi6eoI1@&bP@M zwY|eHa3@|MeHdpsrnwf2Q#H}8P**ZjIMw0Sf2k|5GYeei3LNYUT~J&O_CicUVaU2Dd)dS#it|@A#B!CFC(xq*sO(VKI4?}@%RIPs49C!R0T;Jpa|M{@<6n)j}&4m zCh3ik@?^i3)#cp0$$^445-E2I4Uj}XmEw=EE{bWBa_NFZ*epgsESdqy6d~(T5tib& zrt0bJzlcy+;H?P_Xg-xklh-N?_pCDrIlb-6(yTp!0ayy8#@}v-Q(4Fh{M@MD+(M(#5QajkZzL+oa zq>hb^@ffSdjVc6{he){KiuP7hf_fg}A(DX%Dn!4=DiARPndmU2fc;zt1UN1pjgFG8 zAdbB6W~otv1V+&$EU^P@2_VMe+id`&JNdwr&uOdBv?5fLJd{Squ>tF6kDFq>n1!7A zkUhg%B%?(^pF7_y!(Dau`VQ2NI>!W-F=VsWs;Y!!F2tD4;01_{=u`Sc1PX;GB2bsI zD;pO}rld;lL`0B@d5gB)sDwUPy8|{7xxNa`NP$A86_Xq!KQNC+L_36^wWEwCstd)A zW-`gaswqir^jMBtDKOZMZ;jZLS=q?>pS*VY%5B{uSz2tA^iff??4qT@>lXjj`<*}c z7`f09`88Z5$(iLiH%B6bmM~AS|2PBvU5$Tk23=);>rG+}@orZ*+%pgO1O?+@P zVJE%L2xFx^IzuCxBVddXP@i&wERYW0d%Nde5vXBMnx`5@>hzT7jT1T8S+ROH+Wq1u%MYAr{tf)%Xdo2sptcPsjhA!NAm9EVYD90SY zVXGlE-(OA6hk0(fz#cxZP-H<`6Us=G)B6+TN8}+yVe!1d>_z~ED>A$rflF^(K*!e8uJ5SQY)ECmhpSD=a0(u>pcuy6|R`70VIy~ zY+(q5Is5$*@zP%yP5%Y!*OxU1MEb5+;bi^#_h*f_e%{83Ia$(v5eOZ%HCm%;g)jUssm5Ee~# zfb9N=lOPzslmz|x;V_2^7h^(pBjH2*f&rnjGqnBR_AY0&MNi1fOk(>op3 zgV|nE3iEkd|L)TWfF8$!mR|KGT8eV`z=fIVWgutLkn|B}-Q-p$Apl^AZ_yjy1r9KX zo%@P%rLV{JBvKI<2mBHtaq!9zx;z9TjS2?hf86v7e5S%;*)VGHkw#^pG@!!(^V$u=jLY z61t(E4n|g4v-2Y~qRMIWK%PF3rw`**-s^o31OumB?W)T>0Zl(czS9F)yK=kRcGy<-$Wh%zc z(r~j;ni@p%rSwX?CCy3FMXrDz$D?vJHm7X>ApGC1mJW6`1&|AD7LjV<=w<3^DY#Ax zA_n=%_6ezz;~gXF>Z$$@btN(wg(%Aa1K`YjS9Y_m8l}SB$@SUFC4*s?1#L`M$zmyV15^hHKCYJ-=WgG=k`R`^UCL>amEwc z+g3$TEp<1hP`{n96HE@brV1^qx`xDdtg_ZVoV2!fHjt7nB>_^i3fWb&x{9ef=OuNn zL!A_c&-__2j6Wm{BG(F_ceq=E_#ZaM@TVqE=9G(){bXQt^Y7GKa69*OHeySRK7it8 zOb5zH!G$bj<^ir5E!#mz>dNlfC^~E~?Tf>M#I)qMj#w&ZCD}oU8(et5vJ2t3mhREA zY$+3r#4VZ(u8^?jQuiv6B;v)(HReXq%Xfr}?456Ouw))aFR3<=s^&JQ z(%qZ~Mz@It>>@hzCcqG_psJx_3Q^`y&-e6({P_FF+}3kCY4Cc-BYRP78t_y+{-NlT zHXH>y$0gA3gAOBfi73Ncv(Gk&!wbS-S-Jbc^vGyu&eaBnO#>1l-0e~Xt^+>qIN*M$As)6}Ln8am*|9F72D=Zro+In;SN8W!H z3Sg<~Y?*Xfvhh~*ZkL#E>n-Q>r&OkT0jtj)dKwkdsl&vf}X96;|FGW3V;%Bp6brujeu=Ti%$6w=GZkY479?B?BA-T;F)ffkI?ckR6LGk2gF1{0E{Bis-Z#C-x*d@efjm zjyz7Yimcl@X05u*~9o`^{v-dD&SYFvLd7J1X41^f} zr{$<#PBq-&vI?12un0N{f1Tg)1${oIdHUX1*OBq>wSBwd8OxnF)%!Hm*{$wI6H%>$ z9j{^c8>}qOe&Tp2wua!luiSP`3P`U*{_*mO@2z4WN1+=-S!qC}r0W)CB_Ysth9E5u zo2LV^?Bel3!&_pm_pltqqZNY-OZI@S;l9UZsA)Uby^3jbmt)QjQ~jzPfMGQ%T5GFz zlYJqvBT-@Q(@|l)ixNU+@%cXSrUi|p%qL;0b!Aq{2$q9>Wsf$uwTvKX4yx2g^#hH- zB{>xb7(!HyiLQ6SqPH}F{hd$v6~i7eP(0P(WW^kb17%0Ma+C0u^KbQ>(d$hjEu)3m zle!*pcad;)5`CzZADStU^eQfKV#iTu z5`XebCPAJq5YV1ZQ3ahMr4!JsLZ^XA0%a%yF{3O}N)yZPXTV;D zva>zE8c48!KBW= zCHKvRwueiHdL>(E-OfZRzAr-lnK84r?z*rBcA(eb8@*_bS4B?+VxkX~S8Q@jAp@@r zD_YPk($xp>YBh6(+O9{@D|ExdnnYM+U#s1nu6>Pr6+(eBj!-33!GF=!+_rSBlXOfR zNGlX=7Hn~_{D)E3iLw@kL?NVC=L)qjyLSD=TF_F?d830ydQpXOq9>*sToP%*`ULtB z9y(wUBLRm}K12pJRmN|2{;&G@TmotnypY#<4WL9#%x}!v80|O{L%^Y$RF@Bjahg>w zWG2nXZmPSEVF$%^lB_61vAI0laJnPEnRA}0KOMj2j^sLiZSJ*v1V$)Tx-vn9b0w(0 zn2P{WZoxZeiLVjd_joRFh#`BaYX6M43Q<#%@d!$k6xhrX5 zKqGpmWTFU^$L;fI9e1Z90`TGKo44Tl1Kf7tQ31!K;z5c3oH8b2WQ5z<#28@X17QiP zCH`nqKg8Blh<<*E;apU9>(?31&&Z!{xiRS#Twb7E6MxX6OqG0kGIG2wNf?y9jSse3 zI;Vp=#^Jx~cTuh#2EiU&`BU3$2?3znQO>~|Vmj{tpD*r)eLUF00|v$`aa!?D$m5&o)RKFxB9q)+6j38y=a8(b5wAFQ`!wPRn@u$0 z$E4*@AXVk$?I_zPAl5#;>Xd3AYp z3PKc5U@g;0cKo&intEVz2QUK{LhR6jTyZq%<(&%%Gn@;QLP@Xj)m{KAY5@9kW$c&V zJt2WkGaU&6)s##p;iqH*d2Dp?5}i*nJYp_p`P6cX%2L{V$b@ls(%M!l7>XtxJ`%AW9T{{9asxgezHCHU)w1QYC~hlM-Yf+8JErvICU1QH)mWx??4u z`(8`Y^@u8Q&R$NlGjE7ax|yfE$2+|(D;Q`1CP zEv0aD%Cs`-dQwka{0HaiWW?MYZ|$yG6hJ zYxM#9%FfAvwW6Big3=B3%1R&G#L*;}d4d#0`e97J!l#qK(9UDI{`U>c#WOO0g6$4MK=>*) z!agQ?l@zxa=^=ihsHD3OG}Z`U(8+)R7X&71>JX+-mqS3cnP<$CU%NBg`lzI%q{T#~ z7P!hSO!iVqVeD90XL$H?#bQJrD02 zt|;pr;9e2}b}`8|IjTLV@SjEQ6aN`xPWjK3@s)Q0VF{mf+x%=~DZ^>vp1)fObrYn>AeplP(eA{MNWkML#Ogz;X?9B$-auV3t&0Shp#FTT6 zjI)1RkGF1e)498L0I6IYPhGXPQG8yi5v@lDPc==PMC?+bmt=n8IC?!yan*Cckp!LK{q!I)8)r&2hcoed9uWNxkY{42hc$K|nJZ72D9_yiccBP^a=a zRm);S@$r_$>8E`h12?#w$}HydLl``7jf+3HT$ZH$O+KJY$6C_pAV+r|n>e$-g?lFQ zZq940Urj`*r6>iW>S^v?x%_8u2d03{lDI*p<5DL4nA%MZ+c|h=9duwm#^=56wUC() z()U3n_2E{^K5Wn##tPd8Y+o6Q_%ZnW*p@mC)g6g9KtNFrRv+N@!L$4khEVXgPDl$m zv>+E2C)C42V}abaRjSECI=L-pK&g>SWWy{UFX4?GhApX;tWhz zOOab03$i`5grG(){woR?G1tj~!`+8+Mg(1ZK2adMojPn+z68U8 z$1^@r^)q%f>7m%Sqd-aRp>(^WS%9FkgGCg{QN-fhs1vOIb63E*Lym+Z61K8 zckx#)BXx6U1)@Uj1HYTl zRhtgWoxoCsU6GSp;EyehhsnhblV5F4FriN&V`&3AcSJfV?UxL)9b)1Nv~$}uOAdv( zBTl74Ed``D<;lU(PF&s49;E53sv#Bo+5x-^RWuqEbUAwjV>klJrwTox#6cbg#hrde z4=6TP!JQF6YKC7tF8L)_q}VB!Wj(eFh0Yf`$sG8z*dBF>%Td1)Ik0u{CtR^){lILy zYdbh2pqng@kSg46F_)|KgV8OM!Mn2D1DF_AHcGUse#xeMzS6#_hw$jObS;h$GC&lM zd_0(a9O+PQBm9BV>9yb0{KYm+{$MVce{#aK;u=u6Cja-Ey6gj8*_9}~g1Lj)<@!T; zr{FLYaUdV*Fy@zJ@T$U=jYRg{8amsLqg|{ZjhF6xrH|T&%6+s;ol8(k3`JstEDg3| zGNd6s4!QyTAabmQ+P&0KJk(c`1T`E_Q#lT1hXhNp24X;lP1K7t8Nx6YC?oDoz+FPP z;``#<2C;+$VYhaZ|0V~9Xi*c)&+2FzI+Li+PB_FOB%rQPu5Bg2ok%v#b8l3~k$f!R zLI+_+JCMCvN3{oKdQfI(Ez^@kg@~5b#?2b|8RBHBE#k(7oU!3K;Kuu^e%_#T^9Wj z8;BDcv}0`0lOgov&Avr4?-1kpb*UtbTyB2cgboYUv~6;DPy8p$qg*2FH+Lp>ycLyY z8=u<)37&x+bUvwIT>awWEgZA0z@E0D8uow zFl_=ww>FBsj00L4*%S!wC;g|HeHIW&26`nWk)1GR$DpskAWTHxv>MjI6!WSt{FelT-UR80{;n@S}#~lt#(IIectiT){;IDfO zaF+n)L%MQAkCF7``#n)4CVFo^mu#X>$Ol=`EnWp#4_=pNKZ;-$K zgy2O%Nniy^^S>-Yuf{k~!Js{?)YQ2T<*v5P98Tvz%_3Ah2snZ^Ua=d7P-t4IN&x`d z72>&QTwYTAVNP^UA=5}Km+!7ndImGRQOZd(aZ(Pz_qsJv3=;x-CBWqP1a2(H2Tl&g z$DngS5IzisuSv2csKn}ekgzYl)N4nb*%WaF>tMEnU9*jN9mL8+@@yoJE0WW+BM?QE zw!%q6(MR4we|H?|;w&mz2x(h^RS+9?fdr#?^(d=%STM7FT@NxsC$D1vr_RI8Wx&*$ zo?1Ag<+&g<5+OP8D{!4bSjcWHjX*KDPbiL$^kg5Z>oBPW{i%>=XBhD2RfZ4UkbTIr z*DPh(5(WU9>TUg`gyG@@RPNWHhSmw_$Y6E@dQ^h}HC*Wq$r}b=kpE1OAPnJr4x8GJ z091pDGWIis1{^tJz#-%;0Rz6r=gp{SXEy-T8o4LP$s~%ZLEv=;mdHpg4&c7bExR-O z$P3Zs#7TG74ns;p(zPH`$YI*qmbOLAI%+x7Yqi2Mb*!W*q7wU~mm% zpaFl99fB_F0Cr_yshiwvhI0YGa15z6@#O-nt%!&fD@UJ393HeQ%6N*`4JZ_r|z3H*oh01Dh$hi%9J(nKJK1Bl#jJiylkp&{T3&&c+9-R2Nl7$WoxYJ{+UvzLU> zfCa=tYwD+V(JD0;@gM@VF-KSk=e|A$R7EomG20iV8Z4`Myw(JK;+vENeFXpjv7dmG zfPpuMvd%Jyv%_{k2id;CXE1Pf$TTGGyx?0`Zn6SGSWiNGvc&1PVuk$DTF5pOvh{8X z{(s7=0ml{!9-Z*`W*}`;Sp@=7Dme%{Z9BSXcqU$5_LY7Ft`npE( z#c9TW+neYhW&V|65(L2QuwIJvd>bif-hR<4F=;_rC9np9|GWyvrW{&WX3|uzxHYcv zbE$c@u$74yxLh5t5wM}7)kgH&sUqZqVR1-cf>To91`wz7vx0}LUP&u5?hK#Z{3nh~ z7Is+zgyDdEMhMCq=(s7YrB7V*nSJoNw?s$q1cZ#S8ke@ds0ll8ffI7K#2Kk70W_i- zPgPK(3>R3_kP>z{*T75cA4i}YSo8vmUSJzy@sd)|Sb=kMVGQ&$HORJAr6@kshPv(# z8R2!-c)Gr!Juy1PidiFa#ONT$jLvO0*)VXzR^XjF*&=5$>~96R>8@F#r&lkgG#i9w z(W_j}38~c^{T&-y9kt#h*tPVciC|!TxXtZnY~NG^GLEkj=5)0TS>P7By%#_^_g~H5 z!R##@mvr<3nM;|O8tOn)pP^fd*p4 zWGaynezjvA;&4=n@9)5RQcze$IVqC?2Sq`$Bkx9xpz_R8k>Re+R&)UcVRr=`WP&rr zq^*`Q2y~+t4R;2C9%`B2_3vmvM_^6$#u|er$Qs-Rn9IE=w!^Q5GszI0*4^Xmwx-N_iVBqn*p&zk~x>*SRP1 zas#{nY%YGep7{HJY>6ibs!{?5owcJ6?Exd4Z(9nQ&BuGL&`nOk_rM4SmaYj9g<)(Q z3*C}Y=wu@Dn^8j^eU0gI92Ch`P~gF2+TM2qoLw3Zp}he%y7ev`$>L0H z3Wiy0>@J|>y+rUC$a)^oj` zqiJw8W!mZZranHbvXbowxnMU~1w`tTvio}&SOGoldOKi~X!q#F`ly+uMTw@8A{iuj=$3HfxMOtduQcZ5Dd zw{$l0v9NeZ;-tIcbbJyz>Op)=u!Bm*7!n7Of_!m4KDswg&=CcKSA?DO5=Q+sN~YIS zI;odIeo@bE4D5fJ>EtF}sMIY>zknUjbjyTFZfsLJNm{n?X!Kk$%GH-;%^JC-O=JG5n$c zzF8Y`C%~c>2%B9Q?}wSAa_a^#RXiwhE-*lTNh|Q!mXNhZGk~k090*yfV=5j{s}!(4+V^5g%AxMxZ6|iB7>)Bi8cGRePO> zPMj|TN%x45p%|`TyE{7HnNt?#4@#XVr8KdS3%dXUOHr>48Y)s66*Zl9u$3|Zl7wnb zU*J)a8k3~P_(2UeZ$Iq^u6@0^X@CB;)oFjoYen&Z*Nx)MAKyBPKWwj#;%6~~ zi`Oc9kd!$v1m0@mm!ZVATWN0G6e`Vy03ajml%{HktAu43{G^7s*u9Bl^+1dCAoWa5 z?a}GLJM;|+^Sx@2eq}01--1bG zV%yfq zH*N2BG_dc|kGALKgYOvi*;1V6<8RGK?^^m~S^3)^!X*cymL*_Brxd|(R)UeoBR17@+DO+Y6T7FR z+8(I7PI0w^>e!Ww6(tkACbKC3ic^ac5Y#5#>|@Goa8G;$6%23IcY78x4nlXUEM(jw z3mMG3p_6}or1>K4-D*f5!f@Fh^c4SX0Yjs0kmdiQg^XKX(?SM(KrCc9AFvrLc2H`Z zIr7SvwybeiIFcO;gTlJduKed_Kw@Dfn4D{L%p`}yCMzWMoix48%jR|k$ zA6hs}ZlDNoj1mCx4C>XyIRlPfG=VJU(WA>P3|3;-hm8jAOTiH)A`6Ofl?au&{Yb-l z5+xkL{yHq?w`_=N0TiPYKc~(Lt3dB>waQ{($trzT1>`6WW`95&fy)RQE+UeUQNqb) z2qBhz-i{?^w68>Aw;AFGcoy0+a_BD}$$=IR`B7u9Pqng<*7`1SrBvwMMrsF)#6K1vZjYdAmzVS5g1`jUO@x zO#0p`VI9|cs0eo(>bRZGB>U^cE&ebrCD+yi_ zSN-w3=&HN;th=0}7vkJ1WiTti0O1|w^$e?fZWKZ*8FjZBis%&cFN#}0h;~gun?W$n z6Gc!_qHO-4BMRHAH-aWm&Fe~eigAia$aKID00wu6Xss7qz{H9+(<1O0koVND>Utn*tTI-UQEhFH zjVQ?b=*_q`UGWZ>shYSeX(+HWC=1JBpTv=Pw*(E3LSgt;>eNqsaQ?$QtL=h@UvnLU z7baF2TQa%XiAc-`K~D$mjQV9kFWy>^Z@UG3KSW4@c}sU&Z#4WwIJxTGm7^~MU|pFH zn)Co7r@8Dg9((cFBQU74IV-lf8MHDOkW*#x>9}(XP*&^8=m-28S3pnGw;l{o12}4R z#gZ9vByNTrmcTxZPe4*+ng$YJ$&9^T9c=zXL1{d`2IF93GZ#==dJr^Q#lGrl*(1N9 z(>dmNpg$QJ^ix3e#Bf6_UWTS>jJ!U^@Mv{PUiWxN$xi^Tqok6|$YCVAPyv^b?7f-_ zl95P9xW)^aoDeD8C5QgX`hO8RB^RFpoUGGydX*B%E;*G)a~_w5BL#H*#4aS9Z2M9Szo4zb!PYe!)ddzp=tC;wxJd{> z-cSWVWZ?%P1SUBQ-~+Bg2w?@^tA-GI5JKqn`}}tMZ8$bR5w|+PjqPX<+?)uCQ#}}a zTqgpA5hr395D080k{8vh6LH@eq1La5Ohf>$7?y?=Emh=}!W8>JPcV z9nHT5?#!0GLL~4X+|$zQcOah&b?pOpuyeKpd6fk2n0Z4d|CR^tq@;KeuF)~bWVgp7<=iwDWBIsg+ueg`u0DM`*g0fN=MON{BwAz+TA)uEcq_*5 z^ecI9dI>ne$imAQB7V>Z92v3kYVOMdX}w_}%|`AdZ4_@|Ak7g@=}F>|mTn;GQ^eotJlrxpTJRT=XY81pkHM5mFtI?MQ4+2&SSN4` zf3CZwcP53lCVCM*X0kBy8wO^C2|Crws8ZL%$u$@ZxyPJH0-y=8!Vn7HAi*9VdI5L_ ztp0V8mYYv=3aRH2UnrS4~G-?W0nvh%2JGxsc<0kDHB==>-;zb{Lv zGrosXHv;pOeFEm;WNXC39re)DrSx)#u`uQsIU&{O$y51VdQdEcJ4APqdpMvBY*iZ%s~Y5?I@;FAs44enZfAM z2qz8vH=feR97Yoi=EG-D61NNqQal!Enw==k$MiE?z>=T_rOK~yfv{2{{uNEF9174H zVjYKo!#$Ln?c3D_JN4S|Lr0dFOXXE;|Y$$mRKAyXxoBGv&;?RgNv& zCHt5#VsbWt^BD64)vZ{r9V|JEf3<%%OTRElPz(RzBtb3vY$oUup3ZA<_FxfiDBsrE zgBie0c-O6n9ZqB^ReGVpun1u1*R;K1lQj`%IgU#Hl%uI2E*MyjGufyhg*h0NcYn-A zL zm~JV@=2!#x!F}NpaducvjSb_}*r0cJnU_JYhTW;L!5gxJoDw_(ZZ_Sg`Yuy;UuS+3 zr~V}B^}q>a?!UT8 zr-d(a^TI$Q`r>!C(~wIX(jq&&^}QYi>^kvCr`eIen;lnI$tNUn+4#c0HFGPO+*uEW z0SW-tbd1C_RF^loFAxQXo2R`TE&I(YTcV?n+pR`x=vg)L^;oRT;UYY|{AueJ!rkA5 z{%z*r=g0|!^R<0ljs zIX}lP-fVBU2o-87ap?7PM^2 zE&OqFZUPyogf>dDEkc{!4F!P>{*up2XxbvsC`c|uY)+iGDN6Ga1hf%_Ox)0YIGu$n z8};|!YC&1)gBSu49yEtKh@sdnA2$k8Ps_6a3`eyB^#YIu8mbq-Zo@>NZ6knwnN)pE z*IXMuN(jRsVH41EBk2iL>28){+;`?e3Alh53tXGx6(W1CcFUN%9CplbHBSWTn6b5h z>w*K+dK(zbM>T&)#vk@0!c-fz7ms3tNksQE*Y%S~^k{{{;_q*3Ew?{BISE!SN^f+a zESM1`h8UgO5}!3u`a5dqTObzWXLsKG1Pku;symNU!uT9rTlfe$+jGA&@d9}>X6!ly z%0I1X0Hx^Dngeaz zF6C`Y~gXkp6`1xN))#@?boF|Xl}Qp&^YeeY{>Rta!=Q3A${lKoLF zfRs$FUcJzqr0AE@I?c0X8Js20mTjFXsL3wc^^8S9on1~iFmf{hr^OINP%hQGt9|dR)pci$ z*XlQ2PDQILTu#{P@fbzn1jos}U_}N1WN1O$WGwsQw;?@!ZUy#PoP-qjK80e&U2+hF zDsHNP#7wk+Dq{Pn2jv;ml8_728)9{ca6$95_q&LNRlpT|2d2_c5wX8rQ)wWuzg47B z8nCGe+8WI8ex4d&j81CsQ+9HLL&eJSZgAe!f^R0keZyBHG-M?xU!xFL|sK9UFCh&--1A=#c1!-)uuye&x)q>dGUJ8dq0#0J7sS+S)ROR*K#= z4rtSr8>b2A67VnAl~V)IRdr?5S{-ZCl~*cg+Iv(_G4jJ(*Ohg(AihfKD4m9dEyZzk z<>jimoDoXCJLoH=b!CT03$>@yW)?MPis{PJlQO0&WiF)W18mGrCZVGh8n`T&kXk7DdpZ+wZ@IsYd(e4IGUb~YuUW|}aoJd&me|L06ogr7=s>P7v2 z)#bcD$x-!ty~}ys1iRO1&5&Scd4d^k2f21CaNEh{RN(eptM%t~<3{F^!F2LgsnLZ^ zLD=oq=$z0w260S0Rml2UH2S$Ml^Xr@R2oJO8vXcG+V*I4I4hyR8+_*n{r zDrs}P#)xwKNfDAVzby|{g%KSFLyoF08m`bqTAemfN~z!WS%5671UNJlL(tP_YcBMN zQv$~(DW-_tnxvQ_vKTvSH3HaJ{5=$L{DV|tIuzdqd2xv$&O!5+dC(?O8^9V81J5Qo zU>bN^-*q`hBsnVXD_u?nS_f7`ixIf8S+WGgmZGrZ7xXHy?}2R>{@908D4EPS{@6H2X?*HCV7;$$`v!Kyf$?&`NC0d;7%yC4ZEhibfwXsd28-I4*h;r%HJxNf7sCy zd@sm9#>V|D#S;e6w7l!4d$!0&c~ONrkJR*GLT95wUw@#0cfnC>nDQUg*uWB8npIwV@f&BH)xvpUj*itm;q9>0vQ}V=*zC`<1&uIjYSZ-Sms`yE@ge- z55cM=@Q2~AmD-#;ckTmJG2TVxi(2Qe?`DnZ_d`%$;(<$k@(Ml=f`}Qv42rTN>?nA5 zM)vW#?p}d}+2sOoj|RtrpqTodGT{kJAT&&5(n;7KQJ#dD@GF=}fcGfxqeN?AwgfxG zkJ_L%n0q0W#CpBA;7>qQ%h3&HIVeFQOKc?^H4@JP3zv0)M=~p#ro<0}#=~HxhqS=3 z85-4hG>y^={0i#$1-_@J@b!2oO-@rlqv?(eEB4dI#Xg9L;b!jG_E-Rl2cIjDp2IT6 z;*M+PT+%>OCFngIAMPYLp~y?A09_ltpq%n;7=0_7kE-pc&~LCEjG+yolccB9O>U03 zuXR4qP1GtwvBc^y4=v9C^*Oh^6!n}Smn*TsG9?D}4!fgD48LB94SFRuBuWhERV|u- z;6&ARL>iI5lol!1VXwDw*O{sqhz4cr)L~)Q%XQf6ZGF4C&UtUBKt~bRpUDm%iym5?zbLo82CZ>+y5|!E1ZDLPGrwmAv*WS)Ux6Dge5ehtyHj0!0?!`mb7*{Up^q z6BzR7hwrp`M4maS{jCsqjp1`FXMfoh62?&_ZG}o!s3BV73KX4h@0Qd_j5bxZF~O6dssKyo+zE_4ARTPayG`YWpzK#!e{ zpalQ~kjv=^x(ll{3DE;x3_>;nn7XddXU>K|NoY*3E2uLxQrU*ui+dp)eWd&Bu41(5 zDfH8cXg;B|lggq=*u0DTyw3H^KH_8?zq>w`uV?NjK0gJ4I#rMAN1eFp0sR{yzNEh`+Nc*B zc8VXGC@UlbpxagM(_D;)g)5F6T_J!&l1_vNuoiCdkEjW3Xn z#wzRg*bmaR7#u%$R1E~y+;G42+E=zn=as`WByYpu%=wb!H29q7nX@x<+9l^8pYtc?{2pQF=#!H3VV^U~ zoFV44NX}%R^JnIKgE>b_&OScp1?KP!M6|EuyxHgcg*gkEv*kYa6lZ#Dv|nV-9OgVD zIki6LCFZ=HIS)zB6rV#@i}zs8cO++$&-p8J{siqBeL->#@Hu158D>tKGf| zFlT|};Lat(?eEOFnK`p1=P;l13UmIQIY&y)xjttzb3VYFy(DK}pYtknj%Cg(-zN=r z_BsDx4$m<}zmpv7Uo#B0Fz2t(!O@`PH2Rzx2x2_KoNr6cAwFjUbNHpC=szUqEk0)l z=6sPkS4z%-K4(Yf@QUf^T*<+Qdkuq$%sHDmS;@J?=j_CslbLgb>hFEzEhN zI>Y4KZbABW_Wf=SybG{)t=leQuWSu;7 zZjzjj`tmYgy<%`)dBl5?rA^JdmLlsPjc=VLx+Pv+?M!Li3VRw(rU_dmAZ zuf0tuq6Y)vvb~-3!R9o4nI0z~PN=(9$+n3U!xqKD;xXnFCOz2u=#@2a!$x7wei$`B z1=FhL%m>7{KVs%t@6Y*9ieaXX#fdKY5FDN{J97~+x4X=CHxFjN2Ptz7&0&1xwz@u^ z{eeT_T$+4eJrZ!E05FEh!?U?S1*@T6c$=@!6>ZeFolkIy0C%ZGX<^!}(Rg21S#nqN zO>@~e@j$iqJ_dU4?*HR&>N?f`kz_!lVMcj+hbSnnI2`IWydx;9&h>ENobSykoP$fB z=uu`zaF_ecHJlG;r@f4IsW*UEyUw0mn;V=pnVwD!ejE5Z2dRxr6|aX6&6Yjgelz@? z)AfPLxg5R&)QS@q%la`c?dy7w{*jp<4a1dozl!^QD*Wo`mCuoa{HU>ykK|99(v0uL zx)8`+fCC5W7$o7wY`E(3@z~|7pD&ekt5aXQXfhG3UXYBaTr#c$Ss&8WykOC zxcRQj;}?)2-%1M^?Yd&(CQIRXH9lW4UXzhjeY~1k82_q`S4Eyfo&#N(X^2Dq7m(P{2Q@i4TWHXD}|=wuioi5rDn9I=H!|T z+1W}^&A3BolyCa z!bKbX|MRJ{SfM6*>~1JL_D(mi$;2MB_i4BfRSIjL(Gp`5oPBw7<>Ese&rz=ZAsslNu#yzng@dwk6lU-hH!&tBWAKoh7%i?LeYm zAFX%i0TyqD!5AG7%9a>(sQ$fq#kVr1vIZbMn=t4zW8#z&#@@}?HKhhBv##@KDGNF` zfP7tuyS6=zV{kDtKJdt642ymIN8Rd$hKLxrF^&j zn}mm8738$owLbdfl%325ruc#D)%X%Bt5p*@u7Z|*M9OjC0jx4ma$UTSukIsKx9|mr zt=vbX4hON=v*@dbx!qe3QMn@m;N*@7(G~-*I&c>lgy^OaE~$^+3`W0VDi(-D)N}Rn zt5F_~Et`%gH@<785~_(u+FyXOmTC@P+>erUQ+N^Fa2&tb=~8N-8=LJm`t9q1v_x#AoH` z+uy{|o~BbB;o+d>8bJuC*d>kN?)^!pL`8E6!42d6l7*6mC5`=+P@?7_&(A%oD}k_2cPM*{2wKi;Zeygq~y>|nT7RfL&Q3U@5aAhzELUjmNa_O_ickzh1eRc*Pv zMY~Vi39O@PE!iIw$oHjAzQtDj;P8J=zN3Yoce3sMrCe}+SoQt(_wS@zx6!}ns$|W)9TA{7=rJG}Yw#7rCdknF}p#&8R&^n;G&QC|%?VH!rlOwXK)9 z!aepBJtBpRE~CHx)2?u{ds?&9o}&Lk;b5@R^EaIjD8A>H;k)8e2es$l9SR=bx4{~R z_+~D1h3C7cHJQbl7V+xrfSz!yQuY(NG7=Jbzx4S#%KTFLCgQm{zqFsoik(mUrQbVr zJiqjvzDC+Fy|zjX^-HNJq5Vd^%Lz?QH*Xv_^G)WwMvH)bbvN@kTu23oknT{gR`~B; zpTd0~&%Zody8|&_EdJ$M@h{K6Gx0Col{ll(-T$TJln<)YVFZ0$gO>g^)R>QBzv0OH{YHR`gr09 znAq-nS#e-D7?5byi^;|UvrFyk*qcCJU=Mu%bN$yi8vg7ZXt2!v7XF4l2S7k9V? zB3?~oicVxUU~79g0V%hSx&C+l${d$7$7`SV3+JN;GN96U?$55y{h7hhbWY2d5MJCL zR*vraDt0nXoH7RoqaP?u$SoL)zI9^gqcnp0+u;j+Rluq*g!9tT$vY!z_+r%jU%P{8 z?36Y9A%(@&!9!3X-R?1|cAH|G8q$|(LSeECpSQ!up<805>Edb4lw2m$i?qJlK7aBL z;3!Yf{m7K?&YVAaP7nOak>g(n4Tl}7@F%0oWr-I{4R9N^14spBZ$$c5UCcjD51W2n zF6LF=|9|0PhW6CUTd)`Ai`r362jCFv%|1FEXo{9euc28JUSK&gQZQ|3h)M(CH}Ps^ zN};nIDr9VkknK(<_(SAy?!z`3qsd7djX(u({E~4n{qXafMk+&R-YTczFKKTOJdxSY zuJVd0-t$R16{T(T#Ed~O#4j*pED7orpZi8Yo=<6#pwN=0Xz>g(0`d})uv|bAmTQQ9 z+AkzwUeIOcHAd4C7>&S7;N_Pb1H3f)AE_jHIv_x$c9QxX>jBW#F@1DMCLYVC@MYuO zs`T2#c2Z<>AL$;|mP3b_U#|}OFK&#IgWcp5R#tTAEkHDWbkFWw!H`ctcXPr#Pz&T_ zdcX2{(Fmi1nPZsd?Bd0MFA$_o=l3|BA$~!dUCArkyefIE#p^=%sv-Z9R4hQ{aTNe# z!-4vi%=u{QEa5XbjvPPUvv|a2>0LjOQ5WJaH?Ec1@ByOe4;Uu7kIC?=((+K!a-TKS z7#*c87k$D6Z5bu7Dj{llXuOsirR7Cz8GUqAf{)Za8LtDoI?A5H&n=;6pe)mb6E@47 zupsBwMt96Lt0 zjam?0zgY2jzU}dvy5*lE&;>1zS4Qt;&(^u)W@9+PU*P;P3^?scbtvQjDJO%kdvbO{ zY5536Lc>D#aap{0JU-uZo8q1FJy)P+p>0!CH-`TDxTZuBpvcHvB~Avb_DAmtMLs4= z;}mF60Qh31YvzHsLKs=io1W{RxX|Lvckiu}5WDJ-dIt*ThtXf>2`ETb+i-N%@p#cKPTvPi zFe4|HvJ$f)-?kxP#tq>NSXa(MW~`De%-EM^#%jfc8Bq@1L!^brVss|h0DMAb#P&%9 zem4j+1_qBc^)QV|)4#R@WzsZm2T<;{bU-?0c&DW4Q!=uMa~GczadNYk7D;a@V$`9D zDJ|7dkpL?4MVzV@pg6HWz5eG=lrSv6#I@55XS1B~dviVmf=xH1P4 zPY#%jP)PRle#B<#V}Wlm$7=1oOFKOheI2eIpi=5#L+w&D1QMwLAs8Cd#-qgF=$-Pp zUVl9funcAPz^$hxj2)fxG2UpV>tw0VgTZ@%`|xynNYU|Nemtsu=&(5vUL{7KlJ&rQ zYK)p?PU#WE0)nT1z0gM(Vf*0~PvPXMDm>1|ar>5BS=ODxNJVWlde^AXm;(+!N=0n} z?jqy7mNdrCnwsmpU|C9Ql0tfO15F_QX?l-=-lJV}IcFH_;tp7ZlIL!UPQ00+qezyTa+wK3Iei&j2r)A=+g;G#Ao z(tlYo%-}H^yGd6J;iPYhW-#LASNqUyYV&G~S7B$b0~iwe#ud8!X2gj5kJy=QHhNbEL)ksq*W=`F&LwTb5s3K6ar8bcNGmk1HTr!pE zDp4hsC>XESu9QS=rTMh}LyDr@29sdq8pAa3&>>}p@}YDYm%V4;1m zABrA6o=4q&7^_dG1_P3=U%IBUz7!1V=Qm|cUvP=c=72hrH)jE;)Wj!xvD!-1z|Kbj z3E|@*c7k(nJ*q+8i>6O@oIDCU)+E`Ot3zXys4-$3SHh_q4Q+?c%324D6Z?A*Y3s^v zr1PRnv!{NU0SHwzWdVqNenXj%X>u5Vpk6Bggg;jTuxB%X$1}TA88;ox?UrTW)lBvIo2S3+cd#*Vr~TAW3PS*?%1})PlPa9n z=PGyIO|-!nyooN3B*{kP#%KmR$l3Ju5~P{rLJ5C)+|!6@E=a?hvt3=xAoJ@dL|49D zXJOrkqM_WtaW2w*=5IX&pyMHYEr1Z6a}6$nTaqB~?Jxj;mS+3Ys60%`CA#>$2LsEDgE z@D&Gdm4TZOe|MOtoUGeOFme?c_=RK37`Pob%R9a=W8kxX?MWLlFja9m1Ahr%t1+^vAY1b&ex}4!)aWfwiJPV|oQVVlgC2 zrN(FzbVYv5ABotE>VAI_O`YH9khUMK4xdDyxvN39h2c-Yyp_6-d!tFXO4<7&a!kxY z-Qo7O;icGwSa+iaapgrQuKMuNr2kEDPedO!9aN2-8dVC0qhG;|c6^ayCs`D9gu4A` z06AGSK%N=^lY|-BO?90T1sfF^lsN7FUkSL36He&aSL-@NlE_;!&3SgDD!<*Gh;mbO z6dDAV>le8U3y1QdY zA>D2%W`#OrETJl8_Ji(K1H(hg@l-rTWB#V-KcK~6Jc_xl^++3nCa1blt5Y5X9*Lfr zf>3N3*uDg8uYqlhPExSF3bt=tu#E7IL^l#FkmVq_;4YUOc8M|kGD4)S;(Tl>W6gb zmRe)|&SuusITU$DI+mKwr<+L(t*Tg@P z64k_vhpNyn!X)}R+`i^7I75JYepwls5c0?Ku-SEfJh-1W=YxMub=|t_Qgm=*|9Pku zeZw{?I79^16VV*VAkVLw?3+uoqvPSgr8$59auF_p+l)g%j`L-ffJq_Ka6@qS;tlxt z&bol*xJy97lWv!^G<}b2nlq{ei#J4@2*}C&-ACdjCG+cMWQR=VFO{ky^M{3&WjvXG zVWVfa(8f$lFldTSL4%a}OMon}U>_6KZ^u@#94Ed^dkuYj#L?6Bu{P}EL)c&{N`hmG zT^Xh%qC(3$3^kR+P??e#f)6B0Vvz%^w&qnu+IgmB(!5%!iXLQp^bt1tlBuM2TaQZf z>T#vHNu;?5o-bDtD-*CQ3~XbxkAhvHU{{U{R+Yqs1Pk1&Dv6VR?nf<95?7;iN=d{b zwvKO(2TdK{c+U#d@0V?ox4qTcgD<3-Wm=Jvx-5H>UIitlWng=vjACJe9)gHB`O2`<=GEdmvIgp^Xwr4;do zv*@`QEkI(RE^n^!7_Pt=s=JwKH)IEhm@vZe%EP?SCqH&lUFRo(7(fCnF5#Fu1b291 zUAL5cgO&t3?t+)G^)-hILSf3q6)Bfhq|AuTTxzqYY^~YPE2nO&*-ut9Qmxse6__@Q zqnua`D(me|)?2fp+iLb>70rICB4trU%8d99ZCDY(S?Tc+`Mj3g79wx0Xk=PN%Fz`m zGh+I_NRDo()yyB}@;}7Ab92X*)e6%le^@G~_ftplO5OfMUK|0NNRVgLVuf^CEUDC0 zD{gVPpR3Uu*KN6*rxQ1^rzypMjGzot`O4Kam3lbfMlK+6#_Kk1?SXA(beZ8E!2Fd( zZe zLq_x=U`ToC?v!%;7(wTV)X<;qZb`=ntgfT&!FQ0DTh|X+JkkVI2S|%!P0RqqYheS+ zioZL7kV^my>DG7t4sdH^zn#@u&*l&>;fE)*8?v+$#U~Jqru5fY!XNxd7XKIH4_+>y*V2erB+L zxoh-Q9PC!Ieo-(ZRs!sM=m&s7*d!c(h2kAWliGm*12W+?&+HFKS(rN%UHkxcM;)xC zDVR~eEETW)obS#|+@kV%?tCK&@=IFbFxo6Liu!SGo~+6&enAd!)U*cO{NMcrvl1|X zv)S=+X-hzHrlIE2MX(vIu!9tAs~!d1l41jSPQn>i)`RKTq7S{|1jsQdOae8eXs<(@ zDA6Yp-_y|Fl8slUY^wP4;8aUb#s8giZ#?)JrP^q;5)X2&>q3`uIh-LGTA7DfF#HZT zh)aG7?r_2IGo+3-2$mVa$iOtuWprCiwFRFH&ctf+- z_gwFDVLLaEvIRJjDSD3hkW#wugc~Yl$bC}BHHz_Yu0MSgW13;yVeF3r>9bh%u1m)Y zgvG-HyTC9+`~H~1jTUF%9#)Io`cdKz6F0P+=!r;RT*0wAMA09p1=KqmAB3#Hn?{t8 zEL#sIeN-RP=d&PZboZT9X0|qTg=ia`==>YZu8hq2Oi}%Cs*(xnqEAkO)^*UKMO1G` zcQEF0#E1@Xr3zBYl*U-}^>2hC-8rSaD*Qy{8(Hfgi>|mmRbH&F?3J|rjzID<-1Gse zI4yCnv<$gE$svC`Qyc?mCu|}ebmDF0n4lACEYlG-QBO-_ZeC;41)w z-4uB%Yv=a;cvDVg{n#eWHs0(=c;9zstNg5*QI`d?rNYuzVT!!VO%;Mo_?So>GxNC*WJ;r0(D+rx0I`R)Hj7ks7Z)@ng)(kIl`@mqN4SP!5cGt%UCNB(iUn7#mc~yow zaW!D$KcW&h?Z+9r+?${YA4Mb*0ts-KM0dg{&`IhAv3d0usu6@c2~co&thvXYX0Lh7 zrQw!soCbIVSHa}E?M6i_He&;)J$D_~0d1ZHDI*=GB6^ z>?Ffe9_xLK31+XIY)^B#4w%d<9cpo-Lp?gOvvmXjwIdJyh&mNG{orrF74}!neH*rJ zc?}vZg2_m{^7eHc^fWuze7G=a$~=zW~v zkHrzr&tZ$ro+yq1;}kZ!K}H+0l^<-1zI~}2nXxTb8oVoOE!Tf@&`h*H#1w2bCWItu zLAjB^nmazsC;B_dUaP^(MC3D>ya7?oH573BCLZM!=SfoaMGo){~k{%@wTOo3&k`BqwmZ zDO4%6jAyLac)r*KJ_A!@2N@nQG&kuiMNV)95p9f!OQ@wGO;NPsBUmg&M&PVJb z8vMi3HFc+aoAr#yU;aGAN5JxQoY4!2?^P=mU}=?#X*);S8oRgm z-sa#(DmTUx)lCPUFFyPNd{6n!iU2^z)W=w+FdZbBm1JqBK3F@?r-5O6+~=v0M}rq% z(E&SETauCJ>8cT^TIglV+R!x|pgkc-wJQspuXaEAoX{fpAJDAR74(SFpX2(ju#r(< zJq{j<`LFJNUqaIH$;1_M?&zP&FvndYGIt?xeq zjp!qsr*gv9lxS$>56g{b3VR4S69^3lZcf%e8tS9aZf!uLebO4)$sKO+MiT77y91;J zoKU5SussHl8%r?tSnw<8$nf(3ZUuqsOtfG<{&#^jX4#zr2SLI!|HJFiC^-M4(5hAl zF2zfbTD<8(aE7!+9BB6WVDi0EN6R^TyFb#yh+VHfm}Ac`I(@bs<@Gv86PBca^K8PO2mn%aw5S6r|!E9rNlznkH2QO!WxT#v7 zZD@sz{13>=w&+)|Ra;{;nqYo>+gcX=Ea{IO6U{C z4J(r9iJG{Kb3!&6mldq7kt>JGPKpa`DepY>cz+j;?Xv4WMkG|T?O@E`ZN(hO4R!R z&FpXZu_f*&Dp7f4gvO=m3hY>~BQqz?x3wJuA(mipuB64G#}bUsl}vXC%C3*hXM%pS zG%^8GJvRKW6Q61t8qy|dXh@r+p&>22{TS>GkXFcPNGs$t)X0;Dc#T(%4`JtXTpQxPA=vF$Udp^VfUIF=-w<>V7#$DpA;K79 zwT=ahF4+Aw6D&it_Yg4`j2G-5O$WA6N^0XY+4Hy1pDWt|CwdIP;v&(am9HBi4)`vw zb7nNq#{(KG*f{vcSx_7z9wEl&Dv(x!Lzo05r-Lya*O?<2+I+ zfc+l7N>k3OVo&A;ug*aqHDMiRLC|R)484WZ?yowgb`g0 zZ$x=wmj&gQG)mwS>p^!@dW9xep(VXSi>r`LuaI>W>eDOe8|=iPA-#g`^soX)nKFv$ zu8X$x3T>=l3DYxrK$;z2w@`u4Lm$>&>=652bqW)_O=6#B1ii z{(|ehuvWuM*(pAUhlgUN|5ASF$NxnCM5qa%1hZ!Q2O}TEneHNgv;55?+?YoM=U6e8 z`4tD%Z{B&mHReg5lzIHx&VZB~X(J%85Y;PADewz>b6&}>`h6XE$>~6|#kb>cOoXY6 zmY$up*#byT0*XG8edv1yEWHk(3H^`wnQY;MjXO|;!*`6HUA?zdgKk}f(D^$6C}JvA z1kZp|(6}PFNCeQHv>9DUdp;<(KGy#*&YAajJ%-a>3wEdvmw?ey;jbht$FvInia2}$ zcR!AM^v@=^dneZ)u49t3=TCxjB&i2QW23qYW$3lHw0ZTwj!EfwO1xvG&Jmfu0rg%q zeL$v<`}XKl(?@0c=K1NvGkxaNnwDolUB7%!d|BF0zbDg|_0#)cW6V!a&Ga?->3uVO z4SxF6jQjMF%;xEtzA>F>?f8Rpv)x#T(lpLq^$|yW72lf1kyH&g*1uI4a|$ssmZM|=}6($m~^CYYn?AG;MOt2 z0wOKo){377w~qK}aBIm=gIfpvG`MxZPlH>R_-SzKJU_j6LOP&bI{b2Ik2XIIZISiU z&=xIz8rq`CPeWTY`00KBEz(iK-d-dfcls%Q_ei-t#x#(QJBwX+ZZx~&RCTdyXrrr# zy^xMtyni7mkYu*~nHMozHScE)m(zBAMJb4dGTWHs@(z@xu4I3ss3umjAr;>W@)_^j z7zM?ZlBmeZ^u^|WTW@LW>J^M0RkFilV;y1*pM%SBlhzK?KA`G<>Q!`L2W4;(dtyKIp)XIpThFU54X{eP!KMl1q z;HRNhmiTF?m3e*|YM|3k!)WO6(@;BYei~{g>!)F~wD@VLp(Z~KHPqmz_xZP|ncIrF z+afhH=%;4i0-mboC8(J}e12`C^+qvwOR?*gjjkSkl8dmR6xKkxggll~OCDa>rkWpb zW1f)*6)*s>K~Py(>Fhpbg$|FFfukt_roa9D!yA>S%?eQTq2LNPZ`>>AkU>Z(FOND2haXhw~GZsloG^|Jnh zt*YgzlX;OmRS)7Q0bb0u8QtMnf6fFw9i7tCmhql8LMFpSuvo&Z)n6Jn+ZV}N3gf{o zs|R=u^EPIH(~|?7$j3iBr6*k1^m|f5rO5UYr)I(X(4jHehmYLpm#3HqG2H<3Am+uu zJZSOT!#s$2F)$Ar{BoEFG4lfE!I*NC;t%tn;-_IAjQDAo2PHoZSswJ$ko5sSeN@7{ zfO#;_FNf@R`f131ho6Rd(B`M%rDXjy%##*B4fCYQPoJ7FFHZlrm=|9y=Dr%~hNXUL z_O;-?YO#WOv9#E=bfbm6n7g*vb?ru1S05h(S98FwThtPaZ%-sdS5e*)mhbyj25Vd1 zynIEcCc7y@v};OF71-pSxc*-u(wk8Ke-NT2#oUreh_3civlrA7qN|HtS8udb6mtuT zT?;n4dL%?xaH^NnGpJV*g0h?H8Yd`t^XM^zmC4ewIT#`ijD*|6@jhCDD!ec@4;8S9 z@9*cqY{xzw_wxW{J~jp5JTKPG!(}!`|0rJFb20ier4wi!J{-;?+vrfYO>sN0b*)7G zUyz7Dx5Fz4|0y&V@$dDa(F@QsWC6BZbtxSeZ1q}>JCNn?w~p)i4s0}@{Ci;L_7?i~ z65M!Bi%0CwyifNS5G?q5jys$&%Jjw$XefNrLN_@4GYIuth~5C1BpwooVGWlX zE#XopuKYZuQ4p`5BStm4;N`TSNV^Ci81rf{^3foZxy=;a`jfnGM- zC=9|IeKY`4`ND#<8>6d<75xEWuqP@^s!G%`;9c7@8 zee&K{4p@+TBqEd@)3vxK{m8=HBkrDb6(#urDW%qgUH+KI*UT6y_x>AZiOYrs$f+_h z9XpnX6Dxe3+(mzQVeaANP;gE`m}1o2C3S9{lJvVe>#mm10eiYRAqQaocGL{ug7faZ zt2WQ$Mr)tp6J5km$viKCv}xt})9{utx7lCZ6#a*uv&LGGc< zm7*k^Hw~d~B__CzbwGyP^3cNELyp7(>rR8OTrN|h=DC+BFesAvk%ODSA3Li1F$_(cxQ3Up1kV9@H z*7?n%-2I}un-5MBak<|fQV@CFoWvsm?q8U@AAlC-9!Nu(lM#g67w3%WeY;~KBrD9d z3P+VB714yEg}Zxp=pqo&$qR0woBJbr-%LQD1$>D_n3!L71_adV-c0VRNbcPx*GN43 zP&n|f46!wRSmqk+OB)Dy7`kNvucC}Vbzb6SGdT86KYd>2nzwrC;4H+|UCYD05;}a- z{PZ!IYmDv?1cDiUOH_2KuAGLu(I^i0Jrwi^Xtb&_83KlqDZOC}_73ehKJWLAalG44 zV;n}cB|)4usqABBI9EHym=5%zU`)HEBQhfn1(mADhv%JogU$7!wGlJu5qa8(vlfX& zSzc^_Dzgh5W{GY2Z1%cvSk=M^R3n;^p~mq$juSK4*!hy|g7F2pe`JPp|L7eDGmzIc zf!%1nv!DskDJnTHvzU{uB^diIE`fm?djkCCo+87a2wA-5&UdysdoJamMrLzCcubxn zfgOOYOclv@+=0WI7)AIeN+5;w#+AJCwz{`xb@B~YK2wHW;oi~?^4yU*IXR~XZwdiK z-00iOO6TIWo^&pdPE;W6Tkez@K9YiEX|{H-PYx@`=9z0gs7O|Duw!*_3{M$z5z;afAi#07*4rCqqgQEWOc{U@~Ny zqy(XqURPqLR!T6nA9W>&pztg03L4>)54i+lC+~9!1WtHNO{*bl((DolnY_&<5HESN zOCVS>$t4gec}dBHH&42r3NF7B^GRYBek<9y2HRRP2LVcY8f6-LTQxqJuh`t4TiH84 zC36iWToR=gISwGL^hgX_@kq>WuF8zwVCx#SWFVEy{{(0eQ#Gy1p;0F>xotp=6ufUR zD>{!v!s$y||5Tj0J7Yb3as&zR6!)I+0LCHm-^Y#viYfx-gR zH5Lrvbvt=4?J=;qTID^X!Tb2!n&s0xz^MVMt6Xe-+y{lI833j#9@*NNXH(n-Il@ZZ zI=vBPay}LB1waE}Ot7SoF?_&XA7-z0!DBAlxl@!g zszE)SINzbu-GGl;S$s~L5TB1*d=ByPIl|&ITyO5o2D4rF2F;l+BL$x((0OTuPg8z4 zXYt|pxG=mL^m$UAzyp20{Y#HNH;euxIUGLs40}|ewDIi#-LBK~P!DXNM10x}a3{}3Nfv(q&jIzmb3P`NmU3b^VFm*J1cda4vX zo*ee5S)U)i^At0%r+H7RCQ>iT^Ls#Q#m_yYN-|tS&B{+LW&GX^i)GQVM~!TL`1?OF z9nYPx<4bMFGyIN^wH-%b&T`!weA-+_93KqgZ;z71^lqGP7n{tU_oaQL@uM|Hk0#$a zFkh8{D(CvCCYQXE5Grc9@p;oRt#CO26T-F_hM)` z{BAx>{T#|wyUXVg`=tJRSzjL=YClW>0JWR*tRVzT^i}}A zM9;35@WxOUb;-!3phWg2q_Y7jI6*NR0>~kY*>QrI8EIixHO?^ZZYYI(BwH09MY>RGNCR|a z9&`0U%UuB1pwR$_j+O6l((=@6B0`uZ+QW2=fJeTGb$NsdNxVF61(&!{4a#)HoAc6u zYu!-V4Lqd>&T^s$p zq6c)KjBiIy@4Kgc7p2DoGTg9y9 zh*?d`mh{<*^JzFoZIAzCp(7bM7#p0x)?$l|?4`&`Vt`j{#>)=eO0@GuSoGP2POxKw zRr|me0te55bvdcbg;%wZSFuEcCs_@ z914OG<{2>i@Oaew(?HWoAW*=etvQUdPOcZndpNyxTM2H$U%tbAIy2Gs011QNu`qXs z3r^xVBccSO@YLWIg*R(3G0_ZcFUu6;J+7{7hmB?y?TbvIn_~Ic!X4^`2qp<%R8DFD z{9|F6vD&@)4;rzR5W?FZvs1oIi^1_`$}x4Z>>ZYZj7c@Kvo^6Kfv}V zAkpJmN6kaMzOcn*yzjN}qrIV2-#HnaU>LvwTyw(n(0s+7q2MDAstPm<`4s683;7G6 z2l7fl-sF{n-)i1als6RI$2{6fy{l{bznw0g1g1v^Ak|~~Gr}Jju_g06#NRc!uS!ya zPxi2-i#Nrb*}1e0-n~YK09uRH602~m+6dYj@sg>4O!GplnTrsgc6Y#pi+;W(cw2;n z@vGKv(PrZETf*|&0{FaT+aMqi3)fIn6aag>RL9d~R|85gfcKNIw!|!!PojXtlBN+h zm=b)d^C?g=jtxFO}&~sZ|gU*rKctv5EJm- zt2c=mS_$WBB?<^sT7e--!D#su_X=0O1)Kn-HNCOiN0%c^piLi#<=>E5Ku6 z8tGYvX~n~G7@UgkcBAOb!tQ0FPl^hn z@uIQxEiI>$bPsP$j_LzIALPKo`>+J)M2H%FOa&i1aeJZE7C^pb>*78wb=}~0*JjXM zs5WRAs<68@L)vWoZf7z;1aABehK4<~1wc*nI-;_(eaK5s1Z~JSC`wBHkz7{2eOs#2 zlCA->(R7D~151ZJx*&Ih+ixU!P*G{d4YL~-=59zRc#K0d@V8XKyC&Ej0PN#h@F6n5 z-gZ0eSnB(N5zpN`VAyFFm<-V6y4h+lva1qCNmi9u*kZS)K-NaX55-6Cmazh77Y!z5 z7RP5|v^T_!#N71>36fbRflh${WL0qIdbsRN1( zP*qb<`dbI?t=oSiat;tt1?5M=ACdPIYZF8pzz%37bLFYR2>9^o;^SpBxn)+r%+T}z zWKFi13oSa_0cdk5oqH$YCLO-rke@RWd}|N696x}8_J*5*e;7RuRao&pKkLt#{b11J zS0kHAHNy(p*ydt%LIEhX0Z*wN!E-TUEL#7%XMi8x{wij}=tFwh#I!ECy06FkLdc7) z?tf&Sb~TRQajf#4a`>l@5NtdoE9-m8UeWbBSGxK_3>ohL7^IDQQqN5?^n8Iqa?EI* zF^q34_~o#S3O2?##-ZLBo;moSAcyjAe^s==c=%4~59e=&yKKz#FkO^KF|tuK{s8H>bUJ7gA%Y(9vjdHxhUazyU2%p$YOjzOV~ESy}=Gby*{9+7JZ zv^X?@&7OC-M6}t1YS`=%$p4LEBlUKfxL))gvHqIn^iLvKgn2Y3O`qNS9MQ2tjThb zA$zkjUF4L?bdgzMO}5FaOrI{LGMz@Ptn#Xmv+0$yu5#9cyn&}6qE9Ol=Z1913=$|B z4IX3?E(K=>Gqmz_uX0;@;eQqFJ#HR2eJ(s>r18K z7CNzkxZ*gvO?84pC&;Y}DGk64T0~FUkxK>G%P_OkfDM@j0_>s0Iq}fNCWU0 zc8mX|TY<921W+zV_$Cd?fmKjIO+AtUG1~<~Wk-v7DbY)tu!PwGTUdon3 zeoO4LlO>6yi~`zsU%wm*I93iFyscjz-CfZ3*mhs%GZ1#(*ZOIAY&6?lf7pz_(@$g9 z{T4qxEmPn^qV-8tbZAy{bjS?!I5SoQLyFhHS&rRfH83dhRRk1gI?jtSu#CogK?Zu+ z!QsVod+}b7fnNR^gMnT=JW%5p_jZEPD!Lu6Y20fVbP#X`1NR~Z{B(3}Q|m|9HZ_ey z3Y~s^+?(j|)BC!66uJP&y(59utXf#W&{@I<9kq|%vwC5Ta?(qU4`c+eL7KFsW!=2}Xh`$=YO0Q<`k z%%>LSo^tN5kuW!i@ZIW#j6uQY6d?F4#Y6#{>623+>vWEaCsp&sDYR(s4Su(Tb{+#o zn3Q@HkviDStdFe?c*V$`hmYou^@?arh-RW-wl8&qGfTr&CIi&x(tygMyDPzOVAQ!7 zmafbABI#@4nX)thA2Fi}EFpSpvdtK=*o#<+E5X(9&eNJVN%Q15!YK+>83uTI0$mB_ z$#QBw&)}i*82HC7Bib^J6?K`=@-$ZT%cEsP>qpCorlVy<)6p`b>1Y|zbhM0UI$B1M zjxQr7BU(mG28LvrOPfT?h^c`=nPtReM9T;>pz)(+#AHOvh{=fe5?e-04fNvS5nD!3 z1It9TjA%MqMl>BQBbttu5lu(Sh^C`uMAOkSqUmTE(R8$oXgXR(G#xD?nvRwcO~;p! zN^pG*4n6}M|Ld_l~nZxuZ zDybg*v|p)~9zEVw@>J%L@l2e1hjQI3o_VHZZXeIQOfp~h$!h0u42utoRRf8W)sB&B+q-H) zzTI^EW?3{#-&DyA;+cC&<}c!z&63G)k*netn0rg+_u`rFl+0`6nYsvG9?#rYYF-e} zJVG+{xDrF7O@Y3>Qz%)KOYpLp}bC3B~EW>zwJlGQ^Vw}!wv>)g~xM@LEKSU{-J0g3|13k)#hD~ioA$P zidiEne1qpJ)z1BeHs*?*;_B1RRabwkn9cWA!1l0Ni~*NwlpMdnGfMDD`h66BT3z|5 z+td7Pmo;MW8G9Nty>fOX#pKpNLK>{#iL3m6+a|DvBL6tDhpP4EbDO9y?{R7hlTb@v z4)~R7>C4Z$O2W!&Vwx9=EIX;bOlVfsmkG_P`ZCh2$|Cyk*bro?ioSv8is zv6}VoSNIw(yFtx*6;Et9&6+h)iH$HPQ~Z73Uo_o}c8rTNE)8Kmqwij9m4HZow3 z;Cr(mLE1og04BVH&abYwKT;T6|yNv5^b#$UL7-S~kcg9ddrf zL=o~WcB>##@FC-CVXghwC6d~WCFwS zRKHR!!|~m&l4m&X7SB|}(d>>`BS#I#zZ;1(zM2}2&$!J0K*KTTkekqOG|vfQw5(Rs zaQr(2hZ@O@Uk%4+;+bkVJ`~SX!_n*_+U9CFeluQE4abCMsfJ_1vsA+|;aRHTnD8vs za7=iXYB(l5OEny0OZDN^!Rk%-Cb>1KgaeNtP$o;9YFN((O4%vrYNtEp8*2l-c!@9K zO&eU?dRO`)-c-XNFgI>w`#2@MwgGzxezhJ)!_-))Xnkt|fDxY3qi;4TRiSUvB^^Uo- z#^MW8s!IJ;X7MMS&I35edqVFbc8N-}{7R`R6_pZxBYg2+;W&hADS8$v6`2XY5h@j# z3BM646`7IW2<-l&VwV{3yEj6mqFN?aEnTIeTHvPJ`r^OL^d+<>R4OtP+7l`jnF;L) zm5R)S_Jm4BW!s^XjBZ!;yZ>W1GP;!*d1pIzp28j;9Bs8hK?@+F*B9{;_A6XB18)c7+IK_5${9} z5!ufnY9|L~3jahWyGLlCSD;~g#bTt77(L=@K$RY}!A=fN8Oeq_IXBTsoH~cN*R&$) zcrdZGbVv%~{tQy~MD!E?h|@`i@Hh0M_mr{=P||}JtNy|do;k*W_>$8>53G(cZH1E; zA9O31E{w5qoV?iIFOL|{3fW?F*;doo?lvzWX&Otvc?n6=XJ-1Ibjt+#!*=(>e)>OX zySr-DGn|Hjkm0d8XwFrc3@mu@8aOreS7j3&JGQ%@@zdDu{<)vVcK6+W8r$7J^3&Mv zzR6ExyZZ}%8r$7h_-Sl+|F@sUcK6wS8r$6`_-Sl+zt2x&yZazNjS$}MNXxc}4cj2C z7g_A7A-+poWst>K3M|L>upCQ*Zn1K(+;)C>3d_CVvkX}7X+I5?d(=;Zd%eC}rzDE2Pj>$0XLwtF>fcI6>V!WFiGCQ&cp#Sxd**7onExZi}i{FJC zr;(kv=^-=!dwTQN4PvgnBZWK;C$?K`Hx{I?3(dk4;OUZ#^M0k|C6yzTuqm$2OzvhAYfAjcRP_C%qnIZWJ@5wd|rhTqTlCRh40%=Wg_6aUbY{z@St&bNAU6# zzmK^DhWs`FMmhg(YY1*qbtw%5iDKv6;B__>3jk2Y_O?)P6fke0%ng>V=jBkuu)hQ( z?k#kzTfZJ2`d$1r(A$O=U_zDyy*j+vO1i{HHEYo#)?V=nYUG!H*A32%tP3rPhask* zv?eZvb?6RO&oyDaF$iHj`^^_SoAZli z4=kst6pY^eI#eOJqPJ%$)Bvx8vBUiEpG+6QdAKfO;W7*+xMwF@WJBuvEVDiSLO9r)?RN@$iq*`2-F2i8oN7-2mQ2mmi~Tn;U$2w=L_! zZ)^zC(-cS9H1XAoho(Yv=mvvm5WYVJtOO2rN2i+v?krUYOY@6b2jp$zCIt;a!A(DY ztiBIhfS{+1fAlO}KN6bLjCNX=n5pQ`_4W4jK_^BhnuI7z1h*@jQg9QtP&p+K@J54b z{@Ima3k`%LGusH(z;EjqA`XXbzMyb2CfA+J!k5n`Ph#vyvKPv~j2-FA7gp&4;BBv2 zk^p<2+dv+oWUl>ma_o0WF|}AVV107c5;8=V?^sN{)^Qb8;5n8*gR9<;uwJ@7j@2+ zF|L1mY>Zlm^bp-}tS7D=9in*8e$yFE>S~LUYHaR)7ct4_otBXL(zvB;AQaum6_%?jv(+1IJ zfA{M8@Ew4yFQG*>c6!d#ScMuSlUtNp@kjtxq%(9A2I_V4J?%!L6Lh-;y?~&nYc0g) zx|?C6p6yW8_Z~>x=HR_}L!*BcU$9xVHQb>^jHq&~9-c=K*k=S7@`bfKn}cbB8!NhZ z7Pm*15<_2SXAkwk+Viyse22MK4^KRg9(Ih-<&9HyNL`2Z!ELN`j>Uhn<~2 zfQ=NlY@-Zfdu1CAqEXa$-vNHk^v&#pcRu2cI;{5q_mp8ZVpzMg=pZn^>12nC~q;7 zlOlPdeF|WIg9#QKvl_ORMJ7M2GghWdcI!HLw38+Gp5|Y`U}j^P13Yg9o5A3FocWOk zINIi~M83Y}jgO^x_HXaHhLxRYxPAwD{6Y)@@j0823EjRXKRoF()WCo(9)o@3)5!N2 zj+U`~uzy7;i@=4s0H1z;dj7g4s1192Tt0cS#yweCK{kDzQTf%+*P9J9=nC;|FiC`s z)_h(yH=guum=W`BP?;C#c@qt7MxcsEBHv~t=Gz#!70GV#kJAr?BPN~RQV(P!UVp`ce6zA8$Mg?7fMdZWs+>kOu~D1eo9Xt2ujgp=P@CTl8N+J$Y!L z9r{*vkTq;c|4Z7<)p}h&QYtjFf^E_>j#Pqsyzeu#S!b<(_H*Eu5gCTgRfZ!HvuNH@ z{)su4tN3@~Q((bt8%)%^4*M1BB)PLQ(4J69*LF2Ba+EcbTJAmqDevcLirsk zP}@`wO!tgJCutD%v5AR;)M%QF{h1g>J6#t|;q~> zb}6_h0ergF7vM#_NAvojK4`XKQAzu)#0u*@DaN2ZmBd%!eEr8bjIv6P`{oBe)Z+Lm z`IN5mnbAvQMlS&mx>4k}68}u6d#K8(ojq<8MtL{MEZ6NbvVX9 z0_O&uww8;huY+nDMUdFHfJp*R8B~91vM+_(mXouNwYpoA*Z)RnjaXIB{nEh zlq(|8K{1c-mLMTNw9sktevqi?Tgc|jL>ZL=IIHz4F1H?RWvL>9+{gw}19tXvCtBgu zLK!m)Reje6-mJh+iUDs9J>bp3RWac1*u2!cwR0=Z|z zD%pb{_oijUpOz7s7KT@;gz}9By^WfpH^0kH(Ma_a%{akMkrr<16y17|4?HnN&mHdr z-|!Tz<_aXiHX_3*0wrZOy(t0>+!Udj7;tV*Le8>iI7?*w;t?Qze5UIBa)a6%UE?Cj z$Fg%V7Oea>NqIlEBdq+YF=>ng*dx|BP-D-Ct@%#unBx;Da&ec%C`XXg9DiuSUo}?o zoAJhfSg(9HW=P<9p8(z25PX=?50U@A&jJ(%%Bo}u4e#}UnYo&D)(5AyP0{_IgvEr? zOX|g>V$~#7W!TSEzwb(Bi!Bh_kE-9+{pe=!;D%_aLek<~e zxwY2$S}ODWSDlij7}PyWH6WtfEPG2q&zP|T=NjXUoDlq&+QFJ&e5Ewx7Ag9K@zj@S z_$9yLrGCSOYKm%6n$iSgt*p)XV+{v<~OYOdu(LG1b$7=Xvjzg_Uo6u zf&F1J=Njy}sB18&+$_f8G7NGV23arE!Ml(0{03Ebwhe!mP)u7g$Ko})0sN5RsqC|8 zrEaR!&PGx>0NxllaD8y&i*Io2q6Fgx|D#razRkcpLEs=>Is74mZt(RNM68HRBC@`W z-bBw}b-^GCEDhfzgL9Z&YY{DGvp}{DjpzGW9G-4^R$zY(2HS0h-rZLd>^GOoz1?|? z{(aiA45GB7(hvqy#s*?Lvg>4E>?8qE$baDufXeR}TmkFC$eKJBtet*!QmoSf(~Wf6 z_c2LnNS9k!E9B_!@=M+HVn@sEU!DEzzeKzdxVwhLJ4v@rAt;Flky#hs$Q8E}e?@Lh z8Li5oP&A(|*6_$*{w0*&LzF-|8=YA4h^*0NyfLTi01k4$_I|t0mCd>Ze7J5EI)Eiw zgTEX;NBwj7M7pu;aog8rjc6SdPUz2fpsy0RzCvE2EgwAn_c!p0C%Eo3iwQie4Nl_? zPaA$Yf$&u_Q-s0t{4R=x@?(F#UB6me?$77Zb_|_=KsukupHbx@1`cUR`5Zw*(X%iE zB(RA5CV4PcdA&P}k&Xn{yhP^Z=~Qi4Zqn@PsOO4TliIHt-5J6Bq6F+e(N_!Af?rbnat3w4ghgW_+X6xpuG zLGrh=EjUk2M_4mr5+xQ=)G=qIS)l{8OR3Ny%PK3(jfl%$<_7ua!NU=gxyXqZFEREK zql5$RrzS>R;PZcmZcT((to`KGAN+u+KYtraW4gaYduuEq*qATb^=Lw8T;@GNdYLa> zTNb1>oVy_Y8TPGhec6-Uq&hSyZBMa8s3-U<~5j*%AEaMwWBp z-Ofs*G?926>of#+xH{jkU|&L3$kPtm)^)d5ssgq$YE^e1bD&&z-?LeYQbUlp8N=VV z-4&1(exSO$i==Ap?q2_D)#whl&~0~5xH@kMtrW$~I}Glm^rm)R_>WAMtm{vBSkQBn3aX(JeO^j1Sm#uBIf zNn|y~ioX5aV*Ml7*sAE251#_N$wy?pEk?J2Sh+!2E!se=2#;>AJX#@-j(R-mHW0sy zhT*u(u8^#`no*mBg9LhvQ7^VxN{;&A%>?vA3n;N`2VUkj9(L{CW(j6Ut8F_gd;~SNo3^2m9GU{O0YKm3M&kCm_Kl4MdtLF7Oy2mB;1E&jNWRZ}Qru%jKdgQI zANYbizDw+}l-mGX^cBNW(FT}qN=x*e5fkv#c+Cy452AV62H3lq@2EcPHo)G_?s`|Z z)bK|cFG$zVdiau-^lWI-(g|is+`rB)iK+fA;pxf5@!&;%`!BJ2M(_LR`pHm9WEfAd ze%{Wni39oLc_5XWtwrkZ2A~$4qW( zQ^o1Q{fuRZp(Fu}6w{@iri*h2Jo99x+dq==8$}dz(9hMLKt}{6A0dCc@Ll}5?jvnQ zK~OaS<#l@S6(VTQfz^ky^l}yFWm8$;v7q~;h!$@Ok{jCpTPL>H!wS3eO>S+qTL&WWTl{FSI3e(Y5DEJk=8wD#|g>(E0SF!?!Fp&$r zjF0^rTLN*7DVeLXI^3m{sm9;(=w8U@MZ;704?X^{jsMW%50BwLGx!e)8WeZD>M&$Uufy zARf*vUhD&@SIC*^%yv|}PdMENHfyzz%69{zxaWX17-;7~*{;6m-DkeQ|^T*I`Kg`q^ z+;+H+NxPZo9!_D2Hn#q@0Uf6Eo$%vJ!H1qz4}TF9Av+o~{ErR1*2;>%(au?Zk(p{7 zk+#S3^(Yp0OILD^tXk2ll7u=fTY~g>$64u0eWbTJCig5g2%D*%dfA-WPg6Ga6%cxVEMh|!4H_@BS#)-KKyimbOd6kLrYbo zwCSGfRezJI-nW~U4}x~>QcrwA2?`EUMC?2Js34LxAg?J7)Gf$;In#H(HXcaeG6=5d zU&YrjQSD2a!r@Y_wZx{E%thXH?!|5n!^f)&O-V0a__=Oj?mDzznEMhsTbTQ@yIVcY zb}P|1HL%SIGoX^qV{Qh*lXNR!025@!h%)hW$&`68DEiI~@NXMHsZ9iQXmw0$V93;r zU#=8QkbV<7Aw(*cCiCk;Ct6S)Iw3044Jx)F^319^fAu`{OPeZd&p*(E?ThYasmf*YaZ_&T$yToH&$Ft=GV-;G{e%`YO_!U5DfMxhc-8-njo(6qrd zWe_jXbZ&6*1Wo6uS{Xw`hQN@g<+{S%-T1#`jAwo(;YLE$J7wCTr?!d zGvn~glb5UsRN#i{(JOT;x`tqb$ifZbUgc;i-mB{282ayBK{VE)>i2Uk6%CX9QzzK=o2^ zdn~Vm>TgXp4+wg36JK@hZi8{uj+FZbD?Y%55AJ1=rL^^yAg-@+g%ZCo z*zyg=OlmfB?ip-b;eAUx;h=`B{G;JzSo!4xfv@TElttV)CH_8kdJf%VGM@ewDVH99 zZ;*JN2C?Rt`j2w&v_}0V(ktO2Ob~B4Mtv@2-xq-lrj_yfZsK*=ZNemh@eDu?#OvEg z9rX^7f}PD2f57li#aoPl>#R=>)0_Fd-BiVm0$r+g24@^#d5u;_r>RD@>s4zA4vkf7 zFx9ApylQiUhFG<^rW%!*SFJq=_xC$(M>TYAOr75N2aMc&k)Gpnm^nRu^eqXIGPwDW zb=|&jC8mcnCN#mCbD+(L;=v!6ETIiYGgT>Xo6HT~K-@rJM8W+dEEEOX5d2!|aBHE> znqk;lfEm`LIum@1tp#g_0mC=j)9GVq8SW^xi1|;xuU>dC%KXUgAf_*{YV)i6UQw@cmDp=sa8E9Jnq=Z=JIK&!l ze_!qc!p6h}9(&mQ%bEW!SARd7e?IdQ=p14SiO!)09f%OQ*|AB)NYenpBSm{~j?IYn zIwmnI!QgRyR69P(5RwPKJ~*eB9g=gWV{uaXA``jD?-x-a)L=C8UBLRY($I=UOYm9o zkEr$h{R`E1wei_m@qw~oytZ?$QHhuRL53*6`cTE$8xcGkuie9)DXWeL_O5HQ>kTe= zRcr(ht5<-*#^RUqs7G&4C7J&fij|rRLL6PhV@*FTk_Y9Z3kICho)W+a|JtKY)J-wl zhPAWNIhrAu3$#{dk6_@?xBcQxQkmurxF!$*Gl!tk`Ig<S9T|`b~{!^ZW$?1P%X(3kAY4SM6;zY&nmkl6qdi#HvSvkNTxBF!ZRiDIN{pA1kg0 zz!C;o!AzHf;YZDpiG$D|%#8|-ond*BVZ|5i@TUBn!iy6%g1i*z%cu*4_juBI5<8Yt$(4Z z|BXM^uFv&tEWrlgyjuJFJ3Z)e&@DOtRKEeP%c z9Ot*f1q51nm@#hka}xPC+tEt!+BF2*#oDDF5lAfbHvVt@)7tvx9_g2g?5CE^esmeg z>DG6A-(J#!8i!=!qiC_lwwM=dfwP}0qb3~9RM&~yFm8=EX$Y=HhJ0>Sx*i^}u%{*~ z&aoN8PuMzj%t{!HG5)GO{mmi)4GYhzwcV75ph*Xp;!kMLogct3M0=Kn(faeZ0;yFb8k+Yx8DM}8;Fv^&;hP1ywc}ks{;sn`fPwJxvj@A5j55Mn5w8U{q zea6vL6z`WUX?C-as-7}P0L{T^coswKd>n&sqSiIKdL-EXK@G9R%~N1Sd-DXk*BX*;K0xt+rR1ZYA-3@PAf^TW4qZ9r{ntNLSl7m&9x z4SDysI@Hm?@!2~|1gm78;d*go-rr^MeGnpmqGD%b-n}2Q^mB|z$-5k(nNikiFnM?o zMxN~GH}As8baPH&omDfSVF(2wPc}$$VP#s z;ZPH^@|lB21_Z(AAHys95LF4~Rp(#g>uc(T$GBhfkPOucOl)1f)t2d2+$h8kD976` zk~(scpcH)hv$2q8o0ee#=_)hS$rUenQ9KwZ@=cB%hPvw|aY*n{YXGO$#N4uX~RXxxb74Arc_ zKn+^{T1H0z>%R36lr)hcfMZ~Gy^HfdFaM_CJ4l_HVqY%R{3;$d-^;+%&YMT44q?5pPhlgN)jOQ(Jl8hNl#dqqgxD@ z_)XVZEAz!&d`qt$9!|g4>QzajO;CULsW}0 z0B3}jf<>#05voJORz`7~ZF~^tdLTwt0Yn}kM6<#Ig=T^rJ~3q*Jv));-EVpwn+jta zbra4ZDjNAveMi-n7A$}anu~s{(1>YB?5wc@jJky28s5OPjKi&>&Fjl6)>4Mpuwi;( z1BpmQ&I#AeSA!7p(h!2YdN&VK5MqTmLStOF7{gO}GqLgmOQ-)VW`9dOqUm$S-hAOM za6-Z(wDPL>dv^L1o!Rl=0nCQB^2ZzLZ^r9lnivi1!u=@*N&%xtpc}K$3XU*F4NL7h z)HXc8a>|A|!X?ReB>n1-3U0=ljFsHMlGxHA@CQr-wOwRwXuw1QrM8CP{o|1QNC~#s zx@x`bW|LyQB${SoP5Z3M!~k$GSU25d7YwI@4gMHtUAP_p!T6B#VqrsR|z_j1tq37>oHj{6AefW%@X;TO^67UdqYWf^KX zWtUp@d7?ngs8N8kqn4@e1F9+ZljNB+$%y*v-ld8>J^W24Y z@z!X(DnG`Jw~Lprp6^zSfrbn)2tLZ4ut;f|0kSE$z`l&m>KtGY93HRkgEj~MD#a|| ztu2%?eeXnPvb5+Wd|oHIg8sP63(Tv064SQs3te=hJLQGO2$^SB+vj@ujN{Q(lt zw@>`{)vH%$i2~@FKvt7ICaepiLE9r+<4EFKJrGpM&$%x@scd+1tk|_SXgE&~+1dpS zz1D^E*|!g6>kU9zG1nZ`CGBD@M;=b^KZNm#D>!R0TV^(-=QOs7+gJ8|hE1c-H^7Lp zJjs&f(Wj*be$W*{pRsdN=yRe#^Pv3Uq4ZH&DA$9_7FKaeq3U!;3sF-!F~Jj{~v-+fK<=rdIWo>{_c6sw__ip8%#_vPvX>d0!1= zDUu)q%m$SS6^Rs?mXkGSxt-9^&COTB@M#YVq5kYWD1P zd)5q(3$MxX=qqONIT|=wx4!lFyvE~b#je+2f#GRyymxli2((kGKRtil010AUHe&*s zH+2S4gw^&I{up01X8HAOF8Ng_T+Y?}(WJ%Js`(?y{6m;eS4OP7zAZ2;Ny1n_RwESp zUx|UZ!Bv|Fogkxb9{h0*jrqb{WMDIZKgo_BwDKng&QGK!tkmFzKzMLa^KR3ob_~!$Qe(^Yc>>b79*g(uag@}5t28A z61c_Ky_pEf2)eD(id^`BBclft4hl;dzomqbl#Gy+VnU*|A|Y|Dd?9g}8mB=w`h`dZ z<@$<*1Wadzr0fZaFFPV6sAq+w90>`Ua6lZ0<=iD0V#H|d&T zTy`6SH7eV#_-I-ecB7`Mg_uiExZ!CErD8Naj1^$Wijz)p!>H-uN<){EzODTMIvt)xj3Ha_|uW#?(m&#M(mx zNa1~AUrkhXR7Wvf{=Vvtu0uy48{m@IrkguNY-9;Dqr$24;yU5^GMJA+t(~PsSD6+A zUX-{I=Q;7fe|S8y?Y#<04Dd!}B?18=@T7sC5-5lNNitk=UDWy*gP_L^Rj$*BX}& z->zDm!XTZ5Au3*nwC(S!805FtnI%pL6#XN;t0A&X2S{%1z#M$VCW~1JP0m;^)?66` z8R`ug+JlvKy7uS?vm3M}s?@Pzhz&9*T(NzQk|GI3**Otn5_v<2&J{0{otB?!1|jqE zcA#(APH;z52X{0zDAf_gw>|q6(8g5=B;E$CT&%|e++Xj->o)SfCLUn81zVy6z@0~5 z}Aio-+y@Xj*LjQr^%W9Ze?7GE%FKcFTHvZ=4!TzQ1W$`L!3&%ebAI_SN zM3#v>zLljP%$n(cFl(1$`i0GTY-8eQZ5yYbcbhD9Hu_>B{rvX{^z(0weuhnfmv=6v zIuOB@Xtz~dCu(+Cp6l5Hn1(Y<4g{qE7KG&OXY-)0d+{ZV!Zu!p;f5hVFXQhyh`+T0K5s8dqe>KY2pe|@rsoNkUvnhg}l3%+lXvo-p)2H`gVv1TA<4r7eb z5ahtPl;GO^(2Bo{fPJT0OWg5!XbIhYiODEsQy@c5*}nzxxG$rZqOp}x^G+>B8IkBE zHwGn5@$w`;i8O=%>rjI9e7lfjY_I zPB?rl3d<0XQ(q2m;>$)D87Diypxf|^8N!2UAAVle6JxRUQMI6K1jlYFnZ8SHiW<2n z4qk`-UNIE@LfDt+FoJ!U49bcGYB)8b?uojfmoC!^Nhh5xR*Sy!6ABzJsSnr~a(nS#p_$ zKPJserv$y8dnPuBBQ4fCi2ZER6SPz?HySYESy2n8Mr@1VGrWTxQH(1!%IxIqW|JwM z1xK2uLNd$EWyr+)q?KD9a6{QSC=Dxi(8 zs4QO5?2#aICk^M-y*;bZVZu>~cc`}F*Q+~Rw~!r{*dc~ohR=h;Cuc~C0TV7~o$bMv zFRSh;Bn;D7Ct5q(ZrrcOe8pdgx-rbfzUX`HqkWBG^#xbRgHEHtmGB7i5){^WUI~?4 zREZ6v^D;~UXE_n1Zm@Aj161BCJq0jIgryQXk=+QxPU-e?%t^TrIohBf-7~p^f8g?dvyw zUpHUnh{L@IWnL(Yjy^>^kkO1vBLQB2fr$KHHNrSVVQn>s_ z)o^Bca0J+`>~T$wlq0Gm!HPdm=Gbh|&|j;ItP3+7#mn%!OoDdc%tuw`mmz;p^Xu{P zRlY)XRi^L50+^NS`7{-_`mVHRLnL!(3M$}S>@_>aD`MO4%FN;hmkEzVH~+3&n7i`e z^?^T0!_Qfo5^H# z)#%UuI#xZEYgK=rQ%$Nb^~Onsry!loFG0t&wfpdE{Q27UHoifQ&lKqTj63HPe&C<9 zxeozLnz0}(IFZf04Qht$7f?1}b64u6)(GT}-RbY*z=yyV~6*g`KpksO?s! ztNUfHp6b-zQFG;hZ4~#RMSYCz(ms~ZLW#`#g0L=vc~$4paga0#0t+%3!GQ&9JFz5 z;CaO+;3*fTmtWyJbvuynt%;{Lxyv>2@vIj-hkyVj3d=App=FZdRSX8wVB_zOZ_9`} z?~h}e@GD{z)yB@`|C{MvEZHwy2AZZs;h`IHB}|9)6Q=)BrQe&5lhM??uwg`mSf_Xk zz#dOpwd1ggZ|2KL{f3dZKrk45!dp-q+J9f<-LS>XDF^%h?q864 z9(m3$-|J6Gcft6pmu^VvwNbliOz%hrhu=$F?BJQ~w|I&IIgHHE- zjlB9AdQ)%l)+U8PFiQ9j5=u@yWb;_XhVVE1mFXzq&bp*@6A*t67Nrh61Dw6S%Iq00 zqi5GGo}JkSmQOi}{X|%J&Oo7L>ltWTA=l5BU+IYKF9)w6N@szzqx(>g_;Tw~c9o3- zGzcxz);k>zVosQb8YQKt?KslqD^h#9#_Q><2nZm{3OO3Q9o=JlTQ;KmBCkffF^6(6 zI1UO2bL2Z0%m41Wa?9dg=tuN@xIlU#acQaceaa?{Ny^Re;IM=6?67odj&#GfNzc*X7nPI&Zq4oj1BW}M z_5};Np&r9V^qk{5we+;-Q=|^)>2Udk#U+K{qruT>_*@F;`t@vK6X4Ti`>R3l-J~4f zAczy3a}cy3Rx=UBmy+UW4=pM_p1Uj)oq@OaAF?ri*TZuoYzk+%EWe_G`=&8Vx&5vB zXNp%FI}mmqXIQtAwq^^&WY-WN|EgdX@|fv8Y?7*29V!#osesY*_+K_C0j7-FmuYRx zM|Yb5(c^68V1O?X@q(b9D?8rSQ*ShqlxVY1+=h?Fn)U6-W=VuG2w%Tw2cNbbc!&i1 zlw(Nn-*IWEQgt^;CuOd_K=LL}Yq9+lF9F!rvEp$jt$KPA z?;u_Hf^_P%bkx%`pQeVvdo|~KJ@G7)bdo0k{Y1iO3}JnNA0q-97nU0Hlk9lFm^gUJ zG4U)Ij-BV{oPa7nM-_~^9;KC*F$c zR9z^uPZdxM=5n3oQL`tf*+&i1al(h<+O!8#E)xZu?*q;VeCbP9W|id7;K{(cA@}E( zf6c|+e3p6}ToE%aR2db#@b6_|;uZi$#GvO-O6`&*S(<2DO-q)x_)(uskC7TxJnX zW1tq~=d?bUxqWgy4~E<07AAAs`ea1htG#t*@hMdx@T5~tGHZ-MO|FZa$>mS)kzhJI zhJ67fTlB z%@fqBk>b)Vga|;0blC?cDp+Z4?NgJgvv^~bT&e_ZnxGvYPWcMo^Q+aX)i^T0lQLH~ zJ7Bt86tiu;!KD1sgyywR+>AkI<yFiqW47Tsf1aK)(JKlu#S+7C@Vc`5-1H(o&T)CfM`TLGObz^xGqPxr6M zw_O&@n|!0d2lHVM%uNv(YSa`k@2mwTlW{wYkw)^40C`uGMa}*RBEWV#gm1 zS3Fs(@l{^qUtsBs7Ig84Zwa=1Ni0t5$O1lzNsbD?DfNxIExg^Fz7q9XXe5tHm}HXV zYX+Eh?o)jF+s*-*Q0#_@Owni0j|g*s_L;`H4%S2wmM;seI|cvqx4XCTxYN}a1QQT!`^dDkdoSlFQS$ZolE4U}tH*<5z z#^O_tj+;yhl^RfK5DidKOqbhLkC#xCHzNE^mnFyNv`C&Ryp922y*~7ZePpu_Q_f>2 z{7ERLN2f%i7t=@2gqw4(BNDCHODP1ii17lsBN)ub7u*=0*8{QlphoyZQ%zjy57;)k zkREB1HZ-x1m*KpI45+zeyC$aVmZYmX#fg2C zL5jr0(Zna_P!p*10tZJ^vU>|?S_*H4Qy4B*VF>gP&AXA(+lKpUe#K0(mAeMbrrhBW z{R=WUnt_}q-F_&_k2`i!*cpS!^eOFaku$Y*;kVg5XtDJIZLxSKfo+QHDHJJNDF3>% z6gx*1^%#n@2|r2VS!8reFtG=y+H?nT><=*^xA^lY*PR{FkoZ`>jA)3LsjZ*p=_sFb z)z3tW**GnQq-*!UgZ^uNz@|FP2DXM+Ta-pj* z2P$t(;WP}A|A8G)O`O|{g&YjZLc2v@%-i}Q!^a=ea!zaq=B$ma-E*h=NukN4y`%RX z9u_5RUL=LZCx3(tR+PgHRwJkux+u3_##HApWKIqzeS5~3Ftb<`nh#@EZIvaxZ4;b8rl@x|@ec$%$ z)6p$VXVc!h_yba8v^ptQUHD%p?7fTgfp9#-Haa=@qb@ua|9}+*8lD-J$trfv4L)rU zk+W;s7+y%!7=x<|g#^6quFN6H_u3?&>hLJi@@M#(If0yP)Of%@oXFoo#Daw3Sd~GB~Si}bQ+W* zfZGackNE&Qmw*x8?;yb(@U7y+;37z`l697E^@0tx1GPN~34jc#e_>c#Pa5#1fQ(DU ztc+?p%$S&c^FG5{%e0)#LcVVSV}O(R1HQjf3QeYnnGq98LOUi^s`HA-i3VQkm{!P! z-0~S_3~}A{#Ocvoy;*QKP$@x#FZa#E=b~}=^81^z8OO@_IGS}F{J}V)XaFs#f)rAI zZ?vt?i=cB@rb0vTIa8sKl?q8dl!`niutK+4``ri~E4~U*v&-870>nV)@Yqi{oByE1 z%x3&AojS@ft|8p;D(}UBDq^O_-sU)7*@^r?BMK9b|6P>5&rAz~Y4toBUwXYa*er7ekB`ZaipUGL$VgW% zqx6bY`XDRuAAp2qC0^?xHp$*JYj?>K%8vvOA|=&Xt{9DkpCAFZBQ*77*5c2)(5xS{ zl4wR4+s!O6$%~ofM;SB0F1_9>DlpBM z$r9s!vaQcWCE<`NE-D3AHpv8PxpGk{#Btm8;r7xi-o<^_7Ut7B!WaJlz3uVpS*T+F zc2VPA@!@{NX`xFO`EXx%Srhnhd%nG<4~L_RKx^ei*J83UEU)7vvjiHY05iz^fP zGv=cf1Wc?uB?KB=rI2++N6&Ul6bUmukr*v(LV1+$ixKG{ZB&f*z=Dq$!7>|WZL$OC zSr&Y%VGC6l@_11nl@7k$3~%pP{p)qS48W;T9d;LRy0=ilE%&r;Hb3Oh z&0Z&CN)Gm$EfQqVl3kf5Z~B|vf^%!ZpFfO-bj?iH-q|r6Hp>l~ma|+-KNNo}8}IA& zYHD};wf(5xJT^dm%dH^j>zTqRT5E~z#;ddFq&1b8zZ!Y*>rSWKdV7LId_q=E zT!ILi?w8{g6%Z$7SDD(A5vJic(Xv``w_9nk6TYVxO!@)YgsMbiKVPuPB0N9!r!V)j zUfc>#{_wwMarUvj;RTbHZC?G)pm>r5LfS zwLl-te{b-+vuG2%1{ihb!-Bw<2nse`OM@+di9VUJ6bD!a3D>tF~p5T}3YWHzb`uCV0-O}7n` z=8s}6rubXL-W_$b;&}em6Qi-p8cpbiEhVn28$_Mneb~hJ=1h=Y*}|@O0!3Ist(LcB z`smqU=4r$15VL5ucaeI`D|X;GyVZPX>}JC_6NUP}1OS$_>}`uU{LcvY2(2)yh%SES z_dGKPvrS&r5EH8)uR?RpRo~f0mO5k%a_taiLuVu2B-!O+VWbk7Uys@$ii>l&P#C4) z&YwBZ8gESS1V1t>p(nM0LOfUjRVdwdKx>ylhca~FrG|9M@C8rH$OzC?8Lh)Eyy5K{~E3 zqakiDdSrg4L-C$u=uaR*S>nR6NjGsuh0(zs$8|Go>2l{EdPn(o-m$( zb|G7Fm$%OJF|-!`jsJ|{9|AU0qal4t3}n36IbDkM@q=-k0ALbZZ|%WU#60_R&&fd( zV|#EdyyI>zddtq*Qqy|EnwS11MQ$#VE* zy9(H4m5(Ih{>R6KjWK#?L*+!FL?@Vknh-`1LUF!fSTyU354@~8JJ=p!CHtL=QH;yz zhf(MUArq+A8T3%{qZq(c!ql^WUiEe*GOB+tUj1-EK`?4Y5Bu08K9+|?{>|3tBlJ;WXX(+DH9n>B(CTCN9=lvMl3EJHVY*fr@6y+2Sh=X~9WL*Bk zB$zV+2HnLuL6*<+V)rHWeej6?J-$E9j9D(Y7ECY);}o4A7i>FKomnx8&i;l~_we%4 zcv4v*u}FFApQkTlO7cn-MXMy$y>m*^E%9W&Z60Gr8Wg(9m_Ca6&fzVH z)`}wy*1>)r#@rwa>)FWaCyN|+Ja{erfa_iZxAXX-uEH8iN?45MD_E*;3Lo?Fm2sP| zBFSv(*dx3yuy|ef5iqDoldSG;0CUX%T*Z%}qViGI=wNg`sbJ0 z+Wx9OMiV+HjEk0Xi}>sp5Lu!TWg=U^q%JhOa6xd@PsI)xwbjADqrnL;(iVLVO4eov z*Zj?9;eBG?c#GDQD*lCigs+V-nqk z*DAk_73=I*+DEv&T=hxK|9_~v7WlY|s-HH2rck&Q5sNRj&_WRkEiVHtkYX3N+Gs(F zh&+nnr6|@<>KDLZ>L!rQHfcqX0tKo(tjMQPDW-v@8!SzDC;=)2t+;B1doe(i3Q@p* z|Nl8NbMM{VBt_8AuRqw_JC8GG&YW}R%$YND`{*m{5MP-If0FILn*1zm=5T5j#;E0| ztB&YRZ8+_BMw8b4$gC9OtuZdrOl1AILX(F0oj_4JdSO1hOXe5pO=B{LF(|jw0!wA~ z?3J4gi!u11Vt@f+3<6ljVB!z8mu&xbjuHNcOVzgj18pB57AOcF8`wSbNV;cC<~ZWP z*3S#unP}HjFunbA#687nl{;TpDq!ix^m*K;Qel+LSfzu9skEo2>%fG8_Zt7YbYS9m zP}?p^lm&X4&IR`DPpWnOqF1(W$7jULAkO{+GylFFdvr*VOkKdpUUJL;N9FComnu*_ zX0A)}8Aukpdb#0mNj;H;TP0)!Z7l|L|4g)%>c~H*h8i{~7NcYYGiB3>L=y7`^2>l$ zV6-=sioC-k$z;5x_y^mi@&{j##m=9m=pW4KG8vmxcwnBV%x0PZp;re?hA5M=4-Hx}_APXzx?yLMn>gp0+=-pllj?8GRzJC3HI?~=|6TD2G*t;2 z>-ncZOMFfyuU12BDaWrTBTgQjFt1g31={v?hJBRnf~ExmTa=Pgr&X%Spr>X8dk8&D znvM*$tP!KZ5P9jBtKW(`oD_{^3KS zc$y`tUTXz4TdgFevdiul2(C*IRLfalv}=SK%I^Ljf2sPu@eY9OX`0}G^J$hyqSwl; zS_k}I101WB+E$jLlJw8K)2ODMP*y&?sTxTjQYp$qa4V$9LHeeHlx?NRtD0QPN28*$ zf&jmAuuR}`S4rR+;G}>6=R@!uRgDU!M~t(r!k=cS%$S%QWj~qzG5)Oy=|?zz+15$1 z6bw+Sa6*)(!f^gA$GyH?@pQY9RBG|%tyw>rwG;Ae{6E;delW9Sz~C+O9uUqp+=(8f z^A$1|H(_wo^#kX4%eWlE(`8=UB2Am)(oXl^ywIct>S5E{Xh;Cy=A-M z7cWonrH!Zb@WLGxm-DjZkeQG(6wTQVN%GpBLlSZpLuI%+{0@NE)~7jNjpl6MhdFm^ z&V)py&Tf2ZTctURqdChbGv{lXQ+9Bq&Wl(udTkeK&KS%?4ukDaGUubF&fg+AkG#$t z?oa^hLB3cTybdAq+TLaAK+3#jTVC=_kvwwp-;PAaH2js$H4iOV`B z<1t$9KxVa3`zdpo?jGX|GLS@foJA~+6{~Z70=yper|l5GzW{)R{QiKZ#rS=#rp<6N zaJ1LPj}R%E*Xk2wpjDrydyQ#*I>c+d6i?{(Pl3AE_&I&a@x?NT3dzZuQ$k3LV3iOO zBUoioQQ%k4y*49QCB(-FRtfRx15!Y=g!mZ2IzAD>x|%QlZv>0cFu{vT;*kZ5yP2f~ zi^DyPU|q?q(t>pnvz%b@>}?6bI%a|qEbh0K5G*nKM-Z%?wVDbRl+tj5^|TJK_W!*s z2YFKgd_Nw*%wX$vcnWc>`hpSuZ{c1gnIf*!l3?uR`UGZg(kDy@m+KQm;fr`G(U;Sa z9D>hZY`}lOf~SMWRin*=7ZsfZYtq>+TB*(=_WCZ0n2n$TEk;lg;r9qdKgj+BX2Epb z6lmhlqAHDS#GAlQ$7A$x<)u?n-OrXs4_CsvgFzlW0ge@V_z~nwlC)R^8i2WIf1xiE zn3t`_e9v>1Q%at*6#FqdZ;G6={Bx@N8EGH(kghi{=>ZBGb>}R%&kYy%AG3|52q2T1 zf~N9|}o!lT*{1_V@IzdIgLQJV2+4`}=J)4lt7Kb1u}8*^kjp zA!!n39!~0t3B2Vl4-0SqPq$;|yPJOS?p<)}-3!)90^vwqy-G=q=}PMjNm81WV0xvw{PHGu`6Uz0<&8JG%Nv>4fhAS+@=IF~ zmtWrKE^kDlJ$8`1u_bvUFTcF0C3%xOcwnL$bLR5PoW1-q$ICA_5UEYt7r0}p;QH$I z-|+aC2c2stnD|rV{wuJM)3eFFGetF|51I@Q?&a9d@IgajMaWGTdIdL8feB zoO-0R)JW5Ed!_9cZvR}hqXbx0k^rk(lB4$czaoC}+Q!#l_r#g^t($4%!0 zJ9G_`h>*kgcfKMkb zh1c}DvfCPfM%!SwldltYYlm8I2dnO9+w9ua?r^O>HV$wjL1Yo>nMtn3-_@1_jazs% z(${FZ<-i*p2cod$!0X)rFtLyWZ9#D0^=<&PDZPI6`j+JN`%xh6>k@#&}83p1NT0Qb>|&{)fR3X3d$df9+ha^?l@! z+T?3sxce8eApT)BDz5q0f_`wmDGtZ_5QvnX{qu%bFkLh!U(pR`fT{IXL2N^D_9niu#xa}Bk^U0Q>pjUlfWsEegV|1FJGJbrGFynK-L7KU;8qqB zbU3dJ`qQtC`b%l+m|@7vFyw=qI1H>1a@&EusqUe2?6YB0O-gM=!!VH@lU1=1CS^5A zNc*#I#Rou!=^ZHPpag46kS1b}=y=EWSOka&gxDl9K6zdLG|rN)%A|ntF<;nQPkX3v zfXx_zb}~kJxq&@4Mq=GG0HBRO5qUsE*sX}sw^15R4vMP(g8POf-mAx?hc0%EMNk1( zw=tR8!%Nc*W@HKu?fd)Qb!wU4d`$_`(Pda5GCwV(AJC4{FVfbr@IjV&>9fMtD8Y-~ zZ6w&-KZDyf{9SG15fLsdH;f2>gS=yuC3wh)aJV?M`Xy7pttUAMRKN>^DT5mIC0FS5+FiZ@W%0a6m5&>6#SqoAR)XU&~UXiw=&4PRhWqT^-?xn ze=8=3PoY_qHH4jN-wFvkHHVyI8}MT+g#GZCP2Sm^-x=tG(&_y1yC(0H=UW*dki0dx z0d!khf2ULmDGtuWAohA+6KwvdV4BUfSN0p1gZRefdS=z%>EHeuBrlU(32s^mCZqo@ z)mq<>t+}&HmPwr}&sIrqFY|x32UdZt$p(~PVcjV!p$aRR09CZYPoadGuyAPQ#)3Ah z$#5Y?A18d_ddpjbo67d58iVRzk*Zy|+P~}VSk0pzOJUz1)iZc1tTRi<3KRYU@F0x=tr(lwGY3*S;mkJB1OGP!zb{c85a%H(RWMo)4TQmjm_&PjHJ z_niQ$Orl3M?ImQgTV!%|UaG6atrnSN0}+{A9hFIxfK0MPL?%~9WfCPIlPrNQ#bj~^ z@j4KY3&c@gK`ao=%H*n0CLgjgnN6!{-b$He#Qf6wTN?n~OP_{c6q}XY>^08EGc?Bj*ay|8*?N5s(vI^Q z4?!C69E2R@jAXx}l}kzXBh0G5)qi+MBzpz8as?!N27$E7$8EATw-yWc>$_99^^-W6 zWV4lT$hF9KGi0>czYv8oO`k(I1RoLcR(TaE&v`nPQWZ-9r|2S5-khqvhE@EBJP5kh z-Z5G44gN%J#ln$kWLPc+5=Pcn<0&fZQU6oIPR<+JQEL01dJkggKuI7KaU4CVu2n`8 z`iEhFt+f(N;0sO#AP$EB{9o=S?z=qh-4g#bwSQ0bg~(D~bFuT{Lx(`8s?j5snHVWE zDe_E4v2_N4SdEwZOlFPG_1h0t1i3vt65BRnMNF| zhI=2d zzFLZeDkk7>HUG}X=Sowl%-kspFn@k_FL+;dCCO#{oJ`IjkV|#^|TH1oaF4I%~Q}G-Jr>uz5s*0-vs{0&=k(p?PEpQ3eR$!VZ|Mr1tlk4wQ5p z6Ys3r1qJZHa0u{b9$m}>%2WZ0^N8R|gyinJNG%*0k@+|;^fiol@U&?;-9hIZY8`D7 z&=i}SCNhwnhiB|~!45q3?=053hbvZB)x{+LXGahXDy;~fvrKSYwDY17;HRjhnE9W> z4eUU=A4t=b7%yW&>@%Ul`$0I~jv*vfIG zM!`~k`iGR%U%1%oN1-| zo*gdWUUL=>$EtdjT83K}C$bB-_%mxOReor%T29WS60q;(+*_)=nZYHgjQlZ&;mGdg zsVY4`mnV-&D50>PNaaVq#wySisxQEL(HTSZ1;3~Laa;mPMGw7^&n(#jH(npE9qpa3 z2iGCbb_&TCP9aE$P9b*_h-iRD>JddVpJ^805Rkdq`YrRZg@P|y=P*s+l;%P_Cv#@1 z;50PzF*iZX&CH$x66rpnsavHc|tVf{H>_XwMc=|JeU|l4ccQig}UM!Sb|$`!2uO4 zTcE3;Q)Q1MmQF9#eqPho7`spjSC35()wx4E5v|9J)4Zl1yBf+g>F#pFIAOzJElI{- z(`YtTg%oobvp|zJ9_>IzG%RHD80mRIZ;tksb7F)4xI14F6$9_?@#$d3nBGisAb6@& zP3Wd$OQoOhEvNVn1M!?Oz3JR81p3udm7!ls0zGj=pmQ8hH<|5B=$)S{9No2;mF2F8 zsLsbUa^p-)BR|B@TMC1yI)!3t8ZVfl)PJ)SL&}Oufhpcmlx~>fHP=x)#A8bjF_H_0 zc!2^zC)@#jE=wfvBVm=a zR)RB_L<2V(_o!i|M@d#bo~6;FwBb8w7fUVb7GSY``$PoW(Eb7k^Dqj;nUn0!QcJyRC=I}3W)*2vGXy;%!m09H}jDY)zNpbY1Lw?qX#&+PDc-B&m5SW zJrimg2RxEnN^9oKdxlrcBUsIIp{}c-z^j3R+U>?{|H&?*m#JBek&2CA)ywIPb)Ukt z6*p)dn!j(gW2(HOw#N^JfB>J|0ksmd{q5tIaj*2`UuRunBNd?^j`p)N#3P-4GBs$ zTyE+5yKt$Z^jKF0`^Q^TWpSKS7DN7rr-T3BD;Pp`4E#at*StG2v06sbWFj$I1_OdsMdb7+ z1}u7Z4HeKrb)C}n(n@ZG@m2=V>^QJzFq7RVL>ZXvZu;t19Sn+eMteSwFP-P~F2r9t z7O)8P_mIea*?&Td?HmBV>vFS`qw5K@_@3ExEa2g16SP(30d5UNaHt-Y2Y|of80CR} z^A0;C*}(=_fKQf0~4^g0})jPAdW(((k?M zBzD4QTDD;ta`gf%5XLJ0FtFjh7KboT@Api8*K0HDwP;0V?uL)Xx(i35nWA9f$iE3z z_IF#7-*r~@Nd>KdPHSW!-me3J7bAAF<|K@}!eXXf;I@kH59|b3!E{a}x;Q(}!2Xwx z<<)1)f-BZp>UDmamwL=GgtY)L`52odQbz)n8dY~Wl>;fQw1jJuxq=)z8BA+BsG{H^ zc6^9WdgCJKOuIi%eTjI1hk*xXmW}%7Uj6}u(XH9rRuwGX@5kXz%upaP0tkT-Iv36{ z7%)y>lKFX)88Q}n2)}Ez%seRrW%h+>cFo$*M~*d{ciD!1;m}@f<;{8uuA9PE(A*-J zJ7@z7J1*gy{zz)jf}hKW&Yr?PKT20Y%sLNc#0+r64o5dJz(zdc>992>OIuN!88?fq zOCa^=M=3hX4=E}jF-gaXT$vTAqxdz2!emq2gl#Tb|!qGX7Y17gIx#qFDSNGle3TCwW)RU@Y_?`+_eOwRV1bmN!3iIX-nL10>!o$wBc z36mt@-pAgfL<%MAU&W5Md&@rwObU3PL7HI4+uh~A5hfRx%c0H5+dOx-Mu?^w7UbF6 zT9UT`LQC>?Hw{b|!-j&LKM|5*8!DA2nYaUUgU-E5Y;@aXF!)cYz}}jzH7J~(5JTMVFda0 zDh#O)wZf_UX-6*l;>Nk=x_Cwb4o5DS&8Q4tzP2~i!&W2#`uY1Ns&a{ z>8)Pdmy0Vh6J{Bp4lm5eoLyX#1|5X?mXU?|mX_o#0N;|l)d{nkhQ0;i3%&<8h;V(V z!*&Nb(fM|&*VL?~l=#TT0p2hVUldiC+&Gwr>nt_A{&k#xPSl^VTn-`eH zF?;p-KWJp~y#U%E-7t)7fMyBofkslg^%*{4)dgI2uJVYzB3Q_GDA)ZZ%=C&Pb z5}>nXLd0NZGXkvOd{8qNAAxh6_Q)z2l?7a+cB)pYL-F*AeFp4G54|2JWG5PG6gUFn6AkiZMKldVkLTewqL5`bqKDkr%mF+uT=p)B9=3xnEXqKwb4IL%O{T+&YO%N2 zO)A|Eww2}zb|Awat^t~E%5M6dK&l@a&RCzqX-J0G_O{46iqJe}tjE(sV?B}{HP)XT zW_fp9kV0V5Q6hW7#QP!gmyWv-BJg}nU6Dm7RR}* z0|ROg_i0{=@!kg!TcNr&I+qNtEFE3 zQISR*!?+98DEH@Ch%jKmdC*N=C!A;UrkgxtHDTP}eJ%Qu6Z?fo+0j(qeYbE&G@bl3 z*=rhGluTp&c8!)7kJUj!K%N<-mLbD8=5^R}120_V&8PJz}@Z7Q1I!@0k3Jt?koj)U4cvp-#e z4#7*h1Bp^`{V5+|iOrJ#Npt_jqQs%go^1tX!nuD}lRn(sKkc{w$#Z`TC0OQus_8A? zvx7d$z}7A*HL$otUCo>kt%MIeRLV*?3DO@t#f@t)UPSlNzHnAT9kL3ng!9O!vce+U zsgajn@tEWeXHVQExx?8L-;&(n?1?(b9nPLOU2=!BCuU3Tj@uJke$8P0H#Utv#Ng()DYEHdH10a!7OZcnU4lu%%nwMFbJ1BX<8KoF>R7>QsuLBEb zF+>$_)Dk%Z`>~-V^1g4O4miB<=gnFod;RLIw?t0f6?*J?ZYK}7hEYo-oV)G$GK4S8 z;C__q!H>?`jaHF;eGY4uaGuK_+O3w{cF22?`K056r* z$A-J`Xx|DK_V5JAT*!qzo`+l5Bg-!A&)G#LeniPu!2p_RT2ZgjX-L^8l9H`HP2s{< z)V1I#tjF+=77;uddI!yVSGqJB>7fd5*-BF=-LWV8q24Vzd~p6}i@7t9z7aR8BN-7J z&0N-n=`Gb`nv>7RQ^qzYUx=raHz!}jp`?K>EIiBnyM8<#d&0i%pK`N~8lUmU@1`pc z?~>rx=qfdef=mMmQ$T>FI%gIRUDK1I-VH6Qq%;wxdASJv+~1_wK$fO=M2ci_@wN=w zrIp4T7VU`yxI#}Xa5XG-%tGe_#TmNL5hqH7Zr_JlrGiT&B)G!ZpFBN%hn=xM_%$8Pb$vrAie0g zG;aCAir5`_$!mitQvem>rMGju)RKJ3jo!_hu5@l+^OWeb_0D}>rhXeatO#Rc+-`)S#K{e@pgki4CCgXYdTPBV!GE(OcCN^F1Z)` z6Jo%9#MBL^Eu)x2FN4$As+jjKt|1<%Moju;!Odprot3jm`l&v1P>J~=#pL=nASH7> z!u4>PWE&{07lB5K75n<7nC^lIRqLw!a*Vjvv4pQEBD}=KA=wU5b(M@`g^Xjx)M?z> zsYUof_p`JOcmP-IAj2Mr5$k%;Y<~Gu9>kzvTNBM^nkQ0qtU>3XNEk?#_jfvtAzZlO zAu1{u^Eb_FJq==cfR4HuYsM5ks(maq=FzZkmI@*J32OcRXW>fHgAY-Dc#Bc%4|~4D zsP*}ez@WsTV{;F~()!J`7QI#~Jy9e)HEM2g-Hc$KdZef8H)BWOOL#KzIa-;9ahi-zr9YLNR^^%OGauDTtNBU9tB1vV&X z9ph?|=KC;GjCnRY`UBXOZ{D*q;M!e|J>rv1wJ=}DY|1X&>L2%xUCPQCEVdo2}uOD&tHe@1Au-ope`7UN6o;dib}Gw%Eys_Qc6C)gLIV-u3I`1 z_#v~m(X}6NvK~e>XpeN1E-rj!5K?|uIVV3>ilH)Lj1J>zmwth zinDES0gKU_u~V7R-eOIiAjupfSW_LV@dmRaiY76oZ1pqvhh$Lnkm>6N1evJ>o?V_w_ zX7wr3xe;sw^)l4sWHY{#x%+)oywUnwbwO?hP0kv@E?8Q>RYjLx3(OM<4XHFjywy%} zTQSKUuO%?au}2cDp%;el&sY49E292&ceCfR6&ZyAciK##&?C@>+Am+*WkmD#C zkr_7DxX!R!3uoA^xP{Tou;-yoqef6uXV|SpGi;buVulrH%PGyAVXZDUd)~dV#0#IJy$ zl;Jl&G_U_vb)HDg3`IY4)&4^FCu)I#=&Pe8x22JKJ`%@2ZfV)`HLY5 z`#rw&@(ju7zmznJe!MKtU?ePl(de>IP-?^FS%PgqqRsx}(}l>cfmRkBc&Gt@(e(YR z5jO`QdC7T)Wq#VFcI%`XuK$3HVD-5Uud{s zP_P83$-}DGW6|ouaKob+K4!Cm3_WF%i0;n2@eu!w^zNvfed<{TlX?0{Qsg4)z+(& zR4lN=lkgIQVDHNy|5zNNZmJWEf7Z5lCff5??!$xn=DM%uUaT3xKd3FI`l0bTMQbPe z%=r1|b%sYUUVx6@!09;bzCD6cqUJ%7ns>?UQ11g9*7qOT^tbIBrlBa*- zcw9~k9tK`XRGT%}RYsnVAaxsl3lP2t+cnaF9J6y6H5|+u_@~XpB4K-~qqu~H-e}*N z(8O>}hdqonjVp}$K@r<#PeWhqZL@uoeW50mH4tFkVzb4?t55brZ738d70O#B#1jW> zY=O=^a{Z(3r`U4ejYU!@gTLY3Og#BZ@(A+PwA9M76Q;iBHMq-AFw=aO?O1fPkM_(F zd;I+SA>8KGND|QN@<&zU8E={9HT=W&)-5`wnrTdI=N}}7cSsHPG^~Kpfcr}&LKKSvFmO)va3!`(>s*CXOx zCJ|B9@p{*w0Ciz@$pF5J{_&ak^e<0Y=%Er?%1#?zq$Try+wM@#Ze?Z06Sv~r{XV2y z-6>NML*a1Q7Am3*Ik$leZ8&alk<=v+b=vQrbQSi=)rZsXU-BA9ICfbTJp8Wzi$vdM zmiU>4TQfCzAUTK$X5{_fPZw??R%2!Wg-Q6}SKv&s^V@-ze%yN+KqQbi*TM~-v9t#6868y{;A6e3F@L&W($|Q=ES0AS7n#LBfHS|Upf3A z*sy(Ajuf;~DGIB}#af|Sv{z|at;;)4v~4yOLj^$lIST$ifKu>IBMq(-V@!hS_Vdv` zNw?#>h3r%gE#*)i+cb?GTAr^7ynZiyorc%z?Q4`Yr(P+fX%F$$Po+eC?RuU!$N1z| z`nb7#ubj+iJy-zZ*rhCRI?s)UvoebEbZC6ggt@`C5{-ixXt!pK|7Rc}wq^LE;*j?@ zp`IEyw(C42!O(zt z*raO*yw&1{Wl`0*T}$jhy~Y67$tJf32P!-$a#XEL_^T0|J#1-RWPJ@)B!INBPAbES zz6_rdBvv-0tm%^q775(P!0iVqlMw5?i99t#6uUJ>L`lh3UkHTo=pq4xlE4LDY?Xd* znq>NofNI{Q{|DT0{|5bkmNZdtqS9 z@0Cb!ebNZS%kSj`z<#O(QC&4PVjjl&$90;Bh@Faa%l(ApA|m2hhlQ(K;g6MEL_|DL zoV%01b)AWb_aheG7S#MpuXdPui(WN(+jh3 zm_c^{p!wv0MYSGeIN3F8CZnOw=}1~f@+xgJPb4$F{_z;TkhB-=X-M0zv@)a>I`YB| z$CqaTjA8{h{0@%d=4H{Q%4}2X&9NpOMQQ4aXj7w$z^tE+Bm(c1+~GuE``xTNoCy3* zauKvzQUrb`xxNn-`rUd7NRmiCJYuB;?t*g*-0Pn`L;F632r7 zV!_zIB}(v<1u5v94N8fq&bc#6@P9@y?m<^V8GLr4k-=N#+>;$2QE#J;ZG{=z?+6fE zw_t29*UUF%I9-4!^pQr>8Y_F-w(LZwZT){@~yX$ou`s_9bVZ&~E4 z0)%Kr)&N7{8o&TGtGR!|c6}cjP-U_Uo-ksTCw9`;;>mFUHsKqY9L<;WEUCwl)HeZ! z&P<1TP5UARykWXB-n_vhWIY|h7f^f$ERac8M(IBnl?Ya?cTTB%GiF(}T8y%QPGALs z^c}iPZ7RO4f)6z)Bzu`!d%FJ4@G`abaGhgYOGs>R^fI;Ae>=V`SUEvBq}{(6A34Ip zX*Jvjt5JKh;3}J)?IkZ$+i-_YD4~rB76&E27w;sRWrQ2rUEwn9Zp<6sXqUC+K@Jct z@j95&W|fMrg1*rMc}v8yc9_s{K!i3T$(6j} z_G$3ZN~6UiQ|?@(#m2$C*o6#;WbdF@$@a`y&d8DZy$&)*+|;)oDdJAfzw~}1Z|%TZ zmGl{g5M8u{IuFH9a^?ebGY@bnb4ddoODp8773wKj1!=RWWouS2*r)b^mWs;e{} za?aiQk$^9uU;toBsmz4gnr*y+`D7nL`Zji#9DsSsf4YR9ZCNwAguna_vwnGB zac;SPrsQJ%!u>I&Wn>9|yyRm2@_WIaWOTVZ`I99V>z9qixjXyil8g1r?Zvs{{6Bt= zSYiD_aV}`L((jR6tY1Eh+#Q%epM=H@ZKZNpq~zyOPW~Tut0>_iKfrP{I1%c|Q8j~R zby%>l`HEs_SHK!!eL+0&jV+6(#n3$k3lkB)?njH}oA2xJ>T>HWht-ZRi`OGUD5OjP zJ71c*y}zibS<$9OGVN{!5J#yu$iQbs>+Y*GH1-ph5yA+eh7JyO#c^f9aVVg?u)h?A zozeA@*)Q%y!7_iaA==s3AScqXuR7=+A`#l*Ky zMKjzJ#tpRG%xE1I!me=$A1s9Mkx?N$Aga&x;%=LC-*&lZPNH5RR|O6YV=#r^@?#->XC; zc6;C)62a4i-MuDr{tS~b&Yyh_-?zaMtN|8(1G;N=)FdywWVGb@vmZ-M2EcGypNO!6 z1wuD&-!9!qi?P)Hv$;PV-?`|Uo2hx&zxVD}w`c1g_AePD+vn}Tg9}Mnq}UDdZ$L!- z!|AxtuVds;U@z%aeY^i^IV#$cpFv6N`eG9i{tosU@MMow7g)($Ps2*^IsW4khg;yc zYq?w`q~hpGuThC+W3p;;sqE3)`{F@F?0HW2RYgs(S3BRkAb{IbfATle%%Inedstm)9hFd6N|)b;5B%sq}BKNPfsBg z4Q9>Ehqli77w|#9#MuE5Q?z)_KmH%%QNW={ge{8uu!^>57^uU>BLs>9n)4cLa~&F0 zf=}-8@>U5{z@r2zbogszU!p#TzIONz@t|w{7MubT((5kq4YpGnIAB&cr~q?O*58-e z0%AY{X^9g+0mKQ+y8zxk+3hAp)xZSx@Ena3SS>`8Y{UuR11}5n{v&S({-k9wROGJ# zkk$UKvR_Be;Z;KTuS{x$ac#W%?+|aFM&y*0*?5x#<1IE^h!hua#l2v;_c(!63=6K| z`hihT{@vdIb6e8iqWO$EBLM%Ct7VPrTl%AYK2Jm*ap5!faqM#Lw$`*qtm+xD_ zFnvBFbOq9s5UK^O z1XYbTegEdm85hEXQ*h&bP{7vrXP0dDZ-<+XrPY&=aIQI2ufgTgEZKR@PZ#2^v9sHivEAPVG_ z0pkU@hUO6ZWtUSOx)3mW0q|AusR_pFDSK(G;<$B6xpq+w$VKhE|KlOh%<6!@vThdl z|3Xcn(k6e~z5*Krv!h(!htX9|F_U55zc>oxM+zeka`gMBJmF@SuWP#RFTMe3oEDbW zclcNicBvax{lgJKDL)1!Q*tYbXD@IX7&E31kN8xbL~cLar)ITwv5 zI!)t=c;g2~Asp+jG9WUDd;wC*s=j~PEHa8{QagWCJN`8K6P%F)yfQ!gKhUF`JxJa| z$lY!n;%vEu&8xoLmycA2SrR8Vl5Tuh<9$)Igl^=VYE&xKWJEVEQQt#>ZuIuC@!rGA z=Y;LW@|mfB4P4%^`BEsSA;fZK^aY&Z?wch)3_{-RK)*{nON-7}ehfmK1X-pnWx_(` z^FrtWXjeT6gvjF=63saTBR~ovrAi39a4+KkG}R&E_y`Pt@V}N!=PC&!z|IKc<(MAE zojQZS=%*;YL=yV|92`XXTLh(rY9`Czl09bly92g30;6cWTMB_QyB6%$0fV<}9laOn zzn6J)yIt%Wrsb%RRKS83NkgQ)wW>Yy%jB|`MG;QRD*6kT@h`kT48Mz@@%r$;S5n+=v;!T1+BlYdX zf+k6I`Jj~TMTx$FCpf0c6O6?z8jmm@IXb+*F-YPI#ZVHsBU10CmX@H8(*9Vl@k+M; zKlqWjWy`%Bq-nCMJMnVrg&rBl?Ba?3CY)%>+$SN^j#-jmmaV}|)0(Tgt5g+Y03KF| zf4>Z{vi1Eb%tF*RsD*Ro{G!(3g>@fc(XiRWg>giAd)3^aKO+yz0ydP?>8Y+pljJ-2;PiY2 zpL-hWI4U+L-O<2Tukm1;l5Jp0PZ_|NwwswCa5Bw{@n|p9rf-k${3oERt=Y^LX$xs` z^dJK3BqDXdi3zm+0hU$kPBa;8C}}XeIN|@ws}vWkxlF`P|L_fFFHO+ElMW_qb4Hwo zhd9k|9s%Ms2XR^mu|rmxUZZ$d6iw6AWldbX+(ZbQbV0838&AIOqb-L6-}C#JCqWg}6Ml1`ZV+ z6PgT$Gwg93@ZU0~;vWm?cdFf+J6?f|Z%QFsY$7{>e_AQJBN-muK&2T_Of0Fz|aZ_ezz3lO3l$56hSsj&(ZI+9o9;nX9gTP7%tdH56u-U@O238ET6zGUTPZU5;IOtOwP)^_P z+zNV=%j1Hdr2G0MKXDt@<0Sf=JB842oO?rG7?x-3BU9K!gkb| zE^oa21idO#bz>t1A~h;wHSi`i%xzx|IXko!4t(0L(4qjI7!I983^?8lItfGMq7ER# zwJ;rUEm0w!Mg-6uwF}SunO$EvdocDr%lHCf9!TZC=i9p65J}mGr)a|kuIN3xVpXe@ zD^?igSheCq#E6vkWvIe+9qk}z8$0>Z`zfK3uzt@h^fNVE=ZbY+KSa04rFtA2y61>7 zK*`LL7x9t4hC99i?ck7-Z;2osssZ04dErT;IfiwWpxnHwh^yptmDW{)9GblLRy8%6 zkC9fXiuldT$Tt?n6;lc8Ws>4G=7P7+X2RG7QkjX-pYxX8ZM7_ue zdW}bExBJ5uQLBLp9ZNax5%z*G8bYhk#9Tr)DKzAt29FEU`=QlFqCaTA#K-!;pLTO( ziTMz}tP~zui;cOlRr<3vTfraqVZ2kBC;S8dAvHih(kb4g<-cmKN6hC`=^n&*Z}!`7 z(sps6&TlN2eTiO-b}zaXYgQQZrHgPVn5$7)jF>f1FBc;PXCIGQ=KK+PFeZ@QOvX&> z(%E7uE~UBd`|#D7`fakj)X%-jzH$7kEE_;w{~tHvLe;{gm*uia^WjQ`M2w_)fjU( zqD9BwGps)#)c^EF#Ki0h6i1heP(L5(euYJSmZDCbPp9i9|HHe-yr40V5%l}~?rw{| z%oeO{(0}%CG2&Bc75IA>Sp4bFfc_YXJ%6bEDC*y}?8ofu%@BMEUo8YX`j~ORP)&ao z*0oF+>%`fFryjT*ieC1(4436{!>>92)6YiuHPZ18zc*()?pV%r{Dq-d$H8?*9!u#< zS^LM8()YEiMMH+GFv|Rst}|V2#?ho~{QwkJ+e^~TlB^c#Ce_e49+PfbikNQp`j7+V&0=E$JFX7JR1hwI2X~GBdACITWrJxOdCBNc(r&SKRgqbiQj}&z9Gf z_VpNf&ER!d0(=gcVf*=uP5b8+w4aQ^Aa4QSPw~h5W^T$D@9rE7@PM?Hp{TRH*oRP( z{oJU}+JZdFydaK0S1<*LEsEy`^eo?HzEv0w`MY z^#W0tcQ8z_EW+6;vxjD{VV3mhHO!Jwa1FC5R3&#c0}9;=*6$@J=PmeD{Ayg(vu8cR z^W{dreGCZF>3z1YC{a|d5DHOU3|KV-SjOP4V%~^4;7|DVI9lJJ(vwF9z*;s z0&0IdwE>NYljBY(0~F2cIT&kt%YfJ$NGrZay>Dq4LSvPwIRHAA&^*2I`LAeNTF5hl zKVH+hz{<3NkmizYtX?y08)J*w__}RlkZthCYq}S|rVT_$muzEpi8cgPYBB?6QUpv< zyL+Quw1F|ej)Q3pH@A=L&hMdHLQ2K_@!k0eyYf2Re%EWJ?Ho%hPv?)g5tuw}>Pl{v*!^ z=ZR|4kZ9n@0q{S5FEk_vz(GjYEr5XSB}s0tMEht$cg**ijUNjA?ep(#fJ`|TgN>{~ zEyP!p-5*BQAf=|yT=8;P>@)C}eaS@D5Rphcq^@XuzvYJv3VJQrNxJ0*V453%EbcCW zev}WUa4nc>UC-?e*Dq1{mC@I^)G7rDsj<-n6e#byhQK-}Jg^Xdp#&?Yv}1jC>EE^o z2Q#B&E2hqeO%G9FS5zQpq*_~vl_9|=VtMfTFsZ+*~Qv6jq>Xx`zx=562Y)LaUDj2#=XoBo9w&HG_1~G|M z`AdArI7MKsV_U)AuxgEdnUBGHvC3p@@3){L^xBXe@7cot2yv@>q6@(5Kt64IlqB4!j zrYtcSXNFI>I5-z5vOr3K8a@aap-cf4f?En^5O5vth#2Cc7$xtoc_8|pKIR-)y z0I)2e2F`76`YNd8weql0ysb*tr$iARhCQ0DVBNNtit}Yv#l8(w_p)YFmnL~(yPS$f zsC%@ndwFqPE~1Vx`H|1USUL&b(`|lCujrVt{@FHPr`zZ_gZ_t*@dWu6`Beh82pQc9 zVQCR&s0jf(x>Wk<-tx&M(sPOCZhlChdHzlf!QRCM!d&j-;qoT#e`3xY_%`OOeYj&F zEUNZ+>yifA-YXu7*xv3)L1gV%e%x1!3>+HH#)**?7GMHZcm%{YS@EaOb?z%l9^bc z%sAragYK`PnUKoP?uDn)wt4SBlmTxUuDtD-zbsas@P(6{5)H82p}h-o zx;7XT`cIM5LWr=e@~sicP~V38M?J}YAjS4@5QR^|m;NQM0Ikq;oNm(172YSURU6-( z)BNN4C~lpoAGbix=CPQV=>k=RNa}rTfgjvJ4+Ex=Bc&uB-b0ZVGgl6M_<9y8k0i(} z{vTmKTIP?Q!o&1fMocSyUgyE|ePc2U`FS0Lxc7!#Z~Qy! zq7x+x^#f`@v_627Cd)XLo<`>(^8mf@WeXT){v$w*qo!1*?buvDt7Bl>Kp(o(JbS(_O`;@w1 zh6tzwBCY=%rKsJyIQl*|3`)0tKvCEuWa@} zK6JJhcI7AnLzW#X5Jb-yX?)AlfgJLxn=$tFgZ#{^@wN9Px3Cgk`^;ZeGUjXtvd?8U zc*}gMZj1X=T^^FnHF!b_aH?{js=M@45#9M$NGS$~3a?Mu$5OVEAJr^tZu%HkL5=Sd zII-0NZbN+$3mKTeQl>?IouStXz;LX-D1KNqp<}h>z9mtPwb7EFDQ+h{l<*qo7o}Ia zqc8q}AugNyovNw!`2`T>G#Axp6}9Zm9im>xjq=ri{!v3~Ik?Y5iRd zK*~##(X+|BuwvnD+nM`PkSOdy_cd4cB-;^Ku|2pQB~Tm@f+)_Z4aK|tozwY!cFWG!_)JAG(j0R?C!1&aSPwGc|@Y zY+vvj&i3N$!({Ts(*Z+IIWuHzt;G;(7@J6l66xDiwtocYQ9870^bV~+hgOvC(AG~3 z+o6+{BUeN^w90m996O}pQrm{ZpIy(PA35vByWf`Fp@CX9dcPWgLPP0(O&GpkJhB0_ z8Y2B#X8J{JIUVXa5QJ!zD2Ndii+~W_LV>icj;LOwN+}JqzD~%yjLtrVl$EQwM^-fg zj@m{Zg1Z5uKy?LgdqW%nEwTd~u>hsO5&Tn{BMvxaSdO?xW{oBR5po3EbsWLHhqY%Q z#sBT^FtaqBi^rww`P%^MSl-}!N#0n5j0kVAT$DHXJ{oTj1e&tEAs`~Wp&&-)4T6a9 zhE^GwH&~@4ZwNY`;SEB{wlZlH-e3{o4L%5OP}BSOw8C=Rm#a&tkWHd-Xzb|fZt2Dx zx*d%%H}P{btbY)i4I9bowGmrS*Cr9KQdvU$UFvwbRoPDs)U<5aiM6qe=~{m&9))Xx z(4g6iNJO^)kO+w5hus2z?I;I=2ZK)Z6i}kA?S=k?6C<69k#O}vfBjS31E8g%mGor) zpnv}?ZsH9fL=d*#Hvt1rI5$YE4^QQYrHm~_zI~M?mRHszJCL>xg8Ee$SMr@6H>3BCylwHRP3oW-cgjAKq{%|=nVfm z%px-y^Z0FR-CENYK`CBPQj2rr@w?Y5oe?+%3a2jbeC)veM?uFC@nB+Y40eo3s_aOhEVph-E-VoEc&)&~4*onobly`)lS5^m zU_eg}(*k(p9Q<15i?*aoFK!DC(-ij|V%vkeo2LDTnxXIhM-&6J-+I1{w|PIr8|i~< zI;8zJ`UfF&@R2zG^+)=Ro3_g3IakP`HcyEY^R2wyn zsOtpBl`Uh7z87SK4Xr~I%Y!3&{k2a<-Jov=YC<+xbLkuwV_O1TL!j3LwOZF9tEPjWfh9ICDJ+n>2_7*HCU)e>$;LQ~Rk#lrkg&=mb z#f|p~nd*3%pOtgG2B86ikpEub5@7&)Q*s_$o<|d(*D=TodOv!?(11>JVRO;BCg=w( zVTO@Crch>4O!k=2TfDHO4q`kv3g*l!b))1G~ORIoPyGIZCSs+yvwFJOS#49M3bBlpbe$X(p4&x! zV5F8Ml9fao6`tE!zH}sbu{~xJ(*X9-;fwWzCEaeb&haJtTv5p(+JSxL8;8e>FtEd1 zGja*+HHXqrgfU>mcAXQ$0c)91X}6}seUk@x{!0`?Y|r^UKN@k**~&|TYh7$P_cXnR zgF^5+uXTG5BicO1H5E4mnK&z|rCoH9khr7IW?KZUJFT>ZJ zGEGBx6nEJydGwY;(;N)Pp@T1Wh&V-sFjcUe(M8d|AOjjK z+}n@VKnRg>l@`>v%v&y4@sbbG`0|rp&rw3OF6WD^3{G=*R+vOR^Vg7HQY)LW7m6U{ zKvv#TCsiw@FwV?i^zk(uO#k~h-de5z59jI5vD%FkP0 z!$AsLfT>#hSZd6pIP9A+%vD9k7H^eWxDg55$J>#w-N5Hl@2 z1K#+KWI+RorD0bz>5lo@YT9Pg^!PvFCms8x8>wG;L5#gWYJsfZBPv#S0@vw_41P>K zkKj@#y08}D<6nV(*&SU_)4ypR#?CCfblU(I`@ogIr2##+p8qY7*yLsv*M*xQtMhky z4mOqeWNt?}6pwoTx5T_LrD~#%_55T1C-nTIX2c0os^-qDISoH_bNUhYOR2(KLJ9rC zAKBD3p8qX~!;ZRKia@|f6wiOZdj4yZn>Wqf={aFTe=0azI8GSHtg+&XV;?lHOo=~* zUsQN5yKpl!&h1u(w_pFxQf&*Wa4skNme%(*;N3E49~rdQFleu3(1#-o+81Te zz5)gL1VK~Xctpv5&K42r@r1}!dJl0hHFCcAD;@#uA&K?^`+@kv*1O+9QG zv^Qi>9@iAo|MLtQzmG7zk!QY#xA%IQ2BDcrIURA;JQ0(QPN6qr`R(!Fam(-OhwQxL z>@u}w7$BHl$8$roo10z)QeM+hKub$u2eh!%{=k_9Wv?L%$u8jNfsg=v(x;`#sgRS zti$O#g@QtaB47q}NZSv5z&mUFoT07Wfa2C(Pq_Uy zx+gyb6HGTt5xdRMG;tI2o&ik$oDrZx;FBUNTQ@N-#fF=>tvl)_4jDdDYBuik2Eb#A$dVG4QTvz_0#U(T_IW&x?_@!B94JQm3Iv+4*Z|q<}%SjlD!_Y(Q z0VSeapW%I@jHRU6+tG)CDD#$!9c-g*Z_)n2zt3Fp@ADyAA%4k-#F<9Gwb6WIacl?m zo0{1M0p^cMtxR2%o0b~GEy_WJLiVD7y+D(<;_;pTw0?uuXCP%pkhtgp)Mda6$j|G4 z)gDU^Ocdu^a+_4GO>RrA%bj(q0_x6JpgEqII2z|YUNSpdwKdyP9buW@p$vj3t6+K$ z`O`KimvPupqb2#08+>woHn~j>tZWOeCY4J;qIE9;fEGXUKeiTd62)Eci@Mu`Z^;x- zQrWEmy8))NBPw-0`KyJ}6F>2DvPdlH`Ck+zJ-C@k04a=gB&sSc$w-j{3TP4;)r&C$ z;}PB**N#SeV?T#hML?2<=O}2h+nt_Y$@5nHmcgBhYlLUt-*7gF?lrDs61Sb0oIOI4 z{m0fD*)7qt6CW<>#@mZ~Hu(5k+Ou~7%TO_3pK5Dx1jfX4uf*NWk^AYYWjr%WeB3u= zqByZ6=Up4E|1F)zMrLiz7VmC4wi8~XakQI6>^i`RldTXsYB4^M(g;t_EvP3iiqKh~hq_8lH5tpNj5LOR5tNx72ffyovHM{5$^wCKt<5!iV&T5x zOZS-JjW&2;VR09#y|GmBqYI0>oylu#akW6n-E!6HQl%6)7+0;f&yC&@*SJXYdQtR3 zFr@@1$ff6X7pA&Svc9uFS+-2r;#uZjWb+>~`7tukk0kV$AC)!+gV;g=YC(X!a*;7Rj1! zG?fZ0jt)dGl(hDT%nuk0cshkP*C+<&qqtX@HzNQw$k`e1@_bl2u+xbu3q!z2cXh=jDz^w>}dSX%xMR$ct8w2bd z2674%A`NXZwJ6<%H?)nHJS@`AhN)lz)eG<25__$+K8KIaOha*h>(Mwyudz~|1uf^> z!{{F>h*am-jNrI1|92gZ!Rl7Y#$sh6ioqixrrGyxstD+D7Or+5qu>H+K*{JRJgPPT zCT!XPAXaVl5wHosPv}(3arEilYiORJ5W=aLuD=(NPrI@SorU+0w}$u+5H9*@;!j_| z&fF9a4G!tJKLr+;L(h&2cE~71@pNuvqusB$ zj1n<4h9y#oNDPgnMPg{k+l*{7JEX|wj9-V8y&Y&Y9X*q}WKiM-hWt}MgfWt{9G0RM zWniY3J}A53d{E@lXwT>IrQl=4@1Mz@i-ids)R2B+tr2Wpd;-=HUzTebhWuZjsDx4_ ztsYsfLh6QKE&Hb82aB8U;pz!DPB4MOAQhYWCWngn5C+cEL|YfJ zg(df*Kl5^Scc{pk+F0Z95sm1$n?psl2RhRxSd47ZpKKKC7+1AcF&7IRUkg~`tMHHe z00)ajok5?97L6M7l!)w762Kfil1CeCQm`PYw)&a$lk;{s3*!U30vW0DD~{j?UOx^2 zqCm&Ev~G<5%;C(%$6@P>bI1CG z2I|b^TIt;xiyPTBbhwK2A{l>8nn>@?5&>rvnH9T)*Z8?2DvUlGn8l}27iN~gY>*IG zh$)=Iht73(=!(MW=r2zfnH}<9$GLaWqNkAmLVf1|oG1VeFncNvz>xqDOc0)p_N2<6 zf0+3&?{khqc5=hG9U{34y{3nYbI1AN#!)iK)WS18DDq?d>sjf%QA*+xUb^X<;qjtRt$IhIP zK6H99PyD!$p0^Vy$iVI!p78c*V1m)V3z~bIAFXcw3*A`F3tw!md7(M^{9Gske1sPc zt&J>dP9bkfZXg&aT__JOveX4(+&t*@_Mn{$AfDjE>{#aJ$tkzKf0@BChDGWEqi*q{6N^bF5Z-H%-uHOh`zAgpf0jZFT zui;gXEY#r%nDw$t>i9#bq@HU@_Tng}jX9=EaI)7l*A$nWu@a5UoatVZiP+OR< z&m$ANhv@4i{Gp)%fG-F@!STnF zJSsTu&Y2YA*9Om|E(lL z$&4f_{~&L~)XZBcDs<)=#gF(i+0Zz*pg}MtwksCqFmt|*vf;M-c9eG+!e<5|CywM? zu!7SFl64e>oloW6Un8(CJiRs^)a+-by!E+Mdhqy6cSkiq@eCeMJnrnZ(eH;)e|%IX z;CiKlVQPHAAEa-VC^FczWoesvxrBe1ii;Z$RGl-o~@9(5@_+m!vlH6htF?EaWk>TJ3A}c>n#f- z$a#knFPo8;`%{@ydMkw{*jFcgf?f=x>MALLhNLuL%8Ax|a5M{;3w|1amC|SFz=BG2 z$aJ}<>0un_WoD|Usog%pYg_H5t^W|15BjUYAwdOeGN|A$P=CBduoYt@zF^oRJ%mC^ z;jtP8r6{_+mSBPCpuc4t(lSjszT>(=Ja$Ny{^5OHVDVP+Pl;@9ogUOGuu!T^kpp`i zBxo1Fnk9{RZHGH7v{ZM#JT(T+wzYyo_8PYD<8vdxPmwU#WwoK&Ye=0`Yf~TpbpIY3 z*Kh)27+SRtC9_kNSs^NURUQCaikDkVl_2^y3+I-b{s(A^e5BX2!7*Oj#TN0_wQM`9 zEn$Z8uLWsM0}zzjUWc98R(H+&m^%AhuHs&fudrua37qy51cN4FC7PRcl~9PB(qtU7 zb(Q|L`-nf%4Qj9*Q?MW_Kg!zS7!M)$KX8oShI#n^&lvv%3hv)I#y@#)!5F{0Vx%!< z-2Q*y7*9vY+5ew0egs7PcaHHR?=BeQ55O>t$Z_j>Q8a6*fc(dxsX3)J9XOmGnvV(G ze+atBsE~WDQBkN6p2fWWAIL0avj6-4Md^PBWA*Q3mhbFcz$}RHH_Y-lXUnA> zBJ&Yala!9!eXz01{hcNm<)bS>^b$kDa{8`h=X*IVR#`3T5Xb_mj4jA5Zp*kTMCEo2 z0W^!Dw9-aJ*-#yn?na2ZXcR+>2nDg)T3Ad$LurK|lx8{LT0rSf5eG%5n9QZC6c1u) z6bi|VQpq*JUr1(VVd=Lxs-ew!Dy-k}?N=<-$9mRREZX=ls3NJ>jXIpn_JX9ES1hw2 z2gYg^uE$$$JdT3oxA1Es$AT83W+Bkw8khRK%X{P60(CYi zpt?YR&Bq)7%HZa2QRXW#NhqNfn68LM;rg_E&Lk0cIRmDK(2_yirVqUG{?lTfa?X)B zHk3AtG2Y3~)pT&2gFL?w@~kUt% z0Ch#r<){jmzofnC6UH#A(DedSi;xE&tc3MmYNi00n7(iz{T%q^F}n^ooAAYeT{bJgF2aPsDt;FB_*^A7?OA6aF8@!nQ3wfYIfpHeT%TZ(U- za|S8uYUvVp7T@Q6}c3haQxShn%Rq#i*te_>j_Lg==WOXbxjoB z`%ukmnS|fehI>!PMk@aKf8OJ7+XV!Rx;jyHY5koWs(-}cL!BFs9uqTp?SAh>07?!4 zNOH&@kAfJ1iJ`v~=OrTfPwkGmZG`+%^%GKGKc*>T{vI?U&HcqYJ?G!U^l zZuZQrbC&+B9V_BF=|AZKhit|D3&4*vADENrox@Y%dE=4yek2PyRT{hl-1 zbMH-)qVNCn{{2XEpP4gf&YW}R%$YMAXEA&$s_AzCpMuAVC(m7@M8C!%&1AAOX{zuS zpPVni*6iLjx%m%zHe(Z7wBJTr)O_;jYPK`knkh)0fYjoq907MK&-X-?v^iCoxt#_L zFbj4OKMQo$R&~}hiEKuL=dNU{8uGS8ZB_I9b;!~3gzdwZuv;37AmQ)ka}{W%gTU$+ zw;mVsB7ii{=UFsgAS=sd{?l*g6XLMTGKU&r!}i0!9w=MSRLkiqZrb#p7om}B*diS2 zzfV#rmD(zt2jjBbzacwS#XkjA%rrlqX?_gO_LS!Tq|~nYlo*N&PnvvcqJN=tRY(3w zGu4b2JsNX4L!7odHloco-tXXLKe{6|9CMjOh|% z^XEP^LAQeUA{omv@@m@t3WZx8Mx^ZP2J~>|RGBZMlDtOg-PO|Ykg^w7K_n_d79sA>xp?u^1k;T!UoqF^zpGZozcq`FfZLaGEJNC8RxCCUp;)~eYzlJY-6mC6Ea zY`FTXxSWdo&=`3^%TV{l72M!00KCZ3)_{yTW6c%s`ogdug$-t5uq9kITGxj!5oNq! ztm`-S{2k^LwD~d~&~<0c4HIxU#nsy|VK_G7x*R#c!;zJ6on^!AFWVSb2DDa~>&^f- zMr{P(-pP(#=Q{Kgwn#NaMT*+Ls%9wOf%MSjxYjCEP(lUB5vKw{GDQr+FdG=;?~7PW z)OLM~A&7`m*MVPlV-^hb_>PIw*12cR$O8;X+o!I_rCi^G#g&F{5z4K ze+q^fBJ9No)7*3+^|QeYPt9wWWKF=xS$XqU$~NSrmi9#f!+FH;Ljfi3yF$*ftXmc- z*(ENl;0s`v12BJEQX7G|oB~(8&ZN<;j7emwj2O#pq zvXWf(JN3Ab^8j;ln`xur$kbMuHF&ALd1dp0^U(SRgM%hq*%WNsx(2p8$UCVOx&TV**C#UU@mT z>E|{T`^lI%adK^{saevfkB^4xR}HhRDC{J+N(PP?&8fjr4?4oGvC@Kd0mb(miuN6^ z^@{clmnf$HLf5RDsp|U-acz4)U^&ngC?urXWwdW|w`c2Ck~kRZ{#tGu7*qF%OH5KX z%=M~58m@Qn?IQyX^CXcp)E055Hq#z)=oDW(;!wsVDh(5?;O9ygq?97T?+DmDXOyZE zRe^}1Ni5{Exsy!R4RXY@Z-9PsGcaTB>czkm8+4st`S&z2S()7nd;WjHeyf@Gy9){h zvl$yibJ~9O170~^8wzgSL~coGcfm1+I&{CvO#4j%^bY`a&7|Xst^$wj49Drh>V5=p zR+pV&_*_c+qrdhFf3eMCCDxMzzWutaSZ{;QW2Ca78DfUkB z{(2lQxOESJC*lSFclqDcFN5FO&}aKYcVO^ekeHt*45qcJ816Q>%h%Sa{?Yx?qss+! zR}-CeF^O(ys>vH0Y+#}VTK02n=dN@jwTbg?LL$;4sU+63{{P7DhL0S-*9Hb%fW-WF z(a=q>EC*RcPR&0E=yrB>I5nTesi?Os7rre%aAaA6)^D7@>aWMghh>uUN<{hpHP?OH z4=ul~DgR;^+xpfs3l_e%5>o?pR%XK#(=biP#2RVmc3@(?O0R=9RS8XuwhKG^Fn67V zR-!G7a*7~_a){mJIHy@VziDSU$GRwrQvo`sVN#1^_~;=0Q>@SXIZfj*PAM?0VG`yl z;alXG%QGNbT)^V+1=Jr{aIMTw;wjEQKL9f{?ic0(Lzem>@?qrXFR7qIkv1~LsYHdC z;%tj44q}Jc-6IK@;+!5$aZ&+8GcnvPpd5a;4LRRr&QE;Kr$f#R=6p|bFci)ik#P5S z2ylB5&fApsT|&;b%sIFp40{H+fBq|hVSLDW0y%87Op=1(YOf9;cd~E~<`4=8GMfSu z4+wBq67C8}*1};n6yOdCaHkS(Mu3CC3~=cHw?E;=1~^=^6qs;qfZK*}0EIjNAdoH=zqXV;K(GjnG7oc%&hGjopeIfsUvZ!+ieK4)6U znZcZ(S+hdUMC4@c3uH}YYKn%X<}DE{ngFJMEn@n4q3}oV0&O7w+aYHya{~F7g`7V! zCy;+d$Z2IxAb+=za~*R6`OP8cGUR0C2`ng8AGi27n2OXqo}Pgvl?0H#C?fy+q41$e zQhpM0#w1DkWyskoNlMhPH{PM;Urt4bc@6XSYen_j?+7?L6>@qJBvTRrv!4Sp-zmE5 zds2o#GV^K;D8EgVOw8WP{PBM>fBGka$uTEb-)C|Ev#ol3Cz4y^s7kTZojeg}H{&}F`}?!lbne3=m;r;<4b z`J8P-&bx0Rr`qMv0%EfJnUMc9^P60L9A8+5938~U5z5ez5=9XCPqd-4YRkP3wH62e z%#(=PX*uj>-&nbdWV!2EZtiOOSMmC74T8zsGt)f7z}2!LS}v8@(_Q&q{KgIo2gP#0X z@kiDg@ybkQtp7F6|Ju+0s`0-j&lS!gtW>yfsaI7Hyr z!&lS-V8h5U)qJE`FB$Iz?bS%d;&ErDeK#w8^Nr0whPw>$%g9GJ?Zq`nwfJdX=oRtf zVd=4KCCTlq9T$GqgrEC`pA+0q)Xdll7Ho7mUiT|t{j5?J2clJhMT#Ae3|&$fQZ75e z{Npp2e(RbJ4@M-`NgfM%3~WbvmF9OLuPT{WWv&Z(T=|H~RhvsB&#i>nWgxC{g!?2L zWc?4y!y$`x?8J_b^`ywOg&l$*8uxnQ{rJ`ip@g^^kMqhHLxU%YcuW{&s{*7_B| zEd82W_eXSgKJ8%sv-l^o;%*CX78OB&W;`lr0OopHXZ<>S4P`;;Yi_mwb1ucN^rJ)D zRetQ$^(*|JWP_CY`6x0qdkQAk>E439Bd!VY-jUAo(X1BxCMsZwWN!%LLw@_n)Y6+R z0MAGh!D{(8v32BWIzbe)T-amxu5@JD97{H(e(v+AW(~y~J_>2bVCPB(;yIqxOOd&& zDQPhtjZARs$J&2*jPG__p)Gw-d(WYOp#hGp!*p5)?%y%rdl9fvhXaGrLzv}yh!#(q zh6#A>lKa1a%a{Z3gV%i$5>hb|2;rU@$OwB;xO1T#WcuTrZVSVdB)xXkUny|?94O23 zZHicyMA`Sa9(seO2S#4w+!WgL6C zT^Bs6xkcxV5Q=VZc-=Nr7j4JdFTZhsva2xXO;%pG^Pc&8EFA27MZ=u(v8k&qyJ4z1 zv~rk1l^~~#yGmfd_-M|8(_FHI>Br$~g{a(R+hO#zTZWnej)DRq40#*mJ3k2sC(tc~ zXWxS|4Snv?!^a8KiY|`AN^@Uz0nMn*MlASHn80mpSBg?0$0VyzQa;fZ-<)x&1+!eb zuu@)J*Y@0jcOrayWS1v5l)dv5uoGMSwehG5m z8b#zR+&1P8ECa0Cg!_=`GH{jfCTL=SVgUCVNvfFO+c z`WgH*Z>*)S@133sw@kyyfBwK_QfU&4Qu z@ehj>(fC(uiHgR*bHn)8)8F`)I=(}8=-R*y2S7aXysaWL<_P>?elBmFbt5B+B!Nw& zp1N$zhuC$FtaMJW@fYVVaN!c`CD#A9m7~D66IsKZCk1NlMn!>5(?_ZMQflT zn(_zdh|NzFGWj3cLc-GLk5?h=tu{|#3}h81f0l&?lG-Xw(iKzGiaVmu^MKTx zK@F3KxnVL%7rxS9o7-lsY)Q@sD9`8K97vv5dU^i#>Hg&D=RhEzN@@%|0%f9%UA5IX z$dJ>?hIIJE495zyrVr@Z3BoKi;f(wBbT^-~t8!MJVu-?a^K8PgJg>=e5?Pk7!9SLUlIS`7+M$n4Yr2lrZHIqQ$ak_3-?Xt5>qy|OMOFe1 zcH6&Q@;6e8M5G0a3LElIms|Nv#5K{0x!E$C1GZv$kta`34}2UIr`{YxQIG}ri=i_D z?6H6(x=V;xKw1lIC}dqf04jM4q9@h#Rs3$i^N^`V%RiLC=0iRLsCT99sr7cCXtyVm zb>z2GGCN#>{2$RQ7v1fHTkfW~>+l=zIzmNkq)Ce7EpbAi%!d3Q@tgFCE7a&leECY0 zxyizD5`@i>6OtIi#eI@n<8!5svqK%Alc`rnU41lpgjv4EkKlXk%y|S zwG`B*!n5pJ7EkEutBGK^Ad`e8XdO?~E=e9A{S(}CpOd(5uFW~__GJP72=kzg=mF5db9&-^-moEiPz=)vs4BW1?qXT*FptFOK?6g2T(9o z>N5etC7kXybCRsV?r5hmq9Vl}9LEO366c&?-wQ*$|tnYW2UXWQ(<3LCF>& zVKMl>D5+%UtB^G(p=9*X)aa=YXlY%)w+55i6?6ct(^#b|Mfpo9dEnA^XE`2>$pgEP zk4IG&t{;p<9tiHEYbAeY)tGDUfqKfyLkPgy`#_`e&OqQ6d`!n0hXIibM%mSfGdymc zT{TX32|DZ7V33>kOal!USNd}(m|zd~tO*tw68`iG4kKX=hw}^u*sGDMG3{TunD(#o zXsL6_hKbhH8BE)Vz-<2v=5;!FyoB!+q~2rI^J2Jv@ZexyWjNSCL7pjp%A^bN1^RAqcS&X~^%RUKWW}ECb&5t*9 z4rxAws~U*4=c}cn8R$vUaZ3XMMyW}7vPJT*j@B>0Q>Ozo;Lri*tq@uM1!7e8*`dU? zMWED>_T}#f)QTGX<2j4Q=^8{eQdM4uxHY$TUy0;(8S*j3$$@!9V7~s8FfWH2+*GsB z+`{k@CIzdeZ-xnxbBQXg{HSgrf`WrpKTCjBi9aJ=6eV6THFD=|8`hy0!iU?~`VJ_? zaUwNP%C@G*kz|Jf7-ZJOU`QO0#344Mmv;%9o8|#t$o3b!$T2s8fP!=*Pj3!L3`eWA zRF8%;t(yo~pu)`qsL|ag+oQ93;<>QO9DZ!_tsOBwbJz&{=SLJ7prYmUFF^MCpC9RrH5WKf=Q9H zgV~ZD#Zj?7R*;BPiEw_ZrCn>D$D?LlKzdcy>QVDGv?aVZ;wJBJ$+5f-h=D=m z@O$W^oWQZf0Uq`i(hxa>(AV)GniV024U_bBKouJap)!N`i z4p(gjO~F#Fe?mGN)=|V#<$nhhtX7(Y(=j+E=Xf-CPI>)xi?CoBs(Hv&GbXC$CP9%{ zr9@xj8f|&ODy0nwmZJMfECf4$_83P~h6tK7<-pc0LO}EF*onvIXh%OQt4VxITRD$V zXQ3V4nELtk`GNbtC{-RD{TN*Y?J3LuCdk}+fO&S2|A5RFy%czNWC@v9bpJ(3Pbb90uVAQd%pimoe6WS}7#_1U4_gk3# z7$FP$juIZ#{eX8ZgrUVkN5X~}dJS3PbdH`IW)Xw1!IAL7p4@D0r$%b?B#Ius2=y{ME(TQ7+7W;1pdTZM|I6qC()V?a@v}r<_y$T2Jit{0N(Z>LZsfWB1u)wA;-{3bb~`+r>jBiOkD4xSoy=Ut`^807&|L|_2okO;S%Tc12rHmSyk$rcTqR()3I9l- z#iEYf=L?g8T-AQNq8z*={TBwoK})uR8_p_1B@6bA!1b7nY<@t=UR3O$)b0w1Z6H zm#*UWWo8Y}xQ%6YP0jlom7LEv&&FLgfqm_$lGod8q?v#hf3={QDAP|fk%MNw$3S=7 zOjk)kGvC%HEW(9y(#*Fx8x4;lZ@ih@I2fHEa{GUzy>Vl2aQqcdws9^#JN0?zz=8!Q zI3N}B$87!kulcZ;d)RrAh$<1mkef7IO4tP%y=T?CA_IEDe0L-9iOv5EhC3rQSz00S z2_i5TuMq=fI?K>M#OPyF6Mo?*)@A+)YQyS&1;j=_$92SwuICL%U!~n6WX|r1=$och zGkzlU{rN#h-|#@6l8Utfp(is|Xgzd5THScc_yeL#qU?5T>}8YlY6sCiozXA=K!a}@ z5&YzMYELte0Z>M)?4N5h)X+3iMPOq{UetT-EE&|==$Nw-S=_sLAhuj{My8L$m#{Z? zLp#ENCcn^Z?2Sl1br$cRlK9Gi{2%A||936~JN;nziA%nY|0k?={4Zd731x8nE$Ux7 zG45BNYm@$sn^j{Q0cOJ~AqaY>GO=+V3{&uZb^=Wzpu^XRfO1w2c3O^0c>)5vo5VR! z5_~BYUZP9%h-}saX8c0+5auI@l7tDo+-NH6$ssr(D=$}#6=+P%HT<%@5)aXf@p5}n zI`Uit#OefMv`(V@=qBf7_VDJbsunVIBQ+Dxt>d@wZVMa*LEYpXJ!i{cDV9(P_kTkU-+*FCz@%Cv zY30y}Z5AI_4q-s@^S9|D4^^c>sIKb%RHyq#GCJJM4k7_+D?hQ*`Q3v2T=^&d~y+k&pQIbCl9yZtX-=O7Qt>0TZ1~Kj@yQIujY;AH(gL4@q zlvuC8`6;vKDZ(Du5>iNO9qr|~^B~5A>Dh{ThVv1XM-ho54qCq0EJ8!vYv%nO^5u`m z=n99?H{kdE+16pFQEL8dOwgLY#^T^*Ni!SA2fKpsVSipedB4 zt1T~wStIFV)CES;MWDNa;&eI1;jE*_>OhZq)Y#4$FPQFtYOGSb$ksO@_e9`L%;6Nj zo)z=2XnxI2reY^wd|BAv4JKnBp|g|Slt^Ay5<~x>2E^L~9rK+`Va$z5S?ZIRo(c?$ znO$;3DrENeL)lGbc7G!hm@UfyST~fJ&fcsdTZe%P5s*4NNEP`mj`6c}BoZD0ksXQp z>0kD}BJ*RO!jZ#@vwO{nbg*OO)O9n?`9i`_nF>d2&AqI+NWPU^^2>$Nu}$ilV;c+Eep! z`}_4l_!}E{eg9eiqUy9eo8D`-WD5Jw5c!elKOeuTPZsx`!ugxZ4<~M&DWs9YIJC-a zA&uhfub4kvuWZIbtaKf>a0{i`kpG#og2P+9Fxe>LqQ5c+b0xXJbo>T0@VVlvv=8}4-`P=f$D9J1PFq1-+otn zjXEao+-6rJY1wuKxQ6OkLvqO6br1^bfbnf_`9Wn!Hh(y#CX2 zLO!k!tKOfDva#M%@Cg>AiM&L2+{;y}Mj|0?lask8JZY%+0QMlXw?rjRYvtUd((dYW z=OP>L&=eDnKElD-EH$r1(;l+=Y*=IJ&qX6?($12y zlonzRykPaZi)_vpqnzx8mFCepo59(L8bBUm;T^U^&$L-Q5h=`dj^(JmIZI6(FqD2-6Q|KLUS)KE)mPWhq-^3m(&2P3k_`Q76y)C@kF3RfW}~GMWLz~@CZSpk%#C({SwX48>_`n{{P1-(7!y5A zz2H^FV=M^vw=QS4+5;g9JAISIx)ECbZVdRb6^Y(6u=lO^_SgU4Qwr%=Bs#^5LJGo} z?F;^g^DdaRgU8ubTM3-B{kBchMXOo`oNSmg9je@n&k#!Ba5ZuA%+!MO9aOe1_ znA8Pm7x2J*O_RBb=T4P%?rCeaqY4x^hN^`&L91(kSyV7AJvPv9Lb8e{aNT_2c?yu~ zhX3qhT0H@ycn>ndVwyGgC}2fr<4+@~2}IH<;vxz+*{$b?Tkqk)uYnhQj&K3}?N-2P zb%Qb+29f)K{`@;!Kz}pj@LZYnWK>aG1zM;pQNu!KiRRzc&2?`NxV&(Rqh=n~=sY!F zD4^zFw>xTvBB!D5?XuLh9ixY&?t}c&#yvXG4@s{7%J?)OLEmu%y}LXj==1`DzU~Ps zXO7N6HA02y^uxQlZJ*#1?)ad47exT?NM>)Gogx0TiS+Lu({BSZUc9&7<`^pUi=RiK zW~z&+`I!8>Z&}1Y4KD`u+P$EDFzvcA38od(QF?zl=dRC1;h#G-ANMG0T%aKttS)Wcsox-R&A#K#I0l^R82$JAz;r`M(`homZx zs!UZLQ=O_jp(gc-nfPydb?OtD%G4*sDrL*iUE#FI75G9w4So586J$)!ixbPSC5!hP zQlk@M$S+iQWZKbw;d7wJ-8P_m((PJs9;3C?2h%wgHRdq*aDLZm{`hEo{CjNvKo95` zm>HWNEr}zNcSL}!EbhU&$8w{!Yy)1XN|>JlZ#Kvu7Td4iN>p;W)(V@;ov4kA@main zKgR*-TAW+I|59PH-@PE6o7UMC;O>P3AIG4e4r@Wq&K(~_3$&nARE`2|n4hCWX<Si34$bKj1PDChrH(Vb`&*Nz<^6n}%8kzZH2`&7-4i_2OTzFfRRGm(F+#N0dJE z(zP};uPu1ffwnl%^BkyuF@RL0TK075=Ji_=D5{4Yk1Ti*M>-T#E2%BBpsv1s7V}to zP5N)Ro~N$f?BoEEXxl>mxVxuae0J`-#mE=_aGryE&a?@qp$TNu*BqNThp=qYG_Z*t zjHKcEv*D?QZlK7_n!PTw)G-d1(!BXgoZi2qoI~8YEeqisBLVkE!ZiX;Y53WXEDy$_ z9uzGvEb17GqF1x%6j#)<^#GLAhZq#)qF-8+8bE;`FSI)L0?`pf^e(&uDez`$9N+fZ zqe~w*<5iid7Tn%|Tx2w-?+~TKX0V33JKzJ-pGQg?4GA~!G*4?=Q&yw*TP~>U$WFVX zUHq`6(H-qi-3%MNAl(7gZbjMFR6C|04eyuDZ#oCOPc`z`q~N4Gw3#)ETxe5Zr} zE%L9w)7Ls%t$~8pmI@_lm3udIentL=D5(lAo7fVVDTPPFo?8i}k|#-!?*4Aww-@vFUYVN5)ga^ydreaWB6a26 znyO#!Nx7|%m}(JQ_e1>bOkYJ4)R~^Y4gNscugOlkYDzXeUkGTISm)ATyBh|Fm~Y?I zhnMd8HVF8-oPWXFv+*ajQ2OUA$xF3Q8Fo!W-&yd$G`B@yJYzXa4Y#mLk^CLxViPi4 z6P?~&$=>1;&EG%(^aUF#u4<^e%CfSJTRZkd3PbMmWsSup@p}v8qJ_{j+rmWaeiK@E z-HonwBF|KN8m*{KH8Ge1wYmnPs)wlRTWW`3B2hno$Rt=+GT({6-X3$V&p(Cclxm`& znI$i-$P-Xaa{!1dMCFe~ulfeXm{y-^ufDho@(#lB8To`?IdPM-+XQ{dJuQIid3`(6VvNb3)xI=3dAF^e6i;m zez<#i(e)S1z9uv4S}KG&9U>BjgnwWv7o&X9{Tm#AG0qIQo~^duKRLMYGctVi<@b>G za)}g|xD1yMxQV|&Yak~0Bf7WhdtA2&o_|5Sukeg}L0!A(4(LAJ;X_}817}V>CB}qM zQ;wd}eD#zNsbCU4r3$kh+1iZjJ=NV`Sn#U~VSUC^`2CvWES5cX@yk zW$EF%yIPQw?n9Yqd!*kVr2ZBCZ`vIdV}=|n{T_f$$y`Mbp_B9ZQMW+)TFLTAUrU&@N;nmd+C)nU|f93%(iHT zN4b~o2>~y}YSEoVrzDqbv!QY%SBAHm`RO~0s=NVhxU(gFr*Ff>Ac3;V;h(La+>N3< zf#V9bS6klEomqq`x*&+6TE}iZeE(G0TdB*_7{1S3c{awT3M8DJI(cPkERweCcr!Iq z(BX$vGBb@|ysPKfB(Iug0=azx+%|?|wQr!K23D_#jU4c0dz|c;DPSPa&BuDcksqx2 zjh^(1_;nx?uijE{wT%-9ZaX1+HA9&CV56f*=Qut)e6P#95 zBptQ_b>lQaWBj8uGo9=Ifn96|kUPU@ILCMFnSK&2r6S><%3(*2PL-LXe?rIR1ii8< zXEh|crRnt8#Jc%ibr?TO^@w9on+yka+_(+nVTXhgtO`OeqM=l;>84U zobWc^#TPeD&%TbH59P!Y=;8R&jq`1Tt+C+#fVlmXA?%6ygziG^%O5PY(K*073p(1# zK+~63Ym8y?9qfrVIc$~?=5XNr+X6N0NWlCW|4CHV@w<|A_L3L9=BRl({gJ*SNzP-H z#qU&$jlP45GV6k_XaCX#YR;@Z_Y&)u&L84l0uf#fydBw&GI)eaZ}6>L>$#Q8tuBi|1zr?{UelL@~=EM6-=-DP#wa^5c@bn(f|($@EF<~~024Ue|$ZJW8B&-}n=ZhpV5;DPQM z%d4FTX7_$Jio*1_zIGCoNzA^z5ZHN97!33>|Dkx2maH`=V3(l$sJ9wtevO0Q!gc#9 z_;-Ir3*<*peTf)`-^B~veTB`l&5D_*IM_T)FJ+~+TFBwj=dRA?U2!uiaW=0@^Lgh8 z5tw(b@is39Lq(&9zxX5DF_=_kZe$sM;RtORYLh)%dkHp2FV8ezT*C`+TuL3c_PDC2 z5m;tpjR#3NdKYaOSYEhGV_iyiK2xL)xj`&b?SFG6;hp^Enpt4*+(j%$Z=e z#aeYFaj&z%St;6I)|r->I+TH1N9-vpGL73?VxQ$8OwiCjdd=lGpb}a9!N*1VVSQ8g zSX~Zfr;>72u}=kVR&l?A`3!>3dF!?_*22`B8HQBW(9X%7x&Ly%TR-2fYKRNsc;Bc7 z0WjjejpkxQKQhbm_9S;sZm8T%E5rwGr?l%gINuOn1;+LRIO3;I=D)6WfPLI&DS?67Dpa;Jw#_jA zC{F`PzpxrvPi~=EgAPlLMhMx4r6eY%(mREnRfA+IxT#10k=)?P;4o#VRL#hl(}%Op z_3Ag*CeELoF7pl8&*m9xJJa`|Bo&5gXhkNG!A4z7p{ojE#v1uqgjKDEC1h+1s3hY8 z>&i(STO#}Um*BTBAF^BwL`zV!b%mEu9#_X@TUoZDZgGHFTm*9!U}Vd?Z+uauAwe zuR4hKt#~uJBs1&4%*t0bqm{%$i(U&5F3EV#nZ{?Y51sG6&B(Pv6hj3?H&Aq=vvcrK zlkQRc7$_oJ)WIA7*OS8hS%R>x1MCMqm6??mX=A5n^>mbx}n!+lK! z)zl=b!D+A3mG+AH@~yDwwH4^dbzMNuE>nR1iJv7}QG`CKtSz*#L2YFlT8N5V3%5fH ziHK_vObSW^*bQrpT;dx+i z$g<`5iAy!0Srf~@ud8aJw6<^EBPzC>g1SW!cZgOtaEq1OeU_wl$6YzWBDo4GkFuoO zSh3y>;EF+~MaPxIm&dqb3aZ5v1)2bKnx4h^=;51hR<>_?ZFBmbhPr#u2hsJ*@|*%n zKPc!7Pk)5TeE?&?#6q~faTy?rMKP(Uy|O+OWIPSTVTW#Z(i8qrp~HADoPlB?S&R`Y z3Na!JT|CCJC(3h*s19Ln}1(hBauXw?>Ua6^2d~ zw9F4X9cF(_8!)si;V#sFVedlJe&G!q2NW$c7r@;RN98FlquBLXgn0C3_SOhzoB08{ zH={qTX2NV65IP4qG)m2WC7D>KrQbpS%>{;JV3sjhuiB-@5yM6+wK|Gufe8Rpjipbd zMKLIYRho~V361U%Ti%mzgT7i7<}j2DVD-*BuWRjdi=1@MsRl3A zYZPa!I=PK{E!$_E;kD$Ct%O$zNBG#U2DQ-oB`{q)T773kux}2PA;rP~I7MW@=Vb)P zcm@V^DW7)KBqJ{#Eh8ObRLl)Hc+Vy-OE&RUv14-H&X}WrKzoIkY{f!70?(gcW?!sS zfax%v4%uB7S~K)%ZL4MDPi?Xtqm?UsZ6=hwUqG-I$=<_bOD=ZFs$;@K$4_bfW(h18 z2{@h&N@6+DCHIG=EkW*{u2PG|a%!YY?hniP2`n$;z_z?-lf?3vOYRSg^@p@l3KsUe zwhHQ!`q|3rE<1r*8~RxEYtVW$uY?}8I|X4!YE?brvp^sLqYfS#Q9U|QlQ_qYbe|S? z5V}w8E71Kd9X`Zl*jhP^@n<}b#G|5-7WSIeSI1g-M9OO6Zx)Icf&!<7dtOjd3rE`I zjcDO`0V&eL9b9sMGD~XVKhIA}-sY|;OFaV4515D8})PiyNK z{In!#TxlsPDKmGyhQSBXo@ENm0kr~r{}`bqJ#W!LWZ%?kz~3mer1h=Db|Zp_G_dLg z0&_Gtn)|JHGdQimgBj`hQ5T)XDLq9@*vs-d(01F=oaB>#!%h((sK+YF5r$iZ8g|ckj zIuZShZiWiXI8@ESWLCe0=(Lg-+1cx|IG>HHk*9)G(}1}R3yRx}YVlZ#%Yhfy*njZu2tM^u>h*LMb#(sp>Wl z!&rm7F0)F1SoR)=bzIla_tDzGon&oYW?`bXN>|%=wKk{#Wr9MJq&Ba$-R27mSgTLy zGNUEI1-PF+C)9qAj^W+vQQm<)xw2=#I)Po9e63AR48O-FO8yQY8mhKsZj^-Qh4FHl zPA%y7Kr4br@bh#d)${m8Cmb_UjF;3^Myem_s&8s? z)i++M)uYl-z2yjaV>triVv-KiG9aFsrX1M?zbr>;g(K>GZj2lCQW(#sH(eyZ$c=O4 z7ex>R^f9a67$;CmG}#P}aHO`~=KPidJw6!;+DZLPG+tqH^U>3>{Ke};c^bcYTF!a~ zooS9$ZYWO#?k(?(MEdP2PtI)fjnGeaWG|Jdr&}Y?fq742uoSFEbii@7mPL(5r z65f;XxkR_JQD5y=YJS#BU-!ra$U8wp_`HJN;DyVyaQxe9!nvtYO0%w^2Ne@a}B1&;%j=W*Wl&cBrTOuDc$ssW^sH9U?8xc{nG)4 z%s`>YH0ri4w_m1O;@6Cee&#aK7=*|;Bhw2usfhH2%njg!9wbCJH@$GfIg}Z#N4Apm znx%88=U%u2sKTW63FrY-VJFs4HD~v-)l$|oWr2yEJ9#Cu-wzbpH}TSqw6Fan;Qtx$ z(~OzQlI?p|4BKGacQUMM#Ek*kcL?jZ+F&mNLJtyse-j5rL_M{QCH8ZpZ$N%0;RpqK zdTIIn<-}NiHCL9B-@n984YqxkVb}ZM+jlDKFCo7Z1~0!$FWyM|J~{#T=fN2h`Avt< zR;-^pY*PEKe}7ZjcRB0d0`-f2n$u=R9b7w!m8O|uv*cuLKh}%JQV@AdvKp$HYH4>J zzh_%?T-gl6H~{)%4d3l*El*aE>U=|t;FPSvC>#nury z*7*EQfp{S6A@MPr?m|kc<$t#c#S{(DgyJ@bCiK@s<&;uvX$N7CZvW0k^m%W*0+#

5Z3zCsZ5ZzPn-{W@PEYPa11!rcpaEw=ORcLnrgg1 zPU!fs!EBzo;-W;_d%QI4itof}W<;uSY9e9lRO4}pgl$rdd&CJHZwTs4oMyJuX}dp{ z;u%Or@>t5(01oB_&bkcv`#fOUhd*Wc!{U!G@B<5C;0vMx>ix;r)&+M|(Z3}iD#aX$ zN|qFo>^C30d_GOvukyJ~G50GUz7Y|(3Zz03G+_m)cvdhW*t-h~!W%~=M?vX^%M*ZA z2^7F)*?4JDIh%2&W{_Ehb=lXwxVC^r9DiDtI05~MRO7h7KMIRJ5%ECqLNhr_5pDoj zZ~zJ9sh&8wqM(6)a=-$oFNhx$>Y#%_Qr!F2&!Bx}_0bv*PnogY5GytX%P3pmg-BQ>VrG==@h_pji~!sAG{q_jVhcgfkMq@r z@gC%rh+!b;FfujoPzC5_(4p*Be~Tei9^j~bEKo9*3n|#fm5HQyeMv|IC=>$(U}APc z0$OvBTPd4Us=dYsR>_2T4lXh})E)IW{)M4(@K5`IGf<05Ats;a6=rA{KWCM-FMl=x z9GW8f^vcGb3`3TUqZC(92H_cbOV>`|m>><8sH?+8xv0L{6tD!d;?)RqB=7&5&iK(F z^%bWcoqQL>TrMGB-I?noBV&}4Z$~WO4$61>ZJQw9>%<8UnE#{l{qA$6!!Rcb~X#kRzCOAaFJjtOJ%n(8Y}sqKG9MJaK=8=Xi`^tV?K*q3QY0`(8$0_#vs z?O!r+(D9(8&zUgW65mLe?RdGy#@7a4_rd}eqE8RbX_=t~A?KicMf$`g0Xs6-AvTD@ z`e*rm9JWL}V({%*`*GW2XNwze&y^c(&jeALGaX~}9N3ZW6KA}@+->}FJ!-1YKFf(_1Gq4W7vr~@a}Bf*Oc7yDU>et$zCrUoNoL<~L0zWn9Lj~P_t5DrRLCk#+a zp(}{Z9R;pnynlOB`v12BGi3tgJsX*Gg6V0>sF0b5s7Y4wHAPHe^Y!_fh@q zWT;C(?HMYQ-Aq;|FRU{R13?ALy(he-97|ejl0T2FkX99t;_%|3P`-nh1ZZNtVjSLzbwxV8Cb4I zPd|?|(kdgPyoDO0v=dCtrF>R_OSYLKJ){GTu6t7AWPJhtts*Rr74>Xb@QZK1P+ zJ`>L;20#8Rj@tl5D0Cm|<9wa)7V63=1kvtzL;>_hosls`z_l}lL+lC=57l1=6#SO4 zwI1ni|4XH;XZ62ciJ3ET^igp#*$V$tkN)?e9;gYk<;80Y1{Ku(s&p0Cm^ZMo0&}&> zQvD5tCHzUdK8pFcyB^_s--YVAzXLVqP-9MA-4#k6Qt0Z!$Xi3i1o=Pj82Ci?XnCgi z=!&2}J;2f9ACm2H56KGq8&6iOfMH~!9B8-E6gyto*cbBoN-7qJcg9j)ew4t-YLt{@ zX}KCfPY!8iu5gdTO|>!9*$_sP{@X^!nLXaq(WHi_*yrn*FfXbif2gSuUVcr&DV+Za@_4fh`+ z4|UjSc@#e?+;4C_%Im#I0*eGI?CL$Q)hk%NKbWvsmKRtmXTzMY zm8GuQ*QLPP3oVge;x??>ubKS>0>da2bLMG4qN2sZEe*GM`4G|7#Ml}8KccU?R;D{~ zhdK513j3DQfPPV+uo9U(RdXRmiA+Mbrba12##JR`47H-tB5a{c1pL&cPW%wjG&x+V zP*G)8p`yyFLuDILsJJq0q2vmL=n?e5dyb+9vS?x6`9+~3#P+md9sS3_>ca^K4_+Vk zB5YD0&Krb2oM%RV1cJFq9Qu&Ko`;|hR1EXfq>byt^b+lO$fRb* z`dwmo$|;0>Ms*84YECs2Wfv7LIvF>M0KM&%HUaAg+X@79nXaALo;ZFeII!M*E|$!p zBX(Nm7K`Z5MwWmEot6YBb(_zy4~0GG_-oAWCj*~dt-=0BH-6DogyI?<2kv9BS@>@l~)_^4LI z;|=wpSK`^!X;#{q?m!*RQ%uY@z6JauniszbTwd!nkV%E+==~)CIi2hYm)WlHmt8Wk zZ8)mHsOv7Xb%40cc7?y}5{a06>SeYoTGA^DFS~?R$c?f+a+z&Zr^Y~+L&c&*xt+9n ze!4x?_$9UvTGbCByml3Yw5JwY*O!1y+*(Rk`qEMlZU|4ex1`(qr|vQ+hztQ#WKLdp z?}F@~!!7Ax7+fVe8@*7lLKfNC-R8Hqd`SLwA+HOD`KwxE7diprKQ?611=Sb}ppN|5 zkPRCr5@W2ESryE(5>;NvbtiUBQZ&EAeE-|fLI8p%Ud?foJm#Ifk$CxFg}A(=5SO>4 zm-o*m95|!K_JDAc-&clBRVh*9e(YI|*I#v)zOTH9{Cn&0m2j6h=2=%9{mHq+cHSo` z8~0!!%;4i&zg*`nY(roElc2>i5iabx-;+MmXIq1nrC^;4_9sh!wCA$a3N`I0?SguQ zQ~S@Vndr;24q!Dh5}{M@?DjR91`^93?34APe4Pc8&9evd5;pW;XMNcB`|`hVm~gN6 zrPo^sF*!gF2Mjwf?{Ud{19niy&F8@C`+L2`_EvLvkO8w)yKuPyJ4RyJHD^v9uBoNj z=l92+Ucz7cIV_THTUX~?EGLBrSrkkw*SrDBu%DR5`KSNIV9wjHA~c45n9dBt&-|Aa zTaov*)xPLO`yi8u2N*41+y}6mTUd;3AIJOp8F8$VVH6|otH+46ILuj>D~|V8a7k2- zEJ>>)A1u3pkROMHaD@U;)7z1uRo*4XPh4|=^)Bw5xnei+2LEwjZZKO! zuL?*4yrCZxg5egSu>ctmyM^VL&JLlMQVM$ilAzE5^j$RDJ+#vYrD^l<&%c!-bk zgoNAJ$~Kn%x>Cf_tpk*qXmK;|AhqgBNMv0(ALaXvfCww;1mssd?7{(wU}Wv)M2wlN>#|q>m-7@>H!I zZs!_vI%_{zb(40r!^4-f%C#9xZ7R))(Tsa1Vu);OuqeiDWPBQpq%;#hdB%y1coiCtpfc$iWR?k?&!@+f{v|`0`Q~J>Ti&S zTbU4f3qMiZMc%>-djQz>&VjV;F2YXNn)=LUM_WyiURrQ2oiXGLS97ILq!{M6oh<&GDB6AYI)Kep%0uF|JF)g^cVdV2Y|O+4Kt1l01!*+FbfnP zTD`{Hl_73F^~+)E_eoL~sWC64D`hl4H5R12Y)Kiw>HWuUfEA9ALY3jpp%n-@mb--z zL>N&a-nSEz;Gylzmu*&PA6SxjWHT$6DHvfd`Q25* z6FhSQo?L8%#~tL!&yVD9lyrXDc{I>!OA7l-VZ8ZKW!BKt0*Q}DY~+q*un{|jJms=7 z@%XNw{5oW^%9xEqi&rLYChRu=8|>Ync=>^v%RaLzZ5bm5#D)UWh_QnGcI7EFdp3>Q zdhk>pam2Y)eNk!Q^G>HThLE|;Z#u)M= zQe5Ot`uS!}iSdL^L@6ofM}uH{m(D;^UQXC1s}Y0iEIYh!*`*>GptGFJ3Pwu>=qz_0 zE;<1=`pz~$*TmDw983Dlx3s8>`&*H!Iu(f2m|bDIB9Z3Ic9P&k+W9#U#X!4?QbY=x zAkwYxgGgm-W8@W3m?A{A7GIZwI(dHqRM}Tjr2G4U5V!13RyeVJ_mcWp#~Q^L`i`G7 z-(o_M0wm@WI8P3R#wpFllu9fbEELK_tGse?r^X(@RPiQfO~r7X)$KX4{+P{fSfBx2tEEQmqy0*nGN86_qMVsf4s zIH!@d9kwxIiu}Xf-rNXh0G;H_*GbGcN6hah31{dZsxSBt#4+$xp33|4kPsJL@lM_+ zhU}r{ZzB*YlsT=^S(U zUT{})dNpd8hJPxDZ6law>RmK)825_ds3eg

+ zYLC~YA${fzEU2TI>{f%ESG|rK6QxJqr$vqVP*)?ddL)jbM>RDxva@Wc{pIwr7o<_&UnOp`*{>nIdsTh4XLyd&YaWDOby1Lq!R3) zTy{Q4=<6|Oud$`wG)(qS5uKYPJb4H}3l;~X^CWIO0nL5|hxas=lGjn&Lk7BsVL*9( zmarFXlDsZ?)iQnZ1pL?}c^&GCZmva*nYKb?;pFw8YI{;%f4)s%oV;c!Oj2I=sC3~e zWN(N0!xhf=@DWSiUQPEAVxo1#=0NVJ7=i&lbXs!)N{IBbvpbqs?FnJed)A7}uZGBc zd$9=nlE(yGI^G33)m}nj@544x8!narg_o@{eKgUruwP+hhD zbgqbqxd)qarFL{Mv2aI+15E7bK;lMsbRaGuJ34Z*qhn3_8A>Zx&(jsxsOS_!b*j-W z1thAjjA6F)TM%5WO&n5zv|6rZs;_$nXf@ygleJ*>GkSmPAD$UXAk<7lHan-OzdVHXD-KLH(Cw`c?}$3 zzH^x?dbk$N4Zi4PSF}Ql8uMjY7W8{(R%p)wHLzo!!?Z>xC{DLqQB`Y8+5B`TU%R(Q zaZx|R3vdX|yq^UgX{dVy8#>Pfzp-FF5pLcBJ24it+1Zbn?HPlhO>C%Z1ERes8eQyK zjK6KjqV(HzN;Cr3nc@pMvzIilGUq=vRQpgqDs~MCL$O5wY}H~Fe>g{TO>9yR~e? z6LQ;`^kMa{X{0G9lD7mB zAs~O|N6!ot5=3D{`@ z3j=&;4G5qCZjc*Od>rFDq_@=)$|VMsjSt4hYz_u`Ye(ekcQj1%_{>#dG-V6#`BaW0uabr0`pU zWCiQFl_iYV!>GR$KOah=;dd%=1M&0cguTMTmNZ@nvUA=8a_wTm4$w8Fb51pMI5}d* zA$gfbPhth5Tm`a~0RcOAZ*!L_SZy`qUUKwgBj*vm2`u7&g!!l#>pyRUD(v2fM0-n| zNB9k4qW}zSn`*e4jSF;A11YXCFYWCVBW!?3-oM5RX(RvWyng6Akab#R8Hm2E39Gh8 zIdj{$;y*;E#8w?klg5aljgEn>eY$e0hgHEY;A7&nY0%CNj;wLZdgaehIk5_+k)~ znSFQuM)hiJDT{tPtusp8E7hbShbPf8Ys&G1wC2#YwBN-GirPqPpht=67B%T`8QIxS znp<_8@1PQYmYkAnFk^oxdA|zno6=U-i|~ed;1S_&pS81T7`X6mx*9ke6$l3IUKtzU zkzJ;RbKbmNO8ZI%Cd?Zy({E%;*R(PyzqjL!CSB-ouJeC$Fe__EJ_d<05x zs2B1l;ePyj-ibC-4h-Q=TwJi#fxyt({4!`%Ji>Q7i8DskV}?CUF6)+r-S-fVqc>PZ z=~H9Dt+H;uSMBUW#OJT}!{>{KqiTC`(?Et`8e#dIV8rL7M_Uw@-SSpT?x4c5>nc#e zQYT1^Cul#Tv6WlzaPu~0=HRNn_=-fIeKPmmj^jUjAUHUaH&4n=T+YhHZd4;chlhQd zIB2C>#JxJMuoiba+?CumN51>Qa^NbzlS?K!-@1v>zmvJmk9G-kx;smqw^0vpr~jqo z!84Yn^gh1@Snz$z;{gowa>Clpc~0*KkjEvz-V}M9%nHh#z+-u|+z5I6=2QPUdE5YY z1#Uv>ULI@_cs^{yVu`pG%H{N^pvG@e_Db3?5u!uWGzuxH7T*7b^zt#qm)CM9x)cdy zIH79aEV!;U>_;yp-*bnSmhbS*!BQUoU@Zg4_l04A-NnL|9C(ZR+fQ%V6!~7p3RV`% z*UTulVfe3rC4n2<*?x&+!ONdmly#b9A(CEQnB`><^}jC`)(X~dz27gORmYFq1g&z^ z1<5Z;)}EpH5NojAV>d{rT_w@_E9r;1tgUa>tb+brS|ePQC>*p@RvS_+jFcd~lzN?5 zg05i`rQVtH^4Q8$f2L;##X9W6pO@?b$c0nEyM(QOT?6~y>yF{+n!9=%+!BqUD|x9> zl`0tKD`n2@k_glpsjF)M{5Gp7DI#Ga5i-Bs2fDRO(gFKL+KaGivW0Hw`OJbstd*Ssr zq_(7=D?Eea8GAjH)lu;9C#4!|zHL&dPAqqFHUa0A~E8>YMq?wx~AbKDWQe!uD4_}Q?W z|AI-kKo#@@9O9*Z`T_Q2{Ren+x&HuTxOAXk;DR_Xf^CmfMG`TM7iX*B7YjcQVZY1zimAw0p1k=g0<2Aw6!mM z5WmG?$O?^__Nw!bM-t)|JG{NQgr%Bp!dKja6u!rIQ0cg=Bs1Q&GE6>Pg91^v{DMTC z>C10XgYQO8k=sV$XK{hu39yh(sdD5rJ+!Rv>d>}mGBl4|^Vbb*Gu+NvaH>zGIKPPj z-Bjaln~_#cJj5k_GD`fsOZ*VFC2r+1QW?vM9UR?X@Sixp=}h8Z_|hu&Q|#Numu79ja=pyq^#W3nh@S37sWwhmF06t+!oT7f9q-^?WsT)m!DHgCB@(Pu4Z$;`@EcqvkI)7SXXu$+G|FnJ`jbEZ5-@+(0ifYP{G(tcC3RUgP; zE7imgWI9d)6xj8S@fW}($`A$&s*P%`X?t@St;gw zHoI$$EPH8>n{}`D+P@FnYrhnu?gbU%F?w^xQN^0GRhg{x|Lg*qk>v z!A!VniO@|oN=&$_<9zsamGSpMsirHT04zVa3D`5Kg+GZAl$?M8=-V++$q5*M?3#$1 z-(dpwOscV9R<@TU7R<^HlEg$y_Lf=MGcD<7eAlomQ@&++Y&8zEG7MW+1|oGqc7Y>1 z%$qRx>B-Ek>yeIhrLG*wnJS$exiN3X+fkoND_+j3z*#Q(?SFay6RS@HTDpmhppZtH zxu5$n6LYJx3*zOKoLs3MB`$dUwN#C)_Rl{t1HXZ6hq-otvTj&h&l>FYU4)x^)>jnn zO{lOegT!!jkYw7{{?X$W-yciCecr>(b(fakR0@s`Lb%ycm;A!=T8Nive`)q_W-u&- z=5ndRl81z{{4lG$;qADbydBp@aL!zDZA0dEd(F4O;Q&4e*R7d|1tU5GC_JmZN9H^U z`6S04;m1MHyYl{dwj$zUbd$7x@Z`=X%}=vSS!699;c zaUk*pR;8^vPSfz7zZ&zY7^`!s2UfW#-(D37El{ zoj3QU5g7@CSYQvQi#?>haErU0=`LU=g{J)^{4hV@5KRNu^xv4POFE~n<`SQNqD!x3 z`k6lcFqh7;$sEme?pD(WUJpPTesVzHnLlAq8s^NzmmPkv=cjf^Lmx)kMCjyQb|Njd zo%SaT7nrsoRgaG-mWA|k>5x^6LpH59d(=$qC0hB{A(>h4V3O^w&j1IgRfxtBj>O)1Vd-J6%!gUYud7m{dNN)dqX!U z>{<%a%gj!Qje#U~i!Sd$`33SWFhf_)=P4s{=EEJgz@Ubi^lTRY?YYvcY#)r+HDbAC z*Iw9v;n~H28S2iVY0$pRSo{Vp^1E98>WZcB$~5icW`IJ0fe)!FfG+ax%Sg4o5xH22 z3#=kRU(-I zC~P8qJ+)9=R}x{Zf!+-EdQ19s?>f=>6*_~#2&F1?H(Q0g#ciSToFWtu$g94-IY0fH z+dXA#WN-Ly@z!2zNx$Z+yia=psH&YH12y^sOR%<~8i-Cd{MAis_^bUj{MDB9tDcIF z*Kin;BD#=eNOTFx``NE?XcH!!W@e4S3TP#~CJMW*r54{t)bW zSHpx6{>dlg%>f)G42E1-xfJ@d;ek&A$-rD$#Qvd2NfY}S;O~&fy$ut#N;TOvX_(P+ z#G~I;>hM*8S5Hl#m2~!k#&Sy|tP5;T8hc)VA!x%4{Sy+RXpSx}`^W7C2%`fb87RNsm-gVHm^kQI$&D^4<;~uAIU>kc7|{=?A^&2df^SB+Wq| zy3P=d{|X;%#u^7$5QIL&OqB1y4$4)B?OIn{9$>aI(f(ZXn8DVl>O3%&bYH!j6S0}9PaX~IZ8z-g7h)XrM$mb>L5FlowLRUYdx(FQBmZE4u@fDO z8rQDQ=LRO^do|PAWMhGys4m!pru{(6O`0ZWL^*j=R%jU-LiAZ3z_6LtPZ!7k z$vpN$vSNLHH^JU7qaGzeqqS25&!HSVj9-ats+5h-ImOcXzgRL=DtatV@8SAG z8tk#PwXo!Ps|S9j&gsOgV<&c|!YZ*$#cV-+F{dCtQtg!)&XUz&VX_MmX>HPRBtUFyIilyxlkjjL7?^APr*2?>{m0%k{-5qQ2VynnWB6y;ccXr@J^Rh>&qn>` zyc7HHH~$ogK>d#F6X{0U-((katYVbV^us}}YI^gFL0R%%)4#<9Z>Q;^LuY7;Q*wG% zUYp0j6!St@ZVrD$I)`=z>sjFl-oR@8NTz+;`*ieDR}d{*fW<|Kv{-Ko^yzfy6XO*! z_lxh7>=uRaPD^bS4Yj%NCq%2;(_7H2688ab4@b7tZs!jmo&0)u}ox3zLT+4mjtf3g-QCtjvxc)H(%FMhT&^TXdg!hbCFZD@} zQ}mea?-XvfvNg;5013dd{NVw7NdPZo@qS(Aw(F$$5*EK4#nCUUTV4N4H$;W%4CV`f zk;D4Yd||rne;^-rx@j0GIHX*9P<#ZBkJz5BjA)wm|k$F@@&##H#-QjNcg^T(zd zuZzETPc_=*cZDC5YI?-e%Qz_*V9gBxm~cdD;gkdfSdfG`JGF3^1O%Ay-9*BHsjJTp z2}28OK>})dEdi0N1rVquq7(_JC87ff;Pq|5(NMP*`gy;{2B}W;w-9KnvB9@K&Og-e zm)3mjIz2tkul4(-HGfyXUs}Hp_WPyvdr!Y#TE9p8O%VD$F4d$_0lBE4TUQ#&e~g3X zSA=R;_LVpEZJAnN15+%?q>h^T=|}UCl1btLNOVe*OBI%DKoZM67MGJmlzR*vkGCj1 zvJ@Sm%+y_H&$|N_rP2lUSivID021up!24ty%5H=}$DhPoVNugJ7p~3oU6z7NxDyC7x5N~f3f zQ_qtjW{XU+MfA>+?qmltNf~2-LbXFD@8n8Z8Sb#8?g$=64vIqAV?Br0xjMQNBVZ;N zk>&t6yVE>?sAx91INh`u-t&Q0d{PI{&R`Wv_M8J+uRvSrve8|+Oh9T~&Zr{F^q>|v z&RT9@S)}|;@dN{+faMT@fO;X0T=w1+7TQwT8NhQ&Pc=$~i1Ixx+3oS5c2H585P<>6 zjX(lqU-4F@-dO`U!U^B+0Fx?`hf{zvxS*x-V&^yZe2L|*J9_LEX1kMJXpIJ;9|oa# z5(ETsbPcf`X>=kEQ@FSds|6?69C~5)t?-3uvt8mctDzTyH+T2>y$kT&Fn#(38Ch_S5h;KLqzKCM^U7u2jiutB(x)85vHN-i8k6^Ovxy3 z!F5|pUCp`N=AeHYf)?ax*ggjft*!)TB_JAWN`pEa`Z2)AqfH*$5umRX=4%-6n`{vO zS!6N$*2f6!r z5>XCT3zJk!f>}aDYH+l<-NY6WgOec^@YI3KD1-0OrG06pl{ zA!x_A5}^CtAkq%r2`OOLtz<<&`%$P=`ITa4Md&BK3yzilZ&cBT72Oi5=q<>sDj=Z7 zE`huZJ58?l9Tr+XjB=6OI-d)YZU}Jk4p^7BAULi-8T_YlZ5!001chW2sNX|92G$tS z$j9ip6ksI*6R~jK++QAY$a}$P4}okC(wBnV0c<+`GuUExUItD=3oOk}#BE)de-s^( z)A)8ma-T6E0h8Bt|H*^9aoDZRcZxy zgKAdINYpg+Uk1e2&CUStKvaTbNC@#;d=Fq)fY9Rkk-z*#IoS%Od9p1EaaNb7+obxf z|AxAd35W+UH^I+tbSz)Aa5 zth)p}pMf&ZjY=(>aGMMCncE+Ka|2hPD@@H3s42Lk5Ax!gTQ98EkZyz?-N|*R0`P{MMc>Jk_xJqTq)J+`%m-vJuM4`-MQj#L_Ph0ezkV-d z&dyk8J;hw(nh9MK8`sUtU`yc!4L`$FeI#)$&P_3?RsQvxR_Lx`u?r^`&{AsQJuO?# zLZMnsihTKbmhrDIIOFU^$ zM`Ca!3aF^5XS*N1!Ex#e~?2|*3{{# zM%n`UM@AcO8sN@EvdWL|Y}5MX3>)}mW}B9jM$Zg6g2Ut4c{J=*7cp8TePHiQ>e<7PTC2zu{h|G45^` z?wz8ZrBqz;3tM{boH5P)|JfpOc?kXcjz$+npkHUp=Tc*^Qx;H(vmR-phC7mgQ!_6d zL;VTPxF!Aw`dq+K^nC-{qX9*kQz-AAV%MJzcWYj($$g+@5?#k>B5Sy0m zvUVi-QDWmE4UC6C$8rRL(|P>iUzroRiF0ft5eo#<)tBSU4ln*TvJTejP5nu7`&A$0 z6|q+L&?yzqI4T~!7Mh`RYN2AN{{a%VGfA+)Pp^Aqs`Y}j!T?Rx-Q)gXk5&-&bb!kP z95(Q{sevH*dw>Jo@)AKU$h#uU15Z$7Dz-LP^XA-lf{Qedpliy2o*q`0joo%)EzKSl z<`sbs@3Rn!^oe^w-dYm%1yM*ZLF$zr8oTD45{3If8eG|(?s`{t_fcY`lq@~JC23Sl zKF#3mMoHKcsjTm4CJ#N>1nFtGjZewhVzr_pVavII085OyI0Kit3FjjkVk=F__ffKCE9-fnZr z&0d$Af%ky%#42LMx)DTVgAo{Eu>6BQi1W8Pz%6KA7#--mdFt5$65WdgglN4eOpiKP z&VFwqew|o|%+W}2{IZYYlWojoL@iOCdRKHXqjSu?L0r^*HcfCK5>4P z;Lwe@$Q_In4lR-@P5qWbtELZ^Lz7B!=*WBlhsGnJkV6IjavjGL{h1Quc9u6R6%aHi zon#+xHGUB{?7p~9GiV}l@$Iz~-YjpZ+@}kvM>8v-n-9k#Q;O%A!G98&_wX-ap~4nL z6?n;}ROn{~{*%aL`7hfX2-7IL7Raa~AiNU?nWnpfPPZ1TNawd+k>6hD7J_U#f6R*f zm~E2zFl`G-+bWhe3Tc`U*w_Q$j*7xf089v@vIGpmwJ>zrN!&o15Vze|NRrL?ma|FFc5X5mM`Kwu~9OC@T5z}xUR z;QeU2WaZ;o?`~k0G*y9Wv058ykfkaWYG_APH}g8fL3bPya-`)uK|Ovd`O&iLA~WcX zY6gDb7vSuGAEqIMqyAo9?0n_`N)DK}p|em~_tL6#-2@Vf?qa&^uycofULV=fkJrl` z{dm1K`MRG)(}VRbsqou4GaAPni&s|<>#)yP=OtfDWc#KAkyl4Xkyp!6fSKnUi8H*a#QdAIi~V!wR5cu%z!vdvhIf-YoA*DDh4V*T zPET3t$1xb0;Z?Xhf!rDG&Rlgj(C)Fh+T!MF zwYkp^(Ht=IPD<@i&DF9wd(x^Ah|*;)S!2d)Shg_MkWqzi(IpT$wM^v?r*8Kjy8Hzm%0EZe^M95zOaE+5 z{&Qo^(zm=>3M1r^c$<#5`-;cgugi|N&8c_Af;VYi@})$}e@7)>1oBgo{*`DtM0-*q z^O0y$s?v^Gz$hNGfDx1(vq5VzKpU;empse9Ryby99YJw;Fxs|8*vgMt2Cn?j=7h-& z?S2mPC@`3ep@ueg7{&e4_dm4F$OPP!6L8a-G@e>9dJhXX98KhW8|xLtL)(UEL2V9g zOL%cOIkcz1E-m2%azfXHuJWV%P@dU!EOUD8#gTRX#d4j0u{HVPMs_}^(9s<;sDAyc z4o;_z@3*ZWMlMtMJCgn{+S3EXo`$lnV@dBLju}jDI#b@2GMEQ^Fb1s3$dq(PQ{freo!Y#jdZH7#5q6xer!(qZeJj49CM$#rBTI{{P~5*k8s&uD~3e zS)l4^NX{*^bz9KZ{kPP&O9^V5#6LY>{L`2#sBsM3W>Vz1`Zz`j$Mp;-8XR@vbgBGs z#C6?Aq6;X8e@AB6g3}9XpzjQ2x#Lx$zFp|Vy_n{W@cH`e3km~G+psT;6qSk6g0UG% zyja04i>=@gV|^=haEP&9_b@*lfK>o$@SQwfnM;#_hL9+k}vH17feTwjRFau+q8jqs|D<3Nw1XiUt-qw z{W)&|*3Q&}TV*kdcqqR^lI|XAmtS~vwI$S3;iU=w;v8D8$(L&)^0>#zuB13Ktz zSx_(uLxI|kpim5P8!LiS{C=f~y#Z3>L!@`NAgQ!k*=*z6khbq9GDUus4d%|Nml)NO z(T-@@#|FLD>G78$isgL?@@pd#h zuA5PCKX}#qRben8jNftp&VVz!{z{{Q*vRuEW7_lOnD%^Y^7)ONJ$cOt>BD)r8$A1T zPJs={S45Ml}S3%OAeuK03J`PS~?1Gvmr7C?Jwb9yi z-*95lh6|8W5zMnLtcxbVgNjBI&Me42B%a++klhf^-nAebct(K_l+|6&jf}g`mE-Pn zt;y#$n!5-Le2oi>S+}jQ*e$439J~c|H?{}0#GFPSM#l!pKyIRzoy9GA z@v-ol=_1r~$AYnjgQx5K6N;_Y4+Cq$^a2K)U8+oNqGejhcCCw@#nh-2yNG!X;o@oP zlIhzfGPH-mON9XW5F;+)jPmn|Qf0;`++8Kco+C4<)dL5G~)`H)i`o>msr&B!N9LzN0S}pA!vlbEb8h@#aOLF8%McW z#H6pmN$?#p7zA$Fe9vPEi<6_3xs( z*rbQy;s<|Lp&c++Vri?u4>`iRCQgq4>(fHn)V*^^o9fdzJ1Th><+CFj`_Gme`_Hx} zpWW!OPpebHuiFOno7~B1&*UZK{@~%i!{m+VGN8ChI9Yu2A-v63p0&KV1yv%?0IQV& zZOK$&)>SNkkH|mXMmcvNKQb!g)J~zb(yLDMt;zhxQrW(#>h@35{&W8>djPz#KtGUAwHAx4P;}!#e*D5X-%Wqv1pE&8H5X^)@ke*TcTNTk@C79X6aDFZocS7mif7!GrDe=b~4@AX@ z`^4ouAr{irXX3#*WL7b=3l)U8+e=M=C3z*Eo8m(X`+U+^@>e3?JsH)wR+4T)k~~eG zi_yAvUig*>TF%gz`VMesQb(n}5yi~&34?xCNO<42JPk$Md7m`ig=$(Wk3u1(<#42g zEbuktEhyI5Dca_q1Yd`Lr0a(Z1|S-q&qGPdde{m7^3y4o#XE7gtA(fZ(EhFN6AwG! z^Ed7jk3ZmZq5H%O5BSXDvn&D5LuS~%f6M8qAH~~GMqyC40Pr^a!D6$$G`=SwZG{#7 z@usT@1sgX^W4Ni&Lf9dIwI4t#8njXkP_(f{?wW%LJ= zIfvl=4pu|(PJ{h=u%~sWUEztzO$WT?fV)e$t)v%8(B=5gYMY|@HM1kJsW(TaAm1#f zAm40FzUh1U3G`Bsuxod47elp5i&%1dShNPzo4Y2)EXK-HQ0d%?c&W@<47Gx!ogt4t ziE{xMjZr?WtU-QbWR!TL93|dpO}_DgP-3GE@-LsXrt}*m-VL4v-jqgMZ@VLX2tIkT zI{W(XkrD0R<%st0*5toG5Ta?{AaK8p%3!tV@lumfn8^Q*m;5R|OO=GtoE9yKX)8<* zJpjIlm6Cr5D-!pjArD4F2WX~5&Fp@J8oyro z6uj?(dgnNx9yiCa&1k^;4m)oeQ=mUtvgq#q3GhIRdaxM{)ZkN$$QGQawEVI0%>OI; zHZwM=AFSH^j~C_tAF0jr{)XZ9g73N4mJb#r4QbViBzH5?mQjrZC1h}}t3ZWZRAh0T z3RyogrN6$M(qG@2T)&Y@zet6^*5CetxdfZh+Jef`M!N(H98E7na9r)*HX@ojh4`rrEu!0@b`?!X3ZGX87*}nsoU3BEfMOA zxPjRWEnuPd>Gg&9pSW*XHD1xKKG&6hjm(&D%EzF*ZU)~@i3}0&wZeRSE{4dJ8$Co` z8CiEsth{+ojJ6r`n)JeDMmP#ZQ=$7UJEqYoZ;a>hB z2zN3{>AK6O{QxQ4#J^-aWDULS-iUk9g30Bfum?j!*&0xy{2sZo+nn}}%DlYbJTc?@ z8j6d?+cu-^&{6VZLEl>>gxm0*Y!jsBhXt}V3?`w=T)Y@SL>!?=cLzco_9=wDmxtX@ zZ%2S46!USX@mw4Nrn*^%%LEXuaH9-gUcyBLQ}(Vgx8lku-y^5oUKrVEf1%uHf1x$` z!bZ+i1UJ1CgJ-=I)rN7o=II=odF%-Vb^U1PYOXo-`#8m}7fbl-n!^1fvnXGQFLlYa zO?Dm0ZXhKOx+79p#`C>E|}F0`81wc)u4j4RC5-vbx#fUr0m zJWSaUi`$Bqmx6K~0^`eDlgm9huK_UJFSTXUj$`rn%Y0jx_fUlhn!40Nu8f73k$BXH z6v)K*ZQJ%5Tk(402g$y(6JJ|#HWKC|;q1hzD-z>-&Q9zI`kl0bP4>zqSNP&DU=SQA zyX~TM%Jib=_A*-A>#hi*Bk*8h;Y!n(x6aAaHR1j8LhXIO3u>QOJSFGhIFNc-Vt&jw z5*A?5Wtm$G?Ad`gq9vELCYO22pN+O6=$kq`3_(u3{$b?=NV9(TnET?vK`u%^$9k@+f?F5{9 zY&O7P5oFEhil)bM2Jar zR13E%73x~-QaYrdQ5>{Jh%UsVWgmUrI|ySzYfxS9sGkijoi&9aM7cjnEK zW~p#QA@s!*Lf$C^+%hVb|R!N7mgZ%XRn3*5s2L+g%m5LzOFf zMcd3oW-s}MxGy`&zIVyN;LLf_dCK(8Qh_7*Zg{gHZ;(uTl2E$Y}LIIa)o? zntWg*X%+0m4!Utax}WXHF^I=(#YcmW*50D<{Vg~$LOVr)D2sQSh;uIy>DdQ zy{}w%?`uuox6$2o3y$l)rh5lFpP_g&V; ze<5m4JXVd2xU0$$cU5b0)dxsiSkl-8oeQT(+s}6)+}sr#>{j2{`>~X2>hkLELW_-K zafN~8AQT6)ttYTbwOXMlc0sl1s-}TywC!zha@%ICPPH}WjohaQzd~Lt z(#a#=H3F~mK<7)Y*BXmwbW24njKzaID0r~Xu{R@Md^f}K$nskomJuy8|4fJ~euOyt zTgQ4W==cf;w2zaRo{>q651@o2N9}P>YqDn}CB{?SxmehZ8Ci||HO}P(f0q~@kCuNb zqz+~n{ka*vOGu2NXBK1e6l!FZp7Rq=CCpFYNB7~np*2%-r>%xRod*HU5_$wvvb*jb zaiY8bV8geHw!A`^*u5DAUHne`PwU^24cy_>b-lb_VbZu+{jvcW-3%{P-Mz?OOON^d zvZI_?{4lN$h|Kfk3?0=(YT0qFNdLd$MIe)+Nm9%5l^h-rj|U2hh`4`WH48u`?x94Y z+^-7CiIVz)FZTu4WK%&o7&Y7E>8{Ah1x2`k9*p*&zU|6=qM#fHw|4ORu1KPw2xGT_ z?(HBUj(=nZ5`g`Sufz#4n&p0se-z&34&L&Da&+^w$kndMwFO1UeJygmD{@Ie5e9sN z@xI(=UAfN{l%t{-fx)F#h4X<1%m@1A{^u;jF5B2QO>Y3@lWIE=wCWGRMz4YAy`a+& zFgmG^@8(R}XZkz%yKJF-_dRv{xBl`)l)xL_7axE#H5HR_si=FAV+B|Oq0Dzn0SdYQ z)#v9(Tm_5hiqQG6={_QBCnJ&Kn2dzZho(c6Raca9K70{$)_VL%qFsm{)nKVWLPL5n zs@0{wGA!&AbO_z?NkhWZzH?A`;@n6-OEQ$q_qET)DQ+HVqpFB z#`i&O)|YUhlj|@T7g{Wx*oW(R(1r(`}q0}{qprA3Ufj%xI%=s%y8g}HoGjD{X! zj~DO=>!_O-+nz3Fo35ii-I{!Qvu4}LUyQKrJHq=CYVj1c${vdw!&w2!8LMx>?a z0EUOlIiw6=UIynknECy~way=2&WTL;=v-bM;Y_W=d)cnbtd-vLJCWA(e*UIB9-Siq zbM={cL~?o*6fc4Y9;rI{D{n7lbk^;ycwVeHVwJv)W&a&%qfu~xJJLYspZXO)57apY zKzBFPhRJLiC1f>$t&Wq828uzwV&W;nw+KB&V&^Tno}q6NZZF_w_w)9DGagvEx3LDW zc4wU*P*{Qo{bp;TEe8ely@R>y7O;L~%E1>7x|5xPWp}c}{$0es-N_r}Q}1`PGZ4&6 z+@on+y9i#FDFuR6i(7aQox!RN@e;h<1gY=28(sQp_En8x&dspOYP^|TP~|!Y^i3(D zZzj2Sm!;Y73(z${MwlU!q!?bOC0U(k{LQ9*1w&_UJ(=(_qk zREhcwHRpSH;|Ln6BCxNaV3>freB_kcug;u(B{)K9Dz33gX9)2cv#QOZtb!UOQiu~1 zf*+%bB2j}+Z3EoHtI%uQH{LUYQtfe{cpL!#&nDZ`rZUlTC4t~S9R6=lcfFT3TPH51 z0QfXBI??j2Si*-26SmR&j>0Nq3KQ(M8(*U9HE9T3jx@AmB10V^g|s7h#(+Jc`{GjZ zC{waSKjfWU$59li2(ndHY_@3Tdk)D(7!ivK2zHj1S!51AiK4YqiT7nxhlyGQS-3Nm zeazg{$jtl2X=;=9mB;tvow~hHR(U5GZ$Y1lyf`+`?lhPFPc-soH)aNpKrAc?Zj=p+ zH=~O)gw0CX?B;-Dc0w0QHd}zRQKbnWW;C0{(}W1Yp(vAXS_u%mr-@`Dm|O}w zA(dJe&Cr5Ej~7u!U`2>W?C=RZITjE8#qyGv-`^WyPFMaacH4k ze67PTdKuD+r-OahkHxSdbRr(Fn*U!?rD>5lRuQzss6$W4PD>2PDFtk2d7 zx{kF^WPOI~>&vOjP%F}`ZyRN|xBCz725)RT^HFKAF9nXMd*|SEU)Vj1&v=gyF8k@hK5XRfnzMi*rf`vdMzPx1%sQsZEN+ z3nv3ALgkEVhyxtsAm>b(m-!)5bapAv1pXW^GBc@F{#}G_oPx_}9SA6pmeCG}{ibe3 z{Z16*f+1BfVg6{%2S>p5cklu-b*Wrwi|$AEYxTSLX~UiHMrIM9G(*7lo~|B-fE)hE zmq}f#Z>fA4j9`iktSNV{>e%Mqx7mGW<;lFF<(=R`DcaO$9-Z}`BrLUc({rlO|Gj}4 zn2kEvxCSjGE{HrcvY#kd14ZS_kEg)Q;)hv$P>Va?oZ08Uole8}MjR7ogo^ zKC89u%$`gITo8Rju&=K@+d!kN(A&6D*?Y|{*sDpH8V!ind0lYFEV25Va9=!rP?JsehcbbNYn0Z&6%>V8nUL3KW&d9 zwy9bXl?<&K_C0YB^r$P@Z=S|VJ5cO`n0GkDB!tmOFQ5CkC&35JnjgbD491$TOVf@uJ%_VDrwx&4_ zYwDYjHLIa#3VYyL(>*O@&9(cGimof~e$uk$#qI)Z7mhzlp@Xd5ESzCr#5>jPW)aQhv=n)OUHO0Q*f}pCkzJvYACx zM3#=+UHZE{`Mp$Y`u$XKnraeZ)HRh~6gou(1B0h#)0hWl11>7bP%`@H_oQM;&X~;)4 zT#>Je2HzwkeSBbWL>BEKf~11#Hc<4NGhW0D?oKr<%!B4q=NCeJ<_pOCMVJTk@AJ-C zi@fGAZxn7f)GuePbPgp%uT9s(6?S#iAauKDuGO|#@0R9COMg_LK}S)Mn%^E9YOkkj zt$!lkMEH+o_Htxzq7ie^n}gGMiZs1R*gJryoeFh(R0XaAxj9Tk4~1;{Dp_dv9u=~8 zAF|%gJ(&mgjs~s8N6=Fgwv>AA$Fn?Fs(&e_Zy%sUBPhbn_r zTB)=+)&8yj>`I1EuV_^Y^+aQP*uvo+yV`15-<+?!GQ9)M2sT+;rW_5jN z^!NF~Hk;WO!K(Dw{1;wu zvN|^wvx&!Z(3Q>*Z`$|*->D!th(;@d41xu2AVX8oST!TP1UB9be|6Jg^X3k2tZC@y zMSNojO^*yA)n=D-Y>93YjP(o5EQ<7|>$mqFQR)2cAjrk_(OZcWr|ZWgGPULNMH;i2 z@s!*2QvQJ|_@_`%5;+UXJQaT9@`MK7ps?-R4{eJJQ4U^_$Sg%}qV+bG>CV*pu9mgj zskWG?+W|J6If%2c2!5AV`Q&tH=FE0EVr4*yY^H%yWU-c=pnn}DEUWe`LyvTf#V3ke z7fuu(pAZ_qG13qwihF)eEc+SKN=EyapSR&tQ zwYnS5k;2x9bvK-6Ka~&Uv7IL_ent9xlECJWyoEo_ zY?8uB)R1&M;vXR$oqWQZ1pZ5fKKp($l!te=Wjd(6{b!|Rp|;XeXnWt$_I;~*0U%@o zwdTo`%gPGG)sbUTkC}Qkaa}4UF!A~>$vY_f=6pdqMY9c;l3S`)SW;4wKY-u%;%%8t5 z1eGLo^HHLiYio$qm8CCrD1MCinY2)9ycPv^_B}Y{)qboh3o(18qu9O@s@6RBvE zRH8A}0b)_Q>!XFjLCw11pyrnh>NAAbgAZyEP7$X*VpiOB_P1C!&ff+K^2@5p$Z52s z!|*i(fPg4{t`ftLsBsv6Pt0~k`y7!wuk*2hPZzYfL{$&eF`P2^(HzJ{5HOJSEcHI+ z3*=G_PENSYnO-VANMy8%6HcoN820)5OVTM83qGlE`5Qv)wS$C*eucFy*`EXIh@fC{ z#N}`6;)IIeJS?qQ?1!UZhN*bBdbU_$=m16>87pXTx-t@4;C-4bA>Xn$Cbxd0uxwWO4 z>a^oS5~`nnWF!GYi+;X3R?@FpkXrrxsPjS&nd&oqXz43#qdU`wo&(wlkUuPnypDpX zyS0_W9VSP7s~xLior&Va{DR2)kH&{%;ICV;CIs!_&&U`s!ljJ<5r?XmDe0yB6Y5%i ziLU)?NTyN(V!KV@rZLh_jQ@Z-r`UyJs#!03MMf?$H&rPW zcUTPp?-W4Xpj{)b!S$x75pzJzhD^HRqF1=s=N6~=EG-T(K0R+OBHB1 zmL7%+b?!fe4|#ztJ>pOE36f&iF4X#`LOMD#W?d+u&)Ne*30NYs18P5%l$J?QXdM0# z*?JDdu;1u6UF=R|b!WQpuM&#CKqw{)p|nCtLd}7%nJJNzn^lJlLa?+|m~>C4*O$(L zH8ayNtpY*=te0NOKM)XxjG^xP1lTQ1G&g_A8l#+`En1N+1jj&C1sdcng%$=h5Wa=9 zFb#+s4yUb@YYP~$Vi}R0EV|ArlZlx;N=Dqqv1&`{mq91W8tkNxtS#S)L zeNZm~i^{|D+AiEX6p3F;O^C!D#|av$4V+S-i`Iiy)K-LcLB`VYGlWV){Pa>5L;rt^ z*++?y#as$ZMkglUp zW8%3QJm?&Yi2KD4t!cN^f+^vBS##IP3CYNL6&{hFf=!haiCn`Nx6zRsGw;{59rUhX zBNWp0Xa255_`DNGT{@`fx|56b&m#VTU2lN$ke}8eLU(JO>ocq|_ik+{SjT*X#DQR? z8Yo!Fb}SckVeFj9wsK1q@a!&gjVwtgJCNOh*c$f3MzY(@OH|?jqxXGW8)@Ka7yxz1 zyEAn_v$k?7f(gCpt_{3sqOBT9X)`8q*`8|W_|3h>bNK+raGWREx1mr^)V5r1h!1HaJ>t^5EibLUtFfb zLPABVbNbf4t{^1NPiOz1hiF1#jvk{0H^+(xAB!N6>dfC7&n4H@(P{NhV{qO=5R#0Se|6T zxZGn7f-b^XsGw-#bGJ{0EmfeU?hG${KxaW%iMa4*w*(vX*QqYsn}%Prunu3i89*|J zLw7T$x>!1JD3}yt8G((M=XQrY4q$wqE)b-cPD~Cf0@)@oqWkEjxMBuDtB@yJV>lC2 z$w97;T0Z@|8YdMtK%v?r4sKd`6;3NKx%F!Pi`$l2^Nl+z6Ui0X%rroPfvS~1!v6+yi&tt=#=bB$MJ?@ixXnVoT!k9sST41lDU3KEITA*d&Q#s7YuT2WW$ zeXh>uL@Nh*EVzhzi%f~bW#sOpD(#$&ON(PY3mwH;X5sp<;2I!)0Tr7EhrbFOAR~D> z{@0?;BEArqnkXyFws*IoMlQK{3D=SF~bY>h_pZ>g???!RMfcG!y zQ7rHuW?Pz!(`=&>mrgE7HaIPKP+=N^VKAAo>IMe}f9ulHOJ%s*16L9!5eNAsATm)j zMIr-qiJJ_7oXDJI(}v!X(VRYno9&HI!>*KG${`4D3d3I_1hiTao?#5Ws20~!XkxM_ zk@;>&G>Q9Vx=_XU=qvcpm{3uVK7}j@JF25&wnujG^NfY=NJt`rT(W-y7*TRSW=IfQ zlmQX%?K^}AR4RfS@sG!!2B{4GBjw1a*}}1aHv%@saXiW62q+c7O8f)Cg`;tcLM2F7+eSx^Z0E!gniVmHf&<*@0i96Pd@t{%!&t_fWN^_y4e2DNS4~-{y^*zsMpLk(=>;3)3V!Q-do}MODr&ETX;*M0g8p<1a$K zJcy%m9xnv91=$tBi7XV)!b+-S9m*`WF8^5g;yW=GQ*bYUMCH;3Z9fP7CpB_54NY;= zMesybv7&ztyLv>0{DxXnmE>Q;-XLa}g8#ay^veQZv~irhfe<{6?9~>-(VfAyn^L;226H!-ujIp#Ks*-yAp8|k2Qbvy^A z*Dcu7w{4h!SzC>8U;haIS`3MxuHD~-9<~glxVS{4{~Ak+E@XN)c4Ma!|3P55q?!E# zS{a_1y{!z0xS73)@bF*sAJLZaG=?Q~qxZbbi=`tIOm3A-Mka!PA>McmfPi$(7zI`( z&mnnn2TCL!66nT$37%ryHDjvCQWG9w3?bPpR{*I3|19P8{#O8DBVh(x0utj>x{xXT z#Rd4l)om!VYbQj6A%n|jtB~+JhtmvSV7lylzyx#>dl_zy!fa5AwXx8YoJ@(QvJc&kHY$`G0YGy2u!n_wJTzL_ z^AQwKLbOdsoe7Uf6fKEE8Oeu>7|eKUL>NyF+Y;21{N7mB1BPwmQfwWU)IHzWhgM)vk$B_lOn(!vYK+EJ9Pgv$%<=644n&Zek0Fw4c-T56@B zXOF#a+tW8dTtg#u<`_om-0eZWzRota{KRB)qJ_d?LlovJx6MRX;X{O)&5@5t%vTl^ z5%b-DJU`pU3*&vj5D_ih?4XN5T>L4xUuC+x3?n;ZEjrf^3A_NU%XJ)?vjmT%$<>=b zKrVqgR!pS~yM!?R0RB`2M~m%E8Zx-$K&^uXHQ5PexE2ZGB6M7nTJhW{bMek^0!zST zYJavmc$wokgeoD;nrNOVFa(M4G*?Wo(QLHK<lC_JB2U zVMO%A*HOm4yOB$-;q6ClH+!_D8jgocwO%0Eiwk@Zcaoap6?(7E%D%3Zdi3kd`h_YL zK&B@JY%&c#ji!c=ZsGvj+$*iQ*;8{vT)V4!kc8?@J!Y4qae|DSQ$@bRe}J)sDAxpB zWgrm|Tu0Bofr`a9^I@%kyXMF^Zq&)tq7+G-TDI2SYi&NUFNp1Uc_A8<;$R={{NrTM z{9*@T8O~N!A)-(bI9f?R`zKDWO3c3&>8v()PF3@d7b1jPiv(@w->#i|KOSjkw6s&T zPo3Pl-3W2H1ZeWiSJjGVvD^FA)QT5IiE`-z=djvW3iCNph;rT`*VrZ4+fL_FgqBTJ z3Hgv?S*7Y8?9f|S5a+2EN8mT0c?#EbkzSM^-ibdp`%t>OGW#jU;QdWriA>*C|nfDkhFh#~K-ok4*dWZeE6Y77NS zj@yr@Fb{9s-tpmral48fEEu<2Pb@!fe~C_lx+{ug&`r}a8!P9>V;hH; zb6Ld{HivS)WV;VU&Y#;W(vC(-ha=~`AZBlAIbRTkI8#JOZWZ=}yHL(&^bIDRp-f`; z=MXZ{CsQjdAig0 zsk&A$qu5c`>o=r1T>AN)AODATZy;F96qo(D#YTv-Mu@UMl5B5a4c<+gtrC~gt@CMS zheSq{H4-bt1M%SIAw`gvyINZ=bf39~I_)pkryNn(yMf?~@dQvyC>HNJ-n@iQEERp% z-TRfXu2-{^?HeEs;6hbMncVm0Hl~PL8C15;BmGo>?6M;@_MozLq?IjT$0=h3i(ogK z<-NjeD#cEgDEhjiMS2e1o!#6g?uA2XoC#CsO$by^*$9P2YGi&8))>$HQp4bKUxt=( zD!Mf~HF5H|0<6!8mYO&@W$%C|bI7%+K3m+|es}_@;36l4`T(o4GCijjU5T(AE-?_# zyRv{rMn%n&-hb=(#kV#{uKF5XdDIWw*{IW;cYsMnaIeJ&WWqB2-ugwZ)r&@e{}$U` zknEF-kKBHV`7Ez1!Qa)YxJzz~zc2;{g9@mHlXkS;M`4hol8ups*AfTHx!!!X+Le*x zllaKLp4h+o^~A}m^av%7C?;Ah_7IK=!9`eU5rRiuOpm$i+EF%_tZ`O51u z_U_~zgqTa-fy_K-0dJ{mlNXZCY`nvs-WN*R2}GEetLi}`&8Un2?6i${+kt}e#baKL z9oV3p<@slu#8Y0)q90oJK->I+2sS_jDLe8hhe|BGYRE49;><@R)2=?xZZ=nUipR7t zI7DkL)OizfzIl`lAHjnoJYH=;Ya4tLeG^_$91PcNvYCrzs8Tv+FEo366fi|pX1B|{ z-~4GYuToqr6-Ir8E&9znxm#G*d<n9T%ON^b1Xr8)>h0zgH)& z$ja}VrRdEV-xHIo6Pam9B&CH7Hgdw5piJTJNQJX05#yu4eU!$lCmhhqZCe`C&}YKN z>;)f9sC7sBp32;e8pGoX0fkI1t0a`-RvaGe6)4?ozI=$i{|LOt^#-yhgEZDH%d;1l zlRgGgxnZHh0lQa0;Eb9Tuy@AJBrCRuVLryOIGY0%yz;|Jm;=cd%G?nQyaS3O-b4(f z*HdI%%79c6Y&k%3MfKR$EXMuj#huuilg@?awq5b9$Xn|WBL6ey$z=zA$l$Zfk01a(K97e*~)C-TUqs-K~4afH)MnxWb+Ko2sq@KUuRr z(x-6CU2=(A^rc{A&NG$N@OpQLuok~5R>B|r z@dJ`S?PzSL3CD^sh(c?w;lgHobMH9+y8D>n88!`MXXD+qrUA5Vr$z$|{ape5S`jqi zpL7!+7d#Wcx|99*7f>P7jRUmIQ}GF821LGR(!CYyYu(_Moi&^O1)OwC0At4PZ~IJc z(_Hiii)dR2TxkK2-TbQ17va=DO|PrXHmzSy@d}^5a2|IpQZ+>NYZs#0cLz|;O}lO+ zuw0Wt7>oeSPb=Sq-CF;lL>r6&dbXbPE1ErsOYrf)Q~r z$`&+syD-&1l3@_-a!v0ikO722)R{8?`MFUO-Z0~UL9THy-adXo=k$9RKOrhWyu{=tRYKK(B2Ym^gWQ zqD^Dkd|c4IpLhEJ=(U9WHO=eawfz`Cllq{Bz3I4i0X`4#R^ak6fyk0%;`7l70#}~<+ zyqys>UN*)|3Ku)#7ht$BN0hxgcToXF*{QdhAEWuO4OMs7bVP48|D@zl7sieXx?3zb z6)@)yX3EyXCy=If;&+Ksn3(7R&vPOP(DjhtmKo6`SS{Y%F~6Zi;^m<_!Wj|Bui2ha zTJ0zjXsP)h2S=V3LzH@~Bks(jbmT@TNM2c9l7-uehott9BCc>T`1z^4w0rNWt<_`*{2YBMY$UTWIb%alqV0E$BupaaMv5qRT2;F5) zfI6_VuggaZVG$6z2fvUwD%nQ`J;}B9%XeX1O_gD<4PkRi3 zgu2rAQxVA1KFsY2;Rq;$oYP<)JzVJklSmu7fOwQMi9S(g`~ zA1g%YZwV_M?>?P&IWm%fGSn_AXV&$x+ND^LtlGm1h@8w(cTi|z{to9w<=PU1CR=q2 z-ZI#5J?SfMO?u@S;d!|9x>>{4*ZZLbP?LOTT(6gu%~4;stG<3q^>sV-^`e-*{#U5! z!4FpHuz>LCCjcT)BYX-#G~_1+Q}x_%CygmHY+#XXsj8>DW|672%=kt$$ueVpDg9r} zp?z_v&O;M5PgO55%-RxHIjR0HxKysO(-TLgC5zqXNM0Ba!oUqKZ#qtnn~qOKIxUx4 z9TZ8hg!yPR$q@$h^&Y4b`62Ak9wxLyk2;lp-qs-9i0sglFNR>|J23kwm>v)f|3&Q3 zJNprSu^n2^3L@6l4&4RifHA}fOlXHb1^7s`c4#-(+LwM6Dw5HXI9xk){ z=&#-a495=bJ_NM$Lp!uE?5vDs3_;kTvFHf2#X@Sw=eF`{hM_i;H^Z~7*ZgeoKE3G8 z!*Kd^!Vu7~XU&b=@Z_?_V%?&updEXB=1gx(Vjh>%@8+?e4&H^meSO-ZM%tn~X^XDA z%hj{$_iZ;;F!7I29F<^;X306mrUj(-#ao6VbdOfD_x zypY5!&DGaLEX^!Tq7u8e00%pN#@s1AX`h>4hsSNh`g0$;HfbF!357u zF;dlTeld4l2g^s|V}njHjzWB1i65FQ73GOuuqlcM=~u5H@ z+sy-ojf!s+-k$i%1(mwzTYM+HNhi3IH zM0)5%ng=($>#TDZ$TJ?6y4kkrl`jGc&0wJoi8V7`k@-W&BV6)x4!+o1ia>bhkL~=B zldYq!4oL}=CMrrjXtoEwCvpmKN+Jk?NDjx z;XE6;&Lt5FZfs`s&Q7J!chG%iBhnE}DY_;x*(}q0>81}TyM8mGtWjdC`%tW4R@nS= zV9SWHy7?MSb@jzwpSXLOz12!#nPV?7<47VWTtm|L$ty$pI#JzG7}nHf9(X>Kis!|r z1`9gh6{!FP?4 z%)Y}JtdslFWJ#+)>K2&H77k16PG0O2Fy#*$7ug6S(e_iK(ZcAgy$G>sp4k%{TR@{T zFwG&2j+4$tCke!YViLOX~rVp)ND?9WpcCKQ>W3bWefD9W>DG4o~yT_-$rn zS(nvgL%5Se_(C=2=#^u5(PcuBys92(W}KEfN;?qCfpKbp=D~Fj;19{<0E$j%@N{8} z)ZH+@k0(UIn4f=*;LIb%?m|WWwsRPf4;lGifa6v2R0RM74H8jr6WE2E1X@F=qG79t zzg|(S9`=wnWxdq=6VVB@-(_xiCX_3^To!WG_Lj(1s4Ax6z?!IvPlhn!RD^ms0&D5z zJ6lFkY@u3@B!i-`_b}{bsbi{$h@PDxZBP6Or&Hz0IrsYl>0DyrBt0rfACNE+4Cajuz`&HL7YJ@YS+3soCd!}XY zoR(eDU9~s#Peu2Xy{q{*g&(kalE774ls$FtTBeTY7k||82maREzYY95E&GMNQ>pBf zy{C6nn49|1M~Ul&&%HZ-)e=9@4J%2ySk;cG;Nm7Rjwm>5cNN1vAZt}O+@8PC#k z2_H$oEB81@YcSt~O2m{6D}r!bZIBZM#5Xi71iwfMlh`1`a8-><=Uxv+oj;_Y$#A7w@WlM0?YpuE%vzG2!df9PHdH%()IZ1@e~%?0m8O zy~gqFgkL8mO?fAOXRQ_a!=@XRKaNF`gKIzX7i*7o{1iE4tlH<2c*f^a9`goENfc*P z_VS3ux8c%fRT=u+RF*zJ88#KxVdIUb!WjZEq{8XXkAw;$Dx?o7kne8bIS=$2-QSm_ zF46rdvGw_~^0Ag^m5`771zoxr)rDeUNmD{VhEJM@v0zY^G*h07lSUMj6ApB~&MNz% zBx4NeUqqU43`N$L%hG328Tu?h`tZiW3y4Sgu6|j_8cM;JpB+|L%d>wx30d67=>Gg# z(GMkb!)3*Npbjy`<9W|$AEs*`xCuh+$<=x30}il6?1`~s*+kjZ-5?qp_#)YgFvfRm z;D+pR`nql~{q`y&JtgG#35@_@IR=YpvOk_%9PF$G`{QwFpfYjUK`zbh_kl?13wKw< zbYc$B;ydOqLCP@sKM>*nv5Hnc@ujZBb`5p-uNME+B({THYiIyAG(=uAmKA(C=q9~7 z-}L|+AbBg5oL0BpL;?&Nt!D58g*?cJ3G5mji-?l3$_DC|)(FbDA-Kpxp@YZ&D40dh zaTMyQfV)A8Z;e=Zi+U@m+mEz<%aRk}0O)&W&UomA4SMbvk})pmJcx3z3#KM^cl%L9 z-pg$8Q9o&l^OKH8xXzEwKTGez%{@#14!PD{Bv&A-_#ho+95jFgOGr*{mt5|Fzl^sh z5e(U9oSbKCif-olj3;Dx)aXPuCnH0S)M2@bei`UXI?pzRht4D~Hgeo}VgCo<4A9=|8%I7Mkd+M7v7ke9N~?l*^{xXen%N(oF{RzLFY zhG07+TRC&PVg9H-_yEFyXzME|UQ9C}ron7WvmFR@`6-SeOYmr>J=;uc9#W@njZkO6 z9XJ#Zmu?pZ40e&>z+vWO+XH{{iNv>u2?0wE6Aq+iURdSN5jyXs0Exqh!~}sRUa;US zeYH$cBIRZe6fs3M{y340onPVXV`9?iVGwMc2l*=WOpl6~>@%*VFgnA31K3-y94*?2-5E|n7 zTO;3gR8B@j<+H54J&iyk`dlV$IJuG(VDwfXv}>h31TGW>PVntOnc0Xu%#vS)>6gP{ z*cZ4qz^(`mEi@W+5fz`w@vI z9B70iPIs!EX`$q*(rmdo{JYbI?%X2D&1&-2S=(wAPnIYdufJ0;KGcTOSOLme=4;K59gNMdoMc zI7*0`Z8-s-*lLM?BWSm2G{aK{_~Ln*{U5}xLXXFTLLR4(K_2J??63?~^Z>rnD{Ewl zZc4HLJgB|*YX6P?h)wyHpdR{r=RPiK3>KcF!wUKyS_tp?(qbUkekdOQ)`fYR((ys9 zEkHY9J`L@}LSy5FAQdQFEZ_EgW&!STKhNWSR228$YpdSR`@>__KsnqoKw9WnNPzK& zw9nj?CkL|P2PD6WLfy&8;O%GB(FVl(Pzy}pEKp<`0~nlZU@sAFU_54T^fVmIw+j~= z`%uL@nURi5ETRPs#`!nQ{^NQR?++Xd5I`a9|KDQ$*SJY36lD4t%1@p5U*$|34Cr2Z z=|cgnNQi-8Cm05Ft*^Ub7EOexULIb{rsm*xo>{5vyk^C%FSTsKQs+hW@>x^-&+MS* zZkV~=Wj1`;X1>V-Cb=eLe%l(|)a^AXoB5>A{GrdxPqmp#edc_hS@T(&+3qtJ`pmA+ z+03-heEP2%|4H56@dcZCw$Hr5*PJ!OW=@q%cG*j|Fu0i=wez<#s4u9~x|3Z@h6MW1 zj@;@W`Q~K}2+zQbQa^(Z1IuVO%`aBMrP&6Vps(AsjJIZ?-T2O|FS|3#&Su$Xlue8f zVKv$l_vMipfqpl2BxfvlipL-^E7YSedcd)C2G+0B_+l)G+}sto`Pj0$AV&hZmSkp`B`^2yIg{ww=D<6LHT(Loq*7i zdw%{MN-X5(1%&fH`FYpjAwNHZC)WqzXT41Om7k}w`{d{6iAfoL&Ry3Xs_$D%=M%v1nrD$b)*UG`#N;{;W z9ctXR(r#N>Agz?`K~-T7nhE>XQMLzheF)c%3orCHD6iE!i1rELg*~*?rg#w$2<0Cl}QVGkcL~%&v%r zrrO|&was2P;Ssa#k@AT=c=-#U6j6~Hw+9LrvsiqA-g9al>{MH0&$PDWTJyI_Ty?rC z-E#o1M4kwL_X)^{yd%D&^^-|>v1s3*r)4rGv=q-^nU%eTfPr9Z4Ppv4po6C zVzPq+-l!lZ*RAK;q;UIlf}Y#qu?Nw+g!L2!bQwbgC|nWgj{ z@Z>sxVbB-EWb@NwHH0qvY7NOjjYX`13Obi}g9er;*@r2Ko|OYz5XQY#=`pU1Y_l79RWl6 z%}2AWeX85}&3m#P>j4hOzj><@FkW*0%?W+z89Zb_$VW#z65!vwt9HzQFnLo84U7&k zycQqrzahkh0+I7c>u%o^h^B}wuM^A@&{}|JeVT8w?x|WAZHk8IK`Y#Rw>y%%lPgKc zTyiCx^&ZZ7tF&;BRTfCEqAa=TxahA(NE7$848}f#{WllJ_K|?tKFJp}v%ENEvM_D1 zFl`>*4{4Cmz{XBM1l3=_t`pdOM(cD!ZQ|`wvtfy4PziqzYy~YmjBqx1paG zYaysIpoAvA<(d$rkx7B+18iA2;nbanozDRw17?B<;1morP zudI7@X?Z=Vq`cZox(1ckZ3u7#^14JxhJJ?fx(6b;BCo&jnX*5<)5_~KO)iwz<8PPl z^_ms`jLPeyH>00_kSa}9UK`A^kJ~0Nnb7efw}EDAEodu%on{7cfdE4OT3sEKiM&Bl zO3?Y9d4Ztc924~Gp#DU3vdMOU?=`2vrr}3B1%2*nvYUb)u4uVI?onyC!-ameF zDM8etTh_#NpOi67Z{h1z$$4Oyu@XDP>`4Z0`9Kxc$s0Yf!}1b)I!=3*2U9fmWL+Yg z0424Dt-0)5h&rck|DBDqq2DXaPvAl8(l$ZA)eF>VH&8*y#$NbQjG~CpZVNTs0n@f<)Tuew<|(je?<_zz0$2HD^+Z%9l=P zdFOJvX(hPuABhZv_9?H_`~ zBR4vhRd8ZEuBSr;j_15sN(c7+CDO}-E6p;l4CBIbDM4q$dS9LO1`RP1i34U?zy zr)2{Xt4Q2h-BFo-t9D-UUx^k=Yn$Fl!hxJujKg06<%@ra#qCtqf`Om9Z32&uCI8i$ z{1W6WV*SYx2owf!$GJB@wP#ecUW4kh=doi=S?u~twAKX67 z{kq?PJ%Z*Ed|+d`n+?#RF0^RVlw{|vb0|xZ0eoSo*h+Ba|9nIx+ykCe&5P;D&f~4! z`iVabeow7V?bj0)$=b;}gKrH$CB6^#w|8UBD!p>fDU-i4`SiFsi}}<2P>Jjh9l5;x zEn&2Jz!P)@dlBq2sEu8mgLYFjV{(gWO;ceR>aW5xF zpH-fy0hx)r_R^CulT!7xPhnoJst0x^i(AgHk*kG)NE!RQ_KeTFd^4KB+fcVoT>4+J zv^V7OJQ~liV(jHSUZD0G=UtcX7A@5EG8?#zgG^P9sLu>Ot^MAYKN-5A9b`AKo~e84 z@7r7Ma?QiSn&3n&#*dED#jj;?dlN>*({EAPa!kVpxo92;jqMwlQ79&W2>XfMZP@j& zCb)s_=NP41KMIaVK|4E*J0tz57UPCYRq3MH9_`7Wa(X=Mk->yoCo}BKep-T^SyWW= zD%ql{GrD@LI#@NeKk5kHk$$O}mcgX`%EQQ%>fGmEyla<++qT*A^UA+BE!E;BedZ#989s6^;kz>y;Q6mqG#n4|}OGC6CGZIW{LweRnBt z4`$zm*Ulau)~E-bouC!w>+bqND@SSU$CU0?YiUl43IV+=abPgqULYXb%dsMe;oH!l z!PPDZ(lRa91%IwHk-0;qg?GE*iMTaN%r0O*9bgs#mqoyZo(=4JH|YDH_rOhzak1_Q zsbzUA5Q;$7^6F78-E?zh;&QH}=NfNL2bIWO#BD5<#A}hJ;VdCEck)KNv}x}gQ&>%l zap+0~< z!pR-Tp!8Ux?T0TV+U~x_&8)FpYjim(ak?kfIB^4y1KdK#?pZjykdxXWYbuqgPWJeP zJ#$|Vp^(K3QDtGA#XG-iS$u%Ui~``1xTyXU)`Mg0w%sw|;NO3c~CU)78VuI?IE>*H;7Xor4R{`dOFOW1Y)(L_^ zO{crwgX@rOT#z=~Cobcj7NEa?_H2RJGr7X9cn53v?wQ}gy7N}<-LvBXMYgRK*DJB} zb$4ISO0n(D!ri=Z_F}kRNz{a``Ye^s7=?_w?}lrs!)kC}*C0qif2$(+tHP#R85>EN z$1#%Na)TyVtKis5kCBl?{zfd1O8*Cf+~GyY(FCJ?E)d;g_TmR+{s`Uu9@XfxICpD7 z0lz<_*3Z{l?C%l}&V1s~`O;TIMHMY^=!mWj-v$SW4G5+mWL(QYLCgO11#RXz2C7|!^X ziLaaiehv5m8VP!R7}m~_5HKP$;=4vR!Mm&61n;iaVUB9Y^mdw> zT+YSc$vZ!Y?v`2uN7%_v?HL6#pSm7>pRQ(iz%1Z;j17f* z?@0QIq2`X4>Pm`uRPa9K)b#l(nxF@-OE?E#92WNTJpDwF;ilU){$R#yJH`%O$RyQ> zF*P@$ec5X=J8wpDg$z(48=iiH8A|XMRR<(K$1t59^OJ|f?d>gI+nFGx<;=zaVkH2G z37|O4y3C`;*aX$0%~*3^5OVZcl={pp;tdFLj8^K%tqCg`hq3*Ydw9{;yO$Jg*9rs` z&b5Z{giUl;hk|*C-sOIOJOnFh<)EBOv(3O6xZeH@4#Qd;^lHkb1b%@VC)0%w7%SH;# zeKWc4LkN}t@aV*?qtiiMWsmMaK*}%$IcNgk*lFyzFegyS?Zbrdy%pUr9_5efUnrAF zJSMMh5c%fSJNQvyPQM1@>IG0z2xgh_nCKx!xhWkK4`7N2?jvFboWj*jpUHu_b85~5 zEW70tkCCcasCCicn`nACbkt}`!o3ieP`@j_o?yC>0x(x8Dcn-f-v(YtU^Dq%M9q83CPc#&Wr!SfDkp{W(a)qN+|a zP^^*IMkp6H%>U@fRLrC0RLrBT$w$2yeS*!40U55qXqX?}I{FvN{s0&4Sc!=)kNJ3F z1IM@S$2QViHdo3;C|WJw|1SE|ybNtIKGHz?$2-Nnw+2_3vx7$Z*wI6}UC!H)_Gd?k_jRy2vG zbU*i2i*=Hi20BYW9qE~dx(7w;4#!OjrN)U4yV#1+077N&Or`I{D&ma%JSL2w^9yzE zn7@Z{BaV9dBXJO!JtWDScAmDSX{X&Wcl|G<=65pff`78?OvlV^YV8$&XNK^=Q`D5P zY`u6O+Axl`TyVxucY;->AbfSq;vzE={e=2D_>c4_Hx1CHi?Nd zeuIZmf%bdi?Hh4XqpPd0%LA}Yy1M#n92yJM>p`mveFPE?sRJl= z03{9D$MNuA&Lb1HjUiUA(?=n-JipyC`1K>RkJp#8kJq;*uit3<7>e`JiI$@UUEisW z*daraOrIC)@Gc9`;VsZ%-`C*`I$zik=DLv)=DKo(xvn*N-3LOLdQ&;+ZQAm7$Ur+} z;QbQlKbM0*&kA+1*>!${09}NE-fj*#8Xsv{pm-n95nQh@*AjZ#i<(?K)q(xei_9lp zp~Y{6XcrEnMKRuj)7BZF^>6H7Mt?SS`}t1c?2qNFP)8Py#+Xo~S0a*G(!YZHtMj`O zVL}>!5*JEcfaHP`ka-XbjPHU4`dcyXUC^;!Xc3-X{r$D>^eVkxb`S)CVs|%3 z*&BP1!r_4bbPrXjc&wW_X&<6<%9jK*m#M1ZjEQ%D29ktq^jEmLdu23%tGlBTm*!$= zZ?W8^^pe7gaDh102ovB1eZwUHU-X9B9e>q38;?9DOZZeCp79&IZE1Ci9-tpjTZySK zer~YOzZ2e^>E=gJ@|dN$mkXr;{0Gjb{r&T?{c_XEUwfaEUyyPvIgHvt(Nl{@Y~@y4 zjoI5yNUTg8FIVwx7$#sXbEYykg-jqVes0S}c4x90uDKd7)l+q*>MxKH`l!EgW#yWz z7Bx03>o<1Vs`Xm6!L0hTtxB`0nX)dO$8Y>cftotbZVr=Bv!shjq@d9>!@WOFD)a55 z8NJyRSi<|Z1G}Sw&5Q7?6yeFRSNIPEM*@Urax}pT&l#~a2oD5mS}bk72oy&|a6bOA zcy-vnor2fzB?Ez|+>B1a>&csJcbhaPZ@4Q3zNdEAb)C<$t-&H6>hZ-!#0*Tkt9cx2 zIws=W)bN7uFF^0aE>b~*9FEx87U~p#KZVLuWO{&gk?4@L9R_oBe8dKC%T(!`TV)t* z$}t)x{SXqK04+k*akLm?!;cDgzct6gQ22cnaDfv@>&C_hfKxp+K~R8GNIbV6wBUWZ zbhw7>n6@X~qxUmp1N8)4m?M6<55gSSZEy(s9OP^{5OO?_ma!xQpciuv5!<^!8KF1U zK;>;<=*G`R(|B_bXPjXnRiJ*41}pMahzrHFe`Sw8@S+gl2zFU z%|m~*L*c`UEk|>gRB)r4%JRz}#YQh4-^3{;89@tOwKe}AdEXu%XHoT^(iBoCZo~>f zQ3ABka!o;@P>>Y5x@e+B2~-rR6a7|nbitGZb8NVzTb0Z=DF-{n)3Sl{qyVR)6MhDoH=vm%sFSyoVh$`sRfTJ z-Ql|W8z|jbuE_t8IUp<0pIa0OER=9+00=S9;~jtY`;}baO!9bxMj8gBD1+~n;~OCc1E`3>0E#jgK*bCm0KFjwgWjeAVeq$qY8m_s?TG;} zcrlv6zf0sV89Y=Y3`R!N5@GNWuGr;4v36T*5xQc)yrAczk=V3Iid4EHKI*pZ2I`Wk zQU50g5B5^Bop0rAsrI z&sU-481L(Fu#7Gt-txWp3ptX(6q)Y!!73N`wgKnC{}mEiTMx8wh> z?N4v6cQTM|+GIswC$I~T^p3*g)bVOs&=nOBdT5FS3+%Wy05>i+u31xL4Q$J%io}9< zoz0N%w+~dbC!cmV9XAdjFnej$sP^PjZcDvQ8Y@YmdUSvFQys~tP`)Giw4X(BG*7oY zkC?NLlRT{Wy!j(fuYlm*YgNWmNux3 zvvg*PpL^$c`nmlGz)wr|Cl)e9Q@l^0#LgF<0T5ROLkzi&xPw%IytipYbHa==m!+G(nh&6UfOuCvMfP`IqudoXFB~C8<=ez zXy80Rm>#Wz+OOk+?F)?Up}xSVAMJ}ck-uhNsLikjra#tk>qJmAEUXMScp zIoJVn@h~v-f!Eh4XrJ;Dqb}Ny63WZ5?v=be3->!<5gt32xd-z)u9+krN0gC~8!c1<3CrR*~u?;=f^e6+bQ1%As zm>Gl01^GVODQpIZzFgy@y1O7R{Q{_p0?kSAC243X-t^<#j~0$9UtH;+>k(k>53pW9 z)Z-v2BB8<;S|aQLm$O2s5D2&>e1VlAz*iKeNqsF`gIQ;4e=P<83?;Xn90(lOCGq)p zq5phDjv=2+R~h33C>D?K^2PC`ym*ZZ#LFt7LEpwk6#1T$ijb8-*vgO$LhPe57?-dg zsbru(u=gXmNn{J#M_LBWr_klx?%wh!Mvr+4hOV=G`?$1l?P$+Bw@%Nd7iL;;6~-N0 zVHL(9KxiL87zaMUT6(xGvT^O`#z%3gXu+8w00`k)2q9N-Ay($49W@4gQ_m;1Oc<4T zs0V^9JC@r*!lhzBY^WwA1}lKqc241Ect)iMB-i4wv!f-7ITAf^p%+x4J2FFt5nrShdFp?0EAq5fN?)n+1O}Fur)qr9sVnq7rzZf6qYM*! zBrS6cNXRT~`axH7Ob{DmF)ga6hot&}FQ-7wVEk@IoYu+N~`HL#7M z7=$)88BtQSSvY`P+k8CH-uk9ICI#Joj8}2BF}UGo{~TSw4ZKpFCcC%X)b1D29@EqQ zw(M)lShpQ;a`=hs-K*G^?oDukQY$vP#^3h@_OQwzB8Lz~#s0eQKerT)71Wgzr^>ah zj7VKt1M;&#53Lzh6c@337tQ znM~1G^OTi2j4T~MS+hoqk&eN- z0mcPR6+Y&ct(;)4WL>h59kZXc5q!#089zfbhNf#AY@(E7R5GM~^^~55>{AWd$MHn~ z5^Qu7<~iJ8KB)1QT#{Tt3+&9un(YRhjI*CN!IX3{k!T-B54`*klTW167ZU~P`iqqc z$eS^rL=YFbi;=4~9LD$OU?(zrkluszNM!XCU@J^#Rows1gF)pW4`RJof>Y6ISxm87 z4Tn)`geWYl#PpRJ`C!Vek-GXU4a$4sMPnV z4y+nu0$LQHW#}-qV)UAm$vxcv<dtA0wDg(X*a-Amdi8b~p6TQz4lL-P^W3o)h zH7-hxB1JV}@MI6Rv(B_c1wBH6m&T0)-9b~g=Nq!XNWU54Udm^(3moWzgiMr7$k&4~ zr>RwYI{`Ty3lCnZK8G<0#C4(EvXB^Xq$kZv(N`7IvecZp5CWcl!^+y^zSQJ(c!K3g z_B0^6#=kRiIMga_t*=R~m}aYlEuMgHe7x5R(V+SOkv&ngtnj%J<8H{MfV0u!1iqh^ z!p8|aWNUa@f#=HKoB~MBWX)M6@JJ(c)}`Z1X^iaERBdX-R|BecD}zl~nVB&Rd4jAe zwPJRF?D6>}SoWE%Oq5Gbb9cq;qb#D28q`NX!k3PmQyM_ z0Vv%UeW?|vuWv$C(g(l4s<@%5>220pl)#c}L<@fqkn%ksvDT<$cdd9RfNch>$T6i= zKU~7UQ`zx2<1dbr2=cr-^Zb?8rZLXVUTUt(HQj4I#*srO>UK7dthxDIQ#GQ=sz1Pl zSxAK#yMHrH)NBa6`I00jmx;3oZB_SML|~Rwl1-%or>unw)wLEADp_XgFq4nv-^{5z z>2ud=wDo8uJ+1T3VT%$A?h6tYF`@HLBv>;7OYs#DOHWldSRyKcYa8y~G0}Mfpm6F> zww~RMCND+gXnb~#dHyxp+q#6PEI&^C6Xlq zc%4nfdqv?M{_siKo2#D*Ssp+nVHWK&FIDIDF&c@&ia;8G?APmL1|mOeRaj7_bXf`7 zOQ5@gf_ZIOH()ts0RZs0l}-xd-CNh+36=83(lqLg@X#UFWbLrxm9X&8hVDgz4hDz z>w<%YZ&}p6^|Ogl%43B{{(?yR7s|$-Nr930o2y4UrxGXBr&?E6KupNcYwVg?G~Wg~ zr4&j_DRzS{>;ZP3)}`#qo9#WjkVkg?eaf?`$$xh|voex{`bTo$ z4#cx)wdYii?SFS1`Q*CItMQmPuB9GxWg)CHDVZ?3fYbRPI`FSLO&D0z|2(S zYuG%Tf20T)%h!}HU*iGj?CVaQFoH{KJwRP)fI1HVdsYfVy$6_A8i3=OYy#<81oi+% z1NvbymNUnL$@IA-7;`+>e7uy##vBjUUKWfw3I_M45-%hZF&2CtoYKHIsF(Q~#D&ke zJc;Hwq~Aj*t&tA@Er}prkltL&@nO{x)-rx#Eu%V+QadurkhbbIC)(fQ^u>7#CragV z|33?xpUxEm3=Xr*lq{^a`4fnEv}7^0St-PwXguvwStG4rOc%mLF_NprG``cixu3{D zB0nMNmXtbqCVoXVt3906cD5|SJE=AM;@zAG4U&P5{vf{fT8|2m30+&sn@a&(N7#RS z=j|=M^2tkxxabChovF^72$bsVWHHl3LzQexx3r-f_XeC-`R#sbg8)}|1u9>MF2dJB zS=3!unwDEiQTi&;B)P*B9|6M6k`gq^NkR_uhxAZ&;u=~QU&XGjiak*Ut~(Wq{)n!I z{-cI1h1F_7dQhcajoMseAAvBt#vB25VAD|I;URPHMQ?BUMmD)7)hXW7fOs`#-`y>% zt`inG;&v=S+#cnKyZYgPxKD?Olk11kH|2=C4g9ynC6u`9LEIt;!hjwek~K5X#l9IZ zPe4%cjqP+xJ7j-1NmYhCD~)XDxbSmyxL9gmC%3Xls|pu!pL|-1pfgl?6v20apm08A zh4%5kK?`WeLkaRQo;|FoH!~INe)QB+D$JV~fNFQgPiGyHxgYM@Zwf&fzC-yQTa3UH zZu;pu$o3$JAclg>M7mP3)MHq<>#|ttev-N@mMR9e>vz%ARPH9Cw}N8^9}Fb&PDov^ z-r)`P%EKQ)Af#~t;t!lPen+i)9usB=WUDj+%XanSA&r%ZYa#;grSZEV^v4oGC+{;2 z;m&;mP6^)U%p7kXxKIoOa8^V7dSo4Yt?l+2@G>HkKL-Kkdbq=)zPvhsct9KkG8Z8Z zs#2P`Hy;Sv{sR{2M>!dN@YV`f}x~{I_vW=sY27^Z7LKH?i+^(bWWIl?KJUs-D>p;ADllHT< z)@nA~{|`)fIRV=N`5+bYyQOd#o`nFc8zl4amNr#ZM7^cFdQ0!2PlSmD8bx_x>|EB# zgYm6(b1jAmjvuMc%pkvClg$|Z$?2cYPD#Wx?wBoz7$iD(SA7`tlaguEXC^XjLKSSo zJ@}eKHnRyBD4-G-j-kTLB^m(FOIfLI9ouH7(VZ(6Jta=0(EilwfTp z9#EQ7hUv5XX`vHmbyQgbcx*^&kst^3Wr7qKzT)Ep7%7J9E!6)~_CR1Q!wQc>XxAlQ zE8PJ07(|%7rY|}lSe-xG?Bo$JgJ>*$3r@ymUi=FNOJQ?U-H%wYSiy9YKi95TT?l!% z-$n{94g!jvF@g#`p6IT!Cx!1yEI|Fh$3#e;9utn7U*YuP+~lSm^}=`oGj-TdW8Z-n z?S&-&H#)-OIXIEI%i?taKCdpZz)GyE^SXUTSO>r?t*!xgmTW-eoQZnZWTK^%-+PjK zCu7YTs&&4p#deB&mO0}!|zwphK!XvFz@I{-r;v=m8?6=i5T}6N_|gP zMeDPj^}Uj9{a#1%d%iyHtUNj^?`mOZT!o`FMLr@^;^@a(v_rX}H;m zi@(XYG9^TVIbLd>(4ygiKG4&T_kP@lNASO&x$K89;}l2%+%WQzglKF5<+kr8t4aVoo5jm=j1W!HHWt zlDCeC6N^A2NF8QYDVwXwi2>!rfqx8hg5?WWLZehRpLViIH`e?fBZQ1c7X`984jeGT zJC!OFttcFaUl~o10X=s|;uib1g_VDCM{;qzZBfJH2Q#d`aU^4iC@ho9@V*Rmbm4DT zAd|QFo^XkfNhI2yaEXvfB-);EiI7Po+MYn7m&sc?lDEXE?Xoi2wT&`Kx6;lRd!LQ_P8*OK}2;#hgH5F(;5%f)h7)ByS!OCq^KX zq??@RQBEw*hdCiK`6m%M4&fV}Ok#woFpaNRnfyE6fQ6DX*2-i^^ltJ^2#elL9m$*G zO^AygB+W0qlu)brs1`EmoB01|32xBpi_u}_g;|T?L5!nJr&SOWN;;xf2>7gk6Ix;ZHpd2};SV&6jV$|vNk;Q&zYOgcf?sQQ z+PDany+F}kg9V!qUueR1aHW>_0ZsW0Cnjz@bKz_Zqgx6X=?G`KPhWw3TtjDAznEsf zH@N}76@?2N$aFlcxEqME%>HjSC%GZrvH_Et&nm=#8Q|V$T}0hq(%@Q2)K(X-e6%y4 z%4yU#Z`a*iyeSmX#(32^m!E3tGbaL9m1?eCwW{5 zbNgB`X-XC!E?Kk$>q6#W+c-(soBtcZqJJ7(DVDFXw+yfofw z8U}VtuKpZlWf+M+e-tgx$$}4(TUj%>EuH2SQix%O_rkdK8tx4hp9yngoforw7dw%s zqAdYf^=if|!Z08pvcIsnJUbAlb2y8&wWEde=WFdCBx%C?1xH$*Lp^c6-}2%#6_+%3Yf%Xk{s?1h89*>aDLq zi`n_0L5_oz0In7P0+(^t*9vebu+a8CHP#|cPrb6w!py<9_ z-R^-cZI}EL_a)3 zw*kU7pbmW4yBHhS_I!Oc>V2&mJD^@1)~sZ^XaHc5k*Os}n;J$|OW4SEWn*ulTKMkUCac0&T_!~86`RNMp=HItKgm6l?7i2Rd6ZF%AO{f zR(hhYa%FyL%X}1NWE0T_Q-3lZ8#l_?-pW0^~JP7@aYf%iNI``Sqn+9;}_c@>x3aq3}!ryf>a?#etek}`Re0XxVcFb1xe z9w(XM-!GOqhM`1_&rB&Xj>LnZzu-Qc=n8;*hq5zOa0JCpO05e&E1pvUd z1MwuTO&cHFdPp7nkM}>?<0Uh=BWzo`^Zy>%R?$ievvh|{4D@dOSQNoZyUs0R81kwP zx@r^q5X4^h?`h|bjRVKP^GDYTKC zPM;&kIl_f5lq|Og>y|e}4F-UHAco@v#epoUgcW?e$w4YHU7QZCdp#IjcXPGorh=@2 zRIbh(@g=J`^^gdmRgY~Tv$@9X?sC-);{0z?pnhCI*Eu9EB=i+Fg)01!BDKZT*x@dY z)FjpoX&Y=E<&2{^c)=JxDKN1U@kDUk$4gU`Nk(5_>oWBe}=oE4u zZ#{V8KYi;%so-rxn3OY5--1sGx)9WPs}6LNDIV51|pY;i+b@o*mu~Aa<5spxY1d7wmO)14ezs-uU^H zor0+h)0Yg$bn^<*;pbJHSX33+Jc8PJ6=3TbWDzEomMsG7yo$g&uL@0-+{Yeu9NHB! z0ybE->PU5g)1$EFSwYq#YP|NU;Z+PLpB7L*8_9>JN(`=qMjB)V6BXp8kSW?xVj4nN zFVBP>b{Zl8L>8G^MOr7IO* z3eE2r06 z$B;ISI4}G;&?982i?C4Dp3$PzM3F8*(;5fblTReloW`3V{+}nNw7EDPJR~-;$}qGI_$bBA_&*QA_CfvnVx7DFJKXZOR|qBF;887 zCaSyjop;0Yu4uflb#o6XDhhjAbu1%<|7IE8DT^mQ&IYgLv2*1)c%0I+oZa=WH&Q>z z_GL3CAt^hQ&B#7lv^m#K9n3zSUUO__eYP)=T9aLq{zK2?XX@LZT0OLVYH=#J;4$K< zZ~uEL@e>?p(N{Fss5-+|$tc(PAi)|sW!EnEz+LlMnY4E{AX(<^6Ht?MWG=%rPTjdf zN0MwHMt1S98jDo!+@E$X$6#3AM-~LGn|22#7>C2PwCrqM+XJxZ{-)N=gGk#}elB2{ z&Xu*GuNwv$6Q%#LJ`DmZGg2^InrZqzgVtsC09?R|ROf>%n3{7F)3GD(j{;PKm-I^h zLS)DU-@s+gU;1?p!GR1x(4u%`s&y?}5|1ypZmy$c3CRnV3q&)Ez4A018nMEL+2Up5vKu|{kSMM!t6NstUC+sYQ{$E<^pGL9ky-HM?rHu+G`F5MvjneUnhON z$wkQFR?j7FbN9yp)tg)jQx&fH1is>AHD@zi`@>?x5=2=RnQxzO%LWZwgS7*6;9|}*j+u{giEBzB zniEF!wBt}q2+^e$k&;aH64w}gNc5cQ*lOTM-}Grloi=iZ`i@C%vy~Cy8`;#M5~&ie z5P{ZzQ^@ULL1W_X^cKk|#(Hdk^??~ttdJLtn*!_77*|1 znFoqx>~Ui_#lf6mQ|%OWZp_5l#8?@$f z5RRIy<;H{veY6f|c%L^ffeZ;=HlmDY$p;;hqktqRXmX&GuMrO}^yWgXJ4trGN!jFrpm8wbf@Dt90$A|9BwN3J(D|t_Z@lgP_%#vUoR1Pw-oO{5 zRsT2RZd|%(d`p;tWVk=*)NH5Wnkv6Y{5kR8GJJ;z{#Y$U5=Rw$fJWs|x%5z3&T+yI&pt<{zL2FsD1xiRTI z>MF2@TzUf+p&o=p&GBh%M>^)`Y})8V+kIH0De%Yl07suxmE~_!z~AjaMU1~!9Xl+4 zmq@l1zy=WHmD3C09q9;vUqy*%OQUaA9M8viCEV`j#(Aro89ES%kuvy)hE^1+(JF|a zyeBd-&28ICO^(BrsLJ;Td=N~p^@bWJun~5h9b{$-z1HW3NKQQ&_3`95k?I&lvCIHj{$!sqEwVWlZsV83&wnx%1eA!R3hvmzJ)(Btb zqC}Jv(KpMNw`r-V=E=cr;R{z)tt5hZF-iQ#(Zg5mB=IsJ5lQsoXk!w~M~L7^hd^3z z1Kzyxi;;Bp2r<4QCLioL9A`{`j9kj(#ROrk^P3b2%09JEQ( zz>hQHX;FSC9Qd(U49@anA12EW87t&`{;O7n)^~3pfXxU^bMNa_e-U2NX-5WD zMdq_ChwFXpggE3+9R|pC$yXdIbN^J(ytPU3Qvx)CN%3P>j9^ln*we<-%eFUUMMLck zIX(Xcf}9l%wRe(jZ^(f<9+2Vo{_=F_>qsQTo+0H36e1}?llvzBTs^Vx?mRpx&}a@nDn5FN9RNFcq~6;Xh@*0 zd2(f56k%KN02W1$f^o zPZtPKz>~5(P0uUI(+$|<`u~EbF?p?q;Sa~_qB4j{>6XILoa3qtx|rH)hv_(zc(}e! zcA-s0F9supZZW$IqUpi|UC94NZ-!#HV@0pXr)*7QtTnzh?YPqAwzK6VoCxcm?jllb z73a9&Cm=q=u*W4qh~YAs<+8{!z(N%dMgW|Cpr^lh>{%Je!|xA;Ew)qCkhNYLK&%3U z9lFf%c+O_VgLACGYoHkMIX5vK8u&E<;;qf;mHdUYaBGWihMz|@UF_Uhw$}WJ6#;GU zd}%yNIxq5Oov03)`~O5i3Q)uG_y&q=Dy{cyYZsoo4W^yEiH-T(A?fkHKiK=(kuD2eWFvQB6B1?*CzB& zBtZM>lqR+>7_&Vfa{|F2lsw2XT`t2MEEJ*9-^gWl#Ea!qAjo!*%gGpL?v(b$wQ6VU zPnsuJoz=ul&0gnrHvs;$uN6Az=|#T6gzDjv8X!lub(E8g8!?3r*u zsQ&c2Drj6a_#q?2@`I6Qo;(1J=*%z`dN9O4oiaQ?X17DiprpuTAeHN6enU?SN}V`l+WLD+A*>MVn2~s>e$@2Vd^9Pw-SjxrtkKh3|7f8| zDhgIlZ~a3kg_uOZEx}*01kcFsF=0mbqzP5f#A;CAc3{+fuf+RShmSo4D6sKyLHEPQ zuFa7iJR9XGAjQMSDZ&KI_-DLaGQ0 z4Is+#^fh$(cT3b!e|E3z^ zWi|3w^qgy3SnP(XYt!&q;Lc8F+abc-1m@@o4#-H*kt}DvyuV`{U(p2bOk6^=@?{%w zjC@sQ-=ZRg8GubObhhJf!AW~q#O(pL{*QTea=EHF4G@{JkspmmP%OgIV&f65o13w8 z=I2-Zj1w*^N4E`PQr6#_c>uFG;NwgRTOr&OgDoo@$k4KG)4WV6=I$c=$41I}M4RO* zJv%3n0y=89^qXfH`R7_U)!5r4~xf z*c8JHM-Fj!T+3}pO36bA%N9{`0q|P20y)Qzl$@gia;)jK+;%{v@Y4>Xg1mX zXnGz6`E0EBT-hFMA7DB>*SiI%3oq%F{DoLeN2`iG*W1q((*r!>K5j-iq76(>F2nMi zST2$Q7HxY6A0o+0vLc5+CXsd_N6`GR2+fq913aS7aJU9F2sdPwAXF!s+nZU6M@j8m zS;tmHx1W5EF+Es-#rP`?7sFNF0`#k8i&_BUrE1FG&Xvo6D^|^owwgu%n`(%c)yQAZ z6}14`G_e58h6NxC%nijIHklmqrOk=^#=FK%D&7GDT{mY`c+pG0$NA%MFF^#vxeG9E znHa|y?RtlwpAc01h!n)AdZY-4wGf4`qf|jI67w~}hotVq4vMtm4k~%)R<6Y>L>DKo zf$(0tkCX7?b>*B@4D*L`B7%EZ5gn!5!lNWP(Vo##cUCD*{d2dS^%^1>pJ7Qm9SB+tiu#-`vHo7PQRIg{>^o=V&w|<(J6OU zQm0`jpTe#snDBmc_K=JLq)+WI%`IbG8qb`5%Jh?`pY)|v>t^`|P8NnMI~Q}irXI2c zCb+9N^Cku#mhTmBO`kUVG-IEjpB$w$d!tLtwREMrdu%`G)lOsfRu45}Kl;=K|B#nC zb)m*CF{8DKjNMMbJnrr5D!fdKPvi^8qdv; zv>jnRyRdmI#qU04n^5c6bfFHPDv;d5t+BfFW}nQjSeN^V0m{hbDLb~?^au^|fji0Q zkY7(jQM*_dNe4y!a;SV`;exTM%fgET+?cnKjW0AIFU$r@+6!e!)ASOgF{2~H->s7- zbojAX>39+mq>vvL^jzDiATzy^9vW^kuf+>n*HM)drwzOQ){M&D#N5@mL?9|AM$dzwl48V+jtqZ2pC+U9`w=7f2ir>R z*_gop2e{1HwaD03xIBdLkZ>86j9mm1$D;3_+x(Qse}Miipk*ZVPc5dOMc+UDuY`6K zP~r9JvdnWpT2fk=(IMGhS`MMCohzoXwAFDR=Ma#>4d8c3KHrDT90r=V#`Doz*UW#8 zkmqaZ$;zh?yv(rZ`{(&Zfosg+!14Uqay(~7M~1(i=c=I`m`byphMu``L;pUw{h0W< zBvd~-=BBw!kgN9XbV9A>EfMIW+!+Wd4(Ov2nRg*Bq5gNRe+JZ+lsIN|WcV9vJqPIW zt!J*Z-rGsk&8bpY%}UTAbMR8bEi*b~iXNkbp_KA;Fjsrwg3=9t8UQ65&Ww%>e`6KW zTPa^5bAxUVweWrP{dzd9aZQsBgHP}j>PfW4242Rynb9G?p6=7o^i~-$Z^qNsRkL=4 z=6o`p>az&!Rg*;n)!fm4hZW)q2G~;wy-Af;awo(g=k7dNs%bZ(Y0T)5U*EJMcjxEM zzA0k;c+`cc2!huKhqVX(zO=9NCh-kAJ2?Vj;zL8;kdr{jjNA|D#LdX9WN$WfK1hR; zyMr1%BX{ln$%)n1AV|A0{BvQ!h!sb}qUrHzV zE7QL^{cF=txA!}>Zk~-aAD;-0q;eTN99%e$0aIP>)kP32E9=qFFx00dtcnHKFYwkN zh9L4j1c7B_PKdGo6)rKJB{2O&d%F2mnbe9!!F+%B8qCTx)7-HeXF^K>N34FX&w`li zGab{VE&;k1FX@&1g}5DyI*aG}_kBgCOu!?P^a@r4w8328P5AWwXtZeOCpd=;P-B&9 zvUaRP@(3y~jpPtEOqpl5md`743%@0F;0lA*-nH@w$!=Yzk7(K)#Wo6`p#<0DeBOB}>=Vb_*)0Bt)UB0vG zAH=@15ygv@?xioP1yg)x|AZ5jpwGFK>fW4Hr{U5Y!p&%DNzfj)0!OIH-F0nM&J{VoG`O=2n@wm2WsJ{c5$9Q$b|0Uu>c-j7UNSA+L+lZF!y5Mr5MZ7KQ!&(Q;!BF9O=&!{Uy+0vD|H0blL+N=(kFrhr zD3Wjrq2kR;p|ow^Q;ck2EnW|h*KreP$>kzPPn`KLxhDxk%&bjyr#Eo$<_&FIo+)r@ zDfH=06vLF96f600DH*Gz`?fH0)}jtwa7iNf3j~~$kAu~UcR=E?MLK?~1Bkv<=VAn? zD-FP#H%j!5y)TCS0a=o(rDPm~Xr-rO_7T>r&x5Xjp`{x)^YMUl)ENlSY#a~9Ezb2j zTR~Z#lr4yCxsC>UnO_?d+w`yz1AAaQu2Vt0ucC0b=KA*=WACIe4F8?j`GN-FL!GFAh@D1LE)8Wq7cos__VH5unRtmlMOeOfWZdwHRemmRfeaU zNu=HTje9jwLg)tG`etyg8f;SiqG+*;kcHt4a|7>@tw##g)D-?e zt;`7ucp_EmggE`I7kRSxIGb0#xjoBZF3($jF1D&xEr966GI$5It!FP_3F|XQ8|Jb`y2GQIW+tcmZTt+aFRQahcB~_gAJD5&gLl)3}7cHI)nB@3crrvI`|8gAaQ4M zO@qtXRP%YXnK!`&h7M)qBTK>Ig@3@o_Gqjt4UT(Py2O1wq5D2c%pSO03nt^*PKX1-eUi?11ixgVro4^aZ9m$9PS)mPsQU#fIbWE7R>+5BIa5sc?ugdwH`ws` zwG=9Xc!|YW^)ox5n7fVvKU+4NTgJd8a~019N+hOo53-Ofr9X^(bO}Mv!=v;}r`lD= zY^fo{Z;@2{dAvD|W?f|!+N@v8bF6bWdxUTB@%B91@+NL0UNsNIl)I5^oomJbCPkk7 zIl>XSk&J~+u9BB(zDXGrt;E%2vyd)A*<1hB9q}licS3gR971sz6MHAyEX@HEor*(- zQ?p~TOjk4Xfk%H{X$flx#e=eq`~WSrfFjw4+zPcY?sNt1TzKsK#aNOEgY-Fgf+*I9 zJ9=o6+U1D5k8`%#(5 z2?$5rHBH*?jIj*5XP|Up7E$yjy8y_)%lNl9d9S=8j)4o!mzm=z736oiWf_<&g(rrq zu1&Pr5iG(2J8o%Hchr02J-LY13!;r!Brd_&mTh3Hz?NbxGdeQ--5O)@iM{TZoEAI_ zL7{=LF4(=aCWVPGa1bNF=-n1(czo|VxIbJOZ7)T%pqD=q-*!*hdRN5Y zY6$li{Ahc3a&Xtj;OJ%)R(iOfSx41;D+Wgwp|Hrqjd%Eti^0)_Dp>0T`gV74A8~NU z2@YpaTb9uQx3YXO1T`+pUxpxt1}=aX25^(JNaeQwq;g}js}2#Kh!q!=$|di${%~hA z#F6(yU;9^)s0`of71#7xuUPeEqWdDky;LKsA+`}epXwXY?-cR}f{iu^virYL$S(s? z357f#WRBF*32Z5aWJX7ZzgtyEnw~CmL|}S+OS>S!h5J>E)j)l)1l08aNVnVzGxKdL zQRXk761FXY9a{qJK9T8S((D~YQGrP=5mo|FUCHDU$jvf26CM(lB|#qtqT-F*|E3?F z3A$ZI7CYj6dmH*eU`zD_GdeQ-9brG*cT};&)saA*lZ#w-nQRFtx&`_*Ts+vJS}!Ij z%ldRn7r0Jq8e()8w31FY`t-wzj8v=3uQ9kjQT8r#+9g79U*RY%^Z|FP1Vkc(*$)-8 z3qEY0d81Dz2#X;Li&5_^TJ#OwX=PPU&gLt~Xh3fXL#mD>uDXm_=s( zp8tSbw>I6f7S88bMZU;9{;FuUyGC^}TCfy(Xu+iNl#x%17qeIopw59&aOs($RLyq1*h zDnWHUE;K^fzT)0wFBLE0!4-(!0tMCNNB$EJHU zegIq?zz{IZd~KbyfnVoC_!;vxM4G?P9sBMYPK|wFCFd)DjfiV_&PR?F&JNK4_EwnN zv;#&!!*N1GW2_cr zc&yh)3H7icDQQE{(=)?!!bp6B-_ydULZrO%hU`P@20^W`)ph32kRF6i_a;;>78lMn znN)XkEPR@tifHx`0xq#s$Yhh@O^N0rCNfmgi&aRd%#l!2<&dSQaA;6$Hr38>ohZaR z?RThLSF@sWJ)Q?pNX)|%VmF_!4^M`{g8|f4fxrFow*&(&;vgbCa^W#ZK$J%_2|{`8 z`=rogBYbjS4!Wc-<_PtH%AP=8dmQyWNQa5R3S9S0t5_@8RP$ZLYdN9H^pRFpbQL%Y z=>DK*zRWBg6800QQl0cQi&j<#%JgM_s=GA|24t+0gB~mijx*ekjYFuLf()NB?q~GN z$W&&?vWBRz=XQcKA8+VV$c8j@Z!sYVI^2Btwl@@L?+Uk|d_&iS!K9(u(Hb+-HcO0p z)qC3J!e^Bm=q5x{3lKk<=!W1a<7>=y4qit*!Nk#{-^_J6wz~Jr!i^~JY#Wre?I%JQ zKbKJh#p|?hHfTOpUJ=v0=SVVMmLRH8=<5y)QBym<<;{n5HsB1EL>U?#pakLD_H?fZ z!=~reADUPwDrvQ;z-*x{_>oF;l-a?;XQ}mN-J0lNg%EA@d*ZcTe@p1D61er*l=- z_Q6~mRBwwtt!IOSu}C_Pn^Dd=SJLw;Smel7?P<{d68-T0hc zUwT5rPs=K%V~S#j31TQeO#IUq!6I@Q>j})`Z2(M06VPDo5zI@8!C#!`yt$Zb7?eCe z_z(EOUxs2k_&KhnjYf6SX)`fa4$BvAZ%bOXhp3a;`%9XG)6r%8cs6f9)=CA!2qyz#}rt{!o z+*r!K2&;8+-YkvgoCV#rRolYuvhH15;2yyBb=@^!#sL>mx$cVD7PtOd+}=QEFwR9C zFMiz({Q+r?rk~055{^^~_D%eY``9izQimTbR1E|yvl>FTy}X8;6?PoTFnJ)=-5v%* zm8_FSY(SiZZ{dnwVeYV&h~v?XD5`uDBinX`pmKx#*X&z-uwOBS75c$Gc2f1EY?97d+u3CcyT~<{VewOy>`PrM>2z_pn;*2e!yMmVO!r z^Z4#(tldhj_))*w#?JqcRqituu#yNe0X=Xi68l!PEMYP#u$$ zf-WbVx+-0B?ij2}ZxV_&gSFwkZIQ{P`<`ujb8V>q(dprVP5OVvcG~};9WF+~`Px4m z=PMtZ*Qc?3C`ydN%MZU~iuOR0&Z5?tZ z2W5W4oELn~Ubp%(tC{nN&*|ILglD1P9_D=C=R6bSbTa2!pL1AH&qd7nFQ0Qvkn?5c ze97k=ALJa%9Qf+09o-E<&P3*@|4km89OUf89N}?Z3MPlZV{XXpc|)#b{Q^=&o6(Eu zp4Zc6OhUd-5~OXGG|@o>47F~0zp}IJ^!1(#-~TgeQsYQ-<{;+Z>^XQ9A%qs-0V1JA z2-zWVtyG}tzBo3ZT@@6sj}>Q2A70~odoN_iU2YY6he+!q1;1YWYGpKtSUfJeQ z3DVSC*~`Ab=rq$hLZ9-`rvXFTiVuI;xQ1x^%|7&BYliaT}s49)W>S+*9pZRtbBjV57z6ri#T{Ism(cV7P!eNoq z!aexNHga0nrt?&Ji|vrRQPpxVK89R;fR?xEI{+Pa4M5R=6}-3w!FTu3pA6=WBXT`v zdzszxjN4-?=bXq4-PmL8Y8yAi>IkIl{x>UDueV=lz=4MPnrX=miA;~Y%U6le9nH1o zb6?lNzU@cI3C8y_qcvQj&JbPT8E7cAXA#Klo<#!GfycW@&2IIJc3Qp`Ml-$}#^zvK z)+8~cqa$f`c6)hY7c^CCo$AKQYC#M_Wa#ZLyaU%txG|E}{50Ge4GeMGm227Hgq3nJ zBUeAw29npC0&hq4LRl>zd>sycxrgt^Ml+q!tKq=6wd!S089$X#gMF;53%ycj=2pvK zP}5aFz63w(ax!ErIT8p2)e@%eoRABn;3MmQRMt=I26_&fF$ zhuga=;j9CJdi}nG#~qwnjW=oiq;I$BXDi=VqrU+YI@k0jai$XT8*w{1GYFgf+0q(o z@^`l{&g2`q{unUb_Erd`&iz7LS$`xehx~v#Fl)Oup{M=8>d*1ihGXxc^_IGTUUuoW z+Ubu`taQc`ZrAoAZBQ|Z&t=9EF{T>k;fZ|kW;JhZ=QEOzX`OBB$-IpLPx}5!pa{&+Sy6--G*E3k0!`%Hqy9w5G8H6zQyLULK?D>?*_b>`i}bWm z3-gLOGk>jx=1kQe`ycRnne+B~fl+26N*ANn#0|^#6>$Y&*`>ccd z$D=8+fqh{p*Gh*K96@(JvfT(Y$AQZJbf-50mU3Cp2y@{c^i4L)rQZ=K4y}?JIn=`H zMB{Be{vcJ!cxpX_s!|U=i2ulg)utIg97(E>VLk+tlv;JS+XZ#zOLPX^R0H3-;IRo3 z&5hdCf+_P6mS6RdD>8*e7}?Zg7_|SXu0ET~j7YD(@q+ZK3*hkFKROC?T+UUv4ARq# z=YBjJdsj}|t$>jxYoguln0(sr^8;kC)sb=(0^G43fD7%ws3>KhWAf>aunY{kqRzLJfRVcPX?8KIk@Q zoWkIgtT0rHY}ih+lJyd*hTe*gE$f9bS)_v-lDxnCs*L2B3L?VittqdNNXj!MGCU+i z?18UGVkD+j*kp;CAVhgl)}DiDKk#=Vme!}ijQ|ubjk;*yYEr|U)2HYkk!#RcdlGJEs zl-p17vND%SjT-Bz;O^MQ2eqtbVXsBxLr?&M_ugiew@)Rp&z(4787%%*6u1HcrSUxE1%D1!I_(Z+gJ-^~x!LF)h~gC*eX7>Xxny!hx%!Tl0jv{avrm&ksi zTIhd7eyvx5D3To6aaMk+pk!~b3#4O$y)A=okB~UAYe=7-Sr{y=l%C{KG+JX&g)^7m zCqO#-&2(p9t4UAHzJB)|BJ|d7$mBO7!RnWF+=eTEV!ZsIj7V$@g<)+q481F_{J;s4 z7!5neaKNSwn!Y~@9pnZE_Gp8gKU<O`XuQ#5TWA#um6>0Z z=#ME}*l`U$6GbDPb3CpD#&^R#z#PF{^bv8_-*y;_@$@O~UvyQB3RPh?ttI+@`OHc| z|F3xWiF}ejIKoB+cH?(7=1Zu{o<05vy8y_^W*gc-oK!mW4= znt!=u459UDgYfCDc$JX=YR-_le*EmyNG+P|cAp!jjowr-$aljaAsRSV+iHf;9B%kj z>inT&7f(Q6p)KqyOj=}idmUYmkO433h<9ZR!7y)$tuL3dj~C$jY?vT*In*g1D=mQA z`4+DZi7~h2dUZ@-KSrFPrCM4_E^TrQ3>dz*R1=dHDrNV>A!bocXV^|$MaMeW3cKD+ zh)maXUD#FTybsju{ALCT(bfSW=5V|S=aB+{kSmwhaVqazIryM}kaK*}4q;bX_tv%n zi}#1?U>^XX_A$njv9JV|CydGA5$mwgmF)3oUcjCu3dP+UNB9D52ja2({*UK8<3_yy z<1Jrg*!>?LD7*gy%yd4y@Yn6aQC0DKsq^OSUx5R`-VRZ7zcZxYuSxey?^LnL(Op^C zEfM+tQE0zSjMsO(=6M|<>3Sdy7+hZd;`=2)QAC7X6OSX2Jom~yBa>d1=2>2}MVmL^ zo2SB8x_Qz2Lv(#L?n|u3!3DITYKY!oMhCT+4t4Jr>MW=ZVd1sHyzmK30~?U)a&Xe=N1=eKWI&6K2A-DL;Ps%{sKK{#oA<*0Se$>Ye-r)<{c{-p zHAVSHSmhs|-WUJol7DN=nV7|njDOW+Pf7k&_X+>rVFOZK4sP4{cc4Z=x5mHO^miI^ zr@^034oz7fXu;+aa+RpDE(s6dpK4 zF@ZL(qJeiZGL;Jml3m9KByfhnzxDjvfLj|=DSTpOCJv#${*0{u&MuCp(AL7(%f3RK z-*po-e!GPSdfgruG1-M%fS1sizTpcs^l4bq&0t?kh+(yfJg$O+F0U5j#I>HuS38og zwkKcfNWNBn3VNqbT$HxBnP-eNM2avs+&brBd29l)>$pv(XWWh1;QMgw0{7%N*3kIJ;{ESHN%w$YY!lwub@9 zcn8=4z-6PB4a#(U`4|0hULy4!m#A+luG2%VBq@Y87y{$MEAURRW z_SHGjX?s&X)mv`L*F(-?s`x!`fb4b2 zr}vh4DeDy@yvvS3`-TSkKfGfvJ2qqlS^gP-@TSy-?PntTa@ten~ zv+Pspb)&L#pT`yT?c=Kuxu(B^_%&dB!1HchPXP^$&+}##$Cr#w`)wzK3sfSO3}5jP zX*IY&-BlO~N897JC5fi#FHi?9eBvSLo8gM=X`vnMvi>Ad#i$m9*MD$6Qslokxfxt4 z>E;<^;Qk@WCTEn3IC$#(2rT+>4le7W^c5njc#D-NJ*Nsb)%*7%VNn>cNdz8UB>IE% z`Scy^4M^_foWmz~Ooev~2%QDpx3C%IbQrTr#tDrC`tyY&VJd`Ti7khw?M|~^7eWya z_~en`3#WTJhsLUlAzt=NzzdD%{Y=vxaZWSvUcRwbMqFdU)X^lI44#{P8`wE**Vr$>^tbDh3{nFY90wKk0uQw#f}P9@K3ByXc9W#&DcwLulm^P(9EPxySix>o$J;{8HR zR+x1UYGkSWD9N%b7k>huv`M@^(H=XudE}v63K_#f2(j2D#ZA)i*xt?Mf0k1VF4S`^ zU{Hc_WnkV{O2ooWG(WkSb=Z6vItfE^^q49qKX@~C_a{aS?Ed6#;Wkf{X4Y~SS3DvK-czdKS zf9C0vSq8zKr?CD!fsbY`7DBvldV3WMCkJz>dJb->dJU1cO{f&09+v1$KFUARgYb+k z9RTcyP<~sDB{zwud)|XTknL=SN~X>BiEEFMybRyDnl;pC&z$6es$aH2j)jiOU_2WY z1dIo-O2pe)2D=-jYzh+phHadjyY!9N!bS+pygKtPFwq7S?uYglIF+?owdUJXx&Njs zm+YFBeAKzd!RGc{QTM?IU&dwRkQ zRj36YC0CFKnT3GlJ`V3#!Mj1+{tX50F7}gv$k`5{W;6N=*K#%>_k+kCF#*TQ*oGe6 z4?5nSy;4!d8K)e0^INQ$0jUd}*GPk8W4WF&~!x zI7#ZOvGwILe3~ZpCpwQ;3c#{?b@(t3vr@SS9;?M)a~q6`h?{tN^kT(CDFXI_fERwk z$$SK_zW=B^!KbqH`Z#W2z2A5fW{1fsgpwF}{q!+C_9CyNCPDrJPGsSoPHZ zCBU@RJ_Ql9_XkD$l3Z_u|NQ3_SdBYk)~^gI}?g%m4lpHh-TW$c;* z)#*%E41LTsiDv7evfHEfA!U0X_92^TKtHCj$lX?nRLgoz!|gPo?$ETVL>rff3xh(v zY%M}7v3dGANUn4vLrNp!7xqM_qWlWA%NdIem>#16LxpS5n!;7eGsJK*Q@v!0pw|0W z2&Whl6UJjg5v>Ty=iGP@~~{`5Rv))G~BS!2-!NzLff>3?a>|0%jdm5m>E>CIe$ znt(j6Y>!!XL)mc6&prN))mznLizfLdNQ>(HD_Yb{Vl%za~xRsqLTeb+Ln{FwDm|LQ}82^CG-YA;kKsGosxsZkWPjd zp{e4=&<+?CI(MA1h#6ib?*Y^LG-aycyB@ZC_N`b-HTd0mZ)Z7a(IqciH zh|Clq4GL>)%-#vXgT@G<%9jG*RN(v2!sV_8-Yd06eC_U}$BAtM=z_fY=wagRyAjyl z>V-fLEV(~JZT>XbYR=bGn*lyA1)KW?_nNCu+3|z^F8BxxND?gWM76ogVbR;exxFL# zX3^G;6Ydvw^?_Y|VArm~AW(YZYMh#Oe3&e?z*FdMw@osuXGlxjkgqa_P;&R0U+IFS z+0)g}$p=oC(b?C#GI+SN`#Oi|ok_N}77le)*h%8t0kBh!U$0*A9rzxp4cVu? zdwVkr;6E7Q1Dm`uN!d~(qaqFt=H_C5SW_QH%hiT=ycdp>B6IVo!>9{ASL%4EL>=%$ zs6=^lWKW1MA9ShvFjY1p+u3J&EzWYw`nY@#x=FtXy;$Ir)o}Lvv45p6+q4#uw5|r+ zwTAoQmO^U!K}_F_+<&cY$ep#UA=k3BAvd==l{*b`bsFBA0F$hq@~mASemj+YF_rz* zjO>9Eu&7&ZG5E|0wGH@Y-z0vsuP(j_oWfdhiVMawxg0!;%fYj;9Q=p-u^imGmIU+b zeW!)K->3T}hO%I17Mg>vDL{63R^(i59m07ct)FwRfwaOkrnF*$UL>urLw{t1A1^T2 zP$u1lX>4QOa2jLF)ya6>0ULs-VQfa__S?+_en?&T$>`(DxU>+zikd2T@#A*Q z>I_E?*Km82Ye4|}A4l=L2CSMc8elc2jZz4RzK{ld%pnPDz^NY2YrtC*OK1Q_PvQdu z=3;L^vM;6pBCuWsZoryUTm^8SrEGCqt8{OFmTlS&j&5nrWiM!QYQ=qBR&n<|!Wt=D z)c}ndfZc#NHs)8s1;ko0)MxyCVl<#)Ug1z%;cE2>(Y@rQZ{Du1dDFE?Lo@W6!hAP- zAhp5)rk1~8HSdJ3_J>YJ9&)pl6U^IZiWb`@aeK%EYF1F=8_4iNi&qP_Yr zW|MOKjk{E3(_oDmruiPr>Rjy`eB=oY&U><{D*Qz-PCosjBbeNS0#lAi;U@(a`FgaV z3$R_0U7JWDOcL0YqzzMCipFL4l)C8uy-z>-cS1nc98+v5y4B}(y&CNht z%>Ws`^X0Cfz?j)TBip#a-JD>rR)x#53@u=|YpMOaME+`RG%DzTL7sRr|DGmx4$YH0 zT(spaOStn51{ZEYbg}(SrY`A<{tB7axAj3Isda|Ao%6av&qwlk7+n0d}JxEw)vfq}w z1C|2UQb^5hsLy)5qY?|x4r<5z76G~<&p8jdqR+cD)xF3viNU#NV3VlII$z@XrNdTnzwz-#X_Y~5Tf7S3*2F52<|0x7P2 z{Odf85_?DgjL{c_6is}dVmfA0?=LibD(A#bTGAF3n#3z!gfP{cS!$XG5YurnUk143 zGg|veUPc36m5IG9*%Z{WKWag!L_r>87D6RShj*;t<@OTZGo#VnetGMU#CU*<%@`=$!K!px zKX)X&=_?uCMJjl+1@T-U%>y4MzHN8|rMhVv(cQI-?mh}nOhC9OPd4%c#p#yk0sedR zVsGX^(1UU!P$Uqz29WuH?S7c{u}(pf19%&k$h2!78CMZyT$O(X<6f^N)|CqKAhW=@ zaaJ%g$4l*#Z0)%WpQZ^lKE_1;GrY?z#+Vo~F^@nV#Pg#kSqQ}w2_-QmKG+yj7^#gh z`Hs*S6Pq8zn2^cvE)#8xiH{m%vH=?~NQO~%JeWOTZsTb)%9Mt8Ir5H3;OkP|3yTH5 z8YUX|=`91!pkpQ0;ySRO?Z$sM0j8L$XiX=rp#biWNQ!s{H{yvFBh_l zw|L`L;wx{V#_60`6hjH^)MWa5Gw0%Nh5B=ZBM=yQWU%7=V7&W|>|gm3^H6l8OZLcy7nLh+rmPJ!d${e?G% zwiMFB~R; zyy=carY5CUxcQ)|-}hZNrA+qWMx$)p&*V;Ey;j z66|r4=3ugCW}giF(0@|eA55!**_!zjAe6AFpb>PUvoQ_jWZ3+jn=l;<&-y!9cnn4a z+h}x$n^Ow+ng)ux1Ke|yP4g@4ZxkYYPx)ERBbqhH`pv&zM>W5KR0h?!nWa?o>WihS zaZ^rne)(!n3RiOrt2sYXjhkOeHP@D`#!Wm;RZ%r=GGzXCQb_LVSPer)L2KMBQ>v*g zS&f^1n(r&FQsRA0xSI8YsOI}JMmSY*b4{sc`L9Yb&9~;L^407auI3C@!_TS&t#O?w z)qJsJHEt?up8HZ+5$Mt^6@h=^Cd)YOi?v%x@!LN#gGUb#A;;ZL{)wSfg#`s(pUJ!KcHiFGS)^2XMZ^t z8;aZ)=Jdeq52r^4WE=8=Zyvq}%&Dc>E(Rx51owbBfj7V2C5n&nme4(5PGZe3VsH$b zgzf=zB4;{ca2&Wp_kcN>F=xc!7{mzO1Liv292J9ONFsC(nCmsOOAL;Gjr|SI|4&DAJY(K*Hk1==U0B#1* zBuuI#Ee!3>%W^M`!uyR-d^LHNE47X^@c57~SJ2YdEV`v4MA^Hkr+@!IO6eL|h!8aJ`trl8PNg-Lms z8cjII)6bYI(4OZLYBizRCrm(sGNIyG7qzWIk?(kjNm^u{PdHE$uJ8%t1jo3EGXv6$ zG;-X;`4$M&4%(#lAZf@ZEeeu)EUv{tQoT)D5+tQ;($XMlnN3<2By~xW2;M9_PI-I9 zEO6U=Xc3l2u+d8-{nIcas!Q&E0oq6LPaVi;f>3gxNJ6}x0N3anJ#nlgqU8lx2^==8 z-=iLX@nn;IO&ej>tk#C(V`7gZ_1!=~Tc72ORHD4JbT9PSBIkWcJL3A2$OP=ygbMGm z+1~zTF-jID5K(Q0%NJ?CYx@pDOXWoAj?xIVrz~0Tz@&lp!MJ&H=k+Xob>-=ktP#_9 zw$xWSQDmbueJVDVzEieBUwX6lhi|{dFMR8ABrj@OsJvba70boE`j)%v<-{#q@%U7zo2=9jzi&%Jk{XTtAQvG)`X z*@W`JFWx8U2pE7X0P&;oMubAISx`%E`TrsTph~gP%a2E04a4G}r}#M*c>FprSp1i4 z4S#bKf7i@d`>UhvjkRy6QrgD>!q=~(g_C~*4A(w>lOn{wu2i(Xu9>m-S+Vz-(eg3+ zW+{CfMm&8wra1ZE8hx{e#XkfyivH!O@;O!M=ZNX)*WuHmK4NS1?-A{f82@D$ubg-efINP_cm;Wp z^89yxkc`RNj+a7L-8@9gL!{SdV{&`{ieDUr1%+~PN4vXJFl|esUAy2>hMV9_o2ryiK zPm1F2s*Al(jlI`L-ywgpvTyEehf^a126snD^vrB{=8ZqNByT0}3&Wb*bz-rsXG?b2$;4EX8HLVlXwQX>)4zA1cfflpn^r=QM8S zSy*`vWUw|&ylbzeSDdCS7rKk@VW~%51^g#IBWFGl54FxX3fS9UUj{=lNu*!Kz~i7^ zaA+7;FGGU$e@DizpG*CE3VUSyYW#7CUl*cyuO18qebbVg6P=&a7J+?@rel1SFbj`3 zY3v>o4^>t%yrA0c77_MCIbjD7$!e7;{ExJKIL3Q_Yn%Dan=wbu@1vn)DZ?~$ zr#rWWMpYC#$r6wUL+z{UlF6eWHuOmVQa* z?Ay@+q>hdd{WxrI4>xmfNkw5os6?3Z`BTA~hm>p*0zW+XUO=6vncx3X>OKr07kf3l zI-EDZ72m85s0uwSsoQhI)W60&0thSO)Z@7F*f{koLnZP-dwKfV-kFN4TkTRGnLxSY zd2x3m>kXh&RKr)MhoW&gNtm!OTfWm1Bh!&Pk*<%cB8yMV8rn}`W^jaQPq4br+Ha=KRUV*Nn za7SqpuF>SUzMan^_+O&OVX4McBb;RQ4!2C~%-8p)e|LZlThqUiyk75UE8_Ki%qiye zVoi=Wv=zzQ-q5`22!lfMeIfMDCb8a#h9ZUCv{loSi#0t6_uBEYz8#jLWe`^_+2%wB zbp|y(;Z}p%rXZ0zig#QR@ft7ikV3Rz7#U?9UUXPT(!s(i5a9-TWW?`Fl<`t*pfWT< z!H-#4iG45E3laQY4j!CQj?xhkFGu_r1LCc0k^Tb|nm-#NiAl}!AoBk*kHJCFhAr+&s}2AzX1e__ARCU=dp8)%|4 zC>@1b2Dzc*hdhWAaUrAMwAXeB%H*ON|{q>?NaKhgEs=H*xL^Z>1a~!}ZksQp-yKg9O3q7TI zFxllVaV1U>l){5rnY#G)2eTLK=ix@E%w8zuW-qJmWc%5pdGj1^Vx{ThY77zwzyQu- z^1^^Imy!WUEWw<@yb&>{w0{60g+Bt0hwP&>!e1vPDg%}|#%y$C&OoNqY;}18haA}K zjWsV*5uJy?$pZHfV+3AfzQpYpLGOvV15TO$v~FGo{~|GYB!6yNB7ZuU$)8Nm|KaX^;Oi=i_VKid60mxsZ^a;r0gI$iAZXQM>&vb5>Mb-9 z(Q4(N)dB(qtx7c&qAfQUn%<^VuvoQfUq$JwC{;j$LP)VR0g41giGp&~s^>_Rs8xgL z+u!rd%~n8w>}QWqk?1!ar{xQw+@?l!aNR%|72IM$W} zl-sY7@s^0KR*(R|v6A zS`i!Lwaf9Gao@iI{&g{xw$sq%tSISZW$w{oZ45^vEA*%v~_V?Zu9(A~r&UjQ`f9ljh$32it7YGQW6 z;RAS4vb%+lKr8z)b%*o$wfvKjJ0-2^#PO%it`f5VhD+ z0|J4c%_D>a**^t1ig1HLc&-)N2PO#6pBaQfUby8rTPW|hrTje3&(H&M6;kji*I?M-0t{*Z#ig!LehHdQ!?5yn zXp$O(@-Z5=z)FGXRH)6gxW0wI7P#uxvHUYW$v+Am<;%# zL};7G4quLd)oj_+N)=KpJxl~UP8FK_SW9(k_BqCmqw_5F9^{- z6@(gykj)iH(=TI-hD`i94cY*j8e~ExIKEQ*gU|<@E6GGZojWh0K-`MIvi?Z9ZNA3F zm=82~uiS3f17!7@E06|gW$_Kk*jj2S36It)T&?+N=9>dvLb^{zA%O?VK8hPGEAwCG zfS5JMCTtBX0ahCLcL(&kcKjSXu?&nn@pQ{)|I#ydmAxP;F8GQ!? zm2ZDIclRUXY!A$kO6g-p!Z+A5xRLYcb@~3L@6#WLt73TzlUtQdm3n^n;1RLAdoS|4 z2anX)Js95}A%9ifr=nnG4N3ac?$R^Q8=XoxfrHstyGJR9> zLvK5gD=7nbFmff)c|VdJwQ3ERS0KNFTNTtwLYqQp-|)o38?iJ`z#&Kv=AwFdy+3HL z{tJ4|Yls=I7?k-aJ5X`|W_q&yZgV`4MJeZ|+a>;G-ylB$l3^!70 z=UYqRwI@FbZ;W+frrf!w%1;z5zIW}mM(yLL+@k}c+;=%fT7lUa@Kmp*KW&eXFM6!$ zl$5%qI!wFrgs-^@c7zz{)s)ue33|cbB=L$kS}}UZi&3?oh7&{0^F8-Ozxp`Ts9y1K zkhV33+l_#yjC;6qK^QT#Dk8F6JhAQ{SMY@PG<}jS+E9`w=Th-F#eNW^9(}^qevT)& zl;86N$&M#X7M=vEN2I!{C?9F5-z6x=#2v?ZF@uXFgDGV;gN1gh{Fbt<=si-vM@i75 zHH(D+o{`wKOEVGx$Vl`q!N@4V$R5mubhkB&V01+ZMk?D;R~RW63aCM}sYE~*9b@VD zan3Uigj(zAly?8D!oWGvrim5N9RrsXHB!JK2F%B6iTfK`ZD8T>ET7PH-$ki3|!B_1ol zj@`RInkmo?K+=l@l0F>1D9J5z-9B^F$_{PrUghu;R zb08mf2%6=Za3C;Q?sAlq*-1XVgC~5%YqF*__-nZ#VVq8}HX%s6aMZ+$C|Cv#)U_cK zQzg>s#3=%RXz+!2WzE4X!{_BOUn0Gr&+^S-YE6nu@EWvlEMTnEt8-4YbP(3JJC4yZQ1;Dr7cG}y33#f?Cur4vIl+@;loplBN|@iApu1OTmmpVk(p13Uwb6+JrozXd z!ksq7TxA1Qs?bH7uF|4?$Cyu45efzSx5e$x*yNHPR4J|dCJcEITV>v81@lHLnTPSK z%%h-t=7BuIJXB9H57pDmLv>{ys~hulo=su(ZJShu>N97zWG+u-Z;)(ku5rATpvk5_ zKyZ9j`KO6sZx~Pa*_(|gUG<3W8_m}@%7o})wJIzKvePZA(zP#fuOcF7-ib&VRq!8T zGIMro=CU{Xa-9?s6l~Lt3jFafuo9?h`Jm0C^f@@ zt%vhZS^($+Jm?Boz@SnB0mCE^8qiB1XFW=tfLzg;mOxff2}Bhyfiy_1O69bla0dr_ zPUO?CVH4}~q#kFmi0E;r-SJ*$-G}K3=YI5B(wIIDVHW5AB!K;x3!ZrQ^tkqT+rEz% zMkgz=McF+a<3%O2(nfkzhm0^NUr!^=B(Y#Nv2a^bkD3hzU@!3cP^DEO(=LC$l1z(Y z;Y8xboII_|EdsePaCV?NC#*HDgicr=b+2BYO^XhPeO!w9G6+A8P1i5Q$Cd$b1lnrE zOd(lm_y5qXf_8CJ)LGnr67cOKf)i$2^l2ntFINOXt2D-^NWR-JW<$rLoxQfPHrd9< zQf)M%2@x{W{QsJvq+B2yjbZ38CaN0Wo2=0HZoptj?v7t2J;8us6cx2Z{gT$GK~AUF zva&d6%-n%zQ6oiy6FC__YW6OSTxTalHEi%7N%L;Kk<#MkeF9c8l%k5MC#sx!A~*Fw z$Aqbe)my+HR8LJksGgpBP+g}UR`*j6PdZU)P%_Jp*=ih?wW?SA@Otm|QFRf$_;l!P z)i-7Qju}IsS1R{oY8kVs&fC%yY@r4dNN)b-e$HO&tAKJ^c{=rwo3ZLuqmUj+i`U!t ziM3JM7D?*svy$ovG_R0{e}yR`jHkw!+lq~A47`(CXp3H+MDrGr7H2-d>M+aWUoyRV ze#6LsRm8=%3~H}w#d2`_2ciJdBRa{Ru>RU7{v7-7!yoBK0evt6yej!E?Im!>r3$Z9=t

N3V5Dz)#B3G6j!ZbjD)F48iWtFMUedv9Q09r*zC_z+-)tsim;DmBT!rOU1ug(y=UgAsW$mhY z0{`IJ)}_cV+^e4;!%`$S?5Ja2AWW{+YxP?@_HnH~j6R07`Z>~YauK4d9X2`PyQ%d~ z4R$pAI36an!g|V}pFFA?n@j$Z2aEvwX zq6(m{)w+)tu#5(yDcYt#a6{bqMpDf?Adv?LByv$u%qulhP`OSWc)IedL5aWqGEkx@ zjX6p*a?{oJrr;nU0{`a@4ovGDxVkdRR>!x8c<6(O>mIb0m}WeRtR(xl(OQDna&!`L z&AWX}qoiJ-skUG;3nzYyOO^OXZl_0Ix?f_TLu53{3WQcyHl-t~_-cecoK7>9}^ z4&w*&Agyd!M{qFdz1A>?+`mZ1h;NP6x1S%qze?qe;kx55t6pi7%+tG4Oihg<44*{2mY$xf6PgQP7{<66+!%ng0g9X ziVf!ibP}b*0%vcuU}JvKACCK8e(E3c6X1Mq)I^9EyevGccG*caL@J0_>%Y#EW?CT6ztIRx z1!2|jf9-kjZS{in@1^0V5wGgOr{<+P3mHZVnRda02nFrUxf1h%Yxa%J?m3>}a^`#*0{E7}4r>=KW=_6NZz56#6B|-F859 zI9$u)4WNU55(dz%i2+nz)ub?h0FLUE-iR@Af4(pXpZrH!+=+R25N07d;Y$YtOOpN- zMiKC?HDS5?H-I`Q(gW4FH;ZVKkdLJM_Zlx)u*Q*NY#X>IMX~Gu zrEP_M>zQn;ThdW75jzbXHR4E=K0rZsiNFmX@W2FFW|s5=B^q^w55!6MokijKa6c+x&KvkDEMXwd zkIoVKK@QDDWSZ3|K>#e($!)>F{*pCxb z|D{nKC_;(QPbNz&4LZ2|7%zMaET%rXM=L~$hy#mPa9@TAZh*@V@%1}heeW^8z(eQu=wcMCYJ@TTa_=@3g5cM4O_(1m;#(IS9O7G_c>#>$y~MY& zd}TD3hwtZK7u;TJ8aCT6if*ZU!Uc!N-wpg}eVXhw8NS`RjST^zm#dqBo1|=^v#~C7 zdC;E}pf+ZdIvS&Q{7#mFP&rZbi``>5KDQ$|Yy0sOY!mKf?~~)^#;2bwVqa2HsW@8f zmkPwx3tf>exizTOwb-TZY>XktQ{6`A??U!R* z)aeBE8K(m-*TC8`a*&0>sjd8=ag9DsK6sZ<4`yZ+$bFKN?`R7^?rGJ)m~ZNR__$6o zj6ACsSE`ery~&LqFNK}K-V66DInf|d;}e~kSKyZxi!X9yfb#{fsiO3O-mxA9!f}XX zAdnu1==|MV3AZkKl2e+SvVWq+*$6H@CV=RWSBqm|1aZm>SsJ_@8O(Ns#|Bie)V7d1 z-94h-4EH?92b7h092Y^@q@exz56O~MN>g4YbCzh)_Nbez5w5Zc140U0PiB8%1D|E6 z%BId5T?91fX%M!!NMiOU;sC}3y6@@aW|ge`7CN(_A*aR)+B_A1XKpIS-eXp^MlKo z$A83bFq;pL^V}mUoadegv%I;0mNMWhU(RIwle){ftmZ$-41*GOU?RTe&A9Nd(=RCP zYgJ|pS!gXpxz3jCjL?RJ0pytxK2cf*=;*k+XZH-vzLhRhe9`V(AODrIlGCO!yV)!EcsD__@-29-k}i zz~@R|aRR6Ct(~XW)W16aC*r{`Rm%+)gPdx(k}Zk>LEd-22e0;Z1KyI4K;@aU+cLeU zx>EQU3Vdn1@{8|o7GF9CUH74q>!d?sn^9^$N_`Kd9zZl+lZA)_rW_O76@M0tG7BkL zaoG&9Ylt1ud0rLdWm#X~JQP?a_>ST)oCM$v@tv3H?T~sjcC+UJ-_iV*pEU@+oZ(v} zGui4~6hcVOmY<^#&~*XrfGF6G#v4Vfl2w+S=kVxT4tM~oMozNKt;}IDmzao)Px>#$ z;J+A^@A>eWe{spoha^S&qq-V)F1~-o&H<(+rj4HVM+S3D1lw*C9i(fQq~H5pcma>G zjYpd%<(zthWr^uSsb#qm&h7s#p5|&HxD7R-Y>m-eo{`o|U?MOq1|O+C0aaON46$cA zi4~_9FtDJdFasf_h7oa$hfxk_8@>@h>s}yz=<{$c_>EFo*MYp|Bl_v*tP5nQ=&`vS zj;S&rsRw~mja*>QP*Xre=h{bcIo|PgD~r4_G*f&N5;so}j8_)lC`m6z63TQ9OjucL zmy~3XDtm%k^dx7M{MCA^q_%=xCBQe~8}!crtoX(QJWV_#RkV_Q0k}-u2eZ>qTIsJd zI)k-m&Th{19%e;IO8rkojyN(Kh4Qr}etZ(#)hif&+9;49dQ?_J?$dhsLgk9irngOh z9;DzSAihf%vqP3q`gtT})mCBEoAB4{lG#$Fk7)9{mokAFiifh4azIgB)ZQ1++k~u5 zh0aNJnbjs^o8X=pHUd3l-A30M@xKj#H=%ozz~6cf+Me7-1D$nQrG}OGCKJB8goKSV zXX7G=S1XWBYQ#^KH-2;nUuOgjN=urf5^kat$BXq2Me5@7@yCIgkXikP#OuC6ePsny zp&2Lf82?Eo(I9>Cy*T?ON&4sN24xV~@m68S4^bNIVD-V=2CcgxMPeRStswD+K;pH? zTAL#A+60Nu33VNb*QQClGC^X=5)!X3<<iPe_`EXc`WV9+GZbX(&NH_7qrFLnY{sU3yZ@#(mMnFp*a&g0Nr%}KeG zLryPqCh<;YIRj|MX)A+Ijz9aUyntzx`UwDj|Dx-sS;MMN< zdJIn!{0A^$1H~Z?;=nCtyTKv-g5r<{&(Mcg=-SFFHmC1)trof-!9d#&SvJsw_b3L{ zuvoAlWjHF%)Hf+KCQKC-9`#Q^bOFW#+2x{FF~x=VwA@O1%!OIQ)7YR5kHM zUqQ&AtbV$Q4u-8lq5L!<#556{?m;<3n;_hzOmBkQB7{{5Iuq>%`x80{y{&vz+3Zp= zp}j!!ZWhU+AL=|#AInI!lY|sm$_joNh13r8-)FyXT7Y++jj(y)sfx{SK4Fxb@M)11 z8!NIpR*+$=OkP>Ib3)JLm1xV9jmab@JkhYdFCgyedQF23E0OAw8&h&$m^FlM0*Bh! z7#4*Y4VmHxU4cU1ay+6+g&_#acta5GqPJWN>2bkDD_KR6k~JQzz_-n=XjkU`@ z|Ic9U_m8k?C<_~b2taY}77YrvD%Vaj#3U^5wGPXFm_uwPF5`ksTSCMS^0G{l6U(Kd zEzKduYRHEeTl>}l7(wHo8!Ice4geO{)b2jSGTxKx6?1cqR;)vQ;bx!eCCZRx)mWl@ zm05boUA2OrbVi~LxbKlmk{+qvRgUhRf@}JUvqX7g9Ns3cGw@pKWnz6Vp9@1(7{>FOY!Ak!Y>sCKU`0_UN0HNhXK|R@#yoRS{hAv2O@D2MWL%W z+A89R@gdSi{&HM*V2!>;?Gb z0Fnif8ZdEY5UL4~#lGEM=-LhwYd=)Lx7`&$Hgn})1mO0<00b4ORHfO4a95y-Swj$v za`cI-pbW>Lq6S&CorQ2Xwu3)5IlloJQnk?8fpT;cNp5OZURq|GSWkA8=0AvwPNLbF z8#)%$&xf7;y?kjhTpsOo=_v+yK|Av+>4T|G)~lzv2Bp`vN>)(vGE{Jsq<94#&bgY` z2M@T%V>b+S+ZS=Qsrw|<-yHleJ@~|~?61=g z1CJ1>26ExEyY27lej_@5QgXVv}4shfJ`bVXuIxX^pU31OZ9OC zkInixj7M=@qcQ5aRCwW+VcwxXWolVkgk=hYB#rndiUU^v-ODCQ1~A9$s{`cRWKs_n zq+L5vaH>MUjJX7U5M9f0n%y1G)aEegmh|MVkKw%#iIOpRz1e{$YGR)br|UthzUtv* zBXdZv7Ic8{%6}pSgSpLoF12qa1T5@MTCg%#(9mEUG~mbVH{g>6g;lwNcc*+66+ncV zP1m&n3SBp0)Sb^3#8c2Wb2diZ+fx8;;#INL=)(vQTUQ(6pahDOF(?_?KhX2t z!nO%L_;mE5yYoGgS}rxx6ls)hm2#U!t~bYri2&B<Hz@Zo;Zg$p;ZU}P zWe0Pc02orX35;G#DQjMtTT#V;6{~V9JOjRU#Jcn;Oi?I!M`|p$#+{Wd8+9a3g(1>Zx%T z0Fe{fbe6G$YDgpJ&FWB>p1|-vo!m+gY9&enEA`;O$wZHvO)u-!ts=M(Z z>6T5RTQ`pDZwiTF~rhZ1{+cZndtChEW1cFW-|eXJR)6-D}m(lYZGf9Y+~IP&jBer&;y zV>0GSP5J)(CSTyo1i&4y{#));m4{mETp~Kl5#9fp(Bd-W**(Iz7ZqKCivrstCs^wx zd^oLtQz(8?0+i`-RGK~%@p4YRSd|yz^7chRLt1Ri_umje?B_rvQT)RTs?li7^d8}e zK=ndpfoqPXxyzvULvwehnrqGXe=9V%z6RvhOz-Ox9aP|L1nyit)UUX*W=?6&XhXh# zD1e&_aG~KZv*Ch%o@I`|FA_5(IKcf!;lu}nJN#Lwy(j)Yb|Cn>UR8uTUd;1Fj(#M- z`3}l?`YvgR3MGmu3X$GR8l(UCn2C00V`HYM8sBm|CP^WLHue_+!1oJ4I(r(Pktx17 zMRrO|Ld4z>iegoAXrgGTV_Lp{RRH>8_U0ZbAdqqO%sW!W=Rx>G@!vhaS_ZK1TpFwEivfp)0nCFarX@h}P~zR8#5bgbW3hCT zAw&J|2}Q0%ks2fYNNHVb$_a=?Py>qx5M;0|I%92;!rKzUUe$lf`e-zhqRYb<>LEx) z4oz0EE+e|61#MDZ%h9)_0>f6yaId!7FN_Xey^J*a?GF?iudA#&c4fU#3t8DlyMNlb zFK}yO6FzAukn{bI*r1KRskUobJ?{s)rmtj47jg3;No9i`i55j5+pKFXduwr*zytX% z1a~vJ0`RMnfGwuA95rD*2+~B-?f(!g@e-nDTHJjy7B77V-N+%x3ceUlTIpb{_i0}u zL{zbKwEekG+`74YC@h)L>sIuf(10#5&>szwiUzaXLT5+tcwu;?6=|vGf%6o=J>ok9 z#jEjc5g_m(_BZ@dheh$4bzs>u%lt!R5 zy(2_Ao~u#^#g+&4E>J+&EXxxpJ&|&!FZWs&Ez2WsgA>CW#JeRWZkN80ljOe%ls3 z(#w5_U9i2LBUov1H=^WC$MmIc$A@V$A~B!h7ATT7(Ms8#QAs|~cquQfFFM#VEI$rk zhxX04-GOC4d0bPW?r?ei0}-}>hKik-_@wFjG-J@7l)EgOTm2a)Qm*`xT# zAu4O;5q;!F7I9>(t$t1i!%6xy53W!I*^SI8oe9rvu3Qmh_o_eXV66zUqjp8WT>i*cq&EHOv(KUnagLX#Cb6FqwlV`jh0tQEKUaF{+~Ew3 z)5{7N;6{HfSyLHr2Rp*ny<{|P2uSO!q3FXcoZ(ym-F>3wl8~2mh!5Ar&eZ}vD+N01 zL4OXrxqAd1qVC{iuN9WJkZn6`5^-++1{PaiWQATDa0mjZXJoxhG5BWoe%IF|#~CUw z334<;b=J6Fa$Vi8->n(9CUPN7l0OYU?IZ7ZkG&$ z)t_?QbU?834=pS9=V_TpT|Krq12VWQ_W(s4GXz!mU~ZHMi1y+h0@f}^SY0r>1>6{Q zekKY}@h?`pB2%1CtAAWO6PjUWZdayg9vFRzTZjmi~!*uKcz4R<41t)i0q^n)z;6AD9tP?0dMdtt+u5& zVwM|05w*#|c5xYu#vcnwZZx0hl4^9s_O8b1h~5Y;G@pdtREqbF01TY9vZ!0L&XV=W zE1hd~Kz*E2X**uZo=KdtYfy@{SfYYbN`+f%XDa!0-BzP!6X^HR+BHQ2xBKoa!bVkr zjyh%LDO$Y~_t87fL&JMAq1$a%j=nGq$~hDI+WpyZ7foma zh_*dLSBrUP=QjeaVD8BqtSXp#kQ6)PSjx}htDSQ|Zq{;JwC)+2+sZfOF0|Y>%{@X8Q~8nP&4r(nD~t_@h8&6hXknP9V3NkT6^l|a3M}&;!S>2 zVTLrYgOG7PjmFi?+3-`%7a%h5nlR4jNIAe+H}vc&*wioU6g|)dqW9csEsfX~CR@eSCi?VJR1Do0+@=U_&cefXC~r6_&3XXQ9sb)t z80kr297+*;UrE0L#vmqH>CQ+@OcL^)<`^3I-(#7^D=Bk-fzf8ufRppbvFYOEywuJw zd6njmxG)laGgk$200KDxfz0g%`$W&iM`H=l0N)05Ji?KWRx>wj(T{>nL|np(Iw;Y> zTpt=saLo_+wJNkSdSw&u+Cta0&~%`4U3^ZE=q5@PB^r{s7Q(R>{(9`fm)fr_Egivz zcjkugVu=mK5Tq7utQ9-9Mn!kJ3?pPPMDMj>m_+(>#N>Uh(=7$9(>;(!!8yqDZx9i(CazSnZKI?VYm-|@Q ztt_=~Kpvx^)(f_@hiBl)`d|(PH#-#JFq z3f;R~h`uqU)Ug1MeGm+iABD~HBBZkcg zShgCDAY3M+SPfr@rFGCe6{}$s<(V@94JQHt@)_p1dqj(zt829gJ)dZi%Q7lDtiQ3e z+hdC@zQq>TjQ?m+`+y)Ljx-#NVV}ik$G8%CUWkFs$DaHG$hAIY6Z)Y_5}cqWKRh&; zWrx^TeuJpPJr8C%^}6J&dmhZ5;T}!vEaW#djDy~P6_vSAbT~;zNeVSL^3GRl8O}lLXrrgEwo49KP|m{ zEsNrx&$cC~X6yH{d>;2xT}kv^N2fM1$SmYxG49)J6pBg&03IDCEgoE}R{)kleV~ryXG{v6 zt2mYm6?p1jp#s&UQ}Bb?EKxLp>Lu~*l-y%jbhvLYSbDy&tOe)iB&YjgRCAaycCjRd zcuFJl%}I@$ClsDQ(ccIVUB#w>@Pp6pBSeY{rVn?-j+v{9{Hq{V2_S8Gm9+0e8a}^2 zCO!%6RfXbUr4edqWGH3v<^;}4%`b!$IZUseaHsF+BM5zLkr~eSGn~OIwu$j0Kf3(Y z9$R{y5Brt)UR{r=chC~B?&UU5UA!4eN_e54Dg7_^YDoBlg3`+x2cyuPlT`NM?t?ic^$+ls?cH z!;B{ZeGwlyRBT3pQm>X?#}_>i#xK-oR?`hrGElwDbZ5ety-Ge~ucx!5LxtO=TNaU7 zQqZ8CuPF{Z?J_$bZ>A~c?XH(q z3{RYJYg8mmFtPzlhNR(*`Euw@Mh}RSfSM{D4hcC%=utKq@8L8XlqVqE&i10qv4P?^ z=?<+)WjVLj+bT`FqibC0X#~Disn2)FB=4GA2yCSrq99ElF?gmVoV8kTcT9Z%_2Sg*E>t-Wf_q}1 z7zC1YXth8t)Jj60QZ}0uG>Xn{Si>>5nj8kjISQ2IRfYbFWCDlRVWC+&^r-U`lC4Wr zrK;`cYT17hG`1jcy)t+lO@aDKlgXg?Y;8~zfbD8piG|y#;6a~bHP@)I*O79@q6GAR zwyM~ss2eU7b3;N^j0PEkLQ8Q_R0Z>cs^EDHC(0G26RIMRM?GgkKo@`8Ycv$h#*-_a z0IJze#reau0-iMF>V(1PkMrsLEY3x73&{~CE3aB7UMbAf39dIK>@*VPc#p~*$~pAH ziMr1qJka2Yp=zN#PLs9hW*6;H0b)gc{DUf%{Mk;nzxXFx2D(0}S9Nn}T1RDf4^jq; zJHaPBU@GU6X-&C_1P~pv;4rQk>6H?x`$&$EGH!kCtT~ijr)8^dC6QL>aFU1ka?*#* zhvk<6(d$W+2-Sh-YZADLEL0o?bwFe@Re;DgALkob?hul?_~ZbhKyP$n5U%Ls3TOE> z>!DVx3h-2ChQ&PC9gPAyaVC#ztYk21a{pS_a~j5(g!&&Mvs|SB4HwRiGa)m0rtZ%` zBzlsl_F(PG^=ooByNnDhl*?E`!Q&iuvr!VZjJY(KxTnb)$$`n^L|)7T4WW(z&y z^oN@vqjpbz23G#bHLSb8rHPhV^f&`t!pF8{cgJmce1&u(av{QGG44INr)MIlbDo(7Erc9sJM2eOOx;wqbcNBG$%0G5j!=fFT}XLB@LDgjg{lYZ9ImMYr-VY;8&lOxDHEG*!ksbZA{h9nhhoipGsS20ScNw+IWs4y;w6jhuE> zYQ+vD?g#6j|G}<~aW~$e6F3)}64Uc2rr(hH9K6piDU>J3IXWzEFxGBkhb!X?A*dfU zp*KO@saCL$YyuoClUohN?zZfN3XXc_z@3*y7+2Cyr@IXEudxwuzD;KmRwvEt4H`z<* zVq>=ta}%ieHcQiQ(V>1@Y5r}|%1>ebhxl}>9m6V<&>d8nMwv+qZ zVNwC&GQ79O$5Tq$vI#6uTwul%$>U`;b(FD-Z7jSN^-2E7ve-FgL_zYjEd` zedf*-Et%xbbCG0sdN}Spfo4GEec;X(Eot0QjnBY>8RQ~3!8p^pXqw~2;e!7F{t6cn z0?B-q4UgEv$qmJ@z@&&sLbnb~ryQVp>0sp9meTYg)-HA6kqtIR8@Y1K@zNtmr0E63 zF1UsiIuWSF+b07f9dAF*Nm~ztnS=}h+C&E+1VTR_1#zAZctFLThs_4BVmtO#|LiZF zM(ogH>R?e^$@#5HUwsMGLwit192G@s4ta9=_VDAw8m%s_^;e~b36DI zGa8DTN7`x1d4N&5p&wk&1Wm1>plJ;45%j+4SoWH+rL~lBUZz_X=%`&l=VKOFhyrh_ zf&GF^Z>tc->2j+7xeMhgINK?7)ESa#IazMm!rHSy#d+N-esbJZk}=pEBqMDOC1dk- z)npW!?77Rj!+WT7O^P?yrckqzu&Vf;=fxGBatVn$p0L*j9MQr=8RXq!TNB}kG(}46 zes1hp`6W0Rjd7JMKdOHGbgVWFL5@ifkK5EBV*2Boem-`N`#tUj=oo`FR!0qBrYg=I zB}cfAkIwr21-lcK=c8<|K};gqYtY~&{jyWa*!sL+-Zk3Kc{SR^H~IRRga@Qbs^h&K z`VX7q*mQweI1=4*mNUzk*6emLaBj2=^*IzVB2Vlqv(AR1bGVu1OsXktuh3P77PU^3 zgsmiD+{ir655dM_Tuo(sWDEO`!{m1?MEMY3Q#PNR=n6M^Y z7&36Y#^Lzr_rvDIL~(`E*lB3U6tAc!0bc$}Gu}Z_x)}lCl!apTfZ3VRQFj>o$5u=87jl2V`u7m3P+|F7TDF z;W1=S=%Z{@L&!sHgSCHWbf`e|iD-sHrK2@!M20(=gA^jVq)m|c9eNgDsSWxjq}#3# ze><|#T_~vZkPO0RMq6|}A+(PRArvgIAg>rTqKVY2;Pu5X6bfP~@LR^k;5GoGeP48j z1QL-gaNZQ{=;sKuJ*LT`dN7PjFaJDX_vAJM{$}JQdG#_bFiN@2j)?N;gbb-BWS(>& zPWxt|>1QyGs#yP!2#4q)4x#}f8+`}vK)o+xq|`B~@Eh)4gV=I&#&$i8kBp|ujJFIy z{G|r~qr}EV7tvh@IeOzbKkorR+Sfs)1P{o;zGxb7k3a3m_n-euB+|@fqq96BE>Dq} zBFH$tJl_z|E-aZLsC^8Zd19F{6>*Iy1N`~u26YfQ*?S&^a%+_u&T(*&36^sI;|4(X zc8Zt#Hy+Rvy{Us^reuI68@G!vnUXT=LTFu%8ej;eJ{mj`O&PXQ1PdmN()*r6oaKyx zU`igsJ~(C%vFrP^Hu0FFx3!owsH^aieaK-)qvydjk96xXf0 z@0D(CLbIFvj4wEEijJ-Xf0Wpjnkzke5(5uSY(i6Ilf04W^|5!%$n^|GC+;tlA-YDHlrCE@y6nHS2kWWJhN^U#%Doc$Y@ii?$U5xDX@V0c3f__c zyeqM}8S_{?qh|FQrLSOVy6<%>6Ay{`AI3VYk&5}HqjG-X{6DX!eF#h#1rzqc26&Hg zqF-!)Yav6TJ9Kp;+R)9{bEG6-W91<>fP`7fodif4wj+B*j7)G6^0@x3gvAqAEZ!Vn zuNlM9dw;wOLFu0>nw$ zGXv2&Uj60h^Azow)S6AsdsM`CBuu)e#?mKJEPa5ty>U9I!P5IHSqfgkYmQWEk6}m< zbz)8Ke(No1?mp_c`>_#l*F4dXg3IKU8_J%?;)Jg6Wm@2LvCJZc+xdfe((_xshvP{6 z62Vu>D9hIoNc7zw$quqWSR`=mDln#$WFI>%0pi+@J`t*wQaA-^=oOeI!TH|Xb;|_A zgrl{8kX`=P?r?^CS62~E$CQPIIrLc8b><+N^b8(3}10-lEeumbHER&WT03ega7jbKHua8u)VLo z{iYy#m~~{%3PN}LXo3wN5TWbZWJ>0y=p7GKnFEb zkzos5oGYgw8UqXES3EL_L%&^@!m3jmB$FO7=0jOWCm-!niJ+@!G}dFXe6 z9Qs|r_7jJG(Hx@U7QGL6*r8wS{B%W7Zq5|U_xr}b@>y-1L@Q+%qz?UJF}lEEb1JX_ zTue&ZC1;~4r=`KUXW)DaQI|5Mtl@#=IYSIvKsvtnIQxvAJ9!K2o6hiFL@Zz{^absU zF@N7a?t7cllY0b;0xKOVirU9%A94hJ0fOw}rL>h*IBfYj7FNADd^_q&$B@35`h#f0 zl_CcVA1rh|h^=;woD*@ToA1Hk%pXE&{IA0TH_8-`7wY7O)OnAM1$f;L_i2-6BEH$S zW?2SmYQ**cI1vgdOSuQ-hQSBp%Z!4B&dKQMB839sn5@2uq^QlEoL~F|{aJpGszqq8 zo1WTj(6Rr3Kfe`V;ApsggA=vMe2+WW{MC4}zN?H)PF%8_pDZ#qxkAR!4rPo8{9X|7 z^ZayymTL74)+%JIuaupflCi#?{N(sg@ zJ|ZQsvH(tCYj|$$OlY$aAyloJO(93Rh(_fz8sGrXR7&NWWnzQ|~;mjj-g zPso@iFB4{P&%t?m=(wlgN4*NdA&M$(>0E+jER1I69(2agaHTP%2ceuX^s>jKhg`k! zfL3bOJVpc%#?0)wEW|l&h|4N;mLrAFFd(2TodJPOq@)4yAPb2BF|1Fh1q0#>SkvI5 zOx$#eR8S7H#iI7DVnDE5NU32!JoIfrw@g4BebMW0LqeF(hkzRmh^=NoTo=AOITT%h z*_HXy2$}a(4G4C%%7D0u4(7B0LBFw!KUj#oe~$gTpW45b{2UdQ@6rCfPZ{a#-&klk zfbI`eviu7yxi|aw4XjUTs90nlaBsr?z2~XgzrO@jx9ED2BD@JK<{}&R@AiGPf34iU z+P~}sd@S&IV-sc^gZGbEGKufNi{@>xc7S0WYCCDYjh2q2sZe>7_i*@$XkmGY{WueX z#15FmI+OQLa#OlU_dwJq;+v4zw4A|Et=gZ+0;zw3e&OXy7~7S?#;x|f=oenz#{TJI zYum4+`!)5;LqbC6m!HjHp_=*yy@6IS292XoPQ`-GzQy3QNi~DEj>n+xTPhgzMN)LL(vQ9yh^H+G=r!JD(qWbPpB=M(zb^wHAbU9ep3*N91hXD1R+LE=}wx8{*-W&yF5UmE**}jl&<=rw~%f5eoSdPTG{H z#VJX9N}Q^a7t&)-{QA?475qB;rZm4WEIj=&)9(moS9B|g=xi=$Z~Z^l|8G?Gp9D$B zYr6mK+JBMM=vMlW%;t3cPv{%BjRIFj6a1_x)nHf4jYfYm?H66|ZQn}GlZa2S`{im# zHg;NN8i;m0M9JQXn4;vW-`huRJzcw~zIf9DW{wrO(F^XV%#|7lC@*(V?5elgQ}{nq zXC3aVvvl;F?{Ht8$28%}XyT78;xyI*i7)cLn?+rZB$rQR*tLzUfxXp67)S?8PkdBI z8H;Xbr>vDMPVSwJuu}l$=RCvwu{&X{s2<{8RkY=W^>sSG0k(nWuIkZGDTw|Ep8L8=LY!%6oVlksSU_~xiB|3 znz)kf8@3B{L`yURf>m>GUUeME|9hk;b{W236a7G8bHtR^^sEqHSTSoqetbo^ObU#xg|d_ zb4%`?2}4rg^9_PKq-?le7*Q4}1lDdbBIvzET0{&3yU-8MB0!DQC^-@xsU@|uAJ>v) z3<-EJ6(ap`VX$hs3$2_$1TL*W+qZzNd||1os?AIX8fE-$#_vd?T=7J$hdem!=v6gs z#L|+|;;=AJz@>D!D8RA!SC~G8d<&4#G@E5uPKd%Gr4~FZ@OJ$6k$!LpQa-z90AlWBd^-IH9&)y+ zR_!J>Q?vG;$s?(4WLSzIS0K3wiDU7jSlE&#jv42xB8B9LA_c+cwpdTsT%(jgT6GVQ zC_O0G#Nqvl!$!7*+EqPZZT4Ve&Dzs_ZRx>CbfYYKa~q`xFV-F;F?PJ!6UGb&Br^Gy znr#kHR`@Z9yq?75R0-{foRI#t(zr_hTGSj7c`bFp z)TdW@{z&xY<))Rs1J*z*;mYgllu5Nl_DJ+$S&Ty5$od_SHMStEuhan@T2ghuw~{5H z%tT4+2px+*qnX-Z$kdw4k(osJiH{n>DLsE0N=e_sA8IWK#Aukvhk)xSgohJ3oCUn( zsQWyd_IfV>h>2kOGOzPH?A!EdFaC^UeH(!rc>A;%^t0Fuh^px{*tD`SyvyCNnZO zh#`+n?8f*)pptA1&m-1w3sA)LaBFqLMMDOoXivxp9JB|k8Hb$Isz8^(K1p%zae5jB z&6BhxmT1y_Lp<_B&5fBgYT-+5C{ivK1pOq?L^1%?#jC3k?^bUThyOnlalM}~g&ccX zAMg}}{2yZPuNtiy-=+-1urE!b8lWsRLji&&i7K$%`CiITmcfc$NftDR*ov*o(Pq+u z4eQI)UWlE zcH?VdD8Y(i;LA#Kvb$&Dl z=R2Vb#Fs3$O3&-r($g>{+D#^;Nb3A;DS8HfB+)T0o9hc)4z91%_uP`G0f{pF2)W}1 zBKiTm3nR4@3FkEmJF`i7L;G{ou8lAw0bxvSjBKAO%7{?}4R^IZ$jElvr;HCoj@`wL zxB$7>&!(5ML?Lhrq%%lnF!K`vue$gr{KF>+CzyZ@#Ta{KIPWyV5QNoM6zYC=%%u%@ z4S|)9HWBa$?-&FQXuU4J%I9M~!{RNTg<59IqSBHkBMQ84BhfREhsJa-l8$Gz4=Tm& z0)$*-LrYo`b>`IP9*ph-Du^7Fy{2BRH_UqE4nWlB1(OW65p~oo#U6-!V zLX{L9t`$Z=A|8`U=>FkoDuW~3v~<3&jnA@9NwDo*o z$5qmcy%$EWYq*kQH-lz)(e^>wRIfqCEE+cr2>#2@&O)y-jZPc#W7t` zDXVs(L|uH0mSYa0G-;EOR=SEpkSxxACrh&mcAh{+wGYGn=zhzbyq87$OB5CahLF|e zp77!>#Ud07}5*Al(h=`m%(aC9LfFPyIIlPZQh*1F%Vh0>2zcM#@yO)nuFolNi)?kZUjP;y;t ziB_f5oLd(sMtn-y-o^kRhi{{Yw+ChW*I$dG8jF97$rc1r8NC)tr?!mVD8<~2wNhuS z#rv}^FEehqtIuXEu*eVSDml1Fp!oS{EIy+$;bd(`C1ql!IKu=>COP^$#CWd)Jh>81 zeG(3~B+L(mn@y+_I}~bJrv(g4w4{SolvxXxqx58t)7qC{bEoF!b(INR4udkFYG;#- z{*&OTC1txm;-!bVx*mu&s2^9SKBv^X-^ijewRWGFAVXr%IQ2+Sf=El@8uNwPjv!Za7+e0sRLX3SAoz-rz>R zH;oT8tRQ}v|2_=y8O&{@_z{jKzRqNdwlW4c_ik=z-vGC_c`vS|&{>E;j+RcM6hGN@ zt$mBx7YRsJRZ>=L;H=+`?d)CJ3xWJZYj_3JwDhm&Sd3Y)_! zvAMvoQ5tQqKIz*W-$NlkvAmKu_86@kA?W+8Cf`xBTgawdHHhE=WD`hAhD;1LVRh1@~q(#PAxLj*9%(Wzi=>|VviNbL66(wHQIvZK+DHCf0 zWo#T`oe$!e!X2Mjrz?O!tXD`aDqg?d=yr?SL|XOY;;*tM_O|#)3|&dvbHr$XMZq37mXzUu3qcziQaxG&H zbQ#2AHP(s1B3`!sZ0nYo)Xy<7d%BMXc^ICMAXOOuD9{O^Q^CW+1hPfS`$ zC(*hi(QAIJBe!`3u_z_|>;)v1OPbEm0`LODu7zKz!@~><*8;+@+^YVSLNC+nBR^sb z*4(}FlA;Y49&B#^&>Z9oR>%q5)UXRiV2ch%YXYR9Xa!$n!_pxz5D-Xp@olx*)W!Nb zBAPHwbbo0iev9vbE#fgetF}^2WJRN&r`!T4k^9~-!L7d^mT`h4N7fT_Si;`lC zA^e6|3eJ|BkS^tSp zQ(0vtOWY(7guT!=a00AkKx%MwB{5j3ttD22Nk}l2h>PT^W5sfTw|y^F7Zpca!G!+k zK1k9`%FaRfsoU7l-CWC>>p|j?x;ompo7?*)FWV{(fw>vV>w2l zX@^OV0enYnV^@5M=Wx9+5B*TzT)_AsLD591ls7#%y%&JEf1>@u#_uGJ;Ya zot7z@NTn!3Z4*6LF)w3y(`%j}NEGFMkRXVxR&^nPZelyPmJv{Z;DBNgpkc73XA#cz z@!84*aRvpl+Ifv8jMp(a->h+%GHL0S0qmqY`|gK^xF7eu2$m+a5^sC8`U_qC9vlit z)VmX?B8~y0U+;$mg#H6}%tv*^QLa6IOvFNc^_$f5ahguYo9Ow7%=5uo`_(PbTBo5_ z+%Bb<{#JK*^mR;srAy~9!2VwJ$azS8iNd5rqoZ6$**Yu4!s@ymJ}8ZJke-&g4OSN& zMAgKwM{o@SxwH%daDP!=`xpMqdUGdQGTyg5^+s-jqOELXBhwb?g!~WUer64@b490< zc4s@>pZUMSeGI;>O5Ara?K;rUNb(QR{l98}?L`_P>Vb0ev*OLUe`}$M zSVi&3Bxko)e)2Lp%&SMS0%anpnJ&BG?vkDUXtw%aG>nEtK3p9tTTa2sB44M_0* z?Y)(6ev0MWD$475cGX`z(S%8((3yu8T%;(C4QBJSk7&u*momrj#Uy-${?`q#Xyl9^ zYUj^m&3vKrJXC!t%EL)AnD0OG@weg`ilFHX5k5lWd(2(w_!>O18ovOI%a!D_u6ci7 z0pi~A2^xg)<=M8~i2)_D3{Byh(?#z?_OAp7XeFHorUPI_!=E@^8-`jLDP{AON7M81 zMnOVi)}$Xc5n+;f(Iiy04wkZLbv{}>bsmm{G~_3s>y5x8l5W?^l?W>IVV*=c%?ss- z`&>Zz8K4a12hqGz0UFkNmdLfwr^z%f^9ALBdqogxY;xebiliAOAHGcORugzEpS;$& zEoqW9kq6c~cCx{Wc9@F$!xz;3WyOhG!G*CSGxlwI%#h9^;%teT0PoPQ;(!-F^0``% z(Bz%m7gRw;&;b`gY8F7wM3!q^+qpEO=SDRCkkc`QLL1To5G`DpxI3PLsxHLhWY>Zg z7Hn!&Y}P59BnIKm}Q`8FA4Z55*oAVpFE(ryJAHR~jdGLPDE zh8pDqpi`p^C$rk(Yh^majS}pk>#2NA0#~KlrzAv{Xv+(FM*+R{)}80EJM6Pm$84d$ z_!xzb$?2)PL@?+&#wnoZz)+x-(nws0LmCL~H?W*W{b1a~zG0RXqM$*!M+D45)M{~s zlt?JZ(p;P#Thfb_M9p#`t7O`#)HRor&G?JShj*h0ZMOZrkPq={gtq%z~?_|#HzRn{d=MBvHg3mcB>0?=W{;iu8=d8IYpoIgOHP9&SIalBjo()3go=W=ln6` zJj|R|`<%aqoGr|GvCnzd@4f6?$DDef^Ma7m%bZx$8ENp+kn;iN=rxzjX$v`TXU@&O z&g_tL0&_m?bKVqk4rk5^pYx88^DO4P+vl7ca(;g~a`ZecG5A2pd5Af$@O3^Ka&Bji zs%O?Ig`6)iXE(-@a_;Jo)5Dx!`kaj+=e^9)%_l(SDgLek3iZc3$wKn%a3T+Y7XKerWGl<^)!nmeX6bSZ*?U^E%}<-w=fpYF!g*oyl5(o}Ugm zCo+df2yx^qpt`1U9Y>G98j4Rwah7ynxJxwmtx)QBmjS3UmPo?vT%88ml<&Vc6u*PT z9S-{8qeBHFheKn&|B+C9EsN7_K}2vBB97^!-x@%tHIP{9n3nH2+*Fsi8&a+=={BnlB^hNeOU+?L4o3>Pyu38yPL=^- zOPlJ0PPtSai0O+xZa^ND7E1x63-H`oqQ?6N@OPOjQ|Q&dV^!`B|D|Np2BXpKs9LLco2+-6pJMMehTd&7PA>%v-Z49W zqryV(Zuv}&-c122)>?J%4g&#fb*IU2n~dbd-2Va_Lkq`LUE zt}R^>Yt#d`bQ52#cjbetjO&&!8s}l28Q+EgPKg1_G3C6Lb}UB$qE1JAeYeq)}E`z4N2!E*zib^(OKS4`gAboS%l1 zOGZ+d`QOV=cmPlv-7eJ89*h^w6bYVPnU5u7(*N+=AZ#ky5aVRN9X25@n%|l!=6xNE zH*u}d;UuePcBd8Hxik9B*JP>4isbWfRe`(H1*8 z^DX^NXxcZg5`KcB09ilMopRfGRHk?(ph;N~?(VbkiXtau+&NdF2TrL1!Mb?1=EC`w z*p6&NZUb{UGEo;mGk9`zLoP;HWsfvBFxhpU=avBDl1%YzJPqm>`UZ150Kp)JIx>Vu zFtxfNyqa5Ma;uPyHKYEtOmSJw`kq9Eu`V}a5Ei-nqcOA<+5=}glkhnk2>czjh4KJ* zjqv9$gfjqzwc80^NJINB<%c+cZvsF$MOoB7M*1a8c+}(zjYkQ((jBscySVCF7WT=7 zn>!ps;4*U5Hoqki^-3~qc)RnH33*CrxkqmnEeB>DlW}4LF+UBkM1bUDc6frcyNbgTj;9)iauBrPT5a^55kAO@8>Do+;W1 zMi`PQ0UDG2-00=kIJH6NVjD?PlYq#gmQb=1E%<-i_!#>YOdQ|&6F;$4g8>9rP{&LrXij`V1 zU1R-}#Ic@--oyoiVV=l&SpdegH z#`x0^XHB$zV#L;@)+M{lpc;8MsCBllR>>j(1EDN*?OKv4Uhg`Y7z(N8E*Yn}PrByL zXLIULtQ1H{z`-zTQt-OQfp?vQcM#!y5z|u@Db^wpSa)QK-~L}?edD=kMg562us#RV zhG7lm+=|ieUe)f|YbV}9@MX-vRh`&|M0DakneL5%il_HyWZi?Oi!ij= z2;GoH0&sgV6SySC$1epZjRM~#xaeHGi#U)lioPG{I9R_6G0eMUV+;#YH`IHe0Hh5q zABJblkEVh#AMi|lvuEo0o~d&^Qx|!rp6Ho+wrA=bHzn`-keiZsy$#EIv@w_)CF;Ph zFmStUMwAQD^vo42q$7;?X}D{>IJ>N5{BEJZD2?i$0rt3+KulQG~j&RUs6Mz%WRXvyG!s{jR`1!`#fG!o3<_{*x?UubZ= z83vkKGtPdL`4HzhX}Q6o=T87B+x)dZ;c>H@vETAeba9o}e~CE^D|eNN1;s7%s#AlZR`}Wqpky{B3`f2XOdQqn95M!8NbxpOBom6aj5?HLZJHS zM2-hsZW=*UF+}R*f=LWU=*A=QiYMsC76X*<9gIdjUlywxRckji;u^}bp%0=V;Wlh# z*j#D$(&j=lb9^(TTNWX@z~b1d#IrII70OR*P)l#IqXoaoHU_j9&n#FG3!UM zD00ic#`u9++X=N6RjRdbfNJr2{PD<0as_v%r|2042wJaz%O1!KA$BOrTx!E2`0`cN2L(4*bU*ufUYv~TG_!K#ir2itza$)fZc<@TCovDk9H@5Y-l+FBq8H3Y`#%;3&hj zZSXhZq9ly3awJ~)5ONP&-kq73k9Lfp|4nfDVlapU0XXurDf8^JDf8^JDbVRz%uNZ7 zJAPBY^ZUn${=;qSV0HP9X0#EmXC6TxM?l#Y!56-%{?-9oUK~Fily$-96h>W?jr26C z{{kO>X+S@K8lI3=)+fes0B`C7{I?kOBtBypeSpRzL6Q85QcKJn^D@Q1G2bb>@$}2m zOi?WbQ;Jp&;Lkzz_(uG}kiKx-Qs=VNN-cHqxTRy&mFfESDSmM<1&^q zzQ3Q(_`ioguWpcjp0%)iB=wAlQ6?}PfruYCd z_Bz(aAO9aET;t6660@A8tXGT2#difu?N!1rV=3#^NBE5Y$v>ZmVTi7sxQ|^MAL(ww zwXTgXPDPfou8pq%FJ~$1+W3m=3YN0275I$*$v=1Mn46m^uHBarjCFQRt7eC@A+CH2 zjFjhtUgHS>rn9o<$mpV z0bYSJi*q{<07(I0E>?s47vi=FLvXGEG=$tBgjG}wzZ|xmq6wL9dS9?@#Kn7zxmee? zdQ)Aczk>E4?5|xYMYj-|L+JQCEJwWXXFG6O7#R(q0)$@AUWi@#dmU@IOQji&O43hV z(hS_pAt~D}1ypF!$P|sBoJhET$lmRhP3^9z+x4dEgus2bVW;Ugb(J-w86dnJIpgwjwVNojOp68CSU z)VxKxo$ZSUn&(Xzz@a8Jq|y33wBC-G^m!A8=HN2>X!$CWOrR_0k$1)?lJ~#}OdXY^ z(U{jg0x;-5O#C2BgGW8$)we(HI(8n7>>g)+?ZG3J_ihZ`?ru9@==BN?&EB6JQG}s?644t}_(3 z%1jaB2TfMWKz_`m0%<`iAgjRjd(AkPMD{cIV|E{fEc(z&aGldLs#e05LA3g{lF3yk z7*bWHBvE>mH4(HIy%@q1AHKKBSP({kgjk5A=%4#)VFe z24DhlFl3^{kg*R*o^=I~a((B~)O`a=mzP0!5h0*2ZWKf^3ZnQc90kA-(#KpkAl!J! z+IriCMMwZ+_thx50tX2pL7CoH;-znY{GlJ{N}Zf{9*|i>%M`xCXJ@*(!s%WtG$RP?GY;a-`BeQoYU58wb|Ob4M|jGG#TD2JJb`w}1^ z#=g^krUO7!8ON_j!=!MjvjM&mdBUuR1g8?`aS(hjIt_r_H`v@1h^jCzkr98x zF0wEaguM2>Z5M<0IP~qpW_Y+9mGEJnd^2tynbULUoSrQa%|wesk%La%&qabnsko>C z@M?!hc=A(pbR#9>8?rDLyn2WGD4GXPAwT|we^6IWT!u|tPD2;LDvZ#EyUII~;&Lu> z7*@FpcPZTO_o<$pSqDq#{#CjAO?n=QUx0$xOgnC1X8X>Sx$o*-*f3Ri9+GC$cUR@U z>kI!zTo0pl0HdK0=+vkf%V_34-7J$=T-1QqgMhWX?k}%q7`I4J#(k@D_j$Ni)q=~9 zok1Ehy;lKDA0>d6i=3GfpfJO?XVy$Xk-m3UWx{wzCIzf-z-2xU51S_d><{rE`M<_P z-$+&dpI!bS9yU+7b&Mt2cS)6-@Ejk8KP7ybt-txAx8V_C3maZjU)Qq*cs(JIi@iwn z9e6%oHcvS2?mustKo~`Fsc?|=)xFVr<#GEWT=>$^$x;b0_G{CW?&DeGP`n8pe2uA= zzs8gM9Ry(4x9@t5kbC>8+;&gymtyu6O_^k)$Mz~VQ{_zDRzj>&52@ z1s|-=ZRIIt>X&<0-;c8QcUb8mD{c(f$u)Uwsrtt5z_uZENZF|pH z{#We%4ukh;dq2U-m+bw1%fH0lAGi0#73EL2_dBpw5dPcyqxL@2-d}=4`^-Pe)wlP9 z@otl=+#70l2a53W%)N-_dlW+K)@>9(|!=|7{K=d2XkeBQe&*@ zwgIXLJ$~c9v%=eR%+tVX^2H_0^|TtXX2u1N_*`5v|H}qDVO3&-w;^-I<(h$IN5fq$ zu^I_wq}9cA+G`|j3!VrZR$?=u=eZ>JHfA|)_W7O2rz2oVb2PU7e{knoIX==dOWA3P zS;9Omn=MyH8E4yn9EV=(FjV(UuMe;Ux`d_dGyTFgk~c?Jf)}Mx zLD$QDcQtfBf@=n(!8%EOASoUkXE?$#BxQIq>&ki>gJt#QBzg2GS`-`58g%yDW?|G4 z1C?SVP|6A9xm=iu9UAznFdVUr6LGJB6@{UHwHn*5q7xxB~>vbJPebQLa_ zbDgo|;&@~9h^PqUl#ox(64m-f84zbd|gGg zKYsdx6ev3=NJNnoT4!dbyXV zs8vCFkw@vJ%_*;>T$G>%q7*oVihCn!F33FGqYyR zT5Hy%OBi=|9HABee?!}GGk^RmP9vcvPT!}D?q z&-K8AX&uM&37gas$6rOZ0RsypURPVuV8oFNlflqN3=wxla3v=k z7<68VpWtfW&fNzC7_H`?U*QjDp+U=H&6X(g0*y-)d9ub`=89|%uHwivO$P0*lA+5p zO2$=m%K=S!{5S%yW*|Y}UZibT{&}AgxI@rVg_s2YhL{9_|0`lR0*>1Fr+`1;X~&?2 zCKF$QlUt(t{%NHC8R{QNFZKs~DXIT7VooD5^eK?j{2=CBSILOXM7+Vtt|D=f%6@ZY z8PFFbp=&*e(cbq~t%-}0(9a;&;(N^deo&z=O+s_gz(TL|zOPs4<|H%+Y!;fUl=ho` z73t;%LNjvK*a98nW#Eb|G9=VrGEDG*IM%V5D|BYb^QyAm%JG?9aD_FJuHRncsRIFf z+Y3W5gLZ(Zp%0@#*eT|NVKh4qgv6efF(NSH1JQ@DC`34Kz&qr?3|Iyk>~ZZO6J3rz z-;^EicCc*hY54~11_S4nT{u0a8|Gf26>FnOkv$|1Zfe{vWT)!;b2i1E-PRQCWP8ak0d&&?eIj~hkg-FsO!t+u zp{!*h8eg*Fi}wU&6D%|?rG|AK97fG`bg--zi`Hg5QTBJyT^&4`L1O%^o5|sv}}gXNwjSEPN`O^zV|79!kw4M zb$%ijynp;$Ka6vIIg#taM6QdHxz3Ms!7t?m6(dW=A(W%y&?O1ZzLww&=R7>l79>i$ zG+Ej^F-9B>@^az0k*9DtVe50&6X#kOw3sn4HGdHj^zaNT01=BNf>RR{aU~-X$i5LL zwg~i|aYR8PyzK01lGzV4(2x)siD_W273O^t=Ia{!ri!|TcrO7|%MB-0Y?+yzhGOMN zYS}JIY6HcM?{oHkH4NRs6-;=>Uh=`SR@jC!7ogi))p5O9`=zzKOWejZZ$+re`O^lw zKG8J~*kiZel5yOqN32Ya*4=53E1wAm1?Sew6*;7rroFm`2*SeQa$N}wFc%MSyPvKh zh&e_Gld3Gz=$U{Je-NtG5PzV@v$46@Ev33E^Fp|F&$jpZ({-l=-<&z}n-{lkUEZMc zv7_?tZPDW{1s=EAv`J^en5Um5=w-$S3oG+-Bp%!oew_)e_XuVi-?}r*hWMJ$-C~nI zR<3oiKfv)?EZv5MpV{rWpM=g1o1zYO_(+CuNG&e8S0!yOh4=7^zU0GiST-{L_4T$s z%+y)BNb5s=v*1&@+Z%v6Y@g%FSGv3K$ln4z);CNACJ>yj1mW^bQJ%Rrh+6=|Pu@uv zEGu2969p?ww#CM--KTBCU2HHjm)qHvK9-eW8YI$#8`pCr&I@6@#j^uQMK>`CnynSW zTOcOYNMWw(;bfD%DG`fla)#TSj`uwJw=);-hU;;OG;sqPkY%F(;vd_8>6#wK4U^nm zvhe7iB)42nV!JVS$@ZfqLBvfU;38ay_?%qT=%jkEP|0%yuGCMOQXzZXB|9l`%O(8V zCqnYRrq*n^#-JD=m$^!${KvmX!i5yIT7=FQVJi$-P|bm8C&48PsbTni z*j#FOfeTE!pm#|zJmC_+ZS-Pr8YT>%0xWQ@2F}&U!F3;(V^8G3C|(L!B?*AD51h1o z*~Ivg_$=d8nzfSLgymhV3%Ayo$9ZV7vDDjhF-p~kEDT&x>LUqP3_Ae_NzfNYHCXZ& z!zIiwE0sX@4FxjGgx`nThnae~b;3c<^AJZUJ-1o@hxxHjRn*hv*A65>woCX&zF{He z0-`YG$^Bh}zwfY^GLCyVoj8h!!tm^`LPWMd`jk`#Q+PoW-gm&93{E67TZ?ehwWq9q zgz5%1^of7Z`wrUP9Od>I5O}DVv3N>^NZ4Pfvb;(Tc$Xky=R^X8pwEENyT$qWawl8` zm78R4c1k`2BCI%ifMiloC}@)dDRCyzfo-oB-b=CQEd#$9i~%H6W&jC;FhGx+;WH4d z1JSsU;A6t6xt5m|xNc^Av;I2=$>nn32)mmX@m?@n=f~ER3#gnu`0`Y)A0$*}4+(>? zN5`L`*^4^tkFLA`TVYm5{Kh zJYkX~+*_V7SrUF;o^ZJ&e6u`ZiX<#3Pxyu;*u^GeQOMxFl8~wgChR8(sd`|-5t2|= z56$AGL64y7^>C$nG(&5qLvdgdv=Opv;xUAK!q=9Lq-C-G#N)_}RjmJ!6|`o!$z}WG zW()Yyu7@4TwLWM~$w^ei*f1rs--_%hGiTcxoL^ExpxYH{83`#NFafoUgfbzhv7oC; zbs=1C2X&TxX>i{N3SWnUYFx@ni~#Aa*^T+;jqqLbtZgZL?ED-~>>uJ9|iTogLcVhQVk?LS>qfFbK^X+OivlrrG#l zY)p^?V~Cqr5>j7``@)=BnrD5=7(<`O5!FVFL&`=}t9Uyf_0;tfRuy{&V;TvSnMT4O zO!u^9dxpXEH=Wv1`d}CL)2(+_B&mvIO1Uwe`0Up8Xne4QneYkfVnwF92V)8em6<}q zAWU_)WxI#L)SU_A45s!A3il0*shNCOHluuT2pWzWl&=Q{;|mFu`9i`Vd_B;XeP9@T z{lW2IDht;IzRSuIrlwMbD^}M1gE57K%1j|)5T@>L%icc>rofXLF0o$Lgq1*_ooB)O z!OXwyd9CuM^XI_`M?z)7kuV71i3{F_9P&x4K}DF=*@P*u6PcCiio>D8vchq^(4Sph zY~|uH%U&3#(w?uFo9@-mw`HGqGM@qr=f$Ve(7xTNG{qS=@94Ww49thsl`38j%O5te z?(Iu4>(&Ef-^K7wX4~PL$Kd^>RxA`DHPIt|QRgV7 zEL;PO(c@Sq=g=GLrIP>>&YdLdrTyKRZG;G{H_6&ft}c9IY&iuhBs<@XsRuYP@pA&c z8Zn5Wwqh|RSJ#z8OuQUnr#3N7>n%-tlcpn;rVunSW4L}FUBh+fyWsNz2TdsspOav) zQ8LC%hSDL6d)gLvCs>L$f>VgV6?eQXZjeH(te32ia(C96?ApoJ_*Bx|L8Ped2C40x z^|x!fc`#xfsSnRJFw+w-dssZwf-q}f8WS+Tf5~VU#FYuh8<<=IW*>`(%PisB94&&L zISH6geDPnA2rb2+BNP7Kz?_tTX|Q;pY?<(O12ZoH^Dh<#^2~(aG%)8RU}jnvP@4%a zFfbP;U~(1)8juN(F)#}fFvnXMq-Mg224+zL=0poa^AU2qNZywuVCGqvafEpi5+Ka- z1k8L3!>y(8E(5b70h7DK$S@$xbq1z00ds-H!|k5%A_KEB0duj1;eu$$-CWYMDgkqa zg`pt}CmWd637FR(GW5{=hGPs&F#%KmFqhg<@3iINW@sAA>M<~l{OxMDWpTeKl;=YL z(`#Vlx9i&$W)H%A&*14ZF!I~=6AM#Mm`e;yDS_v+j~aR=66VteCNwbe+x1e>==@%U z+26qQ8yNZRy2F;W4`Id{n5_mze!K3rFp~-MM~?QuSLPjB<(-wku76u=${J6Y^#-QK zz{qdcdW&ao!u-2|sWmY2+w~g@Gl4Ld8kjl*BfnjLurO+W4NSd(k>9S+!t6^t(+td{ z1U;`mU}3l<7|MOIfN3-^^4oRW zc}B;$i4^|8;K?OmwqI}Rl-+tLho6CGP6FnQXAKOONW+s2o|6oWz;=zbcs@Xwj~bYH z21b6n?)bUEvnyd_6&7WklYsfXEsNbw_!s;k?-wRuLJPzBO}N3pEHE$)BExni6?C6OSmYcn;?JwDUT-*&WF!`34d`bsw6vK&pqs%L+>)y|NA2s=wn|vxO z*e#Q<8yl@46H>woFgLm?t;ci!pmlDks|2XHTehnV^@!D>!V5+f!e!JryYTQNt3Z9V zR|h8+gUQ)qu+ySmY;a75!5wF=re!l+&XDnc*Spcokl&v={Rtwa7i0yF++^V`? zaP?0#tpwihUyilzffCMW{}r8T(84hj0{slw9WX#=qAT#%?E6Gt!8d^TT3OICQ**o| zfrB;hq6FAiJH%{k2>eY_1}&w|D`f{Q1Xux)xzhB%6S8Y3G6%`K; z{2xwiaSMid&MzPCA6)%mumuId9153IzNQ{&X7)m7kuj2tp#r-=M!d`(0g5|a`W-|( zYa(RuNQmE>h?8s<8Ac(?A{(*FKwM}e^cA+z6BpQsYYfCZ8_{ec&an~an~0o^_^gST zVg2PPu45X((Ot%YFgVzFB-#FtD&y@mLkiOAT9*(PF=jhJB~R#_YzQWNQF8=)PM zo#jJfocP)f3~j`C5XF6C>>p>&)~NxmaL!OnF2`|Zxq_=BHHmiXE@iUod&Zd4`dAvo z@m4xTxE|ZiDCrIp_Xm~o-zXHojRQLkxNv7chCcKgF~btX_0x6cN{Z9Pg*yi=6sLCgh# zp&@%F;))2dwl~(=rMozP{)KwjL%P@FcmjIDgj6|&NR4VrkX{MqJ^{DClpu~XGKAT4 z7dX!FhAFrZ)|iSdp<-(pW2;98CL@T zG3ZE_n&v;nq+O0nFgaeCLk>lVb?m(6?KcvmA+6$jOb13hJDK^;(YK1!ny zkLGmTMt-ZI;dsrU8QdFIj!6#MFcZC9vo+PidnOgF0q%0a)5Fy(OtOp`e1i%kNiNy!LI zlO#f2wY_fDT5Hz>T5Ih(ytK7Wp08;TdB8q^pAZJM1UfLDE*AtZpRgt>G#A^$HR5r1 zf4z;w_V;5!%S57~$Dm$;4+jTC*1AaSxNRp+0gtt19|M-Q?Bi}zf@>(uY9E4+a2p!^ zMS%<1($?n+frh`-eoN(w!V)0ypR3=v0dDdmxe>hQt`D(&l7F1L{9VIi9a$R2v5IY# zfW8MZ^~`4Ih*5xqo0TNAO{WF$5suB7^G|H_8F`%p?z^4#Z zQ6ChA*_Fk|6hT`ed_ab2H$MTi`kyLVXC8QeE-Y(gVm* zdQ_Ww%{&mEu|!(N*619Q91dtq#h&g+?M2|zkJH-HczRJ_Cy#}_CqUwQ#B?(ooMQpWUdw^?h?~!-TD1D|nSpT9&>gz#ahcs~GldvdGqK1CPGpb1nQj03H2 za>@86iw9DH^MB3QvWTA?m9Fl@7ka`kCL;ECuc8=;sew47$60VNQER3-43EWQD=52Y zeRjie#Ty!f(u$x)dODuv2Z3TstwA+?ZLYOYGKT57c8$OszxNG}i=tm3 zHs4$iWXF?IYzr~L{9)( zrD&oQfU!_vylrQ#*;VjO2B-6Y&XT;!D&|pAMpnad=cQqoMboAJ4cF{{kkdXH2nBDjPf| zs%LUE2pCfrHxXRx;s+ARA?Y0XA~#M$mhgdUY6#~JDpMKEv5Izh&7>iT$SNv~t}SnV zsd6oE$XBoBFOfB(kB-1szL_IlrIPf{M1o4+(c5Qfa#YTLRjC||K=Yuun3$E2;L4Pm zXgF3A4aaJtVXG!z{isyKN>dFhRZYl&k+x_)EKDZ+H7;d=Xv;MJcKB@SI(%i#KLtgo zO!m{lV4Sj@xsJkxG{CI|9?3;voe+@GXQ99W)!Y|tXfu`LTAEI#U^Kt&QV zSZ?_UVxv^%rN*eJ2o4FBL0y$_*ZXy{o738{J>7Mzt0gt<+3V#@!}ZZECYMwgRx!SB zv1oVR3CPy$wT>8gG`%hYz^NQB zpwBi4*iZ*iuXXQ2y#%(BdNHA`z`w&#FDEY$C7k|x8Y)Mv-%nAQU6?6k!o&ZTXpgN( z5cXT{7xu43o8a2NFxcL7J#X8*c1dBaaI-5COy%mMR1KULNMf7(byU{JkkB*RUPS|N z;{E#Qhmg9h1dux`27drWBpZ4AB`_Wjpl_Uu-+OBD9~y>!GQS?*_}{UX`V~$%(^0(w zqQF772j}Cc-TeGBBj)EfzcYXABlB_QPOI9CgnI;F@#cZd{KXqGBbXjt08+rWk74mM z09gM_&3u8hcpxczdA7wfVn9$#R22I)QH4D^76Qo#AOV;n5efKxJ~C#a84c2=`rBpf zqyFr3OYKdy;YDZBrTOmYCkGHh55_<&lJ-X|;WDjF(rD)kcx-H-yKpN05^s0mB=>cK z`BDSfEI@h1+B}e22R?@&oDf*ZA3C* zK?6s^xTO&kq!(is8*Ynt@Vs7(tiKr4Vl&{SOYw0^krn+Cx8CI?O4LnHcrCI-*8+WX zB%r%?B$^`bsqoN{dxwT7UQD9+G*Nt-C;$k?&*g;pqp^Mfwgk%#vq59y* z1ckY2Q9`^k6LApbQFy~PjvGRhr|s`V`I1oJi}K5e=@L=i{d__O6i$AvC~45*9;$r!8nB|I!qg^p;fHGP$r9!nV zLZoG;Kr`SA9o@JN;8Yo{QEDKiNZ}{93VYMnW5~&grN@Lpi%#nAxCkOLZ=!ft6Llp!Hd~M((O20;aVU z_}7VG5X<;uYZ-?!-K$xgnG_qviPxJdnr_K4i0NipTY-OvBCw+Awj+`mlbwn9n~2;u z5$7XDO~m(}OPGjb1eA+YW(2TqwsDEU)#n$y^%4#T;|d?01;i%OHP`L`1YKD_2`xq1 z%m~mBNm+yl_aCaPm!H!6I%1F?lLor3x*HpXOh1F( zcVnnWhG{MXIuAC#bP4Bcr{XBY8+)?&QwC}C+UZ4y%kq_=@F@>@IRM@OL{H#KF9$f= zdY{ORmZ}`zharqM#M#6E<7um#;wX>t!KuTzggxHi0Ot=yJ{~|DF8L_P==KxnbCi)s z_$3MMk0Hj)l3Qr=D(l@H?^^F9#~^ygw6+5OzFWPsR%49g<)W0{Kr`#XhU1JwLX6vX zK%CLm=#W$v=w_8H)YoW4Dhssp)O0COzg!{?qa|pZE@qpS&^U_yO{%!jK7~?ThmQxX z2kLgAA7#e5NfJ;TR47RTii6f9NkDOBB#iM%KuJbr{$sB)l~MiBDdgb*6raHGjZ(rq z)48j?>23~`DlK7t)1f^RU&j13TJtBb>sd8qtX0q3fED%XqOde&1}QEIt5arR}0g?@MafRgTl9-Owj)w!f2m99n}wg;!oU(-|ibzla%hny&UMoC5JVpn&dihrnLz~ z+L#j1=ruoWCoa*gg$5;!KOl{Bgv^q{Z9>{bU5B;7(Q{K}`=B&DhLa)4^dVX4+6 zM>W&h1mfTUEw)VxPxHWRh6jE|#|qVJg$JcD*WMu^d0X(F^Qvpiu6tM|y$s`*Tz6p- z@PS)?*4s~~wfAj|l|a|eW-*uE>hj+rBn&}2Zm&bmaMuT4<)Rj`pz^T?yr2;aHTbf~o4X4NMQD6$ zv=n%0p+GVi7r_=@R)lZTR|24G7yJqLc>)>TDt$rh(-5@WrL-7&*)&i&Mj*1JFN>#Q zgEo9ISyB15QWHUoPI4p^-k1QY^H)2DLk`N%MBl<9NNk7p{O`C%3&)c{&-`&}95(#H zXFJ}Ot4q*QzAd*F<)~S%Pn5U{YT*n?x}Mwu-OQTK)jfVFnKlI5a|! zC9%DONO%k({PB^mQ>8P4)afOmpqJ>_g$B*b{pdL3`Ci8STIP>OXd{u&te6R%-Hmf3 z3eiTsMT{=u8lAJjldlYZys-)QQo_^veEI4sNr36D@ICXK!Gx?*{Q)qT2LBy?I;k!( zAqb$KLSyfH<5_@cErcpW{%XWKbbKdHx{h=+DJfz06E^Fc5Kr91=Tx!f*{StC~L`Y#ZXq zvE=T;YD5tiK3CaK*JFO`*IsM<3!zk{p5Z5;&{?iTrttZDq_ZRf)HtJ1HD?P@qU#jk z3%)5`XQu-5CpH(tp(w0Y7A-317FgbNdB*42zJ+MD&PWGQYlU<(f6$!UAwlG0RK%$l zL8TuyWTyI1#zOlPZ!^vBP;xtcN>ll?0T89tg z%joBQ_*4()i+=}kx-Po~*2rVkbjKoc%**Io5_iXko|QC%`L$BbmX{8OKr(YBy5S=e zMWiI-1ZQxik{JuZwP3WNRr4p1h(ba;-&>2yP0ep!d`vhjg7v}YHy4~Kb-r9^F33-7 zVTp$LvuHXhX?GxpqA)Dw)dx$rkQpy(VbJkNDylwcS(l1BENJ;fD(d6|8zLUaoUU4{ESpg_ zfurAvu+~y^;Q@I%C>K^plxq}Bl19OJG)J*bU&h=!*S?lf;gS|))0QR61Q;4-!r%4! z3aXhnVVB!V>V;_gRhkE)p$wgotNfxBBxK zla!vvcsVeSksNj&qe*Ta!?ZSmNY7jdXk^OI#0I9MwH6i-q`lx!!mGh7!)uiIr5v)P z@Si04n)Ar72aQ+V%b}05&=k6Zmg(IYOA4!q$Zi3-V(0U%Oi62#zlx$wigjFZr3FqL zpjdWW_+ildOiqPXly5_L+|(~A-14p~KynOH0ZeNXoQ_n}2e4G1Hh&w!@eWHMs(TyO zWRyL7nQ#6Lo3;XJMwR)_M%R82MOgD2V0X4wRrxLgwy$Niw%<+(g$I64Op%geRaFYrBOLcVQqQZJ!Mk_(yM=KvjSj-jOh>FCJT?jY5MSF)9&o#Y7C-Cp+@MyPTCFUV- zcVQ0xLPpqoo^8I+PMKue=~2jGTPNeiB7X@vKncUa9n-^)or3X9A%{?YE&t*^I;km2 zUt=1B4t8qoQl4lf3)aQ%@kr2K1s@izVUQ(6SAxMZ622D0l7!n%CJD2I1pc)oP{HzR z83Pi8s7tVMB-m`UxDK@o|3VoB;TPwVav4ZbCU^@<=6kQbeqM1@YvBYbS0o4zPb4H^ zV*T7Y4u$^=nweiqXpA3<6`(QH6;dArv?u1?lgMKu@?o84Eq}2L^h>c5P(Yw$)DgiA zun>%GlfSO1O#z5O29DTIP`DoYiyZn0_m6^2qRW@=<$ANyb13L(S7wVNmFwtnDVfZ` zm9>aKnsrQFg_*Z8(Dh0iC8ZsPd}M~dVCH6z8Ad5HjBS&&;WKmNiIf#_7-smHFFhPH za{=hF%wUV0RjB%S0unrZ)Q*v3kS>ZaT(hCvnw%%R;jAR)9qk=d?NJ>R2`~CS>vdd_ zpFszVZFoeXdGQC$E4D3{TiY_V$Qnu5mIt<{*g7PuY297}HUgDK34!_o{vjqkLfK$Cze4PbfII+^bx=|qV5UsVCxlQjEe(L^F6>M;S$2LcBdkGr z1*7-!euofo$A1&`z;1t=q;$vcKF~&WE!ch(*Y^m6p>i`#{Wz8XE(8`9BMXTWRiS}27a)j3V zXsz0Q{N14qh!!@;Lp$E*AJo2E{;~QIo2B^640rA^WvSm`xbyu`EH~z9xdEv<8%34i z9W}M>ktiehNVL^QG*ybh(@xlV=`Ia-oc7vsIqgWq|j$md?ewGX|@$DbR|bj zf1MbFWumvX5s`6#QiIaE3ok$knSx4WgsqNS1WsV2!MR3Cc+*G;Z(27$&HJ%&p16^w zA*H|$DG-e`Lp&YVZ3X6BM@K(?!b?7uZloVc5oFbN8)e9}fr&xkM`UL4TB7;>s0_|miC2IT|`~?^bZCElAck-N}U@k(zehRSsS`m_QXkEOP^bS0H(;2XY2LVvUOaEz!#M3JNXEl^2>VUsFk6Ug+B;xbidwAaT2xV#m2+QDK;9QtBw%7XD{czpFcAnpiOl4RQaCbgx#BQG=$%--0lWmTB>Ou7`TY zEqA1a*03Fx$ z%1=iRe!_PSN;kWoG7HwZkt%k;*1cTSE$Ktg_b1*EaUh3dSs6w1be2dqz z&@*bsj1I1xrukfif;A`@NgP=BOWrw7V}sD;eI?h#wzc^F`=Y#k~=s0Bka?#?ZJpAZb9(%i}eq| zqSB^^t!n_ThlhEpSm?0zv$qn3UC>MV^@f!q{k__~Go{<{V#k7uCu z9uCY!*-BU*Swb@e%>&WRQk>rZW)ilbe&L_x60nM)Ikuqr*e#tc(ufhJ!r;X~bm!xML!HeGsDL~jSs)odoK-)1wh(pb-wguMDv^11;Kplt@8 zGAq#2g!%*O`@$cir=an>0svSb!GhJ5NXFMkf|dpPwMWqMCH<-o7_|}K|A0k+lSLj=&KS0jy427iQ%{9 z_Yn@otMbcP1<>x0LUtmSQpoLc4_V8Q$j($`+dKa7LNWVO6fnl|w~ga(TgP9G;}1TP zy4P8PYh;4I+pyY0l6axDVHnk8VbJgerUyjs z5)?iSa)-5_e)Idxe!9W!H@Z_i5COIxuY zHbZLDiNnf4fAKPN_fe)Y_eDvFh2}4yxnycx_%oYo2orK{McA*67uFR=+$E=8=R4T>-LS z-@~%B`@Y{;S|fq@SwVmN)yVOXx!<~#ujBG&FMAVXDXt1BTc)@&R@0FQ??T2SMI4!w z@N{l!WO5m9uRzn+a(T~e&RzdF9K+gc#h`K#+T57!z$ma@1>J z7EhNedMhK%4-4r&L`stzea#`2t9~mZy=quUClM+8KjU|(HwbZ7m1})CWS2&>yb}TN zU;ltXert_YzOSs3yfGMT(Y7f!OZBzW{FM048m5J_T7MH>h(3v>H3GTOu*v+S^BC1> zd8dRDc@8sq*uaHC({L&f=j(GBeY15O1FcTzghy|G`zkG8{VPFtFX#^GhvC#WAq>Af zzy0t^B^EcUwdtYmY!C92+upc6rHOcz#+{c%brV)p&gf{%6c^S@pFixvdLy*4d!paB zC>l;zr=ze>7*MpF>G|mxakG*sXN?$dk1A=zd_1T;e|?C{6G{t%JBzaI=_6-n1TI*| zhK9cUbeQ`aW3It~jLvyG*}U`kV9JdQ5+&fkYAdiokw#OXDv8-ZKuydB*HuTi}> z5rKaFH-3b zKN)ctV8I_OqErnKU~uHJec3=!aM0>f_)CKaVbi`aGq4C8)O3^WP^6i*7d?aTVcGW+ zG4m78RFRYsR}Y%E+&)&r3bzJtZ{XwtS;F3#N*0U8&d5E_Y%N-)TzQjAOcu5_GEpTc z+mVS4s$yc;DWvABY`)>p;| zvndfgjaX2)A94K--wAGy9}L&eEUrN)Y*nn2iM3h3h4PCeA0EFfu%U@m^-|isZ4e84 z7}1o%I}fcexx+&R8M!Y;>!Wcx7iP3(^mk4zo`sl&Ni@bmeY1H{OLpVz)}1HF`pjsV z;ZO}yb@zl!)Y4MEAF@a+`qh{SBQpz_3}p5#~7EG#MUZ1lFc_F8_<LHQnl$%(u^r~a4sTf+bV|%U7yJh?_sLudbH6WhvB~Ib@G=%|sg?Wwv=d8#H!=i46XZpY!gNzuYLGVwo~gt$ zi+J$g{28`RUS@R?O2+IuPM^mG=|v2C^ELMGt+;%-wJAjRUPAZ2$#n0$k{PSq=-v7D z?WXW!TW#;I_oXj>LEgZKpAF!dU9*Ir9$ZhwN+T)2-y zq?|HDL#_iYd-(+SCP0k>L^m@>*N5$!SieXB30JNotqU(W+%L_huDkE;6UiCg_p6vr zdbm<|Kq57IpP|)jI&yc+{+4K60n@tuh$V2l1cA{-TxOI4umI4?3uoXV&C7DzbM^Se z=&W%PR>Vu#LR?J}=eK9KU?RnKnupVC_CATomqyrG)mQ*=LPLitO-xO@_KdOE>DYX1 z|IA+>0qF)@;ay0efWA(w=lQj>n(w36D0Xi0&8ty2e!Wk^1PolPM)ImOL1-XMTg6(Y z18Qs2ss}Rr8$Jf1U_zxl4P{uS8ndhhsCiZHtV`|_p!TNKc&a@&`2n(z5Bn$*=-qaV6Y{qPQ18*w73APRV<99@NF5f)@15FcrAcY#5kvpq5eDPPZ zu?e82n;sZlGc{sA)tzNOCe_v6v@%#Xx<&}x5plTXRdi})^c0#pLP@2`%a8*!cx3LE zU5P#b^nezVz1VtBxIjuShituPT>}aV&-qUytLPY|Wi@ELkC%XppExwhX%kEbwaL>j z6XWTMiJ1yjSdE-wQBQ>O;=6xXO}E}Q-Q%YC)+2h1HBFdUPrw-8nZD)VGcI%tV@8qX$4ey zIa$!7y;?hmu7EbSt%&tqj3rE{1O@KD*<^;^Y;V-j6WXv7-m7NTAjeD1%J{U+YNL3 zCe%QNT3yfB)P0kwe;Er*-32+RPC~lnpgfDiXFt}vUFOXNC*r{Uyh7rM}-WP*Y9|7=`dvbRX3H~k0wRT*{F~+nWCiKh? zrmoKgpTJsdffq%nvZ9!yPz=3k8Ml7($Xv$`$Ix7wJ0?I3N^7j2A50o|*wNc%g2^3= zfOLNF#ClS3j3ujtY5^7&i1_Q2Dgg~9^?|rQkcN9bTJABl=v@M?lqYzcNaD^dF8cI{ z%=}#NrJi8YF1<%>mzf`&`5@@nWuttb`d~2Wk@>+c8(s`fdJrXmo}J{(Jj$2f;KU8& zIk+l|wrL|t^z|!@EcXM^jQ9p329aU8@K}2m8)#)PcW$v3X3^3*!J~E3yQKA6)SSgm z(zbrr(7F(s$%uy$F>G45LZ>V?(8^%$yy9V&&~Id8p)Qo~ibADkN}~{+k!G;ebmaYb zT@*sb7$q`9v-DK;Z_YJLKRpG@Z8 z5&66DKYnwwy1gF2Dh~=0bBFRU*voGY))7H&&FOK8S(F&v3fOmp`$uKC*GHrCoA)s2 zPm9q%_cNgX4AIvNpY&N}=s`M#HVcdMGuMZsXXZ+ zV>W?0?D^_*Xt6~2FipQ$Nu#n>;-v3W^!ZY-P9_6uz7nI}gQ%woE;(?lNMs`|o$IS{ zu81Xc=n3WK2?=dzG-P5}FbO*qZcN?AGT>_j%@2OzQH0HVCHXg#ku?8HeEtd3T9{7u@@x5%=AQr^a`+F-30yntL_URe zRHh5&pgIv$2WqPA?g~q3COm?awo4h|x4#YUW&UbWb5fS9YgNWFjLTw-fBA{<-bmgT z@0s9z7FLvqAkBN1$NQ%UgR5?+uzJ=Y#d|#gI^@IyI21VLou3}>8jLA5z_Z%tKpfAH zotb}zxMLH$Y8r1g9zt+3nG&#j-_a5 zk*NrMDxhRB33E9zaOK}qUjEV_i-76oAJ&gg2>4kMBuPLsADv9&;)%9iq=of~e7|5? zhq$B@*;*Zm@=EZeU{FNoE#rJWA>2vqm z_xT#Qe}usdvz9-4_MoE0Gr@4#+sy^w$v4gg@L-rt5e;5n8a03Y*3m0Cf3r`M^oM`h z2>#(F8+{!ayGUSo*)oYLp=Gib;oFG z8k#9TAC6 zB(UyYu%`pje?n31pj-iPWv#X`EQ)Yl2dJZ`IXjUR60FBzP0n4>nEk1BpmC86OAu+x z1SHNV%dPI&pSERx>dxBk1)ALQ4^f)3R<~zwl0}P~BJ|FzEVZCT)0+uN z1JNtMA+!UkHn>JQu=BFT?XV=VD%bj;dBqG|jm<|5xwAItn{P!a7W%X@!Wj*nkpMxB zL(nq>f}Y9<;1Xyk=p6z9j@4k@%TXZYvL3l&&Q)4yiG23pv!tIze8SSzKsr{F)BXo@ zl8*Ao0E}2-OtcD-+bk^bsJ)|GpRN5KcQ!rSWv}$XD}UvW09rsi0@&r=r$eMYjGpak z%XYbnHo62lM3;IZzE9_siCp^!EmKrQ6-z_V@nJt4t1Of?6BS^krwxR=w6ZC>PQo|X zX8{8ID>fXPrAw}cc~vnY4mS}XYNQCs17^>NS7)~g^zigsV>Pd(A4UoNQa4_8flKvx zXeM5wligUJLCr+JHsB%-^e9|?bflc(-g;Eh@Nj}@n~v0@1>P&-H(n8X?WLs^*rmu* zw8*~hj0E4tbV=kJ&6ETW*Maa1OOpE$pIit=_9eM64c}0bU6Jek(C1k+1s4D?415~K=;KCdcQ$)0zzV>4{ z@6AV8iQX_{bjO7wPQ+0?LPmCnwHkOQ!LMGbh_yD}i`uL8MKvLXU8?JPbZU?vYLC5J zbOiot?d9zkQi};CeJ=?6IyzWahZPAMz^GWE14BoFJrMU`LIm-?(?iC1I9qZE5|;={SEc zYTotgd#yZS3#nBOS>Zj#uIUw=mbMs#TI*rXG9cyq5*%;?9|>vvT`e= zudKl6WTLqUN;Q@9RPtLyv8IPXu}G zR=C0TU%GE&=7Ov_t76Rt!bU;GzGyT3Q&dbky+0W(AG*_9>qCx3Z%Q3o`qT2*U4v!c z^kcb%B(UEokDU=LJKMy{B;W3$TzOm^JLb%V+&GYBf6w1%(tNwnaQJEr^n+{6V37Vq zURn+s8Y~rMJ;~tg&R}HA!5dTwy#gi}TRAeAffINFCxbDW>6u}QoC4-(JEBSA&@Q}U zA+BW6Rh0U=J;?O?Z+nv1+iI}Pt z_2)MJz$c;?gOJwjFX!WPBR=Q1W^c`5)fWTiX|JxKgu>2m$@a~dx+}P!vr~2vggfT_ zCa{Eo9Zg_40~hVCU@Of0)*mFVfJpMqo4{KEm~G?kb+drN7f`Nyf0Xg7DFnX9E)!aK zKp0ruO(n4Qfk?#Lxqu|J$=`Gf>@_`AZ~Xo!?1<*YNEF=(1au$e%xDWN-_Gkpq31Yv zG(tyR+I?smMwy0bN&6AfbdBn<%Vqk&`B6^{1eOP)D*)ulLv3z1)QtnNJZ1)0iZ=0_ zhoks}pl}ch$H}Qt!PS%xDi=8twA*8XLdgeN2$fW_=v?D@eAzDvZ?A1JIG^85)KDK?O;x7o$`I^fBno-nCUV24;l^@# z_F!Bxp{>Bbj>{&cNGJif<4zLFPLoaFa{y@NBut|YPBxGyWmlJTe+e>J?$J`r%*W}S zD9Nt2FMpBTTd`q4eZNVf~5GT&#u^vRHH>uPyh})G!lj zo9nVWHP$0VmSc*>f7XQZTj8wAkpZ;V&XjprE!xEh(W*#Q3v)VvhihR3wvvTmLR*1< zT`ik62WK>53lmL7k0R$ctqW|=v<gM!knPwFnoSnF8a!;_}-MQ`zm3SaQ2;GrWCuK_Qumr^C)%p&fyNl?yNWz zyR$8Or>iDi)}xAAFTS1!phE4aN>Oe~*3M5Zhge*=K4>{uiA8$cEtv+WdA2JnztCaw zpb(-mD#}$hqS1$CvUd!Z!8^(dz*EE7JKC~$42!{^fEe$Rx-xR~37qWhLCe3!tQs0` z8!nBvRiyE@w(McgSXd&0|`xjV30 zJVF_Y(=nTyfLOtO z%xMS!?WisLSX=h7CE3T@vX7^^24%928%AFfhGjro0!1a;QjMHT2C!r|53rJri8}3z zx?CbtQ)yZ;H=`+Bl6^F|$}j;uwkd9OOfWLdgarf>8yyo$g}f)3-Po4h2+VESN7GC= z5~2mlgd>)sg?jee{Txs{1FR)0LN`U_1TdKh;pf)+K=|kgF|u2MVynH-W)b8q=LZ^> zY+aIlGq|Ja&DApz#X&Ut>)?*;oB6G$1j_;&2xoGmYn=oEe1-wu!=`V&ELcXTDaje0 zkuUB>_-ibDLm504tKmo2SX=KO@62+0;0=0(|3cXku}Y$RXc|*Y&cK0gP<12jKC()h@Mynx$s}o;fc12(Hx8P2V1F zFBl`aOte4#w9lm;!_le+J{9Yq8NGOO01G+xkyc(N)dZE04V-vuJ~=_u^CU(dMhF!; z@2^Pb4NS7TN2JtkbmAQUaV{vP0E1~B25HGBBCsa-l|%$K9$3@SfULgIAthHQZ_djF z$0m%cz^6HD`QLZ$39{N$;$kv^Ud2E6MWA|^8HsZ-#(YJ(|TXO84e(? zj}E#vi~t{l^QTKDoKb4l#yYp8Gi}3UdNcM{%U+f#xei2ksu9YZyLp6wATOE?AOs?D`CHONZPM`knY>BAiuf4n&qierJ8xI$!nXkFDKafv5Pkk-~w7BEi>TxCwEt$6U&7KO3PBJ1s{%dpN%8dKeHp) zIHEtrMoLmNh-ih*xbyqHF<8_;i>t)EK|bdezevB@qx?q%MJ^`&lvxn|W? zqsyH1ov28&nHee%7%yy#jOco0yns(bky%j6KJ46AYzDkYlYO`?`>-2G=CtH&FBg&C zFU89u66V-ORBi=HqQKEfjkP{o(g8+!j6bC#FB^!kM^{n6tuVcM4s^9+CY+9Q$r!XzWj+;fxjuI%`G@Xe_Z22R*l;tYLSalfog9!6>hLjED*WZHA6QoFCjOTbO52advV ziri!?%n;-#RnCXwb~4UO^b&BXE~55kEFB)=#TGI4#Ak3??7^LlG+gg7Bik2Tlc0LG z&E&MEOd>qR%M+oz3nu#@Ntiw0N&bbS$IF@E8AlwhrYXr3^ zG8P~-2>Lw){I&@AEeMRTdf}wEx0YQbUX-CLPR1)zWo_N{K+EoyI%@vxd=Pr)# zaoO8z|C2lSp3LS~#sJGIV(}7`kD?djKvx2^m>ZQ{OEC0$jt%R{2?z4uBL!_A zf8ijAzlzknfGg{P(H$Ph&lLnDT+@gw3cd6r_)L&+r72v{evNtP2_wxdhxUfARnd_y z|1$Pdjy#)JZ1bT~Hl1Pd2r#k=5+G9)$VSYo?_zQ4paY$uYqP`QG? z_AU>=6i0b3f9DpzL?TP#0umn|Rv zN8ewaiqkpa9Cz!JKaf!6zlh$AJIHLWqD}qR)g`CK?hY&3OM65 zE^;H+N%(+9i~4*-$yeCIf!cW0wTa#&dZ^WrwPSws5$A0<43!K*(c!|Q!>uYvyqN>w zv@iA`K|>GvgY{tolM?G=>KOzRN|D{nT)jDEl3iiiz>451$5z|t3|ouwVcEhdWi;Ar z!8&;t>8&{x();&^M0!O;7Q+(8u3)5CCcRE0y-vHLaxGLl6a7K3iCm$RoWB6>y^~e3 zTvke&FDqR2P*LiXRS{D6WJP-eftdr)YHySgZ2;Gzvb_#LbmZ_;jW7?^k7BqVKJv}i zx?#(;Y+51w8MQ0XVJ_5nl+F3ZXHD;|0E4uH7Sj$w)M&Wve@m@^2WaQ9aNI$yRMcsn ziK-pbe+p{ycMnP)Z95;(JQdqcSvxox1WHMB@L?6^1K`Ni`bxZD{(pHpSYq1260aRx zd5U4{QhZpp=#ku=Z9zqYJC)v=lOet9^pU_`MD~V#9~6oAmbHUbkjN^rBIejhi{B13 z#kPaqa_v=wzV`MGqP;~F)cX&z8B5p>Ah1L`P)4*Jv{YyZA3fO!bBccShI`>7-`wKb zK?~bK2_7D)cJSs&Cg+Rz&@@V4zQ83egMxC0@M!ex+X$WjL4=cE~f%hqR)i$6;V3Anwd`M&UI?Em7UC;T`*+OvyTwPQw$c;xb~x8UP|i!@Md zKHN6A`ecz$LH%t;-`}4(5sy|pko{92BQ|_&8yyM|e2kFO==c~Z?mGAw6>&FEK5)8# zAKOG6wcw*BLXrGnwS;_4M$4sZlV7g7I^j-G44+u;bGF>)Y`M?ba-Xy1K4;6thnD-C zE%!NF?sFOJOa2M_gU?OtS(5#u4U9)%3j%+{`FC+(HX~PQHBaL&(ze*NPk{q!xf}iS zj_br&S$&985JvrUklhZPaRtej7C*AAc-|E;B;XTLaQ$Wrl)Iko8-iWj&%U6|g>HACSg<<518E+-9Q8{y$gG_JI%H zNHZ08yBL1Os#yh;WWpI2Wdj3#)PX-GzDhy#p@25-T%GvBR&ZiI%(KbRb+crdS(1I) zEfA_dMn)WEo^H!N?bewLWM$(F=$5)WVKE z5v3;reJ1%XlpO`^f$s!_h-$1t;BO{+n}5uD0~kV)O(0<`myJr|U^Yl8_amPzlgT}PYdcdE~Lz-#R9^o~XY8<)ovV#jkoPF@T7OXXUszm8DQ+6B6gO3r;-$4Rb!n1AJXB~x0Ay!Aw-`Nl@23cCL8r;)e zxU4ZzUGiJen9L%ShR3P9j>Tb&v@y+Mb|!c_P>1j6PFIGOX&Nw@caC$W0lP92;c@1* zW-$UatLuSpa*uQlez`Xx+Uidyz72_Z)Q&x1`TH?M$?!JrSJ{gfPzsNUZI@1m6h= z5#Z?xA<&<}U$(k;(dGDUV`nLVBP_o)#ofr6xTnb49gGYI88iL=wHqn34=M^fpg{j& z25$*%FkaP+GhWrtx~>qB(sFnVEDA1>tkY>mYht7sK=6%sb7z!wrt4>Vz~AAk01Ek zm5bq6h6=s(MPeCn3OivLK8sk9VD$TxWw;JCQ9-ttYz(iBJXKM)iCIZS+4|PWw_*S3 z(W5E_^W_uC_G6Am{KIDkAkxv`n_qs5&;}d5&Pu#D04qP#d%tr`*O{M=M;XmgPuV4} z<$=Xg^igdvxabWdyj@MeU3jN3hC&Rtu-xo58NBuzBbDV6LE2}LB0WYLCXn`7XInw~ z3#&y~Q^}UX?`Pl8mq_;mJ&fuLueMQ!79?b%i;>NaHqXJgf}WZJl`iralU%}L&FG1Z zk6oGx3e$ljXgkoB;iYiPDYbBRw(gk!0Q@i3s+ppAQn;tFCV+8C3z<&(<-L*aL`8}lm-9m!muFsRe`2HYl+A6&u=q`)e+)4C7 z;r|7C9;~1@K_|Tl=*6>hDj_pU6F>lnz`b4h^~QIhKN<~*Si;1K;oPDTMA47-X!ZpW zju=D`NU+ozLEtKUBM9!^Dzl@jF#Eq3#OlEWu^I$`h^Ez^AQ07`oSnz|)Zd-m0!r!L z(vQaKTgl6fO@rJ+pzsWLJOX26mC;Z<0#iGzqoGP8u*%D4&U!zuRmt$gMIcvJ?Mb*2 z);MBf5rM-O;g9ur)Rn^FEYBj7mq)<2sChbie=bF|CS2>Pl}` zm_S0PVnzsbD++}&j1Y7sOeZNNc9{pSBmC-ZL4gL4%o8Q7!l~{kC z8{**;JgJ6PMCD1fT4Zxis*PWa*;W3&M!!wi_km=iWKe%0Zt%I2p!2pDM*7>Qhryx1 zh!u9Uq7qaj0d|OhHTQ?dE)<|X0MW0FyLZ^DEQQ} z96mGHbq9-W&5mhUfF88VZ>Tk8C>gLhAZo1k2faW5Q(Ux99_*A|juOZ9O{f3gPEFX! z$KwZ=9VfS_%v};p>S2cokdw{b|Fz=|?;8tH+;%}PLg{T*lecHQlQJwJ96|5GB9VVX zkOS|Y#A}=nNeJXtlN%*hI<8hvau~cKYoZ-hRZSGMwZ=B1 zgkXa%%5?P*hp9A++&!KE&*M~De)Bu=p|n*}Ilzco!f^$nwnr9LlP^@9<@u+0&O&54 z^;1cnk;6N%P=Hclq%{VA-ODQiz=7u?EkN|4cHCTxaZ}Svc#1+QW)Wa_IZP6?f_##w zg?f**be_FN0Z1Y}L3VPNe7yNDQu!UcDnsiZB>=NT$Rh}~2KMAfpqckb6?!$FIy7So zK!r~uBEQ0gB<_h0LK6KBQ1ZA%h9o)w2uXjMEhJsX2xVT}51eAAlreQ2$&yq%ZXZDm z(!N849%-t1EthFWuv(jrT#@#LR21&7IzgjU!n|OywE*8NE(}2YNtQ#jpmsUIO-h)gV{^GH=#R)tc-A^Sgwu<}w z&a;Z(r_)q8uCC8jDPo>2Vp|k}>*onet?aR0zVgnH4E}&{1r0ZlApCYiyM1%U7gz(F}%Gq=)=2KBa}bsc1WC(4G1n1}Y=7!e&!c@0ikF;9pdYtpyx; zLc~DCS+0nMHooQC$yz~WFQxa8R~cK;(qvk|fpcr20XU3Q(_Hz@=)GxSQ%JCx2gS-E zO;9-{04j_`wRbQ8Ut+YfYwlKok>Gj(`9EY5K8(Vu5=;OPOrqL57y!Y1fC#ch1yO|} z>4s|XX**NHxlG^0?YxKzDEh+(c|?d7`#TNViDZCTEcQo_)=q>GrW2`=G}DQo5xw}Z zG@7yw#UD!0TtSw#$eJn}M*NYZ*lIeMD7KtWpK->V98FBq=21k8F%|?!hZ;&mU2jT> zJzhtLUL|>%0X#RR<4J(0wazIm^~9Ee*~k1?dlz6~yorU(;&Y4sFu)uVE9qr@(G?1h zg5bJxevDGampB78F^;l>Ld3>Mc%mmdz#)M@jJW{9YBd_3+*Adzq0F%a$N%&napJr3 z01-(EO0yNyN9F!#-JFMRZGLN7adGoonGqx4wDV@Llml;sk3cx!Y0)>^vTw?j z2cNr_?}s}0H!}(N;}EV2zfBT;0O4xzb5i&R;FVJi{zB~h`1B7TTn)YfO~{8|hHy3b zX4}So{ z)!;i*@LfZ|XHxVm9EzSvNqPnlu0~HIR(yT>Pe-^Kd{s@Gt!hb3WKY&4MRd~z{ zeR{f@hJeR%y$}ENPpb3Vi4MYtA3(S&J)@HFUq-kZd~bacegNTW@bxKuIA92Uc(?d7 zSorbzJp$os^mL}^e|QM`GZ;-I@FQFeKW`xS;Rg_|3O^htlU%{eF3f`t3~F=Yb*Y zb0?O=e0l~Du10^us8oF+Tn+xhRC^p4qCIBzNYR7vdx?J$y6ObK2v@_;+r)i%TmW4i zejo||H-xLKoaFjW1f@IO5S z{zX_sr z4W82{pPq#XSA*vYi4T9=5c-q(ND_Vk;cECZRRpLjMT_U-`ka%J-@+l}w@mdnWnKz?;Slhd%#I0q79w1Yo;j)heBluN zdFFRXdwe>=)$lJ$*{6Xa>{BK+-ds4ucym!o{#`@KKQ+EvIK=o4>XVQs)TcVXDSLmz z5cWO;FFId;77k&5GAa8I3}GKKBa-^?H-xLz*YX>a^gN7kHTX~Q9Luf5)y-GrT#5U{;?@pe;g{pQi!>1}Tazq9X4xD2gNc8<)xV-f^g+k8cODiDdA zQU_EO*f(kE@<0$Rdha>tR_M!v5$ zDImFz8?fAc2$n+MGw@Pterpe^shq&Xy8zgW@cZc-03@|o)=#_lpSs#J6S-IGsdlTq~_?J%f( z{Q9i3@LwGse1nBQa(M7L3;+J%!Oyes&*EtEAo}Igzre!(YIyL=Eqs1>@GC9+X9kBy zeWQMsj7I&$)yH=iMeG07s?k$s`>|z~*7uY3i3}wKC4(E$J|i*lh;|Dza6h!HrNkpz zjxT)q6fOPV-fmd(?6dG^4G+HG!XGp^yvpaV?44ry^dl(jUY?Q0F^`j{I5}_TR@ZzE z$QJ0vvPrhBX?imGP@7EijM_SueQT;URkAlVPn!1hnX$u?U%iFj zYjAk64={tLlmC`ZCFqFy1Urogig*?yS@=J}#I$_b#=L2GYN3q4(?RUdV~HG$prBx{ zhvcSYGIt9l+1a@x1~kUnxw8>Y%P6g1(=ERT)eK8Mb1eL*!Qrj_{4dZgB67C*gY_oH z(Y(8jG4*;V!fBf0*5T%RBGF%1{B!UjF?AN35!r``EtcqqP4YFa_&sa}Q~V*!kW#C- zczgf5XRpt(@^}f?gb%~sEwb?U4iA2Xh5z>O;8$7rvxW!XW8n`P9(>8dj~X8QRtx{T zF~gEi?Nhe@8ysHk(Il-Z<5!aEztLPKS4)>sO}!}RRT-l^o%oQLi*1Zu@R1v!MZtEg zGcZ&+6q2b=DA;xgN}F^Ve}IXJM zxaF}>JtOe@jEr~@x1a|8d!$u{mhB5_!X6ulZ+13mwc(VHzDn0E=4(jiYX}=hIGpqe z^l(lOKOd*%kTx4dbZ1}2UyOQRhD+Mk88aJ$4lFPlG8%IjQX}E8p72~`1&|DeUyg8{ zCkU{way7wq>C)T){LgI+rw7_jo&OB`+cf{w3d2V^|LUGb9x;&g`KS$ViqpvBP8Lo3 zg6Vjl>w)mCBVP06fI4 zhx&THBEfIv{GT3ne$|&*rvCENw+#v>Sc>usSeaQH#Fef>pjr11MnI%|i3A2Ipz({~CAp13E8 zxG(s)s}5Er4<^Q{BFa-s_Zs|--*0O~6P)H{H40N`o;IpLQM#xq$JR5R{!r2XR{ zOzR~tpn3M=xP(9H{VM2f$N58ZliY`u*Z%e;Tk*x?C-OlE&RSm(P`%kL4LZ^T9chm= zCLSNa;tD6*_=_TW%}k>GVd6=Bh;Bb@;+(heyY9l7Cn6qZIWzExJr(*LLUwhU6joktP3HjZ1mf?i%{0l^ zF{}IS*Ik_>H7>Whb{q56I(kBQ3NxUnMd77bc%F%~32Pc``dvlybkKnEVs^u7bOlr;pF7()+TtWTmH4}X>-7M z8j_LsmABW=-c)TLFKtZo@_bdeEC->=89Xi&l*zGuZhvmw8=okbCC~SEO-Gi2ohQ~) z^1QblkC&o6vIyaJ=hp3eq-G3TKOwBbhzvvzOF7L&`vmjuAEZw%PE}od?c1ndy5kn* za1SmjmrwT!7^3;GsGR@dcRjxQ3``xqu`a@_xk>m2oP0O1o1SM=!gv-jZ%*pbezaP2BO2!G^ZSZi%azC0!;vG!5~L^=jpiZYlu&}YUk z^H8IMw}kCF%m{GW-n=sWJw8w^@3<-yqIUa{XP=XE+QRRB-_M`Vhvq!H zv$Hd^v$M0aw~?T45_EgT+GGB_-)JA}??j?FgdhDM^gcK0V3d)O0al>FV9a~itUY2h z9+kXXUmo{0pAyu}xB`mNaP+{8_M>Q@S#}(|>D@$U4g|244>fs2x5IFg^qPp!M*vR5RsswF2m#XtqAW(Vmw7qe42_8n!R#(n`>3E|u#p!hTUj_JI@WC4T zd(*3EB2gdwBQLWnTz$6T4cfThdyx3p!0b0=~e0##ZwXQADR1J|8T8$_;vobmsDuIweE_|)p<5sPx#MT z>oF6xp8xUlZQdLZ#2h{;I5^j;2ce+?v2(3>{ENgfLJ?|}Rj(aCCrB5JPjVk7QU z4eIchTQH##2?c@WF+1F7fco>9DcOf`Pr($l1g4j*dDbMWmg*=@%bz|3IK0p{IoCIN zIcLZd9-G>A?N6tZhKgyqhcG+B=v&b{Wh~#O0GU(9Rx=BKYxs9sZsyoprjF+qe<0!| z*_?t9EXBXmawm?>WO7r+Hg;5)c{{$jHflj?ND60bJ(h%?Oy_SmoCH={%SzTy1}VsZ zf;V?S>n>P1AB92_$SP7cJelp6aibHE58ew- z+3wzw%EqV&S}?b;9ohMYL4M^HE)!Ub#04AQ0YDM6>*!fyc!8Shlw42?dsgoj!fXLlqn|8XDA{S#JD<@95)yC+ zfc5sLM7&GwmAxPywx)AF5JK_Q>^t*9d$XK5E_l-^Qxty}AhIRJ@J=|;2}I2d?*tL1 zIcVQU&6WrH2-95Ti+&J1-#piRYLKIllx`4q@G21DTqlEkj zV&2=G0b_?Jw(3d!^oo@vn9%Pw|_g9K!j4 z`5A>3FCGC0_BDI zowSuO*^j0{u%cB7NcZ=0?_E$dQv)>p7&z-N$o6}bxlD~{5c`5p%+IYc_rPWVvLJ~P z*aY{1im(IbGjnZr9sVLaH5YZVQsy<=yn370?DFypX@;4b%cK-|q1a&=3^N&p7t`#D zWIGG^i6@XGR0z1<6z@S7Bxqp_Hneq&amsvh^2w7=ntb93nFWI#1j@AxAWGezo4yK@ zq#jI?Ix$J=Kr7HjP}|$>UsAz97m0CN=Q4M_7!&Aqwu1!xroJuZ&)Dlk z1PdyT{OL=f;{8+dEvu$swv)-9-T~JWYA^2_cEJ4<-!na7&6M1vvGC`x|A5qua5ldM zXA>Uh_;om%GskA=ZNi9889M{M-ey~iuSaQ|HhJdcGbW$OXz+Y|CjBGE^5Ghrb92() zof~v0;8a7H?`?L;-gtCzA=L%(C^sdHT6d@3U_`9oyY#q8)HFbTGjBNp_l(}i3vBNWt&rLW1}AK%k< z?29lRj)iT(LZnx0B5tzw95Rcyr5bwHg`qOU@JBaZ=Gph{>IHhJE=mF+8wD-IMM+WR zK8U6d1Zm?*O_~j_Tb`$~76VtU==!jA3HwmK8e;B?3gS9R$v$vd?Fv{lutRu6QEC-? zB<9+f?~^&TVz6nTO6(MrB2#A(NMwr%jlz9wCSQuhTo5iGYPcP>=P7gfRBGIOfN&+L z?XFU=435n@U!Z{?QwgUbdr1wpI;^OYjhDW@e5M9FL=Rod9CyL4trFAGY;#JVTUoIv zy~1A_y{FWOh9<$BwQ5V~H!bjYU9g5)AwY9$x~frXIWpFo{pR{1o>~){JHNlON&H89 zQz5jcAEjy9`uMjueVhIfgV&qBMZemu3DvQybrYn@19f0_7-ZDN-AY!Y^XX->1!0*L zMvD2-b3*%QU1pmNTldf_8^bZ>MLeoTf_62XkdbH~M3pOQ@Q+`o<9)Av@W^k=FaY*8Zs!5H5ARO{xG|X&~ji9-ObJ4T*+*|=lI{ndOT-M9Q0B?^-&mUmV;BT- zmHC$2%+Ge?k}+)oXw6jirXK(p_<3Mr`ZhefEyYCu4}cwXq;wDRgb+M8-6=rNpn#Q9 zCstj(lWTclNIuJD?z9o*AEQxdqkPHMZfZ6`5Jt$12as;SaB(b8cpTZ>pMh0f|^Yw!SA5 zp~w}{J@`j@L-#!A8SL>dR4Hb!^=jl6_2{ok0o$Xcv$h@+Cb4hoOkih8c5`&FFnc;| zz*bo5zeHyJ#W|DyWH%7S++QhO$N{$WF<5}7TTh27!c%T4_W$a<{{?3t+j%VrfZkrJ zK3c`wXFL82v zB??@gPeSC8paO=x)QqMZnyAs6YvxID;UcN$)Ga{0$}p<@C`V8KtfBiiS>c zSRaTUq3u`Wvj#;m9o(YOxcEA}doEYsFBbD2JinBUi*I@x&V#JUwRY8?F1K<-}kW3d5k##M;i+Tl?e(~#1ym>aEC-)aK1R=7(py6 z%6@a4GRDMYD;h?Si`)su0ALn-Zu>Gv7`a^lIx<#%#W z-HYSI(M-&iJzrVv=UYL4pfy7OD66j>uY=IT2&9TpRyD6Apjswyq{LU7JHN3J&?iqc zy8RQ4e*A{b=uJOQB~ntH%`ZTFq0MJ_N$IdL>9!9YWx9>oO=j5CG``(?;YScse-d@L z0pxyBJDTe-gy0Mi-5R!DIZV9L*kSs*V(J5?8rb7bkl2ahb5NX02(!r~dKMk{v{oyc zsHKqQ0<=T>Hy|H9>4y6ltH)eI_kV^Wuv?1I`RDbR6JYbLQ6_eE0O;(r3my?x0hDB5 zK6Ol?)ezZ%paT7Q{hP{QhK1h^L*}(UZmxJh66|xs|y&3%{c;;2)xLs~@&apC^%#+O0U#KFs)h;82TZNZ+;{{CPjRA$;oN2^b4o zhI8}Y;=>2rS~7)aeFIg0N68q@r|Po>eJNV(&)>pyeg69sVUljnZnsG~4cJ`1u&KWt zvlj3+3@JB3%Bn8-%%_?(wAwGZ@~L_jaeQ%M4*c!MC-uG`>LNpi#vq)d4_8at75kKF zY4YID?r}nB*5D0?f*Aygh$D0i0FMF!z;R@=c97WRMF%%R`u(5b7zu%aQjE6}bA$j9 zkWb%jX~X#2#;(M@zZHYr7S08Q+F9Oe<^GM{-!+;LEbmCB-VdlcLfaje=Lsfx5-mHt zw{=2Vq;QBn6{FuD=piDy0Xu2o0a?6o6P$tG)Rb{HL#q?@k+nH3W`nX6viKnhM$U|D z>KXi4HLYNr06`HtpsiDdl8}|l;|k7X1(3>y(0?AViprxvr^I*d?5kyGNGNl_8m;JWYI>oAVyy-;-QHUL z`!2Co=mO$W+P-6(UE1MiQW#4b`FX?UC-Fz8*%po$R1MZv;2wxgn2u<4!t!Z7NR zSk^KL?q*wV18wT*ac!txUQVeOg?bJgmnKjJEutj>0g;FFnbEL(aU~DOtpL!ubIjXg zR82wj98xA*Hrv=Xpk-}U+ep#ou_T7Bl*`on7Sk~X(0igBGfQ=dfA#r()zCvAQ6?K= z@aIKpy?-LEkBbFdpondNfd^?mR!CtFDah&f7E{!Wn!6z%=Tkg~Y{wKL3QGi<5ru2< ztLm!D00ZM_qRA=x+t#sC2S^^B4p0H*mjzs zZq8vcT`wM~`rs@QLhfswTEO9>2w8&{q4THfyuNY{ESIU+}_c!4vH?@ zsg+%=(?UAW9$8*+Wh2DGA48lI=2tv?>Ud;*HwKjW&Hs>1pK2I?hr{4Wp#SS>zYe1D z$8L(-kDeL?Nf{MjO~;%2n80>a&ob;Kq>26^VEbYDD(zU0E-FLn5S%GMICMbS!Me>j zcxZ5`r9quBw(D?Zn%5Ep3>f-0g{ef1T+MDG`r_910UXum1%pEXaw^^1b|Cs1i)DJ{ z1r7O`WiZLTRfSrb>rB&m+y#XDke9l14`&}9mAj64cy}>()gyd(L|R(&Idlpj&~oTQYa%jt3xR}Ia-MCT zix#ACMG*PaTrL4!{plbfUrFsnlTg`GbMZf$2fwGz&CK51j`anZQWc#RWS6H_)Cx8Z zEH_!N)0{@pyS{R~`d^Ie)&tbMS`de{fOcU~lE&ZT<+nyks82sA)gvEQQEO;@r6>($LI@K z%BaiCzDHExAq~#A)ldl82l=P8>|dx1YI;gAE|x+RGw4ikC8`ppR2OL@J9l$kX7N4L zzRYY@$A|vDvB{tn-JU&2UbQ;tHLBmAk@|Vkkcd*Y^4uS?kB-VIUoLnb=x`6J62hD! z7i?@+7O2RDnl#r&k}`vt&H!-7omsPQ{@pM-RXt?N!Z zxGbN$A46-CWkm>T$j$+i@>>kc@?lMit%#WISPi(;oNPVT$97R|b2T4A{MyOpXeXo2 zS`(;4jX0%EvDKO*H0k2I!FeEB!#-Q(|Ax2AOY-&%^j?sUxUnmaBA#X)Dv3M_GK_(hk||hQ;B1Dfg&|F znY(rxMXo#&dl*P_9lMx0Ymb`O@7KbDB7gFAw4Ek(u(SwX>#>5zfhgocq^l;T`>VW< z2v^(nUe5kjW%6VC%q}1cfHHeq6+OoOdJf9QDC`g-b4c}NsN#Z2E7w+1Y`@1o#TZ*R z4UIY$0L3)zI0-rmL!v|x$&7BpKO!0J=k)x7QccE(Zml{;7sUnGUuWU7G`-H>)JE`A zO3;ca<(=r&F|Bq=2|6iL(0bFRmMSY$r4?1VrGnKWv(?d&IQo!p5T(X!(yD+)ltfb4 zPb{e1>S|_AukKTdI)Dr=)~Kqh_rx!aniM!biho6e;z8#-(6$5d%c)C7*0Tc3gMEkp zgkf_Pu(#tkn!&aM@*hXOl{SU9o1hD<)~{TCX})dI|Bcalrer76W{;I!4U9j6p4`7# zjqzbvE|k>u2hdy*{gA9kAgOh{aD}l&+@>}S{Iv{sGu>p~0i0|^0*cIBTf{ovu86mb zx^b}RKmt_ck~)qke#gNOwj}7xPnIx-p+j>S>NJP_hg5MHBk)!nkb;{e$P$dhpYn_Y9pd`gxotWXAI_jSh!e&LXE&))Kn(;Jwtx$T+qf(V6|%qsXLijK)SIlJU1>pe?EWXKdo(w`{~Df zS!#0Y_y2Ft$JNUDxLQb?@qxS$iBq)pB88&!af~YdKR6#Zoi12Q5h>h=hVyYk!vFR2 zaesaRTC`y0e9#ciF@y7Q=o#_4|3&H&v9|;+6Sbblqa6kJ9dnk7ps6D(0pb1H-y8@DXQR346f_tgkSFE`hU2xOJv1qyIH-uCI{>K)|rS==%FKQ}V<$^afNk{xk*KRv9((j{21A(KHr7JhyihTtpQD*# zCh{3pl*?Q$!@DI`8#vIbwsBH=Jyj?WVs)&-Y8qB8^2asn7N>7FJD<*4KbXb;-ToTC zr$(x@TW!MbtML#wR&sGO=)>yG$-u#Zu*M>(1h1+rcGissvtlc=pXL8=`*+-V@!UM} zODn%6S<>NkEBtgJ(aFN8a7QPq4jmG$H_sSOc4hk)dg`I@{;`7!>jJhYOkYI=mkwrQ zjbBZcK566s3kG|T>!+|v!p=;hbE)^3m7$1tO%uw;(ddoJHERP%#{ZZS#gVzOf^+0v zg?(@$!tr>nVC3099H08@pje|mG%5ZEZVB6o_ty`zT4OFBk{x4~P4k9qW;WZ!K=3V77}Wp@w#f5tGPS(@k@gE|1Vxh2Vb{dN^ewmF5E#05-V z{2Aw&r?g|@7_Y*pCfuB23M(hLYt+|>jkq_Wa>Jqa4;sFEcOH(r!D|8Bb_ z{W12^5-!R*&QBlnBF-yQu-WEX6qe-?8N-@u&98q=^>HI#x%1q$G9S}6euX?JHcI+e z`0Py&k~7>_D1$%TzAGFM+ix~+J{a8>v}2=YQ&=U~fl1U6UZhz)l3xPIMUS3tx&W30 znYIr`Uz2{}0OW4S`07ViYFh{@){FyEFrL+eJc;W{SW&?4$6FQ?`-xy&W&AM+4v9!z z6n*cFL_nB~VGRZADE8QdtFYg$5%xzf2#Ey35Vc<)?yX_<?d^n9S^V;hfP! zWaOB1;nyyAe$OegF9iw94Q@gMu+&zy+Bx?+S67Q_Zfgf6u1f~YJiejK zJYJHS#}}m^UpF%WAKLXluOb;>WPxpi3nCw_sEzj0WHh!*Hj64z7;q0~uq=cfX9Ei> zqnCM(6seDjT-iF%JN8J~eO0u+Rigj5X*KM^><>W~t~PW2>brLadD8%zoQsvei}$a; z3@2b4eiv_Y{dK`0&z1O)jXUxx{)cnyTi=7us1Do9U~zo>)zzdNKi+-@KjLym?fa%s z2DSs3CSzXI`BVm-wi;1BJ)e5<6g|P(*6SKWeXw7&0-W;xg) z(WxD3rTv$qvga+gFxxm7b<9GT|D3})F!22ID0`gtllTI2XlIxSashnPFi3Z8IT{(u zcd%PK^j3f|nEVP5dU|w(@U11yf1MD7l*w*GNY+);F2QSF6L!J9mV{T%kn_$kG_rGW zz7S%G#r`3l2F3ZLg>CeX}veF)}#y-Uy9W)lXIHeLNpp-J_vol{O&BC zMoce5k!3D=ZyN)fBL}*+m0A{rwU}$xS%of>X{5{#5(7cq3z3I5M3v1csOwh)rh+PO zPE@(;I;+HCd$VX3FO8KY=ylY+mDCOJ(+Dow)|`^5&d#TZGW1a@Na!=CED_0233?zI z8BdFIL&m%h=%-L9q!z7TMA0!=5_ zIVCCeo~}x1==T!r`~oW%fbT~u70Fa|$+vD#(7L~Zd%D488alNzXXZppHy5oy_vfkm zozuD{#{BLGYbMSYZz0h;_B~CStR2<0gQW=pOSX6HWzqPvtg9ak><1t2O6b52Ckw(Q z(1CX7z!Ee4YSDp(sA1vA-qCJ*$Ctud%-30kP*g0mc8Dq4vSg$*mjv=VpG19(;t9*P z^{K+hQXpCiy1y@yah9#E8BPd|+k^Z8`}U65w=n`Fncl=PXOZN46E|7Fq-bE}Zq(jm zD^x4DV~kJ@o#2kHh+QC2&xKG=w0gr*bFr%Ee5JZrdP_xm^TAF^5UbrsS6tZj3DMo= zL^J#oGnv3kT^NXXvn|-}UVA00VZPVI%{TLE0Zsf`pVh=e54WRdtyE8GQd0|~X5bqG z+D8(J8SE4h z_%4rS(w2gSbwt+ZAw4NoXO!@uj4qhNKZM_q(@Agk!5La3bx5iSK?c&9&ndLu7G*Y^YNE7lo_)_9_ zjU$w>=@ROFko42GIV36jApbyyqL^7rfsHE2S0;a*K*j_AACh%27xSXDNPR@RPM&Bj zP_5)EN{=h!ckh{IU==y&KMztVb%cSM_?CO)FsnwXM0NLBxtJ$izEyX-JDNDlS%N?ZfgSUMO#lQ@WUeg;I)`QHvZKhu2YXU-zY_nrS3!Sx`) zg3kZb>7pnZre-A+gXWMpfHeUEPd8Dkk1h`(?Wu^cfdirLeF=nmfK&^J{B=@^m%bT| z>_A(XYiGD6M1S$2wk0*5f|%y^Vz$~+N)P{l@|ToJNz`3J<~P?$|EX6v{sA0k^tKlC zJ36n|)gi~!%@%QtS781@gM?o0w0s)@yQYfS>Q3~CPv3_g9ryn>!NP+@G0)Y_#daROb&;AQsXM1Y*Z|JI!A49*Wtpzzd{D+ zf`08@8$*ij)>$@96FAuQXlqJe{hY0WJw-$~5l2~CpVKc^m}?sg8YN5TC?_~bKik;b zVQY8TG?34`KT``HL(JWWApxT3O>hahT5oEYseh+4vsFdi^amNlKqlT>6o_ zT}z=VOKOQdf@@Muzra+}`Ae(Og zU+a!gmjYrOp}Yl1O4X?@&8+EyV|OBr+1Bb-Y=C?w?X zA&^=7ob+x@QsA5vk4{!XSqli&XpZk!OtoHx?$|k3NQcE%g`!`el7r>T_B4TzVVG2q zCV%AWk{txbro%s%U(sJ!tqdL9>7}{4W5LD5C6_Y;9)VO9`;)B>_IqRJucr;ZMpw1n z>`7^EG>!1(MZa_{(9`S5M;DVpppDac&w+GdKMWmkh-$9ehl4Ke!T^4XznO#KQkth2 zQQ6`ZB^@Mk|~>1weFov+0?ZeM^Oooo9Mb%LzTDq z>wN19BqPx#y1+r&S}}Z4Rq0*ZRx*+#!SGhr=hnYLILrm_gJMuApPCVq+MckYfS zD%g4=M(KmCeLB?_rv38H%s7|-I%v>3neTn(O>BPKszko`nO~k@wdl4){vXb=1H~gQ z|Efg(b1whqF8?cue6N9RE`M4gzr&S3+vOi9`C@7*I~)q-@qgZVm#OaBLX77UH{L9{ z0~$01rk#K~vR(B%OYj(ru=VSS3VpYEtIjf zT7*Re`S{puS7DMMKmR_;<$n}{E+j!U34(s>r1!?BtV$&%bj<~JV0qH!wd z|0o3g^*12s3K^-Kgzk3)o#hDHO7qeFejZh$*D{<@-~fSGwMKCMrfoam7A$&Hc?Qfy z$4R)r1r!6H&np#98xM5tEDH66qu>Zqcab7R*?PE(;}s<*P|2caNYU3_(a|UhHAE?i zrIjsqx)j^t7^`N#zm3IkX6VE({>Lr%xpA!pvAXDZrN*kapJ06EAgjLX6#gkv+2O9T zCRC<29!N_%8Q`EGCii%5VacxK$t54_5AO>}`OO48pXK*euO#9;H&pX@Unf4Q7Jn80 zvIk=aN)La|=GN5FeQ4ZDI_u{APg*^kAb>6C>S-fxRoCW1|0$M!-begDT>W!PM~}E6 z7d6Tv+RA9Y4A|IU6EGz+9q0R!9zbO z?m{nvUwD&6rBU)%e`T9@-bxuXh5>^EAfn$b16U^~Zc~4|Y?$nal&}husiqfaZr;z` zam+M`iW0=;P=Vnm&WVo)BFNTn(6IqlP^@E{9#B@tcqS*a{JB5_4#gUir}uhfOP?vL zV~?jr$NC`qJ{XLHS-(oDAbOEhG1ZHwmjzXP7FDdE!HAX2DeQg@S@)=nwHOnBA}ZBq z_M$`Lx&oiQL9M*(keJNNzZR83FM~;PD%H5JQz@o7m178(jtR8g+YBFY4ksfs-nuwG2UeR8fQ$mmW&CFPj`pjz-i&xjSK#%&s6#w%K zk5Yz*%nhPPEq&(T1dSux;X{^KzP**Bw!?9^2JIjNw=#GptI9J*FAI5%_EVj4ofsig z9C3dw?M>sYj_u_N=TjMham#-5EyPILwh<*vC1|_r7XfYC=@?$H-g5^Uq5};f_igLX zd$m^N2+6nFPbJwdBX%gseu#e!3Lz7aOI+b%l7H_YsD1VxQ>)!Z1e9;Yg{%l{zJ+$o z;hs*Ow70tx#ZqV=I6?SpPVo2S&oLV9NmHl{Y%5kV?HJHYcX2VK?3{Va6G*q#`ydB7 z^6d63Fjyq>tsKN%f}y1&aGK{HDO%kQ0@^|K{t7|+rd01HR4-3Zy(_6cOCj6Mhn3V5 zVbqHQ{ixl%jCn~eePg!eMj#$rgczP{boO1Wm^3&^0=u zjb!G^UhVDX+~WBM_dm-1qr?tDE}RKc_HySkDJ%B778f`Ot^6Kwpj^vrQFXQJmx2RZ zqqagB?C!(A?&=m;5#4Ap6kUT6IX>lG&Y!6D_MR3f+u1{8Rc%%;aX-NW_(pTESK^DF z1^=VOZH<-PgK;iCS*s_H^0v00OLsB53?#HdwH~&~FL?WXidV&A&7puxkRqDKDI7zogoverc_uUrJO`zcz@d*RP9-Dy3g> z9XTN~H>MASYFp$Mazs}BVy4wE`I&y-U*}M)U(7Fm-vM()zxYEHQVWFo<*3RFQ6uz= zWQF?W9S7AQR~pwRXe9~#D$d<-{c7^@9`0$+H571d1SlaFRLy>v<9>|S59l!7Z>>3f z#sbuEAt4n)cQ?p9l3R!_R2=;}3O3oVqG5b|tsTZwK0lR7cpjTNh}{9`C&_c zFfc!Jm<-H4psdIISY3o3NaJuphIbu#VcfwE!A?jGd765M<*D&5{_tZeHb+GJDKfSN z&Y7}#&@|#OZDBu^t@l0I^f!DErh9kG78_Rz7yBDGI*2YpV2e2ZILJBBgboOmp4$&K z8K1I0?n?K`aF>QzzZE7iXqt34KkX_yM&X8myd5NU;_ov2g~!lbZFbuilGIHUNNfZW z+_9Fy0a0$Mwwuh0uB40o4mS$+QG+9_+3{8rLzas%{j3Rl?& zl@jaUHgI4|9V9uAmShc`>4U_W0yGe zK+f}vgIQ;d&><&#S=3x}1EUJ)RPo#+vEAIApAFw{Wvr){wiSzHsF1^*tT4IA#ZQ!9Avq{cUtBQpdx%h|P7l;BljYw;`F#Upk`a2bd1R`d1D-acqAP&X8c6dw?& z-RCf*BK@Gs9v@8)QCfO@o&_mR+E&BZSM(@Cfr<{k(|tm*n?%d)EYzseEhE`_oIA8? z4Cz$HN074h+v&aVDz{I#oe30Tb=dM%Rc%!kTQ4^-RYWI|0M%UGzsEA$R<&_12n`s< zs0ET4R>It1(o7^$?v;uJ0>Z}!Y+4ZsjO`N18NtJTT40^@0Hh*%l*p8xdS3?IiCZ9A z@rg3T{q(d_#GNL@1@y29bX-&)fh-2C@-8Ma%FJfYyh?!#8ltEGj5?YTw}?vtAZ;88 z(m$fPSoOQIC(Qmd0 z>71ZYjyB8;Esf=9vue~2HR_AL%KiWhR+r*7NB2UTKWlTe@thhD>5v#{*RdiJi{AEA z77$Hxw~f=iwCay?sBUdEPl1@@`Y$9~2Qk5qmA^w?(rWWn>MFva_?)b3js%c%TAdiA z`G(ZYq2lDM6KvukqtBC|SVuqQK7m(mKr7iVZ-MI}U2zU{i=_qh*DR}D>Hn$;`2;K7 zP!sYlJc^MfL`W67(GcH@>E2+oaZOw%ts;Y|feP*HKVTGN8&b}|omP^%gtY_0pxxrO zv^|T?!%+0cchS{~PD952F<{WuF}~n^kX(a_z11NYkUKEfb3=|uBp$latQcp$1##nS zvb))Tym07EM`hO`w0O%O4@X)~G3GDwb_#Q+wpijo`N?7&4T9sXVjPozBl?N}OCSgK zK)PHdm{yCEm{g(b$fT;rJ}-RKbcmOwaoK|H>9{#A-_nPr@SZNMb9W1)OR!Jm0-K-% z>-$w#JA251^?jH$&pgI|oXy6kv!+VDnjv~MzQ;Oj*3mA&>92^e=TiEQ zWcE~XbR)shXSdLF@kxFuos5;v8!}VT_14uI2ZC#aYmkvl+*^y4h%n;%{YMrv z2STFE8+ZaO*>Dc$0Pf;ZobXERehD{3S9+Yof^+keRH0N^egd5KaVTxg%g}LIf{s%g z_r{CF%ZTm(5#2!{MmE$`AYE5Oaeqc;`OM;C+qq)3rQ7%OQmn1G*mHPoRBB6=E_Q?z z>nbjGiz}v&eT+~Gd8mE)TgAn`>WWpDt}P|CjXgOKGDY%PS4`duX=}E91_N_749j`( zCuXQ4O^cD1JFXb%i*0DU5ro$Y1y>XU-%Vh4OvmkL}UWOSZ) z++&XzngNgaR*T3!l`?{ePYV(E6ch0&5Fu?)n$vT`$=})4RVweyQ8?+xvrQ#f5Ra_ z)T$Ol+l!M1%hJEU(r^7?+@JU*sM>2(abX62>pvYcWm>9UsCufHsz2cXrf63g8BCC3 zYm1Bh*cB_&Qd+F;lp?*D?TQu2AhjVf*az44Q$gQk+)UVp9}A_G4_F087Ihvk&O&{* zeiMD;Ld0CTAyxeD9jzkos{jf*wd?ADlSM?Q74v%Wg5sga`3$F{7MKeR?-kLmzNXFA zUsFbEnqOSg)@5sY6PG8sntmhh1V<@6ntZ3@sf@Nvl$w4~T+_|i+PW@n`HU2Mytvp` zT(L6Ra*PyvySUhAPz=;VLKP9!TN@q5{!&MM8KwP{;M>_hq%b-65C@c(zq9U+d!!UQ zy13ZwDCVsD8J-Nd_Bv^@4%&G1$fT#?n)|}HRH=58vZb8JX%+$iC4GK%4%eAW+1Oe0 z5avj*ZoD}Pw-?Z~Z*@FP`#^Lrl8^~&!5ECqe67)i0C25^SS2lVv5W`LN0)0M@Ec$} zRWb*nQ#BJK1*Q|2PYj4sAEBw}o_oo!0$ePcFSFsz0@$F&vxO3ksur_+^qXuutfuhl zm*DuOlDxOM-uf2p*}J_@&1PotoX{(bEAVu(DOs6U`cvHg+V{kK(el& z-5e^8x#coyO(0n?LaStK#LPs?F;fYn>{ywM=i`lTK8}qdY#lct*RETG>8cCv+vpMX z4vPl5CjVU>?YZuW#RS>OvokeS*A^-<_)S!5FxAD)gL>*volH)ek>t!Mw5{W>ZOOlrH^^Vv;r^Nhnnj-H3m*wtu>XrA1|H zlM=Qz#6UN+w(Bo(wb@?FX@Ss(AVZ-`PRK3)Nl2qP#}x^-0~N3x=qQjNM~R$`6dO8% zkllstz7Qn`wdxqFG&2K3{n2yKLlvr8gXhVnZCGgQ+)7gkr#V(7Rk6KMv%W@S6|ldz zf<`|=PZmY%t=Lw74Ix@tBOFWg(#L^owD_|MH4H7BgC=A^dj)ZryKbajaN8mRQ<*vP zS7Cx_y*Bd>!tcAq{MI%@@Dfg4jD6I=lg~8e9_LdsjZNLPthei?<5kD-bnKCr$>J^= z2e0fco`(Xs{O0tZz9SZT@rb5dobKq-dhf6}bjtthi(PA@0@$vVjo}`L@Vtm$&l%Cj zDU2DeGyhpTGoXEEzFztW+Yo1x;-1tvCef4hmF`4Ox*bmy%EX$d;z#x*E^lb7#N!L3 z4;_$`A#!MA`Ccce$dug&E^_Ra=t@VFt&XyZY<1{L8(dw3ug)s{km!Y_kS}uD{xscE zX?AfXin`Ji;dKB~4&9NGglKnaOYpsNp5+_$qa9K+q%X}xh)>0u>`R_X^8g&xxFxkO zy}rSHiAvCe<-b144+gUb2J?6PiD)Hs22s@3AGuG4{bfvO%}A0gN%nx$I_cD(Rzf;~ zrPHaJjhl4#R&3|7$bvy9R~{k?N@|i7g*1!yp{VxrhE9=03?~V0!379-&8>9)9=nV| zS}3-j=wOU+HWM6X>JpZLYhy{vuym=j3|vp5WpFUoGI(*@9y-D@Y>KUH&N3`v`E^=` z@fV9_09LUKC;-cF)D20?;Om^WIK8B#W%%AVT~~n|X&G=1!r6m5H{Q$oE=(1|y|dyA z9S~=!hz{3YkBVf`rl13+yYnZmA5MmxKFut@H=(lIvi@OhLs}SW%R%xfsuA~d)Pn%x zD~ZCZzk$N{YhlzZg|qHccJbh7WYy2b01bdLbS!tw9!=^kmriVC$3nkVgMQz82A~E} z$sVYI_`Sp6zd4c=Z7}p0Kttq33+#TsJ=Z^=Oq?IM@h`l4>78vt%Nm#~?4Npv_Idfr z(EH3GZSb~5UmUO zeh2s8#KN>2;rxDKI0$Z@(qjjR-U=O#WfvF)UJYfZt5}168_Nz{yd_+`7uHQK{yG<2 z9I5RL8d8n69~Y$4+|0lwsU$+8nSbU1U@}XxMwlGSphyf zFu}0M9<%)gy;v<&fm_#i7~-V1U#B`c^sa`C{o=h<`PQJIXsr3`YwIY8C$++zImPG6 zVb^566ytFL1jT#&V7{$Q>w_8%!4iIrvelm-2<n#%wW& zjwE!9lpBdW?lZo-bFKTkaKlKUhJZ@-pGIfzy=~pwai%0}%^KaFU&a-cV{{|_f<4I0 zkQ(@6mG-?F@WS?{OGGQ+Fn7Hx2J5WQWU%jDae*ZgTUMiQOATV?VKAo`%;+6~!FND8 zvWR++Cu4ufdfu0MzF%C=&S5<}C?}vl1rfk$BronYBlpgn@X-2<*aIcWyset#M)qGx zo{TDNY>HqYU%@*K9>QUw&aBzK>dFNI11~W@`jNiFPOeys=3pqoUV;y;$w`BX=0sPk zVEaV@zp5Vv;g(OZ+1J|aFxU*=TL&4db!=(zNcIj2diCrFb&4u*PBoDUD1x@~E=h{K zP%Wb#k4*M4kx^uNZO=qM6#ylw>%SuXhl{0u<9V<`8aqn>zFG|UO#(KI#JKYpiUzu4 z2{?8n;4#I3dlC?E;4W62Xm{xw4LwL40!NJ^oOsuCVzwH`qndnwamG%9a>=dnQ_xM( z#s+3hX5H#)(8`^oR2a2#Gwhd+4&KUb`%i1->V1BZm3u9+5IYEjRfqjBexbn%(E|uT zeDwPLokHJp*vr=cH3yNXeo{Bff8#R6%KKf~+dAxveSR_j z#`1qb$p3kCZR2r&Yvwu2btfirY~fxc$}cw(CKPCtdIvV%CKG#FsKPl=pwo##8}%bF zwcu=;dPH$1Ig-mVwX=grFm)~c-ZD%*j~S;jg+9k$C7GHoOl@MrdY-8*$yAmYl&QC4 z6x7sz*iY5e0hcK)wVMkOp8JYzhfbeg)KX~&@k4>Inz{l$YB{Dh^GpR1UApP<6m1@S z78`P2E7oRw$efvQHaOeU*9WPdXuU@@a_SAQJ-5BL24W4-)4h$R1Tl*{r@ zl0;MSBWTo*!2g%a^N(fJkpD{{2<^2~2Rl7x91 zc(WF5!fbH%SNZ&+ zmj8l-u=lQ`B@nrIgidG~bG|i666Uv5WeFoMmw&*CC|3dK>s8BN-PN^UpjlnViLq}C z?IB07-J2kl6I7oHGO>OCcOZnwz!!os4<2EIF(EeQ%QnGjg7vHrt9jx~pae#d6+{OU zojmjOMJco(EJRX%fO0?#aY$IB9+o{0fjpWm4uR064q+#R+#V}c{GhmsI#%JfAJ~CR zapaqc4@}R61Tnk#?spjnd0yhIi|_aqk54}GEEexbq@z;rd3J}98bOH3)d zC#1|=e+DErHh}I@s3$`xifAqXJ^j0CZT-PaYX-b;@W2UdB4+ZV&Am>41i#Z?op}8V zR;SDQeHS~39Re=Q*YQQ2j<)+)_4}(GcXHUv*8iWsSqc;NzqpI7e{rSf|07uQCH>RE z4P3PA9rm);{9*@@Fleuzi{>iRrw=7b(74_T{0O?rh8wimGfNw^%U)%z&LGr9d4zkc zLHh`e?^ki5@Z?&`3YZT$Z}U#js(*Me;---1m&{~y6W z_s1x2blA)K=a)K&gn#}PoXv8LKZzts<0AwRG=9=f>N(1aY+7mZRscMxp~LE~2seh{s&W>*kYZ5ymY?48h?n zrvtKwRCEBY4U2?>`mJwo(4fAL5OjJmK~q6ca!}v*0T3eNn+)pabL$$^#|hSNg;>oy zCj%wuEUT>JrO=PVLL9NWQO;^iy%lLZsK0($IH*IrBu=K9Rzmz^rHT=Q`f04fDayl2 zq8oy5*H1-RJjUPjZI1DGXIt*Zg_GYY18HXFWQ<=1^;-so_^iOGyH1IU8>E!o6*6yD zo)nN}$LeJz#_DB7V>R$sMBNMxs=l{ql+Zb$7urwl-c2r3^!=}v0Arr9`kwOnMf(1z zgU~$?=(f7#mC$#cL%$TV#Wwxt^nkO!1oAL-=;*P&w{}V%yef@7a(|;Lp*VOc^!j7M z(htKIMd@}h-j2L|6ujMqDe0Zb!dE*aMibI5$l?g4okLxgK%)UTsy?I0zw#b=gSJU}% zO=}!kIt;99)bo!`{Au<2M!h>6gdO!{xu^A;S{FWWnEM?0u)0=7hukkhB!j)r${?Ru z0vO7tQrUtYX0kyn+z$cg*zXF%C#+ncJyx*qx{j>u{xe|(xXX{)se`<4!oUC7vipF~ zFKWUb2O(E-VF)s3V3#`>!Z3^rSYN*f+~EhNf%i_ZBZf2q>(V`u#T^90_jsB_Y&7cY zdQW0-->_kKbJy`0L&gQ-!KsKC#2GF5@g-gPhVX)aR)?n9Ti{n3i^K%ZYE@I?+nZrJlT;#rgUKE2^G zCQ+`9(hvpPpq^sz+h8rf$z3;cENl58#jSB}1G>g{Rp2mtsT$PS1Ex9IPzxp0^dOcq zV4fWoifoiduc*tmbi$e2UNQ8;%z&QBT=4CTf~E9M5Sapzh^HU}z|>bDl_ln$2sa_A znR4f=v0f-w^>JT$hqi$n^vHBBupA(x-E9*j;nhq)0I&nrZ5ixgd)KRCG#f&WP4hHx z;AR+CfDEA}{)ckJUW9_bcccK#ZUlqd3dw#&wo!JJ0=j^z$t^g?|GEiMVVRUlF>B;) zI#vJ>Rl)@+c|RFYpb4=52KV29^gb!8TKN&&5&y2$4!^frS=JqSYn4JIr);Cel;=We z(uLjk3xPn-c8acUYQh?9BIR!`F8|80D6gX+!kft|H_guiX~8~p5De75$Mlq07y(f3K{L zA1nTGlq#z^{Sn-r!CVJ^6?|nRz~b|CP#Z$tAjWTb?Zh)`j?U$*Svm~}#;=A>exWN@ z<2Mk>Z}>%%#pq`3oJ5hd# z{;{_4$i!GJ7Z2<&gh;>O4&RQhjRfJC#-MAOOMx)r03roBX6A|Pl1f$6uUD__&!un4 zw%jtR%3WwN#5FY%Vdo+pT_+3Tqb*{y4{?4?YwyT(w@z5P);&K#%p71V?O%S-g| zu@rE%&2Ov4mvAZGQ^Dn5=*n-S`MBD?fM1Y6i80$5sby$8#Fkp^sp4f?r+;c|XICei zEn29i1VnqCco#Y$*7`~SIK>cg?j>Abo)G5&Q>1-RiB< z0}0iV22>PfY=E+BZ{h0pkSh-AUpk76;RW*Rr9(S3wU90%%x+g5Fw2CIs+b9#z2q3C zzNAPTRcqsco|w}Nw~1-Hjg=;GQu98`td+J|Ml-)Ry^x4p^O)6eVIdbg3M9i+vMm+% z*N^(Fwg%8kq4EQwb_{`Ki0E~0gEBVLEeI|YB*j`HT z-C4*llL%DUTd|oIK}_Bc6QB5-3=?ih*Ei2_(fSj&kV?MPW0usGw)*|n>c5&`@1~R# z6kBE9MvWk=4>F>%euDMKR{z`;V)gsb{QW8sG1~YZVYK_quf8Eh+i6x9v4&CTD`~WM z5LyDGt=pu%vW-VgKv>FX_mwo-j~oGwJ5i*Ff@-w!H)*t2W?NRmXmglw?L&@y0IA4m zf1Nl18<NTDoT zR?~H&^segSLjr&KJm}hm_+<=k-BPMTG_Bg(Gg_NkX{~H?E!sDMwn@+)S&a4yqU|DA z>RbMbKeZV!>1e$HpCUiKe9h0pMcg%NC}MHzSb2OcG{9sQH^48*;f*yBf9UX7@e8T) zLgOw%+bm0)dG&D6B&!+XEZJ?>-jm1_HBZr}2*7n_J^1PT|E6;N*C~d%Ia9vl#`6K` zIGhh;i_XNgo)s@PCC|h$!X>qIU+vhu^zayV$%3ECKmDxlZ|1)kZ{2FJB@FB&<p4G67>$pXBY~xYjxrH%+V)>43vp)3kKmb*z`pk z!}HK$iQt6OFF!u`@j&D}Cmsq~zbKPRbw!l={?~gio(6d`3_^ z1+j*~ptgST=KA5y-REB_*0)Bkh3|IXqV#>$nMYXY z#}u@x)`8mgXs+pqta~(%{r7Dgnpz3Ep&5QE(ud>u>J^7c6h$7dk~3r=bL<6=Q7rK^ zd%)~Jkxk((xj6sv^iS+*>rAN&N|R63qA@C=W>do?xw1imzO=-!juw>ZvefJ@ip6N` zvT(5fHMF#JOEt7=Tw21W`0Fs9SwT(Ul;s3dUX4S%|c>Dv_!MezhJO6n^fru*H=!72WK(pekX{7{gf1M z8IofPc7LSX3W9fJW&Zb>_^f8E>D<^keJImC_k{+az!X0J&3AaDlfUCy#d&(8Fpsb$KTokH3fL@9nkG0*E$rox8x> zgr?Z{-Cdv%$g<5-V0%KP7U$A#FcNnBpxzpZ-NAY3`q5RbHe`ekOfDuXZTQ&4-}#OY zgk>!s_`q%O(yh?6*?L@EZfz7k;%)^r6;aMtv#mFafWr02b9^_PLA`vd6Jj7K+n0 zC&XCco@^)j47*s+(^f`; z9S?&zgO{D5F=P7J2gm|d2>K$;T!^|#voI3l4?hYh(T9p0#NOFWYMC@AJS)kug>Jh;Qrk$cwd^HzYp)lg6+b^VAV1Q zxV-qX#03Z0&VlMhIIAPvP@?_C%PYdD2h|(^WzYlVXi`ij)SMi(>NL$c2Y6dyHXd`% zPx_O6mNrJ$DI#}(Ek=AJC}?I@_OV(S>PEhIg5e=I?=3tKhs7%}im=36{tB}9flr?u z(Ff$V6guC+y#dk_0Sb9*;xH3wkN}DM4oNby@ym8!bbtzbS+ro4o@o1DQ&IoxO|Jqp z+OLm);Og}7Z*Q7=p*TJbK_=GTqI1HmN|X1pAxibf+chKXk2gpX9>eZV3#Exip z#NjVl!okC8PIJ*0{qIn9oMMlLqY{r#Qc1+!Y1x(sa7}{Sm?qsi4_H~MYUrQ`eJC90 zUpoZ>FrDXLFG~M9cAkL-b$4WNQl1y9szck-BeARQ=lm2o_po{TWV%-RI&~}hK3i54 z?Sv2qLV7o-5Qr0FNi|wMmq@|1y>-VR1+hRk-xw>&tX@dcvq24Tu2BC;T7R@pDHscG zA7?zE9H}?Q)ykp%E8}mFx(>pun`h;6W{(RUfUfS7L@sWdT}-;wDdOP)F0CYR{lNn_)@wmrFN^O2b%b(dA{Kt??Dxr=_dFo;=ixoJ|BbHVRaFV zxAq%-Idq!#)%=Zoerc-=s51Uhqnl6aejpjH&}Ug7j*(dBTljO~uR)qCcku>|lwTxi zeGFN$wZ&fagrFw^q@AT#?heM}tg)$E1`GWHqdXpMkVB=NigAMv~bAMv~bAMv~bAMv~bAMv~bAMv~b zADBwenn7G8a z!`TJ#T~ABIH#txjr%rSshY^j@5aAR%KMmjC9J#-r-V?|}%q-DoZ&gy@ykop>)zB+l zlX&!&`Ao!Vx)YNHK08R#61ptR{+F)@iG@tQ&KwUYE^)Y8@mXPyOt2mqEeg?caA=uB zDIm}c6D<~t>*iD%fwJql3kH`^t^JjAYiPqWiyv&p$TQ)ct{!}uKkxI#+TOMfq-@Si z*h%UAu~Ua`zL9ngBkn|K&)yR!NS2A{6X=?@xJuQTTw606MJ@H{aSILloTjl7J2as`%ggB(cAmn7Hw^2c525G{^ zABOB{Fg!EF@Jt%l_&$Wu{m$Jdu^6t0z0+F3<*!1&Iw~gfhCLye?8MxXLxH9m9#;w`Y;I zu#M3^Lsn;9v;GvQ!)9fbL9+s*H0zLg2NRriHR}dTw+e)X?Gj(8yBQYw-OYx8WAqU5&kyil0sKlpDie@f zWA1MsNv@z$vNJW^j6M4XB9D)w+Nw1viatl}4{Z?_W)7 zb*^mZNLZ_@*B}j+#Oq~0EQbRYtwYg%K=-5JF7<5ku`sNL{{kbNe;aYn7%jan-O_~p zob^r@o(5TZ^+IhqP`v^&x($%1AC;sycK1iPRURt!Jo&PeC##6~6q_=LR~SCYj}2vz zvgrdf!zlrSeZnAi$ZZ&dq%3+H|7;k8PmmGygvel@Flb3W&S7cYQ=!;8_Iz2}=8}Z) z1ZTkZ))z*%(fC)3!+^DDY*}hZC`dARStPj)wmE|sXROV69?juqTF?8tB2%T;KZkqM zZ-H2hM1%a3Prrqk|M0}gja7@U(N=?Zl$rq-_N~kXkB!faqEA@B{fwJbE#`t`Z<@mZ z$_-6Szg4yP2lx%qxiUj>nE@mh5DKvS9nrm%tt(og`H$mBm#!w#+>aBpffe_B4?5>noZ&VttgRKxCKL>Cf_{nc8=;}8@?BZ6`IO|B_#0y>tpO&K%` ztVr6781MIjws62K$dSoeepL0kU>>&-6}GjZqFU+fcRTT!-$N+qisX)tz9df zI@f0KGm|y@R$bWxyqUZv;2zB8iEJC5HkYbdok3}gp!vUM?h`G2T1WB zYON)dY{6ZzuT3?(I-2F3wiT0I`e>KFbCOC+;mjE8<2wOs2i=zubS+I=mDjzJ-r>?0y7Zrv#M&QYJ&srpNkRp39Eu^w5^{?qq~&FsnO;I4)&Ob^{f(HH z0N)`o(sBpH2;R?$q3$BoQq~be1+rWmLoOtw z+#FF7@{Snt3_?yx;b%xi7!5skgWJ#!F zVyH(6bz4cO3u35tLdmhv5p?BZs7ndeL|iLwv8m>wAK13JO49Fl>1Vj~Z%O)}UHZ{3 zeWs+p=F$&x=~Iwi)h#wpLL{|>Q>rkuSTR)Cr5!Z+%iF)P_R;h+4#v#;o)RRseZfka zUv5~?{W+6Qo_x~e6Hmx280;Y09CoDT=Jn^Mufj(C9*i`d7->2XH05q222b1V-=*?b z!k(=p5XiX<&Z!pXIPxiT+VnDaNEIUzoT6O1T{Af@E#*(RCkTZXjX#@`D3 z6%S=v?ptGPGr5^#$1|(WX4TujDgK>?+|0DxiDNOyP8mA`(z|#M?7&^HlF~SB^32I+ zOg@vsnor=;=mso0 zjTTNtCWIrxW3W>^L!rgL)2?e98|m5xFHg4t6T3VyiWzWg{dAx%bfRo~q2iVyu)ums zG~4Yoq4cX6@UK;RZ5yQ|z!J9Mf)IGG0C?Pde1zcmtdKYCh&ygloWjI?-D|a}``Dy& z4i`T~{8}_4P9;h+a^C6MxnIGBDqm6C{iq?2G>T|(^r6% zr59J|I+89c>DJn~S@svu22eP8mQZ+3Zt|>i#9Sp?EX6X?&_bqo!@f~rK&pMG8U#ug zfE0Dtc8)&uRHd4-!-KvLLPizQi#C&QgAa0E;UqCaS6`4YLa3{O-HLTpNR7T|(OR*( z*o0O5e)Iiu$oj3~_lx4&(5i5zBG$P@X_=M~T&U`t`TD(vp?|%E#K!S%e7V4cOxD%i zwn{C1uNM(th{|{^UCgMpDC#dHOQP7+)tb+%uHrz-Ptk9)SmkT`A_ULU@@V?-D^;zZ z*91s@z7bMn0fwJL`U$m98@A9ZY#~g(#5fI@Nqc=@cV`b}atoy_8!+3+pI$H2UVK7n z23ETJn!YHLS?E8eD@xjLmb* zxw~r%%MG$*S5ha86Z#kdn1hxH889!8Wu6>liY4uq-$kt>J1nC4To>uE>S)Z<+j9WG z8|Lu4C;{yW(XO1^iOQ0Mxpih6Fw3~UToNIoa;>sV$<$tj5pMtrlhF7-%Vc+5a+*gR zAa99iefFpi)UAbyidrZ^RQvjf`uuu{B0*9i9K?3>>XFg}NE5xG z<0ynY&Gdw-MD|S)$gR9gR{XcD?l`$FT^|dVmB(Re3|Uxe4j940Qeoi}BU#vujz@2L zNvv#+s)Z$}QZG(U+Quqq&E3=Qir&bIm^x`Px@CD{x6Q70L8uP>68D~HEa;GlCFY#T z(hhN_F6+cPe#Z5PWN_(6#O3obh?{uC25f)xg+b6bg?A4_bDXl%aY_y z2TIcMlC;XQBT3>ybh@)Zl5~JTxr>w~sYa6An>Q9N%IBDU4tb_UzH?xue~IlDoO5gWJx+k zlH4=El5~h9{Uu~*Pf2n&DhQOuNdFc@oYR=IozJ-|&Y8@dVI9&?=KeTmU*t$H zQAg(tGRtL-?nh&ojbj)F9CmXsGT>l)V)v>T_L)tHPu59bF|cyn{ZyRUmB^f%F_$=! z1QkZvIWD35#kg1&#iGM}&cEZF^O6Ybj9g|b^uHZL9mVqUh>_%c80YL)TwcP_0=4B? zUg8_Ge3y*Jl*~?XPBc2?7W6OkQ2WMEzXMcssn7Xrob$`#@^d^?Du&9k{9!)l3vteQ z#pTC)s1swTqgejGGLMJqS#w@RID6srxaZa>xG5@~&l`+)s02N*8 zbFPhZepy_8j)(eL43%a1!+g#ian5;C9wUQlZ;@s~`R`<&m$IcB3o_gN85gRCFG89JJ>p+zqBMbwLd03Ac(WQ|zx^Y*zqX`h|zj`H({Ouf38Fl7=@8;WGInq67# z#(TTpCO2=8+ieiV9hicHgVv(XfQ$Ea5l4EcH+5pA|JjINP&0dqAm1>QnLYKy%mwd` z#{!=7rR9JhHJe!W5P0|&-P>BBn!k>Z_ndqvs)2ss);Ga>KGg`faA@M>6RWPe($<{M zocPd-i2a_(x^+J*>ds#>gOEzY>mP-NQvw=XJQlNIpp*KuW>jWr=7Jt9`124rd}DcT zj!a<(kUQwc&nA2xVTpvSGx)z!Xv$A*%5bHBuOKsDF)=+D$0orjx0wAmhH&gO#v2Fv z@(qI^p)Xe{hdNssmPS7>m`5*RxSr%;PXZ5tw+xuO5^1%}!+JAhToLUp<+woa;N_+j zmUVD|0BSKxWJ{w~_{^u8GI?+%1^L$|Wn5Zy#5lSD^romR?sv8Rb}GKga5?-QVYSiqPMT_x*@3gs8Xd$x~s=JfYw4+J1?&A_RmG=^8l5 zYi(prH|t2OT)IbpbUQL-dyG98w1zG7TjeCI?#G%W)wN!(A65^-@Z=oG&mPo(u;%rf z;oUf!!p@Nb4(5ggjTIa%L){4FxNTXP+~ekR+ej}Fq7Oh8O5%VMe58tqr<7c1wBL5{ z{^&G-##`-Vdqi?Qg8tkP`@3sEo*KdeHMF=A}d5Oq^U@wOH1?gaFLI zXXDIRR*sS#3or?Uw#G9-QfYzmqx<5TK?EvhoQ)L^ZMAl7Cxv)G+OSDUkW`LZWoL;cR5EQme^UfEylr;>B=5Vv~|3}^Tz{gco`=>NO0CA(B zRz+E$NbwH@0WB0|3tio6qd~0JKWMZ(tfIX5ry8C{Q#XNZmz1iY^*x0=glARM_y^n; zXtxL?Rm8wUjEc`i`}AI4!GIOQ1L^PkJ?G5axx1UvBEFA5J~Vsp+?g|H&N*}D%$YMY z7Ym=xluUioQ5lph<*{208_zC!1yU`}s8C+K0y<(?z2Xv|vH~F5B;2U{6f_EHr9wBy zb@f~xM<1kU@x-U=_K$bfJ9FJmG~>6dx=BQdTTHo5j4qI0t&pdo!`P-{VF5Ml;%?!~ zR&6g5s0)PbHK<}}4<8{f6CB~C1ZGybc`3U6V-~!$QUS0kn&Rd^0OONbX7giLk%db3 zI4$8`k97ce)-i+d%ejJ7ah|Kff>5f!XZw} z7)D%FH@i%HDJV39K%AAvlby9zClE(T7E#7%@zQE^6Trz*K#EfbAzK}jE>4&vyJmzr z^-TIa&btH?CS4OC5KoXvqVtp~TY$_zI8%Tj^asZ$)mGfL(PVumn7`Yyth#rc28FJI znfO5w!f;{Nd});19LPHr)0c+zBxs#%cz!`$yf(Pt)JV`%+mQ^hfFcfJu%Rjhj*nDjr9tt3|JGQn56Nm^W1XW`&BP!u@fn z*apY=WPIGMY0!BvHgy_=63`&BjPDIS9j{hxui{(%kmZ!A(|jOv8JPxgF9DXx_EIDA!1#}w$l!LUuwS-edwryPiY&SReU%*H28YJ^tL>A zsmaI6e#m{&c;;fA5<|ZPrS`W{Ys}uYkFAKTJdm4<1?Fn`>$ezFZ7176Kf;D^=}Dln zAOt$J2Z?O_F(46t2!9|$RB+&OPc|Cpu|Cx6q*2FhHc&Ik*+EVeBuNbt`T+Wa=%z5W%4aYgzl+-tRTFiVa|J94B3^UpRA>1O-JRv9FDV^7m#6soy+3FS ztY!={!$%8rr%AEPfEEy(-Lfg-T%45VY>q21KR^-R3$`JjTfSElT@u#fZ!lbDqmLa0 z!pWIkGNMdI=V(F&f?ov<4`YF1Uj>h}k5RS?4OfX?|IbFWfXG&)Za}Rv2vq>oeZa|u zu^`1iI;Mg(f?iYu*mxX&tha+(OF=?6+7{ZP|3ZU7vbu8XS#GVABX>o4jIx~UcBsiy zu-jn@S-ORDJnp~9O`8Kb!vW14jn?ZbpVlJQrx2vvx!xnA1_>&Wu00xG1Lnc*=67s_ zkdnKM>c4pcItbnhG_^@o|Hp9Ro>FNeW-`d)S~cPk&`!NBc%KK3t_9`RMbqz-;IkpL zZ3w!TMnQ10<}cG)3GXC>7*^}>*D?;A*gH|4=Jsv;;A$-71x?NC*H!VjzEv)3n>OOU+% zoSJdVaH+E&c*LJVP8UJvF^cy>DmpbOpdzG)VFy%cJFZ%MxMgS%X9Ht?`D_QAZWVE1 zES#6Y8O-u|wfyynn5B?Z_Kn8Mvf$?kWc3{iS8<>mgzyKAzWUY2%1b{ViEf)|xo^ZI zc_jV#lD<_84@RXeRoe%=jMSwuR0_l-2lN z8~B<;h-w>Or5+vzQWL`oUuW! z2%=$VS)q6X7hl13oJA3JV0D2n9>878qVAmJ2AY zvZMvVV1&b<@tiUoP~YINtW+lQnRVMa>xtlY$)18*6TL-*B|0qJV)VzKpfkJ_w(S$3 z>mxe2?gm}CZ8jLAI-(;Uk|py5IaR7gUd`_NA^JcQ%sYU&Bftj@lZNIUz~RRWa8@;!kDU&P+$d$b6;;U462-qEm5>u)X`&I7@1%JI)0ql&0C>>NA6Do8 z;QM6*!0!Vf-~d*j>D~22+7?4RR@kmubu}3FFzV0xq4{gOoiXng6cC3}6_my6=`Mq* z!5*ELOs{~(&iJp|Rcp}bGzrFm*f_FrKKL)vX3QdW?q|Ms<}C1RyTN1hJBsAype^_f zPoQ3k*ftp3!<{hhu)HBhJqhq#=Di9bH1??-a2XK1iQ2wi# zK~8}A>k=uUtOL5s+X{H6%P3Z_71$(y^^KAsWdlbx>3P&qaEq^U7Y1~ z15*v*kserPQ=$Y-V2G?@xmM!0IF<|+9rAjZ$4B&4#aDajC`!6_%GP=k#HXoEtl!g4 zIv@&la>o5sCs-DoIIf-rlb0yanigm?iTjknOAU+fj0L{$5nD zI)5KfUY-Aw7s0@HMQ6-ZjN{9w6 zp=X~GqMm&nJTcpX+PVpOZA`>t>eH7I-SFYF6AiIm?mp5 zN23^gGBC;LB3;!tIdZ`)Y@X%|u;hyjPj|Z`Pa>!>Syf^YVg_Z$OWD@wa}DlMD}Zm# z%eqZm;oD-|Jq5>}ZIKS0h^EgeAF^Jggn1_*C}Ar7gq9gFj{?lEULa|j8JqNb#g*Kv z9PDRiAmDZ}G+p{>LW}WjekcFIeKi8j$MU?KFy3wH{HWEVHR^h5tyE~GJBQtOW~OGZ&eT z1>0NYcqb?(zZ?#whLLai$~*n(PPT9mtifO7=<}BSl9@6Wq)@{okd3&|SMFpOKqLf` zi+uqZ5?o#xm7iMrX>n{;>6Lc669z2~JnGrQmYQ(Aan<$?d~;27YqyC-z%DRXYR1|p zS#HiET6hcY=NP4Z>_iMgK*z1MKSPRmjowBva3|Z;@J;fT3#Z6Vu~XO%AE`Fn27#Bb z#oG>HzCpf&fHzmwhp2J>wdmIjod8(FIUYf7Qx)+gc$Q&PbY=}RsC@y%-FMts6SX;e zXmB4%HOgvgn@c@Pu(Z7Ux>VC$HHciRxDp9swE)seR!dd&x~>M^P}kMs_epEipM%71 zvNGQGT%!m>4RBs0?ShrH=zlS%4mwa?Fyc2z01X@3Db9KKtv`_&qAAITX6HS8V-u9& z`C1hlfL&cV1G$M)$AGonj}PrELVJ-xLrYdr{0nf&4lbfZB}>#D(MzQr8lquMRvfz) zmLbGpC;^)0GbB!FC$X{9CgzKC=`X@yg?%~u=@o6^jiXg)3>!J1kX1XZbEQ@ z+LYk@vU-qzhX#rGYWdqp@Owd!*8h zQo)60@k`4ozK_G5>~)~?edu%qsA?cz1FD{a#ve43gWsrHFb$|2v`R=>k~Mgs7PR`Bo#h|iQ7jX4qyfoBbgGnWDQ;yxGJ5>TvL<5}MI zD^Whirb=`_ysfbuR-gjKN%N&i!y=iKy&XY3UQ9ofAS9JZ{c?yLh*M2uB9LH+keA?z z2!co?vCR<4EqdswNDY-d#=UXzYciJU;>UV=ZGdM1ExbY z`X2Jc|88HjLs#K2QCd=`L)0CFL7g8Gzm?T!Kj41F}yTVwWUMHf^k4vftKVi~g!YI4S zC|PP&45c*O5F;u-3Vn>iLy4+=%DA?t&@I1>c1B0kdT_#9cf6+?&`uU?M0)!L0Hy4E zFtVL7VuFTI624mrV&5fbf?e2)?(rh&9uiooGgYBIq?A_1uy!4E z&KGb9@_RJ861jtL{Y|(;^TR9Z{`@mvZC z`w>9OZb0X`7C0fHU1oIuuIh(VqIuxeXZfm&U>CYCveIP>uGkkKE^?i-%Uf$^@C8z* ztmqcfS5ds^uMB;a)%AE%a!DD;;m!7jiVLWCc>uzk7C;(^=L)oKqu)O20bxm(3-K6u zj;=4HnS+ZQzL6BOUEhkORe{;zjnRcko&@w^0cd|Ogk)cqWKVdR6eLc~CZnX0n~d)L zYuJQ;ZgY&fhRuokw?F2+8|rdLiI(_Q$;L6A-ZP6+5M!^wD06ffc)74ndI|e!cXTKC zm6&K+Uwc^J?WhWE5CL+xfxDT{7et6exI`G$h)dM&H7q4xIMOTzzHuMHQE+w6@m{>9 zMm}Jrs}C=gjKnm6;)W6SGK?V)VT?-p6TAkf%(rbt)SIZ~KnJPr^4Yqhh49pdHYU8P zBs<8Oa{_uD`?({69WG7?E346LDLw34>I_C3Vw{Ps);-#7gLcws)l^rh67Dq|Mca-^ z$}Vm6&4_VOiL316M8|Bs9Z)$KxZ=zGhm}!uEUXzOt_~Cb(i<9_+e(7Da@!M0SvEHV< za^Rp(G<5HVF5!>XUGC|M-qFR#J3&q8U?^D6kmw9SiOW*zu`db?s28om1w~0JLM3}( z7K7oe2il}SyplVz+fVnkC3y}N+|kfY`!C`|8Ee@USgqFK<3j<^P$My}(H7K&S$^y{ z!U9MH&1DZoFo)_2 zT65#G~xUoF)F&I@fZ(7O`t}@uZB~9@L<&DIj*vh zO()HRmYO3;!^FmCmKY9ATCQMh)2^-vL2b%#6Ga2KDjcdC;+2A|;-h`k+TEaq z5JOfyv4`svzo?J%DY*z6uI;LIW}bbrE$BF|yQ^*sI`@GVTzt2ONeEEt z%RrN9?1B%rjbk{YLDX7zY&&g7M%7_12(q}5o2wjlusMw^uJGV1`hrFyH_4o3{4+8H zv5j`HIl>)q#z43u&7Fsuk~h075n{ohn;FFJUDUH|M}GwvNn9Xq@0Poj*S_y{#Ihy& z)P+<*TnfQa1(J`+c!Plj|EgXN@k)_jkt;M+hLkpBnSjWY@;8Ch8fR$oa8t4RSEgM^ zj%mLw_f16C^!-K8@Pj$x&Q#^@9A5S8&V7n%Whk@!t#VP~FqMW`)gYG{a7Q80sr)x! zk{hp*T*Ou8Z0Ol6#0H^IPrLr+3bbRu=c(wdby9`xxeqfgor=1{`knSt5HN#Y5Y&Cw zPf@ot1&PpOxY==7UQKX`G3G|N;Nk~5Q=bIZHx^2FMUSp_ZN!Z85EORIq(p>P)L9Pj z;H&XON=RfuVWT^~-O=GSzy(04Yk(`{w((AhS7XX=n^Ps9;zPht6fwuoAbUyCA}=i|@LgEcIRE*2rcU{;_(*C!EPU)YA3r^9Ag`ZsPNe{drK zL@&JVehN|zRf!1mxtu##2LC>!u8cI_;ny>t=mn^YLPxn1!$%&mVF%+UlHGM{juzNN zMed$IPf*E6Wyzyi{c$L@!t(PEt`8;a5KOeR6P}Bc`_roJBgETG4%elmvttt9(iFrYu$)dMW1AZpzpNn3Oof|i}1H5qEE_&%pV z`$;dF%?c!1FM0dKPSFuf{DS>{o8IN74wQePCuxW3^MmVWKe%$z{ ziXbk5R>or=6`5SeJp^$YO4)CIrvB7>5~41m^R(PIgsYxW_P4VU_;C3TC>2dW_5);p zbCB0z1<9F&_wOel`vZ_m1f(N5=q7yd!^7MjpydB%l3xTyrN*O$enm5#A&Ku4AiB5+gGycIN@G3N{v=-uI!AJXLdTM-37vrt%|XVKN^4AgoSac1x2wMiNy?Hss2W8jW1@B4q?VUkExIu;h|F;( zhj7V3nhFKYYAzBu9O6+I#1oO1#Z#bi?WQylHA-y_(m%n$1(qVK)2yX~$BiSBh#rIT zNUYC<0;7-;#=)3f1{gA^t#cRcP|VlSB9XjYq<-#%_JMdOrf<3j&8ezQWRKY@REZNf z)f&neZQB|D0xc34vMJa47p(3&@}4f)q`Qqr6WH?Rw4ICL5_M#OP71kQAy-8Srudwq z+`N#OISN1JbEMCt*BOW>novjs?Lb%3TfB! zVa*~mO)Jd%u$fSrDJ>Yh8UWprM;Q594~IJsWc5O8FA0We`~OS)yFL}J1BQ8+&9se+Inw9A#jqWB+vWu4C!fjr;OCQ(#& zy^@m^qm93)o0@H_V#XWHiAQB=Anc(xB8O?iR1e*ZI>hqRcBoq9^-~*s_ zNrxXeU0X4V+p5u>PMl*%a`O)~hV3wMsnw2wngmF!V z5%`nQ(zP~#(i{x;(fhalofFBlbk$8Gs29`nwZZ)?aD(B7+Y;7(aKRlKf-zHEKX?~s z&m?eG)8!OB7+btESrY`Dn>zK)`*+4KgNB00Od#{yw7pZZ@%9L7u$~MSLdYc$z6A&< zjGEll$dkq1MF7Q-6(~)Ps1PZaMIsfZVwFMET+@&A!G)T-CaA!P6ct7tS_=;x24zo5`&8O&Fjg1~WR$f*@ z2$o_$L1`?y_Ck91CqZyzwVJ@^7CBm7+`a5UDHEP=0Hr=+bk6y>usSUHA{NI#vULVT z<2OL|txbL()Z@@c_D2`#WOu}=)e+}i6i`lWxtTA8(yQGUP9@O=;0c$Fe~zq2`S0Rn zK?Ynbn#!@a<&gO(k6oOT{{G*ty}5SQK$ksffFnXuIgD!&a%3$>HZx$; z6{PwdG}-7oM>RPXY&mME^Y_#5kxwe-adYt0(3+tdSd4dw&w|$5(}>VRV4BzY_<5oM zXayQzD)A`98Qa#VUyiHNmp_1H@BeEro^s^+$Ifp7n?j-Bgd;loaC)6vj~vDKLJ-&g zD9ei{t57~gzDDOEs|e`NzIOjk6sfStX8z@W(ax{lzjLfrDk4(8*qc!-g($r0;r_bf z_5?ps(@|cAOsjSJFd&%J@;&Cq(5F$ZRMQ<(c|_fKL|L zqHAE-2x(G|Luy6g$>toM5?3D#Ur`t9k;;xb)}rKqVKkPbr$bWl+}`hU=t9Nj7WmCP z9CuuA8)1aY6L{wILZP7FgR81SXnFOv!E;DB(bRw3zcczbV6KsJGHpW+I^=Xih99h^ zl0BcOi`zVfLyHpm;d)T?8=806i)_t%DN)cfM9p)6^`H(SD^+0`hj{BLJw$9?WbOt4 z&w(VAnL77a)mxTVQ|IdKsVk-`t)f+|Iub^_eI#&PAHat=Y!KnEynG2Y!%oOlw!NU2OBB8D7yBgS? znzodej6$k(jeY}KTUE1WCh9C&xfWBd{{FfB{v5n{X}LkZz<(m z`-1${nL%|Yune4w<&_Z#0l(tipqKO>r650x>tb4toN|JJ6#x+o@RvE*=t}%4VXBna zqblD!W0j}Qw$AJ7CF9up9+sX7K6-Ab0!0cf2cJr*oo%xnVwF|G;#JURpi? zaUCG8OK}}3IkI5HbA4SM*O4RS`tL{5Tql4wfS!)8PxNO#U94@n3JS@+aM$!h!(eA}GG zA3x61bKh632lriMF^puoTIFQ9+{w;gEfw1NQy4=YREo#3+`*_GkFo&BymJ&6HOqDT zV5Pu;5Mv^hF>WAWmhst{3+Mr0ItBUbSoX+VNF=?>;@qD0eWKH$YuHhBByw%0qHtsz zB?AFw8lgJHX$F7!0c7BaDdoS+ndigO9LktW&u;M z@6-b{wq~wvZ7a-{d22k?@p?F1%KSmgTjGyP z`y)7sLnrt4%rGrZwu*jv(rh+QT;2xn#FpCr$#b;N@s{p9JJ&{Z%Iq>IcT)Z0sxGcvfP^*$)Ju@2ZEo&f2dP!){C zV>T%rnXUHGNzf+6E%T(^Pzb5jsz+o^h_rt(6Ry0HKsN1=2^+bxd%s7sFTlseh2X%wF}8!K?I zczeIc8CzrdtI=B6mFq=)rKB1x+Zn$Q%m?GpmxZD*-6i=TCa;3uAqRCOlHk5P>?|kB zlC}`kkk&f2P1d;VKVtS(eG~mibDQ1P;~6sH`4u4yVsG**JtGtAdvK2A6%{>2Iyt}} z^mvfE(0yBeyEoR5-}XiNuw;8Lv$uOw6Y?X5Q}Gmz_hpPRbeaakvQ97##MffqdMIKW zWWs#XHz@99K}t1xKb|wTi#!EY`JPJB#o8&F9jEEhG3(-&E39-qY|~673)rwEGQSRa z)`^shFa?8Z4PTTibb5r1{1=D0+8ypAhyetaf*`-e^yKzJ`DukxJI-B$ICcRQoWE9L zNZH~!py`|@!2M8(?&7P)dZvH_XK`D=w@`E4z&rxU8v&^=Y(@fhiTnszj$a_>xmA|Y zc|-gSu5WO0| z6+V|nK4CVrkr#S?`QFl7-hZb+(s#GZUO4Uts z_PEN6W~`C}hg9k6b(33OG@s_i-*=uJ3V` zpa0BERX)pA8L-|aZ>X3i8k9x7|1%xmC`&v|9b&b_D5g=}5>J`2hVq9r<|^abx6K!ev#gZAl8&utR9@GE0r2+BrarrxmLGta~fc(6Prp13|Lw#cM9l52;7N|B+7Q)!{OSp zX4&4cug`{!OpI+~Rj9HbzZ^jDFBse=h`LAzr|qE?lybmD4pYiek`o{+08mkB{eWgd zib(5Z#ttdTS43K`cB_osbikEHmcz(WddT4 zDm!(?%6`Bp6FG|RLCMgk(GS3x!AA+cDDw1vS5qp(5t7>H zkqwVZHmMsxVH{8#lJd-pcBP;!v93b#2-AcJ#0gR6s`rt zwJ9k?iU`I!FNJGokV52y6u#hqv=p+uO5tV7%1{dNky5zUN#UMWwqgI7DmxC9IVqg1 z@2SoS2!3_e7M1f?Mm<7#3_wksfxjoknmPkrM@JKO-x)|_*D#ZrW|h;9-Ean?6*M|w zX$mg8;|!eZc#V#u&OlwMvXCBe2EGjP4#=Zu!!&;B@f$%g=l{W4VQJ+KhPISCw=JT- zZ@EUd$gP2TAqsWj-nZ^U*~Qf2V6Ai-&cAc3&&PeGv+)@pV1UB&_e%X5!M{>ox&zJ! z{D1WA2(d5^pkzfj6Fq>a0wth_F~i@%1R)zPDJ)jG4qED*C`S8bF8ro~oPZI1^Ze!J z7ew{q7ZiAG7vAX?4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BlJZt2U!^2V6== zkGnw7HP6syOk#cHWYP;?*-r89xdxAi4IXEMhg^ek#D1#5d=DGU_prfy4;#$)u)%x} z8_f5x!F&%J%=fUtcuzMNOqgu6Pa5P4zGCc^NDh!#kl*3mp4d#-iCeVj_Cz4}-3aFv zx2Joi+f$$2iGu3(M3BYFyT~5awawQB2lo@IYfB9-R*w-}tnQgER(s~0&il{0!ug!L z?>O0ZG77P9W1X!HPGQ)eEHAw?dg~v>Dw&Q?a^tJ|VxeNW%VywxDpC-XTsu@9e$5wq z=j_gHTs9E*rut;x;Iy-<`-=C;vh*AXWCaY==h>nyM)jSYempL7tkSJLtqO=kKNm{P zCyU%oeX^foZdI<%Pzrsr74ylm@(N-F74O6|OMQl;>fyYGoeB4?xFC?(`}<&0nSa)Z zlJ?Isngf_=+tjneQ0^?iG96{M%#(Ji*HqtU`~09Ptv>OUj;lieBtlZ)pC!#W09FN# zpI*>Ed-4U&KZ{Ih|11*f{Ie$q<)IwzMEU<6WO*Koy&L7x9?6ys{JR)WOzRhK>Iyq& zAfH($pI}qn3VP^#EeXZM21W^t5xVdEbWM&xOeBGr@TY(J`C%d>!7emN;07)=)UP$Q z4Qdj`3EZ76shxlo_0B^_h@v+__TVouml{n&hy-J(vSEuXUXy_Vjh<=0Eiko(3*n-3 zL~Jo5oxKnz+CLg|6e2G8qAnU#k&4f9m@gDcT*vbPv*vgqAQxG@ z4&m7vP&1fDD-c5#VIt(gBx}H`0@cw1TUJ9AcyB>1QT#JC`hzNy^*zL!1p0~fi$J5W z@;{@^z^jDfrkaRQC6b5rqDdn5(|Dgwtsm|ho=E}#wZskiCaIblX%`;!fVIWBZS8pxiz=F*t=vF4#1u}D|2nt0Zu04zCWemlUD&f>*4Eq zgpjixM1Y(#H3cGDz!XqcG)ei7$6) z<=*z_;tO|hLOp>(6Ci>`lpq}V1iVT19?6ak?r&U!tla7T<1!ym5r?y}To*Es{CMZp z&IrKf(hT%W^j!hY6&}r7Ds=g0A*0!?h%MeU2?L7%MIy-c_miJlShanK)sSzcm67j@ zm3=oXm2%edDWJW-3?|&~&mtI-MOEl*>S*^?Zdp~C#LKrg-TPmeLAA%J%#gRAdIIoj z^r!$~q>irl<<^eKW9QV8@>#t75>3rd;x6%p8>lsp`_)+MTvj=@Xl|QSjR$r|CQy!A zmXzK;H(S8lJihUvgAe$fZ@)SIE-AfnZlO?GG`EXcmN5zO>DiKmYu7bxtiK&~Lzj>( z__hRZL?#xJNh8we9(TvW(u5&=$CA=5OG-EXUD1B;5YS$A6VZ8FI2dFOb^5iqy?b}$ zS#Grx-Kz2QI=H<;o!^ti%9lu|j2uW!wiGL)q(f%lxh{tsZ*ic#X|EV~j8>bo^eC(1 zp|-IIk_*GAHwz$#0TiK%kU-DNsspc+f;_^xC9BV{b8sD!^|Y%9SPIm2jIE#cJ%~fl z1T&R$IRw`0)1qYQ9Wo#$%VfEK9onK>SJ|EB;lp}?ZlSB2DNsHFMtfbUP>?Le-U5)~ zfeVmn^tSt4Z@V08zi5bH0BdQ!3+FH7#7@mmmI{mTy(&-uO%G&8xIdA>n__@~)R>n{ zG1piwhidF`5mksGDdH{F^WxQyj_Jk&4pG>^h}%n!bXjH4>dngiRnex`&qAZW&vNCJ z-;a*HVHV+m%#70<)JZPOKr~;mH#aM@Mu)||$>@cfv1^1|85LOX{Ae6et+al19}8Ef&M!bd zo;aZ?l@d3XcT_4?#@VJ&EG0#8=$RMYgw-C2161XfLS~*ID6ye)p^^#q2kF?MZK+RI zqrN5!&gv*T2~=dXVxzeP^#PO;rvlJ{mCYe{V4G5<#=%l-lfgSIMPcLE0Co&1fh=RW zC4v(H=x`cEkG#;Tltjrxq~ZZzPSi^j-QhB7RL(p7_vUcFlFDxCjcmY`aPMK+jjdX5w4meELhXhId^};tVd{baE z)k-VxMmI(m=^S4|3hKD2t1}1&tk7aW#kLxN1TiRV7>kIGmY}%1Q&5IDoI_aPx$V1q zNqHr@>seJ8MH4WJ@SLyKSs7z$Xe=t7G8Yz28^&O)kH9#Bg*0y$hSA&S7HA!H z(K=cNqv(Ks3?*g>2uiq|$)8eH8|z<(ME(by(6XvD)ne+AGqIK=k69@T-?8wW)QF30 zKBD$^T7NXrfx3M(=(`sm>HBWTv5xxrYGD7AmTm{1YT(o468Khy$I3IvhMMrFs(Pxb z3c-f9ZQ8u5Gr`M%0nYGtOWd3|5v^CP1;2?L`|=XYUaW9)1sH#bB=Ao3&Z$l3@@3;W z)-@t-PtbA$y;=@nc&FRod-3_1C*C6-?Da(>(rC-h+jo~nBY>h{W~9*wV2w1T(TLG#B)aNUq0xHK z2>*;mhY4uo;|jiPyfvlbeuF?VRUtOytN-&%9QfDE$rXZ%WxR(26gXgvA220>Q?t@a z0tum#xRjM?2~`phKwq z0Vc;^VcBIbcSJo-mJ_9epXHf+a;wf5iff!cf$0|Pr%+*&O#kvwlTc4 z65ad=+9so6eqyY@hR;GaWcFI&^{&jSu@QOXOoJ}yo-UZPQ;;0!>wIMq7J(L(&w{p) z{VVN@zy>PVHY(Wm=u20tMHXLTFnkA`8UC_8fPadEf2>0nc*&g?g^kCCG>H!9eQxEx z_UPfSKe#jAg6wWIM4M}PMVB$t0wnQjUya6Yd?qQK5i+3IBSGeb3+=NINQdZSB&lzr z5R$J4U2tzLrRo z`X)=bxv_+CwFI7V5y0tMRln9rVUVOdDH6g?T7-xIl}U8#KLM_8`p0B$NE?qXPfd8V zdu!?=LFWJ+osVP`{J=jNVa`W_N9QA%glTXmOoJ*+g9^I;I7AH3`HJ{UT2W8_IIL!> zL4Z!stk*vQgW!KZrgO_g2I7*miKuqYh?MChqIH~kMV@@z-a*_}-9)y&ZQlHf9a1G~Q}ni*{@@ZhpWh z<+(XC1mUKK@LdNX#ZJZaS1C+~5OWw8QID{54|r-y*m$~!O#JNKyTe2q@4LgX-Wk}& zLz;-wV2(JvKO`f0e%$w-XDA0Sr;+LHl%o$U>&cCr#zc#eMeGGV#KSC2Krr*#EKO8H z{c4sb;Gq-OS(=jQElpP0CPV2aXO5etIRQAm%2%2py+B_0qSGL=#w*A`ML>I<6}P+B z#2T-lpGrT(Q1o}EQk^}% zTU4S|FHM=5O6x(T^-Za?-l()bdd3MtC5|v05S2=Y321tnl`Vaasx2Y(AllK@PD^pM_T(FL6tu^iVW=*+b?dg$^sU z14)-_j-rVP%^8MWbiwa|*l(4|ka&2I`maW=e#wc2*P#=vT7E0Z)F^(g&)%DjF8vq! zxDjknTG$S*M?e|+Z-AN|HAe~#FMPuh&IAV!@Lswj(mWthd5D!3x3-q#L9)7BgqyOd_+$rLGfwnI6xZPz~I?DCuFP5MR&Qj-UVTFy2-oMGQ*b{u9WKh-GtkC{~czxKVYIi-`y|TNC zzkA?}FbTRL`qUyy9bHVqBvfy9|b)rSYU4{3rXW(T? zCWpomNs^R3S7z?G_qOL2Tw7hrU8EY6I>!)s<(-G*VA*V2x z-h=M+O;`{CapnM9=TkN7VKTaCBYe?W<-i0ow1?Cy=jM>&+ApOIBjB_x?ZSKceHE57 zT^ZFBr@B{YidDTQ@Z87Dux=L+M$Jdm#yRSUK8L!{!e=JWfi5&9U^U8+KN-#c5@@8( zj+ZKIOp|%YmaZjXPK?mE=*A6b$$|3SQo64}3KE0}G9V2uus4$zvRjo=C_)3egdnw7 z!4Mc9ol*3mRsd2}3pXmFPp>r45jGOov0zsw$AXQ5^3A`jCr=cep96$o$XmwYh#bma z?$6m;&%g^Ltj=HV4|BOf(I1r);CeHIZ}IQBS;grO*bPSIJTl~PYVG?ogD+2V%q~u! z=Wc3~9JtZ@!~UwT8i)v-mjb)aN;KFeRBPUVT{JB|9?~H#@`QJyMnXoz`|$i;+JNHv zolESLvlhVxG{mk2Pm%o{Np_0;Ld`x7uBo2mbY*FUCPnnQZs{!JY65juHf?3*jb94; zV{{uht5pw}lmZi~nt=|b6N=~Bg}SK2o1r?Em~5fSmE+O2ccVI$hM^}(8sr8%B^zZS zGw?dWNyJb%L%k6FkE+8x=ge2hnMQ%TtX|+QTb;jbMuA(TWTJejz}c{u2;AXG4i&hk zB?%&MVed+sb?_5yR-?dqQ@~t=wN;e~;BdmzfAWpYV837kn)=}$5{Kdb`-ft<&yR?w z`(m5=2dg!bK74>SC0WpEgtKIhnGLl%vjM<}#fiWIax;SxZ|;AC<86dB*M(T&5(-FO z3$)3!s56Y~5X~v{h$#Bm55@k6BZmGpw~yE5Tjuk9)AHG^7*6_7WFEJj{BpN9e+w(3AtJdT zU(F1z2y2!0&QN42ixj8PbaOwk(iOnLtTq7dT@fAoGg?9U3Uo%Lu<6(v-UM>OMxMSW zNERd@AiuLjy8@N^S&Qhz=E4S z*R$z4dja~!2X0vkP-yePj2ibbB7I^}u#GS^!Tb2+V3+bFQdJ_zFUlC`2Rd?}2Qof~L)M4ON07^Azc{1MMhc>eRB zg8?rkPKkSzJYNnVyXLvt-Q>C4h8evA5-Kg+4YqHnWBVaOO0wPEtcjL&ErS$9(N*$I zTQWS%7BU8VKBP;dpPb$q@+*OEr%@Px+g$&FMR0-A*$?NkxEplr!KL?ax?Q>@qW1GuB8uNp{>FFm zMJ_A?BEw6o(Npdb``ZkXfp5$A{J1j#F4z3kKor0JpT-g;mU&ENlC|-w_o#Slh)UOd z)OeV$5l$D`d$DnAD%Z)dE70SqAa&evlAcx@QC*f8!~nhoheui(=FazF5(oiq5@jmU=;CnpQ@|5C7DuM`%v?QsNIP(cmes z;R#}|B=#dLI7CM`In~t#@k6j`K8n6OCL&Og>MK&xQ2=p!iPK#NOW31CR4c@Dg7x6< zsed$<>sP9Zlzp&|f9&7QT-lf;sD1pkBtgxUbxDHS#}_6Ed&`LOQB8o%Azoh;| zL_3iCXXL?zEaGJySXbJ*sI)a-8joJ`GZD8DHrkcgX(e=(y$K74{!>^82G>gnWFd|) ze{%aj;ql26_K3;vfXVwv^u{SMyw`zH>wtBaVV&{;gFhf-oex+Ny$={~;sYKjY}#Q` zOdoLk9)$<+^Pe2(Z@*awCV>v%;CJ7;==t~m#n0%73Z!Y}2+ZOeqf6c>=Kp%MZ$0Sr zDQlm%Mb2{xvRu<`Zy2&@{GZ`oVf-Vh3rVk(q`GyDloT_bWj(y^BT-aq?)jf7Ja9(y z4~)a06g9AU1Z)1|P7+k+|1C*SnO~hG zsLY?Q2`2MqSbGWHwalM%hsgX;bD1B4yy#pE#7-O-mrSJW5m}s`fu8a2_f7Wz)->ca zc%XmBH{D9EZp^F*we;69v>;J|XBIs)aV@-*( z_Ww@o*Fx;0=>A_nX<|RrRP2W!_WN^QsDj=FRZ2#gd4}H}^nZ-u^B)wFj3OV+xPUK= zC>b|Tz!{D&8#=(3$Al9E26v#?vv&25-B>g*DH$x0?n1K-xO}3ioHl;>$7T!+E4)!$ z*eb_DELd2`3@9eBG{vB_Qgq&;dmJ}2OvJ{q()Z7KHO&0Wc|Tnd=Lg2x>B6?dYZo#1Z77|sshWp407X+I8*ZZX-u4AZ_YH>wPLN^O2ul{dJ}s> zOm#r@>UBno3{kSM$VP8#)}iAogdh$5ZVIBl0%VUi$ec<~rYPRP11iv24wXXAl(k6% z7?(P~Vpqc}P?DBK&uNNPqW;{32gWAN_*2{!}`98sD=WO8oM06LT z|A0Dt$ncL}30EWSGrjEGpCp--$dzXRsQ3@ycx@=PzqJ|Nu7ya}10E`D{i9tPJbNqfJ zO~ucWGSHm}G3E^KxUEs{5V1$riUtuf6)QQQ36hvOheq}@1rVypfPWHG0k7(iBm?pC z5YJ!bCBO0jS*+qdjb1>BMoxzWpww8dP5P^F#sV!=^&^0UP!X>Z3loZcu)6I|9(YE6 zvx%M&_6^Mg=L*=_xz;7fugI+}p2L{jRCQ~%|NcYRFgsxHO8amN#Ub0#B`uHyuk#+2 zSEnxdO6*}Ie^u(C92vHUS%T_+xpYWYlpiY!1*>rJz9MPOBs!knRDvwn0Vn)N)_ERXTQFL zT##R<=L=X~7B1*jX=?-m=t<}2;K$vYQzqhUB)P?`^-4qarU(E&nx>&zF#~Em(VO@x zdb5hU8OEvZj)#A0I&?hLp(3=PCpMb#jJ_-608{FTM5lA=1U9_)6I8S^^xJZNCAFLn zm55w_{$jG6uPL9o)Ryy$eRF`WliSovfNaDrcT!376eTFpz8dmk?+s{;URjjDj|24; z=*U_#z+=hmfj^LauJaax?57B2xtn76KW(|>svFFV%No@U6etByU!4(@vW#0|mQt(T z65YKp6q;uJXZ2?EpI=j{siJ*>Vgux1A#UZ%#=BCB+%XPMjTNsxH~D=y%)zjfo0tiO zP1*FdBjkva8S5CTJdhOykiqJJO!FILImX0d-s%Fbe zhl)407M9yCuGh%`^KVe2wV*b1`@pLNagkiA zam9MqbuO01yQxp#S}5o@IzkJ{p|yhsYvTh{4o+|jE5eaZTCjvIS7a7%_=wEr+=4iI^Ewpb zf9{i86Cd}k3AC*a;QWW1DGZ83uqLj%5Squkui7q#QQi7C_awr?8Yen_okaV{^O!`- zS2{R<#Z?qV2W}JYlETvkL<^%^fyt)+k*%L8P{R|*fPaM!$ygeaWRxin6_7!!2R?w4 z6R;k-0VR6(0M9aRgEG~FVoSQ3OL52zxVFwy+6IvwYI?(D$Tm!#>8G&G_ zh0T{GW7ao+cP$cJ%oNj}A|k$3hkHcCX^*C>RT3@ukZ@$e4hR;WfoR;oYdJQ2P;;P1 zP9!D<*4S@%?y)a)&uWQ37?>E->Z5wPsv*2_fV4Bna8{fyXuVrd;`*qZmpX~I)^I5W zw8jr$xXD*ag&*;Icm_d@=3Wm8bhC&vi}g4F%rFst$f-ZIYg_TJ#^+nZ}w< znK)GA=<+E(-V&YkU0DyU;>+Uzu11~B0iSGw3Y9buO+wS})2gN*oY-M`DcxoogRme& zsTo|xj#|8dKgfNZwsShQ0y{G@!z_k|R->0-?;=<|qCBYq4DRUE8Acw^oVJJKPAVK8 z7XKYX1rC=gHF*JU+%a9^hCRVdwi=EAKaJXO-(+FCj7mAX02sAFc87dV#U3E(F}uT; ze;?g_zFf1RDd1Lc#SkZ~Nx!2G*$kX=x`TWFC84 zn>iWxxrM_(6LIE-NjMolzZ!16Un`D)BH=RZNnKFd6VaSC<{f;^*xG(rR_R zkafL(rn;73lb?7Z#h_>U#bq&E1ts=z32j*WFg#MAL+!?gRMs=QDKI2kWte zLEa|;X&T(y8(HH&;SbU$b+p#=lhpb4dVWzYyC}&t9~rZtKME|yGwwn;dK@q@QVNXu zh2^;u@Q&farjm3M53d}Jp7jNBuwjWPnT)|{?R2m?*d|jBHeeb$*odUl!N&+n&0Nsy zqg#Jr9cePuoRFo-=$;;Nu;FZ<#ABJ>Pc(zSQr1<=);VzRwVxa7^ld8oL$6o}HFx$4 z`j$-WrlP+t(=Q+i6Cs}~YtcF$8AqWR+)rCli=J^hlhV$=@Vt#K$4~BmRaVwQR(=vI zZb(NOM=53R`&=50F>)>m<-fw}1v*nW9V2=bv--~i=g4Q-`Cn7vpm~sbha50uUF^$A zj<)*Fn#34kS`Is5nOqv;!V_LNcawLDf!kz+Z3Bl{C`a^s+}5cVGkz0}Yza!AL{R$X z%)pBbrQ@o_^V?=K$?gA`ENp1`sZNUvCl%Up+#$ZM&TqCe3H1P+fpb-pV$%TY#*pw< zO`u!>XSA)jWf^18T+A3g^mawV-=Kn^jl>2aBYwwn%K)Jz76%KOQx>TPj9R(GhN6{( zbCO_8BDpCiK=yP+Cu6NpG{zjwpcTzcS0uxd)TRv8yil>5j(4@_ts0 zDeQJ$uKJ4p&#%KVw;hIp-%!>jmZzKL1KK+rv?~dX-a9hLLxZr5ZNXT*vw-8U(Wnb` z*+z1Zj;=n2{_($0G1CPJvi%Nxp5TAM5<)QIIy*0?vMg9dK$(krJ+6G`$90g%D)Lu( zaF9N?9@#NTuOmhAd~jnWRbUd%pH%E6>eg?e;%=>&enT&Q0HTV^u~m9!()L+n>>Ri& zdwVqRSe$69qC8tfSp^!ffQCp9C?>4GrM0akz85Vi_T32?`-rp&ipsj##rN6(sJ=I{ z(<6EW5G8g3Q8l5lPX*+2-+4q$59?0MTNZ56y-K}q9E`PV%Q{NZwbh@%YD5`LMhEa% z%5=S)z3#f}B7+)Df%znd^*Vh@eKp0iDfK>}2^K&tQ!p^iW3JvlqSBVD5i1dS*Zp!Cv<%TlWWY*r}3pFJ`Y-jV}bLyAM;|FGf(+x zB2O6s8a!uv+v?V~q5MyAR0$kVuM@z*)=UdZe3_=B{^~LnQTo)SRvbMd=SK65Q7^6FQ@p+)gqitqW&+QH(s1R%!fCF zjDBeYm+M7?7ebm?l^iLD2Fau|t97t}nQPlB9DUGVFD5}X4e9}h+o#?S%nbe%-$8~` zGQ&4}41rX|iZvp28NQ6=uLmvRA-aA+9tW8BSZ2`TdPN?{*!+^zM&eTvjMSGPY_Qxw z%MZIA#DR7y>uCTkl8D;GA9Z~^0BwXe)zjqz7Z_boqCtWoesG>}1r;U3VTJpHb@Klf z`PdhgS8j{8T-i7_sJ1o(1!B0(xd;}0o%r|}$fShUs!;xdsM!2@LTXl(1gW%jiUCCl zy+_t5jFxCy;|4cLtlQwWz*?m16r_qD5OV5@IM`Ld#a3NH<#@Lu>E80RyB-*}jucGJ zAncMYwTsL?HAfn3na~ys?VS#1?=&;*FmWlQVV1hu>eH&|i(s)cXA^mG&@bG5B$4QR5b^ zTR9aSp#C&kr!{AZ8r>r=&}@#BN-ew*V8gu}u27H#P_E{8qr0ZO=Hrg;{`~E_ z^KF{g_bZfOsQ z^^*y5{U{{y9O$mlTx+BAarW#E%pc*RAsz69L%gWC+?AvpIDmXfGviK_#xuv=dFDJ? zt;jvs?(A}!kMY-FfZ`5fu;grjqNWNDD8Ms^eNErceFq0+yp@I`pSX6LPn>dzV{$x` zWCg&n{z*LYpzHVzctCCFqZTDQRoF0cjRT-N(hD2fZ}%y^#7F^fY!jvJ+I}BWw1*Pw z4gFtmrP`z!8@m40B@9iVtR{AU-X#_+TQx}mrwA$QA&HL`DYY;AQd!M2dYMm|rzulc zxRjx)udeGWF42sv4b}hfDLF&w8$P9Apsw~Q^R2pX`IIgz^&OwGOjCN2lx|I_eb47v zp()k>b}2*s9?9D!#oO}+k@vh!E@F>Z>SSY0<7{Y{xg6b!E-KnE(Fi>gXb>)yrDZ0F$x_i zm85iQN}bRlPhAg3N?i{plKrd&|0$3_(1v_sqeuc&MK z#Q(l>qw=u1>z5`kziuWk{~yG=!j8bK9|v}lxcC+Iw50R|j!(Sq1#l5OZoF&G`8zOQ zsezf1*~OEHpQ>ew<~GBOXbb#|aAxrqFHF5&V6NJy1Izd)oU%Gkh55wc{HWj7HwC*g zLKUb6x4d(`Snk@u9zSgG!^IVBakP|IW9YQVgK+!&WJMLCMCDSvDRnx$+W$5^OWS7z z8(#!PunG$ZEwfrO#VtqykSW<&WM-h`ItRJN^4s~$@8y34Jd)a{DXfj@h50){s2$XfZo=`4wcVW;&0f3Tx+Tc80`^}XH9rN@-}M% z@SmU?XhG}knPM7wI(kTbmt)cGt(gm47RIlo(WbGjXb%x>yroQ#WHrOxmxS}GN_~&6 z>U$J?0;ATUKxHBREXY5axsV%LMrRfK9)0Uj{*lZD^bc0v)$s9O zV2**AgC5}If_SU^4k0G0OWpSn z(vC}rGgd%HsUUNpAS12KB8|v2wDyC9M24hkwe#ns<)1Sbuw|8&TK)IG?zHbO!1v>- z8`$?2bUr$ie;{)q=apc`&YcKWV0{m)&OZQHtMh+$G?u0%0^;ZQDfw{Jm`*rSJI^?> z9UJ4}#!+2?Bek5p8`6l=UtrdOAHnRA%!Nk!lN!lD*Pbwa{y$q4C8;7{`Y~=Xa|U^S zmNxqb_yKFJsR8o64)U>e$Q!&6_oVI10j|;liBI$As>@0LhcXw;$9IwbebG>+$Y}*= z_hERKc0cGjax{{p=?|{XKZv}m^A9;RLCMenBRxZWxH5o=1ze zEfFwKK7Wol_XxNH8NMbNq@Fe?QJTl5IH41v;HDQWoSPY@j+7c15yUmBbGOdnIu!!# zsel0sh3hNBr}NvSGG>5?H_OnDU@rit1{TlncJcg5QXSqM9&gqaG`cN%&v_(B-}EN* zwU&)J{D}@em@5O`UptM$vOMeLKcV-)V&o4<-GpR7QZta;94VC+^P~Gdkn##^E$C%Q zk8M&Pm979#>VYS4aH*@6?vi$V#&^W))u2t|F*4g`jEihO;LbBto8NX>0S;!p!Voey z+emM6Kg*`1$U^>6OtF4t6(!hveWUW}&I@K_2N&1irxn{J+J`8I^z8}lsZyuAdUY&+ zCtH`CY61t63m3w6^6!~Ib1o8b} z!9yIE7926<2@20oZVqcFgt6R<(OmYTQH0DL+0u`ZW*WFycNi6cHrLi9;J3u9wIsiw zPFesgOx|I!@9fOr;Xw*4rW(R-OjvL;k3dlOftFzoJ$h!Il^UX7 zzp*X>{c;p_vAL`h$Fk;cLd5Ta{7sqR3uY_zg>@KDiSwXqGgy*^;+iTiZZF2Ow%o&T z^K$D@DSy2-zwWE9#~}mDELb=vErCCW@HXj^i1anFrR}SzaCLO+`J;k#1;G2!)dEQ8rCHoT`k7f*v>|k3NMcT z0+B|cv&}X3d%PynX@}0pck4t|=>jx7(N)(0d)XABN0w-p*Bn{RQA6KRiR}Zv@WX%P zA}pV~a6jpbQr51n1Wc5;bW8s|xG8fhCJ}@0Rya@!12j{B_BzbiKy|E~?#B!ZCAAM! zSs6vo1auL6qX3W5sJXC1!{C9k<M(|qBuPx%vU|hu@TU4ki^gJ$Y zrs{%cBb7S7yz=_uEexueDtFDnt>w{Ejsw6wEHepfMTn0@bo1>C5?N_d(0e5lD$~yA z7|hA7qEAajac$0Yd`9zdY#63E z=$}v{lc0#8b!o5r4Espy1OoRO$_>9ta!CVCTuDea6@Sx`NRNN)gxB>5YDCdi+Q%4i z8OS<=U;eJLJ_L*U?a){+wW8HwGK9;t1VGAZpPiU+q^Ocmn zgS&KST{@Eo@eb z2VqK#tVhu;TWs4eO+>A*}(1sp`6prGTO042`iO5k%22Io35Ci!zW}rB#SBE&u{E5c%dQA;i5T3*cx=OrJ zY3iU`#6cfwrcV(Y819BDM9ymbD&kw_7vj@7N>Af0(N9)Mz_iN?RRUvN!j(XYTBx+Cie*g;>X@uMPtnh7ezn)xQirw)iAn+gGp(XU5P5FlSreG6D zyA{B%-`doU&cKV5-A5Xxfv!=Dl0zYb{%SR}HIG-Tiq`j_f zZv05K?L2{qsin28McT%}Vjc%kic40*aSc6UH!XdaA@ zh3u-W?9ZxweBNU+gCEopz$ZO!g}wof4iEZsg^fPDro)3X(ShE|Cy@@|J7yyw0c{_$ zs3*(wFX1a*Si-$+TcXWJnl=;NDyN2RXmvDG1|4e?#0%=u_nb(7*)t;jWhNs1Wp(~9 zPa=^ZEN4Qgd!FWCTxT-_xkSD)*A{kqhT7Pod}dw*#x|rOW>+YBhDcUG{e42}FPs}v z|H!{t3U}-ofp^SA;2o>;JN`xjy8%VXBqN?u*o6WacrDVK3CMl0Z+sh-AU3>C!wC#(wZuA%A=Jj+>%PO#NICD5 z`5M@xCF2^a|ke5ca`hXLyQ01r z5Nm8n5_g!N_p{sKQV+w(LIRaxQ=zZ9<%o-bNqw4u7W}P@-WF^oJzx4 zw`j%3ByFZvYkaxxg&ZiOAC)VaLQqJpqKuU=U3o(vyP!(2P* za>cshdv1{Z1KA5++@*o;5-KlJUx007Y75e^ALvj=)sH3_+*HJ-DE~kPLo>yDDRi=L zys5F%>!l#2cn^3^Cyl@_@sIgrtGkB%ubVz zx)De0b5<^Dah!|tES4!eJK{{AP?4#V`XUN^taX{MV&f;z%+-mRKx8RHi4mPn?O ztIpceEOjPV%3lz~!yINc2O%EEJun4(&pVBp1YacfTQ}no#_}~{HI~0ye-hO!(Ik3N*ONWi019iu19;)DtAYY0?Jjos~{%N78GM zbllG9oa0dqLn_5%n%Y8RdO5RV;ul5kuPw!%taUD8F$WhV;^EroDAMb2OGA#a+I>P>k9#7Y=EO^ylgpI4>k$^Ixt*iiIl@N8M<|2h=1p}Zz28j4h-~t|UHU1{R z#Us3)gB$n=Ap&c3Z!OoGX(F>q3k+G?EKi!UIiakeiQtDxxM3n|>5UuCW^n|J+zSUy zy0OOtFOTh=2+KH3YeL)Lv0V<=qs11q6}M(fZPxgBf3!sYu$mMZNbZP^pmaT4G))tA zOe$(t`qd4khZ{tz%7Zz#--ndz!!sp!=x5Kve|27N)&#<8{x3g#nOIC3lB zX?i1-K`khudd$TjZ;Ou*&-vY8?Mi%9*1CC;MjGr6WL7VVVa*E_im=4T3c2e7H5J^M z1vjNfMsaUjfUpEzaC>b418l7YY~8EWhSlptn|X+>;>5-)6kMQ6lnhv;`ORdwLWkLK z>a3MU|2yD78)9+w7e*HL_Tv0~GK1qtusFi8d_-2F@m@K6Imiy&BNtAnddPGJ&aOE3 z4n!GF0M#}@Syf4pyFEz`a|g*DHbP<8Y60Q%mfC#SA$h~FhA2LhqXBzwVXmxo&Xt!O zeyG~!WiHZql2&(=1%RI4!H?y|^UV8y?)~COM~J^DjFf)=FAxK{Yl4nB*~P9ki=kWEF6W~n&;bWdcD5YN>4cr#(e@!n~~bbdFo=%40W_8 zReQ>!4kXW1M^M7IqYVARWf4QkH)1Bn$r_4fUh42CL%~NZKS!Rk@pT#+r+K-YvwZPf zCvnM!xEVgPZ%B_9(ZP{|<=4zD-G-Q*(ud~qvB#yMCs~Xb4#&bRu8b4YVuL;lZ?B>z!#St-{F4UKD3o_wWq@43Kw%Cz zRs_3Gp`3~=@iO5hLF5YdF{eqESHT^W)Yz^yB0Fn6H&yF)v?>`S;;Zn=+-MzIe5_Ta zG&?ML1I^59!kq3Dju9&i%orb71t6o-z#z&>HEQ7ubSo^ZtfL+ar6ZRe0a4ZwaPSDt zi?2dEd_pU(I@^MfP-jbUC8iuBT8%HI4%V17$?y{xuG-8;@MJAS=&F2-G|Ay=17m;< zXzj4k64$yCijuPP>4uWh|8uTJA^yxfJ(u}%u8GR*7rR$EWWZR>R)2eWC@~$b3T;^o zE7e*C33n!f@&_IZ_bn~&uB&Xb!oI5%B_3MnGp^r^KH9ubxHQkQ1|ogNX9;Bf-gk#B zIM3BOGkso*EW0c7hbA?qW&UHSTBm7wgCO?jJ9te*RSq8TmK)Mluj2$Cr}9l573V{8 zg+4_Cz-gSy$LG@^!&%^;T;&kY2>o0joTK^Knf9D@M_b`E>jr+6upEe9uW!wTdQgKH z*Z~7po%Sy4V*LgQ+NM!6X#*H3AZL__v?rQrfvZ*p`zZHXFW7f=hut|#X!sZWF}R|} z}I5LU6N|~~P3rK5v_;>FNd&1cSiGTJ7-jRB|PV*m`%}Z#!VcI!MH1f7C z6lP-Q1k4H=(D6s`2V|Q7Y9^6{B*)lE49~^z?4efg5YeKN=Op|^$dp({;~>}stnP8l z7+NLB9M(i#8Z|jb-1wQmPOXQoRQ!qBGcfH59!S;sPUZv0R4B^#kWJ`gc?VgHom0Y% zl+>SeX^c6#gfEzJB0uKwnnC<2+U*25=755vjkVBVZGee1{D^@asYe5*e3l>dltU^6 zcp-2_h+JC>>A}mijX{_M{p+n5dn~#SrKVxa!E&mLXOZ@A?f{ZWe3A3!q#FJiX;fbX z8;iN4PyA+T=jLo!ZVM^_3W6d)^k&gq^~`uqMnSku4rN&)+1G-{gE5p?Dn$>E617CI zBnfi3?Jm;Tq*?C#02ezF7eqyL zoIIn@&iIFQ)qYdj<3%OJa2-CG43dV@=*9CFENsgR|3CKL20pH$>K{*O3n>&fya)wR z0<=&-phb{ETiHri7ilE|h4LoF@=}nOf)oN6OxY}Lx=pD9T9HTlJR%lFhz~_Wpve|X z6SPWzq5%soSYa+!2~aRXA;0hUoSC`z?rzc+)ZgFV=ikq#n|o)@oH=vm%$YND&di$*u&KAswt@tMKU%ti7=c)8XmU5a((kRHV`< zf|ZBAH^=iAE4we8_lO-TvG!i?Dz-y|szh+=(1^D8B$pKuB*&^FM1mj*?sZk5L^LSY zO8z&B$n+;RJ-ted!vgTW!0R|m=u}5dDWTLiBr3LVXj>w>tVCeQ>u~*4GTz2;{e(M* z8mAe%{(uH$hw}^5O_w-I=Ey;2y%x&ClK4%i`U7M`Y&&<&k z)f$wQ0T60yTtBCq17M`ozFXP-fNEyuPS|bbi}*^J zm9lC9=qr@Oe!y-K$`xakwk=LQmW4gJFH|)?f$iVM8wuiDqMe{o-<$lxG>lny>%pX3 zpW1lnDSG#S!4@VeHs$s`z&zRaFs1t*ooHugQ9I{pJ3B!U)zTRL_4^(gnfT}kZzWDIg`E4HV&u{bag4DzRM86H98@?pW-YQRBB*Xy*Y3Mcn1NS}|WiOU) zH8vcA`|#tL0iQt9?~8&zHiiVz6DY%N1wy)bo2!dT0>myvQL?g3Y$jt5P1=@}HzbO4-=dT0qi>^wou(ezTymGm9L8|pb3ZWVcZj_+i$0o7| zfOno|^&f=|EZ^gy*dCi`c-5_rW@W zs}|!so$Z$;vezgzOwf;GUl1nXNmdHU8ZTTk<%N6;7 z%N%x!U8h|VLOP<3j3((qlEc{|;$CO&$WEp2l`)pSkB4QVa1%PsZjMy;ww*-Rh+VZN zI00>pkiD?D2Oj1=8H%~KSPHYHOCztT)r_>gqgooGfq`$&IQgV4(m2Y)+0|fdp>;bD zA|aTj3yYy}{D@O`^ZEcCw z^haQ2aq<^!-|p-YIe{zY9M=<6tbK5I|J(HDH+dA#Pb9wwk--IMJe%yMheti-stut( zcGNu~E?e?j$(>M-d|3Tk+{=3jonT-aL=u!yMdXWA1m5E+f(bDd!GsU2BF;awyo$JU zN=!v?-v}xKN8ih;h)0T5MBeOh(g#ryL=;mItFYh{6&6! zVp>^3_0yPGu{plj`*=bzD2u|N=|ogvMoqQ7d?ns=Tn(fw91mq~AJD?<6MPsNw@Rh4 z*hS7-!Id`Mjrrd)ah0c{LWU6(HJ2)x>5XWIO(HR6x$JFX z^Q%}11`KKE;Gsf4oGn{ca=XyLoGsY9Z_rHcpB(@M0~f%tD;0XNbGM)X6um95D!zZm z^V%Xo!ayB){{jTFmKu8IGndI*M?Kk7RYJ{{9)%U)iT7_-{8g`F{yKd@ourUF?#fI&1rSvP&kmkx-91WUa2%B}1_V$9~fZ?Pjkvyz2Z=tA8<6b+q7w-}8Ts zjuhJ0CG*);Ozd|)BPR3h7#2~oNbX0|`jKj8#EM}}Z8hze@r2gHFR%qF@IxqBZV}md zRO(Ay&ZXgl7%{N;%IZg(?vMM0`efasj!fB) zD#?1<6UfPRY@Ra)mvM4-$=>i6R>J%J5{r&QK8o>bKYUdfFD-JbAL+Nm$d!JJc-9Gx zJl9?z=Pq%0!I_i3>TePUB~^GpLU>W+THLw$+r*+>03I^PXX4IHWb$UDkW0HrNy{h6 ze}?(p4ztfEvn2mP$>K5y#0$3_0lQ);khGJ7dgvN1`y2#Tw|F4SDHHkefo7eJ+(-$+6c(*fhef@rFI0vz3_~3h=!97%U-^ZOg`PgUINBg+c0~z zd2OQ1k=-bOLQqoNJ%`sJJed!T7H zOw;|CSU!xVyXTz`py?X+8c@>>J!T6uT|~cCH`d|HHyei}ny|3J*7-(SneEm1*-ZR~ z1l?fo1o0b$Hjk{(Lq~FP%FMcr>6Nbxg)J_ZrqHih1%(Sg6oWnoisJYfa1qkRALpiS zgzGiU(5UIalh(hjcS9#9U7lr@!@6t(x8rh>EW`dp6 z_*|8nigi$`%U@1bDFN@Hn>x~e(q4XZh}ZpaW>ZIsdIWe10XM+kVwbzP-)0EAmv9~U zTYM1^18&%)%HRqMl}ip0t_@1ua=IkNg8PM|xf6zXrVU|-Z;3M>C3%j3B^%R20+OQN zWhC>EISsMsyQEjXgfJ{+leSIr;L_i{@%QxTe>y$$DGNlZV@_;DnU|H1YA+wUO5|*S zPNsL%hG9r2?*Z#glN;)!;oKygbtRbqS+Bq#lO20o1i%#mCrRB*Y;k_4V=@F6VoON24NQodMwB1U`{2-XH|;UseabWdq9U0jl5s$=Lh9 ziSLHZ;oIwPZ-w|iwpo0KY!2U#heqi8&DS485ki5 zaVI%PO}h2{Cr`s)WPbE;cAsc4+WUtw7t+xN$05M}$I0l%!(1DJ~Gt>mw^(6+MbR$JM9lFkjl+G?qkQRpYk3H#W|-x$n~?sKo0?f7}jt5`*-=3-W4 z8hJUC;Nk+eLYbQn1hp~;VzH4PE$Nxs(ct{<#KNz4XUKhLg>wI0fWny$nk=I4MSnrx zw=V@`I7JuGp9Nsuo8{Z@am>0F3r~+bA>CY8z>LkpX8WJ}Q!SUX7;jd;5ZX!UEr4FK z2AC!CauJ9MEast7^D2TdQK(>6GRw8#9*63Xv9v@urx4W$`P)&y7}@+M1xG`e znU1JEckwNygC~^q9$fj3IA1%5Ab!t%x;H&eAT(65N|2=r_)HQ7D%e*MjH<_9(a|F9 zs008MLRG0k6uTe)MeDeDFCBl8!EqwWD3~lmxzGQ7>a@l|8oe1!Nie_>vo$l3Nhp4E?>O%XD9@JR(NH*KwX^<$frwLPdTTu=2UYYo8d z^=~plANouPyOJyOehB+92~#i3I6k6?*|`-Du#}PB2^lSl;q8Xe;7Ga@MfBc0f5o{R z?&>rj+lP(w2HD|)+cTCp^t#4jT4|^G#9CD9@a`t5VzY(gFdSl7{JZ}5?G=Lx7obj- z(|2{6Mh^l~2Q%{CET5Y!g z*vn^xzG~MWfG?m*GCQKvp@DsTxfn8sM94B6!yFS$j&cF96&4~DVs}q_k_5Wr`Scm81Q#?@C92MOrDMLxU+jzqVw*Pq4-EDbrDX3=^T|Z zIY}^Iy;bPUi=uGaLMh8yPb5|oP*~MurJdmz(Tk)i(Kr^NCM6|FzE-X0wuJW>77&!Y z+4j&u?7_V2HV&7QM%<#oG>D<6LrR4&wG3^>+?oB1wwbS-YCb8i zGLZ7-{G+W5=sav=M8Pk*PUUc=Av3E}?gR5$TgV272AWD!#cPvm~Q=@136#out*`&gMpBh z=8}k&zAc;AD|m(MTLnt$N>x&NIu0ZJQxn*rKd|TgenQxC|i$Dcr z08|Y5s39Sm|7?I2G~84b*NkW!F7hwf!Dx|RbjYl#U((z1c=YkWURj@u&CZapq7M4)e>{# z-oR)z1GM9uC1#V9K}$uDT7U7VwOlvuFMYZMDipRuYDusJqgLn$fAo^%BZxrB?#bm=J7@c7x$6^1`Ay|wd^s%&YsF{*-SANr||>&obT z3N`WdkSmKy@DCs?!5|c8ixp_iy%GBW|9!=7DB38{k z$Do=E!fJLZqV+rDk)I0lckrtUw1stJbu{$TfY~>MNjMm}!n#`8{0&@V9lVF}V)V5P!VFGiXF5J)YHPq2DncRcp`lOM`Rtfu{>Z`o~hMu|5;WS!I59kmZU3&T-0p zPvV>t;vAC5o)+&;wc}-2)kr)XwE4$ewPItm*0`qp8g_TEvn!uVLX&W(mFp!Nwhn>( zZz*iw&q-wK{X1h+k#I$r08`=9{=fv*8~JSnBl!>Q0xmXm+U~8P$*)}Of_m+iPYhsD z&}}|tbL{+eh9malk{;3r?EJ1lS8x)vI|%0IR=eC`iP8%H$fciDIHw!-qh+slnXjW2 zKssb>AT&h-(jC(|L#b0dqCNwO;UXnQ31EZp)L)8)d_wK zzS@q@-+c5fT&K_DeZ7t8WUvpi`K;x2{ni&la%B`lmgO7O%8iS z>XkMZY3wUim~C?!dP3SECpzbQj(fXiZ>C(;@eP&UrO=qF8B~GLLH%oZ|KheS-StT#pP)!mnomwP~+`Y?zcC>rgYf+u6 zh*paEv80!2(Z11&_S^D`&hQoexl3nmxr*CN>aU^)K!<`-&F2ibU$R?XRMX!-^)>qc;-^ zKg$#usL|;VTXxw`Ajf`gsw4G?%u3z@>VF{Qc(6{zZDO7^G+l*X3>ed13);kac63;$ zAZmZuc09fxgwp;CFSBvO3TFlIWsG@LNXOV~nzKre`BmGhO2*b9+#t3z6odxdd(%Ns z*ay3MI1sh6ur0Uu1P*3q;kX@Ac_g5%oWujWd&NGP$hkAoG!?%VZKjYI5J@rmZKCMW zkc!~C5ZT0DL2u_p5rV>Y9}sce z6I_z^C7PCO6iRH@mYtspapmT0l86xm&>%+Nv~Pz(=C7;i+|ye=TT*M|c&Y^b} zF7cIms(xzk>WTwOQuZ%NsYR3&Zq%TtXdW&Bq7^W=Zlg-CE(w5HCtMTEvAM8^5>1g@ zE*nj7vdu-|SngoS#V&(ju7E^F%MOuT+v%)os3ZWoczl6K*g>+2>;>r%?4Loja;c5b zAShGFm_%aUjUsK_=^XOdEbS&16W%}_PBp75#ss|hTd+lw#|EdCOFkmdFSQgQ`DAcF zIp`w;^+^{&9~Dq9l~nnu;Kg#uM+d(umpm?bpj`4Xfo=&ERXHihmV^FGaCy1p;{%%X zB?L|mlI4<9-sKcy>}LbJ#wg-9x@cwZkjB);Af@+n#$|Ops)fk1_FmYn{(>6ouNzaw z{=}ZQi}@%xQxwZlpumBqRi{yf!OqkhSU8IZAJ^Y+EeE$0_1od zvcWnKYcrhluj?}JqWIi8+)>r{^~9oR1u(23_iOwr1m4t8pVgG1*Nj;PccfA(;~lP9 zA;Ws{xE6|~QvtM(Lp5PQMjqw!fRlA{`)X%qyv&9;bdU1|-&{mM1`C_(Zes|gTu_yV zldKwDoKJ_}X6JJy;Mnzi<~qwh^GO~%l4JA{{JbP7JqxDcrEUyAor_t7U%fNm#~W)d z;wMkbuGIJzz~K|j<{AO?es&%kCbk4oAA$%)@O~!#hx_-sgq$2(KlVZ`_ljDUeNb3p zm?(Z_KEF~_G!}(EzGd!)0vlpO$T-K~6SI?{t)^gN>B#b~E;i5Ha<_C)M6it$?A@qn zRF-wB_|`SL{uUu`S}_hdTm($ztz z8?&_v*$v1VJ}OFcHtNk~XCo!kS=}fP!m8cwppPj#hM<`h{DaXrk*&;WqBxuEBmHr| z$3!YE&8(32CU|K|Mc8DxbTm06b)NJ^s4*rs^oO z&Cx#;zItZf06?^&SK@u%*(3pO1v@fCQ^-88!yB6n6hUqmVO1%H5`u%A3Sp<4aRr zQZ79%^Y{?la}NIMmW&&(b2rozi5-9LaJzCs`g=I^9%^JK59~)<@jTS_3sA!r+WF>w z9VR*7TuYc#yxaWkQIO^(VScd(?Az7IuMP9ddBBc`NCc-U3^*l$C*t2g8_IdZGWZf{ zFfznh&Kq_=VJbqHa^A2%5M~`FJ<9=j!*n>wCUp(^LuWp`K2#C&hK-PpWcrqS$=<7^ zw?hj0UF#b2xhl8ie@aLQykt+i8Zxq(i@;P+i9K1aKOqjWbhO;33 zj%IgP1((X{R`2e*kyY?YD_g|??yghfIIGN~J830$`_;R<4kpfrhk2YsK9sv_-C$t* zzvJ#Y4^>+(!aRt&yFO=girrm@OF9;`b`#VtRJPRJ)w7MO5bmy-J6iT?mw9*BuK^@; zWpH|>=W(&SYxim>hodzgJNrrR&f@Y?r6T6eI!2SNJ4^j2SWAfm3+e!hegl5XIIkXo zsupTwoauP+&Z}x^kLZQ1ab8_KJSJF&JLlDtgB*KAs;f*=00sXH3|p%vpbRB{hM7_A z8e3bHZX4%(NPAY=81J!Yk^qb6BD-Js3Un^UyEEPPJ?GARVh2(n6_)jewF3q7!8o{t zJ_&YMX!sHuc+y{9sjKBbP2v-hX?`t+$7(f`qz?bGZWfr!x3i?a;%JkCvF3ctI&5ZTv3_ksYRl zSuRB_>0qQFj3pt3%>xY*-BSo?j9PIf2_41Ni3dwUJZen-kOMUewu) zPZs4;_eR}wE$^cVs7pvnx2K}Ttu+=%(IZGqA^Uz=w?LV5W;&;ZA1i?Mnz!RmWjZfB_ePq zXk40`vn-doGb#cPVi8kL1U|Oiz#{P8wgZU346cl5KNX2UTGH((Z8${4N|Yjvr-3}^ zhwC6>2O}V$VOz^knV=rQHO3fOMKa?BYVEsj{FU{iNBq59dFTuZ4zcE?HOu^HxK+?aM#DC7Krir@5OD6QdbHl1A1K|wpbL01;zv8OM{?

zUIGEX2RVz z0HL>&vm^7}v8;>dcdnd|hsG>P!4`#3l*sNOxpPoxT0zeIn0H=*39}Sv?f4N$v)hZ{ zLZdV(Ezz|SqZRIWZNyzQ!6hUnzW1_luI#;V!$tRA6oqcTbjaQd8=IT9uKfN>0R^M` zFY8{zW=-+_3&^+oB8NV~rSb}L-mLr+1;&!h2>FJTG*(j>wQ%^M*b(6R-SCiZn11wV zZmD5qo-(;H<~#4cgExX<2dOeh#*kE-S3gk>Nws<7z$lVaV@Mo{emCwYj2b>fxUCPf0&ixIzl?K zUn3Iy%S{8D<@kl&lT6jS&BVs+bXKTnO(!HGCmWWsCt1rZ?x5T3J=gGEXft(x+=y+* zk$}j_uiY*8lBDr5nGIE5er&&ueaf6iKSj|IRE3|rp^L3_VKs0GKqYbeJj#e=1kujZ zy*k*Xe|upgZ@mXOeF3ynF{4hZD`FH!py-j1OC70t6oiI@H63Tm&;BwXTekT%*#aUi z1`&2`hIYsI>nAbmUxpN|DYLuBOC%;A9k?|fMuTUAhl40O6 zD~`h0yk&>4U#HPGivB5>hvwqJO+9YZMkVVxKo$>7j^A8O+B~ve#%F9_J|>oSd~yW3 z@!5TS5ua71eBe22bTA;Ruj?eMRYN`hhb@*` zLXAIajwu6QI{pC(+&g+55ce;Pp}wHcT}%@f>BE&4=3TW^+EwN;jns~|#+bKew|$+0 z-vbD2o^ZcEZ(Db=CBTpIwL zC}F=p3}4BcZ^Ts~%yuSo>v{$+X@p0=zG*$@}q-)HBi?|7~31!hC{G6jm(`4^Ys`2fm zvWM4B+Rb=Jp@64Oq(AT}i(z{ES6*_sZRk>3Xa|hVr^ioinV)(fk+IusJ&1wNC%%ar z#U5CYdSDsWKwOCj_u`i*B+L*&d0*9b0WG$T4(fzaipy;T@+O5ucevP(9*zBor(7x| zMq#clNud`Wy&&Ngg$D(z5Yq)!wRtk8N*NFBwSRIvN;kS=lF9ZAdoLx!iAxh z3t!tZ63#0j;j)sH*(E7)z8o1PsyeaI20XB#ADxF{cKU+ya2w*Bp?3Fty``!Sx2D_EyM6L9&!3MqHsAP z3Kt_OQ@0!@7F*d;Z6Oxb;vpJQh(ZkX06vWn&fCT)PxfqCH>EHjfU2bzOeB&EdM{_6Of}JpblHxE9htHfm5wW1Fp5pVW(B+u# z-Te&G+$0?h-P&|{?y}FLk>1&nT19-OC8O6MfVL#kTVOP`V0U5~@&FE9WA|@}Qg;S* zawbE?Flgb~`k>mu>kSCBh$F@I;&bU4;O_$d5d_exD7WAUs=`N6F5V#N0MXsXIEeZ2 zE6C=|uJKwLZ4CS|dB&@H5lue3-wTG<^^`6F-Z#gI)x9Sj0# zLgbzT7$UGlR$=52NA#wGYQ+OnV-6ZJ%~0Aj#>5=(7Q|CAa)&R>=eENzWM=ACfg>`E zG>C}WLuBM(*%*-yQI5t)0+cm~AbNg1nAtE!#2Z+N812LDZf#uobBZ;ECOPe7Nh)PrE@p_=t17Za}p(y%a#=Se%$YfjtKusmp z=hCPEkn-WT$cFq>kgFemzS@y&v0+EWHl1%zq0a(>#xBi zuM_RIa|4FIB&#d$4!niC{|hxw9guDlgKw4oTqoZUYw~4<#HN-q!a4UGuh61?Pu;Bz zMC?JDoVr_!p2S5w>vOnJHgf9j#g}9(fZcO?%&K^&{9|S9!xpOAKk;f7XL#SrJL${b!D(%x0W= zkUt?jEhkvd-=K=XO22nwtdSk$h=LgJ07*)^b(r&0{=fr*d+KSzKvqp~a=TRo=XTnhl?+oQHgcp7`j3P0`MUyNljpPK=6Le|kFjmb^ z>UKZ52%jzq4+By+!S!G`>pEFCH_ZOJDB;-Fu1CNn+ZMy_cB0r+PJeXSWF3k(;w{u4vo+5KF#PLv#0u=? zf;Xxos?glypC}3v#`^we7I;yXZN{pB6Ot42hR5pMU~Gl z4~g+B4_Y7#!aLYPgll+DRWj#CPI;jj%-ED|FF2hjE6la)-_eUm)oue8$VTvkfy%CY z*beFOWy*F3UmmFJe?Mr;_Wh}}-a@c%tZc&<*=lJSY4&A*>B{=3qFgc!`5h6tUGn=5 zCekhwJmL^4PnLzRBfv55Ugre_nOc|;YS_AQn@iTn77@64xhu(0^C!gQ({b4_-KDB& z?W^XR;0xCvircou47!IQ-PZ3Xb~n3;G*k%+>^r$ivE?S}pxloa$8YF)EQ)|?q+T^O zyMb{Yd8!8X*YvRysh29JAuPO4x#1l5Dv?V+-`+~c882xsWw{szNuAUZ>9*fLXM6D& zmtWA9+x*Mi1ps@x{Cq6`0vB}kj~6ZerLp|m?b$5ztjn*D<^R}~f5_#}h~+PG`QLH* z$yol?F8?~0UmeT;s>?sa=KHuTd%e}RZt7e1oG1m1Kg1F4AZydQeDTzm0g#(a3SjnB zRwfgGy=M(Y#BJX?+~KVW@fOSj(z~U24*bd(P${zalu&=BOrW7(z1v+H%{ua`%@j_i&`#{jqX>1YBFL950l0^<5h)H}^ctx8ur{J26u3 zxL7$q;sz+@de|WwOFRZ0t+kf)~7WV#fun(g%T|4f_vq~NN@n!dE&uhz- z%S6gu8!P8yI*%(??!-vB<6`Ch?qWf=D_4#-zN3=^);@dpNaXyA^@Y*&kdJ0KAI8U2 z^m@||)qnd7K!L_G@B}NehidL{3G-=3XyS}-xkO$ZPq2KLQl%-?9+ON_fGPZ!FIBBD z&ENAWqcx@He_YD^ysxh22QE=QPtNM@_9;m%IO8WiC2djN>r=+r>hAL?HMZ2xe9Cl9 znH{Fg(3HXh9%h!NEPc?Y%+{2uCw)q-rsV(ZQs&qDhRk@`C(ieY$v1prr%#MPF7}Bv zuX)HNNR(r>S-a(mj|SG$BH=&zERK>f`;$pY!kr_`)x?T1KC!u6Vv9}esPD!Th8Lm@ zWW8heF5|+pM#mp|rC4}6>M1h(C-sKM2SKbqKFH@05twTK{7{K_bkygWi+>j3n8upz=3reJ}M z!^n1-p4}Hn+lO)XZtHPo@GfMy>y`~dBo^kG+UcFO)wm4et8^#M#T(9$^$PrH#r(Gy1c7laK;c$oF+SL}Gq+u0=~w88V4ozh zpwm5C*?|FTWPp>i*uiT|-J8kxabxeMgHea9s&J$vli!pv+azw95=}GPCK|3}0>u&bS84H@|N%Lx6Hgv@q3TZ#a-rweeE>$4b@OQngYl)+}l!h(k+p zbL)iyJ?vjBM)F--p1R4@H5Zqo*4ElYWSUiUR2;E;*=(M@7AH7*!9i_fU9*|D4~jTZ zuGI1<=fz?MePglpXib0pt4q|#_?qm-%l~qB#8na*U)b@9j;{+H{7q5#$oN9l{g1CY z7WxkyUjy?qdQCCdWq04j<65F&&f-2f_4!xXkGd;qZQY)5n6$XhHRvepM_b8qsvmAD zPT4ba+NnsBMD<6qA9-n?4=Ve+e&ZN>1%#Q0%Dm{T7BwK(Z?Ld=r$(YX^DvWlR?*FO zNT45HtS>I#m_A!sk)`s6ayI7pHSQDu$*)3oH#n=U!fh!dW7#v1-4$kcnW3@lS;19` z795^q^s=#A?|t8DjVONW^dwxj!hIzM=PHW8bt&BOF}PW7Ym3{8S7_y(rtj%@^!x)F zJl*#F5t5n8VE_~JMLAUy>|rr>B&Xwv zx+agch+87?xi*qcbtEt``#vfv$uj<-F-~4=x5YGOvtp#G=4kk$d(96YQ91Tm5>WOnkoCwGOjRk$Wrj=Tr~GA9jVz0Ajop(~sHBf3ZQDq;pxw zpNr`)Av0tquo~OakFe3G!IgCWl%oD>=nhFJ(?ukqsEcMukHAkXUG%alu>!iN09e~a z1)*vIQ2Q>*)K0;5bQgrRvBM$)!44~`jU5)Rt#*Lg_I9;Nm9}1}kC7XdNs)ey>bolR zPp|qP)p@1$JxlZl=^im3BKx$o+P_bZ|RP>BOOHaO12rnU|m zZz0L4gxm5X2PJ-v3kx3sQhe?KP`M$aGtVP0}oB$)lJ@i zhj$+o5}Zn++xll3?$&gqNthV2n~@D8C4aue0N;Ebky2f(EFc6lwG_`wB_|_3&FiK7 zkWphKW=$NTONFRqXwWj42?BMh*0M~9B?3-Rq-HRxic*B2Vtz&fHx@!BvhuVZPyE&@ z;6XL-3g0)8l~Zn-fV;vEMN~@&F<27Pk^tFk^EXQ@{|%L5YKa`4ldno!*+8d_Pc2C_ z+@o!UT5$n--4X)ZnQn9;u$}WOLC6-fYd(PIN7!}ZFg7H{uKB{Q#bDQB$F5NVm0E1s zHNTi$!3iAhqW?BS=;oWU8HnHsT4!vr=SinVa>r8`$sJE&7ILBIc=ggD++%qJCzqdb}$bs~%68U6L|B*k38to)6>G`9858JV`9HabXI9 z`1FGtQvw8wXvZfnMtE$HdqQJ zWosA+jcjY)@B;$E`S znQJ{TY;h&-ipy-TC4OFMU7mMZG|d&}yQ!YO)!A!FLb@p{pn5P0XA@^2HPNPS_Cr~V zCi&spM1XRf%G(-kBz|}BjQYx@iweM$Xi5n_Wjx~Tg$X(NWz@YqD6ci}UJ^7}*~A@) zV3a6kK{ByN(0(O~HnBBm%U3RO_a&8M_N)kg5LRVl?-zzC8QjP##mb|V>w_a`%R?1c zULHz9@FTdCKaea{I-+^xC$mE2E77nVd2?5Y*nxowxzSAH?FEfS&u0Vx!RjYa>%G z85939s2{*}78&uK-iYtUpyk=0sSfF2N`;SM7{ zAEO9Hyfy65Q_eu`QmZkZLaQ;JLc=beGCr`89NOH_YK()?YK*7QYK*6pL(WA802Mi` z#&g-B#RW@|(+-LwryUeep&b-Y8Sk!*)9Ua6g)6tLx+_ai%_&K_q9mnUdvjW$5&+|A z3){S!>$4b!;Fckbzz&&;80m)&HQ0m>NU*U$w zzS0^$>LVYxMTuUFLL%p>;X^p;oQ-|a^V?OT zFBsU`*7b*zNPLBv^rg}rAEz%AUeBX&lnxVGaS!wwn)j+?O7|ZG|Cn_a|DYTC$6rl- zRJ0juFkp?>BCk8;_zrhV+*ZIxMdIrWj@r*>8!j6!o3SR`jP1!`?-fdpTd-;#SAqT! zLO=J^5X#x|b2nK-6=Ew^!Dht4W|(ipz-CymS#hvg=8_oLEDOe6s7R$X=J*&`jRi}` z!O~{$7+BhZ)yBbU&07yfn@|fdYV}_HrQl%KEVkbhKcB$<+=2X1--&E;{7$tqjz^sh zR~8hX#Mcc;%)3W34Bf(=&Mgcn`jeC58+Jr5OT;v}ixWnBxr8=wgXwmkTt7TuQ#kZi!dKtj3R*}E9l^ne79BkrS(7OH7)ftHairPEdKf;0ZC z&n}f#OleK>w2L!DATvgK*%~IW6wc6h1BNrL;y>AW_KYi}91bRh{+c5AIlbmh?uZnv z4vOLJ6)Kn*Fh{6BJfMa%W|i6`I@Sh3pzD&!(7OvQ&Ur`9HXN;tLgZ>ao)EcufK5Oz zqu2=}@PD-2(W;H-q=l0cw@txe3EkPcNMubAa_ZI{GdiCMiV5Z)_q{Li1on%Q&VVBJ z>#AV-D=i$HMMY(r@y;qRPOdA7IgrMg(B9dvy{3qAcg|~QQH{veZikpNFkNbUG7Gj zyy&H(J8Du~bT$Ld-&J#eBJ&ZUnC1^+qcSV|I3Rds&HW2f_xmer?0Fn6ckKS}DO!vv zD|@%ay&*g1kuu+&F>>n@Ty;W1xcOW-ZpZrmA)GP;v=GP}N+ehdXATc~k~A$+TMgPa zl0FDq=BZ}Ob=$1w`KkL78SNjbS}DF0ZMttk>OSA513`^&$uF+U-qdmzdE80MpPGJr zswI*6jF!~veKJQ{Jf1glJ>XQM8`t@{^z zZ?XDp^TPB3m8?i!wp!ceZtBF+u>&dov_N3>G5aID2??DitqLU({V05EPGnA24GxOj zb_OM*F|}-N-LiUM)?Uk{mLZI-BXt)m3;u#1WasfGkvRgtwt~F7dc(-M1GE_7gZ6?B zy^RB1))(xADp9;3#VP8*E|=V}0t}prpdLSfkUex63<7~GY6yYS6#-2KKydR&hl@bq z8W}=h1yB)eJzdwJZV}s}AG8iEoLZp#&zyP}1z)d%+T9h%)ZGOg*@S96V|h(fg*QM- zxH~G3Y#js*TTkg46h;W4TnKcpv>admyBCemrS9SaEp=DGu!*^K_tKM-n0FX{rH{BV zrj(tjD9R{@55TzzieJP$SgLy)Jz&{p1Og;Q#*vRdfj(}Wvq6W4)2gVTA~+2li_3zC zBo@w9sqLW>qcL)v5`cGl(UIUOyqbPN@ja9S|K#Z>F&!I{2vZU7skrDT(ayG2UH~$U1o>?3w@H%aADo{R!3sOwNq3a+@3>+LYl|CvnePr6{+ADk4&=le4E+7^4^6EI z_KBiH>3HvMo`1k^8!L*18{(oNAc}(%3s1l+#}=oW*YF(U-=K*+e-`84HWS+=$)c17 z(?jo2Zj)Ge5ndh2_lwI9n%EaDFCO^Lu=@zMFh=4*hZc49waR~3@;}ydV)izVz7Q-#jGyuH>AYAx# z3@y|$g=;HOdf&~JzOK@mc9?|WOu=j%oClrPp|qiN1s>P14fq$DuG%itj9h6UbFDdO zi{L%yG5UDi_ghlHvqzRGZvXLFi>khzRmYu8^{9=q!oM1C7vUGLtWtB?ZXp`5&k7z; z^#un){5n$WSvFI*KI9N=ld0>4LuZV%99nNVgyjA>v|c#0-f?KXaEM>vva)+Bswou+ z?uC$F5^Xkff(QwmRYM>Yjg~nfiYW06%?fHz8ihFk&;t~(#6qrWk;WIep@4)>tU_bQ zl%Dj=BW+bLN2;=;P&k6a0=`p=hSvJxPW=o7Nu)-Nez(l^!wd!D!)%;-4|~{3tO%SG zAi7Tgky>d-cyJS%V+Fx+m_v(&`oXfB@FT?JL7VF8iz+MvO;-XdnaQryr%=)Oi}B0s zPr1Pv?I1ZsT)yvUDcYeK9XnKPAv30iLjq%m7XkfYf6M0YS->J~h5~Um_nS|B<(t}P zo65WJD61Ua@L)nO;#&A4B}vDBdWj~lwnYyC+{`XkYU(jiT#xM)_L$QeyQ9aD%~9tM z5v%`Z?uKfNLUH-3ezPnD4qSu^3kI8?J?3@ZWWbF(UFgzupuL8qo{sDW*mwk=yMj+V zo1SQ*Mafw!J+q04GME=u>tL1w^A`^7p=~%*-V$vM@*1kXJ%K>QP5>wn@(_HB!l$KH zYazP!iL33AGf%HDpW4rMQnVp|!p!KP_?Z<`RRjg1VYx)07XM;eg?V+~I4*(ub_D7a zLai!-l1cT-2-KN``d&Gx6C+S#t^-}QMNq>?*Qf~8v4lFg98@3s(Q+b5s85uGdNu-; zBGk4;P-3*o($V5NiBJXfopg@nsz5bGaP8HCHnx_7x+nt0kE5I0il7*e7EFpjO=FFh zmxKCf1nN9OrOQFRg?@6JxQtNy6+v-63Z95S)e>scKJhjR)IAZX215O=9274|a5XL_ zRC5s&*%rv9DweC?CDeik&eY zD1xdY)MF8-4nn>0@i-@TCe-&MP)`wRO%c>CgrbS%YJ8qhcNam4O(XM^r9L23eGwF= zWxc7>LcK|-GmD_OUl4Fv6wz&SS5cv1Cr0#JW8FskaZBr`+#@k>6&XzJ1wZ8oZ0Y0p zscSsV&%qPv0B+8Ue zx>}MbKtAa_Nusp)q%TMkMZ+hJm!v`0N0LTM5O$P5&*MO}ZV=Wa++M?|-A zJFk(w zi+Sz}K9$UUOq98A@t$_>V+!WJF8skPruhx>T6XRufXsb-aC0A@G4~M%1lihQO)L0L z`%0RNFN8>|U8L0!wjt)iXd}3wZzr$Ab8g*WLN^TcLy=14YQqRJAaD10J|4w$t^n6{ zBi4f0%%Hs(Yk}=Bh+;YY?iOhiQnFW9?a`{?jVP(=Z;Von-i+9ERlF@!2pW$Ddacc&=NzU<=wcw^@p! z=ooBX=?4$OZ0>fnUn#=++o-U<%o|l7HcB0u>+G(#Z548OsMEy?(cyPwBREqda&HawbM( zgq^bBYj1GF;dHiILWSDBrf!;3yW=a? zQ`fRcW2HX8$>1>1H-kpRPB`}KpXq_rVlN6l5k0ZRz3b3hlD9c6_zPMef;z(Ix&M)Q z2kvVcjFMalH=WcTfxtdI@>+868LWJ9kbbD58K_(2vlQ@&-I~bkqX<|dy-x7C4Rw{n z&p-#+tqW4OdIwoED#z%SVd6q1=t89P244V}+LHJMn0ap?^DA#?;GwV_{(JY%5^?Xq zQ*bZp!OO6fFIEogL>ZEb>iHc3e)4iu#U^+tD!QqU-cTZ2;A(5O{sV60Y@U#1nY3qX)7k3AIAlu8sGD&k@kb9wb1_>kFX13)ow>~H@`0Ydz zeL9j9aZfSGMKuT)vpl+_9+RVx4v$JbNJwP%Q$otPPdZY!Vf^$3cLM_86_o_%%nG_! znt{BsC<(BNfZM+;i55gk4$l-4I~I^tzRqn~lCzgovkMMD=X6kOk zMi!=6igUEtW03@$xv953Z3b`{=Tf(2%(jiG+k*c^>!k}ZmV%vh+IQkT0Q=c5p;I-w zzZf;_%6|)na~~QF-J{tjAA6&6EA{2*;^-Q|}UuiZ}Jn;Jc9Nxp4Bzko1A= zp*G}-Fw};$&w%hk=@Uo@BQKy&*5$Qkj<}3I#=d?pOgWTNWayFGiDE zBs8KG7v@rnTr(2CNG)2~TfQAdwWJnC5G;%!SlAx|y?9CX96*ijT_~CFVV6^IZSjx* zbVS*N0d@9%ydJl<;AKsK#rwa}K7a~izh(l6ci4|K&Opk5Gy2LxrOt{NE}Ys+=5=?c zV5!9b6(61PM?vJIHj%KcpG42zD%zJ}gbVF_h|o?A>ur*LX=kDT-$;;o|3A}681?~; zge|t`i|qqAb+^Di=*4`th4#U32>MU452iRw#nTpM-Fm2ia`wTSNJn;FvOk4ikkW-= z#NaF12U}np3`eyc)nr02 z&X(=K-=cgbxG%h5<-}tU_zWhN9%jQE{sY3Yx3Puxiqn5whK2hY+|LlSK0>(}`5K3e z&556E$>zjQ7NmaSHz#h0i+J;*TTvE2!mGnh`^DAlYkYer<@rRuiiBgURA{IsD z=0RxDhu&bJ_XQI?1*v>+xGqH5=*<*oKZR@0&>YnMFI|6yvXbq-Uy^0eCuLjL~!`$;u7E zb|@nW_qDk$wuTj_XYQu1iQMool(0O&geMUxC?8n%zAYsl&Mmkcq#39IkEE6VnA~HZ zqXGVIKB%VqDb4}&`pXQo*+|bF{mzAq**!7uSnNZ}Xv__HtUK;^{sgm}XK|nC%PvyL z`W6_NH^?T42Z0GaLr}Ked7I7Kd<{c&c4Q0Cc}VIF9uv?roX6+a1AyKkpfeok(g8rP z5YS5;=$rvSCnGO7THu{a+oT47-%UUnfx>@guK_><+RE(=LlMx|_}UK}+K?CgOyE5g z?E}Cs5>QXYZ3BSL6i`pa#RGtjLtbzQe-7Z!z65P|UVU>oU;Cl|eX8|#MgmDwhYSGv zw16@kNI)g}rys1#02+K(;GNUS+{4#?;A;v06@hnA2Ijf};M0U3FYqn|!JIGv{0PGD zAn-0e!R$EzyrG8w1Afx&E_lHNeC>z+7Q+8T;9X>cd1wIm`Gl7n`r2LCgJ~Q9o*^H> zi3DhOF%d?t@9T%2(S%n|qzjlZ2MvIqODhfVX?M{S<{wDwuf3gwf0zL6SGlqJ_yF)r z1eDP^{AVQQu^-Ye6VR_YtY778KcJsMUT~DayXX#c`~dK>!3UM6bFtHr&}hAI=<&3& zzY|>bapbhMVzBoMEWeL1=Ga7ur4clAmk|0LLjR<=$Tbp$R?ak52+y z*hV;ZoSH>MB){H{1YAwUCj>S}!XcR=At7~te@&vl1sWkCHMCG?${WKW`C2w4ga{-g zgb%@Y!cqtcVIi24ZaQwb2}FeC5e=K;+P{0 zpzK~kId9hT z!A;h3H9x+P=ptXXL$8ukIfM8@KDJv8fK3C~8)-STuO^<*npSRD|`WGzz zDGPXd!4{EEpOAO=hfM3SQ4lw~q1e67_d#93Y`>N(#&wyxb$yA38X(QptuxPbQQeA zBnV>y3b|w@7HMcV+?soU6fk>yYF%Ox9i_R{I^+d=;&E75M!^3a7poYQe%0`A!F=`R~m(r_;R8|C8kcec~H3I!+ z-BG9uUq2M+G5o`t2d%~v>cTmYX=|r6rMk=wC>yEn&eqLVhtROTL{_=ejm3kGZ($L# z-t$>Nj3XTpSSDcCLyyU7D2B72XB5Yi@Pim2wHuy#5+S4E8LL zCZ#HI+PSe3?|^4f`<|)8%EjKSc`sN*g>TM6;mo*G{h=3%dGI;rOp+XY$~Y>(hcf3t z$=TiK2$Oe34jLfO%KS}80Ye$pGDAYnCj0SK&3H4p-??#`L8E#_{URXlAynUIuHm4S zsZ;ig!ub-%EIU#r9EuI32aR;1_3`kv8ca`wucOiQXhXU%BS^uVd|H;AqVSJahC`L^ z_dQ-ogdWyTvt@y>BDhV;Ld&)h1|t}71)QJ4z@;Y@sJe4FnSpSan`O@BSqWg$o8jly zb<6nGEGQN~fLV^7aV)C~iJL|WCVsy{QyW*CCvHV`)b5{+)SI4LSC|EDW9!0qSoy|M zR@j*$( zQnhJX7sP(8IS)b-t$ycd^|t|4rp|apVB(4ZBQ}#C%yn-Qr)_@gWZt)gvaB^V9$Q?? zsOz8}sR5NxaE;_cGDefEM!n$|$A!R?THwHijrM6W5A}x6>1{kja&X&NVrjk4&V7wT zMj|lt^w(bNTb=qD44rB9?O%oNPq+QbO^y#g1M=#OS6c?6 zLqi9QZl%Ts%=fHFn2!vMNbLd)qzdePCrT-j^bb6w#@#OR;)j$$yww&CsfkSlMVmOJ z^1!pTL+TOM|UyM_cNq+!lgRVA=S1pQvD=U9}~Q-9#YNy4yk9T+5VYBYRHEE zht#a6$_^>c(mO%IFoibCB18f_IkMzUR}Mv^%&q6@Q7&pCbfngWlT>WpnNHaU8;hnR zIa;JwW<+PHgLRatZKyG(4jXE$2;`euAhF1v?9QduiY?fkSojH&23ru~YjU%PYtEq6 z=8gX?YZP_^ZYzz#ZZ{RILp?AG*P6GRX{8aB`6nBN-J<$0#KpTpQP4bTCDXSdx9dm&TIX3sFlX5H6&$nzb)`9gWC|y=q0lrpvC8%dyq!?jMz`2 zXKAw0{-8)Q#^3{+Q_phOGc=)E>~l5LbRON*Vr~^B2#$!5m#A`?02=-XN;*<&gdlKF zZC^E0^j4=+NUByd0+ve^bVgdOg%Qt3}9j~Svy7ME zKqwI`MMRa*RByjp?6!)p=~kqi#p?UDKhYe>PA=eRyJ4NcEefoVrBMjH{mSFxG}^ug zD$`k}BhVyKNWA9%U6X$MRi-ebDSh+Ww z7q4RGU75P&80b@3f2wnQYPnut&oL_9@viVd_IkSMZ=?kWbh*^>L(oSvd(4j;-a*5K z31~k^>Jwj@cpw*Hg-7kU7$*qYcH?tv-~#3&(};05x2XY|2tA^k>ONYN2-%=s%qV!XS;(7 zsXa@Lf|HP}rYYxczh#6jk*Q$OFkr(}AR)h8rxsvTJSX)*VMvoWlUJd;r@L3`Op&|j z_D<8BZmTL~Z-;wt5Yc^5W^xtE~n@A>L#7$L{PjP3yM0vdi4{H<`gV zhadR7_MD{K+kT%6_L^fN!NfTQwFV729$&PG?}2S&2LE_KbB9ct4J;s+dan$V{2mz1 z9mgk3$cy%qV!9jl-j9k5A9T;))LLDMgB`#>m78j^Ek0yw~aunBOAl6z&~ZQmHprsbj!GK2nru-*u9}=XPTf{Pc(W{jQVtr zAzB${!zGphhvU|##}9eZ4d()|R0P~l6wyLa`fF0_gI}N$D{WMDcQ`yUezK9xz7ZJB zUqddMLR?ar4zh#XD+ZZif6{#=698JzHVCXg-z!TYVvCd;VXp1J+z8-zBLee$!#G!; z#DzGQorZnzUIS}g3GS}hS8(gSjdrY=Mqw`G-w$Wt1QD320wQy@lCrGrG zs?3I$-o?AHmiy&qypUBcUhPF$9-5~}pYu!Euf+ZS_+B>T`R*^m+wh&gzK%Gh-iN9VlvAvYDcqK^ z$-k{c2op$ZxEfSU!SIZM}7BtT$IoLSz+gHmcZA zR0!s{uQ)fYCtk>W|GC$Mvhz_l&evkBu}1d>$_yxLn%ECz4i3VHO6(iHRLx30d1I6^ z4I&7~e`dpM4E|p6pXhmeu!enrTdJo};kj=TFrf+wkbVhIV1OYMI#u4mwnRt$d^};e zOZkp^0f$5oTSq;y5uwfk4UGae6*mQ(1KpMC8T-_v#;!>WNU0e6)CsM(eV-biw+`4# z3_6C4Bxc-7@Xx!&;GLIV>yr(6NL26G{G`UbB_N+}d0=Y^;0+4ZBzf~!DWq|WLK>U( z*Q0*;re=rp=cLmoopuTq0c0flrO-HM9na1ormhoi!n_*h4YrF4#a)DiXcy6bw)e_Ms|KDTZYWi8S4O+d6v!q52Bro=5&dCh||b(_wdpL#d3=wkqBIjuijKHJ_ERuVuyPnf<5OLU zhEIB^GE^dppTLb0F@q26x}%wCG$?Gro`RUCL+G*y3`2CfYW6#n zmq;7ul4#-p8Iq(^WCHkVn8x0av~yjW?*>Uu`((6CeaM)ql@|wGPhRN37U_~6Y%}(- z0}?mWc#vupRvi18ztxzlu>BO8qc@KhFrE|vg}HR~*r(D5y}?^n8_6Bn8S70CPABo6 zjG!}rxz1IM`A@jzshWKwvL-4O(uAxhWn9}vG{=1W1b(-I6>2-aB*?_5MVjziFWu8r(4yJJYvNWX=9I*NmH&QNuDVGY}Bj{itc zUvRW;v9RSK#_bc?Q63{~!1R&02B0y0q_i7=9m#RPJvkseumoQA9Pdp7`|C z{58NQwHBDcpG0;oC?`oMpto+9*6|!KmnmPzHYIiJ;_B#O9sEgTSL4^#fs4G6P+G?| zW$F-8ITKklBO+)@>b(Q}3yH)C%B&n>Wl}CIDr~p1uuCH?acL_*pSrRze20_?)A+Ge z+$a!BlTV`xP;i1)FTKn0iW&yTYDfTKh)rvVW0TLZ3bwh3U-&(Eb2CjGyi^qMauY2i zyvPSleGaDd#7z#Y0{02r^iiRtt`|z8Z5W?hce(R4{DqwJ9&`C}P!TV1mqEI^Tm~X{ z&=l$2`IKV4;X)rHeeOmUEe3^l68H$#++x`TKk|A1{IMhK{?N2mIa)*RSfzn44eepc z&(t0X5f#2tEezj9K1gS~J=8HHeQO;j{`c=z$M~{6RZuBA2v=pvail9FO06NPRG=O( z@rkO1%5b|1LlR92RM%^J`V8CCV)x^UH1joFl&A59-eVAx7x7=!rw(aI`W}uD~hqkI?Xc990iYG6nLo8>VCmNqOhGhwsrT z@ft-};QSVyNx8Jr4Tc>Z$Dp-6rOXu%TNhwq-Rk>396#30|0`Gw>T|9yR z6^0OYggKV3MvIlJWd@rFznzUELUY*bap8CKHkaAJf4W3UJmmWWAdRo^I4b|Lqo6ZP&21Y-HmMZDb4)FwHJ5#c}h#hKZ+*Uik)1o83v z1di~wax?SZt7K;G!OWb*u0h$Ec{&_BtS&Y)m*=Woc+XwM2?u*6W#=D$CQEm~Y*0TO zJ+VpW5~?1ZrFJF*P`95EK4-$ET%+RtXPQ(J#IB&)t#V6n(C?GIHeqTt;$rqp~?*LVhs_& z5vt7K5RU__5mh0yg}Tw<@VfCoL-#wFX=b;9LoImOHGTTV$sy^B}Axr*p3$EdED+G&*A}%fk;gb=}jw z7>YaA7-tz9a|V!Fm{piR|H}S?-%$$~=cpEDPC{am461$9?tJMlq=e``<^= zx-(IGK;EL4N*hijf-yox-A#R@zU$L6@t9M!IW@>AYw6}wh)o*Q$`P8S}ro6Z?c=!$2 z8|QNs>_l<36e`0{cQJs{_mh`E-#Puky5su_`*p%ntCi)wJG!s1rw|s)^N3covSoJ! zWLWPj$f80-)bL>xa?{qC1ahr~m|2yK`Y)^9=0xMP^%FF%1FG;T`XgI13 zn%EmZe@Prr=qPIAF+{&c&O?`B-E8VT*^i0o-7{1j+DN0F+#4J)8fi2|8XSfgF}U3! zKo+hQixlCPwLkwXCna&afbt4#;Er%2_E#C+u`KXepy(B5jZHsjjlD@r%ooGfEH6t(RA*e@K~?K)J*RR0~rDi16QS~jCm z*jCS8mN!(wYx&Kd{Z&G9Kank|q)(CuuH^DaCGu^l<-gE2W>3`|OS7AetPTiUqBBuZ z-EI~ts@wSmq%^t;f5m|ojemqQ+KEknQUYhE33d*yaQ9>`z*H;W3 z*R`X~oG&vfvlxJhp>3ywNEt$%E75Ky-vkv~G?u--YYc$*Ys1 zOzjwSY*_oz(b`{y;o@o+GY}LwrK)xpG|`1c_ZL+8@omR;D|LhU0{vwY7f=>H;!mc1 ziny6jQ)nTq39^Mn30NTPDVxEvq|oTCv=D(xMV7EvK@9vT1~8Cv z6G(aq6lAHaMG(rO6a`ER+=g06P{e>J0Z}drI#&t=s8A5-`~99X+wCw z(A;OvnKNh3oH=vm%%-6hw>eQ>Q^)IY76CDxQV5kEfn!Dq3XL9NT4{u79w7q+Yn$zQ zwj~G-bM+aB9)HiRa`^1ll$9`;t24jfi0i(N{qUf=o!?`>8SVF?>B!<={6H(JHLDgv z)QX?{(5^F`^8)1PZr5m1xWVljBw+6R8Rs$xJl1pX19`wtE-u-h+{eo;G(%w0jikBG z0&G&(FSCnBbr>1xTY(G8aD7Yx-Z%;$1i?Y*XM*4)tqz~U!O%p0WyyX}Zx9)@3+&MN zL38JKVRlW}833c8wuSu>{MlDidvdX0Xp-@2MIh+BGX zmY&%cOcYx!8ARn+lC2$Be)1+8Qkno+Zs7IXB@&I%V`&C0dB zOe6mCyDIfv&F@@h8o^ze+645(`r6DWT1RHA(Z6xi!-P%r_d_&$`$hlcQ|)n-Hq;#J zYsIi6*NI;cIb<%I7Y&xehR9v%wJ>a3B=UcB+u}hBWj$;;1Z?MX%fosY_H^{JM89t? z+IlHddGvkRaOn2SRlEK^tbc6M7P*Z-VGnk?a32Z?{bL)EM!J7M*!le|1#bri83hlz zQ!P0Y_V5&3QsB!`(;()+>WKdh{b)62&h8kjMH56vEOe#%K_@oWk9uE!+<*gqsPX;$ zyDAl&8dp&4aMHHjp`8;3-F%w^N2vP2EJ;TNwcM1#8L`ACFUJXxO^GJGoAR9aye=i1 zTEM)N4%9-1%y~F-k0MH1S#EZO$`+uiYFTL!U{X&RCv26>Lwyl^8M!-j+=bMytYJ^a z;{zKw1U$EFzGqXxZoj#CHz7L^vZse_7(hM?E7%+4h|P8cZ!isdBuD$4A8PxFEc@Vy zR4K^t=H!SID$;!>{U*jIdaASoh+gW0C{~OE=DF>i5gN*LbrMkv_2vT}Q2hRi9nZlL z##q^I!{eBl{7tr{GF{J^@52>xZWV(M=Av02J68IY6^19w7Ne0YwPe|ZSbi-M;~9*| zW%56_)Xg;9FW^XD2GWut*TW3?wrl2;nJ?71qTr}>aOGqXt&?{>C{vV1YYWK`r$i}l z<8n7wN{uh2PTp=aCts{3^tBDLF8EJq^|cMepV=1pRU)6{y<)cfOoo~I>L+sAth`8u z3HVG^`DETSC&={x3NrG!pKubm0_WY>b1}bEvqm@L`Bz~XyEy#NII8|YUr#_3y!Z#Y zN=dqom@pI{)ak3QaRv6(^FXrZY`c`H_)qAx&DIag;+_G(8F={O_KNVeQS_DRYZFxk zR9MKiG&vzQA}!sBnI`4`=(Up>PQ+(Qh}8qGveN*x93Jg{qTZx$lk3CJ5yh<6va$s| zy_g94TrKNW(LuQ_D#d&!5matF<5#GH%Xt}crfP8%t}f6j`%?Sr|Aks;u{Dw8``X9^ z|04|TP;Eb5H`sc#<2KF~Axge%PaE^uYP0U?HtQsUmj6BcimGjMEq42F7YIxsNy4NLF{9XhX$yBr zAhk`phtjRZR3?-%2j%e#4>oRunFvw3I_C>Lu8{Ho&Y+?KzYmxVLAlE35lZ>`K% zqWH<}Fhy>NTW;R{lMHd-B^u&}%!N1v?}j)`@2y?3*H=0hijj>4ZK#b4Zdlt}3avIm zhY*LxA-@!zj7O+0jZp0oYDy#2IE0=iHdaYa2=QpsM?@pU zp}}8jr&X7>TF}fM!>@hHE85ldjU}t+Zz+7SS|xcP#1Zf5C$W-fgm|=p5m_a~qxCBq z^-0)OFA?v#e#9}9Y?Y7LNQ8JoRU@Ji;?Z~yZfWib@o3eGRu$M{N+!3bytHhdTP$}e zkUefo0YPh!pkI=LvGH+pU%;wYtS@MjLn2Wf^$Hkxcl1T30FuF}jmsTU>kd8=*7gO_yXoPsQ zwh_??@o1eRq7mZJW{-$Qh({CaSi?^bUrX`Uo9D^AgsHcC@wb_?DF<1#`F!p(L`UojFLy00fD@Q9j8Qh}wv>T`0%~~U}Ooy+yEz|_51OBiO)wm!+jhkLF-%B+T8`R8@6R1)ZY2x07mlT(it?W4j2 zpp4EgyD%#e8if}AeN^VOXHe^>Gk9s)t^htsCW_W~hOx>V>jw@HqR4`|)1HXsuIJpaZ5B?S0 zY)dmf{o+breKYNmCDSa|*Phl}BUjVJ`E@86E%pQ(kh*>Y!vm!%>Qcn$ZEM8=S6>J8 zi1L)8pt%YtQ3*g|`S+dW8R~_)J|U$`hztVnZ1c=yzzp87?!w<#pzWu64AffJ3(R!%JTW^XyZiF7{?eW-o(_+I#M}LR=ikE5lftJ(td4+RMOGD~e^E^u z=|qA5Pv!Be|0nW*6ONfP`m>dXRX`bz?~I%49;+V7?&GM&?w7Ob6T&PN~ zaVrIAS?hX;F0exaggc8{p=2 z18}|&HGonr{^%20!0!*KOwT{)MZsn*H#)4j2^Ad}2`RXQXs=1^A6BR7P1HIgJIJyH zp;`Q&9@(ghcDLtGVTL8snKRv*jeA6fin!O3GZl;^L5JLZN~QZVa+ldBC}m~Qn8}H? zUb~G-Um`K>4GNvL4Rh6Gme%WZG z%Rd|yfs8Q-V|5t0`6V;4f4zR+TS@(RfM^x#$MzedeRP+kCAuZ0QsgSX)i^8LW;pmh z02pqydlALrtMrCVdw#?dhMk!yg|g@|Kjo|?3|Ugw1Vgy zq)wkQNH=<~y2QB1?XaE!=~2T7=zbo^s-&Ex8VAKxsQJ)tJ2#}}bAsSHE+B#sWQS$P zAUkmG_7AE4v41{fh2Ejd3hX!3E-+qe4&|m8Rj88t;h6t?mtR9%QU2y~v%V*g%3tgB zBiU}KOIh*SsKWoIr51YsAxmvNM#zJM(5I-+O;LTUxlWEgoCPpsz*&ICT|U7f`0rKA z>tiWDkAte}v--Bwl(;we@i?_!(4zT7t5khe!Kka~T#*^yLouPpV)S6PVdP{2fuGhS zDg`x-FzOFO!$D)DEG7AK_BUFO_?naqeZCv}9>fSq9O3|%EaQ)Cc%zfUmJ+zSImkAV zQ7|{^+@ZOK%%5yM|R}g1GG56m~TaONW}M+OZ=wG?>|e&aE{QbgtjiA zo$$XMvUS!VjgQ3GJ5 z*P8ZZIIk@u@cI_!wlTIatO?o-?gYGYeYlgBay`*~CWUvDV`wW6ub+mdWzeSp_Ta)k z$v+qY7zSR(pAx;3i*KKGpSTSSrLJDlu{cVBylNrvd*h^BJ(P=&T%ZKu_!Va$-%U{XrQ}}bhE9!U`w+&lAAm<6(Fe3E-st3c)jdXA~A`<>vE4q zYNSu^k4#R&U{4ppilfjTlIlP~t+EV4yXe?gMS{5CI=}pXtdf7YrtBgd1e;i2v$qBj zqx>R^@xn+LH@I7xdJ-5eqy&<^m>(cg|6MSRo)4lMIHDbiEK#vrIE)iV!r0bfOh{n3 z^8qY&Eh&}))@sSKlTJ2+xU7KpJXUu$Eb{AVNW`rzYgJr@dFG;74U7Cl-*2vT%MP^Y zo)pT#aDo4`OB$nipT7@oNJ1|5WfnBUfbe9uwm#m$lLKUt5h`nDk+P!rp%^g?lED~_ zw!I*M_blYvsbr$LDaH|rHRo`7{@~sNb76=wUoSZ+%bW)0g#+{fvKy<&Ny=2 zAePg!Y8#11Q{(E>Wx3J%e9Q5s^|9+OmJ4skZ(A*{j}BxU#1gjgLWg9vf(6&0;DO>% zC}cR>r=u}d#tF7R3$_EYE?H3ARj8hb^EEFit(PKeWBt;?v~u#4GzG7fyTNBn@ZC4c zR!*<$XT4}b_1b=Sb$-VY)J6&``^Yr@#9U3tDVm<{`-ceA-uLe;Y9X0ujp{E`sbW{{ z>pqqMne^6m8^@%&h>v6_ykKBgcVNy^`-E9=S5}wYh&LO z;`V9e$9>#Vd20@I=i_dZ<=`wO%15Moz9>kMno6z=cfpjS%G`Lgh zosi$PEN!oJL+#D7(5mCvB_s^L7S8pfnT4*`WV)U*qZVOtoLeLOXy-PEV`RWy?579c zUg0)}b118l)ODUgu3YP2kbGvLAH@#&sRiom1ev@S-=2WzF<#-&S?odc+NGMsynQ(^ z_Ev8DQIs(SbQjqnr7tS8&|!369FP6=$fQDwygqlYS_odG<8AJJ13Wf_O9}RUtnoGO zrPCYwnUvEcnQ1)s@%wsI)S3@b9eSkp3W0{D#Rs5oQTgJu`}hMIUE@Q1KN#%{i|u^m zv{9muY#x~X7NtC7cHTcRzQ)#TA`qn|AS=W|3v%tYTc1ILwGNs$m>Z8rfwc=OsO=yq*p3qf8PK_w$|lm|whiY^{)+WC@A4Sboxlmh|V5zKE`iU-pwbuX~}Q5~5mk zs2hQ|+8h+%Tu3$@MOu5Y$j8j)tnYCdRVKsmYBJT}wijFN*ilez`Aw(C{pQ9N`4*kMxvKlk^7;P`3jL5Sa^X#NAW1WcCvBGFwFCh`M zfSv!q<%`-E;f;wr+}hXB%ks_NE<gzLMwDgW} z%1hVXrw%SUAJzn%K5p&-X3%#KC7Oh?7X9`u>lDsQ5>aS_6Z$L%MGYZ{UbDkrv3rZ> zSH=9ekp|_I*(-JMoU0WW+G7wxd)BMyXJH|XPN)L8bx=D2{_`doy0ltWQ%jD!>JdtGPeg_ zbEEl8ov6B1yLJwARs#Lznh&_4(D%pw6$5r4qJ%g-M*g#aqdj3Bn$C);yrSdaz(1@1 z1xGi3u$!~g3H6B7_AVjc)MRHZ8Ua{I3%gN+G|S ztHGl@?xuQ){O#j?{`w3^!g;lmTvslVbIny|mShu3kJws%*Cn}Ho)SnmfliA5CUg5E za{P()n+Eu1PH+e!sy;PNlirj^Z-N;d0M6se-atjZejSOAKHxHiHhJ^CclatNu)lAy z+gjF#Xgc(Z#nl3Mj{Ah?hOWGNMf-8d6x_Q##ieMk<2+qCLyuD5e5W`GtIRUvY<9;Z zD4(A%w(>a=d}-I{9_aR(@@%JP898!(v@D zsXX9qYXG#9S#Xt$ZB;w4IJcq*%F;27r_nvbpI=|K0(;|ME@*n2+jdyJ0h{4ZKc3S*AXt)(?Vz6*)O{&nL*ZeM5efX5U*IJ!jBx$xCAa4U4QHfJn?gT+Nv;8}6HZw^e&%cdD%!0hi*x+^M&BH{ zgk!XXe)HB0DFIs=H~=}{zd!i?^C19zn2U$A7h7~IR>_l^2;7{cn3@R8bkJPufEm36 z8p~jS#&Jhx_a|EML3paTasL&x&th|jO*3aaEqV_syg96$(SL{)xVRGM&zsv*{zmqE zXyWS|b9#%7$PI?;??oI&z;u8u(N$jjV#r=?ZXKSz+WaJuy)uyuRpXv97hP||TRQPx;z!SF=aAM0%J4NhE)Wdy)2Y1Q zai5&jsLOk_PvRWs&)>A}*1VSs>h799?bTv)`ox1xO? zEtiQs7-Y+^o__hpA&sjY*yVU{#buQ~5vv{R$!f>Fvl{MAuXezM$svn@;uVZFArr$q zJ@OaE2JW7lEIsl%dwj!usMmbRT*I%#@Ds7?6{80jJ-}E~IhYUkT9_%&u}{ zg|pIQ6+~Ejmunx zPk${8tWDv*q=bD-_h0&EZqz`hZr@I%Bb--ii2TutzpN z659;g^0>?$OOz>IUJhM4Q7+z0XSvDvoe>}YSwzTp~#ZDMcpp4!9y4O66^0UX%mX zC4VnC(i#3gP4QJa}9Xc6A0RQ1P%ymb->dG{XpspY-c$@_@YK0)3a{@q&om58_^NhBrW zx4vbIup*`v$TeonW>1xpG#D#$x1$D0uZKs6MAG*^R#MXOd;vZtf~{DO;rfPM#ay|V zdEJQF{JWy~uoCT7lMCjQ36yLvS0z?elM5=@g8AT^Qf)hAIk&$MG>FBw|&<2YnD>9!v(wx zjaB1pp7{~yW}HXti+O}jhe~Vss`;Z|OZ%gh^hXh0_ zFK7stjxMcuaCEu2oidMnQ)pud@sR3@_Jb0M>kjj)BJ8y*F0;;7l!(VXw1H+Gq)wc&?D2`^<<)q9nwQGsu~&Op)$+&d zPcKWY7m7a1dJ@EIjyw!Ss79&>%tsv=IDiZ_b_)88yqLI&ZZ>=jFLfv%KHf91*E9hoW1Nh(K51 zWUVz*lD*P1kJs9+g)(OrUT7IIw;#@oY{eNv=Ick`Lw4P}^ZjVwguG@hozHr?CAerC z^Bzpsm)^|F+T;-c``mxeDK%NRqRM`BhAcP)&{2aLUi9APy zJbOwW5%jbqJJZl~O-PE^nFjBc>=Z_3=j=fG`D26~ASc*)=320`a`n6-5V;COtS2A` zkP`iOmF>m)jALk%ay!p(dm(WZYcC#U`AW#>Tk1=X$4(YKZa*p4j@5v|jXeC@SfsWv@Q} zIz55rMziqQj}Q~XF7-t2S3>UhznqDb#q9?q__~VfM0A{}-o!ysO8D-C}AG$(0vz?sI=1YAZ z0UoE+zSK=Z_9vzx`*!K2U_)2Dbb5u%1UN=vSvwb#{_6=n7gUILgG6th(@pO@)O*y;?DM!UAk0Ml3%)}}8o{E&cN0fYZ%+T?Hp(--8V#InBGg0-M zL$;T{hHSimE1}cA!G0>))F|P&R{s0q(mZ#yS{3uoQQ&o!=BD>l539Yq?LxkTcw#5V zJhTQLjsXuWKJvHtf&uqcS1U2n=I|a?9B5FRo6Oq~7P1bm;lEnwRF;?`)n1iSr%<9EO2h{hR(d-%;!}5!T{=D8u<2l?}kc(!C z*0Z=o-yR)#ShxNqeH8P>e?)GGi#G&+U;WE3SjN3(Y%K|p>A_!$WEzd<2OR-XooKPd zZ+=>09nyrK!D_xzbdI|X=~ElfzAJa*J1sNbjd$MoL>n*twDLL-jr z1LwAlAg`pqHc!Lo(2)`SwG#7%5{)Z!gS&9xkW=1%%-Q%%5xHL3{NX4nLwf#@ZeN){ z=>8gK@9c!jxA>XCR$!{sKEXDE_!DaLL1j+eS zPqPdGl~T3d*;386Oa{e-&vJjDxCXGCu^7>S-gg3uNL?r3{Qpm(Pw>q?l|HS_1FxT? zPb;5y-52IvTQ;W6#8EmerX^U*Z#(4|LQG%O7H~#mO z^J)6u3y|->DX+(ZW-L7f@;XVxU_0vHB{m^?UxhI|;YB|aGX9JiS1zzxI~!byz+C+7 zQ^@OsrKo=}Q`k%mLxR2$q8&YKaT^r5N2L3T7nqH|VxG%87?vU@mu3s{SBECrNqdf= z_yEBejiU)8HfrOkz0(yi$O&Uz);+ZcgIvWhLlJJPDH1S^;NNj}f>10HfDA-j3VjX^s55wfv|EN%3>eI5|D6AT-?p_zgrotW-#Xx^v| z-ug;{R@83K0YX~V)egBMPJT9G?jI0>@~IurIc~$iS(2<+&(?vi#rZuDm><_`&a|Z@ zI~O!d0^jx&M030ET)LC8Db$RimOb5P2(@f2Nwj9t-w!Qn4Xmej@2ZNt$mh z*v9z844-3$zc`Voz*frq>ltMDDKZp)%zx(bpIiCQP5g&(uOgQcq=83!{RqXWA3gqjYCRq1rQs%pV{B*l$N69LJV6 z5@G0#Em&CoC-%`g3ywTAQO)%{h-J?FDe?lDnvGTMNVC7(Ae#Lt>PP=(*m!>wRYp{{ z{ZMOEa%E8<90$-oA8Bl()mX7=<>)?)dsv?dUWUfiCzaz;s&4gWoPoq$E3oNY4#o}X z{iX}k)!?HnMvTDTa+_+>{43tOL^q%*Vk}}BFT#~mx}&#k#4WA(jR6H64ci~LvSSKZ z8O-oOqh&FLQ-ngQ5afKjq7qJ6e#{Ma>>P#CzBmFdEE{$YZsJh!5@4}HP{BYQbn9{R z2ROOfYH5FK$nCG-bx+n*#Li{8Hb(*Kr>2s+&{C6d!KNJaraM$y9Mpn&%|MvQ@Cy?e z)mQNet0D&rJ4iIU# zwRPgY!ZR5dk~1{ow+i#0DXhJtsS4 z2S8*1jqo{@gKdPjylpZ46ENg>hn-Et3%c`%z3V-S+kru4t)jAG8_0@*biGpJ3H#?K z)$fi~sNXIq*tO$#mH(3Zu}NGv*8N#-=i5KzfT6O%1K-XtR-bzbSTbsgp<>Nv6p;Q` zKAMfpZldI;8yYW&@8{%s@6!7JSC;+>?Kh=9)bBy%7W`rPPPG0&O|gAoSRLyJ!R2N? z7r7U63-dI!U@m$J(1?ORh3ZwdVAg*WCV4~(z4v&7?YeGcw68qCv+l)HVt<>JPq>5! z!;#zOW}ubUVxX(IDGtg)^?|jiubLHzzw7Wxz5PZd(#lPEkDH5bvqu!QJv9|=dDL^* z&lPqjGTKBrWm~G=8=q2iw9d%)B_`~FJCSKMI?-J6)}tX^<< zJp)zsNJhu+>S#_Uv?$q9oog#*ahlWp2x*z$t@e)R71T+zP^B z)8I0;`DAfzmu-AQ!5{S{ky;Rm3V~+@_xCwRN3b7uoQiBD=`x3)C-pR>#+ijo?*^n? zZdDICszZ*FMcNQAS*pR1vL4axDa@kJ%d(Roks>>$FG=GGE^B#A2frhc7uyl&PLGSh z7{ur0AeCYMCdS8+9E}rLC^zii$P10Uh9~-kI*+uPQwH+yuyqzjVYI9E5*0F!w-Hpk za_2bktp4N7rL$3OKZWI$qdbDw{YU{7#{D?UK++tB5+3hh%5IN$aPMRF;~js-pZy>2 z_zS->eI0}NOOc`ba+DWQ-wku5_D{dB*KZgu{m$vPa~{aJ-85ZDUh31)%jJ#iBmCns zAHvKzf%unLryypaxatW(VD1xQ;TcEwSp$&|nGf!@hd^y|xkHdUavg4^PsO9fYu;qt zDF=l|r9U-Rr+%QDo(RV{O?3-wlI^;RELZn;OSN*7%4G-E&Xk_YJx{4;7B<^KDYIa$ zK_4`|eGk|JJ@4Ymt%P>X5;Y3MHN1EBuvFTrV^gUio-50w%7d$xa9W>1G||@-Nt5xv zl!_)raZ5Z+8%u$#FtJ=Y*m!Ck800m>+NW zty2z|nOa*6u3G96MTIJfzFIxJXiHHgCIMl9e{%AtB5$u>?6?&hAl$>A7UV8r6xb~J z*B?&Q>4K7iQMFX%&i}rSC#l7(yf0*2Zx(kvcKlEZnLG@%mIH~%61moPAl19T+In~t zOJTEwu4nC#n7q2=(pmQo>6|Xet3ch9#jNt2u-vscyLeRB)#N@ir}NS=O@I~aXiZNP z_~Y%8gbV7Vf>yTc5DTQE+Ukv#9k;ARq=d~94A1w!AW{ftt`ss{ZtFQvT5fzyOkuMm zvoHTYCbt0yP;ZI!a$^$v0!5lXA4+Xz*S@Kzjiqf~#=O{p+Xy~00bU$|I|x230lqZ? zcM-gY1OHLHC~Gw6?OX;h|3jDCA4uK?5VkPDwn@W^0k%dOHah2N{(ZL;&DsEaDh)d^ zzxI zq+#a;*n?@2fcwOyzA-8)eGeUU052zU-KM=~~Nx*uTY za|gV3z;3eQVNu36aPZ!&{>d3ZH9@(_y5L9O2~Y`T5c7U+08Ov z*~!*YXHKzP(**X}6t#UG%QUXGSCYW3jsPe3G1I^f!+1;0xOYuC&RP}^KyqKl{WO|H z=zfH?%;bM|(mP~xkF@Zffk#_XT;{(=2 zS}|;hZG@3fgZ=EjTF~R^+j~1g75|7hpsVrqEbKm{3WZUtCu^+Dq$0F_B^G>DJ)bgn zvCW@|jW(8e9UA9+e8<7EGaO>&;0^XZs_Arwzr zVvThTg-8OHS({5Qvvyyt&5>AX{S_VBoGpnFRh+m zO^BMq65xs#|39&tIWxJ9`kjEfxFJrca4IW5l)|%4qfA#?QPdsc~>~#Rdj{(qs(XY!cu?TW&UJSbOFp*aj%HL zP3)LejsU~Xu_;n+QkBf#hCKX_Pe>Lupc0!uH>_|(DK5ckrmN`^mUYi|wx)Z7f|m{E zn4kYKBLN-rMY*jlxSC&1&CjA4{Z2&hDbhRI(YqS-KAHDtW8RO6Sy&a*ap7LUbU2H` zRi6jgcd^v*oh`Xgp;~g#7SNK1)(_PmBD+7{c9n+>sqc)4z}MCXfzvGkjbvHx`Ih6M z28TJ)KUh5!Dv&x0;fulgSXIY85Ns?h+W+h$OocIAxe{K-wK)wpj%2crd>JU~kqsxM z;nE!$GTdaZxo42OH`y~%CVRFw*Dd9{iW<;IEX) z?uaG0J3gGVHOzi%=3u`k{Tb5I7_<|pjs@Q0r*pjb5^@Ai#OxENcmigo|7-UDJ7)i^ zP5)i9f9u+zV=kvPxOr=94JMHDlaa%9nETz%Z}}!x2j@{a9^t>M zRb09oXkvU|5?-yJQ;}~Uqtnsd^umz{hS(uNelF*FIOZsu>{6od-5a`z^u0C|qH~mX zg-8PWUel-Ody@iD?R)KuRVuC*W$UnFsQpZ5GHxQm7ra$=^0>DC)F}6Xv0&>fF_2=9 zn2vBMrOB`E@6cHBw4-NV{VwhSGLx}BB3txw`|9>Qt7c(T1t0k>Je3Jpcvz`NU+Yof zz5eeEDb*hTnNIxW%73>LpTYiTz1!m-gm-)P=C%{>nCirz7hQ9XlMZhoc<}4zVXxm- z9Up1vbNy~r2F2DLN_0#;Wi7o!I%bRSn7e7ol7Nmm|5J2KSq&Q=JouvwinpNz)EkzD zzfyzZw*YYK5tm_=CwSqEXixI`ZyGmaq{xZRb$AmQ4O|uLdxKRHgskKTt8QGMWh+LEXZldGS@u5}nECHopzpIeV6I z1e*gf57lj1c6>&Nps*A72ik$A4hRTmLb=_#vt3zEJO?hy%~!1L+NXVmP8piNAsCvu zgnI$f`~4b+?PuT?!h6^Fkh>N7Gq@j`{*UZlS{Sx1{obrs4Gi8M{mQz6Iv^jHtc?%d z1iY)ToU*!nY$U&3vurYkyBfy)WUse+RsDQo+(W|8@DVogz=`FOkT?K9JHSg^2 zWYE5rWJIklU-r-B{*uOcvst{qWY~TxyTxK%kg_{einD2K6C0@jEGwR?$=rYuW1k?V zxz*$k0Fv4G8f=P?`BVm!YMdvRfd8 zulB!6oV9@)it&=l@qnVa3fOej$Q^2?!g1kFs}H&TLg1)in(=}ceqcc#M-e`>7h@pe z-$^}|s|BYPT(s=j-@rb9&lZ5<@NUgF)5Xp8%uZ5}D-OynT-BJ5E|Vhr(?xFVizH%W zjVtyT77Jo-<3Z%AnxQR_y1*Deg{t)M4Ue-&^ zH~kf&Pd(5{+^#zAiOJm!1LkMAz@7V*Tb~4dZfmt-;~qO(9K;4QzBbkq1s2{CD?A~d29ozk1h-ydZ7KhlV9Y>YW%$iDcp-0_hD1Aqtjc(R*@IJUp&SS9!OeL>k~ zzs59i2m6KI)C9T9+JK%1L)cygsT;?lbdU%VBTlpZ+gNE<2ZknMeGfZ0uSVgCPKu4r?taAh{GQt!2>n7U z44Knzd3yyOPS5f*V8E}G&4f7F>8>A9`>z|+a7sB#cg33H<=K|zvWm;j&>Hb;_loZE z_KVk(@Ls^|;&O1ydx{=?c~s9yfbP(rnUfg>%OCB6ylg!`4x^ALYmD?wB7p#m!;;G6 z0Bi3Tjq5wC4u_~28bTvj0ZU2ojjn65gzbQrxY6|^tx|O9s_T3I90sZWkKE|GiP8ms zwTr6p+x%%AFm_C;wEfzUP;seMRuvnJkX-qiy4Q8rb&=nnTM`W3>q=SInwcaHQjzN% zjv>CUcj&07qT5|xL?%_9ME`20{&dY)hU=1{W@z`$t3a4ng31pjP0qEoA#Gyrm}U4h zY&m=!Y!aS0mY#GO{xX9kRJ$KF?g#xF zqSV>H_53@z>xi+LOxMJ*jc_yQ&w=&kScTkqEc$25^}bcw^Ll*a+yrgA4xB1OTvU2B zcLglG+Ri@AM=Bv-a|w4z*bFLix!eK=_cwIXzR68|t{*CH9q5FODBbJr}xqzQMVf7660MaUC-86V?^y z=NjyninLw#_px-Ih(gJ^Nph=UyC;5~5dV`Seg%lT18KHh?1Ke{;egM$Cq(IN^a_)xmYG2fHPi%SBRg*U}R;J z0X|mgLDb=sCtTBh81lH62&_iz;EK!2ag37LwqQ2k1??5lwd+<2t6S}Q!brXKOAK*jcQ$-L?z}k# z{S!hMfM4}k*(JJs$U zr0YGO`M>>4yX!(MB$S!+kN*gBe!iL1FFV$S;zN?(F^A3D_lRoT=alJP@@l6k;He^h z094&i75^{_zi|}qCk0N(RS&2GxTp0d)Wn^trIahtk%S@b8WFi43qwPW+{q*-m>@|< zKu$Pf=lclv#iKaPN8d!Qu7+2#t*?As(eYJb24+_sGW7*uBW{|6B z9m7rZ7U@8T^n2C=I0!eq^3lko?-0_byIcdyOOaNj8ywR4jHS3XWJDCG zJ{2zbYhtd;N&jhn&x9{-_ zrg858!~3K);R{A|^YFEyh9@vFfyc9=$O~RX#GG;9E||`S=iF1KQ-*M);N0?2oejTt zw-ni=)g)Ak)sVOuIfeFtcKr%VQq8A3+!uNR*+KB3q2+W#6s~F)*fjhPn1`K z)S=?LbOW_PtPWf0MttHd@1DQ~nZ+9g73Q}~fPZwrdkAcEz*z!(&jBwd@I(j9323Y!SZx|N&SMZ|11DE0T2y9T9JAQ8dGzPP_IP+{crDk^yZ);5qfhb|EqxBqv%>{ zq#<)9omL0lTo#ptx}*Yn{=QR6#D`=c@+0tE+bW6txxhy)$}7GfM2?xE7x^tB@?{p; z?8QSePdTfkyMQ<$pqBa;m=K9Pzv&#EFu<<&FQ<6i~StO+gllCp-rpi`5u5HY5ryA?n@G6%Gz(J!FqlxOlg1*-eA$m*z? zvJOt9-2&2PS~POQ#JX9KMikKSI;RK=0p~Kbr>nTC-*z;K%v%3D>5A?dO1qmtkY#J* zp6DZ-#vo>f`xH-BzyLL7zGzHR*82oPCy-D=)&~V(!!Q;m2Vf0=R@T!X#Dp1l48X*q8E%b(&pI%9~=I2(v2QOD124|wwe2o6YcV7`14+Y0M>TD_@ zE$r}6sl!oN@kTo8kSpxZ29f>wp>*KySY$Jem+PKoQDGuze^x%YT@lK8?JZW;OQq7x zBC{n1x5YqA8>kx{3%|3X^n)8CXyiPXaP!AhT=H|RuekXGNgMKT;A$!hOZ4ad0IVZ0 z(VzbifLjol=+A!(z>kLjOz7CM0DPIiM1Nj8JZZ87K-LH1Wq;m5YJsM`0f%FpvWoEUnBB;#qqgJHnZ8jeL%op z`evf}8%-`MAijh37eKWA-1dN5M5~h%0ym$G;)~RO7QQO}^rXPp;Vf?xt3}X%TXUsVtzCZ!z*7KBbiy%lb44!pex!neIen*VJzU-*W-lsn z#iuhYB|LFJ7%F0?EKOIOzdGSB^}V!;?e))4gbxGU@g87^1bnzw`vJ%@pzOkA3f}p7kt-^nj6hA5o58nxEhE~Pq7gt43TcW zy@+##6&r0^t=AhvQV1XWtHG92#a(|K!i`tNHcfxG-0}fmj!?s{ry@yQ$$}&}&$mT6;(sd&~Zgb*wLmpw)zKqsfpD&bi8N5nN7Y_k$SX$^Fft ziLyO|$N_rX%%Y7YDQ1ED&i2e3hQSo`w}3HUG3s4Pu8k=uZV)8#KYtdYCL5F{D+q!t z=63`=kS@~GuM{J$m||{Sf&G2SrXS|bPW1EXVePG_rPv4A+`5wPT8iBwvCBR5isX1D z?e!ng$Le(Z|JAp@-D@LTNrs))%D;R6*C-$C`I&c%&g>R!0#VH`!$B=+#B9qnUqSY~ zmTA~a{J42#O}vjT0&b~K!s`XTB)}Q5RRKx#};w8Fkwq;)=ZRtqqF_TCb)#iKePns_f2YWo-~MWYQWo&c-iFa zER5eVKg*$Vwta^(`I7^QftS%XKayY|HXG#643Gx_v7Mwcv<)gk^TLIS%skKVEK;#7 zf=WxE((I}944}FoRIRnPgl01}lh1}6``aAh*$!QproV{7C8$t#qurW?!Y&P2S0@`f zNn~ZN4v=C2kf&YA`I`geH-!A$L+%QY2MD>*Lmmu}>j}wvNN<45B;=bO(ib475^|`A z{5n9U5VDttyci&R5VD1XK=3(;y%^vd0#4JK{}5?dcU@h+fmVMs)C_wg%$gOKERp=; zP&_t0lG_^L&97g*gmP|h<>WUAkoyR^$U`;{kZTE~2Zp21p zQ*I>$oa;#9oxzP#(BBn^6H_uDRCq(l}i#rIU;pQ8ZB)9(v_V5XDGESETcK8Gy+rgR_rTpw^> z|AW_kx{-E}b%wkdhCGPxQQ(%={W}QJ5Sv$29aK3UsG^#Sxbc!T5Ixta*BSEZ6{#hY zKP2$>RnMDqJ8cxt4G(S19do$Vh#Za~1nBG~wI$*a91lyzAexZJNbtaq&F=nk4N@FH zgf(_|n{eUtbc>XY*YW(!Pr{nI0zMv&>K_3$UGgAOU) zzo4V)D3?3rz%yfrQFy?|Uqqf=GnQ&tr+sbYlohVa#Yc4n8KyUDa}E&JsS*g|q(q({ zz!=q)nV#d5S`7s}^liRh>tqRt6FGiTe}nvcb~1L3~j^V7vHGSoAd3?=Hx6f>G;}a^hokeI~fpcx7 z0-*scP1hSWR4*IKJ(jU>xCEKiOK?6)1veMs-@b;2`H^dQSj+4oq`MLSiY#pW?Zhbn zOPTXwMdmv%Y6n5%%yGti^Qef^X-DgPGW4)C>BGevhciSTJVShR2@F;GVtbfkF3>GB z)bPq-7)&vj?!u18KG4zx0wv4;!8=EVT3 zMZQga1zKt|`RWCBYW(0bIde@e>yp&#%-ZO*wg#L_M${|KPj)VCR>GJg{_f1B11#5V ziSN=U*ZLZsMJh&ot}Kl7(#MPNhJjH)i>?b~_v*-+`kOKbZ$r7VF;$4C;FwLy%!f1E5bb00?98dbFe=k-O$}^GeKUGQKgjokyww#r!hf_uj?BWh>@RaN$YGy1 zv;#F0l4NG_~8Be zJA;QJ8ipoid+R31j;wLLeWS;+raY0!Y-Ups=xTU2+xjd7N09vLZURhraq+(b7?`U> zCFnKJ{;ov&eE!bWnP0&X1Rp?~I&X4r%KZFC>%fJ1Vp7i*Kh$|grfc+Avlp<6JB_9g zo_$~qSIliF5Z*^G{(uHufQ}YODA(|8S3`SLZm0b2YM5=)SpFRRMuq2#X2?&>Q@U}{ z$G6Z&aOH~-ngJ?Pk$cK)ur_B>&#aiIThJTPcD;~+&boXjf~|3EiJXfW9nIiIQNKGl z0H~loE1aVhqDKF%EyOe<*D6J%_n2fO(puW@WbVdh#p2a#5AmEn&wmZUJ*k(!vd+@M zwSS27MK8`hEi<_p&#IsrYfyE=-;?n!@uZ%=Th4Hr11bURGIK+P)urNbw$zz*OTl+V z$BqCm;)KD}-H(yFt50b*S3;x^#Ns+L`=bwVCBw5aGg!1WG1ngf^AyEYg{9#8^TYsPLq=q z<-1|rA0~HgG&X|`%H{qLw0R9$r_KC^RzR9LlmEj5)GEku*1`6C3J_UAJV&@E>Rwj7 z-+ogqGWiRfbdD;44}p~xIr^zEh<~xe-?0QfcrPnjeG1+46ZPqGOEc1^$*}KQJ&-K< zORe2TWKN?9Yw;)Vm+4(*`~HWbQX?Z?3q)&8d1_|n5*h&xd5QUn?hlm%?J|Nx&{NI0 z-U(g3lX0#7FTPC%O2Lb;g@E`5fwn$>_B?!)Y9cHn{5M>C!)p^^bXi~_D<1Z)F51(eBtb)B zDKDY*v#sz7#G+(dF-mu6{K6uZm1*!}Cm|;{s0^B0uUicxGKK+hm)h-kHlOA9HB?$N+Vt0 zecj4n;Z^pRc^#`g#g?_9iIzbQX&{3wcXc?@-m9F=%eBqLFEtohvvEcHf%p_P&WRDp znk`j2k|w2rgbuq?1}EmGEa9Xb_tf;5bs!gv>BS~cP{bL7fM>d=_L!S*P}oGkq>bG^ z9&j`R%?4Xdw88giSNq-m2oGc#<{=9NiL&Bvq!3mHtvyRWY-NPyU5SMMsRd-Wo?QUt zIF|c_Pl+q6bruhH=lh(UX?lT&In?DttfZ`2HFqz{Qur(Wl_sGLP$zPG*OG zY+m@=0dlufCsNyN?l!eI8gTa-4*5^%g!y`Ma<{ldGF3ozWvW0MZkFQAJ8hAM$%bc? z@pO2$2Q(W@bmwsQx>MY1)xPW_qG}cGU#66^yf3Rm9Ut}4aEn$^+f_Vzymdf)v+<8P zU|JMWT-@v!losICb6zvw~~R;4F$o$;=UZtQLi~bmVGm_l6F6W;CmDIYx3< z4P-+;T8pfsa2eL60GCL^r|;N5z4DVgcI!}SLv;I1Fhr-rD|J$7BTvi09B&nY0vF8B zR*Zr_p?-Q+9?>0PY@h6^yurJuGK{Ys;asNno29<+pxVEPUv>DmBoTBk1vM$!F(pHy`LH?r7Ds8c@a`Fn@sx<9cuAV!9aPfZhMl|g< z7&9bu$Df5m@1f}c_G=_+%YIdUjp)j0cebpxKq4~+&C|HR5=y^Pk8Zg7it47v#EY+9 zWevX0Rr5eN^+i^|R`XvN?+$=ANVf0~dhC2?f;h<`N`}~-N>S{gdgp3&ru0BX2lzny zW)!d(q;?KG(4!vn@!cQjGE+%t!9fv@z`M*vnLmwGewy^H$eftd^rFyXeqq;p8^Kj2 zW9;sZE?j8ACEv+iQwG4<@*J-2QrFJe6(l!QvRx2<;p`Jm5-NcotY?`yiTzIR*^3r1 zbpF)Ux(qS#5D~*33`E4e>gVD3-AV2F^UVMcJJ=exbPfOCQI4Lhlt#Q)b zlGGe0&5@+OIH^OD?s{0K$xzhg#j_;o%fE|~j+3Nk;*66e>BTrnn!V??IB7eg?oIe+BImX)Z z!MZ5qgT6`Ey^cPqxv8NPB){Y%oAZJsT<6zc@CCVrrh-WCD@^yq3uZzhbFn%C`^)ys zmI)-yPOBkO8EHP9UD^oDYW!b?|3}ngbbOR)g(5*V$On;Id&-3yCNRy}Px!)!u>l-2 zlnl!bPrbXfAJZemZ=W)Ep2B+JhUEOm_8D?>%0zL9`inY|oB?hz4?-TZ@Bdh2TEGJ= zn&$rVkdD@6hEPa(}Y^Km} z@@bd)jv{d%aIB3m*CVD|+s#=jSWcv)h%prnK~1f%h4q94@spp8jrun;jeqfk@pS&3 zh>Io1y^BCVcSFI=riNQ7hR&)?5e#)TyqIl$afS7IFGq>^gm|SwWALe((t*}=b!!CJ zMzDkxgg_hff5c>ndNQf!v0Jruaa*Bdz+8@5^XZ5iwMrMZF-3b>i78h;U5lD|W_OcOu#vOh0S3Hmx|Lb$o+ za&ryFvrt4E=&7B8WVM_lScDoERe9V_d*3r~V4aGwZ4wK{kP#M)f34^Ipo)IM7+O{b zYM}(c>Y1Rd!wk3aBURYMRVb`!}0#+h}2}{bjb)6*Dqek7B((f*Gtn$-S|| z#WOFRt~We?mPE%5`B7$m|l&gR|B`4aeL)(D55u0=t0ps zabC}p(iIZf;z715DQUA^Wohx)`0dQ4b5Q~cWTDmgpOxXTF~lt=sX#1B>IF76p~wD} zple^lJ^buzn5Tbk(?4_h2e@`?|=kU3cU_pTF)@*P+^mB7bXrx zmR0CX;#V+%YT?>3xFMsMn}Rvy9DHz|nr)qfdNjmDb8>AZ0tLI-9Jv|uFzi)w{sNQs z*}GKNV|#WvXBy9dSE;X=tJHfyozrsgjymWP0DRrS(}PD*wVnvQ zvc?#~62qONj!bcR@#kMk@_(+S@rB>BDGIyi98VMlN)9X-_cHzUqwp zWZWk)GB3@@KY4%E{$vEDNB^Y7`)5F{=+xpP7^IS}Dz3mVX?3PrHf?S`62wA4w9?XuU`+TjfRHL%Mwf2$?0%e~HZwWJ(+|+7qoci+oI?yYw z7nj}b6wT3{yc>m>^3T9NcQte(trK9Fd27wzc8p`Z`Po-d<#CjXxC-u+RYqAt-X2~) z2$Fldl$@lP7uFWr4yN7E*oh5%_NKy4RE0mySYoMnzm*VZ1!x9)4{t zn4;}nwS8pRtDd%f^aumG6_4VL2MuBWDS^_$Dj z23|Ljfy*Wat#)p_LNJv3ADC+S1cUR<0ekZdiiS(G5>G|hs>bXp+Bx$tp(w4uRp|FWYFnrqgTq71XYvE>?sYl zCqIy}+T6XnoC_O3k3u1GKlgxn7mT{cPShmWiS2;(=*3JNr$lk&XDpUz0s(H_Y^*X* zx21{fiVXUI3T>`zn!?`I31chTX@FR3X~rj`o0?TUqv}r?1fEDPCzk*YLC+Bb#@wqu z+TY&f<6+t&wP>e8U&9gV{ODt>^|zP7offd6d4HGY4q@KJ;F-;lKpK0zqs8=kD_-T+n=_ygFD z3dxS{2mh@2U=HnaPqz0%nHu~AM8y*1nDzm0M7k)0ruJzD7nUC%BN^ObH#bh`{k!D) zVj|b(745f1NV^QcJ+5e{9y!XpJS|B(F`GP)k!uBeGltB%KhSE=Y^ml(JR2|>Ko=+y z8RAjA(bt#4n@2qE&+>Q=gbyY%$;*fDZCHLfj2eg;^QBd!h42zoW^->-^JKHyxhBpCp`)MooYeO}h!;<-x`3AhQWo(cEiAJ6eCB{^OW zEl4r-dn6UlkF&1zqf(W9WO&x=nUzKRQu8IVUNk&w6SIyax|ehxe=NFM;HN|ff0K17 z(c`3RjjFhWK3oz1lRwpqU2h*Xa~b$z zSvA*QI}!}Vm=qH+OVvg7^~nNke?n-Z;;)$F81Zz;)e!zVIaLZYLFGkg*xG(va5Ak*QaR=%%X zbZ05~J&4HCh@zW4ylr`|CndU;m2k3oMaKkyy)t6>u1h!U*Y7ID*k{QYvX0E%_l9%# zJVxylcjDTXHY@Dkho`t}26taX8bphMvc4If$f%0T5{mfEdrI;9Z8r@YQJUWx&hHND zWx$w86p*4>OA3cKv-l@kOf=wpfYBvYy(^X10w{=IGt6Dd8XPkIB!f^&eSdgwscK#f z7FOOYCk(HqeKo~1DTj+z;(T4Kl`1t9z@zFo6yTsy+_8{rn6H*?bfO;u0GDV%PpOJL z;)smcUS|xi$hpXrYJfvl!Yd>nk6G$@-34|=Ec5o^Wy+|!iI$?%tR*&_yadP?;bhB# z^@3HXef8zQrw-F!<`n4j?h}hV(Yc+Ed*$3tAzJQX4(g$7e-KZ-rOte*-cqw`LAiz{ znCuk(tHN)niA=}J<*z>lxusTN zIU-1m@7uYOVFrT{vP>7B?Rx5evi!Lq4uM4FGbLF*8zRfiVBYP^>s&|wew4a zR+IIu5=_o?6ZJI=hih3Q?st#M({PM0uUg8m58T_|EC|&Z#>ZTyyXU8b52mpp$3+S>y2EkJVq0|Ne zv7rp;6?o?KGk49!qB1(P;Q<~F@k5F>Ia{t=vOYP1Wu5}kZq$Ni>uzzSQ*zI?|`?9 z;P`T6N!;2;8s@I+>{4i`4-N*W>Qm|ML8P13C$Oh0*2Cn9*xtN^_xU@*x z0%U};-ZiqF^1zIYMW))D8Ec}9z~abd$00zmJ>i0OIVWSncqM(Z8HCL?bKbzoL3fnf zUgU@H8|%;iv>#ae9P|+q?`!K+6iNtRoR0H9eno<@;Wl&?Y3t7khHE|cZ7Ue=O|Ui< zt*JsPfeazB03cVhFn2R?GPebKPE?S)OVL7{f-FHCg0#fxx|X?KLgJDjz=VLoKLq^Q ztO%HRwajSorlSv>CI!R^_VR zv7;&;>{Tx(ZBPDx8{h24h~ZT_7FEKIANBwYw$&Bg``{P0H(;=rb>QFrx$Ehz`=cW> zy1KtTu%rW{|4R7F6d!>>(zX2|eG+zM<85jATH802YvbVPB|D;hgC)cyNPxAZtq<;#H#8 zV1FLyaR-d^?@{wG2F3n;+&&03qnmLvYeMW@!mAfEM2_u23pV45hda>>(MyZL9CX0V z5CLK7&Ey;5*4Vu&)2&|??^XE=H<&qwKXey5521mTqPsH&wag&?Sh_m?KAu{?Ucuc( zs&g{uQk}EaD}YDQ;{QY2x4_p`RO<&Q5TKYK2th>x7A^8hR1B&_uJ%`6B9JE1luaLs8gV>jWSwyb4O))eLnAbKymtxm$0F(yG8Q)46 zUp#>QY=n+pST0W7KyTG7#iqpu0jTxH^&uDc00#X>neEVjD_3J>3_p_mkRke zg9mb}YOkb&hXU#n3*4%C%R?enUK6{o4v7V=D~cx)yW_-b0wjfF#lIO6yChK@Z8BAF zymRVM`t@c~0CJ-zrrrlwUp41iFD{Nb5oDS*s%0mF0ys7nEK#{d}v zs80dZUmq~!3}9*spgRVbV*m{)fQB0ahPeiiu4XX?m}dZ)6o$--fMLD?5y`w1%$#pI64{+$c;=^Ix?`B-0grD{iOJP| zJD@7YV4ZkOVOt)9^~GRRr4(4zO#xef3`X5dfi=fq12Gu&It5nsoq%mH1}ow*1=bvc zMKKuZr@*Sd8?X&47^K}CCz4B*q~9`kkf-FEm&+r1@}W!G@fa?}1&aFb1-z_*T@S}z zlR(ZKAV*>`1|JHE^Ev|#%2Xk%z8?}fU)IFhAB03T4iXDuN3H|FU@i}XBgUp4{dz!> zI%tDn;?_;YtHch(91{@ZQ!dBfe0w!Wv~0k~?D-%=@OoHxg*RZJ^YM-PT^}w0 z7!ErR5XqW}z36)E1|?RWzYR6xtXv*YxUZ!kW;k5q)R%8247lw(bP2O+u7nM) zGOL7>2-jS(DLe>l8{b{Pcz)rZTg}BY3azf&TA!l#uEik!b+u%Dn9LQKjYE7-0-A1?F3%;90bk>&Y~Omr2z?sUJ6EVRJ+4Ka%aDsTleS9Fkeu) zjLPZZNlw4O9YpT~r{XP{%LJQuc4K!gzXN1VnP-ervoe!Adqb{6^7?TT4%C4O*gW7z zNT&*`BNQ~y-bsCcs46umToTDB6s@2VE#$?jiW)Wp1sYJi_mv2bw-h(!X1b|xg`_TW z%|q+o0A;OhZ7+>pTeIv@Wuac`v676A!K$McugcNJs9-X#M;EwBxW@ZvO5XOARpe`b|&p+RAPX71a)zq$^hDIrayoyp{+;cRxfu0 z^lfZCg%k&(-Ir2|c8Qcq5!XrieGRF?C;Y>t_(>EVMT!Hl6u~+S*@yoiQlwQ5Q^a7O z>s_85P1vX>q8!98ZaSfn1sh^VR%=a>nzqG*LBNA4TWo8Ez$BuR*iXI8j(0Fjo&&4- zGHoX$0qCY7OpRw0V3l>oG81R;&&C{2%=v**6kt6+2+};()v6H}nUL?e@<4~mANZtH zJ~j6$pMQ!zjamOSZ?pbamerC$!3o!&d!(xpLWs_4ornaEEsQLI{ht^~0_pfCht{j5fWLCwKEYf9=*To*6$;gIXEsdmDt~3 zc{`O%PvTCB6wEHg-?_BjS6}cxhyktavfHxrMW{V|AVzXIF>lQ%5r$tmePNfSd@zcE zrc8M>kZ4JaZcBuO;ap6gZPD>RD29=R-ztZ8y1&H!$hMd`J+e?n4;5vo;QtRjPRPpW z)lHlp+Y@y|Jc{uFttT2!w(-wWL3&#zb`Mal^`Ogm8VbR#u`x4fMS8E&ny7CRTarQl zYJype0N}%w&6~R4O8HS<7_%4zB^yETDs5~|J~);(=9KdN%8Mq+rUANz%FF0{&=4i< zPbO)9;S|Sb(akB=8xD?DVtvNWVg9P@a00t$GD-IIa=)c2dY-nOr$yxMoqo~xOmaAg z^_}fA^7yK4G*iiV8>vmU2GR9y^}0hFO;5BD6uSxSG*XXq{m-DiYLh(R3)z?`KrS** z;ZTp>Dn~Hr$O9U$(nO{`{nkVo$RwVciMjwcqbzaf$Hv>47&CB^26qx+(?0GE!Me#- zf_HIk^pn-{oeD^51o?2hKzoUL(fv^Id@L=V1N>FniBW*GJ<8;g;<0ub%N|v<4;99k zaKYr#f?=pyJgX{6i4eUtziTlx!w7w=9c zi*B zW)@u6n2Pqs>jXwMTMw?VPp0#3AdeB8w3pI%b)murix&U7%^nWKo{*PIy1|E!^rG|R zE4EHhr}F(mNq=6tn=b5MsHj~I>2bZ#j$G(ry#pzIrY7Vt1TziN7&y>N8OTS8ok9so zp?3+W=!RF|lUMk674wY=^S2yiD*0pT|BSzXzWjg7U*CxQG4+4O->IX^&-BXdi#F~8 z5}Js8YgRtX>>E?TCyY`UmFU)oM&3^HX%6L__E1y^?CE^^BwUbyaV-(>)UHTZ7yb+U znBTyU=>r7P<$!h(>q(mfZOLZXMe7%*DXF531rc7+?%8B&Uhn6Zb4A)e=>da(+(`*K z2#@B^sGXTVqmGA!JKj5GX2^EjfIL_`*2$Kr6pU85qSV3?UblFEa{EWo5mw60RjD2%&QCb=-Nc zT(BQe*WZNoWW1W=2LN~_%zV<-$MeIZ#GWlkg`E)|EE2HhE`s4deap}^gtwWAH#9P4 z5N*$dOcrE53xf4dJR)CbSy*@Ne%S&5lacO=^bg@#;PuW`nV&*kdz*{MP-Ivm&LW~0 zuMtmG0zy5B>oUcKW*4_3`d%o7d0MUkr8sb7nvq(Rwm}@?$`LV2WAk-KH6O9PHPlDu zMvLa5fv~FHx!=j4g`nhZx4*(`y7(L>!Lj=n^heu6{k~ejvI0w{b8S@*X}UBlo{f*U z@IOMKE;P;&!|eJlyUf5P^WrU%B61mw-V;OCL7amIS&v`zU)0O@%`6^ztG}H0)P5-V zKH=`}1^pEAn~%Q< zHA6sNj?bpFq+7T_mMrZTwa?;}0_Aj!kFsSK3m3ec5C4OEcEYAYu4nMaCy=$O=s$Ay zX)(|&jPgy-M~C$Y#cojS4jkRao>_WMF%Yyny7pEs$T#AJMmIOd1jFa)N@gMQK&s__ z+;8zLdkdn^da0du5k-2XAm!j7c&3L#n;EHstf&!bjsPPqlx_1gH&5KwviLTzYjZMG zGBZbZ!L?avLsIgxk1haX{|0(J4og^E-n0aK^k(KD5#o~PT;iE?B#woBu$(rb?Tfmw zD@j|(K62WK=CG!~rF`c;@+LO^-4=Fu%u8By(eGsJrhIRQ?9d1H!O$9@hSs=78G+jP ziEQjTBzI&Fz@9qjsUl#R)WVF*7J60;z(lbl37 zMz+efHwSyuknA5?#ZmNLXK&m#88!b_jvj+u*&vd%to6b#wRz#dw8!P51zxdmA!Gv! z1NMTnM~cr=-oiwBw+snLn?rk`uETi7MS8LIte6k!e%p6wF?=hj8f_$Q$EjGCV`=T2 zQQ60M_-)z`DMW-dC!7kO)CYRblVJD{)RMgLJntY6^R`}v6j4#s&QEIo0i@$JJ>bhz z`5}!5d|yfe@qq80sRW$w+$mKA=R0>uCA_nyb)QrME+D5p2~_Nm@V`=ccdlu@B9(ws z!$&6)?9}jc$s|2BydRT(k3Tdd(YIQm?UBDtCfz6f?Lxji;%_vWr5=BKg>T*RM$sm> zRYPsCt@^nuI7%c3pVAU9oJI4LzTj_P;@fBZjfc2OTrd*$wgHyXEPvyDb|syCf%U&* z#l;WyV!z%byzyYWlsg-5xsLm>>fD>_S?1S=ZA%z{VDNrk)<&N%J){SFv6H@<85WZm zasPN??3ztbYGBKv4Ench!V-nV_lBb-Hav!lT+9W4zRFxJy8G0Tcbtd*Tr07}1U>Dx zLJz$lNv}Fu6zEm*GJ6zCvnY1DVmGT!7{MiJR@_@gU_n z|C9$)qSx^8K$T{}VhRa~F(qm}Wn_t^_|f*Lkk4G9Us;!gy%|g174@kO_2GWJWL+0T zx22Un$ZbSRob0L){nV@Px4q73m!oDa_F!gNj62)B;HE# znUj)76Zj>xOB-bV#RlfSvX7%t)B@jmtx~ubOB_%R z2w^4Aug58CEW}uAc5MbpkC#-m*M#&nHbz0Fra$%4-~7A{zx#~PD?-VUoRg7n8bwR4 z^TRapkd=)0vcecoS|VI_MuR1GhH3oHtBZI@r%C(Nw8@}fcp@A*!UE9lD3vP=|C`1S zPh1nK;REqbm;J~-Y`Tvv^3eNwF~E^@>!GyEEKkZD*gip<84@PdwCx0>;GpR077tFC`eWG4ZqnjNPOmN#`QHO#Yv)Ogcf5QVn;6 zBz@hk;gyDy+cpX>C!1IHv=y#dk!aq{rQlmhs8_&muCU_|6Hw1e(zIlf49bP0l1Zxs z>WpO4k0j~hWYRY!spEwN`esRLO+sBDN#9E*eL|A%NhZCdtxK;kjheZUQw4 zpQ+}5A{^7UrlIh|cwH-np1>L+D-H(8dKwy3lzxam;FQ=gTT!-hr zQmd3CCb_RAf$5?c)9Ep$0hGqS3`-LepJ9i9$+nE3O3iV}-Mu7B#Pq?uyf2WFtT0dw z;iVhCdmpBV{kZ427@hn>jwy?~;S%L~zW3NE1gz?=iXJ(eMs0BsMp{>gg5@p3-kb2P zPx{9WZ{eI)?^@ONTC!36Kx;CFuzRzEB#<1TX2V(QZ95+}o;mqte417~v~gp5+vo6D zvy4N2%Y97Vx#lK(yMw7qY^ovt$_z1 zih)#tsU6xOfb?h<5bFRfzz9-&6FU_ zYonsWT`L$ol`1b@!N6&r4_>Nk+CE@lsyx2>f_}dUJzADtTJGN@`U%4w)Er%F+Cd9J zk?RF z!5%04%?~+Osfiz%td6?A#0msM5`3+Z{cT^>ABN46X4OeOPz4N#Tb3T9o=apg_P*lv z@P;s6aJ||#q(GDV!Dh+|JGOYP&@(FIQoGji6CK8$}0hoZy&oJi<7>pAWC(H_ZU zgz};tk_kQGs`xiv@ZwNdeqrqWA}7cWK|}bHvT37-C$?of^e2()yL|x<$5CUVW$^Mz zO>Upwm+<(hxM|IFz zDoXh+&ANDmOBH=T50^jAfH=;;9r{gB>TI28UlwGsNHaUE_~hjN_pPM9>t&@z>NDfi z8K=x>nsM?;xg{ITYEA``dLl9w`a2dr(t!`6b~F}ec4XIpgKlU;mx!)6+iAZm0juAOkbSq|{nEBpv7##B53V0k!;k98});~VDuvGKXn&)qVC z!+fV@a+vS3=W0B!Xj!}lgTt-FDuZ#GP12V8p2jQpFp5}bDdG{0FB1qM*31-;AgZDv z_=F^Zl@>XqbF9DSGjou{DI8<1#={&Go^A-*lWF6`-d`8v zY`_vY1qYtmEo2k8`Cts@+?bi8q*C07x|;!J`2v>-z&*ASP*&}D+!~K6K=xK;wwYk) zbilW2E+3c4hof@Ku3H2{f_@@J^=e%Ij#Rc?u@IkKVT#Hp7|=5BaUyzh$)cKMd>-ox zQ-Y>l*a_>p!g_rXJHtELGN6l_5uLT@n{oP#GiH2p#+hOMWNX2U zZEutiz?+~V<#4dqW7|)p(loX`oJ?bEo2ww9AYM1eO)J%ec5S ziwPIT5H!uhr8DA$21&4ZFUe*k;m{aDk(x(D2t~Sc450~V!PNfV&|c~J6Sf#fbYU>? z44?!Cp5LIAS!sA+G~DU~yLZIkoPJdZ>#>BVSsVfw^^-HIWQ9^AbNBmqwu7g2M)Uh^+D7%q*0Mx z-aMHAMcOu%07bell>kM0G({QVq2(#0(5%;I|DGy}@siQPJPindGT8m3sBdw|`*%Tr#bHBTmaE#0I* z%0os(lq&bfUmLO3bh$I*a(gu6xw7Q3zqOLbq)XOoNpz~|xt=$kGoU@vK!6FNPRi$# z$--B=d?T4;c>nV{L$cC35097|x6Uo8{L<0TQ=nk$6!2RZy>+gBBqhqS*7-sz*O}@$ z;Lld${ZnMiD2-gts`4TtMDQr}{Nq59oj@>X;r*%n(wQ&^0AfA6b8DlZAHOKW(hbiO zk(kyMNzn(S7o?CX(JG*9$0MAo1$79H4MhLkhP3cq0i4@9G+jdX$Cri124tQk#<{W{ z|N4EB!%}^cuYYY*%jWCiYRC=&^^Br~;{=Sl>utiEG!4N4QE07U-`8 zga)D$aH$k(+00rtrAxm3TJDfSQ2Lonm^f|4+;|uROzC?%g<_RDb8ENrD*b1}*i~Bd zyUKhtn0-9}sPYo#!mrip%gb4-`{>oPVwaCl9vwL-#ObO0((4+fi(01dXmjtiyE>~U zq*%2z=qx~Ya?q&``hhg4cC~#yw>q5*g@Cp(GB_PS5o%N)J^0(oYA4zLVJg3Lq_NG- zSm$v#@92$w&^IEABmA2OpGu>^=T zv7}%5O_HAyzuA^s`%$O&YHu<(ln$!BGF4jh$q#22R5IzeAC=)+J{HTiZyupcQi$`? z`Qs^l=_zR_>_*(_c`8?L^wAX4r8S=aPk!(U`Maj_D=YQvuPZCfN^u$%Ds`R=zxPQR zDs}4!Ws;T3r}M|H6txc?C4X#Vkv=n_Wid|hwr$Fm(v3;~L?Ws&h#((gS++_%Xddng zJ+Q_l5KhI`&hfUbd#J3MD`2B@u+ir!I%qy?EfZ1wYEKTGpcaHygl>KFl@!T+0s|@h z@bMJNace1#O6X%i3pePjG!Dy+6?R5CUnTHDN&>$R6+jbw!s}a|E=YllRNpz$%CdOm z^@S+SjIGQ|eFX;fz3W&1oB9GR>U&WdM@4;4Nav3yQ}2Tz?3_G5vw&g0a6Zx|E+{b+ zPf57ikd38@AlgUbH%v74&lJZ!^DFn43Dq?< zEru?WqKhF`(`~gbU98J?X;Nu1bSjF37#?pIF?6!%@50pJ?TMk!E<}m0OCc!j6ozq_ zsc)$o(DUd67x>p)L@P^R*E%rMx~1h2wmrM!HhG-XhZ4nv(#%;`CM|1Xm=p2c>-Bez zI+3q@UFx@j^?U7?sgiHMneR#?sA%TvQu*c0d_yrsUP@EFmnXzQwvaex2Q+9b~sFrH9c>>>C7-BmNh zBOeBSy`xBC5Ap|fv}PN|BO)krFGpCxsM!BQ7+K{<-~`_^q1Yny-l6D7b#c)b;C)~% zX49{sy=9p!UXTj=7aGEPRQ$nJ&?mM5!M6SnqAddyb6@$K29WIYK7Z^QA)lDY$`Bl( zC^|@n7ThrbY?qAy4Q#;!{zN*zMFK%(6CCczDq~!)8j$su^nRlcQsxvq1T7IG8uB;+ zU&h>v2?yg3zN2k+3fvFtl5pXIWYTT|bx|_u9g?&tk;HaH>?}F{)XVq-4lL%0(d7wJ z#Xs;BVxF9`g*1kxmZTC8mP#ieER{|`SgI>k1YxOHlL;1ux;B{>A?TD$uyE$Bgz3W{ zRng2m5z6{FVSyyv87It_gdZ@WuY|&u$HN<`#5OiAA!#5t|BARYfs4x`S?G;)LpD-*_lVbPC)i#OI##yf z|FFH%5o@&9pOZ+fy}pu6V|yhNti8TNnAP}WlBg9)++CjV!}0_+eX2-HoS?$HxIE!3 zPZ*(PR(s1FMj*dZ(l#`(LF&p|s9F*x)Iz#m?7p06RHngj!f^2;PS{?X-qwFE_^=rT zPViyLYv54swK881rMTA$=`y|!0txki{)s@`Xa4(VpxiFGI)Kn5<0?$zh@L!Lc9CGf z;uKw!SdQMy>aXsv@V#lw)z0MSIdzKUN1Ad|Wqn60z^T53@43nZ#28hoKqD&sQH-~g z!N5|TteuS~)*d|jlx~uKy!VgLB=>+sZqIv8}^kPz?KI5tjBY)~ks zHYaR?%3*WDv_H(2?FoK{l#79^cUAP+XF+JZU39R9>C>iRKaBS`zgs3B`rK#@ycASN zXyDHxnJS@uuDpS3(H^=cD|-#C3+jmp+lhE+c5wVQ!&GRbP8r5y*`Fc1GsMU4z{lP? z7WQ{EJ;Lo6IJs9CXFCSHOj}+XNGu$qI@tleybvlYOU7MH5^Exh!SXy6jogVw#y|Ps z^$J=fY`y8nTKXec{w-iFy&KJoCT_xWwp-VIv(ui(|1&!dlMCoDpMY(}(m8&syqUQq z4ugIA6nrRr=9C7@nr^=t{&KB6$F=e~Tq~c8wemw}!kp-wnG3bLOdH%!-=71t2%d8P zx$f242Dr?GZH~v%vrxf=M@Hj>soP@Csl`cEFHU!!!5{qM(fDE~?^<4b3?5=njuYk0 zYT6o!9d=mX4zV|k`*V8Gv~NW>V2wdmOjI`(4@U2L_~o}+hT&Dg+m@nWAQHPK7S50% z|2;8ktQA`Cr+JU$fRCF(&O7VCye+E^q7Cc74csf;`zm7uQ?R~B8%_cSgB^B>KokeN z!P3hZ6O|jlDsb}3Z7JIzki8CR7^y8L$u^Pnv5w%->`)l!28q@;YLR!IqeyU}xT!2! zL1~$`8`)1z0YS7BS6f5#{61^V^Gq($JTjNC@eBwP@f5TqlzA}v{C@*H+}e{Kh4%+> z)M?1hLIZw4KN5Y&H~DcA+5}%QUd%ZgtwcP+@f2U^zqk${L;4*HaaWLCcSV!L(W~u4 zLWlb}tAA=9=<4^`Q}h*l<0=fS2kW8+IHEbL0<}KeHI7Kn)rd=QhITBpYW|miwE)C z$Mn*-lsf7%63r`|=5>g}3(fPBG>-;Nux{sHkUtb%etA;Lb4*rqfM075w)ae;m?Ugl zd*w58gelfQIu?+lADRAu%pav{U|qIiwOQXajayK=mOVP!(B${cvx@VistO-i_|fqR z$t{7cO?G1{ofOK;Z2$wgo}aiFdT`SRZW8rxcR-{BSqO194MgA9Ok6Gso=1}AZI0&X zb4;4=OY-qLYrRg1Ta_~P;z7QvA`!CKIhB~J7g3{mow;s0+Ig=O&RCQwss-{CFPM1?=WhcrL@vxzAACnmV zQvkfS6Mw=ii#r+sR4qROvpceNx;0?B&Cf^8{}sPKfi3Hx{2(9*-^+~E z3>!7XX^LO+Je1E(<_*s|1?yk1ClX zguV9-Eia==4Iy8@=#$FdG?_n19I;gXq-4Hs%t_@}C-e2&w5j~sWPW`meq3xD^Ovd2 z&&2tAG(&g-Vf}_RT=Ftg6F^}LRSJly07~}o5I;Zo!wp_rshu_9j|wwglD5aw0&xQ(U_XSdWg{o~Mm@Ye!QN zK7!qU@KE$!AV^a=4piim>b@Ntx9c#3_cT2C(qv?sQjw3%ZZ~Fs3}zF2d;{>UFx=n_zXl^a8p9tNiD58S6*X5#tA2EbfA~LQ_@^L|U^wdx zXVVP-G>8Wy(xoc>l!RyC9_F{+S_O|4R~S<|Gdmvcog~vgimM(e(FyM?mp@N}YU5YP zpY3n*KXKyne+H~2s&l1R=ZnCWkpCTECn(GI zWFK_ftN156;eynvbe5dH+Gi_@FE%Ea0EQ_>tIj`UE&z|dbrw-bkO8N!dfuJ29{j?O zhcO>U{+=N}lY{qHo68@tNAbl=tD*-0(Xp<36B+v-upRQcf;J|J6Yew;SBy(yUKxqs zX>}Ps8I#1N?sx7wE{QjOl&-}WKmw<9SdaGX{WYz+Pr7k{X_w|SEiJNNK5X^*xu7y< z2u0~DsAS6|*8xDvmQK?BOSAX4XCGLaeIU3>FT#ch1K6AFC|YDK|7-rrcIXL&4>o*m z?=cZ7qqvhp%oGf2iPh*nRR?N%J{P7~ZXnZnzuW;8!H1seH}CdGe?J@^&LJ^>w>v}1 z-}n4g_zMkv;}1=jz8dn&`1_JWsJKmY*P97|yMo!qpWvvbJM;aps8sWo0tX~0g$#>} zkc!XussvdmLg6#?RZWobjzjWSo<^3dV0iqFza( zU29CngWiA8*&0>in>)l9jBi)L_#ALkDe)~vV*F(cH6=Dn*&pi>4YWw5bN_9=x;4u^ zC}fX|P*h-5wa)cdQLQI@3-%HJWi1r<$uiY?uS0xLFo^1lLal-}R7K0`jSQm}Wa$ig zRVwQ-S@`JV*6r{8!FVj(=nx~b@YlV{Som$+!4`Y9RSFmSt4QJVea6CcCvaTIFO$NK z4zagD#8SXyX5EZ}h~gDY;Zv=Xi}|2gOti+Q{Z;rF+=SK`!tDOOiDG8RFXQ7XhuB>p zVm_khk1C`7Aegd-7?b)7t_vS_+@n&jb%+Y;r_3&+E?;z4H5iln7v1`=>>RJ|*EmE4 z^%cjLQC~~xOn~}hPW>RqJ!;)|aEJ=(t4}JUepqN5cnP>e5^DQ{{x1*2@ilTVIxYakL(Xmu5?5&W1Ls_Hg{40`0wqzgLBgEAX;NMg&cXlAU0YE{X zsSsXLp2M=<#USy~Yh+!6!lgvFC&hSY*oGTr;g(UE;dpf;($$UAFO$^`&<^o>ZeF6) zlItn;E)Q8l2g^PGyu(I^ci&{Px84%vtKN^x;oyME>0rGuGuoya``7kyx%B+QOF#8( zE$zz1J|m~TrAJr9inRVqHZ}_;oa0R&TOaX=zF%{iUx?~sIc6C?Vb%5vb2-d1bMr9-jS9EuW}&zAzDyG5F z0LZ_FcaY zmr8_ufFS0=O16N8Ms9b%CgD+b#ulSB*Z=|I1@7D{T0v#zlP=Src=C7~40I5IqaY@v zTnWx{d>?oIVwru#^A7hsAmI?(57FwF$$J05!FF_(sv3uuPW0w zzd$8=-1690l~)^jhZ)+-H{tvAVoqvhSdIScS&Ss67D))nZS3fat{{N=q->0ZbAb9*=^d}~rh8CWSC0G^32P0obvw#`*)9o=RRq3a{^6QbBVO_FB! zwGPh%L{;hEG!YCi_WaCSaLNs4^_Bqu8+YE)OBs{aj@~qeFXYhX>l&)qL3}VWB=TFq zmN*a+q28WY8xj#3@x;22Sm%kVySyU`DUd<7C@FX;Vs(aLl=}AUJvFTdgB42*OE$I~ z=73uh@G1*6BN4rQ+nQ?;Ot@!h_MYJB=qw)FfpqPrSiI^K7OPakX@`f|!z?ySu+E2p?24g>xRTD4+ZN+U?mlQ+1~vCvny#_>47sOW;8l7I`M0kz76v zKo>8-guFv22NO~dhlayQ5xzanXtifo*0iM*T%%V;iv6<(7*-H45&lrX&MUn zMdS^OH5|dB8(-(;v0SWaEY9jEB6Fa}!|%VEwfff~TK#Yi5pa~iF0INfd}qG~nXxMn zIW8#Q6pw0@zKAEO?p5dDDa}fkvC^%qyhB+*YGd~Zth_ZbRtElI%?Ak#RH_5yhue#- zU42MN?w7>=om%+2!w|}F^kO%B>lVF{Kb|kmbAMPi_}Kiw*V$6j1bP4>7Twd79CFk+ z=nXIy2Wi{{Ss%DayHlD?a2Bhh=LizR0r#S8y;j zP3~)ncF~U`+sGj6V^o_#E;&c<+~QwQ%tuOlq6li9Vq}Rk@^m(4P4>lv`|4UcsW9b{k~O2^T=-K<7P)5smC*U$uGp_MXoE$_sKXt8L+S2jV_h}2#$>-P zozFk>@CS1iNjMG9U=&NPsG+V>C*cnxd_#a)WE#W*>3D4?Sc>AiBk0CSJ>}z`BnGzP-bDb zTVf|EqTktm-ARhJke#HROu}Ut>zt4-m$>yI4BgR&jZO3y;JIg; zal;U{lzyfQHw@vXp@rb~jC%N#2n{tg0A@O1+LPA{u`HKj^Vw#u#?jVL5oprGZqpn# zkh1FSl@~MtG(%8cIfUJ&mvFbK+|hLUlzFsm^I3KQHlOzFESpa$)Z{HeVf$(2dOPRG zc5Pm7c0Gx}2*KBM8^HOw1Sx#e&dHO^I-28)j>kIyF8LTr!ovGUEy)6#0m>+m5rz{u zHhf)^@hXv#dViJ3X;|I=;*~b;+T72;{R*=_AkC##-?Cmny>T+t*w^z17&5UHr;s~w zpd_r_SGrIdQ+ZG9D)=tHw4+Sdp*A)owa%rRs@ip!Su^Ed?(s)~eqp9(>Cen>xI1tB zZ|mUY3}5RIFRBE9Vd8Rnw_k66oMV}&oOba7Bg<*uBS(~zjKbYgPmIR8Wn%kRWE4hf zQvpMt#zI#)XR|vVjee!bShEHSvoslcZ(_XDnV0gu;*Iz&%e8@DP$Z z@!N;ruC<&JMaK?FJ0i8IE4lUMzh0EC5VzheK+E37w!H(!YHfN z&@R|r+C_8*R#`_qN`8g*=a0Q4daxXNutNHC$3wYQUX$6&8vCM65MCF@=Ul}~B+b@* z?TX~hzX=kgHnyuj+!wp%rV?X$K#%exZLq&MW!RB@wX~0h2SCX0B>}^2y!u7SeM89I zw?Ha&9n%BnE@N=%ERaBBp=a2J-C2bu z!ymm1x|3+wlVJ}^7?U|1U;^xW&jm%#>rxy`YqJXX#r#E&qY)D*wj&B)Ac`V*(@-H< zmv6&?#UfOBAo@3pVeSaO4tdz#mp=nso>73S)+aMuj$B20=gYF4_~y|_H`1PpZQA~s zD-DkE^HZ^0Z3 zeQ-5ya4@635R_v<|2{sO3l`ieq&O-*&YX~<* z5CK%CPsQ;=zU8@}bKSjW*MBef|8R7WkGiSzCF9{>&r`AXIy`z;^qWRtaUc3sEJ+A0 zznBcxcrAI1?u*2Lwxem6%V^y3(ClT|Li8@&NF)|4<%{12Jkkf`kFeWzk+O?=ps`V( z+4*J$qoIg{t2f636>(b80wd8IWGmRDv_y_mE@@9{0fSyI$29t}2Py~5{k>JhXO}#< zMl}Mgk|@a01Bk8~gWR)QQ79vkAhCRIZp#L2be>D}xqLh8#B>~4=-0(P_kY#Onu!HpP2G_1 zL(ykpDdXmH_OTCqZs~a7QpK`QmKjH`EYW3-Ris;$B7N)YfLc^lk5r2j|2%q0hjQg}c zjSRUY4LPc#xaVRM%gAUBaWtwIGFR&^-2>NLM>gmaRVIQ9xkodeM^dh8DwhFyc&tqS zCW-!`JhcC27~f;@6iR4#DqRA)l|-uNBGMpGLMk>}zLV0TUSK;X}SL81_#rYw>jHf1tI7%TjF1d-c&9`U+sjNQ*evC!(o(zAAuKe}-lEpUhmo@hplr@hADY4-{8 z)H!J`5JKQ@E*g)gryQb!r!8WhZkRK=oTR~2)finD8EV^|=daRsVJG2vPVtzKU)C9N z4lz|AVr7rs#3XC91_Nxu(8g+sZo6dN05L6VD$XdtcZbh}*+_KtSu}n)ZX_MdeK~%- z+1mYb7NQBz`dr|zQlF1|*ZJ0$Ova5NzpOrs9AYnlNYv-MXD8~@z9L2-CPxgR{4s`N zzeLs{ipiuJ8yxH$Z7t|VNm*ck^CVz#x@c()$4x~W$=nskueeZyvAQ zbNDZG+gNYpN#_xIxuWY{+NHFYcD7+U7gHJLFy5zmc#L z5OAefe5P}A2C$wK7W zRYhArY5o4FfEC~9gU&$(3Njm*uqf>S27ZF= zNqJkobBYh&qc|kDjp2~=#)=W$2)A%-hh#Z;O~y-?Y~=CTq(8zf^)qon9R}Gx)(pQz z`z_dSH-CGx*V=2l{7%?e`6CV+LrC2IgRmRbDBR?d3O%0wnAo6Bb!Q$u%O(?9P43bg zz0pC4tP28~p^q5%QypovFy%f6OWlUaeCaswWD$#NRkth5$_0;#Ss66LVeV9`X}b+n zt)}g;c+|IWP;>eDrcI{p$S>2k3mqb%?cF-{-v3!Q#_=#Mwbv7l$8$!j^WMQ}kIQLq zoiNQ>wcEDc`sv zy7e1K3PA|Hn&4ZtROM^Yws+En=*>1$zPVmm%Cbi;V##B<5+o!aL5;gW_vgF2dM?RnauZOy6tfc$%&KQEOZ2C1)lekPUwxVOZa zo?oBJf6DVeYWaRu7x)wZt*dk(B*g}VV7ht+RRHT|tvbC|RUro-`r>P-@&R#~CO&_z z>1rZ~))g<+{sSDzs4PNqs%!NwFfJ&US-$S%RIGdzu5MSKZ`FXEmc=X3c_kQp;yb(< zWw8@2-Q0tus%Q%~wJnmi$a<(3*;R@x(CAYhL8gWty-_FlmdXNn{$2bm2c5WsyGw!Ej8fn1VhsSq_d*uALFd(z6NQB z>zE$qMs0KP7VZBFbCaZ|^D#-$-n2V*>vAdu>sN9%kSg_+CqzApUWOaZn8M_Y1m4x2$#m$ty{9daE+ z7fE(>Ug?Eo@92N^elHz8bmZTC*6J>&QVA~kS3Y2t^={AqVXA!S=+}FGTPpw8zGvo( zp8uIt{<<}W{}j*9rt-r|z(JnBM=JkL>+aExp1(QrbpD%;| zGRybZPh0O88O^`n6ZDU2VD|R*H@JL&uZy%^qb<-U3wXHcXfCu%U+U#WT#AUQiY3av zSxeS6gD1k^P{g8XkIyQ2eZ;~4&c)1hH^fCTZA0`tyxlmu;v{hM5$L5RmhX8eX(iIj z5UDi=GPz_!71&XxwJ)YtDhve9B0%IGFypN&n$%liaQJ!l#0nY^W7>$aBdnnP&W+(X zw&iUsqJ04j#m%ik3H@b@2U9|Ukl6&R@g86^wd7-UhDVbWOC~v)HjwHhNPIF7C8d2; zy!8T9`k^FByLLr=!cEFpo9y(S8&0nwIv~P5H$Z?HH>_Q}{21mf`~G2`%g9)76U(Srk+r zK<)$>g7BAqI{NJoEE7mNbD7;k7_x|dJfC%96P>Xy5rg8Q7|XZ|W9OSs|U z^m%5Dt`7NS_UaIa_`E`(0*mH@`(zvyg6{5l&TFvhQFj9wyTO0a_3r}z@00RwpRl~X zA-eGCgj{peQ4`Kt7<}(8{es|Hm3yV6$LU%bw^mSk%i*SstIxEmTp9Aqs`7bvf7uZP8*lX!If0nKt=9Y=&ovS+n0pxa-c@+*U+1cEcy7ryUc8U zX%5E=XT&!x7~~!SvaFV?088_O`-}v1sr+r13NMwv;Q-*@I5=wU%?WVzKR;k6A3?@v z7;e8vxpK;Us6(g=8LKb59c;$DRUF5o16G2vevi7ut#lLNBDBHpPq&tiHK9xfcR9qU zT+r8!Zof0;;%lt2%HoS&dDS;W*Ao5bQE!tIoW{{1zl@9h975Y_1XRlt z@5?|@U^vKWF29Tu9=P{R#LTI-r2e=ii=8bBpnZm00h0#e4(@i=3Th7_Ke8~Fnhow^ z{mJ)aZoM7J%ajeq9GeXEBk1alg)@Wga_qPr9N4_cR(VhabGTOFOxEOzItAqP4;i0h z#&`$;fK8gMA5qvM9w!Sv;ONa@EEW{pA8N^cNN$j11j?g_UwJcqiN%ujjIO2QZOufI zSpN%gwh0H&uG^eqO2x_=G+ti>|6qDz@vjd6i?7WcDJU5rr7KgK2Wu*qRa1t(m5j+2_u~G7y5+m0ekfE?z%0V8@8Id z6HRc(CrfV6%R-pjSFbj@PBc31J?s;qUkyl2bU6Y;?BEQ&RI2a$z&grW*fSERbgme?knQtEUfWcFe9qYCqh>lYZjElLWQ!J_x0?}KZV!iQLWfS>j z?ejvDLF^eb(WimvTl$imWFRIMr%&iin8G>}w*?|8ckl`)ab?IaV`82|m^+9@mJbt@ zdA5B$f7c#+|EyIN?%i!g>>X+@V^&`>g1Pnj*dXx=tW!Wm z^aW!KeuuFsy&1*Nc);(!m^YHK@6E0O5XYkl?(jHEgZ!M>_}1*h?oR66glzu7^`Pk{ z@*QfAX!Ec&{YH#YtsAlS!6RjJJT=?%>p)lA|HnkHJONWc& zB%(-Koe!@>OR2H1OLUfr_1Gq7WYiwJze7~^*kPIACfA(f9vhoe^saRaum`MfMuGMY z2Z`21R~<^zRlWu6No2PyUIY7LP8SSgu4My)PxuitWINs50$BeARa$_sGpzXplkPDp zLUNT87~jeBNr#v!5JA2AqE@t7Y!Bx^uyLJ~hq3zaiME2`KIipYNE`N}U9|tUte;1R zE#vpEmG|F%@bfl0?lI~SB|C1*&!yu+M3mTsI&L!}n4#nTGw!%_*68<|vv%%1BROlu zXdNh4cHBFF$8={hH{{cTw6nJSK~E=?#GwDkFpD#8`z|t@oM=v{~;p z6$rg|@$u>2Yx$w~p5gh44wyLSd?DJ+doSBRm(rekE1YyP5{0L+u(V@Bc}DBKmvpCk zFFK3d9c8_jBU56$?JpZ|Z#d2r-Fh$b%UE6L5Q*N~ujB0@>!>K~y#uy_#o`=qor$kW z=isX_@g;wi-WK)*ztc%@=mNG%CWab~O*_#wq-ScH`ejcrcI`yBV`3TeQfF9%m(mC6 zwW?IcWGHM1UgG3NW#~+Ys9L@Wk{AE58;UdH=l{1n$f zxqbP7L?m3H)Ar>rNvg3E|EJqh9n#It#D>!?j!k#SO55@LF$R(7kmdmYgj38gPpCy* zSe%`}nJ8=6lRY93S0g{U1r1|T}3)sfRzL(hEvqWhY(NlX1SL25K3Y^u6KQ3OJ5~?u?0S)UgLva z2pdOLg-m+x^$QkyJ_m`oQX0%4K8#5u(YlBK1_!MX3JNs3R{+1EyVa9{q(6{s3m_c; z4r;u*26CAtUD`QQ(H;ZQ$|a(%!$8=LQ>z`>HA;rlcDWFMZ2|BFIsKLE6Z@kJ)UEE$ zF9dv3Q5H;~daHhAHHxJfAFZ8rfi(L-r9^o%l{2b(Q6} zHJ&yG6EHLWZM*9u8&p!+J$fk{Y!*XA5bH`mCj>N)pUG~OAyM1E4BY0v5K6Wmf!x~F zZvY^->Yt(NJfv{`Rq=&KpAfv5mh-zz@Bay;5GLefb4BL-?nNK;ickfR&Gtndz!a`0 zV&4qc%f$MC-VbH-^TsKe48prhg~!;jQ6~_}%ms&LU0Y!kZkF1ZX8e#0*8t=Ol5(sIsCtOJ19aQP8uZ|~5*}AFzVx_3u|D@(j**e>6Z~oFQ?mcyt|MIG%l)~Fhw}?@HKv*} z$e%~b`$tmqSJ*YgF2oHo%6O>!KSU1IJeZIocJI>NO!s|`(g_!3MB<&Nr#?rxo7Pb6 zLp}qTZpNRZ4d3MV*Kps9E&$563Xw5nQlSqWZC^_DSeFZ*Q72^1}eLws?@1o1@0%sS^LBlXLJ4B z{^|?tDQbEB&G3<{bFCOuwH_G55ZM!#YxQ!+Cdy6IaziNBFiN?fdb#ZryM! zhDe4W`4yD>N2vm#2YJoJ#z@Cil9ry>*OoI3r@RYyC007@ML zOf`V&=uOGMondk!93N}VDcHhDI>UZ-v=qP5jUWgt;8Ib17dks+A9ckIU3}XtH>E?K z@bOoaXEuLu#YKUj_$EFP6W?x#iwMH`p&6&}i@^&}hAh)9h&mQNFSo>?3!y9F zVpm+8Y4-%+w;QZL0p$+Dehfzi>7Zv_h+3|F{d-N!#eI?=l`A&8Q6v1rg%{hw*@bj9 zA--PrU+|qISyWj*j0~;jXrsLfgWaj;i&5wYDhOs_f4=E?+!_W%yoN$POj}FlQ#a8b zFokz~Rr3S0wY=l2juHNPj%u9yS4DSnzN`x~WrJ2h1})Av*}c2LNEtx40H_dfmr_oDNv(ceWtq}oH;v%mE|_H54I z2BCO!^f&2M#OBM#ld}6OafOAR57U9!OqE?<7VZPmSfV%fSgyZW0O=?9RI^Ir(~Ayc z|J+kJGus#4i41)DQNQlUk(rmm;fjo}S%LgQ+P;h^UM$+Iaogo?=8c=c=b*(!DW2gQvDAy@rOsxlnQE}e1byM3DNnFpvYrGJ78`P9 zp@(cKAG@qnhc~#p+Y#g8n7K-|WLOtdM!7|o9HFCo+sA|k8$_;#=$@U=)$;BZ3K@r4 z2&_b~*wJMqW_Rp>-h&0P=xKh6;0a92bg=kpIm4~}yu=Go11NpSehT02{r)6! zA;*^B+4-#-`1~C^n#fPb^0~@wKZM5+&@6wI*g{xxx%RNsd~$^7%f*23%_7-5YT9n1 z?oEJ1*k3bkToN^9Bo3Y+iLe{#(L=|p#chB{*5Y>*#{_B-jz52HToSX&Nbv9lceNlO z*PgvSd{CsHX_xYwT}Vr}O892Xn}@{PTnHv}mytqazXc#;r~GEu?Mt(_w`cEIn!O|J zYdJ}LQHcni;_a{MaJ0Xs)uGMswSF+hw*E^evwy@V1t!(W9!P=+a9 z9C31}@d*01sY7T4A`Aijx`=%ecFdJzJF>Rkm}G;3{PbW`kWtCz9b#m%|H0}~i9OPk z<{W2VYa2S7)HW#1L5_5~gO^9{c5sLt1tP9(^loenD@jC9EBYx%p%hQ@SD_d*XZ>`m z=>8$UtO0-E5ZjegjBo}}j854fYbN;am`r>ZmRxLVZ?g>hO2*6&UaCqLFiCk1N}xO+ zr@;MXVdz@tXy1@u#`8-bv0BkZNU?)=C-!+fVkqSofz(o3h)9QGSu920lZ_j<+Hm1f z%zbg+sO|N)kvj!m9vgdWqY27<54zNpiCmW__XRIm-;A`%`Om!6eB2MSsZ+EYv9!pP zR+M3s`w}%)@fv%!IOixOkApUE_h26#Pe9<6_P=bQBP?WGdyq<2+!p~Cee!GjqDwqK z*3aaHu5A>Y^(nXlWzF^xD{PLhI1h=1jvNac_bf~W>lxygv{Bz%sf7_!d9Zhwk;;UYp=5?zVHOsn11%#loi57ky8wg=3@P>e-QAhhHGVbJxBvR)TP2%t z!r}7E^$P0D|MH#g%wrZ=oxqMsNPIIlT({(bLl-1^K}6@FlvkCp8iC4!Infsmu&zh@ zgBc_|ki7*=S`$jgNJzC^LczmqM>xknc?r#{<479Td{MxD-eDILmYv%p0IF`@rOcrc z)gR$HZl9mDY|M-nzX@>^4d8@W^s8se^sOHrlCe6>7z;jw!WbK4Jh@dKhmLNz3|v|( zm4OZ9R&{x0761%7(g&PcjSxDi2pyNlM>0BZhR!aGcqMc)qUoxgisD7k8=2pF^!T&T z+O>m_WE^}>D=hWvgn|dXv9Wzd6WI0QvRam3Ttx7hNTQi5|Mr%CoTNy-lCK;W;Y8Qs z8Fri-Gt32*s6De#bxumYgW>>)uP-@Q5~vC?z2NA98B&o*A?yC=iFzc+gcQ|pAF$$> z)9?}1)PXt3lKsZHzQ}-kn+FMt|C9(!N`6s24%KBysfXPe>LkNStkLk*y4z1cyagHAuiA6Ty_`pq1%A%kklo?dwh zbE=|krzHkBz@rhXN)i4j+#en8g@!a73zzN+P(AJwL~UYXTSSfBsrC{IR0}r5S|M zV1FH|9NKu0pImqf(bReA@OFsT&M6;HA#+YeIgkzkADWAg=q1_}#~f30x?><5_?C%n zCo!Pn5CE^v!sH7K%A9Pj$VX>#D>NBBO$OUT{Z$6jFxY-@KO1ZlgK1)S;q*U4EH;=z zv}J?oU-z}9AGz?qUoe@1I~Hyrccn8JSJyB~a?j5Zh__oU>Hz01LyNL)E<@`j{wlQy zQ^vELk&{Dy8LJ<4hz~17KWG$;4O^`IPp2?e;P5ugS)&?I#M&|t8gZF@;!9XgVi zO?<_S7lti-D@vC5E`;a$_Df9s!03!xp{EJh4^qm#X0*}6PWW&j&lOz8-ubA z5yvVd2HUr4D^Q5G*h6Xx4P%E)*4gi{<)E?H^OTtj{Z*I=-xzvwZ)4`TkYC13!6D)S zJITzd14d;A7};&eOkB2dyJ4awq#6G5oGf~=w2sp9?VD!4+xH^>Py6f5obJR|}hZRnG#0d*<5DSB>vgw_8 zl#P3rUYYFM&L8%W&db76Lr|a<+D1%?O9|CiU=r_fm5We~9EJ7vZ9&tAObJJ|1^YY1 z=(b?!rq~wTj8Q(>FW!Ey{?xPo6I-x%C^bP_aN3^Z*@A-|qQVx4lku;5spG$Y4{@n zuS-XN2R#H6s%zTj5Vwt_(;oNBNtWA&&6!y8KX)cqCRRF-gSbyNv*Uh3{plz|b=wUW z9NiX9TyA7hv~1ifTH&OTO%(psQ?Zd{VR}jh`65GUrE*(dXY=m7 z&WEPz6zV){Y@R->n}lV2TX!{>U~%zBwJSY{PK6#$scL|{h|{27LS4dX z(4xo4E&2Gs2DL1FVE*^-kHh2!X+vHm!?yy~BIN?QRQ`rY`9I=nM4Sj>t?@Q)|_f^?qr&r?qp&2@x_8u zKW=XbM(t!r8HYS_O{7cZZ@aLvRQ`qzcf{tQ_S7M<5~?pt{57pFf8Et;e^$sZv-^Dx z@lk;go0RIzKmM6?=H-z3a_Ic_02`q*mrmsht2WGoo2FR1+h2vXpk&88;p;$puCxsd$Y}a1L`3h zW}kW!)wn@*tq4E7)eL&z~b6)=RtE>HaGE9L(8Q-)mj%u#jJ-&u2IU zw=lSC&2cl@e+Cku&!sJ6s$X<8O7$Fn6{^9!ZRI$R4*6wN|MDK=OAS!mi&kMU!c{b& zSQY&MU+)wKmJp3r+v3As?N0>)9Fc;hYj^ZVhWs)HKI;(m0+C<6&3wQtLL>$o;9c!Eun0`>1|%7-io} z+fHDkW%0`L=?`W`NbZ74YU@(VLLj_fucqVq#N_TeMDMsCw3-!@npk{%$@(Ia&UnD$ zKl754J(!JtWKyvS#NUGajnmz0+%74o{b=h|no$ z50iH3eTouQ=KNSTZ}FPPf_%X2AT*qK6DclUgpsvQ88l*$WwESLh)(2uD@+_mz5#Pz zOoI|r$I&KwKb|ggM+g|`CA8&{Tk?)%i`=$-+h3)Jd0nF)*J=N0vkuu;Hf#I3=bw@) zA7*9ecs|%wa)Lk1>W=pO9VMT_NG=x7#pS3z0|M!?zO}U#PR`mAi^cC@VW2g-GN0%x zy%8V1PsX=Dc_~`dWNy>mZ)4U56&*mY87Noy57AT!xGYB%dgx9^2g^j+54d5xl*S!^ zmGdcfbkHHf&!CK@A(-HktbVhyW_0^i+98g<^G;^Xj@4Qrzf2_m+|eNR6bPYjr|;Hu zP|cmWYUy)o96(hz{FK>+)G4m=4GsG~!Yyeu1Zonx%Ozy}dVrlAw1&% z+gF7EzfPTNIT+ildVE^RUQ_KeOD0zk4%=uJ3r=-<327ehi1be|Cbk zc5QHUKOxHHwZB4`BPU+_1&Ne&?T2@;+BYUa%4+{>2bwBCZh%Ok7A*yJt(Lnd56y}G z;~01)T*U9AqiG>92@=SjMh*GF%vaH{=!%7pVVp6VR-;3qRonIjT(r}_;m^2IQYS5Q zGBW*;&53ySehlWO(`o2|0j-KY4o_GPbtl2!p8!|s%f9(R>~bh|y-^urEZaYwN$I1H zHxnLT_6K9u?<3fxu0e?z&775kR&*XC=35T(dt2xwrC7h3Ug~ z4I+uIyGG6mLYj2Qc&~6H8bF>K@Qe;8&-HjlW#xG)eut#uEsNNbbwji4=FsGh-1HKs z$|%zpVDlMtEuxQ;Mzo@6SpTbM{W}(Jl;c~Z8yk-&UvuLzB$z!jX$^J- zCRai*H$4wbJnh9JV77Be7ar?J*)K3M{qs@0W%0(Uns0C((VN`}la1<5+M}Kaq|RQv zF}Ln7n_({In^RD4=WcgEBGP_;u4mw<>TBmZejmLwEk6CX9uWCP@W}%;lXaaJ&-u(` zNN?!S8Pzr4xJ1YyEjM}Hb6Au^&ZIpWC)Ezzckr$W-gMPAd2|6%eKe}faAO8!?%v{}s+yud4&9KEBa z^+vCZVTfvKT3;(qtF38e_#{RA*Y_d#OiXgC%Abx~k7YQC76YK;L{FC-rA zt+Z^i%!(92U?D;L2*DL3_y{xy$XUbX_{BdFX}dgEh;(^Mq${*+vP^r5Ah3`ieuQ8< z37!@cYz7hh!`G(u+urhukXc%)&7fJ2ELGGgT0C7$B34RS*CjN8#O;an^${!#pc?@p z>TF*Zw;zgHZn_8T0vHVIG#Vxo43e7cH`fWO5z5b(^3-SJND_o2eG+`~2#$`5Int1% zg*2&c77x@E)wu*m0I|@9hlc7tIq!al$`(W^?oVchh!6doR+;=DRtei0(6hwuk^8 zSM)=uYHSvXEHM~&(Cl%%Twpln%;RC?XvGG4q!M{WrXW^0xdfv-TEzUk1nNyPJMZjiTD!^Uar6&cL>frL@;i^MG$wl+iyr)} zRSQ;`2k$3zcS5vwq)Qqf!H zwx1G^)7FAVu*9Dd9pW(!2jAvUJo5Q5g|H|<45fsR?=BL;=k zs>-&|#+2F-M!N@}#Bj(r+O#UO&?qqUoy@Z;oyNzwO3Dz0%AnhVkJ%u8&0GIW?GULH z`T{_BfVu7S7&U6zmT>B$f*X^{VyCkAxKy^Tr1G8#Qd#O$9(r@Uy4(zivbx;GiOK}( za)VQuH!hVUDyhha;3h!jW~cJ6H^!^W03gchQi{#xnC;T-RIVMD%EgsbS|&(kty9@| zTq=_*sq8XADz~g@qS9AIeg7FxVm|^znZ#^I6%FT@66^K4d}>@OnMx|QqiS3#NB`F9 z@}GZ?SC=ONQC621+2JRkV~=}Xt{<1mC6!d#Kt*;`^>z2LMRRSIeAOO>|g)qklRxTA`oOXY97n4zWeH!L(=z}kmNKvQ4Tz7-M}(a^>G z!&Ew*Ftj?s<7d*~Np|EG`F24jbRwY|zg;NWDewMq0UeMy5$P-4_%94MGP_u`2&(fC zar2z}V39Z*zj^fkpScmq>jF%;FWYm1h{Jt4eRlG(b2; zphOs4Vb`|-Cw6nSVMc@MHzJ(EI<<3VS%PclY0DAqKo$y1WCbLJ`{zEhqrv)l)lly zE5`p}gV-y@7#e#UZenns)IUkz=We!C&AP^ID5}oow1A}YY|r+qb$rAmPiBnU+ztVq zuSMZGj8*iKvZDPzMbW*-p!J!1)3mlg#;F2M^X+SUUb7 zGv<00Jh0EC4MK`@p)2Uzi;Gb9f>edCvIXAEW>Ni$upRu6e`-_toZ9kzf*ZZt^G6OI z>_vHF#SHo@QPNz>4}AJH(}R%>8Wf^P>%bJ;O*v)OqL|$Kv;`5UFI}}TC;iJmtkx$xczOSL&>==YZFGgk zN(wxAc+g+OiiK{X-QsP}xsG?Lqt0*kafph!L}JbrVHZZ|!tzzCz*y;R&$;e>)nqj) zPd7S51y6}N*U4k>^tR_*A9RYN^0c`_RPdCTa~1JbzR~2=LCsK|n%JD{oBwTc8gxjs0?E&s^;g zVN{l_Zx~bVdBz2eKHc0&zB|SoT5Nnk++wWp;U)V#oewSDKOSd%D8Cl}t1JL+=yD9p zFNcPf^>W;_l?i^{Gy?-zn;aujH!8?giVORrZ(#I~?YrH>fpWcq3Mdjc#WJZ>k3Vq} z%C`XJ4qSu)YoqPZrIYuv#_Odm8&l&IxTh{qUxzTPh$(Mb9N|&?mJtrJ{SZAf+OA!~ zk^?9<03#e*UGUL!g@5|*bK9d%zD?i)l%rKfRR-WaO*P)JW#imc=5YV}5Rriy?W541;^!j|edl23qCn3Jz?M5B`WqC>=_N+i{V z5pW`;!o++ZM>Hy_Z5$#d^;eRbK0#7pc7Fd$;|Z|SA!1T5l2jl5Or%y}ihimi8nspj zIz&urBT3DjAgM4<-}txjYW1)~#H3^!L8Q~@L8#oA8W<+)OB~UtwK~%wVp1=$R*NP` zD$Lk-bVQ?)dUa!kvj3f=swYS)OxtgDM5B`GaEQ28LnO6Ahn#T*80PL7M>Hy__c=sN z>SdCeIzdul0{`0=$5V?t9U><63P}}cJSJc*!mRx~M>J}!at;xb`frjN)t3HJZ0RkP zw)A~6DZ!1kFSI0V>5n0ucv|$fo??R^&rfE<;OqV^jtRB2q)Vn#k84`bG0VDSI+d-a zmD95rMffsV?*Yki)6WnVb3Nf+n*;x9?V~es*y>CJYLTc02Ns(QU>+emmoHQ5oK|q4 z_?*9{Cj(EG4E3=gzbq78aELtxLT2%{eR}cfACX4u zt!%V&Au0+Hp2RSIgG15`>ajnPydS6olPzrG@e9Uz6g)bK%_19ZaFG!9V}W+Wq1&#b z8W2|bZ7&SBP~g<}2bOH?Wa5}EPw-^~tQYXowEaD7mT2K|L%0C9TaJfZ^<~MD%_xkj zaG|slzpP-_T5c1Ju0LMx0YYvQa^(An0O;>|8qGa{dw|YS6{K?kC#@Pkc7vA4l#GNxqO2%7p-^ZDxi3m^~$JM02nS{^CEi|1%B`G(<)d(nqR(xNm5ELbxgY^IVt+n=k-*;xx zhI7vU`M&RYKAwkW-hExSz1G@m-%y^+?U8zjk12CkwhD8R+lHLheq8c|Tb0L9$TPTQ z)f^iK(T&Qu?-!o4d-t;YgVZvfuiPfi&j`I3@oPPPBxr2g;nH;js2AVT>CPK8p)n96 zx^t_yb%P&L>Pzn@UCLkzaN##Fk?Y39RloZXOeA!(jE=VQ0zW|k3^Lqu9^G9L_vaVK z=N8<&62)Ij!62Si23bv`?r4N0Q>WX zWI2?m30M1a?zV~G_Ofyix0Pt3b5}T z@2&uA9o6f<#^m}h+>O!upv~<3#s~hWXUmaboR5t}WhP9Cv)TLonjF3Day-m4;!`M+ z7{eS>sN`BAjs2Rr_$Rs)&vC_1pN0pv)+nSXjYGBpvThQik%Z1M?6PJf!Qr2Bm*S04 zYst3iG1$;X6>ZoNy>%{wp=0OeUd3LPZ0Ck;>TJn!!?ty~JqWD~hVs*O51=%1(55#f z2@$mSB$D^BgCsC0$MvS4q(O0yIFftA{sh-gu=5s;4uMEK;}a9fchR9#=^Y9lNGq!W z1BRj~lw#elYKLZIUunb@!*$(9E9gutY=_@RkJep9i+~EQ;PxzdCAqGN2pPVq?i!qt zN!(Dpqvd0l(hT+#UJW(uD*(g=Qb2-=xN}^0t&4r3py5%0I}stDRv5L+8|Ct(nX z%o&(mf@$JC%vU79Ji6|O0F&1#`?VEH$@%F!wg-j>q}Kj`GoQX=UV1~_6^tjq!Nu~_B9~gKyYhcb&tF1>jGpj> z*qa4Amagl=Ts_~@bE*Mi z`(O3G+6nhQlU;tLVLctaPeKE#L+~nuxhA|D|13q=PXzmy_=CbT>iSyn3px!gaUR3- z(0)YS`d;eOPF~SDyaD$a&cI|7GR@5JY%~N}n3o=}yE4}3s5a`& z$m!ZB4gc_;eWUlr8od!=D>TZ?kXlRBuKW}8>-3eRxIfjDR2Hzn#FaK35z?ehzZL0g zn($9#(X1~tOjn16rWajGCw|G#e(W0mJLJrE( zWVm___8Wd}!uXHtVfjt>h)s*n3=`%&d4H^z2k+dteXG-s6VKMEXbIpff=sxnkGh@w zl!eRN6#;nQiBpJ6A6G5v9&opO&-_oi{4Xc!dx@Lx@=r?S`%{ejx%_t~^8G2s87`kg zKwXm7*!5jI!9#EhqX4aJ&cE*WW&)~LezZTb(X0%4!`)x82i)VQ7#rrv&;e8BiZ(z~ zdH32bukgi~qJlZ~O>V9Kl80rq7|)Nd!=c0sfwvUg9Yw=1!fv)pGgmU88|QSCUNUq;u@xDxwI3F+Ko zDMuVH#&`&02FfQ9L^;G4mH@_P&!FGXM-O=&hWT!&B`fVov_I?{Ti_dtptlhxfZmA8k64*`q%r`i*-K%U#~is3dkK$tbY480--s5b50%%1BE)T zDU1Lto(-dy2I|gG^Udnc$EFeJ!SzWZnKU!s^)UU{w&mk zIm77&L-5UqD=5PwC+Gtn4BA22vs~G8Tv-!{iQu22rWr>Dt7OXt2E81kHm?nH!cC#+ zW{8H17?vO<&D2WaHLABc&F&Gr&{j`0*S^fp9+_A^*LDRl*S^fp9+Bwh+Lv9PzN~!q z*kd!+9yizSLEru8wjVv%l^2)Rb)O_0lti2N=R7PdSq=-+SP-z}JS<4`u;eaJ=Z@Ue zlfLxw^rhu6^&3q6;g>)#!jhQ>GUVWz)`XvtiB@NiB;$}x=Acn%+KV4}Swk85&Y>8O z?s`!9X=mV==Xw1z%j-TNl1|7>boY} zHZvx-8XKJOXPF$i$@g{O3x2v-oG%|E#04Pk{g5FIE%)8b&@yZgy97ljpG`;@#K0NE zzR zS2||U{6&C8ipoFn;6@RRReztcY?EsMXc&Qc2l@&Mo7 z)jH#RR!dM|sIx~w#zD#ka>!)tcd^$z>BqryC(%#^$``X5+_r_kMUnQOl9^prtRj zzy0>Nhkr-X-TJ4CUPE-(;Yf~lfLY)srvB5}9QC^$NQ%T|aKAbf7-8_EkpVRFX}0HA zXj%tIWZdnx9Cy3*2OpC?+)lt;=>O~5D5OZPO9!1>2e1^oJh%jkLI#y7>q!C|o`B-O zi4Fv)kJZfCy}7Rd6MUd*YEcZB6UDzEY%&?=ri5%~H~RmiRvsvumOp!sjbdGYlo{AS za2*_+a8i8;tKqMEE4UhBMIS~X)oeK()K+}$?Y0A~H&NUkS15<#ELSK2#Xf}M3kfK$ zxXWD6x49aznPWgQCaC{p2`w}wTDbBIx*%}3C)OM01$?QDD1nUzjml+c7J6$h-(nrF zbk!=&Zy`JvO=`EqhF8; zqwjxRXF$(%KtF|&CaVL%d$|m$n*xC02U@N0??w}fUB*y&tyV<2?e4U4x0IC=C^P^@ zik&!Y5^z~rIa1jsvm~`qH7z{y%cgD7=zj@;Ank zCMihx`I_+?C3pBmr2?$;)dsw`&c|?vtXKlC+-`h}u){1t%sEINRdD5bwZZiWH2Njr zi)#(m-W;Z+)aURpb1D2>!&pXe#UbK)Yu+-ZV|x)a+}*G*#o&+Vz0z15C~bCPztqt2 zHd1Ffly%8jy#BdSe@(u>y|h2g>ti}&@e{_|wVA>y&(V7vU8dq_39WcUuZBYbseuC} zRzoj@7DZbMehmi_ayA5WI)nlV%XbRu;SvN8W=L*ikt)#hdZQ*xW(gaDf;8&5iA+`| zD&_6$NQXvFbaiWxt+gL_o17~IGx6v{6u<)aOFgtERacdS6iT5YA_9Y7Fs?>Bn6_wGHF z7={{Xe&Dt-N&gufFtqiisoR=wJ`CcWehm4x9*^%3ITdXQsl|nJ&v_R?W^i1lCCfo% zPG1g&5gN&z2ze$%dHDs*$2qC)+YXs1KhF8|nSCsTT)WaY#Gt* zdGkRGI!366p&=;^b-AB1WkfFSVL!;6fUq@4i<~ay8s+B_RDn?TtK~*mC`Rh}DIBbwc+f`uPd0fl)`{6Hl`MNempyHR8e~*kYlZUEhves&q zHBKSu#w(xhxC(}{auX>!)n#7S?nS-h?X+9f`HZ54&$x9SQ!M=v*>$UISQx0tF9Y?* zu0+f_kHI>h$656MYzgLdRV; z8l8a){&@+CinnW=bw;fdfosV45WDuWzMdcGx$G4V+A!%HOV+~-nFoJ-4uqOw-MU*E ziJ#Szh#p$d_eT)I3l~Y5@>Y8`)9PUrt#aPweOBA3a?+qMkg?TCAi`D3_UOL8X|0dL z9Yf9W#G?3BFy~5yCF8cbyg-jsxK->qUJXuv;ri%<0PL2QlYs$OlHK}oqt}=AHZvMP zcriJZ$%9s9tHmXhE1}$MNBH4hgP8g(c!kl*du&ieq~0n$!_7%7Yxd$GIt6R2LD3?_p=@V(V1$Zz{lhq~cN&lJIwgR225x8gu15(0f{_}!>Q(p~C{%yDPT&n&*!XgALB1wzuP|JhpHoQ+ZY_>A8;$37qMnA$wMDDC%TDLEHp;E zn@`8O`4GE7HR`l6fL7*VC-#|@d)UXGBfJEoiIu(U3WKHFHs&jm*g@+AAo%>wsK6=1 zv_QKRQtV6t(4+}n==4qHeYYq%CU_*(waB=rYp1zseBOwXZn6BwKJHXLvX`#!LODOU z|FPTu&fq?OsOsRp)eY|BU4HfPc^arbwfnq-Ri46q-j|hyOw$AxhJ2F#00tl^Stm zS+^6W+WVtBT5W%tB*!p@7|C=2e+zzZj=t;I{VA=$blsj~Z!;QbOfPJQGCY}Mpt-W! z+e45JG^BgbmY`dGwGmr&s=eE2fEEnULih;;f-PtOoX!^X z5*jMmtV|XyUIm?-uuR{+(QLuTT=8F|9itGe$9_Nnv(5nZq0 zfgP3f7j-7*U^>fvCgVC=yB?48`DOO$>7N_aa{o}YXF%@c8^fJ^&=%31d}IDjK283x zM>Sy%E;6k$0Qbd` z13=~Oo3|?woO$#O_Z3Jq%biV9iGKjXMP79sit!h}2XiSvsec&W~gFrjGk}m7HBxWh4;5hc=U76%$p3m9XtRa4k zRCaINJ@vTgl+ zXdEk;o^t{zG1)}WpOZ0 zTmm4@^cT>)NSXnW(@7mMkQJ2T@Z+L4xzKQ-X{Su#8}1h!pdWnjPUtWxm6b%w!XKEDiu8(oPNQbOoC%J>N;XN}~CN1>?_h3*fzW)+HK+^5iSwSyw# z`mkN2Bm{&2w05gX2f7mf1|8#qE}*PLvo*mth_T-<-2Fl2$!I>40$_u>fstQ)^D@3SRanpqW%4#aU2e*v$er?0B({$o}9&egg@z>%bBhsSloaV3^9y64W_0fI4Cx_3mbW0 ztDykZonpE2FyUz^qs_-nZRE4q`^AZPT>P<`$dDS+ZdJ-g?o?0A>~gINN$#D3ztc?* z^jpmAr2)&2S-99MF|#NhW*#A^WfJ&ns~n$J$10DW>|`sZv}9GPEFx;NikMq95$9vg zT`@l1top^@m9h2yk3t2{F!*KP4X=(2=)IpRmAoGt!`{4ze(xe^xt3(yCQoGNKGGxup! z1D*xqfBgat+o4C}pea)gqj9xTzK`ZT*joZ|2kE@HBT5yCyIWsK$h*@I;2XnHM|xVN z18nMVFv4C_PS{WWC7P4xsoeE|y9E+ZRcRX5DmBLiC61?TM+3TP^4(xXm8ZXKqtBnL zABx9&F$^%bma}1V*@e?yZacbmX{1orUO-%m)P`0R`R7OApoc*&YrBD?bxrA%`}L z`PLQa*dB58aBBf-ODiCd$wQA3{MQQnEJ4`W#K=sYP$YoT3D8@WEEpUeXtotLwD;~+ za7Al^ZQuN=jnNXuXk$31T1l|0CiugyiIS=r>=21315b&nTr?)cPiz2!_?ZTi4{i@W z!sr?7e^MkHjG)RGhp^yhbaunZdxbqr%%&3aQ4WEGTg!mOnhvxY89*DFF~#}GIGaaS z#}wx*RL7X-e3Xp@_w427qvqUzz~W=pgUFCp`F$>alPGj@Qv93GWU}jVZ+QkE(K`I6 z(V*%R+CF>9N)L`>XXbctx__8u0&%c$DUFiZ0)GO}Jtf66Vib&UtDPUR!XsTJ{NjJ? zSyWSGh;1_bGP{vnZ+>m2`v=X5Tot_<;xPA|^XuV{SjucC);i*iSX z(>Sa4x+BJ_Nx@QB#YTdC_Y_~nF{qJ@7^zVO=h@Q~W82)<#hv11Ae)%F|Et_NrDrPc z9HTi?a%VICWR>wV4gP!^R4wyCDu>egIDfvfD#o8h5r5{AKVRG34JAFbBAz6NOl^!O zsty3 z-m5lDf{3dYp_EQq6cVpKVyFGtIVSPFX}*t)9*9;cJOMUgBz>Pza11X7r?1G`)4*>* zs?aNsv;YtL(iTPuc-8jlZG)! zMtk^oBmyY3(CiK@#OpuovNO%1aGM2zYzHZC3Y$tAIHl^*UW2t=;_vWVu5v2l-bakL zeWA;yGOtx-PIriH?__KefBFj?t_tY z_BRyN{TL&x;$ntuT>DN))b{jIFi)53eH7D<+Tf*OO+^BvO2gAS_wGW>WL)-NEqsXb zWA7%mbtSi8{ldZM?iK&SNg_u>UZTAm#kXKpl_NNdWFhDza%H3Mn>e|bPjB?MmT}A` zNAq!ZUu*LIGE|36Nvy)wV19`Xf_!RbQbxqP2%m-*B-xpnA|o?L((BL}+>Uh+hai)0 zNy)bFgRLB7B_&(GTagb(jvB))5Ce^T4F&=1KyT|{HrS=^vO#*fvM+e%Z&E)xxn@&| z$R;G7^WSio@f{%pMG?LNAeMJtRTuCBp^05llsN!mAr|+jug1b%;)(H$4{6`%@pZJh zaH=*n<3DvszP>h7Q?;oXKeaYvqgZHiLj-^0v}w{lRbQI%F5j0Q)za5{qrU2=-B)I+ zzBJT>*CBRjkk0Y3Q?zg;KM_=jENXQOeq z=6WLf5IZ4t^U&8zfL&WD`20Iw#1&3YB18@q)5pHutPx5DnDxNcm4ZF#V5pfa;qP)u z{POjZIDocFP;G@^&izzvysAQv`iOaa8hbTb3Ku%u8R7lGM?|R=DwP`Mdai$gR{nv) zkeTJWaIM@Hg;A;p@jH}M0mNV~pc(>hLppEnK321klxm3dQ|@3%W@v$>+Z%$NcxG@C zZyKrvf^tNt#ame|RwHf8B6SW6S{f&b&7qdA>q4_}C2H}q6r7<++;4}ugskOB@7Yd7 zMY|hO1F8IJVYx|BU0{$<8lq51u^)WqV0EQR62{S<;~m<>=SRoM{r%NU4LXkJ{x1fR=(g%A6_8cvj_i zLGLcJc@PKyp-tRv8@zgGWO~63w1=p(6E}j}0r=Kb!q=gF_je&Hcp2OA03yt-xQWM0 z@d!kKX2rW$T<<4<+jWO6zS8X?RI+}FA9O=%f-?wN3co0^5Y&laF_wm5fAB#t-GeTU zrs}-VXiC^TLL`n&Glr=x4YMAIZ*yE>4R956vIbq(1fT!Mq>Wr@3mc-~JjddxNEP{j zB3j?ToXkGW)ob18{?Lv}BwN60D z(nTIz4708WYi@IclZ*DAx*2A))_j zA|dhsFceV2u*m6L3Tz!oHKPLHiUcw?X39zGcF#>o(t81@D!98qC;i0*pcuqIai0S5 z?sd6qVhIqA1`uOuJPDd^X)|xcsLOr2EL}#v40FuH%vDBLj)(y+CBY{~?!pHBn`sOR z$>Dgu(u*cxT%gQ%GzT+Rh{7LNngR`=5hPTl; z{Hb;YMIa$ijU+@o2$#Bi?M^txi3PeWQQv2qYxVrM!U=YE%$`x#or*9R(;Q%M?5%V^JHrOJ@T!@s*xAS6ub3<-r_hk`%>UAjjxJym)BhkC@6O;vuVW5%cx*1Fe)8_h ztO@8hr{z0X0q9fU%`iz%HZ+*kgsi)eh>~btG(Onb-Xt~i3!8(<1Ci;~X*VgF zZrz8SdEO~X$%)z5vS^r#H^lFcO$59qFanHfV$L5?Y)Lf^8uRLbmLD()BLBn{N4^j+ zqHu{m1F6V>MDS%`qmoaEnQmQ}50{|eTvoFIg6gS8qo5lXF$&7*0k3@r$j69+7~d{> zqId7WoK(gK6_naC@u5G-regAwDoCE?p zOT%J+Nw(T@M%V4@_eU-C{*wS9>@W|e`%5}%=nBS|3UDK)iVrovA5nI?Ph{myCgr?`W?-w#cu^AZWA1Qg$R=tL9H zgNcjGa)WRwT_@Sm9gqGUXYqpg`)=S@wz(mxyq+^X2Nq?FYY%$nI0c3*9bz1w_zl7Q z9NZ5#%$TP8Of)~+0U6JoDS#%1o5?kI$=Jx0=KQd8TY6%{Za22#huuL3DDtMb?1Y{{ z#bbL|P(R-H+d45^8(EKEd7As%CxYvbBYQZOfI_roF|hU@P+DV1rJx^Css+fm)Xtlq zs_Xu~0G2M{5BcF?5Yf!1!7Q1nVl+wYbQ~0%i*oo2Gu(&S+x?gbLPkc>GH$|NYoKzS z=uv~zANkvgV2T4?zLB>iQ!@vIgPW7-GNYIn&{$WE^mUWpZ$YRdqgAh1Eo=x5K*U;4 z8=N4>di_(&BH*PJO*K?F7S4A~YR@zF6Lra}%EAiO*@QV;w4X4$vEJ(&otf>W1fQgb z+pTB1#KWgwF3LrtM(WQ3z)4WNJ$QjmXm(w_G~SIS{P-aL7_iRYx0?d!L1Wa%+J{2Z z_HPgX_&5vOhW_J}^(vThu-YlYOIgO9=c9Bu?R3r!V5RrgL?j5Hio~k-iAan=B*rNc zTZ{BkBw8O(g%SMqXpVNy#kL>{-lLSKVq*F`72`KeBk5*_nN$gXFX+)VLdd9|j!`0e zm1L8;l==4dV3ueCXQH}$neXmM_u~Naet`xifE-BOhlj+j;QCc;0L<{%<{h@LGz+%l zmDrAp;E$s-j=oZr!AlP+8UzXXhjn)H?|82xn65>Fg+xGYnK@(_A=LGV>BkZvqUj*S zb-Gk0Qo^jn-U=S?Qfx3#nXTooiI+Dg-CUNa5RNZzBD9e{Z;bJez=40=YQEDL|KQn- z3TIYTBC<0G-eZee24n~GJJU`_yBK^CvRn~V;h&Q zeRXOn@!f70-^Dx=?nq5z1>i55DbiRAN@%PFc>0OydmM>1`~v3y0s-uXU-+#KnaryC zF&jM39udXfzJ;d4%U%2N`Ebg&SQx}l$bYp)k93VLi#0l*jq)`)A*hb6YL!oOl^4Y- z&vfPB zfcQh2u0=Rx&GMU(B}`2d;CA6#y0Y*M#19cOrhvua1(tve?2b0P=d2LTf?Z1OR`L0-afS?rxfqF+}oyEr2&@qENU2x zq)wYDpo*fQF5cfkK76f7NoLiZPG0674kz)K<$?m+mY_V_C*|EN64-aNOPp;S0TW?Z z)@0lEimEyYu0NVAD+|1Ge~%+&u-iP+Zv)#lqRJLL-+{_M^l42dBmgO>OMzIiSF)CBh* z@*37GC>enAvq+I&eFx!}D&%c{?-cTZ_A59AbwDE-Pakjvu?#u9Z3KO*6^=vyVsip| z4m8mv2@OI=((l%B_CC8YqIY8NR1lF}z*%a;8ysl{LX85Q4AKUC#*9C_fx6_J>iw=N zokQi?CtP(TNz4gFglF%!3zEP~tm&5&IsAWF!UXj&Pp} z03@n=pLmiNo$!KcqO)VvXEo9J(oqTG>xC)=S43y7{-s;&#iv=sCtFNSB|BHYbqlgH zSt&bvqmGju4JHu=$W9FWYO-_NI}_l42MiF|@o;Ag6m!t*LgNiQHZsleXR%L~`7y=` zksV^Cpu-57J46a86J5)gDJ?RF@{sx-kL!2{c0Me@%nDBng6#dPXg^O(WzYrudL(r1 zn1IiyyRto&0tdBZEB$~5L6F*Pfc>HO$=-@9=4(l)GTiZoi#qZ%M>$84%qw|vB9D?R zKPo5iuGm(E$;yvf`7yLSuEcIvUG68ORdRuIxzP-hmGpr8 z)*ExUTcZ&Cm|KDJohanqcwIYO2cc~#^cqcZXu@f_-yDg;+0FuJq}IZ3)`+cZqP0?f z$$i1#91e&w1IRE#xIO;?prFNQwg^o(8saK!w>{es*Wj=%ju^I1O?RGWW9?UHL|&EY zHpIo20ZCW^oTHRslp^9ihIl`$qi$2VUSnG*)DL9qoX^BQGzyw_H}m| ziu^&a!za*@WJ9hgxcEKJ9a@i6*`f7_?9gg**yK?tz-(?0CS;>_8Zc$6$7fCWMgBv3 zCRR)z%t6l*z{0bwDF`#2fK&s9H-95-;X;>&^o8<_F;`f)EL$7QI-d^4#%$-tGBJA# zJDSCR@W0_x19X5j=li+;g1E)#TNZ%#_wTnme_|xP!5WIWu>c4KghbWmU@5gq7)#!F z`RsNAOwx1J&FlLMoKSMZ&;7yKcJHco&W5YHhgKe!`HU8K8{o7n-LK3iQ|JL6eVFt$ zuCtx4N?@Lbuc3T^cX{u{<*wS#ksb3cJEb&y_m0zM*5$sswKkq@p5+brxL;qn9&$$R z!HX=CY<1n=)|5adn={2)cUw|a=l~%BEngR_fwW_21rvVxL`qF)ejzZ76%l(m0aq)< z;tTR!W2`MdGa1>c&J&E{WwDXqbMJzUU`SEVK#Q2HhNVCi?CaGjgx}XoF$6@iG!IQK ze;I@5U{jjcGo(L}?S2wyrt&{1XsC5G(%Vy%&-7TFg=5N~BnyE!SomdFKI7165Wc`S z#^SSu?ErI(Lr-iID}Bk|%S$smR{ADVPFc(aWX{lt|?C#s*!@ z2LC7*iB5m+I(-^f?}R+fjY5zs$0NtCu-j1~wk1HuV2+a=R&sLho>5ULSGaU7&MiVn zdx%E<8nLN*(ai4u$ba~@h2P^VTCeSR%z`kOI{9jLdm( zswe1^VOY?5IstwsFjI+_h-ga24MJ_JAQUyhW4JX%7fK2i+(TutVlswb5vA0Mo;lbu z%^(rPh%91g0DhUf{zJZ*W!HiDd=`z#_dBgN1_0vYPCZEhMH?dQnn&NprxEo4sVTAe zj3@w$;8L#B*m|%0ft*Fb9_Ch&yGyhgjy^Oqjn327@6_-S0Pww879hGmZNO`aEHa)H zPcn(g&DTVFRDjCNd zOWO57S=Zk#>5z$cy*s;p3%b@<2WKh}ZmUQHvmhmvjD($+}#qn@<-&!3OzXjucXmKv8w5Y>c!5 zRg~kslB$eYNTjcz6|pi34p%4{pQb>=NBHZP%YB5)P$*_oPQj-y{d<^?q`hKxtn|V7 z+)T{pSY(@v7P^5bQO}y1E{piN@X&73Z#sx)qiPf)YEOnQ{Q7%6{JY6$y-IaZtG31+ zTXSmQ4v4oR3PxjLY1^)dED51gHn7|4m8*c=BsAumq`sw|unZ*8wX!Pllc@hZ7s+Pf zqEzb~CUq1)(VSnS>o^T>Jungmeol%_)+pg;RkA0XQxbgQ72d?e6?=?Xaag!E)q%E1 z@(f;BSR@Az-#usHt9%_wmi6j0!>>H2qiCpR(}STsCJWp;I)eLW#I~;V^h+x;BqpKI zn}Y{_C_qVB=`}yZGQnf4Mkv_E`u$uRptyS|Z!*GDF=wmMj!khAS_*SEDqymADQMaU zX7M9N2YU!BIQV6r!iAQu+RSTE)GdXUL^I*uXhztIrd0X`){!p4&i_2%!x)?)jeVMlUDLw*SkILYNDyQB^N0{d$K+vpGztj_ zUK9vSN>CJ|gtrVv5!lLjH}8jaE5%va0iB==pCtf5B>JDXkTmx*bmek zn8YQe;Jd%&aD}aq>8Wa(KX~v}uBoA*@6i;6w!Jo(QM(IS9$l}cK^*5<12rkwJ$7F+@0?@HoAYW`b$^g~r<~~vU z7J8VDGMFNPK|AAs5?W1YF2TYs^e^{m%s=UbjD-yI>BfAz0i~$GgWe?@@ID_ZwvORE z$c+c6gH!VoP@;#;071U9A?UdXNxkVtGz<4tPV8|=EzhSn z^ro-Nd^{$yY1s9x-oeJe<5$D?l2vB`{%yXmbdM-!7B1L@h0iY27Fa{ zQ`XxNQ=ks= z+6uu+9yRe%5Vw7HRMut-?1#Zw?tHfi-Kd-9=DsVrVyU4kIHky77aD{fex_~uba!*c zcAsHpR}<|%`#HQbRW0%!II5O1c>qt**P9x5P#7#3ql>vEKs=^}l@NI!fgam57OK6F za0^Pxbxo{+p~vQ>MmP#nApPj9*`h$*%h6rgWt1fV2=c}*qkJTO8D)Tb=FQ6tKPkYL zbv%MZ;H>dI3j_d+2u1M=^rS`%KSDbSHrA3m;m2VY%njD%&c)^9Ddum8l}8YE2c74O zpjlK_?3E;#hYm>E#)C5nA?>zWIq_OGr-dA14xR4>pmV}$9RAk|P8Lyl)!?-X zIUTB*FT05*CC{r-+b`ba<+;LM{rATIDV5{DUC00S(;EMKPJjGsgVo0Wc3T|(3e$)d zd>!Nef16&pMV0hQ3B3+B*i>58+*jJ?-|R7MdOcpNRH?MjMaw}~aFD9%ONHs%TJZlt zdbOQgNw191>%X?0j(jcKecJT8K^v?hU;UP|8G0#9=NL@Ww=e%4`Fe(fUhVM%{F(6o zPBMBODmk<`g?{-7lRUajCCRQvrYR-$@PacMjAWl-z0JCS7ixo5NcM5diIYsdTUrmg zfDu?n7+9O5n)6>$3H_!1v^n@VcLG~UU(N+BekF)Q+sn+UMZYGf)YS$M6hzam{hIi1 zNNgL!tbKT`%vIlJ+ctH|`<^;60?Z0Op$*wV@EMisI-I(phmu7@X2hZt0n=p<@4+xD zI2G&4y;y^jJBViBS}i*`uS;T6p7$9^m(UFvgv}n^Z&wEd&5QG4lLj5y+i0FFB4RrB zpV?sRy071cxqwqcFL(OuWisEtW1&zEIm1A z8$+N==5x(z^o08jn5r}cc;=Gk4b(tmD8)Hfv&x&Bv(a^!6nd*{93_27+ygcmZQx2V zZ6hfOQjNZJWq5%Usz-hh-pRVjDPD?u6S`5)@2B?imYDwsa;tz|C`9iovC)9^bEo7u z8|F8zcfcDwYwZgp!kL2ZU%F5AG)Rb2g5YGsq(7^cPhmT(uG|U1JG6QUt+k`INGjb< z=k5ho0^VVE{mfpsQgP`a)e1$c3F^u)D!c17V}^dcF317O+!8Zgx>*zhc` zj`$@5(pA1bIJz1=|E?4%fseR(2So?u-5z-gnE;NYZ={T9Ta?@;lmP|{7Y3(b7*z1* z$7oNe5RoFEY6l(#K*<@k&1wo7-#c8}7JgrZsuk^h6p5bSq0y*7sms>`5~v{#{uPw;?ts(?^E?Pz0fq>`JLy*~mC=8BAe+L{eLS;@1*#HV1Iht=<5gfUF6(H_MOM(wt zlX%)th$l+QkBa)H!-sWl2j{LkkE-ZqOjS;&enB5m0e#N$AaSxGYDKnlMNQomCs?vW zO^4QU3#2GQItbrv&3PRBAY3kLR;HwG+Y}89AYo1eNK!-$l^d$CWlHwV`u8FrdA+%I zpl5|K3v<`ppspN_#9v&&*Vow}wCzZ_T&=~Ib)XiHnnW*ZZsYdN+XgDme`^6qO>hYp zvh*F?Hw$Eb9@{VTCwfhQw{wiD;B@@15Di+RkjnvOta%(N(UNdqA@xM~A1*02kzBfN z0Ch2!tT+$B`6LIR+#yqsLYP&8V%V5lTX)5t_|B}!8eYM=?Zn@aL1)%xLWD4<#?oQM znDx;>jP2UA7(b&^V))7N>$eSIWrso`;cFKb&u410Yd2w5A95i{rn&(q(*O+z$+F=L zyoJ$s1mP3)f#-??yZkUOqXQsN*5OC&GKzX4$w9bES&hiAYn^b!2$fye=5F1n>mC@}~spYl1cyhvgq-KWJkdL*a}32?G&yUm`lq z#ggJW?e|iKLtf$?wN}T9T%3^O|$&fqatxYn-oyuiXs9mn#FIjjs>Nj zorO;jS{$G*lyLVKFHX=K-R4uEW@~BQ{6p}xk5ZTzG}Y8yQ^XPYUlo~~$zH^SwOvmm zWj&-KHzz6zWRpdi5G(qh4nW0yANMK9z&1*_rllFG184BbL!$zE>>kADNSgXYQysIF z$)8K)mP{1fI>Fnt68IyX!1rYbO4mC8eoe@sh|a)Na&RoX3mnXL-r=UumhBmQsmo5B z{iXvUOmMT5Bbb1e^&cV=qp>X(q=Rh7A;3>zlo$~>io13G0!?3`n4W_1b*(?FZiSPw zIz@qk1$yO-xK7UO{s&`dcP?TY3(wQKDoX053{fgM9T#90RRiXubW4mhBsnBf9GoFP z0x8T%MxCQQVHP8YZ&Uo#ffg;G*9zM?*36=V?o89+=G0y%j@E?@uDP-icqK=mhS3>m z*$hC~?Mlw8Z17UpT#70G7hvKllt_bP;7;lwIi74%NQ{Bq6Z#nuFsaslgKT(E_?O_5 z{8WC^k$CaC9N)?$p5EdKZ1VNtug;P<>2dY|u%al$4B0^5dwH6NxH^%N%0* zX;UInL&YqvE4n|Xg*8__pbxnEte{CpN|MYmQ4+T<&)622u3TjXSHc0j&iXm59|0=n z+J;()v4XM4wW^;j@qSggfD@*{T-ZMbRnFv<>;f7|{cVKsk?6AdYNONFy=@ynOZ6dg zCjo*r1Ng^Z$7*{MYNImyBO422cV>piZG|t>`@0}_b~HEQc|ewjr@&zt_Te9X=TmQ_ z3qW;w)t6ja=8d@6xHp5GnRA+Cvx9gbESNd-^KZYO6;lh;Q*RXiPg(;~EQxf;CB!&PQ(06ubE7l`-8I_jl)qoI~$Z#?S zujy5+CBvbK){^7?Up@FYi328+vJxWmN^a5Q;~$T|xDnclhra#!iTHg8^oKaaqb1(C z$}d$~81?cV1Kw{+-|M{%*$2z_6Yjk{eJ|fnkjTPQN)<+bg82R5IKgu}92*$|Erm<$ z7$3HL1^c`zV#3_8V72qH(~RBNibO&qYQ!x)8Z*nC?Gp8hP>Yj+U%FZb7l#vi+?Gni zjUNSY5vtl3ehG&v==}5VkK5&`A@WcL~=%^KVf395j zCA$EXp!+<2pf@QQ%wj3pA2Ds+_iG+TvRlfOzsRP`euJ-BgE|;zbny8Te`F-m(2kY(PVz&9wrue`_J9BsL@`njZ+P%zK#rwLD2RW*Ech@t zJX1Xyy(cQK$Z7Cir%|{;sxW}$L;aR_Y6KtziJp8d--Gb2L;6d3WKX&B;&=F#+VpfxS2$O>CGXC zorLR`7YbZjWEryw*E$c^#SX6BrwJFUhI1WUS$}gUmRLYCK#O?uO;GHjQ)TeR?yQJ7 zv(okZ^z#vC9(M_y8>;3IlyD%HR3^McMLW za}j(*TYidO6IPSW#~cNo`ddVS-@@Dicxk4aPCY+F9?ibH?a@Usi`Tp??A8)aVy}!< z>%wm#+eMm4F`nyWq&L?jKjD^9gfCknqN3T$m_<<;@uKpw1NiwDrzgU!8p?Y@hJ=Hr zn=@Nt7WoJ+!2eUtfeua8PBji2A_N-sCyKY%3KDmINs!PY%b1-+;vEmGZU_!~JxDYI z6TpjZDA$GX!)RB<2H-M>ve7QQx0~}dK`h~6b-CB1RA+Ix2I1@Ay>GEG9Aiptgj2oz zG^YIhi-M14FJl(*8TCx*bNHMxF+HZRYIyGU2DOgg*xZ`q4hlX!w6u8wu^;zA=OR;R6s5M=KDN`eqQ72Lac?Dr$pqeS?ok-wbY6-yHggN&e@;NZ))y zyDMU{I9S)MabEITHaQOB^~1M0S=|om1!>`N|vY;F4?ym6P4gzXyr=Uf;MUA`Jz9ZA1N2#NBxCWu{;A{I;x?qE@(caup zIa-H*R?yNS%a~2H#ynaZ9a`Udc6w;BYWNel>EO0UtJUdEcOj7-RaHS7eo(rTJ9zef zG@98RfG$BO=7uM5DWh4N74tr`4#R9oLn79mCUXNK;)6!Y3KzFl7}3eFfzHtNCLO` zXKC~E;;p??N?6hhl5~J1IeXK`(!-AezTjtAKh$&853xe4qt!0;)T!%6dP4k(Ql29&~Ks0VH2GkhX+ALjgOBgN%Rogrs?ELt@ z5e1Fk8u4K%7ELe1)gVi}#gWup6am^LSoa`)9UD+=WJr~}PK-D%n zAX=P6AWS=KSPA~uDEq))p#c8UO!0fb{))?j?|%F4vAdkE39tf- z$apQVF#4H^ex{<5|8kcMOIDO0pZ>YPB4jD!Uzp)nf zo6LZ{BUJ<&hU7jTR;9xio~>>2qer&bXpWBSmMC+1`0nVVD?HqPh^nzOIMU`|XnS|q z=0N3cSb$%HoUsu1eozEUm56T8)~7_Y-XVIe6wL9Phz9P#EOaf3KFmdMlJnt`=$q^h zKNWqG@nKu^y^!DO=$kSUz9agkbcA!FZ)zQP?t%R;;`c1%3r8JWJ@$C}m)_tI#_%z0 zL|ta6C;p^Qe~>gS8gK|?!vC4M!?(dPZYc~troNEw6W{e|@k!_%e^aVE z4UI;+0N14ZDbEYJnQK?RIaq)x77El7vb^vWiAOOpzginurj`3@Py{B8B@Lu~ey1SW z*{^8N+pqsD(Dg*nb)Xi$V$h8#NImF$-2GJOO7;mrZVm*xKvG0Lk@y`Z=2vS2%d~PI zD*-x|+!A!VD|F<-ua$P^Ds(khYFdth2J-UVg3sqo%+ME}9 z(M@9Tu|Gx_Q07+(GOIcC@bz;6BE8%&V5(s7$Ya$p*xzG-=z{kxaY7atu<}a$Z)gyQ z&OIt|V6h4uP@h0dfy1}{5a9qh%E=HmiD6Vq$M_5y#n>3nYh0dlZb|JvO_3c^WJxnf z+p~{W$Fv!X0iIXh0T*d&>z^+>+|x&_r>HI8-B}&cDh@iKC0{&KU2}S}b0CY(FPNh9 z+Yv_B&Ov5OXkcobsJAUw8aoJr-Cg%iPN}72zk0TlD#5VsGOT-~>g`CFtfw4PrL)VX=070+DS}{3lX{}e!-H8XQjPixn!XRy%#YVKR`NWEmH6i*gY$y7&< z<9C??ZZw!eKCg#~b%dmNgLLOrkd7I`z=Nki;v&Qq6{M<2uzuO_dJr31T)!rzl`Qju zdh1wq;?0QlYd3olb4R>LR!w$JjrB^wswybV5NzKwMX&koB5bSl%K8b3{R?JVf~!NA zqKK})D-tVF&`&DOnPHj}V+|^M74Gk-=AG1f5TFwxm3^Bw(AH%-K}`GEu6xL-A$?nU zceVtF9y3$)_^n!pG<0=rbZC#VPM1&%6PPrVODTJ=kWy_x{J$x+=+=)-C8ZI?A`6gv zpgPeWM##LHlo|@nfUZnR4+avBX-O%K_3NedO;hxHs_(Zd=^`nGdZQn68(dGr*jD<|~VoLGM*k7XEoVcdR-{ucTEl0FRkt0IZF!Z8#K4NX~i zw7JA$fCq-zTw>5@%v8a+=bq{`ehg7aKlt|-xe_NA4J>2jG8!M@UDHT7Sgb-gP(O|T zrx1=0KIny`a{w(F4vP{v3>Xef6&%*Bua3h`Q{aFGma%df4i|XGF~WhxDsVvkH2$9g zhf6UTkMY6HIE3Q5EDX$Cs^HLz)^xG>(h>(`d=gh0&n0Y zPJmZA_8!+k)KomSP~KE>W?p;%T!fynab=hT6~^wyLpjJTSmyF5RJPI72oTx*;a%(n z4eqiJuEPTYh$KU_HibkQAcNep%XM5gnqp(?2r@(%u$eUnKMbY(g}OudbjRHQ5(22Q z{}h#RcaBt(776NDh+DMT8(MhAwm;g#rB9%54{qcp+dfNR$F$bQR0(`Nd8rOpy{S z6cU)sdlCq?C|DD63#7xM1V+g6M)(fkX2?T++b5_&bDXH)qJIEq+;G>h*3?7x^g^1loJL-0qJ%5Usj2ljXQDSf-EfNb zs~5ilMj4^UNn+<@@E!ipefDJH3K%nwrZwGdxhMjMP{@_{b%A*wr zYO7Qg2jF!B>>72aB7}-cD^X)2UG6;|>LaCt0*!MMG8h1-mul_|P8n)2@}x6%K;fQ` z-Q9=E@I?3v5FP7p9J?Z&arGzXQ+ONVa%LJHJOb2%HtN0zRpqT z{=0)k?-CQm?w1?8Gx$9qC%bP%3Us+_ke9uejYJvkRxWDMJZ5}0!!DCHmAn-f9rXv$=)R|;rMs} zT5%n8TuRGwEp?;NXI$vhtj|hKD%!GWPWlw{>6i5M5se(IB~Fet2jBZGS3mTOQoijz z?k2|mkj%=1Y<(zLb%LNZUWr!hEP~!M>f|Z@z7v?++sf;L>^h^k;aUWji#f6h>)pVI zAKZK6&h+GHegGZt!_l3Ad*MiyzYDVq+VFZb-cYGpLnUeGx6C*3PUSfLP@ z;4RxO^sm6>h>xq^y#ci%_YG=XE^Ufq`2{pA_+x;G#j!C(^K1LC4#icBiYaw4GOz;_ z$E5SEPX;{y!w%j4Hx#Q0?Q(uKU}*)?%pEKd^`}wN{0nECgt%SEj-!Cjn(%)7gE~UA zF8r1Pzp%t;3*8v>1h))CE|+bgGsOX^vfay276LZ?1vHEd+d}vF`YK%f5K0*rWr_q6 zu*$+(l3)-Q<5rNsJSG&PavclLbgCZaa~w>e`z4w)eqhm`55gc;AI!T;xdDKH;WHAP z@&Yx6oiugtazuVr&V@T=0d1A+@?P0$qh&$w13YAV>B7i6{V>`EHWRoyY{>s?uh%4b zQX5&B+Tfv$9Ej!R=32Sh;K#aI9!(f-I8m86e}?gn{Tomay{#LLgY`R(<8CB9#u}M5 z-}uML{81BZzYQ<>mhnG^zoYB`df=P)iXMQjyE_=!$rZt-kl_oQb30_oauvJXzR3d1 zT!E{i0&uL9Lo9HSEAUw>5bj2pcni_+WiIcdzB2uYsK7T|fg`Md*1Ou_vxiRxPIB@x z9RQ!Z?h$;7#OLK56`yS9lW01E>qoBX$E-jME>EvjmWOWP9JS%8Wt_L*8oKbGhs4I$ ziiYI4z!V;MdA*LSMInSZns#=z^Ul?6_$|_e9$j=^rrBehEQ>3aoG%G#f66}cT?6qNARS({6 z_G)T99NL5-V0Sd+aRD0MD&nTfzFm-vM!+lHnS=D1P$}ucNcuWL5A#ukEt^G{ZkWji z2AM4Jtk$A5a3zw_Kv5eQv<8Nd1Wu&@AhyWmdGVCHpy`8J!R5Bca&bx1A<_#U<6x@{ zYha4Uc@(~e@P(oC48KOwJ@~^^I9RrS1)}%v!!WjcZFdkt3ca=?3c&Q{8o}l~E-Wbg z@CH?`nUxotQ3-DD$lnt=2ry6x-i z3eHHe#$6Ez0H;sZQiBgjmh3XxB6(|sh9s}7$_8&>-TZ0=Ob$?B&o5yCg$c)k{0}DO zj~u8O{jvz-nEb1rU5#ETZAG_uYp22u$Ztrf>HAL2cRAbqnc`d-HtRby}Yjb zpUP!MSGBebfgxcUSbOxr!rFp-%Md8)PY!`m{M;gs#-zOPh@AxIyjOUnJuK6P``9RW z#0D`6SY>z?bXUvD*QPfLw!-Wd%Z-ACGxDAdOcgdbBt-?6|ASRaHw74!TfPRvGjQ3t z6w7vA2gP*&37ze102$TFbW&rQ>cQod|Aw%LHa40vHXWmBj}QVh{mVf@(|-9Dnl9I$ zr0D>DZjq*gQeJ4vPJ*4^BQ(_>WSc+ao{fU0Y!EbMmEqS!;Lm7#b2#!^w3wjmsv~kCQicB`vR6xfs^&ab_$RDy zm!H_?*C)HyFi{ra=s@xo#h^>;QvGGnSMWyG&9Bzh``B{Xv4KtC{}B(h6jqo7R2mle zvv8fWZU8(*(tZYSv&RrP4&EwoZHz;gdW z6)4V>)dt^anNxzW&@CfBF`Bl0vk+_{zPCuQMOtYrcxYFtv{=4n9I>b15(%EH)^7UP z1qjHNVK`V92#3fGBCReQXkxU?q@%Wrw#h5*%yqj#d$+zBNJyfwY1QOcgT35iv3xi1DLxLEk-g z)YBY!L`+^5+NA5b%QxTJFmL|cx;~>!Q<5?@f*GfWxmx_(B4z5OJScPX&O(_6`4-Bs z<>2I_gfiM}ADaYaSP7J2+2L)CGFMMcnJ*3tWdza+$}m+Z6Gy}-BmO*4hsu-X07Uh0 z%7p$qVupJE58waDr$H5Y6NVOwK7BlXh*&G)t+@EHTD&zDCH)&#z94_a%=AFjFqSD7}D^Jos-tX!$Ilp8q zct<>8_)imRy@GwBu6S|bBES-Jf3qna~;;7+sD!}_AG>DEO#DXA+f zj|kek*XO(8(6d$aieUgo>rC!yS5F^4{IdJxtVmzDKQo?$wZvqERCJ6_Y zvGTZg)?K=nfaCp9J0w<ZstNRR-87m_$d< zI6rEDRT4(JJyhF5DRw(5oClkbIyLjS+S0`m!oTGG?<46anIlZfr`kmlg|m3ix_hnV z;8{hySbM8}Auf++k*{?hvX%ye)z1VMkfj9lrU#@|d6^3$kWXchHiR_Le#piNe#)iM zV?pDuVKVZasM9vcAP3L!&cyg>DSY>7Q;4lMLBDB;{>{?8S9J_UTHhcBtA)+*wZcR3 z4?C2*6)bY5>k2oO!~cCv2(Yk{Ey*jzxo$;i6o1$XQR+98mRCn(G&to~f(FX9Eq5r; zc(fF@`;(z@>5YQM=9khO8lQ*43Qq;=1r5G3?k-C&30HE*D{v70LXm*F6%vi(5!|vT zp1HDDebA{;NvDF089_JF_|Z!z{w8#9 z{rq~&VsHQ4WnJ;xl(KyJB6pCW1R)$=vO!VJtlHtnhV;7Y{6?a11wxo250Unf5!(H3 zCCX-2IxoQe85K*WXQ4g8M;q-LXEU}UjHN#Nq|zM&O&-@y;>@P`fFgpiq>;ml^wK+* zOA;JPD1im}t^l9G(D$wLyV;9#KK!9RHX6be}b;Ca42w9^*A zMmJbo{bjTz2%-a-Wf#J$F-{~&p3La}S^|i9=^N|%&QSosKZflc00V%@byJUS@a>}R z2WSPCOCVe>qV5vlX8@)Q5WL*(r~42td0Q@+dDSrJedIuZzJOu`OUXvReP?ILB&KcCOZ*a$Ksf;0+612?k5?v`2_IF3Vz znaLB0XesK{am<3W`5~s_XDO5K=g;6oxB;RlgxK?tBs7?F?4s8Bvn7b!B}!d zJ#$Gd@uYf5)F!-d9=m_IUi#OyN!3oAk2IoduX*&%bofa`4NR^HKdzvFgsFyXGu*xX z6A9b8(7MjBvdy*8sg;0xGGeYkY-tV|j(7?w*Y!QYY(CW_@KQ_a+)vk;4d%qOz@ADm zAh)f{Jt*yOBtt+)Nf*W8Csc{*?**n#FiRju7iy~z5NA9OsjCMR9425b%?Jh~gex8b zd#3>_xW}SHB*^qC(Zv&J5?i%+N%K{lV`6U}4yhn4iPWH%PlibAU=gNmOAKtZUUy4+ zBPHT{C>itaF;)vSC^1m5hh_9tE-!)5d2YFmB&4 z;S3*Tg8bq?Wi%F($21MAe#%OWr0Dl5jyiAN-F@aenu5c>>eO$l3F)p}GeFUqlAB#| zj($-yyhRer9w-r5oK|cGaFVIL{6iaq!j{SU2KVXc9MQZ0k!GCfHWZ0mNCelWMQ^T^ z_}Mz36F1Lh>qXG}!_qPKA*6SOcHj;RafjRhf^2UJJE7tMI@n=%NXs?O6pBm}(&5~Y z&7*=Hp0&`T$~lI&9R=R0&A=i_bgadpte@}FPc+K#i-a9YKI~x&3nGWjATQR~yvhv! z2xnIM)`m^uE&G1Se#wz?7qJp~Rqh))@_@46kR%YVyio*d#@^dU0dlO;`qjL^C%$ z3q5E%eXgBcR@xCEftJXT+EbzW&_(5_0=Lz;(q+rIJqxOOdDCHO;)REj&}B>y%BLHH zztnne44QyxRh7Rw1$c_Fa(=vDt*|I+lFV#Lewwqu9%LMtcOWB069}yhg}nCdhQep` zGuVQT&UciP(NTXII@%HDJFaUpIp<-#7~jZ7n;f~JpODx$RP+xv{tM5pZkdfXg;M&L zsWlzu;!>+uxR4Ho?O$EGv5Nq^WeQbF?I8cxjb@-Xwi+W4c3>g_J4F`96AAz$S6agrSO!Ehy}g(WbAFaAQ+HXg+#Zq7!*o5o4s|P?oxE(2ChcGJQootxh0X4H~-<@S&`c?%XZzEQDWSNvVkvGSu< z9_BAGm&Lc6%igRNsA(HWI&oVx7jxNu=0;Jk2>?4FC`#CN2~QOif@}6f5J_UQt%Hm+ z)j^XZsCj2gq4#kM?l^L-{1GH}OYtVORmv~9FZh1H#ZW}A?*nARe*zvE)-b;EkjrQ| zlZG0}B)wvh?N|(X_)R=1-?4ajHzWidkFrfNTNtwHa-}@XK$o4Z$siL;j)+=hooW%fwzVH>6b;nz}HwI|Kv;&{dSiaIjC-Wg-WmgGZ^KL5mli)|E#_0FfzOzr zoaT0N3m7=?=Vs)ng!6z?QQ;f0E`NPZM1>pBe#A}vb(O=y=)fZsQ#Sm3tl`sR4Sz%% zdHp=vJ=O^QFM-KqDi%BFMwYD)aeY0me9Ps>f#T$+JB6B&d$BMhTJ^uS;nK}sJB ze)TGK+4sb%aZQ+0-Xfwi-H6ruHE^(JBq4dz-qPt&4Ka zCd#uFoHvS`5>&cpLq#Dcf$8T@>|D*^L=TUw$_D@6Guy4R*#-yXAjlAh@G}YvRo#%Z z>t1iN_WLmPAC^5r49l`J?H8xef}b*-n=Ek-8ygLZ!{jA*19chUGrcos2V>t6B{){8 z1Y?VFumqc5=0e|247lYy{G=fdI&EE-+ta>ey=h-uvn!$@Bl+!;rTkR@5hcee+am@e z_0!&06A|A5y*V9{+*?YjpciPK%c4HQ80Fz>egrTy)>M?ZKGx~Z$xc7SPN%9jD~N!7;;IC&v~~(C zepFE80LVY+RoKV7~)2Vf#+&UdwG#e6_Wh_8K;W#6A+UL}B zjk$6MOJgPn&qQ|WT`??n1s3R+x#)|BEP^_Fa06dlMSq8agt(UjgQ!}+W5IPWzEX~p za}2&w{898x!0*)bBGZ%Jlv^-FB*CuaSuzTLqZmx=2-5cQrZaB6f|KJ90eQo>}}IK(qWN z5a@fuUlleev*>{yy*|{ux541Y*r0}NT@Mw44g^GF74PJ)a<?Up){o{}-Mv2yu0mV+RPf;7SB5{qbM7|@F8D4vbHWoZr zJHbKO6Po40P+CKva*e14fo_i!0Zddv3^4eZYgT9y_IQXcM1Z~7WNnxFw0 z98%~z$kiV1GBh%)zHh&RpJ7=H4%+`=?(O5_E~@?U6pExgZ4{L7B%u^(@hK=uu!xIv zbqftfq27YvtrnyxXh17Ljizo^lWx;iMQ^=SZ?2+7MXd-JN=X+iB=|*$iWU@l3=$J#0x>b}3kx)Sxu9D!AjW-ba`%OR7`B*CNWaCiM{KSTM8~l~Vj$6WkN^zW z0%S!_i>v>~k%C{{;zU@Aqrco|O~_r{KmbcrUhef<@%j_*5*;5l48&$DX|(D4LxN#S zS_v%-)6f&^8Y@(FEf80aH|JSfLNV2OydVf2c_Ua*J=zxQ_yiD(CWB6ZlVF5?xXKW)wq#Vmyuz@cJ{PDd{L_$_Q1qZQ z$_+{aVHFXg))Qa%Hjos+E9{tuD{rOx;>beV$eu!%TB^7AW*@5`e;{5BB;-KxrNj~K z_)Ur(G{`cH#`OaJ3ETAU>!DJ(I`3WxV@Mv|CF000`2TcxWe)eTfv*O)2#>eTWM=q~ z;$vGNV|LvF^`4jJLBG|dl~jV8+5F$ys--%bEGwiR{)1$G5~5@A@UP>=z`dv_D*>|- zx)^(|spADm#wM&lqqZ74Kpm1d=rn%YiDj6%0I>nL6Cs;0ps(rSLjw0C?~!@{6fc_E zx#H_2&(oHOZzxOBvxEN4#}qWWK^q{~0J=FyZ^Sw{prf@wH@&npeQBQ8MI=J|1guhAlj91XVI z+39CO1qb1zv9A2n^BcBGewYoxUhQoq>Tki(($&-BhJ*&WQ-u~MW$$rKdETtd&1Ici z@f@%6hwwi7J{XF^m${*AxMz-TJFVH;aU$=jWN=+w2BN@d(0?7_9S`7K8J19n)f$#&3X)O6Zrb7;Lf^TUEEh<_dTYE9PirlR^;)`+qX3xvRk0jXUiG1B&}lh?EOWh*M*C$ilC~e=mctdI zY@_d9ij5n%bWi*CsEJBea&WyoKD01*ZS$K2@a7PY*d(zef8p8640yrK$_!9@ z!^lb;gs4u7)M*5ul4R+{1;MX8{_YiCx~l$Bl0Pko2O4T|T>K?6Mgs%)~C= zoJPo$T_Ump#L|gU`&RchUk=LYlv!j94llWbh_ zb&@5&#lm970NmHY2VFMr!M~xrab9t`LPk53KX0)wkz6Xh1~HWeF>R>n8OT9be1@t= z1q%-1zv!Z?LbsF~MBOH^;Gpt2A)MEzt42FRnU z>$6e}(CC+QrOuYZqqDXE*{u5*2-Kfj%l3BHp&M~!evdj--Iom!viQApW2t?u>r>t` zlvZs(n)IVn=4LFY5!neuuNhp@2X!}4Y`Y`7FggCFqv8Q7RrW$oJ+U8CWw+hFZR(%u zcI}d~(S779nMZ~i@s{OA`n#NYwF{FmG?kQyc2#|zk9x+ZI(POBJOUnFe~?xsAb2*M zQjcRE`e2=wfm=))kFs$Lka4Asd4-2(xjZP_U;GGU0TXw}IT-AJg>!nM-s3koXMiob zvpB4&c ziI4@Zs`DyC?1ke$uja+F#a~d8v2`0hz=q8NPkBcP_vvZf*7J}MCgw6JFkm+NNx0yv z{=_YcygK3f{*qFpXu?m0uwSIYJb*QyW_-7lsQ6byC?2IzakWkEQw|OyG1ei((WF*~ zU}CArzx~BU_)9LWRwEjaI!%pWVoBZ(LsSQ?CUh#@#IMq43Cb-2(fj2INY8|B@%x30 z9Z?ncDox94S~N%M6VuAoBj&QIpI^xuespfqu1HpC z-~xjDnT$_uf#t}u0yly#I=^%`9*Sz$bd=wRW`sd)M6htrRdzFB6$c?3t2DtL?(Ws&H2?)r#^MR2be8*kS6*7>mQJUu24ndv;aNl4l1fKAv zjQ@Ruy+0Ioot9s+z+2q$NN6oYG-&}0&|tpM0P|-g-GW`~w_s;oPNUF+VoMS+uTj3l z;JlZbHruOcDD7aC2M5dte8_C~AE0D^@kqf~rm19nRuec1w(T9*^RYue78q9r7_7nSt<@QtUa%PpwBREN;`|Eqa7axqUA^46(OA+C5Ty?ZlrY3dosLpy!^LB6C%GloR!~+~o8pVAFuf_|GF4hG zd0*gcIbbtBPR{bx!i$EG99_-s`w|oPwkhI+79%#;Wsu~QH+YVs#oGLaOdY4OG zVL~s1x-p(o83(~~q)pC2ND#0McD)m_PX71#wFFP@u2~w^eo-mNVc07(pbHb((knK5 z*3!w-T1pWlG?NDrzw;En8fEvydDGC9AWUGAup8#KR(Hd=Ps$Ip<7_L;_{cCgjxkAB zFB-!@30x#hi^>i-w-wj<5c9DPmO{C|UPe^p&wf6T^Hh$R>dFN4ArUr68`j;e^5 zbwCdr=wSmr?2ZEHG>+OADJ56Rs^rzjdqM}YU7$%{1a+MBs6|$KH~LocOLw2p3>Q@2 z2$Rwb9k4^F-E@FWO+#Lqx`0gulVeIq_fuHX(w-IBv;G?CBGzx4uD#J56w6hvx0LJc z&uv1>HPf{xDyq}9rT)9&K|&8H zHy(8FqbV`vaHhis1fL%22f(obnYO~#*aUzK_$DJ=azkM$q->~;uTpj1 zf$I|c!eHHhJHl4W3nNs|q;;&P1&71V1wKJ0{5Ou4u)R~s;nFNbK-&u~MXd7C%LCI7 zh&8@T?7thG&mv&G2Z^DH`@P?{c?w`NWD?ckjV*m zBGSaY?%>D3VPopy$+IY!>8My9#Zvw@U$|M&4KMpu!){IEW1KN%U@{C$F5{%|*UzE@ zE|rhN?r$(Zp!jADp`#I!^c;v5BUW@R^gKUi6G!5b z`SZKw;d~JMs&U=Rs3O=Zul=-%yru`!@)|f6S9m<9oO}9Xo^zMkFZb`uQ_k%G9vI>l z*bkCLey9dkmEAM@2;aaGPDf>P3dO9u<7+Z3V<6Zh$JAYc4q==y2t4YLsGJeC8FNOc zR=f;&#i(MaORKhGaIwHTE+mVG-|zAF_h_!TOx&x1 zRBhOG1eOzsI};x63bU$bI1j0SMFmwvE7oD0$5c4by2rjM!-(FDxib#+%vAw%C5K9x zRXpw*b;nodsR1zX6=IBAk@?0_@i2&{NhyuW zWL(3v)xK&JjMuC$y&$U~kyxc{_Q=xp(H{w0g+EmXMn9snpn$m-0_z zsM^(7TJ-<~4#Zje*rHPVrX>TpLHB`oOVswnx`QTIZc}L~info#K~ajjmtN_EyI1)n zZuPvl<$gbx4!$s*OT6nW_o~*d0xlXZSojT71$zM?11Tu241&KaAg6S(_TBqBp}xNb z`iZb8<+gJrxd$c$Jz3NZC=$y;7WtDB7x0C!$(OLFl{{k*;{`R_(AzYv1H5VnM7)p< z+fswkeXqZfJFzzKJE|p}q~bZomO;xH|JWPl%)Ip!@4912D`;Np3A>CS;2bk@?~CQ$l_b zdPm9~3LpCtoZ==cu~_O=KmmS+0N;o?D4*(KOcg)diQ>cJSvm~Q()F2M+Z&5?pkwL! zHM#Y4EZt8a5=4*3v`Cv17_1edUuQ)Q3FLvQSG`KEG>yS*21cfn^N z{D9GeZ{`8Z`vLpmvUI@y6tyhFgl`=|U>fH1QlT_MyMI)hfXw~?eu2_250vJJ)}b_+ zAcx_MuT0dT^Q)j*#}nmTX{ctR%*Z9{rgO=yHtj($uxu1Pgl^I*- znRm3$yT$TAy$N^Z^XTOT0g(bZ+ZWt09msh;?*jpdSnZCZ*QG4NDVzs}44J%#bFuWy z%zV0Lr^SEwQ!9R$FMeWL{J0+c7WjusB0F@JJx$@|VB^4x^3osQczQspPC;`I-# z)%lU|*v_}CD%i%ZLxAhFU6vd2T_}cfNJd$>5jMF_->xwVF8px1G1mvX#7_x!S$40y zNbEYpRP;}dp^b!>d0Kq3%Y{aS{jH1dxcNAK9 z44Q#Rr`z2twj++54M$ueT(@{G3aA29i&`A`SgdHNOQ7h7)Ci#&i@wD{mJhFuslJ6= zNq_=o8X=`n^1G_i;C0J{;BQFo#2;v;SmPQJ^|-T}4$4|qRI>lm;82C^!EfOUD}c|2 z_0 z+)?W9!N={tops7sW`I92*bb6GXB@d2%l!)IBZX7BM|o)|(VOK@*$PLcN+*rE7kM;FQflR_Cc%PO*dr^KS=gqP$WOd3Hh%;hPx*pM7= z6v2L>nd6b^T`8E57?J`p>fF-~*y%owS6726q%_2$u32D!iXz_G=#IPA23|W(+`E>^X#AhE#HZKXlT{sChw3ueTEA<# zyZA!-vcmo3Qf;IH8n#Fy0&01FEsMa6B>JZ#K0YO;y}-%K;x_;8n{!R)Jtx zvmF7alMSbo;ef~lX=r4FmvePI<#7cwANei#uNnVw<6FC=*AGc=>-Q{dab&>=OMTfL z_|w1dTHXC;DwJN z8%eoCA2-UK?+c=way#Z3*N-Iw?Hk-D zw_>SY2#Nz?*=rToY6akNmdE2K|LwT~Y}{Yu88RPC4IV8>%aaFqs1k13R`7F~q>@Qt zV;I0*tqmw)5CpJTHo9q?l4Kv_JghJ3Fv#^Z*(oG z0d&$6Hui7d13*9A0zellphs!|{ksSB{5=4)nt%>fKs#yxebNKE=f8GOqc#G%8v})| z{iy~}*#j!<0iefj0iX{9kaE14lfjg;{o|Ieof(SgneKXmunP>RINw*CUB6;bPCvkU zXgN}@cJsLig+*fWDVnc*F^~zZ2Bmsknp`t)TVR=)@BT5oCn|BOPf&+ny`76kmA>aK zrlN28h^-FV15IKJ1y5?v5Ua=A2Q;2CenJ?htDa~gTpxCt$uiO{!xbIshAkOR)OpZh8jRPz7?t1@QNR#`lCUvcat74tzWOAsN4zy$5v`O5 z>~i?tdp70+k|(N+P&}$ZWB4n1SohmXtM1Paz=z=@NK~^14i{(zVCVBAZ#2HkZ&~3v zaIZYq%{@ld>vQ`nLfXTk=)vjRwP&v<+wsK5(J0@d2%_I@`H>C2;W?Y)LQ)p_G@?BQ zEi0|=bJ7jvebxE9i_9Vu22dtI(?)1N6Uo(GoZfl~FESWk>lR;we(}4c+9pmtlV2EA#QNH-jCz z;IIk364i_zsPj2#Lym&Dh3G&gqWt10_j!cQqm~C}@puJsMW{L;4|A28k>ssxuskHN zE8IPaZmwI4aTQdyz)i}Md*}I6(0{>_!Z2FpAc5y+M>jUz$)qI71_c@|`YY#!XK6Fk zdFSJ&92FH0W8${0=i5qk|60#FSn?a~vLgDiwL1OG0IK&j{3#O-%=wQW^XLiF{j$%; zaC|94G^tJk0@xp09)cIxvu(KP7sv*7{j1E-ET6W+GO)*S397yx(r6 z@-Fcc^ho+Dowe9Y$V|YDBtASlH%sJ$>^-)n5R#J%PjAf(EW@{y;`3eHgBN6%{4z=Q zgVqj!i;)eFqSC297TLxow8H3YZljdzWW$RfDi0{ejSnz%h^IgZWiTeMF9}r`pLy3cRY%h& zOZo0eIS?03XYugL>vRGmUM1pP`6C7QsaQA4B zCJl5#9>nlBhzi54sJ|=YZ*@7_0cK?!%n~a zkePfmFcB#x^`^8Q#!PJ{T(tFC)r4Jw9nX9}-wDtY!XiM>d?JzE%oZ^=d5n$G5!u;% zRHTJ9OZjZ!?w0<179XGhSAPD_YA-|WC;VqAy9`v|)W+g0fK8V|5&?@9rR=RJWdj2u z<~B;5{@ft`MeL3yyJ~1vHY2r+Qo~Y8Z8rdkAiPAzov;vtTp2NGeAG=&$dwPPw1}&^dtwo&?OjZ_l!^It(rU{mlMjGNO;`h>96`T%MsIb98jvLhe3&m;}@9Lpx5)eGdmxs-0rJ$!|H! z_v@9Xp><3G z5LN<0zz0zZ#xiOmHXK z@JQrOm2u_KEQ1uHlj3j40uXg_*_6Lq)Q!yMLRqBSEJ`;O-S0+K$dZZt$R~Zv-z=Kt zRW%PZi4`ngI_bEvN3L#g13p)@YG5&%y#VMnBu4~DYky#D_6}dRE~GPjZUl)PN$yd) z0H>GVY>*E1W$QwEy4Ns{AVK&wB;5g0$@lI@zHD7c-|@K-BrHJV!fFI{!Y2nd7epQ5mg^QMaTV1=*IZ(3A&*ukdJL@Hx-SAgYp z+FG1W@Pq&A`EP;!a!XIa1YdyOD6k>I&GcR<(80!St7lEGN=y} z^ZXwkH{m?~t!2n;7aRLhF#q7oxogI{_QdO8*ca5P2*A1J7W@@8z+q1mT00S`(rzT7 z(hi*LJ8(@KB@|jrUSrKpqky7&M8L|Q#B^YCwn^L64}B{1=4csBTfEq}IF~Ix1;$GT zLglXc?2!k8CA{jhqs6^+9<(cyR$i^icf_R%UBu^A06Ci5@v425B&Ah5OrN{Kny=C4 zE?xv=vP1?IWe`0Q3QtCAUzxKJe%TH&5`9^!Kr#*B^y{0)>@o45^rSfSWVHSWA z{)i^wpEWQ&k3H<~BZDNo&l7jJL@e+mjo9iV>WyZ(ZElcg5!Nek;*rPhF?vT#nK6t4`&pYRHs66uD%=b(-5L7i-9<2+CaR{pw|q<1FuJ0-=9Y4HYktB zH8eEoLGrV=b?&sbF09{HC)+y9w^bOXoe=Yrz2-bpzu3Q_S$$N<^W|vIT9iOF&Z{bQ zF6HuWPrFlJg*KWvZYWeIGqOF0+ zX>47MdreBOO6F#nN#4RoswDPILQTJcn&-kQk=Q$(6+6I+8we^`4h8NuKf}V>0JBc< z8RUsg@E*j3$@CtNPvJ&+iviJ@sY0X)*vq_~30v?7>RN?8_2~5H=O1>E_SfppmBQS=JZ>{MzvY6z*%JHwmqUzx z6T(+m-l$Zl#3BBK(8;!dL04xUXVcI*`f#w)3#at8?!SJC#@S-2tCN==^8G(|`;U>e zRP|iTIV%#n_zr`EPFph)c^Fb09d8f>WCh2UsM+0*6Ei#7l!*EH?pGJ+I@uA!mH?DB z9EQlv6k*gGQb05UZzzYVfHz?9kfs9>Y2_(fgb0)WcnR3z8qhj95p+_lvZJbNaM7ya7U~Atm3JwdA%(}itIdN0rzGi`$vvs zFJ@;#0dL@E7>?895`H*dB8f2-{cxb;7Wm+eZ_`mxP0hx0hEdV2Xbi7rR8p{$=ch{1 zp7cBn)4#nKJ^vF%C|R>N{-6i!Irfm(;8&rdevCiTREmQ}@b-xR6c7EXQE-Qja+gyR zdSroAkoT_Lt7+5p*Gs*fT(WRTrK^*NC@ZqtC#q18Yo?em^(4{~KbnOT(5J%!*YQfm zO-_F4~1`qVqIcQcq?9HEjHg+xmNuERA z{xZa3m^xnR>HTPwiv3EVqI2yMOU5KUu7_=M-Leg87IT|2Bi*3B!v>&6N8QeS1cS$h zDJ8E~Tn2cWB3tJQ=p*@cZGqZ&l<{Jtg{0sYI7YNX}xz zyyh+sAxEv_k(KE(@Y(QLePuO1uiqnl{#Jv}t=w=>N0Vvx?0R(?d&KAthG&-x!)pbIorQ_qoGfi7WVc_IL+Y(LfAm9C=vs+kCg~N6 zEHW_X%%%&pcu5i^TBL-^CwCB7Glj+5KtY(8wj0()Rh+Orm7zM-x;{ zVp6O-EhNl@Re-+poiX$|9=bJQXkT@{?maxMi)Q}|hg7@#Ayp1%m|`IU24OVrG<2}= zk1<_!ePWDGGXXwD%|#v-<^ z4I?eH?gYsJMMrK7hW2~Cq5UuOKwJqqHKluo!111Mirf!^gn^;MbqH$UOLurSr zAPeJ=h&4-n{D9AUzx?1KZ!7VY^O#!{S(5&{ESA6hp}leRyGMQbQ{0zNo*VV$49~OP zdtfzTX9kXA3(8~CE`12hB_Q<%7{jP0FRUpUGskS6>^fyBJp#mpY1p;_f5KSsyi-mG zQ_?@r4D3SsiE|=!sWRvVPhtO*B+8Bbhm3_M%`v^3Fm9 z#L{hfR0h?Jib+ccNf|%qB)&e-PaTP1sYx%J`15!lkAc)I47Y&b;7O{O+ZypF(82R0 z3n&|LL1Sqdhfp&m(@;#N@4hAK$~RFhIotr1dUR!^P@thKv%bfGmim|@r{r3sir*9w z;Wx>x;Wv+G+NTt=uf&)g8e_&guHuww%%xD4PL|dXwf=hxcg^a*fj`q584g8xCSE<7 zqt--z%WwT?KH3tIU`YFjfx~Pi31ys;PvJubd0Qub1>)CX!oS9SI48ao(JlbH$s+{f zKDWd3h&ILh$HJc4xmA;;b<(-}3Zt|7M||hNs~#)-3r~;Q=N1;#yoYCA9QMwEcT1xw z7HV~aYsHiWE0!^v%3v^+!N{D=%!8{l4?vn{EEW6Kn=Q(#y*d4VT+8y@m@**5bl676dN01zgm+r?}j!0mX^0$T%x=Dn^>NIQk@6$SF`yLm82Rz#T`d3&yZ?481`v z@=Qo-kcQw#Lk<+(8hXLR+FtmA=*8C13nT`LZe5exT8sUjQ1sS%6x|YV*$qXv1YBZ@ zZdsGtLWc`dXd_&mXwu7<r}u}#gz$!F|umcD;CntK4%SwATL>(jpcF7)N^zAu}ONc-|Xm>jGLt#h*gX`d{~ zs#}0rGF+b{^Se@NaIrIKN5iT4%~-x#?|KcN8KG9`m*@ZwEObx!fHB3~XLJl|_Jo_o zO|A;x`bulUNRdPvlx~9%s^E8ckfnGa*COfmZjWET{Tv!5bRB=TOFZpeot=xCXF;m?-Mao8!H~`l6`zm#sFqs}tiqhV^+2QsA8)pSp(f!u2$ihr;z5 z3)bkgO=4@D-XwT#Ii1BtZv`W zk3>!1O3Lts*n#&;OWk8j^pY6Z_OASZylj{s7`O=hf?H;n;UCxiLt5l%JeL5>i%Oqm zZeFVeEBY6#wJIz6Tjt4_=z-n?$=}hWNw?%7X?{=njyw@RhnCKKH9|e`is@Ww2-OIj z*By)Xr&SS|H?2};XI&|^A1dh(1gTn|m03tmFCUOl&oV7-9-nR zs7yKcXMgug<&*Zyz4rMj=azsBz(Zf>|L_ZsSIvh?_5%H~4VV{17qWEh)-1<<5pvV` z+%?UjbPiW@Aa&7-h1E-?wQpc&iUc%aJsN?;rpt^iJG1^#cR)`$Mh8^JYG-nz!bx2S zdL+RM{|_GqEK=bQV-=91?jr#S@o%;8-*FVBPn8Cek~N6?hYn83dJ-V|KF!B(;Tx6r zZ@ROdytl%tnq=$mXEE@ipQU0&cmX=6Y~<@v>)+~AYkzLpJZJAr7}knR5Us?Jy5Y6R z0QlAEFkD?9@C`>-0X~C(g*}TW`vIWWjg93D?lzYL2+_OQ7XUX`}WIieQwGrE$D|-DgIcoRm#ipOp#)Zj5%_0 zO0>Op)tvxsFN7HER}knIE)v{4ifHOI>%TV!tmgmMTN0M#4fu&dp{Y~SrdsMZ^`oQE z)FBGN^CA_^yJypBf#7QXNEa|P4Q?;Um1yFvBamoItrHMiINr+p;Ng+VMJrLQ%9T>K z%Mf+%Y)UD6mq$dGetQQo2rI$3Q3dlDaH^z8%UlSTE9VkPl@89`eyoWC+sk9&+?8Cw z68|)te?oUG!sh5I+NgCQX{(Y7xGopRA1Le)c|d=pV4@fU7|vunL%`iOeqfNtnNjTl zGaEAt2a51Qn1eiCdE>5HE0lUzK?aJm#FTSv#3wSncL~Gpz#5@9bg8&Ao>w3&Z#h(b z!bS4%v1c%W?(sgjds5}lA4?VZK356eyBn6VFNgq8v0v`;gVI5NnP7Jh`YJ|+U+MA& z^^#GFIX76KsCQSOvJqoniUUp?Xny2xzA?P*Hj29f7!MinF#|iAohQu{i4XuF z>NZDl;pr`z^_Tgy{5+bL^T-KyKJ@=;w21Luam74Xl=t!$<(W~LicmQUv0BC`-9>$ZvmfT^zi8Y+u%$dQl(l)_oZ@`CY;l?>Zcx2%zAQ9h-^~6e( z7c1Dl3zLqe9hTn8;kAF^hwM6mWCAxXuE_h7QdF<?tzEn1 za<7WJ$QB*NE|rFeYlG+`McM}WSJu>?2`1?r!o(DtB;uT@*2Yzdh{-+g>&-#sdR89I zZRI}*%DymneP-Y)P(FQ+9RtFPd$B){D9+LD7%7`+o#7)}lW zpB1`q1j9=6r|ZcDfsK4FFP|-2t zg8yEOBtpP+H2(8k3l<^&ErX|}4BeADbPk?X83_U!_)sTV++|VFX;uj_Qx=x{0z*<8d;P`8Bd{fwT(dO zY;gOYrC9Y&5tZ&i46Get69$KT2?YK!IY>P9xQ?ATP#k&c#^Izi%=q= z_6VhpfYQOJB3zM9w^bDDNVY|XyLDjVFuFD*VE<@HI9DacqS2Q2pr|^&DB+CR?gq0- zCJNW*xDnK6X0;cS=wHfWn*k7HN)O6K()EFyeHfsZNp23G;_jrIQG9Y$D0F2}f-4#t z&?E%s6?9ULCTKg(8@L3DGI5!iv9S>+1yP7>jvIZ#=ErEgF|CBnK?}vUTuVxJux`&`N&6UDfzeZ9a7w!PG?E@wLj5#(M z0mY)Kg+oA0E-w|jH-IV+YqMh@REMIik>6xmA*m$7g;Q!iAxW_kE~xQ$f4((&aauo* z!pkhf7e-oNpD%*)k}cN_>-J%xiEQ_Q+33T^AOf{f?0G)D%Wtlw;oShb$^&{a0lgZ4 zl>4;Pe=&)G-pmhvZS0(AyZElB@s~HMcGt8f(fC5EM^=oTxww z-PZxVQ;~yTGl-st{kY%OfY~+%b&42ctrV&FIpC(9{G^|EDgn4x*rR3Z?2G(LdS(g% zKG?ng1qe!CM4K%%-e?K z(-VsR_U@XT+YWrM{4-D7*`E`&P44x3ysakzGinNB>$s42H72KT6CvTIYMSepb z-?>ar-bUppj@TM%(=?K*^EW9Jg79JfQRVFHWSjb%k%MpJX`g#)f7(`W%i}k~?2Rk| z^YCbL@$eCQEn|BPIH?J-Ko(#RgU10`5i>x$?bi%Rg~cI7HF-+#g%E-Ozw&1aYRE+2Ud>%(LB4G~U=XyHE3S{r;TZ%te2wSqOLI+wEiaw%W6M{U<6 z7q%S5BMd0a6JsN18d2QWj|Dfu*l0Y9th0R9I%bK?LALUF%59&w{SJ8Q*$2){bID7j z4PnCFR={AGJLWiQP4ho!p?%*6j{#rT-E(~%HLC;tczqOd!1J7Kv?{jIcNiuo8~vi9 z3kxgfjkl0f_AhlK$9f7~hS>}}_$?BEMk5Ua)Q=uW)!mUt!#?P7MoVm43Go)tSK2P) zescc?+X**R4aueWW4@`fzepADH?mmOyhnFL&qs%8O1WTRZif%OMe82I;F3$MFHZX6 zlCQEa)*9+fO&gESaQ+s>#xp-KR2&A#251tKm|!B)3vvuYmC4%)Z}1XIFV8}(FJK)S zlSf_?{6605{XVXHdS@^((%xg89Aq83m~r2(i=u%+n8Fmyx4x%aN_Sxdrd7e9uI;IL z!nL&G&ie=C15dzs7=jp|i0=pI`=$EEldSlRMKh2aUV`Up5aloU`z+}{cV1H-FK#xw zn_zc^QCFi=kOJ@kqJsn9D*#=F(cLUj7u)$#fNvi+uOf<6_4kyS$GtPztCk z0w}uzNh%BCi-)J~#u2>s9omlh&zJL9(pgh(ehOKN&G;k$yjqEdsmbvR zx}Q3*X}Ud1D&U9R3*k1B7Ea=xxIG6+#SSPuc zCH!euhMvjL4SDwV#vLMTVCu z`AAZ%-rfUD;w4`1V|!o9{-u~aJlPaR2fO8~&RT*#P}tE4RGaI^P+t^3ixQ?z6f^yo ztAwy+u;+w(;0@x&g%60-k$>N8>*Af3jLzHxa zM#kKBgHPXN>0n#xd|=K^{HK)LRBFF}@Af9Xop7Mq5SnpHv&poRAstUWnf#54iy?6+ zes88o!!Y`f?<~&#-o9BlpiQb^*~<+ADt*HTMG+HrVk#V^%`yDi zOs}rL2JIsmMtr??P43!S2jmnK-&g>afWHdZqK#7fkh*KnIU{XZkOSYJuaYZNFLXB{ zwFQVOCYZ74f*~<%UFv<>@|7ZKS9NUf@MAb}vNX6^w%<|rR1DaP9-2;m1I#hL3v>5p z)+(gCJfw9Vk}Rj&j-s=KQvjo-IIStCcp9bPoIt*JH9c_Wl?N^4vRq zOUo1(=$!^jT0nVGwKpZd!?C%R9QPe<^R0>kia5r{YeE@lj7>))dR-=ZI^g?v7~?*y z)GVWsI7YYl8MXJ1x$`ficnC|5yxX`P8qT}o_^->Kb+Pw4{zT2XPoo|9F|7MsC{z#w z8K?1j_W$Ce&=$FZLtBiM20nTs>-xH!5K~rMa0@k~+_0{^FZ?g@Swd?2@Z$dR2;Z3G zBC94j_nptmRX+e~keEI}!$9i@#87qzeTHUH*c0^ZeZFrfJbmKy>5~sWpN{!-h?sy* zkeoQJ+?bX-yQ*A7RgRIYm}vAAd2`XcD;m*s8Dsix0a-N)LGxJbn}Zk=h_f{lb2>LsxBfdAvZ$dqft`N0d8%noqiWr$p?HB(RSkFTh6p z0F~O4zLeq_^<8xk`V2 zHb+4Ep-1}ojfX`WnZoU`PDr*h4lT4*;-kB>(A+c!o);1aDJDU0J^SMd9*q*ngo3jZ z+ofzgm16nX8p}_<=gYo@KwuH|C)ko0AH+d{xRUykOaw-=Q13x~8vAOf@3ESTEYdqa z@=l|E9zI&fMmH{aoQ~d)d*WYmqnun3qj6+`A8h*zw(Mhy^j%0E97sd52Ky2Flu!uq zuYWNJaVhMB;LvCO)XUCsj9Qz3(&OC)iU!zZwMTTzCO^r(_s5i97olKDh&C=evUHHg zB}%BM&xAf71Fqw#N2TLtuc#WN)_9QYeO_*PIYjC*Nb$iwb5@q+r+9yrdiEuIlvAC`o!1iz-NnIN`?o#Wq8Ze_RC%WP)de38wj=V>;uG-KCGBZ zX}UPHS4xXp^zu__b|1J1144VBkF|@&MT}OGOGMkG!y9}Ot_LUpDaV%%$|0uR6-o<8 zxC;UFAV?`0^D$^MH!q@DT*df;P74>MOkD6Lay%K>?s;Q5%DVcLTlFtoEu0&oKdhzMA@lLa4wn{wijrbaZ0dPJr z`#f;K@#37!I^NL5gURs8WH!AMXu9O@(QGT=WeSU~Qpybi)<%02VKY05Xl860)v*8+ zC-s>Sw(41ZN|P!`@~qyVtZt=*&HLQfh0M1pgaOt9o3mtK^S01`97pZTJ z?5I3e5u5MT2s(XSkd64Gv>2E!ZUmoXJ)fYL+Vhk-)`Yfy;Xa1D1ZF--E&@!fQG-T4 z?evNcfD#6|@mpN7milat#HKtiug!>Q zH~BI4$c;iifFXuaW=xHQlU@XZB{fwPl#q-Ggm&2@Bwa<)n-g71eA5_}0fBk@Z}-m60;O_2 zz`aN9sda(;Y&L*g0!ZlrtiGPMP!5wb151QlgaapEx$3ENrdSu;CkU>Yh>=7JiIY?g zqLVL4cR3(8kp!*@V*>ImS1OQR+=ukiZyr=(azT9KjzU6;pErAJi3qRK>@f^TBOtb+ z>S*y?{8cpg%XjEARUKju*bt<$$LFLjdKzV9rHth>&R0=W@T}x}5nw*(6&s2)J6z7680%=&|DZr+sr0-Jl9q@$^wE7UJ z*oA^U5CKh^DpC*_k@NtLF;tWRwC=}z(ld^U9I6JkvrV_SwWG`p15EhGO~}D z*Y!b$^96#h7lH-K7GG3FK=GNYeHzH9>WAx#*jFU~!D^$$7Bqoh7#ms9$ApnR>yKBl zHH*5(h3dCyxd9g7(TJ#~a*ots(UF5v*nuq*_)OZF#;!~icJ*ior((J60c)S2XsKkb zVf5*2AvLvntb(Fn72TR_P;eEfn&NKI<9lt_P8K4HiXB6PgGSPA&wT5WyXlvz->LxB zJw65+<44;0Jt@ZC?~E(ZK9OrygRo(Sp#ZnnC<%$3LBs3GPgHH(S8wP3kB7Q?zF8d~ zX&kjNZ%v%?BRL0u1eI`)#^DqHVQ=@1Yq_`M1W#~)rIw(|*KiDT;A zX1;Vvk1^0hy(dVhF+c%!0%hF&L^O@=&81Z+heJ)gkpvT~n2p_w-iQ`7ws(y^oi9Rr zob-sYrU0JK3dq;Ig&v)EHDNOjL>X@c|CUxwx?`8KNqMv?Tt=!LFCIpdK?=iDB#wqO z*v7F9Y9P(7<-O~Vl)>;Xr4;M@Spy{;3-u~J=z$fKM_T} z{x-s&jFtlJvX%`~`bOhH`UdZO_Y$=0Lv*Nh2fc!|L`EvDpAF-QGtYiTZZp2!7G7z7 z=TT%)8=uD1k85G>!OVcUtpaviK7GG2b3$AN!|AXMsEGcga||3Er?t6(9*X(yF~)yb zI_|!>j{4FAddc``8!)!P2l~FdAcmg2R`=+pi^tHY`a?RFXpCr~u2o7y*Ip}`=s;U9VY z@0=g^RS|2LZqPLU4=*3n`R0JBpKpWsIc>hNfPgIwTiJBJ{lu`4`SxMlH}I=xI^Srq zJOuwm^G%JIoNtrJi02z~WWH&UU>QK4Z&5sCzDaJ)e0w%D?~BpAAMPC<%^ByLLgRcR ziZ%PxI)?uOhLsFM>p^j;dmDw0-r8R=-ZGSHM1% zbaA7OAoulzX)JsRqH$2J;r*>PU?7*QR>c@U- zp^9Fjv3MbGL3!iT2MT4lr96;)0;ohyU_OT^1H;-T9&fq#GOl#eJxi;&El5iPh{$7! z>Gf6r-eF4>eU(rItC(QqpeX?ge^HK8s1?r3tw-(bGed2*Tb)R*dL0uSHi zF7dgqVXiFm>5FBeCv>&|6vT2zvwMv%3~QuG?8x&HbFiL1KzWMw0qdPPUlCj>>+cH7 zbpzc4U^Ul>VXjUj2aH{MUt#t5P6)%D{&i^#uGX!(V;ea0@S89KP#Z!fcuo6`0xS+vVMW9xCEJLU zkhy}l)UgI26NQHh-9WzgU@)@T$Y7hrq-fWMhe@*%?N>RPH{qsdHJJ=s)|WC~H^V*( zEYpxYfDJLY(%YpzhtK3%WTf(>8W8q5re?}H7~FEs^G&bdIVRha_BW$_`$oeHrZv1m z8^%Zo9tRT{{D=M8xM)@5$+h5~2(`a?@c;)pDRDo3EX-}sti>g3y~nF=AK$1Yj!BG& zI2DkysUCq=A5=@A5b#X#d?m4<&`b$59oWA}q}kINKMk#^A}vI^xjvD+(6nh)T!3Qk zkI!&5rRrY+U$@A=(IMx99+YHg?1ZQzCylwgE;5UaG<_q=Yf(A>!l7uhj|h1PhMd#d zD2hD~zf1XMIk0O^UXQBPV^+?reWxEYNLAGJjE;6s!yFb%k+d81K)4CXsPhr^g}Hk& zYkv(VFW>WxHa#{bJDv$Uf1CX%rq^H!^uP-H;WS<*T8D({DN7GUs+t1W`w&ds$aSC_ zoViEs%f#uh|McRt_p3}XA5B&RQq4q6CbhWFr_C%EQK(AN$x7Q$9(D4pheZt0XkiIf z)@#yYpq9wdWCZ;>u`J4FUv7P-SCy-Fta3PiYXXfmEGP!OlLH-S@4GFH4#SVF7#sI z>CKse8&X_2_mE-231ZEJnat>WG6NTD(cyH8icBe|-;gOk+mCZ~T)n1*Szd-}_^h!J z9gjW;qsX7YiOG7AFXLYHMH0w3Ejdj~Kt}P7iJXG<-XPLt0xf}9(m4>TMKt(NBg+$8 zsr0|@*C?F=cqO)P5?WxZi0=5 zu&~t_wqoCNIpnM@z%xbbjCf7k5c>f<-%A-uS5A=)WJYF!OE zHcD?5a}63$Q(%J>;PO<(4cPzTe!&CD3nP)qo>8N4Nd|8xM^>uU+smk4$6l)Xr`JvF zVoA(NL55Pe)oh{#r2`s`=hEwZ(}D{Z%3d@&@Pi%-=OBTbF$-0~5p-7zGEKO#C#pWG zoGi#eGOy$;!h}S%_u;RwdT?UI_?f7puoDscaxJvE%IR=37d5dzUQbACMasxMMI}6e zP#9AR!iS~!6%47cnn^`-^{8m637<6qDu3D9r6ttn<9rC4c%U+c(0}}}OYxs{qWT)vTqyoQDmak2tIg$V} z?|Lo}BGAuGS3nAMWXv8z#c|*|4q`}O=AulY`x}`*o2PJ0=K)G&KM3)0%&IXkL08ts~b7BG)CK@oWJs{c=-{>cbFJ zMiq_P@~{`^DhPg#&zN`{GXr~pco-tCk)dNs%(uk-A=QMK+7%<>=l8B9;-xZBgBZ7J z%m#=%Z33gYf1PM2Ol$5LEXq1&|2om0@I>2~=^X-w*jDk@yv~cDe;SQ8=1ZcOD!o)m zoEiKG}rDNN@Ct^yzAJZwF&i45|cFsX}!OaCKSe zeMb8SfuAQ0GR1Q=!QpfheM40xC&K8dpEawNWM@C28+-@yp^m@=DS?o^Qhs**sLzA)6bK>xmsa(!g=zFRw;7pQ>$1_1WLMOmNLM1N>fA*(CWrZ4F_@swjlw#XOEBq}YGWKam%MB$s2Fv3WvMYa?9U22 zS|fYcBz8`lrE!veF`Uq4si`QcUCS}(ixoF?kgN~JISy=@?tqs^MTIc_;{Ok{9zbQ6 z1KFuW_9W`6UJF?-WWj0NNA`+i=95ZjYy$ukvP@mc*M~N7DCny6Ax# zEOW+Jn2S==`S^tB;=}h)A}Jc&QWiXn^CRr{d_>Yo%(Q7@2jeMXXR=o8%-sIb(LDM_ zk~%w+UNP4#1qX0L4+(@b?&(q|QgsV*4p2p}ZSw&xoU~!O6vUx`gP>&C=}oru{|6eL z{t0J1<~H98A`JJgUb+zRj0aHsy>kqx4HQlwGDr8Kpv7Oe```8NqsqJAwO6^f-DVVV zAKvvBZpFsXJpRLt)H4s@(W51d{BF{0%dZT{;;}F!9t)d^AgHDHmZ`uE3ySG66vSO= z@ge@G=_EA4UW8LBk%o)mhJ-b9pu6mDyHkYRP-*GrMYs};T_5g|{Q%J(#!<0J0%@Ok zH-kJdwga{xixA)e2OlD5-Qzne|;m=yp{J zh3wl}AZ-DIk=ys{YIErtK%7h;ZW)Gzz=Ubm9f9F^24 z2ce#iE!AsI0N@#oX14ZniDpK~eKBMoiJ|vQ-*nipp_A-2C8FapY|-c@!4opQIE0Lh zQoJ8>(Xbw?hF#%jruQuTl>((6rT`$;I$8QC>X1`G(uDl0`=E*}*i-0d^3xPJ>+*jB z%AdbW=&#h2h1ox4C+Pz@U$)fa_|qHbWs>^-v}0;r-N-)q6g)(P3nympPKKm?pVtn8 z%GtXRfz%{q{*OqF_Dt%Bef>H53ioW{p&3U3_gmZ|kuHr&Fk{x?rws}cJtwP7lMQ* z-wdlA8L}jY)$S$?iGr1Lc=xJbKE2De{(?vNG<#3MBT0|<@v}e`p;x`dV)|XZ+!HUm z99TjN+TIbHK4SUNlFpajSA@33h(h*cBNQT+0}Ni8B{Xpb2M^$)#Q@}xVJlZ0cG$Iq z!zDRJY4QC0ilsa9rBi>5P>Tjdl;a)A_0z`x>iLGh9`W^9Bhdd~u%_N$719W#GrMle zj@dR&s};2Q%8*o2=A+wB4LerIj!w{V$=9k!1%7%T{~Wo(_ojPFki(J=HRcD{tm(nK zUvDXofe{G@C8*Xz5;^Lv3&tiDgm`wQ#!CLQO`M|Y>W|AQ@2&qn%#~N`R9L|72m;9g zL9!CtUcjA%KHO!^aam{tW_qrPsLto03{Ue<^<{O>7lS#*vP7?2r(81WpOplNjwXW8 zr|1Wc(QY9hl2=;CcH=n_Qa^=eC_EsTL30<|eg|y(w|Z+>`y>J+oU(Uc4o|wFZGi%7 z**+2;f$y}Xue5zw*oSg7+k&ojVB)>UYFHAsq`l2?l4wz~A;Bo-I|YqGS0`%j7WYGe zJIkX>AVY(`S|CzfTK^}SIs=TXM!|zJcC%bbfs{Gv?Q3Wp=tJS^#sdXYiWW~|K9rk<@?9y99JbIwnk+nXzQEHPJJN7VLB#nkVc=WVM+t953^=Gb;> zlltP{!3Lw$$63IWVELg#51!U5UG?U$2VGoaAUxJZS|PP@RXK_)Ex~39R}p%Nrj3ZB z3x?%&HK~~9<0v(*7$e>dh^M=W?s0cu5dkdpPT9B{2dQLoC)a^e;1*E6J%Xn6iD#0H z#r&vHJQlU2ZwFZE6zze}M*27SmBk{B{Vzz5%?+5ON}l(=I>Hy7!qlHvo$~x};39*K zG6!agB#mGX0onV;PytUdjBGt$cbzBxM1uf4XTzUhn}uQ{Y|mMU=U~ufNY5ZjDWZki zg5YSj6L|uER0KQLFMkl?7p}l9=Ud6ZEsH~faZ8&fOaODR#0mCQhXp3weucmS6YfVK zd~&ia9-+Of0(gpZ@XxzKg0)x0ifWO2y_FG$#o`k;{-T;Z@F=ze-D9r%;{lm5mo+Z% z!UXfG$0|aYK#VB&i>T|3C6-DQf4kfdAx6zk(R|8mi_(M%;9d#MN27(ugLE3kE)0?i zYYro*Afu*D|J`E}p(N?(px;zC3&%%_?I^G)Nu7fyFP~NLUX^(PJt2&Fm0z( z;v~>p`kYpW*`U+C2i`IfEsWJXg%8g7FpY@0K<1Gpfj^Sff0f;LCTs?b@ZbqZA6*>zTNRwQrod5NbeHG)ke;?Gs_ufNE{%ah zNk*EVY%3FLO6_>{O~P8K%xRJU6=g96dBWt=dFmA=T@U97V&H-m;DW&Uz#1x|Z1bdNOK52f#!dX<`Z+3V?Brl$Qm}lFNlR!4_|#20YBRTA+?z$ zFt<8f?~^b?mb!;vg4~QioIit7C)5fgD-6E`T;7mb=k+Z`D2P%)=u(uZ4ZzK6xUk|8 zFx#U%NObC$kbo?3QSlkb3-njJ^JZmk7EJo(Y7+JagpzpS3fasRugdnk9EOI}zF@XV zp-9zM;{{L<0YN8Fse zSLy=F!0A#K>Saw4^`MQ&fz?d3?fnTU_aIF=^n*@lA5?^}n8Pk%2hO zrwJ8?Ur?6{ACH)e#2lBx-+V3$cVj)giv%rYFU!xmYYS<2;@$4oz0{K*l#IM5Y5p?7 z%lo%;d|GV!8rQ(0oXWLy(GAV33N}!Hb;}_@P3~C&4>pX!;ZP{4PBsKMYBEf{heRnhj&h^g+myJ) zjJks_{nUtEE-{cEg59LJjZ+2_(?35Qw`H`33M#T{lW$9y4vcSb-f!UCV-aH!~?atk} z|4caGn8Klts#gT_wlf3043rTMBJ9(OFNilhLBuk>J@~8Sw2PXNp$(@v3s*Z9^Y8Y> zCpk&ZS1k#!TKc*1o++CXc-GFwV5-#jAgal>fRbmIQsXS977^VyAt!l}m{xdY}S zi;#fNRy>dwjVM1c<@G#~T>>?aOk2istYa_T#Zug2c|dX*z+j)u>fkV<*160r{+uCD z%65pVU$}i4m$9HZX%nlenz$tWIwaG3UiyWOpJiWYumcT>L{X+ZTyhY6Rom`xm;dHz z-8L(2J-f<=tixE=24^?D^b|m&%h4#Tt}?2aN6XzCFQrvN=z;Y;LKg4NMaVWiE3!?l z{Og&K#g5TWEgO<(5Mb68>M8HOTT%18Yg;gpC57Qr!BH1w2HxPyi2UixdOnk|hNKQ9 z1a`2nRBD!dmiky-<`RF%YoO5)7db{|R(b>#pKoz)O@ahop8zF0G1G;T-T}!EJMz-g zCSh^xl5uioVw8fmrMB*ib?_(M#{Gcg6qKMU(A4*oFSz4o|0vU|13tXV<-P|kV|K&l zhFw3lg(`U%-(lE;*B7p&v!Tq|Pv9@RRO;imTuB!UfK;nIQOA+IMG?Ty72j3-(vWrk z41Pz{!SBozKksVPlQ!4CnfQr&DUVb!jQxGO=ZA*8nwkA~6z-VS|0(&I+gT?(i64(_ zz4aL!+No=w=T_0@9C!z2j32Ra9MFPQxBxHG&x#svUhThv;bvZxB1Rit#Uk3Nv4*Zo z%_&H4<3$;7pm~*VGd0f4l_U}B&V5nUL8-x7vWPI+kU$mrElTU#eG<1GTxh7pvW$pI zyK*cv#iGTdNO&R4#a_VMELbkJS@0{hS)c}0UG8NdkJb2(->_MXQ z5{x6IYg`^Pm9B%B?!BjI*@@Vae1xRI%k+%P#Bz*j51+8-zz0(mbRqY5QxixHQGcaI zCiV>0tTt@`V#8ar%vJ`dsWoe1&iNORFf89>9qW>=(9-1D3Tj5OybSr$O&*p);p)qc zhIJSBBe2r*_S)#0+$fI(%Q(HOE`3*>(s!-N-Nn){)yOUtR95!Uz{06MJHJAO zNoh7VX2KtkYyq~<9i2U9bum>{!dE-6RK*w372y8|`u?&%Pwuh4zv<_ZVxQ{!7ymv= zCMDq{=Q=_nY4I%k4(R*$KRFW)|CGK@6dCd9C zq%bDaw`tn%NB2aNC?3W1ZLMKpa`&G12(E8ENXt#~iruvE&JRipqLIo(=p%kIi?CDO z!ySaTH$e(P#AE-^Pj@B1bzJIEP)mBObQS#8@kC!H9w7MYF5Tf;cg{E_+649t7yIgg z;OC?%F~Mn8l9BNQ*ETM=l2mXIF?-ZwU5_arbOfp-!>_doDra4(s0S}*yEtimm^3DI z$}AS8y;=b@!#xEq4395Si2Q=>l_n{4!DYUmzp`-mUhnG9UzvW+wok|l&z>(0aQpsQ%5V+P%FMpG74s5GXNkGBbF$pFQ)W}jf!)O9Hj;r)oSdM z%Biord^m%>`wkPKP7nDU+OC2P=ESse|K6e)%x z;`GBguyAz`5;FsFvA0{X*yTs+=OhD%3Ih-G?v%N3y}*jA3zs*%9EQ|@v_Luy6h$r} z1(mPL|J%oZQXY#b@VGSrTBZ8~;PD5f({%Y`pRX+DNBkg7))DtR)JgZ731Yuff;^C< z&=hedWQF+!tw|LYG;xC!ey_ob92ruG16F7;3R$O7^(sjvl`zTnM;4qR+3vAvDH+dB zEbNs`aZET4^VU{;7nA)tENhDHFB!5CFpO z5NiQw%$A>^+5W#URp?)DdY~Hd`9OSSoCIkCjONTpvG%IMdwK#wlZ!iwo}u7G^axu3 z8Z1Eunc;MH<8Ocah9Vi35!58*4}G`f58%k~4RGw;y!s@(0K zfO=fs!ZzJIw?kou&~$enEH$CA$&HFK<2L0^EHCQ6-QByDr;IoOnJ-=LuDBg5M9m&^ z=NyV!u56Q9CL~%gild6xqjC2EV8~nm z|HumnAr;Tq(!;Wg!^B=GWATEp*MPkBT~F=Xqzxd0j_2?S|8zQjTiTJe0+v0q&{bUV zP9=_i=e7d6jVs+w_<_;wQ_llta!w> z;rl+3_Pydh<|{q){AomJrFlE(yW0QV+h6wav##zE9wMEBl(K}Q+j2($D{Rhz({OlJ zpd#^R;4R`0F*FJeGWGJR1lX(A`ve)gf*A5_{Q$784)?wPBO2{gawSV%j6X6=Tc;RY z3s2!hg`3^Gm`(c-7p8>Uv}b!xyvLknZfV-rKU=;J>)}6!g_x3msS?%%cbkEp>3Y!! z18kFztECt$B`FfyvaH^sjiJDyhrC#uZ64 zEo0$aCk2BtfM`a~La&+DD^vHV`(Qoy3zjTpw)59T+2^orV+M3u4Txcdu7EeVtda?= zAOFI_1D>cpD5BgAAz`cJN&hMi>SXPpK8?j_TL)%RdUwtgk)keuwWhzd#*j4qc?L|r z2Pha`zFxD*wWZUwfY)@>Id!TsS6oLv?X zNsg8TTtQwcMt{_l;?3pVxayEE?Ge_0hZSmDL)>>Cc4@x0AWwoU7Np2g(xAI50Xnc+ z+Eu1KZ*Co$6S#QdLvGW#g~$81f#`W9Zu;zZo0dY_Ej{<0OA>*lEmzEa`7SBZpU zjb`)ssofpTc7)#wtj}l3bIBwv``VcT3k7O3Hu#zfXv}~1=a;8gji-Qo0WS&AR_dL~ z-(3-Etu#EiuRewGElkbM6jWH^wR>=PgM0h!CPBo-0tLH$!H-|y(I8eL!lX|M?}PAi z#N3$3_uqlYh7Pw;@47_*{^~#fl=5}Hh4_zVS9*L#vzM_{vM|8zns4>*z?0kkKX+f) zU40JJ+b{@>sWjP|rai}Wc7txugY&3vGyI9OOtHbtcO4O-dJ9(qvne?rZk*60fcySDf< zJysF*V^O$oO8rCZBZw#J00+O>2maS1ec%YknkYXdQe#OQoJN~nj&7*0M7;768 zR`A;dZZ6-Co6BRR3!4^|E^Nl_R~`dC!twU*&Gu1zGi$-;$F^f1W3jm^-I!A z2EE=nf02zaK;rYwFXp-^P95{a(`=Ak1kwcXq#WdNrExW4dE6iU~`4 z*CEa;4Wh(Fk!iN6oc>95;#NLjsg4iI{TP(dAly{%zw{$Ck2+ZDWS}E7vB(s=DrQ1 z;-CP#>1}P^#m&qck=xaM9q7U*02DCic<0W>4|% z^AxJ3*S#V55O&b_!&Bw9_1=Z$%-n>+dQ=5OoZI}=708qwk~3T{h{R0wD_3ac5wC?R zQ{Nmrwg5QsGJ3$NvnT2l&(5|j=sm(IsIy}W&lmy7&s_mWp0tO?+!Y#Kg-TQi(74ij zXqlmB>swZvV;f-b2(5Di5#c`+i)VWHBO$hNN1P(|1?dM2g<}E1{fh4yA$<=iH17kk z$yP(;j5riLO>r;pgYaf#f+JD{TkT;f0)(lNN|6io*fD3Q6tTri6sNU0S3BkfFKbin z9KdNS@|r%$YZI?5It{z_P|yfQqlq7k4z8DC8b5v9R!G2eVVeE}BGRZ|Ok_Cz)#{hI zbz<$VwKBvSWd|Sxc2S@hL{mg7zPi^~twp^09$5BViI!4ng_plNFgbQ_fT z)*uBd<>jDXqqte{#X3|6H|E~{RWdCQXFRCHL&uHypO)ef8Vp6pcQ@)W;Q^aIRn@D< zpNG&0HeBvTm4QZz&_O~-W*Ggo72`KRG)|Y0^EEh23Sc9^U<4RUC*&TpJEval!-_OZ zg|M|lp>h}73ivNPpX^lVhjJiI1_74Ls8KMF5*30aJf9~+L^7T^=K7B|VF8(FbNwSL z%RSd$(u)P>gv6eJ}B;&#oJ|j28w?6Y+>n zQ`ZGjgh$@|(r_|}ifO*+A*I-5f);XP)HKsi(_lEC;c#vPaC|Lf|4WS65q+^C4v_gM z-389!ZPm**m_%$PQ-If^o=x8p!fj)FX^D3dRA#>qfkH z{E`tilJIc~W-=bourL|EM)HwCt~aP6#Dr)&Se$&sm6mYcWej3xL7ll6sfuETHe&wpe7d9ogovLJ7L zTg$q2HDLtgLFVMKT52v_n#Yic`-t6w4kkSoS*c95=cNpT&{Y51mz6KomUL5nXOJ&d zs$rUiFL|n;c~W>&rvnaa;J%&MJ5Wps4~Xa*4=?OOBVrEXyX($lDmgeyCKlotZb-?U zoqmN%?kaLKP3uLKTtKUxZJq03N^ax6my5j?Q*ay?oY2P6e@)emBPR?3++Zvp2aU~N zk2`+Pp&)tpiUyK{wsgYQ=Pnlfm{?xFp10v=JgFx4L+Vj>MaW-`!w3RHU?DuLoQ4Cos;HlJiW)MV6!o)rB%a-e<2gY^ zjdezH7@s|`*Dk4|Mw>3ydi3&EqGV69%?=XW8t$G{wGm7)CImC@q(Afvz*$r48Uq1Y zQ|D?!(Fbe8irV835l~ntf`uOcDYp1fvEv8RuUWD$NX}n|)oQTlNh^xZ1C1rKk4sf? zcAUiQVv18-+K}S>9r%O=pPl@{;2R@~(^)X0IF;-WMPahbSB)X?RCOMLh*AqO^ZEeJ zfKF2~2st^3SxfKmI@Du4cggf6=q!2FSG2*?|Dk~n2IGMG6b+SYUGo(bAn?+?sZ+MNT>}_H%CYY@7 zjcd4SxQE5aE;t&vPuMOu;>me%DH^%0;Ql4 zCNX3uJobPx%EN?B*ap2v%Yt@7KXazfOvdzEWib6fTkQmz(}0~|kLPkfygH`y>bS%( z&}HbR*QDR)TnpkheBV95`g+&^qv9o~a-pkHnm~}!>y}~H4&SfCOjwC9oJvSkWQL>4 zBi`q&@>ud%^2ui6)i|8#_ED0PZo~pn{Umc8n$=GWHl{X%vzoS|oU^(uPzpL%f`{V4 ztaP$6DneBFjItz8zIf9(_me>M8#A$Pl0cCUQ=~k3;On}+ttXdbB$7@!Q=)^SpabU-6Hkl|8+P!EqBsz}SWYR_!0|}cueoC}o2{#C+ODvooV1;1rA%8jG@xR1r`wiV zbi#xFPMr09_I&TNNzKNo*Dq@G_5o8o)3#>4WqUj4-Fm{@Mi9>)*5Vt;U71l+&`I|<8HhZDcr7HCyqc8epq z>Ea65O90qIjgp;Tm%E|j#F(e)m#24Buy2W8Vb|`ukL+6MH7&i!Sqi{oB#d|Tqmzs{ z5eR%{vIM=xGI8pg%myJ)k!we#I>C<5{D_IuPcpyb_)j0T4)~yxU4x?j=m?^xZ_EY) z5(ZRXp339+KcDLmE|7y+L6=JeHdb$TfNh5L>t3Kt^VKLHX+7G--*`QO(H?=14!1!3 zmE7wmAYvLL1PJsA z81-FmMk&r$vpr6CF-A~M2F^(4r%*K7pb{CT?}*ic4Tjar$UKMoa#CB(_fogNJJxz` zxAhcS&*&hQ+2|MLpiz$75s=5=4*H76*OS<>?(|N}yZsFU1Y?@~%_*;4A3KU)xzDXD z!N{J-{5SrXl=`Xsh6NtWd=G!9J=RjA_wWDtJF)$pxTD;^eN}T6-pSPNBLai`%?znp zz$Onr^IrK)A?*w{IVhjqHViZ;jj@v9}!AuEZRk8fA()0!P2p# zDvqfRSng$lnkTX$?ms~u$QBY#YR{%@3c_oMLsUVh!a(0D%YynB0>JiXqC5~9zk035 zHU7XN9pXj$OIf54Oq0L4-xeuJ=OkpK`mI13Mzd&Yc3{Z*B9->Fe^m;p*D4i>N}rMv zkc^xV_o|N@KhF&$o1s7*uXCB038K|H!s)S}F1-fCLxgjk^>PX4f5BcKc!}j}Kvi%m zuv~g6F9)|CHr_iSiBlgO>a8VD2X^ zx7%__jz8x3t6j=L3=;1g+2{GyT@MY1hv;|q=R)*@^vCw)=`K_0cRKZFk$)0c_MrS$ zL?N}D`e9stdqReBT>K{Mt->b&jn>v%p#fBV?{*+W5SP)3-O<1nr3>h@`M1HtSDftUo6Huakdx^4YKmKm5Cwo|=Y_*;(I;q!e z_1+(Wr%PIDm0PXa@oE)Vt!0r~his7ww4=8uZf}X!vqdZQp0#=}$h7-outhBOzG(Hn z9jO-@Lyy(EZ@gO7R*Q@Zrg~Vh9D~tkTJz$pPQdf{a)?_P-qc>D!UWcMIG%rOeflfw z{W$np*7uU!!wzXH7J|O;>)4}$cbm2qHEQlWo}flU03fi0wxXNn+GE;u6I;`|(82%E zLT|B7atJ|~U3xzvU>}bw|4uN*J8t@{FkHiI5gJ~U!Q7k+yT;md;@c-mFO8X+EV;yR z@ac87WVsc>oG+q7I!$laPX8(NyWhGyZu)T;?lHIJS^8n+op(-@77J|f!aL-41sEmY z`{UgTG50_N=b3Swd7}LC^eY~3mb|c`%e1`Ms?&1gM8{uZ1D5fRJ@NU{!w0R0iO>TM z|Ag#S7Fq1UHR2NjJpCXKRUe= z@@}K$k-`7K1$lp_OQE-s-{bN;_>g3XafXe7#$y@ysRIcxwC$$`?8~r2>nxxgv9W?z zpnP~#a;KG)fufIdW4M@!A$>BGC&TOs=Fu?!-7-X8!s&Z*x5~=9P{g^uRx8B37DzT0 z5M4BDD@GOkw&P#xOJ&Vxu6ETLr_*Yc(_t4|F@;qaxI|(DZfAv8Y8a54&7E{XkDaP&ci2g1^=&wdUUlJg7 z?UQ~wNUweok$yUsAg(T}CgB{cyCN(@6(*9EF0NpY$_13{a5I0|S?*t^uuEovYk9RN zaKXycW2j@?6aAIC%%OXtl|%+VUM$B}PyZ6&6GS=2%G-E1JpeZG^SlKIlnGCvZv|1T#hyNHiuV4@4iF23uxH! z;`=%uSS``{!2IECFK+H}H2itNA!ygf{rvz|)thW()Aj`)*n!ZOI5t9LC*<9JsZ}yu8>~Z`_4?4#W7U6>7p^x7ShPQXXd^$JjCRBm9;Q zZ1)*&FGI7=rzZFCj|@jP5H!L|7Ab!u^yQvmt(~#jLD;uA*t(9;|0j?~_|tO3$u#<@ zFUutCsFeO$_?kBF1Up^ExK{X9Zu44{00un=8|X|C9YnP|jp*hV^Tm^;3^U$jJu01G z+3;kIKnB`mA)bQCQl-T4lsHcoa2jz_q{|K&Jg~48vH`$toNJ_`kuZ&eHVgR_R(qDB z#h+vSo4#lxF@mq^l2H~VLGJSc{;dbuR@30C43#e^ngl~<{uc_E61XUuE z6SH3DgcsTa;6y&#!m4BcUPhvPWWf)--IHH=;KJ77-%{U!6)BlNm_p z)v1&neRV3`(~<%6S1utA#LJ4_w~o9zl`(i3U5E|?-sujyP)7UAi*Kcl^6vZ;V}O#K z^vthLWenh<1YVsg2w?ZQ`b&bJygC(oj-7nge+5H{q7!^mDx;5sH)*~%{RqjakN)Y; zyk$Mu!+nF_8Q}!OvV&qfrR#NAbfm@g1H*(#4-ZA&s*2aB(v!YMm4Di6RB?#Lo#*%U zZ%AKmQyPGurhs{U^~rnEM>6Gpc@E~z$8?0isrVZm=-7>hKuhM1q>Aid=U_;)A4MPg z`Yp(SB-}x7+V<`>pwU~GAd%d<{KT*Md%8HB5xjMYCBs)LG0GwZ5xsRu5Qb6aeeQg| zbx9EDnf}on40Md}Z(l%d!4Rn=OEs<10(3e=ZQR{Zhvmze|0$M}kA)>IS#RC~jK!VG zpy4n(88Jdj)<2=p*DqKHLMGA_?00A=ZylB5gU$O-kzd~Mg-Wr`z9db%dsCm$6erNp za`&lPf67Htf1u-e2BlbqzS&D^lNO6=1E@JUpuqOft%vubpS;-zD{;ChZ}vltoIKFM z$$h&y`Q%+gp!`_g;b^IU=b$|6>@TS zoDfTSk57Ol5Nhge?e}&s#)Ei2 zFdLK$x@B3@HC1SeLmQrwN!%avKJZ3J*fSXbI!br+^G|w#?jwWzvvuSEP2qy4#=9nR z>k~AWB&<46SLDI}&M(i`KYM=nUwmBi`-kbro?lw-$3MRk?*)V6dke;>`>1&TYsRk(wxF*%%Fr}qu?!8jJ_5IK*PTc5lgXH`_69Fl%WJxrmYgd{cPcqi@V z`|YF+xQ5^02!5i0uTNOzxhwS~`>2X{V2*>pO%%dF2iMmpATWxbVFW10`{`RFd}x<8G_l(iP`-lw7|QoI8(qt!u&@a1z_>%o_w&_K zf1rcE?WR~k+mcNl)wXUuj{}LP@mGh`wa_Y1+~=n|IPRk!z^;5QW2>EDs$cpvGoXTi;o8MG3!;rc z7UYCp?riTz(QJW^N4u)7IQRQ!SZP36pwo$`vpr$CYMC>B#PXKk7sJYYG+lm}UYzAk zB?S2Nr~m!5qM(1+Q~n%q9gR%x|8Zheh%7T2oc?}Sqg#DTFoc8B?uvr3ZGVf=i*rmLkHawYTR1iKJ2j7Ql$H!OKFj)z?`N+_D0G+w0gjxs@ zRq(l;I@aS>1tan<9#Z=gQU!Z&ke-gM3ixze2XHrko#OLqzmYI$9fc&pEA+gBe}!Yh z?^Oxf^8tJBpC^BQ;IAcL{n!pD%isO3#w(FOO}0eLTMn3dBSeajsW*%auR&hL(SEkilp$d9w50%Pe{f{^(hEj1A*C-bU~7@mivyYiLbOy$(N7Ti9LrHkJv^L6DO+J*L)DDz zh`0rB040Xw7JRM+CRN9-h6e!MTJj_Ztwq4Nm5 zQm*ogazvJM9lI>|`e>(kamf^?wTZ44m&Z@pL<;R+{olVIvjxl)3R=zpqN+;v%1`)| zja%g0$}g^xLqVvZCsf@23O2?))TiYaHH=aMhisZD(BzS@>TzH72~OcOMKN8x!Zr?k zQ!lu`DfSy#PY43(7g2Jc`eB6!R4ah$>Gnu3;QnL%?{IVQ`HZp+$bvU#`o=kiX3Ns+ zY%89Ww@bGnsbZ2m_HZh>DH^?nJ>4hz}6*bJeE6*#($TwTiKiKAZ85{T- z>tF)o!(5C|OC4Zne($4vjxF#A{Znd<6?~rQ(H=JENAwf16ms|{4U^p?Hu>A8c>h_? zd+j6k#Yo223;{R}vRRWoV$-*Ar*E+fE930CnngafqzHQqFZ(SJZxR>q_RFwcS;#Jt z+($+WU3GO%UG+!ypPjqxk)k=SK>C2FWmK;q7x;I|r@QY13lMu@BN9 za+%A}y@hlGbz$|^9bvcSam#ma#S1_@!obIX*tdr59)c+K6yol+e><8vD@xT^5y8b^ zB2;~3BR9$3Z~2a70U$;)1MEgGI90Y%e!{xId*v(H8E}#9$ z{rq${hs$U84)K%5w>ct@Ft})m+wb#z8}GP z?l#>^-6A+IF?!i6NFO9T5u6{Tq^CPcReCt`pX_-^LiKkSai#|6d%Go8k1#}U0;V)J z_!G|*VITvEp?sU@p6)Gx2V;tY^F!VXXA%P(0D9oQ*R6;5gNy%n ze?*9$dw&EM$wqE^2^#L{&i1FFz3PSTh>AQdS}X6+*t@pejbeTOxXH4fo39)X6Jv` z4}{F|?=NEg?1fPy>jzd{X#Grr)%Qh7|wXd+A5iq)@nK| zi1)jxn*=WcpCatogUrCD2A(905Pctz#2$TLh++}KljeuO^QAo?+I$HVsvAQ4DS`7* zorf!f`yF`O!f+`*qM-g{oL~#2soV{sZ0nZ)p5A5#qwZ*C#}q>H8MvL3fcrB*0|7wy zjUH?!n3zeIb79ZUQdvQC#svTkc#?rr)SX|0ql*-ug2D^A<^8;8Sq*wW?++64eqQud z#8A+$dzGQ$`zCI{LIw1YSLp;_xKE*CA~}5d>G&&W)1PV||7?2hGkC$X=|-6iIHk$t z=;W{dP?$FR+dza^VW8H;!N&}|`}ohLk0D?~^yhmL$wvMyAODfO=*NGoW}DV5cC8yPpAA7UtC4{70l{KtUpv?BTVk7Vcg z_)m7hZfhC(_z#Vu(#I2jJ7~`{c7gBP4d^vp`RtYo7(8k;SQz|5+gX z41E>|u=%q<)LuUe^uA-Y2g0$;5dI7#9;M%c7DoJN<8P0q+aL96F2e}jrf(=1eld35 zUHv6<|4Q`+v497$DoTyd60aD|`0JbbGh;*)HxQYXi7(8}u&yn*MIvS|LCWju!e8l& z_VW7%!5zq@Ydn(Mv6p{RM9KfMLYH()YntJB?_A{8IEG+fEW*6*q~;lo@S!?CyZ(B( zX6AD4f+d8H18>)QlNM66S9UTeq$VvKfUK@SQuLyr+^3k375NmC<^(>)q&d%l07L@= z0!;x2@kGn%?28M9-eEcV35_ifq}*npgKMA|`ezoMs^*t>Ua9rv%T0a{OuyuzHz%$^ zg;-2t+@%=_P~S9fQUnS;hK& z_{`i^1kG=0l{(hk2$M<;! z?f1$G?MoSQBx1RPNo>zwMN;#T`2hT~5ZM$@7y99ApbxM2RWL_)DJIQFTbyYD9SgW* z9U*F589qN5x<6&{cCstt=)}U~Y`X-J_ZpA#zz|V{%OfAhko}I({cHz-y3hP4{zSfY zNbzZyU1Qu~%lWNCxq8~}*|!caeD2pIl|0{eqNjkR<2n69xs8O1)@ZZezJT|9S%#nb z5j0-Aumk155I!D7?YzIAXR854CP46$d_X2jJQ%Jy=6M;THNnml;tz%Mye%8ZZyu)K z_$DW||2>G35qxFqIgj^H{NBdg|0pJVmA$kz!y?O9O3RaS`akMJ7_sMl0E;9SN zXWjEmgS+nLo`+>|g?TD2D1tKO9;os>>0t_MS4bDbfi5BhDz^QS;-2;w?e+3FzSPWgW{e+c*wf!CFCgWi%w z*_0a!Qf??X-%Pn3FEHhX0>c93!v0}}(a$Cv`+q~FJ>^fM|IxsrCLA;O3ZjrMxG#u# z!nurxgd_S;y${t9_aX}dtF&txS0-nZzw&95UMVp80AtvDjSRLQP5S-8_Iax=&K_)k zaIoMqy1`ODglT-52Ycrqd9eL~!Bzy9RA|4rhwnR*ED3Ic^39m+ZCCdyOL3og8pW_F z@;9LJNE((Yu%8#fDjAamkX>< z2>&7K7wy-;v<6P&v+-Jd1!Oj^b5-~ zTCgM^AkQM~9h`oqlxUb>c7ia&dAfA#^N@h8C+8ufq`5XXX_#Wb3xZ~pq$*KIWJVDC08*e>Kp|WoL<-VQ*GDe--`Rc`LM{lk zCO1mu$WFH(21f5%${3mG3$_()1$pjEJ|Y>UpD*~mL%$1?%s(%jrhP3i0WD$GQ8cIg zUCQjqV>2+Dt?2S7%_;gFp{ar(I~<S5COu{Y!f>ULKx+HCqz&W z%iB1RmlzX&^Uq$u0JDf}D0>C)5wi7RhLR_PiS=xE-vd^*Ovs$i+=~jw|K+ek^mHph zVljp{Kj54Nvg(6bbe6c2jyA}VQ>!W2>ruNnRGVKNfq85!1TjXvU2{g|ouA@ovM+-Y zs@019F*pIvWJfR40Zt4?I`c=B@us|=8hrVV*G2RwnngS@nmw+X?~RoInS1M&fSkPx zhAgoi`Fuy{2zt0t02-;Uvqz8`QBOEXHF>>iQY-y;Rv?#q;Sd+WBO3%$(_=;anBGav zJHI}uhkvMZV`#MJh?Y8jentEcKJB4mllfsj9ArWmWC%CjG@fGF7Jx&^oN5kTKy+c=ax6r{kzB9Q%vIn98r(g1vi6CX4F#z)hJ18>b5VktR{`PV%S6yo(Y^v%c6 z$>%c#H*|_SpL7PTCpn!{RpudUFyuo;_J^1~%_rDlBNhwWj~y`0k7Q_d*~DSY{M~k} zQg%>S?2$#yOKJ=N&GJEm<$Ujy`eBAINhvPcOrh!>;BJk-cF{C$t7X28fT5 z4|?>pS@Gc=Y<3DJ-7~o}zKSuBJTR0ebLrhe**0flO>v-&fOy{-q(B>6Oc1qGFc5E` znA`vw6Mjzdf9BgyGXSJUh0FG-n(bdUI(u67Y%#y4`i`WN6{HH16+q+&T*c89=^KdX z-hv;LJn~wAU+{9-fxG@qR(Z1LS%iWHCeMW4hz*p^oI+_5KNvlvBtv2=@NN1y<&qb} z#YOZ384EQnrj)*3pG@|Y&aA+7_NE_z6rE2r2BQ&f{b6xI)&%6nM`6*MtUJPX`7Sl% zj(9t%j1Dwo5NOnv#9$*PFNuI8c_}Xv9`@Pml9Td!FT*ppqZc##AG}sZMmx=>P&d7L zn33?mcKs#4+ah#Z324zy;(5CKX%#?p`<=X*`!=@3Va0SAiiu&Dd|&02-_!l*$x#5K zoSu7>)4|)me9b|ILRWzh&QYPrRjABep^_>X*6mJ=2G7IG`~eT1s`s<#|FBXzoh+t} zhh#C~DO0KD1koo+T**h-=}=QLebOKg2b;?F5^U&|VrDCyHg1uuE(5&DgAg2}S^2sT z0e&LAA$;TTAH`@`i)G^<;J^1N@*sRZV5k`hgz+}P=|5#N60ElnMWUt+JWcAwj-aH$ za!?$~iE$1^(g=2u_w<23fUON$kl0 zAS<;vLM|r!>)l-fh|0F&i1BqFwISmH?yPqonSrcX_?xl8Ku0^*3{e~L}tQ}DzmfQR{d6XDz0K7yZWx{tsVfg2ed)X66p!9v-8 zg0uv}*rBnz#^>_r%|zY56OZ0{EDsw+D4x_u#yV;c44g|j35WmiYlI0a5x-&Y^RI?w ze*_16ge3_wBFHBq%*-tp^aJwL@+m^|v*qfO2`Ph1?o{cMgac&3h<7d)cyM(G&gZK? zLiQzGm~`ulw8Q1yM8g=@e?esgZ69&P;ALl z=g9-F&L`OlZLkQtuGViqGI;S3+G)~}BrZzx?%aj~&P$fkyY!N!)Up2}y&Yr|;oWsN z0Ref1o?aN92m+5_f7B2l>sS%MZqxfOGSy5%1AV~VtzKQ6>^W(OkO4<7q<+&S#qx%{ ztBM^*@pQn$)cq7*|GZhjjA9Ic-ta9Z(xt*Qi0$c;=aRUV=rjb2PP8J%3m?)vRID%W z^?ELTNy6abun|`g?o_AJ>ZG(z*TbfXYoR@jTGR{m zV26La6Rh?1qGJh*>Ci{8HlCxw$?ETVSzwci0iFJ=KFNT)2JO)y=LUK2!tfwRatyLV z>vVNEI3W}(t=uVL@6fm%e9KnD53QUJ z$aa0y9$^{?!EX=bDA8MjS=od?M`7D*s%c&ea}fUo!y&+hs27@mUtFk@coz4`ww!mM zf~m0HQNaysFIgL?DSwn6azLpFdNedK&8opAPzHr4t>|c)p^__$pinV_G%hk z%=-)sZ{Kw5o{zlbV~@V`8Y%trxg?dyXwC99W&)man*nV%-drs};r!8w5?xz}iXH0x z;W`0aae=apjEE_b`8ah>@xDX1rWC!xNIhzu5gkFjItxoj-#8sAXXro)Piv>4^Fw;% z5kwtS?5-+~z!-fyXAr?bOgbs?%wmW?pB1D}$YLBhx^e|uP_PI2fNPvVm>UIX;)1kx z^2T(Ze&dbGaaeVO=AvyMB;7`7JLqk1=i2)~hhgtVdDx2w{NK9Io9(yS=bR>o^gbTV z-t231N(wEL9OZb5%ZPrvs;Sma~U2?fL1T?%CfvkL}&%Ie4ENa0n2 z%lg6Q;9ypEm7VQhLEGsL)7HN9y2IX6n5Le@em))oqM)VZ{{aR!@&N!q48VRwYk$lD zNOu3OzU|1ce z57!x-0)KFOXmEdf2M>aeVv5J~2Gr0s#-K=|@5#_LT+Zd1y%Y`LcrWnc#JMW;F&{rwKuG~%CR`zCJ&YR49QFNz&OY(rti9D;A0 zXu?->H5Pwv7ZWl%r%n!Kz0snDL^47yF&S{UOr!{!y41JA4)JZ@HE>2); z0^1S^FMY%F*qs`U~#btd*0{&{;6KYs*!61P4<$X*wS58isXgNUT) zV{>N^kDw(TGeSb!&Lpic5_4pjhkhg)2|>hA_G6SSdcg}AIgeAee}pb#x zrauC&0S%2+`|}<~eC*7;E;7n6Yx0Z+5)S* z%*Zn$pr3`*mA7gc+dlg-Ea=(pxS-Jwx}XZkBeu_uTf~|%+Xv;X`@L$-MO#=gX8Y{- z-rd5rcVpcBUcEf*!~_0s-R;fwTkXz9dN+?|XLiBPknNLWtTOG<0-+9u7A@G%9TDDh z1EkMsHeCk;(kMBLooKdLz?n5)H~W^dNfP6#m-q299=}PUH39gT+I`x`gJ#zLjbBhl zre_pK*jNEu7G|Mg@o%F2&;#u;bbXe4pr{SJZ8$Vi5NF zD2l6DI6h@4UOPUDFmW%U)7-w@9l-SkEGUwr*peznH~5X}>&ux$7#<$}O7se~#as?y zW)e}f#He+Ydz`jVc%(TfXS8ZY|DElhK&XIX^_}ha;#VaBmWC9ZZb1`>Pm7ixL0xPrxby;XPy6+j8L9g?twPZ|D01hU zVLOR#rv0zSiUGhs?_f)PreH#3hI4+Y@ys2+0H4}<2lA1L?QyY)fOtRq3~lmLEVx^F z5laOHKv3)*L=`VS)1r#NjV6Rv(-f)$J{sZY$Z;yl!}LfM`dMf{(K4>TLBD)-YmrjS zG4upLh61$t(E#mqqC6zebTkdf&ftJQ`g4w&4|_wu42=8$fGg2?uTIuLe%_tixmU7n z@;OwSPbdUJwdj#UwLm2ts+|BTCmSk>ASz@!C@S_n6WISaVVquhQqT7~2PXCW%Sp7i z-gDZZP?ruS(8-Ch-v5U8=H0eTrJjhlC6W(rac%?7M^W^L z;~!pBQT!0QAhysSKui_w5cXgVFr7iM1xkXxpNpKpwdv~GBGu3%dpr1S))G=XS4Fc4 z33w4Gx{!+GtBqA+RfmdtS+qiwC zNWNw>oY{dsnXl0!%l}6+9gzRj7d*6{M4u9b5v9!J`p&0b#aHxMIShJ-AcVj{!|C!q zYDGm7G(3;{bwMh!O~&F2Bkq)`L|i&+X6VvYyU9b)D*0FtL;{ov4PQM&XebxKd~1Mh zAgU%uALhTExoeQW**U2v@o12=WQ-|XOb@fTBkiZbmK^pW(eEQv&MPjRoWtk6=CH_( z5b$G6Kx57#XqjQJ4VD#pLN9zBje$?4wI(*b>qc5RT^Iz_^s)ZN192uY@3kv#7G?%OX=D0rV;%O9p(y2|(; zS^!x4Ala`KS^}2MosfzE9azEUVYlix2@PEE2ja63fA~)j7RD4WP+NEgAl*K%=ogHQ zxgS;IbPChCUpwAsiuLQG)F({t!IS?uq0VpS&J+97v7YW0%xialUKhDuGUc4r>0wLl z^N~FIWbEX;+h~r0Rr~+KpIH52H2Vkvx&7;wEu4}~M;=l+)AA`B((iD)iih;l>n1j& zd&n_OBWNlDTTTA`;QuLf*y{ZYfCU4*cY**{10WBQ|1fC40?+IPYfw~rdsMLPT|6nT zS2ykUQpYf29~Ipq0nl^N0)YH7$UDMMKET+!1vAmx|D#A3|I2NFd69Y8Q0KI7pKsm7l`J*!Y zZfyR^Y=~SDeOZo4Hl}idq{z?H1*`U6Ms!LXkpgCXuFcU0V|JLo5{;&>ol*+3$*>3Nr^AS}%BIDl)Vj~ysz3S0JZ&E!M zYO;@-d{vt4$w}Vj=WvG|K(7N+`aY@K!5!YRg-F}oM$5AEASK5paEB83Jx1Wue**%~ zFci`c5g0EYc=?27(4m+|hedtD#0M12M_@1IGgu%#oOVQ!curs?IJ;|;v9|hUV_2I!=N00=-A*(*6nF>xf@D{o!!@l&%~PB=%Fg zfyDii+(ijE-t!h;#GG#XmB;Hw+?ny+h^3-D$l9ksQkistQALN`I30O|E5K+6mb1e8 zfz9hB07nbaJ0CaNP09b7j1tOhkPF8B{P23Z^DfcZ<3;*e&qunKf%}15nLZP2!4(Hn z<#NXMABwG*Dt7=_fLj8_$+-X>wb^kvo%8`lfKf1A=zuy5O9W{u-k_`POs>JDg;Kg? z@DLVt%)0@509f}!na?6ds9b5b`5snu0a}Ycw$ukkJ7Xdj#ZxNCRRq&Ad1#LAWOz$N zbf`_$^&V~kIeuE}UvNO|{?7LMkLGpjh;q&}bn5;CS1{c!Fre4`cZg&ZJ@uDlfPjBs zk?!~(^}Lgg@H<@g3IW&cC11_E{cX&{Dh<1ZeC>O^ycbY8C*+TavVgE-{{(yl)zhuP zu|3|0e@P7i;X8jE3xa-}Y#7Ww9n7vi&@fx(*L?Lacq!KX-u#acvSgtn(vl>TdBEHH z6W&#_TZ-+&hdMx0@BG*Oo;`|P@;O@aQSf%H`b*eBA-OCW?Ira7f!#h=El%vt>#b&i z-?}qd4cBnelhjYLcU_0~`|r~vb=}(DMekwC>m@bTHx+*tC%W?94`&t8#I9+1yZ$7< zUYFPPTdEPqAF8qI7xL29pe-zYN-Rse@Y`@PaPGSEHVmA{~pazMA0>8z`G7H<+NBHKIg3$oqL2f275 zgn5qR^4Ph9!H)X^uSGL3^C+l!5`LNl$R8V{da_cC6 z|C;X=*i8a-E)tGsaqYJWCXsNVz{A!25p491VQXf1JI|3kY`h8_U$o}=Mj@e{) zaIBj=_b0ter?Vg(0t*d+h3KdWQ~$}|V!SqzFKaIGx_AG#>4F{BMQ7i1BBH&g0hYz2 z(+HSy$WAJyiuPgpSILLz8T>ULKg>Wxl){7HnlME3LFAE45oOpnFu1Saogfm7`QGHu zun9$>Y@(2$okwWXhC?U>A3Pv$=VL1^*h=yE91EzEu;<+kd)*jn5f9rkqdqe?$QZ%x z#TDq&$auZr<9Y9WBWrIEE9>Ok8Qhenf@Dl1pFl|Ve9QaWM?_udj06|;@2N}bmxm}_ zsu|a{NV3TktAutsM;=FkR6lBaNc)fuf^?P86n)7<9lO;tN`H&QC1?hx3)KwZyTbtM ze1Q8E;69{70Juc}H*WDdUZ+vGi={S|Hfm|3x6w-9VxR??eF0?t@f17_6q6vMM9vLW zLNG?&?^BHVJA(ZmjF2w0;wHm~zR7ZpCUXQ7pfd~T`Uq}}6M|p~PH{OipB_1en84FX z@`S|gTZ|;DcZBvWsPS|L!VIe)ZI^SN$phaoTlSZPfp2|`z>T;~7zF*4N|Xa@HyR! z@SovRy11o(aQL%gQlhW*gp#~{6&MibKvMCkBhdOYrxDMP`wZ=eu;3e^Q*t1+Sdhx@ z6qgg{5PXN7##nqr9uh=QLy02984*Gr;RE?N+Fe{qTtcAy?F!m%OiDIR0i8sX()mO& zvk+?Q`S^;^`o{~JAaDA)(Lkb)Q&y_-*}_iRU+ZGwD9oi=mrO{u15HwX04;$Gq_N3@ zuA4cF%$Qb>w-{j>c$;5?dj47~p*rH(s4N^rX&?UY*L{j|qCYZ{MVRqE{6+=33qWb2 z&xFDd=vjn}q0D=QeEoO;KjHt*Co0B1Z=>%s0ttqA=z9J}R+2k^FQzlCFIXGLNtj3A zy#SBlbWEdm<$F54SLfY+m*nrkviW8V7ekI>!bu)-#IO%t^+ieCfEIdy4d>H{8WcX9 zFRQ(eTUM7p5ey%m7%d~#rz>7}aj%vm(lA`v)Y-!s4@f-fJ(>pQmw$WgohwFT_f#6p<%%NVQI_KGOHGdqy6?3=`RKfo| zx%)sBgxI^3*Y@#HcJol)WN=_@cM|3&=G|Utc_btQOt{bcKa-gW$LTCoCBDGwR!RfNWa`0bf;+0mGGvcrK13}As_cLTdj=Z=WymB<-bsVr^@4?T zNh%3LrH7qid?T&SqE>V!2sX^;9$?f+^%a3Gq%j$WkZaIK&Yfq>JdX2FnYW2-CT=T4 zhkJqX-YB4={Kt`${4pJ0M`V2AR##K2bbAMl?_2j{d=ei$ z8|`^K3`EB3B!-Q5Bs3%bpchkqA!87nkMdz}AFV<<89`CMjEf+nlOf7Rdc>W^Q2ALL z(!cV4oq#XGFt*9U1K06#CJ~0;)Dsy>;5qYN$n@kEi&bf-i?8pY!>5SrW1$6>4D$X) zi}dz9qeSL4XrnaYb1*=+F`rOQS6t7Sr<0YGBKovN(qx7AhV$5-Ct*g$!W^awiOIG$ zJWjXAbX%ME*GWN5+?JWiY~y$3{bXU#H|T;lOmln$V}NuTUR-j0UKbCJL;)kz*|r6p zTqKXM4f#_MU{uM_3qYaA02CTDL8qU5#s^{Iya>hI_B>JAjF3G7;40(q9^zd^6dcKws zN({pXKRIFotn`bf>U&8;f|uq5d$O&6VzDs9ZZO7%TwDbMYsI_+FR2F*Tz-6X#EmC> zUW8qk;E+szyF(;*0xsm(PD#2X>7e8l4gW?=Jn=>6!dGh`%nYCkEm4_jy6R-=30i|= z7Gaa=?S6}ekPLf(&>n~b@e%OmdqWfs^o3}hlua`cU0?azY_s6r`P2%!FclSvUdP-CFaeQUiV{)@IUfH-8mGnh{7B%>&?GxHO%+VBb#;*o$%EJ!Z0vNy8#nGqRg<8bDGI5SOXve2dA{muW^G>;T!RCOCk)FR%L& zWFz{96@6TMwSTpg%-8WMAvOA~U*Q0x2N|S*`25u1hav+#YT>D<^ zqILdmlE>du2FDI0c57WF@oYQ_iQmC6sKs5>f?pX2*3=lJy>EpuoeoU*`aHCT4s6pH zc+O4>a)KUKWxkl4*WDv%5)9%C-u&)7NC{>kz!#?tDqoOOCfLouFUJ7f&=`OoT%eSJ zdG~%piER`XpU|iBjXG9;e*Pf$Df)C$z**sm5iI6vJEhTEX{<~mdg~B`)}4}Y)Hbsi zb`j4^W*;>(Uk#LkjnUcv4@94Odg&9w7;AVY1-;FhMv zzvChM5<0)LZ6+9+XB|%i#dPx&G<89nBM92e3?4Q;0uQ+mG$f<05KUzmc)o12GdZ@s|9~%W>V|kgQFWpkK(L#4B)++Zb3E4lFiv-pn@yjw?09=D?TOHlw4iX zbF^e#$=VgYv)*1b6A`E0xsv_4X=Ra1={?BCR;VH?l|NR8-HPmtUZ(HIEeroZ} z6+ORR(erXCARImIxn$=zCM7TaP3x~Q;3?PLP;!0A4JGd?+3=0sen|U;$opTCJ%3F0 z{Nphanwj_x8W;LP>u(SN@NZJ=Rk8Yp`l@ZId2QPe)vYQn=KSw2mGnLO{1HvRtm$_& z^)x-9B;3y0zg_b$)^x3=4Uzi&`h1_JKh^YQO;1sL=4g7kriPdGXXzcuSqHp{A7s_Ggx$79PDoWBx%ty!@aSl3rK)L;PdSTlFh(gdo+YU^84 zP4!iE@r|vUHWA+IR+q(NI#y6CCIrS03?$yL38ZGqa&}CoW?J^#(6ZHk2a?77>q$+2 zpy|&w{k5hqYx=4(seiJjZ`SlIP0!WzQcbVW^lD8vYFe-9EtU=EHQlV~ zyBouJou&BPqUF7sPPCtBy>5lqq^XrZsBnL*=}}D&AEUq5HweD7G&Oi#k>}6p^Fd8t z*7U79-uaPnuhZu(n*LVPSOo8%X#Q6;y;#c^M*9CqX&F;~;e*U9rsHIlwjVa`BO-Y43 z=U1Yw8s=2(&8c`zsu4y?ZGF6^p}Lh!9#~H`@z&;4e0}+f4HYG;*CaM1*Ik~7H#Cxs zH7!=r(AY>OMr}RWJhN)1!9pmURWlprLq%)zmS7QCV)M=`f-wf8w}OnOWm~G6R;M;C zLTff<;wYdzGKN~o;sg8yDx{iV%A~}Q3unxl)x0=f-_R1@)X-X=T|Hjg%%xRiJHc#& z}pbKB#E&Z4|XTmHa4X&c`!k1v~7F~?6vxacy$9zsrr^|P!)+B zU{<1k7?6e%=ozOhu_UV-wl&t(RuQn3+txO0P1UP`bv039QM_PQbpgiMw6V6PCRHC# zVZs_|&^nyjRCBz^=mY|<+0opR+P0z=QDK1Hg!B}GesbHj9xG^tPB%nP9=K5yQhNgCr3luoOh%9{D=qUCQYSYLFPV{8xwdTWwPPV(FbgFn zmP8Vif?F2RGAHcDn^@*lT7kh~3ntQSP04y%}JAjGnbdGPm}`Dk`_qhjjb)Dg*H{S*0rb_2r>dYp^%X*A(Z7wY&fP1RGt=t zc&V=eL)SxsRypX7?L^D8khGh4^S%?98@V>tkomssSrvvDP~4jW}BD5sPB6O15}mOM?X3 zrp4+vZY8KbMc8tLf#{|u41lDiT8gf~S!Hp+ZLNnH+U(nr6qt02BVfRRc_4KuMyH}! zOooCb1vF!UJToTEnn9^s;v7&sK>!_ygQ!ugripPth>x5iEYtWQ6c$_G z17MFe^2zyNzTzl!ORi zGJ*a2L{N0PsIIDhbF93o4yD^bZojG(YE+mWo5|>nsq~7$nnN)6=2Xm7v$Q>9R`VGw zgIx7zEAUTes*Tw8@uvg5_jighDsCRx_p($rerBJpT{J^C;Z z^M*;hjoCCrFN}U!DNML{Gi*T$frqWYa2atcyqenPEl_xBL)XAVA}bOmxpdF`rl_iv zCELEWu7=EaG^bSsD|%C$(Tih@q)Ihl4`Z|m!R?k-*dtmEQ&&YmTOt+LtzABM!G$p- z_zQkv=QCbcwJ}vkL3}Aj$hw7{FM3>PVt*R7S{Peb-`v{R*w94iJHbEx?izQpJ zZ6WS*T|)yzaqM-m>ZTMdKCnK^ho(jGQ0N_!2qsLdu{qUR)6mq=&=R{^QQcPC4DwcQ ziEm7`Y)`?AF|UPvDiIXZVq02T8W+uS-Lhf5NhXb~Sj?Ap>n~*24gmje{&Cv%L8&skSO8gxYNoWW0=GSyhfvEUlc1k}ZgU zSi;hGjHNsij2IB3VX=@$6Kq5>w6Qjl>tuScDkhKBI89B#;(}OdaDA{g2uM`SW@FfE zXTji`0zt^l0rwF2xFL!bCarL_c>Yls>*`a@)m4pPa$~*mgnu{^5YGl?5+E)i1CnIs z&6j3XUxUB_MPlLwH{5Wk@O_|jl@BoqCom+A9L!;Vns%9>D!{QM<6{z3kRt2Qg%5%i zmubjgTPy5D;!x_Q3M4C-JGUTSSi|9gxe^|j?Uo*#V4hIOU3l!QN1Q}Q8L@rL4DyJ1 z7pKJ@E5P_%oCJ!qx~>61Fl!RDG`pp-paj_FR-L|*6nVrd zj8rL@QxJFk1-c8Y%te7kF(GR;W`a15`QjK4xC5KH5aWU%6^^BEB`XV|zmrw2hkjV}86afH+T9ULw6!!P7XgmVksj6)tro_8hbCW659N#Xr*r1hSi9Y$}Duu?glr@SY z(fO6jXyM01I6y=}U&GIeR5GY4$$c9*8=eV!VkVyrG6(*O+xKv8C=A)Cci=D72m+PmY$Ui8i3_gy$M@A*RJv zq^fQ{W+fk#h{o|DjZ?>%MRsQZ7BSGU$Bh~*8melfNQq5$GZ+!Wk(r9EPF3;A7x*G6 zvC}{s+N=SSVrekJv!RGpE>>o)ZhY3Q4)0Qhu?}f8=QqQo)9@yca$8El005n>2^AUG z++uiIOydbv@CIY68dG#wNezDJ#>=_bc&tU)Uxwgm3(wY zg>Y~|v?v0)`Lm6rF0FBhRubqok^m?gP_&w~o(3E^Y{Yg;7!`$|g#t)K@;^a}j<#k4 z9T~}FgUbj?wU0q_sxlVYeH|Q(q+^2MFXOKULO=rE>M{`-x0oVn37Ih+5ZX}W#sN^I znGD23u0c&av~I}mC(a41A6M0O;>HBJTn+?cme^*BUqwyT-5;}T5kin-7lLLeuh@uS zjBbQO)URB_RIi{|pGC{oaC8;^Bxjd)VMW>6#Ojh27|wVA#c}g1FWu3S0^=05%_=%~ea>VW zY&$v}pmQvCW}HJfbAUL+1>x#!z8TYIHKRpvJd5Hc2`^8ztf*>kf$ZXcOO|nRs-|aY zda3H8|1qN1f8oPc^mYiKegV zlJ;-a)Y{o|wA}Ke=}TkuZ|#5oW$EXNuSoi1eYW&T%`bXL%J=KDr59+vl^Z;Jj+TE> z>qpa%M&Lx-zvW@+|0Yd;@>O}Z^dZf^Nb@`O+0s(Yw{nAL&(ZP+wSK>*-_i8$2%Kp9 zk3AxIS$f?8d7fyx1%!^{j_TudtRO`Kdt$9oK(tkpZRA<`tYo9T7Q;2KT{~_s|qCjo<3XtKP!Du@v)S5#pq9c1H^W$T0(TO zjjiy2$OdJ_8WZ)}j7{|xzo_0U0Y9sBZK?m@6q!b1987rYel2H-`dJla{_lEtasJaL zjl}smjK72I+qiCb%&(dwD{Hu{hhvB{atNO~hk?rvEs(ZdT0=_^F}$*d~tP$6A}}7x^6-DPh+)x5S!LRZZ1=;LfKp z4kpojxC|)PHLK<>TzJ97a~JrV4ie9gZEkAVPPO&%teaXJS{BE2Lx2iOSC!AT&;h$s zvNwus3Og*La~3Nx_(B~13$&_2)E3hL4SuYO;$h64V0AYr=d1+x8~jOCU&TBc+i}RM z&`KtUo^&y%(anB*)`AOQbYN$W2%(k?j5oGo$PqKQTn#)#ayQa3xax++9Xta>f&fv- zRSB8xv03xZEo!!H$XPY=j1(~(y3!KIp)$A+aUAK}76jy|K&4|ANVEFp4Gb7(FzLr8 zfUW^oZrW6blbZB{gWUMxwxg13*H+M86q#=}<2EF?3VucLoRxE2b8Q*nuTb4h&L*#e zQy=FJu?5@E+JtQe+I5|VLr#2;2WESAm1(haz*q>AZLM$EPFv%8m=jCKU*A>OK7)~2 z$Ey;%g<836l?DqcXx_0c0bd4N5Vffqgbx%0P#ar{RZX>si?-HR-3(ON+g=J>Hvug) zXs&LmZER_1icuci9J-d|1K8Nwyn}pmJv9VpwK|0j&Dct8DNw+O_NPcDq?-LUHJBGn z`PO*V%?*6FskC8R6_`x|6U(XFR2!CjGj~~4gQ!z;bBy!ZgQq=@K%Z!dPBwETwyT?3 z8)=htQ)|8K5`#2#F8+$fy!R?b`+S{3>ADOD8{;)NI$DkK?ue~L{1UtIJ8&2nTaQGJ zWFdB7W#EFev_`wI_1E%;xGoNZD(lxhY&$A|Vb1io6 z?UAPgKBbReqAi7!aySA&yM*KyQC%V|hT&#%B|?p<`i9ocTjV4q!{c+Xb*W9b|3o~& z{VX?fQ5X^7a@iHKvpxaU-5N}sWESh?8+tU%M&^<9)T-c~2N(!gAVM*^4Be#k6 zxrs1AgKf1fn9tbKCO*m5Slh__M+fM9cA$XRTt4i|bW&25X_%)umD=ihRE`XAP)jYH zq5vzz%5 zYnHF1ZE6KW5=0W6GIKOkoNK`3AyQjaN1|&7QLUcOD?rZjFIvKo*@)=WKqjLSq&%G- zR>Wc;AukrlI1#k1wythRj7WwJbh=qsx22)EWxnOukJ$E&u}wT8 zNKXi)vQ;F=uAw0=iX+MamzLuUIBc8X006~{;Q3;Bpq;aMWcc&6PP5jqeF~~dLbqbw zS~e&sg5`Gx_1m2Cdz3IqwA-c>6d2eU{jxZ(Z<#l3T|JYir6I;=Gqe*oh#*{+&K!S1 zybOU342+-9%`60MHc}|SuoS61FK!|ohd}7uc1>zgtYX!gwNa_=LPi>{710kYaEb?X zUy8Zh+SmX}VSX{I#E$jxjVvXpYgcgvROO=hD(EYq2n~mjH!WsdOK3#C04tnT*E&1C zYO7|h77d%Kq5SyVOXIG%rHPd{NWze~e=sx0xF`qbWPpu=Sxy;+vjvybHhKiW^|OV6 zwGzVGIA&TXz0Z@Im2AD~^;JF%NxTjt6Gs%#Lt%NM9MP6FYgw9TfGj=({lxhnidU_^ zHeRw~#j0f`YZIjyCGejUFULvZ?YO6a2R{A2f#57%ohZ4oVpZA7wXs>PHMC#J*=tvq zEK7hwF~x$9xG-u|>t4A~Uvl{$>0$XC}-ZM0}Z1sd3fj zDl(X{FV~Eo<}a3(PQy3hhHML6Uy;t|U$$Z1nP)A&gls3Vh^ugM0vmaVNP{dJP;0}A z#LCOpCLzWkJT;gUi@iK2!G7VqxsskZU(#EPBz<{-q<_`)t>?<~dQDH!dT-G5d`&lN z`k=ynUeoS*(te(%-RH^kCpEq4e0jd-0!iO=k)&_e^g>NnYWm?)DgU0PQxfuAqUjms z^85i!V=Lu(kETzqlINdmT2LX+f6(;JtL6C}nqH(SHp7{2_3I>U*0fF2c1>^7^ma|} z)bsU~PJM>UGM}Ly;9Td&rA8AHQoN7@_fIhKYmf3J71P`uBK&? z^q@XRQ)_puG}1xV^YwK8Pze9E}{NdASkTJ)eW0-5%CKFW)Lr07$(0_Ggr!Y9(xZ|Y6jtNOFg^hsG zBFRQb6!(}Y`3-RBY<1bvb!!u<>&I*YXTaazW@huZ%XNRyi~t$1YalZ_){tE_Vqd`Z zhfHB6sCYO6Zr@OOg{smeP4a)XRqeplM}PC0cPsfer*OWzb_1R(D_xyfuE`ouk?)LY zT9!c0%JQ|Vu1u_SKPXG@#Kj9^@iSK^u3A^NI#G(BW#tts%J>&wa0<-91W1Yj8QZ~i zYuxIF*ZS~w$XtL8lxSb#SHRACV;~A2IdpdeIyawB|nN22m`WIA$@tA4R8YE zc-p{=d<6}-6NIe-te2C+e5n}ZOkr};WMdOhIr3`0azA#}npz6Y&ObS*+As<{%tp}`zVNv@$GipmiHMbBaR)aI+luI+7E&}9WwJY(0Got)EYjfw+UH=iY&^gf z6qIFwJuzmBAo2`b@|CUpB9$`fh|Kd{Xc zY8UHX9Ms#?Kxg$>hhZ-qp}Sganj>h*0oI_R zKW59df~{QR!iAIL>o?)fQEXz#C@0c6c;=$&swO&d8?Zb>vp-HfwlNaEJ!yBC zLcnOv>U(eO*y==^_%c05OP?X=7cYLZE&L*fyxevqYY!_WG(Nwwg9D7mYFLk}(6~rx z&LnPS;!Tb*&LZ0sz$NrigV%qcnsm#19aKy|*inK`BoiQIoU|M-%0Q3;J2n|5MEvK8P60k9O z0T#2LfmjgEwQ^N=dn0$HrFN<(1j2$#6Ilr3Ooh2`$Ngm74B-T;B$KT1F4RLL)w_fFFfTIQ}!nJde|24a75@a^vP>@k#FXu*^(| zl$hvV2Cm;&RlT)vRx^%LIoF*x!l#ACMe$JF#bXSarpAeN!FjA({(vyxLl#0p|F z1sm~(j{f=XJD2mXA8OisgFIh!lcWzeO8SLLNng_EmuuwtgIgrMN%Mc+AkRCr{ns@8 zyQY^lNqP51NpIEXZ)mz}Cwf~;h|DUcCgJW=CDZFq0 zM)=vrYtR2vxQ3s>wfQl)MyFRQHw><|kHWS7te(;5SoN&jQp3~Mm8~CJC$=7p?~T8I zp!59B_lZ3E{oRs&Y=fkgPl;Uo53To{rX!jf-rEjH{U||50*yDUml~se`vmy+w*HwK3jj*kL6o^dydw->FKb%HGGbDK1?3idbf3L z<21Zx4*h@Zy$4{FRrWT1hZ0PssemhHP!U7|Nk9YyAr+!&CIQ8UlVnH+CNp6Q5Nz1X zTClIX7F@gQu2@h}QEb>&7kfj+vTND3cMt3 zTkbmfpTfS3BgMV* z>HkKD`6C^?n7@(cHScouP`8lJ-zPbqVt)FhWcj|WcruB5$K`c1a> zq~5EZ+LTMZO8eUy|D`Y3^iuTy!xa8&*Y!W~zaRbIEaqV!|5O^s8P;^?zi!%-H&X5_ z?@~L`zBBx_4tvYVOS>fT-z$avRQV_4b_vfE+F#-DZ^e}4d=vBX-HE81f0eYKKh>I- zaohB1mS0a4`_c~B^mnO4X5jC&_PtBp@)P}+{z2^D{S)oWcvH&%Gqf+^73^2kb^gmZ3RTbi zdz1Fp(!98z%D#MOiTy8V-&y{g=_cVi#%_On}}t6D*WZNzt&-1;xFa| zWqe}muS?xZ`_Ax-`L*TA;gESmdH)#g_nTqO#llx%dFemal8+?xAGq30)o|WU+;if3 z+7r3V-x(hEU#0)k_qYCiL|)7vNxAUy{V4p`DdI2b=PZ9R5AbvC%lyI5wJ-AyKi9s@ zSNvT2GSBgI?aMe+`p+#)|CNq>QU@fLJMmBEL8bl9Nl|_z|J)9DCPr-gDgNiueyzh? zJNe}fxqOdF{hvVl&iW(%OSlDPd~JA)A7|3Ov;7wHD;)mIcZZB04oMMzcco1~DZlH< zKl~um)r|jKYJLj)pE~SIc;?@cm@hrlk`&=j)&HC#{+aQkQfCV<9yqXHb)tVt$@iW$ z=2CyA{cTPE2a^1AsYg@TuXXql;%3 zzfX#f_@dOZ8k=s?{>mHq-n4uVwf#J6ZhCEUIy?REcc6VQ^Qqdtj>2BFFa5vxBk1h^ zC(yive_!Fn0?|$XM0_Oqr1l-{e*^8e^SzAEo#7XEWZqQxb7)`EU&be?>@QUZi&bEc zSpU7O-lmV(Up~w7%VsC1tIS)ABd_v%a3#%2`4IotI_wXX{*w+o$?$KaIhoJ;)M0Pg zK{g!nUdErV(Ef71mvF6c@FI`RuW|hJAKFh<|D5Ij8=9B=-z>a%K%9PXa=Jj$5bUwLS9JY=4o)nEON{;#JwvA@w_PyCbh5aCDA zzO=t0Uv`-FxAyR4|M#JJYtE&nlkb%N4tupnSa)Q-K-#~9eq#7#okHw;e`5GErTu0C zF8+!Bi(Z4I)5$5~FXLA+Cn)(N{DrjN&h(M|k^EauxtN!A3MqdpXn$MFudGjK`}+I$ z!4&qzKW9C3uJ67~`>FcR6^`)Bx`1`xrQT2Bztdj{&k&z2N5hDti4%#%#Gza-tR_E) z*h~x%|3mzOcpdR(;)?m!zZ;0fY`-TFcV)o#q<>?Gdr&@u+jCQ+bBPrd?WF8 z%Ksj==C7fA73I&6e~EYp<)4xNns_JWyDhZtj3VAe`JquOpGWy>%FiKx0r76ipCrGY zcn{^9$h$(;y?ZHdAb%)v4ds`SznXX-3s8pCvv> zc`uf?4B|tS7m=Sye3#@mb3MLH!#U zkoYF$Yss%8Zlrt@`5s4Ef8L_JhWu>e+mxR|{!HRKls`cJG2*+Fe@lKd@t>3z9BuvE zhxjkbPa}Ue@jc3)CjSEQeaibBW8KLien9ztU_#etYApa@x zBg);!T7O3nKc@U3@`n>Yq5M4Z7ZX3F{7LfvAbv*q*W@=7Kc_tJIP33t;un-RlV3pm zlJY;1zmoVB_$}r0$uA^+NBLUvj}pJ9{2TH=5;svk z=6J@7_ygrW@&V#z%KuFM2I7yDze4^^;ugxYPhh-=bsWE!ldmM!Q@)7&(ZnMuznc7C zh#tycC;u*S3FX_LX#E{RJdg4k@(sjwJ#0XGvp-l)`3B01DSv?Sb20wb|2B|+n|L1O zy-%|KW)RP(d^Gt&;sul+PQHnFA?0V2zetesd&sXPUQGGh7X_q%6oMG`k z%Ja#OBi>K>9P%FGTFOr&|9j#Cl;1*r74bpJH;{ja_z>j-e$RX%K1_KL`7+`ol>5m? zi0df7g8Ws)M=5`T{L{q8DF2H5cf`jjcb{p)vj_1R%4^6UOnjE|lgOVze39~1ULpSmu_xtUlix&4r+na9Hat5KvnU@=eiAX8@@Dd_#2m`cA%8xxFXi`;zn?ge z^7qJpMBJY8UT53zWDo~aK8*Yb;tQ$ZiF;7KlKh>-e9Au}|0S`I@`1~3c!m(iQ9hk~ zIdKx@i^v~CoJ{$>7Xw zSDXG`@_u3u%1-ze`*c^|I-JxO^V$~TdBU1-C#9p!oC3yJBJSCOwL zW>Ov{zl7MA@;{MZLF`ZYQ{YL-dxm6VU5d>#2Gh$AVlUtq)YG39$w-uGfFA4nWU`2_NliF;B0#agS^ zF`M%7ln2Q#B2J-vIr$5SWt2Zn{yE}I%D*SC{$Rs(B<0!bt-tw{dnorXUR9JgQ-1El zHhtz(?xlPo>-loZPoP}Zi&j&9BIU9U^c>|UQT_?}FNvp6zWpW4cjBp(Pa|JSypVD~ z`4I79$}c5<74aI%pC$hi@e#`V{?YooJ#o9;Y<(;szYj5;@<#Hl#0<($A%7Mzlk&UB z-%s3=@+(;mU!!~!<=KC-;Tb@DVz>=Y8Tkt0k(@w3l6(uXiSkp)pGEXiekb|+i1R4_ zko>1a>#I_-o+5fhqTem+B(mNt>z<Lv^dDSJ*8R=2Cwk4YJ}r7CvfeJ`Sjw%e1B*Vm=tYTslB`q9dY|a+ zB2F)m0w#9eroxR>Cs3+5=B2%^h`xxRP;VYe^c}@ zWj$2%ilm&2o|fp#h<~C#EqY3#&o6pWqF*KZBt+j=^!7ymQuGK!-&gk4{8k=*UU`V= zMLEhtclCP>+k!GcXY|( z{d(hDr(Tkj&mY(>_hCDIyw}zn(M#`3`3^*}Cn)WGs`gvV3I5LEPIvZysqwz_r@qy8 zoG;`4VGQ54_KUw(_~m=cISv@b@Q)?#<4AAW&nWrvYlVM5hRfM*{@>nSioXA^oxU?1 z`7Ys+@uKjue^T~Yid@j?PIu)++?R1;1H&Qn7c#!Bq5N&)p+p(SO8so4d_HjzaT!tS z?MdWi{44cB;vx8dd-?k9d+g_ZkI6o-?#i#Tzv=Ef=D%H@e#_sVm%q+=k!_t1+17aw zX+M5y`T1|nPoBZ{?Ofs|L}@3TdgZt9y@XqEtwY{jd>(c9BkiuV-|P8)1Mvgm=S1;W zQ1*MvzHynKlK0((XSXc-J@EtGPc^O;_hjB!@>$MHk$G*IUzUB0GVYamadAh`**>^9 z&mr%n|4XM_+K*KIk?fzAeU6eo;-1q#kqb_CoP*U}`u)`WlzfzUNq?OxKHd56jL(0o zemLXh3}=7l$6!Z(NqLs>ilnRHuN5B|*GT=A@048_e)&$>!%@!0l6S_-8UOCSZ)87; z>`#&QM$$#_r>4&Vj`aVj_WxVurHKY~K!JI*7Rz@{*onPjE-BI|?uT!vF2*_S?Aj z=Z$Nn90>ka4*uVqPyV^ZkTYqCeH0K9tPIJN2I=9)iyACK(6Fc>Q{&$KQxD zP8IvNQ!czS-Q+wOXE_%0lK!dIYksNrLh7}A53gZ7q?}8Acj_O=_lJbv89o_j%6Gn) z6O{8YW!*#0d(5Pso17mZ=U_O`Q~0&gYaP=^%8RsjGH>!U-#<^>Nc;~`;xFxGpA_>k z|6AfK;p}ex>etE-(X0H9>H8z`=zDE{m*%(QyBy-S#%D*Gm;90Zmi|%lQSjG_ztmr; zuQKl-^;W)Do%Po_k09|7bk66ATu{zuk#kH$E-2|HytIeXzl&T@=7le!K-^tHUi=eY z>W7>cA?=2ory%Wy@Y0?LFM4%y9)ZmF$$owLz7t-~GnD<_43=u<4|y-{$ot)fN6kfU z`U19So4%{oad~xyYK=tNCyyPwc=6&fi^q)#hFZop)QznxE6Hn(wE4&9kM#$GVegpc zNVCctJNBS)C1c0xyWq@qf#b*IyBk8DK-k@73bjhWl8apRl5 zgHC(a`DOePtr7d;61kX>l2%X1*fy72;nGQ7_te=yn-8~3;u5Z~x6RiS^alf7x#A0$ zYg^^U_0Fz{0bD?(z2<$`!*Stb%q;H))0a%)`sjF&8a(<2FkDP!yhyMh*Wh)sAuseT z*xt7GNCz&Z@-8;%7AlD>iA;6}aq%YZU2F5=>Pftfg`uPs_qla)uQjAv3sh^NY8|Iq z$E()8RqF)R>{n60LbgX$voEA@*PzlDaw4g4r+K@I_#%F{Ve8Lbaf=SuOIw zaa{7KJdKSZ6cfvGm<5M`hB4hi4Z9z|xlbq?SrYfp=ACd9d*KiU>|+;S!_ z-3oV7%4OoXfzy-=lm#tE`Xaz4hR6kd*L;%~_ppg^T^7Af5tM3kJ*+}e@P>R%Zoenc z5=G*VH3^OInCm`K%;HwdPaA~zslCQ7|^ z+j@&Kj8?>r`ib=MpoMDodGfT+?WojnTziaC+I6im%@Oml%^UH=a!oUdbyj)&2xb5k z+GL$}H&!G}q1KlXn~ccQ6|fmM8N&CF$&YQZYKv@VyJ)R+Ic6~lqck_MZnXw|D9Eba zgGv(ew71%yZAy1-&2A)gJMyA~{f2IBZ386P!%FF99w*dz+tB7kTG5EMv?i7Z-6A3< z;Wm71(|rOe>u9$PJFcAcMw-Sb%i)4uq?N9`VYhB_btG))b@ON%@I;rpt97tqn*XFw zvBlOs7OpS#g~6juM2zMIVLsYuL!z5#Z-}8{OQJghX{2yJtjFEtMTepbrEX?bTht%% z<(UF&3aTxGw5z)kG*IMp71Pa?v2U(Kr6gXsl0uY}*w(tvfT2aJwtEob$yCLr)^ps67 ziI-^qJ?&oA6h!dDI^k@?5JW~bMRlke{m~HQ=!(#rqvh9CNO?lIsd^F6A5pC)iPRzs zfuQzF&BGnsu&i(11w`!+eKDu5E$Gl2TlDZNq!#HG0M6*YO@1$W^JZUIr&O~-i;KP; ze}ePop`X{ClF}CjM|^EMylw4heeIZ}(ImZU^);hWL9Ig$VnopHkG3EeU`&2TLw*$w zHK}O87YUwMX)FKrCwpGP*0)otbJw z%J>3{ea(?p{%-a9T3RD$`(YoQyRLM&q+AcB5alpxdvKl)!vhqpR+LYL48|A&EwcXG z)aq?ofViWiHzV~r;N%j&H_!sd5irxj;D_ytv`c8PbyJMEpk>9#FVddpT^RK(f~T#h z;pqQRxGcZLFh}=icV*F-YhQCPWs5OAD6y?ji2(1K~eB0mJ%7^vam4R-PqXgrbZ&Xt(NCLX@GLMp9SG$SDIX!oqW^79J|-4*pUfoPjT^M{rMk>ZO9 zu@|^eUivvZW<`+0XsmFFZ5U?q3=F@z1> zjFsq~#R#q2MfqaS=Uvj|N7I0+tJ`|bc{uRY@uTqqF|LPTW(1uO(4tt3+f79>e-q!2 zi`kBb(9x+T15F)?X2y$|4j8~=-XR7Z(WFEv+FQ&uh88uVHuA1&{DfgLIxapvLV}bL zh^2iPJt7JhMoGGhi6wT?KH@G)E!s@<4{%SXm`=HvjIK@8hIR373buEcKOtSg65X35 z?x7(-+k=n00NQ6X;V6a(8JaYN5aUR?SR}^%9+U`tW6X=>wFfbxGu{WIXnt_Tu^t%3 zyIz(*ZPpz#+k*SO^_|`5Xmx2UDi()vtu)FBXA+6c63 z!2s$M#dNV$T*TeeXcby8oHCt^PE6QLkVHagP4GE_YLbxBu_D`sZzHrO`U5E;tz!b+ zo9I3b?{pQ@Y&<{9bs%&OG$RmrLSAozAH}iajTSfDh6Wgrhb)MOjVU;3B*9RE&_=H~ zR@5;NC`=j+L>32iI1|PP&At|2#7+6aD4I3a_2O8Sfbnt3uAnp0aq7YyzG;f$gMgul zRUJojciXC)t>>v~TXC$mVQk-2FkUT+ z`diR4Y0fk_Ix4!H=po_MF2#&dtZEvE3cGZu)#IP%bVbYPM68}_C&qOS3r6fHhzyNx z?P8%!enaPC)z-H#>J3NYU4~(GYs&U05)J8rXp)$2m|Cm5#v*(XphNYeBSrb~wCj&a ze4t^B6ml227yBZu_=bTAgerv@^V&LFVro0g6{sRpAGYdlLX9agb=_KQ@?jK~!Y>mZ zZ6Mk<&+lDAUriOamLonthD}?uZA{RjsngbCw9UU&YmSbm#8h!>RevmQ)vo!P^faQ~ zOr46_3`1pF2kUeh2DT}jF6-=;uf>Bb_qvP9=#ptQj7ue^ig)c)iOuGuMxeyB7RGAX zR!T@&LJ6UtruDEEw^9UXF|i1kro&oHT?A;aQxP!jh_#$DCu!H2lcuFGRx7p=(~8b9 zH7$d+xRsdFVq#29dtfc5jw$VRim9pn)^f_2(ylY6rqUa$WeqdCE(>^J^RYBum8-W> zsj6+VBvh)>cvY_1N_y6GO3%`GHLlr8deUM-dX~nkaZT#J^;}@AA5OCC zNyv;?o9{4TEZg9e#Vf8SG2#vzrYB8^c3HgI;!7*m19xT1nM-Byii-jm?|-|pn^1wu z;?>p@&)lvoIkL7aUS%o6AYcgx}x+T%@;kDhoBPIsiw^>74S7O&g* zLcl!cFvM`4UDGD5?V{ll6dWlrpgl9>Xaq%`WH=+wzTO?+jtG^NEy@) z8^gq)#%rKnG!JxDAIuA5lhq<#^*U07ksdk27_WLYU41o4J6&VHjSBXb8d0c%om+b` z9ki`_!QN643RQg*79Aumjt}N~n+C>&iBG`q2XC{{Q0bOC;1xy5H^y9*|nl!RV$+(u#f^n+U>(}eVT{#S8gP6;v-7*%++QU99<#cVu zYhTirz11NpL%lQ}>IteWRS@Ea_E8P3DIJ4aOe~}(qfJOFp!LypFnxH#FiuhjKvN}! zxdr+a4Hl_NPg`Si3X@orz&jc>Es6<3RkZ5>v_)yOL{+CS5)dP$>R?~jt}OA<71KNz z4{OZaYKq(m+LyFcu4+@b+fH}wDvWWrt~Jt0cTs`s^|Dt!2alfqXNFMJK2 z6p@d382h5}YSz{YTr{!3*~J$V-rCkwach;xnd)f_m!vX`6C>y3TiHI^Gu88Gd8fRQ#??C$tE~@k}w* zzANJi?Ll$8Jz$mZ%0g0WP;AC9CP2FGcV#}_CfJ#M8+y|;C8bHMvKO0?i!o-JfUX=( zXd8;-8Khf)u1v>UhT?eUm}a0W(+TZ^owGMVv28(D<`Y{9I~Q*(v`H;Uilwv>#ip}J zl@`)W6q{j%F||YrYLau(SQN(_3$_Pcg*2(DC@yzbmmP!^nXXJqV_|2xO#sj)bY(Ku zRM>fKW7M<@^SUw(jW*1=C$t+SrU#DO>dI20@py?wYtohBSR-Snt&PiUPr5Rm)YO#3 zOLKdy^+-x@h;1#m;{fA2+LNwajx{rOe%TmByVjLai0Nv)ESnakE5iv*O-Z~on+g$z z%BSu0lLBqtx$zR3nbsdnTG#`VD^Cmf#`RPNE$$EctEI7?pGay+ffQC)8W`bkP+u&@?f@$Hj zg+^n6M*XRSV=@COH7zY#(ba(UyU=`p=%g#E4Gv;GMn`w+fn@<1n>Sg6dKUA{Z zw$|v8zu%1M3#nJ5&9_3I#|H(nxT2~NSd|UCcBxmWp}Ga_HwGy7tpJsrHcXEJuvQH( zW8dk8`QuEe%_m5ENNaSNzX+069Ef<$5~Qj!+Oetr!u;{$O%e4*p@5+OBqVQm!#rO)cML6*{r-79A6GPN0xrbXW=t3QS4yw1tCeu@~Qk?V>a)7HeU#J-8TI3UxUA zK1iFwR0?z$-R&me1qG&Z8aJRxh2qwQ|8=mcUmC9y+Ej$V)Forv=(MOVG+PP_5;VWi z6zLuSYJcUL!jKS8VDP8a_9zotU8blnD2Or%v2p^=$%4s9oj`u6tEG)*j0Ce{-UIqvqmNOYL^F1^@(b;k^)_r zlrrN{A#Kt`z(%zT!|}S@tPRJLr3z#GEm^aaaoiXi@nS zGa=9jV`EsDZ^l-pGzXy9>VXb8{-S_tWmug?u>dsLYL6Z~=7Uz#SJ2Hg`>}#X*QBs8 z-_$M>5vZ8KfL1hvW>6<{ruDMse9)USn#$3~eBZ-W)BPGlP)SD`n!mnC2ZL`uE6i)ttXrw=XiZi^&s6z?EyioTb!Mu2vA4N} z8CVz(vY0_Zoa$cW6$9}cM5_wF5p&U!)RopYqlJa>3~Yi9H?)?`L>_)KJn@)nConP1 z0$do+Q&WJ)>#bI1lK}%T&NL_{eqmo5ws&DNFP82)q*!!A7i<;~q5kGW=MBXwNj$47 zYiy%bwJ6Lhg@Q}anLu~G!wvo8goGY%ioZ=sG}7&8rQ3pNn8g%4^JsYlB^mo$m_6gA z0|}YJErxBh?R=|o5^Dgcw>tmD<^QeFbP$srkVZX#YSgGzs`*;)JV*}iL^Gf=kT?swzM4F%Vh=yA4DgoP%BO>nSadkNYwVIG%n>XR|!$80#%=8dc7C*9PY zQKGA+hFMpw4ePA=O-D^#vyOH#tZc-vZGjml;g_|MP^~dKfmW{`Jj4|u?Km=S54LG9 zUfun{rD%SZVq<`f{@x|#ogS}aEQx&ycF3i_CQ-4&QJ-~Uf~`8*Sd$;cji&T(V+e@= zErzxbc6S;tCrmH}*?tC~yA%u1;txT$8P386whZV>Xw^dtCrmKKNn6qVpxDsAF+xua zO6(({1S21J{*vJb%SKjo*%)79n--D+JAr4R4z=qhTx-k+u!BJtf#G3Q+=0)8$=YUq z;lUZIB7hA~dXuc~4t1lCvCyoB^1O+o@ljy(zx94LS|65y&CU(Ad1VLAs+g@xYN{K` zsvA_v%%ZybvWBVgEwuG|dj$6EcHTuB;r8UX3E34a{jg&nbKD>{A-7{hjOa|!dv*6i z&1p&4w%fHqd|z#oLA`w{wLzo{l-t|%pj&?nxjhkV-NMFDZ#Y90MIy8H_K(T#T`}Tm zht|FqJDTHCY|S>?L$IX|J9ski5vd1GdVqxul4g-Lw78)b^48=qsCAC+nTydi0>pmT{B^k=d0Rb~pL)(P_&@1$U(D zO-Lxs?vm1?h9XmEGP>MrUtspvcix5X*miHdtkA;`430XL@#JiDOYYWING%KN+JRz> zPgcE87u%I$d(W|JUFUWw_8%d=P;?~eb**rt`U&rAvvn0C2LuCyMfAo=8|jzW&{dR9 zcGu6TZz!u8t(}`ySCLR<$`TCK&MK~~C^3d=v6BO%iV8DI(2JZpuk_boxD}zU@4$$& ztrDA4F>p$H1AD&a*o#CCRRcZYh*$xzVW_}2k$zkE3yxGY%$ZwSR#Lf*MrRjQ z&MNE9Y*9l)T}AP%hO)WaWc=W&%DJ_=S+1LFvwv=7MMGI#QMX}Auvjspx~8t%fF)Rn zdC?S%`kMnI@O@=lIcy4X2fT}si@LMHtcTarmLW%I06#rWGv243D*CMTozqr*`|f`B z<)_mu?mpe(M(}I5Y}xW=QBA)YM&u(tLfpB(m5&=>F-%-bT)n-Ozel{7_6mnuc_nck zaT)PJ;)q?Wxfh9Lxt5>!>`e3UqGH)}3Te4n^@cPl@a_!r_|Y3~v8Gu_r)Bk^eB zMZ}fFCy4J7eFg!`A|VJ9_Zl3eq_8gcPjBQ;ws|h#5cM@ zv0pL4y5}LDMf@{yF>!S_DE5zPvF<%Y+(5j6_*&4uUr4NRV1t8~_m@$=jwtp!mRR?W zC0Yd;Vati0@OO z*ngeo_o4Z>$=6(B-6x6_Ag{OZlODWB>x%lapJLjp9;nP1&p7M_AViRC-Gmz z34EUl#s1*SY`lgN_aUA{ypH%tHz@Z1eVui0`1Kb5PCku%b2ljVi|(@aza^8YFJrazNQtbgUiBZzgxQ8VrPA;hK`mKWTYazT*`iu`|y_tD?)ud)8Wd!5DB zYb`D(iu^SPFY;~0J?OreuXgYvznAjO_t6YsU|r4zT+{W6+ga-X$-5;1qJ z z>P?Hj_br}EyoR`eIPC-b{&3<^#7l^G5(BF-c>e{AKK6Ni6p`95D*obipt zrNrk3SD1FJ*DgN|-=w{lce3_AB0lgt%P-m4;y1+Z+<$whH9wkoBEu8d-O9HW&!N2| zhgo}3V#ThOSG!p}k+`ky-bM4vOlsket4GgXz0>;OBU1l6&in-`m0yCVOpIC7GW{>V ztj3;nCWi^SM^?|OtlSfGRWUi%nJ}M$)leK>gPEB43y-^6pZr#j>Fmi#@__r``pO2* z4&s~G>v-=j4hEqh62MFl4hHgvF{zvADptR-9Eq0|W^zWKaMlvuTVl?A(#wOGQ^Z`O zo!G;y;*xexq;*V_I=B|7=bErYgVWdW+mA)Ph}OV>z6{*bCj{!4n;G5=s2N~YO!GRL zSZRvS>8296Tj88>Gy|s*=`)cMEIR~=W@A3#7#JMwl~9Nrp)jlKK~qW--e4uhgT*7K zxRC{}(+g&BC%H-4m=p)i=XFyXWieoZ$30JYg zs!%L3?TC3!n=8mKbABe~-ZAkzSzC*xfnKD?L1zgPJyDN5kG+`Z!6smx2T1G2C1D)D zC4p@DY>4_%*-oxWzh3^GwqRv}KvX)Nzxhbn&O=`+egSmsB;!SYGsyktV) zbo(Iw+mmnfJgWFw1|KjVu8U3b8bGoE6iSjH`+sd1V^Eefb=)!5GXy)>aOxcD= zLD|b3Q>$!}LDkV5z-4B;!+Cm9TyAEY`Zi zSR}(_yB9@lxIcWQ5X`Lw`Y>`8QWY^r{A}o@ij_Y$VGZdC&%=(jF$9-E=0|8h7Cx6rZH zN4)J~0Vz;js*3Q`)G4gR7FD{Z5{FGyB~`WVDdz8fs z9+AZ5;q)q;k~hyvW2>fyg~q$T+5FNc0%D=h6Not2BwE_!O4$QDq4>qmh zgU%O-oSZ_Q%Dhu9_MJG*;cke$ zU_#w6H2|M7wua+tCgGjvp5Plrv80MfXR#LB3WUx~pBTU)opsWT=&a_ILbJ_ZSmDP> zg8@6ljf7GZaqYU*s@6-wx)X$7EIwk%mi3Y0J(EhiF5IY2=(Cer04?Sinq^)=Jy`3H zOm>&(9;V*A5FY7OXN=YKpb4jPk1a@Y!z$dwk_sxLan&h%BCLDF@Gw+X5>n74t5OZu z*m5wRxQuuaF%X=KFNY;s#Us+rpIU`#Zf#x7!E=mMad2cttQiVzI))cmI@jNH_zKac zwcds*H)=vU0j>V#Je+x{bwcq~tzRdEjpsEpTBy4mH=FOK;bE010Xq$k@n&qnnEdRF znQ&C=*kosPCB>H)UX&!LCef^jD$TH8e}-gdz+^(O%<6w90o9!p>gb}FvP^<4$yFSr zjFO6vF&u?0IyG9Ln=w5ujp+wL`N~{HfR7OzD`%1@)-)hxp?ID0wboL>cO&+b7%y;Q z+!$j+w;vGNent-hp+M&@uc@mltE(IBt}82_RbN&*THCI!X{e~G9ivBm$UEJ48I>Ay zBDZ!0it89+hoGp6;gT2aDTWx@58FiIBL#O}uz4MW<4%ndq{P+?Qgwad6a$XUMWtP! z%XCFehO)1bTmgM@EQBa2rtsJp={(bKwDOu(!PlQY2mpr7u{YKu92g(bKI4e=v7a0p_fA#^9duBh&OCIk`rI$P ztJRgqAwxurUK~rBnV}p1lC6i6h+~OcUa<1PFIp6Hg7advvOHEPW3st=dPBw8c5K#J zj4afm#BvO)X6TR1Q_zfTK(S9q0iB+XlB-2J-5NV|32{p?77aJYYi3JQX-H@d%ruDB zu#xP+v;@jyovp&PMfLRwzdRV*cIeZhrz4Q{Pzkc{jQRLGQ~Bw}bi?QIOIZ(wJ2=4F{E4H%l=Fw!g}1>u19|1Vw{pL9&dvf8=^_tAw%4-f1AI#~FWL2ETS`9EG% zR@67R^D5)NY;1HxrHnpg1zy#aH87s~n~8TF zWBI&eEv_Li_!jv>zHdLyntO@3-!jWzL(Dqf@?qku#G(_d{Q6%Q(T1W!Gu=e}3{07z zwe?`vjjoNDK|!&`bc`R}XSgF=q3d&80v&aS1fvgQLTdt+mKD#MF&CeyMU^!(l$P-K zTzs{b)hm65KQ6->i+eT3;&Wgu{Z%E_f33cY6^|&snM%!t2D%@Uu$ieE^zQr`L%V~? zuNHr>5d%Y-K{%6NiyQ|BW640zp2}4*2_`YxNN}K@9jth(zjEx{olYIACu^pAOzL%Q z%IaLg3v;4>%un&fB$uA<@w=JOliiZ82}z#9gq71ammHWqVE4MlpMMCoFxm1?yL^enBatBQ;2%TjKL~O%M#s2 zQW^#3(nO&I#DrX7TjykJ%-4)jhP5!OuG($NwpLVzhPfV}1dWj?>iSKnH*o4J6 zJhcPKMw||mo3CpO%rTnRb;OP9Us};8+I<=3v$pdqj2mna6Kur$MtpuFeLzr~3X%!P=rZyC*w+ja}QER4x zF>iw#lTglW?!+8Sv>-<4ChhAlCah(2Wl+Du)`SRysq?^=cD)@tEHPt#*_d`IG`VMO z>aRz+_+gshSOTTCcnRPf?l>{($tfMyJV~)mbP~L?N-Ns88V#c*F$t<=`)D+cM)Y~fz%S<7% zEnL*>bV?;bup)^NCEZHe176mG?i2rt-xU{alJiaTLQiAoilIO2*hQcgDn%p4?qJ6bcH z;wj#<)lc!Z4&P0S9JWpG6m!2Ye^P#7-i(TdMTKJ~jVV-aw=yC-aafF)n0w?_-XDF;vBxbt{)7`x zI{B1SPdojL-=BHb+2<@j_q_8jxbUKj|8U74|8(hPmtV2s%0FLq^)=UCcl`}F{^h2> z{_WQ$?W^v%^RCr*-*fMp`|e-+z=IDx{K&dTAA9_XC;$G`)Bjli%(Kru|H6we zz5L3nuWfk!jW;*G_4YgO{_|h&z5l_7|NhTMAAj=cXPB4_Rojig*NZc*x3+j9A=E9C(7|_ac@M=MZ-|(Y}9%`21Ox|CqSl*_PjxIE6Ty z*iJlycs21p;>*O(iCO1Z_x2!8Cmup9IN!ei4S!1qU9tbSl!FM%=h?*Ti4PJt5Wgn& zTW<4j6tR?e1aS%RJmO8nb;OOt?}^)=Yuy_|oJnjX9!%X z#CgPJ#6J>mCq7MlpV))-b!TFTcqZ{$;#%UX#GDJP|09WCQvRoFt^79Pv)$l{-MsJ4 zzVrQpZrppaoA*xleky+s-M?-d{aL(?=C(B)bGvcxe!k!32AfZ*aL*L)MgD7{g!k9- z|Cjbx;+G14Y5!BX|NZs0yrg=c#_}TX2RL|c#(I9sp5V5eb)aAi8m8P{>}aN{q}2r89bEk z{)RSve@ln|9qI5(mG}R@xqBDu??*)8o%k@{@AZJq-<^mj5<|q#AGGh^A|COG<*SGR z;&H@YkJme0=e;>`o_E>tCV4d15;zG?(tEnoi zT(>}t0eh36SAdg;+rrrG)1bs#v+lM>JVNq!XUT7)vG8ub5x!G)JRm8C;G=zPOP-u;B$&H;g zhNV^&_Lvn{8)Bv7;)V#DSj;kF;ucJ;ziy2|W8Opy5!BuzB6$e3GKUEcZ!+2xdUYQs z{zBc;Yy`w>t@x_rBq24%p&sG3`t)J9-uZ}B3*m=RXmDd+N{4Y%|FHYqw14qmdRw_s z6V+nYD2M+M<$*>KPPht_%n06<1Wpg=N(xl{NK- zubx#^tev!|kH)L0!k#tZZSZ2O_*koVNV%aI1elAnMys*atOl-FL1|I_O!-|?TUIT< zwWo-(HH7dq95|~6TCNn7S5znQ;#Ykc4$Ff+fQGpyI>JB^3AXJEyez`+IaS3q2))I* zRYeU52$_;ub#;jNoR}b{JEShfT2)5t#H-;=?mV|H!+KW))T|NQ zh9YReVryBo&KRh|q7)}oGgEaf55rpXdyyBV-0USn;e!?kswt{9G;K$tis((nUR@Eu z=s=jwyr#a&Tb$#rSKf^YsVh*i&{c;O3^viG7!!OUbrp&iCfKrb#WJW=)O+{n9kIC3 z!fkdEyN_0Kc%(T|)41B=#hL$lSzlLoHaKP;U9Fg$01dUM%;tS3H5r@Z5 zvNWMJax`2a$2*7^Bv^?lOWFO*cE`So8?o)3&8!5mRv^%g3UmpQO<0-Pk)!pi>^5qh zFm^|>-KwLNSQgG6ljOcN*zX6+HPA zx6fe1sJVm@CT;OEiW&)WtMYAhckKQzt9xZPgXuhGhk(w*oH$Fip{BHEvQ|}_TUR!t z?BLqD^*DR8dPb67qfSof=?8QvN+{n4fsj9?|3jtDu3T4B`vq zD7FhEzR@9%S1DUh^hp$sOqRnbjOWn+)MWKu$Y%G5kt6hh7wER2!*BOHtD}ZDAEW<_ z#{L@nLksM-5A@dPUeL8B{CjVc9S>D)CjMaY)n5o#IsFrVQ(&j?r7#x@Ki`WzLFfBl ziWmO`Z)JEMB0f+2C-G}ypC4_y4<_zOoJ>4`co?ybcr5W8;tJv|#0QDb5#J?#MNHdb z{T)OcNt{I7pLi(IPdtWrHt`DLO5y{=XNm6+za;inm8KN#NE|_&NUR_pLR>&Rns^rR za^jUt$F^S9UBNwiTmF|u@vl2P-x0p<%*%VHyu)7~!~A94Q&hIenKql8Do9ogTeZ!HD``k&x3%GVrVyF?i^5UNpv+9z=lk*eJi+!g(iPtZU9kn+6r3YGcrt|BESoyiceTkpUvGRM4NXD}$ zpLVE~k0bs-9CnzM3;I2lUq#GsvV4!A#pP`l#}hvxe(AUJLjyG5Zt+LrET82s4q4nl z%%pr|qm?^xXgFDZQVMfo&uQMti@AT#v+n-VIG6D}irD&B>u(jYlsK2TFL5@pkhmvt zBk>X9y~LM@w-KKv-blQXn2WkP6pzMT9GFVBv%{R&>&pC`s?wQN^|0Xhr`^#1_O+nq z5SI`yBCaAnPyC$N-(`P{B~}yp+Qdiy<^lWaFupj7cnR??;!DJ@h}+Y>LgIlb+@C`8 zhY~x8e<0pLe1Z5SaRA*bAl9UCU()9g+LQFTn7lK6zMx#vC!g*nr_adg*4V}pgM+`a zy!$4~t1Vvo{#vE~UHblXgKFaRgl{_>n&kDnaSKSa9W$Ri_(o5InBxiY>9!cBQs`S1 z6W-!`5Zf5^C%Eir#-3_9E-7xo?6mICyXN&|VZAvV&v2Xx#Epp&Z-c%Tv}F!18?t|^ zFkg#ndlRA5)1g}QpXMmOU$OT{nF9fFqZD>z8MpN&s8;WiVsp=>(vvk4#*@*rDf%*1 z>?E%>N4_oc>QnHHh%-#WhjIUDMCsib`b-U6h39Rq)K{Mg19P$8^~S8c(YF-wM7ad# z<>0wyZU&147kC5eD3w1ZU*+NKHv3>TPxwN_3G&}7KZqVqI$ke z-}Hv851Ug%u!(l@;>BYYk25=^a136-SWH;d6o=1K!~OI0 z+?F}q1m^*1SCbEjLEd8vz1z8K(-s6PE<%=j0`{D|FgD7xw|a2(ysrsc^KkkB<`q${ zaG)A4vns;L8Q3joq0{TUqLgon@dk%$`8)wttm9t^NAVLUjNo_;Rg4<7pp1uhs$$$% z*cO}@jQuFX?KXN3Cj?7MLmqv#k}3}2=m5VL$9iJI2nQV&M_YX`(6LlcB?Y`y*j$IL zvGwNe>#!=>|9}!yV0hYy(-JZF!!~+CNc)ZuvJS;aek7z-DM}np6~d;{t`!`npj111>1XLubnh~9kS zW?>F5l2{yyiPTdSwMDU#6IQV@=4(PKqf8(U!GN9(=hEB(o>P5nqL zSmHho>TJS=-=2UMN3A3prU3-LTO-BEM!IyGLX;ca^BY_oPPWp3rNV%&!U`q31@~v8 zoK|&s0&N%?*mm0%vYHlLU#M#Q%@sHV0wuIYms1a}n`0)|;ozbceYiCS3N;~Lhey@m zDz*SHUa%5=7GW(?;k-Gxgj%vl`&#b{v?AeDz23K}J)NzOJ`JFH*0+0_P*tmNKcT*A zjFk~$tZm{%V1?{QyTSvPR z#gj(OiC5G)zIe+q$2T7#oatTSLHE@rAuU0ZI}h!@DnSK7WopBLO{y}YDx<2ZNmY4O zRX|lYt7^Zh4yxKFRokp;y{dMess)RrMJZT-j92wRb%rr#AI!;}o{t8lQ zJ=0zX_3hKQ&+UU&4a#))b&qn7aUbb!a?f|;knfk(%g4R8?6obgsSR7+R2#Q^3;J=( zkKb+Cw8f6Ul?p%OQcLl;RE~Mvz~k^J)z>_mxAax|!3jL(*}SD6c>UY{+m>)7`kC54 z>t2yMM0wOwbt7mM=x)$j^&+D3wfa^~=uz9_fgbC6Jkw)ik9T`~3|iWAY0pzYr}aFe z=b50hdtTY|s-92xT;KDnp5OG`)Km33zSkMOp6<22*H^v1?e$$R)w^%+g5I-x&jERQ zpW1tU?+<%_+WYg~!_p?FO;6iDEsz#WTbTA-+6$n6ru{4J7MkH)6YylCw+PP`RUiE-8sP% zfHtJRp8jU~Tj`&sf0o`mBO{}4M!$@K86z`BW#nfRW{k_&J7Yq|#EeN9b21LgI06*P zh-93caaP7T8Rur4pK*Q0jTtL5Zq2wYV^zlLj5VP3pp6-CW%SO>%IurjFLPk#$jnih z`I&{8<1+WooRm2gbXex$nR7EenF~QDf=D|2qmxh-c6Xl>5JIqN_ha$e6taqT<3?~J|`edqT*t?%#qs(!=z?bdHZ zzdien>Q~!uR=*Yf9_hEf-?#l#|2h5V_WyJL>-&G#Ukykbu-$<20W(4S52zYYJ7D&J zgF%N3IDEj715O!m8t9AxXAM|B;BNy~f^HqKYQS9s?i;Wc^x%L;20S+4=>h8pyg1pWb?27l&djaKt<60scMj-K(BYuDxyR%#%e_7K zj@)~5?*l!U`*7~M+`s3p&wVcU#oX6&H|G8)_w(E@bHC30A$OsBq5C*ck6}HA^#NrJ z8#rtS(2!w6hwTp912hseYFOT|vBL_6jT<&;*wkUuhLsJg7}h&KEx#at@BDr9r{ovq zUzC4Y{uTLG=6|36L;jZh-UXuz3JT6HSW$3i!KVdV3e(DY43n@Tp7 zZYtk&%ckcxP2F6(`JBz?ZGLp~r<*rzZvQdz-td@_K0&uE6tW zKGy)R#d8CmoACS%&uTpP@L2+!6`^B|sA@od2JJ)R%%Z2uD6#WNny1U%JvYVic{wBtDq z&lz~G$8#f|2k|_N=W#qr^)Szi*Y;5QQQ!7ZL%;8#oNfJ^rk&rST=>@$)Em?Xln%-S zWrO;H`hy07b^r|m4FUZQG!&Ez8V1@8G#oSnv?pjUP#$P3r~ot$v^QuU*F@K3&=k;q zpy{AuP${S!G}Be#IsjA!ssSAcst3&i9R!*KIuvv`XfDVDY65vdEg&Cg0jLcW1T6%G zK~d0R&{ELRpkrOjTqlA~2Au{v({+~XJkW)pOI&|)T@JbubQS0t(Dk4jU4L=?6|@p` zJLnG3YS-PaHLm+z>p+i#{tkK?v>x;<=y}kKpqD|ff;PBbcfARE3-k`?pP=_ZAAtT1 z`Uv!i>r>YkpszsRfi{6QgSLQNJ#eTBs5ht&C>@ju$_DiX^#=_E?Eo4C8Up$qXecNb zgl4D5ZlK|y5uiOmdx7#mV?hO=aXob3e{+xJJ(u^q$@K5f^n9V`OFdr!y#{(6^d{&n z&^w@ig5Cpt0QxuRBhV*3zrd*AtDfJ2Hi7bc&F$p@HG#aK7LX6L0MrHwf);|ppeSfD zr~`Bq=orv(pyNTm2b~2v2Xrpze9(oUi$Rxw{sg)VbOq>2&{d#oK-Yn80R08@SJ2I% zTR^vgR)OvWtp?o#S_8Tt^dRVA&^pj#peI0o2R#jX2J{^01<*^NS3s|UUI)DidJFUp z=%1kXKp%kq4f+W53FtG>7oe{|-+^@H>j~2T`he0wnV@V?UyvR@siAufZA8E1+Qqd? zPf%}AA5c0d6O;|=3+fL-x46p=ph2J^px=Rpf^tE_K)Zp4gGPY%1nmXN1C0e0fX0FL z2JHiy1lkug6*LW01S$cQfo6azKnH-TKsBHPLG_?npo2hjK!<`32h9a}KusVos0HK$ zEdaHFf}n+02Kz{-K6?8M`7SL^=RiHaTt3mgG)`0E@Jpg(L^a$ut(Bq&dK~I7H0eS}X9Ownm zOQ2UkuYq0%y$N~?^bY8sp!Yx@fc_2o2=oc)Gtd{HuRz~`zBA*EKDqrc=5XhZ$j#5) zCwDr=9eT`hWNu4tyBTYon!7yr;@lOv*X6D>2|9q)16@l9;pk%19M z&al21bqvJ#V(hT-ph;$oF?Cou#uzdt(Ea*I^tCm3c0#{54o@{6=|@}e`vg3H!gB|n zRQ=^Y@a{uAJ<;ds{&64ne+z)8;JE_N-FTkE^D&-2==*lXvoD_6c!GG&z@z)i#D4NE z@QMB8@6hih_LH-~C-#%)fOqzjE4%o<(cdc5@pYoVN6Il?)?;2hPAnN*GI;b*&(Pla zy*UQk7vrzXG4}c~zkN&lmdm$XvE?4uJ+8H`hg^x@IYo}|oZr52e(7(Vvj5RH&bEBt z{NM0xW4~*P2bXs7ZL{~ViNn(HEir}P5m)d#V$09`j`+FX5A(JJw=CRp*_IXmhrSLEGf~J9rKqa6u&g!9Sk}IbQtIe(2<}s;6Qt_xfjx&Gj~ z)ODHb3fBtPpFvlHu614Kx&d?(=x?r@UAMSybFBj1>AK5xFX&;=qo5~1Pl5gcdIt0y z=mpSApjSYzf!+XZ1icM<7xXXC`=Ad&{{ejr`V90X=xf)vuJ1uVfPMra`+Mkry+CQ8 z?LZlzEKm-pA7}t*d(e)c!JwT$JA-xsxk0;vb_eYN8VMQ&8Vwo)$_EvKlIPaW>3Oc1 zU;9hXXL~;1^JUPhpbelmKpR1CgWd)G3-mtdL(qRfAA`OGeFOTg=l7VG8{6whP$Q@r zG!N7Ynh)}W0-$zK2owP=0xbb81sx4K7PJg>2Ix%C*`Vd1^FSAXE&}}l^heO8pvyrk zKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx=zF(CZ=4BcMk?kAt2BJq211 zdKUCN=ta=WpjSZ~KyQFHg5Czb3;Gx6eb9%X|A0OQeG2*<^d;z9km{}U=Tz@rpfu2S zpbStJC*n z12hse3N#ut29ysf1dRtx08Io<22BC&2bvBl29<)!K{G-7gDOGQpjuEJr~xz^bTH@; z&|#n>Ku3ZaLCv6fpjOa)kRKEPwSz*S2xt*#31}(kXwb2sWuOy4CxK1@od!AsbSCI* z&~ngupbJ1NKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx;t{f*uB~13dH8+@hSMEKzkL5m@`!eSC-pAbDx4E0lhqa#1%N&+H ztlzK!n9=KcPA}ig>5UtZ*bZ0~@-=$}U5(eqV9@QlY(g{KwI@p$yy)wa%G zt%BM0cs{_>3*+jo&09^x`)!%G^26N8cvj$9jpunhAK}>!WAR~lrr?={rybAfcw~O- zZT!~rT03J5uIIC6tJuGu2lYI>XRzmqy-w+MTCdZ4o!k4$-dFWr-TR*2 zYkJ=gdZ71%y&nekOWPssfV6|t+CeX-ZAg0~?cKEZ(%w(|FzutX{(buQ$?vm&pKJT9 z#6(ul^eLeI(yP)BOm9eUOm9j*KK;b>dqMZ5Kb-z(`eW%&razVb66o#pchX%MJu{|& z_RA>Fn2|9vA8muJt+-aor4`ykK>*(YW{0s2Sw z^Vu(gUe10q`}6ECvI}wwa>nOO&Y6)@opTH5_MFu@_vGB0^H|PPIfMHS>AN>*AJ8Pw zetoC)UD)@ezNhp(weRx27x%rS@4bE3fkyW$>^Gs`q<*ve&H4YRdlUG&s%nq_K%sPi zHU*_E4m}~1B+%iuOr>K&lF~q%UXrvFDmH0y+lHpeH3Lm$FoHq_hlr?^LE{Ya#Q2^M zs!t*46A?uNPCUmv-&5N{Au1{g^!~qV@3qfxhf>t{`TzeM(%(Jj?BCw|?7jBdYtKa| zPJhkxh11WTUO&BIde`*s>Gx0n!Sr8nO`dVWjC;8JnP<*S%v>^a#6RGlk(i(ONaFUy z8()0mi{7EBhx|h&hl0H1M~bnoHvV?-*Tvt}{9VuAJNdhXzt8dadH%ekrg+csH;(*T zKCxnA?Znj+uP2`#oH(p`^j(ujy4a0Y~=h=q}<8*QAW;JOkOd$5?Nnk zH?9MGp zAiW~L=OMx87j4KR!w*dV+Vn@bzMUh>r_L;$SvGSa*ZD@KfA0S`*KZ2Q_Ez#vxMfo3q~A_@Zqk;? zos)kz`45w~9N&5TZ;yZO_$?=No{*e!*_4qf|24&*de+p6qS~Uildd`G*^|dk9-Y2_ z`q=cpPA{4VP$pm%lBn}Q~Z0LEATz#`aN$sNxsE>M>H;yhS}jp(^ArIjPyE#wCN&UBt7Ekuql=f z`My2-dyBmiZ?<=aH^-aLIMouyrz*USj7)9fx|-`+u8(uw%k==)e{em-b=|n@#@)nq z`LUaheb=!!ANwHJFxNM@{&?*3#~wfagz>NAn#FbH_#NYa$mJb(!f~w=Qxnr%&!6!8 z32UdUopSkzbGlMkMJ&h&Gq z|8V+`r$06Qr_;R|lV()UteIKlm--36%CGS+@f-X`|5C1N{pxu&?2tITuZr@b5(F%z*Wt)itBQ&H*vk0Yhq?1skh9eTT`Yf)50b4Z{@KR zi4>Wf z%9gJ(MwmBpNm*S?DO$>P2c_l|{}gF@Q8sEQ6W3BE-b0xvr%Zf_GO?}nO0IUU4z4s; z7grD0Z@Kny9pJj5{D$&(a^1xBF0Na+-oy1iuJ?0&fa`-?ALe?B>!(~VaZR9fG36w2 zJQve25>!`|wbvw0=9B;HIf1Lcc$t$L;m~zzAaZ^v4I(_OXQ)f**o9kSzMO+U~ z{pQqfP5tiF?{ocZ`p>3U%&eF>Ix{o#YqP#K>!Dc>&w6~;_h%^;~cDukmm8-|Y|jU-Uf&oyQfAFP>05vG_GyCl}9PSgWLXHdiTEIoCX{gmnciQQvRh)LwX?LEs|1@v*^wVdae(mY~r@#O7 z!P7r}`cb9Fl#VZ*SbBVEDSIqjT)Kv9ZE1b!daeznZ!T>v-CBAZ*PhZZlzy@F!P1e^ z-;|D(USIx^@}HFdy!^%TL**x&*+1_i^X{1UM~dx_=8w&PasDxhV-hDOPD-Gt6Xzz* zODs>UNZgUQGcmB>{R=*{;A0Cs8vkc3tXi1lYFc>h!nbkVyl`mY@WMk2y|XfB4X??p z8TiyApTc|2mw5T*&4)H0YCW{&P#f1VnPW1Oxn7@nV`e#51=pLn-pn&#_`8q4U-0Ms zfHoa}57Wkzzn|&fi=h0y7Mnr-&e6ZMp!{{}-@8EhyGQ@N0m`4q?*VTYsJW zS0h&^oz5LS4?%PK*|DE{_-|1vu(8>JW-re38xJ1rH#tX@IA^DR$a%uWMng0pG zaAnJtDJf513aALe>tc4l_x>7A!rxyzJ#yFl>2{n zdG|fv8|3Ogx&P!TGp5Y&{7HV9U+&N6+Qj80xcKj~Q`ZQ1U5bxop?iL$==j&EKmRCZ z`?us?8{cQ{iQ|a{o;!E@KNolJo`0;sbNBx5#bNdL`Il_CN4;!urs4|4HpTZT{=4Gi zijxmn-Y1W$Gx@YY?`svC6>rLN_r!ZVhNKLYd=O}Je>{h%*ai_ZfjehS@8cwO=kH*<>zO8s53kyBZc9(tc{4IpH z9b?0F=-mBT!>`fz*?8x%miI-)8;`U14&C#w6?pI5W#e-7=dtnDzif2xUkRPR&fUY4 zt$%$}Eq*Qwzca-?zi(px_u1~<{o9mR2!E>KUU0ni_hrT56YRa?IsaBou+R5Sv$(X# z;#$ScioJ@v74J~|j`Hr)`-c^OsQ5d@zbT%e?tR6x6jv%NKdpH6bQ{l= zCt7S$T&2(7s`s}kzE+>R_wK&_B+EbXwHE6Yf1voIlkM|H#V225@1IoOt&XqH>lJTR zbm9H$X_oisJd2;3Yw^a}@#p81#_w;@_f=)_=O?K@*C;xF-TimwSohs$TD(|shx+gM z%Q?YQ{`>PHizl6L@w#;uXX*X-6)#oy?){mUSa-7h!~eX6~=Z!S9^nzgf&UU5n8Tv9M z>)N$R&z;Mmvdny&gx}L?qmajU4m@P5I5{SM7n@s}MaA8oM!-In!|rpoSCdnMNte0{ z7t5ZM!Lhf&W1mw^S>;a1X%@&g?_eR?B(KEoCMuh*`C;PdE~82fQrd5C+uX%+P;=s@ z-^^B>&8@p+8#g)QyG!;YY_>=4nzVMV3;Gg%f%8I-@?EV#uT60KZlq4d$lJ%o3 z*6xv)c2_w$(X^oJ@Cr}|n_ z>7M!X?QJA!DIZoYBx}Wu>D%vmE%gq8`V$T zvKGCgCvp-nF{rh|j6!pV0=v+)8WO#&LKu&cK5Pw?ZlJ((BA@G&mFX zwDKhJY$A7?%|=O3vvY~;R2q04X!pZ-!1=St2fLf}Y~#dKQy}twQy8E!h``|k4a>Hz z9G7ZzmQ%H|Rf(j!?i=BUue5GjYQAduBu_a`f3$3)+GdLax7o8g4p-s-!pvPIAJl3akXxKgKV!N?YR0>EW^si|Bkm z#p3WTk$4TRdFxi{J1P+#u?=fnx{VQ{$-`c+TE*l9A7<>~2`<6wF_z*HnxnhbZZQgv zx*|}U`P`C|%{wSby=;8@N^Y%2JVM9pm5|Qk)CmZ}cDUTpDm%UxOJY8$!}cPf5)&bh zsC;uExXWs(vBh%9a(#(pzh7#6Dh-OJbF3AD6DD+?Q*N?@a%USBhWi408|VY6Fx;)%0_G^%PlA&SHNnYC+^fjmF3hzeZt7%|q#LMNVy^OQfr0pJZDdh@NfVg+i9I z%GrfRb0*3N3Ye1=V|Fg)aVtDqe5`vh6!SfQE4!Dh?OKD)6MQqd78IA&{+*U1gu6y5g^# z&^=?#5jx)38c`4g)q)MGY<^+vCV4p4m*}N-XIE@n3XwasyArh#q4dWqlKtV!w zQ5NR6`)CoKu)YnFBU(k;l5h0P;`t>jq>aMA| zBKWmx1RAMV;gw`FjWB8JB{YR>4~HnmjdC>?BX^AYZm>-%O8zUux@w zQmPB~5D#OHTt(b=`@L@4c5DA@mPo?lvVrZBeCOPS%7*Zy5ay#c8N#wlYba=dkl5zay1uEg1Ri#HQKjtVB#0cHL^(j%K!%hLQek zLQtg`aaCCr^Cu5C>XVahwkVsMiK}&M^V7dX`P_yH zK;0Tqc42GEZ`mcg&Jk5IBlrx;iEV3=dfG>zs@xX|4_d1bBKpl5ebS+1tz}7iTkVL? z_!%TyK9@K#Y1_fhT1OVTCPEp^^1=~rr^{*n{3CN4)Dqc*ny?2aa3kger*vTZs9rRh z$Jp?p<{(u?HRN|xD2;<4=Fbm)zS0LCfy2PQnm^xcdwE2@M@XSAIU;6EQjQ>cMr8B& z>^e9CF9H)Oh#R^NbB+y_Tq>!B{Awt#AnHL_E{I(B`T|ZSGBOz!6UWHQ$qHqM%KVxeYc4a?E43xrdVxMw&ryA(t z9mV`p?OsSPsE6t*7@*K>s&po9w`im->=4%@{dH7jY;j9J3Hv8X72~Q7D=n@MyM@)5 zTY@^Abdt_%we6%`*(gRH$}HZ0ZPHV_;%lpI6=Ib??c~rq>A9tSV=YDTtv1%`=NVqS;+$f4_;s$!=(jVEv(J;q1AxVp`5Kx{h)g4`r(SY}J*%E#O35ulHsyz%= zd})^caItobB;|7@q1uiS^^dr(H|>|ue>1^eT?ns;%N$o=}L^e zB@7R(VlO5{g$121OtMndg8f^v@AQ-rb6^d_&GdXT0D0yQ8bz7 zNZLG`J9oLhcMTNjenSXN)!@tPr3^%}nKV7)OEL4z;H~^NC3U|13fm0kR?^@6P?RJe0KNJ`J#}FpAlywIOduA5tu&aY3wfS{4?+3w>Ck{i}0tZx6HHP zSC~xZdHmLO8k$$po1k=?H?ccgxA3Wao&DIQ^X)TnOT&UhSbSijc|FQet%!c<-vf0aJLc zFjX#su0vh!R!&5-rNs_XNaiB{l0=@^*b-sq_SU!B`5D(Mb}4RFtXI51aiQX=iYF?5 z<-OLQ&ne!nc(dYL6|YphT=62s#foPr-upi5-yMp#C|<3&U2&u0#fnQ5&s2P!BIUfH za>K$}wOeF+TlTTmr!^`7`m}~U%6oQ|&F(G_G$m)Kc5SEQj%4d-W&2qg<1#YV#Zi52 z?5ZtQlN|x#)KNUf`ot7tzim-ToTx|J1~QH?N=_X3 z;Cb!~O@P&@mUi=5B8Geovm{WJ(!YoXb}@&sn7!I9aDH7-+^qG-Q3En*2Gc=Cd?P^w zivEZ~i4be7WWQQkU8k)h0-pPR>{x20BquDiweVYuXe_Qd+`}bEB&zE=P#m16X)_}T z`EYE_fCf?N)jAd}HiVg5f)cStwy~hA8>@AEtk_AWp=knnbrfK0fd;b}oOV#@G5z$! zcVU!Q*PWNS6Wd0z-gMy{ww1j96vn% zd*eqU`%NFK`$->eFX_K;AL(1zNxJY}(xdDooo^rMbF=o5{=e8i`fz(kA2ns3EK$_G zqF?PkYWJ~QbbP;PyGL}}RJ$MapV<%EV|&tZ(~f16j)`28ryW0S%Cr-wE#+FyRl&8I ztBxzl)i`Y(J4nkO(#_LaxKdnOx!SmPOzW7|HLZJEFV{!8?&i9e>%M7UnD)T5z0TU}Xv)qP z_dIKVha=q!VT#M(&bWMx96iGB`%fG#dke^(lx{ytw+E%$f6^U#oXq08y&q%;a0z0Z zhBJ`m?#|M+=FP_yFDSG3Ys)SEO`kue_up6isy=^@-tV4o-M>e1RPo7#eg35d7T>$j z;v;8S{Q5Z-FF)5}@;ZwxitkdqO7Smmv+t+$Tb!-9RIx$vO2xM;?os@L;vif{0^A=jLDZeoRdb5Q|~qn-{yAXQ|`>M#`^hv z+j@4iFOcB%=Uis_685~-p4L2z4DvFV`)VTdYB=F>;?3=bcY4W!#1fBx&ys)7=b!c- z{@E)3H19|+v2!5AbY<=){bFLhVXcObyE*wK?1Au>uE2qh%`68}E%Qz#S?Q5twiE}y zbZlMbMVhe7PVMOAUD&2wcIvJa-9;x%@A(^LCWrQrxweGuBctO^ z+exmgUs;o~yXzv80T-Nq{`od1PxY2EJ%*`3%<-Qq?enXaomyr4jOWTA$f>rorlV)s zsix;l1YwE!1mubY^XJn;*Vej>l;K+!bGFb{`K_2MOkv2PfU1UVx%lZ3;?yH__p^tN z%-_$be}DLeb-(kM7SH;X#nq!0pHSozD_dKud$dWrIPCGDQ6e2llHmnhxQTAA;jLW= zj?vj-o5_X!%;UoOX?g~wgV%OT7_k!>W>JSZut*w+w7BG$Bj$VCMsy)ZOd^W9T3TFF z*I3(l8A4bmqUj@-`ee2*epL7FNIU74HolHQ5u3%qq#HY)V0&~-A2YlvGh4}hbb+Wj zj|;{9J&LsrYv(RVoO|}UbJtZh%w6d5??NyB@N9Fx zy0WphZtep4?VI1e`8{{hqI1rNClu?%{8lISxp8uqabkX256#bW!l&nkKhFz)E((91 zZ+z(lb|{Q!?sOJ4MmdXzj^~ zf35AQE^53EyRJw^%ns*F>qK3hg5$N!Qlvka!(VsM1w`d4CyjMT?{F(qI?YNp<6|vz znDc}zm2Hlnq8t{SySm1+KQ7=$!`#Y-s@htKTfHvX%j4T(qu{Az?N`}vIjsA}&Q4Tr z$F6`APMl?tLCOxht*P9wsiv-KZFOzkg_~AY)>W^rsc-O7n_F5rWX-1X+;t6J?FDP* zCeAv~W`s#_lk_G_+89r{if`4V>bBi>TiV*`6u0BMwv#W>$FZ*){Ct3QA=*c}kzV_y5=Ul!o^U#a}BEiC@L`ORjU53fmHB_C=_w@8I7GxEY zeYCkvtbb8ZqSep#7cMyaEc@%MvllG%I#N5e5N+w|+~L>GU+Z+CwIyn$fYG2!k(?=O zC@nJzhczy7s(ouGba48j#Lx`0IGRKAGGbxmTEBLg{&=#Q|`P?Ui zZuP^vBi*SAq;=Y{HTqrBW<(gG-^J=u^3P}&zG&WA2_m2Mz34F(pUYQ;Gpu4uZZ$Hh zpT)TucbFuH-&&n*(udVU;jptww#Yfw1zZ?QSSE&LzYn7lII%50*5Q%Tc6PIqE9NvA zW1QrbX)5`g*h&^A|5$v7}`7>2uEXmYsU4i7m&UebvVIvtP6Lw4(oz zy}wlPLyC_p9zSf~S1I14_@LsSvfj^m*t%b?m{i=X*rRx(;@1?*zhik9E50cU`}N*o z_WQ+I@0~k`uk_xzD};_e=estZD;1j*->P_<;(dybD*jsWCB?+!)}MEd)A-7DW3U#d!JNXr+A~{1B&|;4=Vme@g>EhMyx-7(EB#MFNEXu{n{ri@17?u zUZwYUDgLM8(~2jmyYm&B6mL>I>W9{!YZV_-d|L7TXYKn@#ir-%{mqJBQv9XjgfaVm zq2ikqZ&Yl1-oF2U;-!DG_itCcSMf)R8O8EHTXzkL*DC(T{%W5u zQA{bmPw~r&|D$;Mi`M-+6t92D-v5i@j}^U_?ejAf8x^lpyj$^)hpf9dWGp_SIHq`t zcZty;)ruX8dlbK}_>AHkPPFbFo~8Haon)Vs7R7$WyA;n+yykV*-A5GfSNwtEnBs2Vy8E=^*A;)I_>$tR5{|{MI3;*4Nj@})cW#b-qZ_TanKHW(-VR)-u&(<~T(z@mb zb0*Y>4u3<#>PDT4iD^pUejW3mn^}8jmoya@V@9qF=F#uuXmHb96l*PfOrLx3w2`@+ zdP`p=W)+k6Wr9c8lPXK(WKLJ9@vT%E7c`Keynwa_eUu#=;y1jXqzk$&b^MYW+Uz>^(u}#cV*~CNovpZyB4X+D0ClKec@0)ed z?7Wm}Z=d8%WWue#QGC4u7cNw}mx)zum?0~jU8pUs{zjITZ4;+1)K=!i$?52kkd+Mt4wlX(l(3eXj~%+v|^Z3u3zSt1=D<3K_4uUm}8CKjviKy zO>FHAJ>)BxEF^5i#qQ@L`C%UPZk9}^RV3}NAYwSp`Y6eYAaUYpBl!}%a%sc-c$SIr zhPZ5z5Zr&xfts_u-OXE(xrxTw-zeWjvYDG^7C7zrP5%-G$SQmODj{@ zOE@+T>&Oya$mM27Bu$0047cMDr-z-(BOh=ST-;6L;Ha6DR zUa+o_Vc}q!q8s`Z@$gJ=+D=9nQTs4oRidEJ$Ul9+FN9wPs_7<{ZYk@$RJKP!%uKM( zBc_uYRb(c?wsoObrP`K=iIR9*VQM%T4f$Mb>sUceR>c4CklJ;xu)!NsMsqnOW55Rbgtl$~wOTS@wi1 z+kS1EG)x}FxU_ZB@Gt_*%9 zpJR?2v_#rTy=DN_$1trE9pnVh-N*+tyD76a;i9jMAjR|wBN<|wg?`AI)ivg&=+Ef$ zu*hYY)!H?Y2$~Kt_eIh8YVTMMePw;+ zg%N%jQ-)jTCSR+oSW%QF;dce%fG%S{&Dy%gn)Q@GKzmq;gFSl&Hh#Ll+w(6}lCSj0Uh;!K~M6xU8YEW{v$l$yAl@ zx9jUR&T6D)o8yOhX>AX?id6GaI%+-nZC08e$g!%Z^3hc%b(R&od_*6iRL>#A0-tFG}I8Y}A?!`qs= zYJ$07jhQSG%CfY^WQv%{H!ZfRN4YcQ*5|#rkr;b({N%a|R@YWZQJ>>$I`UhWP@ufR zbprXl3zxq}+b&k;4QZlgY!%UgujpJ&R#OFdeoY-3rrs1M zn#-niNp>xC6y{mcH~j7F5i*gJSDr()Y)#sr_{RCN(?MO_G@&7S8eq&DGGkW zE;hp5;qGX2+s9f!mwA%nc5TYxWH)pb`6!05u$9=|3d1&ZfOe9-VwXwXEF)ckliZp! z;x3o(6>#tJDJT|BpKVe_$e_NRHs#b|@WQIV!tb4u3|s_W2U;T*53cU_@Ch4F1_bOiYg!TU|qxo^{NA~$weroZqU*vaJi2pO?XTMLm@D?_j zeEw4w?myc;f9xEK?tbZ7d;j4qe0oj%`Dg0v{f`y1-5;-fx-_+4W?qZeU^mXU^Cej5 z>u%AxnBY2Bk6)1NJF~0XN_s)r&D%ByWViqWtBY;ubq`22>P(lqnc-XO+I2=B+eNM> zq|moHk!rx{c+(@r4b#p{8(90Iw@B#riJN02P0TR3M(zsHWD_4_{RV;L^}{x0ttW07 zuhdTL%-!l8&i_(6ccl>NS~PfCKKM_y_dcKDrjrJ8xL$$ zwQt&M>1=OrPSY)Q*hrd9{*8?l_-6cy4Ahv-Lu_C7j%L&Iur0Ntna}9%?CqixoL*_u z!x0YcyaFSXp`@6VUS)PY?RU1&X-WF(G#W`4mqgU?+C6PPEa-MrQ48+X{0^rx2>+YP5E z4Q?ylh$FL;NAwkWXqR0_4cMqRW!>~~(h5zL$9yld`-EgYB+<&f-i|gHtiiC&fw`m^ zwinsg<84pTT+ja;6DRMhoopxGBE4p1bgY+q8)cY=vM%XilJE-OZU7D6ZV;KzNi3D< zjPKmmw%Mj%o%9`PA93iZ=lhk?i)yEN1vhGd$}$wEtn6>EOtn-w`pWKH?0Xwg25l`@ z@T0p;GEaVKHkyZ;uI91XiCTV5!u`N#wb-_EI`B z*!7``Zthh?J=ls&zEmn9ry;Vd z8wz3PjcBDge+5KUrH_iAEq?rqu5@Ltp-=OV3JMOgX3FI5!XMrkX5 zM=w40Qh!l0nMylf4`g7kA)_|YUOnBZ_AOCLpx%ucprb78qhftXwK9VqUxevPW$ku( zQJ*>Pqlg(?e@lTVxd6HS5Q70$d|O#SvFQOB%;CCicz-IFrscclf+^P zdl=-qod0G-JbV@VAPp-VXwDx(Sk9dbaXfP=y z&LvqTA&~K_sKnTRM@IR@i>;WQGJs-?leiw3$JULwh-Y#kgF#$MbmFc9ODjw%Gr$-X zetjhamQsSkRJp(u6uY!dOzEf@WlNeZcAZ^$ywfD!Vn)~Ojme_69!BI$7l%1hC@R{X z2_W08lr%{w>l5|1S5kt~p_|3zYBS4f zAPImRC@=TSc9(yLH_oFK?1Us^-NrJvrB}+eF)G6Pp|-lzh}tW<$}!!kee8BK zrJ>v;*EhFU(seDJ&HQ8*m}HO@bW=wKQYm{2_RPgNm&ZYK0@<=FE%MXCB@A{GD_6dp zDHah9zQ^u`>fS{vBJ-`(oI#FyMmYy@Gh9tKlFX!!%m~L0a8)(a1qwQsxQpIw_s!RP zrSq~=Sg9r)`?8?->V}?Zwe#VYdLms+9aF>3iwKk#l><)=$3{uxpdvOFiC0#pbqpe? zYF{MNRy8~`^8t)nC_iJ4UshITB}csCZNy{lZ2JI?8?`V&l=H?J5|MX2rC?j1<#ZHx zb4K|Ylq{)-wsd+@r}z#Oos7~wubwd73GmUM}|ZuBGC!z$WlMBDVPYy%o1_Pu3>EZn^niU>1;Ny zM0r`gXTmv**RtJfA6kfJmCrmQ@ju%OH=dFmZf=u0Qkaa08@o#qWu70{5Mc-ry&zU@ zU211FRXNRltri2{$W$-iLtC}uVONT(gL+6D0)g2_{S#Ks#xju5os5JgixG8c109)j zEe5u&*O)IyG)tYC7Fd967HI2pBPmj2V}6hYv?IuX&`u%~jG;z8I&PSy1@j|sR7^-m z7N6K8nOt7p$Qb#`mW)6c)!KC5Kvj9T@0TiHGN_wj9ADB#gt2fskmuO}N6Q%6;O|gM z=!~$Oi&)m$Z&=$^ugVXt=}rhWJK&1VBGYSw86ox)SDP(r5h=+P{pz^nskI*{RognS z3jc5fl`3sb%tM<=j{*uten@DM;!fFMbNh--js!j5vgQs1w_Ra zjlqg?{v*3cFaDPfK~vkAVlJw_*GlBlNaeQN>SsMNf~{q3%N0$sT!h)|B5OKVmQx8b zv1_i`6FOQe8T%&Ex`+m98VuR#5($HE4JvtJUa-ERsZ<$MJ#&nRFoS(ZXrgGv6c$hU zMAH#gFgc`ACFRrhlNpmKFe2r7sdQR%T#d_Kw61nfM=COm1qyL%N}6J(DmPvbW=w|F zC#J=T$4f&)gA)biTtJ`Mf8;|C<~XOFambmT99u(63WH2YVKg*eWKMHFuS|7|LS}GO zG;%bjn2l*VG|Y0rNL7xI{qqGeJJ-XH7NL%wiHi_$YqXS{mn*lCb8+o$^ljvzTwXGr z+w_juqjGt`veK66A zjp%tf<1NOC4h@(>WV**>5^dB>6$Sdw7w+<$Fv9YA1WMW~OCW3u$~~Hx>|kAI4%57f zin=GYHPz*n<$Vkz=DogtuqeMvg3jaE zd70}tD@9|vLt8+!ZA9xi?T`5$9WDv$A**A9MuB7+V<0$=9tjonox9!+XJT+bZ8(1O zkAx?cV`TcTsMvgA*v_nG(MUFt=Z8tk`4L7rV?8a%mWQxe=!7q)awk7!=tk4c=9$YR zrpVK?A(|i0$uGu4Xl-L@FEEK5aV%X(38^>a8V*iws zSo60om{leu)3qRmOwMbbn3v%`ZZ2k#wj>foERm_6aMHF;n>XFJYM7FkfsJ4$IMeJ3 zb(mDhlC)yiuyciL*T|zb^qurOnez^%x6gF^vQ~m;GAsSng(`U!25S`WKN5Dt4$B(< z!`M#kkPJ3sd??d0cNPIT5kBU|ncC4BA-9Fk0E@Qm5x-LB7q)s%UjQXm=3*H$-dQD$ ze0FxzC%dOW5+fq+IZ+67h_%P`sN1lwKUB#w800>YTHoa+LlT(DX1Qg%Y*xgUD0E;; zYiMb}HFoy$f520gpfLGXda_J4X(wic{;`|5c4G!Xn!^Vp(amd8O3i4`QWOa~a+5Ny z$s>pIE`vN7_%)BM|h5MGPa;)DpcA^xfvRE~7o*rho;FtQcD4;C3PE~1P11(xS?ZquJ>r$W#S;2RT~?UR4R2XBY~^|lu-?i!^l&xvLm`yPN$NIaCHp`_GH1p7OKdS>=-Cbj7}fgmDz$m*tRb|mcHLwL%BZqgTg_Cnwp4rT znfT`(Vf*tW>b+FDxwB=WmSH3=&3>u#iR_hisINpW*b8B#ueQ3XK_gq)(YjLNHb<;2 zbMggNuSi19T44#7lSQiN*|Fb=(kvKEm8|#-0x^EsetJiC-5%YtX{Zd};ag*YU?n=) zJQLekf<{b`=B}>hUHQE;l|ZELkcF)DvdCy<%(I}w#F)O>IZf6eH#ydDIRgr6ZCYBL zn}Mb6Lot%fnLy+q>eh~%xc)+I`niNLA2=^Iq!jC3%;dcDzusGiacgBcP*m4FcLc-)xvB zM~3S&t3}jSGTqRj&lJCSMHTcD)4x{bI?Q4b%$_Y`V;2rl>#53eex3HWNqb%os;2xa z-=(VQLUR)s%&1M?Hi>+FPPbgp{YDij$tumE=CY1*`Uh108DTM#s_2osnpTgUv)FyD zwJWhw7dXSuW}9pNsefi91MN_Xgksr-QwI5r$X!Iuh`5EBWXE!_DMh+yewe8MIiAgt z4kw1e!ih5K+_ono0ojQ;s9AytgOP4s`^=P4nF1)o@|^7ChAfm38w!yR&f_$Uy!bg^ zb$eiUM{Fv-w56@9MP|u*Rr({0lxw9&VjoQ=Q=p7zXo|w@p#D^oE=CJPm2qM!(MqRe zOpRF2G0qHk2UA7Gr>Mbim-K~3cWCm5VP>@vj23Y6BI3>VAVFVOoMq&gd}*iA-pWKy zs}_t!5~g5bbzh4aCe7pe)D8{>lGR?VOlUQ8V^ywc%ChoX7c*E$9ks#gi2QH<7rA$R6GJ=44ob~Cj{ ztLMyhs?&{eOtjs=u_;U9wf$Zrd783};hOZbny=Ep9HiUMso%WIPH(|(G#@!9GMplX zPPx5ZHdP{D&*)$f;2fiugK~FOb5~o60!<9;u&Rk(sTu1sHVorzA-O<%2P-mYWke>h zSmR=CLqlV|zVG%T2boyR2mKxm@r z#ReugZbZ6SWl+P5j%s+OQi~}nJ&zj6(7t>MXS_?^bu?#XrW7oagnwgF&agvmb!an~ zT2O4rq^ymo66229`pjsg3u&t#eDZo*TduEa2u!H5JiX#JZ^F373b)D1&|r)Xj!JIQ zJz+&cM{FX#M1&;diV)z!hjrdsF)JHw}%w?~z{ z^iM}q%$S5>kvDB3>D6I~Lyj>lQ+_lCW zF}6e4ffUnxY%JN?G1sifG}fN$!Z3PorywzAkX1%SgHzuz1(T6Ek@heGVG2gS*dqzE{Sa;}B}$b+~3Lf#k0<6{74epe2C~^_Q=}S*=lW1nZFXGgzaXD^dH1M z4qJ^*OVXyxB1aXr4Z$`;ccF1z4jKa>=8*4{rml^tQHzq}u^uz+TvRKI#;-IbMS4ng zfOT#sW6|~tVt%`_E8n825{S8pNpKgWNLF4pN<9#EKpsJ&#JZG(o>h@y43SHRHF<+r z$$(DugRXVhQS~|8|$O8iuWSB}>$AX_~m~ z>9+Y(Zpw2009BG>-$gR1Z$>z*Eg5s6WhCp%O$$+k+eXD?v=J;#cW1Ola!S%LCUTyc z-Jqj*DrML*!31AAs`wCXhDKNB=@?G)7B&EGvxBuF1bMu$J(;FprHrBGhL`eqN5xmj zhw$?vWz?u}F+DYVx>8rt3bN*>l^^%-+Tdv84#fWEDy5rnTCDJVi5~%SM#<8%GYi#iv_QZ(x5+HYIZ;6## zc{6XGnE`6n)SD)&HEmT8vzwSWyN;*~ zdMr}r6J@kREC9P4%{HWQX67D7v}%|LfqsaYNJm~9huS<;9pRUn$s*=ctJXH~wQa4{ zy6jr|W0^o|d)o3ypa?`W`!kwTiR}cs2H9`J40SS6A4xH0Oz`Eh^gHHH=tGs6EMdF$ zu=sl!;*gz@Wo~%Xs6n4b4}y?aOzSZDAbv?p-x%&jtYc4{5|@J>yXcOkrzA{+3s?i) zT3Ka%SR*6qo~r7 zI!I2Kv@)s}C^jSP&0X8k6==6eUd>a@Cd-G6mDPL|3-*mI7U>$VkxgvFgvis8=!G*% zWN6FODtVWTBhzjhEJj`mIkBC%rjXkZ#>Xg4X2>K`C3+EOp?5j1tXUS} zx%`R@QglcCvd>M2RSq}mE(|l*SFATSR9=|bA<>0zrl&-EjAJjfmpEq*OVFl? z&L#+_f5+s{t(?jEbnSPSxV5Sp(c>JObx_QzYm=VQ1P;Y07%j7%|9KsuYa2&A7E zb!Uh3WbsDZj$U@guq(r|80OfNF3!b>b5Lb@Ia%K(QYS;ZVawa1}HA4(3I?G}cV+(yvKy-`$=vsKSerU!Sxt?pvQY_W-z7C2a^#=8* zDTp-`63&c3otqs9P2OM=cXqHyq#cp#GsvC*nAy~$))c0`>_> zm#360JNtxOmvHRt0SUtmFa|)}- z*qvHygu8^LJGM8sGFy{~YqAKZQqCk9H>c=L zW4AhnU|U0xh{;mnPZDv{Phw6xLLAh(HrIk}2IBD!$3RR}q-caeyCiXbd*a&0S>o%W z8jNU*g&g-V^h?Wzk$95Uv}@*?)m*vX)PS@$?{JJNS#~Nph74KZ&zkQpEl(rLX4e8Y zcSUj}TGPt}7I|jcSVE!dkj=J&;V*4|M>&Df8H|Q$k&!ujaz0aT++D0C!k6mqk;MA2 z8lW137&nbBc9F)D6mqlY$6?-@odt74FjLxVh_D>46^TNSLz-$PNkUkViGTVOBu1MOh=2nb=y{8*Rk|4%=^mjZkCy}r!LsFp`n%oZq1#j8f#Pb zH0N^~2rT-T=1gQGH8B`%TfiiW3)N^t-AuzaSwh=idemF&=y4>h-mM~2EErg9YIfIJ zq;|A#Fmh!zL6{vO*JX1coRl~jr(R`B&2 zXx>CM$ro~^a<^^2T#-|6FW4n&gWbf;mU}t+#Wad)Opm`60Znx)Nm()=q1z7aoVJwO z*&-<>jv+G`y{ASERti}48h%J#wIy~c!-Z~Ljn6ow^Ph>?OuD7#M!Ezj8j?#U=J_UT zWG9-&)n#%-lgkkt;l^h=YE#A@tI@~YUwy{4-qpIGda>t=i67c#5u43vc5ibtT|;{2 znjDUjQ=R0AOsK!C=(n<~w9y)*gA{Y=VryX^Ppv&-zDB+&^u{D|zJN$exAScN?+_8n z)gXELQC?Ywj2>x>XekwUqo|~HZw1UnGaQX}nk=g7)VyU*GlMT$FHz7*8M^FxtVUKf z%aNx!!v88&pcVfhqtW?j5Nf|v*BUdAg6$vV!%*57E(n=a3dU@Zlj8VHr$*eQLD}?} z)6?AUPYmdok&k$-V)}=qp1?57s%7F(p_+4xE?`5ld%dqKSq@wZ=_KE5d}VvGUm{NzQW(W4FH2jZiWv z(9DGK&=|6MeSS2P+uiFSd+YJ#M-oJI5gz zX`ZHMLklvqegL}1heYCEN8l|o-^r{N(6PvGL;7XA(h@?WYHBgQp zc5;~M01T(DyY!a)WfPWI)UrKxW9&KwB1mP_oV0U-ei=DM(sU--mGN5XmvP)&R8^P} zg?xi|s<)*`5d>;mJHDj!yC|9NPpJyzfw2mlX(2Ku=CkaFj@%sHmN3FdCodCy+O_Ea zJ!)5C#tvz+f6(8ryOCA&m6(5g`2W=iYnI|ANHcLENLMpWBOE0RrfY=NcfK5pX$L>q zu)fylmCdq^4<94OPF8s`ozV1=IfE)onRI(=;)+cyF=}PT5lr2jt)r|`rS3MhW>5_t zIip5fYm)mM;}9?WQt(Z;F~Q_SG$;iPl^a%(eC@IVw5vxwtn1E|`LMWPK#98?BPtxN z(j;Vc3t2@75qmAnk|5-o4%byixKbe4cqc9OsqIkBjcQdjBh?KuX+64edzBf*FpG=U zc9^9`QJraCBB^$XQM_|T4tDzQF?$ZvYkzOCSn(~2*DAhC@q>yVSNy!<6N+C}{APjo zztHE|=)%u_?)<;;c^f~6$N$ORpQgAp3+wfMn_|D>BZ_+zhYGx3{b%ccHvU}QXFqrT zkAK1P9B$G3_bT3>g+JH(qyK7oXDALT)+@fX!287CEH4`$QTN%;o&Wb7x6YjFHEDvy zEsA$5uAgY14=6sU__$);4UW#5zrk!viQSO*JsTjo_ei&N8l}28)+?+x>dhlg=iOl} z7zR*fFO5lFNeeYrGiI2T{SsOMW@E7u*P-YIzveOmX8H=nTd9kzpA1O#rgJ^U&6;RX za;h@V;84T1X!!EbcF#l}T-Dvd;@gg%EsBr>_Fkqu*s%+?+C&&OH@9qeZg$Z6 zZKI=|oVPEmLnc_8b3P+Bu{Eivh@#$3k|{sTL3Yg&YlINK)Eb<~#yigO(oO)G-qI=& zoRsBWHViapnCcdnPV99r9~xRR{9|^p#%tFt-Dfs>;8oDjl#@Y&1VZMqio#?vtrj}< z1Dd8A8`7A=G;$I^8JAWO?Glw+I87)?T$Yte}hji=qB9!r;wA#^ebb+s=M&a8k=wSm=%_o zNp6|N#S-PvRaeToGxJn~_s#^6{L9|N#thExGC8jU1tP$xK`);GAW@s!TG<)O$d)WA zwg;8TF9y}RFr?ewYI>!`v~$Xo?4oh#25u&KGL$N&Veo_CjhkRF*~q;b_tFMMq}y7h z6OL1tBhi##y+CGk>4RN@L(c=HO1?NKT`~$|EI8TiHs}(w2_}g?$*WwsdebE}Yu0V5 zuCHBRQ@^Qh?WR?0*Iq0Y+flC@x1{}2&wFN)=lMtP%k1U%==gn^-GayM%Z!3!ptr&E znkMYa_~6*YeVGa{F==0>3G4^^!69%EteCtnGYqD|QE+$){LAovCVatD;0wMUJ~%K7 zKIoOe2m4Ql4-S{Z2S*mbzntf1?aP#b!{91#4BQ4L&nCX$5O_D(f9}4_qw;+DzRW%_ zy<%Tx!baj%0UsQwgbxl~urHGa`>Xb42IP75zRVDquGyCv0h?Cs%Zz~)wfizfZz4U` z?#m=V|B`)~B-m6B9~`(0zThU(Po8hymw5{8Zz0}S@H|Dh;NVtxU~)S=FbxiX{tm(g zi@FFG9J_{a!Tx^2eKX(x4#EY!8{vb)U>Y2F7kn`NKKS6!hvCcpr{RNR_rl*qJ`KSK zNA8CYCjSFII0O#J`$yq}P2YnL4ufN${{#3<#N%i1!SpZTgM+_?4<-)62S@)5AME$` zXGR2%-k%u*hsW*D_|1IRl>M0saB$lGOcR(qd4HxK94*Z8 z7vO`#;Di+JzX%_!_!4|@_&?x-17F*p832dCA+YFS(hcl?jC2EszqdbAv<3fvyg!ow z2Y#|YlLW`c_GkLQk>Bsn>;Z@Wus^dG^q(hOaP$Sj-AeplBwWxxM7ZGSF$Xf+$Kl>5cH)z)kSM;THJd7`P3r*a2U#6FxWyJ}U3QePDkt{3{9n8u(!HTKM4b4e-IC zcfbezo8W^*yWxWga37ciCv3+bunZi07ksed7WiNq+%3<+yTRdi!w1K}eW3py`0b?M zd*Oo>?}HDf2jGK4;BIgfyc;ZfKYXz1R`~KBoUnuUU>WFr06y3RZUYm0;Dh~lzz2uG zN9FmQ@WH0L;CGO}U>R8PQTT!%gAX4Zge|hA;T=fy@iwz&8$LW~7PtBL^~zz>#ks$ZPBv&5dKc$w+cR3R1075V)$TsHGD9+20l0lJ|)lV;DZ%w;r9_ga1oeH!UspdKEZnU zV4?v&m|h1Tthf|DICvTSUAWr_9~`>^J~-SAAM`fE2P?q6f-UgDL@RvIPr-jHJa7>> zvIRbvXoC+9fqUfsO88(C_!KzM0Uu0v!oQk$fQ!K4UihGQ6?`xO?g2-3!k6cL@a6f{ z@WBCa#x;ZwE&`L+!3Wb|A2{3(U!LCr9~=Rn0>|DB9~^uS{A>A+_rnL9J^&x|Zi6rP z;2yyb!UxkIf)7^gfe(7O!@rJj?t%{%eH1=82=;+vABPWCd`X2U+}?Ea4%T#Q}|#K zd;uH;XS{=S{~3I+3EUv}KZg$v{|Y|n|2KSj|7-Z5_cVNP>>2p)(STLH~64 zf@Sc*Ch#e+XfAv(3C_3)|G`Dz@Iv^YcNTmw0qz0E&V~>A=fDS>z!$*bbK&pCzw_XO z!;9d9gG=Cp-U|3&65IN`-W#S!(cx+3J!qYEyS-8KG?JlJ~#?C zfko@#%lk{=gGq20OoO9f{|5N)CLW*<7F`A(OkWNk90vQrQE(7UY=jRc!BKD!^xlIz z&<6+K1Rw0b0zQ~{GkkCe90Z3q!3Ud~;Di03_g?Os;e!KU1vm;efkm6)%lj7i;7BWc za3BRA9Nq%|eYoES9~`_AKIm)?aQ8{mV98{vb);Hcd1hW`Q5@n-noAXotoflXlg7Wkn5Zunrud*Fj( z?}ZO02jJgEJZ^;#4uBP4#clAxq7T9ceQ*#Q`4D{2`!Ia4;v?`sNcf-+4uKV5;tu%W z=$-JvqPyUOJ~%Az!BKDo^gcv9J_;Wk1S`N%uu1Me1|ReX;e+1C;mdPyRGxnV{)dS- z=!1z*!k7C`!3T%Iez57&@WKAiz?b_6;e$mF!QVqVfj&6+pYXxqZ@~u>kHQE0zXKmk zJ^^3ue+nOL`ZfHI;O>9ngWhl8gTudt4;Jl%4>mmmAM~Gv4|;!q4<`Ns|91R+2|ify zGJLTA5PY!6JDBO0`=btK2EnFd4`znJkx2(Lqu}u5gBkA*^7Dj)86T`T>0qV;9D2>c zOcUr$hYt?SIG7m%N8flbGa~mT2Qy>x{; zd%!_(ue_gkF!L1H1ik>$5YEiFi|+y#ffe8eaQNJVnLaRm9(-^R+zXC?Pl02L;Dh~3 z;D40xmcs`}!3|*13i#k4xJT|Q;DbZpQ{d=@@WK97@IS`;iwDxm)hRN5Ot@A2^acn3*t$e+>sSWne`kd~g8V1`dO}<^6j2VDeJ!v~9Yz?bLXqjKK?AM6Jwd2OspVhYu#e37^5A z8_0Li-%Y-QgYP5X!GRBu@ACXE@*N!d82K*mKS93B{in$H&+cL0_~6jf z@WF~_;Dck}jC)C^gYdzMXW@fmzlRTw{s}&q{0n@!e*wPS{}n#yy$Jtb`2LsSgM)|A z7hq!CvzdOuW1h|24K_`DHuI?9NzZ2XfyviAo0;%=?qBz8rVR96|7>Ozm;kqdVq;H{{q+w zUoZt99N7XN^tQqWhql272ixF-=_}#OJvd>A^aabn^mh2*7`P4W-vJ*S=ztFws&t=l`e8O{?0eL>{xy%qa zdLn$V|0MYG{x$Hw0=^bL*ncv7!5Q$u#7y|0e+qngJ_|lr;ll@$#qj@w@J@vfCQ9Ig zO{c*ZoDClwI2}GXd?tL*n*$#l1dG1P{XF=fKOa6gn1C<$XTb-P=fDRO=fRiz#qhy_ zCGfvSyq3ZTE0)0rN5Ql_Uk)E^S^;04gCk&31$=p53I9RvtKfq})$qYFFbyVa;DZAz z;e$o1;DZ(57&rzNJ%qot@WG~w;e!KU8ceK)5Bh81gGq2ip4Y(#(_qms@7KZyi<0oc zB$x*K!2vLR34Cw}904op;e&|=_z!d62p=2(li<)g_~7Vz_+a8v_~0-&0wy=W2a7I) z|8;m^0`xD34_1I_a2Onr`!~Ut_gBCN)8H65@Miemz+DS`u%Z<{*pz|~4uS*n9vlL_ z?eM_?a7^yo;r}Q8feCN~OoILn_+S$_AkV=eaI6D9SkVO^90rTN$#-_c7wmx#_V>aE zy*~JIe=U44`8N21Z-)<#+yws-!oL|lIQl;La{mGN;K*(8!NiB)gGGDbgJa;By#EON zZ;{@&!w38Cf)5UU6h2t=G5GR+5I*RA5+>+!+#Wa_rM1Sz$Do8Irw1zz3}Dz z=i!4R_rV9pz5pNe{uTbWi8q)4oBj5z z!3T?m;e*MC;e-Bv!UxmegfH*E1z+yJ4IdnM4E}eB*LUE9!;ixk{62iaC*XtL58#7E zKY|Yq{TF<&>1Xi2OZdNl5Bj6vfg`_x52k+$A1wME{Kv_k{qVtI zFe&#>!1pj-ar#F^KfFnnZWs+dgxUozc95`kyGXQ$y z$1+3U@Px60J175B7oSMexC*#qhzQrSQRl74X5~3*i5N zbX^G_EV>9j=&yk<_m{v22O8jm{p;Ziz8O9^wi*5p@n;KsuxT57aHs=5INAkYo?itY z9PWb;`q#k+6W7E45$|t;4|==dgQM?<4;I}9U*6vVAM`&4A509w2mAjY#?A-4k!gY3 z*|t_u1VvEX-%%qc<1eW}p*FQ%dx?UhJ`5k%aPLr43 zAP@b^$ivuj@-VQH{15bRj6963CJ+77mWU?k$Xg=XCG(evZn+-z!x$Wc!Ga~Cq@Q}$ zUm_}C#J)t-Km#^Ge<^tw*p@tWY)4*tI0o$w@;|~I$V1nTW-K$n8!ZI`$wBqp%5j%gICg4DyoyAP<9Z3>tfq|C#aKi#&AABoA%-l9$T| zl85nw$itYMJPghv4}FJ{AE2Hp@-TJ;dFVQ7i3mV<^%4<+_Ss8B6h=>6BI3|?>Jnl5 z5ABBz=stakaKpeEON39ZKa;#%K8rkzpHE({zkoc9)|3B*dM+jpW6%x#4dmtWW#lFO zbJe5B=AZhrwp@Fa|@=aRYhjVI0PxEe>xd4~;v>%jLVs zLq{8VXupR%jKHYm{p4XB+Wt#!9(m}0kUaE0NghU?A`flz$wT`yv&N zBtHn>A`ku04Q=m`hu(L|Lst)Zx&90Cay^Vg_m|}V!1s}t{E9pbeoY?67m|m*e)4kt zPvoIJP9D0FOGM$Hye_>&IAP3KB0Mm%WQnMUp`}YiEA%c~BEm4Re2M6V(G^QX0=id{ zU(9;wgt0O5(6@>_bWD(!TumMtuot=ndASS=6ZC8SrNRmAMN5T8E^o9{)Jtx>RJ6kA zrb|T_dN*4tdL@gOiUjm;zEl(rQO*|RVPs44FjPVw`nDzyV=ye2OUc9dcI4&y?a2>Q z{*L5ftc*Mi>`WdSyO5X5yOM_?Cwb`FgFFnv!X)LElZT-h@^Zb4JTzb!y8cNX z`e6b_VPT4X?nNGYp+|CW@-PBhp?xNK=zzV@whwt2gN14QzT}|~dZ2$l@-SXO9!B>k z4{ZmMhwe)9(!;_G{vh(ubtrks!^uPMk>p|I81m449C_$Fg*|8Loe)yemDjruw*6ehZWFvBYEh6P0$6~p&NEXFYJdtI0pT&WQ_K}3K)VlFbbPs z47S5K?1sUc$U}R8Jha_ReieCG0o}KdhX!nd-WKw58Fs_yZR90yClB3skRPYLt>j?< z)_Ic!?@c?_Ym&?$WPi`4`7#SrG?JLMb+e(g`(vNZ6gvM%)o097;6A9=pTqX(& zsAuzK!U=6#E)yPTze2?bwq%jJU|dz~1DcV;}M`2*Yyye&nICKY6+SK=SKOv&Eqk`YOrG zWmpdb2a$)igUQ1n?3K%hkeAD_u#japdFX>47=rcCekgh9hhe!~MIO3g0>)wCdgPBM z4@1xc-Cpw0fUVGf0(lspO&WNW1PJ4_$M~%Vk&(BX^O9zPriG<@?D)|2*Hq2+}ga-6L#{%-u3tM3ThG7Ku!Z=Jo`zPc} zsUJF_A9`R2*25TVg|<)0Ll^9YKA3<(Shy|qLnkz#2Rc3@552Gz24EOQU@wfr1hn^( z-;VmB6Z)YChG0F6!B%MdoIG^FUg(1f7=(q}Q$KV<1A3t23-ZtlTVVi(VFdQVI7~qM zm*gGP51r5tJun38VGOoHTOWDog1yiO6EFx1cc6agga-6L$5-T`7q-Fx48sWQg>jgG z_OHqBNd3?W{m=tLupY)>E3_>n4_&Yq`d|VEVc|~H51r6}9_WaXhhEqU127CDuouQ* z0@}YJUq=1V3H{ImL$DskU@NqJOCGvlFZ96#48p>lsUJF_0X@+F9eEgntuO||(6)#? zbioAl!NOfA2RdOCdY}R8q2qh<&48c|ygJEd< zfjo4<1oXi|C-p-oj6x4IU_Es7lZRdyh5^_MBQOEuuy8l(|B*a&Lk|qWdKmnPJdDCH zwEs*Vx?w`DhlRV-o&oaE2R$$d>tPhOLIZ}O<3Hq~7bai;7VbfNpcA@(ArJkq9)@5m zjKMGr{7N21U;@TrVL7jhlZP?rfwupWhd$T}<1h^EzmbP-n1Fs*IDt~wekFMr86yvatH?v|1o?mB zp%aE|%Y_HVrY#qK=*?R$f-tzwauJd1H&`xWFtp)vVL;o)%Y}U}`U_pqfL`delZSy# z$V1y^mc^KN3JdAHg9!9q(FV{QB!^jTgp?_!cFt`W#nbcQK z9{OgGhqgV*!;p)-T)!827=I$_Ka)Ik??)a6E678~{^X@UfV^B^Nglcn zA`e5yli!zq&LI!uCzFScTJkUkgV1{>dFVQeJdF6r!{FKE_k(rhp{t%e3_(8(Ttprk zFal$jkcaNe$ivW8-BNLmqnXB@biwk%z%~9wHCj zo#bJxi#)WwMIL(JCNKR51@z=$6Zq%SAtQ{BOA!gVFpIqU0ca!3t3UL(^A?8fdJ$LNr0wdMiXbjKOXg-*AQK zhwhD5h%p$jlRuc(Z9^VL0)nP^3bs(c^KGrW*Q?WdE64%h^vuwAaNB@ex@ANtN9FFh=o#riYJ zL${AS44p?F#?L1YgBOs8kqgN~$7ST9_e%1I;;$tSjqAxvHj|g@Zz2zU0rD^k`=R}2 z@-P5P4&!yO0>)ttblpN824K5f54)lJR`M_e$6&C9d=>q_eT8sC+uRkx2V*b*qj#?m zA!z^C3egMwFaeEwSBS#HDfhk=!UY2ltPozwho~3YAEsUydxU!B`p2jj2H_aAg{b!k z%72n}L)-JTTk>V{(9uI4y53tMqA>9O3K5sScZIMW$vDPV2nURRL%U(%TiOj>KhSRI z{h4+{Ka4_SfIRg5Lf%6;zmkVu=!TBp$iol}z$gq!4w8p)7>CB6bbLj6o0dWyr%2Y=w4%JPg2I7=sDuUPAsD z`URcPHBMeG!+IEkt&$Vup?#7(j0y6Rww0o=nsTSD6i(tcQVJ$V1nzZL&q%g&~^lQ7=vLLJ(4^$JmjJGX!6I?Kj?%8^g#D9UF1M10u{+7np`N+qp$mGT57tZGMIL(F$V1~k@^blp^3p#*{v_5vL>@XG zCJ)_@kcWQQ3ZpPA{iEcetAjjrKSus!@=ub7{%6R;$aCaj=y~#T`9<>3@e+CHf0?}W zu<#VdKSCbHUL_ABuaSrGF7k5y8|0zwP4X}Z6EO4^`5HWQ!r;f`VHDQGz-Q!P1cv2$ z*b5DqfR0}Br!pSU38SBrhq157!@xrFFapCc4trtrTk_EUJ^9nf_mhXQpUF!OkcYNk z$U}deJdFI8JPiIx9tINRPsb0FhxX)3;e~GKhqly8p4X?|^h%!BC!bl#^ZIPJr7L+} zpL$lTLc0{$nBlUG6avg7L$~L=^fC9}{sHgEk-K zA3Y`<(00t2a6=dL!T53Hq5XLBl3wyK2IDYv0{OGyiR58)4tdFw$iw(4(^3Zh!dASS&(10Q6yOKPN!8mj`l0T0;bU*{Tq3bI0 z&<_JJ4nxp!HF@ZRap<~+{Q0z_i9B>eH;h9c^j%9H8ZZPM*O7-27>Dlb$zOnn4j2rO zm&>=2hrZj%L;D@%p}Up5Tz@Bd=$K2so_^j>9!8-X8V`_%kq61cI1EAiL*!xX5%SRe zDESL{9dtkgx}oDS@-X-~dAa@x^3eYzc^HCm7=yNpDCcSNFaq7sKc74dK0_XcUtP6bKO_%>ACZUtkI7%k`UT{n{}b{s z`YCzn>m?6kpOc5i7vy35EAlY-HTlb^Cqo{(4f4>wj6C#?l84ddt7>6O~+J-!g!Z>tnOa4l7 z&;g^+4P)DrhqfKaL*I_%p#h`P??PVs-N`pHj?e+Udyt25=!5=p^3XSfJhc6jJdDCP zH1;EZ7451Z52ID&B-_$zO+u4(Psx zyj+Gp=)ILZjKdK0wUCFl+sMNJv|Z2g?c|{!x?v3Zpz99uFakr+(MleMU|cTWNxqq7 z=zxy73vmQEO zWP@?xf$rjQQ7@Nw9T%-IG-F(Zq3@sLq8Hls9Ty20-)~$L-a-8pb1`Y4HFraVt zxUk>J>rNgQF6cOoyj-p)4~>h-!@#BF<@(FXOI|@92BCc}{kW1mbX-Rs`sR{{fgpKk zzn8q^!{nhK8qn84{x0&+1-*}xhrTDsL)%m2q2n3y(Df{N$>+$!$P47#$aRj33g~)i zT-3n$YvZB``d%Lw?a=ndxafv4*e}IFv;NC*p4Vr4^^Nnq zKI8e-IM3_T?r+9-;}&uUrHXj zw$9<@((wL;?nPpAd!jQ|=xU z!U>J?3E`2PK_2?{Bo9L_@-Vg!dFl5hFMS31d9>qT@-TJ?d1!N!hrU_lVH}2~Ka{*& zUqv3ejwJs8uRn!6bkvZS%a@UduFJ_o_m$*f5cW#nNM8D@CWQS#%7-o(XqpgS=)HDA z_@V9k2@#YYMqu!U2@!+7J14{#49%SoB@f~6nh+I|Z4;sfhVGdVO>+6Z3DFL1?GvIK z24FvQJxm@NkC1PteNU5zfoI9XXqY^-zeHZHe~rB48|0zyP4X}fOCF}aZt~E0n>=*C zLmt}SB@g|u8^(LcL!*y8j4dSp2<=-$9tL0ybp1eHuK$s|T#l26j^D{c?;v>?{geEo zl((2XbZ5xJ2yB9m5$2s-zl3=Qqsy3g(6^j<*Fn3X1KL(F@1T2vc?+X3Aea9~9>()0 zMHB|sofL5x*>qCa9%FlKJ}De9w&kR7!{|1X!Uyf8lOh1UJ5Gua^p%l^ekXYt+k^b$ zlwV06x(*@_W6%fVZt`+@7I|ntoIG^HIE)@e{t4P~40&ifo;(bB$;!z<971UaR+%Adw@K&x08qN4)T(ZlZT-v$wTi`kCA_l{(nba@_X_y@^A9c-cKHeU>F8|A`iVk zlZXBR@?qNh3wg<3$xFt`!{Be^Vd!`A(ElfSxqdNu7)y|Up6xe89>#{rLsyc#T!yVM zkRmVFr^!QGhP+%qLjDEHT|yp)pa;faJ#;N4592T_mzR-;KA3>^<>X(4E677X^uQRb zhpv_6p<@+!7=^vim>>^htI2mVUV=Qd+g1w?^yRM>_0X}-YS9Y4Fbw_ct>(FX+6fad z1`A)JeMPHzZlC;yP-Q=OWiadrUq5TN*FapES?IAChk0B4^ zu&@hy$wSv1^3Z^O=s10~2*MbQ$n|He7BT3$Xtgk)&A(dM-(b8iUoBkFcjao~g^sJp z%jIjxOE!^*p=R>XdlPx+2#|jh-cBCc?jR41R`SqwCwUl!5xG2fwHSkLXn%{>^G|X1 zzkKiRb+c{Ln(WiIDO$HMIBi|KTwlt+-d7fj-PgQE;;&!NSJvR<>wPaQ7Lfw}XCwO& z8f>}#sv80BsxSIpYTetX_w8%{rpir4r$n82TF_IYP! zUm)vf;opkLVsW$V!rFX(^ECMa>F4ur_|?VYK&brHx$+mVx)<*;`@F+c`Gc$huNQ>%U9uB@ki$K0@eOQ^W`gK`|I%CZ!8vPtZ(); z>#y}K_^}Tb3m)OfwRx$>8*@mV0t|7fweSgZehRsSHq@KbAFkY}^i ze7;y*tK}P2z6{^px0rk4&GjFsd=%2cM7JJJTYs%6h4YSQ}d@P zUnKkY(_-+&h}Go=W4v~_r+p!EpJ!(2I&VEi%+%s zKUDR%;q8Ac7Kds1gR^-#j-7b-pNqwIW-rIFIQtS=YId9!@w$q|*7c0y6Zmz_<>cq7 zb`}?~Jrj$?e`JAc`XL_-C zaJo5v@AS3#dHC=$_IIs)`>OVJ;d@6Hi%QM!r~D#(V)tx#~n=SiMijVP~<#Jx-`uSP5pJlA7#0S>lJIBrKklSO6-1d;KtK)S|(-R`k zT+VT~PH$W1o`Qc-t9-S5T^p~H-+^xb>({N8uaoWS;&mRr3;kubW3FA#tNn2izJEj7 zg;xIbsjkWV=o&BIdMTejUyWZe+ogVEzT2E}%K6_5WC=1q6JJrB5Wi~2v!B%QYz}^G zyM(w~YhSBsU!yF4$AmaWEB^>p{ycp9E(x)t*1m03`?~PqT@&I>+M?Q*_iDC-vVDv2 z9%n*)XdcJ>9yLEl@ngFu#J7xt%IANT-S{$J%)IG#CB%N(@ocX`)qi|{1>eQKp*jEh zhHL#CeA5vLaV_=a%5PNjyHVz=6Jjr||1)y^$B%gvqC?9+r1D*|{8JL5Ny}fU@{45o zrzgaTRIlpKJ5G(yD88gNA)1R!KL47cwe2sa-%a%iv9ngcL)AYM-+F06oUWCBvMPTL zz8617Yv1vzeU13SD-+@rsM?o5TaE8L)_bl`h#_tJ4XW+eg)g}=A!cZKr^+v4z4P{j zn5(t_Hr4)7e0v+;DZie%{ukF%{b#-N!Gw51^N%P$ll9>z5@JG|pDVKSvz#L5;9H+e zh<}>B_ttgWrr$la$CqYbDn~E7Keh1s_NNl!P;GxYNbOJa@x7f1(W327H>v$;0ltFo z;D1gV@2Avw56XNO`=d5rTeI`Ej5ZWdZ^cIm@uzIi+T%UPvAluoCY5Wm?JSq=`#2$v z*7lpj)qcZoqh!D9|6kg6o2#~413vUcLOiAU$CPiA`LFn`2F+iud?!A*Fd<%ts-5{S zt8wa+`JWQv18rWsqvk~lANwt#pFi`rQpc5|4e-D7+XUJ;C)GHY<3o!R;$t}=YsV?? zeKqf^@!mv29K`;me13&`f6##Uk0dPLhqmDZ`2T6!X_Y#zbmD!h6Cz`tSNTJ#{e5_s z;JBpK|GKI_g^x`i62;p1Zmh<)h~q)5a7etX_5aOW|MC8!Au*vHH&&?QMm6ibTMdbK zwDR9jpwoQ>yYS@e~7Hz zKKZX~w06Hv;T`)9iMO=+UsLrLG49a=hQuS<_&uP;uN?0_bV!_|&95`m{Hn$W`K^dU z%=6>AseMSER~qmU{GQtQ?5@VAP1avMBo5X5LCSaHjpK&IRa*P}>U~Wg-h1+p=rfPc z(YF@dlb`?I+9Qr^$0)BGJ7q|0Yi?&vuARkwed-=^0ZToJcwr`vC_Ya9pwQ=82jeDo`4-Sbpwe#Am z>b%y6_dhly_R_|6h8outJ~;nx_J2G6*&$J&ZC4&`UGu)L94~)^Bq%$)cK^z|OO0nW z-oSGyC+G7!)&AKa%jY*sTDAPGD&K~;y*4D;wDG$`jbA6;|K^bRNZbG3Q|;@+J3e50 z?P0F}xINakKZW-V4~hS2?OUbVSF{QHcM7kK|0*^9<#-3bk#e)v{$|zwYJ3pCSS$ZG zRel5B$8W00zrWP@<&UWH+hqMKhQx7N|BuS`AMYO@61$q~KPOv#cK-F@1NbU!`yHb8 z%M?D6KP*;i?OUqaSF|bZUuRgHWG+9?tNK@tkKvEj{Nc)1<89N2h5S1v*S|Z|@w)-< z-(Xn0pv~WB)ckFe`Avt#W?K6;Qtj)MezRdwr{&L5`98dt-vFy_Ek~ z$31zx>Xe?}%;BS=T>tXh)%f(`W7`jl8RqiqbLFS-alAZ+s_{81=Zm-)Xy7;1%HL3x zUoO34SnOcV*XHuo@?zo+*5x1g-i2$DBmaRFB=v! z&F#A^*S-|qfw$U!iZqk{mudNo$~WMn zGl#`STKm>h?Q6qF_8AsJJ3fu8<5MR-STQX4s3_O}{IJUR;T;DIixW7{sr@^@+AbR) z$1jEV9X%}OXxsnz-1aYF{Erszv=x@-qfLzS5Cbjs^#@@ zUe8BMruMv`+S`oxpExYe*ZO<5>Td@=deX4?NNdk~s=Ylj&u@cSoo@&5ZhkZD2(A2C zs{BcrKZEg*4OZ`Gj#t~Ol=qhr{PkM>SF8Ff@%FPho@nLosLHR!JI)=p{Clk#Z`2Ko zZ?*crQuTMp`p+8{r)cNX+3I}SBl8yxi#@dQ-9?S>0N&OxEOs-OUzaUDJ0B+Tc03;) z=lY-jq{^3W&3w3o_Y3BH-cr@RN_^nbVezH*e)CiHezO+ux_Vel=kE| zZTlUdwqNNs%%2B`#TDj!-X*#I<3so(G(SuET6_$DqULkg;hORGhla&*+V~%(#=k?> z&u_Y2rRDvq{2p09eo&jAzpD8;fcNv;Zovx zZJz)qkL>zXvaWJJ9O=+yFj?|3T~Dx2k`Wvi`ndu~740C|}AO zdG}YmU()J7Le*c1m%mkbu;%wyz7`)`_56RQ3JS^sxzAFX}ID?f>kEwVoUlsd?NKP;-u_1~1OKD+-^;-h%0_SNG3 z{~i`Gb3X4&)&6F@;|J^gvjgwOf1%|+QTZOcfxkxcS13P#_x4+l&m`XUllA^px&!UU zS7_tAx7vRz@j-rr@(XQzKT+dbi+BHGeSB%g2l$Q3J+$(7QRR2Y@_!o^TWWq&<$I(b z92Q?``+sk4|Cjai+n0Np$7kyFHFf;M`|xhFzdpBpOLwGwc&qobm3ZIK@Lyg(lgF1@ zyldFnH{)$dek0Uef8NJx`*q+W_#ZXDNckSTKQ$~)&*KGa-@oObtj1?R<}<_MIxT;d z%1`3$Bg5hb%{M7ux)bH&t&T61_yB%4?eDEJ_4igSKDcaH{Gyfrqbk1{?;YjuC9}Uc ztFzmu1MkCcqn%&2Q0JE(>Bon~KIZ(?+k_+qVaAOiNl`j~Q6wkJIMIQEGln z;vEG^anJhZ_TQ;KPb%dP;owF|ak+VX^QPWl%K2T1H}KnQarNSw8+O%}-sB%AWu6QT&+Zm#KW| zE}Vb2Oo~FSfBC9^mH1#uQhciU50$UQySGjXd23v5e!Zf6Gd{izUYkF!sQJ@@5Aa*L zUaft{sP^^XBlx>D->Uoo-r-1!Dy{rORQZ#5?@mc!H9tz(@dG<2#m-v$9jg76_~0%{ zv6r@eW~l8`i;wV|zVB-JH&wnF@7+BqzSi3RxoUq0-nK_lY@?OGg(|;C`WZ=amDWGM z>fZp~=Sqr%R{rm*{7Jm)pGk3w*1p-QeWgzJ&%Ki3>FE@pjt`Hk<4+~twtrGA)bd}b zd@Vk5KvL9e{#@moWuD(E-n776{)X!K*&)3d;j~|t^yq?`5^T#ADKQHRR$MBYa|Kkn(Kg{jB zFx$MT_dj@BHOGH#|G87`Kc#$*j#SYs1DOK~Q10Ux%$v4!FkA>>^*dz0okmqx~T>Yh+$N|nC|74!u7H`px-#4k_ z_axqXTT(nxWX?aL?&m0F$BFS<<2CD;{fX-OV9&CgQ)Fmb)a`Ny0$eO_6KcjFH> zd(-u`TD%Xh-9M3koGQN=A9^_{Jm$RVzWok-3~zOxYL6_R-<Hyo=wsKg^uJF*m-oc;DanW?4S|Hf{U^ zYJ58Iws-jZK=X~t_sH_!wLX3i;Qe^3`8z4=$6u(8U!5AiQiAdKtmki~Eckui|7*vW z53|P?{OzQYUl~4(mxp=PzQc0cxeDKo-`MPr z&iOigE55<(^Da>BYr*&9Pcn~FzE^GM`S_AAlA=k=U#ap7@J;w#%>L|L{e!Z8{2ykY z7gzZLJ}|HOGAWMIe3kNL_*OiZ3v>N9-PcgH#uu2|pC?ql4&T(56r65z`Kj(tZGV}^ zpJDcSQ#Yi^@t=?H#ams+T!1h9+WPOrL3{;%TXXrQ``rq-fFiwR|MB&BtNB^A#(T}> z=jHxRt;4tfO}=G~x4KR}A78UDX?Y!c0lp-b6fbJ^KdZ)n5Ff_hsQIY_wH)7qeHp)R zlA_4G{qomU^REm)hJQrMKcLF5!Z&?uJ-&5oyw(2Mg0J|Fzq8Hdo9;W9kN4oM-Uly` z<^N575Z{Wg()xFZ>R$mT=Hae?N~QN9dc`0u3XF}E-8tz7@{VZ2kz@1*i|viu*C zmiOJZNdIF}@CagV|Hyw?<>%vTeok6`4zvK@j(=Y}j=!yrotF_@>O`xuN>z!|1ah1@V$7e&zV~Ah4G~2b=dj%di*h3`A4Yo7vS6R z$7%j3rh zq&Q96{wL+Ozs`v5K9sPYT&g@gQ^s`=dWm4o;i{Pmi@TICCP1KN#0#OzJ?Etlc@ z|HfD0$M9Eb?Y~sDzYbsXXHwj+&Ch$({A`isCz4__bNy2vlTV%h*Z4cl-t>It0=#D^ zDYnwy=M}5>d4tlYlHv;OeflNpeR{!xjIWUtKWXjzUbU|bU%xDA`Fv;?;-!b+2_5jw(lT5fq!1}^OY~C zWd9#a^4m+iK>Z!NnQDKT^sADV_wiKW3n#4K=hxvqlS%#gxBTqmY*Xide8vBgme1GD zmw7y2F<@%n)2e+7@ckkw7HIwZK=p4B-)c(<`8HMcZ&p@k>n}Kn{^704FT)q+r7S-O zs=}Ax57f5rzH0l{;VTMKmiHyL;A`+!e`n3d*W+){`rnl6KfZUJl;A5Ya{bGHT=_v+ z{<_xfFW|sckGGm%Wq6sl@>O^b-tzd5@5Kkqm0kP z>m2j(HRUPGMz5$R;0uZ>)CSs z%P(C|^&j6pDr$dsYyYjP{e$?{^HSn`&7ZA& z!C`Fw^HXAx*1v_Se`Wagi`aj)_SdTRSK$+vrNn<3zTEsD$jyIzx1af)XY%>Gs`En& zzW0ihsMg9qQk6d+KXy&Z^8LjEyyx1KI9@CN=xq7&Z|*^S)Aj$?_?Yh7&A&1`6teZ% z{kgb`@n~i~O=pGL-w#&Tjc4KuZ%tV~Z#oCxen(2w$pY8r^QIm&kn^z-pTK{qZI4gY z_LwL0cc#QSTK)_*o?SAJKT_-Oq1pbHky(TQyl=+)9!ptX-|xVCLn+Ja!#(%_ekXJLP3OG}{Qa80NBK&84F6Z(Ga=`BEj}Jji6^xDBiX#%FPrhc=l}or%T8V&eIX^* z)5fzvjb|S|(wP#wX}(PPl+3@Jvb^7*hzs%lSFGnlIX>_=z8W9ITU}>qz(*sTN3{0k zuGhE8@?TGhyR`ATU5$4q-oS(0{$%>Rpbz2bvYrnqybC{~&DUWyUyI}gz&BHtpI4RR z19+?br5Ydn8{dEr;a6+zA5;BnljXma5-T*nMEOppQ&9*TyIJd`dY!_U_;GU*_@M+VS#rb-ZlA2R=wyKHt|SeKckH{7$FzAM!p$ z8=rU7`1Ii&AEm^w*1tbg|5A8kf%W_JA}%m_KS>F@x%{cixY^@vIo^%8-2Q9wdzkZ6 zhm&l+0q-M!jyAq$sQK51k9^ACIhwCfz7rq&EF~^7m!EfDuK##PZ%W*v`5Tl^;e+^u z=6_edsG9bDo)TAT{!-=3@lpKsn$KNFs>VCMus)tP;Qe^3`rGjCFH>Tgx&L{Ss{T&A ztIzs;*|)|Et$pJvpTgU}vd$NAflvBx%=PE@sqrtz$G*1CSFiC_^*7)n3$62QYy4^2 z{5?s{-%h;oO-jgfi+aCtO1691`PH|^Tg}fD-u7)u#I*hMOSOL%aRD{*eaiCt8_MzC z{*?HSmhV^jYP@|Q^_SOi%Bi{m@4(+_9$)kO(5a6$W$&{6>EQK&|D;510V~$Nzsf&F z{oT@okN!6$G1Roe3Jo@Ts#o3!v~{XZ<%e_8&vY4JJ5sO_7#K<&>xcmsce=BM5u%k~f8UE8HC z@86ol2ewa(`^@t(|8CX4Qd#g0X|Ymk-%{1SN_>2$w76ZX|7O*`TD-R`E#B1fuc~}A z-qXlZV*k;~ ze^Hg+Ec5vLG@tw2tpo2pG%e<9{t1=u!N>8>XvepZI=&6y{YRw5e>Fd#{3PCebXuIP z^{-a-uXGOE_n5S3)BGLESK@8QvVUpq%YE)ti}&KKuB$iWEcG&?`aD6<3a zJ|Qi(GS^>y>(qB>6=s`}ohJ);UBzs+gEmiEvhzfiGl&nLoEGEecFOO!GO|M{*JjHp zI*H@KDQWSKby%U!H@m6pFy;7QE#+wEi{qAG4=z;4ixl2>AIDoQze?>-MW?WR?oW$DwEg7(wZD|(eGjI^ z!P}VX&)YJA|;wB`GO2E4Z`ZF#?W8{YLsS}f7pms0KP#M|FYTi#FKhxfge zw!Ggjh4@wZ>L2@tA9w279HCB zc}UHla=h=Ov{* zefS7|g*JY<>jx=(us3b__jS=}_|MappQDxIU0`le_-ViT8cQ`BFPR->r_%efapdX)&VtVdYc!NPk*9rft7=wf%}tr++_l zzSR7H^5uBjFKN-QweLH%{i^ZNU(@0)?f7xKI({_B@_$c@Pqgugs_|*V$MII5V|3!Z zf21ux2kgTK|4fTBwf3E=+Lyw|7V~~pJAd7*&R<2f9RHT2MOy2BBG-SseKak0*7gsF z+CQrCjxoH}e@CwWc-KT)T%v8CdbNGp@Bv#!+^Cg*tt!70A1}y=-L&&dnL5Ap;f)P4 zmfs_u!uvMNSU&GvbO!y~DD#)sYfIT?<@g}}BW--AzFJTEYP{Q?5l?IVe>~TJd~CCf z*j3B#sJ2fVK3<%$e4ersZ)}+ndujO@D&L2U;osqrg1i~46~#5`?${-wsJ93R;)V|kxU zwe%Gk%kR5r!21r&2&Q4KeR)$CaOC`H!-w#dW`9k#d)f12Cq9bj&sI}Dcb{n=-oPJb z_BZD8DZHaHBQ`gCZ_XF_ru?>MZ@N#m{Qu#r{~x|#jep);e%}0S1Ik#}hL6y`Q_bUl zWcK?jkIilbUL(h;i`OL%v7RT3@MHLowe9@A+Rmf+@T`m|*8IlG7oUwkG$TIIj#E)} zoSKQR@npm;TK)!=pM&o`Dr5OvQ6s+an2hE9$n(~CtNT&A@HN#L%k#h@eEYE(vBNY5 zOYH|!Upg$uZxkOsE+a0{&I9%8JWzZN<9ABN^10WU_`*{&qJy$j`FRgzx1%h74!#xt zj^^J`z7g*{EhB{HbJuC-$?{Lnh<&v7yVUr0$$V|b^0}QwGJj^q@_y)1d^=0{UTe6Q6XQ}xfp*IbveydPYGs11If9iI^?EG7V zZ^HY`-t=7fD83tS_4^XV7f}Bl8F97N{>xSSXW}dFWdAdle}Sq0cn|(*v(I~6jc=nY zA8++{_B?!eF5|D&f1Rqo3t!k~UH>9{3H}MK{;B&8vd4dXJAPR6f2j5q*Ry@@&WJtD z-t^qxOnejmJG0Nr-7h%@UvZE1_G!e|;9t=4z6;S+eP@#(^M|0`p8zxpD4Ki;bS zqq2Ow)&5s}A>{|H+dmWEkDsfx|2EbBIe5>#*5liVFS##c`MnzR@P+qhEboWy!dKw6 z>!NFZ1V(P(MbgjX?<8&hl&SeMiuXK_v3%aCm=Bnn@V99F%YBYK6Q97}rujgw|M;2* zGvZavcPihAAH(0I`RkOQC-V+vgYnDYB*?Q^O2&BQyO%UFKy zH3#30XE)3BFYjD6K8^SU{xZ!^9bmHk$5(_imfy?Sg>S+iuI1gT{6+XMzQXLM9+%9H z?GCrsS}v2zxWdN&*!b*f6bKsg^cjz^J2CA4pV<8&cS(u( z>0i!RUZ?KDx4x3GyiaKnzA%yz&D#5$Yt;LjQGESt%zthBHmL1ed@1AeR>tys&1T}8 z-p+_s+WZ?;^KTBm=G}~FoNgYU%hcx#jri^lGvX1geGjPi&BIqL$cS^b_MNHP*M)EW zJoA^|Q=2{h;m7*84xqK~Sk=B!S^n47zL<&Gw2=K@%m1YEGw~JQWGtWOnu8z1_iOX( zJ2gKW@!j8A=jX}#zsraP+W35+#-|JK{P*AN|I+`Ev3%ZORF;po`d*e|c8sxpt}|%$ zAEWA@iFf|Ybq=k6pQ`@N!S~~T)W&a-8ox$-`+v9&qU}GYsQqW2%*T2Eu9ZJ^0F&Fd z3t#cyjOFv(i|`4&)&4aq{cjm@m)5@9Rr`uBXZ{Xm#2cEAC_fWF_6OHdG;ddaj`V+8 zUq@@iClZX0*1z2M+Rej(hlV9L|WiR{zhc{zdrSWJY|bmEWVb&nUhrl@a@E z`I#zT%)qy&t@AVSo(#udZGO1b{FsApGBRQV%}-ap5nsQQ@zs1p`FZ%l&kN;Ov{&+?_r1|^Q_{_vtOlHKH zTKT7{^5@{2{+F@*oTX8Ekr8`q<^MyKKM&t-8xg~r|3mpMe0|=CSgQH7@{91Ef)TMy z^BLtw@y_WZ;tiqYxx=ud_-@W08cuFh( zF;#w}EPvw>%j4@jeBmY|;zzCiMXLTTeD7u>;zI5CQKya{i|{2|j)-@)`SYflKco0= ze5>YfRlfKt#;0V&@^h@2_%ZxEEuVYdc@Dm5s}aldbEC}Tx6=Aotok=k`fWz6-~Zz4 zOGm_|+W20m#&;3Ed)pEHKD+!D@;He zy^M44?K_W%q7BURW8Dqp0L%TW5#Q<>`OD`wq@RcH-i!8WMN+;0q5L5w~jf z->B+u#5Wy0V)@+2yfuCwbN{El)-5}JUHEqLR?kx}!k5e%vAjMpig)6zzIVL1iS2vn zh&Vv&|310?|^^RD6pG5Js%n$s3wC&fgw%<&A_v{hzUZJUf z`Q6#inaWr-2VZmgh<^T-_c_cenr@e4!as7JH}kp(ue)2WSbH2b-Otj2chruE<266^ z#WFJAgZJW{T03*!J28OwoiSqhdoPoCKYp%O{%vYIm0ri^g?OvuXeB;yrgi&j@e#aL z|C;fRvqnTfYyb6XoI7Osz7g?=ww)hP+qnmCs~ZugXzib^+CPAIR~kn@=4e^R~{A8Z&AJ8A9TPPM-oAG&NroUi$_mG8hC zSBzLbm)L`kTsc`QMbE#QSd;5!Y$$ze=^gw3+_hG$MZ2{4dH^ z;zPHLh}G+|0oKmn{4w=;d@VjOcSKyQ?T6>9{jgbh+B4%rU zryi^RPOZf|o*xl*t^N&E{mpp$OUw@~zn#i=$oy*~;xTQ0x2yTxgAd_KR^iTA%hA`a8G-@$78mEK7CpNv?3KW`=8{rQNPuI*pb)c#eAcYR@f zd}zk|@TY0@pQP&VkoA8vV)?xpJ^0vn%s;2O|6@)$K&7l2z(*!W#QIyC{W@E(^^>yv zEey-&J4?BM=-Ap2bG7liO^shAK3Hm4o(F63vF!}Y<4-f*=P<-N+W6Vj_;ujDI~c;P z&5r}s{OG~^cQM4n+WeiT=I;RB*v$~H(0#Rk=Dnci&m=yuyJ2}hVrhW(?O}*R&H1Uz zz}fMw#0T*{vp0RtQj3q_KhXR;s{UrYzuXWnY5fbU{&nDOdl}*aZT~(;?cY6kZ-rs` zIlzD{AAh6vKJ;4kK6DZvJIt`WAF%Xh?zgBi!~--VH-16Y{z|<2a6^2g`S+Bs#T$65 z&vBcjKf(|bT7HGfci>}38kW!3_DJtB#7|oOdzBx+2ahtu8=8+OKZ$o8ZHS$;`MsT* z-=(+EziPwsbNWiW<5zEWaPU67M?Eu)H6&79Yf)I*kUX^Wz+~e>dY}a}04_ zp4t1<_;=tPrx=#^vGmA%jkO=Z2Tn6YnYMpzulBD=eDEwobZYfKr|K_lq5g9W%lnxt z@kX5?-qXgnTa9lmK6oDO(|qnaPBY$pz9CZD_$*fA(}B0wGrn5;uFkfvj52%h{)-GT z+w6~8^L#*6_GQ`Q)F7`5HyC1izImLdspDk9ZTvlTnIU?$ar#(|QyJcKm0|h)I#u}o zs||6GmakCxI{eu6hUI;`E%>HpLxi+(cvOwUe3`$&u>79+1^AMHVfpUwLP^m7f%-+61n7v61HeqKEv--^Fqn@9Jk zdA302?=i$_+V(w3ZQnt>=Uzkq-8$3n@D$v^-^2G=`!amt{f6cD7*ye#9xyDQGpob* zK4^$j%=0vVw%X5HWcd#pme)h(<0~FzKhgTXIM;uf@A#YTFa2YN<@eJSa3RczKT<3I zP*r{zz6S5n{9(#h;al;1te88_<(;p59ljr*{Q^~W92{5oWwzkEpS33gtS z@L~LcW^Z~9a6Z2GZ~Ov$;&1#QzHotI`91XocX50r|G2h)KCJf7GJMmghUMq|RroM| zM9UAWe4WgHPXDy=-&c))3%>me>-~4W^j{j5_f0Rrm-JcZ2c`dt`K#5xMAcu=M*qJy z#3q_AQoc<3h1T=C3SSsAEI$vb!&iK3SU%U(f-m{b_&@Bue|%ii_WwVfq;1+xYfz*F z!wrH_Q~DzarW&*if+8rLl2*!Kkh(=NuBc!zD2gB|C*L|MUzCX7Z3sg;CBw6QpbU-;jy*@razRJNXf3#?S@Otos zx&PV=^K%`y|4Gjq!ApMDpJ%p$_kwHRe+*vnFU-$M`DYc%4_^CAl3iM2F5g9R{w=-* z^KT!{6P5Zc?1wA|Uzbj@Wh2e@e>Ki;_<2}0c*Ss%xyG6JvDc0YizhY5^9wFMPX!Rq zH8RDXP||rswqqE)ZFEZe{7n=*G&ZHZ-id*G$ECFU+7jSSM@su1OvkM@TMM}Ed#-Nq zwh1ZieFqce|8!UvmIF4nB6Qsh<>$l*h3!c-Jl|=1}^_ zXxTra;2nQSv7eOkeJ9Ho1CQ*M(tfWl0Uq2v#a>plhW>+k8=CTDfXL^{x3597`SKO6njmn zpOry#zZ6@dv`3&+VY z_g|S}BNV<-=06G^IxxjnDdoSvP=0XdK`9ng%731;Pk{TYQrdls4qRY#fp4YQkC*mt z&JRwpo0a@E70M6p^`^A%xeS1Zz~4~vU)Yxs2KUU=&o5E%n!{4s`?fJ~XLX8oEB?Qb z^^*Ya0>|Z`ss9%CZ8~s6+k3cvesY8REw~Rn1b&3#f2K@70N!R{9|rHTu#bY* z<6_`(@RODFkC*8uz+Fe`+sA>0K0o+)v;Azt+&Is6gV%tsH*EWW=j@dBd#C~M z4)6ob_NMQ>gu&zBGtGQiA^j-#KPRQ#Hyi`E9hK7F*G_=f9G%jh2RZJ7e_u+wFT@S* zIY!TY;5EmlwCkk-@GkIA&E+%g8xMm=j!Us~mFuj9@;WOD9zQX~epkj{R*t_Ic*n^p zwxhyJB~Nf(n__bn|Hn!Hj=PbuGg8{?d^dP-eu}xqAf7x=+(F)N@o`>{-| zh5oz@JPy9UnVYWLo55|@puUv+zc2H@7QF3R^cS3wM3+`ciTUANc>?g5`-wht8Y zS9TBjGx&*SZa>zDz>oJ;;1LV^dEjjp_RGMN;0qN0^Q8Y~aPM_`zLuvC?ljvUUC4ho zc*ufp1P@y9vU@QfTJS3H8Vf!Toag^AbN)>CkCuU3rQb~H>+IKpTb3W(viyINe%XDZ z{JQk3z^&4s2X2-AGH}cCQ~J90T?<}gQUBfGR`tK}Ptq@I{*&^9Tb3W3mw&do{q2Qy z!)4%Y7Wr=mZ?Wh(XBa9zp(e={JM7fa}s< z`zO4c_$YJ!#p$>xKc%nZWi6upbi4|jw;x|tlIKHWcpLubf%E>Ojg(9HvP zUZ2vg3oZkXgX`>@!M#l>?Q`a9xjpzZO8SNU9o^u;8&cZu3T*^$yD_ER$6U4w^>b5- ztyBEJCC^W)z~kWk3jdGf^T0d8DR#NS#RU(qpJm{#oAuYL&D=k@U$N&KDaHBmT5f-f zzJ9yGli*(}_J!vxHiEa^it7o5XQlr#G<+n2@izhyc|C4XyV{?>AP@QW2*cuuC9+uxbe?myTF?!7Ce{r+rO zE5_%_ly)C(6}a!ukf7tGVr$hQri30&73!s0Iu-yNFA?N{lq*O!6U zJe*>a&Gw6pY%AHP-L-p4UNDfZ7x`+4B;CsS;ZV!uGv?=o;tG^Krxxta5)^vCbD z;5FcHEB*`b)9MDdJ&pNIX}?=#`)vddJ(FS!74Db3>@k$T4eP0j|H5~*s=$NK>iIly z=W{9cj$;2tq5R+-;JW_P%>6%~Vr|86Alv6jxn8jr+}56AbxQrum-XKbUh@i$FGXhi zi{yIuM)0;*Q_OBIzx{Wazp~YsUtYs{w&LF@{a10`f%SN$eBVj?dEmh}^n4k(_f1^i zD*oq5|IOf$&J^oY{Qq0}U(5Z!jrud^zvy+@e%;`%f9S{eMsPp4Zhv0c}_Y@y_}V$2hr zh*$YxiansDbB|1?2fY2G6x)XzXGY}t-=;O+60c7H%4_y+Lu5_9@H%lnh9;Jv*m)&eZ^Z@*9WgHE3Qzf#)o ztoMLd{+eRFO8xvG>!2Lb;usZP7;8!XB3*TRD z!0AZ;y&$nIs@Py@Qe5YyYwHB_u0eXkuCeQ z>(5c}wypZu_b`|C_OE3-#lS;b_i4|E65w(0K4m`qx10|hPhmdZu1|YC<_7NqU#HaH zTeALq;Gs!@3hKgZLUugdyZ?I;s3I#KSoc7um@?PKpK<$FVx&j;=)@6+yc z3xEfA?_;kj^F+IxC&J*)J^QrxFQVZ7z53X@ihZZFk8%5b`n1oBB)}t+``BWo{B?!$ z<3cJ9{vV}$|B~f%gSUD5wEGx+{6cJh)URS+cy2fV9-7*xeScq=`v=!u4@SYA)B4yl zCI8|Dfkyj-2f=Y!Z))FrW%&}|N${%`E*3<%y`v513)B0w@AYtlcYvR-*oy-RxA%cN zXXxz%;306GeHgq8{4~YCSa9L~quhUGpLYL54BP{LmQw$P@2ezu`UmuBzccQ57Ucui zwVxZ@dr+VDeufXc2K+81|F_Bd4}f=pPaKN~a{k+*u>XPc!~3-F)r)ffN9cKs+k>N- z3;s>ddnCa9M`Hd}xVYhAwEuG`Kloy${^|<-AKW=dZ|?&Sf{$0mXNer20dW7(ecJPY zFn9=DH$O$eZN5JCS7rXbSkB)u?*F(x_J&fvwX*&b;Le&pc7ejh1(#9&=V1^2&ICk| z?eoS2?tpVQxO0A=b|01xyvEo-j}UtUl&7+h1Xri}@cs z1pcd1{+|lv=jku%(_T*|xPJ@oScCSn;BN2`c$<>{CuRTefjjH<{U-qKU);xrmHsgx z`$rhu8|c&SV~c_Z&qx1I&QETa=O;1nAF}=v;PFfPSjb$zrti=?UO@T{ zeXPrDU-Z5#pBp^6q>uew;V(+=1CRVw??1rp!9P{X|6!s0;BA-pY4=e^!Q;#N7!Kow z{%Kz=%NGL=UTM+)!ChDN>EHkUBGSLQj~%HT{|_r1|H0$e^=Y4%@qvey_i4X35dg2b zv5)|^}0SdL%&Dp@}X@GfwlQvXNF z`ggnpyOo%~l<`#}$Cn#Cd2b(kPqBYn+WWv;?(bu7jW(rU^qPE*A^=|VNT2q-Y+-Q! zqkZfX#s3G=e-zyHcptk$slQ8Q{l&mTPxP^al<_fLj*kR*%QJoKKBax{lI`nghyNG* zwBOTlgZsfFO8Pg+^nKu6FZF5Pn-&0%v}1l#><^OmVeqz>``EQg`&}j5FADB@rH_51 z@Gm8gfycpdS#N6phb2#d2mjv3wpQwQf~;Q$7FvU^>gQ)Sc*|>jEU8@o{93sF;r8qL zwENEj;2rPwv38~ZJ}>)k7~KC!ADgD+&m;2}1rM#)kB=C55`2oe{HFa332^6Uee6v$ zx4$au$MFjC2R=bbe~e7u4c_)eA6uY|k9l%@_`q#n_38J2fqTIBGpBF5z6pcZfWK$v z_P1sJqTGKs`nQ>zo)d_HyTGqAb9-TbTLL@+exAY?N&k+&qyK=Psqj-JcZ0jW?qhz1 z7w$*+!2RI5_b~*(gWu@=hr!#xahY!FzmLlFqu}0e_2(Zk@KC&ujaAkQN6PiW1W&(5 zfBoTDi~bEh&VMeYN628{C`@Q$7OwfkXw;I^InweQ^wfIGq8Q^x<>h4Ih*yZW`? z6N+;CUHY}(4~&7w!M9h&*EVu|B{<)+U%Niwcop@#SHJc-7dN;cyiUpge3^eAc-!9n z+V}nhz&-AM?S7vycnJJRWqchb$5)j5-?v}8KQIO!2fsl%{xr(tPXfGVM!)ucxC0B_ zLGTN=GPnP^TgmnZ@0ioCyfm&UpRgj)+eIiwqyFW z`}1Sq&g1&o-^Q8ji>{Qi^AjfY2+<8vF_WU#qZmaKS4=L^6Txfsr$a(tukAVjR{mib6|KFv30^A?$*S>ez z(ShUlMg8nf#XchE4>x$trTwf&IX-+Vj}Ja@*Jb@|CkM(Qub(E#b>sl&*P(uu@l$xO zP8dACyq{g7l>Y*m|0uZk#(uV?lD01sL4FnGj* zN5NYxcnrMFf+xT`EV$zxw7&&+gU2nn4?JnX1K_qNEZQI3X~Co5E(;z5_gL@*xYvR^ z{(<(l;BIig1^0mmEqDMtWWmGW5eps#Z?WJp@HPvc0PnEij&*2%3+@JwTW}wE(t-!T zZBJUXKe*F^N5NedJO=Ku;0bWA1$VrQ_P5|}aK8ojfd?&k06b*D!{8AM9tCf);4$zv z3!VV)u;7mO(Eb+O4Ia1PKJcUk4}jaE7VQu2wBS*2mj#c3dn|YY+-t!d@1y-KxEtJW z!F}LC3myOuS@1A;#DYh`TP%1Cyv>3qz&k9sBZl_3;BN4^1^0m`EqDOj_LN2YgF7vF z6x?OOW8fYOo&fh+aK{H|e+%vg_giouc+i3ez(W>13?8xIQScV<22`UwKek^euP_q@C10of;&D!{aSE0 zc$)?Hfp=K&0C<-L4}-@ocoaNo!DHaIXDr$u+-bobU1)y`?gsZ*a38qWf(O8BEO;2) zZ^5JBK?@!O4_WX8c*KG`K1Tana5s3H1^0n>SnvRNmjw@l$1QjiJPCe+GX9S#jDK)X zTfhGO7vQ#M``KU2_GcEZuN|MDe}MbU+*qwHdc^&oKjA*&kDBf656SusfO}um&tGBi5O_|pFT4*m z3hsZYUweNy2A%{z#B49N*&6vzfIHju-0=n4AAHdWIFRet3*`MBH+bmfes-_fzx_^G zJ|DR4m45Ah?*MobT(^HD3?5nAumAo#cpMzXDCE!nu}nV(-tsEekCpsCAoHI9_q^WE z&Mh+87cG?Q>y8a5-<$nxXS4s)OzltndNa5GO{VVyPs08Vh2J8106h3szxH{ZFnC*M zKl7UH&HJCgyTDI0bJO$qF>vSG{o40bCb)la-FJ^1U!s2g(a&(1Y^vW*nSVEU930hX z;-5(F18-T^&t6vQe~qmF0J!%(+@DkI8>M|1ybb*IVw3-(SB(1;Au^WK+SjU-q*P zlya_<<(vz?`m28CSNQ3YH-Ptc>+gfC0I&EO_oPFA8R+)&m4K5XD)c}_qb1~_%D3ty#YM? zLq97UX|~@^?$cSpd2he=`>AWdXa9oxxQhS6_j}fZ*Z->Tr)lttL_g!FTZR7dfvmrY z-N-+@2k5THkSk~_vp8kk5J4z|v;j(<|!ApzM+Ic1o-UME3wzo4`{}aDK z`xK|yNlO2&k^Orrc>AcdcAwo`@Y$o&?3Arc{j2B%xsRX$ylGOJeXPuLF?k<$1-IWR z&E_lVpC;2^!|h#ZHbWUd`^oXM9(?s~Y4(s(zs<6IY4FP3)9fm9`HL=-^*8Zbw9g)C z?f94qUR$BJp9|i;r{2B+eCb|kHmH=ZPnK^5_rFh?-KMmExX}LK8$4<4KAH946;smM z`|N4(-u?9U6XU3#{nP9VC4ZmD{7nVVPD`@|O8w1~^*0xM_KY+;Q5pZo7REn#)4^#L zci0N^PtjL$pTG)ke^i=1rKG=FroRS!gD=fKQ|hNn*3WwIl{IO$h0?#q%KnuGZsvX#rh?aBmu9ai_5ZT0|GD5LH>9=S$7=weeN&pw>8bqQO3_%a{NpMuXsGI-N!eV+dq-kzVEjIy#2|v z_WPkL!0V%Ef2Dq|H|nPxMP9@GKb!v3^Wbj8i$9lUk1GA(A=wW$f(O^6weOoP`w{2s zFQFeP<7})PXI0>y*VD|d^poGE|9Rl9H`45Or5rcQc3uYF@=jX2AFmm_1N<(<|824# zt_AnLo7TSfxEnn9URwLU){Wqi_tV<<^_BgE>#10pjVLzvvyHN!RDs*N((H5ug>iVY z97prOz2Ju``9DzRe;K&{lQer~tjWIU3Hdx!GkCH)&0I?R?I7!SE$3gSnNR7*N6P$l zgS)=d=WioVA3Uq%zwq2|+0V%T_i63-SE@MwA+3ELXdZZ|C#`+|$TDvKBl^dV=JMaX zV}71*2Jf&BFrQNXBMapRPZkZZtrb2&@@~$H2ekXqHiCyn4``onFY879lnk(Al=hn~ z+ph{dGIoF+q8!H$kjL?P;BDIuu-laUg=PMhfqO~^wC^2n=6uqC_PZEsx&Q44wC@+{ z25$ksM`_;`vVU#_ckM8seIB#yU%1`|pJKKT80N-txC%T7u6wWlJaB*60GnsFx1S=@ zUk2U+ex1S#`_-GlojVR__tUNgkMA_V&KL;?a=ofn&M)2IuJQpkO{ss6tpAPR-rWYY z&kL6Qg5eFmmD2v>3+>PO9s{giN&jq_{ycEkJ_BqwW&Uu<g+)qwW>8)d(ueGVSbeqXQ( zJPv-8lK$Z`{dwTdLk6_ZyDkIwgY)4d+fUqXG5S|Ccn$b5W^SJ?{jUWNfzMHRwdCF4 zZ5DhZcpUr$#lCPqsVsr^J9I$1-c|+fx8U=@TfouH3gxr+82KxQY8iOYJHS3R_s`ka z78P|GU6flH_0WoV6^9M58RYz7+mG5BZh`QQj4ZxB8fY z&3@mN`&k2CQ8S=^|GBUZ_${wJexBKlc(xM;*fr*I6)h`_fAHXm1MEeGKP!3Jf6#wV z8qj_pstUa2lmRvY$;kdY$7o)ozUF~Pz|T?Y<19J;mVw7l9bm62>9@=Do54e;53v15 zoBS6|md`V+1#dZPfDIL!d0Ngd-Q5110k+))GvCU1o|o6-M$VTEsQdA$-R*saa+Lpu z^U+HOShbSRLuEdz!B_rufL%1koK8SK7gh(J4Gpl>C1(DxJdbPyZ@K~Vq~hNt{kL-e zH{v)7b6L;!u#rLD&Yj?;H(?%E>fs4l4?W*}uD>?cAqc5wGh3{qZUW9(r&i75B~ zwElcF25x&s?>_|Z=SEZQGD2tHFe zU#*hos}3wEwY)dL+)DZOkmYlOw|y|cZZZ3}-yrkv19yEmz^at?n<3jT0Pg*KKzqFz z=JsCWEF>b#B*9!{&m*ffXB={o=Z;{-Q!T9=efHf)nTFKqu zN$``Dd9p^%lRj|IR|DGT0|VgB?g5r?AOU&3^0T~N41>pe(SMcp*;}?xl&Ami0rrV< zocll?=VIV(eFLmp;a^Ce01plh=%0TcMEzxvKc)OX7s?Nw1m9ID|Bi+7gWHC2KCSR$ zBoBalbNci3FnG{{N5NYxcnrMDf+xUj8wa%SYj$8E!~=e?lK)DXe>Zr|?*lBX)X(*@ zeth5^;JWY71^7Y>(_asTxqtALivK&L|0sADI8J8@{m1@`BXHMV&Mh&Y;94fv5t`3{rii-L#1 z4>5Do{+1Yciv>@BcYuGbly8G9pJN#QOEcQ{&AP!|lQQgci|3$%_J7u)rS&V_Zz;*90N`MD<&afxU^=E%X)~|yf7+w1G z-QeC`GVIXth$rW-1IKd*{5;$T?w_1tE0p@VRn|`cJnqTp-+#c6Q`#}{$t=taDEyj%V+vNSAzSWo>AYEX#c6u{=cJs zW@OlH%J>M&@!WudNg$eLD_z_C|%q*1u4~(zFGur)=Ztxm#9m|?|=J(Kn4 zV5pdrGTQsvZt$9uGi;_(|5ei72Oc^lqkaEY06YS|L9zc-+K0LSQ}zC%-2Z7A?S0D_ zxcBr7+g&N&F0y_S-2WN+@$ImUu({66X!nP^!9C!AQ~J-9vj6zNTfoOE7XXjU z&#(%!{n>^2C(P}^*N#I3IlsPCc>W#Sd!By&ihUaf5Sv-Tdhz`@PKe3k&57fIHz|XCDT4f!8bbcebp*D0ncKVWXAtW0&J6 z2JUajutya87HOXVPcG5VzYhK)=u0iyAKVH4wbH*f$o}O6?^>E+)e1jU@&NaLMTS)= z?K4BRPZ->FRfb)u@THPR!9&+%wCnvbaR1-*^JfA)crEHz$zS0;#STnt9oOObuGC*) zU!5B~zC6ReQR@FoS^qxpmYXu#`!xaZ;LSMxDE@yk+NT_SCJgSqHKV@&gs%_ZEcy`d zR%Q6N2JzYv&&?J2adJ+fpREU92foJ4?avqyxP2PDK9XVID*5=Q>?aekF|6YDjP}0B zRPYVpk1OreD%)u;c>P@&wn(X`1+tzRz}xT5u%{LK$EE!W@YxS!*qMs`snUK8c+;v3 zYf;K~pDf>c@REl!+UwLb_uq${N4CL#-C?u~_ z=Ylsqm0>Ft|943L4d5luW|(fha0Phwxr}yy-x~0WH5u(X(t7Yp@B@_er^@ux;I%Jh z*nEYbCi%osBWx>Q$*_Brak4^=$NjRL%fMScMm;I~CCQt?y`N^-80CDl z*f<~M^Tk?l&zBjtli42gMbSi22A(ZG-g^+Q;-9!KQ2bmb&ufcIP~Y(kdq(LGPssjI z4qn=mVON{eDY{(dvl@Kqj~VTA3w7Y@z^_#L!&2EF8o?`m!EuXcI6t23g>|V`@OE&I znTusfqkNs*Klo!x{#VKT_kh>_M}OW?JO=X>I8F~u=?}^Iq#S(qZyENi!lRN`gZF~# z*6r%RS0*!TSgF4OS$~b-OZzfxM}?P4-pYAD?3MHj@0IEVuT5vzBxSrzl;fp`^9-&F zly%A7<+@}sPT1=Iz<4nGUuqQ3sNZt%Ch&Di`@JRGuNu6vXi)p!&N}eb;FV_o;;}%( ze&w{U3_`|aPJHeZZ2es$zJ>VNg4rGX|mH$t8 z^`G!M;?vCjg9ZPM;1x(;x6h{)ymri>cE5Qi_)2iyx^NG8FZiA2^z9K@f5rGfMg3U4 zeK~kLxX!*BymH*2cArxncouw>lK%ZN{YLO6#~}Ma;p-%C<^IPHvQ~vZD0wINI&j@S zj2@mo_#(xAfwV8ig9fuF46=a2#R(OkKg+>ag6r(7!Fw(2>%c3w(AzhHH-UT2>6`AG zwSun(pK9jfv41iDfv*GC^{*cAUhoUd_V&ev@=rkioP%tJnO|&RG5*18!FA)e8hk1E zKg{;_H>LkN@QN)5wf7wx!8d^KXSP4TkbWz87W{TIr;}pdKAk-Mtp>Hv9rtkm;JS6| zVr&$iz4f5>e7YRG7W@V!{YF{7YVdX7Hz|C%41N7ogSUgb&G|Q7kJf>& z0}m+v&yoHc!AlPqWc6ly``NPnTEXkVUs3oAl6Qia95|>wf9m1=$O&G1jhWw)2|+67n=Rs&z1Gl!_x=XjgR7q7+;6$?aRT}f$Q>L4c=>E zUk6@!#31`jslP5+e~sYTBlYRGg3q2k$evTm_mnJOCr=+-TYjGYoI&=yV*j+XFWv_A z1FqZmP!3*k)F8t)qC)-Kf0g#t;92kiW&Tde`MZw$KTd!AY~=Rf&nWftgsh)d@TTJj zwa;aD5`SIE-zzeIJ>V55=Vnk3V2<@}UE?Q;&D;I*}b+V8gXfNwZeKR*_42mhy|ew6ZU zFVipQeBPk;Igx7c?3shw>(@H)rul+<$10ty7MF zZxxPz;H$62@k7b~RGI%C@O6!Y+V5Bv;_RR{a4by zhx-RVSK$jKFP?Aw}c;xQcml=6#( zHskom(+Ag`pZ9S8;Fl@(h5ez$_+VS*>Ot+kv2yTw@J7YH@IHcS@D1R{E9Lje`mX~o zePWOur`R7Q+piIPHux+vH|<+%1z!qYqSQ~3te;Ns`skqcyM8^~{;5IjdU!EDfZ6`^ zp!T~P<=_?1V0Rm|`J)xQrqC>#KF( zy>AY({mto%*A9vKAH3wPK^Ac!f;_*wN$!hl1z-BnAUn%!Z$CqpuM>P7_?}AtE9@KS z0pHLysC`bX7z@Z7KF0c&VqbX9uAK8vF#eSKIY!n`HF)Xg`u3>;3Yp`ep2omC*^(P9`N4(46+b>N&lwz zp%ml5Kl?X5F9%-@9#HHH>qFJxS#aI_PzPS09MnGN)d;=;T(`d2%I#BwtX4_?#6tUn zuLjp$KlOlT!T+k*iv=EDzr|?y+P*`FQs~Wr)+^e)t;ry@; zyd;g|tHMp|-`svczy8$9?KArN>jYnF!F#xW@G0i}2aM`7%2&J#{0|OlzvEsG-UL2i zwznr`{a1t6X9u#9eAw;Z{+?hcq@1o z{BKJ7g?%TT;PoY0cDcfr$oA<0Uk84z!VBM(D*g-VcTAQoQMg#3=jAI0UkQG{!dFWF z)!?OL_4QK+z7+gQ#a`TC;r<)JH-IlxxY(G-c`JCuxUBZOm7U=A7Q6?1HMp+*ip$Y{ zj;!{(Naf(Q;LDW!72a1<4c>0S>%dFL>+KuCmx6~B|6&2$C_nfH@GBI4sjUA_@X85U z?Y`e0@OBGcyc_Jd(A$@Tw}U^Rq<@c*emQj2+}@d0->1X(Z44VxxRo)_1Q5@)WtKh7 z75U?w{c%~2FnAkyqcTrkEst|iZohSwwJG*bO8XeM2R~Keb0trJC&9gDZo1Fl*d6z? zCuX(py>Nqjw$19F{{c^e>yCo~aQ}8$?K*!LJOqBda-RD)d7c~P{wHO%_c3DN-tDv6 z<6r_j0(34D+##zyPWr$-;JV{*06b)2ALi+UW1F_Af23vl zQEp$R&wmU&0`4-~pKh2N{VzdWcb~{nf&K$~-8|(6ckY;FA1dwhu52G4c*oA@-%9^2 zoTmlAYj(jrtei()CC?+n+`c@kfBp+R3GOqO&vc(S2JYG|tG$j&@btlPI#{S*(>jv_ zC(t#!XE(e5m5*~bcm!OzkH*J&ov34;Exram7x6YAp7MT|nrlagN8LQ~mf~BBipCgA z7d*PrE{%x4Zf||PwSw2~lVz_c*9R}i>w`}4>;YN!qH_N5tUQ0{0bh9t&L4P!`FTfN zzKZi7-1u1s{*9U2zm)y19K7k!EW1(R*GXOto&|qcsn^1LC+oQV%q+W8;So8nHG-GS z%Cbil{|`z3t>7!cb>pfNycfJqu`fJ#*8^Tzon`#-7g>IKz?Zjc@!mK-9iCO+_r=>) z+=Av-Mm@O^uM6?s=Zbti+TStq$^H1iLq}xQ=XeXxWpBj`%#UXch}U#vmN}JiG)|7A z72r$f=+9@?fNuc5z1WnGqMK!VuLrL^Hp@;{>ic+E-)Zob$6+2;_&$8o<}h&uYJewF11vkN$+>73%o`*&o(` zuLQqS;f4JS>%mJGWVP%0Y4CdRTNL{nr2mQgAphVamGaqS`KE%eTbO0%E4*Ivx!|Se zX0`jg8@T`TvTO%)`r@@YMn79Yyi=+F*Jb^$0dG1#%U(0v+g~>F&*z`@;1w5SS%cZ$ zJpYJWgWOt-f81DHdLimtDbE8&dCC!|9K56=1?ec;Y#vg`|Uy%&8V+bsaz)t1%1 zA2Kr2VeP3 zR{MU$GV5hoz({LrQk;^^>c)* zpB3P%|Aq5xWxZsETrXJzzV0_%$2iU9KgcP|58lhNtW>ezTH2>MA33DmuQPFf)X%6P zHl*BdPs{u5Q^6}I3~9&7T=1pfKPvSbm-X8KK6}d{b`i2K+s`f*qMHOg_)S|N!*U!h-y+`+=Yjhx zhgd*4UYsM3tINRKs)m?y-=3d$imffO9$FD^_Q6BidAk!l3x23lj>2;*J>aE>qQ1Gu zd_K+lKc}NTz&}#j>pj^Y%E4#P8e(>3Jp3-lQ#E+yQA6w?CH?8L9_zqsj~-$NE90?J z+BbqPJ$^`g|Ed+d=>+|F>g4`U8e+dG{rwl&-+RC-YB%X`MTP5+;u#okr|SDbIe5kC z`u<)GUNUcpy`j|KT3LT};O+B=*mR|zPLchz5qv}45OXQ{-$CZTmGebIY=h$eQ|Z4G zeC4@A>_nyhkCpY`!|l%-(!LM1xDxYeV2H(({_ziaUQiCc^!y?AkmA2t`mY8rxp0W> zsN}y?=D&{fi-xq{O=tvf0zXAb{{)$SEBHF_gu;K8yc2xo#Y5WXPJ6ijONO-HRWCjO zbU>E4zUXr`*WpzBY6E~`uV;Uy#4YawpOu! zN!oXU*IqfqUQ+mTlJ|gTuO4D^mG(PMwqNmq7{AvHu}_rqr4Qu!QaO0`#v$$caW#1D zO+!p~y;28Wa`O;dsN~Nt^Vi7jZynm~bNl>w(F(pgGQ|gKn*H_)({yX*lec-{n^gI9_x?9h~;E|O>45#UZ zdAevX*-laLmV1UayN+R$pZmXeNc;R~0=(uA?)CcbTW{6>VsZf7>onR-U3AmM!&j!RR{dP$E z9*`B_tHE{e?OX$1@%@nYd4l!e8^9kk=c8zq><4M^`ko=}dgnx(NLBoZlD14ZyHM#vYhh}&)+x1aQH3MN6~&VAIrc){WvdB_!P;T!CTTp%x32H zoa~Qlx&6S9_Ioqk;I6?THnrHC{=Ra(Vk5XWH^jD4#=BFF_cAZIZCHEXuL`^cT(@pJ z58N|iSo^)BW#C=*VdhiTbB>hjInCgqX<-BLIJnvZx?wT;nDwY1ezwGbb;9lo2 zo28WhkV5&vgA<2YKq>z@h4Rltf1fnWnBsp}`mX|SDH~STjqM-E_L&Fn-*K2-#e0N2 z@4ig(W!yjb>*n??dZp0*+x-%`?lO{TvQJh;oScHev1 zVYog4KVM0|Ugoa~-1e7YHbJ=#A0w~B=Yc2p8`eI@yNvsvHq7=^+NWH$PcwMO0mIt! zjD`2SA& zuLAeZ9@aiLGY`CG&M-Smu|GrFF9UBm8s%5=SJ=1J4BqA&W=AR4O^3_trnTVl6NWeY zTpFLJy1_jsqJNv)pI={|Wpn|qHRj{uYMkFA-u6m9w~_fQ=lrB$cDcfrNL~%T;gn(R z_jc;QYfl~4@Biff!Ot+~(_Sn4X)Aa;_<_neohHX=Cr|%O{XEqJUO9i5EmiV=iOhfT z;W)ovFwE{z{I8Jy%fU;}8DU60HbvoX$y>pjE+1ySO8P&@^gF?8uNr2@D)l!<)?W{|2cMzzqy1z*Dn0`FYaG_@ zUoHn4(FY{LizV7B>Rj7Uh>YccK>|w9Q1$ihn4ad z?l+c$SN>y|B^Cd_%KTM>m%NMPv@(AjDd&$mZvWvh+g;(iNZtrO`%@ezl=Gl7?;Y1Nak4|9(XF?@sQ&AN@<2KP%<@ z*#q7*FwFK*#%F~bpT)Qlv2tjb<&^woWd6#*m*&vFl=9Wc@>PSk|1qq6KD`cnHXCNw zDgHy!e%P;`1D+j~)802M#tG)S(K+q?gmUoqlAQke zA8rp`s+6zrUb;HY$K;!KgpVPh1NZNrV>>AJ+e-TY=Tmd+afP=^9_Hy!%W0p(i-LDe*Y}SYc-xE|J5OoJrsVP z76y-ab8L*_zgX5!6g)IDr#()_xPS2bmE(M2pLzn^dl>3p;jM-8pMd%We?sApNbUyr z&&p}n6MW##>KwaB$$voRKL8#)Jf}U63WIx(#5`(Ff02>Aah@Foud(1Ua6kCzW_!EX zSjFo%0p0?xTd#892AXGfPWzmm8{7}B%byQC2>yst{=)kg1N;WvQ913ti7soc8`TS} zdg(s^-f_I1hrvT9V*XXy?^N0UqTC+*SY`g4Bj?W;c=F_&_Iox7@JOxxJjQ_wh!*fk z%6Z~Md7kLzd|pob{$U?@8@TQ{=>T{KxbC~YVQxQP??1}z!FBu7W8faYetu4X$H8w? z>NhOw*KsoX&w?ELSm80r-QcdXa_k3%e-F|AZogP>pWycAVg6I{*DCYpI0f_91-Z?xr}6p24ekejNh$wxh4O>j zF3f57rw712;O{Eed7bh)FAN_4EBd$Mzp#!I1$QpZY4`WVIKM2%7AW@fWd0K1e(+}$ z{)FU?TC^YdSqd*aXX*y`UXJ`Lyi?lyxIOq!3ja>>0C>k0Iqm()Fu3!|oOZoD3LXT% zPw{`3^dIBtgX_je0^EO9ZnMwv@b-0_iuwnCS@FL{`geneuEzPV(tnujpFZ&5H92;x zGC$oY=cfSo-ZExN%&P5SonfycqunbWtwCF?H$9=SoEewe3!V@`X&C<@+n6S(64 zMd?2V9t`KS&(S8pZ8zt%?=f>=0mKEqQSo2+o}imAklcd$QQG$m*}gvTn%i(4uh=h? z`3r!zfa}^P4BiI5quE|8gNySY;{P&p`ko%|zcKL8?RxtJ@n*&TZkay^zi_w%*9S`b zFPHt#4IW&fU#IYacigQnUjV!doGHiGVR?KFgSR#3*c_#PtBv~Q*TGTn_=7pN)|`Lb zccoVwbFEQN>k)5h3$Evt_3jCv2apT|TjWR^abV_PcY+#!z>Q#pS;$M$m| zLAl<#k9;0yE_me&IrgEl9`LSQ4`=}IeMNs9TLC_MZH|4aw8Mw89oB%CyoTeD!k?3T zJ^1R^bL>DR|I=jt)8Omg(D(C+XTttXT*oNwbdYSPso?A0$+1<6|NEu?x!|?$=Cu3C z8o*25LqAaJXIR$H3h>^Ka_lqSp!xc>cgcRb27GlF&O?;)e^V$w_|i{u>>#uKrG~lD zKhoeU!EZ8i`*I^fHFOi_BY&Uf#6E|^COB`kA2y-%mZHNaxNa^!Y(hnN*ftR7$4~yt^MOCa>kO9Ky(e3Zf$DSU^*&nf(g z!VHC@CQ|Hm6A8Gn6FVcsks?X^z@|A@lxD73E^`fVxP zl|m1NvnV{7!XSlLQg{P}cT(6&;VTrbr|?G#vlNd0Or*O5g?mwWEQNjwucGi~3Lm5J zWeQ^yeof&3g%ds({&%8qKMK7R)=_vBg?CZ7io)k9e3!z{Dg24TVG2vW5b5kiVI_st z6xL99DuoLvyoACKg|}1q2!$_G_%4MTDC}Cr&-4n%qkKERIM#Ry!B%_L$%g6-3U8+R zeuCuR?iBn&lDiiOxs$?D(qC}4&}T^h8-*tlpGo2SzlwC1Cq#HK>Cb;f*ndQJ!$X3P zAiuXzyhh^JQ+OkVH&Ym)@D2)3TQ2-wLiXprDCDC_eq*7K_a%AD(IVY{*9rYk3{8O~wBcxwUcK&yT{s@xe#J3CxKcA62o%r|jg}%H?*nL9$UeX^&@$&5@!ldzP zT73QO^;wjUi(V3b{zloWc!Xi1UNZm$%$2^rwo@d#ebW-V))tStATJPM&GQ zuWPHbjj-{HyNz(+2OsdzHNVAv7{cC5XV2i_sukOxkI?&Lvu72;$WEPWKSwxq_kr^q zvuvUGjLY7dIm_0v;kr|%UOLOR?$~qAf8)tnwu5i;_tbtj%Nu@S>5k8ABL)|oZH0gQ z_e{HJ&zot!6xzc7RrqrR{^id{Jajy+q2oe6jF23><0!-U-ye(m ze_?$8PVqu_8>_1}|6L;NpwLD7`29lP_J9a$9u{FTO7R~Rq5nw{wmnVqvmy*q7=K>K zEiZ`B`LPH)eiWhqCpE13O~_qI5eD}c`L}u0Fu6)_Z=VQj?iC>~EC2cLBzp=wD0EUe z^W_(@_5bI~uaBV;|9@Hjyj8yZ9xC_$Zu#^6@?pMw|Eukrx7UULZTU8B-+cMIZ^t=s{q;H!c z?9L&*ty0J>2Z%6#-I^qs+}gZ9iGEg|S5SDzC}G#N-e+hYBH8wtkY6R)Lvkm{ev-c- zIYM%lakn3~d-$8N>$rDKqk-RI(Z6xnaa-8HUlAT`&e@Bw+CHWMR zgCw6patp~zNbVweImxyS!e2AV9+F=o*-vse$q|zKNbVqcTnUw*WEaV>+t4 zlKmv_PI83gDI|B0d?3k5l50qIbqoIil50p_LUM@YCX(AoUP*GCG7RhZSpGR_>i;BfL$d38;eR)hYe+tr4(e-7~)l8+}jMDiIVw~>4{$#Ig;C)xRv@OJ~rUXpJmIY{!m)IKdF-%Y%W0S`E`=xB>#hCXRomTl4LK*Ns@yk50TtL^49tGAi08M+rNargGu&~ zJfCDg$ybsbA^AR%J4jwda+2gHNOt`q{69}}4aw~!he&>n7bH7>75=^< z*-P?|BnL_Uh2$2J`$+C0IY+WBA^hz$LG)J-$x}%7lYA`65t2_Oxr5||BqvGkzD`{K z1^*-bUqQTu#Y)PIEJ z)x?b)!a){)gW(oVhpC&?nj%@yINy0~qMZKHZ zfAjagw0@TlaoJ&9U;H<=JZ}D%&&NZwZkE^ox8XF(M?U;N&Bu|OU5ESg+zhpddd!Fa zr}?<(f3rSr?-%Wz5C2c|vFHD0K2CUDjE8*qznTvo-~8L@JW;<#o-4u&NM23hE~GCd z`Be(z)W82ld<^NgrE={~@|_gs(;QFNOY=KLeLnrRD9@3zW*z9NIO(h<7c?w!O`AM* zvS**^OAKksRa2%<_Dr2TWxqWIaP8-rGTk%XbAavaz=8|Tab3Fb;!74^c!6umev>_u zJ+6xShKArJ2kyJ?Ig1{D$;6XtAv;JAav*-PPT#E3a~zh?0+wmDn# z2Z~2-i$97ca14j#h>Q}F23OGz>>O! zHbV$pc=m$8zJbMO?Q8V3eMJwGacq|~)GfZCVRAh;U$7_;49>r3;rUDE*Im3AeRA^I z@XMprEnI{s{6K+?pkwU$HZB@BV&sIejU&g7Dybd0$Ec%67L7V;kbHTzo*V*+8F19T}g;maPu+5)8^Mn&-o;v@; zIj0>yf9|O@htHqStI%A5^Ns4AznD9+oxfo51-5`Ka3Kb~^ax+JOBP?g5dIcie9qbY zze{a(OU^(4GP2?=p#K%2-74+g{}G`GjWu_(`XbxX&FYKgz7DgqBCPb~_kXDRQMS$P zn<&CcXvqYxIjZq@5q6n0ZB{=C+xDB&kGFMf zRzE@Rn=v~pvTb4W(ta9M@3h6Yt~INSzl&^J+G@_*oPI00565g&WZPQqzftuQZSl?Q z3n{W~W82(*ks{l+w(Lh@eNgqY9VYY5=}T?FPd2BYWQ+g0IsNu#xAN~I+Ya(?^B+aV z%C%V|{w}f^JA3~JD6;MJKXiN&E4HQBroaKk2&~L*T0fJZx7)_slAE+I&mq@)cJSh_ z!f!JEG#-*WsLfxCbC{a1z( z|2=|#n=2PTd~Qz952W0G&CXu@WwRYgHweGP-#niV%BMJ*+iXM7^Y|?Xd+`^1(#EJt zoIr2RKR^ES`2OES{D08}z*eO9TrKo2_~O4kNT2-IVTSyP@xRSBh4i*wq5ltL{;MK= z+eo43M}Gd}&mtT3wo>TNw+lTU)i?BA#X`ScsBL(3&Cu8UGSkrP1eyP^l^ON0g{|u` zaTWo=_??H)DA#E-4LM2mc6na^meBK48~%%szUEA!e@m!st4QxXRp|5Swv)c?Ymv{N zA@koyr0@Dg=ue@IbKj9Zw2#m?iRiWg(kH(Y`nja%d#`!^UDpWxAo<^)^c|lG{WGMm zCcWo2p|8WK3ICl*`p^S24Vl+3{{=|zY!mT4q`wq;-mje0uk!oq_%}&-ep)^feqt2= zUeb5W5c;2ld)s5A51#KeG#jZNo+o|VN}=DC{Jfcuf0EGW>v=uty_X8Ti{kTl5*hg! zb(rBFkMH{zm+}Mf_ic+O{p}yI%Jin*C@X@n@8I{El`JKfj52 z2I+(Mi};^VxqPIrq4DxKrF$Of{oBqo{PS_be+_y6>xKV(zr8B&|5c$so;FF}Mf%7` zUc-JFp9t}LhV-6~MSSDiBGA7{`kLoOy7!JYqT7BVeR3C}Z-mT$*?jyyuOaV44evyK z@OtQ4B>ewD`L7^-$5`R#LAr5uDCu2|LZ732o=*D6BBB3-ZlwJ!um4!+=Tm<8w;g!8 zwi1!<%aHkR73q_&i1@}kL!j>P?61e$<$=KA=TLeJ}$|H?_<@pqwriu@l$`pA=BBVId|_c+pbeIVk`B|m47 zzU5n?Kf-R9*_Mz#_^T+df0EE&pZ60H{%NZ-;>KZBd&$uANBnYZlKkJiJHkvXK0*CjV3o zwu=n?B%5oK{9i+UyjKZ7#=F|!@lMhQ_pUbl*P>qd?{U(1?IiRMQvZLQ^ez3u&+(L> zuSst!67k39GlcQV>#fTp^xIMWxJV!WL-_fX{CM;6Z6f|I6#o>`dw&!09~arQokx1x zfY4WxpDRi4yjAFpXOUrZ8|iCq7y4t#|D&W2ZW8~ky#Fo{e=922KS}Ru7y8{O-3;mD zM+^OnMIxhPFc0y1=!gkDKfdzcj-+qv6nZ?`Y5exe$DbzZ!FVSY$dROv>@W1jJ2;?U zK>Eo@Q|PQEy539jNre6NFQkw`lE%~b`<$py8bdlgKQhW#S}lk zA2oj*Zz8?tZsF&jl+SxeU$b234g&7}7tTkAH)Re>Uk~CVk7_gub5i?~p!n zvC#81C;t1C^zn0q{v^`(6^_ z>9-+$#}W~LH_}&--n)tZK+=0!Mg07{dTc&^gV66teio44Px`M&AB3LI=blaG!!YTm zZlZsX^j^}(seWD{|1}SabRQ@GofO~oAJHF*N&g+`%Qw*vklsW3ynhFl0C>H*9uofZ z=fitJzq$TA9eQ3aS5i&4iu9GF&-YIs={=k1PbYoFCi;5ljr=?%@-vmnbp^$rxJkM< zlfHBlKlhN{xk>ydN$=ex{%g>0uDqSl^Zc}YCGr!b{Jc;4cvk3*cMgDkL3)q#a3ki= z6#w6OKRXM(o5rIZ$2acZIZo&&juZylk=|w(`p=4l-c5S%B%xnG@ed}wYfGWepSPbx zdjD2J-$ecDf_(fvgnlvUuP1$SYoT96`WDi+?IiTyQMsNaeSDxAJ~+qJFB2 zh5jqjdu<}V@$Oon|B$|G7oj)ag$KPI=Y2-~4+}rDC_h_~KKP>0-zD7J_9nf58{ua? z)ti^}-cLmQM=1UYdHu^mzccy&_1Mk#hqEYtO~3H}H2FD?^tL{sKb-t5A-(H0p+AW9 zA<{?Mh5jV!4`I^#&lY;Tder#cPx`i_g??MoNArHp6Z+pNKWj-Jze4EgGRPJqeXw5W z|3dM9B)$JQq0b-pbENM$L5;uF1ko;$bA!EO6b3!{Ljh9-%IH8 z{qt1PJMR+u8z}yHr1#HL<6lMk1}?Y-;?swOZxb~g?`6kVK7AcJLi+=BGBtA+kt^5e?uDgHsEp9=lvj#FDt;>YDJ z@P0IL-?o?H&qRE#@0cU>$e!^#Ca<5R>T3->t{>?3A0+=J zurrQpUmjs-9;SA8Qa;-#{%neWIr(vs{|eIIK>Em;YPxrk-hY_TcTxOR`TQIz^byiO zMS9P{~m@ZPM3xMf?uZf0Fl4`h0zULwe^-5x7A6He7*gJ^fgqU`Eu<~`p72jSVj6SN;ki5FgvfO z{O9ZQMAF-;MSj{TKl4f7@&EC4=W$cb|NqBN`=Vv+Wyw&{h7oBYofa)xOnXG8vLs|8 z6v>pLvP~gLX%Z@=k&;RpTe6Re3TYC`J`|GZcg}e}Uf)~S(dT#maOr-%uGe{=*ZY0m z=ggTiXK-&21j}$d)>QEo@iA7P_VPG+Mq7Tyt>wQPk91Ick@0z%_f}1C9h>+eSj+MXcZI8cH z@?IGF`%(5u?MIu~-lK7MgM2LB$ozEqqe|nn!c+fho{13O15b}u{LjQ+j^|&N|3rU{ zw)m&z_po2zhZmob+j0Cc+}$XDo%KF%K1x0WUxUXUl?UIo>9y%oJULl@1M%BD59T-K zhaBzy)$$yoc>nVt{<0sB&X&(&yCO%Z&Y4f;c08($C*ty9%-d(?+;2~c z&l}o)bQ$saPZa+V@z>+gZSuynGZo~i;iQ;{S*B_b$o=;({bi2l!F+p6 zpWxqiTzHB2VoSxRiGPRq)StbB__+6a&tEnLUeihNdOS*de#GOU*YAfg&nKGn3I0A6 z{MWlKhsQ(nc5OVvJZ#6KQ}O7T%Hz_`=6JfVydwF}_uStv+*7n&MZ7zndQNWFQR^|E zCuxt(0|UsP!AFwk8a&!X>&@af;RUw0Bkdf67m2TdPsUTUKSG{|@pw1o&){<`{vx@> zFS7i^PbB^^j@Q{fCF5VQJQvFCc>Ol+#^rhPY`~+O&oslg;*rpK&UbhcxATX+c)GXp z?<7wJui(Kv+*5AxN1M}rJ6>eS zOK#T(coDb!oAE5}l4qxRf93K187#Z-0-nLWOOQeT#@R1y+*ZL;mnx6d^H}ps-l>6u*Z&_3@ai{5O%O z6P_xgJi&L|dA}QKdHz+NhnW8-;#uGJWG7Bjn+FEe;HN8!%JxJ$pQ+Kw|AkDjmXP0^2|@N_%5 z)&G9WgIj&(;ITd0-ifSt6(0FVemA}eFRqu{dG9Vf)mH0WNqlwh!`yy7Gv6q_7419) zcQ(oG`fw|}_>R0e@x5{PZFvE|4v%k^KZ1|PBUj1&>l*$t6OYpVH^k0TJo%;K&m{f> z^QPLaRTcFI+wkJ0@d;4iCGn@=$)57s_&FATt9%;m>48V4 z5zl$!HMlcX?%%)SFL&Vio8@`(Pq+Ai@*Vgxyf{zZwu17!k7w?c_h7wS@yM(4f9fgz zH#}dbQvhSU_fh;M;@$G-*CAO$zK}fi@MtahRpk}m%HpfYUE;66vxmwbrTt^^+)A~l zGxeW^J1@$EXYG2cScWHt(tg`s%X61}B>BI>)8piIsPkSta!)^6mI|+?_1%i9dm7E|3S$toPRODjx45 zxBcjI^Lg4Y{QD98{L{9go(KUqw5gw|I^V_3*WLTafJM@b; zEd)yo&;5R%7^+)0;D7rS_j%T0R0#9HM!k9Pv{<_w%Pi$Jq?=@l%y& zG~;tAo;z9VovHNB8uPp5|Kguno(fuTqO^Xo3(r=P+x~TEZPh2TL+h>VoqzaCBRqbj z;undX)_C@4`D*-9+&N0V8@~lFv{pNhrw;ex(Nc={@2B*a1$eHkd@}9-0ME2nJ7*BT z4KJJ^zmxp?@W>LmomW(^qwRGU$(N9)4xX$a_wQrymzEaKd^k(&#PK+FNZBJf4zY%zp7C9=TWEfjTV1Q@6=&zkVOj-6~&3{x9%kZ}}Ve zZ@AM~{yJXi6!z2h#IwD%@JPp!-W*S!E3Zy`7d$&j-k0_#EYF4V=kQzcLMOR@Ke4|& z?D@gQe}?$zD#c%*aA*Hfn&)2*9Y>z=;{EwQ7n=XG_}WnX3i2mcD8G06M6kRa#Mf{t zZqo6zEdCMk>3NE8gcmFi?fix9-D~krDENIProF;kb2g~os8W79EHEM#EWy} zkBhzUA5)(EeEBHiFE@Wo{uASE1Rj4zUhwWS^OwnZiaI<_`)A=fw)YV7FZBHX*I$J# z${+5pe5n4`Upqtnwam-!_hTXC){h%PdEOwt81fJBO`$v+Jr7=&y{&dyKkmR|71VOO zPyR2wxJ&U-j$c*lD^H@5;$7-f7mvTE_`9j+xpm^S`+Vd~*k&6_6Jawz#-FV~Y&o_|U z`SxjetiQY$4Qk`LpT9;Ze{bTWgA^aFq!kavossgk%(vt4$l>zEv~wEyolqU-;gQgK zmy;*aTzQhz;axm?n%vGCzrf?S%SY0l-*DHJyW}b3?U;Uj(wE8Y{O1@vafm!l{AqX; zKacHdkGt&@KLH+FqF-*u^W)?j$o~i)X(jJXo~*?mD!1!MZ{Wof4S=q>ua`+J83gUL#+Pcg2&}%ip8^m*aW%Upp_l z!}8pu_{HRT)boSQKXW|~uJ`gBO52ZK#m@@)=D@w{tNXM++WztnemQP=>Yk?YKQR>F zCUEcdFZnG`KfGCJy`%7RL;fJ%G2|}>Ueg&8YR?Az+K}(Yv!Qk#f4bVA48^y==ZE5l z;3Gou_u|t-@z3KUL-B9p=}`O*JQZ@sdtu_wGowR!>fuf(zG>h!95+<|?w%iPob)G8 zWm2;>UaL&l}E4joX(Qw~yeNth^Wd*8)8Cc}ZXO zKk~ohxj)YBd8^*(L9l#^+w)k>cUb;morAbx#Q%vGw#pBuon_BZ`?F)^KXBYR3@?&r zO*JK|i^s1}yxkw(0(Y;HS0#TJi~myoCG8oA=laQysH|U%FyA7-llc4a810{rKZZwB zinsasS={|eZpVvNcznCO$nonv-1(|xp3m^uQ28y?r-I0&ZM5ID_!aW1v~vI+Jx)H{n~MD98q0I9-0lxa znNO1MrT$a!*j@50>s^Su&&jvrIXuxpZtov`glAUC-zERocrqvVKgZ}V|KhRTnh%E% ze^e9IE%KS-)2z2Hp7~t9RcV|ic>YlN-|W{N@xmX zM9WiIelk7_&u*4?r#%btd_(yS_$oZwRz8G0AL23gqeqDU0xy(P{35()@r>vD@cnqY zyyC~;)y`HuGo|D^S#K@#`{a)>&osu}2jyjm?|{c2lBdYu4^Nko@4>Ie^Tg-LbF0O- zQ~W#h`~7(83%N`DlX#?p+^#i&7{tg4-)!-v;*)Amtt!eB#S^pS57YkUxbuYkYwFh1bHDus)|*or=Vsz#uPOc>;_t(=ugHg! ze*s=xEWeTZe2hn4klTGPd+_wj@?*$zLUV0b@+EojU5;LxTH&z^h-aP|faliAd(-~g zEzgZ|>-UH7d`J0U;-9qmKUL=@Z0|}ueY4^pA^uZ~FC!m-@5Cc(~Q6|GYgGI;4g=K0-g!^EZq5bRIo*q*;$Nt48^~V z$3tGg-H`9Wr-!`yIojTdA+Lw0LhWgdj|_P~&;9+y-K&1|P9uZmdg9Ze{1YsH$Y)so zkT1cLA%71~gnS!5B;@<>Y{-u~S9KT?+OGO|GUToBi6QTU7eo1n;`xw|!#jrZJcjQK z#b@zEDE@6c9`Y~nLMYEZyk98(h?c5DI^?I~6+<4!H-+-wh&Kzx-;d`)@$>LlDE@7H zZ76;Vz9;0n@Ma;e>|Mz6_v?NkKLK|`>urM93waN`M#zWZk&xemM?=2AJk*|7EI-cl z?0o8Zuz%g7`DzRE{I7Vdiu??3Klhi4trVXaB_GFe`~UVb63FPh`Ai{z6ykL`!2 zd&}*4Vz+yKu=9$^p8K!s^IXTMq2@U0z^gm<{U+XFC|IW9_WdUv@tNe=8Ok%4c>6vS z%l`~+- zj5=>3Pb`#YEAjR{EphUEOMJ&r{7=N&_qJq+-;FzbuZ#bjDS!E!Jc&@A(yrfM)gAl3 zmwJA%w^VY~k0V3zk-)2ap9|1=)E+>$G#t?2HRUJaPK-#C{G>Y?fYWve5?U( z-zW1X$K@D#=7;h$CEmVYCgNy054Z21`2s&b@ET4ol&1^v_I)%~hn~27UyZ$fyqG+j zLU|Iz+xOR4o-1+tew+D@mTLpA;S@u8ZY18m@5Z+4R@}Z1rLI5^vw9V|kvy?fZ7(^w)gyGz;ZfM7(_ukL{-~5g!l5uOi;Q zpJ$(=L-oCHL+PMz5@AHY$&duaWh4K`Lx9|BWOZ*Pvr-$NyBHq6DC*x?@ zh1>T69bxCCfqT!%3FUEGYd^B@3-T@_1WSd$YdC8|@zsd8?-A-p{E@^LLh;8DZ{I6q z{azcl?;XmKrvZ8Pgz}t0ynPRm?AbN~35`bo#B?`i)-#7D?e1D_GNH}CPiNpFQ zzvQ{U-a_wgL541+l;~YN(Nw;f{9oa@`dtID&zJ4RqbDi8729=q8}gqeKZ^XP;L#n* zQ;X{x9r5B!d3BCom*Ls5@`2>J3D0bo+w%<`z@0gA`~2yAJT*yPsG<$?A3x~VA=+7f z0r@|+_`&jzY0po1_DFe(`jl=F#hv^qJ@W`Wbdp^wRxKot>OrEZI5g%SgzZi-a zDyW{-8E>QUWKHF1&hhI}+_^;YT}vy^V!T*gZqH5fA1~(DAy-~`9;7{6@k9l=T^HSl z$B4h1_@mk>PwWQ8ufrSR*`$07b#9A0hp9dGxyycd=4iQh8W1eQ@I+nZvHtZR!xfC@ zJ#xGMc9!Kivt)Y~;gOj9TH5nEp4=_Js;t(#8IND5_GF0Ph3EEa|Gg5gcs_Ngt~`@y zzyDYvznw1e-f3{Kw7}DUDUTgz<9M=5$vju$sZgGj#m5ytkNh)mr>oqK3yUpJJGouw zf7{|K$$OG#o8@mMe+A!*C$`DYX1w_y2M+q>bNRjaS$OV8d5bbibOD~)M|?T?U_A4! zJjHs);OP-^8*l!{c>VQ8Zj{@2TYx)^!#U*fKj!Sm7t5-Dx6#h^xEnk{-*KL%e|O@E zAYg7SR8dN08fW8{O0A8z?a zm-M@E=WMOF7kOsj=_ZQLQUAr3=XAx}`NkSNcCGwS@)YpoNadMAo zpQl2{qZ*$3^(nloczf>R8F=gi`PbCb{}_}XpL#+*m;C)L{wTS99^pnjIbUv{yYW9R z;pfS&mDeTD0?SW5?K)%*PfSz%LgK%){9EOApX8tBU&?={zxfwb? z<^FSx{iO{a&B@1Bl=sIo&&tOfA@^@v4YuoP`HS?|WIWIK*+~A`mVdqCU!@lm5P^@QU+_uHAgNqOuz?%$T$zW_>C}hAj?;?xSYPEooIHK;0>{T`)IW)5 znP*Co$bZ{0Snn~)(}_I(+laoWhsvkmAK~$Sa=R}5D;|rxdG%l)sd^4pU;QQlwd9O0$)Jw^YT`=tIK)-<7{m-t0O#&3BH(VNKljH?Ingx_Fqd6D_&89aKN{K`tfubmw3oG1U0 z6@QAS>&n|I-1!+VmXTkHJKhBZzdhN*<+i^ZZGMD&KJj(&!bS4e@w4%mUqEm92=9Ow zPm`ZZ$MnQAegVDZBL@%5P!(pMd9|mD};C37)%5-jY1$ z<59M^A?v*ekK^s};kf&_^6bLz$Ma9i?RYvDPv0fKnDxGhN5;sPljl{-KVIGl|Hyo{ z{0ICSJWrla89)0xKiGIH?Y-bVm{;}O-``WOEB_|ic?=%=LOukqho{%bPiDQ%@a#6Z zeQva?#c!9_ru~C0{yq6Chv*l#<8j(^8u9nyiO&^ZAD`p7f83e>ovsH?#Gl7w-QKbA0e;I zddFJ+!{s&~-sic0UX%}=|4hSohR&Cs!*ikdH}LmE@muh zRQbK+{}E5%L-GB1+&@wA78?)Mz0=fSo;gu@Ze)Pg#&atbZ`Yrj;>qQ5UOqZq@Qi=L z<1H@+|8<=H<~5Yx-X9redDbd^G4bQ@=o4( zd}7`}@%DM}9p?TCmA9Nlo>JZ$bAEkdC(D1wkH*u>)Xo*OzoEs~SNt&A>EapIYuCLm z!reEOXC-;A#*=T!t^T*0zaqEKiKp>gWv$oh`2?OiMDBktn!hZu_^R@ioUgub@rTO` zLA2u(aEJJ%_>Xv$et8N13(p^^JT}hDU!;1bkCK<6o=4%)vhuZfZ9KnD+q;_l&GGDd zd5Z1oWBE%f&scmY9;+xHijT)LmE=E>f3D@Bo~Pn3;>GfcZ%&>yo*!&KT~E9_UGcNX z^DUm6EuW45fu|lX>E$n`ZjZ^YA^vc@K>i!?I(T-5;xEOU;E^Zf&*L5N*dy{g@xFL! zrhGI$2zO}bZTQXRvr5L_g=eS9ZzcX=JVks8Uuf|UEB<=?P23In=Xf+!&)saT}z zXO80SeXIF+f;_jACui}Y{`vsVWxW%AZ?XAvD_&SCKaS($FSzT!0P&W`*dOQuW#^~~L^_;Y!^Ru^}-%I$e*=iuqR@`u@v5_s}U`CGx-9cL7tDiDuP$20y5 z7H>J5d2A8x{HXYI$o~c&{ZR35kmozgzf1AlnsNlG;SZ@7N*W7<$ z$@l#=d>XU6Kx6iZJ!qYEmz0Z^9 zEId;~`KQv(K6tK|@_dC4wfNKJ-etXDxeJd^ln-Kn&c!3!wBD(l=PbvwXUeVLKfrT& zwWnG{`M<-9anZEy4p#lOjR)xz@yd4c_?EuP&jx9^*~2G5)%Uq<{yyl|A< zuFuTJ-L~@cSnmgTvXFpL$IdnEb|IEsk@< zrsIjainsU8U$*@HuO;a?E*mJii@=W9IEPkFp<3YI@DzP~(5dk(om+m-oTZvA@_?p&+C@8Tm2fIUO(f z7xcX4b=uz*Pra^ouBf8z9g4dj$zLifzsvk$xxJ777#`zz>YZ){%VLW^P4T1fxA5q5 za_jdmaOZjX5aRdXY2wWf^Zv*0FK40RW5hScV|W_xfM?177v2w#GS7^~Z^CorITybV zPm;%czU5z3vOTZj1w2Zg4S4(v#ka+O#&guoywcU$Ubm&jgN@tTc=EiGejXn6FGPFG zt&E3D@zfVu?|ZEG4m{sldF=ZCEIhtJ@m~`EDxTaZxAXr^mM15-^TXe8hdk}bQ`Nh` z<@aOm6UEPEd^W`0to(N3JL0Lw)y}htzYdT1Z%lZL)n^QztgkwpK^>;!Y5&5zx7c$7 z7F(WkOXhhK&$N=C&U!ak{0QZ#9b|KyU(7kLo{m@aUikaln>a^#vUqJg`IojgiJyb# z%j)=kEPfH5*;}%m!|=#Lx!u2%w)}U?y=gF5p25=vt@l=ZB_7>FzuA2flZtdxVJAcaU`t2=vF0K08>(i-thIy|g z?aAVWL5jEgTi&z$Q{{FY_y;_HyWGAnvix=0u2dzt_cAJ2YT+(^9^Mo$+^#y!P?MugJV4R`#0ZN+jS=Kr{lThay#!mA9uT`ALnyi8;EDWQG6fTc>`X!U-35o zJY@OHYaG7HdY{1)&ne!<;oEp*hw?Wj{}*`jF6FWNYJSHvGgJrt)^VzM7n=O-EsjTlO2D&C+vWO*Iei1_1h zhjH5kZ-yuLb`PW+=aX^V?bai3JD(hcr~Xy^b;OUs3mhNsC;wx3?oY+r>&-=Yp5xcU z#J`0XOZN!G?tj=~{+!&-WB1_kh4OFMziM~`IG6`GF5C5@Gx5Zeiob{TUVuB5u*=~ zaQSD4Xaml`qxIz194_yGyN}E5^QV{LMe6WZ1;yWpr_WKmeed2B%kz`GWqHNV#k0HR zR{yumtIF+pS)bv>!{qv};}k8P`K@Us<&WG%KMqi2PwLqOk8YEHgm=WV@5t||t~^)Z z`8(tj87Ft*&M)){CEsxWWUs`;3`RDZGE7x3ltLPW+<1wz!&n5mlyx329PQokRrtK>5x~2u^?Z@D0&WHOEe;S^-RC&Io z{q6AF(el~Uxi20YuXg@Uo~!U8?-MoUxG)Zn9;Q5x(w^zK+e}`Gak$v>pDnlh7V>!E zN7cU}^UqE^u~WW?{wh71{{2C|hV80}7v`z`8)$zsJmKH?=PmU)p7y{q)#W3}e*+%H zy?+MFeRz!PB$M$4c>G-D=|eqpc=`tUUBs`$QW!I@IiPwC%5~SM_Qh|{36W+b@%gxWwBlc4dspH4*VWE{ ztqyqcS^25#N8jPu1@e}(bHDlV%5R^Cs&fZ*xIkW>{4MZUO?gf755Q9&DgTeOeeXht#Jj?%pk5R!R+u&CY1(7+ z(tO;Rr1%!4mH$;ddWqcji**)HomWz~ukrN7iob{T{^|L_#^E7%`qz1CdS8t0oj3)H zPF(yyJ6QbDLHwak#rJH6*I(5Q{0OJ;f#s3=|2;A!-|D;pcgM62;_Uf0JMes=OW-l3arWTFmpcV=HePMK+L`awK9GO$`sSBh z7)THL_bfa+OMWWxZSlzC+TPN5PrTSt{ti9}cS|dewP!dUbJfn(#NUe-wwBzkCoKNw zwn3zR>o`mCNI`k_kmsGi`Nsi23jf1*Tb_T;527F7Z%R*4-7>#ujo#(rV2R+_t?IAu zsoSY|w3XU96K{zZx_1u#-pU<7)_F4Q8)uATaTix40 zf4@lbe0Z1mWAIcj)zkKuGw@us<2R%F|ayHB?XM7{4ghuqCLd{nZF_+#+wt+q{#PJ#r?TJ4taQ<- zsq&mzLBG5hcfQnmkD!0A!=r7^4+2jh*PVD|dddBL2A<~g9X4M*XZfE}JMBDkIbJ+V zw(n#%mlzBCV=XR+6f0E}yJX=of=}*ebai@>^_Z0j(+`Zs} zKq`_a75IPK^RUG)(fsf-Ay4ADsme1KUxXLvN2~v9mgg4DKlZtsPx0hD?bnklDbde( z{$16fNdA8;zyE*~Z?VriSM_!ff4__P54`dg@8xr_)WwUT<9IVXKT-M5BK~~yj>>a7 z-U~0Br6ZSJHyeb)vclpI%CJVO1; z6aOCWysr9OLH};_{7~;aITiZex9!B|?o+&a*>TF;>o`$z9{A$~&;2}w(EF<2tnlM& zILUP-&sWd%;{AS!UZHw^PO^@8_EwG0{*3d!=6|W44-tQ@<+)e=H5I=NPq~V>_xGpZ z$p>|Od6W2Amj4!wH#-k}+Txe04%3K#0ndG>{q9|SJzjW5+jS1@U-_l#6WOOalqG%} z@y=ZuKh@~4-^^of5P3}*{XwbwRJYuhT>^-Sotk*0r~GpI_dGnxd6BlxaRyqRQra$i ze%JMQv4D^uR7Rvy@|)VX*{3HdN<;^{u*y< z7(ZX(PUyH(=HVkJd61JmCBzY z|M__KF|~gN+j|L~WW04GK8d?8r~+5uqw(|-<%yH$K|J?*ryz1V@lWCLya`V&RUSM49E)e0%QdTbpVPtbPHB^DfOR%#}mrGj{3~TbN&Owyrnk2 z5RY_Lzt^M=uUno$%9AI4ec=4#fFC=FFSgJ)SF5~hr4Oo}iG3Fa(Lb=g$KlCR+O8+b z)fjg|$Jw@c<~7YTCy=Kv9^YKDzsBIvdsNTk$UhBF{ZXPPFBm3aDhwf{@{ zH;-r9Y5crGd%nSQ$GX89tFhkS1Lq$H{HW-iPzB>{nZ|iv@*Ixm-_-nO&oSPg)%>4i z{x6X0RN_(y2` z&K%t3ISkLS-skbiRf@OIspatKe${yi@mulua=FWXvBz`&ytf!S?>*#U)ib-JYNB2XWJ5A2#ufacrtW7b_kv-uX-+E-6Ji}_a)nT7w)vv zxIL8k*?8tA)vYo99G(reXNBeOp&n^X{2II%ng=%ExyD_C$c@DRipM|H{BQ{MFYBF< z`{OnqTJK@Fd#~2}An^_Hz`&Yu|0X()xb?8B!6U;Z296xO=&mF4g5aI{mk?kepZwZ{B1Aa^) zzWAWp`6Iu}Se|s7KPAo4Nd$Kkm~>i4eH|K7j}I^f4_;)^RZe(ZhZ zC3s?<`mqUr^A?`=AFSss&CBQ)U*gf;>X(6H=WjfJhmMbvY0n{#vfqW?ANl?_-~YQb zB0k}0e|d(G4uStS{wm@#w`ly>`PiN27pgve_|r5V<$C5Kd^Vn{u6a9&FU4b@s17dM z^*Wvi9rwS&I$H-rK2IFdv&OoZ${DZp-)PB3p))r3;RvxeH!O|O# zmscGw!Ci0I_~SOs^Mab=gDn0wjjIXxZRTH;-0$wiQ=#*gS%LG%2mDxMd9K%fx0~^^ z3XjxsgXoU@%?8WQb9FAmzr(X*RR1WxA5V{H9f+OZ9^>sG{`M9pxPfo2tUqXiC*rE- zlk`hl+<8Isq@Dl7El(wl!+uKR497E}^Yav*49y!;J&$Hn&r^th0*`&J z?YaqHj3+|#c^)q;RQwX!vlUN%R&t#GiDxfYym!-Bu#}m_e$-Iy|AqC|#51kb&a?4T z1Lq$H{Af*lWSfo)y%>iV;`z36`<(BUc>GSa$L5V2@JxI4m-b@sb0mQuutNU#IpTA- zYyNM^dY9vg$JLKV5x)U1@P1zd{43nyx{dYwK6AcT_cY?GdKZrT{V`EWb$%B=1usli zJtKH4^9OVsS%$~)_@^cNE8)5Ser1a5#$}1Wf%sw{^~*H2cM|SCpgOFee;44X>s5zi z$+HYka-GfExgL*vq4?H}tL>g2>UiHn%5!&XkmoPrGY^#9-fFW|pXeQ(gUG*#KL(G- zG#>1AbOSthyW(y9G{YUP*R3Z{d&?i1uLj|T6Ev>Aru{cr9_Go5$P+7FD%ek}gsw|Z zB0f1%_57ZCK8P2O(hNVE`oD;$JGw#UxAE8TNa*#*_js-UX!j-7 z!V96}*Xeki=iu3X)C$jZa2IR|H$_GE3rFe0y>UoXWc`tDOalntQfqU;4|D*N{qdmLuSPwUd zw(D>I;K{{m&zr$-9jEdfZLc#{d79y;;O@B^=TDW@FPfR>G=6Sk{ItW+5RDb0hA2S8~68!2B_tKNM-t96a*9)_Zg*{bG^DM-^}P9le6bCuw`nAkQawf#*zK zg>T0b<@Dj=|@eS5f{b?R*I@UeZ>P_!>Op ze{qbr*!?_P@xqD9ze|7R>@lCDJg4J_JgIu7Hfevf>z`5FZLN9o(K7mjrWPN%kD@1D z9H9Jm92saHIxZ)1=TtXH{5$O#gGW!0H^iso3GxiY-@x-oPdhH6~de0w5ZJXQ5vz<%8kPt4SMt^IxQ)VcEeh`$DpHEa{CFU@*K;gM521o8v^ z0Pa-PdLP8+;mK2U{%_yw^cJ4yeRjJaax?B;;szN$CeJq(f2{gf|8<;Qc)YXvr7rOm z=BqvhUhmAtkH>SN<9H)H-&mDAj&a+@{8%^0Fqk|S;l;t4A6~$(vHX{I2*i#Tcj0a) z_2W+BXW>o@?MHUM(*lbRooBvm&ie&#ljj}0$o;PW;$PsI&^X+UNA~ObkN2`DSgI{h z-4YLL-l&3~h)36IeBM++zi4dn3)Oy`|Brk4;QNtFd?BX&WfS8qjytEhL1KF@*`;`f z<4Y6Tb1m-9Qy%YSOR(H#{+rtWD1INF;QpVE_&hxJi|TMJ{r(0X9jSh_d3!USi)x(L zC(j>vey02!{IF+K&uHkn;)!_iN$p?fv)-n7j_(azT~>)Ym{-((% z!*ewh-kZ96*W>Zw8b5ZPKN-*M>JlW*(Vpp^``eq~dys8==MbO%QSmY2mslQNubID( zySvoRdc^;V7kGco_Uj7Iv%haFnLmohmUap-h_ILG0MhqZs%>&KJvXnob83G0nnp3v*@-nctY z`_YFSrv{ndr~Tz#+H)Q53|9W1@w@P11;!!%5FQWRZ}2Rh`Aqrk^~G{LQA=BTGI`eH zsnGq0yYT2cTJLMbSIqkL{O?jTaPNK9bJZ{X==X+r;&aWO(yFLbpJ!V!O8E zG5?EWyv6eTWBKnW8R32^ZK-L={;?DbbYJhDdZnOk0e&;rl@P;$TSjA!|L zO;7S)gvWkSI}gQ2;Hd!@2BO)(aVFz&-j6m5LKD|}jYwrucfjjqUzOwE5 z5Ks2kcFiMy!SalX2V&PJcj3ivRG+WdU#cut-J-WB&yVCe5l>&C{+*0B!wc0kehw?6 zUv$Ka+e+5+GCUVLkNVp?VfK$NiO}(7B=M2Z`wJ8B*lhK?9j_n6Q_M?)82@v;H&%^^PjobsGY{35*AMB8hxzuvU^jPl!a5~6sK_w{PBUo^p^^A-OldD;ffKMwfOoA}H&ZI^u?<+Zr;w%XZ- zI*iBjH8g%ElvA?D@nm_m->!o#w|M50c9j&r!Q#0-e;aMufv3x<{@>$&;6?w7DZQmH z9$BLLr@FL?EqnAph#&OZ+L@gngK*FzHgZk6T#L-lEiufx+{_X?yA$@XVne~L6j;GpDXWH2gFP!ZLk)!CB{&*~Oo#&4S55C?B#OJu~VaJgf zc)Cj0AisB79xO|7Cv@Ih2%Mk;e(WdS{X_McR#Cq^e%Zm>b4K7^9k}ji@2j4V=lm~F z^Oob4#_5Nr;;jQ&P5$OjYM$>Gnul*7zVML7!_DMLS)R$7-&)~M;rWb?J9Y3S=0oKF zQvdhy^vycn+3{i%p4qN`+{JkK)#6ubfBz9b#5+Ot&nr@VzUEZc+XzpG?hm=Z;y+QH zcN5R)aZ?#?R7`Gqb zvB%^Qws#xu@P66p@~Wt@aD=pTSaLh3Zq_^O9P-_dN!9g3m2#G&;^{c%;1YJWZa#PijAUnf<6A z-qGS0sbB2*+x_tP7G<{af4w=Mw{1wCJMjD?8V`-}G@j)3qg@Y~ho?fXkCs}V>DsT? zlIIP)_>d}a9ljoq@c9=V-5h7T=l=a*;mJis}%6Jms?yA62aGu7vB^6bDPd`_(i z{u`b=v11^1eZKUos$2S3wdXG4BX|P0_140RpJ}@WaJ)MwaQ^s!AAN|AhF%w3g{Qfn z!RE=E{zsmP#HT`err|lRZ(G02$0PeSo-?#*1s+Rkyd6Tnuf-ELs}6P^@&%sZ`k0+B z?ZgX%)L%2nzuWTMrTx*4zok|)K3`CKhO*wn@Z2`VKSiEeczVCa^CbLqbMBM$Ru?Sg zzW4Kck6EhW3i$8Fk4zb3KX{^qn(t#X{JaW{0`W+a~Itvut&a~~eNTlH*JUMrr7 z=ih1_KpV!%^LXS>)!D|?O7qZq-^HCfRiDjl*Css5_shrdZ}HS#H;~D+=P$g-^~qMm z*U0&w_y6y5is$}$X_4yyq;Zmb96m6hl;JRiDWy-VP%?0_E$;*)%C zB~LrYcIKO0Y5$=J{Q`qZ}IqS)u#@B zv)l7SOV@BlhMpr)>UGt}3H4W9Ji+_6?~>Ux7H!^vHRH;<2lZ&^;eGb9`1J1 zIP6LO&+!!Vz|-Xa4lmrQEqaFd(r>Uo@_GN-#7FSRMaqA5Y5k%Op1oUp;aTOi z{~DfPzq9v?H+k-#kGZ_>UzR*Oh);2To4|MD(H83W4%Da0o2q9a^!nmBJh4^v{Ggl? z)yJJ(CC@ipycjwUk9+R7v)o78@7Ud)!Nf9Y!<}m9xn<;s z;mH=-u2ZO6Z9LEOou-oiEWFTM?ca}g#j|CV|8o2?JTdG+v=GW7n`1$d!>@_$AAMR+W99d864|3vHkmiX~_k>?=Y zfj@#5TByG!(*A{b;)}LHWRm!I@eI$`dJNx!JMU|poKKy1;n}qE>$l$Xi{4g!BDIv? z?(3*(evZb;MDj=R=&#DKnfxs*zNx$s?e7{me|*4?%ZN|i*(Oj`$#HJ;+~2RAtNSXN zJoghH*{AsOOrW#P%jtE8z0dd}UVOGgkY@wyehW|Xeo*~#`o(68U#xih9L*27`*gb? zupxQ&yaPGKN*jYK0k=G_tzf8qc^LayT~&ikFC%+IR}3QPp(i;jm6&%oPQkf<8#Z; zb>^Y`?oT`uIuEb#4*MzhHN9L$e^4DSj@5DYD)Q99bG#01il2qYF4A_LM;$uh$qPFK zk=u#C3{P<#=@@(@Uie(wYwssc#uN3Gzc1~aW_i|h3NjqZdgtTGuhjmUQLW$wJkRq9 zk7vDW@pu)r^9}NB!PDF)c{{!nFZNe_Bl7IC_b4h8h3=a=^gV5_vs?XjHRGot?uK5cw8r!M)sHrhb;jcx)t;@iv#)vm z3j#^e&Y_n73&mfK--0KZ-{#}v@z{Euk9lv$2g@wWQ$zhVzP$VeJjMMj=ZT%wc$Vw= zwjZs-6F)1@#tQm_Z}B+iQHPM{58NHDI$VNRcwhBQT%++^7e5Y9a=)VO7cKA@pL@N9 z_>LCO>r=}!7|+boIJ|=R8}USY)w2?HxC4*QRsHRKgnRJ(8OqazJo9m9i{icAAy}5< zvCwtJxA8~^)y{>a^3{)*C(-Aw4tQjwj=w+hH~sP0j~51VJMABir+-yHK27^mc=Sq*&+p0e zC?4ne9#*#{-UV3yex!P#_rVtt?|iI&Uqt@5J@?OJ3&Z*bnQM^$b6f9B#UDldZ+PTQ zH;A0ccq^Y*-D08V7RK=64;s(+kiRpY=6&iD@xFMfrAE{sdHve`>Vn{{6bq z(EBNO5%0WqVG!S%_D?e(tp2S_{^#&$W3Bg{iu%QBJbjnO=LX`p;JK%}1!B)B`px3& zs=w;8-pU`VKKTk=g80gex0CSLgzkaAN&cpIF{eCB$ZfurN{wZ5Ye{edU4aIlIRiBM<20TZ z68|Hf;B!4T5B!U#W~mN#AKFpgj_)5AoHd%q_K_!sN4{_asmnlbj~9N`dWTSli}CDO z`3UmdWO?q^xc!LuiFlN8Zr5REnQv9ysxTg2G{08)FDCzL%OCoj^=3SFjpjGIp0>lB z=R8=QOMRj`WFFEuyuY$m5W$N)XP^n|t&6+s)XpQ>t{Co|6b~Y+;~ntWF3qcXyf>b{ zUF*G_{6j5I=>6G|mgiyB;UV%&#gn1?D>8UtjOKy6$iEyHxO`Z*Seu1`kCBDm?_j9ks%Wq`=4ZV)2g%{dtp0T=}g(pX8zo9XfIz!r{dkOnjdEqH>j+yf*UhvR$4TQZ$4yQ{oY@v1x^A$@;;(dr zmNcrM2Cc@6JU?wk8TrR}zMkrK8NLnAT(A1;w~q6Z#fLsuTYi)38NaoAkl5;6AJ6f5 zPaC%_@Fe$#SpIIf^O7nsP|bAuTb?SK4+rB{;_=6|pAIgkUyQc=q3d;%@IvT)fhRoo zkDG4j`5udiPw+XBYOMDiJU&eAwDxbrBO5h-I1@nYz8Yacv6PW9}_c(@UF zc>U!a4uWM8o|&f#)MtC=1n!OBnl6$0@e=Wgxbo-t?Yp=e8dpEy*{Q1Y4QyC>@5I1A z{>J?W=y}U8Z-!_{?wUxn)`g35Z@7Z9_tmzGj#C9xEs13cs!mRsrI}=o>_Q? z`wTT(I?h7R{qxxH^W~NkpD(9=x6f<5kEi!&X0Z9~b38sn`{N|~9Yuf}ZA4~gBz_TyOcj2evkvp}$58)l~!ce(pW5?-(XSm)qf%vQNkePjemk5%RAy|6295 z*Ja;Y9zN%uCcexUs#}EXY4*CcBAzX3|EkY+9fud*k&h!!BRt(p^MlRLE?&GxviJG90=RsvCwtY zzIcZFx+l~AVR+$1_4_K?Ki2Z_`S+H@KZ55%_od7?AM6H^c7MWByhxsN$ny@K4IOtj z;`s^MuG5JB4tIZ4o$JtFWxn+5_TS~mz`gHB+tN1pwJ->4DTjd^<-9-FFmTAsP)9o-=F0P-)#i=p$h zEqHv8_KRnT-|e~Io{^#Zaw}}rc#9RZy`!jSO*|3$JVkrlxnJYf?qlzcC;!xXSF+ww zxr6u1)x^6qH4hA9yp6&0qjdaAk!Kp7IZwyadx@WG{*@a<_M)EizR_{NM(DWzGV$rI z$}@&}@@+i&h{nI2hZk^{`*Iu6p5O6oQ;oyg)UA3!^-PY}cG>&LC*q0g)bBfJe^We? zSDrV$m(Kpush~Xh(Cg4E@WKa*x9j1z2k!l0Xqj4|JzSUmncqK!CqmaDU&jkPFGaoV zI2$d#h3oi>%W<|?Q2x{<>aQO7e!O_2>fF-*BX2ouo8k*6bq)UAJNU2TG{WPvG!DJf zn_xK`&paU?j<>_}&&WTbTsL_)&P2=XSn~Pr@^NPo?+rGgxL= z{x6k(S}FN6=A*T}_PL(bc#O}nE+)^%c%rlBw<{Sx-{b$UwRew`JgMqLli@jdk@g~j zirT2IuHtg_wz#^mJZvAAMOfv2zvmGVzxZYK_{Z%JOy%!H#EFO#C(b!> z;zYy|J706e@;~-tO1JAjIV+H#d$cBet-)`eQ9RGE{LeP{Ws5U(KmYR$e&i8~=i2RB z;Do_zuU7tlmd&G620xy?m$zr|>lWuTwtD}i!Ef060T!r<5JoyY%a`QL8vqi1wn z4j!Qi?=krCw!**K@_*FxXZv5DF!)BMM{fUfrQ5Z)t6chH!~ZmcpZh+Af9Gvl!Eu8h zpHcpNg5^J9@Edid^GmHgFLnHOZs^+#e%|0$&uaUR8T_KbuRl{cAD{B?jqo?puG`D} z^FQYJ?f%cMwdWTNe)$6`XP#|%-evG3+4}c`j>qhfIm`dw3_kb`rNe(T_@n--(e3|I z_%Y8~mKbttnM&wU-(EYNnUJ z)8Lo?Q1LHXd%oY`M?awQ@aYD>YVa%Hcv2v{27kN3ul9~B(;5Q6j z`$~m>lfi4yFSOH+{-(C)tBrr2VDQ09m2MY|KHp&Qjeo6j@|xj!k;5~6S2y_a4{5*P zUXXv=2ES_OF1^1$_VcRmj%NCq!#!CgV+8><@VE!Zl5stHM_rJ(eOX|FO|-4#U_zNA+uPEjpwt6=Ve*8DJJzr_~|GB}hX6whH!H?Lz z>%Q*$ZioM>;`tAT=Ze8Ezkf?w^4r#)Hyiv~cF)P%4Ssc1@w~+Fe8AvGzC`)(QwIOI z!LOT~xzq4}!Qkg^S2^}}gForNDLt>-zL@LT=NP>9BMXxA`z-&Q=YRf^K%Vv(P1rK{ zwZ4w;Q;eQ%gI~$~Cl?KVgU=}cf9In$;g=15{Lge8 zf7R-Jx52NySLGp=tMczd2ES?d4!QjNn8A%D3OM{g{s{-LCvA zZKvmdvcb>2N89Q0@L2}G@dJwg8OHy|0hf44TNhZjYTsu0FK7E`n+D(bHtp}Ttev|C zznSghyu#quU!dcNZ5sLa0|vj^(RtzbSG*DMqn0QA^ES(W&D#HsmiQjWWBXaI?>=Ji zn{B248!i8T_52@Gdj6k})r7w@_+VM*uluo|@Cl{!Wjn9*rH1F(2EU%&?>b}fYuSF{ z%M5;GsC0Ox;d!OOZ)WkC@B9gspU1O!fSNQ7mwq5)PE-(s{g)9;E22UjLMS_S(fJ+e8&82XAC}T@N0ji zD&<=&8|B}t4ZiU)g?syd%-}bEK-=%~=jR>%FBE><@cf#= zk68W>8vOl^-|Uu`82k?ne*Co7>w56d41R4#;hUEKZw-F=;DkWjZv4_uDqkHRYkS`J zC@pZ*;18KU)Ah>>1#U=_Kbw~S=x24@pJ{0ggI}3ZKL2@>OBW43xNAmoo`0kkc&))V z?ET{B8lE>Ae8$@E^!#;$Uw^Ig^MU361A||_L*=~di@!4X@ekiCId6M}7WjLE-?018 zl#38Q@F}Iw^-b;9J%;~T2ET0UVz8_Hd$GXnBl)vt`5*e(-uE z8T@!%`{nU(KMFYQ;iqQy@K0I(>$MfBRi$yQ_7;O*Grj)`8{c;seB=LEll*Sy|AE0T z7s?NxxAuI};OG8S$MIVX&%ghDZO_@PJzuc=SAI?T?PWH;M?S6eJo-D!Qtw|Ijh<=n z%h`Q&cNqM}oQ|XKhb|lZW=HAs7l!Aw!OwlUw(|?t{#}P}YI}TL{7Q#g{KlUfp4S_^ z_M?je`4emZTRnd!C;!OcGk-TH`9EOt{1cwv-mM-O{x1sLK9WCA`i#=&obA7?TH4bM zUbA}$m3wg?j=_)qv_jxMm47D;e*Hb#-`kDfzTMzgZ5}=E(VG8)!3Te+zuVxiH~5v0s{DL{!LJ$o$Sdas@(l)mr@@b&y-y&oGx+Z~{w)6U&kcUr&e@%} z{GT=WmH(jqeXqga4~5SCtc^@haifRpk?RYZ-}UlS4Sw}+bf)~I;rRxGU%sIH^9~!w z7dw1k`}JI-=Q7~5Tb{bFn&qj6=Vg}v%CBpFpVy!IGi~S7vh~QzE&sJYToDY%4bQ6# ze$?)ne}%zcXYd>L-qV{5{!0e0nZ1Ee`S(tPAF=n8KV`>pZJu2-{Sdy zSmh_gto&Osc+KJje#qe8Zt%+=Q;p_){-D7hI=>+~pKIgwg9aarW(5Ab#^3RGoHUEzrp073d)j!d8KGqoPxWON~U*+T*EdQdw?IZbf z#`0hOl+yD*S$i%TeCC+e>-70vgI{}>=KmVY|9XROSlpDKJ9v}8lM3zUZ&>~#wvYea z2EXq3?cK3WgMZ=>JpW+%uRle{@&C2_Ps0W-`S3=zZ*rHx&;6Ft&EsI_0q42we4l#V z^Jn{C1A|}tsLqRDvU zo?`Rs%#2`otij)E`LDiqQQ%)^_&;Fq+B=m#dj|i1ygeso1mb?qzcu*HtiQMYoz{Eg z+jO2nZOOlJ!cL6&@U)`++Vco`RzW;8N>fQ z2A{F}&vg{=p0(ro616nmZ~1@O;oqt9%IEJN82s9kPfAXg=bte6##rUmUzpsu4Gc!U zy3*19`hNG53|_PI?5>xeVep$jt#aG<`(9-5>vlfW?T3>FzntmKe_`;A2b2OIv-S)C zKWcqU|9rpa&-}o@Z1AIR)AoFo@y|O9UbARzn*OH zfx)l6N%?ux+Vi~zzx*1dkIR#vb@`KXOd@?FUUyebn*% zuR8Di{(MfT4e=+#+H)=ayZt$lI z+&+>&FS7hIFFqyECm9{?HTcF&<)1ej{G7p$KB#i+O@`}&!)-tAn+*Ovj>qhL_j~-f z!Dmh@zq!Bns==@R!u^8b9-Hs)F!&(5@8Z1%KlcjFf6?mwn8P1Z{2r(A*N$gS;SX59 z9{Kl5&ztus{NEd%ry0EV2JP?Z+cn{N1|MYi04y5(+VAPOTrfVV8~nza!rhOtYw*kF zclu$=f6?H_GrRgn9KXF|@@8x2&l~)RwI5+%^6%{izxtF}`JQ{c!ryK1!G{&@^7+G_ z-~6u1y|vokIQ;S2{-L6&J>v69wFLge?#pcD!3|@Pp z;{U9T%fR3pyNc&=R_{fFUt3o_<$kd5H~4kiM}s>^{=MGdH|*T*ZyI0yn!#&7qw{_I zSk3=ogAXQJuhxS1uMB=Xi!=X%!7sOTUHmgv@8iCp^f~u(#q)0s{v3zfIoXcE?>6|+ z?0(?02EW$UcK&B;|GvQo**?yz4gS#Ul+Ja-|1$=^lHE`8E`y(YNawrH-;Wsl#-{e` zdkoLt8hj)3=RXn-Sjwe`ep}_$#PT0;covWG%?7{uS1PZ5+4z6K;2Uv?S#QEf2%@%#OiH0{PQ}F?>6|v;MYx_H*MZsG5GOktDZV%{PwdB|Ia$U?>6|` z4gS#M6#jsX<9iH#)9y`bS-l@L_?7Qd`a6Gq+VT99w*QINo_{d-@xRb{^z_>m(e3}J z^t}4HvVMQ2!Dl|J`QK-F?lkyiTOZ9?dsYp8JUb8AGWhk^tNiad-3)#+FH> zee}bYfB$#c&d1k2^5hwV=$|)O{ww=Bua(-h+S?3%w4wa$-C21j|_g~ zu|}US(}YiY{ugQcZ`gQ!!Smbun9njikNKj~^M>7<^wS1^vcU&g+`=;re)%<8?<*|- zjKR-k_V6jk|N0rp`Ky+H-{3PZQ2xQE{QEA0U%pK#bH&>K69zwG=hNSA`G3jaH*DYM z69#{u!3TEVwXTwCwU2s!dsnMr`9E&(TBZk&)E*)7?aH%tyw#^qe9FI{ zcKBPho!X09?H3Jx{na`ne(=$n|NREP`3%MXVZ;A%gP;4iI`6*A@PEPad{X7P$Ju_x zBb07eAJlrk-01dPgCEW2FH?&HnY4|5prt`K{Xi1(RdHZSZr?(s^{;^8XiuUu!G;Lk6D%<56yJncRMq z!9Qd9A3CS)d5OUv4}S>t=1j&9Pc`_B_v*a(W6OWc;McP_x)TP!dau&i<;fX?U;a_; z@0S`Kb^xc}dnWUHPdtCNfA@oq-{KrzW9@mP!E2dc@!uKz+>Gj-->`B2pur!yUE9;N z_WY^m&-VTQR^V1y^5;t)sdPJPe5+hqt35;DNk;qmEtdbf-GBH7gWm@@{ZTdZS3l0+ z4a+}xzRr}k!TSckY;g;(Gd_8(!Dnng>yqXFaf9D{r{Z~r_4nTx{G8dhPqh4RH~3Y% z=f~ek{D{CUQ}X9imjB8xE1&$9(fJ<@e)$zj=ijq3PlThA{C54S^7)$${Y^*HTw;GLFyBHR`ozb`$HpcsnR=3|P zM#$0bH+H-I?Pj;p9`}c%Mssqh*6QyMy2ZF?AAA1uUU>KPOpTpRuhVD_hs}dV(HjpB zYCFT`e$i-8_V*7^B>8F}=eU%0+#K!}<72H>tr!mbLp1f$es`le92LWjVW&4<>U4|w zes5e{8ZYC&!(Ou+bDVB=JMGT+U{Q+hHQT_y(`Wi-G3XD+0)L3eKk#3Z(O#{mfYAm&MuTRnUv(mVQ{$|l^vy#y9rAbf56XQU1o$blESeOhX&v3Xp+N~=Qme8XvGBLq_ zBQ^U()fpr!t_YFM;3qcM&#=UaV!VbymeJ$)@`#`F7`^ya2P2Lhw9;?3wG+a6TJKtM zQQ7E>GR|^uFkwwabDwC|M%IC~(V6D3N01O09S56Ez{H$Mmn!g-pk6>JB~%sAToWAI zD%$gVlivB&V!uB;s1%zg4g0$r%b^DLW&zN=X5pf(VY4^ta7bhR{{DW^8&|UTdzfR$ z*zDFZ++>1KWU*UFk-bj04JJ2gEflRTChvuqt=Haa?%t7o$Nnu|(wS|1iK1ZAkQ>9d z(j1Lrt={+gWP4NyPY9J(`u+2hLA`kS#HX8p*XB9e0h@m2on)5TUYlTuio zSRNPqLe+BW%O{;-5hN+HCRHf{vLyz0ZM4)MVlq|IPc+AS#c;V-Z}kVrm8P>^)X%DO z@Y1l5o?2__P@Ps7e5+%yH0Ia;JxOrUU^H!w6QxESOe;1Y83_^D+h&@sg%N zQsp!UXtQYbd#z5lQy6j9Ak3w&>{7jG4qJO`qqzg}oQO*DTT7-_Oxze2JDp2O%D6f1 zv^dIapdcziR$yijx&Uk2ih2ST1ad?5Hz(aglNU#==0NQjQ)2D;Zhs^MTWY)BTxy5v zX!b01X=wmCKh_5YuA@pm8c;maWv0e*p!3PCtqlQCbF;|uI#g36?eaQvNc|gq9i9|4 zu`(f3K(4tKcDm!x8U@81)QN6yWU@vm>uGC3wGwEnx!o0lto7G0b1q@%We%=S#)l&< zCo0x5ETG*iM*Z%Ef`2BM|D2SjGfAU;;XLrdHVnk`uoSl^yQ|GhpjsWm(!PuRIi}K( zWOAB@@{MtGw*f}#OW%;15de@?@THglEIaNGX2*h%4FCi>xdl@dHO!7{lVJy~>5LkC zT0*S4Q=3t}-}S;5+%r2F@Abi=!s((42*vzbZ;cbpNZ``2xl3Kmxwp8g?*2xo%){P%KWS9%SBWSvklL zPS*<~$Ug=8Pn*RQlEDflDgw-a^3SzCrKj3t3tT=W1_{2wFK$Icgi`deAQRjW<4Q@# zIDt~$mNNGy`^7M=2r1F*n& z$Ep!lJ&g`xj>7b2LBTUOf!RB2MlUTMk;jrm-4EN?5ef`^5o&Td7;vSD%k5hx1KFgI zZdcGsQfdl#4zbZzJD1e#DM3NpY1LWZlLe5MBApMdNUVp$Q}@UH^F{CB(np79Fg~5u z;`Lr3Yh!D9N?PNkGtKV#O^jg>A_SnW4wlq~aM;PM)s=yGA0T|2vf61hxl~7{-JbvK z_AhSCb7=)I+!>NSpr1s3k80b^QL%%m=%2f-ez!l=jG|wsFwi)C zfq-A_Vlb>>$vp0B#iLpat9?a--~Fx?~9xs`@PdCx^1k#V#XcNr2*<;LA(Ql-ShEh=$SZ!Sc+5|si&xf zWDiaROO&6X{?gYi4q3n|1V(d!FJsjYi#q~V3$RT{hK_CSVllL*AlP*9kn~%k zdWT}aNmeyJMY!?XTrK>GmSU-`Hh_EwDa9|W3E{{{+Df^Um7tZ9)rZwW>fIowwf?;F zkWqUi4c1l3PMWm09psCxj`5#*kjEQ_@xh&NWRTw0sR#)Q+S|Hc@GGtSS)8G zq|xj5mU|bPBbYTYRTn($w-Q-8ojEr`on^%QqRBui=NMl4i6fCqWMf-Ch!1Z?JU3 z(og9RT%fL|M>XAA&=zq20KOlm-FUAtR#MmWr3p%^CE7NPpNP=I+& zBiAl=+9)r5yfna~hby+CC>qay-rbE}vHM^#?CWj^*uh<#?M}0|+T885YTeE@OiAp! z>~kT}*zWY2!vkz#U;)BK0QXhe51VO(l~ZFx?{%IP%dggXpu5lf|pY#3oUw>x7^>p*Jk_|F~|KT=}9c^-RB{RzDX0thMiaSWBfFJlRzIQ*GA zM;DqqQ#^85?~WT3V0r5Q?(^gPK6+MXA#oO@Qt-Jjd=oE_=%jr8jsg9wy|7_9g2Gj<|>fQV6t%#do1tyo5O#h{pt2Ksjvj z>E}R005>E0{GYHm(82zMrQE@cx91d3_-Y$zqFF+Clr_%K30;4-c>53n}5 zC>X{mqC62|5erprO2+X@7AanIfqqhYqMXF3s0fMdcR*8umIPNRWhx?$*LobFP(TR7 zErwW2XT+i4ruIIRP!t&=8m10JnvxAeniL5wP^o&vC5w9XWC%*GB!~3jUK)*H4kj36 z+W-zo7dD~&*uvUxjx$L>fiJowW&@$D(=d0i+>Z4jp$>%`if0aNY3cH47Nb7G zHdo9xnuWKXYmWqUD`Bzr(#6g7ke3B39i$?nT8y~>0JoReb`A1ko_o)>ut+jr8beHA zmk;ZV3PW>v=V80R425+U811fE);4J^Bomgs|l;eZW!( zn+eHaL&O&Fc&U01Rc}suC8dOKOdCW?l%Vv$mN*9!yNq4uTB*ZWV=5}P7NRNCiOoeK z3y~hu-V}&p6Ygma)M|shE*%|1>tCQW6Bmnt#J#(THJS+KD2m3zdFU)6uwelJE=BI{ zOKwL=M+C5G#}G2WTr*O zL(J$|-ydQcz6Jf7L`fOM8|sLVNmtd@N_^8INNEGm8VpyqG$|!3aA}nTPr|Q|_kS6I zC+(s{s@3MWwWkB^CD*p0Go%9Sy9OY3wnlbdcmU4Z!{$<>Gq`Y14eRJj2m0R)ZiJ1n1qc^u zF&y@=DCz7MechDhmTZY-)__g+Y5Uj&hctt)4GVI%HcL5adwLFDDnM|txRjUyP8DL? z#tx$>&On=R(lU-AtqJi367l23IJ0Maql>CsQ|KvNJd-rB4z~wl@8HD{vIsFYum-%? zR+7+#r@y#0$C67^$N(6aauvR9#|?j zFrYLKRx#tSRI*?#0qHZZAhyeX+G1}}q9r5P+@!PEY?R;x%WYsNG`Q&!EV9Lyp)lcM zB}>d=Fi>d&i{(!1*uI9?Rp7Q}j_pE``ia#QEtWLE;OYs?;Nl&uR-t))RUNCyObu%j zg)Rt)Vd2(&QbRex_I9mM*krfw5EN8tKRZ>$eX7TG=c&!Lq&_r)aTX%*4eiu+MWDAy zR{vtn2wxDV*rkR=FxmhcNV9Z-Dh0rZz7>Sl1`EOlfZrr3C^J2lWG|RcZAEEP;KCf{ zDldUk4NHDcGZwH4B}wKhsz6e#x0DhG+scW9A4M2Y!xpBJiH2agoieLAc1bsL7%lEX zWm}%)=0*+&dvrvbNkVM8lPm)}#ixLsI9U=lD5a1_S&vjiXq*wJd`lx4w)TeL2W0{Y zD$*RZEz=|q;U-4oAJ~PHG*8&=7F`JQWO}|61p=r#Ey#+#FT!I*X<`Z;+dltjI!@XT zy)l;Y_1hN#VE7B@qJto+R%|n-1QgpYLXucQ3nc_D0#P0W*3b|G zQOa<65+f0j06id`&}Ipb0V+Bjf8{%_=^e6OO1Fgp5_N1!U0Fgjinxnr$NhcEVNow7 zXc;2LX#zrPG40^*+{gCWNP=CLW*56~lJwy1TO5o!I4u%m$E{?@Q15W>@z88^yRv0g zOk@ktLik0L9HgaLPnzc@1=v2XcxtZ0kUUK3Sj^hBJo2T^(yWXL+pIOpXADrbbY`FD zwndUDz!3YHfiWHQ5JXa(0lQf?8Jh&Q(SbuF{q9RUb8PodAc__*Ard6XE5HsyHq?IB zZb2e}jWidm_X#$ADr3J{v?r}YM^rEr)<65$glA>Wj+-pa8jzyRD?+73ivW)?fZ$*n zvXaoSnM2PF%>Q_f0RH!pRh7AA+ zkOU{bDkuRJXSPOb$#DORfrPnM+17NyKO#3fr=yS~v!T zE+>PGp^|0y8Mqf(CezWd;?e-hfkSFWY=FhUyip55r*KwK_Ca+tKxZ+lnsd-g_uP$8 z5E{x649m0Nj!zjf4-5~iZuJ+M2RIoQa0sza09b*oV)J6J0)2p9#H{!hmh;nKFU2Xm zTDysZJu5|Xz>;$ZidBFaV6@x|iT<1ANP6urI)&!KCQ*A|fus7#M_0LM{)_*S29y{ zRDm*)Z;_G{<^*Ly6%C<^Dlc%dxOB*XEOQN2?&oqFZl>u_F37UXz40^{M0K@+ZeUjm ztn_7NTE?u$^eTC2Rab$^-}_Ha1+J>B7wWyJJqgNUov z9K!80f<7Eh*@>y3tK$$zbs$ubRWefnRe=o4u0T)0Q@`6Q+H=$9rze8yhZdYVv|ey} zt4DJ2+vq=qea*nm|Czi{pE~F28paw4<;c0j>yaML;VG=_;tJu&x646}Yco zef{cdmc9bV3LNX#M877QWg@^;fvpN?RUs_}wG`G;Al}(V+gE!E>w>VZ5ba1^dr-#>9n5fE)0BAiea){ltZOZGt);HDAdZ70C`Yokw!6fUf<_4duE=r@ z0Mc}g-(>;37R3M7YeO7px+Fdm#^`}H-7(3Kl}l?UV8MxDENF5V+94Z+5iZ;qoF@+V zaAetGW5t#*hb{cXdY1}qZPo9zARtOU04t;!`um7fv}I9J?f{l%+EmFbi&Jb%A(T1R zEh(iam=yo!B*TNv<=#demm?+^2%E&?P$le|hS=|F0gnOk`m`&cgYK9{@Bkq<3@U(R zqj)LdR}YK$cev&+cRF31C~*LRS49K^T6Q7JJ~)tZ%ZCE>X50V>Pnc4o3H_4JrAgYj z>4_(85pLZCg>Vk6H)d#aByE7&u{F;O7aHm*4?O*93QP$^=m`V}ARH^j3+Pl9C7H`j z5JQN~|f zUt-Z&_v>SIVEsopd88KrB*SJD_Mfm)LJK{ zs^m<;$<|<620uwCcZ_`&M`O9SaE3us6~pP%*;9))(^I5=AhMkgtqLo#eRGXtNsvc*vo(cv zOfMrT6(to*WjYFL1f3xH92JiRP6;G5=c%FP-5w%9WE04^1F>QykD(}K08jC(k1RAi zBifuTG%Q7Cs5GD~!xDH|j7b6=i!ODOR#wuox$NoI=+aT(v^_u{vgpaYDV1;vkI}Db zNgQqo=e}j)A+2*OVM^av`Ok{HdPDT&wv*@f$mr{U7`y;-kwQ^^U2za?>5f>)(R zDLM4Ax61%4X`B9xp5@KnF3*5lT5=p5k?^>{tTsg4MPpRh#WH}we!oBJ$pwX!0USXX zhjX1>+fQV!2=og}66g{<)789$rkSCQC4h(pGoB_$H+p$-mn}|tQV5!j24>L?Tq{yy zjrUsF-9LJ@m3^>y$eONuO9^X&gdlajvxNKDNJ>qSnosM=sxXdBV%_1;Jpo%#jK0`s z2m%|^+PlEzllBEB1U&uReQS({y?%v_lB|@Wv9Lej2$nbTLE42`h;NDEO>Wsz06cYU0@7I# z_gL_?sb|X!NJwn3tatUmMFiSTPi&8`iep(eC*{8pmN^&$p7|uFa5D#Qeh`5c}G-^i^%XK;5{4~Gh5xY#IIRuBMoB%R}L zEv1<9OeSWTR2BdL)Gu}rx>~~E)P$d#^PXlALE1A{VY99kVUZ7tmgedxZCHZ|n zPTR72j=iRqzZk;E+bxlWYc}aAx3u*}gu(^@ggLdfbjLk&i(7sCc!7ScBwsI(ggfqG zivONlOutr=FF}B8%~7kJfUvYJe;CS;I4Lb(mZD-ED%T+Gfwltx(~lGo1pF-6bxBj(Gcu^wKMY-Q<2 ziEEQyQp*CM%}70jWon-(ab$_%ezE|7uCRy_g4iy$f;~>Zc5}wF(tyreCleSKnxxglX&*|;G*4~ka!QVsGM710 ztR!bRKjXy%FsD%7cGrz5Mh|;Uh%KIqQfJD8W>Kfa7M780%Nin{V5-(zxS^3%Xz->Q z<^KE5G~q6Od_PZC8c50I%irA9GBKiYlff@rb>#4|4&PsBSJ4?RRlX|4&@qrgpz01wNLnj z-3t1^C{zYk_+B%(HBxKHIshhr3LKT@_8oVz5e?M=(} ztQWRlor*YgLeC212F?P>88Muq)67G^9K}E7EJE7$5&Wp`KITDh@A`=Q3Z9~+1(XqZ z(i3fA#z`dfMZI@b3xdU<$4#nwupl7Nh3hSb?vZ!+-RZ^ez-hJ$6F!0&G~06u2*(Am zbJujJxOm0?8Qccyw;@I^iZd|NOCtfz-s^~l4&|t|Ff4YIE`W_fB}@k6$Vx~v1_*YP zU5F4$VqH}##VcF=SZ2s1ceP1(N_ivrkY1)&)CFXSkW9lOxIPhrV&F^I>G>)F(&#qB z#&My-O7dYJiea-Xt@1)gYp9;Lcs$K8U_WXf^J0#H+2Mx2Jnd{KFE}GwidYV1K35tyiTp4Q@ z=*pmJA_yym<~zgI1Q!y=u1!yu$lNKJ9;ObRZ-=#Fe!V`wrJ>{Pb-4gqi6KppM0I#1 zL*z-fD798sxtp~X`0BT+tiA>P3dPpaeb#bIM9G>(pX03;Jj2}|ijK|`w}Nb`q}+mZ z^QY&*qVTYpb3JX$>3N^BL9k}1g*Gzn*6;H^*>UUy(IL6+9QW_e@R1L1(O4!Q%7wut$A!ets+K17IQ|v2`5o8z~p@WLz(g zyXN!aTel!U?EE1OrPw^Y8(FGb8d(bvYJoEkw?s58OFnP8mY57mT0xv4RGrJXGcO$i zagtzg2~S!>u#(OuL|#TFOE6P)Txj+LzJ*Yteba=Ul$M1S#+7mGBP_S1Lf6hT`^#cj z@!%{yXu}F~(VeGPO7o&ik;G+vr+7Aqa=mvt>xy`31i0RlEJ;%*xRPSO+Fjcj;qb25Oe7_(;TKlmiFV_;en9(p69h^U zxp5@OUb4D{V%Jtf4n3|kkI$sifnv_KIWF-g_f z6L0F)K4}@Qu&^desuHX>*~fY-FR5A}eN7@QNwX3r0Aj{@UO$pe(6T-n5gf-nZE8CN znA+%^En=i6#R+nw>=1Bfj0hGl0_q%6N-c$wWzLeu+T}u^N(F$y8}srH_YD}GfFc^y z))|wO1QI=DTzyU;pd(Cvm#t|pV%VOM z31=#3QMI|{#I-Y`5XwxpJUSt7&1J(k@~Oi;Sh+1PX#qx>i~`=63M{*Mh?u#>#;)ei z?N!gt(XHl&QxGOk6|S*UWjOmO=2iq__=d$!iO3ocK4l#lb>mh){)W~NgD2tyt7R5~ z?CN8PwW>t{)B!8u^$~{OJggRy4772079*SPDPL_+_@W8u^4+oIhO7~N zgv~wDNO)|+m8}nkb6XP`aAuzZvl8Vcj@Re4I&r0sNL#y=R-9mJ}a?WM_-dH|l z!g+$oMm?%hZif|=bh4^Q-Ex-IjyR>Ooks`{yn=|N>{ip@d7w#AO;Cwmu0df_1;Iwt z0Oc~E0FfsIHi+y)VC|5eY}~LkSi}scXN*y`pgsd)w6+4Ibu}lUhvm*p9j}>1BngN$ zM66oTAxSw#ZtG6-o`b2GkSvNELPE)wP0|&~>~Jx3Kp0zJ-7;Ira+DfmO2NT~_IG%g zFC#B&vXxoIw$bv_mTi(!vHumyI4Hkj(8$P2go(4ZtAsy{08o8den8x#ho$%u-aSLgG#4+Ow6%Gah~-cCSU}s zV_Zs}&L$A#CC`#HRe@(ZxTr7Qt(%aby4I3nhY)P4KT`@Q%IW-~Xq4e8W|Tb{u|!H{u&A-J1kr`LuE!zEF>a$wvJQ*vTXqAnO;R>mgfirbvXubJ@Om;b zkW6Nbpn69W21xP{=fh+POY(=$cZ(c0BDcta8K?NJapT^(i$rLUL%@l%jA_;5}e0G_ky!T9|>QNjX``GxC^=J6N3I zs!L^P{jaCz3>JB}q&K6tx@5veaG9+l9L7g%8mV0NnGzyOmoo{j-GuEl3BI;+d9fws z+E|g>(+b3$^;lF!(C1oG=rsBhlx)m?I*5L;NBAg7SX?D(O06VGb=v9qNX9&InYAq- z(t!O-6LtMAT$_f$=y08eh~$e;Ndb&cZt9)Z&CX2opJtS4nMY0wPbJ8xf*F?YHxgHq z$bi$KWp|WlbD&~=r+2knK6YNJD%U+F@07I|ULFJu%Z_pCv9wbCArYdKOtl`zVc z7HWFAsCQ>$zUq^feLT9rC+K^`rh(F_TSOrmvvCsg*j{BrFWQB@A_PGETWj6j_JCRT@P+i{V6O83sycDBQms^HG49 z9Z&`?F9hdCIe`rHnI8$wwN~4jX9UTEB8Z zpR)SST#0Qx37lf_%dxedW+#=VBvklFitsgz>Nu5>NJClRWJpmo_T(0sl3lkd21}e$ zJQVAwov-1aXU)Dh%|qHHpe@zq4q>pjGkOklwoT#TCZiNsx^CNQU+9DL$;N5@rt`gQ zNyRvjlMLocS`2fdbfvac0kF?GFKj7!k9fw_Cco#D`&66V?zY{>mcpkM&*&yM(F>PZ z=&6^F3BnK##)2d3l$iN`fvRW2{Z2-fkh$`9u6Ud zrwReYTx#u!Z$-2mW#1C?PXD5L(1oO{%^}{pccbCde0_OzA4K8#W>3VS-?qJ3K)m$k zDdQPit#+y!Jc1_NMYlXU%b0F9ib2;LF@&0M}Rx8J;W0?@^Uyqa;vWr+S$);@D@d_Pr{Sl zpcAbqJ=(*Prmq0k;!(hgl-7`XMn_;>sf&X+`_=Rs8u43zT9!L>#3-hel- z_LPy8@>qi)&qPPi2?CL{jEMqXRx2&g*d7%Cjmfo`=K27K*-P3l-r|SXdBgo8va<0x zjQ%clarG_U1ucs5$f8HGF5q?dLQJCL-K(btG`bq;x3kF%pfa9AUxh=CHWkhIz7usE;V?v z`d|ZssMmQUiik5PdG)}ki>=QVWEAfDT*s-5uBZ|nh=U<^z&fq^giq3Pz039rF;J(h z9)0WECjxrHN?aAH#RIl4J58BvXGMG!<>Qu%b51kfp-8N$nGXg;U49do(GgQZpQ|?+ z;%tTn$b^%y6B*iQHh{o5yh3lAZ;4}$^WJ?qvVrApgV!#iF0&rMaN-&jW@f!fCCLq& zWNY?U2eLb#VI3Pn9MS0FkTqN4;ukkWHK;#z7aESa8RvP#8$9X zI5FGmps>M9MnEKJdZ>^Ud0!DQRN6pWftvx>1(WHRjmFQcHHzOU8Wj@D>x3_?ukxrD z2gBpd$m-a-)Tu)uqY6csP-lnBQPa`5*~1SViT>=;5)lIIXIiT#vsngQ26(;OUIypl zIY?z$-4z8N${}ssQeYQsL*Oh9?Tm<4I=jZ!>)qVbZ&j}~mbX^%Y~|3ehFArU_H@%2 zt;3^<%z;$il@Auhs3rgIkYOZ>K6}P^3SQ$dC^@aR`vJ zD54ea3J3Jux>w2z?{Eaw;Iye8wH(_=j!;LP-BzkRtO)cN7gx5v=AbgMVhh+pkZH2K zZmX=SkX%J}#3RF5-NcxSz?@~wBl2PQ=NZFf}iJC43+IahFkZ@%bsVZ5d<4Po|( z`s9h=q8;T>M3c*MG1G(uv$(ht?{CSwqImNb*ODW&vnmp7zcMJ#(!^j}qP>m!<=EU# z4Oi#o);T(-lN;7hWC;_|F_r>7f=vKD;)f+E9o#Y!YH_*Yt{)&;6_G&N=}g9}viL2n z6el`G^IWlmn_&XsPyxJBm9B;>lW=;3d`CQ?eX`3_ns7>O;d%Uo50&|)g?9Rcy2A|8 zQskIVMN9=MOFN}2W5ReUv=^%(xvzbt;Qa}>g<1@nvUWgGac0B$j|~c$tMV+ppF&1s z1SLKFm<`M#*QR5c-QR_Z$>Y|tI7fB{V*yEnXb*nqv@!dV0CdmC1;YhtP9sU?D%J)Q zk+hWfkv(YBVM^G%SA4ioB3U@7d=Li%Ye0d-ON({*sMqXOhAr|suPWuVfe4mW49icU z4BM%;zc6)dpfu^kWVk;$zbETmo3A|XkFMgGu0V%-@56owuGDXbi$LTEqwJ2)F`Eyv z`{P~UdbjH`c*b621I!NLF%}MdUa=w(MTu2MeGgoHzSel@J#rYb*toE9U+Y0GoSN+l zeK>)PBO|Fe73EgCv-`3!tJ5wTHe;CO&HUxgSlsT(aAOlqHj9?G;-`ibEDC=QKy{RJ zfHR9%S=J3Cf-B!?Lr9MdvY25HCFWcY!=_VZ5g~dVZ?5qO|AkR+0P>A@%9N5hriMV- zg1{Knqtv_)_Qa*mX0y#nB}^WKdS9cgrLwK&en)q_wJxKSsXlfO(dFj$P&XL@k$KDQAm&hsm#&Mh6Sh(g((%TQwOkcMwY84OO14X|aOOm9;#gLs zN0AGHPN3xVW#JT-Htv%t0VTWvT?HL)j~&_zf8$efWpw1zXi%&WRF86FDG3W9t*xzBWorroPN!dunsw`nh zo$ludqF3Xs|&{@Ay2z0fJ)l6<0JtGRrAlT;5lFGs{%V4t5X8PYD-am@^lo5&ZC6Dm83nb2D#)}%R?i^M4VR>D! z*bN()ZRrjoWg77Wr;O-tTO^P#%#5|(F{@xJi(S{jIzZqV0MPRkm$IzeHJF^TLoA(& z)DAt4HM2&N1*;io)<^_cr_BTWf4|niGhz9DWk7`YDJJ`7ixU;=g05&aqyG*D4bCJ;&lG!tDE3&H0gXyLFTN}cq$gJJ;}y2b~o7a+Vk;5brN zrLPbpEUtod4GLv>9dD?r167!S-30-%NB&qP22i(2(0qO`kAlMPwDi!BnsJa@$zyuV z3W`XB`P(+Cf+$8Bmx|DzOch@N#xOXN%j+(z=)rQb6fj3(5Ah7!Bio5_iNA;!+RcZ6 z)sgRva#`syE)cXdBFESZ<^?mX8pFE;qX4YTFClo+LHZK#fD0!w)uOEClEF366%8aB z$?d~Lz92tQ^oP5&i8%*%uo!md^bBSok!>+7DO-C2y1oefP~o$a4D{w zqbB>tVo9ojIWg{W(S-NYKyLVBDpN*kuTS>FWbANdB)h<9Jwyw(nJ8EAAz4dyoZY2j zG~Yw(G1G@n5*qquioz)cO;3WxkmK%OUMn9iwySn=3*2;*!bBI4?Qw(BV z_^l#x%#mq2zRPP%l2P}}az!P1TxxSD>~xuk7c`9Zh&iM4((i8xIyV>cf{#m276b?B z&8k&jjpTDt!}j@rm@h2|7ZRs@=MZyKYI6>)V&Zk^HXsn=0Y>02?YX|!$VLDJJYZCr zZW2=#qUn6h;ir+=$sHQX1N~r8SP?*?yBwS1*>~TKjJaKX3JZprF^fg{$Jf>A0S#}x z(RHfvEtzhM?=WL_x>5>;M0&!|)eLBsI`Ay%glQ6v}MMWY0DH%#9Ja{nV0#1-M7VAS>m}y2AxJ*(vx-pi!p2&$0i3sAv@VbD|7{)%Zh4B ziHvs`{+0&6HN+c=@HH4lL?=``S!@pr@%o{aaD)tn4C;nrCc`Pv&y zONcqR3sQy48fFJ`2yON~_(b|ZH*lN^$`e8Ba9E<%Douz10_uT~@sisTWrIm@Mza|R zG;9EanZ}L-E|tV3Ztx#)z}Q@l6aqU+k$L1dy(JwPur}bgXh(L>TxuqK)bB(@x>_2M z!!%Z#rA!zyot?DsY2oJ>lP%pcBQP?9?%OexDzF97NYC|PJo&MP5IsN}?f!lbJ!;^2 z#0J8uWwa$L7aQn;h_2FtF08b06{DUMmodNwc~DmiS@ludcCgTm6%e$tX^}aq=QBSyt9Mpj zDyXWxOJKwenHkb(eL|?4xsXCDbwFh1U#Av`JE`1$DMuHIGBb)Dh^ZiN*7{<=i8xnN3)ZaCh|QG2r@M9+40LgdO{?25 zzJDxjOXo+T5Gcyb9Af9{CstRmipD-qG_feCMOPyq95ou9HND;HN;I1kg4qJ*OzhHAy9oIK7qhD}Bg4Z>qBE+O&@v-flU0}v=0c~c@3<*%^J01*&=6XG zFh|-NYpr^93G&7}PmQd~JM4$a91B`cZDpB!vVY>v@Y2%K1Dm2((WGX}-B&WFC49*j zCK6Jkoq~*#N|O$WJI{9$A&lw8M(ar)Xd?V_U26MuW^M)kNF^t&j3maFIKaKZzsqrn z^kb@v+BFp){k6k=sWw^40W~!5%@*3(?^l^xTPdFTFvn1BYy?Lv8h02A)17&2hLSH{ zqGK;mvkx)=BogT@m$8JiKEMa}*!`TM^ae7wd8q@z&Cad*Jjk|KY&rXA1C~cJd_<%G zlGKms1%kpp7B(`S(BCg$jJB|$ZpI)&vpiB^mbdqtGr!r9TR`-fmzJG;2O2i+)OKK! zwknbdgoCS()nZ-4MGfVY$X=;FQaOuiVhI@;v6o;R@Kj(H8a<0Uqv6OK!mWvevYdWg zF^|MI=c-UQN+U5Sm!x`vRPDIoVoFHYpi%-QAm7B2`j!IL}PFwB^v6e?HF8+@|KQ%k3A%x05j0PuSi2HV*g0f?Iqs*2VD$=xyAQQNAXrVQTNP@ek*_++&5Ah-oE*8;^_D+io zCWli-JdV@Y$GPVUFIi--OZONpJQAYhp}C-dHH#u3EOW9TchX!M9F!!@3YYVo>e2c< z+?q(-C2Ss6ckZ@PPZ*aFWwPl0kVee92$Iv@K?uQxGN#6us`lc<$ySUdvcpL9xRyA! z!rF1|V#`2nop2x)MA*JjCghnNOe`GQK`4EJH!ooXGSto*m746jVYyq3M=-$qgUlA} zU>-Hcci8(OAi8W$1P_-wvV{=t+i~35GFfA!cA^tFOsUk2FruIj!s&6j$iY?8Bbb1_ zrJn>V1`!{a)iG?*EVIf^bdVl8+3~5adNLSipCW~e*X;JhD5AVB?Ttv+IF!zB)tayl)?j0lNHhr~c(+u}?}DRsb@Tw^|x9b@O_jaYNw*XqO>p)FIygdwXm&;*X5WLLVyd z33yw4zU&Vvt3rrh8B+viMj_P?r14gt*_b_A5aq(?24)I`H26~TsZq$ESg-N1HQl?V z{8D3m9Ty~G_m~zdbJ+wXKj~+1(q%2gxG7!Ip%3~F{1_YCc2|`Q z)k;%hYRC>?vFd{m(d+NBMCgjuL^@&#Sr-SR4o+OK!IHD;8x>!BCBj20V>w-4yquc%eQ343t6 z*}EufSI$Y@)vDnL)*Z(WE74hzR&X51v{5dYsRya+_keQRM#b22g0Y8^cQy|Nql(PWm(m6;MhJ$jJ}-=Q5_U+M%d}Y zQ!^#NMey48UECZ%VVIh5qJ~bZmCjELxT;F%)a30pS!duWm!c&Br0^Rvvr-`}lYkeV z?SOQlxPYWco{J=r-MPpk{gLLt;P?a#MoE`Q-t9 z@h||vU`rmaEb++t5M4kqc1(sqwnut!&BW7BTt+0X?GTkb>8<;H{8R(V9pjMVlfwNFSWDK5b(Mgsn(y%de1g5zBeM#`mjE;SP#xDh0$v!3xo8~;vKT3 z0Zyb)rOgtKsl$d~StM;XlkP+mY_9^&*!`1?7ura|RH(3=5CF-5t9zqd?fSVRb#gEu%nznE#XdIN3 zfu!fqGn)4pT! z6$~SxnZ}!UJLe1EnT&g>TwLn*F&ji;joYa=2a?MUcaRcX46hG62Qp?LtM2jpJd6kO zhzkP0K-6E<{>ENlM6n8mP%^*W1d8HSgrK;<%?ehj?s^kk<;DrINVCLmNbTmgHVVt4 zT79?QOD@J}jGOZ6l@mS04QVBu z*=ynXT!Dci!cRib%mFIWPaBST82q4m25t`W;{2eGqb(dI6&mEQ&JcEp-IC?aSX_6iS=7I#7A~TqpKk7FdmndiYup`yT@62*f~#Py>~p z9QVZ-zp3;F3|&@bL41|62rE}4IB^c&NDq4G7 zQ?ZCy1hZ|pz5;8A@@9VKuvw1lXF|xI1Rjzwd_2H{*_TJFSXjgTWTtssJ3;3X5A8Cy z!pcEGrYqWu7qGBOLzO^RP7EjwlEg!9QUxu-PgQ2%X59mk@q@lwqveb;$_k=N z#CQ;rm&QW0zc>{!D5_R#`{Gro3LDNpG2%yzNC=8zXNMO(RI)4cA(ri8r#+@I&IlR# zE&C18jX*-VTvP)aLk;;PloX*rBatMClS%A^*G z+|UAx#O_E^3>fTWbA+{75j%fM2*!H$0;0~e8zI2jDC_zTyezxM>hodzXutKs7dA$S ziB023pHD25&2gVhj>_p)Y7l?C!3Zu23}8td@qJOz?{^Z7P`JFkijV-YIu#vw3g@Ix zBAkWU)j7fOl!8KS!jlzK^pa6zP^wd;822Kp5L-=J^jiZKgbh~Hi)7M8t{JGZ2^P6b zch_u=u?>RQ!~vCroC5I0t2CGDBe6YI2(l=w8JJ+&D1K9G#l^R?TC7`SdZ-gFAqWMX z&T5Q9@iCPP>wv~tUR$E_5_skj{;#AJvlpT3-R1z=KP)T5!a_ZQiF=!Z49uukSV?P! z#f1)T;W45lu@jSyO9 zJRC0`H*>oT+`A5wwCq2e>t9+JHvJYkp%blgKjTZL4Zx z;x17+5VSJ80M3Eb^CfJBCW$rRGC;6l`oZIsL}6fpNJBVF(?Gg79Bc_Thl=4@jcAkX zdW>MD1F%M5Vg9;|)2)59ofB_bgdEw3f}q@zz-@~b&cFtvo0y?GyRqMckZ2igMthoB zE8|h8PNskpMzePdm)Ciy+1GeFiNOY7UM0O7)}SM4L~TXnm1~l$9ex1E#CdYmST*tN z*~GRLYs!@{jU*yb)@hDc#9Iq?6wxfZl{%w9!BRdEVL}%Ph(aUNqvbS9OxOzM6MdYd z6$BKXNHHPgOoA2=!b+tUi@SpP#{m(V7&=g$D`5O_HCuWB-3Wq#nYIcKy_9{D#DOI? zfw4DeUdM*6o|(~2QI{3Mukn!zL5HYs?D4C610M3Yq>-B><$#`qqqD5^1|6|(M;gbF zG!BTa&}0;04EDQigtVSnXhDL&Y}Ql$>?fHVi2P6_by;kh1RR~rOijCQmM;|m5WJTKR*_l zgDnwpxJ%m@0fMU%>^P&kjHT>Ga=;AD!~ly(rYq8J#?krig3~QJ8$2P5n$H|k@nA;2 zPclIuLM~~*oSQC69F}v(L+M0m=m}OUlU`r=UfS#|jcMYlQ6@pfpj9s;`b2J30-L!u z)Pn|<<%8g7i^x`>M`#0dp!&^4AMM}?>UhyZ%C=&6EXr9gmW^Fh25{jhU#_|`14=kf zmW9Mn))<5+riy7ss&aj6o)P9`M=H6Qz-20Wx5Ah3Fip2dBiqO)ca>M1%x+5yqT?s6 zKi4MFwJdyg0$Jp0o!D$HnxqtNk=4fVi-aIgX?SHyL1lI45#>G@%^D=lhGT7^G3dl& zf{)vQ{7kB)0>E2Y;>@gJz_vSWm^<*iFdy}*s(&ZGG;Mx?FJLeO@~Ne|Ag`$rB;5|N zUAmVP>w`bX6_cRkhC53^?o>25U?r;@ttng690s9|$sS=#k$X$s4jymaMUYPm%hg6} z>d|?X{A%7&p+^xdz4Tl1if~*NZVaC3O6Dua8ibC!RG$=MjbfvH3=?dCgZR$=K z0&$WUELG))9X}P~iiu7q9%X?{XPt%`EEw8B|1}dtK#Bibag!x`yn{PflINjrI zX6nz7M$HcQiyjYNV|?iMQkjkqFXJP|3?@JKx5c~wUyyazwkaS|)hqf6%F%xWeYW!$Dn57t2bR3l<_ene#{t1AdAbkGSSgS3E1apgt{1{7hc zb8w{2MP2cVUR&sklt;+nJWrKi7tmx%(7Y-pOY!!^4!?jNp47*92!gDJwo31%l1}F* zBEmWQQ4;&+{G{#*snep0TVsU2|YH-qH z zWMTF>G0mcbN|D4-futR&yA;1p%f^MC*HBy9uWTYd+L*L*gBO7gN?9ezCDddYS1lAn z{H8r66U5FL>LiT&eA*h|@b>CRV%>thiC9r$mW37mohk-nd~M~jV?kc!9*7Zhk%7vR z$AqT*PUbHa-r^;6S_FeOz2w`FA&jwYPW#k5X5L=GFlCpcw0}c#a+O6qVR!BfBoFR9 z_NAQ8U|gvk14qgS6x!eo@QW^Cb)ppT=)gu*p(LQ}PEX?w%pRGt97MLksSc93A7lJlz;|$UUGP$5SmgokX_5leb~bfOE8e+-2YES04~Hdlr;jl5h@_BV z3^Bq%L;$U{4P=z{9D@op8h}h_>wWTpLjk=AmrYPAary#1 z^hu0CGC_^iL2qF92nX4%6-F^(((e9=Zg)ts*ohb9Aepwy+u>%XRL$LFITtAO&|M+3 zV5VI$0vzVP?R9a}W2B9oiikU9(a}stf^t=9D<|~Z2o0N1xB$~1|BI$2XB=lNo97*1 zHHkrnsUKVn3``J98w*erwPR8kHeAVp+oBI7ng*y)CfFKryy*XQcJr~J^}5E|Z4E^c zdjNN+tZrjba4O8X3(k)$z{!`y^$--NvW}p$1S_^4CG~5bWI00?jBCi$q{Cd1O@Puo zfONwZ(|#$NQoOi`pg{y?b2eFx^r_%JI`{V*FF7VBdRiOpmJmoIco#bK+!XNdvYRT5 zRgLpoI%2l4xE)hvWXH&KDq;@lZKfP|3z0DHu{kRuR#}!SR$&^pN7pPeXJro%)lM_> zMT!p@mc@plppci&Cz&sedoMJ65k22+j&QvK^RYGLbtg*M<7yjDl!04)HOZvM36Hw4 zMuid_61?DGr^V7~D*CTrkRxVp>J3R^hE_a=VOo0I%{)K{?yKBE+jS_kHfc$;$El8)7h{h;Rs3`uaj=j~)C)Us2UYGlMcFu=Fpi8K z#w~ajX(#J)+qJbl22U3EuZ~lu!$TYh$B*LK$4?m)@twGwk&T9#avrVrPz`-aML5GN z(Od}1fb2;wjbSu-Ib@DJPPo&U~QL$g$ z?5MMq%6c*2(LG3tHnB@1wRt!>JklH5YAcG=13bkWA)5vn+pxjmi7?O_(}gYbW^RZH zt4sx|%h@vFsoBw~mA+j9gw@3|0t|S}&^#$SjCQW{J@$f@5BH7DsAG-J4P1!Dr6gMS{UsfhatKSz`B(2+eaops=5Xq~uvZ)@lM* z+Gw_2pj1j-W{`>LT7wcRtZ${NjpeQ85S&7^F7L^WAdR!WfL%=ZHklp?7vzwP!RYhu zNpmD`DX=asy;z@@j!|P`Rmws+D31}3(NyE6;_^7OoUybP(;Mn_GdhpUt~f}Q#6F0@RJs9=7L`R$8o=(CI0YgJzr`4y zAmd9craDcj7BgvEM;0cFBMDxuEI7QvJi++?KQB~}nrumt51#i7O~l_m#E zm9xv2F9^aa(5I_EbpXPUc5Y>Jl$U$r%3&LjsxyasGP)lK5bQj}gSj~vZNXH9$Z}nX z&x2RGOUO!8mO7zbkbyBLx(i!e>QrS&>^aTkz*bU#Vkyf>xi`b^Gs%o=craB?i#i*JX<8I4zX*+^dLhyQ{v9&sHuLGjh z!up3CA{SSfvUNU0kdctYL=GM@k;Jdq8*s0kSrd_f!L&OJEm{JZ1IHvcH&Q!6t4ny2 zhjCdO{duS?)EZk9tXal6_Zd=%>vpT(O3JLEUJkQsHdM;kK3^?PRdg|;-fe)ph%c_o zAQX}rA|s;T$udkyNv%O^EHs@>1A*wS#?Q%k_0zMH9ciH2#z$)sx}L{JP)Tg58Z6THvohPQQSM!eSIw<3z)~^m1TLMQW&u4`cuX<5n0n zD$S^5RH890vNohF-huO7DZ5O{`{SFB*p+1|GOGl*a#}mD1#KCmfD7vAB2t~?yQ6vF zPI;r0xT%2>fB{Ifl6t>`*J<)=7#(%pg3U6LUTw_h?lcW@HZ zpY>osQfcMNLO2skSNTh(P+HM9EN2JOnPI&%BLPDfLaZ^=z|WHpzF6Kxe0&>kq#|&k zB7Dh*l<_4X<$E|bZPko#B6jW$=4~Wma$k0Nvqo4@hE+{B9s6F}whdH_pz_1sH55}* zV5&er&lo7XU|z64zM7(8h9jzo?@TVEcdl7wPF+4&K#mtPyHXTPsi-wC48L2y*dnwC znBe7Hg$chW1H{n{?Q-Kusuzza=4#=$w~}xW=h*_=*(|PQaGzV;K;fleSwJo)WQfGc zeO$#bc)6q%s|U^AzQ4!|IpOD>G%<|?-YQyqxOYLPW4JGcTX!;4XeZ}n!S7JN{?|UT*f#%=zvU#!z2z&lIRsu{h`KanQ?6XCR^=n7z8+R$cmSjR7`L? zgr4z{(or+0Orc%i{gDjrWAL#{mkdNKN1a2!M`lFny(P${lF2kf2pQ1!r$Uk5QMr*o z^n(jO`Cz}`me?T`exo1JkQa<6Oto(Q7@K#(I^>;9TnC9w^zJQ#w@^P*Y{3$j;%}w5lejBuZ8}hLUo)Z2N+9 zz=zUI+pCjN!zK@BKYeMeT40-am9+FEQ`7^=-COQJgY%R(PcURAI8`Y`AoSINp|OMb zj9s!(d)SZ(5v#%%rjU7hT7|1lF_*(d{$Us+TZ(fObGEY$Z6f?S7(L-{ zVr2R_ipdSyWM5~DVAZ0>K$F51_xs{)@d>^;+AGh*1AEOB@{}lY+>-X~i5-`%$ zveiEF{vj(rc(rxJ3V6L<{z_K<_!~}1((yNFx!XOX{mr^ld!3c{ z@td*oGgkg*C!V4R^7`M9mA~<%vy$<~lXQf-XSAIEH?RMfvho|}wfx3;E&t92sT2R@ z^!!yMkyXf>{CEBL4(#t&%HKSH{{3#`dLsVsy2->~vG{)y%P z0A@T2ga5q!J`S$|EUo`@AJYDR?nAe3zvKD8v+}j;TE2E&%kPzk zKh*E#{~{|t_t>v$!Nbx(*`=mq4zvMGo z{`ViI{MT9ey#HVJS6cpSvI_mv|9% Date: Sat, 1 May 2021 14:03:28 +0200 Subject: [PATCH 172/441] remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used --- qemu_mode/qemuafl | 2 +- src/afl-fuzz.c | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index d73b0336..ddc4a974 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 +Subproject commit ddc4a9748d59857753fb33c30a356f354595f36d diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1b3e303c..8c3ba575 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2212,6 +2212,31 @@ stop_fuzzing: } afl_fsrv_deinit(&afl->fsrv); + + /* remove tmpfile */ + if (afl->tmp_dir != NULL && !afl->in_place_resume) { + + char tmpfile[PATH_MAX]; + + if (afl->file_extension) { + + snprintf(tmpfile, PATH_MAX, "%s/.cur_input.%s", afl->tmp_dir, + afl->file_extension); + + } else { + + snprintf(tmpfile, PATH_MAX, "%s/.cur_input", afl->tmp_dir); + + } + + if (unlink(tmpfile) != 0) { + + FATAL("Could not unlink current input file: %s.", tmpfile); + + } + + } + if (afl->orig_cmdline) { ck_free(afl->orig_cmdline); } ck_free(afl->fsrv.target_path); ck_free(afl->fsrv.out_file); From 26f1607766a00bfe79f8f20e7591071fa1fb6a84 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 3 May 2021 11:22:18 +0200 Subject: [PATCH 173/441] reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi --- qemu_mode/build_qemu_support.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 6436d43a..02a44cef 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -211,8 +211,9 @@ if [ "$STATIC" = "1" ]; then echo Building STATIC binary + # static PIE causes https://github.com/AFLplusplus/AFLplusplus/issues/892 QEMU_CONF_FLAGS="$QEMU_CONF_FLAGS \ - --static \ + --static --disable-pie \ --extra-cflags=-DAFL_QEMU_STATIC_BUILD=1 \ " From e2e7f3f0b57a0147e857c2970f37a5211367938e Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 3 May 2021 20:55:06 +0200 Subject: [PATCH 174/441] clarify that no modifications are required. --- frida_mode/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 67dc6048..6c434a5d 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -45,8 +45,8 @@ these, first run `make` to build any dependencies. Then run `make qemu` or `make frida` to run on either QEMU of FRIDA mode respectively. ## Usage -FRIDA mode requires some small modifications to `afl-fuzz` and similar tools -in AFLplusplus. The intention is that it behaves identically to QEMU, but uses +FRIDA mode added some small modifications to `afl-fuzz` and similar tools +in AFLplusplus. The intention was that it behaves identically to QEMU, but it uses the 'O' switch rather than 'Q'. Whilst the options 'f', 'F', 's' or 'S' may have made more sense for a mode powered by FRIDA Stalker, they were all taken, so instead we use 'O' in hommage to the [author](https://github.com/oleavr) of From 361dd6e36185f6ea28db42a462da27f281692074 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 3 May 2021 21:42:04 +0200 Subject: [PATCH 175/441] add new test for frida_mode (please review) --- test/test-all.sh | 2 + test/test-frida-mode.sh | 100 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) create mode 100755 test/test-frida-mode.sh diff --git a/test/test-all.sh b/test/test-all.sh index 8df4bef9..0c189727 100755 --- a/test/test-all.sh +++ b/test/test-all.sh @@ -14,6 +14,8 @@ . ./test-qemu-mode.sh +. ./test-frida-mode.sh + . ./test-unicorn-mode.sh . ./test-custom-mutators.sh diff --git a/test/test-frida-mode.sh b/test/test-frida-mode.sh new file mode 100755 index 00000000..8a22454b --- /dev/null +++ b/test/test-frida-mode.sh @@ -0,0 +1,100 @@ +#!/bin/sh + +. ./test-pre.sh + +$ECHO "$BLUE[*] Testing: frida_mode" +test -z "$AFL_CC" && { + if type gcc >/dev/null; then + export AFL_CC=gcc + else + if type clang >/dev/null; then + export AFL_CC=clang + fi + fi +} + +test -e ../afl-frida-trace.so && { + cc -pie -fPIE -o test-instr ../test-instr.c + cc -o test-compcov test-compcov.c + test -e test-instr -a -e test-compcov && { + { + mkdir -p in + echo 00000 > in/in + $ECHO "$GREY[*] running afl-fuzz for frida_mode, this will take approx 10 seconds" + { + ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode" + RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode" + CODE=1 + } + rm -f errors + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for frida_mode cmplog, this will take approx 10 seconds" + { + ../afl-fuzz -m none -V10 -O -c 0 -i in -o out -- ./test-compcov >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode cmplog" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode cmplog" + CODE=1 + } + rm -f errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test frida_mode cmplog" + } + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for persistent frida_mode, this will take approx 10 seconds" + { + ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent frida_mode" + RUNTIMEP=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIMEP" && { + DIFF=`expr $RUNTIMEP / $RUNTIME` + test "$DIFF" -gt 1 && { # must be at least twice as fast + $ECHO "$GREEN[+] persistent frida_mode was noticeable faster than standard frida_mode" + } || { + $ECHO "$YELLOW[-] persistent frida_mode was not noticeable faster than standard frida_mode" + } + } || { + $ECHO "$YELLOW[-] we got no data on executions performed? weird!" + } + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with persistent frida_mode" + CODE=1 + } + rm -rf in out errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent frida_mode" + } + + } + } || { + $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??" + CODE=1 + } + + rm -f test-instr test-compcov +} || { + $ECHO "$YELLOW[-] frida_mode is not compiled, cannot test" + INCOMPLETE=1 +} + +. ./test-post.sh From dd96f01a16a402f2618481b811a7fdd8496c79b2 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 4 May 2021 16:05:07 +0200 Subject: [PATCH 176/441] typos --- frida_mode/README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 6c434a5d..d9634df2 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -53,8 +53,8 @@ instead we use 'O' in hommage to the [author](https://github.com/oleavr) of FRIDA. Similarly, the intention is to mimic the use of environment variables used by -QEMU where possible (although replacing `s/QEMU/FRIDA/g`). Accodingly, the -following options are currently supported. +QEMU where possible (by replacing `s/QEMU/FRIDA/g`). Accordingly, the +following options are currently supported: * `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` * `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` From b35e6deb09c813fbcbd6d5faf84f5b3e395458d0 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 4 May 2021 20:42:24 +0200 Subject: [PATCH 177/441] fix persistent mode (64-bit) --- test/test-frida-mode.sh | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/test/test-frida-mode.sh b/test/test-frida-mode.sh index 8a22454b..63b9e162 100755 --- a/test/test-frida-mode.sh +++ b/test/test-frida-mode.sh @@ -14,7 +14,7 @@ test -z "$AFL_CC" && { } test -e ../afl-frida-trace.so && { - cc -pie -fPIE -o test-instr ../test-instr.c + cc -no-pie -o test-instr ../test-instr.c cc -o test-compcov test-compcov.c test -e test-instr -a -e test-compcov && { { @@ -41,7 +41,7 @@ test -e ../afl-frida-trace.so && { { ../afl-fuzz -m none -V10 -O -c 0 -i in -o out -- ./test-compcov >>errors 2>&1 } >>errors 2>&1 - test -n "$( ls out/default/queue/id:000001* 2>/dev/null )" && { + test -n "$( ls out/default/queue/id:000003* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode cmplog" } || { echo CUT------------------------------------------------------------------CUT @@ -58,7 +58,15 @@ test -e ../afl-frida-trace.so && { test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { $ECHO "$GREY[*] running afl-fuzz for persistent frida_mode, this will take approx 10 seconds" { + if file test-instr | grep -q "32-bit"; then + else + export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep "T main" | awk '{print $1}'` + fi + $ECHO "Info: AFL_FRIDA_PERSISTENT_ADDR=$AFL_FRIDA_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" + env|grep AFL_|sort + file test-instr ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr + unset AFL_FRIDA_PERSISTENT_ADDR } >>errors 2>&1 test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent frida_mode" From be493f0abae85f4a72da57a47e2bf0da9459249e Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 4 May 2021 21:32:03 +0200 Subject: [PATCH 178/441] set ARCH for linux intel 32-bit for frida-gum-devkit --- frida_mode/GNUmakefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 7284cf86..e95455e3 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -43,6 +43,10 @@ ifeq "$(ARCH)" "aarch64" ARCH:=arm64 endif +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif + ifeq "$(shell uname)" "Darwin" OS:=macos RT_CFLAGS:=$(RT_CFLAGS) -Wno-deprecated-declarations From c695a031b86fd99605379c4cd241931685f0d3a1 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 4 May 2021 21:34:32 +0200 Subject: [PATCH 179/441] prepare for 32-bit support (later) --- test/test-frida-mode.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/test-frida-mode.sh b/test/test-frida-mode.sh index 63b9e162..b47d016a 100755 --- a/test/test-frida-mode.sh +++ b/test/test-frida-mode.sh @@ -58,10 +58,10 @@ test -e ../afl-frida-trace.so && { test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { $ECHO "$GREY[*] running afl-fuzz for persistent frida_mode, this will take approx 10 seconds" { - if file test-instr | grep -q "32-bit"; then - else - export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep "T main" | awk '{print $1}'` - fi + #if file test-instr | grep -q "32-bit"; then + #else + #fi + export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep "T main" | awk '{print $1}'` $ECHO "Info: AFL_FRIDA_PERSISTENT_ADDR=$AFL_FRIDA_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" env|grep AFL_|sort file test-instr From 0618722e49fc7e9d382eb68359789f9137aaf64d Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 5 May 2021 18:51:55 +0200 Subject: [PATCH 180/441] not on qemu 3 anymore --- qemu_mode/build_qemu_support.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 02a44cef..84f144be 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -9,7 +9,7 @@ # TCG instrumentation and block chaining support by Andrea Biondo # # -# QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero +# QEMU 5+ port, TCG thread-safety, CompareCoverage and NeverZero # counters by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. From 6dc82e620b744b61ce4ad6d783f59b9c9db2827a Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 6 May 2021 12:06:58 +0200 Subject: [PATCH 181/441] unicorn mips fixes --- docs/Changelog.md | 2 ++ unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 6a25865d..0aef1e33 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -40,6 +40,8 @@ sending a mail to . - utils/aflpp_driver: - aflpp_qemu_driver_hook fixed to work with qemu_mode - aflpp_driver now compiled with -fPIC + - unicornafl: + - fix MIPS delay slot caching, thanks @JackGrence - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index d9ae5590..e766d2f5 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -fb2fc9f2 +f59df67375c5914321842767636a9fa6f692d5a1 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index fb2fc9f2..f59df673 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit fb2fc9f25df32f17f6b6b859e4dbd70f9a857e0c +Subproject commit f59df67375c5914321842767636a9fa6f692d5a1 From c3b19f5bf84effa67dd8a2ce440124cbe60221df Mon Sep 17 00:00:00 2001 From: David CARLIER Date: Thu, 6 May 2021 14:59:29 +0100 Subject: [PATCH 182/441] instrumentation further move to C++11 (#900) --- instrumentation/afl-gcc-pass.so.cc | 4 ++-- instrumentation/afl-llvm-common.cc | 4 ++-- instrumentation/split-switches-pass.so.cc | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 41bb5152..3b7eb878 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -177,7 +177,7 @@ int plugin_is_GPL_compatible = 1; namespace { -static const struct pass_data afl_pass_data = { +static constexpr struct pass_data afl_pass_data = { .type = GIMPLE_PASS, .name = "afl", @@ -503,7 +503,7 @@ struct afl_pass : gimple_opt_pass { // Starting from "LLVMFuzzer" these are functions used in libfuzzer based // fuzzing campaign installations, e.g. oss-fuzz - static const char *ignoreList[] = { + static constexpr const char *ignoreList[] = { "asan.", "llvm.", diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 24498f3e..af32e2f9 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -55,7 +55,7 @@ bool isIgnoreFunction(const llvm::Function *F) { // Starting from "LLVMFuzzer" these are functions used in libfuzzer based // fuzzing campaign installations, e.g. oss-fuzz - static const char *ignoreList[] = { + static constexpr const char *ignoreList[] = { "asan.", "llvm.", @@ -94,7 +94,7 @@ bool isIgnoreFunction(const llvm::Function *F) { } - static const char *ignoreSubstringList[] = { + static constexpr const char *ignoreSubstringList[] = { "__asan", "__msan", "__ubsan", "__lsan", "__san", "__sanitize", "__cxx", "_GLOBAL__", diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 97ab04a4..82f198aa 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -89,7 +89,7 @@ class SplitSwitchesTransform : public ModulePass { }; - typedef std::vector CaseVector; + using CaseVector = std::vector; private: bool splitSwitches(Module &M); From 7317a594fe5d839019d934b9c269cde146361e34 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 6 May 2021 17:14:42 +0200 Subject: [PATCH 183/441] unicorn fixes --- docs/Changelog.md | 2 ++ unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 0aef1e33..31351a58 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -42,6 +42,8 @@ sending a mail to . - aflpp_driver now compiled with -fPIC - unicornafl: - fix MIPS delay slot caching, thanks @JackGrence + - fixed aarch64 exit address + - execution no longer stops at address 0x0 - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index e766d2f5..7677c3db 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -f59df67375c5914321842767636a9fa6f692d5a1 +3a8957fbf25b1cc9e58d59474f4a3dc0654801e3 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index f59df673..3a8957fb 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit f59df67375c5914321842767636a9fa6f692d5a1 +Subproject commit 3a8957fbf25b1cc9e58d59474f4a3dc0654801e3 From 70e2737222ee49ca5375f42ab51a858f9b75d5cb Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Thu, 6 May 2021 21:11:37 +0200 Subject: [PATCH 184/441] first working NeverZero implementation --- instrumentation/afl-llvm-pass.so.cc | 132 +++++++++++++++------------- 1 file changed, 69 insertions(+), 63 deletions(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 27b53e68..1ee946e5 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -409,11 +409,9 @@ bool AFLCoverage::runOnModule(Module &M) { if (F.size() < function_minimum_size) continue; + std::list todo; for (auto &BB : F) { - if (BB.getName() == "injected") { - continue; - } BasicBlock::iterator IP = BB.getFirstInsertionPt(); IRBuilder<> IRB(&(*IP)); @@ -639,66 +637,8 @@ bool AFLCoverage::runOnModule(Module &M) { if (!skip_nozero) { #endif - /* hexcoder: Realize a counter that skips zero during overflow. - * Once this counter reaches its maximum value, it next increments to 1 - * - * Instead of - * Counter + 1 -> Counter - * we inject now this - * Counter + 1 -> {Counter, OverflowFlag} - * Counter + OverflowFlag -> Counter - */ - - // C: unsigned char old = atomic_load_explicit(MapPtrIdx, memory_order_relaxed); - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setAlignment(llvm::Align()); - Counter->setAtomic(llvm::AtomicOrdering::Monotonic); - Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - - // insert a basic block with the corpus of a do while loop - // the calculation may need to repeat, if atomic compare_exchange is not successful - BasicBlock::iterator it(*Counter); it++; - BasicBlock * end_bb = BB.splitBasicBlock(it); - end_bb->setName("injected"); - - // insert the block before the second half of the split - BasicBlock * do_while_bb = BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - - // set terminator of BB from target end_bb to target do_while_bb - auto term = BB.getTerminator(); - BranchInst::Create(do_while_bb, &BB); - term->eraseFromParent(); - - auto saved = IRB.saveIP(); - IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); - - PHINode * PN = IRB.CreatePHI(Int8Ty, 2); - - auto * Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); - - Value *Incr = IRB.CreateAdd(Counter, One); - - auto * Select = IRB.CreateSelect(Cmp, One, Incr); - - auto * CmpXchg = IRB.CreateAtomicCmpXchg(MapPtrIdx, PN, Select, - llvm::AtomicOrdering::Monotonic, llvm::AtomicOrdering::Monotonic); - CmpXchg->setAlignment(llvm::Align()); - CmpXchg->setWeak(true); - CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - - Value * Success = IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); - Value * OldVal = IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); - - PN->addIncoming(Counter, &BB); - PN->addIncoming(OldVal, do_while_bb); - -// term = do_while_bb->getTerminator(); - -// BranchInst::Create(/*true*/end_bb, /*false*/do_while_bb, Success, do_while_bb); - IRB.CreateCondBr(Success, end_bb, do_while_bb); -// BranchInst::Create(end_bb, do_while_bb); -// term->eraseFromParent(); - IRB.restoreIP(saved); + // register MapPtrIdx in a todo list + todo.push_back(MapPtrIdx); } else { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); @@ -795,6 +735,72 @@ bool AFLCoverage::runOnModule(Module &M) { } +#if 1 /*Atomic NeverZero */ + // handle the todo list + for (auto val : todo) { + /* hexcoder: Realize a counter that skips zero during overflow. + * Once this counter reaches its maximum value, it next increments to 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter + */ + + // C: unsigned char old = atomic_load_explicit(MapPtrIdx, memory_order_relaxed); + Value * MapPtrIdx = val; + Instruction * MapPtrIdxInst = cast(val); + BasicBlock::iterator it0(&(*MapPtrIdxInst)); + ++it0; + IRBuilder<> IRB(&(*it0)); + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setAlignment(llvm::Align()); + Counter->setAtomic(llvm::AtomicOrdering::Monotonic); + Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + BasicBlock *BB = IRB.GetInsertBlock(); + // insert a basic block with the corpus of a do while loop + // the calculation may need to repeat, if atomic compare_exchange is not successful + BasicBlock::iterator it(*Counter); it++; + BasicBlock * end_bb = BB->splitBasicBlock(it); + end_bb->setName("injected"); + + // insert the block before the second half of the split + BasicBlock * do_while_bb = BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + + // set terminator of BB from target end_bb to target do_while_bb + auto term = BB->getTerminator(); + BranchInst::Create(do_while_bb, BB); + term->eraseFromParent(); + + IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); + + PHINode * PN = IRB.CreatePHI(Int8Ty, 2); + + auto * Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); + + Value *Incr = IRB.CreateAdd(Counter, One); + + auto * Select = IRB.CreateSelect(Cmp, One, Incr); + + auto * CmpXchg = IRB.CreateAtomicCmpXchg(MapPtrIdx, PN, Select, + llvm::AtomicOrdering::Monotonic, llvm::AtomicOrdering::Monotonic); + CmpXchg->setAlignment(llvm::Align()); + CmpXchg->setWeak(true); + CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + Value * Success = IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); + Value * OldVal = IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); + + PN->addIncoming(Counter, BB); + PN->addIncoming(OldVal, do_while_bb); + + IRB.CreateCondBr(Success, end_bb, do_while_bb); + + } +#endif + } /* From 187ca8e18b569cb3396640ac46478f8df46fbbb8 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 6 May 2021 21:51:02 +0200 Subject: [PATCH 185/441] more unicorn fixes --- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index 7677c3db..60ec8f79 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -3a8957fbf25b1cc9e58d59474f4a3dc0654801e3 +06d65e290731dfb9572713bc86aa2a0356cb2d2d diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 3a8957fb..06d65e29 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 3a8957fbf25b1cc9e58d59474f4a3dc0654801e3 +Subproject commit 06d65e290731dfb9572713bc86aa2a0356cb2d2d From 1d9a3d955cb4b1350ecad1e008b7c24c5ea3af57 Mon Sep 17 00:00:00 2001 From: realmadsci <71108352+realmadsci@users.noreply.github.com> Date: Thu, 6 May 2021 18:14:16 -0400 Subject: [PATCH 186/441] Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. --- include/afl-fuzz.h | 4 +-- src/afl-fuzz-mutators.c | 67 ++++++++++++++++++++--------------------- src/afl-fuzz-one.c | 4 +-- src/afl-fuzz-run.c | 8 ++--- 4 files changed, 38 insertions(+), 45 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 040d7ae9..f201782a 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1003,7 +1003,7 @@ void read_afl_environment(afl_state_t *, char **); /* Custom mutators */ void setup_custom_mutators(afl_state_t *); void destroy_custom_mutators(afl_state_t *); -u8 trim_case_custom(afl_state_t *, struct queue_entry *q, u8 **in_buf, +u8 trim_case_custom(afl_state_t *, struct queue_entry *q, u8 *in_buf, struct custom_mutator *mutator); /* Python */ @@ -1093,7 +1093,7 @@ fsrv_run_result_t fuzz_run_target(afl_state_t *, afl_forkserver_t *fsrv, u32); void write_to_testcase(afl_state_t *, void *, u32); u8 calibrate_case(afl_state_t *, struct queue_entry *, u8 *, u32, u8); void sync_fuzzers(afl_state_t *); -u8 trim_case(afl_state_t *, struct queue_entry *, u8 **); +u8 trim_case(afl_state_t *, struct queue_entry *, u8 *); u8 common_fuzz_stuff(afl_state_t *, u8 *, u32); /* Fuzz one */ diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index d8db8676..3bb37a89 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -305,16 +305,14 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { } -// Custom testcase trimming. -u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p, +u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct custom_mutator *mutator) { - // We need to pass pointers around, as growing testcases may need to realloc. - u8 *in_buf = *in_buf_p; - - u8 needs_write = 0, fault = 0; + u8 fault = 0; u32 trim_exec = 0; u32 orig_len = q->len; + u32 out_len = 0; + u8* out_buf = NULL; u8 val_buf[STRINGIFY_VAL_SIZE_MAX]; @@ -401,40 +399,33 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p, if (likely(retlen && cksum == q->exec_cksum)) { - // Check if we got a new retbuf and to memcpy our buf. - if (in_buf != retbuf) { - - if (afl_realloc((void **)in_buf_p, retlen) == NULL) { - - FATAL("can not allocate memory for trim"); - - } - - in_buf = *in_buf_p; - - memcpy(in_buf, retbuf, retlen); - q->len = retlen; - - } - /* Let's save a clean trace, which will be needed by - update_bitmap_score once we're done with the trimming stuff. */ + update_bitmap_score once we're done with the trimming stuff. + Use out_buf NULL check to make this only happen once per trim. */ - if (!needs_write) { + if (!out_buf) { - needs_write = 1; memcpy(afl->clean_trace_custom, afl->fsrv.trace_bits, afl->fsrv.map_size); } + if (afl_realloc((void **)&out_buf, retlen) == NULL) { + + FATAL("can not allocate memory for trim"); + + } + + out_len = retlen; + memcpy(out_buf, retbuf, retlen); + /* Tell the custom mutator that the trimming was successful */ afl->stage_cur = mutator->afl_custom_post_trim(mutator->data, 1); if (afl->not_on_tty && afl->debug) { SAYF("[Custom Trimming] SUCCESS: %u/%u iterations (now at %u bytes)", - afl->stage_cur, afl->stage_max, q->len); + afl->stage_cur, afl->stage_max, out_len); } @@ -467,16 +458,10 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p, } - if (afl->not_on_tty && afl->debug) { - - SAYF("[Custom Trimming] DONE: %u bytes -> %u bytes", orig_len, q->len); - - } - - /* If we have made changes to in_buf, we also need to update the on-disk + /* If we have made changes, we also need to update the on-disk version of the test case. */ - if (needs_write) { + if (out_buf) { s32 fd; @@ -486,16 +471,28 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p, if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); } - ck_write(fd, in_buf, q->len, q->fname); + ck_write(fd, out_buf, out_len, q->fname); close(fd); + /* Update the queue's knowledge of length as soon as we write the file. + We do this here so that exit/error cases that *don't* update the file also + don't update q->len. */ + q->len = out_len; + memcpy(afl->fsrv.trace_bits, afl->clean_trace_custom, afl->fsrv.map_size); update_bitmap_score(afl, q); } + if (afl->not_on_tty && afl->debug) { + + SAYF("[Custom Trimming] DONE: %u bytes -> %u bytes", orig_len, q->len); + + } + abort_trimming: + if (out_buf) afl_free(out_buf); afl->bytes_trim_out += q->len; return fault; diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index ed815cb4..4eeb93de 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -508,7 +508,7 @@ u8 fuzz_one_original(afl_state_t *afl) { u32 old_len = afl->queue_cur->len; - u8 res = trim_case(afl, afl->queue_cur, &in_buf); + u8 res = trim_case(afl, afl->queue_cur, in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); if (unlikely(res == FSRV_RUN_ERROR)) { @@ -3007,7 +3007,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { u32 old_len = afl->queue_cur->len; - u8 res = trim_case(afl, afl->queue_cur, &in_buf); + u8 res = trim_case(afl, afl->queue_cur, in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); if (unlikely(res == FSRV_RUN_ERROR)) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 397d62bf..6e5210b8 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -718,10 +718,7 @@ void sync_fuzzers(afl_state_t *afl) { trimmer uses power-of-two increments somewhere between 1/16 and 1/1024 of file size, to keep the stage short and sweet. */ -u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p) { - - // We need to pass pointers around, as growing testcases may need to realloc. - u8 *in_buf = *in_buf_p; +u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 *in_buf) { u32 orig_len = q->len; @@ -735,8 +732,7 @@ u8 trim_case(afl_state_t *afl, struct queue_entry *q, u8 **in_buf_p) { if (el->afl_custom_trim) { - trimmed_case = trim_case_custom(afl, q, in_buf_p, el); - in_buf = *in_buf_p; + trimmed_case = trim_case_custom(afl, q, in_buf, el); custom_trimmed = true; } From 32be08d7b31cb004f34d3ef2d3916ca0e4531765 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 7 May 2021 08:13:50 +0200 Subject: [PATCH 187/441] add some comments --- instrumentation/afl-llvm-pass.so.cc | 34 ++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 1ee946e5..53e076ff 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -738,7 +738,8 @@ bool AFLCoverage::runOnModule(Module &M) { #if 1 /*Atomic NeverZero */ // handle the todo list for (auto val : todo) { - /* hexcoder: Realize a counter that skips zero during overflow. + + /* hexcoder: Realize a thread-safe counter that skips zero during overflow. * Once this counter reaches its maximum value, it next increments to 1 * * Instead of @@ -748,12 +749,28 @@ bool AFLCoverage::runOnModule(Module &M) { * Counter + OverflowFlag -> Counter */ - // C: unsigned char old = atomic_load_explicit(MapPtrIdx, memory_order_relaxed); + /* equivalent c code looks like this + * Thanks to https://preshing.com/20150402/you-can-do-any-kind-of-atomic-read-modify-write-operation/ + + int old = atomic_load_explicit(&Counter, memory_order_relaxed); + int new; + do { + if (old == 255) { + new = 1; + } else { + new = old + 1; + } + } while (!atomic_compare_exchange_weak_explicit(&Counter, &old, new, memory_order_relaxed, memory_order_relaxed)); + + */ + Value * MapPtrIdx = val; Instruction * MapPtrIdxInst = cast(val); BasicBlock::iterator it0(&(*MapPtrIdxInst)); ++it0; IRBuilder<> IRB(&(*it0)); + + // load the old counter value atomically LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setAlignment(llvm::Align()); Counter->setAtomic(llvm::AtomicOrdering::Monotonic); @@ -762,7 +779,8 @@ bool AFLCoverage::runOnModule(Module &M) { BasicBlock *BB = IRB.GetInsertBlock(); // insert a basic block with the corpus of a do while loop // the calculation may need to repeat, if atomic compare_exchange is not successful - BasicBlock::iterator it(*Counter); it++; + + BasicBlock::iterator it(*Counter); it++; // split after load counter BasicBlock * end_bb = BB->splitBasicBlock(it); end_bb->setName("injected"); @@ -774,28 +792,38 @@ bool AFLCoverage::runOnModule(Module &M) { BranchInst::Create(do_while_bb, BB); term->eraseFromParent(); + // continue to fill instructions into the do_while loop IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); PHINode * PN = IRB.CreatePHI(Int8Ty, 2); + // compare with maximum value 0xff auto * Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); + // increment the counter Value *Incr = IRB.CreateAdd(Counter, One); + // select the counter value or 1 auto * Select = IRB.CreateSelect(Cmp, One, Incr); + // try to save back the new counter value auto * CmpXchg = IRB.CreateAtomicCmpXchg(MapPtrIdx, PN, Select, llvm::AtomicOrdering::Monotonic, llvm::AtomicOrdering::Monotonic); CmpXchg->setAlignment(llvm::Align()); CmpXchg->setWeak(true); CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + // get the result of trying to update the Counter Value * Success = IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); + // get the (possibly updated) value of Counter Value * OldVal = IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); + // initially we use Counter PN->addIncoming(Counter, BB); + // on retry, we use the updated value PN->addIncoming(OldVal, do_while_bb); + // if the cmpXchg was not successful, retry IRB.CreateCondBr(Success, end_bb, do_while_bb); } From 2fd96294780f016a5b2533f0c1826a07dbbac2a8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 7 May 2021 09:11:46 +0200 Subject: [PATCH 188/441] typo --- frida_mode/README.md | 5 +++++ qemu_mode/qemuafl | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index d9634df2..2c6b0316 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -53,8 +53,13 @@ instead we use 'O' in hommage to the [author](https://github.com/oleavr) of FRIDA. Similarly, the intention is to mimic the use of environment variables used by +<<<<<<< Updated upstream QEMU where possible (by replacing `s/QEMU/FRIDA/g`). Accordingly, the following options are currently supported: +======= +QEMU where possible (although replacing `s/QEMU/FRIDA/g`). Accordingly, the +following options are currently supported. +>>>>>>> Stashed changes * `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` * `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index ddc4a974..d73b0336 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit ddc4a9748d59857753fb33c30a356f354595f36d +Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 From 069e61dfc67050154b649ba286552b563b27e9ba Mon Sep 17 00:00:00 2001 From: "Roman M. Iudichev" Date: Fri, 7 May 2021 18:32:17 +0300 Subject: [PATCH 189/441] Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. --- docs/env_variables.md | 4 ++++ include/afl-fuzz.h | 5 +++-- include/envs.h | 1 + src/afl-fuzz-state.c | 8 ++++++++ src/afl-fuzz-stats.c | 10 ++++++++++ src/afl-fuzz.c | 8 ++++++++ test/test-performance.sh | 1 + test/test-pre.sh | 1 + 8 files changed, 36 insertions(+), 2 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index 0100ffac..8879db72 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -284,6 +284,10 @@ checks or alter some of the more exotic semantics of the tool: normally indicated by the cycle counter in the UI turning green. May be convenient for some types of automated jobs. + - `AFL_EXIT_ON_TIME` Causes afl-fuzz to terminate if no new paths were + found within a specified period of time. May be convenient for some + types of automated jobs. + - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour which does not allow crashes or timeout seeds in the initial -i corpus. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index f201782a..a09d6f79 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -392,7 +392,7 @@ typedef struct afl_env_vars { *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_testcache_entries, *afl_kill_signal, *afl_target_env, - *afl_persistent_record; + *afl_persistent_record, *afl_exit_on_time; } afl_env_vars_t; @@ -575,7 +575,8 @@ typedef struct afl_state { last_sync_cycle, /* Cycle no. of the last sync */ last_path_time, /* Time for most recent path (ms) */ last_crash_time, /* Time for most recent crash (ms) */ - last_hang_time; /* Time for most recent hang (ms) */ + last_hang_time, /* Time for most recent hang (ms) */ + exit_on_time; /* Delay to exit if no new paths */ u32 slowest_exec_ms, /* Slowest testcase non hang in ms */ subseq_tmouts; /* Number of timeouts in a row */ diff --git a/include/envs.h b/include/envs.h index cd23ca3f..9175005e 100644 --- a/include/envs.h +++ b/include/envs.h @@ -49,6 +49,7 @@ static char *afl_environment_variables[] = { "AFL_DUMB_FORKSRV", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", + "AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL", "AFL_FORCE_UI", diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 28d3339a..73ba7a52 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -99,6 +99,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->cal_cycles = CAL_CYCLES; afl->cal_cycles_long = CAL_CYCLES_LONG; afl->hang_tmout = EXEC_TIMEOUT; + afl->exit_on_time = 0; afl->stats_update_freq = 1; afl->stats_avg_exec = 0; afl->skip_deterministic = 1; @@ -187,6 +188,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_exit_when_done = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_EXIT_ON_TIME", + + afl_environment_variable_len)) { + + afl->afl_env.afl_exit_on_time = + (u8 *) get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_NO_AFFINITY", afl_environment_variable_len)) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index fd9af5e4..ee8bd2da 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -574,6 +574,16 @@ void show_stats(afl_state_t *afl) { } + /* AFL_EXIT_ON_TIME. */ + + if (unlikely(afl->last_path_time && !afl->non_instrumented_mode && + afl->afl_env.afl_exit_on_time && + (cur_ms - afl->last_path_time) > afl->exit_on_time)) { + + afl->stop_soon = 2; + + } + if (unlikely(afl->total_crashes && afl->afl_env.afl_bench_until_crash)) { afl->stop_soon = 2; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8c3ba575..8de3ed6b 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -204,6 +204,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" + "AFL_EXIT_ON_TIME: exit when no new paths are found within the specified time period\n" "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n" "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n" "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n" @@ -1246,6 +1247,13 @@ int main(int argc, char **argv_orig, char **envp) { } + if (afl->afl_env.afl_exit_on_time) { + + u64 exit_on_time = atoi(afl->afl_env.afl_exit_on_time); + afl->exit_on_time = (u64)exit_on_time * 1000; + + } + if (afl->afl_env.afl_max_det_extras) { s32 max_det_extras = atoi(afl->afl_env.afl_max_det_extras); diff --git a/test/test-performance.sh b/test/test-performance.sh index cd9f6caf..d61e2f2a 100755 --- a/test/test-performance.sh +++ b/test/test-performance.sh @@ -18,6 +18,7 @@ export AFL_QUIET=1 export AFL_PATH=`pwd`/.. unset AFL_EXIT_WHEN_DONE +unset AFL_EXIT_ON_TIME unset AFL_SKIP_CPUFREQ unset AFL_DEBUG unset AFL_HARDEN diff --git a/test/test-pre.sh b/test/test-pre.sh index 174f2f7f..7819da47 100755 --- a/test/test-pre.sh +++ b/test/test-pre.sh @@ -62,6 +62,7 @@ $ECHO \\101 2>&1 | grep -qE '^A' || { test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } export AFL_EXIT_WHEN_DONE=1 +export AFL_EXIT_ON_TIME=60 export AFL_SKIP_CPUFREQ=1 export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 unset AFL_NO_X86 From 62d5bf5f414193f1893900f58b4507b915b67865 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 8 May 2021 10:16:44 +0200 Subject: [PATCH 190/441] fix new path to custom-mutators --- test/test-custom-mutators.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index a5d666ff..5d679a82 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -5,7 +5,7 @@ $ECHO "$BLUE[*] Testing: custom mutator" test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { # normalize path - CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../utils/custom_mutators;pwd) + CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd) test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && { unset AFL_CC # Compile the vulnerable program for single mutator From 6c274546c42f05292df6c8bcf3c524c4cfc3f031 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 8 May 2021 11:03:49 +0200 Subject: [PATCH 191/441] ensure crashes/README.txt exists --- include/afl-fuzz.h | 1 + src/afl-fuzz-stats.c | 2 ++ 2 files changed, 3 insertions(+) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index a09d6f79..72f956b9 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -1135,6 +1135,7 @@ void check_if_tty(afl_state_t *); void setup_signal_handlers(void); void save_cmdline(afl_state_t *, u32, char **); void read_foreign_testcases(afl_state_t *, int); +void write_crash_readme(afl_state_t *afl); /* CmpLog */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index ee8bd2da..bccd2f31 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -179,6 +179,8 @@ void load_stats_file(afl_state_t *afl) { } + if (afl->unique_crashes) { write_crash_readme(afl); } + return; } From b409d63fd30dd2dcbdc7be5fc559f246124ac110 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 8 May 2021 11:24:04 +0200 Subject: [PATCH 192/441] fix --- src/afl-fuzz-bitmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 3d0228db..97f10e6f 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -397,7 +397,7 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { /* Write a message accompanying the crash directory :-) */ -static void write_crash_readme(afl_state_t *afl) { +void write_crash_readme(afl_state_t *afl) { u8 fn[PATH_MAX]; s32 fd; From 1b7aa1b63b1ce089b5ebd505155ff6b679487aa1 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Sat, 8 May 2021 12:34:24 +0100 Subject: [PATCH 193/441] Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name --- .gitmodules | 4 ---- frida_mode/GNUmakefile | 20 ++++++++++++-------- frida_mode/frida | 1 - 3 files changed, 12 insertions(+), 13 deletions(-) delete mode 160000 frida_mode/frida diff --git a/.gitmodules b/.gitmodules index 0b8ccd97..c787ec0e 100644 --- a/.gitmodules +++ b/.gitmodules @@ -7,7 +7,3 @@ [submodule "qemu_mode/qemuafl"] path = qemu_mode/qemuafl url = https://github.com/AFLplusplus/qemuafl -[submodule "frida_mode/frida"] - path = frida_mode/frida - url = https://github.com/WorksButNotTested/frida.git - branch = x64_stalker_fix diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index e95455e3..a15f5c32 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -64,7 +64,7 @@ ifndef OS $(error "Operating system unsupported") endif -GUM_DEVKIT_VERSION=14.2.17 +GUM_DEVKIT_VERSION=14.2.18 GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" @@ -72,17 +72,18 @@ GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h -FRIDA_DIR:=$(PWD)frida/ +FRIDA_DIR:=$(PWD)build/frida-source/ FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gum-1.0.a FRIDA_GUM_DEVKIT_DIR:=$(FRIDA_DIR)build/gum-devkit/ FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gum.h -FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) +FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar +FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -.PHONY: all clean format +.PHONY: all clean format $(FRIDA_GUM) ############################## ALL ############################################# @@ -97,8 +98,8 @@ $(OBJ_DIR): | $(BUILD_DIR) ############################# FRIDA ############################################ -$(FRIDA_MAKEFILE): - git submodule update --init --recursive $(FRIDA_DIR) +$(FRIDA_MAKEFILE): | $(BUILD_DIR) + git clone --recursive https://github.com/frida/frida.git $(FRIDA_DIR) $(FRIDA_GUM): $(FRIDA_MAKEFILE) cd $(FRIDA_DIR) && make gum-linux-$(ARCH) @@ -107,7 +108,10 @@ $(FRIDA_GUM_DEVKIT_HEADER): $(FRIDA_GUM) $(FRIDA_DIR)releng/devkit.py frida-gum linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ $(FRIDA_GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_HEADER) - cd $(FRIDA_GUM_DEVKIT_DIR) && tar cJvf $(FRIDA_GUM_DEVKIT_TARBALL) . + cd $(FRIDA_GUM_DEVKIT_DIR) && tar cvf $(FRIDA_GUM_DEVKIT_TARBALL) . + +$(FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL): $(FRIDA_GUM_DEVKIT_TARBALL) + xz -k -f -0 $(FRIDA_GUM_DEVKIT_TARBALL) ############################# DEVKIT ########################################### @@ -115,7 +119,7 @@ $(FRIDA_BUILD_DIR): | $(BUILD_DIR) mkdir -p $@ ifdef FRIDA_SOURCE -$(GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_TARBALL)| $(FRIDA_BUILD_DIR) +$(GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL)| $(FRIDA_BUILD_DIR) cp -v $< $@ else $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) diff --git a/frida_mode/frida b/frida_mode/frida deleted file mode 160000 index 59457cf8..00000000 --- a/frida_mode/frida +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 59457cf83f8411c62988f93da1dfe8b04e228249 From 6c20d54b23f9a49ca65a4b2f786b6be1a2f51105 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Sat, 8 May 2021 14:30:07 +0100 Subject: [PATCH 194/441] Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name --- frida_mode/src/cmplog/cmplog_x64.c | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index cdb698d5..9bf09ad5 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -175,6 +175,8 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { guint64 rdi = cmplog_read_reg(context, X86_REG_RDI); guint64 rsi = cmplog_read_reg(context, X86_REG_RSI); + if (((G_MAXULONG - rdi) < 32) || ((G_MAXULONG - rsi) < 32)) return; + void *ptr1 = GSIZE_TO_POINTER(rdi); void *ptr2 = GSIZE_TO_POINTER(rsi); @@ -223,18 +225,6 @@ static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, } -static void cmplog_instrument_call_put_callout(GumStalkerIterator *iterator, - cs_x86_op * operand) { - - cmplog_ctx_t *ctx = g_malloc(sizeof(cmplog_ctx_t)); - if (ctx == NULL) return; - - cmplog_instrument_put_operand(ctx, operand); - - gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, ctx, g_free); - -} - static void cmplog_instrument_call(const cs_insn * instr, GumStalkerIterator *iterator) { @@ -251,7 +241,7 @@ static void cmplog_instrument_call(const cs_insn * instr, if (operand->type == X86_OP_MEM && operand->mem.segment != X86_REG_INVALID) return; - cmplog_instrument_call_put_callout(iterator, operand); + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, NULL, NULL); } From de69ba01bae87ad5e1cbfa63641d64fe73e755dd Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sun, 9 May 2021 22:40:58 +0200 Subject: [PATCH 195/441] testcase fixes for unicorn --- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index 60ec8f79..ffcf3b4c 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -06d65e290731dfb9572713bc86aa2a0356cb2d2d +019b871539fe9ed3f41d882385a8b02c243d49ad diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 06d65e29..019b8715 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 06d65e290731dfb9572713bc86aa2a0356cb2d2d +Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad From d982fddb186d554b9547fb4afa8e580767f01c20 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Mon, 10 May 2021 09:15:06 +0200 Subject: [PATCH 196/441] remove merge conflict artifacts --- frida_mode/README.md | 5 ----- 1 file changed, 5 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 2c6b0316..d9634df2 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -53,13 +53,8 @@ instead we use 'O' in hommage to the [author](https://github.com/oleavr) of FRIDA. Similarly, the intention is to mimic the use of environment variables used by -<<<<<<< Updated upstream QEMU where possible (by replacing `s/QEMU/FRIDA/g`). Accordingly, the following options are currently supported: -======= -QEMU where possible (although replacing `s/QEMU/FRIDA/g`). Accordingly, the -following options are currently supported. ->>>>>>> Stashed changes * `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` * `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` From 24551382d25fa0b7e6ddf0c830f8cad0f8ac93c4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 May 2021 09:50:18 +0200 Subject: [PATCH 197/441] fix afl-plot --- afl-plot | 4 ---- 1 file changed, 4 deletions(-) diff --git a/afl-plot b/afl-plot index ba100d3e..f5bb041d 100755 --- a/afl-plot +++ b/afl-plot @@ -129,7 +129,6 @@ set autoscale xfixmax set xlabel "all times in UTC" font "small" -set ytics auto plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ '' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ '' using 1:5 with lines title 'pending paths' linecolor rgb '#0090ff' linewidth 3, \\ @@ -139,7 +138,6 @@ plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' lin set terminal png truecolor enhanced size 1000,200 butt set output '$outputdir/low_freq.png' -set ytics 1 plot '$inputdir/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb '#c00080' fillstyle transparent solid 0.2 noborder, \\ '' using 1:8 with lines title ' uniq crashes' linecolor rgb '#c00080' linewidth 3, \\ '' using 1:9 with lines title 'uniq hangs' linecolor rgb '#c000f0' linewidth 3, \\ @@ -148,14 +146,12 @@ plot '$inputdir/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb set terminal png truecolor enhanced size 1000,200 butt set output '$outputdir/exec_speed.png' -set ytics auto plot '$inputdir/plot_data' using 1:11 with filledcurve x1 title '' linecolor rgb '#0090ff' fillstyle transparent solid 0.2 noborder, \\ '$inputdir/plot_data' using 1:11 with lines title ' execs/sec' linecolor rgb '#0090ff' linewidth 3 smooth bezier; set terminal png truecolor enhanced size 1000,300 butt set output '$outputdir/edges.png' -set ytics auto plot '$inputdir/plot_data' using 1:13 with lines title ' edges' linecolor rgb '#0090ff' linewidth 3 _EOF_ From 340fc13de188b257ccb9e46a1f581ebd172ea81e Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 10 May 2021 08:52:59 +0100 Subject: [PATCH 198/441] Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name --- frida_mode/test/fuzzbench/GNUmakefile | 61 ----------------------- frida_mode/test/fuzzbench/Makefile | 12 ----- frida_mode/test/fuzzbench/fuzzer | Bin 1703936 -> 0 bytes frida_mode/test/fuzzbench/src/Dockerfile | 36 ------------- frida_mode/test/fuzzbench/src/run.sh | 10 ---- frida_mode/test/libxml/GNUmakefile | 13 ----- frida_mode/test/libxml/Makefile | 12 ----- frida_mode/test/libxml/xml | Bin 1849872 -> 0 bytes 8 files changed, 144 deletions(-) delete mode 100644 frida_mode/test/fuzzbench/GNUmakefile delete mode 100644 frida_mode/test/fuzzbench/Makefile delete mode 100755 frida_mode/test/fuzzbench/fuzzer delete mode 100644 frida_mode/test/fuzzbench/src/Dockerfile delete mode 100644 frida_mode/test/fuzzbench/src/run.sh delete mode 100644 frida_mode/test/libxml/GNUmakefile delete mode 100644 frida_mode/test/libxml/Makefile delete mode 100755 frida_mode/test/libxml/xml diff --git a/frida_mode/test/fuzzbench/GNUmakefile b/frida_mode/test/fuzzbench/GNUmakefile deleted file mode 100644 index 38d8b91e..00000000 --- a/frida_mode/test/fuzzbench/GNUmakefile +++ /dev/null @@ -1,61 +0,0 @@ -PWD:=$(shell pwd)/ -ROOT:=$(shell realpath $(PWD)../../..)/ -SRC_DIR:=$(PWD)src/ -BUILD_DIR:=$(PWD)build/ - -FUZZBENCH_DATA_DIR:=$(BUILD_DIR)in/ -R2_DICT:=$(BUILD_DIR)fuzz-target.dict -R2_DICT_URL:=https://raw.githubusercontent.com/google/fuzzing/master/dictionaries/regexp.dict - -FRIDA_OUT:=$(BUILD_DIR)frida-out - -ASSETS_DIR:=$(BUILD_DIR)assets/ -ASSETS_SRC:=$(ROOT)frida_mode/build/afl-frida-trace.so \ - $(R2_DICT) \ - fuzzer \ - $(SRC_DIR)run.sh - -ASSETS_DEST:=$(foreach asset,$(ASSETS_SRC),$(ASSETS_DIR)$(notdir $(asset))) - -.PHONY: all clean frida - -all: $(FUZZBENCH_DATA_DIR) - make -C $(ROOT)frida_mode/ - -$(BUILD_DIR): - mkdir -p $@ - -$(ASSETS_DIR): | $(BUILD_DIR) - mkdir -p $@ - -$(R2_DICT): | $(BUILD_DIR) - wget -qO $@ $(R2_DICT_URL) - -$(FUZZBENCH_DATA_DIR): $(R2_DICT) - mkdir -p $@ - split -l 1 -d -a 4 $(R2_DICT) $(FUZZBENCH_DATA_DIR)file - -define COPY_ASSET -$(2): $(1) GNUmakefile | $(ASSETS_DIR) - cp -v $(1) $(2) -endef - -$(foreach asset,$(ASSETS_SRC),$(eval $(call COPY_ASSET,$(asset),$(ASSETS_DIR)$(notdir $(asset))))) - -clean: - rm -rf $(BUILD_DIR) - -frida: | $(FUZZBENCH_DATA_DIR) - AFL_QEMU_DRIVER_NO_HOOK=1 \ - AFL_FRIDA_PERSISTENT_CNT=1000000 \ - AFL_FRIDA_PERSISTENT_ADDR=0x55555599f6c0 \ - $(ROOT)afl-fuzz \ - -O \ - -i $(FUZZBENCH_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(PWD)fuzzer - -docker: $(ASSETS_DEST) - docker build -t fuzzbench-frida-mode -f $(SRC_DIR)Dockerfile $(PWD) - docker run --rm -ti fuzzbench-frida-mode /run.sh \ No newline at end of file diff --git a/frida_mode/test/fuzzbench/Makefile b/frida_mode/test/fuzzbench/Makefile deleted file mode 100644 index e71185cc..00000000 --- a/frida_mode/test/fuzzbench/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -all: - @echo trying to use GNU make... - @gmake all || echo please install GNUmake - -clean: - @gmake clean - -frida: - @gmake frida - -docker: - @gmake docker \ No newline at end of file diff --git a/frida_mode/test/fuzzbench/fuzzer b/frida_mode/test/fuzzbench/fuzzer deleted file mode 100755 index 5e8b7f70b3f04bebb98a9834642e6cc1c2c1eb52..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1703936 zcmeFa3wTu3)jvFeAVIAYQIvYA@j?q;gO`d@UxP9_C~4y*8gET71VOn(k_g(S2E%A3 z<6yK}X{~KqeQUI~jaD#H69dvDTC4G%Dz)Q%kD^9INVS#!@3+>u>`8J&{rf%N^F7ap zkD0yJ+I#J_*IIk+>pAD@$jnnlWMzfiehIC_<_hfohC+D)vm9k@TdnlA)s=#Gf9n(sO}tj=ZaIp_ay|R*D*1c%y*%SL*OA}- zb=$|b@&B_O`q?8201+XHABm_P60?;d@`{Mm=ipSQ4P>0wK!eD|>L9({P#qQj4r zc9TEzp8EY_W)Hb~%o9lMzY=NJF3Yn+P+eUeaX)wR-1eH;<=XzA{dnsUqc%FIAwQ49 zk;V?ehC=kW;qX6%Aj9GR3q=lx-ys11LI9uF0_3?c0Dofuem6MzaPr&^BM*n462ND5 zfc&oq;P(yS|GNPEJpuLZ62O1w0KJ_Q!2i+!{u5#IykYEqYyh5}csRXn43P7v06BLG z;Pb}-e>*&Ye|12+ZVbr(Eb1Muy%PfD`C$NlQvm-*1N`l@0Q{W+^4A5_`+fkQp9bJ# z0dj7GeTTE-eF1#N1ju=6fPFgy>fI2)zbl}<^#S>B3-FVJ0_r^?fd9?`eqIt#@Am@u zKM=rwb%1^j3gCZS0G~Sp>ODO`{%HYxZVJHfA7I~00_rUfkpIGf{LcpD?+L&k9Dv_B z06#xK{&4~A{WQQX-wMe8N`Swe5g<=h0ROWC_!I}|ZC-#p`vl~#3CMp;fSf-G;PXy^ zKA#D|zZ8Jq9Dsj5ApZP4K%S0(cKth`U1J0A>jLoY0sQv~$bWeN{`Ud$-xtu{Hv;%P z6ri_d0seD)0H5pt{LcgU7X|2HVF11;fKOk59&QNe7wG`~91_spx&S`!2IQ{^kaI>r zyKWDV|J;E5ivr}I8leAJK>oD>a-I?(PfGy*KLp76;{g6k1NdAIysp?Fu=Ve=0C{!~ z!2czH|83wo+&pAm0RFQ8`L7GWUmD;Kc>(^jDnM^N0el_~XxCi<{7(qrb5a1GJp%H- z9?;(R0_y#KfL$&K;8PxeH_*?np>Sx*t24zLP@VjHGC*(dJNc(M`N3BIVck1>zOHji zXPjMFI=f%lFIqUebjd7>r(iB#ylB?!@>x}WRa&}w@s$}>33gU>_2SYDxqNh0MRoO+ zl@)`82*^CV#DlR_70|jX|DuKEKJ!Z|s;eq1%ID3QSMFti07Gz>Ra{wG4vSU$MWxkM z^DbF9Yra=haMkk`RLmZ#pus|2x@ewnz1bDjv&!d&7S39@sA_&iMJ0XYlJfG>DtgG| zP-*ePCG(*6Gb^fU7Qh=F@YIUxnX?vNQZwt4inE+nOrKRf%cj#y7cD%Ce(Ryns;Hh( z)i7wVI`vEnTdocc|EXS7Gk<>R{LqpG6$_xs z(40B*YpUjku9#I-xp>~f>N!FvUr-rB-Z|72@**D{8XaxH#bB_cJT$LrN%_L+#bh*R zQDp@*wWw;|(o*o8H6J<$eb)TSxwFWmdeIzKS6)@UX#Q;HmoNwmF4o#AuLR>N;anA} zfjekrFz9?Fl?lqux_A-PBrNC8523Eb<#QLiFzP5RWmiW8m@{i0gsxs(zDSxnud1qY z7Q9MI&eoqfY{Kk$m&~h{g5~t-Qn*{`f{RPbYZjL-n6=d59I7gxTQR%z%6SzK0fm;j zrJxW;y7^GRoW&Kc+zTrhDX6Z}((^7)IZoHnC0 z>_TDZR9E0P1jeo?5K-EGF@sYG8mNF!sFPAam=LOQIU)GE>Yj~8fQehBXcm6Of=lNt zUI6NxC5z{wJ3=k9L~Y^^z&p*EPsXUN3T#|azy&odT3jl%(6&%nWzE8J+6Y94bJdkq zR6SII--UC)z!d|$J(G)-)V;t+YIVF1E-ubU?ibIWweT`VP(!0tW&^1mIB-ob;IgIN9}HXDBxgP|B{;uO}hgvdd;5;rn58W=aP zTMz4IKK>;S{mcBsk>g1D>vH9S%{Uw#8=zHnUYex17(%txbRVSKBZW zXDY7DStyMO6#ix5zY6?vKRpls*X%WKObFaRW<&9h^q)g%F1_g6SMJ0UlC04#eMG1R zNz(K2|Ke}5e0FFI=)@_%kruz~&?%Vgkj8&E-}p1sG$u68$zLVqM~Ctpc(-};a8R*B z=+F#)BRqb6`{{WJ#oa?V>YtQ_=bpd&&scc(9DuZb3xAE98NUM-{udU0e4f?|v7jOU zU!H|`=YXV6wD8_s5BPiwkEy8lZ;FM-6xjP$VBsAT2`y^jDU-dO%~qu8Io68czYez zY~k(oQ;UV)&Enr`;di(2Z5DoJqJ{6b@C6orz`{?n@Sy{I|3AsX z=UDiYEqtzppKjsDTlk2D&$IBSSonz+{!|N}Z{edBeu{;kVc`ob{Am_GYTVv_$mwEWZ|nV{7MVY`M3M8*}`ApBJtZ|;g?wWRtvw>!naxY zD=mDdg}=(e_gMHJS@>QH|6>c^XW?rte9FTA#KId3f3=10xA1iqe!#*nv+$vVeE+Yv z@HrNKxrNWQ@G%QN-ojsN;qxr~bryc2g>SI%`4&EI;ip*mMhjnH;S&}W9@I@9r zY2iyO{0a+SX5nwJ@N+GElZCIe@Hblcr564s3twm9e`?_yEd0$DzRAMhV&PX>_@7z$ zW($9-g^$*6%!wvOMYiULqOs2EQRd_^p-{Abea@p+CM35Vb0)HEn{YP%hW9H#im*hc zbZQ&^O*oBk7P6*$1wM%|mwM?=fsZFVl5nfQM-t8^+$`|Hghvr>68HeZI}olDcrU`E z30Dd{mT(T?GJ$s_4B68Le#yAtjdcpc%fggXUZLwGmBtpeXqcz43h0^dV;9N{K` ze@mE4_jH}WzaYFP;YxvTBFv>$x=i3k!dzmdiv+%gFqc;80)ek0%q3MiU*N@rxs*!h z34AHxeF^6Zd@*4zozfwJ&nL_!Q@a1ZZ2y^r^9ZK|K8^7HgnI=(i7=N&=}v)(0?Jdtpjz&jG2M7T)c5rhvWTp;i# z9|JywaK6Bs2p>u~PvCb5A4WJ=;MWKrPB!0QMf zNw`zsHH42M+$!+>gpVfNEbu*qk0IP7@NWr!mvEiHzaV@p;YxvTBFrU7x=i3k!d!Z! ziv+%gFqa(Z0)ek0%%w&;U*N@rxx`5434AHx6A0%Dd@Jb^DId=cSX zfiEV^sdhRf@cD!}#ZLGCTkKD`jBrZe(+JNZ+$-=&ggKQ?cM5zw;c~*Q0v}0uHsNN0 z4<=kexJlpx2+tv0C-7c`FCknh@L0kefYN0G??`wa;Ua-Y5WbXffxw@91o$$-`2ueu zJfCo$!0!-VKsZ<6*9b2p91{2?!ixy^4~YEO(*n*{zX;VTH&3H%GfO9)pAd=p_#P19upHxlNQG+iX{HH0}8O&17! z6=6<6)A<4~Cd{d4I#1wB3D*+N75HMpoNA^+0-sNqQ_OV#RIS|Pb0jHaIe58 z5x$0Sr@+S(t|#0o@R5X<6K)pxV8SuNO#&Z4_*%ks0`EomI>MC#k0sndxJ=+33C9T+ z2|R*uBjEypKiLF0K{#LFO@yx}oG0)*gp-7G1%8e23c?|QUm|=1;r=aRf5J_KQvyFu z_(sCL0&jXRKQyOl+k{W#w|LsQ)6SW8_F0XiC%?D6GaS1O8Kdz}qsbG_95pRu+A+k& zfF}RxjpbR>wyYmfy?5fW>_^rBGr7}jKp&hD@0xzx$KmBS12r>wLOOd|D4INMEXp^Y zoYgX-dhE{G4JT*KjBks^-#3R~(0cdn$?ttHtNH+Ps|mZTZgg11tFpUJ&Kl94MNyI` zJPvl|O_8G}FK#ZFcHy)iPAk3WQIPJtXJ_O%rVKw2W&fX#Vg3gddAcHZR^%B9eYSE; z=-me z^BmThJYjD|h7>u?5#&5i5M;TReD_qo-|Id(8#)U)!jMCf1;|q1DFHTYl`=02@Sp;33viPH9|^EPfo%dr71#-WvSrkP3hXJsXIq5Zfdc$P zfg=QXK!K?O+@Qdz07@Q>CQj%94|CZc$AI0vk zaDoy(rvD~RC?MeuA?&P#v=YK3Gz#J6kEx>N|5U;&fXwAWxJL<3E8!0$lnCKUCHz$h zKPKTsAw-q%kP=P@RFa+mN_fBN*w5cGs#6r;_`_`qJSY~tLIL%MGZavNI8*`khtUeC zKfER_im5-eE1>?cQUUdcDh1RZzOR7#!z2aNAF>rtfB2U)BR!i7q3{GpVDtAucf5*&XxoP=3I_++yU|#{Yio#-(1b9Y)V+8nv0@DCU zgn9uInaA#?w=gWA19xk$`(F}Tg}|@?!e5k7O~S20U|0a*Pf9qMgr5k3VF83YlrWZr z3L!8ofN-l4UIk=k3V~q(1dg4EH&lQ*N(c-KAY844t4Y{P2n-7#R4L*6BxDI;FC|=} zgndacEo@*~+P?e(C2Ry_o)SWv5@fJWobVSCRtw=eC7i4!8cDca2wgNI|3gJ;D?52b+5{?tXO-dN8gj-0+6T&Pde2U=~x|&VG zXd&b);R7WcMZ)`cvE|z~N#(CAVFU@!3*kv6yr_hy0hxz|aJv%zri5k^?hwL!B|M^p zMSx1uaZu*CBR1o+m_Mfd@iqmtKVG4L_D79dG3}3sDnOoL z1++g_DWLt4?tmGC_Qy#IXn)LBK>Opr#9A@!k82dr{&hwoLKYm#V4=BOuj}MZtP6+i%aQfr5B-|~8GnL@<$6^wi zgs{I7oc?$a2}^{~|Dkj{r$2rK$oxdA|*Kev5bV> zgm9=5oc?$Oppx{z@5tMuxB1iETo%Abjo4NOnj5!&aux!`K^5MEb+4Lu*sH(L^CqGqSRJ=ENg!MU%BX z=6q&AV)7RAYb3)DM&7DVWz`Ra!pnCdOOQH%51HQxwdSq*w?;huKGD&5dozX$(?Sjj zNrxXKJ$vo@Bh3ASu{mqsA88&QjLlv9ezxfvjLlp7{wUKs7+bLR{T<9p7It;bTWjAR zZQiy}5Mb^5IrVR4nGXkJ#}La04lQBVzP}@}qec>2*dMK5J0cn{?38q(*hI6Q2G|x& z)Bsi7hE_MD)h%rGCSkOS>1eXOm#F=~B~7gZkrMnW;-ksp9`pL1nKW|}GB>PkNd6i* zq)=mw$rcPGqrf74x$^5Q(2ksD%YNX!Ke9MpQGysAR41rFP zV7j(9nyg8|*Za(9=}kZ+kO95OoI^zY`uvL?75mh0%=5~_NYQwNJo?SA)k$GE6OH5e z6sU)NR6Lpk9(lGk=cv8wH|7dI$YCx+H(~I)x$~f`@aj&KfLSu_5BdH2Rep$BVMUlmd&V*BZDKqUmtgVxsg=P-$9ijo@caI_0(@}MP9F;^C(lAI!j`D#H7FB zViq|VQHV6%^KUvg+U2%i+vD;-c3A#rkS$d0^DlKUgZXFZ6L~OpL@_2{{0xO}$c0$hj-3Np(Un2=b>vCZaogPXHqSlkDk|mOmB^!yls-CJ69rbFOk}1KSjAonpmiF_H1LfIFkd^@Oh- zBZjMOGgt0D3RTsn_6*k}{8KQFe<^dh!^NzWl99f2v653}wO>K6nZbcE-iAFTDTbicVrGJ{m#nFW?;A=qlV zFWn>7tnKTHJcWU)<|*@I=B{5~1ic0O4<=F>boD=QhHV1;Z&3a`Pyg(L6!So>cu)Xw zkJg=Adb2Q2!akAKBKXF#LUB=A&3+;Rg*)XdK$#PFMcY-xe`FY=0wv zR9o8*qf7YdjtuMpt*4Jx)q{rqS}NrY)h@HnJ;O210yKPxH4w)cyW!uA>w}`T<*(X) zjvs^cg+Ay9Yd?Pa`Z`^Q66EvkX~%Qn2mL@q^8<0qLI@P4K4A-2KST9d-y_X3dwXSu zj5e11L(8+ie~B`rz6^V~V)_#-iK?c1Ram>K(r#E4@I8h^yTkK{7XX?ju=jsF`f0ff(* z0VAj7ppjcD+A;7>C4o?MO+n8LNtx$ah(w)<7xu>^8%>cS`^{aiVN4muzD|EIr;=I5 zc$DdH@mlx^V$9V$BU0089_n>Ps9y`yIL>GJt8cH%ehSGx$A7+vJz*breqFQqA!>3B zB15SDv#jv+$KyHmwVOwTZ(b{N@@yLz1z=?O7NzX)#V7y1`Cb33%!s$~+E&D;9N=2a zr)+BU3_TY7>vVk^UC>Cb(FXl~^H>rfD3_1p%(pM2q=}CXBfy zMUQa%gG)n?OaXiIn;T(CjI(siWG~Q~>O;!JaKXZnSV}|_ zN#bQzEsgBNGPaF5Z$r*#VinU|!SP2_+1^R&--W6owcsz~7R=IY z@)wDy6bx{aY4xq^3Z7@CjtPaJ^yCA`B^pSqVv+@5wPy2a*GP!B7Ak9Tb3_xaj)=lw zQ4+0RS`rG!!m^HWh;?-oZff>~BJ2o-W48l(WIXD!uUb;wCKZotFh2+X^mEt~aGi$YL$^02+vhT3Cszr6?T&7BiFTF;o@8?+E)OZ!r9Rho zraN9`t^a^0DZSF8C)*2zGqisETAwX5fGug}0I+piCx{Psg@3C^=1omg7v^rN;anQW z>CB@4V+JGW3w92$61Kmv*sieHo=LWREmM@f{lOdDI?JuDF~+3l zh1elOezz~O2>N1Kda{jPT4K(-(^XZ0%g8T96id0@pE$J)K{KCN4hV&wny2_>+l8En z5f#nqj6QTuvHpv0O-JJ|_}jha`#X(rTy3IX+!dH8R6Q5LV=e;3-=Q;C3RXQ9ckbBw z@35ezq8~#?|(sO;f-3L=Z zo0|9iKG+WgI)&g*80}Vevp|)EV z>broi<=xW56Ya{)3aEP}5Kw1|4?08Km2=H8r6a|dTfx-PhSbxTBt~XFOO-bYY7ajN zB4M+XBRj87aXcdilSFfC-{ARR@cd@)aw(+qn_uCe!>Qhy-wa&rWU=NqZwStr-z?ea z7Ss97cW|-JXXDOqF30se#eTv0O{+{tF~7M>6D{UfnlNV7i}w7cej_@ivwz6>d%U(& zCmq;*n5x1Pk!L#6t_av20fzIpW;5Q+;!r+6V|XmXly#>ZaanpWt!Q}*F+ z^V(X!zHIneTZ%AB3t!{t*R==?*8ppwb)5JJdgxbtr zr{((XBJ#|O#*-AArrOLlGuh4JHM7&~>*6r|mz~uoyhh3WnQJlUu>xD)Xau;M3) znBqo+m%riS7y%jkcSk8N)NxbSoo=Kg%(u7UXH6sdpC(NdgxQ5wm8n%H=#GoFGu`nB zyZI|+E}e%VE?p}8DM%FaUYC$q#U$imROuUnQz{X?G zv5b?YnOS&$Ku$u^V~{x!*<9a~7mwhuLEE_zdDzaKl=zLC5l}7idkz`%vyjhVgq7o6 zJBP~!FUYXDylv<4#K^I@ylLm~xa4MVdDY3|G03tQyfGYuI!JBhNe!2WXFOJ(4R#){ zrd;HJ>JSd;XmWN$b(W_BoVzdbMd$Xraj`Ol=Efl2DWC-ZQOvlt?r;h|}{vmnC8 z>E?@I$prVJbi%F!$U-kizd2x;c)Y; zHnsbI89EQb2#Q8py*R+_#0?lI>j!3slg_q(OOy-wJ)osDrY0N?`f&`=wPrS3`oZtB z)cp&4;>B2W*7ku{Gu9G4=8ZDR%;L>!{04 zWk*tWBqagaGzfC1TGNaj=_*Z&_g|vv9f-d`)95Rq^ba%*j}N6!)-?SleXOP_dHN7d z)3MXsqlOGSGrgOpxr3P|Ge18sJG!)&!EXRL9X&%T8skfUd_RNgOisjADl!>@frVCCD&IC_NQ_pkn1} z%|KV8a@mM?e8};Gf=Wb}0l&O>@60mtz)sP!_4IL>X&Uog!D6O)*prz7*4_Utk|3qM zJ_Wxj!|e|~V}h29SP2JQe3p zvc0l=Prrf^^HZ+^VA%xJ3p?^`hgVUYaM@>Wqk|+6;jXzFCXs9fbCD18CM#dB8HqO` zBVVsM-_J*d^ zzL|(A)8mCt2&;HIAC5LF{;A{W(_&n~$x#2@v#r(5??H6O*ER|L?R=7Y&EBZP%ty{> zLJ%e&=jS?t&IR4kL_5udXv41;%ftOZ4pa4&p4fur`gAfw4x z6NP|;%hu*Hw8xWCLBxtgxOVx8w@(3NMv5V0Ok=Z9^3`|dV(!JK$Z=YS6tjn8>$%T-w#kokhsna?1jD`ya%x+ie z2%eC95OpH!jVJT@BZ0AuMH4YWByJ(M=-St^**snXOy)}d*m(Y6!%d*}9Q>Gx-kc<% zxe_trqimlvjG4o+E;h{JAD0FIVmr`uwpI<6Xjj2>5$fB`tXqn)MNab>H{-DotKc1x zI37-hM3n-sB09cydLr`1%tVsh6QZBV&&0D2GC#p=o3ZgQZ7OR8rvYxDi3%8^!HNiT zCh8O4=%Q)GBbMt{tls*3jn&3u+_Mug?iU#MNfb4y2a3bh3?2uUazkvE`6DA%CYvo(Ly1xp5aWqb)?3Yn59_=7Qa^I&gqE zp@gJ_%R|y~F-Iavdi~n0X!&E&wXbGJv*?^lsjCF08RbI8T8P+QR+nfe(Y$)DD5TFq zy-$>Lq?1@hN_?Hn&xabJhsA6o5Mlm)g=2(ikWV6n$}F9bVy364S2?Ea9L$9XbDeU@ zYK&~t(6?+o1D>qA>0xFMbUN!kf_N8=Y*RO`2mp93*a@6i5qcN ziwsjEsc`*DDU16}9oP}LFdSR#z=#`i6~)iVKuicZ|*Y!0vBTAN)mvRR7xf21m>+VuJ0%*`2@fjHx1FMFYT zO$8>6CS|WLBlg!hp^QH`6%?qwlI}H{%E6E&l%(X-*e@$t36ae1#D30sZUHDh{sa^4 z{JU#-#TdvhA*o4%0yQ0*3lcpm>Wpi*Jx>_((rd7r2{}lQubr8c{mMj)oUqp9xEz_> zIX%9PVUhRmj`qFKt7a0bNlLiGVHX#q=9gGr;<%h?)B%DOR~+ltYEd>3*qILQk}leIiCev>ba*GKQE6xC+ig!iJm1o;S&LHUV96_E`QDPNqb(^@YaJ#ylkL)bi9h>W< zq_KW$|8=<Dne z!6HLu#>rLew&;tjBZBD`#?@%|^n`P*THw)>dZ$1&Wd8P> zEGL8}+L;HOL*)EZkMk6-WTKtvj`Cf=`J(;dC6`B~6a3tFE!;62!0TV?jp zG!<%If{5vPunM#%GY)@9N>3Xe{jFiqU@nqBgl~?z75zceQqkqC=;!<5&v6Ky!<)Dt z6LOe156xJ!geIQJW+nt-ay?~Ew3^JcnmBcmtCI0P-8OL#xSPhmxu#6E_p!RnFy`03iJ1qSNj9ygxST^?NnAJ~ zXEAZE$9ceVKc+jHY2tpE$2GAqJn>!8yoi02rm0Y~6^ykd(t!DmrfvdKZPq)py6x_`n z*cEh@)4=MIs|0@;?piB8(a!R~lWY$3;zys)wVi1-bG=tEM}hMaqhI}On0oNna6wmLAw8iQ(O!F(6d&iv}v&^1Qr5-O>_oj-ogP`Xxg z3Khc$mSmj6O>4_y3v}R^{MgL+lhYa1?a^Zjo?GEyTbuo5Mvo}ot_GiLgvnIpPg-%7UgB>$$w;3w8*OHC{}dAp7`@ACL_a#m4Pi{ z;-zTDnwx3jUD!-aF@Z48culUen#{DC__yD4RZ{8GZ4>i#b7tmWT~j98`93-*T=2WU z;^MLMit@mdY@R?@QOB91kb-8Hc=%z9HyEMkBBhNP)b^AJS*x=bt;tyJbx(e+kEMXYG) zI5Alp$4TB^co%!T-pu+Mga&su*n*pG=+6ac(3+Jr_Wo=zCQ(3`H@(J3t;RFm@gW<( z3S8aBlaYCj+BlGrXUHrFp;ofo$1MNY-5J~-L1K6>T)9~U%co$!q+kuG41y71W_p56 zu>@mUy>K7ql|VDmr`ujw3GSwAo$GB___Dg>D#5RK*~R170Of%v*_`49l02VlJJafg zzdO#Yb-YK%?R@1dUU<;0z85kNIFoEPdc7*wD~YSZ=>|78Eoxrb4g>T?r%qvEL71I9g@!DJGOZ5uGS0cxf%;KiRg1@Yq&vwqoIG$hF+Ba} zsy(08VWc9y@E!Ks$Mydo4QC9edD$-uNoP_qe)zAgunik|+LU(sJR zEfvLC(S2|MXEB>T4g2g{WI+y3+1d4!*U)pO%0fJR!&dl$>nbaP9b*7b%D^!?(fBny z!8Z7UDjkCevx#Ym96gqzm{!MFcZ^GK^Xax@^n$yY-{Cp{#y3`n@s0SSabeqWrgoMG zo@BGpbH`SnYdh2G7&EU5+6Ywf)nt=w3}rMU|{*O`ZxS}Q#|9?VkC z;zTi=0J-kTJm5^SDfBqc^-AIlh@8cV{&1w*o-&KhwC_(T3f#XQY2V&_Wv}VoUXz6X(T!p2HFpqjIFR@zA zv|9S7%qy0T`gGgU`QUC&SmRn0Pq(o;j2Fa@de+6`014%RC)u=n;h@0h+Rn6EdS9>B zDIPu9K3+MCrEgo|Tbg;mnPgM$anAQjV$Ma*V(CZo-S$kh=uGQo${nD)mKKJa{vnnY zvER}(6>9E*h+mhbrJ}f1QLRSg@We<@$RSKTmWy=ya3ynzjwQX4 zg{P4HDUoiB!`uAH(QAO}+hylGy!?3p!w04TyeJBz+jy8{jiI|19U<;YgxTFQU!G+? zrqx~FfPCt%xjx-?*IsZpD;{*+5~CZd!{|o*IlV3(b61oHo@BF&7kF}fuI)^#yDs!< z4S95oZpvBQbz{PJSLOj{lFb8N_ZzVG9hp{l-QDBdZ_%0VDCFq28P{A~cNK;wzo>%_ znIEfZD%5-mMqih^N<}Zd;8*mdrlq2rSkW3BN`2mlHZxJ!s|RgR1f7V-?G1QO8kcyh z#A$d;0^rx;Z~g)1>xTxd1M%=0+$IIpta*=a^G&D*QH}`nPo^b`8B2{!cU(j@{sCNF zHMW3}d4hTkUI#ME-OTbd=5*38A4Ec)#`b1-6vFLc|Ahm&le}QhU-_;yp_fhIYvjy1 z5DQHp!tCWWq0edp)9U%}9O5>y$EVw#UkUE!<_BC4$BL2FVZ})Ng@1SP*pftf;7PXn zTc^*pooV&_YOmHdkB$|iau(0u)ZlwQ^MEtSW(|9_n55M!iHESrSpxN59_JQ|&UD9> zG}$Ky`z8~HGoBNN6tPdxG!<&HXxn*oqajQBFTY|W!_>2WMbBwkDq0DN)1BLy%MI)K zf5hI-c0E5mDZulic-j-5zY?lhGeEc552}IN5Mf?tTGZTZsgdc9Mym18;Ocrl8JTCO z*FevgEPrB_7e_jt-;P8&*r})BSxrdSK6W2JNJoT;c+xdl(lM=0J&t)r`Z}L( zJ9RF&n@8?*oj2K@$Lf-+1b-cFNNd|L&qR6PNj4{XU1_P$wVi2o>R(TEYpwL?$@T#} zjR_9o)caoRJ2mqFPqKNF9aiL>>y^Yjlbpq=BOd26i_Ub%U9`po&|PZ?!|JES*F@~O znx;a{p-{}%<otSPk3}avt#?DC5D2?Lz2-AITw)dB__~pD8v!Fj zA0?~jOqcgZ@g^2&GUjM0Brr$Q0TR!e0!+wX-bzW%V5PVu1gu=Cm^H!SP@ZH?_iAb) z$sBmI3tqv1gzzI>F1j$0Zo!2vq8~hbRbJTU zIT~+lHL!@@*lNKl~^T|@?P_B zA1*s)qjq(P-Gp7O>9`OH6UOFB`ZYoMrdxA>Wx9t!bWOLEmBrh0@w4V~nyw!?Q6mxN z0jNloKOUfKI;J}emA{;M#W*=W9m@aDBo`m@@p9=NoSD^}hLXxJsrSO?(Hi)l{N$K6 zL-~}_oWd-H$RaTbb4Vv9g;@&Q%<$iEN52VgK>L9L&hI7ZyKt*xQ1@o{l?#}x%1rqg zyZ3Sybo+Pi2#RC%?_uuqmeIcM1zUYn4>|%F9!n)SS4$H~$*1>uOISqi^Ug)ey3hMp zJX}2VKJU&D2v3AjuJjcU8BOgszqm)L?If#2On&0As6e3JD^x}nLCMv8#xUIWYsC*) z!RJ;YX+FdXw_9$~3fAE@HOB1W>#n2*5`0%*vVi6F3UM6^mfY=lgcga%j+P9l{WDNt z#e`t+goECxrPRAqE*wT7XX2JA%+H4~^kQ)Qt?BU{FmoVtTsp?~UN2JSL+p<6Io%Th zh*cY7Oj;L_G5X>4C+v!j=PU&sw-oW$ZRGbJgG-zuZEnIqAhzsZl?#}9w%@xb}0SBVOj|Nc`Z!b(uSw&#G4U8LdH@S8+8*y#&j=U)QJ;X@dERKXwvaG>-n!1$`u!bqBpSl zh`=JqNSVFFn8p-H@@dRyCPrcgvs*FaMm(!5YI_*?`gZ=cp8;qPg~&+LKo<6s{OFKX z7|$SrlH{>;c?y8`NyNy@zy3e>X}x1U1{@^-V-|<9c*giA`%41eQG=Jy^09{`8K7g6 zgLw+a<$MeIHfv@@P07m!taz*MyXn;TL13Pw?}h1#e1Q9In24dOe)A}X0C;@ibLwk} z+RjAbb6Jl?%Re;cDaX2aP!y8EV0eV1O-lU%tz@Z(r4(j2iNc4`qm%!jy}*_a(%g+a zd^+|)$SS8wWLhPere$(E-pTZU zlj#A;bbfe6j>T!5lj+Y+raw!j{7g>$PzeRU-^p~pWI8UqqQesWZ%(HBoJ{vgrqb~8 zpIe!J=VWSiGPNSpggRu9fU?NS`C}*NpPZb35_agR*uSH)Iy*{vpP&ZWBu9FdgLgu- zyxYqB?on9m3b%yJU8=kiKznNchEv@ig&FxbM*hg5etJfBSe!ipuUrnn@8CFDTkyZ$ z!eSwF3@X$~fxOg+Q}dHn;IRvRU*@unGT*hvdwC>Frt$+|=sci327-zIpFENhwkrvD z%8$JR!;bS9(FXT1q78gDKZ&~IawS8vuakyxe0x~5?6*vIFt@TSJ!AwFvhQ6QSE zX~OI3`q_gP>?1Wv`to&b!;s?bb1};|vn>uS7)u3t1WV&!h#8KO(lJ)9x6*%u)^x{a zgGPm8ZGhC&NMATv4=`H3im=FkC0K_$a@uG~^qm_{8$>@(=x~**!Z%>~mr?cvEnB}f z)sU0kl|&t>3mf8*<>@!FoMvn763kd_dLjQHH>HmvZ6eshM>?PB^URktsfsi0m8a5#-w+ZrbKF^_NAEl^Zvd` zs8C_@D;JsW8Ppb6xF@jhhO^z*DELjY372xL=%!OWd%4EhFf3>u+M}-+#hiz1S+MdZ@MV@Zg(sjTp*LaFh<#P zd{5SNnx}Bu;$l+3w3v1m!wIxs)@|)8kNB;9M$&Ne$28GtI*~}jSla&kUG&{V(-*8! zf&Gu8Yi)zMrxE>f@cWGOWil>97~goYvbHI zbS85&Lx()4i7go&O^rDbNKspx_q--IA$rkd%#znZEJCtnvA(``{e|J>qbTZ1hv0~( z*<;{Ezs38ZN8t5L{AU(@%L%Yg3oV0HOjvPlo2XrHYU-WIuFoakaQ`t5+w?eK^!eo=ez?e|h5^3> z*qx{PwB-l8O!-}2=xeysxm5aobh$LBaM-7? zr`4MkzJ3xQl?!ua(M z9==|tBT}ef1T)`TG};dbKO{mdI1^cj`c-!xR)7*f1Vi3T>x=#OP9=&SC@^ zMxiH)oLDv{@cd?Zaj&_(4%0K?Ia-_0-xWFx9N}7py)yfs3QFerYVm*M#1 z)AszmmAr@Z_g~2(T?UhWdF&qQ_dND0lrletfI~aN9x(hD>j>XN`LClRWbD`J_m-^w zEu9q6GFc4$Z!mo4EUoG_g+nkD*BcE#(uu*V*Xozp4;a!fo$dABIWqXA<_zhYm?zlr zaC`Ec>r6a7c?ukP!Vi9Z;w%SGXMbXQ^1O(LqB8V@tC*^vm4meNIRU*_l{1`f{OO!K zp2>X98PD|f7g&mW_Bs}BIIKMJ!Rq6aKE7D93G`+ieVJ6yLo;_5HjEheD+ z*U>Fp{eFIXg8M(8Ow!3@Q2+n&a1Gr8@xNgINBOU#p@aH=9_;7Mq3~*v1V3+AXeK`s z@IEW9${H}Sl}Qyx&UbNwml`xJ*vejzY|oWhA!Y`T30$~QAIUP8W8+hdKlewjPPRne z#c&`q2uu^OWRrDV&Q;sCeH1>wb5nTNScoGB_5skn{0w{kWZO2Eh@D$m7zRxzE=F0i z1spTAcsf}QnrR&ioJzzYbW=E2YTpD&5c^Ueg?A0fF`-K!5>jMN9ha@Asu6wMUNP8PLeO3L+>*-ANtCyGd=6vPyXz$gA=q z(XU({?cFJ}@E5UfOJ_U$8Y;>)=IPX(ZV) zEXiy7&E=dY3Zcyb_3jY~4YpwSsdiKj6-hLiEcRTc5w?iMh9r|wD zq3^yO`nc`T_t*}7&*ACb_bJ65*bUN;9GFEo2jhv6Y@?f9FZF#Q7k0Jxd-CDE`1k?M z2@h9CCL5%C&D?CqOJQsCBL#3&!7Zm=^C@|(h6LH)!1{wQMvJ^X`1B`-|Q ze(TroRj9EbF^1byh5d~)vh^E>3XBq9lma^lumgc;Vg}*{K3*+Fa)pqqz^(%9s=!zQ z#wxIz0J|x$y8yc@FiwDR3hW`k9t!L!0KU@gM{u{jxuP_UhyC5$dy}4T7RX62LP>W4 z7j5)$s@@y%-13&bv`Jx3;_F!6NENl2Ur#9v-^Vm*Xb`_e01MOs`49i zD=uib0mYaZsMy=nJcNzl0ndT7WxTs9vK4FGnysb^$8IFZRod?Y;58o2+S9;hAnO)p z-D0A4)*q25{=iYR(_{SEA|OexK*h=5*f3_P=LZWKKJ94DM%)7-Pxf_*1mJVCP}&1G@V? z(_-wa->y9+oA0xQd3 z3Os+|p_zPlR{CA1Gw%0DNR!=o%w#TEMhE8cEPzG=xDx{ZK`wkY26qW&#PNNXpNk(A z*dh<=kL+-P?V;`QN@T>cEcra~atfX4kFI|+mY#KlYZsfN=KlivaqPiwK$I754tHdW z0S5WMUEi~Rk>+JYFSmapeiStHQ>6`&tcQl6iM?M&=FErTi4|WG|^zYcOF*Ibj*YU!o7i0~| z;LK-Leptf1jJ-h#UN?72W~a@A_Tw_zYnHIg=jg|)f7I~xlMY?Si!l@S!XK|mu$$ZN z>iL^D{z(~jg=rYidA|-UcHP$NiVi0lru>($&(lwbtSC=GPgBJV)*qa+KiZMElXJu1 zB4nprn6y@!y#3`v9T{E1DW6ZL78^@vfNLUuGi$-M$7uIxgLD39_ouEqg0Fez zbWB9rJd8Z<&^sg}=FZrdu75Juyy<0=k;|Q78!ngRWSG@BSEY#bn-Im@8O`s01j(6& zVx5;KfH9RALWXOIv zjK*M&-n}z^HJR0oZez@Ugt;v1?D0zc!`COiKX!l$9c}A(Y=hMbtU4M^Dlq3@6Gp;E zcLDEZ;nZ_8zgaqDx#;H4wO}5NnwWW7zOuV59X{V94ylto(U#7S9nbF?i zb$HS*7*(N!EB8aK^^BB*tKoY&NyNgXUKS0hjUlHZz z86S?}AqCtE*nk!4;N1H&w|-xYp9PXHQe#<+O$W%+>UJYnz!q_=i>^dVMaUL;={G+5 z!>_zybdvi#ck-RD-vJNl!imV8@&QM7NFRYW4ObEIBmBWfs(SDfO4s9$2%RJI%t@pr z@U_l%EG3vg4J%DA0jYeYR^Fo*WSH@2KVy^O0z@-5xf!t+L)YmAqaMBSW9e;ATy6yNF`D7FtVujnt!62U$ z%a!JP#eNuAY&MJChhmOm;S;Jl=Q<-aHh@;t8S-~D*kJgEegJjoO%0g)Lm_R^k(@|G zOU(VCSu#W&(S=W}lI~UMv5GAv+%IrDY0<qtpQf*!X0*vLV1&)*+%2`qYwg< zQ-yqDz#cFy{^&Lw$YgCUUC@{hvLT*0n6bNH%HXvG4go?%OTa&sC@6DPE}ffG;~$7% z_@dd=X(i$MV^o7EK}+-+d@Y;G2OQ}$cugIFURVMRqa{*eg+rZ81{bc~+&yLsu_9QH z2*&eBvNE?L7w;c^j10Wm_ze)mBg{zL+3@aR7BF_zf#$ZqjB%d#2UG=pP83R+jU(Nf zQnm{E%(ET=@=^tOeBnfuk(TK-V+n|iy;3q4y+ZDSK4F&NKr&JL1iaxQ$my-6XFwkE zQ3bV`epVqc!r`L|v_V0gsvwNk>)>c`)zPRbQM=I`;k5b>!U#9FXcOr|v3#JI<$7uk zJR2epno6*2EX3mp{|5YnJ=FJ<=e(2*u{BHJM*YNCl^`t2K37k|+1A9BN&W60z!<}U0Wh?fc#I6TB7 z5$0RsP#RIt;(tNj!THJ_P@(z`;E`}%pwYe1A8r{qNo?+A(VZr0+&HpV1## zC{eQ#b1_~jZpCC1U#G8aHGlOqzcQK_Bg42KKj^EjCd{YU23H$FZ-sC-&I?-*Fk29* zQ{w*mpi6|-C_$6yeg7+sYbVI3JFZ1_G$4m_l6L^val2*f>1&zsK;~;)s1)R9hGTDj zmtqF`cRd9H1} z1+=^9isnKt19gwbZwkM8+b!=c*rNH!KhY^a1?Bwtqc1PxJ_~n1l8(a9 z5MKP6Jq_vlNbAOfPj37hX8!;;kIuMv=njIe|10Kz9<^*sQthkfr~!~1S!PJ#OQ5BbJ>LtB40cj*jR{?C&4GX5L6Ic7UwtQ zNTE-#@^bq2puXqzA6LKJ5BU^lBHZ<=Pkp9~nqmCcx!;cdj(*KOW$Y0qQ5IW3{^-q- zLV7+^TSk|0?N=o6OxJI%X7n2<8t?Adn@<3}!M8zW!9hMDlFr3 z*}eF-7P*_36BrBmm@d@U+7-$YWEYT7VUax2(`#Nlhl}SrWOC0M%^I5Zlas z9-$49vxJ4r37Gjw>3F2c;ef#rI}~>++ZJdVgyNNWV!)U`0V&_`hAvbFUDHf+WH3*% z3SAD?nOA+@4Z^d?=UE4y4dB^lE+9`)KN8v!*00?P3gE}iuM-N?uxx!Dl6FiVydPxV z#Y9CrjvY_YFD)OJ{dB^d-(%2DV#dKWFGL4IJCs>RgzR4VJuo1?i2oPkjsZ4^cmU;2 zIPkq?j{9O~o|2T}Z7e=BTfTw}`SjeR7nbjVNd4y21)^5WZzLhBuEP| z0jHXjIYXsvGfSl;9#$<@a?1S7A)$g^Gl>ySrcIb{c4e8gPeh|&iir{eg{$T`)kmbv zRRG*Uf)Asa@N!&#pcpKT?-5I8^b`NVF|15vzSo!T!4S%vd>RAhddghL+`2FC+rt^p zt??w+vk&d@BDu&A>*^Q%-I{+<40#%2NDtTez&%@u-OjvhQcvc5&yBAf4-ym*>*nsr zMzj)JMH@$k>p3DZoMX>A+MV4)0+u6aByKRI|Dn<$uDbDE@5jUDaBa@PG_K;~Zdk)7 zi~G#E^F%AY@Bgk*;u}U(r+;bt)Gtv6IyhNGK={Sw8gmK(X>4HrN7)k?{+Yka>lTt9 z`hc!|{oC@YtSK2nN>Pp1w}8oYl!8vo&bQGlv@@7aO2sOBqo=RWY3~4J z7?Azx!TK01|4{h3@d zQwO-M44JdBv&RVHJfDlaT_#U7g918h@c9jG-|+o`^LMvDBzBF)bEAnfFr6;S!4)F3 zh^uAvntyPThM1+xIX2ce*=>syVzBVCH;E`l^;M&nRE3!hz#WwOfxK|cc?7Z_X9k#xN1E+*P&3vz%~%T5$%2oIk}U3lH7Iu+ z1I_^EDYT%;yp75!Jz-bS;$3+9*#Iir_L&+&-}HNCvUh5 zH#3A2t_+6e?h%f@F@Gl!Ms>ILRY00yIT)l<5|3fEE=(1AnvR1rs!#N#* z^Fy3OajRKJ##1A$`Zz33#`>MYDo;M-QFYeWwxK)^%2Bp0+)?}#?7q_7LjAqWgPcPd z`m^rX-gyz!hA$V11+cwP+-A;@mT-&vyVWuCJU8X&Hl-RHMk~-6v~n-a5UdqG80`pO z+bdV^K4k&z$P%0TLcWV<`WWI~{LVJB!C*!sK9eE@rAV~wa z`0;?@W6qH`3)Zn9_SCd*3_Jcs`N*5UE9Z|N&UotFFTfQGGmgG7D0KVzo$&_y#pCVC znzi4Q=SOB|J>c#mabv5@9bUZoaK1cDh~cnCx5#J=43Jpx$|c4<#CvrC28aK^9OEq@ zhFkBtqXPAtz}|11qXRC=%06(!*fM91M~E*0^8qLvyaM*0>o*qI_rGLFfotHvp#38Z z<2*T-4eO`_^?Lp)H^dmB8T-2xoy3fN*!g=EI|fvO_>e^ zLt6o!J{|vp8atXMEkhOXoDc8db^Od5U*3GzmcMqOu@KkTMu$5-+*UNj^C{o{gZyPl z-cE3tYqrRmj*A6vwD;n70ki@AGt}`H1Hwn=SuTDQ>0j%b2 z(@bFoZFo5T66oKu-{iXYkp9l~fCyEPtCn!}@AH$fwPw5f$w!g4_j{Rkh zm4Ydaxtf}Xe6lxBe_lw$(Dj59Z{S&4A7G?y{$Bm8$8@VZpu(a2Uq5phaH5eXC2&u<>40`6uGb^gb&Q!BLohsc$=CC!gu>&>cpK? zx9_7^O~2Yp@_Rc5zr=@5hUq_E`^*J0zPTNFi2h~$F6$xb>6vtQy>ctX8ivmK)$d7z zO@8X-@x}4?dwhR&_j{c9Ze+&km~c4%|D5>h+1K?q%JY|MH>~*f9>yOSpRMwP<&*vq zUHjG!dTP1lKknq&>mvs~!#?892Rwa?KK1OV+ib%JCRA^k+ZUN#PLs`E$hky*zUFKj03I^}{a7v{S5jpN8fEdpZyi!9+zSTeTz442E z{4QaU!;p#j8h;UhF+@su1v80fvX6&xYS^)yOUzm1BDv7phs~w?Cf@91*!ikE{{A2K z-UU9+s@fY)Xn}B%2^U`~phOU9ElRj3m5Kym=v0Xmv4S8{tbhVaIaon3l8_9|bQp+7 zs#V|^1vCms6bj+eG68Jj0cE%dIa+0ade{R!FlvP$9QytLYwf+C{mdl^i0}J;-*@=^ zXy)0^zO1$Oy6v^s-p`&2bSzxx=v_H~*0u%sss3SKv`1SW6ZkrQfBH$}kq|{m4-&F| zpUD)?rpQb?{T=BuT{F;rBEEUFtB;4j@Ig!!yev3K596eoHRc{;?~e(;!r#vzunj1) z$&I~Ru0@(N%-(64d7GU!G7op8<6kDUjm&EXE%=wayy$ae2C_d`X5O(s#(gXdJ%Oq>2>(mj$}T}Dtn6sRhVvV$fWN>g>ExF(Q_u? zka4oMY@0+6PWQ#jc1rXtab>0Z@e2u1L=Oy$Ns`OIWy`mR=iRX49>P2G;+HTN_V;_9 zYr>~Ms~Qfn56S-ARvWUwyqA?v4Jvn^KLh8m=;Ps*V;%QvGt6mt7RW7`LWl-@#}*%yY?R7s5k$0z1wzpz zux{aPaT|gzPCN+dH1)2)^zv5?-)n^L(mbFDI{Pf(i2zAcQ10d|n#~Ppi;w}2r)~u( z0A2wfH5Z5-eu{E%ai@nKi)t*Ij@cj3H+2s;W|~Sk%qVoJLUA8dQl&aJ(nuPfHqtg7 zKt(h=gD`4(?s!RKVac)6vZ?8(q3hE!sp%jW)HeRFQooUZ*cK@Z+$QGdD=mk`qp?2z zei^F}fT_6f_;t1c89m5P>gqt&5+{2vMG9A#Z4@{vr>_CH+58&bGq(`|$)ICKAI8i+ z?6~~_gn1$;&Ic6sbZ4?)G2O%w2sl|+E=mK(7L0@xWeFMPZy^7|>qnXh{X)i*a7um9 zhf&(nB1U1dX_4TOHr2v%7LykQ^n66#TG8VwL`^2y-Z)5lu0uag*^W^Y=ymCLFid9- zMaCCIoc9fxX~TTU$Z|g(tsYs;-)pX>x_#ts_r5Q9&)+)UlIf>NdZeW!z(Z~X|nuzyH0VF=xO7@d`;78<6bbyV!mU%lm!*7Y(=5K*av)nLB zL8v^77w7ct^ieb%WJ$MN6pv{UqIPLrz6ls@dnuKQ<_pj__ISQ@5Kb{haV=%0-xsuN zvDf6Oc1FBO>*~gef`Zu-(kcqvP#0WEvt(K6DA1U=OjV)106*O;Xn?bNtZ`t0Y5tSb z+n904C5^SLM$?_XzSa3GFpI`XwbkcTius zoJPp=n3$n75xu(w|CqO;JF6yuZcAxI$RhQc5|`d0Pq=dWuo>C;GjN^bJ4c0hSJ_%{ z`dS#ILp*V~*qB;*JN0|&r6-}`5`Fp92zUg5Cfdf$jZeqM8A+~3O<>LItk=&yY(^qC z)Axy>-{OVqvpaoLOfxPS&g|5ST9U=E-ezjpwY%7xt)wM{b_j#WEXhAusgL2DZYq0Z zOZMY4G7ol-G-kdrBenQf=&n+wMfzQHFz+Tb=J=GB>#)k&bP7Tnum&;vYR3K%7^IM{$?!8hU_c=x-6k5Hjv=;I3>iQG+=N9TRwz z4zbic0Ly~u8DgNEXB@b-qVjTWjXqF~reXm(5?=l9_nj2K0gTZ- zzGZ;lttgoYzqQ3W_-#of#$Z3})XPzz0KX1FC%|vR>?z`R07zO3zgONjDSo3EqkDX- z0KdmjG7*0N`9vN3$m3=lR~FU5?`lCOz;D~B;&&`aS_{8jYv9+lp$Ir|1#hMUw>B>| znT6}Ief)0~ix*kB9Bk<8&=nW;Wo)P1Fk{5!?>T;GKwgSN-f0MbM z194}Ql6x|66)d|t){BpI+1DWUSxjGHb2_k@hf*t3U(7dlHgu+jO-tsUOd;3PByWa? zOS=z`CmKgH$y=1Hhy5X#wv;F90+MyBnsV zSEVvLjiMVd6jzn5=fL>tw2U82;^zQ`{Le4KR)wR$00rfZ(fC&qen}c7Lj$4)^ zITlqj<>gO z?Cft_R9`3QlfR25sU1dBTmgW+W*hWjPJ7-@kR;!V$6Bt!Q)1>7(+cW`8y;%|c14!#8ueE5Qcg81|Q2tY*l1QAAm;~H9J zb1!0vb&SRr1R?=ZjsD~B5)f(h6~tmDwHtFu;Q=VHMQ`CTkOC`Sz*`hpoR8d_;Z47v z*&6y&O(CEK1yuYgXw(L?O91E?s5Ui!>I(Kr@}7x-BNlM~_c{x0insLn+xV z7z@Y-lu5RHcA-(ba4B~39oc{?1a|~2F%oJ9lk`>$Ut$_4dWZef4KaW|hr65O^yb<0 zQa|YC;h<0m9CVO_(sMRD2ZIixWnm=w0LmfL572AKeF(n+LILx^i_ss*9@uMkgwuof zBF_($uo(h*=J|jC$R!xGq){2+Qk7MA!CKL@zT4lQ&}R8dNp#%f0f|E9XSl$85j(q% zM3_yQrFM30+#(t8$lCg*OBCm+nit^QDuM0exqomxEXx=Q*{L$uA_7g3s%rPyA z?dLZqwr|8hmy|MASHuRICHVkaH5-HgDiO*5! znQ!*UY;q=G;J8+aM@9fXBp6f7&mME_zZDuG!qrgvfqiT4eo9woKrW~Os*hG9<=N16LG>K(WZFzDTsm1k^Jd5ujxYTiIuPLB>fox*v&#Z23;heb zTNK6X)N!)vf%1@N0RG?5F~HBA%~9~XVR@QA>mu=8Q~|+AC@_e6bEUUa4{&a7dnah0 z9O&*Ca6ygFqCPx>?)+=1#b8`67UguTxdByE_N1&pUY2SIlax(g@Q(W?1leTU2fByR z%b(3R@mgRlT?_w+aaT)Xf#I)s>%*^I_w@q+F+M|P)*hAi8sGZ`BYF8C`)ovD-A2o) zb^pXieD`t)D1wWk&wLyUn=UhQFKY1n7mQFb0@H1FN-Vny>dr-3veSQA*!HM~O+|?i z@9NrJF9Y2`(s7`x@R(iAM{GOGm03PI7~D zy_vBeH3al*pUp8|=LY}23@)4XB>c@R*fvL1OSf&lYTD@IQ(4;$t2! zH}s~pkE0y|voHvj0}K;MCvVedi9vCU68Zs4>HAeuytsh1$7bgH@6a4zdX^eOTM!PFUZ6xQ8z$l!* zU0er0l@6A;4z83A_=pbv_#PpNbnq}3Ix}oZavt6%(kD8Se1HR`&vJe2jmK<`k8T>Y zK8h8`cT4>*xcWQu5je6yaO_R9!E*Um$#W(Jgw)+enl5rpUj>Bv30ybS>3Ee$ODZ?( zzk&)}ytxL?$up1TOOYLpjh3hRuMYPrxIl(mM+&4r>01AqkARc~!EF56Rp)!?q@plJ zULVHrP&AK7M@MN#W9B|QW^;UWa371`iS+N3L`8Er{n|{rRT~t|j`B>nr3iVn!{gIX zq0RNUgEpAso}Uu0Q@@3q)o<+1x+gXK_i4DlhGMDXo#Dp2nbkA))3k^yU8B!4-T3zX z4ENlv-Rtw}7AamOwRIF(Z2xT6h~YWjav4=gOcm}T@1ty1#`cQDv(emOwlk^+(Ksf2PC4P-0 zHv&6yRuNmusqBHj%)jd#+~0d6v4uk?d)kqA?e^3CdDN9UL_fVp$!-IOO3wUBo8DV8x4;J6=gy!L_Yet66qE_s!bcnP;4Z+=vaO7iCT1=Abk z+F)t??3vN!6gu!1erD&S-FY$=qOT-~_qBx^zZsA5@zuW^j0*oCEpU=o1IU#itZ^Wu-$s%hVe=L0jsHS? z{65HFG}I1Y$Exw)%R)Gnb;jRLUc-aiJT`vUhJr8ynVrcSI5I4$F!22lkiiTX^GPZR z-s^$@(%MFhfmE3h${Id_2)nm=;4(F<^MF9kqkM1X!%bF~HQ9^%k`lKq*g_na%8N9~B0fTb7j>|WfZ zTcJo)QLk9wsBgfK2MT$Nfs3iS&9p=hj}!<+ar8h^Ft+1h_+NWCQf+wN{3pa68nOj1 z%zH2?5X=hBnGAhJER89nDCF%nzLiG%N=HE_e{A8*j1Z}3B_ z^a^bHsqetTEPKqqP@a^MDf?UK$v$Z%lyJ&ljykKjo5 z40G$B*nwPE1Bm1`uF`Hf&TCA^H6I!^&m!UgkjU%ieHer6MzB`MrCFU%HTE`p&WzYF z*M<6c%q07jKl|NYG1hG8Lk7Sr4DiK2GV;+cgzUGG%nk^eg<<$fgp08dOQ(QE;>7&1Mwkj))q;qADSiE&*CV7SVHHIp+2!>pJaziox8N{ypsA|M; ztTY$x6dLs$vuYld8#JuyCWZPw!>gYAoT+yPFmOI(iq06?mvwXd7qz8-lfl4||PQ{B%t;=>8urNbV1D)Z1bO_?U> z$Wx+G9yP0R6Neq8zzM|g9Hn3$wJ-cA@NXv@(-;8r&Qc7RH{a4{(hM^`YIY?3xmlA#L?pL#$UKY+y;!fjINaEq-W}C!e#7Ak z_NdvOglXC@Kev5@t#J9?c*lTodRrL==TbIs7<&9HnS0pu#J^$f#@?38zdj$u&)0U) z$r1v+?AeF{7NrKX14`Y`Hv%ir8n6zStrZcz1Kb1V4w|FvYKz#QIanY__M75 zTt}zbQPJc(VAW~vg$YY}w0q6re6NS|P`@{olM58htElFYKTVPEHAfQgw&{vluQ|v* zrZ*^Ny=E_#7%ZIILQN*)S~%!WZycP^`hEML`Wr3X+PtHggpZz5vWr^2Weu zc+^DMn^RdUlU^W`uJ^R%R`JO^7a}OWh1l_&hO17(TO#VRHW#r;iiNp#9I-BPYGYJM zr?UD9@-_vc4SkdlB1UVg6wGXVRCKs;TB?bkO;B+xgqVtQK1R{v3t%cmpVb~`qO)H4 zEIMONK@^N?55eK;eA`yhr!FS#(x^|C?!c~G$nVeLB(qRdPSN}s#=*0~fyxTT%tbZI z!K2_BW8Nz;c8q10KAK%H-F)NkgcarQN6)3}h;v2Koz3TIBRq26Pqu9eN`&O7Y#44t z7e(_4F>a!4ie__tC;&iXdig*cR5^~Bc_?rP@C~G} zx?2x+Z&;%CM}X^BE4sto!6w3h-SRL;z3i=HN57Tcve`muIR?V^oBu#=7r>QO8AP#Q zR-(WY_RAv9uusAUkbJJ)9zzWh`3iX&<_Q@Z|OqW}snf22|D~oAcB1YPn-$64+9A)Qk zQGEX3QeyiC+UZh}sB^%ESd?Fo$Q=yq@aq(x`8r@tc8R_xMjE)CW^Q)-#ydDKk35@s zXwS%Cq2&pQ+(FvMVTqh*TC`E)U&3-oyP!Rebpgv7Y7}f)D|P$9U%b5x{DtwF8_a*9 zOHLAKSv39nfVl;e?TH+a7?b@11%B29&E*`Q+7NDp>bNTiHl4s{8HzqC@A!B|)aw7$d-H>1AuzT^p*?h2f;SiQlv)c<^ zg_N+Gqogge_t_xcjTwkoShX&YMhxhDR5kAwfYk@bDCR|d<~tsa=dDG1qR1*_sb}`L zNMv$eVW({F3L=Zr5^ll^?B ziT*NANp!275evE>iyeHWp9rqeCN5{!>_j=Z0HLLkk%qZI*9rg5D+Cq7ofucTLX&$lS4Jq z;ZQfu@-%;XI$VZ^h-hTe`=C_Dywi8w>e^&i$=j^B_Sx-uOKlE%XM5BPY1VJ{#T2@d zQFD&(sm1l=EL053FFM+nc1OLgj$1_1FMlsVTS`K#)H(XWwo&h#qm}0Fy7Up3zL^{~ zlI&CBF#RGu10$eE%%A19tQH{_+}6yF5MXj4wSBy@i{_eRAw~Vqo4TIFuW3jpNKKEP zQqym5XxP4CwwiIm@Nd*0?vty~D`V!WEko@Y#WRslkXnrYho6}STFfw?yq(sCrkIOY zC}3n4p4$m26s{;DbOU+ z5IsUybi!gvZ76|R65QrzIXC?`{r_2ISn8^as#t%&B$fJ zJ@)qe5N?~l9m=KQyDz;g&J+l<7&)~^jABW!A(6u#3bOXcprD0jz{suQK@}-S2XOk6 z>q;U<{A3-@oGo5BHh20%iQG19j*rCS^;Y;P8;Y0*t82arv>D)XeqZRpxO|aToqt(B zi#;+sLOL@e=Icx~lVn~X=O+0$l1g_~3g$f+5)bsQD8*xjmx*|VB*84QdbhM;3(5NDMK%gG?Z6&O*)750v=|sBeUGNcQZ}!q?zB^GReO>$MWXly*W|L)>b| z2WY;&1KcouLB7=j!9VhM5yAzWn!<$d2`(gxBj!-~i_6o#3hn__PzwQ~JI=>O2>;{# zjYs8h_Wzk2Q6@9p)qke%ps)%N<*Y$yabwP0cXc1wt4=>7`U7F z)`r^j6@MA;Z)@8uUcu%=b!}K+{R{8Hr@0LTe+@1mlmobTW8$_votmB;9@qQ=Bu(Yy zFc*A~A=JHN1G+FL(FWOrX^odtNsp`<=04Q=93QyZ&TSzzTDnC97tVa(?a}@dSAr&q zeqtv*#!#9`KZ<|tux1ZdIR?N0N*r)#C3zMnH$v~?N3C4{;hU+F;k5~Fs)XgIp6A&D zik@VUy(WKS=Xa{Z(;aqSO%` zQ#995z?}h`i`!wk5xqcLC=njbpN%A=){6k$d!!V6$~u=IL}cq6Bpj`|v1W@-)Wjt*m{TsUhmYlls_Sfy@cTm^U-NrP zOa(uM=f4U6GcX_ue_wM9{`hAQeSV`IAI5G5j9v7xM37)Y{?z?Cle)cf7+?ZkfJsH1 z+;M2xG<*{*!fE>Ppai6i*-nvZnczN1;i!H;6j_9hH5`>XcP=?AK&b3f`x6ZYutyQr>z@1*t1>S)*u#vOl*{>6vkrLR!D z`+tmtK?J92K0;dKE5$f?*~Az~YI@~;G9mmoLxd0XUt)%aK?-J^9KuTSYjAGoPx%;Q=nk$I4=2-qlRI3-RIzMH^K*de+9;=Im zq&mE5-(NHJs;AH11aT_#k@y?h%`r!u&L#|@0ChTCqT{VU64LWd@+sS1FCkB<%@pbFS3r{kCX4lz0zSa& z$}fS1A`Sb^zucie00bZs@3hanoqiQpwAhTLM~$5s^t{rnxYJhVzCa3F%xWFEar1XR z?ZRHI9Q)jjBHwJmH{CXxH)OVbITYy{_?>tUM{;cF=+{z#U(x#`zrR~X1_t7fbPFU@ z^8ZT4r1=N49Enafzl3kj58gb$;VS);a6a$0$j-k^_#Z zS=}kMg&LiJGH#FU+QZDd+JbJ{|LZlna1d&Zx56{oV7`FJ5^**sFRO`<_kRwk?0+)&CLh1zy2^_2(Y~UBwQn9icqpOwD-U%uGC0<%`P@u$DXu;>SYF3|2Z_bwd}!_Aetj# z)qILCf%Vvyi!h<4AG=NplW2Dd>mc3}tg(!_0rnn5HsRYYL8(< z(WaLFgYiT~MDo&%`Fg$e;S9~w4 zf`!1a=QjglsLAu2_5M0aExgXXFq-gJ30{j$;-DVsxTvJXcB(xA=n5hOIAslzXM5O3CO2ji2<$-Q(iR1B)$@hy~_oz9~a>M4pb z{)VA?Ck@q|*bY)sXe;wOsTmD`WhRi}0AH*aIxo)*)#*JyVo4Ce0(@!_H(kZJR@Bu^ zcvtFI7UG5dImX_7u9U%p`3y#vY;A?fTg$9oWN5x2uOku-9;c-1d=00)|*yMeOw3v3cl5M zirCOFq@zg_w!fs9wvt;q@!RRk_@@bVWxytl$8chqV+syY-Gv{5Ico)yD8c_K2tJ z55F^vIR@s{@V?&ptk%z-ekMyOh7G=f81BDD_P^48%KE>;en$KUYm}!R^$t^Pe^l)? z>Z~0%kBp05!kk5wBmJ-AJN~o&jqo1=S9pnyv^{tQitJkJCib+g8AuYyq8=STg#DF` z^ha%(rnJlV>P-~hdYe$B2#VkXpBPCQSR)R~e}b>XubOf0zbOb{IsVk~$bWJBx4E@{ zKXgjpi~Q42yb=D<{M6D%mHOv&LQEcfo)?M8@*aZv5WN(I-+qVgeXicEa(#?^F~YOs zW>Eh?6$(i*%>8@P|gt=`t0XnPM&w=SUuk#NNCO3pKz|z=KOl zD41JN$n*I6*#dm6z-K6^l9YJrV2Zo-zmoQJnTOOUVWZz%%R-)SfwR+u;pL6KW}8)b ztwqZfi&687zXOXAP(T`vn*E7yH-!0;q%9KcGs%AQxF2!Ajo1%X8%SmMQ_+3QB5Z!` z#~Ev_&Lw{~gF z9t83h7atpM!1p9DKVV$O%#r8zIFelPfb{`9$MafJ!_RM-%E<)@Me#FntDHFim~cX# z5R8{6pYRjnWh7t1S!+-o_s`J(%;M*K7`MoNNqz=CuaK2w*0R|otiVX7+fbkn`tnx< znOM9b4)2x@UJOC|$%WI7z6_2rO^eUSfkwqr2MlJ;#(1^B)|fWeLxjFK5y(eXfgCB5 zV82i0Gqf*3R`G@*&?qN;A&Qyf2*M%Gxco9xG34k($ zFkYX|x8^26fyMf*v@f8Ku0g=&XtQ*x-?s#PJrK41Ew1-QiXuN{^RsW(iI**Mq6-o%nKS9FUecmdj`+1{jb5 zev3EwF+g?uX>^85$83tWhWr*`5+nKr>nBWmo%r1cpm5B8f06y_YGoLnC6`6VaanXN zURZUm@wK zhWphIvw$3Houin3YXN_t9i~1Dw9yV7p)gT;}VlWXf_Ab=Cx09vah}jbR0Z=M40P2EJ`kepaWr^~K0U)lE>^CnG{2YB? za{xDlJ2_-7ypppa?m*uBCd-GVU|LuRHAqI*w_2fSzNA!jegf`KMu9t}mVDeEQ9D2x zcGP@XtAj^nH0v)2LBXs12sd&kzKG`o@oo9XmnR?hJdeZ`AjT*P?#0pv7|Q2a8f|QY zt7Sei_#%_cA59tjz6^9$d_B_Y@sA(AE?{4;h$Vqt=oAdLbTI-vFNFNM*S5%()*Jvx zz^p1KOk)BYXph-*enC-mAq##iz6L%EL;g8f&=tOG_4!@R5&u|yxF_75diF{6z4GVm z<(MLzAz;@}D3Qq0A`|}HZGSc75oLTK}E%N+Iea0IyBwW#?7DIL>il)fTLVNJZ z{8i})3xHE1-_|#jw=pxHQ0d9i0$>?6$19kFD(TIJ>)TB7zV43uAPMv)v&s8-dA<)- z&rRZZ0KMOlBphof{&&h?z?yF^v2W08LupH`g@4h@t3Z;L$9n@Y`Wf;Wa6`Tn4mRRp z3{V!$*0KdEOb77G<^+M(JE^O*gj4Z~MEDBt^{O{GQz2GB6v z@dir(C5kKlw?-|3FOqHO4b+7j1sn0N%FPw>>+Ffhj+ZfMQ`7$o{Ld-HtNi@bp;y<2 zLE^(D5mTbL4#koO8Fn@Ecx+1=4E3UIS#2Pz_a zHvzBex6eG(fL=%SIlE$!Jm<7{Y3KY*9;ELxJ#+)~PE$D$!~Xqg-ad03JI{6iE;(wO z%C69}UBl*n-f6)eekkJ$csvl-XC9I^uz5TVoYB*^e~>acW{YCX`ofzGzkb2FWtLRe zeWVO{riQ*%doXt^)VB8E?q+FOX%9k{tBm)U6S>TW!RyAS&Gto-J2(lpq;kBrnEa?t z8a0Q0OKFK&7&8|uzO<-g&?7T2QR*O)*r#%JXw51QpLE~TV$MOC=kAXwL*vaHG}h}6 zFo|+e8dV&ZkTTt4_GBYBSLjqU$sc(&UK&O(rSD2t7_`g~mJEt+#g-S%S>d3c@PjgQ zxn~b;h|0*3d7AU+M;47cR@zN!ghQjUgk#1_j8c@;MF=av48Vh#$(Q)Qp#<%w{P#I* zjp{m}0t+BCj#+4{3#a)}~j&3p*sxxV_$8a%CSYib1SjW6Q=L|O=^@c{s3 zvtkCBuX`~WOk#nA`zzE7S*1*HTj8L&@S$*p5v^ZAWU%?vo-6$&Nw^^S=^jD(x~LU@ zwox?$6u2qkzVh&s-73s9nX8!(1ZEX3-%~1rM9ZXe|7mgW@z zWCB%{e%ppgM6LGGw{7iqghz9E`wI#jWx11# zVc}DHM>g8wYs`hh$lS}h2L`V!&nh5-A5l5}6o#UE*q!Tdfy|%l&#MEW;}Dpp40`5; za<4Ens+P5AUegDtSFlne1EX%Snq4@GsVY!JUslW)MEc0lNBn(J7>+cKpFBU9UHM+< z7V=AkKi4PhY$wfzxo{(|htA!=3<&PB6 z26M0wa{$Hbh7Ysx{>I4Cwn9d z?L%<{3&Fp(W;a<_-Zq2rmnXtag)ub&%X$8N%Lac3|RcnJ5alP%RvX~Af{RHU5l!M&u4rkw-uBe zaFuEhC282Qbh#Vj5Hu$u?{)>-`u?1YlkC_2K#N29l2rUpqAXNg=|EfQM)jZ#`$~Gl z5GJQDsH8pJg)U2LKoRi>sNC#FTNBfuI!RwX+F3+PVt{Ea5l4%#VR zL{4gF>0#2q^Di7cMAxHb)lO1Nd{J}&9>T7G`pj%WUlJ{5kc?T~XVH-uW807K@K~1k zkj{>GL4JFDnC}|H2h;D+v3S5v5iRj~u|l;Aa{jcc$@^6WJwG>(y#l|zG5 zAymQO77rO)P^g%H>SI-;Xhht3dn!y$Eq#9GIuNVMp8;Vx2#8tF-v9;Br}K|my}w4_ z7z2|$K)7Kl<(L?mprS!|o|97)YcJ~ZtwJ(1$@@jMF+!mV@8A0uq5mQbMqS&4t#9kB zU^LDe#)fmnK)_n$1gm~4TCqe}hCX5rF9QDSmJbywKxC#lpm6o zOQrp*e2&3uC(rutaGRpZbN;*Tr;lL{3!oeRitAA@yE6bFTNi7c|4+m3g+FTF63s{8 zZ$0snlEDTVDp;pBe@t!uJ-=YwvUwb-9HhN@{wsC%FBdrY;`^6C7p;2lw)>Z9<&3gf z%bSR0|I*r4L}e=WFRwY*?O%?XWmv3($3{WC0+@e>^m;M-fF_r+_B^!53=nom-W|zz zSSsKK4LED-49<5!s&Tgi^y^P?Kdo*$E^zr?Q`&F*ER?RvA%Qk!_ZyG-H~|=0^9}Ad z9*7spiaFhHJQi=Kw%<65{n-7+FAay$fN1_beSt3Ik!Xti0c{ZYHd-v8c9Hx=tm{V` z6o0|F`aX-jNe(Pvd+om7GTZ(MkqN|$D(lgMQzwKMyF9r4cwKPbAj@lRY@9t}ES{PTIz)r~Cv`kNd7+<{6* z^b3gE1O%-W8n-hDP3`2N7vX(^TW1pMz3~;-8yB@J>B}Gn_%t5hJWfhu@y#QoD2i`Rm*+Xk2Ce3; z_%a|s7&F^qElj_7%JIz$nNvXsBvj}8troGLijy%fNu4OZ`3#?5M|@N2%K#BQWBy}R z{(+7!F%H-SwJ}ApEmsmj5d%C+Oo!2wKjFG2TRKU6^Y=JNN85A&*-(+L;oo?DC+nN< zP}v0VSI)n}2Zf_PDBv{aUQtk-L+;SsW4iI|cE;h9Rm3Cf<9ng@gFbY>pDw8Dr==o4 zVygZ$^?O9yGG-sE8SHl2z5CGRll5LbdmwXY{muW2;=Nz^*gp{O-R2qchd9KD_cH%j zqn2Z4d%k(y@m`7NR>_y=FEg9=UwA9@k0XAd3@Tqu8t)y%^-`3PDBimrcIDAI_@sj0 zqVenb-~SWut%x80gYn***9-R`-pf@e7{Uc$@6Z=RP!z8>-phO)HHNbNNws!XDvZ|n z^>Z8aIaJ6L;=j1&cS|U}CbLHy;FNx&1z_EH|K$8c9hq$iRZGb4Q)-XK&OZ720xC>G zOh4DtSCl2@cU9I8%|Z6%h@SSKF37=27B-a!5xtBO}_`rK68w?y+1 z#4GM*`^cr9QoLfe=e3AGEWg#|?`nP|JY`uQApnGA0!^KLlk%4)wdeKnr)~nn`4yJU zD8*u9()=mcALn#e(kH{k2^N2n&&dMLx{x=B9|LdHmynuUk49Bv@;7f z?{%k(cl@g?6oY)PVQCYOcl=t);_;6Ekg}=9JI>sW{HXDcv-w-6WL|;va93Y@i_j zYadN4>H}B>ppX17u8l!NZVNofmttna_{Z-=?tK0i_usq}G5*2#b>kn~qDyPC5i?wa zr#CzPfzP)_4qvohkMnn{x2OMD{NqNXrBF@9;~(FV(pdbXM~b5O$Gb%T%n@!te%D)z zLbNe+mehM4@sIl%Pap&n#6RSG3KsRMP|Ic>2N}VNteyGxLhDBl5q{vDB9>W%v_` z$?Kb4c>+vmQIj90wBPCc6Ur9(3+&15<_YuBk4=Lz5u{Jv8)f7;%yU%07# zjjt1F2ODpGQ}g+L&v9fvHJ^{qb}_;@22`u*{op?k-^3&<{CR>YJ#)GkrgAoPS(?fuBE#OHLX;T5=Df zMQ3)DTQynmAwE{DiK^D$b@_Q{q5ijdxa6-JKWMF?@37vZJApNV`1Aii&lf!RVd2iA zIYTz-VFPTw;05{u-u{~rKicO5|495uED+ZAjLW;sZVe&D^lSBcIO6|$@krXhdhw$- z*k9nU`|(8|R>p@a`>%WsQzbqWdMCV&Uudc z=L@8N=4aqNe$#pwbCH5J#Knf37s8L|==x#s#C-fgqJtyJakOYCy-(V?r1GVs2yPY3 zX0k$)o(twwdUZTffhPC~0!Tm*K2zXJLKbC0u0mTsJqvbj7U4Y0xY!J>k3 z^Q0m_h9;02xL$0s4`&goZ~EVa>;88nxUzHL8q%E9M=kL9F_YHiVi4Ha} z=I$F9Lm3%U4-*O-5($VKi9gwW11Ci6*jlll?)_)1e-1~s?8NsCjDsfQ<~fpr7u*E$ z=4FxdT_fIX<+rYXqx#0mgZT2mPs8h&?PvD}KmAN1bxHPeAM;s5b^x={l zaA1PXzEU9ys^~K-Fn|I&H<`Q2>|+jxGfQHWB3HaNyN*63zm5w%b`{+dr-%2K1P<`^ z9JA4e%4DmX8e16J>*qz%pUem2Ej;rohn*z)!nE(S-L3$UlB4bdjIwE$XdFFd{GZ{j z1pb%iHnAEdWRkqQlmgEZyUe3z9xrf0F*ydj;fr+e;)|$Rsu@*^%zXx)_&(=D!QM%m zP|6--)HHG#nWs+VvMgy*D3G=`REm%iwIVvS$6xKkkW{@+sNkJ~}YiJo6;cc87n3Ee4h;(Q!>@><;Hi7Q#+>F(6FgEICk9edD@jV_yH92izo z(=x}?z#q>X(7v{RH7nnL4h(mU3Nzho>n~5uU^jB?kH5xol%kwSTXGPJapC9}laC_- zdq`Ht9k^$r=SKa>NwIUU2QKMw2D2#5<~jiYHW+%MqpPGesR2JKaQ`(N0 zX#lx&HzusKDmH6JM|8sIXs}#+QV=?9>lK2qn>AduRb$#PXI_GUFm=kCFm10q5KWuT zteZBOM5m{eSDz4MpuzuyR@KvX6Z_I>>#s3w{h)roOk2*)N^LCO<6e702ebA)83cqp zOd;1@Mzdx)08O`$rX%JZAb)U{=mPlQfhbm7ZW8+cv=>kv)a@c4%DL1g zxRUsIf=@j#7eAywOnlk=9GMyiMpRRgLiyL2!GSY1rN?A>#7=mSN2GOJElcEdhWTwV z!!WMQFm@O~%;Z(|*JfA#M%c!9xfS^^LNw3x#9{&nSgWnM52 z3>L!|*q`981O8&!RCV+GyYWH^>DRUgyo)Prjc>ws$JQ6&`c-4n;y(b#QJINlKO~>( zI#$+)x*0}JGUo3;k*u^abBsVEpJDPl3ND`564-b4ZKU6QrC&UZ5EGzMc^!=R5A1w^ zc2ij|Iec8~MD{PBOE56*(@~$84|)6jBfjA(IUilpXv|ZDNE?ls_g^j)u=PfxdS!PX z82c+2n&qQN9X4cUC{sV^65>OH^BeQ#ONu6(=vwFB)o-)@&j)n;vYDj-m(3FUgJ`6( zyr18gOSKlB;V)+HF}tyj(lL@h=bv(J?OFJW`6qpq9pS6ZR3PD@Rp(=A{)ctn>cvOA z|HpL@=1lfiNClcw_x&Vg{2*Thp$@wGbhPf@A`Zz_9`>K7HWYJL=cC+;?$^qeAJ z5l^!8aquaTK_J&(YXyH}KE!3fF4E5$tr+LzF&INx#}NG8b9b3sH;t}P{LWK7qh%T)>n%_$_Ap1>-aukf-4 z1|VoTUeYQf@KLpe;@?3NW|IBr zrC_dQc+1^pDd&^%4L7uc8+VVPy0rN4WJY^IZ&JlyUJ3Op^rdgv^M&F@>&3i^q5odn zBEG_gm^nTB8kngQy;kpkO-0^9{i3dPnPEAR`1wt`uAubeH}&E0Q`1t751|;$Y30Aw z(^L2lW>Hr@=!d$F>n{L@ACMZ&w?CZEA`Z3rJJbhWw{gh=SA%!B#__G-f5@yG_j-|5 zS_i-p-7!(Y4{d-SZ6GrmZyPn|az>>S%<9}^F>%ROiovLv^8tPi6Zt~lmoU04@qibW zlf$J(ezfmm=li3B@luPlL#^RrBMKO|;Y4G-E=6qZt0Lwu+V-w&V#&ayAw6$^%`$VLwITZ`uph1-}N^(?C~CkPR7l#EVA zYbv_{qk!3Px3D>xNj}uFRPMYKc#SJS0<CxRo{aSyncw!2lEH+W&c$UT(v%-kB@o~{g6Mw9kjvLzRG@ZWDn$f6=8kWb>|m$ z4-H%me`PBA%k_1U*GI$;^FVo4zW~%4H#glBtm3SUV)CbuKdbZaf-|K@RD*V*52K4zGgD&AXt zTGM|}+(0+rg?NE*7DZFU8(vii%@OtZN%XHVcZ*S{?ltl)Q;BQ@_aFU0RvtVLGtJ(A z#1boeF@6p4X{tIO;O#?0J@|Zk^9uD&75}z+{p9s4)e-cNek@c)8pkulj5O`{aB9|H zyd8w%;}wCI`S`Zp8vt7go&VG{)6^qaVa7dw$K+4vhlY(~g6_|7z9fnVK5GK&8uO?x zD*LGj_@~XouR5w=p4NSs0wFh#MGtvX@(&ejrlR?oe}zj|hy4TV1#2eovwMXv3Ik23 zn|6b%wL~Y{mD1s?Qe_ZouV1VA(a)EBZ>vI|g!wv@bMdESvOvSy>ysG0sS})kUBS^# z-;p0cXzCB=OW0^}{QFp65;sr1i^}g~{opU66`&^8nzuqLh)-AXeXNsqiU;W3_!0h; zZw3sMXRGAf+{sa@_<2bMKMa_|MK84v$Qo|G`-TWSn{wh}8=Ap85M~!T+miH(JvDQe zA~8VTG%s8v7~uhD9YL4IwdO9})8+e>=0SNM^NayUzd1@ftK68_WL=Sh&F~p$x zJjc@Y!KgW}?CEN@A^B0u0g9GtNk-AzD4G;YH>z6Z7q!~+ndDti5M$;Ma+oMsKK+tV zNIVat<;{^7$r31ne?bNOdAL{2kmR!TCH91&bNanK$0^Kt(@A$l7i?qZ-WLSsA#yis z#9(&TZ>+Q`fYmR}Zex89>rdFf+#ms13+8*@2xl}FUwEDCW8qN^O~uy>)Hk6mmxYd= zRffig28pe5nnbne9Xcw1-rnF9Lzl7~3G9{aKhXDW5xqG!&^-Kkp&#ZD`uPLVL*C5y z4^{ekJNJqZdneqO7yrw5HfrX7ebXkyu)r@^9s~;7#jt+D%A%QFJfUkt0bJJ$?oy?f zS-76tRZpXbGH&)=fQ7m__M2?Q3wzSMyvluePQFW*S)D?aJNi*>u52PGQeaNr3cqpV z$+f)k;gW=Z`fth_c1tNE6zd1Qj%4&X~LqhnRJ`{ zTxzll*P~`Xp3Ik}(rS5=TO~!ihV2lneua2s(krF0{e!X7y-@)|Kiy_iB7LM2#Z)%O zakGc*)Scgy!N1tw%DtCtn-$`$o!8u$%B~8#SgiVf%j_)=tXl6K5fCJmTC=IZ=ruPy_G1$)be4g|yg)XB{TjJ_gIwT|-0ZZK0wng_i z_Q!UWvYZg0dw3^14i?ojN(-v1Uv^Nu>~@f|A@$OenASue(nazBcT+0SHg4|OhZpcT zxTQZ-b!set0iF`SKmghiE_1?pG9l;Vw}pkFw`@*W%eznFX)G!VB~5tN;X z%l=j2)8>K|!W7-5#?<0p=_l`U`f7zBy!aDMskzf1N~BMeW-=j;0=y6?8}A`|V6RML z3qw7YS$wV3;`vRPolrq%B-JF}ByK8696iRVa}>7#Mz&354;*!k7c_%~k0&{*jkA(wzTz(xT2+7YQWYZV?I77JxHA0@aOnF(VLbzr?99jvo z+_;20WH?tWFdv`Y6jSt893fWsT_)3~;)&<4@R{w?++NFy6j0LtMW@TxJB#(=;wU#e z^}LJCR#12>Is%x^kEMKxoBi2bP$!de{0xNcbZkOYfY;u4-A5%yw?V&(xj&|(mcJlt zJ44lHHVLqZKfuNv%ind@$5!9-E-NmdsGKFgma>s;-;had>x8l1`lQ-EbnA` zfjycg6NsgZyLh>cHq-m-M9kZ>t_{uPQZa)xXRA{{)I20T$Zx<=HpA>%zZ!M%M`T!i z#}Degx03~#c`fGmgbwzCY6R{(u{A*v<76w*QK?A))sdd*i`rz;Z5;f*ULs5F!$+<* zyKjodG=Gwy4hY!ueko1Mc$xGZ8MdRmhVYp0V@D3KNFhUi{Lsa7XjxLX%{6L`H9A8Z zNg>IfTRLVg(J~>+->-;(6$A@r%NT+Ma~pJcX%96K(&j}5rW*60MnCojSAy8QgQ_2W zuQUfgAMY|%+Z#^%B%^G%6vt>SCki^U=mC(OjNt@M8_;ZI4=y_?liuKSX%h6va7@!$HO#@;zAfNnRkMN3idc4+xt1rhy z&3jNw2SHP_j`ei5^ zVRS76m43$B_WSGS<98Ydjr^TSk5iu!xak-GeaSPlOPa4a@U|>xg*^#@q$cp`t?o%F*L5ES zP;?pbF{hnd;orAG+wuaL8t@6b=lwG3aj>@8yJd^_TkHJEy@pec_ zL+ZP!mtIyzkWmm^Wg zH|AwmNpW_?627%E`3M%ae!O!S^yxQG0CX#lmMrIhyE=N!+UNy8LV#}_kVyssvaPP5 zkZEVDfC=s))9x56kC^rq-WjK;m_u2|9zo{-M{65Z3u{e*Rat%>%419Rm6_xf^5!JI zIRT^!;W95>ta!UA$sI4ef^UkyrHAy9Z;42dVPV<)T_!>&kI8cK(LwxmpArGPtu&`D z;SSglJ{}3K0~2a24Cg_mS1#><+Wcl0)03!4$nCEEw^F{j3@pA(o$61w- zf5ZK{k;(`TyzskTn*b;5IMBuEr@AbD@s|RBRr%W~TgJ8)v*#*~R{yP%pWC6Q+dG}& zO|KWV$B+L|TMJv6Bep_!VroTmKtFe%FB1nFHIwhM>;QivajLJSAtZ4X4HXa5OOSkOKlcBGbmn_9d||g8sitTyb zRl%YsGziwevFkh8dyf`)5CN>bYJE@E<^P2-Mqxv2M`M(X(#o*JqEWvDsApt0SMJlup4Oog^xvmVb4wrqru1l-@tD9rxk#t`fm77ic9oVB6^qsRuOZZ3u-x;>F zwt)XPs#M#fzD2pY90^gPJ0Z zmpge-f6SQ2r4I8t045>@BYYkqWvN+^>QV7Mrb_;wg8h>3wMQg~*{@!#A>Ks$l_Aef z#eOx1<4$P5KJ`cPJ1sH^RGi3ui5S&l_=}lWBUakluWyo9l*WPmVt$z|4OsnDfND#v z{d!s^r^0^yCMt|L{B~PtT4+H7_LiVg*4wXdvL4x+(cs$b{SLlah{q;TezpFUIZjL-rvfYsFK(VZW4*~(AytVn2l}G2 zS`w_3gZ+8+*U10e&)u1oML^tm@%MYze=qmdRKIVHt#=+5U?@m)!u+H*Of}&L9$5Bk ze$oT13Ub!WPuhJc2P)g9Oa5m39Z*tpPfNDr^XL!1kt}(YbdG=v%_+i|56CmN zUgsvq5Bwq$L7X2G=bwd}1EGKueX-A7FA-t{0dVEy?9;WZyTj_+62JJ0NM z6F}v|b#i??NAln5#B-cJ_VWj#@>?%H*QKbZ=`PV7CrQA=Y8r86rn8hzV%iQxffHR%}7x;X)%{AX`y9+1FcdMI^KLm}#|F#TS%*vLqkPiI- z{ro9?&>5P~hd@7XMTUs!=UVeyQ(wH7O(h>JY4-b7YSu$eKPa<7>iOL#t4DtDX{$%9 z^5{fkw_dD(U-sn2z*7YQ|F$m)#0Bol-6_9e(87GnBLxo4xBMu7TXgJt&heME?|=&N z6RidruC0Hdw*vkQ=3ig~W+3Z7nlE`MVG!S@X1?SS>{xP~C|~k7EV1MZ^oPTbvW^%U z(Fa~pe3bm`_@`F>Z8g77JRh1PfNT@YhvWw{cPN~X(+GsUQ{xN;2pbI(*o(>O8|ac~ z!Yuz+!#{=oCcHnq+4)y>=^5vb*H^z9-q+VYobTU5CsfXNX#c3Mc;EH0tS3?rmW%AM znJeY6?69tq?qkzV(4>VkCm|U4yM7iU>ihW&;9e#H)g{*4*cN$ znF;9ge|diBubKHM5)Fd#Gur2417id;fY|Um&$KfDsrl0xcIUMsKlBiM5H=*R(~q7% zWIci9zLjz3pZoVF%TX%izm`6C_IkEVvbEPL6UV?sSpZ+_81#xnmF)Z(%+rm|z;C>%E(v|o7d|Ey80Sq+Al$E#Pd5ZV@yibRR&jBkf>9E0hHN}tF zG9sC>9>MyqgEv-uT#+c~`CQR?V7axsfqRjUf|tAuz~}qRvX}lXfuHO?n_UQ#!UI;X zo8QW%>lE&@fgIrcC7})UEA?ftw#&9n2dBqBAQM|}1p3;XDShR4tJNQ&298{GA)t0e zUhZ)X#ntE-q0c63Uu{3yls-PtFbW1Oo14@olD9FLSd@O2 z#86%yH(e)MUZ!`W=lIIzhT~W`Vy@szrei^*&)473_DhR;=JnfBB0ShulU}Wnya^w& ztznD-b&V{$&kU97%8=xC|X4xpgDVZbj}bkI2$o`Ac_e5Rj$%;9jR z6+U6anZ#<%(>3*><1gU{Np`D@SJ?R%-x!8{j=5zu`W8c27SE#M{vcZ)_)d0y{La(S zQN{eLe*^ur6w@Yp3RVT=lKZzbCRH^1EAq5An7(_AB#t8b+`DibjmpdMr^5Jnf2Nv$ zT7?_&jZ2jbU2$ImBsZRjJgjDr!S49*ep z6l8{ng~fUn^gNI|S|G#a*Cy}A=sYigs9$=KoojQj1cngMk_cJ9*@Xcwy#S(9s%MhD z;Iw}8q(+c1hP^*MGi=_%GQM2TA5i%igkL}GH#;&8%k$Z}j+ICNPl=(YcJ|^VhGKC@1w>x63mMu^&Gx18u`Z~T(xX2HRZpBs<%~|1~ zpYVgqB`SN^QH3=QkBuys54^eGC;XSIKs>v+q&}d}&nYGMll7sPT)fT2W07%~fd&G9 zIEj~N3N+=?PqDLPac%Mma6w0rfl}m8lC>CEWlmX+_ld|{?Rt1Mg#9F1mrz5Wx8FD9RWNuG)N zx|P7=_V!8uo{=$&$shK@rGB#zPZ+%y8`qs^A_3XF+5M=vx;r8suLI*&`=g{tYIv4ZB19&Fmv$i=+m|O+`&LnH#SpN5goN3-^?Y(9_?MQpO_DkQ6PL9w~}c z`L*9;!#UCq?$=+%3>2#P8_0vA-WyfV#@uNSzt^`$&qrAI!M|^j8CQSTnBzo-X)Fm0 z_CNUSk%Vfi*slxhwcfAK`hkB^z5XDVfhgdtS6J7sm~4y}d~n?*K&zJGjQLN1*F5)0 z)*LZ^y#Rk@%xE>?_}jr3#(!+Qw>i{Kwtlph;i;GxK=W~#&rH+u_7~*NtV!=9aQGQ> zqHrE;1l94KT2ZSQfkAD8dwr%O> zu%5m5^{3c>G@q)Y-q8KplJy{KyGg&_7SWHwpK;%tf0t-%XGukYi4D8tXb_c-AXWos z@b?5CmcKyWQ-jv^H*51V><+yf@pqvM;P2j~hjGU+EFDF&JHeaK#nt(kg1`BBc0DD3 zQ}6eU{LSS`qXJrY0$Ml)*55pb$4PnPPT+4|J&rQEmtWDdrjfsSjnt0&n`g^0^tiuy zrPQ0)-<;gPSS6dS{a3)1w6AIIn8zLO(Z{+ z`sYIS6SMcV_A|7-%6iefG)U|qUQ@VAkH;M=?5laS%D%SMun*+eQ49lr2f=du0PC(b z5`PHq&%5IU*_C-C_vgLv37Mt;7u=t>DkT(vW?^JFxC`Qc?$68oNqyxy_7CgW|G7W! z&A&hIT@O))eSBX12k(!zio(h-k*h41cAy+bX$@Ylez^=mY4Ni}Pad%Y(9dGw$+~>tA>?58p zSD;B_=uSe2_C7CGg%YfpFZX?BQiu)YGOp`4b@Sya)*sItC2+&w;QlD}Ul2jcH(BKW z>GwzNEd0fgtonn2zfXQN2UWbU_D2JLQ2&^8`)B7vEILjsujWIDoUUO>E&oCF1LnK# z`eF!v2>+{<4-u!w8_7qSeEj(OsnzKyIddTTf#QT9lF!kj=S7#Sh;YyAyN~Mp4+@nS z8FKR-%pYhZ{2;L&jEQ;NQe=-}hP998yKWTOaFXX}?&Ztl3;t=YaX(p`$4_Mt=h?+$ z;3LnLo|K(l<*P&G0SM>;Y>i_Zks?6-y zq#wvqly4LAPxid}`4CPYF|?);L;SIc;?n>eI<@hx*nClQI(vs@WT>#6eIh@VC7$kM zMm7i;zt8FqK{TK;UtxPvh#4c$QfUxWyy}X4h1{>=D-1V&$PW|WXEj^rp)UO<-5;VZ zt%w(OZ&(oVo4v0IM|X8^?gTX~gGTUk_tCyf*SmS)|CdUF`49-5=UV4_F^5UU~YduXjHNPx+H>6_Wb%xx31;;AP>fT;1B@-4|*T%x3w?6 zTxs4WFJrfEnH4fu5*p|S3I+4Yzo7@cZwmJnDn584iPPpg;5WDG>;vP$3mJy-!C&4- zyOo=3EX?!fPKr`@&HHHkRmz6U;|J0=>O`+P|FjqM&2;TIZiA=F;qx&NEjZ)j_#MmS zjrhIQ)5rCpd+zAd#XpUZh+478IXVD?1J2f3@?hKaqGRgH_9qT(mr$mkk@!9tEAa5Bryd+*K_>;(y-73bF(Z?|Q?&0Ww#g6`V9VHx{&YlFj z97C2z8vYwC?2O>LABcTqe}nl5NKKjQ~UD|0CD2-h2z5mdNoqZz^j< zY!Mn;+DUCw`Zg9L-al`pJps+SIyUHl_GC^ui?1vWaYznuEq-{30E8$klGC)wJXVwR zHvPzr`#Rv4SxydI+`fT#>bOtfKvAMkk{oZbHWs+bB_s?%mBO0mI@XzABSH;>1!Xfg zxuK#Z$;<>xHg+hMOQ%S4;3~G+tv{M+FEUFvLO+jZmu@tIo_KNLY#ib3S7rTEXUUQV z4nytwI)4%$!qDn7AYbQhw4$lwBIgr)V1R*;cL7xPW_o~*AHR+Bq5d@E zduR$PA(t86hdzwioF&8Ap%+x4N)-LW3>Abty! zD6EX$VwYGmo$gTq*Bo{~i)-y3PORB>`&hT1L;rwu3=_CsIcZcL=O%Fr)?xN#Vh!rF z7ZPi>inV<=UOSc& z4R^e)tM+)@`UCU7w46bT7jvo@Il|UEQWNmK6_RHq?gZScbNizj5-T*PQH3{%FGlk% z`AFbsgxll-!b?>W+evZ&0~Z$by`)*FuATDQyR^;%D$PkvBaeYPK(vwf=mMZ-{nI3W zTLck{&7W9fmiy_90Fub@D!_(d1RT$=w+r7CUvyh-!WVTl5 zACgrX#N{}#BixOg+FmE#KRs`P~lN>$`ODO?@&#yE3Fno;6=nUW~jj1-2AqR;QC}pUc4dP5=or$3YeebBMRQK6X$0( z)>4sJ+DfWr$c~tZR{SYK9+@o2RN(b@(HbPnS(g?Xu4gOraa{bKR*`avrJK2#M4Vv# z8Lo$U33tzaO7(G7)J7F`TKs&6t0iF%uWZyk3rXkqlRlSpG_*Ww7pb;0@Dc^D_y4( z1T>N>g*=iPiS$UV&%b$ivavKK|rHG`GpUTLb44$yJ-yflU@S+h(toQH7 zX>V=32d8_0V7uk$=+r>y543vurbl#8IR5gA@%4Gq@gXT-MJEp}F?paAIUn$T5=MLr z@U@;P2L!7sN_o{0Q*^XH8$X&-|2Tg2y8BoE2=s%zO(cJ~IEy+4?pQpY=;f`5E--Pl zyX~WpH^>^TC^VzU+Ysb!2=Znf2h@baZ-WWoawttJmRYdo+~iOq7pp1DTdK`$J9;WL zs_#jOWKaE;<;nVFTYB2=iiP9=x`VjIy8D()bO&I>MI_y8QC}`3S!o8aqZk)8;cJT8Y2C7^@du7kt-!C><}&iModLN!NYg-(KW}W0-}#CRsJaFEDQNelYG-K#U?&x&UGLj%-~Wn!*D9>Gny_Ga3Wk>sPTKnIs- z((_oGe6YbRl#fu_ak;i!STLvHrK;y#vVdAh@qQ3W?tLuQrL-lIeijYh?Oo=OW2ZHg z#HUvz%swc<)p{f&)E=kJ=6WCSj%feBYr~@HkfhLL=F)jA(81ZpoqJ3)Hzu}+Sz29` z7Ym6Q>#S)&TeEQ&EcnuQ@s&31Ud;zMNc#fb)M9;g2u9w_S=p`$~_=;FYe#jRTveGdOik77ouVz#8{s*@NKIuXHw(!(ICA(VQ zFJ8qa5C?~m*}E<>Ji(wt&J`FExi+H5z-)Gv_NKT@2QHwy6lKx_93Z?+oCT%h;E%Rm#k($=Vb|awP;&Mw*$Ek!Grp&%9bjnt7d!H1kFoY33>!Y36E< z1VL2MTcx6Rql(_C5WSNidJFp@f`bsjJSZo_W^*D@_NwLVDv>0;H5ig;p+;&J6-Jx< zSv5!gtZ0=#?GQm&%AA!?sOnr2BABcYLC&A~;q?;#z(iX4dy?4XgLx)Y!DZGYS?MFJ8)(Bnoy^WD*a>HYFbN5?fPdMy!1c zAc%N{mnvlrjNq9r7{WB#A$Hv+>mn57RYyVwI!o{)nzcb+kFbA3}`1RYp2UGV~ zdX3xR034{QzIf8q&lkV;&sF$hap^x-;Y&rH4x6;`$x%ACxEme$Cn}s+-1N^?xL905 z9FNpkZR{EvLi%!LY%K@Ejb>HpXj&Ty%U*otv@##t)c8=cF9XjN|8-ZGHyln!*!EPe z3ZFq0E!lw*b}SxF4ODu~9E;4X>Y~_CtR_r=GNX2FF z0?+M%y8(8n&PF2#R?!+#*L2UUPqwIbOqFGmQHIGwg)2+Je1_W)4g z!yCzRDT97)pO@R0*n^`(x9avls&#us?0Y%9cO-5N4BIP-@d^wNE5G=kuul3a=3uL+ z;ywHmOD~G#C-e7na+~*F0*e9Z90qZ#Y%ji@#Ucma1l$Sdpxoyo0L=Ahprg92zcN#e zepMDf3~)p;mOh%raC)xq$T{^DX4#Ky`X^1czOVlCr-oaPLZHBbdw^XRQ z0aRUW?W~7pMI%BSe?SS*WPsZF(@CJ$gm{fwM|76KGpsQ1Cq7HcQ?!G3aI}%e*tC1) zC1D2Qb8!~%B>X=ayKHe9m=*ar4S&AI`J0a?`GeO6eO+!}oAh<1{#+)hvfK;Sk9CT# ztQ&z#ya7y#`4Zu@Q8RA3u_}NTXqRD)p z@Fl@4yA{ts$IH@6vZ6;;DSZW0H%FqZrYaz_02O5O z=t7*&jjKBkC6;-!6~7Q_*ls&0rcOMr;AD#@t&5k|A(V&JZA=f!24WyCP0^orR+E3u zN>7CL7gurzt^e67H2|IA6F?`5pG7Ni zr#SfPJmD*BP0(|`y(|s0ry339GS#`U#AufTc{F(+?yuWRWaix3Zsr zvc;YR)Z&pS;wQFv>6w6*#wv%tRDtG864Y3%{dA^@7Q**hq*WP^d#D!7-AE8>-^)(I z_IN)im`~8i78+Iniuy03) zi!-QyIE*8N)juzX-IQy8;7IWV60IayuqYYJW+X!Xvj&x~F6PNOl{%1hIeN=NVB$O>Rv!`sI+=wDExJ6Kj`dsif%&t%{92_gHk8FL1}6xIo?3um= zU}-JEV9uGF=1jv7`jVLX%lI*aVT{_5LT%K3v04e%<`Q<<1RhDW@(Nx< zWs+}RwVz#%2dZ?zNW6P2SVSCzV!QD~iXA zjgNOEp5YA#__d)PYqrvG5c>(tHEv$5p45KQ^TUfXxy3%+OSCO?=Yp3b)CNwgDL2TF$zfJYe)T!a&^R97JV92zoE3~15)$`Eqa3# zJ&8U2G1DRA5*sA#WRL_ZCRyj#*LcbKfoG_G1D1rs$_vD3UhWIC=Txop*s_gd5+5OvEP7WDlDXi73uBE!!GLNvyH+7H!&VKbHY)Uv_g z3tb3DNG`_`W%<-!4$bt~B?|EJk`0)%4Op8j$J%7tynW`guf8HEql2>ENv2wo@Nq## z3t6$K1HF~PE8@v}Ag3l@2pwC}N*t}k(Mpn6TBDUJ+e$uuSp|jAe%Dk_{342Q)4upz z2q2w&AkIBPDMo&P%oJXSaoqljiR2~Pg?u-%1ir5AH@7oXefi#T%s0%tVu$nuFq)Ox z-2l=Jt=S@G0Mc6}ohnX}z;{=l?|ScJcROq^h4$En*e2a(FG9dDk+hU#R4+xzgd$43#hKaG*|5(l9*d|GjZOXFfQt!Eh_m*QDOp@%d7BvF$H}?2+}9}# zj}UH{n-Cck7wa+PgW&H14P+_Rb^}XMHH#Me!A&dPy<#EdX)ItPDQgOPeF0lsE#_KNa-1-%Q6|Q*b+t z>#xg?SC!^M1WbNDi_-z85N_poLVn`dLc1(5^9BlOoIZOS7J-#}Z4_pJj~gF=X=^zU z4$foH*PccAvmmiIb}bnM@y8#DT}vAHiM;=gJooJ8D!21kW(F2vC!LLuL&7ndfU??DIjzI~;(UyJivs?VMue%;%cnO% zA|9-MY+~bMu5s%pDwtnmHO5x3Wdja}OQtv*uevQFjTU2>hGh!(pG0i@^%7Q^gF4#8mNbRZw4XFSTgQF_MF69^aa zt;jDq9(5}Qmdu6McZvFhmxxa|zhog{=a-zy0?3T>Rj;w* z@)fJB`mMI1dJNQ7TD1OB7)|)iF8qu6`9VROi9$YpDyw4%K>@2A>MY$pG0d z0Nen2Y(Tfyo8fsOPF=v0(L@ZhW}#U6*A5SH4Q z8cG$9)oy`S^XWsbADNDa}bM~2N^|A-E^(=WmKJiFg;&k$w_|KVI_O_E;U z_-vqPHz0Iqz&o|o(|{r#zH*n~YHU{uC0!|)jAYCHNz!~2vjUZj`S=-xU#flr{zI$5 z{Kb68u?GweTM?fR^m9{l%$M(U9FyY& z$N!-cju{d&A<8k}tV9p`f#JXxrGE6bkYi{=V=3r3rYGPSNJ=i95TZnHc$8xfdP!IT z1%ws4O6b>RlEjYv;GtD6y*RuJ9YX+HWe9^KA?8SwEyBA>GBwc*1EqVwkY(p5YJv7B zBHeQ*UXE3QVGuDc|HZoGWq4iD)|ed`w|}-8D{Qo_8Up!XNiIu8H~=q*7T#w_GnSFp z$S^1Xs=*RH*k*__u)MS0@PpVWGFB{Tc>s&ov44S*1?S_4>Ilver^XJ9rI(@{v^JIT zvz0I-(iE#w2ymq9F8%uB`(DvIlWV zxMAF^Kpm(YfzwTS!H+jReHzA@e(A6Z?1&B0%mz~@RYt`Q?eZJ3Wr-?3MirDMK`{vf z`%1KY7@Hc{AR#|bpm#UGU<^d#>iu)U0*f9Mc zRlwJVWw>k?XYELJ+xt~exKZH(jTQ(y?6X+8){LNa+{ZFrNff&2fUUnXG6b~BdoT)q zV~<&jW8!}EowOAYlTGqm14U-Z19lDOe*^EpBn4UxSE{=)(CA!iP7%Eb4n5uM!cjPj zXwDo1Lq~dbuOgbWh~lWD2;g~-dA~6`UllYZPsVl_OE<(=n=8OY`x3jcuoedfeBcaF zQ@2IIyKu0Ic2!~vWP1PZO0yAc3BM_L+{e}#JMzFOV2wqSx6Jzzt~if_qzgev;vAH2O`@;`5d2&9?A|wu%+Q=9ilxwB=#411Wh8MA_Doi5HhW%GI_9i z0(@bnF5nWfTpR=r_{fsI%P<5-$UZEc$3{LTe1-Wrh8h|w)w&}bqb}1*{~$T<$0(!Z z)(wsXni96!;n=Ei6yoT#S1K#~)*U4IS@2r0KRl8%RD|*%p(fPAF{{VSOE@R3wMgX| zQV|wrPDE0o%dg+z)!(8l3KiKcd;sSNruhc*CzSS^ZxKPzBO}X@K|3ax!O_)Oxc;i6 zJOz`IW9{X{{{@DE@g=8D9g`N!H|WnM0p6n>DA;a~I40d^ZepJ~Yj*mrBkXw+z7)S1 zgX!e7`A~>bT@@a@{AVG_-#jd?rp3J4O zYtGlSOJiAV?ZQtpa;av0Ew)w@%-4_rS}ee_@>&fPVOs(|HLxi4{H4Grb^oH&A1^iM zqp2c_>nz)DC+f@>NW1Nv5sf@)GiKg0HyBP#1S@Z4{OC{6AskjJ?Ger~sa7n0+z<|% zd#FuFCCh`*e?leWI2Ws|PSAzg!)e$8kFl`zTi`0N%*2s%`ZaDx%eHSv=?jyzKV;5y z?H_@Oro=CAA9LXGzY7Z!@-PDj*AM51mHhrV4dZ58RU1Oc}r$WyFk4NY&U&_?)qtJPAF&7OAH5c2|{1V~^_jM#*B(LE9 zB-I6&UT`?HTf0$+B+?I~4@0bAe)l|v+}d248~+5mP6-K@186X4-i4mZ{y+}l{_rk% z$xm=lCtOGp^tU0zcQn(uCsY4C@%=OK#Ue)7AeU-6ep;-Zt9GRD4aV(7_DyU@F-c>a z>i6`tAsHNgEj<^As(k)E_wixvN%)K2=Q`^t1lh(f7S_w3@~CrTp2t9I_r3COBk5rcLfuu@bq}s zka;^20*)4Ozzc-Ffm9!RV!-14uZ1qcw&+fT8r?2onDn(K5tmmmpCXj{E!feCglB@o z0{K=;#)$Y7Q!Pyu!Tys$c#)TEDqf%n$X8G+%ojPP@UxLS>~Y$JvD{dM4Ck<5usEgM zvf&X#nfZ--%}aY_J^}71;ObH)dY)2rH90fh1QLPoF=a?i2Ek<(A-7>tXP#rC=F8 zJuqH)oO7)#uO5Opa(6_e$$o2EAsTBy>LaDmM2~Xrp^8F}c@G*bcA^%pnt))3hBk-* zz6?)XIP!bpa?b#o*cH3>EG8#*vAL`bOMzjJ4(SFM3_Bw_Y2FPd6G+TNBz5wiZ z1JtVe!hsS$`gj3DMN^7P$DI;>0Iu*Gccxw#Kju+P+V=mDUhO>&2ZiZ?(FxBUpksRv zY1|p~?Q&&*<{Z+zv#fg;BD1&*NC0bqT9DWoYqt|hLD3vfjgB94KQvkZ@~r_#myH9# zA-jyTe=h+)p_wI|D&s;iMqR0sd#_2~!^y(Qz5^2y-^<{8KN!2mtKXha3<5@lE_gqH zr+i{76A*~cX#QX85=?GtlY;*7~&Fm(dD34 zX{hf>TAeY#=5v3T(tiqX0lXFHQ~}gA($KZhhD5YG`?C(dw6MIKcjq1daI&|Px**B$ zKm|X1G-eJ4rSVP&5>^b(Kg9LAtna9t{)Bu$gCmN{>26U@i#bU6kLig7D5t>O7N~c> z1=+usrWhB1b=^ou;!mojdj6vHDL#Pw;0B=D$qW0g@D0q*w(f@f88I*3EpuiA6ejGx z-LU(1Bk=GNEz8qj6xXmmJ9t;-RPC755_2 zpY-p45=`ML$pTdFujZ2*n5#x`@Cf?kIL>j=tE+#+Ll zOYtYv1s^JFDE$qjN?Yy8W?5bvO*hHoM$PQxo4H=dpI$9F`a>K9 zHqnrW;yPp(w;#x{v|Uawml_!NFFu2qqELo(V0v78(9z@xzux5pDLS< z71xx2YH*-VjDT7-2`Cn{phg_1ca?xjI#4^G4za481QZKeP?c6X75@a=QCKs*IPu)7ALxQ$hkk`=}_| zEK!2?Poep2+)%2QfPgQ>B<5Eg-jKx@mg2dRWVu?BkWbf01324H;WRc}tkPm^Pv)6k5iV_-<)ds$p66}bOncsY*jxaopiML<@|m;qm?|P4 zlteoyS#&HjU2?&?Cz5oYJ@VUIgEr0aSd|2;LyB^ziYuV@5OlmAwA=g^NKJF{D&Yhs znCJN{lCKM|P8IXH?-HuwzR!lLn1IYvTAAWZH00<0+hYD{5y%=TKL)ecOJjSKQBG3r zN2pdjk41b%w-ZcbI|>Du{wvCwc@&;D|G)nrJv4;jr{xEM!f4eM*d+xhNhOsF0dm$p z0R=4#Z#^2wvZhA8RK~7Fn@AIAsg^3lzJQA>iXQ%SNHt=zJ8UsEe^KmOWq*Z3XXb)M zRk5{mN&qd2T_ekJ+nSU@q#ER3#el$bJ+*E7b?%{|szVB>+Fm3wUOOvy1j}RbWe%Y7 zgn5;mL`H!p2~fcbTZ%eQ-3r?Y_Tq1(gp+#1(k+y~2IVa@UN*In8RiZ*uYVwwg#S7| zI9Hsg{1{)wK7?Q;Mor9d;#W({v4~iUw%l%~8_z2(2mY-PYtxpy&y_o=v>Y^GMGp(x zayPnim0`KQ8swW+m$MshwqJd<%vs@beuXzT83xHgUT+(IHshj)3Uky-AqNx8vwW7x zkin~)41DhU3Ma$QKJD^b!hDc)#&0R%yzG};s=twsz=q|_ANScamzWG}-`u2a26O17 z=j@;!$3Ez0aJFO)NwtroTG4J4@`4eXKoY0NqUQQ1xknuM$7*R^fUA=}t*VN@~|axoTL>r(k3jD=>m}JU}STN6Nknv?d!w!P_7mS@6}MpgfWmS$u~G zZDdIbSj`3{AZrC*y&D6~Q4^X&u>iJ&-UvgObApBa`dcb-W~WoiJcx;`G$^>10F2K7 zO>+m82-^JYHmi*GCDuX0L*a3>%L#Ha$UTr)4{l3KWfxW~BUGTmwA}WECcqhF5P0)nlU%v+$qQI5r=C>nva2jaHd5GvM`5q zbJcIaIS^rkuDrjIj})lPegckh0babC6)j1w6QfaDnCvk+Z&_Yi&SRKADC94PaqO+PsH!`;g0VxNW3?D#NuQ1e@kF)n_<= zg7Uv(Zz0qoCxBP7&4s^-It&7T_-cv;*>9v98cora-&%msIYNifLQyf$QP<&@tZP-#M&>$j1Cjt7;AsjB^3Wgc|;IL?oi>n_GFiG z4uJB&z_-3n^~A`55%@Nf+#L8IdJv5HsM4%pe)~8IuAe%X>ZGd~OhwB^Bo8egrUA)`x(cQzksm8z~+QjpC#Qm zdO5fkxeG?#__dyliZbilqs;my2kKM~*M6Aw8}PR&v&v9)2kb#A??LD229f4_Z1Z44 zd+JHpnI2itTgU)EEDCXz8gTRoKFSnu^wEMf-L{i(G`$|S^>qUCa>7i&aRT@UkRpET zI!314Z{7?+G=ZbLN;ta9ypcU)-Fwh#DM#Odl#rvB5=97rH9QPmDgd5_X*d~2w+Z0Y zsOTlGk>@WxB?z|p&DQ|Iectb&*WE$>4`~)d4g=H-KB9hs^fA%Yk3;^72g917!?@i8 zTt%7=8%6;GJnA>pG4=%~Mr(b<|Kia*ZzgX1s6$B<1@w3SSvDiJsi&T`FR7L|EL5>U z1We29zKV*P3NsU}+AuOo&qZ--tgcv!IAWYXIEhX)>}*R&iZxA*wxzwHS#Ac9qv#Pe z1Q6%rvu&XQ>W?9>)Sp}feFTqSGib(r42iv(hv+nzwKY+3;r!PV%4@*Ps|Z-pDrNqD zYY#iE7qNuT9U>)R%T7a-Ds2dQLR5>T`RJuD!(U(i!YM!v%+gg&${}8MEL6~)eD*i8 z5Klr_6XC1yjtIce;)M7G7zS3W@tN(Vt!Hk9ZL1}Hy%y1zYt)>%DP=xNzZ+Py#Qw8a zDrOr11?Uw_Vm)}96jxib)c9VEQsks!6-A&mzMGKfr7tD`i}$6E0dGX{&>VmP{|(e| zSs!`<#RLh+2xm>&>mAi~<);Og{h6f4>~KH^BS82Ji%U&XXMfp#!9eAcxdYabr4x-- zN&9OwO}T;2z@V5W-4!I+PA=n0S9+3*Ai-xKA@*BJj^BX*r3QOI#QQ*(zHjTkQ8lr< z=ORmcn4bc{dp4QvJerin(a8KF&YFsO+ZN$OPgXA7lav38dNBAHjo+B18H@J5G%I1L zpt{^%YNr;eEKoV8&j#ON#(g^#!@R@nA)|95<|A7y^!ERwVht z?0X1SWK_P@a=tR2f+5+MvRFi8)*6!~Ib{hRjd!r|{Stp6AwCA%;RuRlz_>ri$+C;i zoP?S2D1!ZM^>&iU$x~@hP-8^TJwqTj|Jm~a_fguJ>%Ku%ng?dad=hpCCKzy|2u@ZH z#A{HvG}wPae=K|~d@;cY;RV~-AL5Ht7x`}YTJwTKK907^<-f`&5XSro;u}>V z#lrSpqrTqT?`$DR5}s5Z!&xL7za7tv;qWZta?~{leSa+@#F)@snflvDGKp7XYcH@V zJ(uF4yvWz22&pDe_)uQtOesR8g@_{9N0&$d-K!mmSLyA`$(CxU?;`!hRVwBE)$zwb z;4Be+I#dx?yanYbhY@21f{&TA!hOct3H#d$KhO^tk_S*+Fma7d;1}wWQS%VNT6dAO z^E)=I`UmY;eI4R|Gp-Tgg+|k{+05Tnd@mcnlJBcQlhK@4U7wRScO#e#iNof-Pz6Xq zE;bA|&v#s#mHWhp%(c>1qL7i}5BPq$ZTo8B8JyslBL2Yg51hai?jU8!c-Z_7CD26u ziF_LiC6Q0FrE&@V>Z1F@`T+{Vc$WW2PqLzwcs&n0t`bT^{a!+=LOU!v{t6lqjH z>$e!jxRd-6N2a6xC33UO0G$W3ex?1 zCBVaYpt$r$PK;0?icA;+?FNAo;%mPoVgRP|fccX=i{oHe@crylJbVS4UN#%bLPnjv z8>JV{qroT>;+KBEmzUJCJ+uqZ`u$#RkBfa%Z!D`3KZy|;Hg995k`sOF|4{h--u?II z#9xQ~IYsCm>Cbm}y8bX{ivH+$xH%=_8FYGN2jOCQp_*0MJsiu({y+`rt@3>`{sM1J z!jJ!KdF4-jzw~PD33Rv{j}U)r0D-1}52pF3(o|HKo1YQ+0M?#uzM^F!@Yo+WA4bj9 z%%`A%XU_j${T`~sPs+l#fOQ+VsHFxNL&LSym`i1(^?Rsu@GSgP_C3_r3!{@SoFCf1 zsQx}KplNh~)!q|YM80Rhchtq0PDOu^3bqBmU(RW5HeKmV@IYez{(|uS^T>Ei`F&)} z;YfSo_;CCvLcpApjo<5n2i`5?&$>Wec2FM`g@vrqtkw3X;GSjgU|XbNYO= zfXPXg?2Zka-^&YzP%P>?6<<%EUphP``)!W@@I9X|$owvtpAd+UFse_J<==x*d55MT z1}N`d()vS`cmI%Q2qdxfAfGz|EC)e?zUf>Df z@_OV$IlnpnP<|aXPjKxv#dtr-{!P$tA^sR^Lvf~pd0e3Cc)p;UH_~$j8nMVq*Ml6N3G!Fl zno9moO8@flf30_SUOj9dgM-B;Z}!Zdu~cQy+rKtJ23_*OC^18O%JCcLKIgr78o=*w z!#0>D>{Ro^ENFFQLU?ON;v5y*4LCCBrNKQ?)!5(Rh+~^eQv8-`a|BD$=Dg|=Z+BGIuXQGrlC4mL#4LdUg!TnvWtwxhN}pqvmVOjWn=X280cKrmX3l zyvOGPL25WNqs&6P-g@4*#(izm=4b zFawq~r`;Rf4lCDBpubrK57B<+vwlB#>iKSjfA^Db?E_4faJ(YpulxzUudMI%T`)hu zA9MGse}0USorr&3#J(sPnU5k8oKYwe1wx=AIekfO5&^srA*1FCB%#QX#OOVZc$xQD z@+CwRa5n@3rV0ivEzOcldXrZ@SjT|!K!|*L8Fg9p%~5to^R?4vl1?uiq=b!Rthyha&8z(78U{LViEYmu z8nlJAd_N{lwYnicr5%ReEB8Oh`0g&FhvN^`N6^#Fqvo$cnb)?TpkM6w4!Oq0Q6i12 zF?3yG?oW%Q;CO(mnAf4xu|`^%+cXm*!|t{hWIxu@ao9Yk1u_10o5>sI2d<{U!{l2f z!Vwekb^YV~n?hfM=%GDE{s1i|(>La3G#(k9G7aM9Q*B^xmFo|chx8PN^E2c}Si?Eu z5vZgIV!&I?9hKV)I3e zu@GWue-z%R!lN{m8Ax$SVhC*TOQ0G;+(Y`l*7&>j9KAm6IPGDEaJY%hXan|CsKpc8a)Yz*@(tqU z&r6PD*B7w2CNqfI#Vh$iX0`hqwng7{2Vk(WN7%o2g(yRi>pHLQlK?r&Xiph z2uM#(eA9zGWcDHv5iRw3(MuhPe6X$gLFtSLpKdrP3uXp30@PsZQ6&ZkqS-~DxcZmk z#h}-cquH$UBC<89Lwhl3zRlp`Jb){D=2&V;PWG!3Hc5K#CA!R;gBCZq7Q4WD8~?drLS=$vr;7VS^Y`Q6v6rt~+OdH&V)~x6+t*$_qeCLbZ93 zvGi7WP3C{73FI-nBKx(6zdkUTJ=}!)wom+p^wwo_kHeSZJZC;HA^ma|36qa9zTe1t z#>#v1Ir2Y^VEtV1u;KN38Qd3-$nQ+z33~Q+EH3Z%B1RTawG+BGnUgl`W3%mrLDYd`rg8q95^wsl! zpaYbaMge|6F~)s9(gHLmT*j$^T5)kQ426j4_A|8}2*5*YB0UODuH#*{Gz!H#L|4G= zzonLZ~pge9-v@K?(`<(4VP(1_bmog0+B#K#B5aO$om&AqpaN zoV+DHO6Qzi*`ROe2i#VVD@D*zPy(a$9lSg2>eyIBUPR=9IYipZ)t0tbJ4t(NXVk3H zcF+bcgoQP6N~9f3PNA2>Rpz_MhSKqM`C{8rI9G`5SWp@Jwj5>8mEp_sli1fx)4C8R zxO&*t4F$wRf6wc--xYSLv?u;E^8C3ja|j(LIp(Dd>$??#`seoyP5* zvvAA;o({%S0LqZLUyQEwN@qt&zAvW(5kIcU&239P8V~EtVl^IefUsI>0KUB^o7ssf z;On;nuZ^1B*&=l5H>=nTi=4$GiXNkD*O|+u4rETYHG@Fv<)~m6`>Dtb}P^4sAwHFA6I-Sk%qAd zosD_qjMG6g#~JjPjJ#MWb$_jyhqORmp34EG*&|zIT;2lku=$k?0>qpIy^$Wna*`bL zV;E@|?`rvxksK@bqh9eQtvqP>F$=O9KZ&ifuwYJ&HhO;0sJPmWwXKRz?}Cz+MKBKA zFSkaU24w8}Q^?awx3}m<3k*r-TxQ~bMG;3Pg=Xe{L+t39DeDDN#xMeLPI}enYeu?I z75u$UKKZ71t4Di-Gr*(`#25mnfEimexFU$_10*3C z9~(xzs5w;<&=5UFxUgBaRhATp-KF8EQJKDl zmqNkV<#!Cg>tzm^0RI}`I)(~k=A-n7q7fCVu79;IAHT-jC}p?+BQn^(W*K`I-L389E1mDrcqQ5d!Sn_qrLjxK+|1(`s_6>mt+KYK zxCHC`Kn`lyU?$$533lU@ld~NXsZ>rM((?$;_X+$H^4BTMpP(Ow1{m6!`A~bdE*=$NNxk4A6P`9Z`2m zAkR>rQwECL!+ohDXvLTt*6~0^5w6yABD8aoStD3V=F`OSe{FseSq3E%4o1`-dR_HV zc>@26ZE+CjpggSk|3myD@aux{#2m)6-uKJ#(xC&t$($^ho5dPsC_A`~rvlnF%otS~ zgdJ%w86zjm%d|~|e)J%0v#3)rZV| z;&P@NVZhY~+fG)$Hl%-Ket*-tTCIs!Hn~Imah?k18Lwgd!CZMVl|#PocJBOMiVUTGR`-S5n5%p- zR{TG-0qiy{cXz!sKh2P|MH^AH_#H7D(!@qx1?fR~PwC}Jz zX$=Dhp-Ai(@dHz1aO)f)X<2C_)qkX=6vY1A;sI(Ev-hs}+L2NaK(ZSIocefXM?J&z zu}+b4ILFe%LC0lU{E-lVCWR;oekY+tKbDZ~lJe;d{J~dt<*j!;e#|99!C@3F<)@i0 zs+ONmkUFvSfQT$@(2|0k6Age96ar9h0?DDH%DCoipj~{{v5DoC2;p#kaD`B(m((#| zx{)&_9S_Hg&M-f#q+5C*%$MxxD8CP%{fo8Vr#&XgB}!xMPc%WR%TPe`y7PxskS1Bp z>XcDhaej4jLDi!=ku8I{Ve=7R;ZFhq=gI}Qjrs$Qh0ICM5Ans6bTyMJp!WSv$@FHS zb)7rOYOEq)4HWHw4U=->^GmOjN85d6C4q5y#gR*UE!RMS+mrSOJ72 zUb6VFSZQ0b%M6-y>KJWTsG=PXSV0(9H?(@0U=BYQ{DQJhtb}5z_!P+$zTd=m)=xu_RTNii14>LtvF|b) zuAa!qq*~?%%R!q_Hdb)eV4#X(AX^rfPdq2xbVmQ};Ps0=1}(E@E42ofxf*>_x&D=L zXK#QvXa_LHHKLD>mZ73b8F2AhwNvUdqEzB@r<6z4gAj_12?>%A@{*ZQ@Uu+kb|%1N zOXZI=8F`V#vI;C!e4)Nmf0D&d?3E$&!>0wp5M-b+R~7IgB%UGEg)Y9rJ}46K^?z#@ z%81oY*B)$%HFDEJ-h4*y2mlOehRtu8a$`K@mtpoXls;1>}_M8%#ulxX8>Zf6grbzuN{QXWzb@x)tmu6c>`?z;& zeh5DX;7TIb;=Go34{8=KDXCOfQt9(rNfJr=EIx$Lp=s=txsqcN?ck8{BT3v?zn3EU zSp2c&%zx4fsLX*HU5Myk4?@#A=mPBZ=J_|2!jo$rO!YHisvi0?2{9$yg%7nv8U)JX zQ!A^)r|Eiq7ff&Fc-grqW5p9@Nw&91>hzMebr1aosko8lAbFS$cx^DXYVc^Punt8J zsTkL=|y0a~S(91FL0TnlP?=`Z1L@ix|-kjx$#uLgC$C9st>v&|dKE{GzF zE0-)7jSaF*y1gX5#-`VpyTf!d#%JgXN5B3`(BCMClA$kE;U!u*t2>fOA;Bm!PO!@_pyjd-?2-?3gc9oJm zOp~o|2JTQWh?v85Z*rSY__b2&`sK!J3l!pNtneGE5$tdZYRFeh?l9o06mu?n47bSF$@ps1)l6NhG{~`d}7GXOV0TroUdeGZI{te z$PZbg>+VRuK`n6ro4X!nL3fklY67?O@^Sk8Tzi*;!CJe_GeF(WNsGwk;4s`TGZ1Fb zi40#g*`^yP+v17}8TS;OWYUi);~rj;9y0DfUs`FLAx(e2h6C33yjYWbQy1xXxuA61}f z>y$?S`~3Vh*YrQf&sT_mex3Y$)j_Y5pPzbYDt^|>5*^zrKgY-o7_qh? z5g?Ze<5X@sZmtUi@{!x7V&JocDs0V4($XSI zQKnrRCWajQRhwvXVw~xYJK1tbGOT4bV9w(!(|Muz5|XnB=`VlUi) z>ck;A6DKVq%vvFAS;4zt6?s_|(ycpoMA`mV`TV6?v&M$CuiSlW{~ze1KXQ2$N{ZKOUrlEz? zY<`GMXN;9i>Bw~cn23nU?5itYA&63a^i7PtWgM5GlloI(Mr2Yqa5<=q8roM6>DqLH zef9H_^l*0H9Hz_nL8AI-kLEdjw3@G+;BQ7K$>bCK6%?7Mk1nEQhzyCF<~8PHzbu{N zN6p|Uluz-z%!$`9xo*2^fOplZun{q=hpoHG6OaF`f!_&qk!)KY^+%q?*m`GNkrj^)VS zjK`duz2C|lx@Q7h%-1m&0&2U3gX*ug`$bADmsOQ69(sl3P<2x(t0z;@<#Q>&TKmde zBq|ThavcgQZi&1@o6zG&)7F?Xf}~N^Bv>g&_6MPT?0SUfuiwnVGC^E>rTHgLoiFhw z6Z7i=_&l%sgdoF-#IT!p>v)WsIEI?|%M#Y!udtm(!Mw1~ER7q{NA6(3gZRjOAgK5R zsFp5$Q+U6EwioC`%=_u2v^W`nz&;sy8eSkxkuMQX!&mt(P@R9#-JjSDa@rj~AEfpY zUD)~nX%ZWh)ZFrxZQC5+;TiFZaz6yW!a#KjGlBPHqR>!sL1H-8p3<&&nS^4OLA@cf zJVzmzSceK@=3L1k0oFSLtOw+ED4CHjX-TTh0$dGy7?QegLtV}GbR{p*Soj|4-GWOU zv*jifVkSPmHCx+&k}O(#Ow*cI#$Q)FZ1jBfRQ{Z^b#McJ&R^NDDf~GT<8!byhETQZ zVyagOqrOV_ped*^Gz=N#_qlIs3NYjBAq|n(0l$~~i=+6fEriN4kisG4H~IeY zRQM8Jz-yRu5^SciQC!sHlmwVI^y5fA><}1cZhn>VtLy=QR3Q$A@!C-?<@cDU!pFr= zQJ-->m&aq<{zDB$ZNtz%5#-Z=u7!fm~FAqF#BaUR={Jd!LK>%S2P~&{elM=YN!*lp!jIUXy=nv7yO!lKs1)&UG%4Q3U-8+h>13Hu-mSw8K_jPVDdg$K(J1@qw>BAEDPG^5LH=Kat-5T>a>H zKS@iZY`mlLfc(aIINoZnv)-x#)rDq(q)!?TS4&nB7YyuOWvjC7qO$qLw&3ov=eZ}| zHzf0q`g}g8Ah&MJk^K(+{hX(a^q1!qr-ZM4b@$g;|G!;$S@*x)FDsMhkOwwCZVG+M z`7jEbBx1+Vrv;;E!J?X2y9UW3SoBx;io32>Ad7emB61(qqZ{oAKuC4sSuM$*>-d4N zw7LI0qcpKoN9E6?`dUMI^$U!D|8gi}BL1)_zpoi- zg7vw`!{^`97sAi7)Eo6T@?jagiSmvy?&T9sWsv>kZqUFB*t-%rYP7|8Tj&R?5v7I> z!87RfHX+Y^xrzc`%jK6epu6xFELm=Uo8&i@Uyb6cS$qkKTZ`SohDGaLy@A!%qt3#!pB4lTC`d+sa!r4mJZ0m=%S$KugH369>#bwG15nSlpr!C7D`s=KB9U4w z>>{-U{6Je1EJ}R-aR`4a@^QF4a5HfWqD0eQz?0~YST%#LWH%nwE&TLcJUh+z25e_z zk1czAB!4BIeM#|>GmFO(nB9gO=9l~ibipi36G`|U6R57b4sy-SE&~Tg8I!z6a5~2O zi}z}F=H*^;Wzx?m3H#S`E8EjI+L-U&-0y)i7_{6KyDXT$0w;T+H;X0Qh<1xSlqd?cIPjOdq7AVf zXteov9GJzgh6BS?GaVh$fhkOAb-sC1(3#;dx0BBk2BwA3=A0i64B=s5B>fH3!hw;5 zoj;O+5fr+BQ*>ZH#3f#Is!TF40_4UBkdLxsA3;sMw0Y;T8V!o?(u9bo`3%9qPfW>7 zdl%)GOl*Ei%5jutXPM+ZjH_tPp7#V&#SNsC@sbVN+UJATdO|q*l}rSOy4D84o!VM= zSgKdEvrN*~)=X?o%6Q4;$rbUH_drZkBwu=#8b1$@3Az%Cj~PEep(_OLuw@eVgPO1( zM2#RpDoP7Is7Co?JV3Aq1AEzx=n$C82p(Zr9OOD6i09RO{saaV&!P>M%QI}4qmdQ0 z))xoshq$gE-8w(sfaPvMgTU<7v<35*g#-^JJ$4M+*xEjMJgX}KXY z6qaj3xj`*AL*^q+e?BYOK&u5Qc8n2UqYB5YP$*cZi6Ja{xSuJ-eLwInsDR%pKD6j>H|oQPvNWKqzKLgKEyz*1VpG znXjM?sist8*{wlRikugjrBY)KBv>({ln>DACaU>F50W{aJwTg2zJmFM^nuYD>m)i5 z{X_v=i@?my%=FpEOv!*|Oiir~ffZl~K0=wE;%&r-6@S2r5r^Kex%P8Y@gqzV-hIQd z09rJ`n@0x{d+@!AF~}r*e*MTf^}qs3`Rj1kTH0D3!gpLWcxxEHT~g@FK_PeH4KwOD zNLbw6N*22GhW&Zwvnb1fxz!HLt--)xy0FdezDo|S$A$ixLG$o=PCE4vA^t;~h2puk zq#K7JFR|UM`N1^ZTqX=%^`pTVeQTjb@y+?gnVh*Yg!gYVBJc#TF50Wux#C+vRM4YR z@9>&on=@}k6H0u!S%=QsQ!b0r*x9>Hlh9XpknJrGz_9N-K#c#)iLXG0^XiKp{I5u! znHY7KL9ke-D^|f`?`JV+@Cn71PS*~Z-@c4u5=zXk$$Qw)__uvjG?+uM_H z#bulT0OOxGv+ow$DQRe3P@N3Hjr@m?f@mWSjljVUWRrNm2hGPni-FYf3-CyTtzV^ z)mtTZ-@78YXCpV&x&sF+WYG+^_v?4)SqK^5_M=b$sKP9kEbl>>US8u4e5)y6l>xC4 ztqLYYF6c3zjlc9sibULM1Uj38Kc!28Z=hg07i;G?I(5YKW6TEqs3U^-kI&|^nA~ag z+p@IW%S`^({Y;)~+e5#n$J+lBNo-xHAlyhY!M>6BMbdWwk<}DhIEe%BltSrdTZuUG z=GX54&46IbLx@=aU<(T8NFK&h98Z2?*BpGwN4_1@{x&U$X{Di*qM5mLN@6vLrp#q; zImk{=o)tO*V<7z`f_@GDlGfhC_#m6tOoDo|$Wz_s*Pq}gi>hL2#2x__QhpEo4oN_; zVT$1OZYgkplM6z6^9%$6`#@IYk$gs$M->;TlFCt{<%-wAYSB@zl_ttZJv{@-^1XE| z?slYFhwN>4uKTzXUaF_hM7dP!E@VfDAt3@$Vlcs6@~)nm>-u zbZcsdny}0@BEaoXBS6Ach9)fxuo27)1Lp>ID9TETfK~+q2C*X5~BBMXgGqV@<7o zCUe$iar`3N+-=&B5Kv9F+K^)&l-fFk8u})I82QAVwQLV7zYRE6DwB;tCp-lM#lHgo zxfhq}pPgI*0m{X6<)dCbzL(d=6|`S}d#b+{GeFjCM++nk@W@L(AkhvPLqHUDC*Y<4)RfY1n}{fA&o1*UJ{V4Rv5hFlGB2mM&vv<9pB-r zyO?T|73O1bOVA<={s4mwA8vit98 za~%ZnWv?dpVRd6`LzFS~JD`AVsEkKc86#W^iKsLUm5Oh+Z;@jD85#2~<{=9cd_=V7 zNb!dx@Pr)!=g(_!Mxoa@BB7FKRgCU<6MhT%#7=?M2;>q4zka6`X**SM6C6F-b4LhK%*hi>8Pm1YC-1HP18JtVEU zAJGXsD7t9GthxjhRca2IEAgW1f|NNZcJ(_|0_AYk?k{U#DU272$0DhCl%&I$doRQm zHtr|uQ<1C)jE2maQx}qf_$m;5+6UYg&JvoG`ok{u}d|( zhw5LoyHZy*FbQZiupqLIy_*7C*<~WOHv`+_5=K9zIb^OO^1$G3Vo>Y4^#1)oLYayp zju(?#8lsysp}dNo7lZ${It0yo%?Z}Jnf z{X~u9dW3zj7mLB_%k(lgvOmTMz4=?$H%EX_jb z&F7FE^rqG#whtexZWq3OyOzfNeQ2b3xV*91`XPUY$Iqz3+}dt37YmE$05@lD#tSU$ z`a8v1`XE5si7pB4H1>jo+$&P(hkV~L^OB(0|TJDpX|qcbLxv~vPgI7(pUpi0{yfE(6iEs;em?E zRBMeB222(F_482io649l;v@Pq!jF(&U>1xXJ{Xl6mA_g zsvA=cNF|BX6GZAUGz2Zl1akus6r>s=Nb$Mvej@d$2vP)O(yZW+xe7XU~;ILtBK@} z>t%5#4221Y239wipK)&wt@-hp{ieoCUnB73ea<-66*yUq6kq;&>2^Hl(`^Kge=z6| zj-}srMXl<;PTX&pNq-Zy=H+a?O!{qj zjkO=fh7!ACo5sx7*Nu;Ba))HH&Xp+CA%EpY$c`+5;9{rPrfpPPvm$8LYTI%$+u?)0 zhduSP>}l#RRWr4-stmD1K$5)%105PB&drqG}agxQXT5J>A zyBkY=g^B|(D7;S^g`N=7Nzxm*Ds{OeSy^ta%Z+r@?<6quFMG%;+I`DvA)D5s1ljb_ zQ!JY@LD;lYn9}Q9%>-Y6yjf7=0b_y(xT2x>6K6Z8tEv9*g!31e4(fE23iJVa_@-nv zNHgEeK-VF4B|^m6qgtN8agtl^va!YsT~qVTzp#q9spgw=X403P809^63MO>P2l{>@ zymqx9=#4tl90+(aiLG6ssofxmreY8+irf?*h6F8%A6qlBnyNe6Mf*t(8a&$o#$H^8 zwyJT~5OG;MEBr zKKC8`CdjoamK6!i4MUgD=e|1T?|RPVb6?Hn=kV;7i*G!UH13scH*df^{^jYaG_%}% zbrtyB_dWvr4ghLuws#n*=D!46>7MRASLzKR>K@Ee7kTOJ_zP_#71p3a@di*jpC%iT z<|(-t2Y$&$4uG$pIYF=1^cR@0qLT%&daL3I+B|57!~---)ESnf$Qs1GEwmhcfy?!f zJQTlAyUC$+L|yWHsK9E!p~g?nGCj|uvhX^mhGoq(p8>9*p~Pt)$hetBHsAbfPN|~`A=fh1 z>_oy8^Cn3)zw?>03J(zi6g;{Y?lBhOLn%oBj|=$kv9wAajtJx%gZH2KZ=@c|Dtz0< zw>R)jg)3<%KI>uglMAA}7wosWc%(=?AvZw0`xkrt=Chc`?xJPL*ibk|*K-m13^@%u z8Q)hHYt(ztoHR9nfL|umNBi|De8f9z+2BigTvy{?znyy_X@pV=4$``Yl2~@XlzerLH3OJ^A`cNAeh^ zbi|L1ZF(&A94)KVvz3eS@qk6CLZx~CR1LWOt-4UTAx_;5>pj;L3?nh5*k=1o@J!sKK%Sf$^B$$)O4?7wPRMrz=F*vtsZ zN)pOm^&OOT!ben=Cvjn$mmCNgbkmcRYm#6-#*crBC|eD1R+LEuLf>T+Kc}IrrrL|( zmdV#b@j)f>J4F0k`Ebzk$hw7cr}Xl;*{D-|KZ~II`{Kt!3_syIbE?=4=_c2iBds0b zYZA?II;!#_o$-LDyU~Cw@3RibZrB2`zBqO`u*e9DV+?F@B3t~hE8b&^&!Nue8sVb$ zh}R*k4}op#SJa|Db*AD0D!L3j34Qd>ukk8l)GX$X1Ov(#eNx_`7d2_W-J<3YAa#N# ze0}@t)pA#QnwAba^(_Pv1g@a}n@*ttJ94#9%Q{;uH_tb>V7!7>xVfYXQxgF;&I$l zJzi1#C~>q_W(o64@gq>YxD-V!Xxrgx6$Qz;Uo~bO685Vr zYqnCVh+!zY{jg>3zOUeZ@KFiT#U~=<6X5g-aU%~tUO-Rm!0sF54X$U$3V8-FlBwH5 zN#!>q7DT*PgQnvt=^yK)#!!+LBTMEJTV)!(S1Qy4?pGU3FWA9$j4j0*&|({r-xmk7 zw9^xaH{{GW-#$kiiP>+!3YIFmH>>wA6r&|)V>*JKS-H3f5WrJ>v?ZAUgwYB%%H-O7 zYygrrAD6)Ae#W`sysK9zEcO z`|c^oBnQ=10-jkNOCKW`ao2(lqj4YilP9aABs+w_SOug*Tt!KhJGIK4WmSezGN0JM z%zWZ@yugupyErnlw-E?BFUb3Ke&g-t54?z9Itur@>!@C&z+KH$>w0vtR_f8=zrm}& z-mkx2n+&@ANzGpmTfZQe7KxCBEduY&hFA34WPajy?pDr3BCx|u9WNe^XC2SP?XvfC zdl6AEakLM?aV4lh>B2dI4%WbpOr|N0$pGthTmU^#2`ge?HTwx5 zbwI{^LOdc_KC86j)epU^nY9!^EpJML_?8uMSl5vdT(0X#JjM5KV_a%sxnM678#3abO?vmI&=|q&1cYYHl|{c zj0Upfdu&0`*^#1rwnb%Xg}8iCD(YBS(rkKBN%Lk0pd-ykkTHD;e)lE1A)IuxXEOTK z3dH&z+n(!5<_f}hJ)y!~>$*C$Yyd{;I05*gra>CSSC?Hv#*l^jo_+CYAR@Njh(Det=?SU= zjUKh4ZJ?sC<$WuGm|3^)K+0GETW6USn964!{)V&+wobtEJ;r-D5NT-HhvwmySw7w} zG;)?D1m5vY3gmUEP%r6;@St5RcjLNeLbj;@f))<@Q#q002d#n+?60=}1si6kuQ88>J z?0~#}pD7?ALz}e)>@32uPX~QAu=f(ebMTtX?4ygkqt)$)g=jbw6kO?ip{9rjcvW1nB|{F z1sBdHJu-iV9hd3vuH=WlG&{`^#iW^rFC}SGhh(rDTLu#MG7s}o(Yv=&d@NGjZk;RK zdjXdsSCr);(v^E*D-CnX3Re##He-|}-sw$9+n2Z(rM2K@SI`atLVe6b*wN&qaM$=a{94Aj z0dy~_c7!DVLYN2u%ViMtZkCdP+d?2hq4vANwzPq>B>}-SIF{s?U^c<}8}%IsoivCj z1%4sv5psvD&=Hm6RU?=ShDY&2hhuJs;5c942*|ht`5(;kH%gWeUvezqHuL2WaGLUfZ7#Y0-1T(4kPENG4(Q`6>pPO@nQ#ErV-%Jx0YaHsY z;6-Vg=A*W26No}E_TQd}$uey~$LP~2jNYvb;AJHR_kBvnMlMq`x-p{k1Y=5nzKoHU z28(ZF6B9Vc4d?0P5Zkpk!oVng3B{$NFGC@FE2MRCmBYb}HnKpQF(&_m3u-%{x1eP& z@p8z!F5>|*pKa=n8GMGT?etx!Zq0y#spT7ItDkron~2CKP+W^V!R|N7Q)bpqc{Vv;a=0Mo092MZDs`ASR3Whne1v%il zZuHYGIl9dlzM~*SvI2rq%{)F(Dm6GMO`l6d&qbVORRm@`WzJ^nyUmZ`Iuc-*scdCH z0+XRpME;tYSb37Ce(LDok>(?jeK(Mmn!0v49u0zG6~$|yD(#SCC7QUscyoEe8YI~D zhnNX52?_>5OdpRIm?wsuu!BETleW4fT^t0B9ZgU=$tl&nERe27g8Xt3oEHq^z@qPR4?T!EX7HvGzi_~Munwf68zsyQR!5qTfpo#hR1}W~UIXcIq{E}i*@{F+S9wBKEK5g-Wj)&$zmvJ<1$#lZmu|$B`H@emZpU;aui_gJCLBrR+2#!kv=lDsaoI;V%iJ4J-Mq~ zK2RsPsS*-_Mf8j0vVGEVOcfyoeYCbHxk-xhq4<4~UofVBieL^5ukxwD2O0&F8GHq* zX|E-oFHgdYHvqLL)7*!hKpp><2+8;y;YGpa;#L)0U}lc+5w=SJ~SU=X1_rLcZ(&kZ2!#oPe$B|3n_ zlml2$J*@+H_L<=TvI3L`hbTIL#F}53kv)eU@g5X0ht;AmfMCe6@s!;-$i$JYkV$qgX7sbuB+py~2@y=I zNoFoJSgBkD2r#FkXG9z7MHdi4Ptp>;1f;wD(OS|M_64qwgBt)L@A-t0 zj?msn?3DnGn_l``a>Xc?ej```7<25VN`~iSQ?%AcM8*t8p4LX2ijH56j30oR1@Ox` zi^Ywv#m9O@ZL~||{y&?K54ubRKY~BV2To}NR$PtTD zsbVB`GHs@Brv#-E@fMXMRjNcK5Go1NTAKk2OaUdFQ(=G#d!)(;Sb`S&JiO{FL!RYCxFGua6TvBgF&% zlJqM{P>5b4f&*HfOUt@MKlV#%KU2<+d;eq0Rc<` zmn_gh-(#LTn~k9)JFBI;%q6soye*OEA~1^Rk)?4T|8BEwVIKMF#}8H9RH&bA!7qt5 zTis%pld`6jIdJ5O?*fS@_M6k1D)mFc@r&~N`}3td7*w4<|6+caKL=5ed^xcEX)L2h z0e7L-vzmE#E9;XUxZ4NOpM8}cC;*{+1i;;E_L}m^3j`gCX@HN@4~R0#6?l@_LH*?H zgOv~JmyZd6NPmLyCIIxB#^`v{u|oMm=dgWJ?`5>_t%vA^e&Rl)kB|iTxF#eV)$x(? zPs*$xn@$o3rxQmwX=<;;AMMM2(a9i`_)YeF0XBzD1{H_A1xKX+F7GxSVSYrQWh1~J z|3VKtU)*rkE^k8T z)a>-}cuz2vY?M6S-2`36*FopQJj|bPGY(Eok8fopH2#cTfbv&1!a6Z*kFb9(oE7k2 z?^{wFWwE2M7$>hVbaZbuWDD(2GkI)W#$4PUD$}%$obdza*gbXi$m2{~RDPNMipa0I z10g4+;TLG zCFX7M7cizYyo?YpaZV=^bYhEqv0l`x>R48o9?!-)7S}O|{UWOUjA-eZ+u>O1yZ9yO z%6t_~qi1pBEoj0R$x3@u)|vGai0zPB&iA(6T_@T2rZic zh)wTPI?fs$#M2Vq1;P@Y0!%=&xQT_3&acIRQpB!Wa%`#0?Giv<&U`?fcYAYgF~`b-9e#q3=AHlfq|vjoA~DSW&$w)8{%3A4ewNIG?A9|Ug|J3wuKOLwT; zb`&4P$V7$=N?%RfEs2n9IoA(;GXt)cuW!x;RA?kzzyduchh6}cfgGBf(pr4jBf|leepeMQNzeZ8+nGD00Uhp4ZNpQg( zss)$YLm0h2VrUM;{8k1z)8yPv9TmX{qg04;@ecxUD2ezD|3LBBH$rv5L*`cspk6%e zT2b^i@vyCKkin10F5cUFl+dH&zO>N|7Mvesp&cwF<9=>v9PwL(K$gJYFWsv;0{+ab z$^rX&m>@p#ugc339J8&Vw)kDqrSQnjqQIJs9J%}U1|yfLW)l)%f(HM{k$d-DWx0qhLXs5V-^Od%AlZ3+7^Zo#;Ysel9NQ1)VAxxtD(K-N}A z2jK~*6O>spL70oN*ath~kHu|($+0K{4ug%|Oe7bzLQDTqo1@?$f``@k-$?@Uz2;UB zx}WsMiYDnd6;#FUV0@wsLh}5AR_K8!7Yaf<5o!>xjWAM z5J|}qT!}*Bq0iD5mZ3vMR-j2V&!lwfc4lPy_{Z#q455{xA;CX3Rm4p;s^BdpE45iD zz(%i5R+wb5=Fr33ej+=+TGrfPXY8CCb+Feuzhb_Py}`B?(AyCZ0)FW}i8TBKc>P$u zMhd8i6r9V^q)8i^8*wP;Q2c)w&j3v(z@cUuUlOu_TGL=Sn3Z4_{$jEiUGVnj2Qt@Y zyC4vn##Hha7ZeG0yZG~;MwyR_zb+vR_|IqpdaeN1vSeQ15AoTpzYX5oK5CtQ^s$6N zo<$YBmvjz_!_u2;X3M>E$i?yOHLW;+%l{A#8=jqs=gl*mwIgQIi8EAO?mI#14VeR& zp3K&x$=2u$C!jCd#X(sA=AJ5{yYPGnDwJ^@`1k+%IANE^CxZOn&#IO$^pW|YOi_$P z#OiR!K|_62?}^&9Nh7CfEiu#ES>f9wg&WLgWL=LVk+X=zBt1PvwhzTiBqHcNJ^orO zBYqT{kXujYl!oeVz7zjpd~)uIpPl@P(i{WvQgOW-0EDgEDwVUL_<_5xS9!~^4v7VS z#c>-)4wB245oKwa77Ah$&MufUm@P6>A#Zm4XzO7HTX{sjjpt$b7>Vg&evKhr!?QKg zsMmxJbN2jN`ox8 z^Vt*qB#1o)6;tt0Jk6IEIUXo$&6TN6;b93PF@NE-z|-X!ls(VakFp(K(z4??GZb%~7K z0&i;k78GGo4GeO+LpcZ2%Tq1~t!>obXOI{h%{|AjIXj*Bt0Cp-0|4u4K)F>B9yah)HAq$eO48AEZ*&hMy_% z=KC&7LtyrDE4-iW(lL`YvoPXj)43%;Y%$Z&5S0Jg!kAgLS#t^t%PkZxzKs3>*MMG; z`_x4Nfqyb4Arcsu)8i)AaUy%k<;XAd!v+`Nm2MZ2qIE*^D&$#$4#qdl5EDOds{QY&h|97bVsP742 zEc)ebeGwkmTkI?!E~B572in7FW)XWGl?R&-`@o%nni;0QpATY|43>dGOpuJm)ybb$ zipHaC|1sURFrB>n@T#^~PM;7xgq}-PVj$2CUTYxFcA*cqAnH=wGL^+%a~Y=uddp40 zT&F*>kcpDH{z3Y-ZEB`*0PY*pCA4FtU~~ zut65zW{w+1Mu8jt;-JG9L3IT}!xJyWmW%^Ak)1Om>&EEErR2P5GKNaw0Ix09%2`Z= zHc9g`Uk|Nv;XoT{J8W5`#pdV*}K}@l^n~ zXwH~EuNl3AxR<>bdN_q6JtQXjMeWaPyq< zy<}vc73T*qC{OxuAb@nsL=fxExrkH{2bR(IH-XPV3{qN??&GiWthi(SK+vGWISq5r zQ&lcXCaW5TvIlY4gQ%GMSybF4V@Eg!3^#Z1WbWsg>6^5D?r`%r=kK9Cb2XvE;E6qh zlWRW9$A0Mf>8htO2Y!eN^u!9b35q@e!{=kw{-01CbO2BleSo!B7RAsF%Ugr+i~SwV zKK8>%@xRl<9QXYfzy2=T52Y{dcUWKOq3V)ZdW5)odGhHy#8+=qqtj19;=WZ$RAxV< z9crrLZ-xDX=ly<%1-3$8a(t=3D>QQU%Fve~?2Ng9JCt?GF>F2({K%S%{U2pC zFPQiGS)ln;|3?|kjoGH`0GWg7$E6=Boa60G~RP^O600xYhIx1Vv4mmT!ns3wj zg9>}8^dT>8cneUub5u!oOfE0X~L}tmc-D7-ye$4*z<^PvGAm-y!(Rb_ITeFt2zhFCM5vcWlb{D(9a&r^oeN5#+uE@cRb&4)Nok z2>T1aWkF^Xe(xNA(5p&3Li;i%+rN4D^!VaR!UwM0=ZKVBoz`s{x4YjYv_OYWW zP_Z(%hJh)W7C@0XiMtwa!PKpT^rp?Pe2<+G%94Or?yWtE3}15)bp`!Q7w) zMw1uumn!X3lZ>ALzhRRk9P9H~BVo)6O$5@k91Z4pZLEpDZ^%C@r)T-^Fg?oc;YStZ zX!cO&Cl&hqt@ZY$$U;TDfdsB5hR`xHzXZm~LgO84{jC0zX z-zsS#h)o< zbH9-c&gS%;5wJFo8aeX~WH^TCgv7(Ua}N0^Sb15CzD+Hu)pR}OAMPm)wZ)ByLFD;<7H5EJm7!&G*>!^mtx2jt=5306@Xb z0RGbcwXV_;ti&)|YL+Hpzo5Xu20=>ybsCPvj|B}fW}xl(p1co9_aQILAuKXtb{~te zax4JZ0YkqD=wd_N2^b-g=!R0(yrJ#DO_vy4YgKzi`IZ6_1f{P~CBC5Xl1b)CLX3=` zCZB(LbF~Br-Tl&2rN__%PCwvtK9)}~^GU}yqx%I9E-Vy<*E+$x8(S^V6NfESePHaW z_~S;YNgqjEP6T#)^vzal$?O&zK{+6th9&8{ha({hUoT!{H{_egNZ z#FzZc37R<}lzA~S-OCl^Ym1SsCwMjuT~+qaZ`thCb+RfamhKRTnrORiAyI+^^a{(b3U51rx%pp%$R~!5`0GP7BRU!ys=*7}lU>oT;qu3z zQO8ZEAH(_T@7p2~{~IC*JF}Dc5>TzQS69Dlr}qAB`wzR;UygU!b;fzYSe>>M%(>WM zh)xW{kLMz*`8;U>yWNR_gRvJJTk%7Ju0M@{CpK2tBI5{7#G?}h9vawSE}(0|U>ymx z1P25e5=P_8#>obadbKMGZ}HYfu@Dx;G~!AU1s|9P#+xY;V_-lY*f*I|1+ZiR*Sxt+ zvg5f8@gWWq8jOi*VDeD;IrFnf`Cg>;n*C*ojD77#m3~y&%&zlILJV`HijC>7(d(CD z9pY7UC2KEPVNo-a?@WCP_{BO7le)-#*24IG%klcmhQu&*?{7w9TRqm|-Ph&X+d|CuBGYE*O7Gc8YPbSMo zY=h1qQ7$uMCL4VL_=vg+7%iTl6}{@0$Enqx{16iCF*fOD_cGT}~|gkHsB zj`*UE*mR}=?O5s2LFY*luE;ib(XAmsCn|f709Bnm=-@j}6M7>D$~x2Wjs&IbE+AUG zU#MI z=5F&xsWW6&NS4(lP*3)#It-~hv|b~`2U^d|ILydz3uOUo%aR-R;UUC=w%RP<56WM; zghkTh($F;f-aLKLoY_Z5_B^%#h52=Dpd=d&>WjLH7wV63{n7QsjQqBk>@LlPJ3wR_ zq*2?uc)wi_gy!XO4P5v*gj+FCY>E`)Ype2PAMWrdpeb{{@ImfBK`{mwhs=AWs9J`_ z>#4LQZrN!*IIupYID5kq)}H^iTWK(!6)Iro2Y zB+0d)2*vC1#jdH3nTd)tT$4FnDBNv6APH^V&?c~F@gDOSgp(5zPM){@T|low$%6T* z2vV@yVHRpyDFz&#QXoKiEmFw6Hop>pIPYnw8uEDTI{apw<+{HLBu+cc^y_mOYI}H9_o>Bj2!@z-1Bf z2jIJNpVbnb2e(d$7;fS{UXM)?{_#d?85Vd7i zwdIJ(Atr=A=88SYC46%^$0oJT&XK&|BAE@4yq{=g9gNh7_B>R0Ne}|TcpBj#}D_9?jbPXeJWYZ>#U>WT1ezVAWpx9+L!r>l#k4> z6+Y)U5>EteT%hevwk57`fm13daLWF>PH+x#A?hGkn~w^U#&Xz5n-%lt&b%AlJZ|(d zx&TsQww$hC*7CA?-wYPCgKdu9qv31JbRC`r$~L#Q^S6@=1jT59O-IH0RFlIX)PD#U z#7*g7%;Dme2m7s_*Z#a^{NP`HzXN*{j^9xyYCFd8{Fj|}$XWTa{R9j4#!AK2ZKX+r z;CGGL#GlIQiuq21lb2EFXZ=6Z|Hg+WsH5ud>hy8@OYC}6o^FB8KdGQ)y$M1Cak-ow zDQcY~h{>m(n9K+|UQU)jX*bbB^wqWXL(n~W}+5Kz0K~n}xk6FWD5um=G zQ0Vvsq8>MAx{bkdDZ7N%k>{ zOqU{)M>_i_NEJ6J;h5MD(#ov=6a4KKMwif$NZV)!e366FELcM9` z3Q3dOF3~2ETN}*bs0T>P;y3v|4G#oZX8VDLVu#~|z=Aa(A@K)2TR;7HhdX~8w)_*h&4mm-wod`^wOxbc*18yVwbr(&{7?v`uV^_OeSO`v;v zZGSWRfvZNd_(VcY;_(6qSOR_s_QY`OvK(VmA}vOs zb1mT*N$24%Ok~3Apu?t#St3EWzgwFrGbhc?-Zezp3+;y)CBE1gEiXg!E$vG~y{v?D zzuH(eG1oA~>cS3?&bPmc5Bfg3eSw_tze7g1FNxSdHjykvc0fk_hn>NPU8owb+!cKo zId37#aM;K`pDO(O4*DSRj{7BTxsq8El*^lk@ne+z zl4E(6=yN`es`fj;5+ zvbmN03FJ}aojyDrE9_@`NejzxtTO*n{FKN*-_fVZA3w@N@B_Vy%C^AP}{0yUrgS zpCOsVNFyQOrByl4aj(!@R4AXwMcKUhfV!#Vn_KVSweuW0aLdng*x{TtGT(a#=Q)x( zzcdCHjjLBc<~K#oa~vWeIL`YaY&_5LHJ5-zE1TG0uCj@ySABQL62{Pc9sC6f$XTu$ zU7*l;j%Q#5Q5cF~gZZX|a%!E^2qAe8k z66b!c&xeSrJJ0ch?P%ZMYdd3MaGoO=AAx;=tkXG1LwCF?CL~Y1f6w_?`T2$=iivc7 znGR4`>QH|gg7K$g+5A|GQHlBPVJIFX<=Ovta=xKb-!%s9tA8N<3eR`xe#p+25H^8+ z3Dqb5yXNmT{u_ZT&@b@!zQz=3X0-Y1X!bJ!11JAg^Y=pf7xenyoo^V$exuJ}e=sU9 z73T-Wsz`FPJWZj0egLBwj~CKWA0GAmz*sY_AXI_``SvYBe|x^W28}?rA)mV69V3*y z)$;?~<*JjUk~B!xR>-5uSA&uB2V(A=y=V^PMfINfqAY)KOE%6oUmpC(nlJl5%6yc9 z`LLe_ALTs%2g`+g6l3;xSyj&$h-dORmxIc7&${sfc?Yec{zQ~tI{wgKa|{hxnST(L zAMg5lBk`sPJ^cEh3+^Kn;v#~Gxfo(HdcUCpwf;hcUt$CP@0>6A6ScUFmImhwz;&E2 z(DgGl(J2sAr?)ci@O56xg6Iyo3i~MfW@rA*G0F$%t$^NP`iZ_0`q0lSQ*UMd0Qqq> zb!%0AfV{F@0`mDs>f9!T>~VkQW`0A^Bm8L%@=t1lm4?}J)^3O1Ev!_13 zfLky};Q{l z_#}#H70?smX>RDj)=3)-E|?!Y8x&CINbO^}e+5~H*q_Sy4?9qAE=6zLIFv5oX*eXI zhjXx>VBuDCO}K!`N)}f&U~-?AAG`pajvBkqw3t(uTgqlu~ht5oM$4CYW`P~ z@YBtAC|sNXI{)`pt)Hj=`yKg~Oi&RsL-BX*+RF-s5A4eHUszu1%~BQv`VSD68i`2x za{8)$5qmJ2e;A>E_4??OEKWc_a)ukRA3lEO1|O&Jc=Gc>Cujeu05(*`C&GWBCAclq z!!HUKDZ-o?H5n&r`g=jWxu2+knogfU!9X%CBOpYL<~AW7XE?)Fmgr`}1YC;@CtaxK z;&)QsmzddCh9$=LFa7@6^-W4i18C~}K|f#Q_b?;a|K$VuPfHS zILEN@j!$S?qs2R_(!ZSlZ}q#feK1GP6VwIg2_Cz-BF3=e@-Q*0%L~W-0hR`jVqv(N zyodZJ^FOz^G6B5BTYCjUXg?^7H^O8&jzEZHJGZNfF_(uw#L00>D!m)xcR|D8rz{GI zIB<`~VWRfsJxmdwS2!V0r>;~1%xS*2Qnq7x8BJc;&Qrg9s!h%pFe2%8ngM>WYtAf` z89VWkw@wrK&@b$&k^7`UI(IeaC>lVfw$sGFUX>Pp^q%hpf)oQIj0kayNtw>=!xrEYq!z;cPbw-I~&70 zCcfe|5B(bh*dIp)tFP?>C0Ho=*ieUNdN3|@V99zV#+Er22sl_><`?+Ijd#EuyXhV+ z+f9ew>l}oyqMA=rzz$SicbN-iHlmbSyuJs?vZ1cmeCN^dhPvwhOxS)g9wzY(nYWPB zSkVDE(utqVx~fB$pTBX*ka)H#i$?al(wC$ZA1;+Zf&+9S0bl?kgT&NH5@sZ1J<C z3C=XYG_;c+tfT9T^zGO%$GC>>*@RfY*9ay6mG;V9Efw4_cJ{0h{2l>7_yllaUX(J7 zdlDJ=2mI}KlB>8dKcVeA_H@d>j}T%?l6t$^K$>d@mKvt z@NgmStK)#GPS5|V`^#>SflH@f_m}avDg=K%*7>Q5`B-a&U%vVi-?QKHEh~IGhHItj zITXylMS)3_d)Q3XRa6wmWvkwt9B7uON_sej8%JxT_fA-JO|8}dQKPu&+`gm~jqmxyJ z^PCS*e$gRk2Ma><%L5@d|6lG;8%@4S5G4o<^ugn=L#{Y+`I#(`)L0oCHvg>|6sw$( zeYJK2Z99mf@fz``;O}GZPY`fqF&&03;E`1)`!N5UGA{o_*yZ;1eY4a}V$iN%mZx})Nc&v zuk>Ko&C7DuSof>KZ&EiUG`pVZk1tX>4A3mz07{mV|oq2WDE2t1>?2`}+_*3E@x#xfDMce{-f2 zdIEr$Fjr*rdL&pmpluTmOmKSSxBte|2kDmeey-QD9^v7kX3X^HYB%72Tv9UB%!v#C zHp*Z4W68B>tfiOR8z)^v6H008w{W<}vZX)$h{;4+mTEwW&m2xO&wk8R^S8Jn9Z%>! zVm=nBhO&Kr*=`?Il%x;Ee|>cE z)&|+V0bv!_L|&zpIk9`}on$WFkJ%Yc#z@MoT8|idK1b}tTGEw#gZY#Zwwg-82-mQ9{kDDhx?`Z;;Jhx*@)J# z6mAUc_^Wtl`l>G87s3szEvtc~w-EEiK^ykZ%nbqHH=64KoqEirC_=Ve=n8l#ehQ8W zd?d{tv89KRJzk2x@odrWYWAO9v!mb`kWI($FD?NRgFQ%3WCprWY)u=eYaW~J;%S;{ zZf>#TBh!pRwnqc}9=sEk&1I;d^qCgq1Izmc6w4D`s@KO)(3$1TZT~Z-MypMB1(3z> z!K?64fEizo#}wdE{Jsc)N)bC@Q8yEq$=5H2;t2NeN%`e~1P{5Ucr&YzY?HA;jby{E zn64X0eZNg@bg5p71-uLs$SZDwtb{t2_?5667@P6iG+twYi)Df<=(=CvO00=*ESzGZOl)=Mx z=~O)ugev>m!hAYLnCnTNmtn$A`j2L%cyUjB38en}mEnj9I7s{yN}S+u`=%{a;}`1V zr;MGm-sfPVbWKq%ln{Bhb+*HFSrqvh1$?S4#D{XUP#-@9@ZWIQK#?V2LG~D1{58LL zil0%KyW2t~zfd1P1?FuLn8n?QF`>&pq80Rl?cU;3n9Y&q@$G?B3WzJd4^;OiM${Y^ z^B3(MALm=Vo~lk_Ls@g4p4 zFX7J-gnn#^y!p?d#43e>bvN0zevtriz8y6$yaS0d<|3`+%w&aOfIv2ql{J652Cw@9 z5YW**N=0;*^2Z?NTyqZMWA?{nGlM_W`}ch&^|u#qZRV(>+XH_iJ!dO+lOfuUjj0mJ zL~4rc!DzraY+*=NO#xGf;!h|7js!VxAztvs)dj86dOYW~Jdu7Vxvn-n=LtT)wD#FL z9+Q_xjqC9z%LVIX+Y{I!bd`XW8hAM_-4ZTuZ9;NU9Uke{I4i9LuVA^B)M_7PsC_?yrU!XSqthsasv2^RS=iWIw8&Ksbpn7u_J z)pdl*mCEKhh7(cR^sz$Db3y3G_I$UCC}i)nL>wmHzZfEo%;hKhFM zWA|9v)}x^5hFiHaxGbb_Y5h2Qi+2j1%H%0n{<91poyoULA)m=bi4s{3jQ|_OFOz@Y zacEBTtqjtHHX#E2lRk?tEs;#FcZRQ+D+*FZEF$sEFc7$SJ=GplHsjYu-2t#V>gPl23`(1l#r1(RdXNObEa60~kS@%+HP4PDt5H`)Ve2NN5 z!{)$y%J+vY-Z~E}4rphl7jFQiLDz+_ZgUFq0_-z9wfr<}PhLr#D&bs^&PHff<;mc! z2&^Huz@?EiEQm9l+|iYu1w}}?NvX1>U6oQOB#{WN;>rXghrj&*V+-_HFsp!euZIgU zyg5CXubNe8j0PizvFcQHmq`9V0jRC{4${qj(3cP-CYXC66{?C2ep>rH!0*A$RH#dv zUH-72Ps|@pxb(cA?)C8-kXh7Z{^V43E+{d;@4;`4Z>cfI`H-`IJ|X`O#)B^U{Vvt( z<0rtfoVol_2e#K0Ko-9TUnbZ;p6(D^733ob`d%O5o*=!C->A-_X7gqTxjQH^z;8wP zt3KqeARmw?T7;LoRIiVp0LyZw?~yUq@3E7q^@DHn+OeAAV+epdv(yPDrBfYbl`Zx? z6f0&~1m;`dO%r+X{ecg1ppar`in&d-OCcci0c(CS|78*#cwZVn6$LmK0$2%fUj?|x z0UYB4l%xp2y`lhL1erU<<3MGMk=Q+(mbE-19}kY(lzgKmwsNfw9ZtxfLTSHwc>b=h z8{$vbBHB|6>Bfn&I^q!W$FwuYKm=5~~KGQI%H74FEDXmrh8l=0YyAqJi#n8*1o z?#2S-I~nKq;BK5|{`f;Ke_kk`-`>Io^N)=I|JaPV9pHq2`;H%le^RUs#fmj7qKJDf z4QrpRO(!NSYk8U!NHj<{QsVq;5yZNn~G^wu^>ZPIRFk4Y2m6RCh?a<&@xw&h{^0+#xnQ`^0B`c zLO0=?NhTrRRvyb6`3;_Ultz9vlZ~Y2qQ+1PF&Fu7DAkHDpao#y>Iz#1RF*nllix&a zE|VZ*OQyQApGIEjK~+LTxC8&j?in%v`18Ma$m(WV8W7-96*!~|2;kc`n_>bGYjur| z^Ba{UG@4@c+mkxU+-_<4DC*`5S3BWqzjUUfr6i&D(!&L1DM^HrBjfc2S_iS#LPRmL z+2YgeAb#72C`sk`jJLJVi`1UxYJbA7ElH@IJS-@Q$8Iao852ThCdYLCMg3_teSTZA0n#f2!a|4=lf_oDRB?njtQ{Gh=Wg;h2&JaNrHrNq? z2wWeFnLqtZ=15J1>kaUa`3sVg**8U%Oa_8UGuEFb@i(VQ?Xa3V3QjLIa@$dQU=lLd za5itQKLss%l3=Evs`7)|+mP?{62AuzqF&mQWu>u(P`+R?517zMPH-7`Kp3BZ%%WyS zF3?#-!IS{1cn1_C;K?*7VsE6#!z|JY|JCURB{8NP}7rR0t;!LQ;__1Nwzv=rSd|wSt5O2y=t`D;!7gP%7!FbO&0zk z{`UPycf@XxCG!CTY}Oo3VvnCD#Abqdgx^BU5`H>j^Ly}g68rlnyZk~ZU%Id#+9R zlo%Zt$$r{f#543tWHk*}!5oPD$_F9>eU^2=AGDU&OGy&d#*>0ZM#r~Rl==$y^u=r; z*3l;=tUSmthYa=tq}R>@>D2uW{AURs&L8voBo#X|tX7?}&U|z^2cPyhIY7aJqmA_i zUv|@l)u5R~PH9o&>xmPM3{cT-Dbk)StH|tA^pST_ zy_aFR*^1(9?DV!V_jk&o1@ zYJUmMKJpnMd0MQf>S$*^ExowmUOtO!WdE0<(g~PIujfd!*!@A1YM7K6keo~(e;E%s zzIS&l(bjzPjXk7uN~|XHJR#VuqtMqPR%8G^BFG&-l+J92@?mGZ6u+j&8)BIo2^gUW zQA=3ZnlD+n0UDt@ENCw#jlGpDzVl&ylLO)XBSS616IATR!%Vyl?7Q1CF=JBZ= zv6b1`Aem0uU!0lV19zUzBoQoBy%!uD=2G&a{(mP2F*HzV+QxP#?{e< zWRYniStO77^nXFJgrDXjsBG$rDvxH{cu^DhHv%*vaBahS0m#r<6kaU*hVB93!&MJy z=z<%jCPN$x<_%mZ0lxSLxDlB_@XMdn)kDUx%YwAAenyKt5A-8}17W=nFSwVVzY~1q zO=v~Q+_Epp+cIn)hhD*${mx(5KI3C{F2oHS7(%*7I>~wxaOd_>L~Q4`*2yDahyM`s z6l82`o(#J<%@)Ix##p%a;#=hHZQa%_VX-a#L)%+8?6J7bLn>DI7|)lL5NvUXtfssd zIN35-;b7n8oe9dHGIBg%(GwQtB=`-qLE5>Zc=|5Pz;)Br*I?euhKjAH&bZ>c$JG(~3SoM+O3w^j1Z_cw(5uWb>)v(Op7CAHyME}J!&vv8{gm?ClxVud>_7U3ev$F_b9LB;S$iy^9v zIN54PrrYn=p!xxs2++(0)lsM+v>&b!`6W~aAsEzbUq!&!IHYTZsdMr30T}TbGvRzU zDho0ycN)&P(JzdFBF~KCFVH@S&?S1x9ZA?6*eUJFcp{3@hsI$4t6dnh(QoLu`0!AC z3xEI$Rmv6#dM6YrgWg-XRw3Qtx30+B7`bUcR#u=NiXZ_Pv13(0NZIbwFn1>JZe`#Y%&Xn>yO zG)}j&8FM1M5d47c!=@LWDt;BYzBC=hqFj4^Q#@Ff><26RVV%X@)GM5&jcv^h(3dpg zaL%|4;bs{fCkJVeh)(%Mg7?d#$9#KUxBtlE1@`3O{&@f|eh+5HDkIy8mVWMoxm%Vg z?=~MtXdn2jLZ4Qd&*2AWVO+XP8X$6-a{)YA&P$pxv5rU3v_N!ey8&U$q9o1D6T4}F z)3P|X=2QSN&rOkeL;~sNCr8uu8XEi>CxvNd$fU6qc@|aR^6YJ#_YN=-`|2LY`l6O< z4od0nm^7iB2`E}OGr+dZr_n~Si?cuL6qc;8~rElI?7cCqMSID8Z!o5+Ne;lq6VY->c%l)r;18bCI0G3gqBLwomap z9T!bisu26s0FQAngD^j5^k#I!acSLFGK&ootMC2+>vtMg7qr z$L?hx8EgUO8+MQ&)}iC;yCG`YS$xNplIB_fCE;>-Ktkp!JUsFBkGxfh)alhq5RL_c z$5`z3$W<$Wd3EV+U}9(bdJynhWvICgRDMN$!g4POu>1qfYtmo z7a-YZiqGmxWTtByXfnTW(EfpsfYo;h8evvr-xjd0k!??wZ3tN{V4FVe_wmIdkjxg> z0N;ly{z~9NJU@aD3sN`fP(O<+&OvOR{C4#Ih4A@R_+aLGSxiQ+VKBKB_X_z90>O}h zP8qatp`QfhPM2EDTi{QzEVs8?|Ah7$_89-uA2^xo`hjaf!(Da%yxXkH{n1JE;6yvM zP+K3^C&gdk^9%snc$|yw;&T+#ur~?bTO~PclmlPN_ivnimi~&jXfy!EZ`mz2F|kcH^|lJD{%Xxzu{S>s{J zH9`$MR?w724r}sIlQg@bowT2kL-CH z+OE)m^XFHTmk_-IeJT2Zwh;2R_JulqYx16Ro%1ca9j?83{)n)Cd3*eUyrAtse#`7T z2!i`TIFk~c4gDc^+rTJ8e0YQoanfUO#;O?!MO~4xWtOOt;@oO~^i@!{x~hPNu`VX+%XWOi1)UV>I9n0(y^Dv$@m&&f~mHpOj~(S4S1?WtlO z5SN)haP}A20F#Y6#+l!3nt~Cu24)#cd0LZupL27p5}2-pla3c)k$QFo`pcWV@W&&sOW7E zn}2Xllw3bgsF*b;-6SE{nZAG24E#&7t4)JjIkO+}7DXoHG+ObkON3bBrhq$`mB21TlHS38i*K z|4w$*sB{pnKwA*bdUJv-LUQ40gPHH3jE9CmcQ9~6_M}PhS6zVnH(7)*zNbuofW1pWn&+ zg#MPykED!`uYVtHEbKt|^Q!c1-Y!$$L8_hAL}iT1D2 z?;qua++)9R{F%xG-NBHvL5MImGkt!A>I>~kgkkVVlwTiaVTq`q2VUEqi#Le4_F%=5 z?co05I=wRD-%PP%xw<@{zyG`YgRiF2DU+va<5BJ)&>=YviaIn3b)d>&tS9A96g zJRn#iyw-S=tglKESZ7%s(x=Tn{;E^+X8tRbbFT5?F0GFRKeFa3{|6<9Zz5P@Sun@@ zS-5X_hX12%&T7o=F01N&!!lF-t=)QBL{)JG@W0PKBtdy`(<2 z^B0(<@Q88oD9Qr}y$~`$(?&JHbvww!^cfAY4w=MqF~`2&i<|LQ!g=kpYWRpL>FXT`wf2osXxl~y_=6wzkfpM+)%z=6`g-o%Ey`5T;a>d zNx_e-ndSeekdM7x7Dt9JH^yw!3k>q0RL)F6A;d6p0zD)koGdYh@lzHSUos>Q5?`Ra zV;BU${rG7k>0#HXIZQk_HZYd+=e(9a@n$Ysb6HSVljk>?dog~zIY<%Jh@ib!kCj3< zY^w2_^eJ0E&YNCgARJ=yKHZXYEihc})~j`$8+kI+>djY`>GXRW43}9I2~dX85mXev zPi7Yp?>f-`VrxdF2jv6K2>-Y5Uj$$v3PBe`@?Y}hSyT;34e{o+e!6ghw#p{2A^k%7 z+xoVWj2|*gD@FVRj$I#rNJ{zrUFG?dq_MEZ(943ajQt?qQqdpWX93r+?5t1al50EW zkIA;pSp4Y%BV>0|2QB^JFc$n0nSrdBzkvlPwubuE+_)G01W7Pw^7TGCnwdq&w~qV( zzXxCBdf|R3tEmdeydM>0>%(e#vv$p}A5ElFce5c|Y)=#`-i9JT9}}*0su!8b0scEC zmKhH;h9n6c#2435@qw*${F*K~v5fdr^Ywh>P{;4Muoe`OU2iO19D;i=l;R0&&E;1a z2qq-}qQ(co6x}$74*?;{4W=iZF)S^MMS4~>Gr$yc;Hjel{QG_aklWHRQn21G zzX?#1A^=A?m9qeg?+Rf^)r;vXxq*u8LBi|oWsoJEDd?|N`fC`!yu`uj%o9xBt%o(z zshpHS>t`x9S@-(_{oRk>8&Y@SU&5E%bc);vev!TS#nx~PIkie4xT3xKOa4qx5n3$y z4VgFDrZdcn4USvZ}!71iYsuNZ5fzIk*XTp%Sh_8arVD#yL@oK`St})^wuhsJYsaLq zQ?hv?c20q*YYSr-q=2`(xNWO>6M!=kY{8y;K!hD$z?+s=DaK^t>^_=UQpx1R#iq~Rdcdbp#A2DZ1Q3mbcC*yydu=W;iNo24TaqwIy5czI54fqy@ zSfZIruh-pVIIX4`ULQZD;*Sv+3KxdxX4T|=~R}9?9Rh}om{AnWP2GV$)@u4 z^%M+&L5uzwfd%yE%Z*)LT_?5+N?KbEKDyo^ZXT0pEFDq~PTTbqzkv=Y$5Wj6SNesM z7D&hOOC(I6F)^08jGe-%O+uZYVe$}6JT0mg60N}GVwOd$_qqt*>C|;h9tY2~G8uht zH?uB6ei8D9ee;4xE#XSm3T6?b4XFzN1xjx=|KLAwrR_CDEW<<$MzCVo(;srZ%Sxt` zTQhSML0EgK9b0iFyt0H2EY@)l9!YN4k?vy|Z)R=;2V?lv$A3-V7Z~&;@p?nV<2Q)c z%w_^Os0`=lG)Wv_p1BpZL6XdBSJzANQ{eUBLvCVugl<1C*g2f zA$%y_r=*i^*h+qe zflbVLD;+S)XRxeRSq46*FU-{ym&&?jN!xU7OQ8NvwCI|R0 zuGzW|o%Uo%b2s^N@%+|s;w5R=l*xWYHGn6H7?IMlAaSL9DiSwdt6aPeX>I^A-|J%q zFT-^9{mPBSH3r)!pc<$U# z=B;FU6iE8Q&N{gt-%GLhbg620Y`z9{5RgiHDzqjp#W4a)Irbjg(8idpS9(d6o(34XJQ8A)?lIyDIeaTy-|O{XTvH~*b3 z>E%3SPQcT8{K8&v%TxYRp0ZTH4yG$l>-Z&OB*fDiNn}=(r%aCm3GtN0r^~r5%hN{8 zAj3Q*3c^!<6sPbXP^YGNMTl!VuF>&$tRoF%1)n@Yud^}B-6w6i$$q&EKl>X2@bQ9^ zO{%8i2a)82B5SK1;a8Iz2P5T0tDufw=@Xw*oErT~ef-1_Z#OT)i=?JM#N{nZ@iVHS z51^}Q5#QSao8&5ZEBX1hl`5w+zD5z0Dg0`bYrTvrWf{VF@7?cG(HpT;2OF;hb>NO- zB}6`pJMjLRYPrDAyR=aclcX~Z4q?>fH{B~ZiuiwFPHV;Pq8FYw)3M-#{=fm#s}5yo z!eu25>QU2tg+P5{p9Lg33M_9hi-9knmJ0!qM*nXFY33+PwmOG}*Y_II0fkk75=(g* zX47&^>@*9xDk%1xQ4oF*G`6f(Cu{MU{CIG#e@Z&*@T$%g2WWA z1TPR4!5wAQaF>{1?l^>95`6RJ1(;x#pa7?4h~5DOG*(l*R!9P8$HtVxKy$2fegHIE z4wMOIsum#S`pXM2!8B;A@X}nX2}V#E&j4XMQUEu&tU4^`-!MnPv|yh^ns))tss}q8bO|7Vtt`!rK)zx}T(`vBlix$QW?9k^R@{DtT*TC}MP!zTo<{bMrH%`#5gHb|8Bp3+D-D}_ zf51z%uwmkF2M6aLjme&9L)upUW#!8hua%MS?)d)bo8j#!I)At4;beUw$;&8Hd$FmZ z_z3>g6g#EeFye6&y9Yt8iLumYTwZcfBT$^%UE)e>=_5E~Pb`YK3fd_347Hu3aIedSD!3Y>& z#G*!X!UD<}{Oh!$t*K94Llm(f$iv>7AsLwC#c`$(3-+J-z?(ZBpyZfa4x$QZfjS#X zr2mPNaJ~Ac-`i&pmJs(H9q-l``1BN5@8N_b8b+s!2MZFoG+XCsdcWIY?*=a~38UBb zd7_82&@YD3J5|xk0ll30kVP-wKLcgB?x;eHKv0xQ=1_#; zI(g3(!FMM3CyVV;jbKX&x0-Ow<8Pv|x7HoaUm#nuhRv;4l%F4Iw)zbrDMADGIXjXI zI`(vPDc6x@AgjR2HFpvx6AuisEMhh`)^VU9X@A#+Rz9v*1`n4N)ZgKP=V-w~?B3=v zNrVn@$}D#8tTD-FYat zWatf~JLDaOhneOrm}KgySH6hKL-9Oe(DETZH+{yWScWSK;D(eHip_7ydpHOD1V#$V z(F2U1wn8HhZ;g=_d!N$zWw?e>G)>gg&1hdW?R(5;54zDB-9N}M$w!<2bqrn z&L$qczKQH9s|5Ot2;r$M%c|7IGBi$Jd^4|`CL4G;1MY;Bb{`BdgyLa3utOvnML(*% zD9L8Xq$qlo_>p2gQLtJcaIgv6#dr0rIFuN#Of*TeBi8X43ab)e0%p2bgc4}Ln)Nyy zSLQfKDw602*(B)0meSZ6fVjPQ7m|S@Q;w;1WK8}OCPjO>m4z60cXh*M924uiIrM8bB-7Qo?~k%fS(%$sDRR>|ZrY;WQ$RN8ieJ94bE+Z|!1fyX8T-mvtKY zAlOcE7cK+AJw%=_2E!Ra>1aiQTCYFuSEl1vLC4D_$^E>|w#Ll4O4a=RO74aC^DfUU zlreSx?V32}cHrAPIFaT1jtX=?%v!vl?OY@6z(T$O_+9#^+pKEw3-hvMZoNq~g2>#v z3>}V+)Ibu=d1y{L!sr)<+4xuoi7FLfz2S3ubGDlA5SVH`Zlu>6>*d1KO=!HxbA>9$7GL)kcsm_>S=7ry&SKRJEx;rI*Xc0mjY~qIZ61y{b!d(Dd6yFZ0ZSj|(W^LySN)t}~Bb_e{lHP{VBuS5U-ue4s`W7603-c^}&lEbs_}6ni z3&XJ;5D$Zo2I3addkm7!W*x>2FCmTVExj*6IMVgY;xCn9L%n9cg|bz!ar?)TTjz!N zokxqbM5fi@GZnwk5HmzGoNP1X8X@46A7sG6Fsi1l?}HJgEZn-c({$hty;=C;SiOQr zpHoeDHD)kiP0L2B={EA<#UC$KO?S7|bhs-4Qwq^^zsJcHJ2v3FfZ^IshqPlgU5{$I zRc0{Z7v@PJPGRVjP)ZgxPTjU<9MR_etn3{$4$`4ZFTBLH5H>@Jo!V0ijuW+8{nd} z&!yw*%{f4`I_-02-%o({ZamJz<=2+rbTbjrh|nC9a(G-6a>$OXhOjv7Xj;r6^hXO4kQT8&&4>AoGLv1G+%jw*#}Rbd~K&ZomLM2EC>H(AV&D3 z@$?$_Dn3tV>{*ScbA|_L|IG!5lyOy!QJyh8Sp~)yB+7Am3m=dI_EkB(2Y0Zhl!dIkyT(g!IW*fTIii0Y)fi9&@aD%8JtZ6rMSAcCgjzoP*|ub&lQN+AQ=? zTI6(yzn{oTxYkBkFj7g2VMmJ@IM!lu#?f@nYc;@D!YmWk59~+BHvcuiKrJ!AD9#2u zDa>kV1!E_POH%@Sw19&V@>9a!{y{=REGe(Mr2EZ~29-c47wjXQ7ll(bOkjftpOPGy z`@P{vCPxm4rDkgi;(r$~1rdWIz#uee%wHsBq95)vW>``t#8Q9O;aZ3UAvzwFR0PX< zQ4W1;xtmw!@_{2aSwg~uSjUYhC-m~-NI(Nzt|~57n2~_NM4_ggtSdKe#~CkQ;r2ND z_B1ZGcVe?jS&(Ryzv7@v{J{n=D2gkyv3v5#=W5NzT=(C^D|zgG>TKygc!-JsU=VlU zpK6s4MCIZ~lw80hq;8)9lErD z*4*{U(0(;NGr$~SdUqry+ihNL6@}AnK2AzSqAZNTOt5XyU~=mc$pmKa1+6CL;~Zcj zMWW?A31h(^@GoOitSe~(L#kS@w||gZ2F)?zdPZ+t)3{g8`~at5gWz@8-);_#zr5|C zo3kFOL@Jrq^Q4P;ScKnUVEa}c9+dUAzP6i;Sqw2dX0tkGa~QMWT8+sZ7*HMUa2d$D z%pdp*mLseYMXiup8MiyQO5Y0<%MWsO%e)UP#ne~_bioW=P#(`~&^L+U(bJB;ikc(z z+2_1wuEzDE+v2ank!CDL9tPuGgg4QjK?DfTf4y6qVuj>}8Ogt0hHA-mGm?L~%p8x( zIwddD=cJ$07kOhRhK`U}44{6nK`by)LWov3*r0yFyn-|I4E}dm1CH8@CJka!L5+Fx zVs@U7XMSyxocnwM31Yy1Cb)|4Sio9Gg9;XB)D%?cg!=(if@FC*GV$T$qDk-(TD2PF za!;1h3Ft3Tlq43-z2!xn@(GXwB!?Tn00ThpxGspi4kPj^Q#{G}(7}X3^C9gM*07mt ztm_)`K*74O{57il(I#S4T>npMZwdy6NgAOt#=iXCA@uvlcMGaU$ukKf09w*FOX8EPcz$~CgghviIx)QTezv?{eryqid;pf?CqRF zvwp2zkZ%5$mM&fHC3e3YH`yarygN#P3=6^d4fUv9f|c1ly^gOqnE#wD%h|B|AkkH> z?JuDR64OPGKMv?>6T50cHWAY?x>H$i&Sq70Kbq*PI+-ZCYZl>?TJ6U39p=2lo0+UrqZ9 zCka$lDJT_tb!dPD39c;wiGmFBlKC`BiD_1S7&k*Tu&hKAh9Nsi2y})c&lnw@>n9Px)B1usE&y6J8^Co}%;(QQ|xQ1kg;v1zf56eArHgUpe_#l#! zZ5!)i8C{rZ8S&y9)9d6>xsBL+o1XoRb|w8SxD;o_|(+^vkooz&;Tz|o@S*gbNxd&0HbS>7%aO#SHX%JWe15t$^!fx*}! z-5MA;b_P6~vdLyyKMV~mXym=X3GQaDCV&`M4{=n+dMSA}*M)j?oR-R>EbwY33FD7Ok~JsIQ5C#aSM-nRPcrk)^Z16pSF* zILP}bzfMK04a?g;a!2JRrqu(|;NHK|W9!oTaFI#--{`LeynBbI9evqXlf=JR)s^guc2W6UG!* zkmITqGOJJ!=X>yPA|uDjOgCy3zs4f6!bz={>Sn$WMz1BNu;Z8slTAIsw?IL@S5pg} zpmj&ebRfvSFl%+-NJs}>d6whr``OCk^&E|yy$ujIbMe{mBFp@r20K{g41o2uO0q@W zh;Fk7!fkwM@m9GSLIX^QciLLcsRo(WnOnF^m+fJJPzi2)B$<;8nt zB_NH0L-Ey8w`DbMKW=%VGxd9{=fpB}9r0Kp)9!X@hbUa^W^P%H&8$!r{aE5#J-zN` z-h?a_m&w1rLf)HD@GK?QNLLrTp`GM~$`wk5)mXnRP6Opd996#A$&L23)GJbZz1Ol4 zlYgoWPWWucFw`dI_>J+NmOZ))bI>1hVxmuq@t))-a5bhm2GKI~x{HH0zTCq*gYosT z%wYknyKHu5z`c&B`MaL21pAY=!R%U zOLd}%`86ULXtz6oH#G5EZRYWk$S_+q%z=~RbA~eo@SHcWFbD~E6SG=S49w$#vn?vP zt}i|VreUsu)z7HxKv3FQawzpx^hWB)mq^l6AbmoQ6hw0}E%>d3&afWoV~#-B6T?zg zK$30ka3__7ShMl^m};H_p?%hK7E_$>nCsbAH(J&nh73)6+uVIlaKo;zAIC^vIfp>j zralQAu)i4pPM6kVnNx#qFj>0sCT5SgM$Yz5lG78hd6k)nt|-AoAe0SwP*mkW$_e(wu{a50 zSxp*(^B4Bu1@*~L9U)(cdK8L`oiae4=e9jBq1DK1*2vOG7pwa1R;du{}F=b zn7xmm_O_Y52?1XiiOImuT+qY~7hp73esnkSbio^2X<1A(UWS=C-H-#(86$&A=O6PW z#Bpd+*JGeqn(yWSqF&U`(Vu&1%VoE}?b-Qv7z&$qOmhud~ z$H*F8F2j>gZzW5@eB)o&n=`;Q=}3`R%{e#5pv0PW$THt}#D#1#dW`$LN1c<>>7WB2 zeh)U&i8&M%lzHu;eC0pl8bs@>F2n2NC#tikx#*HHbWd>lW`Qe!EPm^AkV6kU$X5pW zeIj5PeNy%8p*9jc(b4lVI_U!MEsu;?cPAuDZ_K2vpGm zlpMcA$^F>>35rMx!X6F>mJ+ph#)quGZUdtwFT*@;L4v12o7m_|Xrx3GqhEc$@#t@; zZ<;Zh*P_@7gIKV54k)4hQFl>qiKbU6ekupI`Q_=`cZB0XT;GR(iY0B3a|A9!0lQ-c zp?%@si~j4a#VaeF@xR16IH_c&tTsQ0OpRV6Z&~~=j3~aeE&dWhh!>+Af`;Q`H=T>G ze!9B6it?rzE?q2B0;}eXKDKPt1z&E($9ACcu@$sik~;^YvQ<}o&ql7!%76gmp~fUE z0)mzUHm5Z8LGyiTF0QZ#sb<;HkVuJ!h2l-~tbcBM-a8a8p%y)5BY$;*Ucl2w$+iM$ zaF^S{h(!x|?+8165cYj!c*l+tcOZLN{4U>@Ia}J7=o+R03^2)7LPk|nh|E!NxQlW3 zvDo|?FY%xuJhu{giC@|}DuErvHgp}Od+idl4LtP9B%47~ZlO~{`h5@vo~KSRsy^NM zO+0?Ufk|+@yT$etkwiWtU*6weg!+3GUkud#KK-Qj_ZQ3JzwrC}o1OIcD#-)Uwwyw} zAd_|Jylh5WpKM!?$K6g+0Px6l24Y^{jfLs!U<3OT!Atjaz2fVWS$NUw^zME8(ggk@ZY#H8>iEO^&g7TIb94yGey$at z2Y6@MhQ%F_8Sk1iP~7}-2v!9T&mr9`%+bOO4Stn|Y%VgiUzq{cGS?%wSc9eu9-vKy9QVy`nwo6KrQp2w?R-n5!9GtNN7l%gxt@tC<@}yX>krLY- zsY^7OQYZQF?@%Eqh0bazCW}TEfQ(O<1N4isv!ep^n~eelJY`lNYkMo13ndBrV(t(d zWcyVon&h?OOyu)9IPgGh0A;}Z{FLa5m)l>}3}NJ+Rx0^+G-S5mQ8z02=*fp~D-I>I z^8c{+F7Q!%$hZ8)~s2xX3guVZAgaGT|I`?op|oI306;Jbz{8i>_}~v^M0Dk6%o6r8ExCX z3euTlHq%7ojieO>;no!F)bC!Xc5RH7R38K$j=~|ftx&)XPcn#n;zh$KCW~Ofnw}f) zpor-Yf~XHYWKc2Q)~VQsELVbUJ2UN>C_U4$m-Mi*Dm&B%j& z=V(=ov`9=05-QrzkI0G67_TZSZ-hq2uP|(h86;dnIl}bR6XY3gOvUCP@N=D+g6MFC zh}%1ck=5(2j?_|;0oQ0I5e*(80^Y?aYB4%Jr>Iix(Ne@x{l?xd-qL|g3(an{veWQu z;7R#(bP@bX9-UWGZR{b+Ikqvi#{6@49A_s;JwWSYC*&Vev*!fJfx4A(O(BcF0TfX^ zSq=)7Df|mm?P|6>e3E{_h1F=D!v~lqVCO4Xr^&GHa=UcB&{tzFp-iTuHA-KS8@lM9 zAsOsQ&F0L<2_Q5qF}wFd!!AIs3Wro4DJ3K(ImUcJzo+n<>AMN{mr6Q^V|559yJW+t z`J0Hho3l6Sc2n1s2Y?#3)x4v%RhFRR#eh=8>j#kpEwy7CkBqjlGi9(Hne{in;BbL2 z(?CX82SdDph8MW3jxxu@t4<6tF@q1sM4is_`s$_32xl48kJ$)}fIulw_1mCu*mc;K zY8mD9%OvU-IZvhQHMsv;MlgD{vA}sMKd_|`?EdyZy;P+34CF>LAeS_WF}Vta(G=_L zc{r6CT`#wxB?>L%+_9g)bdS_pon-ie(XAL8Cnps5S8xobbSij?1vuG_yF}{$FD4!?_wY&2>3&_io$*SdG4kfU=Wpx zBW9_JO{sDN0|tHbF2viX&v14RHc+RWiUASeGc_<36f9Rfdlp$f8m`dr_xF-{>2hPf zkDZg3?A(p-D(l)C$3*0zQKYod?k*z9YPDa z)6VhXXw~QPju&_d0jsVzd(-vGjq=cxz``|~9J3v5C0(7FF&5xF12U(Y>`ZCCn<*Kc zDcx={FTm2{{JQ9T&XoSRHTp-)ltz<&l(mX;q|{%{2Df=D>uUNXaD)@e{O8fIalgaP z%dh3Z)_CwVgJ+JG`nzzMeg&cTmyUTS(4$2b@dxVHZ;|um8z&a*PJ(F_iz3U1+yKA1 z^>x!KM6%yLNFJJuznM#pF4v1BT~i{dESV=}$DJrc0*kzP5a5>Rty=J{e#4!URWKT= z;?@)L*G4i2Bc37>l*&fD6@GhL=*dB$nu2RhT$#5@;8ySFD06Q0ojjTvnQteP#K;C@ zr1_-NHXsyL4N8VNJmei(Hg=TZ`Yxqs zhg>0nRHV!@Of|p4G6eMpPikdvb1HHA0_(@b8&bizToOn+O*QC2CkMIsXk5c8fw+)S zw+R5wbg?vdXtxplpt>^&scaP8dD1G;J&3>vJP8^^s{dPb6)E8dQUdOU^id50VP+6j zjiRanswINz-Ian05wn((7M0Slx`{Ai%5)&(-6n$rAKA+EP-Kurr8eWSb3o}P$@i^(C$3*6dTYNY%0lyG#Mx~d zEMp)%6C`gd4xp|Wg;@08`6>Kj;cQG~{?7!(omh<;fMqowk@D`EM&WO#c^m;!I`7*7 z+V@cuD24hFv?oOGj?6#I$4g5f9qj|}5kM!z+Zx~=j3IZ?~2-D%(uaIy#R!2q^OuqApYsF%hq1jnR_u9Es##U&NP zg-J6Z85Dst0hMY>%Xe-o+5!MUl`f-BX5++RH4vFr;0%cl(X<8YVc8YP0K}U`ajd?( zTCX&US1)o1_`p&&tMn)|O4={0q)nhb)CCrsx*jEcnYd7sqGN1*Df@igGGZf?=HFVj zT!dI$ZLEuT1e<~gy%!>v{v+3RPf5v9Y+m6QCS72qAH@lvME%Z>8tkHe?nklr3sj9C zHN-_-=0|b;SD?<6C>U>O&K$G$Sk|1zn_lK2)4*Ux@>~Pu+s#PY+>E5&Tq#OJj9=)M zdh>hW0s7!P2p0H(KV`P87w_k;GqZwD#JwUCKF;+J~}I?t_ya2tkbu3>~rfntZ?b zL%J7#gXD$Fw}e0)^vztT=-Sk{57E!&MYlvTFXdrr)ek_!f3#H^)_3B<+ z=s3N^L{!BfKUDb1Ku9)w`=T8CGBA%+u?g``EgLvw>rN;8%j|eOcav}{G=6bNMn1M>JzLKWLS(n-YMx`-9)Y+q2w`N4Md#267Ih?LaEiGni5`5?y#dIoqId zFt%m`PHMtOZkwaa?PlK_{$@R_N)k_3Egj3@C6y_mF2T)sG5qQ=t9;<#3eyC{sG`)1 z-WmvED&ezc>S#Z80fQidnDpS)ci(beKU~qoM9j){A6|hFqKAPpMUsTAc$tw1nG^Sh zX@~|uMI{3D#XLS%M0Tl!U93a6G4~=sl{HU$bu|U^?_j7f4^vI*iy+%^l1-`(mgM4S z8V24Rb1RwW7U3`#*S7A@+2Em+U;vn!MGEad{y=#t397c5bdj!^rdeVw|Jvw1h+wM;*D5>JssYRztnrhg)SofD57#X`I za6Z-6u6i`SM?g`U%&rC&pBBx}pYq31b=cP>hid-ylF4-Oces$&10_ z+Ya|I;0E(WM9c+1LnSv)s~{}D0Ts3#G4Tt_1+B&vF6H=0Votz25|kb#5}TH5E!xe~ z;3Yc>9r=mINbS*p*6t)XhlxX&Q{1dLJlRZX6jR#k5Z@^Xzj3o=$`623;N>6T!ta(_ z@>_%&A^$m4NytAtl2~G+mHZVh1x~#Evr=wzDe&9vykavqqTx`nf}Ry)RQHN$Tvo*f zxr(iXq7ZeJz>pKJm{px*s@dXEgXlo&97A^Jy#?ce%`2fN#Q6j5aUsY^^C<#ja1O{@ zs7u6C5o_)`LVBk7yf7N!@dP*{7BDH6DQ`84yR`H8@;J;<_?mDlRN(j`D6THdy3-kE zPi1mgs$46Y%H%U_^~_C&OOXP)RDc#RIn`u#eGSxoq%WKqvwo>6HG8EHR6i|llaTDV zwu3&Oh5E7B{A`ouoVARthKvEnR_HkE=B5UP;xY&0?F;A6lZWv1u>8fcWmAs3!c>u| zfo|iVC@R7`h$hJIMcrxR_|Gn1g$^-;kzU^-gSJoo0%K!m}vdIjlhII z9Qcl}*^X7w;?UC!y=?T>sSzSQQd3-W@n~xWf#Cr}-IU%|(dK+@oMQ``DrkDZ9 zF9_&sMb#R;o6u;)i1JWY({^rfxt2B|oN(xuIo|C-4mzR%$a5f)!ME|2m<8ytP>V~< z`a@6v{nhd6#XVe|oYH`QZ1pAPxA<_bP91k-womQ4#Qdk20M+$y4}MF79Vi&>9$kzF z#_0!rZ4=!c+dv(rMsyU41*87Yxtlu3PG`TU-NGHQsHKVVW-h2~xtR-2ES%})05J_7 z9T_-JVTI{JJQxK_L&9E_7>qaNkOEOcBO?h>H2_p4bev21W~BBOWN^!htt>XxFaA%G#l4!zE_&9-F)pnt8nRFW;*J69_lZ3h4Nfy zqqVN%T*`@&glw)R!fybft}-RxN5{nKg1j~XYPo_MtT9XmoL>ccU2wzCp*Va+K^=@V zQJsGlTO+9F?xc1SWhXMkmC>me;@H^cgAhPNqDOmMr zHXr?2lx(i|Z9yeGZcfZcPF(0Xk3Y1WlL#~?;{2?WpV5K+RSMY=4(UmWZ}CkQhQ$axGH_#Mc}+Y0gG}WcdPIOgU%O_Lnjdre<>&D%fcFE zkZgTPOGLaCn^Va&@4#MA&^7Ad@S=slQ6E2Ch=0t5-O;{;*j}k9Ab4?i@CafZ_5zE2 zVP7aph+^x(JE;h62^IpmM(i^IY9q(1$3H46xmHv>Ofu2vdfZ^inr^~Mo~jV#dQg3S z_zy6Ze9W{;wu<1P-$*fs3r-PCyhs3^rV60=p(%K&7L-4xuj&Cz1%RRr>9{aQpl-ex zmJCNn8A~x_uh?-9dwgOfzo`M<*6&d+{bhcqmrAct{d zEZd#I(MR?GPzjsg@7MFZLXiwkG$kH{MwdP`7{rSjxC?=n=qCJ&k!=&N+b7)50SC8O zbOVYDFuUIEkIdMX zgN2U6WvQ6k6N-?{9I?Op4rMvTmVe_-=vRpCWBq-wthu%)TQJqC6A5o=J&}|wATCL z@NN+U5WyPe0n)^9;*fJA|JrgmXI%}q06@vG#BM}e6PSI&vV%dgW8MOmE06d#e2>+% zbJ^G{oH(R1mj+oFlmSB=N%q8Ri@1r!Q=D)2xox2< zh_f9{db_$XVoHEv6dUa)4g*k5M+B^|*T6?s=`5GMF2NuTvc~mdGETy0+)VM8R`|`O zm8tvd%K>~Wx#6e~pF3VwK2LBc(+LK5#^?3>kk5()EZTmr^7-2iLtTQw{`mY0VDU=u zk94Su&?Ibb4*M!04GgLoz85+0W9^-6MJr~t=)8nGF@R%G>~)#xE1cS^ zH=`-Y%M%=MU4lU|Zoi4kFa$4_o~=BtzydbGc{7_3SeIb1zgjNADDRz#f25Xim<=Rw zv_q0^U~qK~hJ3RXb5tgd@)PAscBy65Qe)10P|4sctCkD~`y=CUk}(ZPtcVV$fbDae z(+W^&sHa4B;y^0v`IVpm21Ax!AHA;`8ymv1u3Y{N9(R>kuL9}9gs<2t937OvV1HGp zl>E{Y6!ob->W?rG3F-k4EAdAKs2S`J^={o!Z@kk{eY->5Wu^Sc05yaCp@aBi z2HZ;YLYlw8pr`22RI;+kV1I>iKPtv6b!0-Htp1&%IV?cKV1H;%1sbmt9jQgUjx;U3 z{qT=|axnL3$LQx^gd!tl%*N2&3G~g0xA8By7OM3I48m5VL02;bpZ&AQ(FM0Rf~um5 z;VEb00e)hFLFv2~V{~#V>J^|Q-0%R7LBh?O2%;<;bo~clIk`E^LDnT0boz^agz?wwc9ZGlO1fmBZl=F^G~?y&U8KQ6+5Pb-<#7VS&Tr z>b25O>Vh4gRrYOuQm3DkUP=sjiH*>(bC`1Y6F}CEXmhsf*|BtkmcLZuYdK^HZ9RwW zahUM9V%eT%@^2imJh$VLIFOnX{Ukb`U6SNF*iUNrlhX1WA&6Bsb%rTItmHVz5u08* z1jr-HG880UTOe9>fdCzEwZ{t%X*Q-e8-C2CfTJk=H7K1ymVN=)X&F#mzxrx?nXmjo``=#zXa@VEwHfXVTf9o* z?{0TG<4hzqCmseVfIv^0gVBhcfXAYw@U)ze(w_7-_WUzZj?}QR?J*k;_Tip%Gtd*R z)kh+aQ})u6?tvl2>bE$^x&(vSJ&Dw1_oRQi;n4|*^noH)l_wr20^j`zLIP&xD{=_{^B zwW2WFqn2QZ5E1+B{K=8Tb=~pbW#MN9@C+Vx zK5hbtEW_j(9dmEn^=Ae!4ED#=CkF?0k;&m7Z*g7!TuB1zBt~X3bh<-r&uWUF{bQWF zW8$TLVuC?oXdP$iR^09YUcy}%z%eKcJwJd`{j&_*Cxd?Efa?+r3WG``iK)UMC_QwA z9FtnC;#3&`GuU6v*TSxFttd6W_gAjw7le{HJvE0~dT_m@N=;pYL80fW5IrzPbIgZ# zDLuGu+5t1zA3dd^LWQ1#eR}=^i^!2G^!x(MB!6&0v@3!^q34tkJ>sUm$kKCu0L);2 z^xPXNROq?kmySQtP?FFy(9&~WPy~ZQ&vzmTo?~+K3#wCnRA87(GBt>$h@9=PV1|vL z=;yBmD9jWKHzj~$P(*2VfDeY)e}IML(_{x(mtaun!m_h0ONKki~_ z?bUHV5JLf@N4V(pQU)<4$G_&nfvS><{L}>u#?lSMtGj=`_qc626e^|Z6*x-UAfLA3 z4h1qZESGX+3K242#YPR~Yg!_JXdzpkn}JCBcP)(=a1;(kCNWqr-GR|znQb0@LItJ3 zhfXlaJsCej+etxbiIS}gT*b|b!`6lS8TTj~I^Cdr)J;9~2%4d&lJ^PqtgA>U@q-7D z*dd8>;39j*nDALgp39G`mHE9D`$?>acCmvWYT+!fM@!cEFup$tiPi=_^nNFNouNz&BU1-| zSaSVfEqRlJQQ=ELQInwcE;_xG!E^)R%*FvKeC>Yf0tUf$;#J{$q1mwn&$u&DS7?;B zy89e$Z4L!8GpxdgQ#^RT6lK}EW*7mfN;=`QK{=9~SfYvbl9*V5uQZd1~N%yTNH!T>X$kn$h7TA9d3xoY(@fqX9mD58A0cQ&C$qj01s2Gamr(1$5!C1{X}QghgDxbji~txjJcH z*#0r@Dy~7@+<7yu_jCs5&3K9h$04y92GWBPvEu`Gnz!AcOI>>P*p0iuY$r44VN+P4%`BP zZ$Rl{`pV$0w0a;!#=q(iOQaN}E74!qhTdIFY2+wGF5zthPcAnVaSsR}-L4pOjc z)*%m`Peqt?@kAG1?HR@GOxX3u+Pr+7aGn!}HuGwJ=wus~hk9h<@itmKQe9w|HMtJm zVPsXg2$v--Sf9gt>~`sLTVy`Di@ic4~xF~p#UzBi9j-!=CQuKJn_-v3zoMYqn(%yp6(`|D((L^Cgw z%s2`^Dq^o^b%(rf%|g3}MH{G^g(%G)pd=yYC}4NHmT|4=yh8#CzY|84!bKR3Ta-v{ zxO=%S`ZDzrjOQHh>-c9bE);y_{aqs0`b$#v6mDi&Y=1`lL zBNj{K+1nQN)yH6ezMQSceVHW%;lr_hI{H&;7A_>+wi}<&>e+rsM`FBlhdZwZeD>`b zdA~B8NABbG*YbHfl?NE*ZA)yR!_yUEV0VALrEl(R7z=ym!0BMSU$^uYFa+E$f#6f< zeERME#CHDx%9KTaZsmZM5^c$OJetdxqmRaQO$_|-53qvhd?S6lLo^<`kJ<4Hh4}SB z7f+WQl}&w_Kc1<4yZ0PCKlN-*kpU5Y1OF-hMsbA+Rww(EpOP*52{`0%Sbrt56gqJhsbDk z*J@07@xCSVc6*)7$yZ1}t%i}8V}9ZThwhhdi=`-9?V`%GsUbS(*XCWCC@9Ac;br6UafbnZ zcHu40yI9z=oN&%F@XLZq0hC@xK9?hPgu^~6#&g8knRKqdruFs_uc^LYyv@G$=IZ|A zlaYdEYKKrv>d`+(Nh8}X)jTMtd0a03^6)nxr)8Wdpq6paR!~RdXsF=_PE7tla`;1o z2S40Rf}JGeisU!mG7@;(&7f;&Ct+_+%ebkM&@%2q`#atK($55WeY?i&@B8Dau3Bmq zq5UPXrH0Q!+u#xx6x|Qx5L2DmbmAIOlSoL3oo2#&;St)`CnZ{6t2^VfXJa}mcCV<& zlBudjIZnZ{hCH7(8+Xi4-LY0pReMQ6N4UrsDr@#YvEF}5E~?s+3l)!AgFc=M9Uj)j znkodB`bm!yCC-776*KL3I^8YTbYl-Zz3Vo)&8+m3g;zk(ng!8nZWajepEO=v3)Z-| z89L2N_zZ?XcOO(e%T6`S#*nM`rq>9=L__J>do;GECuJ}>e54b-ypD@@*Fw^%RG}Y zydY)nqofkXm~D7oPM}vQha;pfgd#|Q+1Fux3j_<+e8GyH^WfZ=ugWj9tyqH*(DRSBr=m^S1`jAo_HXWm9yK zNP*t;RfCd@S?2>K9S{=G4A>l4i_S`xv}0qk9M#9Z$5!*Dx6t2-Hp5o5nIw$nqmsjh zH8wBrn9kt5Q6A3iJH9VAGcnIV!S(3{0+ec6-3V0@J+=`KVVMu8WWWQq%wqHS2x$;* zxt3jdxHrWtW#QQNiULy2W;twSO90Y-zsa5?uvSW=xmjXh9a1aEP~whJ0=y2W(0+2p zMv&kRZ=t&ZoZn&m{a@aZ%xqh_4NBenUbhIL_6wj^w5TPB3b8St{Pxly6HSx56@NN| zCI^g%^U5G=C{G5vBMkDgYfyI8yi|K`DJf*WxHddJGXQ=AS zmjLC8^yLL6dR)XJx#0{9s?AXJrBM7B{M;NN_#vx1YWQ^3(D6mDOXWeZ+_8jK1E+bMI2EP`WZAhl{ zjdqFY1cULefiT+@Wt|}QCpSFj!Im@kf@Wr=GfL{4mTe2vQWpz)9j_>=!rk-G0^SLj zAh9|mt*yv!2Gs9-i;kNO6`k96*ly0iaWczNK*lW1BYnsOgB&#yo0YmH<~WOPL;%EK zh+SXCXAgEgWgNSPyNqBL!@{nok<2;|b&2T&gN|K9S(o6yKD$OZc3oqsE)23V=-8!q zTP&dk&eoo3p}Eh*a)Uu(WXx$YNw9o@G-^L@^thBJfD@nc8Js2OgB${ZDqi8_oDMCE zPH$7@{pfO+nC?qquQ<|&?h3S?Ca2}(pvXBd4+h_;ABlj9`=<1)o6KczIQG){;L1`r zh}_hkG-p~CZ*TzVr3?zGr{P$=%>*}O36QZd=&F!dc*hYGIXFhyo-{{Vbo6;B&{B1O zpe{SQY+QhI(?1nwyAPgVP;gF`&WnPV+k&}u!QzxXI9g$o1P&dUS{(p7GsEc2HE7HyM98MG`jr}`McZC7KxmQlBG14)f3v9vzmVA2T&xiFV_Nb6r?cC#fd34j

ojD7Bv9fZnk{ivu7APvTtEu8q1DUpgBNZ>B;i(`SB{%TSkK z(C->*HoCLa&tY08%=ETMiB@=K)tKQH&+h^}4ElIhDZG?<)a%-QiyUk^!JzQu#t_^V z3wLV($Dpv~;t<^WiOQLU0UU$EnUh0s>nz+&0UU#tIoUNe(1BW0AP9w|t7#`*=)r7N znLh%8Lx((=K*tD0O^}?;2ikqOvNIC{Og! zcb*lOAE|xIk)#qEH@o22ZFjhV5xKl8EAOC4?Y%DV>Q)$2G2P;a0hmI(>Rlw7b7s&e zln8Th6~bb`H9DptiQ(1jklnm-p3t1lln0Gor1h$y4dQOxwE#<7$a`=sM?thh?I%?$pV4i*P(26rLJ_1MoHh|9G}5yp7;-?yDtra*8=zT3)x( zuxfzPZuPUbN@<4%_!|Y_79Rkono&97;@<F%0W zawE$g=PV_g6ciNd+9a`~P_%{*Rs@O>uV!vmf7bWee1D?M;td{q!Hw1#u6fL@-XcnO z{=QNj9HO1uQiCAoYw^vwW+cWbLgNzQBE-(cr4;yy%;#<+a5sSNG@np!h|93&dR`Y> z0&)uf1_wUemfakE8_seAG|p#EFE>y`GT%oWFA?lGNGfTkKA5O&XxhGu`6pn+rx|Up zt9TnLO&gLo6)a*F_}Iumye!^|m&V~`YcddH6WmAmD>Wh7Bg>Mv1B*N~J2W zF)Hj5R)30lqf#$&THqYnfkVOhlb!DuUgh#FO|J~t4gOwu=iU6ei2dFAFA+3mCfShJH^ zQ!VDgo6x1jgVby;l`t}CO_e@Jn-Cv=<)BsIQ_l0RvL+wy5}Wq;ZbOr)p-DQ`bi9#? z7Nl~Q8o>4BmtR+aOe^1l$B26Pg?k2rW@s16Xw1QV_}T9yGFySX=Uw zOu${%(tcaKzoGrCe_#0%Vv6)2=r_4xfNIg0FSA@dO^EwY`9X&w@15nYtW=Zv?tYjS z_bLyuxtr=KNul$E_R0u7JJ@cnZGkND<_NuBnO$CnnIo8uLwHp3i!-CmByrRWkgc$y z+5owF#Yh=EIcj3?tijJJ`W;QtC2U8DFdG<_!83_;56M8>!0_r;WH%37?9yk4(iuh_ zJI!PF`5q1(j2|Grcy&9xKc@&Tcdx-quQLnWkIc3iA6e^(G6>6E;IWJ%x&(;2kE?k6 z$sV5nHD;&4))BMk+t0ZS#oDy<_NE^K6Z_fNhQSdwG_I20vMk90&E$V{-+wTPjbYoj zv1WEIs$o@7quK8+vI2|KXR>0L!vJ=Pc@OC*Z3*hds}$FmFF`#DN6S}OcH$mf-p9&W zPZWt+H--AM+9R35(?l5b_F_*lp_Ozy|O_cW&gGyvv)b*+Ldo%={t#sAGbE;CKG=~!I6ZTw*klp zugS9ol8Ws;fYG}&MgLmlc;wU^G?as=MfIm%Pz^WR3UhMs;zNR|b@H#GvRi(HA6@Or z4^a*29H}i;HLvf)`XCsjm-x5!0vB*)fIxDYCkIWFO3>~@1IY`2?0zB?X&e0^qh)1C zqNQ`MaX`Yz2k<4)e?-7_={Dd*mtKgURp%n!l>Z2%+o$sOypYwPJaES1x-`S9*RxB% zQt8s`L+K1-c1cD=mW?u-;Mdfw8QC3RUP1{%2Mq_Hm-h);0i8<7jMIWW05BdU3*XA; zrX0E*;nf#m%)0SR^|xI#Gs|&)Np-lU&)qah^jk14IR>5Ea zP8}41K2Znn!Z=3T@|)^l(P6sy2nTyft`c*SBj!5Ho|~gj0vyQR_zM{sZET6s4S;U` z5Ue1)Wv<%cTcn#e_)IHDe10n+p#?Em1>cMDy%^7(EK#c#h;uz!kHUSRlOgvZ?+$2< ztw@U`&O%~~z3G#;rv{~2%bnN}FQqL6kqga@ARSkG3aUHh`fc*uuh}#?odq`E119KB z$3-bM_;5=XIg&~g3S&^=ucN~BUmSo4D>sNOv9b9sHobts^iqOB=$PGHjk6Lqi{jHO z7wbt(Wcl=gW`8o1e)1dEk*jiozC~^)MV)bCX(sK)P=&vXSY@YOe;C?|Hl%X`@3IN7 zylBS|>n{1_)@@Lv^$P7^%%IBNihRLXue`xU`5erCp^uWDMh74T;UCYF zWSE&6gDV1k^^(uqd zaAYEwvc);(ySzCA$gTz@H^j?Q)Wo|~5_zW=l%c)&Ocz?-eU6)w;5x&IgZ!FCP9G&% z?02F~=mT%B0le~7qC&i#LfY>qE5p3KQI1vt-+Jl-woVN&z$u{>mQ4S_7~Fl!I8KgF z5K;g-OF&ygpwlcU;|SWF>Ytz#ZNZDKbuGAr`SAdYpaIq$YqbR*MMThT1`B3516^!- z0fX>RO1=hWH)Zay2{{5tc+o=uP0rWm2-8*}5BJMD!N{Sp{lZKUL6x)sj5D9-k z24p?UrsI}w`MnbL@$QsF*N!pf!F5N(eFSia+fmZkjz5$vc2Ol!FO`8rl^lSr{Qk%A zRN_|o0DE$T$_7H}X}0tNreSU%8&q}wtt<8s=n+)51SHssFenv~DI6R87$|A*f2>d| zKNeJCNMj=!+>MnZsik25qsUdfQrHxo%OdniybTP?SeZn+Z9IK!?@JsjANYYwpBGILH}*bl1#s2Qh~{ zv4xZ7uIIAtb=)t@KA`g_%v$CBT?0dsr*`nL0VYB^)x*$!mXwRPT{oC|H`uL(cGC9` ze6Z00SjvqYypvSBKxLd=z~0b0Mfl1aTBjnEuGpZPk!IW+s46C)vY7Pno!U)i-)G5r z%mXsd2p2*lE4E$fv)P$b$TsdFT#UY<&td5pE6-@TG4pY0e7XJ&?I#=AIhQbZfJAQ> zQR+Z(fuN9DuflG0i%rYIgq#oQLb+fj1DSaQ`bn8a$2G3~0sE#Rq*cGAx{SSt+BsQ z!^h1Qiwz>J;mnR_v^BK+P;2bNN?rlxNN0c=C(e042T{_(%?nwkG|x-YJXqqgmm}Sj zj^4yOl`>y*z`s;rOf(ll*vy$=oy~i@pZ6v)gKqL3COz@$C1}FkB|jG6P-$gszi%k6RcrT?kPRfKhm# z>gR#bF+n7mleKVn^<>H$>c5UTx8?=qPDQz%&cz$Fu#kk^4^r$#HV8HPF$9!qlbX@G z5T-x<@s7}b#ZD2um;OdRaGDCG{14c({xaAFpi!%N#ZOsHG%)V;boZAYhewM*Z+W{) zbOm*rJxwtCM!&`wP^nUW%j&`vz^-}btqEi%)~LY*OVvD?~>laCd-2d+q)Hpq^jmhE^#SiWhrK zc-bpWQtpOkFov*rRn`B40<^8$@w}L6Vc8r$ZhJC&L8v6lpBl%0>0q;TWiWrV{?NIz zF+B9PpBnpJOOl3WCpS)(7ImHD~_}MC&%$0AFZ-EC*q;TpAV5(Umbc8u%Zs zf-PkIx^1xa=l?~Hzt-v8g^iLWCr40Ad4s{Ml&&-pb4H*jf{VD@`Ua4LO8U2D$7v7$ zwx2Ha!JEn^=rli_14dflS|QZ-52c4a2+I_)l{HXfp=vxl3LoaYt0|h00Cb!~5Wz_s z8V!8Ib%G^@j?%vO9}B&``{Ql-lsQcDTL#sOzXF4p)vhQ7yY)ew(XESitTbj5O+t3% zJ4l`I3N)HS&c1FL9<0ApxZZ_-6Sk}vt8(|>yWjCb|cS6_3=Jpm|vY{GJ1U1{I*n+F4#H1|xs`FE+Km-0F8XlmE%<&66P2B)+bb9`oxg79^%>V5 z)aOWYPv4=?`mB1{)kpaHXh~Q^9DbF5@=JLIn!u;GUm#w{d<)ybig%dZR{yDd>G;;0 zd_g|5{p)A1tguhcayw7=?s*a@YDky`6F=rHBf zoDdg|O|nKcyATvZJIpRL=dlEc4W*d+P~^$OEn*xnMrr@}_2l0Bht@Al@0Wd^_N15k z1#*ElRC%%b#{ahK-68%%7G{}P(?18SqL#^%-VJ z=|MnhMl*UMyN-I^yBNknz=Hv6UOLUOBBKZRJ`%{F0ND-2Mfhtk>Q;24e3y&_fsH~S zfNFKGw`{vH2hF0L5}^7sGI)zrgg620<@n$nlT?(pl;)s6Qg6dV2`hKsJ_z*}^My}Q-e&9M;j&|w}H9Ply6>9^X7O)vKH zQBE&p&c%LPtDDgfg*}Bb^$v8hIab2Ncsc$shdJ3(y*C|CIW2QdwFk&r+y? zK#sWn+ns+P8;_MVFU*da=X6pU4qQQk=NrJRgn0PPAwN^Lvk4={9DIG#y01*T2(4`m@!H zlcu3N0>xg%V#PN>n+9fmF+3(nX~PHandrb2qs?qVB=#Pcx5&6u7j5x<6%(a0po7jt zfSbYMOQW~MZT!H&l?_D7?IAFZj5~dxV;u9mk7W7s>a-TE=01yUJD~F);+W)e0#*G|JnC{+S0+{PTtik_Sh?h~#*hwIa5TBu8K z%*zc~oOnI&;$#vS?Fi8z_BCw!R|e=)Kv2=*nr|~dg{=C5=hth6H&W{bKuYcsz=!dr z5#!eh6_z@!kUEu%@I#E!u1-7a-{JA=6yzKoKEd9zz5V_d=-=M$0jIB0^nR6MsBIh- zOW_wSB-5Lf^tZ%*8T;TvcsnZG{vcA#VHv$2paQLKvrZJ8P`6 z(}X$FQ@@^2S`hNF1@@0WHqj2^5l|4w!625!f^2weGYNb)UVp&&m*#i$A*C??p}q)+ z2>R#TO}t7m34Le*v1x^t#>)^|SepW3)ym{henQ1V> z%sWMA8h3K0aXAuHuVi!{QqNSGNy0^ZIgAbHFqsx`Hj(|-&;F-VuwGbYXupJ)B4+M|2isL{UlUn6V2*YS#Kx-C> zLFbt7;9}FpLk|rFh@_-r1+ufe!27OJ84}t;AtFqsWKI*mMJulzjRKr`NZBKKGD{`u zB8ueE7_}`wE#*B0$s&slw|FN=wIsF-1WIk3@Bm~w%5$PIPq(^T4B$p8Q9!cUWNwPj z2y^KLSV=(@T_>@<6P;{LCwU!w&)_%nyR9Yc5*V$zyq|><+x0GuEPkrI~{)vU+orv8VW~11i(9UxorS=maLnEs+{yz8^vc?Z*zsmS0YXXLv z(d-a7-!`$+uri#C~<-ZwmW?%&H=nTMt3TfR@BL!v;}l6Z(ySE>5(XWerirLIo?lZUv}y|N zy|}?JH?GKhQ*0y~4~>GFP6$P1uuyv|kaz_`q?YpWyX1>4MYhkF6>qYlR7bLf2D_W$ z^h8-G6=Y$foxt9XKSzNa>0%hW zEU6DkTmcF|z2zI4CBtM`?jj@?{oKiP#4fmBRYZ1#_SF@ zPPE3nkJ?Zq($Sh2cRs!=!=B#0!5IPKu2q%?aly(56oaTaYt^Q$%HTf%*62ZfCRW)|RM1@M+0{%)-4Re-If;qK|WnzHp2 zQjAx&q!tL-Wf;C`ign6po9&nE^KE7sZU;t-I$+^3y$y*AnZ3y%mpmw9-jdTX_KDsF z)0t}f<@2(zYs`uu*0DK!)*rZIu&fvV zHTNrw`6oq@lTTD_d|}ptT3DQ2{{H3p5LW$vN1m^8MSnJVt`Y_PDdqW}2Y*U={vuB9 z#N3n9S@JBeoVxyFSPl_^4#H%7Pf0q5uYW)kji&ho=?e&59ImC zAm03#;gCH4Ow*h^=kSyAd=~<}%X5Y)mvxutVXtq}R(ij~ zwpZzuSXIR*1hFB}Jp?SWu%Lo+dj~Bok`xx&c|l|#u~*ti(7u%$m)2 z_{sP#1bP?Oe=z03KwQDZOJ26J%0|gpL502F(q(GMi;%G9h*&l#j4!NzK!s%-=M*#E z1X03omNGVXQW@8hRq9WRZz}QSmG+4Ebt%7?-sr}gcEUp4cYs&z<^vWSukM7&Zm*WZ ze2B$zi2$-bMy!cws|N+4%O|al*=-;V6PrPp{E92gIaz6kjDv;1*v`Q9+GwtpaksqD zpY((W1na+cea+cY{rUUC^GTP-*^_x}rbZcr<|7+%SO9PW$s2U-*>c(K(_bdb6*pWI4$VJ8ED33~g@($0cZ| zt_%`Foq7_dgDR+jef6ZyO?%i^_h-ciz5A9R-t1sFG#L4{M`+o>hvlQ-{nYjU;)@GC$D_&A41x0YyLqAc_4@2C{>8y;h3;LvMfyZPCRg5XdW=Uf{LPazPoQ?Q z_eT^-|JU_FV_py#E(n24cnVth-9pYHD}31MW(n-M?(+XB#;-duPYAIfYy3(w?cXsa`>kmzb=(-)SJLx!}Uce&5mC;P*#-3q4DeLAT}iGJU(t= z?fCVYG)}ki>zN=jknoi@(iCw74T*Q5jHv$jbpzoj-tyu?ui||ma(Hyl__Ua-(HDGf zyNQF2UyZoZ0m7_Sl};WSq^U8~^*LCba9eo#?Ch%|f4rhhPnIDM#d01BD{h>8V>IEs znySQ@(SB5?jwF~V`}5=Q`V;s64I{905LcesbL<~XKdkR`xu~OO`lwL<>NGD1G3-cV zF@zqk?a^sU(A1<~rm%K@=u-rRs(^iFd5rPd?GKH-0EYUzgqn^C_J?YDzRwdp8Xz4G zb7L}StF$}~FR%tjEm*AYX}FT#f;F&DYe*w5A&2u4{s(@)+0?V5l%dxqON?uFvK7Sg$_(IX&$YOpT#b z?M73YD)P?xwfiXl3>eZS))|~7=EIx0!IxbDOY_#g5{>Q4yY(0O{^IccD$-||IiQ{L zW_V(;FM1t+T-{|VkJbGGkO0cDiVUF*{5TS;SIxWr)j$7u>M1OxJENz2f0p}ZL;cy- zAH!R=yR6LG!+tsq=mOi^A$u>B&Mi$U4x#jL`(ft-?8vTu_Wx$0Qt9&IDYuUevU*8y@BJ>Z&SoUSp3=L+x>K&-Un9UZ{Wd!QYTB31;k8{{JO>c%!6Hc2m-Zw><48FSG^eazHZVBxui` z<@L{hjDx*DA@=W?(LYsD{FKhgz^8l;ErxQ-BGN|WZJT@mtJU88e3)~IFm$lKU zk)?48 zJf9=-7aAYJ>Gc0|YN@6Ie(c2Sf95>R(_HNpzYG{!4iy_ZPqQbUyOS1xlKRV2cDqNn z^EBln!n+RxeeBDZ%onaTt654nc@68IUdLP&ydlsrwmZ-F$mU!cmy9qt+I{~UvX(OT57+!3=14u_nTi>}ShF=zQ{gv{WJ z+j4Ig@Ve;j{_eh~0bU9m#m>CTYZ*Bp!^ItO%i?f~6dR6cER^ zqg%}>h|wMPGX7yJugQ6gViR2i_DvU)eTjMNQAXhw{``9SIDP$4;wp{v!)WLZWJ5QL zw&IjOjzYIYt$!1;_#mEcvKKd%x5=$d2fHZ?u54<=InW&)7T)7tsCf1IJo}cbY;2u9 zJhpl%s?7h)_Lq5$Qaeoj9PdT^1KTrgn|B@yJ;$CI}}T(6f^;5vpB@sfkUk8wIvcUEWS%)pbvu5uciG~ z$V@_#G{lW)c`U>58~e!~yYL9TK1=c{qZ(ZG6aN7H=K~&BAm&FhVngHpeaT6VwmHDF z30SO%HCguajTJ}`aw2YsW-u2TlBOC?4-Ji8DrE(T%*EYZwG072D46pVDBA1y>fO)FoAYd7)gxr-egB4qY_ zHl=JsOUo9uEJA(-8q(2qav{Y!Zx)6R@B|{;gD02mVWl?qcaVMvvh@de5COMAyZNMJ zuUjfpBt+sqz=z?21Yz=x)neXd`_#ekov+S`cg=|;jt^H_at?Pn6Pi=LHD|144M^W% zKK={JT#THn|AID*W#ptAH^Lz6s{0Uc9v>#`V1&sGN0{!DOd&o!B!gDDC~WoX$ZpOd ztfc3J(i!%vG#%$badnaA)#A(BOi)J=j{RGH}ttI`o!)< z|H7dtaYeUW7Zkl)|3w#kilR5Xh@zXsIU4GgKJ||wS!z8YRCGO6^UiCXLB9TKeG!X3 zRf{5wZ z96Hju5Q1SQuSSWNa2T;WnzF=2Kt>a!Bj48gP!^cjBugSFe+)mNEf@i9(F>{V4s;Xl z0|u$v9H})F<&<2WW;!nvQWbV7?^83M;Gl?;Y=WA*8$ic{>?XaDDj+F>d`(CVbBh<3 zNt0bf5)yj37>K_LpXmks#G^d9M_CqLsC2cFh$%{!B3LR>7lh~{s2R#azuXsH0`ks7 z0QohBPutB=Hs7~$edfE+nEgo4M3@2nNzajhu^S#kf_v$%R(B3zvd7WRX><1G!KgO> zGjF|sditk>tEx1sJ=CVyS z5ByXWzilPGJ4}rTzcoq(yI?cxp!QI}6e&P|+{Jqe@Vo$U8`}zY1nz%4z8g1j2O+Yj zM*&6xlk&~c%27cp4iZW6ekqeYtxhVj#PzH{<5nAvR=6J4l`$k#r$!uw%4*zcZbbhH z2Tj=_9hORe9GJ{xnK8O#F@hGma)+_pbc1|P!z+D3HIF`_QR#{;YOPgW3r+V2ByEkphr#N+vO@8*voP`*{c64}CeS{NSX}oL=eIi6S`G+0>D@%iF8(`Nsgx)zSSn&>e=| zM*||)9w#FMo;k=F0PcvF46gv^4OMpjwbJb z!L7$hM%j5kyqTRJRn!Rc3aBiGG7Om?kc zEK9-QSN0>b%^)T_=7*6N3i86fkmn2X1NuS^(tun@>kavEL0%9b7v&3-zCY8-H&3Tq z=MjATRx07QGz0L&$vW&ihbsx(>Yy~@b6qb&x?Vw)p@0X|EvuO!jahzlJ%wsLX6z!Q z>ulpPBYZ51I9<*#;qVm7dJ)p~R!E5xc?U!#1D{G+M>ybZ7a?u8LMp{Y*AF1k?cK|T zkfK}>(w&wIAw{_&q&qDaLW*)lNVCdC<@*)V)+`}~KP&$+lP#peYA2*VPtgXJ_T!{6 zNCJhl-AaOE%evz%tJaB-uCqewT4DWhmP6}BNY`5-b@*$RVUaE<)NH za*zh(BBZ?`hmZof2&p1hA(czuObXhElGMSK=s=tL_CiavF}Dx{PD`{^1|A%bu)mnC zNPLI=HS(K@HXi$U>WNrW3-;o+?2f;a@OND7x|h%eR-m92sVJYE$3}{D^nq}Z{`$eO zJK$tH>~f;ZS(TGhm}B0pf-^{NdBk3Yhh3W4m=gE3j09ylI$q%X+M);?XWN+DcD@x1 z#}bYD5Qy4G*dHQ$G$#}F!v#z2tYFF&L`g@%uE=99!sz9VVD3yq=eeCbj@`N{2k1@H zYF+OwZ_E@TH zMB#+g#__4YPe{Ep;czb&|8SScwQ?tT{KEqy^R9xGIzIL6__c4B=e`}A`=P=2oGW8Z zUf#DdqYs~u`{9Jt+Y?eBm8Uu;q=$?!oAPsVO6w}{chJ}uBiGLo-8^SRp<9n1U;N3; zOCrl6SXbCF_HWglrOEP~i@mZM$Ekv~E~w zT{+MnFkNgTEmoRsb@`yBZv`@Z&Sl+|s%s0FGQg4`~yMJ8(`9 zL?R&%_IqU6lpSMVobzLhFS+B3n`gc44M$=igU2?qh$DcoG`FhZ!g3ml!0dPUcxO6#ga zrB~KRmKBn;lCdvT45wnmkCV`oe@r*^bh>F|qh#5bHNx{>ZX3(HLt`;CsNIxi~jqh4{lG z%O;}y7L@-^HOl|!Cx42i{(_d8xi=UCzKmU4Js3@j3Zs-ng5Tkt&DsPk+qGpDx$SJCZv%il7M3hl$i;K!`J>!43b&g zT795milv8+FgQa3QXT^iNbg(TN&L)I=K`N3=iz&NYO}YO{sM2Lb|Avu7+U+8U1oeV z2#;?KNyc)UcDzzrcPf}so--D{Y|aKslTrMgw!_<%A9eVsD~BANv14pgB$GrdvSl~n zS6lql9o{RDJe5oeTtyx+agsK6O(e6y0(u(}7@wI1Ij_hYpD7Q;$<6~a zcKBJPXP2H+`h(JQ&+&fK17r0RVte0Vqk177l>|&yZf@d6D~BbmEwIq0If-mm0Cah2AcCVbeeamc{>%Llnuo(tSV zw4Cz1RO`mPRGZ5}&m17~m_=ENvcRc3G&fKo&9=k*5JovKsg2Sbdhm0=gyMH+p1TrK zlvB6=*hi|ry>TDvzsRyYbQj3TyOCv#9vw?P6Nq$WeQC1nYnaJw&z-qXX=GX1*S6!- z<&LqB%z0x%?&giVRMt;OZB8B-%go4~P`q{4ec3I975bdAx;@J3hLzRrABE)a6&?Fz z^{HjagUXV7iGtWT`PfFpMKY{QS@OWL zDbczD$+dRQ7dQSen);h9tzqK;bXGsHdOYw&lZ9n#<Enjb8|emzTje?&@&O zd7v!Sc~hrsQoE+~;Mm_@Ha1Ysau9ho;5{NbM9rZ>Nd zL%^~4tJ^1JPOJdya@0)vbp$5M_4LcdGB|0LXpBY1V=C~YUVf^6{C^Q9N^5eysTE$TfUQM9ifH z2zYnkA6MVf^sv%2)OLFGh+^1F#ecQ-Qfd~4U~4aJtPPqJW>J1A#-ie|y>y7$OK8!Y z^z?1T@6MSHnJs^Ld#9qOZOte+DobZQ^n+TG3})f(LRvd zZ6SLpeH9vGO@8qQz@ND|zdrqaE$_W*l=s9>8hz_19RU}LVI8HU?!eiHb@UOcr`Az^ zU>&`V$ZYHAESftzv5xj;di*iq5bNj|erBrkoprPYn=)w~#vjgNFWq~?rm(1l_hu^q)alJ-4yoA(+-Qst21 zRZ&1pw2q3Q3B@`BptFwhF`5^^IvN7&Xj`Aw5rsS(WAzkb6YGfBXdRJ`3kjI2$S1*$ zR?<01;@KF{eD4%|6w^8qz-R&b%Ec<2<@p<@60cZCeyX*OqHp^u*E z!OtPIj?P;-1aRrE7B^RyZ`?=c8)=$H5R!K#`s=aOvq9gW{ZyJNI|(XpM?UPMblFMp z!?kQHZk}T%nD$X>SQ!%1);>z_87)@(C>1G70o2+@z`jRW3jYW8k$}QJO6^sa z8Vo>SCK00*tV{@F#HD3|iuO^upp3bE`$$W(_K{13eUus;O%;}4^}~Nf6NL+3Xy&k*I4+ws~)(3#g5ROFSpz)X_wA zz{YLncql{fIV6Vgo=?2Ak${&r5)e^5#CtB3_?Lf%M)OvVIn$~Ef_Y^ zJ`Sc0W5g3LzN<#H9QW3F^fG2DnX%mdc*elkN;0jqs{_;xwPVA%4{YB7s zpZkmc|LQOLEshC&?k^Jm&gcH3&;3RJ+y0^>Uk}?tpZkkwrF`x$`k(X{{SVkf*YvY~ zR`p+7Kda*US^U$kpIy`U`q_+~ub;*HUO$WXw|*A?cdegQbzeW5@!!0D2K+l+Kdb6} z{jBQ$$okoumwUH|;{C0k#qIi8Ts%awV%q!qS)3js_{!trAp)TD5dEv`XH{H3i;IVd z*zEdQypQ#>crWW`RiX8>s_gZ%xOj+U8BW&E;{C0k#dorPR@M9ZS-g++v-ln06qorz z>t}JUIk_dXZtG{=(f3?GtLlCItm;#)pUwDJ*3YWAepc1n`kBu2$-^|LsAL$cTf7fsLgvv@D-XYn5EXYs7{ zvv~LQvuk>+pT$4j`dPfM^|N>{>u1-{3ER*5S=DD>Kb!Gc*Ux5z*3YWCub)+g*3YUw z+xppz&$NEF9qVUU8tG;IY%M%rTt3?ks~A{5J1H{nL4?MqTE;iM{mt>YE#u>FY}aM8 zX9scFj220F*{tb9EZL5hGbUJ;AD)Wclb3 zm2j?~Q^^%B?%xI~EI#?mXx^1@uW?%uK!*@Ca{aA(aYxR-k(?Q3(bLL=~ zDvv8@n?1gw>-!InZ4~rh0V-e~gFh^xMV3eKXBW{bxr)Yz#gJCc;)iWK1pihrNHDvU z#_}_7z;{as{9&yRzTq5i9ivjQ?TE7LY21zztfxhmhZod9FBjDEKos{M&E6haei2rA z$;-{$fAnnC9+jzMDzT>4to}@FE%OGT2whJjXJ;JX{U;*qdRk>_|H`ZtHMAIfo!Ezl zEl6eH`SPpKGHX!a2eSVtFT5Nf>EE~IzsLPYPx$+fhLcNV68KZSTcu@9-^*-qa9x+# zaCx%Zg!CVX%wA?2-On=HCSGn5e+)QenXN#V+49^n+tYTL?eF?4%WP}8%oayuVAsPv ze+_Hx$nsOSqZ(*cy7hV91g#Y1Kc{W?zJpIBVhsrpl(93=2ymOpkugDj)l*vkZ*9SXzZ*PRKEeTtaDzNxgJ`f9U+xuL2dlA4r@m60dI1lx4 zj$(*p{nAF|Ni|4})H|d6P)5$fsim7aVTsLB4KKIzFnd7^FCp5=1X2Og1jY- zXtH}OCe6x3ZOR2%C3x3nefC-)nqnZ=?0&FvAb=ywzgme^yV%CPBFjZ_aX*vB!5|AQ z+0}z8U9iiWITYoWorLA+7Sy_V&g)#V8-Ql5lm)vyF4*1MZ9`LKeOYAr9{3xEzx^w@ zI<^n~eX{zDO03%9&o0|t0yTx`NJcn}^*JQ%iY)u$PuK2{{9^SuL=VH?frz&2cai0L zBI$`aU-vkhL|O!Y%%KU)osB{ZEdX#kvD31R+HYuH-UbWO*+Bc16C{>aPM}9tqI$2Uc>q z@3=}KHxH$QbJRbFRH9g2_1gz3NOnbqkk7fp-xyU9-VYU9>u-tr3Y5d*=dzVU3AArS z}cVBM=;QB@63hsTCE$)04u^ae3Z6fkpwm`Z243Jtaa4 zKpio>aejH)~` z$8gDTpzOceUg<9wPQij9`f>BjD0kTrv=7Ca!?_F=sqDiU|C)VRCH7%eANFB*eOM*-p^AAQ_MvizYU96R zA6AKd81HT$#=F~x;*;O0eHib{K8*KfAI7`ehwk`4?o|3j{)oR{r8{mzo%nx%bKum z|9t=b=lkzJ-+ym6=l}2RzrW()tWNp){(HFBKHq=;Kehk<{~7z}n!e5_R{a;xCsy%% zqV7k-%BsJx+Q<3CU_V;-^NBP1IiDEs`+Q=&zw?Rlf6w{Es_y3#XZ$yxPXzv~^NCfx zpHHm%KXN`Xe^r($_RlBA`#YZ~yU#eUmEC9mAA8>dA60SoorMJg0%t)2Q4mv!LIgEY zR3e~RNXS{)1r#sTE3Hbs;4QmJPy~g9%d)ObZEJ7V)?T%(R;#7nO$ZRc8)!>`h+MpI zmMsvVB>|Cq|Nk@R?4GmP1#I8<`}+NUqDjsGmhqYy*x`_9xCij{S+jFSS3h;!EyNtg!7*45sc+4BGZ5 z2EW|?L|gRPaqUlRL;M*I7D*F-*3gFAI2eGI%>cA{2U~$g?UASWl6r&#J@Mud4#hZh zRC}1{wa22lR^t?hwzQ`>co2r>!!CaxP6=QT+AJ&=t79CJ?U#5oT@G|;(;1KELpYiq zzAPI{uGt6`z##qG}1EG8eL zypS_Xj>%W~qh;B?2+kIQG(Ak6Ea7NZBF+h(CY&#UJMGbqeGlA=D6ec4k2VU4wsJWW)!7-xGcB|+!z>w&(9xD0_$8D)2u--GH&$ig2&pu%E*_EII zoJ@P3v*~MJWI`KROJ^X{NM!IKBFYz@)D|1c7o75dRPfSOz&*mwqLd2~_W&Lg)hD#Y z4uks?f0FI4^awDroeqs0-DPHtF&qQ|XE^2IN)H0gauIOWmNDS$<&H4tTrcoCF@?4i zgLb7cTrb3zY_{8KvNV_Cq)ul%#9X z=grmwOm^&7@t`ugql}*^HNSkyVeJt0RtVO8jIiUPG4yAizNT z%(RsCLZ2BT7-U=DJ7^l1S@JIUl&GR1uJpaKT9>4_i{0D!ePe7gj;16s5FtVz+ zF+%U{595CoG!_W2Q(5Qe_~Z|FM@B$qwvj5EY8XFY%pxd+hy^0qQi|t4+z|+GG;34w z{fWdmQvfdz_V^<%Kn);}<}8005udmw5_K@zXAU$Hn$k&+^wuK-s1Z)n!R6ZG;J4JCWBN9b`xFm*5zHmvK9Jr-|!EhP`AVnubQ0v=_VNj>B6FXLO zuT;Zr1FVMpFCSb25+_Q8aY;Hg2A9QrDhR!$ZV=e@e}eL zm@LnZJt~=@Rr1Zu3HXfkH{tst0KibN6Ywo|qa<{birJ8&M9ImNO0zMQH^nZH1gXb@ z5Is%40cS)FkCfmo@azI19h5Gyj{?am^zirCEiQjT-mSjY^1v;Gf+>MKNk=GHd1Aax zjR(_JJXm(9zm5|mAbu;+A7?z6o`?s#8u4I|L&SsWa)Jb!vsaI>2F8Pl$`N$T`8wOl zj*tn!DZ(YCM5}Z_xQa*RNeAP@X`5K#V1sQvS#W{GgCzlfsd%veHhXRUaoB6Y|IA(s zPNy{`9UoCP2$0hVy`*l z!EE+g@c$Qk?e5UGqO?uLZ?ktLb2`Nqkp2d#xs& zy%x0FYrzzIttQo8t2w5tI1@q)ugl6YK~^FrKu#1y%s!*y_Oo^mBC)) ze#|dzuLWtZ1=HDU;txw_uLaZEYxIY8u-AfV?X_U4y%tQh*Me#6HTc7l_L}JrOW0Sz zRC_I$YOe)T?X}?1?6r#Hw%7jtONYEB>@|tc!swd8UJHu7CelJfDviBXW7%usf)C6DFUi(t< zS^sVJ+E@NH&MP?kU>N^@Y_G}wPP@Hk?(h6xv)5#Q=TYo6=l)Kcz4rf)f9{A+9ei~MVK4tY)3YhU@-bep~Q zm4B_{dgyaMwO{j`pq;%+Tl6fJ zxBcORIB$gUYP0dZ57vMWYiF;i+KsGzu0+;8-VWCg@y0s6c(b-(8y;c@@T-m>6>#nB z20rx5uet+pw1q!G`%GAX=r#k_f>=>bhFszPBOIE>VmW9<;z2KZCZ zuC>~tIqa`_Em17yMmo<|DXN#s1_3OZd?G9CnU6x92{fRh*a&&yA^6akN-Xp_AwG=H z0X|DkGp-JO&=#&`PUK+@G#hacIL1bO(+~4wKXp&hJdla!swIN|*dC;#+T=GhMOqEW zRX8tp%Hd>^#P1>fGMoZK+^?(N2X9}n7wYbdA6NVZ(kJ}4*n0^3vfW=aI5rEdG0$5w zGj~TQnqK^Yu9a?N=MnOzE-@m>FO?gN&;Y>476E$$(B5SI%c@v^)ib!#2t*E@OhEVv zWC4FwJyDTDoeFxJ=nv!8&p@~}5dKW~ZMPn|E+63qn~a#S?9^<}l61j7Fegpc?myft(|3&Pb>uQ@{a5EvK$Aw0(KnIU=4Q6pcidybeM!3SP+ z^tk#9_*!ipo@3h?z!L5C`z5w9gw&Zp8meAt3tvYjk`!ITZ`^qF2lau%!dz~XtFJn& zE&K%-L70sv2{AjQ1i!JnpxP`1enO!#6k5fHE3>tQPf4L=+QNcFq1gF&M08x*eFhL% z=b2q{mzziVf_PZAjQi$A;*lGsC!UWOZB_ErAe$t;bmuPc5uvY_VaTh$Ld zQZ*Gt2C$d}^~S$Nr3q5MD6Q_(A1R%Xxi@|WNDkn0} zy5Wa~I+=x5ReA6Q)uSRvL>35TmZ`d)AMxX2cKr0FPGJ?28y~DjYYTa991;XLV)lp= z6Su3X^JDV_?lKc@wK}-No~P=YQVr0`v4i#XU|kpDD=O~O9Ul@67=;h14X7H5k7niW zxOKXly@u*1Z1H@_%Pu*RzW`d}zRP~lI};b$^iFugwT-A4`1F*EcF;UmLpl76ogpQP z$@8F5tXwg_r{plRv*F97Ip~gl*o1<{d2pte8g4N-F62SbBBrOBV9?q=C6Ybeg-;tX zoTP0~)dSKPp0z8D;li|h`I`E2wHu$yl}6xs8_a|s-T_q(L8#Xj@GOxSPkfi=bX9{g zib?a)>_pSGg)udvlEtvW68MptF6mg)Irf@J2VE(SrvM;kwv6;5N?>*{1`u!3*2&Zr zX5%XFj#b&Kv_ZN-eV;7tRCogf8%&-y;(%!@{53X%x9375S$L@JiH}9AUoq7JFxF62 zX2zd~*V_e}V9gt(a)2N64k=36XFL(kU5ERlkfk@S!>l=&9je9^(Y!%QtNk5_hyqX? z%b;6Y@W@)Ke;(g#YDN=F^Ce%O$)XsAtI$nwp;C)CtJHE57FiU_X$u4Dv%&yrLk&g( zf3Hy}mF($){-AN}6y$eSdjh`17r}l>Jul8~54XV{Zs}+bn|nDbXb)R^InGUI5`Q09 zH%(%-mxF>}H;I$J%Z^s@5S-Mv58PCiwGSrj42YVxs0nn2S)3%0x}S44a?n0*L#{Pd zyHE;4|2`PV9X5452LNIq@5Mu`8PgT#ip>%)i*5rY}_vZ~vKTF`|PS%1%b zl>F^IpwtjNSHmdX4x^-XW%N7H0}BGqKB zLn3NTb^VP>dV0XVX0*)t=BNyp2fh07$r7he z6pP~>%w7VCU@=Gzeq;Z{qh>L%6f&2w*eX6<>CqN4v=8qX85yaqipd?GnKqSlG@HjC z1$<2c{0&L)ci>SqwaxlS$wLpNebP$RIc?#3Gl#Uj4|bf;o>mQ}^(YON!q|c(z2_l) zsvG=`{Ur?WQU%(rBu4>;W;zOdXnwG&M51RBB^}~Nt3ko#Z{XI#nvew5u@O~$1)kIr zK(k;)yYYLO9S{R11&~JpVp@PDJkk*u(pED>EA7_8ickSF;-}da0263WgSpow@{EH)ZN+P`-O8TM4h>=BN^=lYzf2HSy`2WN zLu1mOhMdx#Mg)8sdm5E=#gB%@tis>ERk&9b7WGvqG=K$_Ma}b)gt#|aDDVPAK)+1CSS+q4v| z64U|Q!m?q5@NhNs2!#=^&?7#I2rcYsN>)52Z7d*-2RhLp^hs|s0ik)G$q7X^1&Zv4 z3KA6A*(M|wD3Jo`_RuWH7?i11^AfG%zBXyqNqA5V!CaoA!F`z5{je$aH|iAo8~fjYF>?nFaMMuzDGhM!<2!;Zmi_$z>~C(s z(Q22VA{3zg4PDfNN2#p(XYmg$rD~z=M#(o^BUH1^wyfT`X5(sY;S&%dK#@W`dJimm z4;p3BJJBAJdgGd^J<_JCr`S_v*K4&Ope^7&uwbl;aKKull}&$TJe!SNP+xfzfB0&k zE@9ncAEH?IFXAJt`_fc@_`?v`RO|i%yFYw1Gt{gA9I@_i#4C(>fKl?I)fVGRY(H2U zM!!dPiqq(Kt9-E>7LWG&S1>Vps&egHmFRn$?*i%B)s4HW3u3#`{}b>usLf65GxXqDW96QRvP*Z6VEIRcNrSQ0(+X0oeE0Fn(notieKT8i#ja zPaxdlk94%}&qK?c;H&Obptsn>HTD@_HVW}Y0(rZMDHv$kT=vxy8-S0h?3--hGDwYQ zV?BQ7p&%3hC*2#@h%8Z}JTZFpRRLOU9Sg)$3w(qRNqHm;V$p1tDU9@eZQda8{|rW# z>evX%(g+b{vr+L8j`K2m=BE{b3QOJEJAe`ZVe!c_xITmzxqY1?P+sOj| z0>4`y&A*)+9r$zD<8GTh{_5QcjnclA=1TM39zpfpkbB;ipycIbVRE)4MsKy3qZbHL zeOjy>0&SMzSG5qJ3el~s2<64dMBvKg#+LP~^RQ(Js-nKdpeNQ@aaE-%&zne8dASQn zee43D8<#ad2%&0z&=mBI{I&-Cuo~ZCU4f%vB**2Rl#R30VSp_T*Q(C@k==IK??j#fiF!n+fjLIY$CEG*p9VZ045Nw z)gZwE8Iyptg*>7?2`pKL*9F9WBbdQZXZE$0d)Z+?i|h_#>#7FFhbK9pj-&fBNN!8B zq*iO9Xzb??IsMzsV{rb;5l?79^UMn&%quC(anuLfx*NxP*wl)I$vhv5V zS2_F(L0OEezoia@73O`yjM(}qR(sR4KLM`UL|TUf_^-+8;nM@e~ljAsIQAf zMlRtI1FdUy*9N`#h^~#t%7cH28xP3QsKZA1pfrN*lki?H&%V}so%aUsjc8%}O0A}g z29PgznY7i-|8-<(-R29g^)(n>1GjD9;;Fx2i|A8-^!zjL>}KNhBZD5% z!|&>?>vh*ky?9F?8hQkkPuT0%CLl|TzTiOR`~GOJINBX3c-Pl(q?13Ia|+&))J1>F zBV(QqxVFfxRKD=xI&b8GC5N$quQ%+@3*n%Rwxaj-*4DUY;ir^eT3gve?T=f0#ap!R zEz^tJv`6dx;T=A0T)Q@ZV=pXsBcXOJ9?;AsXi5l&eh8@j@qUi_6}G+IVn|#GhTCK)fqLGU%K#0@Jk`FpX|G!N zo2}saGsEku`ukWKcudmfKVXM9T)~@^8J^kS32ERddW^8cYwjWay&^L_vwa6X@7Q0} zz7LU-=x;>9o92Yq-^MS3zmsCWL8&CCD9k--hvZd|uE`8ZdU{gqItL`xN8JvowY&83 zhRl%6HuZHtQf)eN$kw}O6r`IoLlSJA6kCN-$=)eEy=aGYlY(^nF(J)O1L<}~h+ znVBJ(cpB+|r0|qyhxA^y;He@rB(rxr4|eR`dVEW8!2$)TDl;S#<3D#mQW$^O4r#Q4 zG%GVCvv*fHAgSJsvqRe3O?o#sGbFQjJspq~?b_OGy~B|g(1{c0gQ@lIO39{S@D(VM zWC7K+=j~voD=>>QfH7M$*8xVg=5{-nlN1xpf_lVTS-!0@9se~2B-`|w|( zQ{T$~#-vwEYsXG~h;IqXM--UHGJr9O^|S+wBG&iqU`iF3A7=n#w&t4-Fbc(!>|nlt z4+@=nJOdcBH3J=BRBO7~!7No^ex3o0*_yu|=!lzod`sZwZUyG43}8%3MIB%irS7wX z8K%HIn*of;HxnFS6yKa{2eS?C9N^|p8NisGYX4WqPQ~#p(WxIRFfU~QW47ic2N>0w zU)jM-RbXDp0LG-$y$&#nQrFwT^i*Kp$N49g?9QMY$B|DKRH%W)%ZW!i*hL+6xn&KqN>)A zz332Cboa4}s=gN6i*mkazqsv3M`udT1osG|QoR#8=JW3p(d3N;=$RxwrM z!?t3VpoqWw2ARmHM*3R!$FqeX-q!u*lt!CB4P|`V9~*u18aemm)Mdd_=rm?@@w1Xs z9r4$}KVMrPIx&8cIiJ$Q2aye)?Sk6(L#M-q>nf`E)f_3*zE}S;U}gEW(!D-cy*aIo zMNw64Jw6_cZEpc?qGM0Ev0Ijb0gFp0rI;^XHFb(FeB@0Jz8I%Q+?a4T>ft8%wT&Wt z(xc~J^qt}OlXD*K_J(iWcolhkm_6dL1dsl3tMSA2hcMl%MfR+$se1TxV*vPEk9OHm zhmzul?92(j>?g41`@V21szs*#k64+y9q8%`bqz!w^u*o1nkJV&+-{6rcL?rx1iH^U z$+&lsw9X&KByoCnQwf_4_>DMJak)#m{r%zX#-(VDFMI=njBIXza3dRf&P>&Z9e-nk zA7c3q?YSx09vwwqTbpb^%fjPoz-mCx(12&}Pz{)YEDHa?z}{#A1A1fvRy)hHTWU($ zTtHcg;8Tx0h(iXMGG3*;1hcTcMQbQ;tEq3F)kRmnm?pzGTTle|3V?r!>P#_qm(yXtN=vSh;dz+`)fZ@;Yp4=p$@e1AQ211>fjaNq+QzMp>h ze+=JmNDG1QIt$mt0&Lu)1Z)Vdc zE>6hXT4X014?}OP`W*3}qXOX-zVKfmSlZH44>Uq3LiyR1*XrxAl(ofI(5lUMp&5bV z9dz{g!&~(NE^7Ao7aN*fBYJ7nJ=|XaH)8!xtV3_m7BLo04_}uLhonD0&ljBpkpBGK z*ZZS0u^RmHMQ*_UD+T-4$ZW#)Mb6f1K0RVq;W7ZRU25^lNYHNtYtjqW;=9Y&)U*fe ztT!!_KLtB^bl!Yk&YG+l3v%r^?pKVMIHtQ|IH^_F#=$G7 zV?lBo7D3wvc;6g=M*6k!P@19qLTZ%ZHNsRl4HP>;7SxAujOrFW63Wk2+hKaXf2duh zq1(g!(UG|Ey_M-uIy;TsP)9tG90xDEd$NE>FIW~jE#Sgtno@v>j?DJEuwMuMx(|#7 zW)5$X{Cdq7{X;oA_T=O;X`wViCHVooP>;;aALa|+!fU%Bz@`0sRChCg82 zx4$FJximWFOuuV8;xzo>L&iJ&h>b;_K*6Uz*JdwNf>!$~pv7yrbX=;FPQ|OLMq@b? zG&_yYBLfRQ37w>1L*eS-cZ`JsJ4QSS0zi!LI{;Z$^hvxAipIP98Bw`acQqhE*iv_W zgr=M==sIMSnE=9@Rcp}t(}}HY-G!}6@3Q@;A&ae*3%0=X7eBGAXqWxt8hjidEj=sC zySS_0wQFS=qZz;o%SX{8d_8@_*UM0FGyF=FB|kk+i3nJpA54ezm2gSxHUG%fo9cIi z(e#2Ay?CuQpW#G-@Y{iKlOEoGpc{k%Ev)Pcr?)HamSbSU?tDs!$Jew%xcQ|dt2S2W z>#j{e=s++y7RD+x_154i9h48Oztt}k@g-}LaU+1{1zvoY2#&$Xe^@W2B_bWK&-rm{OM z92b;L9HZ5Z_`wnnx6F09rIi1l?B4}*zEuCZnf*HlKBpw|9qsdl-}8n4DI;ySr(BiY1y}2gIF1CL zkR6CrdGzQth?!Z76`~Ck;o+A3zMwf&2>uKWR_Hin9BKqI!Pi{D+U9rdkN4D(rzf8H z)nBkb-p%B6ijj>yq&?6=m99q0TC512wCOLH_3uITTdh2&Tc=&l55pGRCpp7(jcHsW?DaejM+L=F0ACjQEO=O_iIl zN1giBODwL}!~X(1YfFhp$i@oax?OR%KXM1|)7YiW=Q-t&7Ol1#56Cg*C0ZZ;0>fY2 zqSa{lSPC`lhW3NaA%@FFZP6|GEMKA%#bn8TlZE2f>X8#*8(`jX9~ijJ0sC`ncIpK?xqP<+y4&x9-iJ(mg+MP5Ht zi--@+jmoaLb_T;IU`KOAZq?m$4?HO<@ZtCS5S@s6C)sWE-W$Q z9ISN6g)$h0Pw*8qg>V@A9^JJ?@BBdi6umR|SG(TQ!yj>+?Toy>n!^cPe*l=uKzj!U z8d%MN4w@1!IHT&oRTN1LR;X)bR;QB1MJr+RLO@}ZHkB~YBFp-gqEC*%4rmEZ7yBK9 z%b@|mzEIlvFk~pRu(>Kvj~Dr(G{()rW%?{O322kCWpE%o1JVQkU8@W#+l>?!CuS`Xo&d>xP>08j4T+QnV%O3e*u+%yB*40@iU>Xv|8@fc*>N_6k~3q*B87W>Lao|GT&GQ>5{L3=$L*Gc=BH!P1rw50-3R3f2eN&wpnKy zbr7OW#&?m%p*nuNd|9BaV?Ku=Z_#+dKVf><1XqR zG%?!q9L%$P+Jtxf#k&!i5QDg1Z0u-YgHSKBVUq0+!xMMNSck8E*XIYyvY>WhmM$*K zf)yLS9?(C8y_XLWq8cA&Gx;Dc#+meZ;cs93ol#c`N_!8~yDIyUb9~?;)3jQ!x-zHH zFPCV5e-a-Kd#Utdg!bHE{6p7hq1?pv@l#fIbYc zs^Z9=XPXU@a*6WJX;0j!6x2-zfOLOAw3ASq2=gUCaSC+>1ynQ zO0wyq<<(zPW8DUrkd1a-l$a~VIM!WTp~gD;Y>yC0mqM&%;8KcYV9+sc(J{HQ^c2`a zqkPf3TtG6&fh*DO@(|y>fg}^m3$Gt)my9w33caP98=)$ z;^d-I>Hpq%>0dQN1yIHN>9`k###c>4yI#CEI7u!~Dc-AV<=6*030iI&Ic}v2gJ-&mhezt zcoz&!F(#>ZD=z|FaUs!7p66ZA7jExgXhg+t7dw>c7}CePR2ma5)gzcrsYdvsbD^bL zg58XF?r~?uyBI6+N9^rf8e=7Eca>;M|JGER??&UZ%8KB(&?8f`tq-ge)#>faD*Khy zwpX715bU_D(0OH9yGj=ik7I%l+Cp)!Fz%vogbid0HFLDVr_uM4{)QB(e21ojujXAe z9cKC+P)Xx~R)-}HV8#wgs^fF)ib}Wm=acxN{{xydF~uoVgSqHDI^1NSu7EQLgDykV zIq2>|_X1$6*iJma2}t)K9f6!4B+3Ne#-N08{h$v0rp9&Hsv-;wBz+3v6w3EF?Lthj zO`Vqz5xsat^$-qG(5l5v7@M0MLXuE;9IU~!JB*^cDG6c~!l44I5LW;~UQT|4!(beS zEQd(g%7=_@_#_@XB|;le5Uw~;XMyk;9ED+MO~5$0B0ekt(LsNPv)p@-8H}hRF&t50 zyD5>OYc1)EvfI%#99PAX_A~6UuHgCJVvnt@Kpgia|BKgFV7iZ)C0r?Vbs_-L zg}KwRX|ZxRVvI)tWkwy=U*K+O)0Pf6u#E13b+G)`RCx8`O>o3)lEDQcKQMl#9+?6& zWKG2xR#K!yR6rlywF))@0|bGbFJ2?VG1L=mQ-~T8?lEPj3U>^KtC=m1`-?xWcz{bc z@m@Z7fcSbR*K_;@AM3?$p~V}aMO%X3!0!RUJ_5L~Eisg5uL6GsADCHc2O2Q&N6)AVPAwq^2Nr11wp zKbw`G0ZRMU?e;zdwZDKHCZG@8f#?JIE>S*S864u{eUTCQ0h!vF8pc<=TU)?m(IC5f zwAz=fk~|5^8hjnE6X%pSLREHOaBE3jg0>gGZYLE3_izyrtn*kAdel(H}U5BUBt=~@o5 znfZfjFOBwuUVhJCumkQ7TA2QV&k$>^&F4Y`YD%4|hp&K%oa*W3Or6sxOw${nb8su1 z7fen!_rU>zQRo4K9RK8P34IK$o1CSGUvkd8zYfe({hE>io3x*Ftad0`D3%MOR!`*e79=+6b?5%>mLmxIQ z18;lDsE|etQMt?VF3b9Dl73T^DuBi;S)xo3)23Vonl-lN0xNM{Ikt_ zpb0Zr>{>;bJ{?Ju;9c0O&6m?^pq^%9xM{EK3;rGGU0I5w8%nYcco$y~zX@Lk_}1-# zBit3o^%xU8E8T?I@8 zIL_Rc$e14p&!yvR45skld%H)!)!4bs-lr+JrAAxYpMy0Zd&Xr#Ksv<0#IT-K;kLjX>T=pJO}X!uLRZy<#S-xVBNNdrb0tdr^lh7 z@LEbeq%^v}ct1$v)5_P=i2=)qPI_Y`v^bdGQ?wfC+7B8eapd@LaRCgz3si39e7S4UOad0NWMmSlLE*IfKn$Jq3!Qf~UhGN(w?;1Y` zvLS)6D2dS<8q>G!hDKx2)`Wk{X0O22jHPk9nzy|e+HPSEb5$CVL|*Ij7V?nAhP9t~i&502Y$>`(3~&ET&CxdCVEk!89DF!>$%Y1^E%_Z{>&f?Kn(6&xb~ zND9q%vCJd}Q@?2o)=}d}uto=~7zZKY5Q?rbE{RBL?GB{+BeTVnwOkMgn_l!8zjLYu z$!$Qag>oD@T@d40A={boCt-e3ou|9%5t`=9II*IFr=7C#8!{-6A+Vx}<$Cd-H$n|@ zK>5ix9g`=e8B52)8B5EKP3H91SJU3Vdb+7U2}$#DPR+AV4;ixnYW&L5i(OfAtPi;W zYTMS!g(qX2V{-^y+JTzQc8o@0m{_PV?)OE@>ABe$yaM%&czpyK0O{R>*(r<*Wrp`e zXB@ouIV=hoHqMC|E63ZfPaaMnfaK2 zxO@e>flcp2?J%~vI#UYwCj31A@Tw)VQj#YCJ228&_=_%&sE%l!gW7^8t?WQ*i&oo8 ze0DSko2pL-;$84@rd=O%SlQ7V#hWFox5*2UpSqGIfrEQ!theKA>DE8{`xdocI4SsdE#(tL~TNS^ybts-qRnRosA?cf;YOjFq>S6HEBeCtCSS$!(8JZ)(;T~jK|k0BtF)y(IDdtGKz}f~VVU>@ zaF7~a!3~##8?b2EfIEgEuB)cSW+3dun76UR`~i_GK5nRli{M`vGQbGuc)2V*7M`#G zrUV85(B}UE+5nzQ>@EBd{lu6D)!=@Eo-2QGTSYm7z;IL{hEPPg;QSe$GXNJzwpIGB zWNBaI0v!uGCJ+}4AqIi91BurRX~wvu#=x_$yh2lWSsvrwa-pCW?q5E8ap$#%kfM8 z;`f7>A&v>f)>i4T<9^JC^Ert<#VWtak7-S|vHvMRfFm5&l;c%*ZJr$M_lhLJ*ehy| z!%%`xA4j?L!`2$+08~`>5~}+lsxw|dc`3@q6{uyL=$NO_M7HnyNCg}$0f~ywwJb-( zGugg}45}L`JFdyi`K+mSQl~JF{asXuL*6BR39g5ixNwGlm(ZnC@R2NMbN;9TndsX_ z08_P_0Zi2%Jq)MV8)nebsaT{FI*SXfx>&-OdLn!YR_M5Om4b2DW)H z&JGJU^?k6AR&^oKvB zEJR~v9PxOFZ$j?ZnVW0j;hn~jCsV?l&HypZ3{nSg1Bg04IX@1g=^W?=hney5TTlsN7g( z3tb+$=J4q29ywgOv#8m!{}>;2Vr1sYC_4VIcl3yX80Q~65red-KJvCnHbZmum#1H&$ z_OI>gFV(-VKcV`!_kCOcRKN$u98*}}_Eo}?AztcCz2W0d;$LYFjr2xBgAWTf4jH2% z(O{gzbj{$r!ToTKLwmz481w``BLGQn_`Fjlzhj*(Udjcs+5BtpKfa@OC79uijFmzg z<1m`Z)re(8tkg6vX>cx-{90A&i;j4VI;)6{)*H5W(hEK?<0}x|AkNpF#{8e7;g~2O zUTOu{zVR^PrF!@a{-rm3(Fx`jW2McxwP{lbeQomtZ}@Fl+2+Wtu$WCt74eqvd0?HT zIIhiq3k-;#u-&~bb$SgvZB=nBGftBd*XTgt)O7!jgAy`>38jhOuS*dL=r{EnBVr4Dl2~b zufWmi7Dv2Ir6T@76l?^?VihVkURi4w=p;VW`qUBqbvi2X591qs3=*iTW<4s(=wC9z z(shY3E)ivvSZY1hR}7aa#`)^=aRLs*l)0W{1?YlMTV;fMnFAc0FRNs-P>fmbJK7>D zZ>yum`&UqTA*u^ON8nY7w*ZEWOMe1vz=l9Xp!-Ay9i7GjeTpyI^Kq1&C#y+F`XR7b z#{uwU_-EcX|G276&EglegA6SOKG%mUWTD1fg}f?le%Y*|q2#udjKv9@f<6rxvBWUAem z@s5RGOaYSdJMQC--|wd)8XPko+j_mSUsW)VIawL%J+RzWS>#&>ZMhu^OqC#qi`}f~ZPt23gD!rtageJ#I~a@?ku|hTtVqj5PH{`wfDH zc`<#j2;P>N$~Nf2K=`0hfkjtp!BR+bzjz7NstRr?@W&SFGqc3IYe(#7X7pp=2-8&t5pjBiuy zT4tp^aKv3T1IsCN=^rC-1Zsz~5D6Sn6IDi(K=c?m;!XsPoQB3^3LKfR#==)}e1ScH z6;mu8tHqi#&3F;9zyY^%EG%e5DLdmu(TbtMT;rFhH3>C5R}Y5&ape!l&a8Dv6H0 zumYpcT&{^m#}4On1)s4paR23iS2SQbJhIj+fZ@J@_K>sq*z+&D+&ft27F875uz>mZy?O033kwM4S2VyKnGK@Uo!FLcYd)k+jCjjfLo;|SI;76LL{ zilyfMR&HmKP#(2mLE<$qq9R`7b8UVUeZ$I-JFdx^5WZE+k)?h{+L=)swwYaH@LQNo zcd>Ya|7mIN?Q5M@<`oIacf4*9nY-KUVaCis!H)VP)`^L|{i6RGbgLDzwt4oY^W= z{P|ML7_vuqpr@rOmSx3{l9*7!l8Ep49d>FYQ6TzU7C)`{j{Cm@#_bT_@lTj6iS<%N zf2@C@j2W7Z$qi;9a4)OL4dx7${o_~rB4wD|NPsDEO4rqR-4^VD=}odJ!e3;=Jj~Bd z!Te0ZKYju^GUsQZ?VO7F!XIL8lO(SlfbySUr1yADWlK-WiD=jB)Uz-1*BE!GfBYhD z+`x{IWc=Vel_T{g1S#VmW6GhfwqP~J7hc7A%6be`7YCA0p29oqc}ZiTSxk@ z4k5(jvctt84a?8#DtA+!pcIM1QZxQ?Dq|niaJobYEcVAZZRx6n2?8%R)(8`Lq7{O9 zQo;%`DV?xJjDKQLQ{43@P}b;Bf++$HQKks|i4ZKBA~PSu@=sH#xE#~kA~tDD$P3RS zbOYh=DtP5+|QcZqCdxF+!BVgp5%J z9GG6jnDH}XCRJpH0D~qsuS2j;o0Su+)mR9XXw(1bkN6A{iXXlVZT=dRm7xk-N$Ebo zCt7SO#P9=C^&^bn;u6MJ^upMTo`^_tsOZhcC&V%8ehgu8T+A)r6dVGx`BcOf3QJ?} z?!iE~jl=I$;|4?!k|E>ch`6x=xGVi>aW|tau$%QYG6BZ2eh*_7?AjuhZ%SN6=5Bu* z3(j`+0{%a2>0>EM=S@FuM zU>-`_{26d#Vbu!sUm_jTmYzU6QcZ=%B=k_~ROl?560)X3HOuD=4sO#-XWde}L0}wk`MpeKj~LfevWpe5O$Z zsk_2B#cUOQI!TKNJ`*Sva^B_zXbZNlabqcm4Q`*r*b<(RJ-(?_R%VUHNCAXf;A~)h-7fEI zBwfivaP^i$NEzMmEwHGVD$14qXJ$a>j2X~b@k`-X@L0tejd2s0SZzRIj6?C(%9m+O z(ipZZVu_#F76`Y{sBBzdvUqsdNJc&&p2CWJ zaKjV!LW+7Y{jJJARyHxXLX5o2lvRxRWbkg`F06N}vqdbnIEE422klix@a19zL)BsP z5x^AzQmB&gKVaxo!@A-R@pnLLsWA(o9A%3yj{9hNSu5yVQjf!HkYt~vL47d>(4!jE z=zh|gro9M5F*QB|+_OyP|0+HM+=KWGgbCOKG_HgpWNiIQdwY^!)OrTIAQ*wa(5|k> z9YA_hxd+sQj%hW{gOowE5H*LWFdmMDpmv^?h0b&q3p4*z1npu+d_)S<9A@K&EI zPT?|y6yM2h7S8?9r$T#6VDy2~e2*&xmq?W-el`YmjEd@Dh%ZLd5rjj9%JAuJY<#{2 zrYm;u!Y{EjzMOkE5b=er1zfmjfYTA{CqR+Y9l6KYv6MQ$(aSx1q3*uO9FI{uhJd#i z*MYN>1B`Y4ittlOV$!g(G(V5KrM?yn-F+KgPS4WuHj1c$<2%$Q_WGSj=%*%$8WyQv9F zW!eI+rU5m1F0~d@XuJz_ATS7BEJ@6%a8}cRzBrp7`x6iZf}Os`s*zb)>Oi%3#|rxR z8MDnM>G-eY|IV*HKf{Hc!vXfOfvz7(KOE1;K; za{#@AuhE=;oT`Aj70^4KKnEv)=BEI?LIIuQ1p1f)`U4Z_A5kdYHQqhmDUL(P8sjHW z_oD|x@f~=}M)0wqukv(~`rgGL4fbN>8jCKHbl`PIya&oC95*wu(6}9m%svj;|5JW& z8#6H=Wa5X1I`Bhzk{@_YGWnq!?;SoGPrOo`mM1!U9OQfPT#F}OQ6iP#iJi|0Pn_s= zkZ%NEqd8{{R^%(AxI}ZF&>TQ-OaQ$l1?cw`(2GkPK(FR&G-typ3TO)pMRUIH1ll73 z)RO|VL;=0c33R>!T4MtJ2@0j-i4*a?BTrmUttLDX9CZ|)xC)8niL;SCsV%5~ZT=aD zzR0G&=nj1`6Z)c;=!-m1w1d9z*L38MJX2qk%%@>v*B9rJKk}e2LUS!$A$?N%A=h~J zLPi#K&=0M>6xoIe(T%4HEnavQyaVp!=V8!MRpCo`jnF4g(9|Y+A zV;n%g%hza5KNIK(08ORaQvlSFZu@{8irOe68@*NCPpID{-Qpt^-5QZSF(2(X9%uJ3 z<*RZA9(v8pEMYqz%uKPl9Vm7z3G<_QX(a6XJse1#aF#_Wzp!Ca!XEg&AobUy9Y}qH zuhE=0a}}lj&O*_gLMPC@h!F;k=_z%8Nuw*h$Ea$yqJcTV{QDob+-V7tPH~ue*@u)QHC`Vc)|I<7w!&Iom-u zoV{wI_JNxCh6TIjZ`*n#4%3dP+9D7u|WxgD~isV_KPqN=h;B{SgT2REozEvPEa5CDz)`4r0wa!@}z#;lw1d z{_-m!*4B{@ydLChH0MwsMXbIgMl|ORC(scIpy#Fl{iXtXf)i-I0{Uwc=<6tyN~~gh z>qx8`vbhlJM9Dz&2K_J`$)(lO-my)> z;J@lme#_gB3+nTG8bi>){kU;DAMw`9b#Y-|k7JZ_?#NPjE##!jV+7b4t?Cl*FcAK^tsPQpK(e0EH>$5IZ)94R2n@vEIo~yj&ub^;0#hUn)NjcpL0P} zJ3gQNnc(y9=h*SNmv7OWeLWS8dH{ELy~znPKLPX16qwg2n4KLkPf;+RFkvo5nN%8` zi*Fri^Z=P!X!PjNqtK`liKI~g*^}aA&A*)VO1L&|PUG6J$#4w$nNFz2SgeDFbfpS-Ju^*0`K5pZoJJZwW)^8>0GuEPyR?GV<93H_G zI&J$}dO8)f+357)$rhcqgRFKs_5G31X>@^|PFM0RnsZfGMW?&Krb4F`tu~m86EGi1 zf%(P{1?IPg*+_1AJg2&GUDn^g|LCvNtp8Xoe$#Lr*@GuTwrSTs9J3Ksk zxgXX+F9s;{Jh@x(yMMJuj;Q46gSdpGvLHShfq~e3q>gnsA1hWoSzPubB|>nKG1M9VQg30TPqE9yh<*UfF?!_R9Vh{K!O1}J8WSfzoZNH#7#V_nQj*K^(qc9v>%S{pxt|5x?VD_&E53qvHddD`yxQS#*QpW-60t z_w#T{a5m`|PZIJC=cj+T2=aW92=e(-1R8e{gJ7w>7JxwA7i7jmDJyjQWnl)kw` zlFfbWcGcXHFVWsdA3H{SUH?{lPdJ|TeufdB=>0P7-Tr;HHxVAhpm$N97!57;*~L1k zC#gQWLVb1-^{LMAIoSOe>NCFAral9RJl4>owbP>_9~u55(k=P(00v@$@cahb^Gj>^P#gZYesDRIfAYW@vYnj_fi+ zn_fRd`v!jQ@{jC}x7B#VPsP?;{MwegUwhE~9Dezq^GJbSjskts7ASoVt^$-OMA#i9 zsi{-tcNwEsWYuWaWY#M+C8~AQh)p zR^AOIgAz+5k(P}`2N*gyKmI)D`%AwoDx}o5e+T@MXYz|}crlqG&G2HS9D8_)?Xjy< zlVz;o<+UWwgg@@cF?VO=nDf(e%rjW2NyjnWQaI+*qjL<;8P32l||b0yytPU$`8pZg#h3Nc$Bl%cpRKEh@65U6ZAbgf8-@2 z6%~I(nQy3I2?<@k{? zPaI!35Ndfxxt?Xob&eTCn;Z(pq!sMHVl^in;d(1T7zFk~W@!)CY{MXM83uv%dc$rE z0zCfteXaJeh%_!fQG)0-RtC zhoBjNy+aNiFM8j&1Iwh^QtpXDXebZSjUx=5r|`&P6YhJMneW=KT~jY^bG)AZ@uyuu zDoo7wph#i7AZZ=S{2}}i4g-W25uiOLXqB~#ILh>B5KfTo;?>Q4&Si|al3QzLjlx0| zcUJ8W-k=&&c|Nz06*pEtyRvkUD+^KIxRj7d0<7|d_)=wW=&oj3qh=4@qBjg%|2Amz zgWQ*cHylNn3rR-DV)t;1&eERw+}MH(qHy@&ULI&T5*nl)(BnhZZ7;aWL*qSZ;T`CM z|ChLx6Q?E$ph5s* z@`OKaSeGZacFm%eeWf4C8Ez^%V7vh!P2;EF9UpeQF#vzjogZRjNk$QME4^!1xnti1 zWMB9bMaI5%g^S(IK#@|ahZ0J4z!V|ri55vKJn>&oapUX5)vE3ke67Iee+yrJ!NC?I|EiAovg-?lv5T>GWpZ2|IPRQ} zh%s=VjpZf+kcBc)DJIhmk%l90T9widSi1$#xcXtLlpbO~lE0if;}CSl(tseWZ-T+J z_%O$KoZzoNtTHv3LfCWh7c8NE6e$TI)`p>FNgg|fj1CYqY%%s+VOO=%UY@67w9W~4LjZbrfwNqAmI4>Jw{|QqpMcPEkGyA**y4I zr9Lt^VN!JDaBLWF3C`BTBl7Xozq(BJsNsqy+D@`r6@W}f_5*0Ld3VPSbwun=V;VfE z9gj=IW;EcijkqKQ$cP#e+OFZ2*fMacWJBw^w`$ha&pxe0oA#|FX(zxu`!zZhf zyQSO~V3{)A)WKiqpRy?Q+Ly-Lil#HQymVYYw?W zIS9(uva%k;&3IdkayUukV4gRzNh8a6%FS2Y**vVvDFB6gn>A0D@$yuHJ;Pmw$zxVi z$*C0;cUP<|8KMd+dM)Ylyl-??Z9VRZjCOefk2vrqI`*e{FrE|JBD6z~p0WV%tocp` zi$%K}*l;FZyWGvM(XqPPh~S$5a>EbM9n6WZ*AT={fNtcUfM>Em3D4Wvi!MdZ#V*Ed zV=iJfkvx>(YU(}0D0cOlntw0@d81ug|DG{_>~pNwBth{0s?UubvWBze+Sm=iR5Fq6 z;d#4y|M`yi6&@Ebn%aM%s zJLL0o|4pCKOYg#&5x3%8%c}cy7q++KKG1P1^p{~w@SlduBK6nRbNi_{pxDqOv#0r^ zV>pFJ^N$$QFdTAI|2MFlO*ejc{4^Z$Hr-deXAVvVb$`KpILHCc`n7trA3WR3;Njlh zhVlC@9VNqe+#1KB{y`~(1+0KJ?h72CJ{_kTeg>=FesN%Ad|u5eS9pBhg7Nv#AWdDi zO&Cq+WSUKQjK2rQ9J>kP_F^aaN`?N3{ng+UtH1uye|!j~w1xZ)7Pu8%y63q1ZtwSW zXesvl=0v~mLBD4mN58Ae+3(-8cImp5OLl$M@pOH6S)%JZ@F-m$w-H@`8MMb>q4bN; zo9F4Qhb{&NaEGFfD=nawyu6i2TR4vxaJ_FGVVa;iu5@rveJ4;f3P;Qc)s0&)qND4T zy(1IzYF4|#6Y~~K%&)u}q=z)kEHT~l^9C%$O)KNG*b`5Sh zEW!CoOOUQB(#x?{AnL6f(6cQ7X=iuJBhG_>5Q6?YKd_Vr=7l$k?42^B4m-IaZ<9pc ziZBWsNC?}fzUbUSS#*&9lE>@{{G{uAAAeBbJRXT+WMA~K>m?;etd85eY7 zp0U40QR5Y{Ekb{$9fx-YBvlU;5Lqk~?s6Y1h>pEnbaBp9Y}cfapGcOCj=h;6eho~- z?nS4;_*6~bLNlqV-t>2{7jQ|zFrWa-cHgT<_nXS|(XXtg^6XAIL;$?E&DK>9h3W zS06$Z!J(4nW`d9`mAOVYgin#OV zLr^?Ze4|VA^&qBYvqu@ZKp#%L6bUj;keAsdJSInnJWN3+%Zd)@P2+X;)Q5}R^{mh( zsrMoKFuwzUo(&Ks>|^h_j2}uOJ#lXE)RJ(|`51}TJu5T>k~^*F{TX$zvDV@e005dg9f}>Wr%v~cz9N5m z#ix3t<{=az_*ub$0Dq5h0l-7xv9(b3J=&#BmGW>cU(S&n0%z8eUpm?Z#xY#=m0GS`Ff3SrH2U z6b0=X%yu7BWI}ehJX`bNwjRhsWI`UqB{CsDTn@Klxdgy-+{eOmq0#!JFwZDVx<>(d zaZ<`8W}$g=_KSdl|FGg(kD#^UrtBjJxIIo*>C~CkiZq>lVIsh#t$M+BIUVw&&4}_ zCgeuYr%8F?$$8-kd6Dw`$fW%60tbc(~(ZJ+=};G@qR1bZxu8}CV>wpDs)B0&qDevyw5`VEQ{kKk30k{>fs3g z_`=G{s8J_@D9=b@{Fw64PPnR4^uW96ylmM!H+l&+d@Eq|2k&;9IhIYy^LB zUZ0FdKj4tS@o3UPj7N1zhMQ3rd#epgeF>XZ<^K!5N&dmipGc(r#PO9{wzxHPxtz#{ zcnjmVxQ7P$F`62P_QJ5akio`~Xa4a<7S`cUxQ4%x>ka7GEF**>Ub6G}{75hlpN;KO z>4qeCJ%oH&vEgajH^6G&+_vLtU$_g4d!XWba6S}{aoNxNS9wMa%(V6GQ?SI?NcF`TS2tCf z_#T8u?AudEEMYz=_0_D*Ha`Ao`uPB^zK)dSwr{okQ}Ujd@;=P|-afrB$pf$#A;9H% zxH%~3#&NSaEwx+w^ic`^mHI`)lfAwMS4-HGpdvb7wK z*xwRcf1rSh%RQmKC8O?Xuf%dI&g>4C3skwTSMpEmn7@=JZhksj> z6^i_T-Z^U=JYoFpC$Lv|CeQdn{N&-sqvprTUZvVZsV%D=rJ&!lje(DM!XaQX3XF%x z#xsG1^Y}nW(EsWfGRyw7!9!{Cqj3;*9}Pm-CUfcZIdpM0bTNLCx_AL#n!5PM@+i9a z+w!=_sK#H=)dO7!tv}HNT?oxTJ{RxM`V({U4w{e8!#hNOVjkY}@IDOh!|*-~@5At3 zi1$Lg7vjAT?=;+#x;?%A)Nfj;yUKGD{*=`DE{?^veVS1RTeN8ziD;fT+VS0%9r9IF z?|e^=e+WW&9K$lnfhb{wz?11w&8P9n+0l~GZze_S4z<>~YOlivT zF78Ip8IE8==;!}o?@QpDDz^U{+Co?p_JRr#tF(gBDrzgB4Q=U-O`!@3Dr$dE#j2<% ziJ)x7w#X$!ap$?~b9A^ReK9sPuE&Xq#GTA|g~TEkS8IG} z@O$L<;dqb;55uE_VyShhQ!)UH2FB&s&IuizpM^u%F;!3B9}WhZ|AD5;dnJdOKP4mh zR;c-NuxlLl;?giEr8;*o1Mp$p6d2zmoF*{>G(u9P%G!|L*c1dFt|?FQxqFOUQrxf;Rpt`M-2i zGi?mO{6M8c=|*DM8Ro#CkU-;ue4oMkX}re}GXcZS$Sitq5`~gp|J?DSYmtB8V>Dp+ zlV+GkjO)xJ#z2f1#HQhbvcahFx;ARGI#nAro}&4ZAuDuP^bxmTUk}kl9aF-gSn=iv=p|_HMJrlE0?X|ihf|?w8ZUnNzP|pP znu=3tVMPB8#x<>rXa=HB^g3 zm74OooHev+<&Q^Xt!W?DZ|C)z=$Rd^eL(*i&pBlF3K02$f^s1E=( zz?}$iX{F@$mEdZtxEcp~o#U$*Ko}SLW}iU6=cu#gy;{NdgYlkl&&7NC9gO#UkN5N| z`$F!j9M(Rb-*A2CER2=d3jjUO?HSnI=V|W1j(;7?S7R?pX{Ug?I?xi$!-=WBcc>x? zbVA8u2$YBw8*G(HtV~QwRX`!my1f1^?Y4^DNJWRllcQ#>IGVPJ_Mi58KWUHq5TgN{ z0O2$sI?N$WHGP{SaPme{8f~h1Y=AmHRO30u@~d)#tzt4&fM#?UvvC}(whrT&-WB?D zPg~6MDynYj7|fRIE4f%xDyk-8em)HTC{=ZNPK$$1#@2FrNYAO5s_WLsK-hhp2Ukp83Lt%0ZIlUq9yy!ndn?bdoPSVa{voiCA6!r}#* z^i590x&xEn45}`criohDCi*;ysH{Z{LS@OIZWY4|fh8}U5D0ZC;>A`5vBf>Mf1sDA z<0UcVl3*eLM=le=F}0%SPVCxx;`fOOL7bgaEgZO_KAw9TDFbUn&MGKRwuU;7@Ym+! zS`PKl3xrJp<$9A^&LuQ_&-PA$6Ou;UBukBNY@&m7rR5(c1-=1YkTNGkqFu$m4l_8E zx_ok?Bf(a=45>)tnX)(uSAj?H2lFF31Rb*|6MmRr(Ski0bc7u}2~MW4(X^U#4H%l` zfw%0rIM4NhjG308!`xiRAKSv+F0it?ufCXP^Em7`mwE>nqHleZTcd+e+JIpWZw2RF zjCaB5i%6+NXR`Q9!F!Xe3ATKsHoC7h8Vg_mJ?FI2R^(gx83fxlPeTC7LvZ`1q{Ye6?2^M3xo1@XE zJiG$FXKnBrA{;~_{efP%$O{)Ou zxe%XiI^u-Dj%jY6-Hou&HmF19x*~Otv;I6R*eLa0AEh=RAPR2n!Nw-HZeb9>U=0Y@ zE*9e>BHZLaVghvXZOFPxxyw>p=5+)nPR7InOfEyJ;6vg$#-dsjotl(1W>G>J9N3x%k5UFDlqDog)*shTuxnVeRZcT)}sqXySM}&5h_n_jfcMKkqY#sFdEfjH*N`) z(hP};z4}P$>#Y4ceetPi5%l%)Mh0Z<2|9gUMk7vihKovH(`M@QMP_qQ81lUUo*Tn9k0_{!W}W;HOn)28IU~db$fJrdwx?)bnIfs z42jNZ-^D|3cOn(g`J7Ry7G=04boQSl(RsY8X?ly~zYl(jiHGwm#^WEUIv%@c$At$A zGrQ=3rZtpGZN!7Mjo|ThrNra-Z{xvZ8d3p|Rg6Qm7>8TJL-dt+%z5X?@pv1im>Bet zxqHTgO+11%Io{<+`e=rxMZ;qjadmX=v5OBYBp#hN$AiZWNCi9=F%H$D1h<68 z=Y1p|WlN46j~8HPih;+mUoswpd+B(r;o+-EJg}1zkN@S-@wk=PFcuz*@ez;z-^7E* zWk>})o?{#^{^OSLSaqVrW8C5+$K&C>G4W{s1>r-5pK9a5W7sCfV=m)REpl*6cq~enc$B<-8bm*z$@i>ndP2w?1;<2nOIv(c`8^*%JkBQj>;W4+j z#3Sd;BgbPblpQhXMaSbzV#8Q?OuEekEEE#5Yw7a);UeO`>=mR5^) zct$Orkt$n!@*9!!QPPLX#kAN14Fy#$5z$Dp1K=8bX_x|&{Jo(-q)!ZgSLjM;O$p`j z7V;B&YaLU?2%-wyj^$Aki}RW#tv*p_^V+Ci~QCqwqaYpJD@ zKB-bkH5uus1F_VJ z-SH+}_^(3m7FsiRAdKARe*=$ne}M2FZcjRyt|9dV`$uT{nMs*D^0I{I7DAKOJUHJ} zx^7r;d=-=_Ce@3lo38fZ6MV8aO+G5<)a`pjHT1RiYD$_;F;crGY0Xwi;cCI@OKANc z?6R2DH`D^Z7pDQgYs>%1xe}X3M37n)7#MAyn#3=e<;>3DR3Jrp)`)`7W0T!HyklS4 z;KP)S2!25%S1sOp<+L8KagL=prf(T~P8m6C4-6j3>+y-0n?MFzdI`){au5?z2(6fk|szu2ciH)L{h`6#JD;UFbm4gKj*W=1hE2t7L&jV zE)G#U=~E3nW66VgtGPe(Qe=OQ=20-BKOqn9ofw}y7>jh&p|ABc%YzZaohlAz)XuaG zQ_e!mY5BCgKl7Sr3r zLcHS;n80iJ%D__W{8Tdk{q!w*sa+4r{0m>!^=%rxL}xye3f;z1n>#dwc~^1CHVtz_ zi%#(pMl8)VSN3Y}B_RqWdCWEl4eIux5ji2)QQBh&0StS#3N~aA6nWYEJ-0@K(_4io z5Z`!=3&Eaxe;GqO#5=lJ9dFIcKH$m2fyq$URvT z;OKHP?F~%S6z=UlVtO#RFp4CQ{Q7Il;!{d4`%vVXeFH~J^u z`OrlsxtJnWkP=+VMbms}KsfraV5Gs3n=KgXip;w5U+Qyg_pY=wm;?2O%rNFaGytt! z8>@Zo#ffN(oF}n-S|F}QgJ}e6uQgIVN;Wd{CF~E((-$pNC)TvVMq=V$AJ*5)(bPrm zqah+p5ucNuS~iwb$jKj$$Cl+Mhpf9a-dx#W^mK0#mR&V`th0WvWY`qY%sqIxA(?sawawT7a3UK?ba^OtN@%h;G5Ifk^dkQn_=v>@;in0$C*@kV? z%QQg58HSrpAa2q@3|tBk#zX|4bk55A`VyM&1oG(xsAcX)u~4*$LwLt12D&1(7{mZp zi!JmCfV`xe1Ty&rW4>?!#uj6)q6ptuo1=WoFQGAp4TUg<-GoSVy%FeOvJYX%Nhe@O z;uY+IrneeDpGDv32DA`~brfE*RY^1@byZ0qVeLjN3#1vj+}iWV<+c?>JTifZe++yup7?vW@*!Mi4 zQ3i|?wDpp-4adY{%zH-lNqT8m^dT$?@hU17r_eXr`~x#MGa6Ts!rqL=5(AA?1C0<4 z{{jX}&>qa07>Iia2%NiIBc^`X7!aHAHgGusaRQS=wOEZO1jLZ85{RAuj^r;B9+1>9 z1IunFp9N8ZkoC+RAwd>uQfF~5Y1w6yGIz)>hLC{(VNph24K>`884!~gC*IW3@>qZ( zf=^O&=6`_dQ6^EAgB?+IDK3_ak=&ovqMp*DITO0b=Jbqc4(7)pe~iN@pNAhyjng+8 zo)|dpxcvPjS4|BeOU}3#n>xuMmerEq0XuKN?V!0M!PCZ+7Do$DZjPl(i_8s~b$lG| zf2<&<`eFy~R<~aJ(&Zo6+}RqX!7KmRRUB51qfF&^C%s3g-EX{~2v-dhr3h!ayPaGI z!{4Jh7Q$UbH?;CC8VgLtKQ4xIS5}Lk@hxF6zO%&OsOQXGs_h>ivA&f(i`fYnADliD z2$=fA=LV<0>uFK`Zj$<85NkDKq1jQqxY0-|J2^`eh?vsTs#gOcO%>&h@}gu*ND#U|z!q9fWFd`*nzF0U3zTC*p2lFd$i)--<(i(l0{-Dk9S?nRjBGC{ zFW9*yKL4^uP?O){U-n?5{$*!VJLB*#o3Nbls1@&YFw-ipXT#Jp;9vG4D?oaEerhl= zzc~qSLepdT!x{c%9c3982X0;7lz*A1=IUG=7#5cF*ZP;WgqZwe{mZod`s|2kjpbz4 z83J3X4@NsVge>qRS{dPHM!Tz$n;GrdCta*UZf3m4F5Jxgqe+iZD;B&1ko>0&Y)R|h zT5-iV>1f7UiD$14xtbOE#wMjv2xOPQV#q8E=J1NnO~Dge1sT=hU76wM(nDM zN92))zJtt#Y|=f_Y!&1HfZf}n4<_#)9t$Sh$Scj|d)pTBN_&%=(gG=2U5at21&u?R zQySt%Sm0scX#p3y7VMSw>{9d{?Iov+V#qT1z?~ySS}ruMEghbLq6Bt_iYja~r3q|p z>Z;`oZ+qZ%5hv^>cmz!q5FqbJ!P?&2_ixFqt2Q!T-s5$$*R z+QELHuB<<|DR;O^&KkpcV(_;3+~LL%%j>gwbfUdFes{PlkQVN6FQR{`C(p+%_2h?b zWKVh@)A->?{gn=p2N?Jxia%WYw^%|APK1PFi*D7mV7}&I{NWr}3&cRuDlSJ^gyg&`MzRTi zxMbiBB!@DB(Es2gLh|}n63H%)Kv1x}Z3@pwf1HQO11vgyy#hxpz_~d=r>_zWdvVa0 z<_~wi_UOS>Fb97)9LGX^@m$TbkEc61{`Y@KbJ^EbC<+JXOAEi z5Z%g1R*O4uONchNNqJkC3$6%QVlArMoQ zJa`Oylku3#IAHw8E#a{!QQ}c@|B>VIeIx!~uQDE|9Mti6nMa@|@lYfl>n@It$3?`3 zvG8~V9}yl~7R7_d*+32SF_UqC{}*lvkLQ|6Jc{o-ay-6j#Q*DM#-rB(9goL(_-PUk z%^z;rMbYs%huAO{9)5g8czpUsJb3g2YQSS6;{g9J+!7vhEfSBMdygEC4;u0Rn$LK2 z*stR;hewPi@zDI?UcE3n9%m98#=>I?J|a9;EQ|+_ov{Q;CvBOG@hIUX;-b124qcj=3a$KIcGJjP)#j4{14&p%2f9(Rw7jz{-b8o}cd zd_;IW{aQSD)FTz}P#6cqf8dtzC_OCku-|nA{%{_Xo;yXH4>Hjv3v9rUnv(N1Ww&O1 zN1Pgm{HOTRVETpAli>sxgdLoX;w$jNyN$D8d!K0n(i#g)(H1f(WKcmLzOVpoh+zV; zqkWuJ@DVWr1VeNDLzEtE_WUB-eDoaij1>C?Me~P4xDpfOuknYQH;<{JKT!qTn@01f zY4U#=CH>*{s~1K_}DEtZ_l#==vG*hs!2^I12uPkZ8&uj@3SJN5P3_vHaoaRXqN1 z-86R!vp-x7c~zPxxJ+L!f``eSrG-;_ulKvA6~3gJY9yU5GGB>JdiUX-w7%W1 zDU*n+P!-+2tNV90?H?CFo{|1>MGgGpRv}fme_WjUyz7Zxc6-K#`Nu)6Hf1K}G z?$1tpWPc9iQ8A)F!TFwZa+8r9 zutfKeJG-HW+%x1`8$8yqUtmv5(8I_SVk_x8SqO!Bq>Efj$d%Ttp9;y7(;!UXU{r`B z4!@alo*wE~EHLJDOv4tu2x=bb@IGc}aVcqVE^BfF$G|3_4=qw_uMJT+FOcjnaHgqla>Tl06i>-P}WS z;*KAxob&?o=qsL!g``ca!aGJX&=ILcOD2?R@d|wcFw^%+FxOVV zzmn!J@%hUQe#!vA+ z5b?aHnX~+Gz4xJD2jG&2eankSIn|Z?>~``OyNys8`fO~MlUCwoybX*bNa`30#DC)n zLDFT9gk%XkdP35b{pB_H6Sic>^q)K7U(v8(|GCz96&0JkPck;VXo&Eidn4p*CKqNQ z|GC}Z{QZh{5;HsF62u%;F-oCc?55zFX6WgMYZtZ2|<#$TS7ALHZvr;{4~5& z%>Hu@v?!MU+;_DGLciXB?uMsh5q%r+G2Th>v0QZ3+VT#iM_bO=CEHRv-P{(#UqSA# zbfo@s9nhlR)qn1r$7A`=O?av?|G6*lwxR!ANAAaJ@fO|^2B*T7N-VOW%#1-?{&NZ{ zW*V>?^Pl_WYa^+o++XECxBjsZYv}9g8gb*lVpDPp@iE@QpX_Mv@@lahx76%`J7lxJ zn-;(S+$btun;MZfY$N`2Z5wNE-2QXh9*x%C=}$J+-f!_1?d{9mTP;4pEw$JEy=?D~ zQ^Wk{-2Mqx?4Nd)C(^$STPp7pS5bp&c!O%pF|cnMZK73=|1^yT#b;5v#~z`2){1RG zWBnP$pUoPWfOOIP*{p#}@Ww1)b$>Ri$d!3t9C-eb#{Jo>B1KO+Ei7pSKWjeV4fjWL zK}`K&{%gZ&OEeW=OV3*ASlbMnKGOzWZ#UQ7oRUQ@)aok}Es^Kd42OKj$M_#kNad5Q zaAPXQ58R|&b$M2}F%3pe;(k~Z;K_74Pg=CZJ|yNT18?4Sl=+p(nQ8LFw5>D=f?khf zA^Zsb1b5MG^<*NLKfvF}v_U>?Q>N`ph8+n|Sz0+_zcSigYb{8QCL&=wl=UE8yRkzV zg{^KR@2VDa@z{TwvWeE<+r%Qp*c9#;r=gT}`}-!keODx=`6?1=OFMG0AB5zzY5vLw zID^Z+kr_-t2820+UL8dFdeG~9Ezzdw!wM zc8Oaa1#46Oauc;LA&tcrJPXdFWxxh{3!WSr}MFd3&FhT)&c z3(^SuA0=Hj<8NnYJe*^bmPf?x!Z6R<#i@@`IBLs3%s)n;UaXeK8RA_k{ID z5uI(ywrj|s!{St#*9WzFUYmzR=@c#{1sTh3xt;ea^dTQ-`FH0yanQ2U_QqBwo@VYb(C><%!_-B0oE_F@ zb}@)Q+$B~#9M)$iK){MjNUPw#sn2@jiu&xat+LMwZXw<)1Bprff!<$7%r861sgGjw%l$Hge$>%mxB_GljbElAHxs|)+um3So(bodj9BPz zW}YOn+7BPNrun4<3Jc?xrTp10;d&?x`{yxQh}ZE<^2vO3iv^^6C4>EN{Lv|S&&MrwZuSdSp^ICws!u!Oj zGolzs8z7SyYsfEZzY&MW^wElmAo7w!4OUE-hr z4C}9hkeed;L7i8Arnl&?@!!h+I_l=w{nZ%1tU-S@7+;pWpm!MUv1p7h&)&ryCBBg4 zK5DSRFOLi`by94886z{O|59eq6&Zy0jTHIAkeiubRP6m2FS{&YmLzt0cc0z?jSVl~ zo*4$eRou;=?GoMRhQUASLBKx)&m_A{rni9q$8RM34|~k;kCE$#c;yxQ6q_05EK<@p zlvlmyF#e^VOZYyAyw^5;JqE472V@a&`%^K#k4-d>?`QG&zEy0!lQWp6b>IU$5;Yv( zKg!neuSnGfcwJcSL^NZOy1S9l;uPjU>HwuKdIyk0IL3F)CHx;KjOgEB`1bgWX4U_^ zKdb`|VsayrAJ9ACXL?KYze%J2@#YTrjrcDi<5WZZpS^?O6Q61Hk5Nv;|BH zs9&$qKQf3)|Hw_!e{B3?ju)>oj}iW>evAkI&1Xd5e-}O@{JY&3hX1V?heRcwNd}li zZ-M_08zue^-S|7=f7WwR@$cUyYLy) z|J`Bu-->}nRN|RN|MZsVe}hK<*GIvB1cm%K8d+U@iP4u&GsjlC<^f<3Yu;%KYFc0z z1Mms6xC5?QC-GYksjo@VqtOb30S3lc;2joQRL)?k)`R!+u+fkKR-dYO0MCs0DD*aT z6uQf2%!07Y!=fQ4RyXuvUZshUbGP0N4#T_}>=Hf*T!I2kOkfvn@DX*wy>r4k;itRN z2?=+h6JDeRLmjZ&n5N`UTbCm6aG1%{|#eP#{oD6)c)Z;Fo4VeEP^O3TJ`|epefkzmHXiGj{qS*SPR*&O&(H2Cp4xJ zKFH-yXkEQw24~};uH+Ff~_2)sHfwhvB(nf=FQMidS9AYngoTzth z^@sJ&22Ab5Ry>nS>96Q5dS}FX**k}>HuuhNou57`HQ$l!aeF0Wy6Qto-B}pfwDDm| zKU25Fo}Uhp8Pu+p8SLXxC8A5P&hCfYni?N)=0NoE`EF)GVvgs6dKZK*5U2}6^V4M~ zhjoBe+=$Pp0}lAYI^ZIVJL1aO`uK1$uBZb({#16rq*8MSuss^~6*{AULU|Ek$*duj zf3zu33v4{ljY!2R61c$K(7JFvrP25YM2DKxrfr}};qGA53q@7#!=Vedil@O`Zr?OS z=3-}{=Ws(C9<-x)L_XgY{wmACW>JrR_=o=7(}8w&>Jp}(Ci+$>{?>47g5Ay7_N&93 z$o;-L>zR4sza&2`4&H{1Q*4!8p->MF@J-;L(jUQ=fn-v#N3RsTC$!48)bl|Vc((@L zbAisPU4MOKTaaT7%Kv~AaB z1c*Yg|5NyPH_&&t(sx&C-(80rO1R}?+1vgx=H4d%7yUSjh_2T3yxyxKbtVHynQu(N zuyX_Z_rMN(5;WnVqo-(J#*CbqX~7e4N+HxP@bIC4&?uT$iy)&=n%+SG9Qw0)~rJ3fMDcdjSL9RqWm>|F1dQvh|gw1 zmwv7aOcA(PBPLu)4%{oShor88IbP5wyTpq~Nd2kla@%156W!>$`83Sia7F0ezD}as z5BZp>(eO{xj{JzgI0u{Ew4g&RIO5YPUfvd}r!=E!+d%r>P7E0$-h{q|ISR47o|On} zU&a;GdxC<_Y3Gaj;u7qP#g zFw7#w{vldCy0+sTg`m?63EgU=!yJ4gfY~}vi@IgW-iw1LC?;^M;t^;=;QcCt(J5`B zgVG^{91-TInzk#5EIW-h1c^eCNuqf<^~5&OW2@dHS|~Z`l0iY+L=wNj{ugWD31}Rj zLE{%6@M0&&O|TB^Cr48Kjik|Tr22}wlZ=!abTO-6aGR|DWn0YEzogoz{SbapD^`DG zu08wb#N5AwjxI9Jh1!A=n%cKR+V^CBZfVb4Ju<32^8u=F9QMqQ%BVfHqARMc>EFYs z2mD4Shz6cTy6E;yKi-78E3`ic&cBd(!`c>o#4!l#ln+J#J+6HpG#<&EL5PBUe`G(BuIuwmd3 z-ETveu_@DzD`Ll)@5`Ye<5DcV*}*Rk`{ggu@V@>n9q*|2%Xe;J*zC&y8#nLz6D9I| z^U85y*h~9m2z!^=AhT19mw6pB^6G`W8gv3@JPH|W-GEHPY?muxyR3parb@G2LJ>im zzQEE<9Td}Y`OIY5L3S}aPRr#dy~4W4E{1EC%hr%VrWwjuh*B{D&*XCJI(myP+VZY8 z{~K){t#$wBc@{Zv{d$$M3r!5?kW3~fddviFDjNav5wCU6Fq zEtMJEjtm-f4F=(Njx{<)+AbybWauaOW2&NiGyf8QwEY-%={5yupCOU;Vh4$^2cL0GiB2ct4svdvu}RUt#>Q&%^zsESBW`90mb&Z9;{yx%#hQM_Zze=lXv^8Y7XHHr5~lw;C$ zTE%CYDe{hqVR-Mtv`!qvGfn=}Tay3FH2Hu2Z^e5k#cnsG?`Ov`T>BSEyhmZU((rzy zdt7*rks0jzkIbMeGH4*`A!mjmw?^nYrs?qwW*@@)kssp0dt0{%yvN`(qVFCP!tkDk zfkMo}Gl_Q@y#?O;t0dl!5C5%rZ+tl_-e=svc+Y%8!X+^JXn3E5n#V!kb=PwS)3gqI z78yjtyEdg!yknXg3z+{1@00e%gZBiK6Gq>4nyK+6Zy4S-3=E?C%{tz8ToK+g-;sD{ zoTuY$wr@rCUi=i&JDPp*y7@ZbVfMw9*D+pQ7fQeyg%Js-io5`4Mi*nL}X(i8FVwx7$Fc;ChW#Mie_SmMyW+=-9x?N1i zM?~b=o-oiK#NZ&F#xrT&dWhZv^o~m;=x-I9=Pa6ki5Y*h0zb@qH=2EM$BR1tVH1`i zV;TPkUX%FmgA~{BAJ`=>{F7w{cf2k$SjfXbL;QDkHt>h?oTrKsbO$kPew3H z63L&rt7+_Kpd1tSR*{U42>Zo1g<;NpyL8Sh_Ne0+=x+0n*pSV*E%)Y4`=fyWM7;lvq_?^?6HrbVJJe~W#FuUe1Kfsj zMRXr$$bVe1{Qr+8|J?`c&FUZQDSOzY{)TNmWI%-IzRNHlns%zi(GlSWMB0ym)cGO% zA)5@p0`uU=1K1D0vsKjMCLhOoNc$lIs&ipKT!Cn>0&MMzqrF=pyqZFuv7VEQAZ<(2 z4sP{lZ>K;dKG*j%)Fj7f7p{?>2x&iWZvVg6)F3bQq1S6TqydGws;jBQc7OA+A z21xYWdd>WJXZTmUA%n%wcosNb`)Vg{h(gA^At|KYIpG2m=NmO)f4nx*{#ZzH=f)IR zw|c?;m}%G_=@c4@s?Shq9~^I55O$*$>P}c7aXK6xG>rbRh)%@Pao8X~nDOgukgpNP zhuI*{8%z3c{E;@uACyQN z(y9qIPYPKzJx_~egpgG0<#72x7t6i zXZN<)=G%DfpP(D6e!sBlo9v%mwA!zJ)m(dhe}duiz(&P41Vb`Lt)ZZ62pY9bi_obw zFoyCL;fng1_#DN-7&?Hcnf@D$Yf^@STtK};pjFAWWAki>%*CCE8*F%$h)1Aj&KTE2 zGANncu-weQhW!*y0?9)MMcPkO^eWN(Xc)D-ru=cL1pccjC&wD91wLJHrv7Pbh{sYz zElh#0O%4@`?zN&|*tI!o^y~QRESul zr|cP)RaARy0o(|NqFaaIAG()}+Oi+9-0+ov;kSw}AUXap`)s6r><8L+-=BQn>FAyE zD!ZcQACD=w*Ic@C=GU$(k{@C%!tFw~%6PMb89_6@d3W}-MeYqu0 zwV*`t=Q`_hb8z6{a!-=mcR2)8p&e&cdOEt(zj6D9r?`EEj-vF`a}?jT(CqA>54X5|xfyQX#aTt^n~KuE4R%&)R>%*l61g~Feq^3dk5W`L`mozS#922a$KqD2Wb@FK z_9ArcNv`yz3c6PDO>!vd%arsQ9Dj$ttHb0deI@!0eK$PIm0s;iUlu%7ktYplE;TbK(9x*;%zEsVVkzndy1h21$bWqfSH^Q8(QB5=H?`OeB38)SnxoL9 z*sZ!#)7-cMild3T;XE!pm&umf-I#fR7U``I=@eXL5ER&m02#Oej)EOp;PQplL_Vk} zAE9yW^ApC@SvFAh~)VF@M``K~W6YPqe@pOo&lY3Z26$HA)}bZhLlM90!yI9xgek16#PRY!6Kk9{L8{WjlR&gL_;8#gGoeRQn_&$ z^yTtj3i_LzicI+Zmv~R~2wJN}(6ZQ0_aLuz{JTxO$G_xtIm#64s!^C#%)@J|AeYv>4!629>c?LNny4zDIpYL?qK zi99zw1B=qvgTFvlXlwc!>RM}2`kLSXr6w;mhh+gSvh<4#y3oG$F4vBaqNG-O;i_RF zf-*;Cu7gm3^jHTGA<4^oqT-)wDZ*Gxgnptc{ea7NJq{Nc0z&^qQOAOE()UyOj^GJI zgIY@OXF6S@lr$=ZigVC~+kbHmNQTaaA%dN#sBfp10U%FTSNbo=JOi0$aprwfkvAd( zq^whFl2TD>w)U1xOy1#O2$og)R4_hn%SK|XpDA-l=c!p>6GPPE zfqw0}IL!6ej%b}MyRKBaQTDV8;E^;*=X zFBZ<%qB0oCWMvXEt4L_OEt`oQ50RW-MiSiZznlZy!9iQaLzZSZUwSH7YHX^)A>@a} z?Rci}!X29lut=9SI)1%Xl+tSmbR_2yU?T4EN|exZu+k{}f@2lGhnRF9XYg7o&GuLk zc3AY*GSFH049)=hDlLPq^gDeyv0pgLlE*2J42t+6fhqwpAOduSVl$t^{ENgtogwAM zU`$iIx9bjrgmXtBD;nvavwHgDRKj+3OD))VX>Gu5*+W~nx%?McXpbRgX+^Psn+r!N z>Tp1g(LpVAJZHC6&<+mpDLTtpSA%2STx)kha$h&0!}X{@^XDwkJJ12GYef*#s$9kG8;>t`yVda-_?Jc z`#Ab7RAlbA{>iT`^V?}*1rfd}dhIKyf`ow|PzeoQrcwrzU8M#rkY^;9zd1~eFSw#i`jje7I zFBF+|N@bO&CD;b*g^~637_;cWF}ghyw;{Y~Kf&^86B9fwAxx-8E~!>OE#Hg*zI<7I z`N07bwu9Lef7@PnVRr2wG^HPob-%pR0}8f0-;BpM3~Zhd#D?Q-yPb-QVYp~T7ejE- znJxz5;^$Lv(H|GrJ(iph?1PJ4^rROq{8Mm&=!v$Q=m}==ZCBAn3tX(jg`#3t*wy0m zM@X-bI}uH?Rh$o!SLc!F$f;Y=45yQ-HSnM&b`hH%K2VQVcfoXTqNsinAJybe#EXOg z4RCVZP7MsTe#{&bel!imz;m-bh@C-KS_CN`qriC(H88;$#BC@;JwI#tdv@`7^bGzJ zp272B8EEyP?<4DTZuIP~3D550uT58J$hkQHvzWldbqW5Bv$ZcTx$d8}E$H7G0y4B;T)py~ZCX!z~ zLF820^gEZUV(=l+38l%{*f0zC&8)F;06j|ASaN4E~QQZFA5`2g$(gpaPREl{=DelMNejI)$ z;&-CryN7^ssrS>5+wUX6jfeDuhuR%=9`5MJcMq|ZQ@x*leD~0SXt<%DS@%3nH#6_2 zpIP@jA#dns);-h#cq98^I96BdJU5{gm@0ne_IILHs4`%9DdspeST5{Et26K~4U;6S zXohDfeej888S0xc#NyG-%cb8ws76pK=6iCj6TAlk44s3?@@~blUrq(-)euL(3t16j zXnnqce$52qNSy=*r3n)$+~jzgm;9#*ppWl)Xg&%EzVh@uPT*k{&o-FDa2$<0Q5z{v}Ym&w{?Hp;P)m#QQ`o1S3&! z*Ylyyy&Hdm_p%wfRvdpJjcNPDi=9%Ch{!+XTjR~NB#t`&Eq`BI*W8a8)eta-H9tjp5%iMsnBx}%O|(lpFY z$M6gl;s}BR@y~V4n>2wv$d}t_+pArCxl63aFM5xZh!ARp$Y+Qh_gMZ6rP&@^Lw?>alwW(wuZV>KN>rBxyHQb{@Cq6s6ysJ4bGQQPYAj5!KEV8S50!z10Tt`A ztiz(b7-f|p_Y%A*!Q&F#m*Tz@_mB=lARThY;eH(M$Kf7QB6lM0C*po0?jbE$&boYe zlz}J})ki-rbq3%0%2{am?qH#zvLwMfDMDEO<2w=|_)ZFx87xqEBR;3^4iYG;PfC{= zEM3Z3y7=y(AJr#C%?uVbtgdy=y5n)Yndzgy&Y3glXI44OomqF#&rBcR%$z|#vv?H1 zHzb5+`lLjfK|k*7T)XEA{7v(6k3-;QxznrM&(*OaMh@XSEM`4p>ukckf3I;8fgzH=!aN4#mNGW;8#RcVN-xO5*SmniVdCET%PNF4(7Vq8o!p`avX6 zY`JT|Kax3^9c0}eqnt4#y+xn1P;l>ks0xN}MM=az{{s0DR+B!gMp5)If16X>iNnXa zeLYDFh60yj3_8zQk9K2PQ@%gZ+YW2V98{th3p{%eqY4y8?!@tSif?R(XXr+nmMm-@ zOy*vaU6NgB_jbT=VrMEz1d-TL6O3rOElZT()*z-~oU8!ERG<^nJBXXZSmGBVKot$q*Kn8gb4kH0GT)Z#c$0e`hz{VNe}W zln5V$97$%9*83_xWSTw9KE4;JDtpx3PLjm#ZJv{LW4*VX;&);iSCEo3^Tv90cQu$B zx5H90tHS2{Vfy1V&e&FgJvlJb`4PNS$Mv;)rGf?2T9fNQA)uYy5}f+l@}|)`L0$zl zKu+*#(%zvvFkBR7Am*jsGYvKcZx_X%2MrNe!3I{yz&{9?+^oEr$D)fNi10{mERRl4D zH4}3?daDsJAaYw)DZYMg{|KnC2?4ADoaYtOCX=8t@K>6W4XwYeq8e4k_HLMuILm)Y zv{lTe`|@8bw%h;BjTuX&V6McB{)<-i?c&b+Q15JEt1Q>jd&iT0961xl0G0%~wmiTz z%R^PBo(AqA(Kd5N%_`w3R3GdO6Hi8D;T>e*-d1jkc?x`p zIgSJ{+_WLOBUUUlf7A);ddW^8r~(Hnj}C)LiU_J#nPe*u3LOT)vkF5B5iS}u3=JyC z3Z}!FWw0Tspb9_`!=M*jDrp>1<|-1X!?Gl|5j|kAsGwr>^Bj!BIAk@j%qze$ufSgR z&f}EIJT>iJ5Or#rh{qt25~xaB-qa&!);tmhGzZS7RU9Z|e9lT~X$>Bykla+U^r^`$ zA$HeZXdhAfw3R%VYpc%EU?ELoGlmfF=W6*_kk0!#inFrFaM^|dmPzBN$hIi0RLdb~ z7yI-1JM9S~?J@T9s(?;13UvjKpCSG)2D{^ogfi3*lW$waEL=EMoM`c*oD;jG!AB{d z1no#$PzhYCJV)nO?wHmU=Rc?dBa|%0*b!A>l`5vwnLFT>`IWQ0zS#sQd?!tGQPj`; zP4w7p8@dIv+C253xbbdMS9o8e6k^1k2j~E9#W#-zgy3W1V}w)@e^B@b^mRsUNLO<_ zcPGg!SykkMUF9cD#LO8g$Znjkr!!RWa5OPhlYC9w>c6OfBK2@^bGSXN7#?GqJbVCL z?NSe!(OHj2PG3bTPc`h`Qy|VOuA^jlMpHdSO-gl^y`3tDh>GP@2JuNzA5UsZ;9K0f zFigQg3}y#U5Ar8*E~Xg-RLo20S8j)3t2i2Y7Wt(%*`;oii9&ri#|3`JbXb}uTu|=w zh(qSdx*~OdeQ_EF6<^;}ILA;jHAC|GAlsx7(l(CW@g9 zovreIybs)gKN=|@BZZn%>`Gq^B@|DCDR+mf4+NrGrP$^}A-g(r183vfw-MEO6D>&) zv*)l*$|@TY%&FMm!4^_UsV=pGHRgm$jtgduV)~;vYb3<@RI_qJin_=|Lr>5{h#`xh zx+3I|QUqKbwhF}Y!NbCYP*EQmhu|WhZmoy2@Z6$A5A27DRA&0h1(tvtABfWZL~6Rc zxL~+kmdU1LWNxXR3C`aq+V94yOXXF9#>vu67TXO=HB3&{3eWj0U_yGNSv-TUsPZ@~ z-Ze{^*9IqQ6Z)AfH6W%T)e6T!gqKJe@C3D3=2ptx6M0){^d(H6@G*1!3aKRk+NBMRm)Ht8L5XBlb((VU~G1*9Cyy9WAD zc2FotsVf)-12zgQ6)#c={^ZX(>kD{H`~8y~;&=h<%7bOJlnk1UTk*jjJk$XCs8d+ZLplRD6lnYwXZgOemILJ+;TsAfAR{WZ)_UTPXs*-7HUqvZf}GHU+2#u)u=&VQ85e|lv8YrZ2Q$KY8r zNTcwRkunOsh4uILNPNpzP6UA5!DwXLYq$~;P&+!pKIr31q{v=@?-KF*)KhD+3h*<*_g zL3X>mtg(wOa6RW{4 zu>0EdYMCqb#q1V*%^q#o&m1{({k|R$t$wn9iFwg~n^Qvk+(foLWwzpW zj)#O_X{hCj|FM@t_{mH7=6xm|z%LFAidsL$uU9A+;1?~IImiXo5c|&z>&OdH9YcPZ z@LSukp)yyAA73+mR&lyszekXD!~PA!@7DOUt!0nwT2X*pP53=`W(dDP;YDVaWc!#n z1JAfSry`}fIyq3-E%ltt>na(apk(j$oB*SIo^4^vysVEVcXwtTnB0ZzbF_kXWv}vn z4Z~&jXSVyQs`>1@unE7}Uknqh!;1R8lK!z${`2nfV_oV8m`3Be%Y^p+q@$cOo5Od@ zQk1>Tn~qJ${MXu*@-4f`YIPtB4$vw&I^ofWa3DO{rCw@9LQi|Ctya`8#V5C8{%-l& zxiTLMVs&@K9F2N)^Mb?Bk8@=`IWD4Z`fsQR0nPpt4^hyU^R97PZ~XiCg-$QoIiOS zrWxcR1s`Z_!Qi5u;Sdqy=_?gdw9cTbVoC<>z5PE7+SWIGU8fC-tEc zvs^9`p0-`sT?l-nolod>*3Sxnd zI%58^k#p3`62u9*e4F zo(RyPJTIdxP(ON#jIlQ(W$eOJaJM*?oH2dvS;qLs9FD81O z{yhmHkSw|TDJyW=y;a0-_b%faV!Kc*vl24aAkvQ+P^;~67$niqZ=r_SO*z^syFlgy z`-O6&^Hw1dxIRDvX}QeM2U`x4Xo2nok_ty|z_%|Y@GhPi@(z+EmGXwD$Kgciz7s>a zvwfEX9Lqtk)D;LjT#kMW*edSDH_ozwsTQwbALXu!Ki>k|OkPI4Ub?4iFpcVG4}a|K zs8z^jTe7oh{inN{Px*S0V}0e*Jy^AoRH;7^?j1Bh1*B7MHqcwno<-Z1q}R14#h ztQI_QErCn%6!ZqpO0{t3Q*$6qKr6P2ccH^|`Ob!_6?8xWlb}iH6>&^29aKn%^HL>T z{!V>$GKM9qneDc_@ST~Ufp>_QZ521+b=g_XyxTRZ?f|NGV}kQ#u)RLtBzmStpl3+# z74^X-M3Jzq$UY|BbA}h>qxT{RitA#lcm)W9JU}N9THcfZ>9{g?@CWjlt>RytL?hax z!ibhL!H2ersYpa+COOO6HG@fx#-$WbH*GyrmemZWAeXNMhXRr8J>H#223sPDQmEWp zW9$=-X(X7wAcNoZi7j(qr4DFn$MS*{ymvFAnz3QQ@B6+oYwM9=Xg4l@6Vw> zR&QtLVmm$#b_CA_+c_7L<~rEixwsX6Nko>=fPrCQMCv#aYOw4er={Y{Yo(eh9mHh} zygbaX&nOhK0s*Tekw&o?CtvpVo@6372T7$YxBqQcp}OG@odN#pi}Df>yUX%M5+1Zj zh)M+M<6=Or10+ww7H#W`{`WS^+&~?csuPJ9!-t7J&?)%1Q=lJOKW8yz&O>7l79HRP zNDWV_-C4KN;>~oe-C5{w)1Um6PSs13%!{ps17x}kVaxR+`byD0@qVZvpaEKwV4=VN z>11ZXNV^LFY+DT{T_nWxM*7M!5R1A{Rcv`Q$ws1ONYntJA`A9AfP+2FEFpKHB9sW& z*id7jkY`&0Q=4tc{ydfT7oxEoumVczsBt{y$tre^q`OhY;<sA^r3>q14U?H`d6`v z00L{Fl>P2>%x?E5+h+3w$6s*Bm0j-{uU;gfE=gXLvpdcCsyO@-UAv0WEug(T%i##M{J|TUl7-~437M4$(4;CZ-iB z3LN6JzC8Ovd=pQ{ibX0OkZhj5oS5D$fGRh5mj{;^B89W@+VGQO@pdC|^6o7(v!R(* zZ67_?ZSrTs3*K6Ax&9vl2=EDtR;O(x&9i+-3jc^5%i1ambsSkm%2u-;6r?uaq|rZr9{Z zlj7#xXv?YB=%KcpI*V35*{0>xnE%!F)RrE)WYFd}pWwl-lsC7G)#c5dMy{H?naa7= ziVKkBuaY<2FKSBOq%HX$mp8p}KvR?Yn`TJ#=g1q;^{aUYG&!69vyjk?0|8aTq#-cdn&D}`!=g6Ch9sf#s z^WL|A%bVX_-XwR4kT*Ye{?+p4pO@?MW`3s_&`nNc(`cvJolbE#B}c}+4mN`EyF_CXkF+~cEDvldh;DsKvpc~E1-ny! z%!CuLBW4>5{RH<=p9!-y(LND~^&(@Fq8podFXL9hQ#51KiDi>h+aySv z6O3W7IelZcIbnAVX>-bwHm4l&#)Byvwz%y=-9!Qe_DgIqpFkET*qBTfCs=<%7N_;p zIWTpg3|O2tNsH4mddN$pL!Lr+_NJS$y@z3Oim(SZZhul}7Fir=e}W|p_NPs-Ke2Vy zMMa$6i2Z3f>`%+b!`NiDKlM-bd>q{X1^2MH3{aq97@#i8+(5*PnD3~>EbUKaMG4KA zf^_@S>+PBI;UdrLrBUK3JUGJni=x?|T$kzc;Tg(3CuJ zyz)OMPfmI{4tZilqCZQXe1%^6i{(knuQhps0~7w1C$SCMzeS#0*)~F+jKG6mDNhbu zq{|bVk*g+84!5CPYsF_s@_WmZyK|e8Cu?5#pOYtF&x=EzEJC6`OPxMEydO zCmXVwn4Rbf+_2e6NP&BZ{9!g7i9gI=Js;_=lm2(Kg+OVMx?HYrD83VpbBGj&Q#!8<*eM&EzI~e{o!ryh{?jH5B`5dS zWT3G>dFC7BMqZIRm*%Ain0=f+#D6aANl94111l7itYEKwtfw4scF#aIaCSei8uW%q zyhGUfk+b`dn9lAWH$wrw$>d9p0Pz)khY+LFYPKgMhYPxspV>HytHq2tO*{c(J+~(* zm6}7ogsA2=-3xH@v!vCz0;@4NnbVR54yAB5^(50o-A>mIw_moAmS<`Dij3S-`Uh>s z{^GnJWmEouG=*(qJx0r~u=UtaR9~zU99WO_P37g-u~?2NDt6Hf(1Ofx-}2l@3o zLeOGmL-0F_)J^%==Gs_-WfVIv(ER+WXn`sH{7h@FH^bImSPIhGi`FF$C4DFQ3$BP~ zaIINMjvS~diYBEY<7O*#fMfg+Cw`#nRzkf`<8|WF?oDN@EtMXP4Jd~(3*43 zOc0ZXQ-Hdyq8~Zl`cIotl$`L+J3Zk#yiV*s2kfpUKY?UO{UoOzaiBf`&aB5l^Bk6d zQu_vTgDDh}w@CqVy2ZE2 ze48Aw$=l|9+dPmUZ(Hzfi@+XK2#KwHYYl9cw=Ma$W#D6Z+lp^n1(wU()_mJK@VdNh z!?$e$&&b=heA_ngfV^$Tx9tM7BLoVvVdrrFBwKJYuCc8SuI<5bxNgta?Sog~x&vQ# z2#&&aN51YDbmO`cUv~=T;JPzkcMkT)br-(w5=_H&SHA8VJQ~+2e4P@syldb5@^7<}Qjz-MWz%9uMvy!r0 z{`1h|?VafI@&pU@w;SPT>7RK%f!k`cX{()Ox7KHPYqZY9cS(`o(Km<(I3EGK%JlEo z01*yo!(Q6tOAO|RP6fL_U?+n!c*AO2I`*Ehr9(4kOMf`E4C!s@QlDl^e@+^@rYE?uDvMHZnZdUhIS?smbrauJD- zGMhDW&~cIfHsam5k)7*S$|-;%+F;QBHSun*^@O0pTm>DnQJldQl<{tbR075>baHa- zOOX|1$9!#$619SDWChPRDtPS)DCk$jyLF@rVor%VV(j|;k~8-Wdv&D5ILNW2>Y zPqEdH7VidceY+O)rYzQj-ms|)_FDPn%9{}6vrFXW6PFObs!Qn?;Vu|8`$DtG(}T2IMY z4|b$@HwtxgXM-Ybl{EZlk#1)%uu#AbCPrF})A2sEgg)vWsvgCQ;SqK|^7aajV|xIF zKVjK~r$olZuJW_7yFH4UfvsHGWiAicGJIE^z z*HVB&DAo5o0hBRrc`A;a$O?RhM^gXcR)d&$r$Vsu)RqIntjJT3FQWKviX%(Gp&u&{ z1hoRt2IZ!HWm6I?-he!U1Dl=aCk^)Hy?jV7*OL-F4)uYAvWGqQwk6unQG7N!6EDk| zUE_TSd-oZUZLe4`>~Lh;9YLIFmv1#5*eY?{Z#^o+fo&-u14sr8$!sd@8q=;x`eA^TFC|Z0Q6R)k}HoPv& zjx)XuqOrUh@okb05ws`ikOS5{9YH^x`I0ChHNcB}COuG{ggZoe+I@)nl6+R2*0q?t1?sJkOJX;CGHdb!C63#kYY|l7*tscDpq2 zMg+A%mVlSM8-w43$k$eREjprNgQ-Y=@J{i_Ar>*k+|GJ+!TqhKU@*&Ul4p zV!U%eQ!2c+|0EUO=-8ocFQjflxin&DpgeE^Z#x+LYA8xbT6L({;5|CfnM97>-_jll zxl;Kv>Phr&j)%kg*NBJ1>Q}3s2PNF9^$*dg5&!nJjC(_TFvcq^pmsgbgtm_oy@y1a zwl5SIXvCrDVNkO}4bKA+U!m5Z;5M;i-Okt6z_a_1yy93lhu#2N$338jyJ765a5q}WNaN!#9{6Vp>7V%> zJynAE;TefM#LykR-&AbN*8KwCnVyJX&^4sv>NafSXXX)}O&&W=bPp5KrwW2kW{I|%b zVW%`DpFX_vZ}}8kKFz-)4*4_-iT*hG96=CrI;P2|1r!y5`I8Sx;+0QxrTs1x@Ap%<9d0y* zmmxZe_nB;VR8zvHY>E^%B^tYg$NOPJ#HZNnh@4OjV;n;L+EKipEfnwfXWQeBi*Aq8 z!vo142j>ODA5{+z4B6vu_9X;v!8$_sM>XODb#GL^VUfFJavTyT3yB&)sKp0n=@uRD ztdRMJEOMh^Rv(4Uh2dC?qv%GY+O+6E?9Ql12li)Qq#P|eu%vjnSlyka4@C!>taB5? zt#da@>s&O$oH;zOofaOL(J(wPihXV$87|2_C$4!8gbTZ;5gwQm79OaW!vn)Nq}(Je zbfFC?4|xWX1O6Gbg!@ri=zjhB&4>qteeQRS2mEX7bN3+1K?)3A|4m^JynZ7w5TAYS z$7r{1ZJpeg1<7JpVzGKScgC z>(G?^Df9d-f0~d#myC}?{$wH1pCf-(xBu(qPpc<1`6I&*8<9TY`XO!h6Y@_wME*&e zq<@k&`}r;YNq_$Q=NR3-c0Bx(&Io3QCb&jSqRB@IXI;u25pQk%(t~SsNuf=A zR6K|(cnn`XEvS)QojflEUk*kKO4PUO?%qR}Nf|~-noR1+CDn?3#~A*UVeyC)dHu!l zh%4bl34d^Hf)gbkarg(sIfzBVnKtV?OCSGn@bUk7s`T-nNRfzTnDo+rj2w9!rt|Dy zQ7N!v6S<8$5QH$7KKFON@qXaIafr9q;i?fI|Bi?zgIksshluDd+)*6j*{>!e2Z}?S zjq_m=66%Xf*qv2$+10GEP{ffp$PK0%4Mp^%jth%J47O$eZ}@A{Nu}fy?m-x;;ql!C z4sJ(}nG@-+8S=tq5~*hYZ*p-v-5{Sf_|iE4!k_^{Px@IRM-F6kU)6I1SAjjy-}l^e&ONW|_$$5%+680GiXU*5JM~v&mchtEmo{^jv(Szw%sEYPiu)A_*Y;9zlrC7qnBR=i>e++SR`vQ9vt(@V&Up1x?eN7#c!7(IVRp^^>NzMG_bwDa#ykwgcwn&d zV>}vG*Vq~>2e=MS#r=UH61kiEal{p`;Kz92Ncb`C#SC`p$M}3&f#0bgLf#sJ&{>HL_l{22rA{$p~0@@EXdxsS<0<qDf1y#B7p4_Z6m*n7zp-%i7afu=P8lP5vjcZ-M#uE-INXJGO z1U>YxVTbrNmWC3~%H>}N;QVY%N0f3sd4eBa_dboTb}(;;+g$;+p7O|s6@M{FoX6Q7 zSeB#>9&ffw8yxB@n)?cVx%pN_zH+}~7I&oIR>M}3F`fNTt-}d2;?YxGZ-xoFhR%1c|c@(+t z9XJBl!qD-#Ok7~-yHiZ(}KAil0aEV=9r`lC=0J@ zBy-L0sU*Crk?b!1+V~2uY9xDzzc!Naszx$T{I!vUS2dD7#a|mqcvU0WOYj?#@Tx|# zx8OGv}WKLe%5#%WKG30{H*a@Xidg5 z{H*bOgcZi~V0j*FRpR+bc|Ot_h36siJj5!-^H6ynY7N2jFnJzk<>UD%c|OX@L2U?{ z(Bk-OA9Z7QdxcX&@BCA4R@IU|WAxNz+i}Ng_RJA@f=kDK-<&ZaxYy%mPi@J$ZS}8T zwxoak8w<)dMpx^pvjEXqRg3#t`D?S`P3XXQ)nb6Psu^&+zTx%Dw3XR`rf6lK`o-A< z;#09D6of~*6T0C;s_tkS7UHHww7mBmca=Utc>N<-UMO*RBClN&a4Ij*ZViBe2sUK< zRD+rLGL(2Glz5R&qjdc>&S+F;0^qw5&-YXq2|+xDzdMuIaw^UWz?Ssv28&eU7QINf^^Vjv$R2UdHf&MnE)563c6HY$#Kq`* zP55IYNM;S$n*Wjc``WzmWICi@_aIicO}|Fwx%6w&4-b`oeb7S|+n1qVJ5{evN%ty@UUd#89n-HwJNlJ4n0~#8n2{aOuhVB^c>?(3 z(yzZFCpq1p_D$2T;6$NdIw=^)7_UIXnwR2kVMW2N>x_b3?NYF7Ot@rZjRE1);wb>P zy}fU6h}V4X`_eSY@er>cbxgd>tMOhim05=;mvo(vRJxut=_+qmi+Q{h63P`L<*E&U zaD@`9&D%k30&_u%!l}9(bBUxtT#(8$=SvFY0;xXc4zsbXKU@n+uq>9Zxk^;|+)CuNin76=Ou*^u6 zntLP#jv1*@LYx9~!7w9LX1*Zb$|Y59u9Z}!q$*ANx(4P}Nvg{Hi==c(>E<1h3QH<% z-Xf`5N!6P5k^=9H7A9KJz+AA-c${oq9heKw8IMz}%K~%3IODO-ni!Z1z8Q~Gtx#a@ zGe${$f83S51c5Jb)h<~1>HeP9aKubdZz8)Srhs+0<4=w28xa$MwhGLD^aev) z-l+R<5NhnH2i72p#5L|&ROE?h79k0EaP+kz2hLeIY(2~X2zv6IQhm%hWw?(ybsnPo zOu#|Q`kl9U6*NN2_c)BkG)fp_^T58DbMePGTAcbexl`Y4+<2`79U%)+WV~l<%s2O- zc!)7a^6c=vg~rPH9hf6!#ig;d{!A@ z)T3wtGE`!Gw>34so?E|uveo_mYpv}2r|O9-?^~?b-A;8C=VCpQb zVcVWi;@waQ?sYz}B=`N#0tf?ylf4#uRaU!T6W-{lnhoIu!WisD;53N)?g7OJU$L#m zcVNjmdG)W~SCe?BejlLowaDoDefiN5!6jP#z7dh!`hCYoyVs=V_^hD~t=aPn>i3mK z^Mgyq`T7)<0|Dbpw$-gB@tKY*r5l#OB~6<5bethSiA7a6_YU@g{=cq}y@({4zw|#@r@vxEmb`C#zQ&sYfYtyYfCg zb>$|{!5Ukj8wO|my}J?uYDx(BaF#0s{KjXvDLIk*!l#^riWl)?{2hyHz6Bv5gDtV? ztuL!pZ^=#T3+zSAw-<2GlI}6w8fyjC_BdW|Xz|&rXs+#nRc!I`EAD?sz!hgdKvsbF z+HyoDTpa%6WV&w@SE(>3S?BBs>w2Hs*F;wvD@`Toh_(@}%QP+5)XgV%th$TbOfI82brB1^3Sfv;f@qLX&PFKobv(-u6A%KA){- zw!cZWKQi6^IBDO(_6N7W0{aX1O|$*CwAf#eqQIUw9xcCvGa2!9{@pkROu;q9K#r5O zSONDW@G>HEAkNX@OeHSO3NGnUK7!ebBR#^2&&rRF;)so?_G9N~33`@kTkO8YNc}xmVA*oNVg|frhe^rTA5Q=aw!DjlOQIg zw!Duowmwn;+8+!&6&>yEH)CLEi~I35=6p)+z$AnbbO{m*6JclC5N9*k@G@F{3&W2R z6gjg8O-;jUV0{&PDE>VlJ6SYNLoM%#<}xBWhVI)GPDZoBfjyDyLaEuPdo70pNhVHX zvuEh3K7-Mu&+R?rkJ|De=4;^M^V)D~Z&-`@3i6tF2vKIf#mb-+7SW0p-zfov*gXIO zPkETU_mz;grsT7b50^6_JMKAmTEu>5=dizdtP5#XuY~|nGMi2iiy!<0TdHC8G!JSw zp7<`fFXsaIjNFyX4Mwami|9JWt=koS*1sfazN#f_`XLeL?9V68lRj=woX6lzd*ZBp zf|dQ+iSu=T>ykMC5}imB=f|i~?~FL_d9X9$eAQl%+kS1W5^2;X&O`R)q$7)C}T$rmf6B4usqV+5a^^7X8Bf*mpi^zvMdJv|sWet^bWBU&Juvo%3UV zLMPHo{=_p~EcvJZ=xoVneTXF=_G!kFmwfCl`A!?a`FJ*s4SwnY zaP~*l|Ihcgz1Ux1e@8!Pzu1@HP5Z?@Y43kyv48RBE*JX|bRxajuR_<}>Hf~Yzq7?& z^gb4Q_5IQi+v%oVX-GmZmem>VtD2fW&+R6{f zuH|PQwKTG6{lHS^;H)*kI)cgmaBk?w(-z*PPg{v67QT^#lh49W_!ow!;B&P&0nFjY z)u}7E7$;~DRq|kkOLBkv9#>V1Q9q_93l<|uCaRW!sPk72L-G53#>F4ffMTe2%Lhm= z$^E`v=5{GFdZJwh(tpI9d|%5)%P3Th-kCI{2eCQvxP_mP`^E|3lbq-=nLRqoD$0CO zZE2Y=#x2$%;&MB^eUIw2ikn#QJd#z(vH1sg{C6Kn$8S7+N$zsH%rUCdzeO?$wi07) z*YA|rB26Th_*}Gy@yv7C2pp}#3|`S1PK`QAohr#|myzioMUMZ3B{f-TmLDR&sLvY0 zL#55@SKDVwe88D9lt57KiHQ9Q7P+(v?3q85*s8_{X+fdxYcuYCueA-5Sf1jbS3Jzn z(F+}ty&2%5!Vp-1F+mvJ&y1xA>m5!|w++Q(7;9Fk;_EURGy-OBHWtWez?>K_uIE0O zNL~rq;h-~A+imss3Eg&+$D^}RwEa`a^C!Sl?Y*m;g?8Zcw)nFZutuS0U-7T13%h2$2rYQ zrpOliH1EwDdEu&-9w#1$!+bUi0r2FIpS4(1=li~LzF!~RT_IcdsD{>@=qNN=>56d9 zl18WXSw7&hv%xwErLCSL@i1Tt$j^B!2a=J6pZNfnt0Y z;lKtUJO~Fa?d&{1wR6dmg|h*CbBl5wS?l?~xugi32>kbI(Bds^R>O!+TBYyEtw`TzMYU z@B`)OuC9Q~rlzu1yP2|_V12p2REs~&M~Hw0RcrB;GRIO`59cuNtqNz^2rMR5a|kYr z)BNgeZ-!6+mY7o!qPXEBRE0VGY)6jx^J&X-OSY4MMM@Bmd>|enRG${oR`&7ltGte6$Q)2kcy0GwF$N;!p6o89N4Qa(7H*Vg3O8QN8o3kj0HKY77ea#v>LAsC zsK-|mIH1KLtry8g5vL;`!UKV2NH)SggJlBi)Mh$GNluz(k2pIu3OIVLSN?Mr>HMI^O@n9d!Rp^WR(U@r#W3D`UeqH*UeSYw=srN}8oz zn-v!QM-Vy>qU<^%+|nhv1Kv?w?F7Y&fBJSHYfHHwW&rqHOh&cNWy+!ESYy~sc`t0I zCAlvlI~n==6o30TOT(BDHLz%@@a8CWFV4Z{Ds)G<^0k%O;s2B~M?8La47GMIUXcx7 z5I~Zgc~|53^j*cHpS2{nzg=1k6OyC%za>0+N5e2a29pKwDFyf_v3UGBEr!bzfMyVv zS#Qs&7k+6@oj6=4lU{B!>2*};36tLK9WRrfZ~Q@SIJm=KkLk7fbnGzU(~V!ceEMYa z>9sDO4*qYm@v;mE5vz?63@nVHO(s696+XS3I}DUv`1DJEpUJ1kcL3|+d$HovXEP~$ zIzijBTVCA+@^IgqAP<)y3n!I)@lV06^2_MDcU<=Ri8lqW&qHREna?tl!0)h(`5n7J z#g%-W@2RQ}FpX4I;HheXs;X2~HIij|IaO^zRmKl+2NfC_#4oEX#jKZ;g-(rr`fayM zr>c64H>67@evDOU+w3Pm^(gI&By6~Dz(y!8zk(VtcEzesKt|2eZNX1zF*S+6wi ze6&5YUTib#*MsDeS?`4g?QrM9tQQ-tLX5W>lkuCD-+Iscw_{Pli8WyU20)KV*01a; zpqnAkvV!XxK7(7iH@e5IJV$M!4__zgo(cs!;HGfp0IA{KP{P1=ZhVX4mezAqCzL~Y zUgRh|cM;riI?a!kE`jhqeKLg+NyLA&HH=5ofmB2F1H*H)=sV@pF;sZILxhn>&J(Em zHDko>khMVk4#sgr6S_jqX);v$FP^Pb`gP<6r=e4TT5xI5SSwBt%q>ssKn{R);Z7@l z#Nw%fbH2kRN0c+;@>O{1)BgL(Z3XqZx*NMV@tDzh1;Gw;J z#bA$p1!f(T4n~CSj4S@|bFPFku6PLTImQ*|gbvlX;yUSc!77-IDdUPwja{?k2V{92 zmVB3_XmC(Zqk?wE6@@ge!2Jr~mTQJ+ZgQ zA+J>+OcG}j_2k?{Ym0%_<%xC51S6FbgZirv(ee3&krwvDF|dFG*?BoMut@l|>0l-p& zPjSsGZj`cHjSKJ%Dm#p4(!ur>YyKDZ70HY9nyj7;Z~DTiSsfTx{Ona?olxQhE%vUg zZ^1mg@yd6JaK>*V!ZB)mp9VQ=VqQUPgH81%%_~wlul@_|!P0|<79}`i!_MN$Mq0Mf z&f@Q2U^|lQZ>OEbM1!0a)(QG)7(2YboY1K3EIcL_RmqyCjM;LG?8waGj(=mLk9%8f z^ju|TasF0!qd)p@+343G8#ek6BsUhR=T;x827jP*uVD8SbVM}xxsP?N!9P7igI}7~;9n};IAjg} zH&y%BrrVE$e7dLngEjbIb37V+vaKC!@I?>IQ&OoGdq5~6#S=o1h?(!lt8n559Nnw4 z%12OzzYB7JZ{XnJsPHF;Ada>5)j$c8vS=JkdgjsNe>DI6ATGNpjh=&gl(06Kp~wd} zCN=hA$FVd*AnA-RI& z1wN2k!%hG^l=$E;W-U%RU2jPqu9k50Zk6dEC7`2^88j`cEX>k{@< zmY>9+4w-ORmV7)aBU>Z@ihlqG5VK1|sZsxjqjHWrc%Ju?XB|lPOI&aO%g&6cvvTay z@;iE9E2OX>8}QKp5{C)I;ntDilHI8Oap#qz$N%F`u(8_d@w4^L^!Rg`8~C6WOhN`e zAeRnp3xKvJ0SE18fp0^JPpg0&Fp=wMSJDK#lB8Y;Dp=B_YvVUl0#ou4j2dqotT%m% zZ`FWz*r09atOX1$ZW0B?w`jMB-~Ng{n0)*@Lk~1-4R7EZaY_+vfOBW{P30W97{rQP zU>|D~Kr=^w?10L@KtFnoo+|$v3S=3ZmtybI_>)_$;c1w>OjjIXK8zxAU>|{XGv39=>Nr6|R$Jdm+3&+|Uj|jn( z*)BmQE%6Bo!Tu%ME7WpUA)B#q)fTQ%h11RIVh_tE468A*Hz-9rYP<&n;X15)&BK3n zPLKb4_7tB(jPqVGQ{M?OHUV@U+dOI* zrt!$D8N_(a%PuiK=|v&N+g=c2{5pP&N3gaT#Mt_~TJ+~ZxPc%4*Zf!1wx{@b1-+ta*?C~3Av9pj3%(hQ*V@)&m zcW<@~r2fGswZFacmC2y2!32!gpNDZKB@_Q;dy4TJxUgw^iZUcgogfGC*i-a+KEs~k zNV|+}PmyDn!I{@`XuO^%!?Tt`W_nu<+HF0NKc7+fzKlq{wLr zvKh=wMXzVDN&blp2ia3RvccUd{%2&Xy!fzE^4L=x=c(j2RY|p~l~T|D8MRRwh}aR76FZ%-)$`%x z34SG$?Vuw+P#t+F>~!R5kW%;DUW4-yq<9|7{|V9&C70D=)sm7snNc~Np?T&jt4W-$ z4&;>cO{R8!hohZGg-WA1xh8d`t(}MO`am4d5=L4(KZV-)S1^&bcK%sDy4v|hnPLbj zp!>D8^Ei-B!S)xutE$gc(KB0HEzaqVie6<11$J=4@*EZYh)bT%$yy5ic;X2nMA6UB z#$$$l9Qyh5D6A0u{M*paS0aTKorH`=7I+npetsA9^EW&pd+S8jld3q0x$*#d)X%Hd zXU&$LBP7YcpUTO)itYDAF1!7`>)W-Tr^Pk`W4P@%5+lL?2N{j}=MHNB)AiE+-&s$p z;$G%jj9yxQkXEUpFQkh87Qt(97ZK39nJwUoU1;g^BB!Ob^m(&Sq*e;TQrOr#`i(EB zp9kQV@(7=Yh;q1+SZg3H8@V%-SOal}dt$$8si^AqoN`XjCLz2DgbxOen% z^z}hFVI$@TtvtA_z{sUannC%paz-ff>gyX`qyU8y94xE?A;Ly-Af*|hL|+OsTErKj zCa^<`UxV|pz_fretoM?AxuMihD6$v;!SoZ6Z$bYK&jJV{Hq1U2FCWqyR^uX(hfrb%D|J>QK9jOVTZ4}fkd6kQaLm4d zpuj~58vHuwJ)l0GR!LVJ2t7 zM42xV2(@RMwxNAd=mS$ip>OJe?V(hkTXn5!9X0xi-Z=Re+RFK2n~m9c$?q`#lIR&i0b{=NdquJqoy>ofHC z1MSijgzCxBZEHH#-|xne|7+CWFGaItUv2&Ubx3}m{=Q;eT7Q4OUE0>)k3kYVVMqG= zVhrQIrN4*j+-3^Pm8n9SDLiwnmnqCQ-uNSlV229)V-cIq;R`!d;4e=r@TdOaYe2FibwWqt ztV{jwVx`8@soIp`iY(QM+P zWWgvTJJa81t>Fp(Yt`RhgV_5d_0-?L*M#|lESLKGg5wWafBz2_PZcE3Cn|YTC?mou;}ZAdp1jAuRDRJ_Gp_5lZ zkl57~ECCw7iGefwTBC*E8M%c~GE1CbsL{R|0Z{uJ4ixwcxpe0cOyL>PcE>>kB=Yb(L!yWfL}HRYv|?!o#`tD_epW42_RtZITf!OdBf zfIsS*ZYW@lav4hS+cjCS^>h0$B4|D>aEqejo#95V*Oq5lH=O zTlp%GI#d)y@-W=ST-AUTLZY}fI3d_}zAjSHM6-DVu>f>`X?`pect(p+Zw({P*mK%q z#+YG*2{P4tt7_5wtLBgS&Y9>?vX5VsneVopSBTzwW~i;UFj%&RH*Kipk&Z;*xZjA= z6kefPleQc3o=c45T9&!pQ+uuC*~B~vXqmPk62K@u@idx>d?EY2+HkNy*JDDvm&f7=&W~Sl2civH>Nq(cwIkm`b*RG#v1324Pi#}5pZK~ zRnP}t8>fI4y9#W1dYI6D#jn5%b2k2r+>&viSPF=a_=62MV8Uaiu=lbCITOJ_YSx*a zWCV`QHlX)U_d~9-2b6Cnlpkr;WK1UOcv201R40QU!olYT85Ne4yDVNn`C8q{0VCH6~pz@hS!`ne1e|H5kXg8DDg&Z@O$8`(;oB&I^-$RBGsIfq&V2|8RG@q0z<--55hF< zUy3jR&E?MbE5ukv#8`>3V<%K&hd7315Y0fyLd;mqry^j+5*AMtygx=^#v&sRw7+x0 zq%Go^3rLy7X{Q$ZrKE@n@4F2c6|(`2KH>=MZUY)`)>DgXv4>l7{L&X7cZgYF%e)FE zcr}TA#{4rd=_Q-=it)&`paKfqZu-N2{fqjiYxl0x9~mC{iJ$*b#rrWdCmZx8;|zV{ zcHgR0&Wo(IWR-7YFmWz+muOs9>z)}kepTWDjlSq1Nz&e?w0%*U9@W+)o|4IaTIAn* z_2f7h)VJhw7*OtJ3?s2s)bFbhGlheA=yVRkum@589}EI+L#y*V-T%Vyuo@w}9e9}h zunP~k1z35(seM;r}E>cvuEKz84;9^Atc(=F=%ae80j5 zh%=CDL7=0#w87)J41gd!G`*3X$~nKJ3BZ7D*#R)za;yg!e72c^`FMx?NvH6@VGtm^ z!)ON(e=N5FLIzRxB?r+S7zF>P&F>p_R0?`nEzA>Qm)Mr4&loEt=r@>FNX5brk!ga@ zBXC1qk%9%U3z8Q%I2eIw0k{Fkrs6OZ2Q0jVh&*Ik3ymHBN3N+F{BSMct-WE=Y_O^} z(|Va=TJN9@0a-dFbfMkZ3X)Ny`7p>H5H}qjt*ONudSqp#mQKgthSsTC&4z~7YAw8R z;i}tUa34%u0Mk=&7uXt=>8;UhtQwwP%RFPWZK^PICD!sp=kUS!xfe_T;syprG=E@h zxR0$0C)V42I0Jpy+bt)0^yl?ppxTz-Zf>_9$-iP`&7s88Vv7Rica%RJd|7lF&ln}s z6%Shq9`><+DjpVdo4awCS`M$s*~7z%xVe&;+Tms^7N9g%Lx;aHSEJ1MwvalkbXSaQ z&+cAyy+0RL((07X6)H78xg{HHV{=2}mWI}e+D+5&T~8f0{hVCv`J9EiZ(Z9qkY*tD z7L2s5&AW-I+7_rwqjd6c`B!HdcOhyjX{n%gZUXJr*RkwhY9q+vC-i*tx2z%YE*q00 zS>hE0?hguuHzK_eW2^VxrW`GPBC_G!a?3aI+t7NHcI!}YL?+cF?-5kS&pe5quu%sJlKVEOoY<*bPnX%(>ds#+|J=7 z#-Uzw((tJ#4ZqF|VuCwc=bL+`8$Ao98e02kw^r~0p?uU5=bLj>bvB!4N^HAMz^1~j z?qjst&^qYG$>vTxAxglI8q9YgxkYEbhnf$PxOGz3dwJ=u{S`G31pgp)qKm)8gWbP8 z^JOLuTJ)K~e&(a{>7Zr8fU=AqyY(|Be?x1zcI%nxdVOX+pH~dOXvFYqMhu^-Ft`mU zMYJRb<3%V#AYd8?=E+vAog@LTI~bBc#xOJq1gXWrRc3XKBo#>44lws|iqNh)xVCQ) zoU*y4<4FXlWf}Ki76hoGS69&0alsY#v<)$r;k$R|)^h9O=mP~zT$qlHhWXQut42jx z#(C+gwT9O23*hP|D520gyJ3A!qPI0xG3@Ys#O&z4HEO!70_QcR&ie(ki1L$ajgs9q za!BAjk;MNE85}6iM0wisbHrXh7g3!MCOdgf5%6jhJwQwKc{$cPJ%!kY8QAm{AOZ)Q zUO38bfh{IOdBCdC!yESXK`cSkkl#{?WrBU*kHF@`Uv4graSi)=Yq!!}vZ1MujcoGF z%aAsb!%&wJ(UcmWF>WyU;dhoh{BURVQXo(RUQ&xQAl`UmK9K8z-a#lRglGMBvrMCt zaO4x6&|j(VanKr7AL<&^d0j3=U)p8=u1(ix_peXqb$(9&1Q?G>*VkVGW2d7{%O|?* z9~AcXcn=5STF@6rtMloLaZNkrUu6Ckr0c`{jp=->-uZL*N5rXgqL+V+=yNfn0wQk>~J<&z$5N@2BDcmUb zl-A1Ec={A5UsE1^=WB3@v-F2Y{LL-AI89kDX zRKh6R^Cb%27I3S(VoS(z&!Zf7C_&loPy`1OC8V^50_?h57vXP?HNoko4fYYd=x_uO zws8b7PUxh^N3(0~Alf_D=vofxP3u(`zCpeUt8i@WgTs(O_=mg~p&c55F$?xZu{Fi% zsbB>)p$O_?Re2hDi+6&70}CO-fglp^Cgt2k5tiFU8N(FHI2xdjzMqIa>-ic5bIoZ5 z;($cG213ydd#ld#y5^?jv`KZM;_=hpado?SU{$Rsjb+w?V3c^5Nhh3o)+H zf&!liM_XwroD&^n&7nM&FB>o|Fhd}gjeN&hlL*m9^kQq43ymK6EwQCDFQ-`J?Rl~M zZf1oK?dCl#M1MnYd@FLKXZA8toLsurux10ggFE$*7g2?4lBdGbt55d)YfINfz8^}S zg?T@#D59xZJ;K}u)eg?nP5?^Gq_+4eyz|bc7JCG5Qd9nhY#9@$t!zx404tI7YH9JY zM98lpJ7S%TKoh& z2=`N;mu((}L_7Ja=%0!l{nJO(KY^!&>l|E#seQV33Qz7sc=^$Xce%=^LQNgqzqs;g zIZET;e(N{Y!M)VDYmry^)Lx9DExH!?%Z<=_IZ}G^4pBaZlMmX;CtMbE`T|$?6bihi z#s0|iT52q=Zi0YUlu+&A1-l+GC#peatBWEdae3RR-W*xZm5-y9q9L{=a;bSLDs@CE zB29*DSI9Z;b#s(h1{D}jf;|V=fPUwp;=?Gf@~W=@YY&q+AyUP@(q=8T6--PpiA|o? zGEJktDnutEd$f9BlNLklt*j)FtD8-!t$I;yrNyZNLYX|tTY$a>le2M^i<=v&D}=-b zom*plKbRb7e_EMU#2~YUu|}t{$jMhh-+{oTksE@^3vy5<=b*gN*Q|&;Vcf53DiLU$ z#H&`8B6rH#@YO^z5Wrf zSN2j4m9`?^#2uie=BJozZv`3a8~yiHOC7M$;?2nFbT~c3`N@2%(5*n`4<``96I23f z&D@32Vn6d#qQ!U1eul`B1)x#e3I8p;GRFzKXTOIjnOzZFrW4IBfFT)Zj^Z${CNbTo zvz$4W1rNLi^7I`?t7T~!>M-_KZA0v~NV%;SyBiKU)=BA^u663!W({`g;d=HrmtZuW zH<25hzC?1cUvM0Bh9F8a&)uq*rdQ(|p1V~Ytr$JJyjrn#d#ndw@`2~n&yVj@C2c8aux~osiAtRd_vbbY~TG7D@wRZB_&h=@r3tat4-ZEfo zPQrXlxjwB9dVVlyhony%atRjk>(r;6)7OR) zYIs)8RbcYRKRWUQ&-#9OecFW=a}fVieOhFq3lFWocHv=2k3)ushgm#T@RMNsG`1NecI`LJiu`OYy}LzxKn^3hEaI! zef|@D+F6rrfRI7_xAke$&R4KNecFy+x%#yHTm=h5rDKz*)yoJXQUD%5uKTmfK$MZBogaQN}4)O>wxX^a-X4jHM> z_#u8pr8bQv*)^)v?nc5Zm`62^-G?L7K6pU0CVB>>RBCms^gmIlVNiwUVAcZdCoDcBb8z4PokeIgnq8)E*sMTpm3DnpG@x=2;{ob z(B)G@*W%UCDQxCw=!l;08gIA3)jLQ-SLkTy7EDjK>U@Ih(lfV=X{ZzFA( z*{Dlt=xU8A*C;|<^()%cS9Yxr8V?lrRqE&3Kw;AI_^&`ecW=7BuSP$2S-QTjMn9*e z>-%c-bB|-MrswZJ($AgofDf^6qTlew-W7R|l3h?=r?OCEXY0@gD8Wr(sNoD;8`o?N zB>X5bIE2el!xpP%=<6byT?jIPVU%CvyaD?$TizEnmj)lhX3fIaOFYutNKc4$AnvOo zZl##L16fYwI8OmBUL_(M%Eq0ZYwIy|7 zL#?CSF>Z9n7~Ke2W_yi>cW{tSLQ?XYwapbzG5$$fLG-og@2)xLf2qGainNwSQ&H%T zzXJW;v%uu(`o04F-2&A2<@9%_%YN~|&(R8ghI`-#iUg&ui})dZJI;lgEgq=ZLa`@Q zbk<;ZC)m=tM#!;EfJ{FRU`Gy1mRkL&l2hbP?FL66NtXM}hTz(Rwq^m{hi zad)bcP)3eT&-7b(PV4d7&-Lc?T)!3FjJX~Sy&dOTr1!uip1FPCeTC|(vTdF2B`enHkB`KHo5Cg5F;#enOPtCT{t3z4=%nWuthg7A;r zY2M}3T3e~Dq^?%M)+IK+vk}xl1z>|6Y+DWyd>S7T-@apy)H=pRFphkGTw$sQ8M~INltJ$M#!tgqpFD z9zX#=I||>(nI4cHYJI~6>1RD4Lx2{Z4oq5h2kKh~jMQWRfS$KDyVIY6-vQr{KRn5J zlVu2M4)~@%u$adT9B3t4_Dja4l}hwLf3)`!O7u_*(L?SBAblt~nQj+#B#{}S2T;T+ zII`kAsq+bZf5ihR4bj8=UP|;(Y5W8il6NI_*bFd)5TBPe?$lyW3Q*qTUxubAcE~qQ zhX0q2`%+@`>4UVNycTOlcI2elpPSV>X(_Zz>JDCQ zIh_B;mxjiSFN=f`Z2)&lT!;&N&F=#;5QGtZtig<9B*m~9Kuymk`uGudcpZEm|SLZrux<|0P~mvm1L>}XF;MB9V>p|#yv!&_XMrZUue z+4yiT0826b`NnrIS4{u-TQj9^z$au!c-?EgEKd{SG%bk<5Wrxy&+w|nVgF$WQrH(M z4L)I!o=63cNT$V1V-w!aw^Ij+AVP7M8u66gex4m#nP}J&}o7Q)mx`>9(E(D z!jSy*08xdra@Nb_C%xmr>_;BA8ae2NtJy&b!tC*;Lj9BK2?ZIG9P=jtYE={4wzDhBJcQfWEgI-}jOZ?a} zh!y?b4GrzSy`gU|hif`O41s7W@)vPKOT4MvQM(V`(4JdZJJ`_A#brbPwY#&So37%9 zR=2Q*lILO)XJ^EMF|h;PTVS^!Mdji$%p12sp>g?TaKVQD@hvzRA{a&tAMh#gsuue- z^5X7IWhx=q7h89dT$qCBzd5*%0zrb1IVfhhw5O0v-klr9bo@QjL<%ja{&hk_rYi(KC8yrzi-?7_oR0FH{aR6hyuj@I|=)DbvUt; z12d09<+OH!Pq`CT+S$X~BtuVRAT^@xpccCc-9=wu9H%Y=pU9rrv8rM2L}U%Hohn(z zBMZDW%RnIMp9Iocz0(+ibuwLZ(uP?yI8FQr3YVvM4)!*Qx;6w)}VQ&K`!Ci4}j$d}S zkJ~vLyStmayYa5dpIt*rk-{?IVkp5!j4Cicfemgevn0GwC^;-#vR`l74{zifvWx?Z zRMZIycyZx0gg}g@x*TtTJ;^rZv6h#ZZrI-zDMU2d-x6Cm2x&_2QbvY{e7fQWxCK9`|zjO zvKe#9{bPSGHNMg1cirgL<@Y+{%@rNipBy(gqd&=U^E1;o)nk#H)Aa8Pk7riL?WM;v zq08^O@vSbu*BOU*{QXeJ11>OgyyFIBq|@v3hle_xzw~$>_;**|b>pX9ey=lTb^QHn z8_)C0yXtSL@g@TDbPkWY(cIAXXv0|h;q~gFiG&~PnDZbX>kXrW^b5{AM@sK(LRe+1~ z+=E!hZ{UOY2Tx!tD*Cc?s^Db^R;W_VH+EhE#-)oui*Tt%rH<)J45=_!mQfgooJgvZ zFw+z_rzzCGL%|mY12YIg)?Q}sao9%CCn%%g+7LW{LhYpB1Y-+pY*<~&m_QNKL!;Ko z`ijz#Cx2_y=u=LWK4Um%oLa`NPV}ECR&?lW83VP0w}8XMd%UfU1_QJjC}sfolHGbk z+ZEc)qO!vsoNf0htgYx83HS!NvnSwFXMSIUD`h<^JsQ z;k=Y;Kp3qTa6AKf$?PC&DDhdi?4_ngNi4DR>A0W3`qK^1_OH6J!<+y3FP{|(Ds#MHhj|b*h$`|;@9Cgeg zJDqhj;w^J*;Ai|JtinnYH)Di>Q|jf-L<*;H{V_MsH+V7fG2ztB{$==v%|ZA1_kt59 zf#E;j_(vgXYgk>RCu9C?+@y(^p9eP@sBdB#?>F!l<@eydo_f#^LrCOvq9|cbyC?4O z11n{zyLFJ*COLCo1h6m^%}(xbOe_2z#VX%A4Vq+bxuEWA(gROw@nidY8Th4c>+p&f zVOPWc94+>jd`jdHcoIuBByDwj3|2pSsX(lA-c|O{A#09p5AE9I^5}Rt>u{Q2;UeqY zkbPR=m6>YfgsD^Q@{Zwd6lUi=0A~=hp&}0v_kl(UUDc2> z+#Rgl1V=A`@L}`&V%I9ae4_QdHXJnfchlkvpt>|yqeM7ykKe!~QfJX$aeBeowjb{*UKQL8%t0{7aQrRp_(d3> z4{t-sa`?>JBJ{(76HBXOd#@|BMmp=E#J-S6&k%W3>2iJTkV|?Sw&y z1`73nsm1#Or6{>V31aXdoR5VylNc5{Vt46e;Q4O>!e#3%jeOL#v710{`|+NJ0F78; z$}Radqc5loTaELD`MrLuIcDz`Jl-rD2-lcK4%6-RQYIPBR!WxXh*z3Ap{E{SFUJ#f z0TFSY)E{BH_=jF>)LWYPh+e=}`miLU8U^$`#EVMoGE&z|2cj35?*Zf}QJWW0U5aht zi-tGhIs#w8CW%^vC|%?OlDXghUI{XDCj!gmRV7LgZYzfnb_Fn=QRYsC&a6b~y0zRe@~s$qY&_M;}uF=gd(VkLQXTO$b4m@MsQO+`(;ZWdfqzYkRJGO$o0 z1gu&j_^-+z4DMa!3qpUQ#r`DF07Ps48c*8toBj3pO*~Qm1`NO+#iNwuIxa>+TMl%Z zu>d~beEIYf;HHy#r~Ru4&X|i*mi6qbf0|cLJT$b z95pm5VxB5A2g<_Bipr|9wD=NkIXW&GKnA?1S5NRO03!CBv!oastF|XtMFA1LDqYZu zF?-xN3M+)t(ayA3-*)qg3-JWT#?!ahsoR1FJ&h2YG@SkP)T91J^xOF1W1qHJ$9d5m z=(VQ~Z{BL;bx-%mUOTPyEI>;P=8zb7|*T|go3eh2}2L^5B(SL>N zQO+DLAi^4VG;?e4#amd5cNcizM45baW=jl7iQ@9%&j)BSaTkT7LBNJX+z7}`+RPDH zTat3Bp5*OJz9mt}XeD+$N(<|0A^}i89xw2tEOl`T$#>ZRhZ8Y8 zoCp|#K$FXifML#!eSq0e%*Z?F6?uV$*oMN4@P%n{M-dY*kzLqbkg&N}ZRmrhI{q^( zfO+eOoMIxBB_68iB7QC24J5@Nsmz`7l$`a^(_-Z0RY%8_0@vF!_hf$*;a| z^EbT&WxNgkX0z}&aLBZo44cWhuC49aW$r*k z!cZLaN!H~aMCC%nRah9aH>TO)ujK?1=^`8^IGU3Iw_aF`9L22%It5y!hv*S5mT;Pn~%}e~DW+RY3MrFpsMVJE2hQIxQ5CbdA8m@`` z4X30VGPIwPf4h|MEy2?cO-S<)xGUlbeBtE?pfJKj2AU$nyi=#emID^hnkh#R^fx_W z$$(zc3K-`p!^5gKds+1jnR|2_0|^C!d6E9yo^Sj>vFZa&gkr;n-EC}`W`pu+e38Lt zKXxf$7kst=H?A@e7Td#LXY@LLwnNVmXM$Hhz!+oTVjrlCA6EU?4zS`NULOxH@$p4k zd=N1(cUvv9fCId>AGbdwxb`L#WRZyj+9OjfelKysKLi)Bs)NdSIKFt_y~ul?lNVwq zaD+?3;H;mZVZA zY=g3DaR2JRKo4MD1A!q^Jvqzh4Q=ny-FhHi;WgTMh&V0uaxHt_an%MeA113C!i3K?>WDEt2IfE<+ zAJ&*jwwSuv|2ura>)DlLbrajIZ@Lh>lo!E(5lCH!qrzuCT;cjGuYw5&R?X_KEgzY> zv8}Sc?S?s<11Cpbgn)gyFQvED@4G>}=_J%0Oy)H-wFR2AA05q>u&32(oBfeA&aBGL zGAj6|jDNm`Ka|k^>Hy@v2-*#cfZWTrqnL;}QZXg7Bx_(DVGXeQTlrRBtB=*o%Cov# zIaaoX(#>fQI#Gep7zYHR)e3~pPlFI5-YDCY==ZGer{O4dqytB56dcXx3kQz=m4>4$ zRX)Jc-xVB9RQb5{zQ~7uvT!`s;*rAcyFr&6d0mG7iZoMP?$_X! z83|L%xRp~Vw-Av}?k?U!AnaF40z2j-5Z4;#$T>(+ zdBu>AP+k>fRRhl|<<)cw$pIM@pcezJzM!M~5MeQxed4nk$jHy1R67C6t6>~pgHm2G z_(M2(r@$2*b$!wNt8fFbUvy1HS<%6kSik14#pb{m!L8a~V3w@RaA}HwAQmc`z46>V zSRVC(^MMZ}h&Zx9dXLMPz)3tatKZVH?$JJqZGJEMfe7&5HCheKNOA~-;oiFm+>q^@ z)ZWZMI?&I$+Ofx>(xxo}#}5@5q+OKyv8+xUETnEgd!g~0G6jx#Ts0Yyqp!iin<$PD z;z4oL*ECuGGTwRmvo>q6QpSAJO5lZT)vm!hhFedzOQBIA4G@@|&+G-T=vH7+w6WXh zeU*a!2T%>p_a69c*nykYo}#^PDY^V&M0F=Yu1A+>K{W$Wz-YXB4WS}6;>b%0jL;yY zatm7&EJ~x?I4&$guDOkn2#~d55`bK>b&5dZQYaS5z7!gN#9^{aNCf8hK%%6&aZt6B zgL1<+5|BvX#<&Z=T0d~`>AV1t>HfJSqLH3@ z@`ijva|$5Bj1)&D5~WmreU$`sjyh!m|?1b+Ki@w>EP+{k6|N=b!9lCFMFTT7KJBNSL3cIX8w=9o?RdH=T%GG#pJkmEz``E#bf53m z*4cD>mfG*+?r5pOU*9a!Yg{APu)55%A&n_deCAPLUbPe|8m%VrWN4!m1i23gi{xQ%UG4>_o|a;A4p~g z6K5W%O5hy2>Od%UCae>m3nf;~d=rfw#U`o|H5{#>Q5p#2IJO|a26xm3_RQ&R;R1Wy zH;1ZAL%#jEfF5Xt=dKGe5(r_m@t*+ufqz!>pcsWaQkZpl$S-K3fu|{vTgm^_@wqP2z~`xao~p%Wkw-^*n)y9Efe8TX z^{;nx@bjnu3#>GXF0rjNUIp-g6m#0wNpPr&L&6w$$W~ks)p`^z=LwqHpu6YIyC4hC~-cn*jo-?rO zh3F*CG|D`qNRj(?CmLoG`bo=?Tj2fmck6y*`x>#;xb1_SEaTfa6dMW9_)J@kXTR;* zYHZmO&;b)){;F zC3V=TuR;fu8lAH%2lmOtM`h{<3>TCd5_VAhD6Ddv2f6z|#c`ED0B6=m5vSh_V$oqd zuk-`FDOiMvI19@2KG3{!gx2L{IP^Y~{Mr3b^9Z(z@y{rBbj|8uA_KEMAnkPB$Y>+jgV z3eJ-QJD5*|O0)$(;yYR8I8Tlw_$V;KTtH$#siyY$S)_!8_yqK~YRo+X(PigMr<;8 znoAp6bfjTvuU;80)qx}+_^lR`3&>#S3@PpqRkIf7JM&$DHI2=>PmuPs*i(2x0m?Sn zdbF7MV4RZVh8o^IfFShF#OjF?!`)8fCC`aRW!iZ}sij_h6N{#FKw00aL~#%*63mfj zl@Smga$4&W8eZc(lsw;V`VuzX@b-Za8o_^1hR7siH{%SMJ6*bg0Xa=nC*UH~um)Bi zdowB*dkc|lnuTI|fn5OOi&b0_MNs0Dk<0GL2HgMwx+HCZu?Jto0;3g!s9XZ;*2H^Y z^t9Vnk&NJ2_Nkt#0`}0VjE<}?R-m|w$q#5)jD*LALA9D;eSwi_u`$>N=6z0&V1Mxx zFp_sfv3>xrWR{tapRT(UN?02kHoYJR$j|HN=S+t61%xB8ebC~+!7o4Iic*+j zG$Ca!gjzxM`yk5;C7JhFUPz}GIlJS1bjsM12RO{_JJTnVd+W77P;o7a=)W3i^N{j3pK)3Faj zg#|8h(L}%V72wagVm`q+!$4H5VKOA`@c%i;Jb}Gz~ zXrOY#E~wg`ab6aS$&3rU!e6#$KzTh4;7Fa55LLj&Ej_TCdwxayK>=ksH~R~80Sq@xo&&@T2e!bf&!UxNc2JcO4+;s|@0nDUo}tWND+oAZwMz~aD;gZz9Jz#}p` zUEo47<7ihPQegfP7zJ#)r%?1sXPcU1SqS{Zn6qtuqCn8i!TbbRnA~A!DANkv;Ud5p z3;_vLOe1CddD<;csR>alQUc5L#w9yb4651Y?y5JYAkQk`()ua_a*_??*;BvOnL z$9eGmKgi`TKqidYGxyO=YIlr@$pK7@Pia>V%_r2_C~m%12Dcz+n@?=x<^+O{og+Kn zId+X+yDbOt2w_s;1z2FTCZV0Mr+6HlsQf46K0(Fdz$xN0S^eA+HvQrGeG(_8QoC&p zkM9#bGt&n}`lsQs-3-Z90F`ApncahadWIc24#iGb>Y1N=U>K*x-I35a6_dnun1Ft-~6_;thVeZrBwqb}!z7(_ZrCs47JNgejMC_#=I&HUA~kM)qt;+CpNgYat=T6Inb%hzxT; z*3$#;tJ-X%35R)jF1kgmBrM4C$jNwUhC3K;q+feXAso_9i7X}oB2#qK z0)Ao*-eHoC$074^4KY-9MZa`y90YDCZ>|+{3P|Ok&4*A+SSFLwNI<68ir7bw*dkB~ zX)>Iek@Fa7k~P%bJ;e9+-i6V*eWHS^3G~W$`=SHDupmYO^w&q2r=zINZwB+^rMBoe zyu+jhACfJK`LIa|_gi0QzsVRWpU`5zlXaric0(DgIc{sgM%7}=WNFe-Z@9lbJTCn2 zGclU%*I-!-)qJ&7_~nBmL`U@GY3UBkN@hVRB!&_?;!cdo`7^G<$jk%FJO_wt%`7~+ z{bdJR&?$---_qiB_*fmo6sOyZZ^Jj4=ya3Olp3d-OLaht&qHzZdi=pOg&B9|0ThNI z?H96J_!N10(XL~%uoG#VK@WriI~{uk)4Q5gKqFtqUIFfF9(#qIbNtqo1R4jr60cgb z5v{`dp=-RbbM{!e=;jWI5@B2PH#2Z_OtTgKFR0K%A0&)+XHzFcb>v) z@2pU|b32I)##{MHYg>l?2zvLf?IB(R3oRIqdJ8B+)*3rLqLyFTL(DjXx+7%|aogS8 zMu%h%F_Oho1-%-T!l=?HDx$&&MhzX_<*O~aU2ukD53vL(+Cyx^@0YcQ_>IRN;{O0& zw1+?^ByhPeimT-j69})ff`}eM{SM3`hFXYG1)Q%?QV2P~XF_VkkBsj}<+KE8fNoqu z$QTd*t({@STBJkm|SvB2*a2>JdMO9YRolv`KyuLeh6C7}4XY8Kbt*;l zlz3Nx1k9NEgC)5|fj|}ouqI_o~|+|fm_seht?jGe_lxjBGnywXX5dj@~O6shIS_*Ev4DXd92b%%^W zTMqj&ShwtDqf%FOVD}BMgoW;>a&L=| zC${C8;A<1zh94_mXcEtTTR(+Xmcc>|a+bJ&rKa08k1T*Joej9t6zK1ar??!L+wPIsqR2*1*7UB=Ch z8L(ZEBbQlokig_dk5%*efDAkOSh^s@uJ$-nsLvWezH5KEJ^hi5){j^jI*@N%it8YF zmY|{Cdqmi3A<{Hg>k}r{W_$JS|pKp+-AAY^|9N=eY%uz~`in?3_o+cwv;gZgdrz^bcPn+iYyW-Ae{IJh8dTk{cwV|*16N~Xy12= zB`GiL*mlydy8iY9PS^JzPTt_GP7etiNEFgW)2k$v?mGL`S=Tw|=sGWhH&wpcU?O9P zW$qAZ;R=J*Z|~r?067oY2CJ}eJv56|56SQ6RCW-_SKJ${Rnw-mZ(HexU0YA{A2Pg- zyDh`ByZtA(w6e23Vm7eY8kj1k#~9cnT8!O z?SU~=FagaOqC9>Cp-CfVAZ#O7$`Xn0!^u1TAA4^C9#xUOji-||1X*rSA`tSW!axx! z)g85;D=-RM2C>P-hqD)6!a=pL!6AU1GB8y9NC`N&3#}c-kQ|hlNROhvp^MOR!FS8* zBtgaUx^s=gh)uXxUK9{;Dj3JE4rG6WH7j2wlpbi(qIQ0Bg+@_8fjw59;=)Owf zb9^W`0au7eMf_E+je9r`?G`+bZ%UeTYx8yZDU^-@h?hZA*|i991+r}gp9#GR+lL32 za;*(2Ted56!{js;TY#GL2o$_f7PTx~GxZ#C5DHe_xy3&7J1eX0C4Yx5|

H_m^I<%l>_B1 zF}NFMb(e2u0ywaPKmFGxme{PD9D`pl7)!Lv@vRdG2jhm?8<=r(t19ocg-IMD*K9HA zs5x#6Mnee~4s8MyC|VP)A6+v0hHE(Ep&T5>f$rk)?TGW7pTYeHF8{gCz$8JbSU4^_ zGLL$9ryX_p{)h`_IVlHAK!$&WHGX4$W0RKeX#C98l=3+40_-i3`^byQ1Wy-73GRD9 z%j1@QhgeUcJWVeE=Y1-|f}*F^!Hjlh!5oH%zF;LROUzt_VFimIFq%)f5Q~yF_1V;QF#Cd+Ly>X$rX|F1Kf$0x=x*3)C99aRCSy~m4^IQn z*i@(eDT~mQeJjA|tDS*-LD%NKS#s@7xHf0LOicBDx}$iBM0TZ?aFjCmjk(ApTO)14m#9GQhw6 zJx9UOL{EEsrg(8jQ!|Q07#X-Uz&#(nl}?LJ8Ma?phM-c=!})<< zn7U;B+Fd9+AHFR$hD2>m%jn9^a-rUY{m?(claPj-98y>Jo;4tLQW}SXP)pI1Jy=g0 znpgr-fC_Lv>WN5bj#$!_Gc%436UFq5wF*zZI5A7)QwpNjnWoVV9E*yWka21zwsDOF zCr^fFWS|iJSb;K*)3I1F9lL=Wy57O!6sKc3m=3uID~m3p7t71J-} zWGr1w&jwQ??W-(;WJ0g=4#GWEp+P{CAfrCK#W`-X85>JTi0w?6zyURmOMHpsVu_-pW5%-sqA9& zF0ptn&h=lLkc%A_AzXX@QR)Ju7i&Fc6z>l%O0Erifd4BByotHCqny;mDNDzv!dG8T z>X?#~x@Yl?NnNg5Gm6yC7N6b3=fqJrh&f#WqHs=Eif?>vz?bI3`XMMS=5)-0b2`c< zNCA5DbL+riPAaErDi%Z`u`%J0hd;lM?j>g&SK%ws=5>f^2+z>qoTkH1ROL8Ph>7Lw zhxS%>982fo>ul{eY#bCBc$P6BMXQnlm?16e%*k49PYY(j2~@hxb9+dUryqs` z#4IXXd(+5B%%W1XXTlkIGG(3SAVAh>yp0)FYS&*D1|?=u={7HCQ2_I~0OQ3<2q9$Y z(YqizXHg6BEh}Trq7t8$d9Q|p$2o& zGNq-8tt(k)DbOLxd_O!TryVG9{dz`3T9lAK&~l zB%`oXRWalgcB)Uh2>JNL>ry_ZYyaX60a2D+C?7FB=S3fw{ZT%0P@$a)_i%7!L1>J% zBggXm_SRy6_^-`Wg#>`!iSB4IQ$Z#khfJ)}tyCCC+<`)2hN1@?g>{a)OE*;U{3l9A z=eQSy|6We!!80^e{pL*D7Pd;A(op3L43~x~XQ0(^X{dTl8Xtv?io%Yb(lq)^I*$%( z+T&d)_*TJQC5=^=gAMM$Yl6{eCe+|c5!(UrCyZ6s23oxb{g4JcSP2L=EZM5~8Pqp>PR8mlt8n8vE-FQTBcyAch_ zM6QV41IDT?!dSIO^T%Tac@93Lm~GfjH6&c!u$`)pwWg+>3Z0#@LYj-hcB(y%uv7iA zUD~PkX`?WH3K1M(r&@?bbY?rTj-4uy26Q0JMD2W}i?maRk4bM-<>X$T6(U7tL z0+!;J3TD_A95z$QO=++fLzRY0CS5H8gT#*nD#U@FJ#iFPs1ui3X?ehIIrX3vM3o-OPt<`${nF&1T+Dq z@D9W%;PIw6GOC<#b_@QBI3<|VDn*?{4(`+hnv{6IY_J1Da{ZUN0z=~AH8GVYrTy5| z>h6!3s<0nV?v6+Od_O<@tmQN-CV|r|UYXYt6YO|r|65a2CRO?5fi*G8yq%<3=0Ro7 zXyh*zoLAs%weK)ia?o>wx}>Ta^k1$D5(fT?N$)MNP6&Gt4rKf;|0ibbQk&Bd_~>~e z8-?TEd?XAO0B#tzXS~yYGnOj1d&Ws45$2=qUPLU6zx%Z03n54Y@$%WGAwz?gfu3_0 zLao$U9=x5tn6xn{g`t_@=#T3*tH`2yEFxf;?0v3?y7HLN0=MM5dBX z>8J%*CvtfZXa=%F%M4tZCuk3;IPS&)I~Q{I)O?43@NvK5P;-x~IKlv@?*s;8yZZ?! zCX>W^SpjlG+uHaMoP*z^g-VjsXeefBMSDI0#bT5ZTO2qoKW(GKceJ@OyECZ>6GyJP z+U2XN$y4qx%~K|p!lpQ~#>w3c`>?UR!ls_|?Lzr~^qt&1W0SDRIepbN&LfqP2A1rY zgUZbK$MBK!Sfcn$5ufSeGh2L)6rW?o=R|xKK1K}U2l*&|EC~O2FZ`o4{9{A-M^*U8 ze*C~m0NJP~&UU5)Ar3JD9kF2m!HLeYU3Qw%sIrRebNcN^A@ThXKgF4O(z|8jUogO>T`lp?p(e#=??CcA~PhTgWaV2qV@7@DKD4I*xXavy^6t*3wLv zt8nmQIkH4Q%KX*)9gL}XcU6v>Agxt6_siQww^o(XT9sfEdBRxreyEFC{k-|KS2+`= zJTJaM`>NyKv`~Leiv9P& zfOWzqqNLN{mIZoRAPSCJzdvn#R3UWi@A7 zVakH^rTIcdvWRmg8q$Ae?RKJ@HDJ$@QxBT7)~z#5TGu600n)omz&?2vS`nsXOTaiz z+)DAyKV#x1Oj>M@tlU_dw8rum=73qvnN=XE3J!48hZ42JHTV@pAKEJ9LD;0V8c&8v zi$c&aX~jpFwET5US~tT!A2w;pbxGZ-HI{a)iL8ASty*L2S+#Hk0*)b|RqJNcsx{YQ z)w=%w2CLS5vdy$=T_GlT@3)VzYz>7ZqP_c_1b{}5Hc1s*B9t*!qnrnn7PKx}M~I_(xfsHN)?5U0yootzeyxPWMdxkHgUey!G6Hkd<=WUJc7Sr! zRID$%Dh4M4DKf9n?B@a__7rsmu`~9V1IB#b+1iUrly59VDQb($VZFb~_8<(VDOwQw zP-)=yt?XuPJnAa3JnvOx{ZhHI@sAFu0T=2QB8|*MqgTl)`5R}h(vJEpUNZJX#C8S- zT#1wZ$bgf{CT`8R8~Cc4sBCil`QNV5e|@FQ9L2-uf=&pGapibdi}!L9vSg`W%n{#_>}Io3U=# z8q>wzHVmIQK8Kb^gx`#z(v6!7A%_!iR2*AEiZB~dK#Z#0AkC+-N}+HO1d|hZ4MpKA zXthFRpNv*{$QUn`rCun%eon&;D@;Qi*L4?Yh}MfGX~IN{dje@_ zpq)p58W`PjZNCfeaXgvLFK<3i?uJFH%AK~~6&R6%+N5Bk=$DYwDJI3->H$G6(rPT6 z$Y`WY!F{J&9M@UsC0y+Q3%K_yg)>l)n6qGK@8qtz>Q;~}2P451Z0t|ZB(=hm8Z6og zUL0^|R!weA&nV2-%Y%0s1bZeZS~KV)xT=UO&N$jkl z{QVq$i!BUSh5FD-Tks$US(^O^a<3PA#O)ly*nhkzKypM2wKEbaMm;vMCuM6R5RK`& zBAvt+(Vr%?t=FG|YvEgNGGIRMbJG?h4AOW^@Z@UiOUfsn56P1w0`@=uE8I&ky~1nUYin8n zpKHSu_F;&En8O(}H5mu|yb)RcPjA*K|3bt>`DrM>4Swq7Pm|?qJ8?vmr5>q3hTQkG zM()o-7@{87gVN`XM6(`kWj&T73SzEc%okAO&`Tz{^5zHq$kz;z^vjoJjR`KTu)bvd zgJT+qKQtVFUj6u&HW0skIR5SR;~(2)EmGE}8exK;z3Rn}7~h;w-a-0&tasX<_$SDV znR6f?Qfh7rm8Zb9>E+^=%^jEkrTtoTZ1{*e)uAaI4ciV)$A32dN8*1h{wFGJ=N6zt z;A_78S|GouDIu^_eo+I$QD_xc+Dn#?>@H%b6~abdCWiEfUaKI-s9$p93#%r%y-PYG+vu0DWr# zR4xGx$37rLk$~d23D*Sw^q>yt9gzvH3`U4(BlZ>TSiJqqR}DP>LP)v&6MV*$*lz{7 z>BIhZd$7}QA57}|v+sdCcw8jx={MNfG}xmgA4z}7$IIypXY%o4WKTYZb~Xz3^=dTO zi$o?8HuxAi$KYeD*A3ho5eh!Ob%uPLB>71COF(yW7&ie;LiPmIp>cqG#nAx$f<3K^Y?ft+AgOpvRaF=U*Fu(y11hP3~ny0t)`v zC_vX0M&r;&A`=79XymOoxnX9L8;DSFDESNlRmBTHE>Ko-=nf2@7C=?d0?DD|#sQk; ziw0=t58`cD0zQkpbwD5g!)S6d5SmwEFTz)^9&)_%;Ws2^u@S##CaZl04bmpz-U7Ny zxDzqBTHxAH1mUKMnx0lZK0Z4d+~2WaZV~v~p#AD_JD6~nQ8ixD3om-$A3|{{0wnCu z_^QHQW~A$RUEG<$?!a_`q;cSmg#91}Gz;v0D1xvr7d1XD?B{1igM9+)`WDz{8`ZbJ z`nJL4npUh)Pc`Pu0R4&S0!gI51oS4xA`77BkUat2De7`sKwlI@1JolD(4UaE&d22@ zpsOUH)wO-ksA0}$xM0d;B|pg9jm1EhT;-iAegF7nnn^tuV?3JECw3;}(4 zTmX6)l$C&ZvuK>XsA7BA3HNZ!lX{fPTY(V*zv>vL}b$+R`XM=R^hM6`2@-&N2ZF|Ip||`-O(uv+R#E1Eew?&i^m~ zr9=XH4A~RVwyzrn=$eP3ap*OXi2=xkymb!!VOZPkmq|b|X9#HZQ2{6ul$9L17K5LK zLmQxH5>P_p06p+vG(ej-i??B+P>j5FK>soU-7i$`o&#C2Gw4IjC7^piSqW$c20sfR zMF(`1sLN^l(1NMa0L4ZEs(`ks1G?D+^p4O$d(NmiGeAR_E|ByLC@TTIgTc=NXauq+ zhw?VDrl$q8K0g|u43UY^VniH7Y4k%@tA81mMcHO<79Zer^rv2{H|Yh79ZvXXc8}NaOVginl=y#yj68#YjH|}xc5?ok+q7As( zCgJ}FOXrPfw#nXltR3c`zC$;eJ|r?}GeTuZh5bLsTfkR)F2K(cdq32Mn1@Kr7Yj`G zC-DxL|6*dEBtklk`aO&}&}G8y_08YWp(inQAZZtBETJFAz~meUUm$7yZjD0Ns25@- zzY)kgd+H&F^*d}VE)ba*jNgKJl4QL7#&-=?ekx{9omv^N>X@mb$biDwAtD*1CO#x@IoUPSK1 zlhimoGbTmDQ}v~ID~G(u?T1(>dF4Rg7%lhM5#iYH;K5#jJ~tnVGftsce&7g~^(G@4 zVtYjF<40~ey@m{mCAtif5_5*!(IU- z|L%9Q^c^2H)HlTYI&RqT)o zWL<$NmbP@QEhcywylP~a!mzg(hHLoruJsuZNw_uptavY=j+w?yX(Uuvd++%?#_zut$xs|1j(>GwX&agNm>_djlVAwu% zdP##v8Fnwjcq)Vp8_uvB8O9UfWLR^CUBfW?VaTwZP$IQn41384TgI>s4D%ad&oitU z!a@(pgby*`5Ejxyf0Y3)2K>x`n`J;Z25e@)P#Msi0m~V1r3}~##Z7yk0bOLkLIx~g zKsy=mBm*90KpX?$aFBkufUBG~ZwKyO#>sA%a!o&7>yAk5!q*)^|6x3*e@QkXYIpvN z-H}l}TU_eH@NR$$0FFaJoWA8851D#5*14Iw9a3wTA%zUyq6eQid?fO`;fVEM__~~c zi!HkCO%V9@g1L~wa8nKp6|19IP+gpYir_iCF3d&K6s!ls?IZtxcTE@tp!{W|7~$E| zPSlpzui7hz#;M#<<+mr}5j)T6t1}Ufro2)O2W)9A#*+$z5t5sX`#?N>KSd@uCnwY% z`|;K9;77`P$IDK}iNh1NPC>E(8%X7y+PVreY3S=^bQse9cpYruVSCvL!tXa=pEyU3 zR$L3s4cu)zTqGEayRzs{vyjXSAIC%B;Eetz{!?_+Np=JVyqaZ zwGKz!7#X#sUeu9o5H+23eVtLk8J#$J71@dUdIB8BDzc^LLcm_BbHb^{HB1?;^(up< z2aMdEk-1wf_&C&no*aWv%Ajy5YwDHafyd83*^EJav}$eWYNM1#aM97SVq*9SV~@3U zP2x>Dk|}qCAu`hEbs}{-$B19 zp+_B^~}S4^{(>_c%vaFWTXjoB2{)UB7KecvT+Y% zB!d90kBRj~Ym0TAAC7uKWYlhA<<1(lb4L_V#}71+^`3^YZP0I07xVDa_CTjpOjDLp z&Vsty-0cWcJ55DAQ0W1FsrE_YDQhwl_lCL^>?cz8*;a%NJ8HFC{X^S#7u@vV?ptvk z@(J`gVZPa-zj;T#xo?h<=2QL66L`bDzJaW^EMW{w-~lJ_#5)hSHz(m8FX8pzhIsl! z#sfNs=9P30e4~tm=)O=^s88sMkjMro9z!T@m%AvG66zf4$h;A_dnvL!TYs3q2fLBr zy_b;yhj*;x5RFl#F9#KG@Hx~%6jZI8aRr2N(>5n7E zrV@AO*a2H2q zy5rgB;pZ6Kteq9W4=rUMn~0|x&BKm)jL|&q*(RFDXv9JDxQ<_{eUy00x}FJ>_Or(J zZ2U%UkduL|0SuqRa4_K#R6^gs=D5jmqvHn0^`qdVpN=C8;QNc>-u;<*ic^&Bw_M9c zNxjAN35!07oXFIHq>XuiE?mN@%Rx!Q9sn<|*O%Ea@;{7&UIybIYQ`x&!fLg%{z5gb zxy2(a8P}K^;Jq;Bo6d;BU$Q~`OLtoE zk7z3X0;UFjR9wfusxE%;veEeOii#gOH3C0k3H;DG8iRj`mH)X-#h;+_9~IZ}udIvz z^CsXQ7ZpEpY6O1768J-n!+)if|L&&ZulY&x9~IZ}uc(XvvnJsGb5#7usS)@QOW^;t zarkc}f^h#I-cio0f3R`*^LAM94{Iv^ZcL5- zkBaN~G3-RjzfYQge{59z$f*(d5li6L8i#*Ml?A`6srdUcHSnY2I(`m*5%T}zCg8s# zDt_eD2>gg8@K-ku|I?Kg{LZH0znQ6l9~IZ}WB7^0zoZHHZ;y%}IW+=5VhQ}a8i#+* zj~4txn~LAb)WDC5>-aJJMB;}nuF?Jfwy5}#QzP&rmcai@sevCA*YRWciNyb56Y!6YiXS;O0zYC2{5u-L&pllhGj4F6G*7~mD~vru zld)B&8~*#^---X5@qdrLNp_0ZBwLOhKhv-|rcxV!kq!IXZg<>)3(?9C55kt*iw@)J zBk!e$2Vv7%Z!y)(V#LWGfF_ulJYU7R+O&z<2ajV58=`u);PGbdRq==|bYJ2zTYD0Z zOzgqYw$r+4MR;T`JwK4S+<;ufe!Yh0bMwA2`B~ypfA=hpWd z&(D50MdRlS$m#U_oPt<{e|u#k`1x|+zu>1kt&#kE^*zanwLj|o{Aqp!KR1gkV_PPuG?br^OJ#1<>!2+4kTrO5t5%nF+4`_vl*(<*zx(^8=~>^ z%l|ZnpRXep;m`Y_5&Rte$bZ4l{y6O54j%*SvS!OtsEjmGlx?^we`4?Kmv<@h^| z;pbMwBK)P>8^O=E{{MoX?!JxWXB?_Td3!0UB;@Tife3zHAs!8WrsC1kKa=oCK%f6x z=JLyTQTe%Uqsh+>1DeXu`Ai*1dJK$^{Coq$R|G%vP>sg&^NT-4<7W@#bb5K)46z7* z@3w~cS>Jy6;|2@<{!PWdfT@B1Is-pPIqUo}@9iew9~l)ta%u#A#1in-^E zH5LDRObz^CoX&p?caiwtY6AXiqvA(Sjlhps0{=Jl@ZU(wF^u+yBbBK5@kXZ>nv%;; zP01CQVhbZnTXJgnlgr#n#D`3>tsx34q#^HATW@+XC<14+Muu#!K`Ici(mXZf3r z=TG+$(fIQSaymVK@(_#AM{I2@f9|?BOzq~U;LqjjBKh-OK{$n#Ka2im@aKVHl0PmG zv<`o^&b9F8K`hyjKQC`NC4WYIW%B2{E1SxnM5YcT{RxDX{JEQ>u$4buQH93J&k}bu z{_N)R|7q7B$`OnFdH3sj{AqCg;r1^r`1>>!e+p9rf3AW5ox1o@pGM;!9u+^<&l-Ur zu>}6jb@5Ao8Z19y3RW>R>>+aHU1)3Yr11|)c3wIJ2hQV=1#YnS)pY*6GZ#sfp_)8u zL2Rc>gTqb5&=kBtD$QA@Whq5iaz`sXf-~7V=bz&YOiM5KrCUD1^?z=`(wn zfGd1A6|#Cb$9o#ia)`&W^`I12pvQoW!*2B_?Yl475AK6E&8z9iz!g}`FD84>exlZ$ zdCY?)EZ$jg6PCn}XltFw3zr|@UO?eJ(+{>E;XQMn(Erq5E&ek+Jt)F|X5MRN;?UPz z%fd|ZHe9)KMEh_CjyqB-97621b^1TeM!wp^sJZZv(jA?y00tbLGbr7eS>e4Je69OKwhc+f`xzj3ANr7$)K1>ezTww&kVYHK$+0%86pAyX{X@W&8xd5lbs1_B8a_@+QGfUr zIS#K(Pzv8gYUwVJJ)6zK>bbP&&ae!m=h6flHAJ{0dE(gu!UNmU)od`j&r(O>vsCGX z&(dQ*)z-?4t7p~C_(e;`LhX#t^-qvFB7ZpWyk^aGhwv5>nGV>Aa}^J-v?+y80Jij7 zD%P_P`$8-cE0`jB>z~7Q7+0?jX=J3>8Xg5)M{7MMoAvmJ87G2t+F8ul^q;uT$6R%% z2-KlmQ-2B9p|U{G!32zzatZf_F>FTm*F|EUG=)=0;C2Ek4&N0n=w+rh3p!A*pp@!x z)G3is2Nu??(;*}3@W`l-)QkEB{Bb4Hl*p*t>P3AiD42sQ$8leX?uQeaDS01e&a^#T z%oorm?nchSH>kW$q^`WbT}C>8Z#dG+bs}xtZ$#pK?=q+9bs|kaU_^T0H&HvBoCP-w z-LWcHkFJyTRE|}1EX}oEKcKtALO7M`75+PjAicKs&ydi=JhSYK#x-B`s~QZys=?h* z8#4a^OCfcei1zy{Mgf`da7Guvl~xJt0>Y80s7_Hh-*OUoE*zO~qKxolLJx(zmF~&p z35qgr^H^fp-(*GDlO^dBK|7g!*LvBfPPQbhpS`z6WPi2S602_Z?=yS&D#d6O4@b6< zXMQ)B_Q=6-q*v-hI{UB@sX5N41VvIjH_C>Z&!}Ol2U>TViCRQ-$tg%Hqq-xb-cT>< zaCroy^=Lb{`rGG}xo{Cpu0Oshb6%sPlI|l~slD|gDx(jOp$$;+lkYT~k$PoI6|z|` zlB>@E^G!Sb&F-G!&0FT1KL*M)oA3tCO6hP`>Vff2jFVlZv(ilfg^SXYgnN=ge_}Mz zKmQ%^;hv;F?tB4pFpm-Mw!-Hq)DpSHBR8lKBCsuUf$Qa}(CrA}Xes2Ee>g^!$r$VD zj`Sji3`vXHP%`~X=+I~QBXPX1nev_KkMu4I4PPJ}`Wjhltsp%Qi=j++NlKA^P;^PE z)UIZH)IE*;tejZ8pX9h{>C;!oRs3r%_q_o7;n58>Ro)-oG1Jgtp*Z z-~?=1?4cB5dXDDWY3eemwL^)tr*=n>P(a`{m4br6Bk47j#-no~QpE9D{7`X;V<4+P z69B z97<)`VU;X0X){b6j~!NlPVX-@VdbVZ5tfIE14*m0C9EG7;CtK{c+201gZt{B3MzBD z00-_I{uXz+{HzqV=Mxm|{O1g^8>loMwS^9)?u9qHJZh`zYDNpA3hGB~ZPPu)t`V7F zx6xhOYH%uT4<74`>tdP#P@vNd7S{b015lG#mn>Pg14Je3j=m%@x&!0tV#EoP%A6tM z=&teKO3wA=6FB$8vvo1zbjAFOc|JZ|hz*R#vkZ*G0`WWQV7y&q(gu5JfjZD>f`xNW zT+&2TmrKsI)KOimqdFDmyzuiiId?aoz`4(#sf!954(fBRtBDE|u)3Tp7MV!S0oBK! zo9*%Qu1!QWor!V(1)2(ZmHUtA?eR6ZMw_Uf<`Ym=Kiw!)BL^6~Y5>&-A`=5uoCQ^N zmnNbr|4g8|17sws{1>C6+6)JA6V)m{0ae?^p?au)G*sU|CEki&243Z|VsIp*NNn3w zREZLm3NjMa%N)d_$d2X_sE)$(ov8YY3Po;}ZlDFe)-M{WW|64w{?tU(KedUx>dwT0 zqz^$xqFT#QI0~x%#9>Ipo;s?(Jjv>w7S+1UXsFUfCPoW<{}U6{UoLJUDi0F}l70Xg ziRuuBkZ7nTVDo~B>P|j^SC3*2+Xz%OSo1lxoWDh6VxW5dV-wY*7c~*p?Mxg!NCK^t$It162cZ{tJfuA>?yDs)lUL9138>z{YI-A3B}PRxNn~Q6I`)By>J4tYYRcqmDH8{hF3?e3g@G{|ueM<) zq={-RpMYxPBaK4U5BBL(k6tf`Obk?gET}eO-&vDT)x0lIxj;tp>P`%d(NLWofht}{ zb9(+Q3bchO_R(8B~nSrW-(W{k271rk$zH6d#V9R8a+T&Cv4kUdHG7{BB zj6=~--Jf7ZHI`36bsv`c8zDQs?iCHyl_C?Pm+gDUM0KCAq%@%ge!#?mq@5rmQ60k& z5)IWW*j{e(>PbEU)lzFu@Gzvr|#``c#662{PVtWc< zL!WQKCrCtlJ&X-X#QQHbFg73&Hx!AtVTrirEfbZ!si+=d;y}{FASzKkg<&!p=Z0ft z(rk}ed_sG?OjPK!67kvY2C4=m;vZNtw`jg`7F3tP0?{O1mH$hidIMx6s%035qM@3J z=3%0GfKNa*T2$z?sFtTiLzNndDvK4Yf(W?rzagjS!hc^fEXD{9BsqgKwG`y|6$u3FE(+IFPglL?uSMj`38z>+RgkJU%R*NDrHrUG&OpFcmvU^1)#;o~b3#ymIkrGXi`n%o`sM_nOF2gVxjdO9p zVRG&e7CFedHCV!mMAhJ|`SMGmaqdZxi7xdc&(hLr&czjL2l=s=A3=Wn%#TWbe8-P1 z{Mf*cwfrdOM;Sjp`0*S+p5(`){3zi^5kCs}F^wNn`0)Tg z#`EKDe1xtH^$rch@?)=1k5G54G+3(8ohUsSiC*uN@wP8SZM5>XP$d-fw_P+pDWd?ooV~& zE~TG;uo>%DC-w6Wkg=XkXbYDcUqrrKJUrFmN?*-n``)J=dWQ>+mcy0e$15lR_DR^c3oc=|jbA|eBawigbJ5BBN6?t8dpT8z)6BlYd9ayKY z5sgh)gy0N@T5UN(9ESysY@Svw|I%!r);_z9^}*p>NZ1DyPId)`(0R?1qP>h)p$m~k z_&vIZ@!ngdGYoY-qIE^yT+$x#cBK0n?&G3=<@KY`m~h;O@KHweOAs9!w!jdb336Q( zt8@9OuE6!Fl49aUBJ_W73m%U8euxcDbvVwS7*NFuCun=7iPd)N{?}q8*fmI-4CD?u_ae&a^+AWq-tp+Xk0U z>Fo5!SI}#ECp*u5%pMnsF_X|nr@CJE9$=G`K7ylf)nlN>=Ud(Xnrm0%Rj9e{CWuN3 z47UZpnP!X8&j&H;`)a@cnfiW;yrb9mUt>;L-+6dtt*_RTxf%7IfY&DJgumrTCsvuA z*0uBBrnCeB_mhCJqgQBeC*msfUg7I6aUWQq)3ca3EhQ_+wqsAwt)|oN1soaezu;@k z3Tyll`woQR{1&(yWR)|Pn)Qu{+-U>8v`-&m4Zjtqx-4eEuz!hDT{fbi%d7=GE(`LB zwD#%zQtc0mr>q%FI1mje^mjBZcnkcE0gDm9D&G7iH=`7y!nhEz#Qs;j)6bK+5kE!A zH!%JN#N&A~+E8&*pFJIcC?kVkfvn3JWjiY8^xHe*clhL(4h(neMeTVbvV+CYaks>N z_$5&!2%WVZKb>m-F~Q{z0(d|?Yd6Z0tF*6pU3kF0NJO$P=2swV3BGVzA4|@9A)MUD zlJ-@^PRX(435HTMesT#;Pb%X&G;3j2k+z4JHG#Ftrs)(_t&n( zH!mVn<9N}lkY=~95bebrf4HrIcU2aC2(r4=-!U958%dFsb~6&w0jOI0@nzJ?SF>O7 z!I?-@*H_bi^4Wp-^NZtC-GT9tBt_f3-9uM8)gQ#cyuM%db2!~~6SG)FjWf~d`wH@= z2kryCl{Y)W0dg1ade>IGex%k>o+IqDyC6T|16uH(+FIe(ByLqq)Cy3MT=i-S*Bhn+ zn2)oJ=E3Dfl1|owHNB{|r`$6zP3ZI37%?3{SISPK% z2Kq};b@CCN^SJAu6Twl7E`*GlIU|oJE_I!mS{kLtGo{ zR52)@kW^lAqa>04d=lEbAWZ0w1UD*ja1SPKrvi5?WbGufbgO^E|2}Qg6u|qj}%^%%mO>LG&>uiPLRLFItV_$fy{s^y}FVQxt0 z@nApJi*2n^yH;erPrF29UI0o)$^RNNf0w@*znVC^egj@RO*`P2lptYC*YCk>tZLn@~> zPwUWC&W)OU@Zu)L*8lLp=aI=AOE}O#m8@9K(=oNu9!Jkh!+t6?sJ6FA&<=IY))$KK>lVyZr>e0$C^VrM&?H2g@kfg}DBe zVI9%J*y27%VN?Svv~j(8YpIYlOD2=2mD&QlgmeKnx`7*R|5Z+OYI=%P!v-L`sksW! z41}!pbZO9eE-9}AbKJ#Dr*XU;HwYePBjJ5Tr5Fd4N`F3XwrK10O)sm7QJyLVUi8)5 zS7aE!#CdF}O*-1F6Z;0Rk-~nfUKQ)|?)Pp)n0%&hGKWXR>y1d6Za2SmT zI{jCo(Pkb|3jJtOIm)6(+4$V*8e9YJI9z6P`k(15>bk+HuhB<3SC^8y?d+m$AL6lsj){l;+J>7CqUV zDf_i+raZaA`wSQd0+e~HLys`dTsN9>x93H_cydM1OGOGHb27sB2~*x_&rBpca6j;m zBO?{kYzUI(wPO=Zd4wib_H^Hvk5OdIex)qIS7uYMO;`cpDfPLqyh59Vyh0l?P8;ri z85DA{U88w;=gG{cd891#T~PQe(cA=)C?(KPf7B*ihCUcbdgBTye3CN`Ypr%d9{YLK zgBusDC&nmg@u|WUpAO^P&jBFS+7x{2Tl&21AykrW-k#JM-kl(2?A902-Nm_(yD`5O z5j>TlvzUaDJupE`$GzC=@si2%^<*z08R9VLE+hNx|MPRP?S!2w8Wr4QR1;&-YO|DQ6x)>@V{CU`x{H}whqz(=Q3-Rw*|==2?f z20Io_Fqc-2FP-WZjK&B(mr^i0{~YSGVFk;TxyO4|Xb29uPwmS&w98k$pA0-FSEoA| z?((gN(<(+c-VNSY*pZRU(^jZhdr7HZ(1l#KA9-XZv^00xPFaUtY;P!6nfnj?lEuQ- zGCuXf+|1)lAJ&flDboLtQ^FziaD~myagXi1g-aQH(osGbcjZE-JB-VPvEH0cd3>Q$ z8GMK~tZW>0ov3XFI~_RFbcGF)5bE0%s6TU(2S#?mQ^uOXa6*2nYzYTu#Rc)U(ix#& z-v`xF>htHirLqc{oi6oxT)0l$-B53(C3#>Y# z-7}meh}j2NwGOP}o${cdsB$8bdD?;`IN+D8>W6wbZ9kBtqMmM28SgxHp=@xB&EV{0 z`QwNu=0Y2V)L4aw_LKVsa(c!%FdNF1v!OlSk(kx=glJY4wM&)2?QAB=hnL$tH@NT% zLpIdz(4U-Y$f~}7Fig4{T$`p~g_tntrF4WlO-1sZH zyN%W5$;ItZ+X%8>0iw`ISogGEYVCKgI$q0J$Q}5u%dTUn7TLA=Sqd3pZ=yz1UtWKb zW=NQ@yk0*)y1ZVNCggRWUZ%Xh^#@epwDP(fJ8l}1*C+ofC1O`pR?6!Es6OZb8Qp-q zz5p-Tw=48y`<^l6^+$Tp_Xx7eBdO0|w4ruwk*}Y1Gti$xzAk^XVflJhPeZ;ct)zUd zrY;&OUp+31d~J`)ktYKqDrc3iJ7l;n~jhN^hXX7qA7K=_B@21qqZ_k~}8@1Gv!g7GgZEofXZ~xFO zyk;1Jc3iy6_w(^#fdT(S=Zew(InQsdDuV4tm#;kDQNeivG!i$2mim<&f->8kwnr(hWvE%d{F{ubp`mb=-O-i#)u{?- zS+4+LaTq3=n`mj?VHC$5Lrx4IKvhjtpR*>~`XL6YZs9QmO$mZrR1&3nOG5vm=!}+Sal;$wmphX4-yvQ_KWscx?Ln8f%6zO}OfJm=fg!jeJ0?PDwL#F2nnLaWAna(Qc zyc!G2H6YT#;-{BMfj$r4br^i9Aa|t}hms-Bg+5=wRWj=HZSc~RcI3bBkD2*BU?f+! zs0T~zOG|_u6c&2>+xY49XWyd+^NKn;<$N0?OnjD6!WD%&T}l zE+G@__cDV()_shb16GFKVtFG=?4uC^`)+F#GK6tZ$Y|#2V9ebZ*O2E<g?cMVyg^oR1pkQNR|Lxm78g1x5*j%vN`x%a1CqOA7RS898%%V-74A zrFjn6U%^?IuOgO9T_b({XXb0lBK!M@jC!_1A^*Tn*3&tzrLs8Q8CuKH)FG={B}PNJ z?R%*zpif{ih>?pbhDzPE3Sz#e+juP2ckm}{AEPFl`Gsc&I-Gh4SB~`-HSKc5kD9hK zSvFtP6t%pLwLE}Ywv@HR{L)@iY}7KZsE5D z7WF+^*NY`)>uN5GTf$_4tdAMUr3uqMc@4iAbRCQ5D=zi=Z!ZXshRd z#^{eP#u5M2Ee{^2>SvUd~7`*(~hAaA*ayzOP}RwEW;ybcVZ*ClzO zKZ>PMt^%^Zn)H1|kUb7pRw+sSC$oV)$q`>^K0`to9SnrdxUU|~>67`bwaz#l-u@NQaW^VAL4GXlI z<+hc&fG@2y!=j-pOMCZKdw+~VY_7~2?|!GcVMPWG3xJ*M>Cj5}A8eR)l0cPf%0>GP z)AP@;gSynsuCx^{--_ePqBSnxv5v~@o(wJv#e%BOqSEp1%@5@u}!)nAh{7?8j z9AP6OY{ko+`2PtJHX#E3@7^Q-D^bzV3H<(9{#S0m^Vdi`V?bYiUf(w!g^phWo}p;) zXu=lej93$XL(T{EqW2=_!^j!`6PQ{=VBP-Ei>@~7W)zM3hYneaW>t=}P!AdszNYtW z6>cL+(Q(+_9Z10fxO7<3-{2spps2C!->e>PdhzmQ};3sVrJsVvNV5SkaRhcmZiUAhotY z$}bR*x-nfKD~&N@3F$-FQ+0nBeY~70$IE7j0(rh>HstxGR)(Qm`;M8ic&DyV=~RxGD-j72eFNq7J+f9SEhFYHGewP_Ml8ngfEA(F>W`Rt^G*CB zLy2EjU}7YG1ZpQS5Qp)j?&0w=UzXO5>42XxV_D*<@goZH&uS3=41s@Qbo_{9;Fqb=F!*Q$!ByI}`*eMsg;2%V{LHKx`%vb{k zDKNLe`j2r8N0Q+9kqr>pM^h#z49?gd3_?ics%u@oomH;Dm`VTh5F zp3N|v^p%s5&9IRS8_O`9`jwM0mSGc}zP$w~Jl^|eF4&mu4zx?hW1`cBako6tRaRw> z7`vcPIgm}i{rGIv57}J3UuoOwYDmKr4rV(cc9g=F5FHrLI(n|iRaawlKRzPR&IS_$ z%-unlfb#^-qon>G-%cJrNQgBf(ue@D1sHR}j)2lE1PF(i`F1 zf6yg)=%7QHnVQbe@#%?3dVM-axm(lIo07p@NF;KAj4#hdYm8NjCJN5LFpz`%TCrBw zvsP2KBV*L+E{;*Z;#(hkM9mPseT!bRUn6Sf&Rnk)t`fsvS+eK8ToAuJ= zN~}w^DHy1vzA&R*UzGD5%E36deKYd@78Ljn3AT3Z3w|WHGXL;?o16KCQZ#_g;?MZV zI4s6kVaN~7aoTEJwwhovUT}R1*51Cli;=lH*Q%X4R#glY3u)y;lW{%u^A8ERo&~{L zjGy6Q3d5VjND`+@&co3C-+qXaV^9j0oj}KxeYs{0sWu9UwUe`j{QHpd|6z;#6KU+- zm_OtnW5yOj;`qg?gIhhU{pB2CSx!rqmgN+z1jceL;MzA*^&M7Rxezi{HOU|AT_Qus7Pf;irYZJB%c8j#Hd@di8@Qu?KuBjm5W2g|A@H&XS zV46wnvqT#Er-%Y#f5wMi+i7rOnaVX}@6m8YRs3^|IYa6CQobai%s3lJzN0PH8)hQ230J}^=AlB^`zOSoSC{ffr)k|8?` z4o9q)&wxJwd&%om2ShLV489VlTz`29FR3mJ)ssy?GPDr}_11%KMUY8wqrcQ!e{m;< zTZ%mIm;UIH>)Y2%VdnMMw+FTp4VX)Tj~`0lED>o31!$kLtIj%d$ZE8E^OG!nCN zR(<+&#i)*0PdOwc7VbZgDaQm~Lw+2;g#B#PNQb&r_&*#ek4b^QMyrfHM^?mS<5$N} zFP^=b1ERi<=2cXhtvt0#zVoyTzqtvGhfYDjR+Voz0>fG>8VomC`NYt zj_2=JO9 z7(y4oF=x;PUYf+=$vzTM5c5xr*?l^Onnj3~OZU~9u=!DL)>sktAK>}Qw2z1FVz7}z zu!j`*OH1P?)Mn5*$A9sWRWT_sG2ymdt=%eMDnnPfccQ{Qg)_n7{ zY;;8*%T&nPd{?69_@aD={%5}HtmimOzC(YMhb!k`)I1uQf!Ua!N80n1!V7>+ ztT~XL7v#+k=awpvcwh$;#$~1OARrm^^?s|<5-ozlt6KX=v=Z+IK}REWgrJr86T~JB zjqo8Ncke3*C;g1@A7w5j2q*1y0a&dq65&eG{b*x&NBSA>9@5`khj)U8#+%ZKq7@eP zm8nQa<6XN4b<{)xl>o&!1|bxKif;A^IwI?jmn=(eefcJOV%r(8`cgXhmyf1ESeT=rzcUR zrs9P@4BWQDl#f(ng_j+Dt1yGSi9S0jJY9e~H*N3Wj9M&IVgCZWhObe3EP)WTK>&I# z9i%KBp9P^uow}D%=4)sHvdphoW)fb6R&bdY?l2sJpt%}50n8zo^591Jl5f>9{0Op2 z3?G4O77VNK!grz;tGeaN;8mD%+=e+Q=T9acvE-r-z&5k3p4)QOa;$S>HoPO0Y8J=! zEM}6k+fm$0^aNOiU73}h?*2=iejI!0pPH!Mf}*e&0(49lb;vE+<5@$8dIw&FmeGkn zyhoz}MAVP9OXQ;bnBe^|`&*08#>fJCx>T$WCoI9(5fh=E0?+B*BdJWMk6*%F+mgw9 zHp>I>(jhf%qZ>zxUsDE~K}_BFLZA1QgX;M-X=XJy^q>-Z!FVxs;ll3U@RMh!3+v@Q zc+k#~0)-1@7fmo{ACHU|LqZng2ePha%=T!G$fCQEg-H=<|7+Mk>4RoQRl;_(%aD0A z{rCdA(2s99%hZoQThbW)xa-!2_2b*civ1C74%@kC@h^0Vq94!1ODe;c=*g}{GF?Az zrw0u{Py~ML2a+b*<#q$F8zQE}Zo5yAKh530&)$3c#_&S!X^Gkx2toF+74TKSx31j< z<54sS{uLr>Q&9#+{R*&V?%zz-{C2Nk%`1q4n6EPCbcmVIOV;|B{R#5HnF}`@75zfG zk$?n+sl{ltZhRNuTVLevi0`oeAov4?yj5tKCG`QsKw9N-6vfmX;^D?^r~lug(n{e*j*UL}mWyAxSeK9ERvG;3cu+&S z{^20IOIS@fBEfnF6J7ac8;_!UXI6*_pP%8EDlG#;p{_e{1*ylJ|ILDcMIoWs{*!GWosjZfH8+o@r)tElVda$^*7KrUX;^6 z!TVmQXBZJ%3-)fHa$+xs)iswVO2mZNPDNyhei5(@@;IWu^%eaM&bQ*A>#gi|DRg;G zB#|bH-uA1fGn5SzPl4Xw&;ouSy+Ry7rixC7eB5d}oYa)U)+o=FxmPKSXOo1JYBD=q z3d#@nw{(|UNx$1}xoJn}e3!O|y-tiqVpPnzPZwqAbo9*)lYtQ3wyFJKX174}$%l)~wtlUe2lA+T0_f>;!* zuoE(Uil+TV)Wzs=Zz3K$Q&C4fzo|}N3|J&HMi+uRVmhb>3Wy3Qg@3S32>sy{^z(NU zblZY>q+8JzDB(eh0p@Cw7o_Os?w>BDS0Q^FJ=xOXgAkU7x$0h4Kqf=3bbg~mWZn9w zdv1rAbEgS6a4;F#$M=6dLZD*Q*hkHb;_aw*=q?JLRR)z8A{zYNJPY6lcM@fIuE&pB z&p?-LZ|I3I^3ZwmmzthYnwz;Rq{wF1(uK)eDPf6*3Ind8$Asg{h(8&RR_t=6?RN)y_eNWdn{<0dDaD`Azgj}c z^qh+X4w} zKEcE$1}^M}wg3D%LJ2O#`z4sg)PnJLp#!`8GsN2OrP^yE?JBKfp2&l315#w4_6Wkc zqwJVXd9qZb5%d+m$WOTcnZl&5JnCjhpya_BKZ{|Tn~$+JrWC$~AJVFVSB_<}k3zQ< z!?~HIJMAD_5jFy%ao38-?3&^|f@;UW8{1R2)-_5ImG-@hunU2#kRqPSEH zk8&YE^ha99`?=H>T-u2BWMV&CXH{nR_;Z^L({4^E)GzRAji$_vkmEN$?~-bb8LJ zt;G>?`F(T!=OLCmZJX%gk9?09>d~@bvw}6HuD~GH#!=idI1j;QTOl5#{|4!^t?7Z{ z1wDPMf;Ctu4yRXZ%Cu&w16vg!wkt54upGs4!M=!$e72)fbGd`Z1<{|jR?q}qLh;HY z4n)XN7LSh2QMb?98FL)bkHvhC=tY;}4W-(p=g|{hd89qdttqQIt4qvrB}PQA#k9?7 zTj89w0;jXY2r=f)+^o!{CdYL}r+SvCm#<2JCy82C8jLMivp?6L;R@W28lLAUZc|nj z@2g5DJz{-3lon+LYYGG}Zsz;qgtF>*Uv+wp`Yq5Qmlidx@VW)%ic8HbwmAxR4s;Z( zl}Q9IbBdEgV?<46)y7oC#7r7zGRb!|Zu*@pillP}^dbz(iHt{!a&4r4c0u*P?1J@{ z%(IIzY;*md$k;??YtX$iC`?v}GQ|(jDTY7(x7)kWm&_)g9`E*d@N~x_xI67zZ19Pj z-q}&mf1fwmQ83N+skbe@VwZW(!siD)h<_N4`954+RFS~EOfZjwxjXHDvw-_P~6>vzWghVEYS}t z5jt2|G}(rH??dxFh$wqJx8k$PJEmY~Rl%_Zo;!jc$h5yJb6>?TnO+wOY}DKcfJ~;@ zm{Tl1#>63m-#z2;x!*g*5tuMByWm9nq-jC;na3d4P+Y;z(t=|JO3}>-P(!|*rL&Gn zG_Z8UD2pqcWmT;lzFh-dWxJZWT9o^K8R%|tNLhTsBxPqr%v00IiC{Gdk)s|f*ts8> zdfEj~gr8+0d&T2HODX7^?0lAxFAzeBnzmMU)Ma>9YkXDBQIoTgH%VKzvz4>OiX8P2 zs^cvCrJ1wE4-SO8Tl}C`Yl|{>F4Fm`o9D1Ypi{;L;+K?FHFNl?m22=5%Q$8G&>7=w zHTKehF)^)Uz9kBbIJ*=FpyH^9&UQ);bk10G&OFr-iv|gh@wz;et&Y71!ild$`j_4M4(RFY+I#Ab*L9!82=dLx96#LZ^1&IUL7XsaX|mKe zoN5g=C&znwpk+AIV9u%m4dbSFDi{dwoEmRZ!A#qy{L#u87#deFGj4a6Tq3fD}Ww-$+}Iy4k|&#~InT;{sRN4lw4Yfw?WdaAB4;_aTI%uvnw8u?P@N z7Fo-F<4j}L=r`DH%B*j;F@K7EMA_rH8=qC)JiXuC8^pPGtQPtWTPx;UZjl};Y8&wk zYB4`_p_3pgvYM#phn(Y>&~q<7_j|`X0{6=<^ta&Gh#Ap^Fl?YLTLHe05J%aLRt{zH zHa1XK*-mt#?Go#E0xPE$z>1|PLD)%CLo?C&(SbtE#5X&RcRaF{9o2iMwYPXjfqczD zzO(f%+A6ojI_B;w`>9!Oivuh(x5Z{x=GuJpPo7^Uy&%CsTx4h*RU!3baDO)T=hvpy zpuM8C!me*MVhVle5-jb*HU<0V+5eOJP@=r*>$LjNnd(~$xQ*{L`qqEnA0IjnUoL~F z4bra~>+FJlz1r5LA62tNX=diXF{O|$=x)sV)7Epx#ktUcm3id|a};OL>pb+4(8o>+eXbjnNsMT3h-}LC zHG_&!>L||4F4zTaVO@cv_yP3!ve-}o3#9%><#YNpiqBSvTZOp%jdW7Ia1=jivm{0z zE{h9hLs3V%`00Zf_iUuwuct#EX1cl=#ac2#2PumW9zi9fx(BPHdX`jEz`44=G2bzi z=fsATXNrx+DbKM&EYbi$4kd)H49jn;wmc7{L4HDK6KWOaH?VZ6GI1qd`unO!XYC-D z#E>xSsALt{BGmBD@dH};ls9!fJKd@$gF)P;USH1+r}&s1DH2tdZDHn|5An4kUfn0? zuVO|_y&oD_d;=O-79<5Uu(0X{^(H2CKx$wik^aAz_mTS7f2DqL7A@q=X8e#R*+2$AX236^)eoU)TzwT2J3A?|Kbb)zbf-_sDZB3pef=M%7*l>JVtIn{}RHH z`WF>FoOTiu93Zo;qkDCg+1Am$ZbtdmMoEVP1ffwL1`~{Gp;2-QUq{zM8)00}SbXmH z-k~?jJA$7gYDA-?l`2x%dKMv3m96{-g`$j_YbCCTrVxk*}^6 z3-hBN=M<|jq|>M!>G5K&=l>VwxuE?ty1b^!XRH(81lHsn|IidCu98*Pxw&1XEO-}A zD51VvGBhPMzEq3Fpb&`9hISUw9kZ#gP{B)~-i<}H{KUgUlVd%pZuLiZ+Bz|CV8;q3 zoEpSTo})WP`eWH%^r3ao(=*CK&0t`JebG@o8ale6cMBa|r0t8eLa%}0 z0#Y0HRch8~3-Ip~?Ty4q0b$}j7mL%sHwepI`+|P^yk{3Y1iKt83)jRIJVeXF|6%W2 zz?-VFwv%44K=Bl%SOlao@&&;qu283nH>3RMJ73?QJEBGCTtTI-zTq)id#n|Yr9|G(jRXwF{mzVEfy zUi-Fo{syYgEUK49*robf@pMO=TumAHpei@a1fc)0arRZu;pcSE9cG#tdjOh6w^y&kUGQ`dXP^FG@?K+HuBR znq#+UE<2(XR&l)j1N==5hmCn!9{O0#hP*)Yfl0ce`S6Y9A+#WUm>RKQ4etrj_^;yr zlIKs{a--7htMCz{e<;gysQs|LiiPA(_?F|ZM;enCIa=>8%H1fP3S%!$@ggxF{P6Js#EO>n zz!`}-an3BXDq_W|4x05dcxm3O&{-qPqVB?c|JFzb+_`90<;^-{fyEJ7U_s+e??TE2 zvM}Rh;aA=qMwQLqM&thm?nLJDmltNl$fLxj@`&$8cy=9wyoEioIPyJBI|$<{$1HD; zV?1doy&LeZ{4u9@y!(h*3rTs>Gy@6#wb)^zRhL5~ z{wMK|XLIyO_*i{c8uW9q*EljdMkuj=PE{zIkPDo>z!;ZW<= z(i&QiE?rB1tHLQIA8sl;EwAh@tA8!Iwk4K)2%`;mC6-NqxUWtMT?diZH;Q~e#P^5 zI3Tt&SSBgU2Vu&VqAb6{imeVTKpjS|c>&60!^{w$5YsS|k-KF&PHn77u+#Pj&e!Db zpMF_*0?s=bqC08MH6&*JM_^N^^a#mzccHTU#>A>^ZD*RR(57IM}r6)$dsPs&j(*d<-2u-~Lb)iW+>dxTk zMkl6Go@cr4MrGJ(CWjRS3{?ZA{-&Y+8d|Eq=@6&WZx-pc78N%svc3|LYDsg7l;yJ% zXaG7~dWh?9FfChG?Pvon#9V({Rciwbl+x}dMca`kEJe9%XSAc04a(*G>rr`-Rdk-z zq%T=3o2p9~kDKaC(wn-;x}&Zy(aPc)6qod+#s(VhNL7;cA?``UQGr3k|IwbLcu8pU zIDH2`oc_(u><^=hT89$m+>F7K)Fo1QlETYH-qP~@oH71GRpB=NEu}lSKW!Uo{Y83G zX*KmHds(NdJt;WxgZmN0u#8B39l3|5_vUFszsXfK zFzFHLH8gfKApG?AbrES^NgpRmxdx)IcawgA_f2RB$>JHn9}gipJcN)&<_um9G5CYx znGFZjuR;0#2G5Rq9!N?XFnn5EH_(Iti+?<#I9neg34aL<9D4f5Jq;iUh-StBL_8x0 zGX`2wtXG3~B$OWFNKS_4tq)1RsQ%v(#|)^HH4xChhxId@iz+f9A7~(b0(PLFf1}Q>ZU(iI*kDoJk=4L z4!wE}EGkU@FndEJ|0aEsrQ1uT@@4@_aMm*m7r@=wo z%n=8Te}*Gk0fxPhD1W7!RFu{wgK+MYrfsCW3187FbcC-Sg@b2o%@|AZ-p#=b<~mj9 ztr^5yru5DHHH!G_B4zn>Yf}b0Nty*Bx*30+j;XIMuw?4X*_?lQ9DPJMFPb>%Xa7F_ ziz_~lf&Zpi%?xOhk`DZL@n3WOTV&k-Lj4=dCx0wFVbB>%Ch_#|wEwO8x2#?qqrjEt zbeihlY5x!D-;w$3G3npZoBmho-_85eap~VifBIjif49`1;tn8x+@Jn$*T4UuKOOse zTTA;X*-$i&dHw4W9H=_l@$TVtBJY@vcb}@_=%J?r{PW6|t}o+y#G9Wuu|B$>5gM20 z;JjH~qi2WdfOj>>p)mf){Gs%qobQf$qAMKtd;kxA{d{-ika1`p1v9N?Lcc_KI^R8r z!{hj-em<`pKL7ZLa;Pu7A%@LZ8d>lIs*z82Z{~>)PIjj#_nZe0`GIjs`Tp-pxAR)l z5jogRn+i_cOzD%2i!#_$rZW&#-?u6KUe0xI>M6&%tJKme)3I(;%XV%p+-LNk%4b|+ zk99i&oz&n>I6j?S*7iSfs{0a|`y8~?;#Bu|uC({mY&>OfByrB=Mukn`^iv{7aQIC3 z4NQz|;2@~^;1Q1faFK{7=GV)4ZmfQRIV@NbQ1AxscsxiuSuj%fe+_Vs@v#%x3l$TPL9v-(D`moC?T{CpNP>oDnT(~N2wN6+;yC;NRldw1{@eIBsNBZQS&Za&fk<6k<=3ygq9*(9S`qgz4{_b_VBS%y32u+4Z z(>8|UyMjWRj^8Lgydr?p65Ar%RCJOD$5c0CcI0gROSEK}@W&-f4E+Qi;xnoG;chzE z!EQO+y^rDOHkjD2G3|>fzK`K0a<&_tT29PviX867Y(9Fp8|%Tw;chI9tF4VA=Qv$Vc49>^Ns?Kjq4t^a5w(o$qdG|JsI!_GEwK5B9H*ef(-^|Hl8}aqQn5 zhx}+Mz1ANeM|#IQKW=Hi=<^LmeManuIPP1ZW8wUGzaL{22-q)&u>`Hgz)y^iKWE^3uyJheu6pSW}n<$zs9qm)}fr%oP1g_y614NZw5T8-HN`+H>&E;r4(KO^x!a zhfj{1-f9UyE;PAmdSAp%?>;@f^NjTFYL;GkVVY@)adHJ-KaO#i7q*Xa2MRmHxH-R` z>J06(No4B{4|T>V58W&^~}qhksr4jS@%hx*6BvA@}4NC*gjO z&0f|DoBT;dz8~Fv!?*;$ja4u6vm;Y#Nt1=8J3Io52So9DJC0ewsvZnzHQ*gpZBsA2 z|5}qodxJD_h}iRo5ADivhfTK$XulNYZG-YozIy5mux;{n<`Uz44!=L#usRcQX+LkJ z(%}yG@H8bW`Rd9E_P+=-yloYv259fjH_);UV7xLOzhUQ!^dLeUGe2$eH#z0+0rsYJ?T^T z&|3H4ewM)Ync*k&B5cwA{4O#ZOy9l+EltJ3efXcJ9g8ua%kRbb7W*34j_+`;8Rvc^+^2?1BAJMPCgwqPV|FFgM=q) z{|D-`{Pfd83#;D}h}f+%EcYJzhFBe36~pS=L8aWh%Y0p zwHLY4JoS056Fv1QZe<0T&!A_mR;19!3c7z0y>B$8Jb7Uz+tq?Ot>nA#$tKO_;zP?r zo?tg?r&fp{$W&!_GJ2MLIWQQ^x`MonAX$fZt|XivmY{}QNc5E~Mqw`&BH5fldLQfk z)5X3hS+s=z8!6V{fU8$0TC@{gXyxFLTZME9kq*sZl1oSqB56XpT}T%Y=?fvq{oD$5vf>6PYLO3 zA`KDJvqJiSNM{J?1tGly(%4W(p}h>6M*W*a!S^@-iMkkp>U3KMQFZk-$ zLaHRv(?aSZq<4u_A*Aj?dYeddh15$(ZxZQ7A@vc`>mZE{T`IJ*K+}GLJT zt90R}%%aW{O!uF{?R(K_O#B5!*SL&Pksv+ z+V^ep5+Fq_ko>HK*Sp;~V60mymoydX7k63#nX4j}WO^ zNcRaTNTk<<^nj4OL|QDQM}%}ck%B^cLP)m~=?)=1Eu`y+biI(421!cBD5bs(~6*o5Odl@_}q)W{&rph3!mwom=FId z!ekS-_E5+P*^X#$ZR6jDDXb-e~8YQK3x%@L2|$>UTZ4KRhhTu6h2bQSp;E~KGC znnI*M2`OJlbBUBGB!`g7iPTO=BZc%=BK;oZGK~?^QX=gX(pVuqPo&ReJA@P<(qtjc6H*zG#t6wPBp;FT zgya{}d?KAGqKBXln8&W!YA|RyZF%ZII*bw%%oiTlOF*F{(O|YjG)0ckbJjKkQPvd+Jc$381g#j*G46#U(0YTWtwB`L@+N_V^6o~1i;^n({Z`Lq^gM<3R*%wXoO*khIZA z0WmI>7`Y}^5Pc2NQ4`l-ESLJO0$ET03Gp2q@*;Vyg%^^4NZ$uH61#CZ(tmyzD}HBV zq6E@SjHJ(@^oL6N(Sgje;Ebd$huPUJ@_`t|1i-nq619o$I2>#J1$7o_~7IQG#FAk^VrU zuOT|MeO8ocyPf~uK3k?XLOi211N`I)NzZWEJ zBQg*E`v~7g`kRP;p`QLWNIq%*??KknUnRa_7n!_HjHds0xRL(ZuTc5_A>|**3?hUirONcyE9>*-Gr-@zd_lh;~!(aT=|H_~s#A*#}@bM};|g zB#xDC%5%#3?vb#g>Blg2yTn_#IsvN`DGW|P9?jVS4eu-WAwkhGRsM1we!>OHiCGiDTsMYhatgU!e zWJXzD0Cu0PIB;IQF5hm=RD3%*D7@9=+q&S}VyvZO9T(P{$f_~UXRDNLm^`j0)0bVe zv#DT^>wT^SQhEpv?^x#br<8kA%Fke*15`TAt=u;il}d=6ka8d)x{<{9@5s1uTHNH= z_;5}nxwT2uw(mLnOtlSklpYxhrGMV-k>my-Qc$}g6Uu%0_)Exzlw4;@ZYU_S{z>#q zq9;-aQ~{p1N6qdr_{ov`E1s}HTB`pyWqB*?F_cyET*GbU%5rZBEh9Hs1XY$>mRQ}V zs~a_{o-Ac~IXa|;9^LJw2Fl6oziM6YK0Q2(VKp#+F-TEg?r+qMA^31z)^a7}P@PYV zR00-bENUMzM(U|QYhJfV@z1@2JI|_VRI+S1Lb&IMzK*(;=2ptc_O{XFDTd2&G2Y( zT2U3??K*E2v9#6QPYotjsmaXWu$+M!^H$#8H#7yYD694&0qsu2O>GdmoE9Gg-l{3o zhU8Bvvr}R^o2Dq2*`H*O?Ti!vVT5unuz)De*;U!bl^njBiV2)u}(D|Z8Syh=I?5lDth>fi7wezgS zeUGWODcHVozoO>m+lpN$VcQu@^qxIf@Vlq}yqW3YQ6=aiu%wM%rxRxlR)g*KJOhb+ zO;RaZy|Fe@^|QxH)z3mEw42}v6=8pkD#eI!9kyMjQoVSu$6q+wVXf31?QQ4kF-O*XdS#o z^0@(?$l<0`*1{3`yBU5(haChzL-5^Zc##ehqi8;YuQ$UpbXX;LGQp}DzF3Dz+-ijc zXPe;xI$T6>7Qt=Ia7P^;LvU+?!#GqCDcFHarC_%c{1Y6ZkIe8U9lnv^4+(ye;k|0< zIvR3J8)@OBa6*{GBEJyWn(RGmoz{{x*{bcsFo^e4XhZrEY)Px7yVfJZBL62&c|XBr z!!w0PV4#~V4Lh_q|e?-e_L*pWiD}LPg z=N&3qBf*2dFn=JeG-L7EP^yVD5)$puM*#?iDPq%4>0b5867-*X2^qC)O>ME82t zib1E&aVUgv&fHHCltaJ_CxAn!qf;f{VF`-g|{NZ9rXQvX;gY}qRKU_WKe<| zk1glq)m2;F>FUNk>iI64>e`HlgN*S{4NOZB>U-4*sM+@#!z<0{lils>X<%U^`l>Xy z?_7*F;bLddWt-R^+M=1~eD^?VQvq?H!qtQQb9Uvy@sgFy8xU-ZP*CW@VVuzbGf9bv zm)KA^8SDr9J_0`^r7|74H7-0ql26TiL4xZ%v^-iL?*`y0+}-w)R9g}q7dR2U4*fw( zI}!Z@cEC&5QHL}2R(kNvx7ocZ{G%iqo1XiDa34>#DZM9{SvDxVZ?^xaHNrT#L3Xg|faD`lzjvP_+Ft(uiljO`&O{av}SO zKF;w9x$)|O;vLos`EIH!?^e7WL05xamckkU$BCu}kE>9VofvO}Wuhk2YazihQIkoJ zP8KaWpS0xRIQN}z8>2hq%~=XZm7-;H*Uwp7H)V{G1-Y z(|@fk1yz`aILvA_%Cv=88)^jG)rVfKkzSpq-H526OQ_l3sij9)tL_sSs74|apptx> zH;<@x%Gy9sLp?~hr1zsJJ^d&Q)c2H#`p)`vRwS83Btx(A^qE8YbR+B27eo@;ejDl2 zjiOJ#!qQvUr#}P|TB=j7rsUru$}_}7XfJ5NW~CT9^3jxHbfp%R;+9L2MY0%5v0h=h zNl3a6l5V0DcSpXcK&%vZpiDM$woySbjSW?b#+yK28=WYE1y^W-dZPmJ|HPc2crT9v z^q68}@f0YT^)xmm**!I)Wh!1eCr%?>hJ6*Xg(|tyRvaTgAh)ATV~(H9BkKw4@ed28 zu4WB%Ff`Db4SG^|`v=Fnt8wvq8%|=lUm_J09621pA?$JVd0mLj`Jm*JsCiDs)|IZj zH^S|xYK&Fh@#J;VJgU*0h}M2#jMknM#*t~R5ItXmdn!H;qKa_Ko7fbJIQ{`gc!r_L z2cV%xD^ohvoub6ME;bbS@SmYBr|B=iY8WoQhB+$_(AOfi8`&vOw4n0XVkH9qSW`q^~ zp$uVMy_WR%LQ?8y^@aX^;-m5O_Z7ED@mYU=0gmt!_R>bt*KLR!4${{ZUuTHnNIlKh zL$S{8hJ%g1MBr<5n3e5I2_9|^ov*{JY@bJPZ!_FehgsRqAUMSgx6)yi806s1fI}F; zBWdphg&ZWwwQmUizzna~VOF-^A@~I|{Jajcvi%sr_n6^w9cE>FF2OgO;hS`rmF)=x zk7SsXZ5j_v!#CEYFMS*ff=eE2XbiU%)tmbs#wFsGj5>=IN&tQFb0!sUqKjZyo08nZ z`q6rnw~0R9R2g@e=e?B zTq~zrFS=H~2d^N8dqjDb^mC|u|Ehitb-Kt`Np%ACya>sVstWb|Li!{n4(fS+`RlrV zj+GU9y(&gO&ktl3cN)1e!h(k3-?4XE;5gZ+ogR=_397!-#&~ z|ET);ZAaD5(cEVJT-rOLpHH<-ERc8bqLV^jDKET$QJ|l*e_cQKqij+A{C>DtKWA=Y zFS=(i7puul^z%--em>U{QPAIG1$`GQ==4_4i4ZcRpx>H6x@3F>9sWo`=Tw^{=)OOE z2B&Q5FL;v804cjsk9ajMq^)C*tCt~K^6Q3QN(Q5i1!1C|Io5|H)=cs_ zLSl{j;ON{EofK$`)=Q5LVj@m-szitC-J%_KaweNZ*Gr(nw>1r(8WcD8zB18z-Ji z^t4ms#(1uHf|*~AapwprFQzkbVr(s*AJ$`h8=hlI!42}`5vr8cd3uZw!jmKT@@zB+ zL^fFB&c9&JhxNOB==(4#A8B!H3ylZlB;Im@PaZ=&YVh4!jG<&^LAq}}NZboKLM&`>@6T9qfcaVNEXlM?&Gu-u7jZRY zwTr0+!*haorX_Q%ziY3-GaaVIdHjaAuc5kufE`P$-f0I`frC%dEYDuIfPSp5R7YU- zCVXitu?Zq0JYKt1(x4eC?eWT+9?x{H<^2co=utrr?r=E`N$i z^oS55`7;qoW4Qp;LLc--^yyJyN&Hh_*_~h3hgQz;u-*xZw?BG8K9m5pD3D~6ULAbQ zX5oakg1LUbpV}Xj1?|E^U>YN4np8v6A8gY;tS4St%c}s?4phgrN7kzx z*p!1-;Mvi@H@k9wn`s*naPCUOfpRr_zj6K?;|yNEarocY24nHpUXCpUcRH^Y1XEwc z6af0w!7kH>g*#M?2;}3LZ8P;uHP~SZ6~d(k&v^-{;64i#3$Ls#TEo`eH=%oY@!HM? z>Z~Xzirir-2K8weF9ZGk*sOtpM4Gtde&GJOh8hCx-^%JfInS~i4_k*#26HP$_^0kl zYoYE-7a4V5eK2m_k2=tD-6sNL9aMj1ya%}>b-(dMOo4)h=;7z&jRZ7(?~?UwO&l#_~j7J`D~_y2xD7`Qh}*RR6zb z#E{Rt$f*B|TBv`Lq*VVE_~rUXh(D$&skKSvrwKhs61z2Bt&`kn9B2(xjYqckX$`g^uri=nyPq5>+&?Og+9IPUZYR% z|1EBxzVnxs`}A3iMdj%za!2~~kv1lIT3Stur^CvG};iUr#BO+W5PBQ?_#_e5%BJ!9p2*v}>QZ7sj&0)jzT!y!6evR84yY{u*9E*XOMQkOxBh7J3YZkGo5fNLuR&SDD^(Hx) z1?_NilXPw_UwffFex>$kNyJ``gK;ckd#FuC?8V`p(YoOI8QSAlYLDX-xer2MPP&>k#rsq2sOFXhbZA~#j>ZJ{N&GoWB_e$?ZXm;aTw&E@Su)M!NBe)j*FyuBat z7Fy>(@GPbzNqAx!8(Mm&ZK|(oPwZ{diL+Qo?Y)OOF>c>pDe7q!v2cp0teEX@+O79v z{Y~b2a%1C4eb-O`6z^il^`hYGHk#|$%f0*ysVZFmN%OGmyW8^p7Pugy{Om(n=j6{bNZnA-evtv{pw*|5yV310!xk|Hy^v zfgQn`68KSreU|{$wGTeOV$wglV!U>CMQ%j_`4PJq6>9EA7gp}OJOJu6bPCi+)wHM# ztO%Tpr_jl^66@z*$LQxN7|aWxpQjZ0mvVCv-^pZ_`R>KLTjIN3#9-#Rk?`Hi;iK~1 zM8JHLR_D7Ca(i%2$9pz4Ik=4`%fxN;E8NzYH1p`(c0jmo1w!C?cau&Y<+dzLy<@no z5!~j|xvi3t##4jdYlPe0g*@Tuk}{vHdl}re0^GJT4!5O{AA{Q>3bfiCkGOmW3%}sI z2DNGrROf1|f4}Dkd^8f@HHJ#5xjj3e|8D7TKC+*czmoWGC9wneZv~os1@YfXo&Q!Y zW*~nB@!tyKzm+=wt*q1$;=dKde=BwVTUo0k#D6Qme>LF0YSw>0CH)sAE3GbpAF$#I zpy0nBlKb!0`LEwz=!^ZJFG6u_pNaz+q%Z#D-VXMASk3*~g$ZPr$8`2X6`9!&_BD>q ze~krY7ZCrgv{3_+CXSiaj>!557P&&&`&(&o<1w2oka+pm>T2f*th8-HAng&Hb)%Jq zOjTbZNz<1|I4Wa_#G}U|Yb0KqERt|6yh<|WsIeHUBt!IA>XER$&TFGzJukda((b6S z7z-r_wn&L&rNoP^!ALB;R#NkLyb_hJqxF#3{h@Pl2udrP-w-)3Y}n(;;SYj)UB5pXv<_7z-)16o5slMr|LT15f^74gfYg zLm(EPv$X3qiX>TWie%8Kk5p{NW?FFgqd%2`lG2{TSp}T)&cVTGybXiRA|Y?U`XOHp zH&%-j-#C;IF0NL^cfGi{sTAJ~aq$9~;-gI^_#{bTReS+)JuI$=#8o1$r^PizTrZ2O zSX}RjYoNGl#FZ(o&%~7?uC3zQiyx#H7S|?m9S~QgxDpWnIa?wwMO+o)>MSl==R_>M z#Whh}e-f7}uA$<}5!VQDWr*uCanY(3V!1|K8YB^1w~C9_YT&w4Tr0%2KwOK(g_SPK zXPLO36xTFyy&x`9+z|`zLXl5etc7c>xU$6ciMVL78Q5lV)kBuRwNqTR;`&8gv<45X zQCuXu;A#u*L<$d!>lAU7h^q&?3a7x^S@Kzo&w=te5TADW%*5wK@|l9qG5B-@hH7tb zucOUg?ayFZtg3PcoBSvzCv4_@1S%I0?!Zn#gypFDSEVNvgRK`IFOKoDV9?`T106S7PYVO?*5AQK7siy*?r z-dsUcLgomPiErfKOhIx8nIuSxAl(JYAVd{JSlyd0h=q`Tf(YC5x(Dh&0~=}`1d%S_ zJ%T|L$Ob}wN25l%gLj`GD+s9-M7oA|yC91RsTM@KiT7(k$_QC1h;$k6KLwda$Ra_c z`*^Da8B54)L2~eoI(S2nJVGW2k|D_Rf@BerFNj5u#|23vATnEw(y|)Xpo{(<^kuK@IS&(IftPw=Ir}t_>9wuaoAktO6Sa77eE+OPz zL8RMy9fC|D#3hJyVeb$@iV3+wkSu(ocKQo4kdQn<(gf)#NG2h@1gYl^>g^;*3L&Y2 z)C$s0kiBqe`~SjqAl=_<6=V}3n*Dd|j`)q=GqA~JWIi(D zyK6cBmo`OWNBp5!Hj$zIjn~a1J}yIDdk1aWv1Y;7p{|t^>)PM~w6>uTti~>06NO+r zx*Vj3NNV2=;;Lnt<#UT`y|_xnB~sWI6xYLoJtD3Was6FfB4K^6h)blZj~=B$dLl`E z?~6;Mr|%1KiNy4MFRs1#!DzEvT${voP+XPbN=C8~3FvDtt_s1ric2J&FI!w9-FySY zB@)eN7neveUy-;(a``S7mq;t$b>h;v-}-J7*9LLT6_-dN9~KrUXCi%k*!m<_nfQE4 zTq0$BFN#Yfi|;LQi8S%OCoYj7zK!A%sp0!hTp}raA#v4mul4;VE?pt8^3c6NR|wjP zOM1SqlekJGTu*kfLeO76Ng)^{pQI2BlTUPGpHn_lV8YN5n3thV#W`&1xzBu8*BJUU zK!_Sv3B~|G;f2w>56Pg%DnYIw!gSt%AbXK_t(zdifZln6Y$7CC5Mf5|3_&Uh2`}Vy zgfYF>3$lceje-c1ddCS;LCBke2*Y|u2{N0I#|07Q^$rtcA|W0@2I3o%>pVeJLT(Tw zQ;36ep`06~P=y(bG|A*8b)!uZ}31ku3UnpF_#1l~g;@HY^$6M{O@ zA-q2evVxF*3L>4uyG@YAguEt*bQJGbf|L>Rh#=BwydMfOjgWbQNC)z+7Gx|T*9nq? zZ`96fg5(i0LXZqWo)aXCkp6;L1o^8VX@s02h;%sbeS*}}aCijL7$ud?=k*9uOUO1s zq$7G~39_D$_XUwo>AgviWrVyeh;&fzRf0TB$b*7NXZ4N|q=b+=1(A;HEfi!5Ay*3` zo!EQ6AjO0f3X+9y)XrIg3?$@CLDB^2AxI`6CkrAS-Fu24DTExnm+L?}y|=9(d(oA( zt%B$(K_ic@t2Ytyo*>J(!+U=bq>_*q1QEgD-6;sG1PcWzkuaMDLCaXQS&Xns@ClQl z5?muRQVFVsHc=ZTG*SuP6`HD@FEq#!@9RR#(RvGwW*N_c7J7jIws4kWbz|;)K-*4( zF6PP^+97Nq5alyau>WL?=UA-3jp9b_+cgMk8m;g7tm$Zd(Um+XKfS2wXuT1u2+%1O z-P~lf&d_Q$>5*t>zR2TnW|Nusm;ar4Gf#@l@cnn@{U4cm=Y1*K@g}gNG0g5N=ZdeF zA;vuO{#1}!LCiDn6@si6#60tULJ)nJHP5`gf;=o?%royB1t}54Jo7FVL?33&Gw*W+ z(T7>{%)5&q`Y>yrc_#>>53}Z(w}z9a7!>qj);#n6SdhIk#F%H^uM4tC5IS*y8s%a3 zQ9&vNG0(h91X&`8dFDM?kP1P}GjFFL`Y>yrd7mwabeWi$cZMMPFl(N9H7j^y+PRaBL6PR)Y1$j`&a>+- z&zfh~`up&(P@<2=EzGZne`L(BU1QCo^_CCyftD81N1s5mUw!fXoUeFr{_Q#=ANo`} zLpy`A!pq_ne>V@#m?RIqDRz=PRONdr+9~InCdsE_f9k)Jz62!|0>8d6HZ!h(3CoC&|@<=%crJlDt$9ee^a@ zk{1c0kKX1<@@zr$(c3&po*;-mdYdQ7`GV-9w|SC$h9LUrZJs2j38IhQ=1Fp0Dc6BM zdYdQ7-wINhz*8;rBzcV>`si(*Brg#}AHB_!FYl5`@=KsZM{_!VpxfVa`0L0DcuipnGLBI; z`LPMczb;C=O&N#L3uFCFIl zD>rKPx=O1%2e<40?DSXROn?8nXqie@o_7%bd*avyj)dgybML{`$)Lj;K2HtYXTf@; z>U-aHx*B+hmLB`pRg?@qyQixI+3C;SH*0^mP5(Of-I{K>-A8_cms*uosqH;g&v_1J zDhnpz+!h@fy9!0SCbe9(ZfyMCQ=LFrQhYC?LzrTYDyaQk~{1A5O;a}3jzj3ti_r`>u50_pe{{1-Q zq}+`SMo`|QGDq`(`ss+g(=koHWVmtGp0L}$KQx~`bA{@`>8gLT;FI<6_fcu-k|M%~ z4m1nflpvMm-ZLrc7L`_zsfyYRbe} zv6-ml!b#tpZbc^G`6G^-8{J(%ZSeu3Z_?gasWYYj6s7-V=tKEwi|}xLDlU2}GA7Nt z`CO#P3>FxZ4S^BD%Ti7Jc4P|67xt?}{5Ej(T=A#)_Y?DWfM3*!z1-Q}8u|sWo^0r| zW?n;}M7%y_@>&}8dLlJuCEO0&I0<($%CHy4dlc^y(48XFkfRk~G8n(%Cd6v1B}9+s z`M>1MwaKk^&E+UyjY#@9Md7-^6dbI|!LN0X36JrAiT4`efkdtvSU@7AJT+$p8q`v9 z@OIaq_$%Dg@YX%n8|r|)rIH$gughHtc+J7Ee{!7i-?Q?~!^m4x`JdF1{PzrgwYmIH z3dhL*K8Y%cznBKsu%zs0X{{|EBhGsmCwKau}>_*4=3`R^J0 zm;aIcm+;3f|Hc3D%l{KXiU*guq|9Eg%MCMWd zqeR{S_f97HugCwNk^jW6$0Ps6|1rvc%K5R&f6w4oj!FLO^>M87pS&Nt{6{AKNdD{T z|C{7L3yfow|LpfzV~sCvWICc!>ITm&kulto)B_-}sajH1%lNzVQj8VRj*y{wU6IVp4%q zxz8q%{T~&#dSRAFNrSbsBpY3LZjZaod1*+W<|$g*=~z>YW8Zl8YMDo+Y4_fC6#K@v z0i-#M1Ky$hcqv+Aesxs)#_F52`q|9B@#ag-_KolVldM(V)IE|(!@hC-G)Z{Fs=7wh z7YrdBat6*TPhPhCJeWasWjfCv@Hjqc!gap>z*i_~CCcQXw*|?T@(>?zEe9FLWNrhk zl)jZ9?|0#Gz2}!xZ6{v=FYq~ze4bNT*BD+x^GDNta+sl(O;=-vIE@05B}p=DLx+%H z*k;$;6xmws9Hei)>-IV5j==aVdjHN<#Bbk?H*Q~3rT&U0hiNLB8$Qob#J+v^gSPe! zjyUr6oriqk?YrrH?A3*7^ALAVUU{E9?{4>{i04qF>m+;GRptnKhF$j3!)ImU6+Aq0cX%;kbNeXi%xEgE z(Oj^R=7M#O7Hk7j;%h}X;4NQ}OqoyGcHSHF>}9v&oj&(KESzU( zOIySKLcpC_6ucgmuXbvW!3}d+1*7}FKX{%}uwGeJW%n1(wwKJk6bu2Mc?hOzZg>l) z(I*=J(8D9L?jVZk`R-k1p?_$lwqU39OOW`ZD3SMZt z05!fv``F2XqkIem2hkupZn7MU==h>*v{#~=Q4uEH9PaK#09|e^3f=(osI-#e2#f|#!$Oet%OzGv z5DOQoQqbU33Vy;p)I>G6Uhx(nkRwHq10eJX4VfC0Lw{*9`CjoSJHwd$u#*LL+0^}s>F+&^O33$L9b z65O-OhKX^-_aq`y{d+^-;FmLHO@MI^s)GbexR5_AiQx+*zt->x{E=j3&gn(f&+O*5 zQ!@tDM$7y5vex$MB&#JvGkFQ0M819XNY?59WK|}m$YYN2aA@e=BM=(kRY$-98z03G z@uO47+_WXM7J<~@@W%Y|;ShJ#2@s4l-l+cl%JS37#^d9Nn*Ey^oRElGQ?vKL57r)G zSX>$Pi|YSE&8>ESmR|!)pZx)$EWO zyae&>R!`x!WbSUoH`C1LwCX^%y>SO6hR>5M3B<5q9Pe^?VGd^{7M@Rsx;WnJxbajffqRphUO?as>j3|MrVBZD%~Tcfh}QY(W9cy zmsx(&vl+4aO67}?$yD7>fq`{>W$>#!`fA?SV)Ydp=tt96@|Q*Qm4mNP6ixM&lPNKi zUhx_E`j_>U2PF*}3vWcqrg-lJ^6%7FZhARVu*|px8?-dGV80_jqOZ`xZ&Q8cFosuX zAsL3gvI}l|prE*!x^ksiU8#nzh`QpefFklbg)5mm-mI=HHhfKly3&h$-3yAYuFTjG zRaeH6Mshi6Bv(RRVaCz!$6akhW4VIxafFW-jYYgngBP>XGVMB1T9$B$<0~z@PrPWh~~d~s1!X<2^Y&@s$+GSizWEiYahPic7wR8m@Q z<<3x}U60>pO3QR3C@C#}=VETvhQMdccx9R|l(99xK zlZx~f>WQWdR_;>KhrFKx9WVN3(Tlzp(QWBG@E7N^1}upFOZx8|4y<=R+|tj3nnxQ_ z4?NG2M%4O?$sZmIo_VsprXUTXVjiN-LDcS(!{g}kE7TUKMoemw+U3#IPHZ8yUQJTl zL7kscYlGA}P-@{6JrR0L7^?hS*p9yz$6LR}07+%zNvb1Im?_q4QL?}30tCj?^7vQ` z86im1jS&2-jR8zD%+QHvklTZctlqgeM^hBME(eNQj$8t7NSf&|n;gh+kYNM_*3Du$ za_eT|26_?9@9&Sf0lp1YtQ%(Pk&2G&|CSAhba0SWV_06~-ADH+p|NOa*zwIXNMddn z*XilV8fxNT7iGS}13n4^+XKs>rM!+2Jx|U3!fbmWObr~h@Zs>(!hrG=Tms+IY`8Yu{u(p*U)D0C&DOBmL9pzV~Se7h`YW8~2a8!6O$e zR`rFkqxVn~si=jjyl4-q2wY+zg9GpB1_wg!Jv5nx8bE@`-5T!z6qKD~3nvx%-2hbe_7&wB#->e- zujc+Tvj-R-ODf-(7$55ZI@h0x`7h=>=td{1!2)_Uzez-Rch`A7}6?*c#Md%KLzUurtG6B_3Yo0g34!WcDkLAACdh#CHvE0&{gr? z0teXe@6mpG9w=nNk^1Rk^wVeJ^ix`JH~J~r2=V+--;$9K#d9X|4MQOh;m0r(@@ZuK zjO=?+e|>=ZYX$ll87s?wfch)!eziB7DJwxWz_NoFG6O>WRm_wv))BqGR#1O6nJGhm zt#kEFYGh4L5GBWhL6RbR}pr-`i%^ph8VdX$mS-^I#`Obv1~V#LKQT5`j=_Ek3|RC<)v`PTx0oyFDDn&j z4q-s$$AYq6B+agyB8xOI>ItoVkM<*u*+PuaYSSoMZ7QVIrcsyDK$zM8Q!?h9q0ubg z;n_`#PNQhisgM?(Mq$wjmP%oPU!wy=@>(6QI^}3Dk3;1`&)NAbX-nJEa?_A4d1%m_yaxLIl)i29T}|H^ z^ofe#57RGs2i@>OOfjDo6Vq zJ~=!O$yzd%5G8#a0ivS|_$jKNMb?){KhxKjV0aOxi@<`8z_66iqxdkbFVTVmt#T}e z#HD$^_cdA-2_zN;XC(QnO24P=Z(3E#AAtu9MnIVwlLDSvs4DsOSYg`d2o6u>6{a}| zhWF~yc!g;Y+90yR1Z!X8;kE}_*#jd}?fw(({^79XIvnxgB`^O-JYFz7Ei{;hk>+bl zxRe`RTcSN;%(?G{U(=ksz`~15bSTkY4F~?1R+lP}G|zSEg9=J!8^TwTPb~Ztn3k8y z4WF;-KFMf1=B8K$O$zzr$9}dEhCV2Ex^v25u)cJO9){D2E-(=TbB^eP!t^x4V1cPS zzOle`I8b=lnZ4iDjn|jzoc_)E{x2}tCus|xu4{zSnPm6>R3WHTL(hv=TVi|0goz zll>*;0%}z_!5RE>D&2s!sM%kuo`zJ4(xHrkiQvy@S?8mCe**FxS_~gtLHfc~0WDlz zB-NZ4w)01#EL;^>^@Xccln`nW84%4kEnKy=*Ccrmoh1}T5hMy(yV?x5)4w&|+LaY| z0H_}jGt1i5m=t<7g5!A_;jp?^M9Xe3fMV#M&Y+4~$b${oX}HMt0oIRxLHW;S7XL=Y zv7f3v32N{rqx}1@uFB=dGSqKSLYx?QP<~h_9$SxS>e=j+|LbTMhVl}y_^}*SuV(M1 zMP1UCgSVv8Vk+trLvcOgOZp4q!~0lRm)b<}!3ORoXYMcPUgl213Q@4#+}x&}#I!Q? z4x;7dB-%b9Ui3YM4?g2X9Ro{K=8mDSIk`tm6(@u~foJl^UCmfhQoJNen6X8sxQp38 z)__Jei_|p&9$llbIMpXSDS{eNxo+fWsBPhcR;SPh6T>O^wZvbZ0v9z|p27yAEKlV$ z@bVO5NZ{qE0;|3}1@@BVsRC>4@>C?~Z=Lr-TPp4e*DOjB+J)o-!CQ|I66Nr1wH=!__@c)C(n= z%#RakrTf40V={~Of6e?jP#Ck$$kXF1k1{oI2EmZrzG)HzMlV+(ob>G9xyWqRCt z5Ol%ASXRM&U_7SBX%OLNRyR+NAJmg>f!T)xHcyWylbffa%3O6P$>-W7R_tZ!OP~=l9`R@&&LxYRr3@>|xlU zo%J$!C}F%PCTG4v>n`Ga1S$4`l8+kXqtKL(S1LFkli&q8zJ`1brhGgZoo&c{V6C^r zJuY+$VvVAdU$WPwonYW2o8i&&yn05H^6a}WQl2gN)XOvCL1~lMZip$*uMRHHyYQ$@ zd6?^!$}?+Gv|hizkIS&t!gqZR~^K*LB{9KI?di{>Xr=Fj89+3R>h|SNn zlAkjvl}+dI>mllB>XZ=^mhz^7gxFWfKnak9i|@Y}_R8KvwBkJ@^$q+TCi z;gY4X_h-MC+h>1}>*E*vXdj{G;?&2R*X#AsP#Cwo4;lED`1mXXUlkv}%)pj<}6om`|bn{eREu>UvvK-#_|8A;lE+HIWnWaVU;#ROYEx0SsoJs zrN{WTE{tn88F9Tzaa9l&TCkoTcQ3)D8EsaWxi-pj6>4z7G-x7NzLEVjxR*gMHM?t@ zxa*s^$r`WOe^#u!Fs(^?6Pu*BxJi5)nz*$lZcA+Z3o^{^NPP@DU9Ybzt~1wZ1n(iZ zc0OQktN8_y`nv3&|7+??mj^Q9jVg~wfWi3GCBXA6*S2cyujQIDB*35ZiJOLWhDWV> zQA7fKfmi4a2{5#rCBR-kOMrd&(LR7UF-w4$^gn?QT_Ufy~cJt(%1F|_L= z{&z5`Y?QlD(ycG!bPwW3`xH40KZpGz<2*NM7+Znp<^2esdV0B%p7zwFnDYK`A*cHS z#dfKrOC!*ArgT3k88L7e6}W^KOl$A%KP(zNO`}-r=Ffe($ikKI;On)?VRpA@Tg6e zbg8^1?es%pEpvvrt-2pzD!~s7kUD5MundtU$yfL{I2-;DF!~F86G+` z(Hx~N|3MS^-^@SDpJ4JAgCm1)UExHlyK~(z)#|p@4a>2*&#W7kVRfI&5j;*Y1@4@t z{g{WnE%K0A@2HJqUV>_jo%3Rjvdob^YfKfX!& zEtdZ(qx?f-%g@ee`PmsQKb%tjt6C`kcjw2}e~aapn6z|6B;_XpmmeSI^0PBqes;E8 z{_RcDZ?XInjPhR)TYh#%%g@ee`QeoEPiUe1*ELDM#qvu`S~?<<@)Lo}j}LSC*%>WA zJ6kUQ%}vs8vHatW@(+nEKRcu4XJ@qha7y{dw^07wgO0KNB_=H$5lQ)pz~#q>x%}*m zmYaQczB}~aX1HlT8r#qg|Cf&Jx+4DpeuX~JO$`*L(Iyx639Ak!I&wdm*^3X|JYm6F zpMQJ`ZY|)f##+}bv;}tBw2#lHirf;u)#3lVDBwZ4#&)^>Jyx~^$z928ue{#!qGnk z_7c>0<-4()s$8hy{J2`B4RPOylkTU@%CMKb%h9`WdS`s5o|qMz|G~k#DH$sApCE4LhoK;w1mi{juZyyY`oPwEq2Fk^h#I5Z!j{Ux`Y}U8}HZ zC)Cz=6iC}J&|(=G?2GFRT{hteo*vWgn3$XtQ{Y@j;L;SFs6r8O*6*&iR7s1VTmUKZ z_j4c_hkpVrqtv;2ICFQna2n%4Y_*2+(JXrYv8)?&MxIXE72viXRFuD6nPAaE*r$)2 zhr(0hY5*0UtK!y#ns|HK5-aXJ1#rqEKc%s;mh}mYm+p*+ykh(4>0a<~FuCp&gWSwM z`Zg3E%%F`M%fI77e*+<6?=2V;Uz+xwhjl*fOvASezDZw*;SX4iIN-X??*GU^?{pv0 zp5#z#@g{r?Rk)=*x!ql?;a#T&+WkHkTA6)()prK7vDLkWVMtG&B*s7^(lGmT&cZiosmIGZ70kW-8yQ6mO(_&w!8q1Lb>n z4st!k7b)K?JmX@_GQOX~AO2~ueGJQd!u<>`Rb6yMvGZmrmxd|Oojjne}iH!y%WW}4BStf=5z%FjXntmPK-+V=uWPbx$p+xcd>6&U#JjX zWBEB+AH>ov)y1XS+u&Rf>~(kAZrD)S4<}s4r6?aNijKZ#-!4hxX&Q)>Cvq zDu!3n{mWx6|6TFQk64ZJb2_H-8gv4 zp!7I##{&LJmhOi%lAqXQjtci21VtgosDbpZ92snP(h!q^6563qK?bKgbMb(cyOXE> zboXg`GltXc{=PN_T(}>>A|DDA8a9niWAZ&RWbD&fD8^hc3!-@(+_X$PseEcwEb?A zPW>7;Fk>62KV|bRaBdX7W}WA>hRF9>crJ0T;u%ApJ&hfe1(k?qSTJd58Lmn=ak!$rGk2Tf`vTO^ z_mqNvpEEn;%sn`x$B1BuvtrNKJN=;|zgE!yeeF3|wwGh}CsF1w<$zYR4UZ&NLVcyP zt2#yTzDxv9W2Q3yetbD|YiFeM8=v1etv{&N57gXmlm)i~De~9jPCzYQ5wBJG74c*& z+(%v!pQw1skUN|jptF~b;H|hZvVAXEFW7x1+?e8EoX%7||HL`Lsq`Ws4Cy07uJ*j| zi~CW(YwN%)Mb;y9pbnQLF1DrBt+BdN)c}rHtAUGc8Q~OlBOd;Ap+=yt-u><&+9OWG z>ELAKj&@HowX6G~mgu}XE(&DRbN0sZh27B>u29mF`Y376K4~~#e+HfJKVz|ymft6n zXgNe%Mzl(z!NzdkN{@7vLy=A9`%uY2B@&fjw37 z@TZBxkbeH4y-Hf@AjFYNapWRA=8O&Q?M`cDQEt7fo6~CAkWiMlEyENEw|_lrt&ZGp z-FvFh8rGlfu#!mU)%n3ioL9dKr#tteM`SfQK%S;OiYE;)9&&Ywxr0pYTr>+w#uK59 zL@OsMpDwYpgaZG673KfW9ofHv|9kU2jSVsUpR|hfWT$_-T6F|-s;_6B8J^7Eo^P=m zL_N3gZU+_XssN zG@~cp`*vD?YN=2B@PoqU)hhY7Tbj&gPI)bTwA$+YYcu>ON?o92`@6OQKT-=>$2mek#nA;h2CpqwJ z=taT7Zve7r@0=0oF&Pfe$CzxA1#0dG+;?&hx$tcHR2$AUZ$}n?JZ$u#AG8uE5)SKb z2X1T8c~kmFT`48fl`^O+rA4|@Ds`n7zU8izg06HJ0puV;$3CcDn$n}7&!do$uJkGT z&;95F_osn>7gnHOEL;qhzCV*_IYe7Vv`V7o5v`bL8;Dj*w24HUMzp=){e|c(5DTXM zlX^e(8Z@IL*n!Yy9SD)2+oYxDA`Wz<_Njv+{Rcv=q$qctt1D*Z9%H{S(AH1g2iIZN zCOLAq8t>(zhe{91v+TCx$y}V|zoms9l%kD&#^^zKc8Cw9WN5!;OAq=8BW1J)$^5l$ z0Y3n$__D#tbspM}#5v^w?4Zp`IPB~Y8_K>ScF?vakjvTeusFy7Vx6Z%9JjGU>>>N0 zN&_ht#Ltd_;&_l9nc|?E<#ishZR~rI9eeQ?>A>I)kWJ!vj~$ib*vO70;`ojo*fpmx zA$DL`CC6{INGrzM;x8lks%JcFHq;Phy#ae;1K)4z9H<`fNp`PaZeA( z3USa~ggVb+aa_#~u?6hAnH|#vxt$$j#o=Q|o;Vh=L+twc9%lzH<0!u8*-;NZN1|`A zqgEVM>{u_3f3kzt*Wm4Ic04SO?d&KK$3Ailn*u*a_zPBceWXm*4TEi6pTb|6_@e#b zx?$*WzV7&fjihm*9n+zn1m4MnTYI!Ol~_tl26b6Ku zysrtciGWcI2xEDl6QGiSa~TjO^Zr$UB?NS3Kp4(@p8ypEBrzb&=f$;g%GGQF!o4WF z!ie5k0!$>}Qw9d&6QboN0aOCsVjxq1s|3g)U@-$J0*nzLgMbAL2;+JS1+Wls3j@N$ z-tz?@qbJ%W36iz>iphBrrtSQ+sGucwT)BBNb}B#+A1bN9C-H$N!4CpQYJ{6 zkaDz#nM5Np&M#8H49y1;ONy1Z{CB*8=mhN9&Z}DQOP$6U>%p7d3cTFSUIuEgs)z+q z418ap60!96BL=f9Z7fl7E= zqsP91*V2|0v;CBRnP0JCm|8q)w>MGj*-Dkf>M$dF!xb;}!f?&_&i@yMEKK z@VNl%FgSmj+?^aKZw0N7ApIe=63^9$r-Iyj#66na=A|2|pU{V$&1InYD0t*NYUqV# z_$Ou@{#$o9Hc?MlTM@dmng3Ut__xORAJNSJLbHGUyw~H=FxbCM;T`k6N>yRKr?PQ& zYt+)X5RBF0c3F+49XyrmZCr@V7U|)~A0_G%A@D!Y&}008Tsjcl>E&7 zm!I@sE_R|-o~LBz+lrNJr){E=eX(ttlKq&i1gMhzjEyEDO7>FQV*Y*IMgxtKz0y{R zUlq%US*rhHTMpTzhG8uj`*7k*RRdj@j3I&E7Lx2uB)#hYuy!W!Q54zZ&x8a51Scpc zoy z%-`qvVzmX^6)2`+eG77UELN|a-NixAk&S^!v+;jdh-Z1q;tr%3f9AzF@iKZ4Y-cTB zu!j>+HwS&a9qkvPXDYu^-!(rhm7U14i@Ur^Z)c^CNT0sN67iGLr#D&Y2c=I}uC4Iz zyRK>LpJ|nUFMawrEB(3j>BFq_yV9qhV5Lt?pWe<&AJHmZ?5%I$&>ZjG_4Gld^s+7r zw|Y;_Z{2rXolK~m30q}pR_zk2I0jjYb-jR}%DxCWaX8Cak$M$r5hvkFiExum#Uecj z<)w%fZ{6rgTGa716$NK8vs;iae~L-*;q=2K(%w&Kjtw|rXt_|`TPr4rFhg&x932}jhx+B3`sE`$af5Gib`oa~diKuElo@FbOR0QM@QHlc zQazw7{7a_yjs`ya8#ZP6JzH6p=|&XL0I7I<*&9;8ss8v|9H_>rWfn&5OpK^wyQ-st z`%%0V?OYz*cV`MT z4d{IhsP7t(RiL^#Kz*3#5T1@eWeG53lC$rV;X_IJQu?HCLu($E*DZJi$D$B<7@f{B zFH>@i%P^jG#B$!WUxQ$+Fu=^RIJ01O2t^iLBB4@*80`0xiqg^Xc6>B!iMG~ zmZ1^C^%m5^R0)T;KrgAk%v|oP7A=krh0oa!Rh^I#9IV##8(8x--cq~h!+*zUg zh#w`U=JK52f5`po;i`>ilDo3+HeKLmvp_M2j>yJ(w7RXXuZ*zVGUAu=B5&I&+NNSy;a%?{A?5^Pul@8G$Y z$qA{eyi6~lKF5KX*rFyE$an>!B2E1p1s@SWktWK%smsE@WpN3DQWg8^I41BK-l(&y zZs(o4sy~}m_0&~)YtK?;(p0yM>TFpQf+nJ@VwA8O|j^3 z_b}rTovvp;%v{#oV8aq0fSVWF@Yz{q~C=uW+U$S1#I?q{zR!=Qw4AXh zLIUK;A{jyyA-H$=j@cUU6n^@yOZJ{qP3YY@hAfY^`0_%i z;s`3M=D(k&oShTQ?Yl1Wi8eErBjF?R=~ehIsXn^<#>7|BKbZDrpQ-1s`Vsct=y_T5 zP^{0TmK+S;gNfdzCFyA)a;$&#p^6&+<_8wMB_GB1 zD;C7E|ImTM!Nf-(=kYq{Ir5{7z(YE7Fi#nQ8Jw-AZNOz@-qTfqy^hSvl@OzGgPFgS z%T>yvBl993@A~-I_ez_Ww+kJ)YxS|Kn;S-_A-{GyJWLhA47IEj>ec}Y%P9MX z0#KZ|2$!fDX~57r;rSw;mdQ*Tgj(5BU5IZqz!UIR{E#S8kHKzK%abo7)Qz7(o=|6g zN~pi%QWS4=vB$_f^xv-_)10!?C@=;dV+f* zBTjWxuKHVd{AWdEnTqcIScjO2V^S%iCNcIBUtfD2L*1BXkec~n~H`l^zt`QF+Q%XrNp2ucn{^+ktk#j9NlZc?>4Pj^>DC*V2Z964Q-gT!f) zWuAa%r|ky41B(H=EfCpP7BP^Nvhc5XLl=O8zu}uKq8*4e(m3QqxfV6tSU5K`)Df%) zu|U!v9JGU!IL*mVMrx{-ipW={Bb0;>ggoECOAB(mh#;kFZXdy^C*P>Xlq2hwQ}wz( zsxVHx483x^b#ik8wVukvu*e{!J2ftGWq5BO@`OA!4I98uhB{QH^i@xDxkPRS_(ZHq zUSJ?GVczgyUO6vqSU|{CNqw9pw@2JcoH*S7+z$Tet!%W|5#GQh3%fm9-pj(PL=|WQ zyGkn1n;gX7#C$6?@>rD-yq}*yMz9Vn*#VWOF~}@?1@xxVby8^s9bZO#kCaeeC2>wC z$Ln}KFnZNXK~1k$nH=6!bvnWdS(pm%2s! z|7HR)o5^AGax{DeH+i@Q2Q3>wB`0)7cse%mRFF9}aZ*{h#SJDoRO6qp2MVC_fedGo;|orQZjgoP-s#hdW}iJEykDCLc!qWCiQx1 z)49c1uD*w^N#H4&tvthQWvDt(GCe;yn7@U=(;50O*EBsXmS!Uo-N`B;+0xuYC~#_` zQ(1VQC)Cbtt_Y;C?mNR2DjkEUhsjO^j{WD@RmbWh9Oy%^n_@ zU0zj|^L|;*atYSU3Gc<`zpR9^cY&{ABVEt8#KqC|kQj*FP?$K!Ht&qzD{vvQRG8nJ zbQHYi7HGRk{nQFjJ+?0N&Kn-^&a>*W>~PNHv(-4ZqIM;>R8PlRp3z*Hml-;kYf)5x z%oJo>zIcK?v|hMPH4a=CX>*5oQ0!{W7Ei^j>4CDE&HPTTO0h7$$a(k;<<>Y`{D$D6 ziO-_tmd8-8JO+G)<>BeL4fVo`#B0vxI_06dBJ!@{HoL#p`XiiP`m;6>D}!fAzb`$k z5(y(`gz{%kA=tReQ&n;eaxe>8@fz^Z9_8SaF>4V#zbssdhcn*l%!5oEOgATNIH!Bw zyXpd^y@AMA2$oyvS~gTgZq2WZ$R;vi2zX>Vcv#|CZX3}Jl*Ee2cA6c+5Z_7*F~pU> zp}k4@KMz~T?RLn%gy&kV?B*+J62WJ(3J=HVQKecrCPBoa9_5BE6v6kEOvnjUIfOpQ zZl~SBqea*geN!es6w-$#jFxxXuK^h7Ka)}nv9HZ)UbASTQv@NObSxsI=X6G z2C9wONZLgzep54bH_&J^z0R+3n(Us*P`xr&p|PI>>G{MP&`n>ky`-V{Oxyp?R`+?TUR$m8=4`_i61<%DlM0d>E~E0r?u zE>kGb`t*RLsP-BIzt;5b1HBnM2oU-WD5;9w>L?cc01;-(3w$(rah8}p&5NLbiS@6{ zR=hY=-r&WTWUz@L@>y-1k)-Dfu+r!SyDWa3v))NN&5w?5`Z)PJ$13klQ~v9K z6Xu*$esIKb{1d9M{E_(Y@FO+9FLJu8|HOW#zO&Of$G5Ooukv9d0_AibEA-rYtx!67 ze%g%2KlA1bf6cat^~T6{nT$iZETukpluY2sn9#Vgobc`NcQtw>rf$kK9@-#;ZZi5G z#7wQMCs(uNS!0ZBpP4aA$^20y*c=!;r+RS>^%y_3%~bOd`qt4>BCbohgrKyV|E2sd z=08*HrFq;)dQqcsI<=VoUi{~rOb5U@$@xL%2F-mv#Wyp83cFC8TwHN0)IVk7f z823ueDw-l#Bw`XRAKgmGLWf1m2h`P1>%|IvqXra&$5hpzdYbCYR zlQYB|Z#i?QZLP27Yt8i0p3oryCU?QKMj&iQhysxxgcCWQ&_Bt?v`;-Juf!JBKuvAH z-zHNcEOh@13y1O>;nzWbrs~<6@iS0voaG4}0hId$N;WkpcB-oCfC4)yJ=}y+&M*E9 z_MJ2Gr2x*S`lW~SL5_HilP9Y~Oa+(bUDPP1!sagL8Cmn&#!H+wZ-%I38|u`(bdenpH2|SKzOYfFsU)?0+1@F8QlFyN z`JDMEGsPd#Zj?crl*e?v-rBeMO0S@1yD~5$`!z0s$W1xh{o$drJpR{hQcoMrEZ-ay zKhJoc&XNcABYmzO3jHiLvq!9aw2{T(`U>Az_IOoa`L*;~Myw1|5uH5R*hGw)f5v8E zK~>4-P|xV_0ZjgX<_)Y4FY!dq8z6@klzhr?H8Q-|7wIPYm>>=XUG(y*MPCgo8jTW# zMU%0bzR}eGW-&o$`lFY#uWMbfhiJh5Wp^b4ipo5KgqSK7pC_N9x2-U4Fky#)Ed;-T zUt2ttd_PS~lv;(SAi7@r%4#WUoQ;d7IJ7dWwoCU=m^)b_j(G+~a}*az8x=T`&EOC_Zv-H*pR zf2B-_`)2HEQT4FO6FjZ&%Dxf@GVhSc$KlPl`##t#IeqQXnTB??Yo=}XdDi^=cqhS9!R>VuIQ}I$(AiK&>(T6~QI4E4&4OTjYEQU;DiRu(Y;$+9ug- zIzaBIWo1zIWAckFxV~T%L$}?smvEG98H{|LIK*a&+)8oB1(3}*kXRXS_-r2WO)4V$ zjLtL`dYEr*)EgIstF)gGHGiaDq;wS6)hGKu@4S9CdP_iWw}l?d&17b^Woop_^CR0~ zCx?}mZi1JAHjqp)>P6l}Flj&o2gelQ%g7}vx#10MVa3(HC~I`#`g}bT&9bJC>7?*i z-UUY=B@BK`wfO@!1#j}sH^Sd|IMYZ%fAXP1Z{<&d>^j+HTW!*l%StLUB1^&>A?QYC z1;ChL0UWA_o=r=z8Z9KuErsPDa*rOr)$s&7GU=t$PGqz^V3qzR~}Pu(IR(faEpFevC|t z0IUiY`#sB0hWInA<_ZD`s4V;(E`!o;Ngt}TTT^MFm}NQ#N#IRX9m{>KWA0gK!usnm zvaPu)GL$vWqu};><91FDcae%SVWQynM(P+ zDc@{xTrJW^2Nf9i!*wOn690qxMyIVXDnDpxFw707>7!xGBUBaZnWn` zt}gA%!RwJmCiwEJu#Jz%f_HrtoLJ!>Q&E6Zfd2WBMMb7FxjYkj6&lb`OIx;g%z_0mesVhgrL(dW2h9SJ3ty8oAt%N z;qD~M8tMMxBhwmfHg4YK0TdG+D}##!J8V0hyD#>~(bA7}Gp^hYP*0+^URaeAyeLp& z$k`LuA}W&HPm-N_7wV`o2Jo}AbTYqMQv?68iEGsn18T08Ll(X=E`T`};E*rYXWI|Q zBgD({qFLINDN2!9r!^GC*8Sg3&8~wf^3D~JHCBJrK!3DKB!COwrhT0Vm3il9Bqo$aGvbd6gw)bw z=lo`QyF;t&yN=~7F>3U7s#p7fiY#nHN5;=ZyZzq9(uhp!v$u92U%Bu-G>Dc259R;| z`RyRi2Yc(i;;pM6Mr!KUKSs)DS>;1Z;}V!-k8mNfBCBi64*vtg=lKceW>4Rh72f$9%EFsGa;={-b-bBxK~ zL79g+=z8oNTN;SxjBKC5xpO~dPd$D{i}wVM@A8FP#&~D814g)|y?5rVJe1Zn6_?H$ zAP#FIt83#|M+R=bfbnt3_?;PF{gfTqQ?vshD<2p*b$HE^;#ql;F>!ubWcO*JmOal^Nnl+*KF{M+V)99W5e&j7@{s}v;p3$-e z|I0gbHZ4$C7wr%yJ=Qf>;hTFlrI{P3Z__xV<@UedN6s)gz4Lc+J>2+ah3V8GEUX~fg+eqboI*AbK1P)v1b2kk zigwgCB3awmIsV8_pDAEPrhwh51ng(%p#)5>6A}R{n{|etxrRVwRim6RS%2fsJC9@b zw@DM(xA52ZuB`1m^_^!VbZFOC2-Fedmx%NgHO<&7g6o~RS3vGXc)t?i-HY&!XS4x( z%4QubpyNm4)ghG&O{wHe%XpvhtCdvlE?PCCMN4HfU@WQpR;024038$niSYF;yl~nf zFP?nO6D3JZPGRJq(V!9bKEK3Q)TGe(Uf}~8GP-x5u?i^O`ArQ*=J`?Rq>}N=aC`KJe|~z%D7T_Nv5>dJAX;Kx}Ji#zhBoi zt?Fu_TtqbZY?Y)MCQQ$aH^N46=%U!`^TThZOeR35amEOKxP zvn)2Di{}V`6b|0`E1cp)OGhgRgM@`=SkeXBLwFyOL|a<;mTqCOjTJ3i;%Z?!{q$)C zMI8{r1x}@-mCp7DVx2zRr0n*oBGdh##P}V`a0@-K##+=f#ZJ1IE{0l4oSh}a1EVF$ z%x%$5dY*bF`spTIO(#zmKc)VVL#xNHQWc42CChdwTAQMu$%=BNBADBh%zO|GW~ygZ zqX!e7ol85wHxuwmQsYk{J)CM7>$LOhBu`aJ;$jDBKXN3}io`ho_ic$o;@$EVaD6=egn4 zTkvG3PJJ*_*1ZT-QNSdSQ-%`0rerSlCG?q(ATk)xGCJRuF8Iy*r7CfVqlEqDBJ9Gv&Xb8{>$T{e+Z)c&34J&v<)^U^c z3NLF3b~FBdybLVY8}F$+AtIL8{c;)Y)VFqA7Vp|yhCIwqh<+?kFIu0(M`#)ctTm2N%5}y8}_2z9wJMuE}l49f)=~J9a8w?(!Dju1|c&ZfC<=py)kL z^qV5dKFn$n%O|pzT#c8FBYLU0oJ`j5WBr@gXJ#+}ADO2}2tBGf|4Gu3Fl|pBB)g3O z=fSFgbY{BPE+FHipHEcaO4XZMmN7ojRPXDHT`Hr;T})dTclT^=k#iW=8%GpSU|XnH zq>)IGBjJpMd|cKTS(fNV1_g81aa>Z;L3Hz7phvy{(R@Mld*fNJbGB3L-81BH;79z2 zMo70WSGRA96jS_;znz-@X=KH2uU`1@dpi#+!}9qr3n7Rj^fB$F@nMl__L0(} zX@F#MsL&FxvdiNiajG9!-}|K^?=FHQ#OUZe#sU(harLir?kMZS=jp>`_xU1&3YJTN zf-yxyKfA2vwow_uUjEqSEDUW?_C?OG-)H<3_Ym+)V(2?Hl~=ZW=qMr<69=gWpG@;@ z1cpgn0%|~}gGS~$SHy;zZ~57H0`{QyS$(%94y~C!Dx;JgLlRpxiutqk#=U@2dzeIt zY+?&O%HB6=h963PTFol*X`n~JOX8Oa60!b&{zB2=dox0!X;E^%N7K7H4ZT@-8jWVV zcjPANf4;6#(SJA3DfGX9fe7^;rt6(by$<>hAW`UF3L55mvjlT8wQk&iaH=&HL>pG* zp=m9Kp*5l|0yga08Z8^)juA6?jGyb-59iY;WyWryM`S`{*r-H6Qn&cSx5K?t{jnbkwyd~FGHUfm}7iM8-$hr;MeA$#N#4WO=h2jf zAxv+NlD7091aWlVZPM~wneaT;U-DkCUE&CyLtRzlz0!ExfKf!>j3&ZeD!YQpWZx0$ zZTDwXcCS*oP#<5od{hhbdm<^P2!c)JqiKK;$v95lwZd>d-Dbs3-#XRcxwKNI4Qm#f z{FD8I$@m~#{i!E&zHUG11L(9QzOhdr)^j!=1F=4r@M9BT4inD=QF1<5GIMaNFFY`V z4ZE?yCzCfhPZa-)0BmX_Y$ELtspB?2At7ZgAG1ZwBNZT43(+O=NiQp}7fZ3&;Epa> zJ>?@!=tSTFMVFtXi{7S-3Js)acU^Q9sm2c^8PBQcj7DRmidUe2ll*|0vH-3s`+lCD zyv_bhJQS>dlX1rDJjVKW{8CNge!fV#F2=vepyV-@{phx&FNa^5vLBwf(#T$i&Lb=z zC|{wQZ{T@3-n$zHwxO%YUxA~i`_q!!H>T9F({O}oD6p3>p%NIux0TbCGS0A95?{^1Ec=z_n z6Ie^;;jqbFV-vr#_>Z&k4`}?Cm*#{0u{QRZt+A)Smi{yH!;F23LIY-J z4+0$&pbtN_^`QYEd!itFkG4UqK4f2~o6?cbq~`LID4(7EV=q(gDV~#@|6Gvj1mHU1$x_!}Z)!iCrP2!B<=wWOSW(kjgMLIF|ZT;pMykdNf`B#}| z@LH$K{`~`Z&R9TH#GBWq%-gxG>Zsdbp%HD-M+O#4^L4N;ipE zr7q=Smu6)Zh#%l#5h8SA;kL>mH2x`*0~PB zCiz>VhuJ74*j;s_Y@I0(ED&6iO~u9`x>bSANx^0(7V~Co@78i%c7+UR9ip92)Usf^ z@Muf4-+$i%niOp+P@-LIyhNg8pG|h#A#$z%(MH+K68VX+9lMoC`N(dTl*?{w#pN;>jI!s#E_c4VyGD;!thci$Ut4O8-AQ|?p1LrR;rE2O?yw&xp5;wzcvzafte zGA1pPn+}yJG7O(3^N>`G2GPfgvRB}Jh|m-pp=2FN%2J=AY&S!<5Bo=UbG(eH_!uH6 zVcEajx9rjF>Lz^IIW$G?JyNGbk$12-NwZGel$4Oj1WQ2BVw~=Dg8!fxD5bbBQeMGp zE%<*I(BLqU%(iTZzZhTlQtSD!CccsVlKADaUg|jDqm=lMk+|l~kzW_*BPqrWO6VGA zXIB)cj{8KMyuLhAI`SP`8jXJ_*7m>kYZ?{ndKW&l;L$9_VuQWpG;RSWyqx7U{Tyj} zBzyaDs#o5@k1-pXC!Q8}kYeYk+P*iQIwGmR4p&y$^HhH~{@^>#Cd`RPdB<`C{0Hi*mF)pUJa3=0o-4 ziKBec{u^181H!=?LM;${v2YDU(>+4;5`9vUc*8_$>kd=YfqsB1ql{DdPFz@SMkpJ7 zOk_zQJ>ZtEhC~t$!4^N}VN|qPut=F_PTra*b?TYF*x(`W6EC5*<*<{GMtB5;X#cY{ zUgwgEQu00iG8D4tQ4Jd&PzAG(C8Kfub58OxzgH(R`mylQTiL|i*bfI$B}W^Y_Ee`o zDV@Gfe><73=;GOw4OGYg3`($RT>xb`2@JQ}#pJ#Q;R}7;@ z#UIn7&QWpynUaq$89wu2%a!KCNzARNq-9JvsfTwCF&`##l$ZK)B4@6thZ&r2ryk~V z@Sl44=h5cFp+)Ay;1kVccVRGAOHbIphDBh81?Mwt(9Tw*>{Ty8%6Y(4ZCZGKs3QKNc{`Q>yqApym{ z(-T0W;@4R88H78j+CGM9T=npp^>8IY3hGOtMX|Fi`n2UVSe0}`5A&hmIP+n+coV{% zNj=Sn`;Rvt@-1TS>Sca;&Z6o^eatUMF=kW6Kd>IYwW#{2Mb)`yn0dap9!3r}zr-vW zR-9vgSyyd7EV;mZ@Ly;?(2Cfw0@>Y$`OboBQ#w$4IW{gHRk$>1UOd;KHGdbFzbnk&Pt0G#{M~K-<^WmBcQbzr&EEm$ zuh0CINjAZxMt&m}Mt>@hvwhWfWdr_HFir9o)vA2*JI8#NQ-kIG1@pJw{9R@KZZLnh zo4*otEBW)x-+c48*!(Ruf2+;k(dO?>{0ctz$uD@;n7^~k?~J+C_c{D3x|zQcTrBSk z%->IotJ2mMn`|!%eGH+pQ>4>niW>7m* zNk8GmvQtkzufa{mg$kPflK2QJAtT3#uuN}*gmjTwxrWCf zA;*m66NDx(8E!r#8KTfj0)%0}r@o>FT!T*DJHi5F0MKrchiRUxymdFJr_AfUbz{|2 zn;X4#m#U|%G2S{k@26&3_5^R8Se}|`Z7F-EdTKY`tK#x&rsYiZ)~P7IY3--zn}Tbm zbpVPI?`a(=E1Q*SrsZDat;^&o5F6bIaVaR}C_KG4u55O0!7Mg1h*0D*|IY2kV2{Yl zFsJd?_@VI|$QoRGEHht~l3|6B^OCUXBguyD1Swu(CPj5Q7dJZ`}fUP^5cK zJ+Dsj1Ru^(g4jD>7?D0w@0q|f^%#~lBt83sEhv*9zVAaSD4)9fpGk4v0)h?M|7OK(k` zM1ldy=wO^KDTN?U&ho6h3|U117UN1LU*tf{qY9*JtsBP-L3}KK)HS9`Q;{V3c&?f| z7<|ZD)t{fNemY&m&udp97{=PRtPSjZ49@6y>r$huvPSETXTiidAhXub0FZhjdt%9LG zB-YAIALBIJpTX_;IovLj!Dk@av-0QTVKOoh>pxOauj_gIa7bajadEC}s-2j}c4<7E z=HLK1H$|Txd`>&Y46Frp@4L+!@2JFlNM-bsLi@gIh(Splz`qukP z@V*`aLKWvw&GiJkiUtH(29f3U{sh}6*3y1eJ6>&u@mGYxZb~h0(v;&lYR#^JcvER? zzU04(9A)e#uNZhrC@w7mzPI*#=x)}rdMA>2J@2h>?<%-IhKH_js0qK=W+q6g< z5}j2|>htbw^;vyjphJJEKI~J&GUo|U70&%5Nq+7MMEivH2tRK{ruyIcktjvi2l-L_ zoDCjT(Q)u|YPYKB?fL#_C_}TeMyi1ZjtCaoPpWReq}u$%&~S)QWQ$OD?T!}J2pnB~ zR-^F*9=j^4@IN6f{{AR^Y;5rE4_U*KZ9Mu+>*?*8pm-@ceoiB=(!P6kC)@WVL~_Hmn|Lm3y~ z{FutP@&nbl-TbJ=y-Vq;=xuqG(J8sM@HVy44Li&!uP@0*XM0+Lr<#&_g59190^06V zjX@|Cvu=@cZT5*@p|*M%Gj{_7g1Z zy$bs&>{vcsOWZ*w;zuX>ElEn;e#o@Y->Q|ZIe4O46#3G)_Iu3^$*WLqlDroEO{9r4 z8vM{27tZ;D^Kx6e#eVEZzWS>+DE%1<5ajC(eiRGN7ORz3e@X?7{pwGTWP_AFbn4H& z-=)geHOws7`m@F3XkT(N)|9UW+z04j%s^~PEBTTD04I<7T<}v;f5uXt_U+_HweLCr zh=^51$6_C*x(Q} z(KE7%ClDRni(O(`ng>%1LT%uOW|UKkaZq0LJWeV;tB7q9{fFq3B2to~*&9U4!fjC} z2}-ffcXRPW?AbE5keT-SW0@_Cb-hD?N&ov9#wESHt!nw{H~8_Aq&n$k+v^jyrpnt- z=Q-tVsubNH^?cyxpx)c4@bAi7&u?~0`;>ptEHj6(uFnESwQnx~_TyiCzfU(Xt$(pb z67BY-@h@H=#{v5nH-nb34;^*ehXeF4J|e0(#lPrB?Y4<7Fq^V}|00tdzv*AxOdaX{ zi&x(T_aWe(;$J-ftMIXve{rAwZ2K28)rZvnOU?i9$3Ax5k(AftsT_WO%a7vciQti5 zUh}1z{o0RANwxXuw2xEcsq$LM6s&C@n|_gYrs8kf$NS!K$?K6AoK$&r*~Y;o+bxYB zPEne6wAHk8D2qw7`>zpFF)d2df1M&psyVItuek(}E4i}zuXaxS9sSoAOu0K$Z8Wwd zeg9?q4;Yi4)4oqCTLcKSU>prm%!vU4#}EJEcFdOL$Itv(H^b#WOp=dIel!PfGVSda z;=gqRfS}BHC7Eq_r(5v)Zc`sshu*^tuM+S4EIBrlqqPMQWw!V2rOwvA$476u=r9WN z6#qXN@Wci`NCP2+{w`)qp6WaojKUf=9?(rYbm3Z9c*OXQ=I{x-c%cfwQjx<@j%rq}h%2Rjt* zd-T#tuPS%)Dw5OF%e=6Gb!u^oeUYE&;x`f^Wp?pDG%2bH@fdE>$2S8hzzMdT?aILg za#SgkAJNJ}ezIm)_9kYa4WEnUGsednudUjp$;vkAWE8w}4`Y^>q0HoEyd7=Iv{^8*IT zY9dF?ILUs>s@SPZ_4vNZL1|=h$8!3x+prOKW9;$$QpWdHB|qx%y+7Jpt_A2y@FGWb zNI1!t#syy|`(LXuFEu+G^Do{+Waxh#HOP30{Hi^7kfSWz#Q1)o9^V6BkMGSoc5F=c zzbUx)7u=Vi#Ag2sNHvf@St_;rU+Z%>{h84+^JQ7a;lrUWyR}&xT5nuB!lbcc$agNB0EN}GM=)y#)G^k56B z8eh$%qM2OjPF_KB;!#kt<|EwwY1|OOm+|1wOO@RJ19B;A(LzC2f4c8S-NH2e>DQ8^ zn%Am79rcyfICDHWU-DZ1fTKT+QNN>Ed4l)vj|ZiT=&9PE{MXZTBQ`+;)rd1xBht=~ zooqHIt^ay(vO)WsAKU)Jf8oEr*oX|CiCIghKfgOa)|HJ~DgNsuYPY+nt9di^XFu~} zL&(wE-Z^`Xi^_i{XbhCtqXKm zK1$l-{(m5H%+I#ISpTc3o=)rp7>jkl9FGGP4k~A|x)KwP&BZR~^FnzE$ucc*ezbA` z@42%p2VtN)`lF}mNsSW01~olG?3a91=H)oPTIS_jv6E`Gc$_lF%7p#(OG}DR)7E&$ z4q<=^bQ3QE^thDxjU@a=$zbb;rT*Sp*&i$>pkFHdzc}I7n($9h#@?2pB>XXCu+06p zDdzsP#md^3l0~dN(LSse#g(=1E!MsdXW-j0^0?koIiTQ1@?_0gK4^zl# z-zS^4H}pkPK27R;u-!qO<-7=WPHNJIuPTBlANPm@gWx;#%E-xKun9*GlLGu{re7PwfZ6wXjzkFGD zsI8%-@Nd%RT0V5Qk!x(k+Df<4QM!$uKB3!b+KXQBy^cs79ol zFDo`%lYTz^;ADf8{kP}Ke&&V?xsb@5FZ&F`p}Z6&PoHly-;_YT$D0zUH2%O#lBNh| z&NtfgWhbz?#qAB$NoI>;sq}267Qq4&hbGXck&A)ryn1<$Db?KC+YR+B1NxaG)>X#3qZ7{*V=^HKIeS@68Y%l zw@t6pKS`z6J!H1&HPeFUq}QZWcs9MZtaZRs^s1E1t?6|X&2dQ1KQT;Bdj0yEE4hZ` z1EJS_Y}GR5>)${?z8;70ieAqGqBXsq`Zf){{wg2S)2p4ceM;@FA+t@d3oUp~dJRd1 zXVYsw@ts=Vtci}UlDRd#wsOa!gI+gcBAoPk*PUEV@`2Fn+Aosy`Xdma*KP1c(d$+~ zw5He8cp7?LB_Gq%Yb{&2lI>IU>Q82yUME=aob)<46`oD6nNE00zP>Ti((CmFE_$7X z9dXj@A$M{<$p=EO0iP%7^r`|xYkCb6?8M$U^|7CPOi!<;K1`)oHkoaD z?b>3(bJA<0e00LI>2;wKo}$;QlDV~f{b|07US6!6lU_HtleeSPY3b!2-?d*Sfets8o2FZzG%59V#GCRK!kuVoZ zzu`qBEG2wf#uw&#X`|#&;-ToL8FB;&=%Dnw0iIlxx>xdAy}hDe(tl9>xtl&kpIY=8 z$U&{p=N;Ir_Yv@eu3cp{!171>liAki6D)X6 zeLgr9o~_R_o$$2%`&v;Xby5EHmt6!o3oGK(=ZD+XEi=ft`Ex+LjSc%k_`n2 zB-;k>71PfKiYy^iMQ=3YM`*P2MoR@r$maHUNzF&bjUJNfq#uDl|7OzAoYVdrdr{nd z$c~Lp8h*{205=Dy_WYLxe+e0^0cz@eBze>b^fy zZ!4z8IlfUS{(ijCGB&cL%%}8lHK&W&oc*r{?))mi(h%;0p($D{y%}GE1mu%2}=l|A=v>sr5+>6h{^E0t2wzS&w=f6My$1biE zd7VVNITi5)b{%p%@llqV< zuPO6?N&6=JykJezzKx}F?Avg}S_$QK;IW^0ge#;Th>(__LnP6*Z)xHY^2u?){QT-! zXfhEi@jvmi@~u|6c^ce%fP0EO{uz*I&91_Y{f%7waii|8mHz9vdL`2+x3a2 zfouM5qkOd6FAjhe4{@Oro^HQncC}xz<4<#43hKr1IQ``t+{xQf^R)i5+y1nF$Fe_1 zQl75l5>!P|OYEJ?{v2aAERFqXlWbn=@h`_Iy8N59YgOx7kAFF=)?t5&1^)vW|GsVE ze+lKm|9R9!;eQ1HT=-uu6{okK<&u=%elFmIMi>5v?FavDPrC5G37e3LzdrxP5p5iO z%fkL4N`rl-U|(-MPT?}5q-Awv?a8t_Von}B@UbZx816=O|Cn>IICx+ZUX_OT8Y%$1 z^BnMII^mt|f|n*x~C#i=LFoEl{%(H%ei9Rw99B zCWa(uB`&2_8^aMMhH62pMg~(VEuROYpBq23^&!?5^^8O&SgG7fVY4K6t1dt7deZ$X zERH|(FGb2G)K1Ck^Wf@|*XKUe6ilOUf0Ly2@|x3-BCq2luZ5hWzaLEf4m#JP!fEBz z8Be^f$-;iy;|lx31p9j92MVXe6YnGgDW8&(l-|!jkX|rdJTYgkIM=raPfAu)t1EgF z?dC=hAkG9LOWLe&U(hWOWnWpeiVa*kzDU-&IgjNdz0@6HOBUPGeC<~S`w9+foIeU2 z#0ne^H2J95U9J#YM)*vxkXqkPw5f>pDucuvMkcw`0Q_ijsfE{s$V#mD))(0J#g!b1 zgh&3KF(Lk6C;&~F;=vh$~4`DkKsLRLd)YfGWbqSEs@maq$XY$q;3__ zKV9n5er_OobwN&oJD$y?qjZvJoJtCD4$LNfn{~2HyH`8fl;B0$bd==}nC6#6b#d#Aqh);^%U}w{jDA?<0_JCdwb5l!myU zOX_%16AeiUezqz}+yp+2N!O+ND;7;QAtJ;a{9$zGhy%%?EX-pnhd6QWRdJcholZRt zo3{&nkM@fHhgpsN*z>MSllJ_0%F^xJge_3Ybt35Q$6xO*D8S3K{(7b)+V(un_;JJg z!qEeq4|w#SknSWJ@;~|O*{`?q*RP^>+wz~!n>1zr{(3)h{O0)aQI1+n@2`LJFt|^` zRHXRp>)*3k@0h<@p+DQ5$$a(UH~jTh^E;JGlKdP=r@DA!^V4U~m0 zPt2#6DYS_(OzMLehr8B)_-F;3nEM5ZC%hjeGnL}e*R)b7nLU;Lwci>Odzd|_vTfVn zby9pIZ&FDQX9N)XWQ`A&NV+XQ;vbJN=T=WQYqBYHk7TxbG{<_sav#P%o|qp4ccKo$a&76Bn`} zSUZ^3c;Zzu+x&UTg6Eun|7$8ddpyz32~Qc1Yb0~)@x&mSWA_!tVpP~Uo;cc_{0PZu z#}lpQ-}}6}SV*SgO_o2XNLGQFQTF96prqelQUA6ko7-Qs;zJ*kR44uH{XmCtKZ?)~ zNi_Fwe!~GWD(FPDew-9dBQ0wG<^b?>&|nd2pSr)o-9G%`J|DfAY~SVwwEe_hsrG#f z0QR0S#AKZ8+JCm;t>0?j5=nKnPhS>j?omBuz9l0NM5)(bD4^P?e21_J+!bKwj1Rsl z6+W?9Pb+O!JB&Y=mkPhH3;uDx2R}0vesk~!Q-7yAVJnV&wDLDN^5p$4juc^t;vUtz zDu&H;CwGwKA$Ib$?&JiPB5{X%eXtcjduG3pRPjS8kNtcBE1~V@;Z*S3_OqR|Ce?oK zT=6^h^U7C~QY#noiTyn3Xs7*r0SLAcc#OB-vY&TIx>J5^`?>2Ci?`SpMgI#Va~h3M z2J-m(T=f4pw!>*Z+qsixlbmWl&HV#Tf4=`?i-g1yulmZpiozFRT{MN~1Hu)riVv^$ z5ZFPhxckN0vu9_)?8;IiR@)`x5@$AP(sUDfH{%f}^UdnM?0D6D28L$$wee+EqBtlo zM_XPq-fn{;>*4A_;yR;) zE6JZ6p1!f%QT+?N2*;0g#mk%Z|4kBg{VD#l8O=J0461_d+JF89|M}F^K-PhO$5UB> z=34!qB8EL?k$BcB#{JfL1e48C_!FE6Xs)-Iglpr(ym^_%oOsrh`xcY@`G72HbY+dV z6t0(|$7U5ns3L7V>&$z=xeGYE<5};JI$OoFUa!AOpecvRtT(P#9fKKYdX7qL?NUo9 z>9N$}=obEkipSqghLW~%r`{>4UfgX8et$Ow?fHiZB;kvXCQ;@?ZGW8cu5*9Q;5!zG zen=R~-9W$s4Z{#IQenJ%FEB(u80(tbYdCwv4Cj_0Z?&-|M@9;&E10%aQ~z*vUW7Tm z8N)}{_=dVFi@u|};Z!H_nmYsP2<{W9OhBnVrVpi(aPv*L-EEf~eKX;=kwm9HFj>Tu z>0nWXsV}%x0hHyG&$4cg(aq9E;hwO_2RO^pCVc!-F$;lD(JYy2T5h9jXd z8F!+ULf7ukJM6mR*R3wtH=3~1j@SMmiFSWs88E%yW*NskYP)Fl7{^KWGz?Nb#*cq- zacC;GATFWl=6v2q?&MJ<|HgisKfY=yLX>jw?E;LHa;^R>Ce68j^{xh+c(o8k3sgS8 z#$-vd8P`Ae?P%6|A)Uy(Lw|96gR z#J{i@+W!U0e*E8h-J1RQzmjV6%elY!Ftb6n|J#+gE{FdsMXmNZMoZfN1wV(OTZA5` z^?&X8IgTr*iECa?Hu38}t0ulBhJ^D&fuI9y#-Uuplyb>~rCh_5xymn_J!}BI_(A-Z z@Jq-Uj;+$V1&cKudZ+B=(CbOoc;K((+F!g3dDL{>MDnOPq-}`AIk7=9hg2+^!0ZNN zUrqykqY-t+Uh4i&=9H>R_UZi`Rng<={tgv_)BULfW1f75?(dT%K1%g6smpG|k8kQW zqy)TarYHejBRO3B^wwUfx<6G#IaS0bnr^KN-I;eu{|CBe|3_ohtlbO&Xs=FNpRd!O z6>196i}+w8I$V;mKgsnvi@yCN!NyPQ0~=$oKChb&&ZAFTYD5tQx#bNfT1y&i@lgSAcX1KVN(ufUWuYfc`8V z4d=nFHy$`t@1ya`ON9ZZ~lh#vm}NNv%dePg%E*|&3jj@8v|SfmBQZQn>$`mjV&o%CxC4zuQe=4wgf z;%l|$^AvmJdFF6-)_-_bRj3x!08>YcSEI0rxz6TV`#)Qa5Bq%cT+-Mz z&sOc-j?qx<-77XG?RhiXUrX0sOTX4gs@-0D|I8vPaO|IXz_Ke!#r{DlTY2v?Ye;wA z%p^B_=>VGofO?4^*)*9qTVH#iT(Aj=6FE$uRSOI zC#hm#K;Q@c9qXp|+usQg;#c$NRVl-W*y?BTXm58+>`q)@wb&Zp+5Y7pNOSp@YD4FP zVq^89N5j7?DM3Y*@O7t%t^1u4 zIyL!aDXwVh9uO!^uAS+kX*=wkIn}O`uW=_E7=^@Nw12%He=Yl&q<$YtVHtg49+f;D z0r2$llqV>v(Lu8L4td%+&((gXJdJxiRi3Wtm1M6!SLzzPRkYMwv0LC6;~<>L`5c+{Ivv2O0wrY&Uv-+eXLyt9 zTKOk`l>}Q~t?`RJI`TYb$uB4>$XB=^pKC%+kzcDl{oL@K>k&^q>VT}wR<>kLBdyAQ zeq8I~*hN?ib9AJV=ev{7AUS0|%^k0E(Ok>IPM{=wd`ax6n7$h+>KY$Sd_@y4P5i)l zlBCGjDqd&BBUbZFqkMwowdBz;KKeE6YFG^hA?^6cjsN{mS@=IgdGP-Q^QQ2B9sn-< zpL=<~`2S6k(&L|#ivKvtn+E^EZv5*J%T)YZ^>6E*w6NcHhr-@3*c1Oi;hO2WBJx{D zNW$PfqGd|tPd7qPFxkg_@{+5MOB#=)zvZUa_+*XKb&VUaP>No+Q>Tkww*gs{B@MsF zNK$%wee!S$zfYIEY3S97`W=qI95g8F;(qae zT$0k`-z^pYsggGh{#DfPz<(7=n-+h!|0jdpZ~i51Q2s`9jcP;??kXni1xota+snc zq^D<&YMcu0I$SsI@j4~b-D#TXvjw8lnT)@LPGL}iIxMg&IT8C`0FRfhZr1zEn3(14 z!nZ%KVlkPk5-?{~d%=d&sBn}ZjdrSD%;;lsbDZT_`s1^-GH z{PTVfe!o=s_ImD9_c?Ia{*PqdAJ0CX?&8@+STE;#?tFLh8ItT+&%Mu`d?d-O)^p{0 z*tNL1HMdJxTF=w}Dcm&UL9dYV_Ik`Z6gn}4?Ul+Ul#QzXXN2z7B*j49gziay)0&^? zAqlp=h#{;j+Qm4xBNbFc_Hw&b-+F6QX*b4<4k}3W4N)3w=~Mi+{?PUKW2rDZFGU69Db4EXKVgl!Z6%3*M(843%V#n>Tj} zOp|0ms&<0XOo7l|vM|6ivs|Dd{OYa!Lo!Q-8%jS7CCgiTax%-RKf0iJCCjemKa=jQ zZJ*3FUvddL@e}!GYk!g-x_{Rq0~=L&%XFzscZDO`Kl_1cQR8q8Z6uIPq?jBmLZDdbXq=Wz`Vhjj15LZ!$eo(wQ077{ou( z>7A45dqiR6BmiXr;tO>84ldTx_3v<}->1`8C)4AS&T6h%ej4ePztM_c4^j$3sZjl; zAnf5U(sWv|uhW!z&Al~I=%yQH=bNw8X52xE~ zjeqqd=XcrjL0tQHA5Fk9_C>g`CJ?*6fb(LnFW|!S>kCHvVq6kMvP_6vYhG`4liY|@ zBOjyB-$yfiv6<|x|yd4L`TRn5^@~vOeejmz$(^06iz!{n57m=m;*>Xz*{?? zY%wD;!|UJft7|S>gjvrBct?CGH;?RE@AC$B50Cc#&=;2)zmUCiRANpgraAilMN7-jzWVbJx3$Utg{*s@)wcDhv(Gm%L=*~fK zO9ieEv5RsGVbKm>!=5(2*fj2!d3(|_U&*S;hsIy!JP7X{nRKqh1$IPJ%j9k3Enm?R zZ|&XWDV<#$yKRjR^lNB9W=3gEOW&ynm3rsVvd4e+-fZu(UA#h5*{zyhB_fb{^-bV{$3;Vgne?GE>{YT zWJQ?!f9R3o|6<^%#qtS?c;EDS!h8PUtvv*0h4+lqAZ=mn+iY~f+{rDV!stm9L5K8} zHp4NP$(y}S)c1KE_6VvZIbRcYMw0h=L2W6duk$i5@e0HSb@Ydu^5inFF8VUB!kaLJ za+w!KWg#7bJm>RVZ$8tE>pK?5zf*0f=f3&2C}pr)&44N1yVZ5_Gf|M*dT-rIawHD! zyH1p5via>*zNvS-7+b&oDX>fxsa@x-eFdf(871i1D&ccdEulmQBFf}mX=&fJ6f^C@ zO9)v*a0Ft52o(QcC4bNOzxJ`)79%)^PdyC~9tf|#b||e`&gXrHPd!}Y&Y_C{^3LOe zr+Nh_5?qY9?jj4C#t3*|Pp;&`Q4x+DpW!Uwnr?QCWNq1u?FL&SF1mlM7hLR-Dxc8 z8K*&uJgpL@S%rUR)3Mu(f6^?a4C{?jV7-WfjqLcf&Nzor7I<9OPWza3*vrPIYSJGUFs`{XGyPdwqSLHJNuKa z>@PX9FOuvDH;0Dx)A|!3qhN5l`Tj@ieYaD0#yG)kJq2+85OB;hcpt-^h%A*`?-j3~ zQQr+^?Hhj0^v80yvZsr5qQW90U|c0Pcn#&+^&2d$5(UVv8BiI#QSdmYP*hKhQ1Al6 z$-4OmPRtLj^vk+Q5f>DH=kw5$H~P4uZ-BRMx^zMmn*E?D<9(=IDeku5LE6QZwUD<_ zfvU*ZJheigoRGK-?QAiV^|E5)l@m3=^TmX610ixI7#(eX_NkI~Zy`NHDPS_V`z$Ae z8wR-oEhBia6j7`}YD=XVCyMn@Lf!`|iUq4H5OQiER~HB(-|=G*3#^CSqgO5Q8QlK) zjBtDYT=^&ji#(%%MV?VbVqxV>L=-R~$S64k6^~)GuV`oR4CBs+C=%60R4O=< zr26&5(azcvrv%`WSu(V|Z#}NoGHTE8c??>h5!ASGryJz@fW9O^r$1wHdGwnEvNyk;(k+#wn*8?GFe_kie$H1AhOY@`-e!;M6RFQAo%zje#tyL zmirBPIW8z(6}x&F_Ij+6@)Sw&b5Wy`dVi!hTZP*CONQof6!5%^tTluBdS{-36np2@ z<8$C09nT9b(-PSOWe{HGn-YohC%cVAG)sN4yR~=6HG>I%7&N%q&cpaw!|2A1h#h@Vx$ce|5zppE z#LYamB$fmsUnkzMry!j8ee91gwfnrf?=E^7ZcDj!A!!lFYtQ8}nk{-cHV`SaZXxwY zW-6~`otPd9`6HD%BVvPkiPwT1G48()3H59s)Vr*y;%L)}={jZ{Vu0A^7 zAE`LH&>smLU5qT-Z8Kv1+!H1lYQ4Y==cm*@pLtt%AbNr?dIcKs30}FkR%}_B_suQ^ zv9lM4_mp^N9wnwV*1z%s_&6r_E}v&d%U6AyYxYhGbzO)-!J_QWoYbRi_W1=K)z$W0 zS+jSf_wEMI4t(B{RZ|a=KgT34R&P^w_H8b!8PsKXsrT;X9xh^(EK|-bo86^L&EBEj z+7AF&v$rDDJF-%)q{K*1Iks$eR&LgdgNmjeCgQ5<^axJg#~ZwNJSKX87M;}3lOcmw zF=p!4%>;2BHG9jvbsKr8LcTmzku$}3(kqHx!^1yBQoL`T9Ph*f+k44zyuez6O50sv zR%dCyIY8PnkZR6Tc2w@SHS!d(xKXojeYoMp@SY;?%#ZoTtn;tuD|+c`$pz~F^`hun ziaKh#)>YF3s-#)d(Syhy2UV*dFwj6u`O`H_?3IjrM832ulfY+Eppqrv_ZOl zdcj@Bb7up7DW4tKd?t#E-fQvuVAN(j!WwR>^Jhmm)%8bsQuSv&I4I9M z^A=ta!G#_!$5hf6zLqb7OZDkV^wqTBDj_W67~%H7hX?Qzy1gp;oZPJ$C`$Nacgppe zer6Z)eX&!I#Mm2WVziV)bEmq1ld~O9jc-$28+4>`?BC2TVx7R15yCpM&FhrSLDyq{ zHLJf=5ZbRVpD#Bj)9H4^$54Z=c52Yo_3<&{%bzcUuCCoCpcOpR?yiTK&xP^FC1ytJ z-)|yvxP{0E6!`BEIl_U+`D(@Tg>Oec+LSLa@!n}A_M*>L~g&*rpQj_5-l0o zVLlheZ|`_u6#41TCL+&M;J>Fx^Jp89F%Cp7O(N3V;lL2N-a_Q~{|S*B9Efa{L7S;H z-b@f!{hk+1JEDe@2n{(FjSy27T&h2v~QMw!or@lCjO2O_K&TZnY|pAfmkfym>N zZA2b0p9|xc93UdAVpDe{i_Tp0g9}heX98t-ZcmP{|xJ1&tUUMEc`rhf!*s*=h*0f zS6>&H4?v;T96-8SfP6p=+z|uP%>l?tT81EkN_(fy*5++C}zB8h+1q;Nvo!C(l-%fS%es4pr*zLm{$h8Z+AO zgBdz6u68jmg<;43WI2Y&3}HuVKkAJ~)n)emskpCK%iG^Mi?m~rc6O1>WJQL;ABlLw_jPcKd^_?d6&a&OV1{B6r9UEQ6Ft4A7$h2yqM4Jxp(l3`P{J^m1kgg=?(wjjy#&r z&Aq#Dw>uijr|tlr2}Wowwp!3K4}-=$b{G>@)XO3Hl#NwZ;k`MBy=Aw%aq}({D=VMM z#W%iCY4}K*8#XE&y-nkKVyjkj5?<>rQhA55c{}ZJj)wsW%ri5Qh~I))H^5#KljJXzsTKzwD~6ou1od#yTM?dZY&o);&o{r zSZXkfRWYS9+J@Im zE7ziIYei}*Ckr$hqFUP-JF_Rh++;qEZ$MxCETb$u4Sm_@>$R#)fadUb08F4}tp9jd za3iqVF<(Nq-o#T>n3*QP%A*(bqZISsxUy(dQZ71~s%R+O-e^06k82ZVzQVpK=A4sq$>7rWa@D*+{D# z1SOxjp1WMTGlH4SR9E3PrAoV-9Ue5^sQeQzu21zDm7J?6fyvepWOuiQT&(_pd^hNJ zp@#fK3-Z4UN*yAw4LNKGgnUG%)9kM_P%Tb8M<5rof97P09Lnrpi)qj6g6ec?S*^JR z;y@oU530}O)Vja2-qZ@^3LtS^n=6|2IeJ5j3=p?PT~@opH_Jr!hJOX=L;D73F?XSU z6Xe0f{Dih3fvj7ku0puJkmT2JK4Df3cxndPr5n5%EA+}ySj_NFhZlT2m#r^ zVC8UJx}#&jEwJ1be{6(20CiPriQ5k^m#xBg;kYdOrZe!Sd{tptbmCiq0~yAOlSn<9 z^}8ZWq+0o^FMVq&3wOpy(Cn8Pi_rGY;rLmGz?zWM>ALbj2HMOY5O7Ns26 z;_#~SqTEx|aD95osVSqvb(G{1>tKp~;Dci|IVRx|3!`5p;5mz6M zVjtP1t4UQ0d^A3()?KgBFqF;IM?=Em;FwecJPl5&I3Cb6h$#UN-yeY0+?H(MFiBLn z1QnGl@RFACo)%0GQ$vBZNtr!h85gt1m6&qgu)?J|7iGv(CY`Lif0}I9rTdkVaxT1` z3u+}D*-if8*Zbj0E67SwUxU)fj<0DPSAV=toq z$bqZycA5Df*U+z^u0#k2e;G(E4vO@r=qH2BAN2DpxMN*G@L0SvXQ7L$Fb@x<8lm7!RB#6@u*U{8$_)VC z?Tr2R6iqr?I3$$4>e6^7_^Ej;7#3-Hx`GY65n>V2w4!BDq0sVuAa!r}MK$FUYF$%K42x|e>qC~k*qjt04qp$58qa`PJ z$82RWxK3q4T@t#u1Nz5M5|4T8Za4 z99{}H`mp)!8$3M9cR}zlr0+qX#o*z|esSg1!xNiUs44Y4QYu2=+=C&w86g*L1H};4 zi*RAGCH~PR-Brzr--t98clTT>6=#tMYOz%j94E=4+B@FW{(!AB!7O0@L4NJ|?3Z`?DMg zQo@EmZT{KtiNC;KicVt^2z|%C$60J#p^l3q&u0K}{x+5*jBt$giHL)XcU@Gr90G*c zvxeziV`&1_CPtk#N?})AqbO`lLlmagA8xigVza$bi0ecpTuv9_vKWUj3|DxY=>djf zPi2w5bbRz)SL8mm=eKswBB$GqXJ5}#P>f1gdX?iDcKq>uv*o#gP?wfm5L+uMudvKE z2z_Y_O()MPiS-2pj(8j9zl@xRq?VWFdc)ti3*UEdIF#-#{?%CC4yb|)9GyZjkNWR% z7yeQfotke1zxvS=S*sl85cv|#=%RL1#_}NOgr7q#`~Hmwf8z3929^Q_x;@rKb;St% zDj#ivX4w@^cU6sm=+1U9UHRd6vY&w;r5vT;_g2qRGyapgnyl8~Yfsq0X*4#-Xmn{; z>g(?CbnF+plA%F8tSa*z2RP`K`2$GQjXv}2$#{o%%`b(2CgMUezH^6}&*vk23KDbX zy@6-s@#kWz94%Tij6c~uarb-}+o;&{a{ym-$N`VM{gRBu#^T;W3=Y#bFL-eyCblq(Yv;R;uZKjN!Ega<5#-n6A4 z(o(WsutT5%>@adB^Cy5zIO$I>i*zYpl?J}tF87!eX#As{g0QQ=Kd~M5xxRLJ?(pJv z1!W+fc6~8t+m)7ur?zudtSoQmsWbOtpCazl)=;eGSvaofqRf}YT{wMk?05j{irfI5 z@1{Ig@pfO!DP|5h!IVu3A2J_+0J=6t27o=~dZNofm&2f^^$m1~2Y8BWee+yYzMP$j zcz$p%P#zRUxJRc(1Kcqno)Nf4Sjz|%It$}Lt?#(lgIJ^BKIjcE|~$u{4fH zG|(R3fY|4tO)runN6vIbuw~XB%6Uf4h)nbzErL+RKWfB4Hlij{zxBW>#*VKS=oT&g zPV)I(-?22~YBj$vY!++|-cga=12fl?RHhg8}HhiV}Isv}FwmJ&jd~}S{?;_`M(Rk0S@?jI^gS-48HS^2ENc0zXyMJ46^a}7sPj3^mnhm zPQc%PS~&1$uRr4;T+uzeY)z`Cc!v>sLe}Slfq|F#ukj#84+>Xr@lNE#z;hTe;WmDV zQo#B&nUh=ONS_<<4pQ0GDKQ`M4fpZA<(Jdia1kp*IO=L70CwR}8=n6IlNb#W?Ol<+ zuIS}(6Q2YbcsstTtzImV77V#?w%o0emSHB0^;$ot(Op2x3FNKZ}qq2B#MH0Ki#bp-g15yVC$%JOfoj@?m}c zym|KT!QTf1Z2T3_1fcO(uCEjDR|7>{JpRAA>qq|Yf^UEWzGsKn@I9}u6W}}lXy6OY z`aSr&qsYczdk1{SC4=ujDGvPgTffO3Zsa>|>K^gUjsiNqM)F7PgUAH_36W+-uBY%T zdSfhuRI~^(LB-meWnw2+u?tDzt37I+W;K)okw@g<8qoaeqEJv52g&3=mSq2ku!^kX& zH|{HCnW~J;K9|qw!&WlT3MAP&Xl$vZvIGRmBcSfq!%ox*zRW9+Pry&Y`gwwcR~3I{ zgmSPP1qQ=VOaBStE_x-n^yygld@ajYElCkmX>9BzAo@rOeD2<&RX)u>Ko&+ZyDv$> zn)8^fIaEn?cSj_q!97@l4~)>`Tz?`1&4-9#>o`4QT?Hdug6r=K?mxy@5oPgc_Jb#3 z#@a?jU7a&N+_J>!P=$RL%49S`_e1lUz-klX!zt&3T3_eZ4pymlQ0lGn!UEcNamPT- zAmiqxcn~dnxulD66a0G#7!{C-3lz$#-ZcWwWfnLcn+?u$KzoY07=N47Kr5?(r$sO6 zSXvtF?{lyNq?pGyvw;U@YJ_5!+DwE#hrXtm&vOKufuahlfu9JGb8&3A2N|fldTMiO z-#J5r|EK2Hj*g~4rBEo#ZuUP%l0ml(kH~_;j0tbwqxS@C=M$kmb|=L67?sDNm1J=~ zMu;{P>bYp*I~OZPLaYy5b@1BUjX%)mo2zLv0O~+?{niI+ikG!E*1QS*1`Xi$-8D=4C(ma$G7uk-2$` zn35uEsJC|&zUkU<7z*A!Mlcf};!vFpnP#dKK^W4V(*>DWAL@l5Z3i75VF;4>5Udrk zZ)?D)>gY3&@Afk4O9zjH{4EJD=*RdA=$86q(QLZHtx7|?REAi0WCc|O2&QC=uY2$c z#wGhb?&z%&$PAU_@yHMYN5xMrCf?;^ELr}pW-07<{c2+yr)eVTD|W_&+QL#B>MBL0 zuIM;u4gRb`iNVxY@F8k+@dpW<-MvPFvy|tLb4N#FMJvxQ6(F~PUKyL4=Z-!>klfJ~ zD(Ja9-{pdSygHlttRzX3flgwvb))NAk=hPV#2LkfVB1nwnv39Vs1z!4_y=FB4k1t* zC$vD-558AtCz5nEds3`OM@-u!{Owfwi?@)4Rb0~M!oZWCyk0`P>+kGEi(UIk&bNx z*SAUaXM@$zlHlL9_3SoC0JPWF!~WDJ3H5#3#P8dx@7)`|P4Bnf{+8p5mYu1 z!PY<1UA&d`w@$5Yqt73L43GdtZ$UPWh}dIk^Fyo zeuOshcm^YXfPW>=9A<1Y|$f z9DPDN-IJrxCn(eOkgn39hV==aJ6P)kha<8aktMxL*(l zW$0*A0!yIXQof$iF%X#Py!MI_D#R;0w1-~QuBwd?2x`Gl!9&u?QenS}Px z3QLuu?bwSa3T+v}^OJc1?xG75iqZWK_L4ri`HDwg+(YcxeR8~EU!OcT-V~roI0BdV z>5Dd>$^Qu0@eY0_e+Pbz%DsSu&L$Kg+=XEGAy_2QQ$#t0DCNQ@XaLFUdvI>IawHRJ z1NNTE`|#d;4}VroObKk<7C3;gDy1FVf*ewqd*9gv3H*Ed%QtW81T}4??G^eBlc4??CeYUYPpu z+|0xE!}_{F^54SSWk77IYRWemgTh4(IbOg9kmF@f?C; zjBD5igpY+*)(CxtM{rGlH7`&Dufq5Ffu$ec9%D2s7BeIC5}uRGLK87~1Y~n=@@eg_ z{D&%l>e4-t7t|a zzN_LsBJedv=CW*LCu~Xg0pw@$%?=D4?!N@R1@Dpkj0-*hx{J5@us48@!F%q=<7z<@ z@yud6H>w4#)j0~GnDGwUjqjYdn3KR#v5%}yM|1Uc7_m#gKa7Bz0Q%^Nw?Y5o{wjqV zd^a#3TKyMFn?nLL)A3(`o*&oyw)aph7Bznsz=YKk7!I=l6BNJ#CSH3!KCU<>- zXC#3S8h0~ESCIOqCeT0={OdF|sdkF`d4l#&gJ=UEroRH4^*m!@L%vI#G0Ohyi7eA< z10p+%i#fybzk>p|P?$qhp7#`bd zqFKE^fRGwFFL#rsSMx4fE8_-_M1AiJt(4U&=LR*h2;yp3Bl|EowpMQsqegZ%RI-Bx zQ6Zal#0uHNu|)KhVn0IfgjTgP`>Ot#uhY6|_s3NQZ3GBDVt5ep_9T)MZS)qt=9^w- ziA{^fBP@E62m2g_pVakOAOfy%OK;^nzSG=MH`uWO4Q+c@DuQqj5{=ZIRE8L9+GFi^ z!!qX%BUe+K`CF=6>G!lDIQ#x5{|-`VM5U>0)WM7Gp-p zUV`=je_{0nvf-KSQ4GqHAmz*c^%2mmH{8Rq({b!Ku)2)}rL=TK>8OFVB%B`K0&I#s zx$|(XZGXeD9{*Bn4kBu>8M3yp@PRt4*yN7U3W^Io;XG^Iu~LS@y>K%N(U~n1%WYSB zYjaO=yqDRx_G1m|s+arhkGgUV@^po$wzw-xbOk$)TQ0>6*9oA>c#ID$%S-XK?DuN; zl_{Ix%d&N3UMk0Y)yUQ*X@0~pwyMnuZ`e8_FNGfW%d7 z1r&DByMiYz0awzgJQkJ;rC3PXEKOog$tN7 zP7UtBIORsr3MZl@DV94L|Bq7zqogbN8*N6xuwsh8tZ-zZhb3w zc*H`Z`pka2;Aq_k^WUT#!=Bv-92F)H7btIWAZ zJ}rzlwS2+#OGPh=Hj9$h!0d~h(kc;kwe_8 zF2q+lAfBnO;byZqd!YFhv}uxZ{lHc5qQpKlc;H&2@--^l^!Tzze-#Cso;RUKamS}Y z{Z!H69lV3EYt!MM%0P!ql^3VO$AUE{8Y||?m!1A5T%-P+IefBE(*gXLCTvs$k27xL z+TekFV?{qHUG!#aQgK33c$slKROwGy`VlFu=j(mJnq!R>KQkl?^Hoagw$Yb59P8Dy z9Y8-WljnI=a6u-Utq=4z)$HqRw!ahTXMzU`j1`NebkQGLB?tOxRr+z3-iwG_@I~;u zau#xoLI>Vk+$(e{?l=mE5MO0;gB<;Ir+(U32=M^#;$!1NmQxJ>?%2jr7@*vCj=nw} ztU1+K@uqy7r>ZlJwObnTS2pMD4;qftI9+ z1<*C*7hr_VJ1~*rv~pLl2KMt23Y5(mNkCy2YMptOD<923hq6(GV$U-!%p%cXtB`=R zFf0xkt)Y+rZytmwh-wuyG`J%)Oku+sj|X_6t*i{OZ{Gw;$(H^O2q-Q_reT9NEziHf z8(9KPF|-mek`6|Mf>Fscv$+*JX}F%(k4n_FBOE|>3>RbCLuH;LdtGbb8^u`lICk{) zk%=80lRT!oZtO!79eohYo*2G*DA2}^J||IH&FW}zneON&V2kXPdroXq_15V6@+2L_ z3iR9w80BcEr}1O%hR)f-0bV_*Ufs`E?bA zD52nS!$tFnbZ~`bXdMf<2+!BQY6`8zg_A-z*Qd~HG=&C+>49q_aMT^R4Ip5l(DV7d zEdczjn+)8Y_%R2_S|68yZdI?seATs8GN~%-G-$FvjcqAK(~*?D<&)uWiD2%!JbBis z$qGMlQUaMg+g$+pH-5~=(3%A!@v-?|YJ5ca3+?wp(^r#XPBAE!R#6#rJ^C4lwKwp>hXYu817`G^h77- z;Hf+KE^i`&G69FZ6dunzjvBH25c z@O~DY<|v3d*L9RSpTmzioUfweAoWkA7qSr=i3fo}*vAZ2g`l+*>1491Z#?U3hsDa# z)OqUFxqP)J@zu%dRX4u+2r`jn$^3Fn1?r52UZUkkwaH75bWmPI7<-+`XkZfW(^pw7I`XkGaQRSg@mOUPgs(G=3*Q~BPQhDu;od`NMdnAtIjxN%- zPw-=2?|=nh{;0TpHM#wa#8)4vSKIii!ntvd7QLWeJ}p3Z^E>#1l4Xd}TLi zg!VB1m_-Bs7>TOvQ!vyH`97RbZ2@S6HsX8M@>iX=Okw{~tCskV^HoavZzcA%&cvDo zigR}LY+a@5>iJfcZ0+?5)OKTHZLyXPz<{{|7I0v0Up#jk*;E^;uBf8D19QK!)?RgL zU7t|wUEGx-THiv^f1oi>i7iGV3UiNRj0xi+oVRV`=}r{n(`$5f3Qr;4B`hXyv#NhN zs>1Lt%n|yVhaXf?2Wvm(Ct@u}H=wX~GVYx4_IowePXFs>XpLrVS0+*jWIJfCM)&FMoMiZdESgtforMja-mB~*ELkG zsO#!4SJZX&lq>4G^5m+`^+si9Tw#dfx~^}kt&VXO~WhaHoTAvrur%2=g-%^j$vZtJ`^m!4b z;N1!5MO;20;k*cKIKBT^F`U*rF9Ld)iMceDmUn}xw8bcWT?#W{T;aJXR39$n}X^lN;)J z($W@(b{g>&?2S0hvhaU>A3`0+b3)V^Azw1*Byv3Dv%DasH^D|qt;&<7GJ4yhAV>*z zPkg;I_S+amDCu}lv;=FAw{CA|tV1x-|A1elp-RI^ZadUvI;wgfm&p8);bmjdqWx{j z`xvqA2rxE(!HiJ#AqCe1tPk?ky}G^&jLOxjl5|!=I5yt`+!ODM_`*&!a2alyXrOWi zF6c)?-yKr+xw!X6=OW`2j+H6?9OI7%FM&G);w33_{Mi_O2s0V^6s%I*sk`N{jV>%@ ztUD{#vA+Y~MktlFbBkN!+V{3A^<#kE?^AcQ;|Yu{V`@0bb@fFjd}XXVh7ord1Ql`j z@pEj{Rk)wsWdgP5@KxXdKz;%j@F74QD&IvN1FB_2*G?cC`)QGT6ri%}+w60gc2ZeKis*P$a>R-$r6Q*8nicq-F4=X`Aa( z7UFi8Kpt90TWGX`@)0;Ro&2TfAi6D&nadzj;D&1{5!;(61Q=HpjQQrZ}NC6rcy zi{?|>>lz`NjWAz|jj)ad8e!(Ss4oFi*Wp2v zn3}*+#MD?0q>ZT(fvzbg)`ed+iK(Aqybw%%hl}Q8>QHZusV#MlAI-+psM=G6oZw;A z;{FQB-YiV)FSs^OM70SBbKyag2s@djh_LP)NE=~o1<0ll7K0I_X@qUWSAsCwOq!3d zH+pG=-NsgqitBedY$I$uRqc8%dT?$22m?U^!j45dO(JX$OA%qaIG#4bKEd;*=i*v^ z)g*=e0bdEiR^p=h2)nDNM%cvy%h52e*l#w%x}@6(J092O%P=$~AnaQ_XcA!?Sc(XH zk>hD2>>)gF8euo_t0oaP6JH6!&cj9X5q3qPMi}!rA036QJ!m8B>$Ucj`~=tLEihOl zAnaK@XcA$oS&9gYa6D~UBWxnSY7$|m<10bfskmr9!iozt!cqm6qoJ^y4%i5L zf0K={H*jrEqge%xiN^8>t|(t$WmE=m2>}wKFha!68%!kVjmYJAgnVt&=+z)r$fGO%7;G=E@co~j47KwvqV zfqiVhJ+L1iwg>iYT$>@-ZY+ewCG7Ub@_*oY?EW4^M}mZXGoCvo?8W-tlCZDR_m+e` zRo`0@wnyJv5_XBcwpRMmd)A#N4 z{Tuq;(DyIud+bJK2l1%BZ?Es~=6!VTF>wh$f(J^%zmczkRUMj^@bAjkgLpBD9EpVQ zRucYTjG);CbEMu#buyM8faM`pb4tCD`V!BbBlV8Hw?=BCzPCo|DSdB^)c@&wYoz|D z@2!zquJ5gpny>Gzk-A9VTO)O@zPCndxW2bW>I{8vjnql{-WsW6^u0AwY5Lw8sXZ_* zu)oLXk^55LchL9m==+ZPexttcr0<{NeROW;_(=a957bEinXiIX$2L9E|2|2N^mQn5 zBqKdajr4}S80ph-T81^!q9!;Nl{Lx4_O#GUY}d)81*YMFTE+-{g6B;$v9+#8*oG!A0{Cc14~>*ck%L(I9N?9vflTA+Eqe*j!wjw?My?Kw;0~ zL6Znu%~B%&a6D~UBWxnSY7$|m<0~cq;G+2mD?ULZOwPAGsx8S)KiLR-YoCp< z*Kuu5gT5>QVIe$d5@9n~iU_-a<7p#oB%U{ouzY^iB*L(WD}?=ui{>LNv%5yvHrgnT z3Skp}v=MeYV(TmlyA#)DZ&aIru<>}%B*JJg5rh?TJZ*$^79gA2^!`kpW|Ii}FTN5A z+e{s6vsIlRcGU=zsK28^SpIGsVZ$(77QzPUYk0(8m95+)tD$#?l`k%P);eP*#NS_^U!5ZnN=RC>2)+wHx(boDcz^l=Lyj7$ya02~e2DlN z3`@`7cyUAOJfrdsxk`hT_hwu{jSM9<54^FGmm`y7bU0!MoF|X`>v)Z?T+VxEb`q^s zc?XWFQcQ9?W_5s~99qo|R*vF-eJ{xBK$Xg*8bMYE>V?PX>jLv}%nt!Hr~&ma@kDQc za=j$qTf7g)9pgQ$7xQ_-kcJp3zxjra=Xf&-MvY(bKul0M?+>2}4hjctm_+z0Dz@D$mxT5E4(*v@);!Jo0 znK+C>oTR)HCD9GEXoNl$;9zrk2Nzb$b_(oCn#!D~X_R%*RQ8nA<48%bj~eN0#_cEN!al^GcKhwzM9&(pn9?^dJU{_dl)^9SXv*m^9^!EU~rv} zPTT`wC_%GMMUIeVbw@ zK6AL%5l=DB6**QN)3woePGHb%zeiHJj$%9#Jwk_+uR5^|&a}@2YEE6$*I4tD>*X?Z zod0pG_Pzz(+%LZjN4a6RcfY$EqmOiiZC!g!=&I=;pS-;t3;`+S2R^E*z2 z>(j6HhwZ z|Aui6(LVcBO?&X8`uCv|8~EUT^}*Y03g#)RlC^=FlZ_RBQe{HSg}^F`vYzMwu>gC7aqv!bu zxr@Q*`pi_1rtr}&z>7!azX;NY;m7<$J=(uZ9{r3Tvr0WWQ+;(Bzj{VJ>Z~5+@X_DZ zqaEter+jpadi0!n^fZ2|m!i29>i$OF&%you2c)fg@KZe<_ifetmV7@3_rJl(1T?W1 zKh;BVf1-NdmG4i(y;s3H5s6WIg4peGou!chsl z*jg6cnOYY3?Ob0={Pp;I@tfzZZ!VXB4J7)ngcW~-+bDn23kL_Ie1|*yCSnU=C$8v+ z{MnB22V*;5)!kl&!C}-dy7{hp z=DVJOf(f0l?8v$k*LP5zxTxVyNVJTz6DnG!(-U?lu3{%}J_Nf1G3t`+fk_e|#2$a# zDH}1rOf5AV2liFV>u?i7#sHWKq#-1 zQ^x0l3T5tO)prO0G{9&^M>Be0FhJ?&fS@PhNW{hJUY*Y6TV=w$&~a2l0L(vj1_zMp~JNnfg)P^N~|G{cw)uhCyXx(zgdP<8{uDE zNi#zg;$#Gc*%z`EtXPBMc{E+&1SSYv*-X%l1*RfYYut{BSrOVxo;XO&-1Y)`eCFbV zLb5`zlWCh`zdU#}{G_`EZk_`;HxHDABMC+FX7Ill@u~PRURk`Nr@)J0S7-=ejz;qzkr}rMlFnHI;uMS_bk+B<0RR4=t_{)FTU?RHF`j z3m=M`7BwTg7HVZ8V$($$5pRgv6kTf!5nCSBh`1MDb4E6bh!5LnL_E@n4jZez^u&RP z-EqZr;yG5x7m~a|V>vR*Xjj&YtVRbk(x~|&zDHnvnQ_||e=&$&iMc9+)#?nZg zRtT4$0GCb$30P+6YAnE9BWyC*%t^$Ys4w6G-@|ad?qRNHR;clFT(je6yYGzs?ccJR zvr2OX${=nm%0bbM`XX#}^h`&i3#A5|_I!QOpud-D?3{$gM%QWVOf&|D}CWYtS0&W39%j(b0w)v#8DKr>i;f&M)H(9YZgpuFv69;;RMK zTjvW@zWFloEDdo2lhDV=Rko1sbLZMPgRuAj8HI-CdAbHWdUGRn=?t=tY#SVI6M7bj2TeoCV52oC|IvS5hlw{=MrJzD@3;M1&UXDHzL-8%3y`L4S>+w4($Fn!*4o&NkGRriN`Fh_ij zqd#15(4UITQCedKb$xcOM|J0a|C8=yvpd=B4zeOME1-FQBIeIutAPsRxyF1a1*q@3 zhOw^qUezgz1g9Jg#^2nL9OJ2V^g5^B4Js7*SMp6ZZAF{&(3l8=+3zG2AFRr%0s;OM7aMyLb6^uVHm&>??H%tb;7Z-5*HGuS+s zR8GNu9=?PTd{Dg0KgIkSfY7(_8$9O|x2dc`TT=V2=T|mMUv0JUG>SkhL_~C?AM>cH zSeO6d5>5SpN{kRS$I7QC#E-8gXcgyI;}z%WL{Cm8mX3fw*# z+)EwvD=yLL063XoW1{(3t2Se;8o&EHUtpJ>+ zTVGFjN1ShLicLk{Lwh)!`Hqw32Q!ur5O(+*Hzb$(3%O%4Dsf&3rJFjt7Gt^CS#nC( zaQf_BH5o~BFDx}~s|p-IfY%QosldTS*aaTE5aC|9D_yxbzb(vhHaE~nL#X0K-F_k+=L>kK}s6l*g@Hm{c#qp=K?lH3~-rm%8Y>yY7lhVL?p0k1u! zrwcV~pcr=~ewHh;w?L3|q;JVpC#_S(cJXgQct+@5L0CMKrp{{e4-A-O(lp0&QL#ls zDw=X)w@0+13F%9be{_}xfyeU*2o|LF7I8>m;5`38jK}5vGh9f~3E2d>L@DVacC0~s z0*mI$tQ1|I0a@CAfdxvPO`^737|YXv1x2ej9@IVjNf7fL&OJ_GZjNQ&d>3tqyD{Az z2FB@cnk48NDEwrTJ$`>fg;d7bXI~%0z5yQ~r>Hy1!?=;p%pE@6%{_rNV(J9m=g|;R z){)yW%=;+N#Zk)jBD;>{+d)25Z{cp9A@9K%@)$Abe8FS(#r}Oj_vb|E&n7uP9IGT) z1kVrObLbaP8IBJyFO&k(Uop^7at>c=|Juxv9rSWS2;}WZ->iJO}F@7%9)s zT3O!KwW>V7Eq>kR4lZ$Z=^z>=Y#?nMx|<-6Tb3j(kN;Yu*xcm}jR2TjsgiN)LE1VF zDPW>Bi$FA7fyq(#j;lOg;r6PwkZ>2bEj3GlfY?d5gL7E1)AgTmf=qxhBid=MzSdcg zW7pgUd%c4nWA{*BL29vNd-rhXeudiU36Li!NP!z$r1c6>p5=}V<(}sZwUAUw2e5v7 z1id2G0+l#oH11CD&YvuNHgvw81)D8zAKs^6o0kBaW8$f`%?7TXeJJZ)Vpi!#PlZ33 zWgqIPuQg@?aH4%EAJ8_nKd2AynBNWW)OT!nS0L%V1@BGzx*>Rde^l_=@)6fJnhQUf zA)Er)Fl5ybj`V@0UhE*xWC~2phtjVC!akO69E3C=FmMiLCfsbImtk8E6HRfo4@+~E zl9BRBHE}1n%I#PLs1xc$tu=QG;Vrz)#vfPsb2xW^qoGIy|)pK))Ip$F9!9`554kwyDGm zX6l8xi5txL+P3JId_LuMTH!_~@<18#oy<-*BtXsnzgDgC>S4psC`0)OxK zsWF1@(ExWYS|d|tI(_wLL4`GI?&EcD|1SjhRl3?Px=D7b6ka=D=U@@ zC#d)JVRN}XmVw2GdfzY-W+CzJT=OM>$$0hPmNXkXvsdepF+vxkLI{{%2$(raz#Ik1 zb%zo#tIcx0#v<_OFB-b5Q6D!S$}+|?uxJ_Eg>C~8IXwABPKy__-48I^0TgeZ$qb*s z1LN$Cl6mxA=Iw$G13-)xq`G3fD18Cz+-J)fh-0$|&5V;U@O>Et)^qKVMms z(R_P7$@p2u35T&ZxSv9QoQzM-e?CbtP_*?8YdyhQk*9Z2=UD9@LB5J5dlVQ)lCR=F z0A1;ousiN%CHnvQy;DGM6O!et_~-j1MU}7OPJNBx*zZ_8ZjX|^mBXDZ>G{<4@wfS> zqr%@=3V(OJp9FvH0YkIpfpXpc(a8f_Wz|yhz#XsJ^1$u-TCW1pPFFztW61+E^tB}q zTzGSX@YcuIZ9gh}HTMi1YyY02*8lf0x`ZQ#vY$n8J0i|}-p$bmw$o4?jemvGBow{A z%{g@S{VPTTD4T&Qc}bm@>S-$9_`KZ;M@N)z{1J4iPQLNW)^jQ}ns5A{tB#P~-}~XH z=)FwQ`%Q6rbMT830Yd}yUY~v@99{dvRr?E*wf}dVEerpbNwD=p{1&}}KFusgFBgSS z0jWjz{avd2t_IW~kQ2f5Z5>EOB`o{dxg!+y{uu)T>dnr9)jzu{*d+}5C!=+(-)IiM zo}d9ZLVjJY`v1WOC(&wt{r8m`|4LqNIv@VF?~j5$+hXAA(B~^JHA$Z>0Gse*hrD^? z_bahn^Ke<7gX50eBu4{7?nrlUWKJdx2;$a{U|pVV8W=ng`LijDjYuuI$X5aH z&=CDq=p6eeicjLBKGa)$2#Rc0W2`$p_7G7`S9hM|UbzOJQwQ$N=W72_q;bEurI)SDoM!7+cg5u%>FG;nCfbLgaXV3T<0 z59N8GkO{?si6+qmE&1ST85AS*vzW;p%F+0FE^%wKwK=3L(@K$M$%~q?V#8N0kmDp z#U~4DiXq^B*fZc%1_DM+Z6#fDO$Nbn5Fo$etW)6spDfk@{y*~+S7ZF~MI8VB>p4m+ z+!*d(HZ|@Su{oz8)i~~ZE8IW1PUD_hfjr8G1=N$fZrn`l#HEvIH~?X{D|L5loYh<= znnSO(Yz+%3PS5@>_6JN)Z+M*`Vgu#sjP1aS%#LW*Zg=<=B2>~*Bcmj?EqCyhD~z)> z&qm_hv%$Zh4T_$PwV!TfIBJOJU(*(}572m`r&Mi7g$qFSIov*M!K@a%qZsWZ%JA=$ z>32h>$GFUao@q>8zfWCo#zP!}IO93%z6*5+1|quVkGP=I;ry1yno_YB80&s~9vuZ8 z?TpPr23e}3=6VXT<=9{An@xwnTag-tK6`}V9ui0d%?+ND=l_G72W&gHJ#gN$wkWM* zdekb?QMHz(&*F?(}M18qBx6+>%KiN}U6qR`~G`FCC{XTWb3+&d)ak7h%Zt*xeZ)7&q zZ?p6K3%rq~Io`tGpnS_`w(A^U7wT^ZlJ~$`AC|$uQJ^tSSyXg_!kQ8KP#!=d_cb#^ zLnC+C6aF$b^E(dWbm&xeC{^KaX``Z9UwNYWo4n!Kdf>Q0mXTv@FuQ}(r;N}<;6}0< zc!(s?y0rx8Q1!)*gOel&CH$^8aw-6ZVPvPTBRFgC{MZQfBp@eAo`l&6jozQ1 zzJSg@v~r29Y>&AyA+VT*faB)x zkN&}CF=3BTUa1h=7Cj)V689$#dGV)Z3GzyFF3hvJ^mj40-(l+dlKm!sjgG%Ga1z@ukDb)q8R46^Rx{TpJx}hH7 zA+fOw!S0!7SNOnS@+uVFnvn@z)Dj30RiNf2ndAsycDXR3_$FX|2UkMfjn>=RS?^ci z3{qeGD6LVLRPJ;h77Ilk9CwkGvFSRW#l()odaJH;YsNr$K2~I+{PeuQ;5mNyDkOHk zk92-4I#J**L{3Ok5VS-P1QYl$c4Q8}F{5~s1V=-h?H()b3XV{*jUy~@d2E8JvEr&S zM2uAwJ12Gds z=}k=-I@mJ7MfayI^72zf9_lDGMIQM{S{ZJ);>(M-AZHt_Knw2FX%dYfjx?KM&n%`u zU7BLvm0++``>(*VEHH-_{g%@|DOc%a7BHwI$c|duLx2KR0gM8148@Y04hHN#`5&JYGTBe^?c&K`o^z z2T)0CrtEBk@5g80`*ZrOw`y7+%~+qZjW1g8MV*RDQ$Ae316Ax_SuUkVv;@#){c081 zH2p?9)~0Mk@e!?zwOM8RHW0oFqx_Y!lnrRSJmod^fZb^83jfIQHr9-(HP+;;oK(9K zJYzkUf-zt_aAFDV{QLYz}Hqy09DccwWTR<0%12`{IjlC z2vg&)M(ue`1=}!irR%>1@;|`wn?eQS(;y;XlqU6i)f&DH(X3Zf-sbRu4*E}0?X1&P z{D`va|A!iWTIm4=80$u7GzQUVP(a5~YG~t7q`c+;f&?@ghub#XtI;5X#_MRyIx-ur zqjghtWU-Dm$?7NpcHiRLwn^%cIlvC>1WrDrcS1Hl%|b=x{JdXnnS-$7Rb?lsDxsEk ztfd{iXYiq`?&NrlFAcB(moNd&4GK~1%2Hm9PY`1jEJ&Ov7$?JCyG7q%tjRRiV6u#< zU5Q0I>3qpE3NdN+$XvlZIe48lPdJA#Pr7_^#Peh!=RyPXO&;zmj5OTygm#5y=t8suoB8=5F_Cf1pCV4~EoBR<(MQ|j>#&f8-WX56u? z2th#xaKy8AJr=|yvo;U=##qLu@mV`rX6=~^MBi&3 zzdCWgDti;O3)m|_-y(}@S)&Kcx}{m3mx|zGeZcHVCDsA67$&-~V$b`#PO<$OJVKvh z+sSHV=tl1mbtP`0p5?#IxTr^2^}F(-mASIwG|UVQjqgMwI72%d#-92rYu#~?#LT%{#x_e9rm!SQyeOTf_EY84&6JS?E|E51` z=`a{NV%|kaH84bVo{ef=Hje72-qWxwY}s5?qq#V$J3QPts!w6938-c&i#n*@jlmOC zpMo{mfodE;m|}iG1-YYlOwOYTiI!#|y~60LY3VV zRmL9FRA~o3R;O$4$0WLOtLOc!W`D(KV({zrd>&>?<2{G|txpb!QaoLGF5yU^42upj z$+#nMc69f`0s@s@KJ*FCA!v)QI!dEQC|_AU&gIrN8p>B@ zkF7@NS3o6)973(@`jA8b<+@@+!c1DAfcYEABu)t@;(Rq>CEpOvB>0$#8QVBMJgEpg z+=6YMg^ONw+$ihtqsO=DCgpfzr$NN#M{#SE)9JIT8u_IU$jDRg2d7U{&fXBHXW=M3tB(ib%<970o!=_G!)3{s|> zbcJ%0-XtemDqBX3e9?B3#<_3UhCAG(VV1mvdUw!5$y*xZGPC=96qFU9zn+j;fo<)RB8@GlB?MUi{? zlRX7@&!0$T_pSd$N1{XaJtVKMQm;>b*ix0x<7-P34udQDx;-`;lf<#V8fVEf4e9Vt zP5_pg->L#v@qS-x9L+x2ydAYo#tay;K*12ZM?ky}cS>FV{Tt5aobhf=+vocden^E! zbLL!l^{h)^UV{{T0~Orhy*G%0+Z$P!>n%L&^Fm*HmJ4|~;?>U}e%BGGJn!h2%#FjqY33$UQ^|2}HAo2u+{@=$@*2le6&P`?jEj*JnRsago0 zcBxbPg+GTmIOKd{`Tt-~4qosJuoM}Y1x2r~S8#u-ubg7wA)vquJsT8iP)oQOz5v^R z>;NjrD5@{5|2CZnI8WYQSO2Y)UBI`dSXCXS1yt^il;p=+pkItyl|lFe7n_JNyDB3y ze?s+THcH)L>-+b?faBj^sJ`D?o|!g56=LLgO7)q^O5Wux*~8J&nCHODanMhzvdGyv zq=mz{g~r8qMR)`3#q0k2hWckuKI$`>MsDA?t_|O%M>CFzW(2}-6;_o7-s%hWQrC{K z&_Rt}gQ@oRq7T3cm9wrJ+*9KfF%eK819vc!0JG5jLkpx)jzn|CKP_;}i>s6M;6>0H0#j-I4-Gx*0Gc_`xdK~_fjmBFXRlv0XjU!JT>^KmE5Nn% z)*IW?F*J)IUFg}FunZ_DW1B9P{kHb!RQqe{kR5&Uq3QTuxd8fUmH(&|3)5kl-?ckd zn^(fTYLnn<_NN}ZvqvEbySr0X6~*pu0*UL9n058Mt1e_%of?S}83`<$kPqlA9edjP zl)P(<^nu$Y$iEW?>u*8E+}{l_SyJFTTnxd zigexKAb`BU4Xsn_k_6=c;w?sK5~MANhR_uxz*zDA32^o=U6(Kldy=6^_QO|Q|#c4a3gtkG&FS>pqyYIa9oVh_y#hT{Ax zLepb{{@lVll#aUx@z$%U60|+>s*Sb-8g1_A(j0Inncs*9{v!4X(;iaf zQFNf#9Oy8as5ISCA#IjI3mKV1r97Nhkmd|4NFBhE&{OAlJ>WQ`CwLKv7z2irry0)h zhTuw4-_}>Gj`}+3`rsY|u_(@7%BPb&OH-2aOQqgqpOe&mg7Imb#Y;|Oa##EPCyresM_e*$60C8&iW2g#}rcaC6rzW7M!)d}u=^;EZb zf(6PUA2!uozOy-|PLf5IZ0jVcO>Mm`gu|Cuku>`h~yo?!uz1ES&GpN+do&Nb3Zi(x}GvolY-#S zp4t(4qI19uk>OfwA4&{AlS7G!uoQ^J1!aMyeN+5X>j~>d@CTtU>~oF*g$p&-5xBdd zBk@@`1uA5B1St|k=62NW`v+a9WWz9lDl{z>HZ%?E?itjq?~|_sOhHPFd{&PEm{G@>>ZU>#>eA(Nk@!nd+p{h8E< zchJR9GlgjerV|?{MUS9&FM}B3y*osGa~!*>VKAE`sBWIKy2lf$lfkNwtZeK%6Or{F zDhNS4=Eoe!B>btZvk|v6vIHMuBliWJvpksB-t;9Y-tZDgp^!hu!h4Nda_kKo8Rus= zI56=u_0JejDJ(QR5THAlcLrrIRa;>)7%z3!_D`wJnLTBc`uu!obqZ7nqQ8Ib*O{t36D>Y0dx1r-pAx|Sil*=JN#*7}jcU@GE%+seo} zI16``M(`zTS^NYSD1>OJ|KW-u-YL~xoGWw+f{x1=eY8P}IBF7+qrHfMMRtjV{kA3A zJ_j0%kNE9YMS9;&;Wn*|HWiF}Jqgzc-5^L%Y8Xnn<`sO9gmIs1x8j3%K(1o%ibaM_ zhh&>kh9#|Q1>3X4J}Z^nzt1@gS9cV|Hy-O7WB|S#72Es48|Ea8ALTI}A1CrYZ2FP& z@}OWuWDHb|ss356;%&a;5zvhTB<|oT0$pjOfAO3zY=$-RuSJM=8es21R$=Xnah@|~lWC#A`02nBN;)sB^FQ5jbz#5a8s`}bNj znobk-3y`<|BAG)qkO@_<*lFa#%#W^@mXr^0TofYtW#q6Z|8& z0df@|_Wz*vWe&tS_RQ9J42U=HJI;$Hhi}bDffWvfV@(2))}I*Tq-`aiN3L`}v*mMy zJAvRmkxO&HohJ<<7=Ng@b;c723yEr>MQ z!<0GMBysacceX#fj`wDd(YG zh;=rpY-nD6ciQ!J(DkXQskhL_p;vZ?%!3IQMVXI?53l1N*eEY5j5lb6UcqoDcEYg; zH_7r84Upv}!P7<%qQ=uKHo^72Q1ewAQ{V4wKBnf`H73Q>k8Y0tY$v*$_z7rzEp#%l zpITOfhL(o(cwa7zhPJ-c?@rr%rGKi3O@(AOUY2@vQxvsyS`&%lq zB0sdObe1tI_JqrcJI()TW_0MkDepM)!4{9q^j)$lrKH?9w`2mc+rcBE5Y`Z?zOIB% z5l^uIi}DP9VIY2t%6oxHBtb2}4U)vUqQO#Jxr?{>Mo7ZA@a|aTDPn6ga!B$c)Z-s- z2FaAdj&!VdxX}cfnsdH1<-Z-qm+JAOqb0*)qaOw9LF?zD63H+JXBM4dZuJvjjp6%Q zuOs{2=xEk&-e?J0j1We+WkPxg5^DH9;T%8*U%z#v6BmM?1o<7yVGpc^ShEgNrfFHW zs&_sjws*xAJ_ev73>|uZZ}~Zh?7z$vJP4^fAFY(F%E}Ma;Os8)@<0s|>9*t3z~cN= zq;X8cHEc>ax$jiO$r>TVXEF-`4pw89br&-bJcUQl(Z^s{0_NcR1g8P|KAO+s4_~~3 zUp@`}gBSD}ZRsv%lrAHZC24n5eTj_kZ@>>ozP%QYP#Z$}ohf)Nf3BV?!1jxW1=&Vu zx>S&7=bF+1?i@*^BydCM&O|nztlU$S*W<5$60gUs9PCrFkaMsrl2UF$CQYQ^HB(TR z>b}2~?mEvB+z05U)0L4uk-ajr*IPXSg{Yq3!umSJ>We;w#jC=Fx!4n^#5@Tdtgie? z(CIkLA>I}7l%*r^sHlqemF&B^M<=TuG5aoZfHU!Kfl19AXu&)Uzer4GjaUd`76@@) z>~uVr?#MpP(H$z!r8_Ge-RU=456yNw1Y#RaJy8CT9+}PfxQWyQO!uIBG3}33lOT1K zN;wcMX^T@J>CxD>paDwIX@TE+P))nZj7;7gLSYs{J&`VLnu{UXIAOYlI#(YZe zIjxnqwr9tbWAZuWPgqxmc_TQwuyDT-x(ujX)hc6KNo!-pRH8Ll_4YdaA~(mYHv3}! ztOJsLZIO(1oW1@GY&|xI7D${as!1EF>N>il@am;DmAT^+sO2 z@${S=^)Eg0Z{y1*Mjo3kSp3&Z@-m(9WAwG809YOn1d(0|?=wbN<2p-UO9~2`CpJzM z>mE>4;cl8L9O=0=BpViyDkMGkRXRO)^-Zz1!<{_XTHovB$F%0QozJYlhU7@?F&dU4 zz*5g16DZU67)$l?{t$M@~7kp6iE4c|m2NrbhN8`#SOE_zELI0xEi7fGt z(q1+*`|5bwM_|abCx|-lYy3D5LKM)prx2MJ-a!m$nX&HJe(Qr9?+YI2WUSbTC)&v+ zTGVD9h~(mqceqmb)FNR`4VJaPsS;z6jykyEsbEc>vEo)1iFUeY0YA<{T*uqB{{w5m zy4HC5n#KRn)O-aTG>@E`m-uaJp0wPi=JEQvz}zbV7KHjcT%n%|>W2mDkNGm%>8$zn zp@u%^I#gml!j4I=A7=T$veavh%KLEHoZj7gzwX`5g3%*Q&U2s7?p<$3?|R02m&*fJNJngU}5k3>T6hRjXcyF1xCZ@l~)_?W%(8&{0|T; z*gGWK{)$$vX7ujMzw6#@V=YJAyRYWky;}`nEIxayzAiAQQrMB+(eM`U-ECZSRt)3I zXr~ip@+HnE^lsHM^sarpcR8y3$kgEeu|}vrY&yaH*BGIpaxvGa{E=oZ)nycZjD;t} z8-Eus(KrkHjF1b$S#UoNWqr{uQ*SwPp3?Bb-!z&YVvR?PrWdcV(bOM+S!g;#Ul*7~ z07RjwP(i9D@MA%qUYpC8$X1n{2)eMR%ps)8o4`jL&1-`-`NoQm@CfCPOJ2SP=?~0@ zs3aX|;HH_6#kt8;RT;aTbAb^CnFI!h8JFBJ9_?b>3_M5d{^q0aC5I_JD+-ZOw;_w)HYet&#<@tW6ppZ9sc&N;8Mz0ST; z_VrHY>&@1XtIY1~Bdv00pKB|*8TCH|>Xzf(uy@RIhYiIc7@s*(JggohS1)>4Rg={w z536zXAzifYX5X8vE_?X6o~+oR|E>Z!ovc3fa5a;xl010rTmh@+JY3a~)gx}JT-UtFoKJXWMlGyEn`)D=8gLQ#*$?NZ!36>4pTB-+50XVyOp?rur>HhSOgBXntIl^+wW%5KzxsS@O8qfev;csIQjE$ z4<`X+^`wVY7+JANNLK*;VdWX;@7$q0nwD-2d9h{f8bh zJVgNyce}SYa{mT`9KSDRJEYL%p7z+EVxNyT&#f#ryMFJ6W4X0d zBk@(|7{p*}4OjEEhFG@8m#S(p+AJzX=W%;i1jRl7)^NLrzN(miOKa);RNW)22D{1q zFOSlKrc3CqMu;;J!(tY-y#Hkw%>Yb5p>xjP(}D! zbH3>LfAX;1h=XE6`47@+z+VgKk7;b9+(sl^dOFjjr7UlEIkeigx ze;)c%@@dZ+$6*&(H^oan(Fns$$tP2U;ilwM1)+M$M_~#+~n~84jtxC9>v_HyNZ{`SG?wz_->PC!uKv}BoV%;jl*{kyG<-T zdul0&*ff2UK@39>-J!#LxT8KzY12%2Z#dx6)g9g@23%ZAQd%|OQZz^z8iY^mzi_(7 zTShewuQ(5%p9k3N7!u7>vy(otM1XCipgC@u7H4zDe8FHdQ{%Uy4wNUYGw3t-RQpQg zc{*$kDdAe`AkUH8g5BeM%K4(-T-IovSHvk}ywNeoW4f}L^tj>tWF=}Oo`2Nqz9yXt z15y9&8kHty&w9GNu`ZLx+4{|CcAU+7=Z|YJ&mEU0JlTudL6ik~%972^$@@bSW0lgQ z{M;S;72G-8Q-1C>&}D11k~NqXopz#9I0`0p`4%RuHjYD}Y=x9q$;Q_Y4R!?u$Fq{& zSv3>WAhf%X#H*RpR9W}yk`s__RQ2*{Uj4Mjq5Hey z8yXJx`UZ;*8`l)xp_|`j!}vhImq+_pSiQ)Dn#?y+HB(nby1ez8Le(ZxPM|5&n;UU0 z9H2}-I{(IFPPMu8ypcGUKj;=`@t;gMS8ny!qo!zX&RebUi7w7%B@YwTTFfc4m7fp^ zzHKZL@04g=KH2nWy88iHI#!ccX;>llfzncw?FVQ9MeA4&aT}mRzDA|kJIlICh&wJ# z)aR%ED#yht*XJIKb&C2brA77m6q>g5T0g=1J2$yMtd#jIcI4Yx4apYH|M&aDJd#Xa zv+L*fj#krgudrNEx%CR$3)t2x*U<}JE6bZ?ynQ1{kj2B=i}Q2s$U0q3%81o#M^@K9 zkf3WnWqn_d%O*W6tm1FXs{5c_uj1QskwyG^bcz?BgpI`y@zMk5s-7)#{D8mMXa7 zRz4P9vDSw|?plv@8`c67r?aJ4p4cX}awh3c(6+Ho-!_ij6UiFi&vEd;S$Tz0X9aJY z;EfgjPz@AcW4Q>+bxjl$kA&vh#@qL~h0s&5Oyyf$S(#K(-F3RInZ;jCFf3Itq?v8j zHqmxPv`L8a{6>|!R{<}_9x?U0zcv?zCd#_X<)by1d_$!hO&5d&8`@_cfWo;MNc*Y9;jx~HedKEh*pod;Wi9NSY_TT=ZQ zGFEBxXWE|xR}j?eGG(piPpx^sq4M-el^j#~oO0;ZP@ZB?>icQOvJP*nlqXjKb9>i> zU~^sGSy!{N;PPsu%d3{k1Z8TfER;JBn(*opr4&1qu<1r`nU)4y)*)+Qeqc^wQ|Z;> z`i#G?<6}dAa(%{w)5Saw9l-Cp|0_z||3&K+`FeFKJX}3%X&pElGT`gLW0c!X#Nqot zRgz3n`0}mQtd>t_OI+h{(q;-t)uA)SFO?P;&EFnS{iH{V$1W@<<+b*z~T9{=t%LV z6zx1l5~g63LA{O^BPtg4tIJ=PzoNc*6Owsvy+Sg1th}+c_&PT5Ag(2#a~tGv+)Xzc zIeg)=32rNu+&a0rHF1Fd5**;~wFjKGBVbQD-;Qtxi`B9wJn5|TWG9QCa*SkFMYG!x zG8xa}CV1|@$0Y_j4M^}~d!z#yKO43;*sxTToiioEXxY&Or{xMxXw#W6F$?6m<=}h- zmBA#*@pXb{`D5ojpui*(|Tyh-teDARzz$J|USFczRAXz)QjN}s4 z-z2JODeittsZVSzu$W2zK+$bHI&s5=St;Gc__Sj{Yr^Lq4{ky;n(YdodR+ygOkvdT z$hk9hGt}IU_dvZIv}F!xl_fc# zlQ6v;Ok@r&2nX#^i+DMRXAZ_u6$B31%{f>o9IR{XU@+tGh;Z-{QP&g ziM913y+gBbS6ljgW|N=yR(#Hu;Iq$PW1mk5)PdC|Vb;Q2F3cL37YZ-*dq(FL7%XG7 zW3VJAaLlfWGI;zse_b+DoerdRt3NAf*%!rop#Kw!4wZwfS9G;Z?|^l z^{+k`nY%hHjI9{#fc*R(o;tH9mb)9De}P$0ukiusDmZ1df%dCdlUsY@S=L%Aj{#Ut zZncOL&sOsj&#G3?w7N4>hby=A{r1xhEm%0;x(hn4mASY^&^K)2fZZW8el^~>Z)mZ0 z67A0%%vvhqL$?i}6=p;2~m2_;DWvAUGd|VnF{|WB6 zD}P%vXTM(cmcFt*H;ek5)!%Y!#*Vh~+?K|5X0TOmp_Q}HAjC#)*Vz5g@S0Tgk*Le( z7#3iw8ar3gUz~~JIk@4mEl<%*$jm=kBQy6tSF+10Okv*KxsnxbX7ag`^VlK@F-+&* zQEor#F_Wl}xAHtC_jCapUUmzGjWf#O?&kJtk-jR6%?Z#cN^DL52ep!hf+l?Yi`0bU zHEY7f1VA$^4id`0`8fX#H@RJy zkf{o^PQ(}qK0a*wwSJ=g#B#-FR$Ts;q2lYI;lN7Q8MGzW>_fQkgs#6&J@%@6SC8fL zb*i!}*=gztzq8Fj)NNJD-?iSO@%>}21$8*Yp6{P|Vkv@w52;6Y`^sALF zMWBi4(?;X2H&lz_JVML#*$|HzRd&9jOMjqUM_hmSKIMN?f1v)Ey8H(ELnw35jhb5M z54VDPDHz;Af8l@*)bMf;#yCt84swV#Y5_}D$i+&%ZV_CxPJf_HNR4^*Qt*o6ywI91 z!^EJM{&11%>_$O3LB)|W4i_vaOm``@vSkQpCfis{#S3?Z;H~4uCYfwjFyRAJ z(1#ckQ>nFnKx1Fct`DrmZXeC1R??Q>W1z)oDB2YY&+5lF{yN_MHTt6P%7icJ3sPYG zWuMKgKfNoABBf~G|E~6E-{;*)`Au%$7qX|O+xIC0l?8BP`RWL#^%k62hV2!&{-JKk zKp4izUo>A)7uYnzPhAY<@tYg*3vu()+!Vh^Mfm#2;o|}8(ljGn)p=<@m46nV8+@;A z=6ifxMuKbUdz^~dl%&6szjsvi_eeiw`|9dG@+l*CW617ll-t)mRL6^=@)klw`VNMX z#qN4{1N%d*=p$FWYn=mLWh+(AF}ATZ4$oDOvlgy(u%Ua#9V;^Dy0}{l1ZQL+XjIhL zd7b`9+E#r$HX^!DgtYwHxSRyJS;~huj!|s3M+f|#P$~>ezK%s6)1&hEERI4&v)t@j zmJ6(-DG$Zb>Asn4rnITX;Q~{6oX17`%+E7*ucxW^n6Q-n_gb%X!;#dkOI!_Diae4^ z8X?t0)VrraTh~}#tEP+>hPdR@c>RxOc-eTx$r|@~MR(8lP3AXhP5ANYP3WPMZE}9I z-ob#(koh3}QWVR`PBqeAl)EZg6%R>-atKQkIE+3j#?{b4l2I&8L%!qE> zp;Bl|c<=q}F+KzRzQRc-lHy!n5nsJ^ z8xC9jOTiYSKTsiP*h;&^jAO4&Z2SXVvp^&94r09htkYV{d!mB(S=70Lx5bDC-;^s4 ziCH=C4HHL?_ObRDtx{KbO%F1?w>u@{2!+pVLD5jMz0F;D%7caPFP4R6T}j{26s@)o zJIcO(aAW6>yPe}|S2khf(?@)Rwfs;)=v<)rI$BqPtI<5yl{8gby3TU=F@Tr9!9~-;4^ z+n0X?=^j$AqjFF-VhXf2_Zu|h@9F!!r7ypNJ*qTTSKpp4IZ#**U|&s8SI|WJhD>x% zvCHouDuS{rI99@jd{lO2sk(wzbWMQ#$y+2u3QEOv+*mYSqp!Pyj5V#7CcWAgQ$Nq0 zTTnmK{Wh11slI;)pP(ke;S2t3C*K!zCp_Jzg9}Z*MYPaMaOkTe-r>f29L}oMvwMM3 zaAf^0G*7|~UO?o7=w|qJr3hCV4*b~jG45m`wp2*iu?F+Hq>h@Wwbi9pt%!!y;4-=pJ8uH{3%ypTtc)Up(fbE%a*B@ z(M<+iJ}gOkk{m}&R9AF`L0_GTgv4=$3GZ3M%0|w1yQP?%IU-{68zjw-PQ^KMS|)RN z30XscBs7{CAz8b^k#NY?y?!O>yK=%SURiT-L2ucWCDtFyuB6yzIN}fxm;R5_P3*If z{b@{3P9GyAtFN^4^ttAP>$^^;Ru9B`N|6+tkCuY@Ae`XoP7>SW{J1(F%OG5sSax}; zRa18Pc3V%#BgGcsm`gH%QN3;s`R!WG#PY{!`=yUWyjc&K&KD^{3KnT?e@(A4A_Y(2 zG9kU{xAcVb>I!zv5Yq7Je36Dc)p2UcDRE;H&T{+3e!_$jUAao*7)og<(t~9DSOlIa z?Ke=4BfpTZMx_K=S0Pi`mdWBvuX>puTY@IJ(NP~UvfrZ-o3u)u`_z&O`Y8Tgx(th* zT7ttRst2O@zN5kZpYSdkeq6;Dx6%HC3E>zJnj5ZlJdd*-alT*W5e&Sco9IUX??h~cMq6sI-#KR%p>e{fz0ZjyU! z3himc^f%1^6y_L*hK`~{ZGsbW98Z(XM9l(W(v@!-`-bz^k$Z5t+tEe=Rqo?GmnQ;B zhlSrnK-+Seb%4xRK+`Zp1r29qNX!J(x1o*_I#wPDjC&vI+i(M`oLu4iz z8NMWOev3GOB#Vd7x~TcECFz+EJ3xqUF(IlYNUYl5o+%3v2SlQ1K!hxSbjg?wR-v#N zF=4$mWHi5w3Xe$+bb*}q)y`{*#+Ayi=XpT-Ds>uKbuFNr0{|>ri7`abPs8g?_iv~AH{1}r^nA0l{rS?0NTE6c(M#WE|yiqo*9!is8sBeGM zS5IpTY0*WlD^<8naNttpk0YrGC?AL#4h!s7wjb`%Bs2tD-cG9?*cKP}Vd>R-Y5jiD zC;Xzmn{JbHoFr!GFQ!(8^A-w$we~Jcm|8K z;`~wdy4zq*<>&2qT}|1a4}CthK;)+*?5oD-?NG%|#Rcc>s9zl)v>_|x0Cp4m=Hq&> zuIs0Tbw|Rj;RzR}K@}So!8R771;Wnb{Tjy+#6P|A14Ue4XEwj4s(!^`N~mve`wwO1 z@@qlryRSh6bcPEyR+GMnzPIlJbp;6qM!!4N72j~9f3CXXV{Qy6QCA$`#x@pp#cSLc z2o5{AG03W}c!nE;VfzS-`sxliQ|2u!&*+q1nU99%8qSZ2L?|}2D|_om*%cgKqsCL} z#c$K9{g$R){33-ambc2c9sb>VXoPRZ(@raGWkeW=H8`E}eq!tURwj=+HR{?OFQ z9+VZ@hUit-C?~+h+v;`C!)Ns?-H{bi>CjOiWrt@)b_j8h)=LSQL{$aVt&}U-B$0AE zI4*rt)(1c4i1gEt5S!f&j!7q4k-`&&wuAfd`e0fHD|2D!f8w|#y2vpGrwoPZ>bq08 z(<@J;RUS|4XV)j#OS`96Wa`_(gqj3lG0_ zS~Ew}(A9?3$vSp&mB*Py!8`)Dq_ajKlpR`y^PUPrq5Tzx>KrrCV%d!i*SNk&{lnJo zkK35dM0#`kQx78^Ui;(L>nLbx5frotEn*M>*`D#37I^21GJN8^eGGC$@#D+bHCVWY zOno<9Fj+PVy5&|ftWYgcS3FKdyYeaquzk`hZzaua9nI>ds9%XoF1r@5zL!)$m=e}R z*;kR2s{%1SW1^$VOvo!}h)^FoXbv5Y#NkHByjTz$K{pTDw;dGq$x!Cefg4{bIcL7e zhn?Wsqwc@KGzv|ibY%8(cYUvlh5_$V|3I*3BS&ap*1S%r%S zMxleCUPsqFmeKJ{RWP9GLIuk1PPCsqAYy=dUx*5`t&jEcQ~_8?5|{KoJWs@68nIEH zkkPsr%uaK~U?sI&m;!P%APTZfQxlF^yP{eM!3Ev0!>rb1OqHF05$)=+8;9-MToE=} zqjfW36KA+wi*hF^mc4QSzq}By}6Iv_=xFa*RkpLqd1RSj8}TJ&&Zm%841G< z?5t)V%WzygZHvd@L}izaJX4olE>*Al32`sGY_oOdA!?IW9h-}_B5BpV4IuRaxUVWD z{uG@$=foLxj~o?=zZRcCu}V)kVO^41^#acT?C3eUDiTfMKj#P`((${q?PxZ;cb7GI@mR2E`2Xt;toxlQ!JNLKcc!1Qj7mRI`xD zldn|p5dMKEc!~+wIe#csM0vc>Ydx%-A>8s?H=E1P;1N;}`5`}0pTH$Qs?_{hmKgT) zWXck<$Z&v7;aKV$OvB`Gb;kl>)`_(QyU!zp^8Ak&&ulS#Kh64Y!Z*=7e4mYRhwoEi zmc!SziST)i@858sF##FY zJjdsnx<8N)&(iEo6XX4NQ1ij&moW2+nIFD9kyf44@kP1TMvabCC)vGa_b=^Mn{??Dr??U}9 zGfa0gRE*Dy2@V>XkGYwl`S}XY=SbH;P+9sn8k&!(xrw3qHVU?n3AQ&FnvbcuiJ|%J zsDfo-&}b$F8N8btnja_+&C?xw3?#x zU#DQ|8tuo*GH8UMT*d``FmPvQr-M7O@#VJaer?$k}5?*t8M)7Zbe!M>APv=MM-9X7m95{+fM)Ub`G{Wglp8OW|WuYshV#Ufgly{Hx z3}E-oV*OYfT0Az-I-YIf=G(z7yrOjN`=;akqHc31-6taHNP}iMnoS5mH>25!7WSqe z&2;mjc{%zXeAr<+d|}Q1T*5DM`DMk1V&)Ie{j@kp)Pzvb#iB9$Hzz#h>v+xQzsL{2 zrSklc>(MK};rId8L=WFEgAE^qt)HeCJ?OYLfwBfh9w~ol8&_4)2>M2(cb6Nrw;t(F z_b|~l;t&Ns3SPI*8jFUuEiBpksX*+wpj{kz7lLzM4Z(^AR@S6X zqMDY~;{9@wSJmx^smFGe*0Fe6!JoG|JmP1h%O`6$mSLd3_ornk z{7`jY(OSLqBUKn4_feDNl|p29AT=Sx49a$u-#If$h{=j(pVwf`s1yH6M_%GxSNR-F zey0(o5OJ(ZiUC*A>f@xXwg}-yM}xO=+BsMoLbZ_DDumH=SND$o z>v0K;UoVdiTH}uTbj8;%v9CjWQAd3=6?9WxY89B3AH)>X=w4}6r6^u=v}yg$S<^9m z8s*WtDF)c&+U_zceI7;Y9L9*w&cFt}uk2$d;f-$uE~1XWECt;-D9VP=mYQJpteaW5 zV76n7gRc6t#~&koSuy^%hHkMB##MjVA;9uxqP}XeJ8%BZ@@7AM!sphA_)pTR{lD!; z_e=V98aL99YJHmP#RZe6ZVHK?Fz3S5-qB0*b?(o6{nKbf5(yv|C&B*+GjHn^@QW{NiJzvF?R6_z3LK85V;io zCbF<&q8vx-U~#0&YZ%p(()!hln>hPUfD4={lYC%egljfLzQEjscfE^1smMX#cNJ^`XzDRjm+JRs)^9)4Hv@ z<5(EkhG0_q6kB)KkE7(7k4=K?%$?m|Aq28K9gniPQd~94#}~5Dhj}_<7*?(ft3w*w zUmt(oi96Yns}eWB*8ah0D);*_a$xKCCi1)VhK5|Rxp<5wK!Mp`m6$`{S01qMNMzqe zV@?u#d#e+l7^cF;Ci}yv_wY25KUMLkbpEsoPww0S{VWqMJMi$tlTQPActWcZucQx? zW;sSvfT|P6^Uue4eV)X=KLVGCPc(g>hOCOf`^=&Mjp1Jf;ww4+nRdE(pepe(e1pl| zQ(*6Mp30qniK=X)?4H%%70%>0NEm7Al#BXwfbA zMVB+IAFSg)k;mgI_p4t`@<~lNV2QMjQolL`E#6Lj-OoN~zw~Rb(_L$}uj9Y2pD>}{ znf%J}KI&KZp~)=AD$fa()^e=vjVQ-L0l)fQ>Q{aB6`xrB^DBMo!{G{i)*>YTP8%lW zAB2d=6{4{c&-R5B4fzJI`HBr6uJIPyA7tO0OwK6t;0h8hg+%&%8S>}`7qLGWOOowAsKQk77ckcuiI*PvM_+kZ z{c0+$wzl-MCaYf^h1JV@^mQj8kMHzrom?J>$G@i_Ae#^n$Yy50y8Oy15Y4*~O%+5_ zIiZRqQ&q2JQn^4<36Q07H>C0ezE(;lpSayd(W*Qae}S^V`2;2+UIg7Cbm{Xb|7q2U z^YL9;f>V8W8N`G21{p}&w1gi^typ|>6`>3#zNrvnT9to)nA4GI64MioTSq`4sH{VI zQNOwvK^?s_E#ac|HubA3uBTS}y+Nxk@IWieu{ii1ecf>%eIkoG77O}2CJ&R6`|V4H z9P?8u1JWvoeFU5ObkcC#db;Bmc#DO3*Yj1#ILSWsv8s#tl`F1OCg}h!PcbeBl94Zw zl?K;`gU>y%gSYv~IH#aG@isgu8ODR5cl_bRBmPKEkND%gJvE8PALjp=_@_3CKWrMu zAKu<5{)~%P{9&hvKb}0|4~82ZUytx;4;>9-J)SemRtHKb5>>>s6AC(!_Mkd z603mi8+u{=32x?yS4n7TR?-vbv`;9%9ki!`y0aVh$Cv-wg|VEk-<|A0E*n%Z8%uEX z>a_RtdtUnc=Y8xUacyb8!Np%_>1myPEOrZYV+S)#!vY-BThegj+c>p_*5jZF9*z~M zINo6fayPP~fBB_iTPMV^3kC6ER}fEPPYNt{!vaD2lAb_!e$0co4b;^h$^A8cFKx-o?M( zb48i~Unxd$%~n*v2p^rtQKd%3x*8?=5K=TqzbEUCM>h}JH9^u} z{6Sy$ONcUAu_B8twW|D)^|z@Kz-bV+QRkiImz=g>`)i0{`3OJj&q!t**^#xuf2V$! z1Z6e|mB14)vZnrV80`C4`)@sovR^^ZIwp$5wPgMTV#WtW`~zC^o@gTb@yPy^3_n2> zG@gt0e;8fLWPd=>5)XSLj!ET}20)6OPZy_XlEuo$X|5 z)fh_jVA|oNwNJ;SEbHFEsv}upt*>i{!*MI#DxUXai6AXrCDn zv$PJnTvT7Z0+PBltshPZJ(^nQ^h-t0R$p1CuXBu6SFi=gIAM$Zsnh!XLEAg(uKVfh zu3@m_9ULrb*Y6Uq+vpRp8G5{f7U=fTW6MF^NxyWcg3~d>m|l5?_riy&QrBz-|g}aREfg|*FC;arPcQPt_jmW5+Fd{HjbrAR2U>D8zeyROFKwGmq1RDj= z9k=@;N2XOS!s3h-T7BiBnDmMZ)=rSBEN9;RaJ&wWJ+1cJ5B+@ErSEyji)-OHCwbIN zjTH+-2SZAMkW!#y4<%96sI-1pQn4=q5l^j75fVzojl3j7Swd0Rxd72XK824Y`)JJVfiW%70dp=CUoI3!Ms+Vc7XRBbDu>!9R}ZvfrF0-9;hWm;eUe05 zv%M!SE1CyUAH7Kh)&4I` z=c#AzQ@6zl5lI>##Oymqkr!Ec!z67KP4l45IA&i%&)Hd zZ>(cIwofUDk9C%P2%%{Fk1`|L^?kFj#)S2B-qeymxo&^fbARCaJFMHD~^RXz8gLUn{2DO4|WBZcY_W+di%7ju@V zA7HLf#QrTBJ!_!@&f#hO;}6 zloW?xCCe<)eyknmYCno$WbH>04E8d#=Flq8end{kGv%;Es=2HEf9pw8DgI;0wmPv3 z&Ig3<-?cwkerNwuM@>s&e`2u+?IPTFf|=(>WHq#i=%+SR4n<1`r8ouDFI}`@B#;=#U?RYG*rhQ=Z_oHv) z@kJ67)G>P(Xd-g{bTquL?BO!~!G02UtlWg-3%9n$_6K5uCnwNt$Hoi98Cz-9OHut@ zw0FUhl?&rbRJJj$Q@1dJpwU;O8M4=7J{Xk&_V!IF@ki^GL}L8MAG~yh<4c5I!@DJK z(x{HT8-5TIVtg8FLCE<`rURAX1@=45$f~@?v-n1qQ}=K1e=~`tU|%G{voPY5%HQmN zLn%k&{izo6s_y8A27*{cP^WZ^k&uNmr=cT@7R2MT$mHX*OqFn>() ziiNyX_Q;D)Cv?fr2T;q5J!#+BM>TNKeF`StqB}-W=A!#Iy{7mgEbi3f{b4a5fjlUu z;0#5G`0znmRW7pFN&7$+oS$quw9%*-uiHn#0zvbWlkzZbyd%kt=izak1jQ2*m;1;e z>M26BVTdwBZhZ--e!0SP0E?pWGvx3*=1b!F$#$z8p6#%(UqF6>m|p1b5>tmO zJXp_y6R*7a0aZL$uh7mTE~qMU070D_%=B!zDG*sZ5pR{T{q`(l%Q?<>WZ<=1x>R1| z^wwg)flGHNCI)&1vYl(Eu}40+YEns!pG{vAXzQC=ot>0g`Lmk?+7n*-E8tJ^g-IoT z*5B$Q%a317uAEdtQvMbkh#jW9F^}rRz$9fMc4SW~9e;u%*TudJQ_g4;ZQaUH03|5K zn2oSMg)b3oaaJ)?YO3c_#e>@Bx_vr*0x1+hnh;Dq?kvj(1)@4TjkNS^qE~6-&J&v07V3Ig=F|4#ZwNrJ-V1Z1F z<0>4~8XZ$@+9qX!<{V5a;o*R0r|dtWg_%XuIH;aSp(}ME39U;%%IX^CoQB_7?yPpg zQ)Kn9^s1p48J|d7bk=mFo{)VokHakaXu1vl{~SrpgnAwAj0CF~KTuTm%VAA@PE>Ko z@U*=r#{Ler+tT9*deqqSXL&WoCn&Pjkr~}6lKT~`m9C|H_+~RPx13iJ4BpVI_TvJ2+Yqob>}0`hh5qh(791rUbrwl?jbhjSS=qYK6Cu z73m4vN8@EBcW;je+l?sPV`*FV|7N@WD;E9@Z{*)P zw|`xQe|1nw-1Wq;dfP87E$6v53~qE6h;#c(WKRb!C zzhn_~wV)dW{fD6c67+dN_Xv7G&`$*YPS9Tjy&$Mh4)=$7CY4Et$WPqKO?n$=k|rXty(H8OTiL%RUn1p zZs5AeR%+EQK+2oNCkvKq4ca`@LKCjJun@yWUyBfzYJ2DLlr4n|`ojwg`~4y$jnU(Wk{CVm9;etw z$Npq0yOR#{_gX>i!TkGKf=`*C8bQ7N)4k4Z%2FmW|8@u}`y*4?-A3{Lh@cr+)*;#1 z@$m@@45g;rY&zi-*@T~Snwp!Dg;#WJd$!eLFj-4eb5l}am*A?=$RZ^LK3}@P!?96> zQ}&Mq3O~C-dA#deTDi>`k8& z_H)~L@{{?tmOd-|zasb?7F1N?R5+;~znvFTDsg#q$enq)5ru7>ArHkM--ukFOI5I~ z*s7J{sO|@{PYa~+hGP0EncB20+X5|`1n|UO29ywU2~`1{_sEeci*1HN6nIpltdL7K zw@YpzR}#k3TtkUbTS^rQe0EhHl=BSWY|-WxqB3mGUTZNFFEmO;CX`H6ar0cJeiCI{ z)&$L^V4&f#6`@3<&afb&B}S{sin5Gw^ZSrp9w^?i)^`CDO!MyXePLrR)2B_09pU0x zY$$?=5K*hmV&qk(knK`K;Uc3Y)>K>=S0JHk&t1f-LSs>h6%9y+t!O;|sB|WCIC5lG z0W^adrc%^&xhRTgJTr)S%g%%ga(x44sO`=ovvZ zW4XOn(2OC-J@L0TibRUU-VEoNWjK#ns)^Ml=HZAD_B?cwBtIV) z{w5{yaAXSV9lnx-sq&|co)P@Y28(#z#_173y}v(xJAcpPm(Ya#dA%fu`-tE#hg0^v zpe>J2<`B*=rqH%(9Z(a43UhtRw70r-yZg1TXGXl}S=QtLWVYhI) zThQoU{P}!uPN((ZbiAPbqxmz{4GYjRFogsa%VhHcEgq1C&CrkX(U`}1))3Geji?l; zENWSWLk83ui&BeAts**jADzzm4;OUTRQ~Ln$>~qRK0Sj!9~HExa91Q~gmAY#i@Qs^ zjnlgY^_j+>`wRLnL0=d2c0unFbhG$wir_1!qqaRy#~s5szog-uYNv3zIZZrI=Jbr9 zEdPuc&s1fjCB>C)8o_U$psfBD8Z%Yk@)sjVjyIPq7u7(tlwszTVJV4}s!vgKri;2U z*8trbuUwyNr2-?W@`2i=W=kRJ5h|`;g%S<^(1{kqLe|jB<#Ll8E+GIpoEz^H@e@>9 z#GiG7<_Id6zwnRvdzt?9A%AuV`nq`UZGTL>7v5)6KFrHEkZ4GSHbbd1=WC0MMP|$L zk=hcAc_HgZX?qtILiaNkF@w~*w0EAAEzOc*dYAN*wE2aGg^9gyStd=ubRN^ONmjSp zikW$8@wnwyqeK-WWpOCAjbADn!%{SgCPQJfPAQl?d`La$!qna(Y|v<_lT=!SiXG*E zsiPLNxrnt{=qQlKP(E3RvJ5C=qW6KX(4>`OOCcIk-aVLRTxQjpN?BuKLYE|u{3y1< zHcpzzI$iXUq1aHk{4Vy9#VUX58RzN6XzUlE_2L~Jts$S<5yeS zOEQ_N7xQPcu$SrO5>I}+Yh-WPbR(d`pLCf=}1}3+B~z7 zi=X6fKz1SFyQ)1nEJmk-btn@X*OHXIN~xvS=9(DX&rE;8-7mp>1y-uV`Pep@_0B%Vob=3-+B z^;xNU;#wj)(^}6?DQRA|VncB*A_mE_xKn=4@SVW&h2Ni~Z}{-<{~!JDFb#eQ(H*S|Lt)7U-AF-79Q`1MZTo^lm=CeT-hteh%qTN zd^A(hkv5m0RiJ)5bp)w7&!mr-b}(`zGiRc2IuVLZse~46qPZ~7n0Gt%m!U1>+Tga7 z=^I5h8s|(dUe1^m7?+8WG-+<0GzcG?eC=Ov2J-Tu^8zUc@ck#@u47rI1^?jchcJTe^)4EryZ;Zs|7CsG)^hx{W0m z%d&Dyx3R=loGV+pjHM-pTqAesHev)`=IJ&iaBGd(!>Uy9=4_w!`ydfMm3za{qp_>yEuG9!7(RFc*}u0c$uk`#rfHOyVKw3@lo zg3@2KG)NjLB}sFn9BBpYf;Kjcs_YZpUFBANmD_@(u__yS~){Fo87Uc79Fa9mLf76Tq#unsr z$cukV?mzM3zgh5au73O0i+@Y*BSZ!B$SAJg91!%Zpjo52{aQg^5cEHSUKZ3`LIa1G zxWjC^RU12ortnsZN7ji{+AY91P480eoZh;@%VOzg9)BwhGD*2&03P2nE)wfU^KLYT zeuO1s8BP3)F{!~F(%^^GJ1$$I++~sb`8#xdPePe#j z`QvS0GtZNc$X3$k7~UT5$mj2m2%03~v02cP8T|c5LHW4-&@59?Nueo!IiG*P*ttAj zzh3Yy>Bsq#K3*yuQ<}>k%0pt9MZ%y5hC66-OddCK55X|!H0~{b*ZfqD>;f9SCp&zd zZYab63e6+Y3>CTrO%B**X6dr!i4=LfHdDkymYW=}vV~kO#|1qjsHTA1CkZN#*FN(k zxA&$yg}qF_6VDs}CFI@=4H5R<{QleL_@}tPnSw4C^bvBWQ}C#{^w1_zir4e>Xu;wV-na?I5U}ZW{;i z{Ft+Ye^(}GrjYj$Ay0W8Zijd;^7}M%7MtL2l;4*LzVbYgc8=A8-Vp|y^X6f+bEGsj zbF?&PKCQ2box5yBye=PqtJtf4tTMEUr2|wrs6U!-!niVIKHJMI+~9AeCsZe$w2#q`3>Ex#M7=$JjQnL1}0;rr(NHbLRCQFm`3!{9bdVIrHYn z&Xwj`q`6jUZm~2sUz)p&>UoeAy_c<$g$0@nBu!rnGyv}e9*6R|2$YbPdKQ9OfMj0^ zN*D?S*$R4>uzwkp@FWz6eW0HMwZJcc-w88qg(G}361+fv0us*?po9~(lJqkuU3*0K zmq4!zGj-+&mjfmEjSZVbq`~;1`+>=vfFC^&pE@UlE(PLWT81COdtkpDbTyFNtN|tb z4;FxyffDYA`?a8ibcEa8pcO#;OMk%+;fFBa1G*kad@4aV06&0z73jUf{ytE`sj$Bv zl<+;6H-Zu#hWW3ce*+Sq2S5pl58Z`8_z}zxf)W~F{s$-_opSIHDB;I2{}c3KApWIC z@I&|%%yir^A-Si`zJ#B_`~)cB-7s$gC8RXl3`&<0;$PZ=AHuI--U?a+q;PHnB_#W2 zL7xNSUwR%tgk=8$=nf#c-wFC6@Jrag1p11we-)JQYuN7sr7I%vFTIYRy~6w^DB%d$ zzYR)=f9W0k5EB0bpoB<9=Rr_HvOfe$h=1u_{1B3x_dp5pFCE4YA-R7al#twf0Q!xv z{}z;RC+xoiJq^Ua^gDhC>D#lQg!q@v;fIj;oCo~_h=1t7z^_vP{ND- zB*_d)NcM|C39rH40!lal_BK$${xGisB|Hf?WuSz8U|$YONappRgk-J+C43F$4WL!P zzA)blN=Q3Z{{~9f8|D;r76@r4c?l@p)JL*i0=iU~SAebp-VOV|fD-nBc|GU`U~ic3 z1tm;^`99G5fn#C*E9jFzEzD1W5=O!NH0X9=|12osR|wB@pf3QwhIuC_;c=K>1SRZ& zZ(joax3GU1lrRbQuYkTP?010@c7^?JP(punX!d{-4u}0~poGN#bx^{~*n7Gclva9^ z{XS5_PHkXF&bFL49XDZD=;?ziT^cv52X4*@`DV3 znXuP@4gzXn)`3n1lB_a8vw;+b9MH8u;pGP^K?)`GS37hB=c-gLdrjL zKnck_50sG1*`S1E&H-Hrq;CsA&BDF}bTM!;>@A=+;0&0TfG!2*!MqG~Ij{`oyFga} zOJH6Jx(c`&<}%QGfW&`2=>0(QcO&RS!v3G2n}q#l(5=G02J{7CzXNoquzv}ZFbF(% zf$jzp&pn{80bhanbx=a=<#4_MN_fwYPUn75Li+X)=wTq0srNw%$^8+~kAW2CFF?Np z692D2zXm=A^KsDcf#l`{C?SO0ZRB2zRdwO15r$*63{ik zGq5iQT?d5G`ARR8M_@O&IRfec{tSC*AlhD_4)!|G`9La>ONt3lTQ>)@sg^hY4MsR#WHNN&!8o)h*`EZRWeX5@{&poCP6R|3heRiK1dZ3r9aJwS3_1$r-#+*E@SesKrN1?U4n zau zQm1$SXC3V6+rNMk%Ke{vU?#a#f^GnQ07q4zgk*moC}B(epT7$C4}cO9A7%gNAFv~A zs?YOJ*yF$1e$FPmBqZ5w27Q_wBQ9G&38}BL6_k*|O#K={vZuZcA^scnZK!`k?stMJ z`!+9g_etJ;n_b+V^=+tsgMU|l25O>5f94=w5|X{L5Az=E2+961=+{8}CsCi|Hz59! zs6RqTZm2&({SUIg07|$CVfOBO^dQG@qXi|D`yPXZy?5V(`X3bc=K3Dg-ykG6<3R~q z>ThJg4TVA0m1%6D1o_?qBzw}82`M`Nt$r-)#7h0LDP0iNxJws23A3yVl0GEsg1^8_ z`rmINoU;B$I-;!qQC%$Sd~d@n>wNoQCY_HE#zs0H>3tO6*64gWeyH<+_)8+)?hRqy z2TCaGb|1hDo=K$7^?}|-?v?snYjil$)&35oZ)KhA0K)IBlU)~X0;Ak|SQnThfzcm}NcYpD@e1OAXAjzOoDE z-9X~gl3vn)Hs%oAHl>Sv0sAinAEo|bhh0m0#wED93@k$!TGB0^Qs@@R$K1Nb9+;K7 zg;Jj&9fA<-J#+}A-axtnA?3H$=nAA0EaL8y{)|pQdI9-GIsqYt&08n<0rvPyBAwtA z5bl#mCm^J6sl6`*l9Af`e+VeDHjC$YfOe>DR~LjB7=^@PRwE~6ovu2TJdW&ERx0jTc;3iZ41RmwgOWgEhaVOfoXQ~0<#7C`!KK!I}3R;9!pL0 zrSS!ZMMVZ8MffpV%!`ahtdOTg@lF@8gNMV?S#Z~4)>?DGn z8E-)>M&lxBlI>1xU$UBDuoT%A6__MFTmu){3W?Z?&1Ok&T!1Z-lHP;`_V8CqEy9{3 zEE~^;K#L6Em0FAlVFzU%Or^ON6GCK$0J1X;1%-wsrbf0FgaF=5HXs@#_bJ%72d}4K zL9QXs0Ez@4kER%w8w#@1@CLgC%%ug)Q9+T>BBdG3K&z=(N;8&V4}p|sDq3K}Z!xx) zW{-oR6iCX=58w19S;_oMpno>_R**lCp}VEHnNs1_Tb70lczo5F$&= ztmTDft0_Cfun^fZ3t88YD@{YjDKsx6y1-Dp)BpqIVPs?)$$_3{n2@!n85ZHQX@(+G zp)}1{Xj^EL;D9m%2ws>L7%8aJOf+}1ut1tlrGT>a47{Cfg5G{dp>#)ybO%k4$bSKT z0RaIa0bv2%0wMrC0NQ}D0m%WA17-wd2izH84pRyf_@D8IjAA%7oU0`|M=MW&GCEaoNf1?1~LWS4m1O$7-x*st$Vi~-J-fB zbE4N0-e$D(MJN_8$iJ*V=H% zVQA6+w#bXX;lS}gsdjj6Qf+!|X6@|SxwYA~o7?`$48<06*_5dkvRNR?C4TCU{s|x@G>a;qY?pEDs-B{hDy2o^z0S&sVx{dLh z;`hb>7_S|iJ$TLFj|R^g;vBLs-I*?Jjo!L`>xQkmnuMBvi4r z+pkZ%o`1dI`Xb~K=XI4+>m21wa?WuYoh5)LoSU4-oj*J6&flDuo!6X_N+tOKasRk9 z1b8cOEN~<6QQ#5aRUiz~A3*72mDC5=510?U6G-{49Jmg6FK`?1dEmD|=~I<71DFF` z43z$ZIt4fb_!#gB;3nX|1U>`01-K3PEbw{YZs2PI_k!*Rz613C4B-X_1H*tFfSrI5 zz#hN^;3(i2U=nZwaH7D;pqaqifzN!dl4^j5kE)~(fli=wMkNgZ>VOXbHv^vs?gYL8 ztOI@o{1|u)NS*RvpavKR)BzU(OMs66e+D{%DsPzM|a zycM_-SO$CmxEc61@Br{V;Bnv?APoeJ0VW9?2YL~B8F&>)laz_TB;a^pCU7CJ0Z4-f zDZr_~GT=Kvn!GFpdet_mI7UWfk-D{ zpuk|zVZd8~BY>j?js+!@{MPy1$ za)a`NmIf^kS`&1eF5|*4U8M88#sTU&Q~Q(2A24i`r3S#`rhTc%6A>$ zFM##F8+`8t+~@nG?^C|t`=0T2`u2(JA2~155Sbr&XXKjzDXL>sm#D}nZB$B>J}Nyb zGiqkkY``4AJV18Ts;IK4e@DF%^>);Os86FlkNP_5+o;n~XQR$XU5L6K)hD`7G|4py zWqkvc_fL=~fNO)xgDZlogYOUiYw!cXHNmyPJAz*feku6n;N8Km2fq`1F!{xSIH;NOFl>7xqv4fYQX4ps+ig4+kj1osct1rH7$5l;-o>J4f5Cd>)HUKb^UZBbfa|A(3jJt zjQ2N5my52HT>0_}_t!`IdG0 za|W*-oU?7^HtE@?j_x>m;OOC_4M#US-*CR=Jm`GS`H}Mz=TYZZ&TpLB&O^~wV=mVJ zp#Ks7U;NMbpZAY!7~U|VVRXY7KvF|;!}x{?4HFxtHYDr*p?h4niH7SX)ee*)ARDYh z`A$L}pAMV}%%=SAYxb@1`-|U{faw7xfZKv@4>}U@NyL95jz|0uVUIWkI1ktt`E%se zNM~fIHcWd&dq&$|7pr?%_lQoquD-6l-p8dcUPIauF8o*}nSd*RcLOVcRlr){b3jQI zj&%;LTf^6LthGgIdpgE>!ELl9tb@Y`d;VR80ZfS0EPnF13Lmc z1G@r;07n2v0>=U;0W*QKfMuP(?R>nmqw|^0mpdQt>g+1-r>K=`F&_W2veu9qitIuzM66hIAMEPu7HvjOw=)2Z$1L`lXm(FH-DbFuw{k7;5 z6tn)orvaY=@V$&Vo&@hp_yr{dB?2-5vw{pki$z`7oF2P3XfHI_4~72vebAYp--B*c zM&ekjDT|glr0VD&*;qnvmL%=Rbg#&F-?KdD9~K%G9;OLv7dA315s(4M2{VM< z6}Bd0-?e9D?eA|-I=8ArVJCB^ zHJ#RWdZg3lPQP@LI)`=+@7%VtwsU;vq|Uc>&gop(xwvyl=d#W(bv_FC2B7V-v`bl+ znl7~f>O)|YY1hoIMO{m}TDz8Y-QKmX>%p#4w@%%(-KKTh3h?hfqz62=t0p5(W9fsMyEulMrQ!Z zqcJNh+UA^rKMkxO_}jp<(0i0^w=Q;JtQpW6-C$7Mpg4c%`tiD9Xt_q~-zTavaEZ&?GKX!Dj6TRLxz+S(Jn zfvTDH80hit+@#8sG%l!TkmbU zZ46Yz5FE4908_tx$Myao8W z_S@RywZGJ!tvz4cl+Lqn`w!cd?WwDMZU|_gzIh}dsv)MKf0OO!POmYM2G^KKv~whm zA-uzx-$eWDY9FAnh5*BWeSk5*k-*WwMBrFpIxrJB4_F4gLKJ=B$AGSWF?6vWK+?;S zfa8Fvz%thpHOCy&@zJYee*+bbr^p748Js3ds zeoplI=$wIT2KL-~k5`@Q+$y2|lItKT;?{^!5vi;#bJsmEp-t3w9ne+RbyU|Rz=W<- zY5An$@6XjwN1k>*O-yJHFzKnsn0`vbH!77cz#q^C5CjMTgaOomwt)74j)2a9u7K`< zNI(=I8gL7sH=r+|A7B6=7BC194;TU%2DnuZ|k1_A>x-0Y<<=fC;b& zPy{do76VEFHo#KAa=;3}D!>}RT0j+`8gM`0uYd;t4+0(nJPddg@Hk)-;7Pz!fM)<( z0owrE0nY(m0PF<31b7+nDquI@HNalLn}D|fZvzeh4guZ+ybt)$?<2pD0iOas0~`f> z3HTcDE#Mg7d%%x?6M&Nd2cRBs3UC_mJK!AP55PshWk3Vq8o&vl!s`p5zczp%KnNfV zpa!%Bv+y=-3Ob5&a%m&N>%mZWt41ipK5wH+o0xSX)0nC8KfKq@BuoSQy zumZ3Oum-ReP!6a7+ykftQ~|01_XGY4cmVKVkH>p#0z3(L3h)eID_|R7JK#CM3xJ(~ zmjEvVUIpw1yaw0{coR?u*bjIIa1ikSvG*=;QPuhX|DfcJQP^U=!N#DVqG${Zia2>m zG)+`W>`INm3`!1{VDM68WOlKrtmw{`wdR$|jI1`+wCql0#kRGv)wb4JQCYIB6*B+l z`&?#*1ISeS-S7YR`2BeK_IW;^&-?Q^pL5RV+&<@X&b)$NL$9MZ(Oc*p^k?)J^gj9k z{SAGD{*L~EK1KgTpQA6)SLhq`Ejoh!h5n6xKtG{l$a`|%m)-E$B9MJGv9yjqXLiNB5%#&>zr4XbakgcA$sRqv$d8IC=s-iJnH!pg*B! z(LVG%dI7zJUO}&+*U_8kE%XlhGx`g9AANxShCV`nNB`h{umydMju`F6OG(5a!WiKjS|o}G#;I@#kwU0rJ_k_GMa);Mbpp>G!xB2r=z)O9-5C9qBGGV zv>2U(&O;ZV3y}lmqI~2+OHm zX2OB@8LtqQdky7&LtEgTy*l?%%Cpc*(Rn->m*<|+n!2KFIdLQmmr`nIHhs*NWT z($6z<=**$gce9HAnM9r~$TOIG>6;0>Uam~MJW={R)IN<9v_6d~^m*S$Uq*YhQ(U3+QIu{erI+G5`X+wZBK-}e+e_(1_}lg)^dacaC4Kjh`o@IPFDuve z&xAY^vNz=UkeXgKz5M;D>NtzQKGmN3Q>7pEczvg3|F7><>A(Na^_|Z8Reh(wwBJ;o zwH=H2@As9e{iLT2&G;F8rN{3lUD=_ZG&MFYR{9-->2s8^1$M2k@qV61NnfM)xP6V0 z8wV@>jsK>QZzof^0#b&Kv@w=bZulP&*6ZPjzT|Mvf zAA)|_{ra!%Pt5wiyg$*`kH}cB|2OW9{>2{p)%5oILdXjtFQeDccj&s9n`7>Zxj$xW z%%d?4s1dax-Cz38)aRWa%D`#qq6i5^eNaC%0GZJs6oF1ek!Ua)iiV?T#4Tos1&u&) zXcQWQ#-cI`l}$qalxlJRb4{dNSmxkOs6Ly@XyxucJ57Tj(A1 zXY?2JKKcNCh(1Q2po8c$bO?QcTF}?%Thxla4>=n0BWgqKi005s{z6e7)DI0nW;6&z zpc7Ff8jOab;V2rNj4WsbibJE&7&I0oq6sJoC8P9SQ+l1+Yih3(H>GoBEN`k;P@ zfjB3a(I6CoPDGJtFp`0f!%;Mnjv@;hf#T38B;y$ZpGEVIkTj!{Ly-)6?uP~-Ga7^< z(1|D#4Msx|gI-ULM)GGtBTyU~g~p(S&C)?0Ol!nrg9Zf~k(P=0H%|>(3 z87LDiKw0Q4l#R|t=c4mb4!Q^}L3zlD3eYliF><3~REo-w2dzM>(50vntwB|2En0`J zLD!+{Q8l^=Z9uo88gw7ph#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09cFM1B`M=zq6 z(W|Hty@3v(w^0*%7rlr6iki`f=wtK=I*2|)htLWLL1Pns0Q7E?n3vVT67=Uh#o|n&}Ot1ZAW$J5wsKSLiK1jdJ6p!HK09c zFM1B`M=zq6(W|Hty@3v(w^0*%7rlr6iki`f=wtK=`VxJGzC+V_!hagdK(o;tbOy>q z3s4q13uU9T(Yfe+l!GopOHdwiq5`xGU5wnQ3av%!&^72fbUms@H=zyaR#b!TKqDAk z5Qj#gF=#B3j<*RY8QIW8l!nrg9Zf~k(P=0H%|>(387LDiKw0Q4l#R|t=c4mb4!Q^} zL3zlD3eYliF><3~v>IK8F5j|dOBGs+)}d?A4d_O+0o{r=q6g6?v>9zh+mSrWljrvG zuC|Oz9){Vl`Pee-N=(Km2Rlyr349M=pJSo)3mtEKavJHuj8AsscQv*Vdm3xPzQX#^ zmlTWHvBg*^wjPsl%<_Eu6HK0KN7G*<&$G|Q^ROrBrAs+oSDqF)bM7;_-w5TOsUsS)5{o?zL?w8PSe82PhU7)-JW9r|#e|mp= z|Ec{K_CK@#IsNk(%Pa3-G@w1c_bpym-naOKcP(T*X;))LO9x!SXwixRGG4U-?Fks0 z`U&GwL&AE8+0oRnjIh(g=7h})n;&*|*g0W&VfkTe(Vnp9!d?t}IqcQ2*TepTLd?C* zQ_UIX+2%RsGtBeNi_K@7^UV2X8SmJD_87)De!|$sUITj%oH{UL;Ov2O2A(l+{=jok z-oX5UYX@F6@KyBYz@~xkqW1=VH1NBDM+RC4SqIq$r4KrN(1Jmaq547cyt`qLJm(%7 zJ}f*HO+u5=)bMHHmxQkizb5?J@EgPL48J?PA^b%&E@EoL*%9YOTokb+A}_)ju{5G6 z;*tnY#M+1(BW_0bMEpMD!jl{)oj4?NNHSws&*GhvvLWR|>W93;NXWkp2^%_a=r*K3 zv)(yu@35DLy)tYF@2D&ue$ntH!z+hhflN`MQMRazsO3@RQB_fEqaKKQIO;Rrn~CE& zxH?`{9jp3Xz*toor}|Cew~1Gbzhb4@dNIvikT~ZfiP?BMm1m zaNMYj9W^mVrWclm&BkO5>{@Im_D9UbSeahfXiVO7slwJ`k7IkW9fKLqgPqCPm^IkV z*sYlBEp>cu5iG;H8>f33W3V$YeY~!;v5w;y_4c+vX>UttZv_J@2CimI<8=11i;%u= z3wyJ_O+i!pPwzjse`fy$?00L~-}dz1tG(OQsO)RK+0Uj9n9kmG75ma&MtRFP@5TYW z*pH^7=}6s=GTDpHVgGqHY@cr*YV_?xGuVe@pV@=?>~$e9O0wNV~rRjf+T(u%a|HCBjadKgZYJuZma~acxAk*4}F)b`RM-WY3TnhP*W7 zCZox_WUmkkf4ou{HH=+vkgQ8Q`t zYnAr?K-A`_Em7N19c}-g=!>Y9sISp?%6>2|+7_Lvyf^e6?+nQp^O0NQXw7`ozohkkt+d~N(S8r^_-w~NcYLn2h19frk};6UDnYi#U8;P#dd3^w^M1K1(@DG z^)_@J=YqdkKDK;fIcOC$GzUjsJM$S0){xkZ|=|3O&&pTHt=be3=cV0*8`KFh0zL{ZoN5Ox-S*x6H z_9^F^mw6N7^#PwK=bI4ad^0UCi|Cb3=amt|Mh_b^EE!E^Ow^F!LpifV4L=*5 ztDIk!49`QZ;qKw(zH?1)&Na5EiBaiMc61t2&pTH}Js9;+)YhnNQ9ICQ=up(>QD32N zqP~qvj82K3=sO>E{rAS5TWwiasy8)FSVIuC`QJ)?2b-*T!BQyFPYF+`VyM#ChXZjJ|F3vBYDET>NV9DWxaf zYQ3FzI1`fRBri-plXp3*lGi6cmi%n8Wpl#j&o+OvIcaO^)&pDL-)h>{UwPL?-i?*x zX@qx}SAQ>4-pg8r$-7x%7RDTp#AawF?~aMRh5Z@Z$UV(A>|Dke%X>zHIR-~z)48UR z_hBx_)?oU3KKlDVO9rX$o9pi@AEv$hfXVy2)35{B``BK#{VSL$PJQoBf4|fB{^Ymn z`;fBzy4q%e+v~HiZUU@es;7{7p5~WRC7aQ0HWIKzSY)22)-FDO0r(R@W z+n07OZTm27TiSIgZF($iS=z9?&-7R7)Uj=j?2WLfJA)m`r|7g21?p|--8=2O}*-N`#LYut;)5o>TeO-6&8`%x_dg{AJ z`C$dDLw$Bt>?1O6UvC$&d=)g_G?q{2$nWM%;e7#l|NKJb_lhp#7j!O151=h*2ik3V zl6TVOt@LM2^8UHJdwxFOBUsP32=<`8=y~)aI>I}H{re2yt@MG)d+8_hUi!s-iuyDm zQ{RDo|K0b8zDfP2D%b4tj(RCNJmBzv)`6`97YmL$te%Ph;8mPM9}ESK}% z`;EN!-fv{s$b^w&M=l#(G5UqkFOL3f^f#lgO1LZGy@U@E+7gZ>{E*m|*v|XGrQ=J- z%df;I@xFUVQg7aK|4mY4QVj39CncSV)c4$fN@{0p^T5sFo6FG}^c~-3@N8YV^^L7> zZaup7$E_21|IdN;@h+mghbZ3-_;CA2+YfL5cKeq*zT6@2zx&^P&uz~~%h1KV10Uk; z?LEOez-#t~dxv|YyfMoA@TYpGp$pK3$ichudV4U@?&W>>`)O-p2Q-uSHN|2$hKfzo zOn+;=)XRror54I1R&arbQ_5$`YW_({-eurtAWx6FBrL^1H=eI9x zm%8fp8_$Ol}C4364=+y99+R1FoY_{$iw(d=q{v-Rdg~QmwV@DQ_E*!la6`>Mz2`Wbw z=tcBT^f~$xeTBY3>k`%_T!XGd*Q0856WV}oMK$OSbQgLbeSnUkkrPHvh)1JQ0_vaC zKZ(}|lLn%2^c(bBGz2lgJ}C;FOnaKf_8;0lw0$B)D(MW2a)jqp@ZhK~Xmhw%F zbJ`v4xrXCPUydwtY%zNW1sq@OUb{CJIpw(WzkECy!y9lHAUSuXbJnnb&~4~;bSHWb{S~#L5fesCh(n{$7}Sq51)m8>G9zBWP2%>H^G0OSU^EmB zN54Z;k4-%`q2QqbcZAG!4x_GtuejJahrN5cTu+4NXL8 zXixYH;V*?ZhQAU1X1ILo=05JJHt;Qr4~Bd&MBYvMkoVtnqb`o}@I9nI#r!Ge*_eGX zugAQ}cOgEC`HF8t9OJtX8I}yoS?E%JZR&bUwMG5rO-O9-*gmoSV*AHNqQS94c|~Ak zY&;sRd<`c-4w13xu~TBF$7aNyp?nu-A>YL5JJLLI%*b&g{olr^jpHlF@$!9~rK4*` z?;rir=ubx<9=$flA>Ypl<@-4&CY{9Bb1X>{`F_q+ z?fW?!thZS2(7v4`-*_0Ce0p*gTEbU!u20^XyjS_ofch<+4VzxvWZE)#i-m9Mtmm6L zW44alI+5?{tlYkOJG1|37vJb=>bPOI-_@Z{cm^il=nyl#qkd;+-@9CAU>|7q6BPR` z&wIpDHCqV9N;F#!#kOhoJQVYNZ|m^S`yS5mzJv3B()VvnJgbsx@+$g$-rycxjt38# z9x};(EBmbMpFe5)=MP~&gvmZB`kd+ zhkk6-kBM?Dd<^NwKsnCI@y&P~8Okw3jt%qBhS-|edt&d6-H85xHls(-8?kT3zKxnt zYpi#KWn}EgN_6kY$454g{QJl!;th6#%_vzD0WNi!?BOXz8-rZ z_N~}=(4S+EaCs}o{Fsp=l;i$oBQGC$&&c|bAB_B@(>Y*w{8RCJK z`Z?j*(aJaT#+@>5*0|Zq_tSzs7yR7wfO_no#L-_p{>wMj4tfvrt+YelulQb?9Mk{X z$8*#Ft;bz$|Ioivp!d^NMLioO{Szk6)6!=W&KQIFeHZpszh4sR`)-Lm(wFjg*x+AfNH^yH z!Qg+L=C3bLwIS>^_}BDM{t2gbTt6E%|Bf5kU#o!z|MxV1J{{lX-(Z8k(dn?Ee!nyN z&*@k{WBz!9f2iiKuWzIO1cSf1hw=v`cAS5N<}Y6`mA@=4thW!Fq5P^I>NCgSua@fn z|2jkc78?9F^icj;2LFwkzge5b0WHku`IW!L27fKuhr@>XW_q{5KOjk&v}^hG<$1v1pQWX%KjmP| z&F_~O{EZ$?L;3p*{-s*F#h6hGziRM5toe5sR1}c+9fNhkIjn3iZ^ zeg6!Zsiy18Q>CSMcl_^X@PA74*Yg|e6k+h+tNF`sTy^y~#NdBW^Vhf6VMEwr@b6S+ zR>$paHTXwp=_hI#muO*q|C(a(H)Y7{<{#;`4H`b>?%dc;b zRR;e9T6%Zex60rjai+Td^y5jQ7S_vOZ}7Jn(v9`I)!=VTpRVQC_vham{HwHdz5N>V z*M)a%&l@!VGOfZ(&Qa6l_kQH>4~Fth7pUoadr-an|8Ft)XKDT?`&~LrJ#6rQS@Z91 z`_>!$Ki2%aJKp}$;NM~963FSe{hl}Yr)lZ>_B7^y+2B82^OxUjmA@q}wS0b7QTcn# z;Gb2Xrl)A>(M#2^KEF2%{z+Q;$(qB?<*NT;E&p2v|0Tt0dWVnvYQBOdgZ~E2f4Wxx z4J+0B7A?tpA5S_;1ww_2bvsuXfD8Q%kSc=1_H+nm$wue`+XydZn7K zAJ2Ui(*o{W@|-NjKQ_$Ybd6dc{dkvW@K4gx^#M8?wXl9Za~b?2u2swHu0G2R z{*gWSdkp@@<+Et{_3d{>5B^C8{~LPnpKhq%?|bl{WANW<@XylH_4Q|5o<|J+#`Fz_ z`tLUQZ`9J)Xc;%ISGR|LJbB9CZ@FGg?{0s2#^66)^Y89@c#pxqO7ov%To5h1&)~oD z2DLujonQ7F{9o4myK8T+8~lycIH2X%+s}Ij|Btow?vDQ-82lru)%vf}W_0+*j_dzJ zgMaBwYWf+*ifQ4$8~pFOS@qZJYs_}Y;J>j4|3AH~mZz`3otpp6di`%v)6=x@*M{FE;pB zY5w~8(^&sy>->Ic{cYMCi;D1>2@9unbv%!DNJ!*UDZu{P0 z@K4nI_4Z|4o_h`c(=~tn`pD@22ZMi(=HFfWsWbQ+%PTe1?+Jr{m6qP!@;+_wUuP)K zIKKvi{|3!pzyCJ+?=krA?4dsU4F2^!`0qFP@74UfTmRQ<6?f5Uq9 zIqE$pOtnG%k9tqTuE6rJMVQf~UYQ0W8>Ya#{V`pPG4O4CDkfYvp z*u&V{*y!J>_TliO-V>vadKY5JSn&wePPZKOIQ&r1MVLsS>*elqf$*P?>>8N)D_8#^OHg%e6 zzde=uVHaRk*q={R?bhi>y)R?S$D!y(6%BSSj|xJk{3DJ?hU|3P2R7imqu!S zsJ8@r0=o-yI8_^-NBLMjc0D#{nQFUSl#itrP(Joik!trWr+n-m*Z?^1CBOm-4E_Q~-{&JnU-$+=wmpXHk7Busu- zNcwZ64?7-9z{X*xU~(NW1v?d+iJgwk#TH_Vu=B87%!Mt*mSaWOCD;|%RoHs$2JCk1 zPVD#CAFwUh!`S246WFuZKI{eTCF~tcj(h*D`mSbP#yZP&Xjk>#Mtor1pCN3l|69a4 z9L26x9tS^mTja8otZ0#kfufhpZm zTw=*DDW;@yeu$PZzo2Rtz zOv_nS4{Omr$i0vgJ47Rj7|lCO*YF;}Y2l`-JMJ=>{{F8MOt0P}O{Bx0e*Yx-n~h2E1#J-w>-Z4W19P+^`RqQx_*T#-&3Nk6P!#|`Hw%zA%DjE z(2C;nQdd5|$m()h3QJg>uG}I=ey+#0w4`jc#Z^{DVZ=M~a?4%m>G^JcqE~6NQs+=i z&Z}}QWWlCmRoL+yc9JajVlo6z){tHflO4i=*wN@W&>AHJQrQ3X~T-m95EI!S* zHaWr_Z-Ln=lXKnf686%PvW^?is&75=|B6!dsuvuu8vZ6@)%;6>_1CsjL804qyk@g< zoGEvlX=R=%H_ueYzj1k{l~^ujI{f61-hVy)-?O48e)RsnUY%cvHt*A)Qo|0yI}G)? zcX#KyZNMjtJXr?cDfl|O@DE%*eg5y^H-@^1>FIjC4r}$1_z33lljbv8TTg?vdFb)t zHxGM*d~2}yw}14`Z2Iq+`^_J{_q?IbFY+ywRazacA^f2hr`M_OK?JznzPM%qc(KI(Prw?BF_ z|MjEyq1GS0Cinp1J}3R;-97jxuNk`-8$vjH;!oZU*hg5*q@TQY?9X$4^7ftklXo=c zz%Ii$g;fO_fvP|ghd`4{2>DYlI@D|3NrdHEBL?Ht)pE!CCYJJ^SSZ;S)GNnZJYi@7fWZ-4%rIdqMaF z&QIol`eSY0MOY>FDE0{!Ro~`yV|QUsV6(8xo^SJBhwZ{X!-nr~^H#su=KTmWztrX( zi#^G-zMCXjlT&P|6DOrj&dtkrx(a5THZx<^>{aKE8(*4LIJbC#si>sbwc4@N<&krTPwCHFj>Z7cFUT!^nM^enR!%e_%P_eorgJMvZ+=N7r_a@97K%kU1d z7Ph8DRiI^0w8+9FT8g*@lojMrmMYM*`|1?ry31Xr;)etM0a0` z!O`wtE<;N9MZ_1K67M`EezhrnPI~@K zY-vr}>gc{~tyvY9cr4`=rKKfhG%Qp64CY{pKg|@Mrk3l3aW-OqGUMX@t? zwP}8dg6s-cxdhK~Ig8b)>}3^YO4RJKLP=Sa>!~PHCMt?0mx(OmZo<)ok2sjl$StnO zEn97x?aC`tCg$gs zE}&~diO6u}s}qzeB~n0{6eWd78B&Dgmz&kvZE{wPVG8xUtqw`e{}EwyQ5 zdE96#XL`BEmI=9k*YCqEOi#m17SnX%_*etC`Tat1!qXgTmT_j%y-Sc80qc0-waIl2gxVvL)xkQ>HhjWqz?Kr%e>@IkCQyQpOhzl zOEt>+mvt$BvRsl^<|lD7E&G7fTc)KB^0yF^I*O097i0PYEq(>;u8a&VP0H!cCvd&u zrfdiCmHEk^z7F(y1+FVe*OyLhGx^l1{*CC_4ry|6ohcXI#ECY|gGLn-zEJ>Pd30WNfvUcN< z5wJSCa|u|T`hG*Ncu}cuhp^f@-bqMjqP_>Q{ghjez_?ES0rm9x2gGUnWk9LcWNp7x z?q@ob-7zJglr;T%I?&x88Q^J6)m^pAu969aNiBBNYZtG%?73)PNKIwu{49#@&# z(b}muTp z;-8G}%qC!KSyO%0Q19}8&4OCf0+y<)6F=_@{9KhTQ*wL5~Zc%>l!9uiReuW54~iVvuLT9K=~oa3eP@L0cO zu%_s-9UG$GIiLhB~h>huLRzdo|zL zwfmcc&c4UF1K{%3chaDzt2D6PT014my5ll)Rjy+x{bx=`ZvG_|g=Ma;;w(;=hY=+7 zCYQPL>8mST;j$DK7kUbF-G!ItdSpaSe0f0spH`HmsKVn~)iJ5e#bA+gmzESbe=Vh> zdtO;dt}{QE-n&58+&nriP4w@rVw4KiaxBX&cDh|<7Jrm`HFc#Mv6yZ{uGNYPi={vK zSNVCCmAO`0a*HjlRrz!!%2H=By2P@gu*_4D>$Vg~zcH~EdhY3YkEN5)&3bco?@;b> zrlpbiy&FaCSwEe zO-|~j5Nootq$szr*r5*Zp&+ZfWGTZ#eBp_O#Vgq2QiY`zMXqAHR6W*YwHAJ_WQJxr zN(vn6&@3rNnescNlvNZf?bKJWO&=oWcS@ztSRFQ|#ral_(i(grxy3JZ$~sUU8x$57 zln`Llgp=_~(&_85DhsUnxeN31$BoO)D@?bT7RdEN{;E}kR#@fcxO`b*k;7LER}dW> zxbe+*=a!cr*P~RfCcF3G%Dl9su$Ttft&dz9>Mf~zr@(?r97Rg!b)dJ>Q_}fAeJosu zB}-0G=IG>6Qn4r39azi?Qx^Z`(cev57n{d_d8RD>&12YwDT{yeR?=ma#lLy^^sQy_ zZ{9LG+_LyLFPC1(EdI?ar%Nk~fAc)_wPo>dUZLq?Qx^Z`T};ng7XRkC=@QH0-@GEz zDpMB!=B=W0EsKBiR?`ERC9^N4TP%xz^GZw^%t>q>{}q_B_&2YBPR%U-&2!T8mBqh# zF1q8g_&0Bo_Zw{3z(s?um~xez<(5&DHN!D8bJmOni?bYAb7m}>C9V9Z z*06Q9YvDFSyq?|@yUVZdQGDpxnv|TBl4MItRX&25mNeO#WVKq8ttnQUHPt%NI?0-5 zot&JMY)wv1PD!>UrzTHKo|K%HJUJyP#hQ|wl9FOeNllrUGASi3WwI^FX0;{TQfxL` zs%@fek}b_PIW;NOnwp%Nl4?s$O`VuJDK#y1^2DTx)``gzQzqIbrcRtVani)JiIXQK zO|ni(o|H1lHYs(|#7UDTrA?ZgmXu~qOHNBkv!$h`O-!4VmX?c$7WU@^r zilgI19>U2f)PD+5&N3@qxyv1;jHA`MSgpx&NY!I~cUN-jU(O>}3dk?vu!L{%P ztOol%ww$=l&;u{W9%cF(cr$hv_7vfL*sIt(STpu1_BHkZ>D#e?GyOO;r5yA2$4A!P$|>8owwzNk&N!jL*OUed(&Z&#V5#or8fYtx^=czhnh&LXewtLHr)Z+e9D>7&QI8?l6) z$Gp3+DUVSGHhjpP%+I|0nD=(<^9 zv_s5Hz21JNqrLLSj$vbZSK)WHJU>7)w^Xg=5~_zj1AXeTbd;p-P$7ZC4j@l6KNZ zejf>6LiotPdba-GQ}_RXZSJ9rh91(ps>9n_o``?5Ph$<(_gKtPwayRy;IDh1ACGx6 zu(jAT*bmsGpN@IAV4q^iZO6Q`;Hp-?earVy^>CD_-8Zer35SGqj<*w6NBN1Q_hjw8 z+k5nx8``r^;CyQE-=*cbQ>()#-INh>Lc8}l)>GAy&URsY=eVx?x{F&CWd7&7@%xbY zRcy+NpZ|1T-0 zo_ud&=gGFG9>G{9?M3{q)_6c;S9#mCv>jcPo!qP4yAG3lZ^EUr?Y}v`MN-!Yj!WV< zPGeVjW|Q_l<+||;v`W@_U^v+6I|K6V3Yb1#{@1(lJJd~lU)pFi$GBY0EF9PL>0iQ; z(e2(FB7!TURGZgZ@C)*!{HEROJh9z7D6-w#tFKzdlz#1AcYlr*1Jv-*-?n=bhO~Rn zAIf}&b)3&jVeQ_dW`A76aC`^h8{Y1{E2iChG4?+89cHnp;RPBcO*ap5Ph;&^RBXF< zE+%Qq;bLqA(?+{+MCUl8&wnC(SvT`3BEB#6z2;=q9-yB3^nZ&V1dxhMl~4RkyV||6*lAckwhns;8}mobY1qZs4OkuaI+m4N zR_-dBFuSB|C68OPc|I%e@SMflH4~WjtR9mPRIj|#Rm3+B+%Ba{UfxczjP2M7FJ1S# z(-`IbA?2kQ=~!3Y6D``CJ;cxvFWu|$x$>Qb+)PuFWz;CkhzhOiQkj$V`V~uG|8hG2 zNAy@neb%SU_2d>8RupCE^<8FKQBvr%jL9u7DPCPvQc-S^mzT;*8MB*^o?fVW`)Zz^ zzJPhAr>`h1FZ7I=U7Voy6I(8r%_9wq^7xMzlU!x4;(V85Wm#@1Pb=)*l%2slJ!eZf zC1q1DL<_%>?pah(P*AwaG$MY&*zyskvt7l`lCoK= zJZJKRH=90DlT7enf=7!ob#@6Gk@u{Wz*+R9(~Ime@vB`Xe6+7sETn2OR#3^F#mFYg zm%Pg76_m(XZh4|jYj8?%QK_pyiC)0^Q6^^O6=vryo#CN7epYdAp4&CIKnX0&yLe_+ zS&64aJb5mrJXut7(5%#T(=jxUO_-jZd3LUwH)?!7YV28RtX@jVeC45{I)7PJ%G7M_ z8Fz;O1HR3)2**?(@fU-*&bP8;?HOWWj!rW9(X8|nevvMy7CHFx!h+fpUF^`ZPDst z&oY;%FkjzM*?n`16xR+h>bg_1bP>;r=q^e3HpRQ$6*Nf2QIAw+#yduClOCh9bBYp^ zm7Bj@@mE5OIw+GEU+x*&1A8U1gUhT{rMbn*H&r?xnA8@;-a_j-hnElaI#61<>2!BV zUas5Mj+HgD$m8r7p_J})IknZlNIuO{=&4Y~PWa>0b?EzefytN>_z8qgiL%SF>5X}` zvAUh&wSk45;`PshC~YQ#cB3p1uU@)Li;Ig{0m`naM9y@Vlr!!_HmtVP@`5HY&ePbv zsEiWJG_R+z0(g;3b{|>x{IbGQj}oOF29#-z6i&v{$fH&ztnPTqB$-O`R1$IGK;;maFsHt??Fmt-vLD1_5DXM#dj_P zell6DYQ_?`Q<=zK#v2F9)Z)c+GZq#olc$xGsB>SWY#eR3G-c)%m*g@dnsBb$lvz@|G^3<~Jy?%9t&9_fI&XFIEcpbGQYgby?>sNg<_U!Czb;858m7yetkhBB+9oiMSWrew% zJ=IZ07SA$Hn)0%(NrnmKI>$3l#sq0+CQBKEVhW43%pE*Bj-%@6$eD7yKDx+117*0D zMVUYAMXe8;RNY%GvWT2Z_)L#1IxqWbFA&RGS)m*Y)dWtVrrZioiHT8bZdu+jCQeC9 zi+T1pM$N_JLe6qd^~kFRCX6)|YlmgLc(5l!SxQ+2YO=g^%YY$ugpSfG@sf*;k^+7- zmT6_Zat$CWi4Q_)FUQKmROZY`DY-!Lhsu|!!@RUa-cl%LyipqO=(^qVXnJ+2r`R-F z*}CK1YJ(YVip$QXp_O|qv8P&Q7nU(0S2Qy@y0GI|@;EAvNwBaklxr@F`eCHl5vFX* zsBW$vI$xP&EzDR{M1kt*qPwe(|6D$~NRi98w5jsHjdz;0#ke4wYoY(~YImId0%mEu z(6=Y?3$4ntVrAFpV#Q~bl$OehH>~cTcPaS4zrssPN*TSXw4MLOl|I_796=ddCASje zr|KtUSn&&Y_I{IYtEfK)6*B_my~i^)(+{)I*^4-PhZnb3hU;A490n^;7Ic`_M2b4 zD9U1WKPTfNU1*xin8#HXJNGy0mXsrxv#g}_G_~dB=N6CVgAsDY=H!rd8OPMiIg%EZ zn=ZJ}()Fe_v5J(Nk5Qxilm4kweUttv?nCuViN2{dzA456%c#~1F7(BW^-XDMzVIpj zDS!DF`64g!N1p1RoEk9ca}AiC-Jfo^`yA|n(Z1O6{waU1vHr>Neg_L9Y6IpH>vxLv z6(T;qKxL(W(m&#>T{Upn~L{O`7=%Rdrl2lQ}$E+@gqi9 zOtd$>!6HayIt$Uuhrd`TzTg?Z0!mr(dY1By)-U zD;us}mNe3oFwj(Dhp`JHX%aK=!llvU*%nG^Bm}t|d0wPnAeUTGQa+FO;c6gKt-egcG(xC6=PHy!Q z)T5Dh`$Q@W#r-g^=vbJ~Ql-PfcYo)b(9Q{COr_FArrj}Jzb$daaa#024Mofz2hGM9ESw_w&U z%jf)s`CLKeOIZ}ysT52NQw=?MLF7rE*nJ0ZFxjorfI8foNbhVgIceZscLfKNIaQyf zPUWsB*jZaU7xTke~v=B_TB!4G* zFz%^_j`m>kBnLh&2qHuBWW$3;|Mrr;{UA!PS_2-c1mQnPdo&V+t2L#=qnBWEq*DLD zr#ivpN$K#oCzu?Q7b%_V%E3sE*TJr;6yFU*ke5@Feb0Gv#a1a@-6BijC2?voWIVqre%6sNY(++020!K##F(@xl9Rh0(i24e0zz+SABgv*Wp^`SgMRBDOWov91eLIy|mQfahE%!gIfC?7e=co zFP!tm5}r6~S$JIGTE$mMJp9lQW5JH=>nPyrm<(Dq@_A5CHuZ75rCj~Rn|#Z1m-_5n zhSeEorRBWTRaT<>1d*1P&tg=lPvX1Gq+bd+^oRE8=_~n-m2~whD2%T2&>NJ$oR^mK zJGolKQ-Arnb8>pR@*1?_6+s|OwN$X$P4AOg6IaW_l3RdT#6qf5&;?+VK0Z~@ylIM!@;Y_7Gea6h8 zlq)m7isW>7a?6*i1*x-;_pF(8f3{ihVN)9$5QN5?kxt3q3;zQHX zy^nZnn9eaD@!B8lWx9Ug5$`&9(x4;WdRPZTm-jL?L>%$P!NwDhcr#$m;3Hl)Y#By= z7(E<+m*99RphVS}W@X4nSXU}h}&ug4GCVI9nY&9D-- z!CII&g8VQOHp3j)1}kASKQdPh?XV8!z-Cwp+h8rs8A*Ov9Y=mx3)^5FjIO3$&<>kn z4m8J;AKGCpbi)Q%3!5c<6!|3`M&C&J&mH2(Kk^p zw8I9N0~=u_Y=O0~4K~2&G31AdunlIyXtr-1jN3qZ0_704!yH%%D`73Hg$=L)Ho^@2 zGsn_S9;3W*v>RaxOz?P*86n{Fi@HcI?t=6f5(eW&Cm&>H;^CZz)i3g?uU)=AT-}X{#xb-<6t$+ zfDOPY=oir zQIFfn4>Mr~tb|V30N24bxCz?tAU|}&YT8*HbkYvZcj71Q7jA-fxF1%+O4?cGUCfWL z8*U=p3`1|BTo?zV?`FQx4xKOuu7j0u6Rd^%VFNq}n_(#JxDCcZ`#t1`)zAqW;5t}& zFZm=44?=S-`EFxItjPIbujby%okR}{jdRMJkI)t2MH(MM>#e4!8lk6 zov;=jgpDwR_TM7$(0o7T!bG?U*24X;0Um_SFqHkkypen`5jtTeTn8)RCRhje!{`Ud zC+RSh{i71b$^HT}U?W@yTi_;Wevo|74nt+XfpM@JX2|{nov=;P*)J0RK>2LvOc;7U zez2{c@Fwy}7-qm`=!Eu%m>+b*O_C1x!#a2nHp0-2)O$1eVIs_cZs>%ya2;&iMt(`( zPJZDI^23HY@;$+P9;KWIXdf^R*1`SEwQwDbew_T04);quJO~?M=qAdq zKjO_~d0JqcgrA@sn6sO5U?p4!8=(ik=qD*p;^BT+_Y~#91{nGf%K_t{`Dx05iO>lv z;X2p=H^COTA4dO?{4f#LQhpr_-Ap+!4%(lg9O#BlSP9p`TDS=|!2Pfp9)vA0bPMYd z#zA`n`C%q>LN{CotKlYC2lvAUcn~(i(5;jw@zf{hPn1Kr8fL&2=!DUGCeX!VKvMkz79Gi{RPT}cDM<;;eJ>R55fi*x`X+@NO{l>GhhyM!b&0KnqQ(ENr#)D z8}5g-@SucWrkpy$Fb+1r4A=sz$)ETNtH3^1Z&}b*bEQC78v?4%Ln6N;;URg zkiQvbNIZ1H=+`I*+TkYXhWlYHJO~?L=p$@D7zbNm25f^)Xl~?sgmN?CI>ME36Rd^% zVI4dOn_=jatgqMMqr}5F*a$OV3v|NhHz)^Y!cEW(_rpqf5Z1!bo#cmcumL7gZX3)X zocJc?z)ZMK{NN^NKR`Lq4G+Rf82T9XfpM@IX28U^xQ>!~!uo+BCigq+pM>jRJv29Q z{UTu)`4sd2GybsdUDgBsIq%~~xcaY@KPbdx{($Y*xzM-w&`ezBlCfImFtJk)daGzFhHgxxG_14Jxg{`ta`;pH2vO^Da!x~wi zun9K8R@efwSs&&Bq_ezm@V4}dSD%_fz7ZLw!uiYQ*fS@uwMLN6Ey#h`M^vV`2ytGFR zg!QluHo@qV$qzGOq#&!%FCZwXg;@z@blSO=S6BW#s)82Jk6apZ?}FdH^P4{U}tum#pbb3FN>9k#+882KvO6WU-i%!Y}h z$PY7NCiSa^HH7P6y`+yOo%p&jlt;J`))KBvpj=5GOS!L6KD0qM%!bv_16yDXG>@Y^ zXopQO2e!g$7}?1BfHv3yv!OYW{Ll_-VCH!C2j<%X>j_6spd6S3TVXYfe4Tu!P!6=i zY#5zHITD67uo2e7HrNCct>lN9F!BwyC$zx^m<`*Y2Sz88A7;XOm;;+&HEfZ3!B)bJ zDU|aj{x-^ic9;#Tp$FE%8rTf$VPY!fz#P~Lt6}5;{Gbgsz--tIJtQWyf(@`0Hp9rbsh^$vFb8HsH}t?- zSOXiOo%uzdN;!n9VH2!_t&$ES-=UnTlmjziHgrP|tb{eN8P>xV*aQ=&kssP&WD|bS z2Ag3vG*2f#%z-t~4eMbwY=U*L6*j`iKa&sIU>nSa<{7PCC-u(Bpd7-Lum;w`de{i7 zNw1wnd4zLjQ=a(2$anFBHrN2OVI%ZF`|0E-Un8s`+$>?(0-Ip;9Lj+?F!C>y18uMY zX2VA4fo-rx;^(${o28y-P!8c{*aXd)lmqQB@;%low82W44cq3odP9FpJ6K40gmYjG zjLxDQXopR(61Kux82LW)gEnYBlX9RPdSDK$fpxGRw!kK6K8yS?8buHum(26dKkT!{4f!=LN|tQ2og3YiMw!z51v3%!{A11EDyB7I+zU`p$9g@8kl);t2cTu_f4>#a0_gL z(aT%C8N|C`E8$8Qd5H3$4K~7TXm(Q`%!D=24eMbwY=X7071lvFH=+hi=#;>9AGOVdR(O zhc(ovvW#*F*TQUxhaOnBigcK`nsQ(cY=X_OfqeE$DUWa_jBLRl+F%RJhUUvC2S&ph z*a+)kVkPCkOxOzDF!C$v2W_wxX2VA4fi18GnlC3mjD}6n4qKrcMt)6xc#wLT*H8{& zJIsce&^(0eHs~Q-2WwyhtcT6eMtbEHT#v(?D#|Cm61Ku>82JtLfi@U@CFR0I=z*EA z23Es*iC;^8*aBN&-Bn!IQ*QJ+uDfMEF!C_*&;}b}Hf(_&*amB0^wpFH?XU@E!d93A zBflj-v_bPVFE%4Vz#iY=w!}lK(r(gEr`f*{~XVU>mHF^y|nkVb}!C z>&XwJVdN3!2W`*|vtcc4lI6UfawHwrz#P~n>-7e%?}u`~2{U13HGVMhM&=`aunAVe zR@eX|TiHI)23ue@tiFlsYw}g!Mt;JLum+lIClo1v5V#0RXhwn8_IJj(Jw8*GHx(EKp@VKl6Pc32N{U=yr`t*{P8{=od84Msmg zerSgtm;-BI9jur1N68N>VXMT$$REiMZLkey!x#*aXf0A7S?bXURF|kAE`L5|={I2nsz?gxXmyC^GWCYf6$=l_0Yj_EV|`kx-J z*X}z{eV*t0T&m9L(>*=Or;KOJ$<}%~&5X0mInO>9*>ai5r;TUIJ?wDuQqLc!Sut_n z(q(nDJDg{ii>$fKK3AE1MnC;a?g`g9d71j3RgWFcGUq(ITx5^Sq5U~^7=7M&rkorY z$7vRvWyyK=xyY8wjJ{wz6YgQg$xXh#ahhGuGWw#=Y1UbBUc1l5aQ#c_FySgQ?qSKv zfSV zzOGKlxraSYZc(4pjQ>L&rkrPoi_E#qnyc({591Z%C)DLMbI!8lJZmnp&t znQ-!Q=HoO=&NBX{@l3cFaxSyrD!bn@-hPU2Q@h8>_TSbr{tem_%}U9PgnJ?wMRpAU3@uAct=pmxhy#=lUP2^ZO8N5A}6Ubmrt z-`7XBtXTfq*Bd6k@pb0<*6~|khnaGQIpS;xgbf3Us8`#0mg&XXk#r5~dQ$giS4;}i9By=22aJFZ7p*Z-#OFLM^xxOh;oWEq?^ zj@31dV|*=jZ{|F&Z5$hBjIU!ndn_1T&$w_sHjW)8H+TK|`m=ijbxzT~q3cYTv0~2p z#_F(h6YF3)r5+0|JizsvsvFvjZlOODMmN`Ao}8+lc9$jd+c`hii#r;p9pA;cTU!6! zv>B)R-^%mAoL#p1*Y~mx?Us>qOHb2}J?5-guwlvQbp4!D!i*V9`|pSA_T4gPdT-;H zvt*AoYc|a8qhDAz3l^+dGO^y4Sy=aseoR@g!;)Rr>@l+biV6E65BuTN1NFbJe%d)3 z_82AB!GsMnM)#xsUCy)5-1YSS7Y};cC5zDS0qQej&72LpjBc$y6PCD*|KKzVEq|$@V^_VhahdH}kHa>c|I@$?KW~`aBVf+Yn?qEC<=FHe- z&Un`Nkh5gQnjJPQ7)@Ir6ZV-gdZh8}uwcoOHTz+|k5WfFWy6XS57s_Yy*nDmL_2v5 zwOeLP9;+@>7NH+YR;<})!{~A9+(~~X>@Z`&oD~c9Su*Pw&zublMt9bJyzwlUF@A#a z%vi9?l0DXJ*f4sc@psXW33F!bF=xqweU@xlGdjz7CXDWCJQH@AvB#Vx3-+I6JfkNY z&*CY*&N#RJoI2VKqr2(bl%UxH$WTIU$W5b-uv(;hFJ^EEIP*1yM&Ca}fq0Q)C&f$d@58_O{ zbJWvrnK6FJ#e=W-OVrV!@UrmN~{#mCfR_HoxAuI?v1H^%k2!0J=xalK*5^wSJE zSA(BX_YuzFv-ZJ?t?TjUjnnS1V2>sHtQmj7ydh^aD`&z!Gsa&uo?RA9zvTLM`~0fU zEiAt7^9r+X_*}vCTk3`Wj2`Lw_q4>S+iurn$ym)_?7Wn zU1!2RGp2oY*kQpgOZHf^V#9`s`y2n-IOfdRV;QdhMt`PE+}|FvaKBkF`K_Ee8y1Y* zw~|xNxA!M?oO{JO+^0XQ6V97Cdn_3LML%Y&L(YZ;Bj?|3%*#G=wk(+a)i~yCSTTCE z^>NO9%>LJW+7&bQnTMPO@Z`_oFxlJ2aIRJni(7B zj2>_NLE~94W1o3wx5l%_k`-$zXU&!knKFKj*AE-*9-}84&xAEIMwh!}Fr#0|JX~kN zhGoc)SC26pri`9q-Aq_8V~;s27OYvaAFjW~xu2kpcFKl1qdD_jUL8hPP=^U~_E@lH z$?S^8v&$yrjJz*bOjusYc-G9r`!x&3k?~B}Fk|#I^D|+=j6LS8Sg_BM4QobMHl8t~ zryI|N6&LNVxQ05~JyzQNN%gcF7L2Z`9uwBgudNw?@yr=5 zI9F!c$xYM=*IBS&$sTKFQ|ho}^c>@uuwlmNrp7a7!Hgwy)-2et$LP8C!-NepMmM`; zFl{{r^N_P(&5rBQ&DGORSTkkAmeDr-Pq}2UpkHzeb+rp-;W~5nS+Hfv=$7g*W5bfs z^UTMD4Kqf!GM)(wW-QrZ&6*A4#Q5i17ZWzj*fM8yYvY-)WX76ZHY~&Su>RYq^8z^& z=FHe*&WZ&au7>lv?InYj`KiXcUb1G(hVkvxo3~yjY&rE>?c1xX-DS=m3zjU|xq~{) z*|5vZxR%iit#evE7R*>NXU&2QOSY^T-BBGTj9z4aOxWeTy2+i?3D=o3XAyFiELpS9 zhApEPt9xg47&BwSo_by8+9eCtEZN>gozU;D>afG;9Chz@$zUa{BUMj3WyY2{<9n#X z4oh}fv&V)FqnGG+Pve;~W5Jv?3pOm-vSxBGkU`5<7fE# z!IBf|#Lx6PVvjSdILFSjjAx%qjB?|cuxsAtdB&e>p646Sj5F+VjwKh^aw+65Fh6sy zg`5-CU2}>JXBf>J&zKABaEV>6vB!xw8pql?k{24UU2rB`=Nua@u;miV7nz^Yi`8Mm zi8omnrU3jAzV=!u~nMoHH!AC)}r(s1tH7Fk}2qIhV9cuCU@7 zYfijbzn7|`U-mN36-!RJUUM;w@5;54m#fc)mFvA%m`A(wO7*mBE`^*cY{PY?+s*S9 z>*W*+&amVhD@O0KzgMZJopOmCuCU8B_BioY<2c3W)#@PTNoSb?StiE3CK{`f=jz z>bzbZ7Mx+jId;!ghdnN_<_e=X7|)awUSAzfvCA12?3lO5_}%)y&Fe-xXD?i5#pvz& z%d_`;ooZKX*=O#0e!lmKe|BCU@cPznI3LHW^Hvfh6(|Cg;-JO3KBdz{sdYW1|E?^{2MA38VJ;~%N7-Lhoz zWA)knsru~vOx^dX&xF~}-7n*kU#X|vGH3cbby)r0czO9J^|ZTx@wyH3>{2iEXVf$Q zZujqe=N|1H~-X5>6- zCgGfzGrorYVSP-(Jj_CU7OXOK-{s*n|6zgQgob@e?XTu__$(DhUI`uontv(hear=NCo z`@MrT?f9){k@&ah#rf9F1X{k=u!#yQvHnZ1KnyWm3T$0a8BRhJpp z*x|&#sn01EoMFj1_PM~8OHA%(JUg8Ff}CsG(f!r=hw-F1f~<6CYEbQ|vuh9afwR*SWx! zOCisU4>{LZbK>LX;S{5X7|)b*>~Mhvm)PeDlZP75j4RgF<3y=0r`un4eQDIKz^2>~n$9tno~_!VXjObRVORcEySR zXaAgH@3HEz@ffb8z{YmO-7hKj(=G52ju&>>Jn)+ef)7Af^a}0jT{XN_3 zkJU5H=X#$rjGwjF-+xu_+2#w^xxki7A%BkgOxe}1{Nu;v{5 zTnPE|^k;`FEV;&-6aVgc;1r|h8_$Gu>~MiSF0tYYTdpyBf$^WxpHs{@!-8|{ae*b5 z7|k2cglo(=@oD`y#ps2`Gv{2m&IOiSV#5_?FEXAvCzj2}DfT$SmUE0=Y&oMUv3@l3eHlq>9TjWs7eYaFK-zr=VZoMXlXcDclowfmO5RGpA> zjX5X6`!1(garVo6nfHgvyf1hEwL7o(eyv@c>-l5DY1flC?)CSh)#0S;C8t?)HuU2v z<2UKYl#|BgTw?oX>tS`C^@MtFv!1WWImMPU?7Z9iE{pf*&***Xv3tI+2VXVs2dtOL zlDaHD>g&c1bw8#K(@$6rd!O=khV`edi`i$*_ch}xUzgbXvU6j;!#lXZ);@o4SN-em8%%whH`+HSnBREcV2PcZ?(_F>^_$-3@7v1nxX<6iwGT$$ zb)6YIciK1Tx!&b6D;BP2ciuOsS##C(h7FUu82>%z&naeH{Dbu|)o$)?JmY)p8}!*S zs_pBZ=3{a%^D*Ztqtn#+zVYm^tMqrCJ%NVtXNrZlkFSC7h1nGO1c~)Fxd6xAvezNoUDW76ptXQ%$XFPkH{+aqu_1v*$#XeWreVX?{1ooCz6FOB1zbLc$R{P7kmU+j4{Z+4D#{@Oa3 zvv`SqtXMODsr~#${g+uMqptM@Uv9tbGybh}e}#21ex-8@Zr?XpVTaKl)p?cmu=^V4 zz}{=EgW2oN|6kU9uKlolqjBsM#{IW>-r`(Xz16(T-?neC#^fE&?|^#}~jPv}9{+~6EaV_a)4l@>$C5~Clh!<1_wXJuUHC(ieZn>QstRri3L)9i4TUCzjx zpQ)?eva8+xTz&267tTpL`=xopIQF$Wzfxa2XLKe1Ue&&H(5{(k*S~fi+I{BQ{ogp3 zgVxKQcJo{7(Qa95w>zy%JNljHT08o^^U{u)MEM*^?_^X=t@6L_+ zF7vUw+xl7Tv2J!Qw%!wYiG4HMs}9qB&c`}>Y_y~O`fJCWZ0(B)GtMyQ9D7^{`2q7^ z&AA=4Z>E>pXXww>(4Tu)a9Q47rtYQAb6`I0Xw&{dq8&57y7e8me=wt+GtG`^Q>4y^?ilXKb~zXurRo=Xql?X}wprzTj1?*Y$#hc63$a z*+0?vYs#;--@jkM>*ebE2a8OuVI6EH<=1kbuB8t1Ya7qbN&5#Y>|MutuI;{G*ZNss z&$`)*tv7gm`(|+ibxv~MZ>SFYoVT8a1zRpLKG}INWuG})Hk=+fha2f{e92kuiaGn? zI$JJ>d2V7|*RhYA>c{eC>a%mo{=pvhZ{a>(SNm4>%YL$duol|4G0*k1Z@Yi6z|QTQ zQ)u6Q|6np!ciQ^d-qHPKb7%L5*3pOkn9j6YbZeZML&X>*U?h`xrvHlyXd*A*3{*v+c zQ;*I4ozuzk2RbL#4{}aSGwWmZ5bL>-_8HED^;YW-?T6d%jXe*u>al*LeKLKt=gvC1 zTn+6rt?MS%&CK=UG0t5(daQkE$6RE>k||f%VV_;L>@nVK9;WO(&i>RX9Y1Y9$^Wf9e#l>G94p3`H}7`m&Wbr(7R+8{9D7_1*V!_CwQ;@<7Mx+9 zb4*|3{@&C$&M@a3D|W;61Zcw3%(`A`eZR6V?UHNS=}xZ~?TiaA zQ*X_Bv}-0^`Jc=ia;|FEe>MK)+Pj=r=(oo?zQTN$SobZ=x8HN1T^y7%xl~=(i%kax z$t$gY^MOH^(Zm72H?9BW4h*W0AFs{qgad=gTUsZR?bdmv1A_(ju6$t7XK~d7gXvc} zm#ZD{`>NJ^P5tyQuXSKB!~EI@25YXj@qt15YV8{x7%Z}TlLLb$v~Q~4Yn;=~4-9(D zZ*^d>hi&5eg8OkB*V#YSb=J2(;P+&#_s$0fORUlZgO`nkqG#5nDinRb8Hxo9Vkw2sh^Numzt z7(dE7nRAsDqg(5LrtxgJ$n-G>{Jk^h#);b)&xFzA4)}Xz#y#G?-(cP+n=f2{ih4}B zhhd)+r=6SmF*RHvw-JWfncJ>VCtliz_oI=j&Q;mO~`IvKw75j{y?|$FT zIWc4N0(Du=tH+kn?bUsu`B^Y$^CIWS`X%Ojlli*l(@tM*zB_ncI8&&*{lK839lgqV zu+Kgl?qSPl+WKC7U@*m$DLb5H&YWE?uwaipF0*9Kifin%Wy{Gss{0z}&4e>d*mQ>~rEy_OW1{jF~dwEK}ypxWEp3>~fhs)~vY3h7)(TPR5L0>)aSK zW5PM6?6SiiyR6t_pA}oyoV<&5GGW6Rw(Kx^o&7T5A~P;C=PC>CVUN*WohzqUF=fqJ z_L;L~!T9x_1E#FmVZ)pgce7r`EI7>`GnSlV%>_1GVs!3-!3q zy*=jDuGnMEWj0)8ez9}Ar*(6h(IwWwggH|#u)`(htXQzm9`~?fYrcB&;9&OM_ILe* z{{8E6*1;Pb98A84H#|7#1W%R+Z*TUYeoWbY^1;CzOD?d_RsHg(sLMX%4>hUB<2WO)o~k~hr#UaC zPdCp8od;*xveiF6TR-iBtBjwi{%PuPmhrRfKeQSBtLGy(uXglobwkcRQ_jfK=Qs}* zTw?NE>y~#odAjRd4gH?y9G293zW%`%92_jOn0K!FRh(tRHP`zuay}n&{T%CYz0XBv zFR>1mTw~{@2M1I4wm;6X_cH4UZLYA>)i1Oe-$(o9>at=dv|phvbCxV$XmM3-IurUe#Uc#{kM9K*nOLIuztJyaDV+4&C8fMbN1NfGHb4} zW%K~+c&GlXxxmi5ynfkb!yYFdXkUz3bDDi-Y&gf3T}JP=FBY8rFyCWd?fAXs4cB|d zKgd4bZ$1|1n~%{4tpCCKF=6yU=fsRX=B!w=Vdq26BeO2fviyj14s9;6X2m{N*|K5w zar=0P@tkItv+Q$$X=%O8ShK@5=4@GT@}bU!2`grd{-1MT@k!^vh9#3v8PAk0GftkN zE)#Y+!*bdEV#Njaxy0nN_Q8S;dz{#+KVw#$W}g`w&av}3=f;|=A!ieEPCU$cFlPLD zQ_guD?6AjqmMlVh#eHDK6?VR1JkxJ_ejceV zQ+7DZoH<)AF#eWxu;NPa+t$yTlaI15CTuvv?su$%JdP&i&uCxhij%YG=Q*55|Acj|KP0Yfe5vJvOfAYn~hJ{vTcch;jer9JH(d zR!2MeA9b`le|E0gHH$F5p?3aP>(Xwxtljxv=cL_dKeYemyg#bVgq@4*E40}S?Z11j zLYsAH@3PL&X8bYdwcC0a?Xg~UV|KOc1NO`2GIc+0-0`j7H?z+xwu6Z$>VMUCFw5-Z zcF=ddzIi)X(vDAQ2a~07w`~U*vpctg71z65(2nob4k}h$bG^E6J7|LsZU>F)-K-tN zpD>=2XPNgQ>S)(nsU1D49rUz|$LP=GDeYj{_44f2?~j@9`NlsMF=Ni01q=4L#EL7d*=NI+(TmML zrw&u5oMpzG9WF3uk6kXaV9g%aSh8is$)}o!3HzL3!wy@{Gdjom7;}j!SJ>eibGGbq z@@eK{!X9T>vcrn=tXZ(nB{rwJyzx&19zFB>i~eXah?xyI~u&g0qk_j+}i zo@+d_HyHmMzR`IH-((!)!nr(GJ-j(F&;I%5`K11wzd-#D zxX;=hPHN{&*ySQC&ah^OeJ-~GhxaZX6&%TdFCwG~WPP z8#atSrQW})$CNYda*h=jShL4yNgZbFvtS!?#-Emd$n(RD9Tx1e$3>PbS#gCm`)t^< z<>azDAGRLGoMFm2X6%OR|7JZ*xEylUA?F%9Y}sY}8S^t`#SZ)IvSp9)N9>C!`|Pk~ zm+@zfXUdYZteCUr0{iT-_^5S+>s({}F?HDGG}J->le6x>~V?p zzq?<-PpK2~Ppk6<`((oUv+6MVobwIWS+e(e{k~`)U$9>0Us5l$E3daN**8<>U$)Ll ze|EG>Mqjoc&TBU;LVqqX`igU6%vC0Am~uj$mea;3UsYc_Wk);btag_<3ofw79!oB> zV$C|_VI3i76LLm7w7+5>tl15^Ua?`#3D?uFX|v!oOJ=MXeO3N->tpmE=3&OU(4R}8 zz2drdhpXBZ+u%2h+hKp-v=3%nWX>vF|F(WCeqjEu>3^Yl*)V7NBkO19$L{ynW2Kk)MLuY?^qubb~wW>=UA}I{J*U$T<045ocOLf|6@L;Oxa^6T>q2#*ku{6 zvu4GG@2UG|&l@{`@tm>O*jKInSL2!fujhuv-|Q<~zeqphb54ZuOup~j{%(Hlgegc78Y+;Nuaw|px<7IK+LsRI7@uT4%&ub`yVo`Dr`CBrb=i;A zWpo2M(;LcvWIvV z>fc6Pwp?a)TREdsFC9$%N?p#fyq)pPZ|^)7Xvka|1SeXw<~$gG16S6M&A zxZkONhJ7&JYX58=W_`c6?uQ%4{1Mi{K3CYARre3-KGHgwK1$AtHRDHLI%wHtvSu7R zOdoUUpk(woIZLL0bp7#{4hptUxOC8G{Y2ybOMaI6%${Uicut>vso!@s4=d)+QHSxX ztn0tc^ET`LAN3ZkhZR>s`(3X8NxyeHA7)$#?e|zOE4J*s*SvqW4tCi4C+lMRKJzjD z=Sv6CU-W0n&c9d>TbAs--};%JuU}&xPO-z3IcM2r&g28?GUX~WHtcZXulj$`{@G=R z(Z9KVgDrmUW-6hWqzO2b=EA8yKE3$V%+A- z{GO(HCN3K+v2(f0{QLK<=lIJ8Q+w_6gv$nVtgm#Lf4{zUM3)WL7++bw&vnkRdllmu zU;Q%w-hAUYwO_q!$l2#2i^@nK3Wm9=C>tb}8`^lJ#Ojt5I{W8DDy^iOpO5_p9`0$&3}}!u5x!AFgxmWaG}TAMKodW)Ht?5N~mv(<~lgKkTt!JL|j| zJ<@$*pOX_?HZ@GxKFYorJ=!>CXSz@9ux9=k^)F{!$NgmU1nXh`MDsH~OMbj_;51V% zTW9`E`_S&Q%Z7_Ao@L)ma_cz3zBt3|*`5>DTxR|p=g;W5>Rw(y&NJO6XU3Whqbt}4 zr&v7CIkCqsOD?keeESbMTUIZy|0|l0Gb~Vr`g$?_xUT$5H`kV^B!n)XJm)-5okp)*6y~;dnUt_;l)?RRaY}jSX#c=(##xdp! zOHN$He2iJV&N%is$L<@9W66>gSHkr-nvVset6CSQ*}Ta(w(PPjjAO+WcHe9q>pUlUYd)RrO^-ju}vHJo2SbWI- zn0#2hYwG_|=fTd$teXw@u=jD}uVw$GeX`F*mY>j%75nV|KlkI>>T-%brYt$j=#$Qe z?Y}$c(EgNjX7*|OI?23Dm@RugLz@fivd12mS+QpG8LtPnoV<>DpEaHZJ4`-jT)6&u z{TXvDw7;PLb+wtWV$PZi?6b#)%Z$Hd922&znO;xMS*Bk$j(skN>#T!c@w~*=$7#l2 zb^ffr=6PfJb>|n_?6c4AjkH&cXZa21A96-Mr={OCFEd6r)}IOEZ>h_SIlC;_`?hmt z^&R&)_+8^~!tcphbBTRcOls>0*V(f3ef_6AH=Jdc^Q^eYmdlKPV7(#d;?2}!qaFQF zUG19DO`Qj)7+t6?)BiL-vmefqBVa-+jqhB~5?Ut=}_m}RIcJeFhIz@lB+C664 zC6im}&pGX^?>=a!zi~b+xfa^L^*kh=PcDRU%(PoBX-7M)H;m^RyPUAjic{>ftAF-8 z>*3_4!~Z+(r4Qe9+&L#6cfII@%b$1L2`7f@vH#oo_FaQp4*LZD|NC#+G$jlDx4&%H z;M6PlhpU`;zpI?|psQZ##h2f{>0Z~p`z`M*D{d^}jZ`yRO`!h3|zj8gFl7C))v(fxX>-miQ+w$9w z=FeWw=j8t*zsYF+g!OzuzE6I}XukPDhdP93a7lj3yLSz)GMYbdef*02B>A}UYw`!k zZ!22#!e)G}sPhKBCBR|{t>y74*TF>W(`MC8j4C{{@zckFp zjbD+6{f%4y+AzP#==w&^e`4bB{tmqt{Nwd|#`^lFhWW!s$8Ubfp$_5x%*fwk{#$y^ zjyzvmZhBnk5b`g&&Qnn^YSN;*5Ca2Bj>juzx;d0uWw0yl6>s`hxxemt;tU@ ze%$MG;&{)GeBAgc`I++Tj;{Za>*q5w%&#+=&#vcl!+hNO7mkrH4fCsw*3Z`KuN-6i z+AtsY`k6T4@czfGZ)%v28$Tnz%LeynZkUf7zaS6yXYAL%VSeW5{x?73$n&!z|GDvF zU;o2A9UcGT_4AwXb$Z_h>z_JCJ~Pb6?JrDw+)KA+hdz;<;Ir2QH*Gomx#aNYj4Am8 z-n47*Veiuu^AF#;{vPtq%~pAObo_~j-bXV1wtF2tgA?bC^wSRSGqrVWw~rV4=OZ;X zZ#!~Mjr_FZcMl$MRQ}K-dE|4>cKL~;`GeQbDUolJkGoIVFu&L6_?NDa&*f*GuzPUz z(fsh+=%Mu&@(bnT>X*mJ>tp22G4jY8=tlD=$H=o|F#N3*|GT`N-$2LcZw=D)gSl#Hu7y7 z)Q_UWd3c?zzkcq2q<$hl-}rIopUHQ~Z!tQ4?$GeV`np+<(S+?*F6L_m>RwxzT*{6OYWF$uHbs{(P99G&=t9m$Ad|f5Uv-=d@CO-XC@i z?tIke%-bLNoLS4m^EYrvtC5HE8}~Ul^5E>WzBe58 zd@US#z7qM?zw8>^V6^^Y*3Ty!<_{XpHy{2+Cft);zTNl-9+l6m?_YkA=V#pdOZj=m zZ#`=K;SVUGel6dzLEeP=@*f;E{yRtJkGwIS-}pYm=ddHM|1H-FpTQ2DUlQ{F-8J~{ zqsIUK$oNdY?QhQSsC?l_p38U2&pj%C&5^v2Z@p;O;I&8P+mGa>e8&cPEkE_|)iW0#+Ijn4n9L(?DLzkG-ME=N5dcR2EVWb&Q6cMa|^I{rE9<8%3@J>&C2 ze)0x+DL-w4yq2FOAGiKSzHNi?kskn@w?UrBFW4Z@EiL{Q_4@? zAg|@8$;a+rzIB7~kvG0=8{~=nybbb9e!&Lw=kgsJj4$LnH^@u*rc1`3Pc1)LK6d}| zQ#TkNd1K$YL7vFBZIEa3^EQ}2m!H4E_(Hy8gS?dQ+#s*zoAz$7fBA{>JLq=g{cYs+ z8C~1?Y>+4NtsCT-eA@=|=kn7gb`MS-o&Ry`?+?W=ztd>`y!E`4pM1I9{(JNO_m7{` zJ$F5?!+80)uRo1^oBZLU<41mu7x`dzf&7%w{3+}86ZsDLQJ*hHKEGwh$n#-7?&lQ6 zFu(uk{G0E6XaQl)Qht&7eH*jB|NE`4ua@tWkNbSy$T#`^ecb*cKfpRs?vJ_F>u+>W0^O5u4y#DipOn#Pp|55p#BkRxQ;q%p7kNW!Y#v@-p3i+v58UOuB zIn2jBAGLhz2IHG!c+-^kDTGx;|2-*Pm6>iYf3<=Zz{Uop(be*Tf4 zx54=O79&4-@N|)aVEdO`0(?rBhSa-Z;uW= zKe>E|+{f_s{O})h9LkH~_?wRAXRV)KIUGMbnr}Y*gZe|C|Kyvlx_j*B(`J~D`~D+R zXH!{302HkBbi zarfYMqj|o5KDB(O{ANeJzHW5n_0`BPy4v`kFGSZroR9nYOd{WQ_3`V=(AH7&*7V4KJNZRzOlK;{HKkMAN~1<{KU!K zV?SSH@{>2nbNQ)qKZaXh-^icy6!P=s!pTkEdAD(~g{*RGo!+hNQxjd|YTwcg`$j6;eDL>Wy8~1$F^3&wwo{vVp zT|Vylh;HQT%LdO!A`j!ooliE*$E`n?Z`+`LAwNq#?*5d+eBAu?Fn`b{|NF=1!;zmq zH1du17kOh3`+LYyUVHrcmcxA9>#LTZcHIqr z{x{5@e$@UB|9~odeTlrWo@e~num8i`F|MC)XZ`C>CO_YJKW13ZNB(>#ALhwu{`B?n zh5Q2JPan+>|9I}u=YvwdQ+~72{7LKMYxza;anDCH%*U-S^1)^M^>z=&ef~(~=gG(Y z{5q4LFUR`+M?e1vE|7n7G~fKSLmLR^U&zmj$Ja0A+vMY3AN4S|&Gq?5e$Szi?=XJs z>)*yN+@O9k%*UN?Hq7rbI{ypS?@unjNd2+zfAXF3aql1Hu>QF7ujS`me}m6|!+hNN zMINj$eq5dm^Ks{!$6)1@dv{R}AxU=Ti>rj~ibP^Ks)FdD!2$Jn~@dkdJ#l z62XNVtUnv(0kZ-@i`1@B5^Ktj5K1SXQ^Ktht@`d$0^N(9!B0pa~?)$#~M)TpH zFMI3T6h2?VPe&IvF`n-GeJLz@1244yN@{xHD{Vu_Jzu1Fv znm=!PN9dQ1)_dJi^=9-t`}Mm9Tej%8eWc!&=BRz-`fdC3u0yZiiEN}^_!>BJ-xl>d z<&C=r_Y3Dzj@G-&QS~bQ&M$TiPB>1#YNX%h{YMIh^IOyJ+&2&VT{ym9r1J%D@q2!k zQ*Ujg-`lUvqvF`h9z}-*t~#-)gA$&0T|6g!Szl z?YHfy^|kt)|Lt9acZGQ`8tr%PQS(k&|GEBLZHMV6IwSXObNJ!!`tuS#U!3RX%P$G@ z&X4rlG9TtO`ta{l&FlB`%XSUE5b6~p{WgF6sCqs9wjOu*^XA0)BmL%&bUXCiuY~pa zxpnxt(8L8J{Wgam?yaw{(eFgRe{-ncj`95_eI4HC=cNAg8=EFB9O<{^qv2;YNA5?e z-==8y;2MXXgGZ0tx62)M&U2yOm3JTdbJ2--q~D?6L0?~A_?0ZN7e1t} z_gmKQOh3oDYv`Ab^b0?0I^6B>`=5T>{Jdl-^vg#2ZGQKWjvj$c6TTpw;`^R^gn#ag z^!q>Wr-^UXGKKGN_1)SK1sT;C@hs@EOqH&QQrz3Sgqz3Ytsez=uif63>B2L{e;!QbVSHzF{N}^IFcQXhBkSAT9vNTB!}_qEkNkOUUvQSsYkwNeH?JKT-^zCw@9k@S{K)qUu^%*s z`lpTNBR>yI<>#O5`<>DCZMk81h7X-zXE^?9qvJ<@Z?!wj$9+H63;8L#$NpY!CEqE( z{b>D>pU3y*n{F|Fd@DaM**$pr==jY~K5{;>!rQiv|GbwD^Kt9%4D-hxRsZl0)DPW% z`335Se?D@5M}FU^H_T5S%}4&ctQzJo9L-05-?J}2@nPeCUewBWPLKcdoH+bJq4DE> z9+1kn-f8z>-1qYx`A+-0`{?>ce&4M-tUvDc*OQ-Y{;Q3SA9;SNVLtBjcz>9uqvKzE z==L6ZK3n-|>fd-YANhTm*bf@F%E$dYEtQ`qA6LI4zhHyi6WE9zOo(DV6-h zyN^HLzWhAn$9=!i4#!Vi&OHD4dD)gh_*#GX{m+frX8gGKhg80OgS;aT^N;&^Kv#aj z2J7n$^IMMIpOHULtK>V3_vK)H{fA$^ht}VhU${Zu%6H078y!FL{uYNH=zk+i`=m5+OURq~6}pF67l;U74K z`TO$I?lu1YweoGJ?H-(e)cg1Qj=X=zcRqYR%nBQ}B{+F!3zB=-7e&b%BUHJ}q z_+yD9&)>-Jll6vq_m$!!D?fjO`xE;B81ivH4@u=`IiGR&uQSZY zJwM%HKJNSdo_y;D_qQ76VKJM#d{}_3DjQVl-!fpO>_0wbIonz$PVLtZxKgRg#7~}iL z7~c-_hmD^9=EEN_!s|Cqy?@&O*w?>&tNi{)jlcJi*H=frT|V~tALb{Hjvx7bjGp|& zM~#1ftK{3{NBz7!)bhXB|Mlf($xjLw{_*vF6m(Lf*k2}9~ zn2#IZk?%Bq?EZ)Oxca?eKCXTx-}Kn=>+2sQZ;z43r)^w69p*RC?a1qEv5&xaYek-)a1~`K#ghcN{hUTaL`%mv4RC_~)Y?=Hu$e_xAp8{J1=opDG`B z{+(ey?){-VtbeW1^^g2}A9}-l-1$`Uu)q6`j^BLR`u^qH<>P*zp_N}Czy9d>k=kt92|NVaFxuN(g_gUNf$Y1PR`U%G$to7CYSqeUk{&||K{vqQy z+s2jlqwYJ-!pG2Oo3+BP_Oizt-}CSZxE22jd>Vd^)>rpAcO19oH|emi@?wV7j`)jW53${Pi=hK=;#O~Z9ry(LX8M`f3b*zj67Xrb)&5dW|4()N>b)Zw_y+m~%_H9r z(l-k~a$xuKT(A7$t8lA*t~hSx-wwR>CHDHJ9Yx_*`%1t&;8y>df)Bzwb^6r)K?Xhy ze~9L~{lmxLR{xuK+{*tIXWv@C?KplxsC_>uXy5IZ6aP!?`kR1Hz|YqHU*r{^*FUA4 z{so$={ke?Oe`6^A@gV+Lc=yZg`jv-w)Zr`e);fF#-T=>O|016b>Rd=Y)CePgW7(?Um$w*AHIQotA4J)8(v}O-_9QT?N9ghAEx71 z`x6QHF!o=idBlGp*c<=hN8nceWgNHa_pIYXA^ZLU)=NKp1N)Z#isLb@?>{c!)z2Nr zt@hJCK>vdMl-5`0dkJ{QEA9ME!CT>MvsdcJb(Q*&fp^!@pLO;VT3?-Cj(-XG5xABADaWn;C$oqCtm9Vs386R#D9(E>b*?uT(s(bja|PJ@Qyk>1#g90{Zq#2a|~ChfBy8&YoD|5Ui2TO z`Dms6-{kK6kx+exH(#`v%%yXnd=T zuNio2+8$qL;T>?x|Gd+;+V_gnx5n2U`0{IQ`|WIuF2b$xF##Wbo!!5u9Jj{D415B8 ztNqS8ZjFz5$4N$|{;2VB1%3qkR{h(7FV=~_{W(5onxyPk=HChU2Kv34tNC>b-a2mA z&y3?%`Od-{(0{15f3>Rrd+4t?eKY+|-x}ZBSs0HI|EqNTYJ5+?7va|Uo^sr3pBcxk z@qHHF@OnG{@{U{M`-*;2rR|&L1_tr{KMH^fS)BHNMZn z2hq32_dI+V&N9AIKiz#-Z~TWh++_Q|1K&X3Dxdb}`TSnmzPf*raNN>QId0`&2EI!C zX8U*C($B*s{g(cU`}VE)6Yxdix5m#De6CLZXW-ND$LRdk;~)G;9iE3T z!yl#f)%dsq-+-Ixcibx9_A7jSGyU*Y>@$t3)W1mOd8rh<^$m9am4SD_E&W;eAiP`K zSNGfU@L~9cnydFot-#0N*7&jGxHW#Z(=kod(N8#TKSe`Mf;H{0>g!h7L4UA}64o`Y9}ZUUxr)yEAT~lTGNpVfX+j$8T}_;9`S!w2iw&pU4A&&nQr$8pQQ_F?*8;+n2$5N^#MSDbx|@4%h(<5vD=;B(l& zTLYi+{Q-4E8xeeanxcm4|>gIo4f@Co?qLi*QN${*hQ&N}rU-VL|L z-@L>Rf3&u*?$52jr{QM(cigQ1FTsEGKd$XZ4hQ}x;H|fvDlv_$@u%Ptzm>j><5v5f zb@na)^6+KsKUn9Vx_`0)Uxi!#?Z8{7?fTLFGM`)e33vngmVYVu#9!FMVKe^0>&-*u|= z8Lc1rWYB&x@C|rA#J>>mS@>|)F5f(S3~trW700de*>U{tI)3#&!SmPK_OSzBgj@O3{)+lM;kcE) z6kOtel=e^U&t>4taBKcD3vYdo?O)z;YkXXB+$x_P$6u}ei})9Gyz%dqlt1xvOsx9% z%KQEj@M-uRA^xGD{-)p^@3qIb47?R?<=-s40dAE~-f^pcUvc)$@`umWvEM%Gb1VN6 z@Ug$N>sJas0k`^>jN?z%`R8As^y|OGkA9ox>i&M-aV!5;;M3@TQ0qr#g7Vpcx882A zAKE$i>4sbNHvu1nTlQ1%Ww_;E20na;-G9%*r{VY3{;TJs^6-w2+5WA-SLf~W*@2IJ z!tS5jX&9{w_Wi7c@K4+0d&==AX#dsypbUKOZ|wFp3txtt^?wh(vIpOR_kPCiU)!%E ze?Dv1--P4V_?v>yp>Ori8Tcx^Mdy#YpD+twhFj~`JbVLgwVxGuYtF7;JMdn(mA~y{ zKDYYUgyUBGOzpulj$8fHEPN3EtooCOkHIbfRvfqHFFWvQ^sW4Fe+~Uto%~5SZpEK+ z+=@Q~pQ{u9EWDn7d1rq}*B`z9hc9B^>c4j!x8^tP*Zca<2-&ZkZzbRx*k>A{#z+5x zoQ$6-c<<-x)PMK{+$?|iG~6nmywiV_j$h3$R^W5!TlupCUxi!w(|&``t^7$iZuysj zFJs?q|M1q&+v%HyH^8m^+dRCZj{b_XpV0ZE_HTFK-RPU?Py5_TUji=iTly)-E&U9< zZu;Spe#?H|am)S+e4|eJ?l{gikgC7_3lOCKw%Q+fjXM6fvvIWwH_PAgRc&8AUy*{(;oo$K zSN0Dx@YXNd`-ije4!9M6-th~xeRaQl1>Rjpf5-9tT3?$zt1>s*`M7*Kkv8|{|a34?~sl^qV|8`ymvQ_#+P?ZehFSPD_O0~g;S=yHLi*1M);BBgMffj5d^O-ZV*ksw{q~!%54Y|w zB;XrgvGr5%Rd_BG|EGiaGh+X%_WEJg@h50~wSLIM=g_zEf5maD|Js2sqi^+}?Qg*U zIy?d2fIm$8r=AZ;!3V!)&%ZP93AnXCI_vnk+P*r!&pZA+%_Eib=@s}Q_AUJ#$75Pw zolm!Ce0{6_CE!P}pVInj|0xCEfLr<*_$oZE_0{?GEWBaS*3Ucp39YZ@H!JW~^m{Z{ z`r38dB@Mw zT%8}SIBxmBU?AtJ_pZ-c;$Q~4?prv zyZ>E*Z@{he?MVFJvdgdi&+GGq<5v1oaEaeqpJ(8$#6J{DU*-9>S@OV4YiT}ac|EntNgIV}8+_Il{-12W_5B;4z z^xNM|{(aj%e@(#0;FoCs)%cWx&%y7nxw=1_alA)!H9wh!FQWe!nydRWdC~uloj)s% zTlur&xLN+UQa`cJF{$dG`~~`cf@FTN{0+X3dLQq#ol@_iZTz}C!yLTFH_AABocADm z-|s%JRn^^L{zdgFBf)! z3)K6A?-}y%FmfZ`b@oo$_Lh+A_@0y7w&jZAA99b25^wX6iuYmBvV)S|_M7qV2X~fk zmvrxp^hmc-O|VgOc9n3C62`y0er! z3%NxtcZb|L3gV3;H~*76Oa0n39V~CsB!a|1Go+zIXS2 zlHMLA*Vq(F?*MYce1C3M@_9hZ-5Sd0G;;F|{<=GQNXbP$7K&Hq7aI}xzUdh)_r8$a zG317#?mgl2N-iCUdHXr*$TghheUqLv&5cT@sQzgj~~I{rCJvx3!#H_Ndrf5dVuGr{2>o`Lh2Y{_+0u2k%3!N69tb zJ6!(A$@lwlZGrMva^5q`m3Y(0ZQr~6zHud26|c-M{G#@8}!_XHUz_D&+#cI~Osi$rc&%gJ6`r9L;mh5Gl>Qzf>Y8ltOOPBy(N za&hE(Ugp~GhLWplzbUbY-222{LrT@FN`l3|L&&v_oGSg3$Te%Z&xhh&K(1rd^?w~& zP7W0+{uPiLL2gLwb!$1fyjGFhL2mIiuAl7Ha^Ze*|0Ltf^`}Zju{WsYei^bifL!+t zZd^E^<-+4a8o3eVz9jb2T5cg^Zx*?R^r_OvMDCE5lRH9{bR0u&?Z#83-$#*~R&tHM z361yb$Zhbv;`^n4IjrU08tPwSZ>2xDnfe?-Zc)p8=G|Pvgt*Y`cl;{bI8pg=f&HmNWSFc93T)19kkXwGg zYv&m)Cx^6^@;xl}Zg=f`O3Q`Y`4Vy)clh5&5uMd?r$Y9M$Tj_y%jY9Xt}36~88{{u zoV`UQ7YWJ$cMzdS6>gnkE74Bu%drcP-P_4^J5CRj<268{X_!F`{}f!(cZudQmE>=){Nb`6_`#5W zGl73gV*l^#_hGEV$KY1^HP28!b@aR7N8r|e(Exl7{w(c(r1JfAqwwWA`cv@5I{FLn z4fx}<{p&0FvjlHtzwE`K{CQ!JKkM+0@181sA;dou@aDfH{_olSKo`7qd3XCVUawE% zAMt+|`_ZK8j~c%wad-oclw%q@oqx}Jl^8dJdfxaY88f|d&ccuXz+{iOFF{eHc|{RSuLNWhnWbjtfa z!3zJ!KtBaP@=My2wtuCEy>wt*_o6-2MUDBlcet;{F9gFa7WhxMe@J2hYHle{!ny8|I5a{xz=2T+vUzaKpZo zbL!p1PdPtF%6VLu^F={9i`*gPnkc8|kg?IJkX#dSdG%7{7Le=y`Ki(|v6t6!pAGCu zy5qCV*YWG#{2utN?xiOkzgqK%KTwH&8a|KyM2O4e$S?OSeC^z#d9Irij{es}`uRY= z;Pjsz;{L^>cEXDA&h}!-I+uujkntXVuGUxgF5-LeB)tFM?R!UQ_)&PLwtubXzTf`g z+oa!$KLWVidxY$Jdzqg7H2nB)?R!gEc+&>wh9Ui~z`q>4^FQtU zEx>2svcFwP--UsG5k7xs)qG67w>x$_@tzhg|MDRIB7742Jz8I#JH_V6 zAGlRN|(;3v*5mY%BhBNqk!6@}lwXy#vxiY5HM zTHl{0d-2EN$Fct(nn!*W*iXWbqW>qF%MlcRd*u(GxqGp6YlMKn|679m&%&Epily&_ z_%{QdgO6k1N?!p!Unl;et@OnmxBO4SkJquEh98An`I~jzia+PL zReuZc@dp&m{ko##R{XJ#`}$V?#Ni{@x9V@w>0AD#;gjfF>B~B9#h-KbEna|&e-;cD{`HW)+W&yh?=PDByhZp? zxK)0!Px<;*{f;|+MJRrMg72jtzJ`5EKkc|xK3VuS`d0hSId0XT0=(%VMf1JkMR*(B zia+*g@*i%^FXN7ngwpSC;CShWkE3t(KWWFU_LX&fHDtfCzRbaU9$GZ-l@=VI4(V5( zJ1oNI(SNw+>KrFV$8;2KwZAz0INVBK((!(6U!60h;oEievyS&_eZBsLw_Q*t{f>8P zeYL+f-~N8h)pLgm{5bYgT3BOuK=a| z((n^?;?Kg5!>#e)J!u`Dms6#oeDb2AdCwsU@4VQa-=~FNYWGiB$F2T52S0jQ(R^;I0AGV!^|!bOkA1PeejGm3 zZ?6xM@X5>V`AORGOLY0DdmdT%QS{CJ555hz>PG>-2Dj>W5#IE)qWRva*q10DxaD6Q zJ_NV&H|e<5KcyXS)9HV1rF~`h;5o;w_FaIF;NKIpeLeoeC*hWVu`m0)N9(Keu{eAl zeJlTy@R>UKlXl#SKkK*^e-3`MPW%OUJ^zZ%{_}MD)O!PBdB!K~pR2h(|8_j4xfE@F93Aq<=-wKjz>waI^g3^Kh$tica6^-(z1Pf6*Tb#qU?p zcEaNDZMc;`Nyn}HNjq-&mxZrkKNX5!r61loV5hGDZ-bljA9zn4{n%H1`w1Ptp8vr6 z(KplYxRt&%T;jL%vyNN(Ie6Xl!zKNe{i5TR{n*#2pLO)(j$8ASBzy>ctA9*8Zmqww z@DcPa|8jfSFF4+<%kPzy{c0Zza8HCFk9Bu9Qaxx$ZXhxuxD8QgT(#YaK>zp7UDSuZzwoIoWgb&3XB< zgxoaeJ~FOE=apR5^I9^$=x2ZY7LhxuOZ#Zgb03*~@@Jim+;Jt>_~f(8F^gOu za%=1-y;s`DnwEQWqm~;*Zn>-IKUWjIx>64s!_U>o{9^o(MgRGhb}bivz9o-b$D@n> zb2V`-7k;khByzHz^YU*%$yMcFGvn?wa^7<_DJ56+TumIgk)EReTuoZbg`cZQAvgTQ zqTep3lw8&G8HbSDMy^5X!K{`GKUcGW+{9D;ds)#VTCUQ5+bNIuH!0t@+2d={aghz~ zclgs6|NP%^bN=hNbv~1WkJpL6um>+XesArcS|7*0<=eOXk2`+8)>rp~lJLpr(2nW% zgY-AvD1E-4e)tgnTl2%L&|So$sHS+W1?%Kb06luwWLPpw~y@DaE*|A-y; z({Ifm;_ylIt@}Gk_ze8XI)3$D?=<`<{9Mh|`XVdwzuo3J$1VQ~@JaMvsO_u$mm>T) z{7*Dj_tRp3=X1-yxZ_s+NIKr3?O!RS@9*!V9q-g!olj)pM=9TfntRW>`uaKH`2R4? z)&6k7+3(Zbf9;`H|BCQ!^sV!=*tbbP@jozvf%5&V#`fU;T^zoK{%f^;^}R4jc>k2W zzD~nuhKePo;T8LlFM1gyd76dyyr5`4ua$#0VSgy3Us<0OT>Jweepz6@D15kBdW7a9 zmGX&whxUp6$7=qX3Xj8k(6{n8xrcrlK8}5>eq|lMpN?PMzs|u&t|^w5G>?2MNM8Zo zcC9}i1?8vC--_`019kTQFnk>TXl-A;7cCB7gIoJcNqEysY@UX9*5O%re;uBKkH9Ve z3h+s|x&DRE!_EDV?~*=vPN!d;KgES-i={Tr{p#nnucYHv`$)t4uea-07Cr+1Tjo1K z`86)eT*tGYgEzgWSdzI>z}5L=LE?YC-9HrJ+xTzwpRw=x_HWSk)&1-^e1!NPsJVI$ zF$o`sTlG7=2hTeGYi&RBi=ckz;61k#&F2#e@Xq%ZOUaPFzd>9&YvTIe6Rqir#xbg7Wv)M81Co z_z2vZUlkp1(edl^?`8Tw^sV^gaItTWe~zE0?W_CMX~#dPx%ys?EPM_7chg+mkIlh{ zX6o$!iG8>=KPx(JrvLAK`xcMG`>}7;@1*0Fej46`{y92*>iLDN<5vFV9Jk^xINq)8 z>-`_N_;2M;>>uiV8N8ejI*@=IVT< z2;YX^U-P8byuJQ4_5+`r<3GIZ{YCS=Y)SYG{4?6Vdaq*|-t&Q?`Ci8?e16u>pPb`X z{uUg!`nTd9_G1M1^TgnB!A#$`NP-XX8Ik!P}`R+1pfBMKWE?SpR(|# z+wJ<3gP(v~@fRGo^0x>-I%nUnkNt@L1O7bizd9d_!<#;A^CY|duJ`Rs-eRaR30H1-I>4%?yTj`6Pp#Fcv){i@Gjn7GVQyu;E9z5&#eRcZO z^Jh87t@sP@ZPI7)B76;Q*PRH%l|aIvrhb3$F2O&Is518^r`)`g5y^FMQ7jAkFEIrS^9B! z8~$572_LG%)9`-y1=@f0d{Wlw-x%8891He0bMT{w?e#~&ajX1_j$f-?Mc7sQ2s?gfH0bvj`vgq|IZi z)F1fy+P*s9i0{FZj`xK2j~^54AE)8tpZ3pxgZ+!~%KR`3pMgK1flqn=Sv_BqbKI(* z1;?%WQ{02ce(J~n1fmb(SNF%_@T2%=mn_)H!Dl8#&YY4{}iR{mw-C*Y&n|A<_&aOZ#U&d=HP zy8s`DTkX3DKMJ?@Ph!6$ez;XXo=~w%sImfO3 zz2Lazf6;NPd}9Ab`4GRgKM{wEe`fo4+=@T#xD|ia#c!oA=eV^#C^-9;e?@rP7wq;K zTcdu#E&t;1A-I*kq~n%;8s3k-wLhALufg-W{3Bne)PMN)QG5I-z`jS!>#;@ z{i;5XJ8q>f377b-{lzqV2yXU&@EN$3zd6Uv{?BnMeMQHu{mIy`>&G8=+)O`w68~Qv zD!LiQ{Bmj(C?`ghY@ogWq9lW@!b*uT?%!ma#|J8tD~ z(s8T*NW&$5YkbVY+rC^U{f=Ay6&!z%PQQA;P7&UTeM>*K?(;`#{Z~}R?>PKu-adax z!cV|2(fV(y=%?XLU$NJxS;wvUR}S8Z{$FVO>U(htqW@Jp|B8;A>Hm$dZ`F@De4F?` z6^j4kLI0G5PZGbSpN5aat@@dTufaRDeRV%5C-K9r{-Xfz`I^1IQiS)zE&pQw;p$nwv&hZO%{;2bX0{jH_t?{$yxD|iwx4wRhwy(~|0AD#;cMty>B~B9#h-KbEna|&e-3+xy39 zcn|ynoxghj58e;Ao*&P_x4&VhuK-_z=d^uwf2RnaJZ9IA*nj%mT>r!8(YNYP(((K2 z_|^Gx+VMfn)&4*heggYe{mQ}D>cn4gygy|BlAwPo!rT7V?!RMqQa*6A{2jOIR}$Wd zzSV!F_t4KeeKY+||6w|P`u-z)hWKBldBop-=Nz}#t^I`}`~?14`mrs>54hF-;&9P_jLv`c{CpC=4S$s8>V8EU-gewB z->lXkN6X){e;QfDGaes(Y|(#@d0xx) zh2#d1n|LwLJ=_(0IhEeVAKz8`C-aN7C-7WM6uE-7cU9=QyIJJApHeLSD1zL!mis%| zD-G(wF|l`1(R*Kiv{}ddsgT^d_}5n~os{%;Yq@_6r6b1pE6>l%d*7o2T5d(|_y+MN zkQ;m^@4=ONI-=#i5~`;MklRjjA6Vi&q~-1rigyaRiBa-d>cP5_i^$@*Qf@N87=Lxq z{~nngEhmFSMQ#PTv9Y56eJ;%hRQ(G-=M|Ol7CEjRG(_99+~-5~x{zBu_r6Fy&0ufiCigtkfR>ZRLdD);o<~e6xvJ+8mynx7Zbs5E zs^lVaI8?DG^NY5Oe|`|nC^@-<>5F;ovYm0b^-V?Z`z)eUN>0|=O0EyNwp*Nkvr4YY zzft5Ck((3$7L;7%-GM>L7nxs-9CXhk=9OHf*gXI8$aV0X&Ud6gSWptx2UqZ=MJx?d|i|zSxz0z{wdbNXG>tDO}ku=IzQ!}o1M~fFA3$}EOHH;qa7A| zvs&(bA-QAXALmIIiQIyct0cp#FYCy)vhVLbZ<<$fRnMEo7@z0a|C9AebXmz&)q@0b z)9fR~MQ&Be$x(=E9|w?={ghioZbQkb=S^kazy5pL?<)5)sHc^4u}-O@-o3=;64~)n zd*0IppJQIb@kvELvMTDH{s6q=XZCYdqwsF{ts(te0{tnm4<8Nj%DK-1d;|Xa5SK#m z<6nXg{@h;ItULa}kbdR8L(M!Ox{SVMzYE@d(q7jOzW)bYn_?iZiu{}g-<{d;S!?gcIE!I$>n>yBIV=H|%0hH2t| zvW{Opx7h_h0>78$YTY#;`jr3uG*{=Yqt3py?wNADQ|qgJ&jonHzuV`UOYmO!qqV-e z7rqW3hFkGBH~QS#*X)81qW^JiU){?dfUm+|7~=lHrPR++c*nYZt~uqnwJ)*YxaI$n z;}TcU{`_nCUj15k+${en?F;|9wZ6<*_*-mt!NvdcHCOk71{}Bi8+F`@f6B#grr&XE zUvw>Sst@I5zZt0K0m(jQC*A#paexuG`)qgI)C;r3E z|0Q_uZ|!rDb+HfsOvwHxy#kiGZ36 zQ%ms0I{CK_Uxr)$H}l1h^>~-#mVX0qiT_dBKeg{O3SWg==T=kjj#IXO3yxdk&ywR- z`&@V28sD1lO8p{!Yy9qV{M9;rk;=LD0DKz#fe^1e*EtGbgx?Y3m2>MU_+ZiQ9~LBj zxRw7)@NT$OzUz)#{d@D>eEU}W>w+)Wu|MFrmH(rTTmDbM7qM^6PZ!|5o5fOx&c7>F z`*-}gntSg?^2e`r_yqd5h4|Yl{omd9HEh(e-{ts2wf@zW_y^z(TlV~86y5>1=BHEe zZn)LIEjZqx$zMDpb@a`QhbmcA(Qu4%dX&_0LEFIK-_ zEPYSnUC?r03B_APZu=*0|Dxe#m3;P|A*#dCBbE}pM?_cyG*U7rc+rQ{g za#i~mqsTS&zcZ~JjbrSEGmJ9Fi#gUt5o#E|sOlZ0AK1T{Una|uH_NKL5 zWgkZ7H78r}kA9bJ)XKd0B3$E7;n90iKYwShEB3>W!yl;i)%y`Z%WDxrY z;3G|&=6TE^_)++7>n16$KE~~F#?7(2;Om@9XXA_SQqEwJ8hSc&v_Xp`f>Pp^JeM)Qr!aHSd=#4`a?Q3Yl z|9fiwG|#-3zPRxF*yWjoufboe^&|d5N$jWLow3c*J3@Ri@IMQmdHwG7LG*KuTjO*A zK7ZckuIFE(UxZI${{cFF^?XI_-qdIGpBT!&#|Gsahi{+1S$d|{kN6j4#C{Uq*|AxA zSBSqONM9O051$M14+K05Kl-3e^ZNyJ@SY1cOI=#u-zM|Qry%-|+Vsxtg8CUb9oR3z zXCA#-x|wk>;EgxQ80hK8?nC}OZnN}5Z9lRc=*QvxJ$C#__z=9mQQN;n&UQTeX|eyr z%~By`|NDXctk_R%di`YJU&OzF=aoNv2A&D&zb?=(z)w77v-JHC|8~HO5`XVzDZzLb z*l&ECjCFqcW0cROo255|%Kx>M@`rCfW7GSd>x%yIfG6SouiG@&$!U1!^EXQ?A^(09 z_?LyR!6!rfV8CG=3u_w~pK}{q8}Dw_nLc zq;IXn8)G~^O8@)k_#Yioa*b(8gC{8INFdj7FY-y`#TX)@Fmg@Zl$)euNXuOxO2-m%bM$NfEOMh-ZYd-u^NY2MH%q^jbL&G| z?x$z#c-t9=C!W4pdY{N0)^fLo>{N;PkEeK@r}RW`3moQ|rjsIX;*66y#6i&m|AN{E5RS ziQii1C*dc?H_i74q~RmzTm5%d;y<)mYNMW2;=hm7F)#j{@LM;{bE*P-2>XxF=~K^N z7vcTrvrMblkCeOu^2+~QIQrH;UfgkOpC}36#{O>ed9j~{chQ*z zzcLEnfLrZ;3f?+vx2pyCk+<9Z(h_`lYSVn~ejP6Ub!z{wt<70DKs3#XstJD1R=kLZle;v2Z z&ze~-XZ;d;n@Qpfr3f^%0rn$ep;PlzftJEL$T*eZ-1AQz1*B!U? zn;%H~L*Gol}p^}V@E@WBt;@vl2>)z9V!Q-9I7%C8G9_TL?f|D9d~mi}!3z6`hg zA9dWaKLuZ`6aNDI2>c;Be)YY%OHSWv-|H@ZYhKd4-}m3jpDy?+@n5RrSKpgE0B`-s zrun_Oqwrq1HNH;4r{PxqEja$BQ2hP{70Lf4_}Jl1^Zv}b#Q)LF($_=!mG8}MehB>& z+#27z;0+(M>&Jl8x9az(<5z^@uY7Or6ucYzmi~g{R{1Q!d(pSr_qyX&{b_zE^&9<% zYX7dTj89$gVYn6l0DKH?jqjuI=}&B$&kan$kHD?@(*k@M{z2`ZdT;C!d~m@opLO`^ zr#H>}Tg?|xe~;Mt-vyuhjJ+-!fDeDp&Yw~E#uqlt`xjI2>7#c0UJ(9eyL^`%e}c{* zxth%1(mvMV9berv&!?L^$v?Q&e|PP{2ln8j@I~xDL;I(`7iE4+%)e;tiy-lR{z`lFwzfyjJE&kO8#}h$KX%aT-}cwfKS6M|3=}9a4UbO9Jlrz z7aX_NolAT0b;qst+x&3a7yeoGrwhITxBMG$yhrDcdhgySy!GpL{!hUh;8y-DIBvzi zlU|J2+?`r%gl=z@#>qqKc>zh?m60Uy#_z1L?HJ`A_=XUcIa ze-<3K{9A$#V&6U@)H$Q^)E8H4?y5Mtl^atQ#KcUm_AItdbU-%KYnSRGD{}x>Q zmj06Cmi{`tZua|53-S{GD>#sy_?x3GDBdKG|0rmGPf_zqis%qYHW; zY&_Tp6S*vMvY#jOsOT{z7rBkTq_Y2(M{bOBtnbNwe?iGLekHWue-gPK_US$;_STe~ z_nkErd(ARFbFO|@xyP`hh7T#$T!S@gEerkCQ^K_14W2+0qc5 z&~laieo5~k>2lI}a8AWPUNszWv`Lz|NVN4TJDli z{_P+)ft=h&i!N)qr-tPAGcLEWujk#1S=DmagyaU0>wd?kf8S+8%e^!tmqzXca!-y!H~sICJFexz z-y_#0<2UPIcDL5aBDoy!^hy(e#VO9R)4z#?`6I58tQ)#f8(h1mEL&W{%7Rhw>L{{8!7&P zfG6O~-`Ok;g9H7De~>2WOTk<5&)RR#z&qgg(fZQW@VDsCI{rY-)xEPk{0Q+ULjFC@ z^H1tYhVg!wa@gVbXi}HMFM!8?Ayy(7#A_Fr4cj|F%y{Oy`YZuJBX5VizA z0)G+xfaqV`(spr6$Hgt37q@g@)Y8+}GI;PVQ)j>9tanClYrHkm_>snzo{L(#J&qKz ztrxX4UD`6(`0jnX5s9@y=BDw-aX;q7W{F`h_{d$P0m2vmX|wb?mws$s)Y5S<`c8@M zx=1+&Pe=UCAm6&OS$fr(`Fq6l_dWIfJxM%mKdtq5hw$#7ZI*7_&EHqm`rFk*|9X^XS^Dvr)rVi1 z_2Ikq>qC)vj{a`5G*(rAo1Z{^+}SK0->p6@*4Bpv@<)FE$M^Rz@pMMFYW&R;K5^F8 z8T-4Ad`HvPAHBULpNPNr*sAFtMhWk2**fF)HjDgp>mT3WC+eGS`kN!3{`0mzSiFr@%IU5?r-x` z@b^hurJK2Lat8B<$47UYCCL2YyvT0EtE)19NE1)nC0pLTMlX>6jAQWqz@Oz23{VN?$v(^bDKn zd0hSU^!3tzJY%agLH3nDlAaXd4bR#tU0R) ztPwXPnGqhEDOjUZi2w!}`R%y+Rk3spQR7x5fecvPh?FC-u{qGmd z^S$4n*CO-#1phMF8%}MNZn`IbF#BY_$b9vpmQH4+2hW;f-gsLi@+|q&O;0Zt1K#eG zw?4?Dzwyeg;5mtdkt;mgSo662+;`L9z;hb*jkn(A1Mhj5_TB{2NB! zTW`MoP5Z=$i~Kojqc_KgOMTscG4qAdE&ux-`CC4+9!LLNjzdN)`z{Ztx~tt|Gn2y_uh51zNlqT>~-<)0QP!bvsL?>HkGP7O=O9J#YPM_z`(S*b%8WC(-M ziNEF3$G;uIy9s}v1k{%EMJ>I$-b8NMZBUc^?t3cvgPjv+R$o3{ufB-AEcV)N+$xoJ z_p53hANlcae!1%BwVRXJJB~f?UX0k}>TrJQ{x@;izJ`w1GERs- z`S(Jv_j|VYzoa7t?}h)~%9mlCzl}dM@?}`ed+i^48?R%Wl>qmVc#aW1G`>}ObYt{Z7(^g5Q@#T-i(?xhM;W7=~yS_A@Z=|PJY|7Y^!Cv

NrRT|$t-m3c0c!d$K*B`ZGuZX?vH*N*z_&0db zN^JhP7Q3AK_ol7Vums@O!AKgk)UdfGm~{0{xy`ZsC63HU1f0%yPC*Og^gy!<|Z+!}J;`0u$J z+Lx`WCz15-{dup%;?>t2_Qv15RhpN8aDLoWj+hGneD%BM$2xi&=>6c#%KdZo%H2!< zGuVH6Oa1gqdq05OBytytzoh@Qs(htB9)cf*Uw3AHJ$o;|3fMa_S&7eIVzKTZZdM}V zg*SiSL9XGgyVtv<$UKwr4gTxh{i+f!jME( z551;$*3K_egf|fW0kOAtyMOa;?OyWxFm{HpbN24_rMmxE+szI_;)UP;W3TPDE$@A~ zyZBXIuTSr8&l_gE`BLArnNMKvkzNe`e^Spaga?o3ub)zr!`J}`* zvsHS9=(~^9za7FC315(~z;0E(eJGr7UizQMdipQ7O5YZ}ApK=Mw{Q0urKje5QZLi! zA4mT`>**hoHY)Wp^7P#-iT`=*w0@w{zf|U5k(a2sPtClrh~5Z#9}dM|Qy<@=axzFk zJ38^_Qy%E=)-Or=lJGUS+y^uB=b7bp7wHS9Pn7(AdKNo_vs8F{_Ruh6_v@_GLi@mPye)AK1sc99%8+8`&RJYl)w%N47am?t7&IaF9y&boZG#hl<{K}-tiUo70zh< zh@9Nb&+@*G*vn&Y6?=C%Gkd?>%U<&fSkHd-f6rbDd&6II`vkT1w`#nMykjr_7O=PY zzi4jrb36O5WWM;#ti2g zyV}v|`t#lF1nJ6QXZ!g7%#O6z9qbJMVE6N*{o?aEybnF;&WAp6VAu1Z1IUdcxBW8a z52P#lZscm~dUap@U%S`!-hti1iNc#l6^Lhy{qHIMjy~P@$M2)6#@=1d2E@)Dr!pXZ;6pN$>H9Jcp>;i&YZ8RA)EUhDb!^K0$%r(OK?`Ze_X89$@q=NHhg&Clw- z>S+7&WBAq zv)GwuocXAv@9lfpd53A|Bz9Uq%sfNv?3u3jn0C4zz_nCI`*y;bM^XKV%*|GhJ@*wDuk2!yyxR)K|zD&^UUI(MZfdYF8)(>^o{se(4RT7RmzJ0|6WI* zon01IUKc5ADLLZx(%(V;{moWsR`h>fM}L?6ll~-yekbGVH%0$n(61R2^;kB&>sTgs z4rAxY-)@yYFLpk?mz@dI&bs)+xcU{bb8t61UjOFi9=GmhXH5KwKalU=U|f~+|L7IF z+0p4bdpA3SVkd*0nZI-6;Uo936WI#ab8jl-_uI#?Gx6=M(xb$myX>zC+Hu2%KcTq9(6A5VI{{h>HRXa7>|{e%I+dv^&xKzI+~{?0QQ#D}iC zAwzgK;a5rkZRlXczetl|k6QRFd<;Gs@aOpZ9$a$~o`)~ONuJXm4&8rQfiD|e_62s} zt8jhJDRyHoVSP(@`8oW9k%7Q&7d-CxMf~pCzT3CDRTh%81{#|%K4R|x^5fst_67qk zejIY#d#+WK_{cn9mhcJm)+He5W6Uy}x5`Y^#ojvhI=;76IxPWv+xu)idkIV=UP}IA z@9#tQ%5yQdCG&;qKB!xy{qjeDaD)}t=HtYCJ>3iO z|J%=x0^ui^*M35RywV8P`FE7p`O;2zkQ**+l{h}%V_x4~+t$T4AMvw~1Iv*gR?_kG z^5&o82kLOI{2lk6>l34Vyz~=3tnBJ~DE^;(2>liP!<+a$dhS&<{cvTW6nQ~-YvCey zi_G7T>v|~jRqC0X|3-iEqN;g*i{0g7nRqVNsmwv*xiKjX|LAb=>?AP8{7W3w3S>$Gr`+~FQuW|i-!_YoTWUgk+mvj`+Z~Mpacq`%S zgtrnd-Cg-3;n7j{{|S$l1NkZ8?SwZF&SPQ0N5bQTZ{uHe_yFM>gv&L=@<-$k5WZFw zo*+C!_$uLlBf@_D_3tgwJ*mFy_Hf@N!mj^Ee;EICJ(Kb(5I#h>cQ2vbZuluRN&G3o zN2>J1pXOKj_CCVzb^MvO{24%hxyr7We!`CvuIs({nQ`(`H+E~^v+z~)%JoI}vAebJ zCFD1duk?4}_Py?Sb$f`un({%fI=r25iN88LPWTDJb-qhF2MCw+vwabKBy9(r{L>`V zE033Z?K|oH&kbpUMSlvph98CXCHyeqO@!Zv-^(8f&lBECc(s28C-2Q0oPx-&6W)Qm zm)|NpdL8pq!aH1;{1Ewe!h5UiOS#3Jywx8h;r;0C)gNS#8$+&KzE*#57`aL0{(t*} zljt{{*eW$k!rVvFw?lXX;rA#9@>9ZNW3+GLtCsH~e1q_6`98we2(Ru}QiQJ(Ufr*x z2|q!2b^kF%`0_5{hY3GUcy+&$Cw#FgT-tGg@S}wP|Mn}f*H9nG7hS)l+`9@Ke6jcKjFH)dFdxyGx7nZA? zzfM4IcxUhWc?h|t|E{f{vxGMgUR^(Pgl}WFx_&M>d8>Y|J8sp_<{KGLi0==rpMB_! zH=M4ipDDt}2)F8IrVf{SI169hcRIALk?eIcWMdhH*%;Rl|s8Mk7uWBy2Zb-n8%e30cmAa@<=V zdG(lQXvB9uQqK=NZk69LxcL8v^xKk8JLt7ueY*5mseo1a)Y!Ezlu>a+y52zlbj|6~ zd->gLr?-aNspuU*ZxX#*>*>9=R&N%))ju#k$*%%>{nwH%iO{3*gm z;6=yF^Tt~v&+wY3cU08Db5+t--Bz~P?c%}4?gOWT_x~P@j0JXu55R}vyTvPf6h2|- zOLeY)p@*5+k)q1zGf82-6isMg|g@a$d!Tv&M zAEj}BW6eg2M8YS*zx{7yee=rGrD5lnzYcfz6>p0){)S5e+#&7fuHN&?R~J1`+3Jp= ze*pcaSD*I34@`{mk?;)RgM>@k{c`fdvxJWjE@>!#Qv9+&_#ELc6+gV(pec6*=K*~! z;pe zZ+H9rr&Rr=&I}-$LT>}TPx5<3FYveePRLV@End;~%3%R}gV&$--|rZdXW0+8e&|(x zlnViU@n;?VG4z{u&%Y{v8h3vS1yY#u?n5MQrah!j`}a8gd@44}GX{^G74M-VpkHIJ5*9#A|o5)Mc%|_(b zky}OXb+vM@)N(N%_4u4g%#5e?D;-J_9d5r&;c=xVQPLay*j0CFC}clk#ZlV3bFRQV`;OUjKe?FN&ZW_5uM9xds8$)(d@I|=yKGbkN4wMaf=|^t6 zjz5RtZLimu&|aQ@XGdY`U|=e;@}kxwB% z#QE0~M84Lqq0plHTLsjpL5NN#r~IT(-tr0L=h;8>F_gWXA8ivApV>S?)8 z)@Rh1DdHUVnxYyjr{SWlNBK1k?tKTm4 z+@X5xd!BXgQRV|F?8$!I8^r$)1omiCm1j6!P@V`mKN84h(Hlh1tJgOKdiW7ehrIr! z>f%zj=oio*X1^{Y@m^``M|Q~vR2yQKa$b)9UrRn*sP+A`HFXK{Dzz8uQh)(I;ztTQ zP3!}{U+kQ(?Np`X;@Wgb|1pdH2>XRU;rHmD`1-2+r*!#CelH>4#y;ZD%JTFd`Yb3i z?R9IF$uV-`XY{Gu*F^7$;^#ey$JbN&?dD9EtL%1jCW*IC^x3DptLRIqRrROLQmVUC zuRqP8H_tw1MD$MkdMbTrc@^I4ge5-~ke_6K^XuYsjlBOTi)#*Ex>k_yWZ!dBdnxXV_o$^ndV&>3ijm{yh7zS4;fg z@cl36593;Bd`%&b_)5X zJDvP>d&}pMUn|Ssu($j=^2bj(`>)$uzMX^E`J$75!`|`($WLxM`J4Ba&mcdt<>U|U zEx&+#|7j=xmc8Xyknh}f@^9Z;zL^VR+sGHG>(Seg50AGW)BTb34+)X~zwZ4_PJY+% zmRnU+b`SaYYyI&ygMQEN-2GUouX~TTSJoSEm#}yAzx?;qL@x{MRoW+$hAYbLQ}t8P z0TRPGiPx^r5Ac%k#b z-SKceEpIcytx!&4fRFgGgq`ER=Xrgx^BrxcYP@|?Z92NpZ+-^#g>#r6^Lz9gzJ9sC zCF|a<%U}A#1o9`4_r_b1Kg01hjo$RW)1{|~pI;92RDRbVZ*!s_VLwasKM|xe=ufTj zb{)O(M$SP*?~a=E)r`08&tyKyInmc8KWgM_$J+tqw~_b8+uQ4;%NTE`&_Bxg)4IfW zTaYf5FZIXUCGDhG2ekRDE4yL8{@p}<6`d; z!(Mog?=eQdF)a3?gN)Cdvw8kqX4nhA6We-6kLO3!}Q*{hr0zGpWyEOL(M<=++mb9-6rZQRS* zyYhc-?)o*WA{eIX^^>Y*zJIAoIc)!#Bb1rY#%^&ai2fy=>NAF1KZw_{JQKjdJ+y}PsK@xESvziAfz?Q>3-o-O*W zpQk_a=D&S37pWISt5lKuyrF6Bi3 z3xU6t`2+L&>GJ$R&F}lrn?vt2qW8Wa-zs`I8|b-tM;Edg^v2I~{q5`g`0Dky3&?Mu z@A_NUZg=Z%3*t`)`{0sqXVjlXc6L8g81(w@{m-L*aejV>*gLcS>=8!)`>~%cY z`FBSBS$+SGVXt@pY5#kzt^O?B-(FbHzu5E1zlWUm-ZK?Fqy8*nJg4jD-vR6`KGdc6 zjQX?s>CItp^#W(_jQX?s_M%r%86W2CRrhDRw)^__lGy8bxU=`Npgnj!j(aCX)p&2) zlm7NF_IfXL{n9I|?A7$QXYJO%dHwA=cE-C-d*5RcmG)M*zol!d?I%4uaSjHKJmPfe zHfawBceA7WTVC>2Ysc$vGuYYwQJa*K zao6vDC(y6-pGLo%N3ZkGT)*qa2m1Spp3(0X(d&Ke>C(-_T^^Sz{ch-8fqwt@LfYHo zIDeLWwd!-YfB9Fdf1zt`NMmpD@uy2q5_=a^)t_>Eo8A|C>FGUpecV;*Z%aog?y59Y*y*|KwD*3e=t1mMuNM!N_h;n^D*q$(<1l*5=v~F{(d&ZvDQEX0ByLM# z%8RMPSM%--Q&);Z|(3U!W#&`x5&~5=;y^^1g$%Mv2geC)(IctycfN9N|^3D z{JgC?8{pDM51HdN^v)1_C@ zUj6zK@n2UT>GhVnjZ^!)pI3YT^Oju1L@z!^eaW6KeV*T4zEfu}YuVW6>g~tMlS!(s z$ncT+If~vQdQ4|MJ^yLmH+eFWZ&UEG*|47yewgs>x!UkN;S(RN4KEPh^w+iF>x55# zsy00OVe<2{wc+iA&wZgbJWhC1zBYV-@Ug{kxa8LX!bkp&^^ld%eBTs@A+6VV|MT`& zbVm6%i{9XOPnV|Y_iFkSP6@qk2E`6e41(YN`z78e)X_+HT_IdfQh$t=|G+jM@w53O zr1uBhbE?GW@6nVOG>wtQ@+O@ZL8o8e`_SuIarZ?$YyQ4nitre;(eM7((`ZoSmuAn*um8v1`@rWl-v9sCIrn|HX(VYnQQc%@lTKMg zOi*N`L>mOLrW8SFQ3OFoQ4<cbDuj&vwl9`{l1UydARlD_5O3culM!7-q&@mbIx_H_S2JzYc@j&mZiMU z)69u1nu*^F;G4GdV3^ww9=^&58$o(VPCLeE`wto7w`6Ke`(kB2gpA^-Td|`L2l7z%1OM{ zAXkOlUYxt*;hcz{^?FDve0A{UkL;iC`}s%u?SRN<4Tc}J^RcJjdavPL@$*k)A3Dh& z1rL({a%1yHDR>Sz%>q+OPMN*YpX7J3V+r(p=;sQ3^!|S2X!&C``nvY~&+|uG6aLxz zKhGbf=*ie;^!!l`-{Snu&mZl`)grgK`C|aNrg4;)#ln0Ca+{k!79zI>xy{WV^~m*a zX8k08bR(BAYcRZY}uNB{hh#sf0*5B$&bM=5%`(6hPivl6*=n<*#xW3@ckbI|Dd zV*tKs@EtRmTX2xewFd3kJjQk12ly8sl8za<{@72dmMy_>jTylLF|8oQ#8W zQX2Gpnni+pBJ*joyzp>HecO>!hYp6h4dBU_W^^!;JiZpb!JqNnv>FE439s#edBEoP+LQE%WzU3&k^C#=W`c`7UOW%H z*T?=6@HIYoIe3>(y{c_~ul@D5elOk%F7_mQ>|Aa0d+W8<*6+1{6S&yp#nT?;eN!Ji z3%tVzF92@?_u5%%^Lz11TfY;R>%$swvF9gJFUG^Aa?91Oqi%obe*W$R7k_)}(PQiL z;sfA*^-FrpzkZqEe)Y?<`JMF;J4?VtzY~}Gm4lB|zZ&R%^=kz8t6#gV&s)E4a4A1% z`%eB5yZXST{hYYi6{M#|>!)>A9oOOGcneJt}Rwx8612WgdHlzY%;sxVPTz z;Ke@t-Qa~DT-wh3J&>(_3kevj@Xp31A<3{sTT^ z#g-{Y^i`v;>E^-kzGJgHeI&a@UpM;demxkj3-O1aAF4d}3POHYcvgi)U*=Qf$NRUO zeU<2IY8nhb6VE<(JKZ&cdAglC(YNRc`#O{Q@}XFb_kj05IT)T|RYm__+I0YY5L{oE zI{1^GX1(W`SpH1#Y2adRS5E1?w_{%7# zI)hrh$eu5R!)a6h|r{cXCpK1t6o-i#oZWz)TK1>j91$St(#Ub!XU z4RPc$sb4+x{vQp6erlTa?q+`6ab+z3!kdW$QoZ{3{E3OXg5GMN3%!6Mq(fH-SfZg(7y9f;WKwQ~+1| zN4FHzLwY}LTaP^TBJY4*6p0HKN2AZpOL0=49^{I58Pd<$ zi~mH(G>_Bkw-Rrg#6IZDMZmHzqBk0#=oPBgm-Q^;L)K8-xGJ*g-uc)<@R`VMt2J5w z6Z@8c=VTB0?(Zk`deH}6Y!&;L@;Yb4$3kz1Uc5(q`5x$H(BsK(68(Go*GFX1pR?%Y zQvPgb{GApFtCwFb;BIB$YE$efg1-uV+}70gTDwu0`l2-ts2q9+^!tQvUFZ6&YnnVo zs$u(Pg)m$96Pl6FnK=}`T>$(MUAME>MeV0ZuXV^rZzxFleaP32Q(o$q#S0ky$jkj& zt38Gv3Dxz7p0kgC{Uwgep;th!7x`%YXUYAK;qN{3)krS>t^2BYPV_b+w+6X*<#s}! zwr~7$*Fv8UeRIl{ex2S>p>5b-(O{-UNN`DE&MaeJ%7=(Ea=; z?Goh0xP$|S!gq;$ymq-hwq5d&t3WQE-csl-o2gg)xDvT(`LTX)22TaQ#N+o)@Wr!+ zT>Es0-+I6+z$XviceFkQ2u}WSCG}Yd|Fqe$dX|7^fR9Cw*xL+$?;QVpmIr+`^nU1d;-6@K zi1aTzJ3QuSN3sK54`ypUKIsMW=^?~{OFrKHx4?4WXJNE9`~D~T8V((@_7{%YV?DFv zc#w8)=Q?8~VM%@Jk#9L{NWV`oT%Q)NJI1I-`g=M2z3@loox}5)Gb7`PUUysx-#YlJ#XhIsBF_-H zpB+2PZ}u*6+Jl~)!-vBA4(qYw^lCo4C-sbY%UbVDdXant|JB3%*7&p;&%sEXmY`=j zdLsSC`y5WCP4~{rYrt!f^Wu%*b>Nf4F8h#nX}9^k^Nns>zc+99fmfl&yKWeKN!AaB zTv7{}g@g=qvukP`EkXI=uTj>X&iW;VV$3<1XoC`b!DvM#QQEg2J^ko$wqpT! zEBHF_uQ~ViqwASHv&*l4NPpafp4y{_qTd~j^vCPX=zVQHPGokHFW~cwXNiLXn_epR zSaD##%Xx0fOx`}_BX-em(B;BX3I7`O)k?cr{4$vjEH>>Oex@7sUFjTJ(W? z{Z$X1M+rg{Aoqo{mZ}U6jM%t~<=3mJ9@VrM-h`tSa zVam*dbh4W3xE(5TnXi-2DQ9!!#Ew$r`jPY2vl4urPkm~@dwuXm@HOBP`;kNRx7+-> zy=;QSLAR}cdwU!sPwMw?a>Ne2fjJ&A##1l zb#11c*pc}r`QfbCdgp;FaBsa!zy~SEiw<+1fiTFv|i+-r9xc#{X0I^=;jfd7?q zDVN2yzc{ZSOQBbs?Viu-_6J`KJ}7d-8(Xin;4{Fz z_1XlU;lZU|X>T$9gU72^F7$QKo%3|5R}pwW_-#@z%O7kA#tF;f*8i>et%Pq;#ZY*S z@KJwj9ZQcN_6sF%M5ZOt3u$S$X5>=Oi>+TLcmlY$em&sI2Oj_*r2OSlzI}-Pq_=4= z_`UVY1YZn(i||_Yx;RoJXT6Hx>xWOrt8cy5`qrx&xwi9T>s1fl0`9F>D|nL+z8bs% z+*_};;L|RMt=A^-4DiwVSLQqT3%;@TuM+szRL0h)9J~wMTc2w1RUTa8upYbvJYF2O zL$Cd1Y`wa{>%d3rUz^~oxNz+C%Icy&UKCre0`Nj`Z@o&v^F6rKs}g)Bc)WV8gr2b2 zU9Vi^n!!`SH#hIEMXnGzz5YnR+Ici^2J<34@0ZIA=Luy=dFk)s-%B>Xyb|PAA-B2L z9W}^RT^8%#M)1YpUjMd(SNP!F;ETY;*O5c|cc0Dg9A~7S!S^ivo9ov+QqbLzq&vu*NSx@2Vw)JaV=j-A7vO*sig`U=J*%wbfcLch$Z;4Hp zxk=;@yd1oYdWcUWhuBjMz8riP0kyru&wUBK5qcf;pGE2Ak!gmt{tvxv1o^elSH+PR zyMiAOkI;jn-#!FS2k-U4bHUg6;6>nF9$f5S2rlIh`_uh=RrLsTv7^yRx9t;9wqEk7 z%s1tJtUi^s8?mnxzOF0dx7!lvwO9GmrTlv6Ezoz8a_mF&wt~;RdMJFlJ>Lza8G0XT zVG(*a^ucBE=>yQ)uHn9^ef_@F47?lBAo6J+qQ53SJr{c0^^7M{An{5xvb(nYVU=G3 zefbUkbg5S*^l7)a@0S;W*ML_&JQS{yKt!)KFO1%Q&~HsSAK+OS^jq0OmP7RQps(ez zq3}$Z(D~_W2)P~zN}b}TZ&peJ4=#vbveqzPS~X<7kEQ#myeJ5PL+C}&t3LF&ZgD^N zC#9U&dUH$PRqbbe*M()*yg&Nh;X$50jq1EVF#ehw!k3M$oNauUv!$HQ_~l3rZKRwT zQ#M%Z$u2)cA5(}t7Nf75y5V08e>Jl9^;M*Q#ym$O?H2rqd0_y%__GB5!4d4O9EHAe6ng6@ z^zKpU10&F-Kc@9q_B*<%)&If! z2QLS2@xiOXo4~zx)`K_r@VA0XfAHGB8obsAUkkq62j2u<<%6evO8)TR(oR|672xsO zsmP|sYo~IX?ro=P@I~m2sXus`#|~+~R`B^g_-gQCAABu%p%1>7`(`}o$lEQMS5?H0nn2L7??UkU$=t;epv6aGc;k43-4@c{g7 z@W&fZ(*8IyJ$D4U#Ak_3cgBg7TMphbLb)|I{d{<>JjZtlm|0%JBunI*p{J&8u)b5I z^B{XC*fUR|uZCU$J)V3Y^sW))lm0|}ZxdfW3wkZ|3!?V9%P)f7KZ1NY^x~=Uk{)By~-LmoQo6P{?Kdh z_ort{`$MmKus^&^78Zz)z&;4dzjMsUG+hbb0DS8n8ktYZOJ7TSJ=!16=3Mlhq_tU( zhzUIpdRZKL5%f~%y~M*c!}lfh6B9f)kuys!HQe*?v*OQ!t@(B{`ZBiNVBNpP9?$iW zSKrTk^)cTr^1sZ<$7DSZNc)2PKW#&J2LbFu>YD|g5AOH8oY0G)S3s8>Z1vya>v8c% zIrJ*%AKLVh?Kge*WzZKN$cw&q^re1(%jrw{lK4Ykl7D-7-;4L%Hz4v}yl#K=mHl8t zI5;+a%l(_BSiGg{+l;=9?KXtN0>rkz*SrYSHtuD0ccQ#-0n}+9UZQa~<=o%njj% zazh$WZOjGt$puw8sF z(%t)n4WPG*eLmL&(R-G!UcE`t=xZpm*vkk*#a4br4_fKFgE-GA_tdb7lBwH0_XB?X{$PWKifdf;P2WF?#1`bK-H|N3gi)=X? z`gezZ^Tcd*xaK&R#4PspVc$CT#nkq_HsI$^>ivJtzM3ZXe`X&`ZQtDgKKrtM!+y0h zZ2La@=YO65R%73M_IK3&JL|vCzVe6Y&+N~r?OXrNf0h3l=^sfCvmYhlB8~RrBk6cPCphqTd}i& z{TQ{K6aRbdENy20WAwQ%ITh`WdLVmtl}KEnQ%`>zl0 zCw5LAlbzDq$MQQQTg}f_l9%leI6GUNmaWdsRprTq%mho2R{T;QuW zW}H04_g;g0oUBA|M-kth6}<<=(aWYIj`7!=Z4H!HYTugpmwt0zwmM7(%2jl(E;`v7 z{_UlMbp&v+NxKAgAs`lw(!n|c$2bB)#>uqDu&>y*@BP2~`Ew41{2#NgRqQLV?OX8Q zXJ1JR_RY8L`{&>O>-;w$_LbW9E&cDaZ{_3IS7zI{^?#Rrjr5P)C$Mkf`tYgJfA8bz z9OpHIH7{qMU046G^ZHd*_od@n-S^1soa5|nJ3D0^UAUhvJjgg%6+8qD(v4-D97{Lu za&==RcJ^Rr9pC-ccJB1wYiBhZI#rbO-BR)A!+rld{xoNeH1u=@4$@5(9d2Zt%xYyk zsNnnOV&`sg>}+whyNr_za57FFZ;g|eSRrtM9w*P&<78P%8_nK9^IMtxkd&4H+1nZ? zO-vw#k2p}a1V$Yvi?F{B`;s3qJf8KR5FTh%rml{raxV2f6rp$pB?_= znN<0zbjVt^IN9;22ul_Rrj!LPFx=Rzlrj`@h~8@S=2Wi_e=T;tY3aS%JScg>;lo3$ zd40AznLuLlc4)RL&Q3jD589_EO-z`TG$A!INg{0IYS+@+gWg5U_>Qy0>k6m6(Pt$J zWb-t~JR`8m_vSkjcl$bD?9F{fsf-ot!z>H&eaSfXuGoBgYtY+PWBXydIC{t7hqdS} zzTUR?shOenIAqGXMHBJjw1eDiQcMP)`zd;#z^oi zU%dsgt(>#n@_jcynFX6fgB1^b=xw{5eflLH4)fI;^X$yWaqO*bcCY+zl;e&X7% zudy2v^P(-`*GBaAK5W~&ERNoB*t-e6iyyK3?;J~SO#iKQjpu=Q{a5cjj&H@kB}^8| z9$z1RO#1J(zItQw?%8qruQTs9qqps8yZ^5L($OEH@x^ACZhPbP-v;}kTCq3yJNoZ) z>%$Xeo%yvmdOKX}qJf*@1Xzci7aGx9ir(ezd`Cz6!wtTAz1QV)8RBF$fyok+WTr>V zlNj=tEt~YgvXnaGK!&11uI9~rJrc4uAZIWz^f5`gn7;`H){sm66HKkaq5^X&YnasS z6?`6JUtAwPQ}>5Bc6#2qW-|ic{8fbxImEA}=xuvxy?*{O_|6x8?NyNC(VIJp-U9Tt zqPL=ReRxN)_g3^qpIIdi^gRpx{h8~mO-sLV-?QMM1Ez0k06m+~)AY*v@JAESbMBbz zE7c95OqLAD3^YkW%5q~K&2b17(KB6Kd!z@ZK`+ftg}?;nA{5|ySu{M7-<<4J{t|>1 zH%qcpk42x{tvDEcAd~~)a$1u=3bRv>%jP8^i$h9`bBD6ZIKyKCvw5q{o2mD}3;3^l zeRvP)pSP~{Zx{D^k;El;9^`7wqzbIRu*k*~jMX;m!xaRf4o{gW>F^{RO_}|3nNgIj zPSx?riBy^eGV?$})jxu24U8r1Va6>IM~xli>pw)|GmgEUI2ucQZbI*(k0bH(Mj+Q@*=1QQ|X>eGRU8#R<5!n4cp)n~2XA;H&_wsFd`bERGdTFz5XS>uliSeUGs)N`L~a|{()oS%-5Xb$N+ka|G{^YO#FJx z*z{gLieBkgMK6=@Hm(o9A3*O8zIwg)*Q~@Y?ZutnLGx5@_|4*m0U3Z_9aqHG4TH1w zaA5Z9i)QIn^hN%mkHztCzqBFU$LewXpFxBM1S!;)N2-L}xe0p*zvFvgQ?d7jKl=HX zbxzl_-z;-yEKXS!nw8QOV!@SPZ-@ogkohN!Vxnk1$dBAwdQ+>5Wx^z=J}wWyz0$h4MF9%Y-O(7H)~{0=*z$p2DecOR2Y6r4Yzu zCSsrUb<{_cF&LUp+kfJLvp7YVWeGT~|H~z%f1q}R0{deJV$uJkPEKKZ6eihz%~Zth zEA;;~YajPu0KdAPeS?9ck>3*d3gNp`;_xrM{{HWG^>0a?lx@e0LA;p63%^=^b!@oO zz?R}}zDE5#DmyT!4$D<-agWgB>4)WEKg`4_9_-C+HLZG?*Xg|3-8mVYkgM*<9dPLSZY z^RgA8&e%w>axUEfR4Ug6)73B`bULSroZ1Y;x`eoiGZyg=K`h>*$%IaIX+?9X72t$F zBQEkZEA4ASI+cHDZF4QZS^TUttOD0lz)|iHKgvJEyF$^>woc4tF``t$3JHnZ+*RCv z{Mlf*MdJ3{&-~-IA?Un5cg1Z}@YIx+;H;E3ejWT)1rJQ=V!^i|Xwt6Ki%!o3052jo zV%#lL4+Er8l?$d(N~@Pvn#~lLnH8vL-?q zm#3`3@LqoFFuq?_tAplBnGw=z#RX93L1j&wpHK(ktRnQ66ZW;CIVpAg8aVF?B0+f2 z;sh4;{zaTN3eq$zh?243!%O^0XdI{i&-tmk#Uwq_QkY8+(OzU;xb@M)|NCAi-yA#` z-aUvv4*1l+-Q3qXl%x}_RGmATzf4(0p6TMZhFsH2uIVt%XEhI%Ud7ktyLf124ZmJ~ z>)`9>Hwa%PcpuZtx4F!P_R4K%EVhdy!Drz}d@h9q0X%=A;brt4b6p>P|PO22>?} zgSSkgUL!O(nHq1zZ*Xbvo;P{k;%LSpY3~<6X2m=UiBYaRDD8bJKdJg5(%#Dn+FE{f z~eR;8WGgsE{ZFU#sBhTh`)jK>d#H%MOl@MC{}HMrIRxYkZRF{OzB zZz13tOtLdAd!d!PXUio~lXc-k~h#5b6_XVb+QsA&kC0kaj}dOqBYeQhW4 zeT?m~?{r`LVy>sNf8d``s^~9rh#!M*GrnIo7%ocSeCe3{IAemp+Okaam59Ep2E!MN z?wzcDxYV@1;%6SN9}d>fFD`*^6?{CwqJmq&7jvCdHoTXb`LfS-e3{nMiJq#fZ9N}i z|2Xv|y+iviv-R9Jemy1V>5u3+cl>(l(bKftwr9Wb>sgDQvTJNT6UVP7tBdCwueJ5O zPyCJ3&z0!uis-p}{Ce8avz-0qb^M$)em%i=`Mzt7t!MA?>nTFdU_?(~{CZZRr{y}^ zo_9VPx1W2^v*>zT&mH5_lS|*se2?py8wSG+C*+-|9(h;PT4F19Z2<+B^?Y(Ea&5@z z_Sr8gXFc1m*Xc&@-%@@fdMaw|@+U_1j9PvVatSxu<$wH#arsf#|9zf!K##8fgHb)B zmS2k8{G06ZFOAA=e*Mvt%6AWR`E#OrMlHVwIr(0K_WyQKxy>rS0RLxplRsA4dcImS zEz={z;&k-wgrA&tMf7>rVXqx!Ub7IrJ?I_$-C+1YeVt1D$LjUI3$(&_e#pB(1^)A$ z{5;Ajzy-Z842G}gJh+>)pUu+uBO;&0HBWQgl(plNDywSb)k}kVKdRtHtNu&PMS7x? z38@i!1@r}?U-}>Qh|H%hvZhn|eXZ5-wZT^@d~Zhhcn8{gH&DL;DD5`@U)jri2TS7M znK=G-@16X(fAx!%^v42JWOUl=T{rND6`#@kbb4fX;B8VVzY>;w__L(^bK{iniXXGv zzx*=&ozG4w|CPb;u~P3j9(}I3KHnYH2dCsn`vqyTeB_Ul^KD0xzra_%0QoB9PZRmC zaIU9+4o_k)bI20_l%I=CHS#UU*Xs6&%HuzI8%Pha0Xk#`IZkUPvE_?gJ92fa_})yU zKYRRc-ajmm0lyp~H-KFK>x1C|&V$R`etQ#rQGd%TWxAbW{3iZbh+NJ)wm%-T zETl`%w{9oGs-pJrJ zMt^rBm;aUR@6Rl`c>b1hf?Rs${KGEig|U~Dhg{oUL*ZYDj{BnJNZwn)!(iRe5iL-)%*_?zHAPWX58 z@?Y*`*Zn7*B|`b02-_cWeLg08cO1#ya`esT`yS;|{%75~J%{s$d6d%t$v5@zC*%!T zT!pZ|C6G`RMFne&)U<@MQgw{0aYK^1R4KE-qvH zFAJWo^})aeaVEZ9pd^db8}S=y*=n{n>!Rot^Wp6C;HE{`dL$#L+s7{6T{PS?87JaULHrU$KESPu{RgJHRxT$KBkw5y$7K; zHs6~oJrfg=>qJg184AB8ay$CVJ?$g63AwtZL*WvUo9vde=UwJGF1dU?F6DksdtEye zzDeZ%&LWG$&WPNl9yy7(a^&XUG!(vr^WevpoMT)%!WnSFUl0GPyX<&=!NDIVo>z(82E$&qe6p1b;%qQ23kx_AG-xHlDrD!yg;xF$n$qdeK_iuW2ZJf#^GZO!`iY zr%&Rn9({G}b9eJ3^v&_r#|33I6e0ORUNvdI!*3_8j{!i{9PFruY6)^ol== zzF>WWee1q4(Yvj$Uhn;gc#l(-iN1RDt@+)|O_k8W!IQ}dvKwqEOcLMu# z$awysN1y9D$$ZFhp`v#kAO-3};xhM3rM^SYHJk@;u=GU6akd>V)N!n(ta-;m_>VcU zKYX3=UlhY%}ZOKQ*~taQj2Y3HXdS zaym|+7mh$*2wmdOuUwI@hQ53RdL#6v5$K)JSB*el3w>Q2y7)7gMf`me8<*+e3fvnX zx!{B7^TtyVct5z4U+T9IT+06*=T^H6?=LCkSKIVR8w;D@_29ie<+OsY@hN9Dc-IK! z^x1T0IbvUMSId8|O2O9LQorBA#h$h!6Z&EwKjeW|fZHiUq^{? zd~iSi2)%I>dgmzgwWH93*&~;qISRdC6#BwZ=+&dp8%Ll^oOIgsBxwNq5WEMx7{4;i zMi0RUzzcowq}>>Az@2(zT+9TY3I3>Pam)!T?Av5_JLZIF9ZL11mxc$ey!lk!6W-0d*1Ds<=I#3DBo*$Tc^}7m_vRU z7z&>!ShRk2<)VwcmOv%{w=};&6JzEeklBfAf9p^Wxn9moHNIbh`7{y6Z%@vS1thhB6A(~u|9Hm&YmGu z&7ZY9`3?S^WB~X0DKOD+Ey`xXQY!p|LwY^d)-UsJ*(dw!h<@Gv@U0pe3ZEne*@td_ z@YD_N?;waDTEVA*Uo3&mIOl19&pudzGT%!yM>)Zt(I5WJKG8NN|48}i;1%G`I9>>z z3tk6aAbyA~-xGhtfX^Ex2d3nkzV}{GDMuc^ddjK#ZYbO?fU_L;oVMA~y39_6*wL=T z0Z$FY)_VXv!3R&;lRyD?&JRR?CitL_{ygx0AG`!y>~ZRme6aGL+)pBYe#Ck3)|Yh* z&DP6*>~~B&0qb?ZcKGTdd@JJft%a|HcGvnYkI$DhzZ9asOqaJ!8^_(O0ohZ5gg@Zrzr?|QjN{z#I7NnKckaK4Py8nHjo@c5 z+CDuiYF7#LUg+&Y{}B2JZIlU5wdlj&zYzWxEPW(>sU}Y6|KNH2n&E4MFD!fyJM~6# zpZ!^^KRI%reV<+Y)rb6I+HHZzFSF!_$MRoA>a6!X7Q52dQy%;o!hf!1m-Q55)GXZ( z3*c*kPueVayv4^il%3{l`wR9V-r;-FfDx)S9%H*>?}Wev!(qH$L@9$?&*!R|k|Fv}0Dr*$}d=FsW7 zUuN~|X6(peU+WW*iyYF&I>8sSukudfKl>282fUX3Op^t}4~Nmy1s?!k4(`l9f+z7o z&nj?d-WEI)d@;ClT}k3754-|gk3{r^h@Y?L84tUQ>h@S@%l{A=v16&pXV~SOL)xp_ zrcV(-(~peOrTj*lzOB&hL*&}Q#a^++k~`5Q*8{ybVmEq)O~?NR`U|+uKYxGTlh1_9 z@^^Y3^JDm&ev)!?!JEMSu2;q05}O{WV?s><@DM5oN|H(f9|g@9bEJs6xBCZ>mws-eR-DcVvu|KSi$IrhEHuE4bL}jLTg3SA&baOGN?t$iw@ESHkDS-;a`0mC?ZiI&5WB0v zo4_v=%xB(vY{YJR%o8^0$L+}VBlj}_Tyaw#jTNzHEqsOSbG)PQ*@wjDCh!*aD_$g6 z)L(MlkF)s1j!tQIa0!3OcZ`R$V=?E!m!I?GjguldPmiZt*+D+WhGAcn>&+TJ5uZ?XNT@7&+8emp3uEabi0(Z2=EIjrM+qL_EQj&QzV@^?Avo4??MX>I_;q;0A4q{(zxz8WeKy@$P7$oZ1L@D``^c8_ ztS9iUaDww?8}n)Z0lq^*MdGaleRb$_<|T=Ta&Xy?dY)Yl-;1>-8!QJ4y#{(0bQzb# zerry~)dPQu-e%}(`&hl5;DgA`wdK%j%`(v|zFrG`CUUhxca76#X(VV#6hhU0Ogjks z;rFvc?97F}3c9}T(SANUI_?U+WCXg@qZ0a}>F)fc>knQA9&cQ2hTad|o4-53*MWQE zqzAm$Q;w8B0KUe9=SsayzW+eIx;PJB^o%PPMecv!@5)8_dR?p>Iq}DvA~)BPV+@no zudH=Bp8qOS1@P3vzi0>Yg7mNbqUAW&5S{ycd=RrJDEoX!{#%QlvWyMkXQkZ9=%FoS z@yj&NmO+$>da<6LCk6N(3Vgp8zKu_7K1bfDSZeQYX7U&(aiB?-e1*;jMab9vh`b^8 zzVDQG%vasd?U`Tr_mRkBdwSe&L~rent$p5uw?_5qF{{i@!xa&K>-v=GdiNkVe@DKn zAoaPxDQ5`*>p1Q?n22EC_K6ZOR^02p9J#Nt33@+ti3#zY{3GXSv*}OZ-xt6>1kVCj z#Elb|b|?T(0526@^bF5m%%dX%5ua{Qs z6f)n)-Vpvo0C&EtooC}+bLp8|tBPX9dm-z6EL!R~3z*D~KwW5qe^!1>x zB4^Cs$GG3W%jSzZtuN~k0(bW^Y|>U<`KX|gj%=8Lq}S9GYUGWOv5 zYfSCOm+42)C*yWK`cy90`%(aLL_Cli?fX(Ck=rdow8~!%e-8Xxsy^w5u^x!NEftUD z=*!=0%h;#eAAMcudqNx#ZNIU#zsPSwzIbo0U%l<+j=#6##a~_#^_e-U{D<-6mmr_B z&-mn}f43u_vF`@`UiWbQqw(v#5B5NuXQ+zBed3R#!|`X{`1~pM6d_;y^DP%I^)40UxIuu@}uM*-~6HbKk{9NZV1aT;nP1n<5ystIQ=6ZX{-Mqg}$Qk)kpV# zo=_|fr?e8=4J`9sJ5T=GxJ_~f&s{>XPAf27pkJHI*DJ--qDX83!@$S?8O1HYQb zICu|Cl+_d|K+8Rf4{w$6w!awK;r{ucPl#y0-#zz;X>aK5l z>iMMDS1S4zZU{d&HhuBlQH{<|o6*;B>iGJf*wcr6#%WtFKJw<%KhgKi*!=(8X#KMW zePw5E2>($U#5o>V&ue+|mHC*z`}0Lww`ULf)LC0*zM6&3tYgW)=o@SPDuq9_e9QT} z8GQ}tll`21{Ns(!siVc`CiHcjz2)pHI*$H*&W7-+vDsHSl6{g7>(SSB?)c(e`oMlBr^2zm#2qm4TM2UOkQ+-s5&mlUr(H01{#N)4$H*^!SquMS_+@Wg zpMK-XD}g|qxXedd=at+OcwV4#%Z!WC?$zi^xNt+bUJ7vLJ@-6#xqBWg%$7Z!$S*?v zN>}|N?PRY5Ryx|rT18~j3+LSq?p@mY(oW=l^hF!O&$#r(oi|pG=C6h5n|85vUun30 z9{Zeos95&#%CpNrU0=Bm(Tcu0^sUi|^*@Q%)!=29Y|#7o#4YDKw^H$c@FetIy&-&y zsIuna(R)#j=gNy6{*T^?7x@C@2a&&TWceCD`A%f2kzcfIL%2z9{CUckq#k{oK5)d8 zn44h-rxY*t15X_@cwP)AH_qn8fE45lN~NthEGi@4-o|=%Du6SNBhOpA*Q?4W`w!q{ zqHhVmdh~VthP=Qq?xWAsZ`owqXFA3fKYV7)kAnCdKO6~)lf0CEGWqXeSNY_Z#o{ynP(AqVvak^kqD_cA*`gRe3 z_E~D4qVK)Y-SmCgq*L%W^i@LlUXSuNr-l-!uX(KF4_=k92qLBZR)U_wM>m9T6~L=! zd4%2aoA|jJ{X)g=#%D;9DXj3Ji%+gQ^7BaF!Qh2 z(Fnd6yg_iw4!`*sce*tkwM+V^$gf3y4f3)-$FO{4{%K#wTpiQjgkYTP zmBd;ecnA0*F+MhKJbP@M;6FT9@T8^hyrsfyj6;YsZK()+)=&Sh7l|TIY?Fzqk z68U=Mdy#Jz1EYTO^jq!@`ORxYz6bf@u=l#oBVQF?KK*R^x4Ch&>+)p|`(4lHlp>!I z*f=ixWgMwTz83i_<%NaOWp|);|I# z8*U5%v4KOz+pKeG&yGd_9oU)Fi7 z2P3cZc5Hik{Wr^Z*pr8sMHjy%=*#&2#_;6=c>Pxq>%V6BE8ri`xF_ZHA>Tj7@`OMA zd{gEBU~KIx{6+A0z+c6AOnp4-CDNWt;7{Fdqi5aC)1D*b=XT^PkRQ*yPVC);d>8U# z@xSnAT|j%KkDb31{tEanL)Py9cK_i08moQvc#$Ex`PIPRF-HC3zjpXjfA}BNA9*!> zZ1s`yvML!*;dif-j=jCgk#9l1e#E>SxXScNU^2ySMm}}MM%Q(N_^lH>0sLCdW8&^o zcRvz61Mn~M(UbH`@&owa?dwSW4nw}Y!w~q4t4Q7BN$>emjOfXOKVz3zdrH8kfp2Ti z@3bDhw_jjlU|0{MucfCN{)Am)_0)qa@H?G)^!_1%>l}J?J`sCX!(WjTt7k3vBJk&> zKyRLTEY?417czc&^rR!21>UvKM!hes#Pem5)kDrDK8m1c>^uH=tU=6ma3{j)=$7=X{(Q|+Ro_4N`xKC&t5-*$J@AoM;Z87)nz~2%^cex$ja&uuRfPeY^ zn_urG$kig}Tn8vZ-%4Ab>|;Oryvh8_Nb^x?x3%aiJYZw^1kUYtJRE|jgI9q&?UVS*1z!xVpPRJ&%sj@E2fuTNmvwi|(p!oA{Cu}wY3~~FV(_Bj z{A0&Y-~dPd$$(Y2cRTzQvo>1$Ogn7QlB6bJw-& z+!eB?#-g_X`Q-<>^-6t8!K=WlIQPb*>6s7c`orG^|C4_FjgbJxCD5hZcKFK*HpZ;G zc7x9cceYyr{C(iX;JxzVWVGF^>jL+Ewh1Ah>+Wd2&b^fWaj09r*i!^vTja*YzYD>a zgTL#|M{+$9$w%!m`6vfbUC&13XB-);w;enKT)%JOsgGk3;d``P%msniy9xQ!;#j?D zOBj#9%SMWa!{Wz73Gy?Ja_g1$EeFp4e^n}G*(>pFeQW5M*!Hc5zr#mQD|j1t>acxL zJpqHBqIFvrVp7kw@YnsqZI86eCh%JD-Tm~WIQ7IXaEji%%aEVz)>{N#0=^vFv5xO| zox>e@XS0wY%ro2&@ge#e(N|cqQSawFdOi%yjdR_Rk1Bl~Ie@-J$6&WB9<6@hh?`&e z#f`LM?yp$CI(BURTE{>9%i+IQ4Dh!57}k*+ksn0fyN=ur-Vg5V=VD(s__T!^!>8Nj z4UfZe8DcwVSh{=b}j0l!m^*qshu3_hOg3z08HzGa;9QjdD%Q%@cH{CqY1W$=&3 zUMVk$O~yMmqr5!$Q%@UTdE%cX$XEOa^6kiX{Ri@!kk2`NWAwdn*ZXB`6CX_@vE5(C zP2LrZZ^(P&rUZO3_|4QYCf=Rb^>OsBM1GBr-e&MF@TGowt^FGGdP%(dF@4BqEQ;+% z!7J%6;Lds!QARp=D)=kI<@x2YU&kb^BixAGDV2O#j=ow?ITCl(;LE{x^vlC(&OB`O z*H+;_!)>p`(`xW4@K!%PH#+siI$rEcT1rAZD^_nN_~4lv!%zF^y?J!K3z1)3?$#^y zUIJbL-pzSToV?p9Vfw{|yNLIc`1Tzocr~8+`BKdeYvrtaa1K zJmtsn$NeIaKi92S>bVd+0sNie@n(3u?l4^ym3pp(zv(=;9L%!^Mw_dR?coq2{yl%MO!}eX{Y+tJ#a^YWfL9Cu4@DA{*Vf&(byz^b1 z|KLxp+!*c~_KQ#d3VguKP~*{rM3ux(?NZ)_v37KWw}I>D<49t&hQFb=Dl+~>R<=b? z@M`7*7rFHao(^6H?!8}}3qIe&FZC$`F9u)1c}zUBCDv&9v!+YzGS1`UlDPA2%ZZ* z2=2_6qQ3~dAG}>Sz4M$$V(nZ4f7PXKJ(-BE1YZn(i0Hwp0*o{-w70a#I8>iVdF}8u zz_*o8+?tzW%j=W!mbl9kJ;CLa2Oinqc-SxIJs!7c|K`F!=%c3yydV52vD;h!ha>g~ z(VB-Yfxqgq@!jWfq01Fd)1AAxiI;-mon zx~kYXDFtrIHH~8SeYsqKePCF$o(!o2xC)x2e><5W1S9j6+i{Nj#(yb>KJqy9>z>nkH z+fGX&VL?xfj>@o!z4cN)a^87=D|nly9Pz7`KZk6_xjSBlw7!pPwX5UEbtPvd@9c<$c*2=>qY*KSiP;_Gr+%=3RrO#qn9ts#=Q<0Kz@x!ulP6V zM&bk9xxba*nc%{&_tld!IRwuG@Acr)-X-Acz-Ppan}O{NPlJn|YT>Vsz5h@z`oX>N z)C#@^d@T2^r5)D7KjY5v&9kIFnKuz1$m@M|y#1OhifH=I3@Rh@QV%tB?^Fda$Ahx^&L zKauEYIN?uP$^7Y_VLKdo>c&Xe>dL??e$0bE<6d`tioi?2r-A>2^SJeSDW*PgpRaF3 z-zrZzQhqyl2e`A|;?HiI|L);@784(`dzfE>$VEQw7TV+f;W%~pVQ$0^G_<)a@(0?* zo+9LWk#qJ}!54zB0e9Ld_!97zCO5yd!%FZbaQz${Bqu~`jo$wEO^pt=HdEv2Z z%~1Gro*xVzf12N1i2VR}a!p=peJ4W)!-hf*(OZh%I`-{(dn@#A8%J-K;nJI(=s$bt zlGx-By{+g~*K7!X%e*ZZKGo0On7za)`eoYDhU)F+Id&!xL3xUU@|epLy^guD z``PD%eV-}iNoHxUh3L!S`Qv30UoZITBfi{m@O2!89ga9?NAGf;oBV){UxO>grgxri z+|HtS4CT=EKgLk`JWul=Snx1ky`DL5Al^Ib`JL!oh(38f;Ky8`1}8i9&63>0y_`LMPa~7{vPuEJ|5O99{0z7@k-}yG8pYiw#WXllMOm zzZ|o`FD|@(c{tv)s*-<~pl=;{`OlmOcSN5jhq04+bmTF4q9pnU{OSBw-p+X2Xy4}` zMtRPLO`5F^D)d(9P0%CzUbE{xJBUKy5PCQCRnTV$fEc?VTf#Pd0Qwr}I;BC0Du*t8 zE$t5G7tqrrb}()@{|Ay7HId*p3nV#&zW{#8@7vh?wCV6XU@Ii73Tl3d!%Fy9J+M)K z@51&?%=l#9?r1{m>16X@Hx$*^iN3`TZW(=PXickU{PT<_f@gtecyRG|`EiDt2428< z@UWA$&#j&Et@fyaUI<;@2Mx}F&VnXyBhV-r)^p9!S3$ojLf8J1ycFq2_B%Q!x*b55 zvBp2_n)Vy_I4XAafTx1%?>5kCk#AZ+(s8m0x`Muk0MM73L=yi-=;p8%J?bbVGrZ+pnrt5FMY z2Ji6TWF6HBz6xAlZ|LY0-$iq}r|+5@{6=EldM@z85!Mz++-BXyeDY!Y`MlA~`J+NdG|4YzU+&t`urRGV|ekFdYhh7F<&aL+0aXWfCZq$Bix9O3-C~VR$-Qe?)bK=rZ z`|R>^g>jCvU!M}`)d#=)wh*oHx8MZEOZrtQe+OS+Hwzsj)~@6gb|jQQD~C_wyF>Wy zgD+nEUKJC+1#TpASH`MGJrmeo{OzoV*xm}h2E0Y`jkd|WLYuQ#|DR3GC5lb!V>TxC z!X`fKL$3Idjn?<>9CeZGDt=39Al@I1?MIp5)4=2HOI~2pWw|YKWO7mp-rr*9X;&U) zF_!Wri%NZ};TwE>WB7a#wtN@OpXWrfCkU;isR;*J^X+!g{{-uDB8NWtN9xfHUihTl z?*-)0^#`v7KTH5!e?CNLJ6GsQ_mB^svFGW~Ax6g)(VGRm7`o0UqJu-~SpZ%LF7r9D ze|WrzersNrUk+axe7g#tF8}mM@tR%(y&|GV)6aF$o1xc2_iG1c`7;;I^?et`AbKTFN>8IyYo)wdVzTVtH>V~m8U3irS-U4oy%^^pOwh9JhoB4S04PS zTTXw2*!VxvFd5?4mGF1Kzg+m2I{Am=;TJysS&iH@`t6Y-cf7a0XS(Vrc5Q-x zeuRJTk@>|R!TT96S~toSr}pIyCf>L{fWNN`GK$uO3R7~fo=})FbLqsxQ}WN(!y2B_ zW2{|6op*}RQ-vPg0YsO5gu}+R>J~1#ZVAk|Kd4>`9NQjLcLZ06FQFw#r^*Z+rgqNP ze^1^ubUPn5*zI9M-Cz`1JSV8xO3et>7zx`>U8>ZjN3bKu>qZ~#@l>7M_a697X$wA>sy3v}>zk^&x0$-_1mdCwi7*Hr!Q#ULB0FKc`xsv9^QWLM?0wRwqFDO`;6%~{zz@i zz?pyl(Sj#3)rUWx_j;y!e8;)HnW{Ro8I>(RS@6#ps&1!w*Y2#o*=g=QJF8b_@Vtw9 zeU}9_yQ;^3I`6(+)rzdS&+V!{&1wO^ezyhh?yml|+q`wVtFD~6OmgqrT`m9zf41Pa zd#c_&=DoM4dMC(@nOnD?YTx%>^n98({kEU0 zr9YPjyJ!CeYxC7L2h7`;uRcFu?oG4Q)A_=)=D_JUAEf?$AOp?64qEW+Z1riuysp`* z?cljz%~mUB3(F&g)7KTM_X=O*oOa$`Nu8R_JB`l*>h%B3MU~DwM!+u=_E1r*0>X>BG>cR*wWu{NsC#q9yNdL*1@&Df4_{sK@ zJ}`}}yUj06<4to8VHXI!7*Mwc_EzfcKtNTIe*6xYD~5Fd^{-`qw|HZV%cr}_+l4S77N<2pG#fvUFCottcF|mn{%A9TaTk^!%u-z4t z&hsTdEje1L_l!hb(PMPso91BX=@3cjWzGjCgg&0Ah9*4kXtx}`C6#!Eq4w3IhGhpA zl6xdxZ>XQ28?nP{>$X;W9IXn@QtB}yaigK0HDsNadL$_(hPx&nr}mzu|DK{Si{IP9 zRfhU3q~9tMzEt%P3r-Iu<_sjNk6;(<`-+=HJ zr}9yw%aXsRouFnBuRedLs(-Vn_wR{2|29EAkie7#o)op4QoDs-H&pJQv?D~W@XgSA zL)|<9PYBOsb&67_%xEywwZ^Z72`pKirsxm61%1|D5qpvq-S7gsl3Hx%UcXq$Omz2y zG*@3sQU@|zC!V2-2zecw+lA&v<40mOCwVxQ+ORe#Z$mT*d3nZOid!U5gJH)e#xvNJSu;@#0cBkk_3#~xc98Iiz$sj7zJ zYK-|jzO&Xi*{*BWr2Ht4F6V{N^AjS7UC#cOyc{h@{JZD&OQU~#%N)2u?QX|}lF-HK*!}U5)VUhpRvSAq z(m!bY%=WD}E_O*RcIk7*iRico9rqa9zR6{gK{#7^(h-YcV^UdYxuH(Ab9~sqhDvqp z;o622*)(Wj;&k?-CLBtIKcPX{mV3aQ6Jf1wnyd5T&?PFiEmygn$~ zLkQ}F^Q=P@f0grB%{~7bP#evE+x+5ZXAF7u#*_cEL*D5p=^sm2`#l&hyl9Y_u}R8s z`bz#DsV&8qccK3-BSgx(&mf0u9d0}Qd1fZN+i0X15IdZj3I`_Nb);`Hr_T)bF1 z)0K=n?-{IQY&7OFJu$yFIe#W}GllB5{-4a@e(~p>zc_PGoSYv@OSr<7f1EP$a(>~& z-$iA{nQMc4CR`lNLt*0wimAt`iClP{D_h+CEwuFu6Vw$G-kxCldRr#W%>M()PlePI z!HZXi)WiQ5=GT@TX=;H|3-U?AO-2@7 zx!d@aF87CYb;WP`21C7Xd_uo$nK*s@MD@W$mJ)2+QWd@NHz5esg2S(1vXn2Ab@Wc}yH7-^wOuaY; z-(Jkxc?i$=%KRdz-VFYm&a`UcLH8%96$$c$LvQLyA52j%OpyuKTU(#>QkrT`YtnZm zko~^m+UxivhUC*Fk$h!b!s#FNXs>NZIB?<_>X7~ISWgQ%^T!k=Mg7|>{ye};lK9Z} zZElq;AEV(4bn#g{kQ&s*!x-EX7 z*BtkK##B#yC!Rh4Z0v5FE4TWk`elysa`YWArwo`6m=g(-Df5~6Ht$szm4M4 z^jt3SaYG%%sPk(h#LW5*gYZLFlHz95o{8tG1CG#tPeGDJG&9s3P*0eT5to+kWOas8 zXC$&_b^+@f7M7|y;q5dNdrjtF)*8wb^({H`+hFO2ka{=7$Y=9TSGR1%ptaSrfh&^L z`zcMvQ>m&db?eosYT1-xpbw`o9N4_c3R{jyJV(uc*v`L_pIArbcc1Yk?hU*^!P?$* z)>>q}rRd6_y31tU?Hx08cTjbkcTk-6)g#a!F{WQ(!u1NEB{y6BT&bT=y3JIj13zI2 z_s=_>(zuKIY(_HY*X$g6aTj&}&P@US_$up^)w`*lU4?LUcIfNf)SKB)3gNrm=~23j zRP_X9JYmdWl={e+ud%IeG(xW$IGd_iijg8ORqLA z*K*T-R%5X4{|6(rmK9|4WX``eC2DkA(LeX!?mTrY%OCtbS?8bXWL8z%lJhNFrl{v& ze$F`TZc|-l)^i@gSw>XLjDlsRdeeA5iYKXql{z@7LLEhxK__cM`23;Zq1T7hK+swf zO4ji?oq@cJ3r$O3uKI!|_`=MmiS7?P#ra2}o!3ubOudbEte=$sLZa%Kv=RKnq|)Cf zt0$8Q8}!eym&FsWGPycqk&GUc_-H`g7GSwcJs3>9S=P#=6E2-t@Y_jh^~4*D)sxi6 z3A03N;5>(RBXD&(_u8JDO1(nP=X$Rp{BR)O}k?ettSB^lp;+ZPK6YF-r1V8u#+I+EeYo^&&Bouy5!>b-!Gl}!J&Fx$oeC4H2-hs#+#u3cjzvjwa>T&23##BC+w2F&suHTcN52$|_ zQ=bi}Wv0M)n!pd4$qWRqnp2+&s2&Y}BXHPEelkD`oyzF-ctCGuB>J8Z7sW%2xhseEUB!6O3m$I z-;T;P8&hxQazy0bF_J$s)nAOMADQY3Q{Y=guF*`!fDUsirT#uD_rG1x`+?@;eQ$6gz1o-26LpDl0+nN9}yvm?{@qBG+vsujN4(L+%`2Z3>J_n0T7v z=2y(AADimqsN7w~RPJH6irkAv@;fGXGp4>_s&6#BT;ynsRXlfYPGwc_)uv%yHa!pAQI8usyvEjRTilYbLnluvwEx=`YS0YXmNqq zow6J@%T4Dt4$aT2JAX71c~S2#4mx9g(G*_pfPRZiG3CXjzZnPF@~KJ|HLfw{eJZzr z(slh4ijvM!^MArQxsG+;a~-Kp>`hTSD7C}3EF$c+0%0xlL)KaPd49lNc9J06~xlJbHWj7ckYFuW3s;2KY74ZOAWd6Oj)}dnftNuZItYAonc(S(qyv{ zYBSX128)Qll|^2ogEZ;P#^L&1jUSm>v5tdzw$=F_r9~(yg-o1u#kqk+9nxT75b-x*U z!ZaRo7o%nVgK|EXa@J9fEYnZ|6HzAX&zZ&(Td17z*!KTq#uq!A@3&ofpn*6(o2yQv z;#3*>Lm$byeCW>x5$+0Tt6wFl>1@sV!!y)@vW{54Cl{15|G3ZKE8oUHjlf?_<6nkc z!Zrj#_Xku{AoNtgcqHJ~M4z^M&iDvtVcStw6JBJZ)q>Dm|>s)dO{3_LRSm zu`A1p+^8@Dzc-C5%|MrFyl4iP3w4?#v+Dw(n;7K-p?d?y?QSE)_MPmD@W6YfakZAc zMzZ0*&Crzrb(P2(*Se*|R`D6GIyG>UVJzZ`h70G{4E2T)`p_`miS?Q0U%=w%B<>BC zGrf4l2)$u28Nt)Wd%pZXV!TuQruQ4hCz4+8GDBR7KVXKQG>wPd9n;E7+{|EX4ZLU= z&lp^Q_ZcBBg$9h!6{a!dF2dq(g1^Z~c+N0dg#Qa^aP?Osw81dG@$&D?V#SF($Pl>L zIGI%5XoOf|ZZ<;C8ph*ZUh&PzELuz<=be8VHv^5(C-RU)=&y$Hg_~LDVc|c6g@BX? zNkLrczGH;C4Thi4TEpo1&-t03yT$>zmo%B>^%~_x z6@@_(g`wo4m`FkxBq8-(`|Q_BXSwrs-#&kSkKgxe9*9vb#`w`S8O_}p;*G>^4GpBvur_~>e7 zt;hF?$NIp%$zSINowNU~KJG6+e=gVh*u0)5D|+Wy*1xFVqN9?gcz$I0wpiB2-yfU1 z`}9lHv3f4gp67-iopS@7A-2&$riZ3|G(_`+*Y}*)S|~c$-_8yF)Uh;A%yn*fL?5Ib z9@R%!{&NHS-{ah{&O;Y|`V8@k$GgU3y{3o2r+9sIfqbvm_lVb;=?=nmZg|~ejq-R` z>N5mgU~l*Mex>VqukSXmb(4E5(+}+DOq%fCVOf{Zx#0z8)b3S_MlP*4exI{Hb#7Qn z8C+@|xYeR89HVbveGhu*=G?c)L%o`-YchTPLegJo6~1O!OD#It{-Aq#^{eH(MV~P1 z(0_#VAF*tD>NsDY8#e3Co9^;_ztT)NcNO$l#Q&eq4F}lAt2QCM-}bV~j%hK#>PMaY z6~1AvdypBYTE`ygo8hrewNoDJ?24HlYl2luSK@bD``+)NGk!xV|77{@_E_ER3~ zoQk;~D`AyV2Q%H;caFz;->RT;oSuw$teZTi(ll_7?_)jKL;L7ckMBE=^+nzL=qTSk z+9vJbb1G&zHtB+vY*HJ@SdFQ?!}3wfxKZ1D+vEFC-&>Q-4Ibau9(qvY>a6%U3hQgK z-X+u=&u@_SSko*&wbI$v{?F+ICOUUz)KTJ4xql? z>s#qnFL-GPi6%`GT`hy&HG{5WL%wkyYta6;)2)xy@;l4gOwYK~&(1BtE{o=Y&~5$G z9(o2xbzkc7y{hk%exJ{d)`6$$IgCRNq=}%@EE<=2&hpXI$(QuFRz_dUTknW-06lwh z=J=N1uV2OR-KS@2wWa)Ou5TO4iHx>&O-eeH4+*G9D5$^!S!}thqW)x?`om@sT>t@m}9uUh9s0aZb_sd|2m`jzl_-(cL!X zla9GJta2)UZ}}$a-k0*Z(&MA?;Ec}a`yStCx~2ZUy*T;ITlZB~gFjpM|95R3rLQ$k z)7Kj3=xYt?cj??keI)h9YprrB|KeP0#C0E8-)oJdd~{cOnoT?S92(x$HXn0rQX5!h zHKOv5mXBJ-4vTEQ?(w}x&$jh`U+3{r54EB0{T`;-2-NS=#liUvmN@uzU=j_@mjBW^~!g>zPk&obzT~F{>AH~c}wvE>iTXg&~##fJ8Ja1 zw^6^_Vxq@dVYS?5SzC0!yVLUBr27-uy%K|dh)!JJ;A4o)#!o_^zeVFuW(VZT2^S!FIKM=o%B?(nry#BCP}ZA zGpDh^-8Rj*IOtxRnrY`5w#s_XqVn{jj?-+KIiP10{NJwITAiZQDGjz4sb{PMcNWp3 zqs}{u=q|ZGmESFR$MbWMn&%{fa`q>5bB3Fs(5?Z^)^F`7=)4bE4sp>@<^|~&bry##IYZA9s``S z-9tKO{!C9gJw7Ub@9|N2yQe91XcTPM4t3^ zL_4GTS~Rl#jHksrUg|0J`&lLz&1nolk0bQ^qDZ9+O6Z{Z*jGqXFK;YrM2FGjq9MDt zUqst4^0auHUR~W|`+RmAkZxW2E!2FPS2MrBN8fl$7X)skW1`@I?~2q-z9!TMO!p-z z8oiG?)7==2NqGvhCG;xufghKsjfF)YmZoLB@BG=!O-S0hxx0R~2x9x;do$Fgm)hOG0XQ_I; zxSYth#f5j2s=G>BQu*24xqgrAzvtxob0^n7Ik|q!*SPLnf2VUjfolGk*GJ{~$o1ap z8l|qOdf!&JTd&ZJs&{N3mEX4;qwVdjVoJrTXwu18x|VWAeyIG8N35q=IAbmSC&B1S zmCA4Lv3@Ykjjp2k%A>8DX#F^kkIJ|2v7Rn$uB&?4uO?cLmC@yx-$&(_{lD3#qhLtY zeI+ziY(gc zU-69h{kC4emr-?(k3P>Zj`r9zpO4D-VEv4ft?&{4aYayr(?c zPEGP1zo;F($L@WqoqD;%OXa7_y~IaX?DJqdwWK1jq@CJYG17XvoqDu^mloDEnrJ=V zPTkqW`%pWzY_ETk?%I8xw{9Y}eV2HjXs2E};4u%uSqILy9%-i%t&4tbYkl6fWPUsK zecO`R?bQ1A1)sOKHnev~<{WQgo?TDth_3#%1=Mh=HWkn_j0x7p0`;w@bX5U8sJ34# zP|ta5h|Df1c%#62xxhzCV|+!Eeb#M0VSJa#--{WgbnGM_!D1< z%F7B1?kTdqE%edaZG~l&@sUM7`V`^&MZV99tdD+|M|w^Dc56hhPutRg()AXqTS3<; z?P%g_)wFi>*RQ=)o?hOF`0Db?oo&_6Qd9TN0=>f9oLl0KeZ{AQv*X7?>r4y*ZdXAk`q$c`?t<&$o`-tx>^o^qTaEkO~7PC#4 z5zV(0Q)6%SSuqVCpZ8n|UE2M9VX^wj=XS*3G|)Dq9Jj})m{zU#g(Qi&oT@ySKLyNlG_#-r}%ud!)H&<~bP&y0Vys6Qdr z<}T~t=`{V>ve)?3N^d)QY4U*r`#zuARZvC;=&imon!7aBcQMEOwdY<>)us53ADY{@)~M|*ba{D8`^T>8)dO{T>OuA=UDe&K zba`_t`^~QE%htO5bQ^m~SM^F;U7p;|ez2>W*UG|?hUkGt%T%W3kKe`t*TIOR``|$tTh$GU3cP6yR=(2x=7U=YeSP4mQg z{3FY)Tj&KLTBt4b$IGox3ma4U*FyhJzjaHIEzx7?2z0hy{TvoZjZ;kicPx`G%{>qf!n&Y=0BTfCK8}(SZZ%euQrrh^gg|)Su zF2;!QZ`X_&UTeH}ja7PUSGCR4B+=FS*lX{swq7sL<;6bx+iL5HLS3FwWPej_-E8af zceediwY9!jmsgZfUu4ZM)#ZE3?9Z#MaeiIi>bF0uwmvG?<<~0gPpau%Z+t8)x_RVZB1{g%VVnS_0`t5Rl2-xFZ;b}>y^EA z`N@6kcdD&>n(6Y`eeKoN*7y7B@`wA`Z&q8c?yt)Wg7(U4>(K*rd0KPoC#_K}bouKR z_FL7~do6W&*@5=!)z;$&>GIvJ>{qL;n_BB~uC@Jgwe>+8U0&YSexcfWzMU>V+}?hr z+M0Z@F2_4ie`|f&L6_GaVn1JPy%5snc^&N~)z<7obve<=ezw~BrIRji>TEwdVzw-*?s5_j~Le=NM>_poUnWKg>gq-YtC>x6WfP)%S85 zFZGVm8_=<0A7x*ojyL0r_Ti1LQh%pmO3hpPdZ{+Ltmh(k@SP{dC0jV(kg>nF)TQ(w z>rTs0^O%$L7NuHiY51X~k4CanrmB>x@^?`Ows4kPIAe?UT^@CVehz0f8l^``X^zZK zRtdpT9X>XZ73Qdt}FX52WWl^z7g_NcJ0d_iwP&sSTf{_s1=p-h#Tty3}dzj&Hi_ z+2cKzvQsMmr7pAwsXFHP$<>&MXgF&>-dE!^&* zLunlC1pP%dtpB&Zg|BAxz|whW`4&9}_2|9$inoNyZ|RRmIk8|py=C%(=N~lu;kBvw zqF$}n)9i8oN{?D%HKd6$TP%C4o*JoZO6wXtXI0YlmW*ZB(zgelJ?QZNB))&AYai-6 zT6HyX?mN|M)4cU>z5dMwYNxj$-F!S=U@t0Aiwfw3YvQqwu}@V!jXu3wbb>k>+uq}` z>1~;%&dWBhdK%KK{+~TIO;a7|{cYQx_Sx!GY`eQH@7b>ZOu69z)%AEMCw9yK{&EB7 zUD5{hLefAxreY^>9?I0oN}X(dZV}5(sJq^O4D@N z=Y7-rT)FzZsKw%P^{PG1qJ@bi_A}*be#u9A&BXFE+2(vt;qA6s?A3!$?-zM*w$=I~ z3RkzMhR$~YE9v^{SpQ5*o$^Sz;rlt?Nvx!9qMx7My1wc%db&n82^IAE_2=|J$Jw^h zY)j|%WBvbBr`)7B)i(E2$I|zt{4^){6hBS9?R%X5sE_@1IXyhty{-T3%CYnvD|?6< zqI)4{yZYv~%>?hz59n3Pg3@J$>i&YZ%L~=ZKL64}^|r5JQon*}-&&|{E!=&7Li$6p zg=%C$>8ph*SrA%TNIS&;LZN!s*Kl^B8e3>53RU7a{caC?N;Xx}2PJ+f*;%Qc2~>Vu zsXhvH++3-aH1NM)sa7;-_*|v>xk1U?N;SH&Y-6QLR92DZ+)Bz4)n9MF#cV&iq28Xh z{3y_sK5Y0x1An$sz0siIvPu=NEP1R_-BMZhMWvcjSw)(UVSD=K0F9PB;I-HK)WcqS z$7pwc=)*(waT|MDq58qA$KvRx=gb8!E!{>RiaAHmM{Z2>>^55E-&u4ENY4cC@HC#Y zXE#dvjjiId8sA8ByZ7C*({=c{jc=lP^}pk`*oxR=^50uo~D(?N#2& zYU}IjUQct>ET3%^(u2f+Z?FIPb$-jPwEt%9O+(9c-)(Y3%;zh!N+^citbtXwpQo$U z(mvX1PY3I6PP!$&E3Ar3_F((cJbyF4(6h***$npc7JbQt9++Y)oqw{ox9?!9h26z! z_uCrH{razQ^rkQOSZ7mXG@I<2L4GXymPR4IB0D`#{n4V?YIHu_y^ic3 zMBl(V#6H*R+I|o2*r~D#_m-@YRoG+?b_Tt4Jdi#F;JcizeSLIg@q<-DpAebkIpMYf zdcqLgNiSOKQx6R^Q*nWwxATIx2^Bx}?nN4t3Vin$Sa*p>$-14}?d{I0b3>DZf_CM* zzcFWWPuC9&q`m<9A4hT-DdRrOy(h0;SxQRM^9tv z4FGEBG((ggMgL58_PB_k`26ZBrLMB+U4ws|W!i)8?^-C;qVjP|b@7j)j!QqG)pcn~ z@21iD->Rf9WYUx@I_1u`^y59fuDod_-K@0n4^`E)iD3;D?TYr5&(OQNetOP&k~6~Y z*rC^V)nu#D0uOa}e)?j|LYlAwJNsACKJG|;4tzZ{IKIMt3p#WheWoru3Y~|8!IJWYJW;@N~d_qN#czKo>-6X9IgaRibhOseabT zUer{5(}>=4)bZ0-rKsOn=(Rua)41UxIu?v?ySe8G)spf-I(Bn!H@^OJmG}0xQTx*M zq1I{Y4XVAViHmZ{$-Zqqb=rI%?Cz`XqCVj++um4CpAgdD>dF<{o66~Z$cvp-#YJ>jA8WAatDy}};fh(4F_01Xn;a+5ZN%f0Hj z;uT(X`gHw0%df4^IG>H0>qi(z>QS*Xhf!&z?gX9rvL(K5R^tYpt%J(Dx!cvgRz;*_ z0=*m4;AYGEM>&-oV@{Tgf9HFR_SLHE-<@TlPCeZ>d(SO&ysEiU%}e{L zgXzTWEcc~vxR(r21N5j|`!=A4(&0MCi=(5zZP4i|b(PU6GvAw_(<3j_S@gIr z*Qx8wawF#(iiIy(beU+=!-tnJhs|#|HOH&E{ARnWQe8`qQOB5V?Q;82)ugkIpWZ1N zQSrXly49+nx$Spbr|DNo=>1=sX-yZLTRikdSnFGlf2#NQIic>WSIL>`OpfnDdX1)J zn7WMWM)k3qmUdIk4|bQ4(!a!C8Tcy$e`VmW4E&XWzcTPw2L8&xUm5sc%Rnj|c6=ou zrQ_C%Vh+lENEh7t_mPp2S9_Xe{9gq<^@&*@hn&03Y`NmSbNUdkM(EH)c5q8G;N$ zMj)e*G00HPY!`-%LB=6N-qW6X3AuQ&$zv8$+P9aQ^{M@6@R@#DNVdz8_0m|c z_BZ-fPn+$-kaP#_`h{RWew@)yL2gIqW6X z30Vuf>KRiH8ZvPGg3ls9HyHalNUkU6hxO7}ABY?M&8R0!*2_RI1ic#gpN9IRAvZ$? z5XV^PMIkxZ+80cmi93wn^hD$%X=G%EkEDkBT)|; zfm0s($NqI$|JaXyH%9;B&i}vtSM$8t5Apj=yU9TsN<(WnE?6)6fYHlB#<8B|ZoQeX z2N}b0QS+R!oPw-{REVQBi8le+1NCCbdReRwJ!tg9 z*ggeW3po%{`r|lcz1R;+*2`C~BcC_@7VD)%z0!Q%K%5!K2^@4LvePWPR*nTWz z3Np;g!XLLU*$&wcOV-QR4lhT&SdaJPJ>Y4aSJ-{@Ez>TOV|q9!aYTpWp+=P8|D%GRC*umQ5cz{$jw|q%@e_m0KxQFxkn|@h zom~=y@Ij$I% z(;pxo>x>LRh9M)6F-VSU@t=&#e$5?MXqWNJasAo$#r?@T#KrBHkH5I^8xem0?0#au zJK>kx1N+@B{Kkae|7v}MZ<+o{);EUpBlo`v;rG8<-@n1HtZ#6Y*}r^Vj!tu*N8)Hl zIc`tu&Hj%;#vv1sDM)U2BjLBc{TlC|0oabO8+iXrL%f`)oQO9A|G5uMobjxY3CJX5 z3Nrk$S-f*{zwD7AwGj`NwBLkls8H5Z$hI#o5x8GfP{0@g- z-oKH%-Fc3{P7X5jrLmiZ%t5Lxh9@97&%w9rKK^pTZ%p`2!A|5WV>j}(kx|GPWE?W^ zjakorkImzE;G6Dtl@NYIuoKD|d*N^4A2JFV+|1rooWCAh?nTBM)U%@Y* zPnZW*n|99EyUdTx!w&)OA^qg3pCM_xEGK^Y!=gdYk=B!*+cC&HPDlzQ16; z3S8E2Lms{jobMCaPQx`OPkg_}=NZmJ2IDMQ$lcdH7LQC^1p z-8jT*cfXJn?IwkBi|~A7Kefon;8G(KX(QFkM#f$>GW)ubp|_2UuQf9BzL9)?atrdp z`*kRmb$;}CeiHFNj%_y}Ig`Ks_9%d;FJp$6ddys9&m; zi6_~{$Z$s^L!FEab}=&0)yTxLMyeBx6K8S-uW4&Mhpk4#T zcD#L`weEVU8SZ{H&=YZNH2hs;6pJ3WD`jb37ikvWXxvi$_cX(E1;r$nWZu_lmBAsaz9 zHj?*m#adjyV17VzEc1SRZIAlvXGh#W^0+|_>dDJJu&e@{2_yT|ntVi%hp5O$VyvlO z5;6lB9)~>LYGm{_BeS;~xjP@QA1gKW%T*W|Z-`~&BZqwCkdK_m$2d{{?pW5fs8{_F zhphkH_e}lcTyK^WaeaX0$bZ-#GT1H)nS)gKn0f~wgODLe&Kt)S29H2SA!Cqn$OL2( zlG{<$yQUrSd2l=O7Dv6gJw38VK6RVncFgT30e$^0=$^mY_f7s%@SEW{kiQ%+|A*~I z-HSXy1|dU`VaNz%6q57DamB#nkO{~nWC}73nStbdU5EV1d>ss~bK&F*?Tho3MqXsT zA|IH1W$!cf%fcUDF9aSi#}DtnkKl**)7`?aJnqA=FWdQI@J!P9jlw_s&CSMfjDC3Q zpY#)4=dND_{@4%KkMnz2t!bZ}7j9bvVTa=l-*4h(I~*_D83Q|9Pqw4hn|SzsAT8{~ z9yIliLna_okQvAvq?&8=1CT*T-e2D!4&Gm@vCQp6?ynr`$?b;Yo-5+cinv4Y8-|QP z#vl`rDabTr1~LoDaTdI1_QQV~XXHb7eiiP2cJC+nQ4b++kRiwjWDGJ1nSxA1a-6|G z8RvEpXGp}EfuAg74l?kti8}-tfs8{YAd`?BXSY8YXYwPH&j{knh&WU5lZMPd<{$%) zAYRA_WE3(6$;V9}juY*T+h6M};+ScUy9^}n*EsAXAd`@3$SkCqXW|J$h9JX`9LM#D zgWEmFk>WUJAr456BLX{7$QWb-G6k7|%t5M0(HaG7{H8y5`yVI#{|(F9Ze9Lu_+h^+rwRWF;Xn0_@f+Of z_P<&9f8Y=NkIm!1>JxYUQ^J4LW3C%>0V6s8Cw$<}zlG(z^@ks>H_N2(pAr7Ujg8+J zWLAH8n0_3`FcC-e58_C`pFBTRZFJ`$C*n{|jo%QJKEbNAa-F)?7yU)We=Y{P?KSjU6^@rqsBd`>Cf~@cJW%j!ce)%~z`>loF zIQ*%7j34&%~N-^K77gujsR`)8jcv)?D-m!DU&-P_`>)PtV*ek)KhK|H|F!VX^PDom|NrznCywtI#K-flIKIW7qy4{P@{)s8 zE6g(MWrSW3>qA0spwLUgUJ8=?_4ObAcKxn>B*k`V=w~3g9$#QP_QQNf9$x&B@x%4x z`b57l^$sKcIAmJXXZV*!F9ROHdo%L=nc>1-6nbor@T$n?FljinT3qu_}{%9 z{PK3WJllodFm^et`1F$LmwjJBGK1z3#kh z)K&Ov~3wykt?Ony&!`={HhP{lica5;e>)GCQ zyglrV;APkg=G^tYLD=K^;QGu$L0{<_UYe zp6#W0d)RxDmtjwR=dSNl!XB?@dr$NBu(yPlVJ{-=Jtyq(dbal>Zx4IRcp3JR!rm*w z9RrihneFC*-g3VXbs?FD#y#Mh9QVK4ZDyS`0@JzmfDn(_9q zw?8k#UQF0)A?)p55B=@X=j(&O>*hK@URQ+0^+9Xcoc|&%VRGFd$|p!-k}eTjJ|0k$5(^rW^6C<2lf=~W!D)yDcIxd ztIH5K$H{(@!cXcC{NxaCw$}KGWQ=4#i9CMzdX(#v$>S&emOBqYv43-UwhO=Q-Yz1x z3n1?qas3)v>)tMob{_JW?;b=T`8vPqQ*%6X{uV<&3%wj_g6o&nDG_KkdkEdXl>&f=# z{%rEf_A{`r{3iZ<_5)bY_E*6^$IJHZU)=Vyu%E{Ep>pF#et#n)?0=KT{#e-0yo`7u zbC7De;Q`1rWCk)cSbzPO-W$grq$D59QN}1>*e<6X;^oAv3J$4esS2#=P!AR+uz}N{0*b1j`BQ`3{;tmBueP540rqg@`o%8$_w@_ox`y}PTY3B~ zuBX2U?B%OpXo$Oh-X?Xom)5@e)h`Tt`TXUEy8RuJ$KSMi`cuRHeLl0-y8T_6$DdtT zzxw51FJJwF|8V=eE04e7_4F5ly?p)>*SY$Mm+kfR zmw-Lqf5EB7KJUK}mbreX-WcVixZw!eP$3&CE#`o)rNe=p_nH@u$y;;@&`Uu34+-}ia^ZLX)k zDD36)7oFwyx8L4%x0gQU^~+}r_VW1)%yIjR)USR? z*vscH{;=EM!aV-w*3(}C_VW2l3V&bc@mCe7U;R>l;4l1$yMDoa>TWM%>*+57d->`Y zoagp;avp!%>*+59d+aapxUtXYzc7}$KO2$9-@pd-%Vz}k*x&EYe<^qUmgezSTTg#6 z*vscH{)F4#S9$#PsH|W860n!gU-(J4zh=$qZZC`L=`S_k*vscHy1?!4%sl>DH>_X% zVz9^latn=pZZE+_Zhxcl_?rfQA?U{;Gmyc>#!eJ62`Sr47M$DXl05!w`um~v8L!L1 z9@kI$Q_r~T_f;N$!|UlU0DJ5&hGouYT=?5>-@4n&=6d=|2!FvP?)?|SGUxNGJpTGL zu3tXGu*db2`HTpEfV1Z=kZt5#MCbY{Vbkag|V#gTqDBE&l*2`g_mq@4)@*ZZAFdGWE+rKk&ZUE(FQ>j9@wbfm#2%e1dcTa&8`fi{bB& zj)(L*<0oJJlIz{|yE%`))_d1)|D|9rufGr7{+8tNHx2$G9~u29WKKLEkAcS_Wj<3` zx4$p)__Oyh^^0yW`g}Y{e{rnOd~Ecjzt|^ke@%mRx0m7Y_ec9L4tx3X8Qmy&}@%N?M-!pmqt$@Ej%4Y=j z^5rul{B6nO&)(P6FZ_#%F9Ipw=Q#2}v;XD$C=qO*^_lrJfkGo=Y)6@8?gx6qj+_US zf*qa*6M>z?b`w{=c`!+=XZtbO=Xo$Z4^qnh&Q;=Xe^GUqSf)P&@BDbXAuUhNDMcU`HMhkL?WD4+8` z{T+n{VW(7x<+&cST!Q85B2y^EGJoczF_u}N8uUk5&3@)sV+S zo(VYs@*2o7kW(P%KrVz_4!IU`6XZ6?!glZvc@ShZ10b(~90NH8at`D|$mNi0AvZy8gDgB4{vi*7tcE-u z@=VA9kk>$tft&(42XZ0ga>%uin;^GA7IuJt$b%rOA&-YV6LJ9LHIQQ0Xgj^1}7IG8hHps#d{6iiDSq*tS z` z2<0S6&Goq^i+?1XzXhbZJ{N4Df8U^-AgQ@N*X8g}>%{4w<~IHNmi~QD|CmppatZz0 zihq3GrbXwMT7N7T9hno$p%2~bV`4camUCh`^pV(JEZ@7Y$v?*xKggVad3m&0)_+-A zU!CmQ6)FG$;PjtP}SzZj8g|ur74?*^Uj6=?a%s_633?62->j4>qoCcYO+zgrH zdCFBMI&s|fnW^6ifBW0v!PaM7H0+9@!-8EpbnXy3xO$kg)bU>(t2=}`cj$O%8?z#K zXsBa#s5*3*x_Iz~S6mXjrvKGL23>hYu;ZZ}LLEZE)&qwQjSV^ckV7sRG<4vwi#l9< z<>iMA9(;}Y@8HEvUHbRy(!c9r9c$W1N1f{L=#b!rT{|CkQNOO$oet}Kaj45hoew4B)tx(4ck0x! zrl$Wzp~D7rIc&g1{mDyg=)kM{U)WDIrk$nRC$(5A>1)S9TF~#G^e?@zyHj3C|9d9W ze@E*=NwGK6$}|n{-w6~%=|82Y5%|s~`8fTvLWTE}u&ts+S`^uA=?J~@OvheXvFDEA zTWHx+zKQ;)Lt~NgcB`ZFnO@WIBl^FT^ol6D-Al1DXK6dFE9;AmTGB#s!5z8hk7=M+ z?pI9z)8V;;{__?1^r5J~+3D?2_%)S^Z2zw${2oGu4^yeo+M_1P3a#A0IR zD^Npqpy^0beCD+QN%LR(PtHI@~OvsMJ4uV-@b)*2VYU)N-cba1AX3eeExHM&Fn*H zX((ww;3=i>|JRPVx+-`G!9#`(9W;1|E>ZnW)zvWr2KT%oHf-pz!v?5fR}2|+$rb(k z1uq_W;nivwC9LLxq3VJQjydhLW6r+d^q%J&cR}y7Bgb8EfllF`3B15b?*)UjA$9qM zgRW46)!-|sd)aM~Y^foGuIo?sF1-4Zi}ioksD8sPzx*HAO7DSx_w&-8tMPeXX09 zsub>T+`LR>JBIf}PT8ycDpw~jSA3tm=SE&tp>nu?cJqLmbl}N*BG_-Bvh(WVm1^i| zkvjAnD!w1zbEQ``qFy+*CxZRPYDJyAiOST;o2t6*7rpfH%-a1;XTGNsucAH&_up>5 zw@S6FOMf2~#!11g&!Y!>QvE&Iecb>{UbSByzJDGb%)<}(9oOAqf%=xNS=_%eTC~*f z^GO+?qs6ZR;jn81Jzk=DMDPya^6wh!vzn!T%a4vj|4yfWRvr8II^x=XO4uLc=>NW* z%qCt}z2-am`=}_cyIRw-{^?Vnjwb{ja;Q>0oxm#9*xBy(c`o>3!7m5T2z~?cy5hNo zxUN_9VRN0xd-Ma?X>_aG@7LhH1-JAWM^&m3f;R%6D|jpLHG&@wuEx9lo($ez@F;j6 z!H0m47JLkNN^mo7SE<$sK9BUBcGBiXXOHN62>p8vyhiX%uy5byj{hg{?t+&&18bFP zwBY-L&lCJm@O6S82VQo&+ixH6Zh~J1K3MR7fzJ^94)9fi&jQ~r_#*I@6WsB<1|AW7 zJ@|ORbKoh#y#;zNRH`+CHv!)+cpLC$33oi*z`F~63V2_^F9IJe_%QGpf{z7XAoz6f zRf0bTzE$uSz}w&9j(-h!Z^1tUA1e6I;4=jGI|Ig*YJuQE@O6TB0?!G4Jh(m49p~BL zLBR)u*9d+CcvSF-;L`-34W1T!F?d$+mEh`5cbp%B2L=BYJS=zt-DK!?7!|xJcwF#y z;7P%c22TrqI(Sy_OTg76cl_6b2L+!19u|BicvSF3;3>gZg7=#2_WKcdU%|fzpDTEg z^Pr$oZ5MnW@M%-r_74HyDEQyNgHzr5XMy(?{4(%_;5UFT6Z}r_TEQPAuFnh6PUgH2 z(9M8;pMb{%-=9t#T0agRbhMSa2s|nDXMm>!-vpi(c0$F*epcvT51tczIk@WVj=z!y z!*rYh!OsT|f`<_QbnuAawcv4Kr#szoYx@boQ{YL#o6&`!)=vpO7CbHZD)5Zp0YCC1 zcyI8W;M2fW7k7RN%aI?!hk^$M{}?jFt2FUMg#MAl_4Q}w z&K{1U`CqArh&$Jlce&$v7Cd&ho4>{Sf`1C05d0_bS%Ui;8o!GLKLC7{;9bD8f;;0s zl+Ue#p9g(=x;y@>z?%tv6L?7QyTH2({wR1K!CwF$EciR%altabce*(Ol;4gzm1b+{_pWt7C z4;S2W9;jEU@q#x7Um$oJ@Z>%2dL0QKzR%511s^DQf8x5|h>GLx4(JaR`m>=Q6Z)@! z4;1_}*og}}zkrVyyrPLYzLJ8s0AC?^SMXZFPXbp-cOEVP4+uU4JSh0h;32`MgZCBu zaqyVnFM*F2{9W)Ff`17-zQ*ez!qC)86fOFB+KB_QRdSdP90{ zlPz_}`84#i@XK+2KwQV!N5uIJ+wb6xvmp(MI_<4G>;%Yhb|9|f>>=VA2p$$Z2|H=O ziL)i@`wZ*DZy0<%aUEwr5$CtikB8iGHlZO}9cQ%0#CfwbKB81d;yTVgBA&~@BZALl zI{|l`&p|%{zZ~bs#C4o85$87OXAX78*^Gvab)2~)+;P?r*KrOM@x;KRg3o~+g}t;VaGba*hvaIjfrbJwZhJE;AvrJ2<*%gc5a6Lc421`cvjf?6m}L1 zJ3m3c3jG-G_cqN|g`HPnCnM~vhkhSn$KS%l6Bc%k zAg<$CC+wU8{o%sS4d78>=TX?%EbP1hzE$vdz{_U3&r_d+Hxv9<@ZN$qXlde)34S2> zT)__mUncm;;Ohjx5M0f2$2knVO7L;u-2}e}JR25p6BhIQb-TZ9uzJgy4-d^xH_)x(ofsYq_E_hP# z%Po^nTkxgOPYKTB18KqezAqy<-^Uf4<*qN^$2Ai?1HbJB=lhp#g7bY!FTwe~ps(N? zVSljLFF!ID`lYQ*entq+&#k(N`tA??1)@FhbE~-U%g?QP2|FEOXP(gK=TJ)p=jTuv z!MnrGM#0YluM(V}6BYD!@2^47ZzecDKbm!hTc4j3tq`1_`(y&7J)~=`TY1Mai?E;B<$$z<8g%g9z1-3;qM!)4kUwGKm4HK z3&DF3*M6hIet+;jf{%h7HQ(5&agIa!J6_=N^9_Fv_E&;u&NKXe@T_CMLZym&Iivu* zVVk=9J?^i@i}uX@%v{0wIdxj_eaXH)UuOglfloWz-5$Dw&lNoCE z>}(W%F9Tm8^lt#K6`Y@&Zx?p%g#Kos&*QY)1?TZt`y6+DAB3H;61o~A%|3~olf|s^4`=y)U`-ArqoX-neh2Kul?<@3A051^j{~Yj`(7ysaF8E0B zM#9cy@PyER2s|nHv*0Pg-vUny{wa7%;deWDM(CHdH~Gv89t6(`-Wgo=b?@IE;AMjM z1rG`y0}ly48ayWAp9&rp`j3D|1b-g9pWv&(hYJ1~_-Mg@0Z#~Caj?nTEWulVrv>i{ zUMu)X;5orB0JqO`=XnTtmEbpnhXkJv-b3)m!TSjQ68K=j-vu8b_?O`01>XfeL-2;q zfJ~)I3Em1kE%*`OHKINI9ej<@zX*Jz;Mag}75ojdZP#w~*L^Yk5p^K;&^s5^ds9@0_zc0n1aB?c!%py&(C2xc-GqMSp(dZ} z#Bssr_r5}(=k<*cyd~Mu{X^d?@2TKB1n2w5 zvVQJ(c-~Hx;5?6|z2H2LrJLY9f1sD(Jb$3C;QbNjV8Qiil`QCE{=Xu&o1?TzL3qC(eZKzOE;!GBE)#aPk{#U-t6$yy zVQCj!XM&%qn;-o`;6d+pTlGSScP zO$Ps6Kdc70+dq#Jt`htJC$LJTE^+Jg{OW+}o1m}76_N8w7 zJT5(4=yN+s2+rfNa|P$|&t-!1`%`NK=W)?3g7bS%YLGil9&ch{-V2^;YW%JPe-k|VtFb=obTB0 zFW_6j%V59s2pwmIQu`bI0Qf%Oor8w6emn3mILChkcn@&)dlGmrp?@xTZ^17E?#RNC^wUsI^IQNH>1TUrd^?5KHHtpOQ_NTVO=db7~hBra` z=?MK8^ta)-xCmUGX!P#~AD1UTe4jf{#KY&=Wr9y8JG%c&UFPn$9|BJc{w#P#@VCIT zf`1C06Z|J|HQ4Rff24^gAou~`Ed}TE>1I){F3|5R^m~GL7yLZ%K7wBbzC+j_4L(rl z^LsQS1n2wfX@YZm>n!ra^IlRypWlC3AvnLck`@>&QV4`H_zxdhyFt1b;a{q9=?vaK3^nynDYYnliz_S!9&KavX3_U8So(Z ze&CII8aoBxoxy|P0q_&SSM_r1N5R8=4X-LT8(ae(?Qi&I*clHV8DRJ-@CU$~U1B)b zYcY5Td^iGq13Yz^(VvU+@<#CJ6^6Hl{hz@T;0kdD!pP^fMxT=F{0;(-k1%{GcsKCy zzYHI4)YWO=X>iWlK=9xVM&I_D4gLil8fkc~!DX-()ylo;klXcow`F z_*!r^#^`e%wt$DgW6<{;WAcy`yb3&ci?LG${SM$^a5C%sx`W5TgO=gvfG2Nt#}fn3 zg13jAG2nsmMn4NXGr)7V8P55C5_dMAc=}Gm&C#dShv3mkh7X3{t>77OzK$(9 z*5oHO+35Fyeh@q`#qbpTR)eRf8a@!b7x?JA4d-@#5!(mn<8e6n0>N)*`{2CaXMu-K zG4|Ud&L!Yc@F4ix;ObnX-vj(}@C@1&$D`TaCHjp+z-!Pyu$>cFAIAl^ zs|&!}!#?NdTJW(am^j%^0(?9;>puiON$?lJ%g`UPoe#i+e>e6=AP-x?li++@`@16# zry70c2Z2YBPi~(_gJ;2=(;WHe10J~9U9YRy4tNdXxdl8q!RT{+XEMLb9nVtm6nGeR z-T}`XXY{!}e*+#m-ta24+v4L)eRIes*S7`uSaCi&lJ&t^|19tj+DR1luL4h;X#9pe zCeT~K(>U*xA^zFmRoE|_hv&iLXy=@__t*}2OW64yd}+k^Wjp@kO?_8jf3e?I;ECaG z{bRtB;9TEx!KaD+H4MBL_6yse06rL;<9P@?2hR0+3B0v99@m4%#Qxe2o&;w*4e0@y za~~>>iw@v9R#O-(C$KK|ZTs=XUToxDEa=cr7^Z z_vPRP;yC&kJRq*qc7g|yfA0VH?rG{91CPURHFyp@2!0xP3dd1r@GDp!JPdvd_(tqs z8+;DygLD30Wc%3fT;C7D1L!|F{-43ygR_18Ia1v|JA-q(Iuu;t{KD<(@8FHlPFVj^ z@D;e;U_J&sDvrkoz~kWDZ$Ae4W+shEA|6~(?2zg*T2ZQ$j=k{|lxWay6{j0#U;=W)qcv#f;8SuF12R4BBL;g8G z#eX+(=3t+BNAQG*=N#~);G@9<@Y@Y}mpY5at=l6+L3C{EVY6agXQn%j$PQ$BI z8-+f<2eDP~gUF5^hir6(Q^4L*il6Va7M$lP^%k7x^9&UHFxVd<_{rd_1UJ)!==%Uy zy5r$_LA?bZ20P;g9|yin@O!{_2+s41I>+38pMd^g!CwZSB{+X4ZJprnLBG*eZu?(> z_Y&N4CKAwh6b0w+tt}P2G4!_z-iEk7?}VN)?YTAfa1Zb(coO^)*lB;YJI?FDdk8)O zyr1AR!Q+B20#6FQ5f!^b8b)!>L?*H3?X9VZ>)V2!0 ze~12Np??*4PH=vnu7@DspWUh9tYT=33u*)dkfCb*P?>+d)z|>pNjk}75owKErLG}9=y&S&uZ}Af`0}+ zR&ajaw^VR`e>^8RKL>1iz1#0Eu-`}Uir%Ijju*TIcv|qT;9CVh3B2_Px8DoE`wBh; zJR$ha;Az39gJ%SP9Nhk=+b=)gtP=bs=!XS=7d#^Pm*C?C-vz!*@P^I=C;FbA;H|)0 z{>vTb5#YTAKLvcW;QW1n1%mUuzO3LE!%pA^x8G~Q!-Dg724aHW3jGm+-v>TTaDIWvE8vp^{{Vcm;5=Wk+l_8J-#|YhIDaR0qu@Nhv1X*(4!_SbUT}U7IxD!B z?iciVu=6Ol9saKDSi$+bvg-ur@5*)??Y1*2WbBU?oab9E7JMr7GlKJb*_#FD@5gQx zoab8xZgR)-2<-P0yeaaqSnzh>WnS+KQp`u zINyIQ7It`^Nk(w4*G9p4-kSZOyFKvVaR>^|^VwTHwG^j9XHbDZl}rLF~!Z!^3H#^oLW&-`e3CAf8tu@ixQ zbJUBEueldXG}P zZ~ip&75)xjBcra?=du4a^rO)43;q46p#7%7&3gh$jRH@!qz7d5TZwp@o@eyKXBqw^ z?92vN7aINw^p7|n^}5dRccK3}c(|3D_rJjCXIs1Nd!n$@-f)g*GI;V3w|=V&jeay_ zIM3@_0-n|nDCx)i#EW3Rli@$(xL(h^+HF5Z9kR|_>{z#*UEs;Txp|_W(N7#_cvIx3 zV}HZrCmYW7S_K|C#cY`kkL<^XLujPzY9EfzT5t^OO1XoYB=xrwwJ;0C5D^l7D_z_9=y!0 z-)peZS24pkAfEN$!K)4DIIp_g=%_{oAfK`ti1gw}Jh( zLkv%~Go16V7(9UEh5hy%YV^|`-1gUlCpsF=?c~~Fu;0~iZl9IcAfCev?}z7!4}s^p z8P0h-`dZjI(r}LdE%5A7hO^(xha3Gs*v+kf7#=>x%_o9qx*N`ZTVDsi$GiD5@Yo4% zI~QMX^piadKN0Nm=>K1+d(?ms@&;d?Ay3BTd9f|Axr6w8uxs`@L0v@^3@R`s*^;X2w!tnLreEr;8 zTyMMt{bbze&w&2kFo%%qL}N2pix zgyD&0Zu=|1Lod7e6?Y(>iH1)$Zq=9Ik(Ugg1U_}5(a(W%{72pit|unZkNL;o5y8ij zK^=eMdAEKC3PAG^>cw`}fTvz`>t8p;=trJ0{5s@82jJxAX~W}AR7yRX99TY4P)mB z^c#W|$2mQ<|;K|j7bNjhEY4n40jQu#`-1~mSxxwfUY-CnU z0#AKt^x00Q2aJAvwA;=)@Z7t`&H;%3T6@g*fkU^Z!HF zxyMg6egFTwyQ#!`lJ3#yo}wwYt~#Z3Q5p(e#2_guA>rXsmiQ$m#d*4nSv`aPPX@BHDd=lk`3?X}lld!K#IoH=v0BvyUA8HM~a^7MJ& zn@1giuxQht86(XR;SX^Q>2L%6H+ z6AIg1M4kxL=T`cJ)2O#@^tnzpJUWhv^T8(`hhH2dkKY4cn#b!&uQ1Q|gV!k!eT`QU zPd?CYU*YN>-GcGGk?lTDo*^$szMVWvZuzey6UWsjxh!k$bsc%~Tlg~^?>X`mx%qrW zo+iJOK36S=fBZZ6bRoC<0WyK{`iS}r^`VFCqT4@6o>{e5~Dz-lxx5;1++L zJajg=_4oGG&`0QF{&hZ}e=X=`yX9W*lP6Cp^dIse^tr0wHh=#j&(;T*>F-{tkDyOB zDD>$f2PUnP5PhVZ?zM?L(G>c5s5TaS4W`zP)q>C1TflKV#r`3&JM5A-qr7N5c= z9ng;;5C2=}vrxEOSJ|&|Y`0^U>v_q-c{)nC>hm`u{si?6H!%KEh59SV(}DRug*;rQ zP`{Eq8Q?#Yd&d>(Py0**kni7I7-b~*agK03KE?z3A;Mk!;}Cz59rvlv1@v`4hu#|x z{RplDi-oIys$5|_yU0W33wh0r&?f@?a`JqDPbQBYU+D8Lc{afRAonX2>f3&ScGCeK zCl3eq4|B=A6AOL5B9907317lL8yNQ<(qCcyWSM*{ovI$yEfzl2;yp*~5TAm7XS|H<_F zfhKvGe}m2NPmot-{f{S4^(xfAMV=;qiu%f1;1lg#sK1mvMlOd@_j;Z@%yF@Jwg`9g zIxvp4zXgv3#%myXw5V_#pC-=*e72Bh0(!e|t!-d@Pu-Ay1MIV7uLN@XwRCB!7WCa&4i{59B`iIO;Fh2A>Rh zd-CVVz3T!#f%e}^sM}~pZ#(R<6CpVw1~$YYGZ zCwX#Aq5f|26#0h;$6H4pzpGGxm^?uqqJQ*fw3{4TsGmfhB5zLpCh{Ej8F5rax;BcxpzWegk>z(L!$bLkmOKv{zlIO@DrM}8O_#_^KkLi1nC&}-nem;447W6hQ`^Y2Y=5ywL#!3DG zeeNa?%`R+r8F`qzF6*lNZ}5rEDb!y`9wUF1`p3w_PZa9cl1IpwQ(yZ4{PRy1>id#= zPl3y})4djw=g6(UIrAa6_%HY!{^7ZW{!_>!&c_!b{s$TZ}^877wRu1kC1O+ ze_tUFErtFxwp;2De0*{nmu}=yayy><3cLH2a@N=E&nsf^W^22|DELC%EErt zk`rz950Uq0yCcctyd?FPm4d$?;LFIPjRofilAHRRdqg+4QcyZYRW_-!9@URm()7VsI2bCYoO57#X8sVar4JQ?5@k$bfY z^%KbB0lrGO#uNVx?bZgq?blPqtz-N&A zJw`l;l3 z^6J!oPagUP`WoctoXGwL_+;`Zc_YU8C3%8%B0FjKs$b0hl3V>>E?ny&7O1!B)Mr>% zU(sg=dFtE3e$|o_1Ra+&xooH1YZ!To@7G(qDdF0#U!$RX)*pTzft`qAV`a*O8+@-+Eeu9FQa!zcP9d~94sll!|0{g;@Y z-25w4flr+L3-{~zjS2lTCKqQ507p}#HZe~05$yt2Gr zZT>G)-#Vb*P5r2VzHu%1-x|fjh{vYbkr{3~&PFUNm;tk<-ev4;_s z)LT72LH(wH{!{9oq2A_i$TqX$Y(R^+c2L!9k1fe4(Joq-$=dn_Z8~P^8G&Z-%0(PfWCTN^mkN1-_7x2Z%rWn z(bVq>=oe6bAfW%6`o4T0(BcWn0aVw?a8=~T)`u>ROZ^A*W2o;Ra-r-|y{K==diaj|A$)(+;yI}y{3lXx`RVMqtp5Rhg8JpupGW^Usqf17L(P8= z^}7T9r^!Z9=i`cizMtd8Uajhd{e77FMtuL&{6C~VN_}(2bBOxc0ey$Y=|4b(5Ez9r*7p(*_52lN*>UhM4&_>ZQ( z8s9HA|Ao|tYofnr(0?=alLGn^&p$E zH{yMa=Kl)y_fp@I{oPCb?0~+01o?cEdaJhqj!XUXK3nroQooye%g+bYj|%8Z$Qv%Y zKA(CD`rC@}w0B(UKcF8){T0-oL;cIt_vQVu7SA5)rw06+v_L-B1oSb-i@gu1xAXBty~Xo6^^*en(Ami6 zWa=%SJsp?&59sfq{=I(me7bsmdnH}$_!Z}m|39Q1cnKtIs&Vy}K}^!Hqj*DUJ0 z^8DTWKcapB^>%#xllm0_eY11X--*=Q`gVikRlG(#FE;b)J39hH5*xzNs-SvuJ zab9far(3C?6wsGw4SkOKhV(f@__5mUAY7l^?pu*z9{M&O@YX!J{ z?@yxu*X|x`yzX-2QqhZFTIfI7@ygzs#n0aINzFVWlGy3?=;!x?^=cUt#^Bc zt3LGeg-&VLKQC(s?hgX5OrIx(pQL&|PsY}My{YK>_7SV0)u99Y#eVvP-t`@^eN+V> z@np+%cihIMp>Q3S>|2H7a;I>OCwed5@x=EydfpE5$V=e1Ue)S=e&uH&e%s&95U%4D zo{2b@6d}-c)Q6X0yy^mbH*|zgx(@Pbe6e!z@l(jB9q;xFSO4hG$mhTGIq3rUq?$o* z{q3$?<9Qg|t{dD(?(f6+R;ABM;T2^cyY#yrj+{*X8TFAG=$F;W0p&8jxtq~1yAIZ> z6M0YHIrOE^0O1;cp5tQkVx;PoKY}<-e~3Pji{NuDeY$ssKJ+d0N%CqJVtiBIVSH`> z&|Y{&8TUr77xIC^U7m*^|F-Y?pYW6DdGwF1j!QnDMgDF69@hmv@sX&95BNs|luLeM z!x5*=$CJAv&NVs2ga3M78{w+=Vukv9$WwPB&$a3Q8F@4TZZS9LhCGL!^PTdslK6vZ z!nMDl^H9%iSkQZnw@14n`k&Yx`s4-h!RUKl1LfMUp9}ap28{ENa_Lv>OvGb(sNREdt_44p`f=o`%h02BbA(Jbe{-gcIOL;X1!Y{fbHsQ-6^9NFME$VSYMaqV-?w)mw#i#?D_x3DRR9eBir(+j=HJr#%fcs0eVNNq4~gFk>)}M<+OO~o)WgHn-$b4(0UujeCkl7txT0{~ z$O%8KL=7+5;1=glmOh77ul2)uQHH$973}XVz9Vz$;}_SHN3Tad|6;?B3)gmYoWGXO zwZgT|=l>7=iowRqt6thohmfDs$WQ1?el6jyVPfw(wTK$s~`Fmxu|eGxlXx`%bD;A)BjH4+HT}J-;oO$ z&_wz~%b-rIZkLe9pDtWaPUsJx=+lVD^!3P7>k9R)$$dUA(dyw+;W{qiPmu??%WY39EX^%VxdC%MKi@Ht($%fnLSEzSuuPW2K` zhU>Y_iwmxVKKulHns8xS;W!&R>c`i@HJ;po!uhgIxcaC6?BLWR_&1jfgunMA;%Q3$ zAbDE9AW2?KkGDX$`b3_BK0+MI%Wqh+W3+v}k>NCSo54Qhoe+~5M zlIX9k!vlm{?J*ShW1R5QN>uS$?n3@;oqXEqWxrGr{8w@&%Ow5<1(2%b}QPoedapT zkH>gf-)jxh_-lHh(%bZG=}sQ) zf^oEc%M|6}<8KDHyww^Eo*#ic#EW1QRj&0=3H@zM|J%rOPh#CDOa2LcqBlTq`}vMH zz(02qxb4UK3D?}*ja@8lt_dv?BAWeEJ!oe_T(`g9krbu#}K z)Rp!38tQZX5s&SYzgI5pde0(1HjnBJg@1`xQNe{ezAB zA?nj3P!Cq0y>En1d@uTI_49;qofp|35&sbO>n+u*|8UepeexzZ!6)+!;;BJCUAgGJ z*U;{j)bl!JLtItxy(XMwd+O_!G3fDX&e?uPZ zy2|yc7w!+ie6jpYA@^#aU0Z+FlExF?>oDp#x_KclGl#;<0gDq+Hs~ z_JGea$h`yP;X%m5!{lvmrhjSVtt|boFYKJ2YLGCu8!cho>xyMrp6zw4{{mxkMQ zXI?~ptR4mmcl&|8h%?N74Wd5P814SVcs@`rd5-UcPlWp7+Yx{ML#&h5-_yvw9q5&Z^STZB&-6)tgh-f9?+EqrACWgyk>`Cj z8vgm`5&yIFX*~w<_|HRGfqZ~)T?hK=gFxkF<37sqV(;CrF;DAKKUcWM?_FQG{`~6v zDLU#$(OqaadK2Qe^QLpjy=92!0RN`1aP?0-g!xs5>-j^be+7D5_kLEr)K4N%Kdr{X zC&}ZK9XGcq7rnpEcP(1I{YIV+>`Nz(llVm+&EvT6FXK#;=eMC>De`i6v%fn~pD%LY z&mxbMM?FNTA1GY=8?A)?KF$H2MScDU_}e~YG4+WlsOMMdGiW^e6~74e(35dpt*F4`)xQ_ixpGZ&Sc|ZTCT>|=W;QIDR^7x;qhu+kGpj`5nx({*su25b|{c_>%xLghE;Uw}#_rTxZ4!s@6M+w*Q@;ENrso$ua|9|w4pUh_) z@@78Io?Ygc`pCVAC%+Z_I*Volglqg>AU_W)*ZTR+cghI$rSF4JbPIeg<+wK#uKL(R zh4IWF&%c1WvU=DhT-X25&zQfB=zoO%;lmima^x4@f9yOAaQp->oJBmVsDDVf>sMEd z@2(Q~#YW{4XOjD8%iG8YppSix@w$`xH-)?7ax3u5>Ay|&;*-A?{j&KubRu||`vF`3 z-%u`j4$VQ`!p-x37q0$3uMZT{zw9KeZ^qGY?E|el4C|vs$<#Ayg^Kd_TY$e*Yx?OBO zb>I`@`qp$Rd~!VBp^ev;JU#&RGluP6M(*>u?zVp(A>8F>4l>+|`pLqz&R6`2OtvIn zN}uR+i1SJEFVsisD)a~PV|lJUjs3k6@l2+Ev~b-&obdyWcTBVQDD~kG*6nrF|1I3b zsb8=zua4x6r^7$CAIFRP$?qqR&PSYf9s5c0@F|G1RB8Odd%`vTNH5<3tN$||Lc3wk zqY(Y0!Zkm;0_Tq{dX|#${qJjt=yjb;9z>jFDS1@=h39TU{%u}=rFyB8;QLueT)V~I zu)zMOS`zu}#p{zS6R);#_0Rr={?=u?cTzu+daKXz#nOtwjC&|GWv;ag6+odSLp!@yaDmkJo7nq4&VL;BV}x+cPhuYGe;|MN26=|>``frQ zdJOSL%VXWJJWp4ydA=0$!sge0@?1ys*Ww&F3;F4>4*9WlW{mJ-)%nB1)!%;xGqgG5 z+@oCb6I%)1mc0FJ@bpHsYv(nyg=;?JC7`$KR0~xv{`p!>+ z=%^nn=#ziLcQnG^?NA@hLn-*5Mt(@Ru48+6e@F%L<5S?X1ILSo!ZjZMG4v}*eZyzq zpWfj+VtM{dxb`cN2EU*B!>SjaoP>3z40)etRsY}DP~jSX;!KQ)&6gu`f06p<+WYR0 zPUoL~CVHJ;`4HA0%kzHcFZ1_&27J4d*VORhJ3Y<}HKefoRM(=tT}XuWdL2k(nG zq&^aVdOPx9$NiZL;GgI5w=Vm&SGcZAF`ma+U6ou&pW*Pa^UWN2;w8lS5PfPaf`76- zxSbbVqg>+2PC=cRex-0%=Nr(kk`@nn;v@L9DuG|rT#Pzg7ub)TCfwDbkMSza{Pa^U z`H7zl9~-Yn$C6H6Nw}^v4{X9Z(~~}})9_Cf;W%5CytibySnzmfYt`;Oc|-rzNiOX3fVi^X%1 zaE&M43_ciT&l{>-+6|4we6f61Tn>F`0P-`B{>y~B`FJ_%>Lv1>+nhO z{XW~D4->9FQI1z>>cWXz zlgD}8%<8=18)(;Sjq%-h9R8q#aBVksEBa-1`=xS;KhNte=5xYIwCn$b`rplVqvRQ$ z4_be360SapN8oSkfAO1WH{S$xczP)qO;axV)N0=W+t0ipT=SL=BYvL^yiK3X9_Smw z#@j}p9QOkje~q``AG;CxwDYxo!c9X9_hXpjQa=@-x974>Rv)da{oqabN8i#v_X&?9 z)tl{WFAI6zrp;}S_S{)gNWxb z`rN2od{VqlV&lGwJT@KUW$VVp@4zR;_rGj>FB7ioWMY5eIyq3du9MjlP@i^P{XzO< z24mejt^@+wqk73h*ke5~&QRvq!5neUTPhqqIIp>U0->xRPhVYqP3b2P9&oTpsk zjGTvYJfA)X$^ALVv+YA#z6*W)AoRAL+#_7$k8!?REzK0J$H8{*pl&1d|DXDZKJ*=Y z?j!H>9(az|;WgHybQm`xWK=+qcqxx^RutZ-wzaLY^k~ zK1BVzM*b;z^eyDM9Qg^W;UAs{pStAXu%37P_cd7b+OGGS?|y0PK$1LoUG8=DSN$y1 z3I6MOXMCXjm31I+{?%2u_SfhA9yTsd3fJ@K$d{;xMhtB^eOfl*dP2TIeWcykK;)qz z^Zdt$%-av>?^mqbb|0bL)OL)c&6f$}i8h6Nsc@|aZzb9-%XWVkuKjAX9lQ>C%{7Q8 zHyh(_`?On?OMjC*?pV8D3)ej7YN6dW^!d|#-u4}_F$(<;`b0gSeJ@25JQ zKJ%y#^L`2QS+9D{+g#-B4(gk&CBLh19G_P%@h1ZJbN(P)$1CwQ#w$dhBh*K_qYn3z zcVCD2)8AoSY@XibI7LVOctp6i8{_@Gwr*GX7;#1hcXnzSA@}O9T=dZa$fq5beKEEIQOzI~HSO0WFpJY;fV_?30d+U^saxP+6~3PUu8TMvpOy{y+(~DIAY_{ zU%2*bC+DN>Lq-YL_@mR2&t~*_%jxC*&yO&^G4k(KFLB0yM!PnDuiK#hav#g5(A$1* zvT*ee^Y~?XZuc4TAAiGl&c?4N_ufT3PZpu!SB0xjem3|l#^ZespZrNUetk(kLb&Qv zmmp4CPadM)Z;kOff&OXgBO}4>I9qBX`kQzj<8Jf!CgE=WcE)@h!}<6K_32ZfH=p(7 zdDcUH##!?VO)teU8}=$zC@fM?)PlI zT&7(7W3A!SqbveiEL_{oz3)3<@t^t?^N>V5R)>!(mw0k7W8Jt#P7U>S_9nEO44emb z7w+`U3-?_K^2BWLt6}54BV6ltW)|zM^=l{f(ccPvdVGyIy&)LK2z{n2*ZSdc>Ryg} z(Kq1PtKnmH*h;zNA#^wTYvaD3-2bAGM>oSK#m@(s{$t@9e_yUAbr{cn;aWct?$1k- zH{JrC4(w0b3wQBP#_?rT3H-ra;p)FSaGYJKJ`%q_3FB+^wv9gC0nDRzY`5mO@XvMf z9kF@cS-JS6dHuoaVFLBZ?Wq63^qFY-E0CY2dv8c3;LxVIYdSUwL3cl*-7x>qv? z{}4a#Hkol=CtUqgz0srf9G82k&)x!mi}OwLH0#9rRcagk`(EIjEzg$w>;cgw6UKoGT4)~{@K|cSczMF83 zGr1MK4*6^3+0v+!LFARbhfnSW_}hM|FL^Yuk9tYC`lsJOonZ7mZ?o#9PP`|Of6Hgf zAE5UG{p}-M^AkQB`5D7_rc$4J5dKYz@QVei7yszvh~JLaS@KLfj8|*=blb@|dB3IA z|8>H3zZBk5czk?SxW*H`7VGDbQZTCgBjc=vcuLd%Lg8AUsXTnbz2- zp-*}b`fEPxsgJ$@ZtGsjU5Gzi4*hLG|N6pRUGe>k>&SZu*LWIzf_P%&w@@E@5b@Y? z=QZJ)htxZT@&8M`|Ca9@def)IPeops|9|w4#=>ra63U-uXX+=Xjn{m;Up}W8BXhKSCbo`=>S^`}_i*5bNCdEa95BP5iu%?U$BO zpM0UP-u@Bp>i;vuIgRl&_!W7`P6M}i+AG(3cog%iJoOKgC-?b|SUkTA*LYe6?w2dS z8{A)m@v?c^Lb&=TS#P!uOe4>BLc8X_+W8cFhg;z|&NBCQP#^ynGuqByTJ3?q|1kKq zjDLl2%|keFKhJ06{&Cm`j-){T@EX+x&@f%yM5%8}D-AF3)LyCp z`ItC}e#NSR+xz~jg=^i84eTek2-mtw1nTfN^7Kl?Gl2zE>o3F^OQ64YJeooteh7Mt zr`F%dTaNx8GXB$rYyJ~+P=|KCYmVxvIr_&E)l2?Ud_Tpm1C%<%{*FW?$C=R9%5}VW z|1f5a99D#Df0GM*XK(Aq%k+t!g?`yQ+CZM1jeO$2p7$qxGJoUx!zcz@=P>+Jyf38& z`T4@#yuK0nv32`8?P?C%oH zqZjEjP`I|6Jm5QJL+Xz^0v_)LA6v)z2-m!MMW}yU=f|sF$FUE_F;D*-eR7-N-;@58 z{uLi-*W-2RvgGZBt55g{e44X?PgJk%z5$;I^?wR?`z}8B#`1rqJg7>2ve%*>ZlnG& z<kBNPU#!Zh6>D|2U7!7Jn1@qG$EVR>D3Z%6MYJ zHGY3?Cl|TZ&rao{550`}cs~2pyA0!8h<@2Ve3)<-XW;WekCA5|!HRT%J}XWC6Y_Q` z`8SU9A4mNtk~eNNp6o4X_YTH?j&MC*G&)$gue(9G>u*o=Yc#zcP#^8@#l9m$$rsW; z%{sBXeMo&eu>N-{tN#CeT`gSwQ!k=^>Qb`aIL|w5+}o8yoj)AdUv(C){f%`%f8V9g zSmolM9E>`#dT3Q1{f)fgJEa{@2MX8g|D^)=H;xmoKB2*dbsjn%JaP^EEzT9>KA$sl z3gf9z0s3eXdA8%rSn}{Ag>k+uT*oC=7raUljJA?T+hG3wO8?>$#9#CYzF%zD>+V)A z@#mjGelYr;w}w3Oh3_0}j7pq{cGEpkZ=W282CfyZ^^;f&hiYthl5kxoXKyR4tIveH zI_v>|tCOn5h$nsp>U=+a?kCTki~ibv@=J2BYGMA53n9*EQ_Q>7%+CPfuD|`^Q=k5i zk>@T4x8r`}iik78`%$e9Ul*?RP_|+Z=YU>#-j}MEe5QGxGJ*bWPl8XTT;Y7bMY-s` zz`pkgxzGDK?YKXn5`6N3{qQv5S`X1@P(Qb@zpI2-l+Qi7rE&b{*-8 z8sM39VV)mTE_ujJN4rfqAB$>&XO^NKeEJVmF8;A6Fn=w!`-SWLjRo!pm`Z*0BIMcD zjcw$qPml*2ujaLo|L~t^@f+r$lW^UKL<9HFUn5-OPaT4fop-DduJbF)`(5q4brbbo zZN$@@{W^E5?)OggzUSwFh`lDT<1~zNz4?vOzmD@ zQ6Gw-9<1IPoC;{Wze>`pxo~~XMyBxuN30I}QSYsX&-K*bDqQmxJ`MHu6!Y^c zd2$xc7apMg2z}yP&@Q{>opTy|yfcsotDoNF=~I#Ca`c%fT_v;IA*upcU@n`OX3NhFPtk}^Kfxs9`zQktW+^FPCQ)uGQL>LYPx zczwp+Z`w@%>_YfkJ)hYS?S}vGokK7Bj3@VaebwUMOrGQCr;MM~2<@g{Ks_5@pj`40 zy$|c;gC)>F*~ZX&cVI;77J)ZcF8c5w`1p+H3FCYYn8m+axaQ}A4ah@X>Q6phxxAmg z2ghZbcQu6T`jdPX^W`e)+X~mbh4x}x7>;)jd2Br9qt9RLGd+(Nh}QG2ZG!kS(~)PJ zcL&H*TfyzTsY_F|o9F$vCo`T2!o&RkqklX`y|7EryZ#GZg7q0ow{9PD-J$7N=t$$s5zqDXc~pHQ&wjVU zJbx=(>$wxxpHkHSMty|y$o3W8T4=lfeO=|aoTt}?zs-vW$b-)Zn-ld z7Ua|B*HglewVto0K6|n6oGt#X=EME7ttXeA1OLow=m#;L=gG6rqi*jeKPX)5{21?ku3kcg=>DYr7-Voy`4;bwmb4^$FK>$Yv6Zto?p z%HyNWuc^W{4-izyucUcvlbC{XFT=Vz~AozekS=X z%GE#c+?7@2$uh`*_2F00FN^aCd3p)z#PZO|*F609 zb*1BS-0bVSUv8%4CE?ny%+St`*!kT)3fJTH+)7v{!{i54uXQ*8{j&G_ zT6KoM|1-G7vqHJ(Q&Uk_XE2^!)MtAm&UN(faUp!tUEpJJ-XmP=KXDo6T_0Wt=+^Vt z&tX^~dL5S(pTlN(`;b222JoLz5)J>vc0;2vE{`&vE?p2$cyeLC-Y3uSK2NLLrd<(d z@cK+A;hKkB1*|7^=zo`T8OMC!{)d_L$@NFwPNsf0^|>_i@E&=UZtzd@er9A<_J_hX z56O+F%tqAD6|VUV-rxQac_^^1=E(DWKCsQf!@@QG>~n?Vbw+o@lYJ5URnuRsT=bc} zh57uDJogKZYw;ok`mb=U!wl=t#@WZmpjf*9`)nK|AUVcuJbFj4*7}k zZ{`WtIAgpI*6O)p5A-YZf$x-dTx%j+eIoq)yT#dDxb>aZ?nl&dnHT4w-p=GNZ&H70 z*XQR1t=;G89}0Y)VkLcIe2&@i^x2?3GQR0Ak>|6?PwffrH^;ch?O5(Lo;>{!=Bd38 z@{(}fSIi82F7*}RT0iN)eP5r@C(rfPe5zl}e(}1NU1w;cTzulE7anKh!nNIh*shK5 zo%D(SgMK~Ce!Wef6hEIHA#d6X?M6mGZ~0sxT>ZZaoY%jsdWk1=KJ=H+XFYj#7V=}` z`ww}T&pG^=`btr>n_mPUJAMr$kKBwpxA#F72-kc@{)K*R5scm^Pw_cLmWMyoNAq?g z)(3kZr|l(ZH_p$w_hdW|ktaLC-`3T&r%gyJjZ!$*D-2c%69qwsU0^jRxWj$ z=KUnLPfH1R`^ha>uWWyKgg)8v823tSw@q*OB=-1@v?9M&__5~E7}ZN2vb;ax8S1a> z10Sy;{Ox_!*Mz&{$R4a4lc@iT`rJ~)`7e31%cy7m%aPwoo@4#n{F*9U*MV%{^Kp-o zhXbG6eVjbc{lC>!O1Snby$$2?1KaI?Ir<4{_ z`-F+)mns*1b`yMT9z88w-(MKgXo6E(-gZ%+$ND_3d`@B+uV%?z|ve+s$r|J7=4ZdDTmvLnW}j*>SDe zK=Aan;P!sa+sY-*%#Ros{8l~(aTV%66!;#89*)cB0s`xKZ{gZ*ZY+E({^PDjK4Xh9 zPm4<+5zU0FKJqN|mbW{}Lx1>AXyg7deWJY28E&3eD~9#If8aWEE8*I&e1pKeP%iC; z1NXarMxXh|VV_)tFuk9s&v6|_w4N8a2JLR-{VFyt7YcXl(i}u+$F=8#YrE;6;9&h~ zb}iye^M2q5*zR@0)hDw8^)r_Ny-a;JisKHl%em*upVAY-cq>6 z<8{S|+jWe)s1L{BQ?exfU>5cMM#MjqKG8w&58fxgM7XY>slau=*Mw`kF<$Qq(`UDG z>2Gu_X0+`aW7lKfc;G9H3$o#P3xvCT_Vk^D<#P@7tpd-5s6H6u)ibdFsqJ_bFB7Qq z7Q)rvpI10u_tB>vzaOnCO+ywF}yAjqW%ow>hEvIyz5Qw3)g<-zQuZl|H^ZIgu8KUfjYGD{enKR z!1>E=>JvPVvwk(W5kA>pkO%XbC|u)72A(6mlsvo(`FV%y(s4IIpWx?_?YP-NxW<{_ z`<1r7{iR&|6F>N_r+b*6e#5}iyg#`V^Y93H@;21@H)ZgPf5`L85WgKy+YN`0KMlMe zeSRem^E&_eVW|KC?_ z$E8l*M&_TR|8U{zpW*(n9RGB_a>-}BFZ}nDSBXO(=5yWak`GfZ`sjmaf5lrxFaE*zG0zvS_oc)F_oZAfT;qw1fKPe)JfS|)-!Sh7 zW|-bm;adL*evZcK|5N(-t2#Ibi@Ex3@K3bHys-V!-O9z^+k-sYetrdc>Pz4G)L=Z@ zg_|dl`%&h0_k!^t`Y8zgBi?}YSf=}m-xsy#smA|j^wex^EXB*m-zD+`p%&jebx%sagTpi=>H4# zq0@%%#5p#w@4ZR5<{{A^{u%l|DO}sl?n2$#xbL7(JaC`$A=Qgd@-XV5G<~ia z2cO6i#M6NMUE$hp=yKHm9&+z)aQ|KK!{j018jt@M;<5QPh&=lo*45jnpGu#w2fdxA zte`&1^OU~S|4JTNgg7JQ{bk}GYyG)PxQmC+!LU4^mO%XZUof*u(x;zr)yM8azYvw@ zJ>~Qi9rfc~>XTi3M;r2Y)hECw!_S+W&sgEdTK}J;K0XLan@1h*LH&ex7uL^>!Zpq$ z?=v_3`{bdnh{yO2^4MdYT!hB!-wU7kTIerj{KLqTe4c~l?MLNO51CHT+jGs#da&-5C0^uqoNhhn<`xI%j(MSpDLpM1=HV#ymjU;es}=! zWN*MY+WOOHBK`TCMjQ7>luJG%1w}CwNCVU>CPtg?im+xEIesUFgg4b#7dRo;75l`^G zf)>Kvyn7J&xBPrTp5yv&`9Dma%0X{+)pIKRb6+7&8{Y?n>+!KZ&)=CgZ-H=aH~brX zY@f4DxUSn}`Tfy$TsTa9WGVEvj>V@T|6U69+?M%SEnM@T;`g@HCI3$Ky3T}=;Tomz zi-FVO6W-xFVC!D_hfpWEzC>V@a|TuRGxg(Q5^?3ejm zA>7qZ;5qFtQ=jE?Yi%Fc@?qp{KA#WJlKs6}xV9TxjCx~tz1hNbT++oj??$gZZ@Kd+ z_Bsacm)oK~(%%g0p#=R8(m(NAXGfZnpZSQ!|KC?v;o9!$-=JNq+v}ZP<`>Tgt={et zuI=V|zm1)zeCd4Tygu-J>2i;vzdoYZ*zp{PNr>1`h`=2r_pfa-u}H$@bN!Fp6_6P7YNt<=Vl>qW9gqI4}Kme@+8{z zu1C9#seh3?{j=|gtz$o$eoJ9I=RL)7=W(z#ePZMh-gji_5I3+rSbd7Pg+v;B7M`DizC7?G5u z|E1*NwP?3J`HjN$IG#Tq6_p@QQ=bdy*EvqnQ9rf`*F0n&!noM+sNDj@lV9jN^?Lrz z4Z>BQn_j5@Sh&u|)QY%MMydaoyxIZQM4NBDor`rj{H z*Wq*r+9Po@XzWDM)A)=TJbhR?&Xd`=+G@w$r7rsfD& zfA12ktCQ$cVF~Q7ioAD%zj`Q6pRbzJ&x!uZ-e znooUt7<>|p^N4b3H#QXcwE6Nx8a%Na`7~bZW$<*BLj5($C2#T1(cdUi4I^@Up^F4*@bp!A8 z3C;wkdnN6?>6{+e)|U!wx?d?H-e$rL{~6o!qrQMk4np4iC|J6^YV z13bs?3&W^+-W9^NU*QADb7QtUoIKH@qw_hN^>z<^lH8}A!**XVA3m?RH2He+4C}<^ zMX8m@Ta4FBZ9m*gxM^tNehgN<#>sjp%U_P8Pj;K{h}F+|Z$h8o^ZW-;e}!@xujmT& z>ss=UjE_RzEQXqIAwS8$bFI%2?&>^=Iv-7+%gH0dF^(;m&*$iq@!E5qlx-Cqj7D7^|iaS7(N?ei1L#U~W_p4nf8 zyLq%3@ib?i6raoYA>(OF9t}L-;}YfSQy=l$@oNh8@teU*v)wPLkALYqV&h)%UG%ro zMywC^epUa6K*z3cOEL=0o@-_&%mY=3Zgt;uEcf{+48cwh^xD zaHGKcT>XT*{5LHe_YdhGyuP%V{+Uf!hb{hgA2AQyC*&B%znQ|D%6=PJJwXp~E)r$Ndle@&=<$tge#6wcXTm-|1~%w4C}F z@6)#Y|4N?Y=VBskywzIzyn=bUvJ9kcMqch?9GBy~{!oqlJmIR(HpaNyb@jQz z)j!7b^jg%vNqv<2Qp-=#Cx|o6^CO!Vrzscz{K@dQb@fW&F8*G=bKXq<5!5H2Lf*{( zL*crwNb-BP?fm7$_3+O;i2mAs@*3glpUt7&X&jd+)aUMpz9HM)LLT3VIMuzw7b?^DzzulG6plN|Rb`BddPj{IIT)Bhk`eSQdx%WnE)_&lFk z^f`B<_Upf|9{&fwM!5Dj%ypaT@g7kw@npCUwE8Uj1@wvG7#E9kh;Yqw@N;u-P@m@g zz?fz7F-+y+ALe}~=6~v!@K2o&f1J(9_ga$2KJs1XDzl3>D;J+6KR@1t{N%65D_`J< zosVB3{8;%JPQ8Bv^fq61IKA|Xb#D1NOnr#+%l2c>Z$ch|&prD_xaQgC{d;yDsrT35 z9>0IH9OGXg+|93FvEyw)o>9H@H#Q0R@yQ#010LtNSp3%tSD)0`n7=J~;G9i;g2xxj z&u;4T{2cwg^slfP{%O9SV)y&qAzas`zVG2UV)4wRJ`#A|-Pg(`p6rPjS<7epE#Q6x z>!cmuuMmE$@k*#(^5FA63LE!-onHK3!EtJK5js%sTg;&+9FA99b<~<4_RE-|UxM>^OP4&Sz z?q}YX3fKI!U};J-Oi_WlE=m%e)GBi2eccy z9=sppyke*3r`VhPC64cP$j1rSJY>1gvHpH7+{Lp2dA^eR@Q)bZ^v8wu-$A(Qqn(i- zyFY)3aP`kWk9f@gW#bDA*Wre{#7FD%0kk`v?e>dV!x)q-`0l)snM8dr;d-3y&gUDPMt-|+Z8vunTKs{0sng5;FmT=J zQ`Kv|jl}%2wX5FG@P9IJKGo52@d@1jIY7Ajgg!vK{W)Pa3fKH(cpr<^TcuyXJ$|2p z?R(D=my5?*;Bx`Q34O{zl;ai1NEtFYjZ1fI77C3JX_%pWoAj>hipcg=>E!yzj{7 z``5yCUc@V)Ul@JQtGx&M=sv`6{aU45{KNM^nPdDn?u9=5C-QJI`IF?aXE9#4lK)Dc zNI`G&;*vb#k3Nq2Y)bvD!rgfBxk(n!Vd1*&h57zbg8JtBsDB0iHtu(k$5w$qSOR~r zUbyBh^*S=<^90~W>eCNEZ~K{>_rpKR^9zgTRq|L}__Sj@o5|C^z{m8L{f2h4WiT)9 zD#9PEAkVz&J7C9)oNyiYB*(oG{r?uO;}YZboJ!>99)NyR;CcH49WVB-VZD{4evojR zn?&x%ox;^W#Or3JneOy*oH_^fa3BBZIqLo4;FpnC|DAc;<2zE9{5Ij{N#uS^qCOo) zK1cAEKPs1a@`3xKPW=P(Xlh_RX)9doJi_Ne*}8X=aILHGiHH-U;CUY_7k~duaLeb9 z)MxGox4NzSC-NL!jrka5oNa}>yiLXNw+zR3qH<|B%j;UU-^)?&b-_NcYzY`$a1cHz z-WNd|?@r-b|GNVBV=q#@_~&?k)JVqjJ9&uL4Q!uN?JxL8C!#(r{zrwo^(yc^;Jbut zyQ$aF-vs?n`5Qhy?;|>cytQ!6|4hDb(wzKe)k~boZfMu$#dGw@FdnOuGY>%@3*7g0 zuW(&ITL#w8$&SnWGJI}8nC(7HpXhSz|Ig+GIB5RdZ`k;DK8*NV@_CZBue(mTj&F+3 z?Rky<(^W6utGku;X8V?r&H&j&8#glK1 zb}i1kgdc02nI>H8vxxU=p% zdjAyk>o)SC;cw$Ul018n@0>0E zjB<%5QiO4|b-2NCh%@^E`n81dv=y%P5aII#!sMM)uW|l?{bWhTGe@|_A9)LL+J5z< zvdmiu{ar_&(Zba~8n};oj&SFbz&c?4+N)gRkIqG$FVUxUIn;BK_xYf8&$~~!>chOB z8KdlZN0dvP`9R)!mq(oOav1kJ=s!WY>SH|bv-Rg2;aZ|Iqsn5>CJhgE@<#_e~ z@2k0R^-niKgf?EEDA)e-`CU8sr+<;hc)b3UyjBJ1^C9dfyOzQ)7Lup=IUw_|bOPpS zl=mI^^l2*Gt&`K>WAmc3aE&t?I3A_Q<4KH{-S=4OM8uN}T%T_t-1)CZ9sbC6A0bci z{cBX0=Pja7b{s}_8TALrJ-&Z^33;_*^eYv(pQ^cVjX%ZXtnF`KCl7TgobRPVh(FX1 z<8mwgA0*E_f_Q99-x03;ihqv!wD)1Zpg#J6?;PxSx{vzAe&qQe{o7YWUB#RBaAc}1 znfmH4T;tEZhWXwX*qcrLnm`>crQSP?OwOl%n{b`K!S72gbrR-Lv@zPXI;kt%jeCc} z`n*QD_V+U6!S2hNNqxRG@{r*AuwHnWF&zD47xhuj7t3>~65E_#pir8IpO z3)giu6nMXNE%mWyFpev!Z&?*S;r59CQS#x+rC;$cd`GO#=L>iFX$<|<)Mv=kf5QI@ z^77T-ljQSkZCrYg=lQwXp45*KuKtm)(ceFqhiA=aSz#V_2-p3_3O<*tC4HJyN4x%m z(A#`}fjqPX-1Zxx8fZ6s5x7sEj>0t$9-kj>=ll1O=lQwFF!dYBGd++8JAO5;DL&G# z1g{hJqJEHY?XUMc+Fe%$zgVk!X*Yc`eC++uKk1Vx1%57lD%XNO!T0g4UssW51J7j| zBV5~!zverKv*w$CuitfG2B%+kW^;lxhuZYN&UYEM8^KhKfppGQ2U7|#*qS`WOB%jQMxu=@Y^b++Sj9N&R;z9c2r3Rj;L&#!G> zzeye$iukR5nx2OBITW}bufK4O-{?P)VSYBF z4nHREM;;5@FC7=I^Dac61obPZ&+-0t%SleStLFj8!+z>dt&8|`@A;0{{-LFE%})Y# zwS?pKBK6U|7#GWDPB`ir{!cRz$Jc{T?n30#j%!ndt3KTk`q7N%dFo?}p||U4mFh#E zEP?zyM}1@An*V$Y)Th1ga5eS0pRfa<`$N9VhYxi^Viee2V<+Er|wxp+3U8vihmo5I)}d@Ui(ag*?vlT-)C+5pHA0(A|&Ks+V>%t>M#> zIT=N{|=f#@StS5PP6Y^>MnZd$czy87amZts*a{nvekz(=>%!lVw z49D9cT=(ajc)xKK>iRJty>GvwK3}mo>7Tg=ddtsO^oezXztzv*nq8aS`ns$ApbzGwh_4pAQ;i*_v!>1NP-7hyi;+24v0@Niq?VJm&QDwlTC zf#u06QO=9eX_l9o@M?0i~4Xk=*v@IuQ}R{PR2Z%OFm4wwCl$)UN*j;2-p0i zI)aa2{J)X=MK~|OS-gC`U<>%C`963h`nOju{;ArC$MSO*c_e|nHKBeTdHe(4k-Fsd z&Vo<27(VsL$0(OLqc+qXX^T;umHKz2l@L-x!~JY~%7Y_4)0-3&iSh@Hx=uQs|e})tAEcye#tt z=HoDg?=?Rc@ehBeF#hYwd$V75{d2Z(jVBRBo^5T}pdq=qX zB-=pGzw#=y1o!y72-{zMq+I+%(~zIxjQ_q?;PI2tU)w)Ftz7$iGxS!6Td4Q{!nh3Q zL_NMWd^|pPr6m2^2-k7<58*u5=JgfSho_#@J{sgH4=e?IwY)k{24-p^ylBfkyW zjonmOZ#N3p_3G8YdG`aV7a#u_^w;WtKYfz?{G+{J)~2n-|KC?1;Vz&3v2NIPzbV4C zo+k%BpZ=n7J@1eH5^zqNc2--e#vvP?udotp*eMP7pc2{w++&d0c9`8`T@ec&?T+HU+NjIZTqiE^#aQSi6=d7?e^;iibw{7d`b-n|$X zJFgre{8;(CkNVtD_*~1BSLy(t{1t`cHBh+jZzu8l_(If=5w7(XE{T<}i2Nz~WOKeF z4avKAM4c?=a~(^O-z;4F8|Qfks?_t|RxbI;k3qkBQh&k)(1#n~_+sZ--GysB@$aBN zoBBIcuX*M?we!1u^!a~uoq4=fwkhG7{~;aaccWoSox9`r4F z>OpW@2cFUjekL0r{+4eY$n)IaV(tEpa?#IZeOFV9!>O&|fA$OL>?%Ycnh96?!~jHi z2pjA%^6(hMEy=hIxeEUHE5L2O*gzf&?4N1d2Kv#St5>Y2(9Q)tB}S zf8aZX40Re_%lPnl*6ZX0$diqbht}_=2zTRE;JvezYA^b^$?(Ve-3c9FAA29;gT+50 zTY^|-0WKTWA`B!D3^LgJ0m_e-d=Vic)kGK;*cWGY(xH-eWjb=PoC#s zSf9OIxR#p?oR2q9xVCRRTfBW|&_1#o`E29NE@xlC8@~tZVTRK?DqQnC!TSmLE6)qx z4FCOo@YCkCgmSS@|A~lIV?3V~?)oWp>XE-m`^e+4x9jL@JHh`@;9R5og}eND0V7Oz z>a3-`AK0g{-gw|Ucb^DXe^Pwksw{QBQ+?&rP*ZD{wzt4O6nM{Tf^hXmE|8ppjsHhz zALn`FHa?%(8TI-;a9%_M;Vw^lLuVBInX6p<@pyl}DtU!2@F&ZC0@sqCFI??o2Yg4& z|Ka4}BE;<;Htn{W{H2J4t#3nJ;lCHSe^N!bmK%Q$`C$F-3*j2)?AIV? zvD_NnP~R-?7ukH;UAfr%r4WbxoYz2Y6*-KRzE^)}zN4fo}^9%K( zfp!dchfaJR^46{&y9w8Fqdb?x{7DMeb{uj(#xc8}@G|*5-1lPZhfS(4{v-qMPZjil zes(3s&jkIvNVxO=L*&C9h4{sIR6yh?lqof!R`E?n!I zZUFmrv++tA6nNO7+O|Jil=p?S~52c287C zyEHGrFBa3@FM;}AS`z#Z+Gidt?tj}}Qm*)!=l930uMHBe{-?G;$L9TaluNl;-XF8} z-A#M{Tx5ui^F!~3eT?TOAzS2g0KLH@{7#~+e+CQJew_-u7oVVgJn)|TQ_989>;lxw z^1ReN)DPT8x>UI4Rg8I6iSdlmKF0H+?LOxO<)Rhc zs**Pn?sP6iJS{#0gloG;xDTf@?H{Loek$e{YnRu^!=0dWGwr=T&`+L#INV5HL>@T@ zewzO?$-NfPvH9*J;o85-a9m>gcpKGT^YeY*Dc7L>e(Ly>P_EtgySy*z75%yR`2VPI z)rs&uIE%x2;o9z@1L$`l>VK^E5`T~TvaDa9)ekzU*{z)AXSBbYJk0NI-$lNdJT?{e z-N1y~uUzzV^AI0fSKJwgzQ_8?jN<-H5U%Z&D1eUbe|Vkt@t-iFUQ`11z52sG7Pzl6 zi9ERk>zT!cuwNitXCE#I!Z4?H&yehx0c zA513q8=zdfzjsKv=%)uDuU?@3sQaOl7zzDz$W!F`=EdW)S-9p^nC~}Pe>|-A8i&C1 zvdROY@A11-WvPFUaE-$b#-TcSQtd^@=lzx#`IpXK)+d2=(Ko_1Zt?5T?slCxbP#kR zpJP0?@h~S`?Q^gDPTB77l^x7>=liM*r&pUiN^bFQVLb4Cir&Wiqg~#h{|^h-dL`x{ zo-dLAMV{;eKXYlgr+UlDvK?Z=X*GN^AKR&0rI*Dk!D6QTV^+Gi?5rwR2#4=@h< z;HO>3ohMxVjAneNu#7rwl}jFGc7R_){)E%v|M}aGxzq`DXzu82{_bb;cinrv;yq2w4X>G;`4gTs~3f9+>*RrwtAHvAv(fyTqm$u zybFcveal9H`QI))jX>NFAP6Z|C{s$h{j7{~FY9 zJreOubVEF^qoc!xYrCYE`OfnH>q{Qpj(N&r{;6>7?}q~SAHJl0@Oz!V3fDZ0J%n=C zmViTkg8t8dpSI3?k375-^|g7k)F{|THX?4;e{WDO`pIjcvzql?Py6r-u($RKjfQ=E z0{l5d`*!3}o_{rod?2|u5jvNXpE?Hq#Ac#gYnOy_@h7|5cb3g)|CVr#bNEff)5`sc z_Nl=4Q^I4Rlj3{IHaHKxNf?d`Y))x&M$#=X|;!7pRZ7S9=uw(`k9yn|7%gF zr*J)oEqCrHM@o{9rhSUz`6BWS)XyG5d(|QTOYOynBe$@@N(c`{)eRx1a!j&{4RyW9q2yz?0Oui}s-e?CrXE zwsP?^HUWMX(Z2k6wlDYpSU+kfT-!G~2|D#z?t|pvi{bxwP%id)ez(ZhnL~uD zPH_LsIJ3VV^|j~4tI0FG-!-cc4po?leCr)pPgWML<$B*?UfaQWt(9;s*ISQz*?ihl z?WJA9qu{^Yw|Sj9v1#z?!gHpUc}g*5+~8=RQC@ zFQU$1;o6UG;{7q}7thc>%6;RevtRhX-OoQgi8w?DV!pQPg&yRoIq=`|@O9y?T>{?? z`N4DwQ7?wmJ8LrhkMxF4b^3psa*1=I5OKEg*R+s2xv8+Xaq<{-GFj-` z{odFUDA(T#ZgKd8JUamGZuwR;1@@`q=ywtNIZnCw>AwzcIzP}p&V3`6&mEtHeQ-b0 zv&NrBoZqJY55hH`@v7*Lw*D;j6t2_f@Z33g>v`9Zds)m2m8f&4aF?Ie5g+{4^L8oM zeCB;W%b!c1Cg;BW`>4~OJQUb(|CDmce}6CHY3=o!aP>bt68=vq2ce>8ke_D-(RqC z(wl{PWlJE#@1|=-9vyn&)UCO0v%|1)bP;=tpttoTgm-%?+@-F_jqm$qU3p3Kacoi7lGJ)iJ8hpC&T%| z`rTf$zZWg|82uSBTm6*#4}s^}bA)UBJ+7ad(tfXU(T}(B9jQoOI7j32&wte%mwf&K zqGn0GZ@DZZF$T@`<{Vw08W{UdgTWf zkLLp8yuVbAaV|d(^L{jN9@GuOwSW0vApR3+|A=sHuh{9}w*FjA`}ju~C-)cN54HE6OnCI47oD1ed$G;r)dY$@>g=@K~_2{7`$Oq6q&;1*wlOc~hf%@9`dG-S6do$su ztuG8+;D3kvfS5$hT|h&tclnz0h~W;#1~jl$%`#K85xj$diHf z;funx+$g`NS&H_{)n5JF4xMx8XW>Hd=o9dNI_<9|_Zf!)))UTTh$T&qepNhZtK7Xufd-P*9q1x9fYgB z$9DYxd4xQDUGaE&i{YogANgSUe}i!KCm!%;811tqpkwQq$!afgi~a|B-h=VXsJ-aq z`5XjMlILhkP;PV&;=GjhJIP}_*BV~Q`gtk!1N&a$!c{-a=b=T^*+QOv0ON_}$@$Az z?zQm0AMNA9_4=jJR?IIp?>s_#e-J#WOZ$!FA?|0h+&iLNxYG_ zpSh2qbDTP9wHNM9K|6L}fW9YB)-2w?&Rhwda9P;DNu4IbwZ8rk#M9zGM7iiE?m)SH zXn)lz*hjX(Pa6+MDOZ1fFCPER!qxvU_tVB3bf)fMygtEHgxqi`J$9|~OG9dKOkUvXbV4CY>y zwa`hwQM}zp2zUEf_+9u$v|q3G((bXq`EqqKDEFqo{=?S7)z1*u`Q@lHTDZ1vawqcS z3G#X5F@C3s;qi8n=XoCW&$O?(4*o;~?^X39PnAZ!?7HcF;WoBV!u|M)_K`yP6Xq|g zyv6!HhjG}}`L`<<|I^&Zf^6};>EyAAXqTb_2$g>u^^I}AnZ=>KaE)iK0m`-O$B)eZ z8kEagct5JWlpCFj5y0Zs>>cQ&_&$z}V{a+f`1eGv#_|I6O?PaaKCp0`uPFvJzh6)*zjt6jC!Sf#MAPjHF@rKaBHtV!u2|0Kd&Qd zP=AVWjYBf`&-Np4{cT5-(!8FOkRI0k?J9 z+vJ&v$iqu$|CewrH^uY8E+((>DR@3`{_`cmHJ*OpJB+<)@2AlpUuC|n6t2&el7V*I zpgIztcq_D*_0#H~K|k{nxZP)n3s*n0_qT8!hS*@s$n%xZe@D>&oz#i*eH@GPQRDmI zr(H+a&%&S7O0=)d<70(uxv>LSCtIGRh3j>3o0HqS63ze5Xdj&Key4t#+kk$T z{I>Z0hnR4UPb>|8Y`m)aIpULLz0PNS?^G`K(ZG5Bt7xAO>=WB0T=Ol&wEdHaWO zt#33i?_97^{XD}v61dKKK)5USIWTa; zB!8Ut>0fBUA#n+Qll#4%+ zb%?V)&)Oqg%ME$R!olf7!PgN z{5joQ9ynj79_`zUem+E=<^4v>pQ>M?UinJxoTc@?%rgOsATJAspo$0uYKUEN)VKlj1 zxcU=*4tZ!g3&_1w!O=RNcg_yfE5~uw?n^Wlt~!|n@~{^5A1BXlMY%R^Y!j||elU>d zJ819oxu@yW+sSyohB(YEKmj9!Yq{wK&^Q0zCr@^O|5k2M4mz1L&@Q{nK&PQ_>(P z70;`ig*$!vZ~89@*F3D9D{lXZ(`V)X_TwAsB<91PzWm+&yWmeau%4MDT=OBj9r@Oz zB>vzqd2);IK!`eLeFOVgD{%bR^X?U{{VRBW!ehd9JS-cS*S1h6Tp4~AQUCPah(n0` zdo9PBDi{4!Z}{1d?b4t2sfNYlzsl@ShW!HCAEABhN3^50*Y)2r4xeK@vHe=3m211# zfxfkiw+B2mxVX-%!Zi-LACaHmvfPcrwZHe`JZS62gQ_F;ab6ET!#G^~9rW`V=-Ya1 zws4CHP2G>>YA-teT=;3@aQ(gDY3{qW>xC$J^c>{5y+8Goa;a~Q{joO-d5=8RzIYre zeh>ZFW6-gF+KJph1pWqfo>VUSS$@}k9r+UB8n?^`&_Bw!9imQx-%YUVqpClk+#L6P zMXB?!a?y`Jhq!ekUr+l8pNrXjrz$_9e@$J3{$)DDgu8a(eW$_H$toB9NMN65t$pA* z-tV%!>M8u++G{ZF)8`kD=PKozKivOw3(GD46XFxxKUQ71i|2LFnM3<~gzLDmZ9D2^ z*W;_zUi6dgeP?O&&Ti@?*pDpFYy6Dyb3x#K>7~L|C(re*EMwfilyZqrqFwQN?Iuso zLcg$>T=EO-GdZ-Em3tp~I`F*aQ{ncvC=vhtM!44Z$d2OmE!+=3Q+epyyw*~=_?dg( zcLKJ~f1LK=pJ2a-gO=s|DasPy%z%ez>k^!^C;KWX*VB& zzP|wZGl%+b3DiAD04!An-yehxZpTK_UX2Ny+-^+a|=Kn3iwcIGzMdexU zH02WK&@Pl{{UY=`c%J!oE$w@gXX_$v=aN6ITVd1RJg9Ajs)JfIwV~EOm{^F9z=D$hJUC(|NPh1acN(^U)hr;lgU%V(C+t@z%SMa zSN&|@{^2&`Pa{6oFRu76?7bz3vyBf^g=>9h^4y;KEcYX|m-b5VeIm<~D^ zFzxFe`}cTu6t3e&Y!AjmTW=)PUUYJI`c9z?`}+&z5xy^G_d~Xk`#hhp9Lqi9Pt?or z0e>t%KUFUJ@hiY<)Bb1L$6F&mE0TBk3;x79_>K%DA4=|xM?01!f1Esc-(b0LZI?uI z=v$l{9S4u!h4`DF!s+86P$em79Kwu`qN_H|jnMA|2L-ksf-{!Y2rCw_sB&F@zhLML+s zakG4$BwX#I%qwfhx5%?EAwG-gXO$ALkKB*(&Ej^OaP>3E`_k2DKa)JpbCzuU{FFM$ zwZ5}#O#7U2X|E)&XDvS~mMrPwJf7pE-Pda1cx5lgdC>Bzr*PFt@%&qBuT{#$&-ml0 zm#w3^l!E^`=G&L_r;l*84-LD@5%hY`+d=NtL;DV7y9_H0`@{|4wr=09T>J^MU)cOI zrVMztKCVZs9lug8xj`|Fg8|9L*wwsB)V?Xy3^zB=u9k|()u zzYclpli_E04eB+PypM2=L-JO%m)+-l!`aj5Z$Ca3?$!z1M`z>Auc{+{=D6-U#J{=e z6qK9$6Xo_Ke^I#FM|r)_kbIqT@h9~)+QsJmil@Rpv;_PL+7A$}>*3I;xYHFPe^|J- zS7ayRkN!qZ(kM;)vJPbOddgGYSYg)!c{-Qeo>SBd1o)*r{;Y>rnxs?_`j_`zoJeea6MkP zD(dC&evyq=4=a~)J+8Mc&%M*YbBz#B;~mITTnE~?IzhO$W3CnY*U&Pkz!KW$)6nU{ zdL5^IqI5e)Y+OC-bmUbk@EpGu`6W5zn~hgj3)g&(^SdFHsQ-j;^(PWI=lM(^6F{wk-}ZM+<#kze7bP$zgd3w&DuS!IuifP$yhI4 zz&!kcJkI+Gc7OY#YVapJ4CCH|)E^~W%Z*nlKEAz7p17=~v$THkzUoN1;RnENeh;4s zoor>a*AVJoAzbaFFQUE=kWZ$4FrEu&ALmxf%e=hpPFzOstd-31j0(-mf7e7n< z(fIradBSewO;@h=f$P~N$S1MRX@gc=0N)Ms&F0u z8}T~A#-$IOJ&peM<40#N&!Kp}L72ZgDBShmB=Ua@d7Bz2H+X#%7q0eEo>Nzv_6wCu zee>hdE=A;pMc_W4zgzp>p~Fnc+NQe)g{go|pvx?Rsi~a`7{9JK_^5fI}yo10H-&v$Jr$?@>GO zoZ^1r+Fq*z?_EwH-xnBfr;yJLJa3vN+~q^yod1u7>%2dY*EQB({-AxD?^(wf&yMFp zC)*csE8qk$K)BX7&3W)#+CNGATp`A{j^r!UUgGKTe75f7;o9Jls}N6X_dd!+KX)AC z-oQfq!D8|h``2sK*)LqjflT0ht=}D&^JxR`N1s#&_S*vICN&nWex|PWowBw25aDio z_z>-TI{isHoeJKHK>VLp9nIURh#N)~&wHEtUf}!nzmwmi<5o+B4xxhD#DaaaQXnLgeC^4PP8XK&iC7Owdj2z_@)xb;SP&_gO_~ z-{=DP8T}mn`Wn`EgmCpI|9f$Nz7?+J=Dx#t9-~gh`p}PZU#pF`cL{g*nFIawA@bva z^EVaA8#_^(2l%v1pcR9!btTF{b?y&>+AD<{Av}!DA(5c$CYc|_CdKeZr|JhJU0{eQfJpapG1pE9dX_xQeVa9DzeTv_+i!dxVfR~pH~YZ%STDE){%6Y}{&xT85#{24nBT=S|9_@^ zu1oRw48Iih$~W+xC${cQI!@>Q_Twem=du{_K4d=sDBR_33h}h@?aD^*C&v9naoP_O zuKlq#&jqr$EfB78j`MzC36{N;I+@>~Z}Ua9%U~Z3>=SDv+~pg;r)=ZiV&$Tr-i`iZ z@p(_U=Iyw^cdWjrPK@7QuzHPd4EqefKVo@4PPqD?TZn%23hTR7xcU?3InS1#b(_GS zR2$^aG}gDDaJ@e~jOXMRkv~oQSRuxlM_7SBgloC^%h4`lX@BzN&`-n>w={W7x%iV@ zfjIPJLO(?N)Sd9BH5(vHo_rAb_7HW#O`(%3UpxF4i=!|k-cLAdHVx(8`05z!E=@@fBFhn|2y%$DrA=&Yarb9 zqrJW>@zg>Td|q4V_@5$wm{#8X!qq;*_X4ckOWMKz5ec~S2TYGgD?&8Du6AP%{mpsjLkIkR)%7m z8O5TGslDda6Npa(@_N^zy<$9fq9l1Q;c6cb+?SY0p5^#&dGfaEXufqt{tu5m@nFjt8id=6UinnTMlgUeLJp z+8lTGwdv1{|1n=I7OwMDD)8O;kA!O+qC0%2VB>S;>)>aS_hT)8dXq=^UWT>xQsFwk zXL;WqYI6B3+}&pzgPwII{V&-O`mtX*|FU6580Y+MaoeO^{LJ2q_OgT>Z_l;uCejwEwc|i$2=fh+dakcY99S;d?R!sJZHwn;TOm=(~yT1 zX}?Ff`XBiid29Cv{v;1|Lw|pw4E~_oO^m}G&^ettBb94E{n&S;Hu-wtE;vc3RJsNA3VwI*0`hztv~Q07M1^Z!d3^82;xJmdl$&ac za;MOKtJC5C`P+|u)QNY3|4-8YvpXX`e+Ax0Xhohq1#$DKb&GIU?jI=E`o&AawY@T& zFCw&mi}o?@->^7e-UaoF%(=>0E-u6$yeM49f!X}N61?@i{c11ujdno$+Bnm=D|C`P z#|GIb->nv|I@?Zw|28ii7Os9K0_VP-(G5JBLOvX${}&6_{<1Bw&!>mlYy7`Lp4&Qe zjc_;4@VxHo)cHfW=3ym1Co+Eat+0>toEaM@7bq9~aC_e=G^EZk@)+L}vFEehZi9Wk z7yP&9<7wsEE`fD#PPmTeQ@J0Y7xjM=?)vpkQeLKoc1m0g5DO~HDVts9X zd6o9Dz&^Aiv`_HFWBM`5w3B_e%ahvn$7~@>QDGQaG&MAOZ(I~a2uC8^n`uz z{pFFuRX-NEeo50l$M0pApr1dGC)mE7$xph2`s>k8SCU^Y-1)!RcjP?s2ZU?CSQxmk z_#|~=2N7qxzWabW9^X5wMx8QuLgxgY>s5+8BwWi)Tm^sbCGW3X;ugQR`1rqt_K{Ao zxBgi7F4%ibk^kRN=MLqfA6xT=W3SfMSlYO+hgSUUwo%*dH$qw@zbAx zcI?V>BX>h5)D3=G`>qjgIZspfW0TqQIi}6y<$FUv+7J3RkNCnhukv#c{}L3tjrJbz zpIdx>R<3bw3V*D>+a~}z37BL zD?TsJ5w8025?oOfK zv`;Mnw|4)}{m=*B4-C7!7rzO%G^xN;D9obzUH>O7)cf~QRKQezV z9s)nJd{5cN(zeQ_zB!)5WA>|PA39XLUMD^Po%|Wdx1Z=w7vbtp7d}5NN!~;4ML*pF z^@@-$CQlWir(3zdkcWOkxua=cV<^_W$xwSo@LSKjQn*|1{T6rJ^01e1ja#@b%H2Sn zCxoj%ncGpWwaZV&>5t`k?P1V~1ojuT6z<~2?@pTiI@%{{qTEyg3jUGyv3V%h=7pxi z5zlN5#M9bwsB-bs{~bCOpZ91VkAt5}{Spt-pG6oSjb*nvx zdV@U9e)k%64pAq>=ioLDUpEpu(fiUkH85*@LR-UglhWgs+OxL!9MS%Lg1OZ}{HH_lv% zc-p?5rlY}AE5Pl($5`R!GbP-QX^zV{!0)-+KK$2JNBqg~+?&qq81=@0`#cZ9^5+rq zXa)3NtMA+7`C;(K_+R8OdO1pS{2@QcrcJALj~v31~Y)QLQca%)qk<0H_CzEr$FzAjvKQY(FD zY3rrkw9oQ>=9MhB-ZZx3Gl7Vwsr_(+(0`=`qKif^9PGDXAfp8tSQ{3+tqx~Ir@0^OAa#}sSO0U| zM_rZtfO7FO#_^;B`PoVMnGbw7}=gse6&n7Pl&s zsUJstEI;Gq`T5YtDCBw7o`8Lf`}Ay_x!(99wEH%WGy8>WJ_ny?Rh@!3M6>W`a3P%S zCS2Pw(-QuSWgQY~uW{h@c$j=8?ZcDM?n$=qHrmJ9!G9Zvt30XgF6ZC!K3j}Bt%Pg4 zq?7Q+uGi)YSAUW}LEq~8747r=(7%RJr^8bix7YJLSi24#EnIc-k3z@dKi%2O^;+P4 z=T*Wr-?D*xdt121!RI~!Yp)?sqyNSO`%6a(*Lr0F_jMNux4DL{yC0irpPqtxP3AA} zeFpw#7x|7nO8$&+^~dA7)arG~RFs>Yj(iwG`$5Xp|A75=;X3~01N#hj3D>yAINp|^ zPQ_`^k5ofEtuC#EYurk5JTd$B!c`~oy6+Ss)ES~W>JRTnSv*&ghq>OcdFO;@q2s-e za=TI|DqQ0n9)|0q_2ko(i+&_f-@m96<^8Unv~NEh_L;!-=33#Jw^8md4b%Q-;aaaS z?-SM}KWPU2{2qRmX1};axcZakbNR>E@0OA0H~CKC66$OfuI&=xew#4)4(exkPNS83 zoH}8?zlLbYIi)k?IB!_ivd0 zR|wa9XcM?D>q7hF%@`kS{Xa{%#xs}4`13OpXtmmlKcT7U7q(8Q{v3F!F7n)CoQIM} zxxdKr^IhTEj#C5suPUaX6XkO~%eTJ5HU81S_ebuhee5atW9ymUl&k-rfcIlOuXvvR zUx)GS2J#8yDPGrDoHr;Joye7_*J0Y1n+=`JOz4>Xt;)qd83nibZUpTkbD?8#UP&I$ z!cWu53wQbaCi3AB%RPM#^kW{{Ybkjb^7M7 z^Iu2dY9HbL0b5TlQZD+jz`pu-oQ|x20{iHGqfRW)uWP*s{qS{&!#Q+epz$u?HZGm{ z63R_KjW}OH`-#Fe&pUEIw%xB-p!VW_j{7%E$DfP%q~1c@N)$ml4E%KK9j)V30zK%Q7=T^eqp6Q7-Y!-GzFUr~OIuVV~kU z$NU+oT;tF8Aga)QweWvy#|^@@-_7IxAC&HS2mgnC*#*##G((=8!uVXNT>TH^|I_4= z?r5(%^rzm-un%=XK0inPs&er^^ff#=kNO=JqFoZ}5y?fgzeBi|8=r#sSR69s;S6+a z94PY&bfSC@s4{h03fDM<*)BuKhX_}H!WY8-8sxJ~X94tW++L^l;!i4Y9q}i1@|*{o zQK$VP*!z4QQHuO!;hMKz;5#Wxg#TMRzNb3kXM*2Hw)y=i_2XB;Pm53VRoKUQ4y5Jh z67ukV)YtlTwKV*U^#Hf=YAU(M{ixQD_L@DfM~n}C4RMZhzrDq6z3_jl*LLBqUL`TU z+5GjJa2@~Cf$yRoQ+v%r_R}K9^TEZ?N#6t=>v!vwYySL&dRcrbEMd7@kmuGe1Ia@J zaHVPQHGeDI&5wcoMaOBMy9?#ob>eGF;eTzOlUAF4t`n~QM7}_K8Q&vZuNQKBzx9C< z_=9H4kSEmw>$=v$HExl5@Uv`5*gr}81kdRz%W_{8uKxRfpxlB2{Ng>;k#b}0;eS)w zd#|&;)eyHP!^CH1o~uYp;NQ?o7nl{JfVu5jdx4x^UNC+@Hy?c^S1A{S^D7 z<#YFy(9aA-K3IRxDi`}a_iftx|Lj%ZxdXoQ{9O9~33)8Af2_)C_>=q-@nm{>QQ@i| ziGqJbou%Z_Le#f5`F`pI&m$`TCj1Y6&+ZE0Iu0cH-If@2deS~K0rj0hzSVeOzx__- z;-|;wmF7>CHRxaSdA(`%I?H(A+_1}pyZH0E$>Kj&x#UUmFGSwPlNGf0e)gS*HO)`q z+P?W^;I{59T#NO_&aJrfP>J?u2v_|SzvEMyyd8PI8sco@_Auc(zpM(>YqW4JH})#Z z9Y>u-sw45q^@fh+?G+h}=Vf=ton?sjU4%RP+2}8W$zLW9KZ9|@)?=5igMEzW-Pyjc zmCChVoJTC4?cPEhss`fFL%5ck?TCD{em$2wzZlmq=Kr6&)@APmf35K1Y9!lY8I#j#wO) zzN_tchL^1~%5jVT*TU7$NH5ga)<3P*gQxjDvc?=Z7Aw~{?1%mfPR;Y~dk;MJ8~nGt zdQG^?la=6esB>JnuA`D)ARnqyr|5m?L@t8;S_*X(u6fupa6hLr`J_O8-Y#6r4Rifw z_nBuq&cgooVl;PDvpycO%!?nC5Tq7M2U{>t<27Ors) zy$4d{)I9H1^8B{ujzq|hlV^SbxBl4tBl@!#{3Y5yMV_F(tyk0J(F(1dAYA>AHiSQR-7!tL#w`>$fA2H37yZOo^miK{s&7Evp3D0@ z41?EFxZ39i!`{~CQ-y0g4%t_{|1J{l`rYrS*LDi6bM_UyRAB$uH{`qc{-DiM{}rzF zig!djZ5>trbMX8r7$0n$ykEKa>HUUsEpPXc=lC3as*ARK$7dtjch^qzQ~68x?^faJ ze`2}s{=dzq4++=tD!l^r4Z+-7PJ4eC+V=()`~!I=3Z0{6@CRpZQvHAayI8o!v)9|u zxB2vX;Ti{z`y|KmPe&V1qyJt+zQpNE{shi9-mLZ#pAh#Mq8E7H<(t`Fd~Sj)^1MF6 zwcIrKSDZ}!N0e)v`JIB==>B(E5lh_aChP1y$xc09@fpI%V`|LRMT)Y4F znQ-?Ug!{P4Qs+0d7k{!b=v#kzek*uBus`qz{GDsOMkWs*LEBiIQQcid5q`wglS*t3&y`J{IPkw1$kyK%6*ykG2xnr z*Nxt;ZzjW{o%{Q~6@&*Zb{@79n0qFkMjPQ*~f%y`*vdgviun+T%XG?-Hd)`8 zw}pjp=)$kyPig@Ag{^0vRxUcRm*Kz73#){yeyp$W1oEuc_tXjTxwegaBff@y_9xhz z{xsoEXDjmI5OwCMz369n{*U?pChgN-BhC%1T$ycHBZI_=GnW1tDouXkq?&VyM()S;}+!qJnEmfOLXMi-Fbh2+x&Q) za2NmEp;JWr%R{dZG}DQ~C#v$T(MpL{v; zt->|V*Yf=li^E@PFFKj$&|hqP=<+RimhWFYNu3wT(<#JrKKXv(+Ah7mDjt7-58{)G zz<-|=p_+B3*A{O+MWS2|3dnp(WR z9rr>%#ylUxdQBt`{Rw~UI&_C{ZTB$0H}MwjL*LW?z<$ME!qwjU3UR=w<#}VteV!L; z<3ox(_6h9GpN*<7I>GluO8fxsZH1qg)1Tqwk#E5Z3h;|de`I~H1)od%k;1Kwh}@5- zh3mMze;fLXt>|3xgM(LU8b!`oJSlq1$( z#t8p6e_j&q;=u2ZkD$&j@?15H^FNVa@DuEl{SZ&f|DScLSZa>P+XHl-js-bWfpJpicR}RFtE0=QPy%7hSUzX86#`n}LKL5$n{sFYtIrOKO za?NM%H?w~6C3*J0DA)3&&H>n`8$rj)ZAKpEcNy$CR43))XO8El-ob|1N*>yayfr^B zI|%(K-{UJwKcm96-(}xMeQ#vD+^6;$hh}I;^XCA$&-aV1UHbnD{lq+!Yxik$%2g+D z4)*znV4n)y54oE>b`Q$6d4GX$^)t%r)|&Kxz1oX@q%GR_Ao(eWp`Y!Al}taz=RxIS zpXB@0$ZF3k{TsN?b3UzJ!^v}ezr)sPpOL5QA>VBLto=Lu%#_2t(~JJxAYAhy#dYJ; zCGd-dv`-&HCXc249^pD)ObvXmx&9I8_l~sir>wwO@6{(@Y8=7es(9nSGcxUgyW~>`B?IN7uZ{z zX9-t-7Oz21!Efa?7PXgh6C6)$Jz4WO@^&8YTUve&6s~cLy@dE6i{uy$XMct_Brva4 z_e!~WXL+CXk;h{ydET7U$c@vumJZ*ViM+qr(xmq3kc8DwlGz zf$#NPPzF57^`!YTNVxhF4ZOGVgxYJIUqyZG`ga3)cqHbLk&I9EvanC}fjwUbkfpa(q2-k9RU7>ID z>15Rrp5pr~XdTbHRX#kb8IGF#t1AY9|02%NjJLAmH8EDU z$5{ zV8?{3KMC#=wPR)Kz$`$lYBx>C93C+B@@uP24O_yoSMy@Wh<8v2FJr=L(i!|xg( zs-8EuDs<9Gka29APsrne?=1W-T;q^gjP@#`{SBvKUGYB8N9sjBL%7UhW5KNym6O~a+YOjU(NB#Ui>5U zM{C~}!Zn_`#?ZHV-6mY)AD#n0hf`+>?IZ7E-dt0FUu>a$p63Qwzl&DG_|q$JALb_E zIxmE>XfNwWD}`&hX+8(BdhJp!ex~>y1k=_#`ApbHzkr{1pZPK2_P2E1{di8e=53t! z|81Py>+GezJRjTg@T9ZQzLC|4TWyLp7p{ILlZb=$-+ReJ+;`EP_TMQN|6`ZKPyE;O zjtl=cKTkay?UHW}{n=J7d1^@;N9vNtgsVT9mQc3%KSiGU$#<5uX#XK~g8P@grG5Sp z=-9fkZy5TqXbY!c^WgK!rCymf;0>w&BkjXSpkw3J{nc5oz&Zc3jBiD~tiOLDT=l)C zSQm|E!_=t(9zEE~m55b}Tt|?{Mxk7LpZB36_#fi@ZsTO#n&7d(I&+|K?HAd1;7^MJ zRBVab3(vm^ebn0Xs@8%|WFj)k;(VWQ)ro!%%i9>A*~+E8a$h0;TT=hOrgJsQJxKdD z=RiOE3hYbL{z2h-T@&Vc)QxDrnD(*qh@0KNYH%+6iT#E3n6=lf!gZZ+A)l9ps53yg z);F2KJjn2SUntjnptOdZ&V0@sOM$^Fi-FQWYra&MpSi1m>t zg{z-K0@tmtsJ-~}0MfdYyA9(@ovYO={Rxb65v?(5c|9seoA4ME4 zVfm}%@e;1>N~m+LYv4#f$vWpCy$jw zKAg*PFRI6UTL}Nlk>4m>{fuo#d@K&nE0=P^^}vVG{;+VDR~s?zCCHmz0Q+oD*k4Zm zVUq&)esu2gQ6%{Bm)L8)()@l%$+fE#hzOHD9^dXMRB5rWuFE5%7E;l-q!% zyr5j_mF0TO>UESnG7a%J9&G@f_y@)F`E}uzV}Gx}hmK1>ea&}xFMoNII*|p%bxvvc z?>e=FtDote(6Q^LG%AJ}y@acN?g6yd%?0?yIN`d^j|R@4PpXd8H{1mE zvg?JT!u2`Jk#k2m0UKvdxfu4bsi@ajmV2RaEjPRX`8?Asu|nuC;(&POrSLz|54Rp4Z(;BT zIWGN(_y4Wj=g2ej5r4ZswvPI7&YRYM>ota-S)R96mW8wvuK5sJk9@Ovd5mzEKYUId zru_u!#JOLtEBWWDBlXSlInK4@4V!>xh9V9&F8xZLAAxqU^>(An;b-V)^p|%zE-e(U zex`OpXEycEZ3^x!hrQKzBzd?l+Hn=_mkW1!dp7L9B;Q2)SOfHzu@(6L;7>tm8frgJ^Zgu-dMQW$9djb8S=QZm+vKgfcY*)K9%;F+3;sE zd0`8U+duzR7Owiy!1ug*I{Sa#FB(gGZxZGaWU1W$C(l2GJY346(k&66Fz37B#_=0fhTz`rM2%J$|Y{G9}$7O>E|rk``5!C)2Y-3_7U!juyL<5dG-p} zW7P7z`fU-P?9(8xuwLDTJ3qN@EMmD2lE=rR|5|b2DI z&@P+F-x99lPlof9<=gkP4_-$fCl8))d|L$9_^S7>>F<@Ty@fXPE?Ne50Z!Y9$Y8#jB@cO!S{V^Jzwbt z@XS8skL7I#;nt>R=H-NN&7XAOe(b}- zHEtoE=g^gLxVQ`3@ngito(FXjuJ-Z3{hTGrH4aas9r0J5SF0=SHz017SDneTkAfGm z+|PvT{fB5^pZRIspp)K)2-Kkcz2tH3m$r5}NS@=luXdm6>|3D|X8*PEaG`SXKOQ)b zD@Xg>bEucKOVisB=jDMo-zr?=6PsN;Pv(+`1NS8gW3bOmM7!U}dRW?=b{i`hP`>MUhpYgQ$aVB*lf#=r; zsT17qeZrm4Pv)Rsg8G+{hk4y?_dRYCuImv0U5vC*+9!l-y;8i7XXDideEF+bY% z!hi09eUj(e&8N;Va&G|QV|o5x<)V}1dqAaVe||6ML=O6nSi3wy?(;dU>6~yk{Lcr@ zBRW;M>Zkd9#K!7I!v8HFZl`^C4C>Xi5DvYpT;kvlM?PD*vEI=%=Ns$BGg=b;^Cd)x#4;J)jT!nM9W&v`)BdEU3e^}742 zFLB*!`&tX`g-)F3kKIpyDht>8#`s*LJNdh`PyC8{m1YM%r4P!@&q90#)4siN-Vg6b zzF4^CTP|=e*-GIWxBMrFPxV6l!7l0qzXSM(v#03aew@;m{si9d=qlW`dtm?GAhnnJ zW?wDdzU!zHeda2sj#_(Oq#yJ{TYblCvh1jG(aG?+Lv8YYAiJx#;Ak!rty1{7Cy~1=QD`Yt+3D_6d#~ww@fK zTd%ir5Ji_&x=`2&O{v1U7ZT){h^`+bpzr$tYQq4gq*FOq>Y`xS% zxRx8@JZ1MQ-c>I8@&1U+3|BkPYc!ZTyso!)>_+Z|(Z4#D#UG3y5B-34G(X=FZn34b z`>{>!)gN9LH{&n&J9{~wFp#(9hQOaV_n$CLyyn8SUfI6I*FQ689|@d`o>qIQZ-o82 zI?Mf;IzG>JJe~a4!3B~J|NM9T1MnwW8F9Fcd6E{c<5D>A++jI+p6BP=^+is&`ky)p zI+iERhl1yCZte=dfG$i`F8=3lMgEUqxpxhNePX}wEG>WD75;DY!hYfEXCwMkmHJhO zL*J{0cC@;;RjzT~2!HIl;6dYE!AnzTnelz_$HuE4s2^Ja`v$Z>X$0b#<9&Xc$Ilb) z+Uo@P^9FzMt#a`vGPkW$Fh5H_2%X?Q=d*VJW~mL5#v)XfpYVKavKWQI6TX9Kk!$cH%z#T1HX?ml=^Qd z7e7-kBMvqW6pmt?ze2lMf4o$<+t1ABvzF&0g}Zj-xNZ41nL6nvh+BgK6ud;alpAFp zmf!`_r>djz|J8SfwjO?9H2m>6o}57cCkfa3KKvC%Y@0{c2-p0N@w>)h+OH?~0_(s} zg{%L`ixCIAF8hVtKS=86ATW1J&?Rz>h=P>Ozkw@40 zj@bCndMx4){s_Dp?WYOX>*(b9sISF&soIPGkvq}iHt!#yPJTb?HJ>^yAA)}NIdB_K z`U+S76TA;*W=!hW1^h(F#HLR#JqC}%bh4(_5IE8^YsG!VvgEN zyC+_Oj?KS~9|6zZ2X6O==L=Vz_)h3NNc}ABz3!-&<#Vrb$cIGWd+2?IYq`-qXqOcw zAyocR_@85Z?7FzWa`ltf*VeCB(ca_xT$Sk0m%`Q0(0urLN+Eu6-gxNeZ$i0)7>8Sh zYrpV6$N2CF?H8!M@bo~`%kC%K_!xM+o$rLLzO%?9+*fAf-df@6PjJ8D7v#a~-+~G7 zC-MpWF`e^;t3TdO_+!^!oz-6Sqi?_;yUrb<_QDfygEw*BdfwyYeqfyZmim#F7=I4Z zzWPMQfzO>S4+jX>a{cAS%YBMGxNmtWd4}u!hSdL5_0@mwZ#;+Gn*@FD1^9CX+v^aTY?^1ct} zBX%QikJ?LolABR(C)%I>1bFxtaLb=NgzNZLm+y&~&Pd_fzPZjQ_fhI>RUP4xPzy&a zJ{L>@PyP!1#k3zJTy?_h(T>B(=aWY_K&Lx-R=Cb1ow%Re;`5v8OT8lBL*Lr{z9&&` zd=~tCo;q)l`y;{Ukym;O{sf=nTp(Qa!*iiOnf3$7{fCfO7XOdPJ-!EF<9WTO8MiFz zTbepO$fL{P&%y%yVySQ~*W>wYwoX3n8PqHK0?Hjy2>U_8HJ+IZ!FN+@VjQrN_jfHFbdhf!%6#Y**dwDL;b7NxU>xHX7A-?xv*GGG) z6FCbyx6}TTX|RuML%ZAkiUGpa|5RXq<{H|kxNq6kw_mBfl6F(||AJ?+PH4pY z$(BDi3RnAhEBM2(d5RO@J@>Jk zM}KP1guQ>zcf{uR_mpcMa=(H3(_j|tQ-g|^`=#)I8xQxZz3BLX`=TwM0}qdcj*UOB zk;ktBw{nk?=ZBzuEe=68e6#pp{5*J$?QY}P zRN<-<<@)(%>a0*MI_Ylc*Ha4ci*2eS_UT_yE`IBIr_6@FKMD1+@v5(KvCj;Ly^X7D zg#TMScTp$D>sE_f>p9TRE`q-0ZBn`D`@FAf@jUSb+8_3v;}*{r%Edm}ubCW&7HExmjP_IR_|F7u>_N}#k5&n1?taEyn#vj~69uK_#wNAO{ zdl#U-KJ~ZIKF9kER^J*gQNJhbEpFck|F<|7&V_xR_i1hXZ%dxO1v>V(4=ERa(q)T} zlPiV0>#Y4(I}eZ3&wa|(|JRVulQ^Ci&eL(Df>)mJIof!2mT=A6EZ-}yL7hIrRVO{) zccdNp6Xdbi!7n6VqWUua{Fm2jXOeHCee^rTzZCheYA^oO8`mlc#z8Se82D$n)(mf7K^nC0y&9;e8mp9z1gac$oM3tzTay+&wo8oD<%Q_KAzo zUX~9_$i4X(2dqCgU`0 z?w8i?N%GvU#raLIA#S_a7IoaqthLUUt8|&SJzfc+O{Y;p$Ja z8uH5gd5k<0I4{dv0v(U<^I9FN33qXO9{tyNQ}XbS7?*4x=2GRFx1-Qr7U$!%j~+rC z?Ed-arO*!r-VZ9X3_78m(C<^|!s?AyF7?WOUA*6I7p~VA;{y9wzM)Qx?*p3uC%=yR z=F34R!aQjy+_mEbaLfPQ%B5cEz84bCG_KaeWz^v7V><1G2iJhh=2R>3GJ5!@@+Hqy*-GJT?hTBT>KBcigvNQYO`9)t?YS$eaL-;t9^7~ zar?dGnYW>D@$d2`>Kpt{*--N24)n(wtiyN0HExMX;N!^~u0gqBuIuc2bFgrYPiATH z>$oRr?{U3t@jquR^y4}B*@^mFh3mNbE#LD+@Akav8S!808+;CagK!r&?vp8^&T8Qr zw_bdo-TKQe)scFozQ=fF<4nnQ(1~ory69Z?_om9lKK&K^wCkGpg{z<6Z!g}z_E5)< zV0^IoxB6Su-wz%0XPR*JC(m=$O40viYA@X9^IXXQ_ivwYEq5TF*Hpx#m^i`R2-SZF<>vZ;TfWT^uJNzR z_q%O;TOnNi$^DLXLUsDHO?5O5GZ6pF$-BL)_W%4hLb$ej_HD%3+Wix?SN<{Dm(A!M zp?&Nd--%h?j$99&NNcPs4zj3~!qrc2H}c>1Eo@MG;o1A)r=2TO>pkeim?!W`&XrZJ zI-{Xue68`J$nYEK=wa%3ufo#mb@lt`UtjM)zS+FcRk+3>{a5k4eM-3cAH1*oCUu7L zoSB-eZ>O#Q{yz8~)fb&i5BOv4JN5&V>vJESjaMgp2>aZ3#r^LoT*rqScz=)S4K0>*<`WW}>(f(ud6z|WQKcSE5{};ZqTtWNVFr?(x0p$>i?}*LcRif&BpTUZ0}eDBu6G`T7uf zygJIAL;Jd)q1@P7s+gE>(5~yYk~YZpE|S1v*WA){h5A_6z=-hYV)G;xOkd#$fOQ1BYVP}{>@0!k?|tF_~MH%zB{=6$EE)m?KIA_U&i!yAno5O{U7>+%c^B4?eCQS z>H0r^Deccl{LEDPzxo#$p69P#QZ4$NJ}T``OCFqV|HW@0c(Q-~DfI`Oci+VDgM!tc z|E9-(p5fe)_D}pJ?qB#l?*Bg0K9lyA+=D~G&(Bah@b;Y8S2YYD_uskwiJ!crM%a~c zo~Cxd^U(jp?f+5QzfIa-csI|h_xJ5G&fN*03vGA$q+jN79_}*TYQOClqn+fdSIYZz zA0*>{lk~szyFC8)N&7FMUGbCDd&i~cdHhkx_|g38N6}9GTYtvz|E7%dJoN`2Uid9; z*Le7I8Ruca=X*;3#;N1t3|JJW^|4SprgC74Gw3D3nZ=_DU zmM8yj>HpBX86M3~KKIuIPKg)N=j$%o)w)uC)n7n6;q!8;{`v3IIDoV8XN;e(5jb0K z<8jjVibH9?`==~7o=X3(l=dfnmCx_*O8bxLarz9umh)f!cEQ7^^Sqk=|2^6X{-^(( z&tq4{dH-Lh_UxZmqn+S?_NRCpjkmYX>HqE2ANzah4;Y@$lOfyh;Pz+U^NMQuNNN8( z-7a=@4d;(adr{;cP3N`WVE79!<8ie7{6@6Xyw6MgzuvEZhIZPQ?@qpYs!F zr+vBf%e=q01V4Ww?azM$@7JeG```F2zF*2IKXM)IgolSD4^-3hKSw)_|E$=-zFfxn zF=>BJ-V69NY5yY`=UJ)$ug~?Hf1C077eB)i4xh3@;rr1}^R}d})O*P|FZ~^Ee^~Nc zwY+gC?azHV@1x%LpP+WY`S4$3JZQVYUrGCOf1mNp+^K+fOc@XVN6P+iigp_3uJF}A z5qN$?^~XC4zsdKhrsuaw|7X9O;nDkB{XK^Nxqrs@pw=Hh6Yc68{afCbx61fmO8wQm zOjo=L$bovCcXIo_^zXkQeCeGwJYRrzh0lM@eEW?;KYxLCn)i9J^S@HY`M`H^|4Skd zT$lDcXjgXoU$@8qI<(U`&wM4r|K8I7hiDuc|5e(N9+`mIR;W@3J{%7gm`hBJcEnjW^A&>vC#LsIyJSFYVr0lW(1MQ@5z9FS=e&8R; zdN&x)T0XB)JK(>2joUSU_-1K;THYfr2_Ak9?TXIDzN**zM`)*cAO0!k1DZd7#2@p# z4`1c+eHrH;p`FGldVIc~lJ*~<{($F&UB*LE+ADv;?M2b=K0(^Qi`p^H=yQ3TBWZv5 zPx%}@k$MmGHE5^tA8zsZTD}@kJH~lR{FPdMc*UP_`?J5pbk3)sP`FC%wC|EH{6?Ag z%h0ayBj@oY(*CV7&fUMx96;~yd;U4~&;I!^v{RkH_xUsXoPH|W3C_FMnGeilf(i8p z{)-PY{)IghzKr?<&ZjT&dJkl(pOSGN{zhKc>!kfvf5GsNewg{&%ccF}(N5zOUc&QU zk$JyX`al0Q-2bzr|6S@&`9?Sr`0buaU`IjKXd$N6R5|KIVvA0r#~ zq3_A_7B_6VeN5Uf{WPDKPmlxoGicW|Z;(&n9cU*w3#s?(e+TXAzWxEGpO$=7doLOX za$U&qe6zHlqMh*n#Lr(+E!uAXgJ`Go@(C&X!;e#c;tvx4qxa=i@6F@f{Wj*Syt+c+ zS9H77b=B~{!b4XZ~sun{|;&g-kuWsgTCMY z677VycZ&U4ulIxBkNdyyO2&`Qm-#HTE4@`E^QC|w3qY# zKJg}A>4yuPeYC6ny2^B`{UcvU?STL3xAJIu&pWi6`AO6)#Y5+~Q-B&W5Ohq5j`1$*2C-_IV?R)dPsU7%# zLDr@1qA!1l+wcA;kN>cmrBHYr?L-eBlzNB#Gtus{Gk-pfgL$9(I>y`oDdYU4jQ_%~ z@%S45pZ|fp-se;D=a-<6pRfNQ?O%g-T2~2vpU z)DHLyAI|r}(*n>NKA8JodX(|-Q3B6*N&6F5?e;&={hLfD8gDm0gvY-mb@n_N=X=qv z_~fTBJRc%>`w{97JUnro$Jh7EuS$DM;u5tT{?)Hy{CrL79DO|6X`F({6}s3=jWrq44d}{*2fyHJpD)?ZD?#uV8xkdRbTW zq1@gQd+)x?d;P<>{dtK8j?aa(Kk@e&PA%vE&A-O|i@(e5e7XyTe?skqw{3<{%ZX}LE2RHpXeanbAIp3|pZ9-3{Q>{86~^aVrT-67f3&|KaWz^$eV2^$ zP>u1U>3rjF@c7ROKiBQQP3;)x;eWz>;NxZd`bTj8!mnIXEt;O+A?;878n^3tpZ=Sm zALs>lrS3PM%0l6L(N62Sn~F#JIkeNdo)WoK_kRcVNBgBs9$&-x(8G+kVhV3hP&@iR zE%9lZpMN{rX`JWf{XreC@*kxCbKk}@{ynw2LgAOtPW=42l)dY1XeT-6S*dTM@6DHg zq`>dYd^b{98Q! zGh)Be{=|;7Kl=$huWtW7v=jgQ)f9jD_tYQrJ}2)&ex%^xSERl0TBbvNpT6p&`2H%U z>}j8gb{gk}uVVW7ei`RGrM>mRd_uJx`y?xx~@J`3$c4-fqt#&c2N`BoYK+3#dLYy5oBtGWN^L;2p(euUSdo#1@_ z3m8tlUtdA(7=QHN7|(Bz@&Ajozwp^S{trp}$GnF7KlNTVK0ia+pZ`j3|HPN_2VX7i z={U)sk@kllV|@O+jQ_~TFr3evF`OSI?O!A9FZ=|LujTw#y_WIz=2Tqkr>OQ<6`o1i z8~3FD7yLByx4$LhzXk1zFa0*3qkk;zKPv6TcQBkoxfovYvE0A-$Lue7AL)OHcG};& z|L;h(==1eY(N1`7NqrT~lYdmkx%<7m-cOWq-X{H@c&Ux&5BuAUpXbD%uJ`>8+6n$A zdJO0Od+owGUNZ=E&W^nn(0Bqf8*mYKGAt9U+)<0q%XWy z;<`0Gf2FklXL;XH%hlhFcA~@Qev{#8$=vVt@eF6-r40Y8rTx{?-ufzr=Xq&=8`=q; zyT8Qe^wXvN1O5)<;RUI)`ci3s6zw$c6Mw|x==1ya(*L>N;(gcr_U+UkczgI`dHm0L zZyxA_AK`JH`ZD|6eVMcuQ}%&Bm-b6?&t4LE{^9F*{3rf|$N$2Y@DD#q?SS)nc~4yH zDceO}*InTQT7Hy_V+b1{uiR1`0b@sp7NJde~e%J$Bc)Mmj1u5`oFU9p%Uk* z{gvmxR=;|}jPV95|e#{KV#pGD)Ri*|x@ z^f<3quj|XHKiZ%FcBT`}55G;uX-OQ*YXzX6mi8wkUt9CNYjvLYVX1Rfl>Selo$k}O zr1Y#Wkp3@7{@_6R{}HtVo@eDf4ms|H*EG2OiLYlkzf1ZbOZ(^tE~yqR=YKV|<9t0M zc5h9GZn z^G4Es8SMnm(_$C;+tU6O)F17w)IIWl$vAgk#^>Fa{y!(HizhuFlJ+^Z0L(@xM>TX{GGC zdzYmD5AnHvtMva4v@86}xzOkFdFlVczr3V+e!ld7-^)DC)8EJK`hF>*o$mL4F7YZi zrT^zj`-a3PGZhsI{|W6hZ$b2NJ#Y64ulI#_@w)Uq`z_M`%-^x;@aL%=<6M&bbj{~K zc|+R2g7K;8^Z%3fr=;GahW}GGd0pvv;5VV2#((O^cwX)2{V&pf_jCAsY4{&%a{t1+ z7(W`Ge~EUrUy=`{*Y(G`y~^Xf_9cwChpzHCPo(VaPokap>TgJ%mzKM}MEZ|pAN6{F znA$-<1*!A@NwP0H*96WlX8e4twEwWQKlDC~|3?I#zd}2~|H9k2{Rf3^AAXd_zxz6S zUml}&;O%*-+oSo+^V0um$rIOn=8Lwtf9p>e9*xiE&`$HF^Xc9p?ZsCzAJBLxbjH)k zbars?NT(14*Ee>8?XBItASiUhad;R_rr|i4_JdAuI0z@`(H#bdz2Sbl7j&n?@g!)^ zP79r3f7A=7VfT?*rBQZw3J#({6tu_V_E``PrsK21!MNQIgYK-~Kf@=+-vacUT3tJ* z?ci|M9(NzSgUtO98;GVR7wVFBk&IU^E_{o?#t9WjX_vx31sDf2Y>$0e|f~VXz+! zx=r=xxOJSF&2xa1g~=;rKdfY%YT2enrpeC^?`Mbiv%~w@;r#}->)PXQyv0bW0!Khz z^SD_Zhm%=vieKmdmfng|78Rv(2K-VMuu>MVQg+?t?7GX@b(gclm$So{v%^=i!&kDy zSF#JLR5NR=)U!?58LQbDtA6IgY8HrUc0twb@U`rA)Uq?yvNP7QD6D1ISjz%Y%PzZ? zg{z*0tDc3co`tKP#Y8>39rY~q^(^%DEcEp(^z|(CjVut2?2L`<@Qv(Po{KGb*-t&s z@vVamcn&_`IS!Xs&TfJ4Wmn-lVDY^yntTU*zMtJd-vOWRXSdMzvm54vRizn@@8CFo zDZ4?wgXj3Ay20FR)?e;}@6+v2>kNCn_B7n;G@DO0n>%~KUNLBv_Gbs@`1a)d-&Q)) zvyqy0bFd#zyypdbe%|S2hzm@PMR&u_@pP-x@o)$B_i?dL!(e*;WyB+$tZbys$?ArR zRyWjSbG9m6ZASMzR(&w*k7k1ow($I$mVA5>+QH1hVTg%Io@zkS9f$2c&PxzM=50f` zcrWF-}$h2gbMv91Vqz`$fUVZ1;hNWw!f7#l~#+fsX6b2x{+r zVm!%Y_hHv~vir1Y$z=Cq&-&qH(mo8;1#n*GUynb|-clJcvEtiWF53rconCt~iAdY^ zV5UhFUH-We1W|wF`6LTME7o1}34c{{jQKa4bW1}b+PE#0`jEw@N8{m1FrEz*xrgKN zaNOLvp-dP1Z7e0gy%Y@&-FGayHDCaNZA4webPZ-DYKMO7R~(vwL+SM^S_KXwcD>bG?$uV z9S;56cPQw-Lqqo+D!T8`(S3)K?mM(}-=U`a4n5s>Xyv{`E%zOIx$jWSeQ4(MPOPU+ zEZb9Yw$*{numtGrmf?%fYdsJ

jv!gnw$zcj86|?q^QZcJ9mx@`6C>665 zQ7UFByHw1c#!@j$#U;-%ua{j%$zcm9IcxzXhh3uNumzMHwt$ku7Ep3nEla**9S)9E za&V-QgIkmw+@b_ZgiW07qT60+Ha+mF!E_klKkCiajp?oz?BL(l(QXOMu4SKGXxZ+s;$?fhY}dN&pXM*z7B06v_jhwv{s=D6e0z?& z2g>R6h&H{-|E0ER*{-|4OCdmytVYy3$P3Xw#gk^Y9^OgAiKH=*`EVWza6{%n!AaA- zlsDd5jDmUJ#VGKZ1~j}D4pP4@KteTzgn3`i!-9v4GY=Zn>2LRgQJ+q~`VR&1VkEe~ zic!FaRYtWCVEv-!%aQ;Y(-S|UW*TWQ$-SIC{f~HHka?D_&T@K8=xvLa?*1xXx*S*6 z+U=j_E*`pzy?FO`b2q-Mk+*mqohJO)rzDvoWMJv4&EA>qf)-q{(m_KAu^udg`t`iet`uQ+u0ibIF5ICS`mLpQHD^ze#9 z53e|!;}wSp3DByhe67-=XD{idl1=!|z@yWfi27 zLqW=}tDJ3eSRu0ub(r|FDk+q+tCEv>)ci+`7OD4V}+RJx@d-;ywE?3w|BMV(A3tY(&23T@L_mmt_Hm*bB z2y7{3slDVN_mab^T6S=pvcrZ}c7RfLMdCSZZDq&pRd%qGiUR``$8sx^RR`j$ z4wIpS0ahKHsOm7wR2{3WI_`9bi=gVbs%sA3S#ubAYYqc$&0)Z;IfAchj;h6BqDhwrH2kWU?l zz5yibyT&WsQFkNXGR93+8;1u$zdcHBw))<1)O_=--D|dRhw6(JH)A|lLwyt9-r922 z7}4c*65-zK3=x<qO%bn8o?sCUN(|!V(I`Y@I>Eq^ ze%l1%x~90N=qCOAfj$InH&-q1BWeF|=g|Yb!f$%d*42RCf56%8mn3cC5GT zh#@UI?w+zkmMtS*G|dCcjyPHeOD#KGfXcZfGU(Ri@}P4BS3dF#S|+6%0$@pZf&@8+ z05`AOVAkuk+SAU_HYhAPNnRNl4~Ib=lv+H%pX8SsM6?|ojAk-fV{3A2c#{Sp(Y1UP zPKRcpd(d`~mFI9qE4h*l9Fe~z2U{#TZlscflb0Mi zb=jepl^q_`vO{hxJ7NvW4#}tNIz`9|N>gOTfxn8wt6FiKj*0`mii7H_j#ESlN}6pJ zNmIBP_J?Cu6_}g)#YfwdqiUIX>g%KF(QX)m-l2&+8Gl>5ayAWHQ|MJU66K_^8B!k9 z=GDvU8Yt0!;0vCP{^pghwkOlwussIZ4{>GSaDdQ#ZfUiV5;Z|q5&xC)t;}!hts#Pd zpc*NH-)RpH!v&n)b8&hv!|8YHLDcl>r2aH})17b>PNQjro2W3DbBr8&={v+&-$CPG z;xX**d z*gM;3kES!E1~s3g%goYI%a^;|Pg6V8*i}m5Za6iVN^KXZW0Qlk=93(-WC4W13hEmd zi-D*eLs-Nl+bWcpWdg6dfk5I7iq5(+i+V_}Ynr;aw>5dZ-HW=9?OmgKE}TrnDRhzlW=3>7W8q256@a_BFT6~)$?kveK_Hc z+0`tDP<`K=blM}=Os&ZAwE?KFKHnNlp_=2!5iTr9TSi~n-K#?&xEmi47&WrUH%X?# z2yBJp-drRmTU(Xh!%1|SqkGMubeLJ_29x#LYgn|ybs-O-YPDew>P%p)GmMW7B8u}^ z4y9kb**@D36`m6=;6(MVpGdWpt;wTEs!Y&dd2EnsXb;X1MG`|+!QV@M^7lIaey9jH z?$W>x3bCrK&Td}IBIr4ES{PwF#mZzdj|ySLOCV5xHy~1fFQtAjr~Y0^{oPz4jbBUs zUQhkKk^H@?;3=jX3<$Z00U|dTFmi(dBsUmPa)SXTHvmqOw@mza#Jcu|pEe6;d{&)Y z((_yRZg0rMtq7$|E$Y9FFXCOTZB1BGqdkqg7K8E@)ShNxf)LhTba3Y4tDfU-_Z+ej zd1updhUc)dd5+jj&mmWN4lTiR$W^{0(#>~h4t_D~uW?A0J|a}6!->-Utc~$m!Q0p% zZbpc{H!UwYwd&4<>bS8H^UQl3Iy<&;8Q$aA`-K^^HKa*T!UOPn!jf)N%*2)!iW{9^ zO!AV+h`i#)!J<}^Nulr1*;iUqeJ8HI+r34t_6Xa3XJ2Ve^>sqF?SyQ5>Ku2rsMVhB zrW2F8HPttCjeB#jsMQ|fR@c>6x2F0!@q0^JQ+=H{yXC}L%emr~6S9_b#VseDwIbKr zT29DxtG$Yrlg@UX@b2Dm&9>{LGu>*>w(EpUx7vOGu5)c~bneg_M=r?T=vtfiXxl|R zNwWoox7~Ju?A^NKY<|4$0@??wbs@=z)xvdb{F{-U)dI%fJ93U+y3+0=5i!f1%pa_g z@WZt2+Rf6H*-_*o%hI(mLNHx(7(du^+&Jo^@P`AcZRkd>JwRm)Bu~1&xP9oxVCnWa zI%~VWfQXC)5y#|v?K@-HBpcklc0Y0vSNZZ7H9}ltS-)6=m9LE3M}5~c<&E|@(iCWa z11h=Gm&K%h8TJvb=U7d7!}ulr%?QOyT;E(9PLK32_BS{hhchP*9u4=$A#!mt7hw4Y zl3I_PE8Px9og>%gl()}1b8xVI)}8aqPWU7ycR{dw28=pax`*Sk?P90py|6bsbdg#a zXRJMNL0!3g9Kt>=+h8HCas^&rXxy`*pxp~$e^pT(JfbjOD57o*=la*bFkMUeK@c8N2 zy^EFIXmHf-IU(F@1BI~KI>6YA_QM$S7Vy=}<9;}ZC$oRMf-OPCAs6neSB9fue|X?R zWA)1HaPD^-N8xyQCv=Xv0YdEcoJg)VaY%+E_ixw2;rMXQ8m`Tr1fHiZ(yCsYjr+4Z z`taFne>8#}+fB$-`!{Rvs@L1c?Rhx6L6^pyG40>%F>kcb+DE~*a}C?TG-&S%Z@c~7 z?Ow2P6y0%t*E)h3DQLMUsR~NkZx2r9{1yc`;;!2g-$lXWkv?@cKKCLNpK2c-Imom6 z*dcg&%xtYS)HYzMi4KNinb7`mYXEA3eb05_)>1#(U*5zaI>W!Nb<}PS2ZzI+o1kEr z#95Err>V9(1DBYy{q@ZdqyeJR*QbS``Zd_~Flmei`_~)b7Q@Mr`=+Sh?sbE$DNd_! zaciyW*S*>Jj{Dcv(GUz^&V5qfZO_Iq#G~|rW8)gPaHXj`V&*!}4FU`1yh)5n6D}CL zLfGk}05&g|VB{Bfk-rk`qOKV(hb(#H_p{y*2m4n0(1lUIyoE1uv-JW9ApMwkTQHPw zf*UEEZ_EJau`I*tQ=w(-4rkLN8ff3WnA!%mR$aZ9_lM&M{15YHII&-E9-cw0z$N%- zgqaU}XQLw#vaLDmFxUrE1Teq1Y zHntu8q|NGg)6q}btbVr~{iMz6*K+ieHml#Rqo1@{{oa`LI|8MX72~+w14#{(MWcPt z8;ycDhy7X59fLr|sL^-%ptm(Zj{OxB_CZ(d_w=Z*>c{a2Tpv#xhV06C5C~9J4sweQ z%5!zAVe+U$QG40|g(1^MHHSCZa|8x?4!fA=$N=>mwldEVK;${>XPzSf4^;p&AbSqq zr{{?9@*Mt9557t`b{Ji#JQq!eZ6uBa!Dx7b|C2qP_j46y*)#$@hX>Phc#l1Yf8TR> z);x#z*mK0;d5Doa4m(I>Q#2C|VJK51lVrqrHMFW?I54ll;i8j)o+H}8b3_?>j#xL(5t-#VBC|Y4IHKps9Pk|RYMvub&T~X6 zc#haP&yiu^IU*W7N3gBui2U~)L2;g=3ZLhQZ1Ww#DZV2(#dmN!-w~taJ2;^4;C8+v zZpn9eTYQJN#dk!d`i?*&-w}`K1AkQM^$6;252Bkoywq?Uji(5$Q-8{iq!BDleAs|fyDafK)a2p zn7b-IMJ=2V%h=Lb#0_VzdE58n-%(X2gy~`w98mDR*9aaPoIp+pcEa`q#;pxFJXNOTD$`5LN<=481OF_WLV48reK{^LCG!4XZ zKn!(d3Qr>oOV(VThZu!H5FSw#Ur7>5Nm2AW*PNZ;4$_Oh+@Tw1--U*jSJAyF(j`2d zW)V|I^|@|yK(63!izyAEb2pBTGF|<0vMrNQ*a6{b;_J}|^C+-&?1C*byjNDWhe7F_ zKGJk9sQ~NX7y+xt8i{G)r?Uw~WIEZN!L^Iy0wF?r>f0YBgQyBtFd0!!3x!cN%lHq9 zc@jZuyN6HKuRawVJ#t*%KnTAautv#Z;A1mwTkrXTS*U0^9Bn zD#y_znxYaZ`*tZp8b(kmV0|)fBP@ALMM^zy6T?1EJrP4ne~$N5EQutAdaln>)7wLI zdRy0t;1TVXfy*n=N-k5$aTO+p=@bl9vi!<)1vEEDw|B3+ zcrevBv2qo?vkuUB74W03iuXh0`sqmR$pgoc=QU9;Q-=$z1)ge;%8|=gHN&K1eFvOXdA6HhUwb?Six_gF_M2K$h>>&x6 zN~I&#wcTGEjQK?k*X8ly435!hizMH5V4FULUn4{u@~DF8bkrWum9rMWdA@-+Bu}h? zkmr}L4#y{Wu0}%^^Z4}uuSi5sc`X_~P~4het_CR-=AW=jj1~T~-5F~7M^hvot_!&# zz-%M4%Y^z z`UX6OYXgl}bI~I}F0#Ux- z?2+paN}rP3AY2}-jb>UWDROO~LGs^zgdoiIvDuYw??1VL%);q#eZ=jCwj&NvJpiuY zwb?$uxOoQk1W$!%AMDy#sJyBcnv|Q9#NBmZqFzO=JZ(T<52!p*fY*lReQyKag~!#~ zw(AC)SBmePwZWHHyoHpLu)970Ra(($*jqQdtVg_48={mtwHbDLYjFsDxWbjwVNJn9 zjZd~@>;GRf^m!IsWIA4(t@TQ_Nqa4Bq6R-*zJ|Q4x;yQzAy_Cgv8GmHpDxRFi}iq! z5fzb$->%K21VbZ=f2@ms?=^O#w}it3#T&%cwH}cRHKaSO51NWCgmD(6QA37r<&?BCz()!0!xIqtf8geQRu zywK1u9)xCLfSQflNVDz~^kC+AU6USgF{FQPaR}}f*T0|2Wkwlp-ttg%?AZ23Pv+=Y zFXG+l@l%Bwc`9V>!3ko%JFd^7ft}05kRIF(?%`Qi*fq3P_+SkN`4HxjWbxoIW}NS| zpF&~J+TOL1&UDxvC16_+t_31fxx5yDiXSE&lwIM$0WIgn%C5T4nx255Lqt>x+I`kh zgwLusd8p(-%rC!S;Kj$bCViv(D_b1m z3|7Hl+LX2m;7X|TN!6Fyrz%|L!b`P0;|&$ovK<~w?-h4NHPTLWcy!N0d06Qcyh*6; zr(CzBwWiG?s|`yDX^u}d2Tqo<{S(L~2? z8Jf<;U>c*@yUzz#ac~-K*dxdZ8EA4TJCrieibDVtPNrHg$*Kgc`BSWd*5{AzyDuk?QW_VJR_1lkGN-69=yNuMzSu?Rc&yIhJHVQ~Z6wU{>{n>Kw zX&hw@8TS)S9DHol{JPJWlGB>X)4bn6aEeY`&F_9s&#^~Z{eQsznCzc)&l5)Aa7AE@yI3u0bI_wY55mPEFv#<{3kqTN5_RuBxN^9M&i*o0(AMDoC zm*oSYy;K7C_02&l7W2Woj~3&WoUEo0vQD^lR)biRQ}|bFIDDWIxN%k%fJrRofr2UKRHNkm`fRUNUf!|4>u_?@52LMf_6fL*RHC<#nU!)L zeD0uKOK0uDH7m4Rz^(_0+K(cT7@ihw*6FfN6-`+`d|GenS>QQ?Y0cA=#|oG(ACK!b z&u7`{DJZV=;I3w)D8GfG)QPy*%22W9!dM9(99EKt6Rtz?)Ny2@V8uQHF%;k*0DSABM5TFHm1q&M00^6;k0Mydw!eTKiZ z+Zm1!7G}NxO4UzQj(_H+s~2-Ft7r(0IX|)Fal*pVIGOYlO*uj_mW4{BhtvTQOJRx0 zeFZ?oW96RRS(9}IkT}P^7pS_;7YC|t^Io6|UnHo)b3kS5%d5bWJ)+&Ea(=zw6$y-RA8(h$`fPdBy+tndrJTx3Uzw|*we*;|PvatD zTLEB;hR+Y9o1Aihw{$abP+X6_tS0QwJ$C+O&pn1KS^3=2SF`xJ!{=ZBd_J%W1SG{v z(*R~yTQ)AY^bERq`!&HRA40rb` zU@?Zv4@262z6wCnW9Em(^2)CQ6l=iTa4d23uK=(mGvtQUGlL0M0GBmhZYXqk!U_P; zL*<@3mBg_E5K<%Nhok~oxQmJh!vP+kLNTpXz>*#_KQwkM$0}g4N6Zh2D{X2O@VLg! z50xD{vI=j``s*ibSmf3S+q3FwChOv;uJEjGP;?q%h+OfJp|+J-@SpS`JW_9t!8c z7dQ;gaq=&(WSPiUT;wNJLe5)JWuNr0t1IV|9(h$Yd{X1Cgnm*xw~A^#DKPU>kyZ3B z$Lf}|QXLgYPf_HC!*`bF%>mES)9N1i0>{-oQ0^6anS#lySY3A13#=?VNbXg+OWEdF z*)lqE51bn=&w3ba1@PDd=7%Fwcz4x|Iy=D%nQCV69GF~sA`u@t8+1tF(+_B`B-SE3 zZ0=o39_G%mzGak~3?}pE@P>K*tzmfD2}e_^`kFJr%`a}Ap*&~QX{s-Q&vSh2`Fazy z<0%K2b$Uzf9R0o8ibi$)2jxriDy`@= zl#1C3S!?G5vhZX8*?V9W&}2u=4N-iPt(Z`gaaW`3@;8ZX!7LSfQ>#iz&^ctyu388HWT zm(qMP+DeE%87}``dCuo%b8VaR(-rTabBm71aKJyL=uVm5J z%i&DYPC+_*%V)FuFCX80r6cEpGM_A;W&ZODIp-=o_Y;pa7oYUC- zmyhqP3XpTI`QKh>UMV5AoH8Br%C{Gqm&=dkI1!F{<=Y(d+8O+LG3@v%$6VAV0e_&Uejb2F6lPQQ4791zUU=FJPjk`Z#i;7+T}JO6^O zm(QKap3OO{`@0dmybU$ zF*N6N3qM~zyO{=>bH>akd1grxJ#){J`egYmaW-epDeV5a#y840F2DCNzR`dA_~}&4 zoXc>2mSZ*};WF<`=}&UZVkbA|oyhUk^10&ls+_af{g;nFFY_tqbPGRUK6@s`Dd)8A z?{duN$~($C=iF~|%xh#U<()45Nsd_@$wPT(oA+ssS&cNIytAc0$uUbh2Pp4U&hK)} zXC?aNoh+ko{))JUS^S=i;pH%STV;+vJ?Y^;M3! z()l!bXLEj+V?H})Chu&HuX4=g%7@822{q&`?agPFdP zbB@d>%V$}bK9Y0VOztrFoHH)?c=^oPF!h|X&iQcp zjP4-xoU<Na8)be>jCmkiKm0mIM5Q7sP^kG@JyOFl_ETxzjT+oq|Hml^L-&X|}G~ z!|Yb*WP%g41KE}k#6H3nhl6RtJ!q!VIP}X%I6JJU{pM58YxJ>aone184kwea8;sh~ zI0$=Te+v(sE#2Xk8o9K2^>Sr*3hHj+`8V3Z?Wow?-Y+(rl|W$uTt>kOto5S-ItEAW zLAMu%KKk7vXXRmMf z?u267tpNpr(%YILdZecl$@+u3BpxAw&&XuHhA@tu0!CqA5IK3O37 z1qTxd%y$m!8Zj3*h*T?K&M9p9Q&7hVGnRN4YW?9LJR4CKZ;Y7jeUE^}nVudEXA{uw zB$$LF6CeF(tHsBmLC99efk?&+WaqIvyEX8a%{^qb_PW!9Q9xJ4!$JwO6#6l$YMd4(Jk)(xGmTL)y^YQo#Qt=YYh6E*M&S&|%h{nlQT- zqW44qD%fqXI zhl=lN!VH25$QJmY(MVfS>TuE{lU@xA(1J%B{BF=~wxVQ#a}T<#Oz%p}s&HsG2l~t^ zZZ!@e5e!cP6p-(?$GALoDsnPQ^*HR%HNZQs$Fx}qP!D+R(^HwwM!j(B`fd9|>b7;A zJ|OO?IB1ie&{SMRkW=BK72id3uAoghlDoT8uQCIh8XxqqmT){CDy}O`r{2d#K(?H0 zoiyu2H7Lm+HjV4a;E5UXChCq!0z?<;dk74!5*S?97^Ksz$Gwamp2<#hId@qxb~<%K zZS{%zAhPu#MY6;p>gUt#BVf&S;;+(es*C;>u(C*}S_M?qqU0C4+X!7i4uZ|~ z9%Z>^hw0bs7Rx}jgLc$|uxy|4oN%LF)J47d!s1qgeTD?1Yu}Z zW=cQlbG11lj)|7b!Pa&Bg?MJOaMFP$)$3lmbZvX<%0}Qn;y+SJwz$@T7~46XZf#CB zXS8$ueeg$IkJDy~AVE>x@XZi&iGRx;&Sm2JnV+4LWoXeoO-o$yY)a_aHe)LnoUJa z9L6_7e6PCoA>e@|8GK1{k*!m7pdMQCYLz9&t*D7te@ACc1%O^=?e>T&ounkgn3Q+2 zbe86KtnPu^&ZD@xNdq)5WOAiSwul9IXi+o@_2nQsW#|~o6?H;0hjST)q)vL8JY14U zrPB-BW0R_4?oNl)x_$b5_qeaFKG-ryj4!6XzLru%M=ENQMkS@26+d(8@XaDX0tV($ z2@@go8N#WFiWX4<{-t}nx818(FbQ~PiWodksY3x-nM6s`x=V33h=?POrdk*>X5vMY zL>Ai*V%ZJCQ)-1uT!Jb?g1a(L&A(!p%|Ntbp*eG~T<0po5RGd&CS8C;;Hs-sAzF)? z8F10lW~J0%Z+fJfVzF(39mG%DL9h)A4u{E(g}LMxNPREZ(3j^Pdl`SGw$~qcCLV;yLbPU_p45@s?C2y4W z2huqh>W;FKG*``By0|z@y_ty01i4B)5QN(A16P_yc`0K@^7kDW#oALP^=J((!kNUa zTSS@3NqAMUGmNwM`0lhp@{IzT2G&G?^@?;D%%%rkb!#(X`xY)z2y#1?xJVjz1?;pE zv^FCmdi+bH?`i=cW$~M1%%S-OVM~p%Db^1B`G(yA*lNUr@)l0_b^Hq}bn}=%YwZQ3 zW3skG1Caz%LWRSG-46+UH#!mQ`!P_lEMFQzl1SPwCYF*yqi*sxx{tckq_Q4_*dB;j%Md^Nm5L0Vu((O|Ws+ZMShONxA^g5Eaw82}u ze&HS?(+;MCUos4aW7zYojU#(dv=0Yy0H0MjhR3ZJ^~r13Q{1uyf12u#nnU_dfeHbq zAZ&uuAzf(sU;yck}gjBp{|Q5hdZWU7T%hPFF_r!2<~>r+lr z`f>M=fFW3t+ng2BI`Xg{k0x}iK}h;qC%e|Z{zO?O!D@{=%kw+xde{CH5+YVbu-E}M z2D4QtBL~{_4qXeVHdV)jEk-bD*^0JJ|30P?m$HpBT>@f>Tj~7XOdPnAFuY?q<|+!6 zFdHXcC9g<_mM|Q38DwQgCy&+~o{fPg!|}ATMJE*eOxa}HZJ4O=?~{;8AO^($SY~jM zp|p&~GvV`tOE1XE)RlN%I8<+XL2OlkYOKEpvXG4C#Bz z5J(Ld)n03{_R1~~(D#9`SUJVYHdeaU8}7Gzkjj;Z7U%cg%wjOv7Xv=U=B_jgBMImL z{Y_ALHadtpY18i>uC!S~9%ax+EGXj~ckYl)HaLOWYf$jv3@-^oEQQk~g-s$2!W2n6?qOLl0fqJa52-oszSD|_j$CrC>kHa|*i(0cq9%6M%q;(XHtrWY|8kQDf zQrw7nXxg3aEpTVsD}$N{b<@SO#K863GL)%gM!wL;BVZz{)Wj&86wCru#MjIcV$mA)fX4$j6F@^ zMSYHgnGvPPKbiJgX{g9S^CF#AGBE1XXGz_1$Q)2D^Q9TWBQ3z@4q(n~-4k~jNmi_% zS%+U{PfLurJkH%1H(KGi$0iQOkzqfluj8vO zR_HC~oMtF1vDr8oh?ntbJN1QT^>hMN4ZQJ2$M8?y&6=`Y56?i1Yys8F$5nT4 z4uY70C-2o+_H{_hC6ofIJ;+twe?01gFkF^`&fMR!p=wRy&d~LLD97mS@ zeFaf*P^e)$pB`EI3(;2!g)0nv1dev#Km(58ztKEe+45@pXW-p%NdS3r?{(UYv?^$| zUf&l>1pw3FmO_`}(N1)g$>^`tabsVUT5y|)ARB{%xE>A)xy|=kEWRjt-z6Q%0+Jw7 zMWE*jtMxos-UwkNeo@o}{-Mh{7MT#!P0^%uaL-LfC2VJVFc_*>BW&q3I-DWMloZiv zI~u^y2c8JEk^f0}gG5D=dTIGWZ3{Tn=0N!z!Kt(xNTluyS@>{>wY^=L_!L=E z+%!cO18Is2n)1QY6SG3jr!x&S=Yt(w1SDcQqRRr)`2CpAAcEs8!;`K5*jyrN5{o86 zQ9+3&m#nfe!Y{&W(1le&g|5NYPI0oLPt$cP{6>e}kQqQCZy={6d#{-kOavxF1Jv_e zxthxfqm{VT{NIzM6pTrcI04FjDFg*U>YIjFaHrkmJ58I~oa6~`QfU*t!DXY1PFGnOL1)w%t z9d@i~d^x2317-nmCwN7rnKsq>DcJddC<3=pH#}(1dQ-(YR5-X2oP-@={e(o<*-)#> zeMPa*VB9oph9_?v^lw)jP2N|8 z^W_90GlGJelo6({kJ!4da6Rd?2SGGxPAOfXWbgs_bw*hqADwC=ycvHpmQ25Ks4W&x z3?r6+$ot)h4fP4L$t~KOYPq?vCyj;OLrxX>J>(unEISOPgF_BA*$QFwQkOFRH+?Tl z$dTM=xSX6`FD>oNqqD@{gaeCz*v%w^x#w6)Gq0%Lhdo1+Cm4xW%o!3bo;t);5`8_55F?$3k0H&dM z&7*LU<4W-n?PKsB`%Ew!Ah}wJ)G9Srh5eBueG7cL9EeGp79IyWVi3B`5^p>D85daG z&Xzso+p6e6xJh=e@x9gTV_|Xd&ESO69H$M4f-3LCj6gA`%@|LZt>rbCNPMLh2sBl= z_DHeaa~Z`_cvTiG(+jk4wlq33O5bwinw*ZE7B1-^rqjB5n+@)MlP5bcK{j%ehZ37G z0$fwMQMlKL1uwnVG_&`0C<;lAlq;*!yN`KXk07GF8dLVtfcJjpoAX zcU%kxei`0Sb_M1NkW2BH3(09UD^HZKyaqY3l|M%x5rN7)gS5Rk`iZwe9Tme*WRPmy z$>swlL1{r2lq04!GS|{1%1o=1ddaoEg;pOVn(!eEtMD335L(ej$~0v#y#b1HlL+f@ zIP3;v=p)EPI^cvn2*TDB;$5y(XK;#x_43?Kul;+{)+x3XVFSKnGgGe8P-(-^j z!TF)X<7bhA=^A45@-6K27Jf^l-ZWPOJs1*APA!&JVI_KGt}cLkPL@EY7=O&$(=6&i zXPfF|aCCw$yMam6sWW@3HT2+*NCL7w_=YJsCBW0Bi1q6t;7C~ufz2+zyQ@NAp^hC4 zmH7#(LL68ng00usQOP&ksHXu@oRuZGnGm=@An?xn?uf$bY=F>1@_@!YwU)8ikyk}< zFyddEJr95|FF}p6bSKMDQ4sbS z7D8bjqVusj%5DRn;SFM!q%wORqJa(((V(^j*M6fD-~FKC6t(-I8>mA66%*bC1QJ5 zgJS^quI>?a7I8~(0|GPJeOqvLpAG~=c@$*~G24nV=Dkwpp9>RJGs35GLy{-#7IXpH zFl`>Hig`%ih=dI?po${B+Xh+Hc2I+X7_!01SKwLIwiCHE<01_>2T);nGGQxewd`E# zYST_MqXZ!2lp>a&97*wkmYInDbmR~POiL;d#6POHF&j*dqJwEV7pOxD7XF1!1tcm8D_9buXH*IFjwS2-)nTez{j(iU<- z$X&rn*-;c37ct91V?+_J zRGC31QpdSa!UAG<19W7n>V^6~b0h~tEz7@u(<$~3|62Q}rH2b?30{@54FcR4B&AJ* z;Q@t@v0GBEJEy?{vfUU;bsH5X*qWhO&fdxc>v4-4kts2HJ;!ChDW3|jie(^4Pv_rz z*zzf5t{_W}E=N?*Qo=f~Fh1ca8!Hp9=Cn)BB{Zm{7K7drD2XONMB$7ksrS8ba5z0m zGeVUVX{wkG8ed{&1Ht3Zd97=S&Fmf=|CDx<&+$KJ@8}|*Q$R}4=`xY9zo*kOO(_|* zpX&CUM5y}KRNZ*jLDoj_8xc7NzbVg&gum_V?_g-UolfpK0Imr$B89-IG^C(2nFTm` zq6m6kZ+HlHp)OPs)Kw-PUA08Fun2NdxYkv;+)0Wg`fhOPwcT)9i@lQy?w`yfs`6<9H-K#}O3qq8$NctCIo+c`hA+Ku1Q6k#%>SBHc%ob(m$c!4G zIF}@1gr~^YQa67cewI}IP6fFqR!uSv(0yCs5}~ZWF=5Lw>BMncL@i!*1924_#Qd(z zq8_s2>X*A+eZ?o5iOZZr7`qUD45iGva|s}ABQe6URdH4hK~!?)f~s6|GrY=F7toZo zQ>xZ-@x)TE7^7rkb~{BaQ&?>GhehfX8OWsm?k@C$<~m8VCAzu>(F(Lg7?D)43x>Zz zuF<{SrRVirQh)kHvzN*!<6`V!mE$57WaRAaY0Ww1ws7a9sZ%99I+3F01Wj5Suo`DS zc!Z&=Wun$IB5fL3nZ(5$I=WwjFO;&^`}-2yHk$4Ca3c`!USxSZHcW~0EqWI|!S`-N zCbO>+F;z&}`U2Vx;^StJO*td{VHlHrJE|Vm8Dz#-;5YgU3nL14f-5 z5zAaATVuP65@iRLSm_L=V~R--b3UZtYde+|-%!D3CC_=~K<(QcD9>HW!d-*C4!Zh4 z8!ZrQ;AsPHZaWMyCyNKAWfx*d{Aalhm@AdX5rMf<)eW(Lwq!wlNfY@t88YfYZR`W& zV-lCOJV_-vnyNaI7@?HGy`U8I+{6WLXJ$X9pi$Ws&^)c!N*TL+0E_k(p**Rw**TUP z6>*^?v*dFp$#B)1W^yk3CSxr#5b>|)2hQ;L(a2aAj;`z1-Dn3N!17;CZe$= zZtMVC<&5x4<#=Yd5lq21kaVK29#Il1DoxYnlTj`Mvq+V?D}6IcSkXF3307nXy2)cX)PU}+esY@LMTEqZycp|$xyvw zbf@fJ@C1;rhTbj^8<=?z=iVh+0E*)Uv*C=yeVk4ZKI8Yba1cnjC66(r!nUO9`|x0q ztkSea6LBhI?{G9wA_3`{2?^w<9*W%@%}@-9?=mWNJ!(%?>?TpyG470HSb7D4>eK7>iRc=@)>qhXUfU8z4bpYz(NuVlze1l5u~{S43lP=Uz6mFN8(JvBu3btrft~#Dj zPD7Spg`Z)26gO1i*hz+?-nu26k_2v606^5Luc>b;W1^&#c#T^ysC75mBYL`L!l@pL zl&#B6N_iQaiLB7N7DGJSh165m!BLDUi8~-pk*g{^gpqVvVA;JnQAI%L0s)TCR#rhE zyIh#idw$^|RGgx9Lg@&^SUexEK_JIbTDXIWKa`*y+`W(ntP4%l9cHiRQt9)Av|KT+PA}&j z@5~U_p?z-IvNA!5vBTymSXpwrP+K<|8;2xO?JmqomuqlbR#s>P2S72A6{eb)RX!6+ zq}UDP9VUo@>6?lgY>nfdX$wOxh*dC(cna;&BLLZa9I~;g2i?j^TxWc4NlZ?yETc;~ zb$&DURgVUiZaAG$iWiC@y)=azW>F>H6PRYD5U=GzWLL|ei)#Ss*1g1$m=aSthD~I~ zi?L?YPE0Y07qJslK~-%h7Q#vUFB!FlT)UXbD=ob~8jh6ctb_xOYBYSd2CoP8NmVVx z8Ig-l$yj!sEmgw{RlM%S2&eq~QVopa8c`aod0hoKD#4kHcL5nJ7eW4GsK^hDN?)7u z6=2n1=QJbpyd$%bBxT$-T~p3O)w1U#a&KNHkO47!)?$>L^e8o)nR!@V6=zqc=cy z870%2VfF+O%S?Ro+JBjO9e~vnMaxuGKOLZ(oM3~c)lpnLRe_A;{%lqifq-(uMu5_- zY(42JN-0C3Lt4AB=Ea#z5AcquNz@hVD1x41yE`0_{{{&IvDRi+9dx#@3=gGL=$cd)0&_oR4Oz3mxiV%p8;hG`{EKX14)|m|YUEx`mok zkOL`Ybkm^c{LyyZE@A=juNiF@`xxahLY0igj}fxgH)PXJt~W46X!GoX-Eyxc2Dx-i zUiF#ghf6Ov;_&(nva}4L^p`mXXjdf2lJGO^Udp#;$|pjs%SZtFx#=;9u18Yq2RY@Y z%S0m}o6n#qIu(!Ktb(KBfbhAIZ^g8xo`ivE4M&IUnnseomC(T@E8quE@x}*uJacN6 zx0_=#%W_6-KU3Bl;~*xiFfl-g$xCXSB3A_k-~G+uPK0t;Fp9&clL}QZ69h>R=EB<$ z{E&P@btv}DQUe#$4@jN?GTB{hz84i+!GI|OODV7jPJ^x(Az^fUh{D?gBVA^`%9s&; z=a_cA%;>s`R_q}G4#?t+WDAtGqmu)}Mmj={pZ>KY82Q- z^IpQ4)xon=9N*eQ=n0v(WV-I)mz;0O@Je#t$LWhblenEcej|rSJK^E2a)XHo2fRI@ z2qJ}gF#3=P*2X;DUP;VB^$;n1U8>G#y*9YE7qq?q^DUhj5?^TSJy*T9niOo}xFOq+ zTUCbKc|rmbSMYd-qlydoy8b41Xz_bzI0JmU(C-PUrSw@Y9GJR(GJ2RzY}RYRb<3m^ za~i=maT;IMR_CJ(AD1|o2r41e*k)qH84ASnw~6i&Tjg*Pxy=cbNWE}B^Q7NqZ1xm| zNAQ6EDr1^yvsHqVz13EX(C&?M+U&QK>X>XQ2byM$7xQy|T%JB9nL@pZNSufI!4;B{ zSzJPgx#WBqa`tY}_ZDWT0oQ^uVJhCUWfp}tMHVe%xDBfmv0ldILPg4g$ytAY$ZSp% z9Bq`Lwy-4z(Jp3Of#u*Q4K0Zk1QOrNIqA|$@Xikv?jI9OosHce|eIqSJ2!@6x% zq=6{njKC8%OqOW#u@Q<9RZro>4^WxzSVgT+&sSWx#niVPS^Y{N(M9WF51sd}h88?H z6h|veFc+(gm^qg!(#I^_fAO_+Fm8A7g#96?!_+V+rRc&|dYx(nn~GU&)6inm3IyoV zbfC_8+&rabrMZ)RrZF|y2vTu#MifRy2^61Pv^efY%rSt45o7aNI`VKH#2L zix`VwCL;F&xuugA8J2A`$NH&Ys`T?(#??E*BVBke?EueHi^0t1gyzPiWOJ_kOt+Sb zFi-{GIQK-kG)n3z!dL*McO0-Kv|h7d`DCn&ZK%{c8bPv?7p{|Ng*|*!QDPWOJe)m= z!f*J8t^>+6pI0~{dFV5)r=fgYTKOVo9qTD21UM38tft5{Y22ZvaYg&IgyY0cfpiR< zozRXkTX7nDtOj}c?qD-$*pDrBKxX0qiQk)5mymvZvc@qfs4<2LE5imw znZ%`%pI9lhYNR7IgjtFoI+qcXXoSo`-S$~#J1C>3@o*RnK71y?F~mHECm3ipm{isVKH3>p8FH}B86s!oThaP{@Ma&>TlL2kAg-_XQ=zAl2;QJ&(z*=%d6`|{w zf3%JM76P`ms5~S75DcogDZ!dmBw-$)A1rkVKuPe|KD$(M3Wb=Afb+P^l_OS7X~ z;E7(B@PI)mA!;~-_x28peyCk*^J#yIBtOqaM6^bRxDKvmCULKCgP|ynGM1YfRT46I zewFGxeAh~YQ(2Pzh&X}bMlcQFzYY4NU$_7=*+uY2TiG-tHDmisX34@VxC)-Ww#r|n zL&`JnNnsLQ3@hd-F6&r0WA6w;dTle7YT=YwRx;fdd3(3Du~H$zX8hWMC^x+Q7={vT zmAZ?-CVo7So*P!;A;Bs?O-XcA8D2_rQoE}q7*H9-TT{3-{hNp{@Uogd8XpWJ(OM~F zaX%cVyasx^FT9i5MkM&2fAg=ZJRZE{;~`3}0BOuK^-eE!>9T3rII*19WSB~{%AAcn zby8omJc^-UMB1KDm3!a?um_nDzEv&IBXwDsBDdhHRm?<7AS5Y}VgUFO#y%gj_e8(+ zG3X>4{hh1UC24$IMneLGFIcSbdVoyjWUaBujDrKtBUj5CVR67gEG}EG&k5Pv944nA z1EUg^4Tu8`Vr?fI0%dS{mx(^hJJK>6Ns!o~SjJOP*h`~=%+%RfjL(|YHzTF}nLwV; zI-U{cEo(W7p|Z7HRYkogYq>nZ=?JciQw=JTYM_!(jzS{?MbsDs8Vq|~5sogj@y*u! z+bJjQG~!$$MMGNOOcz^;IKr`Pr`jigUsq$U@~5tvgK!=3;f$w}~r! zkAy$t`XH`t9yPt2;E78lZ+zLpt+0cCTR=x|yXX0Jb=yN_VXhyu7yI=r^RT)vJRN0` zwoIuo3#>|ol36!rUBWz2bFHa84!uZd@M0$=VdXLF%BZIqIV{6Y2*IMX(mhM|93I&1 zwAP}C>nir{>F^lmUa0{@2q`T%?>WSmaY9w9FlNO1YWid>H;4fkO9EBUIeZ$LG>H6g zvEWZi2EPn)Y?v~5LzxW8Y#`5uxUOR7(lI#XU$}YkEp|>l2(Yi%n#f4aC-FW2x5TBF zI5fu$Qt6<0mx6T%rox-D{pNe{_NMFd!vf}E%9u-CH+sl;X+qWBz|-aVXK92uI#I%ha5 zV&YSoEAtFPNNh>qp#!5xM>Q-Q@{V0i z-myz5pF{`?O6X;!QSr?XrMG)0?Xw9q3Rq~5nKa?mP=QJm^A>fryduZfeGwW~JZzom zw81)zYn-_*9K4j~eK5xBh;SO~n}%eD_^4I)@eaoL%(#Oseb4jz?K?0lQ?X}yYR!bZo;tS)z6Zi%DuD)3K#2Q+ zg#pQHW(9)=o{eK0n0ilHOSDT57?_1k54fnXN2x=l%o(v@n_QX`N2v^%dQN`vf(=s> z!*i`)fgq(v1Rt-ofqX$cE4d3xYtO={1aV*;%kzXxU&uMcTV)lt#94O1=u_g-I5Hx! z3(J-cqV2#^A^z&#{0i~Ro8~KC>cRt+U)09CNDUKuTzuhUVW?MircJuI15z(MYrnI# z$5!UOd1~ga6iAKtaj}Jkj*=w;P=jqv<}J&L+ETWQQc9JGWI~qWx6aGK-g!#TdCmK+hlInX};ms;wXw7Mo~WwO%|8^wb1g%Fiwi8`Hd7OUQ^Z8O;VAL|#c= zV4SPUW!WqtmTE=eZ9zO>p_02uB9G+?r)mMVYl!U^m)}=aiMs>H-ax5-hvjW8D$|c#SIZ}%30tsu`pjtq24UzCn%Q0ab zAh8QlobdU%sMgL*sV!3tV3X>?i-(swQV==SURUQGjLq17gH(ttFC?GYBc?<;8udat zEb2fLI7GH8GD|_Ns$f`rnz$EeUd1pQT2Y$a8~8_w4CftX9~`BWXMx`fwE73(2_`IE zI+6h}u$dugvPNlZ5Ih*{o~GULixeWL6O_nEaX`+tq;A(;yB%_}9 zT^()I0#0%Y{3_-UtF9mni9{v*9n+I0Le`k%vFiAZ3AxTZ5;kBehO&8@&Hh?Jpk|Wa zp#?tctU~&k<3ub(sOqOK+BxN+wHUU-vP5*Alwy@QpVXu9@r$^00#N)*r7Z{sUFtB= z@{;3y@h!I0XnpNfbck;(mJkfiBp$bfjROOp8=jw)2tN#LS~86UH9AKsfyXZrZSm!g z+V+DELY46@f|;c;FVi8)l_f_rIV;p@5kjv%TPJtHqj5yk5-6;K!N}E0ug9ndJ4UD| zLgj7X#X-IqJqsP{s)|cwO7D6lN_`9Vhcnbrg3Z<7_sY_*!y~6S2=H5~JLQ0?dS%MI z315|{8&N;>^|#Qp4pUNMT6f`u-%eV9lleBndvZl68gvEiEG^lXaPQ1nlIr*dcg zop%n$IqKvc@O6}qL1nzQ$zC4uX;`8=L3|@FpPZ*`a^@7W&~YATBxGW)04uIEmQ)8d!?zQ*EM!3L$Hs<#D{-lb%JJWFWS zAh12E4(_d9LUo3k@ma7o;a-nN>|^JmrOr4F2aL4U+K>1mB~9mFSuMb;Na_!pxFCfb zL}NUuZ1O_TE<9#<7U@W_SL3I87v}@FhkDuFOQ#-XWV@8QLKYdXqEnTS)}_)V5tisx zx)G&Dp|Tf0k416f_=m3WxHNs%PLzo?v(qMX7=DCd#Xa4IBu3bBBR;>4%y)y1Sf{Nq z#9xwj=hc74Z+7kH_&O^gr--jKBegDd&6DwqLXI$>y77T*FKFDPw>xg&T@$lD&b&mp zOr)ToM`cTstd(TNLARkFHC^jHr4BH2;x&|nvBZ99e2`N@&df^Pmne5H{6bjVi zlM7d+aO?Ur1fN{L_Y|8Tsu)XSJCQ`CWaARRRZkDb{W{~+gMAE z^gF5QUhygtK_#ynbe<%6C&Xq)w&6Sw<)obrG+-Q(SZ@yG@im15L!Qvp%rS&i?b6qr zs1vyV&5A_nP6kzl6d@&MyxMLvo^gUwCybrUI01B3 zciIvfq&bB)DAUt|6jkDQ2wu9rD5iYFnT43F)2$ZCtk?@qWkgm0`QPE4$Kzb!!uSV9 z8H3UJK*nJ>2*>(;%Q$U6`(VU9S>p&bu;Wp(!9L+PzQ`oWEN%IMEMgxPC8H4J>g?+z z6-l#oz6r3mp=}nZNJQ`bUPO#-76}erHySSnt28=^4l$TaF1}ixoPc~N9@qF1ml(n! zptw@)!4)m}#|Vx$f;Nn4BJ+)QPhWErVB zgRCa?sKjw(9JrW<>qzrHiBYbv0w%hcViYpdg%7oRO5d{%QwW`$>CtdDX%D&+1Z4^T zaokE&Xr@`Fly!MpBcZbMNfV3w#Bt#-Acx$#@fBIQNmfWa@i8XR@3Da@cpCpo7e1~i zzHiLxKZaOH_$Jd18M4(wzgrS%H> zgj*a^`S~8wR#8)Cj5_DauHVM0_A|*vOQA5mbZHQjn-0p*#&7^mkL1WbxVR_n&NLbh zNWvn^yuktBM$wE|Z-|^^GM&aoUAlUPW0bgr2@w*a9kdAtyc$EBevu}kL^({OURXXIO0d9`0)&qUFitW5MHV{vd!4D3T9f!R$gQ4+Jd0X5!8fP zI@4N7U1oe?(GM&tpm*uvB|m6KhQU#uDH8Hu7K6i!OJ}P4wtL+xZVkHO>ErF*ETq$E z))}#KCP?{JMv7HBP)cgV1M=H|z!bY8hlv@Rlgr^>o}3LVDxZ7*U^iB00idnT!6R)MBbFp-QY3kUDqnDFP$a+k3@fj;6n1p#z36aK;BManNHC>Y<-jwje z%pu1^=h|1KBvi=!IuA{;#7vD3uJ3BhknxKFX;NQW$x>Wl+7P1VE9_)Qqs?|3eZWld zV_cm=Ki6d;ol|J7@Col8lrU{%(R-KEV^ls&<;~Ae%e)smh^d)5AET$5PQ(gg{q3Ie z-Atyk?8>3jSEmOZiT=qFix|kn5XYoxC6`!*K{Ea@C5oQQD~sqB}U0Lsz12&&EFsHPyrT@v? zmuGH~?}!{ChXWjdboZ?#bz3Bc zJeiR(?AQ^(FRZEx_{#V${Mvmlbz@asNCPDz6-mnt-^|Qt0pv5UHrSntt6FoX5q#4YW$B0s?Eeb50>zn-2h^` z4^IFr#7qltj~4bBQof~x5lCp{S?H#;q+1$!r$Tjpz*tJfO*EM18e5=W#qqY038--W zZ+G_biviOZFBqIrPThp&HYhfbqfdy{%KlVb_iCAd=d-?n3NNS@<%!F8ODamkG5 z_J5;o@vR@xQl~#a|3X!H={U^b!^?fQh#vrtB}PV!>`bSR)8g%k516ec1~XJ3!!~m~ zrD;LZUhNw-U?jZ71#iFJqjbHd4l4GlO};~{Pt1QDxqmrlFk`X+Je6OdqrTv#(aLiY#LN6`HC#&X+#M?* zpp7#!iX-ms{_Zt%0|eolw{&D+wbbS+7A9=)($mDm-rRNNJ{r-Ms}pyjnJVg(Hu{BI z-tDf)rEoMMs975kxI!r!yPNL}anBK7>iD8vHFcKrLOibP9EPKj%)_DFoaXZ}d?cc_ zHMZ~1teynNO^hGm1USwQpe0eBwO&e@2VC{+vPZ?k2apTnCJ^96Bj%p2(z9F}CIoHn zUU*Pw(m9uLhr%u+mkbqT#L?0b4mli-!bgl*CNpflCZ2(Jyrl`$EcGfnDi_|KjOSev z);M`YhuA*d>KR50(j;#zH>r~^z_)D@4bStSH>j6qC#|aHHtiVGMvYvh;DP5H5(++@ zFly}9it9-V{tsy}-#{@6elvE32Dk;jmAj1q%8m!#Uze5R|7`KWBlRi%q5XasRQ;!NaseUzN@3T$d?2X*1Z*@uDPsz3}W4el~oW=O`$< zf(U;{@y-06I$i_EtUb}37Hl<^Q3FzR;}hR7rUHf^$43 zJJn+)kT;~RWlNJFo3SZp{<^v=Zap4tJ`fL*#u9|L*HBJfHYatTc6WPa3w;}U zJF0X#-VZh)y|(xPHWiG8n9Xr(ED{3M{pp?kSc5b&rwbu-M7PM6Q$pLFI75_Ynv|Ox z(t!;Qu`;&YrEl8+_+t5TKbhSlBP@9ehuF)7a*sgsUG)Le9ZUfb?++r5!i``YVNi*~ zv?_xkMtfcv*bl7S;4)gvbbY#f3Eyg0R@%`OAp=8e2R+lvPd|&l(?05o`arJCSPFkY zyTTN8(D%*h$BfLS&&X&iD<{r7^PMer$@GB5)mJQ=2G|*blF58}BekcAWv!ZtVxO^< z85Li*G~NC@{IPYtw#Y_kNKEQbCnp1#l!g)6A{HEoLE;MmdN(?Xa=B&Dz%KIs=jf zV`j}-jU|}|hG{xL}>l#_H(~)7uw0%?fd(} zPZ4s;NgveX?(@XHsnI`z93F_=5x8?TY`8~06oC8?8cqj#V<$Qu+fGe&dOP%VYNM2R zA$_C>M-0Q3-BbuBFwje^caz|;kkJXE)f@apCkHeSbr};hwK!hApw+`{th8ajc}|*g zzj=}=F31zXquC5AH5NE$ZekO*4R72ov*pz;L@SlwJQ~m18OKNLbS+~V&*3=J`-OmY z?Z2Ic9J1dZ6(;7m1TEd`(O`~pG#`1rr|VfrIr$HxU_9d%qka#aK9XUEySyUGOoXIv z;6@0Bq7rw$L}-B_fBjcT4BM#$a(<7p8veyGLKL_LIW0V|Qt?Te%JiGnPx70Dgho9c zNf{F!gIahTQOsBlIidhy&D_ELbU6RB(01+-pc9Hh*LPDvAkz##VWj3}w`xH}v18e_ z%PzhG2heO+bD*x0q4@3!A>H%5`%=eyD(X_Ft({O+i5~}eNC7bSeZD*dcof0Dca-6B zr;;Wcl5}Es@CfO3&yh1hmU=k5pFF*wmJGF+_fwQa((I}?gHZp0EfMiUG}hXH9D)Im z*RQt3*HpX6R6d8GyNn!ks#B}_i2IKSIAMAaaczUi_)7&joQ94Wn020kxr7~b$(I|1G7y#*!nJw} zQpJDBm8P-aT`xCN!XgnNe-RGxiSf{rwTz0hUdv(5rCbME|E~Zzj2g&dpSl<@_7R$a zwW@?-D|N3)Gg*<=_FSAID8TM2)F`U^WWa1r;Nz4pN?ajad$`rHS7pK zPI8v10Gu3xVYD0n>+uiAsT2;{dc8m?+RHujkl>)1&GqvAfyG2;yes2>sX)-XJ^$QW zgOKe&?4%*7b=kN1x`#;=c8lqrI$8)jU3N*l-CPRIgG$is(tpJ0rH13MC&c}h{7zh} zSAL~}YN7gU5%vz=Xl8d28V7!p%4&iDbUGrX7$|v~rjo{I?|(fv z%|)as(5eBz%go9Ju90^ptA#hH4tBjB;)13pCQL4Tl?V(Iji|O#;!Sf~)u}@<$f|Wt zVAda3!_h!!IBVU9zDR=b2iPN8 zSp2=dS|^M#uxD=YuEt zmV6H^T@1H4fh!#af{pqnrbCOhYuP8`+HlXFU6T{6uHY7}EyO(`HU_ct%gELZMjB zhCjh;auKr8_FAVN#J8D4SZ! z5dA+Qu4ylo$Gn${+tPRCq@hR{?FzYnd;TlPHe$s{iZrU)M8{bIFnY*2{F{VuROb(a zxAE{#!fkPzY0`|arxIx!jqe17rHR!-hoVXMS$pdmH9~sVaxLkRceo1>0bURY*Ll+(~q)9%O zI2rvc5uTLTRfd^*m0ma#HDAJNCWg)3A<74g5Fh?{g2X0$7*xbU^~u$IYspBZY+E{A zLWrcRWtMg@mpQZaN%1#8C01GU2&Xf)vgAE3>JB`KL(j@= zD%zYLg&|51P$*Jn6IZLnYOu(i9q_Th3ugL0 z&5;QAt@QdoZCqf}eN|m^1UC?$@jQ7fNE;(s75t6663sV)Tt6u9>IE-AikD{ou5aM= zfYpe`jyOVFZr@f|rHf&UQg{hb+6It-`YHFp;+=S-hKjucAaSQ(HzTP7mLb{LC|W@r zO*s+F?qNZXyvpa;1})+ilU}x}4Dvq3(2*r$z8os86mg%}D(I#6W5tJAH$xGC5YG@M z_C#Rg=L*q;8YI4#O5s2ig-A;ay5{ z>2?rWysXxAXBY{TgTwfg1kU_e=P!5kF#tYwwPDuva5bE*d2eD^uYM4l@w$Yt$7g#jU#di;IPMx@%081t>?zVU&^EO z75_My8e>+d4kLvfHGS6gDlC+)mCTNLZlw=ARWTVr6yj~vzgi*_g*bg`J0zAD zqCx$cZ*dy1{jI~4Kt4fr=I#Lsx_)JiHpYYh%7<57npU*P_{3981sku>KJiWIrj+~J zYg-mng{$aK8#PnOml6s(Fm_h6vVBucD@}tic`Xx&+VmjjDE?f$5fFh*99;`$?L{}E zJEZmvE3h&o`SPsao|7Z^b?kc|+Y4|*%zGtE`+5W30NI~|R$ZPQt3bFyd{3%0+NOq$ z{kK)FLVUE&LFWI|?;iahHy?SAB&u$z@f4w-(xRJcMpe`tTB=`u!Qd2yALGNAz0I{2 zKHb6*SuE$mhESRlfxP(P72W`xg7**@O{5Yq0i5Yao9e9~L(-R`4Zw6sLM7;mW5tbK z7=JpH_ctuevsvHNwSj&wx^x0Y(RbE#;D;T)IIh|NyYkb$F#6h^JYHFr(#DDI4lf!nCb+u9idzXrqoZs6*HZg zT-T0|b!I0(BU>Uw9-2{6jpbBE25_azl>e>ZWq$X4SpaWeoEkCW)QEp3O7kFxC)Djh zoJ7^!az*H@_2k4ciawmSkuR|ekx2z4w{8+*Yaz*hAc>eX2G^z%W556PLh>+7fvz)a zIO)g$-h15+&d@{WCJTwt?(BO}$m)u9nw#^7p$k~Q*(%e;(9Hw?JdbdrwbcVo45c^*5P>>J zYZ~|~=-sEmNS_I6O?+k%53_j)VKm|C#?8mvC4wH8@?5VvXMCMcK1?LMk)B%R#AQZ0 zm#eWGxQu1E5a`v#KlnZVP>j9QZC81D+I&5FhQ;_f8BZS?a>T*z63t2I`X4loL{JKs z=}4->;9Fth(F20WIp(OwguBbD1@EVMR;F=+%$>-w7t6m5WENX#lz(C3ZmB(yZ*oV_ zK*@kMP4A`%5?c^v{R~2k$^HIl$E}2uTUNWFgas~MG9fb~Cv-aFe=&V6C)Jxw!W^{K z8)pux&t48eYbY?MdEbAyeMelz=^AEND}FL(p~g|w0Xrj~2GcqaDau{fKu)wZ+ zJ)izf7vgyZRo$)QiNwh%PUTI~0~z9tozd*`9bQ_du^4w1FF=M z_^lJ#VPv~34oA-Vk|kFrlXxEotIcNV?T@l;QLA1~n>-9IL8&yXL)yl5XPy{Gf#@jQhEj<;?m#3O-yrd+ zaE!MmP*=vKzd-kBZf+={==i=LhuAJTCa)K5w4pN#rDl;cM*#!Q?ia2~*T25m>tnQm zAjQp`OSSJoyH8_CgvPcKjXO}m-gn4f)^}YrCY;W2Q2RF%xBUi@7nZV4+65^G_KAQ* zO;d9p4bH#I{8r&ncz@dZjVeKbrsCRSMM9hiP+%VDR_kpD3A^KGB&Mj{-N6aDAG_&* z`C2ld?kON3*@`pVNX|jO-2+hG#}Ur;CpH&mwcxf`8@j=4fSQTZ`|*<>nao`cvGXZt z+%M9~Ked-?9H;m!9)KU*#!Zkz0ifpnjmmP3Eyxz5;~F3-lR3b`$pa`QjNC%VrB%KD z=GHF=SRdXo;9A_eFaI`t9c%Iy8XPPeYvj3ZU8mU@c@pEb5Za4+#HN1=YS#XTLjTZw zx1LIp;{W^n4f)5xm5wy>bBPh)ef~T+{;wk=e>9XCbV$^YV5!LYu0g!2Gt&j}{jG2) z6T4%>G#r9ikvSBpqQY{F-gR7C&pfP9>~|he67!|RX~7Wv2xn$fl#}%~oNQuAQ+%FCQb|-lb>}aT7LCz4W0nL))jSY`cgc+g--Sx-a-O5QoZFfGe&SXZv z`qXHWTY$~nK8vVW0BAP}kv#^4h>Afut3%}JO{ABGK*bbpZS#ALPH|T_*x)8-DR5vU z96~oj4-h24_D==r-e3)st4csFo-+a;-Zd zO)SexC@6Beg-1Nczv6AuZzm2aQ^ddu3f5v$F+=I%7( zfbF9kYqltx_>Yo?TMI&s>svx=#PJ^!h(CTAnl}~Q8YpZ5MAZf;?Xwj$(2=yQ%h<}R z#A>LSu%a#DAv;O@H?bf5ceQk7oGN9Z1ujAeK5VFk;RbkXoBXf@TT9&wo5@w7yDjYJ zFGhUIj$(B;@)E}9Z8n_$Oggk_9T!%HEtWdw3HJ;529%OiF(cy^MYVGp>C3a1&G?6H zY@0Z`zyJ=Q9|$eCTE#k!i}3eF^@P{tcm$)>)WhiFp<20&B|5WkLr3MZsf^yQnam)^A&qzxEJp zSz!i@GG{oa5z_yu*Y59@aoKIa?L5XtzLJl(^yq_C;r&Qry+ixPH{)PU^|($5OUUH} z*HpV!>r0F((SR?8{yAY+yU|9KP?F2sx7Go0zsI=?BZR^_TTBy(NXw$8WrcK^n8x9J z)4$iMlPIypW5nW#+zU0#04RcA@fWgRqag%~*XaCt~j|4arb{=hh#mjz2V4l4 zvZV4K`ZH}uPCpk2UqcVT{d@S-*J$vc>>g#uAti$}z_!9vQMGF%!g)FB_ZV;$El*G@ zQP<_Qr(&S|mR7JYQ%S#hM&DudFacj1%{Vp9pb~ff`^)UJ#%F7t2QS|q2KiK-6Su~& z+jz<_8$Q+jZGBWoBUU8^dcgS5I5omB-Tyk}euNdl#-o-M{Y?p}BEq23!!BgvaPszy zE((dmf;XB;!TVpho=z-wyXPb=%RM*v1W_?(YNq=7RFp{XG33!Vi!^$Vc>jkkMP`H|J`)%^szNBUDGK&_p+la`N~p6=a?q^En{SC)GHlMA9*0G{ z_q96Ill9NJ15y%Lnyyzi%hOF%@Z}jFp-;uyrOWj(W?kM<8Ht_?l#$SSrmr+3b~V7R z1xJH7UJa{2IO>H2tD6rS&H3xz3=@QC1fbCk0g40)G>F@tiQmvj4FUw&No2~Mp5Kl- z>*<6|+R->?*9g*?SX3sjE`@jXw;|BmByFXK5RAcY1<6N;KUkumB$2lt{o8Clgq%8G zV<<95zOhjuKnp^x)A44Uv@CpsPjQXE_Xw@<)s{RP+|7IvTxOMOL50*W)=13Nvq<%p zK*dp0ZUJCz)Wbb(WvJ3Lq}n`DIS43|w8S30_s$-NQ2)tHt*BTX*)SW6w>9U4z&qxg zykEZsWqUI;t8i=uGsu~ioPn9$mb&ur+;F#;_tcjiL#eP_f~qJ03BA$v*Y0M9I25rm z51;m`Q-&nooO%6DE1HzT^vgagEy6Q|=~r`#5QNzm*oCB4!j40}Tm#FPp;LE5IUR|M zMt|L?=|*Lk;Xd;01|9RIjINMQxbDn0fNBNU=P{3u`~uy%I)|uXd8eE4bgFTndtb92 zRGGs5QP@?m$AK6gcuqEgaGCXg3Y+F9KXF)&`_aCN5e3yAccB5ht7xDwE zUAK0yL$eyGebq~z^stk4gru%GxbR4VgWHGAQ+K1Oe;r)e9W59#QzimY(KR35j)C}f zXvctm_;w7?LVq3HUh$@qt$Z19n5cr7zwrGYF?eYHIG7S{z9uZ8XxWD`n`9EnkTe2649~5_ z(!`|j0{Y&d^J2Q%5DhNCYwG=zx}Ol$(_(=}WYDBwVLWO<4R<0auc#nRGGM|-{`HB4i*gUmT>GCMybyv47N$=1+y70Pf0KE-&=?5Fcd!PeJ-Ms zPL1*&Zj7_7L^Q%PSew}~6MvM6S(X(5&O%ZCdfec6xr$mCSV+pRWDWFK&P$Q#EZOAz z4WlYGVMnnaNHO9mxU}ed^6S--GJzLE;P{Ut{>#e(3AOA_(K!=NuS|LyG<2qDK0YjD zSENMefT}8-DxTy9OTv%nc=EFQYnnw5)%Z>U1n)V&zp+~9=-cAyH`?PNUi$q; z3-Fs^YbG4|Pnb@GPpdI4o;JbZo&>^p=jazw$#2-_0=LL>ZiPbxc%n@7_^pQ`&4axE z)0}R=wWG0u7qb5VZPR`8?z4Yb56&G_Q*tEcD8G_YN@%4YccfO?1^v84`yC_)Nj4(% zSH}XV$~ska#5ZR^88(|UfOdmFX`GKAV=4Y=+r_AFD|l6K8r}q}(@PNW73x**1WJhL z)2vPHM59Bdw$T7W4h@3J-2!q4_a{CFB($6c^5X}TDE?Nbf%pw*i6VePJN|R=_}Ke_ z#|?hI{Pbb663TDTfU)J29N%6^I#CbK5Fh5FcaAweb|9?&0rFFD^=8IjZ!}Bp7(=-Y z?vuKOO~)8s33XRbNtuIn_6!GGt+aEe;ifgZr3ln81WRJeQmEhz5g>0r1Ucg35Vwe5 z59e--Y!@1yz{sl${T(i3l%s9CV>}e`w>mnYsf53seFZ3fK$#KoFKuYzI*r{6itCyu z^!~W{<3@ktXgPqmc)vT=TYtO$@+vp!=KAgSH}iPD1p_E_vt`m!qQY5lmG(+Nid)nv zc$zs)(_o>#SaqRE!3KSXN!vz3OMIyA99)L3q!#z^e%yDQ5#7HDPU%SgMvibGFvLB? z^P%CKPTf%b)+`F*Xk=)zVdnP{o_3?B<|BDJ111w5i)w7UAxZq8*pkIn8)C7pfxXiR z|B=}=vh{o>$AYsp?ic;_Z^PA};}uO#t-w7pR7bs(Kagp!swKmRnp;J*HXsb9yR6p= z*>6Qc~k(p+QKB<~t6 z`UXnR4gT`My=ljei~S5}m7HAysHpsSYAOvVUz4QRpdP5_r@aTqmC)VFgrM!!Be7bB zLcOWO!28CC_xxtOoU->N7SO=y1A910ydZ=pL}@O!1ohC2Adr@A8;o^1+AIcd>U--c z`x6O1Gd@YRwWXcrF!CPxAAImWs zt4Zrj?p_GJJm-TybSHYI6hDl0IpO~T`g1fejV*&vmsvzdDA}pKs<^T{!HV{9TNX*y z*&ay&a0tC{L};QlO`2%^*D(%;ohxUEojWKJewwq&Xkgkwhp0iNpqh}9t6*`XwzYQ> z7a!IQY z47?t$JJ;iNh@hTm;1_vTc>*p&tFQ3^Qmg`bpMINOoc1!s5v}=KcskJnzkm7E>3l|y zV8>5In>Q!^A(A}E@SMZ!h-#V5X5u!Qy|#Wx=S=$UeE$5|_bznW@YXaCx+c-v4X){G zGaeE~UbMkLW=K$MKwTH8S>dX7j(W4@=I8&&sBj3*x%@Nf>T_UH=3=>6YTC$Vz~0f4 zfG(v53o@2#{Ln|V%dlVmq+vhe2Enzw3g4+P_1YK>uEN;Fqu$oD-gA_l;Jzn5RySkt zF#OpxW))r}FNxE0)|`y-^Wge-x=Evy_?F15(CFQTF0J^Csk7D~CfTLTw5)bnvKdCX z^axJA%ETyt`xCmc;VNVwCrbMS%^HR_Nb+HsCumhY1nrJ>{Wi^;V8ymly2(}W>cV@ObN8vi2~T&SIR;MxN9;-J7xM?HA0R(z<5P47IzpQM zHe72DS3!kgm-#8My6Rs9dQ#l5#`R`Ag2Fw(xA|{!B%^bKAUIvtMrCJTq&gcbpUqqV zvgOLI*LY_9tzX&g?&h2H$ElUbzImr(582wVeXP(82wJ4Kp#( z%JLS2=bnf1K2F5}ClUZ7}UJzeXK|1R-33jD;Iw=F9uVVmh2IpNF)J zaLq3eZ4Y0bo(=0?HprHMRvZ=Qy@47Npy7VZnMONDh?=krx1Vu)(Tj@0 z)5$PFJiT?F)D#n(?@L06n^V95-hWNQ{4jWtEdi=BiIQOUv{_GnpkEpKxBgI(bbE!P z+$@HGmS4_J@IQJp9dHzWtB-WJ(zMShfxbGA@8BCk?%>Q5XX@Ym2K;}8%q6-=uI_&O zjBya-JDMMEgg!z$+X9&RXME2w@%eAFBiC~~!%V7*B|T7iP^fKz-;aepAh#48ls<_i zc(n%uJ&(ZU9B!1b6EurZ3XYXhz=p1DS_Tb)Nf&Xsji%*#Qq=)INUR$Tqd}?`BWZ8t zcNq;>pthX@lsXwz2Qu9*qPu8~ZSE3H^p>P;3qRR(*QJ)eyaqAk`5Oe~^a>J#+!vM* z>xz2H#|s>Upddwu`385P+fX3r&8qwG+Yd00qLI(LENt8e}=aY1-$pilhD3X*f zG!(S5vo=I3Xmf*!Rt4UMQbv_=Ti;VUl2`BlqAhV?nJRU}>0pp1%b3auSnD?AnfPCEE_5mjqQW``S9q`h&osKQcUOi#QL6Y@uCi_36u zA*?dK6C*4~(p(_ElC1Z9{MP@KRK4q0veKe0h*_YPOD}h#IAh9sI~!Q`&TS*Rf8+Y^ zFlYxl2NV}J_mUr6e>E^ZiNCIAjzhHIylI0CLR)v@Hy@+p1gwbQ?o0GC8@x_do0p-X zrgR#!*$(y7AlD0_)%b2)$q7_<(fn0?4W5)Zv{FS7u~$)w{&&q?qI*kM>>&m#$Rh3# zI=Bai#;2d8uTP?~B|{u)?j1}K_1e`!8);S~lJe-gfnK9Aa6Ssp$2sDSTttGSjNhuc zB&`$mS<@@O?>KCeNsAS@I~vEd#Ca~)AW)G5KkBKZIbX54BHdiagjSv<>e7R&W#vMb zuzOMv$iQ+t<241zu~f0K~)KDUcSO=dI{I4FHs2!-cBea>kI-0^;q@vp$suAcOipWy zQ*8UY!^>m($|kzn;_>b1U-$aBl=gD*dT5grckD6W>Fq=CG?3WN9jyZG#e*se*`5x` zSlA3(@PMk9lXrwsp`laxgU4;8BqvR7` zyE#UFZ^RNpZ0hsRB{W;uq-sD+JPWP#cQHxDvjI9Wz~sw&H2fPp4%bPS!fMuBWyjyo zQno-=&}-u|;p}ZDO+H5q=?T)N<7T4dqFQQ;_yN|6rP5B<0ci>tEMja zn{OyActJ(TEl4nv$I0jlSx2bF*aY1@>CQ?H+;ePeP#JqE$`o6;0lSyuiv`H{Dlmtz z1(#p}jUoxmy}?06R%r5Zz7sz!5}()}TfuIeYv#e3`PH#{`vQ!zXzh ze{y@@VefmnV>!qPg@eV#;Dq6l@}UOIQ~xqtkNf|`oNq`|n=yIJnGJe6{QI$wMkRfK zBe*&E6XnLMXxXe?Rrra@Og9^uKcK%E9Jn9mwl-zW*~T{CZ9onL0%0+x=n~c7@y%s4GSl>b@TokDV2wa{8}G199$+MYr*Z0Q`?=N>-5DT&P}dA za_=VizrKj#YMld4p@F-QFRnt{_Ny1qO0fzTYRDjy7i?D<>`x?$o_%_F2mtQi@4j3B z!Zl#Fun_9Kk-QnfnHW(jK)iW)yG zUdRrMDQv#TJ+r61Qyjk_FofT6D*X2!OF)qG&4hLw-vRAr@bH$?iBq$K%{-U<=(YjH zN_NqHH`=a+i;ahTVGsEms3UV=5pv9sd+WC_Av$LAB9yR*$T+dj>TIiut#|6{Y^5h& zaJM^om!=fppcMwv!rqHPpR?Jzj$ zB!!dc(+Qk}Tek%*s?=_W3^bdHyTlnRpu>%|>lkd`xGx@{3mSYNd-*U1F%?O`Ima$C zS;#J%BjK#w&MC6e#{qHr6L)#FTC7Bl-TPA<%7<|&K)~`=2EOz{=Q$+aOZA2I^^j~sgTuBp zP$}uU5efP0prNPj42Nz5=q5c*Hx@(yB+Zx;_!R;6I#nNAr&uPmj3DFQbyqi?_U`p)FbBBe^-JcBRuLdyz7gEeW*3Xr1H6OL zUmg+4kBUsF*`d=Fie#Ob^2fo?_87RkC#|AH3+-f=MyOg+(n3k7sV_O;jEr#*_#g^w z@e1|?%41OQs-PCB{ePLPA0|(YZI#~X4&s7Ntp9fg|1aquS7SjrLM!P_j~F^Qko6^v zA%lx8qw2(^(&P2AQ;<9IexSyexSS3D9HXbvWYxcc*CaX;2NKyeI2kvm6LekZmJwzo zBZ;QB>v!y-I59lncXe{3_LIJ%XNx5RcB^;FJ|*FsztUA80HzKjTs!pYl;Hs3 z3dKs;G}uZ-q{+eJ-E&V_v8)f z3h!~L%Te+2i;d^LS0h-$27C1K#}TX+3l!0~;!wYoj~Eq!rlJ27-E?=$Tf}UvDYMK@ zx}{R##J?eGG1=>Du@WQ!xXJJlaWZrc?GH9p00FPL5jq`MiG>T{w*~G1Pq0E16TR=w z559tLa3^ysG2wQ;#xiHjA30U)8?%U`mUKyUDpw>@iQ}E_@8dVt{=2?1)UolOTZYEh zKv?!JG@fTJk#NIp-6&-8={yLXveVfYzzR(!o$L~Sqp?4BIO#3^XBv&G{P<4X|3uThmjgYOg>X9gCZ&ctzK^!s|FmrONYe+9XEO9Tn zj{e+2l2J~qnq;h=B|dKl&DE5LUm|8fw29EmHTS*#`oml`*g$PSz!$xsi9B+Lq}mDK zLEhxgd`hO=GCoh1LF9*euQ|+%=ar~FSashh1Nh`Td%D@3J#`|NlkNHSM_xuB#_#3k z1PD>!@yhe-GJIL1Sl1|E*tkyOkMC~jt7SO;;X)A1IJznsso)7@qi7!QISwco>yE3K zUZ`l`|H7x-CpHh-J@9{ktq&)gJlV?=fJzSWT4^Pn(_t7sK*#6>f*qsIhqSV%^QOFp zWRpvJxxL5mfw_RKZId;$&H}0P0&W ziEx88I9vZYS-#otYz9LGC&ED@MV$L+{;+VjvUV&Sa>flZC$wj86TF?(uJ7(&yyOld#fV-Cd@TXOK89x#!?6NyxSK;Vj~E z%y3PlA8YX2>>Okp*t%5833>s!T)QS}y@f9@-2H7*0EfJ|+32k>x0yDi7{S8}g0m$* z=gQaNC{4#hKU_Cf4!fpE=TmosE!@j+^Lae_bMUkR3xYPWcAiz+lpZi`dhhxVmc;(y zXN=R`W;cb}=%UPXsVeW@DJ!a$4W0SD_&X)#>1Wcw6W*=Dac<`uh2Vc3jl_l%jI{ZT z22=_DJGR)h8Z0i9_neP69!b)h<${Ywd^HUac+Kh%>*)aI2EQ(H@aeJBCJEmk_s-T6 zcqnK4>}HST>(Y&5rg1No8+2N11RBX~;g(W?BfIpv3G>H=DiBzq)FLxqos3S46TqiM zcP{xN1iBM`7Q&46n1iZ~zA_rSxVMRUy>Rz+Z2R5^>(!mi&4&uB_IZUqRf>lxiHV2a z>BOIm%sYJgSE>#qod5?4lHibhW3rRmU_PM+=RJyUrC?ZtliDPwwzFGX)eAku8oAfD5j1X2|4JV0T98YqQP(^9nRvrr96p!@P?!-uE^Ak zu58M3OJItQ1>z(qGD3609KO{|EeRqbv8qXx=Eon@&0KXaHTQr>*`ldhuwyNEsnHK2qivgnIBU<~|H>{hzk|o$=O8rs-zEv~ zu^TTpB(I8lo48gEHkNcI%>UgWMi%~Z>@0svl;DF35&MOg?ZRWon2M=O4Y}=i2%>1F zcbB7)CK5q)*H253MN$0aC}ikCbUfHpnj_HZ@SD=I9Orb2Fx6cveqT&)9V4t#fQUcu zc7GfGya(HBwH{xOSJTg*dl>4t96J=xm_eEdca<6fvChr|%e+lul2u>_y|Kq{^uJ~2k6mhH*M#_5=n}c&_Qh8fe|GOvA%c<1ty)c5Mbb? zEwv&X4Y`pyZ7#{-Z1pDGceM!t1maFRSOo@Fz0U_eT+1}H--i?GZH`VZG9mV|CWDGK zmd)$q?R9~B%Wpl?@u?B6#QKZH8s~N^>9CSH#K#qbE?{Ob_+c~B=L?d4alHT`40SNl zkSVYL-(D)Xd&Qp;*XEO0)x?231Nsbv?uV2w9#eEZ4Obv zO8^Ybi;Zpw>?V!0od=Lmg6d(SqQ6yk)0?RhMxYa5Sb-Iz*AWF?R9UtPGAIJ3;x7gNa} z*S$;#9aGVBPk_;_Zq)Oozgm8yni+HOP*Vg5YgwxhChgNAwcYK{u05a_%~uEaTS3gm z1W09y3*9o*mJ9tiK$<~OiYV>hAJiKF7w+E=P~zPX-oI_E%h{JI$DC&fbIulHgENn(y?$Kp-h&T=vyjotZulL?qZ_+wFv_*@^?_pdv^sty5wlN z$JGLyKx8xr(l%Pu-0YrxtU*iqk$d*M;){62$^EndKm}5uw@}O*kUL3N(Ls&pR~#F@ za7`5Wi_V1`8u&YM=xc3800A}mW#1!TY`sVS+i+0gY+r&4VL(rZ6iJ`QPW#kKwHU^> zqh%P%oUB4=o3ujS+BM|GP(-KmLbTA7Sin@JxYbFak=*#;`nT2tT2l0>R#N0`OP#gC z6G_W&s`0exLK866+{>u@L*_w4M)Uk}IGKXW?@feX;>WNjenf-hgvaMKCs_xMZT@b! zww0tfFT;VlR71?|s=;)@P3j@sHibY=HoO|hH5`TT9qWjf0Z-eV>&X%<3wvwdMHTWP zo0o)4`xK#irt}1U%!bs65=sl$QZ-|=X7Tws`#Lq8)$L7}g#0N#189pDvhBbt(l_gJ z%(bM$=Gr6SbE}2%eB1!ucTUKb{^jRpeEahFIQh|ge!e%#?JShiL|0r?bJmG;dq&GS zb~U{+$&?5Y=tPvAd*X>SqJ<*Co93-e-AiP4=;xiR-%zdC)~$J!U@AS?2$m(pl<~h5 zKP5#`G_)iJ_aFAq19Q*Y3+8kPi`63S*B)LnmG zYhZ9fYe4I#eLgT;v?&WOCq%pOw??K2cxjFtK%x;7ha{-Bo1pa+I)SyHhYveVFKJCh z<0(G4z<}x;{tjb62`#j~FBOdju{w7x_JCbWzcwikB%25xpz&#ZYUbnci^BDCnb>6X zT^DY1ENiEb-E&&!&n2crV+>yBY&4t$CC8Yo0U9x2RJrg)g~_^po@C9-3K3lFuH26A z$sDSx4z*I-fczV+sF8tD3d(`~Q(d%awi=G8CEW{w zFMHPEaJ~BQ&Z+1R7CWbgW?>}%-2Qdo#^yOYv_Cnxxb;3=4{K$3^mtC!DU-i%&$3aL z_U~Az(rl;@TnS+0%82E=l^!m)m&e;5V<#HYphYU7dOE!eOsAO4?tzO6z1v}EShNEa?gxOEB93rupGMQW+g%h; zKDCWVRCQ2avuv7GNE^{07~1Xy1;&eqJBDsbYtA>72X90Lx4CC;oDV)K9_>ueBb(@& zG-vhit^!pmatFE?cFh9F3AUt=7oI_=%K{Z+CM0UQGz(mq2QD3?ELzn_uqFSboal(EKCGvY;736Q|^Ah z{g#-8&#VlOW2Drv2Pl@d5R?R7t&j*DSxpQ zPvu%t_q>SLv8B5qS9_1(LEsc{|4Eo(<+RqX`Ad8V{*Z`kM9C7Bmhe@pof8_kB*hlU zrl^($z`9RMAnX<2T-8(X9&lXv^;STgX)4#8HDYZERekk&5`K^AK6mB@?Vw$e1Q?Dq#Ix|CUzXD`u#e%RjQRdPktsavOVG?me-e(5lyc`w zCEY8JuNMCpufX&hPJhV*ltYxznYOA5Xp%lgbNY~xSEJIJ;c^6(h0+FX`_V;_l3r7RStc)*#K^ooJDtKgM|Xd_yV9R7ZIV zTFlR@b~;}ArfITaS>%Y^RMI5*FgtnX`V>gsA>m0^9z+J~&c{!fVt{_7>{e=Zrec&Rxk$ZTUG*aL7z7Ryh^n{fg|OmUB{Sv_Q6h!6)#k)v;$ z6Gw-rX)ytzi!yh^kZyUqqX)rbBG(cROSNG;4A(lU9OS+_0q}Kg?g|Edv*il9*2=J5 z4rsnsr;SX9hcSBql5$1^Nvx7*f-2R20o#TE;srblOlC!6^Wm7|D|@|vl58l1#>L`c zumTWHnwoqGFBl6iT$bj%cBc(VH9CO0@8|*-xm!Ee)g84jC(|sK3X)oKEm`BPqGP#Mm*+ z>>MG?2qRLwjXk*m-)n;Ic9^QmJRPjg`zk`N@2|3c)L1hp;O~8FOw&u@~RC3-Hk)u4Y$+b-cR(@QaSTSKEF1XZ>kq7x#p5K{Fs%&pmikJa%v z*T?`@xH^o>EJ-guZ+M`ND5#TYvTMld4S^aga{6uB>0b1D51L){Vpnk;cC^P-4QZ3R zQ9t9;1Rx?6X~t6f3%K5$GiX$<-J53FXx5V?ZI2hK7m`Ar22Vf}?KHYs#tzSlpPI`` zJ8Wz0ciRJ6azoE+B*P(XC(* zwUsxkw3E_H`W>Q~pO=x9J?(6JpuhOiHh7ZZ=~z?z3x)0=Q;flI+f8x2HLdBirm4d2 zj4IA5iwewPC@7m*x=v0JkcxQ}oH5G6pjd5~<;CPoh)}hp?_~K0+1b zHW0XF%vP}lRD@fI!_5}h1t~uGsWjC<-VmKVCAiq2v(y^RC~%snloU|MHzRMNM&jh+ zg>N5DtU;-~#$Ovwc&Y24=>wCfQsl}H_c|?b)jKEOP;~xfvHBmBG_s$Okvi^i3#XiS zp6&yBySjE3{FXfV?s``kqN<>VY{tlt{DRJnmhIXN!s4=CWCQs3Gx7Tm zT{sPClBzO!@hCJv7=b{3+6M$s|L_Rc5^RIuIqg#e!0-Ql@iuY0L(||) zQ1Em_xYyFh*d?f)CUGBQ>|-lj z0bSsY6GSE<3|y^+0Zpp^O%hlFq6i~kM~L4@(}@CaPEpQzcRY~m@y>aFKAm8MrKW?v zEx=R2k)kDLnjpHr7g9?~;e%DFw3+UnBi{>LXE?i`JiWloVo=Nd6t|VmmC6fpH4i`W z0{jr&$vC6_ae*``iNMg-*8Qh3Ms7uVXlIF)EqmEH1_J=4BuJ`ooT4?FzISVDSUGo5 zusg@TT@8H|`EPd@($9)~xceHY3fAyMONz3Kc~X;nb~Cou*J$r!+lziO-N7+RcFyje z*`JvpZy&hnkAFxZD88dPqA%kWZ2}Ghdn7UcU0+;XIAIFrm8?1uNO!dw9sEM;+I� zOMzS>A!Tb_leC(_e6`w*$B72?47WHV2Frckt=Rk`Jr1hbDt+Doy2sGZIT?r)y4bHsxsU>{eTmw9AKRbg@X2btXS zq`RvV$J6ysP`zgnrZ*SUZ^dGpPu^qShpI<1k~}M~dtG>T%=+>mlP=UL3FO<#%GLtQ zPy-TcNb=p6{BIduSDY%b@z$3kG4*r}gmTmqwuj%wkoex7Q(T6eV#sfGYON=@Yq!^5 zbxN@lG-tsa)6ppmUrV4O;<0TkyD%3aWU;on*t$a0te(j}R?^PIRc!fz;3MEr$#|^} z)H%{WE98)*N(RHL`xtcQhJ8eE7-wpnv(8!n3XBZ*Dm~0=)+KyHjCl4*23v{DMfKK$ zwvDL{lbAX2oFe!*Ec_1L5S>JWTnr4*0CDpY> z3PhE~>Z?RIH_>#`^me4l6w(Jpx0U~b=E1QTpFxd?MCXJN4;rVUix_>CR?{m|;TDyK zm?RJ>eeW}bDy@; z%^~5|rxxLs>O-H^U99WmBR{r_h2~dMjL5Td(tPYaOK)JeZcQecZTCf_7H#Sho9OR# z<}i2!6J4SwGpI80mE;lzC7!nj&rM$D_|%hEnZ-+HAZ^p^ii{#rKS4X+nD#>yh)560 zE%w^Rda~TbBH-C@hxht zgh)kK>;k!%;VUVNDzwJ(A2SbA3S_%#;t<5ynw<<4sG8_h;<>~~Z%iiqrgGczvvgT+ zrb>_Tx||t$OKG*9D)(@X&TavlXPK9urK%Fu7;R<_vlk^PP5VUnf((!CF>^Jc6cWav zAII@@f!=Tcq-J#R3eV;Q`EjHU;kXpeOT4w>W|>MM?g@x&&%iqc=DJTxmiTOr04IBM zz8r4oH1%%YkfxX4re{-C*6BG5po_O&4%o-;6aFuepwIIE0Ra6vz@Hm?@!||=P|G`< z&g7?ONc_dCdr8;h4M|1b+COHPjG<2ItuUyZZM<}|a~F?p_G(A#2g4zCQVpL08`pP$ zH?>O0U1F+xAz={rwro4F3Wl@6a;6t8MD%;iZT4!yT30u8yuJg3WICNsbjBSpBbVIw zaVo6?w4hgf&R*jGkyKHapouXxL9KsJBdM)Q8qQU&q`f7i|LB1&<$F==pdm5hDpG6v zu+86Q#~_kIm0^Q5w6WJ4?+_O>aCyWrZQ+4Z+4Cz)9~K90^Qw3Ol?Ahe6@Aa2BEn-m z5F8AUik#)_w^=10`VeJ3h`h)a&1gg?>{ToQousW8gU?85Fy0NKUcC)=J2I2gQWXI=MZM|u zNJzi%u|r*oyA_?2Tg;@JP9A?M&8SAzDfBH)uYrzuni*zjL$=&9&V}elIsUF~qG_Kr zbYK&z(_>PN&a@{n{Lq<6kK5}{z?F`M>= zdpUoYj#n5Z`6>_Mwg(bC2gHxUWzY;9&+WL2#$G9<+v{0CN$QswdzK@Lb^E(bwR029 z{sZQRhN(3$NEmP~N?B~h`&g+wyFj%5vXsr-E{g2d~Bnoa-!l^2Y+1OL2>xhW$?vW1xfOE0T0O zou{<*&FLKJ`lPo-=)k6SYoWTc6;;_659wo>`f<4Kr+^edAj z6F)1xEIh+1_X{uG^U7q%c`){}&b^*MI!z*8f)Re1vrcI&rF&qJ=%2#;r%g@pK;ln- zU~^nEPQwdmise_mw%#$D?@5-yTa@EZtEbMH`X)L7WAHpi9Y{6>BT&n(igdX1F>W{K z^Mw>Is8iADg61+9Q zGBb*)pl?nRAf?kOYk^SC-37pbQO5H%=r%LHuw78sUd^=7U8zouen(1T{TxZGJ|fK- zG5b5?*+Gjh4m)c}G;Y7AGV3{oIVE*4WA49_VPMSvyXj;&d;M=Wg-l7O zZoe9!u{R<&u*sX}wJuYxIiRbHPY(}L-h-_-NK}OffAZ~lY zi@HXXX`!nunykAd6ia?t5lu!utBPLOwo|Dzlx2IP(}-a4lMi!4HHNA~UwBSnX!z`H zjZvV;E2OfqD`B=ekhF)zujBJYH0 za|iwWEB@k#WY@)3L~g_1(=>#}iO$;_S_Y$Y2q>w@!nNrh@?qhpw}H_H1UI0Mn9jwX z3E#Yx8HD|`CB!^)_f^L?<44gAcRC^5D^tDdlc3Nku1SiEcRRz4K42S62}kT=N1AhD z9kLL!bHwUoV8AFR$CMh0LQka{03hc40i`kvJDS)VtL>fxZofudx+Cw1rHBF2p{6^8 zZ4BC?HGMS^GFU-L4ZxLuTrUz#=wB0G0mMw|BRLhFkEkCjGUV66Q3?Pwm zxc)l9bq1)7+F@~*t4Z?Q9}%Y;<^P~z3Y+@7T2JKA*`~lf5`FT#bLM6PMI(F_iuqWOr>w9LrdnGXjmV0C;!PQ zzL*O_%0|K^U-<4aR8BFRqNn!g&t09(T=@V*I6FW`b}~Rk!qUTjR*Fiz)Vd`c=0_=E zLA!*z)7)ji(m)Lc(B}{PcrX}e^vykGgG3YVmzlIHC1O^_5V}>g%1v+tkztfb0Kl5g z$r?$@M+E54=vhH3grr#`f(*Nk9vE0FYfxpOqUIR-|IcFe=f4c~IOZr@xy!~|=QVie zoLnu#4T}3v{n-%D(Y0rLiNvd@*wiA1RNtFdFfg9Bfby=>y6tA*&UmK_odv7et&v#O z6xn#m`43cj=c$>Uy(o%3BONDBg^0jbQJ<<$(P-M!J)mT#+BP#T>kGDnvy4jn!o_4a93m=-&UpVMp>&Tqtup~6PUPaCbZWW1Ua`14ie^}F< z>W8Z2r22s|vGHW|G}`;I#@UC!DK*-iXo*3IOy%W2A$RNJ1Mh!(ia}L5_2^6pfxtOb z5k!&K@0SFFQl{(q6CGtwn&1<4A)_*agC3ZD=;F4*=yHJbqL;jT(zy`-!GD}#luM(CH;9FUS@ZR&Bl8MelL=AnR!sFvhT3s_g;=m(g5~VDW zNCY_sU0bG)MawB49BdEKDo#WD15-4!*IU-6St6f}cv`gd>t7x>V{k=_HR|5)w`D2< zIZ~Lx-L9#Z(;hp$O$*rOIE0qc;f4mIKNx~|gtoLiyu2s0+Yz}jxMbc4n|KJMx5dYcy$SLw8 zxU&jJAO&laByQiaRqqSWp?w`U-+f{$9d2D>x=LO>&Pb5wi$ z7=MvG4H`^U+zC`+VY>2sEEU&5y&Eo&yw^S6yCNV&nRHNQlQ}w-wGDxa2(NAn_quG* zfKc@T{H^%k?GqASOKKh>ySJZHB=rMiLp%zp8J6CaqO^iCHZy!>m#V{s8}=_omCl8> z>9Fq6)#4lA^J|1j^WPC_E;pF}oM=oR&U5FC<4#?~&8}rN0j_sCN!U7>5W5dT*oE4D z8iO?GyV%8^C+1qfWtmRyN6RHj3YO?cxOp6)Jmh+G%^U*?(UAXUH&UQ-K!yIzH|B0z zPP`I#Z#aD${#>IOBn-u?KC078J6&JZab_2w_b3@0>mEBmxlhCL%TleKiu5>Dqy!R0 zk{6&ilrBfo2;pp{EwC6k_($?7;I`!Q*|W1O@XnG3cjVFNdxFAtW&(#DVg zZ_6AzhA{gNhpFgfhOKHA(z7I9??+9b!>>Ur;mv8Ln@(b4x>Jc%39sWu5O!D`d}Cqc z(^Y6l41tAfBICR6Zin$e&Fz_ld?H33^A$8?PD`EsH_-KlV$t|vfu*9xcu`^eSGNuO z6zTUJX$8lz43meH-?(enQd|nV(6Dj)bv8bd)B^lij65-9%NmuqnFFK8Y8J@Vr6-Sb zN}M(VAI@ou{A2HpOA}Ja&`&7dKMS|q=CHX=j4#4)g)j=rg~7p|c^x5h7>tGAwciE= zYToRF-y!8U+Aa7+N2QYx4m7O07mI5NgFg&EWL`RoL_ycGWEPfmJ*rAVJb=WxpN@Z^+Q}D+in^rvws@~AN(*Y)9a<>gE^kDk3q=wVmlBtTiPkBZ#&mk; z=^e#FlsM*7J+fWf3k|SO75;fi!>v1b=WCGVmWwqLnALd{!kS19hN0gS>B{1QY9xWx zp8xW5GyZMpMlQJ>Y#?1@;%G{`R{!T+JwL!^gaY9siHPv72^t&cXdvjV98MSo7EMIZ zDLjb-I9`;xiHuH?s}2ctEa_YaY|$Ff4Je>&n)au*%Vn&RYPBZY#nYtlp^ZCAQR<9c z$6E687ka8Q#g2U~T9&hg!*1&^KEhcVql=j9=V#mkF=?O@AJGp0Ka9U=}&$ewe2)6coKS8&IJ3si76*KRIA z!r9c*+?H6hi{BmWm+Bmv+s{`3G7T3MC&CM^9+&L}7h=^$LYotk&WR^;YD4za!W{~5 zTafU~mU3vXb1a*RQHTYZV)R-ukPaH^MSAymes5{z#lbMbYX@6S+9&o(KHQ`LB2y8lI^vu&}drMFxmJon@lXM!5KGH=mLa?|PMF+PWaW2dpq zsrDcPo7*tS9;e%L{>0+Xm*r>ZgfENf1IS6(`HS#R?OMaj?XLBi!iU^e#{lbe`J+Bs zZ=x3@;0wBM-GuSd7X7;snoLuZW6SHbBoHpnC{sv>tqF5%5UU?{N-VET;u7%(X=G6Z zAJ8mHPqUdDZqjl%S@pjHgTO0VPwKuwq7?V|_uH?@tnOc`xu2FeqiZBKg2$ttTxaAjPwG?qJoU_kn1( zNa4TM-T6=qTB#IIK(YoEr;)nd5&1IuT0 z_tc=Jrtfi{0fW+ToxH9S^GxcVmTAHBSWUY{A9V0x|!@cRlt8;z<%$`J{s;pu@ef^sJQWd5L3k zqbu@pAZ*)gZnn#dVCn9Z_K}9nQ9}?rnd7`M6JoM?o{ce7yZ^J{gc(lcunFhxcAynu z%g8=K7_?cGBrP=qUMdPZnduX8URQCoU{wJ=}z10P3XdOm}kc$`(pN zJAzjdCL6Beb$27D>;(n3!*pl6fYy<5c4#{CJb5gJ#*BEm@s|qAeL@%U)BVfnPkikZ zGJ+C@P|iSK&8StmpNI&8`|N=n^?JgOo4jgV-XfQhkq(gbNNX(*1Nu8%0WJaLu%8H& z`kOkg&ePaV11wxNUx4T#d0bs)K|^fG z!}VZB^20QO;L8q|0lqsCGDNhB+G2Zw)k8Co$tDOhngfP81D44aMm$K%Am2MT;&i89bT}5|(QK?66FG&-ODO z1$1LWCh=Wo#y7*SEHmb?r@K2mR8+1TrXq5!zAeh;(F<}Vro=o@JS_F}_VOVT*S&db zr~(d@XHgjSt(n-3L4csiJNEnR<2MlXkHW5{X)?{Jw=K!MSPXqP+Zmkrt4T(h^%+-Z zlSA%ye+Rp{!$49>M6Y4CM3A~h4S*=wto2e33rk2<1DK(lWF{H>(%~b9Wgqpj-oyfy z!JNQPDnP5w2hf9{t4vb_`sWv)@oW<`Jw5lV9mtr1PI)f9d*ohwx47Zx!S$G=ahZA_ zU`~c{_R7>4IgLPHu8bUy>K3+^f&LKOVr)sPO{Gb(kx%z!~JLw2GjK>696gfv}6Mf zQ_O05w!igoz5c1PAyWMriR#bH!B(WYh|B6xsHYvNz{Gkc`TT|^d-QT8cs+AHk5*%J zvm4Jx04zcO$ZMNA6`-PXgt}0)t0pQT4+Iq=R{^lNum{=0+x6}?W`W+8!bFc~Cgz(l zv#!7&gFZ*&Jq)?&ODTo>8#?mGxjyhH;WFuR5YTCJ?1o`p?$;y<)&Y zwxd^;m>E@Rnk|cp+gzgPLKKJ+br{5T@cK4zM*V*_{o^V=lQGKDA0JSiij&T#&Dm za=#l~2;LHd1QzUtN#@((%z7Cze|Jlx6%HmyT@`)SEi`toxF0qN$s~l$GP<4L-W8}F zlZV&d89SeCob)>2jxI2<0z9_iYWh>Z+q}}ExSbQQz1QP#OTD3!u<&{^9s!GHno^*e zt_2Aw4j5r@C8g84A<^t8ZWLg(<}M+sB&>lt_Q_JZ68LY6kwRuVH&S5<*@+higa^t- z$8Y;4bQI6OsSvW_D;hL|DRg&Tt-OtbRfHK>AS!>kM`Vul^U2!~#J0qZ#fvf(t&MIH zh@-r2x;pO|VQGXw@Uph}o`jGvOOKNkn7CX~#1aZ6wl2m2Q=zMnG{?oo68RK$7+`N& zCyAMwI;C!Tk63&I2Z=u?X z*Sd55`^(JvTNPjH9Y{~=Rg!4-06+xu8`amz%b#mEfLEB0e(Lc(I6jc+HC?05>BEE# zl<9H`{jdjU4uA0a?ipP32l$4=(Fh@XfDH5Lj7i)3Y`K-2A}iU8tA}?OJ27mWvC zGUFO!AiKCmgFkflvwFX!EAOp^50p~mvtZ!44gW-kuNG_M%7NzTC$9 z(QH{T&8<=E+K40B_sV0dr0zvVN(BLT7b~rtvg;xA^;xm~EL1qWi4fyn7Zb!LLQsPm zaN7B}Y1INzKb;@zFW}a0b?ghqbQ$LaPrpqsPK6kUZ^6H#4sX<(4pK9L0uHkl9NgWG z(~mpASHMT(KU^0!o-^(rAq<40H3*{`Jf|lsBIqCte+6q2lv=CwGgN#l(y`q=F&tGs z*%r?S*4X&G`gSbBun<#Jn*j!-1sxZu|9*?CTyH(6$2y=jD`y@of)3B?r zH%Q$fJiony;9nUbkKLY-qjg0odbXJavb(g_v1cZVet;9CH) z!VcWg=EmC?>gmHkpQHt>39iK!Rm)GSRth4W1=nqA+|L~cS>RUmm;{ALD{I`d!$B;7 zUk`)2m$VIaZA-}}BqShDog?kS#8ROu_T;_#jM7pToF3> zHPsva@Pdf_46AjGzcnKE|0!vr(cnNa)k6e@7Y;-mtjj0%K#aM%=`?8UWKutKsv+s_ zfA-h$2DLNreegsJo@GO{D=L`DlYEF2RhSIkq3;W-J^$nxu5wn2lXwrc?nHzjn zLjO{b0L99%dOF5r6n-7dk<7dN`4d+HfA47`P6t-?_#>jI8B;{J#K!n08B*O2btH`K zPd^UM7(TG#OJrKVs&dnhVs^$`GN&4gn56nKU@>9#4g9RMEuW`Mu;B_j1;Cu}=y?VX zXh@)@^WTO)@5e~KfLMPk08f*W7$5XH(Hl3GEZ$5hh2)|=;JIrsjZV6ue`bD?KNuFsF$efHMn z9npP{!)+e)<|)eWib=g=&n_So&pyEwrqL;RliG5E%uUn>#pA=_W? zh}XdNw<;mMW@;HY1`AnKgay@lrW`Atsq=9ha)sXjucf%|f1=gV3Wy9Y00Q&;s>Rqb zn?Ft;%U+{Y_v#G~PeF{)+1PI_>M4|MMd5&3W^;O+O0G!MoC~WFVvC$&`-M z%Y5=LjPIs~0pW7Z(c5&~P7r);JEOj4<9-JRpl%EP)_1X5M7c&Qn! zngM)~5n|ef&bjcqCF_Ec^BTE32qQ!RyQ9^sl47O9LjkGgP}UZkJbV6=Wg=ru7-o+3u7zKlU4vFT~SDk49cDGFIXcyW!5oO;DHpH2seUn zO1R64BI0z2PmE|_r42kP?ROGn3@X5tFQ8sVgv-|sOD*81)oS=t^2p@A1y&n6!j11= zo<2X1G2~`0)oJrhGK*^~Fas+m*Ee*=!GkqVWC>UmRJMCvS&8pXV>#U~?;6gIvm2#; zUCOgyXD$K(T8vSPlZ1NTT5t+ke8!ceDM4EvagCM9<^RvUmOF;sST~8n;e% zDa|rgRr?Nr?;RkuhiNk{u{-5a)d2qfd#9=TFg)@1+9~9xy{Ksd(1!*b;M{dpuVJj( zU@_XT2tU-n+O!GV+pH%=XBzgixp9ql{cCrrqL*QPS)Txb-}4W*7Y&VB-PLqX zrgk;NC7R5Z=jb7V)lLzkA(!sI*0aXwDab^~zo08Mob0zz8PU44ERD^iCq*suUah`T zW;$I>pn^Du(1?CxqQ{Qra8Dbz$+!6P8W{~q-NZttDq@ndkdjpTa3{-q0^{beoP;G= z3oT2nYXhw+_F^%(AOb$T-_GW;=Dd~5>oXXX;Lcf~XUW9a@v1{|a`>V2k>Jr-0jATI z=KY-Qi87k|NmZ&_Y|MPA33h1EzpfT9OJVlvHS?kcQ8j){=dAB~ejkIU$zBMqjyIt* z6}}JnYe#r}i*ioq?rn7@d0kScSbmb&gQ^pNml;>w^AdJDrlz22Grsj~S)RQmY-=EKyqYgdR zWY<^Khb@M|HTiq&1^pQX2YBy zmPlN|&JptMZ;BT69^xW6akJ>VuS^u}v_-D^kfAmZfc%FWPQuYKbQD!GieOY4io;=jkMg=<3@)vq?&%Q8c)sFX`>FByFgtlAf)!=jC; z5u$l-bx7Nk$o?l(Q(s$!y12u>^MDoYR7bamo^Y9QM=bV~4o&BcV&Z_g7tKUCX?RZ& zFyVM6g5Y&*Ysd(P!YCAYC}QU}Qvaj-o+O0315@Zk=6b?D$pl;y#xmelTi8;Uz%`R^ z2>!Kqo`ZemYelKRBd=w-E32{|65fr?)|j?|iy*Hkxd{K?`furAtE$$2s0aLeX?^PX z8Rj$mlpadbK=pC4nn}+j(w(5$|A2f#Z%L>W3MzZ|8aknJ}JIX(PgaF`I{EHnD`ISOUc)<$bGCWMcW$*v`&-GHw zKY#xPujaoc-D6aOd0c+TZdV}YWQ@BMl1ELAb2Zl!vuIu`1k{~1?9>WVFknEnRrn!~ z)$tnm2z*JkO{5R@8@le7*4mkMNIah1?1Y+bB>qv}r1sPaQGmMSI#x*p4HtD+8!&dc z25Ms?YX$Y^52*N@1Coh-lX-jr;VF92r5Ydp!TVU*&KGb9i^Mq;l*2B343MO!*zdSu zJZX0|@H35#(0uCV_LD(@fQWFs7#?d#YgatnGh#c~X|@f{XQ-fNo&dSF#uH)%%5>#!F&S=28D)^yX* zbgn>+p67MXhLACX{T>3A*`mf%hd-GD4F_HEf~I$YTnLbCbk@z-*1_Zi#6c3hR{!%vQ%gvVSERhvi`BxAWS(?@t%{7W zX3Ly1?VQ2?lInvY%JgZw;TL=@{9m>2(E&g%5lR1|~FRK@Y2|d?ezhkw#Tzbe} zywGx=e}~LPhdzE$=RIsPwD0+jJH$`3TXT%0<8X>LAS5pd4y^T0kNDp*QOvmZJ6kXm z3OpN~V5g>@VQMPyXXtYj*qpP#Cc=l#UhD*@GB>^_4(i(o*~r;_t_hu@O&B4N(f4=+ z+?wco!$zWZY&`r^2)Xgpd?&(p#6y`fLfc}+j_g5p0bz$}H^_aBXZILEDpEa}KQ27@ z=uNT7h3uE!fmVN6a_X4P7Z}}NsL~?dtDwldCYntygaCFc=acd)5X=M^X}bBJ46#XK0K5^bimQzRKOSajh7*|%F+R?Rsl(vW6Bt;k}Ex#zs(S|bwo*$ z={VTH|J+<6ka=dt$gs%X)8NvmXMEe)9Aj+QOvOiuK9SD&v8y?4Wp_nAgA*+WCeDz3 zyvE;c0~0HCEbaZH6ceCltQZ4x16!-UGpQ7y)+;IFDh8=%-%v02h)+oFcCo%V4Z;CF z?}OF%X}anCA&$QLnB75gW=FE6NtW~!-04lFuT97F!H^~0y&etbm@n!bdmo*=j{%;6 z2H8eY8^%~hwjSOq&lOBNj!Fl!VfZ+<8aqI`0y1pwt(mW=+`_UeLfVqZs_LC}^L-Yo zh{{Fi;tS~fapPF49UxEUz`gw9J6*&G=r=tOietVJWloLAaV@HND}sub^;qdo(RHw8 zg}b6xNX;IRq6uoxeNZc8rDug5CYEQ^*E|B+-;9&Qry&Qz?*ofn!rIP&R@O zfnPD6Av4d#IoE}wHsOnUNEBdRG{;MsqBW^+L@6fsBb3qEmLr}21RCr$7H_ep<qZsAw3O$(wuDQ!u5-X|^NcV0g1r?chY?DXuDQyVdmc~*taS^X?*;pzi z8YRaPQ3V_`LgkDYn_kfJDa#8tJHfN7o0GrOfqAKuILbUa=T z0M9B`aE5*|i}~W>;bjHfXff~qzzLtq|L%XAc6#`GKj!@Rx)Q|e?#~KPB!-n1@l7$hJ!NU4jZ1jo#aQ~0FcWG`c zOVY$bEvY4$9;VsNjASyIX)_z85q#6MsmKUKH8P_z*d(jEb{G%@No3){0zfjNw9;-& zE3LGYjcGN@{t5aKTFi15^8?zn&{D1Mb3YG1j|*G?%&v}#sEh!Ci+j)Uf0si-`qC!6Im&=!%9vgefBwQ@pIuCBcTN9)dbrF{t*(fP7 z)QW;OXci8iW|=4qPF8nP{H8Q7aTn@98_jhxY8*DPxu7aN?R@8k&MC1F9i z7+vg}{B%o)*rm*e9UX>lB{#hR7utIt?ilSb<|{4fXNo9TIac)Zg!^yF>}*wgr7KMT z`(#1?yZcHV5_81uTK|iUg#t8ZXnX#;KRAA^Tzao;EFEHTan%~~db&Tqn7U9hZxpAz zBBd-ZaIm8I8eSLv0#iyB+vSg#n>MscMN>GwwO((1 z1r+l^T@uxa5FsaIPeyGOkOFO2w$;Ku_h@H>t9&|rOF4hIpI7a>X z;%?-yO22@q(r&vQOoDKB@DwAx<){ax;We}mN`x@CA?Ot)o~UNVOhUTLD5x2wyL!9b zljUgihX-a>j_;q~VpHp*ERdXw{z_cno8Bl&WOKNl0nce{F8rPxU(G=M`u+KcS1uol z*iJu=*n2Cn`aIwmjR8+-IDek4GKj)@*6+0wMjO*z7&$fMSg!VS0j2906o|(UoHY5A zPu)G-wwgZc665rTed;2ffF#)xBR&&k&-pkQcIC571+zx=ADc&A<&sw;+7#bwx@Ei!ss_`_SLO5`wDE9016%> z$2tPjc?P~B`imq&S|DY0sXtpjqYJ=lD4#V31-{G^$F%xVUPlx4`l*f^p*2p2li}_c zgCSaSKcJs>a!;@YMS;?&x^8U?l>CnWVy>4--MIuxqv}i@R0>G7a2zrXBZeQl_UbhG zekfWJ21`zfa+fxV7emE{vv+7h{>SI>V)PE(4xhoILO>ePTS-e$mnp7~^z`4%7k~KU zmzf|65J6-_8IV?I1ljQO16Xr-Hx z_NDh}JTf>!Amohi*Jg{w|M4Q5Bm9nWS{u~T9%*0?hD-dZAr0&15}~dlIT@97nv5l@ zN>J;8Wp*sW-Qe=2NJ$a&%WF z;voO1m>U(Z-L1WPAu|A@yACWN>n-;x?iqDTU?Ly= zoEGoj=y&q83jA<8m~aL}e{hdtBUl>tQPm+N)!a9Boy}8{Y>tbFedp!|vM}QSig{sU zW0Oj!-D(!^@?{s3hyI_o{H-?i%o9Kmt4lQI?xDEL>X`^mqx)3m)7Nh~?Z4_Yt)mTW zWc2UmKb?BMun8fLrsJ6mZo)oGcU*0a!-7FtTeQcu?QuNWu8p53%1mvIk~8WOkqR`S zTN(4rPbaz&F{=hpT~t`bSck=#HjS<})-uYhzJk5R^-Be_S!-p-FjrjSaQL(3HnUOj zHl^%CZHu9U0l3$ZDxPrLN48zG-=iy39-BDN~51Y%!h=nH!<2SNSMEY24zib ziZjsO?WtN1h15^c=KHO}hnZ-x-QS7U+DERd$rz)MQ-5 zMxJ^e=d7WrpMa(grw@)QXzHgaO?{IZRdFeDcI!ZyH3HSKFbqW|u|6V0iD$l-RMC>* z0zrr+OiiF1({u<>F~(A(7leVeg%AwL65vi8e%;3QMI{KM+&sJG0!dP}+Fg3CA=t6p z0y)zvs3bc)&oK6K0&EXdhr#fXeGf2^E=pnEGNtZHrTk!%H>o`__rSxmzD?YEuN9v# zXN8|nx0$EWv}EzAGBYDj7FkRKTv_vY8yOHDBy}s+6csv!5R{-aa}LwvtO2*>2{fiz zZ!o>PxO1NByF-r6>@>gV36&V6w1D@CXs7PhX{CI%SW}ucqO1mJi2<8h#;S`8mb_y0!0-_ojGI}kLifswU_@fpp1t)Vg0I2efvJub&(f2Z zUtB2anw~z4)6f*5rf;^U-|43c=EFru2TF2{mY6Onb0xWqosMfjO^yX2H`V|6u6P*N z9)jWtLkpK=Oe+V9Sw}DP#8o|eY87t7e5anP(hqNlfh}Z^T}X)S@g!cvikx7xI!A%$ z&)Om7P1z8lhBo1#A(-cxLDdl_cCKGp+?8W4p~VzFq_sj={1eEAV_gr0^TLMd^)evK?H{VzQ@iaS3gdr(*`*F2vXr5Kre6y6AcJRlRPnB zwIT!NyO+5C-_BkEI`_j*rOXIH$);i}F%5(&_ymwAW`D$p zL({yXs&P7h85PGWv|{k7E#Gl^lP{B;8hm~5V_2%fi3m~9^-@j=6?p+Oe|}aEdr55&gdS)Ay(Rf+=;{8ceJ^Rn{ri-P;VK*?mmEk6~a)zXu786B}Jp z#eGrr{<%eY^=Mjp%6FW9KgO&oWWP_fG^b`eadd8PL$SMl=Z?OKp#%Ea;G&pQdoDC7 z8%{6*>X;Hz^sICV7jgK=7@nWuF8N*$uAf)Q)|M@e`G*haM;1glp)`pDAmx|P28(;> zF?BV(j@Jb-eZd^4UplAMe(tvoU zQNHN-%WQOsc%(1$1nA=+8e=P<+=TcArNj8T7(B`JZ`UPwD+H(O`BVD+h;(=YSZVS6 zWSbmsRz=wcrcWx?9-~@VZwnmc8Eg(6!HA-0%cPl(E2KN*B}JQkyqS)Nle^XZQ=iE( z40x4)9Jqfu#gnyRV2cW3rx=GK9p{YDWcmIoirGcJUpsX8eReqM8v5FPNoFiu8U}<+ zjoT`w&o`EMb2}L)oL~LTXN0YzFjs>=2s*2Cgf8j*a}F51$1goZQgw2lmYJeFt03IxYNAvX6{W$^! zGN_$SO%}%bnbmkk&3QnTB%C$Y-X+FNM1vhm<7Sl5Lp|EKIcMvt^4VtOOdeOQZBfmW z;P!f-o?u5VL!UZGuR^Y6=d=%e#IOs74NUg>g{zvna(Ku!Nb&}K(VAEp1q~q5|IQu4BQ6sHE967ct zb@F8!4P%=SyURxJhDd0v*y@^?0F{?^t=Ac zc(KA%cXPgSJyMp>yAFchy~s(BTesA6+Zr8jH+8HY@_6ZUUr)Su=XOb^v2u7CM*;UF zWdx0!(c;S>w1p_bVEpEyiL>DY=L>KPUJ*iPMfDv;%k7Lt`5gN!u!~>^y{s2d!!oW3 z{YCE3d={YL`0|AgYt--uuDdBc=D1;$fhvtMJ-VWtoXab74Rgmwb)W&FsJkfDn$h72 z=&yk3_@}-IoQTt(Mh}1u>@mW}NJ5|@-K2Z@mMSHcaE-J@cBE$7{VJ(h01_HDpX$^* zF*Xya4SY>(i7omiAI0s&5X%X-a&ULY6mlV1uoX81lDG;^WE!ST;24OTU4a|CzMM9DX?IKu@7G|%HplHmC`(V&HRdr>LayrE<19P5E-XS< zswDdoNZVNL@YK76XTz2qI2#xCY;@|}Vph-zCm3lLR+(V_+`~-$*$oq!HP&#ZALxwW zC4g2IP1$yiPIrZHx@M&ILZL@L3DPyYL(}@@_)qA53ki9-e3^cHN<2M$CeyJ>r$|W> zo0T1vEF_gOEhMdy-;x{+=@IDqS79FJM`*yZf7K>kn`Rk#PU`A*yBd;I-6HE)Z(`-7 z-<@jjjq@;d5-W)LJL)Y2GY; zNY`~u2ytdYi0?DCka&FUbeNN$7CI5i2y2T5JGXenU*3 z3C+1W8zY%ffI>TvZRkias{>*-I+-*D=ukw_c5FHt{%#f8YB(2LxgpVxdH29uL4t{9 zxhVBVP#>5@HM)8!N+m%!u)r_VVzz1G+0;}!RSR9;c*cm6 z1eG6NZgMhsL}9IOp8?n+(ucW<_NMS$sx)jpEsw{I> z6!gKqkv+`?po;$^flWN|F%QqpD}mz;c_ zoS)!}uqM2;-~Eag;pT1DguwYYF5!GUV_{spQR5?Tm*7dqT?ZhvbL>WBAOw1tFTT~k zYV9EHq+nLgc%<0-a5r`M<_`O)1FR?a6P(`U05xFxRuQE7384Y@p;TvOB%nJHdTcP~ z5o+)mE?1i9>%*jt$M!jI5|v$fp|Ki3F#oIt`>}7qeveZ7I|G5PgE=J@_ug}@1Zz^? z3+2aUema{?>1EX{+q}`WQxRVrcr~=ioGXRmmr5123Mt=x* z3K=>_G}!^8QkhKbh@VwW2gJc1@vz4GZ2%Rs({j#wluuw9@r#(7pUp|_myT&oNvHyM zs&C{Odri!dTVvz35G%{8cjJXryOb@P`6PT=InSMg-V)`}GR?T_+JO*3U5DVbj1;J@ z6ZJ0NYAl9xPh-Us`E(Zr&8YEKGB2SqOhshJD@zpYn0iig!J6E`5VD$5!bRTliBGnattqVUZBKYDXP67LB{*7X1)Tih=Tj^HeMbY1@3lY8*UO?86q(wf`CpG#0n@gEWUC|m$dvk!q_tHG z7||L#Rrr;wMIW`*OF4y=M*Ud?7)EkvCQ?p&suA{)QYIS1H_U(Oo2K6@>E zquLr{5AZ`(TR3lCZJqRc_zBJ*15&WvCg9qF7(4zWs&v@38buPz-njLo;V(SOKV7q3 zGX5fecd7Ea$p8$_AEbsRRIJ~U(p662Aw*05HC;!~;YA8oXR!A$R-)QLGz}-5F6Ni- zWO!L@@4^Zl14-eIIj`gU=ZQiN-WzD?MusM^Lz8r!5nGVcvkgfIEn;+x5LP#G2jN0> zffO6Dc4uO~HeU{UoSpj)T_GsP8;)tVRZU*~;gke0MFO$b7>oO)>S=emfc#3zb_M1m z8W*jg|e}ZZ@t61HQUUlkTFenX951wED8~jTm)dTC{~w-;>omjcI@GpRU%%{By2uvbF&sF;mPb)p`nB z{Afa!TyDixs>*HMiNf$Q6>rll1+rb4$lqk4ISGV5p)g`K(TViYa{O)U$%<{VDuXARlak^XJ zgxPtBCBukAv{y8vg?QW&%wj7?I8&RF^7B!oyM?#Cc#t=>z1(1*6goW6q!9B#k`tN_ zF*dwF^>#BXr>LhOO<-!eG&NJY_g=$oO;2r%9vaq#A6%L9m^ubqI^DSV_`r3eKJj+0lj1|k)w^(iyXOvjJUKpu64ejx%s*)ewYqD0Gf-&9$$aQeg{~$oH$o=SahGu z;2kc7;8yOq>a2&=GdhN(sio>1DBoUgecMW3o#eiv#>+t-hrFCM8MPW&A<$TQrBv<} z=@N@vFTSP~jBDn5=~6%{w{3TO_v2-@-H@|FU0*5InkzHjvGd;nxgyJc(0?n>9bj8o zB$-bBc2VK|crt3Na_gRqr?(Jqxh;3Ay!n{?gucq!Zs^a!;WNE7Lvk3aBmxsK_<$w|iw|fSlu&Dva;~9h$&5tKMV1*t>{NsbJ>*LleSDO03|2}i^Ou)3T}gWs}f6}nsSF;5XNg$f`Q2VW)6u!Fn2wugq2 zcndiy#AU4r#E~=OJLz_vq@JNIq)0=$!las7FT!y@%o&{|#R6-1BOBcQ(WW>#Hr>4)u7Sk$)b?rfMr(( zCJ*8XrdSMQ52H2BD^v1X8e>*BQ{b`#m&5wnDE%O1!D)eWqxz)JN)PG?iaww5scJ@M z-0a~MVWk4V{}Wta3bIc+YHb#p#D495k-CvE$tBB)G|0F*rxJ^%Ko{*jzDOG{mOMOf z@8@Q#>tR`L({b}z7$dKwr;IP<^$U0{KX%ag+c}J}q8C)fWEfKUh_a)z(F0lUQ>hnw zat2mvdIqZ%NQk2q6YUM^zd0L}sxS3I>WOLWH17XyIuUF9i@wNn+=lWCG(5td#n#*q%L;fA3nljRf04kB&4xS%zhTjtqI5AgSsi8RY{ z{R{o+^`M1BKe0GX9Gjg9d6}uIv5&ttBq`|E`jm<Gy4Rn$8a=-M@a|bYGPl** z=Rt}@N?v{FlkAvU(ZMEk4`EHB$y=ia=wO)WFdRyNN_q61ZEjssPgbMJp#Dz}`G8 zjH|dCyGTBn*g?2yYE@iR%lx%QwY5~_W;L0qf?Q<^t^?Zq2aitPEC#dXV7MC3XK>gq zeZQQT;h@)O`n*_oqPA*$LIUu=;OuH&2=Zjoo;tB z+Q&M1;NCqeJ1dc}iduU(aOkY`!IeeFWj~ps{l?&7wDgX$>%8Srt$liZaSw}$)f?t> zCHuaU@MkeI^@l^Pec#+mWB`32@7*Z)_is(a?3@TXIY+q}I`5))g0;G)JaTQ#;`w;i zAG~O#)$0(m@}AA0NH!wJ5(lPKbu%$xayVNpCJl7E+-t3yhcggxWTc&$PS)%=ne zSycT7)z7?UNOiAahHkbmt(B)gMBe_evIYeZ$_)Z_dqLqzef%UsV-!QhEGpWu)fhq z$Qa*1YiK5kP@yK}xb`D#>E@{<`(HM)GsMc-c>}K$X(QnY9PEZB$ zcYMbx$MdSzY*ulynpfrgnk37)lV(k3M~Q=a^X6@2Ad_qjso_3*6g|8XwU>=wi0Q68 zPtVK{z2em)T0EfR42Y&9x3u1A-09&-jV5(i_;xObm?(5F3F`?$$Lvn5M2}p8p$Ag& z7aj0(3=?a9kc-h`k}Hh-pCTEwKXOr-chYG5=h z(PT7w=}kwoRqyxEP56e$@RLTx2s4=(g6g(mU!##q*GX>Jn4TVANOKjnqs3g9$(O)z z@N>|*l9Y%Pda8^Zv6-(IloYWE>O~P7D4XH*sYrrRcbxnNU0c3(4zAFQYP9%_UdAG& zH$9`4gOz1vlHMwp4sFE+UvF!{p_Fu*iCDH_S)iHtPsaUhwhXllDhVFA?*!5G{oep6xtd4>e-5l^tY z-RMq>q1c8Tq5W#PoZrA#YWT9t!3uVgtD8y9VoKt8f{YBgX-RGu67* z?Fxhq$jVRGy-@9zZ1v6Wu2<)5+Q4qOW-W2dWMb^)5XmX_n}eWqxC8PYOZ#B`cBMZ} zXQu|d*OqYy0gn?*_%%{RE7QrOB|KCB8k&-FrN4!A1(bk}pdtEsCTyIO8OwWY0MnZd z7bDkpyx7O`AR+A#+td=35ZMqvq-fC(-DSzKokIukYqMF`o^wfd&v@BgX@5>GwBAOI z=&GbSkJz~PrM9=~D`RQQktH++kWC6Iktf6#8%0K=Jf0yoL4D3vU!3S%B za9Pi;7^@DYh6hHTNd_rwb{~D}OjD%%DB>zN0$|= z!b4(qfRR&dli(#v3I*PCY#jhE+{w{TpWdI|2yGFLQp&By^%9@nhlauUh^ELon6cr% z*^!|6Iwu(OG{kvWJpw1W8_%_;LorehBO6f+MDv54yr1uMCcSoTYwURf45)4_cm-Ck z5dv$a)cB}&y;RpF#+ zOgth*VC(A(fYz3lm|U28dnA>WTd5+^)QW{yyL+`O7wPtkY9BQf%as>lfF zT1#UQ%zgHS@HS5X`uD9KrH-xP7${=PDJP9f&!Zbm#EJi z4<^5n`KDB6d$`;U7*3Y5te>$Nm{=N3byG-~z%@qDQ5~$o|Hq)%UsUny6H)tUNBF z-%v6h*t6S~U<%5EDY=PpLA+QpRx+LoPJ7mH6>BWn@HMw;Nn@t6Bb55$D?;8QV0C=4 zMX<`ZC5}FnjH~uoOTM@D7m=chD?v07KuT4o`bG)|Iad!p`w}xOG)b}!9!r;vn$qhe zcO{$z0fjd{u$OaUx#iQE#!K>3e_7wpoF0-y?-7B zZ)iy@b$#Ob7PGh4c{z34Qqz~2z`(|+bt+18OvN2%Cccl&%*u1bC^))3Te-Db6ob7_ z-P$1d`V0*<7;D8BxyV>P#G_X>B?4n#TEV*6RWKRI#se4`W6<>C;hCsY8pnj&qQpRs zBzF|V)63ol_7)y?UD^Kk_P(8Gh*O?5$nFyrqZep24{s_t=zO83AnbWbp)55%*2idH z81WT-6)y3oD2&i{n;)O2DImL-m4tgvE9vG5ZMKunUEKZ579F4LJ7Bw+V-lo@0>ghe6xf0I@%&OPpxnYFauoB#<@Yp%>3o&vMnX}` zuK=#yT+{PCLeRhFrSVHzDsaE6Q;CILVWeocSQ&|0hgTbowtSkPClSi1(YMs`w~Rx8 zEuf?tJE(zRMhI~(+zxpI50Sbn)N|Y3q~^CGu@>>lxVLViX9&Ao_gb`WMHf=G-?Ycy zN2#7&T#uEcBvX{?nwD1dfnw+DPKV8WU6;r1*yJ07lT-L!Sn9Q|3xqJbT*V|u0R(iC zV{JzK2wW9G1xM-7`Very-a}EzB*DSz5qw0Mkf%-BJg6>fpe1I~@C>t`R;$qhsn;RT zIS<87>Y{u7sjt7Ur1~#ygwNF9hzWs!XUaivBJAVD?XlTRtR)_arJK$^p1@ya-U+je9|}@GBk1u3KDbQTOrvwW7@;~3g9~SvP&;z6T6|;SsH{`{ zF`du~7yzupfP-m^n`@~pq-4kDfrVEu?ECD}RpTj`gEX^0GVpALi_rk^=NS;(u*5f%;#?5drtbO+6s3~#Q`eD(o(M(S*_1Q{4LDe*Gr0TtdAYhDk0y7#yAYSho>*=pyzSGFWxfuSVP3~f z3~wL(P0={?5`U8DPrumpjo4ZFB7i|Akfw*1Sle|%i~Zd5BF1@Za;NhJZmzFa7eU$k z{qlXfI!K5wP#RpB+j8TNjZ;VK_d;Zjk|60j9oXqY0o!(tbmiOIOZd~`hsy^5Y0Ws=l9Urj=CB^5AV55vgaRe_2}kG?u` zweo-D$1dS|AM{T~FL;EoY3_?r=(fVN-*IXx6$6+me_@I{iC@!W$V$`i4ZmIfmH8}a6yLf#A2VTCqf9kizyZJ@e%{f`ub=ayqTbV$r`?EmNA zwl)+hMPp}O#m2^)!z$BTEAOV_o9qNPLn~lfX+Q0CS3hQlJZ3#~d0x!?88b}h2IKph zL-LsyRgXs40GtcBCKhoA%4cDAXbPW))PQUi7;cjD5316QZfCS2PG*(tRd+wJ$>t=Ph?c8~IA{~FoYmAi+269{83!ts zJoj&592_k-J>g9M$o5y+@O8n^rl$BL&o+axu$0~5<&WU74NZ}>_ZqlGCfv7Gsck%h zr2nH6-}Nb9bkd$<2CyymF3?i$1{IaCC|xK58B1U)3ZAd0!J>M?Sn8AE%35J2DJPLf z^RQ~3j38)XQsi9VI{_OG2hR_WtN!TgaP-7dtEHuMg)lI$fJ}%=q0d33vj22baZ|QM zIQ-cF*MyOl3{H14ikp znvm#&^2ovc8pO9*p(pT@>-A}ze1CL8XMmG1cB6kssvRJ6M{~qKu&Esh>M34*;XcX= zNX!Wm=DQ#n;T5mxfJKhO^!sB9YqM5r6VD7%zH1GDCr1Xum|DV&gvZe#|+tN(0xV&l6?3 zap_0kJ#T)*=; zhtC2bhs$q3d!~w0fD?m7>>RlEsU#(dt}|`DWoP-O-O#ou5>gA4HRDpEF{I)6ehjqK zwRi~zIC`LJpK7eACi^50;$4bEK)nwm3<|~ROk2fTGu@2S?D71PC#**`Kh}-ATZa|h@4X@aX!uFFu8{WwA zJZ7+2s948&)fmJBLhY`$tF?-Mo>)TX#H_*D$ zvtCs%I1)y^Gd(H6Bx0syf|iHOiwNF)SY08S`7q@74x|VKj)DyPL)>|bpqchY4#p*8 z`OnZOhrjuQ^3O78;OrhnyXY;A{YN58#WYit-Wf2@LQR2lvd%A|N^GZ1eZ7?iq8S&> ze|e3$ZzyjVG7{VILCSuKg1^DE|1?e9Y+%U+t^d9%N39xH1mLFX3p#uwnKNTMt}{L{ zTO@|4-ZUXN1K7XDT2N^O3uR%w0Wan%TS3WI6>LLSg%lj_q;?uQNF{L15Z!t@v)OmD zOCm|0#*{-ap6w>;7lqbBFS|n>o72{Nay85`e79OYZOb zI*+8gT;?%&epABa7e}6w!~ri*~F~!+p)7?wB6G2K(~jh+oBV?TgSEMiC0b?!|Dy-yYNm5Wiai{ z-7QdrMJ2);V-^CRy~IoWCY<}b5emrfu;0QlfOFGlYR*j>M4>I-K;H+QauE{^klSE! zB`c=8gmxe1^Sl0nXu@K2FISK==AJao?F{K(!*{V%f_9FFHJ4;N!X=&J;Es5;C{w0^ zfozb|ilWct`1iO)cz8DNwCNWUySOx*S56r!UH2GRPcVwNVf^KsRGHGyaeoCJZZyLE z;g6-mxtn>LW_sBJZaRi_dvxa80s+XtlH%}z3U7-Cx9D?)t+LM1B`zhGgQ`T&tMe0V zSTY?Xac%aV7Szu9$;6-@(f5Wui{bNRuyC|T?bDb0>If!y2rYTn_$i_W zx5_@HiqBw`u2)rEv0gkeU&OfAM#MCa*)WO9RA({1w8W{$RVM4wTWd~{7qLLz+8Q$M z6X5RT?t>Rf_EwK*em>cg0frAgMl?EZ8b~S&;v>A>q!0Gsa~+)Gq>t0I#JkZ=rd|xl zxOUYjly}QXT{vqvlJ+PzerpzL=gXr75-2GxFInvb@U1SVZF*gXpz^S@7!98n%kj%d z_-%K68Afmpe;d3W*ImV%e97Rs9wZS@$dV3bT_G?KL&Cd*yF1Oc4hQI_JYIdX>m}IM zaydsa-SaKD`d~L49@F~3k;8mx@QB@+w8l3yH?6zU01PC}TTY~T zi+}?>Y78Z9S^ReSXm5X=Hmx{go_SVr#*W2vyF@JT0;0d*v>{EvNE{0c-z}ySTsfdF{u%}Ckb|o=F^B%l`v{>t6ywBF0XS0J11^b)Xn@_x&S3zWuc**h6iOAqvqHr=I~@ThY);Y0y{SWBHQQOhB0X% zuoH_h$A8HVo`?anqLc1M)o7->!F&z#d4OtO(KuH69mO6!Q~Yvi9H*=m=1p>qoet>k zKA$RyJgEqY=W37gae2190n~W;1+7FpGv))^&fw(1wElMXO3e^{1UZeVbxj&Eq`1{i zNZW&ccBMDP@43g5nA6Y;&BXAzO;sOuH*@c6NHc|VM$qUMjzzLChu&&Yt;r*X!xOT+ zYoi4_SMcrAN{FPtste_A%S8$o2qoE$7Y-?$&4YgW%o)7Z@+A0)$-)xW#_c@Wos&y| zY-8}0hC^g~(f?O-FbQMZD#bUDH6}qrHjM#$C0_UYWHpn^_;D!h{bDfe-;EzowyUnB zZ!diATSbGLWjEY$nOuu7)NVdKjTT)t3dUhhP9Xrudyv#bB?Uuhk4J^8MAPUEQ?SHq zY_|qcCUn8)6X=&0Oc7f~`kF+xn5!X6G{!5bR)mc*CET>Tj7o|!Aa1!HvA_bOE|rou zR!mEa{gtR|xd-gm;Q{;K4cNvD{Z!83IGNC z4*a-iF@e`id_njPA>NQ5d>j1A)P}Y6C`i(7zTbBI8jZn-aNC>h9GC$)PncwB z8)F10N)&>5bn$cHqA?Dx)VC1g33ZjRp{N5ev7wxpxvr=uU1<5XWH1abA(?9kKyt>D zVkqrE*Vtv3x{oAHUsr-iVbz~alGVWhT*G$V6fl>v(ei}m@OYY}3Wpc^rY&Mo1jCT1 zkU})qL9}VSy;${Pw4V>`QXe4QGF4O1Dg!84P~IdrqspY?8xV(0q!8s@cqOO99~2}b znG0-gr*TQkc`J6m!ov%n2c8PVIcmJdi}IFmz$4I0w?Z58KsSb$UDdbIIGQ6e-zoZlIw~-G+J;ovd+uLd;xS=oX3EDQ>X1XO}u1ktF^=7 zc3-;jdwaf3s(AQvtLM>ucrTcUP=Mp|-=^T_aAf_PdWX0U05H~dCWAknNxQg~eE;=m z)j81dI5dArXhe@EgT~kxEOOxU*a#lcQ6R{Z7HOojk>{DA&K2-!jDxTEQf!RzlRKFy z8K)%8Cef@h2f4a}rM9^@B#0BGTJfHmhszYEnscA5ZWSBJ0cM9v# z`WMk^8Wpcq1KW9f;pAIoyMd)9$84*FNa9xq6r*9m*X&?waN<}QkDT0LKEv=a!X`T5 z!^=^2!mHYX%(My_q{f~VW}>kmjk_Z5_68?f#3w|4GP#>C<@N`!ndK1=ga-%8v9^(Z zrOijiIgb$qxZyab{4T~GzOc;69|C(Z0+}~#%%1tG;)n!&4xsdyRt=Z40S-y8euJ^WQS2oX;BZ8#v?u0Y`&B2=zQF zS>yZ`&XaW{#B*qJgfY`7IKtMkI)Bf`?$^(^iH+EVx=;+W$|M9qw%aa!6U<5xKjeu4 z+M&2!A&1aVHu-UBQ?h%tsP)3)40dF#j5Cg7wMl|AL}$LOFuZ*9aTY|-#JQzYSXVJ8 z&!8u~CbnnO5{oWq;mCy}CYfOMnJ&D~#G^~s@BHd-J|p!uT6E5POZnT~r}^S<&;lHK zM{i3`dC}w?RY`YuS1c{~q`VEDHjls_T#{R;KcFPP9Q0?X{P4%o0cjvc}k0;sdJ>tB%IVJ^T;nXe>iZt{=#c13;gs1WJ?_`di1!2kn}Iykb^ITE*l zEIY=}dsKCr7+*qy{CnUjCLkuhhbQUXx-yV*Nwxu3Pz~qSuLfUa9t$v6ygi;%0i39GI z9?W9=doG!&6YB~}_R0--t?q9)8M+X=Teu&4e+FNfeXzo;iU*NGm7ZSVHbJ@KClurG z);07h$>Ljll*~U~8J2NtPAUnmn>eXXC3)Qb8Qx0;xA%(6EKQ$1hkZN4md-#4HH!aiT0eXMP_Yp9@kfMeEbvhH@CbMa4Tf*Z2lX zQOJXYOV1bFZ}aVP@!Xo?IoHt}t^0j*EtQiA-+^CE08f(|k@RqQ2FV3keK5TpKRjbV z8*roB36dUsv$_zl8@3Q$d;49!SRf9v>XVPyn9eC0j0$DOYjZCOS%M4Zp;Jq6d25lA zDhtaEKZEgzSv$wys_vYONAF;o3tG`EK)4qlWPtHyuFyc|+TG=`elT)xqe`frXGk0& zPmk#^Mvh}Z>=a`LE>trpHkye_1c{n^8QBKDi7*`URyMVgqzx*}$!~a9v-~Qp3LYIN zaU+}MC`_G`&+~`hXqD}!0S4-b#bmRl`7mE|IRfYwIDHyJ4;&u;7L7E9kE1&l;(h;Z zHM&N}QSi1NA8)M~rqvQfhaBqIIFF|$OmLb(Mzd6$i(ut=NQ0Y#!${hZxOL7RI&Y?P z4ENSfwnz{`>^)7pD0tkCBI45VDpf}iY1q4(Bo1d9t;d-rjcTRRsvsGf_pmGaDQ$F}9;7a;>Oo;r4Oy_@pd z#RI!sr+a6Jjy~q`eKD1k9a{{F2L%W3qLSrb>vZfFX zd*Ge3;7!K}7*%F+f`h~8Z4N94j|x=Ra&*_14kyi!JR#sq5z;J_0+p#O>U|l z>j+B2tMGCQ?UCK5&K;rPPjqftX5b?6T7ZGvf#=TF ze0bw~@8C5RQ9YA0zH&xXPc3vmW$2DFnY-`j==nZae5(veBeb|2=blt&m)V8x5uFLa z_T=N{%A$$9Bn}6`S52sTVD+J^c*2PzgaSeKPEYS=Hdbfx0}51rrtyp(cDr=7_3gum zP7SVV?Of`r31mg+K|leF)w9Yf^sOdJ~R$# z=m1C~1a&vfT9`I^SJ)xrtL4FAq2>a3X_dXMg6FfyHTJHX*r6zn9n6U|MGMki^X2xb z(0eP+Oj##02}(x%BCHTFO9W{cnh z)3~$_0z{;Cz-aIgkr}-k zy|8RrsQfK)YI6_U8buKg{{c6 zWmirFwXrphw8v>0B^f)cDkL@ z(yc|qIyF=g&&i=#$t2+Z>1Lv+HqrtjsW45Vh44ac>^7>=BhS?Ooudz3%t?P5U27c| zS@@Sq#NS_1BuSugj1RULW3`K5%yBB>_FVd7`v-xR_+ZWol}X!k)Va7)0?pZ8O14>& z7N|++9D$sHPQ9V6w$dHZa#5y+`DkIIV^SClv9VDAlnI;@dElD>Vm0^}kTvZv40H^= z_@hFngqgg;Im%r8zPgPI=3mf?)m%z7fTSh-&2atraXn0kA6bQblFU;>Hobd^KR@d{ zHJBUy4bt?zw4ZJ`nd__%f7Svx=V5Hat@Z{B#6IK zJf}IS5)pKd=nN;GuAjBDgCoaXr?0D(VhvNJ@j%A$Z4@`?jg5X>8k{;OZ5>M3%%*Fs zz%?sY=r%gTSr%Vcwbqn?-c6AxNgxxyeDW@AiYHdNer~S|WSEM6Za{_3{J^Y0SFKXf z*XkNm^-NQcVY1bkc-SEBUJFbUjvqa}902CzITX(O%2`u&wnneL!fCw3pNd{12zdFU zwA~HJnD@p%7W2ZA=Jc2n=?9c8jYBSG_wZ`;F#0Ol@#iI|N+|n4NfzYOae;EZgLcLx zIk{txp17ycJ~W;Ix57a&?G^Me#%rg3eALq-=xJJm+7jd|aEKbi-~(vmEA8nHK7zwB zl8ROd9}fDb?`4c30-S^Xh0Kuukv+OOoapk_?}~?r@X+V>dnJ60D<2Te%;M8yZ_|^S zw8q6qn1C{N+cj;jaTc|oLHz3KDJwLL8=Z5FHkK@#DyIN6Rji`U-x@KqPLz62KII-Y=ByJ{tj)>- z)|p(~%a(4I`B=6=MBKXE=4$t7!ujP;Hox3SGkgu^ZI5T~=z1L#GpXAVFRdjmyws25 zu1yJZ6{ojLZfc*R0|7M7ZxKbU73Dmn(iA_Is^lppqZmRYwSA(d7T|o_9N;*k`HP*_ z+;7_+j>y+ingM0uX-tkm2bfTV6sM(TXQO6nG)HB9W)|E9*9+KKNtd9ASY#BpvRr7V znXt;}+dumD#8Upy7DHg1S|MMA9)poD#*k)FSTg7Ljg}gC!gNYR0ZJ8vwEG54akHf* z8`O#gh0%zYpJYSTso?kzEuSSLQn#pHvY#RjzGQcPkDFT4F?^0%-^P?ds?Nk`F#|h- z>7-Xt@oWRM{B{%|e5J3|gdzu(QSB_`NIax=X}>ElFYr5xJE^3WP`SNWqzeW2(dqqC znZ@yGoy4m={(xaF*a)~ZxG_ofX8bF2zy5h+H>J&6P)1Ww-x}jS83fC1T1P8Z#DJfX zN$}APW%X`#vx;b8Zuyp0=(}}yMEur8cxpKfMp9xh$>}fb6E2=@WH8|6MsDO_2IA~? zhB3PXv5WK|NG?<-M4!{PmX#&XQWxxuTptgV8=S(6$?eITtb%pOGG9B1pbz^$z<0#? zsYcM1VuS!kl};(e8*4*Z4etsLM!{CrV{4Q7Bz$shp?0>eL--!g(6SDJ#UWXrx6UDQ zMVJsXTiyfUWOHjxwmEkXqmRCpEC6=^@QK&K;*M^v=bUM`wza%#2wF@Na)Z1kIQk3* z3YQtGU>2Zk1s1(JBVE9lY1kqC^!keh5#Z_v}{86hB11Q?1s zpi%IyQO1&n z_IEe87xU-CZc~4kOn`-y+{CC{yFZnj_imEV%pA~rZ8U>B%N}--gQ$ZejenD!C9$nr z=FE|-A3QjcoIVAGVQSb9^g5z{BbSk`fp^xJIEMbkZ{u%N;6Of~cSG8_UHF8x0r>oe zpuF`Gp2Zx!#~BfRFsLCJlh0xF+41G%8FCISM)=72Ik7VLcSY5`w#LePigh|NMoee6 zWl9d3z(eSvTx{=&Vse!D9K=Zu4}KazCurIWy7|`&v_{jOYR*CgzSj|)TOyVKTG41v z+9|SJWPFD?4h}WeHS%iY=y?X#=x70zgU^*lbr+;34ijCYtx#!$JkS<^1KpyuKMM>g zyl8t?cGCa8>z;xvZbd!8ODYBPa?OAMyS{{Vy>Ggh+iDM-1DW*A^6Bo?@1~b8m!Dqf z1jQrR(9bxtmgx~we2}FV^$yU01Sn6TI3zo(+I`0;jy6FJ~Y!39= z5t+R(x)bctN!eY~G%Ax0ak4XfQ+HxJHC==cE=HpzF()y&XsB0M!&XDhrt_=>OnIId zFohj!?xj$?A#Ri(g?n_b`;etKc+Pcl$)KdpId#b9k10u-wI$J zvzfuv*xF>HIvQP+%(uq21!kLdI`&#Oot_FkD!oesURNunjib~>aD6(!laI(d67Eqx z7dR|N>`$xM@LZ9v_7&39hLVNq9J3hqx0on4L=s};(&Nti+G&5EJ`>wfB%5E;Id_y5 z+VQ3K%`{vW?7er$#>#lv;cOFk2#E*wHk%Tlycc;fr^-N-UUM)}Xp{gXBk7sxB_anB za)px#n5fV0IrvNE6oULxZLygeGLi>Ybz2-}^aM|-OM^-EE?yQ=key>NfCK{jGGnbK z?LsJw76a~9!mL$s<2HX6sq{mRIFXtn zba`E=u4ZQ!HB8dK%J+CVWRDl{jb6q8=)NJb@`Q>&)9vLwP#{;jdC8V`dI{o6U=F)s zRus33_fJogZ=dE9q_NquAL;@9g7{CVY}(LtZhKZCf`SB1Y*_`8a$3_~GYN`!1{4n{ zxE8~mv&mAdPxR{JNV4Vu!!C16)H`>hL56@Ocb>$62~cO^){$vi%a?RhA2O0d4Te{miWNbZ3n9=FZWTfn-KvC~_?g znHdacc?GQ&8^WD0u%s=lsnZj4j1E3`^^~XFYnDez*He;Em-g;bcd!~#rk7yJ!&#hY zkq#xVHN#%lSfr8<30$#8o{JY1teMG>gwL(Xkf1pWf8qAgm;-H9Ong^~my6}(qo0hY zx6gn%XyshIMhzKsZP6*KK5KqMASMxfDt2OKQ%ZLLSpgT;2J$wBPU()ymqDuqOhQV% z;CQI$hnE|n3Kw{xY{v#(F5cK^@+6+f8~v>xpqAL`^U!%px*KZ;O&rp-b`zO&mvu#{=%aP&dpo*?-07sA zD&IgXC*Kfaf7r*fS za@JzFhE(i&jgiNFW)J-!2mkhB7Knz+wW5@&I>Tz`?xPu->#=bEZSY+T-RK-_Bh1mn z-Hm2=8BS1QjPoi8o%i9ZAfk?_v>Y~w2ePC4mN%x@RlA7t3_jXqjEPZ~!wJI>w*uZZ z68YV`R=J5y=xlmRjpZ~`Q27;8;iF5B3dNd2XgX!FCk^o3AuHQFG-wUCI_qwD%LG%< z<`pGc@gcYddnj#u+^9TojA`4VH%A`2Km^pzqdE15GrLL32`u9nu?9{1v0$QaJY)uW{#f}EAAT*JqS1)8u4ruUmoAeHx zo$?#vZfi?lb$0=4<=0vX^X=Wfm&54g2WrGvuGkCEmyO5*q;zN*SN?HK3J3nglN}=< zG#^mM5b_k%uk#nN-0W$SxTW6nd2&D7Qp?#Uo46SVQ_VG8YV zg3xK2lELt8(j)N)AIPUin-ASN(x$A4+oqV|&?7SqFMEF2N7t3#;geSmnbajudSfS- z#uah|^_Ojo9kBY&f%ICsACCZ$awRFh!$vb}*4k>J_u5!(KQDlN;clPNG9CaOd}u_^ z5ia8b#eW5hrurr+QQj#y!Re5!68=vE46Z_?Y(f7r20alDmyx&gJKQI7TfoMFXW$*3 z6OY1@bBO7DM7ujDcVlw&;Hc|t*)F6m5j^h}-=no<i_c(5+$%R{YLL)VzWbcq$O*lui&XwooS!0d$)kL@*kmST53 zT2ef4j5o3AAXMF6!#l8Arp2<7znX`4^jx=QAsK`Ns>#)(TjbIRK?{RQ<3BEEK1Z-~ z=I082cpNO;R8?%HSLWtWXVsQx7+>2T&F}4`4!h8hc!*&zzm@2xy?cA$$Y<)+W;@cU z49Y#`^kSV8-+7*m|A;B;q;&Eo-1uB;8_aDNunPQ~v?T#Y#~5tVd{$)3;Jf^2=AOlv z!t-6I8IqOd0XbR1+{{pbD>1Hhkq-e{xbjD~r=5Z_&UpC}J9||4*_463i(h>5~ z0E8@>n7cj2!`r-SdcNU5abe&Ml&pR2E5D|5a*W%f53qgChmmXW0c1!v=TQ6ycG`=%?O>EoP*XZf%DF;Bn`4K<03J+U2j74wc|;c1Mzq zIKnyxP6i%(<$9I#uLEF53#5NvV43tccU3gwk%p*95+jH8iB`QKzyzZ;Ik95jQ6(Ln z5V3xMC|UPQ@1KVbz?wbCOc92IjOO}knRzq%wHMNuQW}C?d9V`?8~b&Dw)8v`sB|&9 z$0-~RzQz3cPuQ#;ljxcY2OA7X?H4?7{DO(=Ayz(0@g(XlWJttKKalA)q|^I$Ay-A+ z7ZEY^BcA9ja;3~ZD>TeHXi6$FRdmY;J_QpLBS8Hb&anKNALA-z58cx9 zVY9>W3;^C3d0CXuVZyt2{v3hWiUN5ZxeJyeVa=E+x9a-@(g`{z_s_ov-bE6YD|3 zL5%0S?cnCli67bR%XIUeM5p)9tLMe2_u^}SB60-dPACnyk;r}OA0Bh^#^GeXojafh z*2oJs7hCKh0;ey-kpm3l(l|Vc#c5k}J|Q+d!lGh$7R4%maQ*$yP$mh&nCrK$Um7;e zr}5prG@}(J#%6?5Jd_12f@T}9<^$^8qeJ|q`}3u3=aPy-HK~(+4>$abQR?DlWCsCb z{fb^kU%$fj#h*&AqhS6^KszwDoK1=3P4%|sa0%594eF^rOA2>tRZJ_2cg)nN7we@X zSVl|%R`^~^8FIZ4oZ?#ZQR%x%m8u1ek`nS|e7eKojIjZDnXElxZ-E*8!r62XSNzRzVY{o&<=Kk%kPkXDNt+*W zJ>F}}tj)2fpSkm5>0$~EdduP800o1V15~u$z`36wW+_J(c1{szx$bLrhZ?X0ho0#b zFHo9_IAb}#@BNrtO(+16j$M#W@$@BOodeg88na-q&**_HTgta+t}BoFTKV-R>Y{6p z4jVu-{)CCWr+&zV9jBH!%)pZYSWa}@W!}s~g6DLw&6?wCY*CYW#&{mUg{~;Awl1s_ zFze#>E~mrzEz=*zyn2k|!x@P^xq1#uX7Bge2#Gsl)tt7n$-#oLxJVg&FFzXJc^u7W<3`PrD-S<$95aPT%Vlqnhsq-w2=KH$BMUM|7`#zC2vnaATtr3MVnc^v&ku z?BOi(xRj|JDOXuH1QT8#`e>UnAPE%`WKzq?*fMBSsud$w{g0*HncAadTDSVgKCic`A}yvm_uAdW833 zQ*Q+e&@xpLCC1Q-jjbRE;)g|H9-adfJpe0EGm})HVG@@FY#2WG&E|nKU;?2I0T}Odj zsR=q%KzCp<0qIFhPVT>BVlcA#tUq@<}W9_ z94UH-0A_7oz2$Y*(i6lt>k)dVND%`HKwijVbRdi==(&t7y)Km_7(DU_6Syd;B1_MWIi%ah19&r-(yPu3U{os>&_h zdv2DGM6zATPha{$XQ^9daZ%$dztq~nNkx8#aeC=`$cnafqB)n^cWFu&0JPJ3qe^E%cXO07n~T^J$B zCKWdLRb+|J&XuVs<4)(}{4<92fm#-Nv|6sZxmQ1UsE{X|LEr^Eo~N#weKB&JzL=5! z;tnM5LnvC3g1g}8dFcm`2ojF@evN^mn+xTnG=_Q!E-FsUBl^{zYhtL5Mu&W#JJf}3 z9cLoW^{IEHDE6zWR=B+qeCm@(Uq*UiGM>=~-ocDYen;5y+>s0SD6Jcm!~`lt6ODl- zVL-TJ^f1SK*QjTVSrXyes_G~y1wb7?R;bpB(&;`%`}~; zox0PnG*>S+ZFE}g+PK}8_?mtbL)C~O_)w&1AgZP#(v`9bMNqfXlE>zVl1^pj(Nx7R zeK@gdYeLbDnY9cz$?D9v7p3&}U=1NlNi5`jfPZu=!3d2*XZuf>sQL2lUJ841TAaW8 za?Y!mf^9HpGo@Wc&H!T~3m%vtg{`-jcsN)s88AoZZH-n}PtIr+g{e&&2zMgiBHF)r znm;)Q$7t3vT(6s3p{FLTO#(P^`ZWgOVe7WUe+$nSOS5Gt!?CgWmE*gGqO6&!s!|kb zSWjt9JVfn)38~u10zeRB>l54VfyCVqk!S_@uv((>MOV}cyW9lEiZZ5SP%F4&8q(HJlV7^blhGqt^<~x}tqq`MsdF62 zncK%ooMjn#|8QzeHLP2cod zx_B;L!3QXt0VN73Z|Pb=M{G#ViO9A&gnqb{Q{7a?ZDJ%$jPT>wrfiBWRU1tTBE@t} zh+SKw3ak@^(>_rDWjuOq2z*LgoY9f0{$m$i@UA4cY9Z-ENFMmX4>KSI_lwa8DV!BB z2b|zru<~K=DDPrY*xH0SccgcIo-)cuh+;&@*Jxv<`4RU}9GN9OQIN%2Dh+e6!j4Or z?0+VMnhFV{sSPc`_(dTlc&I5s$Mi^(g8oex`ko|f7-K3zXD;gr9@+GXtk-wY9bX5! z2yp^Hm{+F{?0la$XsgkE2e^UoO(9nL9S-v*r0}EgJF%j%ySJI1C!6yDcn>P`7N`{G zC@nWe6$0oj2>z-rfZ3eDg?M(az7o zBZ|7aAQ{72@Md*6j@X}CgRTfHQ}wkO+y)%dx|cP4Z2N#Gx5*Om7?wqlwg5nt%vgEA zWCJfQ5$mtnJ|7EMRMtsx~L1RQ4^HRwjLdx0Gdp^vRr}n{x52VN! z0^b=L%+Ft0G55T>KgWR}pTbCa!Zh&K-`fW$E#ut89tAD-%iluDR}lZ5=Xob5%;qK9 zr!W1m;#&GLBMH?5Kfu(p)#4lP-Gv@*jrIWD2q^=uW2T!D5F*L$t8l#B7X%465Bz-Boz6Qai5rKq^wbJF3U+mpUa`r9Ij?`A!=n0PEVa*YAK;oh^>4dbHjz-X7C)eKEat zcI%*3Zrn;7I_Mz8>JOts5O~o7-uc*oEyS+@)B)Vno9DSCUVsfo){L3*EWI2Jy?Vxqe-VP(E?lZ&xwO-yw z>*aatRDq3L+hFk;=F4#dH&QFsHEfBwqV+U5&HV#QVE~S*4rGM;w=kc7(30I~A&z2I z<^cU!&G|lwy#)lmIES+&5JsXdVZkIcf5R!y?oh<=0FSXmLl1xpucN^qV9}nzWr%lb zdPyE0!%J|C%mJ#qG#fwqivAg!biBl)I0m8ls;jVe${@U4mhB71K(5gCjeU?;y#7G8 z=SJdwT#b~L>*8B4WL3n?t0{bsQMKwh{3CLIYAAtsZz?u3tM&J`+yNblM%8|Egprht zJ^;WdeY&YyL4t%T#BWwmqhS$T_pH^h*D#)Hvb~-4+RZ7${AeBXWKu#$q>Mz#uJ~^{ zdf8u(+A^mHM=RGfg&!1s(cxzz>6!d{`j+dFpt1^-bpK@gi4lYql}|(yn_7#GmiC&`mFGHm49y3g-2Rj z-9qP}H@h2s{oP=K?snPv5v)c7Rv16+j^IJCW&eqtpE$Q6Zl~};`9Qn5!we4`IgTvn zpCGA#1p;66)bT}ApF(05RfB*!pNFgT$6=$-?g!%us_*v<<<%{*bLZpZXOCTt%F`t# z;}R;F!Um7=)$oFi9^-;;2&_Vdo5%1dp&eE*1ZtV6gQbXx*QGw%^Lxt0-Z^5kn%B`T zDhMbBUkIlXcsft+EXjcg@jIjBO?gkSk7XHw+^kIo)bjv%n^{Y_v+^+^#c*-)x)VQ2 zzLq7hSJ)UysSkJsX*^eD7L3*Yb1)K&3=is+S*>4Gs{886P!q*v9#js+uB{}X&dGY< zKv1*FF_#R03I&x8U{gQj0YJ*V7dIxJ4!ZjQ-A@vZ{^KKna{T#OIr?BV>+d8GYXB>D zQZkTv4ihDP8aqo#s8tk7&a}GWIdotTlvli|Pn`;&+WW#DWvZi^no2K3NtT0wi9T+? zjw`8P%T+#DodA(>2-CpaWdKBb9O`&uH1AkFFVE?A5^3Qf={SE&fAoQ`Qd~lFfo7K* zxSpgo(KTy5w1nh$91X^7RZ!an-;*~Rnt*vCx%wdqP%KwKDrBF)(iUoNJbo5L$r$#mUq*oXK?_HXn$X+f`GG=Gp(zhUH6EI z5mU}do=v6Qgb!A8l^{5GmCgp6A^O#(w&UYg?ds1z!>;1bCc9eJE*~9+9#PQfiNIU$ zq|yX$^Sly>{RT%?PDUH2&eyFvWRmAK)+c}P^~oPhaI#KU)z4{R$FoC=_$2WfNnBE| zF{oa+8}M^gWjeQeelgzrB71<2ohK?CIyTdD~o7I_Mx>}DXgmr$-}{YbL(AKKO2h^)bv>$C+-^gX=_6I-PeM;mY+^^I1avs^tc;D z$y7OB(YZFTba#xVz*V|5jiKqQ4&n`Z3Qa{3g=$NE4YrO>QM!vhs2ZB>Z)p_i5>C)th0z#fOoHm;mmML(MTTyKOq^htB z9FoQ*sSBjuPF-8U8NyYu%6WOStbB;TwB0Xmse$2B6dBfi?K2L&$2d1${P-S!=?O67 zXV1X#HHs(-;P#0PVc$^#<#b8oaz1HJe=53sq-JQys>ppbn%%8R(gbu-((^gvj$Uxd z`XG;yPx1UjTHUNK{^4>5LPd9crBEH%5~cw!@)f9w^&z>k!KEs2{;i10#jc|zr;gF# zfa&RA@dqub^*Xx&^7DxGFT_tOq+QWEob@=y%=;OYJ9Nh{GH)|?2`M<7Mtd#yxIs^= ze9oZ<@=mYyV}R^IBO%WW{tiL>$&+x?1;$#l)P)`?KFTHm?)%fcA*E}FUU4O=`6dEqZkymgkFU_#@uq-q~>sS-J!9eh0Q!I8P zsv#~hVuL`S*pgR)=d@7cM?0^iIn*47=n^saM+}P)Of)#rKIV3+q@EgM8^Oy@juQZ| zKq@;HBb+*l zX>NOgKTz@?^9afZJmsI|q3(&~UBj`a_h|5Gy>;*+VDygCU?98QS8G zP!8BBFuXyZM@<3x@15pg(lkUkz#Sy!^1@Z>e)jjg3W=>_BNXjofM@w-fDKW6`o`HntlK*v=)k_!GpBWnl&- zjNiR>;?czt>VSExq2k@%m3WI4DO00uZ7)G3>R9gs`K0~q^1q;O38rX z2(0aWC*ftNr%<)wRE_2r(f^j#Za3p&-3Mnv_qY}l+&{3#F~*!JsIl1ue|(}R4-@>s z3^${I@N~P(#py@p``y?NxAoD(G$TR0qt|X};h(KIO(dNaZB7iA;;kGQ&zy#PBJ9SH zJg}>h^IZ=_ zMgrXdZYX(Hq+nvtqcZjQPwqsdVxlpjnsx6K&u3tCfJ`&H>;0fVf8nrUm&-~TI!5P1 z@|1@r!^jRiF&NK}yZ1$Nl(m31O1i$3wcf z`17v++u187Y4@*2OZd$|MLvA!AANTa1*RcioXThpDKO`VO=(6CJto5j$^F~Kd~nB+ zoe`8d`tC5^f}*Fbk6y0tpb|)~dSkGa?O_VA6$9ZU*?_i(i{azqw*w3AY7+L+x;CDd ztNPOC;1MA`x_Yh)@#y3K&P^4-8;U7a5ILmE&$H#X_ z*a1r=2)-$~AuSg|N=<-5d_*0PYCElZbOap%1K}#+WKcA;zH&`_qm31Dm;)rGPS$jo z9=V;PkMs8v4k1SO^SNt$u3PK+p0mVKGGRaqq>#qCSx_l*wNwCO z>CjF*IJrn55;8V|YLME4#2aEj%%&Ky_axM5IW()*I{nKZ(dj!MQ_d`6C9(2G9ny^to(0xKf;q)QxX4zjkgeOH?eP6$AS1z=VvAbJM$C z9ZD%RS~Cp3q51i%1B9X_GRsl~B^HaaO9m(D2Tc)F`#sew3X$pZ)*)DBM}1Q3@!DNC zWuXP2OFfsmUD#NIaPzi>Bs2No_LYC$( zb%0+YSQg7ef^0fR~D#ZZAijTV@YB?Xy!&;As9HwFF)C2TmE14ODHx3wq|#zyO~Jh<7($X#QID4Q{F!F*z6jxWJ#vh{*uRLgdo)&Rf|WT-D6)1tDaY z>AhXJp>Hw0moX!qs3ki(`RW-fYK=Zb7D^RLi`qPL&msT#8ojXbgM33T`U;;GgNI0- z-9YitRBz1?RFfXK6*zET<@>4R?YOTBKttapQ#ge<=mQ&K3Lbb%HRL*X!Zp4^og&75 ziRR;z{1hommWWZR@+dF?$HrS~*5( zjO?UhZBUo+HeFC>=*XvEBOjS(hpf&sHy^Ph744JxgMwDeu5BdLL|fh|v*XYS`WqEG zf@|PEU*Et#m4VKYOF%adcE;H(IrgESm4^9eze8pfINb2l^Gs-8hdnpVI)l}42Do&9 z^^O%+`~BeVGjqPjfcZXQ`h&ydfP=Ev91u7}`&46Sw5_kvT@%mak|W_hL;ak{-(s*M zo$iS-2!l%Z@*k$IH?+a`NAw?nxQVI{l%c?i8{gy?H=u@Kebck<1HM^%PDlE#Y*vhH zc^I*i%-LUJ*C(GRox}5P_bI8PZM1l8tO5|+D{4SbS= zSt8)7Gq-}bN?gV^N2*OPXwBvbC{2glss7VwG0{E{TKMfWGfdz1t<6*aJrj|t%aZO2 zc^Ze9qD0GzeK@Ai_KYD~Pov>#bZ3rVYre_2A!4Rq=T~eK-=vY6;Uy#3Ug;P1LyKT#tR!`IB0)~ppga}qVPPRIUs;ZINIw}XjQy$vZ457+14A|-Qj zt3J!2%+q?Sa!4H{Kg!(Yr%=zG##c*yx8%Be&#sX&|md1)=yobD+%qh zx|q$CMPoWfd2N#~WqNFMCH;1&1f`P@T$Y-CvN*AJKB!wbAEb=C=a-9->zfJ_Kfbgy z$epx4QYV}V+MNnBhSo|T)6O9a#uuZP(E`(zQlCyU7Qw_-Q?Xqxv$M)x2C;cSHl8sh zi4z|RBe1S<{5~)yg+>BQoiW+~zoj^R&2MEV3uC3k7Q?FSK^wGQELXl5YSTaZ>C^ku z8|jXM99mIv+vq5WOfoXOV2%Iiuh7)mMZy5zUb0NY|!0?Y|wNx9X=USf9F_KDB0$*OSLCqK}W*wtkaa~p^&G73CuUi~# z)#!=S4%KW=tGkp9a8zCm>TEG{tP%w^u#1|<0;uyV1Jhk4F5+DtSBWj2V2|0SMKmZc zittofmmKSZtI8P3{u1!s0CS!R@BE&GFex9I&+qyRXkhkskt>K<^xC|kNn%u$vm6!0>%FP(4SRy*D9WNvVF5$%4Q38@#+u17$xi-?oT&7Xb` zql4!qF$>(!(I202z*h5~SPx7Hca$_-7{5W82cUDq^L%)UDnaxM?hl4T`2C^a7wPo} zH?TDLwO*2y@E-5LYiUwtDSk=ALCUlbg4_)wWD)o^xNiK=+X+*<;$p7o0{tH0nTeJzQi+#~3>x~%jb6KBU}W)$$})nw$cNNi z+v3taoG_9Hp*>wcYN~*c2gKO;D-)ZUxS_=c6vC_&XXia2R>QK~^h_vP(|Y_Kf8c+i za!U~%o71QV(?3Dyky?ui(<;R`P+o9eiF#p4QzotlgXje|hwLbZGN1~>o4o3&x2lWh zb`?(hxTMf^^hI%sJ}xQSiK{`An{^vVa_+lfcBg|S6aL+)DG4(H9QUxQC)KS;LiT+; z4Ju^SxD3Tu?TlZrv|>0*{wCV$+h|dG|3`4*{Bn+mx}A(9Uvf2=J&b64bO1@=l452> zVi_Td^eoJo6yXGyQtN6rY)bo~EZ()oF-(UXXv^2i5c_DT-9hLJ*RO}5?gsgwAyWrB zl*$iF5=1^PR!75tIh+ukMQux-s$Lx=Af>k8h14r(eb9?V#b$4|XQ!}d$UyQ}CCJL5 z%OcRq{KOn&ls1_V@d}igC>$OG*Uw%S-F39Ty1g2b9(ddz?%mVAi`~P8c=Ek$6w+D~ z)_hqR3<{(roC(42k`Q;Niyr4m=SC+2;$RL>u^-s;wP;J@b+er-E{u&nOj--p8w)!4 zL2%5}12%V!jt;4EJ&nQnYB69vZ2Fjds;m(QI&zQ27GGbQWNU$eYh1G-{GbW z2r`8PN17Ue9^i&3NvborsN&qyM-5lnW$IviE$@4{=^4lE$UNxph0K-qo+bXU9OvfE z+m<7oH?ao;cJ z=ubad0N7)q0Nn8&(Wb1}1ML8!oO)l*C-&-Ie2O_f*7MBXN&;4_rvEY z4@CC|RO?CAp8Wd<7)%uJ;eR~7wEDdte!qO;O=>U(^Qoj}B5Jq_>L(BQ!}!*YdoO%g z{#06kFz8BxlTFHlx18Eofl{JQ5D!1)sD@#x+C|~4%2C}(({uG0Ww93jN-W95|qGK z?n@aRlOlt#!6SNU(zJ0ryPvmr44s=-3sHWqABdJA3Z?4YPs#MQPf1EgLD)V6Z<3|q z*$%IgU}PKTo9Jm$x z;Qs_132#=2qBzc+OMCaqQ@^3a)~}$-71E3$%r@L%*``Q#Zya^ zOKKJhpSSScRcg(l!M#HkZBE-S#XbPb5g;O!Xfd!chsQIa{BAA){uL6Cod$mu8!Kea zxU1G*EoLKcpVRS9j(hHK_~g!`UZyM3X8bQcznIUJ;SPZ59y^O#Ou+3OnS4!C*IzY} zS=zZ}#BoJp{HTCEz*D=JsUmEval@oOox8$ii=&3n5CUhmKfY6G@UoSDQ_C>pgj^yg zR?c+SfE4OTBjEHn>q9S9ElHaxvkCz_K7vvT2aZaKCHS2)9rgXpS$o3;*v4O_`AeGH zw$Vdz1Sv@F4A6qmT?;m>IbzgvYFnhbB`{?|6{f>kJ5|HG zr^-1<-5d!8IR1rhd(7+kU<)g-hDe#Mm)TmUyJ8y-f5Fz-5YybxAHDVMwQG%Q{3quQ z7q1>1%Akx9*1mbhH*xKKRZdJ9NwycFr|AxcX&3z^kVVXoS|KndH5a*atZlsV+w49Z z91Do(VqZcujGXPEf0`LI_Zt{A#P8jP2m0y9Wv$R&3i?vUGHyP6nsHbP3_GJQr{Alr z@=ZEoZJX8=N&lb2(@*G5J71WR@2e3A9?S6yVDwA!3X2XRNs}o=26kZAA?9YR!1AFs zA#~+_C_@b;JYegCI}DFRY2FJfB>>!u2|f|FCm%MtAnnRHk_F1VJT_A8Ff+H9KRbVWq)7gM3mL5Zd7 zv~1u83I*ztO&IYG)?V+I?@(s@T~2KGm#xF@-fPOBTEZ;r+n8j@F6xt)X@Lkjmk8p( zXD-;UA}apu<#UHqJhZb##XOf2N-tNZoVutGD{n>=qzohM9JqdWlBJFU6dX8)c1hw) zRjgmTwE^5#?1W>MarQ(5^ZubJBxDc#4zdaO10Tx^f5A}B)~ss zu4XoA@4H6rNx$X6FYza-)Aj3Ry{%%I`9dlM9@WB6T0&*mDjX}62PM;C8y685HcrYGcjT8BsuN2| zN<)%PszMEl2qa>@FG%2VJ4NFKq5@(82rr&7e?~ogT=n2Hm&foh$|KUSO~v8`RLg1S zaHUP$3gRG1{ zv?bFGS#PIGY>cH=@#~K<;9>0UV5fMhdpVUYb?4~Zl;wL$&14L(U7n^5zr>2Y;DYgH z+X+nGh$MsNs+JpfXHFY2KrzcWvr`gVeZ?9R^yYo4*&;5%C^1PZvOF+>|w3UriMjq=}eS*9XS^Wdt1*!G69T~ z$Rlxe17h_9!VV{IG658oa`76SkJ7H>hm8ll#wnHeb&k_wk>d~Zr*8>R8^zGvS%#si z2a&D~SqYE;DXHf*oYiUe)*UyXo?)575x_F*7kT0U7vAW2i5ocTAmFk7OW6xbVHa&O zPYE#}q%k;0x#eIucIf@hweSS>6ddD{l8)n)na~Rr{Rvi&(N6ato(G_ouSQ5`r&rfy zG0GP>#|bCxyj!1_i7&`qUg!lGn?+Q`$;XON*QhjdLVrY4b7X z?5R2#&ysZ2W}HbwEwjSvja@v=pZaCzZY=MH@_h)oElFVCCTS81R0^g1=O?j}-z^}C zFTTTIQj!V)nGL}>?&6+UDY_EBTj#j1qq|H8(1(-4ryf$=O*P-Oy^#x@+UoF0Y z@R3%_n1hikYctbAH&(>af>1_~JZ4ngby@!C@Mfqw?MaJ;aZwbRJv?wy*=F$kAa+q* z`6_>-wPvG-q{`oERd)8NG?dQHx>#3Bg&GV%hU#$o5j#@{y-ZrNVL>eyopb*lWnvTl z)Y80+Cv}CVauL|eL4S653`3(3Un^wNZ@yoPR6A79ZK@p@!oajn5tss>RT={~PYc2i zx=bl+fu@FLRv759MFZ`c+6Ek|TD`|`30rAQazp-^fG*=g7#)DfSZm?43qq0kNRp9{Ba?|Vxs71%=@s#5N*p)I*kT3!0Aaz*eQH*1;p+WG$adQ)DB^b#ZKLLhZNv*+`$%9 zXC*tq;VEXno!{Zi4rW8`>)WcG1!RbKeBxCaZa_HVV3Kw)teK7AM!2AsRa1}KNs@vU z+Kd@Ap9NU=$YKg@T&mDW5<;EN=&tu|WB$?|1>1*&$J^|(wbFoSP^aTmwUgCNV$))K z`Igj1RrLVxBvg+%tSAA@WWX5Ito1+XcAL!VdH;EJ-#P7lT((XLa6JN(^7v*kp6ZtA z^Bc!$Uu!}$NMVR6&=Ze`1{X%NQ0r`3C6FxTzESnLLlw~upLlPo9|-R(+qk$bio9L8 zY}g%ynF&Xrt3m3^E(McoF?q#Oe7Yk^(nD9f?(iOn8or@J7X&*SxTt}iSe`k1~(-+bkp$( zb1;hU<_l@KS0EC&XH6vwamO{laGoB4bUy{6h*nz6fw1#nTtz)ZB=Z-|u$7Sce0lfo zJG8z)-+TNQ-QeWEkN$5`0P*zhJ8&RI-@X67_dlY5|J`>Fv*+)4NZx&S_ics`>wi}Z z{fR4){J6y#73s)Zw9WJCz`}JaIERDizy@vn$&qI8W7vnA9x^laN>3E2X%vbz&{qei+ zZkNk<-*LhmJ5zsmH$s1xTfA~Nx_y2CqvD<)mA?;eZ_z%=|BKL#|2tOh-P`>7Z*ZCa z0Du0%UGDrZekFf9cQ5?6?sfkkzSsWxAMlU=1b_VJZ~o#}_}9C4H|~Z1Uj7yT?>~xv zmA`fH|Nrmb|NY#5{_9`-N?!l!UO13{y?f_B_n*3d`~Un;_{)EeKmPOo<}ZGQf4zJ6 zZ`=$2>c5hIzWa~yAKttF{6E!~-+jP;|3m!opFj8~zmlIE{1f@lyHh@#`ISHakNDZ& zoBO~2r@xYS-@7k3bszBe@4v_Y_xE`B|7Sk`um72T{$Kwyxy-x&OaCMH&ujSmcQ3zt zz+d>fzuv$6=f9F4{mXwY|9SUS|5L1=yS;aR#LxNp@7??Ut^54Hb)Wy+|5AUz_wbhd z_xsQP&v=cG_?P&@U;pY~{L1}T{`1aVM*o5T=XLBaXolqTf9pQ~xBo)lb?~3rcfWi0 zU%P+$|Nbx8=l@;jSMrX3N5R4`|33X!ynp}i{}q3+_y2e9^MB_)|Ns2ol&<(Izuy0b zAKB0U`@j4wZ~pgx`CrI?v)eD8|9^L%_xtyE?(=`=KL3CIcf5N1m4E;Lfgk<KpwzG5KNIOSf;!(h()@j z@dX4yu+W+P_cxo-U>1_u*`06xo!i@6jUeAF9r@s92^&|t8L`^4&%Y&OF+Xg9AGW|Z z@0l5Sxc~5+>lnU~9{Z_Aij{Ux7zu0jGa1$+s%KE!Q|B^R@K(?IFA_a3Kl0tccRSPZ zLt(Xk@>$@sDfw5!_X6Jw{KuIDM9r@MP3H9M{OITPL^_w{7rk8wk6*uE+Q_3i=dNWe zUVpy;zFz=e@zm&#Jng69T@k!1f`2d@MvgWo;<0`^0pCu*-;TdNzs}>Vz?zHo@0G!C zm%-mHvr^PB?#bQ<{jE`nzDHiy7dN`JE7Hl;zAh}kTY*07WDat)Ytmt#F>3b%ziK9p z>#7s@({<>#USoSTv}-Z!G6B4+8btt(|zZg!z+*)yBr) z_qf>GV}~F-T40P}Tq5!uGDX{GrNqW!Bk>%C|Ft6&P&*Znf+ox?G z+s6MFoA`@IBoJaa!G|fm@MK#4)&J*;`Fzj6ah!znZ=4l*F1}QPG5fUnETtYhjAHX})5bu_Xcx-J&)yD{{!+-u&AG7-C-Z$jWzGd)VZ&)~UUe!5& z+y8?p-<)*Vq(9{>S!hD%_iPmSFHYFLRsw-i@LnV+1>aQ$etwzqk1PW}6y?P6zxZ!t zne<;N1HZHk{{L16esY;|PAikXyG;6}K)h7{{IU%Eq%!4yw@mt#Wzs)g2A{4n>2EBP z{(EKMXOw|^W#Hc~ga5QL_CKY`SnHRdq_`wV*8@_#Go(C zU#$AUoaql7OMI?uXqdB{=_fL@Y{gaAE|@o;;hNa;1xx0mkgMh_xc1s5OXn*Dh%I1mH!`g$+wqERHoSU9x0B!wQzwpja$l+Hm!P6|sd27q47?Rc!f+Ya5nb z7hAAu(TdnrE0!)uhYVe{boq)au3It>?LnyF zlk;N>KY8t<6$@euIU2D==+#fm(X!crXp=!tvPiT^v~(Goh+N2K+PHY$70Zd=HA_E% z@)&>S>Ff*bbB>cCv}@*}%N7D75XL7Knx?WSv|trzaRu_tm~lzn`&M3m{eo+!FIlu= z(Y(cru3r#4f5!Cl-aF^CQ%*bOjPU(E;oHR1G51E`-$?x9Q$u{yf1@Nu<1CD+3-6=w zJ`x%=AyK$3i`I~)Kg2vWr9uliX^#}jb>C1xtOEZQ;7Pqbj{hr(}yM2N+ma_!oEJrl}HF?ZB-)!iX9NP8-(#)jDu% zlQAygz=@OnOF3}YZmW0TmX|ZnEC-H(3IFCg@UbB@7Q4!Uzuti_bKta1?B6N}j)4pR znjH8WLTD`3>cBk*zSem60$AQ1e zf%iG^H#_it2d);lMh-Y|NVo7W@4$}=q3{8l)g+<}jC;Kw@fxC1}Vfmb{5cR27G2R`0`*E;YC4m{z&k9XiH2mVe6UhlxE ztJ}X>4*UcQ#B;6#f0qNl%7LHgz?V7jlN|Ue2mT=k-sHefap0{E{8R_N)`8bJ@bwOS zq66=A;HNq84G#R>4t%2nr*yG@T@Jk70`cr|;Ac4SJ_mlL1Mhd>)Ya|ZfCHalfq3Q} zc&!8X9rz>%KIp*Da^OP_e6jB?!f0d@b^3LRC-@!DmVJbEt6uY zOwWqZ{sWLosq~J@2b@HB-G9aiB-uY<6n?$8C-BDbRZJA*_v3HE-|s`1A~Wch@Shl_ zs0?}}{4B#1g~3J%Kf^FZV9+Vy#~G&R3)V{bQHCkpqvOc58xQ$_ouwd{7 z04ChbFhy68m+O+ONx@nPU&t^; zQP3pe_cKfp6fBeQc??tZ1al>P7Q+-dLA``eW0;~QNJ#iy3{%7eH4;9KVTzU@F5#mX zrbr2@B>XQ7QZj%!CVQS#V}cDP%q)r7$)ls5)ytF!(^F3jf9V5n5;60OZX^;&t|wv!vDfBS!NKE z@K}b)Ducm)$oMmyU^p+~zkd&5vc{la!hd3zEHUVj@Usk)6$Tq6{0zfnfkCH)A7?np z@LCB!$}m}B&?Mo97$yr0mPvR!!(@HITnTSsm@F@-m+*O;CdC%6MOgkO{%(5qk&mXb z&!p0O2kS4M-rH04#hI~G@3zi6`RJ{}!@m^+{oF$D?ZB$*DL6Q0rcNHfBb6R{Ln`~9 zpLlB*iz1smeD?i}*q=w@7Ab%B1LTSePqE={#?MSO|6U5%_QFUMkjf6Gw)y9#Dt4wG zd11woVQH_orFn0U&3-`ZZ#w(7ehlWy!)GF+zXTmVd*|pI0jl`3)O3Fy3rwl>xv`a_ zfBPBa3k&-rGwko59bAt*1$+oiWgCZ5*_DH+W37bK`{EWhu_xP`>h5`KLR#Y=1IC@o zA$cx2nBAG$G7X)@KP20hoY>>vxo$)(l}-AobfX{hTF7>h-1qQG9(Qh($GRSQwD-#+lgDF5wtY|@nISw<*>>{f zRCZmZJT{SQr?Oke;nC9Lwaf!bUUg;}^H;Y^P1WnxO6X3hsrv4X68fgpRK2NRLR(oA zFr*9thI8fd&1Ldf(Bz#kd#!iE%uerwx{clm$(~d$Bh}{GS#2t(xa2koX1T4zb4D&R z$VWDlVv_9EggiFY%41!PJnAqm$-z{5%7psouLIs0%9T`Z)C8KTsq82Lr`j`dNuA86 z+LKktG0>abO%BwX?AHuu-~A-ycy8rjs(og^UyFI0YTm&Bd121mz%UCoGAAaCikQOy^ICk5k?( z^o1=Xg?G0RhJMitAW~^V%VLXcdQ~M*Agi5$E@VSeIqg|(OFcB6HizxM=6#)n znrWHJ&g6XJaEKc8W++RFa3YSu&YSmf9QahOE{}OOxo)5}b0vtvyM>YgDe~Ut%8eE2 zzm09pEF`>z8i>>7m2C+j}&kO`b*~+IZWLqzhQGI&jq{ewiLQCm95LSff^Ns?DkZ8J7DXGP-`WM zLL0Kl-N77$O`@I5Uxz8z=%?D(Ndvks{L3XMHWu3$+y6+(#^vgEPwbgo*Wa3HKuKPj zv{Gs$KV%b7?KBlizs5Wc4>PyPZ`dB{FK)syUJF(35ZSnS)6tM-1{7u%Y`dYIP2L&% zXqXX29H5opYMrPC3?afln)k&ax4^vzA;`hKW5Ub7StXCV8>G!ke0PtV6KTk zw2ayhk|iqf?i-db?3vh7I#Vb~Iu$_5dLVHW9A=q?J{ZR=_g`;hh=0tIvCP>O91h{! zn_Q2<-GBeTBF+9ICd4VQ5Qj!}0kvlV?M>dn$mYg7Vt)s^?T@fD!@t_wJ4puFR8^|I zZZ4jcy@^pZ%oO7+ zuboz5F1dbk@^&K<=4oU$xn8`M9l;m@+>!2?j}ZH(MntdHzrP=C zY6Wk!G(uAw9o#D2a2(K*qHQ;GIPYSLbYmPjnl&*;qZS!90=y9^Xx^X<1S#?}M%47B zS0yUE4%)JaWS$hbNndVyA{~rKH9QE^`kX@Iwh$fZI19`rPR}N*^{qCWtXH&H*yveQ zjY0N79fl5g^Z*a;CNh|w#@8I?43I#KA*>!CkpQ{1qAoxywaOlp)7hI@jK&iV;j@+R zkllYE18W~IK&iuktYX!J23H7EX3926A2Q`QvIz>gL^W#Y$w>{ACGry7jyh0iCwi=w zNwp0$eP0&hCf{33KEWs>Y7Uz3eJ`;LJ(zB+MsqpT&5hM;rDp_mV~_ufMI&QK;tYGP zafAPvQJ|{2-N0l+wh}B#UQ(klfL(kgeS>)^vV9UCst5kSts~vuG5L|4I%05a$vj_)<_X>|sgj*S&pDxIzkX4q*QNKQcG|(Mz6uJYbE^ppbse%Zcl-yv|?8XhLZYvu72gxW@ zG8iQs0tISYZsi8p8h0salFy0ZB6d?|o^;q0ku2!H3$@dXK!e!;fk-(j=9-aVxuy+F z1^Y1&BP#?`R1*x8`_Rpmc=v-Ofm#=RP2|#IAc^@YLe%hOa!5b0B8_IL0FVa`A?DOV zgr0xOa96A*!H8IDQgYC1p=T-8wd~yqf((o@Ce@WcGeMAn$xwF9JhR|jR(gmEGaVd>|ttAsG5 zRV|aGRDy9~06aTVh7Vz~CeU^%4atOKuf*4)e zwgnH4^%o^VZBgxfVfW$#629J>q^od$z}<@|4WzfK(x141b5!hC0>=4q1q_%J)xM_y zb_!F}_%F3;RYeq{nMpW;R{f%YpCl;~F`(0*lt68*{q+OJGd zqF*b&R&V^~_` zO)(mI@f1$QcVJM*p62^Fy!V^;YP|QE_ZqzSnD<(YAt@l2d>%xQ5EBcGNBkSj`+6|2 zuwD|-IALFjNpr$C=St}AW%9U_MhUDJS|hMtsGGui*@y@HcRljR^x*;fs$U-K2IL{8 z5Zq%vLbR_w1{`2tB@l%Fu3jGN=E~#FW%9VYNgnDxtlrcqp{=Y57{)<{z)+2+Zzd#k zcfCCBq|^k4RE6QlgHtcL7P2spj4-WOKOA|2R8E|N5TryHrd1Cg*^K!5vRkW=Kb757 zDUWqAc^F3?CpXw9ETcU863+p7s<-qCf;b|o%;v#L^Pt!B6pWxKv+p*kRGFP%BgOe6 zc~clQzgVfwV^Zh+C-<=tMUJfQ&uq99rC2{f9}q6KIr@Q0KTvrZsd|&U)aKZwHb);| zsrF=Ns$JZ$ASW6eaKJeR2N)|_*4Ph&V;2}V+>mvh{+IUB+StLo>Bb$Qsj*{na+ftV z`X(oLL`;nx*<_!H8O@=l#ttzxc4d>hjH$6pObyf&ni^6wIGdPHLzW{Ok=6xpe{dq2 ztrD!bgK{(bqf)^11{VQYhjQ@7ew42RIbEBZ_h0xe`a9h?fUYw(*MNT+VZ~K+e{Z`g zWAxRarw057kWA5O-oe@B`d9yNzWx7XzAXt#jrDIFk1;$d|F7oT#Hat)&$kYL_Jj4*nGPPS^saoy~^?}*Er}u-Y^#C{BHQ^;CtC5oDnKZ-EQ@{c-^Ba(?e%@Eni?v z8969!d)JfWM?5(cn5Bgte2s^4L#LM+V_EVO|7pj07!UrjJ1<9RPGk$H%=T&+jFV3>%c)GHE^1EGi%!%X#? zaA^9W5Ws_PrCk#n@qhZ|E731G|1O&=^Uut!<>*sPMGVa%yg}R4saOH`XE+rZHg2x6Y_=8f78p!)avZPYoDXWIY)Rj9BCu zfCbWz(I!vRhiD^!b}@)&r+KcIr{m!GBDUOtreL7x8U`4NaTtMK%*F(@N#NN?jH8MT zIvUC);^0sEHj1o`Fvy1;3aZK`zriVJo!`Q&`K12*Q(u z4rm-e_RdsJwiI-h*ivvNlBOGX0U>T(gEfPO=)wdobj@CRdqIHovEZ}#L5paVaqnEA z)|vgex?RN^80I61)<##B)Mgghb{uXO*>+UfMYbJSZXez@eb?KH5{{xROIH;&+l8H0P&59_hFXg{)> z4(a}6r{jm?dFDdY3r@+wlt@&oo9oy})EGDFkVw><+^FAj@`Px-&5i1hL>=!&ZHh#l z=tg}$5_N_fbyFlN(&YJ(s3~r)>5-^uZqzA}s2Oh58zWI4b)$wb{Dmejaie}2iMq*+ z+8&Aev>SDAB{EkFacU~$?}E!3YL2?BU1iP-SQ_!qMmf4-c&XUbIHeCS|SOs zkFI?dh57ARXpMOtvWfzKQLgUxbWo7s*!-faD3+68`%q*ri1l&jmC-Od;^U4-(6PHn zQd@rG;0(mbWWTJ4b;2W$(q<0$Q=WkENjI)XT(iW1kqW0RW{%*m!W`ENbNokGH1}J* z1m?J2nB%A~IV=Iy#n2)YY;f5KSuY$3jO>hs#~mXx+{nW(-x+P}S-eJB9Qu+qmjkm=CmsR^&0oI2GY zu$?WV2N4z56tV`(q`^ZlEfl8vsoJH0^(Og8qq)&sgGc*1mKH?=IsnDK>#o=Roflzq z|Eg@`bKFwLy=6uhz=)23G$m6|msJbU<-!PdggiGRH+ujgZD8Vq6Ca(v<#xkwQ`v`8 z*`K7c5A}}X#R0M2Y2z!gI}M7%wDI)$5ipL=8QIIn#|h<9k3`cS#^_q}Oz=4)d-3>G zDm!g_{l=I-br1T3lh5M7O{Umc*7cp2TRSU`v-}swfR(3E`3}%=r1IQsEE3Hgn32P7 z7}F17>$69XM-99paJI}A!G?zQ?_0Ib= z=e^c>KgoHIJMTw0?_8L-<#UzAz7IO@d!6?I=Y5y+-s8M~*LmOIyx-xxuXWxz+iks^ zb@qL+^FG&kzu0+C={tU70T+0YSKc|v?fZD=eVp@tDBgujn}k?k5@I1f;eO;|dSoVB z@EtS^Kyb1nagmpy$3w%3iuBOQUW@Dmvk9h`NN`@51A9eRl}K=`n_!lgVSl<+WJDb& z(WiSx$h5K5P4!kE877t;xR@=0&C61Hi{_1+hI0BuV?i41MY zr^0PKwtZ$Nt1tU-!w!gHEARLUZ*xyJ`FzlPh}Hs>@<^eZVGAhPO~F9vmmx|7a=R-~ z+7qIrITfWnZOJ{z(3bpVF-m!Zl5P!Vg%D6acGtq8G|F3jwzk;;R(fkpo3#RnWp`w^ zW4dFMF*#zvX1qsB9O1RQiPxC~W@D;dcb3f8xpANfH{WbqFodw}Co_bKR82U98lL2> zL6%t1H_8z1fqV9eQa$^4$)0_@E%|tB@`<+O6ECl4&He&3wYY~g<{5CwXv}DDwK1Zj zqah9ZIz)IhId)yTUG^@tJZv=hzloEseuEoV)YX5o1;5;`o{fxZTON>ze^IKd2TFGJ zKwEO4HTjFSDIE7c>rOZLd_w&d>ClYKYN)yVx&gCz(Fg$4wq)`CJ(~@0$mi* z36odwO}u9t03SIDLpyM|E*HQ_pO*rggi zJ}tHF*CV-}!EK+YOLoCP*IboCKk@t^RY;f=JN<#*dJOpf+pDUiXtp4in06oLN9=Qd z{hO4KXHC6HA0YM|SAYUK8q5&DjAAW0S%?};HB3*WvPZzX3Gt`3*Rlb*sfp}%oaM+~ zkbrpBtu%30W7qvu+<7nk64kpqQ5{Qz#TxV0L~MbKiOQuC>23S7sYIBr<9HKgaT8xA zy#?5W00gCLYR!f|1bP#-$e`Wewk9{K&q&2+D|<)vne;FuX$_06A0F`&|MRf%wi1Im z19d}TKohfckT3UE&leOT<2qM5aQfvK^i;zi?chSiP$#rHC(Vc+@~jsQ67^tY&6}p8 z7}5@l$)+xsKw{S9Q4^YQ5Z=4x0!fSnO{ZhS}2m#F`-!^0vcRYD@nH zbwBtEO}5^qD#VaBEQ!#S0mq1?4%7}JZJ0i*h&t+}aZ_g*>X=oUI*dIh_B%J+WmoRw z>5OdM9y5*TOJ>$(G`=;e)@1d=m zOYWKY=+tcg)caWA#7AdjduL>K&d6>zHZKJ8aGUo4_VzS50%~C_Cy-CgePiukghf?@ z)2S>I2=yjtCzuBHNP{xEpoq98wvaHLfN8Oo&H2?Aoj# zA)&P_la!fDqT?)<%y!wXen&Hqeg~im2wgxiUxkXxm$k8K zXpi+WV2^?hYljz?$3Jm)7WfeWIl}%4jAkIPT&h+Q)glp1W!hVQF8LhZvdQNNw8q?laqVBHT025BzooxKZjE>S^{Y}X+6I>e)SlqdOgTk`3!!nou?h1=z&xWeF0 z)Dt#e8=4-P5N?1O@_AFEAkqvp@b0z04<*^2$RDUD@XL5fm_#9ripGQ2QElPVu zJ6SOibM=W-_v^o^a@lOA9Q5z`3pyp+>z{LoQSi94!FCSB`$;GporY;_$?FI(AvVBh zw%A8;Av(4-x!)2rwIC^@4P&|A+nls6$WZlh{hczOt@>DEcv^(z&N)OUR8G_g&I+uL z*7c|T!@XP0RPUz)v--<)U#CHE-kZ~~9g5PMtT?GFb zH3q-O4>aGQZZcrWatGrcW89+>M@qaMk?17m7t$17gxFZ{EtAIf1q=k35OJ@C_C>Ur zsfv*KsH)~tE_03bI&{_-M;vAkaur7aC&8i`zk$5HP4L0w_~CCvr62Nlp=IDQg9XYt zPEaeR9BjDizS<=l)xX~?iP1sSM5Kd01@a6wk1B2+h-I>uxmDn(KPmMCVL5SnM%Wur zySjQ1f@&7WuXYh0O+6CQQy^Ht8kCJ#!pEYj+Z5KIKKZ9j0XUO@Gqc((4%ceH(KWU+ z(_OTf05}%E9BfMAZt?zXxxuv9UkOD~mOEsCyXYeZinIg-#dOyOg&Z#sQ^s2v2+NSe zIQ|UuSP-eHRH`#U0xY<vi&!1%!Y^s39@d@($Rq0wIE?h%5H3Edz?V_S;Y z0O>p|T=d?;B50LBsq3*JHti^Zo>c_J4o8%r+#Vye>S%h4HjW}|Otoe}Z)qmU7BXGb9;;o45MH}2^MRmc2%)`L(U(8Wi( zI*4U%<$!58wMwDIoHelV0Z)u7S8^E8y+z-J#>wiX&WAa z;a%)yK0Z8Rv~ax-4U0&PJ`mSKE^xgP><|%$IU@VB$AEy3mcq@{lap{;K5wV*X0Uvb zvid^-z`pBd(ZaQUh(VXQVi{b*KF5XwYoCjK@p=$MfqiDRjdY~cf<;WXK~jq@^wZ=m zalwian6l_E@3QcJOvrPw@Lwty1UfIjpu)&AQQgP88PG@+1rBic@3^gRFOn5ZT~d%W z!_PNp7S9!f6wX7_E-yP*27L<1Tyn2#m%H*E>Ze)HEHi8Lyrr@-YO95*IgV2kdT^?_ zaj@xM*T=kDg*i1h`VzWjsiLk~MV!obA-P!UzWOVt0faH1l&bVv&N0!&J`Bsdjq~E{ zE>)8Juj=|4n6dZ>LjBRILSugEXxiyjag6#DQ$<1U3ttLZTtSc8wa4gDAV8r>e=K#e zG%td3^gs6BU~h6C5@F1IeeC6fLmH{(crWuYWn2!Nll&cC=7Ql7I>~Dhq4Y1swbC}h zMJw=C>T6gDNKC+DZb$`Uw2aKAz($KODQMN854Nf}0Va}R`Y6eE=awg;Ju>JIJ!f=e zCEqAFw~c&J3cVHw{+%W|3hrdDC6D%E3Yj~4{PfTfUI$OonZABS75@#+P%S{{CuANR zz2IExW_%mgIdC)^Icb|nqfETX$02<#xo=y3lshfG&12F*O+{Zexi9#2sS@XTtL;3G zP|QMa&8bKat?3A_eM0%N=T-Ejd&aW(n@bgsrGS#fzwad$KQ$~~xHni=_aUf9`11q^ zKtuk)=>STX$xm}5&g@meHOaK-6yb6(M}CEgg%K6g*$*nY`=^-vppeo-ZQ-un`mGEQ;C+AoM;ye z6i>7@xZfm1?x01%n7=!vLqHnM+=QBkdKTL7UC3p!I62$zHiB57h6rNV^7OFR0v3xY@pV;o_ z-9l5Ri(YBTb)3n?*?a4e2+;52$xSFSkDm{if+`Fg@ZDqhz9nHbx+8ELt+0L;m6sQ# zn)g)#H_A-21dwW%n+b7hzZvEDmwXMBq7MFdN*z>-=rD)uHikz*PXdRI1^RbWc;DSyP(AQniTLko=3pzwVLoVpgA)p2qbew>4E{LCYNp)>@LEPGt z>Uz=z1p*qi)j@)+E!Fi-7bF+>bk(__jgqR(1#xRYs_U~Zs7*jWa6$Y;Q>yD}7c^f$ zl<^M?e?5pw9?si3@5H(Cseh8Ufwof-V!#!!Agapsr_K5LK2`*HJwVs>cfGJQpN( zP1na95O`D`Eb(}zRSpJ8G|=6|@D{uA9J_HB-VKo}B@RoKF~uQO0;vqwE4QqPExh>| z?dy2q1Jt7Y%U{|&n2pS5 zf(Wevb{Gw9vk(J?IQz8{{WJ7 zoUNILZAefQVM0)iNo{%kHl2F@p1)!|?GEwVOy*Rst55sgXn@P&xtV+Xxi1_B9l~tV zw8jG!@&;@uV0fhJ?5euw3=j^Ek*Qj$={k8i)u_b4j@jwA_ld6{k79=cYG+0zg~4*g z8AxY#h^QCJ(sS{C2HrOL^0b$SiNk?6G(Rl(aWE)t)5AGF0-a^l`;*(nD)Td@MCO0c7(nmbNvkfX$j zlFP@Zc&wzJCp%_AN<8~j;dlduwTB=p2ocrtNEuNqZ5^c)M5Ph3F-sxZM|R#{YYoIBD(xl7QqN!xFT01D8laaT3 zYg6mdZfcybZa-d~^vj^N3}^%?#l?{NQHAdkDDA)1%NR8iXUw`twpEa+-mPx)s#y;H zJ3rKdx<3q%xO6Z4y?AiY3vjI1JM-*)iB*`dSkVcoZ-^J8@M=XfpKHSTtZV(Dy2s*D zTRM!<Z~4l2nxm! zA?vCtf9%m?W9gpJGH{^bQ4^~5HfLUc#tR>0-elN4p;q|GZfb>LWAifAs58U@)e@2e zJ7aOwFt9UGF@aCa9&|`Ba_6YZ$xe6#!jjI!S0K!4P;2i9#c){_wj?6&v!nfGxIP=e ze5$Z_K<_|A@qp^RhxVPt_S>D_H556ik#Z>_6IN>mZb0Fl4sK(Le%~RkuxS#(`~{gT|<=2Nit#$Y>YQR`x`F`$PVBeqp@wfhrkT z{jLSRG8KDqiD`58~XY(_E0l6?(Ij^;s2;7Qi>sCp_BY`Ne&#wxo7 z>;z;w@)9FzDM0&b6J~nXrH{TbgWL z3s9F7`~2<_B!KN3J*K3>{Ng-1$IFx9T<=Y;!M7enw{-7A39~U?}WD;J4SdW6|U%H}V8+N^1H!S||a-W^cY0TG2u;Efu=FTbh4YZdTLqWeO%Psre!mSB6YSe z*Dg=_F| zt*G`o%q$oj zn`b^Xv1igF7JLFyEBHwlOq)H2?>KC(tAcvTFSoFiHu()HqrH*~Rd-l4Z`2@`d^aIC z5!OAP*lh6?0RZQAY{1!pboOErbM+6ddmY)>lUsSa|54t1pwCZALh7gUU>ne%Ka5~OS2|9RDAtv5YNz{$;dUd{lccd%z8+PmYWHnKsxGAJG73kF_!AN4 z;X(ZzQ&(FR67)ka1P%WrmEH+KdET)p^gd#4)FEY9P z&5Nh8$SRLQe;+LgBmK=3(%)AxM|vwCw!eP|ibf$4qx~)AaTcg2I@G^6q6ou7gY&gB zI)UALw0qHy(DKJu;no}Z)&y_`h*zs+%(98;g@^R3R5N>^gdZ>6(9nK4@q&39PVZIP z!`j+td{(|)1e6oZRA~2jX-K5qOd;(~F==`$AGY29MbCs;q1JXwd2Bc8j-|H}Cvfhm zf{C`l4r@DGRBmMLH#f{@I)eXT-60LQt)DD4>Ccfs2OI|)#7STS!f|8+aSK14_)<7d z)z?&Mw1*djAwFE#_a zl~Mk;&%mE!4^?3X_G=5>8CWA@n~_I>67|xU2qiLwP+~1}q_^^6De-D4HzP4hiBjH+ z%s>)p@Hi>8aXq9)9B&ZPt=kKv=CT`ecbAo|cleXJ;u6Z%T-|!)gQoMKDmqlp9rjd$ z*T>n8oPI&F(DF`TQN-(+P+DHi9OrW#|wfg15Pnot#cDNi2$>v%=_XD1QiERcf@eAF%$J z8tZ>CH}u=j=c%5lg`u129=Cg?QFAPqDzgzWIZoF+%Fc6Z{8Km|^i+BXYDm4(9*@%N zmeq3$0JZ=1!an3RN9l{oz#g;Tqb4m7OP%Ax0QPgy^o92X8z-UUJ!N)F4g_n%G+5E4 z%AvWjFY>6O40a3TKtM}WlVQ=dkO!L`i}TohjRQfrT@0dMjhQ;!WM#TAcn^RDN`Oz* z-Pbt4&&$y(L*K63bHQlPnIeMyjP$^{$%21`Xrgm}WMae4-BL&n%Wv3tpf9fv^P?}R z25MF4OWGAzCkMtxdNOR`>kupE+STw`*cP4);7e}Tbq8!$SP^tzt!RW)^gM#fE~G1= zkC4dxRJIZolZL(Y8AxF^ybah5Z)k?u@HP?7wM5 zV#`M!P+{$VMe^G(s#J#MHkxupvjn}>G8_HGoT@@V@4`GFt2Hc(&QUrabx^}{&KQQD zvzSu_BOe|8UM)NC|MdhgL@-};QXe`=J;CK_peoAM`kz8SF*F6!BWG+5ev4FJX^_Zr z;5w;>X)p?Ml_HjDI4cFh&!Ne7hU=gjuViaNMC^g#f}yR5>qzkXB%Bz9&if}NyKN6yf}rsHA-dh|3KU37*H zEv?I&Gjy;2t|5VmPr=!9wB#UmNFX?D2@|aC)Uk(Q&}VJIDY&~XFq(HCY`T%*IXx{x z%G)yD*74&fk$j|z44}#7{6oFWsfs4^ zxjtZmy4H8Ljm)j8*A=!qN7xm%NUcI~TRv%PeKTuS>P+_K5|^iYo=^J~-mOe#M$Yt@ zu)Qtcwi%zq{r7sZ6Db|xA(>3h7ols=B|Y{Ddh9W0&HBnR`s=eRpOgD9^;>L|aZFsi zYXSgv^L}H{gC(-BXwH${;A%`}vb!eghH!C)oMew|Et|f@Ua%V8pE2zqFVMhxHhBow zwG(_suFQNxma3T`XJ`T+?xMAATGoSxfUFJI#EBp72_{VYGQDG2sr?4HF0_6cZtaGr zuWlFAJNWo!;!^_Hf-;!nMwH}$`1KkG;MBu*ltJUrYn}P4*1BhKd>t6U$K3*3fISDc z9lh2jspuga3~ph2T=B(qJe?IFE`FvIdqlF^b9H;C;Wh#szE9$IyJ_C$K5+71)Y+r+=L?e@c~VpFX%5KKk|MK0|Df$@2^OH9KORa zkNG&gL!O}>P>>&g#^?a%YLO+S$lgaHQiS?#iPG*ir4_Iw(=N~I&#*&7R^Qcw5XLc% zU!a7Hcr^7$hzkV5@L4e#KH|f9Q^blL-8_M>N{^H}z_i!;tXMix4 ze#46Gd1pPVym1fvjCaYfZvIg+8_vvA$aj%%ohR@lnJW$sJFFI;CqCBXL0{V{Ubjg{ zRI8{%6^2i-9xCE!G3p7qR?$cqX$-Us*D8E#&*fhUs}Grr`^^;N*#wdM;kmrVimVEDg1Yb5C(iWT>!Wy;kx-l^;9QHqb8?0jpl=rVca&m%uoYzNl|EUtTh z!m-46vnHQ25)Sj{1?lyLg7W^q{7`)W?MG@61Adj0^cqP@qCLptcYj9lL<~yfZvPXo zNW~83EJ@X3Z`0(ud~5PYUgodb^#F67I29-Tq1PnI`>UBGy&FlIu~2}~@Y>&xfKlfA z3)hnL<64r3^h?IPxTF6t24#@D;>f_y!|?LZhuV@4nfp0*1hmo3krtH1wSbKksD?Uz zYw`iF<9!mJ*W878D*6)7F`w9T9|@SBj8AUYE67*`Pq?tY?QO~JNZXctz}CuZ{vj&4 z{`8}^7>yMkL%cl%qDBVoYqGUpU`rHAHw9XxAp$z0gVL5|P`J9N5- zd?_S^*G(zV%zUc`htpPv%B)5guDy{Vbg#V;K+&}~CXu=J1}!W!7-Qe?XsY57vrH~2 zQB_&@Q~^3v6$8(*dFIqiXR-Q!~l+bNaQfm1SH^L4=^I6{OM z2^k|f8Q07@7pmxX2rx**;wpm4Q>(q3l^bDC@C)~$X|(4;dZ)xG(7P_^^<%~Ti-42R zy_VaVB90$YdB-hy2`(Ur^MxR}7|#&4*RfEd^3fxN%wW!L{<3>o@R@To$gaGgXP>d2DK%m6-EtlY{c)+}qPzPi1fWO^j-duC0WtE=RHBRbkla-~Ks>DQjTPJA^T^I+JRb zMY2?bVCnyId8AiP0XBL@LObd#S(PQUEyLfi?X)@+Nt{qN-PCcN07(N8%ypSmYj4=Z zXk3=44M;GM-pU7t{6uMh)kGu%)kfo0-M-#w5pO)UD>d2=W+dRImTt+l%Ygg@3uD<$ zG9V2P%IeqwN8^t#$bel%v>K!YdU6WcDQ^Cs!-Q53!%PwV6v59~2S4q8?Q752~!t~Y*@Yr%{Y5)gt{sZKy0r+JLF*tg& zK8(S+n_L*cxAksBfa99VZK@|i?dzuC;n!1)$Z|!qu45pX*Dm~ZDyp0;QOZwsp#zoB zJKZ&}WGs-Qp)6*C&0B?(TKLcL=5_o5zg+`P_CkWcNP?d*!B8PV$5yu@{rn<*n zqaEj8aPb?|@AY{kaa%z3c480bP7^aTOfZwmZJRV0--h9v<_;wdb}dOMnT z{PFXAKbtj7@n$qd%;kyQ5aaAfq?~mSYeoYAJR8)II5+% z&#(vWRIZ4Ca-0)2hCC;XQC4%f#*o>BG5ewYdmVoT2n8$~>BP{H?{)lAV{UR|_P?Dm z4`|GxaVO7V40L=|W0tuwYmQ~i8jXpa8;~b5j7#95%VFa@FBy>=fnQC_2fhJgAkgZ4X_n9Z z-wN5MSU$dg%w0lU+y%#bJD>7eR${~?c#Z@Y+Tf`Y9zb7)FVNh4n@$nL7X5(@E10CiUc2$Aja@} zz(OEhfFRt1u(#S8<3h5G?)aQWE7gY4q+5x;UZa(C!)Ow(M1Mr1V?w22^il*RdWuFX zd56&?aEU%fqm{tqOXb2>=wFKM*S zh%lOSLZWZhXq^^ew7M|RYYis1%#ARbvqN%E(`cO_VYE6pkb456C-$Ievyp1I(-P!3e1<1jxV2i~S{kOTAya}@CK+G*o-O~sE~%Uciv&l5hc2o8aP z!7~~tukj^&Ls2RT9%K|}loVy6R1|!RQJhVT>gdEvK&N%Caj&CqK0V#&n@xxc5hRyT zWpfeUWR**mO{acUGpB1d)iG(ubcv4Xq*LwkSVW;uAm84sZ;)>hKD`sh*#D^Eelw1( z3K5Et!R^2+VGctHuzY%t*RmAM$?|Cg=h`6nG=di(7shin-98Atv33D3g7 zhmqjwh#bYp9%Ppx4yQQBU*h*xAU-64Fkbm8^3$`pvEn|Vgu11Ts z#IoBU0RAQ=XLzqj*Z`{X8!IM0_?KDm-%F?Qw!=1&(~}u5;Wm5H_)ENU$1PR=i4hXlzfkd2XE$87yPYIZBmC~0cx=;P9hwvA0m6;H#o-Tk> zXFLke2~zX}vww^qn6K~y&luelOkh7XNF?qTZc0`38srbX(~FJNO!8~yz;ODI5{$|6 zGFN%lvF{GT-0A;PWKQZ3ocL)w1nI5peoW4rUcKHun-@-qW1y5>{{&0|mmKc8t$+(V zd%m}t_X6l3h!0vkzXk8P1Yd&p{F0j;w~^ewX1(Vto8UTUUH+FZC#oS8UWAH;3fFCUod3F&`YF0B38> z{XVm;NAdY@6Om$%w`F$klD=T+k^0lgbRe(U{Sc_3H%k0e z;RNNnf|;O&=Rt@3pE^}1e6hq-ZR)VoBe+Ob zMAd!Q(9QvXli#M{D!3J}i zSe0M-(=oDwhl$Uf@02yA&a=zilHd&?X&Nuyp&&9`p$RYEKS2X{gZ0L3N_d0y#?6&@ z3%z*zV3a+mu+WRQ4_>@Y3WJ|TjkM-I*WnG? zfvAQpi#5=LR#=OD-_IH7xKLxL?}ssekr-b8i~^|VhcW8#ew5Zsy0f;j;Cylt-jCe zn2nIJ)%Q8J`Wa^#Tm5Xrvn_ad?FC!?cxHPq$~U%pp%S&#dE*7LsjZH_vvyb^o!aV8 zA}TEY7^bVik0AXnynvWN*7xD9fMaNV-8RYK_&H4p!d|0qAoh&DVJdt|-!K(Ej<>L~ zLR+|eRVY3*u1>SXpXFww6^Sx*>cp9o&f#1mIxjS+hH4ctdpi*NA|@X=6J-hGk1&iW z-f0qd_gdQf+^}DCS-5$@SP|x~LY$PCkIdjqJuC#zE_sH&VWXfQr(ZwVnSA)TAjyQq z3EmkdcxUi-NdQ?%%~1B#|D595a=(9!2KriyUDn6OBcqk@#7Scw+?Pa8fs6b*{hil2 z`pEZ@pY`kg`0$YzurY^A4|>yB_g$3c<+n<5`@C(&>4F9}%>*Ks#cJyJ4{e3aN$zfL z+^rTKMt zYYqvC%9F4QQOYYOAS&DyCZ(;JE+AmUePJwr&3gcWd5)7b4|50qn-SCjHCy90GL>_H zT6Ixw8v9~f@{6GjpP+Vw?@INIo}9#2eLpIt;;>T%w--VuGUvndsfLvpUsZ5$`&hbh z1IAZ14Ku#K{-mqgG`ijVV=#Llw*gyR^4M?$dxPW!?BzsW9=9N>7PE4XQDMj+K{%)t zUqFHKg6)6zu7&23++)9mrES%XP_muo6>cKK9t~@+q~b4eDP_evqp*}Pcq-wSqZ{ka zaA!C_Fg#oy;EqP}+0JmffW6lEfA;Kr}QDlIX%SJS9#t4a3+Feyn1x@i>n5 zR2bH?el0&S0G>m-i#g3cY?La!(B)H{p_)z*Z6_@3s;~suI@tGpw1gW6F_Z40`mkhEP5=@9SX#yT1;OIXSN> z%6Vb`jbgJ&wg9!Spi7Yo1$m`1RY1>e_yI(O_6pR zYhG|~*rd%r!2UiX^8UQc6?w%~kxPJ<66{*N=OH8rwdP5Klz_5#smx|SYt1WWO2)M2 zg?>MSsdLcudk=+!&~GqTw+w0>;g&&cwUc?ushq|3TitENU8@={?@f_n5|;RO67U zlNB6vXFT^A=?oMSZgd|PHq#T|y@9*VaSzlJdf}5qwOm<<;!0(_HFF8Gw9xQno#uMgQXTwwP5ZPGZ+IAl22VJ}Cjd1Rk1AedG}r2Awjwb{ zvo*w8-`Nt2bAb|bb$!fsw%jTE;y1jD<+7#Eo)kQb2aT*zctfS3i{MvaaYpYcP{>T7 z5VAlZ!r?AZh(xt;H<^i|5daDi_-cnj2*1g|*EkeH`0)mA@7LAwo+7*0Sx}o47om#i zfEQ-4P)akXCyB}V0RS0R?9VF~%wVpE^#aR`#PYbZfJWC`+>F~Kw3(m#pP zN#qz_7{*V)#iTc_oyl5PK+_*as~3>)(k1z#M3vx+0x!WA1zv(LYB>>FRldlGwhVtm z`n=S#HzWU|JW@#S)ZwHzm*f3PNG}18ffk?+x2OTjjaDE%t;Hq1$-_xc67e&px;tH& zpDZm}DL&HfTYoK>-#fbla0gdhZAx6o{X62Y%%oXU7{OSflMFNfg#1wG}J4fv6gS;p8Xv1+B2FC-zp^2 zuU$(r`?c#q|I^SUY$u>2^qei$8Mq=s6U)DCkr&&UeC)X3g9b}u9B4``ID{#$)RfN3 z17($%EtgZ3uyS}Tsx-u4-4*Z?+m#0#zn9A}B3_Ca^BgaQ99Tn7sM#YLDt$Y=mgoqW z^ZK2jVSfKT*6+V3^!x8A_WSQ?P2O+({vQMC#_x}u>i6F>%WHG0D*i7oUxV zo)CDrFXBtq`?T1S4H-yHHnGd6`k@+Cja)t}8uc(`kZy_}~4Ya~nuWf|gwFtuUciL^6jQ|UGZ|B`;~KoU2jvSB zTIYHlQ^)d}+Oh$i>!(Q+s%1eoN-llq(4{;~$CHpo7~n^sRET9SJoW7P^g7Zh7dql2 z*Ynu>7ONmHhL8~dSJnFGUm>{=a2Cxl9o6%uiMs!e8vSeL7GJskb=<25cR&1M!|zKe zDUZzMeH?BpmgJU(aE`u4V?V;EZ;?j2@~EPL^61HzAdenHe<5Wld9;f+LRopl&3Z3W z9{u1lM;`r6R6;9{sxScTHQNCC;N+r9Z}Xv}V~Z{YJ;<_RuP)i}Vns-TCygZNZA_dtjo7yuJ~HRM3%rtsED4#7*213dL*1|Q1KS1@r( z4jvafGFwcahjXCD0L)ldJ35&vTbzwvLD~Ax8-<4z1l?;iiMC?1_^@UKpHw3=MbtE%86VT4q)VZlzk;!hxB}J5XS-+%0vAm-&>=N7NtbBhC>&C|3DXryZk9zN71u-+J~V)Yc8Ta;0nw3HhH52nHb zH3a7t3?4fHK=K0|K2S;1l+pe7&SaMzrB#Jv8nVaW5g@16p8{dERyDIMBfL5UGsh*E z*oXxL=z;$TNfc!X@z`frUI6C zuvc9YWoh#;m9S<+xX;y&NNL(Lo+GIR{iUXA+-sSkO>*Eb{!ycG!}7>#Pv*}>aBzUW z;--V6qOO&FAl-=%`sYK>I7s4W2?s^|n(?I*zox{Oskl;^FNDaV149vJ7>q5720AlQ zNuu;jw0!5|xYG=+DHL9!Ds--lv5N558Q0}sF!F{oMrjOXDfh!krA3-GoJCjaJ%Y;dJ_wJ8H$?u$bks;3AVi*gtkV3D9`RUvmNX!#}@5 z0XOXvwgBV%6!dR0gJD(LNWY!|8+Mf(M6>|%a)=H9GqeS+Ezy0HQYp->=2E~LLh845NR zbWtLJ_sVjjsO?5ZRN%<9HUXs=*bC8X?Jq$o;u6eohqBqr3(pRZ*|vYuw4dARyv?I3 zsSLDyC;~jRzcX z&GKcXPe$QNw-(yBs25FKRi)2FJ#HPW^4mT=3Z677=FoOb0qm(@9)8tl;uiY>i-{?u zHe|a~ycT1iq7uh&Eo#bGi&qW^q*skYt#&&~Bpc@0gb-(295)i48ls74d@m47; z7-!$IPgjle7naJ%WyFH6V2%;!Hu9S2`IF{-bJAS$&p9fPqo9V(U4CAeQPHD}28xQ^Tjs;>(U4h4;51J*N zdVCh33)JHyh3FRwurex1usZrJ7A1F6S>Ry?DDzugL7EkpSxE9W`PH-4nGMJve1Vm) zzR9K%Y6Z9`R4S2+HZu20JtPwK7nMjzzfr46NM*|I5N~IzTQm2tgf(0nGv%5KL?xn4 zel>TSl;Pl)6D+A)z?&@n)F!{7CxIW}&>n#vR}kFp{6WOIsG2lXm~ckXJ01~Y_vi}Z zpM`t6dfyGJ4A)6-<)DUpJEdVbj!IfJ$5Htz*An*N#qRACVEa~rWN#<)`JaUUW~647 z-{!4Mb`nOxTP+f`LBKm(Ml+vcE-E`uV(46$fy9{bzZHPc9FykOu^?zhwb!YmB49pnU$;TE%Ep5$s17h4RBCg;){ z^y7lxTw5%zZ z3y(@#=nq4}({MOOO(J>)#8->2_=q|1zl-=}RF&7DtFA;>x!igxs4K#)4+FsPYOjME znlu3IfD_&2&K++BAZTC#E+?j*S>VH7$A3wJe1TOL5~$yPw+lG88<2zNB8zh13(yyP8SX(Z zioh43lU`=&@CbYXy3Whc*JZg6FtDF&KBVx;W`h^_M|vB;cp6;AX>o{tve`i%jViE{ zLI3D^LL|`y5JUw{*nYBk`}?9xHG_T(+eRGZtc*qt@$j?EPQe8mf;x#sGh}iwBWg;) zF~KxFe7;keV9R}Wso)P^AoB2r--0db@^bc5cq!agZ&&=g>39;q&kfjR73>FNA69?8 zmw9FwoI^d+%RD$d0z-YCm)STx0z*B+%Y1ft1crLLm$`9x1cv&(UWV5uIKBDm5A{U& z&4#tQ32Zr6x1~ zy-$!F!tYdsR1nVmn-?1rwyhgLa_Cw3Z(TOi!t)*VG+xmsgQ$#sdX z_F(dVfaxM|vXEoLPfi**Fs4G)Bv_OWWdh()~oEos7A}d>*iq ziY@0DRS*)URuK{ai;xhQ2#HZDBplQtLSo4OtIW9~^|!z|kkJZ>I}=gPG2}n-;R5G) z&29cAWdG=d;^}3Z#_5Ika?@+b|DB3Mo1Uv>{U}f=^JT7hh4k$dpetS^9!rH%6<11< zJHm7)dmTj+3!cjFc^zlyh$}V)cP7FzO>xcJ_q^4S*{<%)@3ker7tTJjb`xU9Pkivy z&5i(@aeRA%O-Kl zn9M+3S`JoW4uU)6kt!BsB`ww>MoQro*plyiH_J&h9zIs+d_1|EMyfRj-ofx!qH42u ztqWCmVRD@;#f3W-2DuJl5cy4QF(Q8$CEe78k_QcCL7yIp-HIVES{6^?yLJ9s-zZar zr(N<$%><~wF3+7xniD%WIrI9Rb$~4Eo1}* z&hi?q{D0%|SIEImoNWs*t_-^AibiCcxWx+m+%!&m4s+%#jYrr_qSqAwx}bVnI4!vX zH=kSFt(HF2eHm-qGRcsIKOI|Y9d2jE)5y}|3E(2}H1fs7(=42Mv4a_!6D7sd3z)(5 zWULt@odS2t6dX4xASX__>y#crs}9Q%`7h&dJarc_l^y^+*2$1->XZ=0j4bM7-pb9H ziXcWJnxNZ$M*_)^(H2>BCSE2#iBHE=6rw06`h6js$_RP;ae8lv8baGWNslC zGLh@t`Fj!)09AKF$)pXJzz-N1oCrUq?M@}9;bIE1Y;%#4sA6h!TXHkSR1T|d9aGzUa`VvZ>TZ+PZXpd7_OdTr!Uf+!9`Kp0fp(%3aV= z36If>Z5X`+DRsl>r}3tKC~g>SVF?!yBu*%I>*r$-q8)5>nGK`UC5nzGHtZ=)A#4Y@$U)iLBxtPg3E zp3{~6{u*ejxO_+NERh~R8VHAX@lf3oOGmEF;Ykjpg#DyF&bxS=9^XB@#|wAu=oVe4 z#|u&F>T`O$5T#DO1N8W}&mY#~nL}Qq9vA7SL->+={QeI{d%Vv-=3MqTchiGEOOJmI zzcP`U0fSWW+RrL<`!0JFVi&r-Q3hZax_vp`!Yhz=wI=U1MH*U_I*O4 z^4uO>h|<2FfGE4bRVSsbVQL>QD=vcMAC6ky`vlWC5?X z*Dmp(0&`-uUk)lD3R_vSKS|;9QuOlj>PWRiL`(H~OyRWiv7>dpRgZBG4K@it5W%G9 z2L*XQbf4;AJw}1Uv$5wi@0M!?MMpJzxmw2!4arER-tr zLkmS2M?}L>Bjm$Y3SHfR?l=#OB;+R!8;|gl4)hGl13ziOn-QG5ybc~Kbp>aEUnncN zgsEfsQmkaMM2X;Za*5!KBT5D5u42LIPX)?th|eW|fQbSLHobQ8)cM0S>Kkku|0>5@ zpuK+aG}#4iY~}N$3aa%`Bdx70-Qy~*s{LuIB4rf%mQh0ub-VLEc$aB`G5fx4umS7Z z=Kq)YP2A*A&*sj4!0xYxBLy>^uKIt#lMH47ek7Mc-H4IG0PEJYRrYcy6Q1Q|J{rc; z6uBn6WsZA00jR?lqO=HB2QOBq)?q*w@p2XmJFWkM&Ic3rQeW>YA&GyW| zur0x4F#|EhRMbuJ>t|ZVfQHa=vn7gySLb*Cn2EN$^&8gUpPJoPm+kZ4EP1t6ZMaJnL2ao#TTWT_pN8rY-4|RK47k|ec z0C#bIJCkXS!|;kPo1^Cb@H_7P({k7Bnvq-3H6z!!aYk+>q}=SD8M)aA&)kTV8_f6J z!Omk7A9cR!e$se+nY|MBE-Zv;c>H2~L|=mejs z?B(NAGw@T-Z@SM)Wv7jwyD{dU^?K=JZ0E9HaqjPJs$m7p)4YQ{@{y^RPn|vWqf_U& zhZEfMPjid?(URGiF7}h?1;azP4Zt1!w=t+A0_Utb*URMH2;(}oK4$jhkouUVA0)pu z+eef(+W}6+ZB1e^&H815xI|Do#Q&aXVrMNWJsTxDT#cG8-Yw^kOB#zFsalS;R~5~$)%Pd`k2 zF#C{hwzf0f_&J0gjmNbb1{xJsxjc@ycG}a})>MypY`fnr!0W(rT5u zAhs?s)fg<2U|pi3rWQ3;s&_2bsjV8VmEZHc?>YCLJNE_sgtc1XMLj11jsk_k1^wizH^;4mKRL2DQ9(uqmSQ7*cIb?z?5ECTq z2sf_p6+=Vk_@J+Z=eK;2v@DKr^gz3$2bP2EaCBmW0dZq5YUgY3wdoYIJ8;Lv*$EA> zi!5KBW=*=|P0ytcbt8MhFz{Zrc-LEhW~t^D+2C|FtMGugK}SM%8tPn$F20D>^(Z`| zfz@T`m&?|P=J+4@YO>$(S&aB48iAw~U&v{Xx0pTJI zf(OLci72kYJ#btzdhcX?WEJ#>+y?cF(xzt9vP13twuU(=ncZ*6Y+tlk;0^t#)*d6D z#*%bfefd;t!)Q?)#Pa1U2aN|S=0k)SE1!1XsZ>5q8DoeC)*V9T)j30l(>G=P)pw=a zp0nfLq1LFy9@@A-IJ-mr@yUt&j9nXgK)BY^q8m*i14=OpQcS+R>sE=%eL#o_euwARg8Yd_@Y@l=S$n3jiYE zW)!?)n|M-NdwfR-tZHw2ZboVcn@L%>I#wi($^^tG5j^Kp>R}b+HtU3aj zwglpd&WvWjcX2c#kfIszVH|@9q-X|05)qcVZ8QTRiDMJlvS`KzQsW)f=v=5al<3B1 zqZv3)hRz?1W(*c^Z*?=2NCVAmJsEUI{@&LvT&L2WK0kxE0M>lB_*6~dtmbhds0A9%02qr4u(o)ow}FD@^x zRPV8iv7TK&768Mpxcag7G8IR+8$Z@D@0qdgKT3bVLi0wy;GOuq482G2u$|<&Q-Be| zxSy_Q?(S20I@Q8iB{4EU=^Hz^?%QfJPreQPb(0|eT;45hUnsyJFh){F5M}`V!NWIi z&-WDuTC*}W*U;M6JK;*063X|1Oua|r#f zcQd$ICd%0Qy%Xdo4~6)GRk_RKnHG{um{$4fnAYa9(n|X$M>F-0qPnsrpUvEASHV6SX#!eySRD52jmNv!TevM(2b!C=isl}(&AoM=+^mMx zua&MlLe{KhS6?;hZL-Q*U$NEhLAAnsmA1>pni&olRJ)hHQHE-_R3=Ft=22{u8uR6I6?Han zn!y?CMuDsBZYu~^8Rc@7aq#-LLJKGxy<}{z6I%v$e@ORK)Hdfqm@;plrv(aVdi6b+ zc0srv%J%sY{U5@QK7x5~_|enSd3}%f!8HS@Epi)x@BIwbbbwjY({>6!T92|=+;A`q zgPBr*O! zjb37K0m_-@E&A~QwF-r47EX$~88f}Bn9nn1{so=wUfuO(KB@P8S(C^)3MNs;tOx6d z`2$W?Adq`Xy6t3(=apv}GYw#B7p8Mhc@ywzi|v$ka_RA8 z7K|AaqLuMNu**Kz*_UiuR(KqAEJYA(r6l`9I`(P9tpUj%PKShw&?y2dNcPZ1A=$Y| zpSv28J)UtnW}%_HkgUHhe3E?~o(q6D*Q?DMa#G@SI3ylxygI;Dl`ll0W1SgEU%he| z7(q@S*b*<{+B5C+T`dtNV9HzWN>F7A10W!N`I2Nfoszsdk$p9q0Z9%kV_`G{k{osk zUl}NA3X&W(W+6kB69K@A!a?z(5XmK?aM0>R;Rd_M3=T6KtQEU8bx)#H6uvvc7lkF* zS-(?subrYlohd}r>rEYQe*E}Q{4fE`%1|T%63Fuz;Q>DFkP(gtLmlp<PEJ3rz5IJ5R!^z9b$C`$KswDIim~10edBg=n>m>xk10<60Q1Qp&g<|2W_wt7Tl5 z3;;{cFfL!faPXpGc=ucY&V?`MA3;cHFZ}N^0a%nj*g1x7!7+vk z8pQLf&v~U=|7gkOpd{$km>LUYmg9CNKe5HXkE6WgqTWswP|xI=T|H*rk(xs|B|@js z(w9ZB{A6nnp3z`lCh42wDjNsR~3nL1R7DbPE-7NTN`%`lAi+z z=V0OPV%y0l%cUE*G0o8sl^Nb`=g5=pbCj=0tww_tG*XvFXIn}mzCWiOq`!%R-Hth# z12&T`eawtyP=tu$(`O~d7aU5+fVNbcp;lRUG^5*ZPai~+^V1XXU}qf+GI{V9j|Cy9 zq8sfNQQZVn;Jl%Rtv7x}0CsMi6#v}~3L|2U8UDr>#Kj1e6~JW2d@J z>;$OJjh)Etu&U6BQ-@VDpkf5-NMr>C4pSA$0f4zP#=BXL5A9u)zKP|M#m`HXr6U~5K38S_nngRD2gy(!@Sc!-Bti&4}NIcUEBwc19 zl11W4ngnAER*C0;0;fd~99{IbQqB=B5J)_vTZz|N9+r4TuXm`Cc(@aYoU1TLeR|=> zFdH#Q$85j?k3l+S1HoM}NXKm8sCEp}F&pC$@e)O$&PGo(1G5p2bj(KINOvr5GeSYS zwYViskY2tzr2hhl3lj)tB^K$a4NH-psSJ<~be9!&2I>(=24XBBI6##gYJOTNfyW1RcDEb%<_>Wax9$@OW>cjTcUSVS3yLqZN9*8Gbk)2dV!OJ$^XX zrN<3rY#8L%z{$t=O@Mz15#W`& z85JVH+GE#>0GllVK3HK0u!OL`+IPDcNEg_aPpkbmcWCuz>q4tdUlH8-JVy5GL90{y zpj99H)bE96&Q^P0h|%2Fh1p9Eh$GQp_tt-pIJ2VC(MQ8@z$LQ1AwowFgy_YlXb`4j z7a8Nv;rS>i0XQvD^uqID{KResL@#PQ9Ic^h&(EV7PF?vPkiFIPa_JA0vcXmy5q{juqpLBO($G${wUYXq&i}%`_(v)Z{P*fBGCBs0 z48|Xo;s~-g_E3oa*0=C2zcpt54v*EzLFZ8aVsvuQImo$3hVM=o=^W%7V+euHQKJt- z$Z`FdnG~Jey8a|hbaLbR3s1Le2yGn4Ok#=i{(qMe=ldW7Ax_K^7ExKD9CHOm9_|gQ zb&Oe~n2IrLfGL=aF(?G4pmWEd5SW5qAA>@01YA$n2MWJDWxP{XL&>OPQF!5}r6{}y z*Hc&&QW-Bi3964nVGO2LMQrg_x1ulxQ;NbqF!kjT+s`rD$lzizRsBgRrhc?VfGIHm zZ_z!c2(iTsPchZU@SH;irY%`Z_JoI|xhFir9lC4jae%mH!#k_Dba=OI9t;oiv#jta zJXMj#umIxM669D6g{X9mUrSh)@oOob9bqjY5TFkfetB!@YM>!9>R1Zd>EluqPO1n{ zC~m$hv7#c40fq5?8K5xUF9U?cARTK7D2ze6Dkw2XR|O>o>8tX~^v%G&JOyP#ATENZ zSft3}MRSwJiN zZy^0AKwJb*u}H7_S1Hmj-!wpaIgxHGs4#1aCus1(ct@i$ix}L3(t-3Cf(E4n=`jSY zNRPp-BE1hTf_P_j^!gfvFk&R*uSpX|yy5B`jr#*Xwg#+_O0ke)al7n;QrvF0Nr2l8 ziCbDtBBEFQ57k8;C;91{{W+-bK9nHXmjYIfCGy@X`F1HehDCt~R$=lHkIPlT=Gj4_n zbB*=mn~};)TR*;}$xItRzJm^+DG<56-nflrro#n-nMS(x<9|>L&vdUh3YW9VoQ8*{ zw$+)K^>BK`whDI|ctFGHfd|w^o+hnrwIgG;xVQMw2Ij{z^y>yerzKHbXV{8wGxYR( zqW_?Foz&*$_9ANGiLCL&S~y1NMx!_(V=me3_1>|%N6CO0Igk549{10f`zJ6WZ=*6U z-mQ&6bipgt4tOMetzr8X6$0z1C9dv*``U3Wm7u7>qUaAeZCfzc#H~GMo>9qYF{z9M zmiM`4Siv$~J#_@T!ggt^D=sKuhi;*4`siPyMuaxv|d<;wMNVf^Xbq8ya9`D8fAR=gQ(IqhY z8wU8JZ}+^vaP*zxBc4S+C|qsr*vj2Z>bm>Y$lz|X-{=q6=&Mk#^`z90pf0z80a`ma zc)Q1keu;~IDQ1B>L}js*(W6j2jD z1ETH+Hxc%2GgUkrX8*LH##!61j8p@h1ojE z49xD~+v_TTP0X}Jk_Af%049?Pmxe(wE*vLDtFdu`xHw#aFtKM`ZmVI4BiNShmJq}R z>>lZ6x_gCxHj0-@N3a|6KxhMWCkVfAP;P4}uW=M6487eO0IE`&F^z0hQVKwM&yq{_ ziJEnxxM9><4*68(sg&%pChD_W@FdYLl?FI-ci~}X?qmmt7iH}CHMWF>x95AC83f7o zbGlz)V-YmwLblx`-Xklk$nM7wuNJpO(ZE17W@iRr%5ptvvG4}Ad%~qa0*wM*%CA+k z#!X=gv=&;?cth?5E<}(3POsH?i_0qQ?Su%Yu*t>g+z~>#C(@ZGP;R2vR9-lr`%p+- zEc5E&E~%n98EFRyZHZHkdR)<|UZ{F@KS%XD_kKRI)=bL?PzfO0Q){A@q%eq+gyfC< zdw0zP?Qwcmy%%3cRq@33LXBogf)rE|DKRE!5Xx$E z?NV>gIgHM-`+ivyu}Q$p=3TKBcv$HzA0pvGomQq7s)8YylAT(z)s|%UK{NS@OTAxc zR=Yr!m*HUOofvw%_x1M(zki?g6=?qPF8s4{tKpU1SGrj;l8beK-5n?*L+$QJ4ulNU zQHR?G*>~&S#L2cnuwLYo+7v?E$9{Khl}PJ>Eg#tux(xK@(<^ZMP)$R9Ou;hX)= zTQVp;`5(B*b^z}A8WlRjFEE<3K`k;Ygc0S_td&a-j2V9b3utCd7 zJm<#MOrob#v*R{vI*A{C#gq(9qQ^;mRkJXOa($QJb%TVn+VZMYBV^~M zh(njQFM^*Mq8YG#u>*5XGy}FTc3_Tw1bt`M4ow0(bMTsQ_i% zN+L<9B4s@{yf%4-jf2HTZ8i0B_N5K5=!>V#FO(2)yT`zr#P zM4ZHd_o9`)4mnv#*6jX*JwfMYBYIwMafBDn|27zo@l8l=%(_*rZZPvhA#ppbFBjCKeq zfNv>J6PPIHTk&1y-7GbDdIljla(V`p<;lwm=|O^Yy1+{+w0j%0lOCddSO^I?TOfq^ zOCFACJ^w>40sP3&o(&Y6{iSU`BI-G7tlY}LDMMs{vD@4JbqvUActd3bXl-k0)`|1_ zqCBs$3~KJ+_yCRUc`~8y1|k_B2=_Q<$OJd09P|gsta*v(Co(x%L*%c#(b;H_Ni5;N zo>OdEHu>dkuATAmnzG6A*Gk#s5g!>gSqSEh&#JyjzSEUIu_!p?o(l(#TFVnl8ix+PJH=v|z89Cv+s4M@>zP=+vUYa;phS)YSX(m*f8&2*=4wPDn-fTs z(B+2m7U{3!b#i(vv-$sEJwRI90&@tqn752eCPxls7I`s z0g6?g^+Tn|FJz|2P+74UIt+0wO5Z{~?aI+QpXVYpFlqqeb_V5?Ti%G5F+AJEN-R7! z;mhbRira(Y)CJtaC+-a_b_hB0S;6OpSP2E1QVO&cHgFVyxi}Sksdxx0jE$?XN2r2Y zT9~m-Si$fTb`89SER=N^=&>Q)=DPPwXmUO2HrqQlJwb9=l!<)attoY%?+eEa>iwLQ z&-YDF-RIxTa&JVH1j6@BWS;s=d@r`nHgc8_3nA|0IUpM;h7M>~1;|lnLsS&6ID9P*bDw${L^u)ow z+KXu({^t^1j1=QNhwD#3_$FpEnHvY%?eTui1l#p8a4l^o zOQvkJkxoc3Dk(h}B*V*)49|h+E|vI;Y|22y`koMEs!&t`YU)rRvMJON&B8WI+&Rr! z%|e^)NC^ur93%RGE2uHE&F||-g<1!84VOO`>j8f z%&aJmA3lu=!OTurkpTy+T+>N-4LW{b zldzC^cKE%}s*HT9DyL><6U3tzR(``?G>V zkgt8fNbKD|7KsWC9@O<3vI|FJb;#HI+{Fomt-7UwXkXYqOTD2F8vfA>4*DJem2$i^ zcfi+-AU^ad6bX!x-IQv{Fe1EeU$?dM{MIbH$KV5z+U1JW?IFxpCsJ9#7pd>Qw0e=s z3S4)BrAJu7h*V~TMQX5er;#bbL_dWK<9IpL zqJIXRy&7&1$nF7o!IvxuYf8;GPc=g8%2W+ZTn|NH{`Ay*UlF)L>vtRbmVqQ_gXUNT zAjVFT*`cs07(>D-W9D9}s8Q#%FeK6fQ^G9_aa#}@Fx6f7MzG-ml#hE6s4$n#V>LN= zhr&0O3s;xpUijIOS^(%c1R@;Z>xSzZpr5oY==V`~ZxnU+PEXzIqwY3~2Xze`WItDd zI-^kuGR?pNF;|a+L8qZUG3Yd8G3YjA5jhHo%<$2W#u8gPAhf?f59|T}OM5~;y#R*> z<0NOlXcYaea=w@6nXR)`7@RyfrY>{jurZD&JXdg4StAc>jVBB>-CFirW91#$Ph$AF zkyDt;IVEd84zRJIwKhcV_ce0WgR@kh5D6~b47T0;`7PyAA==tGk^OCC9LCvuQ#3=J zy$#U}b@rYU%}{6W(a{Wb_U;$WP-pKBl0gG>srL_0q*XVRKQeRsj2QFOo=+kQgZuym zeCEC4FC4D*s+Gev<%fdtCPceGnB;up^eS;xI^DpOy2KF1G7w(Q=1dYX? zI|8QS!=HhvzQ^r6Vrj@4hID43eZ*4IByiI_Vi~6W;fd^EK{UwgI=~*Gtk`iM*iky} zE3iI9tYX}v+0BnkAI1&qMO|DPmz!>$*zGmryc!>hsf()s@Qiv1p?Ez?0GvHcL0K$% z$r~1C+ty5O{e>mf6Lx@PRbQ+zXVR^&*~|lxX~p6_m>^dn03ur9;tV6guGME_*6Op< zQ_uQJlD}5Z#tJcO6)jGQvNlA7kBx1(5Ij#mp zO?+1)+JJ=X^%g%V?v!5d8ScFF8UOvp17@+k%~QcgNNtx=(DWGRW=LXBmiZMcz#g`- zoqbz6W4)#p+Q1STr$5CoVGO2GkWmKtU*HBSPuGMo2!slLA${;VsO%hr3|zyBcM2@l zGc7ZSC0y8Tvs-3sf~7F7{kH9x+j{kH3<@s&7sg}>QVMJzDxd*h^}1<@DP!OKAMp*O zVAVX!YZcG`1kLDuVks|EcPg9;>W-AJL5ap)OdY3-|CnjeF1AA#g**GPWiuC#jQU}c zU6rK|Os5l#qxlQH!cXOSPjmN%dqtXn{YS__3jAh4)+K1CFi{#a75<2rk5GkAA^d_0 zVxs2_u-UJ;U^r&P=K_LDDx`cY!oNl{K>2tx?&)X-*un*g?C+u((3H+kWN(gUz>I*d zcuXWCJ*b7NpHC~OgbqQ5T2P+jGd8tUf<-f0HyOc#o6uNg!aPf3*C#aBl@jZzybDDf z?yk$2WCo0Z#6$15;d(LJh-2~ z#|Q$f24k|IqBU7YwS^U-Uhl$JKzkgSaFMA?V_L%LodF;%I~KqSrFF=ORQUk;~aa9Iqf>?V9EI_O|1lBiV zM*}(GVS_)$BKDO>OA)*E%PwNKc`>G?Qyfk^0aGBHcGGuI?+}>~pLWKi{^dtK*~j9q zF*|pD!1W?(ViX0xe;lwJJbaVSpeQ98FSku)?bKMQ&)}>^qr5x(>NzFNH%}) z@bRb^jCy>z{hd$mn{NB6;hqc1#zJ|@ZxXK6)?uJpP`2`UXKJjpw0h|)iN;ATAePab zmdG9uNhhfx<7<(ObboWa2+bLd4NF-i2e(vTnVx#Z*L2NwAO2*6BZ{aoB0dS7-VRhL zTqS-o(yNj9F_ zW_aMkt^Ye7xWyk-!6XkPuJaANNmMj8evm)mSvKZCFQ)PkEUXSGDhdU%)k@%g4)`4Q z*P2oGO<1XgdHB*O-QHXiDKuXr zM5)h){;zoM0nXyFQIoxG-v#(07~X%)=O`s|5Gc6-rF2=DQ_Lrt1S`yZv6DY4<|;)? zA0wP%df542z)qss7nuhgXGCUXB>@Oun9)}tFpnY3e|A8DHLyk+-3M^+tXJAP_UScU zULW6IN?ZH=(WNceKiHgd@5iM7BK%gK>!!Lqk-b`3k>lSb%Q-8NogB@;>bnHTMWY!I zoR=oDqoWxRoaf>?f@lT==S8@V05gi&b32DkabY6+HZm;Ek!#npV^f$qA)7+d#8_MH z#S*VQB{+9_h8_{DXQW$WEwdnu^P;zKiBAx4(*9v_OiOrl&yPU;mZiW)UPVb8H?)Zi zo&NLRiOZk{^}GYi^eFU6ACY1-PI}o?ufxtEQSB_-ckyG z1Egqx1IFL{LrhDt6#fb=bxYx2Q$Hon|6m0PRn3WO$ffWf+mfHxeGv+uMDNL9OS^}m zk=0Z94z{c7`syl{!at-x!SCvo`(i1)D{wmCisOcT!TyHBu_YX)QM{Y5^UV{uyh`6< zYz29OUbz2=j>b#3O?cQiN?+|~E>1PE4ahs$=Czr;>@=wdjw;U#WRvz&{0voaGZ@9y zEE9BBHv~kXHZ69Pj%9_`Nw(c15O5+4T3;>DFeeK;4+ma3g8qjZ+VBW_NslOOAB^F9 z(m9T{w%vF+bpQk!eG9f4qj!fw(9QxKt3$&c0>>>z#(EyJHrPLwR8 zl79eSDbKUq(!YTSrfN0V)D|1b5}j6Ta`>Xk!sIE7Oa! z(wA~nj)B6U_K;&{da_?r>aU?9$^K2Lx5Fs|no{qio9maifeV&-S01++?Jq^^Cei~B z)%18haFq#)+}dIuU?1(q5>V9X372<$Gy{AcF7Gp=8Q|-1c~cUHyGVks!{x0T7C`nL z(DhhiRj%mw9L`OoRsg9YI3M4j+K~B?qaXK5#3`H&i}5Cka2`1SfN=$HBA(54g~ z-0k>+wT4P9vlcC-(u>6=hfC&VktQXxvMGhfb%hN%^yfa}{MGo1c+44(?e^iEV?-w( z-9^vtBf-4k!zBnPBHhk+(j0JK>!o*Mr&)Tg(hZtUMuuSQ{9U6NplNJi`d+`84kGv4XMJ`+3hAx-*}*Lv!4j&reT1?>mhBfqx7BgE)6)w{>UYE`n9N zGY^CtL*1GGMr@-q&l;r%;b?fh;{qK-*GI|Y$F6;)@dKH9+74jUWrbZWNlDa1uw_;@ zt)(0J_qDzEdLmopPcy_;i|j2YvRj7|=@kJ)I(#l=(rU1H^;VCz<`-2tXa!Fy^U7b^ z1a^UW&#tM*LSpXjXj||tWl!=9p!escZeg#q@O>?&4Y` zQxuhyIxQ>?^vIE7NHk$lul*cCRyN%eJ2oI&<1wbK=)zC4nE@z{MSBZ@^&(K|PR5E8Q} zSMsSxn^KDxr#j4VsZt&31IXFr9wri1q)?L3se|DUbxP$MSW4*?w;eUt>X~?4UNR5q zIKfz#Xyj!u_=RUnXvsl}F3#6H+Q!s$>m4Ro2agRcx*S9;EHPB#?x4i4P(tU1z#hg1 zgtHRZ27DoLFO%p4t12d~G8ArLDHmAtmQ&#>rcXu?D7sGf>&VwW>J5Krv$6qt-pbO@Qq2L1?wEo3TBluU9J z>bH_qtx3?x8&O?%ny6$#fZKJ3Sjtm3NM!F&m>^M;L(P#Y+8QSd)_vml%v99n)M))akEigY61zD zDI|z-<9IO2%LfW*97KQnU;%yIG(a*vThPJLc$}6&uMHA3Vjck&Ajm)YzL>1kjudIJ z%)AuF=^&V?c^Er8Kp2mu`+QRqNSwE;$PZ2l3*otu@lZ?VrJHNIy`RB8QS{Fy#^uv>`gi=KbaSek7l!dwu5#}& z7y*6szcYFSn>k53#`YJNYr6G5vw*;@7JA2A7jiW!=JrS}kjt+Y_Vg2;i)Y6;5A0tR zw8p*dXTEN{?5cThe~1Z{dDznA<)u<)3C79Vnfj#&+N_jJ!18VU5btHZXcG0^-tv6E zvcgq^*$>e?u}AB5 zbagZ|pg1}zE8L*lk_=~L`Fia(KQ-w+_^7Dj z-Jpn3z$Q2lklP1X_W&&I%Yf1CeUw9WgDH7aP^Pl+a5RHo+b0?ilm_jBOIMias;3O~ zdRxoZO_)-~BD|z9loj15O3+r5+Z*zIqby)CMjyfakXkXdcoP@@5Y5VlAT)KV>G@!p zM_A~lk3UII?nJ5H^Z<=e%gG-ZuFR40=_i5LO#O23spIiW%DWFA8pbpiEk+pAT!G;W zFs8Y(vjxNKaMU!{{N;?}eY-lzhnvE%-!VBg;TPshk&@)Q+yiS)wY7Pp`K_P=c zd{$w!W>um}Icm+}!&sU6CS;JnG$qxf?bVG(_~IO|d9i6OpF%A#uQ6jQ6MFDpCc=7Emd0H4;1gPz*5!b+Q>Cn?bR?zvp*?p!95(f}+p zpxslYS_+?>V?~mfRe=4kdL(-+r-Di#V*vzq~dUcnw^W|Vk`BpMCVkkr1aVj`s~pdc>T#MB|)B&bF{ zbL?oC3wq=Kh_jA{Tg_Jx3ZI^~h-RvL`%frdocpakrU6JrU>cm&-sMg3s_@?kS#_(p zTyOh_#B4(Y8cJui@?N%FILI%bS#g?`=vEbD42-*#ImIL_?Ekcx#yyRKp@&7 z;AUcjieEZwsmR~9QD_yhgmy~{t&luxk7n0eTZ7DnGOf&yn z5YTT=uj5SmsW2!)!;mgohuL8qN|k1J04R8o1+qyZYs@XyhrSl7FAkE{akl_5{;LdFI8wWJ@7F33>o_w*8D!w6f@RemHqUsKkprD{VB@K z90}31USWYdgTNhbyG)*%Y5y$a^-KJi#T-;(a>ZxgdY`Sh8!Ha7rKD)dKR{Oxh!5Nk z|JlvA~G0rV7ct@Ecaq?WfJzsK#A^7o^MWgXmr8R1)NGMno0BsgUBx zQQ_sye+;Ww)>wBENm$@~SK@n~e#=ds3)8Ka z8=pG)-wwZ&0kwl3+c8{S@2ecpK?o~H=}wU2U>#(qx4{+t{6YQ^qSEg_&|fi3z!#ju z#J66xOzZd6~5f1dxuz%Y!lPh1l*D;IHktTmqH<-GQZFQGo866^9xc* zN?84rQVbSfqw#)q<)vU|NqJBM!CpS4m|sQAl(`5UShqi!I>Ho1s{RB49tK8fhE(P2 zE7)`sAy0boRVHo~?Cr-2cC~TGLll|BgW#k_oH*r`i@{nKw6&dJi}yT$;`p%LjtAYK z+EEp-s-T$q75w(^Lj{7U#*^*H`i~8p6E)P_^_=Qbw{b2tx4=2ETvyGdzaS-3KNn=w z9RN`wG^uns8vx-ydd+AV(#pJ9OZpSkc)m@b{oME+^QEiN9{nl`EooH6!CGRr+JhtI z3j%Fg$6Q-AKNT=cob8?d)q!Q|A>CP4nZMR%gDj0TnlTW{2mE&(TB zH^e*oB9d~=0yFOwSg=FzZPp*!p$kx7IWXJDsB4c(7Q;R%nV6PSL0Q0qs7G8Q(>hKP zTEmsy(-!lmch#kw#J-oTuq3(ZUlBqMMIz<@ghQSCNOVE(cWFN`?YaJ4BU52zxciM$ z0Ubt`!ia!uM^0D6gETG&c4hqb9jV*d5u8F0$UC!3jgJ{Fy{9~1zcsR%TK6>gi6cUJ znF?hRg%Qd_0-+3Mq@lK%dNOTSKHskOiY3X-OwQMX&DK@`d!DSfW1d7Jx8;->x-whu zN2zJYnA<6+%`k2;!@w*W8G>B<(^Iy>Dn4I98aa`snO{h|-cK{XynK3!6p}w)I-e%W z*){+2yUu*`FTR@^OcUszKMM!i?~Vq7#{aQKh*#o^{gE0pkNlGV!|-~5Y4N+TTM@JK zfT$krmE)&=L=+*lTT`LGNM*cx<4t}O@;4Bi*K=i1QfKO0FcoIiwqxZ@)hg(uBUu;x zZfM|d{13C#?mdb9JS#32qv zvdpj11frmxY^8dcm!LEY`(XVh1*}EPh>$@2<4rQq1sLc83{-S>MW&LiFaykEIe=Q@ z;V;H{1{q98a=hXM1MNtjWbo7CWr1FcpWlj>QQrd6Uf}KdI}xt!Qk#PHyc>jFU|d2? z6_`E#UI4r$nO5p3KuzCKfZs<|;lG$izuLVIel5bJ&+=|Smn~GufUda$ijjsA(Dlo3 z3Ie)*6;44w*KOGCovQ&|^Y&yw*R7fQTYZYGZ_n4>>LqRt0=oPzZ9vycGKHjV86W%! zl*0(6rENe0gR8AYt! zyP#bsAyAw0H3&!{1ES_6Yw0%-JuW&eLX2YKwjNSU+5^Sp@_Pcs#3>(AOxgp*H%L3Ax4rNn7_I}|2(A*BRl$tCAA@!QF#tWwf$m6F>FXR(t^J*C71{v<=7?h)2M zhH&|*{$a#$yb92*Du6a&#J>?}s18f8(NqTxtQ7YmQXJw$4%>c90W$cK)yBf@l;=79 z!!;@7C_9DbH^ASG!89?2GbQ>#d!Qe9RzEoTJm9l$4y1wwcD4~PDp>ekr$k}}3zF>5 zHRfBJ;h>1jL0^39neS20xILt2j7;p<2vlLRcTC#*Q7R=E$Ht@LI8w!mE2$S@I~^Si zlurpVsn|S7LkNl+@!av;MTpos0@&-&sX5m`AC0TZp zP_k*ocq~D}!w7@)X%BbY@q=*ad#|_rr~Z;bh|t^DvnBla&wTs{LQIB8OW0+r=8x79 z4^p*4X#t$%>3p(zcr)9St+kB-a~S z>=C$gO_QWWiMM74Q)~x^NC))lRAF`wlS)J`79|sm!W`_dRXQb5NFwKgch}eqKt-Ts-QYZkPK08h&#Oi{;X3AQ+(U<;Q`YL*3?v)v|2p=vD`>yX}?F=5zgSOW7{R>5J(R=+TY(@OK zpi4thhgjz;oZQd+kP8k!9*~mwkuR4C?q;<>D!9SpJ#D)Yh}Mg2-&5{$`rcXkre9Zh zE_TEf;+}Nd&uoQlo-^8emF9JOsf_M!x$e*Iwlk!kJ4`jb?qrYO2850_m)JJ{@T_Tb zmT5EH_M*+Z)8^^&7bntGz^U_8pjreZbf???Y-`l^Sp(I~T~4x3Rny&ewm`W&1ZDPq z1EmpTqVa+wQj6=s`T>cP=y~kTeV*6nUz3EMWab*Wh*5Y3J5o=hClWF|l-)?AU#WC* z4=&kD*+%RZr2sjAgZIBc3YH{oqg?7N0ci_z1O}aKiGW)-zDY__L+oYz z>_{y_zmTVk#-yH3G;?y$5F#LJ7U3oj&=$@(oc~9&tW*g3n<0z67X%J_Jf)sb*m1=R z!J|oWye=yIf+~?-vwj)chgaT;V0l$!>@BddXGN53Qb%o>iR@b8&^o-S{dKdnf8HWQk{vJ_43)t&^N9f|4}`R8P5RX zAw211Otp}sSXdoFcusyWlxNc#-HWXm|M3Z1K==TtNu-qbagi|c$U^&h^ zZi%G^x?5}hIq60~+y1Gxq6*l>KByRV-BhS#-}Ogh0>qC-0-iI*p4d)K;e2wc!mGQf zAZ*4zE1o#pSOnn`qnG5KLJ2fM{C1%yDh^;#M5$#_#toz_DswRR6f8T@bBS1alP8jU zJ#X3yI8h5Yk)?h}VqXOF8f@Q$5Pfd!2@}%ORx}Wj9F76zY9X<)E>+FlmB~=@Y|xhh zfC3yj>{cC zEY0xZ@rc9UGEFCU+M)*hK4t88c%gu=PgRIL2#aX+N8VuM zL-nd~-^&7&=DjT14nlMO&P%UZr(A&e-IqtJ*Q>lvIHN7E5hvKe*_IuO{bqFp-N7;5 z0GMOnWQo=(2EX2qd5-z_u=6dwqDiZnIS-ndjzot;vgmMDF)!of=?erLMfmxOG zTpw1yI{?R37&|aaP)ED6HU|g+G{z-CyePb&5|iL9^N^OKgLxeg`O39~4BdR~no(dD3d?Hj>1V29?lLnOVtr4nhp1(3@pJVU4hndV2O9)$v81KtB0z3@G!xT{nf zSY$%1QjIh_b&gUUh8jpWN;T3g(x14{I3rs~-01^x0hWeO%G%Iiww5MCGKz9L6-}H9 zyg>dhyg=@?jbruJ>n(9@2PeIZRV?ho{h?q@)YXBZ8advF&7G{%RY11R)o?$%qRoxj znhhgPe!PQ)8@7+Jx&fT=r*x!NpjYsA?@ak)&6+S$uyEj{E}0fCoS}*A3DFEaZ+J*F z11{IYLDbOS;`uNbH5sl<`8bV3<*=$3|pYr6SFqL55&M@1zxAWu;y|sQHg(8V&?bpqi`&fSYImX_TBQ8ub{n|r$|;$ zIO{(MnoZ11N*1bxYOSn5mhp)6wlU;O)@V8O7*e?7zW6hYOlJn{i~>s=C2Z`RkRPro zL5bi#sA+2)K&@GnzwWf9BXFMg>K<|HH)a`?v(JZkE+ zEY)dAN>-0))MV+jkgCxdH5=2~ES4VK4v08AY=72Bq~K(F{qobAQf;bd@N=1d>VjPQ zjRai?ZPQb2s53qFxbH~#1{92ZY6T7h@N&f&_o1l;U_@+tTX;3Rk&md!qindeIz z>!8sLg1$t2`bNT*k?|G|zvC{s}jQr9c`XdL{L|1C^ zslb@NSC|CZuW0GS7xbq6hGwZ;6z6<8MshAOgMR3shi6tSXqMioocXgf%B6pEML@_&7;e1G9It#n1YwTe4Hofjw&&Gt2=#Pm6&wKV zpfR_)t@g5yd^;GUYCaatP*wBxXojkq`Dli!nwLZ~RMq@;G(%O*WHdun&0V7zs%rY9 z&HM|aeMXD<$T=rkO%-Z7al&Zf3j}*5vefZPGB8SHs5u3+9#km~BWLl8j_1ya57f`O z!biG5?P4u?w6vfNAj^&-S^q~~7vAL)5-jU_OC}k6%|jR5|L);m8$u8C=NlNAE#d3@7=e#5 z1BW-faAjHI8gXVw8FPb}?jZQL72(=%7Bs%nu6gR^@{YU2)!GHV3S*08>ZX7{euJPm zjKCi@1B~($f%4<3@E_3pe7avJ_(Hp1dUA4Ke0M70)B#v%94djK%CIZ%0U8L0`8_mD zMWIa9=cUD(SxjAy6lzRgiW ztuf&#SO_1#g(;zaiViHFRJY>i(6*s56#>6bh*wquroS=+%Z33B-p2-&&>moTOE@>$ zxfP=W8mF2;O1wAU@1x4fmm6nlOzp>LB(9pnAis905hQcwS#*GUc=(G+SoeENl zQA5+8b^*ZyyQUup9p>=n2 zGa-XM7J6qBIYe;H1qQFfE;2v9zx^5_cpuC}q0KwJ~oK)49Kz_hO28$V3~7=^N|KqD?Rys7Q=RUe{qxaV0b-Xk7IPE zbYFhy1crP-MA2AoV0n9ChQvH~YYzx97D0ZVRF!Bj)M#Q)uxF$`?n&_b%@Oe2R!y2A z#pLH?9nr#`{^@>UlanpAos^F+VgwemCdSw8idYBYMjnY($^P@vNUyLma; zq{p1w_?kIr*t3B(*Xze;geQ9{#=!58ya)nqguxg7iai8d$Yn{U7A$V=)$1k=(yUZ- z_5{N11L5kIV!u`%%|8JP7r2z3d==Q}oPK?v1;1sVDn{qD#YQ;AV)m0g?^=D5-IhlX zti4RYCRI93NKf_zzv7AtQ1&thdEnN1$v{VH21n76B4y%_Sil|Gt5H@G|Dt&%fP8H` zcy%YW=W)%cx#OCfdB<3~SxWJe8t=(BQB(t?Y@-3{zs`2#;F+A0$~-2G+so8^zsg*2 zzmC*g6h^=w#)c{_(0r-}`?dGN&&*@&8&jS@Inc~pZ`*rtu-9CMMui58am+Li#GAX5p=XV0nyxQ1b|F-AlK9?MY)W9ecDyB+Ug( zkbwYXRl`swmE9&p#|xT=n%6K!SXg4#;nD=TpdMBR4dip=U$|Ce;a~c}Kt;S)hVd(E*3lM~rqG7? zof``CfeWWaV{@X#i7nz4pYR$$(7jrs_Xf_5WbA$ihT01sJ_#}}0I^B=A$`a{tD=@t zQ5OVvp`)-72ek;3<%&jQ#0h<-LfBkX0rc&yCbtJ!3NVQy2m;CTNC$px$d6%O9Sx!4$ah(+3_zBiA@V_Nbc|Zm7E)z7CDc4VrgA5)IVyY} zvqEI(!3vr5%Qasim$A*e&?Zgjx{7 z4aBy$4GgpYBP`*Y{&I5|$$yC@jQS;*z>)!+F|dRuPFK~=u(Uuu5Y{ycN=o7Ek4R#2 zahWjF)C}1yy*@GXyN2BIwKFn{2YGM5rU-7RLs~zDoO&Wh3CILo|7ew5+f{QKnkgE`q%^!V*gAq9P*J zS_{9%SK})Hi#--Z4>X&Nr+|@w-^o>H##)QQufkcP!t;W2(EU^2L9nyv z*CGdLC(3TZI4NLMabrM^8C&UxJhxc3s8=@la+j0qggocrdoBp8T$c%Z>D*N<&g-C8 z6qbBoR!62qZYxMMHu}6pQs4^j1evybC)J3+7{cY0d5nJ`jd-DON2(FPLvd?_e#-PQ z{SwXlN-J4@o>$X|ixQWl^VOZ@YEAgbCh*?maIuBO?%#IY zKHgK!Bdl5dIdA~3f_Y{M%wffUP%hOVR~1ppvr#E?16fC` z6dEh7*Ly|^O?t&hp-q`?y&mH>5WxDBGgKV__!pBRO4(+wU8+U}NXz>0yqgXq=3}nsB)t%+w1v*QrhK|dpI@`7*DYbrJR6Xxb zIC1i+Cb7(#3P7$k)*2LUU{ymvqg17I>S= zCUsXyeE$M$gJnXZ6wmXItO^pe{wAH6t9fmIWcAiF%$Rk*;G?b3E`z#*NfFCh78s7n z=wyNKL!Zl~8Vfjb07MC;wtJu4fCd%&?H~^E_~}Fpm%$62vy)jH;w)HQy33yC-(<%N%m8nKdlJ|L+0dm7*>rV9pyZ_qc-kffLq z-5C_qkU6*sRd&-1r9oYY>RYkOxllXE(>X$9$V5m8L4gg08_~Ux7P?@hL9y^Qn*Bco z7En(MD?KDVpm`F&Rb(IuTM+qX*DH@;=X~>2r-&XL0psK?p(28sxyfa3L*V|)v_;%d zIpwrJ$o>=WbV6#Th5Ii!CIZ_D^YIz}Ei2rGf0&tXVrFI`o=@NpxBN`CSR!g*Z$0eM|&KsDi&G#MII~rToAq4I7Ke>loOCu`{|xZrEEFqdhi?$|AD7!h`OZv0H}A3~c<**b~Q|Fm~eDih*ykISD0Z%aM+RxNg6PXmuVt))6Ykvp>ULWkr0BXQNaJ%{0FSzqVj&Ky=b zE_bza{H!{6*{~{m5RNC)aQ5ufVdJa8%T7w;0NNxRK>K7n*d7Y$-U1ws-X|$ch+B-R zU8cu|iQzKA(gSG3*(qaB9edi??~MJfOHPR$?foR9B)-brPm-%y4xIK>=ky8XQY#k> zQhX&Nz&Y_7_FC+XO1<9PQ^jbq<<-VSNaVH(x|2>P?cUDurf;GIRQ)HsXU>H6wlORq z%iU1PZdHDH0XW+n9|I`X(=Z=UyW#oRfu#XB|2_^7q8y^`m%+*XTfYi%R9A^90?2X} zEkALY_t;Dmd^SB)4tsx-YnG{Z2H_<8ArqykolA9LoG4;XbKq@jYHlWPK)MPXvTz1? z04mwk@F@lJ8a8K6i?@(yASt>ENAZV-a2XpK0Q*3Dx7=^aAzT3jry)3IM9}4m-pMbS z0>~#tBJO7`&nr$nS*IbqP&ZXGs@MDF(WSE#@zMiwAx$MUY#*-Q!*_e1fw?#OhIH+2 zv>RB`mCi;x(k%5l8|`7JL3d`O9qE?tQU{ogcAd8aQ(XzYX;S!tu6_6LU6;K65rjVL zU6Z;c$hl39PduEQDsMO08MTM>mP2#zDm|oEi>-=a35w2mteI}r8D&2&(P*}7gV-+yC;jKp!|JA#4rG$8x>-qF`%l@BO5KM4r0}0N=npMQ>S^iCc+w zGtyq08Qb!lkK*Tudw*_v>N$T~{C12A$5Y=3VT^C zadORabLayRH6(ESmsylF`e0_oD(NG3l23Qhb5&v{DMe>|Y+}as;7R&%a$?qxg+Z+; zk?pa!GyJnrb(O<@Z2y>HYtI0Xd?N8s%^Q3T^eWEi%!^zo-RzSkd%T|w8g{b}lx*s~ zw!M)|kuxAR<-3v+Q2t&CJ_j12ne#xD>qs+(N(PSPz+)+Yw64t6(@evDeIgG_zZHWe zMfu{&gf00i9vlh3MZJj$Te8Kd1=(UTVM|5t)h-cRK|f-^2b?9^z^9ys=D`9VSj4v{ zXagZmRQUKm#)dMaUr?ceJ3o#=MNyt+pCT1YRzz^Qgw?MRuUAR_iF42}cVU^K(|wN& zcPcxim*PH9_1@XhSL(5r%M#g>qZv4{ae5*f~ z!T58T06NFHl=BnW*P6b!YOOj5g6}psZCmv2Iw}UUphu%@qM{Z0hZw(Z;)XQ)hli+79Ew{#UheRuxKue=o^b?0uvVRSQwx~K~)SEHv%UK zV=)cdmMJc56q-@f%9V*Mw+h0ob7Y{7m?4A8u`bMz(VnSjhddyjaFARwQAoQva@ zWGvxqvsdYmCmvyk?6ZlZ0jjWxb5Hb%%AHFfZCBqUE4J-qiyy?|gJql`o*f{~3*Qz> zDXF}ZLqQ)==mjiKXX}4VK|28@5tw4p*||q4Iyba08Y89b-=V>J40@OgMG0ZV`q?{}8x)uL(n&Z;mf`kN$wb%9#dO;S)l`%a%lzi|jW6R4$#V|p_ZNoS$hl-+)R5ZF z=SS;P7LG;GO$t-AVo{j)=tTAa|C{V~WFotZ+rsIg7Pzs}?%j*vfkNP!i1u?T`$0ut zro%3%tAv|Ssn{x*G)1qhr2R={4s_#Cg)d$(MF)eyOTIDJ5F6b>Ubw1LDCLnlIz=>@ z!)+lQ_jk8P(uobYh3-U#j74i%%65dRAp=k}x2v2n2xYJK2ByT=HKptacPXXpe}bMA z(KqOpza_opcFM{f?Z#F~v2rBgdSSe=!!Y=LlYj|=0h5Qil& z^)XgU;mSyUv8EIrdz-=gmVuX0f!>|+{`A!QzMCfOOqZ1}$9f9CQd6$iyOO=5b9i~V zs}jgg$NsBO`B{S-PBM?kHc3F=XNsE1K7`A($8g)_R5)A*_8S)(HOWVtw%WE)M_BP07}J;SaGIGPB&B7 zHGLf)PEUP^o~Nfi0(PdSKK3VJQ3Mjy!HCUXlmkCUj76aFmmrNDJ_21e#8rp1(GWNn zlwb_8V8Y`an~oy#VG&EYj+HO!@R$N63BVP-H@+`|0-Z2Of!-;$D-P$nlaONKeIzBHJV}K& z&MUW#{}Wf6UIZ6hT^xe)YX(XTU<3v*$8TK7CE}EEU;jXVN>lU+n^S`(A=$4f^_~K0 zQ}Fu7-@_?*{o{SS{;@(||G2AjQ(Ro&i9gypyo-F|a&!3ptho2Pw05qqgu|RyZu6_K zUm<1$J13ftFvIknUSD)>o=zHiafc*8f!w!HcHsbP$o-QrcIh>O*<6>%_Czz_9J(Np z?TBXRlO*$_8E_6^vC!=m1}gd_i3=HOVYwLgS(1VEqL=~^-VEu+cJ&1hXe(xyU1+`A zaU?1ry-~JccuJVD$0;`(@+E&$<-I`PMTRTPa zNpwX`^~!SUtbLI97zkE$Xa<~>sYG_9$>?Ypk6-vd z2pxFqxy7(Y-xz_^!S#*@nt9ZlRTzvU#h+IN8x&>YAY4M`%?3WR(SD#nq9W#6h(k{p z81CEBg*=cH_vv-!43XNdb-RzHES>7#`%jXgkaVw|;{VJMC95FhON@U>;bPY^pmuR( z+Gioi2qk&9kJpi$JW*_g$VteSoC3e9bk+K?HEgEf?0?~G>D~gfp#|pPM-&*H3nPS! zUX~|0bR7j<0HHox$I?}{{zvsTn71#;bb>iC>IINVt}zAm!%Sj|MZV$|Wyl8(F_3Z% z!NU#8_->?c~zH{FA; z%o3dK=MSkPFM`! z^MCec08X3<71LAuA&pt}Aw1tRM4#{BEETT6Ki=`@l$Uwm{WjQpOLB)KQZVEL2M#|8 z7Y!O^3AOkIU4zOO41^Bvm=FH5(!2TU{$<`-hi_8mjbFNHnfJG+@N01jX%`=Xf3EHt zQ09I7G}3cBGZnTqnV4md5)J=uW2zZvp>`7{e&U`^-{FX;8o+D;s@y(ntvPfQP7 z)cCjfE7AToJ@q$V-PLs+=%wO5GUgvzOiFAUl-u|B6h*Grd-+(BEmGc_AoN?>FZ8H) zt%`~O5_{3ryVFze`knd;Y;JEXw}*8h_zmHtT2X^?BiB;ds1|d<)6OQ?&AXVYjLhH% za2J9={l-L}InBml0POv@mA#T)@2eP*rKNCjoWwDU*Lk65Gjt*2{%{Byh?rm1e*A*5 zzW_p}MIN^_P7%X((Ul}4P@*^8R($g?(pQ;x(QqD3Cft(iJ%=qDZgpgLMy`_qVq5HO zv56@hJfEo}F;|Z_N}G;9)p!I~rRpCGPUs!j$+rg~k47PAQ`h-gY6KVUF9z|t>idSM zBMQj+)8XHKv=1G=27Yu)FJbirv*a^-$`kPzybdqJI$?0H{R{^Eb*+Xdxdj^z*1OTn z-%(0&GgLEwHkzTD`Ge66)y!{=W~>*@Tw}UGZ)KjPH{(Zi6`F@+#3=Q>5m>S%didLu z|C@UF9tQc!gH<)4>>pnu2u}5L#$$P)K!WS?eGg~A}WR5>57xPzJF@kirMVV zJk^_e%AOb^6mVT$jTAhkd$8zyNitbTSq^1>pP z;AZ*0ew`S^ZxhNia$OkVuIDj;Z8^e0B`8`=dy=hQT(moWVa`27gk=gifVCvi#$&lK zIxCQafe~H_qgjavJ;AiL_I>KX+S*j35<~N%Z{&3Q$#pL?a*Ro_+I}OiR}NSJeoAmE zrh96Y_t9^-9^`^TfBsc>48mVR&pJtU@BLX)t&7cSKfuE2fL{7h$jm`gZB`&l+5*C( zsJRZo2zEy*E_B>WabuuBL&+iOd{w$_f>pNfhN6`gA!kAhBSlZPMH_5UajT&5lhJtL zj6Qle=E@V119^6ot!5rvvRpF&W;^o$z4tX+v{C7I!2@U@SQ=)4_`^4~u}72{g8a}V z;LdiuUAtQ+9=*qmk4Y^^T(cF*;P)P>1#msnA21J2I+d%^@-Y4_Q%L+XE6HGI10a|HCqSO30 z`^ko6n*Zdcz(BF*K6Sc{7ac+Sb(NU?JGC%B;f-sgR*v50g^2XnJB8Zj1o)FHlQ91- zkVa^a&7>9!rsJo4NFFhZAcVJw7kY1cpndaar5{T(0( z{)2z?bt^7hE`8h*yB!)R+^z$FCL_z!tav3=!A^t_>MFgtGh~3B$|c6LiD~tnasm2} z595~}0ysc_b^=d(N;i7iMfv|!oUf_v!T>tcd*C?36W-t8)!}k+T#G&4<*v1FIfM;6 zcKIL53A%L{Go(Aa9%4K^0_&_m7^rbk%1I80$+lO`6gq@!S7O3+@-VgSRu_1od+#%q}wd>1`L@DGD@{E{%$c5YNuoVl}+fSd= zf8?fs)Lqtk3$F12?KcS;WtGKIZ9|Y zX+D{J)W5k*npLnHT_8z=a?HT*cXD!+Gf$Oh865@}*n&gpjXhOvGYXCOP7Y&q!yx;r zjJhajg$1|>=OIYg%(tP6ZN3BKsePUi^629r3$ZM`fH*06 zR_QbGIc*8WQC`I?78L=Xag1~wOj|S?zhd{>@R%3bDfAf};W9z%!Aw~PGaD*w2`Lw3 zHHtpr=XjkhLLLl}-qC zAkdT9D+{zFqf;@rP>a$&mI4LTY-47B0lPYp-5e#QNn_Sa@^tyP)VMEt_v{GWl6Or7 zgVykX3wP62q!%IIeN4NOvU>7`6z#Q;hzAsd`>opqh*_mi*pLD2btAm%n+$jQVM!Ht zt=~6S)_S|Z-sf6x39_q3f0S;0^kk!WjN-iz{^YXXO8uN#BplS3)lW(bjdt*E(XV_Mtdq{hkuj?;GJZ(eLXTGY_zDvhye0U@i9)A)FxP)p*){ zWSm%19SE?Q*;+lb`3dBnLW!M=xsX)&cwIJ&uM@Ggd{Cl!W3&g6MbqR{6wlPJz=*Ig z&&D|fL$U;ONo;yVfc`*^k~AiP8DVy$xi#DIQ<=o2Sh$cCgH6W46WlH<*GreacW50* zDS-II5RweUv|f^;Wpp2UsTvyiueL5_cMt;^9*{!gxiCs09u|im@K!og(`5fe(WJ z^g$`P=0Na5qoW?PvWk~mfO;+OQKH=pX$Ag6ir1tK{V(zXRw|5^)`I0PvjH;DijasW ze-5rXQYvyi*32_c3Y>2D$+i^*2PG$M#)-v`pFU~<>lMJvB_^z1>!X%XRV!w3ZT zjOfA0Dlp32FMNq#7_oe3;X~Q5YLg|J*!RE~L=y`d<>d5dqd!NZg3+y?bwxtVG%g+B zbYJOrKh$1hYO%Nhn?1yZ^$n+R_62;n7*QQ=uSE8dXa;mRWXwf|qvo&J-fciw#6S&Y zsxP+EdHV>(NbY6tQUn9wYMP)kDf=1ADza!;X6hTDqJ|M8EITXRfYi=^Xf=qrABgnl zr5=b4dSv7VnH~au&WvVYn+yBn-->2n+=%PhCz=7>wHmiqL^Ghfj!k5_-by;xSF_&1 zNJ}#G)vRZu8Q2E^RNP~W;nB_mtyn>Ht_f0+jK5fJOcNeGcy(vVhHt*6Jo=9xmGbDp z6%LP9zEe(kJHYJxnE(ay0|pGR&tOr|&|qV-&GQT5wJqwwN)VO!#l_Gz20!@xy0`aD z$fFS>G;uMi$zmCTAOim$AJxNtgerIkc27(}qPZ3ytJaIUz`bMiqOQa>($j|MDbR}! zw&2W#P8fjmmmy}3WTJxE3VT}M5Wa~|G^34D&v8kboj^*t(xn)acz`2oa{c()#RkY0uo)3cn9)uM8|)i>sYvA2vndV6_#V~u3bM^-SJ z{X)Ue0aAcs{)@@b(g6Ztjw>g zY~#A{-UP5Yx&PK)4Ax8wc69q5lBikv8+esjK#O23{qeNz4QFFhiU9iz~HTs6>HEOy$n_Agx-ZQH4y@x_z{Pe3wkzsn`o6 z5X5%KLm(`fmtSK92Z`pAEe@_F#566Ozk$Dl_CoY@7bJf`PxH~7_3LMUi4Uzs zI_Sg~Shk%UU%mdmUn+j5DbqVRF+**>U^S#O9UrIL8jX6}Iv8zuXZ_(nD~TWH{5ZM~ zlWUuG)Q)}ugxY4imbGvFl_+H2orTzM*=fyR>%41l*RK|{>nGA zh0MYM*u(xGFA;(xON2iPr{SM~xMG&b!R2eZME>$#=@O~jFn)=!!@%AuJclh8kp^W0 zoxVsG*?oXPAG|f%qS()^VYb(rE?hJJzIBPG1t3fC@Vvtn|Ar3+)C+ON8<#ko%@DLk zSA#V(9UrT(W^SEjq;gnkhrlT-bV1J(L>#$L5fOI7+%MS{b&yDcnvMo*stSY-BRat~ zd6xJvLZ5up)Kwi=)O=|3Fjj7hW~dbt9aYF!Sv)g#R3g1U-OP;Y&ELe0>d%tB=A&W^ zkFOkG*$+kE^Qo$I}PU@^GS}L|zVsLQo5-f(8mYg$@kTXm~_=@j z(i1ppi;Q}*q2%zwgpJxIRU{JuFZd)Ik{iY#lp{G%XJHLiNyrY;<<~EgP`_XeyCvQ) zz+Mui9{Fca0RRKGVe9Lm{`@DZtVce-Z7S;;7|}BDBL{Olb!Y>sdkK|AD_{hb6+rka zFr%ofy`)_b;_6kEg!_MXbfhJrIY=R)kx&)X<6n=|N{wRo>?&I}$`W&n-LHprVuJ zGFE)5BgTr~5@5i(_qBfw7k-@E^SqaFT(ZKZ7Fif~6KBHq&W+h<6X&*Y;an6Rjtjp% ziBtt4-mmqfS{qwM(E1&~!wz6$Q$&~XYN3AG(dMA(TNZuAMt?CP^w zF0mMD6`NRJ!@sx`$#xfRL<-}B7kF5RyFk0&>M@cm|Bj{g2+<&R1OD1o zjGA@98IqMjR!-l*oFVV~C9;b#+a>N4w8?Dk)1)N@q6qMk*~FcT*)gEf0VG{FgCpXV zJI*HBxzfs_BN~tuK7y!7WD66!3V2VFXeF|Gd%RT6Nze7I0lniE`f>XZxXWiCM)RQ! z{}^KK@)^kS`5TZgBjp;O5NZ6Xu(GAQulJcS%fXc`*zz(G+Wl~Oeux*=P4-5<_8c96 zd&EJ_7RKus1_&I+v4Stp62T`}%)W@ItHyso{op?SgE|%Ij2pDbP|Af<0=3=BhXYr& zg~bjC&JPJ2>pRXfoq#Nd@wkv&x)`h*wTBrnRF-YYw!5xZyg#kC;|%l-KP>18@*P6Y zJ{opUDL!E_YxuzgQAK_193oz^Tr$!Al@UPg9Nvwv?+C@X(;nx(Yey-9E0hE&g0gHz zq{Z{(k08N+$PB73@FPN69rNbb__CZAMm>08)c~VtU7b`60o)=CKfWWrPlxjb!ZgvW zyY#7Mi+fh5*wSwv>vrmWmGHbpM%c{&&YX(&J1Zqh_i4}i(I-gXDtAA9#Q9dPEv?XP zgFEpGP;YoSwPFij9KMA?)XL;aTUcDNg0!%j zUlSXs!t=Pe8_y${dA9ONuSO{A` z1~C;P@{9SOw?4PS9Oeo}IAKGUw+7B>R@vG<(QycC-g z>+R+to|omJr)+B;p*+MIxGijmAcBPubh9pjGri%H-v=TC+thk9Yff-G_doK;E@Ys* zIR>|J`N|EbjDhLvZR0u($cnFtQn*`E?jxUQ?^o z--w6xu*0_YuO)(8cUANpDinI4!3bvzg^xQFKH*UK?c@jwIG_Z?P&0>p&npSooO=_+ zK0UY~KL9jtS@YbJen%#YVVlUH7ChtT*S7{D!U{lgil}2giX1D~6iU$0NF!aDNut4! zhvi-|UnIS^t%fwme*xAMNvVGGt%Et%+@&dmM!pd6fgzBT$KtZB1%P)eOhu2ul%Uj6p94;Pz=ehay&6o;Q{&^Q@wiW)58kT2i2Zq9h zY}U}DabNOzT*M?z6q?ZDAooceSGeULyW0ZI5_8#kp})H_HSyU9ie1om<`qJGLVx~u#IGF)wlx*#Xx^VK| z3?OFjokT@B2F6-40r!|YcZ~4u2icrzhW}Dng^@KwVHnK-j-CWe&>A(vzS>wpl+&U8 zqMQn5)pikuVB`3J=M}=Iem1N^U@?%yDuk1M9x4Q%Q$(BQFyx>=oaiG8LB!1pP%A3T z@5wdYZ*KaFNVrq-mOusbjwqU{cBE3?{QVDtAi#OXYs9E0-rbJ2%f}msl`$k#Zd4R~ z@>g(+Pbjx=LYYTp3BCaG)L0f7VJne^L`c51w}r?YmYa&NtH^GFQAT)PZW?PGUVTri>ygg*AKG zBQ%MJTu;ZAQ-LxtAu`5~h|(93edc2?=`!nLnKp(41$`WaV2?le;cV^4kyrDQu?oPd zSoEW>H+2YjnFPR38dOS)P)?yPGBwiUcv_NGpsX|68Q2PP(-KgRZmeH&H$G*SAjPT$ zj_m90NJ>-av{YwSeA!wInXcbuuKNKQ$zXuDJms#w8wr_}P1B6&cqW07Eh);%i*oQ%CVN@KX* zXflUYc-dZWG(2DaPZcB;uC*i`0Goo<4plj_3EN<9 z%hSMx=&6E{fgYavZERPp@pcV@J6pAtV4SS2i7K2Yp0^5T6wp)01bVK379Jg5{HA&m zP)4!&Y9bQM`tvD25JPIO_2$scR(q-Kr;54(EK7?9hHHiX{pTE5Shn?D2+@F}HUa|NFH zwO6(}4OGehrM(I9$YT)UF*_$1Bj-*UOZek;C`Vubr@RxhRjoTj%wwW7Fu>OKZa4;l zS#W_A?*n}!yg@&CY|;C2F1&22dYts_HHVU=kdR284CCkR|@5zy%(hTG|qCGX)D zX}_TN_rTrU>>K}}asU^tebSb=abaUi<1dSL0aPX+116KHqbCa|0$vKC*z*#$?= z&@aJn(+(&@DU43wfQ$JHhho`3++xCBN^6|eI+@BU@ZSB;oRl^D4(+5Rb#knYRm?PM zE%~cW-VU-= zd??JJ$y5jXDR}hH8dz#*xo;HYyq`(2f?sy7(@JQivRM?rd9>f`@T?#)Z24i$s2;&n zThU!qx5iUoM*T9L0yFA1m{C1C4XmEWY2e0e>x~#Sax9rKH~&Vn-;>^q^7BhlHlJce zUOY5X$hOQdtDFqpE3_-?k%k%=8TINK`oMp>&)L39^&gGAl3tZss z(LJI&_i`!7Je(e`cUp!6Uczvbf@*DM5DbS>n#jN58Uw!YTJW_Noi6taX;!B3YOMW* zv>r?OF82#*RH*u3Cm)#A0)x5Co@}Q}|77!Q08BC6l#{%1d#&HwCYpMJ?_Z(AYuwLbEN^_YD06WecrGElRm0_`Nl48CMlSgw;Lq?xYp zrB ztrCI#B@`wa;*oW@M%=c0I|H-(?%-a!-`$ONd+<3nqSO3I+MX(BQPAmSXczydt27Cv zmVtft(o)M{N!8*fF+>UR(UyrNg#-m*pEq{4iUvG&HiCfmwh2Ef1b%WX`5(K2PmY{^ zVx(rjG|JSq(@k9Dx*b<4=qduEh@<&)YEKo|h`IZ(XdtvgVvgF4jsA65~N4s)!AKsCZG*mEON2UZxwC?H9F$=!WPdnsr`L1>P(34jXjQ0!oC zS?msuW2bX_%xR-3_A{JK@VIh4f^(wadc^~yBai zbM}2|MA$U@n+)!&nhkE@^Ssjwy%R~zDkC<8ymX2Xm_amTs!4HV|InNGt*cek8n2cK52^Quk-iGTCyVBS4cW(Z*=60C= z!a&Mc(JGrJvWl=yfzB?VGFJP3Ho)j{jum@Q!pNuSk0J_4SLr9R5S?T}DYW7LEKZ{f z33XT-zF>}fA++I}rR{V+V#BKs`v+}(Ff`@+Jw7_yjeiakmss9Ttpf`;+W~7WHG7Mc za^I!1-%ZaWTV_92wzFSYI6nKe#R}WmFDx9N{Z5J%wzFR$Tw`=ktQFSqiYRfQ>NrN) z{iN%DPF#*W=-a5B6}N-ma64M_XT(=Us$dLAs=V{7K%YIcLp5_30G7HM+;bS zV9+eR2$+6s(t8e~KL;}_9RbY+yN@F#D3)oKqVk4O8q}+XUW40*yW;q;dcj+7$P#-^ zyMQm6ef&>)dBARzbcu~vt_J87{1)D5$c;WJ>Rc`RICh2sMa@8T+C9xuFzY0T0wG?F z_Xg^uYBW85v1=hT9=iWKG#=t`AWznKD1^qtX)Lao3HU}JmX8?^5!mlXVbUaKJQPZd z2U%sbr~cCgXFM#m_gOBLwp7)84ZpLkOMw>`w6d+$%B`Ve6*IaufNmvOMVUxcnc}I$iELdV-vx(= z&kZ*vHK{ATC|kfqUfU%uC1GSZb4+_RYbGQvrG?%)VicjF9;5u z>0F}y5EP{};f<&ZC*f`dB<&MTnk-2gxfpaJ(&Y@Ezpo=nngf` zr1YazimbSAf)v4P=etxPqbpsE(WV!3h|mU?7~1gk6|4r?~^ZFm|p0)56Xc6ITtje<}%d7q~)#w zq@`=e=vYTy>zC$G7U8Rv37=oN(8vT&9Q0Y)VhaTNq|}{{dZ;%Sq9jK~N~>)zVa!<5pM1l7E9_ za}!tPsi`WgYyKPs(3Qd5{4Lm9@b*_=bA^7h^<0bQdrt#`^IR{`Dn*liSl|u-F6KtJ z6RY1m_Y5t!)}lEhS}i5jIKS%lD~t~qO^Gl5HtKM@(fk4P+VRkgcCU?j_c~#jBJdhQ z`5~;W)J46u#Jk;oo}{A>wij9&Syf355lrWNtP7}zDlTv=DkN0|{~G6%G#RND z@0etZ2=ijZExQjQY6l&N|6%yHWDS&pygui)g5aqguGB>Cgko|2C$JFbjlm+rQ|Ah- zi6yY?wvq@eXW8+Ol`vtfum*#ca>icI2P12X2*anxKENwNyIw*4~R`=WdS)G34&T%#%A-2 z%6CQG3m=p6n4*_xwP~zY(v&2XHbqzjCp4&*hQ8<@_Dao|*3xAtIToBs zA6O6ynTNq){s+XTF}t)rlS)UFb!?kct5O!^2LL3*vyU+GpMXu3gJn{PR?@=Q2Q>&o zMH|>7!xx(-Uot9Fu_&t@DXW2uNDY438o*e(URDDcksADRHDV8XN3a4>qc!*d0eNLA z&&m$d#>7|+e7PES*~f{V?>TxHZG%xJeRIpQ8js_0Y?hfZ}2 zIKCV@$>C}wV>R&QYNUp%k&4y8mv*4HjiGh?kG$di#$ZveUEUnyDV?m&_iNtB7r{71wA$0`U;)GlJe@lg}ODEK@LSUb(5UqdDKN6I#XT|~+Oe|U=P$b#UC=TP1hhALT>>?Qn5@XGC#1!Qz4;@5@P#R{(U?cmDdS?n2NO z9DZuriCyOUX-V2dMkh~e>+=V5-Esr(1KHkjU2FK07jkv&3RhEkV@yTSRiV2VG{oUU zd#=v&TMj!}A7i%|pHXWw#_YE;Ps1`Fl-{#gJ%(Rn6y61gd5+@~BCZk3(;K9%1Ln%B z#FZKluf$ddFm(@$!9IlEn=axHhZq^ytN7`w>_=}3^O48Inn$4<0PrUc2x}B6fv9hd zS-U@|8vR9T>kuw2W6)oB5ry=y`SbA}I2`xKc0R+BbbZhwIe~c2&5x5We;&a$VXr9*D zf(rMTFTN~PEQZuM97& zzy-21UbpTG!ZVOfyObslyp(hcWZ(c4&;>I6866G3Uo_?TkNd^3ylAdo%x-}fk0yc8N(~)vZR-m9!mGpA+bu z1NjSg6){(zQR(aIEKo8DxQ{n61CqMiRC~H@_>&GtWpS%S+?y6ak|70scDS3|4H)p= zGn4T%a`Zr;n#h6c%wZ}W;PzqUXC(+zWn_97?tS&x_>XW-01-6O*qC;Dn4$X|V~ZXZQnr{P z<riV_wD90$#!_{{mKhJKdR(+-V2+@Pjd5sh;9>y!ym zZmMK4vf9;V#X#PDG8GiJ=@sGiV_0Ohioa_jzmv!x#0Ww{p?r@0+YSH^ab21j=W5on zJ!s*g`42ge$;d^>kL(}n!-j-CWuMMNg`(NQx3@z+iUu)W6tpp1BOVh3JA}HW-wo|l z7*MvS1PNq~jy!t^9=qWZQ4z{x5-hVw`K>N4I_JzPACcQ+BXXNygjp+0dEHKe;A*sJ znNT-ZzRP`5E9{;tVNl{T^+ATjHhJTKVV~%FddksHA0Oo6jrsHC>_e;JvckPvgpAOb za#AKHj!&`mH>{-}|C>;902W3CEv?JpQRRF5H-xe=<%=2C*%y6Qdi$O9##QF)T|yk5 zg`oy^cw5rOROX8hi1cE}qta{bi=>k$=*upSy;qsw1U=1-J7Or0P@5Ixv6}U}=D!Sv z9?CVnO!2~_CO^c8s~u8$-l{_R6{2-{OQ5e3>W4Zvo|Ffi54I;X%wCs~dU_W4&(Grb zKVLL^qJ( ze3bHF@tz`j&{^O7%MR-JN&whg9SCuuvA{jb1yOmE@#Nsk$UkHr8A9=r$ulf3wk+Uu zO`KYdm$9Q9MSk?}b*mmf3MiS4*obRRyLN{v^K9QvRVKZ9T$SMs$mWYDO|CLOIeo_} zvtSus=U(*$id_CD{BzCN zi-28l88n}}8}r2D?nII(Y z>YRt4?yeEQl{YsWuwHxKih~jE%)k-ZS~h|I1O|56ML+d?&xe?+bDCYgLPx0)<|R$y zPdiCW#6IKVeIw*vn3Uy7Hkb4bXo!4xh_z<*v%^Ew1y4e(4Ix?sRv*1rG<6>$4-*j0 z9@?e^(1dxrvP<|+K%_`oTd5AQg7AxnvH732v=qO5Ug~U@0Vb}Gl*4B#@)^Bv z(Vg~oHF5SkR&pu6m>_h=_UA|@pyq*^tBKD-{L}bP%yHS?dFDGj8AY0A^GW6<+BIZD zZj+Qu?vSZ92(p+7i`?Qwo(cyUfT7dgma;47EWgsSbAfyxGl<)*pqzgZnd9p`tYj+$KO$Dwxbg zdv%ca(-Pd!N2?2tUwFfYSW0()geM?YMCYJS-K7{B{|f_al`qs7q)#qDqIIVbdw>-}FSt^S_=4&D zP1rDQEzoEnu!BwJu9e^#O${-_f9_g|0rQdPoU<&=AzyHAxf6gxm)>_U8EHo@qtPa; z-$k1YQGCF+zQcgIB;$MsIQ8N?6hI4g@VQbgYn*+i=3rUl9K?Kz{lC}aM5Me;{S&}K zFE~`+<4>Vt^bQDAfU_+Dg^OGP_0bhHD91Y>RuH`G*kpok3sBePxOyB;mUk)L&Ns>S zPZob=j-Hu z2*Oui!H>{djd>tMoHPIfVAg9YVmD)YdclYu2(5SeJkj=HPicG)d!1*=?jz!kH3K|0 z{g)zf7v9mx6Fk|so+ku$VI7@X#P07mO~156(vG+{S)uBL;od6>Y~!H43MITqEYE^ST3Yv z6d#r{dpkw`U_6z}BZwDbd^Vb9-|iN3$ddx3qC;xgp%3g(MB4+ohK+1@T)f>>G=7lk zYJJ&-58y6kTVKZIS+UM+0Da7pcswH4`Z9vb`(f<_ov7Hp)i&PAG#6}$a*jJ_-e(dU z0K|oWKc@pgChkK7=%rhwP634FwjZZ9!YRci1z-LGQk`mDIS)MQlei(=HR|IJ}NZH1LZtWmdQqCh(R{+6biN$ zVXir>5x=Z5r`{XusEuIf&5O9!%a^poDS$Y65a-bzsndg&dP3sl%^KF>ZlXgA<-}p- z9<#>}ggE>lWAgGDGRI~fH4d4wak%(Mlp)bN*AruGA`?jkW%gNi^@r!95h}Bvyr@5b zgfXu|IS#>t`!@Trr|ZYQwjWSpjJNhnC!Dm!hV(ST!>EDm1r$B?W*IKW<(6Ly=BRrj z{2J+a-Yox~>$qn*+wt=>Ite9Cb9z0v&W=|l{U_@~aiw&ZcC~ECe#ov)|C$}L`ax=~ zEznx${Z6`BQEPosx(SWuLSx!x>Y}r5k}f;y*e>^(kFTrT<$}56yS~dMton6EI>NCA ztA^pRFrM33a=yo@Bst(yLG11uh7h-s5Vc>mggE#G`2pTl0fNrD_QBY|Tb)(J1Z#B` z&~F`x=&TZMn0;eqZa4(fwAWrSZustZJZYfooBDDM)s`EY{~99=b&#`Hl5ReP`RMN} z&|NDX*TEnFZzL1#SL?42C)yY4uY(iqZTjo<#3Ehk*m6;#yIIp_`m|FM-SkKS<+Mcm zQTprfM0-7cEoj|R01*?5C=>X2lpo!DYYt}upYw|3Ow^pAXwFtR6^ZU=kpuwq;7s{C zt^DZj*PKhDIa@K~CA#m_oSl=AI=k?r`&!MJ7tOh1ALd-DIaTkA)Oq1x=FqbS2IJ}? zIa?oN4)RpXFDXAmD-x4s3B5Yc>gp4@cM zBj5=|7R8^$;tP?RpNW5Fq_-rlu%m(zc!BAsm!xB~fM8X=;L>Bmu!>n61Oa8UbR2%f zERF)Ry1$7ZV&6j#WY*N2dkVfG88^?|Swkyd#g|7gfsg40ZYuv2e#wEOd=)4ZZR7^1 zm_+vxT5SgsRCaOZ_rcF-xdWNiO^;5Q%XathxI0XOmHQaUaD83$q2D8kq{4GYpym%NxJclvw5mLzFtm*g;IZ%98)`jS)m zx8MHlvwsWx>rO-Wrk6{yLr|`LKxc4UcoG>zT+gkMX#jYNSX5u@gabx)^&NBdaD6!I zq2vMax>D~5)`O}+Jv{KjK$iHfhw^$>XQrM5fe`LQO5qGCJ8^2Q>>_F{U~1sNs{14B zsIP!jgoYPN@@8jjB1bqVjukGbZ+d!q;jjlgJ6?cOl4ySrKo`LC2GtUakHm+J=Zy3! zryo{fC@(`g+;iOAeKCGbFRV!7&y0pu7DzYkv;Zp{Re8dZ%Bm4osg65FvWoF6Rb`x@ z0FbII1bD>^Nd;b8w^mo#R<77z5`o7N4tWjNgwljFQPQo2@~@YL-|YmlENJa(`_|H` z#ASy942j|=GuIv6|m09I*r(u>`6~N^J(KqT&+a6arvSkZOT<7j*qP zlf4HTp{Z}f#7X-HoF(IEsPBUs9u0ZR4=)$M8{HZ~rd67WB69~z2tIAVr_JGWvf|UG z_$Zj+QL2pTzLk?dP&v82a`KGe7w9fV1JlQ~WgS1SjQ$;bYXBXWKO7?+1#V@CkHQ@+ z!H&yQeHr(ppAJWp6xSS4$_h^?01JJ>{Jvb%wbQqns&B)#Tbh{wo`9z>8X&0Io=rhR zeqalhIlI!!&@m{|PR7tP+-uoof3_||pOl+XXl`elc4ja$K?}sn@wo{AT9$43)b@#v zkLXu~6Dv?+j#5JYgp{}l^J@tuSVAb#%o^F%{Notmcq!f?IZ6qEr@SyIa?!C!5l2T; zjWQEKa#}R45(8Hr=zkKoBqO*itPY#{T_(E$q@Ul{x$C50-b4It^+slu3k zg;j7Mj;z8zj#ZLUyhC!7RRkC~QZFFKfL_uI3*%)YnMy4$0A>7O-T+ zvrsG`(%IES46cXLL5Il6(qazSaN?Ac(Zv~a9p>PdC|j8XGo+=+Ki7a$V2~se?KHFT z3kpG9AJ}j9-2W;l0eKrpcT%Z8g!AqlTcirFpVhS6kw&`^!Blu+d*WARERt?v2Qyb| z-Z(b-G3qd)^YzgOZ~i6nN|)u(xhP%mfubtYa!Nfg$9V zPuOqE`^vaP)>X{#Hg^A9b(qSF@z6~4>E!*cvZsm#Ef#&l-tr0;u%bV6#HHfT1n+%G zq#|^oA(Oa&SOfr^+kO^4byxJK9a-cUdmkK$=RwcJWigJ<2IKSvt0bLhDX~!g_3p!4 zm4M`7+FgCYO^%H{z!FLPL+`7bLKd9Bq{z!XE<}FG*bL zp=w3%cb&tE`w^N|P^wN)@REUQ ziPbQKL=NImX2JR-1}GjKp5@mwqVb?N&e>0W3ll2|atug=UKD{^5t1$|A*Di$kd-=w zDF4nIWJb2-+d0J&4kJNpe$9`Scl9dexfgU@1MJC%kA=U$C9qz0k$o%*-R47NR7PF6 z!QR3gWz6glTCW#71g&>o0P1ReFg_CK{zlN}tYOg^u;@Hoiq0%S2X)`eyF$aRPm#Lt zg4Vj{AQ%rpp#15iw9y}^CeyFx{BcA&^RC0*!_Ys1ox_Jh&Rnp2M<;nC9*a7DHJm~)+U8LC7s0sEYi ztBgxM2fwep3w`Xk#Mg{$7PrIPt#mDx(KR0TOAMZg34$0Ho`LJFH&&?FQ6wg2Ur@KxQ!9U#5a7W5~T^ zfNZejQbZvL&Lpr*!F;`i=YW^%1u^g;*ekG=o5{g9lP@P;I(7Sb<;Xd> zwt|<jY$?lqYd`;L)X3fJ6tNmQ@cS?gCJ=qbg z+BcY^X!K;(Jnm||xX$*YtOmOt#1KDI5Z@d_e7r+kvDdpyO7vUL)_&W!2I7xs!X*4D zfJ{U9OL1(D&v>$aKl7BCpP1P+^W>8<3$`p}%U!MgUGwip$PhIf^4O};gLTp6;2Nsb z1Eg!bB!^3SNU;4uf?e$pQ|(GA*3dsIckcbObDzu4#xTvsy-1ndrwg-lpT;*gsHK-r ze`sb`|I8IId#k2DG`p*JcGrg4UH8oDdf$G%xb%@NWbmUJf2;79_D9w1t~2&a&hEN+ zzuMVdU)!$^$@Mln#lM-ZPwkhPjeiQ1=H^>XEhWHb{G+CSLXnr27M@iBk$S5b`+)= z3z(SbzR9Q3VNauib2=b!xfO!X-1$J>oOQwpoh2gq^7+*{57yP$}t0Av5>S zfLWm*9~iA4$OnlSqh}9rK*H_J)QulA&+_+9>YhMMC2qaCj&p}UhZX8h&=MLL2lDB! zU`?8Q$nR={r zLQ@qXO>}E$kcrFi(iz^U9SXR4)lC9}hDs%(BDp=tZy1d3Z|Y4mh60UH9n>){@a zG{TDsA6=M!6g3v6AM>oXE0tBc*tHHZ<*tTecIb>m_Z@(Twf{H9H9I5D;LV5w0R5jq z{bRe7`hLcWQ4E`olw!~$6L_1MSTyuaR4(t;8#I;3_7buV-h=Qs#hsav=*!8D&|0T zy*x!CDV|-=)qMDA;_3Ctq?C+2(5X8$`rs|#7p#Eb(MZfmivyF-Xs>;Bt9Tiy!kSbJ zw7uOS?dsYyAsc~6RX{sUE~JFw@s$HyqJi@a8_~|W(hi^Ng*`H^7Y|Locm4p@z0AOE zVgfr~$%aW)tzLT?)T$%M#R{PShofMoTqJ&R!5mgk9fC%Sp*1RDD-Gaqp2H?;=I16I z_#n&3Lp2r;zN!Wav#)de&AEpQJCdYBa@U}Wghc>Foy%Er|9E3`yzTU$b}PMm=-ihd z7k_Xl*a12QaNf9Tf3{sEM&~n8?fvY7s`zw&xXov6Xgh;7Fx6tGjoaq4c42z0*Qy#k zgE_AwPH+SE_du{*Cv)x;;ylnXLAeg?;2X2SOEM_2$|N5N9>HbJ2)L|Sm|pY7aIrg# z6qj&^k$xxr4kO|rfzQYeBP|o|Fw*aEhY^W@p@Yp3+hLSJZ>^e?*|cEZt(Bv zjSLrMu~P2%%u_&wrx5Al@b~cpf5}eVCt1lJ7((mdYZ+8H0M=}bSBxYSymx|{3> zxvBW6h3Tg}qr6oq>A?iIE29z~U}5(hU)9L&p~Y|j3_k=<7f1?pSB>+ipce!u>b!EC zYCF?UCbBV{J}fvrxiI~t$LSE24aFH7w=U5ZiQ}+fpC|!)fPj5sVfqOVHquoAQ>m-9 ziL8xn`__VGws{d%>^~a|I-5$+nIht>2 z3cjOVfkaY{P*}!FBfk~+=kXH$(Xp!JwT!|)mJLHhL^Q%^r04?uNA*2Kw2aeK45R1K z>pJ^7A53+=$Z4aq>4naQ=R4ESp;K1lQ2okzB$CYC$n}&m7t{chzJzGy>|R&eh#9ds zTJ|;ZD6>`4Jno;oNw~EHWrCp7MJf5=)pk>rq6aop~m7udWg4S&>!<`+%Nk&^r8JdL>)XCvq2{SYaZoe_&`)akoy8srk+ShM{V1 zA}yEUXx=-Kp+nY%&Q|*-YTJ1K2>s*PNVPRIuCOIMc0drp{*cw)GUqxRei?Yy970&?vqlD-$_rF)^aT z3atidL}e%#KZ^VYVk2rO%Im%3@k#)0+cf=#5G>K+XFUcFB?@{ zbmy}G;2w@C0uxM8@=7fNHBB4MgjxxEV9RF1M(mV2oS9hjqGN?y_Ily^LbjU*%;N`W zIfnvy*zT<2)HMX&rPGbIo~S)uO@A2c=|g;-99q9?UDsc6vcXI{8PKxpt691YIc4XO zd()elj1bj;{Eg7l^-DKuV@m9036dP~zxYt_$RdTx#Z)-_KI+BEMFyQE(EZJcJ9nOB zL*@v!zk_9c&P3e&f4I18vADUj$7z6W4sKIV*#cvgQiN_5pu9k1vpH-TjeQ2#=!wZ6 z@fUO~_jhCYOZsuH&zx#7LWA@H>zqi0ZMKUn8OHeWtrn0Aj09JLB^@obR=B#V-{I=2eut~8 z`W>#W>Ni$b%UTf!@T(Dd(xPapq!(Chebg_u`u0i+VX+m3PV+QDSHs0tR1(5ru@!|5 z_l4YID;B$^#uKsFio{rmNf%qW4(1uAtWR8Q9dXLlb zV%ZAas|t<;&E3E%>*+SN-ppcX>uI0nni3W_$amjoc~-(2u-dfL5#YYoO<=!`x;4a_ zxSJAJ@R+Y;g5@?Qy48=^q|CN)VS3|!*pgf5!c$_*fl9|O{J^}`FJAw9_*-^C6zLL) z^b|3T6j4->Tk4Ol1bRO5J%Zs8Xs+%AN8=xR1R8kR zM)U~uhqam>fu7ECdIUNwr$?X}-NHcNe7zlANKsXA+Jw=Fc>E`Yh#s@6*u+fyBmMPb z2w8d{(fu~ez9Id5CZrLWe?f~O5xK^+d^_zYp3h{TYYGZa^i zk9XouB#O8kB<=syeM0R3ou%#*`#|v7h0kGod=4_h28-v}2KOmxFdc=ln||DdKbQ@y zX!gmq;X?ZshxX&+fHt=?^-)T>4Ip+ReRQe)&p9f!*a2bn;>dcXcO<>iTcTHb7p8kH z@&&I~3RbTa#;8~7ErwpN$io;hxx!q`m>~XzzT$mlCH86~?fa4E^9LZOBhCx39mh5= zyvgVD`=B&r1Yq3!e`G%QJ;D0wF;E2jcBYcg`GX|sn*wAsT8(+^v1cE8tV_Y19Z>HEj1&AxEbzk!w1@ppR%@BfLFGz;o{WK(nM ziDR{relwDlgv=4GB;=21B_Y4mNB_VTkD+vviSV_Mb#Y#er zFhq03WJ``_obSr6n1uN+eLP@XB zrPn(v={F10zwruabSvrhk4LSfO_*mMAJvp^(>lJ#Zz3<~hQIz_%J&(gk}mzRvC8+a zMv`x2jws*AA5p%MUn<{78b-cPcqPKAzZyxtkvY12qoES{{?#b*jT&Q=Z4I2c(~mf54Vrec$j9<+!j}e>*VqHZg$HU;+qd) z5+2b4{J-~yQYGee%+5r3DH+X2Bqo**6UyuBfaOkbn z6pS^-!=ahyBXcMsp1hpZ6S*`T%0mgGhC?&bHemR0=m(J!65V6#!=XGX@7pAb!-hk* zAT#WQ4~J%-i+AE)6pMsI?{uGsOZ+ox7yNUgqZ3NnPoqKKp)p5CS8t(R(D%lpqpOZq zasK+7Hafby#n3C9u|`MRKvB0oKL&eX6PAwO_p)UG8&0i;`LDPf&e|y5mSc5mYJ(1iVIu3(L?kKk>2IL8!H|e743`K4m7FF-% z)NndFD-&I4Pu#@xf=jpaIj6rw_f^aqD9Pf?m*~ELS>B%bJiaO{s(#`bYfl`9e6OWL zdxEzqj$}`~O{=Lru^m3bsml88B@ccte1x+aLpWUGOLTLl3UTxk+AsfTalAoG zLVmxezhIPHslOoOm+LP`e=C0Z#=^dwiR2KxU(Gwof#({$uf~ZPAF_HJ zS99AeqbW!J`&mW@{de4`__wr-KEFBMiT`cOD0n*F{u{H5t|OFx#4`Hv;cs@!sLEov zjh0auEV1{SceTEjZGCN=yW8>6bAu(v%ki<_NV znz27h<23FDmP~W-q*TXLo=Y`jdmhhK;V`Z|oJB=Vbo5g$=9JuAON}Jw=GB4Q(t?gAP?FP{RVQO6w55 zWFv1>98&5pxU;a4_G@kX%DmjA32Ng&>!k6zy^SZXm;xTiM1{oO=TX)l?yOQ8=waJ^ zT>oSM017Xr=>?x+&wOrCE_m9*D%&WKjh)dw_`nGrYxJ0>iD**g7vLaGx~JO|nLCpGbj# zXmm|S*~RfcGIftK-?!pjb++e8X$yPtPZoB7c*Mu_+Xy&~IHo7MF@5`kkuhyXHPXb5 z>1BVdG^QtN+@{u^U(S^@zx)H zfL$B4b%%T<^v;ecq$qLv-TY;TU2p#I4Br@G_}a+t6cD1Q*8p8*JzoWrga4fjLMU&f`Eu64IyrVFAhxn(bQ zyM$epC|IE=1nY#CTMNMYNDnoWw9OKQe)+AJF8~dogLjTm6igfG)f`O#V23Yn5@R3a zTmQ-fmTtx++(C4$Ca4a9AyIC5Ktlq&KspGkhX1^AEfZU<^7k(!Wxnf8ld3c^AlN$Z z9ScSUlAP93;M2DYnp9b-6b^GPro)ZP~$GOU8UPJzj~OZE1|>HJS^i`n);uyg6p4BYj?TJg?bYamUUMW=lM;#e7xr zyz*0XCmEe}}wHp`0t875(#vs|K_2o|(McdRnSAeg5S@-xI+ z24w#~fZ;rGsuB4F%mQ;N6`&C7#NZi3SgNB*ILWepIQw!B0pMXW7P{sXJeZd4w=}a4 z!a~=*8`qyWgd+2DtQ5BT-(xJEGJ&V-Gix4*!sYen0-J7cS5Zz3YT@UGS_Sdlbc$!#BLKO&s+LSQW55@7z z;H_aEWX9(mh^ys;zl6dAYWlqIqi4bIk+#-!0Ms6Ke1Y|LF~wP9o`wHsJA|--b!gbV zw|hf_U%UD@CCC93xQP0lgY&9UDBlm+iORS;)_Pm`wQHjNE8!O!Ji~s0o1i$L-m>fF zP{rBHf~7x%SeZ0n!g-D6XJ=I=4RSARjFYAspw0>rn2>1ykML_!tW_2rzSU~;fe~88 z6zZi7q#Qe$%VwlqDywb^+;*+g0yc{XR*U)5QPw``O|?klqNVd~{Owl|(Wa!B zX$`J)o0LEybPL(3IUIQV8{V%~S2J)1x?>Vcg|_h^;7;)sTjrR0zB5ZGy(zICzz2io zx|flt4tk_;quD7e+z24TH0FF37Q`iZ6zO1%`GT`MROv=Z*lSq9I%X$~<$x2vEEsobM!g67AxWsb`>O6Q4@pkoB;D zdHl1sU)=Z+`uYsXtzZH2ZCoFSlVOFjXg)b}Com}I-g0}?UihN?tNzf< zufe5z!Bt`2NWW=q-u% zamd+rsTySpd`8d0v(sbO&1F;IgYWjF1C+>|hk30{22aQupYt#qZ{wV2LhgqtKt{ow zcSrN^+#j9uwyB5BXelO+S3K**@r})#6>zUMubwtM?%~WC<8k^ojQ{->yJ{SBw}ZrX zKgxnFRR1o-$0y+3brJ3@SylCU&@ay$9`rPFkLt7dRS{S2AcvWI%^xo2?3P}NLQ4@n z5W=`%+c_u%t+;f}M6_$_@wS{mmbd>J^1NiRp{KLs0!(9xtY!ba9MzW-my)qi{`EVK z55$fG!jMvUL2(kkd(#Y~Dd-t^Qm}oRe6=pcDeC3YU=FwX;~KPk%=~ZJ6$%ONuR>*K zfaK8!Eu1Zkhj-AE$nyM|wq>6`Ju6HYpB-vRbbP`l;7r^E)K|JmU6u57ejy@L-wfFO z4e4)cW4Hw8o7tfmiS`$fsvp=hv!DMsEOEtd_{gQNURRumo9Din4eG}Ab)~NkIC@$E zXYLO0A7>`6pxTdCIDK3no?m4hS~pq;8+XDw$CTHZ>Fex`I=ska?XDn`xNocR!;(3e zfn1?lNIJb%a`f(x<4D`?JMTPi4-{%`3_`F;{Ta;=YQ7{0an$Wd{J|!m?)Ysd{5MeB z6Ml;S0O2{Ad@+6Xjxn-(a=gQl<7Nz~BL`PhgvrKAg!yA4!b7U+%cukE-wV$9A~^50 z2;iazy^W)5^$g6t{X z)`W7VT|g&p{5YsDaf^!0SYB50vBvkTKnf3bkONPJz#t z2AHPSL}ze6hF*kP{uxuxuP55>N{fia1(E`^=PLP4*#;`uPINV}I*wQ^Ui}TUnVWyL z`Q%>M_MlHF&y_zL+P7mKIs_(Idww^-P?zSy27~Xt>e+b28DZ{{C|ms; zAhq*o)$}g3Y;_iK1=~UwZZKaa*M)3_K?eV8fu&}aUw0on_cSZOe!bpQcM7PSfsxj@ z_ruJqYy<2k_=QM5M1JMMymQeOtmixtkGT5vTI{*-*E!pJ^RdffyDf+#fupeCmo*a- zm!B%#0nFUQdpmK(^44M|f5n4MNEH-{`bu5?_Gr=}%*#I#P1;A2UX3QnyqJIMLm{l( z{MT?JCNu&rmxlSV77SHoj+`v_U14c7e&1D6)+=})HGQqiX<3FLS>*wG0CZT@8&)eQ zw%!2~3C~w)#NSTS+#3S3K4!bf)tgyaX|<(Hg;Fna>}Yn$joUE*k4YBpEUONL6jdG=3IOAWf5YewUcS6CR7T!qsbrc{HJfOlLSE}pLT z0ds@EZKJuNNpx@#P2&G_d=bE8v*&!)WiYV?iSvtQH^IeQm_^Do`qStzQ@t@1Jcq^u zHM-L5B_fS9NVH!Zt0rT1!Zbw|4GJub|0A2ub}A+4&X}1>v|F8uR3b4iW&Vg+KtHIp zWK{82c06!|>unyel|1})H?2y*6{9R+Tb;ygm_(44s?4s1CPIkLAp__V8;18^QmGd0 zCAA&;7Wlt)9^2U$FJI2M27ke*k8>0~`n3#JgdwIP$`w&g!i#JF;6hB#--@w!M)U`i zkBSH}v9dXRKtfDKgqWy%EIo>jcFZbW}BNz@-#4x24f+HpC#A+H|HZC%m%>QYp8!c;)7ZA;clw%5R;>6H2_`>Gm2 z7sX!z*mQv&%5|`YuM?l-aiF0ep-+Mw?~`1wKFM{~C%NAFBq$U5B>3pk z!3z!nVdUSc@`^F>26NuWM2h-UJ-~q8HCR`mM;?Ojz$Ab!i969FlhqFw zMP=X{XfQZM+gWbjzQEdSr)Vv;*;X_9DjOPGmz!nhIvv$7I!7%oYvChF^v8g+@CP7+ z{brQ{P~*#^y*h?8k0~oi6Y>cJ1zk5ac<$4?K z2Ac3JA-^d!z#mrq^}ytCc4cvEcW(amrt_`b$=r!|b~-oA+OAv2aPjgIo6a`_n1A|FkR2;C8LCv6oTZ|wL(HaHwX;aD z-ZalpRt0bi`5XV*IYH;y+eI|+_7crc%b4xoEHmiKoQbzSP$n-o2dGro+DBZWIp|a#HLYm@=y?0Q%0iB~i+Q^e81Qfm!2{Xt z5*<%_^sc~7r~+j zSm<&B{d(Jz6Ky%UqkKd9=KVLMZy|s6;|;r;wV8xk)u`j^Rh!*yJye-dUS-qCmbyUG z&*12p?AII!W)gAPKIRRX=BP)v#P08H+(v#{4zlPJsl2gd1m2(lISg-n_!AcUStt`5 z_pjmk4^SKeEP<8?#S3PVtrej-BQHXMF^~JxmyBWDpVVqNe``JEPGYhf1cgq`N{47okeeep z=&v}VjP=x7^3*t7*l)2c8wwx`i=Na;92Qsx)d z?go!SLjJ#g4rEZwWNuh{cfSU0OtWvKfY#?(F2*aY66agCp1ysfQs>5$&3PJ0&uS&$D*rqoBA=iAaB?T&= znWjE-;gs>9Ed=9TK6f5+`7lpIpE#3u?Tr#+JU0LfQjzczLTpEG^!-+^A9Vjd;|seG z1;^8&jzAnto^fv&ppF<4tJA}W=N#&YZGmrqr(l3^4JA*hnXF?mE@q!Z<7NNMn9`xb@RuOUON7a6? zxfK^A%g*vz`73Pf#Dz>kNE8?R7IEnh#bvDAHXz&vK$W?{$5X2@UPC~RDg=t7Dxl}) zganC^4KsoYXn|de${>(N#seRwxRo3*DuEyF!SU_JG`PMxN*eao~Mk@ zl?W=(MJYMzB(p0Nv%BqyS#{u5@}%&y$-sEAmjwskK%(OVcr|V}AzDHuX(?36Hdd>f zWa;XJt(3-W5%m89_BOayY7|?Aihcy$U?$s9y{{OCPIQ0IsQP6`>K96AXnDl-OU{`I zAH6oBUmjK(@bD%po7MMt{X(zIP7~XpUvAuc82$3}k#YT^I>p9ci)MW+yD_SM{vp|q zohOv_m-%4hCPr6!%@1j{st8xyZ`md5EoIK_4WLX3t&6H7tuFtzqxF;DjnMi$rL~WT zpRmry!!dYdMPpVU;iyyu_f}gn@HbE9jp?9Xc_^7i^S1Qw`(y6k|9mIXzcWkv_vJ!K z|3oPMx&3nbBqjPh^4_cJ_I9flpl;pF_(8!^baz-|D_<$T3u0LrBX0PSq) zG`F8n<%obPB~Fg2XLN6&tTglkWGz7Vi;`mKLk_>{l7!8alUZy#DS*O%1f{b3(W!5S z{DNy&L(xwB#@xN_ov(l9&Di;4NPMx>+Jz@{ry^GSF#4S8JX@IB!z#O9*kkNQ1-f=U z?M}y!mFP!K00T7{=$>`v=xwKC&wsrc=?H?6VwM6{-zGV~m*_~$kP;{qGk)z2PDif1 z2EB47{;2{?wx!E_G;NjW5CeNxVyNL7YHFAZ|{#LReQ=ze#I+m;GlDO1GeVXC=+ zyH!{p4PfK3-KD@UY&AYMY)+%b5)&$7CLDm=Y%t$*K-4>BZlsA;mn%-LHnCHpV@eG1 zNcjd=KIUlNgyInmsf#4B5;+CPL;N~-i?`$yF>qqc1PWPVCt`uZKd+s_W9~ z?UyU_etxG51-#I2t|Lg_@%}KP2v{dRS4jowmxVzicFyNu=io+ulsCDCO~bC|Z{m9X ztM7LrLfFyu{7vSGl03hj|FsXqDvedH%8jR3G{Nh4(QkM^q(o)J$>>$aW4O%2tGG*r z9w8Y&dY31oRT;&KDnpko`J~(y^T+AY-i=vnl=p79cq;oR^M6+p-aOMrxd|4GY5OSm zc4Ew_RNa^(iw6_J=u4blCB%x)2Y+!q_wy?v#46RVd)?{v>m=Zm0>d4L z{+5mx_$8GRPrAL`rszEL(J+4w*vvJ4P)Lukak;!_{-F7o)`3ouC=DKK1&=zLYzUSz zw65KqMJ35Ae^5)kZy_=IOcG09qW<<6`g63yH^kMdaH3IsS6%8KCRGc>ez7iz415%->5~iGO7NKHdSTIDb!bxnrEaU+4KrniR1K?j{V) zzxVuI!hanSqkJDZPWeE-WwNHc?sh0=Qz~jO`TW6L(-w2}$t)Y!#u59lB7D9c2mTz& zr6y$yx~;aDHM=G*f0c$J)jYP2i+p@CW(0wc!I7x|?`FVQ~L6=JIM7}@)IjpoJo3?CmBVW7RI1Jog@4#TcI?_cYtQ_QWRte;@XEjG=rA^cpH#* zj^N3T<+3dqOs3X=$3VB#qKzUW(QpUuF{|Jff`bMEI~1`JS~8W%SO&o455Ugs#K1_F}jOvESq*X=Lw!IBj4A;VyQ`NohL@O6rQfi~Fv{nG=;;-sA0{SEp0 z${{`xBY+s&K3t;<&(4ami;(K6tECn64vRLQRJP*!LOlrfN!uodq+YQ&E=;KghXC?% z^|~MZV4u^%(IKZanufm-I9hpmm2E|?%|J_kM)6>}*0Ca?{w&>QLa_VGf1w`ew(T#! zjQiZg0T%|fdQcdYzw2zC;;B9(xr|(?Y1;j2LC>#M)Z41mwB$7F?xUuxxbSw8%KOV} zgdVW~ONqWndV6M6{`wP#NW4~OMUs4_TzIb=$nx_GKet(`RZe%qrhPimeX>tFfqf*N zltj;ErWN{1&yy%w2Q8#~Z8(578AtGg_n^8nImuTj=uA!)gs7ts*XC^@Fw0$c>F_Db z9k1=Pmtg!OLu{(8io#(CRiO-aSjOAPeVt^yud5I#d)qy~1XbxQ!$-)i6obnnICFSY z!s=0FsO&;zxVxV9*G`KNdOlNLau>p2*N*Z5c~Y2){8opt#7e$%A_$j?GFgdbu(THO zM^Jk#`bdtejLI*3nn9Y>>70XxPmUK?PVGcgLW*z-)RJ%}+zt&T4-A@MMQrp)Sb>Wm zj*jPin-3~;JVD0elB!Tb<0Dd%5l3(Z4C3(d1V=Zfh=JNiw>>~3AsXD zAnHhSX1sLKjt2=}hu`={1x`T#LVRs=?Yg$<$G29pMrMz{%MB)B`@v0gYQi|}SYX^G zFg(jBHDcR@vsjA5T&_=MYnGMI$CYBVSs<;m?H7iN*5nw4 zcQ+9!jOv;@?Wl4@H>>$go}>;s*Mat|6fz8WK-q~F4AjHSNLlGYdt|m!a+0}zh?|u} zX&mF)b=-6|+76jP*3LQIZWAZ`nOj0A-7-yBw*YL0u1&UGQ=%!CiSUtVhdSg*`t~wS z_bgpPYPu`$h!E>8E6=LwQu@U~!Bq{?v@;~TZ5F6H2aVmNjgjGLSB4>Ga10wuXQ26!si*WCy%nFz+1Gv>{LG>qQ)DJlG+k?1j876n}QlJck_r8u1hu#Jt5uk z6*LAff(eQ}hVpJe$PvK3RQHta4(kVg{U{rmfsiC>q2KKeLoX#PO*O#sss>J1T-gwn zoOQ8SmMR?6dnlVhNt~Ko!h&VGB~}UWtF*PK2^!xY3ikyzQCAb7sUOR=vfR#7mp^o2 zl{w^8O7SrMEOo)Cc7^qe2Au{4Izu*I&id}|6nD5v;KkQPR$D5;Kjv$)2CQ}*l4O{2 zOxRv`I)w>X-5@`Q2|Fd)-x*85iib}Sa;ryNj0ZH1c6HEAPNwh0H)$^XZnscjD1C&T zvMb|W41O)@nB%OJkA`O*{iFS_(C;k!1E;HKin2Hg%QsonqgS$G|Y5^Tn6HbX>Q{xK48f z&!x9y3$Jr%FC}Fy2P5q{mb<)^XNkh#@MAX!o^>{LZ0sQKPk5Pw|^_!B>Qth zRh6g8S{75^mT;GrQIo@ki__=NoUtld${bB7-9fYWFCtUyJuFU%iq7XcU_aF?4cv4% z>lq{K!Z)P1f_hsiX8G^^T;@led+2|Bm%B$;OoK6;uxjmhouH@w zt}|gvd|HrOTwYdJcV(Mg;H!i(X(}8zRJs-cim3lL2UFajT-aLDXe}C@Bj+y!K`lL+ z`|Nzm;hgNG@Udz`lEd#{l;50{h53wjCFuM=l^yr+Ura0V@7zy?mYpT3mj^Q!f4 zV~uQ}`|$TMHf37Ougt}ohY1gL9`WxGp|tlmySZ1_juZuKw{7Iqr3;S6n?E!(WHuWN zbn~q9W+nkM&699$6^ac7KhxO{;y}~E&3D-?)$kwG-oVaSzaKC`8dls7*y#NYJ->oU zI4)Z+gJR--e~8=y-vbWG_Y0Tc1CFPe94{LcQX9IW`KpecL?2KYW6^p6@=VZK{8YBHQE?2T zTkNE70K`qW&~HPWIjY{Ek+Ou(Q>6ZHrc0OSO4s7q>*InE(`-DO5#(BH|ge ze?ptVlr15(W9=t0aku7S;TP`Rv~Dmf;!aLy2&2hH^R-x$jk4HDs!JR0hV{WSbD4P@ zlQaEsKvhpv)MMQ;*3bQ=tr%L|w(uF=FeH2TFr~~$_xn>eoKc2?Dop>1=S6@N&9}R#KZuxZX@;hOGF)Ic^8WJ%qw4jFSnT`ZxSe2J4l4 z93dK8J@^C*z*+i<%h0_^kgcYEGlvFH*aUEcu6Kt8fJLeXwC+JNrZ2Z=0%wp@NdSxQ znLr_l2HJog>dMhj>YpAvP4~FN0+GxHWJ*tx;fxplLc>KgOnPsVj1Z!qOq%28o085R z*Zqb=TprCeY>_4Y6{^S~VVLhrLV&UPNaBY&Qw~W@vFBsckt?5y&PPz_10)^(_RC+L zqZ>I4$|ZQZ;CdDiE^#Cuv=kf+{vUa7A0Jm$t&gWrAV4Kic?oY4u!R&GH7X{RESt5UO`9RJVz=< z1dLMb?|If*d!Kz~CT&5#_n%)spJvY4FKe&8_IlfEznq8ESkjwm1!X?MqMS~jD+5XI zl6O6%t=-?HkeCN32X7wujNy^(z7d{VO}7k1J76B{A|>FHOe?54d|{1o;A#V)r9Z45?FeNL!^F>HgcnjWjWUF9lz_)BLveZb+GulR``4%Brn+V~qd zlOoeBma}5umQbs=MnCNji?v!Y>azgayyz_4$&)~vXT|6z2gQ~|TizSuwnU0qd>P$@ z5O>HmM~>|wU(kqetn0i^N4q3kgK;fn&hE;74^9~`S-dugpCN5?KH8z~T81A)LljVs z@n9P2SgkdcJUJE0Q^G;quBUrif*jriLvBm<9mOJXic?+iK^2*rNzI}SCVpGzM?3t5 zGyw#0VzeIIs-u#=^g&vP3w{?Z(%;s4{moqvo$BfzVl_aE+PY5BA+Yb$UXE(GHp>=J zAn;#6O6X^&6-vhMrT8|oZ0L`RkZ|}LY@#-vKkl8zCSXU+ZqXeNpi$E4+*2pIP=Ax# zUz!LQCML;lY#;y5%lC^$gZ1@k+GiRldKyLoNK0ludWz$cdm@Ry|EzkNI5HxoYg--EuR<;Lc9h11VL26Q@kqZ)BqL@MtirO3P&N>=MN#dJ&b?)^MOw^#4nRXU zR6LRr{d$L>@Umq__rkIj`c&$2PnbsJ0IFo#qL7=TZ*%f(n_QPU`gAPyngG1GJ%Y?g z_6`#3R$%>6H_G&o<%TNXxmE(#VzMB`5sw}r@!TZo=Y}BNYZ#bPG~rR?>ZFD|2o-FB z*(zFcCwy-}6&6V}Ur8jskXRrRRy`m*|k8&T%IMXIog#S7n7634;vl-VS3N`55{Dty5)|$m=fh8-dIvMv1g9kR)cuM8Y zMtcJpF2G=$Zw|s{E})FXw5{sZISe>ql3za|dLw!v71f^+-fvD9ZMLG% zs&y{K0o3UzYI9l+?sO~qKdvaS36!YlR0`=9>vuaIrIR`dz|J%DThO^T=_lJb&%Np% zKG5{IbPDJ?Ih_L92A)25{(-&$1stw*4%d@ieVz79b+4HApfac#bhODj`sk}hJ`~oD zDm#1UC()Pfn@WVJE{wRKgPkXV`mCue>@oJ*vp+rnRzx4bkhA2xSYYRipqVc+=t4-s7d9CtekANC2d z#9A%R=3~|~&`n67`hv3}3!)_o29U4?PFwcB1r_r5OULRum-yN)v1wY^rv*HveB@^LS z<(u=>neUq*Ya84(C!rIXOya|V3R?B|ZHkF13a-?8 z-uq@5-MpeW7NshAkEu6w@~`K;?Lck9woy}(UlX9VJ)HSV!yY4nO#_(GfEVW`+}CSV zt@rY)3b!rkw6i+m$%NxZ^)3GJI9BJ0t2S@ZqcCADKicQw@D~4JwC_R5GW!&cwp&W1 z_=`Cb`&8`@W(vd6t z{8*E#D3kk%Q<~L<8OA)LC@u_2NC<5@VJ2S4HSbS(A-E579G_%wwLC*0xfHPm`nJ`; zf!o`_z1mqe(C67$e5L}U;fsqfyS?~M#OgVWm93qZh~42=V#w6RNtc{e=%%5-sG!2R zo_{7z#^}AYgiB4ly;C6fp+GXUBa$gAe-Y@$aMowIT9CMFLMVWBfr9pRCE)Mp@8j&R zI$irX3YKU%w{IzFNcCkVvLq!e-WTIy?anBv@Y@mG}fESO8*f za5^majHaW1&OIg$kyh_07B%pz%*=udsE%@G-4{tXSgSf${40;8K5(kTYGn(DvC%< zl^<(uXMbr&_UM9`pyArD-fP8mv%T)MS&CwAJTo%6>B9a6?w?Wi;IxEe=a@vsu48us zuM(^|M9e+HQ2ida%!_7QedwSU0s>J@+)@50*vWox`!(QY-dijFx0b)h?2o2 zL0aC)X0;nrts4+Ekd91M8Rx1;aT!DaVuS~QyH1_fV(DRBBVbVk|Dc+W%spQcex(T% zl^yDCDNdeH_x)m5c7qMZJxMN>TMsZaP!=&=TW@1c1c_a+14U}$j-(pMevZ9an+VLv z7WvO9G`vc@?NYw##KuClAPHRu#Fox~!G^X4h4O71z$WBb^pv$ZAv;oDWn08BVn!e? zr%btqXl)~E@cL5IL?AcF@Dz$WVxb&qGZLTY)T=D@{g*ZXNU*Y;fGO4%4BsBC?*=#I z$AH{x$9iH_tl#diR$;}P?*!3o0-8~LDx(y}x}d@sVpUjIN$*E#P063$uS(f-1FS=m z9#f4c$OOI*a7$>cXk23Yi#X7W>5VD1aMJilBr%3X=v-8r+dJ*Y(G@U+$g?;^$7hv2 zhVybyrJ(=@73DJ={c0G2d>B2PUj~QEqm8+ZD8?ICR_;&`18}w6owNfZQSIje zLX-k5taxjFb(Z}?#RgErTpD*bDw1UZtx0}Uk<1~frIAcL%S2!(xf_+aN=nnDz{FqJ zJ1mP^I}a*J(d<~P1lJ8kjJ8r2@fzLl@c!t;+Q^L6?89 z242a`l|uqVJo2}{-%aeJJF&!OXg@|U@F=x-RQHlyFy!`DG@gF?P?*3W z!Mgd3FbxNwI*thwiWs9^>aN{8OpEX#ZW*A{uXHcn z_r#SIZ49wDcqvyM`OkeCZ8Uo3J#It6NUlp(CFKKIN@lUk;iTX&o?rE%t4#hez{4<( zMqd9rW=ks!mXwSU{-;{uMYAKHhiLQ$_P|ko%`! zW)yrrRt@Pk9}qohIc`r?nDp_pNO9cnJZ=R!Y#}1f7ChCLy9(wtK+`^Xp#jUlJp*=Q z@xgqMy5gHe@s5GDj(0?^vkLS%uTUzntC&WJgT=aT+hk$MlIZ(SQJMi6eoI1@&bP@M zwY|eHa3@|MeHdpsrnwf2Q#H}8P**ZjIMw0Sf2k|5GYeei3LNYUT~J&O_CicUVaU2Dd)dS#it|@A#B!CFC(xq*sO(VKI4?}@%RIPs49C!R0T;Jpa|M{@<6n)j}&4m zCh3ik@?^i3)#cp0$$^445-E2I4Uj}XmEw=EE{bWBa_NFZ*epgsESdqy6d~(T5tib& zrt0bJzlcy+;H?P_Xg-xklh-N?_pCDrIlb-6(yTp!0ayy8#@}v-Q(4Fh{M@MD+(M(#5QajkZzL+oa zq>hb^@ffSdjVc6{he){KiuP7hf_fg}A(DX%Dn!4=DiARPndmU2fc;zt1UN1pjgFG8 zAdbB6W~otv1V+&$EU^P@2_VMe+id`&JNdwr&uOdBv?5fLJd{Squ>tF6kDFq>n1!7A zkUhg%B%?(^pF7_y!(Dau`VQ2NI>!W-F=VsWs;Y!!F2tD4;01_{=u`Sc1PX;GB2bsI zD;pO}rld;lL`0B@d5gB)sDwUPy8|{7xxNa`NP$A86_Xq!KQNC+L_36^wWEwCstd)A zW-`gaswqir^jMBtDKOZMZ;jZLS=q?>pS*VY%5B{uSz2tA^iff??4qT@>lXjj`<*}c z7`f09`88Z5$(iLiH%B6bmM~AS|2PBvU5$Tk23=);>rG+}@orZ*+%pgO1O?+@P zVJE%L2xFx^IzuCxBVddXP@i&wERYW0d%Nde5vXBMnx`5@>hzT7jT1T8S+ROH+Wq1u%MYAr{tf)%Xdo2sptcPsjhA!NAm9EVYD90SY zVXGlE-(OA6hk0(fz#cxZP-H<`6Us=G)B6+TN8}+yVe!1d>_z~ED>A$rflF^(K*!e8uJ5SQY)ECmhpSD=a0(u>pcuy6|R`70VIy~ zY+(q5Is5$*@zP%yP5%Y!*OxU1MEb5+;bi^#_h*f_e%{83Ia$(v5eOZ%HCm%;g)jUssm5Ee~# zfb9N=lOPzslmz|x;V_2^7h^(pBjH2*f&rnjGqnBR_AY0&MNi1fOk(>op3 zgV|nE3iEkd|L)TWfF8$!mR|KGT8eV`z=fIVWgutLkn|B}-Q-p$Apl^AZ_yjy1r9KX zo%@P%rLV{JBvKI<2mBHtaq!9zx;z9TjS2?hf86v7e5S%;*)VGHkw#^pG@!!(^V$u=jLY z61t(E4n|g4v-2Y~qRMIWK%PF3rw`**-s^o31OumB?W)T>0Zl(czS9F)yK=kRcGy<-$Wh%zc z(r~j;ni@p%rSwX?CCy3FMXrDz$D?vJHm7X>ApGC1mJW6`1&|AD7LjV<=w<3^DY#Ax zA_n=%_6ezz;~gXF>Z$$@btN(wg(%Aa1K`YjS9Y_m8l}SB$@SUFC4*s?1#L`M$zmyV15^hHKCYJ-=WgG=k`R`^UCL>amEwc z+g3$TEp<1hP`{n96HE@brV1^qx`xDdtg_ZVoV2!fHjt7nB>_^i3fWb&x{9ef=OuNn zL!A_c&-__2j6Wm{BG(F_ceq=E_#ZaM@TVqE=9G(){bXQt^Y7GKa69*OHeySRK7it8 zOb5zH!G$bj<^ir5E!#mz>dNlfC^~E~?Tf>M#I)qMj#w&ZCD}oU8(et5vJ2t3mhREA zY$+3r#4VZ(u8^?jQuiv6B;v)(HReXq%Xfr}?456Ouw))aFR3<=s^&JQ z(%qZ~Mz@It>>@hzCcqG_psJx_3Q^`y&-e6({P_FF+}3kCY4Cc-BYRP78t_y+{-NlT zHXH>y$0gA3gAOBfi73Ncv(Gk&!wbS-S-Jbc^vGyu&eaBnO#>1l-0e~Xt^+>qIN*M$As)6}Ln8am*|9F72D=Zro+In;SN8W!H z3Sg<~Y?*Xfvhh~*ZkL#E>n-Q>r&OkT0jtj)dKwkdsl&vf}X96;|FGW3V;%Bp6brujeu=Ti%$6w=GZkY479?B?BA-T;F)ffkI?ckR6LGk2gF1{0E{Bis-Z#C-x*d@efjm zjyz7Yimcl@X05u*~9o`^{v-dD&SYFvLd7J1X41^f} zr{$<#PBq-&vI?12un0N{f1Tg)1${oIdHUX1*OBq>wSBwd8OxnF)%!Hm*{$wI6H%>$ z9j{^c8>}qOe&Tp2wua!luiSP`3P`U*{_*mO@2z4WN1+=-S!qC}r0W)CB_Ysth9E5u zo2LV^?Bel3!&_pm_pltqqZNY-OZI@S;l9UZsA)Uby^3jbmt)QjQ~jzPfMGQ%T5GFz zlYJqvBT-@Q(@|l)ixNU+@%cXSrUi|p%qL;0b!Aq{2$q9>Wsf$uwTvKX4yx2g^#hH- zB{>xb7(!HyiLQ6SqPH}F{hd$v6~i7eP(0P(WW^kb17%0Ma+C0u^KbQ>(d$hjEu)3m zle!*pcad;)5`CzZADStU^eQfKV#iTu z5`XebCPAJq5YV1ZQ3ahMr4!JsLZ^XA0%a%yF{3O}N)yZPXTV;D zva>zE8c48!KBW= zCHKvRwueiHdL>(E-OfZRzAr-lnK84r?z*rBcA(eb8@*_bS4B?+VxkX~S8Q@jAp@@r zD_YPk($xp>YBh6(+O9{@D|ExdnnYM+U#s1nu6>Pr6+(eBj!-33!GF=!+_rSBlXOfR zNGlX=7Hn~_{D)E3iLw@kL?NVC=L)qjyLSD=TF_F?d830ydQpXOq9>*sToP%*`ULtB z9y(wUBLRm}K12pJRmN|2{;&G@TmotnypY#<4WL9#%x}!v80|O{L%^Y$RF@Bjahg>w zWG2nXZmPSEVF$%^lB_61vAI0laJnPEnRA}0KOMj2j^sLiZSJ*v1V$)Tx-vn9b0w(0 zn2P{WZoxZeiLVjd_joRFh#`BaYX6M43Q<#%@d!$k6xhrX5 zKqGpmWTFU^$L;fI9e1Z90`TGKo44Tl1Kf7tQ31!K;z5c3oH8b2WQ5z<#28@X17QiP zCH`nqKg8Blh<<*E;apU9>(?31&&Z!{xiRS#Twb7E6MxX6OqG0kGIG2wNf?y9jSse3 zI;Vp=#^Jx~cTuh#2EiU&`BU3$2?3znQO>~|Vmj{tpD*r)eLUF00|v$`aa!?D$m5&o)RKFxB9q)+6j38y=a8(b5wAFQ`!wPRn@u$0 z$E4*@AXVk$?I_zPAl5#;>Xd3AYp z3PKc5U@g;0cKo&intEVz2QUK{LhR6jTyZq%<(&%%Gn@;QLP@Xj)m{KAY5@9kW$c&V zJt2WkGaU&6)s##p;iqH*d2Dp?5}i*nJYp_p`P6cX%2L{V$b@ls(%M!l7>XtxJ`%AW9T{{9asxgezHCHU)w1QYC~hlM-Yf+8JErvICU1QH)mWx??4u z`(8`Y^@u8Q&R$NlGjE7ax|yfE$2+|(D;Q`1CP zEv0aD%Cs`-dQwka{0HaiWW?MYZ|$yG6hJ zYxM#9%FfAvwW6Big3=B3%1R&G#L*;}d4d#0`e97J!l#qK(9UDI{`U>c#WOO0g6$4MK=>*) z!agQ?l@zxa=^=ihsHD3OG}Z`U(8+)R7X&71>JX+-mqS3cnP<$CU%NBg`lzI%q{T#~ z7P!hSO!iVqVeD90XL$H?#bQJrD02 zt|;pr;9e2}b}`8|IjTLV@SjEQ6aN`xPWjK3@s)Q0VF{mf+x%=~DZ^>vp1)fObrYn>AeplP(eA{MNWkML#Ogz;X?9B$-auV3t&0Shp#FTT6 zjI)1RkGF1e)498L0I6IYPhGXPQG8yi5v@lDPc==PMC?+bmt=n8IC?!yan*Cckp!LK{q!I)8)r&2hcoed9uWNxkY{42hc$K|nJZ72D9_yiccBP^a=a zRm);S@$r_$>8E`h12?#w$}HydLl``7jf+3HT$ZH$O+KJY$6C_pAV+r|n>e$-g?lFQ zZq940Urj`*r6>iW>S^v?x%_8u2d03{lDI*p<5DL4nA%MZ+c|h=9duwm#^=56wUC() z()U3n_2E{^K5Wn##tPd8Y+o6Q_%ZnW*p@mC)g6g9KtNFrRv+N@!L$4khEVXgPDl$m zv>+E2C)C42V}abaRjSECI=L-pK&g>SWWy{UFX4?GhApX;tWhz zOOab03$i`5grG(){woR?G1tj~!`+8+Mg(1ZK2adMojPn+z68U8 z$1^@r^)q%f>7m%Sqd-aRp>(^WS%9FkgGCg{QN-fhs1vOIb63E*Lym+Z61K8 zckx#)BXx6U1)@Uj1HYTl zRhtgWoxoCsU6GSp;EyehhsnhblV5F4FriN&V`&3AcSJfV?UxL)9b)1Nv~$}uOAdv( zBTl74Ed``D<;lU(PF&s49;E53sv#Bo+5x-^RWuqEbUAwjV>klJrwTox#6cbg#hrde z4=6TP!JQF6YKC7tF8L)_q}VB!Wj(eFh0Yf`$sG8z*dBF>%Td1)Ik0u{CtR^){lILy zYdbh2pqng@kSg46F_)|KgV8OM!Mn2D1DF_AHcGUse#xeMzS6#_hw$jObS;h$GC&lM zd_0(a9O+PQBm9BV>9yb0{KYm+{$MVce{#aK;u=u6Cja-Ey6gj8*_9}~g1Lj)<@!T; zr{FLYaUdV*Fy@zJ@T$U=jYRg{8amsLqg|{ZjhF6xrH|T&%6+s;ol8(k3`JstEDg3| zGNd6s4!QyTAabmQ+P&0KJk(c`1T`E_Q#lT1hXhNp24X;lP1K7t8Nx6YC?oDoz+FPP z;``#<2C;+$VYhaZ|0V~9Xi*c)&+2FzI+Li+PB_FOB%rQPu5Bg2ok%v#b8l3~k$f!R zLI+_+JCMCvN3{oKdQfI(Ez^@kg@~5b#?2b|8RBHBE#k(7oU!3K;Kuu^e%_#T^9Wj z8;BDcv}0`0lOgov&Avr4?-1kpb*UtbTyB2cgboYUv~6;DPy8p$qg*2FH+Lp>ycLyY z8=u<)37&x+bUvwIT>awWEgZA0z@E0D8uow zFl_=ww>FBsj00L4*%S!wC;g|HeHIW&26`nWk)1GR$DpskAWTHxv>MjI6!WSt{FelT-UR80{;n@S}#~lt#(IIectiT){;IDfO zaF+n)L%MQAkCF7``#n)4CVFo^mu#X>$Ol=`EnWp#4_=pNKZ;-$K zgy2O%Nniy^^S>-Yuf{k~!Js{?)YQ2T<*v5P98Tvz%_3Ah2snZ^Ua=d7P-t4IN&x`d z72>&QTwYTAVNP^UA=5}Km+!7ndImGRQOZd(aZ(Pz_qsJv3=;x-CBWqP1a2(H2Tl&g z$DngS5IzisuSv2csKn}ekgzYl)N4nb*%WaF>tMEnU9*jN9mL8+@@yoJE0WW+BM?QE zw!%q6(MR4we|H?|;w&mz2x(h^RS+9?fdr#?^(d=%STM7FT@NxsC$D1vr_RI8Wx&*$ zo?1Ag<+&g<5+OP8D{!4bSjcWHjX*KDPbiL$^kg5Z>oBPW{i%>=XBhD2RfZ4UkbTIr z*DPh(5(WU9>TUg`gyG@@RPNWHhSmw_$Y6E@dQ^h}HC*Wq$r}b=kpE1OAPnJr4x8GJ z091pDGWIis1{^tJz#-%;0Rz6r=gp{SXEy-T8o4LP$s~%ZLEv=;mdHpg4&c7bExR-O z$P3Zs#7TG74ns;p(zPH`$YI*qmbOLAI%+x7Yqi2Mb*!W*q7wU~mm% zpaFl99fB_F0Cr_yshiwvhI0YGa15z6@#O-nt%!&fD@UJ393HeQ%6N*`4JZ_r|z3H*oh01Dh$hi%9J(nKJK1Bl#jJiylkp&{T3&&c+9-R2Nl7$WoxYJ{+UvzLU> zfCa=tYwD+V(JD0;@gM@VF-KSk=e|A$R7EomG20iV8Z4`Myw(JK;+vENeFXpjv7dmG zfPpuMvd%Jyv%_{k2id;CXE1Pf$TTGGyx?0`Zn6SGSWiNGvc&1PVuk$DTF5pOvh{8X z{(s7=0ml{!9-Z*`W*}`;Sp@=7Dme%{Z9BSXcqU$5_LY7Ft`npE( z#c9TW+neYhW&V|65(L2QuwIJvd>bif-hR<4F=;_rC9np9|GWyvrW{&WX3|uzxHYcv zbE$c@u$74yxLh5t5wM}7)kgH&sUqZqVR1-cf>To91`wz7vx0}LUP&u5?hK#Z{3nh~ z7Is+zgyDdEMhMCq=(s7YrB7V*nSJoNw?s$q1cZ#S8ke@ds0ll8ffI7K#2Kk70W_i- zPgPK(3>R3_kP>z{*T75cA4i}YSo8vmUSJzy@sd)|Sb=kMVGQ&$HORJAr6@kshPv(# z8R2!-c)Gr!Juy1PidiFa#ONT$jLvO0*)VXzR^XjF*&=5$>~96R>8@F#r&lkgG#i9w z(W_j}38~c^{T&-y9kt#h*tPVciC|!TxXtZnY~NG^GLEkj=5)0TS>P7By%#_^_g~H5 z!R##@mvr<3nM;|O8tOn)pP^fd*p4 zWGaynezjvA;&4=n@9)5RQcze$IVqC?2Sq`$Bkx9xpz_R8k>Re+R&)UcVRr=`WP&rr zq^*`Q2y~+t4R;2C9%`B2_3vmvM_^6$#u|er$Qs-Rn9IE=w!^Q5GszI0*4^Xmwx-N_iVBqn*p&zk~x>*SRP1 zas#{nY%YGep7{HJY>6ibs!{?5owcJ6?Exd4Z(9nQ&BuGL&`nOk_rM4SmaYj9g<)(Q z3*C}Y=wu@Dn^8j^eU0gI92Ch`P~gF2+TM2qoLw3Zp}he%y7ev`$>L0H z3Wiy0>@J|>y+rUC$a)^oj` zqiJw8W!mZZranHbvXbowxnMU~1w`tTvio}&SOGoldOKi~X!q#F`ly+uMTw@8A{iuj=$3HfxMOtduQcZ5Dd zw{$l0v9NeZ;-tIcbbJyz>Op)=u!Bm*7!n7Of_!m4KDswg&=CcKSA?DO5=Q+sN~YIS zI;odIeo@bE4D5fJ>EtF}sMIY>zknUjbjyTFZfsLJNm{n?X!Kk$%GH-;%^JC-O=JG5n$c zzF8Y`C%~c>2%B9Q?}wSAa_a^#RXiwhE-*lTNh|Q!mXNhZGk~k090*yfV=5j{s}!(4+V^5g%AxMxZ6|iB7>)Bi8cGRePO> zPMj|TN%x45p%|`TyE{7HnNt?#4@#XVr8KdS3%dXUOHr>48Y)s66*Zl9u$3|Zl7wnb zU*J)a8k3~P_(2UeZ$Iq^u6@0^X@CB;)oFjoYen&Z*Nx)MAKyBPKWwj#;%6~~ zi`Oc9kd!$v1m0@mm!ZVATWN0G6e`Vy03ajml%{HktAu43{G^7s*u9Bl^+1dCAoWa5 z?a}GLJM;|+^Sx@2eq}01--1bG zV%yfq zH*N2BG_dc|kGALKgYOvi*;1V6<8RGK?^^m~S^3)^!X*cymL*_Brxd|(R)UeoBR17@+DO+Y6T7FR z+8(I7PI0w^>e!Ww6(tkACbKC3ic^ac5Y#5#>|@Goa8G;$6%23IcY78x4nlXUEM(jw z3mMG3p_6}or1>K4-D*f5!f@Fh^c4SX0Yjs0kmdiQg^XKX(?SM(KrCc9AFvrLc2H`Z zIr7SvwybeiIFcO;gTlJduKed_Kw@Dfn4D{L%p`}yCMzWMoix48%jR|k$ zA6hs}ZlDNoj1mCx4C>XyIRlPfG=VJU(WA>P3|3;-hm8jAOTiH)A`6Ofl?au&{Yb-l z5+xkL{yHq?w`_=N0TiPYKc~(Lt3dB>waQ{($trzT1>`6WW`95&fy)RQE+UeUQNqb) z2qBhz-i{?^w68>Aw;AFGcoy0+a_BD}$$=IR`B7u9Pqng<*7`1SrBvwMMrsF)#6K1vZjYdAmzVS5g1`jUO@x zO#0p`VI9|cs0eo(>bRZGB>U^cE&ebrCD+yi_ zSN-w3=&HN;th=0}7vkJ1WiTti0O1|w^$e?fZWKZ*8FjZBis%&cFN#}0h;~gun?W$n z6Gc!_qHO-4BMRHAH-aWm&Fe~eigAia$aKID00wu6Xss7qz{H9+(<1O0koVND>Utn*tTI-UQEhFH zjVQ?b=*_q`UGWZ>shYSeX(+HWC=1JBpTv=Pw*(E3LSgt;>eNqsaQ?$QtL=h@UvnLU z7baF2TQa%XiAc-`K~D$mjQV9kFWy>^Z@UG3KSW4@c}sU&Z#4WwIJxTGm7^~MU|pFH zn)Co7r@8Dg9((cFBQU74IV-lf8MHDOkW*#x>9}(XP*&^8=m-28S3pnGw;l{o12}4R z#gZ9vByNTrmcTxZPe4*+ng$YJ$&9^T9c=zXL1{d`2IF93GZ#==dJr^Q#lGrl*(1N9 z(>dmNpg$QJ^ix3e#Bf6_UWTS>jJ!U^@Mv{PUiWxN$xi^Tqok6|$YCVAPyv^b?7f-_ zl95P9xW)^aoDeD8C5QgX`hO8RB^RFpoUGGydX*B%E;*G)a~_w5BL#H*#4aS9Z2M9Szo4zb!PYe!)ddzp=tC;wxJd{> z-cSWVWZ?%P1SUBQ-~+Bg2w?@^tA-GI5JKqn`}}tMZ8$bR5w|+PjqPX<+?)uCQ#}}a zTqgpA5hr395D080k{8vh6LH@eq1La5Ohf>$7?y?=Emh=}!W8>JPcV z9nHT5?#!0GLL~4X+|$zQcOah&b?pOpuyeKpd6fk2n0Z4d|CR^tq@;KeuF)~bWVgp7<=iwDWBIsg+ueg`u0DM`*g0fN=MON{BwAz+TA)uEcq_*5 z^ecI9dI>ne$imAQB7V>Z92v3kYVOMdX}w_}%|`AdZ4_@|Ak7g@=}F>|mTn;GQ^eotJlrxpTJRT=XY81pkHM5mFtI?MQ4+2&SSN4` zf3CZwcP53lCVCM*X0kBy8wO^C2|Crws8ZL%$u$@ZxyPJH0-y=8!Vn7HAi*9VdI5L_ ztp0V8mYYv=3aRH2UnrS4~G-?W0nvh%2JGxsc<0kDHB==>-;zb{Lv zGrosXHv;pOeFEm;WNXC39re)DrSx)#u`uQsIU&{O$y51VdQdEcJ4APqdpMvBY*iZ%s~Y5?I@;FAs44enZfAM z2qz8vH=feR97Yoi=EG-D61NNqQal!Enw==k$MiE?z>=T_rOK~yfv{2{{uNEF9174H zVjYKo!#$Ln?c3D_JN4S|Lr0dFOXXE;|Y$$mRKAyXxoBGv&;?RgNv& zCHt5#VsbWt^BD64)vZ{r9V|JEf3<%%OTRElPz(RzBtb3vY$oUup3ZA<_FxfiDBsrE zgBie0c-O6n9ZqB^ReGVpun1u1*R;K1lQj`%IgU#Hl%uI2E*MyjGufyhg*h0NcYn-A zL zm~JV@=2!#x!F}NpaducvjSb_}*r0cJnU_JYhTW;L!5gxJoDw_(ZZ_Sg`Yuy;UuS+3 zr~V}B^}q>a?!UT8 zr-d(a^TI$Q`r>!C(~wIX(jq&&^}QYi>^kvCr`eIen;lnI$tNUn+4#c0HFGPO+*uEW z0SW-tbd1C_RF^loFAxQXo2R`TE&I(YTcV?n+pR`x=vg)L^;oRT;UYY|{AueJ!rkA5 z{%z*r=g0|!^R<0ljs zIX}lP-fVBU2o-87ap?7PM^2 zE&OqFZUPyogf>dDEkc{!4F!P>{*up2XxbvsC`c|uY)+iGDN6Ga1hf%_Ox)0YIGu$n z8};|!YC&1)gBSu49yEtKh@sdnA2$k8Ps_6a3`eyB^#YIu8mbq-Zo@>NZ6knwnN)pE z*IXMuN(jRsVH41EBk2iL>28){+;`?e3Alh53tXGx6(W1CcFUN%9CplbHBSWTn6b5h z>w*K+dK(zbM>T&)#vk@0!c-fz7ms3tNksQE*Y%S~^k{{{;_q*3Ew?{BISE!SN^f+a zESM1`h8UgO5}!3u`a5dqTObzWXLsKG1Pku;symNU!uT9rTlfe$+jGA&@d9}>X6!ly z%0I1X0Hx^Dngeaz zF6C`Y~gXkp6`1xN))#@?boF|Xl}Qp&^YeeY{>Rta!=Q3A${lKoLF zfRs$FUcJzqr0AE@I?c0X8Js20mTjFXsL3wc^^8S9on1~iFmf{hr^OINP%hQGt9|dR)pci$ z*XlQ2PDQILTu#{P@fbzn1jos}U_}N1WN1O$WGwsQw;?@!ZUy#PoP-qjK80e&U2+hF zDsHNP#7wk+Dq{Pn2jv;ml8_728)9{ca6$95_q&LNRlpT|2d2_c5wX8rQ)wWuzg47B z8nCGe+8WI8ex4d&j81CsQ+9HLL&eJSZgAe!f^R0keZyBHG-M?xU!xFL|sK9UFCh&--1A=#c1!-)uuye&x)q>dGUJ8dq0#0J7sS+S)ROR*K#= z4rtSr8>b2A67VnAl~V)IRdr?5S{-ZCl~*cg+Iv(_G4jJ(*Ohg(AihfKD4m9dEyZzk z<>jimoDoXCJLoH=b!CT03$>@yW)?MPis{PJlQO0&WiF)W18mGrCZVGh8n`T&kXk7DdpZ+wZ@IsYd(e4IGUb~YuUW|}aoJd&me|L06ogr7=s>P7v2 z)#bcD$x-!ty~}ys1iRO1&5&Scd4d^k2f21CaNEh{RN(eptM%t~<3{F^!F2LgsnLZ^ zLD=oq=$z0w260S0Rml2UH2S$Ml^Xr@R2oJO8vXcG+V*I4I4hyR8+_*n{r zDrs}P#)xwKNfDAVzby|{g%KSFLyoF08m`bqTAemfN~z!WS%5671UNJlL(tP_YcBMN zQv$~(DW-_tnxvQ_vKTvSH3HaJ{5=$L{DV|tIuzdqd2xv$&O!5+dC(?O8^9V81J5Qo zU>bN^-*q`hBsnVXD_u?nS_f7`ixIf8S+WGgmZGrZ7xXHy?}2R>{@908D4EPS{@6H2X?*HCV7;$$`v!Kyf$?&`NC0d;7%yC4ZEhibfwXsd28-I4*h;r%HJxNf7sCy zd@sm9#>V|D#S;e6w7l!4d$!0&c~ONrkJR*GLT95wUw@#0cfnC>nDQUg*uWB8npIwV@f&BH)xvpUj*itm;q9>0vQ}V=*zC`<1&uIjYSZ-Sms`yE@ge- z55cM=@Q2~AmD-#;ckTmJG2TVxi(2Qe?`DnZ_d`%$;(<$k@(Ml=f`}Qv42rTN>?nA5 zM)vW#?p}d}+2sOoj|RtrpqTodGT{kJAT&&5(n;7KQJ#dD@GF=}fcGfxqeN?AwgfxG zkJ_L%n0q0W#CpBA;7>qQ%h3&HIVeFQOKc?^H4@JP3zv0)M=~p#ro<0}#=~HxhqS=3 z85-4hG>y^={0i#$1-_@J@b!2oO-@rlqv?(eEB4dI#Xg9L;b!jG_E-Rl2cIjDp2IT6 z;*M+PT+%>OCFngIAMPYLp~y?A09_ltpq%n;7=0_7kE-pc&~LCEjG+yolccB9O>U03 zuXR4qP1GtwvBc^y4=v9C^*Oh^6!n}Smn*TsG9?D}4!fgD48LB94SFRuBuWhERV|u- z;6&ARL>iI5lol!1VXwDw*O{sqhz4cr)L~)Q%XQf6ZGF4C&UtUBKt~bRpUDm%iym5?zbLo82CZ>+y5|!E1ZDLPGrwmAv*WS)Ux6Dge5ehtyHj0!0?!`mb7*{Up^q z6BzR7hwrp`M4maS{jCsqjp1`FXMfoh62?&_ZG}o!s3BV73KX4h@0Qd_j5bxZF~O6dssKyo+zE_4ARTPayG`YWpzK#!e{ zpalQ~kjv=^x(ll{3DE;x3_>;nn7XddXU>K|NoY*3E2uLxQrU*ui+dp)eWd&Bu41(5 zDfH8cXg;B|lggq=*u0DTyw3H^KH_8?zq>w`uV?NjK0gJ4I#rMAN1eFp0sR{yzNEh`+Nc*B zc8VXGC@UlbpxagM(_D;)g)5F6T_J!&l1_vNuoiCdkEjW3Xn z#wzRg*bmaR7#u%$R1E~y+;G42+E=zn=as`WByYpu%=wb!H29q7nX@x<+9l^8pYtc?{2pQF=#!H3VV^U~ zoFV44NX}%R^JnIKgE>b_&OScp1?KP!M6|EuyxHgcg*gkEv*kYa6lZ#Dv|nV-9OgVD zIki6LCFZ=HIS)zB6rV#@i}zs8cO++$&-p8J{siqBeL->#@Hu158D>tKGf| zFlT|};Lat(?eEOFnK`p1=P;l13UmIQIY&y)xjttzb3VYFy(DK}pYtknj%Cg(-zN=r z_BsDx4$m<}zmpv7Uo#B0Fz2t(!O@`PH2Rzx2x2_KoNr6cAwFjUbNHpC=szUqEk0)l z=6sPkS4z%-K4(Yf@QUf^T*<+Qdkuq$%sHDmS;@J?=j_CslbLgb>hFEzEhN zI>Y4KZbABW_Wf=SybG{)t=leQuWSu;7 zZjzjj`tmYgy<%`)dBl5?rA^JdmLlsPjc=VLx+Pv+?M!Li3VRw(rU_dmAZ zuf0tuq6Y)vvb~-3!R9o4nI0z~PN=(9$+n3U!xqKD;xXnFCOz2u=#@2a!$x7wei$`B z1=FhL%m>7{KVs%t@6Y*9ieaXX#fdKY5FDN{J97~+x4X=CHxFjN2Ptz7&0&1xwz@u^ z{eeT_T$+4eJrZ!E05FEh!?U?S1*@T6c$=@!6>ZeFolkIy0C%ZGX<^!}(Rg21S#nqN zO>@~e@j$iqJ_dU4?*HR&>N?f`kz_!lVMcj+hbSnnI2`IWydx;9&h>ENobSykoP$fB z=uu`zaF_ecHJlG;r@f4IsW*UEyUw0mn;V=pnVwD!ejE5Z2dRxr6|aX6&6Yjgelz@? z)AfPLxg5R&)QS@q%la`c?dy7w{*jp<4a1dozl!^QD*Wo`mCuoa{HU>ykK|99(v0uL zx)8`+fCC5W7$o7wY`E(3@z~|7pD&ekt5aXQXfhG3UXYBaTr#c$Ss&8WykOC zxcRQj;}?)2-%1M^?Yd&(CQIRXH9lW4UXzhjeY~1k82_q`S4Eyfo&#N(X^2Dq7m(P{2Q@i4TWHXD}|=wuioi5rDn9I=H!|T z+1W}^&A3BolyCa z!bKbX|MRJ{SfM6*>~1JL_D(mi$;2MB_i4BfRSIjL(Gp`5oPBw7<>Ese&rz=ZAsslNu#yzng@dwk6lU-hH!&tBWAKoh7%i?LeYm zAFX%i0TyqD!5AG7%9a>(sQ$fq#kVr1vIZbMn=t4zW8#z&#@@}?HKhhBv##@KDGNF` zfP7tuyS6=zV{kDtKJdt642ymIN8Rd$hKLxrF^&j zn}mm8738$owLbdfl%325ruc#D)%X%Bt5p*@u7Z|*M9OjC0jx4ma$UTSukIsKx9|mr zt=vbX4hON=v*@dbx!qe3QMn@m;N*@7(G~-*I&c>lgy^OaE~$^+3`W0VDi(-D)N}Rn zt5F_~Et`%gH@<785~_(u+FyXOmTC@P+>erUQ+N^Fa2&tb=~8N-8=LJm`t9q1v_x#AoH` z+uy{|o~BbB;o+d>8bJuC*d>kN?)^!pL`8E6!42d6l7*6mC5`=+P@?7_&(A%oD}k_2cPM*{2wKi;Zeygq~y>|nT7RfL&Q3U@5aAhzELUjmNa_O_ickzh1eRc*Pv zMY~Vi39O@PE!iIw$oHjAzQtDj;P8J=zN3Yoce3sMrCe}+SoQt(_wS@zx6!}ns$|W)9TA{7=rJG}Yw#7rCdknF}p#&8R&^n;G&QC|%?VH!rlOwXK)9 z!aepBJtBpRE~CHx)2?u{ds?&9o}&Lk;b5@R^EaIjD8A>H;k)8e2es$l9SR=bx4{~R z_+~D1h3C7cHJQbl7V+xrfSz!yQuY(NG7=Jbzx4S#%KTFLCgQm{zqFsoik(mUrQbVr zJiqjvzDC+Fy|zjX^-HNJq5Vd^%Lz?QH*Xv_^G)WwMvH)bbvN@kTu23oknT{gR`~B; zpTd0~&%Zody8|&_EdJ$M@h{K6Gx0Col{ll(-T$TJln<)YVFZ0$gO>g^)R>QBzv0OH{YHR`gr09 znAq-nS#e-D7?5byi^;|UvrFyk*qcCJU=Mu%bN$yi8vg7ZXt2!v7XF4l2S7k9V? zB3?~oicVxUU~79g0V%hSx&C+l${d$7$7`SV3+JN;GN96U?$55y{h7hhbWY2d5MJCL zR*vraDt0nXoH7RoqaP?u$SoL)zI9^gqcnp0+u;j+Rluq*g!9tT$vY!z_+r%jU%P{8 z?36Y9A%(@&!9!3X-R?1|cAH|G8q$|(LSeECpSQ!up<805>Edb4lw2m$i?qJlK7aBL z;3!Yf{m7K?&YVAaP7nOak>g(n4Tl}7@F%0oWr-I{4R9N^14spBZ$$c5UCcjD51W2n zF6LF=|9|0PhW6CUTd)`Ai`r362jCFv%|1FEXo{9euc28JUSK&gQZQ|3h)M(CH}Ps^ zN};nIDr9VkknK(<_(SAy?!z`3qsd7djX(u({E~4n{qXafMk+&R-YTczFKKTOJdxSY zuJVd0-t$R16{T(T#Ed~O#4j*pED7orpZi8Yo=<6#pwN=0Xz>g(0`d})uv|bAmTQQ9 z+AkzwUeIOcHAd4C7>&S7;N_Pb1H3f)AE_jHIv_x$c9QxX>jBW#F@1DMCLYVC@MYuO zs`T2#c2Z<>AL$;|mP3b_U#|}OFK&#IgWcp5R#tTAEkHDWbkFWw!H`ctcXPr#Pz&T_ zdcX2{(Fmi1nPZsd?Bd0MFA$_o=l3|BA$~!dUCArkyefIE#p^=%sv-Z9R4hQ{aTNe# z!-4vi%=u{QEa5XbjvPPUvv|a2>0LjOQ5WJaH?Ec1@ByOe4;Uu7kIC?=((+K!a-TKS z7#*c87k$D6Z5bu7Dj{llXuOsirR7Cz8GUqAf{)Za8LtDoI?A5H&n=;6pe)mb6E@47 zupsBwMt96Lt0 zjam?0zgY2jzU}dvy5*lE&;>1zS4Qt;&(^u)W@9+PU*P;P3^?scbtvQjDJO%kdvbO{ zY5536Lc>D#aap{0JU-uZo8q1FJy)P+p>0!CH-`TDxTZuBpvcHvB~Avb_DAmtMLs4= z;}mF60Qh31YvzHsLKs=io1W{RxX|Lvckiu}5WDJ-dIt*ThtXf>2`ETb+i-N%@p#cKPTvPi zFe4|HvJ$f)-?kxP#tq>NSXa(MW~`De%-EM^#%jfc8Bq@1L!^brVss|h0DMAb#P&%9 zem4j+1_qBc^)QV|)4#R@WzsZm2T<;{bU-?0c&DW4Q!=uMa~GczadNYk7D;a@V$`9D zDJ|7dkpL?4MVzV@pg6HWz5eG=lrSv6#I@55XS1B~dviVmf=xH1P4 zPY#%jP)PRle#B<#V}Wlm$7=1oOFKOheI2eIpi=5#L+w&D1QMwLAs8Cd#-qgF=$-Pp zUVl9funcAPz^$hxj2)fxG2UpV>tw0VgTZ@%`|xynNYU|Nemtsu=&(5vUL{7KlJ&rQ zYK)p?PU#WE0)nT1z0gM(Vf*0~PvPXMDm>1|ar>5BS=ODxNJVWlde^AXm;(+!N=0n} z?jqy7mNdrCnwsmpU|C9Ql0tfO15F_QX?l-=-lJV}IcFH_;tp7ZlIL!UPQ00+qezyTa+wK3Iei&j2r)A=+g;G#Ao z(tlYo%-}H^yGd6J;iPYhW-#LASNqUyYV&G~S7B$b0~iwe#ud8!X2gj5kJy=QHhNbEL)ksq*W=`F&LwTb5s3K6ar8bcNGmk1HTr!pE zDp4hsC>XESu9QS=rTMh}LyDr@29sdq8pAa3&>>}p@}YDYm%V4;1m zABrA6o=4q&7^_dG1_P3=U%IBUz7!1V=Qm|cUvP=c=72hrH)jE;)Wj!xvD!-1z|Kbj z3E|@*c7k(nJ*q+8i>6O@oIDCU)+E`Ot3zXys4-$3SHh_q4Q+?c%324D6Z?A*Y3s^v zr1PRnv!{NU0SHwzWdVqNenXj%X>u5Vpk6Bggg;jTuxB%X$1}TA88;ox?UrTW)lBvIo2S3+cd#*Vr~TAW3PS*?%1})PlPa9n z=PGyIO|-!nyooN3B*{kP#%KmR$l3Ju5~P{rLJ5C)+|!6@E=a?hvt3=xAoJ@dL|49D zXJOrkqM_WtaW2w*=5IX&pyMHYEr1Z6a}6$nTaqB~?Jxj;mS+3Ys60%`CA#>$2LsEDgE z@D&Gdm4TZOe|MOtoUGeOFme?c_=RK37`Pob%R9a=W8kxX?MWLlFja9m1Ahr%t1+^vAY1b&ex}4!)aWfwiJPV|oQVVlgC2 zrN(FzbVYv5ABotE>VAI_O`YH9khUMK4xdDyxvN39h2c-Yyp_6-d!tFXO4<7&a!kxY z-Qo7O;icGwSa+iaapgrQuKMuNr2kEDPedO!9aN2-8dVC0qhG;|c6^ayCs`D9gu4A` z06AGSK%N=^lY|-BO?90T1sfF^lsN7FUkSL36He&aSL-@NlE_;!&3SgDD!<*Gh;mbO z6dDAV>le8U3y1QdY zA>D2%W`#OrETJl8_Ji(K1H(hg@l-rTWB#V-KcK~6Jc_xl^++3nCa1blt5Y5X9*Lfr zf>3N3*uDg8uYqlhPExSF3bt=tu#E7IL^l#FkmVq_;4YUOc8M|kGD4)S;(Tl>W6gb zmRe)|&SuusITU$DI+mKwr<+L(t*Tg@P z64k_vhpNyn!X)}R+`i^7I75JYepwls5c0?Ku-SEfJh-1W=YxMub=|t_Qgm=*|9Pku zeZw{?I79^16VV*VAkVLw?3+uoqvPSgr8$59auF_p+l)g%j`L-ffJq_Ka6@qS;tlxt z&bol*xJy97lWv!^G<}b2nlq{ei#J4@2*}C&-ACdjCG+cMWQR=VFO{ky^M{3&WjvXG zVWVfa(8f$lFldTSL4%a}OMon}U>_6KZ^u@#94Ed^dkuYj#L?6Bu{P}EL)c&{N`hmG zT^Xh%qC(3$3^kR+P??e#f)6B0Vvz%^w&qnu+IgmB(!5%!iXLQp^bt1tlBuM2TaQZf z>T#vHNu;?5o-bDtD-*CQ3~XbxkAhvHU{{U{R+Yqs1Pk1&Dv6VR?nf<95?7;iN=d{b zwvKO(2TdK{c+U#d@0V?ox4qTcgD<3-Wm=Jvx-5H>UIitlWng=vjACJe9)gHB`O2`<=GEdmvIgp^Xwr4;do zv*@`QEkI(RE^n^!7_Pt=s=JwKH)IEhm@vZe%EP?SCqH&lUFRo(7(fCnF5#Fu1b291 zUAL5cgO&t3?t+)G^)-hILSf3q6)Bfhq|AuTTxzqYY^~YPE2nO&*-ut9Qmxse6__@Q zqnua`D(me|)?2fp+iLb>70rICB4trU%8d99ZCDY(S?Tc+`Mj3g79wx0Xk=PN%Fz`m zGh+I_NRDo()yyB}@;}7Ab92X*)e6%le^@G~_ftplO5OfMUK|0NNRVgLVuf^CEUDC0 zD{gVPpR3Uu*KN6*rxQ1^rzypMjGzot`O4Kam3lbfMlK+6#_Kk1?SXA(beZ8E!2Fd( zZe zLq_x=U`ToC?v!%;7(wTV)X<;qZb`=ntgfT&!FQ0DTh|X+JkkVI2S|%!P0RqqYheS+ zioZL7kV^my>DG7t4sdH^zn#@u&*l&>;fE)*8?v+$#U~Jqru5fY!XNxd7XKIH4_+>y*V2erB+L zxoh-Q9PC!Ieo-(ZRs!sM=m&s7*d!c(h2kAWliGm*12W+?&+HFKS(rN%UHkxcM;)xC zDVR~eEETW)obS#|+@kV%?tCK&@=IFbFxo6Liu!SGo~+6&enAd!)U*cO{NMcrvl1|X zv)S=+X-hzHrlIE2MX(vIu!9tAs~!d1l41jSPQn>i)`RKTq7S{|1jsQdOae8eXs<(@ zDA6Yp-_y|Fl8slUY^wP4;8aUb#s8giZ#?)JrP^q;5)X2&>q3`uIh-LGTA7DfF#HZT zh)aG7?r_2IGo+3-2$mVa$iOtuWprCiwFRFH&ctf+- z_gwFDVLLaEvIRJjDSD3hkW#wugc~Yl$bC}BHHz_Yu0MSgW13;yVeF3r>9bh%u1m)Y zgvG-HyTC9+`~H~1jTUF%9#)Io`cdKz6F0P+=!r;RT*0wAMA09p1=KqmAB3#Hn?{t8 zEL#sIeN-RP=d&PZboZT9X0|qTg=ia`==>YZu8hq2Oi}%Cs*(xnqEAkO)^*UKMO1G` zcQEF0#E1@Xr3zBYl*U-}^>2hC-8rSaD*Qy{8(Hfgi>|mmRbH&F?3J|rjzID<-1Gse zI4yCnv<$gE$svC`Qyc?mCu|}ebmDF0n4lACEYlG-QBO-_ZeC;41)w z-4uB%Yv=a;cvDVg{n#eWHs0(=c;9zstNg5*QI`d?rNYuzVT!!VO%;Mo_?So>GxNC*WJ;r0(D+rx0I`R)Hj7ks7Z)@ng)(kIl`@mqN4SP!5cGt%UCNB(iUn7#mc~yow zaW!D$KcW&h?Z+9r+?${YA4Mb*0ts-KM0dg{&`IhAv3d0usu6@c2~co&thvXYX0Lh7 zrQw!soCbIVSHa}E?M6i_He&;)J$D_~0d1ZHDI*=GB6^ z>?Ffe9_xLK31+XIY)^B#4w%d<9cpo-Lp?gOvvmXjwIdJyh&mNG{orrF74}!neH*rJ zc?}vZg2_m{^7eHc^fWuze7G=a$~=zW~v zkHrzr&tZ$ro+yq1;}kZ!K}H+0l^<-1zI~}2nXxTb8oVoOE!Tf@&`h*H#1w2bCWItu zLAjB^nmazsC;B_dUaP^(MC3D>ya7?oH573BCLZM!=SfoaMGo){~k{%@wTOo3&k`BqwmZ zDO4%6jAyLac)r*KJ_A!@2N@nQG&kuiMNV)95p9f!OQ@wGO;NPsBUmg&M&PVJb z8vMi3HFc+aoAr#yU;aGAN5JxQoY4!2?^P=mU}=?#X*);S8oRgm z-sa#(DmTUx)lCPUFFyPNd{6n!iU2^z)W=w+FdZbBm1JqBK3F@?r-5O6+~=v0M}rq% z(E&SETauCJ>8cT^TIglV+R!x|pgkc-wJQspuXaEAoX{fpAJDAR74(SFpX2(ju#r(< zJq{j<`LFJNUqaIH$;1_M?&zP&FvndYGIt?xeq zjp!qsr*gv9lxS$>56g{b3VR4S69^3lZcf%e8tS9aZf!uLebO4)$sKO+MiT77y91;J zoKU5SussHl8%r?tSnw<8$nf(3ZUuqsOtfG<{&#^jX4#zr2SLI!|HJFiC^-M4(5hAl zF2zfbTD<8(aE7!+9BB6WVDi0EN6R^TyFb#yh+VHfm}Ac`I(@bs<@Gv86PBca^K8PO2mn%aw5S6r|!E9rNlznkH2QO!WxT#v7 zZD@sz{13>=w&+)|Ra;{;nqYo>+gcX=Ea{IO6U{C z4J(r9iJG{Kb3!&6mldq7kt>JGPKpa`DepY>cz+j;?Xv4WMkG|T?O@E`ZN(hO4R!R z&FpXZu_f*&Dp7f4gvO=m3hY>~BQqz?x3wJuA(mipuB64G#}bUsl}vXC%C3*hXM%pS zG%^8GJvRKW6Q61t8qy|dXh@r+p&>22{TS>GkXFcPNGs$t)X0;Dc#T(%4`JtXTpQxPA=vF$Udp^VfUIF=-w<>V7#$DpA;K79 zwT=ahF4+Aw6D&it_Yg4`j2G-5O$WA6N^0XY+4Hy1pDWt|CwdIP;v&(am9HBi4)`vw zb7nNq#{(KG*f{vcSx_7z9wEl&Dv(x!Lzo05r-Lya*O?<2+I+ zfc+l7N>k3OVo&A;ug*aqHDMiRLC|R)484WZ?yowgb`g0 zZ$x=wmj&gQG)mwS>p^!@dW9xep(VXSi>r`LuaI>W>eDOe8|=iPA-#g`^soX)nKFv$ zu8X$x3T>=l3DYxrK$;z2w@`u4Lm$>&>=652bqW)_O=6#B1ii z{(|ehuvWuM*(pAUhlgUN|5ASF$NxnCM5qa%1hZ!Q2O}TEneHNgv;55?+?YoM=U6e8 z`4tD%Z{B&mHReg5lzIHx&VZB~X(J%85Y;PADewz>b6&}>`h6XE$>~6|#kb>cOoXY6 zmY$up*#byT0*XG8edv1yEWHk(3H^`wnQY;MjXO|;!*`6HUA?zdgKk}f(D^$6C}JvA z1kZp|(6}PFNCeQHv>9DUdp;<(KGy#*&YAajJ%-a>3wEdvmw?ey;jbht$FvInia2}$ zcR!AM^v@=^dneZ)u49t3=TCxjB&i2QW23qYW$3lHw0ZTwj!EfwO1xvG&Jmfu0rg%q zeL$v<`}XKl(?@0c=K1NvGkxaNnwDolUB7%!d|BF0zbDg|_0#)cW6V!a&Ga?->3uVO z4SxF6jQjMF%;xEtzA>F>?f8Rpv)x#T(lpLq^$|yW72lf1kyH&g*1uI4a|$ssmZM|=}6($m~^CYYn?AG;MOt2 z0wOKo){377w~qK}aBIm=gIfpvG`MxZPlH>R_-SzKJU_j6LOP&bI{b2Ik2XIIZISiU z&=xIz8rq`CPeWTY`00KBEz(iK-d-dfcls%Q_ei-t#x#(QJBwX+ZZx~&RCTdyXrrr# zy^xMtyni7mkYu*~nHMozHScE)m(zBAMJb4dGTWHs@(z@xu4I3ss3umjAr;>W@)_^j z7zM?ZlBmeZ^u^|WTW@LW>J^M0RkFilV;y1*pM%SBlhzK?KA`G<>Q!`L2W4;(dtyKIp)XIpThFU54X{eP!KMl1q z;HRNhmiTF?m3e*|YM|3k!)WO6(@;BYei~{g>!)F~wD@VLp(Z~KHPqmz_xZP|ncIrF z+afhH=%;4i0-mboC8(J}e12`C^+qvwOR?*gjjkSkl8dmR6xKkxggll~OCDa>rkWpb zW1f)*6)*s>K~Py(>Fhpbg$|FFfukt_roa9D!yA>S%?eQTq2LNPZ`>>AkU>Z(FOND2haXhw~GZsloG^|Jnh zt*YgzlX;OmRS)7Q0bb0u8QtMnf6fFw9i7tCmhql8LMFpSuvo&Z)n6Jn+ZV}N3gf{o zs|R=u^EPIH(~|?7$j3iBr6*k1^m|f5rO5UYr)I(X(4jHehmYLpm#3HqG2H<3Am+uu zJZSOT!#s$2F)$Ar{BoEFG4lfE!I*NC;t%tn;-_IAjQDAo2PHoZSswJ$ko5sSeN@7{ zfO#;_FNf@R`f131ho6Rd(B`M%rDXjy%##*B4fCYQPoJ7FFHZlrm=|9y=Dr%~hNXUL z_O;-?YO#WOv9#E=bfbm6n7g*vb?ru1S05h(S98FwThtPaZ%-sdS5e*)mhbyj25Vd1 zynIEcCc7y@v};OF71-pSxc*-u(wk8Ke-NT2#oUreh_3civlrA7qN|HtS8udb6mtuT zT?;n4dL%?xaH^NnGpJV*g0h?H8Yd`t^XM^zmC4ewIT#`ijD*|6@jhCDD!ec@4;8S9 z@9*cqY{xzw_wxW{J~jp5JTKPG!(}!`|0rJFb20ier4wi!J{-;?+vrfYO>sN0b*)7G zUyz7Dx5Fz4|0y&V@$dDa(F@QsWC6BZbtxSeZ1q}>JCNn?w~p)i4s0}@{Ci;L_7?i~ z65M!Bi%0CwyifNS5G?q5jys$&%Jjw$XefNrLN_@4GYIuth~5C1BpwooVGWlX zE#XopuKYZuQ4p`5BStm4;N`TSNV^Ci81rf{^3foZxy=;a`jfnGM- zC=9|IeKY`4`ND#<8>6d<75xEWuqP@^s!G%`;9c7@8 zee&K{4p@+TBqEd@)3vxK{m8=HBkrDb6(#urDW%qgUH+KI*UT6y_x>AZiOYrs$f+_h z9XpnX6Dxe3+(mzQVeaANP;gE`m}1o2C3S9{lJvVe>#mm10eiYRAqQaocGL{ug7faZ zt2WQ$Mr)tp6J5km$viKCv}xt})9{utx7lCZ6#a*uv&LGGc< zm7*k^Hw~d~B__CzbwGyP^3cNELyp7(>rR8OTrN|h=DC+BFesAvk%ODSA3Li1F$_(cxQ3Up1kV9@H z*7?n%-2I}un-5MBak<|fQV@CFoWvsm?q8U@AAlC-9!Nu(lM#g67w3%WeY;~KBrD9d z3P+VB714yEg}Zxp=pqo&$qR0woBJbr-%LQD1$>D_n3!L71_adV-c0VRNbcPx*GN43 zP&n|f46!wRSmqk+OB)Dy7`kNvucC}Vbzb6SGdT86KYd>2nzwrC;4H+|UCYD05;}a- z{PZ!IYmDv?1cDiUOH_2KuAGLu(I^i0Jrwi^Xtb&_83KlqDZOC}_73ehKJWLAalG44 zV;n}cB|)4usqABBI9EHym=5%zU`)HEBQhfn1(mADhv%JogU$7!wGlJu5qa8(vlfX& zSzc^_Dzgh5W{GY2Z1%cvSk=M^R3n;^p~mq$juSK4*!hy|g7F2pe`JPp|L7eDGmzIc zf!%1nv!DskDJnTHvzU{uB^diIE`fm?djkCCo+87a2wA-5&UdysdoJamMrLzCcubxn zfgOOYOclv@+=0WI7)AIeN+5;w#+AJCwz{`xb@B~YK2wHW;oi~?^4yU*IXR~XZwdiK z-00iOO6TIWo^&pdPE;W6Tkez@K9YiEX|{H-PYx@`=9z0gs7O|Duw!*_3{M$z5z;afAi#07*4rCqqgQEWOc{U@~Ny zqy(XqURPqLR!T6nA9W>&pztg03L4>)54i+lC+~9!1WtHNO{*bl((DolnY_&<5HESN zOCVS>$t4gec}dBHH&42r3NF7B^GRYBek<9y2HRRP2LVcY8f6-LTQxqJuh`t4TiH84 zC36iWToR=gISwGL^hgX_@kq>WuF8zwVCx#SWFVEy{{(0eQ#Gy1p;0F>xotp=6ufUR zD>{!v!s$y||5Tj0J7Yb3as&zR6!)I+0LCHm-^Y#viYfx-gR zH5Lrvbvt=4?J=;qTID^X!Tb2!n&s0xz^MVMt6Xe-+y{lI833j#9@*NNXH(n-Il@ZZ zI=vBPay}LB1waE}Ot7SoF?_&XA7-z0!DBAlxl@!g zszE)SINzbu-GGl;S$s~L5TB1*d=ByPIl|&ITyO5o2D4rF2F;l+BL$x((0OTuPg8z4 zXYt|pxG=mL^m$UAzyp20{Y#HNH;euxIUGLs40}|ewDIi#-LBK~P!DXNM10x}a3{}3Nfv(q&jIzmb3P`NmU3b^VFm*J1cda4vX zo*ee5S)U)i^At0%r+H7RCQ>iT^Ls#Q#m_yYN-|tS&B{+LW&GX^i)GQVM~!TL`1?OF z9nYPx<4bMFGyIN^wH-%b&T`!weA-+_93KqgZ;z71^lqGP7n{tU_oaQL@uM|Hk0#$a zFkh8{D(CvCCYQXE5Grc9@p;oRt#CO26T-F_hM)` z{BAx>{T#|wyUXVg`=tJRSzjL=YClW>0JWR*tRVzT^i}}A zM9;35@WxOUb;-!3phWg2q_Y7jI6*NR0>~kY*>QrI8EIixHO?^ZZYYI(BwH09MY>RGNCR|a z9&`0U%UuB1pwR$_j+O6l((=@6B0`uZ+QW2=fJeTGb$NsdNxVF61(&!{4a#)HoAc6u zYu!-V4Lqd>&T^s$p zq6c)KjBiIy@4Kgc7p2DoGTg9y9 zh*?d`mh{<*^JzFoZIAzCp(7bM7#p0x)?$l|?4`&`Vt`j{#>)=eO0@GuSoGP2POxKw zRr|me0te55bvdcbg;%wZSFuEcCs_@ z914OG<{2>i@Oaew(?HWoAW*=etvQUdPOcZndpNyxTM2H$U%tbAIy2Gs011QNu`qXs z3r^xVBccSO@YLWIg*R(3G0_ZcFUu6;J+7{7hmB?y?TbvIn_~Ic!X4^`2qp<%R8DFD z{9|F6vD&@)4;rzR5W?FZvs1oIi^1_`$}x4Z>>ZYZj7c@Kvo^6Kfv}V zAkpJmN6kaMzOcn*yzjN}qrIV2-#HnaU>LvwTyw(n(0s+7q2MDAstPm<`4s683;7G6 z2l7fl-sF{n-)i1als6RI$2{6fy{l{bznw0g1g1v^Ak|~~Gr}Jju_g06#NRc!uS!ya zPxi2-i#Nrb*}1e0-n~YK09uRH602~m+6dYj@sg>4O!GplnTrsgc6Y#pi+;W(cw2;n z@vGKv(PrZETf*|&0{FaT+aMqi3)fIn6aag>RL9d~R|85gfcKNIw!|!!PojXtlBN+h zm=b)d^C?g=jtxFO}&~sZ|gU*rKctv5EJm- zt2c=mS_$WBB?<^sT7e--!D#su_X=0O1)Kn-HNCOiN0%c^piLi#<=>E5Ku6 z8tGYvX~n~G7@UgkcBAOb!tQ0FPl^hn z@uIQxEiI>$bPsP$j_LzIALPKo`>+J)M2H%FOa&i1aeJZE7C^pb>*78wb=}~0*JjXM zs5WRAs<68@L)vWoZf7z;1aABehK4<~1wc*nI-;_(eaK5s1Z~JSC`wBHkz7{2eOs#2 zlCA->(R7D~151ZJx*&Ih+ixU!P*G{d4YL~-=59zRc#K0d@V8XKyC&Ej0PN#h@F6n5 z-gZ0eSnB(N5zpN`VAyFFm<-V6y4h+lva1qCNmi9u*kZS)K-NaX55-6Cmazh77Y!z5 z7RP5|v^T_!#N71>36fbRflh${WL0qIdbsRN1( zP*qb<`dbI?t=oSiat;tt1?5M=ACdPIYZF8pzz%37bLFYR2>9^o;^SpBxn)+r%+T}z zWKFi13oSa_0cdk5oqH$YCLO-rke@RWd}|N696x}8_J*5*e;7RuRao&pKkLt#{b11J zS0kHAHNy(p*ydt%LIEhX0Z*wN!E-TUEL#7%XMi8x{wij}=tFwh#I!ECy06FkLdc7) z?tf&Sb~TRQajf#4a`>l@5NtdoE9-m8UeWbBSGxK_3>ohL7^IDQQqN5?^n8Iqa?EI* zF^q34_~o#S3O2?##-ZLBo;moSAcyjAe^s==c=%4~59e=&yKKz#FkO^KF|tuK{s8H>bUJ7gA%Y(9vjdHxhUazyU2%p$YOjzOV~ESy}=Gby*{9+7JZ zv^X?@&7OC-M6}t1YS`=%$p4LEBlUKfxL))gvHqIn^iLvKgn2Y3O`qNS9MQ2tjThb zA$zkjUF4L?bdgzMO}5FaOrI{LGMz@Ptn#Xmv+0$yu5#9cyn&}6qE9Ol=Z1913=$|B z4IX3?E(K=>Gqmz_uX0;@;eQqFJ#HR2eJ(s>r18K z7CNzkxZ*gvO?84pC&;Y}DGk64T0~FUkxK>G%P_OkfDM@j0_>s0Iq}fNCWU0 zc8mX|TY<921W+zV_$Cd?fmKjIO+AtUG1~<~Wk-v7DbY)tu!PwGTUdon3 zeoO4LlO>6yi~`zsU%wm*I93iFyscjz-CfZ3*mhs%GZ1#(*ZOIAY&6?lf7pz_(@$g9 z{T4qxEmPn^qV-8tbZAy{bjS?!I5SoQLyFhHS&rRfH83dhRRk1gI?jtSu#CogK?Zu+ z!QsVod+}b7fnNR^gMnT=JW%5p_jZEPD!Lu6Y20fVbP#X`1NR~Z{B(3}Q|m|9HZ_ey z3Y~s^+?(j|)BC!66uJP&y(59utXf#W&{@I<9kq|%vwC5Ta?(qU4`c+eL7KFsW!=2}Xh`$=YO0Q<`k z%%>LSo^tN5kuW!i@ZIW#j6uQY6d?F4#Y6#{>623+>vWEaCsp&sDYR(s4Su(Tb{+#o zn3Q@HkviDStdFe?c*V$`hmYou^@?arh-RW-wl8&qGfTr&CIi&x(tygMyDPzOVAQ!7 zmafbABI#@4nX)thA2Fi}EFpSpvdtK=*o#<+E5X(9&eNJVN%Q15!YK+>83uTI0$mB_ z$#QBw&)}i*82HC7Bib^J6?K`=@-$ZT%cEsP>qpCorlVy<)6p`b>1Y|zbhM0UI$B1M zjxQr7BU(mG28LvrOPfT?h^c`=nPtReM9T;>pz)(+#AHOvh{=fe5?e-04fNvS5nD!3 z1It9TjA%MqMl>BQBbttu5lu(Sh^C`uMAOkSqUmTE(R8$oXgXR(G#xD?nvRwcO~;p! zN^pG*4n6}M|Ld_l~nZxuZ zDybg*v|p)~9zEVw@>J%L@l2e1hjQI3o_VHZZXeIQOfp~h$!h0u42utoRRf8W)sB&B+q-H) zzTI^EW?3{#-&DyA;+cC&<}c!z&63G)k*netn0rg+_u`rFl+0`6nYsvG9?#rYYF-e} zJVG+{xDrF7O@Y3>Qz%)KOYpLp}bC3B~EW>zwJlGQ^Vw}!wv>)g~xM@LEKSU{-J0g3|13k)#hD~ioA$P zidiEne1qpJ)z1BeHs*?*;_B1RRabwkn9cWA!1l0Ni~*NwlpMdnGfMDD`h66BT3z|5 z+td7Pmo;MW8G9Nty>fOX#pKpNLK>{#iL3m6+a|DvBL6tDhpP4EbDO9y?{R7hlTb@v z4)~R7>C4Z$O2W!&Vwx9=EIX;bOlVfsmkG_P`ZCh2$|Cyk*bro?ioSv8is zv6}VoSNIw(yFtx*6;Et9&6+h)iH$HPQ~Z73Uo_o}c8rTNE)8Kmqwij9m4HZow3 z;Cr(mLE1og04BVH&abYwKT;T6|yNv5^b#$UL7-S~kcg9ddrf zL=o~WcB>##@FC-CVXghwC6d~WCFwS zRKHR!!|~m&l4m&X7SB|}(d>>`BS#I#zZ;1(zM2}2&$!J0K*KTTkekqOG|vfQw5(Rs zaQr(2hZ@O@Uk%4+;+bkVJ`~SX!_n*_+U9CFeluQE4abCMsfJ_1vsA+|;aRHTnD8vs za7=iXYB(l5OEny0OZDN^!Rk%-Cb>1KgaeNtP$o;9YFN((O4%vrYNtEp8*2l-c!@9K zO&eU?dRO`)-c-XNFgI>w`#2@MwgGzxezhJ)!_-))Xnkt|fDxY3qi;4TRiSUvB^^Uo- z#^MW8s!IJ;X7MMS&I35edqVFbc8N-}{7R`R6_pZxBYg2+;W&hADS8$v6`2XY5h@j# z3BM646`7IW2<-l&VwV{3yEj6mqFN?aEnTIeTHvPJ`r^OL^d+<>R4OtP+7l`jnF;L) zm5R)S_Jm4BW!s^XjBZ!;yZ>W1GP;!*d1pIzp28j;9Bs8hK?@+F*B9{;_A6XB18)c7+IK_5${9} z5!ufnY9|L~3jahWyGLlCSD;~g#bTt77(L=@K$RY}!A=fN8Oeq_IXBTsoH~cN*R&$) zcrdZGbVv%~{tQy~MD!E?h|@`i@Hh0M_mr{=P||}JtNy|do;k*W_>$8>53G(cZH1E; zA9O31E{w5qoV?iIFOL|{3fW?F*;doo?lvzWX&Otvc?n6=XJ-1Ibjt+#!*=(>e)>OX zySr-DGn|Hjkm0d8XwFrc3@mu@8aOreS7j3&JGQ%@@zdDu{<)vVcK6+W8r$7J^3&Mv zzR6ExyZZ}%8r$7h_-Sl+|F@sUcK6wS8r$6`_-Sl+zt2x&yZazNjS$}MNXxc}4cj2C z7g_A7A-+poWst>K3M|L>upCQ*Zn1K(+;)C>3d_CVvkX}7X+I5?d(=;Zd%eC}rzDE2Pj>$0XLwtF>fcI6>V!WFiGCQ&cp#Sxd**7onExZi}i{FJC zr;(kv=^-=!dwTQN4PvgnBZWK;C$?K`Hx{I?3(dk4;OUZ#^M0k|C6yzTuqm$2OzvhAYfAjcRP_C%qnIZWJ@5wd|rhTqTlCRh40%=Wg_6aUbY{z@St&bNAU6# zzmK^DhWs`FMmhg(YY1*qbtw%5iDKv6;B__>3jk2Y_O?)P6fke0%ng>V=jBkuu)hQ( z?k#kzTfZJ2`d$1r(A$O=U_zDyy*j+vO1i{HHEYo#)?V=nYUG!H*A32%tP3rPhask* zv?eZvb?6RO&oyDaF$iHj`^^_SoAZli z4=kst6pY^eI#eOJqPJ%$)Bvx8vBUiEpG+6QdAKfO;W7*+xMwF@WJBuvEVDiSLO9r)?RN@$iq*`2-F2i8oN7-2mQ2mmi~Tn;U$2w=L_! zZ)^zC(-cS9H1XAoho(Yv=mvvm5WYVJtOO2rN2i+v?krUYOY@6b2jp$zCIt;a!A(DY ztiBIhfS{+1fAlO}KN6bLjCNX=n5pQ`_4W4jK_^BhnuI7z1h*@jQg9QtP&p+K@J54b z{@Ima3k`%LGusH(z;EjqA`XXbzMyb2CfA+J!k5n`Ph#vyvKPv~j2-FA7gp&4;BBv2 zk^p<2+dv+oWUl>ma_o0WF|}AVV107c5;8=V?^sN{)^Qb8;5n8*gR9<;uwJ@7j@2+ zF|L1mY>Zlm^bp-}tS7D=9in*8e$yFE>S~LUYHaR)7ct4_otBXL(zvB;AQaum6_%?jv(+1IJ zfA{M8@Ew4yFQG*>c6!d#ScMuSlUtNp@kjtxq%(9A2I_V4J?%!L6Lh-;y?~&nYc0g) zx|?C6p6yW8_Z~>x=HR_}L!*BcU$9xVHQb>^jHq&~9-c=K*k=S7@`bfKn}cbB8!NhZ z7Pm*15<_2SXAkwk+Viyse22MK4^KRg9(Ih-<&9HyNL`2Z!ELN`j>Uhn<~2 zfQ=NlY@-Zfdu1CAqEXa$-vNHk^v&#pcRu2cI;{5q_mp8ZVpzMg=pZn^>12nC~q;7 zlOlPdeF|WIg9#QKvl_ORMJ7M2GghWdcI!HLw38+Gp5|Y`U}j^P13Yg9o5A3FocWOk zINIi~M83Y}jgO^x_HXaHhLxRYxPAwD{6Y)@@j0823EjRXKRoF()WCo(9)o@3)5!N2 zj+U`~uzy7;i@=4s0H1z;dj7g4s1192Tt0cS#yweCK{kDzQTf%+*P9J9=nC;|FiC`s z)_h(yH=guum=W`BP?;C#c@qt7MxcsEBHv~t=Gz#!70GV#kJAr?BPN~RQV(P!UVp`ce6zA8$Mg?7fMdZWs+>kOu~D1eo9Xt2ujgp=P@CTl8N+J$Y!L z9r{*vkTq;c|4Z7<)p}h&QYtjFf^E_>j#Pqsyzeu#S!b<(_H*Eu5gCTgRfZ!HvuNH@ z{)su4tN3@~Q((bt8%)%^4*M1BB)PLQ(4J69*LF2Ba+EcbTJAmqDevcLirsk zP}@`wO!tgJCutD%v5AR;)M%QF{h1g>J6#t|;q~> zb}6_h0ergF7vM#_NAvojK4`XKQAzu)#0u*@DaN2ZmBd%!eEr8bjIv6P`{oBe)Z+Lm z`IN5mnbAvQMlS&mx>4k}68}u6d#K8(ojq<8MtL{MEZ6NbvVX9 z0_O&uww8;huY+nDMUdFHfJp*R8B~91vM+_(mXouNwYpoA*Z)RnjaXIB{nEh zlq(|8K{1c-mLMTNw9sktevqi?Tgc|jL>ZL=IIHz4F1H?RWvL>9+{gw}19tXvCtBgu zLK!m)Reje6-mJh+iUDs9J>bp3RWac1*u2!cwR0=Z|z zD%pb{_oijUpOz7s7KT@;gz}9By^WfpH^0kH(Ma_a%{akMkrr<16y17|4?HnN&mHdr z-|!Tz<_aXiHX_3*0wrZOy(t0>+!Udj7;tV*Le8>iI7?*w;t?Qze5UIBa)a6%UE?Cj z$Fg%V7Oea>NqIlEBdq+YF=>ng*dx|BP-D-Ct@%#unBx;Da&ec%C`XXg9DiuSUo}?o zoAJhfSg(9HW=P<9p8(z25PX=?50U@A&jJ(%%Bo}u4e#}UnYo&D)(5AyP0{_IgvEr? zOX|g>V$~#7W!TSEzwb(Bi!Bh_kE-9+{pe=!;D%_aLek<~e zxwY2$S}ODWSDlij7}PyWH6WtfEPG2q&zP|T=NjXUoDlq&+QFJ&e5Ewx7Ag9K@zj@S z_$9yLrGCSOYKm%6n$iSgt*p)XV+{v<~OYOdu(LG1b$7=Xvjzg_Uo6u zf&F1J=Njy}sB18&+$_f8G7NGV23arE!Ml(0{03Ebwhe!mP)u7g$Ko})0sN5RsqC|8 zrEaR!&PGx>0NxllaD8y&i*Io2q6Fgx|D#razRkcpLEs=>Is74mZt(RNM68HRBC@`W z-bBw}b-^GCEDhfzgL9Z&YY{DGvp}{DjpzGW9G-4^R$zY(2HS0h-rZLd>^GOoz1?|? z{(aiA45GB7(hvqy#s*?Lvg>4E>?8qE$baDufXeR}TmkFC$eKJBtet*!QmoSf(~Wf6 z_c2LnNS9k!E9B_!@=M+HVn@sEU!DEzzeKzdxVwhLJ4v@rAt;Flky#hs$Q8E}e?@Lh z8Li5oP&A(|*6_$*{w0*&LzF-|8=YA4h^*0NyfLTi01k4$_I|t0mCd>Ze7J5EI)Eiw zgTEX;NBwj7M7pu;aog8rjc6SdPUz2fpsy0RzCvE2EgwAn_c!p0C%Eo3iwQie4Nl_? zPaA$Yf$&u_Q-s0t{4R=x@?(F#UB6me?$77Zb_|_=KsukupHbx@1`cUR`5Zw*(X%iE zB(RA5CV4PcdA&P}k&Xn{yhP^Z=~Qi4Zqn@PsOO4TliIHt-5J6Bq6F+e(N_!Af?rbnat3w4ghgW_+X6xpuG zLGrh=EjUk2M_4mr5+xQ=)G=qIS)l{8OR3Ny%PK3(jfl%$<_7ua!NU=gxyXqZFEREK zql5$RrzS>R;PZcmZcT((to`KGAN+u+KYtraW4gaYduuEq*qATb^=Lw8T;@GNdYLa> zTNb1>oVy_Y8TPGhec6-Uq&hSyZBMa8s3-U<~5j*%AEaMwWBp z-Ofs*G?926>of#+xH{jkU|&L3$kPtm)^)d5ssgq$YE^e1bD&&z-?LeYQbUlp8N=VV z-4&1(exSO$i==Ap?q2_D)#whl&~0~5xH@kMtrW$~I}Glm^rm)R_>WAMtm{vBSkQBn3aX(JeO^j1Sm#uBIf zNn|y~ioX5aV*Ml7*sAE251#_N$wy?pEk?J2Sh+!2E!se=2#;>AJX#@-j(R-mHW0sy zhT*u(u8^#`no*mBg9LhvQ7^VxN{;&A%>?vA3n;N`2VUkj9(L{CW(j6Ut8F_gd;~SNo3^2m9GU{O0YKm3M&kCm_Kl4MdtLF7Oy2mB;1E&jNWRZ}Qru%jKdgQI zANYbizDw+}l-mGX^cBNW(FT}qN=x*e5fkv#c+Cy452AV62H3lq@2EcPHo)G_?s`|Z z)bK|cFG$zVdiau-^lWI-(g|is+`rB)iK+fA;pxf5@!&;%`!BJ2M(_LR`pHm9WEfAd ze%{Wni39oLc_5XWtwrkZ2A~$4qW( zQ^o1Q{fuRZp(Fu}6w{@iri*h2Jo99x+dq==8$}dz(9hMLKt}{6A0dCc@Ll}5?jvnQ zK~OaS<#l@S6(VTQfz^ky^l}yFWm8$;v7q~;h!$@Ok{jCpTPL>H!wS3eO>S+qTL&WWTl{FSI3e(Y5DEJk=8wD#|g>(E0SF!?!Fp&$r zjF0^rTLN*7DVeLXI^3m{sm9;(=w8U@MZ;704?X^{jsMW%50BwLGx!e)8WeZD>M&$Uufy zARf*vUhD&@SIC*^%yv|}PdMENHfyzz%69{zxaWX17-;7~*{;6m-DkeQ|^T*I`Kg`q^ z+;+H+NxPZo9!_D2Hn#q@0Uf6Eo$%vJ!H1qz4}TF9Av+o~{ErR1*2;>%(au?Zk(p{7 zk+#S3^(Yp0OILD^tXk2ll7u=fTY~g>$64u0eWbTJCig5g2%D*%dfA-WPg6Ga6%cxVEMh|!4H_@BS#)-KKyimbOd6kLrYbo zwCSGfRezJI-nW~U4}x~>QcrwA2?`EUMC?2Js34LxAg?J7)Gf$;In#H(HXcaeG6=5d zU&YrjQSD2a!r@Y_wZx{E%thXH?!|5n!^f)&O-V0a__=Oj?mDzznEMhsTbTQ@yIVcY zb}P|1HL%SIGoX^qV{Qh*lXNR!025@!h%)hW$&`68DEiI~@NXMHsZ9iQXmw0$V93;r zU#=8QkbV<7Aw(*cCiCk;Ct6S)Iw3044Jx)F^319^fAu`{OPeZd&p*(E?ThYasmf*YaZ_&T$yToH&$Ft=GV-;G{e%`YO_!U5DfMxhc-8-njo(6qrd zWe_jXbZ&6*1Wo6uS{Xw`hQN@g<+{S%-T1#`jAwo(;YLE$J7wCTr?!d zGvn~glb5UsRN#i{(JOT;x`tqb$ifZbUgc;i-mB{282ayBK{VE)>i2Uk6%CX9QzzK=o2^ zdn~Vm>TgXp4+wg36JK@hZi8{uj+FZbD?Y%55AJ1=rL^^yAg-@+g%ZCo z*zyg=OlmfB?ip-b;eAUx;h=`B{G;JzSo!4xfv@TElttV)CH_8kdJf%VGM@ewDVH99 zZ;*JN2C?Rt`j2w&v_}0V(ktO2Ob~B4Mtv@2-xq-lrj_yfZsK*=ZNemh@eDu?#OvEg z9rX^7f}PD2f57li#aoPl>#R=>)0_Fd-BiVm0$r+g24@^#d5u;_r>RD@>s4zA4vkf7 zFx9ApylQiUhFG<^rW%!*SFJq=_xC$(M>TYAOr75N2aMc&k)Gpnm^nRu^eqXIGPwDW zb=|&jC8mcnCN#mCbD+(L;=v!6ETIiYGgT>Xo6HT~K-@rJM8W+dEEEOX5d2!|aBHE> znqk;lfEm`LIum@1tp#g_0mC=j)9GVq8SW^xi1|;xuU>dC%KXUgAf_*{YV)i6UQw@cmDp=sa8E9Jnq=Z=JIK&!l ze_!qc!p6h}9(&mQ%bEW!SARd7e?IdQ=p14SiO!)09f%OQ*|AB)NYenpBSm{~j?IYn zIwmnI!QgRyR69P(5RwPKJ~*eB9g=gWV{uaXA``jD?-x-a)L=C8UBLRY($I=UOYm9o zkEr$h{R`E1wei_m@qw~oytZ?$QHhuRL53*6`cTE$8xcGkuie9)DXWeL_O5HQ>kTe= zRcr(ht5<-*#^RUqs7G&4C7J&fij|rRLL6PhV@*FTk_Y9Z3kICho)W+a|JtKY)J-wl zhPAWNIhrAu3$#{dk6_@?xBcQxQkmurxF!$*Gl!tk`Ig<S9T|`b~{!^ZW$?1P%X(3kAY4SM6;zY&nmkl6qdi#HvSvkNTxBF!ZRiDIN{pA1kg0 zz!C;o!AzHf;YZDpiG$D|%#8|-ond*BVZ|5i@TUBn!iy6%g1i*z%cu*4_juBI5<8Yt$(4Z z|BXM^uFv&tEWrlgyjuJFJ3Z)e&@DOtRKEeP%c z9Ot*f1q51nm@#hka}xPC+tEt!+BF2*#oDDF5lAfbHvVt@)7tvx9_g2g?5CE^esmeg z>DG6A-(J#!8i!=!qiC_lwwM=dfwP}0qb3~9RM&~yFm8=EX$Y=HhJ0>Sx*i^}u%{*~ z&aoN8PuMzj%t{!HG5)GO{mmi)4GYhzwcV75ph*Xp;!kMLogct3M0=Kn(faeZ0;yFb8k+Yx8DM}8;Fv^&;hP1ywc}ks{;sn`fPwJxvj@A5j55Mn5w8U{q zea6vL6z`WUX?C-as-7}P0L{T^coswKd>n&sqSiIKdL-EXK@G9R%~N1Sd-DXk*BX*;K0xt+rR1ZYA-3@PAf^TW4qZ9r{ntNLSl7m&9x z4SDysI@Hm?@!2~|1gm78;d*go-rr^MeGnpmqGD%b-n}2Q^mB|z$-5k(nNikiFnM?o zMxN~GH}As8baPH&omDfSVF(2wPc}$$VP#s z;ZPH^@|lB21_Z(AAHys95LF4~Rp(#g>uc(T$GBhfkPOucOl)1f)t2d2+$h8kD976` zk~(scpcH)hv$2q8o0ee#=_)hS$rUenQ9KwZ@=cB%hPvw|aY*n{YXGO$#N4uX~RXxxb74Arc_ zKn+^{T1H0z>%R36lr)hcfMZ~Gy^HfdFaM_CJ4l_HVqY%R{3;$d-^;+%&YMT44q?5pPhlgN)jOQ(Jl8hNl#dqqgxD@ z_)XVZEAz!&d`qt$9!|g4>QzajO;CULsW}0 z0B3}jf<>#05voJORz`7~ZF~^tdLTwt0Yn}kM6<#Ig=T^rJ~3q*Jv));-EVpwn+jta zbra4ZDjNAveMi-n7A$}anu~s{(1>YB?5wc@jJky28s5OPjKi&>&Fjl6)>4Mpuwi;( z1BpmQ&I#AeSA!7p(h!2YdN&VK5MqTmLStOF7{gO}GqLgmOQ-)VW`9dOqUm$S-hAOM za6-Z(wDPL>dv^L1o!Rl=0nCQB^2ZzLZ^r9lnivi1!u=@*N&%xtpc}K$3XU*F4NL7h z)HXc8a>|A|!X?ReB>n1-3U0=ljFsHMlGxHA@CQr-wOwRwXuw1QrM8CP{o|1QNC~#s zx@x`bW|LyQB${SoP5Z3M!~k$GSU25d7YwI@4gMHtUAP_p!T6B#VqrsR|z_j1tq37>oHj{6AefW%@X;TO^67UdqYWf^KX zWtUp@d7?ngs8N8kqn4@e1F9+ZljNB+$%y*v-ld8>J^W24Y z@z!X(DnG`Jw~Lprp6^zSfrbn)2tLZ4ut;f|0kSE$z`l&m>KtGY93HRkgEj~MD#a|| ztu2%?eeXnPvb5+Wd|oHIg8sP63(Tv064SQs3te=hJLQGO2$^SB+vj@ujN{Q(lt zw@>`{)vH%$i2~@FKvt7ICaepiLE9r+<4EFKJrGpM&$%x@scd+1tk|_SXgE&~+1dpS zz1D^E*|!g6>kU9zG1nZ`CGBD@M;=b^KZNm#D>!R0TV^(-=QOs7+gJ8|hE1c-H^7Lp zJjs&f(Wj*be$W*{pRsdN=yRe#^Pv3Uq4ZH&DA$9_7FKaeq3U!;3sF-!F~Jj{~v-+fK<=rdIWo>{_c6sw__ip8%#_vPvX>d0!1= zDUu)q%m$SS6^Rs?mXkGSxt-9^&COTB@M#YVq5kYWD1P zd)5q(3$MxX=qqONIT|=wx4!lFyvE~b#je+2f#GRyymxli2((kGKRtil010AUHe&*s zH+2S4gw^&I{up01X8HAOF8Ng_T+Y?}(WJ%Js`(?y{6m;eS4OP7zAZ2;Ny1n_RwESp zUx|UZ!Bv|Fogkxb9{h0*jrqb{WMDIZKgo_BwDKng&QGK!tkmFzKzMLa^KR3ob_~!$Qe(^Yc>>b79*g(uag@}5t28A z61c_Ky_pEf2)eD(id^`BBclft4hl;dzomqbl#Gy+VnU*|A|Y|Dd?9g}8mB=w`h`dZ z<@$<*1Wadzr0fZaFFPV6sAq+w90>`Ua6lZ0<=iD0V#H|d&T zTy`6SH7eV#_-I-ecB7`Mg_uiExZ!CErD8Naj1^$Wijz)p!>H-uN<){EzODTMIvt)xj3Ha_|uW#?(m&#M(mx zNa1~AUrkhXR7Wvf{=Vvtu0uy48{m@IrkguNY-9;Dqr$24;yU5^GMJA+t(~PsSD6+A zUX-{I=Q;7fe|S8y?Y#<04Dd!}B?18=@T7sC5-5lNNitk=UDWy*gP_L^Rj$*BX}& z->zDm!XTZ5Au3*nwC(S!805FtnI%pL6#XN;t0A&X2S{%1z#M$VCW~1JP0m;^)?66` z8R`ug+JlvKy7uS?vm3M}s?@Pzhz&9*T(NzQk|GI3**Otn5_v<2&J{0{otB?!1|jqE zcA#(APH;z52X{0zDAf_gw>|q6(8g5=B;E$CT&%|e++Xj->o)SfCLUn81zVy6z@0~5 z}Aio-+y@Xj*LjQr^%W9Ze?7GE%FKcFTHvZ=4!TzQ1W$`L!3&%ebAI_SN zM3#v>zLljP%$n(cFl(1$`i0GTY-8eQZ5yYbcbhD9Hu_>B{rvX{^z(0weuhnfmv=6v zIuOB@Xtz~dCu(+Cp6l5Hn1(Y<4g{qE7KG&OXY-)0d+{ZV!Zu!p;f5hVFXQhyh`+T0K5s8dqe>KY2pe|@rsoNkUvnhg}l3%+lXvo-p)2H`gVv1TA<4r7eb z5ahtPl;GO^(2Bo{fPJT0OWg5!XbIhYiODEsQy@c5*}nzxxG$rZqOp}x^G+>B8IkBE zHwGn5@$w`;i8O=%>rjI9e7lfjY_I zPB?rl3d<0XQ(q2m;>$)D87Diypxf|^8N!2UAAVle6JxRUQMI6K1jlYFnZ8SHiW<2n z4qk`-UNIE@LfDt+FoJ!U49bcGYB)8b?uojfmoC!^Nhh5xR*Sy!6ABzJsSnr~a(nS#p_$ zKPJserv$y8dnPuBBQ4fCi2ZER6SPz?HySYESy2n8Mr@1VGrWTxQH(1!%IxIqW|JwM z1xK2uLNd$EWyr+)q?KD9a6{QSC=Dxi(8 zs4QO5?2#aICk^M-y*;bZVZu>~cc`}F*Q+~Rw~!r{*dc~ohR=h;Cuc~C0TV7~o$bMv zFRSh;Bn;D7Ct5q(ZrrcOe8pdgx-rbfzUX`HqkWBG^#xbRgHEHtmGB7i5){^WUI~?4 zREZ6v^D;~UXE_n1Zm@Aj161BCJq0jIgryQXk=+QxPU-e?%t^TrIohBf-7~p^f8g?dvyw zUpHUnh{L@IWnL(Yjy^>^kkO1vBLQB2fr$KHHNrSVVQn>s_ z)o^Bca0J+`>~T$wlq0Gm!HPdm=Gbh|&|j;ItP3+7#mn%!OoDdc%tuw`mmz;p^Xu{P zRlY)XRi^L50+^NS`7{-_`mVHRLnL!(3M$}S>@_>aD`MO4%FN;hmkEzVH~+3&n7i`e z^?^T0!_Qfo5^H# z)#%UuI#xZEYgK=rQ%$Nb^~Onsry!loFG0t&wfpdE{Q27UHoifQ&lKqTj63HPe&C<9 zxeozLnz0}(IFZf04Qht$7f?1}b64u6)(GT}-RbY*z=yyV~6*g`KpksO?s! ztNUfHp6b-zQFG;hZ4~#RMSYCz(ms~ZLW#`#g0L=vc~$4paga0#0t+%3!GQ&9JFz5 z;CaO+;3*fTmtWyJbvuynt%;{Lxyv>2@vIj-hkyVj3d=App=FZdRSX8wVB_zOZ_9`} z?~h}e@GD{z)yB@`|C{MvEZHwy2AZZs;h`IHB}|9)6Q=)BrQe&5lhM??uwg`mSf_Xk zz#dOpwd1ggZ|2KL{f3dZKrk45!dp-q+J9f<-LS>XDF^%h?q864 z9(m3$-|J6Gcft6pmu^VvwNbliOz%hrhu=$F?BJQ~w|I&IIgHHE- zjlB9AdQ)%l)+U8PFiQ9j5=u@yWb;_XhVVE1mFXzq&bp*@6A*t67Nrh61Dw6S%Iq00 zqi5GGo}JkSmQOi}{X|%J&Oo7L>ltWTA=l5BU+IYKF9)w6N@szzqx(>g_;Tw~c9o3- zGzcxz);k>zVosQb8YQKt?KslqD^h#9#_Q><2nZm{3OO3Q9o=JlTQ;KmBCkffF^6(6 zI1UO2bL2Z0%m41Wa?9dg=tuN@xIlU#acQaceaa?{Ny^Re;IM=6?67odj&#GfNzc*X7nPI&Zq4oj1BW}M z_5};Np&r9V^qk{5we+;-Q=|^)>2Udk#U+K{qruT>_*@F;`t@vK6X4Ti`>R3l-J~4f zAczy3a}cy3Rx=UBmy+UW4=pM_p1Uj)oq@OaAF?ri*TZuoYzk+%EWe_G`=&8Vx&5vB zXNp%FI}mmqXIQtAwq^^&WY-WN|EgdX@|fv8Y?7*29V!#osesY*_+K_C0j7-FmuYRx zM|Yb5(c^68V1O?X@q(b9D?8rSQ*ShqlxVY1+=h?Fn)U6-W=VuG2w%Tw2cNbbc!&i1 zlw(Nn-*IWEQgt^;CuOd_K=LL}Yq9+lF9F!rvEp$jt$KPA z?;u_Hf^_P%bkx%`pQeVvdo|~KJ@G7)bdo0k{Y1iO3}JnNA0q-97nU0Hlk9lFm^gUJ zG4U)Ij-BV{oPa7nM-_~^9;KC*F$c zR9z^uPZdxM=5n3oQL`tf*+&i1al(h<+O!8#E)xZu?*q;VeCbP9W|id7;K{(cA@}E( zf6c|+e3p6}ToE%aR2db#@b6_|;uZi$#GvO-O6`&*S(<2DO-q)x_)(uskC7TxJnX zW1tq~=d?bUxqWgy4~E<07AAAs`ea1htG#t*@hMdx@T5~tGHZ-MO|FZa$>mS)kzhJI zhJ67fTlB z%@fqBk>b)Vga|;0blC?cDp+Z4?NgJgvv^~bT&e_ZnxGvYPWcMo^Q+aX)i^T0lQLH~ zJ7Bt86tiu;!KD1sgyywR+>AkI<yFiqW47Tsf1aK)(JKlu#S+7C@Vc`5-1H(o&T)CfM`TLGObz^xGqPxr6M zw_O&@n|!0d2lHVM%uNv(YSa`k@2mwTlW{wYkw)^40C`uGMa}*RBEWV#gm1 zS3Fs(@l{^qUtsBs7Ig84Zwa=1Ni0t5$O1lzNsbD?DfNxIExg^Fz7q9XXe5tHm}HXV zYX+Eh?o)jF+s*-*Q0#_@Owni0j|g*s_L;`H4%S2wmM;seI|cvqx4XCTxYN}a1QQT!`^dDkdoSlFQS$ZolE4U}tH*<5z z#^O_tj+;yhl^RfK5DidKOqbhLkC#xCHzNE^mnFyNv`C&Ryp922y*~7ZePpu_Q_f>2 z{7ERLN2f%i7t=@2gqw4(BNDCHODP1ii17lsBN)ub7u*=0*8{QlphoyZQ%zjy57;)k zkREB1HZ-x1m*KpI45+zeyC$aVmZYmX#fg2C zL5jr0(Zna_P!p*10tZJ^vU>|?S_*H4Qy4B*VF>gP&AXA(+lKpUe#K0(mAeMbrrhBW z{R=WUnt_}q-F_&_k2`i!*cpS!^eOFaku$Y*;kVg5XtDJIZLxSKfo+QHDHJJNDF3>% z6gx*1^%#n@2|r2VS!8reFtG=y+H?nT><=*^xA^lY*PR{FkoZ`>jA)3LsjZ*p=_sFb z)z3tW**GnQq-*!UgZ^uNz@|FP2DXM+Ta-pj* z2P$t(;WP}A|A8G)O`O|{g&YjZLc2v@%-i}Q!^a=ea!zaq=B$ma-E*h=NukN4y`%RX z9u_5RUL=LZCx3(tR+PgHRwJkux+u3_##HApWKIqzeS5~3Ftb<`nh#@EZIvaxZ4;b8rl@x|@ec$%$ z)6p$VXVc!h_yba8v^ptQUHD%p?7fTgfp9#-Haa=@qb@ua|9}+*8lD-J$trfv4L)rU zk+W;s7+y%!7=x<|g#^6quFN6H_u3?&>hLJi@@M#(If0yP)Of%@oXFoo#Daw3Sd~GB~Si}bQ+W* zfZGackNE&Qmw*x8?;yb(@U7y+;37z`l697E^@0tx1GPN~34jc#e_>c#Pa5#1fQ(DU ztc+?p%$S&c^FG5{%e0)#LcVVSV}O(R1HQjf3QeYnnGq98LOUi^s`HA-i3VQkm{!P! z-0~S_3~}A{#Ocvoy;*QKP$@x#FZa#E=b~}=^81^z8OO@_IGS}F{J}V)XaFs#f)rAI zZ?vt?i=cB@rb0vTIa8sKl?q8dl!`niutK+4``ri~E4~U*v&-870>nV)@Yqi{oByE1 z%x3&AojS@ft|8p;D(}UBDq^O_-sU)7*@^r?BMK9b|6P>5&rAz~Y4toBUwXYa*er7ekB`ZaipUGL$VgW% zqx6bY`XDRuAAp2qC0^?xHp$*JYj?>K%8vvOA|=&Xt{9DkpCAFZBQ*77*5c2)(5xS{ zl4wR4+s!O6$%~ofM;SB0F1_9>DlpBM z$r9s!vaQcWCE<`NE-D3AHpv8PxpGk{#Btm8;r7xi-o<^_7Ut7B!WaJlz3uVpS*T+F zc2VPA@!@{NX`xFO`EXx%Srhnhd%nG<4~L_RKx^ei*J83UEU)7vvjiHY05iz^fP zGv=cf1Wc?uB?KB=rI2++N6&Ul6bUmukr*v(LV1+$ixKG{ZB&f*z=Dq$!7>|WZL$OC zSr&Y%VGC6l@_11nl@7k$3~%pP{p)qS48W;T9d;LRy0=ilE%&r;Hb3Oh z&0Z&CN)Gm$EfQqVl3kf5Z~B|vf^%!ZpFfO-bj?iH-q|r6Hp>l~ma|+-KNNo}8}IA& zYHD};wf(5xJT^dm%dH^j>zTqRT5E~z#;ddFq&1b8zZ!Y*>rSWKdV7LId_q=E zT!ILi?w8{g6%Z$7SDD(A5vJic(Xv``w_9nk6TYVxO!@)YgsMbiKVPuPB0N9!r!V)j zUfc>#{_wwMarUvj;RTbHZC?G)pm>r5LfS zwLl-te{b-+vuG2%1{ihb!-Bw<2nse`OM@+di9VUJ6bD!a3D>tF~p5T}3YWHzb`uCV0-O}7n` z=8s}6rubXL-W_$b;&}em6Qi-p8cpbiEhVn28$_Mneb~hJ=1h=Y*}|@O0!3Ist(LcB z`smqU=4r$15VL5ucaeI`D|X;GyVZPX>}JC_6NUP}1OS$_>}`uU{LcvY2(2)yh%SES z_dGKPvrS&r5EH8)uR?RpRo~f0mO5k%a_taiLuVu2B-!O+VWbk7Uys@$ii>l&P#C4) z&YwBZ8gESS1V1t>p(nM0LOfUjRVdwdKx>ylhca~FrG|9M@C8rH$OzC?8Lh)Eyy5K{~E3 zqakiDdSrg4L-C$u=uaR*S>nR6NjGsuh0(zs$8|Go>2l{EdPn(o-m$( zb|G7Fm$%OJF|-!`jsJ|{9|AU0qal4t3}n36IbDkM@q=-k0ALbZZ|%WU#60_R&&fd( zV|#EdyyI>zddtq*Qqy|EnwS11MQ$#VE* zy9(H4m5(Ih{>R6KjWK#?L*+!FL?@Vknh-`1LUF!fSTyU354@~8JJ=p!CHtL=QH;yz zhf(MUArq+A8T3%{qZq(c!ql^WUiEe*GOB+tUj1-EK`?4Y5Bu08K9+|?{>|3tBlJ;WXX(+DH9n>B(CTCN9=lvMl3EJHVY*fr@6y+2Sh=X~9WL*Bk zB$zV+2HnLuL6*<+V)rHWeej6?J-$E9j9D(Y7ECY);}o4A7i>FKomnx8&i;l~_we%4 zcv4v*u}FFApQkTlO7cn-MXMy$y>m*^E%9W&Z60Gr8Wg(9m_Ca6&fzVH z)`}wy*1>)r#@rwa>)FWaCyN|+Ja{erfa_iZxAXX-uEH8iN?45MD_E*;3Lo?Fm2sP| zBFSv(*dx3yuy|ef5iqDoldSG;0CUX%T*Z%}qViGI=wNg`sbJ0 z+Wx9OMiV+HjEk0Xi}>sp5Lu!TWg=U^q%JhOa6xd@PsI)xwbjADqrnL;(iVLVO4eov z*Zj?9;eBG?c#GDQD*lCigs+V-nqk z*DAk_73=I*+DEv&T=hxK|9_~v7WlY|s-HH2rck&Q5sNRj&_WRkEiVHtkYX3N+Gs(F zh&+nnr6|@<>KDLZ>L!rQHfcqX0tKo(tjMQPDW-v@8!SzDC;=)2t+;B1doe(i3Q@p* z|Nl8NbMM{VBt_8AuRqw_JC8GG&YW}R%$YND`{*m{5MP-If0FILn*1zm=5T5j#;E0| ztB&YRZ8+_BMw8b4$gC9OtuZdrOl1AILX(F0oj_4JdSO1hOXe5pO=B{LF(|jw0!wA~ z?3J4gi!u11Vt@f+3<6ljVB!z8mu&xbjuHNcOVzgj18pB57AOcF8`wSbNV;cC<~ZWP z*3S#unP}HjFunbA#687nl{;TpDq!ix^m*K;Qel+LSfzu9skEo2>%fG8_Zt7YbYS9m zP}?p^lm&X4&IR`DPpWnOqF1(W$7jULAkO{+GylFFdvr*VOkKdpUUJL;N9FComnu*_ zX0A)}8Aukpdb#0mNj;H;TP0)!Z7l|L|4g)%>c~H*h8i{~7NcYYGiB3>L=y7`^2>l$ zV6-=sioC-k$z;5x_y^mi@&{j##m=9m=pW4KG8vmxcwnBV%x0PZp;re?hA5M=4-Hx}_APXzx?yLMn>gp0+=-pllj?8GRzJC3HI?~=|6TD2G*t;2 z>-ncZOMFfyuU12BDaWrTBTgQjFt1g31={v?hJBRnf~ExmTa=Pgr&X%Spr>X8dk8&D znvM*$tP!KZ5P9jBtKW(`oD_{^3KS zc$y`tUTXz4TdgFevdiul2(C*IRLfalv}=SK%I^Ljf2sPu@eY9OX`0}G^J$hyqSwl; zS_k}I101WB+E$jLlJw8K)2ODMP*y&?sTxTjQYp$qa4V$9LHeeHlx?NRtD0QPN28*$ zf&jmAuuR}`S4rR+;G}>6=R@!uRgDU!M~t(r!k=cS%$S%QWj~qzG5)Oy=|?zz+15$1 z6bw+Sa6*)(!f^gA$GyH?@pQY9RBG|%tyw>rwG;Ae{6E;delW9Sz~C+O9uUqp+=(8f z^A$1|H(_wo^#kX4%eWlE(`8=UB2Am)(oXl^ywIct>S5E{Xh;Cy=A-M z7cWonrH!Zb@WLGxm-DjZkeQG(6wTQVN%GpBLlSZpLuI%+{0@NE)~7jNjpl6MhdFm^ z&V)py&Tf2ZTctURqdChbGv{lXQ+9Bq&Wl(udTkeK&KS%?4ukDaGUubF&fg+AkG#$t z?oa^hLB3cTybdAq+TLaAK+3#jTVC=_kvwwp-;PAaH2js$H4iOV`B z<1t$9KxVa3`zdpo?jGX|GLS@foJA~+6{~Z70=yper|l5GzW{)R{QiKZ#rS=#rp<6N zaJ1LPj}R%E*Xk2wpjDrydyQ#*I>c+d6i?{(Pl3AE_&I&a@x?NT3dzZuQ$k3LV3iOO zBUoioQQ%k4y*49QCB(-FRtfRx15!Y=g!mZ2IzAD>x|%QlZv>0cFu{vT;*kZ5yP2f~ zi^DyPU|q?q(t>pnvz%b@>}?6bI%a|qEbh0K5G*nKM-Z%?wVDbRl+tj5^|TJK_W!*s z2YFKgd_Nw*%wX$vcnWc>`hpSuZ{c1gnIf*!l3?uR`UGZg(kDy@m+KQm;fr`G(U;Sa z9D>hZY`}lOf~SMWRin*=7ZsfZYtq>+TB*(=_WCZ0n2n$TEk;lg;r9qdKgj+BX2Epb z6lmhlqAHDS#GAlQ$7A$x<)u?n-OrXs4_CsvgFzlW0ge@V_z~nwlC)R^8i2WIf1xiE zn3t`_e9v>1Q%at*6#FqdZ;G6={Bx@N8EGH(kghi{=>ZBGb>}R%&kYy%AG3|52q2T1 zf~N9|}o!lT*{1_V@IzdIgLQJV2+4`}=J)4lt7Kb1u}8*^kjp zA!!n39!~0t3B2Vl4-0SqPq$;|yPJOS?p<)}-3!)90^vwqy-G=q=}PMjNm81WV0xvw{PHGu`6Uz0<&8JG%Nv>4fhAS+@=IF~ zmtWrKE^kDlJ$8`1u_bvUFTcF0C3%xOcwnL$bLR5PoW1-q$ICA_5UEYt7r0}p;QH$I z-|+aC2c2stnD|rV{wuJM)3eFFGetF|51I@Q?&a9d@IgajMaWGTdIdL8feB zoO-0R)JW5Ed!_9cZvR}hqXbx0k^rk(lB4$czaoC}+Q!#l_r#g^t($4%!0 zJ9G_`h>*kgcfKMkb zh1c}DvfCPfM%!SwldltYYlm8I2dnO9+w9ua?r^O>HV$wjL1Yo>nMtn3-_@1_jazs% z(${FZ<-i*p2cod$!0X)rFtLyWZ9#D0^=<&PDZPI6`j+JN`%xh6>k@#&}83p1NT0Qb>|&{)fR3X3d$df9+ha^?l@! z+T?3sxce8eApT)BDz5q0f_`wmDGtZ_5QvnX{qu%bFkLh!U(pR`fT{IXL2N^D_9niu#xa}Bk^U0Q>pjUlfWsEegV|1FJGJbrGFynK-L7KU;8qqB zbU3dJ`qQtC`b%l+m|@7vFyw=qI1H>1a@&EusqUe2?6YB0O-gM=!!VH@lU1=1CS^5A zNc*#I#Rou!=^ZHPpag46kS1b}=y=EWSOka&gxDl9K6zdLG|rN)%A|ntF<;nQPkX3v zfXx_zb}~kJxq&@4Mq=GG0HBRO5qUsE*sX}sw^15R4vMP(g8POf-mAx?hc0%EMNk1( zw=tR8!%Nc*W@HKu?fd)Qb!wU4d`$_`(Pda5GCwV(AJC4{FVfbr@IjV&>9fMtD8Y-~ zZ6w&-KZDyf{9SG15fLsdH;f2>gS=yuC3wh)aJV?M`Xy7pttUAMRKN>^DT5mIC0FS5+FiZ@W%0a6m5&>6#SqoAR)XU&~UXiw=&4PRhWqT^-?xn ze=8=3PoY_qHH4jN-wFvkHHVyI8}MT+g#GZCP2Sm^-x=tG(&_y1yC(0H=UW*dki0dx z0d!khf2ULmDGtuWAohA+6KwvdV4BUfSN0p1gZRefdS=z%>EHeuBrlU(32s^mCZqo@ z)mq<>t+}&HmPwr}&sIrqFY|x32UdZt$p(~PVcjV!p$aRR09CZYPoadGuyAPQ#)3Ah z$#5Y?A18d_ddpjbo67d58iVRzk*Zy|+P~}VSk0pzOJUz1)iZc1tTRi<3KRYU@F0x=tr(lwGY3*S;mkJB1OGP!zb{c85a%H(RWMo)4TQmjm_&PjHJ z_niQ$Orl3M?ImQgTV!%|UaG6atrnSN0}+{A9hFIxfK0MPL?%~9WfCPIlPrNQ#bj~^ z@j4KY3&c@gK`ao=%H*n0CLgjgnN6!{-b$He#Qf6wTN?n~OP_{c6q}XY>^08EGc?Bj*ay|8*?N5s(vI^Q z4?!C69E2R@jAXx}l}kzXBh0G5)qi+MBzpz8as?!N27$E7$8EATw-yWc>$_99^^-W6 zWV4lT$hF9KGi0>czYv8oO`k(I1RoLcR(TaE&v`nPQWZ-9r|2S5-khqvhE@EBJP5kh z-Z5G44gN%J#ln$kWLPc+5=Pcn<0&fZQU6oIPR<+JQEL01dJkggKuI7KaU4CVu2n`8 z`iEhFt+f(N;0sO#AP$EB{9o=S?z=qh-4g#bwSQ0bg~(D~bFuT{Lx(`8s?j5snHVWE zDe_E4v2_N4SdEwZOlFPG_1h0t1i3vt65BRnMNF| zhI=2d zzFLZeDkk7>HUG}X=Sowl%-kspFn@k_FL+;dCCO#{oJ`IjkV|#^|TH1oaF4I%~Q}G-Jr>uz5s*0-vs{0&=k(p?PEpQ3eR$!VZ|Mr1tlk4wQ5p z6Ys3r1qJZHa0u{b9$m}>%2WZ0^N8R|gyinJNG%*0k@+|;^fiol@U&?;-9hIZY8`D7 z&=i}SCNhwnhiB|~!45q3?=053hbvZB)x{+LXGahXDy;~fvrKSYwDY17;HRjhnE9W> z4eUU=A4t=b7%yW&>@%Ul`$0I~jv*vfIG zM!`~k`iGR%U%1%oN1-| zo*gdWUUL=>$EtdjT83K}C$bB-_%mxOReor%T29WS60q;(+*_)=nZYHgjQlZ&;mGdg zsVY4`mnV-&D50>PNaaVq#wySisxQEL(HTSZ1;3~Laa;mPMGw7^&n(#jH(npE9qpa3 z2iGCbb_&TCP9aE$P9b*_h-iRD>JddVpJ^805Rkdq`YrRZg@P|y=P*s+l;%P_Cv#@1 z;50PzF*iZX&CH$x66rpnsavHc|tVf{H>_XwMc=|JeU|l4ccQig}UM!Sb|$`!2uO4 zTcE3;Q)Q1MmQF9#eqPho7`spjSC35()wx4E5v|9J)4Zl1yBf+g>F#pFIAOzJElI{- z(`YtTg%oobvp|zJ9_>IzG%RHD80mRIZ;tksb7F)4xI14F6$9_?@#$d3nBGisAb6@& zP3Wd$OQoOhEvNVn1M!?Oz3JR81p3udm7!ls0zGj=pmQ8hH<|5B=$)S{9No2;mF2F8 zsLsbUa^p-)BR|B@TMC1yI)!3t8ZVfl)PJ)SL&}Oufhpcmlx~>fHP=x)#A8bjF_H_0 zc!2^zC)@#jE=wfvBVm=a zR)RB_L<2V(_o!i|M@d#bo~6;FwBb8w7fUVb7GSY``$PoW(Eb7k^Dqj;nUn0!QcJyRC=I}3W)*2vGXy;%!m09H}jDY)zNpbY1Lw?qX#&+PDc-B&m5SW zJrimg2RxEnN^9oKdxlrcBUsIIp{}c-z^j3R+U>?{|H&?*m#JBek&2CA)ywIPb)Ukt z6*p)dn!j(gW2(HOw#N^JfB>J|0ksmd{q5tIaj*2`UuRunBNd?^j`p)N#3P-4GBs$ zTyE+5yKt$Z^jKF0`^Q^TWpSKS7DN7rr-T3BD;Pp`4E#at*StG2v06sbWFj$I1_OdsMdb7+ z1}u7Z4HeKrb)C}n(n@ZG@m2=V>^QJzFq7RVL>ZXvZu;t19Sn+eMteSwFP-P~F2r9t z7O)8P_mIea*?&Td?HmBV>vFS`qw5K@_@3ExEa2g16SP(30d5UNaHt-Y2Y|of80CR} z^A0;C*}(=_fKQf0~4^g0})jPAdW(((k?M zBzD4QTDD;ta`gf%5XLJ0FtFjh7KboT@Api8*K0HDwP;0V?uL)Xx(i35nWA9f$iE3z z_IF#7-*r~@Nd>KdPHSW!-me3J7bAAF<|K@}!eXXf;I@kH59|b3!E{a}x;Q(}!2Xwx z<<)1)f-BZp>UDmamwL=GgtY)L`52odQbz)n8dY~Wl>;fQw1jJuxq=)z8BA+BsG{H^ zc6^9WdgCJKOuIi%eTjI1hk*xXmW}%7Uj6}u(XH9rRuwGX@5kXz%upaP0tkT-Iv36{ z7%)y>lKFX)88Q}n2)}Ez%seRrW%h+>cFo$*M~*d{ciD!1;m}@f<;{8uuA9PE(A*-J zJ7@z7J1*gy{zz)jf}hKW&Yr?PKT20Y%sLNc#0+r64o5dJz(zdc>992>OIuN!88?fq zOCa^=M=3hX4=E}jF-gaXT$vTAqxdz2!emq2gl#Tb|!qGX7Y17gIx#qFDSNGle3TCwW)RU@Y_?`+_eOwRV1bmN!3iIX-nL10>!o$wBc z36mt@-pAgfL<%MAU&W5Md&@rwObU3PL7HI4+uh~A5hfRx%c0H5+dOx-Mu?^w7UbF6 zT9UT`LQC>?Hw{b|!-j&LKM|5*8!DA2nYaUUgU-E5Y;@aXF!)cYz}}jzH7J~(5JTMVFda0 zDh#O)wZf_UX-6*l;>Nk=x_Cwb4o5DS&8Q4tzP2~i!&W2#`uY1Ns&a{ z>8)Pdmy0Vh6J{Bp4lm5eoLyX#1|5X?mXU?|mX_o#0N;|l)d{nkhQ0;i3%&<8h;V(V z!*&Nb(fM|&*VL?~l=#TT0p2hVUldiC+&Gwr>nt_A{&k#xPSl^VTn-`eH zF?;p-KWJp~y#U%E-7t)7fMyBofkslg^%*{4)dgI2uJVYzB3Q_GDA)ZZ%=C&Pb z5}>nXLd0NZGXkvOd{8qNAAxh6_Q)z2l?7a+cB)pYL-F*AeFp4G54|2JWG5PG6gUFn6AkiZMKldVkLTewqL5`bqKDkr%mF+uT=p)B9=3xnEXqKwb4IL%O{T+&YO%N2 zO)A|Eww2}zb|Awat^t~E%5M6dK&l@a&RCzqX-J0G_O{46iqJe}tjE(sV?B}{HP)XT zW_fp9kV0V5Q6hW7#QP!gmyWv-BJg}nU6Dm7RR}* z0|ROg_i0{=@!kg!TcNr&I+qNtEFE3 zQISR*!?+98DEH@Ch%jKmdC*N=C!A;UrkgxtHDTP}eJ%Qu6Z?fo+0j(qeYbE&G@bl3 z*=rhGluTp&c8!)7kJUj!K%N<-mLbD8=5^R}120_V&8PJz}@Z7Q1I!@0k3Jt?koj)U4cvp-#e z4#7*h1Bp^`{V5+|iOrJ#Npt_jqQs%go^1tX!nuD}lRn(sKkc{w$#Z`TC0OQus_8A? zvx7d$z}7A*HL$otUCo>kt%MIeRLV*?3DO@t#f@t)UPSlNzHnAT9kL3ng!9O!vce+U zsgajn@tEWeXHVQExx?8L-;&(n?1?(b9nPLOU2=!BCuU3Tj@uJke$8P0H#Utv#Ng()DYEHdH10a!7OZcnU4lu%%nwMFbJ1BX<8KoF>R7>QsuLBEb zF+>$_)Dk%Z`>~-V^1g4O4miB<=gnFod;RLIw?t0f6?*J?ZYK}7hEYo-oV)G$GK4S8 z;C__q!H>?`jaHF;eGY4uaGuK_+O3w{cF22?`K056r* z$A-J`Xx|DK_V5JAT*!qzo`+l5Bg-!A&)G#LeniPu!2p_RT2ZgjX-L^8l9H`HP2s{< z)V1I#tjF+=77;uddI!yVSGqJB>7fd5*-BF=-LWV8q24Vzd~p6}i@7t9z7aR8BN-7J z&0N-n=`Gb`nv>7RQ^qzYUx=raHz!}jp`?K>EIiBnyM8<#d&0i%pK`N~8lUmU@1`pc z?~>rx=qfdef=mMmQ$T>FI%gIRUDK1I-VH6Qq%;wxdASJv+~1_wK$fO=M2ci_@wN=w zrIp4T7VU`yxI#}Xa5XG-%tGe_#TmNL5hqH7Zr_JlrGiT&B)G!ZpFBN%hn=xM_%$8Pb$vrAie0g zG;aCAir5`_$!mitQvem>rMGju)RKJ3jo!_hu5@l+^OWeb_0D}>rhXeatO#Rc+-`)S#K{e@pgki4CCgXYdTPBV!GE(OcCN^F1Z)` z6Jo%9#MBL^Eu)x2FN4$As+jjKt|1<%Moju;!Odprot3jm`l&v1P>J~=#pL=nASH7> z!u4>PWE&{07lB5K75n<7nC^lIRqLw!a*Vjvv4pQEBD}=KA=wU5b(M@`g^Xjx)M?z> zsYUof_p`JOcmP-IAj2Mr5$k%;Y<~Gu9>kzvTNBM^nkQ0qtU>3XNEk?#_jfvtAzZlO zAu1{u^Eb_FJq==cfR4HuYsM5ks(maq=FzZkmI@*J32OcRXW>fHgAY-Dc#Bc%4|~4D zsP*}ez@WsTV{;F~()!J`7QI#~Jy9e)HEM2g-Hc$KdZef8H)BWOOL#KzIa-;9ahi-zr9YLNR^^%OGauDTtNBU9tB1vV&X z9ph?|=KC;GjCnRY`UBXOZ{D*q;M!e|J>rv1wJ=}DY|1X&>L2%xUCPQCEVdo2}uOD&tHe@1Au-ope`7UN6o;dib}Gw%Eys_Qc6C)gLIV-u3I`1 z_#v~m(X}6NvK~e>XpeN1E-rj!5K?|uIVV3>ilH)Lj1J>zmwth zinDES0gKU_u~V7R-eOIiAjupfSW_LV@dmRaiY76oZ1pqvhh$Lnkm>6N1evJ>o?V_w_ zX7wr3xe;sw^)l4sWHY{#x%+)oywUnwbwO?hP0kv@E?8Q>RYjLx3(OM<4XHFjywy%} zTQSKUuO%?au}2cDp%;el&sY49E292&ceCfR6&ZyAciK##&?C@>+Am+*WkmD#C zkr_7DxX!R!3uoA^xP{Tou;-yoqef6uXV|SpGi;buVulrH%PGyAVXZDUd)~dV#0#IJy$ zl;Jl&G_U_vb)HDg3`IY4)&4^FCu)I#=&Pe8x22JKJ`%@2ZfV)`HLY5 z`#rw&@(ju7zmznJe!MKtU?ePl(de>IP-?^FS%PgqqRsx}(}l>cfmRkBc&Gt@(e(YR z5jO`QdC7T)Wq#VFcI%`XuK$3HVD-5Uud{s zP_P83$-}DGW6|ouaKob+K4!Cm3_WF%i0;n2@eu!w^zNvfed<{TlX?0{Qsg4)z+(& zR4lN=lkgIQVDHNy|5zNNZmJWEf7Z5lCff5??!$xn=DM%uUaT3xKd3FI`l0bTMQbPe z%=r1|b%sYUUVx6@!09;bzCD6cqUJ%7ns>?UQ11g9*7qOT^tbIBrlBa*- zcw9~k9tK`XRGT%}RYsnVAaxsl3lP2t+cnaF9J6y6H5|+u_@~XpB4K-~qqu~H-e}*N z(8O>}hdqonjVp}$K@r<#PeWhqZL@uoeW50mH4tFkVzb4?t55brZ738d70O#B#1jW> zY=O=^a{Z(3r`U4ejYU!@gTLY3Og#BZ@(A+PwA9M76Q;iBHMq-AFw=aO?O1fPkM_(F zd;I+SA>8KGND|QN@<&zU8E={9HT=W&)-5`wnrTdI=N}}7cSsHPG^~Kpfcr}&LKKSvFmO)va3!`(>s*CXOx zCJ|B9@p{*w0Ciz@$pF5J{_&ak^e<0Y=%Er?%1#?zq$Try+wM@#Ze?Z06Sv~r{XV2y z-6>NML*a1Q7Am3*Ik$leZ8&alk<=v+b=vQrbQSi=)rZsXU-BA9ICfbTJp8Wzi$vdM zmiU>4TQfCzAUTK$X5{_fPZw??R%2!Wg-Q6}SKv&s^V@-ze%yN+KqQbi*TM~-v9t#6868y{;A6e3F@L&W($|Q=ES0AS7n#LBfHS|Upf3A z*sy(Ajuf;~DGIB}#af|Sv{z|at;;)4v~4yOLj^$lIST$ifKu>IBMq(-V@!hS_Vdv` zNw?#>h3r%gE#*)i+cb?GTAr^7ynZiyorc%z?Q4`Yr(P+fX%F$$Po+eC?RuU!$N1z| z`nb7#ubj+iJy-zZ*rhCRI?s)UvoebEbZC6ggt@`C5{-ixXt!pK|7Rc}wq^LE;*j?@ zp`IEyw(C42!O(zt z*raO*yw&1{Wl`0*T}$jhy~Y67$tJf32P!-$a#XEL_^T0|J#1-RWPJ@)B!INBPAbES zz6_rdBvv-0tm%^q775(P!0iVqlMw5?i99t#6uUJ>L`lh3UkHTo=pq4xlE4LDY?Xd* znq>NofNI{Q{|DT0{|5bkmNZdtqS9 z@0Cb!ebNZS%kSj`z<#O(QC&4PVjjl&$90;Bh@Faa%l(ApA|m2hhlQ(K;g6MEL_|DL zoV%01b)AWb_aheG7S#MpuXdPui(WN(+jh3 zm_c^{p!wv0MYSGeIN3F8CZnOw=}1~f@+xgJPb4$F{_z;TkhB-=X-M0zv@)a>I`YB| z$CqaTjA8{h{0@%d=4H{Q%4}2X&9NpOMQQ4aXj7w$z^tE+Bm(c1+~GuE``xTNoCy3* zauKvzQUrb`xxNn-`rUd7NRmiCJYuB;?t*g*-0Pn`L;F632r7 zV!_zIB}(v<1u5v94N8fq&bc#6@P9@y?m<^V8GLr4k-=N#+>;$2QE#J;ZG{=z?+6fE zw_t29*UUF%I9-4!^pQr>8Y_F-w(LZwZT){@~yX$ou`s_9bVZ&~E4 z0)%Kr)&N7{8o&TGtGR!|c6}cjP-U_Uo-ksTCw9`;;>mFUHsKqY9L<;WEUCwl)HeZ! z&P<1TP5UARykWXB-n_vhWIY|h7f^f$ERac8M(IBnl?Ya?cTTB%GiF(}T8y%QPGALs z^c}iPZ7RO4f)6z)Bzu`!d%FJ4@G`abaGhgYOGs>R^fI;Ae>=V`SUEvBq}{(6A34Ip zX*Jvjt5JKh;3}J)?IkZ$+i-_YD4~rB76&E27w;sRWrQ2rUEwn9Zp<6sXqUC+K@Jct z@j95&W|fMrg1*rMc}v8yc9_s{K!i3T$(6j} z_G$3ZN~6UiQ|?@(#m2$C*o6#;WbdF@$@a`y&d8DZy$&)*+|;)oDdJAfzw~}1Z|%TZ zmGl{g5M8u{IuFH9a^?ebGY@bnb4ddoODp8773wKj1!=RWWouS2*r)b^mWs;e{} za?aiQk$^9uU;toBsmz4gnr*y+`D7nL`Zji#9DsSsf4YR9ZCNwAguna_vwnGB zac;SPrsQJ%!u>I&Wn>9|yyRm2@_WIaWOTVZ`I99V>z9qixjXyil8g1r?Zvs{{6Bt= zSYiD_aV}`L((jR6tY1Eh+#Q%epM=H@ZKZNpq~zyOPW~Tut0>_iKfrP{I1%c|Q8j~R zby%>l`HEs_SHK!!eL+0&jV+6(#n3$k3lkB)?njH}oA2xJ>T>HWht-ZRi`OGUD5OjP zJ71c*y}zibS<$9OGVN{!5J#yu$iQbs>+Y*GH1-ph5yA+eh7JyO#c^f9aVVg?u)h?A zozeA@*)Q%y!7_iaA==s3AScqXuR7=+A`#l*Ky zMKjzJ#tpRG%xE1I!me=$A1s9Mkx?N$Aga&x;%=LC-*&lZPNH5RR|O6YV=#r^@?#->XC; zc6;C)62a4i-MuDr{tS~b&Yyh_-?zaMtN|8(1G;N=)FdywWVGb@vmZ-M2EcGypNO!6 z1wuD&-!9!qi?P)Hv$;PV-?`|Uo2hx&zxVD}w`c1g_AePD+vn}Tg9}Mnq}UDdZ$L!- z!|AxtuVds;U@z%aeY^i^IV#$cpFv6N`eG9i{tosU@MMow7g)($Ps2*^IsW4khg;yc zYq?w`q~hpGuThC+W3p;;sqE3)`{F@F?0HW2RYgs(S3BRkAb{IbfATle%%Inedstm)9hFd6N|)b;5B%sq}BKNPfsBg z4Q9>Ehqli77w|#9#MuE5Q?z)_KmH%%QNW={ge{8uu!^>57^uU>BLs>9n)4cLa~&F0 zf=}-8@>U5{z@r2zbogszU!p#TzIONz@t|w{7MubT((5kq4YpGnIAB&cr~q?O*58-e z0%AY{X^9g+0mKQ+y8zxk+3hAp)xZSx@Ena3SS>`8Y{UuR11}5n{v&S({-k9wROGJ# zkk$UKvR_Be;Z;KTuS{x$ac#W%?+|aFM&y*0*?5x#<1IE^h!hua#l2v;_c(!63=6K| z`hihT{@vdIb6e8iqWO$EBLM%Ct7VPrTl%AYK2Jm*ap5!faqM#Lw$`*qtm+xD_ zFnvBFbOq9s5UK^O z1XYbTegEdm85hEXQ*h&bP{7vrXP0dDZ-<+XrPY&=aIQI2ufgTgEZKR@PZ#2^v9sHivEAPVG_ z0pkU@hUO6ZWtUSOx)3mW0q|AusR_pFDSK(G;<$B6xpq+w$VKhE|KlOh%<6!@vThdl z|3Xcn(k6e~z5*Krv!h(!htX9|F_U55zc>oxM+zeka`gMBJmF@SuWP#RFTMe3oEDbW zclcNicBvax{lgJKDL)1!Q*tYbXD@IX7&E31kN8xbL~cLar)ITwv5 zI!)t=c;g2~Asp+jG9WUDd;wC*s=j~PEHa8{QagWCJN`8K6P%F)yfQ!gKhUF`JxJa| z$lY!n;%vEu&8xoLmycA2SrR8Vl5Tuh<9$)Igl^=VYE&xKWJEVEQQt#>ZuIuC@!rGA z=Y;LW@|mfB4P4%^`BEsSA;fZK^aY&Z?wch)3_{-RK)*{nON-7}ehfmK1X-pnWx_(` z^FrtWXjeT6gvjF=63saTBR~ovrAi39a4+KkG}R&E_y`Pt@V}N!=PC&!z|IKc<(MAE zojQZS=%*;YL=yV|92`XXTLh(rY9`Czl09bly92g30;6cWTMB_QyB6%$0fV<}9laOn zzn6J)yIt%Wrsb%RRKS83NkgQ)wW>Yy%jB|`MG;QRD*6kT@h`kT48Mz@@%r$;S5n+=v;!T1+BlYdX zf+k6I`Jj~TMTx$FCpf0c6O6?z8jmm@IXb+*F-YPI#ZVHsBU10CmX@H8(*9Vl@k+M; zKlqWjWy`%Bq-nCMJMnVrg&rBl?Ba?3CY)%>+$SN^j#-jmmaV}|)0(Tgt5g+Y03KF| zf4>Z{vi1Eb%tF*RsD*Ro{G!(3g>@fc(XiRWg>giAd)3^aKO+yz0ydP?>8Y+pljJ-2;PiY2 zpL-hWI4U+L-O<2Tukm1;l5Jp0PZ_|NwwswCa5Bw{@n|p9rf-k${3oERt=Y^LX$xs` z^dJK3BqDXdi3zm+0hU$kPBa;8C}}XeIN|@ws}vWkxlF`P|L_fFFHO+ElMW_qb4Hwo zhd9k|9s%Ms2XR^mu|rmxUZZ$d6iw6AWldbX+(ZbQbV0838&AIOqb-L6-}C#JCqWg}6Ml1`ZV+ z6PgT$Gwg93@ZU0~;vWm?cdFf+J6?f|Z%QFsY$7{>e_AQJBN-muK&2T_Of0Fz|aZ_ezz3lO3l$56hSsj&(ZI+9o9;nX9gTP7%tdH56u-U@O238ET6zGUTPZU5;IOtOwP)^_P z+zNV=%j1Hdr2G0MKXDt@<0Sf=JB842oO?rG7?x-3BU9K!gkb| zE^oa21idO#bz>t1A~h;wHSi`i%xzx|IXko!4t(0L(4qjI7!I983^?8lItfGMq7ER# zwJ;rUEm0w!Mg-6uwF}SunO$EvdocDr%lHCf9!TZC=i9p65J}mGr)a|kuIN3xVpXe@ zD^?igSheCq#E6vkWvIe+9qk}z8$0>Z`zfK3uzt@h^fNVE=ZbY+KSa04rFtA2y61>7 zK*`LL7x9t4hC99i?ck7-Z;2osssZ04dErT;IfiwWpxnHwh^yptmDW{)9GblLRy8%6 zkC9fXiuldT$Tt?n6;lc8Ws>4G=7P7+X2RG7QkjX-pYxX8ZM7_ue zdW}bExBJ5uQLBLp9ZNax5%z*G8bYhk#9Tr)DKzAt29FEU`=QlFqCaTA#K-!;pLTO( ziTMz}tP~zui;cOlRr<3vTfraqVZ2kBC;S8dAvHih(kb4g<-cmKN6hC`=^n&*Z}!`7 z(sps6&TlN2eTiO-b}zaXYgQQZrHgPVn5$7)jF>f1FBc;PXCIGQ=KK+PFeZ@QOvX&> z(%E7uE~UBd`|#D7`fakj)X%-jzH$7kEE_;w{~tHvLe;{gm*uia^WjQ`M2w_)fjU( zqD9BwGps)#)c^EF#Ki0h6i1heP(L5(euYJSmZDCbPp9i9|HHe-yr40V5%l}~?rw{| z%oeO{(0}%CG2&Bc75IA>Sp4bFfc_YXJ%6bEDC*y}?8ofu%@BMEUo8YX`j~ORP)&ao z*0oF+>%`fFryjT*ieC1(4436{!>>92)6YiuHPZ18zc*()?pV%r{Dq-d$H8?*9!u#< zS^LM8()YEiMMH+GFv|Rst}|V2#?ho~{QwkJ+e^~TlB^c#Ce_e49+PfbikNQp`j7+V&0=E$JFX7JR1hwI2X~GBdACITWrJxOdCBNc(r&SKRgqbiQj}&z9Gf z_VpNf&ER!d0(=gcVf*=uP5b8+w4aQ^Aa4QSPw~h5W^T$D@9rE7@PM?Hp{TRH*oRP( z{oJU}+JZdFydaK0S1<*LEsEy`^eo?HzEv0w`MY z^#W0tcQ8z_EW+6;vxjD{VV3mhHO!Jwa1FC5R3&#c0}9;=*6$@J=PmeD{Ayg(vu8cR z^W{dreGCZF>3z1YC{a|d5DHOU3|KV-SjOP4V%~^4;7|DVI9lJJ(vwF9z*;s z0&0IdwE>NYljBY(0~F2cIT&kt%YfJ$NGrZay>Dq4LSvPwIRHAA&^*2I`LAeNTF5hl zKVH+hz{<3NkmizYtX?y08)J*w__}RlkZthCYq}S|rVT_$muzEpi8cgPYBB?6QUpv< zyL+Quw1F|ej)Q3pH@A=L&hMdHLQ2K_@!k0eyYf2Re%EWJ?Ho%hPv?)g5tuw}>Pl{v*!^ z=ZR|4kZ9n@0q{S5FEk_vz(GjYEr5XSB}s0tMEht$cg**ijUNjA?ep(#fJ`|TgN>{~ zEyP!p-5*BQAf=|yT=8;P>@)C}eaS@D5Rphcq^@XuzvYJv3VJQrNxJ0*V453%EbcCW zev}WUa4nc>UC-?e*Dq1{mC@I^)G7rDsj<-n6e#byhQK-}Jg^Xdp#&?Yv}1jC>EE^o z2Q#B&E2hqeO%G9FS5zQpq*_~vl_9|=VtMfTFsZ+*~Qv6jq>Xx`zx=562Y)LaUDj2#=XoBo9w&HG_1~G|M z`AdArI7MKsV_U)AuxgEdnUBGHvC3p@@3){L^xBXe@7cot2yv@>q6@(5Kt64IlqB4!j zrYtcSXNFI>I5-z5vOr3K8a@aap-cf4f?En^5O5vth#2Cc7$xtoc_8|pKIR-)y z0I)2e2F`76`YNd8weql0ysb*tr$iARhCQ0DVBNNtit}Yv#l8(w_p)YFmnL~(yPS$f zsC%@ndwFqPE~1Vx`H|1USUL&b(`|lCujrVt{@FHPr`zZ_gZ_t*@dWu6`Beh82pQc9 zVQCR&s0jf(x>Wk<-tx&M(sPOCZhlChdHzlf!QRCM!d&j-;qoT#e`3xY_%`OOeYj&F zEUNZ+>yifA-YXu7*xv3)L1gV%e%x1!3>+HH#)**?7GMHZcm%{YS@EaOb?z%l9^bc z%sAragYK`PnUKoP?uDn)wt4SBlmTxUuDtD-zbsas@P(6{5)H82p}h-o zx;7XT`cIM5LWr=e@~sicP~V38M?J}YAjS4@5QR^|m;NQM0Ikq;oNm(172YSURU6-( z)BNN4C~lpoAGbix=CPQV=>k=RNa}rTfgjvJ4+Ex=Bc&uB-b0ZVGgl6M_<9y8k0i(} z{vTmKTIP?Q!o&1fMocSyUgyE|ePc2U`FS0Lxc7!#Z~Qy! zq7x+x^#f`@v_627Cd)XLo<`>(^8mf@WeXT){v$w*qo!1*?buvDt7Bl>Kp(o(JbS(_O`;@w1 zh6tzwBCY=%rKsJyIQl*|3`)0tKvCEuWa@} zK6JJhcI7AnLzW#X5Jb-yX?)AlfgJLxn=$tFgZ#{^@wN9Px3Cgk`^;ZeGUjXtvd?8U zc*}gMZj1X=T^^FnHF!b_aH?{js=M@45#9M$NGS$~3a?Mu$5OVEAJr^tZu%HkL5=Sd zII-0NZbN+$3mKTeQl>?IouStXz;LX-D1KNqp<}h>z9mtPwb7EFDQ+h{l<*qo7o}Ia zqc8q}AugNyovNw!`2`T>G#Axp6}9Zm9im>xjq=ri{!v3~Ik?Y5iRd zK*~##(X+|BuwvnD+nM`PkSOdy_cd4cB-;^Ku|2pQB~Tm@f+)_Z4aK|tozwY!cFWG!_)JAG(j0R?C!1&aSPwGc|@Y zY+vvj&i3N$!({Ts(*Z+IIWuHzt;G;(7@J6l66xDiwtocYQ9870^bV~+hgOvC(AG~3 z+o6+{BUeN^w90m996O}pQrm{ZpIy(PA35vByWf`Fp@CX9dcPWgLPP0(O&GpkJhB0_ z8Y2B#X8J{JIUVXa5QJ!zD2Ndii+~W_LV>icj;LOwN+}JqzD~%yjLtrVl$EQwM^-fg zj@m{Zg1Z5uKy?LgdqW%nEwTd~u>hsO5&Tn{BMvxaSdO?xW{oBR5po3EbsWLHhqY%Q z#sBT^FtaqBi^rww`P%^MSl-}!N#0n5j0kVAT$DHXJ{oTj1e&tEAs`~Wp&&-)4T6a9 zhE^GwH&~@4ZwNY`;SEB{wlZlH-e3{o4L%5OP}BSOw8C=Rm#a&tkWHd-Xzb|fZt2Dx zx*d%%H}P{btbY)i4I9bowGmrS*Cr9KQdvU$UFvwbRoPDs)U<5aiM6qe=~{m&9))Xx z(4g6iNJO^)kO+w5hus2z?I;I=2ZK)Z6i}kA?S=k?6C<69k#O}vfBjS31E8g%mGor) zpnv}?ZsH9fL=d*#Hvt1rI5$YE4^QQYrHm~_zI~M?mRHszJCL>xg8Ee$SMr@6H>3BCylwHRP3oW-cgjAKq{%|=nVfm z%px-y^Z0FR-CENYK`CBPQj2rr@w?Y5oe?+%3a2jbeC)veM?uFC@nB+Y40eo3s_aOhEVph-E-VoEc&)&~4*onobly`)lS5^m zU_eg}(*k(p9Q<15i?*aoFK!DC(-ij|V%vkeo2LDTnxXIhM-&6J-+I1{w|PIr8|i~< zI;8zJ`UfF&@R2zG^+)=Ro3_g3IakP`HcyEY^R2wyn zsOtpBl`Uh7z87SK4Xr~I%Y!3&{k2a<-Jov=YC<+xbLkuwV_O1TL!j3LwOZF9tEPjWfh9ICDJ+n>2_7*HCU)e>$;LQ~Rk#lrkg&=mb z#f|p~nd*3%pOtgG2B86ikpEub5@7&)Q*s_$o<|d(*D=TodOv!?(11>JVRO;BCg=w( zVTO@Crch>4O!k=2TfDHO4q`kv3g*l!b))1G~ORIoPyGIZCSs+yvwFJOS#49M3bBlpbe$X(p4&x! zV5F8Ml9fao6`tE!zH}sbu{~xJ(*X9-;fwWzCEaeb&haJtTv5p(+JSxL8;8e>FtEd1 zGja*+HHXqrgfU>mcAXQ$0c)91X}6}seUk@x{!0`?Y|r^UKN@k**~&|TYh7$P_cXnR zgF^5+uXTG5BicO1H5E4mnK&z|rCoH9khr7IW?KZUJFT>ZJ zGEGBx6nEJydGwY;(;N)Pp@T1Wh&V-sFjcUe(M8d|AOjjK z+}n@VKnRg>l@`>v%v&y4@sbbG`0|rp&rw3OF6WD^3{G=*R+vOR^Vg7HQY)LW7m6U{ zKvv#TCsiw@FwV?i^zk(uO#k~h-de5z59jI5vD%FkP0 z!$AsLfT>#hSZd6pIP9A+%vD9k7H^eWxDg55$J>#w-N5Hl@2 z1K#+KWI+RorD0bz>5lo@YT9Pg^!PvFCms8x8>wG;L5#gWYJsfZBPv#S0@vw_41P>K zkKj@#y08}D<6nV(*&SU_)4ypR#?CCfblU(I`@ogIr2##+p8qY7*yLsv*M*xQtMhky z4mOqeWNt?}6pwoTx5T_LrD~#%_55T1C-nTIX2c0os^-qDISoH_bNUhYOR2(KLJ9rC zAKBD3p8qX~!;ZRKia@|f6wiOZdj4yZn>Wqf={aFTe=0azI8GSHtg+&XV;?lHOo=~* zUsQN5yKpl!&h1u(w_pFxQf&*Wa4skNme%(*;N3E49~rdQFleu3(1#-o+81Te zz5)gL1VK~Xctpv5&K42r@r1}!dJl0hHFCcAD;@#uA&K?^`+@kv*1O+9QG zv^Qi>9@iAo|MLtQzmG7zk!QY#xA%IQ2BDcrIURA;JQ0(QPN6qr`R(!Fam(-OhwQxL z>@u}w7$BHl$8$roo10z)QeM+hKub$u2eh!%{=k_9Wv?L%$u8jNfsg=v(x;`#sgRS zti$O#g@QtaB47q}NZSv5z&mUFoT07Wfa2C(Pq_Uy zx+gyb6HGTt5xdRMG;tI2o&ik$oDrZx;FBUNTQ@N-#fF=>tvl)_4jDdDYBuik2Eb#A$dVG4QTvz_0#U(T_IW&x?_@!B94JQm3Iv+4*Z|q<}%SjlD!_Y(Q z0VSeapW%I@jHRU6+tG)CDD#$!9c-g*Z_)n2zt3Fp@ADyAA%4k-#F<9Gwb6WIacl?m zo0{1M0p^cMtxR2%o0b~GEy_WJLiVD7y+D(<;_;pTw0?uuXCP%pkhtgp)Mda6$j|G4 z)gDU^Ocdu^a+_4GO>RrA%bj(q0_x6JpgEqII2z|YUNSpdwKdyP9buW@p$vj3t6+K$ z`O`KimvPupqb2#08+>woHn~j>tZWOeCY4J;qIE9;fEGXUKeiTd62)Eci@Mu`Z^;x- zQrWEmy8))NBPw-0`KyJ}6F>2DvPdlH`Ck+zJ-C@k04a=gB&sSc$w-j{3TP4;)r&C$ z;}PB**N#SeV?T#hML?2<=O}2h+nt_Y$@5nHmcgBhYlLUt-*7gF?lrDs61Sb0oIOI4 z{m0fD*)7qt6CW<>#@mZ~Hu(5k+Ou~7%TO_3pK5Dx1jfX4uf*NWk^AYYWjr%WeB3u= zqByZ6=Up4E|1F)zMrLiz7VmC4wi8~XakQI6>^i`RldTXsYB4^M(g;t_EvP3iiqKh~hq_8lH5tpNj5LOR5tNx72ffyovHM{5$^wCKt<5!iV&T5x zOZS-JjW&2;VR09#y|GmBqYI0>oylu#akW6n-E!6HQl%6)7+0;f&yC&@*SJXYdQtR3 zFr@@1$ff6X7pA&Svc9uFS+-2r;#uZjWb+>~`7tukk0kV$AC)!+gV;g=YC(X!a*;7Rj1! zG?fZ0jt)dGl(hDT%nuk0cshkP*C+<&qqtX@HzNQw$k`e1@_bl2u+xbu3q!z2cXh=jDz^w>}dSX%xMR$ct8w2bd z2674%A`NXZwJ6<%H?)nHJS@`AhN)lz)eG<25__$+K8KIaOha*h>(Mwyudz~|1uf^> z!{{F>h*am-jNrI1|92gZ!Rl7Y#$sh6ioqixrrGyxstD+D7Or+5qu>H+K*{JRJgPPT zCT!XPAXaVl5wHosPv}(3arEilYiORJ5W=aLuD=(NPrI@SorU+0w}$u+5H9*@;!j_| z&fF9a4G!tJKLr+;L(h&2cE~71@pNuvqusB$ zj1n<4h9y#oNDPgnMPg{k+l*{7JEX|wj9-V8y&Y&Y9X*q}WKiM-hWt}MgfWt{9G0RM zWniY3J}A53d{E@lXwT>IrQl=4@1Mz@i-ids)R2B+tr2Wpd;-=HUzTebhWuZjsDx4_ ztsYsfLh6QKE&Hb82aB8U;pz!DPB4MOAQhYWCWngn5C+cEL|YfJ zg(df*Kl5^Scc{pk+F0Z95sm1$n?psl2RhRxSd47ZpKKKC7+1AcF&7IRUkg~`tMHHe z00)ajok5?97L6M7l!)w762Kfil1CeCQm`PYw)&a$lk;{s3*!U30vW0DD~{j?UOx^2 zqCm&Ev~G<5%;C(%$6@P>bI1CG z2I|b^TIt;xiyPTBbhwK2A{l>8nn>@?5&>rvnH9T)*Z8?2DvUlGn8l}27iN~gY>*IG zh$)=Iht73(=!(MW=r2zfnH}<9$GLaWqNkAmLVf1|oG1VeFncNvz>xqDOc0)p_N2<6 zf0+3&?{khqc5=hG9U{34y{3nYbI1AN#!)iK)WS18DDq?d>sjf%QA*+xUb^X<;qjtRt$IhIP zK6H99PyD!$p0^Vy$iVI!p78c*V1m)V3z~bIAFXcw3*A`F3tw!md7(M^{9Gske1sPc zt&J>dP9bkfZXg&aT__JOveX4(+&t*@_Mn{$AfDjE>{#aJ$tkzKf0@BChDGWEqi*q{6N^bF5Z-H%-uHOh`zAgpf0jZFT zui;gXEY#r%nDw$t>i9#bq@HU@_Tng}jX9=EaI)7l*A$nWu@a5UoatVZiP+OR< z&m$ANhv@4i{Gp)%fG-F@!STnF zJSsTu&Y2YA*9Om|E(lL z$&4f_{~&L~)XZBcDs<)=#gF(i+0Zz*pg}MtwksCqFmt|*vf;M-c9eG+!e<5|CywM? zu!7SFl64e>oloW6Un8(CJiRs^)a+-by!E+Mdhqy6cSkiq@eCeMJnrnZ(eH;)e|%IX z;CiKlVQPHAAEa-VC^FczWoesvxrBe1ii;Z$RGl-o~@9(5@_+m!vlH6htF?EaWk>TJ3A}c>n#f- z$a#knFPo8;`%{@ydMkw{*jFcgf?f=x>MALLhNLuL%8Ax|a5M{;3w|1amC|SFz=BG2 z$aJ}<>0un_WoD|Usog%pYg_H5t^W|15BjUYAwdOeGN|A$P=CBduoYt@zF^oRJ%mC^ z;jtP8r6{_+mSBPCpuc4t(lSjszT>(=Ja$Ny{^5OHVDVP+Pl;@9ogUOGuu!T^kpp`i zBxo1Fnk9{RZHGH7v{ZM#JT(T+wzYyo_8PYD<8vdxPmwU#WwoK&Ye=0`Yf~TpbpIY3 z*Kh)27+SRtC9_kNSs^NURUQCaikDkVl_2^y3+I-b{s(A^e5BX2!7*Oj#TN0_wQM`9 zEn$Z8uLWsM0}zzjUWc98R(H+&m^%AhuHs&fudrua37qy51cN4FC7PRcl~9PB(qtU7 zb(Q|L`-nf%4Qj9*Q?MW_Kg!zS7!M)$KX8oShI#n^&lvv%3hv)I#y@#)!5F{0Vx%!< z-2Q*y7*9vY+5ew0egs7PcaHHR?=BeQ55O>t$Z_j>Q8a6*fc(dxsX3)J9XOmGnvV(G ze+atBsE~WDQBkN6p2fWWAIL0avj6-4Md^PBWA*Q3mhbFcz$}RHH_Y-lXUnA> zBJ&Yala!9!eXz01{hcNm<)bS>^b$kDa{8`h=X*IVR#`3T5Xb_mj4jA5Zp*kTMCEo2 z0W^!Dw9-aJ*-#yn?na2ZXcR+>2nDg)T3Ad$LurK|lx8{LT0rSf5eG%5n9QZC6c1u) z6bi|VQpq*JUr1(VVd=Lxs-ew!Dy-k}?N=<-$9mRREZX=ls3NJ>jXIpn_JX9ES1hw2 z2gYg^uE$$$JdT3oxA1Es$AT83W+Bkw8khRK%X{P60(CYi zpt?YR&Bq)7%HZa2QRXW#NhqNfn68LM;rg_E&Lk0cIRmDK(2_yirVqUG{?lTfa?X)B zHk3AtG2Y3~)pT&2gFL?w@~kUt% z0Ch#r<){jmzofnC6UH#A(DedSi;xE&tc3MmYNi00n7(iz{T%q^F}n^ooAAYeT{bJgF2aPsDt;FB_*^A7?OA6aF8@!nQ3wfYIfpHeT%TZ(U- za|S8uYUvVp7T@Q6}c3haQxShn%Rq#i*te_>j_Lg==WOXbxjoB z`%ukmnS|fehI>!PMk@aKf8OJ7+XV!Rx;jyHY5koWs(-}cL!BFs9uqTp?SAh>07?!4 zNOH&@kAfJ1iJ`v~=OrTfPwkGmZG`+%^%GKGKc*>T{vI?U&HcqYJ?G!U^l zZuZQrbC&+B9V_BF=|AZKhit|D3&4*vADENrox@Y%dE=4yek2PyRT{hl-1 zbMH-)qVNCn{{2XEpP4gf&YW}R%$YMAXEA&$s_AzCpMuAVC(m7@M8C!%&1AAOX{zuS zpPVni*6iLjx%m%zHe(Z7wBJTr)O_;jYPK`knkh)0fYjoq907MK&-X-?v^iCoxt#_L zFbj4OKMQo$R&~}hiEKuL=dNU{8uGS8ZB_I9b;!~3gzdwZuv;37AmQ)ka}{W%gTU$+ zw;mVsB7ii{=UFsgAS=sd{?l*g6XLMTGKU&r!}i0!9w=MSRLkiqZrb#p7om}B*diS2 zzfV#rmD(zt2jjBbzacwS#XkjA%rrlqX?_gO_LS!Tq|~nYlo*N&PnvvcqJN=tRY(3w zGu4b2JsNX4L!7odHloco-tXXLKe{6|9CMjOh|% z^XEP^LAQeUA{omv@@m@t3WZx8Mx^ZP2J~>|RGBZMlDtOg-PO|Ykg^w7K_n_d79sA>xp?u^1k;T!UoqF^zpGZozcq`FfZLaGEJNC8RxCCUp;)~eYzlJY-6mC6Ea zY`FTXxSWdo&=`3^%TV{l72M!00KCZ3)_{yTW6c%s`ogdug$-t5uq9kITGxj!5oNq! ztm`-S{2k^LwD~d~&~<0c4HIxU#nsy|VK_G7x*R#c!;zJ6on^!AFWVSb2DDa~>&^f- zMr{P(-pP(#=Q{Kgwn#NaMT*+Ls%9wOf%MSjxYjCEP(lUB5vKw{GDQr+FdG=;?~7PW z)OLM~A&7`m*MVPlV-^hb_>PIw*12cR$O8;X+o!I_rCi^G#g&F{5z4K ze+q^fBJ9No)7*3+^|QeYPt9wWWKF=xS$XqU$~NSrmi9#f!+FH;Ljfi3yF$*ftXmc- z*(ENl;0s`v12BJEQX7G|oB~(8&ZN<;j7emwj2O#pq zvXWf(JN3Ab^8j;ln`xur$kbMuHF&ALd1dp0^U(SRgM%hq*%WNsx(2p8$UCVOx&TV**C#UU@mT z>E|{T`^lI%adK^{saevfkB^4xR}HhRDC{J+N(PP?&8fjr4?4oGvC@Kd0mb(miuN6^ z^@{clmnf$HLf5RDsp|U-acz4)U^&ngC?urXWwdW|w`c2Ck~kRZ{#tGu7*qF%OH5KX z%=M~58m@Qn?IQyX^CXcp)E055Hq#z)=oDW(;!wsVDh(5?;O9ygq?97T?+DmDXOyZE zRe^}1Ni5{Exsy!R4RXY@Z-9PsGcaTB>czkm8+4st`S&z2S()7nd;WjHeyf@Gy9){h zvl$yibJ~9O170~^8wzgSL~coGcfm1+I&{CvO#4j%^bY`a&7|Xst^$wj49Drh>V5=p zR+pV&_*_c+qrdhFf3eMCCDxMzzWutaSZ{;QW2Ca78DfUkB z{(2lQxOESJC*lSFclqDcFN5FO&}aKYcVO^ekeHt*45qcJ816Q>%h%Sa{?Yx?qss+! zR}-CeF^O(ys>vH0Y+#}VTK02n=dN@jwTbg?LL$;4sU+63{{P7DhL0S-*9Hb%fW-WF z(a=q>EC*RcPR&0E=yrB>I5nTesi?Os7rre%aAaA6)^D7@>aWMghh>uUN<{hpHP?OH z4=ul~DgR;^+xpfs3l_e%5>o?pR%XK#(=biP#2RVmc3@(?O0R=9RS8XuwhKG^Fn67V zR-!G7a*7~_a){mJIHy@VziDSU$GRwrQvo`sVN#1^_~;=0Q>@SXIZfj*PAM?0VG`yl z;alXG%QGNbT)^V+1=Jr{aIMTw;wjEQKL9f{?ic0(Lzem>@?qrXFR7qIkv1~LsYHdC z;%tj44q}Jc-6IK@;+!5$aZ&+8GcnvPpd5a;4LRRr&QE;Kr$f#R=6p|bFci)ik#P5S z2ylB5&fApsT|&;b%sIFp40{H+fBq|hVSLDW0y%87Op=1(YOf9;cd~E~<`4=8GMfSu z4+wBq67C8}*1};n6yOdCaHkS(Mu3CC3~=cHw?E;=1~^=^6qs;qfZK*}0EIjNAdoH=zqXV;K(GjnG7oc%&hGjopeIfsUvZ!+ieK4)6U znZcZ(S+hdUMC4@c3uH}YYKn%X<}DE{ngFJMEn@n4q3}oV0&O7w+aYHya{~F7g`7V! zCy;+d$Z2IxAb+=za~*R6`OP8cGUR0C2`ng8AGi27n2OXqo}Pgvl?0H#C?fy+q41$e zQhpM0#w1DkWyskoNlMhPH{PM;Urt4bc@6XSYen_j?+7?L6>@qJBvTRrv!4Sp-zmE5 zds2o#GV^K;D8EgVOw8WP{PBM>fBGka$uTEb-)C|Ev#ol3Cz4y^s7kTZojeg}H{&}F`}?!lbne3=m;r;<4b z`J8P-&bx0Rr`qMv0%EfJnUMc9^P60L9A8+5938~U5z5ez5=9XCPqd-4YRkP3wH62e z%#(=PX*uj>-&nbdWV!2EZtiOOSMmC74T8zsGt)f7z}2!LS}v8@(_Q&q{KgIo2gP#0X z@kiDg@ybkQtp7F6|Ju+0s`0-j&lS!gtW>yfsaI7Hyr z!&lS-V8h5U)qJE`FB$Iz?bS%d;&ErDeK#w8^Nr0whPw>$%g9GJ?Zq`nwfJdX=oRtf zVd=4KCCTlq9T$GqgrEC`pA+0q)Xdll7Ho7mUiT|t{j5?J2clJhMT#Ae3|&$fQZ75e z{Npp2e(RbJ4@M-`NgfM%3~WbvmF9OLuPT{WWv&Z(T=|H~RhvsB&#i>nWgxC{g!?2L zWc?4y!y$`x?8J_b^`ywOg&l$*8uxnQ{rJ`ip@g^^kMqhHLxU%YcuW{&s{*7_B| zEd82W_eXSgKJ8%sv-l^o;%*CX78OB&W;`lr0OopHXZ<>S4P`;;Yi_mwb1ucN^rJ)D zRetQ$^(*|JWP_CY`6x0qdkQAk>E439Bd!VY-jUAo(X1BxCMsZwWN!%LLw@_n)Y6+R z0MAGh!D{(8v32BWIzbe)T-amxu5@JD97{H(e(v+AW(~y~J_>2bVCPB(;yIqxOOd&& zDQPhtjZARs$J&2*jPG__p)Gw-d(WYOp#hGp!*p5)?%y%rdl9fvhXaGrLzv}yh!#(q zh6#A>lKa1a%a{Z3gV%i$5>hb|2;rU@$OwB;xO1T#WcuTrZVSVdB)xXkUny|?94O23 zZHicyMA`Sa9(seO2S#4w+!WgL6C zT^Bs6xkcxV5Q=VZc-=Nr7j4JdFTZhsva2xXO;%pG^Pc&8EFA27MZ=u(v8k&qyJ4z1 zv~rk1l^~~#yGmfd_-M|8(_FHI>Br$~g{a(R+hO#zTZWnej)DRq40#*mJ3k2sC(tc~ zXWxS|4Snv?!^a8KiY|`AN^@Uz0nMn*MlASHn80mpSBg?0$0VyzQa;fZ-<)x&1+!eb zuu@)J*Y@0jcOrayWS1v5l)dv5uoGMSwehG5m z8b#zR+&1P8ECa0Cg!_=`GH{jfCTL=SVgUCVNvfFO+c z`WgH*Z>*)S@133sw@kyyfBwK_QfU&4Qu z@ehj>(fC(uiHgR*bHn)8)8F`)I=(}8=-R*y2S7aXysaWL<_P>?elBmFbt5B+B!Nw& zp1N$zhuC$FtaMJW@fYVVaN!c`CD#A9m7~D66IsKZCk1NlMn!>5(?_ZMQflT zn(_zdh|NzFGWj3cLc-GLk5?h=tu{|#3}h81f0l&?lG-Xw(iKzGiaVmu^MKTx zK@F3KxnVL%7rxS9o7-lsY)Q@sD9`8K97vv5dU^i#>Hg&D=RhEzN@@%|0%f9%UA5IX z$dJ>?hIIJE495zyrVr@Z3BoKi;f(wBbT^-~t8!MJVu-?a^K8PgJg>=e5?Pk7!9SLUlIS`7+M$n4Yr2lrZHIqQ$ak_3-?Xt5>qy|OMOFe1 zcH6&Q@;6e8M5G0a3LElIms|Nv#5K{0x!E$C1GZv$kta`34}2UIr`{YxQIG}ri=i_D z?6H6(x=V;xKw1lIC}dqf04jM4q9@h#Rs3$i^N^`V%RiLC=0iRLsCT99sr7cCXtyVm zb>z2GGCN#>{2$RQ7v1fHTkfW~>+l=zIzmNkq)Ce7EpbAi%!d3Q@tgFCE7a&leECY0 zxyizD5`@i>6OtIi#eI@n<8!5svqK%Alc`rnU41lpgjv4EkKlXk%y|S zwG`B*!n5pJ7EkEutBGK^Ad`e8XdO?~E=e9A{S(}CpOd(5uFW~__GJP72=kzg=mF5db9&-^-moEiPz=)vs4BW1?qXT*FptFOK?6g2T(9o z>N5etC7kXybCRsV?r5hmq9Vl}9LEO366c&?-wQ*$|tnYW2UXWQ(<3LCF>& zVKMl>D5+%UtB^G(p=9*X)aa=YXlY%)w+55i6?6ct(^#b|Mfpo9dEnA^XE`2>$pgEP zk4IG&t{;p<9tiHEYbAeY)tGDUfqKfyLkPgy`#_`e&OqQ6d`!n0hXIibM%mSfGdymc zT{TX32|DZ7V33>kOal!USNd}(m|zd~tO*tw68`iG4kKX=hw}^u*sGDMG3{TunD(#o zXsL6_hKbhH8BE)Vz-<2v=5;!FyoB!+q~2rI^J2Jv@ZexyWjNSCL7pjp%A^bN1^RAqcS&X~^%RUKWW}ECb&5t*9 z4rxAws~U*4=c}cn8R$vUaZ3XMMyW}7vPJT*j@B>0Q>Ozo;Lri*tq@uM1!7e8*`dU? zMWED>_T}#f)QTGX<2j4Q=^8{eQdM4uxHY$TUy0;(8S*j3$$@!9V7~s8FfWH2+*GsB z+`{k@CIzdeZ-xnxbBQXg{HSgrf`WrpKTCjBi9aJ=6eV6THFD=|8`hy0!iU?~`VJ_? zaUwNP%C@G*kz|Jf7-ZJOU`QO0#344Mmv;%9o8|#t$o3b!$T2s8fP!=*Pj3!L3`eWA zRF8%;t(yo~pu)`qsL|ag+oQ93;<>QO9DZ!_tsOBwbJz&{=SLJ7prYmUFF^MCpC9RrH5WKf=Q9H zgV~ZD#Zj?7R*;BPiEw_ZrCn>D$D?LlKzdcy>QVDGv?aVZ;wJBJ$+5f-h=D=m z@O$W^oWQZf0Uq`i(hxa>(AV)GniV024U_bBKouJap)!N`i z4p(gjO~F#Fe?mGN)=|V#<$nhhtX7(Y(=j+E=Xf-CPI>)xi?CoBs(Hv&GbXC$CP9%{ zr9@xj8f|&ODy0nwmZJMfECf4$_83P~h6tK7<-pc0LO}EF*onvIXh%OQt4VxITRD$V zXQ3V4nELtk`GNbtC{-RD{TN*Y?J3LuCdk}+fO&S2|A5RFy%czNWC@v9bpJ(3Pbb90uVAQd%pimoe6WS}7#_1U4_gk3# z7$FP$juIZ#{eX8ZgrUVkN5X~}dJS3PbdH`IW)Xw1!IAL7p4@D0r$%b?B#Ius2=y{ME(TQ7+7W;1pdTZM|I6qC()V?a@v}r<_y$T2Jit{0N(Z>LZsfWB1u)wA;-{3bb~`+r>jBiOkD4xSoy=Ut`^807&|L|_2okO;S%Tc12rHmSyk$rcTqR()3I9l- z#iEYf=L?g8T-AQNq8z*={TBwoK})uR8_p_1B@6bA!1b7nY<@t=UR3O$)b0w1Z6H zm#*UWWo8Y}xQ%6YP0jlom7LEv&&FLgfqm_$lGod8q?v#hf3={QDAP|fk%MNw$3S=7 zOjk)kGvC%HEW(9y(#*Fx8x4;lZ@ih@I2fHEa{GUzy>Vl2aQqcdws9^#JN0?zz=8!Q zI3N}B$87!kulcZ;d)RrAh$<1mkef7IO4tP%y=T?CA_IEDe0L-9iOv5EhC3rQSz00S z2_i5TuMq=fI?K>M#OPyF6Mo?*)@A+)YQyS&1;j=_$92SwuICL%U!~n6WX|r1=$och zGkzlU{rN#h-|#@6l8Utfp(is|Xgzd5THScc_yeL#qU?5T>}8YlY6sCiozXA=K!a}@ z5&YzMYELte0Z>M)?4N5h)X+3iMPOq{UetT-EE&|==$Nw-S=_sLAhuj{My8L$m#{Z? zLp#ENCcn^Z?2Sl1br$cRlK9Gi{2%A||936~JN;nziA%nY|0k?={4Zd731x8nE$Ux7 zG45BNYm@$sn^j{Q0cOJ~AqaY>GO=+V3{&uZb^=Wzpu^XRfO1w2c3O^0c>)5vo5VR! z5_~BYUZP9%h-}saX8c0+5auI@l7tDo+-NH6$ssr(D=$}#6=+P%HT<%@5)aXf@p5}n zI`Uit#OefMv`(V@=qBf7_VDJbsunVIBQ+Dxt>d@wZVMa*LEYpXJ!i{cDV9(P_kTkU-+*FCz@%Cv zY30y}Z5AI_4q-s@^S9|D4^^c>sIKb%RHyq#GCJJM4k7_+D?hQ*`Q3v2T=^&d~y+k&pQIbCl9yZtX-=O7Qt>0TZ1~Kj@yQIujY;AH(gL4@q zlvuC8`6;vKDZ(Du5>iNO9qr|~^B~5A>Dh{ThVv1XM-ho54qCq0EJ8!vYv%nO^5u`m z=n99?H{kdE+16pFQEL8dOwgLY#^T^*Ni!SA2fKpsVSipedB4 zt1T~wStIFV)CES;MWDNa;&eI1;jE*_>OhZq)Y#4$FPQFtYOGSb$ksO@_e9`L%;6Nj zo)z=2XnxI2reY^wd|BAv4JKnBp|g|Slt^Ay5<~x>2E^L~9rK+`Va$z5S?ZIRo(c?$ znO$;3DrENeL)lGbc7G!hm@UfyST~fJ&fcsdTZe%P5s*4NNEP`mj`6c}BoZD0ksXQp z>0kD}BJ*RO!jZ#@vwO{nbg*OO)O9n?`9i`_nF>d2&AqI+NWPU^^2>$Nu}$ilV;c+Eep! z`}_4l_!}E{eg9eiqUy9eo8D`-WD5Jw5c!elKOeuTPZsx`!ugxZ4<~M&DWs9YIJC-a zA&uhfub4kvuWZIbtaKf>a0{i`kpG#og2P+9Fxe>LqQ5c+b0xXJbo>T0@VVlvv=8}4-`P=f$D9J1PFq1-+otn zjXEao+-6rJY1wuKxQ6OkLvqO6br1^bfbnf_`9Wn!Hh(y#CX2 zLO!k!tKOfDva#M%@Cg>AiM&L2+{;y}Mj|0?lask8JZY%+0QMlXw?rjRYvtUd((dYW z=OP>L&=eDnKElD-EH$r1(;l+=Y*=IJ&qX6?($12y zlonzRykPaZi)_vpqnzx8mFCepo59(L8bBUm;T^U^&$L-Q5h=`dj^(JmIZI6(FqD2-6Q|KLUS)KE)mPWhq-^3m(&2P3k_`Q76y)C@kF3RfW}~GMWLz~@CZSpk%#C({SwX48>_`n{{P1-(7!y5A zz2H^FV=M^vw=QS4+5;g9JAISIx)ECbZVdRb6^Y(6u=lO^_SgU4Qwr%=Bs#^5LJGo} z?F;^g^DdaRgU8ubTM3-B{kBchMXOo`oNSmg9je@n&k#!Ba5ZuA%+!MO9aOe1_ znA8Pm7x2J*O_RBb=T4P%?rCeaqY4x^hN^`&L91(kSyV7AJvPv9Lb8e{aNT_2c?yu~ zhX3qhT0H@ycn>ndVwyGgC}2fr<4+@~2}IH<;vxz+*{$b?Tkqk)uYnhQj&K3}?N-2P zb%Qb+29f)K{`@;!Kz}pj@LZYnWK>aG1zM;pQNu!KiRRzc&2?`NxV&(Rqh=n~=sY!F zD4^zFw>xTvBB!D5?XuLh9ixY&?t}c&#yvXG4@s{7%J?)OLEmu%y}LXj==1`DzU~Ps zXO7N6HA02y^uxQlZJ*#1?)ad47exT?NM>)Gogx0TiS+Lu({BSZUc9&7<`^pUi=RiK zW~z&+`I!8>Z&}1Y4KD`u+P$EDFzvcA38od(QF?zl=dRC1;h#G-ANMG0T%aKttS)Wcsox-R&A#K#I0l^R82$JAz;r`M(`homZx zs!UZLQ=O_jp(gc-nfPydb?OtD%G4*sDrL*iUE#FI75G9w4So586J$)!ixbPSC5!hP zQlk@M$S+iQWZKbw;d7wJ-8P_m((PJs9;3C?2h%wgHRdq*aDLZm{`hEo{CjNvKo95` zm>HWNEr}zNcSL}!EbhU&$8w{!Yy)1XN|>JlZ#Kvu7Td4iN>p;W)(V@;ov4kA@main zKgR*-TAW+I|59PH-@PE6o7UMC;O>P3AIG4e4r@Wq&K(~_3$&nARE`2|n4hCWX<Si34$bKj1PDChrH(Vb`&*Nz<^6n}%8kzZH2`&7-4i_2OTzFfRRGm(F+#N0dJE z(zP};uPu1ffwnl%^BkyuF@RL0TK075=Ji_=D5{4Yk1Ti*M>-T#E2%BBpsv1s7V}to zP5N)Ro~N$f?BoEEXxl>mxVxuae0J`-#mE=_aGryE&a?@qp$TNu*BqNThp=qYG_Z*t zjHKcEv*D?QZlK7_n!PTw)G-d1(!BXgoZi2qoI~8YEeqisBLVkE!ZiX;Y53WXEDy$_ z9uzGvEb17GqF1x%6j#)<^#GLAhZq#)qF-8+8bE;`FSI)L0?`pf^e(&uDez`$9N+fZ zqe~w*<5iid7Tn%|Tx2w-?+~TKX0V33JKzJ-pGQg?4GA~!G*4?=Q&yw*TP~>U$WFVX zUHq`6(H-qi-3%MNAl(7gZbjMFR6C|04eyuDZ#oCOPc`z`q~N4Gw3#)ETxe5Zr} zE%L9w)7Ls%t$~8pmI@_lm3udIentL=D5(lAo7fVVDTPPFo?8i}k|#-!?*4Aww-@vFUYVN5)ga^ydreaWB6a26 znyO#!Nx7|%m}(JQ_e1>bOkYJ4)R~^Y4gNscugOlkYDzXeUkGTISm)ATyBh|Fm~Y?I zhnMd8HVF8-oPWXFv+*ajQ2OUA$xF3Q8Fo!W-&yd$G`B@yJYzXa4Y#mLk^CLxViPi4 z6P?~&$=>1;&EG%(^aUF#u4<^e%CfSJTRZkd3PbMmWsSup@p}v8qJ_{j+rmWaeiK@E z-HonwBF|KN8m*{KH8Ge1wYmnPs)wlRTWW`3B2hno$Rt=+GT({6-X3$V&p(Cclxm`& znI$i-$P-Xaa{!1dMCFe~ulfeXm{y-^ufDho@(#lB8To`?IdPM-+XQ{dJuQIid3`(6VvNb3)xI=3dAF^e6i;m zez<#i(e)S1z9uv4S}KG&9U>BjgnwWv7o&X9{Tm#AG0qIQo~^duKRLMYGctVi<@b>G za)}g|xD1yMxQV|&Yak~0Bf7WhdtA2&o_|5Sukeg}L0!A(4(LAJ;X_}817}V>CB}qM zQ;wd}eD#zNsbCU4r3$kh+1iZjJ=NV`Sn#U~VSUC^`2CvWES5cX@yk zW$EF%yIPQw?n9Yqd!*kVr2ZBCZ`vIdV}=|n{T_f$$y`Mbp_B9ZQMW+)TFLTAUrU&@N;nmd+C)nU|f93%(iHT zN4b~o2>~y}YSEoVrzDqbv!QY%SBAHm`RO~0s=NVhxU(gFr*Ff>Ac3;V;h(La+>N3< zf#V9bS6klEomqq`x*&+6TE}iZeE(G0TdB*_7{1S3c{awT3M8DJI(cPkERweCcr!Iq z(BX$vGBb@|ysPKfB(Iug0=azx+%|?|wQr!K23D_#jU4c0dz|c;DPSPa&BuDcksqx2 zjh^(1_;nx?uijE{wT%-9ZaX1+HA9&CV56f*=Qut)e6P#95 zBptQ_b>lQaWBj8uGo9=Ifn96|kUPU@ILCMFnSK&2r6S><%3(*2PL-LXe?rIR1ii8< zXEh|crRnt8#Jc%ibr?TO^@w9on+yka+_(+nVTXhgtO`OeqM=l;>84U zobWc^#TPeD&%TbH59P!Y=;8R&jq`1Tt+C+#fVlmXA?%6ygziG^%O5PY(K*073p(1# zK+~63Ym8y?9qfrVIc$~?=5XNr+X6N0NWlCW|4CHV@w<|A_L3L9=BRl({gJ*SNzP-H z#qU&$jlP45GV6k_XaCX#YR;@Z_Y&)u&L84l0uf#fydBw&GI)eaZ}6>L>$#Q8tuBi|1zr?{UelL@~=EM6-=-DP#wa^5c@bn(f|($@EF<~~024Ue|$ZJW8B&-}n=ZhpV5;DPQM z%d4FTX7_$Jio*1_zIGCoNzA^z5ZHN97!33>|Dkx2maH`=V3(l$sJ9wtevO0Q!gc#9 z_;-Ir3*<*peTf)`-^B~veTB`l&5D_*IM_T)FJ+~+TFBwj=dRA?U2!uiaW=0@^Lgh8 z5tw(b@is39Lq(&9zxX5DF_=_kZe$sM;RtORYLh)%dkHp2FV8ezT*C`+TuL3c_PDC2 z5m;tpjR#3NdKYaOSYEhGV_iyiK2xL)xj`&b?SFG6;hp^Enpt4*+(j%$Z=e z#aeYFaj&z%St;6I)|r->I+TH1N9-vpGL73?VxQ$8OwiCjdd=lGpb}a9!N*1VVSQ8g zSX~Zfr;>72u}=kVR&l?A`3!>3dF!?_*22`B8HQBW(9X%7x&Ly%TR-2fYKRNsc;Bc7 z0WjjejpkxQKQhbm_9S;sZm8T%E5rwGr?l%gINuOn1;+LRIO3;I=D)6WfPLI&DS?67Dpa;Jw#_jA zC{F`PzpxrvPi~=EgAPlLMhMx4r6eY%(mREnRfA+IxT#10k=)?P;4o#VRL#hl(}%Op z_3Ag*CeELoF7pl8&*m9xJJa`|Bo&5gXhkNG!A4z7p{ojE#v1uqgjKDEC1h+1s3hY8 z>&i(STO#}Um*BTBAF^BwL`zV!b%mEu9#_X@TUoZDZgGHFTm*9!U}Vd?Z+uauAwe zuR4hKt#~uJBs1&4%*t0bqm{%$i(U&5F3EV#nZ{?Y51sG6&B(Pv6hj3?H&Aq=vvcrK zlkQRc7$_oJ)WIA7*OS8hS%R>x1MCMqm6??mX=A5n^>mbx}n!+lK! z)zl=b!D+A3mG+AH@~yDwwH4^dbzMNuE>nR1iJv7}QG`CKtSz*#L2YFlT8N5V3%5fH ziHK_vObSW^*bQrpT;dx+i z$g<`5iAy!0Srf~@ud8aJw6<^EBPzC>g1SW!cZgOtaEq1OeU_wl$6YzWBDo4GkFuoO zSh3y>;EF+~MaPxIm&dqb3aZ5v1)2bKnx4h^=;51hR<>_?ZFBmbhPr#u2hsJ*@|*%n zKPc!7Pk)5TeE?&?#6q~faTy?rMKP(Uy|O+OWIPSTVTW#Z(i8qrp~HADoPlB?S&R`Y z3Na!JT|CCJC(3h*s19Ln}1(hBauXw?>Ua6^2d~ zw9F4X9cF(_8!)si;V#sFVedlJe&G!q2NW$c7r@;RN98FlquBLXgn0C3_SOhzoB08{ zH={qTX2NV65IP4qG)m2WC7D>KrQbpS%>{;JV3sjhuiB-@5yM6+wK|Gufe8Rpjipbd zMKLIYRho~V361U%Ti%mzgT7i7<}j2DVD-*BuWRjdi=1@MsRl3A zYZPa!I=PK{E!$_E;kD$Ct%O$zNBG#U2DQ-oB`{q)T773kux}2PA;rP~I7MW@=Vb)P zcm@V^DW7)KBqJ{#Eh8ObRLl)Hc+Vy-OE&RUv14-H&X}WrKzoIkY{f!70?(gcW?!sS zfax%v4%uB7S~K)%ZL4MDPi?Xtqm?UsZ6=hwUqG-I$=<_bOD=ZFs$;@K$4_bfW(h18 z2{@h&N@6+DCHIG=EkW*{u2PG|a%!YY?hniP2`n$;z_z?-lf?3vOYRSg^@p@l3KsUe zwhHQ!`q|3rE<1r*8~RxEYtVW$uY?}8I|X4!YE?brvp^sLqYfS#Q9U|QlQ_qYbe|S? z5V}w8E71Kd9X`Zl*jhP^@n<}b#G|5-7WSIeSI1g-M9OO6Zx)Icf&!<7dtOjd3rE`I zjcDO`0V&eL9b9sMGD~XVKhIA}-sY|;OFaV4515D8})PiyNK z{In!#TxlsPDKmGyhQSBXo@ENm0kr~r{}`bqJ#W!LWZ%?kz~3mer1h=Db|Zp_G_dLg z0&_Gtn)|JHGdQimgBj`hQ5T)XDLq9@*vs-d(01F=oaB>#!%h((sK+YF5r$iZ8g|ckj zIuZShZiWiXI8@ESWLCe0=(Lg-+1cx|IG>HHk*9)G(}1}R3yRx}YVlZ#%Yhfy*njZu2tM^u>h*LMb#(sp>Wl z!&rm7F0)F1SoR)=bzIla_tDzGon&oYW?`bXN>|%=wKk{#Wr9MJq&Ba$-R27mSgTLy zGNUEI1-PF+C)9qAj^W+vQQm<)xw2=#I)Po9e63AR48O-FO8yQY8mhKsZj^-Qh4FHl zPA%y7Kr4br@bh#d)${m8Cmb_UjF;3^Myem_s&8s? z)i++M)uYl-z2yjaV>triVv-KiG9aFsrX1M?zbr>;g(K>GZj2lCQW(#sH(eyZ$c=O4 z7ex>R^f9a67$;CmG}#P}aHO`~=KPidJw6!;+DZLPG+tqH^U>3>{Ke};c^bcYTF!a~ zooS9$ZYWO#?k(?(MEdP2PtI)fjnGeaWG|Jdr&}Y?fq742uoSFEbii@7mPL(5r z65f;XxkR_JQD5y=YJS#BU-!ra$U8wp_`HJN;DyVyaQxe9!nvtYO0%w^2Ne@a}B1&;%j=W*Wl&cBrTOuDc$ssW^sH9U?8xc{nG)4 z%s`>YH0ri4w_m1O;@6Cee&#aK7=*|;Bhw2usfhH2%njg!9wbCJH@$GfIg}Z#N4Apm znx%88=U%u2sKTW63FrY-VJFs4HD~v-)l$|oWr2yEJ9#Cu-wzbpH}TSqw6Fan;Qtx$ z(~OzQlI?p|4BKGacQUMM#Ek*kcL?jZ+F&mNLJtyse-j5rL_M{QCH8ZpZ$N%0;RpqK zdTIIn<-}NiHCL9B-@n984YqxkVb}ZM+jlDKFCo7Z1~0!$FWyM|J~{#T=fN2h`Avt< zR;-^pY*PEKe}7ZjcRB0d0`-f2n$u=R9b7w!m8O|uv*cuLKh}%JQV@AdvKp$HYH4>J zzh_%?T-gl6H~{)%4d3l*El*aE>U=|t;FPSvC>#nury z*7*EQfp{S6A@MPr?m|kc<$t#c#S{(DgyJ@bCiK@s<&;uvX$N7CZvW0k^m%W*0+#

5Z3zCsZ5ZzPn-{W@PEYPa11!rcpaEw=ORcLnrgg1 zPU!fs!EBzo;-W;_d%QI4itof}W<;uSY9e9lRO4}pgl$rdd&CJHZwTs4oMyJuX}dp{ z;u%Or@>t5(01oB_&bkcv`#fOUhd*Wc!{U!G@B<5C;0vMx>ix;r)&+M|(Z3}iD#aX$ zN|qFo>^C30d_GOvukyJ~G50GUz7Y|(3Zz03G+_m)cvdhW*t-h~!W%~=M?vX^%M*ZA z2^7F)*?4JDIh%2&W{_Ehb=lXwxVC^r9DiDtI05~MRO7h7KMIRJ5%ECqLNhr_5pDoj zZ~zJ9sh&8wqM(6)a=-$oFNhx$>Y#%_Qr!F2&!Bx}_0bv*PnogY5GytX%P3pmg-BQ>VrG==@h_pji~!sAG{q_jVhcgfkMq@r z@gC%rh+!b;FfujoPzC5_(4p*Be~Tei9^j~bEKo9*3n|#fm5HQyeMv|IC=>$(U}APc z0$OvBTPd4Us=dYsR>_2T4lXh})E)IW{)M4(@K5`IGf<05Ats;a6=rA{KWCM-FMl=x z9GW8f^vcGb3`3TUqZC(92H_cbOV>`|m>><8sH?+8xv0L{6tD!d;?)RqB=7&5&iK(F z^%bWcoqQL>TrMGB-I?noBV&}4Z$~WO4$61>ZJQw9>%<8UnE#{l{qA$6!!Rcb~X#kRzCOAaFJjtOJ%n(8Y}sqKG9MJaK=8=Xi`^tV?K*q3QY0`(8$0_#vs z?O!r+(D9(8&zUgW65mLe?RdGy#@7a4_rd}eqE8RbX_=t~A?KicMf$`g0Xs6-AvTD@ z`e*rm9JWL}V({%*`*GW2XNwze&y^c(&jeALGaX~}9N3ZW6KA}@+->}FJ!-1YKFf(_1Gq4W7vr~@a}Bf*Oc7yDU>et$zCrUoNoL<~L0zWn9Lj~P_t5DrRLCk#+a zp(}{Z9R;pnynlOB`v12BGi3tgJsX*Gg6V0>sF0b5s7Y4wHAPHe^Y!_fh@q zWT;C(?HMYQ-Aq;|FRU{R13?ALy(he-97|ejl0T2FkX99t;_%|3P`-nh1ZZNtVjSLzbwxV8Cb4I zPd|?|(kdgPyoDO0v=dCtrF>R_OSYLKJ){GTu6t7AWPJhtts*Rr74>Xb@QZK1P+ zJ`>L;20#8Rj@tl5D0Cm|<9wa)7V63=1kvtzL;>_hosls`z_l}lL+lC=57l1=6#SO4 zwI1ni|4XH;XZ62ciJ3ET^igp#*$V$tkN)?e9;gYk<;80Y1{Ku(s&p0Cm^ZMo0&}&> zQvD5tCHzUdK8pFcyB^_s--YVAzXLVqP-9MA-4#k6Qt0Z!$Xi3i1o=Pj82Ci?XnCgi z=!&2}J;2f9ACm2H56KGq8&6iOfMH~!9B8-E6gyto*cbBoN-7qJcg9j)ew4t-YLt{@ zX}KCfPY!8iu5gdTO|>!9*$_sP{@X^!nLXaq(WHi_*yrn*FfXbif2gSuUVcr&DV+Za@_4fh`+ z4|UjSc@#e?+;4C_%Im#I0*eGI?CL$Q)hk%NKbWvsmKRtmXTzMY zm8GuQ*QLPP3oVge;x??>ubKS>0>da2bLMG4qN2sZEe*GM`4G|7#Ml}8KccU?R;D{~ zhdK513j3DQfPPV+uo9U(RdXRmiA+Mbrba12##JR`47H-tB5a{c1pL&cPW%wjG&x+V zP*G)8p`yyFLuDILsJJq0q2vmL=n?e5dyb+9vS?x6`9+~3#P+md9sS3_>ca^K4_+Vk zB5YD0&Krb2oM%RV1cJFq9Qu&Ko`;|hR1EXfq>byt^b+lO$fRb* z`dwmo$|;0>Ms*84YECs2Wfv7LIvF>M0KM&%HUaAg+X@79nXaALo;ZFeII!M*E|$!p zBX(Nm7K`Z5MwWmEot6YBb(_zy4~0GG_-oAWCj*~dt-=0BH-6DogyI?<2kv9BS@>@l~)_^4LI z;|=wpSK`^!X;#{q?m!*RQ%uY@z6JauniszbTwd!nkV%E+==~)CIi2hYm)WlHmt8Wk zZ8)mHsOv7Xb%40cc7?y}5{a06>SeYoTGA^DFS~?R$c?f+a+z&Zr^Y~+L&c&*xt+9n ze!4x?_$9UvTGbCByml3Yw5JwY*O!1y+*(Rk`qEMlZU|4ex1`(qr|vQ+hztQ#WKLdp z?}F@~!!7Ax7+fVe8@*7lLKfNC-R8Hqd`SLwA+HOD`KwxE7diprKQ?611=Sb}ppN|5 zkPRCr5@W2ESryE(5>;NvbtiUBQZ&EAeE-|fLI8p%Ud?foJm#Ifk$CxFg}A(=5SO>4 zm-o*m95|!K_JDAc-&clBRVh*9e(YI|*I#v)zOTH9{Cn&0m2j6h=2=%9{mHq+cHSo` z8~0!!%;4i&zg*`nY(roElc2>i5iabx-;+MmXIq1nrC^;4_9sh!wCA$a3N`I0?SguQ zQ~S@Vndr;24q!Dh5}{M@?DjR91`^93?34APe4Pc8&9evd5;pW;XMNcB`|`hVm~gN6 zrPo^sF*!gF2Mjwf?{Ud{19niy&F8@C`+L2`_EvLvkO8w)yKuPyJ4RyJHD^v9uBoNj z=l92+Ucz7cIV_THTUX~?EGLBrSrkkw*SrDBu%DR5`KSNIV9wjHA~c45n9dBt&-|Aa zTaov*)xPLO`yi8u2N*41+y}6mTUd;3AIJOp8F8$VVH6|otH+46ILuj>D~|V8a7k2- zEJ>>)A1u3pkROMHaD@U;)7z1uRo*4XPh4|=^)Bw5xnei+2LEwjZZKO! zuL?*4yrCZxg5egSu>ctmyM^VL&JLlMQVM$ilAzE5^j$RDJ+#vYrD^l<&%c!-bk zgoNAJ$~Kn%x>Cf_tpk*qXmK;|AhqgBNMv0(ALaXvfCww;1mssd?7{(wU}Wv)M2wlN>#|q>m-7@>H!I zZs!_vI%_{zb(40r!^4-f%C#9xZ7R))(Tsa1Vu);OuqeiDWPBQpq%;#hdB%y1coiCtpfc$iWR?k?&!@+f{v|`0`Q~J>Ti&S zTbU4f3qMiZMc%>-djQz>&VjV;F2YXNn)=LUM_WyiURrQ2oiXGLS97ILq!{M6oh<&GDB6AYI)Kep%0uF|JF)g^cVdV2Y|O+4Kt1l01!*+FbfnP zTD`{Hl_73F^~+)E_eoL~sWC64D`hl4H5R12Y)Kiw>HWuUfEA9ALY3jpp%n-@mb--z zL>N&a-nSEz;Gylzmu*&PA6SxjWHT$6DHvfd`Q25* z6FhSQo?L8%#~tL!&yVD9lyrXDc{I>!OA7l-VZ8ZKW!BKt0*Q}DY~+q*un{|jJms=7 z@%XNw{5oW^%9xEqi&rLYChRu=8|>Ync=>^v%RaLzZ5bm5#D)UWh_QnGcI7EFdp3>Q zdhk>pam2Y)eNk!Q^G>HThLE|;Z#u)M= zQe5Ot`uS!}iSdL^L@6ofM}uH{m(D;^UQXC1s}Y0iEIYh!*`*>GptGFJ3Pwu>=qz_0 zE;<1=`pz~$*TmDw983Dlx3s8>`&*H!Iu(f2m|bDIB9Z3Ic9P&k+W9#U#X!4?QbY=x zAkwYxgGgm-W8@W3m?A{A7GIZwI(dHqRM}Tjr2G4U5V!13RyeVJ_mcWp#~Q^L`i`G7 z-(o_M0wm@WI8P3R#wpFllu9fbEELK_tGse?r^X(@RPiQfO~r7X)$KX4{+P{fSfBx2tEEQmqy0*nGN86_qMVsf4s zIH!@d9kwxIiu}Xf-rNXh0G;H_*GbGcN6hah31{dZsxSBt#4+$xp33|4kPsJL@lM_+ zhU}r{ZzB*YlsT=^S(U zUT{})dNpd8hJPxDZ6law>RmK)825_ds3eg

+ zYLC~YA${fzEU2TI>{f%ESG|rK6QxJqr$vqVP*)?ddL)jbM>RDxva@Wc{pIwr7o<_&UnOp`*{>nIdsTh4XLyd&YaWDOby1Lq!R3) zTy{Q4=<6|Oud$`wG)(qS5uKYPJb4H}3l;~X^CWIO0nL5|hxas=lGjn&Lk7BsVL*9( zmarFXlDsZ?)iQnZ1pL?}c^&GCZmva*nYKb?;pFw8YI{;%f4)s%oV;c!Oj2I=sC3~e zWN(N0!xhf=@DWSiUQPEAVxo1#=0NVJ7=i&lbXs!)N{IBbvpbqs?FnJed)A7}uZGBc zd$9=nlE(yGI^G33)m}nj@544x8!narg_o@{eKgUruwP+hhD zbgqbqxd)qarFL{Mv2aI+15E7bK;lMsbRaGuJ34Z*qhn3_8A>Zx&(jsxsOS_!b*j-W z1thAjjA6F)TM%5WO&n5zv|6rZs;_$nXf@ygleJ*>GkSmPAD$UXAk<7lHan-OzdVHXD-KLH(Cw`c?}$3 zzH^x?dbk$N4Zi4PSF}Ql8uMjY7W8{(R%p)wHLzo!!?Z>xC{DLqQB`Y8+5B`TU%R(Q zaZx|R3vdX|yq^UgX{dVy8#>Pfzp-FF5pLcBJ24it+1Zbn?HPlhO>C%Z1ERes8eQyK zjK6KjqV(HzN;Cr3nc@pMvzIilGUq=vRQpgqDs~MCL$O5wY}H~Fe>g{TO>9yR~e? z6LQ;`^kMa{X{0G9lD7mB zAs~O|N6!ot5=3D{`@ z3j=&;4G5qCZjc*Od>rFDq_@=)$|VMsjSt4hYz_u`Ye(ekcQj1%_{>#dG-V6#`BaW0uabr0`pU zWCiQFl_iYV!>GR$KOah=;dd%=1M&0cguTMTmNZ@nvUA=8a_wTm4$w8Fb51pMI5}d* zA$gfbPhth5Tm`a~0RcOAZ*!L_SZy`qUUKwgBj*vm2`u7&g!!l#>pyRUD(v2fM0-n| zNB9k4qW}zSn`*e4jSF;A11YXCFYWCVBW!?3-oM5RX(RvWyng6Akab#R8Hm2E39Gh8 zIdj{$;y*;E#8w?klg5aljgEn>eY$e0hgHEY;A7&nY0%CNj;wLZdgaehIk5_+k)~ znSFQuM)hiJDT{tPtusp8E7hbShbPf8Ys&G1wC2#YwBN-GirPqPpht=67B%T`8QIxS znp<_8@1PQYmYkAnFk^oxdA|zno6=U-i|~ed;1S_&pS81T7`X6mx*9ke6$l3IUKtzU zkzJ;RbKbmNO8ZI%Cd?Zy({E%;*R(PyzqjL!CSB-ouJeC$Fe__EJ_d<05x zs2B1l;ePyj-ibC-4h-Q=TwJi#fxyt({4!`%Ji>Q7i8DskV}?CUF6)+r-S-fVqc>PZ z=~H9Dt+H;uSMBUW#OJT}!{>{KqiTC`(?Et`8e#dIV8rL7M_Uw@-SSpT?x4c5>nc#e zQYT1^Cul#Tv6WlzaPu~0=HRNn_=-fIeKPmmj^jUjAUHUaH&4n=T+YhHZd4;chlhQd zIB2C>#JxJMuoiba+?CumN51>Qa^NbzlS?K!-@1v>zmvJmk9G-kx;smqw^0vpr~jqo z!84Yn^gh1@Snz$z;{gowa>Clpc~0*KkjEvz-V}M9%nHh#z+-u|+z5I6=2QPUdE5YY z1#Uv>ULI@_cs^{yVu`pG%H{N^pvG@e_Db3?5u!uWGzuxH7T*7b^zt#qm)CM9x)cdy zIH79aEV!;U>_;yp-*bnSmhbS*!BQUoU@Zg4_l04A-NnL|9C(ZR+fQ%V6!~7p3RV`% z*UTulVfe3rC4n2<*?x&+!ONdmly#b9A(CEQnB`><^}jC`)(X~dz27gORmYFq1g&z^ z1<5Z;)}EpH5NojAV>d{rT_w@_E9r;1tgUa>tb+brS|ePQC>*p@RvS_+jFcd~lzN?5 zg05i`rQVtH^4Q8$f2L;##X9W6pO@?b$c0nEyM(QOT?6~y>yF{+n!9=%+!BqUD|x9> zl`0tKD`n2@k_glpsjF)M{5Gp7DI#Ga5i-Bs2fDRO(gFKL+KaGivW0Hw`OJbstd*Ssr zq_(7=D?Eea8GAjH)lu;9C#4!|zHL&dPAqqFHUa0A~E8>YMq?wx~AbKDWQe!uD4_}Q?W z|AI-kKo#@@9O9*Z`T_Q2{Ren+x&HuTxOAXk;DR_Xf^CmfMG`TM7iX*B7YjcQVZY1zimAw0p1k=g0<2Aw6!mM z5WmG?$O?^__Nw!bM-t)|JG{NQgr%Bp!dKja6u!rIQ0cg=Bs1Q&GE6>Pg91^v{DMTC z>C10XgYQO8k=sV$XK{hu39yh(sdD5rJ+!Rv>d>}mGBl4|^Vbb*Gu+NvaH>zGIKPPj z-Bjaln~_#cJj5k_GD`fsOZ*VFC2r+1QW?vM9UR?X@Sixp=}h8Z_|hu&Q|#Numu79ja=pyq^#W3nh@S37sWwhmF06t+!oT7f9q-^?WsT)m!DHgCB@(Pu4Z$;`@EcqvkI)7SXXu$+G|FnJ`jbEZ5-@+(0ifYP{G(tcC3RUgP; zE7imgWI9d)6xj8S@fW}($`A$&s*P%`X?t@St;gw zHoI$$EPH8>n{}`D+P@FnYrhnu?gbU%F?w^xQN^0GRhg{x|Lg*qk>v z!A!VniO@|oN=&$_<9zsamGSpMsirHT04zVa3D`5Kg+GZAl$?M8=-V++$q5*M?3#$1 z-(dpwOscV9R<@TU7R<^HlEg$y_Lf=MGcD<7eAlomQ@&++Y&8zEG7MW+1|oGqc7Y>1 z%$qRx>B-Ek>yeIhrLG*wnJS$exiN3X+fkoND_+j3z*#Q(?SFay6RS@HTDpmhppZtH zxu5$n6LYJx3*zOKoLs3MB`$dUwN#C)_Rl{t1HXZ6hq-otvTj&h&l>FYU4)x^)>jnn zO{lOegT!!jkYw7{{?X$W-yciCecr>(b(fakR0@s`Lb%ycm;A!=T8Nive`)q_W-u&- z=5ndRl81z{{4lG$;qADbydBp@aL!zDZA0dEd(F4O;Q&4e*R7d|1tU5GC_JmZN9H^U z`6S04;m1MHyYl{dwj$zUbd$7x@Z`=X%}=vSS!699;c zaUk*pR;8^vPSfz7zZ&zY7^`!s2UfW#-(D37El{ zoj3QU5g7@CSYQvQi#?>haErU0=`LU=g{J)^{4hV@5KRNu^xv4POFE~n<`SQNqD!x3 z`k6lcFqh7;$sEme?pD(WUJpPTesVzHnLlAq8s^NzmmPkv=cjf^Lmx)kMCjyQb|Njd zo%SaT7nrsoRgaG-mWA|k>5x^6LpH59d(=$qC0hB{A(>h4V3O^w&j1IgRfxtBj>O)1Vd-J6%!gUYud7m{dNN)dqX!U z>{<%a%gj!Qje#U~i!Sd$`33SWFhf_)=P4s{=EEJgz@Ubi^lTRY?YYvcY#)r+HDbAC z*Iw9v;n~H28S2iVY0$pRSo{Vp^1E98>WZcB$~5icW`IJ0fe)!FfG+ax%Sg4o5xH22 z3#=kRU(-I zC~P8qJ+)9=R}x{Zf!+-EdQ19s?>f=>6*_~#2&F1?H(Q0g#ciSToFWtu$g94-IY0fH z+dXA#WN-Ly@z!2zNx$Z+yia=psH&YH12y^sOR%<~8i-Cd{MAis_^bUj{MDB9tDcIF z*Kin;BD#=eNOTFx``NE?XcH!!W@e4S3TP#~CJMW*r54{t)bW zSHpx6{>dlg%>f)G42E1-xfJ@d;ek&A$-rD$#Qvd2NfY}S;O~&fy$ut#N;TOvX_(P+ z#G~I;>hM*8S5Hl#m2~!k#&Sy|tP5;T8hc)VA!x%4{Sy+RXpSx}`^W7C2%`fb87RNsm-gVHm^kQI$&D^4<;~uAIU>kc7|{=?A^&2df^SB+Wq| zy3P=d{|X;%#u^7$5QIL&OqB1y4$4)B?OIn{9$>aI(f(ZXn8DVl>O3%&bYH!j6S0}9PaX~IZ8z-g7h)XrM$mb>L5FlowLRUYdx(FQBmZE4u@fDO z8rQDQ=LRO^do|PAWMhGys4m!pru{(6O`0ZWL^*j=R%jU-LiAZ3z_6LtPZ!7k z$vpN$vSNLHH^JU7qaGzeqqS25&!HSVj9-ats+5h-ImOcXzgRL=DtatV@8SAG z8tk#PwXo!Ps|S9j&gsOgV<&c|!YZ*$#cV-+F{dCtQtg!)&XUz&VX_MmX>HPRBtUFyIilyxlkjjL7?^APr*2?>{m0%k{-5qQ2VynnWB6y;ccXr@J^Rh>&qn>` zyc7HHH~$ogK>d#F6X{0U-((katYVbV^us}}YI^gFL0R%%)4#<9Z>Q;^LuY7;Q*wG% zUYp0j6!St@ZVrD$I)`=z>sjFl-oR@8NTz+;`*ieDR}d{*fW<|Kv{-Ko^yzfy6XO*! z_lxh7>=uRaPD^bS4Yj%NCq%2;(_7H2688ab4@b7tZs!jmo&0)u}ox3zLT+4mjtf3g-QCtjvxc)H(%FMhT&^TXdg!hbCFZD@} zQ}mea?-XvfvNg;5013dd{NVw7NdPZo@qS(Aw(F$$5*EK4#nCUUTV4N4H$;W%4CV`f zk;D4Yd||rne;^-rx@j0GIHX*9P<#ZBkJz5BjA)wm|k$F@@&##H#-QjNcg^T(zd zuZzETPc_=*cZDC5YI?-e%Qz_*V9gBxm~cdD;gkdfSdfG`JGF3^1O%Ay-9*BHsjJTp z2}28OK>})dEdi0N1rVquq7(_JC87ff;Pq|5(NMP*`gy;{2B}W;w-9KnvB9@K&Og-e zm)3mjIz2tkul4(-HGfyXUs}Hp_WPyvdr!Y#TE9p8O%VD$F4d$_0lBE4TUQ#&e~g3X zSA=R;_LVpEZJAnN15+%?q>h^T=|}UCl1btLNOVe*OBI%DKoZM67MGJmlzR*vkGCj1 zvJ@Sm%+y_H&$|N_rP2lUSivID021up!24ty%5H=}$DhPoVNugJ7p~3oU6z7NxDyC7x5N~f3f zQ_qtjW{XU+MfA>+?qmltNf~2-LbXFD@8n8Z8Sb#8?g$=64vIqAV?Br0xjMQNBVZ;N zk>&t6yVE>?sAx91INh`u-t&Q0d{PI{&R`Wv_M8J+uRvSrve8|+Oh9T~&Zr{F^q>|v z&RT9@S)}|;@dN{+faMT@fO;X0T=w1+7TQwT8NhQ&Pc=$~i1Ixx+3oS5c2H585P<>6 zjX(lqU-4F@-dO`U!U^B+0Fx?`hf{zvxS*x-V&^yZe2L|*J9_LEX1kMJXpIJ;9|oa# z5(ETsbPcf`X>=kEQ@FSds|6?69C~5)t?-3uvt8mctDzTyH+T2>y$kT&Fn#(38Ch_S5h;KLqzKCM^U7u2jiutB(x)85vHN-i8k6^Ovxy3 z!F5|pUCp`N=AeHYf)?ax*ggjft*!)TB_JAWN`pEa`Z2)AqfH*$5umRX=4%-6n`{vO zS!6N$*2f6!r z5>XCT3zJk!f>}aDYH+l<-NY6WgOec^@YI3KD1-0OrG06pl{ zA!x_A5}^CtAkq%r2`OOLtz<<&`%$P=`ITa4Md&BK3yzilZ&cBT72Oi5=q<>sDj=Z7 zE`huZJ58?l9Tr+XjB=6OI-d)YZU}Jk4p^7BAULi-8T_YlZ5!001chW2sNX|92G$tS z$j9ip6ksI*6R~jK++QAY$a}$P4}okC(wBnV0c<+`GuUExUItD=3oOk}#BE)de-s^( z)A)8ma-T6E0h8Bt|H*^9aoDZRcZxy zgKAdINYpg+Uk1e2&CUStKvaTbNC@#;d=Fq)fY9Rkk-z*#IoS%Od9p1EaaNb7+obxf z|AxAd35W+UH^I+tbSz)Aa5 zth)p}pMf&ZjY=(>aGMMCncE+Ka|2hPD@@H3s42Lk5Ax!gTQ98EkZyz?-N|*R0`P{MMc>Jk_xJqTq)J+`%m-vJuM4`-MQj#L_Ph0ezkV-d z&dyk8J;hw(nh9MK8`sUtU`yc!4L`$FeI#)$&P_3?RsQvxR_Lx`u?r^`&{AsQJuO?# zLZMnsihTKbmhrDIIOFU^$ zM`Ca!3aF^5XS*N1!Ex#e~?2|*3{{# zM%n`UM@AcO8sN@EvdWL|Y}5MX3>)}mW}B9jM$Zg6g2Ut4c{J=*7cp8TePHiQ>e<7PTC2zu{h|G45^` z?wz8ZrBqz;3tM{boH5P)|JfpOc?kXcjz$+npkHUp=Tc*^Qx;H(vmR-phC7mgQ!_6d zL;VTPxF!Aw`dq+K^nC-{qX9*kQz-AAV%MJzcWYj($$g+@5?#k>B5Sy0m zvUVi-QDWmE4UC6C$8rRL(|P>iUzroRiF0ft5eo#<)tBSU4ln*TvJTejP5nu7`&A$0 z6|q+L&?yzqI4T~!7Mh`RYN2AN{{a%VGfA+)Pp^Aqs`Y}j!T?Rx-Q)gXk5&-&bb!kP z95(Q{sevH*dw>Jo@)AKU$h#uU15Z$7Dz-LP^XA-lf{Qedpliy2o*q`0joo%)EzKSl z<`sbs@3Rn!^oe^w-dYm%1yM*ZLF$zr8oTD45{3If8eG|(?s`{t_fcY`lq@~JC23Sl zKF#3mMoHKcsjTm4CJ#N>1nFtGjZewhVzr_pVavII085OyI0Kit3FjjkVk=F__ffKCE9-fnZr z&0d$Af%ky%#42LMx)DTVgAo{Eu>6BQi1W8Pz%6KA7#--mdFt5$65WdgglN4eOpiKP z&VFwqew|o|%+W}2{IZYYlWojoL@iOCdRKHXqjSu?L0r^*HcfCK5>4P z;Lwe@$Q_In4lR-@P5qWbtELZ^Lz7B!=*WBlhsGnJkV6IjavjGL{h1Quc9u6R6%aHi zon#+xHGUB{?7p~9GiV}l@$Iz~-YjpZ+@}kvM>8v-n-9k#Q;O%A!G98&_wX-ap~4nL z6?n;}ROn{~{*%aL`7hfX2-7IL7Raa~AiNU?nWnpfPPZ1TNawd+k>6hD7J_U#f6R*f zm~E2zFl`G-+bWhe3Tc`U*w_Q$j*7xf089v@vIGpmwJ>zrN!&o15Vze|NRrL?ma|FFc5X5mM`Kwu~9OC@T5z}xUR z;QeU2WaZ;o?`~k0G*y9Wv058ykfkaWYG_APH}g8fL3bPya-`)uK|Ovd`O&iLA~WcX zY6gDb7vSuGAEqIMqyAo9?0n_`N)DK}p|em~_tL6#-2@Vf?qa&^uycofULV=fkJrl` z{dm1K`MRG)(}VRbsqou4GaAPni&s|<>#)yP=OtfDWc#KAkyl4Xkyp!6fSKnUi8H*a#QdAIi~V!wR5cu%z!vdvhIf-YoA*DDh4V*T zPET3t$1xb0;Z?Xhf!rDG&Rlgj(C)Fh+T!MF zwYkp^(Ht=IPD<@i&DF9wd(x^Ah|*;)S!2d)Shg_MkWqzi(IpT$wM^v?r*8Kjy8Hzm%0EZe^M95zOaE+5 z{&Qo^(zm=>3M1r^c$<#5`-;cgugi|N&8c_Af;VYi@})$}e@7)>1oBgo{*`DtM0-*q z^O0y$s?v^Gz$hNGfDx1(vq5VzKpU;empse9Ryby99YJw;Fxs|8*vgMt2Cn?j=7h-& z?S2mPC@`3ep@ueg7{&e4_dm4F$OPP!6L8a-G@e>9dJhXX98KhW8|xLtL)(UEL2V9g zOL%cOIkcz1E-m2%azfXHuJWV%P@dU!EOUD8#gTRX#d4j0u{HVPMs_}^(9s<;sDAyc z4o;_z@3*ZWMlMtMJCgn{+S3EXo`$lnV@dBLju}jDI#b@2GMEQ^Fb1s3$dq(PQ{freo!Y#jdZH7#5q6xer!(qZeJj49CM$#rBTI{{P~5*k8s&uD~3e zS)l4^NX{*^bz9KZ{kPP&O9^V5#6LY>{L`2#sBsM3W>Vz1`Zz`j$Mp;-8XR@vbgBGs z#C6?Aq6;X8e@AB6g3}9XpzjQ2x#Lx$zFp|Vy_n{W@cH`e3km~G+psT;6qSk6g0UG% zyja04i>=@gV|^=haEP&9_b@*lfK>o$@SQwfnM;#_hL9+k}vH17feTwjRFau+q8jqs|D<3Nw1XiUt-qw z{W)&|*3Q&}TV*kdcqqR^lI|XAmtS~vwI$S3;iU=w;v8D8$(L&)^0>#zuB13Ktz zSx_(uLxI|kpim5P8!LiS{C=f~y#Z3>L!@`NAgQ!k*=*z6khbq9GDUus4d%|Nml)NO z(T-@@#|FLD>G78$isgL?@@pd#h zuA5PCKX}#qRben8jNftp&VVz!{z{{Q*vRuEW7_lOnD%^Y^7)ONJ$cOt>BD)r8$A1T zPJs={S45Ml}S3%OAeuK03J`PS~?1Gvmr7C?Jwb9yi z-*95lh6|8W5zMnLtcxbVgNjBI&Me42B%a++klhf^-nAebct(K_l+|6&jf}g`mE-Pn zt;y#$n!5-Le2oi>S+}jQ*e$439J~c|H?{}0#GFPSM#l!pKyIRzoy9GA z@v-ol=_1r~$AYnjgQx5K6N;_Y4+Cq$^a2K)U8+oNqGejhcCCw@#nh-2yNG!X;o@oP zlIhzfGPH-mON9XW5F;+)jPmn|Qf0;`++8Kco+C4<)dL5G~)`H)i`o>msr&B!N9LzN0S}pA!vlbEb8h@#aOLF8%McW z#H6pmN$?#p7zA$Fe9vPEi<6_3xs( z*rbQy;s<|Lp&c++Vri?u4>`iRCQgq4>(fHn)V*^^o9fdzJ1Th><+CFj`_Gme`_Hx} zpWW!OPpebHuiFOno7~B1&*UZK{@~%i!{m+VGN8ChI9Yu2A-v63p0&KV1yv%?0IQV& zZOK$&)>SNkkH|mXMmcvNKQb!g)J~zb(yLDMt;zhxQrW(#>h@35{&W8>djPz#KtGUAwHAx4P;}!#e*D5X-%Wqv1pE&8H5X^)@ke*TcTNTk@C79X6aDFZocS7mif7!GrDe=b~4@AX@ z`^4ouAr{irXX3#*WL7b=3l)U8+e=M=C3z*Eo8m(X`+U+^@>e3?JsH)wR+4T)k~~eG zi_yAvUig*>TF%gz`VMesQb(n}5yi~&34?xCNO<42JPk$Md7m`ig=$(Wk3u1(<#42g zEbuktEhyI5Dca_q1Yd`Lr0a(Z1|S-q&qGPdde{m7^3y4o#XE7gtA(fZ(EhFN6AwG! z^Ed7jk3ZmZq5H%O5BSXDvn&D5LuS~%f6M8qAH~~GMqyC40Pr^a!D6$$G`=SwZG{#7 z@usT@1sgX^W4Ni&Lf9dIwI4t#8njXkP_(f{?wW%LJ= zIfvl=4pu|(PJ{h=u%~sWUEztzO$WT?fV)e$t)v%8(B=5gYMY|@HM1kJsW(TaAm1#f zAm40FzUh1U3G`Bsuxod47elp5i&%1dShNPzo4Y2)EXK-HQ0d%?c&W@<47Gx!ogt4t ziE{xMjZr?WtU-QbWR!TL93|dpO}_DgP-3GE@-LsXrt}*m-VL4v-jqgMZ@VLX2tIkT zI{W(XkrD0R<%st0*5toG5Ta?{AaK8p%3!tV@lumfn8^Q*m;5R|OO=GtoE9yKX)8<* zJpjIlm6Cr5D-!pjArD4F2WX~5&Fp@J8oyro z6uj?(dgnNx9yiCa&1k^;4m)oeQ=mUtvgq#q3GhIRdaxM{)ZkN$$QGQawEVI0%>OI; zHZwM=AFSH^j~C_tAF0jr{)XZ9g73N4mJb#r4QbViBzH5?mQjrZC1h}}t3ZWZRAh0T z3RyogrN6$M(qG@2T)&Y@zet6^*5CetxdfZh+Jef`M!N(H98E7na9r)*HX@ojh4`rrEu!0@b`?!X3ZGX87*}nsoU3BEfMOA zxPjRWEnuPd>Gg&9pSW*XHD1xKKG&6hjm(&D%EzF*ZU)~@i3}0&wZeRSE{4dJ8$Co` z8CiEsth{+ojJ6r`n)JeDMmP#ZQ=$7UJEqYoZ;a>hB z2zN3{>AK6O{QxQ4#J^-aWDULS-iUk9g30Bfum?j!*&0xy{2sZo+nn}}%DlYbJTc?@ z8j6d?+cu-^&{6VZLEl>>gxm0*Y!jsBhXt}V3?`w=T)Y@SL>!?=cLzco_9=wDmxtX@ zZ%2S46!USX@mw4Nrn*^%%LEXuaH9-gUcyBLQ}(Vgx8lku-y^5oUKrVEf1%uHf1x$` z!bZ+i1UJ1CgJ-=I)rN7o=II=odF%-Vb^U1PYOXo-`#8m}7fbl-n!^1fvnXGQFLlYa zO?Dm0ZXhKOx+79p#`C>E|}F0`81wc)u4j4RC5-vbx#fUr0m zJWSaUi`$Bqmx6K~0^`eDlgm9huK_UJFSTXUj$`rn%Y0jx_fUlhn!40Nu8f73k$BXH z6v)K*ZQJ%5Tk(402g$y(6JJ|#HWKC|;q1hzD-z>-&Q9zI`kl0bP4>zqSNP&DU=SQA zyX~TM%Jib=_A*-A>#hi*Bk*8h;Y!n(x6aAaHR1j8LhXIO3u>QOJSFGhIFNc-Vt&jw z5*A?5Wtm$G?Ad`gq9vELCYO22pN+O6=$kq`3_(u3{$b?=NV9(TnET?vK`u%^$9k@+f?F5{9 zY&O7P5oFEhil)bM2Jar zR13E%73x~-QaYrdQ5>{Jh%UsVWgmUrI|ySzYfxS9sGkijoi&9aM7cjnEK zW~p#QA@s!*Lf$C^+%hVb|R!N7mgZ%XRn3*5s2L+g%m5LzOFf zMcd3oW-s}MxGy`&zIVyN;LLf_dCK(8Qh_7*Zg{gHZ;(uTl2E$Y}LIIa)o? zntWg*X%+0m4!Utax}WXHF^I=(#YcmW*50D<{Vg~$LOVr)D2sQSh;uIy>DdQ zy{}w%?`uuox6$2o3y$l)rh5lFpP_g&V; ze<5m4JXVd2xU0$$cU5b0)dxsiSkl-8oeQT(+s}6)+}sr#>{j2{`>~X2>hkLELW_-K zafN~8AQT6)ttYTbwOXMlc0sl1s-}TywC!zha@%ICPPH}WjohaQzd~Lt z(#a#=H3F~mK<7)Y*BXmwbW24njKzaID0r~Xu{R@Md^f}K$nskomJuy8|4fJ~euOyt zTgQ4W==cf;w2zaRo{>q651@o2N9}P>YqDn}CB{?SxmehZ8Ci||HO}P(f0q~@kCuNb zqz+~n{ka*vOGu2NXBK1e6l!FZp7Rq=CCpFYNB7~np*2%-r>%xRod*HU5_$wvvb*jb zaiY8bV8geHw!A`^*u5DAUHne`PwU^24cy_>b-lb_VbZu+{jvcW-3%{P-Mz?OOON^d zvZI_?{4lN$h|Kfk3?0=(YT0qFNdLd$MIe)+Nm9%5l^h-rj|U2hh`4`WH48u`?x94Y z+^-7CiIVz)FZTu4WK%&o7&Y7E>8{Ah1x2`k9*p*&zU|6=qM#fHw|4ORu1KPw2xGT_ z?(HBUj(=nZ5`g`Sufz#4n&p0se-z&34&L&Da&+^w$kndMwFO1UeJygmD{@Ie5e9sN z@xI(=UAfN{l%t{-fx)F#h4X<1%m@1A{^u;jF5B2QO>Y3@lWIE=wCWGRMz4YAy`a+& zFgmG^@8(R}XZkz%yKJF-_dRv{xBl`)l)xL_7axE#H5HR_si=FAV+B|Oq0Dzn0SdYQ z)#v9(Tm_5hiqQG6={_QBCnJ&Kn2dzZho(c6Raca9K70{$)_VL%qFsm{)nKVWLPL5n zs@0{wGA!&AbO_z?NkhWZzH?A`;@n6-OEQ$q_qET)DQ+HVqpFB z#`i&O)|YUhlj|@T7g{Wx*oW(R(1r(`}q0}{qprA3Ufj%xI%=s%y8g}HoGjD{X! zj~DO=>!_O-+nz3Fo35ii-I{!Qvu4}LUyQKrJHq=CYVj1c${vdw!&w2!8LMx>?a z0EUOlIiw6=UIynknECy~way=2&WTL;=v-bM;Y_W=d)cnbtd-vLJCWA(e*UIB9-Siq zbM={cL~?o*6fc4Y9;rI{D{n7lbk^;ycwVeHVwJv)W&a&%qfu~xJJLYspZXO)57apY zKzBFPhRJLiC1f>$t&Wq828uzwV&W;nw+KB&V&^Tno}q6NZZF_w_w)9DGagvEx3LDW zc4wU*P*{Qo{bp;TEe8ely@R>y7O;L~%E1>7x|5xPWp}c}{$0es-N_r}Q}1`PGZ4&6 z+@on+y9i#FDFuR6i(7aQox!RN@e;h<1gY=28(sQp_En8x&dspOYP^|TP~|!Y^i3(D zZzj2Sm!;Y73(z${MwlU!q!?bOC0U(k{LQ9*1w&_UJ(=(_qk zREhcwHRpSH;|Ln6BCxNaV3>freB_kcug;u(B{)K9Dz33gX9)2cv#QOZtb!UOQiu~1 zf*+%bB2j}+Z3EoHtI%uQH{LUYQtfe{cpL!#&nDZ`rZUlTC4t~S9R6=lcfFT3TPH51 z0QfXBI??j2Si*-26SmR&j>0Nq3KQ(M8(*U9HE9T3jx@AmB10V^g|s7h#(+Jc`{GjZ zC{waSKjfWU$59li2(ndHY_@3Tdk)D(7!ivK2zHj1S!51AiK4YqiT7nxhlyGQS-3Nm zeazg{$jtl2X=;=9mB;tvow~hHR(U5GZ$Y1lyf`+`?lhPFPc-soH)aNpKrAc?Zj=p+ zH=~O)gw0CX?B;-Dc0w0QHd}zRQKbnWW;C0{(}W1Yp(vAXS_u%mr-@`Dm|O}w zA(dJe&Cr5Ej~7u!U`2>W?C=RZITjE8#qyGv-`^WyPFMaacH4k ze67PTdKuD+r-OahkHxSdbRr(Fn*U!?rD>5lRuQzss6$W4PD>2PDFtk2d7 zx{kF^WPOI~>&vOjP%F}`ZyRN|xBCz725)RT^HFKAF9nXMd*|SEU)Vj1&v=gyF8k@hK5XRfnzMi*rf`vdMzPx1%sQsZEN+ z3nv3ALgkEVhyxtsAm>b(m-!)5bapAv1pXW^GBc@F{#}G_oPx_}9SA6pmeCG}{ibe3 z{Z16*f+1BfVg6{%2S>p5cklu-b*Wrwi|$AEYxTSLX~UiHMrIM9G(*7lo~|B-fE)hE zmq}f#Z>fA4j9`iktSNV{>e%Mqx7mGW<;lFF<(=R`DcaO$9-Z}`BrLUc({rlO|Gj}4 zn2kEvxCSjGE{HrcvY#kd14ZS_kEg)Q;)hv$P>Va?oZ08Uole8}MjR7ogo^ zKC89u%$`gITo8Rju&=K@+d!kN(A&6D*?Y|{*sDpH8V!ind0lYFEV25Va9=!rP?JsehcbbNYn0Z&6%>V8nUL3KW&d9 zwy9bXl?<&K_C0YB^r$P@Z=S|VJ5cO`n0GkDB!tmOFQ5CkC&35JnjgbD491$TOVf@uJ%_VDrwx&4_ zYwDYjHLIa#3VYyL(>*O@&9(cGimof~e$uk$#qI)Z7mhzlp@Xd5ESzCr#5>jPW)aQhv=n)OUHO0Q*f}pCkzJvYACx zM3#=+UHZE{`Mp$Y`u$XKnraeZ)HRh~6gou(1B0h#)0hWl11>7bP%`@H_oQM;&X~;)4 zT#>Je2HzwkeSBbWL>BEKf~11#Hc<4NGhW0D?oKr<%!B4q=NCeJ<_pOCMVJTk@AJ-C zi@fGAZxn7f)GuePbPgp%uT9s(6?S#iAauKDuGO|#@0R9COMg_LK}S)Mn%^E9YOkkj zt$!lkMEH+o_Htxzq7ie^n}gGMiZs1R*gJryoeFh(R0XaAxj9Tk4~1;{Dp_dv9u=~8 zAF|%gJ(&mgjs~s8N6=Fgwv>AA$Fn?Fs(&e_Zy%sUBPhbn_r zTB)=+)&8yj>`I1EuV_^Y^+aQP*uvo+yV`15-<+?!GQ9)M2sT+;rW_5jN z^!NF~Hk;WO!K(Dw{1;wu zvN|^wvx&!Z(3Q>*Z`$|*->D!th(;@d41xu2AVX8oST!TP1UB9be|6Jg^X3k2tZC@y zMSNojO^*yA)n=D-Y>93YjP(o5EQ<7|>$mqFQR)2cAjrk_(OZcWr|ZWgGPULNMH;i2 z@s!*2QvQJ|_@_`%5;+UXJQaT9@`MK7ps?-R4{eJJQ4U^_$Sg%}qV+bG>CV*pu9mgj zskWG?+W|J6If%2c2!5AV`Q&tH=FE0EVr4*yY^H%yWU-c=pnn}DEUWe`LyvTf#V3ke z7fuu(pAZ_qG13qwihF)eEc+SKN=EyapSR&tQ zwYnS5k;2x9bvK-6Ka~&Uv7IL_ent9xlECJWyoEo_ zY?8uB)R1&M;vXR$oqWQZ1pZ5fKKp($l!te=Wjd(6{b!|Rp|;XeXnWt$_I;~*0U%@o zwdTo`%gPGG)sbUTkC}Qkaa}4UF!A~>$vY_f=6pdqMY9c;l3S`)SW;4wKY-u%;%%8t5 z1eGLo^HHLiYio$qm8CCrD1MCinY2)9ycPv^_B}Y{)qboh3o(18qu9O@s@6RBvE zRH8A}0b)_Q>!XFjLCw11pyrnh>NAAbgAZyEP7$X*VpiOB_P1C!&ff+K^2@5p$Z52s z!|*i(fPg4{t`ftLsBsv6Pt0~k`y7!wuk*2hPZzYfL{$&eF`P2^(HzJ{5HOJSEcHI+ z3*=G_PENSYnO-VANMy8%6HcoN820)5OVTM83qGlE`5Qv)wS$C*eucFy*`EXIh@fC{ z#N}`6;)IIeJS?qQ?1!UZhN*bBdbU_$=m16>87pXTx-t@4;C-4bA>Xn$Cbxd0uxwWO4 z>a^oS5~`nnWF!GYi+;X3R?@FpkXrrxsPjS&nd&oqXz43#qdU`wo&(wlkUuPnypDpX zyS0_W9VSP7s~xLior&Va{DR2)kH&{%;ICV;CIs!_&&U`s!ljJ<5r?XmDe0yB6Y5%i ziLU)?NTyN(V!KV@rZLh_jQ@Z-r`UyJs#!03MMf?$H&rPW zcUTPp?-W4Xpj{)b!S$x75pzJzhD^HRqF1=s=N6~=EG-T(K0R+OBHB1 zmL7%+b?!fe4|#ztJ>pOE36f&iF4X#`LOMD#W?d+u&)Ne*30NYs18P5%l$J?QXdM0# z*?JDdu;1u6UF=R|b!WQpuM&#CKqw{)p|nCtLd}7%nJJNzn^lJlLa?+|m~>C4*O$(L zH8ayNtpY*=te0NOKM)XxjG^xP1lTQ1G&g_A8l#+`En1N+1jj&C1sdcng%$=h5Wa=9 zFb#+s4yUb@YYP~$Vi}R0EV|ArlZlx;N=Dqqv1&`{mq91W8tkNxtS#S)L zeNZm~i^{|D+AiEX6p3F;O^C!D#|av$4V+S-i`Iiy)K-LcLB`VYGlWV){Pa>5L;rt^ z*++?y#as$ZMkglUp zW8%3QJm?&Yi2KD4t!cN^f+^vBS##IP3CYNL6&{hFf=!haiCn`Nx6zRsGw;{59rUhX zBNWp0Xa255_`DNGT{@`fx|56b&m#VTU2lN$ke}8eLU(JO>ocq|_ik+{SjT*X#DQR? z8Yo!Fb}SckVeFj9wsK1q@a!&gjVwtgJCNOh*c$f3MzY(@OH|?jqxXGW8)@Ka7yxz1 zyEAn_v$k?7f(gCpt_{3sqOBT9X)`8q*`8|W_|3h>bNK+raGWREx1mr^)V5r1h!1HaJ>t^5EibLUtFfb zLPABVbNbf4t{^1NPiOz1hiF1#jvk{0H^+(xAB!N6>dfC7&n4H@(P{NhV{qO=5R#0Se|6T zxZGn7f-b^XsGw-#bGJ{0EmfeU?hG${KxaW%iMa4*w*(vX*QqYsn}%Prunu3i89*|J zLw7T$x>!1JD3}yt8G((M=XQrY4q$wqE)b-cPD~Cf0@)@oqWkEjxMBuDtB@yJV>lC2 z$w97;T0Z@|8YdMtK%v?r4sKd`6;3NKx%F!Pi`$l2^Nl+z6Ui0X%rroPfvS~1!v6+yi&tt=#=bB$MJ?@ixXnVoT!k9sST41lDU3KEITA*d&Q#s7YuT2WW$ zeXh>uL@Nh*EVzhzi%f~bW#sOpD(#$&ON(PY3mwH;X5sp<;2I!)0Tr7EhrbFOAR~D> z{@0?;BEArqnkXyFws*IoMlQK{3D=SF~bY>h_pZ>g???!RMfcG!y zQ7rHuW?Pz!(`=&>mrgE7HaIPKP+=N^VKAAo>IMe}f9ulHOJ%s*16L9!5eNAsATm)j zMIr-qiJJ_7oXDJI(}v!X(VRYno9&HI!>*KG${`4D3d3I_1hiTao?#5Ws20~!XkxM_ zk@;>&G>Q9Vx=_XU=qvcpm{3uVK7}j@JF25&wnujG^NfY=NJt`rT(W-y7*TRSW=IfQ zlmQX%?K^}AR4RfS@sG!!2B{4GBjw1a*}}1aHv%@saXiW62q+c7O8f)Cg`;tcLM2F7+eSx^Z0E!gniVmHf&<*@0i96Pd@t{%!&t_fWN^_y4e2DNS4~-{y^*zsMpLk(=>;3)3V!Q-do}MODr&ETX;*M0g8p<1a$K zJcy%m9xnv91=$tBi7XV)!b+-S9m*`WF8^5g;yW=GQ*bYUMCH;3Z9fP7CpB_54NY;= zMesybv7&ztyLv>0{DxXnmE>Q;-XLa}g8#ay^veQZv~irhfe<{6?9~>-(VfAyn^L;226H!-ujIp#Ks*-yAp8|k2Qbvy^A z*Dcu7w{4h!SzC>8U;haIS`3MxuHD~-9<~glxVS{4{~Ak+E@XN)c4Ma!|3P55q?!E# zS{a_1y{!z0xS73)@bF*sAJLZaG=?Q~qxZbbi=`tIOm3A-Mka!PA>McmfPi$(7zI`( z&mnnn2TCL!66nT$37%ryHDjvCQWG9w3?bPpR{*I3|19P8{#O8DBVh(x0utj>x{xXT z#Rd4l)om!VYbQj6A%n|jtB~+JhtmvSV7lylzyx#>dl_zy!fa5AwXx8YoJ@(QvJc&kHY$`G0YGy2u!n_wJTzL_ z^AQwKLbOdsoe7Uf6fKEE8Oeu>7|eKUL>NyF+Y;21{N7mB1BPwmQfwWU)IHzWhgM)vk$B_lOn(!vYK+EJ9Pgv$%<=644n&Zek0Fw4c-T56@B zXOF#a+tW8dTtg#u<`_om-0eZWzRota{KRB)qJ_d?LlovJx6MRX;X{O)&5@5t%vTl^ z5%b-DJU`pU3*&vj5D_ih?4XN5T>L4xUuC+x3?n;ZEjrf^3A_NU%XJ)?vjmT%$<>=b zKrVqgR!pS~yM!?R0RB`2M~m%E8Zx-$K&^uXHQ5PexE2ZGB6M7nTJhW{bMek^0!zST zYJavmc$wokgeoD;nrNOVFa(M4G*?Wo(QLHK<lC_JB2U zVMO%A*HOm4yOB$-;q6ClH+!_D8jgocwO%0Eiwk@Zcaoap6?(7E%D%3Zdi3kd`h_YL zK&B@JY%&c#ji!c=ZsGvj+$*iQ*;8{vT)V4!kc8?@J!Y4qae|DSQ$@bRe}J)sDAxpB zWgrm|Tu0Bofr`a9^I@%kyXMF^Zq&)tq7+G-TDI2SYi&NUFNp1Uc_A8<;$R={{NrTM z{9*@T8O~N!A)-(bI9f?R`zKDWO3c3&>8v()PF3@d7b1jPiv(@w->#i|KOSjkw6s&T zPo3Pl-3W2H1ZeWiSJjGVvD^FA)QT5IiE`-z=djvW3iCNph;rT`*VrZ4+fL_FgqBTJ z3Hgv?S*7Y8?9f|S5a+2EN8mT0c?#EbkzSM^-ibdp`%t>OGW#jU;QdWriA>*C|nfDkhFh#~K-ok4*dWZeE6Y77NS zj@yr@Fb{9s-tpmral48fEEu<2Pb@!fe~C_lx+{ug&`r}a8!P9>V;hH; zb6Ld{HivS)WV;VU&Y#;W(vC(-ha=~`AZBlAIbRTkI8#JOZWZ=}yHL(&^bIDRp-f`; z=MXZ{CsQjdAig0 zsk&A$qu5c`>o=r1T>AN)AODATZy;F96qo(D#YTv-Mu@UMl5B5a4c<+gtrC~gt@CMS zheSq{H4-bt1M%SIAw`gvyINZ=bf39~I_)pkryNn(yMf?~@dQvyC>HNJ-n@iQEERp% z-TRfXu2-{^?HeEs;6hbMncVm0Hl~PL8C15;BmGo>?6M;@_MozLq?IjT$0=h3i(ogK z<-NjeD#cEgDEhjiMS2e1o!#6g?uA2XoC#CsO$by^*$9P2YGi&8))>$HQp4bKUxt=( zD!Mf~HF5H|0<6!8mYO&@W$%C|bI7%+K3m+|es}_@;36l4`T(o4GCijjU5T(AE-?_# zyRv{rMn%n&-hb=(#kV#{uKF5XdDIWw*{IW;cYsMnaIeJ&WWqB2-ugwZ)r&@e{}$U` zknEF-kKBHV`7Ez1!Qa)YxJzz~zc2;{g9@mHlXkS;M`4hol8ups*AfTHx!!!X+Le*x zllaKLp4h+o^~A}m^av%7C?;Ah_7IK=!9`eU5rRiuOpm$i+EF%_tZ`O51u z_U_~zgqTa-fy_K-0dJ{mlNXZCY`nvs-WN*R2}GEetLi}`&8Un2?6i${+kt}e#baKL z9oV3p<@slu#8Y0)q90oJK->I+2sS_jDLe8hhe|BGYRE49;><@R)2=?xZZ=nUipR7t zI7DkL)OizfzIl`lAHjnoJYH=;Ya4tLeG^_$91PcNvYCrzs8Tv+FEo366fi|pX1B|{ z-~4GYuToqr6-Ir8E&9znxm#G*d<n9T%ON^b1Xr8)>h0zgH)& z$ja}VrRdEV-xHIo6Pam9B&CH7Hgdw5piJTJNQJX05#yu4eU!$lCmhhqZCe`C&}YKN z>;)f9sC7sBp32;e8pGoX0fkI1t0a`-RvaGe6)4?ozI=$i{|LOt^#-yhgEZDH%d;1l zlRgGgxnZHh0lQa0;Eb9Tuy@AJBrCRuVLryOIGY0%yz;|Jm;=cd%G?nQyaS3O-b4(f z*HdI%%79c6Y&k%3MfKR$EXMuj#huuilg@?awq5b9$Xn|WBL6ey$z=zA$l$Zfk01a(K97e*~)C-TUqs-K~4afH)MnxWb+Ko2sq@KUuRr z(x-6CU2=(A^rc{A&NG$N@OpQLuok~5R>B|r z@dJ`S?PzSL3CD^sh(c?w;lgHobMH9+y8D>n88!`MXXD+qrUA5Vr$z$|{ape5S`jqi zpL7!+7d#Wcx|99*7f>P7jRUmIQ}GF821LGR(!CYyYu(_Moi&^O1)OwC0At4PZ~IJc z(_Hiii)dR2TxkK2-TbQ17va=DO|PrXHmzSy@d}^5a2|IpQZ+>NYZs#0cLz|;O}lO+ zuw0Wt7>oeSPb=Sq-CF;lL>r6&dbXbPE1ErsOYrf)Q~r z$`&+syD-&1l3@_-a!v0ikO722)R{8?`MFUO-Z0~UL9THy-adXo=k$9RKOrhWyu{=tRYKK(B2Ym^gWQ zqD^Dkd|c4IpLhEJ=(U9WHO=eawfz`Cllq{Bz3I4i0X`4#R^ak6fyk0%;`7l70#}~<+ zyqys>UN*)|3Ku)#7ht$BN0hxgcToXF*{QdhAEWuO4OMs7bVP48|D@zl7sieXx?3zb z6)@)yX3EyXCy=If;&+Ksn3(7R&vPOP(DjhtmKo6`SS{Y%F~6Zi;^m<_!Wj|Bui2ha zTJ0zjXsP)h2S=V3LzH@~Bks(jbmT@TNM2c9l7-uehott9BCc>T`1z^4w0rNWt<_`*{2YBMY$UTWIb%alqV0E$BupaaMv5qRT2;F5) zfI6_VuggaZVG$6z2fvUwD%nQ`J;}B9%XeX1O_gD<4PkRi3 zgu2rAQxVA1KFsY2;Rq;$oYP<)JzVJklSmu7fOwQMi9S(g`~ zA1g%YZwV_M?>?P&IWm%fGSn_AXV&$x+ND^LtlGm1h@8w(cTi|z{to9w<=PU1CR=q2 z-ZI#5J?SfMO?u@S;d!|9x>>{4*ZZLbP?LOTT(6gu%~4;stG<3q^>sV-^`e-*{#U5! z!4FpHuz>LCCjcT)BYX-#G~_1+Q}x_%CygmHY+#XXsj8>DW|672%=kt$$ueVpDg9r} zp?z_v&O;M5PgO55%-RxHIjR0HxKysO(-TLgC5zqXNM0Ba!oUqKZ#qtnn~qOKIxUx4 z9TZ8hg!yPR$q@$h^&Y4b`62Ak9wxLyk2;lp-qs-9i0sglFNR>|J23kwm>v)f|3&Q3 zJNprSu^n2^3L@6l4&4RifHA}fOlXHb1^7s`c4#-(+LwM6Dw5HXI9xk){ z=&#-a495=bJ_NM$Lp!uE?5vDs3_;kTvFHf2#X@Sw=eF`{hM_i;H^Z~7*ZgeoKE3G8 z!*Kd^!Vu7~XU&b=@Z_?_V%?&updEXB=1gx(Vjh>%@8+?e4&H^meSO-ZM%tn~X^XDA z%hj{$_iZ;;F!7I29F<^;X306mrUj(-#ao6VbdOfD_x zypY5!&DGaLEX^!Tq7u8e00%pN#@s1AX`h>4hsSNh`g0$;HfbF!357u zF;dlTeld4l2g^s|V}njHjzWB1i65FQ73GOuuqlcM=~u5H@ z+sy-ojf!s+-k$i%1(mwzTYM+HNhi3IH zM0)5%ng=($>#TDZ$TJ?6y4kkrl`jGc&0wJoi8V7`k@-W&BV6)x4!+o1ia>bhkL~=B zldYq!4oL}=CMrrjXtoEwCvpmKN+Jk?NDjx z;XE6;&Lt5FZfs`s&Q7J!chG%iBhnE}DY_;x*(}q0>81}TyM8mGtWjdC`%tW4R@nS= zV9SWHy7?MSb@jzwpSXLOz12!#nPV?7<47VWTtm|L$ty$pI#JzG7}nHf9(X>Kis!|r z1`9gh6{!FP?4 z%)Y}JtdslFWJ#+)>K2&H77k16PG0O2Fy#*$7ug6S(e_iK(ZcAgy$G>sp4k%{TR@{T zFwG&2j+4$tCke!YViLOX~rVp)ND?9WpcCKQ>W3bWefD9W>DG4o~yT_-$rn zS(nvgL%5Se_(C=2=#^u5(PcuBys92(W}KEfN;?qCfpKbp=D~Fj;19{<0E$j%@N{8} z)ZH+@k0(UIn4f=*;LIb%?m|WWwsRPf4;lGifa6v2R0RM74H8jr6WE2E1X@F=qG79t zzg|(S9`=wnWxdq=6VVB@-(_xiCX_3^To!WG_Lj(1s4Ax6z?!IvPlhn!RD^ms0&D5z zJ6lFkY@u3@B!i-`_b}{bsbi{$h@PDxZBP6Or&Hz0IrsYl>0DyrBt0rfACNE+4Cajuz`&HL7YJ@YS+3soCd!}XY zoR(eDU9~s#Peu2Xy{q{*g&(kalE774ls$FtTBeTY7k||82maREzYY95E&GMNQ>pBf zy{C6nn49|1M~Ul&&%HZ-)e=9@4J%2ySk;cG;Nm7Rjwm>5cNN1vAZt}O+@8PC#k z2_H$oEB81@YcSt~O2m{6D}r!bZIBZM#5Xi71iwfMlh`1`a8-><=Uxv+oj;_Y$#A7w@WlM0?YpuE%vzG2!df9PHdH%()IZ1@e~%?0m8O zy~gqFgkL8mO?fAOXRQ_a!=@XRKaNF`gKIzX7i*7o{1iE4tlH<2c*f^a9`goENfc*P z_VS3ux8c%fRT=u+RF*zJ88#KxVdIUb!WjZEq{8XXkAw;$Dx?o7kne8bIS=$2-QSm_ zF46rdvGw_~^0Ag^m5`771zoxr)rDeUNmD{VhEJM@v0zY^G*h07lSUMj6ApB~&MNz% zBx4NeUqqU43`N$L%hG328Tu?h`tZiW3y4Sgu6|j_8cM;JpB+|L%d>wx30d67=>Gg# z(GMkb!)3*Npbjy`<9W|$AEs*`xCuh+$<=x30}il6?1`~s*+kjZ-5?qp_#)YgFvfRm z;D+pR`nql~{q`y&JtgG#35@_@IR=YpvOk_%9PF$G`{QwFpfYjUK`zbh_kl?13wKw< zbYc$B;ydOqLCP@sKM>*nv5Hnc@ujZBb`5p-uNME+B({THYiIyAG(=uAmKA(C=q9~7 z-}L|+AbBg5oL0BpL;?&Nt!D58g*?cJ3G5mji-?l3$_DC|)(FbDA-Kpxp@YZ&D40dh zaTMyQfV)A8Z;e=Zi+U@m+mEz<%aRk}0O)&W&UomA4SMbvk})pmJcx3z3#KM^cl%L9 z-pg$8Q9o&l^OKH8xXzEwKTGez%{@#14!PD{Bv&A-_#ho+95jFgOGr*{mt5|Fzl^sh z5e(U9oSbKCif-olj3;Dx)aXPuCnH0S)M2@bei`UXI?pzRht4D~Hgeo}VgCo<4A9=|8%I7Mkd+M7v7ke9N~?l*^{xXen%N(oF{RzLFY zhG07+TRC&PVg9H-_yEFyXzME|UQ9C}ron7WvmFR@`6-SeOYmr>J=;uc9#W@njZkO6 z9XJ#Zmu?pZ40e&>z+vWO+XH{{iNv>u2?0wE6Aq+iURdSN5jyXs0Exqh!~}sRUa;US zeYH$cBIRZe6fs3M{y340onPVXV`9?iVGwMc2l*=WOpl6~>@%*VFgnA31K3-y94*?2-5E|n7 zTO;3gR8B@j<+H54J&iyk`dlV$IJuG(VDwfXv}>h31TGW>PVntOnc0Xu%#vS)>6gP{ z*cZ4qz^(`mEi@W+5fz`w@vI z9B70iPIs!EX`$q*(rmdo{JYbI?%X2D&1&-2S=(wAPnIYdufJ0;KGcTOSOLme=4;K59gNMdoMc zI7*0`Z8-s-*lLM?BWSm2G{aK{_~Ln*{U5}xLXXFTLLR4(K_2J??63?~^Z>rnD{Ewl zZc4HLJgB|*YX6P?h)wyHpdR{r=RPiK3>KcF!wUKyS_tp?(qbUkekdOQ)`fYR((ys9 zEkHY9J`L@}LSy5FAQdQFEZ_EgW&!STKhNWSR228$YpdSR`@>__KsnqoKw9WnNPzK& zw9nj?CkL|P2PD6WLfy&8;O%GB(FVl(Pzy}pEKp<`0~nlZU@sAFU_54T^fVmIw+j~= z`%uL@nURi5ETRPs#`!nQ{^NQR?++Xd5I`a9|KDQ$*SJY36lD4t%1@p5U*$|34Cr2Z z=|cgnNQi-8Cm05Ft*^Ub7EOexULIb{rsm*xo>{5vyk^C%FSTsKQs+hW@>x^-&+MS* zZkV~=Wj1`;X1>V-Cb=eLe%l(|)a^AXoB5>A{GrdxPqmp#edc_hS@T(&+3qtJ`pmA+ z+03-heEP2%|4H56@dcZCw$Hr5*PJ!OW=@q%cG*j|Fu0i=wez<#s4u9~x|3Z@h6MW1 zj@;@W`Q~K}2+zQbQa^(Z1IuVO%`aBMrP&6Vps(AsjJIZ?-T2O|FS|3#&Su$Xlue8f zVKv$l_vMipfqpl2BxfvlipL-^E7YSedcd)C2G+0B_+l)G+}sto`Pj0$AV&hZmSkp`B`^2yIg{ww=D<6LHT(Loq*7i zdw%{MN-X5(1%&fH`FYpjAwNHZC)WqzXT41Om7k}w`{d{6iAfoL&Ry3Xs_$D%=M%v1nrD$b)*UG`#N;{;W z9ctXR(r#N>Agz?`K~-T7nhE>XQMLzheF)c%3orCHD6iE!i1rELg*~*?rg#w$2<0Cl}QVGkcL~%&v%r zrrO|&was2P;Ssa#k@AT=c=-#U6j6~Hw+9LrvsiqA-g9al>{MH0&$PDWTJyI_Ty?rC z-E#o1M4kwL_X)^{yd%D&^^-|>v1s3*r)4rGv=q-^nU%eTfPr9Z4Ppv4po6C zVzPq+-l!lZ*RAK;q;UIlf}Y#qu?Nw+g!L2!bQwbgC|nWgj{ z@Z>sxVbB-EWb@NwHH0qvY7NOjjYX`13Obi}g9er;*@r2Ko|OYz5XQY#=`pU1Y_l79RWl6 z%}2AWeX85}&3m#P>j4hOzj><@FkW*0%?W+z89Zb_$VW#z65!vwt9HzQFnLo84U7&k zycQqrzahkh0+I7c>u%o^h^B}wuM^A@&{}|JeVT8w?x|WAZHk8IK`Y#Rw>y%%lPgKc zTyiCx^&ZZ7tF&;BRTfCEqAa=TxahA(NE7$848}f#{WllJ_K|?tKFJp}v%ENEvM_D1 zFl`>*4{4Cmz{XBM1l3=_t`pdOM(cD!ZQ|`wvtfy4PziqzYy~YmjBqx1paG zYaysIpoAvA<(d$rkx7B+18iA2;nbanozDRw17?B<;1morP zudI7@X?Z=Vq`cZox(1ckZ3u7#^14JxhJJ?fx(6b;BCo&jnX*5<)5_~KO)iwz<8PPl z^_ms`jLPeyH>00_kSa}9UK`A^kJ~0Nnb7efw}EDAEodu%on{7cfdE4OT3sEKiM&Bl zO3?Y9d4Ztc924~Gp#DU3vdMOU?=`2vrr}3B1%2*nvYUb)u4uVI?onyC!-ameF zDM8etTh_#NpOi67Z{h1z$$4Oyu@XDP>`4Z0`9Kxc$s0Yf!}1b)I!=3*2U9fmWL+Yg z0424Dt-0)5h&rck|DBDqq2DXaPvAl8(l$ZA)eF>VH&8*y#$NbQjG~CpZVNTs0n@f<)Tuew<|(je?<_zz0$2HD^+Z%9l=P zdFOJvX(hPuABhZv_9?H_`~ zBR4vhRd8ZEuBSr;j_15sN(c7+CDO}-E6p;l4CBIbDM4q$dS9LO1`RP1i34U?zy zr)2{Xt4Q2h-BFo-t9D-UUx^k=Yn$Fl!hxJujKg06<%@ra#qCtqf`Om9Z32&uCI8i$ z{1W6WV*SYx2owf!$GJB@wP#ecUW4kh=doi=S?u~twAKX67 z{kq?PJ%Z*Ed|+d`n+?#RF0^RVlw{|vb0|xZ0eoSo*h+Ba|9nIx+ykCe&5P;D&f~4! z`iVabeow7V?bj0)$=b;}gKrH$CB6^#w|8UBD!p>fDU-i4`SiFsi}}<2P>Jjh9l5;x zEn&2Jz!P)@dlBq2sEu8mgLYFjV{(gWO;ceR>aW5xF zpH-fy0hx)r_R^CulT!7xPhnoJst0x^i(AgHk*kG)NE!RQ_KeTFd^4KB+fcVoT>4+J zv^V7OJQ~liV(jHSUZD0G=UtcX7A@5EG8?#zgG^P9sLu>Ot^MAYKN-5A9b`AKo~e84 z@7r7Ma?QiSn&3n&#*dED#jj;?dlN>*({EAPa!kVpxo92;jqMwlQ79&W2>XfMZP@j& zCb)s_=NP41KMIaVK|4E*J0tz57UPCYRq3MH9_`7Wa(X=Mk->yoCo}BKep-T^SyWW= zD%ql{GrD@LI#@NeKk5kHk$$O}mcgX`%EQQ%>fGmEyla<++qT*A^UA+BE!E;BedZ#989s6^;kz>y;Q6mqG#n4|}OGC6CGZIW{LweRnBt z4`$zm*Ulau)~E-bouC!w>+bqND@SSU$CU0?YiUl43IV+=abPgqULYXb%dsMe;oH!l z!PPDZ(lRa91%IwHk-0;qg?GE*iMTaN%r0O*9bgs#mqoyZo(=4JH|YDH_rOhzak1_Q zsbzUA5Q;$7^6F78-E?zh;&QH}=NfNL2bIWO#BD5<#A}hJ;VdCEck)KNv}x}gQ&>%l zap+0~< z!pR-Tp!8Ux?T0TV+U~x_&8)FpYjim(ak?kfIB^4y1KdK#?pZjykdxXWYbuqgPWJeP zJ#$|Vp^(K3QDtGA#XG-iS$u%Ui~``1xTyXU)`Mg0w%sw|;NO3c~CU)78VuI?IE>*H;7Xor4R{`dOFOW1Y)(L_^ zO{crwgX@rOT#z=~Cobcj7NEa?_H2RJGr7X9cn53v?wQ}gy7N}<-LvBXMYgRK*DJB} zb$4ISO0n(D!ri=Z_F}kRNz{a``Ye^s7=?_w?}lrs!)kC}*C0qif2$(+tHP#R85>EN z$1#%Na)TyVtKis5kCBl?{zfd1O8*Cf+~GyY(FCJ?E)d;g_TmR+{s`Uu9@XfxICpD7 z0lz<_*3Z{l?C%l}&V1s~`O;TIMHMY^=!mWj-v$SW4G5+mWL(QYLCgO11#RXz2C7|!^X ziLaaiehv5m8VP!R7}m~_5HKP$;=4vR!Mm&61n;iaVUB9Y^mdw> zT+YSc$vZ!Y?v`2uN7%_v?HL6#pSm7>pRQ(iz%1Z;j17f* z?@0QIq2`X4>Pm`uRPa9K)b#l(nxF@-OE?E#92WNTJpDwF;ilU){$R#yJH`%O$RyQ> zF*P@$ec5X=J8wpDg$z(48=iiH8A|XMRR<(K$1t59^OJ|f?d>gI+nFGx<;=zaVkH2G z37|O4y3C`;*aX$0%~*3^5OVZcl={pp;tdFLj8^K%tqCg`hq3*Ydw9{;yO$Jg*9rs` z&b5Z{giUl;hk|*C-sOIOJOnFh<)EBOv(3O6xZeH@4#Qd;^lHkb1b%@VC)0%w7%SH;# zeKWc4LkN}t@aV*?qtiiMWsmMaK*}%$IcNgk*lFyzFegyS?Zbrdy%pUr9_5efUnrAF zJSMMh5c%fSJNQvyPQM1@>IG0z2xgh_nCKx!xhWkK4`7N2?jvFboWj*jpUHu_b85~5 zEW70tkCCcasCCicn`nACbkt}`!o3ieP`@j_o?yC>0x(x8Dcn-f-v(YtU^Dq%M9q83CPc#&Wr!SfDkp{W(a)qN+|a zP^^*IMkp6H%>U@fRLrC0RLrBT$w$2yeS*!40U55qXqX?}I{FvN{s0&4Sc!=)kNJ3F z1IM@S$2QViHdo3;C|WJw|1SE|ybNtIKGHz?$2-Nnw+2_3vx7$Z*wI6}UC!H)_Gd?k_jRy2vG zbU*i2i*=Hi20BYW9qE~dx(7w;4#!OjrN)U4yV#1+077N&Or`I{D&ma%JSL2w^9yzE zn7@Z{BaV9dBXJO!JtWDScAmDSX{X&Wcl|G<=65pff`78?OvlV^YV8$&XNK^=Q`D5P zY`u6O+Axl`TyVxucY;->AbfSq;vzE={e=2D_>c4_Hx1CHi?Nd zeuIZmf%bdi?Hh4XqpPd0%LA}Yy1M#n92yJM>p`mveFPE?sRJl= z03{9D$MNuA&Lb1HjUiUA(?=n-JipyC`1K>RkJp#8kJq;*uit3<7>e`JiI$@UUEisW z*daraOrIC)@Gc9`;VsZ%-`C*`I$zik=DLv)=DKo(xvn*N-3LOLdQ&;+ZQAm7$Ur+} z;QbQlKbM0*&kA+1*>!${09}NE-fj*#8Xsv{pm-n95nQh@*AjZ#i<(?K)q(xei_9lp zp~Y{6XcrEnMKRuj)7BZF^>6H7Mt?SS`}t1c?2qNFP)8Py#+Xo~S0a*G(!YZHtMj`O zVL}>!5*JEcfaHP`ka-XbjPHU4`dcyXUC^;!Xc3-X{r$D>^eVkxb`S)CVs|%3 z*&BP1!r_4bbPrXjc&wW_X&<6<%9jK*m#M1ZjEQ%D29ktq^jEmLdu23%tGlBTm*!$= zZ?W8^^pe7gaDh102ovB1eZwUHU-X9B9e>q38;?9DOZZeCp79&IZE1Ci9-tpjTZySK zer~YOzZ2e^>E=gJ@|dN$mkXr;{0Gjb{r&T?{c_XEUwfaEUyyPvIgHvt(Nl{@Y~@y4 zjoI5yNUTg8FIVwx7$#sXbEYykg-jqVes0S}c4x90uDKd7)l+q*>MxKH`l!EgW#yWz z7Bx03>o<1Vs`Xm6!L0hTtxB`0nX)dO$8Y>cftotbZVr=Bv!shjq@d9>!@WOFD)a55 z8NJyRSi<|Z1G}Sw&5Q7?6yeFRSNIPEM*@Urax}pT&l#~a2oD5mS}bk72oy&|a6bOA zcy-vnor2fzB?Ez|+>B1a>&csJcbhaPZ@4Q3zNdEAb)C<$t-&H6>hZ-!#0*Tkt9cx2 zIws=W)bN7uFF^0aE>b~*9FEx87U~p#KZVLuWO{&gk?4@L9R_oBe8dKC%T(!`TV)t* z$}t)x{SXqK04+k*akLm?!;cDgzct6gQ22cnaDfv@>&C_hfKxp+K~R8GNIbV6wBUWZ zbhw7>n6@X~qxUmp1N8)4m?M6<55gSSZEy(s9OP^{5OO?_ma!xQpciuv5!<^!8KF1U zK;>;<=*G`R(|B_bXPjXnRiJ*41}pMahzrHFe`Sw8@S+gl2zFU z%|m~*L*c`UEk|>gRB)r4%JRz}#YQh4-^3{;89@tOwKe}AdEXu%XHoT^(iBoCZo~>f zQ3ABka!o;@P>>Y5x@e+B2~-rR6a7|nbitGZb8NVzTb0Z=DF-{n)3Sl{qyVR)6MhDoH=vm%sFSyoVh$`sRfTJ z-Ql|W8z|jbuE_t8IUp<0pIa0OER=9+00=S9;~jtY`;}baO!9bxMj8gBD1+~n;~OCc1E`3>0E#jgK*bCm0KFjwgWjeAVeq$qY8m_s?TG;} zcrlv6zf0sV89Y=Y3`R!N5@GNWuGr;4v36T*5xQc)yrAczk=V3Iid4EHKI*pZ2I`Wk zQU50g5B5^Bop0rAsrI z&sU-481L(Fu#7Gt-txWp3ptX(6q)Y!!73N`wgKnC{}mEiTMx8wh> z?N4v6cQTM|+GIswC$I~T^p3*g)bVOs&=nOBdT5FS3+%Wy05>i+u31xL4Q$J%io}9< zoz0N%w+~dbC!cmV9XAdjFnej$sP^PjZcDvQ8Y@YmdUSvFQys~tP`)Giw4X(BG*7oY zkC?NLlRT{Wy!j(fuYlm*YgNWmNux3 zvvg*PpL^$c`nmlGz)wr|Cl)e9Q@l^0#LgF<0T5ROLkzi&xPw%IytipYbHa==m!+G(nh&6UfOuCvMfP`IqudoXFB~C8<=ez zXy80Rm>#Wz+OOk+?F)?Up}xSVAMJ}ck-uhNsLikjra#tk>qJmAEUXMScp zIoJVn@h~v-f!Eh4XrJ;Dqb}Ny63WZ5?v=be3->!<5gt32xd-z)u9+krN0gC~8!c1<3CrR*~u?;=f^e6+bQ1%As zm>Gl01^GVODQpIZzFgy@y1O7R{Q{_p0?kSAC243X-t^<#j~0$9UtH;+>k(k>53pW9 z)Z-v2BB8<;S|aQLm$O2s5D2&>e1VlAz*iKeNqsF`gIQ;4e=P<83?;Xn90(lOCGq)p zq5phDjv=2+R~h33C>D?K^2PC`ym*ZZ#LFt7LEpwk6#1T$ijb8-*vgO$LhPe57?-dg zsbru(u=gXmNn{J#M_LBWr_klx?%wh!Mvr+4hOV=G`?$1l?P$+Bw@%Nd7iL;;6~-N0 zVHL(9KxiL87zaMUT6(xGvT^O`#z%3gXu+8w00`k)2q9N-Ay($49W@4gQ_m;1Oc<4T zs0V^9JC@r*!lhzBY^WwA1}lKqc241Ect)iMB-i4wv!f-7ITAf^p%+x4J2FFt5nrShdFp?0EAq5fN?)n+1O}Fur)qr9sVnq7rzZf6qYM*! zBrS6cNXRT~`axH7Ob{DmF)ga6hot&}FQ-7wVEk@IoYu+N~`HL#7M z7=$)88BtQSSvY`P+k8CH-uk9ICI#Joj8}2BF}UGo{~TSw4ZKpFCcC%X)b1D29@EqQ zw(M)lShpQ;a`=hs-K*G^?oDukQY$vP#^3h@_OQwzB8Lz~#s0eQKerT)71Wgzr^>ah zj7VKt1M;&#53Lzh6c@337tQ znM~1G^OTi2j4T~MS+hoqk&eN- z0mcPR6+Y&ct(;)4WL>h59kZXc5q!#089zfbhNf#AY@(E7R5GM~^^~55>{AWd$MHn~ z5^Qu7<~iJ8KB)1QT#{Tt3+&9un(YRhjI*CN!IX3{k!T-B54`*klTW167ZU~P`iqqc z$eS^rL=YFbi;=4~9LD$OU?(zrkluszNM!XCU@J^#Rows1gF)pW4`RJof>Y6ISxm87 z4Tn)`geWYl#PpRJ`C!Vek-GXU4a$4sMPnV z4y+nu0$LQHW#}-qV)UAm$vxcv<dtA0wDg(X*a-Amdi8b~p6TQz4lL-P^W3o)h zH7-hxB1JV}@MI6Rv(B_c1wBH6m&T0)-9b~g=Nq!XNWU54Udm^(3moWzgiMr7$k&4~ zr>RwYI{`Ty3lCnZK8G<0#C4(EvXB^Xq$kZv(N`7IvecZp5CWcl!^+y^zSQJ(c!K3g z_B0^6#=kRiIMga_t*=R~m}aYlEuMgHe7x5R(V+SOkv&ngtnj%J<8H{MfV0u!1iqh^ z!p8|aWNUa@f#=HKoB~MBWX)M6@JJ(c)}`Z1X^iaERBdX-R|BecD}zl~nVB&Rd4jAe zwPJRF?D6>}SoWE%Oq5Gbb9cq;qb#D28q`NX!k3PmQyM_ z0Vv%UeW?|vuWv$C(g(l4s<@%5>220pl)#c}L<@fqkn%ksvDT<$cdd9RfNch>$T6i= zKU~7UQ`zx2<1dbr2=cr-^Zb?8rZLXVUTUt(HQj4I#*srO>UK7dthxDIQ#GQ=sz1Pl zSxAK#yMHrH)NBa6`I00jmx;3oZB_SML|~Rwl1-%or>unw)wLEADp_XgFq4nv-^{5z z>2ud=wDo8uJ+1T3VT%$A?h6tYF`@HLBv>;7OYs#DOHWldSRyKcYa8y~G0}Mfpm6F> zww~RMCND+gXnb~#dHyxp+q#6PEI&^C6Xlq zc%4nfdqv?M{_siKo2#D*Ssp+nVHWK&FIDIDF&c@&ia;8G?APmL1|mOeRaj7_bXf`7 zOQ5@gf_ZIOH()ts0RZs0l}-xd-CNh+36=83(lqLg@X#UFWbLrxm9X&8hVDgz4hDz z>w<%YZ&}p6^|Ogl%43B{{(?yR7s|$-Nr930o2y4UrxGXBr&?E6KupNcYwVg?G~Wg~ zr4&j_DRzS{>;ZP3)}`#qo9#WjkVkg?eaf?`$$xh|voex{`bTo$ z4#cx)wdYii?SFS1`Q*CItMQmPuB9GxWg)CHDVZ?3fYbRPI`FSLO&D0z|2(S zYuG%Tf20T)%h!}HU*iGj?CVaQFoH{KJwRP)fI1HVdsYfVy$6_A8i3=OYy#<81oi+% z1NvbymNUnL$@IA-7;`+>e7uy##vBjUUKWfw3I_M45-%hZF&2CtoYKHIsF(Q~#D&ke zJc;Hwq~Aj*t&tA@Er}prkltL&@nO{x)-rx#Eu%V+QadurkhbbIC)(fQ^u>7#CragV z|33?xpUxEm3=Xr*lq{^a`4fnEv}7^0St-PwXguvwStG4rOc%mLF_NprG``cixu3{D zB0nMNmXtbqCVoXVt3906cD5|SJE=AM;@zAG4U&P5{vf{fT8|2m30+&sn@a&(N7#RS z=j|=M^2tkxxabChovF^72$bsVWHHl3LzQexx3r-f_XeC-`R#sbg8)}|1u9>MF2dJB zS=3!unwDEiQTi&;B)P*B9|6M6k`gq^NkR_uhxAZ&;u=~QU&XGjiak*Ut~(Wq{)n!I z{-cI1h1F_7dQhcajoMseAAvBt#vB25VAD|I;URPHMQ?BUMmD)7)hXW7fOs`#-`y>% zt`inG;&v=S+#cnKyZYgPxKD?Olk11kH|2=C4g9ynC6u`9LEIt;!hjwek~K5X#l9IZ zPe4%cjqP+xJ7j-1NmYhCD~)XDxbSmyxL9gmC%3Xls|pu!pL|-1pfgl?6v20apm08A zh4%5kK?`WeLkaRQo;|FoH!~INe)QB+D$JV~fNFQgPiGyHxgYM@Zwf&fzC-yQTa3UH zZu;pu$o3$JAclg>M7mP3)MHq<>#|ttev-N@mMR9e>vz%ARPH9Cw}N8^9}Fb&PDov^ z-r)`P%EKQ)Af#~t;t!lPen+i)9usB=WUDj+%XanSA&r%ZYa#;grSZEV^v4oGC+{;2 z;m&;mP6^)U%p7kXxKIoOa8^V7dSo4Yt?l+2@G>HkKL-Kkdbq=)zPvhsct9KkG8Z8Z zs#2P`Hy;Sv{sR{2M>!dN@YV`f}x~{I_vW=sY27^Z7LKH?i+^(bWWIl?KJUs-D>p;ADllHT< z)@nA~{|`)fIRV=N`5+bYyQOd#o`nFc8zl4amNr#ZM7^cFdQ0!2PlSmD8bx_x>|EB# zgYm6(b1jAmjvuMc%pkvClg$|Z$?2cYPD#Wx?wBoz7$iD(SA7`tlaguEXC^XjLKSSo zJ@}eKHnRyBD4-G-j-kTLB^m(FOIfLI9ouH7(VZ(6Jta=0(EilwfTp z9#EQ7hUv5XX`vHmbyQgbcx*^&kst^3Wr7qKzT)Ep7%7J9E!6)~_CR1Q!wQc>XxAlQ zE8PJ07(|%7rY|}lSe-xG?Bo$JgJ>*$3r@ymUi=FNOJQ?U-H%wYSiy9YKi95TT?l!% z-$n{94g!jvF@g#`p6IT!Cx!1yEI|Fh$3#e;9utn7U*YuP+~lSm^}=`oGj-TdW8Z-n z?S&-&H#)-OIXIEI%i?taKCdpZz)GyE^SXUTSO>r?t*!xgmTW-eoQZnZWTK^%-+PjK zCu7YTs&&4p#deB&mO0}!|zwphK!XvFz@I{-r;v=m8?6=i5T}6N_|gP zMeDPj^}Uj9{a#1%d%iyHtUNj^?`mOZT!o`FMLr@^;^@a(v_rX}H;m zi@(XYG9^TVIbLd>(4ygiKG4&T_kP@lNASO&x$K89;}l2%+%WQzglKF5<+kr8t4aVoo5jm=j1W!HHWt zlDCeC6N^A2NF8QYDVwXwi2>!rfqx8hg5?WWLZehRpLViIH`e?fBZQ1c7X`984jeGT zJC!OFttcFaUl~o10X=s|;uib1g_VDCM{;qzZBfJH2Q#d`aU^4iC@ho9@V*Rmbm4DT zAd|QFo^XkfNhI2yaEXvfB-);EiI7Po+MYn7m&sc?lDEXE?Xoi2wT&`Kx6;lRd!LQ_P8*OK}2;#hgH5F(;5%f)h7)ByS!OCq^KX zq??@RQBEw*hdCiK`6m%M4&fV}Ok#woFpaNRnfyE6fQ6DX*2-i^^ltJ^2#elL9m$*G zO^AygB+W0qlu)brs1`EmoB01|32xBpi_u}_g;|T?L5!nJr&SOWN;;xf2>7gk6Ix;ZHpd2};SV&6jV$|vNk;Q&zYOgcf?sQQ z+PDany+F}kg9V!qUueR1aHW>_0ZsW0Cnjz@bKz_Zqgx6X=?G`KPhWw3TtjDAznEsf zH@N}76@?2N$aFlcxEqME%>HjSC%GZrvH_Et&nm=#8Q|V$T}0hq(%@Q2)K(X-e6%y4 z%4yU#Z`a*iyeSmX#(32^m!E3tGbaL9m1?eCwW{5 zbNgB`X-XC!E?Kk$>q6#W+c-(soBtcZqJJ7(DVDFXw+yfofw z8U}VtuKpZlWf+M+e-tgx$$}4(TUj%>EuH2SQix%O_rkdK8tx4hp9yngoforw7dw%s zqAdYf^=if|!Z08pvcIsnJUbAlb2y8&wWEde=WFdCBx%C?1xH$*Lp^c6-}2%#6_+%3Yf%Xk{s?1h89*>aDLq zi`n_0L5_oz0In7P0+(^t*9vebu+a8CHP#|cPrb6w!py<9_ z-R^-cZI}EL_a)3 zw*kU7pbmW4yBHhS_I!Oc>V2&mJD^@1)~sZ^XaHc5k*Os}n;J$|OW4SEWn*ulTKMkUCac0&T_!~86`RNMp=HItKgm6l?7i2Rd6ZF%AO{f zR(hhYa%FyL%X}1NWE0T_Q-3lZ8#l_?-pW0^~JP7@aYf%iNI``Sqn+9;}_c@>x3aq3}!ryf>a?#etek}`Re0XxVcFb1xe z9w(XM-!GOqhM`1_&rB&Xj>LnZzu-Qc=n8;*hq5zOa0JCpO05e&E1pvUd z1MwuTO&cHFdPp7nkM}>?<0Uh=BWzo`^Zy>%R?$ievvh|{4D@dOSQNoZyUs0R81kwP zx@r^q5X4^h?`h|bjRVKP^GDYTKC zPM;&kIl_f5lq|Og>y|e}4F-UHAco@v#epoUgcW?e$w4YHU7QZCdp#IjcXPGorh=@2 zRIbh(@g=J`^^gdmRgY~Tv$@9X?sC-);{0z?pnhCI*Eu9EB=i+Fg)01!BDKZT*x@dY z)FjpoX&Y=E<&2{^c)=JxDKN1U@kDUk$4gU`Nk(5_>oWBe}=oE4u zZ#{V8KYi;%so-rxn3OY5--1sGx)9WPs}6LNDIV51|pY;i+b@o*mu~Aa<5spxY1d7wmO)14ezs-uU^H zor0+h)0Yg$bn^<*;pbJHSX33+Jc8PJ6=3TbWDzEomMsG7yo$g&uL@0-+{Yeu9NHB! z0ybE->PU5g)1$EFSwYq#YP|NU;Z+PLpB7L*8_9>JN(`=qMjB)V6BXp8kSW?xVj4nN zFVBP>b{Zl8L>8G^MOr7IO* z3eE2r06 z$B;ISI4}G;&?982i?C4Dp3$PzM3F8*(;5fblTReloW`3V{+}nNw7EDPJR~-;$}qGI_$bBA_&*QA_CfvnVx7DFJKXZOR|qBF;887 zCaSyjop;0Yu4uflb#o6XDhhjAbu1%<|7IE8DT^mQ&IYgLv2*1)c%0I+oZa=WH&Q>z z_GL3CAt^hQ&B#7lv^m#K9n3zSUUO__eYP)=T9aLq{zK2?XX@LZT0OLVYH=#J;4$K< zZ~uEL@e>?p(N{Fss5-+|$tc(PAi)|sW!EnEz+LlMnY4E{AX(<^6Ht?MWG=%rPTjdf zN0MwHMt1S98jDo!+@E$X$6#3AM-~LGn|22#7>C2PwCrqM+XJxZ{-)N=gGk#}elB2{ z&Xu*GuNwv$6Q%#LJ`DmZGg2^InrZqzgVtsC09?R|ROf>%n3{7F)3GD(j{;PKm-I^h zLS)DU-@s+gU;1?p!GR1x(4u%`s&y?}5|1ypZmy$c3CRnV3q&)Ez4A018nMEL+2Up5vKu|{kSMM!t6NstUC+sYQ{$E<^pGL9ky-HM?rHu+G`F5MvjneUnhON z$wkQFR?j7FbN9yp)tg)jQx&fH1is>AHD@zi`@>?x5=2=RnQxzO%LWZwgS7*6;9|}*j+u{giEBzB zniEF!wBt}q2+^e$k&;aH64w}gNc5cQ*lOTM-}Grloi=iZ`i@C%vy~Cy8`;#M5~&ie z5P{ZzQ^@ULL1W_X^cKk|#(Hdk^??~ttdJLtn*!_77*|1 znFoqx>~Ui_#lf6mQ|%OWZp_5l#8?@$f z5RRIy<;H{veY6f|c%L^ffeZ;=HlmDY$p;;hqktqRXmX&GuMrO}^yWgXJ4trGN!jFrpm8wbf@Dt90$A|9BwN3J(D|t_Z@lgP_%#vUoR1Pw-oO{5 zRsT2RZd|%(d`p;tWVk=*)NH5Wnkv6Y{5kR8GJJ;z{#Y$U5=Rw$fJWs|x%5z3&T+yI&pt<{zL2FsD1xiRTI z>MF2@TzUf+p&o=p&GBh%M>^)`Y})8V+kIH0De%Yl07suxmE~_!z~AjaMU1~!9Xl+4 zmq@l1zy=WHmD3C09q9;vUqy*%OQUaA9M8viCEV`j#(Aro89ES%kuvy)hE^1+(JF|a zyeBd-&28ICO^(BrsLJ;Td=N~p^@bWJun~5h9b{$-z1HW3NKQQ&_3`95k?I&lvCIHj{$!sqEwVWlZsV83&wnx%1eA!R3hvmzJ)(Btb zqC}Jv(KpMNw`r-V=E=cr;R{z)tt5hZF-iQ#(Zg5mB=IsJ5lQsoXk!w~M~L7^hd^3z z1Kzyxi;;Bp2r<4QCLioL9A`{`j9kj(#ROrk^P3b2%09JEQ( zz>hQHX;FSC9Qd(U49@anA12EW87t&`{;O7n)^~3pfXxU^bMNa_e-U2NX-5WD zMdq_ChwFXpggE3+9R|pC$yXdIbN^J(ytPU3Qvx)CN%3P>j9^ln*we<-%eFUUMMLck zIX(Xcf}9l%wRe(jZ^(f<9+2Vo{_=F_>qsQTo+0H36e1}?llvzBTs^Vx?mRpx&}a@nDn5FN9RNFcq~6;Xh@*0 zd2(f56k%KN02W1$f^o zPZtPKz>~5(P0uUI(+$|<`u~EbF?p?q;Sa~_qB4j{>6XILoa3qtx|rH)hv_(zc(}e! zcA-s0F9supZZW$IqUpi|UC94NZ-!#HV@0pXr)*7QtTnzh?YPqAwzK6VoCxcm?jllb z73a9&Cm=q=u*W4qh~YAs<+8{!z(N%dMgW|Cpr^lh>{%Je!|xA;Ew)qCkhNYLK&%3U z9lFf%c+O_VgLACGYoHkMIX5vK8u&E<;;qf;mHdUYaBGWihMz|@UF_Uhw$}WJ6#;GU zd}%yNIxq5Oov03)`~O5i3Q)uG_y&q=Dy{cyYZsoo4W^yEiH-T(A?fkHKiK=(kuD2eWFvQB6B1?*CzB& zBtZM>lqR+>7_&Vfa{|F2lsw2XT`t2MEEJ*9-^gWl#Ea!qAjo!*%gGpL?v(b$wQ6VU zPnsuJoz=ul&0gnrHvs;$uN6Az=|#T6gzDjv8X!lub(E8g8!?3r*u zsQ&c2Drj6a_#q?2@`I6Qo;(1J=*%z`dN9O4oiaQ?X17DiprpuTAeHN6enU?SN}V`l+WLD+A*>MVn2~s>e$@2Vd^9Pw-SjxrtkKh3|7f8| zDhgIlZ~a3kg_uOZEx}*01kcFsF=0mbqzP5f#A;CAc3{+fuf+RShmSo4D6sKyLHEPQ zuFa7iJR9XGAjQMSDZ&KI_-DLaGQ0 z4Is+#^fh$(cT3b!e|E3z^ zWi|3w^qgy3SnP(XYt!&q;Lc8F+abc-1m@@o4#-H*kt}DvyuV`{U(p2bOk6^=@?{%w zjC@sQ-=ZRg8GubObhhJf!AW~q#O(pL{*QTea=EHF4G@{JkspmmP%OgIV&f65o13w8 z=I2-Zj1w*^N4E`PQr6#_c>uFG;NwgRTOr&OgDoo@$k4KG)4WV6=I$c=$41I}M4RO* zJv%3n0y=89^qXfH`R7_U)!5r4~xf z*c8JHM-Fj!T+3}pO36bA%N9{`0q|P20y)Qzl$@gia;)jK+;%{v@Y4>Xg1mX zXnGz6`E0EBT-hFMA7DB>*SiI%3oq%F{DoLeN2`iG*W1q((*r!>K5j-iq76(>F2nMi zST2$Q7HxY6A0o+0vLc5+CXsd_N6`GR2+fq913aS7aJU9F2sdPwAXF!s+nZU6M@j8m zS;tmHx1W5EF+Es-#rP`?7sFNF0`#k8i&_BUrE1FG&Xvo6D^|^owwgu%n`(%c)yQAZ z6}14`G_e58h6NxC%nijIHklmqrOk=^#=FK%D&7GDT{mY`c+pG0$NA%MFF^#vxeG9E znHa|y?RtlwpAc01h!n)AdZY-4wGf4`qf|jI67w~}hotVq4vMtm4k~%)R<6Y>L>DKo zf$(0tkCX7?b>*B@4D*L`B7%EZ5gn!5!lNWP(Vo##cUCD*{d2dS^%^1>pJ7Qm9SB+tiu#-`vHo7PQRIg{>^o=V&w|<(J6OU zQm0`jpTe#snDBmc_K=JLq)+WI%`IbG8qb`5%Jh?`pY)|v>t^`|P8NnMI~Q}irXI2c zCb+9N^Cku#mhTmBO`kUVG-IEjpB$w$d!tLtwREMrdu%`G)lOsfRu45}Kl;=K|B#nC zb)m*CF{8DKjNMMbJnrr5D!fdKPvi^8qdv; zv>jnRyRdmI#qU04n^5c6bfFHPDv;d5t+BfFW}nQjSeN^V0m{hbDLb~?^au^|fji0Q zkY7(jQM*_dNe4y!a;SV`;exTM%fgET+?cnKjW0AIFU$r@+6!e!)ASOgF{2~H->s7- zbojAX>39+mq>vvL^jzDiATzy^9vW^kuf+>n*HM)drwzOQ){M&D#N5@mL?9|AM$dzwl48V+jtqZ2pC+U9`w=7f2ir>R z*_gop2e{1HwaD03xIBdLkZ>86j9mm1$D;3_+x(Qse}Miipk*ZVPc5dOMc+UDuY`6K zP~r9JvdnWpT2fk=(IMGhS`MMCohzoXwAFDR=Ma#>4d8c3KHrDT90r=V#`Doz*UW#8 zkmqaZ$;zh?yv(rZ`{(&Zfosg+!14Uqay(~7M~1(i=c=I`m`byphMu``L;pUw{h0W< zBvd~-=BBw!kgN9XbV9A>EfMIW+!+Wd4(Ov2nRg*Bq5gNRe+JZ+lsIN|WcV9vJqPIW zt!J*Z-rGsk&8bpY%}UTAbMR8bEi*b~iXNkbp_KA;Fjsrwg3=9t8UQ65&Ww%>e`6KW zTPa^5bAxUVweWrP{dzd9aZQsBgHP}j>PfW4242Rynb9G?p6=7o^i~-$Z^qNsRkL=4 z=6o`p>az&!Rg*;n)!fm4hZW)q2G~;wy-Af;awo(g=k7dNs%bZ(Y0T)5U*EJMcjxEM zzA0k;c+`cc2!huKhqVX(zO=9NCh-kAJ2?Vj;zL8;kdr{jjNA|D#LdX9WN$WfK1hR; zyMr1%BX{ln$%)n1AV|A0{BvQ!h!sb}qUrHzV zE7QL^{cF=txA!}>Zk~-aAD;-0q;eTN99%e$0aIP>)kP32E9=qFFx00dtcnHKFYwkN zh9L4j1c7B_PKdGo6)rKJB{2O&d%F2mnbe9!!F+%B8qCTx)7-HeXF^K>N34FX&w`li zGab{VE&;k1FX@&1g}5DyI*aG}_kBgCOu!?P^a@r4w8328P5AWwXtZeOCpd=;P-B&9 zvUaRP@(3y~jpPtEOqpl5md`743%@0F;0lA*-nH@w$!=Yzk7(K)#Wo6`p#<0DeBOB}>=Vb_*)0Bt)UB0vG zAH=@15ygv@?xioP1yg)x|AZ5jpwGFK>fW4Hr{U5Y!p&%DNzfj)0!OIH-F0nM&J{VoG`O=2n@wm2WsJ{c5$9Q$b|0Uu>c-j7UNSA+L+lZF!y5Mr5MZ7KQ!&(Q;!BF9O=&!{Uy+0vD|H0blL+N=(kFrhr zD3Wjrq2kR;p|ow^Q;ck2EnW|h*KreP$>kzPPn`KLxhDxk%&bjyr#Eo$<_&FIo+)r@ zDfH=06vLF96f600DH*Gz`?fH0)}jtwa7iNf3j~~$kAu~UcR=E?MLK?~1Bkv<=VAn? zD-FP#H%j!5y)TCS0a=o(rDPm~Xr-rO_7T>r&x5Xjp`{x)^YMUl)ENlSY#a~9Ezb2j zTR~Z#lr4yCxsC>UnO_?d+w`yz1AAaQu2Vt0ucC0b=KA*=WACIe4F8?j`GN-FL!GFAh@D1LE)8Wq7cos__VH5unRtmlMOeOfWZdwHRemmRfeaU zNu=HTje9jwLg)tG`etyg8f;SiqG+*;kcHt4a|7>@tw##g)D-?e zt;`7ucp_EmggE`I7kRSxIGb0#xjoBZF3($jF1D&xEr966GI$5It!FP_3F|XQ8|Jb`y2GQIW+tcmZTt+aFRQahcB~_gAJD5&gLl)3}7cHI)nB@3crrvI`|8gAaQ4M zO@qtXRP%YXnK!`&h7M)qBTK>Ig@3@o_Gqjt4UT(Py2O1wq5D2c%pSO03nt^*PKX1-eUi?11ixgVro4^aZ9m$9PS)mPsQU#fIbWE7R>+5BIa5sc?ugdwH`ws` zwG=9Xc!|YW^)ox5n7fVvKU+4NTgJd8a~019N+hOo53-Ofr9X^(bO}Mv!=v;}r`lD= zY^fo{Z;@2{dAvD|W?f|!+N@v8bF6bWdxUTB@%B91@+NL0UNsNIl)I5^oomJbCPkk7 zIl>XSk&J~+u9BB(zDXGrt;E%2vyd)A*<1hB9q}licS3gR971sz6MHAyEX@HEor*(- zQ?p~TOjk4Xfk%H{X$flx#e=eq`~WSrfFjw4+zPcY?sNt1TzKsK#aNOEgY-Fgf+*I9 zJ9=o6+U1D5k8`%#(5 z2?$5rHBH*?jIj*5XP|Up7E$yjy8y_)%lNl9d9S=8j)4o!mzm=z736oiWf_<&g(rrq zu1&Pr5iG(2J8o%Hchr02J-LY13!;r!Brd_&mTh3Hz?NbxGdeQ--5O)@iM{TZoEAI_ zL7{=LF4(=aCWVPGa1bNF=-n1(czo|VxIbJOZ7)T%pqD=q-*!*hdRN5Y zY6$li{Ahc3a&Xtj;OJ%)R(iOfSx41;D+Wgwp|Hrqjd%Eti^0)_Dp>0T`gV74A8~NU z2@YpaTb9uQx3YXO1T`+pUxpxt1}=aX25^(JNaeQwq;g}js}2#Kh!q!=$|di${%~hA z#F6(yU;9^)s0`of71#7xuUPeEqWdDky;LKsA+`}epXwXY?-cR}f{iu^virYL$S(s? z357f#WRBF*32Z5aWJX7ZzgtyEnw~CmL|}S+OS>S!h5J>E)j)l)1l08aNVnVzGxKdL zQRXk761FXY9a{qJK9T8S((D~YQGrP=5mo|FUCHDU$jvf26CM(lB|#qtqT-F*|E3?F z3A$ZI7CYj6dmH*eU`zD_GdeQ-9brG*cT};&)saA*lZ#w-nQRFtx&`_*Ts+vJS}!Ij z%ldRn7r0Jq8e()8w31FY`t-wzj8v=3uQ9kjQT8r#+9g79U*RY%^Z|FP1Vkc(*$)-8 z3qEY0d81Dz2#X;Li&5_^TJ#OwX=PPU&gLt~Xh3fXL#mD>uDXm_=s( zp8tSbw>I6f7S88bMZU;9{;FuUyGC^}TCfy(Xu+iNl#x%17qeIopw59&aOs($RLyq1*h zDnWHUE;K^fzT)0wFBLE0!4-(!0tMCNNB$EJHU zegIq?zz{IZd~KbyfnVoC_!;vxM4G?P9sBMYPK|wFCFd)DjfiV_&PR?F&JNK4_EwnN zv;#&!!*N1GW2_cr zc&yh)3H7icDQQE{(=)?!!bp6B-_ydULZrO%hU`P@20^W`)ph32kRF6i_a;;>78lMn znN)XkEPR@tifHx`0xq#s$Yhh@O^N0rCNfmgi&aRd%#l!2<&dSQaA;6$Hr38>ohZaR z?RThLSF@sWJ)Q?pNX)|%VmF_!4^M`{g8|f4fxrFow*&(&;vgbCa^W#ZK$J%_2|{`8 z`=rogBYbjS4!Wc-<_PtH%AP=8dmQyWNQa5R3S9S0t5_@8RP$ZLYdN9H^pRFpbQL%Y z=>DK*zRWBg6800QQl0cQi&j<#%JgM_s=GA|24t+0gB~mijx*ekjYFuLf()NB?q~GN z$W&&?vWBRz=XQcKA8+VV$c8j@Z!sYVI^2Btwl@@L?+Uk|d_&iS!K9(u(Hb+-HcO0p z)qC3J!e^Bm=q5x{3lKk<=!W1a<7>=y4qit*!Nk#{-^_J6wz~Jr!i^~JY#Wre?I%JQ zKbKJh#p|?hHfTOpUJ=v0=SVVMmLRH8=<5y)QBym<<;{n5HsB1EL>U?#pakLD_H?fZ z!=~reADUPwDrvQ;z-*x{_>oF;l-a?;XQ}mN-J0lNg%EA@d*ZcTe@p1D61er*l=- z_Q6~mRBwwtt!IOSu}C_Pn^Dd=SJLw;Smel7?P<{d68-T0hc zUwT5rPs=K%V~S#j31TQeO#IUq!6I@Q>j})`Z2(M06VPDo5zI@8!C#!`yt$Zb7?eCe z_z(EOUxs2k_&KhnjYf6SX)`fa4$BvAZ%bOXhp3a;`%9XG)6r%8cs6f9)=CA!2qyz#}rt{!o z+*r!K2&;8+-YkvgoCV#rRolYuvhH15;2yyBb=@^!#sL>mx$cVD7PtOd+}=QEFwR9C zFMiz({Q+r?rk~055{^^~_D%eY``9izQimTbR1E|yvl>FTy}X8;6?PoTFnJ)=-5v%* zm8_FSY(SiZZ{dnwVeYV&h~v?XD5`uDBinX`pmKx#*X&z-uwOBS75c$Gc2f1EY?97d+u3CcyT~<{VewOy>`PrM>2z_pn;*2e!yMmVO!r z^Z4#(tldhj_))*w#?JqcRqituu#yNe0X=Xi68l!PEMYP#u$$ zf-WbVx+-0B?ij2}ZxV_&gSFwkZIQ{P`<`ujb8V>q(dprVP5OVvcG~};9WF+~`Px4m z=PMtZ*Qc?3C`ydN%MZU~iuOR0&Z5?tZ z2W5W4oELn~Ubp%(tC{nN&*|ILglD1P9_D=C=R6bSbTa2!pL1AH&qd7nFQ0Qvkn?5c ze97k=ALJa%9Qf+09o-E<&P3*@|4km89OUf89N}?Z3MPlZV{XXpc|)#b{Q^=&o6(Eu zp4Zc6OhUd-5~OXGG|@o>47F~0zp}IJ^!1(#-~TgeQsYQ-<{;+Z>^XQ9A%qs-0V1JA z2-zWVtyG}tzBo3ZT@@6sj}>Q2A70~odoN_iU2YY6he+!q1;1YWYGpKtSUfJeQ z3DVSC*~`Ab=rq$hLZ9-`rvXFTiVuI;xQ1x^%|7&BYliaT}s49)W>S+*9pZRtbBjV57z6ri#T{Ism(cV7P!eNoq z!aexNHga0nrt?&Ji|vrRQPpxVK89R;fR?xEI{+Pa4M5R=6}-3w!FTu3pA6=WBXT`v zdzszxjN4-?=bXq4-PmL8Y8yAi>IkIl{x>UDueV=lz=4MPnrX=miA;~Y%U6le9nH1o zb6?lNzU@cI3C8y_qcvQj&JbPT8E7cAXA#Klo<#!GfycW@&2IIJc3Qp`Ml-$}#^zvK z)+8~cqa$f`c6)hY7c^CCo$AKQYC#M_Wa#ZLyaU%txG|E}{50Ge4GeMGm227Hgq3nJ zBUeAw29npC0&hq4LRl>zd>sycxrgt^Ml+q!tKq=6wd!S089$X#gMF;53%ycj=2pvK zP}5aFz63w(ax!ErIT8p2)e@%eoRABn;3MmQRMt=I26_&fF$ zhuga=;j9CJdi}nG#~qwnjW=oiq;I$BXDi=VqrU+YI@k0jai$XT8*w{1GYFgf+0q(o z@^`l{&g2`q{unUb_Erd`&iz7LS$`xehx~v#Fl)Oup{M=8>d*1ihGXxc^_IGTUUuoW z+Ubu`taQc`ZrAoAZBQ|Z&t=9EF{T>k;fZ|kW;JhZ=QEOzX`OBB$-IpLPx}5!pa{&+Sy6--G*E3k0!`%Hqy9w5G8H6zQyLULK?D>?*_b>`i}bWm z3-gLOGk>jx=1kQe`ycRnne+B~fl+26N*ANn#0|^#6>$Y&*`>ccd z$D=8+fqh{p*Gh*K96@(JvfT(Y$AQZJbf-50mU3Cp2y@{c^i4L)rQZ=K4y}?JIn=`H zMB{Be{vcJ!cxpX_s!|U=i2ulg)utIg97(E>VLk+tlv;JS+XZ#zOLPX^R0H3-;IRo3 z&5hdCf+_P6mS6RdD>8*e7}?Zg7_|SXu0ET~j7YD(@q+ZK3*hkFKROC?T+UUv4ARq# z=YBjJdsj}|t$>jxYoguln0(sr^8;kC)sb=(0^G43fD7%ws3>KhWAf>aunY{kqRzLJfRVcPX?8KIk@Q zoWkIgtT0rHY}ih+lJyd*hTe*gE$f9bS)_v-lDxnCs*L2B3L?VittqdNNXj!MGCU+i z?18UGVkD+j*kp;CAVhgl)}DiDKk#=Vme!}ijQ|ubjk;*yYEr|U)2HYkk!#RcdlGJEs zl-p17vND%SjT-Bz;O^MQ2eqtbVXsBxLr?&M_ugiew@)Rp&z(4787%%*6u1HcrSUxE1%D1!I_(Z+gJ-^~x!LF)h~gC*eX7>Xxny!hx%!Tl0jv{avrm&ksi zTIhd7eyvx5D3To6aaMk+pk!~b3#4O$y)A=okB~UAYe=7-Sr{y=l%C{KG+JX&g)^7m zCqO#-&2(p9t4UAHzJB)|BJ|d7$mBO7!RnWF+=eTEV!ZsIj7V$@g<)+q481F_{J;s4 z7!5neaKNSwn!Y~@9pnZE_Gp8gKU<O`XuQ#5TWA#um6>0Z z=#ME}*l`U$6GbDPb3CpD#&^R#z#PF{^bv8_-*y;_@$@O~UvyQB3RPh?ttI+@`OHc| z|F3xWiF}ejIKoB+cH?(7=1Zu{o<05vy8y_^W*gc-oK!mW4= znt!=u459UDgYfCDc$JX=YR-_le*EmyNG+P|cAp!jjowr-$aljaAsRSV+iHf;9B%kj z>inT&7f(Q6p)KqyOj=}idmUYmkO433h<9ZR!7y)$tuL3dj~C$jY?vT*In*g1D=mQA z`4+DZi7~h2dUZ@-KSrFPrCM4_E^TrQ3>dz*R1=dHDrNV>A!bocXV^|$MaMeW3cKD+ zh)maXUD#FTybsju{ALCT(bfSW=5V|S=aB+{kSmwhaVqazIryM}kaK*}4q;bX_tv%n zi}#1?U>^XX_A$njv9JV|CydGA5$mwgmF)3oUcjCu3dP+UNB9D52ja2({*UK8<3_yy z<1Jrg*!>?LD7*gy%yd4y@Yn6aQC0DKsq^OSUx5R`-VRZ7zcZxYuSxey?^LnL(Op^C zEfM+tQE0zSjMsO(=6M|<>3Sdy7+hZd;`=2)QAC7X6OSX2Jom~yBa>d1=2>2}MVmL^ zo2SB8x_Qz2Lv(#L?n|u3!3DITYKY!oMhCT+4t4Jr>MW=ZVd1sHyzmK30~?U)a&Xe=N1=eKWI&6K2A-DL;Ps%{sKK{#oA<*0Se$>Ye-r)<{c{-p zHAVSHSmhs|-WUJol7DN=nV7|njDOW+Pf7k&_X+>rVFOZK4sP4{cc4Z=x5mHO^miI^ zr@^034oz7fXu;+aa+RpDE(s6dpK4 zF@ZL(qJeiZGL;Jml3m9KByfhnzxDjvfLj|=DSTpOCJv#${*0{u&MuCp(AL7(%f3RK z-*po-e!GPSdfgruG1-M%fS1sizTpcs^l4bq&0t?kh+(yfJg$O+F0U5j#I>HuS38og zwkKcfNWNBn3VNqbT$HxBnP-eNM2avs+&brBd29l)>$pv(XWWh1;QMgw0{7%N*3kIJ;{ESHN%w$YY!lwub@9 zcn8=4z-6PB4a#(U`4|0hULy4!m#A+luG2%VBq@Y87y{$MEAURRW z_SHGjX?s&X)mv`L*F(-?s`x!`fb4b2 zr}vh4DeDy@yvvS3`-TSkKfGfvJ2qqlS^gP-@TSy-?PntTa@ten~ zv+Pspb)&L#pT`yT?c=Kuxu(B^_%&dB!1HchPXP^$&+}##$Cr#w`)wzK3sfSO3}5jP zX*IY&-BlO~N897JC5fi#FHi?9eBvSLo8gM=X`vnMvi>Ad#i$m9*MD$6Qslokxfxt4 z>E;<^;Qk@WCTEn3IC$#(2rT+>4le7W^c5njc#D-NJ*Nsb)%*7%VNn>cNdz8UB>IE% z`Scy^4M^_foWmz~Ooev~2%QDpx3C%IbQrTr#tDrC`tyY&VJd`Ti7khw?M|~^7eWya z_~en`3#WTJhsLUlAzt=NzzdD%{Y=vxaZWSvUcRwbMqFdU)X^lI44#{P8`wE**Vr$>^tbDh3{nFY90wKk0uQw#f}P9@K3ByXc9W#&DcwLulm^P(9EPxySix>o$J;{8HR zR+x1UYGkSWD9N%b7k>huv`M@^(H=XudE}v63K_#f2(j2D#ZA)i*xt?Mf0k1VF4S`^ zU{Hc_WnkV{O2ooWG(WkSb=Z6vItfE^^q49qKX@~C_a{aS?Ed6#;Wkf{X4Y~SS3DvK-czdKS zf9C0vSq8zKr?CD!fsbY`7DBvldV3WMCkJz>dJb->dJU1cO{f&09+v1$KFUARgYb+k z9RTcyP<~sDB{zwud)|XTknL=SN~X>BiEEFMybRyDnl;pC&z$6es$aH2j)jiOU_2WY z1dIo-O2pe)2D=-jYzh+phHadjyY!9N!bS+pygKtPFwq7S?uYglIF+?owdUJXx&Njs zm+YFBeAKzd!RGc{QTM?IU&dwRkQ zRj36YC0CFKnT3GlJ`V3#!Mj1+{tX50F7}gv$k`5{W;6N=*K#%>_k+kCF#*TQ*oGe6 z4?5nSy;4!d8K)e0^INQ$0jUd}*GPk8W4WF&~!x zI7#ZOvGwILe3~ZpCpwQ;3c#{?b@(t3vr@SS9;?M)a~q6`h?{tN^kT(CDFXI_fERwk z$$SK_zW=B^!KbqH`Z#W2z2A5fW{1fsgpwF}{q!+C_9CyNCPDrJPGsSoPHZ zCBU@RJ_Ql9_XkD$l3Z_u|NQ3_SdBYk)~^gI}?g%m4lpHh-TW$c;* z)#*%E41LTsiDv7evfHEfA!U0X_92^TKtHCj$lX?nRLgoz!|gPo?$ETVL>rff3xh(v zY%M}7v3dGANUn4vLrNp!7xqM_qWlWA%NdIem>#16LxpS5n!;7eGsJK*Q@v!0pw|0W z2&Whl6UJjg5v>Ty=iGP@~~{`5Rv))G~BS!2-!NzLff>3?a>|0%jdm5m>E>CIe$ znt(j6Y>!!XL)mc6&prN))mznLizfLdNQ>(HD_Yb{Vl%za~xRsqLTeb+Ln{FwDm|LQ}82^CG-YA;kKsGosxsZkWPjd zp{e4=&<+?CI(MA1h#6ib?*Y^LG-aycyB@ZC_N`b-HTd0mZ)Z7a(IqciH zh|Clq4GL>)%-#vXgT@G<%9jG*RN(v2!sV_8-Yd06eC_U}$BAtM=z_fY=wagRyAjyl z>V-fLEV(~JZT>XbYR=bGn*lyA1)KW?_nNCu+3|z^F8BxxND?gWM76ogVbR;exxFL# zX3^G;6Ydvw^?_Y|VArm~AW(YZYMh#Oe3&e?z*FdMw@osuXGlxjkgqa_P;&R0U+IFS z+0)g}$p=oC(b?C#GI+SN`#Oi|ok_N}77le)*h%8t0kBh!U$0*A9rzxp4cVu? zdwVkr;6E7Q1Dm`uN!d~(qaqFt=H_C5SW_QH%hiT=ycdp>B6IVo!>9{ASL%4EL>=%$ zs6=^lWKW1MA9ShvFjY1p+u3J&EzWYw`nY@#x=FtXy;$Ir)o}Lvv45p6+q4#uw5|r+ zwTAoQmO^U!K}_F_+<&cY$ep#UA=k3BAvd==l{*b`bsFBA0F$hq@~mASemj+YF_rz* zjO>9Eu&7&ZG5E|0wGH@Y-z0vsuP(j_oWfdhiVMawxg0!;%fYj;9Q=p-u^imGmIU+b zeW!)K->3T}hO%I17Mg>vDL{63R^(i59m07ct)FwRfwaOkrnF*$UL>urLw{t1A1^T2 zP$u1lX>4QOa2jLF)ya6>0ULs-VQfa__S?+_en?&T$>`(DxU>+zikd2T@#A*Q z>I_E?*Km82Ye4|}A4l=L2CSMc8elc2jZz4RzK{ld%pnPDz^NY2YrtC*OK1Q_PvQdu z=3;L^vM;6pBCuWsZoryUTm^8SrEGCqt8{OFmTlS&j&5nrWiM!QYQ=qBR&n<|!Wt=D z)c}ndfZc#NHs)8s1;ko0)MxyCVl<#)Ug1z%;cE2>(Y@rQZ{Du1dDFE?Lo@W6!hAP- zAhp5)rk1~8HSdJ3_J>YJ9&)pl6U^IZiWb`@aeK%EYF1F=8_4iNi&qP_Yr zW|MOKjk{E3(_oDmruiPr>Rjy`eB=oY&U><{D*Qz-PCosjBbeNS0#lAi;U@(a`FgaV z3$R_0U7JWDOcL0YqzzMCipFL4l)C8uy-z>-cS1nc98+v5y4B}(y&CNht z%>Ws`^X0Cfz?j)TBip#a-JD>rR)x#53@u=|YpMOaME+`RG%DzTL7sRr|DGmx4$YH0 zT(spaOStn51{ZEYbg}(SrY`A<{tB7axAj3Isda|Ao%6av&qwlk7+n0d}JxEw)vfq}w z1C|2UQb^5hsLy)5qY?|x4r<5z76G~<&p8jdqR+cD)xF3viNU#NV3VlII$z@XrNdTnzwz-#X_Y~5Tf7S3*2F52<|0x7P2 z{Odf85_?DgjL{c_6is}dVmfA0?=LibD(A#bTGAF3n#3z!gfP{cS!$XG5YurnUk143 zGg|veUPc36m5IG9*%Z{WKWag!L_r>87D6RShj*;t<@OTZGo#VnetGMU#CU*<%@`=$!K!px zKX)X&=_?uCMJjl+1@T-U%>y4MzHN8|rMhVv(cQI-?mh}nOhC9OPd4%c#p#yk0sedR zVsGX^(1UU!P$Uqz29WuH?S7c{u}(pf19%&k$h2!78CMZyT$O(X<6f^N)|CqKAhW=@ zaaJ%g$4l*#Z0)%WpQZ^lKE_1;GrY?z#+Vo~F^@nV#Pg#kSqQ}w2_-QmKG+yj7^#gh z`Hs*S6Pq8zn2^cvE)#8xiH{m%vH=?~NQO~%JeWOTZsTb)%9Mt8Ir5H3;OkP|3yTH5 z8YUX|=`91!pkpQ0;ySRO?Z$sM0j8L$XiX=rp#biWNQ!s{H{yvFBh_l zw|L`L;wx{V#_60`6hjH^)MWa5Gw0%Nh5B=ZBM=yQWU%7=V7&W|>|gm3^H6l8OZLcy7nLh+rmPJ!d${e?G% zwiMFB~R; zyy=carY5CUxcQ)|-}hZNrA+qWMx$)p&*V;Ey;j z66|r4=3ugCW}giF(0@|eA55!**_!zjAe6AFpb>PUvoQ_jWZ3+jn=l;<&-y!9cnn4a z+h}x$n^Ow+ng)ux1Ke|yP4g@4ZxkYYPx)ERBbqhH`pv&zM>W5KR0h?!nWa?o>WihS zaZ^rne)(!n3RiOrt2sYXjhkOeHP@D`#!Wm;RZ%r=GGzXCQb_LVSPer)L2KMBQ>v*g zS&f^1n(r&FQsRA0xSI8YsOI}JMmSY*b4{sc`L9Yb&9~;L^407auI3C@!_TS&t#O?w z)qJsJHEt?up8HZ+5$Mt^6@h=^Cd)YOi?v%x@!LN#gGUb#A;;ZL{)wSfg#`s(pUJ!KcHiFGS)^2XMZ^t z8;aZ)=Jdeq52r^4WE=8=Zyvq}%&Dc>E(Rx51owbBfj7V2C5n&nme4(5PGZe3VsH$b zgzf=zB4;{ca2&Wp_kcN>F=xc!7{mzO1Liv292J9ONFsC(nCmsOOAL;Gjr|SI|4&DAJY(K*Hk1==U0B#1* zBuuI#Ee!3>%W^M`!uyR-d^LHNE47X^@c57~SJ2YdEV`v4MA^Hkr+@!IO6eL|h!8aJ`trl8PNg-Lms z8cjII)6bYI(4OZLYBizRCrm(sGNIyG7qzWIk?(kjNm^u{PdHE$uJ8%t1jo3EGXv6$ zG;-X;`4$M&4%(#lAZf@ZEeeu)EUv{tQoT)D5+tQ;($XMlnN3<2By~xW2;M9_PI-I9 zEO6U=Xc3l2u+d8-{nIcas!Q&E0oq6LPaVi;f>3gxNJ6}x0N3anJ#nlgqU8lx2^==8 z-=iLX@nn;IO&ej>tk#C(V`7gZ_1!=~Tc72ORHD4JbT9PSBIkWcJL3A2$OP=ygbMGm z+1~zTF-jID5K(Q0%NJ?CYx@pDOXWoAj?xIVrz~0Tz@&lp!MJ&H=k+Xob>-=ktP#_9 zw$xWSQDmbueJVDVzEieBUwX6lhi|{dFMR8ABrj@OsJvba70boE`j)%v<-{#q@%U7zo2=9jzi&%Jk{XTtAQvG)`X z*@W`JFWx8U2pE7X0P&;oMubAISx`%E`TrsTph~gP%a2E04a4G}r}#M*c>FprSp1i4 z4S#bKf7i@d`>UhvjkRy6QrgD>!q=~(g_C~*4A(w>lOn{wu2i(Xu9>m-S+Vz-(eg3+ zW+{CfMm&8wra1ZE8hx{e#XkfyivH!O@;O!M=ZNX)*WuHmK4NS1?-A{f82@D$ubg-efINP_cm;Wp z^89yxkc`RNj+a7L-8@9gL!{SdV{&`{ieDUr1%+~PN4vXJFl|esUAy2>hMV9_o2ryiK zPm1F2s*Al(jlI`L-ywgpvTyEehf^a126snD^vrB{=8ZqNByT0}3&Wb*bz-rsXG?b2$;4EX8HLVlXwQX>)4zA1cfflpn^r=QM8S zSy*`vWUw|&ylbzeSDdCS7rKk@VW~%51^g#IBWFGl54FxX3fS9UUj{=lNu*!Kz~i7^ zaA+7;FGGU$e@DizpG*CE3VUSyYW#7CUl*cyuO18qebbVg6P=&a7J+?@rel1SFbj`3 zY3v>o4^>t%yrA0c77_MCIbjD7$!e7;{ExJKIL3Q_Yn%Dan=wbu@1vn)DZ?~$ zr#rWWMpYC#$r6wUL+z{UlF6eWHuOmVQa* z?Ay@+q>hdd{WxrI4>xmfNkw5os6?3Z`BTA~hm>p*0zW+XUO=6vncx3X>OKr07kf3l zI-EDZ72m85s0uwSsoQhI)W60&0thSO)Z@7F*f{koLnZP-dwKfV-kFN4TkTRGnLxSY zd2x3m>kXh&RKr)MhoW&gNtm!OTfWm1Bh!&Pk*<%cB8yMV8rn}`W^jaQPq4br+Ha=KRUV*Nn za7SqpuF>SUzMan^_+O&OVX4McBb;RQ4!2C~%-8p)e|LZlThqUiyk75UE8_Ki%qiye zVoi=Wv=zzQ-q5`22!lfMeIfMDCb8a#h9ZUCv{loSi#0t6_uBEYz8#jLWe`^_+2%wB zbp|y(;Z}p%rXZ0zig#QR@ft7ikV3Rz7#U?9UUXPT(!s(i5a9-TWW?`Fl<`t*pfWT< z!H-#4iG45E3laQY4j!CQj?xhkFGu_r1LCc0k^Tb|nm-#NiAl}!AoBk*kHJCFhAr+&s}2AzX1e__ARCU=dp8)%|4 zC>@1b2Dzc*hdhWAaUrAMwAXeB%H*ON|{q>?NaKhgEs=H*xL^Z>1a~!}ZksQp-yKg9O3q7TI zFxllVaV1U>l){5rnY#G)2eTLK=ix@E%w8zuW-qJmWc%5pdGj1^Vx{ThY77zwzyQu- z^1^^Imy!WUEWw<@yb&>{w0{60g+Bt0hwP&>!e1vPDg%}|#%y$C&OoNqY;}18haA}K zjWsV*5uJy?$pZHfV+3AfzQpYpLGOvV15TO$v~FGo{~|GYB!6yNB7ZuU$)8Nm|KaX^;Oi=i_VKid60mxsZ^a;r0gI$iAZXQM>&vb5>Mb-9 z(Q4(N)dB(qtx7c&qAfQUn%<^VuvoQfUq$JwC{;j$LP)VR0g41giGp&~s^>_Rs8xgL z+u!rd%~n8w>}QWqk?1!ar{xQw+@?l!aNR%|72IM$W} zl-sY7@s^0KR*(R|v6A zS`i!Lwaf9Gao@iI{&g{xw$sq%tSISZW$w{oZ45^vEA*%v~_V?Zu9(A~r&UjQ`f9ljh$32it7YGQW6 z;RAS4vb%+lKr8z)b%*o$wfvKjJ0-2^#PO%it`f5VhD+ z0|J4c%_D>a**^t1ig1HLc&-)N2PO#6pBaQfUby8rTPW|hrTje3&(H&M6;kji*I?M-0t{*Z#ig!LehHdQ!?5yn zXp$O(@-Z5=z)FGXRH)6gxW0wI7P#uxvHUYW$v+Am<;%# zL};7G4quLd)oj_+N)=KpJxl~UP8FK_SW9(k_BqCmqw_5F9^{- z6@(gykj)iH(=TI-hD`i94cY*j8e~ExIKEQ*gU|<@E6GGZojWh0K-`MIvi?Z9ZNA3F zm=82~uiS3f17!7@E06|gW$_Kk*jj2S36It)T&?+N=9>dvLb^{zA%O?VK8hPGEAwCG zfS5JMCTtBX0ahCLcL(&kcKjSXu?&nn@pQ{)|I#ydmAxP;F8GQ!? zm2ZDIclRUXY!A$kO6g-p!Z+A5xRLYcb@~3L@6#WLt73TzlUtQdm3n^n;1RLAdoS|4 z2anX)Js95}A%9ifr=nnG4N3ac?$R^Q8=XoxfrHstyGJR9> zLvK5gD=7nbFmff)c|VdJwQ3ERS0KNFTNTtwLYqQp-|)o38?iJ`z#&Kv=AwFdy+3HL z{tJ4|Yls=I7?k-aJ5X`|W_q&yZgV`4MJeZ|+a>;G-ylB$l3^!70 z=UYqRwI@FbZ;W+frrf!w%1;z5zIW}mM(yLL+@k}c+;=%fT7lUa@Kmp*KW&eXFM6!$ zl$5%qI!wFrgs-^@c7zz{)s)ue33|cbB=L$kS}}UZi&3?oh7&{0^F8-Ozxp`Ts9y1K zkhV33+l_#yjC;6qK^QT#Dk8F6JhAQ{SMY@PG<}jS+E9`w=Th-F#eNW^9(}^qevT)& zl;86N$&M#X7M=vEN2I!{C?9F5-z6x=#2v?ZF@uXFgDGV;gN1gh{Fbt<=si-vM@i75 zHH(D+o{`wKOEVGx$Vl`q!N@4V$R5mubhkB&V01+ZMk?D;R~RW63aCM}sYE~*9b@VD zan3Uigj(zAly?8D!oWGvrim5N9RrsXHB!JK2F%B6iTfK`ZD8T>ET7PH-$ki3|!B_1ol zj@`RInkmo?K+=l@l0F>1D9J5z-9B^F$_{PrUghu;R zb08mf2%6=Za3C;Q?sAlq*-1XVgC~5%YqF*__-nZ#VVq8}HX%s6aMZ+$C|Cv#)U_cK zQzg>s#3=%RXz+!2WzE4X!{_BOUn0Gr&+^S-YE6nu@EWvlEMTnEt8-4YbP(3JJC4yZQ1;Dr7cG}y33#f?Cur4vIl+@;loplBN|@iApu1OTmmpVk(p13Uwb6+JrozXd z!ksq7TxA1Qs?bH7uF|4?$Cyu45efzSx5e$x*yNHPR4J|dCJcEITV>v81@lHLnTPSK z%%h-t=7BuIJXB9H57pDmLv>{ys~hulo=su(ZJShu>N97zWG+u-Z;)(ku5rATpvk5_ zKyZ9j`KO6sZx~Pa*_(|gUG<3W8_m}@%7o})wJIzKvePZA(zP#fuOcF7-ib&VRq!8T zGIMro=CU{Xa-9?s6l~Lt3jFafuo9?h`Jm0C^f@@ zt%vhZS^($+Jm?Boz@SnB0mCE^8qiB1XFW=tfLzg;mOxff2}Bhyfiy_1O69bla0dr_ zPUO?CVH4}~q#kFmi0E;r-SJ*$-G}K3=YI5B(wIIDVHW5AB!K;x3!ZrQ^tkqT+rEz% zMkgz=McF+a<3%O2(nfkzhm0^NUr!^=B(Y#Nv2a^bkD3hzU@!3cP^DEO(=LC$l1z(Y z;Y8xboII_|EdsePaCV?NC#*HDgicr=b+2BYO^XhPeO!w9G6+A8P1i5Q$Cd$b1lnrE zOd(lm_y5qXf_8CJ)LGnr67cOKf)i$2^l2ntFINOXt2D-^NWR-JW<$rLoxQfPHrd9< zQf)M%2@x{W{QsJvq+B2yjbZ38CaN0Wo2=0HZoptj?v7t2J;8us6cx2Z{gT$GK~AUF zva&d6%-n%zQ6oiy6FC__YW6OSTxTalHEi%7N%L;Kk<#MkeF9c8l%k5MC#sx!A~*Fw z$Aqbe)my+HR8LJksGgpBP+g}UR`*j6PdZU)P%_Jp*=ih?wW?SA@Otm|QFRf$_;l!P z)i-7Qju}IsS1R{oY8kVs&fC%yY@r4dNN)b-e$HO&tAKJ^c{=rwo3ZLuqmUj+i`U!t ziM3JM7D?*svy$ovG_R0{e}yR`jHkw!+lq~A47`(CXp3H+MDrGr7H2-d>M+aWUoyRV ze#6LsRm8=%3~H}w#d2`_2ciJdBRa{Ru>RU7{v7-7!yoBK0evt6yej!E?Im!>r3$Z9=t

N3V5Dz)#B3G6j!ZbjD)F48iWtFMUedv9Q09r*zC_z+-)tsim;DmBT!rOU1ug(y=UgAsW$mhY z0{`IJ)}_cV+^e4;!%`$S?5Ja2AWW{+YxP?@_HnH~j6R07`Z>~YauK4d9X2`PyQ%d~ z4R$pAI36an!g|V}pFFA?n@j$Z2aEvwX zq6(m{)w+)tu#5(yDcYt#a6{bqMpDf?Adv?LByv$u%qulhP`OSWc)IedL5aWqGEkx@ zjX6p*a?{oJrr;nU0{`a@4ovGDxVkdRR>!x8c<6(O>mIb0m}WeRtR(xl(OQDna&!`L z&AWX}qoiJ-skUG;3nzYyOO^OXZl_0Ix?f_TLu53{3WQcyHl-t~_-cecoK7>9}^ z4&w*&Agyd!M{qFdz1A>?+`mZ1h;NP6x1S%qze?qe;kx55t6pi7%+tG4Oihg<44*{2mY$xf6PgQP7{<66+!%ng0g9X ziVf!ibP}b*0%vcuU}JvKACCK8e(E3c6X1Mq)I^9EyevGccG*caL@J0_>%Y#EW?CT6ztIRx z1!2|jf9-kjZS{in@1^0V5wGgOr{<+P3mHZVnRda02nFrUxf1h%Yxa%J?m3>}a^`#*0{E7}4r>=KW=_6NZz56#6B|-F859 zI9$u)4WNU55(dz%i2+nz)ub?h0FLUE-iR@Af4(pXpZrH!+=+R25N07d;Y$YtOOpN- zMiKC?HDS5?H-I`Q(gW4FH;ZVKkdLJM_Zlx)u*Q*NY#X>IMX~Gu zrEP_M>zQn;ThdW75jzbXHR4E=K0rZsiNFmX@W2FFW|s5=B^q^w55!6MokijKa6c+x&KvkDEMXwd zkIoVKK@QDDWSZ3|K>#e($!)>F{*pCxb z|D{nKC_;(QPbNz&4LZ2|7%zMaET%rXM=L~$hy#mPa9@TAZh*@V@%1}heeW^8z(eQu=wcMCYJ@TTa_=@3g5cM4O_(1m;#(IS9O7G_c>#>$y~MY& zd}TD3hwtZK7u;TJ8aCT6if*ZU!Uc!N-wpg}eVXhw8NS`RjST^zm#dqBo1|=^v#~C7 zdC;E}pf+ZdIvS&Q{7#mFP&rZbi``>5KDQ$|Yy0sOY!mKf?~~)^#;2bwVqa2HsW@8f zmkPwx3tf>exizTOwb-TZY>XktQ{6`A??U!R* z)aeBE8K(m-*TC8`a*&0>sjd8=ag9DsK6sZ<4`yZ+$bFKN?`R7^?rGJ)m~ZNR__$6o zj6ACsSE`ery~&LqFNK}K-V66DInf|d;}e~kSKyZxi!X9yfb#{fsiO3O-mxA9!f}XX zAdnu1==|MV3AZkKl2e+SvVWq+*$6H@CV=RWSBqm|1aZm>SsJ_@8O(Ns#|Bie)V7d1 z-94h-4EH?92b7h092Y^@q@exz56O~MN>g4YbCzh)_Nbez5w5Zc140U0PiB8%1D|E6 z%BId5T?91fX%M!!NMiOU;sC}3y6@@aW|ge`7CN(_A*aR)+B_A1XKpIS-eXp^MlKo z$A83bFq;pL^V}mUoadegv%I;0mNMWhU(RIwle){ftmZ$-41*GOU?RTe&A9Nd(=RCP zYgJ|pS!gXpxz3jCjL?RJ0pytxK2cf*=;*k+XZH-vzLhRhe9`V(AODrIlGCO!yV)!EcsD__@-29-k}i zz~@R|aRR6Ct(~XW)W16aC*r{`Rm%+)gPdx(k}Zk>LEd-22e0;Z1KyI4K;@aU+cLeU zx>EQU3Vdn1@{8|o7GF9CUH74q>!d?sn^9^$N_`Kd9zZl+lZA)_rW_O76@M0tG7BkL zaoG&9Ylt1ud0rLdWm#X~JQP?a_>ST)oCM$v@tv3H?T~sjcC+UJ-_iV*pEU@+oZ(v} zGui4~6hcVOmY<^#&~*XrfGF6G#v4Vfl2w+S=kVxT4tM~oMozNKt;}IDmzao)Px>#$ z;J+A^@A>eWe{spoha^S&qq-V)F1~-o&H<(+rj4HVM+S3D1lw*C9i(fQq~H5pcma>G zjYpd%<(zthWr^uSsb#qm&h7s#p5|&HxD7R-Y>m-eo{`o|U?MOq1|O+C0aaON46$cA zi4~_9FtDJdFasf_h7oa$hfxk_8@>@h>s}yz=<{$c_>EFo*MYp|Bl_v*tP5nQ=&`vS zj;S&rsRw~mja*>QP*Xre=h{bcIo|PgD~r4_G*f&N5;so}j8_)lC`m6z63TQ9OjucL zmy~3XDtm%k^dx7M{MCA^q_%=xCBQe~8}!crtoX(QJWV_#RkV_Q0k}-u2eZ>qTIsJd zI)k-m&Th{19%e;IO8rkojyN(Kh4Qr}etZ(#)hif&+9;49dQ?_J?$dhsLgk9irngOh z9;DzSAihf%vqP3q`gtT})mCBEoAB4{lG#$Fk7)9{mokAFiifh4azIgB)ZQ1++k~u5 zh0aNJnbjs^o8X=pHUd3l-A30M@xKj#H=%ozz~6cf+Me7-1D$nQrG}OGCKJB8goKSV zXX7G=S1XWBYQ#^KH-2;nUuOgjN=urf5^kat$BXq2Me5@7@yCIgkXikP#OuC6ePsny zp&2Lf82?Eo(I9>Cy*T?ON&4sN24xV~@m68S4^bNIVD-V=2CcgxMPeRStswD+K;pH? zTAL#A+60Nu33VNb*QQClGC^X=5)!X3<<iPe_`EXc`WV9+GZbX(&NH_7qrFLnY{sU3yZ@#(mMnFp*a&g0Nr%}KeG zLryPqCh<;YIRj|MX)A+Ijz9aUyntzx`UwDj|Dx-sS;MMN< zdJIn!{0A^$1H~Z?;=nCtyTKv-g5r<{&(Mcg=-SFFHmC1)trof-!9d#&SvJsw_b3L{ zuvoAlWjHF%)Hf+KCQKC-9`#Q^bOFW#+2x{FF~x=VwA@O1%!OIQ)7YR5kHM zUqQ&AtbV$Q4u-8lq5L!<#556{?m;<3n;_hzOmBkQB7{{5Iuq>%`x80{y{&vz+3Zp= zp}j!!ZWhU+AL=|#AInI!lY|sm$_joNh13r8-)FyXT7Y++jj(y)sfx{SK4Fxb@M)11 z8!NIpR*+$=OkP>Ib3)JLm1xV9jmab@JkhYdFCgyedQF23E0OAw8&h&$m^FlM0*Bh! z7#4*Y4VmHxU4cU1ay+6+g&_#acta5GqPJWN>2bkDD_KR6k~JQzz_-n=XjkU`@ z|Ic9U_m8k?C<_~b2taY}77YrvD%Vaj#3U^5wGPXFm_uwPF5`ksTSCMS^0G{l6U(Kd zEzKduYRHEeTl>}l7(wHo8!Ice4geO{)b2jSGTxKx6?1cqR;)vQ;bx!eCCZRx)mWl@ zm05boUA2OrbVi~LxbKlmk{+qvRgUhRf@}JUvqX7g9Ns3cGw@pKWnz6Vp9@1(7{>FOY!Ak!Y>sCKU`0_UN0HNhXK|R@#yoRS{hAv2O@D2MWL%W z+A89R@gdSi{&HM*V2!>;?Gb z0Fnif8ZdEY5UL4~#lGEM=-LhwYd=)Lx7`&$Hgn})1mO0<00b4ORHfO4a95y-Swj$v za`cI-pbW>Lq6S&CorQ2Xwu3)5IlloJQnk?8fpT;cNp5OZURq|GSWkA8=0AvwPNLbF z8#)%$&xf7;y?kjhTpsOo=_v+yK|Av+>4T|G)~lzv2Bp`vN>)(vGE{Jsq<94#&bgY` z2M@T%V>b+S+ZS=Qsrw|<-yHleJ@~|~?61=g z1CJ1>26ExEyY27lej_@5QgXVv}4shfJ`bVXuIxX^pU31OZ9OC zkInixj7M=@qcQ5aRCwW+VcwxXWolVkgk=hYB#rndiUU^v-ODCQ1~A9$s{`cRWKs_n zq+L5vaH>MUjJX7U5M9f0n%y1G)aEegmh|MVkKw%#iIOpRz1e{$YGR)br|UthzUtv* zBXdZv7Ic8{%6}pSgSpLoF12qa1T5@MTCg%#(9mEUG~mbVH{g>6g;lwNcc*+66+ncV zP1m&n3SBp0)Sb^3#8c2Wb2diZ+fx8;;#INL=)(vQTUQ(6pahDOF(?_?KhX2t z!nO%L_;mE5yYoGgS}rxx6ls)hm2#U!t~bYri2&B<Hz@Zo;Zg$p;ZU}P zWe0Pc02orX35;G#DQjMtTT#V;6{~V9JOjRU#Jcn;Oi?I!M`|p$#+{Wd8+9a3g(1>Zx%T z0Fe{fbe6G$YDgpJ&FWB>p1|-vo!m+gY9&enEA`;O$wZHvO)u-!ts=M(Z z>6T5RTQ`pDZwiTF~rhZ1{+cZndtChEW1cFW-|eXJR)6-D}m(lYZGf9Y+~IP&jBer&;y zV>0GSP5J)(CSTyo1i&4y{#));m4{mETp~Kl5#9fp(Bd-W**(Iz7ZqKCivrstCs^wx zd^oLtQz(8?0+i`-RGK~%@p4YRSd|yz^7chRLt1Ri_umje?B_rvQT)RTs?li7^d8}e zK=ndpfoqPXxyzvULvwehnrqGXe=9V%z6RvhOz-Ox9aP|L1nyit)UUX*W=?6&XhXh# zD1e&_aG~KZv*Ch%o@I`|FA_5(IKcf!;lu}nJN#Lwy(j)Yb|Cn>UR8uTUd;1Fj(#M- z`3}l?`YvgR3MGmu3X$GR8l(UCn2C00V`HYM8sBm|CP^WLHue_+!1oJ4I(r(Pktx17 zMRrO|Ld4z>iegoAXrgGTV_Lp{RRH>8_U0ZbAdqqO%sW!W=Rx>G@!vhaS_ZK1TpFwEivfp)0nCFarX@h}P~zR8#5bgbW3hCT zAw&J|2}Q0%ks2fYNNHVb$_a=?Py>qx5M;0|I%92;!rKzUUe$lf`e-zhqRYb<>LEx) z4oz0EE+e|61#MDZ%h9)_0>f6yaId!7FN_Xey^J*a?GF?iudA#&c4fU#3t8DlyMNlb zFK}yO6FzAukn{bI*r1KRskUobJ?{s)rmtj47jg3;No9i`i55j5+pKFXduwr*zytX% z1a~vJ0`RMnfGwuA95rD*2+~B-?f(!g@e-nDTHJjy7B77V-N+%x3ceUlTIpb{_i0}u zL{zbKwEekG+`74YC@h)L>sIuf(10#5&>szwiUzaXLT5+tcwu;?6=|vGf%6o=J>ok9 z#jEjc5g_m(_BZ@dheh$4bzs>u%lt!R5 zy(2_Ao~u#^#g+&4E>J+&EXxxpJ&|&!FZWs&Ez2WsgA>CW#JeRWZkN80ljOe%ls3 z(#w5_U9i2LBUov1H=^WC$MmIc$A@V$A~B!h7ATT7(Ms8#QAs|~cquQfFFM#VEI$rk zhxX04-GOC4d0bPW?r?ei0}-}>hKik-_@wFjG-J@7l)EgOTm2a)Qm*`xT# zAu4O;5q;!F7I9>(t$t1i!%6xy53W!I*^SI8oe9rvu3Qmh_o_eXV66zUqjp8WT>i*cq&EHOv(KUnagLX#Cb6FqwlV`jh0tQEKUaF{+~Ew3 z)5{7N;6{HfSyLHr2Rp*ny<{|P2uSO!q3FXcoZ(ym-F>3wl8~2mh!5Ar&eZ}vD+N01 zL4OXrxqAd1qVC{iuN9WJkZn6`5^-++1{PaiWQATDa0mjZXJoxhG5BWoe%IF|#~CUw z334<;b=J6Fa$Vi8->n(9CUPN7l0OYU?IZ7ZkG&$ z)t_?QbU?834=pS9=V_TpT|Krq12VWQ_W(s4GXz!mU~ZHMi1y+h0@f}^SY0r>1>6{Q zekKY}@h?`pB2%1CtAAWO6PjUWZdayg9vFRzTZjmi~!*uKcz4R<41t)i0q^n)z;6AD9tP?0dMdtt+u5& zVwM|05w*#|c5xYu#vcnwZZx0hl4^9s_O8b1h~5Y;G@pdtREqbF01TY9vZ!0L&XV=W zE1hd~Kz*E2X**uZo=KdtYfy@{SfYYbN`+f%XDa!0-BzP!6X^HR+BHQ2xBKoa!bVkr zjyh%LDO$Y~_t87fL&JMAq1$a%j=nGq$~hDI+WpyZ7foma zh_*dLSBrUP=QjeaVD8BqtSXp#kQ6)PSjx}htDSQ|Zq{;JwC)+2+sZfOF0|Y>%{@X8Q~8nP&4r(nD~t_@h8&6hXknP9V3NkT6^l|a3M}&;!S>2 zVTLrYgOG7PjmFi?+3-`%7a%h5nlR4jNIAe+H}vc&*wioU6g|)dqW9csEsfX~CR@eSCi?VJR1Do0+@=U_&cefXC~r6_&3XXQ9sb)t z80kr297+*;UrE0L#vmqH>CQ+@OcL^)<`^3I-(#7^D=Bk-fzf8ufRppbvFYOEywuJw zd6njmxG)laGgk$200KDxfz0g%`$W&iM`H=l0N)05Ji?KWRx>wj(T{>nL|np(Iw;Y> zTpt=saLo_+wJNkSdSw&u+Cta0&~%`4U3^ZE=q5@PB^r{s7Q(R>{(9`fm)fr_Egivz zcjkugVu=mK5Tq7utQ9-9Mn!kJ3?pPPMDMj>m_+(>#N>Uh(=7$9(>;(!!8yqDZx9i(CazSnZKI?VYm-|@Q ztt_=~Kpvx^)(f_@hiBl)`d|(PH#-#JFq z3f;R~h`uqU)Ug1MeGm+iABD~HBBZkcg zShgCDAY3M+SPfr@rFGCe6{}$s<(V@94JQHt@)_p1dqj(zt829gJ)dZi%Q7lDtiQ3e z+hdC@zQq>TjQ?m+`+y)Ljx-#NVV}ik$G8%CUWkFs$DaHG$hAIY6Z)Y_5}cqWKRh&; zWrx^TeuJpPJr8C%^}6J&dmhZ5;T}!vEaW#djDy~P6_vSAbT~;zNeVSL^3GRl8O}lLXrrgEwo49KP|m{ zEsNrx&$cC~X6yH{d>;2xT}kv^N2fM1$SmYxG49)J6pBg&03IDCEgoE}R{)kleV~ryXG{v6 zt2mYm6?p1jp#s&UQ}Bb?EKxLp>Lu~*l-y%jbhvLYSbDy&tOe)iB&YjgRCAaycCjRd zcuFJl%}I@$ClsDQ(ccIVUB#w>@Pp6pBSeY{rVn?-j+v{9{Hq{V2_S8Gm9+0e8a}^2 zCO!%6RfXbUr4edqWGH3v<^;}4%`b!$IZUseaHsF+BM5zLkr~eSGn~OIwu$j0Kf3(Y z9$R{y5Brt)UR{r=chC~B?&UU5UA!4eN_e54Dg7_^YDoBlg3`+x2cyuPlT`NM?t?ic^$+ls?cH z!;B{ZeGwlyRBT3pQm>X?#}_>i#xK-oR?`hrGElwDbZ5ety-Ge~ucx!5LxtO=TNaU7 zQqZ8CuPF{Z?J_$bZ>A~c?XH(q z3{RYJYg8mmFtPzlhNR(*`Euw@Mh}RSfSM{D4hcC%=utKq@8L8XlqVqE&i10qv4P?^ z=?<+)WjVLj+bT`FqibC0X#~Disn2)FB=4GA2yCSrq99ElF?gmVoV8kTcT9Z%_2Sg*E>t-Wf_q}1 z7zC1YXth8t)Jj60QZ}0uG>Xn{Si>>5nj8kjISQ2IRfYbFWCDlRVWC+&^r-U`lC4Wr zrK;`cYT17hG`1jcy)t+lO@aDKlgXg?Y;8~zfbD8piG|y#;6a~bHP@)I*O79@q6GAR zwyM~ss2eU7b3;N^j0PEkLQ8Q_R0Z>cs^EDHC(0G26RIMRM?GgkKo@`8Ycv$h#*-_a z0IJze#reau0-iMF>V(1PkMrsLEY3x73&{~CE3aB7UMbAf39dIK>@*VPc#p~*$~pAH ziMr1qJka2Yp=zN#PLs9hW*6;H0b)gc{DUf%{Mk;nzxXFx2D(0}S9Nn}T1RDf4^jq; zJHaPBU@GU6X-&C_1P~pv;4rQk>6H?x`$&$EGH!kCtT~ijr)8^dC6QL>aFU1ka?*#* zhvk<6(d$W+2-Sh-YZADLEL0o?bwFe@Re;DgALkob?hul?_~ZbhKyP$n5U%Ls3TOE> z>!DVx3h-2ChQ&PC9gPAyaVC#ztYk21a{pS_a~j5(g!&&Mvs|SB4HwRiGa)m0rtZ%` zBzlsl_F(PG^=ooByNnDhl*?E`!Q&iuvr!VZjJY(KxTnb)$$`n^L|)7T4WW(z&y z^oN@vqjpbz23G#bHLSb8rHPhV^f&`t!pF8{cgJmce1&u(av{QGG44INr)MIlbDo(7Erc9sJM2eOOx;wqbcNBG$%0G5j!=fFT}XLB@LDgjg{lYZ9ImMYr-VY;8&lOxDHEG*!ksbZA{h9nhhoipGsS20ScNw+IWs4y;w6jhuE> zYQ+vD?g#6j|G}<~aW~$e6F3)}64Uc2rr(hH9K6piDU>J3IXWzEFxGBkhb!X?A*dfU zp*KO@saCL$YyuoClUohN?zZfN3XXc_z@3*y7+2Cyr@IXEudxwuzD;KmRwvEt4H`z<* zVq>=ta}%ieHcQiQ(V>1@Y5r}|%1>ebhxl}>9m6V<&>d8nMwv+qZ zVNwC&GQ79O$5Tq$vI#6uTwul%$>U`;b(FD-Z7jSN^-2E7ve-FgL_zYjEd` zedf*-Et%xbbCG0sdN}Spfo4GEec;X(Eot0QjnBY>8RQ~3!8p^pXqw~2;e!7F{t6cn z0?B-q4UgEv$qmJ@z@&&sLbnb~ryQVp>0sp9meTYg)-HA6kqtIR8@Y1K@zNtmr0E63 zF1UsiIuWSF+b07f9dAF*Nm~ztnS=}h+C&E+1VTR_1#zAZctFLThs_4BVmtO#|LiZF zM(ogH>R?e^$@#5HUwsMGLwit192G@s4ta9=_VDAw8m%s_^;e~b36DI zGa8DTN7`x1d4N&5p&wk&1Wm1>plJ;45%j+4SoWH+rL~lBUZz_X=%`&l=VKOFhyrh_ zf&GF^Z>tc->2j+7xeMhgINK?7)ESa#IazMm!rHSy#d+N-esbJZk}=pEBqMDOC1dk- z)npW!?77Rj!+WT7O^P?yrckqzu&Vf;=fxGBatVn$p0L*j9MQr=8RXq!TNB}kG(}46 zes1hp`6W0Rjd7JMKdOHGbgVWFL5@ifkK5EBV*2Boem-`N`#tUj=oo`FR!0qBrYg=I zB}cfAkIwr21-lcK=c8<|K};gqYtY~&{jyWa*!sL+-Zk3Kc{SR^H~IRRga@Qbs^h&K z`VX7q*mQweI1=4*mNUzk*6emLaBj2=^*IzVB2Vlqv(AR1bGVu1OsXktuh3P77PU^3 zgsmiD+{ir655dM_Tuo(sWDEO`!{m1?MEMY3Q#PNR=n6M^Y z7&36Y#^Lzr_rvDIL~(`E*lB3U6tAc!0bc$}Gu}Z_x)}lCl!apTfZ3VRQFj>o$5u=87jl2V`u7m3P+|F7TDF z;W1=S=%Z{@L&!sHgSCHWbf`e|iD-sHrK2@!M20(=gA^jVq)m|c9eNgDsSWxjq}#3# ze><|#T_~vZkPO0RMq6|}A+(PRArvgIAg>rTqKVY2;Pu5X6bfP~@LR^k;5GoGeP48j z1QL-gaNZQ{=;sKuJ*LT`dN7PjFaJDX_vAJM{$}JQdG#_bFiN@2j)?N;gbb-BWS(>& zPWxt|>1QyGs#yP!2#4q)4x#}f8+`}vK)o+xq|`B~@Eh)4gV=I&#&$i8kBp|ujJFIy z{G|r~qr}EV7tvh@IeOzbKkorR+Sfs)1P{o;zGxb7k3a3m_n-euB+|@fqq96BE>Dq} zBFH$tJl_z|E-aZLsC^8Zd19F{6>*Iy1N`~u26YfQ*?S&^a%+_u&T(*&36^sI;|4(X zc8Zt#Hy+Rvy{Us^reuI68@G!vnUXT=LTFu%8ej;eJ{mj`O&PXQ1PdmN()*r6oaKyx zU`igsJ~(C%vFrP^Hu0FFx3!owsH^aieaK-)qvydjk96xXf0 z@0D(CLbIFvj4wEEijJ-Xf0Wpjnkzke5(5uSY(i6Ilf04W^|5!%$n^|GC+;tlA-YDHlrCE@y6nHS2kWWJhN^U#%Doc$Y@ii?$U5xDX@V0c3f__c zyeqM}8S_{?qh|FQrLSOVy6<%>6Ay{`AI3VYk&5}HqjG-X{6DX!eF#h#1rzqc26&Hg zqF-!)Yav6TJ9Kp;+R)9{bEG6-W91<>fP`7fodif4wj+B*j7)G6^0@x3gvAqAEZ!Vn zuNlM9dw;wOLFu0>nw$ zGXv2&Uj60h^Azow)S6AsdsM`CBuu)e#?mKJEPa5ty>U9I!P5IHSqfgkYmQWEk6}m< zbz)8Ke(No1?mp_c`>_#l*F4dXg3IKU8_J%?;)Jg6Wm@2LvCJZc+xdfe((_xshvP{6 z62Vu>D9hIoNc7zw$quqWSR`=mDln#$WFI>%0pi+@J`t*wQaA-^=oOeI!TH|Xb;|_A zgrl{8kX`=P?r?^CS62~E$CQPIIrLc8b><+N^b8(3}10-lEeumbHER&WT03ega7jbKHua8u)VLo z{iYy#m~~{%3PN}LXo3wN5TWbZWJ>0y=p7GKnFEb zkzos5oGYgw8UqXES3EL_L%&^@!m3jmB$FO7=0jOWCm-!niJ+@!G}dFXe6 z9Qs|r_7jJG(Hx@U7QGL6*r8wS{B%W7Zq5|U_xr}b@>y-1L@Q+%qz?UJF}lEEb1JX_ zTue&ZC1;~4r=`KUXW)DaQI|5Mtl@#=IYSIvKsvtnIQxvAJ9!K2o6hiFL@Zz{^absU zF@N7a?t7cllY0b;0xKOVirU9%A94hJ0fOw}rL>h*IBfYj7FNADd^_q&$B@35`h#f0 zl_CcVA1rh|h^=;woD*@ToA1Hk%pXE&{IA0TH_8-`7wY7O)OnAM1$f;L_i2-6BEH$S zW?2SmYQ**cI1vgdOSuQ-hQSBp%Z!4B&dKQMB839sn5@2uq^QlEoL~F|{aJpGszqq8 zo1WTj(6Rr3Kfe`V;ApsggA=vMe2+WW{MC4}zN?H)PF%8_pDZ#qxkAR!4rPo8{9X|7 z^ZayymTL74)+%JIuaupflCi#?{N(sg@ zJ|ZQsvH(tCYj|$$OlY$aAyloJO(93Rh(_fz8sGrXR7&NWWnzQ|~;mjj-g zPso@iFB4{P&%t?m=(wlgN4*NdA&M$(>0E+jER1I69(2agaHTP%2ceuX^s>jKhg`k! zfL3bOJVpc%#?0)wEW|l&h|4N;mLrAFFd(2TodJPOq@)4yAPb2BF|1Fh1q0#>SkvI5 zOx$#eR8S7H#iI7DVnDE5NU32!JoIfrw@g4BebMW0LqeF(hkzRmh^=NoTo=AOITT%h z*_HXy2$}a(4G4C%%7D0u4(7B0LBFw!KUj#oe~$gTpW45b{2UdQ@6rCfPZ{a#-&klk zfbI`eviu7yxi|aw4XjUTs90nlaBsr?z2~XgzrO@jx9ED2BD@JK<{}&R@AiGPf34iU z+P~}sd@S&IV-sc^gZGbEGKufNi{@>xc7S0WYCCDYjh2q2sZe>7_i*@$XkmGY{WueX z#15FmI+OQLa#OlU_dwJq;+v4zw4A|Et=gZ+0;zw3e&OXy7~7S?#;x|f=oenz#{TJI zYum4+`!)5;LqbC6m!HjHp_=*yy@6IS292XoPQ`-GzQy3QNi~DEj>n+xTPhgzMN)LL(vQ9yh^H+G=r!JD(qWbPpB=M(zb^wHAbU9ep3*N91hXD1R+LE=}wx8{*-W&yF5UmE**}jl&<=rw~%f5eoSdPTG{H z#VJX9N}Q^a7t&)-{QA?475qB;rZm4WEIj=&)9(moS9B|g=xi=$Z~Z^l|8G?Gp9D$B zYr6mK+JBMM=vMlW%;t3cPv{%BjRIFj6a1_x)nHf4jYfYm?H66|ZQn}GlZa2S`{im# zHg;NN8i;m0M9JQXn4;vW-`huRJzcw~zIf9DW{wrO(F^XV%#|7lC@*(V?5elgQ}{nq zXC3aVvvl;F?{Ht8$28%}XyT78;xyI*i7)cLn?+rZB$rQR*tLzUfxXp67)S?8PkdBI z8H;Xbr>vDMPVSwJuu}l$=RCvwu{&X{s2<{8RkY=W^>sSG0k(nWuIkZGDTw|Ep8L8=LY!%6oVlksSU_~xiB|3 znz)kf8@3B{L`yURf>m>GUUeME|9hk;b{W236a7G8bHtR^^sEqHSTSoqetbo^ObU#xg|d_ zb4%`?2}4rg^9_PKq-?le7*Q4}1lDdbBIvzET0{&3yU-8MB0!DQC^-@xsU@|uAJ>v) z3<-EJ6(ap`VX$hs3$2_$1TL*W+qZzNd||1os?AIX8fE-$#_vd?T=7J$hdem!=v6gs z#L|+|;;=AJz@>D!D8RA!SC~G8d<&4#G@E5uPKd%Gr4~FZ@OJ$6k$!LpQa-z90AlWBd^-IH9&)y+ zR_!J>Q?vG;$s?(4WLSzIS0K3wiDU7jSlE&#jv42xB8B9LA_c+cwpdTsT%(jgT6GVQ zC_O0G#Nqvl!$!7*+EqPZZT4Ve&Dzs_ZRx>CbfYYKa~q`xFV-F;F?PJ!6UGb&Br^Gy znr#kHR`@Z9yq?75R0-{foRI#t(zr_hTGSj7c`bFp z)TdW@{z&xY<))Rs1J*z*;mYgllu5Nl_DJ+$S&Ty5$od_SHMStEuhan@T2ghuw~{5H z%tT4+2px+*qnX-Z$kdw4k(osJiH{n>DLsE0N=e_sA8IWK#Aukvhk)xSgohJ3oCUn( zsQWyd_IfV>h>2kOGOzPH?A!EdFaC^UeH(!rc>A;%^t0Fuh^px{*tD`SyvyCNnZO zh#`+n?8f*)pptA1&m-1w3sA)LaBFqLMMDOoXivxp9JB|k8Hb$Isz8^(K1p%zae5jB z&6BhxmT1y_Lp<_B&5fBgYT-+5C{ivK1pOq?L^1%?#jC3k?^bUThyOnlalM}~g&ccX zAMg}}{2yZPuNtiy-=+-1urE!b8lWsRLji&&i7K$%`CiITmcfc$NftDR*ov*o(Pq+u z4eQI)UWlE zcH?VdD8Y(i;LA#Kvb$&Dl z=R2Vb#Fs3$O3&-r($g>{+D#^;Nb3A;DS8HfB+)T0o9hc)4z91%_uP`G0f{pF2)W}1 zBKiTm3nR4@3FkEmJF`i7L;G{ou8lAw0bxvSjBKAO%7{?}4R^IZ$jElvr;HCoj@`wL zxB$7>&!(5ML?Lhrq%%lnF!K`vue$gr{KF>+CzyZ@#Ta{KIPWyV5QNoM6zYC=%%u%@ z4S|)9HWBa$?-&FQXuU4J%I9M~!{RNTg<59IqSBHkBMQ84BhfREhsJa-l8$Gz4=Tm& z0)$*-LrYo`b>`IP9*ph-Du^7Fy{2BRH_UqE4nWlB1(OW65p~oo#U6-!V zLX{L9t`$Z=A|8`U=>FkoDuW~3v~<3&jnA@9NwDo*o z$5qmcy%$EWYq*kQH-lz)(e^>wRIfqCEE+cr2>#2@&O)y-jZPc#W7t` zDXVs(L|uH0mSYa0G-;EOR=SEpkSxxACrh&mcAh{+wGYGn=zhzbyq87$OB5CahLF|e zp77!>#Ud07}5*Al(h=`m%(aC9LfFPyIIlPZQh*1F%Vh0>2zcM#@yO)nuFolNi)?kZUjP;y;t ziB_f5oLd(sMtn-y-o^kRhi{{Yw+ChW*I$dG8jF97$rc1r8NC)tr?!mVD8<~2wNhuS z#rv}^FEehqtIuXEu*eVSDml1Fp!oS{EIy+$;bd(`C1ql!IKu=>COP^$#CWd)Jh>81 zeG(3~B+L(mn@y+_I}~bJrv(g4w4{SolvxXxqx58t)7qC{bEoF!b(INR4udkFYG;#- z{*&OTC1txm;-!bVx*mu&s2^9SKBv^X-^ijewRWGFAVXr%IQ2+Sf=El@8uNwPjv!Za7+e0sRLX3SAoz-rz>R zH;oT8tRQ}v|2_=y8O&{@_z{jKzRqNdwlW4c_ik=z-vGC_c`vS|&{>E;j+RcM6hGN@ zt$mBx7YRsJRZ>=L;H=+`?d)CJ3xWJZYj_3JwDhm&Sd3Y)_! zvAMvoQ5tQqKIz*W-$NlkvAmKu_86@kA?W+8Cf`xBTgawdHHhE=WD`hAhD;1LVRh1@~q(#PAxLj*9%(Wzi=>|VviNbL66(wHQIvZK+DHCf0 zWo#T`oe$!e!X2Mjrz?O!tXD`aDqg?d=yr?SL|XOY;;*tM_O|#)3|&dvbHr$XMZq37mXzUu3qcziQaxG&H zbQ#2AHP(s1B3`!sZ0nYo)Xy<7d%BMXc^ICMAXOOuD9{O^Q^CW+1hPfS`$ zC(*hi(QAIJBe!`3u_z_|>;)v1OPbEm0`LODu7zKz!@~><*8;+@+^YVSLNC+nBR^sb z*4(}FlA;Y49&B#^&>Z9oR>%q5)UXRiV2ch%YXYR9Xa!$n!_pxz5D-Xp@olx*)W!Nb zBAPHwbbo0iev9vbE#fgetF}^2WJRN&r`!T4k^9~-!L7d^mT`h4N7fT_Si;`lC zA^e6|3eJ|BkS^tSp zQ(0vtOWY(7guT!=a00AkKx%MwB{5j3ttD22Nk}l2h>PT^W5sfTw|y^F7Zpca!G!+k zK1k9`%FaRfsoU7l-CWC>>p|j?x;ompo7?*)FWV{(fw>vV>w2l zX@^OV0enYnV^@5M=Wx9+5B*TzT)_AsLD591ls7#%y%&JEf1>@u#_uGJ;Ya zot7z@NTn!3Z4*6LF)w3y(`%j}NEGFMkRXVxR&^nPZelyPmJv{Z;DBNgpkc73XA#cz z@!84*aRvpl+Ifv8jMp(a->h+%GHL0S0qmqY`|gK^xF7eu2$m+a5^sC8`U_qC9vlit z)VmX?B8~y0U+;$mg#H6}%tv*^QLa6IOvFNc^_$f5ahguYo9Ow7%=5uo`_(PbTBo5_ z+%Bb<{#JK*^mR;srAy~9!2VwJ$azS8iNd5rqoZ6$**Yu4!s@ymJ}8ZJke-&g4OSN& zMAgKwM{o@SxwH%daDP!=`xpMqdUGdQGTyg5^+s-jqOELXBhwb?g!~WUer64@b490< zc4s@>pZUMSeGI;>O5Ara?K;rUNb(QR{l98}?L`_P>Vb0ev*OLUe`}$M zSVi&3Bxko)e)2Lp%&SMS0%anpnJ&BG?vkDUXtw%aG>nEtK3p9tTTa2sB44M_0* z?Y)(6ev0MWD$475cGX`z(S%8((3yu8T%;(C4QBJSk7&u*momrj#Uy-${?`q#Xyl9^ zYUj^m&3vKrJXC!t%EL)AnD0OG@weg`ilFHX5k5lWd(2(w_!>O18ovOI%a!D_u6ci7 z0pi~A2^xg)<=M8~i2)_D3{Byh(?#z?_OAp7XeFHorUPI_!=E@^8-`jLDP{AON7M81 zMnOVi)}$Xc5n+;f(Iiy04wkZLbv{}>bsmm{G~_3s>y5x8l5W?^l?W>IVV*=c%?ss- z`&>Zz8K4a12hqGz0UFkNmdLfwr^z%f^9ALBdqogxY;xebiliAOAHGcORugzEpS;$& zEoqW9kq6c~cCx{Wc9@F$!xz;3WyOhG!G*CSGxlwI%#h9^;%teT0PoPQ;(!-F^0``% z(Bz%m7gRw;&;b`gY8F7wM3!q^+qpEO=SDRCkkc`QLL1To5G`DpxI3PLsxHLhWY>Zg z7Hn!&Y}P59BnIKm}Q`8FA4Z55*oAVpFE(ryJAHR~jdGLPDE zh8pDqpi`p^C$rk(Yh^majS}pk>#2NA0#~KlrzAv{Xv+(FM*+R{)}80EJM6Pm$84d$ z_!xzb$?2)PL@?+&#wnoZz)+x-(nws0LmCL~H?W*W{b1a~zG0RXqM$*!M+D45)M{~s zlt?JZ(p;P#Thfb_M9p#`t7O`#)HRor&G?JShj*h0ZMOZrkPq={gtq%z~?_|#HzRn{d=MBvHg3mcB>0?=W{;iu8=d8IYpoIgOHP9&SIalBjo()3go=W=ln6` zJj|R|`<%aqoGr|GvCnzd@4f6?$DDef^Ma7m%bZx$8ENp+kn;iN=rxzjX$v`TXU@&O z&g_tL0&_m?bKVqk4rk5^pYx88^DO4P+vl7ca(;g~a`ZecG5A2pd5Af$@O3^Ka&Bji zs%O?Ig`6)iXE(-@a_;Jo)5Dx!`kaj+=e^9)%_l(SDgLek3iZc3$wKn%a3T+Y7XKerWGl<^)!nmeX6bSZ*?U^E%}<-w=fpYF!g*oyl5(o}Ugm zCo+df2yx^qpt`1U9Y>G98j4Rwah7ynxJxwmtx)QBmjS3UmPo?vT%88ml<&Vc6u*PT z9S-{8qeBHFheKn&|B+C9EsN7_K}2vBB97^!-x@%tHIP{9n3nH2+*Fsi8&a+=={BnlB^hNeOU+?L4o3>Pyu38yPL=^- zOPlJ0PPtSai0O+xZa^ND7E1x63-H`oqQ?6N@OPOjQ|Q&dV^!`B|D|Np2BXpKs9LLco2+-6pJMMehTd&7PA>%v-Z49W zqryV(Zuv}&-c122)>?J%4g&#fb*IU2n~dbd-2Va_Lkq`LUE zt}R^>Yt#d`bQ52#cjbetjO&&!8s}l28Q+EgPKg1_G3C6Lb}UB$qE1JAeYeq)}E`z4N2!E*zib^(OKS4`gAboS%l1 zOGZ+d`QOV=cmPlv-7eJ89*h^w6bYVPnU5u7(*N+=AZ#ky5aVRN9X25@n%|l!=6xNE zH*u}d;UuePcBd8Hxik9B*JP>4isbWfRe`(H1*8 z^DX^NXxcZg5`KcB09ilMopRfGRHk?(ph;N~?(VbkiXtau+&NdF2TrL1!Mb?1=EC`w z*p6&NZUb{UGEo;mGk9`zLoP;HWsfvBFxhpU=avBDl1%YzJPqm>`UZ150Kp)JIx>Vu zFtxfNyqa5Ma;uPyHKYEtOmSJw`kq9Eu`V}a5Ei-nqcOA<+5=}glkhnk2>czjh4KJ* zjqv9$gfjqzwc80^NJINB<%c+cZvsF$MOoB7M*1a8c+}(zjYkQ((jBscySVCF7WT=7 zn>!ps;4*U5Hoqki^-3~qc)RnH33*CrxkqmnEeB>DlW}4LF+UBkM1bUDc6frcyNbgTj;9)iauBrPT5a^55kAO@8>Do+;W1 zMi`PQ0UDG2-00=kIJH6NVjD?PlYq#gmQb=1E%<-i_!#>YOdQ|&6F;$4g8>9rP{&LrXij`V1 zU1R-}#Ic@--oyoiVV=l&SpdegH z#`x0^XHB$zV#L;@)+M{lpc;8MsCBllR>>j(1EDN*?OKv4Uhg`Y7z(N8E*Yn}PrByL zXLIULtQ1H{z`-zTQt-OQfp?vQcM#!y5z|u@Db^wpSa)QK-~L}?edD=kMg562us#RV zhG7lm+=|ieUe)f|YbV}9@MX-vRh`&|M0DakneL5%il_HyWZi?Oi!ij= z2;GoH0&sgV6SySC$1epZjRM~#xaeHGi#U)lioPG{I9R_6G0eMUV+;#YH`IHe0Hh5q zABJblkEVh#AMi|lvuEo0o~d&^Qx|!rp6Ho+wrA=bHzn`-keiZsy$#EIv@w_)CF;Ph zFmStUMwAQD^vo42q$7;?X}D{>IJ>N5{BEJZD2?i$0rt3+KulQG~j&RUs6Mz%WRXvyG!s{jR`1!`#fG!o3<_{*x?UubZ= z83vkKGtPdL`4HzhX}Q6o=T87B+x)dZ;c>H@vETAeba9o}e~CE^D|eNN1;s7%s#AlZR`}Wqpky{B3`f2XOdQqn95M!8NbxpOBom6aj5?HLZJHS zM2-hsZW=*UF+}R*f=LWU=*A=QiYMsC76X*<9gIdjUlywxRckji;u^}bp%0=V;Wlh# z*j#D$(&j=lb9^(TTNWX@z~b1d#IrII70OR*P)l#IqXoaoHU_j9&n#FG3!UM zD00ic#`u9++X=N6RjRdbfNJr2{PD<0as_v%r|2042wJaz%O1!KA$BOrTx!E2`0`cN2L(4*bU*ufUYv~TG_!K#ir2itza$)fZc<@TCovDk9H@5Y-l+FBq8H3Y`#%;3&hj zZSXhZq9ly3awJ~)5ONP&-kq73k9Lfp|4nfDVlapU0XXurDf8^JDf8^JDbVRz%uNZ7 zJAPBY^ZUn${=;qSV0HP9X0#EmXC6TxM?l#Y!56-%{?-9oUK~Fily$-96h>W?jr26C z{{kO>X+S@K8lI3=)+fes0B`C7{I?kOBtBypeSpRzL6Q85QcKJn^D@Q1G2bb>@$}2m zOi?WbQ;Jp&;Lkzz_(uG}kiKx-Qs=VNN-cHqxTRy&mFfESDSmM<1&^q zzQ3Q(_`ioguWpcjp0%)iB=wAlQ6?}PfruYCd z_Bz(aAO9aET;t6660@A8tXGT2#difu?N!1rV=3#^NBE5Y$v>ZmVTi7sxQ|^MAL(ww zwXTgXPDPfou8pq%FJ~$1+W3m=3YN0275I$*$v=1Mn46m^uHBarjCFQRt7eC@A+CH2 zjFjhtUgHS>rn9o<$mpV z0bYSJi*q{<07(I0E>?s47vi=FLvXGEG=$tBgjG}wzZ|xmq6wL9dS9?@#Kn7zxmee? zdQ)Aczk>E4?5|xYMYj-|L+JQCEJwWXXFG6O7#R(q0)$@AUWi@#dmU@IOQji&O43hV z(hS_pAt~D}1ypF!$P|sBoJhET$lmRhP3^9z+x4dEgus2bVW;Ugb(J-w86dnJIpgwjwVNojOp68CSU z)VxKxo$ZSUn&(Xzz@a8Jq|y33wBC-G^m!A8=HN2>X!$CWOrR_0k$1)?lJ~#}OdXY^ z(U{jg0x;-5O#C2BgGW8$)we(HI(8n7>>g)+?ZG3J_ihZ`?ru9@==BN?&EB6JQG}s?644t}_(3 z%1jaB2TfMWKz_`m0%<`iAgjRjd(AkPMD{cIV|E{fEc(z&aGldLs#e05LA3g{lF3yk z7*bWHBvE>mH4(HIy%@q1AHKKBSP({kgjk5A=%4#)VFe z24DhlFl3^{kg*R*o^=I~a((B~)O`a=mzP0!5h0*2ZWKf^3ZnQc90kA-(#KpkAl!J! z+IriCMMwZ+_thx50tX2pL7CoH;-znY{GlJ{N}Zf{9*|i>%M`xCXJ@*(!s%WtG$RP?GY;a-`BeQoYU58wb|Ob4M|jGG#TD2JJb`w}1^ z#=g^krUO7!8ON_j!=!MjvjM&mdBUuR1g8?`aS(hjIt_r_H`v@1h^jCzkr98x zF0wEaguM2>Z5M<0IP~qpW_Y+9mGEJnd^2tynbULUoSrQa%|wesk%La%&qabnsko>C z@M?!hc=A(pbR#9>8?rDLyn2WGD4GXPAwT|we^6IWT!u|tPD2;LDvZ#EyUII~;&Lu> z7*@FpcPZTO_o<$pSqDq#{#CjAO?n=QUx0$xOgnC1X8X>Sx$o*-*f3Ri9+GC$cUR@U z>kI!zTo0pl0HdK0=+vkf%V_34-7J$=T-1QqgMhWX?k}%q7`I4J#(k@D_j$Ni)q=~9 zok1Ehy;lKDA0>d6i=3GfpfJO?XVy$Xk-m3UWx{wzCIzf-z-2xU51S_d><{rE`M<_P z-$+&dpI!bS9yU+7b&Mt2cS)6-@Ejk8KP7ybt-txAx8V_C3maZjU)Qq*cs(JIi@iwn z9e6%oHcvS2?mustKo~`Fsc?|=)xFVr<#GEWT=>$^$x;b0_G{CW?&DeGP`n8pe2uA= zzs8gM9Ry(4x9@t5kbC>8+;&gymtyu6O_^k)$Mz~VQ{_zDRzj>&52@ z1s|-=ZRIIt>X&<0-;c8QcUb8mD{c(f$u)Uwsrtt5z_uZENZF|pH z{#We%4ukh;dq2U-m+bw1%fH0lAGi0#73EL2_dBpw5dPcyqxL@2-d}=4`^-Pe)wlP9 z@otl=+#70l2a53W%)N-_dlW+K)@>9(|!=|7{K=d2XkeBQe&*@ zwgIXLJ$~c9v%=eR%+tVX^2H_0^|TtXX2u1N_*`5v|H}qDVO3&-w;^-I<(h$IN5fq$ zu^I_wq}9cA+G`|j3!VrZR$?=u=eZ>JHfA|)_W7O2rz2oVb2PU7e{knoIX==dOWA3P zS;9Omn=MyH8E4yn9EV=(FjV(UuMe;Ux`d_dGyTFgk~c?Jf)}Mx zLD$QDcQtfBf@=n(!8%EOASoUkXE?$#BxQIq>&ki>gJt#QBzg2GS`-`58g%yDW?|G4 z1C?SVP|6A9xm=iu9UAznFdVUr6LGJB6@{UHwHn*5q7xxB~>vbJPebQLa_ zbDgo|;&@~9h^PqUl#ox(64m-f84zbd|gGg zKYsdx6ev3=NJNnoT4!dbyXV zs8vCFkw@vJ%_*;>T$G>%q7*oVihCn!F33FGqYyR zT5Hy%OBi=|9HABee?!}GGk^RmP9vcvPT!}D?q z&-K8AX&uM&37gas$6rOZ0RsypURPVuV8oFNlflqN3=wxla3v=k z7<68VpWtfW&fNzC7_H`?U*QjDp+U=H&6X(g0*y-)d9ub`=89|%uHwivO$P0*lA+5p zO2$=m%K=S!{5S%yW*|Y}UZibT{&}AgxI@rVg_s2YhL{9_|0`lR0*>1Fr+`1;X~&?2 zCKF$QlUt(t{%NHC8R{QNFZKs~DXIT7VooD5^eK?j{2=CBSILOXM7+Vtt|D=f%6@ZY z8PFFbp=&*e(cbq~t%-}0(9a;&;(N^deo&z=O+s_gz(TL|zOPs4<|H%+Y!;fUl=ho` z73t;%LNjvK*a98nW#Eb|G9=VrGEDG*IM%V5D|BYb^QyAm%JG?9aD_FJuHRncsRIFf z+Y3W5gLZ(Zp%0@#*eT|NVKh4qgv6efF(NSH1JQ@DC`34Kz&qr?3|Iyk>~ZZO6J3rz z-;^EicCc*hY54~11_S4nT{u0a8|Gf26>FnOkv$|1Zfe{vWT)!;b2i1E-PRQCWP8ak0d&&?eIj~hkg-FsO!t+u zp{!*h8eg*Fi}wU&6D%|?rG|AK97fG`bg--zi`Hg5QTBJyT^&4`L1O%^o5|sv}}gXNwjSEPN`O^zV|79!kw4M zb$%ijynp;$Ka6vIIg#taM6QdHxz3Ms!7t?m6(dW=A(W%y&?O1ZzLww&=R7>l79>i$ zG+Ej^F-9B>@^az0k*9DtVe50&6X#kOw3sn4HGdHj^zaNT01=BNf>RR{aU~-X$i5LL zwg~i|aYR8PyzK01lGzV4(2x)siD_W273O^t=Ia{!ri!|TcrO7|%MB-0Y?+yzhGOMN zYS}JIY6HcM?{oHkH4NRs6-;=>Uh=`SR@jC!7ogi))p5O9`=zzKOWejZZ$+re`O^lw zKG8J~*kiZel5yOqN32Ya*4=53E1wAm1?Sew6*;7rroFm`2*SeQa$N}wFc%MSyPvKh zh&e_Gld3Gz=$U{Je-NtG5PzV@v$46@Ev33E^Fp|F&$jpZ({-l=-<&z}n-{lkUEZMc zv7_?tZPDW{1s=EAv`J^en5Um5=w-$S3oG+-Bp%!oew_)e_XuVi-?}r*hWMJ$-C~nI zR<3oiKfv)?EZv5MpV{rWpM=g1o1zYO_(+CuNG&e8S0!yOh4=7^zU0GiST-{L_4T$s z%+y)BNb5s=v*1&@+Z%v6Y@g%FSGv3K$ln4z);CNACJ>yj1mW^bQJ%Rrh+6=|Pu@uv zEGu2969p?ww#CM--KTBCU2HHjm)qHvK9-eW8YI$#8`pCr&I@6@#j^uQMK>`CnynSW zTOcOYNMWw(;bfD%DG`fla)#TSj`uwJw=);-hU;;OG;sqPkY%F(;vd_8>6#wK4U^nm zvhe7iB)42nV!JVS$@ZfqLBvfU;38ay_?%qT=%jkEP|0%yuGCMOQXzZXB|9l`%O(8V zCqnYRrq*n^#-JD=m$^!${KvmX!i5yIT7=FQVJi$-P|bm8C&48PsbTni z*j#FOfeTE!pm#|zJmC_+ZS-Pr8YT>%0xWQ@2F}&U!F3;(V^8G3C|(L!B?*AD51h1o z*~Ivg_$=d8nzfSLgymhV3%Ayo$9ZV7vDDjhF-p~kEDT&x>LUqP3_Ae_NzfNYHCXZ& z!zIiwE0sX@4FxjGgx`nThnae~b;3c<^AJZUJ-1o@hxxHjRn*hv*A65>woCX&zF{He z0-`YG$^Bh}zwfY^GLCyVoj8h!!tm^`LPWMd`jk`#Q+PoW-gm&93{E67TZ?ehwWq9q zgz5%1^of7Z`wrUP9Od>I5O}DVv3N>^NZ4Pfvb;(Tc$Xky=R^X8pwEENyT$qWawl8` zm78R4c1k`2BCI%ifMiloC}@)dDRCyzfo-oB-b=CQEd#$9i~%H6W&jC;FhGx+;WH4d z1JSsU;A6t6xt5m|xNc^Av;I2=$>nn32)mmX@m?@n=f~ER3#gnu`0`Y)A0$*}4+(>? zN5`L`*^4^tkFLA`TVYm5{Kh zJYkX~+*_V7SrUF;o^ZJ&e6u`ZiX<#3Pxyu;*u^GeQOMxFl8~wgChR8(sd`|-5t2|= z56$AGL64y7^>C$nG(&5qLvdgdv=Opv;xUAK!q=9Lq-C-G#N)_}RjmJ!6|`o!$z}WG zW()Yyu7@4TwLWM~$w^ei*f1rs--_%hGiTcxoL^ExpxYH{83`#NFafoUgfbzhv7oC; zbs=1C2X&TxX>i{N3SWnUYFx@ni~#Aa*^T+;jqqLbtZgZL?ED-~>>uJ9|iTogLcVhQVk?LS>qfFbK^X+OivlrrG#l zY)p^?V~Cqr5>j7``@)=BnrD5=7(<`O5!FVFL&`=}t9Uyf_0;tfRuy{&V;TvSnMT4O zO!u^9dxpXEH=Wv1`d}CL)2(+_B&mvIO1Uwe`0Up8Xne4QneYkfVnwF92V)8em6<}q zAWU_)WxI#L)SU_A45s!A3il0*shNCOHluuT2pWzWl&=Q{;|mFu`9i`Vd_B;XeP9@T z{lW2IDht;IzRSuIrlwMbD^}M1gE57K%1j|)5T@>L%icc>rofXLF0o$Lgq1*_ooB)O z!OXwyd9CuM^XI_`M?z)7kuV71i3{F_9P&x4K}DF=*@P*u6PcCiio>D8vchq^(4Sph zY~|uH%U&3#(w?uFo9@-mw`HGqGM@qr=f$Ve(7xTNG{qS=@94Ww49thsl`38j%O5te z?(Iu4>(&Ef-^K7wX4~PL$Kd^>RxA`DHPIt|QRgV7 zEL;PO(c@Sq=g=GLrIP>>&YdLdrTyKRZG;G{H_6&ft}c9IY&iuhBs<@XsRuYP@pA&c z8Zn5Wwqh|RSJ#z8OuQUnr#3N7>n%-tlcpn;rVunSW4L}FUBh+fyWsNz2TdsspOav) zQ8LC%hSDL6d)gLvCs>L$f>VgV6?eQXZjeH(te32ia(C96?ApoJ_*Bx|L8Ped2C40x z^|x!fc`#xfsSnRJFw+w-dssZwf-q}f8WS+Tf5~VU#FYuh8<<=IW*>`(%PisB94&&L zISH6geDPnA2rb2+BNP7Kz?_tTX|Q;pY?<(O12ZoH^Dh<#^2~(aG%)8RU}jnvP@4%a zFfbP;U~(1)8juN(F)#}fFvnXMq-Mg224+zL=0poa^AU2qNZywuVCGqvafEpi5+Ka- z1k8L3!>y(8E(5b70h7DK$S@$xbq1z00ds-H!|k5%A_KEB0duj1;eu$$-CWYMDgkqa zg`pt}CmWd637FR(GW5{=hGPs&F#%KmFqhg<@3iINW@sAA>M<~l{OxMDWpTeKl;=YL z(`#Vlx9i&$W)H%A&*14ZF!I~=6AM#Mm`e;yDS_v+j~aR=66VteCNwbe+x1e>==@%U z+26qQ8yNZRy2F;W4`Id{n5_mze!K3rFp~-MM~?QuSLPjB<(-wku76u=${J6Y^#-QK zz{qdcdW&ao!u-2|sWmY2+w~g@Gl4Ld8kjl*BfnjLurO+W4NSd(k>9S+!t6^t(+td{ z1U;`mU}3l<7|MOIfN3-^^4oRW zc}B;$i4^|8;K?OmwqI}Rl-+tLho6CGP6FnQXAKOONW+s2o|6oWz;=zbcs@Xwj~bYH z21b6n?)bUEvnyd_6&7WklYsfXEsNbw_!s;k?-wRuLJPzBO}N3pEHE$)BExni6?C6OSmYcn;?JwDUT-*&WF!`34d`bsw6vK&pqs%L+>)y|NA2s=wn|vxO z*e#Q<8yl@46H>woFgLm?t;ci!pmlDks|2XHTehnV^@!D>!V5+f!e!JryYTQNt3Z9V zR|h8+gUQ)qu+ySmY;a75!5wF=re!l+&XDnc*Spcokl&v={Rtwa7i0yF++^V`? zaP?0#tpwihUyilzffCMW{}r8T(84hj0{slw9WX#=qAT#%?E6Gt!8d^TT3OICQ**o| zfrB;hq6FAiJH%{k2>eY_1}&w|D`f{Q1Xux)xzhB%6S8Y3G6%`K; z{2xwiaSMid&MzPCA6)%mumuId9153IzNQ{&X7)m7kuj2tp#r-=M!d`(0g5|a`W-|( zYa(RuNQmE>h?8s<8Ac(?A{(*FKwM}e^cA+z6BpQsYYfCZ8_{ec&an~an~0o^_^gST zVg2PPu45X((Ot%YFgVzFB-#FtD&y@mLkiOAT9*(PF=jhJB~R#_YzQWNQF8=)PM zo#jJfocP)f3~j`C5XF6C>>p>&)~NxmaL!OnF2`|Zxq_=BHHmiXE@iUod&Zd4`dAvo z@m4xTxE|ZiDCrIp_Xm~o-zXHojRQLkxNv7chCcKgF~btX_0x6cN{Z9Pg*yi=6sLCgh# zp&@%F;))2dwl~(=rMozP{)KwjL%P@FcmjIDgj6|&NR4VrkX{MqJ^{DClpu~XGKAT4 z7dX!FhAFrZ)|iSdp<-(pW2;98CL@T zG3ZE_n&v;nq+O0nFgaeCLk>lVb?m(6?KcvmA+6$jOb13hJDK^;(YK1!ny zkLGmTMt-ZI;dsrU8QdFIj!6#MFcZC9vo+PidnOgF0q%0a)5Fy(OtOp`e1i%kNiNy!LI zlO#f2wY_fDT5Hz>T5Ih(ytK7Wp08;TdB8q^pAZJM1UfLDE*AtZpRgt>G#A^$HR5r1 zf4z;w_V;5!%S57~$Dm$;4+jTC*1AaSxNRp+0gtt19|M-Q?Bi}zf@>(uY9E4+a2p!^ zMS%<1($?n+frh`-eoN(w!V)0ypR3=v0dDdmxe>hQt`D(&l7F1L{9VIi9a$R2v5IY# zfW8MZ^~`4Ih*5xqo0TNAO{WF$5suB7^G|H_8F`%p?z^4#Z zQ6ChA*_Fk|6hT`ed_ab2H$MTi`kyLVXC8QeE-Y(gVm* zdQ_Ww%{&mEu|!(N*619Q91dtq#h&g+?M2|zkJH-HczRJ_Cy#}_CqUwQ#B?(ooMQpWUdw^?h?~!-TD1D|nSpT9&>gz#ahcs~GldvdGqK1CPGpb1nQj03H2 za>@86iw9DH^MB3QvWTA?m9Fl@7ka`kCL;ECuc8=;sew47$60VNQER3-43EWQD=52Y zeRjie#Ty!f(u$x)dODuv2Z3TstwA+?ZLYOYGKT57c8$OszxNG}i=tm3 zHs4$iWXF?IYzr~L{9)( zrD&oQfU!_vylrQ#*;VjO2B-6Y&XT;!D&|pAMpnad=cQqoMboAJ4cF{{kkdXH2nBDjPf| zs%LUE2pCfrHxXRx;s+ARA?Y0XA~#M$mhgdUY6#~JDpMKEv5Izh&7>iT$SNv~t}SnV zsd6oE$XBoBFOfB(kB-1szL_IlrIPf{M1o4+(c5Qfa#YTLRjC||K=Yuun3$E2;L4Pm zXgF3A4aaJtVXG!z{isyKN>dFhRZYl&k+x_)EKDZ+H7;d=Xv;MJcKB@SI(%i#KLtgo zO!m{lV4Sj@xsJkxG{CI|9?3;voe+@GXQ99W)!Y|tXfu`LTAEI#U^Kt&QV zSZ?_UVxv^%rN*eJ2o4FBL0y$_*ZXy{o738{J>7Mzt0gt<+3V#@!}ZZECYMwgRx!SB zv1oVR3CPy$wT>8gG`%hYz^NQB zpwBi4*iZ*iuXXQ2y#%(BdNHA`z`w&#FDEY$C7k|x8Y)Mv-%nAQU6?6k!o&ZTXpgN( z5cXT{7xu43o8a2NFxcL7J#X8*c1dBaaI-5COy%mMR1KULNMf7(byU{JkkB*RUPS|N z;{E#Qhmg9h1dux`27drWBpZ4AB`_Wjpl_Uu-+OBD9~y>!GQS?*_}{UX`V~$%(^0(w zqQF772j}Cc-TeGBBj)EfzcYXABlB_QPOI9CgnI;F@#cZd{KXqGBbXjt08+rWk74mM z09gM_&3u8hcpxczdA7wfVn9$#R22I)QH4D^76Qo#AOV;n5efKxJ~C#a84c2=`rBpf zqyFr3OYKdy;YDZBrTOmYCkGHh55_<&lJ-X|;WDjF(rD)kcx-H-yKpN05^s0mB=>cK z`BDSfEI@h1+B}e22R?@&oDf*ZA3C* zK?6s^xTO&kq!(is8*Ynt@Vs7(tiKr4Vl&{SOYw0^krn+Cx8CI?O4LnHcrCI-*8+WX zB%r%?B$^`bsqoN{dxwT7UQD9+G*Nt-C;$k?&*g;pqp^Mfwgk%#vq59y* z1ckY2Q9`^k6LApbQFy~PjvGRhr|s`V`I1oJi}K5e=@L=i{d__O6i$AvC~45*9;$r!8nB|I!qg^p;fHGP$r9!nV zLZoG;Kr`SA9o@JN;8Yo{QEDKiNZ}{93VYMnW5~&grN@Lpi%#nAxCkOLZ=!ft6Llp!Hd~M((O20;aVU z_}7VG5X<;uYZ-?!-K$xgnG_qviPxJdnr_K4i0NipTY-OvBCw+Awj+`mlbwn9n~2;u z5$7XDO~m(}OPGjb1eA+YW(2TqwsDEU)#n$y^%4#T;|d?01;i%OHP`L`1YKD_2`xq1 z%m~mBNm+yl_aCaPm!H!6I%1F?lLor3x*HpXOh1F( zcVnnWhG{MXIuAC#bP4Bcr{XBY8+)?&QwC}C+UZ4y%kq_=@F@>@IRM@OL{H#KF9$f= zdY{ORmZ}`zharqM#M#6E<7um#;wX>t!KuTzggxHi0Ot=yJ{~|DF8L_P==KxnbCi)s z_$3MMk0Hj)l3Qr=D(l@H?^^F9#~^ygw6+5OzFWPsR%49g<)W0{Kr`#XhU1JwLX6vX zK%CLm=#W$v=w_8H)YoW4Dhssp)O0COzg!{?qa|pZE@qpS&^U_yO{%!jK7~?ThmQxX z2kLgAA7#e5NfJ;TR47RTii6f9NkDOBB#iM%KuJbr{$sB)l~MiBDdgb*6raHGjZ(rq z)48j?>23~`DlK7t)1f^RU&j13TJtBb>sd8qtX0q3fED%XqOde&1}QEIt5arR}0g?@MafRgTl9-Owj)w!f2m99n}wg;!oU(-|ibzla%hny&UMoC5JVpn&dihrnLz~ z+L#j1=ruoWCoa*gg$5;!KOl{Bgv^q{Z9>{bU5B;7(Q{K}`=B&DhLa)4^dVX4+6 zM>W&h1mfTUEw)VxPxHWRh6jE|#|qVJg$JcD*WMu^d0X(F^Qvpiu6tM|y$s`*Tz6p- z@PS)?*4s~~wfAj|l|a|eW-*uE>hj+rBn&}2Zm&bmaMuT4<)Rj`pz^T?yr2;aHTbf~o4X4NMQD6$ zv=n%0p+GVi7r_=@R)lZTR|24G7yJqLc>)>TDt$rh(-5@WrL-7&*)&i&Mj*1JFN>#Q zgEo9ISyB15QWHUoPI4p^-k1QY^H)2DLk`N%MBl<9NNk7p{O`C%3&)c{&-`&}95(#H zXFJ}Ot4q*QzAd*F<)~S%Pn5U{YT*n?x}Mwu-OQTK)jfVFnKlI5a|! zC9%DONO%k({PB^mQ>8P4)afOmpqJ>_g$B*b{pdL3`Ci8STIP>OXd{u&te6R%-Hmf3 z3eiTsMT{=u8lAJjldlYZys-)QQo_^veEI4sNr36D@ICXK!Gx?*{Q)qT2LBy?I;k!( zAqb$KLSyfH<5_@cErcpW{%XWKbbKdHx{h=+DJfz06E^Fc5Kr91=Tx!f*{StC~L`Y#ZXq zvE=T;YD5tiK3CaK*JFO`*IsM<3!zk{p5Z5;&{?iTrttZDq_ZRf)HtJ1HD?P@qU#jk z3%)5`XQu-5CpH(tp(w0Y7A-317FgbNdB*42zJ+MD&PWGQYlU<(f6$!UAwlG0RK%$l zL8TuyWTyI1#zOlPZ!^vBP;xtcN>ll?0T89tg z%joBQ_*4()i+=}kx-Po~*2rVkbjKoc%**Io5_iXko|QC%`L$BbmX{8OKr(YBy5S=e zMWiI-1ZQxik{JuZwP3WNRr4p1h(ba;-&>2yP0ep!d`vhjg7v}YHy4~Kb-r9^F33-7 zVTp$LvuHXhX?GxpqA)Dw)dx$rkQpy(VbJkNDylwcS(l1BENJ;fD(d6|8zLUaoUU4{ESpg_ zfurAvu+~y^;Q@I%C>K^plxq}Bl19OJG)J*bU&h=!*S?lf;gS|))0QR61Q;4-!r%4! z3aXhnVVB!V>V;_gRhkE)p$wgotNfxBBxK zla!vvcsVeSksNj&qe*Ta!?ZSmNY7jdXk^OI#0I9MwH6i-q`lx!!mGh7!)uiIr5v)P z@Si04n)Ar72aQ+V%b}05&=k6Zmg(IYOA4!q$Zi3-V(0U%Oi62#zlx$wigjFZr3FqL zpjdWW_+ildOiqPXly5_L+|(~A-14p~KynOH0ZeNXoQ_n}2e4G1Hh&w!@eWHMs(TyO zWRyL7nQ#6Lo3;XJMwR)_M%R82MOgD2V0X4wRrxLgwy$Niw%<+(g$I64Op%geRaFYrBOLcVQqQZJ!Mk_(yM=KvjSj-jOh>FCJT?jY5MSF)9&o#Y7C-Cp+@MyPTCFUV- zcVQ0xLPpqoo^8I+PMKue=~2jGTPNeiB7X@vKncUa9n-^)or3X9A%{?YE&t*^I;km2 zUt=1B4t8qoQl4lf3)aQ%@kr2K1s@izVUQ(6SAxMZ622D0l7!n%CJD2I1pc)oP{HzR z83Pi8s7tVMB-m`UxDK@o|3VoB;TPwVav4ZbCU^@<=6kQbeqM1@YvBYbS0o4zPb4H^ zV*T7Y4u$^=nweiqXpA3<6`(QH6;dArv?u1?lgMKu@?o84Eq}2L^h>c5P(Yw$)DgiA zun>%GlfSO1O#z5O29DTIP`DoYiyZn0_m6^2qRW@=<$ANyb13L(S7wVNmFwtnDVfZ` zm9>aKnsrQFg_*Z8(Dh0iC8ZsPd}M~dVCH6z8Ad5HjBS&&;WKmNiIf#_7-smHFFhPH za{=hF%wUV0RjB%S0unrZ)Q*v3kS>ZaT(hCvnw%%R;jAR)9qk=d?NJ>R2`~CS>vdd_ zpFszVZFoeXdGQC$E4D3{TiY_V$Qnu5mIt<{*g7PuY297}HUgDK34!_o{vjqkLfK$Cze4PbfII+^bx=|qV5UsVCxlQjEe(L^F6>M;S$2LcBdkGr z1*7-!euofo$A1&`z;1t=q;$vcKF~&WE!ch(*Y^m6p>i`#{Wz8XE(8`9BMXTWRiS}27a)j3V zXsz0Q{N14qh!!@;Lp$E*AJo2E{;~QIo2B^640rA^WvSm`xbyu`EH~z9xdEv<8%34i z9W}M>ktiehNVL^QG*ybh(@xlV=`Ia-oc7vsIqgWq|j$md?ewGX|@$DbR|bj zf1MbFWumvX5s`6#QiIaE3ok$knSx4WgsqNS1WsV2!MR3Cc+*G;Z(27$&HJ%&p16^w zA*H|$DG-e`Lp&YVZ3X6BM@K(?!b?7uZloVc5oFbN8)e9}fr&xkM`UL4TB7;>s0_|miC2IT|`~?^bZCElAck-N}U@k(zehRSsS`m_QXkEOP^bS0H(;2XY2LVvUOaEz!#M3JNXEl^2>VUsFk6Ug+B;xbidwAaT2xV#m2+QDK;9QtBw%7XD{czpFcAnpiOl4RQaCbgx#BQG=$%--0lWmTB>Ou7`TY zEqA1a*03Fx$ z%1=iRe!_PSN;kWoG7HwZkt%k;*1cTSE$Ktg_b1*EaUh3dSs6w1be2dqz z&@*bsj1I1xrukfif;A`@NgP=BOWrw7V}sD;eI?h#wzc^F`=Y#k~=s0Bka?#?ZJpAZb9(%i}eq| zqSB^^t!n_ThlhEpSm?0zv$qn3UC>MV^@f!q{k__~Go{<{V#k7uCu z9uCY!*-BU*Swb@e%>&WRQk>rZW)ilbe&L_x60nM)Ikuqr*e#tc(ufhJ!r;X~bm!xML!HeGsDL~jSs)odoK-)1wh(pb-wguMDv^11;Kplt@8 zGAq#2g!%*O`@$cir=an>0svSb!GhJ5NXFMkf|dpPwMWqMCH<-o7_|}K|A0k+lSLj=&KS0jy427iQ%{9 z_Yn@otMbcP1<>x0LUtmSQpoLc4_V8Q$j($`+dKa7LNWVO6fnl|w~ga(TgP9G;}1TP zy4P8PYh;4I+pyY0l6axDVHnk8VbJgerUyjs z5)?iSa)-5_e)Idxe!9W!H@Z_i5COIxuY zHbZLDiNnf4fAKPN_fe)Y_eDvFh2}4yxnycx_%oYo2orK{McA*67uFR=+$E=8=R4T>-LS z-@~%B`@Y{;S|fq@SwVmN)yVOXx!<~#ujBG&FMAVXDXt1BTc)@&R@0FQ??T2SMI4!w z@N{l!WO5m9uRzn+a(T~e&RzdF9K+gc#h`K#+T57!z$ma@1>J z7EhNedMhK%4-4r&L`stzea#`2t9~mZy=quUClM+8KjU|(HwbZ7m1})CWS2&>yb}TN zU;ltXert_YzOSs3yfGMT(Y7f!OZBzW{FM048m5J_T7MH>h(3v>H3GTOu*v+S^BC1> zd8dRDc@8sq*uaHC({L&f=j(GBeY15O1FcTzghy|G`zkG8{VPFtFX#^GhvC#WAq>Af zzy0t^B^EcUwdtYmY!C92+upc6rHOcz#+{c%brV)p&gf{%6c^S@pFixvdLy*4d!paB zC>l;zr=ze>7*MpF>G|mxakG*sXN?$dk1A=zd_1T;e|?C{6G{t%JBzaI=_6-n1TI*| zhK9cUbeQ`aW3It~jLvyG*}U`kV9JdQ5+&fkYAdiokw#OXDv8-ZKuydB*HuTi}> z5rKaFH-3b zKN)ctV8I_OqErnKU~uHJec3=!aM0>f_)CKaVbi`aGq4C8)O3^WP^6i*7d?aTVcGW+ zG4m78RFRYsR}Y%E+&)&r3bzJtZ{XwtS;F3#N*0U8&d5E_Y%N-)TzQjAOcu5_GEpTc z+mVS4s$yc;DWvABY`)>p;| zvndfgjaX2)A94K--wAGy9}L&eEUrN)Y*nn2iM3h3h4PCeA0EFfu%U@m^-|isZ4e84 z7}1o%I}fcexx+&R8M!Y;>!Wcx7iP3(^mk4zo`sl&Ni@bmeY1H{OLpVz)}1HF`pjsV z;ZO}yb@zl!)Y4MEAF@a+`qh{SBQpz_3}p5#~7EG#MUZ1lFc_F8_<LHQnl$%(u^r~a4sTf+bV|%U7yJh?_sLudbH6WhvB~Ib@G=%|sg?Wwv=d8#H!=i46XZpY!gNzuYLGVwo~gt$ zi+J$g{28`RUS@R?O2+IuPM^mG=|v2C^ELMGt+;%-wJAjRUPAZ2$#n0$k{PSq=-v7D z?WXW!TW#;I_oXj>LEgZKpAF!dU9*Ir9$ZhwN+T)2-y zq?|HDL#_iYd-(+SCP0k>L^m@>*N5$!SieXB30JNotqU(W+%L_huDkE;6UiCg_p6vr zdbm<|Kq57IpP|)jI&yc+{+4K60n@tuh$V2l1cA{-TxOI4umI4?3uoXV&C7DzbM^Se z=&W%PR>Vu#LR?J}=eK9KU?RnKnupVC_CATomqyrG)mQ*=LPLitO-xO@_KdOE>DYX1 z|IA+>0qF)@;ay0efWA(w=lQj>n(w36D0Xi0&8ty2e!Wk^1PolPM)ImOL1-XMTg6(Y z18Qs2ss}Rr8$Jf1U_zxl4P{uS8ndhhsCiZHtV`|_p!TNKc&a@&`2n(z5Bn$*=-qaV6Y{qPQ18*w73APRV<99@NF5f)@15FcrAcY#5kvpq5eDPPZ zu?e82n;sZlGc{sA)tzNOCe_v6v@%#Xx<&}x5plTXRdi})^c0#pLP@2`%a8*!cx3LE zU5P#b^nezVz1VtBxIjuShituPT>}aV&-qUytLPY|Wi@ELkC%XppExwhX%kEbwaL>j z6XWTMiJ1yjSdE-wQBQ>O;=6xXO}E}Q-Q%YC)+2h1HBFdUPrw-8nZD)VGcI%tV@8qX$4ey zIa$!7y;?hmu7EbSt%&tqj3rE{1O@KD*<^;^Y;V-j6WXv7-m7NTAjeD1%J{U+YNL3 zCe%QNT3yfB)P0kwe;Er*-32+RPC~lnpgfDiXFt}vUFOXNC*r{Uyh7rM}-WP*Y9|7=`dvbRX3H~k0wRT*{F~+nWCiKh? zrmoKgpTJsdffq%nvZ9!yPz=3k8Ml7($Xv$`$Ix7wJ0?I3N^7j2A50o|*wNc%g2^3= zfOLNF#ClS3j3ujtY5^7&i1_Q2Dgg~9^?|rQkcN9bTJABl=v@M?lqYzcNaD^dF8cI{ z%=}#NrJi8YF1<%>mzf`&`5@@nWuttb`d~2Wk@>+c8(s`fdJrXmo}J{(Jj$2f;KU8& zIk+l|wrL|t^z|!@EcXM^jQ9p329aU8@K}2m8)#)PcW$v3X3^3*!J~E3yQKA6)SSgm z(zbrr(7F(s$%uy$F>G45LZ>V?(8^%$yy9V&&~Id8p)Qo~ibADkN}~{+k!G;ebmaYb zT@*sb7$q`9v-DK;Z_YJLKRpG@Z8 z5&66DKYnwwy1gF2Dh~=0bBFRU*voGY))7H&&FOK8S(F&v3fOmp`$uKC*GHrCoA)s2 zPm9q%_cNgX4AIvNpY&N}=s`M#HVcdMGuMZsXXZ+ zV>W?0?D^_*Xt6~2FipQ$Nu#n>;-v3W^!ZY-P9_6uz7nI}gQ%woE;(?lNMs`|o$IS{ zu81Xc=n3WK2?=dzG-P5}FbO*qZcN?AGT>_j%@2OzQH0HVCHXg#ku?8HeEtd3T9{7u@@x5%=AQr^a`+F-30yntL_URe zRHh5&pgIv$2WqPA?g~q3COm?awo4h|x4#YUW&UbWb5fS9YgNWFjLTw-fBA{<-bmgT z@0s9z7FLvqAkBN1$NQ%UgR5?+uzJ=Y#d|#gI^@IyI21VLou3}>8jLA5z_Z%tKpfAH zotb}zxMLH$Y8r1g9zt+3nG&#j-_a5 zk*NrMDxhRB33E9zaOK}qUjEV_i-76oAJ&gg2>4kMBuPLsADv9&;)%9iq=of~e7|5? zhq$B@*;*Zm@=EZeU{FNoE#rJWA>2vqm z_xT#Qe}usdvz9-4_MoE0Gr@4#+sy^w$v4gg@L-rt5e;5n8a03Y*3m0Cf3r`M^oM`h z2>#(F8+{!ayGUSo*)oYLp=Gib;oFG z8k#9TAC6 zB(UyYu%`pje?n31pj-iPWv#X`EQ)Yl2dJZ`IXjUR60FBzP0n4>nEk1BpmC86OAu+x z1SHNV%dPI&pSERx>dxBk1)ALQ4^f)3R<~zwl0}P~BJ|FzEVZCT)0+uN z1JNtMA+!UkHn>JQu=BFT?XV=VD%bj;dBqG|jm<|5xwAItn{P!a7W%X@!Wj*nkpMxB zL(nq>f}Y9<;1Xyk=p6z9j@4k@%TXZYvL3l&&Q)4yiG23pv!tIze8SSzKsr{F)BXo@ zl8*Ao0E}2-OtcD-+bk^bsJ)|GpRN5KcQ!rSWv}$XD}UvW09rsi0@&r=r$eMYjGpak z%XYbnHo62lM3;IZzE9_siCp^!EmKrQ6-z_V@nJt4t1Of?6BS^krwxR=w6ZC>PQo|X zX8{8ID>fXPrAw}cc~vnY4mS}XYNQCs17^>NS7)~g^zigsV>Pd(A4UoNQa4_8flKvx zXeM5wligUJLCr+JHsB%-^e9|?bflc(-g;Eh@Nj}@n~v0@1>P&-H(n8X?WLs^*rmu* zw8*~hj0E4tbV=kJ&6ETW*Maa1OOpE$pIit=_9eM64c}0bU6Jek(C1k+1s4D?415~K=;KCdcQ$)0zzV>4{ z@6AV8iQX_{bjO7wPQ+0?LPmCnwHkOQ!LMGbh_yD}i`uL8MKvLXU8?JPbZU?vYLC5J zbOiot?d9zkQi};CeJ=?6IyzWahZPAMz^GWE14BoFJrMU`LIm-?(?iC1I9qZE5|;={SEc zYTotgd#yZS3#nBOS>Zj#uIUw=mbMs#TI*rXG9cyq5*%;?9|>vvT`e= zudKl6WTLqUN;Q@9RPtLyv8IPXu}G zR=C0TU%GE&=7Ov_t76Rt!bU;GzGyT3Q&dbky+0W(AG*_9>qCx3Z%Q3o`qT2*U4v!c z^kcb%B(UEokDU=LJKMy{B;W3$TzOm^JLb%V+&GYBf6w1%(tNwnaQJEr^n+{6V37Vq zURn+s8Y~rMJ;~tg&R}HA!5dTwy#gi}TRAeAffINFCxbDW>6u}QoC4-(JEBSA&@Q}U zA+BW6Rh0U=J;?O?Z+nv1+iI}Pt z_2)MJz$c;?gOJwjFX!WPBR=Q1W^c`5)fWTiX|JxKgu>2m$@a~dx+}P!vr~2vggfT_ zCa{Eo9Zg_40~hVCU@Of0)*mFVfJpMqo4{KEm~G?kb+drN7f`Nyf0Xg7DFnX9E)!aK zKp0ruO(n4Qfk?#Lxqu|J$=`Gf>@_`AZ~Xo!?1<*YNEF=(1au$e%xDWN-_Gkpq31Yv zG(tyR+I?smMwy0bN&6AfbdBn<%Vqk&`B6^{1eOP)D*)ulLv3z1)QtnNJZ1)0iZ=0_ zhoks}pl}ch$H}Qt!PS%xDi=8twA*8XLdgeN2$fW_=v?D@eAzDvZ?A1JIG^85)KDK?O;x7o$`I^fBno-nCUV24;l^@# z_F!Bxp{>Bbj>{&cNGJif<4zLFPLoaFa{y@NBut|YPBxGyWmlJTe+e>J?$J`r%*W}S zD9Nt2FMpBTTd`q4eZNVf~5GT&#u^vRHH>uPyh})G!lj zo9nVWHP$0VmSc*>f7XQZTj8wAkpZ;V&XjprE!xEh(W*#Q3v)VvhihR3wvvTmLR*1< zT`ik62WK>53lmL7k0R$ctqW|=v<gM!knPwFnoSnF8a!;_}-MQ`zm3SaQ2;GrWCuK_Qumr^C)%p&fyNl?yNWz zyR$8Or>iDi)}xAAFTS1!phE4aN>Oe~*3M5Zhge*=K4>{uiA8$cEtv+WdA2JnztCaw zpb(-mD#}$hqS1$CvUd!Z!8^(dz*EE7JKC~$42!{^fEe$Rx-xR~37qWhLCe3!tQs0` z8!nBvRiyE@w(McgSXd&0|`xjV30 zJVF_Y(=nTyfLOtO z%xMS!?WisLSX=h7CE3T@vX7^^24%928%AFfhGjro0!1a;QjMHT2C!r|53rJri8}3z zx?CbtQ)yZ;H=`+Bl6^F|$}j;uwkd9OOfWLdgarf>8yyo$g}f)3-Po4h2+VESN7GC= z5~2mlgd>)sg?jee{Txs{1FR)0LN`U_1TdKh;pf)+K=|kgF|u2MVynH-W)b8q=LZ^> zY+aIlGq|Ja&DApz#X&Ut>)?*;oB6G$1j_;&2xoGmYn=oEe1-wu!=`V&ELcXTDaje0 zkuUB>_-ibDLm504tKmo2SX=KO@62+0;0=0(|3cXku}Y$RXc|*Y&cK0gP<12jKC()h@Mynx$s}o;fc12(Hx8P2V1F zFBl`aOte4#w9lm;!_le+J{9Yq8NGOO01G+xkyc(N)dZE04V-vuJ~=_u^CU(dMhF!; z@2^Pb4NS7TN2JtkbmAQUaV{vP0E1~B25HGBBCsa-l|%$K9$3@SfULgIAthHQZ_djF z$0m%cz^6HD`QLZ$39{N$;$kv^Ud2E6MWA|^8HsZ-#(YJ(|TXO84e(? zj}E#vi~t{l^QTKDoKb4l#yYp8Gi}3UdNcM{%U+f#xei2ksu9YZyLp6wATOE?AOs?D`CHONZPM`knY>BAiuf4n&qierJ8xI$!nXkFDKafv5Pkk-~w7BEi>TxCwEt$6U&7KO3PBJ1s{%dpN%8dKeHp) zIHEtrMoLmNh-ih*xbyqHF<8_;i>t)EK|bdezevB@qx?q%MJ^`&lvxn|W? zqsyH1ov28&nHee%7%yy#jOco0yns(bky%j6KJ46AYzDkYlYO`?`>-2G=CtH&FBg&C zFU89u66V-ORBi=HqQKEfjkP{o(g8+!j6bC#FB^!kM^{n6tuVcM4s^9+CY+9Q$r!XzWj+;fxjuI%`G@Xe_Z22R*l;tYLSalfog9!6>hLjED*WZHA6QoFCjOTbO52advV ziri!?%n;-#RnCXwb~4UO^b&BXE~55kEFB)=#TGI4#Ak3??7^LlG+gg7Bik2Tlc0LG z&E&MEOd>qR%M+oz3nu#@Ntiw0N&bbS$IF@E8AlwhrYXr3^ zG8P~-2>Lw){I&@AEeMRTdf}wEx0YQbUX-CLPR1)zWo_N{K+EoyI%@vxd=Pr)# zaoO8z|C2lSp3LS~#sJGIV(}7`kD?djKvx2^m>ZQ{OEC0$jt%R{2?z4uBL!_A zf8ijAzlzknfGg{P(H$Ph&lLnDT+@gw3cd6r_)L&+r72v{evNtP2_wxdhxUfARnd_y z|1$Pdjy#)JZ1bT~Hl1Pd2r#k=5+G9)$VSYo?_zQ4paY$uYqP`QG? z_AU>=6i0b3f9DpzL?TP#0umn|Rv zN8ewaiqkpa9Cz!JKaf!6zlh$AJIHLWqD}qR)g`CK?hY&3OM65 zE^;H+N%(+9i~4*-$yeCIf!cW0wTa#&dZ^WrwPSws5$A0<43!K*(c!|Q!>uYvyqN>w zv@iA`K|>GvgY{tolM?G=>KOzRN|D{nT)jDEl3iiiz>451$5z|t3|ouwVcEhdWi;Ar z!8&;t>8&{x();&^M0!O;7Q+(8u3)5CCcRE0y-vHLaxGLl6a7K3iCm$RoWB6>y^~e3 zTvke&FDqR2P*LiXRS{D6WJP-eftdr)YHySgZ2;Gzvb_#LbmZ_;jW7?^k7BqVKJv}i zx?#(;Y+51w8MQ0XVJ_5nl+F3ZXHD;|0E4uH7Sj$w)M&Wve@m@^2WaQ9aNI$yRMcsn ziK-pbe+p{ycMnP)Z95;(JQdqcSvxox1WHMB@L?6^1K`Ni`bxZD{(pHpSYq1260aRx zd5U4{QhZpp=#ku=Z9zqYJC)v=lOet9^pU_`MD~V#9~6oAmbHUbkjN^rBIejhi{B13 z#kPaqa_v=wzV`MGqP;~F)cX&z8B5p>Ah1L`P)4*Jv{YyZA3fO!bBccShI`>7-`wKb zK?~bK2_7D)cJSs&Cg+Rz&@@V4zQ83egMxC0@M!ex+X$WjL4=cE~f%hqR)i$6;V3Anwd`M&UI?Em7UC;T`*+OvyTwPQw$c;xb~x8UP|i!@Md zKHN6A`ecz$LH%t;-`}4(5sy|pko{92BQ|_&8yyM|e2kFO==c~Z?mGAw6>&FEK5)8# zAKOG6wcw*BLXrGnwS;_4M$4sZlV7g7I^j-G44+u;bGF>)Y`M?ba-Xy1K4;6thnD-C zE%!NF?sFOJOa2M_gU?OtS(5#u4U9)%3j%+{`FC+(HX~PQHBaL&(ze*NPk{q!xf}iS zj_br&S$&985JvrUklhZPaRtej7C*AAc-|E;B;XTLaQ$Wrl)Iko8-iWj&%U6|g>HACSg<<518E+-9Q8{y$gG_JI%H zNHZ08yBL1Os#yh;WWpI2Wdj3#)PX-GzDhy#p@25-T%GvBR&ZiI%(KbRb+crdS(1I) zEfA_dMn)WEo^H!N?bewLWM$(F=$5)WVKE z5v3;reJ1%XlpO`^f$s!_h-$1t;BO{+n}5uD0~kV)O(0<`myJr|U^Yl8_amPzlgT}PYdcdE~Lz-#R9^o~XY8<)ovV#jkoPF@T7OXXUszm8DQ+6B6gO3r;-$4Rb!n1AJXB~x0Ay!Aw-`Nl@23cCL8r;)e zxU4ZzUGiJen9L%ShR3P9j>Tb&v@y+Mb|!c_P>1j6PFIGOX&Nw@caC$W0lP92;c@1* zW-$UatLuSpa*uQlez`Xx+Uidyz72_Z)Q&x1`TH?M$?!JrSJ{gfPzsNUZI@1m6h= z5#Z?xA<&<}U$(k;(dGDUV`nLVBP_o)#ofr6xTnb49gGYI88iL=wHqn34=M^fpg{j& z25$*%FkaP+GhWrtx~>qB(sFnVEDA1>tkY>mYht7sK=6%sb7z!wrt4>Vz~AAk01Ek zm5bq6h6=s(MPeCn3OivLK8sk9VD$TxWw;JCQ9-ttYz(iBJXKM)iCIZS+4|PWw_*S3 z(W5E_^W_uC_G6Am{KIDkAkxv`n_qs5&;}d5&Pu#D04qP#d%tr`*O{M=M;XmgPuV4} z<$=Xg^igdvxabWdyj@MeU3jN3hC&Rtu-xo58NBuzBbDV6LE2}LB0WYLCXn`7XInw~ z3#&y~Q^}UX?`Pl8mq_;mJ&fuLueMQ!79?b%i;>NaHqXJgf}WZJl`iralU%}L&FG1Z zk6oGx3e$ljXgkoB;iYiPDYbBRw(gk!0Q@i3s+ppAQn;tFCV+8C3z<&(<-L*aL`8}lm-9m!muFsRe`2HYl+A6&u=q`)e+)4C7 z;r|7C9;~1@K_|Tl=*6>hDj_pU6F>lnz`b4h^~QIhKN<~*Si;1K;oPDTMA47-X!ZpW zju=D`NU+ozLEtKUBM9!^Dzl@jF#Eq3#OlEWu^I$`h^Ez^AQ07`oSnz|)Zd-m0!r!L z(vQaKTgl6fO@rJ+pzsWLJOX26mC;Z<0#iGzqoGP8u*%D4&U!zuRmt$gMIcvJ?Mb*2 z);MBf5rM-O;g9ur)Rn^FEYBj7mq)<2sChbie=bF|CS2>Pl}` zm_S0PVnzsbD++}&j1Y7sOeZNNc9{pSBmC-ZL4gL4%o8Q7!l~{kC z8{**;JgJ6PMCD1fT4Zxis*PWa*;W3&M!!wi_km=iWKe%0Zt%I2p!2pDM*7>Qhryx1 zh!u9Uq7qaj0d|OhHTQ?dE)<|X0MW0FyLZ^DEQQ} z96mGHbq9-W&5mhUfF88VZ>Tk8C>gLhAZo1k2faW5Q(Ux99_*A|juOZ9O{f3gPEFX! z$KwZ=9VfS_%v};p>S2cokdw{b|Fz=|?;8tH+;%}PLg{T*lecHQlQJwJ96|5GB9VVX zkOS|Y#A}=nNeJXtlN%*hI<8hvau~cKYoZ-hRZSGMwZ=B1 zgkXa%%5?P*hp9A++&!KE&*M~De)Bu=p|n*}Ilzco!f^$nwnr9LlP^@9<@u+0&O&54 z^;1cnk;6N%P=Hclq%{VA-ODQiz=7u?EkN|4cHCTxaZ}Svc#1+QW)Wa_IZP6?f_##w zg?f**be_FN0Z1Y}L3VPNe7yNDQu!UcDnsiZB>=NT$Rh}~2KMAfpqckb6?!$FIy7So zK!r~uBEQ0gB<_h0LK6KBQ1ZA%h9o)w2uXjMEhJsX2xVT}51eAAlreQ2$&yq%ZXZDm z(!N849%-t1EthFWuv(jrT#@#LR21&7IzgjU!n|OywE*8NE(}2YNtQ#jpmsUIO-h)gV{^GH=#R)tc-A^Sgwu<}w z&a;Z(r_)q8uCC8jDPo>2Vp|k}>*onet?aR0zVgnH4E}&{1r0ZlApCYiyM1%U7gz(F}%Gq=)=2KBa}bsc1WC(4G1n1}Y=7!e&!c@0ikF;9pdYtpyx; zLc~DCS+0nMHooQC$yz~WFQxa8R~cK;(qvk|fpcr20XU3Q(_Hz@=)GxSQ%JCx2gS-E zO;9-{04j_`wRbQ8Ut+YfYwlKok>Gj(`9EY5K8(Vu5=;OPOrqL57y!Y1fC#ch1yO|} z>4s|XX**NHxlG^0?YxKzDEh+(c|?d7`#TNViDZCTEcQo_)=q>GrW2`=G}DQo5xw}Z zG@7yw#UD!0TtSw#$eJn}M*NYZ*lIeMD7KtWpK->V98FBq=21k8F%|?!hZ;&mU2jT> zJzhtLUL|>%0X#RR<4J(0wazIm^~9Ee*~k1?dlz6~yorU(;&Y4sFu)uVE9qr@(G?1h zg5bJxevDGampB78F^;l>Ld3>Mc%mmdz#)M@jJW{9YBd_3+*Adzq0F%a$N%&napJr3 z01-(EO0yNyN9F!#-JFMRZGLN7adGoonGqx4wDV@Llml;sk3cx!Y0)>^vTw?j z2cNr_?}s}0H!}(N;}EV2zfBT;0O4xzb5i&R;FVJi{zB~h`1B7TTn)YfO~{8|hHy3b zX4}So{ z)!;i*@LfZ|XHxVm9EzSvNqPnlu0~HIR(yT>Pe-^Kd{s@Gt!hb3WKY&4MRd~z{ zeR{f@hJeR%y$}ENPpb3Vi4MYtA3(S&J)@HFUq-kZd~bacegNTW@bxKuIA92Uc(?d7 zSorbzJp$os^mL}^e|QM`GZ;-I@FQFeKW`xS;Rg_|3O^htlU%{eF3f`t3~F=Yb*Y zb0?O=e0l~Du10^us8oF+Tn+xhRC^p4qCIBzNYR7vdx?J$y6ObK2v@_;+r)i%TmW4i zejo||H-xLKoaFjW1f@IO5S z{zX_sr z4W82{pPq#XSA*vYi4T9=5c-q(ND_Vk;cECZRRpLjMT_U-`ka%J-@+l}w@mdnWnKz?;Slhd%#I0q79w1Yo;j)heBluN zdFFRXdwe>=)$lJ$*{6Xa>{BK+-ds4ucym!o{#`@KKQ+EvIK=o4>XVQs)TcVXDSLmz z5cWO;FFId;77k&5GAa8I3}GKKBa-^?H-xLz*YX>a^gN7kHTX~Q9Luf5)y-GrT#5U{;?@pe;g{pQi!>1}Tazq9X4xD2gNc8<)xV-f^g+k8cODiDdA zQU_EO*f(kE@<0$Rdha>tR_M!v5$ zDImFz8?fAc2$n+MGw@Pterpe^shq&Xy8zgW@cZc-03@|o)=#_lpSs#J6S-IGsdlTq~_?J%f( z{Q9i3@LwGse1nBQa(M7L3;+J%!Oyes&*EtEAo}Igzre!(YIyL=Eqs1>@GC9+X9kBy zeWQMsj7I&$)yH=iMeG07s?k$s`>|z~*7uY3i3}wKC4(E$J|i*lh;|Dza6h!HrNkpz zjxT)q6fOPV-fmd(?6dG^4G+HG!XGp^yvpaV?44ry^dl(jUY?Q0F^`j{I5}_TR@ZzE z$QJ0vvPrhBX?imGP@7EijM_SueQT;URkAlVPn!1hnX$u?U%iFj zYjAk64={tLlmC`ZCFqFy1Urogig*?yS@=J}#I$_b#=L2GYN3q4(?RUdV~HG$prBx{ zhvcSYGIt9l+1a@x1~kUnxw8>Y%P6g1(=ERT)eK8Mb1eL*!Qrj_{4dZgB67C*gY_oH z(Y(8jG4*;V!fBf0*5T%RBGF%1{B!UjF?AN35!r``EtcqqP4YFa_&sa}Q~V*!kW#C- zczgf5XRpt(@^}f?gb%~sEwb?U4iA2Xh5z>O;8$7rvxW!XW8n`P9(>8dj~X8QRtx{T zF~gEi?Nhe@8ysHk(Il-Z<5!aEztLPKS4)>sO}!}RRT-l^o%oQLi*1Zu@R1v!MZtEg zGcZ&+6q2b=DA;xgN}F^Ve}IXJM zxaF}>JtOe@jEr~@x1a|8d!$u{mhB5_!X6ulZ+13mwc(VHzDn0E=4(jiYX}=hIGpqe z^l(lOKOd*%kTx4dbZ1}2UyOQRhD+Mk88aJ$4lFPlG8%IjQX}E8p72~`1&|DeUyg8{ zCkU{way7wq>C)T){LgI+rw7_jo&OB`+cf{w3d2V^|LUGb9x;&g`KS$ViqpvBP8Lo3 zg6Vjl>w)mCBVP06fI4 zhx&THBEfIv{GT3ne$|&*rvCENw+#v>Sc>usSeaQH#Fef>pjr11MnI%|i3A2Ipz({~CAp13E8 zxG(s)s}5Er4<^Q{BFa-s_Zs|--*0O~6P)H{H40N`o;IpLQM#xq$JR5R{!r2XR{ zOzR~tpn3M=xP(9H{VM2f$N58ZliY`u*Z%e;Tk*x?C-OlE&RSm(P`%kL4LZ^T9chm= zCLSNa;tD6*_=_TW%}k>GVd6=Bh;Bb@;+(heyY9l7Cn6qZIWzExJr(*LLUwhU6joktP3HjZ1mf?i%{0l^ zF{}IS*Ik_>H7>Whb{q56I(kBQ3NxUnMd77bc%F%~32Pc``dvlybkKnEVs^u7bOlr;pF7()+TtWTmH4}X>-7M z8j_LsmABW=-c)TLFKtZo@_bdeEC->=89Xi&l*zGuZhvmw8=okbCC~SEO-Gi2ohQ~) z^1QblkC&o6vIyaJ=hp3eq-G3TKOwBbhzvvzOF7L&`vmjuAEZw%PE}od?c1ndy5kn* za1SmjmrwT!7^3;GsGR@dcRjxQ3``xqu`a@_xk>m2oP0O1o1SM=!gv-jZ%*pbezaP2BO2!G^ZSZi%azC0!;vG!5~L^=jpiZYlu&}YUk z^H8IMw}kCF%m{GW-n=sWJw8w^@3<-yqIUa{XP=XE+QRRB-_M`Vhvq!H zv$Hd^v$M0aw~?T45_EgT+GGB_-)JA}??j?FgdhDM^gcK0V3d)O0al>FV9a~itUY2h z9+kXXUmo{0pAyu}xB`mNaP+{8_M>Q@S#}(|>D@$U4g|244>fs2x5IFg^qPp!M*vR5RsswF2m#XtqAW(Vmw7qe42_8n!R#(n`>3E|u#p!hTUj_JI@WC4T zd(*3EB2gdwBQLWnTz$6T4cfThdyx3p!0b0=~e0##ZwXQADR1J|8T8$_;vobmsDuIweE_|)p<5sPx#MT z>oF6xp8xUlZQdLZ#2h{;I5^j;2ce+?v2(3>{ENgfLJ?|}Rj(aCCrB5JPjVk7QU z4eIchTQH##2?c@WF+1F7fco>9DcOf`Pr($l1g4j*dDbMWmg*=@%bz|3IK0p{IoCIN zIcLZd9-G>A?N6tZhKgyqhcG+B=v&b{Wh~#O0GU(9Rx=BKYxs9sZsyoprjF+qe<0!| z*_?t9EXBXmawm?>WO7r+Hg;5)c{{$jHflj?ND60bJ(h%?Oy_SmoCH={%SzTy1}VsZ zf;V?S>n>P1AB92_$SP7cJelp6aibHE58ew- z+3wzw%EqV&S}?b;9ohMYL4M^HE)!Ub#04AQ0YDM6>*!fyc!8Shlw42?dsgoj!fXLlqn|8XDA{S#JD<@95)yC+ zfc5sLM7&GwmAxPywx)AF5JK_Q>^t*9d$XK5E_l-^Qxty}AhIRJ@J=|;2}I2d?*tL1 zIcVQU&6WrH2-95Ti+&J1-#piRYLKIllx`4q@G21DTqlEkj zV&2=G0b_?Jw(3d!^oo@vn9%Pw|_g9K!j4 z`5A>3FCGC0_BDI zowSuO*^j0{u%cB7NcZ=0?_E$dQv)>p7&z-N$o6}bxlD~{5c`5p%+IYc_rPWVvLJ~P z*aY{1im(IbGjnZr9sVLaH5YZVQsy<=yn370?DFypX@;4b%cK-|q1a&=3^N&p7t`#D zWIGG^i6@XGR0z1<6z@S7Bxqp_Hneq&amsvh^2w7=ntb93nFWI#1j@AxAWGezo4yK@ zq#jI?Ix$J=Kr7HjP}|$>UsAz97m0CN=Q4M_7!&Aqwu1!xroJuZ&)Dlk z1PdyT{OL=f;{8+dEvu$swv)-9-T~JWYA^2_cEJ4<-!na7&6M1vvGC`x|A5qua5ldM zXA>Uh_;om%GskA=ZNi9889M{M-ey~iuSaQ|HhJdcGbW$OXz+Y|CjBGE^5Ghrb92() zof~v0;8a7H?`?L;-gtCzA=L%(C^sdHT6d@3U_`9oyY#q8)HFbTGjBNp_l(}i3vBNWt&rLW1}AK%k< z?29lRj)iT(LZnx0B5tzw95Rcyr5bwHg`qOU@JBaZ=Gph{>IHhJE=mF+8wD-IMM+WR zK8U6d1Zm?*O_~j_Tb`$~76VtU==!jA3HwmK8e;B?3gS9R$v$vd?Fv{lutRu6QEC-? zB<9+f?~^&TVz6nTO6(MrB2#A(NMwr%jlz9wCSQuhTo5iGYPcP>=P7gfRBGIOfN&+L z?XFU=435n@U!Z{?QwgUbdr1wpI;^OYjhDW@e5M9FL=Rod9CyL4trFAGY;#JVTUoIv zy~1A_y{FWOh9<$BwQ5V~H!bjYU9g5)AwY9$x~frXIWpFo{pR{1o>~){JHNlON&H89 zQz5jcAEjy9`uMjueVhIfgV&qBMZemu3DvQybrYn@19f0_7-ZDN-AY!Y^XX->1!0*L zMvD2-b3*%QU1pmNTldf_8^bZ>MLeoTf_62XkdbH~M3pOQ@Q+`o<9)Av@W^k=FaY*8Zs!5H5ARO{xG|X&~ji9-ObJ4T*+*|=lI{ndOT-M9Q0B?^-&mUmV;BT- zmHC$2%+Ge?k}+)oXw6jirXK(p_<3Mr`ZhefEyYCu4}cwXq;wDRgb+M8-6=rNpn#Q9 zCstj(lWTclNIuJD?z9o*AEQxdqkPHMZfZ6`5Jt$12as;SaB(b8cpTZ>pMh0f|^Yw!SA5 zp~w}{J@`j@L-#!A8SL>dR4Hb!^=jl6_2{ok0o$Xcv$h@+Cb4hoOkih8c5`&FFnc;| zz*bo5zeHyJ#W|DyWH%7S++QhO$N{$WF<5}7TTh27!c%T4_W$a<{{?3t+j%VrfZkrJ zK3c`wXFL82v zB??@gPeSC8paO=x)QqMZnyAs6YvxID;UcN$)Ga{0$}p<@C`V8KtfBiiS>c zSRaTUq3u`Wvj#;m9o(YOxcEA}doEYsFBbD2JinBUi*I@x&V#JUwRY8?F1K<-}kW3d5k##M;i+Tl?e(~#1ym>aEC-)aK1R=7(py6 z%6@a4GRDMYD;h?Si`)su0ALn-Zu>Gv7`a^lIx<#%#W z-HYSI(M-&iJzrVv=UYL4pfy7OD66j>uY=IT2&9TpRyD6Apjswyq{LU7JHN3J&?iqc zy8RQ4e*A{b=uJOQB~ntH%`ZTFq0MJ_N$IdL>9!9YWx9>oO=j5CG``(?;YScse-d@L z0pxyBJDTe-gy0Mi-5R!DIZV9L*kSs*V(J5?8rb7bkl2ahb5NX02(!r~dKMk{v{oyc zsHKqQ0<=T>Hy|H9>4y6ltH)eI_kV^Wuv?1I`RDbR6JYbLQ6_eE0O;(r3my?x0hDB5 zK6Ol?)ezZ%paT7Q{hP{QhK1h^L*}(UZmxJh66|xs|y&3%{c;;2)xLs~@&apC^%#+O0U#KFs)h;82TZNZ+;{{CPjRA$;oN2^b4o zhI8}Y;=>2rS~7)aeFIg0N68q@r|Po>eJNV(&)>pyeg69sVUljnZnsG~4cJ`1u&KWt zvlj3+3@JB3%Bn8-%%_?(wAwGZ@~L_jaeQ%M4*c!MC-uG`>LNpi#vq)d4_8at75kKF zY4YID?r}nB*5D0?f*Aygh$D0i0FMF!z;R@=c97WRMF%%R`u(5b7zu%aQjE6}bA$j9 zkWb%jX~X#2#;(M@zZHYr7S08Q+F9Oe<^GM{-!+;LEbmCB-VdlcLfaje=Lsfx5-mHt zw{=2Vq;QBn6{FuD=piDy0Xu2o0a?6o6P$tG)Rb{HL#q?@k+nH3W`nX6viKnhM$U|D z>KXi4HLYNr06`HtpsiDdl8}|l;|k7X1(3>y(0?AViprxvr^I*d?5kyGNGNl_8m;JWYI>oAVyy-;-QHUL z`!2Co=mO$W+P-6(UE1MiQW#4b`FX?UC-Fz8*%po$R1MZv;2wxgn2u<4!t!Z7NR zSk^KL?q*wV18wT*ac!txUQVeOg?bJgmnKjJEutj>0g;FFnbEL(aU~DOtpL!ubIjXg zR82wj98xA*Hrv=Xpk-}U+ep#ou_T7Bl*`on7Sk~X(0igBGfQ=dfA#r()zCvAQ6?K= z@aIKpy?-LEkBbFdpondNfd^?mR!CtFDah&f7E{!Wn!6z%=Tkg~Y{wKL3QGi<5ru2< ztLm!D00ZM_qRA=x+t#sC2S^^B4p0H*mjzs zZq8vcT`wM~`rs@QLhfswTEO9>2w8&{q4THfyuNY{ESIU+}_c!4vH?@ zsg+%=(?UAW9$8*+Wh2DGA48lI=2tv?>Ud;*HwKjW&Hs>1pK2I?hr{4Wp#SS>zYe1D z$8L(-kDeL?Nf{MjO~;%2n80>a&ob;Kq>26^VEbYDD(zU0E-FLn5S%GMICMbS!Me>j zcxZ5`r9quBw(D?Zn%5Ep3>f-0g{ef1T+MDG`r_910UXum1%pEXaw^^1b|Cs1i)DJ{ z1r7O`WiZLTRfSrb>rB&m+y#XDke9l14`&}9mAj64cy}>()gyd(L|R(&Idlpj&~oTQYa%jt3xR}Ia-MCT zix#ACMG*PaTrL4!{plbfUrFsnlTg`GbMZf$2fwGz&CK51j`anZQWc#RWS6H_)Cx8Z zEH_!N)0{@pyS{R~`d^Ie)&tbMS`de{fOcU~lE&ZT<+nyks82sA)gvEQQEO;@r6>($LI@K z%BaiCzDHExAq~#A)ldl82l=P8>|dx1YI;gAE|x+RGw4ikC8`ppR2OL@J9l$kX7N4L zzRYY@$A|vDvB{tn-JU&2UbQ;tHLBmAk@|Vkkcd*Y^4uS?kB-VIUoLnb=x`6J62hD! z7i?@+7O2RDnl#r&k}`vt&H!-7omsPQ{@pM-RXt?N!Z zxGbN$A46-CWkm>T$j$+i@>>kc@?lMit%#WISPi(;oNPVT$97R|b2T4A{MyOpXeXo2 zS`(;4jX0%EvDKO*H0k2I!FeEB!#-Q(|Ax2AOY-&%^j?sUxUnmaBA#X)Dv3M_GK_(hk||hQ;B1Dfg&|F znY(rxMXo#&dl*P_9lMx0Ymb`O@7KbDB7gFAw4Ek(u(SwX>#>5zfhgocq^l;T`>VW< z2v^(nUe5kjW%6VC%q}1cfHHeq6+OoOdJf9QDC`g-b4c}NsN#Z2E7w+1Y`@1o#TZ*R z4UIY$0L3)zI0-rmL!v|x$&7BpKO!0J=k)x7QccE(Zml{;7sUnGUuWU7G`-H>)JE`A zO3;ca<(=r&F|Bq=2|6iL(0bFRmMSY$r4?1VrGnKWv(?d&IQo!p5T(X!(yD+)ltfb4 zPb{e1>S|_AukKTdI)Dr=)~Kqh_rx!aniM!biho6e;z8#-(6$5d%c)C7*0Tc3gMEkp zgkf_Pu(#tkn!&aM@*hXOl{SU9o1hD<)~{TCX})dI|Bcalrer76W{;I!4U9j6p4`7# zjqzbvE|k>u2hdy*{gA9kAgOh{aD}l&+@>}S{Iv{sGu>p~0i0|^0*cIBTf{ovu86mb zx^b}RKmt_ck~)qke#gNOwj}7xPnIx-p+j>S>NJP_hg5MHBk)!nkb;{e$P$dhpYn_Y9pd`gxotWXAI_jSh!e&LXE&))Kn(;Jwtx$T+qf(V6|%qsXLijK)SIlJU1>pe?EWXKdo(w`{~Df zS!#0Y_y2Ft$JNUDxLQb?@qxS$iBq)pB88&!af~YdKR6#Zoi12Q5h>h=hVyYk!vFR2 zaesaRTC`y0e9#ciF@y7Q=o#_4|3&H&v9|;+6Sbblqa6kJ9dnk7ps6D(0pb1H-y8@DXQR346f_tgkSFE`hU2xOJv1qyIH-uCI{>K)|rS==%FKQ}V<$^afNk{xk*KRv9((j{21A(KHr7JhyihTtpQD*# zCh{3pl*?Q$!@DI`8#vIbwsBH=Jyj?WVs)&-Y8qB8^2asn7N>7FJD<*4KbXb;-ToTC zr$(x@TW!MbtML#wR&sGO=)>yG$-u#Zu*M>(1h1+rcGissvtlc=pXL8=`*+-V@!UM} zODn%6S<>NkEBtgJ(aFN8a7QPq4jmG$H_sSOc4hk)dg`I@{;`7!>jJhYOkYI=mkwrQ zjbBZcK566s3kG|T>!+|v!p=;hbE)^3m7$1tO%uw;(ddoJHERP%#{ZZS#gVzOf^+0v zg?(@$!tr>nVC3099H08@pje|mG%5ZEZVB6o_ty`zT4OFBk{x4~P4k9qW;WZ!K=3V77}Wp@w#f5tGPS(@k@gE|1Vxh2Vb{dN^ewmF5E#05-V z{2Aw&r?g|@7_Y*pCfuB23M(hLYt+|>jkq_Wa>Jqa4;sFEcOH(r!D|8Bb_ z{W12^5-!R*&QBlnBF-yQu-WEX6qe-?8N-@u&98q=^>HI#x%1q$G9S}6euX?JHcI+e z`0Py&k~7>_D1$%TzAGFM+ix~+J{a8>v}2=YQ&=U~fl1U6UZhz)l3xPIMUS3tx&W30 znYIr`Uz2{}0OW4S`07ViYFh{@){FyEFrL+eJc;W{SW&?4$6FQ?`-xy&W&AM+4v9!z z6n*cFL_nB~VGRZADE8QdtFYg$5%xzf2#Ey35Vc<)?yX_<?d^n9S^V;hfP! zWaOB1;nyyAe$OegF9iw94Q@gMu+&zy+Bx?+S67Q_Zfgf6u1f~YJiejK zJYJHS#}}m^UpF%WAKLXluOb;>WPxpi3nCw_sEzj0WHh!*Hj64z7;q0~uq=cfX9Ei> zqnCM(6seDjT-iF%JN8J~eO0u+Rigj5X*KM^><>W~t~PW2>brLadD8%zoQsvei}$a; z3@2b4eiv_Y{dK`0&z1O)jXUxx{)cnyTi=7us1Do9U~zo>)zzdNKi+-@KjLym?fa%s z2DSs3CSzXI`BVm-wi;1BJ)e5<6g|P(*6SKWeXw7&0-W;xg) z(WxD3rTv$qvga+gFxxm7b<9GT|D3})F!22ID0`gtllTI2XlIxSashnPFi3Z8IT{(u zcd%PK^j3f|nEVP5dU|w(@U11yf1MD7l*w*GNY+);F2QSF6L!J9mV{T%kn_$kG_rGW zz7S%G#r`3l2F3ZLg>CeX}veF)}#y-Uy9W)lXIHeLNpp-J_vol{O&BC zMoce5k!3D=ZyN)fBL}*+m0A{rwU}$xS%of>X{5{#5(7cq3z3I5M3v1csOwh)rh+PO zPE@(;I;+HCd$VX3FO8KY=ylY+mDCOJ(+Dow)|`^5&d#TZGW1a@Na!=CED_0233?zI z8BdFIL&m%h=%-L9q!z7TMA0!=5_ zIVCCeo~}x1==T!r`~oW%fbT~u70Fa|$+vD#(7L~Zd%D488alNzXXZppHy5oy_vfkm zozuD{#{BLGYbMSYZz0h;_B~CStR2<0gQW=pOSX6HWzqPvtg9ak><1t2O6b52Ckw(Q z(1CX7z!Ee4YSDp(sA1vA-qCJ*$Ctud%-30kP*g0mc8Dq4vSg$*mjv=VpG19(;t9*P z^{K+hQXpCiy1y@yah9#E8BPd|+k^Z8`}U65w=n`Fncl=PXOZN46E|7Fq-bE}Zq(jm zD^x4DV~kJ@o#2kHh+QC2&xKG=w0gr*bFr%Ee5JZrdP_xm^TAF^5UbrsS6tZj3DMo= zL^J#oGnv3kT^NXXvn|-}UVA00VZPVI%{TLE0Zsf`pVh=e54WRdtyE8GQd0|~X5bqG z+D8(J8SE4h z_%4rS(w2gSbwt+ZAw4NoXO!@uj4qhNKZM_q(@Agk!5La3bx5iSK?c&9&ndLu7G*Y^YNE7lo_)_9_ zjU$w>=@ROFko42GIV36jApbyyqL^7rfsHE2S0;a*K*j_AACh%27xSXDNPR@RPM&Bj zP_5)EN{=h!ckh{IU==y&KMztVb%cSM_?CO)FsnwXM0NLBxtJ$izEyX-JDNDlS%N?ZfgSUMO#lQ@WUeg;I)`QHvZKhu2YXU-zY_nrS3!Sx`) zg3kZb>7pnZre-A+gXWMpfHeUEPd8Dkk1h`(?Wu^cfdirLeF=nmfK&^J{B=@^m%bT| z>_A(XYiGD6M1S$2wk0*5f|%y^Vz$~+N)P{l@|ToJNz`3J<~P?$|EX6v{sA0k^tKlC zJ36n|)gi~!%@%QtS781@gM?o0w0s)@yQYfS>Q3~CPv3_g9ryn>!NP+@G0)Y_#daROb&;AQsXM1Y*Z|JI!A49*Wtpzzd{D+ zf`08@8$*ij)>$@96FAuQXlqJe{hY0WJw-$~5l2~CpVKc^m}?sg8YN5TC?_~bKik;b zVQY8TG?34`KT``HL(JWWApxT3O>hahT5oEYseh+4vsFdi^amNlKqlT>6o_ zT}z=VOKOQdf@@Muzra+}`Ae(Og zU+a!gmjYrOp}Yl1O4X?@&8+EyV|OBr+1Bb-Y=C?w?X zA&^=7ob+x@QsA5vk4{!XSqli&XpZk!OtoHx?$|k3NQcE%g`!`el7r>T_B4TzVVG2q zCV%AWk{txbro%s%U(sJ!tqdL9>7}{4W5LD5C6_Y;9)VO9`;)B>_IqRJucr;ZMpw1n z>`7^EG>!1(MZa_{(9`S5M;DVpppDac&w+GdKMWmkh-$9ehl4Ke!T^4XznO#KQkth2 zQQ6`ZB^@Mk|~>1weFov+0?ZeM^Oooo9Mb%LzTDq z>wN19BqPx#y1+r&S}}Z4Rq0*ZRx*+#!SGhr=hnYLILrm_gJMuApPCVq+MckYfS zD%g4=M(KmCeLB?_rv38H%s7|-I%v>3neTn(O>BPKszko`nO~k@wdl4){vXb=1H~gQ z|Efg(b1whqF8?cue6N9RE`M4gzr&S3+vOi9`C@7*I~)q-@qgZVm#OaBLX77UH{L9{ z0~$01rk#K~vR(B%OYj(ru=VSS3VpYEtIjf zT7*Re`S{puS7DMMKmR_;<$n}{E+j!U34(s>r1!?BtV$&%bj<~JV0qH!wd z|0o3g^*12s3K^-Kgzk3)o#hDHO7qeFejZh$*D{<@-~fSGwMKCMrfoam7A$&Hc?Qfy z$4R)r1r!6H&np#98xM5tEDH66qu>Zqcab7R*?PE(;}s<*P|2caNYU3_(a|UhHAE?i zrIjsqx)j^t7^`N#zm3IkX6VE({>Lr%xpA!pvAXDZrN*kapJ06EAgjLX6#gkv+2O9T zCRC<29!N_%8Q`EGCii%5VacxK$t54_5AO>}`OO48pXK*euO#9;H&pX@Unf4Q7Jn80 zvIk=aN)La|=GN5FeQ4ZDI_u{APg*^kAb>6C>S-fxRoCW1|0$M!-begDT>W!PM~}E6 z7d6Tv+RA9Y4A|IU6EGz+9q0R!9zbO z?m{nvUwD&6rBU)%e`T9@-bxuXh5>^EAfn$b16U^~Zc~4|Y?$nal&}husiqfaZr;z` zam+M`iW0=;P=Vnm&WVo)BFNTn(6IqlP^@E{9#B@tcqS*a{JB5_4#gUir}uhfOP?vL zV~?jr$NC`qJ{XLHS-(oDAbOEhG1ZHwmjzXP7FDdE!HAX2DeQg@S@)=nwHOnBA}ZBq z_M$`Lx&oiQL9M*(keJNNzZR83FM~;PD%H5JQz@o7m178(jtR8g+YBFY4ksfs-nuwG2UeR8fQ$mmW&CFPj`pjz-i&xjSK#%&s6#w%K zk5Yz*%nhPPEq&(T1dSux;X{^KzP**Bw!?9^2JIjNw=#GptI9J*FAI5%_EVj4ofsig z9C3dw?M>sYj_u_N=TjMham#-5EyPILwh<*vC1|_r7XfYC=@?$H-g5^Uq5};f_igLX zd$m^N2+6nFPbJwdBX%gseu#e!3Lz7aOI+b%l7H_YsD1VxQ>)!Z1e9;Yg{%l{zJ+$o z;hs*Ow70tx#ZqV=I6?SpPVo2S&oLV9NmHl{Y%5kV?HJHYcX2VK?3{Va6G*q#`ydB7 z^6d63Fjyq>tsKN%f}y1&aGK{HDO%kQ0@^|K{t7|+rd01HR4-3Zy(_6cOCj6Mhn3V5 zVbqHQ{ixl%jCn~eePg!eMj#$rgczP{boO1Wm^3&^0=u zjb!G^UhVDX+~WBM_dm-1qr?tDE}RKc_HySkDJ%B778f`Ot^6Kwpj^vrQFXQJmx2RZ zqqagB?C!(A?&=m;5#4Ap6kUT6IX>lG&Y!6D_MR3f+u1{8Rc%%;aX-NW_(pTESK^DF z1^=VOZH<-PgK;iCS*s_H^0v00OLsB53?#HdwH~&~FL?WXidV&A&7puxkRqDKDI7zogoverc_uUrJO`zcz@d*RP9-Dy3g> z9XTN~H>MASYFp$Mazs}BVy4wE`I&y-U*}M)U(7Fm-vM()zxYEHQVWFo<*3RFQ6uz= zWQF?W9S7AQR~pwRXe9~#D$d<-{c7^@9`0$+H571d1SlaFRLy>v<9>|S59l!7Z>>3f z#sbuEAt4n)cQ?p9l3R!_R2=;}3O3oVqG5b|tsTZwK0lR7cpjTNh}{9`C&_c zFfc!Jm<-H4psdIISY3o3NaJuphIbu#VcfwE!A?jGd765M<*D&5{_tZeHb+GJDKfSN z&Y7}#&@|#OZDBu^t@l0I^f!DErh9kG78_Rz7yBDGI*2YpV2e2ZILJBBgboOmp4$&K z8K1I0?n?K`aF>QzzZE7iXqt34KkX_yM&X8myd5NU;_ov2g~!lbZFbuilGIHUNNfZW z+_9Fy0a0$Mwwuh0uB40o4mS$+QG+9_+3{8rLzas%{j3Rl?& zl@jaUHgI4|9V9uAmShc`>4U_W0yGe zK+f}vgIQ;d&><&#S=3x}1EUJ)RPo#+vEAIApAFw{Wvr){wiSzHsF1^*tT4IA#ZQ!9Avq{cUtBQpdx%h|P7l;BljYw;`F#Upk`a2bd1R`d1D-acqAP&X8c6dw?& z-RCf*BK@Gs9v@8)QCfO@o&_mR+E&BZSM(@Cfr<{k(|tm*n?%d)EYzseEhE`_oIA8? z4Cz$HN074h+v&aVDz{I#oe30Tb=dM%Rc%!kTQ4^-RYWI|0M%UGzsEA$R<&_12n`s< zs0ET4R>It1(o7^$?v;uJ0>Z}!Y+4ZsjO`N18NtJTT40^@0Hh*%l*p8xdS3?IiCZ9A z@rg3T{q(d_#GNL@1@y29bX-&)fh-2C@-8Ma%FJfYyh?!#8ltEGj5?YTw}?vtAZ;88 z(m$fPSoOQIC(Qmd0 z>71ZYjyB8;Esf=9vue~2HR_AL%KiWhR+r*7NB2UTKWlTe@thhD>5v#{*RdiJi{AEA z77$Hxw~f=iwCay?sBUdEPl1@@`Y$9~2Qk5qmA^w?(rWWn>MFva_?)b3js%c%TAdiA z`G(ZYq2lDM6KvukqtBC|SVuqQK7m(mKr7iVZ-MI}U2zU{i=_qh*DR}D>Hn$;`2;K7 zP!sYlJc^MfL`W67(GcH@>E2+oaZOw%ts;Y|feP*HKVTGN8&b}|omP^%gtY_0pxxrO zv^|T?!%+0cchS{~PD952F<{WuF}~n^kX(a_z11NYkUKEfb3=|uBp$latQcp$1##nS zvb))Tym07EM`hO`w0O%O4@X)~G3GDwb_#Q+wpijo`N?7&4T9sXVjPozBl?N}OCSgK zK)PHdm{yCEm{g(b$fT;rJ}-RKbcmOwaoK|H>9{#A-_nPr@SZNMb9W1)OR!Jm0-K-% z>-$w#JA251^?jH$&pgI|oXy6kv!+VDnjv~MzQ;Oj*3mA&>92^e=TiEQ zWcE~XbR)shXSdLF@kxFuos5;v8!}VT_14uI2ZC#aYmkvl+*^y4h%n;%{YMrv z2STFE8+ZaO*>Dc$0Pf;ZobXERehD{3S9+Yof^+keRH0N^egd5KaVTxg%g}LIf{s%g z_r{CF%ZTm(5#2!{MmE$`AYE5Oaeqc;`OM;C+qq)3rQ7%OQmn1G*mHPoRBB6=E_Q?z z>nbjGiz}v&eT+~Gd8mE)TgAn`>WWpDt}P|CjXgOKGDY%PS4`duX=}E91_N_749j`( zCuXQ4O^cD1JFXb%i*0DU5ro$Y1y>XU-%Vh4OvmkL}UWOSZ) z++&XzngNgaR*T3!l`?{ePYV(E6ch0&5Fu?)n$vT`$=})4RVweyQ8?+xvrQ#f5Ra_ z)T$Ol+l!M1%hJEU(r^7?+@JU*sM>2(abX62>pvYcWm>9UsCufHsz2cXrf63g8BCC3 zYm1Bh*cB_&Qd+F;lp?*D?TQu2AhjVf*az44Q$gQk+)UVp9}A_G4_F087Ihvk&O&{* zeiMD;Ld0CTAyxeD9jzkos{jf*wd?ADlSM?Q74v%Wg5sga`3$F{7MKeR?-kLmzNXFA zUsFbEnqOSg)@5sY6PG8sntmhh1V<@6ntZ3@sf@Nvl$w4~T+_|i+PW@n`HU2Mytvp` zT(L6Ra*PyvySUhAPz=;VLKP9!TN@q5{!&MM8KwP{;M>_hq%b-65C@c(zq9U+d!!UQ zy13ZwDCVsD8J-Nd_Bv^@4%&G1$fT#?n)|}HRH=58vZb8JX%+$iC4GK%4%eAW+1Oe0 z5avj*ZoD}Pw-?Z~Z*@FP`#^Lrl8^~&!5ECqe67)i0C25^SS2lVv5W`LN0)0M@Ec$} zRWb*nQ#BJK1*Q|2PYj4sAEBw}o_oo!0$ePcFSFsz0@$F&vxO3ksur_+^qXuutfuhl zm*DuOlDxOM-uf2p*}J_@&1PotoX{(bEAVu(DOs6U`cvHg+V{kK(el& z-5e^8x#coyO(0n?LaStK#LPs?F;fYn>{ywM=i`lTK8}qdY#lct*RETG>8cCv+vpMX z4vPl5CjVU>?YZuW#RS>OvokeS*A^-<_)S!5FxAD)gL>*volH)ek>t!Mw5{W>ZOOlrH^^Vv;r^Nhnnj-H3m*wtu>XrA1|H zlM=Qz#6UN+w(Bo(wb@?FX@Ss(AVZ-`PRK3)Nl2qP#}x^-0~N3x=qQjNM~R$`6dO8% zkllstz7Qn`wdxqFG&2K3{n2yKLlvr8gXhVnZCGgQ+)7gkr#V(7Rk6KMv%W@S6|ldz zf<`|=PZmY%t=Lw74Ix@tBOFWg(#L^owD_|MH4H7BgC=A^dj)ZryKbajaN8mRQ<*vP zS7Cx_y*Bd>!tcAq{MI%@@Dfg4jD6I=lg~8e9_LdsjZNLPthei?<5kD-bnKCr$>J^= z2e0fco`(Xs{O0tZz9SZT@rb5dobKq-dhf6}bjtthi(PA@0@$vVjo}`L@Vtm$&l%Cj zDU2DeGyhpTGoXEEzFztW+Yo1x;-1tvCef4hmF`4Ox*bmy%EX$d;z#x*E^lb7#N!L3 z4;_$`A#!MA`Ccce$dug&E^_Ra=t@VFt&XyZY<1{L8(dw3ug)s{km!Y_kS}uD{xscE zX?AfXin`Ji;dKB~4&9NGglKnaOYpsNp5+_$qa9K+q%X}xh)>0u>`R_X^8g&xxFxkO zy}rSHiAvCe<-b144+gUb2J?6PiD)Hs22s@3AGuG4{bfvO%}A0gN%nx$I_cD(Rzf;~ zrPHaJjhl4#R&3|7$bvy9R~{k?N@|i7g*1!yp{VxrhE9=03?~V0!379-&8>9)9=nV| zS}3-j=wOU+HWM6X>JpZLYhy{vuym=j3|vp5WpFUoGI(*@9y-D@Y>KUH&N3`v`E^=` z@fV9_09LUKC;-cF)D20?;Om^WIK8B#W%%AVT~~n|X&G=1!r6m5H{Q$oE=(1|y|dyA z9S~=!hz{3YkBVf`rl13+yYnZmA5MmxKFut@H=(lIvi@OhLs}SW%R%xfsuA~d)Pn%x zD~ZCZzk$N{YhlzZg|qHccJbh7WYy2b01bdLbS!tw9!=^kmriVC$3nkVgMQz82A~E} z$sVYI_`Sp6zd4c=Z7}p0Kttq33+#TsJ=Z^=Oq?IM@h`l4>78vt%Nm#~?4Npv_Idfr z(EH3GZSb~5UmUO zeh2s8#KN>2;rxDKI0$Z@(qjjR-U=O#WfvF)UJYfZt5}168_Nz{yd_+`7uHQK{yG<2 z9I5RL8d8n69~Y$4+|0lwsU$+8nSbU1U@}XxMwlGSphyf zFu}0M9<%)gy;v<&fm_#i7~-V1U#B`c^sa`C{o=h<`PQJIXsr3`YwIY8C$++zImPG6 zVb^566ytFL1jT#&V7{$Q>w_8%!4iIrvelm-2<n#%wW& zjwE!9lpBdW?lZo-bFKTkaKlKUhJZ@-pGIfzy=~pwai%0}%^KaFU&a-cV{{|_f<4I0 zkQ(@6mG-?F@WS?{OGGQ+Fn7Hx2J5WQWU%jDae*ZgTUMiQOATV?VKAo`%;+6~!FND8 zvWR++Cu4ufdfu0MzF%C=&S5<}C?}vl1rfk$BronYBlpgn@X-2<*aIcWyset#M)qGx zo{TDNY>HqYU%@*K9>QUw&aBzK>dFNI11~W@`jNiFPOeys=3pqoUV;y;$w`BX=0sPk zVEaV@zp5Vv;g(OZ+1J|aFxU*=TL&4db!=(zNcIj2diCrFb&4u*PBoDUD1x@~E=h{K zP%Wb#k4*M4kx^uNZO=qM6#ylw>%SuXhl{0u<9V<`8aqn>zFG|UO#(KI#JKYpiUzu4 z2{?8n;4#I3dlC?E;4W62Xm{xw4LwL40!NJ^oOsuCVzwH`qndnwamG%9a>=dnQ_xM( z#s+3hX5H#)(8`^oR2a2#Gwhd+4&KUb`%i1->V1BZm3u9+5IYEjRfqjBexbn%(E|uT zeDwPLokHJp*vr=cH3yNXeo{Bff8#R6%KKf~+dAxveSR_j z#`1qb$p3kCZR2r&Yvwu2btfirY~fxc$}cw(CKPCtdIvV%CKG#FsKPl=pwo##8}%bF zwcu=;dPH$1Ig-mVwX=grFm)~c-ZD%*j~S;jg+9k$C7GHoOl@MrdY-8*$yAmYl&QC4 z6x7sz*iY5e0hcK)wVMkOp8JYzhfbeg)KX~&@k4>Inz{l$YB{Dh^GpR1UApP<6m1@S z78`P2E7oRw$efvQHaOeU*9WPdXuU@@a_SAQJ-5BL24W4-)4h$R1Tl*{r@ zl0;MSBWTo*!2g%a^N(fJkpD{{2<^2~2Rl7x91 zc(WF5!fbH%SNZ&+ zmj8l-u=lQ`B@nrIgidG~bG|i666Uv5WeFoMmw&*CC|3dK>s8BN-PN^UpjlnViLq}C z?IB07-J2kl6I7oHGO>OCcOZnwz!!os4<2EIF(EeQ%QnGjg7vHrt9jx~pae#d6+{OU zojmjOMJco(EJRX%fO0?#aY$IB9+o{0fjpWm4uR064q+#R+#V}c{GhmsI#%JfAJ~CR zapaqc4@}R61Tnk#?spjnd0yhIi|_aqk54}GEEexbq@z;rd3J}98bOH3)d zC#1|=e+DErHh}I@s3$`xifAqXJ^j0CZT-PaYX-b;@W2UdB4+ZV&Am>41i#Z?op}8V zR;SDQeHS~39Re=Q*YQQ2j<)+)_4}(GcXHUv*8iWsSqc;NzqpI7e{rSf|07uQCH>RE z4P3PA9rm);{9*@@Fleuzi{>iRrw=7b(74_T{0O?rh8wimGfNw^%U)%z&LGr9d4zkc zLHh`e?^ki5@Z?&`3YZT$Z}U#js(*Me;---1m&{~y6W z_s1x2blA)K=a)K&gn#}PoXv8LKZzts<0AwRG=9=f>N(1aY+7mZRscMxp~LE~2seh{s&W>*kYZ5ymY?48h?n zrvtKwRCEBY4U2?>`mJwo(4fAL5OjJmK~q6ca!}v*0T3eNn+)pabL$$^#|hSNg;>oy zCj%wuEUT>JrO=PVLL9NWQO;^iy%lLZsK0($IH*IrBu=K9Rzmz^rHT=Q`f04fDayl2 zq8oy5*H1-RJjUPjZI1DGXIt*Zg_GYY18HXFWQ<=1^;-so_^iOGyH1IU8>E!o6*6yD zo)nN}$LeJz#_DB7V>R$sMBNMxs=l{ql+Zb$7urwl-c2r3^!=}v0Arr9`kwOnMf(1z zgU~$?=(f7#mC$#cL%$TV#Wwxt^nkO!1oAL-=;*P&w{}V%yef@7a(|;Lp*VOc^!j7M z(htKIMd@}h-j2L|6ujMqDe0Zb!dE*aMibI5$l?g4okLxgK%)UTsy?I0zw#b=gSJU}% zO=}!kIt;99)bo!`{Au<2M!h>6gdO!{xu^A;S{FWWnEM?0u)0=7hukkhB!j)r${?Ru z0vO7tQrUtYX0kyn+z$cg*zXF%C#+ncJyx*qx{j>u{xe|(xXX{)se`<4!oUC7vipF~ zFKWUb2O(E-VF)s3V3#`>!Z3^rSYN*f+~EhNf%i_ZBZf2q>(V`u#T^90_jsB_Y&7cY zdQW0-->_kKbJy`0L&gQ-!KsKC#2GF5@g-gPhVX)aR)?n9Ti{n3i^K%ZYE@I?+nZrJlT;#rgUKE2^G zCQ+`9(hvpPpq^sz+h8rf$z3;cENl58#jSB}1G>g{Rp2mtsT$PS1Ex9IPzxp0^dOcq zV4fWoifoiduc*tmbi$e2UNQ8;%z&QBT=4CTf~E9M5Sapzh^HU}z|>bDl_ln$2sa_A znR4f=v0f-w^>JT$hqi$n^vHBBupA(x-E9*j;nhq)0I&nrZ5ixgd)KRCG#f&WP4hHx z;AR+CfDEA}{)ckJUW9_bcccK#ZUlqd3dw#&wo!JJ0=j^z$t^g?|GEiMVVRUlF>B;) zI#vJ>Rl)@+c|RFYpb4=52KV29^gb!8TKN&&5&y2$4!^frS=JqSYn4JIr);Cel;=We z(uLjk3xPn-c8acUYQh?9BIR!`F8|80D6gX+!kft|H_guiX~8~p5De75$Mlq07y(f3K{L zA1nTGlq#z^{Sn-r!CVJ^6?|nRz~b|CP#Z$tAjWTb?Zh)`j?U$*Svm~}#;=A>exWN@ z<2Mk>Z}>%%#pq`3oJ5hd# z{;{_4$i!GJ7Z2<&gh;>O4&RQhjRfJC#-MAOOMx)r03roBX6A|Pl1f$6uUD__&!un4 zw%jtR%3WwN#5FY%Vdo+pT_+3Tqb*{y4{?4?YwyT(w@z5P);&K#%p71V?O%S-g| zu@rE%&2Ov4mvAZGQ^Dn5=*n-S`MBD?fM1Y6i80$5sby$8#Fkp^sp4f?r+;c|XICei zEn29i1VnqCco#Y$*7`~SIK>cg?j>Abo)G5&Q>1-RiB< z0}0iV22>PfY=E+BZ{h0pkSh-AUpk76;RW*Rr9(S3wU90%%x+g5Fw2CIs+b9#z2q3C zzNAPTRcqsco|w}Nw~1-Hjg=;GQu98`td+J|Ml-)Ry^x4p^O)6eVIdbg3M9i+vMm+% z*N^(Fwg%8kq4EQwb_{`Ki0E~0gEBVLEeI|YB*j`HT z-C4*llL%DUTd|oIK}_Bc6QB5-3=?ih*Ei2_(fSj&kV?MPW0usGw)*|n>c5&`@1~R# z6kBE9MvWk=4>F>%euDMKR{z`;V)gsb{QW8sG1~YZVYK_quf8Eh+i6x9v4&CTD`~WM z5LyDGt=pu%vW-VgKv>FX_mwo-j~oGwJ5i*Ff@-w!H)*t2W?NRmXmglw?L&@y0IA4m zf1Nl18<NTDoT zR?~H&^segSLjr&KJm}hm_+<=k-BPMTG_Bg(Gg_NkX{~H?E!sDMwn@+)S&a4yqU|DA z>RbMbKeZV!>1e$HpCUiKe9h0pMcg%NC}MHzSb2OcG{9sQH^48*;f*yBf9UX7@e8T) zLgOw%+bm0)dG&D6B&!+XEZJ?>-jm1_HBZr}2*7n_J^1PT|E6;N*C~d%Ia9vl#`6K` zIGhh;i_XNgo)s@PCC|h$!X>qIU+vhu^zayV$%3ECKmDxlZ|1)kZ{2FJB@FB&<p4G67>$pXBY~xYjxrH%+V)>43vp)3kKmb*z`pk z!}HK$iQt6OFF!u`@j&D}Cmsq~zbKPRbw!l={?~gio(6d`3_^ z1+j*~ptgST=KA5y-REB_*0)Bkh3|IXqV#>$nMYXY z#}u@x)`8mgXs+pqta~(%{r7Dgnpz3Ep&5QE(ud>u>J^7c6h$7dk~3r=bL<6=Q7rK^ zd%)~Jkxk((xj6sv^iS+*>rAN&N|R63qA@C=W>do?xw1imzO=-!juw>ZvefJ@ip6N` zvT(5fHMF#JOEt7=Tw21W`0Fs9SwT(Ul;s3dUX4S%|c>Dv_!MezhJO6n^fru*H=!72WK(pekX{7{gf1M z8IofPc7LSX3W9fJW&Zb>_^f8E>D<^keJImC_k{+az!X0J&3AaDlfUCy#d&(8Fpsb$KTokH3fL@9nkG0*E$rox8x> zgr?Z{-Cdv%$g<5-V0%KP7U$A#FcNnBpxzpZ-NAY3`q5RbHe`ekOfDuXZTQ&4-}#OY zgk>!s_`q%O(yh?6*?L@EZfz7k;%)^r6;aMtv#mFafWr02b9^_PLA`vd6Jj7K+n0 zC&XCco@^)j47*s+(^f`; z9S?&zgO{D5F=P7J2gm|d2>K$;T!^|#voI3l4?hYh(T9p0#NOFWYMC@AJS)kug>Jh;Qrk$cwd^HzYp)lg6+b^VAV1Q zxV-qX#03Z0&VlMhIIAPvP@?_C%PYdD2h|(^WzYlVXi`ij)SMi(>NL$c2Y6dyHXd`% zPx_O6mNrJ$DI#}(Ek=AJC}?I@_OV(S>PEhIg5e=I?=3tKhs7%}im=36{tB}9flr?u z(Ff$V6guC+y#dk_0Sb9*;xH3wkN}DM4oNby@ym8!bbtzbS+ro4o@o1DQ&IoxO|Jqp z+OLm);Og}7Z*Q7=p*TJbK_=GTqI1HmN|X1pAxibf+chKXk2gpX9>eZV3#Exip z#NjVl!okC8PIJ*0{qIn9oMMlLqY{r#Qc1+!Y1x(sa7}{Sm?qsi4_H~MYUrQ`eJC90 zUpoZ>FrDXLFG~M9cAkL-b$4WNQl1y9szck-BeARQ=lm2o_po{TWV%-RI&~}hK3i54 z?Sv2qLV7o-5Qr0FNi|wMmq@|1y>-VR1+hRk-xw>&tX@dcvq24Tu2BC;T7R@pDHscG zA7?zE9H}?Q)ykp%E8}mFx(>pun`h;6W{(RUfUfS7L@sWdT}-;wDdOP)F0CYR{lNn_)@wmrFN^O2b%b(dA{Kt??Dxr=_dFo;=ixoJ|BbHVRaFV zxAq%-Idq!#)%=Zoerc-=s51Uhqnl6aejpjH&}Ug7j*(dBTljO~uR)qCcku>|lwTxi zeGFN$wZ&fagrFw^q@AT#?heM}tg)$E1`GWHqdXpMkVB=NigAMv~bAMv~bAMv~bAMv~bAMv~bAMv~b zADBwenn7G8a z!`TJ#T~ABIH#txjr%rSshY^j@5aAR%KMmjC9J#-r-V?|}%q-DoZ&gy@ykop>)zB+l zlX&!&`Ao!Vx)YNHK08R#61ptR{+F)@iG@tQ&KwUYE^)Y8@mXPyOt2mqEeg?caA=uB zDIm}c6D<~t>*iD%fwJql3kH`^t^JjAYiPqWiyv&p$TQ)ct{!}uKkxI#+TOMfq-@Si z*h%UAu~Ua`zL9ngBkn|K&)yR!NS2A{6X=?@xJuQTTw606MJ@H{aSILloTjl7J2as`%ggB(cAmn7Hw^2c525G{^ zABOB{Fg!EF@Jt%l_&$Wu{m$Jdu^6t0z0+F3<*!1&Iw~gfhCLye?8MxXLxH9m9#;w`Y;I zu#M3^Lsn;9v;GvQ!)9fbL9+s*H0zLg2NRriHR}dTw+e)X?Gj(8yBQYw-OYx8WAqU5&kyil0sKlpDie@f zWA1MsNv@z$vNJW^j6M4XB9D)w+Nw1viatl}4{Z?_W)7 zb*^mZNLZ_@*B}j+#Oq~0EQbRYtwYg%K=-5JF7<5ku`sNL{{kbNe;aYn7%jan-O_~p zob^r@o(5TZ^+IhqP`v^&x($%1AC;sycK1iPRURt!Jo&PeC##6~6q_=LR~SCYj}2vz zvgrdf!zlrSeZnAi$ZZ&dq%3+H|7;k8PmmGygvel@Flb3W&S7cYQ=!;8_Iz2}=8}Z) z1ZTkZ))z*%(fC)3!+^DDY*}hZC`dARStPj)wmE|sXROV69?juqTF?8tB2%T;KZkqM zZ-H2hM1%a3Prrqk|M0}gja7@U(N=?Zl$rq-_N~kXkB!faqEA@B{fwJbE#`t`Z<@mZ z$_-6Szg4yP2lx%qxiUj>nE@mh5DKvS9nrm%tt(og`H$mBm#!w#+>aBpffe_B4?5>noZ&VttgRKxCKL>Cf_{nc8=;}8@?BZ6`IO|B_#0y>tpO&K%` ztVr6781MIjws62K$dSoeepL0kU>>&-6}GjZqFU+fcRTT!-$N+qisX)tz9df zI@f0KGm|y@R$bWxyqUZv;2zB8iEJC5HkYbdok3}gp!vUM?h`G2T1WB zYON)dY{6ZzuT3?(I-2F3wiT0I`e>KFbCOC+;mjE8<2wOs2i=zubS+I=mDjzJ-r>?0y7Zrv#M&QYJ&srpNkRp39Eu^w5^{?qq~&FsnO;I4)&Ob^{f(HH z0N)`o(sBpH2;R?$q3$BoQq~be1+rWmLoOtw z+#FF7@{Snt3_?yx;b%xi7!5skgWJ#!F zVyH(6bz4cO3u35tLdmhv5p?BZs7ndeL|iLwv8m>wAK13JO49Fl>1Vj~Z%O)}UHZ{3 zeWs+p=F$&x=~Iwi)h#wpLL{|>Q>rkuSTR)Cr5!Z+%iF)P_R;h+4#v#;o)RRseZfka zUv5~?{W+6Qo_x~e6Hmx280;Y09CoDT=Jn^Mufj(C9*i`d7->2XH05q222b1V-=*?b z!k(=p5XiX<&Z!pXIPxiT+VnDaNEIUzoT6O1T{Af@E#*(RCkTZXjX#@`D3 z6%S=v?ptGPGr5^#$1|(WX4TujDgK>?+|0DxiDNOyP8mA`(z|#M?7&^HlF~SB^32I+ zOg@vsnor=;=mso0 zjTTNtCWIrxW3W>^L!rgL)2?e98|m5xFHg4t6T3VyiWzWg{dAx%bfRo~q2iVyu)ums zG~4Yoq4cX6@UK;RZ5yQ|z!J9Mf)IGG0C?Pde1zcmtdKYCh&ygloWjI?-D|a}``Dy& z4i`T~{8}_4P9;h+a^C6MxnIGBDqm6C{iq?2G>T|(^r6% zr59J|I+89c>DJn~S@svu22eP8mQZ+3Zt|>i#9Sp?EX6X?&_bqo!@f~rK&pMG8U#ug zfE0Dtc8)&uRHd4-!-KvLLPizQi#C&QgAa0E;UqCaS6`4YLa3{O-HLTpNR7T|(OR*( z*o0O5e)Iiu$oj3~_lx4&(5i5zBG$P@X_=M~T&U`t`TD(vp?|%E#K!S%e7V4cOxD%i zwn{C1uNM(th{|{^UCgMpDC#dHOQP7+)tb+%uHrz-Ptk9)SmkT`A_ULU@@V?-D^;zZ z*91s@z7bMn0fwJL`U$m98@A9ZY#~g(#5fI@Nqc=@cV`b}atoy_8!+3+pI$H2UVK7n z23ETJn!YHLS?E8eD@xjLmb* zxw~r%%MG$*S5ha86Z#kdn1hxH889!8Wu6>liY4uq-$kt>J1nC4To>uE>S)Z<+j9WG z8|Lu4C;{yW(XO1^iOQ0Mxpih6Fw3~UToNIoa;>sV$<$tj5pMtrlhF7-%Vc+5a+*gR zAa99iefFpi)UAbyidrZ^RQvjf`uuu{B0*9i9K?3>>XFg}NE5xG z<0ynY&Gdw-MD|S)$gR9gR{XcD?l`$FT^|dVmB(Re3|Uxe4j940Qeoi}BU#vujz@2L zNvv#+s)Z$}QZG(U+Quqq&E3=Qir&bIm^x`Px@CD{x6Q70L8uP>68D~HEa;GlCFY#T z(hhN_F6+cPe#Z5PWN_(6#O3obh?{uC25f)xg+b6bg?A4_bDXl%aY_y z2TIcMlC;XQBT3>ybh@)Zl5~JTxr>w~sYa6An>Q9N%IBDU4tb_UzH?xue~IlDoO5gWJx+k zlH4=El5~h9{Uu~*Pf2n&DhQOuNdFc@oYR=IozJ-|&Y8@dVI9&?=KeTmU*t$H zQAg(tGRtL-?nh&ojbj)F9CmXsGT>l)V)v>T_L)tHPu59bF|cyn{ZyRUmB^f%F_$=! z1QkZvIWD35#kg1&#iGM}&cEZF^O6Ybj9g|b^uHZL9mVqUh>_%c80YL)TwcP_0=4B? zUg8_Ge3y*Jl*~?XPBc2?7W6OkQ2WMEzXMcssn7Xrob$`#@^d^?Du&9k{9!)l3vteQ z#pTC)s1swTqgejGGLMJqS#w@RID6srxaZa>xG5@~&l`+)s02N*8 zbFPhZepy_8j)(eL43%a1!+g#ian5;C9wUQlZ;@s~`R`<&m$IcB3o_gN85gRCFG89JJ>p+zqBMbwLd03Ac(WQ|zx^Y*zqX`h|zj`H({Ouf38Fl7=@8;WGInq67# z#(TTpCO2=8+ieiV9hicHgVv(XfQ$Ea5l4EcH+5pA|JjINP&0dqAm1>QnLYKy%mwd` z#{!=7rR9JhHJe!W5P0|&-P>BBn!k>Z_ndqvs)2ss);Ga>KGg`faA@M>6RWPe($<{M zocPd-i2a_(x^+J*>ds#>gOEzY>mP-NQvw=XJQlNIpp*KuW>jWr=7Jt9`124rd}DcT zj!a<(kUQwc&nA2xVTpvSGx)z!Xv$A*%5bHBuOKsDF)=+D$0orjx0wAmhH&gO#v2Fv z@(qI^p)Xe{hdNssmPS7>m`5*RxSr%;PXZ5tw+xuO5^1%}!+JAhToLUp<+woa;N_+j zmUVD|0BSKxWJ{w~_{^u8GI?+%1^L$|Wn5Zy#5lSD^romR?sv8Rb}GKga5?-QVYSiqPMT_x*@3gs8Xd$x~s=JfYw4+J1?&A_RmG=^8l5 zYi(prH|t2OT)IbpbUQL-dyG98w1zG7TjeCI?#G%W)wN!(A65^-@Z=oG&mPo(u;%rf z;oUf!!p@Nb4(5ggjTIa%L){4FxNTXP+~ekR+ej}Fq7Oh8O5%VMe58tqr<7c1wBL5{ z{^&G-##`-Vdqi?Qg8tkP`@3sEo*KdeHMF=A}d5Oq^U@wOH1?gaFLI zXXDIRR*sS#3or?Uw#G9-QfYzmqx<5TK?EvhoQ)L^ZMAl7Cxv)G+OSDUkW`LZWoL;cR5EQme^UfEylr;>B=5Vv~|3}^Tz{gco`=>NO0CA(B zRz+E$NbwH@0WB0|3tio6qd~0JKWMZ(tfIX5ry8C{Q#XNZmz1iY^*x0=glARM_y^n; zXtxL?Rm8wUjEc`i`}AI4!GIOQ1L^PkJ?G5axx1UvBEFA5J~Vsp+?g|H&N*}D%$YMY z7Ym=xluUioQ5lph<*{208_zC!1yU`}s8C+K0y<(?z2Xv|vH~F5B;2U{6f_EHr9wBy zb@f~xM<1kU@x-U=_K$bfJ9FJmG~>6dx=BQdTTHo5j4qI0t&pdo!`P-{VF5Ml;%?!~ zR&6g5s0)PbHK<}}4<8{f6CB~C1ZGybc`3U6V-~!$QUS0kn&Rd^0OONbX7giLk%db3 zI4$8`k97ce)-i+d%ejJ7ah|Kff>5f!XZw} z7)D%FH@i%HDJV39K%AAvlby9zClE(T7E#7%@zQE^6Trz*K#EfbAzK}jE>4&vyJmzr z^-TIa&btH?CS4OC5KoXvqVtp~TY$_zI8%Tj^asZ$)mGfL(PVumn7`Yyth#rc28FJI znfO5w!f;{Nd});19LPHr)0c+zBxs#%cz!`$yf(Pt)JV`%+mQ^hfFcfJu%Rjhj*nDjr9tt3|JGQn56Nm^W1XW`&BP!u@fn z*apY=WPIGMY0!BvHgy_=63`&BjPDIS9j{hxui{(%kmZ!A(|jOv8JPxgF9DXx_EIDA!1#}w$l!LUuwS-edwryPiY&SReU%*H28YJ^tL>A zsmaI6e#m{&c;;fA5<|ZPrS`W{Ys}uYkFAKTJdm4<1?Fn`>$ezFZ7176Kf;D^=}Dln zAOt$J2Z?O_F(46t2!9|$RB+&OPc|Cpu|Cx6q*2FhHc&Ik*+EVeBuNbt`T+Wa=%z5W%4aYgzl+-tRTFiVa|J94B3^UpRA>1O-JRv9FDV^7m#6soy+3FS ztY!={!$%8rr%AEPfEEy(-Lfg-T%45VY>q21KR^-R3$`JjTfSElT@u#fZ!lbDqmLa0 z!pWIkGNMdI=V(F&f?ov<4`YF1Uj>h}k5RS?4OfX?|IbFWfXG&)Za}Rv2vq>oeZa|u zu^`1iI;Mg(f?iYu*mxX&tha+(OF=?6+7{ZP|3ZU7vbu8XS#GVABX>o4jIx~UcBsiy zu-jn@S-ORDJnp~9O`8Kb!vW14jn?ZbpVlJQrx2vvx!xnA1_>&Wu00xG1Lnc*=67s_ zkdnKM>c4pcItbnhG_^@o|Hp9Ro>FNeW-`d)S~cPk&`!NBc%KK3t_9`RMbqz-;IkpL zZ3w!TMnQ10<}cG)3GXC>7*^}>*D?;A*gH|4=Jsv;;A$-71x?NC*H!VjzEv)3n>OOU+% zoSJdVaH+E&c*LJVP8UJvF^cy>DmpbOpdzG)VFy%cJFZ%MxMgS%X9Ht?`D_QAZWVE1 zES#6Y8O-u|wfyynn5B?Z_Kn8Mvf$?kWc3{iS8<>mgzyKAzWUY2%1b{ViEf)|xo^ZI zc_jV#lD<_84@RXeRoe%=jMSwuR0_l-2lN z8~B<;h-w>Or5+vzQWL`oUuW! z2%=$VS)q6X7hl13oJA3JV0D2n9>878qVAmJ2AY zvZMvVV1&b<@tiUoP~YINtW+lQnRVMa>xtlY$)18*6TL-*B|0qJV)VzKpfkJ_w(S$3 z>mxe2?gm}CZ8jLAI-(;Uk|py5IaR7gUd`_NA^JcQ%sYU&Bftj@lZNIUz~RRWa8@;!kDU&P+$d$b6;;U462-qEm5>u)X`&I7@1%JI)0ql&0C>>NA6Do8 z;QM6*!0!Vf-~d*j>D~22+7?4RR@kmubu}3FFzV0xq4{gOoiXng6cC3}6_my6=`Mq* z!5*ELOs{~(&iJp|Rcp}bGzrFm*f_FrKKL)vX3QdW?q|Ms<}C1RyTN1hJBsAype^_f zPoQ3k*ftp3!<{hhu)HBhJqhq#=Di9bH1??-a2XK1iQ2wi# zK~8}A>k=uUtOL5s+X{H6%P3Z_71$(y^^KAsWdlbx>3P&qaEq^U7Y1~ z15*v*kserPQ=$Y-V2G?@xmM!0IF<|+9rAjZ$4B&4#aDajC`!6_%GP=k#HXoEtl!g4 zIv@&la>o5sCs-DoIIf-rlb0yanigm?iTjknOAU+fj0L{$5nD zI)5KfUY-Aw7s0@HMQ6-ZjN{9w6 zp=X~GqMm&nJTcpX+PVpOZA`>t>eH7I-SFYF6AiIm?mp5 zN23^gGBC;LB3;!tIdZ`)Y@X%|u;hyjPj|Z`Pa>!>Syf^YVg_Z$OWD@wa}DlMD}Zm# z%eqZm;oD-|Jq5>}ZIKS0h^EgeAF^Jggn1_*C}Ar7gq9gFj{?lEULa|j8JqNb#g*Kv z9PDRiAmDZ}G+p{>LW}WjekcFIeKi8j$MU?KFy3wH{HWEVHR^h5tyE~GJBQtOW~OGZ&eT z1>0NYcqb?(zZ?#whLLai$~*n(PPT9mtifO7=<}BSl9@6Wq)@{okd3&|SMFpOKqLf` zi+uqZ5?o#xm7iMrX>n{;>6Lc669z2~JnGrQmYQ(Aan<$?d~;27YqyC-z%DRXYR1|p zS#HiET6hcY=NP4Z>_iMgK*z1MKSPRmjowBva3|Z;@J;fT3#Z6Vu~XO%AE`Fn27#Bb z#oG>HzCpf&fHzmwhp2J>wdmIjod8(FIUYf7Qx)+gc$Q&PbY=}RsC@y%-FMts6SX;e zXmB4%HOgvgn@c@Pu(Z7Ux>VC$HHciRxDp9swE)seR!dd&x~>M^P}kMs_epEipM%71 zvNGQGT%!m>4RBs0?ShrH=zlS%4mwa?Fyc2z01X@3Db9KKtv`_&qAAITX6HS8V-u9& z`C1hlfL&cV1G$M)$AGonj}PrELVJ-xLrYdr{0nf&4lbfZB}>#D(MzQr8lquMRvfz) zmLbGpC;^)0GbB!FC$X{9CgzKC=`X@yg?%~u=@o6^jiXg)3>!J1kX1XZbEQ@ z+LYk@vU-qzhX#rGYWdqp@Owd!*8h zQo)60@k`4ozK_G5>~)~?edu%qsA?cz1FD{a#ve43gWsrHFb$|2v`R=>k~Mgs7PR`Bo#h|iQ7jX4qyfoBbgGnWDQ;yxGJ5>TvL<5}MI zD^Whirb=`_ysfbuR-gjKN%N&i!y=iKy&XY3UQ9ofAS9JZ{c?yLh*M2uB9LH+keA?z z2!co?vCR<4EqdswNDY-d#=UXzYciJU;>UV=ZGdM1ExbY z`X2Jc|88HjLs#K2QCd=`L)0CFL7g8Gzm?T!Kj41F}yTVwWUMHf^k4vftKVi~g!YI4S zC|PP&45c*O5F;u-3Vn>iLy4+=%DA?t&@I1>c1B0kdT_#9cf6+?&`uU?M0)!L0Hy4E zFtVL7VuFTI624mrV&5fbf?e2)?(rh&9uiooGgYBIq?A_1uy!4E z&KGb9@_RJ861jtL{Y|(;^TR9Z{`@mvZC z`w>9OZb0X`7C0fHU1oIuuIh(VqIuxeXZfm&U>CYCveIP>uGkkKE^?i-%Uf$^@C8z* ztmqcfS5ds^uMB;a)%AE%a!DD;;m!7jiVLWCc>uzk7C;(^=L)oKqu)O20bxm(3-K6u zj;=4HnS+ZQzL6BOUEhkORe{;zjnRcko&@w^0cd|Ogk)cqWKVdR6eLc~CZnX0n~d)L zYuJQ;ZgY&fhRuokw?F2+8|rdLiI(_Q$;L6A-ZP6+5M!^wD06ffc)74ndI|e!cXTKC zm6&K+Uwc^J?WhWE5CL+xfxDT{7et6exI`G$h)dM&H7q4xIMOTzzHuMHQE+w6@m{>9 zMm}Jrs}C=gjKnm6;)W6SGK?V)VT?-p6TAkf%(rbt)SIZ~KnJPr^4Yqhh49pdHYU8P zBs<8Oa{_uD`?({69WG7?E346LDLw34>I_C3Vw{Ps);-#7gLcws)l^rh67Dq|Mca-^ z$}Vm6&4_VOiL316M8|Bs9Z)$KxZ=zGhm}!uEUXzOt_~Cb(i<9_+e(7Da@!M0SvEHV< za^Rp(G<5HVF5!>XUGC|M-qFR#J3&q8U?^D6kmw9SiOW*zu`db?s28om1w~0JLM3}( z7K7oe2il}SyplVz+fVnkC3y}N+|kfY`!C`|8Ee@USgqFK<3j<^P$My}(H7K&S$^y{ z!U9MH&1DZoFo)_2 zT65#G~xUoF)F&I@fZ(7O`t}@uZB~9@L<&DIj*vh zO()HRmYO3;!^FmCmKY9ATCQMh)2^-vL2b%#6Ga2KDjcdC;+2A|;-h`k+TEaq z5JOfyv4`svzo?J%DY*z6uI;LIW}bbrE$BF|yQ^*sI`@GVTzt2ONeEEt z%RrN9?1B%rjbk{YLDX7zY&&g7M%7_12(q}5o2wjlusMw^uJGV1`hrFyH_4o3{4+8H zv5j`HIl>)q#z43u&7Fsuk~h075n{ohn;FFJUDUH|M}GwvNn9Xq@0Poj*S_y{#Ihy& z)P+<*TnfQa1(J`+c!Plj|EgXN@k)_jkt;M+hLkpBnSjWY@;8Ch8fR$oa8t4RSEgM^ zj%mLw_f16C^!-K8@Pj$x&Q#^@9A5S8&V7n%Whk@!t#VP~FqMW`)gYG{a7Q80sr)x! zk{hp*T*Ou8Z0Ol6#0H^IPrLr+3bbRu=c(wdby9`xxeqfgor=1{`knSt5HN#Y5Y&Cw zPf@ot1&PpOxY==7UQKX`G3G|N;Nk~5Q=bIZHx^2FMUSp_ZN!Z85EORIq(p>P)L9Pj z;H&XON=RfuVWT^~-O=GSzy(04Yk(`{w((AhS7XX=n^Ps9;zPht6fwuoAbUyCA}=i|@LgEcIRE*2rcU{;_(*C!EPU)YA3r^9Ag`ZsPNe{drK zL@&JVehN|zRf!1mxtu##2LC>!u8cI_;ny>t=mn^YLPxn1!$%&mVF%+UlHGM{juzNN zMed$IPf*E6Wyzyi{c$L@!t(PEt`8;a5KOeR6P}Bc`_roJBgETG4%elmvttt9(iFrYu$)dMW1AZpzpNn3Oof|i}1H5qEE_&%pV z`$;dF%?c!1FM0dKPSFuf{DS>{o8IN74wQePCuxW3^MmVWKe%$z{ ziXbk5R>or=6`5SeJp^$YO4)CIrvB7>5~41m^R(PIgsYxW_P4VU_;C3TC>2dW_5);p zbCB0z1<9F&_wOel`vZ_m1f(N5=q7yd!^7MjpydB%l3xTyrN*O$enm5#A&Ku4AiB5+gGycIN@G3N{v=-uI!AJXLdTM-37vrt%|XVKN^4AgoSac1x2wMiNy?Hss2W8jW1@B4q?VUkExIu;h|F;( zhj7V3nhFKYYAzBu9O6+I#1oO1#Z#bi?WQylHA-y_(m%n$1(qVK)2yX~$BiSBh#rIT zNUYC<0;7-;#=)3f1{gA^t#cRcP|VlSB9XjYq<-#%_JMdOrf<3j&8ezQWRKY@REZNf z)f&neZQB|D0xc34vMJa47p(3&@}4f)q`Qqr6WH?Rw4ICL5_M#OP71kQAy-8Srudwq z+`N#OISN1JbEMCt*BOW>novjs?Lb%3TfB! zVa*~mO)Jd%u$fSrDJ>Yh8UWprM;Q594~IJsWc5O8FA0We`~OS)yFL}J1BQ8+&9se+Inw9A#jqWB+vWu4C!fjr;OCQ(#& zy^@m^qm93)o0@H_V#XWHiAQB=Anc(xB8O?iR1e*ZI>hqRcBoq9^-~*s_ zNrxXeU0X4V+p5u>PMl*%a`O)~hV3wMsnw2wngmF!V z5%`nQ(zP~#(i{x;(fhalofFBlbk$8Gs29`nwZZ)?aD(B7+Y;7(aKRlKf-zHEKX?~s z&m?eG)8!OB7+btESrY`Dn>zK)`*+4KgNB00Od#{yw7pZZ@%9L7u$~MSLdYc$z6A&< zjGEll$dkq1MF7Q-6(~)Ps1PZaMIsfZVwFMET+@&A!G)T-CaA!P6ct7tS_=;x24zo5`&8O&Fjg1~WR$f*@ z2$o_$L1`?y_Ck91CqZyzwVJ@^7CBm7+`a5UDHEP=0Hr=+bk6y>usSUHA{NI#vULVT z<2OL|txbL()Z@@c_D2`#WOu}=)e+}i6i`lWxtTA8(yQGUP9@O=;0c$Fe~zq2`S0Rn zK?Ynbn#!@a<&gO(k6oOT{{G*ty}5SQK$ksffFnXuIgD!&a%3$>HZx$; z6{PwdG}-7oM>RPXY&mME^Y_#5kxwe-adYt0(3+tdSd4dw&w|$5(}>VRV4BzY_<5oM zXayQzD)A`98Qa#VUyiHNmp_1H@BeEro^s^+$Ifp7n?j-Bgd;loaC)6vj~vDKLJ-&g zD9ei{t57~gzDDOEs|e`NzIOjk6sfStX8z@W(ax{lzjLfrDk4(8*qc!-g($r0;r_bf z_5?ps(@|cAOsjSJFd&%J@;&Cq(5F$ZRMQ<(c|_fKL|L zqHAE-2x(G|Luy6g$>toM5?3D#Ur`t9k;;xb)}rKqVKkPbr$bWl+}`hU=t9Nj7WmCP z9CuuA8)1aY6L{wILZP7FgR81SXnFOv!E;DB(bRw3zcczbV6KsJGHpW+I^=Xih99h^ zl0BcOi`zVfLyHpm;d)T?8=806i)_t%DN)cfM9p)6^`H(SD^+0`hj{BLJw$9?WbOt4 z&w(VAnL77a)mxTVQ|IdKsVk-`t)f+|Iub^_eI#&PAHat=Y!KnEynG2Y!%oOlw!NU2OBB8D7yBgS? znzodej6$k(jeY}KTUE1WCh9C&xfWBd{{FfB{v5n{X}LkZz<(m z`-1${nL%|Yune4w<&_Z#0l(tipqKO>r650x>tb4toN|JJ6#x+o@RvE*=t}%4VXBna zqblD!W0j}Qw$AJ7CF9up9+sX7K6-Ab0!0cf2cJr*oo%xnVwF|G;#JURpi? zaUCG8OK}}3IkI5HbA4SM*O4RS`tL{5Tql4wfS!)8PxNO#U94@n3JS@+aM$!h!(eA}GG zA3x61bKh632lriMF^puoTIFQ9+{w;gEfw1NQy4=YREo#3+`*_GkFo&BymJ&6HOqDT zV5Pu;5Mv^hF>WAWmhst{3+Mr0ItBUbSoX+VNF=?>;@qD0eWKH$YuHhBByw%0qHtsz zB?AFw8lgJHX$F7!0c7BaDdoS+ndigO9LktW&u;M z@6-b{wq~wvZ7a-{d22k?@p?F1%KSmgTjGyP z`y)7sLnrt4%rGrZwu*jv(rh+QT;2xn#FpCr$#b;N@s{p9JJ&{Z%Iq>IcT)Z0sxGcvfP^*$)Ju@2ZEo&f2dP!){C zV>T%rnXUHGNzf+6E%T(^Pzb5jsz+o^h_rt(6Ry0HKsN1=2^+bxd%s7sFTlseh2X%wF}8!K?I zczeIc8CzrdtI=B6mFq=)rKB1x+Zn$Q%m?GpmxZD*-6i=TCa;3uAqRCOlHk5P>?|kB zlC}`kkk&f2P1d;VKVtS(eG~mibDQ1P;~6sH`4u4yVsG**JtGtAdvK2A6%{>2Iyt}} z^mvfE(0yBeyEoR5-}XiNuw;8Lv$uOw6Y?X5Q}Gmz_hpPRbeaakvQ97##MffqdMIKW zWWs#XHz@99K}t1xKb|wTi#!EY`JPJB#o8&F9jEEhG3(-&E39-qY|~673)rwEGQSRa z)`^shFa?8Z4PTTibb5r1{1=D0+8ypAhyetaf*`-e^yKzJ`DukxJI-B$ICcRQoWE9L zNZH~!py`|@!2M8(?&7P)dZvH_XK`D=w@`E4z&rxU8v&^=Y(@fhiTnszj$a_>xmA|Y zc|-gSu5WO0| z6+V|nK4CVrkr#S?`QFl7-hZb+(s#GZUO4Uts z_PEN6W~`C}hg9k6b(33OG@s_i-*=uJ3V` zpa0BERX)pA8L-|aZ>X3i8k9x7|1%xmC`&v|9b&b_D5g=}5>J`2hVq9r<|^abx6K!ev#gZAl8&utR9@GE0r2+BrarrxmLGta~fc(6Prp13|Lw#cM9l52;7N|B+7Q)!{OSp zX4&4cug`{!OpI+~Rj9HbzZ^jDFBse=h`LAzr|qE?lybmD4pYiek`o{+08mkB{eWgd zib(5Z#ttdTS43K`cB_osbikEHmcz(WddT4 zDm!(?%6`Bp6FG|RLCMgk(GS3x!AA+cDDw1vS5qp(5t7>H zkqwVZHmMsxVH{8#lJd-pcBP;!v93b#2-AcJ#0gR6s`rt zwJ9k?iU`I!FNJGokV52y6u#hqv=p+uO5tV7%1{dNky5zUN#UMWwqgI7DmxC9IVqg1 z@2SoS2!3_e7M1f?Mm<7#3_wksfxjoknmPkrM@JKO-x)|_*D#ZrW|h;9-Ean?6*M|w zX$mg8;|!eZc#V#u&OlwMvXCBe2EGjP4#=Zu!!&;B@f$%g=l{W4VQJ+KhPISCw=JT- zZ@EUd$gP2TAqsWj-nZ^U*~Qf2V6Ai-&cAc3&&PeGv+)@pV1UB&_e%X5!M{>ox&zJ! z{D1WA2(d5^pkzfj6Fq>a0wth_F~i@%1R)zPDJ)jG4qED*C`S8bF8ro~oPZI1^Ze!J z7ew{q7ZiAG7vAX?4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BzP&4BlJZt2U!^2V6== zkGnw7HP6syOk#cHWYP;?*-r89xdxAi4IXEMhg^ek#D1#5d=DGU_prfy4;#$)u)%x} z8_f5x!F&%J%=fUtcuzMNOqgu6Pa5P4zGCc^NDh!#kl*3mp4d#-iCeVj_Cz4}-3aFv zx2Joi+f$$2iGu3(M3BYFyT~5awawQB2lo@IYfB9-R*w-}tnQgER(s~0&il{0!ug!L z?>O0ZG77P9W1X!HPGQ)eEHAw?dg~v>Dw&Q?a^tJ|VxeNW%VywxDpC-XTsu@9e$5wq z=j_gHTs9E*rut;x;Iy-<`-=C;vh*AXWCaY==h>nyM)jSYempL7tkSJLtqO=kKNm{P zCyU%oeX^foZdI<%Pzrsr74ylm@(N-F74O6|OMQl;>fyYGoeB4?xFC?(`}<&0nSa)Z zlJ?Isngf_=+tjneQ0^?iG96{M%#(Ji*HqtU`~09Ptv>OUj;lieBtlZ)pC!#W09FN# zpI*>Ed-4U&KZ{Ih|11*f{Ie$q<)IwzMEU<6WO*Koy&L7x9?6ys{JR)WOzRhK>Iyq& zAfH($pI}qn3VP^#EeXZM21W^t5xVdEbWM&xOeBGr@TY(J`C%d>!7emN;07)=)UP$Q z4Qdj`3EZ76shxlo_0B^_h@v+__TVouml{n&hy-J(vSEuXUXy_Vjh<=0Eiko(3*n-3 zL~Jo5oxKnz+CLg|6e2G8qAnU#k&4f9m@gDcT*vbPv*vgqAQxG@ z4&m7vP&1fDD-c5#VIt(gBx}H`0@cw1TUJ9AcyB>1QT#JC`hzNy^*zL!1p0~fi$J5W z@;{@^z^jDfrkaRQC6b5rqDdn5(|Dgwtsm|ho=E}#wZskiCaIblX%`;!fVIWBZS8pxiz=F*t=vF4#1u}D|2nt0Zu04zCWemlUD&f>*4Eq zgpjixM1Y(#H3cGDz!XqcG)ei7$6) z<=*z_;tO|hLOp>(6Ci>`lpq}V1iVT19?6ak?r&U!tla7T<1!ym5r?y}To*Es{CMZp z&IrKf(hT%W^j!hY6&}r7Ds=g0A*0!?h%MeU2?L7%MIy-c_miJlShanK)sSzcm67j@ zm3=oXm2%edDWJW-3?|&~&mtI-MOEl*>S*^?Zdp~C#LKrg-TPmeLAA%J%#gRAdIIoj z^r!$~q>irl<<^eKW9QV8@>#t75>3rd;x6%p8>lsp`_)+MTvj=@Xl|QSjR$r|CQy!A zmXzK;H(S8lJihUvgAe$fZ@)SIE-AfnZlO?GG`EXcmN5zO>DiKmYu7bxtiK&~Lzj>( z__hRZL?#xJNh8we9(TvW(u5&=$CA=5OG-EXUD1B;5YS$A6VZ8FI2dFOb^5iqy?b}$ zS#Grx-Kz2QI=H<;o!^ti%9lu|j2uW!wiGL)q(f%lxh{tsZ*ic#X|EV~j8>bo^eC(1 zp|-IIk_*GAHwz$#0TiK%kU-DNsspc+f;_^xC9BV{b8sD!^|Y%9SPIm2jIE#cJ%~fl z1T&R$IRw`0)1qYQ9Wo#$%VfEK9onK>SJ|EB;lp}?ZlSB2DNsHFMtfbUP>?Le-U5)~ zfeVmn^tSt4Z@V08zi5bH0BdQ!3+FH7#7@mmmI{mTy(&-uO%G&8xIdA>n__@~)R>n{ zG1piwhidF`5mksGDdH{F^WxQyj_Jk&4pG>^h}%n!bXjH4>dngiRnex`&qAZW&vNCJ z-;a*HVHV+m%#70<)JZPOKr~;mH#aM@Mu)||$>@cfv1^1|85LOX{Ae6et+al19}8Ef&M!bd zo;aZ?l@d3XcT_4?#@VJ&EG0#8=$RMYgw-C2161XfLS~*ID6ye)p^^#q2kF?MZK+RI zqrN5!&gv*T2~=dXVxzeP^#PO;rvlJ{mCYe{V4G5<#=%l-lfgSIMPcLE0Co&1fh=RW zC4v(H=x`cEkG#;Tltjrxq~ZZzPSi^j-QhB7RL(p7_vUcFlFDxCjcmY`aPMK+jjdX5w4meELhXhId^};tVd{baE z)k-VxMmI(m=^S4|3hKD2t1}1&tk7aW#kLxN1TiRV7>kIGmY}%1Q&5IDoI_aPx$V1q zNqHr@>seJ8MH4WJ@SLyKSs7z$Xe=t7G8Yz28^&O)kH9#Bg*0y$hSA&S7HA!H z(K=cNqv(Ks3?*g>2uiq|$)8eH8|z<(ME(by(6XvD)ne+AGqIK=k69@T-?8wW)QF30 zKBD$^T7NXrfx3M(=(`sm>HBWTv5xxrYGD7AmTm{1YT(o468Khy$I3IvhMMrFs(Pxb z3c-f9ZQ8u5Gr`M%0nYGtOWd3|5v^CP1;2?L`|=XYUaW9)1sH#bB=Ao3&Z$l3@@3;W z)-@t-PtbA$y;=@nc&FRod-3_1C*C6-?Da(>(rC-h+jo~nBY>h{W~9*wV2w1T(TLG#B)aNUq0xHK z2>*;mhY4uo;|jiPyfvlbeuF?VRUtOytN-&%9QfDE$rXZ%WxR(26gXgvA220>Q?t@a z0tum#xRjM?2~`phKwq z0Vc;^VcBIbcSJo-mJ_9epXHf+a;wf5iff!cf$0|Pr%+*&O#kvwlTc4 z65ad=+9so6eqyY@hR;GaWcFI&^{&jSu@QOXOoJ}yo-UZPQ;;0!>wIMq7J(L(&w{p) z{VVN@zy>PVHY(Wm=u20tMHXLTFnkA`8UC_8fPadEf2>0nc*&g?g^kCCG>H!9eQxEx z_UPfSKe#jAg6wWIM4M}PMVB$t0wnQjUya6Yd?qQK5i+3IBSGeb3+=NINQdZSB&lzr z5R$J4U2tzLrRo z`X)=bxv_+CwFI7V5y0tMRln9rVUVOdDH6g?T7-xIl}U8#KLM_8`p0B$NE?qXPfd8V zdu!?=LFWJ+osVP`{J=jNVa`W_N9QA%glTXmOoJ*+g9^I;I7AH3`HJ{UT2W8_IIL!> zL4Z!stk*vQgW!KZrgO_g2I7*miKuqYh?MChqIH~kMV@@z-a*_}-9)y&ZQlHf9a1G~Q}ni*{@@ZhpWh z<+(XC1mUKK@LdNX#ZJZaS1C+~5OWw8QID{54|r-y*m$~!O#JNKyTe2q@4LgX-Wk}& zLz;-wV2(JvKO`f0e%$w-XDA0Sr;+LHl%o$U>&cCr#zc#eMeGGV#KSC2Krr*#EKO8H z{c4sb;Gq-OS(=jQElpP0CPV2aXO5etIRQAm%2%2py+B_0qSGL=#w*A`ML>I<6}P+B z#2T-lpGrT(Q1o}EQk^}% zTU4S|FHM=5O6x(T^-Za?-l()bdd3MtC5|v05S2=Y321tnl`Vaasx2Y(AllK@PD^pM_T(FL6tu^iVW=*+b?dg$^sU z14)-_j-rVP%^8MWbiwa|*l(4|ka&2I`maW=e#wc2*P#=vT7E0Z)F^(g&)%DjF8vq! zxDjknTG$S*M?e|+Z-AN|HAe~#FMPuh&IAV!@Lswj(mWthd5D!3x3-q#L9)7BgqyOd_+$rLGfwnI6xZPz~I?DCuFP5MR&Qj-UVTFy2-oMGQ*b{u9WKh-GtkC{~czxKVYIi-`y|TNC zzkA?}FbTRL`qUyy9bHVqBvfy9|b)rSYU4{3rXW(T? zCWpomNs^R3S7z?G_qOL2Tw7hrU8EY6I>!)s<(-G*VA*V2x z-h=M+O;`{CapnM9=TkN7VKTaCBYe?W<-i0ow1?Cy=jM>&+ApOIBjB_x?ZSKceHE57 zT^ZFBr@B{YidDTQ@Z87Dux=L+M$Jdm#yRSUK8L!{!e=JWfi5&9U^U8+KN-#c5@@8( zj+ZKIOp|%YmaZjXPK?mE=*A6b$$|3SQo64}3KE0}G9V2uus4$zvRjo=C_)3egdnw7 z!4Mc9ol*3mRsd2}3pXmFPp>r45jGOov0zsw$AXQ5^3A`jCr=cep96$o$XmwYh#bma z?$6m;&%g^Ltj=HV4|BOf(I1r);CeHIZ}IQBS;grO*bPSIJTl~PYVG?ogD+2V%q~u! z=Wc3~9JtZ@!~UwT8i)v-mjb)aN;KFeRBPUVT{JB|9?~H#@`QJyMnXoz`|$i;+JNHv zolESLvlhVxG{mk2Pm%o{Np_0;Ld`x7uBo2mbY*FUCPnnQZs{!JY65juHf?3*jb94; zV{{uht5pw}lmZi~nt=|b6N=~Bg}SK2o1r?Em~5fSmE+O2ccVI$hM^}(8sr8%B^zZS zGw?dWNyJb%L%k6FkE+8x=ge2hnMQ%TtX|+QTb;jbMuA(TWTJejz}c{u2;AXG4i&hk zB?%&MVed+sb?_5yR-?dqQ@~t=wN;e~;BdmzfAWpYV837kn)=}$5{Kdb`-ft<&yR?w z`(m5=2dg!bK74>SC0WpEgtKIhnGLl%vjM<}#fiWIax;SxZ|;AC<86dB*M(T&5(-FO z3$)3!s56Y~5X~v{h$#Bm55@k6BZmGpw~yE5Tjuk9)AHG^7*6_7WFEJj{BpN9e+w(3AtJdT zU(F1z2y2!0&QN42ixj8PbaOwk(iOnLtTq7dT@fAoGg?9U3Uo%Lu<6(v-UM>OMxMSW zNERd@AiuLjy8@N^S&Qhz=E4S z*R$z4dja~!2X0vkP-yePj2ibbB7I^}u#GS^!Tb2+V3+bFQdJ_zFUlC`2Rd?}2Qof~L)M4ON07^Azc{1MMhc>eRB zg8?rkPKkSzJYNnVyXLvt-Q>C4h8evA5-Kg+4YqHnWBVaOO0wPEtcjL&ErS$9(N*$I zTQWS%7BU8VKBP;dpPb$q@+*OEr%@Px+g$&FMR0-A*$?NkxEplr!KL?ax?Q>@qW1GuB8uNp{>FFm zMJ_A?BEw6o(Npdb``ZkXfp5$A{J1j#F4z3kKor0JpT-g;mU&ENlC|-w_o#Slh)UOd z)OeV$5l$D`d$DnAD%Z)dE70SqAa&evlAcx@QC*f8!~nhoheui(=FazF5(oiq5@jmU=;CnpQ@|5C7DuM`%v?QsNIP(cmes z;R#}|B=#dLI7CM`In~t#@k6j`K8n6OCL&Og>MK&xQ2=p!iPK#NOW31CR4c@Dg7x6< zsed$<>sP9Zlzp&|f9&7QT-lf;sD1pkBtgxUbxDHS#}_6Ed&`LOQB8o%Azoh;| zL_3iCXXL?zEaGJySXbJ*sI)a-8joJ`GZD8DHrkcgX(e=(y$K74{!>^82G>gnWFd|) ze{%aj;ql26_K3;vfXVwv^u{SMyw`zH>wtBaVV&{;gFhf-oex+Ny$={~;sYKjY}#Q` zOdoLk9)$<+^Pe2(Z@*awCV>v%;CJ7;==t~m#n0%73Z!Y}2+ZOeqf6c>=Kp%MZ$0Sr zDQlm%Mb2{xvRu<`Zy2&@{GZ`oVf-Vh3rVk(q`GyDloT_bWj(y^BT-aq?)jf7Ja9(y z4~)a06g9AU1Z)1|P7+k+|1C*SnO~hG zsLY?Q2`2MqSbGWHwalM%hsgX;bD1B4yy#pE#7-O-mrSJW5m}s`fu8a2_f7Wz)->ca zc%XmBH{D9EZp^F*we;69v>;J|XBIs)aV@-*( z_Ww@o*Fx;0=>A_nX<|RrRP2W!_WN^QsDj=FRZ2#gd4}H}^nZ-u^B)wFj3OV+xPUK= zC>b|Tz!{D&8#=(3$Al9E26v#?vv&25-B>g*DH$x0?n1K-xO}3ioHl;>$7T!+E4)!$ z*eb_DELd2`3@9eBG{vB_Qgq&;dmJ}2OvJ{q()Z7KHO&0Wc|Tnd=Lg2x>B6?dYZo#1Z77|sshWp407X+I8*ZZX-u4AZ_YH>wPLN^O2ul{dJ}s> zOm#r@>UBno3{kSM$VP8#)}iAogdh$5ZVIBl0%VUi$ec<~rYPRP11iv24wXXAl(k6% z7?(P~Vpqc}P?DBK&uNNPqW;{32gWAN_*2{!}`98sD=WO8oM06LT z|A0Dt$ncL}30EWSGrjEGpCp--$dzXRsQ3@ycx@=PzqJ|Nu7ya}10E`D{i9tPJbNqfJ zO~ucWGSHm}G3E^KxUEs{5V1$riUtuf6)QQQ36hvOheq}@1rVypfPWHG0k7(iBm?pC z5YJ!bCBO0jS*+qdjb1>BMoxzWpww8dP5P^F#sV!=^&^0UP!X>Z3loZcu)6I|9(YE6 zvx%M&_6^Mg=L*=_xz;7fugI+}p2L{jRCQ~%|NcYRFgsxHO8amN#Ub0#B`uHyuk#+2 zSEnxdO6*}Ie^u(C92vHUS%T_+xpYWYlpiY!1*>rJz9MPOBs!knRDvwn0Vn)N)_ERXTQFL zT##R<=L=X~7B1*jX=?-m=t<}2;K$vYQzqhUB)P?`^-4qarU(E&nx>&zF#~Em(VO@x zdb5hU8OEvZj)#A0I&?hLp(3=PCpMb#jJ_-608{FTM5lA=1U9_)6I8S^^xJZNCAFLn zm55w_{$jG6uPL9o)Ryy$eRF`WliSovfNaDrcT!376eTFpz8dmk?+s{;URjjDj|24; z=*U_#z+=hmfj^LauJaax?57B2xtn76KW(|>svFFV%No@U6etByU!4(@vW#0|mQt(T z65YKp6q;uJXZ2?EpI=j{siJ*>Vgux1A#UZ%#=BCB+%XPMjTNsxH~D=y%)zjfo0tiO zP1*FdBjkva8S5CTJdhOykiqJJO!FILImX0d-s%Fbe zhl)407M9yCuGh%`^KVe2wV*b1`@pLNagkiA zam9MqbuO01yQxp#S}5o@IzkJ{p|yhsYvTh{4o+|jE5eaZTCjvIS7a7%_=wEr+=4iI^Ewpb zf9{i86Cd}k3AC*a;QWW1DGZ83uqLj%5Squkui7q#QQi7C_awr?8Yen_okaV{^O!`- zS2{R<#Z?qV2W}JYlETvkL<^%^fyt)+k*%L8P{R|*fPaM!$ygeaWRxin6_7!!2R?w4 z6R;k-0VR6(0M9aRgEG~FVoSQ3OL52zxVFwy+6IvwYI?(D$Tm!#>8G&G_ zh0T{GW7ao+cP$cJ%oNj}A|k$3hkHcCX^*C>RT3@ukZ@$e4hR;WfoR;oYdJQ2P;;P1 zP9!D<*4S@%?y)a)&uWQ37?>E->Z5wPsv*2_fV4Bna8{fyXuVrd;`*qZmpX~I)^I5W zw8jr$xXD*ag&*;Icm_d@=3Wm8bhC&vi}g4F%rFst$f-ZIYg_TJ#^+nZ}w< znK)GA=<+E(-V&YkU0DyU;>+Uzu11~B0iSGw3Y9buO+wS})2gN*oY-M`DcxoogRme& zsTo|xj#|8dKgfNZwsShQ0y{G@!z_k|R->0-?;=<|qCBYq4DRUE8Acw^oVJJKPAVK8 z7XKYX1rC=gHF*JU+%a9^hCRVdwi=EAKaJXO-(+FCj7mAX02sAFc87dV#U3E(F}uT; ze;?g_zFf1RDd1Lc#SkZ~Nx!2G*$kX=x`TWFC84 zn>iWxxrM_(6LIE-NjMolzZ!16Un`D)BH=RZNnKFd6VaSC<{f;^*xG(rR_R zkafL(rn;73lb?7Z#h_>U#bq&E1ts=z32j*WFg#MAL+!?gRMs=QDKI2kWte zLEa|;X&T(y8(HH&;SbU$b+p#=lhpb4dVWzYyC}&t9~rZtKME|yGwwn;dK@q@QVNXu zh2^;u@Q&farjm3M53d}Jp7jNBuwjWPnT)|{?R2m?*d|jBHeeb$*odUl!N&+n&0Nsy zqg#Jr9cePuoRFo-=$;;Nu;FZ<#ABJ>Pc(zSQr1<=);VzRwVxa7^ld8oL$6o}HFx$4 z`j$-WrlP+t(=Q+i6Cs}~YtcF$8AqWR+)rCli=J^hlhV$=@Vt#K$4~BmRaVwQR(=vI zZb(NOM=53R`&=50F>)>m<-fw}1v*nW9V2=bv--~i=g4Q-`Cn7vpm~sbha50uUF^$A zj<)*Fn#34kS`Is5nOqv;!V_LNcawLDf!kz+Z3Bl{C`a^s+}5cVGkz0}Yza!AL{R$X z%)pBbrQ@o_^V?=K$?gA`ENp1`sZNUvCl%Up+#$ZM&TqCe3H1P+fpb-pV$%TY#*pw< zO`u!>XSA)jWf^18T+A3g^mawV-=Kn^jl>2aBYwwn%K)Jz76%KOQx>TPj9R(GhN6{( zbCO_8BDpCiK=yP+Cu6NpG{zjwpcTzcS0uxd)TRv8yil>5j(4@_ts0 zDeQJ$uKJ4p&#%KVw;hIp-%!>jmZzKL1KK+rv?~dX-a9hLLxZr5ZNXT*vw-8U(Wnb` z*+z1Zj;=n2{_($0G1CPJvi%Nxp5TAM5<)QIIy*0?vMg9dK$(krJ+6G`$90g%D)Lu( zaF9N?9@#NTuOmhAd~jnWRbUd%pH%E6>eg?e;%=>&enT&Q0HTV^u~m9!()L+n>>Ri& zdwVqRSe$69qC8tfSp^!ffQCp9C?>4GrM0akz85Vi_T32?`-rp&ipsj##rN6(sJ=I{ z(<6EW5G8g3Q8l5lPX*+2-+4q$59?0MTNZ56y-K}q9E`PV%Q{NZwbh@%YD5`LMhEa% z%5=S)z3#f}B7+)Df%znd^*Vh@eKp0iDfK>}2^K&tQ!p^iW3JvlqSBVD5i1dS*Zp!Cv<%TlWWY*r}3pFJ`Y-jV}bLyAM;|FGf(+x zB2O6s8a!uv+v?V~q5MyAR0$kVuM@z*)=UdZe3_=B{^~LnQTo)SRvbMd=SK65Q7^6FQ@p+)gqitqW&+QH(s1R%!fCF zjDBeYm+M7?7ebm?l^iLD2Fau|t97t}nQPlB9DUGVFD5}X4e9}h+o#?S%nbe%-$8~` zGQ&4}41rX|iZvp28NQ6=uLmvRA-aA+9tW8BSZ2`TdPN?{*!+^zM&eTvjMSGPY_Qxw z%MZIA#DR7y>uCTkl8D;GA9Z~^0BwXe)zjqz7Z_boqCtWoesG>}1r;U3VTJpHb@Klf z`PdhgS8j{8T-i7_sJ1o(1!B0(xd;}0o%r|}$fShUs!;xdsM!2@LTXl(1gW%jiUCCl zy+_t5jFxCy;|4cLtlQwWz*?m16r_qD5OV5@IM`Ld#a3NH<#@Lu>E80RyB-*}jucGJ zAncMYwTsL?HAfn3na~ys?VS#1?=&;*FmWlQVV1hu>eH&|i(s)cXA^mG&@bG5B$4QR5b^ zTR9aSp#C&kr!{AZ8r>r=&}@#BN-ew*V8gu}u27H#P_E{8qr0ZO=Hrg;{`~E_ z^KF{g_bZfOsQ z^^*y5{U{{y9O$mlTx+BAarW#E%pc*RAsz69L%gWC+?AvpIDmXfGviK_#xuv=dFDJ? zt;jvs?(A}!kMY-FfZ`5fu;grjqNWNDD8Ms^eNErceFq0+yp@I`pSX6LPn>dzV{$x` zWCg&n{z*LYpzHVzctCCFqZTDQRoF0cjRT-N(hD2fZ}%y^#7F^fY!jvJ+I}BWw1*Pw z4gFtmrP`z!8@m40B@9iVtR{AU-X#_+TQx}mrwA$QA&HL`DYY;AQd!M2dYMm|rzulc zxRjx)udeGWF42sv4b}hfDLF&w8$P9Apsw~Q^R2pX`IIgz^&OwGOjCN2lx|I_eb47v zp()k>b}2*s9?9D!#oO}+k@vh!E@F>Z>SSY0<7{Y{xg6b!E-KnE(Fi>gXb>)yrDZ0F$x_i zm85iQN}bRlPhAg3N?i{plKrd&|0$3_(1v_sqeuc&MK z#Q(l>qw=u1>z5`kziuWk{~yG=!j8bK9|v}lxcC+Iw50R|j!(Sq1#l5OZoF&G`8zOQ zsezf1*~OEHpQ>ew<~GBOXbb#|aAxrqFHF5&V6NJy1Izd)oU%Gkh55wc{HWj7HwC*g zLKUb6x4d(`Snk@u9zSgG!^IVBakP|IW9YQVgK+!&WJMLCMCDSvDRnx$+W$5^OWS7z z8(#!PunG$ZEwfrO#VtqykSW<&WM-h`ItRJN^4s~$@8y34Jd)a{DXfj@h50){s2$XfZo=`4wcVW;&0f3Tx+Tc80`^}XH9rN@-}M% z@SmU?XhG}knPM7wI(kTbmt)cGt(gm47RIlo(WbGjXb%x>yroQ#WHrOxmxS}GN_~&6 z>U$J?0;ATUKxHBREXY5axsV%LMrRfK9)0Uj{*lZD^bc0v)$s9O zV2**AgC5}If_SU^4k0G0OWpSn z(vC}rGgd%HsUUNpAS12KB8|v2wDyC9M24hkwe#ns<)1Sbuw|8&TK)IG?zHbO!1v>- z8`$?2bUr$ie;{)q=apc`&YcKWV0{m)&OZQHtMh+$G?u0%0^;ZQDfw{Jm`*rSJI^?> z9UJ4}#!+2?Bek5p8`6l=UtrdOAHnRA%!Nk!lN!lD*Pbwa{y$q4C8;7{`Y~=Xa|U^S zmNxqb_yKFJsR8o64)U>e$Q!&6_oVI10j|;liBI$As>@0LhcXw;$9IwbebG>+$Y}*= z_hERKc0cGjax{{p=?|{XKZv}m^A9;RLCMenBRxZWxH5o=1ze zEfFwKK7Wol_XxNH8NMbNq@Fe?QJTl5IH41v;HDQWoSPY@j+7c15yUmBbGOdnIu!!# zsel0sh3hNBr}NvSGG>5?H_OnDU@rit1{TlncJcg5QXSqM9&gqaG`cN%&v_(B-}EN* zwU&)J{D}@em@5O`UptM$vOMeLKcV-)V&o4<-GpR7QZta;94VC+^P~Gdkn##^E$C%Q zk8M&Pm979#>VYS4aH*@6?vi$V#&^W))u2t|F*4g`jEihO;LbBto8NX>0S;!p!Voey z+emM6Kg*`1$U^>6OtF4t6(!hveWUW}&I@K_2N&1irxn{J+J`8I^z8}lsZyuAdUY&+ zCtH`CY61t63m3w6^6!~Ib1o8b} z!9yIE7926<2@20oZVqcFgt6R<(OmYTQH0DL+0u`ZW*WFycNi6cHrLi9;J3u9wIsiw zPFesgOx|I!@9fOr;Xw*4rW(R-OjvL;k3dlOftFzoJ$h!Il^UX7 zzp*X>{c;p_vAL`h$Fk;cLd5Ta{7sqR3uY_zg>@KDiSwXqGgy*^;+iTiZZF2Ow%o&T z^K$D@DSy2-zwWE9#~}mDELb=vErCCW@HXj^i1anFrR}SzaCLO+`J;k#1;G2!)dEQ8rCHoT`k7f*v>|k3NMcT z0+B|cv&}X3d%PynX@}0pck4t|=>jx7(N)(0d)XABN0w-p*Bn{RQA6KRiR}Zv@WX%P zA}pV~a6jpbQr51n1Wc5;bW8s|xG8fhCJ}@0Rya@!12j{B_BzbiKy|E~?#B!ZCAAM! zSs6vo1auL6qX3W5sJXC1!{C9k<M(|qBuPx%vU|hu@TU4ki^gJ$Y zrs{%cBb7S7yz=_uEexueDtFDnt>w{Ejsw6wEHepfMTn0@bo1>C5?N_d(0e5lD$~yA z7|hA7qEAajac$0Yd`9zdY#63E z=$}v{lc0#8b!o5r4Espy1OoRO$_>9ta!CVCTuDea6@Sx`NRNN)gxB>5YDCdi+Q%4i z8OS<=U;eJLJ_L*U?a){+wW8HwGK9;t1VGAZpPiU+q^Ocmn zgS&KST{@Eo@eb z2VqK#tVhu;TWs4eO+>A*}(1sp`6prGTO042`iO5k%22Io35Ci!zW}rB#SBE&u{E5c%dQA;i5T3*cx=OrJ zY3iU`#6cfwrcV(Y819BDM9ymbD&kw_7vj@7N>Af0(N9)Mz_iN?RRUvN!j(XYTBx+Cie*g;>X@uMPtnh7ezn)xQirw)iAn+gGp(XU5P5FlSreG6D zyA{B%-`doU&cKV5-A5Xxfv!=Dl0zYb{%SR}HIG-Tiq`j_f zZv05K?L2{qsin28McT%}Vjc%kic40*aSc6UH!XdaA@ zh3u-W?9ZxweBNU+gCEopz$ZO!g}wof4iEZsg^fPDro)3X(ShE|Cy@@|J7yyw0c{_$ zs3*(wFX1a*Si-$+TcXWJnl=;NDyN2RXmvDG1|4e?#0%=u_nb(7*)t;jWhNs1Wp(~9 zPa=^ZEN4Qgd!FWCTxT-_xkSD)*A{kqhT7Pod}dw*#x|rOW>+YBhDcUG{e42}FPs}v z|H!{t3U}-ofp^SA;2o>;JN`xjy8%VXBqN?u*o6WacrDVK3CMl0Z+sh-AU3>C!wC#(wZuA%A=Jj+>%PO#NICD5 z`5M@xCF2^a|ke5ca`hXLyQ01r z5Nm8n5_g!N_p{sKQV+w(LIRaxQ=zZ9<%o-bNqw4u7W}P@-WF^oJzx4 zw`j%3ByFZvYkaxxg&ZiOAC)VaLQqJpqKuU=U3o(vyP!(2P* za>cshdv1{Z1KA5++@*o;5-KlJUx007Y75e^ALvj=)sH3_+*HJ-DE~kPLo>yDDRi=L zys5F%>!l#2cn^3^Cyl@_@sIgrtGkB%ubVz zx)De0b5<^Dah!|tES4!eJK{{AP?4#V`XUN^taX{MV&f;z%+-mRKx8RHi4mPn?O ztIpceEOjPV%3lz~!yINc2O%EEJun4(&pVBp1YacfTQ}no#_}~{HI~0ye-hO!(Ik3N*ONWi019iu19;)DtAYY0?Jjos~{%N78GM zbllG9oa0dqLn_5%n%Y8RdO5RV;ul5kuPw!%taUD8F$WhV;^EroDAMb2OGA#a+I>P>k9#7Y=EO^ylgpI4>k$^Ixt*iiIl@N8M<|2h=1p}Zz28j4h-~t|UHU1{R z#Us3)gB$n=Ap&c3Z!OoGX(F>q3k+G?EKi!UIiakeiQtDxxM3n|>5UuCW^n|J+zSUy zy0OOtFOTh=2+KH3YeL)Lv0V<=qs11q6}M(fZPxgBf3!sYu$mMZNbZP^pmaT4G))tA zOe$(t`qd4khZ{tz%7Zz#--ndz!!sp!=x5Kve|27N)&#<8{x3g#nOIC3lB zX?i1-K`khudd$TjZ;Ou*&-vY8?Mi%9*1CC;MjGr6WL7VVVa*E_im=4T3c2e7H5J^M z1vjNfMsaUjfUpEzaC>b418l7YY~8EWhSlptn|X+>;>5-)6kMQ6lnhv;`ORdwLWkLK z>a3MU|2yD78)9+w7e*HL_Tv0~GK1qtusFi8d_-2F@m@K6Imiy&BNtAnddPGJ&aOE3 z4n!GF0M#}@Syf4pyFEz`a|g*DHbP<8Y60Q%mfC#SA$h~FhA2LhqXBzwVXmxo&Xt!O zeyG~!WiHZql2&(=1%RI4!H?y|^UV8y?)~COM~J^DjFf)=FAxK{Yl4nB*~P9ki=kWEF6W~n&;bWdcD5YN>4cr#(e@!n~~bbdFo=%40W_8 zReQ>!4kXW1M^M7IqYVARWf4QkH)1Bn$r_4fUh42CL%~NZKS!Rk@pT#+r+K-YvwZPf zCvnM!xEVgPZ%B_9(ZP{|<=4zD-G-Q*(ud~qvB#yMCs~Xb4#&bRu8b4YVuL;lZ?B>z!#St-{F4UKD3o_wWq@43Kw%Cz zRs_3Gp`3~=@iO5hLF5YdF{eqESHT^W)Yz^yB0Fn6H&yF)v?>`S;;Zn=+-MzIe5_Ta zG&?ML1I^59!kq3Dju9&i%orb71t6o-z#z&>HEQ7ubSo^ZtfL+ar6ZRe0a4ZwaPSDt zi?2dEd_pU(I@^MfP-jbUC8iuBT8%HI4%V17$?y{xuG-8;@MJAS=&F2-G|Ay=17m;< zXzj4k64$yCijuPP>4uWh|8uTJA^yxfJ(u}%u8GR*7rR$EWWZR>R)2eWC@~$b3T;^o zE7e*C33n!f@&_IZ_bn~&uB&Xb!oI5%B_3MnGp^r^KH9ubxHQkQ1|ogNX9;Bf-gk#B zIM3BOGkso*EW0c7hbA?qW&UHSTBm7wgCO?jJ9te*RSq8TmK)Mluj2$Cr}9l573V{8 zg+4_Cz-gSy$LG@^!&%^;T;&kY2>o0joTK^Knf9D@M_b`E>jr+6upEe9uW!wTdQgKH z*Z~7po%Sy4V*LgQ+NM!6X#*H3AZL__v?rQrfvZ*p`zZHXFW7f=hut|#X!sZWF}R|} z}I5LU6N|~~P3rK5v_;>FNd&1cSiGTJ7-jRB|PV*m`%}Z#!VcI!MH1f7C z6lP-Q1k4H=(D6s`2V|Q7Y9^6{B*)lE49~^z?4efg5YeKN=Op|^$dp({;~>}stnP8l z7+NLB9M(i#8Z|jb-1wQmPOXQoRQ!qBGcfH59!S;sPUZv0R4B^#kWJ`gc?VgHom0Y% zl+>SeX^c6#gfEzJB0uKwnnC<2+U*25=755vjkVBVZGee1{D^@asYe5*e3l>dltU^6 zcp-2_h+JC>>A}mijX{_M{p+n5dn~#SrKVxa!E&mLXOZ@A?f{ZWe3A3!q#FJiX;fbX z8;iN4PyA+T=jLo!ZVM^_3W6d)^k&gq^~`uqMnSku4rN&)+1G-{gE5p?Dn$>E617CI zBnfi3?Jm;Tq*?C#02ezF7eqyL zoIIn@&iIFQ)qYdj<3%OJa2-CG43dV@=*9CFENsgR|3CKL20pH$>K{*O3n>&fya)wR z0<=&-phb{ETiHri7ilE|h4LoF@=}nOf)oN6OxY}Lx=pD9T9HTlJR%lFhz~_Wpve|X z6SPWzq5%soSYa+!2~aRXA;0hUoSC`z?rzc+)ZgFV=ikq#n|o)@oH=vm%$YND&di$*u&KAswt@tMKU%ti7=c)8XmU5a((kRHV`< zf|ZBAH^=iAE4we8_lO-TvG!i?Dz-y|szh+=(1^D8B$pKuB*&^FM1mj*?sZk5L^LSY zO8z&B$n+;RJ-ted!vgTW!0R|m=u}5dDWTLiBr3LVXj>w>tVCeQ>u~*4GTz2;{e(M* z8mAe%{(uH$hw}^5O_w-I=Ey;2y%x&ClK4%i`U7M`Y&&<&k z)f$wQ0T60yTtBCq17M`ozFXP-fNEyuPS|bbi}*^J zm9lC9=qr@Oe!y-K$`xakwk=LQmW4gJFH|)?f$iVM8wuiDqMe{o-<$lxG>lny>%pX3 zpW1lnDSG#S!4@VeHs$s`z&zRaFs1t*ooHugQ9I{pJ3B!U)zTRL_4^(gnfT}kZzWDIg`E4HV&u{bag4DzRM86H98@?pW-YQRBB*Xy*Y3Mcn1NS}|WiOU) zH8vcA`|#tL0iQt9?~8&zHiiVz6DY%N1wy)bo2!dT0>myvQL?g3Y$jt5P1=@}HzbO4-=dT0qi>^wou(ezTymGm9L8|pb3ZWVcZj_+i$0o7| zfOno|^&f=|EZ^gy*dCi`c-5_rW@W zs}|!so$Z$;vezgzOwf;GUl1nXNmdHU8ZTTk<%N6;7 z%N%x!U8h|VLOP<3j3((qlEc{|;$CO&$WEp2l`)pSkB4QVa1%PsZjMy;ww*-Rh+VZN zI00>pkiD?D2Oj1=8H%~KSPHYHOCztT)r_>gqgooGfq`$&IQgV4(m2Y)+0|fdp>;bD zA|aTj3yYy}{D@O`^ZEcCw z^haQ2aq<^!-|p-YIe{zY9M=<6tbK5I|J(HDH+dA#Pb9wwk--IMJe%yMheti-stut( zcGNu~E?e?j$(>M-d|3Tk+{=3jonT-aL=u!yMdXWA1m5E+f(bDd!GsU2BF;awyo$JU zN=!v?-v}xKN8ih;h)0T5MBeOh(g#ryL=;mItFYh{6&6! zVp>^3_0yPGu{plj`*=bzD2u|N=|ogvMoqQ7d?ns=Tn(fw91mq~AJD?<6MPsNw@Rh4 z*hS7-!Id`Mjrrd)ah0c{LWU6(HJ2)x>5XWIO(HR6x$JFX z^Q%}11`KKE;Gsf4oGn{ca=XyLoGsY9Z_rHcpB(@M0~f%tD;0XNbGM)X6um95D!zZm z^V%Xo!ayB){{jTFmKu8IGndI*M?Kk7RYJ{{9)%U)iT7_-{8g`F{yKd@ourUF?#fI&1rSvP&kmkx-91WUa2%B}1_V$9~fZ?Pjkvyz2Z=tA8<6b+q7w-}8Ts zjuhJ0CG*);Ozd|)BPR3h7#2~oNbX0|`jKj8#EM}}Z8hze@r2gHFR%qF@IxqBZV}md zRO(Ay&ZXgl7%{N;%IZg(?vMM0`efasj!fB) zD#?1<6UfPRY@Ra)mvM4-$=>i6R>J%J5{r&QK8o>bKYUdfFD-JbAL+Nm$d!JJc-9Gx zJl9?z=Pq%0!I_i3>TePUB~^GpLU>W+THLw$+r*+>03I^PXX4IHWb$UDkW0HrNy{h6 ze}?(p4ztfEvn2mP$>K5y#0$3_0lQ);khGJ7dgvN1`y2#Tw|F4SDHHkefo7eJ+(-$+6c(*fhef@rFI0vz3_~3h=!97%U-^ZOg`PgUINBg+c0~z zd2OQ1k=-bOLQqoNJ%`sJJed!T7H zOw;|CSU!xVyXTz`py?X+8c@>>J!T6uT|~cCH`d|HHyei}ny|3J*7-(SneEm1*-ZR~ z1l?fo1o0b$Hjk{(Lq~FP%FMcr>6Nbxg)J_ZrqHih1%(Sg6oWnoisJYfa1qkRALpiS zgzGiU(5UIalh(hjcS9#9U7lr@!@6t(x8rh>EW`dp6 z_*|8nigi$`%U@1bDFN@Hn>x~e(q4XZh}ZpaW>ZIsdIWe10XM+kVwbzP-)0EAmv9~U zTYM1^18&%)%HRqMl}ip0t_@1ua=IkNg8PM|xf6zXrVU|-Z;3M>C3%j3B^%R20+OQN zWhC>EISsMsyQEjXgfJ{+leSIr;L_i{@%QxTe>y$$DGNlZV@_;DnU|H1YA+wUO5|*S zPNsL%hG9r2?*Z#glN;)!;oKygbtRbqS+Bq#lO20o1i%#mCrRB*Y;k_4V=@F6VoON24NQodMwB1U`{2-XH|;UseabWdq9U0jl5s$=Lh9 ziSLHZ;oIwPZ-w|iwpo0KY!2U#heqi8&DS485ki5 zaVI%PO}h2{Cr`s)WPbE;cAsc4+WUtw7t+xN$05M}$I0l%!(1DJ~Gt>mw^(6+MbR$JM9lFkjl+G?qkQRpYk3H#W|-x$n~?sKo0?f7}jt5`*-=3-W4 z8hJUC;Nk+eLYbQn1hp~;VzH4PE$Nxs(ct{<#KNz4XUKhLg>wI0fWny$nk=I4MSnrx zw=V@`I7JuGp9Nsuo8{Z@am>0F3r~+bA>CY8z>LkpX8WJ}Q!SUX7;jd;5ZX!UEr4FK z2AC!CauJ9MEast7^D2TdQK(>6GRw8#9*63Xv9v@urx4W$`P)&y7}@+M1xG`e znU1JEckwNygC~^q9$fj3IA1%5Ab!t%x;H&eAT(65N|2=r_)HQ7D%e*MjH<_9(a|F9 zs008MLRG0k6uTe)MeDeDFCBl8!EqwWD3~lmxzGQ7>a@l|8oe1!Nie_>vo$l3Nhp4E?>O%XD9@JR(NH*KwX^<$frwLPdTTu=2UYYo8d z^=~plANouPyOJyOehB+92~#i3I6k6?*|`-Du#}PB2^lSl;q8Xe;7Ga@MfBc0f5o{R z?&>rj+lP(w2HD|)+cTCp^t#4jT4|^G#9CD9@a`t5VzY(gFdSl7{JZ}5?G=Lx7obj- z(|2{6Mh^l~2Q%{CET5Y!g z*vn^xzG~MWfG?m*GCQKvp@DsTxfn8sM94B6!yFS$j&cF96&4~DVs}q_k_5Wr`Scm81Q#?@C92MOrDMLxU+jzqVw*Pq4-EDbrDX3=^T|Z zIY}^Iy;bPUi=uGaLMh8yPb5|oP*~MurJdmz(Tk)i(Kr^NCM6|FzE-X0wuJW>77&!Y z+4j&u?7_V2HV&7QM%<#oG>D<6LrR4&wG3^>+?oB1wwbS-YCb8i zGLZ7-{G+W5=sav=M8Pk*PUUc=Av3E}?gR5$TgV272AWD!#cPvm~Q=@136#out*`&gMpBh z=8}k&zAc;AD|m(MTLnt$N>x&NIu0ZJQxn*rKd|TgenQxC|i$Dcr z08|Y5s39Sm|7?I2G~84b*NkW!F7hwf!Dx|RbjYl#U((z1c=YkWURj@u&CZapq7M4)e>{# z-oR)z1GM9uC1#V9K}$uDT7U7VwOlvuFMYZMDipRuYDusJqgLn$fAo^%BZxrB?#bm=J7@c7x$6^1`Ay|wd^s%&YsF{*-SANr||>&obT z3N`WdkSmKy@DCs?!5|c8ixp_iy%GBW|9!=7DB38{k z$Do=E!fJLZqV+rDk)I0lckrtUw1stJbu{$TfY~>MNjMm}!n#`8{0&@V9lVF}V)V5P!VFGiXF5J)YHPq2DncRcp`lOM`Rtfu{>Z`o~hMu|5;WS!I59kmZU3&T-0p zPvV>t;vAC5o)+&;wc}-2)kr)XwE4$ewPItm*0`qp8g_TEvn!uVLX&W(mFp!Nwhn>( zZz*iw&q-wK{X1h+k#I$r08`=9{=fv*8~JSnBl!>Q0xmXm+U~8P$*)}Of_m+iPYhsD z&}}|tbL{+eh9malk{;3r?EJ1lS8x)vI|%0IR=eC`iP8%H$fciDIHw!-qh+slnXjW2 zKssb>AT&h-(jC(|L#b0dqCNwO;UXnQ31EZp)L)8)d_wK zzS@q@-+c5fT&K_DeZ7t8WUvpi`K;x2{ni&la%B`lmgO7O%8iS z>XkMZY3wUim~C?!dP3SECpzbQj(fXiZ>C(;@eP&UrO=qF8B~GLLH%oZ|KheS-StT#pP)!mnomwP~+`Y?zcC>rgYf+u6 zh*paEv80!2(Z11&_S^D`&hQoexl3nmxr*CN>aU^)K!<`-&F2ibU$R?XRMX!-^)>qc;-^ zKg$#usL|;VTXxw`Ajf`gsw4G?%u3z@>VF{Qc(6{zZDO7^G+l*X3>ed13);kac63;$ zAZmZuc09fxgwp;CFSBvO3TFlIWsG@LNXOV~nzKre`BmGhO2*b9+#t3z6odxdd(%Ns z*ay3MI1sh6ur0Uu1P*3q;kX@Ac_g5%oWujWd&NGP$hkAoG!?%VZKjYI5J@rmZKCMW zkc!~C5ZT0DL2u_p5rV>Y9}sce z6I_z^C7PCO6iRH@mYtspapmT0l86xm&>%+Nv~Pz(=C7;i+|ye=TT*M|c&Y^b} zF7cIms(xzk>WTwOQuZ%NsYR3&Zq%TtXdW&Bq7^W=Zlg-CE(w5HCtMTEvAM8^5>1g@ zE*nj7vdu-|SngoS#V&(ju7E^F%MOuT+v%)os3ZWoczl6K*g>+2>;>r%?4Loja;c5b zAShGFm_%aUjUsK_=^XOdEbS&16W%}_PBp75#ss|hTd+lw#|EdCOFkmdFSQgQ`DAcF zIp`w;^+^{&9~Dq9l~nnu;Kg#uM+d(umpm?bpj`4Xfo=&ERXHihmV^FGaCy1p;{%%X zB?L|mlI4<9-sKcy>}LbJ#wg-9x@cwZkjB);Af@+n#$|Ops)fk1_FmYn{(>6ouNzaw z{=}ZQi}@%xQxwZlpumBqRi{yf!OqkhSU8IZAJ^Y+EeE$0_1od zvcWnKYcrhluj?}JqWIi8+)>r{^~9oR1u(23_iOwr1m4t8pVgG1*Nj;PccfA(;~lP9 zA;Ws{xE6|~QvtM(Lp5PQMjqw!fRlA{`)X%qyv&9;bdU1|-&{mM1`C_(Zes|gTu_yV zldKwDoKJ_}X6JJy;Mnzi<~qwh^GO~%l4JA{{JbP7JqxDcrEUyAor_t7U%fNm#~W)d z;wMkbuGIJzz~K|j<{AO?es&%kCbk4oAA$%)@O~!#hx_-sgq$2(KlVZ`_ljDUeNb3p zm?(Z_KEF~_G!}(EzGd!)0vlpO$T-K~6SI?{t)^gN>B#b~E;i5Ha<_C)M6it$?A@qn zRF-wB_|`SL{uUu`S}_hdTm($ztz z8?&_v*$v1VJ}OFcHtNk~XCo!kS=}fP!m8cwppPj#hM<`h{DaXrk*&;WqBxuEBmHr| z$3!YE&8(32CU|K|Mc8DxbTm06b)NJ^s4*rs^oO z&Cx#;zItZf06?^&SK@u%*(3pO1v@fCQ^-88!yB6n6hUqmVO1%H5`u%A3Sp<4aRr zQZ79%^Y{?la}NIMmW&&(b2rozi5-9LaJzCs`g=I^9%^JK59~)<@jTS_3sA!r+WF>w z9VR*7TuYc#yxaWkQIO^(VScd(?Az7IuMP9ddBBc`NCc-U3^*l$C*t2g8_IdZGWZf{ zFfznh&Kq_=VJbqHa^A2%5M~`FJ<9=j!*n>wCUp(^LuWp`K2#C&hK-PpWcrqS$=<7^ zw?hj0UF#b2xhl8ie@aLQykt+i8Zxq(i@;P+i9K1aKOqjWbhO;33 zj%IgP1((X{R`2e*kyY?YD_g|??yghfIIGN~J830$`_;R<4kpfrhk2YsK9sv_-C$t* zzvJ#Y4^>+(!aRt&yFO=girrm@OF9;`b`#VtRJPRJ)w7MO5bmy-J6iT?mw9*BuK^@; zWpH|>=W(&SYxim>hodzgJNrrR&f@Y?r6T6eI!2SNJ4^j2SWAfm3+e!hegl5XIIkXo zsupTwoauP+&Z}x^kLZQ1ab8_KJSJF&JLlDtgB*KAs;f*=00sXH3|p%vpbRB{hM7_A z8e3bHZX4%(NPAY=81J!Yk^qb6BD-Js3Un^UyEEPPJ?GARVh2(n6_)jewF3q7!8o{t zJ_&YMX!sHuc+y{9sjKBbP2v-hX?`t+$7(f`qz?bGZWfr!x3i?a;%JkCvF3ctI&5ZTv3_ksYRl zSuRB_>0qQFj3pt3%>xY*-BSo?j9PIf2_41Ni3dwUJZen-kOMUewu) zPZs4;_eR}wE$^cVs7pvnx2K}Ttu+=%(IZGqA^Uz=w?LV5W;&;ZA1i?Mnz!RmWjZfB_ePq zXk40`vn-doGb#cPVi8kL1U|Oiz#{P8wgZU346cl5KNX2UTGH((Z8${4N|Yjvr-3}^ zhwC6>2O}V$VOz^knV=rQHO3fOMKa?BYVEsj{FU{iNBq59dFTuZ4zcE?HOu^HxK+?aM#DC7Krir@5OD6QdbHl1A1K|wpbL01;zv8OM{?

zUIGEX2RVz z0HL>&vm^7}v8;>dcdnd|hsG>P!4`#3l*sNOxpPoxT0zeIn0H=*39}Sv?f4N$v)hZ{ zLZdV(Ezz|SqZRIWZNyzQ!6hUnzW1_luI#;V!$tRA6oqcTbjaQd8=IT9uKfN>0R^M` zFY8{zW=-+_3&^+oB8NV~rSb}L-mLr+1;&!h2>FJTG*(j>wQ%^M*b(6R-SCiZn11wV zZmD5qo-(;H<~#4cgExX<2dOeh#*kE-S3gk>Nws<7z$lVaV@Mo{emCwYj2b>fxUCPf0&ixIzl?K zUn3Iy%S{8D<@kl&lT6jS&BVs+bXKTnO(!HGCmWWsCt1rZ?x5T3J=gGEXft(x+=y+* zk$}j_uiY*8lBDr5nGIE5er&&ueaf6iKSj|IRE3|rp^L3_VKs0GKqYbeJj#e=1kujZ zy*k*Xe|upgZ@mXOeF3ynF{4hZD`FH!py-j1OC70t6oiI@H63Tm&;BwXTekT%*#aUi z1`&2`hIYsI>nAbmUxpN|DYLuBOC%;A9k?|fMuTUAhl40O6 zD~`h0yk&>4U#HPGivB5>hvwqJO+9YZMkVVxKo$>7j^A8O+B~ve#%F9_J|>oSd~yW3 z@!5TS5ua71eBe22bTA;Ruj?eMRYN`hhb@*` zLXAIajwu6QI{pC(+&g+55ce;Pp}wHcT}%@f>BE&4=3TW^+EwN;jns~|#+bKew|$+0 z-vbD2o^ZcEZ(Db=CBTpIwL zC}F=p3}4BcZ^Ts~%yuSo>v{$+X@p0=zG*$@}q-)HBi?|7~31!hC{G6jm(`4^Ys`2fm zvWM4B+Rb=Jp@64Oq(AT}i(z{ES6*_sZRk>3Xa|hVr^ioinV)(fk+IusJ&1wNC%%ar z#U5CYdSDsWKwOCj_u`i*B+L*&d0*9b0WG$T4(fzaipy;T@+O5ucevP(9*zBor(7x| zMq#clNud`Wy&&Ngg$D(z5Yq)!wRtk8N*NFBwSRIvN;kS=lF9ZAdoLx!iAxh z3t!tZ63#0j;j)sH*(E7)z8o1PsyeaI20XB#ADxF{cKU+ya2w*Bp?3Fty``!Sx2D_EyM6L9&!3MqHsAP z3Kt_OQ@0!@7F*d;Z6Oxb;vpJQh(ZkX06vWn&fCT)PxfqCH>EHjfU2bzOeB&EdM{_6Of}JpblHxE9htHfm5wW1Fp5pVW(B+u# z-Te&G+$0?h-P&|{?y}FLk>1&nT19-OC8O6MfVL#kTVOP`V0U5~@&FE9WA|@}Qg;S* zawbE?Flgb~`k>mu>kSCBh$F@I;&bU4;O_$d5d_exD7WAUs=`N6F5V#N0MXsXIEeZ2 zE6C=|uJKwLZ4CS|dB&@H5lue3-wTG<^^`6F-Z#gI)x9Sj0# zLgbzT7$UGlR$=52NA#wGYQ+OnV-6ZJ%~0Aj#>5=(7Q|CAa)&R>=eENzWM=ACfg>`E zG>C}WLuBM(*%*-yQI5t)0+cm~AbNg1nAtE!#2Z+N812LDZf#uobBZ;ECOPe7Nh)PrE@p_=t17Za}p(y%a#=Se%$YfjtKusmp z=hCPEkn-WT$cFq>kgFemzS@y&v0+EWHl1%zq0a(>#xBi zuM_RIa|4FIB&#d$4!niC{|hxw9guDlgKw4oTqoZUYw~4<#HN-q!a4UGuh61?Pu;Bz zMC?JDoVr_!p2S5w>vOnJHgf9j#g}9(fZcO?%&K^&{9|S9!xpOAKk;f7XL#SrJL${b!D(%x0W= zkUt?jEhkvd-=K=XO22nwtdSk$h=LgJ07*)^b(r&0{=fr*d+KSzKvqp~a=TRo=XTnhl?+oQHgcp7`j3P0`MUyNljpPK=6Le|kFjmb^ z>UKZ52%jzq4+By+!S!G`>pEFCH_ZOJDB;-Fu1CNn+ZMy_cB0r+PJeXSWF3k(;w{u4vo+5KF#PLv#0u=? zf;Xxos?glypC}3v#`^we7I;yXZN{pB6Ot42hR5pMU~Gl z4~g+B4_Y7#!aLYPgll+DRWj#CPI;jj%-ED|FF2hjE6la)-_eUm)oue8$VTvkfy%CY z*beFOWy*F3UmmFJe?Mr;_Wh}}-a@c%tZc&<*=lJSY4&A*>B{=3qFgc!`5h6tUGn=5 zCekhwJmL^4PnLzRBfv55Ugre_nOc|;YS_AQn@iTn77@64xhu(0^C!gQ({b4_-KDB& z?W^XR;0xCvircou47!IQ-PZ3Xb~n3;G*k%+>^r$ivE?S}pxloa$8YF)EQ)|?q+T^O zyMb{Yd8!8X*YvRysh29JAuPO4x#1l5Dv?V+-`+~c882xsWw{szNuAUZ>9*fLXM6D& zmtWA9+x*Mi1ps@x{Cq6`0vB}kj~6ZerLp|m?b$5ztjn*D<^R}~f5_#}h~+PG`QLH* z$yol?F8?~0UmeT;s>?sa=KHuTd%e}RZt7e1oG1m1Kg1F4AZydQeDTzm0g#(a3SjnB zRwfgGy=M(Y#BJX?+~KVW@fOSj(z~U24*bd(P${zalu&=BOrW7(z1v+H%{ua`%@j_i&`#{jqX>1YBFL950l0^<5h)H}^ctx8ur{J26u3 zxL7$q;sz+@de|WwOFRZ0t+kf)~7WV#fun(g%T|4f_vq~NN@n!dE&uhz- z%S6gu8!P8yI*%(??!-vB<6`Ch?qWf=D_4#-zN3=^);@dpNaXyA^@Y*&kdJ0KAI8U2 z^m@||)qnd7K!L_G@B}NehidL{3G-=3XyS}-xkO$ZPq2KLQl%-?9+ON_fGPZ!FIBBD z&ENAWqcx@He_YD^ysxh22QE=QPtNM@_9;m%IO8WiC2djN>r=+r>hAL?HMZ2xe9Cl9 znH{Fg(3HXh9%h!NEPc?Y%+{2uCw)q-rsV(ZQs&qDhRk@`C(ieY$v1prr%#MPF7}Bv zuX)HNNR(r>S-a(mj|SG$BH=&zERK>f`;$pY!kr_`)x?T1KC!u6Vv9}esPD!Th8Lm@ zWW8heF5|+pM#mp|rC4}6>M1h(C-sKM2SKbqKFH@05twTK{7{K_bkygWi+>j3n8upz=3reJ}M z!^n1-p4}Hn+lO)XZtHPo@GfMy>y`~dBo^kG+UcFO)wm4et8^#M#T(9$^$PrH#r(Gy1c7laK;c$oF+SL}Gq+u0=~w88V4ozh zpwm5C*?|FTWPp>i*uiT|-J8kxabxeMgHea9s&J$vli!pv+azw95=}GPCK|3}0>u&bS84H@|N%Lx6Hgv@q3TZ#a-rweeE>$4b@OQngYl)+}l!h(k+p zbL)iyJ?vjBM)F--p1R4@H5Zqo*4ElYWSUiUR2;E;*=(M@7AH7*!9i_fU9*|D4~jTZ zuGI1<=fz?MePglpXib0pt4q|#_?qm-%l~qB#8na*U)b@9j;{+H{7q5#$oN9l{g1CY z7WxkyUjy?qdQCCdWq04j<65F&&f-2f_4!xXkGd;qZQY)5n6$XhHRvepM_b8qsvmAD zPT4ba+NnsBMD<6qA9-n?4=Ve+e&ZN>1%#Q0%Dm{T7BwK(Z?Ld=r$(YX^DvWlR?*FO zNT45HtS>I#m_A!sk)`s6ayI7pHSQDu$*)3oH#n=U!fh!dW7#v1-4$kcnW3@lS;19` z795^q^s=#A?|t8DjVONW^dwxj!hIzM=PHW8bt&BOF}PW7Ym3{8S7_y(rtj%@^!x)F zJl*#F5t5n8VE_~JMLAUy>|rr>B&Xwv zx+agch+87?xi*qcbtEt``#vfv$uj<-F-~4=x5YGOvtp#G=4kk$d(96YQ91Tm5>WOnkoCwGOjRk$Wrj=Tr~GA9jVz0Ajop(~sHBf3ZQDq;pxw zpNr`)Av0tquo~OakFe3G!IgCWl%oD>=nhFJ(?ukqsEcMukHAkXUG%alu>!iN09e~a z1)*vIQ2Q>*)K0;5bQgrRvBM$)!44~`jU5)Rt#*Lg_I9;Nm9}1}kC7XdNs)ey>bolR zPp|qP)p@1$JxlZl=^im3BKx$o+P_bZ|RP>BOOHaO12rnU|m zZz0L4gxm5X2PJ-v3kx3sQhe?KP`M$aGtVP0}oB$)lJ@i zhj$+o5}Zn++xll3?$&gqNthV2n~@D8C4aue0N;Ebky2f(EFc6lwG_`wB_|_3&FiK7 zkWphKW=$NTONFRqXwWj42?BMh*0M~9B?3-Rq-HRxic*B2Vtz&fHx@!BvhuVZPyE&@ z;6XL-3g0)8l~Zn-fV;vEMN~@&F<27Pk^tFk^EXQ@{|%L5YKa`4ldno!*+8d_Pc2C_ z+@o!UT5$n--4X)ZnQn9;u$}WOLC6-fYd(PIN7!}ZFg7H{uKB{Q#bDQB$F5NVm0E1s zHNTi$!3iAhqW?BS=;oWU8HnHsT4!vr=SinVa>r8`$sJE&7ILBIc=ggD++%qJCzqdb}$bs~%68U6L|B*k38to)6>G`9858JV`9HabXI9 z`1FGtQvw8wXvZfnMtE$HdqQJ zWosA+jcjY)@B;$E`S znQJ{TY;h&-ipy-TC4OFMU7mMZG|d&}yQ!YO)!A!FLb@p{pn5P0XA@^2HPNPS_Cr~V zCi&spM1XRf%G(-kBz|}BjQYx@iweM$Xi5n_Wjx~Tg$X(NWz@YqD6ci}UJ^7}*~A@) zV3a6kK{ByN(0(O~HnBBm%U3RO_a&8M_N)kg5LRVl?-zzC8QjP##mb|V>w_a`%R?1c zULHz9@FTdCKaea{I-+^xC$mE2E77nVd2?5Y*nxowxzSAH?FEfS&u0Vx!RjYa>%G z85939s2{*}78&uK-iYtUpyk=0sSfF2N`;SM7{ zAEO9Hyfy65Q_eu`QmZkZLaQ;JLc=beGCr`89NOH_YK()?YK*7QYK*6pL(WA802Mi` z#&g-B#RW@|(+-LwryUeep&b-Y8Sk!*)9Ua6g)6tLx+_ai%_&K_q9mnUdvjW$5&+|A z3){S!>$4b!;Fckbzz&&;80m)&HQ0m>NU*U$w zzS0^$>LVYxMTuUFLL%p>;X^p;oQ-|a^V?OT zFBsU`*7b*zNPLBv^rg}rAEz%AUeBX&lnxVGaS!wwn)j+?O7|ZG|Cn_a|DYTC$6rl- zRJ0juFkp?>BCk8;_zrhV+*ZIxMdIrWj@r*>8!j6!o3SR`jP1!`?-fdpTd-;#SAqT! zLO=J^5X#x|b2nK-6=Ew^!Dht4W|(ipz-CymS#hvg=8_oLEDOe6s7R$X=J*&`jRi}` z!O~{$7+BhZ)yBbU&07yfn@|fdYV}_HrQl%KEVkbhKcB$<+=2X1--&E;{7$tqjz^sh zR~8hX#Mcc;%)3W34Bf(=&Mgcn`jeC58+Jr5OT;v}ixWnBxr8=wgXwmkTt7TuQ#kZi!dKtj3R*}E9l^ne79BkrS(7OH7)ftHairPEdKf;0ZC z&n}f#OleK>w2L!DATvgK*%~IW6wc6h1BNrL;y>AW_KYi}91bRh{+c5AIlbmh?uZnv z4vOLJ6)Kn*Fh{6BJfMa%W|i6`I@Sh3pzD&!(7OvQ&Ur`9HXN;tLgZ>ao)EcufK5Oz zqu2=}@PD-2(W;H-q=l0cw@txe3EkPcNMubAa_ZI{GdiCMiV5Z)_q{Li1on%Q&VVBJ z>#AV-D=i$HMMY(r@y;qRPOdA7IgrMg(B9dvy{3qAcg|~QQH{veZikpNFkNbUG7Gj zyy&H(J8Du~bT$Ld-&J#eBJ&ZUnC1^+qcSV|I3Rds&HW2f_xmer?0Fn6ckKS}DO!vv zD|@%ay&*g1kuu+&F>>n@Ty;W1xcOW-ZpZrmA)GP;v=GP}N+ehdXATc~k~A$+TMgPa zl0FDq=BZ}Ob=$1w`KkL78SNjbS}DF0ZMttk>OSA513`^&$uF+U-qdmzdE80MpPGJr zswI*6jF!~veKJQ{Jf1glJ>XQM8`t@{^z zZ?XDp^TPB3m8?i!wp!ceZtBF+u>&dov_N3>G5aID2??DitqLU({V05EPGnA24GxOj zb_OM*F|}-N-LiUM)?Uk{mLZI-BXt)m3;u#1WasfGkvRgtwt~F7dc(-M1GE_7gZ6?B zy^RB1))(xADp9;3#VP8*E|=V}0t}prpdLSfkUex63<7~GY6yYS6#-2KKydR&hl@bq z8W}=h1yB)eJzdwJZV}s}AG8iEoLZp#&zyP}1z)d%+T9h%)ZGOg*@S96V|h(fg*QM- zxH~G3Y#js*TTkg46h;W4TnKcpv>admyBCemrS9SaEp=DGu!*^K_tKM-n0FX{rH{BV zrj(tjD9R{@55TzzieJP$SgLy)Jz&{p1Og;Q#*vRdfj(}Wvq6W4)2gVTA~+2li_3zC zBo@w9sqLW>qcL)v5`cGl(UIUOyqbPN@ja9S|K#Z>F&!I{2vZU7skrDT(ayG2UH~$U1o>?3w@H%aADo{R!3sOwNq3a+@3>+LYl|CvnePr6{+ADk4&=le4E+7^4^6EI z_KBiH>3HvMo`1k^8!L*18{(oNAc}(%3s1l+#}=oW*YF(U-=K*+e-`84HWS+=$)c17 z(?jo2Zj)Ge5ndh2_lwI9n%EaDFCO^Lu=@zMFh=4*hZc49waR~3@;}ydV)izVz7Q-#jGyuH>AYAx# z3@y|$g=;HOdf&~JzOK@mc9?|WOu=j%oClrPp|qiN1s>P14fq$DuG%itj9h6UbFDdO zi{L%yG5UDi_ghlHvqzRGZvXLFi>khzRmYu8^{9=q!oM1C7vUGLtWtB?ZXp`5&k7z; z^#un){5n$WSvFI*KI9N=ld0>4LuZV%99nNVgyjA>v|c#0-f?KXaEM>vva)+Bswou+ z?uC$F5^Xkff(QwmRYM>Yjg~nfiYW06%?fHz8ihFk&;t~(#6qrWk;WIep@4)>tU_bQ zl%Dj=BW+bLN2;=;P&k6a0=`p=hSvJxPW=o7Nu)-Nez(l^!wd!D!)%;-4|~{3tO%SG zAi7Tgky>d-cyJS%V+Fx+m_v(&`oXfB@FT?JL7VF8iz+MvO;-XdnaQryr%=)Oi}B0s zPr1Pv?I1ZsT)yvUDcYeK9XnKPAv30iLjq%m7XkfYf6M0YS->J~h5~Um_nS|B<(t}P zo65WJD61Ua@L)nO;#&A4B}vDBdWj~lwnYyC+{`XkYU(jiT#xM)_L$QeyQ9aD%~9tM z5v%`Z?uKfNLUH-3ezPnD4qSu^3kI8?J?3@ZWWbF(UFgzupuL8qo{sDW*mwk=yMj+V zo1SQ*Mafw!J+q04GME=u>tL1w^A`^7p=~%*-V$vM@*1kXJ%K>QP5>wn@(_HB!l$KH zYazP!iL33AGf%HDpW4rMQnVp|!p!KP_?Z<`RRjg1VYx)07XM;eg?V+~I4*(ub_D7a zLai!-l1cT-2-KN``d&Gx6C+S#t^-}QMNq>?*Qf~8v4lFg98@3s(Q+b5s85uGdNu-; zBGk4;P-3*o($V5NiBJXfopg@nsz5bGaP8HCHnx_7x+nt0kE5I0il7*e7EFpjO=FFh zmxKCf1nN9OrOQFRg?@6JxQtNy6+v-63Z95S)e>scKJhjR)IAZX215O=9274|a5XL_ zRC5s&*%rv9DweC?CDeik&eY zD1xdY)MF8-4nn>0@i-@TCe-&MP)`wRO%c>CgrbS%YJ8qhcNam4O(XM^r9L23eGwF= zWxc7>LcK|-GmD_OUl4Fv6wz&SS5cv1Cr0#JW8FskaZBr`+#@k>6&XzJ1wZ8oZ0Y0p zscSsV&%qPv0B+8Ue zx>}MbKtAa_Nusp)q%TMkMZ+hJm!v`0N0LTM5O$P5&*MO}ZV=Wa++M?|-A zJFk(w zi+Sz}K9$UUOq98A@t$_>V+!WJF8skPruhx>T6XRufXsb-aC0A@G4~M%1lihQO)L0L z`%0RNFN8>|U8L0!wjt)iXd}3wZzr$Ab8g*WLN^TcLy=14YQqRJAaD10J|4w$t^n6{ zBi4f0%%Hs(Yk}=Bh+;YY?iOhiQnFW9?a`{?jVP(=Z;Von-i+9ERlF@!2pW$Ddacc&=NzU<=wcw^@p! z=ooBX=?4$OZ0>fnUn#=++o-U<%o|l7HcB0u>+G(#Z548OsMEy?(cyPwBREqda&HawbM( zgq^bBYj1GF;dHiILWSDBrf!;3yW=a? zQ`fRcW2HX8$>1>1H-kpRPB`}KpXq_rVlN6l5k0ZRz3b3hlD9c6_zPMef;z(Ix&M)Q z2kvVcjFMalH=WcTfxtdI@>+868LWJ9kbbD58K_(2vlQ@&-I~bkqX<|dy-x7C4Rw{n z&p-#+tqW4OdIwoED#z%SVd6q1=t89P244V}+LHJMn0ap?^DA#?;GwV_{(JY%5^?Xq zQ*bZp!OO6fFIEogL>ZEb>iHc3e)4iu#U^+tD!QqU-cTZ2;A(5O{sV60Y@U#1nY3qX)7k3AIAlu8sGD&k@kb9wb1_>kFX13)ow>~H@`0Ydz zeL9j9aZfSGMKuT)vpl+_9+RVx4v$JbNJwP%Q$otPPdZY!Vf^$3cLM_86_o_%%nG_! znt{BsC<(BNfZM+;i55gk4$l-4I~I^tzRqn~lCzgovkMMD=X6kOk zMi!=6igUEtW03@$xv953Z3b`{=Tf(2%(jiG+k*c^>!k}ZmV%vh+IQkT0Q=c5p;I-w zzZf;_%6|)na~~QF-J{tjAA6&6EA{2*;^-Q|}UuiZ}Jn;Jc9Nxp4Bzko1A= zp*G}-Fw};$&w%hk=@Uo@BQKy&*5$Qkj<}3I#=d?pOgWTNWayFGiDE zBs8KG7v@rnTr(2CNG)2~TfQAdwWJnC5G;%!SlAx|y?9CX96*ijT_~CFVV6^IZSjx* zbVS*N0d@9%ydJl<;AKsK#rwa}K7a~izh(l6ci4|K&Opk5Gy2LxrOt{NE}Ys+=5=?c zV5!9b6(61PM?vJIHj%KcpG42zD%zJ}gbVF_h|o?A>ur*LX=kDT-$;;o|3A}681?~; zge|t`i|qqAb+^Di=*4`th4#U32>MU452iRw#nTpM-Fm2ia`wTSNJn;FvOk4ikkW-= z#NaF12U}np3`eyc)nr02 z&X(=K-=cgbxG%h5<-}tU_zWhN9%jQE{sY3Yx3Puxiqn5whK2hY+|LlSK0>(}`5K3e z&556E$>zjQ7NmaSHz#h0i+J;*TTvE2!mGnh`^DAlYkYer<@rRuiiBgURA{IsD z=0RxDhu&bJ_XQI?1*v>+xGqH5=*<*oKZR@0&>YnMFI|6yvXbq-Uy^0eCuLjL~!`$;u7E zb|@nW_qDk$wuTj_XYQu1iQMool(0O&geMUxC?8n%zAYsl&Mmkcq#39IkEE6VnA~HZ zqXGVIKB%VqDb4}&`pXQo*+|bF{mzAq**!7uSnNZ}Xv__HtUK;^{sgm}XK|nC%PvyL z`W6_NH^?T42Z0GaLr}Ked7I7Kd<{c&c4Q0Cc}VIF9uv?roX6+a1AyKkpfeok(g8rP z5YS5;=$rvSCnGO7THu{a+oT47-%UUnfx>@guK_><+RE(=LlMx|_}UK}+K?CgOyE5g z?E}Cs5>QXYZ3BSL6i`pa#RGtjLtbzQe-7Z!z65P|UVU>oU;Cl|eX8|#MgmDwhYSGv zw16@kNI)g}rys1#02+K(;GNUS+{4#?;A;v06@hnA2Ijf};M0U3FYqn|!JIGv{0PGD zAn-0e!R$EzyrG8w1Afx&E_lHNeC>z+7Q+8T;9X>cd1wIm`Gl7n`r2LCgJ~Q9o*^H> zi3DhOF%d?t@9T%2(S%n|qzjlZ2MvIqODhfVX?M{S<{wDwuf3gwf0zL6SGlqJ_yF)r z1eDP^{AVQQu^-Ye6VR_YtY778KcJsMUT~DayXX#c`~dK>!3UM6bFtHr&}hAI=<&3& zzY|>bapbhMVzBoMEWeL1=Ga7ur4clAmk|0LLjR<=$Tbp$R?ak52+y z*hV;ZoSH>MB){H{1YAwUCj>S}!XcR=At7~te@&vl1sWkCHMCG?${WKW`C2w4ga{-g zgb%@Y!cqtcVIi24ZaQwb2}FeC5e=K;+P{0 zpzK~kId9hT z!A;h3H9x+P=ptXXL$8ukIfM8@KDJv8fK3C~8)-STuO^<*npSRD|`WGzz zDGPXd!4{EEpOAO=hfM3SQ4lw~q1e67_d#93Y`>N(#&wyxb$yA38X(QptuxPbQQeA zBnV>y3b|w@7HMcV+?soU6fk>yYF%Ox9i_R{I^+d=;&E75M!^3a7poYQe%0`A!F=`R~m(r_;R8|C8kcec~H3I!+ z-BG9uUq2M+G5o`t2d%~v>cTmYX=|r6rMk=wC>yEn&eqLVhtROTL{_=ejm3kGZ($L# z-t$>Nj3XTpSSDcCLyyU7D2B72XB5Yi@Pim2wHuy#5+S4E8LL zCZ#HI+PSe3?|^4f`<|)8%EjKSc`sN*g>TM6;mo*G{h=3%dGI;rOp+XY$~Y>(hcf3t z$=TiK2$Oe34jLfO%KS}80Ye$pGDAYnCj0SK&3H4p-??#`L8E#_{URXlAynUIuHm4S zsZ;ig!ub-%EIU#r9EuI32aR;1_3`kv8ca`wucOiQXhXU%BS^uVd|H;AqVSJahC`L^ z_dQ-ogdWyTvt@y>BDhV;Ld&)h1|t}71)QJ4z@;Y@sJe4FnSpSan`O@BSqWg$o8jly zb<6nGEGQN~fLV^7aV)C~iJL|WCVsy{QyW*CCvHV`)b5{+)SI4LSC|EDW9!0qSoy|M zR@j*$( zQnhJX7sP(8IS)b-t$ycd^|t|4rp|apVB(4ZBQ}#C%yn-Qr)_@gWZt)gvaB^V9$Q?? zsOz8}sR5NxaE;_cGDefEM!n$|$A!R?THwHijrM6W5A}x6>1{kja&X&NVrjk4&V7wT zMj|lt^w(bNTb=qD44rB9?O%oNPq+QbO^y#g1M=#OS6c?6 zLqi9QZl%Ts%=fHFn2!vMNbLd)qzdePCrT-j^bb6w#@#OR;)j$$yww&CsfkSlMVmOJ z^1!pTL+TOM|UyM_cNq+!lgRVA=S1pQvD=U9}~Q-9#YNy4yk9T+5VYBYRHEE zht#a6$_^>c(mO%IFoibCB18f_IkMzUR}Mv^%&q6@Q7&pCbfngWlT>WpnNHaU8;hnR zIa;JwW<+PHgLRatZKyG(4jXE$2;`euAhF1v?9QduiY?fkSojH&23ru~YjU%PYtEq6 z=8gX?YZP_^ZYzz#ZZ{RILp?AG*P6GRX{8aB`6nBN-J<$0#KpTpQP4bTCDXSdx9dm&TIX3sFlX5H6&$nzb)`9gWC|y=q0lrpvC8%dyq!?jMz`2 zXKAw0{-8)Q#^3{+Q_phOGc=)E>~l5LbRON*Vr~^B2#$!5m#A`?02=-XN;*<&gdlKF zZC^E0^j4=+NUByd0+ve^bVgdOg%Qt3}9j~Svy7ME zKqwI`MMRa*RByjp?6!)p=~kqi#p?UDKhYe>PA=eRyJ4NcEefoVrBMjH{mSFxG}^ug zD$`k}BhVyKNWA9%U6X$MRi-ebDSh+Ww z7q4RGU75P&80b@3f2wnQYPnut&oL_9@viVd_IkSMZ=?kWbh*^>L(oSvd(4j;-a*5K z31~k^>Jwj@cpw*Hg-7kU7$*qYcH?tv-~#3&(};05x2XY|2tA^k>ONYN2-%=s%qV!XS;(7 zsXa@Lf|HP}rYYxczh#6jk*Q$OFkr(}AR)h8rxsvTJSX)*VMvoWlUJd;r@L3`Op&|j z_D<8BZmTL~Z-;wt5Yc^5W^xtE~n@A>L#7$L{PjP3yM0vdi4{H<`gV zhadR7_MD{K+kT%6_L^fN!NfTQwFV729$&PG?}2S&2LE_KbB9ct4J;s+dan$V{2mz1 z9mgk3$cy%qV!9jl-j9k5A9T;))LLDMgB`#>m78j^Ek0yw~aunBOAl6z&~ZQmHprsbj!GK2nru-*u9}=XPTf{Pc(W{jQVtr zAzB${!zGphhvU|##}9eZ4d()|R0P~l6wyLa`fF0_gI}N$D{WMDcQ`yUezK9xz7ZJB zUqddMLR?ar4zh#XD+ZZif6{#=698JzHVCXg-z!TYVvCd;VXp1J+z8-zBLee$!#G!; z#DzGQorZnzUIS}g3GS}hS8(gSjdrY=Mqw`G-w$Wt1QD320wQy@lCrGrG zs?3I$-o?AHmiy&qypUBcUhPF$9-5~}pYu!Euf+ZS_+B>T`R*^m+wh&gzK%Gh-iN9VlvAvYDcqK^ z$-k{c2op$ZxEfSU!SIZM}7BtT$IoLSz+gHmcZA zR0!s{uQ)fYCtk>W|GC$Mvhz_l&evkBu}1d>$_yxLn%ECz4i3VHO6(iHRLx30d1I6^ z4I&7~e`dpM4E|p6pXhmeu!enrTdJo};kj=TFrf+wkbVhIV1OYMI#u4mwnRt$d^};e zOZkp^0f$5oTSq;y5uwfk4UGae6*mQ(1KpMC8T-_v#;!>WNU0e6)CsM(eV-biw+`4# z3_6C4Bxc-7@Xx!&;GLIV>yr(6NL26G{G`UbB_N+}d0=Y^;0+4ZBzf~!DWq|WLK>U( z*Q0*;re=rp=cLmoopuTq0c0flrO-HM9na1ormhoi!n_*h4YrF4#a)DiXcy6bw)e_Ms|KDTZYWi8S4O+d6v!q52Bro=5&dCh||b(_wdpL#d3=wkqBIjuijKHJ_ERuVuyPnf<5OLU zhEIB^GE^dppTLb0F@q26x}%wCG$?Gro`RUCL+G*y3`2CfYW6#n zmq;7ul4#-p8Iq(^WCHkVn8x0av~yjW?*>Uu`((6CeaM)ql@|wGPhRN37U_~6Y%}(- z0}?mWc#vupRvi18ztxzlu>BO8qc@KhFrE|vg}HR~*r(D5y}?^n8_6Bn8S70CPABo6 zjG!}rxz1IM`A@jzshWKwvL-4O(uAxhWn9}vG{=1W1b(-I6>2-aB*?_5MVjziFWu8r(4yJJYvNWX=9I*NmH&QNuDVGY}Bj{itc zUvRW;v9RSK#_bc?Q63{~!1R&02B0y0q_i7=9m#RPJvkseumoQA9Pdp7`|C z{58NQwHBDcpG0;oC?`oMpto+9*6|!KmnmPzHYIiJ;_B#O9sEgTSL4^#fs4G6P+G?| zW$F-8ITKklBO+)@>b(Q}3yH)C%B&n>Wl}CIDr~p1uuCH?acL_*pSrRze20_?)A+Ge z+$a!BlTV`xP;i1)FTKn0iW&yTYDfTKh)rvVW0TLZ3bwh3U-&(Eb2CjGyi^qMauY2i zyvPSleGaDd#7z#Y0{02r^iiRtt`|z8Z5W?hce(R4{DqwJ9&`C}P!TV1mqEI^Tm~X{ z&=l$2`IKV4;X)rHeeOmUEe3^l68H$#++x`TKk|A1{IMhK{?N2mIa)*RSfzn44eepc z&(t0X5f#2tEezj9K1gS~J=8HHeQO;j{`c=z$M~{6RZuBA2v=pvail9FO06NPRG=O( z@rkO1%5b|1LlR92RM%^J`V8CCV)x^UH1joFl&A59-eVAx7x7=!rw(aI`W}uD~hqkI?Xc990iYG6nLo8>VCmNqOhGhwsrT z@ft-};QSVyNx8Jr4Tc>Z$Dp-6rOXu%TNhwq-Rk>396#30|0`Gw>T|9yR z6^0OYggKV3MvIlJWd@rFznzUELUY*bap8CKHkaAJf4W3UJmmWWAdRo^I4b|Lqo6ZP&21Y-HmMZDb4)FwHJ5#c}h#hKZ+*Uik)1o83v z1di~wax?SZt7K;G!OWb*u0h$Ec{&_BtS&Y)m*=Woc+XwM2?u*6W#=D$CQEm~Y*0TO zJ+VpW5~?1ZrFJF*P`95EK4-$ET%+RtXPQ(J#IB&)t#V6n(C?GIHeqTt;$rqp~?*LVhs_& z5vt7K5RU__5mh0yg}Tw<@VfCoL-#wFX=b;9LoImOHGTTV$sy^B}Axr*p3$EdED+G&*A}%fk;gb=}jw z7>YaA7-tz9a|V!Fm{piR|H}S?-%$$~=cpEDPC{am461$9?tJMlq=e``<^= zx-(IGK;EL4N*hijf-yox-A#R@zU$L6@t9M!IW@>AYw6}wh)o*Q$`P8S}ro6Z?c=!$2 z8|QNs>_l<36e`0{cQJs{_mh`E-#Puky5su_`*p%ntCi)wJG!s1rw|s)^N3covSoJ! zWLWPj$f80-)bL>xa?{qC1ahr~m|2yK`Y)^9=0xMP^%FF%1FG;T`XgI13 zn%EmZe@Prr=qPIAF+{&c&O?`B-E8VT*^i0o-7{1j+DN0F+#4J)8fi2|8XSfgF}U3! zKo+hQixlCPwLkwXCna&afbt4#;Er%2_E#C+u`KXepy(B5jZHsjjlD@r%ooGfEH6t(RA*e@K~?K)J*RR0~rDi16QS~jCm z*jCS8mN!(wYx&Kd{Z&G9Kank|q)(CuuH^DaCGu^l<-gE2W>3`|OS7AetPTiUqBBuZ z-EI~ts@wSmq%^t;f5m|ojemqQ+KEknQUYhE33d*yaQ9>`z*H;W3 z*R`X~oG&vfvlxJhp>3ywNEt$%E75Ky-vkv~G?u--YYc$*Ys1 zOzjwSY*_oz(b`{y;o@o+GY}LwrK)xpG|`1c_ZL+8@omR;D|LhU0{vwY7f=>H;!mc1 ziny6jQ)nTq39^Mn30NTPDVxEvq|oTCv=D(xMV7EvK@9vT1~8Cv z6G(aq6lAHaMG(rO6a`ER+=g06P{e>J0Z}drI#&t=s8A5-`~99X+wCw z(A;OvnKNh3oH=vm%%-6hw>eQ>Q^)IY76CDxQV5kEfn!Dq3XL9NT4{u79w7q+Yn$zQ zwj~G-bM+aB9)HiRa`^1ll$9`;t24jfi0i(N{qUf=o!?`>8SVF?>B!<={6H(JHLDgv z)QX?{(5^F`^8)1PZr5m1xWVljBw+6R8Rs$xJl1pX19`wtE-u-h+{eo;G(%w0jikBG z0&G&(FSCnBbr>1xTY(G8aD7Yx-Z%;$1i?Y*XM*4)tqz~U!O%p0WyyX}Zx9)@3+&MN zL38JKVRlW}833c8wuSu>{MlDidvdX0Xp-@2MIh+BGX zmY&%cOcYx!8ARn+lC2$Be)1+8Qkno+Zs7IXB@&I%V`&C0dB zOe6mCyDIfv&F@@h8o^ze+645(`r6DWT1RHA(Z6xi!-P%r_d_&$`$hlcQ|)n-Hq;#J zYsIi6*NI;cIb<%I7Y&xehR9v%wJ>a3B=UcB+u}hBWj$;;1Z?MX%fosY_H^{JM89t? z+IlHddGvkRaOn2SRlEK^tbc6M7P*Z-VGnk?a32Z?{bL)EM!J7M*!le|1#bri83hlz zQ!P0Y_V5&3QsB!`(;()+>WKdh{b)62&h8kjMH56vEOe#%K_@oWk9uE!+<*gqsPX;$ zyDAl&8dp&4aMHHjp`8;3-F%w^N2vP2EJ;TNwcM1#8L`ACFUJXxO^GJGoAR9aye=i1 zTEM)N4%9-1%y~F-k0MH1S#EZO$`+uiYFTL!U{X&RCv26>Lwyl^8M!-j+=bMytYJ^a z;{zKw1U$EFzGqXxZoj#CHz7L^vZse_7(hM?E7%+4h|P8cZ!isdBuD$4A8PxFEc@Vy zR4K^t=H!SID$;!>{U*jIdaASoh+gW0C{~OE=DF>i5gN*LbrMkv_2vT}Q2hRi9nZlL z##q^I!{eBl{7tr{GF{J^@52>xZWV(M=Av02J68IY6^19w7Ne0YwPe|ZSbi-M;~9*| zW%56_)Xg;9FW^XD2GWut*TW3?wrl2;nJ?71qTr}>aOGqXt&?{>C{vV1YYWK`r$i}l z<8n7wN{uh2PTp=aCts{3^tBDLF8EJq^|cMepV=1pRU)6{y<)cfOoo~I>L+sAth`8u z3HVG^`DETSC&={x3NrG!pKubm0_WY>b1}bEvqm@L`Bz~XyEy#NII8|YUr#_3y!Z#Y zN=dqom@pI{)ak3QaRv6(^FXrZY`c`H_)qAx&DIag;+_G(8F={O_KNVeQS_DRYZFxk zR9MKiG&vzQA}!sBnI`4`=(Up>PQ+(Qh}8qGveN*x93Jg{qTZx$lk3CJ5yh<6va$s| zy_g94TrKNW(LuQ_D#d&!5matF<5#GH%Xt}crfP8%t}f6j`%?Sr|Aks;u{Dw8``X9^ z|04|TP;Eb5H`sc#<2KF~Axge%PaE^uYP0U?HtQsUmj6BcimGjMEq42F7YIxsNy4NLF{9XhX$yBr zAhk`phtjRZR3?-%2j%e#4>oRunFvw3I_C>Lu8{Ho&Y+?KzYmxVLAlE35lZ>`K% zqWH<}Fhy>NTW;R{lMHd-B^u&}%!N1v?}j)`@2y?3*H=0hijj>4ZK#b4Zdlt}3avIm zhY*LxA-@!zj7O+0jZp0oYDy#2IE0=iHdaYa2=QpsM?@pU zp}}8jr&X7>TF}fM!>@hHE85ldjU}t+Zz+7SS|xcP#1Zf5C$W-fgm|=p5m_a~qxCBq z^-0)OFA?v#e#9}9Y?Y7LNQ8JoRU@Ji;?Z~yZfWib@o3eGRu$M{N+!3bytHhdTP$}e zkUefo0YPh!pkI=LvGH+pU%;wYtS@MjLn2Wf^$Hkxcl1T30FuF}jmsTU>kd8=*7gO_yXoPsQ zwh_??@o1eRq7mZJW{-$Qh({CaSi?^bUrX`Uo9D^AgsHcC@wb_?DF<1#`F!p(L`UojFLy00fD@Q9j8Qh}wv>T`0%~~U}Ooy+yEz|_51OBiO)wm!+jhkLF-%B+T8`R8@6R1)ZY2x07mlT(it?W4j2 zpp4EgyD%#e8if}AeN^VOXHe^>Gk9s)t^htsCW_W~hOx>V>jw@HqR4`|)1HXsuIJpaZ5B?S0 zY)dmf{o+breKYNmCDSa|*Phl}BUjVJ`E@86E%pQ(kh*>Y!vm!%>Qcn$ZEM8=S6>J8 zi1L)8pt%YtQ3*g|`S+dW8R~_)J|U$`hztVnZ1c=yzzp87?!w<#pzWu64AffJ3(R!%JTW^XyZiF7{?eW-o(_+I#M}LR=ikE5lftJ(td4+RMOGD~e^E^u z=|qA5Pv!Be|0nW*6ONfP`m>dXRX`bz?~I%49;+V7?&GM&?w7Ob6T&PN~ zaVrIAS?hX;F0exaggc8{p=2 z18}|&HGonr{^%20!0!*KOwT{)MZsn*H#)4j2^Ad}2`RXQXs=1^A6BR7P1HIgJIJyH zp;`Q&9@(ghcDLtGVTL8snKRv*jeA6fin!O3GZl;^L5JLZN~QZVa+ldBC}m~Qn8}H? zUb~G-Um`K>4GNvL4Rh6Gme%WZG z%Rd|yfs8Q-V|5t0`6V;4f4zR+TS@(RfM^x#$MzedeRP+kCAuZ0QsgSX)i^8LW;pmh z02pqydlALrtMrCVdw#?dhMk!yg|g@|Kjo|?3|Ugw1Vgy zq)wkQNH=<~y2QB1?XaE!=~2T7=zbo^s-&Ex8VAKxsQJ)tJ2#}}bAsSHE+B#sWQS$P zAUkmG_7AE4v41{fh2Ejd3hX!3E-+qe4&|m8Rj88t;h6t?mtR9%QU2y~v%V*g%3tgB zBiU}KOIh*SsKWoIr51YsAxmvNM#zJM(5I-+O;LTUxlWEgoCPpsz*&ICT|U7f`0rKA z>tiWDkAte}v--Bwl(;we@i?_!(4zT7t5khe!Kka~T#*^yLouPpV)S6PVdP{2fuGhS zDg`x-FzOFO!$D)DEG7AK_BUFO_?naqeZCv}9>fSq9O3|%EaQ)Cc%zfUmJ+zSImkAV zQ7|{^+@ZOK%%5yM|R}g1GG56m~TaONW}M+OZ=wG?>|e&aE{QbgtjiA zo$$XMvUS!VjgQ3GJ5 z*P8ZZIIk@u@cI_!wlTIatO?o-?gYGYeYlgBay`*~CWUvDV`wW6ub+mdWzeSp_Ta)k z$v+qY7zSR(pAx;3i*KKGpSTSSrLJDlu{cVBylNrvd*h^BJ(P=&T%ZKu_!Va$-%U{XrQ}}bhE9!U`w+&lAAm<6(Fe3E-st3c)jdXA~A`<>vE4q zYNSu^k4#R&U{4ppilfjTlIlP~t+EV4yXe?gMS{5CI=}pXtdf7YrtBgd1e;i2v$qBj zqx>R^@xn+LH@I7xdJ-5eqy&<^m>(cg|6MSRo)4lMIHDbiEK#vrIE)iV!r0bfOh{n3 z^8qY&Eh&}))@sSKlTJ2+xU7KpJXUu$Eb{AVNW`rzYgJr@dFG;74U7Cl-*2vT%MP^Y zo)pT#aDo4`OB$nipT7@oNJ1|5WfnBUfbe9uwm#m$lLKUt5h`nDk+P!rp%^g?lED~_ zw!I*M_blYvsbr$LDaH|rHRo`7{@~sNb76=wUoSZ+%bW)0g#+{fvKy<&Ny=2 zAePg!Y8#11Q{(E>Wx3J%e9Q5s^|9+OmJ4skZ(A*{j}BxU#1gjgLWg9vf(6&0;DO>% zC}cR>r=u}d#tF7R3$_EYE?H3ARj8hb^EEFit(PKeWBt;?v~u#4GzG7fyTNBn@ZC4c zR!*<$XT4}b_1b=Sb$-VY)J6&``^Yr@#9U3tDVm<{`-ceA-uLe;Y9X0ujp{E`sbW{{ z>pqqMne^6m8^@%&h>v6_ykKBgcVNy^`-E9=S5}wYh&LO z;`V9e$9>#Vd20@I=i_dZ<=`wO%15Moz9>kMno6z=cfpjS%G`Lgh zosi$PEN!oJL+#D7(5mCvB_s^L7S8pfnT4*`WV)U*qZVOtoLeLOXy-PEV`RWy?579c zUg0)}b118l)ODUgu3YP2kbGvLAH@#&sRiom1ev@S-=2WzF<#-&S?odc+NGMsynQ(^ z_Ev8DQIs(SbQjqnr7tS8&|!369FP6=$fQDwygqlYS_odG<8AJJ13Wf_O9}RUtnoGO zrPCYwnUvEcnQ1)s@%wsI)S3@b9eSkp3W0{D#Rs5oQTgJu`}hMIUE@Q1KN#%{i|u^m zv{9muY#x~X7NtC7cHTcRzQ)#TA`qn|AS=W|3v%tYTc1ILwGNs$m>Z8rfwc=OsO=yq*p3qf8PK_w$|lm|whiY^{)+WC@A4Sboxlmh|V5zKE`iU-pwbuX~}Q5~5mk zs2hQ|+8h+%Tu3$@MOu5Y$j8j)tnYCdRVKsmYBJT}wijFN*ilez`Aw(C{pQ9N`4*kMxvKlk^7;P`3jL5Sa^X#NAW1WcCvBGFwFCh`M zfSv!q<%`-E;f;wr+}hXB%ks_NE<gzLMwDgW} z%1hVXrw%SUAJzn%K5p&-X3%#KC7Oh?7X9`u>lDsQ5>aS_6Z$L%MGYZ{UbDkrv3rZ> zSH=9ekp|_I*(-JMoU0WW+G7wxd)BMyXJH|XPN)L8bx=D2{_`doy0ltWQ%jD!>JdtGPeg_ zbEEl8ov6B1yLJwARs#Lznh&_4(D%pw6$5r4qJ%g-M*g#aqdj3Bn$C);yrSdaz(1@1 z1xGi3u$!~g3H6B7_AVjc)MRHZ8Ua{I3%gN+G|S ztHGl@?xuQ){O#j?{`w3^!g;lmTvslVbIny|mShu3kJws%*Cn}Ho)SnmfliA5CUg5E za{P()n+Eu1PH+e!sy;PNlirj^Z-N;d0M6se-atjZejSOAKHxHiHhJ^CclatNu)lAy z+gjF#Xgc(Z#nl3Mj{Ah?hOWGNMf-8d6x_Q##ieMk<2+qCLyuD5e5W`GtIRUvY<9;Z zD4(A%w(>a=d}-I{9_aR(@@%JP898!(v@D zsXX9qYXG#9S#Xt$ZB;w4IJcq*%F;27r_nvbpI=|K0(;|ME@*n2+jdyJ0h{4ZKc3S*AXt)(?Vz6*)O{&nL*ZeM5efX5U*IJ!jBx$xCAa4U4QHfJn?gT+Nv;8}6HZw^e&%cdD%!0hi*x+^M&BH{ zgk!XXe)HB0DFIs=H~=}{zd!i?^C19zn2U$A7h7~IR>_l^2;7{cn3@R8bkJPufEm36 z8p~jS#&Jhx_a|EML3paTasL&x&th|jO*3aaEqV_syg96$(SL{)xVRGM&zsv*{zmqE zXyWS|b9#%7$PI?;??oI&z;u8u(N$jjV#r=?ZXKSz+WaJuy)uyuRpXv97hP||TRQPx;z!SF=aAM0%J4NhE)Wdy)2Y1Q zai5&jsLOk_PvRWs&)>A}*1VSs>h799?bTv)`ox1xO? zEtiQs7-Y+^o__hpA&sjY*yVU{#buQ~5vv{R$!f>Fvl{MAuXezM$svn@;uVZFArr$q zJ@OaE2JW7lEIsl%dwj!usMmbRT*I%#@Ds7?6{80jJ-}E~IhYUkT9_%&u}{ zg|pIQ6+~Ejmunx zPk${8tWDv*q=bD-_h0&EZqz`hZr@I%Bb--ii2TutzpN z659;g^0>?$OOz>IUJhM4Q7+z0XSvDvoe>}YSwzTp~#ZDMcpp4!9y4O66^0UX%mX zC4VnC(i#3gP4QJa}9Xc6A0RQ1P%ymb->dG{XpspY-c$@_@YK0)3a{@q&om58_^NhBrW zx4vbIup*`v$TeonW>1xpG#D#$x1$D0uZKs6MAG*^R#MXOd;vZtf~{DO;rfPM#ay|V zdEJQF{JWy~uoCT7lMCjQ36yLvS0z?elM5=@g8AT^Qf)hAIk&$MG>FBw|&<2YnD>9!v(wx zjaB1pp7{~yW}HXti+O}jhe~Vss`;Z|OZ%gh^hXh0_ zFK7stjxMcuaCEu2oidMnQ)pud@sR3@_Jb0M>kjj)BJ8y*F0;;7l!(VXw1H+Gq)wc&?D2`^<<)q9nwQGsu~&Op)$+&d zPcKWY7m7a1dJ@EIjyw!Ss79&>%tsv=IDiZ_b_)88yqLI&ZZ>=jFLfv%KHf91*E9hoW1Nh(K51 zWUVz*lD*P1kJs9+g)(OrUT7IIw;#@oY{eNv=Ick`Lw4P}^ZjVwguG@hozHr?CAerC z^Bzpsm)^|F+T;-c``mxeDK%NRqRM`BhAcP)&{2aLUi9APy zJbOwW5%jbqJJZl~O-PE^nFjBc>=Z_3=j=fG`D26~ASc*)=320`a`n6-5V;COtS2A` zkP`iOmF>m)jALk%ay!p(dm(WZYcC#U`AW#>Tk1=X$4(YKZa*p4j@5v|jXeC@SfsWv@Q} zIz55rMziqQj}Q~XF7-t2S3>UhznqDb#q9?q__~VfM0A{}-o!ysO8D-C}AG$(0vz?sI=1YAZ z0UoE+zSK=Z_9vzx`*!K2U_)2Dbb5u%1UN=vSvwb#{_6=n7gUILgG6th(@pO@)O*y;?DM!UAk0Ml3%)}}8o{E&cN0fYZ%+T?Hp(--8V#InBGg0-M zL$;T{hHSimE1}cA!G0>))F|P&R{s0q(mZ#yS{3uoQQ&o!=BD>l539Yq?LxkTcw#5V zJhTQLjsXuWKJvHtf&uqcS1U2n=I|a?9B5FRo6Oq~7P1bm;lEnwRF;?`)n1iSr%<9EO2h{hR(d-%;!}5!T{=D8u<2l?}kc(!C z*0Z=o-yR)#ShxNqeH8P>e?)GGi#G&+U;WE3SjN3(Y%K|p>A_!$WEzd<2OR-XooKPd zZ+=>09nyrK!D_xzbdI|X=~ElfzAJa*J1sNbjd$MoL>n*twDLL-jr z1LwAlAg`pqHc!Lo(2)`SwG#7%5{)Z!gS&9xkW=1%%-Q%%5xHL3{NX4nLwf#@ZeN){ z=>8gK@9c!jxA>XCR$!{sKEXDE_!DaLL1j+eS zPqPdGl~T3d*;386Oa{e-&vJjDxCXGCu^7>S-gg3uNL?r3{Qpm(Pw>q?l|HS_1FxT? zPb;5y-52IvTQ;W6#8EmerX^U*Z#(4|LQG%O7H~#mO z^J)6u3y|->DX+(ZW-L7f@;XVxU_0vHB{m^?UxhI|;YB|aGX9JiS1zzxI~!byz+C+7 zQ^@OsrKo=}Q`k%mLxR2$q8&YKaT^r5N2L3T7nqH|VxG%87?vU@mu3s{SBECrNqdf= z_yEBejiU)8HfrOkz0(yi$O&Uz);+ZcgIvWhLlJJPDH1S^;NNj}f>10HfDA-j3VjX^s55wfv|EN%3>eI5|D6AT-?p_zgrotW-#Xx^v| z-ug;{R@83K0YX~V)egBMPJT9G?jI0>@~IurIc~$iS(2<+&(?vi#rZuDm><_`&a|Z@ zI~O!d0^jx&M030ET)LC8Db$RimOb5P2(@f2Nwj9t-w!Qn4Xmej@2ZNt$mh z*v9z844-3$zc`Voz*frq>ltMDDKZp)%zx(bpIiCQP5g&(uOgQcq=83!{RqXWA3gqjYCRq1rQs%pV{B*l$N69LJV6 z5@G0#Em&CoC-%`g3ywTAQO)%{h-J?FDe?lDnvGTMNVC7(Ae#Lt>PP=(*m!>wRYp{{ z{ZMOEa%E8<90$-oA8Bl()mX7=<>)?)dsv?dUWUfiCzaz;s&4gWoPoq$E3oNY4#o}X z{iX}k)!?HnMvTDTa+_+>{43tOL^q%*Vk}}BFT#~mx}&#k#4WA(jR6H64ci~LvSSKZ z8O-oOqh&FLQ-ngQ5afKjq7qJ6e#{Ma>>P#CzBmFdEE{$YZsJh!5@4}HP{BYQbn9{R z2ROOfYH5FK$nCG-bx+n*#Li{8Hb(*Kr>2s+&{C6d!KNJaraM$y9Mpn&%|MvQ@Cy?e z)mQNet0D&rJ4iIU# zwRPgY!ZR5dk~1{ow+i#0DXhJtsS4 z2S8*1jqo{@gKdPjylpZ46ENg>hn-Et3%c`%z3V-S+kru4t)jAG8_0@*biGpJ3H#?K z)$fi~sNXIq*tO$#mH(3Zu}NGv*8N#-=i5KzfT6O%1K-XtR-bzbSTbsgp<>Nv6p;Q` zKAMfpZldI;8yYW&@8{%s@6!7JSC;+>?Kh=9)bBy%7W`rPPPG0&O|gAoSRLyJ!R2N? z7r7U63-dI!U@m$J(1?ORh3ZwdVAg*WCV4~(z4v&7?YeGcw68qCv+l)HVt<>JPq>5! z!;#zOW}ubUVxX(IDGtg)^?|jiubLHzzw7Wxz5PZd(#lPEkDH5bvqu!QJv9|=dDL^* z&lPqjGTKBrWm~G=8=q2iw9d%)B_`~FJCSKMI?-J6)}tX^<< zJp)zsNJhu+>S#_Uv?$q9oog#*ahlWp2x*z$t@e)R71T+zP^B z)8I0;`DAfzmu-AQ!5{S{ky;Rm3V~+@_xCwRN3b7uoQiBD=`x3)C-pR>#+ijo?*^n? zZdDICszZ*FMcNQAS*pR1vL4axDa@kJ%d(Roks>>$FG=GGE^B#A2frhc7uyl&PLGSh z7{ur0AeCYMCdS8+9E}rLC^zii$P10Uh9~-kI*+uPQwH+yuyqzjVYI9E5*0F!w-Hpk za_2bktp4N7rL$3OKZWI$qdbDw{YU{7#{D?UK++tB5+3hh%5IN$aPMRF;~js-pZy>2 z_zS->eI0}NOOc`ba+DWQ-wku5_D{dB*KZgu{m$vPa~{aJ-85ZDUh31)%jJ#iBmCns zAHvKzf%unLryypaxatW(VD1xQ;TcEwSp$&|nGf!@hd^y|xkHdUavg4^PsO9fYu;qt zDF=l|r9U-Rr+%QDo(RV{O?3-wlI^;RELZn;OSN*7%4G-E&Xk_YJx{4;7B<^KDYIa$ zK_4`|eGk|JJ@4Ymt%P>X5;Y3MHN1EBuvFTrV^gUio-50w%7d$xa9W>1G||@-Nt5xv zl!_)raZ5Z+8%u$#FtJ=Y*m!Ck800m>+NW zty2z|nOa*6u3G96MTIJfzFIxJXiHHgCIMl9e{%AtB5$u>?6?&hAl$>A7UV8r6xb~J z*B?&Q>4K7iQMFX%&i}rSC#l7(yf0*2Zx(kvcKlEZnLG@%mIH~%61moPAl19T+In~t zOJTEwu4nC#n7q2=(pmQo>6|Xet3ch9#jNt2u-vscyLeRB)#N@ir}NS=O@I~aXiZNP z_~Y%8gbV7Vf>yTc5DTQE+Ukv#9k;ARq=d~94A1w!AW{ftt`ss{ZtFQvT5fzyOkuMm zvoHTYCbt0yP;ZI!a$^$v0!5lXA4+Xz*S@Kzjiqf~#=O{p+Xy~00bU$|I|x230lqZ? zcM-gY1OHLHC~Gw6?OX;h|3jDCA4uK?5VkPDwn@W^0k%dOHah2N{(ZL;&DsEaDh)d^ zzxI zq+#a;*n?@2fcwOyzA-8)eGeUU052zU-KM=~~Nx*uTY za|gV3z;3eQVNu36aPZ!&{>d3ZH9@(_y5L9O2~Y`T5c7U+08Ov z*~!*YXHKzP(**X}6t#UG%QUXGSCYW3jsPe3G1I^f!+1;0xOYuC&RP}^KyqKl{WO|H z=zfH?%;bM|(mP~xkF@Zffk#_XT;{(=2 zS}|;hZG@3fgZ=EjTF~R^+j~1g75|7hpsVrqEbKm{3WZUtCu^+Dq$0F_B^G>DJ)bgn zvCW@|jW(8e9UA9+e8<7EGaO>&;0^XZs_Arwzr zVvThTg-8OHS({5Qvvyyt&5>AX{S_VBoGpnFRh+m zO^BMq65xs#|39&tIWxJ9`kjEfxFJrca4IW5l)|%4qfA#?QPdsc~>~#Rdj{(qs(XY!cu?TW&UJSbOFp*aj%HL zP3)LejsU~Xu_;n+QkBf#hCKX_Pe>Lupc0!uH>_|(DK5ckrmN`^mUYi|wx)Z7f|m{E zn4kYKBLN-rMY*jlxSC&1&CjA4{Z2&hDbhRI(YqS-KAHDtW8RO6Sy&a*ap7LUbU2H` zRi6jgcd^v*oh`Xgp;~g#7SNK1)(_PmBD+7{c9n+>sqc)4z}MCXfzvGkjbvHx`Ih6M z28TJ)KUh5!Dv&x0;fulgSXIY85Ns?h+W+h$OocIAxe{K-wK)wpj%2crd>JU~kqsxM z;nE!$GTdaZxo42OH`y~%CVRFw*Dd9{iW<;IEX) z?uaG0J3gGVHOzi%=3u`k{Tb5I7_<|pjs@Q0r*pjb5^@Ai#OxENcmigo|7-UDJ7)i^ zP5)i9f9u+zV=kvPxOr=94JMHDlaa%9nETz%Z}}!x2j@{a9^t>M zRb09oXkvU|5?-yJQ;}~Uqtnsd^umz{hS(uNelF*FIOZsu>{6od-5a`z^u0C|qH~mX zg-8PWUel-Ody@iD?R)KuRVuC*W$UnFsQpZ5GHxQm7ra$=^0>DC)F}6Xv0&>fF_2=9 zn2vBMrOB`E@6cHBw4-NV{VwhSGLx}BB3txw`|9>Qt7c(T1t0k>Je3Jpcvz`NU+Yof zz5eeEDb*hTnNIxW%73>LpTYiTz1!m-gm-)P=C%{>nCirz7hQ9XlMZhoc<}4zVXxm- z9Up1vbNy~r2F2DLN_0#;Wi7o!I%bRSn7e7ol7Nmm|5J2KSq&Q=JouvwinpNz)EkzD zzfyzZw*YYK5tm_=CwSqEXixI`ZyGmaq{xZRb$AmQ4O|uLdxKRHgskKTt8QGMWh+LEXZldGS@u5}nECHopzpIeV6I z1e*gf57lj1c6>&Nps*A72ik$A4hRTmLb=_#vt3zEJO?hy%~!1L+NXVmP8piNAsCvu zgnI$f`~4b+?PuT?!h6^Fkh>N7Gq@j`{*UZlS{Sx1{obrs4Gi8M{mQz6Iv^jHtc?%d z1iY)ToU*!nY$U&3vurYkyBfy)WUse+RsDQo+(W|8@DVogz=`FOkT?K9JHSg^2 zWYE5rWJIklU-r-B{*uOcvst{qWY~TxyTxK%kg_{einD2K6C0@jEGwR?$=rYuW1k?V zxz*$k0Fv4G8f=P?`BVm!YMdvRfd8 zulB!6oV9@)it&=l@qnVa3fOej$Q^2?!g1kFs}H&TLg1)in(=}ceqcc#M-e`>7h@pe z-$^}|s|BYPT(s=j-@rb9&lZ5<@NUgF)5Xp8%uZ5}D-OynT-BJ5E|Vhr(?xFVizH%W zjVtyT77Jo-<3Z%AnxQR_y1*Deg{t)M4Ue-&^ zH~kf&Pd(5{+^#zAiOJm!1LkMAz@7V*Tb~4dZfmt-;~qO(9K;4QzBbkq1s2{CD?A~d29ozk1h-ydZ7KhlV9Y>YW%$iDcp-0_hD1Aqtjc(R*@IJUp&SS9!OeL>k~ zzs59i2m6KI)C9T9+JK%1L)cygsT;?lbdU%VBTlpZ+gNE<2ZknMeGfZ0uSVgCPKu4r?taAh{GQt!2>n7U z44Knzd3yyOPS5f*V8E}G&4f7F>8>A9`>z|+a7sB#cg33H<=K|zvWm;j&>Hb;_loZE z_KVk(@Ls^|;&O1ydx{=?c~s9yfbP(rnUfg>%OCB6ylg!`4x^ALYmD?wB7p#m!;;G6 z0Bi3Tjq5wC4u_~28bTvj0ZU2ojjn65gzbQrxY6|^tx|O9s_T3I90sZWkKE|GiP8ms zwTr6p+x%%AFm_C;wEfzUP;seMRuvnJkX-qiy4Q8rb&=nnTM`W3>q=SInwcaHQjzN% zjv>CUcj&07qT5|xL?%_9ME`20{&dY)hU=1{W@z`$t3a4ng31pjP0qEoA#Gyrm}U4h zY&m=!Y!aS0mY#GO{xX9kRJ$KF?g#xF zqSV>H_53@z>xi+LOxMJ*jc_yQ&w=&kScTkqEc$25^}bcw^Ll*a+yrgA4xB1OTvU2B zcLglG+Ri@AM=Bv-a|w4z*bFLix!eK=_cwIXzR68|t{*CH9q5FODBbJr}xqzQMVf7660MaUC-86V?^y z=NjyninLw#_px-Ih(gJ^Nph=UyC;5~5dV`Seg%lT18KHh?1Ke{;egM$Cq(IN^a_)xmYG2fHPi%SBRg*U}R;J z0X|mgLDb=sCtTBh81lH62&_iz;EK!2ag37LwqQ2k1??5lwd+<2t6S}Q!brXKOAK*jcQ$-L?z}k# z{S!hMfM4}k*(JJs$U zr0YGO`M>>4yX!(MB$S!+kN*gBe!iL1FFV$S;zN?(F^A3D_lRoT=alJP@@l6k;He^h z094&i75^{_zi|}qCk0N(RS&2GxTp0d)Wn^trIahtk%S@b8WFi43qwPW+{q*-m>@|< zKu$Pf=lclv#iKaPN8d!Qu7+2#t*?As(eYJb24+_sGW7*uBW{|6B z9m7rZ7U@8T^n2C=I0!eq^3lko?-0_byIcdyOOaNj8ywR4jHS3XWJDCG zJ{2zbYhtd;N&jhn&x9{-_ zrg858!~3K);R{A|^YFEyh9@vFfyc9=$O~RX#GG;9E||`S=iF1KQ-*M);N0?2oejTt zw-ni=)g)Ak)sVOuIfeFtcKr%VQq8A3+!uNR*+KB3q2+W#6s~F)*fjhPn1`K z)S=?LbOW_PtPWf0MttHd@1DQ~nZ+9g73Q}~fPZwrdkAcEz*z!(&jBwd@I(j9323Y!SZx|N&SMZ|11DE0T2y9T9JAQ8dGzPP_IP+{crDk^yZ);5qfhb|EqxBqv%>{ zq#<)9omL0lTo#ptx}*Yn{=QR6#D`=c@+0tE+bW6txxhy)$}7GfM2?xE7x^tB@?{p; z?8QSePdTfkyMQ<$pqBa;m=K9Pzv&#EFu<<&FQ<6i~StO+gllCp-rpi`5u5HY5ryA?n@G6%Gz(J!FqlxOlg1*-eA$m*z? zvJOt9-2&2PS~POQ#JX9KMikKSI;RK=0p~Kbr>nTC-*z;K%v%3D>5A?dO1qmtkY#J* zp6DZ-#vo>f`xH-BzyLL7zGzHR*82oPCy-D=)&~V(!!Q;m2Vf0=R@T!X#Dp1l48X*q8E%b(&pI%9~=I2(v2QOD124|wwe2o6YcV7`14+Y0M>TD_@ zE$r}6sl!oN@kTo8kSpxZ29f>wp>*KySY$Jem+PKoQDGuze^x%YT@lK8?JZW;OQq7x zBC{n1x5YqA8>kx{3%|3X^n)8CXyiPXaP!AhT=H|RuekXGNgMKT;A$!hOZ4ad0IVZ0 z(VzbifLjol=+A!(z>kLjOz7CM0DPIiM1Nj8JZZ87K-LH1Wq;m5YJsM`0f%FpvWoEUnBB;#qqgJHnZ8jeL%op z`evf}8%-`MAijh37eKWA-1dN5M5~h%0ym$G;)~RO7QQO}^rXPp;Vf?xt3}X%TXUsVtzCZ!z*7KBbiy%lb44!pex!neIen*VJzU-*W-lsn z#iuhYB|LFJ7%F0?EKOIOzdGSB^}V!;?e))4gbxGU@g87^1bnzw`vJ%@pzOkA3f}p7kt-^nj6hA5o58nxEhE~Pq7gt43TcW zy@+##6&r0^t=AhvQV1XWtHG92#a(|K!i`tNHcfxG-0}fmj!?s{ry@yQ$$}&}&$mT6;(sd&~Zgb*wLmpw)zKqsfpD&bi8N5nN7Y_k$SX$^Fft ziLyO|$N_rX%%Y7YDQ1ED&i2e3hQSo`w}3HUG3s4Pu8k=uZV)8#KYtdYCL5F{D+q!t z=63`=kS@~GuM{J$m||{Sf&G2SrXS|bPW1EXVePG_rPv4A+`5wPT8iBwvCBR5isX1D z?e!ng$Le(Z|JAp@-D@LTNrs))%D;R6*C-$C`I&c%&g>R!0#VH`!$B=+#B9qnUqSY~ zmTA~a{J42#O}vjT0&b~K!s`XTB)}Q5RRKx#};w8Fkwq;)=ZRtqqF_TCb)#iKePns_f2YWo-~MWYQWo&c-iFa zER5eVKg*$Vwta^(`I7^QftS%XKayY|HXG#643Gx_v7Mwcv<)gk^TLIS%skKVEK;#7 zf=WxE((I}944}FoRIRnPgl01}lh1}6``aAh*$!QproV{7C8$t#qurW?!Y&P2S0@`f zNn~ZN4v=C2kf&YA`I`geH-!A$L+%QY2MD>*Lmmu}>j}wvNN<45B;=bO(ib475^|`A z{5n9U5VDttyci&R5VD1XK=3(;y%^vd0#4JK{}5?dcU@h+fmVMs)C_wg%$gOKERp=; zP&_t0lG_^L&97g*gmP|h<>WUAkoyR^$U`;{kZTE~2Zp21p zQ*I>$oa;#9oxzP#(BBn^6H_uDRCq(l}i#rIU;pQ8ZB)9(v_V5XDGESETcK8Gy+rgR_rTpw^> z|AW_kx{-E}b%wkdhCGPxQQ(%={W}QJ5Sv$29aK3UsG^#Sxbc!T5Ixta*BSEZ6{#hY zKP2$>RnMDqJ8cxt4G(S19do$Vh#Za~1nBG~wI$*a91lyzAexZJNbtaq&F=nk4N@FH zgf(_|n{eUtbc>XY*YW(!Pr{nI0zMv&>K_3$UGgAOU) zzo4V)D3?3rz%yfrQFy?|Uqqf=GnQ&tr+sbYlohVa#Yc4n8KyUDa}E&JsS*g|q(q({ zz!=q)nV#d5S`7s}^liRh>tqRt6FGiTe}nvcb~1L3~j^V7vHGSoAd3?=Hx6f>G;}a^hokeI~fpcx7 z0-*scP1hSWR4*IKJ(jU>xCEKiOK?6)1veMs-@b;2`H^dQSj+4oq`MLSiY#pW?Zhbn zOPTXwMdmv%Y6n5%%yGti^Qef^X-DgPGW4)C>BGevhciSTJVShR2@F;GVtbfkF3>GB z)bPq-7)&vj?!u18KG4zx0wv4;!8=EVT3 zMZQga1zKt|`RWCBYW(0bIde@e>yp&#%-ZO*wg#L_M${|KPj)VCR>GJg{_f1B11#5V ziSN=U*ZLZsMJh&ot}Kl7(#MPNhJjH)i>?b~_v*-+`kOKbZ$r7VF;$4C;FwLy%!f1E5bb00?98dbFe=k-O$}^GeKUGQKgjokyww#r!hf_uj?BWh>@RaN$YGy1 zv;#F0l4NG_~8Be zJA;QJ8ipoid+R31j;wLLeWS;+raY0!Y-Ups=xTU2+xjd7N09vLZURhraq+(b7?`U> zCFnKJ{;ov&eE!bWnP0&X1Rp?~I&X4r%KZFC>%fJ1Vp7i*Kh$|grfc+Avlp<6JB_9g zo_$~qSIliF5Z*^G{(uHufQ}YODA(|8S3`SLZm0b2YM5=)SpFRRMuq2#X2?&>Q@U}{ z$G6Z&aOH~-ngJ?Pk$cK)ur_B>&#aiIThJTPcD;~+&boXjf~|3EiJXfW9nIiIQNKGl z0H~loE1aVhqDKF%EyOe<*D6J%_n2fO(puW@WbVdh#p2a#5AmEn&wmZUJ*k(!vd+@M zwSS27MK8`hEi<_p&#IsrYfyE=-;?n!@uZ%=Th4Hr11bURGIK+P)urNbw$zz*OTl+V z$BqCm;)KD}-H(yFt50b*S3;x^#Ns+L`=bwVCBw5aGg!1WG1ngf^AyEYg{9#8^TYsPLq=q z<-1|rA0~HgG&X|`%H{qLw0R9$r_KC^RzR9LlmEj5)GEku*1`6C3J_UAJV&@E>Rwj7 z-+ogqGWiRfbdD;44}p~xIr^zEh<~xe-?0QfcrPnjeG1+46ZPqGOEc1^$*}KQJ&-K< zORe2TWKN?9Yw;)Vm+4(*`~HWbQX?Z?3q)&8d1_|n5*h&xd5QUn?hlm%?J|Nx&{NI0 z-U(g3lX0#7FTPC%O2Lb;g@E`5fwn$>_B?!)Y9cHn{5M>C!)p^^bXi~_D<1Z)F51(eBtb)B zDKDY*v#sz7#G+(dF-mu6{K6uZm1*!}Cm|;{s0^B0uUicxGKK+hm)h-kHlOA9HB?$N+Vt0 zecj4n;Z^pRc^#`g#g?_9iIzbQX&{3wcXc?@-m9F=%eBqLFEtohvvEcHf%p_P&WRDp znk`j2k|w2rgbuq?1}EmGEa9Xb_tf;5bs!gv>BS~cP{bL7fM>d=_L!S*P}oGkq>bG^ z9&j`R%?4Xdw88giSNq-m2oGc#<{=9NiL&Bvq!3mHtvyRWY-NPyU5SMMsRd-Wo?QUt zIF|c_Pl+q6bruhH=lh(UX?lT&In?DttfZ`2HFqz{Qur(Wl_sGLP$zPG*OG zY+m@=0dlufCsNyN?l!eI8gTa-4*5^%g!y`Ma<{ldGF3ozWvW0MZkFQAJ8hAM$%bc? z@pO2$2Q(W@bmwsQx>MY1)xPW_qG}cGU#66^yf3Rm9Ut}4aEn$^+f_Vzymdf)v+<8P zU|JMWT-@v!losICb6zvw~~R;4F$o$;=UZtQLi~bmVGm_l6F6W;CmDIYx3< z4P-+;T8pfsa2eL60GCL^r|;N5z4DVgcI!}SLv;I1Fhr-rD|J$7BTvi09B&nY0vF8B zR*Zr_p?-Q+9?>0PY@h6^yurJuGK{Ys;asNno29<+pxVEPUv>DmBoTBk1vM$!F(pHy`LH?r7Ds8c@a`Fn@sx<9cuAV!9aPfZhMl|g< z7&9bu$Df5m@1f}c_G=_+%YIdUjp)j0cebpxKq4~+&C|HR5=y^Pk8Zg7it47v#EY+9 zWevX0Rr5eN^+i^|R`XvN?+$=ANVf0~dhC2?f;h<`N`}~-N>S{gdgp3&ru0BX2lzny zW)!d(q;?KG(4!vn@!cQjGE+%t!9fv@z`M*vnLmwGewy^H$eftd^rFyXeqq;p8^Kj2 zW9;sZE?j8ACEv+iQwG4<@*J-2QrFJe6(l!QvRx2<;p`Jm5-NcotY?`yiTzIR*^3r1 zbpF)Ux(qS#5D~*33`E4e>gVD3-AV2F^UVMcJJ=exbPfOCQI4Lhlt#Q)b zlGGe0&5@+OIH^OD?s{0K$xzhg#j_;o%fE|~j+3Nk;*66e>BTrnn!V??IB7eg?oIe+BImX)Z z!MZ5qgT6`Ey^cPqxv8NPB){Y%oAZJsT<6zc@CCVrrh-WCD@^yq3uZzhbFn%C`^)ys zmI)-yPOBkO8EHP9UD^oDYW!b?|3}ngbbOR)g(5*V$On;Id&-3yCNRy}Px!)!u>l-2 zlnl!bPrbXfAJZemZ=W)Ep2B+JhUEOm_8D?>%0zL9`inY|oB?hz4?-TZ@Bdh2TEGJ= zn&$rVkdD@6hEPa(}Y^Km} z@@bd)jv{d%aIB3m*CVD|+s#=jSWcv)h%prnK~1f%h4q94@spp8jrun;jeqfk@pS&3 zh>Io1y^BCVcSFI=riNQ7hR&)?5e#)TyqIl$afS7IFGq>^gm|SwWALe((t*}=b!!CJ zMzDkxgg_hff5c>ndNQf!v0Jruaa*Bdz+8@5^XZ5iwMrMZF-3b>i78h;U5lD|W_OcOu#vOh0S3Hmx|Lb$o+ za&ryFvrt4E=&7B8WVM_lScDoERe9V_d*3r~V4aGwZ4wK{kP#M)f34^Ipo)IM7+O{b zYM}(c>Y1Rd!wk3aBURYMRVb`!}0#+h}2}{bjb)6*Dqek7B((f*Gtn$-S|| z#WOFRt~We?mPE%5`B7$m|l&gR|B`4aeL)(D55u0=t0ps zabC}p(iIZf;z715DQUA^Wohx)`0dQ4b5Q~cWTDmgpOxXTF~lt=sX#1B>IF76p~wD} zple^lJ^buzn5Tbk(?4_h2e@`?|=kU3cU_pTF)@*P+^mB7bXrx zmR0CX;#V+%YT?>3xFMsMn}Rvy9DHz|nr)qfdNjmDb8>AZ0tLI-9Jv|uFzi)w{sNQs z*}GKNV|#WvXBy9dSE;X=tJHfyozrsgjymWP0DRrS(}PD*wVnvQ zvc?#~62qONj!bcR@#kMk@_(+S@rB>BDGIyi98VMlN)9X-_cHzUqwp zWZWk)GB3@@KY4%E{$vEDNB^Y7`)5F{=+xpP7^IS}Dz3mVX?3PrHf?S`62wA4w9?XuU`+TjfRHL%Mwf2$?0%e~HZwWJ(+|+7qoci+oI?yYw z7nj}b6wT3{yc>m>^3T9NcQte(trK9Fd27wzc8p`Z`Po-d<#CjXxC-u+RYqAt-X2~) z2$Fldl$@lP7uFWr4yN7E*oh5%_NKy4RE0mySYoMnzm*VZ1!x9)4{t zn4;}nwS8pRtDd%f^aumG6_4VL2MuBWDS^_$Dj z23|Ljfy*Wat#)p_LNJv3ADC+S1cUR<0ekZdiiS(G5>G|hs>bXp+Bx$tp(w4uRp|FWYFnrqgTq71XYvE>?sYl zCqIy}+T6XnoC_O3k3u1GKlgxn7mT{cPShmWiS2;(=*3JNr$lk&XDpUz0s(H_Y^*X* zx21{fiVXUI3T>`zn!?`I31chTX@FR3X~rj`o0?TUqv}r?1fEDPCzk*YLC+Bb#@wqu z+TY&f<6+t&wP>e8U&9gV{ODt>^|zP7offd6d4HGY4q@KJ;F-;lKpK0zqs8=kD_-T+n=_ygFD z3dxS{2mh@2U=HnaPqz0%nHu~AM8y*1nDzm0M7k)0ruJzD7nUC%BN^ObH#bh`{k!D) zVj|b(745f1NV^QcJ+5e{9y!XpJS|B(F`GP)k!uBeGltB%KhSE=Y^ml(JR2|>Ko=+y z8RAjA(bt#4n@2qE&+>Q=gbyY%$;*fDZCHLfj2eg;^QBd!h42zoW^->-^JKHyxhBpCp`)MooYeO}h!;<-x`3AhQWo(cEiAJ6eCB{^OW zEl4r-dn6UlkF&1zqf(W9WO&x=nUzKRQu8IVUNk&w6SIyax|ehxe=NFM;HN|ff0K17 z(c`3RjjFhWK3oz1lRwpqU2h*Xa~b$z zSvA*QI}!}Vm=qH+OVvg7^~nNke?n-Z;;)$F81Zz;)e!zVIaLZYLFGkg*xG(va5Ak*QaR=%%X zbZ05~J&4HCh@zW4ylr`|CndU;m2k3oMaKkyy)t6>u1h!U*Y7ID*k{QYvX0E%_l9%# zJVxylcjDTXHY@Dkho`t}26taX8bphMvc4If$f%0T5{mfEdrI;9Z8r@YQJUWx&hHND zWx$w86p*4>OA3cKv-l@kOf=wpfYBvYy(^X10w{=IGt6Dd8XPkIB!f^&eSdgwscK#f z7FOOYCk(HqeKo~1DTj+z;(T4Kl`1t9z@zFo6yTsy+_8{rn6H*?bfO;u0GDV%PpOJL z;)smcUS|xi$hpXrYJfvl!Yd>nk6G$@-34|=Ec5o^Wy+|!iI$?%tR*&_yadP?;bhB# z^@3HXef8zQrw-F!<`n4j?h}hV(Yc+Ed*$3tAzJQX4(g$7e-KZ-rOte*-cqw`LAiz{ znCuk(tHN)niA=}J<*z>lxusTN zIU-1m@7uYOVFrT{vP>7B?Rx5evi!Lq4uM4FGbLF*8zRfiVBYP^>s&|wew4a zR+IIu5=_o?6ZJI=hih3Q?st#M({PM0uUg8m58T_|EC|&Z#>ZTyyXU8b52mpp$3+S>y2EkJVq0|Ne zv7rp;6?o?KGk49!qB1(P;Q<~F@k5F>Ia{t=vOYP1Wu5}kZq$Ni>uzzSQ*zI?|`?9 z;P`T6N!;2;8s@I+>{4i`4-N*W>Qm|ML8P13C$Oh0*2Cn9*xtN^_xU@*x z0%U};-ZiqF^1zIYMW))D8Ec}9z~abd$00zmJ>i0OIVWSncqM(Z8HCL?bKbzoL3fnf zUgU@H8|%;iv>#ae9P|+q?`!K+6iNtRoR0H9eno<@;Wl&?Y3t7khHE|cZ7Ue=O|Ui< zt*JsPfeazB03cVhFn2R?GPebKPE?S)OVL7{f-FHCg0#fxx|X?KLgJDjz=VLoKLq^Q ztO%HRwajSorlSv>CI!R^_VR zv7;&;>{Tx(ZBPDx8{h24h~ZT_7FEKIANBwYw$&Bg``{P0H(;=rb>QFrx$Ehz`=cW> zy1KtTu%rW{|4R7F6d!>>(zX2|eG+zM<85jATH802YvbVPB|D;hgC)cyNPxAZtq<;#H#8 zV1FLyaR-d^?@{wG2F3n;+&&03qnmLvYeMW@!mAfEM2_u23pV45hda>>(MyZL9CX0V z5CLK7&Ey;5*4Vu&)2&|??^XE=H<&qwKXey5521mTqPsH&wag&?Sh_m?KAu{?Ucuc( zs&g{uQk}EaD}YDQ;{QY2x4_p`RO<&Q5TKYK2th>x7A^8hR1B&_uJ%`6B9JE1luaLs8gV>jWSwyb4O))eLnAbKymtxm$0F(yG8Q)46 zUp#>QY=n+pST0W7KyTG7#iqpu0jTxH^&uDc00#X>neEVjD_3J>3_p_mkRke zg9mb}YOkb&hXU#n3*4%C%R?enUK6{o4v7V=D~cx)yW_-b0wjfF#lIO6yChK@Z8BAF zymRVM`t@c~0CJ-zrrrlwUp41iFD{Nb5oDS*s%0mF0ys7nEK#{d}v zs80dZUmq~!3}9*spgRVbV*m{)fQB0ahPeiiu4XX?m}dZ)6o$--fMLD?5y`w1%$#pI64{+$c;=^Ix?`B-0grD{iOJP| zJD@7YV4ZkOVOt)9^~GRRr4(4zO#xef3`X5dfi=fq12Gu&It5nsoq%mH1}ow*1=bvc zMKKuZr@*Sd8?X&47^K}CCz4B*q~9`kkf-FEm&+r1@}W!G@fa?}1&aFb1-z_*T@S}z zlR(ZKAV*>`1|JHE^Ev|#%2Xk%z8?}fU)IFhAB03T4iXDuN3H|FU@i}XBgUp4{dz!> zI%tDn;?_;YtHch(91{@ZQ!dBfe0w!Wv~0k~?D-%=@OoHxg*RZJ^YM-PT^}w0 z7!ErR5XqW}z36)E1|?RWzYR6xtXv*YxUZ!kW;k5q)R%8247lw(bP2O+u7nM) zGOL7>2-jS(DLe>l8{b{Pcz)rZTg}BY3azf&TA!l#uEik!b+u%Dn9LQKjYE7-0-A1?F3%;90bk>&Y~Omr2z?sUJ6EVRJ+4Ka%aDsTleS9Fkeu) zjLPZZNlw4O9YpT~r{XP{%LJQuc4K!gzXN1VnP-ervoe!Adqb{6^7?TT4%C4O*gW7z zNT&*`BNQ~y-bsCcs46umToTDB6s@2VE#$?jiW)Wp1sYJi_mv2bw-h(!X1b|xg`_TW z%|q+o0A;OhZ7+>pTeIv@Wuac`v676A!K$McugcNJs9-X#M;EwBxW@ZvO5XOARpe`b|&p+RAPX71a)zq$^hDIrayoyp{+;cRxfu0 z^lfZCg%k&(-Ir2|c8Qcq5!XrieGRF?C;Y>t_(>EVMT!Hl6u~+S*@yoiQlwQ5Q^a7O z>s_85P1vX>q8!98ZaSfn1sh^VR%=a>nzqG*LBNA4TWo8Ez$BuR*iXI8j(0Fjo&&4- zGHoX$0qCY7OpRw0V3l>oG81R;&&C{2%=v**6kt6+2+};()v6H}nUL?e@<4~mANZtH zJ~j6$pMQ!zjamOSZ?pbamerC$!3o!&d!(xpLWs_4ornaEEsQLI{ht^~0_pfCht{j5fWLCwKEYf9=*To*6$;gIXEsdmDt~3 zc{`O%PvTCB6wEHg-?_BjS6}cxhyktavfHxrMW{V|AVzXIF>lQ%5r$tmePNfSd@zcE zrc8M>kZ4JaZcBuO;ap6gZPD>RD29=R-ztZ8y1&H!$hMd`J+e?n4;5vo;QtRjPRPpW z)lHlp+Y@y|Jc{uFttT2!w(-wWL3&#zb`Mal^`Ogm8VbR#u`x4fMS8E&ny7CRTarQl zYJype0N}%w&6~R4O8HS<7_%4zB^yETDs5~|J~);(=9KdN%8Mq+rUANz%FF0{&=4i< zPbO)9;S|Sb(akB=8xD?DVtvNWVg9P@a00t$GD-IIa=)c2dY-nOr$yxMoqo~xOmaAg z^_}fA^7yK4G*iiV8>vmU2GR9y^}0hFO;5BD6uSxSG*XXq{m-DiYLh(R3)z?`KrS** z;ZTp>Dn~Hr$O9U$(nO{`{nkVo$RwVciMjwcqbzaf$Hv>47&CB^26qx+(?0GE!Me#- zf_HIk^pn-{oeD^51o?2hKzoUL(fv^Id@L=V1N>FniBW*GJ<8;g;<0ub%N|v<4;99k zaKYr#f?=pyJgX{6i4eUtziTlx!w7w=9c zi*B zW)@u6n2Pqs>jXwMTMw?VPp0#3AdeB8w3pI%b)murix&U7%^nWKo{*PIy1|E!^rG|R zE4EHhr}F(mNq=6tn=b5MsHj~I>2bZ#j$G(ry#pzIrY7Vt1TziN7&y>N8OTS8ok9so zp?3+W=!RF|lUMk674wY=^S2yiD*0pT|BSzXzWjg7U*CxQG4+4O->IX^&-BXdi#F~8 z5}Js8YgRtX>>E?TCyY`UmFU)oM&3^HX%6L__E1y^?CE^^BwUbyaV-(>)UHTZ7yb+U znBTyU=>r7P<$!h(>q(mfZOLZXMe7%*DXF531rc7+?%8B&Uhn6Zb4A)e=>da(+(`*K z2#@B^sGXTVqmGA!JKj5GX2^EjfIL_`*2$Kr6pU85qSV3?UblFEa{EWo5mw60RjD2%&QCb=-Nc zT(BQe*WZNoWW1W=2LN~_%zV<-$MeIZ#GWlkg`E)|EE2HhE`s4deap}^gtwWAH#9P4 z5N*$dOcrE53xf4dJR)CbSy*@Ne%S&5lacO=^bg@#;PuW`nV&*kdz*{MP-Ivm&LW~0 zuMtmG0zy5B>oUcKW*4_3`d%o7d0MUkr8sb7nvq(Rwm}@?$`LV2WAk-KH6O9PHPlDu zMvLa5fv~FHx!=j4g`nhZx4*(`y7(L>!Lj=n^heu6{k~ejvI0w{b8S@*X}UBlo{f*U z@IOMKE;P;&!|eJlyUf5P^WrU%B61mw-V;OCL7amIS&v`zU)0O@%`6^ztG}H0)P5-V zKH=`}1^pEAn~%Q< zHA6sNj?bpFq+7T_mMrZTwa?;}0_Aj!kFsSK3m3ec5C4OEcEYAYu4nMaCy=$O=s$Ay zX)(|&jPgy-M~C$Y#cojS4jkRao>_WMF%Yyny7pEs$T#AJMmIOd1jFa)N@gMQK&s__ z+;8zLdkdn^da0du5k-2XAm!j7c&3L#n;EHstf&!bjsPPqlx_1gH&5KwviLTzYjZMG zGBZbZ!L?avLsIgxk1haX{|0(J4og^E-n0aK^k(KD5#o~PT;iE?B#woBu$(rb?Tfmw zD@j|(K62WK=CG!~rF`c;@+LO^-4=Fu%u8By(eGsJrhIRQ?9d1H!O$9@hSs=78G+jP ziEQjTBzI&Fz@9qjsUl#R)WVF*7J60;z(lbl37 zMz+efHwSyuknA5?#ZmNLXK&m#88!b_jvj+u*&vd%to6b#wRz#dw8!P51zxdmA!Gv! z1NMTnM~cr=-oiwBw+snLn?rk`uETi7MS8LIte6k!e%p6wF?=hj8f_$Q$EjGCV`=T2 zQQ60M_-)z`DMW-dC!7kO)CYRblVJD{)RMgLJntY6^R`}v6j4#s&QEIo0i@$JJ>bhz z`5}!5d|yfe@qq80sRW$w+$mKA=R0>uCA_nyb)QrME+D5p2~_Nm@V`=ccdlu@B9(ws z!$&6)?9}jc$s|2BydRT(k3Tdd(YIQm?UBDtCfz6f?Lxji;%_vWr5=BKg>T*RM$sm> zRYPsCt@^nuI7%c3pVAU9oJI4LzTj_P;@fBZjfc2OTrd*$wgHyXEPvyDb|syCf%U&* z#l;WyV!z%byzyYWlsg-5xsLm>>fD>_S?1S=ZA%z{VDNrk)<&N%J){SFv6H@<85WZm zasPN??3ztbYGBKv4Ench!V-nV_lBb-Hav!lT+9W4zRFxJy8G0Tcbtd*Tr07}1U>Dx zLJz$lNv}Fu6zEm*GJ6zCvnY1DVmGT!7{MiJR@_@gU_n z|C9$)qSx^8K$T{}VhRa~F(qm}Wn_t^_|f*Lkk4G9Us;!gy%|g174@kO_2GWJWL+0T zx22Un$ZbSRob0L){nV@Px4q73m!oDa_F!gNj62)B;HE# znUj)76Zj>xOB-bV#RlfSvX7%t)B@jmtx~ubOB_%R z2w^4Aug58CEW}uAc5MbpkC#-m*M#&nHbz0Fra$%4-~7A{zx#~PD?-VUoRg7n8bwR4 z^TRapkd=)0vcecoS|VI_MuR1GhH3oHtBZI@r%C(Nw8@}fcp@A*!UE9lD3vP=|C`1S zPh1nK;REqbm;J~-Y`Tvv^3eNwF~E^@>!GyEEKkZD*gip<84@PdwCx0>;GpR077tFC`eWG4ZqnjNPOmN#`QHO#Yv)Ogcf5QVn;6 zBz@hk;gyDy+cpX>C!1IHv=y#dk!aq{rQlmhs8_&muCU_|6Hw1e(zIlf49bP0l1Zxs z>WpO4k0j~hWYRY!spEwN`esRLO+sBDN#9E*eL|A%NhZCdtxK;kjheZUQw4 zpQ+}5A{^7UrlIh|cwH-np1>L+D-H(8dKwy3lzxam;FQ=gTT!-hr zQmd3CCb_RAf$5?c)9Ep$0hGqS3`-LepJ9i9$+nE3O3iV}-Mu7B#Pq?uyf2WFtT0dw z;iVhCdmpBV{kZ427@hn>jwy?~;S%L~zW3NE1gz?=iXJ(eMs0BsMp{>gg5@p3-kb2P zPx{9WZ{eI)?^@ONTC!36Kx;CFuzRzEB#<1TX2V(QZ95+}o;mqte417~v~gp5+vo6D zvy4N2%Y97Vx#lK(yMw7qY^ovt$_z1 zih)#tsU6xOfb?h<5bFRfzz9-&6FU_ zYonsWT`L$ol`1b@!N6&r4_>Nk+CE@lsyx2>f_}dUJzADtTJGN@`U%4w)Er%F+Cd9J zk?RF z!5%04%?~+Osfiz%td6?A#0msM5`3+Z{cT^>ABN46X4OeOPz4N#Tb3T9o=apg_P*lv z@P;s6aJ||#q(GDV!Dh+|JGOYP&@(FIQoGji6CK8$}0hoZy&oJi<7>pAWC(H_ZU zgz};tk_kQGs`xiv@ZwNdeqrqWA}7cWK|}bHvT37-C$?of^e2()yL|x<$5CUVW$^Mz zO>Upwm+<(hxM|IFz zDoXh+&ANDmOBH=T50^jAfH=;;9r{gB>TI28UlwGsNHaUE_~hjN_pPM9>t&@z>NDfi z8K=x>nsM?;xg{ITYEA``dLl9w`a2dr(t!`6b~F}ec4XIpgKlU;mx!)6+iAZm0juAOkbSq|{nEBpv7##B53V0k!;k98});~VDuvGKXn&)qVC z!+fV@a+vS3=W0B!Xj!}lgTt-FDuZ#GP12V8p2jQpFp5}bDdG{0FB1qM*31-;AgZDv z_=F^Zl@>XqbF9DSGjou{DI8<1#={&Go^A-*lWF6`-d`8v zY`_vY1qYtmEo2k8`Cts@+?bi8q*C07x|;!J`2v>-z&*ASP*&}D+!~K6K=xK;wwYk) zbilW2E+3c4hof@Ku3H2{f_@@J^=e%Ij#Rc?u@IkKVT#Hp7|=5BaUyzh$)cKMd>-ox zQ-Y>l*a_>p!g_rXJHtELGN6l_5uLT@n{oP#GiH2p#+hOMWNX2U zZEutiz?+~V<#4dqW7|)p(loX`oJ?bEo2ww9AYM1eO)J%ec5S ziwPIT5H!uhr8DA$21&4ZFUe*k;m{aDk(x(D2t~Sc450~V!PNfV&|c~J6Sf#fbYU>? z44?!Cp5LIAS!sA+G~DU~yLZIkoPJdZ>#>BVSsVfw^^-HIWQ9^AbNBmqwu7g2M)Uh^+D7%q*0Mx z-aMHAMcOu%07bell>kM0G({QVq2(#0(5%;I|DGy}@siQPJPindGT8m3sBdw|`*%Tr#bHBTmaE#0I* z%0os(lq&bfUmLO3bh$I*a(gu6xw7Q3zqOLbq)XOoNpz~|xt=$kGoU@vK!6FNPRi$# z$--B=d?T4;c>nV{L$cC35097|x6Uo8{L<0TQ=nk$6!2RZy>+gBBqhqS*7-sz*O}@$ z;Lld${ZnMiD2-gts`4TtMDQr}{Nq59oj@>X;r*%n(wQ&^0AfA6b8DlZAHOKW(hbiO zk(kyMNzn(S7o?CX(JG*9$0MAo1$79H4MhLkhP3cq0i4@9G+jdX$Cri124tQk#<{W{ z|N4EB!%}^cuYYY*%jWCiYRC=&^^Br~;{=Sl>utiEG!4N4QE07U-`8 zga)D$aH$k(+00rtrAxm3TJDfSQ2Lonm^f|4+;|uROzC?%g<_RDb8ENrD*b1}*i~Bd zyUKhtn0-9}sPYo#!mrip%gb4-`{>oPVwaCl9vwL-#ObO0((4+fi(01dXmjtiyE>~U zq*%2z=qx~Ya?q&``hhg4cC~#yw>q5*g@Cp(GB_PS5o%N)J^0(oYA4zLVJg3Lq_NG- zSm$v#@92$w&^IEABmA2OpGu>^=T zv7}%5O_HAyzuA^s`%$O&YHu<(ln$!BGF4jh$q#22R5IzeAC=)+J{HTiZyupcQi$`? z`Qs^l=_zR_>_*(_c`8?L^wAX4r8S=aPk!(U`Maj_D=YQvuPZCfN^u$%Ds`R=zxPQR zDs}4!Ws;T3r}M|H6txc?C4X#Vkv=n_Wid|hwr$Fm(v3;~L?Ws&h#((gS++_%Xddng zJ+Q_l5KhI`&hfUbd#J3MD`2B@u+ir!I%qy?EfZ1wYEKTGpcaHygl>KFl@!T+0s|@h z@bMJNace1#O6X%i3pePjG!Dy+6?R5CUnTHDN&>$R6+jbw!s}a|E=YllRNpz$%CdOm z^@S+SjIGQ|eFX;fz3W&1oB9GR>U&WdM@4;4Nav3yQ}2Tz?3_G5vw&g0a6Zx|E+{b+ zPf57ikd38@AlgUbH%v74&lJZ!^DFn43Dq?< zEru?WqKhF`(`~gbU98J?X;Nu1bSjF37#?pIF?6!%@50pJ?TMk!E<}m0OCc!j6ozq_ zsc)$o(DUd67x>p)L@P^R*E%rMx~1h2wmrM!HhG-XhZ4nv(#%;`CM|1Xm=p2c>-Bez zI+3q@UFx@j^?U7?sgiHMneR#?sA%TvQu*c0d_yrsUP@EFmnXzQwvaex2Q+9b~sFrH9c>>>C7-BmNh zBOeBSy`xBC5Ap|fv}PN|BO)krFGpCxsM!BQ7+K{<-~`_^q1Yny-l6D7b#c)b;C)~% zX49{sy=9p!UXTj=7aGEPRQ$nJ&?mM5!M6SnqAddyb6@$K29WIYK7Z^QA)lDY$`Bl( zC^|@n7ThrbY?qAy4Q#;!{zN*zMFK%(6CCczDq~!)8j$su^nRlcQsxvq1T7IG8uB;+ zU&h>v2?yg3zN2k+3fvFtl5pXIWYTT|bx|_u9g?&tk;HaH>?}F{)XVq-4lL%0(d7wJ z#Xs;BVxF9`g*1kxmZTC8mP#ieER{|`SgI>k1YxOHlL;1ux;B{>A?TD$uyE$Bgz3W{ zRng2m5z6{FVSyyv87It_gdZ@WuY|&u$HN<`#5OiAA!#5t|BARYfs4x`S?G;)LpD-*_lVbPC)i#OI##yf z|FFH%5o@&9pOZ+fy}pu6V|yhNti8TNnAP}WlBg9)++CjV!}0_+eX2-HoS?$HxIE!3 zPZ*(PR(s1FMj*dZ(l#`(LF&p|s9F*x)Iz#m?7p06RHngj!f^2;PS{?X-qwFE_^=rT zPViyLYv54swK881rMTA$=`y|!0txki{)s@`Xa4(VpxiFGI)Kn5<0?$zh@L!Lc9CGf z;uKw!SdQMy>aXsv@V#lw)z0MSIdzKUN1Ad|Wqn60z^T53@43nZ#28hoKqD&sQH-~g z!N5|TteuS~)*d|jlx~uKy!VgLB=>+sZqIv8}^kPz?KI5tjBY)~ks zHYaR?%3*WDv_H(2?FoK{l#79^cUAP+XF+JZU39R9>C>iRKaBS`zgs3B`rK#@ycASN zXyDHxnJS@uuDpS3(H^=cD|-#C3+jmp+lhE+c5wVQ!&GRbP8r5y*`Fc1GsMU4z{lP? z7WQ{EJ;Lo6IJs9CXFCSHOj}+XNGu$qI@tleybvlYOU7MH5^Exh!SXy6jogVw#y|Ps z^$J=fY`y8nTKXec{w-iFy&KJoCT_xWwp-VIv(ui(|1&!dlMCoDpMY(}(m8&syqUQq z4ugIA6nrRr=9C7@nr^=t{&KB6$F=e~Tq~c8wemw}!kp-wnG3bLOdH%!-=71t2%d8P zx$f242Dr?GZH~v%vrxf=M@Hj>soP@Csl`cEFHU!!!5{qM(fDE~?^<4b3?5=njuYk0 zYT6o!9d=mX4zV|k`*V8Gv~NW>V2wdmOjI`(4@U2L_~o}+hT&Dg+m@nWAQHPK7S50% z|2;8ktQA`Cr+JU$fRCF(&O7VCye+E^q7Cc74csf;`zm7uQ?R~B8%_cSgB^B>KokeN z!P3hZ6O|jlDsb}3Z7JIzki8CR7^y8L$u^Pnv5w%->`)l!28q@;YLR!IqeyU}xT!2! zL1~$`8`)1z0YS7BS6f5#{61^V^Gq($JTjNC@eBwP@f5TqlzA}v{C@*H+}e{Kh4%+> z)M?1hLIZw4KN5Y&H~DcA+5}%QUd%ZgtwcP+@f2U^zqk${L;4*HaaWLCcSV!L(W~u4 zLWlb}tAA=9=<4^`Q}h*l<0=fS2kW8+IHEbL0<}KeHI7Kn)rd=QhITBpYW|miwE)C z$Mn*-lsf7%63r`|=5>g}3(fPBG>-;Nux{sHkUtb%etA;Lb4*rqfM075w)ae;m?Ugl zd*w58gelfQIu?+lADRAu%pav{U|qIiwOQXajayK=mOVP!(B${cvx@VistO-i_|fqR z$t{7cO?G1{ofOK;Z2$wgo}aiFdT`SRZW8rxcR-{BSqO194MgA9Ok6Gso=1}AZI0&X zb4;4=OY-qLYrRg1Ta_~P;z7QvA`!CKIhB~J7g3{mow;s0+Ig=O&RCQwss-{CFPM1?=WhcrL@vxzAACnmV zQvkfS6Mw=ii#r+sR4qROvpceNx;0?B&Cf^8{}sPKfi3Hx{2(9*-^+~E z3>!7XX^LO+Je1E(<_*s|1?yk1ClX zguV9-Eia==4Iy8@=#$FdG?_n19I;gXq-4Hs%t_@}C-e2&w5j~sWPW`meq3xD^Ovd2 z&&2tAG(&g-Vf}_RT=Ftg6F^}LRSJly07~}o5I;Zo!wp_rshu_9j|wwglD5aw0&xQ(U_XSdWg{o~Mm@Ye!QN zK7!qU@KE$!AV^a=4piim>b@Ntx9c#3_cT2C(qv?sQjw3%ZZ~Fs3}zF2d;{>UFx=n_zXl^a8p9tNiD58S6*X5#tA2EbfA~LQ_@^L|U^wdx zXVVP-G>8Wy(xoc>l!RyC9_F{+S_O|4R~S<|Gdmvcog~vgimM(e(FyM?mp@N}YU5YP zpY3n*KXKyne+H~2s&l1R=ZnCWkpCTECn(GI zWFK_ftN156;eynvbe5dH+Gi_@FE%Ea0EQ_>tIj`UE&z|dbrw-bkO8N!dfuJ29{j?O zhcO>U{+=N}lY{qHo68@tNAbl=tD*-0(Xp<36B+v-upRQcf;J|J6Yew;SBy(yUKxqs zX>}Ps8I#1N?sx7wE{QjOl&-}WKmw<9SdaGX{WYz+Pr7k{X_w|SEiJNNK5X^*xu7y< z2u0~DsAS6|*8xDvmQK?BOSAX4XCGLaeIU3>FT#ch1K6AFC|YDK|7-rrcIXL&4>o*m z?=cZ7qqvhp%oGf2iPh*nRR?N%J{P7~ZXnZnzuW;8!H1seH}CdGe?J@^&LJ^>w>v}1 z-}n4g_zMkv;}1=jz8dn&`1_JWsJKmY*P97|yMo!qpWvvbJM;aps8sWo0tX~0g$#>} zkc!XussvdmLg6#?RZWobjzjWSo<^3dV0iqFza( zU29CngWiA8*&0>in>)l9jBi)L_#ALkDe)~vV*F(cH6=Dn*&pi>4YWw5bN_9=x;4u^ zC}fX|P*h-5wa)cdQLQI@3-%HJWi1r<$uiY?uS0xLFo^1lLal-}R7K0`jSQm}Wa$ig zRVwQ-S@`JV*6r{8!FVj(=nx~b@YlV{Som$+!4`Y9RSFmSt4QJVea6CcCvaTIFO$NK z4zagD#8SXyX5EZ}h~gDY;Zv=Xi}|2gOti+Q{Z;rF+=SK`!tDOOiDG8RFXQ7XhuB>p zVm_khk1C`7Aegd-7?b)7t_vS_+@n&jb%+Y;r_3&+E?;z4H5iln7v1`=>>RJ|*EmE4 z^%cjLQC~~xOn~}hPW>RqJ!;)|aEJ=(t4}JUepqN5cnP>e5^DQ{{x1*2@ilTVIxYakL(Xmu5?5&W1Ls_Hg{40`0wqzgLBgEAX;NMg&cXlAU0YE{X zsSsXLp2M=<#USy~Yh+!6!lgvFC&hSY*oGTr;g(UE;dpf;($$UAFO$^`&<^o>ZeF6) zlItn;E)Q8l2g^PGyu(I^ci&{Px84%vtKN^x;oyME>0rGuGuoya``7kyx%B+QOF#8( zE$zz1J|m~TrAJr9inRVqHZ}_;oa0R&TOaX=zF%{iUx?~sIc6C?Vb%5vb2-d1bMr9-jS9EuW}&zAzDyG5F z0LZ_FcaY zmr8_ufFS0=O16N8Ms9b%CgD+b#ulSB*Z=|I1@7D{T0v#zlP=Src=C7~40I5IqaY@v zTnWx{d>?oIVwru#^A7hsAmI?(57FwF$$J05!FF_(sv3uuPW0w zzd$8=-1690l~)^jhZ)+-H{tvAVoqvhSdIScS&Ss67D))nZS3fat{{N=q->0ZbAb9*=^d}~rh8CWSC0G^32P0obvw#`*)9o=RRq3a{^6QbBVO_FB! zwGPh%L{;hEG!YCi_WaCSaLNs4^_Bqu8+YE)OBs{aj@~qeFXYhX>l&)qL3}VWB=TFq zmN*a+q28WY8xj#3@x;22Sm%kVySyU`DUd<7C@FX;Vs(aLl=}AUJvFTdgB42*OE$I~ z=73uh@G1*6BN4rQ+nQ?;Ot@!h_MYJB=qw)FfpqPrSiI^K7OPakX@`f|!z?ySu+E2p?24g>xRTD4+ZN+U?mlQ+1~vCvny#_>47sOW;8l7I`M0kz76v zKo>8-guFv22NO~dhlayQ5xzanXtifo*0iM*T%%V;iv6<(7*-H45&lrX&MUn zMdS^OH5|dB8(-(;v0SWaEY9jEB6Fa}!|%VEwfff~TK#Yi5pa~iF0INfd}qG~nXxMn zIW8#Q6pw0@zKAEO?p5dDDa}fkvC^%qyhB+*YGd~Zth_ZbRtElI%?Ak#RH_5yhue#- zU42MN?w7>=om%+2!w|}F^kO%B>lVF{Kb|kmbAMPi_}Kiw*V$6j1bP4>7Twd79CFk+ z=nXIy2Wi{{Ss%DayHlD?a2Bhh=LizR0r#S8y;j zP3~)ncF~U`+sGj6V^o_#E;&c<+~QwQ%tuOlq6li9Vq}Rk@^m(4P4>lv`|4UcsW9b{k~O2^T=-K<7P)5smC*U$uGp_MXoE$_sKXt8L+S2jV_h}2#$>-P zozFk>@CS1iNjMG9U=&NPsG+V>C*cnxd_#a)WE#W*>3D4?Sc>AiBk0CSJ>}z`BnGzP-bDb zTVf|EqTktm-ARhJke#HROu}Ut>zt4-m$>yI4BgR&jZO3y;JIg; zal;U{lzyfQHw@vXp@rb~jC%N#2n{tg0A@O1+LPA{u`HKj^Vw#u#?jVL5oprGZqpn# zkh1FSl@~MtG(%8cIfUJ&mvFbK+|hLUlzFsm^I3KQHlOzFESpa$)Z{HeVf$(2dOPRG zc5Pm7c0Gx}2*KBM8^HOw1Sx#e&dHO^I-28)j>kIyF8LTr!ovGUEy)6#0m>+m5rz{u zHhf)^@hXv#dViJ3X;|I=;*~b;+T72;{R*=_AkC##-?Cmny>T+t*w^z17&5UHr;s~w zpd_r_SGrIdQ+ZG9D)=tHw4+Sdp*A)owa%rRs@ip!Su^Ed?(s)~eqp9(>Cen>xI1tB zZ|mUY3}5RIFRBE9Vd8Rnw_k66oMV}&oOba7Bg<*uBS(~zjKbYgPmIR8Wn%kRWE4hf zQvpMt#zI#)XR|vVjee!bShEHSvoslcZ(_XDnV0gu;*Iz&%e8@DP$Z z@!N;ruC<&JMaK?FJ0i8IE4lUMzh0EC5VzheK+E37w!H(!YHfN z&@R|r+C_8*R#`_qN`8g*=a0Q4daxXNutNHC$3wYQUX$6&8vCM65MCF@=Ul}~B+b@* z?TX~hzX=kgHnyuj+!wp%rV?X$K#%exZLq&MW!RB@wX~0h2SCX0B>}^2y!u7SeM89I zw?Ha&9n%BnE@N=%ERaBBp=a2J-C2bu z!ymm1x|3+wlVJ}^7?U|1U;^xW&jm%#>rxy`YqJXX#r#E&qY)D*wj&B)Ac`V*(@-H< zmv6&?#UfOBAo@3pVeSaO4tdz#mp=nso>73S)+aMuj$B20=gYF4_~y|_H`1PpZQA~s zD-DkE^HZ^0Z3 zeQ-5ya4@635R_v<|2{sO3l`ieq&O-*&YX~<* z5CK%CPsQ;=zU8@}bKSjW*MBef|8R7WkGiSzCF9{>&r`AXIy`z;^qWRtaUc3sEJ+A0 zznBcxcrAI1?u*2Lwxem6%V^y3(ClT|Li8@&NF)|4<%{12Jkkf`kFeWzk+O?=ps`V( z+4*J$qoIg{t2f636>(b80wd8IWGmRDv_y_mE@@9{0fSyI$29t}2Py~5{k>JhXO}#< zMl}Mgk|@a01Bk8~gWR)QQ79vkAhCRIZp#L2be>D}xqLh8#B>~4=-0(P_kY#Onu!HpP2G_1 zL(ykpDdXmH_OTCqZs~a7QpK`QmKjH`EYW3-Ris;$B7N)YfLc^lk5r2j|2%q0hjQg}c zjSRUY4LPc#xaVRM%gAUBaWtwIGFR&^-2>NLM>gmaRVIQ9xkodeM^dh8DwhFyc&tqS zCW-!`JhcC27~f;@6iR4#DqRA)l|-uNBGMpGLMk>}zLV0TUSK;X}SL81_#rYw>jHf1tI7%TjF1d-c&9`U+sjNQ*evC!(o(zAAuKe}-lEpUhmo@hplr@hADY4-{8 z)H!J`5JKQ@E*g)gryQb!r!8WhZkRK=oTR~2)finD8EV^|=daRsVJG2vPVtzKU)C9N z4lz|AVr7rs#3XC91_Nxu(8g+sZo6dN05L6VD$XdtcZbh}*+_KtSu}n)ZX_MdeK~%- z+1mYb7NQBz`dr|zQlF1|*ZJ0$Ova5NzpOrs9AYnlNYv-MXD8~@z9L2-CPxgR{4s`N zzeLs{ipiuJ8yxH$Z7t|VNm*ck^CVz#x@c()$4x~W$=nskueeZyvAQ zbNDZG+gNYpN#_xIxuWY{+NHFYcD7+U7gHJLFy5zmc#L z5OAefe5P}A2C$wK7W zRYhArY5o4FfEC~9gU&$(3Njm*uqf>S27ZF= zNqJkobBYh&qc|kDjp2~=#)=W$2)A%-hh#Z;O~y-?Y~=CTq(8zf^)qon9R}Gx)(pQz z`z_dSH-CGx*V=2l{7%?e`6CV+LrC2IgRmRbDBR?d3O%0wnAo6Bb!Q$u%O(?9P43bg zz0pC4tP28~p^q5%QypovFy%f6OWlUaeCaswWD$#NRkth5$_0;#Ss66LVeV9`X}b+n zt)}g;c+|IWP;>eDrcI{p$S>2k3mqb%?cF-{-v3!Q#_=#Mwbv7l$8$!j^WMQ}kIQLq zoiNQ>wcEDc`sv zy7e1K3PA|Hn&4ZtROM^Yws+En=*>1$zPVmm%Cbi;V##B<5+o!aL5;gW_vgF2dM?RnauZOy6tfc$%&KQEOZ2C1)lekPUwxVOZa zo?oBJf6DVeYWaRu7x)wZt*dk(B*g}VV7ht+RRHT|tvbC|RUro-`r>P-@&R#~CO&_z z>1rZ~))g<+{sSDzs4PNqs%!NwFfJ&US-$S%RIGdzu5MSKZ`FXEmc=X3c_kQp;yb(< zWw8@2-Q0tus%Q%~wJnmi$a<(3*;R@x(CAYhL8gWty-_FlmdXNn{$2bm2c5WsyGw!Ej8fn1VhsSq_d*uALFd(z6NQB z>zE$qMs0KP7VZBFbCaZ|^D#-$-n2V*>vAdu>sN9%kSg_+CqzApUWOaZn8M_Y1m4x2$#m$ty{9daE+ z7fE(>Ug?Eo@92N^elHz8bmZTC*6J>&QVA~kS3Y2t^={AqVXA!S=+}FGTPpw8zGvo( zp8uIt{<<}W{}j*9rt-r|z(JnBM=JkL>+aExp1(QrbpD%;| zGRybZPh0O88O^`n6ZDU2VD|R*H@JL&uZy%^qb<-U3wXHcXfCu%U+U#WT#AUQiY3av zSxeS6gD1k^P{g8XkIyQ2eZ;~4&c)1hH^fCTZA0`tyxlmu;v{hM5$L5RmhX8eX(iIj z5UDi=GPz_!71&XxwJ)YtDhve9B0%IGFypN&n$%liaQJ!l#0nY^W7>$aBdnnP&W+(X zw&iUsqJ04j#m%ik3H@b@2U9|Ukl6&R@g86^wd7-UhDVbWOC~v)HjwHhNPIF7C8d2; zy!8T9`k^FByLLr=!cEFpo9y(S8&0nwIv~P5H$Z?HH>_Q}{21mf`~G2`%g9)76U(Srk+r zK<)$>g7BAqI{NJoEE7mNbD7;k7_x|dJfC%96P>Xy5rg8Q7|XZ|W9OSs|U z^m%5Dt`7NS_UaIa_`E`(0*mH@`(zvyg6{5l&TFvhQFj9wyTO0a_3r}z@00RwpRl~X zA-eGCgj{peQ4`Kt7<}(8{es|Hm3yV6$LU%bw^mSk%i*SstIxEmTp9Aqs`7bvf7uZP8*lX!If0nKt=9Y=&ovS+n0pxa-c@+*U+1cEcy7ryUc8U zX%5E=XT&!x7~~!SvaFV?088_O`-}v1sr+r13NMwv;Q-*@I5=wU%?WVzKR;k6A3?@v z7;e8vxpK;Us6(g=8LKb59c;$DRUF5o16G2vevi7ut#lLNBDBHpPq&tiHK9xfcR9qU zT+r8!Zof0;;%lt2%HoS&dDS;W*Ao5bQE!tIoW{{1zl@9h975Y_1XRlt z@5?|@U^vKWF29Tu9=P{R#LTI-r2e=ii=8bBpnZm00h0#e4(@i=3Th7_Ke8~Fnhow^ z{mJ)aZoM7J%ajeq9GeXEBk1alg)@Wga_qPr9N4_cR(VhabGTOFOxEOzItAqP4;i0h z#&`$;fK8gMA5qvM9w!Sv;ONa@EEW{pA8N^cNN$j11j?g_UwJcqiN%ujjIO2QZOufI zSpN%gwh0H&uG^eqO2x_=G+ti>|6qDz@vjd6i?7WcDJU5rr7KgK2Wu*qRa1t(m5j+2_u~G7y5+m0ekfE?z%0V8@8Id z6HRc(CrfV6%R-pjSFbj@PBc31J?s;qUkyl2bU6Y;?BEQ&RI2a$z&grW*fSERbgme?knQtEUfWcFe9qYCqh>lYZjElLWQ!J_x0?}KZV!iQLWfS>j z?ejvDLF^eb(WimvTl$imWFRIMr%&iin8G>}w*?|8ckl`)ab?IaV`82|m^+9@mJbt@ zdA5B$f7c#+|EyIN?%i!g>>X+@V^&`>g1Pnj*dXx=tW!Wm z^aW!KeuuFsy&1*Nc);(!m^YHK@6E0O5XYkl?(jHEgZ!M>_}1*h?oR66glzu7^`Pk{ z@*QfAX!Ec&{YH#YtsAlS!6RjJJT=?%>p)lA|HnkHJONWc& zB%(-Koe!@>OR2H1OLUfr_1Gq7WYiwJze7~^*kPIACfA(f9vhoe^saRaum`MfMuGMY z2Z`21R~<^zRlWu6No2PyUIY7LP8SSgu4My)PxuitWINs50$BeARa$_sGpzXplkPDp zLUNT87~jeBNr#v!5JA2AqE@t7Y!Bx^uyLJ~hq3zaiME2`KIipYNE`N}U9|tUte;1R zE#vpEmG|F%@bfl0?lI~SB|C1*&!yu+M3mTsI&L!}n4#nTGw!%_*68<|vv%%1BROlu zXdNh4cHBFF$8={hH{{cTw6nJSK~E=?#GwDkFpD#8`z|t@oM=v{~;p z6$rg|@$u>2Yx$w~p5gh44wyLSd?DJ+doSBRm(rekE1YyP5{0L+u(V@Bc}DBKmvpCk zFFK3d9c8_jBU56$?JpZ|Z#d2r-Fh$b%UE6L5Q*N~ujB0@>!>K~y#uy_#o`=qor$kW z=isX_@g;wi-WK)*ztc%@=mNG%CWab~O*_#wq-ScH`ejcrcI`yBV`3TeQfF9%m(mC6 zwW?IcWGHM1UgG3NW#~+Ys9L@Wk{AE58;UdH=l{1n$f zxqbP7L?m3H)Ar>rNvg3E|EJqh9n#It#D>!?j!k#SO55@LF$R(7kmdmYgj38gPpCy* zSe%`}nJ8=6lRY93S0g{U1r1|T}3)sfRzL(hEvqWhY(NlX1SL25K3Y^u6KQ3OJ5~?u?0S)UgLva z2pdOLg-m+x^$QkyJ_m`oQX0%4K8#5u(YlBK1_!MX3JNs3R{+1EyVa9{q(6{s3m_c; z4r;u*26CAtUD`QQ(H;ZQ$|a(%!$8=LQ>z`>HA;rlcDWFMZ2|BFIsKLE6Z@kJ)UEE$ zF9dv3Q5H;~daHhAHHxJfAFZ8rfi(L-r9^o%l{2b(Q6} zHJ&yG6EHLWZM*9u8&p!+J$fk{Y!*XA5bH`mCj>N)pUG~OAyM1E4BY0v5K6Wmf!x~F zZvY^->Yt(NJfv{`Rq=&KpAfv5mh-zz@Bay;5GLefb4BL-?nNK;ickfR&Gtndz!a`0 zV&4qc%f$MC-VbH-^TsKe48prhg~!;jQ6~_}%ms&LU0Y!kZkF1ZX8e#0*8t=Ol5(sIsCtOJ19aQP8uZ|~5*}AFzVx_3u|D@(j**e>6Z~oFQ?mcyt|MIG%l)~Fhw}?@HKv*} z$e%~b`$tmqSJ*YgF2oHo%6O>!KSU1IJeZIocJI>NO!s|`(g_!3MB<&Nr#?rxo7Pb6 zLp}qTZpNRZ4d3MV*Kps9E&$563Xw5nQlSqWZC^_DSeFZ*Q72^1}eLws?@1o1@0%sS^LBlXLJ4B z{^|?tDQbEB&G3<{bFCOuwH_G55ZM!#YxQ!+Cdy6IaziNBFiN?fdb#ZryM! zhDe4W`4yD>N2vm#2YJoJ#z@Cil9ry>*OoI3r@RYyC007@ML zOf`V&=uOGMondk!93N}VDcHhDI>UZ-v=qP5jUWgt;8Ib17dks+A9ckIU3}XtH>E?K z@bOoaXEuLu#YKUj_$EFP6W?x#iwMH`p&6&}i@^&}hAh)9h&mQNFSo>?3!y9F zVpm+8Y4-%+w;QZL0p$+Dehfzi>7Zv_h+3|F{d-N!#eI?=l`A&8Q6v1rg%{hw*@bj9 zA--PrU+|qISyWj*j0~;jXrsLfgWaj;i&5wYDhOs_f4=E?+!_W%yoN$POj}FlQ#a8b zFokz~Rr3S0wY=l2juHNPj%u9yS4DSnzN`x~WrJ2h1})Av*}c2LNEtx40H_dfmr_oDNv(ceWtq}oH;v%mE|_H54I z2BCO!^f&2M#OBM#ld}6OafOAR57U9!OqE?<7VZPmSfV%fSgyZW0O=?9RI^Ir(~Ayc z|J+kJGus#4i41)DQNQlUk(rmm;fjo}S%LgQ+P;h^UM$+Iaogo?=8c=c=b*(!DW2gQvDAy@rOsxlnQE}e1byM3DNnFpvYrGJ78`P9 zp@(cKAG@qnhc~#p+Y#g8n7K-|WLOtdM!7|o9HFCo+sA|k8$_;#=$@U=)$;BZ3K@r4 z2&_b~*wJMqW_Rp>-h&0P=xKh6;0a92bg=kpIm4~}yu=Go11NpSehT02{r)6! zA;*^B+4-#-`1~C^n#fPb^0~@wKZM5+&@6wI*g{xxx%RNsd~$^7%f*23%_7-5YT9n1 z?oEJ1*k3bkToN^9Bo3Y+iLe{#(L=|p#chB{*5Y>*#{_B-jz52HToSX&Nbv9lceNlO z*PgvSd{CsHX_xYwT}Vr}O892Xn}@{PTnHv}mytqazXc#;r~GEu?Mt(_w`cEIn!O|J zYdJ}LQHcni;_a{MaJ0Xs)uGMswSF+hw*E^evwy@V1t!(W9!P=+a9 z9C31}@d*01sY7T4A`Aijx`=%ecFdJzJF>Rkm}G;3{PbW`kWtCz9b#m%|H0}~i9OPk z<{W2VYa2S7)HW#1L5_5~gO^9{c5sLt1tP9(^loenD@jC9EBYx%p%hQ@SD_d*XZ>`m z=>8$UtO0-E5ZjegjBo}}j854fYbN;am`r>ZmRxLVZ?g>hO2*6&UaCqLFiCk1N}xO+ zr@;MXVdz@tXy1@u#`8-bv0BkZNU?)=C-!+fVkqSofz(o3h)9QGSu920lZ_j<+Hm1f z%zbg+sO|N)kvj!m9vgdWqY27<54zNpiCmW__XRIm-;A`%`Om!6eB2MSsZ+EYv9!pP zR+M3s`w}%)@fv%!IOixOkApUE_h26#Pe9<6_P=bQBP?WGdyq<2+!p~Cee!GjqDwqK z*3aaHu5A>Y^(nXlWzF^xD{PLhI1h=1jvNac_bf~W>lxygv{Bz%sf7_!d9Zhwk;;UYp=5?zVHOsn11%#loi57ky8wg=3@P>e-QAhhHGVbJxBvR)TP2%t z!r}7E^$P0D|MH#g%wrZ=oxqMsNPIIlT({(bLl-1^K}6@FlvkCp8iC4!Infsmu&zh@ zgBc_|ki7*=S`$jgNJzC^LczmqM>xknc?r#{<479Td{MxD-eDILmYv%p0IF`@rOcrc z)gR$HZl9mDY|M-nzX@>^4d8@W^s8se^sOHrlCe6>7z;jw!WbK4Jh@dKhmLNz3|v|( zm4OZ9R&{x0761%7(g&PcjSxDi2pyNlM>0BZhR!aGcqMc)qUoxgisD7k8=2pF^!T&T z+O>m_WE^}>D=hWvgn|dXv9Wzd6WI0QvRam3Ttx7hNTQi5|Mr%CoTNy-lCK;W;Y8Qs z8Fri-Gt32*s6De#bxumYgW>>)uP-@Q5~vC?z2NA98B&o*A?yC=iFzc+gcQ|pAF$$> z)9?}1)PXt3lKsZHzQ}-kn+FMt|C9(!N`6s24%KBysfXPe>LkNStkLk*y4z1cyagHAuiA6Ty_`pq1%A%kklo?dwh zbE=|krzHkBz@rhXN)i4j+#en8g@!a73zzN+P(AJwL~UYXTSSfBsrC{IR0}r5S|M zV1FH|9NKu0pImqf(bReA@OFsT&M6;HA#+YeIgkzkADWAg=q1_}#~f30x?><5_?C%n zCo!Pn5CE^v!sH7K%A9Pj$VX>#D>NBBO$OUT{Z$6jFxY-@KO1ZlgK1)S;q*U4EH;=z zv}J?oU-z}9AGz?qUoe@1I~Hyrccn8JSJyB~a?j5Zh__oU>Hz01LyNL)E<@`j{wlQy zQ^vELk&{Dy8LJ<4hz~17KWG$;4O^`IPp2?e;P5ugS)&?I#M&|t8gZF@;!9XgVi zO?<_S7lti-D@vC5E`;a$_Df9s!03!xp{EJh4^qm#X0*}6PWW&j&lOz8-ubA z5yvVd2HUr4D^Q5G*h6Xx4P%E)*4gi{<)E?H^OTtj{Z*I=-xzvwZ)4`TkYC13!6D)S zJITzd14d;A7};&eOkB2dyJ4awq#6G5oGf~=w2sp9?VD!4+xH^>Py6f5obJR|}hZRnG#0d*<5DSB>vgw_8 zl#P3rUYYFM&L8%W&db76Lr|a<+D1%?O9|CiU=r_fm5We~9EJ7vZ9&tAObJJ|1^YY1 z=(b?!rq~wTj8Q(>FW!Ey{?xPo6I-x%C^bP_aN3^Z*@A-|qQVx4lku;5spG$Y4{@n zuS-XN2R#H6s%zTj5Vwt_(;oNBNtWA&&6!y8KX)cqCRRF-gSbyNv*Uh3{plz|b=wUW z9NiX9TyA7hv~1ifTH&OTO%(psQ?Zd{VR}jh`65GUrE*(dXY=m7 z&WEPz6zV){Y@R->n}lV2TX!{>U~%zBwJSY{PK6#$scL|{h|{27LS4dX z(4xo4E&2Gs2DL1FVE*^-kHh2!X+vHm!?yy~BIN?QRQ`rY`9I=nM4Sj>t?@Q)|_f^?qr&r?qp&2@x_8u zKW=XbM(t!r8HYS_O{7cZZ@aLvRQ`qzcf{tQ_S7M<5~?pt{57pFf8Et;e^$sZv-^Dx z@lk;go0RIzKmM6?=H-z3a_Ic_02`q*mrmsht2WGoo2FR1+h2vXpk&88;p;$puCxsd$Y}a1L`3h zW}kW!)wn@*tq4E7)eL&z~b6)=RtE>HaGE9L(8Q-)mj%u#jJ-&u2IU zw=lSC&2cl@e+Cku&!sJ6s$X<8O7$Fn6{^9!ZRI$R4*6wN|MDK=OAS!mi&kMU!c{b& zSQY&MU+)wKmJp3r+v3As?N0>)9Fc;hYj^ZVhWs)HKI;(m0+C<6&3wQtLL>$o;9c!Eun0`>1|%7-io} z+fHDkW%0`L=?`W`NbZ74YU@(VLLj_fucqVq#N_TeMDMsCw3-!@npk{%$@(Ia&UnD$ zKl754J(!JtWKyvS#NUGajnmz0+%74o{b=h|no$ z50iH3eTouQ=KNSTZ}FPPf_%X2AT*qK6DclUgpsvQ88l*$WwESLh)(2uD@+_mz5#Pz zOoI|r$I&KwKb|ggM+g|`CA8&{Tk?)%i`=$-+h3)Jd0nF)*J=N0vkuu;Hf#I3=bw@) zA7*9ecs|%wa)Lk1>W=pO9VMT_NG=x7#pS3z0|M!?zO}U#PR`mAi^cC@VW2g-GN0%x zy%8V1PsX=Dc_~`dWNy>mZ)4U56&*mY87Noy57AT!xGYB%dgx9^2g^j+54d5xl*S!^ zmGdcfbkHHf&!CK@A(-HktbVhyW_0^i+98g<^G;^Xj@4Qrzf2_m+|eNR6bPYjr|;Hu zP|cmWYUy)o96(hz{FK>+)G4m=4GsG~!Yyeu1Zonx%Ozy}dVrlAw1&% z+gF7EzfPTNIT+ildVE^RUQ_KeOD0zk4%=uJ3r=-<327ehi1be|Cbk zc5QHUKOxHHwZB4`BPU+_1&Ne&?T2@;+BYUa%4+{>2bwBCZh%Ok7A*yJt(Lnd56y}G z;~01)T*U9AqiG>92@=SjMh*GF%vaH{=!%7pVVp6VR-;3qRonIjT(r}_;m^2IQYS5Q zGBW*;&53ySehlWO(`o2|0j-KY4o_GPbtl2!p8!|s%f9(R>~bh|y-^urEZaYwN$I1H zHxnLT_6K9u?<3fxu0e?z&775kR&*XC=35T(dt2xwrC7h3Ug~ z4I+uIyGG6mLYj2Qc&~6H8bF>K@Qe;8&-HjlW#xG)eut#uEsNNbbwji4=FsGh-1HKs z$|%zpVDlMtEuxQ;Mzo@6SpTbM{W}(Jl;c~Z8yk-&UvuLzB$z!jX$^J- zCRai*H$4wbJnh9JV77Be7ar?J*)K3M{qs@0W%0(Uns0C((VN`}la1<5+M}Kaq|RQv zF}Ln7n_({In^RD4=WcgEBGP_;u4mw<>TBmZejmLwEk6CX9uWCP@W}%;lXaaJ&-u(` zNN?!S8Pzr4xJ1YyEjM}Hb6Au^&ZIpWC)Ezzckr$W-gMPAd2|6%eKe}faAO8!?%v{}s+yud4&9KEBa z^+vCZVTfvKT3;(qtF38e_#{RA*Y_d#OiXgC%Abx~k7YQC76YK;L{FC-rA zt+Z^i%!(92U?D;L2*DL3_y{xy$XUbX_{BdFX}dgEh;(^Mq${*+vP^r5Ah3`ieuQ8< z37!@cYz7hh!`G(u+urhukXc%)&7fJ2ELGGgT0C7$B34RS*CjN8#O;an^${!#pc?@p z>TF*Zw;zgHZn_8T0vHVIG#Vxo43e7cH`fWO5z5b(^3-SJND_o2eG+`~2#$`5Int1% zg*2&c77x@E)wu*m0I|@9hlc7tIq!al$`(W^?oVchh!6doR+;=DRtei0(6hwuk^8 zSM)=uYHSvXEHM~&(Cl%%Twpln%;RC?XvGG4q!M{WrXW^0xdfv-TEzUk1nNyPJMZjiTD!^Uar6&cL>frL@;i^MG$wl+iyr)} zRSQ;`2k$3zcS5vwq)Qqf!H zwx1G^)7FAVu*9Dd9pW(!2jAvUJo5Q5g|H|<45fsR?=BL;=k zs>-&|#+2F-M!N@}#Bj(r+O#UO&?qqUoy@Z;oyNzwO3Dz0%AnhVkJ%u8&0GIW?GULH z`T{_BfVu7S7&U6zmT>B$f*X^{VyCkAxKy^Tr1G8#Qd#O$9(r@Uy4(zivbx;GiOK}( za)VQuH!hVUDyhha;3h!jW~cJ6H^!^W03gchQi{#xnC;T-RIVMD%EgsbS|&(kty9@| zTq=_*sq8XADz~g@qS9AIeg7FxVm|^znZ#^I6%FT@66^K4d}>@OnMx|QqiS3#NB`F9 z@}GZ?SC=ONQC621+2JRkV~=}Xt{<1mC6!d#Kt*;`^>z2LMRRSIeAOO>|g)qklRxTA`oOXY97n4zWeH!L(=z}kmNKvQ4Tz7-M}(a^>G z!&Ew*Ftj?s<7d*~Np|EG`F24jbRwY|zg;NWDewMq0UeMy5$P-4_%94MGP_u`2&(fC zar2z}V39Z*zj^fkpScmq>jF%;FWYm1h{Jt4eRlG(b2; zphOs4Vb`|-Cw6nSVMc@MHzJ(EI<<3VS%PclY0DAqKo$y1WCbLJ`{zEhqrv)l)lly zE5`p}gV-y@7#e#UZenns)IUkz=We!C&AP^ID5}oow1A}YY|r+qb$rAmPiBnU+ztVq zuSMZGj8*iKvZDPzMbW*-p!J!1)3mlg#;F2M^X+SUUb7 zGv<00Jh0EC4MK`@p)2Uzi;Gb9f>edCvIXAEW>Ni$upRu6e`-_toZ9kzf*ZZt^G6OI z>_vHF#SHo@QPNz>4}AJH(}R%>8Wf^P>%bJ;O*v)OqL|$Kv;`5UFI}}TC;iJmtkx$xczOSL&>==YZFGgk zN(wxAc+g+OiiK{X-QsP}xsG?Lqt0*kafph!L}JbrVHZZ|!tzzCz*y;R&$;e>)nqj) zPd7S51y6}N*U4k>^tR_*A9RYN^0c`_RPdCTa~1JbzR~2=LCsK|n%JD{oBwTc8gxjs0?E&s^;g zVN{l_Zx~bVdBz2eKHc0&zB|SoT5Nnk++wWp;U)V#oewSDKOSd%D8Cl}t1JL+=yD9p zFNcPf^>W;_l?i^{Gy?-zn;aujH!8?giVORrZ(#I~?YrH>fpWcq3Mdjc#WJZ>k3Vq} z%C`XJ4qSu)YoqPZrIYuv#_Odm8&l&IxTh{qUxzTPh$(Mb9N|&?mJtrJ{SZAf+OA!~ zk^?9<03#e*UGUL!g@5|*bK9d%zD?i)l%rKfRR-WaO*P)JW#imc=5YV}5Rriy?W541;^!j|edl23qCn3Jz?M5B`WqC>=_N+i{V z5pW`;!o++ZM>Hy_Z5$#d^;eRbK0#7pc7Fd$;|Z|SA!1T5l2jl5Or%y}ihimi8nspj zIz&urBT3DjAgM4<-}txjYW1)~#H3^!L8Q~@L8#oA8W<+)OB~UtwK~%wVp1=$R*NP` zD$Lk-bVQ?)dUa!kvj3f=swYS)OxtgDM5B`GaEQ28LnO6Ahn#T*80PL7M>Hy__c=sN z>SdCeIzdul0{`0=$5V?t9U><63P}}cJSJc*!mRx~M>J}!at;xb`frjN)t3HJZ0RkP zw)A~6DZ!1kFSI0V>5n0ucv|$fo??R^&rfE<;OqV^jtRB2q)Vn#k84`bG0VDSI+d-a zmD95rMffsV?*Yki)6WnVb3Nf+n*;x9?V~es*y>CJYLTc02Ns(QU>+emmoHQ5oK|q4 z_?*9{Cj(EG4E3=gzbq78aELtxLT2%{eR}cfACX4u zt!%V&Au0+Hp2RSIgG15`>ajnPydS6olPzrG@e9Uz6g)bK%_19ZaFG!9V}W+Wq1&#b z8W2|bZ7&SBP~g<}2bOH?Wa5}EPw-^~tQYXowEaD7mT2K|L%0C9TaJfZ^<~MD%_xkj zaG|slzpP-_T5c1Ju0LMx0YYvQa^(An0O;>|8qGa{dw|YS6{K?kC#@Pkc7vA4l#GNxqO2%7p-^ZDxi3m^~$JM02nS{^CEi|1%B`G(<)d(nqR(xNm5ELbxgY^IVt+n=k-*;xx zhI7vU`M&RYKAwkW-hExSz1G@m-%y^+?U8zjk12CkwhD8R+lHLheq8c|Tb0L9$TPTQ z)f^iK(T&Qu?-!o4d-t;YgVZvfuiPfi&j`I3@oPPPBxr2g;nH;js2AVT>CPK8p)n96 zx^t_yb%P&L>Pzn@UCLkzaN##Fk?Y39RloZXOeA!(jE=VQ0zW|k3^Lqu9^G9L_vaVK z=N8<&62)Ij!62Si23bv`?r4N0Q>WX zWI2?m30M1a?zV~G_Ofyix0Pt3b5}T z@2&uA9o6f<#^m}h+>O!upv~<3#s~hWXUmaboR5t}WhP9Cv)TLonjF3Day-m4;!`M+ z7{eS>sN`BAjs2Rr_$Rs)&vC_1pN0pv)+nSXjYGBpvThQik%Z1M?6PJf!Qr2Bm*S04 zYst3iG1$;X6>ZoNy>%{wp=0OeUd3LPZ0Ck;>TJn!!?ty~JqWD~hVs*O51=%1(55#f z2@$mSB$D^BgCsC0$MvS4q(O0yIFftA{sh-gu=5s;4uMEK;}a9fchR9#=^Y9lNGq!W z1BRj~lw#elYKLZIUunb@!*$(9E9gutY=_@RkJep9i+~EQ;PxzdCAqGN2pPVq?i!qt zN!(Dpqvd0l(hT+#UJW(uD*(g=Qb2-=xN}^0t&4r3py5%0I}stDRv5L+8|Ct(nX z%o&(mf@$JC%vU79Ji6|O0F&1#`?VEH$@%F!wg-j>q}Kj`GoQX=UV1~_6^tjq!Nu~_B9~gKyYhcb&tF1>jGpj> z*qa4Amagl=Ts_~@bE*Mi z`(O3G+6nhQlU;tLVLctaPeKE#L+~nuxhA|D|13q=PXzmy_=CbT>iSyn3px!gaUR3- z(0)YS`d;eOPF~SDyaD$a&cI|7GR@5JY%~N}n3o=}yE4}3s5a`& z$m!ZB4gc_;eWUlr8od!=D>TZ?kXlRBuKW}8>-3eRxIfjDR2Hzn#FaK35z?ehzZL0g zn($9#(X1~tOjn16rWajGCw|G#e(W0mJLJrE( zWVm___8Wd}!uXHtVfjt>h)s*n3=`%&d4H^z2k+dteXG-s6VKMEXbIpff=sxnkGh@w zl!eRN6#;nQiBpJ6A6G5v9&opO&-_oi{4Xc!dx@Lx@=r?S`%{ejx%_t~^8G2s87`kg zKwXm7*!5jI!9#EhqX4aJ&cE*WW&)~LezZTb(X0%4!`)x82i)VQ7#rrv&;e8BiZ(z~ zdH32bukgi~qJlZ~O>V9Kl80rq7|)Nd!=c0sfwvUg9Yw=1!fv)pGgmU88|QSCUNUq;u@xDxwI3F+Ko zDMuVH#&`&02FfQ9L^;G4mH@_P&!FGXM-O=&hWT!&B`fVov_I?{Ti_dtptlhxfZmA8k64*`q%r`i*-K%U#~is3dkK$tbY480--s5b50%%1BE)T zDU1Lto(-dy2I|gG^Udnc$EFeJ!SzWZnKU!s^)UU{w&mk zIm77&L-5UqD=5PwC+Gtn4BA22vs~G8Tv-!{iQu22rWr>Dt7OXt2E81kHm?nH!cC#+ zW{8H17?vO<&D2WaHLABc&F&Gr&{j`0*S^fp9+_A^*LDRl*S^fp9+Bwh+Lv9PzN~!q z*kd!+9yizSLEru8wjVv%l^2)Rb)O_0lti2N=R7PdSq=-+SP-z}JS<4`u;eaJ=Z@Ue zlfLxw^rhu6^&3q6;g>)#!jhQ>GUVWz)`XvtiB@NiB;$}x=Acn%+KV4}Swk85&Y>8O z?s`!9X=mV==Xw1z%j-TNl1|7>boY} zHZvx-8XKJOXPF$i$@g{O3x2v-oG%|E#04Pk{g5FIE%)8b&@yZgy97ljpG`;@#K0NE zzR zS2||U{6&C8ipoFn;6@RRReztcY?EsMXc&Qc2l@&Mo7 z)jH#RR!dM|sIx~w#zD#ka>!)tcd^$z>BqryC(%#^$``X5+_r_kMUnQOl9^prtRj zzy0>Nhkr-X-TJ4CUPE-(;Yf~lfLY)srvB5}9QC^$NQ%T|aKAbf7-8_EkpVRFX}0HA zXj%tIWZdnx9Cy3*2OpC?+)lt;=>O~5D5OZPO9!1>2e1^oJh%jkLI#y7>q!C|o`B-O zi4Fv)kJZfCy}7Rd6MUd*YEcZB6UDzEY%&?=ri5%~H~RmiRvsvumOp!sjbdGYlo{AS za2*_+a8i8;tKqMEE4UhBMIS~X)oeK()K+}$?Y0A~H&NUkS15<#ELSK2#Xf}M3kfK$ zxXWD6x49aznPWgQCaC{p2`w}wTDbBIx*%}3C)OM01$?QDD1nUzjml+c7J6$h-(nrF zbk!=&Zy`JvO=`EqhF8; zqwjxRXF$(%KtF|&CaVL%d$|m$n*xC02U@N0??w}fUB*y&tyV<2?e4U4x0IC=C^P^@ zik&!Y5^z~rIa1jsvm~`qH7z{y%cgD7=zj@;Ank zCMihx`I_+?C3pBmr2?$;)dsw`&c|?vtXKlC+-`h}u){1t%sEINRdD5bwZZiWH2Njr zi)#(m-W;Z+)aURpb1D2>!&pXe#UbK)Yu+-ZV|x)a+}*G*#o&+Vz0z15C~bCPztqt2 zHd1Ffly%8jy#BdSe@(u>y|h2g>ti}&@e{_|wVA>y&(V7vU8dq_39WcUuZBYbseuC} zRzoj@7DZbMehmi_ayA5WI)nlV%XbRu;SvN8W=L*ikt)#hdZQ*xW(gaDf;8&5iA+`| zD&_6$NQXvFbaiWxt+gL_o17~IGx6v{6u<)aOFgtERacdS6iT5YA_9Y7Fs?>Bn6_wGHF z7={{Xe&Dt-N&gufFtqiisoR=wJ`CcWehm4x9*^%3ITdXQsl|nJ&v_R?W^i1lCCfo% zPG1g&5gN&z2ze$%dHDs*$2qC)+YXs1KhF8|nSCsTT)WaY#Gt* zdGkRGI!366p&=;^b-AB1WkfFSVL!;6fUq@4i<~ay8s+B_RDn?TtK~*mC`Rh}DIBbwc+f`uPd0fl)`{6Hl`MNempyHR8e~*kYlZUEhves&q zHBKSu#w(xhxC(}{auX>!)n#7S?nS-h?X+9f`HZ54&$x9SQ!M=v*>$UISQx0tF9Y?* zu0+f_kHI>h$656MYzgLdRV; z8l8a){&@+CinnW=bw;fdfosV45WDuWzMdcGx$G4V+A!%HOV+~-nFoJ-4uqOw-MU*E ziJ#Szh#p$d_eT)I3l~Y5@>Y8`)9PUrt#aPweOBA3a?+qMkg?TCAi`D3_UOL8X|0dL z9Yf9W#G?3BFy~5yCF8cbyg-jsxK->qUJXuv;ri%<0PL2QlYs$OlHK}oqt}=AHZvMP zcriJZ$%9s9tHmXhE1}$MNBH4hgP8g(c!kl*du&ieq~0n$!_7%7Yxd$GIt6R2LD3?_p=@V(V1$Zz{lhq~cN&lJIwgR225x8gu15(0f{_}!>Q(p~C{%yDPT&n&*!XgALB1wzuP|JhpHoQ+ZY_>A8;$37qMnA$wMDDC%TDLEHp;E zn@`8O`4GE7HR`l6fL7*VC-#|@d)UXGBfJEoiIu(U3WKHFHs&jm*g@+AAo%>wsK6=1 zv_QKRQtV6t(4+}n==4qHeYYq%CU_*(waB=rYp1zseBOwXZn6BwKJHXLvX`#!LODOU z|FPTu&fq?OsOsRp)eY|BU4HfPc^arbwfnq-Ri46q-j|hyOw$AxhJ2F#00tl^Stm zS+^6W+WVtBT5W%tB*!p@7|C=2e+zzZj=t;I{VA=$blsj~Z!;QbOfPJQGCY}Mpt-W! z+e45JG^BgbmY`dGwGmr&s=eE2fEEnULih;;f-PtOoX!^X z5*jMmtV|XyUIm?-uuR{+(QLuTT=8F|9itGe$9_Nnv(5nZq0 zfgP3f7j-7*U^>fvCgVC=yB?48`DOO$>7N_aa{o}YXF%@c8^fJ^&=%31d}IDjK283x zM>Sy%E;6k$0Qbd` z13=~Oo3|?woO$#O_Z3Jq%biV9iGKjXMP79sit!h}2XiSvsec&W~gFrjGk}m7HBxWh4;5hc=U76%$p3m9XtRa4k zRCaINJ@vTgl+ zXdEk;o^t{zG1)}WpOZ0 zTmm4@^cT>)NSXnW(@7mMkQJ2T@Z+L4xzKQ-X{Su#8}1h!pdWnjPUtWxm6b%w!XKEDiu8(oPNQbOoC%J>N;XN}~CN1>?_h3*fzW)+HK+^5iSwSyw# z`mkN2Bm{&2w05gX2f7mf1|8#qE}*PLvo*mth_T-<-2Fl2$!I>40$_u>fstQ)^D@3SRanpqW%4#aU2e*v$er?0B({$o}9&egg@z>%bBhsSloaV3^9y64W_0fI4Cx_3mbW0 ztDykZonpE2FyUz^qs_-nZRE4q`^AZPT>P<`$dDS+ZdJ-g?o?0A>~gINN$#D3ztc?* z^jpmAr2)&2S-99MF|#NhW*#A^WfJ&ns~n$J$10DW>|`sZv}9GPEFx;NikMq95$9vg zT`@l1top^@m9h2yk3t2{F!*KP4X=(2=)IpRmAoGt!`{4ze(xe^xt3(yCQoGNKGGxup! z1D*xqfBgat+o4C}pea)gqj9xTzK`ZT*joZ|2kE@HBT5yCyIWsK$h*@I;2XnHM|xVN z18nMVFv4C_PS{WWC7P4xsoeE|y9E+ZRcRX5DmBLiC61?TM+3TP^4(xXm8ZXKqtBnL zABx9&F$^%bma}1V*@e?yZacbmX{1orUO-%m)P`0R`R7OApoc*&YrBD?bxrA%`}L z`PLQa*dB58aBBf-ODiCd$wQA3{MQQnEJ4`W#K=sYP$YoT3D8@WEEpUeXtotLwD;~+ za7Al^ZQuN=jnNXuXk$31T1l|0CiugyiIS=r>=21315b&nTr?)cPiz2!_?ZTi4{i@W z!sr?7e^MkHjG)RGhp^yhbaunZdxbqr%%&3aQ4WEGTg!mOnhvxY89*DFF~#}GIGaaS z#}wx*RL7X-e3Xp@_w427qvqUzz~W=pgUFCp`F$>alPGj@Qv93GWU}jVZ+QkE(K`I6 z(V*%R+CF>9N)L`>XXbctx__8u0&%c$DUFiZ0)GO}Jtf66Vib&UtDPUR!XsTJ{NjJ? zSyWSGh;1_bGP{vnZ+>m2`v=X5Tot_<;xPA|^XuV{SjucC);i*iSX z(>Sa4x+BJ_Nx@QB#YTdC_Y_~nF{qJ@7^zVO=h@Q~W82)<#hv11Ae)%F|Et_NrDrPc z9HTi?a%VICWR>wV4gP!^R4wyCDu>egIDfvfD#o8h5r5{AKVRG34JAFbBAz6NOl^!O zsty3 z-m5lDf{3dYp_EQq6cVpKVyFGtIVSPFX}*t)9*9;cJOMUgBz>Pza11X7r?1G`)4*>* zs?aNsv;YtL(iTPuc-8jlZG)! zMtk^oBmyY3(CiK@#OpuovNO%1aGM2zYzHZC3Y$tAIHl^*UW2t=;_vWVu5v2l-bakL zeWA;yGOtx-PIriH?__KefBFj?t_tY z_BRyN{TL&x;$ntuT>DN))b{jIFi)53eH7D<+Tf*OO+^BvO2gAS_wGW>WL)-NEqsXb zWA7%mbtSi8{ldZM?iK&SNg_u>UZTAm#kXKpl_NNdWFhDza%H3Mn>e|bPjB?MmT}A` zNAq!ZUu*LIGE|36Nvy)wV19`Xf_!RbQbxqP2%m-*B-xpnA|o?L((BL}+>Uh+hai)0 zNy)bFgRLB7B_&(GTagb(jvB))5Ce^T4F&=1KyT|{HrS=^vO#*fvM+e%Z&E)xxn@&| z$R;G7^WSio@f{%pMG?LNAeMJtRTuCBp^05llsN!mAr|+jug1b%;)(H$4{6`%@pZJh zaH=*n<3DvszP>h7Q?;oXKeaYvqgZHiLj-^0v}w{lRbQI%F5j0Q)za5{qrU2=-B)I+ zzBJT>*CBRjkk0Y3Q?zg;KM_=jENXQOeq z=6WLf5IZ4t^U&8zfL&WD`20Iw#1&3YB18@q)5pHutPx5DnDxNcm4ZF#V5pfa;qP)u z{POjZIDocFP;G@^&izzvysAQv`iOaa8hbTb3Ku%u8R7lGM?|R=DwP`Mdai$gR{nv) zkeTJWaIM@Hg;A;p@jH}M0mNV~pc(>hLppEnK321klxm3dQ|@3%W@v$>+Z%$NcxG@C zZyKrvf^tNt#ame|RwHf8B6SW6S{f&b&7qdA>q4_}C2H}q6r7<++;4}ugskOB@7Yd7 zMY|hO1F8IJVYx|BU0{$<8lq51u^)WqV0EQR62{S<;~m<>=SRoM{r%NU4LXkJ{x1fR=(g%A6_8cvj_i zLGLcJc@PKyp-tRv8@zgGWO~63w1=p(6E}j}0r=Kb!q=gF_je&Hcp2OA03yt-xQWM0 z@d!kKX2rW$T<<4<+jWO6zS8X?RI+}FA9O=%f-?wN3co0^5Y&laF_wm5fAB#t-GeTU zrs}-VXiC^TLL`n&Glr=x4YMAIZ*yE>4R956vIbq(1fT!Mq>Wr@3mc-~JjddxNEP{j zB3j?ToXkGW)ob18{?Lv}BwN60D z(nTIz4708WYi@IclZ*DAx*2A))_j zA|dhsFceV2u*m6L3Tz!oHKPLHiUcw?X39zGcF#>o(t81@D!98qC;i0*pcuqIai0S5 z?sd6qVhIqA1`uOuJPDd^X)|xcsLOr2EL}#v40FuH%vDBLj)(y+CBY{~?!pHBn`sOR z$>Dgu(u*cxT%gQ%GzT+Rh{7LNngR`=5hPTl; z{Hb;YMIa$ijU+@o2$#Bi?M^txi3PeWQQv2qYxVrM!U=YE%$`x#or*9R(;Q%M?5%V^JHrOJ@T!@s*xAS6ub3<-r_hk`%>UAjjxJym)BhkC@6O;vuVW5%cx*1Fe)8_h ztO@8hr{z0X0q9fU%`iz%HZ+*kgsi)eh>~btG(Onb-Xt~i3!8(<1Ci;~X*VgF zZrz8SdEO~X$%)z5vS^r#H^lFcO$59qFanHfV$L5?Y)Lf^8uRLbmLD()BLBn{N4^j+ zqHu{m1F6V>MDS%`qmoaEnQmQ}50{|eTvoFIg6gS8qo5lXF$&7*0k3@r$j69+7~d{> zqId7WoK(gK6_naC@u5G-regAwDoCE?p zOT%J+Nw(T@M%V4@_eU-C{*wS9>@W|e`%5}%=nBS|3UDK)iVrovA5nI?Ph{myCgr?`W?-w#cu^AZWA1Qg$R=tL9H zgNcjGa)WRwT_@Sm9gqGUXYqpg`)=S@wz(mxyq+^X2Nq?FYY%$nI0c3*9bz1w_zl7Q z9NZ5#%$TP8Of)~+0U6JoDS#%1o5?kI$=Jx0=KQd8TY6%{Za22#huuL3DDtMb?1Y{{ z#bbL|P(R-H+d45^8(EKEd7As%CxYvbBYQZOfI_roF|hU@P+DV1rJx^Css+fm)Xtlq zs_Xu~0G2M{5BcF?5Yf!1!7Q1nVl+wYbQ~0%i*oo2Gu(&S+x?gbLPkc>GH$|NYoKzS z=uv~zANkvgV2T4?zLB>iQ!@vIgPW7-GNYIn&{$WE^mUWpZ$YRdqgAh1Eo=x5K*U;4 z8=N4>di_(&BH*PJO*K?F7S4A~YR@zF6Lra}%EAiO*@QV;w4X4$vEJ(&otf>W1fQgb z+pTB1#KWgwF3LrtM(WQ3z)4WNJ$QjmXm(w_G~SIS{P-aL7_iRYx0?d!L1Wa%+J{2Z z_HPgX_&5vOhW_J}^(vThu-YlYOIgO9=c9Bu?R3r!V5RrgL?j5Hio~k-iAan=B*rNc zTZ{BkBw8O(g%SMqXpVNy#kL>{-lLSKVq*F`72`KeBk5*_nN$gXFX+)VLdd9|j!`0e zm1L8;l==4dV3ueCXQH}$neXmM_u~Naet`xifE-BOhlj+j;QCc;0L<{%<{h@LGz+%l zmDrAp;E$s-j=oZr!AlP+8UzXXhjn)H?|82xn65>Fg+xGYnK@(_A=LGV>BkZvqUj*S zb-Gk0Qo^jn-U=S?Qfx3#nXTooiI+Dg-CUNa5RNZzBD9e{Z;bJez=40=YQEDL|KQn- z3TIYTBC<0G-eZee24n~GJJU`_yBK^CvRn~V;h&Q zeRXOn@!f70-^Dx=?nq5z1>i55DbiRAN@%PFc>0OydmM>1`~v3y0s-uXU-+#KnaryC zF&jM39udXfzJ;d4%U%2N`Ebg&SQx}l$bYp)k93VLi#0l*jq)`)A*hb6YL!oOl^4Y- z&vfPB zfcQh2u0=Rx&GMU(B}`2d;CA6#y0Y*M#19cOrhvua1(tve?2b0P=d2LTf?Z1OR`L0-afS?rxfqF+}oyEr2&@qENU2x zq)wYDpo*fQF5cfkK76f7NoLiZPG0674kz)K<$?m+mY_V_C*|EN64-aNOPp;S0TW?Z z)@0lEimEyYu0NVAD+|1Ge~%+&u-iP+Zv)#lqRJLL-+{_M^l42dBmgO>OMzIiSF)CBh* z@*37GC>enAvq+I&eFx!}D&%c{?-cTZ_A59AbwDE-Pakjvu?#u9Z3KO*6^=vyVsip| z4m8mv2@OI=((l%B_CC8YqIY8NR1lF}z*%a;8ysl{LX85Q4AKUC#*9C_fx6_J>iw=N zokQi?CtP(TNz4gFglF%!3zEP~tm&5&IsAWF!UXj&Pp} z03@n=pLmiNo$!KcqO)VvXEo9J(oqTG>xC)=S43y7{-s;&#iv=sCtFNSB|BHYbqlgH zSt&bvqmGju4JHu=$W9FWYO-_NI}_l42MiF|@o;Ag6m!t*LgNiQHZsleXR%L~`7y=` zksV^Cpu-57J46a86J5)gDJ?RF@{sx-kL!2{c0Me@%nDBng6#dPXg^O(WzYrudL(r1 zn1IiyyRto&0tdBZEB$~5L6F*Pfc>HO$=-@9=4(l)GTiZoi#qZ%M>$84%qw|vB9D?R zKPo5iuGm(E$;yvf`7yLSuEcIvUG68ORdRuIxzP-hmGpr8 z)*ExUTcZ&Cm|KDJohanqcwIYO2cc~#^cqcZXu@f_-yDg;+0FuJq}IZ3)`+cZqP0?f z$$i1#91e&w1IRE#xIO;?prFNQwg^o(8saK!w>{es*Wj=%ju^I1O?RGWW9?UHL|&EY zHpIo20ZCW^oTHRslp^9ihIl`$qi$2VUSnG*)DL9qoX^BQGzyw_H}m| ziu^&a!za*@WJ9hgxcEKJ9a@i6*`f7_?9gg**yK?tz-(?0CS;>_8Zc$6$7fCWMgBv3 zCRR)z%t6l*z{0bwDF`#2fK&s9H-95-;X;>&^o8<_F;`f)EL$7QI-d^4#%$-tGBJA# zJDSCR@W0_x19X5j=li+;g1E)#TNZ%#_wTnme_|xP!5WIWu>c4KghbWmU@5gq7)#!F z`RsNAOwx1J&FlLMoKSMZ&;7yKcJHco&W5YHhgKe!`HU8K8{o7n-LK3iQ|JL6eVFt$ zuCtx4N?@Lbuc3T^cX{u{<*wS#ksb3cJEb&y_m0zM*5$sswKkq@p5+brxL;qn9&$$R z!HX=CY<1n=)|5adn={2)cUw|a=l~%BEngR_fwW_21rvVxL`qF)ejzZ76%l(m0aq)< z;tTR!W2`MdGa1>c&J&E{WwDXqbMJzUU`SEVK#Q2HhNVCi?CaGjgx}XoF$6@iG!IQK ze;I@5U{jjcGo(L}?S2wyrt&{1XsC5G(%Vy%&-7TFg=5N~BnyE!SomdFKI7165Wc`S z#^SSu?ErI(Lr-iID}Bk|%S$smR{ADVPFc(aWX{lt|?C#s*!@ z2LC7*iB5m+I(-^f?}R+fjY5zs$0NtCu-j1~wk1HuV2+a=R&sLho>5ULSGaU7&MiVn zdx%E<8nLN*(ai4u$ba~@h2P^VTCeSR%z`kOI{9jLdm( zswe1^VOY?5IstwsFjI+_h-ga24MJ_JAQUyhW4JX%7fK2i+(TutVlswb5vA0Mo;lbu z%^(rPh%91g0DhUf{zJZ*W!HiDd=`z#_dBgN1_0vYPCZEhMH?dQnn&NprxEo4sVTAe zj3@w$;8L#B*m|%0ft*Fb9_Ch&yGyhgjy^Oqjn327@6_-S0Pww879hGmZNO`aEHa)H zPcn(g&DTVFRDjCNd zOWO57S=Zk#>5z$cy*s;p3%b@<2WKh}ZmUQHvmhmvjD($+}#qn@<-&!3OzXjucXmKv8w5Y>c!5 zRg~kslB$eYNTjcz6|pi34p%4{pQb>=NBHZP%YB5)P$*_oPQj-y{d<^?q`hKxtn|V7 z+)T{pSY(@v7P^5bQO}y1E{piN@X&73Z#sx)qiPf)YEOnQ{Q7%6{JY6$y-IaZtG31+ zTXSmQ4v4oR3PxjLY1^)dED51gHn7|4m8*c=BsAumq`sw|unZ*8wX!Pllc@hZ7s+Pf zqEzb~CUq1)(VSnS>o^T>Jungmeol%_)+pg;RkA0XQxbgQ72d?e6?=?Xaag!E)q%E1 z@(f;BSR@Az-#usHt9%_wmi6j0!>>H2qiCpR(}STsCJWp;I)eLW#I~;V^h+x;BqpKI zn}Y{_C_qVB=`}yZGQnf4Mkv_E`u$uRptyS|Z!*GDF=wmMj!khAS_*SEDqymADQMaU zX7M9N2YU!BIQV6r!iAQu+RSTE)GdXUL^I*uXhztIrd0X`){!p4&i_2%!x)?)jeVMlUDLw*SkILYNDyQB^N0{d$K+vpGztj_ zUK9vSN>CJ|gtrVv5!lLjH}8jaE5%va0iB==pCtf5B>JDXkTmx*bmek zn8YQe;Jd%&aD}aq>8Wa(KX~v}uBoA*@6i;6w!Jo(QM(IS9$l}cK^*5<12rkwJ$7F+@0?@HoAYW`b$^g~r<~~vU z7J8VDGMFNPK|AAs5?W1YF2TYs^e^{m%s=UbjD-yI>BfAz0i~$GgWe?@@ID_ZwvORE z$c+c6gH!VoP@;#;071U9A?UdXNxkVtGz<4tPV8|=EzhSn z^ro-Nd^{$yY1s9x-oeJe<5$D?l2vB`{%yXmbdM-!7B1L@h0iY27Fa{ zQ`XxNQ=ks= z+6uu+9yRe%5Vw7HRMut-?1#Zw?tHfi-Kd-9=DsVrVyU4kIHky77aD{fex_~uba!*c zcAsHpR}<|%`#HQbRW0%!II5O1c>qt**P9x5P#7#3ql>vEKs=^}l@NI!fgam57OK6F za0^Pxbxo{+p~vQ>MmP#nApPj9*`h$*%h6rgWt1fV2=c}*qkJTO8D)Tb=FQ6tKPkYL zbv%MZ;H>dI3j_d+2u1M=^rS`%KSDbSHrA3m;m2VY%njD%&c)^9Ddum8l}8YE2c74O zpjlK_?3E;#hYm>E#)C5nA?>zWIq_OGr-dA14xR4>pmV}$9RAk|P8Lyl)!?-X zIUTB*FT05*CC{r-+b`ba<+;LM{rATIDV5{DUC00S(;EMKPJjGsgVo0Wc3T|(3e$)d zd>!Nef16&pMV0hQ3B3+B*i>58+*jJ?-|R7MdOcpNRH?MjMaw}~aFD9%ONHs%TJZlt zdbOQgNw191>%X?0j(jcKecJT8K^v?hU;UP|8G0#9=NL@Ww=e%4`Fe(fUhVM%{F(6o zPBMBODmk<`g?{-7lRUajCCRQvrYR-$@PacMjAWl-z0JCS7ixo5NcM5diIYsdTUrmg zfDu?n7+9O5n)6>$3H_!1v^n@VcLG~UU(N+BekF)Q+sn+UMZYGf)YS$M6hzam{hIi1 zNNgL!tbKT`%vIlJ+ctH|`<^;60?Z0Op$*wV@EMisI-I(phmu7@X2hZt0n=p<@4+xD zI2G&4y;y^jJBViBS}i*`uS;T6p7$9^m(UFvgv}n^Z&wEd&5QG4lLj5y+i0FFB4RrB zpV?sRy071cxqwqcFL(OuWisEtW1&zEIm1A z8$+N==5x(z^o08jn5r}cc;=Gk4b(tmD8)Hfv&x&Bv(a^!6nd*{93_27+ygcmZQx2V zZ6hfOQjNZJWq5%Usz-hh-pRVjDPD?u6S`5)@2B?imYDwsa;tz|C`9iovC)9^bEo7u z8|F8zcfcDwYwZgp!kL2ZU%F5AG)Rb2g5YGsq(7^cPhmT(uG|U1JG6QUt+k`INGjb< z=k5ho0^VVE{mfpsQgP`a)e1$c3F^u)D!c17V}^dcF317O+!8Zgx>*zhc` zj`$@5(pA1bIJz1=|E?4%fseR(2So?u-5z-gnE;NYZ={T9Ta?@;lmP|{7Y3(b7*z1* z$7oNe5RoFEY6l(#K*<@k&1wo7-#c8}7JgrZsuk^h6p5bSq0y*7sms>`5~v{#{uPw;?ts(?^E?Pz0fq>`JLy*~mC=8BAe+L{eLS;@1*#HV1Iht=<5gfUF6(H_MOM(wt zlX%)th$l+QkBa)H!-sWl2j{LkkE-ZqOjS;&enB5m0e#N$AaSxGYDKnlMNQomCs?vW zO^4QU3#2GQItbrv&3PRBAY3kLR;HwG+Y}89AYo1eNK!-$l^d$CWlHwV`u8FrdA+%I zpl5|K3v<`ppspN_#9v&&*Vow}wCzZ_T&=~Ib)XiHnnW*ZZsYdN+XgDme`^6qO>hYp zvh*F?Hw$Eb9@{VTCwfhQw{wiD;B@@15Di+RkjnvOta%(N(UNdqA@xM~A1*02kzBfN z0Ch2!tT+$B`6LIR+#yqsLYP&8V%V5lTX)5t_|B}!8eYM=?Zn@aL1)%xLWD4<#?oQM znDx;>jP2UA7(b&^V))7N>$eSIWrso`;cFKb&u410Yd2w5A95i{rn&(q(*O+z$+F=L zyoJ$s1mP3)f#-??yZkUOqXQsN*5OC&GKzX4$w9bES&hiAYn^b!2$fye=5F1n>mC@}~spYl1cyhvgq-KWJkdL*a}32?G&yUm`lq z#ggJW?e|iKLtf$?wN}T9T%3^O|$&fqatxYn-oyuiXs9mn#FIjjs>Nj zorO;jS{$G*lyLVKFHX=K-R4uEW@~BQ{6p}xk5ZTzG}Y8yQ^XPYUlo~~$zH^SwOvmm zWj&-KHzz6zWRpdi5G(qh4nW0yANMK9z&1*_rllFG184BbL!$zE>>kADNSgXYQysIF z$)8K)mP{1fI>Fnt68IyX!1rYbO4mC8eoe@sh|a)Na&RoX3mnXL-r=UumhBmQsmo5B z{iXvUOmMT5Bbb1e^&cV=qp>X(q=Rh7A;3>zlo$~>io13G0!?3`n4W_1b*(?FZiSPw zIz@qk1$yO-xK7UO{s&`dcP?TY3(wQKDoX053{fgM9T#90RRiXubW4mhBsnBf9GoFP z0x8T%MxCQQVHP8YZ&Uo#ffg;G*9zM?*36=V?o89+=G0y%j@E?@uDP-icqK=mhS3>m z*$hC~?Mlw8Z17UpT#70G7hvKllt_bP;7;lwIi74%NQ{Bq6Z#nuFsaslgKT(E_?O_5 z{8WC^k$CaC9N)?$p5EdKZ1VNtug;P<>2dY|u%al$4B0^5dwH6NxH^%N%0* zX;UInL&YqvE4n|Xg*8__pbxnEte{CpN|MYmQ4+T<&)622u3TjXSHc0j&iXm59|0=n z+J;()v4XM4wW^;j@qSggfD@*{T-ZMbRnFv<>;f7|{cVKsk?6AdYNONFy=@ynOZ6dg zCjo*r1Ng^Z$7*{MYNImyBO422cV>piZG|t>`@0}_b~HEQc|ewjr@&zt_Te9X=TmQ_ z3qW;w)t6ja=8d@6xHp5GnRA+Cvx9gbESNd-^KZYO6;lh;Q*RXiPg(;~EQxf;CB!&PQ(06ubE7l`-8I_jl)qoI~$Z#?S zujy5+CBvbK){^7?Up@FYi328+vJxWmN^a5Q;~$T|xDnclhra#!iTHg8^oKaaqb1(C z$}d$~81?cV1Kw{+-|M{%*$2z_6Yjk{eJ|fnkjTPQN)<+bg82R5IKgu}92*$|Erm<$ z7$3HL1^c`zV#3_8V72qH(~RBNibO&qYQ!x)8Z*nC?Gp8hP>Yj+U%FZb7l#vi+?Gni zjUNSY5vtl3ehG&v==}5VkK5&`A@WcL~=%^KVf395j zCA$EXp!+<2pf@QQ%wj3pA2Ds+_iG+TvRlfOzsRP`euJ-BgE|;zbny8Te`F-m(2kY(PVz&9wrue`_J9BsL@`njZ+P%zK#rwLD2RW*Ech@t zJX1Xyy(cQK$Z7Cir%|{;sxW}$L;aR_Y6KtziJp8d--Gb2L;6d3WKX&B;&=F#+VpfxS2$O>CGXC zorLR`7YbZjWEryw*E$c^#SX6BrwJFUhI1WUS$}gUmRLYCK#O?uO;GHjQ)TeR?yQJ7 zv(okZ^z#vC9(M_y8>;3IlyD%HR3^McMLW za}j(*TYidO6IPSW#~cNo`ddVS-@@Dicxk4aPCY+F9?ibH?a@Usi`Tp??A8)aVy}!< z>%wm#+eMm4F`nyWq&L?jKjD^9gfCknqN3T$m_<<;@uKpw1NiwDrzgU!8p?Y@hJ=Hr zn=@Nt7WoJ+!2eUtfeua8PBji2A_N-sCyKY%3KDmINs!PY%b1-+;vEmGZU_!~JxDYI z6TpjZDA$GX!)RB<2H-M>ve7QQx0~}dK`h~6b-CB1RA+Ix2I1@Ay>GEG9Aiptgj2oz zG^YIhi-M14FJl(*8TCx*bNHMxF+HZRYIyGU2DOgg*xZ`q4hlX!w6u8wu^;zA=OR;R6s5M=KDN`eqQ72Lac?Dr$pqeS?ok-wbY6-yHggN&e@;NZ))y zyDMU{I9S)MabEITHaQOB^~1M0S=|om1!>`N|vY;F4?ym6P4gzXyr=Uf;MUA`Jz9ZA1N2#NBxCWu{;A{I;x?qE@(caup zIa-H*R?yNS%a~2H#ynaZ9a`Udc6w;BYWNel>EO0UtJUdEcOj7-RaHS7eo(rTJ9zef zG@98RfG$BO=7uM5DWh4N74tr`4#R9oLn79mCUXNK;)6!Y3KzFl7}3eFfzHtNCLO` zXKC~E;;p??N?6hhl5~J1IeXK`(!-AezTjtAKh$&853xe4qt!0;)T!%6dP4k(Ql29&~Ks0VH2GkhX+ALjgOBgN%Rogrs?ELt@ z5e1Fk8u4K%7ELe1)gVi}#gWup6am^LSoa`)9UD+=WJr~}PK-D%n zAX=P6AWS=KSPA~uDEq))p#c8UO!0fb{))?j?|%F4vAdkE39tf- z$apQVF#4H^ex{<5|8kcMOIDO0pZ>YPB4jD!Uzp)nf zo6LZ{BUJ<&hU7jTR;9xio~>>2qer&bXpWBSmMC+1`0nVVD?HqPh^nzOIMU`|XnS|q z=0N3cSb$%HoUsu1eozEUm56T8)~7_Y-XVIe6wL9Phz9P#EOaf3KFmdMlJnt`=$q^h zKNWqG@nKu^y^!DO=$kSUz9agkbcA!FZ)zQP?t%R;;`c1%3r8JWJ@$C}m)_tI#_%z0 zL|ta6C;p^Qe~>gS8gK|?!vC4M!?(dPZYc~troNEw6W{e|@k!_%e^aVE z4UI;+0N14ZDbEYJnQK?RIaq)x77El7vb^vWiAOOpzginurj`3@Py{B8B@Lu~ey1SW z*{^8N+pqsD(Dg*nb)Xi$V$h8#NImF$-2GJOO7;mrZVm*xKvG0Lk@y`Z=2vS2%d~PI zD*-x|+!A!VD|F<-ua$P^Ds(khYFdth2J-UVg3sqo%+ME}9 z(M@9Tu|Gx_Q07+(GOIcC@bz;6BE8%&V5(s7$Ya$p*xzG-=z{kxaY7atu<}a$Z)gyQ z&OIt|V6h4uP@h0dfy1}{5a9qh%E=HmiD6Vq$M_5y#n>3nYh0dlZb|JvO_3c^WJxnf z+p~{W$Fv!X0iIXh0T*d&>z^+>+|x&_r>HI8-B}&cDh@iKC0{&KU2}S}b0CY(FPNh9 z+Yv_B&Ov5OXkcobsJAUw8aoJr-Cg%iPN}72zk0TlD#5VsGOT-~>g`CFtfw4PrL)VX=070+DS}{3lX{}e!-H8XQjPixn!XRy%#YVKR`NWEmH6i*gY$y7&< z<9C??ZZw!eKCg#~b%dmNgLLOrkd7I`z=Nki;v&Qq6{M<2uzuO_dJr31T)!rzl`Qju zdh1wq;?0QlYd3olb4R>LR!w$JjrB^wswybV5NzKwMX&koB5bSl%K8b3{R?JVf~!NA zqKK})D-tVF&`&DOnPHj}V+|^M74Gk-=AG1f5TFwxm3^Bw(AH%-K}`GEu6xL-A$?nU zceVtF9y3$)_^n!pG<0=rbZC#VPM1&%6PPrVODTJ=kWy_x{J$x+=+=)-C8ZI?A`6gv zpgPeWM##LHlo|@nfUZnR4+avBX-O%K_3NedO;hxHs_(Zd=^`nGdZQn68(dGr*jD<|~VoLGM*k7XEoVcdR-{ucTEl0FRkt0IZF!Z8#K4NX~i zw7JA$fCq-zTw>5@%v8a+=bq{`ehg7aKlt|-xe_NA4J>2jG8!M@UDHT7Sgb-gP(O|T zrx1=0KIny`a{w(F4vP{v3>Xef6&%*Bua3h`Q{aFGma%df4i|XGF~WhxDsVvkH2$9g zhf6UTkMY6HIE3Q5EDX$Cs^HLz)^xG>(h>(`d=gh0&n0Y zPJmZA_8!+k)KomSP~KE>W?p;%T!fynab=hT6~^wyLpjJTSmyF5RJPI72oTx*;a%(n z4eqiJuEPTYh$KU_HibkQAcNep%XM5gnqp(?2r@(%u$eUnKMbY(g}OudbjRHQ5(22Q z{}h#RcaBt(776NDh+DMT8(MhAwm;g#rB9%54{qcp+dfNR$F$bQR0(`Nd8rOpy{S z6cU)sdlCq?C|DD63#7xM1V+g6M)(fkX2?T++b5_&bDXH)qJIEq+;G>h*3?7x^g^1loJL-0qJ%5Usj2ljXQDSf-EfNb zs~5ilMj4^UNn+<@@E!ipefDJH3K%nwrZwGdxhMjMP{@_{b%A*wr zYO7Qg2jF!B>>72aB7}-cD^X)2UG6;|>LaCt0*!MMG8h1-mul_|P8n)2@}x6%K;fQ` z-Q9=E@I?3v5FP7p9J?Z&arGzXQ+ONVa%LJHJOb2%HtN0zRpqT z{=0)k?-CQm?w1?8Gx$9qC%bP%3Us+_ke9uejYJvkRxWDMJZ5}0!!DCHmAn-f9rXv$=)R|;rMs} zT5%n8TuRGwEp?;NXI$vhtj|hKD%!GWPWlw{>6i5M5se(IB~Fet2jBZGS3mTOQoijz z?k2|mkj%=1Y<(zLb%LNZUWr!hEP~!M>f|Z@z7v?++sf;L>^h^k;aUWji#f6h>)pVI zAKZK6&h+GHegGZt!_l3Ad*MiyzYDVq+VFZb-cYGpLnUeGx6C*3PUSfLP@ z;4RxO^sm6>h>xq^y#ci%_YG=XE^Ufq`2{pA_+x;G#j!C(^K1LC4#icBiYaw4GOz;_ z$E5SEPX;{y!w%j4Hx#Q0?Q(uKU}*)?%pEKd^`}wN{0nECgt%SEj-!Cjn(%)7gE~UA zF8r1Pzp%t;3*8v>1h))CE|+bgGsOX^vfay276LZ?1vHEd+d}vF`YK%f5K0*rWr_q6 zu*$+(l3)-Q<5rNsJSG&PavclLbgCZaa~w>e`z4w)eqhm`55gc;AI!T;xdDKH;WHAP z@&Yx6oiugtazuVr&V@T=0d1A+@?P0$qh&$w13YAV>B7i6{V>`EHWRoyY{>s?uh%4b zQX5&B+Tfv$9Ej!R=32Sh;K#aI9!(f-I8m86e}?gn{Tomay{#LLgY`R(<8CB9#u}M5 z-}uML{81BZzYQ<>mhnG^zoYB`df=P)iXMQjyE_=!$rZt-kl_oQb30_oauvJXzR3d1 zT!E{i0&uL9Lo9HSEAUw>5bj2pcni_+WiIcdzB2uYsK7T|fg`Md*1Ou_vxiRxPIB@x z9RQ!Z?h$;7#OLK56`yS9lW01E>qoBX$E-jME>EvjmWOWP9JS%8Wt_L*8oKbGhs4I$ ziiYI4z!V;MdA*LSMInSZns#=z^Ul?6_$|_e9$j=^rrBehEQ>3aoG%G#f66}cT?6qNARS({6 z_G)T99NL5-V0Sd+aRD0MD&nTfzFm-vM!+lHnS=D1P$}ucNcuWL5A#ukEt^G{ZkWji z2AM4Jtk$A5a3zw_Kv5eQv<8Nd1Wu&@AhyWmdGVCHpy`8J!R5Bca&bx1A<_#U<6x@{ zYha4Uc@(~e@P(oC48KOwJ@~^^I9RrS1)}%v!!WjcZFdkt3ca=?3c&Q{8o}l~E-Wbg z@CH?`nUxotQ3-DD$lnt=2ry6x-i z3eHHe#$6Ez0H;sZQiBgjmh3XxB6(|sh9s}7$_8&>-TZ0=Ob$?B&o5yCg$c)k{0}DO zj~u8O{jvz-nEb1rU5#ETZAG_uYp22u$Ztrf>HAL2cRAbqnc`d-HtRby}Yjb zpUP!MSGBebfgxcUSbOxr!rFp-%Md8)PY!`m{M;gs#-zOPh@AxIyjOUnJuK6P``9RW z#0D`6SY>z?bXUvD*QPfLw!-Wd%Z-ACGxDAdOcgdbBt-?6|ASRaHw74!TfPRvGjQ3t z6w7vA2gP*&37ze102$TFbW&rQ>cQod|Aw%LHa40vHXWmBj}QVh{mVf@(|-9Dnl9I$ zr0D>DZjq*gQeJ4vPJ*4^BQ(_>WSc+ao{fU0Y!EbMmEqS!;Lm7#b2#!^w3wjmsv~kCQicB`vR6xfs^&ab_$RDy zm!H_?*C)HyFi{ra=s@xo#h^>;QvGGnSMWyG&9Bzh``B{Xv4KtC{}B(h6jqo7R2mle zvv8fWZU8(*(tZYSv&RrP4&EwoZHz;gdW z6)4V>)dt^anNxzW&@CfBF`Bl0vk+_{zPCuQMOtYrcxYFtv{=4n9I>b15(%EH)^7UP z1qjHNVK`V92#3fGBCReQXkxU?q@%Wrw#h5*%yqj#d$+zBNJyfwY1QOcgT35iv3xi1DLxLEk-g z)YBY!L`+^5+NA5b%QxTJFmL|cx;~>!Q<5?@f*GfWxmx_(B4z5OJScPX&O(_6`4-Bs z<>2I_gfiM}ADaYaSP7J2+2L)CGFMMcnJ*3tWdza+$}m+Z6Gy}-BmO*4hsu-X07Uh0 z%7p$qVupJE58waDr$H5Y6NVOwK7BlXh*&G)t+@EHTD&zDCH)&#z94_a%=AFjFqSD7}D^Jos-tX!$Ilp8q zct<>8_)imRy@GwBu6S|bBES-Jf3qna~;;7+sD!}_AG>DEO#DXA+f zj|kek*XO(8(6d$aieUgo>rC!yS5F^4{IdJxtVmzDKQo?$wZvqERCJ6_Y zvGTZg)?K=nfaCp9J0w<ZstNRR-87m_$d< zI6rEDRT4(JJyhF5DRw(5oClkbIyLjS+S0`m!oTGG?<46anIlZfr`kmlg|m3ix_hnV z;8{hySbM8}Auf++k*{?hvX%ye)z1VMkfj9lrU#@|d6^3$kWXchHiR_Le#piNe#)iM zV?pDuVKVZasM9vcAP3L!&cyg>DSY>7Q;4lMLBDB;{>{?8S9J_UTHhcBtA)+*wZcR3 z4?C2*6)bY5>k2oO!~cCv2(Yk{Ey*jzxo$;i6o1$XQR+98mRCn(G&to~f(FX9Eq5r; zc(fF@`;(z@>5YQM=9khO8lQ*43Qq;=1r5G3?k-C&30HE*D{v70LXm*F6%vi(5!|vT zp1HDDebA{;NvDF089_JF_|Z!z{w8#9 z{rq~&VsHQ4WnJ;xl(KyJB6pCW1R)$=vO!VJtlHtnhV;7Y{6?a11wxo250Unf5!(H3 zCCX-2IxoQe85K*WXQ4g8M;q-LXEU}UjHN#Nq|zM&O&-@y;>@P`fFgpiq>;ml^wK+* zOA;JPD1im}t^l9G(D$wLyV;9#KK!9RHX6be}b;Ca42w9^*A zMmJbo{bjTz2%-a-Wf#J$F-{~&p3La}S^|i9=^N|%&QSosKZflc00V%@byJUS@a>}R z2WSPCOCVe>qV5vlX8@)Q5WL*(r~42td0Q@+dDSrJedIuZzJOu`OUXvReP?ILB&KcCOZ*a$Ksf;0+612?k5?v`2_IF3Vz znaLB0XesK{am<3W`5~s_XDO5K=g;6oxB;RlgxK?tBs7?F?4s8Bvn7b!B}!d zJ#$Gd@uYf5)F!-d9=m_IUi#OyN!3oAk2IoduX*&%bofa`4NR^HKdzvFgsFyXGu*xX z6A9b8(7MjBvdy*8sg;0xGGeYkY-tV|j(7?w*Y!QYY(CW_@KQ_a+)vk;4d%qOz@ADm zAh)f{Jt*yOBtt+)Nf*W8Csc{*?**n#FiRju7iy~z5NA9OsjCMR9425b%?Jh~gex8b zd#3>_xW}SHB*^qC(Zv&J5?i%+N%K{lV`6U}4yhn4iPWH%PlibAU=gNmOAKtZUUy4+ zBPHT{C>itaF;)vSC^1m5hh_9tE-!)5d2YFmB&4 z;S3*Tg8bq?Wi%F($21MAe#%OWr0Dl5jyiAN-F@aenu5c>>eO$l3F)p}GeFUqlAB#| zj($-yyhRer9w-r5oK|cGaFVIL{6iaq!j{SU2KVXc9MQZ0k!GCfHWZ0mNCelWMQ^T^ z_}Mz36F1Lh>qXG}!_qPKA*6SOcHj;RafjRhf^2UJJE7tMI@n=%NXs?O6pBm}(&5~Y z&7*=Hp0&`T$~lI&9R=R0&A=i_bgadpte@}FPc+K#i-a9YKI~x&3nGWjATQR~yvhv! z2xnIM)`m^uE&G1Se#wz?7qJp~Rqh))@_@46kR%YVyio*d#@^dU0dlO;`qjL^C%$ z3q5E%eXgBcR@xCEftJXT+EbzW&_(5_0=Lz;(q+rIJqxOOdDCHO;)REj&}B>y%BLHH zztnne44QyxRh7Rw1$c_Fa(=vDt*|I+lFV#Lewwqu9%LMtcOWB069}yhg}nCdhQep` zGuVQT&UciP(NTXII@%HDJFaUpIp<-#7~jZ7n;f~JpODx$RP+xv{tM5pZkdfXg;M&L zsWlzu;!>+uxR4Ho?O$EGv5Nq^WeQbF?I8cxjb@-Xwi+W4c3>g_J4F`96AAz$S6agrSO!Ehy}g(WbAFaAQ+HXg+#Zq7!*o5o4s|P?oxE(2ChcGJQootxh0X4H~-<@S&`c?%XZzEQDWSNvVkvGSu< z9_BAGm&Lc6%igRNsA(HWI&oVx7jxNu=0;Jk2>?4FC`#CN2~QOif@}6f5J_UQt%Hm+ z)j^XZsCj2gq4#kM?l^L-{1GH}OYtVORmv~9FZh1H#ZW}A?*nARe*zvE)-b;EkjrQ| zlZG0}B)wvh?N|(X_)R=1-?4ajHzWidkFrfNTNtwHa-}@XK$o4Z$siL;j)+=hooW%fwzVH>6b;nz}HwI|Kv;&{dSiaIjC-Wg-WmgGZ^KL5mli)|E#_0FfzOzr zoaT0N3m7=?=Vs)ng!6z?QQ;f0E`NPZM1>pBe#A}vb(O=y=)fZsQ#Sm3tl`sR4Sz%% zdHp=vJ=O^QFM-KqDi%BFMwYD)aeY0me9Ps>f#T$+JB6B&d$BMhTJ^uS;nK}sJB ze)TGK+4sb%aZQ+0-Xfwi-H6ruHE^(JBq4dz-qPt&4Ka zCd#uFoHvS`5>&cpLq#Dcf$8T@>|D*^L=TUw$_D@6Guy4R*#-yXAjlAh@G}YvRo#%Z z>t1iN_WLmPAC^5r49l`J?H8xef}b*-n=Ek-8ygLZ!{jA*19chUGrcos2V>t6B{){8 z1Y?VFumqc5=0e|247lYy{G=fdI&EE-+ta>ey=h-uvn!$@Bl+!;rTkR@5hcee+am@e z_0!&06A|A5y*V9{+*?YjpciPK%c4HQ80Fz>egrTy)>M?ZKGx~Z$xc7SPN%9jD~N!7;;IC&v~~(C zepFE80LVY+RoKV7~)2Vf#+&UdwG#e6_Wh_8K;W#6A+UL}B zjk$6MOJgPn&qQ|WT`??n1s3R+x#)|BEP^_Fa06dlMSq8agt(UjgQ!}+W5IPWzEX~p za}2&w{898x!0*)bBGZ%Jlv^-FB*CuaSuzTLqZmx=2-5cQrZaB6f|KJ90eQo>}}IK(qWN z5a@fuUlleev*>{yy*|{ux541Y*r0}NT@Mw44g^GF74PJ)a<?Up){o{}-Mv2yu0mV+RPf;7SB5{qbM7|@F8D4vbHWoZr zJHbKO6Po40P+CKva*e14fo_i!0Zddv3^4eZYgT9y_IQXcM1Z~7WNnxFw0 z98%~z$kiV1GBh%)zHh&RpJ7=H4%+`=?(O5_E~@?U6pExgZ4{L7B%u^(@hK=uu!xIv zbqftfq27YvtrnyxXh17Ljizo^lWx;iMQ^=SZ?2+7MXd-JN=X+iB=|*$iWU@l3=$J#0x>b}3kx)Sxu9D!AjW-ba`%OR7`B*CNWaCiM{KSTM8~l~Vj$6WkN^zW z0%S!_i>v>~k%C{{;zU@Aqrco|O~_r{KmbcrUhef<@%j_*5*;5l48&$DX|(D4LxN#S zS_v%-)6f&^8Y@(FEf80aH|JSfLNV2OydVf2c_Ua*J=zxQ_yiD(CWB6ZlVF5?xXKW)wq#Vmyuz@cJ{PDd{L_$_Q1qZQ z$_+{aVHFXg))Qa%Hjos+E9{tuD{rOx;>beV$eu!%TB^7AW*@5`e;{5BB;-KxrNj~K z_)Ur(G{`cH#`OaJ3ETAU>!DJ(I`3WxV@Mv|CF000`2TcxWe)eTfv*O)2#>eTWM=q~ z;$vGNV|LvF^`4jJLBG|dl~jV8+5F$ys--%bEGwiR{)1$G5~5@A@UP>=z`dv_D*>|- zx)^(|spADm#wM&lqqZ74Kpm1d=rn%YiDj6%0I>nL6Cs;0ps(rSLjw0C?~!@{6fc_E zx#H_2&(oHOZzxOBvxEN4#}qWWK^q{~0J=FyZ^Sw{prf@wH@&npeQBQ8MI=J|1guhAlj91XVI z+39CO1qb1zv9A2n^BcBGewYoxUhQoq>Tki(($&-BhJ*&WQ-u~MW$$rKdETtd&1Ici z@f@%6hwwi7J{XF^m${*AxMz-TJFVH;aU$=jWN=+w2BN@d(0?7_9S`7K8J19n)f$#&3X)O6Zrb7;Lf^TUEEh<_dTYE9PirlR^;)`+qX3xvRk0jXUiG1B&}lh?EOWh*M*C$ilC~e=mctdI zY@_d9ij5n%bWi*CsEJBea&WyoKD01*ZS$K2@a7PY*d(zef8p8640yrK$_!9@ z!^lb;gs4u7)M*5ul4R+{1;MX8{_YiCx~l$Bl0Pko2O4T|T>K?6Mgs%)~C= zoJPo$T_Ump#L|gU`&RchUk=LYlv!j94llWbh_ zb&@5&#lm970NmHY2VFMr!M~xrab9t`LPk53KX0)wkz6Xh1~HWeF>R>n8OT9be1@t= z1q%-1zv!Z?LbsF~MBOH^;Gpt2A)MEzt42FRnU z>$6e}(CC+QrOuYZqqDXE*{u5*2-Kfj%l3BHp&M~!evdj--Iom!viQApW2t?u>r>t` zlvZs(n)IVn=4LFY5!neuuNhp@2X!}4Y`Y`7FggCFqv8Q7RrW$oJ+U8CWw+hFZR(%u zcI}d~(S779nMZ~i@s{OA`n#NYwF{FmG?kQyc2#|zk9x+ZI(POBJOUnFe~?xsAb2*M zQjcRE`e2=wfm=))kFs$Lka4Asd4-2(xjZP_U;GGU0TXw}IT-AJg>!nM-s3koXMiob zvpB4&c ziI4@Zs`DyC?1ke$uja+F#a~d8v2`0hz=q8NPkBcP_vvZf*7J}MCgw6JFkm+NNx0yv z{=_YcygK3f{*qFpXu?m0uwSIYJb*QyW_-7lsQ6byC?2IzakWkEQw|OyG1ei((WF*~ zU}CArzx~BU_)9LWRwEjaI!%pWVoBZ(LsSQ?CUh#@#IMq43Cb-2(fj2INY8|B@%x30 z9Z?ncDox94S~N%M6VuAoBj&QIpI^xuespfqu1HpC z-~xjDnT$_uf#t}u0yly#I=^%`9*Sz$bd=wRW`sd)M6htrRdzFB6$c?3t2DtL?(Ws&H2?)r#^MR2be8*kS6*7>mQJUu24ndv;aNl4l1fKAv zjQ@Ruy+0Ioot9s+z+2q$NN6oYG-&}0&|tpM0P|-g-GW`~w_s;oPNUF+VoMS+uTj3l z;JlZbHruOcDD7aC2M5dte8_C~AE0D^@kqf~rm19nRuec1w(T9*^RYue78q9r7_7nSt<@QtUa%PpwBREN;`|Eqa7axqUA^46(OA+C5Ty?ZlrY3dosLpy!^LB6C%GloR!~+~o8pVAFuf_|GF4hG zd0*gcIbbtBPR{bx!i$EG99_-s`w|oPwkhI+79%#;Wsu~QH+YVs#oGLaOdY4OG zVL~s1x-p(o83(~~q)pC2ND#0McD)m_PX71#wFFP@u2~w^eo-mNVc07(pbHb((knK5 z*3!w-T1pWlG?NDrzw;En8fEvydDGC9AWUGAup8#KR(Hd=Ps$Ip<7_L;_{cCgjxkAB zFB-!@30x#hi^>i-w-wj<5c9DPmO{C|UPe^p&wf6T^Hh$R>dFN4ArUr68`j;e^5 zbwCdr=wSmr?2ZEHG>+OADJ56Rs^rzjdqM}YU7$%{1a+MBs6|$KH~LocOLw2p3>Q@2 z2$Rwb9k4^F-E@FWO+#Lqx`0gulVeIq_fuHX(w-IBv;G?CBGzx4uD#J56w6hvx0LJc z&uv1>HPf{xDyq}9rT)9&K|&8H zHy(8FqbV`vaHhis1fL%22f(obnYO~#*aUzK_$DJ=azkM$q->~;uTpj1 zf$I|c!eHHhJHl4W3nNs|q;;&P1&71V1wKJ0{5Ou4u)R~s;nFNbK-&u~MXd7C%LCI7 zh&8@T?7thG&mv&G2Z^DH`@P?{c?w`NWD?ckjV*m zBGSaY?%>D3VPopy$+IY!>8My9#Zvw@U$|M&4KMpu!){IEW1KN%U@{C$F5{%|*UzE@ zE|rhN?r$(Zp!jADp`#I!^c;v5BUW@R^gKUi6G!5b z`SZKw;d~JMs&U=Rs3O=Zul=-%yru`!@)|f6S9m<9oO}9Xo^zMkFZb`uQ_k%G9vI>l z*bkCLey9dkmEAM@2;aaGPDf>P3dO9u<7+Z3V<6Zh$JAYc4q==y2t4YLsGJeC8FNOc zR=f;&#i(MaORKhGaIwHTE+mVG-|zAF_h_!TOx&x1 zRBhOG1eOzsI};x63bU$bI1j0SMFmwvE7oD0$5c4by2rjM!-(FDxib#+%vAw%C5K9x zRXpw*b;nodsR1zX6=IBAk@?0_@i2&{NhyuW zWL(3v)xK&JjMuC$y&$U~kyxc{_Q=xp(H{w0g+EmXMn9snpn$m-0_z zsM^(7TJ-<~4#Zje*rHPVrX>TpLHB`oOVswnx`QTIZc}L~info#K~ajjmtN_EyI1)n zZuPvl<$gbx4!$s*OT6nW_o~*d0xlXZSojT71$zM?11Tu241&KaAg6S(_TBqBp}xNb z`iZb8<+gJrxd$c$Jz3NZC=$y;7WtDB7x0C!$(OLFl{{k*;{`R_(AzYv1H5VnM7)p< z+fswkeXqZfJFzzKJE|p}q~bZomO;xH|JWPl%)Ip!@4912D`;Np3A>CS;2bk@?~CQ$l_b zdPm9~3LpCtoZ==cu~_O=KmmS+0N;o?D4*(KOcg)diQ>cJSvm~Q()F2M+Z&5?pkwL! zHM#Y4EZt8a5=4*3v`Cv17_1edUuQ)Q3FLvQSG`KEG>yS*21cfn^N z{D9GeZ{`8Z`vLpmvUI@y6tyhFgl`=|U>fH1QlT_MyMI)hfXw~?eu2_250vJJ)}b_+ zAcx_MuT0dT^Q)j*#}nmTX{ctR%*Z9{rgO=yHtj($uxu1Pgl^I*- znRm3$yT$TAy$N^Z^XTOT0g(bZ+ZWt09msh;?*jpdSnZCZ*QG4NDVzs}44J%#bFuWy z%zV0Lr^SEwQ!9R$FMeWL{J0+c7WjusB0F@JJx$@|VB^4x^3osQczQspPC;`I-# z)%lU|*v_}CD%i%ZLxAhFU6vd2T_}cfNJd$>5jMF_->xwVF8px1G1mvX#7_x!S$40y zNbEYpRP;}dp^b!>d0Kq3%Y{aS{jH1dxcNAK9 z44Q#Rr`z2twj++54M$ueT(@{G3aA29i&`A`SgdHNOQ7h7)Ci#&i@wD{mJhFuslJ6= zNq_=o8X=`n^1G_i;C0J{;BQFo#2;v;SmPQJ^|-T}4$4|qRI>lm;82C^!EfOUD}c|2 z_0 z+)?W9!N={tops7sW`I92*bb6GXB@d2%l!)IBZX7BM|o)|(VOK@*$PLcN+*rE7kM;FQflR_Cc%PO*dr^KS=gqP$WOd3Hh%;hPx*pM7= z6v2L>nd6b^T`8E57?J`p>fF-~*y%owS6726q%_2$u32D!iXz_G=#IPA23|W(+`E>^X#AhE#HZKXlT{sChw3ueTEA<# zyZA!-vcmo3Qf;IH8n#Fy0&01FEsMa6B>JZ#K0YO;y}-%K;x_;8n{!R)Jtx zvmF7alMSbo;ef~lX=r4FmvePI<#7cwANei#uNnVw<6FC=*AGc=>-Q{dab&>=OMTfL z_|w1dTHXC;DwJN z8%eoCA2-UK?+c=way#Z3*N-Iw?Hk-D zw_>SY2#Nz?*=rToY6akNmdE2K|LwT~Y}{Yu88RPC4IV8>%aaFqs1k13R`7F~q>@Qt zV;I0*tqmw)5CpJTHo9q?l4Kv_JghJ3Fv#^Z*(oG z0d&$6Hui7d13*9A0zellphs!|{ksSB{5=4)nt%>fKs#yxebNKE=f8GOqc#G%8v})| z{iy~}*#j!<0iefj0iX{9kaE14lfjg;{o|Ieof(SgneKXmunP>RINw*CUB6;bPCvkU zXgN}@cJsLig+*fWDVnc*F^~zZ2Bmsknp`t)TVR=)@BT5oCn|BOPf&+ny`76kmA>aK zrlN28h^-FV15IKJ1y5?v5Ua=A2Q;2CenJ?htDa~gTpxCt$uiO{!xbIshAkOR)OpZh8jRPz7?t1@QNR#`lCUvcat74tzWOAsN4zy$5v`O5 z>~i?tdp70+k|(N+P&}$ZWB4n1SohmXtM1Paz=z=@NK~^14i{(zVCVBAZ#2HkZ&~3v zaIZYq%{@ld>vQ`nLfXTk=)vjRwP&v<+wsK5(J0@d2%_I@`H>C2;W?Y)LQ)p_G@?BQ zEi0|=bJ7jvebxE9i_9Vu22dtI(?)1N6Uo(GoZfl~FESWk>lR;we(}4c+9pmtlV2EA#QNH-jCz z;IIk364i_zsPj2#Lym&Dh3G&gqWt10_j!cQqm~C}@puJsMW{L;4|A28k>ssxuskHN zE8IPaZmwI4aTQdyz)i}Md*}I6(0{>_!Z2FpAc5y+M>jUz$)qI71_c@|`YY#!XK6Fk zdFSJ&92FH0W8${0=i5qk|60#FSn?a~vLgDiwL1OG0IK&j{3#O-%=wQW^XLiF{j$%; zaC|94G^tJk0@xp09)cIxvu(KP7sv*7{j1E-ET6W+GO)*S397yx(r6 z@-Fcc^ho+Dowe9Y$V|YDBtASlH%sJ$>^-)n5R#J%PjAf(EW@{y;`3eHgBN6%{4z=Q zgVqj!i;)eFqSC297TLxow8H3YZljdzWW$RfDi0{ejSnz%h^IgZWiTeMF9}r`pLy3cRY%h& zOZo0eIS?03XYugL>vRGmUM1pP`6C7QsaQA4B zCJl5#9>nlBhzi54sJ|=YZ*@7_0cK?!%n~a zkePfmFcB#x^`^8Q#!PJ{T(tFC)r4Jw9nX9}-wDtY!XiM>d?JzE%oZ^=d5n$G5!u;% zRHTJ9OZjZ!?w0<179XGhSAPD_YA-|WC;VqAy9`v|)W+g0fK8V|5&?@9rR=RJWdj2u z<~B;5{@ft`MeL3yyJ~1vHY2r+Qo~Y8Z8rdkAiPAzov;vtTp2NGeAG=&$dwPPw1}&^dtwo&?OjZ_l!^It(rU{mlMjGNO;`h>96`T%MsIb98jvLhe3&m;}@9Lpx5)eGdmxs-0rJ$!|H! z_v@9Xp><3G z5LN<0zz0zZ#xiOmHXK z@JQrOm2u_KEQ1uHlj3j40uXg_*_6Lq)Q!yMLRqBSEJ`;O-S0+K$dZZt$R~Zv-z=Kt zRW%PZi4`ngI_bEvN3L#g13p)@YG5&%y#VMnBu4~DYky#D_6}dRE~GPjZUl)PN$yd) z0H>GVY>*E1W$QwEy4Ns{AVK&wB;5g0$@lI@zHD7c-|@K-BrHJV!fFI{!Y2nd7epQ5mg^QMaTV1=*IZ(3A&*ukdJL@Hx-SAgYp z+FG1W@Pq&A`EP;!a!XIa1YdyOD6k>I&GcR<(80!St7lEGN=y} z^ZXwkH{m?~t!2n;7aRLhF#q7oxogI{_QdO8*ca5P2*A1J7W@@8z+q1mT00S`(rzT7 z(hi*LJ8(@KB@|jrUSrKpqky7&M8L|Q#B^YCwn^L64}B{1=4csBTfEq}IF~Ix1;$GT zLglXc?2!k8CA{jhqs6^+9<(cyR$i^icf_R%UBu^A06Ci5@v425B&Ah5OrN{Kny=C4 zE?xv=vP1?IWe`0Q3QtCAUzxKJe%TH&5`9^!Kr#*B^y{0)>@o45^rSfSWVHSWA z{)i^wpEWQ&k3H<~BZDNo&l7jJL@e+mjo9iV>WyZ(ZElcg5!Nek;*rPhF?vT#nK6t4`&pYRHs66uD%=b(-5L7i-9<2+CaR{pw|q<1FuJ0-=9Y4HYktB zH8eEoLGrV=b?&sbF09{HC)+y9w^bOXoe=Yrz2-bpzu3Q_S$$N<^W|vIT9iOF&Z{bQ zF6HuWPrFlJg*KWvZYWeIGqOF0+ zX>47MdreBOO6F#nN#4RoswDPILQTJcn&-kQk=Q$(6+6I+8we^`4h8NuKf}V>0JBc< z8RUsg@E*j3$@CtNPvJ&+iviJ@sY0X)*vq_~30v?7>RN?8_2~5H=O1>E_SfppmBQS=JZ>{MzvY6z*%JHwmqUzx z6T(+m-l$Zl#3BBK(8;!dL04xUXVcI*`f#w)3#at8?!SJC#@S-2tCN==^8G(|`;U>e zRP|iTIV%#n_zr`EPFph)c^Fb09d8f>WCh2UsM+0*6Ei#7l!*EH?pGJ+I@uA!mH?DB z9EQlv6k*gGQb05UZzzYVfHz?9kfs9>Y2_(fgb0)WcnR3z8qhj95p+_lvZJbNaM7ya7U~Atm3JwdA%(}itIdN0rzGi`$vvs zFJ@;#0dL@E7>?895`H*dB8f2-{cxb;7Wm+eZ_`mxP0hx0hEdV2Xbi7rR8p{$=ch{1 zp7cBn)4#nKJ^vF%C|R>N{-6i!Irfm(;8&rdevCiTREmQ}@b-xR6c7EXQE-Qja+gyR zdSroAkoT_Lt7+5p*Gs*fT(WRTrK^*NC@ZqtC#q18Yo?em^(4{~KbnOT(5J%!*YQfm zO-_F4~1`qVqIcQcq?9HEjHg+xmNuERA z{xZa3m^xnR>HTPwiv3EVqI2yMOU5KUu7_=M-Leg87IT|2Bi*3B!v>&6N8QeS1cS$h zDJ8E~Tn2cWB3tJQ=p*@cZGqZ&l<{Jtg{0sYI7YNX}xz zyyh+sAxEv_k(KE(@Y(QLePuO1uiqnl{#Jv}t=w=>N0Vvx?0R(?d&KAthG&-x!)pbIorQ_qoGfi7WVc_IL+Y(LfAm9C=vs+kCg~N6 zEHW_X%%%&pcu5i^TBL-^CwCB7Glj+5KtY(8wj0()Rh+Orm7zM-x;{ zVp6O-EhNl@Re-+poiX$|9=bJQXkT@{?maxMi)Q}|hg7@#Ayp1%m|`IU24OVrG<2}= zk1<_!ePWDGGXXwD%|#v-<^ z4I?eH?gYsJMMrK7hW2~Cq5UuOKwJqqHKluo!111Mirf!^gn^;MbqH$UOLurSr zAPeJ=h&4-n{D9AUzx?1KZ!7VY^O#!{S(5&{ESA6hp}leRyGMQbQ{0zNo*VV$49~OP zdtfzTX9kXA3(8~CE`12hB_Q<%7{jP0FRUpUGskS6>^fyBJp#mpY1p;_f5KSsyi-mG zQ_?@r4D3SsiE|=!sWRvVPhtO*B+8Bbhm3_M%`v^3Fm9 z#L{hfR0h?Jib+ccNf|%qB)&e-PaTP1sYx%J`15!lkAc)I47Y&b;7O{O+ZypF(82R0 z3n&|LL1Sqdhfp&m(@;#N@4hAK$~RFhIotr1dUR!^P@thKv%bfGmim|@r{r3sir*9w z;Wx>x;Wv+G+NTt=uf&)g8e_&guHuww%%xD4PL|dXwf=hxcg^a*fj`q584g8xCSE<7 zqt--z%WwT?KH3tIU`YFjfx~Pi31ys;PvJubd0Qub1>)CX!oS9SI48ao(JlbH$s+{f zKDWd3h&ILh$HJc4xmA;;b<(-}3Zt|7M||hNs~#)-3r~;Q=N1;#yoYCA9QMwEcT1xw z7HV~aYsHiWE0!^v%3v^+!N{D=%!8{l4?vn{EEW6Kn=Q(#y*d4VT+8y@m@**5bl676dN01zgm+r?}j!0mX^0$T%x=Dn^>NIQk@6$SF`yLm82Rz#T`d3&yZ?481`v z@=Qo-kcQw#Lk<+(8hXLR+FtmA=*8C13nT`LZe5exT8sUjQ1sS%6x|YV*$qXv1YBZ@ zZdsGtLWc`dXd_&mXwu7<r}u}#gz$!F|umcD;CntK4%SwATL>(jpcF7)N^zAu}ONc-|Xm>jGLt#h*gX`d{~ zs#}0rGF+b{^Se@NaIrIKN5iT4%~-x#?|KcN8KG9`m*@ZwEObx!fHB3~XLJl|_Jo_o zO|A;x`bulUNRdPvlx~9%s^E8ckfnGa*COfmZjWET{Tv!5bRB=TOFZpeot=xCXF;m?-Mao8!H~`l6`zm#sFqs}tiqhV^+2QsA8)pSp(f!u2$ihr;z5 z3)bkgO=4@D-XwT#Ii1BtZv`W zk3>!1O3Lts*n#&;OWk8j^pY6Z_OASZylj{s7`O=hf?H;n;UCxiLt5l%JeL5>i%Oqm zZeFVeEBY6#wJIz6Tjt4_=z-n?$=}hWNw?%7X?{=njyw@RhnCKKH9|e`is@Ww2-OIj z*By)Xr&SS|H?2};XI&|^A1dh(1gTn|m03tmFCUOl&oV7-9-nR zs7yKcXMgug<&*Zyz4rMj=azsBz(Zf>|L_ZsSIvh?_5%H~4VV{17qWEh)-1<<5pvV` z+%?UjbPiW@Aa&7-h1E-?wQpc&iUc%aJsN?;rpt^iJG1^#cR)`$Mh8^JYG-nz!bx2S zdL+RM{|_GqEK=bQV-=91?jr#S@o%;8-*FVBPn8Cek~N6?hYn83dJ-V|KF!B(;Tx6r zZ@ROdytl%tnq=$mXEE@ipQU0&cmX=6Y~<@v>)+~AYkzLpJZJAr7}knR5Us?Jy5Y6R z0QlAEFkD?9@C`>-0X~C(g*}TW`vIWWjg93D?lzYL2+_OQ7XUX`}WIieQwGrE$D|-DgIcoRm#ipOp#)Zj5%_0 zO0>Op)tvxsFN7HER}knIE)v{4ifHOI>%TV!tmgmMTN0M#4fu&dp{Y~SrdsMZ^`oQE z)FBGN^CA_^yJypBf#7QXNEa|P4Q?;Um1yFvBamoItrHMiINr+p;Ng+VMJrLQ%9T>K z%Mf+%Y)UD6mq$dGetQQo2rI$3Q3dlDaH^z8%UlSTE9VkPl@89`eyoWC+sk9&+?8Cw z68|)te?oUG!sh5I+NgCQX{(Y7xGopRA1Le)c|d=pV4@fU7|vunL%`iOeqfNtnNjTl zGaEAt2a51Qn1eiCdE>5HE0lUzK?aJm#FTSv#3wSncL~Gpz#5@9bg8&Ao>w3&Z#h(b z!bS4%v1c%W?(sgjds5}lA4?VZK356eyBn6VFNgq8v0v`;gVI5NnP7Jh`YJ|+U+MA& z^^#GFIX76KsCQSOvJqoniUUp?Xny2xzA?P*Hj29f7!MinF#|iAohQu{i4XuF z>NZDl;pr`z^_Tgy{5+bL^T-KyKJ@=;w21Luam74Xl=t!$<(W~LicmQUv0BC`-9>$ZvmfT^zi8Y+u%$dQl(l)_oZ@`CY;l?>Zcx2%zAQ9h-^~6e( z7c1Dl3zLqe9hTn8;kAF^hwM6mWCAxXuE_h7QdF<?tzEn1 za<7WJ$QB*NE|rFeYlG+`McM}WSJu>?2`1?r!o(DtB;uT@*2Yzdh{-+g>&-#sdR89I zZRI}*%DymneP-Y)P(FQ+9RtFPd$B){D9+LD7%7`+o#7)}lW zpB1`q1j9=6r|ZcDfsK4FFP|-2t zg8yEOBtpP+H2(8k3l<^&ErX|}4BeADbPk?X83_U!_)sTV++|VFX;uj_Qx=x{0z*<8d;P`8Bd{fwT(dO zY;gOYrC9Y&5tZ&i46Get69$KT2?YK!IY>P9xQ?ATP#k&c#^Izi%=q= z_6VhpfYQOJB3zM9w^bDDNVY|XyLDjVFuFD*VE<@HI9DacqS2Q2pr|^&DB+CR?gq0- zCJNW*xDnK6X0;cS=wHfWn*k7HN)O6K()EFyeHfsZNp23G;_jrIQG9Y$D0F2}f-4#t z&?E%s6?9ULCTKg(8@L3DGI5!iv9S>+1yP7>jvIZ#=ErEgF|CBnK?}vUTuVxJux`&`N&6UDfzeZ9a7w!PG?E@wLj5#(M z0mY)Kg+oA0E-w|jH-IV+YqMh@REMIik>6xmA*m$7g;Q!iAxW_kE~xQ$f4((&aauo* z!pkhf7e-oNpD%*)k}cN_>-J%xiEQ_Q+33T^AOf{f?0G)D%Wtlw;oShb$^&{a0lgZ4 zl>4;Pe=&)G-pmhvZS0(AyZElB@s~HMcGt8f(fC5EM^=oTxww z-PZxVQ;~yTGl-st{kY%OfY~+%b&42ctrV&FIpC(9{G^|EDgn4x*rR3Z?2G(LdS(g% zKG?ng1qe!CM4K%%-e?K z(-VsR_U@XT+YWrM{4-D7*`E`&P44x3ysakzGinNB>$s42H72KT6CvTIYMSepb z-?>ar-bUppj@TM%(=?K*^EW9Jg79JfQRVFHWSjb%k%MpJX`g#)f7(`W%i}k~?2Rk| z^YCbL@$eCQEn|BPIH?J-Ko(#RgU10`5i>x$?bi%Rg~cI7HF-+#g%E-Ozw&1aYRE+2Ud>%(LB4G~U=XyHE3S{r;TZ%te2wSqOLI+wEiaw%W6M{U<6 z7q%S5BMd0a6JsN18d2QWj|Dfu*l0Y9th0R9I%bK?LALUF%59&w{SJ8Q*$2){bID7j z4PnCFR={AGJLWiQP4ho!p?%*6j{#rT-E(~%HLC;tczqOd!1J7Kv?{jIcNiuo8~vi9 z3kxgfjkl0f_AhlK$9f7~hS>}}_$?BEMk5Ua)Q=uW)!mUt!#?P7MoVm43Go)tSK2P) zescc?+X**R4aueWW4@`fzepADH?mmOyhnFL&qs%8O1WTRZif%OMe82I;F3$MFHZX6 zlCQEa)*9+fO&gESaQ+s>#xp-KR2&A#251tKm|!B)3vvuYmC4%)Z}1XIFV8}(FJK)S zlSf_?{6605{XVXHdS@^((%xg89Aq83m~r2(i=u%+n8Fmyx4x%aN_Sxdrd7e9uI;IL z!nL&G&ie=C15dzs7=jp|i0=pI`=$EEldSlRMKh2aUV`Up5aloU`z+}{cV1H-FK#xw zn_zc^QCFi=kOJ@kqJsn9D*#=F(cLUj7u)$#fNvi+uOf<6_4kyS$GtPztCk z0w}uzNh%BCi-)J~#u2>s9omlh&zJL9(pgh(ehOKN&G;k$yjqEdsmbvR zx}Q3*X}Ud1D&U9R3*k1B7Ea=xxIG6+#SSPuc zCH!euhMvjL4SDwV#vLMTVCu z`AAZ%-rfUD;w4`1V|!o9{-u~aJlPaR2fO8~&RT*#P}tE4RGaI^P+t^3ixQ?z6f^yo ztAwy+u;+w(;0@x&g%60-k$>N8>*Af3jLzHxa zM#kKBgHPXN>0n#xd|=K^{HK)LRBFF}@Af9Xop7Mq5SnpHv&poRAstUWnf#54iy?6+ zes88o!!Y`f?<~&#-o9BlpiQb^*~<+ADt*HTMG+HrVk#V^%`yDi zOs}rL2JIsmMtr??P43!S2jmnK-&g>afWHdZqK#7fkh*KnIU{XZkOSYJuaYZNFLXB{ zwFQVOCYZ74f*~<%UFv<>@|7ZKS9NUf@MAb}vNX6^w%<|rR1DaP9-2;m1I#hL3v>5p z)+(gCJfw9Vk}Rj&j-s=KQvjo-IIStCcp9bPoIt*JH9c_Wl?N^4vRq zOUo1(=$!^jT0nVGwKpZd!?C%R9QPe<^R0>kia5r{YeE@lj7>))dR-=ZI^g?v7~?*y z)GVWsI7YYl8MXJ1x$`ficnC|5yxX`P8qT}o_^->Kb+Pw4{zT2XPoo|9F|7MsC{z#w z8K?1j_W$Ce&=$FZLtBiM20nTs>-xH!5K~rMa0@k~+_0{^FZ?g@Swd?2@Z$dR2;Z3G zBC94j_nptmRX+e~keEI}!$9i@#87qzeTHUH*c0^ZeZFrfJbmKy>5~sWpN{!-h?sy* zkeoQJ+?bX-yQ*A7RgRIYm}vAAd2`XcD;m*s8Dsix0a-N)LGxJbn}Zk=h_f{lb2>LsxBfdAvZ$dqft`N0d8%noqiWr$p?HB(RSkFTh6p z0F~O4zLeq_^<8xk`V2 zHb+4Ep-1}ojfX`WnZoU`PDr*h4lT4*;-kB>(A+c!o);1aDJDU0J^SMd9*q*ngo3jZ z+ofzgm16nX8p}_<=gYo@KwuH|C)ko0AH+d{xRUykOaw-=Q13x~8vAOf@3ESTEYdqa z@=l|E9zI&fMmH{aoQ~d)d*WYmqnun3qj6+`A8h*zw(Mhy^j%0E97sd52Ky2Flu!uq zuYWNJaVhMB;LvCO)XUCsj9Qz3(&OC)iU!zZwMTTzCO^r(_s5i97olKDh&C=evUHHg zB}%BM&xAf71Fqw#N2TLtuc#WN)_9QYeO_*PIYjC*Nb$iwb5@q+r+9yrdiEuIlvAC`o!1iz-NnIN`?o#Wq8Ze_RC%WP)de38wj=V>;uG-KCGBZ zX}UPHS4xXp^zu__b|1J1144VBkF|@&MT}OGOGMkG!y9}Ot_LUpDaV%%$|0uR6-o<8 zxC;UFAV?`0^D$^MH!q@DT*df;P74>MOkD6Lay%K>?s;Q5%DVcLTlFtoEu0&oKdhzMA@lLa4wn{wijrbaZ0dPJr z`#f;K@#37!I^NL5gURs8WH!AMXu9O@(QGT=WeSU~Qpybi)<%02VKY05Xl860)v*8+ zC-s>Sw(41ZN|P!`@~qyVtZt=*&HLQfh0M1pgaOt9o3mtK^S01`97pZTJ z?5I3e5u5MT2s(XSkd64Gv>2E!ZUmoXJ)fYL+Vhk-)`Yfy;Xa1D1ZF--E&@!fQG-T4 z?evNcfD#6|@mpN7milat#HKtiug!>Q zH~BI4$c;iifFXuaW=xHQlU@XZB{fwPl#q-Ggm&2@Bwa<)n-g71eA5_}0fBk@Z}-m60;O_2 zz`aN9sda(;Y&L*g0!ZlrtiGPMP!5wb151QlgaapEx$3ENrdSu;CkU>Yh>=7JiIY?g zqLVL4cR3(8kp!*@V*>ImS1OQR+=ukiZyr=(azT9KjzU6;pErAJi3qRK>@f^TBOtb+ z>S*y?{8cpg%XjEARUKju*bt<$$LFLjdKzV9rHth>&R0=W@T}x}5nw*(6&s2)J6z7680%=&|DZr+sr0-Jl9q@$^wE7UJ z*oA^U5CKh^DpC*_k@NtLF;tWRwC=}z(ld^U9I6JkvrV_SwWG`p15EhGO~}D z*Y!b$^96#h7lH-K7GG3FK=GNYeHzH9>WAx#*jFU~!D^$$7Bqoh7#ms9$ApnR>yKBl zHH*5(h3dCyxd9g7(TJ#~a*ots(UF5v*nuq*_)OZF#;!~icJ*ior((J60c)S2XsKkb zVf5*2AvLvntb(Fn72TR_P;eEfn&NKI<9lt_P8K4HiXB6PgGSPA&wT5WyXlvz->LxB zJw65+<44;0Jt@ZC?~E(ZK9OrygRo(Sp#ZnnC<%$3LBs3GPgHH(S8wP3kB7Q?zF8d~ zX&kjNZ%v%?BRL0u1eI`)#^DqHVQ=@1Yq_`M1W#~)rIw(|*KiDT;A zX1;Vvk1^0hy(dVhF+c%!0%hF&L^O@=&81Z+heJ)gkpvT~n2p_w-iQ`7ws(y^oi9Rr zob-sYrU0JK3dq;Ig&v)EHDNOjL>X@c|CUxwx?`8KNqMv?Tt=!LFCIpdK?=iDB#wqO z*v7F9Y9P(7<-O~Vl)>;Xr4;M@Spy{;3-u~J=z$fKM_T} z{x-s&jFtlJvX%`~`bOhH`UdZO_Y$=0Lv*Nh2fc!|L`EvDpAF-QGtYiTZZp2!7G7z7 z=TT%)8=uD1k85G>!OVcUtpaviK7GG2b3$AN!|AXMsEGcga||3Er?t6(9*X(yF~)yb zI_|!>j{4FAddc``8!)!P2l~FdAcmg2R`=+pi^tHY`a?RFXpCr~u2o7y*Ip}`=s;U9VY z@0=g^RS|2LZqPLU4=*3n`R0JBpKpWsIc>hNfPgIwTiJBJ{lu`4`SxMlH}I=xI^Srq zJOuwm^G%JIoNtrJi02z~WWH&UU>QK4Z&5sCzDaJ)e0w%D?~BpAAMPC<%^ByLLgRcR ziZ%PxI)?uOhLsFM>p^j;dmDw0-r8R=-ZGSHM1% zbaA7OAoulzX)JsRqH$2J;r*>PU?7*QR>c@U- zp^9Fjv3MbGL3!iT2MT4lr96;)0;ohyU_OT^1H;-T9&fq#GOl#eJxi;&El5iPh{$7! z>Gf6r-eF4>eU(rItC(QqpeX?ge^HK8s1?r3tw-(bGed2*Tb)R*dL0uSHi zF7dgqVXiFm>5FBeCv>&|6vT2zvwMv%3~QuG?8x&HbFiL1KzWMw0qdPPUlCj>>+cH7 zbpzc4U^Ul>VXjUj2aH{MUt#t5P6)%D{&i^#uGX!(V;ea0@S89KP#Z!fcuo6`0xS+vVMW9xCEJLU zkhy}l)UgI26NQHh-9WzgU@)@T$Y7hrq-fWMhe@*%?N>RPH{qsdHJJ=s)|WC~H^V*( zEYpxYfDJLY(%YpzhtK3%WTf(>8W8q5re?}H7~FEs^G&bdIVRha_BW$_`$oeHrZv1m z8^%Zo9tRT{{D=M8xM)@5$+h5~2(`a?@c;)pDRDo3EX-}sti>g3y~nF=AK$1Yj!BG& zI2DkysUCq=A5=@A5b#X#d?m4<&`b$59oWA}q}kINKMk#^A}vI^xjvD+(6nh)T!3Qk zkI!&5rRrY+U$@A=(IMx99+YHg?1ZQzCylwgE;5UaG<_q=Yf(A>!l7uhj|h1PhMd#d zD2hD~zf1XMIk0O^UXQBPV^+?reWxEYNLAGJjE;6s!yFb%k+d81K)4CXsPhr^g}Hk& zYkv(VFW>WxHa#{bJDv$Uf1CX%rq^H!^uP-H;WS<*T8D({DN7GUs+t1W`w&ds$aSC_ zoViEs%f#uh|McRt_p3}XA5B&RQq4q6CbhWFr_C%EQK(AN$x7Q$9(D4pheZt0XkiIf z)@#yYpq9wdWCZ;>u`J4FUv7P-SCy-Fta3PiYXXfmEGP!OlLH-S@4GFH4#SVF7#sI z>CKse8&X_2_mE-231ZEJnat>WG6NTD(cyH8icBe|-;gOk+mCZ~T)n1*Szd-}_^h!J z9gjW;qsX7YiOG7AFXLYHMH0w3Ejdj~Kt}P7iJXG<-XPLt0xf}9(m4>TMKt(NBg+$8 zsr0|@*C?F=cqO)P5?WxZi0=5 zu&~t_wqoCNIpnM@z%xbbjCf7k5c>f<-%A-uS5A=)WJYF!OE zHcD?5a}63$Q(%J>;PO<(4cPzTe!&CD3nP)qo>8N4Nd|8xM^>uU+smk4$6l)Xr`JvF zVoA(NL55Pe)oh{#r2`s`=hEwZ(}D{Z%3d@&@Pi%-=OBTbF$-0~5p-7zGEKO#C#pWG zoGi#eGOy$;!h}S%_u;RwdT?UI_?f7puoDscaxJvE%IR=37d5dzUQbACMasxMMI}6e zP#9AR!iS~!6%47cnn^`-^{8m637<6qDu3D9r6ttn<9rC4c%U+c(0}}}OYxs{qWT)vTqyoQDmak2tIg$V} z?|Lo}BGAuGS3nAMWXv8z#c|*|4q`}O=AulY`x}`*o2PJ0=K)G&KM3)0%&IXkL08ts~b7BG)CK@oWJs{c=-{>cbFJ zMiq_P@~{`^DhPg#&zN`{GXr~pco-tCk)dNs%(uk-A=QMK+7%<>=l8B9;-xZBgBZ7J z%m#=%Z33gYf1PM2Ol$5LEXq1&|2om0@I>2~=^X-w*jDk@yv~cDe;SQ8=1ZcOD!o)m zoEiKG}rDNN@Ct^yzAJZwF&i45|cFsX}!OaCKSe zeMb8SfuAQ0GR1Q=!QpfheM40xC&K8dpEawNWM@C28+-@yp^m@=DS?o^Qhs**sLzA)6bK>xmsa(!g=zFRw;7pQ>$1_1WLMOmNLM1N>fA*(CWrZ4F_@swjlw#XOEBq}YGWKam%MB$s2Fv3WvMYa?9U22 zS|fYcBz8`lrE!veF`Uq4si`QcUCS}(ixoF?kgN~JISy=@?tqs^MTIc_;{Ok{9zbQ6 z1KFuW_9W`6UJF?-WWj0NNA`+i=95ZjYy$ukvP@mc*M~N7DCny6Ax# zEOW+Jn2S==`S^tB;=}h)A}Jc&QWiXn^CRr{d_>Yo%(Q7@2jeMXXR=o8%-sIb(LDM_ zk~%w+UNP4#1qX0L4+(@b?&(q|QgsV*4p2p}ZSw&xoU~!O6vUx`gP>&C=}oru{|6eL z{t0J1<~H98A`JJgUb+zRj0aHsy>kqx4HQlwGDr8Kpv7Oe```8NqsqJAwO6^f-DVVV zAKvvBZpFsXJpRLt)H4s@(W51d{BF{0%dZT{;;}F!9t)d^AgHDHmZ`uE3ySG66vSO= z@ge@G=_EA4UW8LBk%o)mhJ-b9pu6mDyHkYRP-*GrMYs};T_5g|{Q%J(#!<0J0%@Ok zH-kJdwga{xixA)e2OlD5-Qzne|;m=yp{J zh3wl}AZ-DIk=ys{YIErtK%7h;ZW)Gzz=Ubm9f9F^24 z2ce#iE!AsI0N@#oX14ZniDpK~eKBMoiJ|vQ-*nipp_A-2C8FapY|-c@!4opQIE0Lh zQoJ8>(Xbw?hF#%jruQuTl>((6rT`$;I$8QC>X1`G(uDl0`=E*}*i-0d^3xPJ>+*jB z%AdbW=&#h2h1ox4C+Pz@U$)fa_|qHbWs>^-v}0;r-N-)q6g)(P3nympPKKm?pVtn8 z%GtXRfz%{q{*OqF_Dt%Bef>H53ioW{p&3U3_gmZ|kuHr&Fk{x?rws}cJtwP7lMQ* z-wdlA8L}jY)$S$?iGr1Lc=xJbKE2De{(?vNG<#3MBT0|<@v}e`p;x`dV)|XZ+!HUm z99TjN+TIbHK4SUNlFpajSA@33h(h*cBNQT+0}Ni8B{Xpb2M^$)#Q@}xVJlZ0cG$Iq z!zDRJY4QC0ilsa9rBi>5P>Tjdl;a)A_0z`x>iLGh9`W^9Bhdd~u%_N$719W#GrMle zj@dR&s};2Q%8*o2=A+wB4LerIj!w{V$=9k!1%7%T{~Wo(_ojPFki(J=HRcD{tm(nK zUvDXofe{G@C8*Xz5;^Lv3&tiDgm`wQ#!CLQO`M|Y>W|AQ@2&qn%#~N`R9L|72m;9g zL9!CtUcjA%KHO!^aam{tW_qrPsLto03{Ue<^<{O>7lS#*vP7?2r(81WpOplNjwXW8 zr|1Wc(QY9hl2=;CcH=n_Qa^=eC_EsTL30<|eg|y(w|Z+>`y>J+oU(Uc4o|wFZGi%7 z**+2;f$y}Xue5zw*oSg7+k&ojVB)>UYFHAsq`l2?l4wz~A;Bo-I|YqGS0`%j7WYGe zJIkX>AVY(`S|CzfTK^}SIs=TXM!|zJcC%bbfs{Gv?Q3Wp=tJS^#sdXYiWW~|K9rk<@?9y99JbIwnk+nXzQEHPJJN7VLB#nkVc=WVM+t953^=Gb;> zlltP{!3Lw$$63IWVELg#51!U5UG?U$2VGoaAUxJZS|PP@RXK_)Ex~39R}p%Nrj3ZB z3x?%&HK~~9<0v(*7$e>dh^M=W?s0cu5dkdpPT9B{2dQLoC)a^e;1*E6J%Xn6iD#0H z#r&vHJQlU2ZwFZE6zze}M*27SmBk{B{Vzz5%?+5ON}l(=I>Hy7!qlHvo$~x};39*K zG6!agB#mGX0onV;PytUdjBGt$cbzBxM1uf4XTzUhn}uQ{Y|mMU=U~ufNY5ZjDWZki zg5YSj6L|uER0KQLFMkl?7p}l9=Ud6ZEsH~faZ8&fOaODR#0mCQhXp3weucmS6YfVK zd~&ia9-+Of0(gpZ@XxzKg0)x0ifWO2y_FG$#o`k;{-T;Z@F=ze-D9r%;{lm5mo+Z% z!UXfG$0|aYK#VB&i>T|3C6-DQf4kfdAx6zk(R|8mi_(M%;9d#MN27(ugLE3kE)0?i zYYro*Afu*D|J`E}p(N?(px;zC3&%%_?I^G)Nu7fyFP~NLUX^(PJt2&Fm0z( z;v~>p`kYpW*`U+C2i`IfEsWJXg%8g7FpY@0K<1Gpfj^Sff0f;LCTs?b@ZbqZA6*>zTNRwQrod5NbeHG)ke;?Gs_ufNE{%ah zNk*EVY%3FLO6_>{O~P8K%xRJU6=g96dBWt=dFmA=T@U97V&H-m;DW&Uz#1x|Z1bdNOK52f#!dX<`Z+3V?Brl$Qm}lFNlR!4_|#20YBRTA+?z$ zFt<8f?~^b?mb!;vg4~QioIit7C)5fgD-6E`T;7mb=k+Z`D2P%)=u(uZ4ZzK6xUk|8 zFx#U%NObC$kbo?3QSlkb3-njJ^JZmk7EJo(Y7+JagpzpS3fasRugdnk9EOI}zF@XV zp-9zM;{{L<0YN8Fse zSLy=F!0A#K>Saw4^`MQ&fz?d3?fnTU_aIF=^n*@lA5?^}n8Pk%2hO zrwJ8?Ur?6{ACH)e#2lBx-+V3$cVj)giv%rYFU!xmYYS<2;@$4oz0{K*l#IM5Y5p?7 z%lo%;d|GV!8rQ(0oXWLy(GAV33N}!Hb;}_@P3~C&4>pX!;ZP{4PBsKMYBEf{heRnhj&h^g+myJ) zjJks_{nUtEE-{cEg59LJjZ+2_(?35Qw`H`33M#T{lW$9y4vcSb-f!UCV-aH!~?atk} z|4caGn8Klts#gT_wlf3043rTMBJ9(OFNilhLBuk>J@~8Sw2PXNp$(@v3s*Z9^Y8Y> zCpk&ZS1k#!TKc*1o++CXc-GFwV5-#jAgal>fRbmIQsXS977^VyAt!l}m{xdY}S zi;#fNRy>dwjVM1c<@G#~T>>?aOk2istYa_T#Zug2c|dX*z+j)u>fkV<*160r{+uCD z%65pVU$}i4m$9HZX%nlenz$tWIwaG3UiyWOpJiWYumcT>L{X+ZTyhY6Rom`xm;dHz z-8L(2J-f<=tixE=24^?D^b|m&%h4#Tt}?2aN6XzCFQrvN=z;Y;LKg4NMaVWiE3!?l z{Og&K#g5TWEgO<(5Mb68>M8HOTT%18Yg;gpC57Qr!BH1w2HxPyi2UixdOnk|hNKQ9 z1a`2nRBD!dmiky-<`RF%YoO5)7db{|R(b>#pKoz)O@ahop8zF0G1G;T-T}!EJMz-g zCSh^xl5uioVw8fmrMB*ib?_(M#{Gcg6qKMU(A4*oFSz4o|0vU|13tXV<-P|kV|K&l zhFw3lg(`U%-(lE;*B7p&v!Tq|Pv9@RRO;imTuB!UfK;nIQOA+IMG?Ty72j3-(vWrk z41Pz{!SBozKksVPlQ!4CnfQr&DUVb!jQxGO=ZA*8nwkA~6z-VS|0(&I+gT?(i64(_ zz4aL!+No=w=T_0@9C!z2j32Ra9MFPQxBxHG&x#svUhThv;bvZxB1Rit#Uk3Nv4*Zo z%_&H4<3$;7pm~*VGd0f4l_U}B&V5nUL8-x7vWPI+kU$mrElTU#eG<1GTxh7pvW$pI zyK*cv#iGTdNO&R4#a_VMELbkJS@0{hS)c}0UG8NdkJb2(->_MXQ z5{x6IYg`^Pm9B%B?!BjI*@@Vae1xRI%k+%P#Bz*j51+8-zz0(mbRqY5QxixHQGcaI zCiV>0tTt@`V#8ar%vJ`dsWoe1&iNORFf89>9qW>=(9-1D3Tj5OybSr$O&*p);p)qc zhIJSBBe2r*_S)#0+$fI(%Q(HOE`3*>(s!-N-Nn){)yOUtR95!Uz{06MJHJAO zNoh7VX2KtkYyq~<9i2U9bum>{!dE-6RK*w372y8|`u?&%Pwuh4zv<_ZVxQ{!7ymv= zCMDq{=Q=_nY4I%k4(R*$KRFW)|CGK@6dCd9C zq%bDaw`tn%NB2aNC?3W1ZLMKpa`&G12(E8ENXt#~iruvE&JRipqLIo(=p%kIi?CDO z!ySaTH$e(P#AE-^Pj@B1bzJIEP)mBObQS#8@kC!H9w7MYF5Tf;cg{E_+649t7yIgg z;OC?%F~Mn8l9BNQ*ETM=l2mXIF?-ZwU5_arbOfp-!>_doDra4(s0S}*yEtimm^3DI z$}AS8y;=b@!#xEq4395Si2Q=>l_n{4!DYUmzp`-mUhnG9UzvW+wok|l&z>(0aQpsQ%5V+P%FMpG74s5GXNkGBbF$pFQ)W}jf!)O9Hj;r)oSdM z%Biord^m%>`wkPKP7nDU+OC2P=ESse|K6e)%x z;`GBguyAz`5;FsFvA0{X*yTs+=OhD%3Ih-G?v%N3y}*jA3zs*%9EQ|@v_Luy6h$r} z1(mPL|J%oZQXY#b@VGSrTBZ8~;PD5f({%Y`pRX+DNBkg7))DtR)JgZ731Yuff;^C< z&=hedWQF+!tw|LYG;xC!ey_ob92ruG16F7;3R$O7^(sjvl`zTnM;4qR+3vAvDH+dB zEbNs`aZET4^VU{;7nA)tENhDHFB!5CFpO z5NiQw%$A>^+5W#URp?)DdY~Hd`9OSSoCIkCjONTpvG%IMdwK#wlZ!iwo}u7G^axu3 z8Z1Eunc;MH<8Ocah9Vi35!58*4}G`f58%k~4RGw;y!s@(0K zfO=fs!ZzJIw?kou&~$enEH$CA$&HFK<2L0^EHCQ6-QByDr;IoOnJ-=LuDBg5M9m&^ z=NyV!u56Q9CL~%gild6xqjC2EV8~nm z|HumnAr;Tq(!;Wg!^B=GWATEp*MPkBT~F=Xqzxd0j_2?S|8zQjTiTJe0+v0q&{bUV zP9=_i=e7d6jVs+w_<_;wQ_llta!w> z;rl+3_Pydh<|{q){AomJrFlE(yW0QV+h6wav##zE9wMEBl(K}Q+j2($D{Rhz({OlJ zpd#^R;4R`0F*FJeGWGJR1lX(A`ve)gf*A5_{Q$784)?wPBO2{gawSV%j6X6=Tc;RY z3s2!hg`3^Gm`(c-7p8>Uv}b!xyvLknZfV-rKU=;J>)}6!g_x3msS?%%cbkEp>3Y!! z18kFztECt$B`FfyvaH^sjiJDyhrC#uZ64 zEo0$aCk2BtfM`a~La&+DD^vHV`(Qoy3zjTpw)59T+2^orV+M3u4Txcdu7EeVtda?= zAOFI_1D>cpD5BgAAz`cJN&hMi>SXPpK8?j_TL)%RdUwtgk)keuwWhzd#*j4qc?L|r z2Pha`zFxD*wWZUwfY)@>Id!TsS6oLv?X zNsg8TTtQwcMt{_l;?3pVxayEE?Ge_0hZSmDL)>>Cc4@x0AWwoU7Np2g(xAI50Xnc+ z+Eu1KZ*Co$6S#QdLvGW#g~$81f#`W9Zu;zZo0dY_Ej{<0OA>*lEmzEa`7SBZpU zjb`)ssofpTc7)#wtj}l3bIBwv``VcT3k7O3Hu#zfXv}~1=a;8gji-Qo0WS&AR_dL~ z-(3-Etu#EiuRewGElkbM6jWH^wR>=PgM0h!CPBo-0tLH$!H-|y(I8eL!lX|M?}PAi z#N3$3_uqlYh7Pw;@47_*{^~#fl=5}Hh4_zVS9*L#vzM_{vM|8zns4>*z?0kkKX+f) zU40JJ+b{@>sWjP|rai}Wc7txugY&3vGyI9OOtHbtcO4O-dJ9(qvne?rZk*60fcySDf< zJysF*V^O$oO8rCZBZw#J00+O>2maS1ec%YknkYXdQe#OQoJN~nj&7*0M7;768 zR`A;dZZ6-Co6BRR3!4^|E^Nl_R~`dC!twU*&Gu1zGi$-;$F^f1W3jm^-I!A z2EE=nf02zaK;rYwFXp-^P95{a(`=Ak1kwcXq#WdNrExW4dE6iU~`4 z*CEa;4Wh(Fk!iN6oc>95;#NLjsg4iI{TP(dAly{%zw{$Ck2+ZDWS}E7vB(s=DrQ1 z;-CP#>1}P^#m&qck=xaM9q7U*02DCic<0W>4|% z^AxJ3*S#V55O&b_!&Bw9_1=Z$%-n>+dQ=5OoZI}=708qwk~3T{h{R0wD_3ac5wC?R zQ{Nmrwg5QsGJ3$NvnT2l&(5|j=sm(IsIy}W&lmy7&s_mWp0tO?+!Y#Kg-TQi(74ij zXqlmB>swZvV;f-b2(5Di5#c`+i)VWHBO$hNN1P(|1?dM2g<}E1{fh4yA$<=iH17kk z$yP(;j5riLO>r;pgYaf#f+JD{TkT;f0)(lNN|6io*fD3Q6tTri6sNU0S3BkfFKbin z9KdNS@|r%$YZI?5It{z_P|yfQqlq7k4z8DC8b5v9R!G2eVVeE}BGRZ|Ok_Cz)#{hI zbz<$VwKBvSWd|Sxc2S@hL{mg7zPi^~twp^09$5BViI!4ng_plNFgbQ_fT z)*uBd<>jDXqqte{#X3|6H|E~{RWdCQXFRCHL&uHypO)ef8Vp6pcQ@)W;Q^aIRn@D< zpNG&0HeBvTm4QZz&_O~-W*Ggo72`KRG)|Y0^EEh23Sc9^U<4RUC*&TpJEval!-_OZ zg|M|lp>h}73ivNPpX^lVhjJiI1_74Ls8KMF5*30aJf9~+L^7T^=K7B|VF8(FbNwSL z%RSd$(u)P>gv6eJ}B;&#oJ|j28w?6Y+>n zQ`ZGjgh$@|(r_|}ifO*+A*I-5f);XP)HKsi(_lEC;c#vPaC|Lf|4WS65q+^C4v_gM z-389!ZPm**m_%$PQ-If^o=x8p!fj)FX^D3dRA#>qfkH z{E`tilJIc~W-=bourL|EM)HwCt~aP6#Dr)&Se$&sm6mYcWej3xL7ll6sfuETHe&wpe7d9ogovLJ7L zTg$q2HDLtgLFVMKT52v_n#Yic`-t6w4kkSoS*c95=cNpT&{Y51mz6KomUL5nXOJ&d zs$rUiFL|n;c~W>&rvnaa;J%&MJ5Wps4~Xa*4=?OOBVrEXyX($lDmgeyCKlotZb-?U zoqmN%?kaLKP3uLKTtKUxZJq03N^ax6my5j?Q*ay?oY2P6e@)emBPR?3++Zvp2aU~N zk2`+Pp&)tpiUyK{wsgYQ=Pnlfm{?xFp10v=JgFx4L+Vj>MaW-`!w3RHU?DuLoQ4Cos;HlJiW)MV6!o)rB%a-e<2gY^ zjdezH7@s|`*Dk4|Mw>3ydi3&EqGV69%?=XW8t$G{wGm7)CImC@q(Afvz*$r48Uq1Y zQ|D?!(Fbe8irV835l~ntf`uOcDYp1fvEv8RuUWD$NX}n|)oQTlNh^xZ1C1rKk4sf? zcAUiQVv18-+K}S>9r%O=pPl@{;2R@~(^)X0IF;-WMPahbSB)X?RCOMLh*AqO^ZEeJ zfKF2~2st^3SxfKmI@Du4cggf6=q!2FSG2*?|Dk~n2IGMG6b+SYUGo(bAn?+?sZ+MNT>}_H%CYY@7 zjcd4SxQE5aE;t&vPuMOu;>me%DH^%0;Ql4 zCNX3uJobPx%EN?B*ap2v%Yt@7KXazfOvdzEWib6fTkQmz(}0~|kLPkfygH`y>bS%( z&}HbR*QDR)TnpkheBV95`g+&^qv9o~a-pkHnm~}!>y}~H4&SfCOjwC9oJvSkWQL>4 zBi`q&@>ud%^2ui6)i|8#_ED0PZo~pn{Umc8n$=GWHl{X%vzoS|oU^(uPzpL%f`{V4 ztaP$6DneBFjItz8zIf9(_me>M8#A$Pl0cCUQ=~k3;On}+ttXdbB$7@!Q=)^SpabU-6Hkl|8+P!EqBsz}SWYR_!0|}cueoC}o2{#C+ODvooV1;1rA%8jG@xR1r`wiV zbi#xFPMr09_I&TNNzKNo*Dq@G_5o8o)3#>4WqUj4-Fm{@Mi9>)*5Vt;U71l+&`I|<8HhZDcr7HCyqc8epq z>Ea65O90qIjgp;Tm%E|j#F(e)m#24Buy2W8Vb|`ukL+6MH7&i!Sqi{oB#d|Tqmzs{ z5eR%{vIM=xGI8pg%myJ)k!we#I>C<5{D_IuPcpyb_)j0T4)~yxU4x?j=m?^xZ_EY) z5(ZRXp339+KcDLmE|7y+L6=JeHdb$TfNh5L>t3Kt^VKLHX+7G--*`QO(H?=14!1!3 zmE7wmAYvLL1PJsA z81-FmMk&r$vpr6CF-A~M2F^(4r%*K7pb{CT?}*ic4Tjar$UKMoa#CB(_fogNJJxz` zxAhcS&*&hQ+2|MLpiz$75s=5=4*H76*OS<>?(|N}yZsFU1Y?@~%_*;4A3KU)xzDXD z!N{J-{5SrXl=`Xsh6NtWd=G!9J=RjA_wWDtJF)$pxTD;^eN}T6-pSPNBLai`%?znp zz$Onr^IrK)A?*w{IVhjqHViZ;jj@v9}!AuEZRk8fA()0!P2p# zDvqfRSng$lnkTX$?ms~u$QBY#YR{%@3c_oMLsUVh!a(0D%YynB0>JiXqC5~9zk035 zHU7XN9pXj$OIf54Oq0L4-xeuJ=OkpK`mI13Mzd&Yc3{Z*B9->Fe^m;p*D4i>N}rMv zkc^xV_o|N@KhF&$o1s7*uXCB038K|H!s)S}F1-fCLxgjk^>PX4f5BcKc!}j}Kvi%m zuv~g6F9)|CHr_iSiBlgO>a8VD2X^ zx7%__jz8x3t6j=L3=;1g+2{GyT@MY1hv;|q=R)*@^vCw)=`K_0cRKZFk$)0c_MrS$ zL?N}D`e9stdqReBT>K{Mt->b&jn>v%p#fBV?{*+W5SP)3-O<1nr3>h@`M1HtSDftUo6Huakdx^4YKmKm5Cwo|=Y_*;(I;q!e z_1+(Wr%PIDm0PXa@oE)Vt!0r~his7ww4=8uZf}X!vqdZQp0#=}$h7-outhBOzG(Hn z9jO-@Lyy(EZ@gO7R*Q@Zrg~Vh9D~tkTJz$pPQdf{a)?_P-qc>D!UWcMIG%rOeflfw z{W$np*7uU!!wzXH7J|O;>)4}$cbm2qHEQlWo}flU03fi0wxXNn+GE;u6I;`|(82%E zLT|B7atJ|~U3xzvU>}bw|4uN*J8t@{FkHiI5gJ~U!Q7k+yT;md;@c-mFO8X+EV;yR z@ac87WVsc>oG+q7I!$laPX8(NyWhGyZu)T;?lHIJS^8n+op(-@77J|f!aL-41sEmY z`{UgTG50_N=b3Swd7}LC^eY~3mb|c`%e1`Ms?&1gM8{uZ1D5fRJ@NU{!w0R0iO>TM z|Ag#S7Fq1UHR2NjJpCXKRUe= z@@}K$k-`7K1$lp_OQE-s-{bN;_>g3XafXe7#$y@ysRIcxwC$$`?8~r2>nxxgv9W?z zpnP~#a;KG)fufIdW4M@!A$>BGC&TOs=Fu?!-7-X8!s&Z*x5~=9P{g^uRx8B37DzT0 z5M4BDD@GOkw&P#xOJ&Vxu6ETLr_*Yc(_t4|F@;qaxI|(DZfAv8Y8a54&7E{XkDaP&ci2g1^=&wdUUlJg7 z?UQ~wNUweok$yUsAg(T}CgB{cyCN(@6(*9EF0NpY$_13{a5I0|S?*t^uuEovYk9RN zaKXycW2j@?6aAIC%%OXtl|%+VUM$B}PyZ6&6GS=2%G-E1JpeZG^SlKIlnGCvZv|1T#hyNHiuV4@4iF23uxH! z;`=%uSS``{!2IECFK+H}H2itNA!ygf{rvz|)thW()Aj`)*n!ZOI5t9LC*<9JsZ}yu8>~Z`_4?4#W7U6>7p^x7ShPQXXd^$JjCRBm9;Q zZ1)*&FGI7=rzZFCj|@jP5H!L|7Ab!u^yQvmt(~#jLD;uA*t(9;|0j?~_|tO3$u#<@ zFUutCsFeO$_?kBF1Up^ExK{X9Zu44{00un=8|X|C9YnP|jp*hV^Tm^;3^U$jJu01G z+3;kIKnB`mA)bQCQl-T4lsHcoa2jz_q{|K&Jg~48vH`$toNJ_`kuZ&eHVgR_R(qDB z#h+vSo4#lxF@mq^l2H~VLGJSc{;dbuR@30C43#e^ngl~<{uc_E61XUuE z6SH3DgcsTa;6y&#!m4BcUPhvPWWf)--IHH=;KJ77-%{U!6)BlNm_p z)v1&neRV3`(~<%6S1utA#LJ4_w~o9zl`(i3U5E|?-sujyP)7UAi*Kcl^6vZ;V}O#K z^vthLWenh<1YVsg2w?ZQ`b&bJygC(oj-7nge+5H{q7!^mDx;5sH)*~%{RqjakN)Y; zyk$Mu!+nF_8Q}!OvV&qfrR#NAbfm@g1H*(#4-ZA&s*2aB(v!YMm4Di6RB?#Lo#*%U zZ%AKmQyPGurhs{U^~rnEM>6Gpc@E~z$8?0isrVZm=-7>hKuhM1q>Aid=U_;)A4MPg z`Yp(SB-}x7+V<`>pwU~GAd%d<{KT*Md%8HB5xjMYCBs)LG0GwZ5xsRu5Qb6aeeQg| zbx9EDnf}on40Md}Z(l%d!4Rn=OEs<10(3e=ZQR{Zhvmze|0$M}kA)>IS#RC~jK!VG zpy4n(88Jdj)<2=p*DqKHLMGA_?00A=ZylB5gU$O-kzd~Mg-Wr`z9db%dsCm$6erNp za`&lPf67Htf1u-e2BlbqzS&D^lNO6=1E@JUpuqOft%vubpS;-zD{;ChZ}vltoIKFM z$$h&y`Q%+gp!`_g;b^IU=b$|6>@TS zoDfTSk57Ol5Nhge?e}&s#)Ei2 zFdLK$x@B3@HC1SeLmQrwN!%avKJZ3J*fSXbI!br+^G|w#?jwWzvvuSEP2qy4#=9nR z>k~AWB&<46SLDI}&M(i`KYM=nUwmBi`-kbro?lw-$3MRk?*)V6dke;>`>1&TYsRk(wxF*%%Fr}qu?!8jJ_5IK*PTc5lgXH`_69Fl%WJxrmYgd{cPcqi@V z`|YF+xQ5^02!5i0uTNOzxhwS~`>2X{V2*>pO%%dF2iMmpATWxbVFW10`{`RFd}x<8G_l(iP`-lw7|QoI8(qt!u&@a1z_>%o_w&_K zf1rcE?WR~k+mcNl)wXUuj{}LP@mGh`wa_Y1+~=n|IPRk!z^;5QW2>EDs$cpvGoXTi;o8MG3!;rc z7UYCp?riTz(QJW^N4u)7IQRQ!SZP36pwo$`vpr$CYMC>B#PXKk7sJYYG+lm}UYzAk zB?S2Nr~m!5qM(1+Q~n%q9gR%x|8Zheh%7T2oc?}Sqg#DTFoc8B?uvr3ZGVf=i*rmLkHawYTR1iKJ2j7Ql$H!OKFj)z?`N+_D0G+w0gjxs@ zRq(l;I@aS>1tan<9#Z=gQU!Z&ke-gM3ixze2XHrko#OLqzmYI$9fc&pEA+gBe}!Yh z?^Oxf^8tJBpC^BQ;IAcL{n!pD%isO3#w(FOO}0eLTMn3dBSeajsW*%auR&hL(SEkilp$d9w50%Pe{f{^(hEj1A*C-bU~7@mivyYiLbOy$(N7Ti9LrHkJv^L6DO+J*L)DDz zh`0rB040Xw7JRM+CRN9-h6e!MTJj_Ztwq4Nm5 zQm*ogazvJM9lI>|`e>(kamf^?wTZ44m&Z@pL<;R+{olVIvjxl)3R=zpqN+;v%1`)| zja%g0$}g^xLqVvZCsf@23O2?))TiYaHH=aMhisZD(BzS@>TzH72~OcOMKN8x!Zr?k zQ!lu`DfSy#PY43(7g2Jc`eB6!R4ah$>Gnu3;QnL%?{IVQ`HZp+$bvU#`o=kiX3Ns+ zY%89Ww@bGnsbZ2m_HZh>DH^?nJ>4hz}6*bJeE6*#($TwTiKiKAZ85{T- z>tF)o!(5C|OC4Zne($4vjxF#A{Znd<6?~rQ(H=JENAwf16ms|{4U^p?Hu>A8c>h_? zd+j6k#Yo223;{R}vRRWoV$-*Ar*E+fE930CnngafqzHQqFZ(SJZxR>q_RFwcS;#Jt z+($+WU3GO%UG+!ypPjqxk)k=SK>C2FWmK;q7x;I|r@QY13lMu@BN9 za+%A}y@hlGbz$|^9bvcSam#ma#S1_@!obIX*tdr59)c+K6yol+e><8vD@xT^5y8b^ zB2;~3BR9$3Z~2a70U$;)1MEgGI90Y%e!{xId*v(H8E}#9$ z{rq${hs$U84)K%5w>ct@Ft})m+wb#z8}GP z?l#>^-6A+IF?!i6NFO9T5u6{Tq^CPcReCt`pX_-^LiKkSai#|6d%Go8k1#}U0;V)J z_!G|*VITvEp?sU@p6)Gx2V;tY^F!VXXA%P(0D9oQ*R6;5gNy%n ze?*9$dw&EM$wqE^2^#L{&i1FFz3PSTh>AQdS}X6+*t@pejbeTOxXH4fo39)X6Jv` z4}{F|?=NEg?1fPy>jzd{X#Grr)%Qh7|wXd+A5iq)@nK| zi1)jxn*=WcpCatogUrCD2A(905Pctz#2$TLh++}KljeuO^QAo?+I$HVsvAQ4DS`7* zorf!f`yF`O!f+`*qM-g{oL~#2soV{sZ0nZ)p5A5#qwZ*C#}q>H8MvL3fcrB*0|7wy zjUH?!n3zeIb79ZUQdvQC#svTkc#?rr)SX|0ql*-ug2D^A<^8;8Sq*wW?++64eqQud z#8A+$dzGQ$`zCI{LIw1YSLp;_xKE*CA~}5d>G&&W)1PV||7?2hGkC$X=|-6iIHk$t z=;W{dP?$FR+dza^VW8H;!N&}|`}ohLk0D?~^yhmL$wvMyAODfO=*NGoW}DV5cC8yPpAA7UtC4{70l{KtUpv?BTVk7Vcg z_)m7hZfhC(_z#Vu(#I2jJ7~`{c7gBP4d^vp`RtYo7(8k;SQz|5+gX z41E>|u=%q<)LuUe^uA-Y2g0$;5dI7#9;M%c7DoJN<8P0q+aL96F2e}jrf(=1eld35 zUHv6<|4Q`+v497$DoTyd60aD|`0JbbGh;*)HxQYXi7(8}u&yn*MIvS|LCWju!e8l& z_VW7%!5zq@Ydn(Mv6p{RM9KfMLYH()YntJB?_A{8IEG+fEW*6*q~;lo@S!?CyZ(B( zX6AD4f+d8H18>)QlNM66S9UTeq$VvKfUK@SQuLyr+^3k375NmC<^(>)q&d%l07L@= z0!;x2@kGn%?28M9-eEcV35_ifq}*npgKMA|`ezoMs^*t>Ua9rv%T0a{OuyuzHz%$^ zg;-2t+@%=_P~S9fQUnS;hK& z_{`i^1kG=0l{(hk2$M<;! z?f1$G?MoSQBx1RPNo>zwMN;#T`2hT~5ZM$@7y99ApbxM2RWL_)DJIQFTbyYD9SgW* z9U*F589qN5x<6&{cCstt=)}U~Y`X-J_ZpA#zz|V{%OfAhko}I({cHz-y3hP4{zSfY zNbzZyU1Qu~%lWNCxq8~}*|!caeD2pIl|0{eqNjkR<2n69xs8O1)@ZZezJT|9S%#nb z5j0-Aumk155I!D7?YzIAXR854CP46$d_X2jJQ%Jy=6M;THNnml;tz%Mye%8ZZyu)K z_$DW||2>G35qxFqIgj^H{NBdg|0pJVmA$kz!y?O9O3RaS`akMJ7_sMl0E;9SN zXWjEmgS+nLo`+>|g?TD2D1tKO9;os>>0t_MS4bDbfi5BhDz^QS;-2;w?e+3FzSPWgW{e+c*wf!CFCgWi%w z*_0a!Qf??X-%Pn3FEHhX0>c93!v0}}(a$Cv`+q~FJ>^fM|IxsrCLA;O3ZjrMxG#u# z!nurxgd_S;y${t9_aX}dtF&txS0-nZzw&95UMVp80AtvDjSRLQP5S-8_Iax=&K_)k zaIoMqy1`ODglT-52Ycrqd9eL~!Bzy9RA|4rhwnR*ED3Ic^39m+ZCCdyOL3og8pW_F z@;9LJNE((Yu%8#fDjAamkX>< z2>&7K7wy-;v<6P&v+-Jd1!Oj^b5-~ zTCgM^AkQM~9h`oqlxUb>c7ia&dAfA#^N@h8C+8ufq`5XXX_#Wb3xZ~pq$*KIWJVDC08*e>Kp|WoL<-VQ*GDe--`Rc`LM{lk zCO1mu$WFH(21f5%${3mG3$_()1$pjEJ|Y>UpD*~mL%$1?%s(%jrhP3i0WD$GQ8cIg zUCQjqV>2+Dt?2S7%_;gFp{ar(I~<S5COu{Y!f>ULKx+HCqz&W z%iB1RmlzX&^Uq$u0JDf}D0>C)5wi7RhLR_PiS=xE-vd^*Ovs$i+=~jw|K+ek^mHph zVljp{Kj54Nvg(6bbe6c2jyA}VQ>!W2>ruNnRGVKNfq85!1TjXvU2{g|ouA@ovM+-Y zs@019F*pIvWJfR40Zt4?I`c=B@us|=8hrVV*G2RwnngS@nmw+X?~RoInS1M&fSkPx zhAgoi`Fuy{2zt0t02-;Uvqz8`QBOEXHF>>iQY-y;Rv?#q;Sd+WBO3%$(_=;anBGav zJHI}uhkvMZV`#MJh?Y8jentEcKJB4mllfsj9ArWmWC%CjG@fGF7Jx&^oN5kTKy+c=ax6r{kzB9Q%vIn98r(g1vi6CX4F#z)hJ18>b5VktR{`PV%S6yo(Y^v%c6 z$>%c#H*|_SpL7PTCpn!{RpudUFyuo;_J^1~%_rDlBNhwWj~y`0k7Q_d*~DSY{M~k} zQg%>S?2$#yOKJ=N&GJEm<$Ujy`eBAINhvPcOrh!>;BJk-cF{C$t7X28fT5 z4|?>pS@Gc=Y<3DJ-7~o}zKSuBJTR0ebLrhe**0flO>v-&fOy{-q(B>6Oc1qGFc5E` znA`vw6Mjzdf9BgyGXSJUh0FG-n(bdUI(u67Y%#y4`i`WN6{HH16+q+&T*c89=^KdX z-hv;LJn~wAU+{9-fxG@qR(Z1LS%iWHCeMW4hz*p^oI+_5KNvlvBtv2=@NN1y<&qb} z#YOZ384EQnrj)*3pG@|Y&aA+7_NE_z6rE2r2BQ&f{b6xI)&%6nM`6*MtUJPX`7Sl% zj(9t%j1Dwo5NOnv#9$*PFNuI8c_}Xv9`@Pml9Td!FT*ppqZc##AG}sZMmx=>P&d7L zn33?mcKs#4+ah#Z324zy;(5CKX%#?p`<=X*`!=@3Va0SAiiu&Dd|&02-_!l*$x#5K zoSu7>)4|)me9b|ILRWzh&QYPrRjABep^_>X*6mJ=2G7IG`~eT1s`s<#|FBXzoh+t} zhh#C~DO0KD1koo+T**h-=}=QLebOKg2b;?F5^U&|VrDCyHg1uuE(5&DgAg2}S^2sT z0e&LAA$;TTAH`@`i)G^<;J^1N@*sRZV5k`hgz+}P=|5#N60ElnMWUt+JWcAwj-aH$ za!?$~iE$1^(g=2u_w<23fUON$kl0 zAS<;vLM|r!>)l-fh|0F&i1BqFwISmH?yPqonSrcX_?xl8Ku0^*3{e~L}tQ}DzmfQR{d6XDz0K7yZWx{tsVfg2ed)X66p!9v-8 zg0uv}*rBnz#^>_r%|zY56OZ0{EDsw+D4x_u#yV;c44g|j35WmiYlI0a5x-&Y^RI?w ze*_16ge3_wBFHBq%*-tp^aJwL@+m^|v*qfO2`Ph1?o{cMgac&3h<7d)cyM(G&gZK? zLiQzGm~`ulw8Q1yM8g=@e?esgZ69&P;ALl z=g9-F&L`OlZLkQtuGViqGI;S3+G)~}BrZzx?%aj~&P$fkyY!N!)Up2}y&Yr|;oWsN z0Ref1o?aN92m+5_f7B2l>sS%MZqxfOGSy5%1AV~VtzKQ6>^W(OkO4<7q<+&S#qx%{ ztBM^*@pQn$)cq7*|GZhjjA9Ic-ta9Z(xt*Qi0$c;=aRUV=rjb2PP8J%3m?)vRID%W z^?ELTNy6abun|`g?o_AJ>ZG(z*TbfXYoR@jTGR{m zV26La6Rh?1qGJh*>Ci{8HlCxw$?ETVSzwci0iFJ=KFNT)2JO)y=LUK2!tfwRatyLV z>vVNEI3W}(t=uVL@6fm%e9KnD53QUJ z$aa0y9$^{?!EX=bDA8MjS=od?M`7D*s%c&ea}fUo!y&+hs27@mUtFk@coz4`ww!mM zf~m0HQNaysFIgL?DSwn6azLpFdNedK&8opAPzHr4t>|c)p^__$pinV_G%hk z%=-)sZ{Kw5o{zlbV~@V`8Y%trxg?dyXwC99W&)man*nV%-drs};r!8w5?xz}iXH0x z;W`0aae=apjEE_b`8ah>@xDX1rWC!xNIhzu5gkFjItxoj-#8sAXXro)Piv>4^Fw;% z5kwtS?5-+~z!-fyXAr?bOgbs?%wmW?pB1D}$YLBhx^e|uP_PI2fNPvVm>UIX;)1kx z^2T(Ze&dbGaaeVO=AvyMB;7`7JLqk1=i2)~hhgtVdDx2w{NK9Io9(yS=bR>o^gbTV z-t231N(wEL9OZb5%ZPrvs;Sma~U2?fL1T?%CfvkL}&%Ie4ENa0n2 z%lg6Q;9ypEm7VQhLEGsL)7HN9y2IX6n5Le@em))oqM)VZ{{aR!@&N!q48VRwYk$lD zNOu3OzU|1ce z57!x-0)KFOXmEdf2M>aeVv5J~2Gr0s#-K=|@5#_LT+Zd1y%Y`LcrWnc#JMW;F&{rwKuG~%CR`zCJ&YR49QFNz&OY(rti9D;A0 zXu?->H5Pwv7ZWl%r%n!Kz0snDL^47yF&S{UOr!{!y41JA4)JZ@HE>2); z0^1S^FMY%F*qs`U~#btd*0{&{;6KYs*!61P4<$X*wS58isXgNUT) zV{>N^kDw(TGeSb!&Lpic5_4pjhkhg)2|>hA_G6SSdcg}AIgeAee}pb#x zrauC&0S%2+`|}<~eC*7;E;7n6Yx0Z+5)S* z%*Zn$pr3`*mA7gc+dlg-Ea=(pxS-Jwx}XZkBeu_uTf~|%+Xv;X`@L$-MO#=gX8Y{- z-rd5rcVpcBUcEf*!~_0s-R;fwTkXz9dN+?|XLiBPknNLWtTOG<0-+9u7A@G%9TDDh z1EkMsHeCk;(kMBLooKdLz?n5)H~W^dNfP6#m-q299=}PUH39gT+I`x`gJ#zLjbBhl zre_pK*jNEu7G|Mg@o%F2&;#u;bbXe4pr{SJZ8$Vi5NF zD2l6DI6h@4UOPUDFmW%U)7-w@9l-SkEGUwr*peznH~5X}>&ux$7#<$}O7se~#as?y zW)e}f#He+Ydz`jVc%(TfXS8ZY|DElhK&XIX^_}ha;#VaBmWC9ZZb1`>Pm7ixL0xPrxby;XPy6+j8L9g?twPZ|D01hU zVLOR#rv0zSiUGhs?_f)PreH#3hI4+Y@ys2+0H4}<2lA1L?QyY)fOtRq3~lmLEVx^F z5laOHKv3)*L=`VS)1r#NjV6Rv(-f)$J{sZY$Z;yl!}LfM`dMf{(K4>TLBD)-YmrjS zG4upLh61$t(E#mqqC6zebTkdf&ftJQ`g4w&4|_wu42=8$fGg2?uTIuLe%_tixmU7n z@;OwSPbdUJwdj#UwLm2ts+|BTCmSk>ASz@!C@S_n6WISaVVquhQqT7~2PXCW%Sp7i z-gDZZP?ruS(8-Ch-v5U8=H0eTrJjhlC6W(rac%?7M^W^L z;~!pBQT!0QAhysSKui_w5cXgVFr7iM1xkXxpNpKpwdv~GBGu3%dpr1S))G=XS4Fc4 z33w4Gx{!+GtBqA+RfmdtS+qiwC zNWNw>oY{dsnXl0!%l}6+9gzRj7d*6{M4u9b5v9!J`p&0b#aHxMIShJ-AcVj{!|C!q zYDGm7G(3;{bwMh!O~&F2Bkq)`L|i&+X6VvYyU9b)D*0FtL;{ov4PQM&XebxKd~1Mh zAgU%uALhTExoeQW**U2v@o12=WQ-|XOb@fTBkiZbmK^pW(eEQv&MPjRoWtk6=CH_( z5b$G6Kx57#XqjQJ4VD#pLN9zBje$?4wI(*b>qc5RT^Iz_^s)ZN192uY@3kv#7G?%OX=D0rV;%O9p(y2|(; zS^!x4Ala`KS^}2MosfzE9azEUVYlix2@PEE2ja63fA~)j7RD4WP+NEgAl*K%=ogHQ zxgS;IbPChCUpwAsiuLQG)F({t!IS?uq0VpS&J+97v7YW0%xialUKhDuGUc4r>0wLl z^N~FIWbEX;+h~r0Rr~+KpIH52H2Vkvx&7;wEu4}~M;=l+)AA`B((iD)iih;l>n1j& zd&n_OBWNlDTTTA`;QuLf*y{ZYfCU4*cY**{10WBQ|1fC40?+IPYfw~rdsMLPT|6nT zS2ykUQpYf29~Ipq0nl^N0)YH7$UDMMKET+!1vAmx|D#A3|I2NFd69Y8Q0KI7pKsm7l`J*!Y zZfyR^Y=~SDeOZo4Hl}idq{z?H1*`U6Ms!LXkpgCXuFcU0V|JLo5{;&>ol*+3$*>3Nr^AS}%BIDl)Vj~ysz3S0JZ&E!M zYO;@-d{vt4$w}Vj=WvG|K(7N+`aY@K!5!YRg-F}oM$5AEASK5paEB83Jx1Wue**%~ zFci`c5g0EYc=?27(4m+|hedtD#0M12M_@1IGgu%#oOVQ!curs?IJ;|;v9|hUV_2I!=N00=-A*(*6nF>xf@D{o!!@l&%~PB=%Fg zfyDii+(ijE-t!h;#GG#XmB;Hw+?ny+h^3-D$l9ksQkistQALN`I30O|E5K+6mb1e8 zfz9hB07nbaJ0CaNP09b7j1tOhkPF8B{P23Z^DfcZ<3;*e&qunKf%}15nLZP2!4(Hn z<#NXMABwG*Dt7=_fLj8_$+-X>wb^kvo%8`lfKf1A=zuy5O9W{u-k_`POs>JDg;Kg? z@DLVt%)0@509f}!na?6ds9b5b`5snu0a}Ycw$ukkJ7Xdj#ZxNCRRq&Ad1#LAWOz$N zbf`_$^&V~kIeuE}UvNO|{?7LMkLGpjh;q&}bn5;CS1{c!Fre4`cZg&ZJ@uDlfPjBs zk?!~(^}Lgg@H<@g3IW&cC11_E{cX&{Dh<1ZeC>O^ycbY8C*+TavVgE-{{(yl)zhuP zu|3|0e@P7i;X8jE3xa-}Y#7Ww9n7vi&@fx(*L?Lacq!KX-u#acvSgtn(vl>TdBEHH z6W&#_TZ-+&hdMx0@BG*Oo;`|P@;O@aQSf%H`b*eBA-OCW?Ira7f!#h=El%vt>#b&i z-?}qd4cBnelhjYLcU_0~`|r~vb=}(DMekwC>m@bTHx+*tC%W?94`&t8#I9+1yZ$7< zUYFPPTdEPqAF8qI7xL29pe-zYN-Rse@Y`@PaPGSEHVmA{~pazMA0>8z`G7H<+NBHKIg3$oqL2f275 zgn5qR^4Ph9!H)X^uSGL3^C+l!5`LNl$R8V{da_cC6 z|C;X=*i8a-E)tGsaqYJWCXsNVz{A!25p491VQXf1JI|3kY`h8_U$o}=Mj@e{) zaIBj=_b0ter?Vg(0t*d+h3KdWQ~$}|V!SqzFKaIGx_AG#>4F{BMQ7i1BBH&g0hYz2 z(+HSy$WAJyiuPgpSILLz8T>ULKg>Wxl){7HnlME3LFAE45oOpnFu1Saogfm7`QGHu zun9$>Y@(2$okwWXhC?U>A3Pv$=VL1^*h=yE91EzEu;<+kd)*jn5f9rkqdqe?$QZ%x z#TDq&$auZr<9Y9WBWrIEE9>Ok8Qhenf@Dl1pFl|Ve9QaWM?_udj06|;@2N}bmxm}_ zsu|a{NV3TktAutsM;=FkR6lBaNc)fuf^?P86n)7<9lO;tN`H&QC1?hx3)KwZyTbtM ze1Q8E;69{70Juc}H*WDdUZ+vGi={S|Hfm|3x6w-9VxR??eF0?t@f17_6q6vMM9vLW zLNG?&?^BHVJA(ZmjF2w0;wHm~zR7ZpCUXQ7pfd~T`Uq}}6M|p~PH{OipB_1en84FX z@`S|gTZ|;DcZBvWsPS|L!VIe)ZI^SN$phaoTlSZPfp2|`z>T;~7zF*4N|Xa@HyR! z@SovRy11o(aQL%gQlhW*gp#~{6&MibKvMCkBhdOYrxDMP`wZ=eu;3e^Q*t1+Sdhx@ z6qgg{5PXN7##nqr9uh=QLy02984*Gr;RE?N+Fe{qTtcAy?F!m%OiDIR0i8sX()mO& zvk+?Q`S^;^`o{~JAaDA)(Lkb)Q&y_-*}_iRU+ZGwD9oi=mrO{u15HwX04;$Gq_N3@ zuA4cF%$Qb>w-{j>c$;5?dj47~p*rH(s4N^rX&?UY*L{j|qCYZ{MVRqE{6+=33qWb2 z&xFDd=vjn}q0D=QeEoO;KjHt*Co0B1Z=>%s0ttqA=z9J}R+2k^FQzlCFIXGLNtj3A zy#SBlbWEdm<$F54SLfY+m*nrkviW8V7ekI>!bu)-#IO%t^+ieCfEIdy4d>H{8WcX9 zFRQ(eTUM7p5ey%m7%d~#rz>7}aj%vm(lA`v)Y-!s4@f-fJ(>pQmw$WgohwFT_f#6p<%%NVQI_KGOHGdqy6?3=`RKfo| zx%)sBgxI^3*Y@#HcJol)WN=_@cM|3&=G|Utc_btQOt{bcKa-gW$LTCoCBDGwR!RfNWa`0bf;+0mGGvcrK13}As_cLTdj=Z=WymB<-bsVr^@4?T zNh%3LrH7qid?T&SqE>V!2sX^;9$?f+^%a3Gq%j$WkZaIK&Yfq>JdX2FnYW2-CT=T4 zhkJqX-YB4={Kt`${4pJ0M`V2AR##K2bbAMl?_2j{d=ei$ z8|`^K3`EB3B!-Q5Bs3%bpchkqA!87nkMdz}AFV<<89`CMjEf+nlOf7Rdc>W^Q2ALL z(!cV4oq#XGFt*9U1K06#CJ~0;)Dsy>;5qYN$n@kEi&bf-i?8pY!>5SrW1$6>4D$X) zi}dz9qeSL4XrnaYb1*=+F`rOQS6t7Sr<0YGBKovN(qx7AhV$5-Ct*g$!W^awiOIG$ zJWjXAbX%ME*GWN5+?JWiY~y$3{bXU#H|T;lOmln$V}NuTUR-j0UKbCJL;)kz*|r6p zTqKXM4f#_MU{uM_3qYaA02CTDL8qU5#s^{Iya>hI_B>JAjF3G7;40(q9^zd^6dcKws zN({pXKRIFotn`bf>U&8;f|uq5d$O&6VzDs9ZZO7%TwDbMYsI_+FR2F*Tz-6X#EmC> zUW8qk;E+szyF(;*0xsm(PD#2X>7e8l4gW?=Jn=>6!dGh`%nYCkEm4_jy6R-=30i|= z7Gaa=?S6}ekPLf(&>n~b@e%OmdqWfs^o3}hlua`cU0?azY_s6r`P2%!FclSvUdP-CFaeQUiV{)@IUfH-8mGnh{7B%>&?GxHO%+VBb#;*o$%EJ!Z0vNy8#nGqRg<8bDGI5SOXve2dA{muW^G>;T!RCOCk)FR%L& zWFz{96@6TMwSTpg%-8WMAvOA~U*Q0x2N|S*`25u1hav+#YT>D<^ zqILdmlE>du2FDI0c57WF@oYQ_iQmC6sKs5>f?pX2*3=lJy>EpuoeoU*`aHCT4s6pH zc+O4>a)KUKWxkl4*WDv%5)9%C-u&)7NC{>kz!#?tDqoOOCfLouFUJ7f&=`OoT%eSJ zdG~%piER`XpU|iBjXG9;e*Pf$Df)C$z**sm5iI6vJEhTEX{<~mdg~B`)}4}Y)Hbsi zb`j4^W*;>(Uk#LkjnUcv4@94Odg&9w7;AVY1-;FhMv zzvChM5<0)LZ6+9+XB|%i#dPx&G<89nBM92e3?4Q;0uQ+mG$f<05KUzmc)o12GdZ@s|9~%W>V|kgQFWpkK(L#4B)++Zb3E4lFiv-pn@yjw?09=D?TOHlw4iX zbF^e#$=VgYv)*1b6A`E0xsv_4X=Ra1={?BCR;VH?l|NR8-HPmtUZ(HIEeroZ} z6+ORR(erXCARImIxn$=zCM7TaP3x~Q;3?PLP;!0A4JGd?+3=0sen|U;$opTCJ%3F0 z{Nphanwj_x8W;LP>u(SN@NZJ=Rk8Yp`l@ZId2QPe)vYQn=KSw2mGnLO{1HvRtm$_& z^)x-9B;3y0zg_b$)^x3=4Uzi&`h1_JKh^YQO;1sL=4g7kriPdGXXzcuSqHp{A7s_Ggx$79PDoWBx%ty!@aSl3rK)L;PdSTlFh(gdo+YU^84 zP4!iE@r|vUHWA+IR+q(NI#y6CCIrS03?$yL38ZGqa&}CoW?J^#(6ZHk2a?77>q$+2 zpy|&w{k5hqYx=4(seiJjZ`SlIP0!WzQcbVW^lD8vYFe-9EtU=EHQlV~ zyBouJou&BPqUF7sPPCtBy>5lqq^XrZsBnL*=}}D&AEUq5HweD7G&Oi#k>}6p^Fd8t z*7U79-uaPnuhZu(n*LVPSOo8%X#Q6;y;#c^M*9CqX&F;~;e*U9rsHIlwjVa`BO-Y43 z=U1Yw8s=2(&8c`zsu4y?ZGF6^p}Lh!9#~H`@z&;4e0}+f4HYG;*CaM1*Ik~7H#Cxs zH7!=r(AY>OMr}RWJhN)1!9pmURWlprLq%)zmS7QCV)M=`f-wf8w}OnOWm~G6R;M;C zLTff<;wYdzGKN~o;sg8yDx{iV%A~}Q3unxl)x0=f-_R1@)X-X=T|Hjg%%xRiJHc#& z}pbKB#E&Z4|XTmHa4X&c`!k1v~7F~?6vxacy$9zsrr^|P!)+B zU{<1k7?6e%=ozOhu_UV-wl&t(RuQn3+txO0P1UP`bv039QM_PQbpgiMw6V6PCRHC# zVZs_|&^nyjRCBz^=mY|<+0opR+P0z=QDK1Hg!B}GesbHj9xG^tPB%nP9=K5yQhNgCr3luoOh%9{D=qUCQYSYLFPV{8xwdTWwPPV(FbgFn zmP8Vif?F2RGAHcDn^@*lT7kh~3ntQSP04y%}JAjGnbdGPm}`Dk`_qhjjb)Dg*H{S*0rb_2r>dYp^%X*A(Z7wY&fP1RGt=t zc&V=eL)SxsRypX7?L^D8khGh4^S%?98@V>tkomssSrvvDP~4jW}BD5sPB6O15}mOM?X3 zrp4+vZY8KbMc8tLf#{|u41lDiT8gf~S!Hp+ZLNnH+U(nr6qt02BVfRRc_4KuMyH}! zOooCb1vF!UJToTEnn9^s;v7&sK>!_ygQ!ugripPth>x5iEYtWQ6c$_G z17MFe^2zyNzTzl!ORi zGJ*a2L{N0PsIIDhbF93o4yD^bZojG(YE+mWo5|>nsq~7$nnN)6=2Xm7v$Q>9R`VGw zgIx7zEAUTes*Tw8@uvg5_jighDsCRx_p($rerBJpT{J^C;Z z^M*;hjoCCrFN}U!DNML{Gi*T$frqWYa2atcyqenPEl_xBL)XAVA}bOmxpdF`rl_iv zCELEWu7=EaG^bSsD|%C$(Tih@q)Ihl4`Z|m!R?k-*dtmEQ&&YmTOt+LtzABM!G$p- z_zQkv=QCbcwJ}vkL3}Aj$hw7{FM3>PVt*R7S{Peb-`v{R*w94iJHbEx?izQpJ zZ6WS*T|)yzaqM-m>ZTMdKCnK^ho(jGQ0N_!2qsLdu{qUR)6mq=&=R{^QQcPC4DwcQ ziEm7`Y)`?AF|UPvDiIXZVq02T8W+uS-Lhf5NhXb~Sj?Ap>n~*24gmje{&Cv%L8&skSO8gxYNoWW0=GSyhfvEUlc1k}ZgU zSi;hGjHNsij2IB3VX=@$6Kq5>w6Qjl>tuScDkhKBI89B#;(}OdaDA{g2uM`SW@FfE zXTji`0zt^l0rwF2xFL!bCarL_c>Yls>*`a@)m4pPa$~*mgnu{^5YGl?5+E)i1CnIs z&6j3XUxUB_MPlLwH{5Wk@O_|jl@BoqCom+A9L!;Vns%9>D!{QM<6{z3kRt2Qg%5%i zmubjgTPy5D;!x_Q3M4C-JGUTSSi|9gxe^|j?Uo*#V4hIOU3l!QN1Q}Q8L@rL4DyJ1 z7pKJ@E5P_%oCJ!qx~>61Fl!RDG`pp-paj_FR-L|*6nVrd zj8rL@QxJFk1-c8Y%te7kF(GR;W`a15`QjK4xC5KH5aWU%6^^BEB`XV|zmrw2hkjV}86afH+T9ULw6!!P7XgmVksj6)tro_8hbCW659N#Xr*r1hSi9Y$}Duu?glr@SY z(fO6jXyM01I6y=}U&GIeR5GY4$$c9*8=eV!VkVyrG6(*O+xKv8C=A)Cci=D72m+PmY$Ui8i3_gy$M@A*RJv zq^fQ{W+fk#h{o|DjZ?>%MRsQZ7BSGU$Bh~*8melfNQq5$GZ+!Wk(r9EPF3;A7x*G6 zvC}{s+N=SSVrekJv!RGpE>>o)ZhY3Q4)0Qhu?}f8=QqQo)9@yca$8El005n>2^AUG z++uiIOydbv@CIY68dG#wNezDJ#>=_bc&tU)Uxwgm3(wY zg>Y~|v?v0)`Lm6rF0FBhRubqok^m?gP_&w~o(3E^Y{Yg;7!`$|g#t)K@;^a}j<#k4 z9T~}FgUbj?wU0q_sxlVYeH|Q(q+^2MFXOKULO=rE>M{`-x0oVn37Ih+5ZX}W#sN^I znGD23u0c&av~I}mC(a41A6M0O;>HBJTn+?cme^*BUqwyT-5;}T5kin-7lLLeuh@uS zjBbQO)URB_RIi{|pGC{oaC8;^Bxjd)VMW>6#Ojh27|wVA#c}g1FWu3S0^=05%_=%~ea>VW zY&$v}pmQvCW}HJfbAUL+1>x#!z8TYIHKRpvJd5Hc2`^8ztf*>kf$ZXcOO|nRs-|aY zda3H8|1qN1f8oPc^mYiKegV zlJ;-a)Y{o|wA}Ke=}TkuZ|#5oW$EXNuSoi1eYW&T%`bXL%J=KDr59+vl^Z;Jj+TE> z>qpa%M&Lx-zvW@+|0Yd;@>O}Z^dZf^Nb@`O+0s(Yw{nAL&(ZP+wSK>*-_i8$2%Kp9 zk3AxIS$f?8d7fyx1%!^{j_TudtRO`Kdt$9oK(tkpZRA<`tYo9T7Q;2KT{~_s|qCjo<3XtKP!Du@v)S5#pq9c1H^W$T0(TO zjjiy2$OdJ_8WZ)}j7{|xzo_0U0Y9sBZK?m@6q!b1987rYel2H-`dJla{_lEtasJaL zjl}smjK72I+qiCb%&(dwD{Hu{hhvB{atNO~hk?rvEs(ZdT0=_^F}$*d~tP$6A}}7x^6-DPh+)x5S!LRZZ1=;LfKp z4kpojxC|)PHLK<>TzJ97a~JrV4ie9gZEkAVPPO&%teaXJS{BE2Lx2iOSC!AT&;h$s zvNwus3Og*La~3Nx_(B~13$&_2)E3hL4SuYO;$h64V0AYr=d1+x8~jOCU&TBc+i}RM z&`KtUo^&y%(anB*)`AOQbYN$W2%(k?j5oGo$PqKQTn#)#ayQa3xax++9Xta>f&fv- zRSB8xv03xZEo!!H$XPY=j1(~(y3!KIp)$A+aUAK}76jy|K&4|ANVEFp4Gb7(FzLr8 zfUW^oZrW6blbZB{gWUMxwxg13*H+M86q#=}<2EF?3VucLoRxE2b8Q*nuTb4h&L*#e zQy=FJu?5@E+JtQe+I5|VLr#2;2WESAm1(haz*q>AZLM$EPFv%8m=jCKU*A>OK7)~2 z$Ey;%g<836l?DqcXx_0c0bd4N5Vffqgbx%0P#ar{RZX>si?-HR-3(ON+g=J>Hvug) zXs&LmZER_1icuci9J-d|1K8Nwyn}pmJv9VpwK|0j&Dct8DNw+O_NPcDq?-LUHJBGn z`PO*V%?*6FskC8R6_`x|6U(XFR2!CjGj~~4gQ!z;bBy!ZgQq=@K%Z!dPBwETwyT?3 z8)=htQ)|8K5`#2#F8+$fy!R?b`+S{3>ADOD8{;)NI$DkK?ue~L{1UtIJ8&2nTaQGJ zWFdB7W#EFev_`wI_1E%;xGoNZD(lxhY&$A|Vb1io6 z?UAPgKBbReqAi7!aySA&yM*KyQC%V|hT&#%B|?p<`i9ocTjV4q!{c+Xb*W9b|3o~& z{VX?fQ5X^7a@iHKvpxaU-5N}sWESh?8+tU%M&^<9)T-c~2N(!gAVM*^4Be#k6 zxrs1AgKf1fn9tbKCO*m5Slh__M+fM9cA$XRTt4i|bW&25X_%)umD=ihRE`XAP)jYH zq5vzz%5 zYnHF1ZE6KW5=0W6GIKOkoNK`3AyQjaN1|&7QLUcOD?rZjFIvKo*@)=WKqjLSq&%G- zR>Wc;AukrlI1#k1wythRj7WwJbh=qsx22)EWxnOukJ$E&u}wT8 zNKXi)vQ;F=uAw0=iX+MamzLuUIBc8X006~{;Q3;Bpq;aMWcc&6PP5jqeF~~dLbqbw zS~e&sg5`Gx_1m2Cdz3IqwA-c>6d2eU{jxZ(Z<#l3T|JYir6I;=Gqe*oh#*{+&K!S1 zybOU342+-9%`60MHc}|SuoS61FK!|ohd}7uc1>zgtYX!gwNa_=LPi>{710kYaEb?X zUy8Zh+SmX}VSX{I#E$jxjVvXpYgcgvROO=hD(EYq2n~mjH!WsdOK3#C04tnT*E&1C zYO7|h77d%Kq5SyVOXIG%rHPd{NWze~e=sx0xF`qbWPpu=Sxy;+vjvybHhKiW^|OV6 zwGzVGIA&TXz0Z@Im2AD~^;JF%NxTjt6Gs%#Lt%NM9MP6FYgw9TfGj=({lxhnidU_^ zHeRw~#j0f`YZIjyCGejUFULvZ?YO6a2R{A2f#57%ohZ4oVpZA7wXs>PHMC#J*=tvq zEK7hwF~x$9xG-u|>t4A~Uvl{$>0$XC}-ZM0}Z1sd3fj zDl(X{FV~Eo<}a3(PQy3hhHML6Uy;t|U$$Z1nP)A&gls3Vh^ugM0vmaVNP{dJP;0}A z#LCOpCLzWkJT;gUi@iK2!G7VqxsskZU(#EPBz<{-q<_`)t>?<~dQDH!dT-G5d`&lN z`k=ynUeoS*(te(%-RH^kCpEq4e0jd-0!iO=k)&_e^g>NnYWm?)DgU0PQxfuAqUjms z^85i!V=Lu(kETzqlINdmT2LX+f6(;JtL6C}nqH(SHp7{2_3I>U*0fF2c1>^7^ma|} z)bsU~PJM>UGM}Ly;9Td&rA8AHQoN7@_fIhKYmf3J71P`uBK&? z^q@XRQ)_puG}1xV^YwK8Pze9E}{NdASkTJ)eW0-5%CKFW)Lr07$(0_Ggr!Y9(xZ|Y6jtNOFg^hsG zBFRQb6!(}Y`3-RBY<1bvb!!u<>&I*YXTaazW@huZ%XNRyi~t$1YalZ_){tE_Vqd`Z zhfHB6sCYO6Zr@OOg{smeP4a)XRqeplM}PC0cPsfer*OWzb_1R(D_xyfuE`ouk?)LY zT9!c0%JQ|Vu1u_SKPXG@#Kj9^@iSK^u3A^NI#G(BW#tts%J>&wa0<-91W1Yj8QZ~i zYuxIF*ZS~w$XtL8lxSb#SHRACV;~A2IdpdeIyawB|nN22m`WIA$@tA4R8YE zc-p{=d<6}-6NIe-te2C+e5n}ZOkr};WMdOhIr3`0azA#}npz6Y&ObS*+As<{%tp}`zVNv@$GipmiHMbBaR)aI+luI+7E&}9WwJY(0Got)EYjfw+UH=iY&^gf z6qIFwJuzmBAo2`b@|CUpB9$`fh|Kd{Xc zY8UHX9Ms#?Kxg$>hhZ-qp}Sganj>h*0oI_R zKW59df~{QR!iAIL>o?)fQEXz#C@0c6c;=$&swO&d8?Zb>vp-HfwlNaEJ!yBC zLcnOv>U(eO*y==^_%c05OP?X=7cYLZE&L*fyxevqYY!_WG(Nwwg9D7mYFLk}(6~rx z&LnPS;!Tb*&LZ0sz$NrigV%qcnsm#19aKy|*inK`BoiQIoU|M-%0Q3;J2n|5MEvK8P60k9O z0T#2LfmjgEwQ^N=dn0$HrFN<(1j2$#6Ilr3Ooh2`$Ngm74B-T;B$KT1F4RLL)w_fFFfTIQ}!nJde|24a75@a^vP>@k#FXu*^(| zl$hvV2Cm;&RlT)vRx^%LIoF*x!l#ACMe$JF#bXSarpAeN!FjA({(vyxLl#0p|F z1sm~(j{f=XJD2mXA8OisgFIh!lcWzeO8SLLNng_EmuuwtgIgrMN%Mc+AkRCr{ns@8 zyQY^lNqP51NpIEXZ)mz}Cwf~;h|DUcCgJW=CDZFq0 zM)=vrYtR2vxQ3s>wfQl)MyFRQHw><|kHWS7te(;5SoN&jQp3~Mm8~CJC$=7p?~T8I zp!59B_lZ3E{oRs&Y=fkgPl;Uo53To{rX!jf-rEjH{U||50*yDUml~se`vmy+w*HwK3jj*kL6o^dydw->FKb%HGGbDK1?3idbf3L z<21Zx4*h@Zy$4{FRrWT1hZ0PssemhHP!U7|Nk9YyAr+!&CIQ8UlVnH+CNp6Q5Nz1X zTClIX7F@gQu2@h}QEb>&7kfj+vTND3cMt3 zTkbmfpTfS3BgMV* z>HkKD`6C^?n7@(cHScouP`8lJ-zPbqVt)FhWcj|WcruB5$K`c1a> zq~5EZ+LTMZO8eUy|D`Y3^iuTy!xa8&*Y!W~zaRbIEaqV!|5O^s8P;^?zi!%-H&X5_ z?@~L`zBBx_4tvYVOS>fT-z$avRQV_4b_vfE+F#-DZ^e}4d=vBX-HE81f0eYKKh>I- zaohB1mS0a4`_c~B^mnO4X5jC&_PtBp@)P}+{z2^D{S)oWcvH&%Gqf+^73^2kb^gmZ3RTbi zdz1Fp(!98z%D#MOiTy8V-&y{g=_cVi#%_On}}t6D*WZNzt&-1;xFa| zWqe}muS?xZ`_Ax-`L*TA;gESmdH)#g_nTqO#llx%dFemal8+?xAGq30)o|WU+;if3 z+7r3V-x(hEU#0)k_qYCiL|)7vNxAUy{V4p`DdI2b=PZ9R5AbvC%lyI5wJ-AyKi9s@ zSNvT2GSBgI?aMe+`p+#)|CNq>QU@fLJMmBEL8bl9Nl|_z|J)9DCPr-gDgNiueyzh? zJNe}fxqOdF{hvVl&iW(%OSlDPd~JA)A7|3Ov;7wHD;)mIcZZB04oMMzcco1~DZlH< zKl~um)r|jKYJLj)pE~SIc;?@cm@hrlk`&=j)&HC#{+aQkQfCV<9yqXHb)tVt$@iW$ z=2CyA{cTPE2a^1AsYg@TuXXql;%3 zzfX#f_@dOZ8k=s?{>mHq-n4uVwf#J6ZhCEUIy?REcc6VQ^Qqdtj>2BFFa5vxBk1h^ zC(yive_!Fn0?|$XM0_Oqr1l-{e*^8e^SzAEo#7XEWZqQxb7)`EU&be?>@QUZi&bEc zSpU7O-lmV(Up~w7%VsC1tIS)ABd_v%a3#%2`4IotI_wXX{*w+o$?$KaIhoJ;)M0Pg zK{g!nUdErV(Ef71mvF6c@FI`RuW|hJAKFh<|D5Ij8=9B=-z>a%K%9PXa=Jj$5bUwLS9JY=4o)nEON{;#JwvA@w_PyCbh5aCDA zzO=t0Uv`-FxAyR4|M#JJYtE&nlkb%N4tupnSa)Q-K-#~9eq#7#okHw;e`5GErTu0C zF8+!Bi(Z4I)5$5~FXLA+Cn)(N{DrjN&h(M|k^EauxtN!A3MqdpXn$MFudGjK`}+I$ z!4&qzKW9C3uJ67~`>FcR6^`)Bx`1`xrQT2Bztdj{&k&z2N5hDti4%#%#Gza-tR_E) z*h~x%|3mzOcpdR(;)?m!zZ;0fY`-TFcV)o#q<>?Gdr&@u+jCQ+bBPrd?WF8 z%Ksj==C7fA73I&6e~EYp<)4xNns_JWyDhZtj3VAe`JquOpGWy>%FiKx0r76ipCrGY zcn{^9$h$(;y?ZHdAb%)v4ds`SznXX-3s8pCvv> zc`uf?4B|tS7m=Sye3#@mb3MLH!#U zkoYF$Yss%8Zlrt@`5s4Ef8L_JhWu>e+mxR|{!HRKls`cJG2*+Fe@lKd@t>3z9BuvE zhxjkbPa}Ue@jc3)CjSEQeaibBW8KLien9ztU_#etYApa@x zBg);!T7O3nKc@U3@`n>Yq5M4Z7ZX3F{7LfvAbv*q*W@=7Kc_tJIP33t;un-RlV3pm zlJY;1zmoVB_$}r0$uA^+NBLUvj}pJ9{2TH=5;svk z=6J@7_ygrW@&V#z%KuFM2I7yDze4^^;ugxYPhh-=bsWE!ldmM!Q@)7&(ZnMuznc7C zh#tycC;u*S3FX_LX#E{RJdg4k@(sjwJ#0XGvp-l)`3B01DSv?Sb20wb|2B|+n|L1O zy-%|KW)RP(d^Gt&;sul+PQHnFA?0V2zetesd&sXPUQGGh7X_q%6oMG`k z%Ja#OBi>K>9P%FGTFOr&|9j#Cl;1*r74bpJH;{ja_z>j-e$RX%K1_KL`7+`ol>5m? zi0df7g8Ws)M=5`T{L{q8DF2H5cf`jjcb{p)vj_1R%4^6UOnjE|lgOVze39~1ULpSmu_xtUlix&4r+na9Hat5KvnU@=eiAX8@@Dd_#2m`cA%8xxFXi`;zn?ge z^7qJpMBJY8UT53zWDo~aK8*Yb;tQ$ZiF;7KlKh>-e9Au}|0S`I@`1~3c!m(iQ9hk~ zIdKx@i^v~CoJ{$>7Xw zSDXG`@_u3u%1-ze`*c^|I-JxO^V$~TdBU1-C#9p!oC3yJBJSCOwL zW>Ov{zl7MA@;{MZLF`ZYQ{YL-dxm6VU5d>#2Gh$AVlUtq)YG39$w-uGfFA4nWU`2_NliF;B0#agS^ zF`M%7ln2Q#B2J-vIr$5SWt2Zn{yE}I%D*SC{$Rs(B<0!bt-tw{dnorXUR9JgQ-1El zHhtz(?xlPo>-loZPoP}Zi&j&9BIU9U^c>|UQT_?}FNvp6zWpW4cjBp(Pa|JSypVD~ z`4I79$}c5<74aI%pC$hi@e#`V{?YooJ#o9;Y<(;szYj5;@<#Hl#0<($A%7Mzlk&UB z-%s3=@+(;mU!!~!<=KC-;Tb@DVz>=Y8Tkt0k(@w3l6(uXiSkp)pGEXiekb|+i1R4_ zko>1a>#I_-o+5fhqTem+B(mNt>z<Lv^dDSJ*8R=2Cwk4YJ}r7CvfeJ`Sjw%e1B*Vm=tYTslB`q9dY|a+ zB2F)m0w#9eroxR>Cs3+5=B2%^h`xxRP;VYe^c}@ zWj$2%ilm&2o|fp#h<~C#EqY3#&o6pWqF*KZBt+j=^!7ymQuGK!-&gk4{8k=*UU`V= zMLEhtclCP>+k!GcXY|( z{d(hDr(Tkj&mY(>_hCDIyw}zn(M#`3`3^*}Cn)WGs`gvV3I5LEPIvZysqwz_r@qy8 zoG;`4VGQ54_KUw(_~m=cISv@b@Q)?#<4AAW&nWrvYlVM5hRfM*{@>nSioXA^oxU?1 z`7Ys+@uKjue^T~Yid@j?PIu)++?R1;1H&Qn7c#!Bq5N&)p+p(SO8so4d_HjzaT!tS z?MdWi{44cB;vx8dd-?k9d+g_ZkI6o-?#i#Tzv=Ef=D%H@e#_sVm%q+=k!_t1+17aw zX+M5y`T1|nPoBZ{?Ofs|L}@3TdgZt9y@XqEtwY{jd>(c9BkiuV-|P8)1Mvgm=S1;W zQ1*MvzHynKlK0((XSXc-J@EtGPc^O;_hjB!@>$MHk$G*IUzUB0GVYamadAh`**>^9 z&mr%n|4XM_+K*KIk?fzAeU6eo;-1q#kqb_CoP*U}`u)`WlzfzUNq?OxKHd56jL(0o zemLXh3}=7l$6!Z(NqLs>ilnRHuN5B|*GT=A@048_e)&$>!%@!0l6S_-8UOCSZ)87; z>`#&QM$$#_r>4&Vj`aVj_WxVurHKY~K!JI*7Rz@{*onPjE-BI|?uT!vF2*_S?Aj z=Z$Nn90>ka4*uVqPyV^ZkTYqCeH0K9tPIJN2I=9)iyACK(6Fc>Q{&$KQxD zP8IvNQ!czS-Q+wOXE_%0lK!dIYksNrLh7}A53gZ7q?}8Acj_O=_lJbv89o_j%6Gn) z6O{8YW!*#0d(5Pso17mZ=U_O`Q~0&gYaP=^%8RsjGH>!U-#<^>Nc;~`;xFxGpA_>k z|6AfK;p}ex>etE-(X0H9>H8z`=zDE{m*%(QyBy-S#%D*Gm;90Zmi|%lQSjG_ztmr; zuQKl-^;W)Do%Po_k09|7bk66ATu{zuk#kH$E-2|HytIeXzl&T@=7le!K-^tHUi=eY z>W7>cA?=2ory%Wy@Y0?LFM4%y9)ZmF$$owLz7t-~GnD<_43=u<4|y-{$ot)fN6kfU z`U19So4%{oad~xyYK=tNCyyPwc=6&fi^q)#hFZop)QznxE6Hn(wE4&9kM#$GVegpc zNVCctJNBS)C1c0xyWq@qf#b*IyBk8DK-k@73bjhWl8apRl5 zgHC(a`DOePtr7d;61kX>l2%X1*fy72;nGQ7_te=yn-8~3;u5Z~x6RiS^alf7x#A0$ zYg^^U_0Fz{0bD?(z2<$`!*Stb%q;H))0a%)`sjF&8a(<2FkDP!yhyMh*Wh)sAuseT z*xt7GNCz&Z@-8;%7AlD>iA;6}aq%YZU2F5=>Pftfg`uPs_qla)uQjAv3sh^NY8|Iq z$E()8RqF)R>{n60LbgX$voEA@*PzlDaw4g4r+K@I_#%F{Ve8Lbaf=SuOIw zaa{7KJdKSZ6cfvGm<5M`hB4hi4Z9z|xlbq?SrYfp=ACd9d*KiU>|+;S!_ z-3oV7%4OoXfzy-=lm#tE`Xaz4hR6kd*L;%~_ppg^T^7Af5tM3kJ*+}e@P>R%Zoenc z5=G*VH3^OInCm`K%;HwdPaA~zslCQ7|^ z+j@&Kj8?>r`ib=MpoMDodGfT+?WojnTziaC+I6im%@Oml%^UH=a!oUdbyj)&2xb5k z+GL$}H&!G}q1KlXn~ccQ6|fmM8N&CF$&YQZYKv@VyJ)R+Ic6~lqck_MZnXw|D9Eba zgGv(ew71%yZAy1-&2A)gJMyA~{f2IBZ386P!%FF99w*dz+tB7kTG5EMv?i7Z-6A3< z;Wm71(|rOe>u9$PJFcAcMw-Sb%i)4uq?N9`VYhB_btG))b@ON%@I;rpt97tqn*XFw zvBlOs7OpS#g~6juM2zMIVLsYuL!z5#Z-}8{OQJghX{2yJtjFEtMTepbrEX?bTht%% z<(UF&3aTxGw5z)kG*IMp71Pa?v2U(Kr6gXsl0uY}*w(tvfT2aJwtEob$yCLr)^ps67 ziI-^qJ?&oA6h!dDI^k@?5JW~bMRlke{m~HQ=!(#rqvh9CNO?lIsd^F6A5pC)iPRzs zfuQzF&BGnsu&i(11w`!+eKDu5E$Gl2TlDZNq!#HG0M6*YO@1$W^JZUIr&O~-i;KP; ze}ePop`X{ClF}CjM|^EMylw4heeIZ}(ImZU^);hWL9Ig$VnopHkG3EeU`&2TLw*$w zHK}O87YUwMX)FKrCwpGP*0)otbJw z%J>3{ea(?p{%-a9T3RD$`(YoQyRLM&q+AcB5alpxdvKl)!vhqpR+LYL48|A&EwcXG z)aq?ofViWiHzV~r;N%j&H_!sd5irxj;D_ytv`c8PbyJMEpk>9#FVddpT^RK(f~T#h z;pqQRxGcZLFh}=icV*F-YhQCPWs5OAD6y?ji2(1K~eB0mJ%7^vam4R-PqXgrbZ&Xt(NCLX@GLMp9SG$SDIX!oqW^79J|-4*pUfoPjT^M{rMk>ZO9 zu@|^eUivvZW<`+0XsmFFZ5U?q3=F@z1> zjFsq~#R#q2MfqaS=Uvj|N7I0+tJ`|bc{uRY@uTqqF|LPTW(1uO(4tt3+f79>e-q!2 zi`kBb(9x+T15F)?X2y$|4j8~=-XR7Z(WFEv+FQ&uh88uVHuA1&{DfgLIxapvLV}bL zh^2iPJt7JhMoGGhi6wT?KH@G)E!s@<4{%SXm`=HvjIK@8hIR373buEcKOtSg65X35 z?x7(-+k=n00NQ6X;V6a(8JaYN5aUR?SR}^%9+U`tW6X=>wFfbxGu{WIXnt_Tu^t%3 zyIz(*ZPpz#+k*SO^_|`5Xmx2UDi()vtu)FBXA+6c63 z!2s$M#dNV$T*TeeXcby8oHCt^PE6QLkVHagP4GE_YLbxBu_D`sZzHrO`U5E;tz!b+ zo9I3b?{pQ@Y&<{9bs%&OG$RmrLSAozAH}iajTSfDh6Wgrhb)MOjVU;3B*9RE&_=H~ zR@5;NC`=j+L>32iI1|PP&At|2#7+6aD4I3a_2O8Sfbnt3uAnp0aq7YyzG;f$gMgul zRUJojciXC)t>>v~TXC$mVQk-2FkUT+ z`diR4Y0fk_Ix4!H=po_MF2#&dtZEvE3cGZu)#IP%bVbYPM68}_C&qOS3r6fHhzyNx z?P8%!enaPC)z-H#>J3NYU4~(GYs&U05)J8rXp)$2m|Cm5#v*(XphNYeBSrb~wCj&a ze4t^B6ml227yBZu_=bTAgerv@^V&LFVro0g6{sRpAGYdlLX9agb=_KQ@?jK~!Y>mZ zZ6Mk<&+lDAUriOamLonthD}?uZA{RjsngbCw9UU&YmSbm#8h!>RevmQ)vo!P^faQ~ zOr46_3`1pF2kUeh2DT}jF6-=;uf>Bb_qvP9=#ptQj7ue^ig)c)iOuGuMxeyB7RGAX zR!T@&LJ6UtruDEEw^9UXF|i1kro&oHT?A;aQxP!jh_#$DCu!H2lcuFGRx7p=(~8b9 zH7$d+xRsdFVq#29dtfc5jw$VRim9pn)^f_2(ylY6rqUa$WeqdCE(>^J^RYBum8-W> zsj6+VBvh)>cvY_1N_y6GO3%`GHLlr8deUM-dX~nkaZT#J^;}@AA5OCC zNyv;?o9{4TEZg9e#Vf8SG2#vzrYB8^c3HgI;!7*m19xT1nM-Byii-jm?|-|pn^1wu z;?>p@&)lvoIkL7aUS%o6AYcgx}x+T%@;kDhoBPIsiw^>74S7O&g* zLcl!cFvM`4UDGD5?V{ll6dWlrpgl9>Xaq%`WH=+wzTO?+jtG^NEy@) z8^gq)#%rKnG!JxDAIuA5lhq<#^*U07ksdk27_WLYU41o4J6&VHjSBXb8d0c%om+b` z9ki`_!QN643RQg*79Aumjt}N~n+C>&iBG`q2XC{{Q0bOC;1xy5H^y9*|nl!RV$+(u#f^n+U>(}eVT{#S8gP6;v-7*%++QU99<#cVu zYhTirz11NpL%lQ}>IteWRS@Ea_E8P3DIJ4aOe~}(qfJOFp!LypFnxH#FiuhjKvN}! zxdr+a4Hl_NPg`Si3X@orz&jc>Es6<3RkZ5>v_)yOL{+CS5)dP$>R?~jt}OA<71KNz z4{OZaYKq(m+LyFcu4+@b+fH}wDvWWrt~Jt0cTs`s^|Dt!2alfqXNFMJK2 z6p@d382h5}YSz{YTr{!3*~J$V-rCkwach;xnd)f_m!vX`6C>y3TiHI^Gu88Gd8fRQ#??C$tE~@k}w* zzANJi?Ll$8Jz$mZ%0g0WP;AC9CP2FGcV#}_CfJ#M8+y|;C8bHMvKO0?i!o-JfUX=( zXd8;-8Khf)u1v>UhT?eUm}a0W(+TZ^owGMVv28(D<`Y{9I~Q*(v`H;Uilwv>#ip}J zl@`)W6q{j%F||YrYLau(SQN(_3$_Pcg*2(DC@yzbmmP!^nXXJqV_|2xO#sj)bY(Ku zRM>fKW7M<@^SUw(jW*1=C$t+SrU#DO>dI20@py?wYtohBSR-Snt&PiUPr5Rm)YO#3 zOLKdy^+-x@h;1#m;{fA2+LNwajx{rOe%TmByVjLai0Nv)ESnakE5iv*O-Z~on+g$z z%BSu0lLBqtx$zR3nbsdnTG#`VD^Cmf#`RPNE$$EctEI7?pGay+ffQC)8W`bkP+u&@?f@$Hj zg+^n6M*XRSV=@COH7zY#(ba(UyU=`p=%g#E4Gv;GMn`w+fn@<1n>Sg6dKUA{Z zw$|v8zu%1M3#nJ5&9_3I#|H(nxT2~NSd|UCcBxmWp}Ga_HwGy7tpJsrHcXEJuvQH( zW8dk8`QuEe%_m5ENNaSNzX+069Ef<$5~Qj!+Oetr!u;{$O%e4*p@5+OBqVQm!#rO)cML6*{r-79A6GPN0xrbXW=t3QS4yw1tCeu@~Qk?V>a)7HeU#J-8TI3UxUA zK1iFwR0?z$-R&me1qG&Z8aJRxh2qwQ|8=mcUmC9y+Ej$V)Forv=(MOVG+PP_5;VWi z6zLuSYJcUL!jKS8VDP8a_9zotU8blnD2Or%v2p^=$%4s9oj`u6tEG)*j0Ce{-UIqvqmNOYL^F1^@(b;k^)_r zlrrN{A#Kt`z(%zT!|}S@tPRJLr3z#GEm^aaaoiXi@nS zGa=9jV`EsDZ^l-pGzXy9>VXb8{-S_tWmug?u>dsLYL6Z~=7Uz#SJ2Hg`>}#X*QBs8 z-_$M>5vZ8KfL1hvW>6<{ruDMse9)USn#$3~eBZ-W)BPGlP)SD`n!mnC2ZL`uE6i)ttXrw=XiZi^&s6z?EyioTb!Mu2vA4N} z8CVz(vY0_Zoa$cW6$9}cM5_wF5p&U!)RopYqlJa>3~Yi9H?)?`L>_)KJn@)nConP1 z0$do+Q&WJ)>#bI1lK}%T&NL_{eqmo5ws&DNFP82)q*!!A7i<;~q5kGW=MBXwNj$47 zYiy%bwJ6Lhg@Q}anLu~G!wvo8goGY%ioZ=sG}7&8rQ3pNn8g%4^JsYlB^mo$m_6gA z0|}YJErxBh?R=|o5^Dgcw>tmD<^QeFbP$srkVZX#YSgGzs`*;)JV*}iL^Gf=kT?swzM4F%Vh=yA4DgoP%BO>nSadkNYwVIG%n>XR|!$80#%=8dc7C*9PY zQKGA+hFMpw4ePA=O-D^#vyOH#tZc-vZGjml;g_|MP^~dKfmW{`Jj4|u?Km=S54LG9 zUfun{rD%SZVq<`f{@x|#ogS}aEQx&ycF3i_CQ-4&QJ-~Uf~`8*Sd$;cji&T(V+e@= zErzxbc6S;tCrmH}*?tC~yA%u1;txT$8P386whZV>Xw^dtCrmKKNn6qVpxDsAF+xua zO6(({1S21J{*vJb%SKjo*%)79n--D+JAr4R4z=qhTx-k+u!BJtf#G3Q+=0)8$=YUq z;lUZIB7hA~dXuc~4t1lCvCyoB^1O+o@ljy(zx94LS|65y&CU(Ad1VLAs+g@xYN{K` zsvA_v%%ZybvWBVgEwuG|dj$6EcHTuB;r8UX3E34a{jg&nbKD>{A-7{hjOa|!dv*6i z&1p&4w%fHqd|z#oLA`w{wLzo{l-t|%pj&?nxjhkV-NMFDZ#Y90MIy8H_K(T#T`}Tm zht|FqJDTHCY|S>?L$IX|J9ski5vd1GdVqxul4g-Lw78)b^48=qsCAC+nTydi0>pmT{B^k=d0Rb~pL)(P_&@1$U(D zO-Lxs?vm1?h9XmEGP>MrUtspvcix5X*miHdtkA;`430XL@#JiDOYYWING%KN+JRz> zPgcE87u%I$d(W|JUFUWw_8%d=P;?~eb**rt`U&rAvvn0C2LuCyMfAo=8|jzW&{dR9 zcGu6TZz!u8t(}`ySCLR<$`TCK&MK~~C^3d=v6BO%iV8DI(2JZpuk_boxD}zU@4$$& ztrDA4F>p$H1AD&a*o#CCRRcZYh*$xzVW_}2k$zkE3yxGY%$ZwSR#Lf*MrRjQ z&MNE9Y*9l)T}AP%hO)WaWc=W&%DJ_=S+1LFvwv=7MMGI#QMX}Auvjspx~8t%fF)Rn zdC?S%`kMnI@O@=lIcy4X2fT}si@LMHtcTarmLW%I06#rWGv243D*CMTozqr*`|f`B z<)_mu?mpe(M(}I5Y}xW=QBA)YM&u(tLfpB(m5&=>F-%-bT)n-Ozel{7_6mnuc_nck zaT)PJ;)q?Wxfh9Lxt5>!>`e3UqGH)}3Te4n^@cPl@a_!r_|Y3~v8Gu_r)Bk^eB zMZ}fFCy4J7eFg!`A|VJ9_Zl3eq_8gcPjBQ;ws|h#5cM@ zv0pL4y5}LDMf@{yF>!S_DE5zPvF<%Y+(5j6_*&4uUr4NRV1t8~_m@$=jwtp!mRR?W zC0Yd;Vati0@OO z*ngeo_o4Z>$=6(B-6x6_Ag{OZlODWB>x%lapJLjp9;nP1&p7M_AViRC-Gmz z34EUl#s1*SY`lgN_aUA{ypH%tHz@Z1eVui0`1Kb5PCku%b2ljVi|(@aza^8YFJrazNQtbgUiBZzgxQ8VrPA;hK`mKWTYazT*`iu`|y_tD?)ud)8Wd!5DB zYb`D(iu^SPFY;~0J?OreuXgYvznAjO_t6YsU|r4zT+{W6+ga-X$-5;1qJ z z>P?Hj_br}EyoR`eIPC-b{&3<^#7l^G5(BF-c>e{AKK6Ni6p`95D*obipt zrNrk3SD1FJ*DgN|-=w{lce3_AB0lgt%P-m4;y1+Z+<$whH9wkoBEu8d-O9HW&!N2| zhgo}3V#ThOSG!p}k+`ky-bM4vOlsket4GgXz0>;OBU1l6&in-`m0yCVOpIC7GW{>V ztj3;nCWi^SM^?|OtlSfGRWUi%nJ}M$)leK>gPEB43y-^6pZr#j>Fmi#@__r``pO2* z4&s~G>v-=j4hEqh62MFl4hHgvF{zvADptR-9Eq0|W^zWKaMlvuTVl?A(#wOGQ^Z`O zo!G;y;*xexq;*V_I=B|7=bErYgVWdW+mA)Ph}OV>z6{*bCj{!4n;G5=s2N~YO!GRL zSZRvS>8296Tj88>Gy|s*=`)cMEIR~=W@A3#7#JMwl~9Nrp)jlKK~qW--e4uhgT*7K zxRC{}(+g&BC%H-4m=p)i=XFyXWieoZ$30JYg zs!%L3?TC3!n=8mKbABe~-ZAkzSzC*xfnKD?L1zgPJyDN5kG+`Z!6smx2T1G2C1D)D zC4p@DY>4_%*-oxWzh3^GwqRv}KvX)Nzxhbn&O=`+egSmsB;!SYGsyktV) zbo(Iw+mmnfJgWFw1|KjVu8U3b8bGoE6iSjH`+sd1V^Eefb=)!5GXy)>aOxcD= zLD|b3Q>$!}LDkV5z-4B;!+Cm9TyAEY`Zi zSR}(_yB9@lxIcWQ5X`Lw`Y>`8QWY^r{A}o@ij_Y$VGZdC&%=(jF$9-E=0|8h7Cx6rZH zN4)J~0Vz;js*3Q`)G4gR7FD{Z5{FGyB~`WVDdz8fs z9+AZ5;q)q;k~hyvW2>fyg~q$T+5FNc0%D=h6Not2BwE_!O4$QDq4>qmh zgU%O-oSZ_Q%Dhu9_MJG*;cke$ zU_#w6H2|M7wua+tCgGjvp5Plrv80MfXR#LB3WUx~pBTU)opsWT=&a_ILbJ_ZSmDP> zg8@6ljf7GZaqYU*s@6-wx)X$7EIwk%mi3Y0J(EhiF5IY2=(Cer04?Sinq^)=Jy`3H zOm>&(9;V*A5FY7OXN=YKpb4jPk1a@Y!z$dwk_sxLan&h%BCLDF@Gw+X5>n74t5OZu z*m5wRxQuuaF%X=KFNY;s#Us+rpIU`#Zf#x7!E=mMad2cttQiVzI))cmI@jNH_zKac zwcds*H)=vU0j>V#Je+x{bwcq~tzRdEjpsEpTBy4mH=FOK;bE010Xq$k@n&qnnEdRF znQ&C=*kosPCB>H)UX&!LCef^jD$TH8e}-gdz+^(O%<6w90o9!p>gb}FvP^<4$yFSr zjFO6vF&u?0IyG9Ln=w5ujp+wL`N~{HfR7OzD`%1@)-)hxp?ID0wboL>cO&+b7%y;Q z+!$j+w;vGNent-hp+M&@uc@mltE(IBt}82_RbN&*THCI!X{e~G9ivBm$UEJ48I>Ay zBDZ!0it89+hoGp6;gT2aDTWx@58FiIBL#O}uz4MW<4%ndq{P+?Qgwad6a$XUMWtP! z%XCFehO)1bTmgM@EQBa2rtsJp={(bKwDOu(!PlQY2mpr7u{YKu92g(bKI4e=v7a0p_fA#^9duBh&OCIk`rI$P ztJRgqAwxurUK~rBnV}p1lC6i6h+~OcUa<1PFIp6Hg7advvOHEPW3st=dPBw8c5K#J zj4afm#BvO)X6TR1Q_zfTK(S9q0iB+XlB-2J-5NV|32{p?77aJYYi3JQX-H@d%ruDB zu#xP+v;@jyovp&PMfLRwzdRV*cIeZhrz4Q{Pzkc{jQRLGQ~Bw}bi?QIOIZ(wJ2=4F{E4H%l=Fw!g}1>u19|1Vw{pL9&dvf8=^_tAw%4-f1AI#~FWL2ETS`9EG% zR@67R^D5)NY;1HxrHnpg1zy#aH87s~n~8TF zWBI&eEv_Li_!jv>zHdLyntO@3-!jWzL(Dqf@?qku#G(_d{Q6%Q(T1W!Gu=e}3{07z zwe?`vjjoNDK|!&`bc`R}XSgF=q3d&80v&aS1fvgQLTdt+mKD#MF&CeyMU^!(l$P-K zTzs{b)hm65KQ6->i+eT3;&Wgu{Z%E_f33cY6^|&snM%!t2D%@Uu$ieE^zQr`L%V~? zuNHr>5d%Y-K{%6NiyQ|BW640zp2}4*2_`YxNN}K@9jth(zjEx{olYIACu^pAOzL%Q z%IaLg3v;4>%un&fB$uA<@w=JOliiZ82}z#9gq71ammHWqVE4MlpMMCoFxm1?yL^enBatBQ;2%TjKL~O%M#s2 zQW^#3(nO&I#DrX7TjykJ%-4)jhP5!OuG($NwpLVzhPfV}1dWj?>iSKnH*o4J6 zJhcPKMw||mo3CpO%rTnRb;OP9Us};8+I<=3v$pdqj2mna6Kur$MtpuFeLzr~3X%!P=rZyC*w+ja}QER4x zF>iw#lTglW?!+8Sv>-<4ChhAlCah(2Wl+Du)`SRysq?^=cD)@tEHPt#*_d`IG`VMO z>aRz+_+gshSOTTCcnRPf?l>{($tfMyJV~)mbP~L?N-Ns88V#c*F$t<=`)D+cM)Y~fz%S<7% zEnL*>bV?;bup)^NCEZHe176mG?i2rt-xU{alJiaTLQiAoilIO2*hQcgDn%p4?qJ6bcH z;wj#<)lc!Z4&P0S9JWpG6m!2Ye^P#7-i(TdMTKJ~jVV-aw=yC-aafF)n0w?_-XDF;vBxbt{)7`x zI{B1SPdojL-=BHb+2<@j_q_8jxbUKj|8U74|8(hPmtV2s%0FLq^)=UCcl`}F{^h2> z{_WQ$?W^v%^RCr*-*fMp`|e-+z=IDx{K&dTAA9_XC;$G`)Bjli%(Kru|H6we zz5L3nuWfk!jW;*G_4YgO{_|h&z5l_7|NhTMAAj=cXPB4_Rojig*NZc*x3+j9A=E9C(7|_ac@M=MZ-|(Y}9%`21Ox|CqSl*_PjxIE6Ty z*iJlycs21p;>*O(iCO1Z_x2!8Cmup9IN!ei4S!1qU9tbSl!FM%=h?*Ti4PJt5Wgn& zTW<4j6tR?e1aS%RJmO8nb;OOt?}^)=Yuy_|oJnjX9!%X z#CgPJ#6J>mCq7MlpV))-b!TFTcqZ{$;#%UX#GDJP|09WCQvRoFt^79Pv)$l{-MsJ4 zzVrQpZrppaoA*xleky+s-M?-d{aL(?=C(B)bGvcxe!k!32AfZ*aL*L)MgD7{g!k9- z|Cjbx;+G14Y5!BX|NZs0yrg=c#_}TX2RL|c#(I9sp5V5eb)aAi8m8P{>}aN{q}2r89bEk z{)RSve@ln|9qI5(mG}R@xqBDu??*)8o%k@{@AZJq-<^mj5<|q#AGGh^A|COG<*SGR z;&H@YkJme0=e;>`o_E>tCV4d15;zG?(tEnoi zT(>}t0eh36SAdg;+rrrG)1bs#v+lM>JVNq!XUT7)vG8ub5x!G)JRm8C;G=zPOP-u;B$&H;g zhNV^&_Lvn{8)Bv7;)V#DSj;kF;ucJ;ziy2|W8Opy5!BuzB6$e3GKUEcZ!+2xdUYQs z{zBc;Yy`w>t@x_rBq24%p&sG3`t)J9-uZ}B3*m=RXmDd+N{4Y%|FHYqw14qmdRw_s z6V+nYD2M+M<$*>KPPht_%n06<1Wpg=N(xl{NK- zubx#^tev!|kH)L0!k#tZZSZ2O_*koVNV%aI1elAnMys*atOl-FL1|I_O!-|?TUIT< zwWo-(HH7dq95|~6TCNn7S5znQ;#Ykc4$Ff+fQGpyI>JB^3AXJEyez`+IaS3q2))I* zRYeU52$_;ub#;jNoR}b{JEShfT2)5t#H-;=?mV|H!+KW))T|NQ zh9YReVryBo&KRh|q7)}oGgEaf55rpXdyyBV-0USn;e!?kswt{9G;K$tis((nUR@Eu z=s=jwyr#a&Tb$#rSKf^YsVh*i&{c;O3^viG7!!OUbrp&iCfKrb#WJW=)O+{n9kIC3 z!fkdEyN_0Kc%(T|)41B=#hL$lSzlLoHaKP;U9Fg$01dUM%;tS3H5r@Z5 zvNWMJax`2a$2*7^Bv^?lOWFO*cE`So8?o)3&8!5mRv^%g3UmpQO<0-Pk)!pi>^5qh zFm^|>-KwLNSQgG6ljOcN*zX6+HPA zx6fe1sJVm@CT;OEiW&)WtMYAhckKQzt9xZPgXuhGhk(w*oH$Fip{BHEvQ|}_TUR!t z?BLqD^*DR8dPb67qfSof=?8QvN+{n4fsj9?|3jtDu3T4B`vq zD7FhEzR@9%S1DUh^hp$sOqRnbjOWn+)MWKu$Y%G5kt6hh7wER2!*BOHtD}ZDAEW<_ z#{L@nLksM-5A@dPUeL8B{CjVc9S>D)CjMaY)n5o#IsFrVQ(&j?r7#x@Ki`WzLFfBl ziWmO`Z)JEMB0f+2C-G}ypC4_y4<_zOoJ>4`co?ybcr5W8;tJv|#0QDb5#J?#MNHdb z{T)OcNt{I7pLi(IPdtWrHt`DLO5y{=XNm6+za;inm8KN#NE|_&NUR_pLR>&Rns^rR za^jUt$F^S9UBNwiTmF|u@vl2P-x0p<%*%VHyu)7~!~A94Q&hIenKql8Do9ogTeZ!HD``k&x3%GVrVyF?i^5UNpv+9z=lk*eJi+!g(iPtZU9kn+6r3YGcrt|BESoyiceTkpUvGRM4NXD}$ zpLVE~k0bs-9CnzM3;I2lUq#GsvV4!A#pP`l#}hvxe(AUJLjyG5Zt+LrET82s4q4nl z%%pr|qm?^xXgFDZQVMfo&uQMti@AT#v+n-VIG6D}irD&B>u(jYlsK2TFL5@pkhmvt zBk>X9y~LM@w-KKv-blQXn2WkP6pzMT9GFVBv%{R&>&pC`s?wQN^|0Xhr`^#1_O+nq z5SI`yBCaAnPyC$N-(`P{B~}yp+Qdiy<^lWaFupj7cnR??;!DJ@h}+Y>LgIlb+@C`8 zhY~x8e<0pLe1Z5SaRA*bAl9UCU()9g+LQFTn7lK6zMx#vC!g*nr_adg*4V}pgM+`a zy!$4~t1Vvo{#vE~UHblXgKFaRgl{_>n&kDnaSKSa9W$Ri_(o5InBxiY>9!cBQs`S1 z6W-!`5Zf5^C%Eir#-3_9E-7xo?6mICyXN&|VZAvV&v2Xx#Epp&Z-c%Tv}F!18?t|^ zFkg#ndlRA5)1g}QpXMmOU$OT{nF9fFqZD>z8MpN&s8;WiVsp=>(vvk4#*@*rDf%*1 z>?E%>N4_oc>QnHHh%-#WhjIUDMCsib`b-U6h39Rq)K{Mg19P$8^~S8c(YF-wM7ad# z<>0wyZU&147kC5eD3w1ZU*+NKHv3>TPxwN_3G&}7KZqVqI$ke z-}Hv851Ug%u!(l@;>BYYk25=^a136-SWH;d6o=1K!~OI0 z+?F}q1m^*1SCbEjLEd8vz1z8K(-s6PE<%=j0`{D|FgD7xw|a2(ysrsc^KkkB<`q${ zaG)A4vns;L8Q3joq0{TUqLgon@dk%$`8)wttm9t^NAVLUjNo_;Rg4<7pp1uhs$$$% z*cO}@jQuFX?KXN3Cj?7MLmqv#k}3}2=m5VL$9iJI2nQV&M_YX`(6LlcB?Y`y*j$IL zvGwNe>#!=>|9}!yV0hYy(-JZF!!~+CNc)ZuvJS;aek7z-DM}np6~d;{t`!`npj111>1XLubnh~9kS zW?>F5l2{yyiPTdSwMDU#6IQV@=4(PKqf8(U!GN9(=hEB(o>P5nqL zSmHho>TJS=-=2UMN3A3prU3-LTO-BEM!IyGLX;ca^BY_oPPWp3rNV%&!U`q31@~v8 zoK|&s0&N%?*mm0%vYHlLU#M#Q%@sHV0wuIYms1a}n`0)|;ozbceYiCS3N;~Lhey@m zDz*SHUa%5=7GW(?;k-Gxgj%vl`&#b{v?AeDz23K}J)NzOJ`JFH*0+0_P*tmNKcT*A zjFk~$tZm{%V1?{QyTSvPR z#gj(OiC5G)zIe+q$2T7#oatTSLHE@rAuU0ZI}h!@DnSK7WopBLO{y}YDx<2ZNmY4O zRX|lYt7^Zh4yxKFRokp;y{dMess)RrMJZT-j92wRb%rr#AI!;}o{t8lQ zJ=0zX_3hKQ&+UU&4a#))b&qn7aUbb!a?f|;knfk(%g4R8?6obgsSR7+R2#Q^3;J=( zkKb+Cw8f6Ul?p%OQcLl;RE~Mvz~k^J)z>_mxAax|!3jL(*}SD6c>UY{+m>)7`kC54 z>t2yMM0wOwbt7mM=x)$j^&+D3wfa^~=uz9_fgbC6Jkw)ik9T`~3|iWAY0pzYr}aFe z=b50hdtTY|s-92xT;KDnp5OG`)Km33zSkMOp6<22*H^v1?e$$R)w^%+g5I-x&jERQ zpW1tU?+<%_+WYg~!_p?FO;6iDEsz#WTbTA-+6$n6ru{4J7MkH)6YylCw+PP`RUiE-8sP% zfHtJRp8jU~Tj`&sf0o`mBO{}4M!$@K86z`BW#nfRW{k_&J7Yq|#EeN9b21LgI06*P zh-93caaP7T8Rur4pK*Q0jTtL5Zq2wYV^zlLj5VP3pp6-CW%SO>%IurjFLPk#$jnih z`I&{8<1+WooRm2gbXex$nR7EenF~QDf=D|2qmxh-c6Xl>5JIqN_ha$e6taqT<3?~J|`edqT*t?%#qs(!=z?bdHZ zzdien>Q~!uR=*Yf9_hEf-?#l#|2h5V_WyJL>-&G#Ukykbu-$<20W(4S52zYYJ7D&J zgF%N3IDEj715O!m8t9AxXAM|B;BNy~f^HqKYQS9s?i;Wc^x%L;20S+4=>h8pyg1pWb?27l&djaKt<60scMj-K(BYuDxyR%#%e_7K zj@)~5?*l!U`*7~M+`s3p&wVcU#oX6&H|G8)_w(E@bHC30A$OsBq5C*ck6}HA^#NrJ z8#rtS(2!w6hwTp912hseYFOT|vBL_6jT<&;*wkUuhLsJg7}h&KEx#at@BDr9r{ovq zUzC4Y{uTLG=6|36L;jZh-UXuz3JT6HSW$3i!KVdV3e(DY43n@Tp7 zZYtk&%ckcxP2F6(`JBz?ZGLp~r<*rzZvQdz-td@_K0&uE6tW zKGy)R#d8CmoACS%&uTpP@L2+!6`^B|sA@od2JJ)R%%Z2uD6#WNny1U%JvYVic{wBtDq z&lz~G$8#f|2k|_N=W#qr^)Szi*Y;5QQQ!7ZL%;8#oNfJ^rk&rST=>@$)Em?Xln%-S zWrO;H`hy07b^r|m4FUZQG!&Ez8V1@8G#oSnv?pjUP#$P3r~ot$v^QuU*F@K3&=k;q zpy{AuP${S!G}Be#IsjA!ssSAcst3&i9R!*KIuvv`XfDVDY65vdEg&Cg0jLcW1T6%G zK~d0R&{ELRpkrOjTqlA~2Au{v({+~XJkW)pOI&|)T@JbubQS0t(Dk4jU4L=?6|@p` zJLnG3YS-PaHLm+z>p+i#{tkK?v>x;<=y}kKpqD|ff;PBbcfARE3-k`?pP=_ZAAtT1 z`Uv!i>r>YkpszsRfi{6QgSLQNJ#eTBs5ht&C>@ju$_DiX^#=_E?Eo4C8Up$qXecNb zgl4D5ZlK|y5uiOmdx7#mV?hO=aXob3e{+xJJ(u^q$@K5f^n9V`OFdr!y#{(6^d{&n z&^w@ig5Cpt0QxuRBhV*3zrd*AtDfJ2Hi7bc&F$p@HG#aK7LX6L0MrHwf);|ppeSfD zr~`Bq=orv(pyNTm2b~2v2Xrpze9(oUi$Rxw{sg)VbOq>2&{d#oK-Yn80R08@SJ2I% zTR^vgR)OvWtp?o#S_8Tt^dRVA&^pj#peI0o2R#jX2J{^01<*^NS3s|UUI)DidJFUp z=%1kXKp%kq4f+W53FtG>7oe{|-+^@H>j~2T`he0wnV@V?UyvR@siAufZA8E1+Qqd? zPf%}AA5c0d6O;|=3+fL-x46p=ph2J^px=Rpf^tE_K)Zp4gGPY%1nmXN1C0e0fX0FL z2JHiy1lkug6*LW01S$cQfo6azKnH-TKsBHPLG_?npo2hjK!<`32h9a}KusVos0HK$ zEdaHFf}n+02Kz{-K6?8M`7SL^=RiHaTt3mgG)`0E@Jpg(L^a$ut(Bq&dK~I7H0eS}X9Ownm zOQ2UkuYq0%y$N~?^bY8sp!Yx@fc_2o2=oc)Gtd{HuRz~`zBA*EKDqrc=5XhZ$j#5) zCwDr=9eT`hWNu4tyBTYon!7yr;@lOv*X6D>2|9q)16@l9;pk%19M z&al21bqvJ#V(hT-ph;$oF?Cou#uzdt(Ea*I^tCm3c0#{54o@{6=|@}e`vg3H!gB|n zRQ=^Y@a{uAJ<;ds{&64ne+z)8;JE_N-FTkE^D&-2==*lXvoD_6c!GG&z@z)i#D4NE z@QMB8@6hih_LH-~C-#%)fOqzjE4%o<(cdc5@pYoVN6Il?)?;2hPAnN*GI;b*&(Pla zy*UQk7vrzXG4}c~zkN&lmdm$XvE?4uJ+8H`hg^x@IYo}|oZr52e(7(Vvj5RH&bEBt z{NM0xW4~*P2bXs7ZL{~ViNn(HEir}P5m)d#V$09`j`+FX5A(JJw=CRp*_IXmhrSLEGf~J9rKqa6u&g!9Sk}IbQtIe(2<}s;6Qt_xfjx&Gj~ z)ODHb3fBtPpFvlHu614Kx&d?(=x?r@UAMSybFBj1>AK5xFX&;=qo5~1Pl5gcdIt0y z=mpSApjSYzf!+XZ1icM<7xXXC`=Ad&{{ejr`V90X=xf)vuJ1uVfPMra`+Mkry+CQ8 z?LZlzEKm-pA7}t*d(e)c!JwT$JA-xsxk0;vb_eYN8VMQ&8Vwo)$_EvKlIPaW>3Oc1 zU;9hXXL~;1^JUPhpbelmKpR1CgWd)G3-mtdL(qRfAA`OGeFOTg=l7VG8{6whP$Q@r zG!N7Ynh)}W0-$zK2owP=0xbb81sx4K7PJg>2Ix%C*`Vd1^FSAXE&}}l^heO8pvyrk zKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx=zF(CZ=4BcMk?kAt2BJq211 zdKUCN=ta=WpjSZ~KyQFHg5Czb3;Gx6eb9%X|A0OQeG2*<^d;z9km{}U=Tz@rpfu2S zpbStJC*n z12hse3N#ut29ysf1dRtx08Io<22BC&2bvBl29<)!K{G-7gDOGQpjuEJr~xz^bTH@; z&|#n>Ku3ZaLCv6fpjOa)kRKEPwSz*S2xt*#31}(kXwb2sWuOy4CxK1@od!AsbSCI* z&~ngupbJ1NKz{~Z4Z0R|J?KWzO`yMlR)TH?-440~bQkDu(7mAhKx;t{f*uB~13dH8+@hSMEKzkL5m@`!eSC-pAbDx4E0lhqa#1%N&+H ztlzK!n9=KcPA}ig>5UtZ*bZ0~@-=$}U5(eqV9@QlY(g{KwI@p$yy)wa%G zt%BM0cs{_>3*+jo&09^x`)!%G^26N8cvj$9jpunhAK}>!WAR~lrr?={rybAfcw~O- zZT!~rT03J5uIIC6tJuGu2lYI>XRzmqy-w+MTCdZ4o!k4$-dFWr-TR*2 zYkJ=gdZ71%y&nekOWPssfV6|t+CeX-ZAg0~?cKEZ(%w(|FzutX{(buQ$?vm&pKJT9 z#6(ul^eLeI(yP)BOm9eUOm9j*KK;b>dqMZ5Kb-z(`eW%&razVb66o#pchX%MJu{|& z_RA>Fn2|9vA8muJt+-aor4`ykK>*(YW{0s2Sw z^Vu(gUe10q`}6ECvI}wwa>nOO&Y6)@opTH5_MFu@_vGB0^H|PPIfMHS>AN>*AJ8Pw zetoC)UD)@ezNhp(weRx27x%rS@4bE3fkyW$>^Gs`q<*ve&H4YRdlUG&s%nq_K%sPi zHU*_E4m}~1B+%iuOr>K&lF~q%UXrvFDmH0y+lHpeH3Lm$FoHq_hlr?^LE{Ya#Q2^M zs!t*46A?uNPCUmv-&5N{Au1{g^!~qV@3qfxhf>t{`TzeM(%(Jj?BCw|?7jBdYtKa| zPJhkxh11WTUO&BIde`*s>Gx0n!Sr8nO`dVWjC;8JnP<*S%v>^a#6RGlk(i(ONaFUy z8()0mi{7EBhx|h&hl0H1M~bnoHvV?-*Tvt}{9VuAJNdhXzt8dadH%ekrg+csH;(*T zKCxnA?Znj+uP2`#oH(p`^j(ujy4a0Y~=h=q}<8*QAW;JOkOd$5?Nnk zH?9MGp zAiW~L=OMx87j4KR!w*dV+Vn@bzMUh>r_L;$SvGSa*ZD@KfA0S`*KZ2Q_Ez#vxMfo3q~A_@Zqk;? zos)kz`45w~9N&5TZ;yZO_$?=No{*e!*_4qf|24&*de+p6qS~Uildd`G*^|dk9-Y2_ z`q=cpPA{4VP$pm%lBn}Q~Z0LEATz#`aN$sNxsE>M>H;yhS}jp(^ArIjPyE#wCN&UBt7Ekuql=f z`My2-dyBmiZ?<=aH^-aLIMouyrz*USj7)9fx|-`+u8(uw%k==)e{em-b=|n@#@)nq z`LUaheb=!!ANwHJFxNM@{&?*3#~wfagz>NAn#FbH_#NYa$mJb(!f~w=Qxnr%&!6!8 z32UdUopSkzbGlMkMJ&h&Gq z|8V+`r$06Qr_;R|lV()UteIKlm--36%CGS+@f-X`|5C1N{pxu&?2tITuZr@b5(F%z*Wt)itBQ&H*vk0Yhq?1skh9eTT`Yf)50b4Z{@KR zi4>Wf z%9gJ(MwmBpNm*S?DO$>P2c_l|{}gF@Q8sEQ6W3BE-b0xvr%Zf_GO?}nO0IUU4z4s; z7grD0Z@Kny9pJj5{D$&(a^1xBF0Na+-oy1iuJ?0&fa`-?ALe?B>!(~VaZR9fG36w2 zJQve25>!`|wbvw0=9B;HIf1Lcc$t$L;m~zzAaZ^v4I(_OXQ)f**o9kSzMO+U~ z{pQqfP5tiF?{ocZ`p>3U%&eF>Ix{o#YqP#K>!Dc>&w6~;_h%^;~cDukmm8-|Y|jU-Uf&oyQfAFP>05vG_GyCl}9PSgWLXHdiTEIoCX{gmnciQQvRh)LwX?LEs|1@v*^wVdae(mY~r@#O7 z!P7r}`cb9Fl#VZ*SbBVEDSIqjT)Kv9ZE1b!daeznZ!T>v-CBAZ*PhZZlzy@F!P1e^ z-;|D(USIx^@}HFdy!^%TL**x&*+1_i^X{1UM~dx_=8w&PasDxhV-hDOPD-Gt6Xzz* zODs>UNZgUQGcmB>{R=*{;A0Cs8vkc3tXi1lYFc>h!nbkVyl`mY@WMk2y|XfB4X??p z8TiyApTc|2mw5T*&4)H0YCW{&P#f1VnPW1Oxn7@nV`e#51=pLn-pn&#_`8q4U-0Ms zfHoa}57Wkzzn|&fi=h0y7Mnr-&e6ZMp!{{}-@8EhyGQ@N0m`4q?*VTYsJW zS0h&^oz5LS4?%PK*|DE{_-|1vu(8>JW-re38xJ1rH#tX@IA^DR$a%uWMng0pG zaAnJtDJf513aALe>tc4l_x>7A!rxyzJ#yFl>2{n zdG|fv8|3Ogx&P!TGp5Y&{7HV9U+&N6+Qj80xcKj~Q`ZQ1U5bxop?iL$==j&EKmRCZ z`?us?8{cQ{iQ|a{o;!E@KNolJo`0;sbNBx5#bNdL`Il_CN4;!urs4|4HpTZT{=4Gi zijxmn-Y1W$Gx@YY?`svC6>rLN_r!ZVhNKLYd=O}Je>{h%*ai_ZfjehS@8cwO=kH*<>zO8s53kyBZc9(tc{4IpH z9b?0F=-mBT!>`fz*?8x%miI-)8;`U14&C#w6?pI5W#e-7=dtnDzif2xUkRPR&fUY4 zt$%$}Eq*Qwzca-?zi(px_u1~<{o9mR2!E>KUU0ni_hrT56YRa?IsaBou+R5Sv$(X# z;#$ScioJ@v74J~|j`Hr)`-c^OsQ5d@zbT%e?tR6x6jv%NKdpH6bQ{l= zCt7S$T&2(7s`s}kzE+>R_wK&_B+EbXwHE6Yf1voIlkM|H#V225@1IoOt&XqH>lJTR zbm9H$X_oisJd2;3Yw^a}@#p81#_w;@_f=)_=O?K@*C;xF-TimwSohs$TD(|shx+gM z%Q?YQ{`>PHizl6L@w#;uXX*X-6)#oy?){mUSa-7h!~eX6~=Z!S9^nzgf&UU5n8Tv9M z>)N$R&z;Mmvdny&gx}L?qmajU4m@P5I5{SM7n@s}MaA8oM!-In!|rpoSCdnMNte0{ z7t5ZM!Lhf&W1mw^S>;a1X%@&g?_eR?B(KEoCMuh*`C;PdE~82fQrd5C+uX%+P;=s@ z-^^B>&8@p+8#g)QyG!;YY_>=4nzVMV3;Gg%f%8I-@?EV#uT60KZlq4d$lJ%o3 z*6xv)c2_w$(X^oJ@Cr}|n_ z>7M!X?QJA!DIZoYBx}Wu>D%vmE%gq8`V$T zvKGCgCvp-nF{rh|j6!pV0=v+)8WO#&LKu&cK5Pw?ZlJ((BA@G&mFX zwDKhJY$A7?%|=O3vvY~;R2q04X!pZ-!1=St2fLf}Y~#dKQy}twQy8E!h``|k4a>Hz z9G7ZzmQ%H|Rf(j!?i=BUue5GjYQAduBu_a`f3$3)+GdLax7o8g4p-s-!pvPIAJl3akXxKgKV!N?YR0>EW^si|Bkm z#p3WTk$4TRdFxi{J1P+#u?=fnx{VQ{$-`c+TE*l9A7<>~2`<6wF_z*HnxnhbZZQgv zx*|}U`P`C|%{wSby=;8@N^Y%2JVM9pm5|Qk)CmZ}cDUTpDm%UxOJY8$!}cPf5)&bh zsC;uExXWs(vBh%9a(#(pzh7#6Dh-OJbF3AD6DD+?Q*N?@a%USBhWi408|VY6Fx;)%0_G^%PlA&SHNnYC+^fjmF3hzeZt7%|q#LMNVy^OQfr0pJZDdh@NfVg+i9I z%GrfRb0*3N3Ye1=V|Fg)aVtDqe5`vh6!SfQE4!Dh?OKD)6MQqd78IA&{+*U1gu6y5g^# z&^=?#5jx)38c`4g)q)MGY<^+vCV4p4m*}N-XIE@n3XwasyArh#q4dWqlKtV!w zQ5NR6`)CoKu)YnFBU(k;l5h0P;`t>jq>aMA| zBKWmx1RAMV;gw`FjWB8JB{YR>4~HnmjdC>?BX^AYZm>-%O8zUux@w zQmPB~5D#OHTt(b=`@L@4c5DA@mPo?lvVrZBeCOPS%7*Zy5ay#c8N#wlYba=dkl5zay1uEg1Ri#HQKjtVB#0cHL^(j%K!%hLQek zLQtg`aaCCr^Cu5C>XVahwkVsMiK}&M^V7dX`P_yH zK;0Tqc42GEZ`mcg&Jk5IBlrx;iEV3=dfG>zs@xX|4_d1bBKpl5ebS+1tz}7iTkVL? z_!%TyK9@K#Y1_fhT1OVTCPEp^^1=~rr^{*n{3CN4)Dqc*ny?2aa3kger*vTZs9rRh z$Jp?p<{(u?HRN|xD2;<4=Fbm)zS0LCfy2PQnm^xcdwE2@M@XSAIU;6EQjQ>cMr8B& z>^e9CF9H)Oh#R^NbB+y_Tq>!B{Awt#AnHL_E{I(B`T|ZSGBOz!6UWHQ$qHqM%KVxeYc4a?E43xrdVxMw&ryA(t z9mV`p?OsSPsE6t*7@*K>s&po9w`im->=4%@{dH7jY;j9J3Hv8X72~Q7D=n@MyM@)5 zTY@^Abdt_%we6%`*(gRH$}HZ0ZPHV_;%lpI6=Ib??c~rq>A9tSV=YDTtv1%`=NVqS;+$f4_;s$!=(jVEv(J;q1AxVp`5Kx{h)g4`r(SY}J*%E#O35ulHsyz%= zd})^caItobB;|7@q1uiS^^dr(H|>|ue>1^eT?ns;%N$o=}L^e zB@7R(VlO5{g$121OtMndg8f^v@AQ-rb6^d_&GdXT0D0yQ8bz7 zNZLG`J9oLhcMTNjenSXN)!@tPr3^%}nKV7)OEL4z;H~^NC3U|13fm0kR?^@6P?RJe0KNJ`J#}FpAlywIOduA5tu&aY3wfS{4?+3w>Ck{i}0tZx6HHP zSC~xZdHmLO8k$$po1k=?H?ccgxA3Wao&DIQ^X)TnOT&UhSbSijc|FQet%!c<-vf0aJLc zFjX#su0vh!R!&5-rNs_XNaiB{l0=@^*b-sq_SU!B`5D(Mb}4RFtXI51aiQX=iYF?5 z<-OLQ&ne!nc(dYL6|YphT=62s#foPr-upi5-yMp#C|<3&U2&u0#fnQ5&s2P!BIUfH za>K$}wOeF+TlTTmr!^`7`m}~U%6oQ|&F(G_G$m)Kc5SEQj%4d-W&2qg<1#YV#Zi52 z?5ZtQlN|x#)KNUf`ot7tzim-ToTx|J1~QH?N=_X3 z;Cb!~O@P&@mUi=5B8Geovm{WJ(!YoXb}@&sn7!I9aDH7-+^qG-Q3En*2Gc=Cd?P^w zivEZ~i4be7WWQQkU8k)h0-pPR>{x20BquDiweVYuXe_Qd+`}bEB&zE=P#m16X)_}T z`EYE_fCf?N)jAd}HiVg5f)cStwy~hA8>@AEtk_AWp=knnbrfK0fd;b}oOV#@G5z$! zcVU!Q*PWNS6Wd0z-gMy{ww1j96vn% zd*eqU`%NFK`$->eFX_K;AL(1zNxJY}(xdDooo^rMbF=o5{=e8i`fz(kA2ns3EK$_G zqF?PkYWJ~QbbP;PyGL}}RJ$MapV<%EV|&tZ(~f16j)`28ryW0S%Cr-wE#+FyRl&8I ztBxzl)i`Y(J4nkO(#_LaxKdnOx!SmPOzW7|HLZJEFV{!8?&i9e>%M7UnD)T5z0TU}Xv)qP z_dIKVha=q!VT#M(&bWMx96iGB`%fG#dke^(lx{ytw+E%$f6^U#oXq08y&q%;a0z0Z zhBJ`m?#|M+=FP_yFDSG3Ys)SEO`kue_up6isy=^@-tV4o-M>e1RPo7#eg35d7T>$j z;v;8S{Q5Z-FF)5}@;ZwxitkdqO7Smmv+t+$Tb!-9RIx$vO2xM;?os@L;vif{0^A=jLDZeoRdb5Q|~qn-{yAXQ|`>M#`^hv z+j@4iFOcB%=Uis_685~-p4L2z4DvFV`)VTdYB=F>;?3=bcY4W!#1fBx&ys)7=b!c- z{@E)3H19|+v2!5AbY<=){bFLhVXcObyE*wK?1Au>uE2qh%`68}E%Qz#S?Q5twiE}y zbZlMbMVhe7PVMOAUD&2wcIvJa-9;x%@A(^LCWrQrxweGuBctO^ z+exmgUs;o~yXzv80T-Nq{`od1PxY2EJ%*`3%<-Qq?enXaomyr4jOWTA$f>rorlV)s zsix;l1YwE!1mubY^XJn;*Vej>l;K+!bGFb{`K_2MOkv2PfU1UVx%lZ3;?yH__p^tN z%-_$be}DLeb-(kM7SH;X#nq!0pHSozD_dKud$dWrIPCGDQ6e2llHmnhxQTAA;jLW= zj?vj-o5_X!%;UoOX?g~wgV%OT7_k!>W>JSZut*w+w7BG$Bj$VCMsy)ZOd^W9T3TFF z*I3(l8A4bmqUj@-`ee2*epL7FNIU74HolHQ5u3%qq#HY)V0&~-A2YlvGh4}hbb+Wj zj|;{9J&LsrYv(RVoO|}UbJtZh%w6d5??NyB@N9Fx zy0WphZtep4?VI1e`8{{hqI1rNClu?%{8lISxp8uqabkX256#bW!l&nkKhFz)E((91 zZ+z(lb|{Q!?sOJ4MmdXzj^~ zf35AQE^53EyRJw^%ns*F>qK3hg5$N!Qlvka!(VsM1w`d4CyjMT?{F(qI?YNp<6|vz znDc}zm2Hlnq8t{SySm1+KQ7=$!`#Y-s@htKTfHvX%j4T(qu{Az?N`}vIjsA}&Q4Tr z$F6`APMl?tLCOxht*P9wsiv-KZFOzkg_~AY)>W^rsc-O7n_F5rWX-1X+;t6J?FDP* zCeAv~W`s#_lk_G_+89r{if`4V>bBi>TiV*`6u0BMwv#W>$FZ*){Ct3QA=*c}kzV_y5=Ul!o^U#a}BEiC@L`ORjU53fmHB_C=_w@8I7GxEY zeYCkvtbb8ZqSep#7cMyaEc@%MvllG%I#N5e5N+w|+~L>GU+Z+CwIyn$fYG2!k(?=O zC@nJzhczy7s(ouGba48j#Lx`0IGRKAGGbxmTEBLg{&=#Q|`P?Ui zZuP^vBi*SAq;=Y{HTqrBW<(gG-^J=u^3P}&zG&WA2_m2Mz34F(pUYQ;Gpu4uZZ$Hh zpT)TucbFuH-&&n*(udVU;jptww#Yfw1zZ?QSSE&LzYn7lII%50*5Q%Tc6PIqE9NvA zW1QrbX)5`g*h&^A|5$v7}`7>2uEXmYsU4i7m&UebvVIvtP6Lw4(oz zy}wlPLyC_p9zSf~S1I14_@LsSvfj^m*t%b?m{i=X*rRx(;@1?*zhik9E50cU`}N*o z_WQ+I@0~k`uk_xzD};_e=estZD;1j*->P_<;(dybD*jsWCB?+!)}MEd)A-7DW3U#d!JNXr+A~{1B&|;4=Vme@g>EhMyx-7(EB#MFNEXu{n{ri@17?u zUZwYUDgLM8(~2jmyYm&B6mL>I>W9{!YZV_-d|L7TXYKn@#ir-%{mqJBQv9XjgfaVm zq2ikqZ&Yl1-oF2U;-!DG_itCcSMf)R8O8EHTXzkL*DC(T{%W5u zQA{bmPw~r&|D$;Mi`M-+6t92D-v5i@j}^U_?ejAf8x^lpyj$^)hpf9dWGp_SIHq`t zcZty;)ruX8dlbK}_>AHkPPFbFo~8Haon)Vs7R7$WyA;n+yykV*-A5GfSNwtEnBs2Vy8E=^*A;)I_>$tR5{|{MI3;*4Nj@})cW#b-qZ_TanKHW(-VR)-u&(<~T(z@mb zb0*Y>4u3<#>PDT4iD^pUejW3mn^}8jmoya@V@9qF=F#uuXmHb96l*PfOrLx3w2`@+ zdP`p=W)+k6Wr9c8lPXK(WKLJ9@vT%E7c`Keynwa_eUu#=;y1jXqzk$&b^MYW+Uz>^(u}#cV*~CNovpZyB4X+D0ClKec@0)ed z?7Wm}Z=d8%WWue#QGC4u7cNw}mx)zum?0~jU8pUs{zjITZ4;+1)K=!i$?52kkd+Mt4wlX(l(3eXj~%+v|^Z3u3zSt1=D<3K_4uUm}8CKjviKy zO>FHAJ>)BxEF^5i#qQ@L`C%UPZk9}^RV3}NAYwSp`Y6eYAaUYpBl!}%a%sc-c$SIr zhPZ5z5Zr&xfts_u-OXE(xrxTw-zeWjvYDG^7C7zrP5%-G$SQmODj{@ zOE@+T>&Oya$mM27Bu$0047cMDr-z-(BOh=ST-;6L;Ha6DR zUa+o_Vc}q!q8s`Z@$gJ=+D=9nQTs4oRidEJ$Ul9+FN9wPs_7<{ZYk@$RJKP!%uKM( zBc_uYRb(c?wsoObrP`K=iIR9*VQM%T4f$Mb>sUceR>c4CklJ;xu)!NsMsqnOW55Rbgtl$~wOTS@wi1 z+kS1EG)x}FxU_ZB@Gt_*%9 zpJR?2v_#rTy=DN_$1trE9pnVh-N*+tyD76a;i9jMAjR|wBN<|wg?`AI)ivg&=+Ef$ zu*hYY)!H?Y2$~Kt_eIh8YVTMMePw;+ zg%N%jQ-)jTCSR+oSW%QF;dce%fG%S{&Dy%gn)Q@GKzmq;gFSl&Hh#Ll+w(6}lCSj0Uh;!K~M6xU8YEW{v$l$yAl@ zx9jUR&T6D)o8yOhX>AX?id6GaI%+-nZC08e$g!%Z^3hc%b(R&od_*6iRL>#A0-tFG}I8Y}A?!`qs= zYJ$07jhQSG%CfY^WQv%{H!ZfRN4YcQ*5|#rkr;b({N%a|R@YWZQJ>>$I`UhWP@ufR zbprXl3zxq}+b&k;4QZlgY!%UgujpJ&R#OFdeoY-3rrs1M zn#-niNp>xC6y{mcH~j7F5i*gJSDr()Y)#sr_{RCN(?MO_G@&7S8eq&DGGkW zE;hp5;qGX2+s9f!mwA%nc5TYxWH)pb`6!05u$9=|3d1&ZfOe9-VwXwXEF)ckliZp! z;x3o(6>#tJDJT|BpKVe_$e_NRHs#b|@WQIV!tb4u3|s_W2U;T*53cU_@Ch4F1_bOiYg!TU|qxo^{NA~$weroZqU*vaJi2pO?XTMLm@D?_j zeEw4w?myc;f9xEK?tbZ7d;j4qe0oj%`Dg0v{f`y1-5;-fx-_+4W?qZeU^mXU^Cej5 z>u%AxnBY2Bk6)1NJF~0XN_s)r&D%ByWViqWtBY;ubq`22>P(lqnc-XO+I2=B+eNM> zq|moHk!rx{c+(@r4b#p{8(90Iw@B#riJN02P0TR3M(zsHWD_4_{RV;L^}{x0ttW07 zuhdTL%-!l8&i_(6ccl>NS~PfCKKM_y_dcKDrjrJ8xL$$ zwQt&M>1=OrPSY)Q*hrd9{*8?l_-6cy4Ahv-Lu_C7j%L&Iur0Ntna}9%?CqixoL*_u z!x0YcyaFSXp`@6VUS)PY?RU1&X-WF(G#W`4mqgU?+C6PPEa-MrQ48+X{0^rx2>+YP5E z4Q?ylh$FL;NAwkWXqR0_4cMqRW!>~~(h5zL$9yld`-EgYB+<&f-i|gHtiiC&fw`m^ zwinsg<84pTT+ja;6DRMhoopxGBE4p1bgY+q8)cY=vM%XilJE-OZU7D6ZV;KzNi3D< zjPKmmw%Mj%o%9`PA93iZ=lhk?i)yEN1vhGd$}$wEtn6>EOtn-w`pWKH?0Xwg25l`@ z@T0p;GEaVKHkyZ;uI91XiCTV5!u`N#wb-_EI`B z*!7``Zthh?J=ls&zEmn9ry;Vd z8wz3PjcBDge+5KUrH_iAEq?rqu5@Ltp-=OV3JMOgX3FI5!XMrkX5 zM=w40Qh!l0nMylf4`g7kA)_|YUOnBZ_AOCLpx%ucprb78qhftXwK9VqUxevPW$ku( zQJ*>Pqlg(?e@lTVxd6HS5Q70$d|O#SvFQOB%;CCicz-IFrscclf+^P zdl=-qod0G-JbV@VAPp-VXwDx(Sk9dbaXfP=y z&LvqTA&~K_sKnTRM@IR@i>;WQGJs-?leiw3$JULwh-Y#kgF#$MbmFc9ODjw%Gr$-X zetjhamQsSkRJp(u6uY!dOzEf@WlNeZcAZ^$ywfD!Vn)~Ojme_69!BI$7l%1hC@R{X z2_W08lr%{w>l5|1S5kt~p_|3zYBS4f zAPImRC@=TSc9(yLH_oFK?1Us^-NrJvrB}+eF)G6Pp|-lzh}tW<$}!!kee8BK zrJ>v;*EhFU(seDJ&HQ8*m}HO@bW=wKQYm{2_RPgNm&ZYK0@<=FE%MXCB@A{GD_6dp zDHah9zQ^u`>fS{vBJ-`(oI#FyMmYy@Gh9tKlFX!!%m~L0a8)(a1qwQsxQpIw_s!RP zrSq~=Sg9r)`?8?->V}?Zwe#VYdLms+9aF>3iwKk#l><)=$3{uxpdvOFiC0#pbqpe? zYF{MNRy8~`^8t)nC_iJ4UshITB}csCZNy{lZ2JI?8?`V&l=H?J5|MX2rC?j1<#ZHx zb4K|Ylq{)-wsd+@r}z#Oos7~wubwd73GmUM}|ZuBGC!z$WlMBDVPYy%o1_Pu3>EZn^niU>1;Ny zM0r`gXTmv**RtJfA6kfJmCrmQ@ju%OH=dFmZf=u0Qkaa08@o#qWu70{5Mc-ry&zU@ zU211FRXNRltri2{$W$-iLtC}uVONT(gL+6D0)g2_{S#Ks#xju5os5JgixG8c109)j zEe5u&*O)IyG)tYC7Fd967HI2pBPmj2V}6hYv?IuX&`u%~jG;z8I&PSy1@j|sR7^-m z7N6K8nOt7p$Qb#`mW)6c)!KC5Kvj9T@0TiHGN_wj9ADB#gt2fskmuO}N6Q%6;O|gM z=!~$Oi&)m$Z&=$^ugVXt=}rhWJK&1VBGYSw86ox)SDP(r5h=+P{pz^nskI*{RognS z3jc5fl`3sb%tM<=j{*uten@DM;!fFMbNh--js!j5vgQs1w_Ra zjlqg?{v*3cFaDPfK~vkAVlJw_*GlBlNaeQN>SsMNf~{q3%N0$sT!h)|B5OKVmQx8b zv1_i`6FOQe8T%&Ex`+m98VuR#5($HE4JvtJUa-ERsZ<$MJ#&nRFoS(ZXrgGv6c$hU zMAH#gFgc`ACFRrhlNpmKFe2r7sdQR%T#d_Kw61nfM=COm1qyL%N}6J(DmPvbW=w|F zC#J=T$4f&)gA)biTtJ`Mf8;|C<~XOFambmT99u(63WH2YVKg*eWKMHFuS|7|LS}GO zG;%bjn2l*VG|Y0rNL7xI{qqGeJJ-XH7NL%wiHi_$YqXS{mn*lCb8+o$^ljvzTwXGr z+w_juqjGt`veK66A zjp%tf<1NOC4h@(>WV**>5^dB>6$Sdw7w+<$Fv9YA1WMW~OCW3u$~~Hx>|kAI4%57f zin=GYHPz*n<$Vkz=DogtuqeMvg3jaE zd70}tD@9|vLt8+!ZA9xi?T`5$9WDv$A**A9MuB7+V<0$=9tjonox9!+XJT+bZ8(1O zkAx?cV`TcTsMvgA*v_nG(MUFt=Z8tk`4L7rV?8a%mWQxe=!7q)awk7!=tk4c=9$YR zrpVK?A(|i0$uGu4Xl-L@FEEK5aV%X(38^>a8V*iws zSo60om{leu)3qRmOwMbbn3v%`ZZ2k#wj>foERm_6aMHF;n>XFJYM7FkfsJ4$IMeJ3 zb(mDhlC)yiuyciL*T|zb^qurOnez^%x6gF^vQ~m;GAsSng(`U!25S`WKN5Dt4$B(< z!`M#kkPJ3sd??d0cNPIT5kBU|ncC4BA-9Fk0E@Qm5x-LB7q)s%UjQXm=3*H$-dQD$ ze0FxzC%dOW5+fq+IZ+67h_%P`sN1lwKUB#w800>YTHoa+LlT(DX1Qg%Y*xgUD0E;; zYiMb}HFoy$f520gpfLGXda_J4X(wic{;`|5c4G!Xn!^Vp(amd8O3i4`QWOa~a+5Ny z$s>pIE`vN7_%)BM|h5MGPa;)DpcA^xfvRE~7o*rho;FtQcD4;C3PE~1P11(xS?ZquJ>r$W#S;2RT~?UR4R2XBY~^|lu-?i!^l&xvLm`yPN$NIaCHp`_GH1p7OKdS>=-Cbj7}fgmDz$m*tRb|mcHLwL%BZqgTg_Cnwp4rT znfT`(Vf*tW>b+FDxwB=WmSH3=&3>u#iR_hisINpW*b8B#ueQ3XK_gq)(YjLNHb<;2 zbMggNuSi19T44#7lSQiN*|Fb=(kvKEm8|#-0x^EsetJiC-5%YtX{Zd};ag*YU?n=) zJQLekf<{b`=B}>hUHQE;l|ZELkcF)DvdCy<%(I}w#F)O>IZf6eH#ydDIRgr6ZCYBL zn}Mb6Lot%fnLy+q>eh~%xc)+I`niNLA2=^Iq!jC3%;dcDzusGiacgBcP*m4FcLc-)xvB zM~3S&t3}jSGTqRj&lJCSMHTcD)4x{bI?Q4b%$_Y`V;2rl>#53eex3HWNqb%os;2xa z-=(VQLUR)s%&1M?Hi>+FPPbgp{YDij$tumE=CY1*`Uh108DTM#s_2osnpTgUv)FyD zwJWhw7dXSuW}9pNsefi91MN_Xgksr-QwI5r$X!Iuh`5EBWXE!_DMh+yewe8MIiAgt z4kw1e!ih5K+_ono0ojQ;s9AytgOP4s`^=P4nF1)o@|^7ChAfm38w!yR&f_$Uy!bg^ zb$eiUM{Fv-w56@9MP|u*Rr({0lxw9&VjoQ=Q=p7zXo|w@p#D^oE=CJPm2qM!(MqRe zOpRF2G0qHk2UA7Gr>Mbim-K~3cWCm5VP>@vj23Y6BI3>VAVFVOoMq&gd}*iA-pWKy zs}_t!5~g5bbzh4aCe7pe)D8{>lGR?VOlUQ8V^ywc%ChoX7c*E$9ks#gi2QH<7rA$R6GJ=44ob~Cj{ ztLMyhs?&{eOtjs=u_;U9wf$Zrd783};hOZbny=Ep9HiUMso%WIPH(|(G#@!9GMplX zPPx5ZHdP{D&*)$f;2fiugK~FOb5~o60!<9;u&Rk(sTu1sHVorzA-O<%2P-mYWke>h zSmR=CLqlV|zVG%T2boyR2mKxm@r z#ReugZbZ6SWl+P5j%s+OQi~}nJ&zj6(7t>MXS_?^bu?#XrW7oagnwgF&agvmb!an~ zT2O4rq^ymo66229`pjsg3u&t#eDZo*TduEa2u!H5JiX#JZ^F373b)D1&|r)Xj!JIQ zJz+&cM{FX#M1&;diV)z!hjrdsF)JHw}%w?~z{ z^iM}q%$S5>kvDB3>D6I~Lyj>lQ+_lCW zF}6e4ffUnxY%JN?G1sifG}fN$!Z3PorywzAkX1%SgHzuz1(T6Ek@heGVG2gS*dqzE{Sa;}B}$b+~3Lf#k0<6{74epe2C~^_Q=}S*=lW1nZFXGgzaXD^dH1M z4qJ^*OVXyxB1aXr4Z$`;ccF1z4jKa>=8*4{rml^tQHzq}u^uz+TvRKI#;-IbMS4ng zfOT#sW6|~tVt%`_E8n825{S8pNpKgWNLF4pN<9#EKpsJ&#JZG(o>h@y43SHRHF<+r z$$(DugRXVhQS~|8|$O8iuWSB}>$AX_~m~ z>9+Y(Zpw2009BG>-$gR1Z$>z*Eg5s6WhCp%O$$+k+eXD?v=J;#cW1Ola!S%LCUTyc z-Jqj*DrML*!31AAs`wCXhDKNB=@?G)7B&EGvxBuF1bMu$J(;FprHrBGhL`eqN5xmj zhw$?vWz?u}F+DYVx>8rt3bN*>l^^%-+Tdv84#fWEDy5rnTCDJVi5~%SM#<8%GYi#iv_QZ(x5+HYIZ;6## zc{6XGnE`6n)SD)&HEmT8vzwSWyN;*~ zdMr}r6J@kREC9P4%{HWQX67D7v}%|LfqsaYNJm~9huS<;9pRUn$s*=ctJXH~wQa4{ zy6jr|W0^o|d)o3ypa?`W`!kwTiR}cs2H9`J40SS6A4xH0Oz`Eh^gHHH=tGs6EMdF$ zu=sl!;*gz@Wo~%Xs6n4b4}y?aOzSZDAbv?p-x%&jtYc4{5|@J>yXcOkrzA{+3s?i) zT3Ka%SR*6qo~r7 zI!I2Kv@)s}C^jSP&0X8k6==6eUd>a@Cd-G6mDPL|3-*mI7U>$VkxgvFgvis8=!G*% zWN6FODtVWTBhzjhEJj`mIkBC%rjXkZ#>Xg4X2>K`C3+EOp?5j1tXUS} zx%`R@QglcCvd>M2RSq}mE(|l*SFATSR9=|bA<>0zrl&-EjAJjfmpEq*OVFl? z&L#+_f5+s{t(?jEbnSPSxV5Sp(c>JObx_QzYm=VQ1P;Y07%j7%|9KsuYa2&A7E zb!Uh3WbsDZj$U@guq(r|80OfNF3!b>b5Lb@Ia%K(QYS;ZVawa1}HA4(3I?G}cV+(yvKy-`$=vsKSerU!Sxt?pvQY_W-z7C2a^#=8* zDTp-`63&c3otqs9P2OM=cXqHyq#cp#GsvC*nAy~$))c0`>_> zm#360JNtxOmvHRt0SUtmFa|)}- z*qvHygu8^LJGM8sGFy{~YqAKZQqCk9H>c=L zW4AhnU|U0xh{;mnPZDv{Phw6xLLAh(HrIk}2IBD!$3RR}q-caeyCiXbd*a&0S>o%W z8jNU*g&g-V^h?Wzk$95Uv}@*?)m*vX)PS@$?{JJNS#~Nph74KZ&zkQpEl(rLX4e8Y zcSUj}TGPt}7I|jcSVE!dkj=J&;V*4|M>&Df8H|Q$k&!ujaz0aT++D0C!k6mqk;MA2 z8lW137&nbBc9F)D6mqlY$6?-@odt74FjLxVh_D>46^TNSLz-$PNkUkViGTVOBu1MOh=2nb=y{8*Rk|4%=^mjZkCy}r!LsFp`n%oZq1#j8f#Pb zH0N^~2rT-T=1gQGH8B`%TfiiW3)N^t-AuzaSwh=idemF&=y4>h-mM~2EErg9YIfIJ zq;|A#Fmh!zL6{vO*JX1coRl~jr(R`B&2 zXx>CM$ro~^a<^^2T#-|6FW4n&gWbf;mU}t+#Wad)Opm`60Znx)Nm()=q1z7aoVJwO z*&-<>jv+G`y{ASERti}48h%J#wIy~c!-Z~Ljn6ow^Ph>?OuD7#M!Ezj8j?#U=J_UT zWG9-&)n#%-lgkkt;l^h=YE#A@tI@~YUwy{4-qpIGda>t=i67c#5u43vc5ibtT|;{2 znjDUjQ=R0AOsK!C=(n<~w9y)*gA{Y=VryX^Ppv&-zDB+&^u{D|zJN$exAScN?+_8n z)gXELQC?Ywj2>x>XekwUqo|~HZw1UnGaQX}nk=g7)VyU*GlMT$FHz7*8M^FxtVUKf z%aNx!!v88&pcVfhqtW?j5Nf|v*BUdAg6$vV!%*57E(n=a3dU@Zlj8VHr$*eQLD}?} z)6?AUPYmdok&k$-V)}=qp1?57s%7F(p_+4xE?`5ld%dqKSq@wZ=_KE5d}VvGUm{NzQW(W4FH2jZiWv z(9DGK&=|6MeSS2P+uiFSd+YJ#M-oJI5gz zX`ZHMLklvqegL}1heYCEN8l|o-^r{N(6PvGL;7XA(h@?WYHBgQp zc5;~M01T(DyY!a)WfPWI)UrKxW9&KwB1mP_oV0U-ei=DM(sU--mGN5XmvP)&R8^P} zg?xi|s<)*`5d>;mJHDj!yC|9NPpJyzfw2mlX(2Ku=CkaFj@%sHmN3FdCodCy+O_Ea zJ!)5C#tvz+f6(8ryOCA&m6(5g`2W=iYnI|ANHcLENLMpWBOE0RrfY=NcfK5pX$L>q zu)fylmCdq^4<94OPF8s`ozV1=IfE)onRI(=;)+cyF=}PT5lr2jt)r|`rS3MhW>5_t zIip5fYm)mM;}9?WQt(Z;F~Q_SG$;iPl^a%(eC@IVw5vxwtn1E|`LMWPK#98?BPtxN z(j;Vc3t2@75qmAnk|5-o4%byixKbe4cqc9OsqIkBjcQdjBh?KuX+64edzBf*FpG=U zc9^9`QJraCBB^$XQM_|T4tDzQF?$ZvYkzOCSn(~2*DAhC@q>yVSNy!<6N+C}{APjo zztHE|=)%u_?)<;;c^f~6$N$ORpQgAp3+wfMn_|D>BZ_+zhYGx3{b%ccHvU}QXFqrT zkAK1P9B$G3_bT3>g+JH(qyK7oXDALT)+@fX!287CEH4`$QTN%;o&Wb7x6YjFHEDvy zEsA$5uAgY14=6sU__$);4UW#5zrk!viQSO*JsTjo_ei&N8l}28)+?+x>dhlg=iOl} z7zR*fFO5lFNeeYrGiI2T{SsOMW@E7u*P-YIzveOmX8H=nTd9kzpA1O#rgJ^U&6;RX za;h@V;84T1X!!EbcF#l}T-Dvd;@gg%EsBr>_Fkqu*s%+?+C&&OH@9qeZg$Z6 zZKI=|oVPEmLnc_8b3P+Bu{Eivh@#$3k|{sTL3Yg&YlINK)Eb<~#yigO(oO)G-qI=& zoRsBWHViapnCcdnPV99r9~xRR{9|^p#%tFt-Dfs>;8oDjl#@Y&1VZMqio#?vtrj}< z1Dd8A8`7A=G;$I^8JAWO?Glw+I87)?T$Yte}hji=qB9!r;wA#^ebb+s=M&a8k=wSm=%_o zNp6|N#S-PvRaeToGxJn~_s#^6{L9|N#thExGC8jU1tP$xK`);GAW@s!TG<)O$d)WA zwg;8TF9y}RFr?ewYI>!`v~$Xo?4oh#25u&KGL$N&Veo_CjhkRF*~q;b_tFMMq}y7h z6OL1tBhi##y+CGk>4RN@L(c=HO1?NKT`~$|EI8TiHs}(w2_}g?$*WwsdebE}Yu0V5 zuCHBRQ@^Qh?WR?0*Iq0Y+flC@x1{}2&wFN)=lMtP%k1U%==gn^-GayM%Z!3!ptr&E znkMYa_~6*YeVGa{F==0>3G4^^!69%EteCtnGYqD|QE+$){LAovCVatD;0wMUJ~%K7 zKIoOe2m4Ql4-S{Z2S*mbzntf1?aP#b!{91#4BQ4L&nCX$5O_D(f9}4_qw;+DzRW%_ zy<%Tx!baj%0UsQwgbxl~urHGa`>Xb42IP75zRVDquGyCv0h?Cs%Zz~)wfizfZz4U` z?#m=V|B`)~B-m6B9~`(0zThU(Po8hymw5{8Zz0}S@H|Dh;NVtxU~)S=FbxiX{tm(g zi@FFG9J_{a!Tx^2eKX(x4#EY!8{vb)U>Y2F7kn`NKKS6!hvCcpr{RNR_rl*qJ`KSK zNA8CYCjSFII0O#J`$yq}P2YnL4ufN${{#3<#N%i1!SpZTgM+_?4<-)62S@)5AME$` zXGR2%-k%u*hsW*D_|1IRl>M0saB$lGOcR(qd4HxK94*Z8 z7vO`#;Di+JzX%_!_!4|@_&?x-17F*p832dCA+YFS(hcl?jC2EszqdbAv<3fvyg!ow z2Y#|YlLW`c_GkLQk>Bsn>;Z@Wus^dG^q(hOaP$Sj-AeplBwWxxM7ZGSF$Xf+$Kl>5cH)z)kSM;THJd7`P3r*a2U#6FxWyJ}U3QePDkt{3{9n8u(!HTKM4b4e-IC zcfbezo8W^*yWxWga37ciCv3+bunZi07ksed7WiNq+%3<+yTRdi!w1K}eW3py`0b?M zd*Oo>?}HDf2jGK4;BIgfyc;ZfKYXz1R`~KBoUnuUU>WFr06y3RZUYm0;Dh~lzz2uG zN9FmQ@WH0L;CGO}U>R8PQTT!%gAX4Zge|hA;T=fy@iwz&8$LW~7PtBL^~zz>#ks$ZPBv&5dKc$w+cR3R1075V)$TsHGD9+20l0lJ|)lV;DZ%w;r9_ga1oeH!UspdKEZnU zV4?v&m|h1Tthf|DICvTSUAWr_9~`>^J~-SAAM`fE2P?q6f-UgDL@RvIPr-jHJa7>> zvIRbvXoC+9fqUfsO88(C_!KzM0Uu0v!oQk$fQ!K4UihGQ6?`xO?g2-3!k6cL@a6f{ z@WBCa#x;ZwE&`L+!3Wb|A2{3(U!LCr9~=Rn0>|DB9~^uS{A>A+_rnL9J^&x|Zi6rP z;2yyb!UxkIf)7^gfe(7O!@rJj?t%{%eH1=82=;+vABPWCd`X2U+}?Ea4%T#Q}|#K zd;uH;XS{=S{~3I+3EUv}KZg$v{|Y|n|2KSj|7-Z5_cVNP>>2p)(STLH~64 zf@Sc*Ch#e+XfAv(3C_3)|G`Dz@Iv^YcNTmw0qz0E&V~>A=fDS>z!$*bbK&pCzw_XO z!;9d9gG=Cp-U|3&65IN`-W#S!(cx+3J!qYEyS-8KG?JlJ~#?C zfko@#%lk{=gGq20OoO9f{|5N)CLW*<7F`A(OkWNk90vQrQE(7UY=jRc!BKD!^xlIz z&<6+K1Rw0b0zQ~{GkkCe90Z3q!3Ud~;Di03_g?Os;e!KU1vm;efkm6)%lj7i;7BWc za3BRA9Nq%|eYoES9~`_AKIm)?aQ8{mV98{vb);Hcd1hW`Q5@n-noAXotoflXlg7Wkn5Zunrud*Fj( z?}ZO02jJgEJZ^;#4uBP4#clAxq7T9ceQ*#Q`4D{2`!Ia4;v?`sNcf-+4uKV5;tu%W z=$-JvqPyUOJ~%Az!BKDo^gcv9J_;Wk1S`N%uu1Me1|ReX;e+1C;mdPyRGxnV{)dS- z=!1z*!k7C`!3T%Iez57&@WKAiz?b_6;e$mF!QVqVfj&6+pYXxqZ@~u>kHQE0zXKmk zJ^^3ue+nOL`ZfHI;O>9ngWhl8gTudt4;Jl%4>mmmAM~Gv4|;!q4<`Ns|91R+2|ify zGJLTA5PY!6JDBO0`=btK2EnFd4`znJkx2(Lqu}u5gBkA*^7Dj)86T`T>0qV;9D2>c zOcUr$hYt?SIG7m%N8flbGa~mT2Qy>x{; zd%!_(ue_gkF!L1H1ik>$5YEiFi|+y#ffe8eaQNJVnLaRm9(-^R+zXC?Pl02L;Dh~3 z;D40xmcs`}!3|*13i#k4xJT|Q;DbZpQ{d=@@WK97@IS`;iwDxm)hRN5Ot@A2^acn3*t$e+>sSWne`kd~g8V1`dO}<^6j2VDeJ!v~9Yz?bLXqjKK?AM6Jwd2OspVhYu#e37^5A z8_0Li-%Y-QgYP5X!GRBu@ACXE@*N!d82K*mKS93B{in$H&+cL0_~6jf z@WF~_;Dck}jC)C^gYdzMXW@fmzlRTw{s}&q{0n@!e*wPS{}n#yy$Jtb`2LsSgM)|A z7hq!CvzdOuW1h|24K_`DHuI?9NzZ2XfyviAo0;%=?qBz8rVR96|7>Ozm;kqdVq;H{{q+w zUoZt99N7XN^tQqWhql272ixF-=_}#OJvd>A^aabn^mh2*7`P4W-vJ*S=ztFws&t=l`e8O{?0eL>{xy%qa zdLn$V|0MYG{x$Hw0=^bL*ncv7!5Q$u#7y|0e+qngJ_|lr;ll@$#qj@w@J@vfCQ9Ig zO{c*ZoDClwI2}GXd?tL*n*$#l1dG1P{XF=fKOa6gn1C<$XTb-P=fDRO=fRiz#qhy_ zCGfvSyq3ZTE0)0rN5Ql_Uk)E^S^;04gCk&31$=p53I9RvtKfq})$qYFFbyVa;DZAz z;e$o1;DZ(57&rzNJ%qot@WG~w;e!KU8ceK)5Bh81gGq2ip4Y(#(_qms@7KZyi<0oc zB$x*K!2vLR34Cw}904op;e&|=_z!d62p=2(li<)g_~7Vz_+a8v_~0-&0wy=W2a7I) z|8;m^0`xD34_1I_a2Onr`!~Ut_gBCN)8H65@Miemz+DS`u%Z<{*pz|~4uS*n9vlL_ z?eM_?a7^yo;r}Q8feCN~OoILn_+S$_AkV=eaI6D9SkVO^90rTN$#-_c7wmx#_V>aE zy*~JIe=U44`8N21Z-)<#+yws-!oL|lIQl;La{mGN;K*(8!NiB)gGGDbgJa;By#EON zZ;{@&!w38Cf)5UU6h2t=G5GR+5I*RA5+>+!+#Wa_rM1Sz$Do8Irw1zz3}Dz z=i!4R_rV9pz5pNe{uTbWi8q)4oBj5z z!3T?m;e*MC;e-Bv!UxmegfH*E1z+yJ4IdnM4E}eB*LUE9!;ixk{62iaC*XtL58#7E zKY|Yq{TF<&>1Xi2OZdNl5Bj6vfg`_x52k+$A1wME{Kv_k{qVtI zFe&#>!1pj-ar#F^KfFnnZWs+dgxUozc95`kyGXQ$y z$1+3U@Px60J175B7oSMexC*#qhzQrSQRl74X5~3*i5N zbX^G_EV>9j=&yk<_m{v22O8jm{p;Ziz8O9^wi*5p@n;KsuxT57aHs=5INAkYo?itY z9PWb;`q#k+6W7E45$|t;4|==dgQM?<4;I}9U*6vVAM`&4A509w2mAjY#?A-4k!gY3 z*|t_u1VvEX-%%qc<1eW}p*FQ%dx?UhJ`5k%aPLr43 zAP@b^$ivuj@-VQH{15bRj6963CJ+77mWU?k$Xg=XCG(evZn+-z!x$Wc!Ga~Cq@Q}$ zUm_}C#J)t-Km#^Ge<^tw*p@tWY)4*tI0o$w@;|~I$V1nTW-K$n8!ZI`$wBqp%5j%gICg4DyoyAP<9Z3>tfq|C#aKi#&AABoA%-l9$T| zl85nw$itYMJPghv4}FJ{AE2Hp@-TJ;dFVQ7i3mV<^%4<+_Ss8B6h=>6BI3|?>Jnl5 z5ABBz=stakaKpeEON39ZKa;#%K8rkzpHE({zkoc9)|3B*dM+jpW6%x#4dmtWW#lFO zbJe5B=AZhrwp@Fa|@=aRYhjVI0PxEe>xd4~;v>%jLVs zLq{8VXupR%jKHYm{p4XB+Wt#!9(m}0kUaE0NghU?A`flz$wT`yv&N zBtHn>A`ku04Q=m`hu(L|Lst)Zx&90Cay^Vg_m|}V!1s}t{E9pbeoY?67m|m*e)4kt zPvoIJP9D0FOGM$Hye_>&IAP3KB0Mm%WQnMUp`}YiEA%c~BEm4Re2M6V(G^QX0=id{ zU(9;wgt0O5(6@>_bWD(!TumMtuot=ndASS=6ZC8SrNRmAMN5T8E^o9{)Jtx>RJ6kA zrb|T_dN*4tdL@gOiUjm;zEl(rQO*|RVPs44FjPVw`nDzyV=ye2OUc9dcI4&y?a2>Q z{*L5ftc*Mi>`WdSyO5X5yOM_?Cwb`FgFFnv!X)LElZT-h@^Zb4JTzb!y8cNX z`e6b_VPT4X?nNGYp+|CW@-PBhp?xNK=zzV@whwt2gN14QzT}|~dZ2$l@-SXO9!B>k z4{ZmMhwe)9(!;_G{vh(ubtrks!^uPMk>p|I81m449C_$Fg*|8Loe)yemDjruw*6ehZWFvBYEh6P0$6~p&NEXFYJdtI0pT&WQ_K}3K)VlFbbPs z47S5K?1sUc$U}R8Jha_ReieCG0o}KdhX!nd-WKw58Fs_yZR90yClB3skRPYLt>j?< z)_Ic!?@c?_Ym&?$WPi`4`7#SrG?JLMb+e(g`(vNZ6gvM%)o097;6A9=pTqX(& zsAuzK!U=6#E)yPTze2?bwq%jJU|dz~1DcV;}M`2*Yyye&nICKY6+SK=SKOv&Eqk`YOrG zWmpdb2a$)igUQ1n?3K%hkeAD_u#japdFX>47=rcCekgh9hhe!~MIO3g0>)wCdgPBM z4@1xc-Cpw0fUVGf0(lspO&WNW1PJ4_$M~%Vk&(BX^O9zPriG<@?D)|2*Hq2+}ga-6L#{%-u3tM3ThG7Ku!Z=Jo`zPc} zsUJF_A9`R2*25TVg|<)0Ll^9YKA3<(Shy|qLnkz#2Rc3@552Gz24EOQU@wfr1hn^( z-;VmB6Z)YChG0F6!B%MdoIG^FUg(1f7=(q}Q$KV<1A3t23-ZtlTVVi(VFdQVI7~qM zm*gGP51r5tJun38VGOoHTOWDog1yiO6EFx1cc6agga-6L$5-T`7q-Fx48sWQg>jgG z_OHqBNd3?W{m=tLupY)>E3_>n4_&Yq`d|VEVc|~H51r6}9_WaXhhEqU127CDuouQ* z0@}YJUq=1V3H{ImL$DskU@NqJOCGvlFZ96#48p>lsUJF_0X@+F9eEgntuO||(6)#? zbioAl!NOfA2RdOCdY}R8q2qh<&48c|ygJEd< zfjo4<1oXi|C-p-oj6x4IU_Es7lZRdyh5^_MBQOEuuy8l(|B*a&Lk|qWdKmnPJdDCH zwEs*Vx?w`DhlRV-o&oaE2R$$d>tPhOLIZ}O<3Hq~7bai;7VbfNpcA@(ArJkq9)@5m zjKMGr{7N21U;@TrVL7jhlZP?rfwupWhd$T}<1h^EzmbP-n1Fs*IDt~wekFMr86yvatH?v|1o?mB zp%aE|%Y_HVrY#qK=*?R$f-tzwauJd1H&`xWFtp)vVL;o)%Y}U}`U_pqfL`delZSy# z$V1y^mc^KN3JdAHg9!9q(FV{QB!^jTgp?_!cFt`W#nbcQK z9{OgGhqgV*!;p)-T)!827=I$_Ka)Ik??)a6E678~{^X@UfV^B^Nglcn zA`e5yli!zq&LI!uCzFScTJkUkgV1{>dFVQeJdF6r!{FKE_k(rhp{t%e3_(8(Ttprk zFal$jkcaNe$ivW8-BNLmqnXB@biwk%z%~9wHCj zo#bJxi#)WwMIL(JCNKR51@z=$6Zq%SAtQ{BOA!gVFpIqU0ca!3t3UL(^A?8fdJ$LNr0wdMiXbjKOXg-*AQK zhwhD5h%p$jlRuc(Z9^VL0)nP^3bs(c^KGrW*Q?WdE64%h^vuwAaNB@ex@ANtN9FFh=o#riYJ zL${AS44p?F#?L1YgBOs8kqgN~$7ST9_e%1I;;$tSjqAxvHj|g@Zz2zU0rD^k`=R}2 z@-P5P4&!yO0>)ttblpN824K5f54)lJR`M_e$6&C9d=>q_eT8sC+uRkx2V*b*qj#?m zA!z^C3egMwFaeEwSBS#HDfhk=!UY2ltPozwho~3YAEsUydxU!B`p2jj2H_aAg{b!k z%72n}L)-JTTk>V{(9uI4y53tMqA>9O3K5sScZIMW$vDPV2nURRL%U(%TiOj>KhSRI z{h4+{Ka4_SfIRg5Lf%6;zmkVu=!TBp$iol}z$gq!4w8p)7>CB6bbLj6o0dWyr%2Y=w4%JPg2I7=sDuUPAsD z`URcPHBMeG!+IEkt&$Vup?#7(j0y6Rww0o=nsTSD6i(tcQVJ$V1nzZL&q%g&~^lQ7=vLLJ(4^$JmjJGX!6I?Kj?%8^g#D9UF1M10u{+7np`N+qp$mGT57tZGMIL(F$V1~k@^blp^3p#*{v_5vL>@XG zCJ)_@kcWQQ3ZpPA{iEcetAjjrKSus!@=ub7{%6R;$aCaj=y~#T`9<>3@e+CHf0?}W zu<#VdKSCbHUL_ABuaSrGF7k5y8|0zwP4X}Z6EO4^`5HWQ!r;f`VHDQGz-Q!P1cv2$ z*b5DqfR0}Br!pSU38SBrhq157!@xrFFapCc4trtrTk_EUJ^9nf_mhXQpUF!OkcYNk z$U}deJdFI8JPiIx9tINRPsb0FhxX)3;e~GKhqly8p4X?|^h%!BC!bl#^ZIPJr7L+} zpL$lTLc0{$nBlUG6avg7L$~L=^fC9}{sHgEk-K zA3Y`<(00t2a6=dL!T53Hq5XLBl3wyK2IDYv0{OGyiR58)4tdFw$iw(4(^3Zh!dASS&(10Q6yOKPN!8mj`l0T0;bU*{Tq3bI0 z&<_JJ4nxp!HF@ZRap<~+{Q0z_i9B>eH;h9c^j%9H8ZZPM*O7-27>Dlb$zOnn4j2rO zm&>=2hrZj%L;D@%p}Up5Tz@Bd=$K2so_^j>9!8-X8V`_%kq61cI1EAiL*!xX5%SRe zDESL{9dtkgx}oDS@-X-~dAa@x^3eYzc^HCm7=yNpDCcSNFaq7sKc74dK0_XcUtP6bKO_%>ACZUtkI7%k`UT{n{}b{s z`YCzn>m?6kpOc5i7vy35EAlY-HTlb^Cqo{(4f4>wj6C#?l84ddt7>6O~+J-!g!Z>tnOa4l7 z&;g^+4P)DrhqfKaL*I_%p#h`P??PVs-N`pHj?e+Udyt25=!5=p^3XSfJhc6jJdDCP zH1;EZ7451Z52ID&B-_$zO+u4(Psx zyj+Gp=)ILZjKdK0wUCFl+sMNJv|Z2g?c|{!x?v3Zpz99uFakr+(MleMU|cTWNxqq7 z=zxy73vmQEO zWP@?xf$rjQQ7@Nw9T%-IG-F(Zq3@sLq8Hls9Ty20-)~$L-a-8pb1`Y4HFraVt zxUk>J>rNgQF6cOoyj-p)4~>h-!@#BF<@(FXOI|@92BCc}{kW1mbX-Rs`sR{{fgpKk zzn8q^!{nhK8qn84{x0&+1-*}xhrTDsL)%m2q2n3y(Df{N$>+$!$P47#$aRj33g~)i zT-3n$YvZB``d%Lw?a=ndxafv4*e}IFv;NC*p4Vr4^^Nnq zKI8e-IM3_T?r+9-;}&uUrHXj zw$9<@((wL;?nPpAd!jQ|=xU z!U>J?3E`2PK_2?{Bo9L_@-Vg!dFl5hFMS31d9>qT@-TJ?d1!N!hrU_lVH}2~Ka{*& zUqv3ejwJs8uRn!6bkvZS%a@UduFJ_o_m$*f5cW#nNM8D@CWQS#%7-o(XqpgS=)HDA z_@V9k2@#YYMqu!U2@!+7J14{#49%SoB@f~6nh+I|Z4;sfhVGdVO>+6Z3DFL1?GvIK z24FvQJxm@NkC1PteNU5zfoI9XXqY^-zeHZHe~rB48|0zyP4X}fOCF}aZt~E0n>=*C zLmt}SB@g|u8^(LcL!*y8j4dSp2<=-$9tL0ybp1eHuK$s|T#l26j^D{c?;v>?{geEo zl((2XbZ5xJ2yB9m5$2s-zl3=Qqsy3g(6^j<*Fn3X1KL(F@1T2vc?+X3Aea9~9>()0 zMHB|sofL5x*>qCa9%FlKJ}De9w&kR7!{|1X!Uyf8lOh1UJ5Gua^p%l^ekXYt+k^b$ zlwV06x(*@_W6%fVZt`+@7I|ntoIG^HIE)@e{t4P~40&ifo;(bB$;!z<971UaR+%Adw@K&x08qN4)T(ZlZT-v$wTi`kCA_l{(nba@_X_y@^A9c-cKHeU>F8|A`iVk zlZXBR@?qNh3wg<3$xFt`!{Be^Vd!`A(ElfSxqdNu7)y|Up6xe89>#{rLsyc#T!yVM zkRmVFr^!QGhP+%qLjDEHT|yp)pa;faJ#;N4592T_mzR-;KA3>^<>X(4E677X^uQRb zhpv_6p<@+!7=^vim>>^htI2mVUV=Qd+g1w?^yRM>_0X}-YS9Y4Fbw_ct>(FX+6fad z1`A)JeMPHzZlC;yP-Q=OWiadrUq5TN*FapES?IAChk0B4^ zu&@hy$wSv1^3Z^O=s10~2*MbQ$n|He7BT3$Xtgk)&A(dM-(b8iUoBkFcjao~g^sJp z%jIjxOE!^*p=R>XdlPx+2#|jh-cBCc?jR41R`SqwCwUl!5xG2fwHSkLXn%{>^G|X1 zzkKiRb+c{Ln(WiIDO$HMIBi|KTwlt+-d7fj-PgQE;;&!NSJvR<>wPaQ7Lfw}XCwO& z8f>}#sv80BsxSIpYTetX_w8%{rpir4r$n82TF_IYP! zUm)vf;opkLVsW$V!rFX(^ECMa>F4ur_|?VYK&brHx$+mVx)<*;`@F+c`Gc$huNQ>%U9uB@ki$K0@eOQ^W`gK`|I%CZ!8vPtZ(); z>#y}K_^}Tb3m)OfwRx$>8*@mV0t|7fweSgZehRsSHq@KbAFkY}^i ze7;y*tK}P2z6{^px0rk4&GjFsd=%2cM7JJJTYs%6h4YSQ}d@P zUnKkY(_-+&h}Go=W4v~_r+p!EpJ!(2I&VEi%+%s zKUDR%;q8Ac7Kds1gR^-#j-7b-pNqwIW-rIFIQtS=YId9!@w$q|*7c0y6Zmz_<>cq7 zb`}?~Jrj$?e`JAc`XL_-C zaJo5v@AS3#dHC=$_IIs)`>OVJ;d@6Hi%QM!r~D#(V)tx#~n=SiMijVP~<#Jx-`uSP5pJlA7#0S>lJIBrKklSO6-1d;KtK)S|(-R`k zT+VT~PH$W1o`Qc-t9-S5T^p~H-+^xb>({N8uaoWS;&mRr3;kubW3FA#tNn2izJEj7 zg;xIbsjkWV=o&BIdMTejUyWZe+ogVEzT2E}%K6_5WC=1q6JJrB5Wi~2v!B%QYz}^G zyM(w~YhSBsU!yF4$AmaWEB^>p{ycp9E(x)t*1m03`?~PqT@&I>+M?Q*_iDC-vVDv2 z9%n*)XdcJ>9yLEl@ngFu#J7xt%IANT-S{$J%)IG#CB%N(@ocX`)qi|{1>eQKp*jEh zhHL#CeA5vLaV_=a%5PNjyHVz=6Jjr||1)y^$B%gvqC?9+r1D*|{8JL5Ny}fU@{45o zrzgaTRIlpKJ5G(yD88gNA)1R!KL47cwe2sa-%a%iv9ngcL)AYM-+F06oUWCBvMPTL zz8617Yv1vzeU13SD-+@rsM?o5TaE8L)_bl`h#_tJ4XW+eg)g}=A!cZKr^+v4z4P{j zn5(t_Hr4)7e0v+;DZie%{ukF%{b#-N!Gw51^N%P$ll9>z5@JG|pDVKSvz#L5;9H+e zh<}>B_ttgWrr$la$CqYbDn~E7Keh1s_NNl!P;GxYNbOJa@x7f1(W327H>v$;0ltFo z;D1gV@2Avw56XNO`=d5rTeI`Ej5ZWdZ^cIm@uzIi+T%UPvAluoCY5Wm?JSq=`#2$v z*7lpj)qcZoqh!D9|6kg6o2#~413vUcLOiAU$CPiA`LFn`2F+iud?!A*Fd<%ts-5{S zt8wa+`JWQv18rWsqvk~lANwt#pFi`rQpc5|4e-D7+XUJ;C)GHY<3o!R;$t}=YsV?? zeKqf^@!mv29K`;me13&`f6##Uk0dPLhqmDZ`2T6!X_Y#zbmD!h6Cz`tSNTJ#{e5_s z;JBpK|GKI_g^x`i62;p1Zmh<)h~q)5a7etX_5aOW|MC8!Au*vHH&&?QMm6ibTMdbK zwDR9jpwoQ>yYS@e~7Hz zKKZX~w06Hv;T`)9iMO=+UsLrLG49a=hQuS<_&uP;uN?0_bV!_|&95`m{Hn$W`K^dU z%=6>AseMSER~qmU{GQtQ?5@VAP1avMBo5X5LCSaHjpK&IRa*P}>U~Wg-h1+p=rfPc z(YF@dlb`?I+9Qr^$0)BGJ7q|0Yi?&vuARkwed-=^0ZToJcwr`vC_Ya9pwQ=82jeDo`4-Sbpwe#Am z>b%y6_dhly_R_|6h8outJ~;nx_J2G6*&$J&ZC4&`UGu)L94~)^Bq%$)cK^z|OO0nW z-oSGyC+G7!)&AKa%jY*sTDAPGD&K~;y*4D;wDG$`jbA6;|K^bRNZbG3Q|;@+J3e50 z?P0F}xINakKZW-V4~hS2?OUbVSF{QHcM7kK|0*^9<#-3bk#e)v{$|zwYJ3pCSS$ZG zRel5B$8W00zrWP@<&UWH+hqMKhQx7N|BuS`AMYO@61$q~KPOv#cK-F@1NbU!`yHb8 z%M?D6KP*;i?OUqaSF|bZUuRgHWG+9?tNK@tkKvEj{Nc)1<89N2h5S1v*S|Z|@w)-< z-(Xn0pv~WB)ckFe`Avt#W?K6;Qtj)MezRdwr{&L5`98dt-vFy_Ek~ z$31zx>Xe?}%;BS=T>tXh)%f(`W7`jl8RqiqbLFS-alAZ+s_{81=Zm-)Xy7;1%HL3x zUoO34SnOcV*XHuo@?zo+*5x1g-i2$DBmaRFB=v! z&F#A^*S-|qfw$U!iZqk{mudNo$~WMn zGl#`STKm>h?Q6qF_8AsJJ3fu8<5MR-STQX4s3_O}{IJUR;T;DIixW7{sr@^@+AbR) z$1jEV9X%}OXxsnz-1aYF{Erszv=x@-qfLzS5Cbjs^#@@ zUe8BMruMv`+S`oxpExYe*ZO<5>Td@=deX4?NNdk~s=Ylj&u@cSoo@&5ZhkZD2(A2C zs{BcrKZEg*4OZ`Gj#t~Ol=qhr{PkM>SF8Ff@%FPho@nLosLHR!JI)=p{Clk#Z`2Ko zZ?*crQuTMp`p+8{r)cNX+3I}SBl8yxi#@dQ-9?S>0N&OxEOs-OUzaUDJ0B+Tc03;) z=lY-jq{^3W&3w3o_Y3BH-cr@RN_^nbVezH*e)CiHezO+ux_Vel=kE| zZTlUdwqNNs%%2B`#TDj!-X*#I<3so(G(SuET6_$DqULkg;hORGhla&*+V~%(#=k?> z&u_Y2rRDvq{2p09eo&jAzpD8;fcNv;Zovx zZJz)qkL>zXvaWJJ9O=+yFj?|3T~Dx2k`Wvi`ndu~740C|}AO zdG}YmU()J7Le*c1m%mkbu;%wyz7`)`_56RQ3JS^sxzAFX}ID?f>kEwVoUlsd?NKP;-u_1~1OKD+-^;-h%0_SNG3 z{~i`Gb3X4&)&6F@;|J^gvjgwOf1%|+QTZOcfxkxcS13P#_x4+l&m`XUllA^px&!UU zS7_tAx7vRz@j-rr@(XQzKT+dbi+BHGeSB%g2l$Q3J+$(7QRR2Y@_!o^TWWq&<$I(b z92Q?``+sk4|Cjai+n0Np$7kyFHFf;M`|xhFzdpBpOLwGwc&qobm3ZIK@Lyg(lgF1@ zyldFnH{)$dek0Uef8NJx`*q+W_#ZXDNckSTKQ$~)&*KGa-@oObtj1?R<}<_MIxT;d z%1`3$Bg5hb%{M7ux)bH&t&T61_yB%4?eDEJ_4igSKDcaH{Gyfrqbk1{?;YjuC9}Uc ztFzmu1MkCcqn%&2Q0JE(>Bon~KIZ(?+k_+qVaAOiNl`j~Q6wkJIMIQEGln z;vEG^anJhZ_TQ;KPb%dP;owF|ak+VX^QPWl%K2T1H}KnQarNSw8+O%}-sB%AWu6QT&+Zm#KW| zE}Vb2Oo~FSfBC9^mH1#uQhciU50$UQySGjXd23v5e!Zf6Gd{izUYkF!sQJ@@5Aa*L zUaft{sP^^XBlx>D->Uoo-r-1!Dy{rORQZ#5?@mc!H9tz(@dG<2#m-v$9jg76_~0%{ zv6r@eW~l8`i;wV|zVB-JH&wnF@7+BqzSi3RxoUq0-nK_lY@?OGg(|;C`WZ=amDWGM z>fZp~=Sqr%R{rm*{7Jm)pGk3w*1p-QeWgzJ&%Ki3>FE@pjt`Hk<4+~twtrGA)bd}b zd@Vk5KvL9e{#@moWuD(E-n776{)X!K*&)3d;j~|t^yq?`5^T#ADKQHRR$MBYa|Kkn(Kg{jB zFx$MT_dj@BHOGH#|G87`Kc#$*j#SYs1DOK~Q10Ux%$v4!FkA>>^*dz0okmqx~T>Yh+$N|nC|74!u7H`px-#4k_ z_axqXTT(nxWX?aL?&m0F$BFS<<2CD;{fX-OV9&CgQ)Fmb)a`Ny0$eO_6KcjFH> zd(-u`TD%Xh-9M3koGQN=A9^_{Jm$RVzWok-3~zOxYL6_R-<Hyo=wsKg^uJF*m-oc;DanW?4S|Hf{U^ zYJ58Iws-jZK=X~t_sH_!wLX3i;Qe^3`8z4=$6u(8U!5AiQiAdKtmki~Eckui|7*vW z53|P?{OzQYUl~4(mxp=PzQc0cxeDKo-`MPr z&iOigE55<(^Da>BYr*&9Pcn~FzE^GM`S_AAlA=k=U#ap7@J;w#%>L|L{e!Z8{2ykY z7gzZLJ}|HOGAWMIe3kNL_*OiZ3v>N9-PcgH#uu2|pC?ql4&T(56r65z`Kj(tZGV}^ zpJDcSQ#Yi^@t=?H#ams+T!1h9+WPOrL3{;%TXXrQ``rq-fFiwR|MB&BtNB^A#(T}> z=jHxRt;4tfO}=G~x4KR}A78UDX?Y!c0lp-b6fbJ^KdZ)n5Ff_hsQIY_wH)7qeHp)R zlA_4G{qomU^REm)hJQrMKcLF5!Z&?uJ-&5oyw(2Mg0J|Fzq8Hdo9;W9kN4oM-Uly` z<^N575Z{Wg()xFZ>R$mT=Hae?N~QN9dc`0u3XF}E-8tz7@{VZ2kz@1*i|viu*C zmiOJZNdIF}@CagV|Hyw?<>%vTeok6`4zvK@j(=Y}j=!yrotF_@>O`xuN>z!|1ah1@V$7e&zV~Ah4G~2b=dj%di*h3`A4Yo7vS6R z$7%j3rh zq&Q96{wL+Ozs`v5K9sPYT&g@gQ^s`=dWm4o;i{Pmi@TICCP1KN#0#OzJ?Etlc@ z|HfD0$M9Eb?Y~sDzYbsXXHwj+&Ch$({A`isCz4__bNy2vlTV%h*Z4cl-t>It0=#D^ zDYnwy=M}5>d4tlYlHv;OeflNpeR{!xjIWUtKWXjzUbU|bU%xDA`Fv;?;-!b+2_5jw(lT5fq!1}^OY~C zWd9#a^4m+iK>Z!NnQDKT^sADV_wiKW3n#4K=hxvqlS%#gxBTqmY*Xide8vBgme1GD zmw7y2F<@%n)2e+7@ckkw7HIwZK=p4B-)c(<`8HMcZ&p@k>n}Kn{^704FT)q+r7S-O zs=}Ax57f5rzH0l{;VTMKmiHyL;A`+!e`n3d*W+){`rnl6KfZUJl;A5Ya{bGHT=_v+ z{<_xfFW|sckGGm%Wq6sl@>O^b-tzd5@5Kkqm0kP z>m2j(HRUPGMz5$R;0uZ>)CSs z%P(C|^&j6pDr$dsYyYjP{e$?{^HSn`&7ZA& z!C`Fw^HXAx*1v_Se`Wagi`aj)_SdTRSK$+vrNn<3zTEsD$jyIzx1af)XY%>Gs`En& zzW0ihsMg9qQk6d+KXy&Z^8LjEyyx1KI9@CN=xq7&Z|*^S)Aj$?_?Yh7&A&1`6teZ% z{kgb`@n~i~O=pGL-w#&Tjc4KuZ%tV~Z#oCxen(2w$pY8r^QIm&kn^z-pTK{qZI4gY z_LwL0cc#QSTK)_*o?SAJKT_-Oq1pbHky(TQyl=+)9!ptX-|xVCLn+Ja!#(%_ekXJLP3OG}{Qa80NBK&84F6Z(Ga=`BEj}Jji6^xDBiX#%FPrhc=l}or%T8V&eIX^* z)5fzvjb|S|(wP#wX}(PPl+3@Jvb^7*hzs%lSFGnlIX>_=z8W9ITU}>qz(*sTN3{0k zuGhE8@?TGhyR`ATU5$4q-oS(0{$%>Rpbz2bvYrnqybC{~&DUWyUyI}gz&BHtpI4RR z19+?br5Ydn8{dEr;a6+zA5;BnljXma5-T*nMEOppQ&9*TyIJd`dY!_U_;GU*_@M+VS#rb-ZlA2R=wyKHt|SeKckH{7$FzAM!p$ z8=rU7`1Ii&AEm^w*1tbg|5A8kf%W_JA}%m_KS>F@x%{cixY^@vIo^%8-2Q9wdzkZ6 zhm&l+0q-M!jyAq$sQK51k9^ACIhwCfz7rq&EF~^7m!EfDuK##PZ%W*v`5Tl^;e+^u z=6_edsG9bDo)TAT{!-=3@lpKsn$KNFs>VCMus)tP;Qe^3`rGjCFH>Tgx&L{Ss{T&A ztIzs;*|)|Et$pJvpTgU}vd$NAflvBx%=PE@sqrtz$G*1CSFiC_^*7)n3$62QYy4^2 z{5?s{-%h;oO-jgfi+aCtO1691`PH|^Tg}fD-u7)u#I*hMOSOL%aRD{*eaiCt8_MzC z{*?HSmhV^jYP@|Q^_SOi%Bi{m@4(+_9$)kO(5a6$W$&{6>EQK&|D;510V~$Nzsf&F z{oT@okN!6$G1Roe3Jo@Ts#o3!v~{XZ<%e_8&vY4JJ5sO_7#K<&>xcmsce=BM5u%k~f8UE8HC z@86ol2ewa(`^@t(|8CX4Qd#g0X|Ymk-%{1SN_>2$w76ZX|7O*`TD-R`E#B1fuc~}A z-qXlZV*k;~ ze^Hg+Ec5vLG@tw2tpo2pG%e<9{t1=u!N>8>XvepZI=&6y{YRw5e>Fd#{3PCebXuIP z^{-a-uXGOE_n5S3)BGLESK@8QvVUpq%YE)ti}&KKuB$iWEcG&?`aD6<3a zJ|Qi(GS^>y>(qB>6=s`}ohJ);UBzs+gEmiEvhzfiGl&nLoEGEecFOO!GO|M{*JjHp zI*H@KDQWSKby%U!H@m6pFy;7QE#+wEi{qAG4=z;4ixl2>AIDoQze?>-MW?WR?oW$DwEg7(wZD|(eGjI^ z!P}VX&)YJA|;wB`GO2E4Z`ZF#?W8{YLsS}f7pms0KP#M|FYTi#FKhxfge zw!Ggjh4@wZ>L2@tA9w279HCB zc}UHla=h=Ov{* zefS7|g*JY<>jx=(us3b__jS=}_|MappQDxIU0`le_-ViT8cQ`BFPR->r_%efapdX)&VtVdYc!NPk*9rft7=wf%}tr++_l zzSR7H^5uBjFKN-QweLH%{i^ZNU(@0)?f7xKI({_B@_$c@Pqgugs_|*V$MII5V|3!Z zf21ux2kgTK|4fTBwf3E=+Lyw|7V~~pJAd7*&R<2f9RHT2MOy2BBG-SseKak0*7gsF z+CQrCjxoH}e@CwWc-KT)T%v8CdbNGp@Bv#!+^Cg*tt!70A1}y=-L&&dnL5Ap;f)P4 zmfs_u!uvMNSU&GvbO!y~DD#)sYfIT?<@g}}BW--AzFJTEYP{Q?5l?IVe>~TJd~CCf z*j3B#sJ2fVK3<%$e4ersZ)}+ndujO@D&L2U;osqrg1i~46~#5`?${-wsJ93R;)V|kxU zwe%Gk%kR5r!21r&2&Q4KeR)$CaOC`H!-w#dW`9k#d)f12Cq9bj&sI}Dcb{n=-oPJb z_BZD8DZHaHBQ`gCZ_XF_ru?>MZ@N#m{Qu#r{~x|#jep);e%}0S1Ik#}hL6y`Q_bUl zWcK?jkIilbUL(h;i`OL%v7RT3@MHLowe9@A+Rmf+@T`m|*8IlG7oUwkG$TIIj#E)} zoSKQR@npm;TK)!=pM&o`Dr5OvQ6s+an2hE9$n(~CtNT&A@HN#L%k#h@eEYE(vBNY5 zOYH|!Upg$uZxkOsE+a0{&I9%8JWzZN<9ABN^10WU_`*{&qJy$j`FRgzx1%h74!#xt zj^^J`z7g*{EhB{HbJuC-$?{Lnh<&v7yVUr0$$V|b^0}QwGJj^q@_y)1d^=0{UTe6Q6XQ}xfp*IbveydPYGs11If9iI^?EG7V zZ^HY`-t=7fD83tS_4^XV7f}Bl8F97N{>xSSXW}dFWdAdle}Sq0cn|(*v(I~6jc=nY zA8++{_B?!eF5|D&f1Rqo3t!k~UH>9{3H}MK{;B&8vd4dXJAPR6f2j5q*Ry@@&WJtD z-t^qxOnejmJG0Nr-7h%@UvZE1_G!e|;9t=4z6;S+eP@#(^M|0`p8zxpD4Ki;bS zqq2Ow)&5s}A>{|H+dmWEkDsfx|2EbBIe5>#*5liVFS##c`MnzR@P+qhEboWy!dKw6 z>!NFZ1V(P(MbgjX?<8&hl&SeMiuXK_v3%aCm=Bnn@V99F%YBYK6Q97}rujgw|M;2* zGvZavcPihAAH(0I`RkOQC-V+vgYnDYB*?Q^O2&BQyO%UFKy zH3#30XE)3BFYjD6K8^SU{xZ!^9bmHk$5(_imfy?Sg>S+iuI1gT{6+XMzQXLM9+%9H z?GCrsS}v2zxWdN&*!b*f6bKsg^cjz^J2CA4pV<8&cS(u( z>0i!RUZ?KDx4x3GyiaKnzA%yz&D#5$Yt;LjQGESt%zthBHmL1ed@1AeR>tys&1T}8 z-p+_s+WZ?;^KTBm=G}~FoNgYU%hcx#jri^lGvX1geGjPi&BIqL$cS^b_MNHP*M)EW zJoA^|Q=2{h;m7*84xqK~Sk=B!S^n47zL<&Gw2=K@%m1YEGw~JQWGtWOnu8z1_iOX( zJ2gKW@!j8A=jX}#zsraP+W35+#-|JK{P*AN|I+`Ev3%ZORF;po`d*e|c8sxpt}|%$ zAEWA@iFf|Ybq=k6pQ`@N!S~~T)W&a-8ox$-`+v9&qU}GYsQqW2%*T2Eu9ZJ^0F&Fd z3t#cyjOFv(i|`4&)&4aq{cjm@m)5@9Rr`uBXZ{Xm#2cEAC_fWF_6OHdG;ddaj`V+8 zUq@@iClZX0*1z2M+Rej(hlV9L|WiR{zhc{zdrSWJY|bmEWVb&nUhrl@a@E z`I#zT%)qy&t@AVSo(#udZGO1b{FsApGBRQV%}-ap5nsQQ@zs1p`FZ%l&kN;Ov{&+?_r1|^Q_{_vtOlHKH zTKT7{^5@{2{+F@*oTX8Ekr8`q<^MyKKM&t-8xg~r|3mpMe0|=CSgQH7@{91Ef)TMy z^BLtw@y_WZ;tiqYxx=ud_-@W08cuFh( zF;#w}EPvw>%j4@jeBmY|;zzCiMXLTTeD7u>;zI5CQKya{i|{2|j)-@)`SYflKco0= ze5>YfRlfKt#;0V&@^h@2_%ZxEEuVYdc@Dm5s}aldbEC}Tx6=Aotok=k`fWz6-~Zz4 zOGm_|+W20m#&;3Ed)pEHKD+!D@;He zy^M44?K_W%q7BURW8Dqp0L%TW5#Q<>`OD`wq@RcH-i!8WMN+;0q5L5w~jf z->B+u#5Wy0V)@+2yfuCwbN{El)-5}JUHEqLR?kx}!k5e%vAjMpig)6zzIVL1iS2vn zh&Vv&|310?|^^RD6pG5Js%n$s3wC&fgw%<&A_v{hzUZJUf z`Q6#inaWr-2VZmgh<^T-_c_cenr@e4!as7JH}kp(ue)2WSbH2b-Otj2chruE<266^ z#WFJAgZJW{T03*!J28OwoiSqhdoPoCKYp%O{%vYIm0ri^g?OvuXeB;yrgi&j@e#aL z|C;fRvqnTfYyb6XoI7Osz7g?=ww)hP+qnmCs~ZugXzib^+CPAIR~kn@=4e^R~{A8Z&AJ8A9TPPM-oAG&NroUi$_mG8hC zSBzLbm)L`kTsc`QMbE#QSd;5!Y$$ze=^gw3+_hG$MZ2{4dH^ z;zPHLh}G+|0oKmn{4w=;d@VjOcSKyQ?T6>9{jgbh+B4%rU zryi^RPOZf|o*xl*t^N&E{mpp$OUw@~zn#i=$oy*~;xTQ0x2yTxgAd_KR^iTA%hA`a8G-@$78mEK7CpNv?3KW`=8{rQNPuI*pb)c#eAcYR@f zd}zk|@TY0@pQP&VkoA8vV)?xpJ^0vn%s;2O|6@)$K&7l2z(*!W#QIyC{W@E(^^>yv zEey-&J4?BM=-Ap2bG7liO^shAK3Hm4o(F63vF!}Y<4-f*=P<-N+W6Vj_;ujDI~c;P z&5r}s{OG~^cQM4n+WeiT=I;RB*v$~H(0#Rk=Dnci&m=yuyJ2}hVrhW(?O}*R&H1Uz zz}fMw#0T*{vp0RtQj3q_KhXR;s{UrYzuXWnY5fbU{&nDOdl}*aZT~(;?cY6kZ-rs` zIlzD{AAh6vKJ;4kK6DZvJIt`WAF%Xh?zgBi!~--VH-16Y{z|<2a6^2g`S+Bs#T$65 z&vBcjKf(|bT7HGfci>}38kW!3_DJtB#7|oOdzBx+2ahtu8=8+OKZ$o8ZHS$;`MsT* z-=(+EziPwsbNWiW<5zEWaPU67M?Eu)H6&79Yf)I*kUX^Wz+~e>dY}a}04_ zp4t1<_;=tPrx=#^vGmA%jkO=Z2Tn6YnYMpzulBD=eDEwobZYfKr|K_lq5g9W%lnxt z@kX5?-qXgnTa9lmK6oDO(|qnaPBY$pz9CZD_$*fA(}B0wGrn5;uFkfvj52%h{)-GT z+w6~8^L#*6_GQ`Q)F7`5HyC1izImLdspDk9ZTvlTnIU?$ar#(|QyJcKm0|h)I#u}o zs||6GmakCxI{eu6hUI;`E%>HpLxi+(cvOwUe3`$&u>79+1^AMHVfpUwLP^m7f%-+61n7v61HeqKEv--^Fqn@9Jk zdA302?=i$_+V(w3ZQnt>=Uzkq-8$3n@D$v^-^2G=`!amt{f6cD7*ye#9xyDQGpob* zK4^$j%=0vVw%X5HWcd#pme)h(<0~FzKhgTXIM;uf@A#YTFa2YN<@eJSa3RczKT<3I zP*r{zz6S5n{9(#h;al;1te88_<(;p59ljr*{Q^~W92{5oWwzkEpS33gtS z@L~LcW^Z~9a6Z2GZ~Ov$;&1#QzHotI`91XocX50r|G2h)KCJf7GJMmghUMq|RroM| zM9UAWe4WgHPXDy=-&c))3%>me>-~4W^j{j5_f0Rrm-JcZ2c`dt`K#5xMAcu=M*qJy z#3q_AQoc<3h1T=C3SSsAEI$vb!&iK3SU%U(f-m{b_&@Bue|%ii_WwVfq;1+xYfz*F z!wrH_Q~DzarW&*if+8rLl2*!Kkh(=NuBc!zD2gB|C*L|MUzCX7Z3sg;CBw6QpbU-;jy*@razRJNXf3#?S@Otos zx&PV=^K%`y|4Gjq!ApMDpJ%p$_kwHRe+*vnFU-$M`DYc%4_^CAl3iM2F5g9R{w=-* z^KT!{6P5Zc?1wA|Uzbj@Wh2e@e>Ki;_<2}0c*Ss%xyG6JvDc0YizhY5^9wFMPX!Rq zH8RDXP||rswqqE)ZFEZe{7n=*G&ZHZ-id*G$ECFU+7jSSM@su1OvkM@TMM}Ed#-Nq zwh1ZieFqce|8!UvmIF4nB6Qsh<>$l*h3!c-Jl|=1}^_ zXxTra;2nQSv7eOkeJ9Ho1CQ*M(tfWl0Uq2v#a>plhW>+k8=CTDfXL^{x3597`SKO6njmn zpOry#zZ6@dv`3&+VY z_g|S}BNV<-=06G^IxxjnDdoSvP=0XdK`9ng%731;Pk{TYQrdls4qRY#fp4YQkC*mt z&JRwpo0a@E70M6p^`^A%xeS1Zz~4~vU)Yxs2KUU=&o5E%n!{4s`?fJ~XLX8oEB?Qb z^^*Ya0>|Z`ss9%CZ8~s6+k3cvesY8REw~Rn1b&3#f2K@70N!R{9|rHTu#bY* z<6_`(@RODFkC*8uz+Fe`+sA>0K0o+)v;Azt+&Is6gV%tsH*EWW=j@dBd#C~M z4)6ob_NMQ>gu&zBGtGQiA^j-#KPRQ#Hyi`E9hK7F*G_=f9G%jh2RZJ7e_u+wFT@S* zIY!TY;5EmlwCkk-@GkIA&E+%g8xMm=j!Us~mFuj9@;WOD9zQX~epkj{R*t_Ic*n^p zwxhyJB~Nf(n__bn|Hn!Hj=PbuGg8{?d^dP-eu}xqAf7x=+(F)N@o`>{-| zh5oz@JPy9UnVYWLo55|@puUv+zc2H@7QF3R^cS3wM3+`ciTUANc>?g5`-wht8Y zS9TBjGx&*SZa>zDz>oJ;;1LV^dEjjp_RGMN;0qN0^Q8Y~aPM_`zLuvC?ljvUUC4ho zc*ufp1P@y9vU@QfTJS3H8Vf!Toag^AbN)>CkCuU3rQb~H>+IKpTb3W(viyINe%XDZ z{JQk3z^&4s2X2-AGH}cCQ~J90T?<}gQUBfGR`tK}Ptq@I{*&^9Tb3W3mw&do{q2Qy z!)4%Y7Wr=mZ?Wh(XBa9zp(e={JM7fa}s< z`zO4c_$YJ!#p$>xKc%nZWi6upbi4|jw;x|tlIKHWcpLubf%E>Ojg(9HvP zUZ2vg3oZkXgX`>@!M#l>?Q`a9xjpzZO8SNU9o^u;8&cZu3T*^$yD_ER$6U4w^>b5- ztyBEJCC^W)z~kWk3jdGf^T0d8DR#NS#RU(qpJm{#oAuYL&D=k@U$N&KDaHBmT5f-f zzJ9yGli*(}_J!vxHiEa^it7o5XQlr#G<+n2@izhyc|C4XyV{?>AP@QW2*cuuC9+uxbe?myTF?!7Ce{r+rO zE5_%_ly)C(6}a!ukf7tGVr$hQri30&73!s0Iu-yNFA?N{lq*O!6U zJe*>a&Gw6pY%AHP-L-p4UNDfZ7x`+4B;CsS;ZV!uGv?=o;tG^Krxxta5)^vCbD z;5FcHEB*`b)9MDdJ&pNIX}?=#`)vddJ(FS!74Db3>@k$T4eP0j|H5~*s=$NK>iIly z=W{9cj$;2tq5R+-;JW_P%>6%~Vr|86Alv6jxn8jr+}56AbxQrum-XKbUh@i$FGXhi zi{yIuM)0;*Q_OBIzx{Wazp~YsUtYs{w&LF@{a10`f%SN$eBVj?dEmh}^n4k(_f1^i zD*oq5|IOf$&J^oY{Qq0}U(5Z!jrud^zvy+@e%;`%f9S{eMsPp4Zhv0c}_Y@y_}V$2hr zh*$YxiansDbB|1?2fY2G6x)XzXGY}t-=;O+60c7H%4_y+Lu5_9@H%lnh9;Jv*m)&eZ^Z@*9WgHE3Qzf#)o ztoMLd{+eRFO8xvG>!2Lb;usZP7;8!XB3*TRD z!0AZ;y&$nIs@Py@Qe5YyYwHB_u0eXkuCeQ z>(5c}wypZu_b`|C_OE3-#lS;b_i4|E65w(0K4m`qx10|hPhmdZu1|YC<_7NqU#HaH zTeALq;Gs!@3hKgZLUugdyZ?I;s3I#KSoc7um@?PKpK<$FVx&j;=)@6+yc z3xEfA?_;kj^F+IxC&J*)J^QrxFQVZ7z53X@ihZZFk8%5b`n1oBB)}t+``BWo{B?!$ z<3cJ9{vV}$|B~f%gSUD5wEGx+{6cJh)URS+cy2fV9-7*xeScq=`v=!u4@SYA)B4yl zCI8|Dfkyj-2f=Y!Z))FrW%&}|N${%`E*3<%y`v513)B0w@AYtlcYvR-*oy-RxA%cN zXXxz%;306GeHgq8{4~YCSa9L~quhUGpLYL54BP{LmQw$P@2ezu`UmuBzccQ57Ucui zwVxZ@dr+VDeufXc2K+81|F_Bd4}f=pPaKN~a{k+*u>XPc!~3-F)r)ffN9cKs+k>N- z3;s>ddnCa9M`Hd}xVYhAwEuG`Kloy${^|<-AKW=dZ|?&Sf{$0mXNer20dW7(ecJPY zFn9=DH$O$eZN5JCS7rXbSkB)u?*F(x_J&fvwX*&b;Le&pc7ejh1(#9&=V1^2&ICk| z?eoS2?tpVQxO0A=b|01xyvEo-j}UtUl&7+h1Xri}@cs z1pcd1{+|lv=jku%(_T*|xPJ@oScCSn;BN2`c$<>{CuRTefjjH<{U-qKU);xrmHsgx z`$rhu8|c&SV~c_Z&qx1I&QETa=O;1nAF}=v;PFfPSjb$zrti=?UO@T{ zeXPrDU-Z5#pBp^6q>uew;V(+=1CRVw??1rp!9P{X|6!s0;BA-pY4=e^!Q;#N7!Kow z{%Kz=%NGL=UTM+)!ChDN>EHkUBGSLQj~%HT{|_r1|H0$e^=Y4%@qvey_i4X35dg2b zv5)|^}0SdL%&Dp@}X@GfwlQvXNF z`ggnpyOo%~l<`#}$Cn#Cd2b(kPqBYn+WWv;?(bu7jW(rU^qPE*A^=|VNT2q-Y+-Q! zqkZfX#s3G=e-zyHcptk$slQ8Q{l&mTPxP^al<_fLj*kR*%QJoKKBax{lI`nghyNG* zwBOTlgZsfFO8Pg+^nKu6FZF5Pn-&0%v}1l#><^OmVeqz>``EQg`&}j5FADB@rH_51 z@Gm8gfycpdS#N6phb2#d2mjv3wpQwQf~;Q$7FvU^>gQ)Sc*|>jEU8@o{93sF;r8qL zwENEj;2rPwv38~ZJ}>)k7~KC!ADgD+&m;2}1rM#)kB=C55`2oe{HFa332^6Uee6v$ zx4$au$MFjC2R=bbe~e7u4c_)eA6uY|k9l%@_`q#n_38J2fqTIBGpBF5z6pcZfWK$v z_P1sJqTGKs`nQ>zo)d_HyTGqAb9-TbTLL@+exAY?N&k+&qyK=Psqj-JcZ0jW?qhz1 z7w$*+!2RI5_b~*(gWu@=hr!#xahY!FzmLlFqu}0e_2(Zk@KC&ujaAkQN6PiW1W&(5 zfBoTDi~bEh&VMeYN628{C`@Q$7OwfkXw;I^InweQ^wfIGq8Q^x<>h4Ih*yZW`? z6N+;CUHY}(4~&7w!M9h&*EVu|B{<)+U%Niwcop@#SHJc-7dN;cyiUpge3^eAc-!9n z+V}nhz&-AM?S7vycnJJRWqchb$5)j5-?v}8KQIO!2fsl%{xr(tPXfGVM!)ucxC0B_ zLGTN=GPnP^TgmnZ@0ioCyfm&UpRgj)+eIiwqyFW z`}1Sq&g1&o-^Q8ji>{Qi^AjfY2+<8vF_WU#qZmaKS4=L^6Txfsr$a(tukAVjR{mib6|KFv30^A?$*S>ez z(ShUlMg8nf#XchE4>x$trTwf&IX-+Vj}Ja@*Jb@|CkM(Qub(E#b>sl&*P(uu@l$xO zP8dACyq{g7l>Y*m|0uZk#(uV?lD01sL4FnGj* zN5NYxcnrMFf+xT`EV$zxw7&&+gU2nn4?JnX1K_qNEZQI3X~Co5E(;z5_gL@*xYvR^ z{(<(l;BIig1^0mmEqDMtWWmGW5eps#Z?WJp@HPvc0PnEij&*2%3+@JwTW}wE(t-!T zZBJUXKe*F^N5NedJO=Ku;0bWA1$VrQ_P5|}aK8ojfd?&k06b*D!{8AM9tCf);4$zv z3!VV)u;7mO(Eb+O4Ia1PKJcUk4}jaE7VQu2wBS*2mj#c3dn|YY+-t!d@1y-KxEtJW z!F}LC3myOuS@1A;#DYh`TP%1Cyv>3qz&k9sBZl_3;BN4^1^0m`EqDOj_LN2YgF7vF z6x?OOW8fYOo&fh+aK{H|e+%vg_giouc+i3ez(W>13?8xIQScV<22`UwKek^euP_q@C10of;&D!{aSE0 zc$)?Hfp=K&0C<-L4}-@ocoaNo!DHaIXDr$u+-bobU1)y`?gsZ*a38qWf(O8BEO;2) zZ^5JBK?@!O4_WX8c*KG`K1Tana5s3H1^0n>SnvRNmjw@l$1QjiJPCe+GX9S#jDK)X zTfhGO7vQ#M``KU2_GcEZuN|MDe}MbU+*qwHdc^&oKjA*&kDBf656SusfO}um&tGBi5O_|pFT4*m z3hsZYUweNy2A%{z#B49N*&6vzfIHju-0=n4AAHdWIFRet3*`MBH+bmfes-_fzx_^G zJ|DR4m45Ah?*MobT(^HD3?5nAumAo#cpMzXDCE!nu}nV(-tsEekCpsCAoHI9_q^WE z&Mh+87cG?Q>y8a5-<$nxXS4s)OzltndNa5GO{VVyPs08Vh2J8106h3szxH{ZFnC*M zKl7UH&HJCgyTDI0bJO$qF>vSG{o40bCb)la-FJ^1U!s2g(a&(1Y^vW*nSVEU930hX z;-5(F18-T^&t6vQe~qmF0J!%(+@DkI8>M|1ybb*IVw3-(SB(1;Au^WK+SjU-q*P zlya_<<(vz?`m28CSNQ3YH-Ptc>+gfC0I&EO_oPFA8R+)&m4K5XD)c}_qb1~_%D3ty#YM? zLq97UX|~@^?$cSpd2he=`>AWdXa9oxxQhS6_j}fZ*Z->Tr)lttL_g!FTZR7dfvmrY z-N-+@2k5THkSk~_vp8kk5J4z|v;j(<|!ApzM+Ic1o-UME3wzo4`{}aDK z`xK|yNlO2&k^Orrc>AcdcAwo`@Y$o&?3Arc{j2B%xsRX$ylGOJeXPuLF?k<$1-IWR z&E_lVpC;2^!|h#ZHbWUd`^oXM9(?s~Y4(s(zs<6IY4FP3)9fm9`HL=-^*8Zbw9g)C z?f94qUR$BJp9|i;r{2B+eCb|kHmH=ZPnK^5_rFh?-KMmExX}LK8$4<4KAH946;smM z`|N4(-u?9U6XU3#{nP9VC4ZmD{7nVVPD`@|O8w1~^*0xM_KY+;Q5pZo7REn#)4^#L zci0N^PtjL$pTG)ke^i=1rKG=FroRS!gD=fKQ|hNn*3WwIl{IO$h0?#q%KnuGZsvX#rh?aBmu9ai_5ZT0|GD5LH>9=S$7=weeN&pw>8bqQO3_%a{NpMuXsGI-N!eV+dq-kzVEjIy#2|v z_WPkL!0V%Ef2Dq|H|nPxMP9@GKb!v3^Wbj8i$9lUk1GA(A=wW$f(O^6weOoP`w{2s zFQFeP<7})PXI0>y*VD|d^poGE|9Rl9H`45Or5rcQc3uYF@=jX2AFmm_1N<(<|824# zt_AnLo7TSfxEnn9URwLU){Wqi_tV<<^_BgE>#10pjVLzvvyHN!RDs*N((H5ug>iVY z97prOz2Ju``9DzRe;K&{lQer~tjWIU3Hdx!GkCH)&0I?R?I7!SE$3gSnNR7*N6P$l zgS)=d=WioVA3Uq%zwq2|+0V%T_i63-SE@MwA+3ELXdZZ|C#`+|$TDvKBl^dV=JMaX zV}71*2Jf&BFrQNXBMapRPZkZZtrb2&@@~$H2ekXqHiCyn4``onFY879lnk(Al=hn~ z+ph{dGIoF+q8!H$kjL?P;BDIuu-laUg=PMhfqO~^wC^2n=6uqC_PZEsx&Q44wC@+{ z25$ksM`_;`vVU#_ckM8seIB#yU%1`|pJKKT80N-txC%T7u6wWlJaB*60GnsFx1S=@ zUk2U+ex1S#`_-GlojVR__tUNgkMA_V&KL;?a=ofn&M)2IuJQpkO{ss6tpAPR-rWYY z&kL6Qg5eFmmD2v>3+>PO9s{giN&jq_{ycEkJ_BqwW&Uu<g+)qwW>8)d(ueGVSbeqXQ( zJPv-8lK$Z`{dwTdLk6_ZyDkIwgY)4d+fUqXG5S|Ccn$b5W^SJ?{jUWNfzMHRwdCF4 zZ5DhZcpUr$#lCPqsVsr^J9I$1-c|+fx8U=@TfouH3gxr+82KxQY8iOYJHS3R_s`ka z78P|GU6flH_0WoV6^9M58RYz7+mG5BZh`QQj4ZxB8fY z&3@mN`&k2CQ8S=^|GBUZ_${wJexBKlc(xM;*fr*I6)h`_fAHXm1MEeGKP!3Jf6#wV z8qj_pstUa2lmRvY$;kdY$7o)ozUF~Pz|T?Y<19J;mVw7l9bm62>9@=Do54e;53v15 zoBS6|md`V+1#dZPfDIL!d0Ngd-Q5110k+))GvCU1o|o6-M$VTEsQdA$-R*saa+Lpu z^U+HOShbSRLuEdz!B_rufL%1koK8SK7gh(J4Gpl>C1(DxJdbPyZ@K~Vq~hNt{kL-e zH{v)7b6L;!u#rLD&Yj?;H(?%E>fs4l4?W*}uD>?cAqc5wGh3{qZUW9(r&i75B~ zwElcF25x&s?>_|Z=SEZQGD2tHFe zU#*hos}3wEwY)dL+)DZOkmYlOw|y|cZZZ3}-yrkv19yEmz^at?n<3jT0Pg*KKzqFz z=JsCWEF>b#B*9!{&m*ffXB={o=Z;{-Q!T9=efHf)nTFKqu zN$``Dd9p^%lRj|IR|DGT0|VgB?g5r?AOU&3^0T~N41>pe(SMcp*;}?xl&Ami0rrV< zocll?=VIV(eFLmp;a^Ce01plh=%0TcMEzxvKc)OX7s?Nw1m9ID|Bi+7gWHC2KCSR$ zBoBalbNci3FnG{{N5NYxcnrMDf+xUj8wa%SYj$8E!~=e?lK)DXe>Zr|?*lBX)X(*@ zeth5^;JWY71^7Y>(_asTxqtALivK&L|0sADI8J8@{m1@`BXHMV&Mh&Y;94fv5t`3{rii-L#1 z4>5Do{+1Yciv>@BcYuGbly8G9pJN#QOEcQ{&AP!|lQQgci|3$%_J7u)rS&V_Zz;*90N`MD<&afxU^=E%X)~|yf7+w1G z-QeC`GVIXth$rW-1IKd*{5;$T?w_1tE0p@VRn|`cJnqTp-+#c6Q`#}{$t=taDEyj%V+vNSAzSWo>AYEX#c6u{=cJs zW@OlH%J>M&@!WudNg$eLD_z_C|%q*1u4~(zFGur)=Ztxm#9m|?|=J(Kn4 zV5pdrGTQsvZt$9uGi;_(|5ei72Oc^lqkaEY06YS|L9zc-+K0LSQ}zC%-2Z7A?S0D_ zxcBr7+g&N&F0y_S-2WN+@$ImUu({66X!nP^!9C!AQ~J-9vj6zNTfoOE7XXjU z&#(%!{n>^2C(P}^*N#I3IlsPCc>W#Sd!By&ihUaf5Sv-Tdhz`@PKe3k&57fIHz|XCDT4f!8bbcebp*D0ncKVWXAtW0&J6 z2JUajutya87HOXVPcG5VzYhK)=u0iyAKVH4wbH*f$o}O6?^>E+)e1jU@&NaLMTS)= z?K4BRPZ->FRfb)u@THPR!9&+%wCnvbaR1-*^JfA)crEHz$zS0;#STnt9oOObuGC*) zU!5B~zC6ReQR@FoS^qxpmYXu#`!xaZ;LSMxDE@yk+NT_SCJgSqHKV@&gs%_ZEcy`d zR%Q6N2JzYv&&?J2adJ+fpREU92foJ4?avqyxP2PDK9XVID*5=Q>?aekF|6YDjP}0B zRPYVpk1OreD%)u;c>P@&wn(X`1+tzRz}xT5u%{LK$EE!W@YxS!*qMs`snUK8c+;v3 zYf;K~pDf>c@REl!+UwLb_uq${N4CL#-C?u~_ z=Ylsqm0>Ft|943L4d5luW|(fha0Phwxr}yy-x~0WH5u(X(t7Yp@B@_er^@ux;I%Jh z*nEYbCi%osBWx>Q$*_Brak4^=$NjRL%fMScMm;I~CCQt?y`N^-80CDl z*f<~M^Tk?l&zBjtli42gMbSi22A(ZG-g^+Q;-9!KQ2bmb&ufcIP~Y(kdq(LGPssjI z4qn=mVON{eDY{(dvl@Kqj~VTA3w7Y@z^_#L!&2EF8o?`m!EuXcI6t23g>|V`@OE&I znTusfqkNs*Klo!x{#VKT_kh>_M}OW?JO=X>I8F~u=?}^Iq#S(qZyENi!lRN`gZF~# z*6r%RS0*!TSgF4OS$~b-OZzfxM}?P4-pYAD?3MHj@0IEVuT5vzBxSrzl;fp`^9-&F zly%A7<+@}sPT1=Iz<4nGUuqQ3sNZt%Ch&Di`@JRGuNu6vXi)p!&N}eb;FV_o;;}%( ze&w{U3_`|aPJHeZZ2es$zJ>VNg4rGX|mH$t8 z^`G!M;?vCjg9ZPM;1x(;x6h{)ymri>cE5Qi_)2iyx^NG8FZiA2^z9K@f5rGfMg3U4 zeK~kLxX!*BymH*2cArxncouw>lK%ZN{YLO6#~}Ma;p-%C<^IPHvQ~vZD0wINI&j@S zj2@mo_#(xAfwV8ig9fuF46=a2#R(OkKg+>ag6r(7!Fw(2>%c3w(AzhHH-UT2>6`AG zwSun(pK9jfv41iDfv*GC^{*cAUhoUd_V&ev@=rkioP%tJnO|&RG5*18!FA)e8hk1E zKg{;_H>LkN@QN)5wf7wx!8d^KXSP4TkbWz87W{TIr;}pdKAk-Mtp>Hv9rtkm;JS6| zVr&$iz4f5>e7YRG7W@V!{YF{7YVdX7Hz|C%41N7ogSUgb&G|Q7kJf>& z0}m+v&yoHc!AlPqWc6ly``NPnTEXkVUs3oAl6Qia95|>wf9m1=$O&G1jhWw)2|+67n=Rs&z1Gl!_x=XjgR7q7+;6$?aRT}f$Q>L4c=>E zUk6@!#31`jslP5+e~sYTBlYRGg3q2k$evTm_mnJOCr=+-TYjGYoI&=yV*j+XFWv_A z1FqZmP!3*k)F8t)qC)-Kf0g#t;92kiW&Tde`MZw$KTd!AY~=Rf&nWftgsh)d@TTJj zwa;aD5`SIE-zzeIJ>V55=Vnk3V2<@}UE?Q;&D;I*}b+V8gXfNwZeKR*_42mhy|ew6ZU zFVipQeBPk;Igx7c?3shw>(@H)rul+<$10ty7MF zZxxPz;H$62@k7b~RGI%C@O6!Y+V5Bv;_RR{a4by zhx-RVSK$jKFP?Aw}c;xQcml=6#( zHskom(+Ag`pZ9S8;Fl@(h5ez$_+VS*>Ot+kv2yTw@J7YH@IHcS@D1R{E9Lje`mX~o zePWOur`R7Q+piIPHux+vH|<+%1z!qYqSQ~3te;Ns`skqcyM8^~{;5IjdU!EDfZ6`^ zp!T~P<=_?1V0Rm|`J)xQrqC>#KF( zy>AY({mto%*A9vKAH3wPK^Ac!f;_*wN$!hl1z-BnAUn%!Z$CqpuM>P7_?}AtE9@KS z0pHLysC`bX7z@Z7KF0c&VqbX9uAK8vF#eSKIY!n`HF)Xg`u3>;3Yp`ep2omC*^(P9`N4(46+b>N&lwz zp%ml5Kl?X5F9%-@9#HHH>qFJxS#aI_PzPS09MnGN)d;=;T(`d2%I#BwtX4_?#6tUn zuLjp$KlOlT!T+k*iv=EDzr|?y+P*`FQs~Wr)+^e)t;ry@; zyd;g|tHMp|-`svczy8$9?KArN>jYnF!F#xW@G0i}2aM`7%2&J#{0|OlzvEsG-UL2i zwznr`{a1t6X9u#9eAw;Z{+?hcq@1o z{BKJ7g?%TT;PoY0cDcfr$oA<0Uk84z!VBM(D*g-VcTAQoQMg#3=jAI0UkQG{!dFWF z)!?OL_4QK+z7+gQ#a`TC;r<)JH-IlxxY(G-c`JCuxUBZOm7U=A7Q6?1HMp+*ip$Y{ zj;!{(Naf(Q;LDW!72a1<4c>0S>%dFL>+KuCmx6~B|6&2$C_nfH@GBI4sjUA_@X85U z?Y`e0@OBGcyc_Jd(A$@Tw}U^Rq<@c*emQj2+}@d0->1X(Z44VxxRo)_1Q5@)WtKh7 z75U?w{c%~2FnAkyqcTrkEst|iZohSwwJG*bO8XeM2R~Keb0trJC&9gDZo1Fl*d6z? zCuX(py>Nqjw$19F{{c^e>yCo~aQ}8$?K*!LJOqBda-RD)d7c~P{wHO%_c3DN-tDv6 z<6r_j0(34D+##zyPWr$-;JV{*06b)2ALi+UW1F_Af23vl zQEp$R&wmU&0`4-~pKh2N{VzdWcb~{nf&K$~-8|(6ckY;FA1dwhu52G4c*oA@-%9^2 zoTmlAYj(jrtei()CC?+n+`c@kfBp+R3GOqO&vc(S2JYG|tG$j&@btlPI#{S*(>jv_ zC(t#!XE(e5m5*~bcm!OzkH*J&ov34;Exram7x6YAp7MT|nrlagN8LQ~mf~BBipCgA z7d*PrE{%x4Zf||PwSw2~lVz_c*9R}i>w`}4>;YN!qH_N5tUQ0{0bh9t&L4P!`FTfN zzKZi7-1u1s{*9U2zm)y19K7k!EW1(R*GXOto&|qcsn^1LC+oQV%q+W8;So8nHG-GS z%Cbil{|`z3t>7!cb>pfNycfJqu`fJ#*8^Tzon`#-7g>IKz?Zjc@!mK-9iCO+_r=>) z+=Av-Mm@O^uM6?s=Zbti+TStq$^H1iLq}xQ=XeXxWpBj`%#UXch}U#vmN}JiG)|7A z72r$f=+9@?fNuc5z1WnGqMK!VuLrL^Hp@;{>ic+E-)Zob$6+2;_&$8o<}h&uYJewF11vkN$+>73%o`*&o(` zuLQqS;f4JS>%mJGWVP%0Y4CdRTNL{nr2mQgAphVamGaqS`KE%eTbO0%E4*Ivx!|Se zX0`jg8@T`TvTO%)`r@@YMn79Yyi=+F*Jb^$0dG1#%U(0v+g~>F&*z`@;1w5SS%cZ$ zJpYJWgWOt-f81DHdLimtDbE8&dCC!|9K56=1?ec;Y#vg`|Uy%&8V+bsaz)t1%1 zA2Kr2VeP3 zR{MU$GV5hoz({LrQk;^^>c)* zpB3P%|Aq5xWxZsETrXJzzV0_%$2iU9KgcP|58lhNtW>ezTH2>MA33DmuQPFf)X%6P zHl*BdPs{u5Q^6}I3~9&7T=1pfKPvSbm-X8KK6}d{b`i2K+s`f*qMHOg_)S|N!*U!h-y+`+=Yjhx zhgd*4UYsM3tINRKs)m?y-=3d$imffO9$FD^_Q6BidAk!l3x23lj>2;*J>aE>qQ1Gu zd_K+lKc}NTz&}#j>pj^Y%E4#P8e(>3Jp3-lQ#E+yQA6w?CH?8L9_zqsj~-$NE90?J z+BbqPJ$^`g|Ed+d=>+|F>g4`U8e+dG{rwl&-+RC-YB%X`MTP5+;u#okr|SDbIe5kC z`u<)GUNUcpy`j|KT3LT};O+B=*mR|zPLchz5qv}45OXQ{-$CZTmGebIY=h$eQ|Z4G zeC4@A>_nyhkCpY`!|l%-(!LM1xDxYeV2H(({_ziaUQiCc^!y?AkmA2t`mY8rxp0W> zsN}y?=D&{fi-xq{O=tvf0zXAb{{)$SEBHF_gu;K8yc2xo#Y5WXPJ6ijONO-HRWCjO zbU>E4zUXr`*WpzBY6E~`uV;Uy#4YawpOu! zN!oXU*IqfqUQ+mTlJ|gTuO4D^mG(PMwqNmq7{AvHu}_rqr4Qu!QaO0`#v$$caW#1D zO+!p~y;28Wa`O;dsN~Nt^Vi7jZynm~bNl>w(F(pgGQ|gKn*H_)({yX*lec-{n^gI9_x?9h~;E|O>45#UZ zdAevX*-laLmV1UayN+R$pZmXeNc;R~0=(uA?)CcbTW{6>VsZf7>onR-U3AmM!&j!RR{dP$E z9*`B_tHE{e?OX$1@%@nYd4l!e8^9kk=c8zq><4M^`ko=}dgnx(NLBoZlD14ZyHM#vYhh}&)+x1aQH3MN6~&VAIrc){WvdB_!P;T!CTTp%x32H zoa~Qlx&6S9_Ioqk;I6?THnrHC{=Ra(Vk5XWH^jD4#=BFF_cAZIZCHEXuL`^cT(@pJ z58N|iSo^)BW#C=*VdhiTbB>hjInCgqX<-BLIJnvZx?wT;nDwY1ezwGbb;9lo2 zo28WhkV5&vgA<2YKq>z@h4Rltf1fnWnBsp}`mX|SDH~STjqM-E_L&Fn-*K2-#e0N2 z@4ig(W!yjb>*n??dZp0*+x-%`?lO{TvQJh;oScHev1 zVYog4KVM0|Ugoa~-1e7YHbJ=#A0w~B=Yc2p8`eI@yNvsvHq7=^+NWH$PcwMO0mIt! zjD`2SA& zuLAeZ9@aiLGY`CG&M-Smu|GrFF9UBm8s%5=SJ=1J4BqA&W=AR4O^3_trnTVl6NWeY zTpFLJy1_jsqJNv)pI={|Wpn|qHRj{uYMkFA-u6m9w~_fQ=lrB$cDcfrNL~%T;gn(R z_jc;QYfl~4@Biff!Ot+~(_Sn4X)Aa;_<_neohHX=Cr|%O{XEqJUO9i5EmiV=iOhfT z;W)ovFwE{z{I8Jy%fU;}8DU60HbvoX$y>pjE+1ySO8P&@^gF?8uNr2@D)l!<)?W{|2cMzzqy1z*Dn0`FYaG_@ zUoHn4(FY{LizV7B>Rj7Uh>YccK>|w9Q1$ihn4ad z?l+c$SN>y|B^Cd_%KTM>m%NMPv@(AjDd&$mZvWvh+g;(iNZtrO`%@ezl=Gl7?;Y1Nak4|9(XF?@sQ&AN@<2KP%<@ z*#q7*FwFK*#%F~bpT)Qlv2tjb<&^woWd6#*m*&vFl=9Wc@>PSk|1qq6KD`cnHXCNw zDgHy!e%P;`1D+j~)802M#tG)S(K+q?gmUoqlAQke zA8rp`s+6zrUb;HY$K;!KgpVPh1NZNrV>>AJ+e-TY=Tmd+afP=^9_Hy!%W0p(i-LDe*Y}SYc-xE|J5OoJrsVP z76y-ab8L*_zgX5!6g)IDr#()_xPS2bmE(M2pLzn^dl>3p;jM-8pMd%We?sApNbUyr z&&p}n6MW##>KwaB$$voRKL8#)Jf}U63WIx(#5`(Ff02>Aah@Foud(1Ua6kCzW_!EX zSjFo%0p0?xTd#892AXGfPWzmm8{7}B%byQC2>yst{=)kg1N;WvQ913ti7soc8`TS} zdg(s^-f_I1hrvT9V*XXy?^N0UqTC+*SY`g4Bj?W;c=F_&_Iox7@JOxxJjQ_wh!*fk z%6Z~Md7kLzd|pob{$U?@8@TQ{=>T{KxbC~YVQxQP??1}z!FBu7W8faYetu4X$H8w? z>NhOw*KsoX&w?ELSm80r-QcdXa_k3%e-F|AZogP>pWycAVg6I{*DCYpI0f_91-Z?xr}6p24ekejNh$wxh4O>j zF3f57rw712;O{Eed7bh)FAN_4EBd$Mzp#!I1$QpZY4`WVIKM2%7AW@fWd0K1e(+}$ z{)FU?TC^YdSqd*aXX*y`UXJ`Lyi?lyxIOq!3ja>>0C>k0Iqm()Fu3!|oOZoD3LXT% zPw{`3^dIBtgX_je0^EO9ZnMwv@b-0_iuwnCS@FL{`geneuEzPV(tnujpFZ&5H92;x zGC$oY=cfSo-ZExN%&P5SonfycqunbWtwCF?H$9=SoEewe3!V@`X&C<@+n6S(64 zMd?2V9t`KS&(S8pZ8zt%?=f>=0mKEqQSo2+o}imAklcd$QQG$m*}gvTn%i(4uh=h? z`3r!zfa}^P4BiI5quE|8gNySY;{P&p`ko%|zcKL8?RxtJ@n*&TZkay^zi_w%*9S`b zFPHt#4IW&fU#IYacigQnUjV!doGHiGVR?KFgSR#3*c_#PtBv~Q*TGTn_=7pN)|`Lb zccoVwbFEQN>k)5h3$Evt_3jCv2apT|TjWR^abV_PcY+#!z>Q#pS;$M$m| zLAl<#k9;0yE_me&IrgEl9`LSQ4`=}IeMNs9TLC_MZH|4aw8Mw89oB%CyoTeD!k?3T zJ^1R^bL>DR|I=jt)8Omg(D(C+XTttXT*oNwbdYSPso?A0$+1<6|NEu?x!|?$=Cu3C z8o*25LqAaJXIR$H3h>^Ka_lqSp!xc>cgcRb27GlF&O?;)e^V$w_|i{u>>#uKrG~lD zKhoeU!EZ8i`*I^fHFOi_BY&Uf#6E|^COB`kA2y-%mZHNaxNa^!Y(hnN*ftR7$4~yt^MOCa>kO9Ky(e3Zf$DSU^*&nf(g z!VHC@CQ|Hm6A8Gn6FVcsks?X^z@|A@lxD73E^`fVxP zl|m1NvnV{7!XSlLQg{P}cT(6&;VTrbr|?G#vlNd0Or*O5g?mwWEQNjwucGi~3Lm5J zWeQ^yeof&3g%ds({&%8qKMK7R)=_vBg?CZ7io)k9e3!z{Dg24TVG2vW5b5kiVI_st z6xL99DuoLvyoACKg|}1q2!$_G_%4MTDC}Cr&-4n%qkKERIM#Ry!B%_L$%g6-3U8+R zeuCuR?iBn&lDiiOxs$?D(qC}4&}T^h8-*tlpGo2SzlwC1Cq#HK>Cb;f*ndQJ!$X3P zAiuXzyhh^JQ+OkVH&Ym)@D2)3TQ2-wLiXprDCDC_eq*7K_a%AD(IVY{*9rYk3{8O~wBcxwUcK&yT{s@xe#J3CxKcA62o%r|jg}%H?*nL9$UeX^&@$&5@!ldzP zT73QO^;wjUi(V3b{zloWc!Xi1UNZm$%$2^rwo@d#ebW-V))tStATJPM&GQ zuWPHbjj-{HyNz(+2OsdzHNVAv7{cC5XV2i_sukOxkI?&Lvu72;$WEPWKSwxq_kr^q zvuvUGjLY7dIm_0v;kr|%UOLOR?$~qAf8)tnwu5i;_tbtj%Nu@S>5k8ABL)|oZH0gQ z_e{HJ&zot!6xzc7RrqrR{^id{Jajy+q2oe6jF23><0!-U-ye(m ze_?$8PVqu_8>_1}|6L;NpwLD7`29lP_J9a$9u{FTO7R~Rq5nw{wmnVqvmy*q7=K>K zEiZ`B`LPH)eiWhqCpE13O~_qI5eD}c`L}u0Fu6)_Z=VQj?iC>~EC2cLBzp=wD0EUe z^W_(@_5bI~uaBV;|9@Hjyj8yZ9xC_$Zu#^6@?pMw|Eukrx7UULZTU8B-+cMIZ^t=s{q;H!c z?9L&*ty0J>2Z%6#-I^qs+}gZ9iGEg|S5SDzC}G#N-e+hYBH8wtkY6R)Lvkm{ev-c- zIYM%lakn3~d-$8N>$rDKqk-RI(Z6xnaa-8HUlAT`&e@Bw+CHWMR zgCw6patp~zNbVweImxyS!e2AV9+F=o*-vse$q|zKNbVqcTnUw*WEaV>+t4 zlKmv_PI83gDI|B0d?3k5l50qIbqoIil50p_LUM@YCX(AoUP*GCG7RhZSpGR_>i;BfL$d38;eR)hYe+tr4(e-7~)l8+}jMDiIVw~>4{$#Ig;C)xRv@OJ~rUXpJmIY{!m)IKdF-%Y%W0S`E`=xB>#hCXRomTl4LK*Ns@yk50TtL^49tGAi08M+rNargGu&~ zJfCDg$ybsbA^AR%J4jwda+2gHNOt`q{69}}4aw~!he&>n7bH7>75=^< z*-P?|BnL_Uh2$2J`$+C0IY+WBA^hz$LG)J-$x}%7lYA`65t2_Oxr5||BqvGkzD`{K z1^*-bUqQTu#Y)PIEJ z)x?b)!a){)gW(oVhpC&?nj%@yINy0~qMZKHZ zfAjagw0@TlaoJ&9U;H<=JZ}D%&&NZwZkE^ox8XF(M?U;N&Bu|OU5ESg+zhpddd!Fa zr}?<(f3rSr?-%Wz5C2c|vFHD0K2CUDjE8*qznTvo-~8L@JW;<#o-4u&NM23hE~GCd z`Be(z)W82ld<^NgrE={~@|_gs(;QFNOY=KLeLnrRD9@3zW*z9NIO(h<7c?w!O`AM* zvS**^OAKksRa2%<_Dr2TWxqWIaP8-rGTk%XbAavaz=8|Tab3Fb;!74^c!6umev>_u zJ+6xShKArJ2kyJ?Ig1{D$;6XtAv;JAav*-PPT#E3a~zh?0+wmDn# z2Z~2-i$97ca14j#h>Q}F23OGz>>O! zHbV$pc=m$8zJbMO?Q8V3eMJwGacq|~)GfZCVRAh;U$7_;49>r3;rUDE*Im3AeRA^I z@XMprEnI{s{6K+?pkwU$HZB@BV&sIejU&g7Dybd0$Ec%67L7V;kbHTzo*V*+8F19T}g;maPu+5)8^Mn&-o;v@; zIj0>yf9|O@htHqStI%A5^Ns4AznD9+oxfo51-5`Ka3Kb~^ax+JOBP?g5dIcie9qbY zze{a(OU^(4GP2?=p#K%2-74+g{}G`GjWu_(`XbxX&FYKgz7DgqBCPb~_kXDRQMS$P zn<&CcXvqYxIjZq@5q6n0ZB{=C+xDB&kGFMf zRzE@Rn=v~pvTb4W(ta9M@3h6Yt~INSzl&^J+G@_*oPI00565g&WZPQqzftuQZSl?Q z3n{W~W82(*ks{l+w(Lh@eNgqY9VYY5=}T?FPd2BYWQ+g0IsNu#xAN~I+Ya(?^B+aV z%C%V|{w}f^JA3~JD6;MJKXiN&E4HQBroaKk2&~L*T0fJZx7)_slAE+I&mq@)cJSh_ z!f!JEG#-*WsLfxCbC{a1z( z|2=|#n=2PTd~Qz952W0G&CXu@WwRYgHweGP-#niV%BMJ*+iXM7^Y|?Xd+`^1(#EJt zoIr2RKR^ES`2OES{D08}z*eO9TrKo2_~O4kNT2-IVTSyP@xRSBh4i*wq5ltL{;MK= z+eo43M}Gd}&mtT3wo>TNw+lTU)i?BA#X`ScsBL(3&Cu8UGSkrP1eyP^l^ON0g{|u` zaTWo=_??H)DA#E-4LM2mc6na^meBK48~%%szUEA!e@m!st4QxXRp|5Swv)c?Ymv{N zA@koyr0@Dg=ue@IbKj9Zw2#m?iRiWg(kH(Y`nja%d#`!^UDpWxAo<^)^c|lG{WGMm zCcWo2p|8WK3ICl*`p^S24Vl+3{{=|zY!mT4q`wq;-mje0uk!oq_%}&-ep)^feqt2= zUeb5W5c;2ld)s5A51#KeG#jZNo+o|VN}=DC{Jfcuf0EGW>v=uty_X8Ti{kTl5*hg! zb(rBFkMH{zm+}Mf_ic+O{p}yI%Jin*C@X@n@8I{El`JKfj52 z2I+(Mi};^VxqPIrq4DxKrF$Of{oBqo{PS_be+_y6>xKV(zr8B&|5c$so;FF}Mf%7` zUc-JFp9t}LhV-6~MSSDiBGA7{`kLoOy7!JYqT7BVeR3C}Z-mT$*?jyyuOaV44evyK z@OtQ4B>ewD`L7^-$5`R#LAr5uDCu2|LZ732o=*D6BBB3-ZlwJ!um4!+=Tm<8w;g!8 zwi1!<%aHkR73q_&i1@}kL!j>P?61e$<$=KA=TLeJ}$|H?_<@pqwriu@l$`pA=BBVId|_c+pbeIVk`B|m47 zzU5n?Kf-R9*_Mz#_^T+df0EE&pZ60H{%NZ-;>KZBd&$uANBnYZlKkJiJHkvXK0*CjV3o zwu=n?B%5oK{9i+UyjKZ7#=F|!@lMhQ_pUbl*P>qd?{U(1?IiRMQvZLQ^ez3u&+(L> zuSst!67k39GlcQV>#fTp^xIMWxJV!WL-_fX{CM;6Z6f|I6#o>`dw&!09~arQokx1x zfY4WxpDRi4yjAFpXOUrZ8|iCq7y4t#|D&W2ZW8~ky#Fo{e=922KS}Ru7y8{O-3;mD zM+^OnMIxhPFc0y1=!gkDKfdzcj-+qv6nZ?`Y5exe$DbzZ!FVSY$dROv>@W1jJ2;?U zK>Eo@Q|PQEy539jNre6NFQkw`lE%~b`<$py8bdlgKQhW#S}lk zA2oj*Zz8?tZsF&jl+SxeU$b234g&7}7tTkAH)Re>Uk~CVk7_gub5i?~p!n zvC#81C;t1C^zn0q{v^`(6^_ z>9-+$#}W~LH_}&--n)tZK+=0!Mg07{dTc&^gV66teio44Px`M&AB3LI=blaG!!YTm zZlZsX^j^}(seWD{|1}SabRQ@GofO~oAJHF*N&g+`%Qw*vklsW3ynhFl0C>H*9uofZ z=fitJzq$TA9eQ3aS5i&4iu9GF&-YIs={=k1PbYoFCi;5ljr=?%@-vmnbp^$rxJkM< zlfHBlKlhN{xk>ydN$=ex{%g>0uDqSl^Zc}YCGr!b{Jc;4cvk3*cMgDkL3)q#a3ki= z6#w6OKRXM(o5rIZ$2acZIZo&&juZylk=|w(`p=4l-c5S%B%xnG@ed}wYfGWepSPbx zdjD2J-$ecDf_(fvgnlvUuP1$SYoT96`WDi+?IiTyQMsNaeSDxAJ~+qJFB2 zh5jqjdu<}V@$Oon|B$|G7oj)ag$KPI=Y2-~4+}rDC_h_~KKP>0-zD7J_9nf58{ua? z)ti^}-cLmQM=1UYdHu^mzccy&_1Mk#hqEYtO~3H}H2FD?^tL{sKb-t5A-(H0p+AW9 zA<{?Mh5jV!4`I^#&lY;Tder#cPx`i_g??MoNArHp6Z+pNKWj-Jze4EgGRPJqeXw5W z|3dM9B)$JQq0b-pbENM$L5;uF1ko;$bA!EO6b3!{Ljh9-%IH8 z{qt1PJMR+u8z}yHr1#HL<6lMk1}?Y-;?swOZxb~g?`6kVK7AcJLi+=BGBtA+kt^5e?uDgHsEp9=lvj#FDt;>YDJ z@P0IL-?o?H&qRE#@0cU>$e!^#Ca<5R>T3->t{>?3A0+=J zurrQpUmjs-9;SA8Qa;-#{%neWIr(vs{|eIIK>Em;YPxrk-hY_TcTxOR`TQIz^byiO zMS9P{~m@ZPM3xMf?uZf0Fl4`h0zULwe^-5x7A6He7*gJ^fgqU`Eu<~`p72jSVj6SN;ki5FgvfO z{O9ZQMAF-;MSj{TKl4f7@&EC4=W$cb|NqBN`=Vv+Wyw&{h7oBYofa)xOnXG8vLs|8 z6v>pLvP~gLX%Z@=k&;RpTe6Re3TYC`J`|GZcg}e}Uf)~S(dT#maOr-%uGe{=*ZY0m z=ggTiXK-&21j}$d)>QEo@iA7P_VPG+Mq7Tyt>wQPk91Ick@0z%_f}1C9h>+eSj+MXcZI8cH z@?IGF`%(5u?MIu~-lK7MgM2LB$ozEqqe|nn!c+fho{13O15b}u{LjQ+j^|&N|3rU{ zw)m&z_po2zhZmob+j0Cc+}$XDo%KF%K1x0WUxUXUl?UIo>9y%oJULl@1M%BD59T-K zhaBzy)$$yoc>nVt{<0sB&X&(&yCO%Z&Y4f;c08($C*ty9%-d(?+;2~c z&l}o)bQ$saPZa+V@z>+gZSuynGZo~i;iQ;{S*B_b$o=;({bi2l!F+p6 zpWxqiTzHB2VoSxRiGPRq)StbB__+6a&tEnLUeihNdOS*de#GOU*YAfg&nKGn3I0A6 z{MWlKhsQ(nc5OVvJZ#6KQ}O7T%Hz_`=6JfVydwF}_uStv+*7n&MZ7zndQNWFQR^|E zCuxt(0|UsP!AFwk8a&!X>&@af;RUw0Bkdf67m2TdPsUTUKSG{|@pw1o&){<`{vx@> zFS7i^PbB^^j@Q{fCF5VQJQvFCc>Ol+#^rhPY`~+O&oslg;*rpK&UbhcxATX+c)GXp z?<7wJui(Kv+*5AxN1M}rJ6>eS zOK#T(coDb!oAE5}l4qxRf93K187#Z-0-nLWOOQeT#@R1y+*ZL;mnx6d^H}ps-l>6u*Z&_3@ai{5O%O z6P_xgJi&L|dA}QKdHz+NhnW8-;#uGJWG7Bjn+FEe;HN8!%JxJ$pQ+Kw|AkDjmXP0^2|@N_%5 z)&G9WgIj&(;ITd0-ifSt6(0FVemA}eFRqu{dG9Vf)mH0WNqlwh!`yy7Gv6q_7419) zcQ(oG`fw|}_>R0e@x5{PZFvE|4v%k^KZ1|PBUj1&>l*$t6OYpVH^k0TJo%;K&m{f> z^QPLaRTcFI+wkJ0@d;4iCGn@=$)57s_&FATt9%;m>48V4 z5zl$!HMlcX?%%)SFL&Vio8@`(Pq+Ai@*Vgxyf{zZwu17!k7w?c_h7wS@yM(4f9fgz zH#}dbQvhSU_fh;M;@$G-*CAO$zK}fi@MtahRpk}m%HpfYUE;66vxmwbrTt^^+)A~l zGxeW^J1@$EXYG2cScWHt(tg`s%X61}B>BI>)8piIsPkSta!)^6mI|+?_1%i9dm7E|3S$toPRODjx45 zxBcjI^Lg4Y{QD98{L{9go(KUqw5gw|I^V_3*WLTafJM@b; zEd)yo&;5R%7^+)0;D7rS_j%T0R0#9HM!k9Pv{<_w%Pi$Jq?=@l%y& zG~;tAo;z9VovHNB8uPp5|Kguno(fuTqO^Xo3(r=P+x~TEZPh2TL+h>VoqzaCBRqbj z;undX)_C@4`D*-9+&N0V8@~lFv{pNhrw;ex(Nc={@2B*a1$eHkd@}9-0ME2nJ7*BT z4KJJ^zmxp?@W>LmomW(^qwRGU$(N9)4xX$a_wQrymzEaKd^k(&#PK+FNZBJf4zY%zp7C9=TWEfjTV1Q@6=&zkVOj-6~&3{x9%kZ}}Ve zZ@AM~{yJXi6!z2h#IwD%@JPp!-W*S!E3Zy`7d$&j-k0_#EYF4V=kQzcLMOR@Ke4|& z?D@gQe}?$zD#c%*aA*Hfn&)2*9Y>z=;{EwQ7n=XG_}WnX3i2mcD8G06M6kRa#Mf{t zZqo6zEdCMk>3NE8gcmFi?fix9-D~krDENIProF;kb2g~os8W79EHEM#EWy} zkBhzUA5)(EeEBHiFE@Wo{uASE1Rj4zUhwWS^OwnZiaI<_`)A=fw)YV7FZBHX*I$J# z${+5pe5n4`Upqtnwam-!_hTXC){h%PdEOwt81fJBO`$v+Jr7=&y{&dyKkmR|71VOO zPyR2wxJ&U-j$c*lD^H@5;$7-f7mvTE_`9j+xpm^S`+Vd~*k&6_6Jawz#-FV~Y&o_|U z`SxjetiQY$4Qk`LpT9;Ze{bTWgA^aFq!kavossgk%(vt4$l>zEv~wEyolqU-;gQgK zmy;*aTzQhz;axm?n%vGCzrf?S%SY0l-*DHJyW}b3?U;Uj(wE8Y{O1@vafm!l{AqX; zKacHdkGt&@KLH+FqF-*u^W)?j$o~i)X(jJXo~*?mD!1!MZ{Wof4S=q>ua`+J83gUL#+Pcg2&}%ip8^m*aW%Upp_l z!}8pu_{HRT)boSQKXW|~uJ`gBO52ZK#m@@)=D@w{tNXM++WztnemQP=>Yk?YKQR>F zCUEcdFZnG`KfGCJy`%7RL;fJ%G2|}>Ueg&8YR?Az+K}(Yv!Qk#f4bVA48^y==ZE5l z;3Gou_u|t-@z3KUL-B9p=}`O*JQZ@sdtu_wGowR!>fuf(zG>h!95+<|?w%iPob)G8 zWm2;>UaL&l}E4joX(Qw~yeNth^Wd*8)8Cc}ZXO zKk~ohxj)YBd8^*(L9l#^+w)k>cUb;morAbx#Q%vGw#pBuon_BZ`?F)^KXBYR3@?&r zO*JK|i^s1}yxkw(0(Y;HS0#TJi~myoCG8oA=laQysH|U%FyA7-llc4a810{rKZZwB zinsasS={|eZpVvNcznCO$nonv-1(|xp3m^uQ28y?r-I0&ZM5ID_!aW1v~vI+Jx)H{n~MD98q0I9-0lxa znNO1MrT$a!*j@50>s^Su&&jvrIXuxpZtov`glAUC-zERocrqvVKgZ}V|KhRTnh%E% ze^e9IE%KS-)2z2Hp7~t9RcV|ic>YlN-|W{N@xmX zM9WiIelk7_&u*4?r#%btd_(yS_$oZwRz8G0AL23gqeqDU0xy(P{35()@r>vD@cnqY zyyC~;)y`HuGo|D^S#K@#`{a)>&osu}2jyjm?|{c2lBdYu4^Nko@4>Ie^Tg-LbF0O- zQ~W#h`~7(83%N`DlX#?p+^#i&7{tg4-)!-v;*)Amtt!eB#S^pS57YkUxbuYkYwFh1bHDus)|*or=Vsz#uPOc>;_t(=ugHg! ze*s=xEWeTZe2hn4klTGPd+_wj@?*$zLUV0b@+EojU5;LxTH&z^h-aP|faliAd(-~g zEzgZ|>-UH7d`J0U;-9qmKUL=@Z0|}ueY4^pA^uZ~FC!m-@5Cc(~Q6|GYgGI;4g=K0-g!^EZq5bRIo*q*;$Nt48^~V z$3tGg-H`9Wr-!`yIojTdA+Lw0LhWgdj|_P~&;9+y-K&1|P9uZmdg9Ze{1YsH$Y)so zkT1cLA%71~gnS!5B;@<>Y{-u~S9KT?+OGO|GUToBi6QTU7eo1n;`xw|!#jrZJcjQK z#b@zEDE@6c9`Y~nLMYEZyk98(h?c5DI^?I~6+<4!H-+-wh&Kzx-;d`)@$>LlDE@7H zZ76;Vz9;0n@Ma;e>|Mz6_v?NkKLK|`>urM93waN`M#zWZk&xemM?=2AJk*|7EI-cl z?0o8Zuz%g7`DzRE{I7Vdiu??3Klhi4trVXaB_GFe`~UVb63FPh`Ai{z6ykL`!2 zd&}*4Vz+yKu=9$^p8K!s^IXTMq2@U0z^gm<{U+XFC|IW9_WdUv@tNe=8Ok%4c>6vS z%l`~+- zj5=>3Pb`#YEAjR{EphUEOMJ&r{7=N&_qJq+-;FzbuZ#bjDS!E!Jc&@A(yrfM)gAl3 zmwJA%w^VY~k0V3zk-)2ap9|1=)E+>$G#t?2HRUJaPK-#C{G>Y?fYWve5?U( z-zW1X$K@D#=7;h$CEmVYCgNy054Z21`2s&b@ET4ol&1^v_I)%~hn~27UyZ$fyqG+j zLU|Iz+xOR4o-1+tew+D@mTLpA;S@u8ZY18m@5Z+4R@}Z1rLI5^vw9V|kvy?fZ7(^w)gyGz;ZfM7(_ukL{-~5g!l5uOi;Q zpJ$(=L-oCHL+PMz5@AHY$&duaWh4K`Lx9|BWOZ*Pvr-$NyBHq6DC*x?@ zh1>T69bxCCfqT!%3FUEGYd^B@3-T@_1WSd$YdC8|@zsd8?-A-p{E@^LLh;8DZ{I6q z{azcl?;XmKrvZ8Pgz}t0ynPRm?AbN~35`bo#B?`i)-#7D?e1D_GNH}CPiNpFQ zzvQ{U-a_wgL541+l;~YN(Nw;f{9oa@`dtID&zJ4RqbDi8729=q8}gqeKZ^XP;L#n* zQ;X{x9r5B!d3BCom*Ls5@`2>J3D0bo+w%<`z@0gA`~2yAJT*yPsG<$?A3x~VA=+7f z0r@|+_`&jzY0po1_DFe(`jl=F#hv^qJ@W`Wbdp^wRxKot>OrEZI5g%SgzZi-a zDyW{-8E>QUWKHF1&hhI}+_^;YT}vy^V!T*gZqH5fA1~(DAy-~`9;7{6@k9l=T^HSl z$B4h1_@mk>PwWQ8ufrSR*`$07b#9A0hp9dGxyycd=4iQh8W1eQ@I+nZvHtZR!xfC@ zJ#xGMc9!Kivt)Y~;gOj9TH5nEp4=_Js;t(#8IND5_GF0Ph3EEa|Gg5gcs_Ngt~`@y zzyDYvznw1e-f3{Kw7}DUDUTgz<9M=5$vju$sZgGj#m5ytkNh)mr>oqK3yUpJJGouw zf7{|K$$OG#o8@mMe+A!*C$`DYX1w_y2M+q>bNRjaS$OV8d5bbibOD~)M|?T?U_A4! zJjHs);OP-^8*l!{c>VQ8Zj{@2TYx)^!#U*fKj!Sm7t5-Dx6#h^xEnk{-*KL%e|O@E zAYg7SR8dN08fW8{O0A8z?a zm-M@E=WMOF7kOsj=_ZQLQUAr3=XAx}`NkSNcCGwS@)YpoNadMAo zpQl2{qZ*$3^(nloczf>R8F=gi`PbCb{}_}XpL#+*m;C)L{wTS99^pnjIbUv{yYW9R z;pfS&mDeTD0?SW5?K)%*PfSz%LgK%){9EOApX8tBU&?={zxfwb? z<^FSx{iO{a&B@1Bl=sIo&&tOfA@^@v4YuoP`HS?|WIWIK*+~A`mVdqCU!@lm5P^@QU+_uHAgNqOuz?%$T$zW_>C}hAj?;?xSYPEooIHK;0>{T`)IW)5 znP*Co$bZ{0Snn~)(}_I(+laoWhsvkmAK~$Sa=R}5D;|rxdG%l)sd^4pU;QQlwd9O0$)Jw^YT`=tIK)-<7{m-t0O#&3BH(VNKljH?Ingx_Fqd6D_&89aKN{K`tfubmw3oG1U0 z6@QAS>&n|I-1!+VmXTkHJKhBZzdhN*<+i^ZZGMD&KJj(&!bS4e@w4%mUqEm92=9Ow zPm`ZZ$MnQAegVDZBL@%5P!(pMd9|mD};C37)%5-jY1$ z<59M^A?v*ekK^s};kf&_^6bLz$Ma9i?RYvDPv0fKnDxGhN5;sPljl{-KVIGl|Hyo{ z{0ICSJWrla89)0xKiGIH?Y-bVm{;}O-``WOEB_|ic?=%=LOukqho{%bPiDQ%@a#6Z zeQva?#c!9_ru~C0{yq6Chv*l#<8j(^8u9nyiO&^ZAD`p7f83e>ovsH?#Gl7w-QKbA0e;I zddFJ+!{s&~-sic0UX%}=|4hSohR&Cs!*ikdH}LmE@muh zRQbK+{}E5%L-GB1+&@wA78?)Mz0=fSo;gu@Ze)Pg#&atbZ`Yrj;>qQ5UOqZq@Qi=L z<1H@+|8<=H<~5Yx-X9redDbd^G4bQ@=o4( zd}7`}@%DM}9p?TCmA9Nlo>JZ$bAEkdC(D1wkH*u>)Xo*OzoEs~SNt&A>EapIYuCLm z!reEOXC-;A#*=T!t^T*0zaqEKiKp>gWv$oh`2?OiMDBktn!hZu_^R@ioUgub@rTO` zLA2u(aEJJ%_>Xv$et8N13(p^^JT}hDU!;1bkCK<6o=4%)vhuZfZ9KnD+q;_l&GGDd zd5Z1oWBE%f&scmY9;+xHijT)LmE=E>f3D@Bo~Pn3;>GfcZ%&>yo*!&KT~E9_UGcNX z^DUm6EuW45fu|lX>E$n`ZjZ^YA^vc@K>i!?I(T-5;xEOU;E^Zf&*L5N*dy{g@xFL! zrhGI$2zO}bZTQXRvr5L_g=eS9ZzcX=JVks8Uuf|UEB<=?P23In=Xf+!&)saT}z zXO80SeXIF+f;_jACui}Y{`vsVWxW%AZ?XAvD_&SCKaS($FSzT!0P&W`*dOQuW#^~~L^_;Y!^Ru^}-%I$e*=iuqR@`u@v5_s}U`CGx-9cL7tDiDuP$20y5 z7H>J5d2A8x{HXYI$o~c&{ZR35kmozgzf1AlnsNlG;SZ@7N*W7<$ z$@l#=d>XU6Kx6iZJ!qYEmz0Z^9 zEId;~`KQv(K6tK|@_dC4wfNKJ-etXDxeJd^ln-Kn&c!3!wBD(l=PbvwXUeVLKfrT& zwWnG{`M<-9anZEy4p#lOjR)xz@yd4c_?EuP&jx9^*~2G5)%Uq<{yyl|A< zuFuTJ-L~@cSnmgTvXFpL$IdnEb|IEsk@< zrsIjainsU8U$*@HuO;a?E*mJii@=W9IEPkFp<3YI@DzP~(5dk(om+m-oTZvA@_?p&+C@8Tm2fIUO(f z7xcX4b=uz*Pra^ouBf8z9g4dj$zLifzsvk$xxJ777#`zz>YZ){%VLW^P4T1fxA5q5 za_jdmaOZjX5aRdXY2wWf^Zv*0FK40RW5hScV|W_xfM?177v2w#GS7^~Z^CorITybV zPm;%czU5z3vOTZj1w2Zg4S4(v#ka+O#&guoywcU$Ubm&jgN@tTc=EiGejXn6FGPFG zt&E3D@zfVu?|ZEG4m{sldF=ZCEIhtJ@m~`EDxTaZxAXr^mM15-^TXe8hdk}bQ`Nh` z<@aOm6UEPEd^W`0to(N3JL0Lw)y}htzYdT1Z%lZL)n^QztgkwpK^>;!Y5&5zx7c$7 z7F(WkOXhhK&$N=C&U!ak{0QZ#9b|KyU(7kLo{m@aUikaln>a^#vUqJg`IojgiJyb# z%j)=kEPfH5*;}%m!|=#Lx!u2%w)}U?y=gF5p25=vt@l=ZB_7>FzuA2flZtdxVJAcaU`t2=vF0K08>(i-thIy|g z?aAVWL5jEgTi&z$Q{{FY_y;_HyWGAnvix=0u2dzt_cAJ2YT+(^9^Mo$+^#y!P?MugJV4R`#0ZN+jS=Kr{lThay#!mA9uT`ALnyi8;EDWQG6fTc>`X!U-35o zJY@OHYaG7HdY{1)&ne!<;oEp*hw?Wj{}*`jF6FWNYJSHvGgJrt)^VzM7n=O-EsjTlO2D&C+vWO*Iei1_1h zhjH5kZ-yuLb`PW+=aX^V?bai3JD(hcr~Xy^b;OUs3mhNsC;wx3?oY+r>&-=Yp5xcU z#J`0XOZN!G?tj=~{+!&-WB1_kh4OFMziM~`IG6`GF5C5@Gx5Zeiob{TUVuB5u*=~ zaQSD4Xaml`qxIz194_yGyN}E5^QV{LMe6WZ1;yWpr_WKmeed2B%kz`GWqHNV#k0HR zR{yumtIF+pS)bv>!{qv};}k8P`K@Us<&WG%KMqi2PwLqOk8YEHgm=WV@5t||t~^)Z z`8(tj87Ft*&M)){CEsxWWUs`;3`RDZGE7x3ltLPW+<1wz!&n5mlyx329PQokRrtK>5x~2u^?Z@D0&WHOEe;S^-RC&Io z{q6AF(el~Uxi20YuXg@Uo~!U8?-MoUxG)Zn9;Q5x(w^zK+e}`Gak$v>pDnlh7V>!E zN7cU}^UqE^u~WW?{wh71{{2C|hV80}7v`z`8)$zsJmKH?=PmU)p7y{q)#W3}e*+%H zy?+MFeRz!PB$M$4c>G-D=|eqpc=`tUUBs`$QW!I@IiPwC%5~SM_Qh|{36W+b@%gxWwBlc4dspH4*VWE{ ztqyqcS^25#N8jPu1@e}(bHDlV%5R^Cs&fZ*xIkW>{4MZUO?gf755Q9&DgTeOeeXht#Jj?%pk5R!R+u&CY1(7+ z(tO;Rr1%!4mH$;ddWqcji**)HomWz~ukrN7iob{T{^|L_#^E7%`qz1CdS8t0oj3)H zPF(yyJ6QbDLHwak#rJH6*I(5Q{0OJ;f#s3=|2;A!-|D;pcgM62;_Uf0JMes=OW-l3arWTFmpcV=HePMK+L`awK9GO$`sSBh z7)THL_bfa+OMWWxZSlzC+TPN5PrTSt{ti9}cS|dewP!dUbJfn(#NUe-wwBzkCoKNw zwn3zR>o`mCNI`k_kmsGi`Nsi23jf1*Tb_T;527F7Z%R*4-7>#ujo#(rV2R+_t?IAu zsoSY|w3XU96K{zZx_1u#-pU<7)_F4Q8)uATaTix40 zf4@lbe0Z1mWAIcj)zkKuGw@us<2R%F|ayHB?XM7{4ghuqCLd{nZF_+#+wt+q{#PJ#r?TJ4taQ<- zsq&mzLBG5hcfQnmkD!0A!=r7^4+2jh*PVD|dddBL2A<~g9X4M*XZfE}JMBDkIbJ+V zw(n#%mlzBCV=XR+6f0E}yJX=of=}*ebai@>^_Z0j(+`Zs} zKq`_a75IPK^RUG)(fsf-Ay4ADsme1KUxXLvN2~v9mgg4DKlZtsPx0hD?bnklDbde( z{$16fNdA8;zyE*~Z?VriSM_!ff4__P54`dg@8xr_)WwUT<9IVXKT-M5BK~~yj>>a7 z-U~0Br6ZSJHyeb)vclpI%CJVO1; z6aOCWysr9OLH};_{7~;aITiZex9!B|?o+&a*>TF;>o`$z9{A$~&;2}w(EF<2tnlM& zILUP-&sWd%;{AS!UZHw^PO^@8_EwG0{*3d!=6|W44-tQ@<+)e=H5I=NPq~V>_xGpZ z$p>|Od6W2Amj4!wH#-k}+Txe04%3K#0ndG>{q9|SJzjW5+jS1@U-_l#6WOOalqG%} z@y=ZuKh@~4-^^of5P3}*{XwbwRJYuhT>^-Sotk*0r~GpI_dGnxd6BlxaRyqRQra$i ze%JMQv4D^uR7Rvy@|)VX*{3HdN<;^{u*y< z7(ZX(PUyH(=HVkJd61JmCBzY z|M__KF|~gN+j|L~WW04GK8d?8r~+5uqw(|-<%yH$K|J?*ryz1V@lWCLya`V&RUSM49E)e0%QdTbpVPtbPHB^DfOR%#}mrGj{3~TbN&Owyrnk2 z5RY_Lzt^M=uUno$%9AI4ec=4#fFC=FFSgJ)SF5~hr4Oo}iG3Fa(Lb=g$KlCR+O8+b z)fjg|$Jw@c<~7YTCy=Kv9^YKDzsBIvdsNTk$UhBF{ZXPPFBm3aDhwf{@{ zH;-r9Y5crGd%nSQ$GX89tFhkS1Lq$H{HW-iPzB>{nZ|iv@*Ixm-_-nO&oSPg)%>4i z{x6X0RN_(y2` z&K%t3ISkLS-skbiRf@OIspatKe${yi@mulua=FWXvBz`&ytf!S?>*#U)ib-JYNB2XWJ5A2#ufacrtW7b_kv-uX-+E-6Ji}_a)nT7w)vv zxIL8k*?8tA)vYo99G(reXNBeOp&n^X{2II%ng=%ExyD_C$c@DRipM|H{BQ{MFYBF< z`{OnqTJK@Fd#~2}An^_Hz`&Yu|0X()xb?8B!6U;Z296xO=&mF4g5aI{mk?kepZwZ{B1Aa^) zzWAWp`6Iu}Se|s7KPAo4Nd$Kkm~>i4eH|K7j}I^f4_;)^RZe(ZhZ zC3s?<`mqUr^A?`=AFSss&CBQ)U*gf;>X(6H=WjfJhmMbvY0n{#vfqW?ANl?_-~YQb zB0k}0e|d(G4uStS{wm@#w`ly>`PiN27pgve_|r5V<$C5Kd^Vn{u6a9&FU4b@s17dM z^*Wvi9rwS&I$H-rK2IFdv&OoZ${DZp-)PB3p))r3;RvxeH!O|O# zmscGw!Ci0I_~SOs^Mab=gDn0wjjIXxZRTH;-0$wiQ=#*gS%LG%2mDxMd9K%fx0~^^ z3XjxsgXoU@%?8WQb9FAmzr(X*RR1WxA5V{H9f+OZ9^>sG{`M9pxPfo2tUqXiC*rE- zlk`hl+<8Isq@Dl7El(wl!+uKR497E}^Yav*49y!;J&$Hn&r^th0*`&J z?YaqHj3+|#c^)q;RQwX!vlUN%R&t#GiDxfYym!-Bu#}m_e$-Iy|AqC|#51kb&a?4T z1Lq$H{Af*lWSfo)y%>iV;`z36`<(BUc>GSa$L5V2@JxI4m-b@sb0mQuutNU#IpTA- zYyNM^dY9vg$JLKV5x)U1@P1zd{43nyx{dYwK6AcT_cY?GdKZrT{V`EWb$%B=1usli zJtKH4^9OVsS%$~)_@^cNE8)5Ser1a5#$}1Wf%sw{^~*H2cM|SCpgOFee;44X>s5zi z$+HYka-GfExgL*vq4?H}tL>g2>UiHn%5!&XkmoPrGY^#9-fFW|pXeQ(gUG*#KL(G- zG#>1AbOSthyW(y9G{YUP*R3Z{d&?i1uLj|T6Ev>Aru{cr9_Go5$P+7FD%ek}gsw|Z zB0f1%_57ZCK8P2O(hNVE`oD;$JGw#UxAE8TNa*#*_js-UX!j-7 z!V96}*Xeki=iu3X)C$jZa2IR|H$_GE3rFe0y>UoXWc`tDOalntQfqU;4|D*N{qdmLuSPwUd zw(D>I;K{{m&zr$-9jEdfZLc#{d79y;;O@B^=TDW@FPfR>G=6Sk{ItW+5RDb0hA2S8~68!2B_tKNM-t96a*9)_Zg*{bG^DM-^}P9le6bCuw`nAkQawf#*zK zg>T0b<@Dj=|@eS5f{b?R*I@UeZ>P_!>Op ze{qbr*!?_P@xqD9ze|7R>@lCDJg4J_JgIu7Hfevf>z`5FZLN9o(K7mjrWPN%kD@1D z9H9Jm92saHIxZ)1=TtXH{5$O#gGW!0H^iso3GxiY-@x-oPdhH6~de0w5ZJXQ5vz<%8kPt4SMt^IxQ)VcEeh`$DpHEa{CFU@*K;gM521o8v^ z0Pa-PdLP8+;mK2U{%_yw^cJ4yeRjJaax?B;;szN$CeJq(f2{gf|8<;Qc)YXvr7rOm z=BqvhUhmAtkH>SN<9H)H-&mDAj&a+@{8%^0Fqk|S;l;t4A6~$(vHX{I2*i#Tcj0a) z_2W+BXW>o@?MHUM(*lbRooBvm&ie&#ljj}0$o;PW;$PsI&^X+UNA~ObkN2`DSgI{h z-4YLL-l&3~h)36IeBM++zi4dn3)Oy`|Brk4;QNtFd?BX&WfS8qjytEhL1KF@*`;`f z<4Y6Tb1m-9Qy%YSOR(H#{+rtWD1INF;QpVE_&hxJi|TMJ{r(0X9jSh_d3!USi)x(L zC(j>vey02!{IF+K&uHkn;)!_iN$p?fv)-n7j_(azT~>)Ym{-((% z!*ewh-kZ96*W>Zw8b5ZPKN-*M>JlW*(Vpp^``eq~dys8==MbO%QSmY2mslQNubID( zySvoRdc^;V7kGco_Uj7Iv%haFnLmohmUap-h_ILG0MhqZs%>&KJvXnob83G0nnp3v*@-nctY z`_YFSrv{ndr~Tz#+H)Q53|9W1@w@P11;!!%5FQWRZ}2Rh`Aqrk^~G{LQA=BTGI`eH zsnGq0yYT2cTJLMbSIqkL{O?jTaPNK9bJZ{X==X+r;&aWO(yFLbpJ!V!O8E zG5?EWyv6eTWBKnW8R32^ZK-L={;?DbbYJhDdZnOk0e&;rl@P;$TSjA!|L zO;7S)gvWkSI}gQ2;Hd!@2BO)(aVFz&-j6m5LKD|}jYwrucfjjqUzOwE5 z5Ks2kcFiMy!SalX2V&PJcj3ivRG+WdU#cut-J-WB&yVCe5l>&C{+*0B!wc0kehw?6 zUv$Ka+e+5+GCUVLkNVp?VfK$NiO}(7B=M2Z`wJ8B*lhK?9j_n6Q_M?)82@v;H&%^^PjobsGY{35*AMB8hxzuvU^jPl!a5~6sK_w{PBUo^p^^A-OldD;ffKMwfOoA}H&ZI^u?<+Zr;w%XZ- zI*iBjH8g%ElvA?D@nm_m->!o#w|M50c9j&r!Q#0-e;aMufv3x<{@>$&;6?w7DZQmH z9$BLLr@FL?EqnAph#&OZ+L@gngK*FzHgZk6T#L-lEiufx+{_X?yA$@XVne~L6j;GpDXWH2gFP!ZLk)!CB{&*~Oo#&4S55C?B#OJu~VaJgf zc)Cj0AisB79xO|7Cv@Ih2%Mk;e(WdS{X_McR#Cq^e%Zm>b4K7^9k}ji@2j4V=lm~F z^Oob4#_5Nr;;jQ&P5$OjYM$>Gnul*7zVML7!_DMLS)R$7-&)~M;rWb?J9Y3S=0oKF zQvdhy^vycn+3{i%p4qN`+{JkK)#6ubfBz9b#5+Ot&nr@VzUEZc+XzpG?hm=Z;y+QH zcN5R)aZ?#?R7`Gqb zvB%^Qws#xu@P66p@~Wt@aD=pTSaLh3Zq_^O9P-_dN!9g3m2#G&;^{c%;1YJWZa#PijAUnf<6A z-qGS0sbB2*+x_tP7G<{af4w=Mw{1wCJMjD?8V`-}G@j)3qg@Y~ho?fXkCs}V>DsT? zlIIP)_>d}a9ljoq@c9=V-5h7T=l=a*;mJis}%6Jms?yA62aGu7vB^6bDPd`_(i z{u`b=v11^1eZKUos$2S3wdXG4BX|P0_140RpJ}@WaJ)MwaQ^s!AAN|AhF%w3g{Qfn z!RE=E{zsmP#HT`err|lRZ(G02$0PeSo-?#*1s+Rkyd6Tnuf-ELs}6P^@&%sZ`k0+B z?ZgX%)L%2nzuWTMrTx*4zok|)K3`CKhO*wn@Z2`VKSiEeczVCa^CbLqbMBM$Ru?Sg zzW4Kck6EhW3i$8Fk4zb3KX{^qn(t#X{JaW{0`W+a~Itvut&a~~eNTlH*JUMrr7 z=ih1_KpV!%^LXS>)!D|?O7qZq-^HCfRiDjl*Css5_shrdZ}HS#H;~D+=P$g-^~qMm z*U0&w_y6y5is$}$X_4yyq;Zmb96m6hl;JRiDWy-VP%?0_E$;*)%C zB~LrYcIKO0Y5$=J{Q`qZ}IqS)u#@B zv)l7SOV@BlhMpr)>UGt}3H4W9Ji+_6?~>Ux7H!^vHRH;<2lZ&^;eGb9`1J1 zIP6LO&+!!Vz|-Xa4lmrQEqaFd(r>Uo@_GN-#7FSRMaqA5Y5k%Op1oUp;aTOi z{~DfPzq9v?H+k-#kGZ_>UzR*Oh);2To4|MD(H83W4%Da0o2q9a^!nmBJh4^v{Ggl? z)yJJ(CC@ipycjwUk9+R7v)o78@7Ud)!Nf9Y!<}m9xn<;s z;mH=-u2ZO6Z9LEOou-oiEWFTM?ca}g#j|CV|8o2?JTdG+v=GW7n`1$d!>@_$AAMR+W99d864|3vHkmiX~_k>?=Y zfj@#5TByG!(*A{b;)}LHWRm!I@eI$`dJNx!JMU|poKKy1;n}qE>$l$Xi{4g!BDIv? z?(3*(evZb;MDj=R=&#DKnfxs*zNx$s?e7{me|*4?%ZN|i*(Oj`$#HJ;+~2RAtNSXN zJoghH*{AsOOrW#P%jtE8z0dd}UVOGgkY@wyehW|Xeo*~#`o(68U#xih9L*27`*gb? zupxQ&yaPGKN*jYK0k=G_tzf8qc^LayT~&ikFC%+IR}3QPp(i;jm6&%oPQkf<8#Z; zb>^Y`?oT`uIuEb#4*MzhHN9L$e^4DSj@5DYD)Q99bG#01il2qYF4A_LM;$uh$qPFK zk=u#C3{P<#=@@(@Uie(wYwssc#uN3Gzc1~aW_i|h3NjqZdgtTGuhjmUQLW$wJkRq9 zk7vDW@pu)r^9}NB!PDF)c{{!nFZNe_Bl7IC_b4h8h3=a=^gV5_vs?XjHRGot?uK5cw8r!M)sHrhb;jcx)t;@iv#)vm z3j#^e&Y_n73&mfK--0KZ-{#}v@z{Euk9lv$2g@wWQ$zhVzP$VeJjMMj=ZT%wc$Vw= zwjZs-6F)1@#tQm_Z}B+iQHPM{58NHDI$VNRcwhBQT%++^7e5Y9a=)VO7cKA@pL@N9 z_>LCO>r=}!7|+boIJ|=R8}USY)w2?HxC4*QRsHRKgnRJ(8OqazJo9m9i{icAAy}5< zvCwtJxA8~^)y{>a^3{)*C(-Aw4tQjwj=w+hH~sP0j~51VJMABir+-yHK27^mc=Sq*&+p0e zC?4ne9#*#{-UV3yex!P#_rVtt?|iI&Uqt@5J@?OJ3&Z*bnQM^$b6f9B#UDldZ+PTQ zH;A0ccq^Y*-D08V7RK=64;s(+kiRpY=6&iD@xFMfrAE{sdHve`>Vn{{6bq z(EBNO5%0WqVG!S%_D?e(tp2S_{^#&$W3Bg{iu%QBJbjnO=LX`p;JK%}1!B)B`px3& zs=w;8-pU`VKKTk=g80gex0CSLgzkaAN&cpIF{eCB$ZfurN{wZ5Ye{edU4aIlIRiBM<20TZ z68|Hf;B!4T5B!U#W~mN#AKFpgj_)5AoHd%q_K_!sN4{_asmnlbj~9N`dWTSli}CDO z`3UmdWO?q^xc!LuiFlN8Zr5REnQv9ysxTg2G{08)FDCzL%OCoj^=3SFjpjGIp0>lB z=R8=QOMRj`WFFEuyuY$m5W$N)XP^n|t&6+s)XpQ>t{Co|6b~Y+;~ntWF3qcXyf>b{ zUF*G_{6j5I=>6G|mgiyB;UV%&#gn1?D>8UtjOKy6$iEyHxO`Z*Seu1`kCBDm?_j9ks%Wq`=4ZV)2g%{dtp0T=}g(pX8zo9XfIz!r{dkOnjdEqH>j+yf*UhvR$4TQZ$4yQ{oY@v1x^A$@;;(dr zmNcrM2Cc@6JU?wk8TrR}zMkrK8NLnAT(A1;w~q6Z#fLsuTYi)38NaoAkl5;6AJ6f5 zPaC%_@Fe$#SpIIf^O7nsP|bAuTb?SK4+rB{;_=6|pAIgkUyQc=q3d;%@IvT)fhRoo zkDG4j`5udiPw+XBYOMDiJU&eAwDxbrBO5h-I1@nYz8Yacv6PW9}_c(@UF zc>U!a4uWM8o|&f#)MtC=1n!OBnl6$0@e=Wgxbo-t?Yp=e8dpEy*{Q1Y4QyC>@5I1A z{>J?W=y}U8Z-!_{?wUxn)`g35Z@7Z9_tmzGj#C9xEs13cs!mRsrI}=o>_Q? z`wTT(I?h7R{qxxH^W~NkpD(9=x6f<5kEi!&X0Z9~b38sn`{N|~9Yuf}ZA4~gBz_TyOcj2evkvp}$58)l~!ce(pW5?-(XSm)qf%vQNkePjemk5%RAy|6295 z*Ja;Y9zN%uCcexUs#}EXY4*CcBAzX3|EkY+9fud*k&h!!BRt(p^MlRLE?&GxviJG90=RsvCwtY zzIcZFx+l~AVR+$1_4_K?Ki2Z_`S+H@KZ55%_od7?AM6H^c7MWByhxsN$ny@K4IOtj z;`s^MuG5JB4tIZ4o$JtFWxn+5_TS~mz`gHB+tN1pwJ->4DTjd^<-9-FFmTAsP)9o-=F0P-)#i=p$h zEqHv8_KRnT-|e~Io{^#Zaw}}rc#9RZy`!jSO*|3$JVkrlxnJYf?qlzcC;!xXSF+ww zxr6u1)x^6qH4hA9yp6&0qjdaAk!Kp7IZwyadx@WG{*@a<_M)EizR_{NM(DWzGV$rI z$}@&}@@+i&h{nI2hZk^{`*Iu6p5O6oQ;oyg)UA3!^-PY}cG>&LC*q0g)bBfJe^We? zSDrV$m(Kpush~Xh(Cg4E@WKa*x9j1z2k!l0Xqj4|JzSUmncqK!CqmaDU&jkPFGaoV zI2$d#h3oi>%W<|?Q2x{<>aQO7e!O_2>fF-*BX2ouo8k*6bq)UAJNU2TG{WPvG!DJf zn_xK`&paU?j<>_}&&WTbTsL_)&P2=XSn~Pr@^NPo?+rGgxL= z{x6k(S}FN6=A*T}_PL(bc#O}nE+)^%c%rlBw<{Sx-{b$UwRew`JgMqLli@jdk@g~j zirT2IuHtg_wz#^mJZvAAMOfv2zvmGVzxZYK_{Z%JOy%!H#EFO#C(b!> z;zYy|J706e@;~-tO1JAjIV+H#d$cBet-)`eQ9RGE{LeP{Ws5U(KmYR$e&i8~=i2RB z;Do_zuU7tlmd&G620xy?m$zr|>lWuTwtD}i!Ef060T!r<5JoyY%a`QL8vqi1wn z4j!Qi?=krCw!**K@_*FxXZv5DF!)BMM{fUfrQ5Z)t6chH!~ZmcpZh+Af9Gvl!Eu8h zpHcpNg5^J9@Edid^GmHgFLnHOZs^+#e%|0$&uaUR8T_KbuRl{cAD{B?jqo?puG`D} z^FQYJ?f%cMwdWTNe)$6`XP#|%-evG3+4}c`j>qhfIm`dw3_kb`rNe(T_@n--(e3|I z_%Y8~mKbttnM&wU-(EYNnUJ z)8Lo?Q1LHXd%oY`M?awQ@aYD>YVa%Hcv2v{27kN3ul9~B(;5Q6j z`$~m>lfi4yFSOH+{-(C)tBrr2VDQ09m2MY|KHp&Qjeo6j@|xj!k;5~6S2y_a4{5*P zUXXv=2ES_OF1^1$_VcRmj%NCq!#!CgV+8><@VE!Zl5stHM_rJ(eOX|FO|-4#U_zNA+uPEjpwt6=Ve*8DJJzr_~|GB}hX6whH!H?Lz z>%Q*$ZioM>;`tAT=Ze8Ezkf?w^4r#)Hyiv~cF)P%4Ssc1@w~+Fe8AvGzC`)(QwIOI z!LOT~xzq4}!Qkg^S2^}}gForNDLt>-zL@LT=NP>9BMXxA`z-&Q=YRf^K%Vv(P1rK{ zwZ4w;Q;eQ%gI~$~Cl?KVgU=}cf9In$;g=15{Lge8 zf7R-Jx52NySLGp=tMczd2ES?d4!QjNn8A%D3OM{g{s{-LCvA zZKvmdvcb>2N89Q0@L2}G@dJwg8OHy|0hf44TNhZjYTsu0FK7E`n+D(bHtp}Ttev|C zznSghyu#quU!dcNZ5sLa0|vj^(RtzbSG*DMqn0QA^ES(W&D#HsmiQjWWBXaI?>=Ji zn{B248!i8T_52@Gdj6k})r7w@_+VM*uluo|@Cl{!Wjn9*rH1F(2EU%&?>b}fYuSF{ z%M5;GsC0Ox;d!OOZ)WkC@B9gspU1O!fSNQ7mwq5)PE-(s{g)9;E22UjLMS_S(fJ+e8&82XAC}T@N0ji zD&<=&8|B}t4ZiU)g?syd%-}bEK-=%~=jR>%FBE><@cf#= zk68W>8vOl^-|Uu`82k?ne*Co7>w56d41R4#;hUEKZw-F=;DkWjZv4_uDqkHRYkS`J zC@pZ*;18KU)Ah>>1#U=_Kbw~S=x24@pJ{0ggI}3ZKL2@>OBW43xNAmoo`0kkc&))V z?ET{B8lE>Ae8$@E^!#;$Uw^Ig^MU361A||_L*=~di@!4X@ekiCId6M}7WjLE-?018 zl#38Q@F}Iw^-b;9J%;~T2ET0UVz8_Hd$GXnBl)vt`5*e(-uE z8T@!%`{nU(KMFYQ;iqQy@K0I(>$MfBRi$yQ_7;O*Grj)`8{c;seB=LEll*Sy|AE0T z7s?NxxAuI};OG8S$MIVX&%ghDZO_@PJzuc=SAI?T?PWH;M?S6eJo-D!Qtw|Ijh<=n z%h`Q&cNqM}oQ|XKhb|lZW=HAs7l!Aw!OwlUw(|?t{#}P}YI}TL{7Q#g{KlUfp4S_^ z_M?je`4emZTRnd!C;!OcGk-TH`9EOt{1cwv-mM-O{x1sLK9WCA`i#=&obA7?TH4bM zUbA}$m3wg?j=_)qv_jxMm47D;e*Hb#-`kDfzTMzgZ5}=E(VG8)!3Te+zuVxiH~5v0s{DL{!LJ$o$Sdas@(l)mr@@b&y-y&oGx+Z~{w)6U&kcUr&e@%} z{GT=WmH(jqeXqga4~5SCtc^@haifRpk?RYZ-}UlS4Sw}+bf)~I;rRxGU%sIH^9~!w z7dw1k`}JI-=Q7~5Tb{bFn&qj6=Vg}v%CBpFpVy!IGi~S7vh~QzE&sJYToDY%4bQ6# ze$?)ne}%zcXYd>L-qV{5{!0e0nZ1Ee`S(tPAF=n8KV`>pZJu2-{Sdy zSmh_gto&Osc+KJje#qe8Zt%+=Q;p_){-D7hI=>+~pKIgwg9aarW(5Ab#^3RGoHUEzrp073d)j!d8KGqoPxWON~U*+T*EdQdw?IZbf z#`0hOl+yD*S$i%TeCC+e>-70vgI{}>=KmVY|9XROSlpDKJ9v}8lM3zUZ&>~#wvYea z2EXq3?cK3WgMZ=>JpW+%uRle{@&C2_Ps0W-`S3=zZ*rHx&;6Ft&EsI_0q42we4l#V z^Jn{C1A|}tsLqRDvU zo?`Rs%#2`otij)E`LDiqQQ%)^_&;Fq+B=m#dj|i1ygeso1mb?qzcu*HtiQMYoz{Eg z+jO2nZOOlJ!cL6&@U)`++Vco`RzW;8N>fQ z2A{F}&vg{=p0(ro616nmZ~1@O;oqt9%IEJN82s9kPfAXg=bte6##rUmUzpsu4Gc!U zy3*19`hNG53|_PI?5>xeVep$jt#aG<`(9-5>vlfW?T3>FzntmKe_`;A2b2OIv-S)C zKWcqU|9rpa&-}o@Z1AIR)AoFo@y|O9UbARzn*OH zfx)l6N%?ux+Vi~zzx*1dkIR#vb@`KXOd@?FUUyebn*% zuR8Di{(MfT4e=+#+H)=ayZt$lI z+&+>&FS7hIFFqyECm9{?HTcF&<)1ej{G7p$KB#i+O@`}&!)-tAn+*Ovj>qhL_j~-f z!Dmh@zq!Bns==@R!u^8b9-Hs)F!&(5@8Z1%KlcjFf6?mwn8P1Z{2r(A*N$gS;SX59 z9{Kl5&ztus{NEd%ry0EV2JP?Z+cn{N1|MYi04y5(+VAPOTrfVV8~nza!rhOtYw*kF zclu$=f6?H_GrRgn9KXF|@@8x2&l~)RwI5+%^6%{izxtF}`JQ{c!ryK1!G{&@^7+G_ z-~6u1y|vokIQ;S2{-L6&J>v69wFLge?#pcD!3|@Pp z;{U9T%fR3pyNc&=R_{fFUt3o_<$kd5H~4kiM}s>^{=MGdH|*T*ZyI0yn!#&7qw{_I zSk3=ogAXQJuhxS1uMB=Xi!=X%!7sOTUHmgv@8iCp^f~u(#q)0s{v3zfIoXcE?>6|+ z?0(?02EW$UcK&B;|GvQo**?yz4gS#Ul+Ja-|1$=^lHE`8E`y(YNawrH-;Wsl#-{e` zdkoLt8hj)3=RXn-Sjwe`ep}_$#PT0;covWG%?7{uS1PZ5+4z6K;2Uv?S#QEf2%@%#OiH0{PQ}F?>6|v;MYx_H*MZsG5GOktDZV%{PwdB|Ia$U?>6|` z4gS#M6#jsX<9iH#)9y`bS-l@L_?7Qd`a6Gq+VT99w*QINo_{d-@xRb{^z_>m(e3}J z^t}4HvVMQ2!Dl|J`QK-F?lkyiTOZ9?dsYp8JUb8AGWhk^tNiad-3)#+FH> zee}bYfB$#c&d1k2^5hwV=$|)O{ww=Bua(-h+S?3%w4wa$-C21j|_g~ zu|}US(}YiY{ugQcZ`gQ!!Smbun9njikNKj~^M>7<^wS1^vcU&g+`=;re)%<8?<*|- zjKR-k_V6jk|N0rp`Ky+H-{3PZQ2xQE{QEA0U%pK#bH&>K69zwG=hNSA`G3jaH*DYM z69#{u!3TEVwXTwCwU2s!dsnMr`9E&(TBZk&)E*)7?aH%tyw#^qe9FI{ zcKBPho!X09?H3Jx{na`ne(=$n|NREP`3%MXVZ;A%gP;4iI`6*A@PEPad{X7P$Ju_x zBb07eAJlrk-01dPgCEW2FH?&HnY4|5prt`K{Xi1(RdHZSZr?(s^{;^8XiuUu!G;Lk6D%<56yJncRMq z!9Qd9A3CS)d5OUv4}S>t=1j&9Pc`_B_v*a(W6OWc;McP_x)TP!dau&i<;fX?U;a_; z@0S`Kb^xc}dnWUHPdtCNfA@oq-{KrzW9@mP!E2dc@!uKz+>Gj-->`B2pur!yUE9;N z_WY^m&-VTQR^V1y^5;t)sdPJPe5+hqt35;DNk;qmEtdbf-GBH7gWm@@{ZTdZS3l0+ z4a+}xzRr}k!TSckY;g;(Gd_8(!Dnng>yqXFaf9D{r{Z~r_4nTx{G8dhPqh4RH~3Y% z=f~ek{D{CUQ}X9imjB8xE1&$9(fJ<@e)$zj=ijq3PlThA{C54S^7)$${Y^*HTw;GLFyBHR`ozb`$HpcsnR=3|P zM#$0bH+H-I?Pj;p9`}c%Mssqh*6QyMy2ZF?AAA1uUU>KPOpTpRuhVD_hs}dV(HjpB zYCFT`e$i-8_V*7^B>8F}=eU%0+#K!}<72H>tr!mbLp1f$es`le92LWjVW&4<>U4|w zes5e{8ZYC&!(Ou+bDVB=JMGT+U{Q+hHQT_y(`Wi-G3XD+0)L3eKk#3Z(O#{mfYAm&MuTRnUv(mVQ{$|l^vy#y9rAbf56XQU1o$blESeOhX&v3Xp+N~=Qme8XvGBLq_ zBQ^U()fpr!t_YFM;3qcM&#=UaV!VbymeJ$)@`#`F7`^ya2P2Lhw9;?3wG+a6TJKtM zQQ7E>GR|^uFkwwabDwC|M%IC~(V6D3N01O09S56Ez{H$Mmn!g-pk6>JB~%sAToWAI zD%$gVlivB&V!uB;s1%zg4g0$r%b^DLW&zN=X5pf(VY4^ta7bhR{{DW^8&|UTdzfR$ z*zDFZ++>1KWU*UFk-bj04JJ2gEflRTChvuqt=Haa?%t7o$Nnu|(wS|1iK1ZAkQ>9d z(j1Lrt={+gWP4NyPY9J(`u+2hLA`kS#HX8p*XB9e0h@m2on)5TUYlTuio zSRNPqLe+BW%O{;-5hN+HCRHf{vLyz0ZM4)MVlq|IPc+AS#c;V-Z}kVrm8P>^)X%DO z@Y1l5o?2__P@Ps7e5+%yH0Ia;JxOrUU^H!w6QxESOe;1Y83_^D+h&@sg%N zQsp!UXtQYbd#z5lQy6j9Ak3w&>{7jG4qJO`qqzg}oQO*DTT7-_Oxze2JDp2O%D6f1 zv^dIapdcziR$yijx&Uk2ih2ST1ad?5Hz(aglNU#==0NQjQ)2D;Zhs^MTWY)BTxy5v zX!b01X=wmCKh_5YuA@pm8c;maWv0e*p!3PCtqlQCbF;|uI#g36?eaQvNc|gq9i9|4 zu`(f3K(4tKcDm!x8U@81)QN6yWU@vm>uGC3wGwEnx!o0lto7G0b1q@%We%=S#)l&< zCo0x5ETG*iM*Z%Ef`2BM|D2SjGfAU;;XLrdHVnk`uoSl^yQ|GhpjsWm(!PuRIi}K( zWOAB@@{MtGw*f}#OW%;15de@?@THglEIaNGX2*h%4FCi>xdl@dHO!7{lVJy~>5LkC zT0*S4Q=3t}-}S;5+%r2F@Abi=!s((42*vzbZ;cbpNZ``2xl3Kmxwp8g?*2xo%){P%KWS9%SBWSvklL zPS*<~$Ug=8Pn*RQlEDflDgw-a^3SzCrKj3t3tT=W1_{2wFK$Icgi`deAQRjW<4Q@# zIDt~$mNNGy`^7M=2r1F*n& z$Ep!lJ&g`xj>7b2LBTUOf!RB2MlUTMk;jrm-4EN?5ef`^5o&Td7;vSD%k5hx1KFgI zZdcGsQfdl#4zbZzJD1e#DM3NpY1LWZlLe5MBApMdNUVp$Q}@UH^F{CB(np79Fg~5u z;`Lr3Yh!D9N?PNkGtKV#O^jg>A_SnW4wlq~aM;PM)s=yGA0T|2vf61hxl~7{-JbvK z_AhSCb7=)I+!>NSpr1s3k80b^QL%%m=%2f-ez!l=jG|wsFwi)C zfq-A_Vlb>>$vp0B#iLpat9?a--~Fx?~9xs`@PdCx^1k#V#XcNr2*<;LA(Ql-ShEh=$SZ!Sc+5|si&xf zWDiaROO&6X{?gYi4q3n|1V(d!FJsjYi#q~V3$RT{hK_CSVllL*AlP*9kn~%k zdWT}aNmeyJMY!?XTrK>GmSU-`Hh_EwDa9|W3E{{{+Df^Um7tZ9)rZwW>fIowwf?;F zkWqUi4c1l3PMWm09psCxj`5#*kjEQ_@xh&NWRTw0sR#)Q+S|Hc@GGtSS)8G zq|xj5mU|bPBbYTYRTn($w-Q-8ojEr`on^%QqRBui=NMl4i6fCqWMf-Ch!1Z?JU3 z(og9RT%fL|M>XAA&=zq20KOlm-FUAtR#MmWr3p%^CE7NPpNP=I+& zBiAl=+9)r5yfna~hby+CC>qay-rbE}vHM^#?CWj^*uh<#?M}0|+T885YTeE@OiAp! z>~kT}*zWY2!vkz#U;)BK0QXhe51VO(l~ZFx?{%IP%dggXpu5lf|pY#3oUw>x7^>p*Jk_|F~|KT=}9c^-RB{RzDX0thMiaSWBfFJlRzIQ*GA zM;DqqQ#^85?~WT3V0r5Q?(^gPK6+MXA#oO@Qt-Jjd=oE_=%jr8jsg9wy|7_9g2Gj<|>fQV6t%#do1tyo5O#h{pt2Ksjvj z>E}R005>E0{GYHm(82zMrQE@cx91d3_-Y$zqFF+Clr_%K30;4-c>53n}5 zC>X{mqC62|5erprO2+X@7AanIfqqhYqMXF3s0fMdcR*8umIPNRWhx?$*LobFP(TR7 zErwW2XT+i4ruIIRP!t&=8m10JnvxAeniL5wP^o&vC5w9XWC%*GB!~3jUK)*H4kj36 z+W-zo7dD~&*uvUxjx$L>fiJowW&@$D(=d0i+>Z4jp$>%`if0aNY3cH47Nb7G zHdo9xnuWKXYmWqUD`Bzr(#6g7ke3B39i$?nT8y~>0JoReb`A1ko_o)>ut+jr8beHA zmk;ZV3PW>v=V80R425+U811fE);4J^Bomgs|l;eZW!( zn+eHaL&O&Fc&U01Rc}suC8dOKOdCW?l%Vv$mN*9!yNq4uTB*ZWV=5}P7NRNCiOoeK z3y~hu-V}&p6Ygma)M|shE*%|1>tCQW6Bmnt#J#(THJS+KD2m3zdFU)6uwelJE=BI{ zOKwL=M+C5G#}G2WTr*O zL(J$|-ydQcz6Jf7L`fOM8|sLVNmtd@N_^8INNEGm8VpyqG$|!3aA}nTPr|Q|_kS6I zC+(s{s@3MWwWkB^CD*p0Go%9Sy9OY3wnlbdcmU4Z!{$<>Gq`Y14eRJj2m0R)ZiJ1n1qc^u zF&y@=DCz7MechDhmTZY-)__g+Y5Uj&hctt)4GVI%HcL5adwLFDDnM|txRjUyP8DL? z#tx$>&On=R(lU-AtqJi367l23IJ0Maql>CsQ|KvNJd-rB4z~wl@8HD{vIsFYum-%? zR+7+#r@y#0$C67^$N(6aauvR9#|?j zFrYLKRx#tSRI*?#0qHZZAhyeX+G1}}q9r5P+@!PEY?R;x%WYsNG`Q&!EV9Lyp)lcM zB}>d=Fi>d&i{(!1*uI9?Rp7Q}j_pE``ia#QEtWLE;OYs?;Nl&uR-t))RUNCyObu%j zg)Rt)Vd2(&QbRex_I9mM*krfw5EN8tKRZ>$eX7TG=c&!Lq&_r)aTX%*4eiu+MWDAy zR{vtn2wxDV*rkR=FxmhcNV9Z-Dh0rZz7>Sl1`EOlfZrr3C^J2lWG|RcZAEEP;KCf{ zDldUk4NHDcGZwH4B}wKhsz6e#x0DhG+scW9A4M2Y!xpBJiH2agoieLAc1bsL7%lEX zWm}%)=0*+&dvrvbNkVM8lPm)}#ixLsI9U=lD5a1_S&vjiXq*wJd`lx4w)TeL2W0{Y zD$*RZEz=|q;U-4oAJ~PHG*8&=7F`JQWO}|61p=r#Ey#+#FT!I*X<`Z;+dltjI!@XT zy)l;Y_1hN#VE7B@qJto+R%|n-1QgpYLXucQ3nc_D0#P0W*3b|G zQOa<65+f0j06id`&}Ipb0V+Bjf8{%_=^e6OO1Fgp5_N1!U0Fgjinxnr$NhcEVNow7 zXc;2LX#zrPG40^*+{gCWNP=CLW*56~lJwy1TO5o!I4u%m$E{?@Q15W>@z88^yRv0g zOk@ktLik0L9HgaLPnzc@1=v2XcxtZ0kUUK3Sj^hBJo2T^(yWXL+pIOpXADrbbY`FD zwndUDz!3YHfiWHQ5JXa(0lQf?8Jh&Q(SbuF{q9RUb8PodAc__*Ard6XE5HsyHq?IB zZb2e}jWidm_X#$ADr3J{v?r}YM^rEr)<65$glA>Wj+-pa8jzyRD?+73ivW)?fZ$*n zvXaoSnM2PF%>Q_f0RH!pRh7AA+ zkOU{bDkuRJXSPOb$#DORfrPnM+17NyKO#3fr=yS~v!T zE+>PGp^|0y8Mqf(CezWd;?e-hfkSFWY=FhUyip55r*KwK_Ca+tKxZ+lnsd-g_uP$8 z5E{x649m0Nj!zjf4-5~iZuJ+M2RIoQa0sza09b*oV)J6J0)2p9#H{!hmh;nKFU2Xm zTDysZJu5|Xz>;$ZidBFaV6@x|iT<1ANP6urI)&!KCQ*A|fus7#M_0LM{)_*S29y{ zRDm*)Z;_G{<^*Ly6%C<^Dlc%dxOB*XEOQN2?&oqFZl>u_F37UXz40^{M0K@+ZeUjm ztn_7NTE?u$^eTC2Rab$^-}_Ha1+J>B7wWyJJqgNUov z9K!80f<7Eh*@>y3tK$$zbs$ubRWefnRe=o4u0T)0Q@`6Q+H=$9rze8yhZdYVv|ey} zt4DJ2+vq=qea*nm|Czi{pE~F28paw4<;c0j>yaML;VG=_;tJu&x646}Yco zef{cdmc9bV3LNX#M877QWg@^;fvpN?RUs_}wG`G;Al}(V+gE!E>w>VZ5ba1^dr-#>9n5fE)0BAiea){ltZOZGt);HDAdZ70C`Yokw!6fUf<_4duE=r@ z0Mc}g-(>;37R3M7YeO7px+Fdm#^`}H-7(3Kl}l?UV8MxDENF5V+94Z+5iZ;qoF@+V zaAetGW5t#*hb{cXdY1}qZPo9zARtOU04t;!`um7fv}I9J?f{l%+EmFbi&Jb%A(T1R zEh(iam=yo!B*TNv<=#demm?+^2%E&?P$le|hS=|F0gnOk`m`&cgYK9{@Bkq<3@U(R zqj)LdR}YK$cev&+cRF31C~*LRS49K^T6Q7JJ~)tZ%ZCE>X50V>Pnc4o3H_4JrAgYj z>4_(85pLZCg>Vk6H)d#aByE7&u{F;O7aHm*4?O*93QP$^=m`V}ARH^j3+Pl9C7H`j z5JQN~|f zUt-Z&_v>SIVEsopd88KrB*SJD_Mfm)LJK{ zs^m<;$<|<620uwCcZ_`&M`O9SaE3us6~pP%*;9))(^I5=AhMkgtqLo#eRGXtNsvc*vo(cv zOfMrT6(to*WjYFL1f3xH92JiRP6;G5=c%FP-5w%9WE04^1F>QykD(}K08jC(k1RAi zBifuTG%Q7Cs5GD~!xDH|j7b6=i!ODOR#wuox$NoI=+aT(v^_u{vgpaYDV1;vkI}Db zNgQqo=e}j)A+2*OVM^av`Ok{HdPDT&wv*@f$mr{U7`y;-kwQ^^U2za?>5f>)(R zDLM4Ax61%4X`B9xp5@KnF3*5lT5=p5k?^>{tTsg4MPpRh#WH}we!oBJ$pwX!0USXX zhjX1>+fQV!2=og}66g{<)789$rkSCQC4h(pGoB_$H+p$-mn}|tQV5!j24>L?Tq{yy zjrUsF-9LJ@m3^>y$eONuO9^X&gdlajvxNKDNJ>qSnosM=sxXdBV%_1;Jpo%#jK0`s z2m%|^+PlEzllBEB1U&uReQS({y?%v_lB|@Wv9Lej2$nbTLE42`h;NDEO>Wsz06cYU0@7I# z_gL_?sb|X!NJwn3tatUmMFiSTPi&8`iep(eC*{8pmN^&$p7|uFa5D#Qeh`5c}G-^i^%XK;5{4~Gh5xY#IIRuBMoB%R}L zEv1<9OeSWTR2BdL)Gu}rx>~~E)P$d#^PXlALE1A{VY99kVUZ7tmgedxZCHZ|n zPTR72j=iRqzZk;E+bxlWYc}aAx3u*}gu(^@ggLdfbjLk&i(7sCc!7ScBwsI(ggfqG zivONlOutr=FF}B8%~7kJfUvYJe;CS;I4Lb(mZD-ED%T+Gfwltx(~lGo1pF-6bxBj(Gcu^wKMY-Q<2 ziEEQyQp*CM%}70jWon-(ab$_%ezE|7uCRy_g4iy$f;~>Zc5}wF(tyreCleSKnxxglX&*|;G*4~ka!QVsGM710 ztR!bRKjXy%FsD%7cGrz5Mh|;Uh%KIqQfJD8W>Kfa7M780%Nin{V5-(zxS^3%Xz->Q z<^KE5G~q6Od_PZC8c50I%irA9GBKiYlff@rb>#4|4&PsBSJ4?RRlX|4&@qrgpz01wNLnj z-3t1^C{zYk_+B%(HBxKHIshhr3LKT@_8oVz5e?M=(} ztQWRlor*YgLeC212F?P>88Muq)67G^9K}E7EJE7$5&Wp`KITDh@A`=Q3Z9~+1(XqZ z(i3fA#z`dfMZI@b3xdU<$4#nwupl7Nh3hSb?vZ!+-RZ^ez-hJ$6F!0&G~06u2*(Am zbJujJxOm0?8Qccyw;@I^iZd|NOCtfz-s^~l4&|t|Ff4YIE`W_fB}@k6$Vx~v1_*YP zU5F4$VqH}##VcF=SZ2s1ceP1(N_ivrkY1)&)CFXSkW9lOxIPhrV&F^I>G>)F(&#qB z#&My-O7dYJiea-Xt@1)gYp9;Lcs$K8U_WXf^J0#H+2Mx2Jnd{KFE}GwidYV1K35tyiTp4Q@ z=*pmJA_yym<~zgI1Q!y=u1!yu$lNKJ9;ObRZ-=#Fe!V`wrJ>{Pb-4gqi6KppM0I#1 zL*z-fD798sxtp~X`0BT+tiA>P3dPpaeb#bIM9G>(pX03;Jj2}|ijK|`w}Nb`q}+mZ z^QY&*qVTYpb3JX$>3N^BL9k}1g*Gzn*6;H^*>UUy(IL6+9QW_e@R1L1(O4!Q%7wut$A!ets+K17IQ|v2`5o8z~p@WLz(g zyXN!aTel!U?EE1OrPw^Y8(FGb8d(bvYJoEkw?s58OFnP8mY57mT0xv4RGrJXGcO$i zagtzg2~S!>u#(OuL|#TFOE6P)Txj+LzJ*Yteba=Ul$M1S#+7mGBP_S1Lf6hT`^#cj z@!%{yXu}F~(VeGPO7o&ik;G+vr+7Aqa=mvt>xy`31i0RlEJ;%*xRPSO+Fjcj;qb25Oe7_(;TKlmiFV_;en9(p69h^U zxp5@OUb4D{V%Jtf4n3|kkI$sifnv_KIWF-g_f z6L0F)K4}@Qu&^desuHX>*~fY-FR5A}eN7@QNwX3r0Aj{@UO$pe(6T-n5gf-nZE8CN znA+%^En=i6#R+nw>=1Bfj0hGl0_q%6N-c$wWzLeu+T}u^N(F$y8}srH_YD}GfFc^y z))|wO1QI=DTzyU;pd(Cvm#t|pV%VOM z31=#3QMI|{#I-Y`5XwxpJUSt7&1J(k@~Oi;Sh+1PX#qx>i~`=63M{*Mh?u#>#;)ei z?N!gt(XHl&QxGOk6|S*UWjOmO=2iq__=d$!iO3ocK4l#lb>mh){)W~NgD2tyt7R5~ z?CN8PwW>t{)B!8u^$~{OJggRy4772079*SPDPL_+_@W8u^4+oIhO7~N zgv~wDNO)|+m8}nkb6XP`aAuzZvl8Vcj@Re4I&r0sNL#y=R-9mJ}a?WM_-dH|l z!g+$oMm?%hZif|=bh4^Q-Ex-IjyR>Ooks`{yn=|N>{ip@d7w#AO;Cwmu0df_1;Iwt z0Oc~E0FfsIHi+y)VC|5eY}~LkSi}scXN*y`pgsd)w6+4Ibu}lUhvm*p9j}>1BngN$ zM66oTAxSw#ZtG6-o`b2GkSvNELPE)wP0|&~>~Jx3Kp0zJ-7;Ira+DfmO2NT~_IG%g zFC#B&vXxoIw$bv_mTi(!vHumyI4Hkj(8$P2go(4ZtAsy{08o8den8x#ho$%u-aSLgG#4+Ow6%Gah~-cCSU}s zV_Zs}&L$A#CC`#HRe@(ZxTr7Qt(%aby4I3nhY)P4KT`@Q%IW-~Xq4e8W|Tb{u|!H{u&A-J1kr`LuE!zEF>a$wvJQ*vTXqAnO;R>mgfirbvXubJ@Om;b zkW6Nbpn69W21xP{=fh+POY(=$cZ(c0BDcta8K?NJapT^(i$rLUL%@l%jA_;5}e0G_ky!T9|>QNjX``GxC^=J6N3I zs!L^P{jaCz3>JB}q&K6tx@5veaG9+l9L7g%8mV0NnGzyOmoo{j-GuEl3BI;+d9fws z+E|g>(+b3$^;lF!(C1oG=rsBhlx)m?I*5L;NBAg7SX?D(O06VGb=v9qNX9&InYAq- z(t!O-6LtMAT$_f$=y08eh~$e;Ndb&cZt9)Z&CX2opJtS4nMY0wPbJ8xf*F?YHxgHq z$bi$KWp|WlbD&~=r+2knK6YNJD%U+F@07I|ULFJu%Z_pCv9wbCArYdKOtl`zVc z7HWFAsCQ>$zUq^feLT9rC+K^`rh(F_TSOrmvvCsg*j{BrFWQB@A_PGETWj6j_JCRT@P+i{V6O83sycDBQms^HG49 z9Z&`?F9hdCIe`rHnI8$wwN~4jX9UTEB8Z zpR)SST#0Qx37lf_%dxedW+#=VBvklFitsgz>Nu5>NJClRWJpmo_T(0sl3lkd21}e$ zJQVAwov-1aXU)Dh%|qHHpe@zq4q>pjGkOklwoT#TCZiNsx^CNQU+9DL$;N5@rt`gQ zNyRvjlMLocS`2fdbfvac0kF?GFKj7!k9fw_Cco#D`&66V?zY{>mcpkM&*&yM(F>PZ z=&6^F3BnK##)2d3l$iN`fvRW2{Z2-fkh$`9u6Ud zrwReYTx#u!Z$-2mW#1C?PXD5L(1oO{%^}{pccbCde0_OzA4K8#W>3VS-?qJ3K)m$k zDdQPit#+y!Jc1_NMYlXU%b0F9ib2;LF@&0M}Rx8J;W0?@^Uyqa;vWr+S$);@D@d_Pr{Sl zpcAbqJ=(*Prmq0k;!(hgl-7`XMn_;>sf&X+`_=Rs8u43zT9!L>#3-hel- z_LPy8@>qi)&qPPi2?CL{jEMqXRx2&g*d7%Cjmfo`=K27K*-P3l-r|SXdBgo8va<0x zjQ%clarG_U1ucs5$f8HGF5q?dLQJCL-K(btG`bq;x3kF%pfa9AUxh=CHWkhIz7usE;V?v z`d|ZssMmQUiik5PdG)}ki>=QVWEAfDT*s-5uBZ|nh=U<^z&fq^giq3Pz039rF;J(h z9)0WECjxrHN?aAH#RIl4J58BvXGMG!<>Qu%b51kfp-8N$nGXg;U49do(GgQZpQ|?+ z;%tTn$b^%y6B*iQHh{o5yh3lAZ;4}$^WJ?qvVrApgV!#iF0&rMaN-&jW@f!fCCLq& zWNY?U2eLb#VI3Pn9MS0FkTqN4;ukkWHK;#z7aESa8RvP#8$9X zI5FGmps>M9MnEKJdZ>^Ud0!DQRN6pWftvx>1(WHRjmFQcHHzOU8Wj@D>x3_?ukxrD z2gBpd$m-a-)Tu)uqY6csP-lnBQPa`5*~1SViT>=;5)lIIXIiT#vsngQ26(;OUIypl zIY?z$-4z8N${}ssQeYQsL*Oh9?Tm<4I=jZ!>)qVbZ&j}~mbX^%Y~|3ehFArU_H@%2 zt;3^<%z;$il@Auhs3rgIkYOZ>K6}P^3SQ$dC^@aR`vJ zD54ea3J3Jux>w2z?{Eaw;Iye8wH(_=j!;LP-BzkRtO)cN7gx5v=AbgMVhh+pkZH2K zZmX=SkX%J}#3RF5-NcxSz?@~wBl2PQ=NZFf}iJC43+IahFkZ@%bsVZ5d<4Po|( z`s9h=q8;T>M3c*MG1G(uv$(ht?{CSwqImNb*ODW&vnmp7zcMJ#(!^j}qP>m!<=EU# z4Oi#o);T(-lN;7hWC;_|F_r>7f=vKD;)f+E9o#Y!YH_*Yt{)&;6_G&N=}g9}viL2n z6el`G^IWlmn_&XsPyxJBm9B;>lW=;3d`CQ?eX`3_ns7>O;d%Uo50&|)g?9Rcy2A|8 zQskIVMN9=MOFN}2W5ReUv=^%(xvzbt;Qa}>g<1@nvUWgGac0B$j|~c$tMV+ppF&1s z1SLKFm<`M#*QR5c-QR_Z$>Y|tI7fB{V*yEnXb*nqv@!dV0CdmC1;YhtP9sU?D%J)Q zk+hWfkv(YBVM^G%SA4ioB3U@7d=Li%Ye0d-ON({*sMqXOhAr|suPWuVfe4mW49icU z4BM%;zc6)dpfu^kWVk;$zbETmo3A|XkFMgGu0V%-@56owuGDXbi$LTEqwJ2)F`Eyv z`{P~UdbjH`c*b621I!NLF%}MdUa=w(MTu2MeGgoHzSel@J#rYb*toE9U+Y0GoSN+l zeK>)PBO|Fe73EgCv-`3!tJ5wTHe;CO&HUxgSlsT(aAOlqHj9?G;-`ibEDC=QKy{RJ zfHR9%S=J3Cf-B!?Lr9MdvY25HCFWcY!=_VZ5g~dVZ?5qO|AkR+0P>A@%9N5hriMV- zg1{Knqtv_)_Qa*mX0y#nB}^WKdS9cgrLwK&en)q_wJxKSsXlfO(dFj$P&XL@k$KDQAm&hsm#&Mh6Sh(g((%TQwOkcMwY84OO14X|aOOm9;#gLs zN0AGHPN3xVW#JT-Htv%t0VTWvT?HL)j~&_zf8$efWpw1zXi%&WRF86FDG3W9t*xzBWorroPN!dunsw`nh zo$ludqF3Xs|&{@Ay2z0fJ)l6<0JtGRrAlT;5lFGs{%V4t5X8PYD-am@^lo5&ZC6Dm83nb2D#)}%R?i^M4VR>D! z*bN()ZRrjoWg77Wr;O-tTO^P#%#5|(F{@xJi(S{jIzZqV0MPRkm$IzeHJF^TLoA(& z)DAt4HM2&N1*;io)<^_cr_BTWf4|niGhz9DWk7`YDJJ`7ixU;=g05&aqyG*D4bCJ;&lG!tDE3&H0gXyLFTN}cq$gJJ;}y2b~o7a+Vk;5brN zrLPbpEUtod4GLv>9dD?r167!S-30-%NB&qP22i(2(0qO`kAlMPwDi!BnsJa@$zyuV z3W`XB`P(+Cf+$8Bmx|DzOch@N#xOXN%j+(z=)rQb6fj3(5Ah7!Bio5_iNA;!+RcZ6 z)sgRva#`syE)cXdBFESZ<^?mX8pFE;qX4YTFClo+LHZK#fD0!w)uOEClEF366%8aB z$?d~Lz92tQ^oP5&i8%*%uo!md^bBSok!>+7DO-C2y1oefP~o$a4D{w zqbB>tVo9ojIWg{W(S-NYKyLVBDpN*kuTS>FWbANdB)h<9Jwyw(nJ8EAAz4dyoZY2j zG~Yw(G1G@n5*qquioz)cO;3WxkmK%OUMn9iwySn=3*2;*!bBI4?Qw(BV z_^l#x%#mq2zRPP%l2P}}az!P1TxxSD>~xuk7c`9Zh&iM4((i8xIyV>cf{#m276b?B z&8k&jjpTDt!}j@rm@h2|7ZRs@=MZyKYI6>)V&Zk^HXsn=0Y>02?YX|!$VLDJJYZCr zZW2=#qUn6h;ir+=$sHQX1N~r8SP?*?yBwS1*>~TKjJaKX3JZprF^fg{$Jf>A0S#}x z(RHfvEtzhM?=WL_x>5>;M0&!|)eLBsI`Ay%glQ6v}MMWY0DH%#9Ja{nV0#1-M7VAS>m}y2AxJ*(vx-pi!p2&$0i3sAv@VbD|7{)%Zh4B ziHvs`{+0&6HN+c=@HH4lL?=``S!@pr@%o{aaD)tn4C;nrCc`Pv&y zONcqR3sQy48fFJ`2yON~_(b|ZH*lN^$`e8Ba9E<%Douz10_uT~@sisTWrIm@Mza|R zG;9EanZ}L-E|tV3Ztx#)z}Q@l6aqU+k$L1dy(JwPur}bgXh(L>TxuqK)bB(@x>_2M z!!%Z#rA!zyot?DsY2oJ>lP%pcBQP?9?%OexDzF97NYC|PJo&MP5IsN}?f!lbJ!;^2 z#0J8uWwa$L7aQn;h_2FtF08b06{DUMmodNwc~DmiS@ludcCgTm6%e$tX^}aq=QBSyt9Mpj zDyXWxOJKwenHkb(eL|?4xsXCDbwFh1U#Av`JE`1$DMuHIGBb)Dh^ZiN*7{<=i8xnN3)ZaCh|QG2r@M9+40LgdO{?25 zzJDxjOXo+T5Gcyb9Af9{CstRmipD-qG_feCMOPyq95ou9HND;HN;I1kg4qJ*OzhHAy9oIK7qhD}Bg4Z>qBE+O&@v-flU0}v=0c~c@3<*%^J01*&=6XG zFh|-NYpr^93G&7}PmQd~JM4$a91B`cZDpB!vVY>v@Y2%K1Dm2((WGX}-B&WFC49*j zCK6Jkoq~*#N|O$WJI{9$A&lw8M(ar)Xd?V_U26MuW^M)kNF^t&j3maFIKaKZzsqrn z^kb@v+BFp){k6k=sWw^40W~!5%@*3(?^l^xTPdFTFvn1BYy?Lv8h02A)17&2hLSH{ zqGK;mvkx)=BogT@m$8JiKEMa}*!`TM^ae7wd8q@z&Cad*Jjk|KY&rXA1C~cJd_<%G zlGKms1%kpp7B(`S(BCg$jJB|$ZpI)&vpiB^mbdqtGr!r9TR`-fmzJG;2O2i+)OKK! zwknbdgoCS()nZ-4MGfVY$X=;FQaOuiVhI@;v6o;R@Kj(H8a<0Uqv6OK!mWvevYdWg zF^|MI=c-UQN+U5Sm!x`vRPDIoVoFHYpi%-QAm7B2`j!IL}PFwB^v6e?HF8+@|KQ%k3A%x05j0PuSi2HV*g0f?Iqs*2VD$=xyAQQNAXrVQTNP@ek*_++&5Ah-oE*8;^_D+io zCWli-JdV@Y$GPVUFIi--OZONpJQAYhp}C-dHH#u3EOW9TchX!M9F!!@3YYVo>e2c< z+?q(-C2Ss6ckZ@PPZ*aFWwPl0kVee92$Iv@K?uQxGN#6us`lc<$ySUdvcpL9xRyA! z!rF1|V#`2nop2x)MA*JjCghnNOe`GQK`4EJH!ooXGSto*m746jVYyq3M=-$qgUlA} zU>-Hcci8(OAi8W$1P_-wvV{=t+i~35GFfA!cA^tFOsUk2FruIj!s&6j$iY?8Bbb1_ zrJn>V1`!{a)iG?*EVIf^bdVl8+3~5adNLSipCW~e*X;JhD5AVB?Ttv+IF!zB)tayl)?j0lNHhr~c(+u}?}DRsb@Tw^|x9b@O_jaYNw*XqO>p)FIygdwXm&;*X5WLLVyd z33yw4zU&Vvt3rrh8B+viMj_P?r14gt*_b_A5aq(?24)I`H26~TsZq$ESg-N1HQl?V z{8D3m9Ty~G_m~zdbJ+wXKj~+1(q%2gxG7!Ip%3~F{1_YCc2|`Q z)k;%hYRC>?vFd{m(d+NBMCgjuL^@&#Sr-SR4o+OK!IHD;8x>!BCBj20V>w-4yquc%eQ343t6 z*}EufSI$Y@)vDnL)*Z(WE74hzR&X51v{5dYsRya+_keQRM#b22g0Y8^cQy|Nql(PWm(m6;MhJ$jJ}-=Q5_U+M%d}Y zQ!^#NMey48UECZ%VVIh5qJ~bZmCjELxT;F%)a30pS!duWm!c&Br0^Rvvr-`}lYkeV z?SOQlxPYWco{J=r-MPpk{gLLt;P?a#MoE`Q-t9 z@h||vU`rmaEb++t5M4kqc1(sqwnut!&BW7BTt+0X?GTkb>8<;H{8R(V9pjMVlfwNFSWDK5b(Mgsn(y%de1g5zBeM#`mjE;SP#xDh0$v!3xo8~;vKT3 z0Zyb)rOgtKsl$d~StM;XlkP+mY_9^&*!`1?7ura|RH(3=5CF-5t9zqd?fSVRb#gEu%nznE#XdIN3 zfu!fqGn)4pT! z6$~SxnZ}!UJLe1EnT&g>TwLn*F&ji;joYa=2a?MUcaRcX46hG62Qp?LtM2jpJd6kO zhzkP0K-6E<{>ENlM6n8mP%^*W1d8HSgrK;<%?ehj?s^kk<;DrINVCLmNbTmgHVVt4 zT79?QOD@J}jGOZ6l@mS04QVBu z*=ynXT!Dci!cRib%mFIWPaBST82q4m25t`W;{2eGqb(dI6&mEQ&JcEp-IC?aSX_6iS=7I#7A~TqpKk7FdmndiYup`yT@62*f~#Py>~p z9QVZ-zp3;F3|&@bL41|62rE}4IB^c&NDq4G7 zQ?ZCy1hZ|pz5;8A@@9VKuvw1lXF|xI1Rjzwd_2H{*_TJFSXjgTWTtssJ3;3X5A8Cy z!pcEGrYqWu7qGBOLzO^RP7EjwlEg!9QUxu-PgQ2%X59mk@q@lwqveb;$_k=N z#CQ;rm&QW0zc>{!D5_R#`{Gro3LDNpG2%yzNC=8zXNMO(RI)4cA(ri8r#+@I&IlR# zE&C18jX*-VTvP)aLk;;PloX*rBatMClS%A^*G z+|UAx#O_E^3>fTWbA+{75j%fM2*!H$0;0~e8zI2jDC_zTyezxM>hodzXutKs7dA$S ziB023pHD25&2gVhj>_p)Y7l?C!3Zu23}8td@qJOz?{^Z7P`JFkijV-YIu#vw3g@Ix zBAkWU)j7fOl!8KS!jlzK^pa6zP^wd;822Kp5L-=J^jiZKgbh~Hi)7M8t{JGZ2^P6b zch_u=u?>RQ!~vCroC5I0t2CGDBe6YI2(l=w8JJ+&D1K9G#l^R?TC7`SdZ-gFAqWMX z&T5Q9@iCPP>wv~tUR$E_5_skj{;#AJvlpT3-R1z=KP)T5!a_ZQiF=!Z49uukSV?P! z#f1)T;W45lu@jSyO9 zJRC0`H*>oT+`A5wwCq2e>t9+JHvJYkp%blgKjTZL4Zx z;x17+5VSJ80M3Eb^CfJBCW$rRGC;6l`oZIsL}6fpNJBVF(?Gg79Bc_Thl=4@jcAkX zdW>MD1F%M5Vg9;|)2)59ofB_bgdEw3f}q@zz-@~b&cFtvo0y?GyRqMckZ2igMthoB zE8|h8PNskpMzePdm)Ciy+1GeFiNOY7UM0O7)}SM4L~TXnm1~l$9ex1E#CdYmST*tN z*~GRLYs!@{jU*yb)@hDc#9Iq?6wxfZl{%w9!BRdEVL}%Ph(aUNqvbS9OxOzM6MdYd z6$BKXNHHPgOoA2=!b+tUi@SpP#{m(V7&=g$D`5O_HCuWB-3Wq#nYIcKy_9{D#DOI? zfw4DeUdM*6o|(~2QI{3Mukn!zL5HYs?D4C610M3Yq>-B><$#`qqqD5^1|6|(M;gbF zG!BTa&}0;04EDQigtVSnXhDL&Y}Ql$>?fHVi2P6_by;kh1RR~rOijCQmM;|m5WJTKR*_l zgDnwpxJ%m@0fMU%>^P&kjHT>Ga=;AD!~ly(rYq8J#?krig3~QJ8$2P5n$H|k@nA;2 zPclIuLM~~*oSQC69F}v(L+M0m=m}OUlU`r=UfS#|jcMYlQ6@pfpj9s;`b2J30-L!u z)Pn|<<%8g7i^x`>M`#0dp!&^4AMM}?>UhyZ%C=&6EXr9gmW^Fh25{jhU#_|`14=kf zmW9Mn))<5+riy7ss&aj6o)P9`M=H6Qz-20Wx5Ah3Fip2dBiqO)ca>M1%x+5yqT?s6 zKi4MFwJdyg0$Jp0o!D$HnxqtNk=4fVi-aIgX?SHyL1lI45#>G@%^D=lhGT7^G3dl& zf{)vQ{7kB)0>E2Y;>@gJz_vSWm^<*iFdy}*s(&ZGG;Mx?FJLeO@~Ne|Ag`$rB;5|N zUAmVP>w`bX6_cRkhC53^?o>25U?r;@ttng690s9|$sS=#k$X$s4jymaMUYPm%hg6} z>d|?X{A%7&p+^xdz4Tl1if~*NZVaC3O6Dua8ibC!RG$=MjbfvH3=?dCgZR$=K z0&$WUELG))9X}P~iiu7q9%X?{XPt%`EEw8B|1}dtK#Bibag!x`yn{PflINjrI zX6nz7M$HcQiyjYNV|?iMQkjkqFXJP|3?@JKx5c~wUyyazwkaS|)hqf6%F%xWeYW!$Dn57t2bR3l<_ene#{t1AdAbkGSSgS3E1apgt{1{7hc zb8w{2MP2cVUR&sklt;+nJWrKi7tmx%(7Y-pOY!!^4!?jNp47*92!gDJwo31%l1}F* zBEmWQQ4;&+{G{#*snep0TVsU2|YH-qH z zWMTF>G0mcbN|D4-futR&yA;1p%f^MC*HBy9uWTYd+L*L*gBO7gN?9ezCDddYS1lAn z{H8r66U5FL>LiT&eA*h|@b>CRV%>thiC9r$mW37mohk-nd~M~jV?kc!9*7Zhk%7vR z$AqT*PUbHa-r^;6S_FeOz2w`FA&jwYPW#k5X5L=GFlCpcw0}c#a+O6qVR!BfBoFR9 z_NAQ8U|gvk14qgS6x!eo@QW^Cb)ppT=)gu*p(LQ}PEX?w%pRGt97MLksSc93A7lJlz;|$UUGP$5SmgokX_5leb~bfOE8e+-2YES04~Hdlr;jl5h@_BV z3^Bq%L;$U{4P=z{9D@op8h}h_>wWTpLjk=AmrYPAary#1 z^hu0CGC_^iL2qF92nX4%6-F^(((e9=Zg)ts*ohb9Aepwy+u>%XRL$LFITtAO&|M+3 zV5VI$0vzVP?R9a}W2B9oiikU9(a}stf^t=9D<|~Z2o0N1xB$~1|BI$2XB=lNo97*1 zHHkrnsUKVn3``J98w*erwPR8kHeAVp+oBI7ng*y)CfFKryy*XQcJr~J^}5E|Z4E^c zdjNN+tZrjba4O8X3(k)$z{!`y^$--NvW}p$1S_^4CG~5bWI00?jBCi$q{Cd1O@Puo zfONwZ(|#$NQoOi`pg{y?b2eFx^r_%JI`{V*FF7VBdRiOpmJmoIco#bK+!XNdvYRT5 zRgLpoI%2l4xE)hvWXH&KDq;@lZKfP|3z0DHu{kRuR#}!SR$&^pN7pPeXJro%)lM_> zMT!p@mc@plppci&Cz&sedoMJ65k22+j&QvK^RYGLbtg*M<7yjDl!04)HOZvM36Hw4 zMuid_61?DGr^V7~D*CTrkRxVp>J3R^hE_a=VOo0I%{)K{?yKBE+jS_kHfc$;$El8)7h{h;Rs3`uaj=j~)C)Us2UYGlMcFu=Fpi8K z#w~ajX(#J)+qJbl22U3EuZ~lu!$TYh$B*LK$4?m)@twGwk&T9#avrVrPz`-aML5GN z(Od}1fb2;wjbSu-Ib@DJPPo&U~QL$g$ z?5MMq%6c*2(LG3tHnB@1wRt!>JklH5YAcG=13bkWA)5vn+pxjmi7?O_(}gYbW^RZH zt4sx|%h@vFsoBw~mA+j9gw@3|0t|S}&^#$SjCQW{J@$f@5BH7DsAG-J4P1!Dr6gMS{UsfhatKSz`B(2+eaops=5Xq~uvZ)@lM* z+Gw_2pj1j-W{`>LT7wcRtZ${NjpeQ85S&7^F7L^WAdR!WfL%=ZHklp?7vzwP!RYhu zNpmD`DX=asy;z@@j!|P`Rmws+D31}3(NyE6;_^7OoUybP(;Mn_GdhpUt~f}Q#6F0@RJs9=7L`R$8o=(CI0YgJzr`4y zAmd9craDcj7BgvEM;0cFBMDxuEI7QvJi++?KQB~}nrumt51#i7O~l_m#E zm9xv2F9^aa(5I_EbpXPUc5Y>Jl$U$r%3&LjsxyasGP)lK5bQj}gSj~vZNXH9$Z}nX z&x2RGOUO!8mO7zbkbyBLx(i!e>QrS&>^aTkz*bU#Vkyf>xi`b^Gs%o=craB?i#i*JX<8I4zX*+^dLhyQ{v9&sHuLGjh z!up3CA{SSfvUNU0kdctYL=GM@k;Jdq8*s0kSrd_f!L&OJEm{JZ1IHvcH&Q!6t4ny2 zhjCdO{duS?)EZk9tXal6_Zd=%>vpT(O3JLEUJkQsHdM;kK3^?PRdg|;-fe)ph%c_o zAQX}rA|s;T$udkyNv%O^EHs@>1A*wS#?Q%k_0zMH9ciH2#z$)sx}L{JP)Tg58Z6THvohPQQSM!eSIw<3z)~^m1TLMQW&u4`cuX<5n0n zD$S^5RH890vNohF-huO7DZ5O{`{SFB*p+1|GOGl*a#}mD1#KCmfD7vAB2t~?yQ6vF zPI;r0xT%2>fB{Ifl6t>`*J<)=7#(%pg3U6LUTw_h?lcW@HZ zpY>osQfcMNLO2skSNTh(P+HM9EN2JOnPI&%BLPDfLaZ^=z|WHpzF6Kxe0&>kq#|&k zB7Dh*l<_4X<$E|bZPko#B6jW$=4~Wma$k0Nvqo4@hE+{B9s6F}whdH_pz_1sH55}* zV5&er&lo7XU|z64zM7(8h9jzo?@TVEcdl7wPF+4&K#mtPyHXTPsi-wC48L2y*dnwC znBe7Hg$chW1H{n{?Q-Kusuzza=4#=$w~}xW=h*_=*(|PQaGzV;K;fleSwJo)WQfGc zeO$#bc)6q%s|U^AzQ4!|IpOD>G%<|?-YQyqxOYLPW4JGcTX!;4XeZ}n!S7JN{?|UT*f#%=zvU#!z2z&lIRsu{h`KanQ?6XCR^=n7z8+R$cmSjR7`L? zgr4z{(or+0Orc%i{gDjrWAL#{mkdNKN1a2!M`lFny(P${lF2kf2pQ1!r$Uk5QMr*o z^n(jO`Cz}`me?T`exo1JkQa<6Oto(Q7@K#(I^>;9TnC9w^zJQ#w@^P*Y{3$j;%}w5lejBuZ8}hLUo)Z2N+9 zz=zUI+pCjN!zK@BKYeMeT40-am9+FEQ`7^=-COQJgY%R(PcURAI8`Y`AoSINp|OMb zj9s!(d)SZ(5v#%%rjU7hT7|1lF_*(d{$Us+TZ(fObGEY$Z6f?S7(L-{ zVr2R_ipdSyWM5~DVAZ0>K$F51_xs{)@d>^;+AGh*1AEOB@{}lY+>-X~i5-`%$ zveiEF{vj(rc(rxJ3V6L<{z_K<_!~}1((yNFx!XOX{mr^ld!3c{ z@td*oGgkg*C!V4R^7`M9mA~<%vy$<~lXQf-XSAIEH?RMfvho|}wfx3;E&t92sT2R@ z^!!yMkyXf>{CEBL4(#t&%HKSH{{3#`dLsVsy2->~vG{)y%P z0A@T2ga5q!J`S$|EUo`@AJYDR?nAe3zvKD8v+}j;TE2E&%kPzk zKh*E#{~{|t_t>v$!Nbx(*`=mq4zvMGo z{`ViI{MT9ey#HVJS6cpSvI_mv|9% Date: Mon, 10 May 2021 08:55:48 +0100 Subject: [PATCH 199/441] Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name --- frida_mode/src/cmplog/cmplog.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 84412c0b..3fab1951 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -4,6 +4,8 @@ #include "util.h" +#define DEFAULT_MMAP_MIN_ADDR (32UL << 10) + extern struct cmp_map *__afl_cmp_map; static GArray *cmplog_ranges = NULL; @@ -55,6 +57,16 @@ gboolean cmplog_is_readable(void *addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); + /* + * The Linux kernel prevents mmap from allocating from the very bottom of the + * address space to mitigate NULL pointer dereference attacks. The exact size + * is set by sysctl by setting mmap_min_addr and 64k is suggested on most + * platforms with 32k on ARM systems. We therefore fail fast if the address + * is lower than this. This should avoid some overhead when functions are + * called where one of the parameters is a size, or a some other small value. + */ + if (GPOINTER_TO_SIZE(addr) < DEFAULT_MMAP_MIN_ADDR) { return false; } + GumAddress inner_base = GUM_ADDRESS(addr); GumAddress inner_limit = inner_base + size; From ceb138cefe46e4412f54f31a812c125cebbb5b65 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 May 2021 10:30:57 +0200 Subject: [PATCH 200/441] afl-plot: relative time --- afl-plot | 6 +++--- src/afl-fuzz-init.c | 2 +- src/afl-fuzz-stats.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/afl-plot b/afl-plot index f5bb041d..26c8d1b7 100755 --- a/afl-plot +++ b/afl-plot @@ -111,9 +111,9 @@ set terminal png truecolor enhanced size 1000,300 butt set output '$outputdir/high_freq.png' -set xdata time -set timefmt '%s' -set format x "%b %d\n%H:%M" +#set xdata time +#set timefmt '%s' +#set format x "%b %d\n%H:%M" set tics font 'small' unset mxtics unset mytics diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 547311c7..cb586111 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2031,7 +2031,7 @@ void setup_dirs_fds(afl_state_t *afl) { fprintf( afl->fsrv.plot_file, - "# unix_time, cycles_done, cur_path, paths_total, " + "# relative_time, cycles_done, cur_path, paths_total, " "pending_total, pending_favs, map_size, unique_crashes, " "unique_hangs, max_depth, execs_per_sec, total_execs, edges_found\n"); diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index bccd2f31..2dea1bcb 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -386,7 +386,7 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, /* Fields in the file: - unix_time, afl->cycles_done, cur_path, paths_total, paths_not_fuzzed, + relative_time, afl->cycles_done, cur_path, paths_total, paths_not_fuzzed, favored_not_fuzzed, unique_crashes, unique_hangs, max_depth, execs_per_sec, edges_found */ From 84e55e7a1bc684b2f3b52db4d6e789135af95d13 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 May 2021 10:38:31 +0200 Subject: [PATCH 201/441] arch linux and mac os support for afl-system-config --- afl-system-config | 10 +++++++--- docs/Changelog.md | 2 ++ 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/afl-system-config b/afl-system-config index 5ad9d937..e08871ac 100755 --- a/afl-system-config +++ b/afl-system-config @@ -22,7 +22,10 @@ if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then fi if [ "$PLATFORM" = "Linux" ] ; then { - sysctl -w kernel.core_pattern=core + sysctl -w kernel.core_uses_pid=0 + # Arch Linux requires core_pattern to be empty :( + test -e /etc/arch-release && sysctl -w kernel.core_pattern= + test -e /etc/arch-release || sysctl -w kernel.core_pattern=core sysctl -w kernel.randomize_va_space=0 sysctl -w kernel.sched_child_runs_first=1 sysctl -w kernel.sched_autogroup_enabled=1 @@ -86,14 +89,15 @@ if [ "$PLATFORM" = "NetBSD" ] ; then DONE=1 fi if [ "$PLATFORM" = "Darwin" ] ; then + sysctl kern.sysv.shmmax=8388608 + sysctl kern.sysv.shmseg=48 + sysctl kern.sysv.shmall=98304 if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then echo We unload the default crash reporter here SL=/System/Library; PL=com.apple.ReportCrash launchctl unload -w ${SL}/LaunchAgents/${PL}.plist sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist echo Settings applied. - else - echo Nothing to do. fi DONE=1 fi diff --git a/docs/Changelog.md b/docs/Changelog.md index 31351a58..ceb02bb9 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -44,6 +44,8 @@ sending a mail to . - fix MIPS delay slot caching, thanks @JackGrence - fixed aarch64 exit address - execution no longer stops at address 0x0 + - updated afl-system-config to support Arch Linux weirdness and increase + MacOS shared memory - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup From 82d0e4f210ba6dd12eb4e09cbb144850660e050b Mon Sep 17 00:00:00 2001 From: hexcoder Date: Mon, 10 May 2021 12:48:41 +0200 Subject: [PATCH 202/441] typo --- instrumentation/README.llvm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 0937a328..cfe537d5 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -2,7 +2,7 @@ (See [../README.md](../README.md) for the general instruction manual.) - (See [README.gcc_plugon.md](../README.gcc_plugin.md) for the GCC-based instrumentation.) + (See [README.gcc_plugin.md](../README.gcc_plugin.md) for the GCC-based instrumentation.) ## 1) Introduction From 50af4654e314df75ba8653340e5a58e9e42f1f19 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 May 2021 13:46:31 +0200 Subject: [PATCH 203/441] code-format --- src/afl-fuzz-mutators.c | 6 +++--- src/afl-fuzz-state.c | 2 +- src/afl-fuzz-stats.c | 8 ++++---- src/afl-ld-lto.c | 11 +++++------ 4 files changed, 13 insertions(+), 14 deletions(-) diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 3bb37a89..e27d6fae 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -312,7 +312,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, u32 trim_exec = 0; u32 orig_len = q->len; u32 out_len = 0; - u8* out_buf = NULL; + u8 *out_buf = NULL; u8 val_buf[STRINGIFY_VAL_SIZE_MAX]; @@ -475,8 +475,8 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, close(fd); /* Update the queue's knowledge of length as soon as we write the file. - We do this here so that exit/error cases that *don't* update the file also - don't update q->len. */ + We do this here so that exit/error cases that *don't* update the file + also don't update q->len. */ q->len = out_len; memcpy(afl->fsrv.trace_bits, afl->clean_trace_custom, afl->fsrv.map_size); diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 73ba7a52..c886cb28 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -193,7 +193,7 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl_environment_variable_len)) { afl->afl_env.afl_exit_on_time = - (u8 *) get_afl_env(afl_environment_variables[i]); + (u8 *)get_afl_env(afl_environment_variables[i]); } else if (!strncmp(env, "AFL_NO_AFFINITY", diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 2dea1bcb..313263f9 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -576,11 +576,11 @@ void show_stats(afl_state_t *afl) { } - /* AFL_EXIT_ON_TIME. */ + /* AFL_EXIT_ON_TIME. */ - if (unlikely(afl->last_path_time && !afl->non_instrumented_mode && - afl->afl_env.afl_exit_on_time && - (cur_ms - afl->last_path_time) > afl->exit_on_time)) { + if (unlikely(afl->last_path_time && !afl->non_instrumented_mode && + afl->afl_env.afl_exit_on_time && + (cur_ms - afl->last_path_time) > afl->exit_on_time)) { afl->stop_soon = 2; diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index d0113af9..1ce97649 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -298,13 +298,12 @@ int main(int argc, char **argv) { SAYF( "\n" - "This is a helper application for afl-clang-lto. It is a wrapper " - "around GNU " - "llvm's 'lld',\n" - "executed by the toolchain whenever using " - "afl-clang-lto/afl-clang-lto++.\n" + "This is a helper application for afl-clang-lto.\n" + "It is a wrapper around llvm's 'lld' in case afl-clang-lto cannot be " + "used.\n" + "Note that the target still has to be compiled with -flto=full!\n" "You probably don't want to run this program directly but rather pass " - "it as LD parameter to configure scripts\n\n" + "it as LD\nparameter to e.g. configure scripts.\n\n" "Environment variables:\n" " AFL_LD_PASSTHROUGH do not link+optimize == no instrumentation\n" From d0fa8dcba51deb5f27f63fc054aef1144b4bc373 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 May 2021 13:54:01 +0200 Subject: [PATCH 204/441] update documentation --- README.md | 4 ++-- frida_mode/README.md | 48 ++++++++++++++++++++++++-------------------- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 4a0f3574..c16216bf 100644 --- a/README.md +++ b/README.md @@ -91,9 +91,9 @@ behaviours and defaults: | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| | NeverZero | x86[_64]| x(1) | x | | x | x | - | Persistent Mode | | x | x | | x86[_64]/arm[64] | x | + | Persistent Mode | | x | x | x | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | | x86[_64]/arm[64] | | + | CmpLog | | x | | x | x86[_64]/arm[64] | | | Selective Instrumentation| | x | x | x | x | | | Non-Colliding Coverage | | x(4) | | | (x)(5) | | | Ngram prev_loc Coverage | | x(6) | | | | | diff --git a/frida_mode/README.md b/frida_mode/README.md index d9634df2..9f574a4c 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -1,15 +1,19 @@ # FRIDA MODE -The purpose of FRIDA mode is to provide an alternative binary only fuzzer for AFL -just like that provided by QEMU mode. The intention is to provide a very similar -user experience, right down to the options provided through environment variables. + +The purpose of FRIDA mode is to provide an alternative binary only fuzzer for +AFL just like that provided by QEMU mode. The intention is to provide a very +similar user experience, right down to the options provided through environment +variables. Whilst AFLplusplus already has some support for running on FRIDA [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) this requires the code to be fuzzed to be provided as a shared library, it cannot be used to fuzz executables. Additionally, it requires the user to write -a small harness around their target code of interest, FRIDA mode instead takes a -different approach to avoid these limitations. +a small harness around their target code of interest. +FRIDA mode instead takes a different approach to avoid these limitations. +In Frida mode binary programs are instrumented, similarly to QEMU mode. + +## Current Progress -# Current Progress As FRIDA mode is new, it is missing a lot of features. The design is such that it should be possible to add these features in a similar manner to QEMU mode and perhaps leverage some of its design and implementation. @@ -28,7 +32,7 @@ perhaps leverage some of its design and implementation. | Snapshot LKM Support | - | | | In-Memory Test Cases | x | (x64 only) | -# Compatibility +## Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 architecture and aarch64. Later releases may add support for aarch32 and Windows targets as well as embedded linux environments. @@ -38,6 +42,7 @@ runtime libraries, so porting should be possible. However, the current build system does not support cross compilation. ## Getting Started + To build everything run `make`. Various tests can be found in subfolders within the `test/` directory. To use @@ -45,6 +50,7 @@ these, first run `make` to build any dependencies. Then run `make qemu` or `make frida` to run on either QEMU of FRIDA mode respectively. ## Usage + FRIDA mode added some small modifications to `afl-fuzz` and similar tools in AFLplusplus. The intention was that it behaves identically to QEMU, but it uses the 'O' switch rather than 'Q'. Whilst the options 'f', 'F', 's' or 'S' may have @@ -63,30 +69,26 @@ following options are currently supported: * `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` * `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` +To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. -# Performance +## Performance Additionally, the intention is to be able to make a direct performance comparison between the two approaches. Accordingly, FRIDA mode includes various -test targets based on the [libpng](https://libpng.sourceforge.io/) benchmark used by -[fuzzbench](https://google.github.io/fuzzbench/) and integrated with the +test targets based on the [libpng](https://libpng.sourceforge.io/) benchmark +used by [fuzzbench](https://google.github.io/fuzzbench/) and integrated with the [StandaloneFuzzTargetMain](https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c) -from the llvm project. These tests include basic fork-server support, persistent mode -and persistent mode with in-memory test-cases. These are built and linked without -any special modifications to suit FRIDA or QEMU. The test data provided with libpng -is used as the corpus. +from the llvm project. These tests include basic fork-server support, persistent +mode and persistent mode with in-memory test-cases. These are built and linked +without any special modifications to suit FRIDA or QEMU. The test data provided +with libpng is used as the corpus. The intention is to add support for FRIDA mode to the FuzzBench project and perform a like-for-like comparison with QEMU mode to get an accurate appreciation of its performance. -Whilst [afl_frida](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) -claims a 5-10x performance increase over QEMU, it has not been possible to -reproduce these claims. It is thought that `afl_frida` was running a test case -in persistent mode, whereas the qemu test it was compared against was not and -this may account for the differences since it isn't a like-for-like comparison. +## Design -# Design FRIDA mode is supported by using `LD_PRELOAD` (`DYLD_INSERT_LIBRARIES` on macOS) to inject a shared library (`afl-frida-trace.so`) into the target. This shared library is built using the [frida-gum](https://github.com/frida/frida-gum) @@ -117,7 +119,8 @@ makes use of a basic C function and is yet to be optimized. Since not all instances run CMPLOG mode and instrumentation of the binary is less frequent (only on CMP, SUB and CALL instructions) performance is not quite so critical. -# Advanced configuration options +## Advanced configuration options + * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. @@ -127,7 +130,8 @@ them and they be inherited by the next child on fork. * `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. -# TODO +## TODO + The next features to be added are x86 support, integration with FuzzBench and support for ASAN. The intention is to achieve feature parity with QEMU mode in due course. Contributions are welcome, but please get in touch to ensure that From 8b7a7b29c60f11cdf6226b3e418e87a5c3f5caac Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 10 May 2021 13:57:47 +0200 Subject: [PATCH 205/441] Push to stable (#895) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev --- README.md | 4 +- afl-plot | 10 +- afl-system-config | 10 +- custom_mutators/README.md | 8 + .../examples}/Makefile | 0 .../examples}/README.md | 0 .../examples}/XmlMutatorMin.py | 0 .../examples}/common.py | 0 .../examples}/custom_mutator_helpers.h | 0 .../examples}/example.c | 0 .../examples}/example.py | 0 .../examples}/post_library_gif.so.c | 0 .../examples}/post_library_png.so.c | 0 .../examples}/simple-chunk-replace.py | 0 .../examples}/simple_example.c | 0 .../examples}/wrapper_afl_min.py | 0 .../grammar_mutator/GRAMMAR_VERSION | 2 +- .../grammar_mutator/grammar_mutator | 2 +- docs/Changelog.md | 14 +- docs/custom_mutators.md | 4 +- docs/env_variables.md | 4 + docs/life_pro_tips.md | 2 +- frida_mode/GNUmakefile | 181 +++++++ frida_mode/Makefile | 349 +------------ frida_mode/README.md | 141 ++--- frida_mode/include/entry.h | 15 + frida_mode/include/frida_cmplog.h | 14 + frida_mode/include/instrument.h | 22 +- frida_mode/include/interceptor.h | 7 + frida_mode/include/lib.h | 13 + frida_mode/include/persistent.h | 31 ++ frida_mode/include/prefetch.h | 14 +- frida_mode/include/ranges.h | 7 +- frida_mode/include/stalker.h | 11 + frida_mode/include/util.h | 14 + frida_mode/src/cmplog/cmplog.c | 87 ++++ frida_mode/src/cmplog/cmplog_arm.c | 19 + frida_mode/src/cmplog/cmplog_arm64.c | 19 + frida_mode/src/cmplog/cmplog_x64.c | 346 +++++++++++++ frida_mode/src/cmplog/cmplog_x86.c | 19 + frida_mode/src/entry.c | 50 ++ frida_mode/src/instrument.c | 271 ---------- frida_mode/src/instrument/instrument.c | 155 ++++++ frida_mode/src/instrument/instrument_arm32.c | 23 + frida_mode/src/instrument/instrument_arm64.c | 97 ++++ frida_mode/src/instrument/instrument_x64.c | 93 ++++ frida_mode/src/instrument/instrument_x86.c | 23 + frida_mode/src/interceptor.c | 21 +- frida_mode/src/lib/lib.c | 176 +++++++ frida_mode/src/lib/lib_apple.c | 82 +++ frida_mode/src/main.c | 74 +-- frida_mode/src/persistent/persistent.c | 65 +++ frida_mode/src/persistent/persistent_arm32.c | 72 +++ frida_mode/src/persistent/persistent_arm64.c | 115 +++++ frida_mode/src/persistent/persistent_x64.c | 342 +++++++++++++ frida_mode/src/persistent/persistent_x86.c | 55 ++ frida_mode/src/prefetch.c | 23 +- frida_mode/src/ranges.c | 482 ++++++++++++------ frida_mode/src/stalker.c | 30 ++ frida_mode/src/util.c | 67 +++ frida_mode/test/cmplog/GNUmakefile | 66 +++ frida_mode/test/cmplog/Makefile | 12 + .../get_section_addrs.py} | 0 frida_mode/test/entry_point/GNUmakefile | 61 +++ frida_mode/test/entry_point/Makefile | 12 + frida_mode/test/entry_point/testinstr.c | 119 +++++ frida_mode/test/exe/GNUmakefile | 50 ++ frida_mode/test/exe/Makefile | 12 + frida_mode/test/{ => exe}/testinstr.c | 4 +- frida_mode/test/png/GNUmakefile | 109 ++++ frida_mode/test/png/Makefile | 12 + frida_mode/test/png/persistent/GNUmakefile | 79 +++ frida_mode/test/png/persistent/Makefile | 18 + .../test/png/persistent/get_symbol_addr.py | 36 ++ .../test/png/persistent/hook/GNUmakefile | 98 ++++ frida_mode/test/png/persistent/hook/Makefile | 18 + frida_mode/test/testinstr/GNUmakefile | 50 ++ frida_mode/test/testinstr/Makefile | 12 + frida_mode/test/testinstr/testinstr.c | 112 ++++ frida_mode/update_frida_version.sh | 13 + include/afl-fuzz.h | 6 +- include/envs.h | 4 + instrumentation/README.llvm.md | 2 +- instrumentation/SanitizerCoverageLTO.so.cc | 15 +- .../SanitizerCoveragePCGUARD.so.cc | 102 ++-- instrumentation/afl-compiler-rt.o.c | 15 +- instrumentation/afl-gcc-pass.so.cc | 4 +- instrumentation/afl-llvm-common.cc | 4 +- .../afl-llvm-lto-instrumentation.so.cc | 8 +- instrumentation/split-switches-pass.so.cc | 2 +- qemu_mode/README.md | 4 +- qemu_mode/build_qemu_support.sh | 2 +- src/afl-cc.c | 4 +- src/afl-forkserver.c | 5 +- src/afl-fuzz-bitmap.c | 2 +- src/afl-fuzz-cmplog.c | 2 +- src/afl-fuzz-init.c | 10 +- src/afl-fuzz-mutators.c | 58 ++- src/afl-fuzz-one.c | 4 +- src/afl-fuzz-run.c | 10 +- src/afl-fuzz-state.c | 8 + src/afl-fuzz-stats.c | 16 +- src/afl-fuzz.c | 38 +- src/afl-ld-lto.c | 11 +- test/test-all.sh | 2 + test/test-custom-mutators.sh | 6 +- test/test-frida-mode.sh | 108 ++++ test/test-performance.sh | 1 + test/test-pre.sh | 1 + unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/samples/speedtest/c/Makefile | 10 +- .../samples/speedtest/python/Makefile | 11 +- unicorn_mode/samples/speedtest/rust/Makefile | 12 +- unicorn_mode/unicornafl | 2 +- utils/README.md | 3 +- utils/afl_proxy/afl-proxy.c | 29 +- utils/aflpp_driver/GNUmakefile | 6 +- utils/aflpp_driver/aflpp_qemu_driver_hook.c | 10 +- utils/libdislocator/libdislocator.so.c | 21 +- utils/qbdi_mode/template.cpp | 2 +- utils/qemu_persistent_hook/read_into_rdi.c | 10 +- 121 files changed, 4059 insertions(+), 1091 deletions(-) rename {utils/custom_mutators => custom_mutators/examples}/Makefile (100%) rename {utils/custom_mutators => custom_mutators/examples}/README.md (100%) rename {utils/custom_mutators => custom_mutators/examples}/XmlMutatorMin.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/common.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/custom_mutator_helpers.h (100%) rename {utils/custom_mutators => custom_mutators/examples}/example.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/example.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/post_library_gif.so.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/post_library_png.so.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/simple-chunk-replace.py (100%) rename {utils/custom_mutators => custom_mutators/examples}/simple_example.c (100%) rename {utils/custom_mutators => custom_mutators/examples}/wrapper_afl_min.py (100%) create mode 100644 frida_mode/GNUmakefile create mode 100644 frida_mode/include/entry.h create mode 100644 frida_mode/include/frida_cmplog.h create mode 100644 frida_mode/include/lib.h create mode 100644 frida_mode/include/persistent.h create mode 100644 frida_mode/include/stalker.h create mode 100644 frida_mode/include/util.h create mode 100644 frida_mode/src/cmplog/cmplog.c create mode 100644 frida_mode/src/cmplog/cmplog_arm.c create mode 100644 frida_mode/src/cmplog/cmplog_arm64.c create mode 100644 frida_mode/src/cmplog/cmplog_x64.c create mode 100644 frida_mode/src/cmplog/cmplog_x86.c create mode 100644 frida_mode/src/entry.c delete mode 100644 frida_mode/src/instrument.c create mode 100644 frida_mode/src/instrument/instrument.c create mode 100644 frida_mode/src/instrument/instrument_arm32.c create mode 100644 frida_mode/src/instrument/instrument_arm64.c create mode 100644 frida_mode/src/instrument/instrument_x64.c create mode 100644 frida_mode/src/instrument/instrument_x86.c create mode 100644 frida_mode/src/lib/lib.c create mode 100644 frida_mode/src/lib/lib_apple.c create mode 100644 frida_mode/src/persistent/persistent.c create mode 100644 frida_mode/src/persistent/persistent_arm32.c create mode 100644 frida_mode/src/persistent/persistent_arm64.c create mode 100644 frida_mode/src/persistent/persistent_x64.c create mode 100644 frida_mode/src/persistent/persistent_x86.c create mode 100644 frida_mode/src/stalker.c create mode 100644 frida_mode/src/util.c create mode 100644 frida_mode/test/cmplog/GNUmakefile create mode 100644 frida_mode/test/cmplog/Makefile rename frida_mode/test/{testinstr.py => cmplog/get_section_addrs.py} (100%) create mode 100644 frida_mode/test/entry_point/GNUmakefile create mode 100644 frida_mode/test/entry_point/Makefile create mode 100644 frida_mode/test/entry_point/testinstr.c create mode 100644 frida_mode/test/exe/GNUmakefile create mode 100644 frida_mode/test/exe/Makefile rename frida_mode/test/{ => exe}/testinstr.c (95%) create mode 100644 frida_mode/test/png/GNUmakefile create mode 100644 frida_mode/test/png/Makefile create mode 100644 frida_mode/test/png/persistent/GNUmakefile create mode 100644 frida_mode/test/png/persistent/Makefile create mode 100755 frida_mode/test/png/persistent/get_symbol_addr.py create mode 100644 frida_mode/test/png/persistent/hook/GNUmakefile create mode 100644 frida_mode/test/png/persistent/hook/Makefile create mode 100644 frida_mode/test/testinstr/GNUmakefile create mode 100644 frida_mode/test/testinstr/Makefile create mode 100644 frida_mode/test/testinstr/testinstr.c create mode 100755 frida_mode/update_frida_version.sh create mode 100755 test/test-frida-mode.sh diff --git a/README.md b/README.md index 4a0f3574..c16216bf 100644 --- a/README.md +++ b/README.md @@ -91,9 +91,9 @@ behaviours and defaults: | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| | NeverZero | x86[_64]| x(1) | x | | x | x | - | Persistent Mode | | x | x | | x86[_64]/arm[64] | x | + | Persistent Mode | | x | x | x | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | | x86[_64]/arm[64] | | + | CmpLog | | x | | x | x86[_64]/arm[64] | | | Selective Instrumentation| | x | x | x | x | | | Non-Colliding Coverage | | x(4) | | | (x)(5) | | | Ngram prev_loc Coverage | | x(6) | | | | | diff --git a/afl-plot b/afl-plot index ba100d3e..26c8d1b7 100755 --- a/afl-plot +++ b/afl-plot @@ -111,9 +111,9 @@ set terminal png truecolor enhanced size 1000,300 butt set output '$outputdir/high_freq.png' -set xdata time -set timefmt '%s' -set format x "%b %d\n%H:%M" +#set xdata time +#set timefmt '%s' +#set format x "%b %d\n%H:%M" set tics font 'small' unset mxtics unset mytics @@ -129,7 +129,6 @@ set autoscale xfixmax set xlabel "all times in UTC" font "small" -set ytics auto plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ '' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ '' using 1:5 with lines title 'pending paths' linecolor rgb '#0090ff' linewidth 3, \\ @@ -139,7 +138,6 @@ plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' lin set terminal png truecolor enhanced size 1000,200 butt set output '$outputdir/low_freq.png' -set ytics 1 plot '$inputdir/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb '#c00080' fillstyle transparent solid 0.2 noborder, \\ '' using 1:8 with lines title ' uniq crashes' linecolor rgb '#c00080' linewidth 3, \\ '' using 1:9 with lines title 'uniq hangs' linecolor rgb '#c000f0' linewidth 3, \\ @@ -148,14 +146,12 @@ plot '$inputdir/plot_data' using 1:8 with filledcurve x1 title '' linecolor rgb set terminal png truecolor enhanced size 1000,200 butt set output '$outputdir/exec_speed.png' -set ytics auto plot '$inputdir/plot_data' using 1:11 with filledcurve x1 title '' linecolor rgb '#0090ff' fillstyle transparent solid 0.2 noborder, \\ '$inputdir/plot_data' using 1:11 with lines title ' execs/sec' linecolor rgb '#0090ff' linewidth 3 smooth bezier; set terminal png truecolor enhanced size 1000,300 butt set output '$outputdir/edges.png' -set ytics auto plot '$inputdir/plot_data' using 1:13 with lines title ' edges' linecolor rgb '#0090ff' linewidth 3 _EOF_ diff --git a/afl-system-config b/afl-system-config index 5ad9d937..e08871ac 100755 --- a/afl-system-config +++ b/afl-system-config @@ -22,7 +22,10 @@ if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then fi if [ "$PLATFORM" = "Linux" ] ; then { - sysctl -w kernel.core_pattern=core + sysctl -w kernel.core_uses_pid=0 + # Arch Linux requires core_pattern to be empty :( + test -e /etc/arch-release && sysctl -w kernel.core_pattern= + test -e /etc/arch-release || sysctl -w kernel.core_pattern=core sysctl -w kernel.randomize_va_space=0 sysctl -w kernel.sched_child_runs_first=1 sysctl -w kernel.sched_autogroup_enabled=1 @@ -86,14 +89,15 @@ if [ "$PLATFORM" = "NetBSD" ] ; then DONE=1 fi if [ "$PLATFORM" = "Darwin" ] ; then + sysctl kern.sysv.shmmax=8388608 + sysctl kern.sysv.shmseg=48 + sysctl kern.sysv.shmall=98304 if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then echo We unload the default crash reporter here SL=/System/Library; PL=com.apple.ReportCrash launchctl unload -w ${SL}/LaunchAgents/${PL}.plist sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist echo Settings applied. - else - echo Nothing to do. fi DONE=1 fi diff --git a/custom_mutators/README.md b/custom_mutators/README.md index b0444c85..5e1d0fe6 100644 --- a/custom_mutators/README.md +++ b/custom_mutators/README.md @@ -3,6 +3,14 @@ Custom mutators enhance and alter the mutation strategies of afl++. For further information and documentation on how to write your own, read [the docs](../docs/custom_mutators.md). +## Examples + +The `./examples` folder contains examples for custom mutators in python and C. + +## Rust + +In `./rust`, you will find rust bindings, including a simple example in `./rust/example` and an example for structured fuzzing, based on lain, in`./rust/example_lain`. + ## The afl++ Grammar Mutator If you use git to clone afl++, then the following will incorporate our diff --git a/utils/custom_mutators/Makefile b/custom_mutators/examples/Makefile similarity index 100% rename from utils/custom_mutators/Makefile rename to custom_mutators/examples/Makefile diff --git a/utils/custom_mutators/README.md b/custom_mutators/examples/README.md similarity index 100% rename from utils/custom_mutators/README.md rename to custom_mutators/examples/README.md diff --git a/utils/custom_mutators/XmlMutatorMin.py b/custom_mutators/examples/XmlMutatorMin.py similarity index 100% rename from utils/custom_mutators/XmlMutatorMin.py rename to custom_mutators/examples/XmlMutatorMin.py diff --git a/utils/custom_mutators/common.py b/custom_mutators/examples/common.py similarity index 100% rename from utils/custom_mutators/common.py rename to custom_mutators/examples/common.py diff --git a/utils/custom_mutators/custom_mutator_helpers.h b/custom_mutators/examples/custom_mutator_helpers.h similarity index 100% rename from utils/custom_mutators/custom_mutator_helpers.h rename to custom_mutators/examples/custom_mutator_helpers.h diff --git a/utils/custom_mutators/example.c b/custom_mutators/examples/example.c similarity index 100% rename from utils/custom_mutators/example.c rename to custom_mutators/examples/example.c diff --git a/utils/custom_mutators/example.py b/custom_mutators/examples/example.py similarity index 100% rename from utils/custom_mutators/example.py rename to custom_mutators/examples/example.py diff --git a/utils/custom_mutators/post_library_gif.so.c b/custom_mutators/examples/post_library_gif.so.c similarity index 100% rename from utils/custom_mutators/post_library_gif.so.c rename to custom_mutators/examples/post_library_gif.so.c diff --git a/utils/custom_mutators/post_library_png.so.c b/custom_mutators/examples/post_library_png.so.c similarity index 100% rename from utils/custom_mutators/post_library_png.so.c rename to custom_mutators/examples/post_library_png.so.c diff --git a/utils/custom_mutators/simple-chunk-replace.py b/custom_mutators/examples/simple-chunk-replace.py similarity index 100% rename from utils/custom_mutators/simple-chunk-replace.py rename to custom_mutators/examples/simple-chunk-replace.py diff --git a/utils/custom_mutators/simple_example.c b/custom_mutators/examples/simple_example.c similarity index 100% rename from utils/custom_mutators/simple_example.c rename to custom_mutators/examples/simple_example.c diff --git a/utils/custom_mutators/wrapper_afl_min.py b/custom_mutators/examples/wrapper_afl_min.py similarity index 100% rename from utils/custom_mutators/wrapper_afl_min.py rename to custom_mutators/examples/wrapper_afl_min.py diff --git a/custom_mutators/grammar_mutator/GRAMMAR_VERSION b/custom_mutators/grammar_mutator/GRAMMAR_VERSION index c7c1948d..3df8150e 100644 --- a/custom_mutators/grammar_mutator/GRAMMAR_VERSION +++ b/custom_mutators/grammar_mutator/GRAMMAR_VERSION @@ -1 +1 @@ -a2d4e4a +b79d51a diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index a2d4e4ab..b79d51a8 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit a2d4e4ab966f0581219fbb282f5ac8c89e85ead9 +Subproject commit b79d51a8daccbd7a693f9b6765c81ead14f28e26 diff --git a/docs/Changelog.md b/docs/Changelog.md index 520b13b1..ceb02bb9 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,7 @@ sending a mail to . ### Version ++3.13a (development) - frida_mode - new mode that uses frida to fuzz binary-only targets, + it currently supports persistent mode and cmplog. thanks to @WorksButNotTested! - create a fuzzing dictionary with the help of CodeQL thanks to @microsvuln! see utils/autodict_ql @@ -19,6 +20,7 @@ sending a mail to . - add recording of previous fuzz attempts for persistent mode to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h + - fixed a bug when trimming for stdin targets - default cmplog level (-l) is now 2, better efficiency. - cmplog level 3 (-l 3) now performs redqueen on everything. use with care. @@ -31,10 +33,20 @@ sending a mail to . afl++ ignores these and uses them for splicing instead. - afl-cc: - We do not support llvm versions prior 6.0 anymore + - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode - - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode + - utils/aflpp_driver: + - aflpp_qemu_driver_hook fixed to work with qemu_mode + - aflpp_driver now compiled with -fPIC + - unicornafl: + - fix MIPS delay slot caching, thanks @JackGrence + - fixed aarch64 exit address + - execution no longer stops at address 0x0 + - updated afl-system-config to support Arch Linux weirdness and increase + MacOS shared memory + - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup ### Version ++3.12c (release) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 62e01f83..9d5381e8 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -285,8 +285,8 @@ afl-fuzz /path/to/program ## 4) Example -Please see [example.c](../utils/custom_mutators/example.c) and -[example.py](../utils/custom_mutators/example.py) +Please see [example.c](../custom_mutators/examples/example.c) and +[example.py](../custom_mutators/examples/example.py) ## 5) Other Resources diff --git a/docs/env_variables.md b/docs/env_variables.md index 0100ffac..8879db72 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -284,6 +284,10 @@ checks or alter some of the more exotic semantics of the tool: normally indicated by the cycle counter in the UI turning green. May be convenient for some types of automated jobs. + - `AFL_EXIT_ON_TIME` Causes afl-fuzz to terminate if no new paths were + found within a specified period of time. May be convenient for some + types of automated jobs. + - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour which does not allow crashes or timeout seeds in the initial -i corpus. diff --git a/docs/life_pro_tips.md b/docs/life_pro_tips.md index 50ad75d4..13ffcea0 100644 --- a/docs/life_pro_tips.md +++ b/docs/life_pro_tips.md @@ -83,5 +83,5 @@ You can find a simple solution in utils/argv_fuzzing. ## Attacking a format that uses checksums? Remove the checksum-checking code or use a postprocessor! -See utils/custom_mutators/ for more. +See `afl_custom_post_process` in custom_mutators/examples/example.c for more. diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile new file mode 100644 index 00000000..a15f5c32 --- /dev/null +++ b/frida_mode/GNUmakefile @@ -0,0 +1,181 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)..)/ +INC_DIR:=$(PWD)include/ +SRC_DIR:=$(PWD)src/ +INCLUDES:=$(wildcard $(INC_DIR)*.h) +BUILD_DIR:=$(PWD)build/ +OBJ_DIR:=$(BUILD_DIR)obj/ + +SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) +OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) +CFLAGS+=-fPIC \ + -D_GNU_SOURCE \ + -D_FORTIFY_SOURCE=2 \ + -g \ + -O3 \ + -funroll-loops \ + +RT_CFLAGS:=-Wno-unused-parameter \ + -Wno-sign-compare \ + -Wno-unused-function \ + -Wno-unused-result \ + +LDFLAGS+=-shared \ + -lpthread \ + -lresolv \ + -ldl \ + +ifdef DEBUG +CFLAGS+=-Werror \ + -Wall \ + -Wextra \ + -Wpointer-arith +else +CFLAGS+=-Wno-pointer-arith +endif + +FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ +FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so +FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif + +ifeq "$(shell uname)" "Darwin" + OS:=macos + RT_CFLAGS:=$(RT_CFLAGS) -Wno-deprecated-declarations +else +ifdef DEBUG + RT_CFLAGS:=$(RT_CFLAGS) -Wno-prio-ctor-dtor +endif +endif + +ifeq "$(shell uname)" "Linux" + OS:=linux +endif + +ifndef OS + $(error "Operating system unsupported") +endif + +GUM_DEVKIT_VERSION=14.2.18 +GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz +GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" + +GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) +GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a +GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h + +FRIDA_DIR:=$(PWD)build/frida-source/ +FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile +FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gum-1.0.a +FRIDA_GUM_DEVKIT_DIR:=$(FRIDA_DIR)build/gum-devkit/ +FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gum.h +FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar +FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) + +AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c +AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o + +.PHONY: all clean format $(FRIDA_GUM) + +############################## ALL ############################################# + +all: $(FRIDA_TRACE) + make -C $(ROOT) + +$(BUILD_DIR): + mkdir -p $(BUILD_DIR) + +$(OBJ_DIR): | $(BUILD_DIR) + mkdir -p $@ + +############################# FRIDA ############################################ + +$(FRIDA_MAKEFILE): | $(BUILD_DIR) + git clone --recursive https://github.com/frida/frida.git $(FRIDA_DIR) + +$(FRIDA_GUM): $(FRIDA_MAKEFILE) + cd $(FRIDA_DIR) && make gum-linux-$(ARCH) + +$(FRIDA_GUM_DEVKIT_HEADER): $(FRIDA_GUM) + $(FRIDA_DIR)releng/devkit.py frida-gum linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ + +$(FRIDA_GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_HEADER) + cd $(FRIDA_GUM_DEVKIT_DIR) && tar cvf $(FRIDA_GUM_DEVKIT_TARBALL) . + +$(FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL): $(FRIDA_GUM_DEVKIT_TARBALL) + xz -k -f -0 $(FRIDA_GUM_DEVKIT_TARBALL) + +############################# DEVKIT ########################################### + +$(FRIDA_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +ifdef FRIDA_SOURCE +$(GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL)| $(FRIDA_BUILD_DIR) + cp -v $< $@ +else +$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) + wget -O $@ $(GUM_DEVKIT_URL) +endif + +$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) + tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + +$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) + tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + +############################## AFL ############################################# +$(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) + $(CC) \ + $(CFLAGS) \ + $(RT_CFLAGS) \ + -I $(ROOT) \ + -I $(ROOT)include \ + -o $@ \ + -c $< + +############################# SOURCE ########################################### + +define BUILD_SOURCE +$(2): $(1) $(INCLUDES) GNUmakefile | $(OBJ_DIR) + $(CC) \ + $(CFLAGS) \ + -I $(ROOT)include \ + -I $(FRIDA_BUILD_DIR) \ + -I $(INC_DIR) \ + -c $1 \ + -o $2 +endef + +$(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))))) + +######################## AFL-FRIDA-TRACE ####################################### + +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) + $(CC) \ + -o $@ \ + $(OBJS) \ + $(GUM_DEVIT_LIBRARY) \ + $(AFL_COMPILER_RT_OBJ) \ + $(LDFLAGS) \ + + cp -v $(FRIDA_TRACE) $(ROOT) + +############################# CLEAN ############################################ +clean: + rm -rf $(BUILD_DIR) + +############################# FORMAT ########################################### +format: + cd $(ROOT) && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i + cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i + +############################# RUN ############################################# diff --git a/frida_mode/Makefile b/frida_mode/Makefile index 822f1c6a..b6d64bff 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -1,348 +1,9 @@ -PWD:=$(shell pwd)/ -INC_DIR:=$(PWD)include/ -SRC_DIR:=$(PWD)src/ -INCLUDES:=$(wildcard $(INC_DIR)*.h) -SOURCES:=$(wildcard $(SRC_DIR)*.c) -BUILD_DIR:=$(PWD)build/ -CFLAGS+=-fPIC -D_GNU_SOURCE +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake -FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ -FRIDA_TRACE:=$(FRIDA_BUILD_DIR)afl-frida-trace.so - -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" - ARCH:=arm64 - TESTINSTR_BASE:=0x0000aaaaaaaaa000 -endif - -ifeq "$(ARCH)" "x86_64" - TESTINSTR_BASE:=0x0000555555554000 -endif - -ifeq "$(shell uname)" "Darwin" - OS:=macos - AFL_FRIDA_INST_RANGES=0x0000000000001000-0xFFFFFFFFFFFFFFFF - CFLAGS:=$(CFLAGS) -Wno-deprecated-declarations - TEST_LDFLAGS:=-undefined dynamic_lookup -endif -ifeq "$(shell uname)" "Linux" - OS:=linux - AFL_FRIDA_INST_RANGES=$(shell $(PWD)test/testinstr.py -f $(BUILD_DIR)testinstr -s .testinstr -b $(TESTINSTR_BASE)) - CFLAGS:=$(CFLAGS) -Wno-prio-ctor-dtor - TEST_LDFLAGS:= -endif - -ifndef OS - $(error "Operating system unsupported") -endif - -VERSION=14.2.13 -GUM_DEVKIT_FILENAME=frida-gum-devkit-$(VERSION)-$(OS)-$(ARCH).tar.xz -GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(VERSION)/$(GUM_DEVKIT_FILENAME)" -GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) -GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a -GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h - -TEST_BUILD_DIR:=$(BUILD_DIR)test/ - -LIBPNG_FILE:=$(TEST_BUILD_DIR)libpng-1.2.56.tar.gz -LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz -LIBPNG_DIR:=$(TEST_BUILD_DIR)libpng-1.2.56/ -LIBPNG_MAKEFILE:=$(LIBPNG_DIR)Makefile -LIBPNG_LIB:=$(LIBPNG_DIR).libs/libpng12.a - -HARNESS_FILE:=$(TEST_BUILD_DIR)StandaloneFuzzTargetMain.c -HARNESS_OBJ:=$(TEST_BUILD_DIR)StandaloneFuzzTargetMain.o -HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" - -PNGTEST_FILE:=$(TEST_BUILD_DIR)target.cc -PNGTEST_OBJ:=$(TEST_BUILD_DIR)target.o -PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" - -TEST_BIN:=$(TEST_BUILD_DIR)pngtest - -TESTINSTBIN:=$(BUILD_DIR)testinstr -TESTINSTSRC:=$(PWD)test/testinstr.c - -TEST_DATA_DIR:=$(PWD)build/test/libpng-1.2.56/contrib/pngsuite/ - -TESTINSTR_DATA_DIR:=$(BUILD_DIR)testinstr_in/ -TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)test.dat -FRIDA_OUT:=$(PWD)frida_out -QEMU_OUT:=$(PWD)qemu_out - -.PHONY: all frida test clean format test_frida test_qemu compare testinstr test_testinstr standalone - -all: $(FRIDA_TRACE) - -frida: $(FRIDA_TRACE) - -$(BUILD_DIR): - mkdir -p $(BUILD_DIR) - -############################# FRIDA ############################################ -$(FRIDA_BUILD_DIR): | $(BUILD_DIR) - mkdir -p $@ - -$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) - wget -O $@ $(GUM_DEVKIT_URL) - -$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) - tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) - -$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) - tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) - -$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(SOURCES) Makefile | $(FRIDA_BUILD_DIR) - $(CC) -shared \ - $(CFLAGS) \ - -o $@ $(SOURCES) \ - $(GUM_DEVIT_LIBRARY) \ - -I $(FRIDA_BUILD_DIR) \ - -I .. \ - -I ../include \ - -I $(INC_DIR) \ - ../instrumentation/afl-compiler-rt.o.c \ - -lpthread -ldl -lresolv - - cp -v $(FRIDA_TRACE) ../ - -############################# TEST ############################################# - -test: $(TEST_BIN) - -$(TEST_BUILD_DIR): $(BUILD_DIR) - mkdir -p $@ - -$(HARNESS_FILE): | $(TEST_BUILD_DIR) - wget -O $@ $(HARNESS_URL) - -$(HARNESS_OBJ): $(HARNESS_FILE) - $(CC) -o $@ -c $< - -$(PNGTEST_FILE): | $(TEST_BUILD_DIR) - wget -O $@ $(PNGTEST_URL) - -$(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) - $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< - -$(LIBPNG_FILE): | $(TEST_BUILD_DIR) - wget -O $@ $(LIBPNG_URL) - -$(LIBPNG_DIR): $(LIBPNG_FILE) - tar zxvf $(LIBPNG_FILE) -C $(TEST_BUILD_DIR) - -$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) - cd $(LIBPNG_DIR) && ./configure - -$(LIBPNG_LIB): $(LIBPNG_MAKEFILE) - make -C $(LIBPNG_DIR) - -$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) - $(CXX) \ - -o $@ \ - $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ - -lz \ - $(TEST_LDFLAGS) - -############################# TESTINSR ######################################### -$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) - mkdir -p $@ - -$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) - echo -n "000" > $@ - -$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< - -testinstr: $(TESTINSTBIN) - -############################# CLEAN ############################################ clean: - rm -rf $(BUILD_DIR) + @gmake clean -############################# FORMAT ########################################### format: - cd .. && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i - cd .. && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i - cd .. && ./.custom-format.py -i $(TESTINSTSRC) - -############################# RUN ############################################# - -# Add the environment variable AFL_DEBUG_CHILD=1 to show printf's from the target - -png_frida: $(FRIDA_TRACE) $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-fuzz \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - -png_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-fuzz \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -compare: $(FRIDA_TRACE) $(TEST_BIN) - cd .. && \ - ./afl-fuzz \ - -V30 \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - cd .. && \ - ./afl-fuzz \ - -V30 \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - cat frida_out/default/fuzzer_stats - cat qemu_out/default/fuzzer_stats - -testinstr_qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - make -C .. - cd .. && \ - AFL_QEMU_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ - ./afl-fuzz \ - -Q \ - -i $(TESTINSTR_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TESTINSTBIN) @@ - -testinstr_frida: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - make -C .. - cd .. && \ - AFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ - AFL_FRIDA_INST_NO_OPTIMIZE=1 \ - AFL_FRIDA_INST_NO_PREFETCH=1 \ - AFL_FRIDA_INST_STRICT=1 \ - ./afl-fuzz \ - -O \ - -i $(TESTINSTR_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TESTINSTBIN) @@ - -standalone: $(FRIDA_TRACE) $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - cd .. && \ - AFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ - AFL_DEBUG_CHILD=1 \ - AFL_FRIDA_DEBUG_MAPS=1 \ - AFL_FRIDA_INST_NO_OPTIMIZE=1 \ - AFL_FRIDA_INST_NO_PREFETCH=1 \ - AFL_FRIDA_INST_TRACE=1 \ - AFL_FRIDA_INST_STRICT=1 \ - LD_PRELOAD=$(FRIDA_TRACE) \ - DYLD_INSERT_LIBRARIES=$(FRIDA_TRACE) \ - $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - -tmin_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-tmin \ - -Q \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -o $(QEMU_OUT)/qemu-min-basn0g01.png \ - -- \ - $(TEST_BIN) @@ - -tmin_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-tmin \ - -O \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -o $(FRIDA_OUT)/qemu-min-basn0g01.png \ - -- \ - $(TEST_BIN) - -showmap_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-showmap \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -showmap_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-showmap \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - -analyze_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-analyze \ - -Q \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -- \ - $(TEST_BIN) @@ - -analyze_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-analyze \ - -O \ - -i $(TEST_DATA_DIR)basn0g01.png \ - -- \ - $(TEST_BIN) @@ - -cmin_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -cmin_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ - -cmin_bash_qemu: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin.bash \ - -Q \ - -i $(TEST_DATA_DIR) \ - -o $(QEMU_OUT) \ - -- \ - $(TEST_BIN) @@ - -cmin_bash_frida: $(TEST_BIN) - make -C .. - cd .. && \ - ./afl-cmin.bash \ - -O \ - -i $(TEST_DATA_DIR) \ - -o $(FRIDA_OUT) \ - -- \ - $(TEST_BIN) @@ + @gmake format diff --git a/frida_mode/README.md b/frida_mode/README.md index 8abee0dd..9f574a4c 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -1,34 +1,38 @@ # FRIDA MODE -The purpose of FRIDA mode is to provide an alternative binary only fuzzer for AFL -just like that provided by QEMU mode. The intention is to provide a very similar -user experience, right down to the options provided through environment variables. + +The purpose of FRIDA mode is to provide an alternative binary only fuzzer for +AFL just like that provided by QEMU mode. The intention is to provide a very +similar user experience, right down to the options provided through environment +variables. Whilst AFLplusplus already has some support for running on FRIDA [here](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) this requires the code to be fuzzed to be provided as a shared library, it cannot be used to fuzz executables. Additionally, it requires the user to write -a small harness around their target code of interest, FRIDA mode instead takes a -different approach to avoid these limitations. +a small harness around their target code of interest. +FRIDA mode instead takes a different approach to avoid these limitations. +In Frida mode binary programs are instrumented, similarly to QEMU mode. -# Current Progress -As FRIDA mode is new, it is missing a lot of features. Most importantly, -persistent mode. The design is such that it should be possible to add these -features in a similar manner to QEMU mode and perhaps leverage some of its -design and implementation. +## Current Progress - | Feature/Instrumentation | frida-mode | - | -------------------------|:----------:| - | NeverZero | | - | Persistent Mode | | - | LAF-Intel / CompCov | | - | CmpLog | | - | Selective Instrumentation| x | - | Non-Colliding Coverage | | - | Ngram prev_loc Coverage | | - | Context Coverage | | - | Auto Dictionary | | - | Snapshot LKM Support | | +As FRIDA mode is new, it is missing a lot of features. The design is such that it +should be possible to add these features in a similar manner to QEMU mode and +perhaps leverage some of its design and implementation. -# Compatibility + | Feature/Instrumentation | frida-mode | Notes | + | -------------------------|:----------:|:---------------------------------------:| + | NeverZero | x | | + | Persistent Mode | x | (x64 only)(Only on function boundaries) | + | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | + | CMPLOG | x | (x64 only) | + | Selective Instrumentation| x | | + | Non-Colliding Coverage | - | | + | Ngram prev_loc Coverage | - | | + | Context Coverage | - | | + | Auto Dictionary | - | | + | Snapshot LKM Support | - | | + | In-Memory Test Cases | x | (x64 only) | + +## Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 architecture and aarch64. Later releases may add support for aarch32 and Windows targets as well as embedded linux environments. @@ -38,54 +42,53 @@ runtime libraries, so porting should be possible. However, the current build system does not support cross compilation. ## Getting Started + To build everything run `make`. -To run the benchmark sample with qemu run `make png_qemu`. -To run the benchmark sample with frida run `make png_frida`. +Various tests can be found in subfolders within the `test/` directory. To use +these, first run `make` to build any dependencies. Then run `make qemu` or +`make frida` to run on either QEMU of FRIDA mode respectively. ## Usage -FRIDA mode requires some small modifications to `afl-fuzz` and similar tools -in AFLplusplus. The intention is that it behaves identically to QEMU, but uses + +FRIDA mode added some small modifications to `afl-fuzz` and similar tools +in AFLplusplus. The intention was that it behaves identically to QEMU, but it uses the 'O' switch rather than 'Q'. Whilst the options 'f', 'F', 's' or 'S' may have made more sense for a mode powered by FRIDA Stalker, they were all taken, so instead we use 'O' in hommage to the [author](https://github.com/oleavr) of FRIDA. Similarly, the intention is to mimic the use of environment variables used by -QEMU where possible (although replacing `s/QEMU/FRIDA/g`). Accodingly, the -following options are currently supported. +QEMU where possible (by replacing `s/QEMU/FRIDA/g`). Accordingly, the +following options are currently supported: * `AFL_FRIDA_DEBUG_MAPS` - See `AFL_QEMU_DEBUG_MAPS` * `AFL_FRIDA_EXCLUDE_RANGES` - See `AFL_QEMU_EXCLUDE_RANGES` * `AFL_FRIDA_INST_RANGES` - See `AFL_QEMU_INST_RANGES` +* `AFL_FRIDA_PERSISTENT_ADDR` - See `AFL_QEMU_PERSISTENT_ADDR` +* `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` +* `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` -# Performance +To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. + +## Performance Additionally, the intention is to be able to make a direct performance -comparison between the two approaches. Accordingly, FRIDA mode includes a test -target based on the [libpng](https://libpng.sourceforge.io/) benchmark used by -[fuzzbench](https://google.github.io/fuzzbench/) and integrated with the +comparison between the two approaches. Accordingly, FRIDA mode includes various +test targets based on the [libpng](https://libpng.sourceforge.io/) benchmark +used by [fuzzbench](https://google.github.io/fuzzbench/) and integrated with the [StandaloneFuzzTargetMain](https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c) -from the llvm project. This is built and linked without any special -modifications to suit FRIDA or QEMU. We use the test data provided with libpng -as our corpus. +from the llvm project. These tests include basic fork-server support, persistent +mode and persistent mode with in-memory test-cases. These are built and linked +without any special modifications to suit FRIDA or QEMU. The test data provided +with libpng is used as the corpus. -Whilst not much performance tuning has been completed to date, performance is -around 30-50% of that of QEMU mode, however, this gap may reduce with the -introduction of persistent mode. Performance can be tested by running -`make compare`, albeit a longer time measurement may be required for more -accurate results. +The intention is to add support for FRIDA mode to the FuzzBench project and +perform a like-for-like comparison with QEMU mode to get an accurate +appreciation of its performance. -Whilst [afl_frida](https://github.com/AFLplusplus/AFLplusplus/tree/stable/utils/afl_frida) -claims a 5-10x performance increase over QEMU, it has not been possible to -reproduce these claims. However, the number of executions per second can vary -dramatically as a result of the randomization of the fuzzer input. Some inputs -may traverse relatively few paths before being rejected as invalid whilst others -may be valid inputs or be subject to much more processing before rejection. -Accordingly, it is recommended that testing be carried out over prolongued -periods to gather timings which are more than indicative. +## Design -# Design FRIDA mode is supported by using `LD_PRELOAD` (`DYLD_INSERT_LIBRARIES` on macOS) to inject a shared library (`afl-frida-trace.so`) into the target. This shared library is built using the [frida-gum](https://github.com/frida/frida-gum) @@ -102,34 +105,34 @@ this coverage information to AFL++ and also provide a fork server. It also makes use of the FRIDA [prefetch](https://github.com/frida/frida-gum/blob/56dd9ba3ee9a5511b4b0c629394bf122775f1ab7/gum/gumstalker.h#L115) support to feedback instrumented blocks from the child to the parent using a shared memory region to avoid the need to regenerate instrumented blocks on each -fork. +fork. Whilst FRIDA allows for a normal C function to be used to augment instrumented -code, to minimize the costs of storing and restoring all of the registers, FRIDA -mode instead makes use of optimized assembly instead on AARCH64 and x86/64 -targets. +code, FRIDA mode instead makes use of optimized assembly instead on AARCH64 and +x86/64 targets. By injecting these small snippets of assembly, we avoid having +to push and pop the full register context. Note that since this instrumentation +is used on every basic block to generate coverage, it has a large impact on +performance. + +CMPLOG support also adds code to the assembly, however, at present this code +makes use of a basic C function and is yet to be optimized. Since not all +instances run CMPLOG mode and instrumentation of the binary is less frequent +(only on CMP, SUB and CALL instructions) performance is not quite so critical. + +## Advanced configuration options -# Advanced configuration options * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. -* `AFL_FRIDA_INST_STRICT` - Under certain conditions, Stalker may encroach into -excluded regions and generate both instrumented blocks and coverage data (e.g. -indirect calls on x86). The excluded block is generally honoured as soon as -another function is called within the excluded region and so such encroachment -is usually of little consequence. This detail may however, hinder you when -checking that the correct number of paths are found for testing purposes or -similar. There is a performance penatly for this option during block compilation -where we check the block isn't in a list of excluded ranges. * `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. -# TODO -As can be seen from the progress section above, there are a number of features -which are missing in its currently form. Chief amongst which is persistent mode. -The intention is to achieve feature parity with QEMU mode in due course. -Contributions are welcome, but please get in touch to ensure that efforts are -deconflicted. +## TODO + +The next features to be added are x86 support, integration with FuzzBench and +support for ASAN. The intention is to achieve feature parity with QEMU mode in +due course. Contributions are welcome, but please get in touch to ensure that +efforts are deconflicted. diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h new file mode 100644 index 00000000..967831af --- /dev/null +++ b/frida_mode/include/entry.h @@ -0,0 +1,15 @@ +#ifndef _ENTRY_H +#define _ENTRY_H + +#include "frida-gum.h" + +extern guint64 entry_start; + +void entry_init(void); + +void entry_run(void); + +void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output); + +#endif + diff --git a/frida_mode/include/frida_cmplog.h b/frida_mode/include/frida_cmplog.h new file mode 100644 index 00000000..28864c0e --- /dev/null +++ b/frida_mode/include/frida_cmplog.h @@ -0,0 +1,14 @@ +#ifndef _CMPLOG_H +#define _CMPLOG_H + +extern struct cmp_map *__afl_cmp_map; + +void cmplog_init(void); + +/* Functions to be implemented by the different architectures */ +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); + +gboolean cmplog_is_readable(void *addr, size_t size); + +#endif + diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index ff71bed4..03fd33e5 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -1,7 +1,23 @@ +#ifndef _INSTRUMENT_H +#define _INSTRUMENT_H + #include "frida-gum.h" -void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, - gpointer user_data); +#include "config.h" -void instrument_init(); +extern __thread uint64_t previous_pc; +extern uint8_t * __afl_area_ptr; +extern uint32_t __afl_map_size; + +void instrument_init(void); + +GumStalkerTransformer *instrument_get_transformer(void); + +/* Functions to be implemented by the different architectures */ +gboolean instrument_is_coverage_optimize_supported(void); + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output); + +#endif diff --git a/frida_mode/include/interceptor.h b/frida_mode/include/interceptor.h index 5ed3cf49..0ff754a4 100644 --- a/frida_mode/include/interceptor.h +++ b/frida_mode/include/interceptor.h @@ -1,4 +1,11 @@ +#ifndef _INTERCEPTOR_H +#define _INTERCEPTOR_H + #include "frida-gum.h" void intercept(void *address, gpointer replacement, gpointer user_data); +void unintercept(void *address); +void unintercept_self(void); + +#endif diff --git a/frida_mode/include/lib.h b/frida_mode/include/lib.h new file mode 100644 index 00000000..237aecb0 --- /dev/null +++ b/frida_mode/include/lib.h @@ -0,0 +1,13 @@ +#ifndef _LIB_H +#define _LIB_H + +#include "frida-gum.h" + +void lib_init(void); + +guint64 lib_get_text_base(void); + +guint64 lib_get_text_limit(void); + +#endif + diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h new file mode 100644 index 00000000..e58c5301 --- /dev/null +++ b/frida_mode/include/persistent.h @@ -0,0 +1,31 @@ + +#ifndef _PERSISTENT_H +#define _PERSISTENT_H + +#include "frida-gum.h" +#include "config.h" + +typedef struct arch_api_regs api_regs; + +typedef void (*afl_persistent_hook_fn)(api_regs *regs, uint64_t guest_base, + uint8_t *input_buf, + uint32_t input_buf_len); + +extern int __afl_persistent_loop(unsigned int max_cnt); + +extern unsigned int * __afl_fuzz_len; +extern unsigned char *__afl_fuzz_ptr; + +extern guint64 persistent_start; +extern guint64 persistent_count; +extern afl_persistent_hook_fn hook; + +void persistent_init(void); + +/* Functions to be implemented by the different architectures */ +gboolean persistent_is_supported(void); + +void persistent_prologue(GumStalkerOutput *output); + +#endif + diff --git a/frida_mode/include/prefetch.h b/frida_mode/include/prefetch.h index b7f25a97..8f0cee68 100644 --- a/frida_mode/include/prefetch.h +++ b/frida_mode/include/prefetch.h @@ -1,5 +1,11 @@ -void prefetch_init(); -void prefetch_start(GumStalker *stalker); -void prefetch_write(void *addr); -void prefetch_read(GumStalker *stalker); +#ifndef _PREFETCH_H +#define _PREFETCH_H + +#include "frida-gum.h" + +void prefetch_init(void); +void prefetch_write(void *addr); +void prefetch_read(void); + +#endif diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index b9394dbc..f652eb8a 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -1,6 +1,11 @@ +#ifndef _RANGES_H +#define _RANGES_H + #include "frida-gum.h" -void ranges_init(GumStalker *stalker); +void ranges_init(void); gboolean range_is_excluded(gpointer address); +#endif + diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h new file mode 100644 index 00000000..186ead11 --- /dev/null +++ b/frida_mode/include/stalker.h @@ -0,0 +1,11 @@ +#ifndef _STALKER_H +#define _STALKER_H + +#include "frida-gum.h" + +void stalker_init(void); +GumStalker *stalker_get(void); +void stalker_start(void); + +#endif + diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h new file mode 100644 index 00000000..afd0b9c1 --- /dev/null +++ b/frida_mode/include/util.h @@ -0,0 +1,14 @@ +#ifndef _UTIL_H +#define _UTIL_H + +#include "frida-gum.h" + +#define UNUSED_PARAMETER(x) (void)(x) +#define IGNORED_RERURN(x) (void)!(x) + +guint64 util_read_address(char *key); + +guint64 util_read_num(char *key); + +#endif + diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c new file mode 100644 index 00000000..3fab1951 --- /dev/null +++ b/frida_mode/src/cmplog/cmplog.c @@ -0,0 +1,87 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "util.h" + +#define DEFAULT_MMAP_MIN_ADDR (32UL << 10) + +extern struct cmp_map *__afl_cmp_map; + +static GArray *cmplog_ranges = NULL; + +static gboolean cmplog_range(const GumRangeDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + GumMemoryRange range = *details->range; + g_array_append_val(cmplog_ranges, range); + return TRUE; + +} + +static gint cmplog_sort(gconstpointer a, gconstpointer b) { + + return ((GumMemoryRange *)b)->base_address - + ((GumMemoryRange *)a)->base_address; + +} + +void cmplog_init(void) { + + if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } + + cmplog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); + gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, NULL); + g_array_sort(cmplog_ranges, cmplog_sort); + + for (guint i = 0; i < cmplog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); + OKF("CMPLOG Range - 0x%016" G_GINT64_MODIFIER "X - 0x%016" G_GINT64_MODIFIER + "X", + range->base_address, range->base_address + range->size); + + } + +} + +static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, + GumAddress outer_base, GumAddress outer_limit) { + + return (inner_base >= outer_base && inner_limit <= outer_limit); + +} + +gboolean cmplog_is_readable(void *addr, size_t size) { + + if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); + + /* + * The Linux kernel prevents mmap from allocating from the very bottom of the + * address space to mitigate NULL pointer dereference attacks. The exact size + * is set by sysctl by setting mmap_min_addr and 64k is suggested on most + * platforms with 32k on ARM systems. We therefore fail fast if the address + * is lower than this. This should avoid some overhead when functions are + * called where one of the parameters is a size, or a some other small value. + */ + if (GPOINTER_TO_SIZE(addr) < DEFAULT_MMAP_MIN_ADDR) { return false; } + + GumAddress inner_base = GUM_ADDRESS(addr); + GumAddress inner_limit = inner_base + size; + + for (guint i = 0; i < cmplog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); + GumAddress outer_base = range->base_address; + GumAddress outer_limit = outer_base + range->size; + + if (cmplog_contains(inner_base, inner_limit, outer_base, outer_limit)) + return true; + + } + + return false; + +} + diff --git a/frida_mode/src/cmplog/cmplog_arm.c b/frida_mode/src/cmplog/cmplog_arm.c new file mode 100644 index 00000000..5af28f3f --- /dev/null +++ b/frida_mode/src/cmplog/cmplog_arm.c @@ -0,0 +1,19 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "frida_cmplog.h" +#include "util.h" + +#if defined(__arm__) +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (__afl_cmp_map == NULL) { return; } + FATAL("CMPLOG mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c new file mode 100644 index 00000000..187d0162 --- /dev/null +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -0,0 +1,19 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "frida_cmplog.h" +#include "util.h" + +#if defined(__aarch64__) +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (__afl_cmp_map == NULL) { return; } + FATAL("CMPLOG mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c new file mode 100644 index 00000000..9bf09ad5 --- /dev/null +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -0,0 +1,346 @@ +#include "frida-gum.h" + +#include "debug.h" +#include "cmplog.h" + +#include "frida_cmplog.h" +#include "util.h" + +#if defined(__x86_64__) + + #define X86_REG_8L(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define X86_REG_8H(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK) >> 8; \ + \ + } + + #define X86_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define X86_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + + #define X86_REG_64(LABEL, REG) \ + case LABEL: { \ + \ + return (REG); \ + \ + } + +typedef struct { + + x86_op_type type; + uint8_t size; + + union { + + x86_op_mem mem; + x86_reg reg; + int64_t imm; + + }; + +} cmplog_ctx_t; + +typedef struct { + + cmplog_ctx_t operand1; + cmplog_ctx_t operand2; + +} cmplog_pair_ctx_t; + +static guint64 cmplog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { + + switch (reg) { + + X86_REG_8L(X86_REG_AL, ctx->rax) + X86_REG_8L(X86_REG_BL, ctx->rbx) + X86_REG_8L(X86_REG_CL, ctx->rcx) + X86_REG_8L(X86_REG_DL, ctx->rdx) + X86_REG_8L(X86_REG_BPL, ctx->rbp) + X86_REG_8L(X86_REG_SIL, ctx->rsi) + X86_REG_8L(X86_REG_DIL, ctx->rdi) + + X86_REG_8H(X86_REG_AH, ctx->rax) + X86_REG_8H(X86_REG_BH, ctx->rbx) + X86_REG_8H(X86_REG_CH, ctx->rcx) + X86_REG_8H(X86_REG_DH, ctx->rdx) + + X86_REG_16(X86_REG_AX, ctx->rax) + X86_REG_16(X86_REG_BX, ctx->rbx) + X86_REG_16(X86_REG_CX, ctx->rcx) + X86_REG_16(X86_REG_DX, ctx->rdx) + X86_REG_16(X86_REG_DI, ctx->rdi) + X86_REG_16(X86_REG_SI, ctx->rsi) + X86_REG_16(X86_REG_BP, ctx->rbp) + + X86_REG_32(X86_REG_EAX, ctx->rax) + X86_REG_32(X86_REG_ECX, ctx->rcx) + X86_REG_32(X86_REG_EDX, ctx->rdx) + X86_REG_32(X86_REG_EBX, ctx->rbx) + X86_REG_32(X86_REG_ESP, ctx->rsp) + X86_REG_32(X86_REG_EBP, ctx->rbp) + X86_REG_32(X86_REG_ESI, ctx->rsi) + X86_REG_32(X86_REG_EDI, ctx->rdi) + X86_REG_32(X86_REG_R8D, ctx->r8) + X86_REG_32(X86_REG_R9D, ctx->r9) + X86_REG_32(X86_REG_R10D, ctx->r10) + X86_REG_32(X86_REG_R11D, ctx->r11) + X86_REG_32(X86_REG_R12D, ctx->r12) + X86_REG_32(X86_REG_R13D, ctx->r13) + X86_REG_32(X86_REG_R14D, ctx->r14) + X86_REG_32(X86_REG_R15D, ctx->r15) + X86_REG_32(X86_REG_EIP, ctx->rip) + + X86_REG_64(X86_REG_RAX, ctx->rax) + X86_REG_64(X86_REG_RCX, ctx->rcx) + X86_REG_64(X86_REG_RDX, ctx->rdx) + X86_REG_64(X86_REG_RBX, ctx->rbx) + X86_REG_64(X86_REG_RSP, ctx->rsp) + X86_REG_64(X86_REG_RBP, ctx->rbp) + X86_REG_64(X86_REG_RSI, ctx->rsi) + X86_REG_64(X86_REG_RDI, ctx->rdi) + X86_REG_64(X86_REG_R8, ctx->r8) + X86_REG_64(X86_REG_R9, ctx->r9) + X86_REG_64(X86_REG_R10, ctx->r10) + X86_REG_64(X86_REG_R11, ctx->r11) + X86_REG_64(X86_REG_R12, ctx->r12) + X86_REG_64(X86_REG_R13, ctx->r13) + X86_REG_64(X86_REG_R14, ctx->r14) + X86_REG_64(X86_REG_R15, ctx->r15) + X86_REG_64(X86_REG_RIP, ctx->rip) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +static guint64 cmplog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { + + guint64 base = 0; + guint64 index = 0; + guint64 address; + + if (mem->base != X86_REG_INVALID) base = cmplog_read_reg(ctx, mem->base); + + if (mem->index != X86_REG_INVALID) index = cmplog_read_reg(ctx, mem->index); + + address = base + (index * mem->scale) + mem->disp; + return address; + +} + +static guint64 cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t * ctx) { + + switch (ctx->type) { + + case X86_OP_REG: + return cmplog_read_reg(context, ctx->reg); + case X86_OP_IMM: + return ctx->imm; + case X86_OP_MEM: + return cmplog_read_mem(context, &ctx->mem); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + +} + +static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + guint64 address = cmplog_read_reg(context, X86_REG_RIP); + guint64 rdi = cmplog_read_reg(context, X86_REG_RDI); + guint64 rsi = cmplog_read_reg(context, X86_REG_RSI); + + if (((G_MAXULONG - rdi) < 32) || ((G_MAXULONG - rsi) < 32)) return; + + void *ptr1 = GSIZE_TO_POINTER(rdi); + void *ptr2 = GSIZE_TO_POINTER(rsi); + + if (!cmplog_is_readable(ptr1, 32) || !cmplog_is_readable(ptr2, 32)) return; + + uintptr_t k = address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = 31; + + hits &= CMP_MAP_RTN_H - 1; + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, + 32); + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, + 32); + +} + +static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, + cs_x86_op * operand) { + + ctx->type = operand->type; + ctx->size = operand->size; + switch (operand->type) { + + case X86_OP_REG: + gum_memcpy(&ctx->reg, &operand->reg, sizeof(x86_reg)); + break; + case X86_OP_IMM: + gum_memcpy(&ctx->imm, &operand->imm, sizeof(int64_t)); + break; + case X86_OP_MEM: + gum_memcpy(&ctx->mem, &operand->mem, sizeof(x86_op_mem)); + break; + default: + FATAL("Invalid operand type: %d\n", operand->type); + + } + +} + +static void cmplog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand; + + if (instr->id != X86_INS_CALL) return; + + if (x86.op_count != 1) return; + + operand = &x86.operands[0]; + + if (operand->type == X86_OP_INVALID) return; + if (operand->type == X86_OP_MEM && operand->mem.segment != X86_REG_INVALID) + return; + + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, NULL, NULL); + +} + +static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, + guint64 operand2, uint8_t size) { + + guint64 address = cmplog_read_reg(context, X86_REG_RIP); + + register uintptr_t k = (uintptr_t)address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_INS; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = (size - 1); + + hits &= CMP_MAP_H - 1; + __afl_cmp_map->log[k][hits].v0 = operand1; + __afl_cmp_map->log[k][hits].v1 = operand2; + +} + +static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { + + cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + + if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); + + guint64 operand1 = cmplog_get_operand_value(context, &ctx->operand1); + guint64 operand2 = cmplog_get_operand_value(context, &ctx->operand2); + + cmplog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); + +} + +static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand1, + cs_x86_op *operand2) { + + cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); + if (ctx == NULL) return; + + cmplog_instrument_put_operand(&ctx->operand1, operand1); + cmplog_instrument_put_operand(&ctx->operand2, operand2); + + gum_stalker_iterator_put_callout(iterator, cmplog_cmp_sub_callout, ctx, + g_free); + +} + +static void cmplog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand1; + cs_x86_op *operand2; + + switch (instr->id) { + + case X86_INS_CMP: + case X86_INS_SUB: + break; + default: + return; + + } + + if (x86.op_count != 2) return; + + operand1 = &x86.operands[0]; + operand2 = &x86.operands[1]; + + if (operand1->type == X86_OP_INVALID) return; + if (operand2->type == X86_OP_INVALID) return; + + if ((operand1->type == X86_OP_MEM) && + (operand1->mem.segment != X86_REG_INVALID)) + return; + + if ((operand2->type == X86_OP_MEM) && + (operand2->mem.segment != X86_REG_INVALID)) + return; + + cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); + +} + +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + if (__afl_cmp_map == NULL) return; + + cmplog_instrument_call(instr, iterator); + cmplog_instrument_cmp_sub(instr, iterator); + +} + +#endif + diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c new file mode 100644 index 00000000..2401180c --- /dev/null +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -0,0 +1,19 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "frida_cmplog.h" +#include "util.h" + +#if defined(__i386__) +void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (__afl_cmp_map == NULL) { return; } + FATAL("CMPLOG mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c new file mode 100644 index 00000000..e71386a0 --- /dev/null +++ b/frida_mode/src/entry.c @@ -0,0 +1,50 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "entry.h" +#include "instrument.h" +#include "stalker.h" +#include "util.h" + +extern void __afl_manual_init(); + +guint64 entry_start = 0; + +static void entry_launch(void) { + + __afl_manual_init(); + + /* Child here */ + previous_pc = 0; + +} + +void entry_init(void) { + + entry_start = util_read_address("AFL_ENTRYPOINT"); + OKF("entry_point: 0x%016" G_GINT64_MODIFIER "X", entry_start); + +} + +void entry_run(void) { + + if (entry_start == 0) { entry_launch(); } + +} + +static void entry_callout(GumCpuContext *cpu_context, gpointer user_data) { + + UNUSED_PARAMETER(cpu_context); + UNUSED_PARAMETER(user_data); + entry_launch(); + +} + +void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + gum_stalker_iterator_put_callout(iterator, entry_callout, NULL, NULL); + +} + diff --git a/frida_mode/src/instrument.c b/frida_mode/src/instrument.c deleted file mode 100644 index 22910062..00000000 --- a/frida_mode/src/instrument.c +++ /dev/null @@ -1,271 +0,0 @@ -#include "frida-gum.h" -#include "config.h" -#include "debug.h" -#include "prefetch.h" -#include "ranges.h" -#include "unistd.h" - -extern uint8_t *__afl_area_ptr; -extern u32 __afl_map_size; - -uint64_t __thread previous_pc = 0; -GumAddress current_log_impl = GUM_ADDRESS(0); - -static gboolean tracing = false; -static gboolean optimize = false; -static gboolean strict = false; - -#if defined(__x86_64__) -static const guint8 afl_log_code[] = { - - 0x9c, /* pushfq */ - 0x50, /* push rax */ - 0x51, /* push rcx */ - 0x52, /* push rdx */ - - 0x48, 0x8d, 0x05, 0x27, - 0x00, 0x00, 0x00, /* lea rax, sym._afl_area_ptr_ptr */ - 0x48, 0x8b, 0x00, /* mov rax, qword [rax] */ - 0x48, 0x8b, 0x00, /* mov rax, qword [rax] */ - 0x48, 0x8d, 0x0d, 0x22, - 0x00, 0x00, 0x00, /* lea rcx, sym.previous_pc */ - 0x48, 0x8b, 0x11, /* mov rdx, qword [rcx] */ - 0x48, 0x8b, 0x12, /* mov rdx, qword [rdx] */ - 0x48, 0x31, 0xfa, /* xor rdx, rdi */ - 0xfe, 0x04, 0x10, /* inc byte [rax + rdx] */ - 0x48, 0xd1, 0xef, /* shr rdi, 1 */ - 0x48, 0x8b, 0x01, /* mov rax, qword [rcx] */ - 0x48, 0x89, 0x38, /* mov qword [rax], rdi */ - - 0x5a, /* pop rdx */ - 0x59, /* pop rcx */ - 0x58, /* pop rax */ - 0x9d, /* popfq */ - - 0xc3, /* ret */ - - /* Read-only data goes here: */ - /* uint8_t** afl_area_ptr_ptr */ - /* uint64_t* afl_prev_loc_ptr */ - -}; - -void instrument_coverage_optimize(const cs_insn * instr, - GumStalkerOutput *output) { - - guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - area_offset &= MAP_SIZE - 1; - GumX86Writer *cw = output->writer.x86; - - if (current_log_impl == 0 || - !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || - !gum_x86_writer_can_branch_directly_between(cw->pc + 128, - current_log_impl)) { - - gconstpointer after_log_impl = cw->code + 1; - - gum_x86_writer_put_jmp_near_label(cw, after_log_impl); - - current_log_impl = cw->pc; - gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); - - uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; - uint64_t *afl_prev_loc_ptr = &previous_pc; - gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, - sizeof(afl_area_ptr_ptr)); - gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, - sizeof(afl_prev_loc_ptr)); - - gum_x86_writer_put_label(cw, after_log_impl); - - } - - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - -GUM_RED_ZONE_SIZE); - gum_x86_writer_put_push_reg(cw, GUM_REG_RDI); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDI, area_offset); - gum_x86_writer_put_call_address(cw, current_log_impl); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RDI); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - GUM_RED_ZONE_SIZE); - -} - -#elif defined(__aarch64__) -static const guint8 afl_log_code[] = { - - // __afl_area_ptr[current_pc ^ previous_pc]++; - // previous_pc = current_pc >> 1; - 0xE1, 0x0B, 0xBF, 0xA9, // stp x1, x2, [sp, -0x10]! - 0xE3, 0x13, 0xBF, 0xA9, // stp x3, x4, [sp, -0x10]! - - // x0 = current_pc - 0xc1, 0x01, 0x00, 0x58, // ldr x1, #0x38, =&__afl_area_ptr - 0x21, 0x00, 0x40, 0xf9, // ldr x1, [x1] (=__afl_area_ptr) - - 0xc2, 0x01, 0x00, 0x58, // ldr x2, #0x38, =&previous_pc - 0x42, 0x00, 0x40, 0xf9, // ldr x2, [x2] (=previous_pc) - - // __afl_area_ptr[current_pc ^ previous_pc]++; - 0x42, 0x00, 0x00, 0xca, // eor x2, x2, x0 - 0x23, 0x68, 0x62, 0xf8, // ldr x3, [x1, x2] - 0x63, 0x04, 0x00, 0x91, // add x3, x3, #1 - 0x23, 0x68, 0x22, 0xf8, // str x3, [x1, x2] - - // previous_pc = current_pc >> 1; - 0xe0, 0x07, 0x40, 0x8b, // add x0, xzr, x0, LSR #1 - 0xe2, 0x00, 0x00, 0x58, // ldr x2, #0x1c, =&previous_pc - 0x40, 0x00, 0x00, 0xf9, // str x0, [x2] - - 0xE3, 0x13, 0xc1, 0xA8, // ldp x3, x4, [sp], #0x10 - 0xE1, 0x0B, 0xc1, 0xA8, // ldp x1, x2, [sp], #0x10 - 0xC0, 0x03, 0x5F, 0xD6, // ret - - // &afl_area_ptr_ptr - // &afl_prev_loc_ptr - -}; - -void instrument_coverage_optimize(const cs_insn * instr, - GumStalkerOutput *output) { - - guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - area_offset &= MAP_SIZE - 1; - GumArm64Writer *cw = output->writer.arm64; - - if (current_log_impl == 0 || - !gum_arm64_writer_can_branch_directly_between(cw, cw->pc, - current_log_impl) || - !gum_arm64_writer_can_branch_directly_between(cw, cw->pc + 128, - current_log_impl)) { - - gconstpointer after_log_impl = cw->code + 1; - - gum_arm64_writer_put_b_label(cw, after_log_impl); - - current_log_impl = cw->pc; - gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); - - uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; - uint64_t *afl_prev_loc_ptr = &previous_pc; - gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, - sizeof(afl_area_ptr_ptr)); - gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, - sizeof(afl_prev_loc_ptr)); - - gum_arm64_writer_put_label(cw, after_log_impl); - - } - - gum_arm64_writer_put_stp_reg_reg_reg_offset( - cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), - GUM_INDEX_PRE_ADJUST); - gum_arm64_writer_put_ldr_reg_u64(cw, ARM64_REG_X0, area_offset); - gum_arm64_writer_put_bl_imm(cw, current_log_impl); - gum_arm64_writer_put_ldp_reg_reg_reg_offset( - cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, - GUM_INDEX_POST_ADJUST); - -} - -#endif - -static void on_basic_block(GumCpuContext *context, gpointer user_data) { - - /* - * This function is performance critical as it is called to instrument every - * basic block. By moving our print buffer to a global, we avoid it affecting - * the critical path with additional stack adjustments if tracing is not - * enabled. If tracing is enabled, then we're printing a load of diagnostic - * information so this overhead is unlikely to be noticeable. - */ - static char buffer[200]; - int len; - guint64 current_pc = (guint64)user_data; - if (tracing) { - - /* Avoid any functions which may cause an allocation since the target app - * may already be running inside malloc and it isn't designed to be - * re-entrant on a single thread */ - len = snprintf(buffer, sizeof(buffer), - "current_pc: 0x%016" G_GINT64_MODIFIER - "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", - current_pc, previous_pc); - - write(STDOUT_FILENO, buffer, len + 1); - - } - - current_pc = (current_pc >> 4) ^ (current_pc << 8); - current_pc &= MAP_SIZE - 1; - - __afl_area_ptr[current_pc ^ previous_pc]++; - previous_pc = current_pc >> 1; - -} - -void instr_basic_block(GumStalkerIterator *iterator, GumStalkerOutput *output, - gpointer user_data) { - - const cs_insn *instr; - gboolean begin = TRUE; - while (gum_stalker_iterator_next(iterator, &instr)) { - - if (begin) { - - prefetch_write((void *)instr->address); - if (!strict || !range_is_excluded((void *)instr->address)) { - - if (optimize) { - - instrument_coverage_optimize(instr, output); - - } else { - - gum_stalker_iterator_put_callout(iterator, on_basic_block, - (gpointer)instr->address, NULL); - - } - - } - - begin = FALSE; - - } - - gum_stalker_iterator_keep(iterator); - - } - -} - -void instrument_init() { - - optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); - tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); - strict = (getenv("AFL_FRIDA_INST_STRICT") != NULL); - -#if !defined(__x86_64__) && !defined(__aarch64__) - optimize = false; -#endif - - OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); - OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); - OKF("Instrumentation - strict [%c]", strict ? 'X' : ' '); - - if (tracing && optimize) { - - FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); - - } - - if (__afl_map_size != 0x10000) { - - FATAL("Bad map size: 0x%08x", __afl_map_size); - - } - -} - diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c new file mode 100644 index 00000000..971f80c0 --- /dev/null +++ b/frida_mode/src/instrument/instrument.c @@ -0,0 +1,155 @@ +#include + +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "entry.h" +#include "frida_cmplog.h" +#include "instrument.h" +#include "persistent.h" +#include "prefetch.h" +#include "ranges.h" +#include "stalker.h" +#include "util.h" + +static gboolean tracing = false; +static gboolean optimize = false; +static GumStalkerTransformer *transformer = NULL; + +__thread uint64_t previous_pc = 0; + +__attribute__((hot)) static void on_basic_block(GumCpuContext *context, + gpointer user_data) { + + UNUSED_PARAMETER(context); + /* + * This function is performance critical as it is called to instrument every + * basic block. By moving our print buffer to a global, we avoid it affecting + * the critical path with additional stack adjustments if tracing is not + * enabled. If tracing is enabled, then we're printing a load of diagnostic + * information so this overhead is unlikely to be noticeable. + */ + static char buffer[200]; + int len; + guint64 current_pc = (guint64)user_data; + uint8_t * cursor; + uint64_t value; + if (unlikely(tracing)) { + + /* Avoid any functions which may cause an allocation since the target app + * may already be running inside malloc and it isn't designed to be + * re-entrant on a single thread */ + len = snprintf(buffer, sizeof(buffer), + "current_pc: 0x%016" G_GINT64_MODIFIER + "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", + current_pc, previous_pc); + + IGNORED_RERURN(write(STDOUT_FILENO, buffer, len + 1)); + + } + + current_pc = (current_pc >> 4) ^ (current_pc << 8); + current_pc &= MAP_SIZE - 1; + + cursor = &__afl_area_ptr[current_pc ^ previous_pc]; + value = *cursor; + + if (value == 0xff) { + + value = 1; + + } else { + + value++; + + } + + *cursor = value; + previous_pc = current_pc >> 1; + +} + +static void instr_basic_block(GumStalkerIterator *iterator, + GumStalkerOutput *output, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + const cs_insn *instr; + gboolean begin = TRUE; + while (gum_stalker_iterator_next(iterator, &instr)) { + + if (instr->address == entry_start) { entry_prologue(iterator, output); } + if (instr->address == persistent_start) { persistent_prologue(output); } + + if (begin) { + + prefetch_write((void *)instr->address); + if (!range_is_excluded((void *)instr->address)) { + + if (optimize) { + + instrument_coverage_optimize(instr, output); + + } else { + + gum_stalker_iterator_put_callout(iterator, on_basic_block, + (gpointer)instr->address, NULL); + + } + + } + + begin = FALSE; + + } + + if (!range_is_excluded((void *)instr->address)) { + + cmplog_instrument(instr, iterator); + + } + + gum_stalker_iterator_keep(iterator); + + } + +} + +void instrument_init(void) { + + optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); + tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + + if (!instrument_is_coverage_optimize_supported()) optimize = false; + + OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); + OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); + + if (tracing && optimize) { + + FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); + + } + + if (__afl_map_size != 0x10000) { + + FATAL("Bad map size: 0x%08x", __afl_map_size); + + } + + transformer = + gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + + cmplog_init(); + +} + +GumStalkerTransformer *instrument_get_transformer(void) { + + if (transformer == NULL) { FATAL("Instrumentation not initialized"); } + return transformer; + +} + diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c new file mode 100644 index 00000000..c2d720a7 --- /dev/null +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -0,0 +1,23 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "instrument.h" + +#if defined(__arm__) + +gboolean instrument_is_coverage_optimize_supported(void) { + + return false; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + FATAL("Optimized coverage not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c new file mode 100644 index 00000000..fa3afb48 --- /dev/null +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -0,0 +1,97 @@ +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "instrument.h" + +#if defined(__aarch64__) + +static GumAddress current_log_impl = GUM_ADDRESS(0); + +static const guint8 afl_log_code[] = { + + // __afl_area_ptr[current_pc ^ previous_pc]++; + // previous_pc = current_pc >> 1; + 0xE1, 0x0B, 0xBF, 0xA9, // stp x1, x2, [sp, -0x10]! + 0xE3, 0x13, 0xBF, 0xA9, // stp x3, x4, [sp, -0x10]! + + // x0 = current_pc + 0xe1, 0x01, 0x00, 0x58, // ldr x1, #0x3c, =&__afl_area_ptr + 0x21, 0x00, 0x40, 0xf9, // ldr x1, [x1] (=__afl_area_ptr) + + 0xe2, 0x01, 0x00, 0x58, // ldr x2, #0x3c, =&previous_pc + 0x42, 0x00, 0x40, 0xf9, // ldr x2, [x2] (=previous_pc) + + // __afl_area_ptr[current_pc ^ previous_pc]++; + 0x42, 0x00, 0x00, 0xca, // eor x2, x2, x0 + 0x23, 0x68, 0x62, 0xf8, // ldr x3, [x1, x2] + 0x63, 0x04, 0x00, 0x91, // add x3, x3, #1 + 0x63, 0x00, 0x1f, 0x9a, // adc x3, x3, xzr + 0x23, 0x68, 0x22, 0xf8, // str x3, [x1, x2] + + // previous_pc = current_pc >> 1; + 0xe0, 0x07, 0x40, 0x8b, // add x0, xzr, x0, LSR #1 + 0xe2, 0x00, 0x00, 0x58, // ldr x2, #0x1c, =&previous_pc + 0x40, 0x00, 0x00, 0xf9, // str x0, [x2] + + 0xE3, 0x13, 0xc1, 0xA8, // ldp x3, x4, [sp], #0x10 + 0xE1, 0x0B, 0xc1, 0xA8, // ldp x1, x2, [sp], #0x10 + 0xC0, 0x03, 0x5F, 0xD6, // ret + + // &afl_area_ptr_ptr + // &afl_prev_loc_ptr + +}; + +gboolean instrument_is_coverage_optimize_supported(void) { + + return true; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumArm64Writer *cw = output->writer.arm64; + + if (current_log_impl == 0 || + !gum_arm64_writer_can_branch_directly_between(cw, cw->pc, + current_log_impl) || + !gum_arm64_writer_can_branch_directly_between(cw, cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_arm64_writer_put_b_label(cw, after_log_impl); + + current_log_impl = cw->pc; + gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); + + uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; + uint64_t *afl_prev_loc_ptr = &previous_pc; + gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, + sizeof(afl_area_ptr_ptr)); + gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, + sizeof(afl_prev_loc_ptr)); + + gum_arm64_writer_put_label(cw, after_log_impl); + + } + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + gum_arm64_writer_put_ldr_reg_u64(cw, ARM64_REG_X0, area_offset); + gum_arm64_writer_put_bl_imm(cw, current_log_impl); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_LR, ARM64_REG_X0, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c new file mode 100644 index 00000000..901f3bd0 --- /dev/null +++ b/frida_mode/src/instrument/instrument_x64.c @@ -0,0 +1,93 @@ +#include "frida-gum.h" + +#include "config.h" + +#include "instrument.h" + +#if defined(__x86_64__) + +static GumAddress current_log_impl = GUM_ADDRESS(0); + +static const guint8 afl_log_code[] = { + + // 0xcc, + + 0x9c, /* pushfq */ + 0x51, /* push rcx */ + 0x52, /* push rdx */ + + 0x48, 0x8b, 0x0d, 0x28, + 0x00, 0x00, 0x00, /* mov rcx, sym.&previous_pc */ + 0x48, 0x8b, 0x11, /* mov rdx, qword [rcx] */ + 0x48, 0x31, 0xfa, /* xor rdx, rdi */ + + 0x48, 0x03, 0x15, 0x13, + 0x00, 0x00, 0x00, /* add rdx, sym._afl_area_ptr_ptr */ + + 0x80, 0x02, 0x01, /* add byte ptr [rdx], 1 */ + 0x80, 0x12, 0x00, /* adc byte ptr [rdx], 0 */ + 0x48, 0xd1, 0xef, /* shr rdi, 1 */ + 0x48, 0x89, 0x39, /* mov qword [rcx], rdi */ + + 0x5a, /* pop rdx */ + 0x59, /* pop rcx */ + 0x9d, /* popfq */ + + 0xc3, /* ret */ + 0x90, 0x90, 0x90 /* nop pad */ + + /* Read-only data goes here: */ + /* uint8_t* __afl_area_ptr */ + /* uint64_t* &previous_pc */ + +}; + +gboolean instrument_is_coverage_optimize_supported(void) { + + return true; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumX86Writer *cw = output->writer.x86; + + if (current_log_impl == 0 || + !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || + !gum_x86_writer_can_branch_directly_between(cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_x86_writer_put_jmp_near_label(cw, after_log_impl); + + current_log_impl = cw->pc; + gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); + + uint64_t *afl_prev_loc_ptr = &previous_pc; + gum_x86_writer_put_bytes(cw, (const guint8 *)&__afl_area_ptr, + sizeof(__afl_area_ptr)); + gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, + sizeof(afl_prev_loc_ptr)); + + gum_x86_writer_put_label(cw, after_log_impl); + + } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -GUM_RED_ZONE_SIZE); + gum_x86_writer_put_push_reg(cw, GUM_REG_RDI); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDI, area_offset); + gum_x86_writer_put_call_address(cw, current_log_impl); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RDI); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + GUM_RED_ZONE_SIZE); + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c new file mode 100644 index 00000000..5b8cbbba --- /dev/null +++ b/frida_mode/src/instrument/instrument_x86.c @@ -0,0 +1,23 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "instrument.h" + +#if defined(__i386__) + +gboolean instrument_is_coverage_optimize_supported(void) { + + return false; + +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + FATAL("Optimized coverage not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/interceptor.c b/frida_mode/src/interceptor.c index ba05a80a..d2802752 100644 --- a/frida_mode/src/interceptor.c +++ b/frida_mode/src/interceptor.c @@ -1,4 +1,5 @@ #include "frida-gum.h" + #include "debug.h" #include "interceptor.h" @@ -9,8 +10,26 @@ void intercept(void *address, gpointer replacement, gpointer user_data) { gum_interceptor_begin_transaction(interceptor); GumReplaceReturn ret = gum_interceptor_replace(interceptor, address, replacement, user_data); - if (ret != GUM_ATTACH_OK) { FATAL("gum_interceptor_attach: %d", ret); } + if (ret != GUM_REPLACE_OK) { FATAL("gum_interceptor_attach: %d", ret); } gum_interceptor_end_transaction(interceptor); } +void unintercept(void *address) { + + GumInterceptor *interceptor = gum_interceptor_obtain(); + + gum_interceptor_begin_transaction(interceptor); + gum_interceptor_revert(interceptor, address); + gum_interceptor_end_transaction(interceptor); + gum_interceptor_flush(interceptor); + +} + +void unintercept_self(void) { + + GumInvocationContext *ctx = gum_interceptor_get_current_invocation(); + unintercept(ctx->function); + +} + diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c new file mode 100644 index 00000000..c5045533 --- /dev/null +++ b/frida_mode/src/lib/lib.c @@ -0,0 +1,176 @@ +#ifndef __APPLE__ + #include + #include + #include + #include + #include + #include + + #include "frida-gum.h" + + #include "debug.h" + + #include "lib.h" + + #if defined(__arm__) || defined(__i386__) + #define ELFCLASS ELFCLASS32 +typedef Elf32_Ehdr Elf_Ehdr; +typedef Elf32_Phdr Elf_Phdr; +typedef Elf32_Shdr Elf_Shdr; +typedef Elf32_Addr Elf_Addr; + #elif defined(__aarch64__) || defined(__x86_64__) + #define ELFCLASS ELFCLASS64 +typedef Elf64_Ehdr Elf_Ehdr; +typedef Elf64_Phdr Elf_Phdr; +typedef Elf64_Shdr Elf_Shdr; +typedef Elf64_Addr Elf_Addr; + #else + #error "Unsupported platform" + #endif + +typedef struct { + + gchar name[PATH_MAX + 1]; + gchar path[PATH_MAX + 1]; + GumAddress base_address; + gsize size; + +} lib_details_t; + +static guint64 text_base = 0; +static guint64 text_limit = 0; + +static gboolean lib_find_exe(const GumModuleDetails *details, + gpointer user_data) { + + lib_details_t *lib_details = (lib_details_t *)user_data; + + memcpy(lib_details->name, details->name, PATH_MAX); + memcpy(lib_details->path, details->path, PATH_MAX); + lib_details->base_address = details->range->base_address; + lib_details->size = details->range->size; + return FALSE; + +} + +static void lib_validate_hdr(Elf_Ehdr *hdr) { + + if (hdr->e_ident[0] != ELFMAG0) FATAL("Invalid e_ident[0]"); + if (hdr->e_ident[1] != ELFMAG1) FATAL("Invalid e_ident[1]"); + if (hdr->e_ident[2] != ELFMAG2) FATAL("Invalid e_ident[2]"); + if (hdr->e_ident[3] != ELFMAG3) FATAL("Invalid e_ident[3]"); + if (hdr->e_ident[4] != ELFCLASS) FATAL("Invalid class"); + +} + +static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { + + Elf_Phdr *phdr; + gboolean found_preferred_base = FALSE; + Elf_Addr preferred_base; + Elf_Shdr *shdr; + Elf_Shdr *shstrtab; + char * shstr; + char * section_name; + Elf_Shdr *curr; + char text_name[] = ".text"; + + phdr = (Elf_Phdr *)((char *)hdr + hdr->e_phoff); + for (size_t i = 0; i < hdr->e_phnum; i++) { + + if (phdr[i].p_type == PT_LOAD) { + + preferred_base = phdr[i].p_vaddr; + found_preferred_base = TRUE; + break; + + } + + } + + if (!found_preferred_base) { FATAL("Failed to find preferred load address"); } + + OKF("Image preferred load address 0x%016lx", preferred_base); + + shdr = (Elf_Shdr *)((char *)hdr + hdr->e_shoff); + shstrtab = &shdr[hdr->e_shstrndx]; + shstr = (char *)hdr + shstrtab->sh_offset; + + OKF("shdr: %p", shdr); + OKF("shstrtab: %p", shstrtab); + OKF("shstr: %p", shstr); + + for (size_t i = 0; i < hdr->e_shnum; i++) { + + curr = &shdr[i]; + + if (curr->sh_name == 0) continue; + + section_name = &shstr[curr->sh_name]; + OKF("Section: %2lu - base: 0x%016lX size: 0x%016lX %s", i, curr->sh_addr, + curr->sh_size, section_name); + if (memcmp(section_name, text_name, sizeof(text_name)) == 0 && + text_base == 0) { + + text_base = lib_details->base_address + curr->sh_addr - preferred_base; + text_limit = text_base + curr->sh_size; + OKF("> text_addr: 0x%016lX", text_base); + OKF("> text_limit: 0x%016lX", text_limit); + + } + + } + +} + +static void lib_get_text_section(lib_details_t *details) { + + int fd = -1; + off_t len; + Elf_Ehdr *hdr; + + fd = open(details->path, O_RDONLY); + if (fd < 0) { FATAL("Failed to open %s", details->path); } + + len = lseek(fd, 0, SEEK_END); + + if (len == (off_t)-1) { FATAL("Failed to lseek %s", details->path); } + + OKF("len: %ld", len); + + hdr = (Elf_Ehdr *)mmap(NULL, len, PROT_READ, MAP_PRIVATE, fd, 0); + if (hdr == MAP_FAILED) { FATAL("Failed to map %s", details->path); } + + lib_validate_hdr(hdr); + lib_read_text_section(details, hdr); + + munmap(hdr, len); + close(fd); + +} + +void lib_init(void) { + + lib_details_t lib_details; + gum_process_enumerate_modules(lib_find_exe, &lib_details); + OKF("Executable: 0x%016lx - %s", lib_details.base_address, lib_details.path); + lib_get_text_section(&lib_details); + +} + +guint64 lib_get_text_base(void) { + + if (text_base == 0) FATAL("Lib not initialized"); + return text_base; + +} + +guint64 lib_get_text_limit(void) { + + if (text_limit == 0) FATAL("Lib not initialized"); + return text_limit; + +} + +#endif + diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c new file mode 100644 index 00000000..8f863861 --- /dev/null +++ b/frida_mode/src/lib/lib_apple.c @@ -0,0 +1,82 @@ +#ifdef __APPLE__ + #include "frida-gum.h" + + #include "debug.h" + + #include "lib.h" + #include "util.h" + +extern mach_port_t mach_task_self(); +extern void gum_darwin_enumerate_modules(mach_port_t task, + GumFoundModuleFunc func, + gpointer user_data); + +static guint64 text_base = 0; +static guint64 text_limit = 0; + +static gboolean lib_get_main_module(const GumModuleDetails *details, + gpointer user_data) { + + GumDarwinModule **ret = (GumDarwinModule **)user_data; + GumDarwinModule * module = gum_darwin_module_new_from_memory( + details->path, mach_task_self(), details->range->base_address, + GUM_DARWIN_MODULE_FLAGS_NONE, NULL); + + OKF("Found main module: %s", module->name); + + *ret = module; + + return FALSE; + +} + +gboolean lib_get_text_section(const GumDarwinSectionDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + static size_t idx = 0; + char text_name[] = "__text"; + + OKF("Section: %2lu - base: 0x%016" G_GINT64_MODIFIER + "X size: 0x%016" G_GINT64_MODIFIER "X %s", + idx++, details->vm_address, details->vm_address + details->size, + details->section_name); + + if (memcmp(details->section_name, text_name, sizeof(text_name)) == 0 && + text_base == 0) { + + text_base = details->vm_address; + text_limit = details->vm_address + details->size; + OKF("> text_addr: 0x%016" G_GINT64_MODIFIER "X", text_base); + OKF("> text_limit: 0x%016" G_GINT64_MODIFIER "X", text_limit); + + } + + return TRUE; + +} + +void lib_init(void) { + + GumDarwinModule *module = NULL; + gum_darwin_enumerate_modules(mach_task_self(), lib_get_main_module, &module); + gum_darwin_module_enumerate_sections(module, lib_get_text_section, NULL); + +} + +guint64 lib_get_text_base(void) { + + if (text_base == 0) FATAL("Lib not initialized"); + return text_base; + +} + +guint64 lib_get_text_limit(void) { + + if (text_limit == 0) FATAL("Lib not initialized"); + return text_limit; + +} + +#endif + diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 7505c2f9..e031dbed 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -10,13 +10,19 @@ #endif #include "frida-gum.h" + #include "config.h" #include "debug.h" -#include "interceptor.h" +#include "entry.h" #include "instrument.h" +#include "interceptor.h" +#include "lib.h" +#include "persistent.h" #include "prefetch.h" #include "ranges.h" +#include "stalker.h" +#include "util.h" #ifdef __APPLE__ extern mach_port_t mach_task_self(); @@ -30,16 +36,11 @@ extern int __libc_start_main(int *(main)(int, char **, char **), int argc, typedef int *(*main_fn_t)(int argc, char **argv, char **envp); -static main_fn_t main_fn = NULL; -static GumStalker * stalker = NULL; -static GumMemoryRange code_range = {0}; +static main_fn_t main_fn = NULL; -extern void __afl_manual_init(); -extern __thread uint64_t previous_pc; +static int on_fork(void) { -static int on_fork() { - - prefetch_read(stalker); + prefetch_read(); return fork(); } @@ -47,11 +48,17 @@ static int on_fork() { #ifdef __APPLE__ static void on_main_os(int argc, char **argv, char **envp) { + UNUSED_PARAMETER(argc); + UNUSED_PARAMETER(argv); + UNUSED_PARAMETER(envp); + } #else static void on_main_os(int argc, char **argv, char **envp) { + UNUSED_PARAMETER(argc); + /* Personality doesn't affect the current process, it only takes effect on * evec */ int persona = personality(ADDR_NO_RANDOMIZE); @@ -70,37 +77,43 @@ static void on_main_os(int argc, char **argv, char **envp) { static int *on_main(int argc, char **argv, char **envp) { + void *fork_addr; + on_main_os(argc, argv, envp); - stalker = gum_stalker_new(); - if (stalker == NULL) { FATAL("Failed to initialize stalker"); } + unintercept_self(); - gum_stalker_set_trust_threshold(stalker, 0); - - GumStalkerTransformer *transformer = - gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + stalker_init(); + lib_init(); + entry_init(); instrument_init(); + persistent_init(); prefetch_init(); - ranges_init(stalker); + ranges_init(); - intercept(fork, on_fork, stalker); + fork_addr = GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); + intercept(fork_addr, on_fork, NULL); - gum_stalker_follow_me(stalker, transformer, NULL); - gum_stalker_deactivate(stalker); + stalker_start(); + entry_run(); - __afl_manual_init(); - - /* Child here */ - previous_pc = 0; - prefetch_start(stalker); - main_fn(argc, argv, envp); - _exit(0); + return main_fn(argc, argv, envp); } -#ifdef __APPLE__ -static void intercept_main() { +#if defined(EMBEDDED) +extern int *main(int argc, char **argv, char **envp); + +static void intercept_main(void) { + + main_fn = main; + intercept(main, on_main, NULL); + +} + +#elif defined(__APPLE__) +static void intercept_main(void) { mach_port_t task = mach_task_self(); OKF("Task Id: %u", task); @@ -119,13 +132,14 @@ static int on_libc_start_main(int *(main)(int, char **, char **), int argc, void(*stack_end)) { main_fn = main; + unintercept_self(); intercept(main, on_main, NULL); return __libc_start_main(main, argc, ubp_av, init, fini, rtld_fini, stack_end); } -static void intercept_main() { +static void intercept_main(void) { intercept(__libc_start_main, on_libc_start_main, NULL); @@ -133,7 +147,7 @@ static void intercept_main() { #endif -__attribute__((constructor)) static void init() { +__attribute__((constructor)) static void init(void) { gum_init_embedded(); if (!gum_stalker_is_supported()) { diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c new file mode 100644 index 00000000..918ff153 --- /dev/null +++ b/frida_mode/src/persistent/persistent.c @@ -0,0 +1,65 @@ +#include + +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "persistent.h" +#include "util.h" + +int __afl_sharedmem_fuzzing = 0; +afl_persistent_hook_fn hook = NULL; +guint64 persistent_start = 0; +guint64 persistent_count = 0; + +void persistent_init(void) { + + char *hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK"); + + persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); + persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); + + if (persistent_count != 0 && persistent_start == 0) + FATAL( + "AFL_FRIDA_PERSISTENT_ADDR must be specified if " + "AFL_FRIDA_PERSISTENT_CNT is"); + + if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; + + if (persistent_count != 0 && persistent_count < 100) + WARNF("Persistent count out of recommended range (<100)"); + + if (persistent_start != 0 && !persistent_is_supported()) + FATAL("Persistent mode not supported on this architecture"); + + OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)", + persistent_start == 0 ? ' ' : 'X', persistent_start); + OKF("Instrumentation - persistent count [%c] (%" G_GINT64_MODIFIER "d)", + persistent_start == 0 ? ' ' : 'X', persistent_count); + OKF("Instrumentation - hook [%s]", hook_name); + + if (hook_name != NULL) { + + void *hook_obj = dlopen(hook_name, RTLD_NOW); + if (hook_obj == NULL) + FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name); + + int (*afl_persistent_hook_init_ptr)(void) = + dlsym(hook_obj, "afl_persistent_hook_init"); + if (afl_persistent_hook_init_ptr == NULL) + FATAL("Failed to find afl_persistent_hook_init in %s", hook_name); + + if (afl_persistent_hook_init_ptr() == 0) + FATAL("afl_persistent_hook_init returned a failure"); + + hook = (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook"); + if (hook == NULL) + FATAL("Failed to find afl_persistent_hook in %s", hook_name); + + __afl_sharedmem_fuzzing = 1; + + } + +} + diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c new file mode 100644 index 00000000..bc021ff3 --- /dev/null +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -0,0 +1,72 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "persistent.h" +#include "util.h" + +#if defined(__arm__) + +struct arm_regs { + + uint32_t r0, r1, r2, r3, r4, r5, r6, r7, r8, r9, r10; + + union { + + uint32_t r11; + uint32_t fp; + + }; + + union { + + uint32_t r12; + uint32_t ip; + + }; + + union { + + uint32_t r13; + uint32_t sp; + + }; + + union { + + uint32_t r14; + uint32_t lr; + + }; + + union { + + uint32_t r15; + uint32_t pc; + + }; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16]; + uint32_t vfp_xregs[16]; + +}; + +typedef struct arm_regs arch_api_regs; + +gboolean persistent_is_supported(void) { + + return false; + +} + +void persistent_prologue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c new file mode 100644 index 00000000..c198da69 --- /dev/null +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -0,0 +1,115 @@ +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" + +#include "instrument.h" +#include "util.h" + +#if defined(__aarch64__) + +struct arm64_regs { + + uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; + + union { + + uint64_t x11; + uint32_t fp_32; + + }; + + union { + + uint64_t x12; + uint32_t ip_32; + + }; + + union { + + uint64_t x13; + uint32_t sp_32; + + }; + + union { + + uint64_t x14; + uint32_t lr_32; + + }; + + union { + + uint64_t x15; + uint32_t pc_32; + + }; + + union { + + uint64_t x16; + uint64_t ip0; + + }; + + union { + + uint64_t x17; + uint64_t ip1; + + }; + + uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; + + union { + + uint64_t x29; + uint64_t fp; + + }; + + union { + + uint64_t x30; + uint64_t lr; + + }; + + union { + + uint64_t x31; + uint64_t sp; + + }; + + // the zero register is not saved here ofc + + uint64_t pc; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16 * 16]; + uint8_t vfp_pregs[17][32]; + uint32_t vfp_xregs[16]; + +}; + +typedef struct arm64_regs arch_api_regs; + +gboolean persistent_is_supported(void) { + + return false; + +} + +void persistent_prologue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c new file mode 100644 index 00000000..49f1988c --- /dev/null +++ b/frida_mode/src/persistent/persistent_x64.c @@ -0,0 +1,342 @@ +#include "frida-gum.h" + +#include "config.h" + +#include "instrument.h" +#include "persistent.h" + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +typedef struct x86_64_regs arch_api_regs; + +static arch_api_regs saved_regs = {0}; +static void * saved_return = NULL; + +gboolean persistent_is_supported(void) { + + return true; + +} + +static void instrument_persitent_save_regs(GumX86Writer * cw, + struct x86_64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + /* Should be pushing FPU here, but meh */ + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 1), + GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 2), + GUM_REG_RCX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 3), + GUM_REG_RDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 4), + GUM_REG_RDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 5), + GUM_REG_RSI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 6), + GUM_REG_RBP); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 7), + GUM_REG_R8); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 8), + GUM_REG_R9); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 9), + GUM_REG_R10); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 10), + GUM_REG_R11); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 11), + GUM_REG_R12); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 12), + GUM_REG_R13); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 13), + GUM_REG_R14); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 14), + GUM_REG_R15); + + /* Store RIP */ + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX, + GUM_ADDRESS(persistent_start)); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 15), + GUM_REG_RBX); + + /* Store adjusted RSP */ + gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP); + + /* RED_ZONE + Saved flags, RAX, alignment */ + gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, + GUM_RED_ZONE_SIZE + (0x8 * 3)); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 16), + GUM_REG_RBX); + + /* Save the flags */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 17), + GUM_REG_RBX); + + /* Save the RAX */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 0), + GUM_REG_RBX); + + /* Pop the saved values */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void instrument_persitent_restore_regs(GumX86Writer * cw, + struct x86_64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX, + (0x8 * 2)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX, + (0x8 * 3)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX, + (0x8 * 4)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX, + (0x8 * 5)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX, + (0x8 * 6)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX, + (0x8 * 7)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX, + (0x8 * 8)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX, + (0x8 * 9)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX, + (0x8 * 10)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX, + (0x8 * 11)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX, + (0x8 * 12)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX, + (0x8 * 13)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, + (0x8 * 14)); + + /* Don't restore RIP or RSP */ + + /* Restore RBX, RAX & Flags */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + (0x8 * 1)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + (0x8 * 0)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, + (0x8 * 17)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_popfx(cw); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, + GUM_RED_ZONE_SIZE + 0x10); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + /* Place holder for ret */ + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE); + +} + +static int instrument_afl_persistent_loop_func(void) { + + int ret = __afl_persistent_loop(persistent_count); + previous_pc = 0; + return ret; + +} + +static void instrument_afl_persistent_loop(GumX86Writer *cw) { + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); + gum_x86_writer_put_test_reg_reg(cw, GUM_REG_RAX, GUM_REG_RAX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +static void persistent_prologue_hook(GumX86Writer * cw, + struct x86_64_regs *regs) { + + if (hook == NULL) return; + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RCX, + GUM_ADDRESS(&__afl_fuzz_len)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); + gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); + gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RCX, GUM_REG_RDI); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); + + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, + GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, + GUM_REG_RDX, GUM_ARG_REGISTER, GUM_REG_RCX); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + +void persistent_prologue(GumStalkerOutput *output) { + + /* + * SAVE REGS + * SAVE RET + * POP RET + * loop: + * CALL instrument_afl_persistent_loop + * TEST EAX, EAX + * JZ end: + * call hook (optionally) + * RESTORE REGS + * call original + * jmp loop: + * + * end: + * JMP SAVED RET + * + * original: + * INSTRUMENTED PERSISTENT FUNC + */ + + GumX86Writer *cw = output->writer.x86; + + gconstpointer loop = cw->code + 1; + // gum_x86_writer_put_breakpoint(cw); + + /* Stack must be 16-byte aligned per ABI */ + instrument_persitent_save_regs(cw, &saved_regs); + + /* Stash and pop the return value */ + instrument_save_ret(cw, &saved_return); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8)); + + /* loop: */ + gum_x86_writer_put_label(cw, loop); + + /* call instrument_prologue_func */ + instrument_afl_persistent_loop(cw); + + /* jz done */ + gconstpointer done = cw->code + 1; + gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, done, GUM_UNLIKELY); + + /* Optionally call the persistent hook */ + persistent_prologue_hook(cw, &saved_regs); + + instrument_persitent_restore_regs(cw, &saved_regs); + gconstpointer original = cw->code + 1; + /* call original */ + gum_x86_writer_put_call_near_label(cw, original); + /* jmp loop */ + gum_x86_writer_put_jmp_near_label(cw, loop); + + /* done: */ + gum_x86_writer_put_label(cw, done); + + instrument_jump_ret(cw, &saved_return); + + /* original: */ + gum_x86_writer_put_label(cw, original); + + gum_x86_writer_flush(cw); + +} + +#endif + diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c new file mode 100644 index 00000000..9d39c4e9 --- /dev/null +++ b/frida_mode/src/persistent/persistent_x86.c @@ -0,0 +1,55 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "persistent.h" +#include "util.h" + +#if defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +typedef struct x86_regs arch_api_regs; + +gboolean persistent_is_supported(void) { + + return false; + +} + +void persistent_prologue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 64633c1c..65c09fba 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -3,9 +3,12 @@ #include #include "frida-gum.h" -#include "prefetch.h" + #include "debug.h" +#include "prefetch.h" +#include "stalker.h" + #define TRUST 0 #define PREFETCH_SIZE 65536 #define PREFETCH_ENTRIES ((PREFETCH_SIZE - sizeof(size_t)) / sizeof(void *)) @@ -49,8 +52,9 @@ void prefetch_write(void *addr) { /* * Read the IPC region one block at the time and prefetch it */ -void prefetch_read(GumStalker *stalker) { +void prefetch_read(void) { + GumStalker *stalker = stalker_get(); if (prefetch_data == NULL) return; for (size_t i = 0; i < prefetch_data->count; i++) { @@ -68,7 +72,7 @@ void prefetch_read(GumStalker *stalker) { } -void prefetch_init() { +void prefetch_init(void) { g_assert_cmpint(sizeof(prefetch_data_t), ==, PREFETCH_SIZE); gboolean prefetch = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); @@ -106,16 +110,3 @@ void prefetch_init() { } -__attribute__((noinline)) static void prefetch_activation() { - - asm volatile(""); - -} - -void prefetch_start(GumStalker *stalker) { - - gum_stalker_activate(stalker, prefetch_activation); - prefetch_activation(); - -} - diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index 49ef5a62..e3f09f9e 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -1,9 +1,12 @@ -// 0x123-0x321 -// module.so +#include "frida-gum.h" -#include "ranges.h" #include "debug.h" +#include "lib.h" +#include "ranges.h" +#include "stalker.h" +#include "util.h" + #define MAX_RANGES 20 typedef struct { @@ -14,15 +17,11 @@ typedef struct { } convert_name_ctx_t; -typedef struct { - - GumStalker *stalker; - GArray * array; - -} include_range_ctx_t; - -GArray * ranges = NULL; -gboolean exclude_ranges = false; +GArray *module_ranges = NULL; +GArray *libs_ranges = NULL; +GArray *include_ranges = NULL; +GArray *exclude_ranges = NULL; +GArray *ranges = NULL; static void convert_address_token(gchar *token, GumMemoryRange *range) { @@ -159,90 +158,6 @@ static void convert_token(gchar *token, GumMemoryRange *range) { } -static gboolean include_ranges(const GumRangeDetails *details, - gpointer user_data) { - - include_range_ctx_t *ctx = (include_range_ctx_t *)user_data; - GArray * array = (GArray *)ctx->array; - GumAddress base = details->range->base_address; - GumAddress limit = details->range->base_address + details->range->size; - - OKF("Range for inclusion 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x", - base, limit); - - for (int i = 0; i < array->len; i++) { - - GumMemoryRange *range = &g_array_index(array, GumMemoryRange, i); - GumAddress range_base = range->base_address; - GumAddress range_limit = range->base_address + range->size; - - /* Before the region */ - if (range_limit < base) { continue; } - - /* After the region */ - if (range_base > limit) { - - GumMemoryRange exclude = {.base_address = base, .size = limit - base}; - OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER - "x", - base, limit); - gum_stalker_exclude(ctx->stalker, &exclude); - return true; - - } - - /* Overlap the start of the region */ - if (range_base < base) { - - /* Range contains the region */ - if (range_limit > limit) { - - return true; - - } else { - - base = range_limit; - continue; - - } - - /* Overlap the end of the region */ - - } else { - - GumMemoryRange exclude = {.base_address = base, - .size = range_base - base}; - OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER - "x", - base, range_base); - gum_stalker_exclude(ctx->stalker, &exclude); - /* Extend past the end of the region */ - if (range_limit >= limit) { - - return true; - - /* Contained within the region */ - - } else { - - base = range_limit; - continue; - - } - - } - - } - - GumMemoryRange exclude = {.base_address = base, .size = limit - base}; - OKF("\t Excluding 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "x", - base, limit); - gum_stalker_exclude(ctx->stalker, &exclude); - return true; - -} - gint range_sort(gconstpointer a, gconstpointer b) { return ((GumMemoryRange *)a)->base_address - @@ -250,9 +165,10 @@ gint range_sort(gconstpointer a, gconstpointer b) { } -static gboolean print_ranges(const GumRangeDetails *details, - gpointer user_data) { +static gboolean print_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { + UNUSED_PARAMETER(user_data); if (details->file == NULL) { OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER "X", @@ -273,62 +189,75 @@ static gboolean print_ranges(const GumRangeDetails *details, } -void ranges_init(GumStalker *stalker) { +static void print_ranges(char *key, GArray *ranges) { - char * showmaps; - char * include; - char * exclude; - char * list; + OKF("Range: %s Length: %d", key, ranges->len); + for (guint i = 0; i < ranges->len; i++) { + + GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumAddress curr_limit = curr->base_address + curr->size; + OKF("Range: %s Idx: %3d - 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x", + key, i, curr->base_address, curr_limit); + + } + +} + +static gboolean collect_module_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { + + GArray * ranges = (GArray *)user_data; + GumMemoryRange range = *details->range; + g_array_append_val(ranges, range); + return TRUE; + +} + +static GArray *collect_module_ranges(void) { + + GArray *result; + result = g_array_new(false, false, sizeof(GumMemoryRange)); + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, + collect_module_ranges_callback, result); + print_ranges("Modules", result); + return result; + +} + +static GArray *collect_ranges(char *env_key) { + + char * env_val; gchar ** tokens; int token_count; GumMemoryRange range; + int i; + GArray * result; - int i; + result = g_array_new(false, false, sizeof(GumMemoryRange)); - showmaps = getenv("AFL_FRIDA_DEBUG_MAPS"); - include = getenv("AFL_FRIDA_INST_RANGES"); - exclude = getenv("AFL_FRIDA_EXCLUDE_RANGES"); + env_val = getenv(env_key); + if (env_val == NULL) return result; - if (showmaps) { - - gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges, NULL); - - } - - if (include != NULL && exclude != NULL) { - - FATAL( - "Cannot specifify both AFL_FRIDA_INST_RANGES and " - "AFL_FRIDA_EXCLUDE_RANGES"); - - } - - if (include == NULL && exclude == NULL) { return; } - - list = include == NULL ? exclude : include; - exclude_ranges = include == NULL ? true : false; - - tokens = g_strsplit(list, ",", MAX_RANGES); + tokens = g_strsplit(env_val, ",", MAX_RANGES); for (token_count = 0; tokens[token_count] != NULL; token_count++) ; - ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), token_count); - for (i = 0; i < token_count; i++) { convert_token(tokens[i], &range); - g_array_append_val(ranges, range); + g_array_append_val(result, range); } - g_array_sort(ranges, range_sort); + g_array_sort(result, range_sort); /* Check for overlaps */ for (i = 1; i < token_count; i++) { - GumMemoryRange *prev = &g_array_index(ranges, GumMemoryRange, i - 1); - GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); + GumMemoryRange *prev = &g_array_index(result, GumMemoryRange, i - 1); + GumMemoryRange *curr = &g_array_index(result, GumMemoryRange, i); GumAddress prev_limit = prev->base_address + prev->size; GumAddress curr_limit = curr->base_address + curr->size; if (prev_limit > curr->base_address) { @@ -342,53 +271,304 @@ void ranges_init(GumStalker *stalker) { } - for (i = 0; i < token_count; i++) { + print_ranges(env_key, result); - GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); - GumAddress curr_limit = curr->base_address + curr->size; - OKF("Range %3d - 0x%016" G_GINT64_MODIFIER "x-0x%016" G_GINT64_MODIFIER "x", - i, curr->base_address, curr_limit); + g_strfreev(tokens); - } + return result; - if (include == NULL) { +} - for (i = 0; i < token_count; i++) { +static GArray *collect_libs_ranges(void) { - gum_stalker_exclude(stalker, &g_array_index(ranges, GumMemoryRange, i)); + GArray * result; + GumMemoryRange range; + result = g_array_new(false, false, sizeof(GumMemoryRange)); - } + if (getenv("AFL_INST_LIBS") == NULL) { + + range.base_address = lib_get_text_base(); + range.size = lib_get_text_limit() - lib_get_text_base(); } else { - include_range_ctx_t ctx = {.stalker = stalker, .array = ranges}; - gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, include_ranges, &ctx); + range.base_address = 0; + range.size = G_MAXULONG; } - g_strfreev(tokens); + g_array_append_val(result, range); + + print_ranges("AFL_INST_LIBS", result); + + return result; + +} + +static gboolean intersect_range(GumMemoryRange *rr, GumMemoryRange *ra, + GumMemoryRange *rb) { + + GumAddress rab = ra->base_address; + GumAddress ral = rab + ra->size; + + GumAddress rbb = rb->base_address; + GumAddress rbl = rbb + rb->size; + + GumAddress rrb = 0; + GumAddress rrl = 0; + + rr->base_address = 0; + rr->size = 0; + + /* ra is before rb */ + if (ral < rbb) { return false; } + + /* ra is after rb */ + if (rab > rbl) { return true; } + + /* The largest of the two base addresses */ + rrb = rab > rbb ? rab : rbb; + + /* The smallest of the two limits */ + rrl = ral < rbl ? ral : rbl; + + rr->base_address = rrb; + rr->size = rrl - rrb; + return true; + +} + +static GArray *intersect_ranges(GArray *a, GArray *b) { + + GArray * result; + GumMemoryRange *ra; + GumMemoryRange *rb; + GumMemoryRange ri; + + result = g_array_new(false, false, sizeof(GumMemoryRange)); + + for (guint i = 0; i < a->len; i++) { + + ra = &g_array_index(a, GumMemoryRange, i); + for (guint j = 0; j < b->len; j++) { + + rb = &g_array_index(b, GumMemoryRange, j); + + if (!intersect_range(&ri, ra, rb)) { break; } + + if (ri.size == 0) { continue; } + + g_array_append_val(result, ri); + + } + + } + + return result; + +} + +static GArray *subtract_ranges(GArray *a, GArray *b) { + + GArray * result; + GumMemoryRange *ra; + GumAddress ral; + GumMemoryRange *rb; + GumMemoryRange ri; + GumMemoryRange rs; + + result = g_array_new(false, false, sizeof(GumMemoryRange)); + + for (guint i = 0; i < a->len; i++) { + + ra = &g_array_index(a, GumMemoryRange, i); + ral = ra->base_address + ra->size; + for (guint j = 0; j < b->len; j++) { + + rb = &g_array_index(b, GumMemoryRange, j); + + /* + * If rb is after ra, we have no more possible intersections and we can + * simply keep the remaining range + */ + if (!intersect_range(&ri, ra, rb)) { break; } + + /* + * If there is no intersection, then rb must be before ra, so we must + * continue + */ + if (ri.size == 0) { continue; } + + /* + * If the intersection is part way through the range, then we keep the + * start of the range + */ + if (ra->base_address < ri.base_address) { + + rs.base_address = ra->base_address; + rs.size = ri.base_address - ra->base_address; + g_array_append_val(result, rs); + + } + + /* + * If the intersection extends past the limit of the range, then we should + * continue with the next range + */ + if ((ri.base_address + ri.size) > ral) { + + ra->base_address = ral; + ra->size = 0; + break; + + } + + /* + * Otherwise we advance the base of the range to the end of the + * intersection and continue with the remainder of the range + */ + ra->base_address = ri.base_address + ri.size; + ra->size = ral - ra->base_address; + + } + + /* + * When we have processed all the possible intersections, we add what is + * left + */ + if (ra->size != 0) g_array_append_val(result, *ra); + + } + + return result; + +} + +static GArray *merge_ranges(GArray *a) { + + GArray * result; + GumMemoryRange rp; + GumMemoryRange *r; + + result = g_array_new(false, false, sizeof(GumMemoryRange)); + if (a->len == 0) return result; + + rp = g_array_index(a, GumMemoryRange, 0); + + for (guint i = 1; i < a->len; i++) { + + r = &g_array_index(a, GumMemoryRange, i); + + if (rp.base_address + rp.size == r->base_address) { + + rp.size += r->size; + + } else { + + g_array_append_val(result, rp); + rp.base_address = r->base_address; + rp.size = r->size; + continue; + + } + + } + + g_array_append_val(result, rp); + + return result; + +} + +void ranges_init(void) { + + GumMemoryRange ri; + GArray * step1; + GArray * step2; + GArray * step3; + GArray * step4; + GumMemoryRange *r; + GumStalker * stalker; + + if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { + + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, + NULL); + + } + + module_ranges = collect_module_ranges(); + libs_ranges = collect_libs_ranges(); + include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); + + /* If include ranges is empty, then assume everything is included */ + if (include_ranges->len == 0) { + + ri.base_address = 0; + ri.size = G_MAXULONG; + g_array_append_val(include_ranges, ri); + + } + + exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); + + /* Intersect with .text section of main executable unless AFL_INST_LIBS */ + step1 = intersect_ranges(module_ranges, libs_ranges); + print_ranges("step1", step1); + + /* Intersect with AFL_FRIDA_INST_RANGES */ + step2 = intersect_ranges(step1, include_ranges); + print_ranges("step2", step2); + + /* Subtract AFL_FRIDA_EXCLUDE_RANGES */ + step3 = subtract_ranges(step2, exclude_ranges); + print_ranges("step3", step3); + + /* + * After step3, we have the total ranges to be instrumented, we now subtract + * that from the original ranges of the modules to configure stalker. + */ + + step4 = subtract_ranges(module_ranges, step3); + print_ranges("step4", step4); + + ranges = merge_ranges(step4); + print_ranges("final", ranges); + + stalker = stalker_get(); + + for (guint i = 0; i < ranges->len; i++) { + + r = &g_array_index(ranges, GumMemoryRange, i); + gum_stalker_exclude(stalker, r); + + } + + g_array_free(step4, TRUE); + g_array_free(step3, TRUE); + g_array_free(step2, TRUE); + g_array_free(step1, TRUE); } gboolean range_is_excluded(gpointer address) { - int i; GumAddress test = GUM_ADDRESS(address); if (ranges == NULL) { return false; } - for (i = 0; i < ranges->len; i++) { + for (guint i = 0; i < ranges->len; i++) { GumMemoryRange *curr = &g_array_index(ranges, GumMemoryRange, i); GumAddress curr_limit = curr->base_address + curr->size; - if (test < curr->base_address) { return !exclude_ranges; } + if (test < curr->base_address) { return false; } - if (test < curr_limit) { return exclude_ranges; } + if (test < curr_limit) { return true; } } - return !exclude_ranges; + return false; } diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c new file mode 100644 index 00000000..81973e9c --- /dev/null +++ b/frida_mode/src/stalker.c @@ -0,0 +1,30 @@ +#include "debug.h" + +#include "instrument.h" +#include "stalker.h" + +static GumStalker *stalker = NULL; + +void stalker_init(void) { + + stalker = gum_stalker_new(); + if (stalker == NULL) { FATAL("Failed to initialize stalker"); } + + gum_stalker_set_trust_threshold(stalker, 0); + +} + +GumStalker *stalker_get(void) { + + if (stalker == NULL) { FATAL("Stalker uninitialized"); } + return stalker; + +} + +void stalker_start(void) { + + GumStalkerTransformer *transformer = instrument_get_transformer(); + gum_stalker_follow_me(stalker, transformer, NULL); + +} + diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c new file mode 100644 index 00000000..86b94970 --- /dev/null +++ b/frida_mode/src/util.c @@ -0,0 +1,67 @@ +#include "util.h" + +#include "debug.h" + +guint64 util_read_address(char *key) { + + char *value_str = getenv(key); + + if (value_str == NULL) { return 0; } + + if (!g_str_has_prefix(value_str, "0x")) { + + FATAL("Invalid address should have 0x prefix: %s\n", value_str); + + } + + char *value_str2 = &value_str[2]; + + for (char *c = value_str2; *c != '\0'; c++) { + + if (!g_ascii_isxdigit(*c)) { + + FATAL("Invalid address not formed of hex digits: %s ('%c')\n", value_str, + *c); + + } + + } + + guint64 value = g_ascii_strtoull(value_str2, NULL, 16); + if (value == 0) { + + FATAL("Invalid address failed hex conversion: %s\n", value_str2); + + } + + return value; + +} + +guint64 util_read_num(char *key) { + + char *value_str = getenv(key); + + if (value_str == NULL) { return 0; } + + for (char *c = value_str; *c != '\0'; c++) { + + if (!g_ascii_isdigit(*c)) { + + FATAL("Invalid address not formed of decimal digits: %s\n", value_str); + + } + + } + + guint64 value = g_ascii_strtoull(value_str, NULL, 10); + if (value == 0) { + + FATAL("Invalid address failed numeric conversion: %s\n", value_str); + + } + + return value; + +} + diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile new file mode 100644 index 00000000..c203fc5e --- /dev/null +++ b/frida_mode/test/cmplog/GNUmakefile @@ -0,0 +1,66 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../)/ +BUILD_DIR:=$(PWD)build/ + +TEST_CMPLOG_DIR:=$(ROOT)qemu_mode/libcompcov/ +TEST_CMPLOG_OBJ=$(TEST_CMPLOG_DIR)compcovtest + +TEST_BIN:=$(PWD)../../build/test + + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +CMP_LOG_INPUT:=$(TEST_DATA_DIR)in +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(CMP_LOG_INPUT): | $(TEST_DATA_DIR) + truncate -s 64 $@ + +$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc + make -C $(TEST_CMPLOG_DIR) compcovtest + +qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -c 0 \ + -l 3AT \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + +frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -c 0 \ + -l 3AT \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + +clean: + rm -rf $(BUILD_DIR) \ No newline at end of file diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/cmplog/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr.py b/frida_mode/test/cmplog/get_section_addrs.py similarity index 100% rename from frida_mode/test/testinstr.py rename to frida_mode/test/cmplog/get_section_addrs.py diff --git a/frida_mode/test/entry_point/GNUmakefile b/frida_mode/test/entry_point/GNUmakefile new file mode 100644 index 00000000..891827eb --- /dev/null +++ b/frida_mode/test/entry_point/GNUmakefile @@ -0,0 +1,61 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) +endif + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_entry: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_ENTRYPOINT=$(AFL_ENTRYPOINT) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/entry_point/Makefile b/frida_mode/test/entry_point/Makefile new file mode 100644 index 00000000..3b41b94e --- /dev/null +++ b/frida_mode/test/entry_point/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +frida_entry: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c new file mode 100644 index 00000000..a6c655f9 --- /dev/null +++ b/frida_mode/test/entry_point/testinstr.c @@ -0,0 +1,119 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + usleep(100000); +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return run(argv[1]); + +} + diff --git a/frida_mode/test/exe/GNUmakefile b/frida_mode/test/exe/GNUmakefile new file mode 100644 index 00000000..c543cca8 --- /dev/null +++ b/frida_mode/test/exe/GNUmakefile @@ -0,0 +1,50 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< -no-pie + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/exe/Makefile b/frida_mode/test/exe/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/exe/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr.c b/frida_mode/test/exe/testinstr.c similarity index 95% rename from frida_mode/test/testinstr.c rename to frida_mode/test/exe/testinstr.c index 37d47f91..5e26fc46 100644 --- a/frida_mode/test/testinstr.c +++ b/frida_mode/test/exe/testinstr.c @@ -22,7 +22,7 @@ #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) #endif -TESTINSTR_SECTION void testinstr(char *buf, int len) { +void testinstr(char *buf, int len) { if (len < 1) return; buf[len] = 0; @@ -37,7 +37,7 @@ TESTINSTR_SECTION void testinstr(char *buf, int len) { } -int main(int argc, char **argv) { +TESTINSTR_SECTION int main(int argc, char **argv) { char * file; int fd = -1; diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile new file mode 100644 index 00000000..515728c4 --- /dev/null +++ b/frida_mode/test/png/GNUmakefile @@ -0,0 +1,109 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +LIBPNG_BUILD_DIR:=$(BUILD_DIR)libpng/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PNGTEST_BUILD_DIR:=$(BUILD_DIR)pngtest/ + +LIBPNG_FILE:=$(LIBPNG_BUILD_DIR)libpng-1.2.56.tar.gz +LIBPNG_URL:=https://downloads.sourceforge.net/project/libpng/libpng12/older-releases/1.2.56/libpng-1.2.56.tar.gz +LIBPNG_DIR:=$(LIBPNG_BUILD_DIR)libpng-1.2.56/ +LIBPNG_MAKEFILE:=$(LIBPNG_DIR)Makefile +LIBPNG_LIB:=$(LIBPNG_DIR).libs/libpng12.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +PNGTEST_FILE:=$(PNGTEST_BUILD_DIR)target.cc +PNGTEST_OBJ:=$(PNGTEST_BUILD_DIR)target.o +PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpng-1.2.56/target.cc" + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(LIBPNG_DIR)contrib/pngsuite/ + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) -o $@ -c $< + +######### PNGTEST ######## + +$(PNGTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PNGTEST_FILE): | $(PNGTEST_BUILD_DIR) + wget -O $@ $(PNGTEST_URL) + +$(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) + $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< + +######### LIBPNG ######## + +$(LIBPNG_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPNG_FILE): | $(LIBPNG_BUILD_DIR) + wget -O $@ $(LIBPNG_URL) + +$(LIBPNG_DIR): $(LIBPNG_FILE) + tar zxvf $(LIBPNG_FILE) -C $(LIBPNG_BUILD_DIR) + +$(LIBPNG_MAKEFILE): | $(LIBPNG_DIR) + cd $(LIBPNG_DIR) && ./configure + +$(LIBPNG_LIB): $(LIBPNG_MAKEFILE) + make -C $(LIBPNG_DIR) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) + $(CXX) \ + -o $@ \ + $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ + -lz \ + $(TEST_BIN_LDFLAGS) \ + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida: $(TEST_BIN) + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/png/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile new file mode 100644 index 00000000..531f9bce --- /dev/null +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -0,0 +1,79 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../..)/ +BUILD_DIR:=$(PWD)build/ + +TEST_BIN:=$(PWD)../build/test +TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000555555554000) +endif + +.PHONY: all clean qemu qemu_entry frida frida_entry + +all: + make -C $(ROOT)frida_mode/test/png/ + +$(BUILD_DIR): + mkdir -p $@ + +qemu: | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +qemu_entry: | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida: | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +frida_entry: | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) @@ + +clean: + rm -rf $(BUILD_DIR) \ No newline at end of file diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile new file mode 100644 index 00000000..5fde63c2 --- /dev/null +++ b/frida_mode/test/png/persistent/Makefile @@ -0,0 +1,18 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +qemu_entry: + @gmake qemu_entry + +frida: + @gmake frida + +frida_entry: + @gmake frida_entry \ No newline at end of file diff --git a/frida_mode/test/png/persistent/get_symbol_addr.py b/frida_mode/test/png/persistent/get_symbol_addr.py new file mode 100755 index 00000000..6458c212 --- /dev/null +++ b/frida_mode/test/png/persistent/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) \ No newline at end of file diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile new file mode 100644 index 00000000..4f55fe98 --- /dev/null +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -0,0 +1,98 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_DIR=$(ROOT)utils/aflpp_driver/ +AFLPP_DRIVER_HOOK_OBJ=$(AFLPP_DRIVER_HOOK_DIR)aflpp_qemu_driver_hook.so + +TEST_BIN:=$(PWD)../../build/test +TEST_DATA_DIR:=../../build/libpng/libpng-1.2.56/contrib/pngsuite/ + +AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +.PHONY: all clean qemu qemu_entry frida frida_entry + +all: + make -C $(ROOT)frida_mode/test/png/persistent/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) + truncate -s 1M $@ + +$(AFLPP_DRIVER_HOOK_OBJ): | $(AFLPP_DRIVER_HOOK_DIR) + make -C $(AFLPP_DRIVER_HOOK_DIR) + +qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)/afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)/afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + + +frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +clean: + rm -rf $(BUILD_DIR) + diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile new file mode 100644 index 00000000..5fde63c2 --- /dev/null +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -0,0 +1,18 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +qemu_entry: + @gmake qemu_entry + +frida: + @gmake frida + +frida_entry: + @gmake frida_entry \ No newline at end of file diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile new file mode 100644 index 00000000..4addbad8 --- /dev/null +++ b/frida_mode/test/testinstr/GNUmakefile @@ -0,0 +1,50 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ \ No newline at end of file diff --git a/frida_mode/test/testinstr/Makefile b/frida_mode/test/testinstr/Makefile new file mode 100644 index 00000000..f322d1f5 --- /dev/null +++ b/frida_mode/test/testinstr/Makefile @@ -0,0 +1,12 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida \ No newline at end of file diff --git a/frida_mode/test/testinstr/testinstr.c b/frida_mode/test/testinstr/testinstr.c new file mode 100644 index 00000000..5e26fc46 --- /dev/null +++ b/frida_mode/test/testinstr/testinstr.c @@ -0,0 +1,112 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/frida_mode/update_frida_version.sh b/frida_mode/update_frida_version.sh new file mode 100755 index 00000000..7d938712 --- /dev/null +++ b/frida_mode/update_frida_version.sh @@ -0,0 +1,13 @@ +#!/bin/sh +test -n "$1" && { echo This script has no options. It updates the referenced Frida version in GNUmakefile to the most current one. ; exit 1 ; } + +OLD=$(egrep '^GUM_DEVKIT_VERSION=' GNUmakefile 2>/dev/null|awk -F= '{print$2}') +NEW=$(curl https://github.com/frida/frida/releases/ 2>/dev/null|egrep 'frida-gum-devkit-[0-9.]*-linux-x86_64'|head -n 1|sed 's/.*frida-gum-devkit-//'|sed 's/-linux.*//') + +echo Current set version: $OLD +echo Newest available version: $NEW + +test -z "$OLD" -o -z "$NEW" -o "$OLD" = "$NEW" && { echo Nothing to be done. ; exit 0 ; } + +sed -i "s/=$OLD/=$NEW/" GNUmakefile || exit 1 +echo Successfully updated GNUmakefile diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index f201782a..72f956b9 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -392,7 +392,7 @@ typedef struct afl_env_vars { *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_testcache_entries, *afl_kill_signal, *afl_target_env, - *afl_persistent_record; + *afl_persistent_record, *afl_exit_on_time; } afl_env_vars_t; @@ -575,7 +575,8 @@ typedef struct afl_state { last_sync_cycle, /* Cycle no. of the last sync */ last_path_time, /* Time for most recent path (ms) */ last_crash_time, /* Time for most recent crash (ms) */ - last_hang_time; /* Time for most recent hang (ms) */ + last_hang_time, /* Time for most recent hang (ms) */ + exit_on_time; /* Delay to exit if no new paths */ u32 slowest_exec_ms, /* Slowest testcase non hang in ms */ subseq_tmouts; /* Number of timeouts in a row */ @@ -1134,6 +1135,7 @@ void check_if_tty(afl_state_t *); void setup_signal_handlers(void); void save_cmdline(afl_state_t *, u32, char **); void read_foreign_testcases(afl_state_t *, int); +void write_crash_readme(afl_state_t *afl); /* CmpLog */ diff --git a/include/envs.h b/include/envs.h index ebe98257..9175005e 100644 --- a/include/envs.h +++ b/include/envs.h @@ -49,6 +49,7 @@ static char *afl_environment_variables[] = { "AFL_DUMB_FORKSRV", "AFL_ENTRYPOINT", "AFL_EXIT_WHEN_DONE", + "AFL_EXIT_ON_TIME", "AFL_EXIT_ON_SEED_ISSUES", "AFL_FAST_CAL", "AFL_FORCE_UI", @@ -59,6 +60,9 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_STRICT", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_PERSISTENT_ADDR", + "AFL_FRIDA_PERSISTENT_CNT", + "AFL_FRIDA_PERSISTENT_HOOK", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_GDB", "AFL_GCC_ALLOWLIST", diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 0937a328..cfe537d5 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -2,7 +2,7 @@ (See [../README.md](../README.md) for the general instruction manual.) - (See [README.gcc_plugon.md](../README.gcc_plugin.md) for the GCC-based instrumentation.) + (See [README.gcc_plugin.md](../README.gcc_plugin.md) for the GCC-based instrumentation.) ## 1) Introduction diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 6dd390e6..2f4337eb 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -60,15 +60,14 @@ using namespace llvm; #define DEBUG_TYPE "sancov" -static const char *const SanCovTracePCIndirName = - "__sanitizer_cov_trace_pc_indir"; -static const char *const SanCovTracePCName = "__sanitizer_cov_trace_pc"; -// static const char *const SanCovTracePCGuardName = +const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir"; +const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc"; +// const char SanCovTracePCGuardName = // "__sanitizer_cov_trace_pc_guard"; -static const char *const SanCovGuardsSectionName = "sancov_guards"; -static const char *const SanCovCountersSectionName = "sancov_cntrs"; -static const char *const SanCovBoolFlagSectionName = "sancov_bools"; -static const char *const SanCovPCsSectionName = "sancov_pcs"; +const char SanCovGuardsSectionName[] = "sancov_guards"; +const char SanCovCountersSectionName[] = "sancov_cntrs"; +const char SanCovBoolFlagSectionName[] = "sancov_bools"; +const char SanCovPCsSectionName[] = "sancov_pcs"; static cl::opt ClCoverageLevel( "lto-coverage-level", diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 09cda9e2..8878d3b1 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -52,49 +52,39 @@ using namespace llvm; #define DEBUG_TYPE "sancov" -static const char *const SanCovTracePCIndirName = - "__sanitizer_cov_trace_pc_indir"; -static const char *const SanCovTracePCName = "__sanitizer_cov_trace_pc"; -static const char *const SanCovTraceCmp1 = "__sanitizer_cov_trace_cmp1"; -static const char *const SanCovTraceCmp2 = "__sanitizer_cov_trace_cmp2"; -static const char *const SanCovTraceCmp4 = "__sanitizer_cov_trace_cmp4"; -static const char *const SanCovTraceCmp8 = "__sanitizer_cov_trace_cmp8"; -static const char *const SanCovTraceConstCmp1 = - "__sanitizer_cov_trace_const_cmp1"; -static const char *const SanCovTraceConstCmp2 = - "__sanitizer_cov_trace_const_cmp2"; -static const char *const SanCovTraceConstCmp4 = - "__sanitizer_cov_trace_const_cmp4"; -static const char *const SanCovTraceConstCmp8 = - "__sanitizer_cov_trace_const_cmp8"; -static const char *const SanCovTraceDiv4 = "__sanitizer_cov_trace_div4"; -static const char *const SanCovTraceDiv8 = "__sanitizer_cov_trace_div8"; -static const char *const SanCovTraceGep = "__sanitizer_cov_trace_gep"; -static const char *const SanCovTraceSwitchName = "__sanitizer_cov_trace_switch"; -static const char *const SanCovModuleCtorTracePcGuardName = +const char SanCovTracePCIndirName[] = "__sanitizer_cov_trace_pc_indir"; +const char SanCovTracePCName[] = "__sanitizer_cov_trace_pc"; +const char SanCovTraceCmp1[] = "__sanitizer_cov_trace_cmp1"; +const char SanCovTraceCmp2[] = "__sanitizer_cov_trace_cmp2"; +const char SanCovTraceCmp4[] = "__sanitizer_cov_trace_cmp4"; +const char SanCovTraceCmp8[] = "__sanitizer_cov_trace_cmp8"; +const char SanCovTraceConstCmp1[] = "__sanitizer_cov_trace_const_cmp1"; +const char SanCovTraceConstCmp2[] = "__sanitizer_cov_trace_const_cmp2"; +const char SanCovTraceConstCmp4[] = "__sanitizer_cov_trace_const_cmp4"; +const char SanCovTraceConstCmp8[] = "__sanitizer_cov_trace_const_cmp8"; +const char SanCovTraceDiv4[] = "__sanitizer_cov_trace_div4"; +const char SanCovTraceDiv8[] = "__sanitizer_cov_trace_div8"; +const char SanCovTraceGep[] = "__sanitizer_cov_trace_gep"; +const char SanCovTraceSwitchName[] = "__sanitizer_cov_trace_switch"; +const char SanCovModuleCtorTracePcGuardName[] = "sancov.module_ctor_trace_pc_guard"; -static const char *const SanCovModuleCtor8bitCountersName = +const char SanCovModuleCtor8bitCountersName[] = "sancov.module_ctor_8bit_counters"; -static const char *const SanCovModuleCtorBoolFlagName = - "sancov.module_ctor_bool_flag"; +const char SanCovModuleCtorBoolFlagName[] = "sancov.module_ctor_bool_flag"; static const uint64_t SanCtorAndDtorPriority = 2; -static const char *const SanCovTracePCGuardName = - "__sanitizer_cov_trace_pc_guard"; -static const char *const SanCovTracePCGuardInitName = - "__sanitizer_cov_trace_pc_guard_init"; -static const char *const SanCov8bitCountersInitName = - "__sanitizer_cov_8bit_counters_init"; -static const char *const SanCovBoolFlagInitName = - "__sanitizer_cov_bool_flag_init"; -static const char *const SanCovPCsInitName = "__sanitizer_cov_pcs_init"; +const char SanCovTracePCGuardName[] = "__sanitizer_cov_trace_pc_guard"; +const char SanCovTracePCGuardInitName[] = "__sanitizer_cov_trace_pc_guard_init"; +const char SanCov8bitCountersInitName[] = "__sanitizer_cov_8bit_counters_init"; +const char SanCovBoolFlagInitName[] = "__sanitizer_cov_bool_flag_init"; +const char SanCovPCsInitName[] = "__sanitizer_cov_pcs_init"; -static const char *const SanCovGuardsSectionName = "sancov_guards"; -static const char *const SanCovCountersSectionName = "sancov_cntrs"; -static const char *const SanCovBoolFlagSectionName = "sancov_bools"; -static const char *const SanCovPCsSectionName = "sancov_pcs"; +const char SanCovGuardsSectionName[] = "sancov_guards"; +const char SanCovCountersSectionName[] = "sancov_cntrs"; +const char SanCovBoolFlagSectionName[] = "sancov_bools"; +const char SanCovPCsSectionName[] = "sancov_pcs"; -static const char *const SanCovLowestStackName = "__sancov_lowest_stack"; +const char SanCovLowestStackName[] = "__sancov_lowest_stack"; static char *skip_nozero; @@ -320,12 +310,12 @@ std::pair ModuleSanitizerCoverage::CreateSecStartEnd( Module &M, const char *Section, Type *Ty) { GlobalVariable *SecStart = new GlobalVariable( - M, Ty->getPointerElementType(), false, GlobalVariable::ExternalLinkage, - nullptr, getSectionStart(Section)); + M, Ty->getPointerElementType(), false, + GlobalVariable::ExternalWeakLinkage, nullptr, getSectionStart(Section)); SecStart->setVisibility(GlobalValue::HiddenVisibility); GlobalVariable *SecEnd = new GlobalVariable( - M, Ty->getPointerElementType(), false, GlobalVariable::ExternalLinkage, - nullptr, getSectionEnd(Section)); + M, Ty->getPointerElementType(), false, + GlobalVariable::ExternalWeakLinkage, nullptr, getSectionEnd(Section)); SecEnd->setVisibility(GlobalValue::HiddenVisibility); IRBuilder<> IRB(M.getContext()); if (!TargetTriple.isOSBinFormatCOFF()) @@ -573,7 +563,7 @@ bool ModuleSanitizerCoverage::instrumentModule( } // True if block has successors and it dominates all of them. -static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { +bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { if (succ_begin(BB) == succ_end(BB)) return false; @@ -588,8 +578,7 @@ static bool isFullDominator(const BasicBlock *BB, const DominatorTree *DT) { } // True if block has predecessors and it postdominates all of them. -static bool isFullPostDominator(const BasicBlock * BB, - const PostDominatorTree *PDT) { +bool isFullPostDominator(const BasicBlock *BB, const PostDominatorTree *PDT) { if (pred_begin(BB) == pred_end(BB)) return false; @@ -603,10 +592,10 @@ static bool isFullPostDominator(const BasicBlock * BB, } -static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, - const DominatorTree * DT, - const PostDominatorTree * PDT, - const SanitizerCoverageOptions &Options) { +bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, + const DominatorTree * DT, + const PostDominatorTree * PDT, + const SanitizerCoverageOptions &Options) { // Don't insert coverage for blocks containing nothing but unreachable: we // will never call __sanitizer_cov() for them, so counting them in @@ -636,8 +625,7 @@ static bool shouldInstrumentBlock(const Function &F, const BasicBlock *BB, // A twist here is that we treat From->To as a backedge if // * To dominates From or // * To->UniqueSuccessor dominates From -static bool IsBackEdge(BasicBlock *From, BasicBlock *To, - const DominatorTree *DT) { +bool IsBackEdge(BasicBlock *From, BasicBlock *To, const DominatorTree *DT) { if (DT->dominates(To, From)) return true; if (auto Next = To->getUniqueSuccessor()) @@ -651,8 +639,8 @@ static bool IsBackEdge(BasicBlock *From, BasicBlock *To, // // Note that Cmp pruning is controlled by the same flag as the // BB pruning. -static bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, - const SanitizerCoverageOptions &Options) { +bool IsInterestingCmp(ICmpInst *CMP, const DominatorTree *DT, + const SanitizerCoverageOptions &Options) { if (!Options.NoPrune) if (CMP->hasOneUse()) @@ -1046,7 +1034,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (IsEntryBB) { - // Keep static allocas and llvm.localescape calls in the entry block. Even + // Keep allocas and llvm.localescape calls in the entry block. Even // if we aren't splitting the block, it's nice for allocas to be before // calls. IP = PrepareToSplitEntryBlock(BB, IP); @@ -1221,17 +1209,17 @@ ModulePass *llvm::createModuleSanitizerCoverageLegacyPassPass( } -static void registerPCGUARDPass(const PassManagerBuilder &, - legacy::PassManagerBase &PM) { +void registerPCGUARDPass(const PassManagerBuilder &, + legacy::PassManagerBase &PM) { auto p = new ModuleSanitizerCoverageLegacyPass(); PM.add(p); } -static RegisterStandardPasses RegisterCompTransPass( +RegisterStandardPasses RegisterCompTransPass( PassManagerBuilder::EP_OptimizerLast, registerPCGUARDPass); -static RegisterStandardPasses RegisterCompTransPass0( +RegisterStandardPasses RegisterCompTransPass0( PassManagerBuilder::EP_EnabledOnOptLevel0, registerPCGUARDPass); diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 552bbea8..2089ce78 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -79,8 +79,9 @@ #endif #if defined(__HAIKU__) - extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); -#endif // HAIKU +extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, + size_t bufferSize); +#endif // HAIKU u8 __afl_area_initial[MAP_INITIAL_SIZE]; u8 * __afl_area_ptr_dummy = __afl_area_initial; @@ -1754,11 +1755,11 @@ static int area_is_valid(void *ptr, size_t len) { if (unlikely(!ptr || __asan_region_is_poisoned(ptr, len))) { return 0; } - #ifndef __HAIKU__ - long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); - #else - long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); - #endif // HAIKU +#ifndef __HAIKU__ + long r = syscall(SYS_write, __afl_dummy_fd[1], ptr, len); +#else + long r = _kern_write(__afl_dummy_fd[1], -1, ptr, len); +#endif // HAIKU if (r <= 0 || r > len) return 0; diff --git a/instrumentation/afl-gcc-pass.so.cc b/instrumentation/afl-gcc-pass.so.cc index 41bb5152..3b7eb878 100644 --- a/instrumentation/afl-gcc-pass.so.cc +++ b/instrumentation/afl-gcc-pass.so.cc @@ -177,7 +177,7 @@ int plugin_is_GPL_compatible = 1; namespace { -static const struct pass_data afl_pass_data = { +static constexpr struct pass_data afl_pass_data = { .type = GIMPLE_PASS, .name = "afl", @@ -503,7 +503,7 @@ struct afl_pass : gimple_opt_pass { // Starting from "LLVMFuzzer" these are functions used in libfuzzer based // fuzzing campaign installations, e.g. oss-fuzz - static const char *ignoreList[] = { + static constexpr const char *ignoreList[] = { "asan.", "llvm.", diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index 24498f3e..af32e2f9 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -55,7 +55,7 @@ bool isIgnoreFunction(const llvm::Function *F) { // Starting from "LLVMFuzzer" these are functions used in libfuzzer based // fuzzing campaign installations, e.g. oss-fuzz - static const char *ignoreList[] = { + static constexpr const char *ignoreList[] = { "asan.", "llvm.", @@ -94,7 +94,7 @@ bool isIgnoreFunction(const llvm::Function *F) { } - static const char *ignoreSubstringList[] = { + static constexpr const char *ignoreSubstringList[] = { "__asan", "__msan", "__ubsan", "__lsan", "__san", "__sanitize", "__cxx", "_GLOBAL__", diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index f6cdbe9e..68bd2fa5 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -89,11 +89,11 @@ class AFLLTOPass : public ModulePass { bool runOnModule(Module &M) override; protected: - uint32_t afl_global_id = 1, autodictionary = 1; - uint32_t function_minimum_size = 1; - uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; + uint32_t afl_global_id = 1, autodictionary = 1; + uint32_t function_minimum_size = 1; + uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; unsigned long long int map_addr = 0x10000; - char * skip_nozero = NULL; + char * skip_nozero = NULL; }; diff --git a/instrumentation/split-switches-pass.so.cc b/instrumentation/split-switches-pass.so.cc index 97ab04a4..82f198aa 100644 --- a/instrumentation/split-switches-pass.so.cc +++ b/instrumentation/split-switches-pass.so.cc @@ -89,7 +89,7 @@ class SplitSwitchesTransform : public ModulePass { }; - typedef std::vector CaseVector; + using CaseVector = std::vector; private: bool splitSwitches(Module &M); diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 4aa2133e..38cb5ba6 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -190,8 +190,8 @@ handlers of the target. ## 13) Gotchas, feedback, bugs -If you need to fix up checksums or do other cleanup on mutated test cases, see -utils/custom_mutators/ for a viable solution. +If you need to fix up checksums or do other cleanups on mutated test cases, see +`afl_custom_post_process` in custom_mutators/examples/example.c for a viable solution. Do not mix QEMU mode with ASAN, MSAN, or the likes; QEMU doesn't appreciate the "shadow VM" trick employed by the sanitizers and will probably just diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 02a44cef..84f144be 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -9,7 +9,7 @@ # TCG instrumentation and block chaining support by Andrea Biondo # # -# QEMU 3.1.1 port, TCG thread-safety, CompareCoverage and NeverZero +# QEMU 5+ port, TCG thread-safety, CompareCoverage and NeverZero # counters by Andrea Fioraldi # # Copyright 2015, 2016, 2017 Google Inc. All rights reserved. diff --git a/src/afl-cc.c b/src/afl-cc.c index 1f89bac5..09009334 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -560,12 +560,14 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (lto_mode && !have_c) { u8 *ld_path = strdup(AFL_REAL_LD); - if (!*ld_path) ld_path = "ld.lld"; + if (!ld_path || !*ld_path) { ld_path = strdup("ld.lld"); } + if (!ld_path) { PFATAL("Could not allocate mem for ld_path"); } #if defined(AFL_CLANG_LDPATH) && LLVM_MAJOR >= 12 cc_params[cc_par_cnt++] = alloc_printf("--ld-path=%s", ld_path); #else cc_params[cc_par_cnt++] = alloc_printf("-fuse-ld=%s", ld_path); #endif + free(ld_path); cc_params[cc_par_cnt++] = "-Wl,--allow-multiple-definition"; diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 727e7f8d..a07e78b4 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -416,7 +416,8 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, struct rlimit r; - if (!fsrv->cmplog_binary && fsrv->qemu_mode == false) { + if (!fsrv->cmplog_binary && fsrv->qemu_mode == false && + fsrv->frida_mode == false) { unsetenv(CMPLOG_SHM_ENV_VAR); // we do not want that in non-cmplog fsrv @@ -1089,7 +1090,7 @@ void afl_fsrv_write_to_testcase(afl_forkserver_t *fsrv, u8 *buf, size_t len) { #endif - if (likely(fsrv->use_shmem_fuzz && fsrv->shmem_fuzz)) { + if (likely(fsrv->use_shmem_fuzz)) { if (unlikely(len > MAX_FILE)) len = MAX_FILE; diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 3d0228db..97f10e6f 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -397,7 +397,7 @@ u8 *describe_op(afl_state_t *afl, u8 new_bits, size_t max_description_len) { /* Write a message accompanying the crash directory :-) */ -static void write_crash_readme(afl_state_t *afl) { +void write_crash_readme(afl_state_t *afl) { u8 fn[PATH_MAX]; s32 fd; diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index 27c6c413..c2e9c80f 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -35,7 +35,7 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) { if (fsrv->qemu_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } - if (!fsrv->qemu_mode && argv[0] != fsrv->cmplog_binary) { + if (!fsrv->qemu_mode && !fsrv->frida_mode && argv[0] != fsrv->cmplog_binary) { argv[0] = fsrv->cmplog_binary; diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index b6bfbc29..cb586111 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2031,7 +2031,7 @@ void setup_dirs_fds(afl_state_t *afl) { fprintf( afl->fsrv.plot_file, - "# unix_time, cycles_done, cur_path, paths_total, " + "# relative_time, cycles_done, cur_path, paths_total, " "pending_total, pending_favs, map_size, unique_crashes, " "unique_hangs, max_depth, execs_per_sec, total_execs, edges_found\n"); @@ -2774,6 +2774,14 @@ void check_binary(afl_state_t *afl, u8 *fname) { WARNF("AFL_PERSISTENT is no longer supported and may misbehave!"); + } else if (getenv("AFL_FRIDA_PERSISTENT_ADDR")) { + + OKF("FRIDA Persistent mode configuration options detected."); + setenv(PERSIST_ENV_VAR, "1", 1); + afl->persistent_mode = 1; + + afl->shmem_testcase_mode = 1; + } if (afl->fsrv.frida_mode || diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index c99d9a4d..e27d6fae 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -308,9 +308,11 @@ struct custom_mutator *load_custom_mutator(afl_state_t *afl, const char *fn) { u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, struct custom_mutator *mutator) { - u8 needs_write = 0, fault = 0; + u8 fault = 0; u32 trim_exec = 0; u32 orig_len = q->len; + u32 out_len = 0; + u8 *out_buf = NULL; u8 val_buf[STRINGIFY_VAL_SIZE_MAX]; @@ -397,25 +399,25 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (likely(retlen && cksum == q->exec_cksum)) { - if (afl_realloc((void **)&in_buf, retlen) == NULL) { + /* Let's save a clean trace, which will be needed by + update_bitmap_score once we're done with the trimming stuff. + Use out_buf NULL check to make this only happen once per trim. */ + + if (!out_buf) { + + memcpy(afl->clean_trace_custom, afl->fsrv.trace_bits, + afl->fsrv.map_size); + + } + + if (afl_realloc((void **)&out_buf, retlen) == NULL) { FATAL("can not allocate memory for trim"); } - memcpy(in_buf, retbuf, retlen); - q->len = retlen; - - /* Let's save a clean trace, which will be needed by - update_bitmap_score once we're done with the trimming stuff. */ - - if (!needs_write) { - - needs_write = 1; - memcpy(afl->clean_trace_custom, afl->fsrv.trace_bits, - afl->fsrv.map_size); - - } + out_len = retlen; + memcpy(out_buf, retbuf, retlen); /* Tell the custom mutator that the trimming was successful */ afl->stage_cur = mutator->afl_custom_post_trim(mutator->data, 1); @@ -423,7 +425,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (afl->not_on_tty && afl->debug) { SAYF("[Custom Trimming] SUCCESS: %u/%u iterations (now at %u bytes)", - afl->stage_cur, afl->stage_max, q->len); + afl->stage_cur, afl->stage_max, out_len); } @@ -456,16 +458,10 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, } - if (afl->not_on_tty && afl->debug) { - - SAYF("[Custom Trimming] DONE: %u bytes -> %u bytes", orig_len, q->len); - - } - - /* If we have made changes to in_buf, we also need to update the on-disk + /* If we have made changes, we also need to update the on-disk version of the test case. */ - if (needs_write) { + if (out_buf) { s32 fd; @@ -475,16 +471,28 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (fd < 0) { PFATAL("Unable to create '%s'", q->fname); } - ck_write(fd, in_buf, q->len, q->fname); + ck_write(fd, out_buf, out_len, q->fname); close(fd); + /* Update the queue's knowledge of length as soon as we write the file. + We do this here so that exit/error cases that *don't* update the file + also don't update q->len. */ + q->len = out_len; + memcpy(afl->fsrv.trace_bits, afl->clean_trace_custom, afl->fsrv.map_size); update_bitmap_score(afl, q); } + if (afl->not_on_tty && afl->debug) { + + SAYF("[Custom Trimming] DONE: %u bytes -> %u bytes", orig_len, q->len); + + } + abort_trimming: + if (out_buf) afl_free(out_buf); afl->bytes_trim_out += q->len; return fault; diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index d72d4145..4eeb93de 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -3010,13 +3010,13 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { u8 res = trim_case(afl, afl->queue_cur, in_buf); orig_in = in_buf = queue_testcase_get(afl, afl->queue_cur); - if (res == FSRV_RUN_ERROR) { + if (unlikely(res == FSRV_RUN_ERROR)) { FATAL("Unable to execute target application"); } - if (afl->stop_soon) { + if (unlikely(afl->stop_soon)) { ++afl->cur_skipped_paths; goto abandon_entry; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 832f17bb..6e5210b8 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -203,7 +203,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, } - if (afl->fsrv.shmem_fuzz) { + if (likely(afl->fsrv.use_shmem_fuzz)) { if (!post_process_skipped) { @@ -211,9 +211,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, memcpy(afl->fsrv.shmem_fuzz, new_mem, new_size); - } - - else { + } else { memcpy(afl->fsrv.shmem_fuzz, mem, skip_at); @@ -244,7 +242,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, return; - } else if (afl->fsrv.out_file) { + } else if (unlikely(!afl->fsrv.use_stdin)) { if (unlikely(afl->no_unlink)) { @@ -279,7 +277,7 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, } - if (!afl->fsrv.out_file) { + if (afl->fsrv.use_stdin) { if (ftruncate(fd, new_size)) { PFATAL("ftruncate() failed"); } lseek(fd, 0, SEEK_SET); diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 28d3339a..c886cb28 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -99,6 +99,7 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->cal_cycles = CAL_CYCLES; afl->cal_cycles_long = CAL_CYCLES_LONG; afl->hang_tmout = EXEC_TIMEOUT; + afl->exit_on_time = 0; afl->stats_update_freq = 1; afl->stats_avg_exec = 0; afl->skip_deterministic = 1; @@ -187,6 +188,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_exit_when_done = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_EXIT_ON_TIME", + + afl_environment_variable_len)) { + + afl->afl_env.afl_exit_on_time = + (u8 *)get_afl_env(afl_environment_variables[i]); + } else if (!strncmp(env, "AFL_NO_AFFINITY", afl_environment_variable_len)) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 22c0cbd2..313263f9 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -179,6 +179,8 @@ void load_stats_file(afl_state_t *afl) { } + if (afl->unique_crashes) { write_crash_readme(afl); } + return; } @@ -384,7 +386,7 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, /* Fields in the file: - unix_time, afl->cycles_done, cur_path, paths_total, paths_not_fuzzed, + relative_time, afl->cycles_done, cur_path, paths_total, paths_not_fuzzed, favored_not_fuzzed, unique_crashes, unique_hangs, max_depth, execs_per_sec, edges_found */ @@ -544,7 +546,7 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_statsd)) { - if (unlikely(afl->force_ui_update && cur_ms - afl->statsd_last_send_ms > + if (unlikely(afl->force_ui_update || cur_ms - afl->statsd_last_send_ms > STATSD_UPDATE_SEC * 1000)) { /* reset counter, even if send failed. */ @@ -574,6 +576,16 @@ void show_stats(afl_state_t *afl) { } + /* AFL_EXIT_ON_TIME. */ + + if (unlikely(afl->last_path_time && !afl->non_instrumented_mode && + afl->afl_env.afl_exit_on_time && + (cur_ms - afl->last_path_time) > afl->exit_on_time)) { + + afl->stop_soon = 2; + + } + if (unlikely(afl->total_crashes && afl->afl_env.afl_bench_until_crash)) { afl->stop_soon = 2; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3606533d..8de3ed6b 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -204,6 +204,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_DISABLE_TRIM: disable the trimming of test cases\n" "AFL_DUMB_FORKSRV: use fork server without feedback from target\n" "AFL_EXIT_WHEN_DONE: exit when all inputs are run and no new finds are found\n" + "AFL_EXIT_ON_TIME: exit when no new paths are found within the specified time period\n" "AFL_EXPAND_HAVOC_NOW: immediately enable expand havoc mode (default: after 60 minutes and a cycle without finds)\n" "AFL_FAST_CAL: limit the calibration stage to three cycles for speedup\n" "AFL_FORCE_UI: force showing the status screen (for virtual consoles)\n" @@ -1246,6 +1247,13 @@ int main(int argc, char **argv_orig, char **envp) { } + if (afl->afl_env.afl_exit_on_time) { + + u64 exit_on_time = atoi(afl->afl_env.afl_exit_on_time); + afl->exit_on_time = (u64)exit_on_time * 1000; + + } + if (afl->afl_env.afl_max_det_extras) { s32 max_det_extras = atoi(afl->afl_env.afl_max_det_extras); @@ -1358,6 +1366,7 @@ int main(int argc, char **argv_orig, char **envp) { afl_preload = getenv("AFL_PRELOAD"); u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); if (afl_preload) { frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); @@ -1383,6 +1392,7 @@ int main(int argc, char **argv_orig, char **envp) { } else if (afl->fsrv.frida_mode) { u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); setenv("LD_PRELOAD", frida_binary, 1); setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); ck_free(frida_binary); @@ -1697,13 +1707,14 @@ int main(int argc, char **argv_orig, char **envp) { // TODO: this is semi-nice afl->cmplog_fsrv.trace_bits = afl->fsrv.trace_bits; afl->cmplog_fsrv.qemu_mode = afl->fsrv.qemu_mode; + afl->cmplog_fsrv.frida_mode = afl->fsrv.frida_mode; afl->cmplog_fsrv.cmplog_binary = afl->cmplog_binary; afl->cmplog_fsrv.init_child_func = cmplog_exec_child; if ((map_size <= DEFAULT_SHMEM_SIZE || afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->unicorn_mode) { + !afl->fsrv.frida_mode && !afl->unicorn_mode) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; @@ -2209,6 +2220,31 @@ stop_fuzzing: } afl_fsrv_deinit(&afl->fsrv); + + /* remove tmpfile */ + if (afl->tmp_dir != NULL && !afl->in_place_resume) { + + char tmpfile[PATH_MAX]; + + if (afl->file_extension) { + + snprintf(tmpfile, PATH_MAX, "%s/.cur_input.%s", afl->tmp_dir, + afl->file_extension); + + } else { + + snprintf(tmpfile, PATH_MAX, "%s/.cur_input", afl->tmp_dir); + + } + + if (unlink(tmpfile) != 0) { + + FATAL("Could not unlink current input file: %s.", tmpfile); + + } + + } + if (afl->orig_cmdline) { ck_free(afl->orig_cmdline); } ck_free(afl->fsrv.target_path); ck_free(afl->fsrv.out_file); diff --git a/src/afl-ld-lto.c b/src/afl-ld-lto.c index d0113af9..1ce97649 100644 --- a/src/afl-ld-lto.c +++ b/src/afl-ld-lto.c @@ -298,13 +298,12 @@ int main(int argc, char **argv) { SAYF( "\n" - "This is a helper application for afl-clang-lto. It is a wrapper " - "around GNU " - "llvm's 'lld',\n" - "executed by the toolchain whenever using " - "afl-clang-lto/afl-clang-lto++.\n" + "This is a helper application for afl-clang-lto.\n" + "It is a wrapper around llvm's 'lld' in case afl-clang-lto cannot be " + "used.\n" + "Note that the target still has to be compiled with -flto=full!\n" "You probably don't want to run this program directly but rather pass " - "it as LD parameter to configure scripts\n\n" + "it as LD\nparameter to e.g. configure scripts.\n\n" "Environment variables:\n" " AFL_LD_PASSTHROUGH do not link+optimize == no instrumentation\n" diff --git a/test/test-all.sh b/test/test-all.sh index 8df4bef9..0c189727 100755 --- a/test/test-all.sh +++ b/test/test-all.sh @@ -14,6 +14,8 @@ . ./test-qemu-mode.sh +. ./test-frida-mode.sh + . ./test-unicorn-mode.sh . ./test-custom-mutators.sh diff --git a/test/test-custom-mutators.sh b/test/test-custom-mutators.sh index bae4220f..5d679a82 100755 --- a/test/test-custom-mutators.sh +++ b/test/test-custom-mutators.sh @@ -5,7 +5,7 @@ $ECHO "$BLUE[*] Testing: custom mutator" test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { # normalize path - CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../utils/custom_mutators;pwd) + CUSTOM_MUTATOR_PATH=$(cd $(pwd)/../custom_mutators/examples;pwd) test -e test-custom-mutator.c -a -e ${CUSTOM_MUTATOR_PATH}/example.c -a -e ${CUSTOM_MUTATOR_PATH}/example.py && { unset AFL_CC # Compile the vulnerable program for single mutator @@ -29,8 +29,8 @@ test "1" = "`../afl-fuzz | grep -i 'without python' >/dev/null; echo $?`" && { } } # Compile the custom mutator - cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../utils/custom_mutators/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 - cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../utils/custom_mutators/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 + cc -D_FIXED_CHAR=0x41 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator.so > /dev/null 2>&1 + cc -D_FIXED_CHAR=0x42 -g -fPIC -shared -I../include ../custom_mutators/examples/simple_example.c -o libexamplemutator2.so > /dev/null 2>&1 test -e test-custom-mutator -a -e ./libexamplemutator.so && { # Create input directory mkdir -p in diff --git a/test/test-frida-mode.sh b/test/test-frida-mode.sh new file mode 100755 index 00000000..b47d016a --- /dev/null +++ b/test/test-frida-mode.sh @@ -0,0 +1,108 @@ +#!/bin/sh + +. ./test-pre.sh + +$ECHO "$BLUE[*] Testing: frida_mode" +test -z "$AFL_CC" && { + if type gcc >/dev/null; then + export AFL_CC=gcc + else + if type clang >/dev/null; then + export AFL_CC=clang + fi + fi +} + +test -e ../afl-frida-trace.so && { + cc -no-pie -o test-instr ../test-instr.c + cc -o test-compcov test-compcov.c + test -e test-instr -a -e test-compcov && { + { + mkdir -p in + echo 00000 > in/in + $ECHO "$GREY[*] running afl-fuzz for frida_mode, this will take approx 10 seconds" + { + ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode" + RUNTIME=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode" + CODE=1 + } + rm -f errors + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for frida_mode cmplog, this will take approx 10 seconds" + { + ../afl-fuzz -m none -V10 -O -c 0 -i in -o out -- ./test-compcov >>errors 2>&1 + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000003* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with frida_mode cmplog" + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with frida_mode cmplog" + CODE=1 + } + rm -f errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test frida_mode cmplog" + } + + test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc" -o "$SYS" = "aarch64" -o ! "${SYS%%arm*}" && { + $ECHO "$GREY[*] running afl-fuzz for persistent frida_mode, this will take approx 10 seconds" + { + #if file test-instr | grep -q "32-bit"; then + #else + #fi + export AFL_FRIDA_PERSISTENT_ADDR=0x`nm test-instr | grep "T main" | awk '{print $1}'` + $ECHO "Info: AFL_FRIDA_PERSISTENT_ADDR=$AFL_FRIDA_PERSISTENT_ADDR <= $(nm test-instr | grep "T main" | awk '{print $1}')" + env|grep AFL_|sort + file test-instr + ../afl-fuzz -m ${MEM_LIMIT} -V10 -O -i in -o out -- ./test-instr + unset AFL_FRIDA_PERSISTENT_ADDR + } >>errors 2>&1 + test -n "$( ls out/default/queue/id:000002* 2>/dev/null )" && { + $ECHO "$GREEN[+] afl-fuzz is working correctly with persistent frida_mode" + RUNTIMEP=`grep execs_done out/default/fuzzer_stats | awk '{print$3}'` + test -n "$RUNTIME" -a -n "$RUNTIMEP" && { + DIFF=`expr $RUNTIMEP / $RUNTIME` + test "$DIFF" -gt 1 && { # must be at least twice as fast + $ECHO "$GREEN[+] persistent frida_mode was noticeable faster than standard frida_mode" + } || { + $ECHO "$YELLOW[-] persistent frida_mode was not noticeable faster than standard frida_mode" + } + } || { + $ECHO "$YELLOW[-] we got no data on executions performed? weird!" + } + } || { + echo CUT------------------------------------------------------------------CUT + cat errors + echo CUT------------------------------------------------------------------CUT + $ECHO "$RED[!] afl-fuzz is not working correctly with persistent frida_mode" + CODE=1 + } + rm -rf in out errors + } || { + $ECHO "$YELLOW[-] not an intel or arm platform, cannot test persistent frida_mode" + } + + } + } || { + $ECHO "$RED[!] gcc compilation of test targets failed - what is going on??" + CODE=1 + } + + rm -f test-instr test-compcov +} || { + $ECHO "$YELLOW[-] frida_mode is not compiled, cannot test" + INCOMPLETE=1 +} + +. ./test-post.sh diff --git a/test/test-performance.sh b/test/test-performance.sh index cd9f6caf..d61e2f2a 100755 --- a/test/test-performance.sh +++ b/test/test-performance.sh @@ -18,6 +18,7 @@ export AFL_QUIET=1 export AFL_PATH=`pwd`/.. unset AFL_EXIT_WHEN_DONE +unset AFL_EXIT_ON_TIME unset AFL_SKIP_CPUFREQ unset AFL_DEBUG unset AFL_HARDEN diff --git a/test/test-pre.sh b/test/test-pre.sh index 174f2f7f..7819da47 100755 --- a/test/test-pre.sh +++ b/test/test-pre.sh @@ -62,6 +62,7 @@ $ECHO \\101 2>&1 | grep -qE '^A' || { test -z "$ECHO" && { printf Error: printf command does not support octal character codes ; exit 1 ; } export AFL_EXIT_WHEN_DONE=1 +export AFL_EXIT_ON_TIME=60 export AFL_SKIP_CPUFREQ=1 export AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 unset AFL_NO_X86 diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index d9ae5590..ffcf3b4c 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -fb2fc9f2 +019b871539fe9ed3f41d882385a8b02c243d49ad diff --git a/unicorn_mode/samples/speedtest/c/Makefile b/unicorn_mode/samples/speedtest/c/Makefile index ce784d4f..46789954 100644 --- a/unicorn_mode/samples/speedtest/c/Makefile +++ b/unicorn_mode/samples/speedtest/c/Makefile @@ -29,7 +29,11 @@ MYCC = $(__CC:$(_UNIQ)$(CROSS)=$(CROSS)gcc) .PHONY: all clean -all: fuzz +all: ../target harness + +afl-fuzz: ../../../../afl-fuzz +../../../../afl-fuzz: + $(MAKE) -C ../../../../ afl-fuzz clean: rm -rf *.o harness harness-debug @@ -49,6 +53,6 @@ harness-debug: harness-debug.o ../target: $(MAKE) -C .. -fuzz: ../target harness +fuzz: all afl-fuzz rm -rf ./output - SKIP_BINCHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./harness @@ + SKIP_BIN_CHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./harness @@ diff --git a/unicorn_mode/samples/speedtest/python/Makefile b/unicorn_mode/samples/speedtest/python/Makefile index 4282c6cb..c0c64269 100644 --- a/unicorn_mode/samples/speedtest/python/Makefile +++ b/unicorn_mode/samples/speedtest/python/Makefile @@ -1,8 +1,15 @@ -all: fuzz +.PHONY: all fuzz + +all: ../target + +afl-fuzz: ../../../../afl-fuzz +../../../../afl-fuzz: + $(MAKE) -C ../../../../ afl-fuzz + ../target: $(MAKE) -C .. -fuzz: ../target +fuzz: all afl-fuzz rm -rf ./ouptput ../../../../afl-fuzz -s 1 -U -i ../sample_inputs -o ./output -- python3 harness.py @@ diff --git a/unicorn_mode/samples/speedtest/rust/Makefile b/unicorn_mode/samples/speedtest/rust/Makefile index fe18d6ee..46934c93 100644 --- a/unicorn_mode/samples/speedtest/rust/Makefile +++ b/unicorn_mode/samples/speedtest/rust/Makefile @@ -1,4 +1,10 @@ -all: fuzz +.PHONY: all fuzz + +all: ../target ./target/release/unicornafl_harness + +afl-fuzz: ../../../../afl-fuzz +../../../../afl-fuzz: + $(MAKE) -C ../../../../ afl-fuzz clean: cargo clean @@ -12,6 +18,6 @@ clean: ../target: $(MAKE) -c .. -fuzz: ../target ./target/release/unicornafl_harness +fuzz: all afl-fuzz rm -rf ./output - SKIP_BINCHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./target/release/unicornafl_harness @@ + SKIP_BIN_CHECK=1 ../../../../afl-fuzz -s 1 -i ../sample_inputs -o ./output -- ./target/release/unicornafl_harness @@ diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index fb2fc9f2..019b8715 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit fb2fc9f25df32f17f6b6b859e4dbd70f9a857e0c +Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad diff --git a/utils/README.md b/utils/README.md index 336b6b6c..b157424f 100644 --- a/utils/README.md +++ b/utils/README.md @@ -32,7 +32,8 @@ Here's a quick overview of the stuff you can find in this directory: with additional gdb metadata. - custom_mutators - examples for the afl++ custom mutator interface in - C and Python + C and Python. Note: They were moved to + ../custom_mutators/examples/ - distributed_fuzzing - a sample script for synchronizing fuzzer instances across multiple machines (see parallel_fuzzing.md). diff --git a/utils/afl_proxy/afl-proxy.c b/utils/afl_proxy/afl-proxy.c index aa7a361a..6006e238 100644 --- a/utils/afl_proxy/afl-proxy.c +++ b/utils/afl_proxy/afl-proxy.c @@ -70,6 +70,10 @@ static void __afl_map_shm(void) { char *id_str = getenv(SHM_ENV_VAR); char *ptr; + /* NOTE TODO BUG FIXME: if you want to supply a variable sized map then + uncomment the following: */ + + /* if ((ptr = getenv("AFL_MAP_SIZE")) != NULL) { u32 val = atoi(ptr); @@ -77,6 +81,8 @@ static void __afl_map_shm(void) { } + */ + if (__afl_map_size > MAP_SIZE) { if (__afl_map_size > FS_OPT_MAX_MAPSIZE) { @@ -189,10 +195,7 @@ static u32 __afl_next_testcase(u8 *buf, u32 max_len) { /* report that we are starting the target */ if (write(FORKSRV_FD + 1, &res, 4) != 4) return 0; - if (status < 1) - return 0; - else - return status; + return status; } @@ -210,7 +213,7 @@ int main(int argc, char *argv[]) { /* This is were the testcase data is written into */ u8 buf[1024]; // this is the maximum size for a test case! set it! - u32 len; + s32 len; /* here you specify the map size you need that you are reporting to afl-fuzz. Any value is fine as long as it can be divided by 32. */ @@ -222,10 +225,20 @@ int main(int argc, char *argv[]) { while ((len = __afl_next_testcase(buf, sizeof(buf))) > 0) { - /* here you have to create the magic that feeds the buf/len to the - target and write the coverage to __afl_area_ptr */ + if (len > 4) { // the minimum data size you need for the target - // ... the magic ... + /* here you have to create the magic that feeds the buf/len to the + target and write the coverage to __afl_area_ptr */ + + // ... the magic ... + + // remove this, this is just to make afl-fuzz not complain when run + if (buf[0] == 0xff) + __afl_area_ptr[1] = 1; + else + __afl_area_ptr[2] = 2; + + } /* report the test case is done and wait for the next */ __afl_end_testcase(); diff --git a/utils/aflpp_driver/GNUmakefile b/utils/aflpp_driver/GNUmakefile index 8ac054a6..ad99b893 100644 --- a/utils/aflpp_driver/GNUmakefile +++ b/utils/aflpp_driver/GNUmakefile @@ -7,7 +7,7 @@ ifneq "" "$(LLVM_BINDIR)" LLVM_BINDIR := $(LLVM_BINDIR)/ endif -CFLAGS := -O3 -funroll-loops -g +CFLAGS := -O3 -funroll-loops -g -fPIC all: libAFLDriver.a libAFLQemuDriver.a aflpp_qemu_driver_hook.so @@ -33,10 +33,10 @@ libAFLQemuDriver.a: aflpp_qemu_driver.o -cp -vf libAFLQemuDriver.a ../../ aflpp_qemu_driver_hook.so: aflpp_qemu_driver_hook.o - -$(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so + -test -e aflpp_qemu_driver_hook.o && $(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so || echo "Note: Optional aflpp_qemu_driver_hook.so not built." aflpp_qemu_driver_hook.o: aflpp_qemu_driver_hook.c - -$(LLVM_BINDIR)clang -fPIC $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c + -test -e ../../qemu_mode/qemuafl/qemuafl/api.h && $(LLVM_BINDIR)clang $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c || echo "Note: Optional aflpp_qemu_driver_hook.o not built." test: debug #clang -S -emit-llvm -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -funroll-loops -o aflpp_driver_test.ll aflpp_driver_test.c diff --git a/utils/aflpp_driver/aflpp_qemu_driver_hook.c b/utils/aflpp_driver/aflpp_qemu_driver_hook.c index d3dd98b0..2979fadc 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver_hook.c +++ b/utils/aflpp_driver/aflpp_qemu_driver_hook.c @@ -3,12 +3,12 @@ #include #include -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + // In this example the register RDI is pointing to the memory location // of the target buffer, and the length of the input is in RSI. // This can be seen with a debugger, e.g. gdb (and "disass main") @@ -16,11 +16,11 @@ void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, memcpy(g2h(regs->rdi), input_buf, input_buf_len); regs->rsi = input_buf_len; +} + #undef g2h #undef h2g -} - int afl_persistent_hook_init(void) { // 1 for shared memory input (faster), 0 for normal input (you have to use diff --git a/utils/libdislocator/libdislocator.so.c b/utils/libdislocator/libdislocator.so.c index 1b247c86..dde78f7b 100644 --- a/utils/libdislocator/libdislocator.so.c +++ b/utils/libdislocator/libdislocator.so.c @@ -144,8 +144,8 @@ typedef struct { /* Configurable stuff (use AFL_LD_* to set): */ -static u32 max_mem = MAX_ALLOC; /* Max heap usage to permit */ -static u8 alloc_verbose, /* Additional debug messages */ +static size_t max_mem = MAX_ALLOC; /* Max heap usage to permit */ +static u8 alloc_verbose, /* Additional debug messages */ hard_fail, /* abort() when max_mem exceeded? */ no_calloc_over, /* abort() on calloc() overflows? */ align_allocations; /* Force alignment to sizeof(void*) */ @@ -154,7 +154,7 @@ static u8 alloc_verbose, /* Additional debug messages */ #define __thread #warning no thread support available #endif -static __thread size_t total_mem; /* Currently allocated mem */ +static _Atomic size_t total_mem; /* Currently allocated mem */ static __thread u32 call_depth; /* To avoid recursion via fprintf() */ static u32 alloc_canary; @@ -172,9 +172,9 @@ static void *__dislocator_alloc(size_t len) { if (total_mem + len > max_mem || total_mem + len < total_mem) { - if (hard_fail) FATAL("total allocs exceed %u MB", max_mem / 1024 / 1024); + if (hard_fail) FATAL("total allocs exceed %zu MB", max_mem / 1024 / 1024); - DEBUGF("total allocs exceed %u MB, returning NULL", max_mem / 1024 / 1024); + DEBUGF("total allocs exceed %zu MB, returning NULL", max_mem / 1024 / 1024); return NULL; @@ -500,19 +500,20 @@ size_t malloc_usable_size(const void *ptr) { __attribute__((constructor)) void __dislocator_init(void) { - u8 *tmp = (u8 *)getenv("AFL_LD_LIMIT_MB"); + char *tmp = getenv("AFL_LD_LIMIT_MB"); if (tmp) { - u8 *tok; - s32 mmem = (s32)strtol((char *)tmp, (char **)&tok, 10); - if (*tok != '\0' || errno == ERANGE) FATAL("Bad value for AFL_LD_LIMIT_MB"); + char * tok; + unsigned long long mmem = strtoull(tmp, &tok, 10); + if (*tok != '\0' || errno == ERANGE || mmem > SIZE_MAX / 1024 / 1024) + FATAL("Bad value for AFL_LD_LIMIT_MB"); max_mem = mmem * 1024 * 1024; } alloc_canary = ALLOC_CANARY; - tmp = (u8 *)getenv("AFL_RANDOM_ALLOC_CANARY"); + tmp = getenv("AFL_RANDOM_ALLOC_CANARY"); if (tmp) arc4random_buf(&alloc_canary, sizeof(alloc_canary)); diff --git a/utils/qbdi_mode/template.cpp b/utils/qbdi_mode/template.cpp index b2066cc8..182a014b 100755 --- a/utils/qbdi_mode/template.cpp +++ b/utils/qbdi_mode/template.cpp @@ -25,7 +25,7 @@ #if (defined(__x86_64__) || defined(__i386__)) && defined(AFL_QEMU_NOT_ZERO) #define INC_AFL_AREA(loc) \ asm volatile( \ - "incb (%0, %1, 1)\n" \ + "addb $1, (%0, %1, 1)\n" \ "adcb $0, (%0, %1, 1)\n" \ : /* no out */ \ : "r"(afl_area_ptr), "r"(loc) \ diff --git a/utils/qemu_persistent_hook/read_into_rdi.c b/utils/qemu_persistent_hook/read_into_rdi.c index c1c6642f..14b2ed85 100644 --- a/utils/qemu_persistent_hook/read_into_rdi.c +++ b/utils/qemu_persistent_hook/read_into_rdi.c @@ -3,12 +3,12 @@ #include #include -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - #define g2h(x) ((void *)((unsigned long)(x) + guest_base)) #define h2g(x) ((uint64_t)(x)-guest_base) +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + // In this example the register RDI is pointing to the memory location // of the target buffer, and the length of the input is in RSI. // This can be seen with a debugger, e.g. gdb (and "disass main") @@ -19,11 +19,11 @@ void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, memcpy(g2h(regs->rdi), input_buf, input_buf_len); regs->rsi = input_buf_len; +} + #undef g2h #undef h2g -} - int afl_persistent_hook_init(void) { // 1 for shared memory input (faster), 0 for normal input (you have to use From 09458343c05564f32654d748a0ae95460748479c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 10 May 2021 14:00:00 +0200 Subject: [PATCH 206/441] github workflow for qemu --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a5f3429e..35051a20 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: - name: update run: sudo apt-get update && sudo apt-get upgrade -y - name: install packages - run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools + run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build - name: compiler installed run: gcc -v ; echo ; clang -v - name: install gcc plugin From fd077e86bdfb73f1aa8432be547b1e8477883abb Mon Sep 17 00:00:00 2001 From: Dustin Spicuzza Date: Mon, 10 May 2021 18:20:28 -0400 Subject: [PATCH 207/441] OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory --- docs/INSTALL.md | 35 +++++++++++++++++++++++++++++++++++ src/afl-cc.c | 12 ++++++++++-- 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index e3c06c9d..80d452f7 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -103,6 +103,41 @@ The llvm instrumentation requires a fully-operational installation of clang. The comes with Xcode is missing some of the essential headers and helper tools. See README.llvm.md for advice on how to build the compiler from scratch. +MacOS X supports SYSV shared memory used by AFL's instrumentation, but the +default settings aren't usable with AFL++. The default settings on 10.14 seem +to be: + +```bash +$ ipcs -M +IPC status from as of XXX +shminfo: + shmmax: 4194304 (max shared memory segment size) + shmmin: 1 (min shared memory segment size) + shmmni: 32 (max number of shared memory identifiers) + shmseg: 8 (max shared memory segments per process) + shmall: 1024 (max amount of shared memory in pages) +``` + +To temporarily change your settings to something minimally usable with AFL++, +run these commands as root: + +```bash +sysctl kern.sysv.shmmax=8388608 +sysctl kern.sysv.shmall=4096 +``` + +If you're running more than one instance of AFL you likely want to make `shmall` +bigger and increase `shmseg` as well: + +```bash +sysctl kern.sysv.shmmax=8388608 +sysctl kern.sysv.shmseg=48 +sysctl kern.sysv.shmall=98304 +``` + +See http://www.spy-hill.com/help/apple/SharedMemory.html for documentation for +these settings and how to make them permanent. + ## 4. Linux or *BSD on non-x86 systems Standard build will fail on non-x86 systems, but you should be able to diff --git a/src/afl-cc.c b/src/afl-cc.c index 09009334..c1050355 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1574,7 +1574,12 @@ int main(int argc, char **argv, char **envp) { else if (have_gcc_plugin) compiler_mode = GCC_PLUGIN; else if (have_gcc) - compiler_mode = GCC; + #ifdef __APPLE__ + // on OSX clang masquerades as GCC + compiler_mode = CLANG; + #else + compiler_mode = GCC; + #endif else if (have_lto) compiler_mode = LTO; else @@ -1596,7 +1601,10 @@ int main(int argc, char **argv, char **envp) { } - if (compiler_mode == CLANG) { instrument_mode = INSTRUMENT_CLANG; } + if (compiler_mode == CLANG) { + instrument_mode = INSTRUMENT_CLANG; + setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as + } if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { From 8929da339191152cdc69e4c99ddeaeff6d0bc777 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 11 May 2021 19:29:28 +0100 Subject: [PATCH 208/441] Fixes to memory operands for complog (#916) Co-authored-by: Your Name --- frida_mode/include/frida_cmplog.h | 2 +- frida_mode/src/cmplog/cmplog.c | 6 ++-- frida_mode/src/cmplog/cmplog_x64.c | 51 +++++++++++++++++++++++------- frida_mode/test/cmplog/GNUmakefile | 6 ++-- 4 files changed, 47 insertions(+), 18 deletions(-) diff --git a/frida_mode/include/frida_cmplog.h b/frida_mode/include/frida_cmplog.h index 28864c0e..b620a472 100644 --- a/frida_mode/include/frida_cmplog.h +++ b/frida_mode/include/frida_cmplog.h @@ -8,7 +8,7 @@ void cmplog_init(void); /* Functions to be implemented by the different architectures */ void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); -gboolean cmplog_is_readable(void *addr, size_t size); +gboolean cmplog_is_readable(guint64 addr, size_t size); #endif diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 3fab1951..7b11c350 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -53,7 +53,7 @@ static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, } -gboolean cmplog_is_readable(void *addr, size_t size) { +gboolean cmplog_is_readable(guint64 addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); @@ -65,9 +65,9 @@ gboolean cmplog_is_readable(void *addr, size_t size) { * is lower than this. This should avoid some overhead when functions are * called where one of the parameters is a size, or a some other small value. */ - if (GPOINTER_TO_SIZE(addr) < DEFAULT_MMAP_MIN_ADDR) { return false; } + if (addr < DEFAULT_MMAP_MIN_ADDR) { return false; } - GumAddress inner_base = GUM_ADDRESS(addr); + GumAddress inner_base = addr; GumAddress inner_limit = inner_base + size; for (guint i = 0; i < cmplog_ranges->len; i++) { diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 9bf09ad5..4d8f243a 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -134,7 +134,8 @@ static guint64 cmplog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { } -static guint64 cmplog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { +static gboolean cmplog_read_mem(GumX64CpuContext *ctx, uint8_t size, + x86_op_mem *mem, guint64 *val) { guint64 base = 0; guint64 index = 0; @@ -145,26 +146,52 @@ static guint64 cmplog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { if (mem->index != X86_REG_INVALID) index = cmplog_read_reg(ctx, mem->index); address = base + (index * mem->scale) + mem->disp; - return address; + + if (!cmplog_is_readable(address, size)) { return FALSE; } + + switch (size) { + + case 1: + *val = *((guint8 *)address); + return TRUE; + case 2: + *val = *((guint16 *)address); + return TRUE; + case 4: + *val = *((guint32 *)address); + return TRUE; + case 8: + *val = *((guint64 *)address); + return TRUE; + default: + FATAL("Invalid operand size: %d\n", size); + + } + + return FALSE; } -static guint64 cmplog_get_operand_value(GumCpuContext *context, - cmplog_ctx_t * ctx) { +static gboolean cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t *ctx, guint64 *val) { switch (ctx->type) { case X86_OP_REG: - return cmplog_read_reg(context, ctx->reg); + *val = cmplog_read_reg(context, ctx->reg); + return TRUE; case X86_OP_IMM: - return ctx->imm; + *val = ctx->imm; + return TRUE; case X86_OP_MEM: - return cmplog_read_mem(context, &ctx->mem); + return cmplog_read_mem(context, ctx->size, &ctx->mem, val); default: FATAL("Invalid operand type: %d\n", ctx->type); } + return FALSE; + } static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { @@ -177,11 +204,11 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { if (((G_MAXULONG - rdi) < 32) || ((G_MAXULONG - rsi) < 32)) return; + if (!cmplog_is_readable(rdi, 32) || !cmplog_is_readable(rsi, 32)) return; + void *ptr1 = GSIZE_TO_POINTER(rdi); void *ptr2 = GSIZE_TO_POINTER(rsi); - if (!cmplog_is_readable(ptr1, 32) || !cmplog_is_readable(ptr2, 32)) return; - uintptr_t k = address; k = (k >> 4) ^ (k << 8); @@ -271,11 +298,13 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + guint64 operand1; + guint64 operand2; if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); - guint64 operand1 = cmplog_get_operand_value(context, &ctx->operand1); - guint64 operand2 = cmplog_get_operand_value(context, &ctx->operand2); + if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } + if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } cmplog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile index c203fc5e..37c7450c 100644 --- a/frida_mode/test/cmplog/GNUmakefile +++ b/frida_mode/test/cmplog/GNUmakefile @@ -41,26 +41,26 @@ $(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) $(ROOT)afl-fuzz \ - -D \ -Q \ -i $(TEST_DATA_DIR) \ -o $(QEMU_OUT) \ -c 0 \ -l 3AT \ + -Z \ -- \ $(TEST_CMPLOG_OBJ) @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ $(ROOT)afl-fuzz \ - -D \ -O \ -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ -c 0 \ -l 3AT \ + -Z \ -- \ $(TEST_CMPLOG_OBJ) @@ clean: - rm -rf $(BUILD_DIR) \ No newline at end of file + rm -rf $(BUILD_DIR) From 72ca9b4684981ce2b807e4efd218bd1924f3e6b1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 11 May 2021 22:06:37 +0200 Subject: [PATCH 209/441] fix a few cur_time uses --- docs/Changelog.md | 1 + src/afl-cc.c | 16 +++++++++------- src/afl-fuzz-one.c | 6 +++--- src/afl-fuzz-stats.c | 5 +++-- src/afl-fuzz.c | 6 ++++-- 5 files changed, 20 insertions(+), 14 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index ceb02bb9..e4c02921 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,7 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.13a (development) + - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, it currently supports persistent mode and cmplog. thanks to @WorksButNotTested! diff --git a/src/afl-cc.c b/src/afl-cc.c index c1050355..ff7b5219 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1574,12 +1574,12 @@ int main(int argc, char **argv, char **envp) { else if (have_gcc_plugin) compiler_mode = GCC_PLUGIN; else if (have_gcc) - #ifdef __APPLE__ - // on OSX clang masquerades as GCC - compiler_mode = CLANG; - #else - compiler_mode = GCC; - #endif +#ifdef __APPLE__ + // on OSX clang masquerades as GCC + compiler_mode = CLANG; +#else + compiler_mode = GCC; +#endif else if (have_lto) compiler_mode = LTO; else @@ -1602,8 +1602,10 @@ int main(int argc, char **argv, char **envp) { } if (compiler_mode == CLANG) { + instrument_mode = INSTRUMENT_CLANG; - setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as + setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as + } if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4eeb93de..4a3e7f33 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -562,7 +562,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { + get_cur_time() - afl->last_path_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { @@ -2013,7 +2013,7 @@ havoc_stage: } - if (unlikely(get_cur_time() - afl->last_path_time > 5000 && + if (unlikely(get_cur_time() - afl->last_path_time > 5000 /* 5 seconds */ && afl->ready_for_splicing_count > 1)) { /* add expensive havoc cases here if there is no findings in the last 5s */ @@ -3060,7 +3060,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { + get_cur_time() - afl->last_path_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 313263f9..4884b942 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -368,7 +368,8 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, afl->plot_prev_uh == afl->unique_hangs && afl->plot_prev_md == afl->max_depth && afl->plot_prev_ed == afl->fsrv.total_execs) || - !afl->queue_cycle || get_cur_time() - afl->start_time <= 60))) { + !afl->queue_cycle || + get_cur_time() - afl->start_time <= 60000))) { return; @@ -393,7 +394,7 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, fprintf(afl->fsrv.plot_file, "%llu, %llu, %u, %u, %u, %u, %0.02f%%, %llu, %llu, %u, %0.02f, %llu, " "%u\n", - (afl->prev_run_time + get_cur_time() - afl->start_time), + ((afl->prev_run_time + get_cur_time() - afl->start_time) / 1000), afl->queue_cycle - 1, afl->current_entry, afl->queued_paths, afl->pending_not_fuzzed, afl->pending_favored, bitmap_cvg, afl->unique_crashes, afl->unique_hangs, afl->max_depth, eps, diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8de3ed6b..094fd161 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1940,8 +1940,10 @@ int main(int argc, char **argv_orig, char **envp) { /* If we had a full queue cycle with no new finds, try recombination strategies next. */ - if (unlikely(afl->queued_paths == prev_queued && - (get_cur_time() - afl->start_time) >= 3600)) { + if (unlikely(afl->queued_paths == prev_queued + /* FIXME TODO BUG: && (get_cur_time() - afl->start_time) >= + 3600 */ + )) { if (afl->use_splicing) { From 000c72909530274cb52015fee69e9700ec6a2c7e Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sat, 15 May 2021 17:33:05 +0200 Subject: [PATCH 210/441] added bounds check to pivot_inputs (fixes #921) --- src/afl-fuzz-init.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index cb586111..7337bfbf 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1294,9 +1294,13 @@ void pivot_inputs(afl_state_t *afl) { if (src_str && sscanf(src_str + 1, "%06u", &src_id) == 1) { - struct queue_entry *s = afl->queue_buf[src_id]; + if (src_id < afl->queued_paths) { - if (s) { q->depth = s->depth + 1; } + struct queue_entry *s = afl->queue_buf[src_id]; + + if (s) { q->depth = s->depth + 1; } + + } if (afl->max_depth < q->depth) { afl->max_depth = q->depth; } From 3d28925c13b5fc171b239c0c0451686967ee3bda Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sat, 15 May 2021 18:23:13 +0200 Subject: [PATCH 211/441] additional safety checks for restarts --- src/afl-fuzz.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 094fd161..a4599b4a 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -332,7 +332,7 @@ static int stricmp(char const *a, char const *b) { int main(int argc, char **argv_orig, char **envp) { - s32 opt, i, auto_sync = 0 /*, user_set_cache = 0*/; + s32 opt, auto_sync = 0 /*, user_set_cache = 0*/; u64 prev_queued = 0; u32 sync_interval_cnt = 0, seek_to = 0, show_help = 0, map_size = get_map_size(); @@ -1770,7 +1770,7 @@ int main(int argc, char **argv_orig, char **envp) { if (extras_dir_cnt) { - for (i = 0; i < extras_dir_cnt; i++) { + for (u8 i = 0; i < extras_dir_cnt; i++) { load_extras(afl, extras_dir[i]); @@ -1922,6 +1922,13 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(seek_to)) { + if (unlikely(seek_to >= afl->queued_paths)) { + + // This should never happen. + FATAL("BUG: seek_to location out of bounds!\n"); + + } + afl->current_entry = seek_to; afl->queue_cur = afl->queue_buf[seek_to]; seek_to = 0; @@ -2061,7 +2068,7 @@ int main(int argc, char **argv_orig, char **envp) { } // we must recalculate the scores of all queue entries - for (i = 0; i < (s32)afl->queued_paths; i++) { + for (u32 i = 0; i < afl->queued_paths; i++) { if (likely(!afl->queue_buf[i]->disabled)) { From 7b033367c2f49b47d0a5021a9ad9a82b514429de Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 17 May 2021 11:02:28 +0200 Subject: [PATCH 212/441] restrict afl-showmap in_file size --- src/afl-showmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 946b19cd..5994101e 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -386,7 +386,7 @@ static u32 read_file(u8 *in_file) { } - in_len = st.st_size; + in_len = st.st_size > MAX_FILE ? MAX_FILE : st.st_size; in_data = ck_alloc_nozero(in_len); ck_read(fd, in_data, in_len, in_file); From 738246465d07770471ec34500909ebb4c3c5f1cf Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 17 May 2021 13:08:05 +0200 Subject: [PATCH 213/441] fix seed crash disable --- src/afl-fuzz-init.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 7337bfbf..c43bcc2b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1044,18 +1044,16 @@ void perform_dry_run(afl_state_t *afl) { /* Remove from fuzzing queue but keep for splicing */ - struct queue_entry *p = afl->queue; + if (!q->was_fuzzed) { - if (!p->was_fuzzed) { - - p->was_fuzzed = 1; + q->was_fuzzed = 1; --afl->pending_not_fuzzed; --afl->active_paths; } - p->disabled = 1; - p->perf_score = 0; + q->disabled = 1; + q->perf_score = 0; u32 i = 0; while (unlikely(i < afl->queued_paths && afl->queue_buf[i] && From a3fffac90cb96736395aa9764f4cc5aa20e6cd71 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 17 May 2021 13:11:16 +0200 Subject: [PATCH 214/441] add warning for afl-showmap partial read --- src/afl-showmap.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 5994101e..41a62108 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -386,7 +386,18 @@ static u32 read_file(u8 *in_file) { } - in_len = st.st_size > MAX_FILE ? MAX_FILE : st.st_size; + if (st.st_size > MAX_FILE) { + + WARNF("Input file '%s' is too large, only reading %u bytes.", in_file, + MAX_FILE); + in_len = MAX_FILE; + + } else { + + in_len = st.st_size; + + } + in_data = ck_alloc_nozero(in_len); ck_read(fd, in_data, in_len, in_file); From 47e22e8d8d383078989906c6fe54a9ec4deff8c1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 17 May 2021 16:52:52 +0200 Subject: [PATCH 215/441] no core dumps --- docs/Changelog.md | 1 + src/afl-forkserver.c | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index e4c02921..4fa70bfd 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -29,6 +29,7 @@ sending a mail to . - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing from fuzzers + - on a crashing seed potentially the wrong input was disabled - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a07e78b4..0286ab47 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -451,8 +451,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, /* Dumping cores is slow and can lead to anomalies if SIGKILL is delivered before the dump is complete. */ - // r.rlim_max = r.rlim_cur = 0; - // setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ + if (!fsrv->debug) { + + r.rlim_max = r.rlim_cur = 0; + setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ + + } /* Isolate the process and configure standard descriptors. If out_file is specified, stdin is /dev/null; otherwise, out_fd is cloned instead. */ From ccf739f8801c373fe2aa1bb709ffd697cfe2a3e6 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 17 May 2021 18:16:41 +0200 Subject: [PATCH 216/441] AFL_PRINT_FILENAMES added --- afl-cmin | 2 ++ docs/Changelog.md | 1 + docs/env_variables.md | 3 ++ src/afl-showmap.c | 82 ++++++++++++++++++++++++------------------- 4 files changed, 51 insertions(+), 37 deletions(-) diff --git a/afl-cmin b/afl-cmin index 3f3a7517..adcbb221 100755 --- a/afl-cmin +++ b/afl-cmin @@ -123,6 +123,8 @@ function usage() { "AFL_KEEP_TRACES: leave the temporary /.traces directory\n" \ "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" "AFL_PATH: path for the afl-showmap binary if not found anywhere else\n" \ +"AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \ + "printed to stdout\n" \ "AFL_SKIP_BIN_CHECK: skip check for target binary\n" exit 1 } diff --git a/docs/Changelog.md b/docs/Changelog.md index 4fa70bfd..67ab9d5e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -50,6 +50,7 @@ sending a mail to . MacOS shared memory - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup + - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/env_variables.md b/docs/env_variables.md index 8879db72..99568146 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -567,6 +567,9 @@ The corpus minimization script offers very little customization: a modest security risk on multi-user systems with rogue users, but should be safe on dedicated fuzzing boxes. + - `AFL_PRINT_FILENAMES` prints each filename to stdout, as it gets processed. + This can help when embedding `afl-cmin` or `afl-showmap` in other scripts scripting. + ## 7) Settings for afl-tmin Virtually nothing to play with. Well, in QEMU mode (`-Q`), `AFL_PATH` will be diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 41a62108..336ac126 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -76,17 +76,18 @@ static u32 in_len; /* Input data length */ static u32 map_size = MAP_SIZE; -static u8 quiet_mode, /* Hide non-essential messages? */ +static bool quiet_mode, /* Hide non-essential messages? */ edges_only, /* Ignore hit counts? */ raw_instr_output, /* Do not apply AFL filters */ cmin_mode, /* Generate output in afl-cmin mode? */ binary_mode, /* Write output as a binary map */ keep_cores, /* Allow coredumps? */ - remove_shm = 1, /* remove shmem? */ + remove_shm = true, /* remove shmem? */ collect_coverage, /* collect coverage */ have_coverage, /* have coverage? */ no_classify, /* do not classify counts */ - debug; /* debug mode */ + debug, /* debug mode */ + print_filenames; /* print the current filename */ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_crashed; /* Child crashed? */ @@ -320,11 +321,11 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, if (fsrv->trace_bits[0] == 1) { fsrv->trace_bits[0] = 0; - have_coverage = 1; + have_coverage = true; } else { - have_coverage = 0; + have_coverage = false; } @@ -335,11 +336,11 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(fsrv->child_status)) { - child_crashed = 1; + child_crashed = true; } else { - child_crashed = 0; + child_crashed = false; } @@ -375,6 +376,8 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, static u32 read_file(u8 *in_file) { + if (print_filenames) { SAYF("Processing %s\n", in_file); } + struct stat st; s32 fd = open(in_file, O_RDONLY); @@ -515,11 +518,11 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { if (fsrv->trace_bits[0] == 1) { fsrv->trace_bits[0] = 0; - have_coverage = 1; + have_coverage = true; } else { - have_coverage = 0; + have_coverage = false; } @@ -529,7 +532,7 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(status)) { - child_crashed = 1; + child_crashed = true; } @@ -559,7 +562,7 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { static void handle_stop_sig(int sig) { (void)sig; - stop_soon = 1; + stop_soon = true; afl_fsrv_killall(); } @@ -742,6 +745,8 @@ static void usage(u8 *argv0) { "AFL_MAP_SIZE: the shared memory size for that target. must be >= the " "size the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" + "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " + "printed to stdout\n" "AFL_QUIET: do not print extra informational output\n", argv0, MEM_LIMIT, doc_path); @@ -755,14 +760,17 @@ int main(int argc, char **argv_orig, char **envp) { // TODO: u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ - s32 opt, i; - u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; + s32 opt, i; + bool mem_limit_given = false, timeout_given = false, unicorn_mode = false, + use_wine = false; char **use_argv; char **argv = argv_cpy_dup(argc, argv_orig); afl_forkserver_t fsrv_var = {0}; - if (getenv("AFL_DEBUG")) { debug = 1; } + if (getenv("AFL_DEBUG")) { debug = true; } + if (getenv("AFL_PRINT_FILENAMES")) { print_filenames = true; } + fsrv = &fsrv_var; afl_fsrv_init(fsrv); map_size = get_map_size(); @@ -770,19 +778,19 @@ int main(int argc, char **argv_orig, char **envp) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - if (getenv("AFL_QUIET") != NULL) { be_quiet = 1; } + if (getenv("AFL_QUIET") != NULL) { be_quiet = true; } while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqCZOQUWbcrsh")) > 0) { switch (opt) { case 's': - no_classify = 1; + no_classify = true; break; case 'C': - collect_coverage = 1; - quiet_mode = 1; + collect_coverage = true; + quiet_mode = true; break; case 'i': @@ -801,7 +809,7 @@ int main(int argc, char **argv_orig, char **envp) { u8 suffix = 'M'; if (mem_limit_given) { FATAL("Multiple -m options not supported"); } - mem_limit_given = 1; + mem_limit_given = true; if (!optarg) { FATAL("Wrong usage of -m"); } @@ -862,7 +870,7 @@ int main(int argc, char **argv_orig, char **envp) { case 't': if (timeout_given) { FATAL("Multiple -t options not supported"); } - timeout_given = 1; + timeout_given = true; if (!optarg) { FATAL("Wrong usage of -t"); } @@ -884,12 +892,12 @@ int main(int argc, char **argv_orig, char **envp) { if (edges_only) { FATAL("Multiple -e options not supported"); } if (raw_instr_output) { FATAL("-e and -r are mutually exclusive"); } - edges_only = 1; + edges_only = true; break; case 'q': - quiet_mode = 1; + quiet_mode = true; break; case 'Z': @@ -897,8 +905,8 @@ int main(int argc, char **argv_orig, char **envp) { /* This is an undocumented option to write data in the syntax expected by afl-cmin. Nobody else should have any use for this. */ - cmin_mode = 1; - quiet_mode = 1; + cmin_mode = true; + quiet_mode = true; break; case 'A': @@ -910,7 +918,7 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->frida_mode) { FATAL("Multiple -O options not supported"); } - fsrv->frida_mode = 1; + fsrv->frida_mode = true; break; @@ -918,21 +926,21 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->qemu_mode) { FATAL("Multiple -Q options not supported"); } - fsrv->qemu_mode = 1; + fsrv->qemu_mode = true; break; case 'U': if (unicorn_mode) { FATAL("Multiple -U options not supported"); } - unicorn_mode = 1; + unicorn_mode = true; break; case 'W': /* Wine+QEMU mode */ if (use_wine) { FATAL("Multiple -W options not supported"); } - fsrv->qemu_mode = 1; - use_wine = 1; + fsrv->qemu_mode = true; + use_wine = true; break; @@ -941,20 +949,20 @@ int main(int argc, char **argv_orig, char **envp) { /* Secret undocumented mode. Writes output in raw binary format similar to that dumped by afl-fuzz in cmplog_mode = 0; u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1); - shm_fuzz->shmemfuzz_mode = 1; + shm_fuzz->shmemfuzz_mode = true; if (!map) { FATAL("BUG: Zero return from afl_shm_init."); } #ifdef USEMMAP setenv(SHM_FUZZ_ENV_VAR, shm_fuzz->g_shm_file_path, 1); @@ -1073,7 +1081,7 @@ int main(int argc, char **argv_orig, char **envp) { setenv(SHM_FUZZ_ENV_VAR, shm_str, 1); ck_free(shm_str); #endif - fsrv->support_shmem_fuzz = 1; + fsrv->support_shmem_fuzz = true; fsrv->shmem_fuzz_len = (u32 *)map; fsrv->shmem_fuzz = map + sizeof(u32); @@ -1125,7 +1133,7 @@ int main(int argc, char **argv_orig, char **envp) { struct stat statbuf; #endif - if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = 1; + if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = true; fsrv->dev_null_fd = open("/dev/null", O_RDWR); if (fsrv->dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } @@ -1164,8 +1172,8 @@ int main(int argc, char **argv_orig, char **envp) { if ((coverage_map = (u8 *)malloc(map_size)) == NULL) FATAL("coult not grab memory"); - edges_only = 0; - raw_instr_output = 1; + edges_only = false; + raw_instr_output = true; } From fa63f2652dbcc6016ff5cf4bd8ca0d14954ae769 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 17 May 2021 18:30:37 +0200 Subject: [PATCH 217/441] more documentation for AFL_EXIT_ON_TIME --- docs/Changelog.md | 2 ++ docs/env_variables.md | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 67ab9d5e..1114a834 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -33,6 +33,8 @@ sending a mail to . - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. + - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after + no new paths have been found for n seconds - afl-cc: - We do not support llvm versions prior 6.0 anymore - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD diff --git a/docs/env_variables.md b/docs/env_variables.md index 99568146..c3efa0c0 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -285,8 +285,8 @@ checks or alter some of the more exotic semantics of the tool: convenient for some types of automated jobs. - `AFL_EXIT_ON_TIME` Causes afl-fuzz to terminate if no new paths were - found within a specified period of time. May be convenient for some - types of automated jobs. + found within a specified period of time (in seconds). May be convenient + for some types of automated jobs. - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour which does not allow crashes or timeout seeds in the initial -i corpus. From 9d50ae7468970412177c9e08edf7f32ff9fdf1ce Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 17 May 2021 18:54:24 +0200 Subject: [PATCH 218/441] Flushing for AFL_PRINT_FILENAMES --- src/afl-forkserver.c | 2 +- src/afl-showmap.c | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 0286ab47..3d472b36 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -454,7 +454,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!fsrv->debug) { r.rlim_max = r.rlim_cur = 0; - setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ + setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 336ac126..10818905 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -376,7 +376,12 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, static u32 read_file(u8 *in_file) { - if (print_filenames) { SAYF("Processing %s\n", in_file); } + if (print_filenames) { + + SAYF("Processing %s\n", in_file); + fflush(stdout); + + } struct stat st; s32 fd = open(in_file, O_RDONLY); From e40c0c2da16f14dfddb5641f6f825903879534a9 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 17 May 2021 19:02:45 +0100 Subject: [PATCH 219/441] FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name --- frida_mode/include/asan.h | 13 +++ frida_mode/include/ctx.h | 11 ++ frida_mode/src/asan/asan.c | 24 ++++ frida_mode/src/asan/asan_arm.c | 22 ++++ frida_mode/src/asan/asan_arm64.c | 22 ++++ frida_mode/src/asan/asan_x64.c | 93 +++++++++++++++ frida_mode/src/asan/asan_x86.c | 22 ++++ frida_mode/src/cmplog/cmplog_x64.c | 119 ++----------------- frida_mode/src/ctx/ctx_x64.c | 114 ++++++++++++++++++ frida_mode/src/instrument/instrument.c | 3 + frida_mode/test/fasan/GNUmakefile | 156 +++++++++++++++++++++++++ frida_mode/test/fasan/Makefile | 18 +++ frida_mode/test/fasan/test.c | 85 ++++++++++++++ include/envs.h | 1 + include/forkserver.h | 2 + src/afl-fuzz.c | 81 +++++++++++-- 16 files changed, 664 insertions(+), 122 deletions(-) create mode 100644 frida_mode/include/asan.h create mode 100644 frida_mode/include/ctx.h create mode 100644 frida_mode/src/asan/asan.c create mode 100644 frida_mode/src/asan/asan_arm.c create mode 100644 frida_mode/src/asan/asan_arm64.c create mode 100644 frida_mode/src/asan/asan_x64.c create mode 100644 frida_mode/src/asan/asan_x86.c create mode 100644 frida_mode/src/ctx/ctx_x64.c create mode 100644 frida_mode/test/fasan/GNUmakefile create mode 100644 frida_mode/test/fasan/Makefile create mode 100644 frida_mode/test/fasan/test.c diff --git a/frida_mode/include/asan.h b/frida_mode/include/asan.h new file mode 100644 index 00000000..7a8726e0 --- /dev/null +++ b/frida_mode/include/asan.h @@ -0,0 +1,13 @@ +#ifndef _ASAN_H +#define _ASAN_H + +#include "frida-gum.h" + +extern gboolean asan_initialized; + +void asan_init(void); +void asan_arch_init(void); +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator); + +#endif + diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h new file mode 100644 index 00000000..030d124a --- /dev/null +++ b/frida_mode/include/ctx.h @@ -0,0 +1,11 @@ +#ifndef _CTX_H +#define _CTX_H + +#include "frida-gum.h" + +#if defined(__x86_64__) +guint64 ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg); +#endif + +#endif + diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c new file mode 100644 index 00000000..f78f690c --- /dev/null +++ b/frida_mode/src/asan/asan.c @@ -0,0 +1,24 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" + +gboolean asan_initialized = FALSE; + +void asan_init(void) { + + if (getenv("AFL_USE_FASAN") != NULL) { + + OKF("Frida ASAN mode enabled"); + asan_arch_init(); + asan_initialized = TRUE; + + } else { + + OKF("Frida ASAN mode disabled"); + + } + +} + diff --git a/frida_mode/src/asan/asan_arm.c b/frida_mode/src/asan/asan_arm.c new file mode 100644 index 00000000..526017be --- /dev/null +++ b/frida_mode/src/asan/asan_arm.c @@ -0,0 +1,22 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "util.h" + +#if defined(__arm__) +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (asan_initialized) { + + FATAL("ASAN mode not supported on this architecture"); + + } + +} + +#endif + diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c new file mode 100644 index 00000000..4e3fbafd --- /dev/null +++ b/frida_mode/src/asan/asan_arm64.c @@ -0,0 +1,22 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "util.h" + +#if defined(__aarch64__) +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (asan_initialized) { + + FATAL("ASAN mode not supported on this architecture"); + + } + +} + +#endif + diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c new file mode 100644 index 00000000..bdf4ac30 --- /dev/null +++ b/frida_mode/src/asan/asan_x64.c @@ -0,0 +1,93 @@ +#include +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "ctx.h" +#include "util.h" + +typedef void (*asan_loadN_t)(uint64_t address, uint8_t size); +typedef void (*asan_storeN_t)(uint64_t address, uint8_t size); + +asan_loadN_t asan_loadN = NULL; +asan_storeN_t asan_storeN = NULL; + +#if defined(__x86_64__) + +static void asan_callout(GumCpuContext *ctx, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + cs_x86_op * operand = (cs_x86_op *)user_data; + x86_op_mem *mem = &operand->mem; + uint64_t base = 0; + uint64_t index = 0; + uint64_t address; + uint8_t size; + + if (mem->base != X86_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != X86_REG_INVALID) { index = ctx_read_reg(ctx, mem->index); } + + address = base + (mem->scale * index) + mem->disp; + size = operand->size; + + if (operand->access == CS_AC_READ) { + + asan_loadN(address, size); + + } else if (operand->access == CS_AC_WRITE) { + + asan_storeN(address, size); + + } + +} + +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(iterator); + + cs_x86 x86 = instr->detail->x86; + cs_x86_op * operand; + x86_op_mem *mem; + cs_x86_op * ctx; + + if (!asan_initialized) return; + + if (instr->id == X86_INS_LEA) return; + + if (instr->id == X86_INS_NOP) return; + + for (uint8_t i = 0; i < x86.op_count; i++) { + + operand = &x86.operands[i]; + + if (operand->type != X86_OP_MEM) { continue; } + + mem = &operand->mem; + if (mem->segment != X86_REG_INVALID) { continue; } + + ctx = g_malloc0(sizeof(cs_x86_op)); + memcpy(ctx, operand, sizeof(cs_x86_op)); + gum_stalker_iterator_put_callout(iterator, asan_callout, ctx, g_free); + + } + +} + +void asan_arch_init(void) { + + asan_loadN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_loadN"); + asan_storeN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_storeN"); + if (asan_loadN == NULL || asan_storeN == NULL) { + + FATAL("Frida ASAN failed to find '__asan_loadN' or '__asan_storeN'"); + + } + +} + +#endif + diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c new file mode 100644 index 00000000..b946b3bf --- /dev/null +++ b/frida_mode/src/asan/asan_x86.c @@ -0,0 +1,22 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "util.h" + +#if defined(__i386__) +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (asan_initialized) { + + FATAL("ASAN mode not supported on this architecture"); + + } + +} + +#endif + diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 4d8f243a..c3621a29 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -3,46 +3,12 @@ #include "debug.h" #include "cmplog.h" +#include "ctx.h" #include "frida_cmplog.h" #include "util.h" #if defined(__x86_64__) - #define X86_REG_8L(LABEL, REG) \ - case LABEL: { \ - \ - return REG & GUM_INT8_MASK; \ - \ - } - - #define X86_REG_8H(LABEL, REG) \ - case LABEL: { \ - \ - return (REG & GUM_INT16_MASK) >> 8; \ - \ - } - - #define X86_REG_16(LABEL, REG) \ - case LABEL: { \ - \ - return (REG & GUM_INT16_MASK); \ - \ - } - - #define X86_REG_32(LABEL, REG) \ - case LABEL: { \ - \ - return (REG & GUM_INT32_MASK); \ - \ - } - - #define X86_REG_64(LABEL, REG) \ - case LABEL: { \ - \ - return (REG); \ - \ - } - typedef struct { x86_op_type type; @@ -65,75 +31,6 @@ typedef struct { } cmplog_pair_ctx_t; -static guint64 cmplog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { - - switch (reg) { - - X86_REG_8L(X86_REG_AL, ctx->rax) - X86_REG_8L(X86_REG_BL, ctx->rbx) - X86_REG_8L(X86_REG_CL, ctx->rcx) - X86_REG_8L(X86_REG_DL, ctx->rdx) - X86_REG_8L(X86_REG_BPL, ctx->rbp) - X86_REG_8L(X86_REG_SIL, ctx->rsi) - X86_REG_8L(X86_REG_DIL, ctx->rdi) - - X86_REG_8H(X86_REG_AH, ctx->rax) - X86_REG_8H(X86_REG_BH, ctx->rbx) - X86_REG_8H(X86_REG_CH, ctx->rcx) - X86_REG_8H(X86_REG_DH, ctx->rdx) - - X86_REG_16(X86_REG_AX, ctx->rax) - X86_REG_16(X86_REG_BX, ctx->rbx) - X86_REG_16(X86_REG_CX, ctx->rcx) - X86_REG_16(X86_REG_DX, ctx->rdx) - X86_REG_16(X86_REG_DI, ctx->rdi) - X86_REG_16(X86_REG_SI, ctx->rsi) - X86_REG_16(X86_REG_BP, ctx->rbp) - - X86_REG_32(X86_REG_EAX, ctx->rax) - X86_REG_32(X86_REG_ECX, ctx->rcx) - X86_REG_32(X86_REG_EDX, ctx->rdx) - X86_REG_32(X86_REG_EBX, ctx->rbx) - X86_REG_32(X86_REG_ESP, ctx->rsp) - X86_REG_32(X86_REG_EBP, ctx->rbp) - X86_REG_32(X86_REG_ESI, ctx->rsi) - X86_REG_32(X86_REG_EDI, ctx->rdi) - X86_REG_32(X86_REG_R8D, ctx->r8) - X86_REG_32(X86_REG_R9D, ctx->r9) - X86_REG_32(X86_REG_R10D, ctx->r10) - X86_REG_32(X86_REG_R11D, ctx->r11) - X86_REG_32(X86_REG_R12D, ctx->r12) - X86_REG_32(X86_REG_R13D, ctx->r13) - X86_REG_32(X86_REG_R14D, ctx->r14) - X86_REG_32(X86_REG_R15D, ctx->r15) - X86_REG_32(X86_REG_EIP, ctx->rip) - - X86_REG_64(X86_REG_RAX, ctx->rax) - X86_REG_64(X86_REG_RCX, ctx->rcx) - X86_REG_64(X86_REG_RDX, ctx->rdx) - X86_REG_64(X86_REG_RBX, ctx->rbx) - X86_REG_64(X86_REG_RSP, ctx->rsp) - X86_REG_64(X86_REG_RBP, ctx->rbp) - X86_REG_64(X86_REG_RSI, ctx->rsi) - X86_REG_64(X86_REG_RDI, ctx->rdi) - X86_REG_64(X86_REG_R8, ctx->r8) - X86_REG_64(X86_REG_R9, ctx->r9) - X86_REG_64(X86_REG_R10, ctx->r10) - X86_REG_64(X86_REG_R11, ctx->r11) - X86_REG_64(X86_REG_R12, ctx->r12) - X86_REG_64(X86_REG_R13, ctx->r13) - X86_REG_64(X86_REG_R14, ctx->r14) - X86_REG_64(X86_REG_R15, ctx->r15) - X86_REG_64(X86_REG_RIP, ctx->rip) - - default: - FATAL("Failed to read register: %d", reg); - return 0; - - } - -} - static gboolean cmplog_read_mem(GumX64CpuContext *ctx, uint8_t size, x86_op_mem *mem, guint64 *val) { @@ -141,9 +38,9 @@ static gboolean cmplog_read_mem(GumX64CpuContext *ctx, uint8_t size, guint64 index = 0; guint64 address; - if (mem->base != X86_REG_INVALID) base = cmplog_read_reg(ctx, mem->base); + if (mem->base != X86_REG_INVALID) base = ctx_read_reg(ctx, mem->base); - if (mem->index != X86_REG_INVALID) index = cmplog_read_reg(ctx, mem->index); + if (mem->index != X86_REG_INVALID) index = ctx_read_reg(ctx, mem->index); address = base + (index * mem->scale) + mem->disp; @@ -178,7 +75,7 @@ static gboolean cmplog_get_operand_value(GumCpuContext *context, switch (ctx->type) { case X86_OP_REG: - *val = cmplog_read_reg(context, ctx->reg); + *val = ctx_read_reg(context, ctx->reg); return TRUE; case X86_OP_IMM: *val = ctx->imm; @@ -198,9 +95,9 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { UNUSED_PARAMETER(user_data); - guint64 address = cmplog_read_reg(context, X86_REG_RIP); - guint64 rdi = cmplog_read_reg(context, X86_REG_RDI); - guint64 rsi = cmplog_read_reg(context, X86_REG_RSI); + guint64 address = ctx_read_reg(context, X86_REG_RIP); + guint64 rdi = ctx_read_reg(context, X86_REG_RDI); + guint64 rsi = ctx_read_reg(context, X86_REG_RSI); if (((G_MAXULONG - rdi) < 32) || ((G_MAXULONG - rsi) < 32)) return; @@ -275,7 +172,7 @@ static void cmplog_instrument_call(const cs_insn * instr, static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, guint64 operand2, uint8_t size) { - guint64 address = cmplog_read_reg(context, X86_REG_RIP); + guint64 address = ctx_read_reg(context, X86_REG_RIP); register uintptr_t k = (uintptr_t)address; diff --git a/frida_mode/src/ctx/ctx_x64.c b/frida_mode/src/ctx/ctx_x64.c new file mode 100644 index 00000000..dec759f4 --- /dev/null +++ b/frida_mode/src/ctx/ctx_x64.c @@ -0,0 +1,114 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__x86_64__) + + #define X86_REG_8L(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define X86_REG_8H(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK) >> 8; \ + \ + } + + #define X86_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define X86_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + + #define X86_REG_64(LABEL, REG) \ + case LABEL: { \ + \ + return (REG); \ + \ + } + +guint64 ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { + + switch (reg) { + + X86_REG_8L(X86_REG_AL, ctx->rax) + X86_REG_8L(X86_REG_BL, ctx->rbx) + X86_REG_8L(X86_REG_CL, ctx->rcx) + X86_REG_8L(X86_REG_DL, ctx->rdx) + X86_REG_8L(X86_REG_BPL, ctx->rbp) + X86_REG_8L(X86_REG_SIL, ctx->rsi) + X86_REG_8L(X86_REG_DIL, ctx->rdi) + + X86_REG_8H(X86_REG_AH, ctx->rax) + X86_REG_8H(X86_REG_BH, ctx->rbx) + X86_REG_8H(X86_REG_CH, ctx->rcx) + X86_REG_8H(X86_REG_DH, ctx->rdx) + + X86_REG_16(X86_REG_AX, ctx->rax) + X86_REG_16(X86_REG_BX, ctx->rbx) + X86_REG_16(X86_REG_CX, ctx->rcx) + X86_REG_16(X86_REG_DX, ctx->rdx) + X86_REG_16(X86_REG_DI, ctx->rdi) + X86_REG_16(X86_REG_SI, ctx->rsi) + X86_REG_16(X86_REG_BP, ctx->rbp) + + X86_REG_32(X86_REG_EAX, ctx->rax) + X86_REG_32(X86_REG_ECX, ctx->rcx) + X86_REG_32(X86_REG_EDX, ctx->rdx) + X86_REG_32(X86_REG_EBX, ctx->rbx) + X86_REG_32(X86_REG_ESP, ctx->rsp) + X86_REG_32(X86_REG_EBP, ctx->rbp) + X86_REG_32(X86_REG_ESI, ctx->rsi) + X86_REG_32(X86_REG_EDI, ctx->rdi) + X86_REG_32(X86_REG_R8D, ctx->r8) + X86_REG_32(X86_REG_R9D, ctx->r9) + X86_REG_32(X86_REG_R10D, ctx->r10) + X86_REG_32(X86_REG_R11D, ctx->r11) + X86_REG_32(X86_REG_R12D, ctx->r12) + X86_REG_32(X86_REG_R13D, ctx->r13) + X86_REG_32(X86_REG_R14D, ctx->r14) + X86_REG_32(X86_REG_R15D, ctx->r15) + X86_REG_32(X86_REG_EIP, ctx->rip) + + X86_REG_64(X86_REG_RAX, ctx->rax) + X86_REG_64(X86_REG_RCX, ctx->rcx) + X86_REG_64(X86_REG_RDX, ctx->rdx) + X86_REG_64(X86_REG_RBX, ctx->rbx) + X86_REG_64(X86_REG_RSP, ctx->rsp) + X86_REG_64(X86_REG_RBP, ctx->rbp) + X86_REG_64(X86_REG_RSI, ctx->rsi) + X86_REG_64(X86_REG_RDI, ctx->rdi) + X86_REG_64(X86_REG_R8, ctx->r8) + X86_REG_64(X86_REG_R9, ctx->r9) + X86_REG_64(X86_REG_R10, ctx->r10) + X86_REG_64(X86_REG_R11, ctx->r11) + X86_REG_64(X86_REG_R12, ctx->r12) + X86_REG_64(X86_REG_R13, ctx->r13) + X86_REG_64(X86_REG_R14, ctx->r14) + X86_REG_64(X86_REG_R15, ctx->r15) + X86_REG_64(X86_REG_RIP, ctx->rip) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 971f80c0..5c77ade6 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -5,6 +5,7 @@ #include "config.h" #include "debug.h" +#include "asan.h" #include "entry.h" #include "frida_cmplog.h" #include "instrument.h" @@ -107,6 +108,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (!range_is_excluded((void *)instr->address)) { + asan_instrument(instr, iterator); cmplog_instrument(instr, iterator); } @@ -142,6 +144,7 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + asan_init(); cmplog_init(); } diff --git a/frida_mode/test/fasan/GNUmakefile b/frida_mode/test/fasan/GNUmakefile new file mode 100644 index 00000000..22689395 --- /dev/null +++ b/frida_mode/test/fasan/GNUmakefile @@ -0,0 +1,156 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)in +FRIDA_OUT:=$(BUILD_DIR)frida-out + +TEST_SRC:=$(PWD)/test.c +TEST_BIN:=$(BUILD_DIR)test + +CFLAGS+=-fPIC \ + -D_GNU_SOURCE \ + -g \ + -fno-omit-frame-pointer \ + -Wno-stringop-overflow \ + +LDFLAGS+=-ldl \ + +ifdef DEBUG +CFLAGS+=-Werror \ + -Wall \ + -Wextra \ + -Wpointer-arith +else +CFLAGS+=-Wno-pointer-arith +endif + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ifeq "$(ARCH)" "x86" +LIBASAN_FILE:=libclang_rt.asan-i386.so +endif + +ifeq "$(ARCH)" "x64" +LIBASAN_FILE:=libclang_rt.asan-x86_64.so +endif + +ifeq "$(ARCH)" "aarch64" +LIBASAN_FILE:=libclang_rt.asan-aarch64.so +endif + +# LIBASAN:=/usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so +# LIBASAN:=/usr/lib/x86_64-linux-gnu/libasan.so.6.0.0 + +LLVM_CONFIG ?= llvm-config +ifeq "$(shell test -e '$(shell which $(LLVM_CONFIG))' && echo 1)" "1" + $(info Found llvm-config: '$(shell which $(LLVM_CONFIG))') +else + $(warning Cannot find llvm-config) +endif + +LLVM_BINDIR = $(shell $(LLVM_CONFIG) --bindir 2>/dev/null)/ +$(info LLVM_BINDIR: $(LLVM_BINDIR)) + +CLANG ?= $(LLVM_BINDIR)clang +ifeq "$(shell test -e '$(CLANG)' && echo 1)" "1" + $(info Found clang: '$(CLANG)') +else + $(warning Cannot find clang) +endif + +CLANGVER = $(shell $(CLANG) --version | sed -E -ne '/^.*version\ (1?[0-9]\.[0-9]\.[0-9]).*/s//\1/p') +$(info Clang version $(CLANGVER)) + +LLVM_LIBDIR = $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) +$(info LLVM_LIBDIR: $(LLVM_LIBDIR)) + +LIBASAN:=$(LLVM_LIBDIR)/clang/$(CLANGVER)/lib/linux/$(LIBASAN_FILE) + +ifeq "$(shell test -e '$(LIBASAN)' && echo 1)" "1" + $(info Found Address Sanitizer DSO: '$(LIBASAN)') +else + $(error Error cannot find Address Sanitizer DSO) +endif + + +.PHONY: all clean format frida-noasan frida debug run + +############################## ALL ############################################# + +all: $(TEST_BIN) + +$(TEST_BIN): $(TEST_SRC) GNUmakefile | $(BUILD_DIR) + $(CC) \ + $(CFLAGS) \ + $(LDFLAGS) \ + -o $@ \ + $< + +$(BUILD_DIR): + mkdir -p $(BUILD_DIR) + +############################# TESTS ############################################ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo -n "TUODATM" > $@ + +frida-noasan: $(TEST_BIN) $(TEST_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) + + +frida: $(TEST_BIN) $(TEST_DATA_FILE) + AFL_PRELOAD=/usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so \ + AFL_USE_FASAN=1 \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) + +debug: $(TEST_BIN) $(TEST_DATA_FILE) + gdb \ + --ex 'set environment LD_PRELOAD=$(LIBASAN):$(ROOT)afl-frida-trace.so' \ + --ex 'set environment ASAN_OPTIONS=detect_leaks=false,halt_on_error=0' \ + --ex 'set environment AFL_USE_FASAN=1' \ + --ex 'set disassembly-flavor intel' \ + --ex 'r < $(TEST_DATA_FILE)' \ + --args $(TEST_BIN) \ + +run: $(TEST_BIN) $(TEST_DATA_FILE) + LD_PRELOAD=$(LIBASAN):$(ROOT)afl-frida-trace.so \ + ASAN_OPTIONS=detect_leaks=false \ + AFL_USE_FASAN=1 \ + $(TEST_BIN) < $(TEST_DATA_FILE) + +############################# CLEAN ############################################ +clean: + rm -rf $(BUILD_DIR) + +############################# FORMAT ########################################### +format: + cd $(ROOT) && echo $(TEST_SRC) | xargs -L1 ./.custom-format.py -i + +############################# RUN ############################################# diff --git a/frida_mode/test/fasan/Makefile b/frida_mode/test/fasan/Makefile new file mode 100644 index 00000000..a7bf44c7 --- /dev/null +++ b/frida_mode/test/fasan/Makefile @@ -0,0 +1,18 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +frida-noasan: + @gmake frida-noasan + +frida: + @gmake frida + +debug: + @gmake debug + +run: + @gmake run \ No newline at end of file diff --git a/frida_mode/test/fasan/test.c b/frida_mode/test/fasan/test.c new file mode 100644 index 00000000..a7d03017 --- /dev/null +++ b/frida_mode/test/fasan/test.c @@ -0,0 +1,85 @@ +#include +#include +#include +#include +#include +#include + +#define LOG(x) \ + do { \ + \ + char buf[] = x; \ + write(STDOUT_FILENO, buf, sizeof(buf)); \ + \ + } while (false); + +void test(char data) { + + char *buf = malloc(10); + + if (buf == NULL) return; + + switch (data) { + + /* Underflow */ + case 'U': + LOG("Underflow\n"); + buf[-1] = '\0'; + free(buf); + break; + /* Overflow */ + case 'O': + LOG("Overflow\n"); + buf[10] = '\0'; + free(buf); + break; + /* Double free */ + case 'D': + LOG("Double free\n"); + free(buf); + free(buf); + break; + /* Use after free */ + case 'A': + LOG("Use after free\n"); + free(buf); + buf[0] = '\0'; + break; + /* Test Limits (OK) */ + case 'T': + LOG("Test-Limits - No Error\n"); + buf[0] = 'A'; + buf[9] = 'I'; + free(buf); + break; + case 'M': + LOG("Memset too many\n"); + memset(buf, '\0', 11); + free(buf); + break; + default: + LOG("Nop - No Error\n"); + break; + + } + +} + +int main(int argc, char **argv) { + + char input = '\0'; + + if (read(STDIN_FILENO, &input, 1) < 0) { + + LOG("Failed to read stdin\n"); + return 1; + + } + + test(input); + + LOG("DONE\n"); + return 0; + +} + diff --git a/include/envs.h b/include/envs.h index 9175005e..4fff1e3a 100644 --- a/include/envs.h +++ b/include/envs.h @@ -191,6 +191,7 @@ static char *afl_environment_variables[] = { "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", "AFL_EXPAND_HAVOC_NOW", + "AFL_USE_FASAN", "AFL_USE_QASAN", NULL diff --git a/include/forkserver.h b/include/forkserver.h index 48db94c7..2baa6f0a 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -79,6 +79,8 @@ typedef struct afl_forkserver { bool frida_mode; /* if running in frida mode or not */ + bool frida_asan; /* if running with asan in frida mode */ + bool use_stdin; /* use stdin for sending data */ bool no_unlink; /* do not unlink cur_input */ diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a4599b4a..903068b2 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -328,6 +328,50 @@ static int stricmp(char const *a, char const *b) { } +static void fasan_check_afl_preload(char *afl_preload) { + + char first_preload[PATH_MAX + 1] = {0}; + char * separator = strchr(afl_preload, ':'); + size_t first_preload_len = PATH_MAX; + char * basename; + char clang_runtime_prefix[] = "libclang_rt.asan-"; + + if (separator != NULL && (separator - afl_preload) < PATH_MAX) { + + first_preload_len = separator - afl_preload; + + } + + strncpy(first_preload, afl_preload, first_preload_len); + + basename = strrchr(first_preload, '/'); + if (basename == NULL) { + + basename = first_preload; + + } else { + + basename = basename + 1; + + } + + if (strncmp(basename, clang_runtime_prefix, + sizeof(clang_runtime_prefix) - 1) != 0) { + + FATAL("Address Sanitizer DSO must be the first DSO in AFL_PRELOAD"); + + } + + if (access(first_preload, R_OK) != 0) { + + FATAL("Address Sanitizer DSO not found"); + + } + + OKF("Found ASAN DSO: %s", first_preload); + +} + /* Main entry point */ int main(int argc, char **argv_orig, char **envp) { @@ -785,6 +829,7 @@ int main(int argc, char **argv_orig, char **envp) { } afl->fsrv.frida_mode = 1; + if (get_afl_env("AFL_USE_FASAN")) { afl->fsrv.frida_asan = 1; } break; @@ -1365,18 +1410,21 @@ int main(int argc, char **argv_orig, char **envp) { } else if (afl->fsrv.frida_mode) { afl_preload = getenv("AFL_PRELOAD"); - u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); - OKF("Injecting %s ...", frida_binary); - if (afl_preload) { - frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + if (afl->fsrv.frida_asan) { - } else { + OKF("Using Frida Address Sanitizer Mode"); - frida_afl_preload = alloc_printf("%s", frida_binary); + fasan_check_afl_preload(afl_preload); + + setenv("ASAN_OPTIONS", "detect_leaks=false", 1); } + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + ck_free(frida_binary); setenv("LD_PRELOAD", frida_afl_preload, 1); @@ -1391,11 +1439,22 @@ int main(int argc, char **argv_orig, char **envp) { } else if (afl->fsrv.frida_mode) { - u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); - OKF("Injecting %s ...", frida_binary); - setenv("LD_PRELOAD", frida_binary, 1); - setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); - ck_free(frida_binary); + if (afl->fsrv.frida_asan) { + + OKF("Using Frida Address Sanitizer Mode"); + FATAL( + "Address Sanitizer DSO must be loaded using AFL_PRELOAD in Frida " + "Address Sanitizer Mode"); + + } else { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + ck_free(frida_binary); + + } } From d0af55e78f85427983ddafd0af07dff654b3ea65 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 17 May 2021 20:14:40 +0100 Subject: [PATCH 220/441] Support for x86 (#920) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 11 +- frida_mode/Makefile | 4 + frida_mode/include/ctx.h | 4 +- frida_mode/src/asan/asan_arm.c | 6 + frida_mode/src/asan/asan_arm64.c | 6 + frida_mode/src/asan/asan_x64.c | 10 +- frida_mode/src/asan/asan_x86.c | 77 ++++- frida_mode/src/cmplog/cmplog_x64.c | 36 +-- frida_mode/src/cmplog/cmplog_x86.c | 266 +++++++++++++++++- frida_mode/src/ctx/ctx_x64.c | 2 +- frida_mode/src/ctx/ctx_x86.c | 81 ++++++ frida_mode/src/instrument/instrument.c | 12 +- frida_mode/src/instrument/instrument_arm32.c | 3 + frida_mode/src/instrument/instrument_x86.c | 66 ++++- frida_mode/src/lib/lib.c | 15 +- frida_mode/src/persistent/persistent_x86.c | 233 ++++++++++++++- frida_mode/test/cmplog/GNUmakefile | 37 +-- frida_mode/test/cmplog/Makefile | 12 +- frida_mode/test/cmplog/cmplog.c | 100 +++++++ frida_mode/test/entry_point/GNUmakefile | 23 +- frida_mode/test/entry_point/Makefile | 6 +- frida_mode/test/entry_point/testinstr.c | 2 + frida_mode/test/exe/GNUmakefile | 9 +- frida_mode/test/exe/Makefile | 6 +- frida_mode/test/fasan/GNUmakefile | 9 +- frida_mode/test/fasan/Makefile | 6 +- frida_mode/test/fasan/test.c | 5 + frida_mode/test/png/GNUmakefile | 9 +- frida_mode/test/png/Makefile | 6 +- frida_mode/test/png/persistent/GNUmakefile | 23 +- frida_mode/test/png/persistent/Makefile | 6 +- .../test/png/persistent/get_symbol_addr.py | 2 +- .../test/png/persistent/hook/GNUmakefile | 52 +++- frida_mode/test/png/persistent/hook/Makefile | 12 +- .../persistent/hook/aflpp_qemu_driver_hook.c | 97 +++++++ frida_mode/test/testinstr/GNUmakefile | 15 +- frida_mode/test/testinstr/Makefile | 9 +- 37 files changed, 1176 insertions(+), 102 deletions(-) create mode 100644 frida_mode/src/ctx/ctx_x86.c create mode 100644 frida_mode/test/cmplog/cmplog.c create mode 100644 frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index a15f5c32..e915f157 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -19,6 +19,7 @@ RT_CFLAGS:=-Wno-unused-parameter \ -Wno-sign-compare \ -Wno-unused-function \ -Wno-unused-result \ + -Wno-int-to-pointer-cast \ LDFLAGS+=-shared \ -lpthread \ @@ -38,6 +39,8 @@ FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded +ifndef ARCH + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" ARCH:=arm64 @@ -46,6 +49,7 @@ endif ifeq "$(ARCH)" "i686" ARCH:=x86 endif +endif ifeq "$(shell uname)" "Darwin" OS:=macos @@ -83,13 +87,16 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -.PHONY: all clean format $(FRIDA_GUM) +.PHONY: all 32 clean format $(FRIDA_GUM) ############################## ALL ############################################# all: $(FRIDA_TRACE) make -C $(ROOT) +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $(BUILD_DIR) @@ -161,11 +168,11 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $( $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) $(CC) \ - -o $@ \ $(OBJS) \ $(GUM_DEVIT_LIBRARY) \ $(AFL_COMPILER_RT_OBJ) \ $(LDFLAGS) \ + -o $@ \ cp -v $(FRIDA_TRACE) $(ROOT) diff --git a/frida_mode/Makefile b/frida_mode/Makefile index b6d64bff..6cd1a64e 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h index 030d124a..cbcc892a 100644 --- a/frida_mode/include/ctx.h +++ b/frida_mode/include/ctx.h @@ -3,8 +3,8 @@ #include "frida-gum.h" -#if defined(__x86_64__) -guint64 ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg); +#if defined(__x86_64__) || defined(__i386__) +gsize ctx_read_reg(GumCpuContext *ctx, x86_reg reg); #endif #endif diff --git a/frida_mode/src/asan/asan_arm.c b/frida_mode/src/asan/asan_arm.c index 526017be..79475ced 100644 --- a/frida_mode/src/asan/asan_arm.c +++ b/frida_mode/src/asan/asan_arm.c @@ -18,5 +18,11 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { } +void asan_arch_init(void) { + + FATAL("ASAN mode not supported on this architecture"); + +} + #endif diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index 4e3fbafd..6262ee18 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -18,5 +18,11 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { } +void asan_arch_init(void) { + + FATAL("ASAN mode not supported on this architecture"); + +} + #endif diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c index bdf4ac30..a2eabe3c 100644 --- a/frida_mode/src/asan/asan_x64.c +++ b/frida_mode/src/asan/asan_x64.c @@ -7,23 +7,23 @@ #include "ctx.h" #include "util.h" +#if defined(__x86_64__) + typedef void (*asan_loadN_t)(uint64_t address, uint8_t size); typedef void (*asan_storeN_t)(uint64_t address, uint8_t size); asan_loadN_t asan_loadN = NULL; asan_storeN_t asan_storeN = NULL; -#if defined(__x86_64__) - static void asan_callout(GumCpuContext *ctx, gpointer user_data) { UNUSED_PARAMETER(user_data); cs_x86_op * operand = (cs_x86_op *)user_data; x86_op_mem *mem = &operand->mem; - uint64_t base = 0; - uint64_t index = 0; - uint64_t address; + gsize base = 0; + gsize index = 0; + gsize address; uint8_t size; if (mem->base != X86_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c index b946b3bf..8490b490 100644 --- a/frida_mode/src/asan/asan_x86.c +++ b/frida_mode/src/asan/asan_x86.c @@ -1,18 +1,89 @@ +#include #include "frida-gum.h" #include "debug.h" #include "asan.h" +#include "ctx.h" #include "util.h" #if defined(__i386__) + +typedef void (*asan_loadN_t)(gsize address, uint8_t size); +typedef void (*asan_storeN_t)(gsize address, uint8_t size); + +asan_loadN_t asan_loadN = NULL; +asan_storeN_t asan_storeN = NULL; + +static void asan_callout(GumCpuContext *ctx, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + cs_x86_op * operand = (cs_x86_op *)user_data; + x86_op_mem *mem = &operand->mem; + gsize base = 0; + gsize index = 0; + gsize address; + uint8_t size; + + if (mem->base != X86_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != X86_REG_INVALID) { index = ctx_read_reg(ctx, mem->index); } + + address = base + (mem->scale * index) + mem->disp; + size = operand->size; + + if (operand->access == CS_AC_READ) { + + asan_loadN(address, size); + + } else if (operand->access == CS_AC_WRITE) { + + asan_storeN(address, size); + + } + +} + void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); UNUSED_PARAMETER(iterator); - if (asan_initialized) { - FATAL("ASAN mode not supported on this architecture"); + cs_x86 x86 = instr->detail->x86; + cs_x86_op * operand; + x86_op_mem *mem; + cs_x86_op * ctx; + + if (!asan_initialized) return; + + if (instr->id == X86_INS_LEA) return; + + if (instr->id == X86_INS_NOP) return; + + for (uint8_t i = 0; i < x86.op_count; i++) { + + operand = &x86.operands[i]; + + if (operand->type != X86_OP_MEM) { continue; } + + mem = &operand->mem; + if (mem->segment != X86_REG_INVALID) { continue; } + + ctx = g_malloc0(sizeof(cs_x86_op)); + memcpy(ctx, operand, sizeof(cs_x86_op)); + gum_stalker_iterator_put_callout(iterator, asan_callout, ctx, g_free); + + } + +} + +void asan_arch_init(void) { + + asan_loadN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_loadN"); + asan_storeN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_storeN"); + if (asan_loadN == NULL || asan_storeN == NULL) { + + FATAL("Frida ASAN failed to find '__asan_loadN' or '__asan_storeN'"); } diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index c3621a29..9f56c32a 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -31,12 +31,12 @@ typedef struct { } cmplog_pair_ctx_t; -static gboolean cmplog_read_mem(GumX64CpuContext *ctx, uint8_t size, - x86_op_mem *mem, guint64 *val) { +static gboolean cmplog_read_mem(GumCpuContext *ctx, uint8_t size, + x86_op_mem *mem, gsize *val) { - guint64 base = 0; - guint64 index = 0; - guint64 address; + gsize base = 0; + gsize index = 0; + gsize address; if (mem->base != X86_REG_INVALID) base = ctx_read_reg(ctx, mem->base); @@ -49,16 +49,16 @@ static gboolean cmplog_read_mem(GumX64CpuContext *ctx, uint8_t size, switch (size) { case 1: - *val = *((guint8 *)address); + *val = *((guint8 *)GSIZE_TO_POINTER(address)); return TRUE; case 2: - *val = *((guint16 *)address); + *val = *((guint16 *)GSIZE_TO_POINTER(address)); return TRUE; case 4: - *val = *((guint32 *)address); + *val = *((guint32 *)GSIZE_TO_POINTER(address)); return TRUE; case 8: - *val = *((guint64 *)address); + *val = *((guint64 *)GSIZE_TO_POINTER(address)); return TRUE; default: FATAL("Invalid operand size: %d\n", size); @@ -70,7 +70,7 @@ static gboolean cmplog_read_mem(GumX64CpuContext *ctx, uint8_t size, } static gboolean cmplog_get_operand_value(GumCpuContext *context, - cmplog_ctx_t *ctx, guint64 *val) { + cmplog_ctx_t *ctx, gsize *val) { switch (ctx->type) { @@ -95,9 +95,9 @@ static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { UNUSED_PARAMETER(user_data); - guint64 address = ctx_read_reg(context, X86_REG_RIP); - guint64 rdi = ctx_read_reg(context, X86_REG_RDI); - guint64 rsi = ctx_read_reg(context, X86_REG_RSI); + gsize address = ctx_read_reg(context, X86_REG_RIP); + gsize rdi = ctx_read_reg(context, X86_REG_RDI); + gsize rsi = ctx_read_reg(context, X86_REG_RSI); if (((G_MAXULONG - rdi) < 32) || ((G_MAXULONG - rsi) < 32)) return; @@ -169,10 +169,10 @@ static void cmplog_instrument_call(const cs_insn * instr, } -static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, - guint64 operand2, uint8_t size) { +static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, + gsize operand2, uint8_t size) { - guint64 address = ctx_read_reg(context, X86_REG_RIP); + gsize address = ctx_read_reg(context, X86_REG_RIP); register uintptr_t k = (uintptr_t)address; @@ -195,8 +195,8 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; - guint64 operand1; - guint64 operand2; + gsize operand1; + gsize operand2; if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index 2401180c..a27df0af 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -1,17 +1,275 @@ #include "frida-gum.h" #include "debug.h" +#include "cmplog.h" +#include "ctx.h" #include "frida_cmplog.h" #include "util.h" #if defined(__i386__) + +typedef struct { + + x86_op_type type; + uint8_t size; + + union { + + x86_op_mem mem; + x86_reg reg; + int64_t imm; + + }; + +} cmplog_ctx_t; + +typedef struct { + + cmplog_ctx_t operand1; + cmplog_ctx_t operand2; + +} cmplog_pair_ctx_t; + +static gboolean cmplog_read_mem(GumCpuContext *ctx, uint8_t size, + x86_op_mem *mem, gsize *val) { + + gsize base = 0; + gsize index = 0; + gsize address; + + if (mem->base != X86_REG_INVALID) base = ctx_read_reg(ctx, mem->base); + + if (mem->index != X86_REG_INVALID) index = ctx_read_reg(ctx, mem->index); + + address = base + (index * mem->scale) + mem->disp; + + if (!cmplog_is_readable(address, size)) { return FALSE; } + + switch (size) { + + case 1: + *val = *((guint8 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 2: + *val = *((guint16 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 4: + *val = *((guint32 *)GSIZE_TO_POINTER(address)); + return TRUE; + default: + FATAL("Invalid operand size: %d\n", size); + + } + + return FALSE; + +} + +static gboolean cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t *ctx, gsize *val) { + + switch (ctx->type) { + + case X86_OP_REG: + *val = ctx_read_reg(context, ctx->reg); + return TRUE; + case X86_OP_IMM: + *val = ctx->imm; + return TRUE; + case X86_OP_MEM: + return cmplog_read_mem(context, ctx->size, &ctx->mem, val); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + + return FALSE; + +} + +static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + gsize address = ctx_read_reg(context, X86_REG_EIP); + gsize *esp = (gsize *)ctx_read_reg(context, X86_REG_ESP); + + if (!cmplog_is_readable(GPOINTER_TO_SIZE(esp), 12)) return; + + /* + * This callout is place immediately before the call instruction, and hence + * the return address is not yet pushed on the top of the stack. + */ + gsize arg1 = esp[0]; + gsize arg2 = esp[1]; + + if (((G_MAXULONG - arg1) < 32) || ((G_MAXULONG - arg2) < 32)) return; + + if (!cmplog_is_readable(arg1, 32) || !cmplog_is_readable(arg2, 32)) return; + + void *ptr1 = GSIZE_TO_POINTER(arg1); + void *ptr2 = GSIZE_TO_POINTER(arg2); + + uintptr_t k = address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = 31; + + hits &= CMP_MAP_RTN_H - 1; + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, + 32); + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, + 32); + +} + +static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, + cs_x86_op * operand) { + + ctx->type = operand->type; + ctx->size = operand->size; + switch (operand->type) { + + case X86_OP_REG: + gum_memcpy(&ctx->reg, &operand->reg, sizeof(x86_reg)); + break; + case X86_OP_IMM: + gum_memcpy(&ctx->imm, &operand->imm, sizeof(int64_t)); + break; + case X86_OP_MEM: + gum_memcpy(&ctx->mem, &operand->mem, sizeof(x86_op_mem)); + break; + default: + FATAL("Invalid operand type: %d\n", operand->type); + + } + +} + +static void cmplog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand; + + if (instr->id != X86_INS_CALL) return; + + if (x86.op_count != 1) return; + + operand = &x86.operands[0]; + + if (operand->type == X86_OP_INVALID) return; + if (operand->type == X86_OP_MEM && operand->mem.segment != X86_REG_INVALID) + return; + + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, NULL, NULL); + +} + +static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, + gsize operand2, uint8_t size) { + + gsize address = ctx_read_reg(context, X86_REG_EIP); + + register uintptr_t k = (uintptr_t)address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_INS; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = (size - 1); + + hits &= CMP_MAP_H - 1; + __afl_cmp_map->log[k][hits].v0 = operand1; + __afl_cmp_map->log[k][hits].v1 = operand2; + +} + +static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { + + cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + gsize operand1; + gsize operand2; + + if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); + + if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } + if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } + + cmplog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); + +} + +static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand1, + cs_x86_op *operand2) { + + cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); + if (ctx == NULL) return; + + cmplog_instrument_put_operand(&ctx->operand1, operand1); + cmplog_instrument_put_operand(&ctx->operand2, operand2); + + gum_stalker_iterator_put_callout(iterator, cmplog_cmp_sub_callout, ctx, + g_free); + +} + +static void cmplog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand1; + cs_x86_op *operand2; + + switch (instr->id) { + + case X86_INS_CMP: + case X86_INS_SUB: + break; + default: + return; + + } + + if (x86.op_count != 2) return; + + operand1 = &x86.operands[0]; + operand2 = &x86.operands[1]; + + if (operand1->type == X86_OP_INVALID) return; + if (operand2->type == X86_OP_INVALID) return; + + if ((operand1->type == X86_OP_MEM) && + (operand1->mem.segment != X86_REG_INVALID)) + return; + + if ((operand2->type == X86_OP_MEM) && + (operand2->mem.segment != X86_REG_INVALID)) + return; + + cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); + +} + void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); - UNUSED_PARAMETER(iterator); - if (__afl_cmp_map == NULL) { return; } - FATAL("CMPLOG mode not supported on this architecture"); + if (__afl_cmp_map == NULL) return; + + cmplog_instrument_call(instr, iterator); + cmplog_instrument_cmp_sub(instr, iterator); } diff --git a/frida_mode/src/ctx/ctx_x64.c b/frida_mode/src/ctx/ctx_x64.c index dec759f4..c5900533 100644 --- a/frida_mode/src/ctx/ctx_x64.c +++ b/frida_mode/src/ctx/ctx_x64.c @@ -41,7 +41,7 @@ \ } -guint64 ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { +gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { switch (reg) { diff --git a/frida_mode/src/ctx/ctx_x86.c b/frida_mode/src/ctx/ctx_x86.c new file mode 100644 index 00000000..45308272 --- /dev/null +++ b/frida_mode/src/ctx/ctx_x86.c @@ -0,0 +1,81 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__i386__) + + #define X86_REG_8L(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define X86_REG_8H(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK) >> 8; \ + \ + } + + #define X86_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define X86_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + +gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { + + switch (reg) { + + X86_REG_8L(X86_REG_AL, ctx->eax) + X86_REG_8L(X86_REG_BL, ctx->ebx) + X86_REG_8L(X86_REG_CL, ctx->ecx) + X86_REG_8L(X86_REG_DL, ctx->edx) + X86_REG_8L(X86_REG_BPL, ctx->ebp) + X86_REG_8L(X86_REG_SIL, ctx->esi) + X86_REG_8L(X86_REG_DIL, ctx->edi) + + X86_REG_8H(X86_REG_AH, ctx->eax) + X86_REG_8H(X86_REG_BH, ctx->ebx) + X86_REG_8H(X86_REG_CH, ctx->ecx) + X86_REG_8H(X86_REG_DH, ctx->edx) + + X86_REG_16(X86_REG_AX, ctx->eax) + X86_REG_16(X86_REG_BX, ctx->ebx) + X86_REG_16(X86_REG_CX, ctx->ecx) + X86_REG_16(X86_REG_DX, ctx->edx) + X86_REG_16(X86_REG_DI, ctx->edi) + X86_REG_16(X86_REG_SI, ctx->esi) + X86_REG_16(X86_REG_BP, ctx->ebp) + + X86_REG_32(X86_REG_EAX, ctx->eax) + X86_REG_32(X86_REG_ECX, ctx->ecx) + X86_REG_32(X86_REG_EDX, ctx->edx) + X86_REG_32(X86_REG_EBX, ctx->ebx) + X86_REG_32(X86_REG_ESP, ctx->esp) + X86_REG_32(X86_REG_EBP, ctx->ebp) + X86_REG_32(X86_REG_ESI, ctx->esi) + X86_REG_32(X86_REG_EDI, ctx->edi) + X86_REG_32(X86_REG_EIP, ctx->eip) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 5c77ade6..67eadc3f 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -34,7 +34,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, */ static char buffer[200]; int len; - guint64 current_pc = (guint64)user_data; + GumAddress current_pc = GUM_ADDRESS(user_data); uint8_t * cursor; uint64_t value; if (unlikely(tracing)) { @@ -86,8 +86,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (begin) { - prefetch_write((void *)instr->address); - if (!range_is_excluded((void *)instr->address)) { + prefetch_write(GSIZE_TO_POINTER(instr->address)); + if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { if (optimize) { @@ -95,8 +95,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, } else { - gum_stalker_iterator_put_callout(iterator, on_basic_block, - (gpointer)instr->address, NULL); + gum_stalker_iterator_put_callout( + iterator, on_basic_block, GSIZE_TO_POINTER(instr->address), NULL); } @@ -106,7 +106,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, } - if (!range_is_excluded((void *)instr->address)) { + if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { asan_instrument(instr, iterator); cmplog_instrument(instr, iterator); diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index c2d720a7..1a3c40bb 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -3,6 +3,7 @@ #include "debug.h" #include "instrument.h" +#include "util.h" #if defined(__arm__) @@ -15,6 +16,8 @@ gboolean instrument_is_coverage_optimize_supported(void) { void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(output); FATAL("Optimized coverage not supported on this architecture"); } diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 5b8cbbba..585bb5b8 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -3,19 +3,81 @@ #include "debug.h" #include "instrument.h" +#include "util.h" #if defined(__i386__) +static GumAddress current_log_impl = GUM_ADDRESS(0); + +static void instrument_coverage_function(GumX86Writer *cw) { + + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_ECX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, + GUM_ADDRESS(&previous_pc)); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_EDX, GUM_REG_ECX); + gum_x86_writer_put_xor_reg_reg(cw, GUM_REG_EDX, GUM_REG_EDI); + + gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EDX, GUM_ADDRESS(__afl_area_ptr)); + + /* add byte ptr [edx], 1 */ + uint8_t add_byte_ptr_edx_1[] = {0x80, 0x02, 0x01}; + gum_x86_writer_put_bytes(cw, add_byte_ptr_edx_1, sizeof(add_byte_ptr_edx_1)); + + /* adc byte ptr [edx], 0 */ + uint8_t adc_byte_ptr_edx_0[] = {0x80, 0x12, 0x00}; + gum_x86_writer_put_bytes(cw, adc_byte_ptr_edx_0, sizeof(adc_byte_ptr_edx_0)); + + gum_x86_writer_put_shr_reg_u8(cw, GUM_REG_EDI, 1); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_ECX, GUM_REG_EDI); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_EDX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_ECX); + gum_x86_writer_put_popfx(cw); + gum_x86_writer_put_ret(cw); + +} + gboolean instrument_is_coverage_optimize_supported(void) { - return false; + return true; } void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { - FATAL("Optimized coverage not supported on this architecture"); + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(output); + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumX86Writer *cw = output->writer.x86; + + if (current_log_impl == 0 || + !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || + !gum_x86_writer_can_branch_directly_between(cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_x86_writer_put_jmp_near_label(cw, after_log_impl); + + current_log_impl = cw->pc; + instrument_coverage_function(cw); + + gum_x86_writer_put_label(cw, after_log_impl); + + } + + // gum_x86_writer_put_breakpoint(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDI, area_offset); + gum_x86_writer_put_call_address(cw, current_log_impl); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EDI); } diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index c5045533..13a7d1e7 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -90,7 +90,8 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { if (!found_preferred_base) { FATAL("Failed to find preferred load address"); } - OKF("Image preferred load address 0x%016lx", preferred_base); + OKF("Image preferred load address 0x%016" G_GSIZE_MODIFIER "x", + preferred_base); shdr = (Elf_Shdr *)((char *)hdr + hdr->e_shoff); shstrtab = &shdr[hdr->e_shstrndx]; @@ -107,15 +108,16 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { if (curr->sh_name == 0) continue; section_name = &shstr[curr->sh_name]; - OKF("Section: %2lu - base: 0x%016lX size: 0x%016lX %s", i, curr->sh_addr, - curr->sh_size, section_name); + OKF("Section: %2" G_GSIZE_MODIFIER "u - base: 0x%016" G_GSIZE_MODIFIER + "X size: 0x%016" G_GSIZE_MODIFIER "X %s", + i, curr->sh_addr, curr->sh_size, section_name); if (memcmp(section_name, text_name, sizeof(text_name)) == 0 && text_base == 0) { text_base = lib_details->base_address + curr->sh_addr - preferred_base; text_limit = text_base + curr->sh_size; - OKF("> text_addr: 0x%016lX", text_base); - OKF("> text_limit: 0x%016lX", text_limit); + OKF("> text_addr: 0x%016" G_GINT64_MODIFIER "X", text_base); + OKF("> text_limit: 0x%016" G_GINT64_MODIFIER "X", text_limit); } @@ -153,7 +155,8 @@ void lib_init(void) { lib_details_t lib_details; gum_process_enumerate_modules(lib_find_exe, &lib_details); - OKF("Executable: 0x%016lx - %s", lib_details.base_address, lib_details.path); + OKF("Executable: 0x%016" G_GINT64_MODIFIER "x - %s", lib_details.base_address, + lib_details.path); lib_get_text_section(&lib_details); } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 9d39c4e9..bd7171b9 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -1,9 +1,9 @@ #include "frida-gum.h" -#include "debug.h" +#include "config.h" +#include "instrument.h" #include "persistent.h" -#include "util.h" #if defined(__i386__) @@ -38,16 +38,239 @@ struct x86_regs { typedef struct x86_regs arch_api_regs; +static arch_api_regs saved_regs = {0}; +static void * saved_return = NULL; + gboolean persistent_is_supported(void) { - return false; + return true; + +} + +static void instrument_persitent_save_regs(GumX86Writer * cw, + struct x86_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + + /* Should be pushing FPU here, but meh */ + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 1), + GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 2), + GUM_REG_ECX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 3), + GUM_REG_EDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 4), + GUM_REG_EDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 5), + GUM_REG_ESI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 6), + GUM_REG_EBP); + + /* Store RIP */ + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX, + GUM_ADDRESS(persistent_start)); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 7), + GUM_REG_EBX); + + /* Store adjusted RSP */ + gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP); + + /* RED_ZONE + Saved flags, RAX */ + gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2)); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 8), + GUM_REG_EBX); + + /* Save the flags */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 9), + GUM_REG_EBX); + + /* Save the RAX */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 0), + GUM_REG_EBX); + + /* Pop the saved values */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8); + +} + +static void instrument_persitent_restore_regs(GumX86Writer * cw, + struct x86_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX, + (0x4 * 2)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX, + (0x4 * 3)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX, + (0x4 * 4)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX, + (0x4 * 5)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, + (0x4 * 6)); + + /* Don't restore RIP or RSP */ + + /* Restore RBX, RAX & Flags */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + (0x4 * 1)); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + (0x4 * 0)); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + (0x4 * 9)); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_popfx(cw); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + +} + +static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x8); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, 0, GUM_REG_EBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + +} + +static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + + /* Place holder for ret */ + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EAX, GUM_REG_EAX, 0); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_ESP, 0x4, GUM_REG_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_ret(cw); + +} + +static int instrument_afl_persistent_loop_func(void) { + + int ret = __afl_persistent_loop(persistent_count); + previous_pc = 0; + return ret; + +} + +static void instrument_afl_persistent_loop(GumX86Writer *cw) { + + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); + gum_x86_writer_put_test_reg_reg(cw, GUM_REG_EAX, GUM_REG_EAX); + +} + +static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { + + if (hook == NULL) return; + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, + GUM_ADDRESS(&__afl_fuzz_len)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDX, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EDX, 0); + + /* Base address is 64-bits (hence two zero arguments) */ + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 5, GUM_ARG_ADDRESS, + GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, + GUM_ADDRESS(0), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, + GUM_REG_ECX); } void persistent_prologue(GumStalkerOutput *output) { - UNUSED_PARAMETER(output); - FATAL("Persistent mode not supported on this architecture"); + /* + * SAVE REGS + * SAVE RET + * POP RET + * loop: + * CALL instrument_afl_persistent_loop + * TEST EAX, EAX + * JZ end: + * call hook (optionally) + * RESTORE REGS + * call original + * jmp loop: + * + * end: + * JMP SAVED RET + * + * original: + * INSTRUMENTED PERSISTENT FUNC + */ + + GumX86Writer *cw = output->writer.x86; + + gconstpointer loop = cw->code + 1; + + /* Stack must be 16-byte aligned per ABI */ + instrument_persitent_save_regs(cw, &saved_regs); + + /* Stash and pop the return value */ + instrument_save_ret(cw, &saved_return); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4)); + + /* loop: */ + gum_x86_writer_put_label(cw, loop); + + /* call instrument_prologue_func */ + instrument_afl_persistent_loop(cw); + + /* jz done */ + gconstpointer done = cw->code + 1; + gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, done, GUM_UNLIKELY); + + /* Optionally call the persistent hook */ + persistent_prologue_hook(cw, &saved_regs); + + instrument_persitent_restore_regs(cw, &saved_regs); + gconstpointer original = cw->code + 1; + /* call original */ + gum_x86_writer_put_call_near_label(cw, original); + /* jmp loop */ + gum_x86_writer_put_jmp_near_label(cw, loop); + + /* done: */ + gum_x86_writer_put_label(cw, done); + + instrument_jump_ret(cw, &saved_return); + + /* original: */ + gum_x86_writer_put_label(cw, original); + + gum_x86_writer_flush(cw); } diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile index 37c7450c..40de6a09 100644 --- a/frida_mode/test/cmplog/GNUmakefile +++ b/frida_mode/test/cmplog/GNUmakefile @@ -2,8 +2,8 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../)/ BUILD_DIR:=$(PWD)build/ -TEST_CMPLOG_DIR:=$(ROOT)qemu_mode/libcompcov/ -TEST_CMPLOG_OBJ=$(TEST_CMPLOG_DIR)compcovtest +TEST_CMPLOG_SRC=$(PWD)cmplog.c +TEST_CMPLOG_OBJ=$(BUILD_DIR)compcovtest TEST_BIN:=$(PWD)../../build/test @@ -13,20 +13,14 @@ CMP_LOG_INPUT:=$(TEST_DATA_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000aaaaaaaaa000) -endif +.PHONY: all 32 clean qemu frida format -ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000555555554000) -endif - -.PHONY: all clean qemu frida - -all: +all: $(TEST_CMPLOG_OBJ) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -34,10 +28,10 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) mkdir -p $@ $(CMP_LOG_INPUT): | $(TEST_DATA_DIR) - truncate -s 64 $@ + echo -n "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" > $@ -$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc - make -C $(TEST_CMPLOG_DIR) compcovtest +$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_SRC) | $(BUILD_DIR) + $(CXX) -std=c++11 -g $(CFLAGS) $(LDFLAGS) $< -o $@ qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) $(ROOT)afl-fuzz \ @@ -51,7 +45,6 @@ qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) $(TEST_CMPLOG_OBJ) @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) - XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ $(ROOT)afl-fuzz \ -O \ -i $(TEST_DATA_DIR) \ @@ -62,5 +55,15 @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) -- \ $(TEST_CMPLOG_OBJ) @@ +debug: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --ex 'r $(CMP_LOG_INPUT)' \ + --args $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + clean: rm -rf $(BUILD_DIR) + +format: + cd $(ROOT) && echo $(TEST_CMPLOG_SRC) | xargs -L1 ./.custom-format.py -i diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile index f322d1f5..606b43a5 100644 --- a/frida_mode/test/cmplog/Makefile +++ b/frida_mode/test/cmplog/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,10 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida + +format: + @gmake format + +debug: + @gmake debug diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c new file mode 100644 index 00000000..99010645 --- /dev/null +++ b/frida_mode/test/cmplog/cmplog.c @@ -0,0 +1,100 @@ +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy +// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include +#include +#include +#include + +int main(int argc, char **argv) { + + char buffer[44] = {/* zero padding */}; + + FILE *file = stdin; + + if (argc > 1) { + + if ((file = fopen(argv[1], "r")) == NULL) { + + perror(argv[1]); + exit(-1); + + } + + } + + fread(buffer, 1, sizeof(buffer) - 1, file); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + + if (argc > 1) { fclose(file); } + return 1; + + } + +#if defined(__x86_64__) + uint64_t x = 0; + fread(&x, sizeof(x), 1, file); + if (x != 0xCAFEBABECAFEBABE) { + + if (argc > 1) { fclose(file); } + return 2; + + } + +#endif + + uint32_t y = 0; + fread(&y, sizeof(y), 1, file); + + if (y != 0xDEADC0DE) { + + if (argc > 1) { fclose(file); } + return 3; + + } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, file); + + switch (z) { + + case 0xBEEF: + break; + + default: + if (argc > 1) { fclose(file); } + return 4; + + } + + printf("Puzzle solved, congrats!\n"); + abort(); + + if (argc > 1) { fclose(file); } + + return 0; + +} + diff --git a/frida_mode/test/entry_point/GNUmakefile b/frida_mode/test/entry_point/GNUmakefile index 891827eb..c99bcecb 100644 --- a/frida_mode/test/entry_point/GNUmakefile +++ b/frida_mode/test/entry_point/GNUmakefile @@ -12,6 +12,18 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) @@ -21,11 +33,18 @@ ifeq "$(ARCH)" "x86_64" AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) endif +ifeq "$(ARCH)" "x86" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) +endif + .PHONY: all clean qemu frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -36,7 +55,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) @@ -58,4 +77,4 @@ frida_entry: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ \ No newline at end of file + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/entry_point/Makefile b/frida_mode/test/entry_point/Makefile index 3b41b94e..75c57e66 100644 --- a/frida_mode/test/entry_point/Makefile +++ b/frida_mode/test/entry_point/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,4 @@ frida: @gmake frida frida_entry: - @gmake frida \ No newline at end of file + @gmake frida diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c index a6c655f9..bd605c52 100644 --- a/frida_mode/test/entry_point/testinstr.c +++ b/frida_mode/test/entry_point/testinstr.c @@ -106,7 +106,9 @@ int run(char *file) { } void slow() { + usleep(100000); + } int main(int argc, char **argv) { diff --git a/frida_mode/test/exe/GNUmakefile b/frida_mode/test/exe/GNUmakefile index c543cca8..86e5a461 100644 --- a/frida_mode/test/exe/GNUmakefile +++ b/frida_mode/test/exe/GNUmakefile @@ -10,11 +10,14 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -.PHONY: all clean qemu frida +.PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -25,7 +28,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< -no-pie + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -no-pie clean: rm -rf $(BUILD_DIR) @@ -47,4 +50,4 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ \ No newline at end of file + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/exe/Makefile b/frida_mode/test/exe/Makefile index f322d1f5..4bef1ccb 100644 --- a/frida_mode/test/exe/Makefile +++ b/frida_mode/test/exe/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,4 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida diff --git a/frida_mode/test/fasan/GNUmakefile b/frida_mode/test/fasan/GNUmakefile index 22689395..08b271de 100644 --- a/frida_mode/test/fasan/GNUmakefile +++ b/frida_mode/test/fasan/GNUmakefile @@ -42,7 +42,7 @@ ifeq "$(ARCH)" "x86" LIBASAN_FILE:=libclang_rt.asan-i386.so endif -ifeq "$(ARCH)" "x64" +ifeq "$(ARCH)" "x86_64" LIBASAN_FILE:=libclang_rt.asan-x86_64.so endif @@ -85,12 +85,15 @@ else endif -.PHONY: all clean format frida-noasan frida debug run +.PHONY: all 32 clean format frida-noasan frida debug run ############################## ALL ############################################# all: $(TEST_BIN) +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(TEST_BIN): $(TEST_SRC) GNUmakefile | $(BUILD_DIR) $(CC) \ $(CFLAGS) \ @@ -120,7 +123,7 @@ frida-noasan: $(TEST_BIN) $(TEST_DATA_FILE) frida: $(TEST_BIN) $(TEST_DATA_FILE) - AFL_PRELOAD=/usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so \ + AFL_PRELOAD=$(LIBASAN) \ AFL_USE_FASAN=1 \ $(ROOT)afl-fuzz \ -D \ diff --git a/frida_mode/test/fasan/Makefile b/frida_mode/test/fasan/Makefile index a7bf44c7..3b4c71db 100644 --- a/frida_mode/test/fasan/Makefile +++ b/frida_mode/test/fasan/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -15,4 +19,4 @@ debug: @gmake debug run: - @gmake run \ No newline at end of file + @gmake run diff --git a/frida_mode/test/fasan/test.c b/frida_mode/test/fasan/test.c index a7d03017..b9a119e6 100644 --- a/frida_mode/test/fasan/test.c +++ b/frida_mode/test/fasan/test.c @@ -5,6 +5,8 @@ #include #include +#define UNUSED_PARAMETER(x) (void)(x) + #define LOG(x) \ do { \ \ @@ -67,6 +69,9 @@ void test(char data) { int main(int argc, char **argv) { + UNUSED_PARAMETER(argc); + UNUSED_PARAMETER(argv); + char input = '\0'; if (read(STDIN_FILENO, &input, 1) < 0) { diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 515728c4..e05bade2 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -35,6 +35,9 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out all: $(TEST_BIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -46,7 +49,7 @@ $(HARNESS_FILE): | $(HARNESS_BUILD_DIR) wget -O $@ $(HARNESS_URL) $(HARNESS_OBJ): $(HARNESS_FILE) - $(CC) -o $@ -c $< + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ -c $< ######### PNGTEST ######## @@ -57,7 +60,7 @@ $(PNGTEST_FILE): | $(PNGTEST_BUILD_DIR) wget -O $@ $(PNGTEST_URL) $(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) - $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< + $(CXX) $(CFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< ######### LIBPNG ######## @@ -80,6 +83,8 @@ $(LIBPNG_LIB): $(LIBPNG_MAKEFILE) $(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) $(CXX) \ + $(CFLAGS) \ + $(LDFLAGS) \ -o $@ \ $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ -lz \ diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile index f322d1f5..4bef1ccb 100644 --- a/frida_mode/test/png/Makefile +++ b/frida_mode/test/png/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,4 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile index 531f9bce..ca6f0ff2 100644 --- a/frida_mode/test/png/persistent/GNUmakefile +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -8,6 +8,18 @@ TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) ARCH=$(shell uname -m) @@ -19,11 +31,18 @@ ifeq "$(ARCH)" "x86_64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000555555554000) endif -.PHONY: all clean qemu qemu_entry frida frida_entry +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x56555000) +endif + +.PHONY: all 32 clean qemu qemu_entry frida frida_entry all: make -C $(ROOT)frida_mode/test/png/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -76,4 +95,4 @@ frida_entry: | $(BUILD_DIR) $(TEST_BIN) @@ clean: - rm -rf $(BUILD_DIR) \ No newline at end of file + rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile index 5fde63c2..cde0cf30 100644 --- a/frida_mode/test/png/persistent/Makefile +++ b/frida_mode/test/png/persistent/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -15,4 +19,4 @@ frida: @gmake frida frida_entry: - @gmake frida_entry \ No newline at end of file + @gmake frida_entry diff --git a/frida_mode/test/png/persistent/get_symbol_addr.py b/frida_mode/test/png/persistent/get_symbol_addr.py index 6458c212..1c46e010 100755 --- a/frida_mode/test/png/persistent/get_symbol_addr.py +++ b/frida_mode/test/png/persistent/get_symbol_addr.py @@ -33,4 +33,4 @@ def main(): if __name__ == "__main__": ret = main() - exit(ret) \ No newline at end of file + exit(ret) diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index 4f55fe98..3eee4c2b 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -2,8 +2,16 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_DIR=$(ROOT)utils/aflpp_driver/ -AFLPP_DRIVER_HOOK_OBJ=$(AFLPP_DRIVER_HOOK_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +CFLAGS+=-O3 \ + -funroll-loops \ + -g \ + -fPIC \ + -funroll-loops \ + +LDFLAGS+=-shared \ TEST_BIN:=$(PWD)../../build/test TEST_DATA_DIR:=../../build/libpng/libpng-1.2.56/contrib/pngsuite/ @@ -12,9 +20,20 @@ AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) +ifndef ARCH ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + ifeq "$(ARCH)" "aarch64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) endif @@ -23,11 +42,18 @@ ifeq "$(ARCH)" "x86_64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) endif -.PHONY: all clean qemu qemu_entry frida frida_entry +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif -all: +.PHONY: all 32 clean format qemu qemu_entry frida frida_entry debug + +all: $(AFLPP_DRIVER_HOOK_OBJ) make -C $(ROOT)frida_mode/test/png/persistent/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -37,8 +63,8 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) $(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) truncate -s 1M $@ -$(AFLPP_DRIVER_HOOK_OBJ): | $(AFLPP_DRIVER_HOOK_DIR) - make -C $(AFLPP_DRIVER_HOOK_DIR) +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ @@ -93,6 +119,18 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) +debug: + echo $(AFL_FRIDA_PERSISTENT_ADDR) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + clean: rm -rf $(BUILD_DIR) +format: + cd $(ROOT) && echo $(AFLPP_DRIVER_HOOK_SRC) | xargs -L1 ./.custom-format.py -i + diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile index 5fde63c2..983d009e 100644 --- a/frida_mode/test/png/persistent/hook/Makefile +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -2,9 +2,16 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean +format: + @gmake format + qemu: @gmake qemu @@ -15,4 +22,7 @@ frida: @gmake frida frida_entry: - @gmake frida_entry \ No newline at end of file + @gmake frida_entry + +debug: + @gmake debug diff --git a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile index 4addbad8..a35073ab 100644 --- a/frida_mode/test/testinstr/GNUmakefile +++ b/frida_mode/test/testinstr/GNUmakefile @@ -10,11 +10,14 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -.PHONY: all clean qemu frida +.PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -25,7 +28,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) @@ -47,4 +50,10 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ \ No newline at end of file + $(TESTINSTBIN) @@ + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) diff --git a/frida_mode/test/testinstr/Makefile b/frida_mode/test/testinstr/Makefile index f322d1f5..f843af19 100644 --- a/frida_mode/test/testinstr/Makefile +++ b/frida_mode/test/testinstr/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,7 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida + +debug: + @gmake debug From 257cc1e82a4f009ead66519bd70e9467de158a51 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 18 May 2021 11:28:15 +0100 Subject: [PATCH 221/441] Update frida_mode readme (#925) --- frida_mode/README.md | 82 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 63 insertions(+), 19 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 9f574a4c..ecce0bfd 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -18,19 +18,19 @@ As FRIDA mode is new, it is missing a lot of features. The design is such that i should be possible to add these features in a similar manner to QEMU mode and perhaps leverage some of its design and implementation. - | Feature/Instrumentation | frida-mode | Notes | - | -------------------------|:----------:|:---------------------------------------:| - | NeverZero | x | | - | Persistent Mode | x | (x64 only)(Only on function boundaries) | - | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | - | CMPLOG | x | (x64 only) | - | Selective Instrumentation| x | | - | Non-Colliding Coverage | - | | - | Ngram prev_loc Coverage | - | | - | Context Coverage | - | | - | Auto Dictionary | - | | - | Snapshot LKM Support | - | | - | In-Memory Test Cases | x | (x64 only) | + | Feature/Instrumentation | frida-mode | Notes | + | -------------------------|:----------:|:--------------------------------------------:| + | NeverZero | x | | + | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | + | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | + | CMPLOG | x | (x86/x64 only) | + | Selective Instrumentation| x | | + | Non-Colliding Coverage | - | (Not possible in binary-only instrumentation | + | Ngram prev_loc Coverage | - | | + | Context Coverage | - | | + | Auto Dictionary | - | | + | Snapshot LKM Support | - | | + | In-Memory Test Cases | x | (x86/x64 only) | ## Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 @@ -43,11 +43,17 @@ system does not support cross compilation. ## Getting Started -To build everything run `make`. +To build everything run `make`. To build for x86 run `make 32`. Note that in +x86 bit mode, it is not necessary for afl-fuzz to be built for 32-bit. However, +the shared library for frida_mode must be since it is injected into the target +process. Various tests can be found in subfolders within the `test/` directory. To use these, first run `make` to build any dependencies. Then run `make qemu` or -`make frida` to run on either QEMU of FRIDA mode respectively. +`make frida` to run on either QEMU of FRIDA mode respectively. To run frida +tests in 32-bit mode, run `make ARCH=x86 frida`. When switching between +architectures it may be necessary to run `make clean` first for a given build +target to remove previously generated binaries for a different architecture. ## Usage @@ -130,9 +136,47 @@ them and they be inherited by the next child on fork. * `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +## FASAN - Frida Address Sanitizer Mode +Frida mode also supports FASAN. The design of this is actually quite simple and +very similar to that used when instrumenting applications compiled from source. + +### Address Sanitizer Basics + +When Address Sanitizer is used to instrument programs built from source, the +compiler first adds a dependency (`DT_NEEDED` entry) for the Address Sanitizer +dynamic shared object (DSO). This shared object contains the main logic for Address +Sanitizer, including setting and managing up the shadow memory. It also provides +replacement implementations for a number of functions in standard libraries. + +These replacements include things like `malloc` and `free` which allows for those +allocations to be marked in the shadow memory, but also a number of other fuctions. +Consider `memcpy` for example, this is instrumented to validate the paramters +(test the source and destination buffers against the shadow memory. This is much +easier than instrumenting those standard libraries since, first it would require +you to re-compile them and secondly it would mean that the instrumentation would +be applied at a more expensive granular level. Lastly, load-widening (typically +found in highy optimized code) can also make this instrumentation more difficult. + +Since the DSO is loaded before all of the standard libraries (in fact it insists +on being first), the dynamic loader will use it to resolve imports from other +modules which depend on it. + +### FASAN Implementation + +FASAN takes a similar approach. It requires the user to add the Address Sanitizer +DSO to the `AFL_PRELOAD` environment variable such that it is loaded into the target. +Again, it must be first in the list. This means that it is not necessary to +instrument the standard libraries to detect when an application has provided an +incorrect argument to `memcpy` for example. This avoids issues with load-widening +and should also mean a huge improvement in performance. + +FASAN then adds instrumentation for any instrucutions which use memory operands and +then calls into the `__asan_loadN` and `__asan_storeN` functions provided by the DSO +to validate memory accesses against the shadow memory. + ## TODO -The next features to be added are x86 support, integration with FuzzBench and -support for ASAN. The intention is to achieve feature parity with QEMU mode in -due course. Contributions are welcome, but please get in touch to ensure that -efforts are deconflicted. +The next features to be added are Aarch64 and Aarch32 support as well as looking at +potential performance improvements. The intention is to achieve feature parity with +QEMU mode in due course. Contributions are welcome, but please get in touch to +ensure that efforts are deconflicted. From b669e772684fd98dc7a0c8f9e6032895e21a6de6 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Tue, 18 May 2021 16:43:38 +0200 Subject: [PATCH 222/441] libqasan: use syscalls for read and write --- qemu_mode/libqasan/hooks.c | 10 ++++------ qemu_mode/libqasan/libqasan.c | 11 +++++++++-- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/qemu_mode/libqasan/hooks.c b/qemu_mode/libqasan/hooks.c index 0e6c3e08..c542521c 100644 --- a/qemu_mode/libqasan/hooks.c +++ b/qemu_mode/libqasan/hooks.c @@ -25,9 +25,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "libqasan.h" #include "map_macro.h" +#include +#include -ssize_t (*__lq_libc_write)(int, const void *, size_t); -ssize_t (*__lq_libc_read)(int, void *, size_t); char *(*__lq_libc_fgets)(char *, int, FILE *); int (*__lq_libc_atoi)(const char *); long (*__lq_libc_atol)(const char *); @@ -37,8 +37,6 @@ void __libqasan_init_hooks(void) { __libqasan_init_malloc(); - __lq_libc_write = ASSERT_DLSYM(write); - __lq_libc_read = ASSERT_DLSYM(read); __lq_libc_fgets = ASSERT_DLSYM(fgets); __lq_libc_atoi = ASSERT_DLSYM(atoi); __lq_libc_atol = ASSERT_DLSYM(atol); @@ -52,7 +50,7 @@ ssize_t write(int fd, const void *buf, size_t count) { QASAN_DEBUG("%14p: write(%d, %p, %zu)\n", rtv, fd, buf, count); QASAN_LOAD(buf, count); - ssize_t r = __lq_libc_write(fd, buf, count); + ssize_t r = syscall(SYS_write, fd, buf, count); QASAN_DEBUG("\t\t = %zd\n", r); return r; @@ -65,7 +63,7 @@ ssize_t read(int fd, void *buf, size_t count) { QASAN_DEBUG("%14p: read(%d, %p, %zu)\n", rtv, fd, buf, count); QASAN_STORE(buf, count); - ssize_t r = __lq_libc_read(fd, buf, count); + ssize_t r = syscall(SYS_read, fd, buf, count); QASAN_DEBUG("\t\t = %zd\n", r); return r; diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index 9fc4ef7a..2ac0c861 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -61,9 +61,17 @@ void __libqasan_print_maps(void) { } -/*__attribute__((constructor))*/ void __libqasan_init() { +int __libqasan_is_initialized = 0; + +__attribute__((constructor)) void __libqasan_init() { + + if (__libqasan_is_initialized) return; + __libqasan_is_initialized = 1; __libqasan_init_hooks(); + + if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) + __libqasan_hotpatch(); #ifdef DEBUG __qasan_debug = getenv("QASAN_DEBUG") != NULL; @@ -86,7 +94,6 @@ int __libc_start_main(int (*main)(int, char **, char **), int argc, char **argv, typeof(&__libc_start_main) orig = dlsym(RTLD_NEXT, "__libc_start_main"); __libqasan_init(); - if (getenv("AFL_INST_LIBS")) __libqasan_hotpatch(); return orig(main, argc, argv, init, fini, rtld_fini, stack_end); From af900bca981c2ac9cc328cbe5348929cf7be77be Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 18 May 2021 16:44:16 +0200 Subject: [PATCH 223/441] update readme --- README.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index c16216bf..5d5510d2 100644 --- a/README.md +++ b/README.md @@ -90,16 +90,17 @@ behaviours and defaults: | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| - | NeverZero | x86[_64]| x(1) | x | | x | x | - | Persistent Mode | | x | x | x | x86[_64]/arm[64] | x | + | NeverZero | x86[_64]| x(1) | x | x | x | x | + | Persistent Mode | | x | x | x86[_64] | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | x | x86[_64]/arm[64] | | + | CmpLog | | x | | x86[_64] | x86[_64]/arm[64] | | | Selective Instrumentation| | x | x | x | x | | | Non-Colliding Coverage | | x(4) | | | (x)(5) | | | Ngram prev_loc Coverage | | x(6) | | | | | | Context Coverage | | x(6) | | | | | | Auto Dictionary | | x(7) | | | | | | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | + | Shared Memory Testcases | | x | x | x | x | x | 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin From 2ef9ff44682ff1a922536c9be461047f9e47ba25 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 18 May 2021 19:27:02 +0100 Subject: [PATCH 224/441] Minor integration tweaks (#926) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 1 + frida_mode/src/main.c | 37 ++++++++++++++++++++++++------------- frida_mode/src/stalker.c | 2 ++ 3 files changed, 27 insertions(+), 13 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index e915f157..bc77a451 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -25,6 +25,7 @@ LDFLAGS+=-shared \ -lpthread \ -lresolv \ -ldl \ + -z noexecstack \ ifdef DEBUG CFLAGS+=-Werror \ diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index e031dbed..21073cbe 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -75,16 +75,22 @@ static void on_main_os(int argc, char **argv, char **envp) { #endif -static int *on_main(int argc, char **argv, char **envp) { +static void embedded_init() { - void *fork_addr; + static gboolean initialized = false; + if (!initialized) { - on_main_os(argc, argv, envp); + gum_init_embedded(); + initialized = true; - unintercept_self(); + } +} + +void afl_frida_start() { + + embedded_init(); stalker_init(); - lib_init(); entry_init(); instrument_init(); @@ -92,12 +98,23 @@ static int *on_main(int argc, char **argv, char **envp) { prefetch_init(); ranges_init(); - fork_addr = GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); + void *fork_addr = + GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); intercept(fork_addr, on_fork, NULL); stalker_start(); entry_run(); +} + +static int *on_main(int argc, char **argv, char **envp) { + + on_main_os(argc, argv, envp); + + unintercept_self(); + + afl_frida_start(); + return main_fn(argc, argv, envp); } @@ -149,13 +166,7 @@ static void intercept_main(void) { __attribute__((constructor)) static void init(void) { - gum_init_embedded(); - if (!gum_stalker_is_supported()) { - - gum_deinit_embedded(); - FATAL("Failed to initialize embedded"); - - } + embedded_init(); intercept_main(); diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 81973e9c..63f3c529 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -7,6 +7,8 @@ static GumStalker *stalker = NULL; void stalker_init(void) { + if (!gum_stalker_is_supported()) { FATAL("Failed to initialize embedded"); } + stalker = gum_stalker_new(); if (stalker == NULL) { FATAL("Failed to initialize stalker"); } From d776d40669eb36cbfabeeeca55d4343413e2285b Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Wed, 19 May 2021 14:50:41 +0200 Subject: [PATCH 225/441] merge --- src/afl-fuzz.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 903068b2..1ac2e8ff 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1410,6 +1410,9 @@ int main(int argc, char **argv_orig, char **envp) { } else if (afl->fsrv.frida_mode) { afl_preload = getenv("AFL_PRELOAD"); + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); + if (afl_preload) { if (afl->fsrv.frida_asan) { From dee64e74a8f5320e4fc86d6e6597c5f4b07d4ef7 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Wed, 19 May 2021 15:03:45 +0200 Subject: [PATCH 226/441] fix afl-fuzz.c frida preload --- src/afl-fuzz.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 1ac2e8ff..eff25c91 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1414,25 +1414,27 @@ int main(int argc, char **argv_orig, char **envp) { OKF("Injecting %s ...", frida_binary); if (afl_preload) { - if (afl->fsrv.frida_asan) { + if (afl->fsrv.frida_asan) { - OKF("Using Frida Address Sanitizer Mode"); + OKF("Using Frida Address Sanitizer Mode"); - fasan_check_afl_preload(afl_preload); + fasan_check_afl_preload(afl_preload); - setenv("ASAN_OPTIONS", "detect_leaks=false", 1); + setenv("ASAN_OPTIONS", "detect_leaks=false", 1); + } + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); + frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); + + ck_free(frida_binary); + + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); + } - u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); - OKF("Injecting %s ...", frida_binary); - frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); - - ck_free(frida_binary); - - setenv("LD_PRELOAD", frida_afl_preload, 1); - setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); - } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); From cdae3d3d038a28f1096ab6d34128896c19ef4733 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 19 May 2021 22:21:46 +0200 Subject: [PATCH 227/441] cleaned up AFL_PRINT_FILENAMES env --- include/envs.h | 1 + src/afl-fuzz.c | 2 +- src/afl-showmap.c | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/envs.h b/include/envs.h index 4fff1e3a..f1314bad 100644 --- a/include/envs.h +++ b/include/envs.h @@ -193,6 +193,7 @@ static char *afl_environment_variables[] = { "AFL_EXPAND_HAVOC_NOW", "AFL_USE_FASAN", "AFL_USE_QASAN", + "AFL_PRINT_FILENAMES", NULL }; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index eff25c91..5f939115 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1432,7 +1432,7 @@ int main(int argc, char **argv_orig, char **envp) { setenv("LD_PRELOAD", frida_afl_preload, 1); setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); - + } } else { diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 10818905..9b4d21a5 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -774,7 +774,7 @@ int main(int argc, char **argv_orig, char **envp) { afl_forkserver_t fsrv_var = {0}; if (getenv("AFL_DEBUG")) { debug = true; } - if (getenv("AFL_PRINT_FILENAMES")) { print_filenames = true; } + if (get_afl_env("AFL_PRINT_FILENAMES")) { print_filenames = true; } fsrv = &fsrv_var; afl_fsrv_init(fsrv); From da2d4d8258d725f79c2daa22bf3b1a59c593e472 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Thu, 20 May 2021 11:14:46 +0200 Subject: [PATCH 228/441] Push to stable (#927) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza --- .github/workflows/ci.yml | 2 +- README.md | 7 +- afl-cmin | 2 + docs/Changelog.md | 5 + docs/INSTALL.md | 35 +++ docs/env_variables.md | 7 +- frida_mode/GNUmakefile | 12 +- frida_mode/Makefile | 4 + frida_mode/README.md | 82 ++++-- frida_mode/include/asan.h | 13 + frida_mode/include/ctx.h | 11 + frida_mode/include/frida_cmplog.h | 2 +- frida_mode/src/asan/asan.c | 24 ++ frida_mode/src/asan/asan_arm.c | 28 ++ frida_mode/src/asan/asan_arm64.c | 28 ++ frida_mode/src/asan/asan_x64.c | 93 ++++++ frida_mode/src/asan/asan_x86.c | 93 ++++++ frida_mode/src/cmplog/cmplog.c | 6 +- frida_mode/src/cmplog/cmplog_x64.c | 166 +++-------- frida_mode/src/cmplog/cmplog_x86.c | 266 +++++++++++++++++- frida_mode/src/ctx/ctx_x64.c | 114 ++++++++ frida_mode/src/ctx/ctx_x86.c | 81 ++++++ frida_mode/src/instrument/instrument.c | 15 +- frida_mode/src/instrument/instrument_arm32.c | 3 + frida_mode/src/instrument/instrument_x86.c | 66 ++++- frida_mode/src/lib/lib.c | 15 +- frida_mode/src/main.c | 37 ++- frida_mode/src/persistent/persistent_x86.c | 233 ++++++++++++++- frida_mode/src/stalker.c | 2 + frida_mode/test/cmplog/GNUmakefile | 43 +-- frida_mode/test/cmplog/Makefile | 12 +- frida_mode/test/cmplog/cmplog.c | 100 +++++++ frida_mode/test/entry_point/GNUmakefile | 23 +- frida_mode/test/entry_point/Makefile | 6 +- frida_mode/test/entry_point/testinstr.c | 2 + frida_mode/test/exe/GNUmakefile | 9 +- frida_mode/test/exe/Makefile | 6 +- frida_mode/test/fasan/GNUmakefile | 159 +++++++++++ frida_mode/test/fasan/Makefile | 22 ++ frida_mode/test/fasan/test.c | 90 ++++++ frida_mode/test/png/GNUmakefile | 9 +- frida_mode/test/png/Makefile | 6 +- frida_mode/test/png/persistent/GNUmakefile | 23 +- frida_mode/test/png/persistent/Makefile | 6 +- .../test/png/persistent/get_symbol_addr.py | 2 +- .../test/png/persistent/hook/GNUmakefile | 53 +++- frida_mode/test/png/persistent/hook/Makefile | 12 +- .../persistent/hook/aflpp_qemu_driver_hook.c | 97 +++++++ frida_mode/test/testinstr/GNUmakefile | 15 +- frida_mode/test/testinstr/Makefile | 9 +- include/envs.h | 2 + include/forkserver.h | 2 + qemu_mode/libqasan/hooks.c | 10 +- qemu_mode/libqasan/libqasan.c | 11 +- src/afl-cc.c | 12 +- src/afl-forkserver.c | 8 +- src/afl-fuzz-init.c | 18 +- src/afl-fuzz-one.c | 6 +- src/afl-fuzz-stats.c | 5 +- src/afl-fuzz.c | 107 +++++-- src/afl-showmap.c | 100 ++++--- 61 files changed, 2126 insertions(+), 311 deletions(-) create mode 100644 frida_mode/include/asan.h create mode 100644 frida_mode/include/ctx.h create mode 100644 frida_mode/src/asan/asan.c create mode 100644 frida_mode/src/asan/asan_arm.c create mode 100644 frida_mode/src/asan/asan_arm64.c create mode 100644 frida_mode/src/asan/asan_x64.c create mode 100644 frida_mode/src/asan/asan_x86.c create mode 100644 frida_mode/src/ctx/ctx_x64.c create mode 100644 frida_mode/src/ctx/ctx_x86.c create mode 100644 frida_mode/test/cmplog/cmplog.c create mode 100644 frida_mode/test/fasan/GNUmakefile create mode 100644 frida_mode/test/fasan/Makefile create mode 100644 frida_mode/test/fasan/test.c create mode 100644 frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a5f3429e..35051a20 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -19,7 +19,7 @@ jobs: - name: update run: sudo apt-get update && sudo apt-get upgrade -y - name: install packages - run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools + run: sudo apt-get install -y -m -f --install-suggests build-essential git libtool libtool-bin automake bison libglib2.0-0 clang llvm-dev libc++-dev findutils libcmocka-dev python3-dev python3-setuptools ninja-build - name: compiler installed run: gcc -v ; echo ; clang -v - name: install gcc plugin diff --git a/README.md b/README.md index c16216bf..5d5510d2 100644 --- a/README.md +++ b/README.md @@ -90,16 +90,17 @@ behaviours and defaults: | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| - | NeverZero | x86[_64]| x(1) | x | | x | x | - | Persistent Mode | | x | x | x | x86[_64]/arm[64] | x | + | NeverZero | x86[_64]| x(1) | x | x | x | x | + | Persistent Mode | | x | x | x86[_64] | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | x | x86[_64]/arm[64] | | + | CmpLog | | x | | x86[_64] | x86[_64]/arm[64] | | | Selective Instrumentation| | x | x | x | x | | | Non-Colliding Coverage | | x(4) | | | (x)(5) | | | Ngram prev_loc Coverage | | x(6) | | | | | | Context Coverage | | x(6) | | | | | | Auto Dictionary | | x(7) | | | | | | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | + | Shared Memory Testcases | | x | x | x | x | x | 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin diff --git a/afl-cmin b/afl-cmin index 3f3a7517..adcbb221 100755 --- a/afl-cmin +++ b/afl-cmin @@ -123,6 +123,8 @@ function usage() { "AFL_KEEP_TRACES: leave the temporary /.traces directory\n" \ "AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" "AFL_PATH: path for the afl-showmap binary if not found anywhere else\n" \ +"AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \ + "printed to stdout\n" \ "AFL_SKIP_BIN_CHECK: skip check for target binary\n" exit 1 } diff --git a/docs/Changelog.md b/docs/Changelog.md index ceb02bb9..1114a834 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,6 +9,7 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.13a (development) + - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, it currently supports persistent mode and cmplog. thanks to @WorksButNotTested! @@ -28,9 +29,12 @@ sending a mail to . - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing from fuzzers + - on a crashing seed potentially the wrong input was disabled - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. + - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after + no new paths have been found for n seconds - afl-cc: - We do not support llvm versions prior 6.0 anymore - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD @@ -48,6 +52,7 @@ sending a mail to . MacOS shared memory - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup + - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/INSTALL.md b/docs/INSTALL.md index e3c06c9d..80d452f7 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -103,6 +103,41 @@ The llvm instrumentation requires a fully-operational installation of clang. The comes with Xcode is missing some of the essential headers and helper tools. See README.llvm.md for advice on how to build the compiler from scratch. +MacOS X supports SYSV shared memory used by AFL's instrumentation, but the +default settings aren't usable with AFL++. The default settings on 10.14 seem +to be: + +```bash +$ ipcs -M +IPC status from as of XXX +shminfo: + shmmax: 4194304 (max shared memory segment size) + shmmin: 1 (min shared memory segment size) + shmmni: 32 (max number of shared memory identifiers) + shmseg: 8 (max shared memory segments per process) + shmall: 1024 (max amount of shared memory in pages) +``` + +To temporarily change your settings to something minimally usable with AFL++, +run these commands as root: + +```bash +sysctl kern.sysv.shmmax=8388608 +sysctl kern.sysv.shmall=4096 +``` + +If you're running more than one instance of AFL you likely want to make `shmall` +bigger and increase `shmseg` as well: + +```bash +sysctl kern.sysv.shmmax=8388608 +sysctl kern.sysv.shmseg=48 +sysctl kern.sysv.shmall=98304 +``` + +See http://www.spy-hill.com/help/apple/SharedMemory.html for documentation for +these settings and how to make them permanent. + ## 4. Linux or *BSD on non-x86 systems Standard build will fail on non-x86 systems, but you should be able to diff --git a/docs/env_variables.md b/docs/env_variables.md index 8879db72..c3efa0c0 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -285,8 +285,8 @@ checks or alter some of the more exotic semantics of the tool: convenient for some types of automated jobs. - `AFL_EXIT_ON_TIME` Causes afl-fuzz to terminate if no new paths were - found within a specified period of time. May be convenient for some - types of automated jobs. + found within a specified period of time (in seconds). May be convenient + for some types of automated jobs. - `AFL_EXIT_ON_SEED_ISSUES` will restore the vanilla afl-fuzz behaviour which does not allow crashes or timeout seeds in the initial -i corpus. @@ -567,6 +567,9 @@ The corpus minimization script offers very little customization: a modest security risk on multi-user systems with rogue users, but should be safe on dedicated fuzzing boxes. + - `AFL_PRINT_FILENAMES` prints each filename to stdout, as it gets processed. + This can help when embedding `afl-cmin` or `afl-showmap` in other scripts scripting. + ## 7) Settings for afl-tmin Virtually nothing to play with. Well, in QEMU mode (`-Q`), `AFL_PATH` will be diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index a15f5c32..bc77a451 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -19,11 +19,13 @@ RT_CFLAGS:=-Wno-unused-parameter \ -Wno-sign-compare \ -Wno-unused-function \ -Wno-unused-result \ + -Wno-int-to-pointer-cast \ LDFLAGS+=-shared \ -lpthread \ -lresolv \ -ldl \ + -z noexecstack \ ifdef DEBUG CFLAGS+=-Werror \ @@ -38,6 +40,8 @@ FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded +ifndef ARCH + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" ARCH:=arm64 @@ -46,6 +50,7 @@ endif ifeq "$(ARCH)" "i686" ARCH:=x86 endif +endif ifeq "$(shell uname)" "Darwin" OS:=macos @@ -83,13 +88,16 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -.PHONY: all clean format $(FRIDA_GUM) +.PHONY: all 32 clean format $(FRIDA_GUM) ############################## ALL ############################################# all: $(FRIDA_TRACE) make -C $(ROOT) +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $(BUILD_DIR) @@ -161,11 +169,11 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $( $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) $(CC) \ - -o $@ \ $(OBJS) \ $(GUM_DEVIT_LIBRARY) \ $(AFL_COMPILER_RT_OBJ) \ $(LDFLAGS) \ + -o $@ \ cp -v $(FRIDA_TRACE) $(ROOT) diff --git a/frida_mode/Makefile b/frida_mode/Makefile index b6d64bff..6cd1a64e 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean diff --git a/frida_mode/README.md b/frida_mode/README.md index 9f574a4c..ecce0bfd 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -18,19 +18,19 @@ As FRIDA mode is new, it is missing a lot of features. The design is such that i should be possible to add these features in a similar manner to QEMU mode and perhaps leverage some of its design and implementation. - | Feature/Instrumentation | frida-mode | Notes | - | -------------------------|:----------:|:---------------------------------------:| - | NeverZero | x | | - | Persistent Mode | x | (x64 only)(Only on function boundaries) | - | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | - | CMPLOG | x | (x64 only) | - | Selective Instrumentation| x | | - | Non-Colliding Coverage | - | | - | Ngram prev_loc Coverage | - | | - | Context Coverage | - | | - | Auto Dictionary | - | | - | Snapshot LKM Support | - | | - | In-Memory Test Cases | x | (x64 only) | + | Feature/Instrumentation | frida-mode | Notes | + | -------------------------|:----------:|:--------------------------------------------:| + | NeverZero | x | | + | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | + | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | + | CMPLOG | x | (x86/x64 only) | + | Selective Instrumentation| x | | + | Non-Colliding Coverage | - | (Not possible in binary-only instrumentation | + | Ngram prev_loc Coverage | - | | + | Context Coverage | - | | + | Auto Dictionary | - | | + | Snapshot LKM Support | - | | + | In-Memory Test Cases | x | (x86/x64 only) | ## Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 @@ -43,11 +43,17 @@ system does not support cross compilation. ## Getting Started -To build everything run `make`. +To build everything run `make`. To build for x86 run `make 32`. Note that in +x86 bit mode, it is not necessary for afl-fuzz to be built for 32-bit. However, +the shared library for frida_mode must be since it is injected into the target +process. Various tests can be found in subfolders within the `test/` directory. To use these, first run `make` to build any dependencies. Then run `make qemu` or -`make frida` to run on either QEMU of FRIDA mode respectively. +`make frida` to run on either QEMU of FRIDA mode respectively. To run frida +tests in 32-bit mode, run `make ARCH=x86 frida`. When switching between +architectures it may be necessary to run `make clean` first for a given build +target to remove previously generated binaries for a different architecture. ## Usage @@ -130,9 +136,47 @@ them and they be inherited by the next child on fork. * `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +## FASAN - Frida Address Sanitizer Mode +Frida mode also supports FASAN. The design of this is actually quite simple and +very similar to that used when instrumenting applications compiled from source. + +### Address Sanitizer Basics + +When Address Sanitizer is used to instrument programs built from source, the +compiler first adds a dependency (`DT_NEEDED` entry) for the Address Sanitizer +dynamic shared object (DSO). This shared object contains the main logic for Address +Sanitizer, including setting and managing up the shadow memory. It also provides +replacement implementations for a number of functions in standard libraries. + +These replacements include things like `malloc` and `free` which allows for those +allocations to be marked in the shadow memory, but also a number of other fuctions. +Consider `memcpy` for example, this is instrumented to validate the paramters +(test the source and destination buffers against the shadow memory. This is much +easier than instrumenting those standard libraries since, first it would require +you to re-compile them and secondly it would mean that the instrumentation would +be applied at a more expensive granular level. Lastly, load-widening (typically +found in highy optimized code) can also make this instrumentation more difficult. + +Since the DSO is loaded before all of the standard libraries (in fact it insists +on being first), the dynamic loader will use it to resolve imports from other +modules which depend on it. + +### FASAN Implementation + +FASAN takes a similar approach. It requires the user to add the Address Sanitizer +DSO to the `AFL_PRELOAD` environment variable such that it is loaded into the target. +Again, it must be first in the list. This means that it is not necessary to +instrument the standard libraries to detect when an application has provided an +incorrect argument to `memcpy` for example. This avoids issues with load-widening +and should also mean a huge improvement in performance. + +FASAN then adds instrumentation for any instrucutions which use memory operands and +then calls into the `__asan_loadN` and `__asan_storeN` functions provided by the DSO +to validate memory accesses against the shadow memory. + ## TODO -The next features to be added are x86 support, integration with FuzzBench and -support for ASAN. The intention is to achieve feature parity with QEMU mode in -due course. Contributions are welcome, but please get in touch to ensure that -efforts are deconflicted. +The next features to be added are Aarch64 and Aarch32 support as well as looking at +potential performance improvements. The intention is to achieve feature parity with +QEMU mode in due course. Contributions are welcome, but please get in touch to +ensure that efforts are deconflicted. diff --git a/frida_mode/include/asan.h b/frida_mode/include/asan.h new file mode 100644 index 00000000..7a8726e0 --- /dev/null +++ b/frida_mode/include/asan.h @@ -0,0 +1,13 @@ +#ifndef _ASAN_H +#define _ASAN_H + +#include "frida-gum.h" + +extern gboolean asan_initialized; + +void asan_init(void); +void asan_arch_init(void); +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator); + +#endif + diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h new file mode 100644 index 00000000..cbcc892a --- /dev/null +++ b/frida_mode/include/ctx.h @@ -0,0 +1,11 @@ +#ifndef _CTX_H +#define _CTX_H + +#include "frida-gum.h" + +#if defined(__x86_64__) || defined(__i386__) +gsize ctx_read_reg(GumCpuContext *ctx, x86_reg reg); +#endif + +#endif + diff --git a/frida_mode/include/frida_cmplog.h b/frida_mode/include/frida_cmplog.h index 28864c0e..b620a472 100644 --- a/frida_mode/include/frida_cmplog.h +++ b/frida_mode/include/frida_cmplog.h @@ -8,7 +8,7 @@ void cmplog_init(void); /* Functions to be implemented by the different architectures */ void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator); -gboolean cmplog_is_readable(void *addr, size_t size); +gboolean cmplog_is_readable(guint64 addr, size_t size); #endif diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c new file mode 100644 index 00000000..f78f690c --- /dev/null +++ b/frida_mode/src/asan/asan.c @@ -0,0 +1,24 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" + +gboolean asan_initialized = FALSE; + +void asan_init(void) { + + if (getenv("AFL_USE_FASAN") != NULL) { + + OKF("Frida ASAN mode enabled"); + asan_arch_init(); + asan_initialized = TRUE; + + } else { + + OKF("Frida ASAN mode disabled"); + + } + +} + diff --git a/frida_mode/src/asan/asan_arm.c b/frida_mode/src/asan/asan_arm.c new file mode 100644 index 00000000..79475ced --- /dev/null +++ b/frida_mode/src/asan/asan_arm.c @@ -0,0 +1,28 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "util.h" + +#if defined(__arm__) +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (asan_initialized) { + + FATAL("ASAN mode not supported on this architecture"); + + } + +} + +void asan_arch_init(void) { + + FATAL("ASAN mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c new file mode 100644 index 00000000..6262ee18 --- /dev/null +++ b/frida_mode/src/asan/asan_arm64.c @@ -0,0 +1,28 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "util.h" + +#if defined(__aarch64__) +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(iterator); + if (asan_initialized) { + + FATAL("ASAN mode not supported on this architecture"); + + } + +} + +void asan_arch_init(void) { + + FATAL("ASAN mode not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c new file mode 100644 index 00000000..a2eabe3c --- /dev/null +++ b/frida_mode/src/asan/asan_x64.c @@ -0,0 +1,93 @@ +#include +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "ctx.h" +#include "util.h" + +#if defined(__x86_64__) + +typedef void (*asan_loadN_t)(uint64_t address, uint8_t size); +typedef void (*asan_storeN_t)(uint64_t address, uint8_t size); + +asan_loadN_t asan_loadN = NULL; +asan_storeN_t asan_storeN = NULL; + +static void asan_callout(GumCpuContext *ctx, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + cs_x86_op * operand = (cs_x86_op *)user_data; + x86_op_mem *mem = &operand->mem; + gsize base = 0; + gsize index = 0; + gsize address; + uint8_t size; + + if (mem->base != X86_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != X86_REG_INVALID) { index = ctx_read_reg(ctx, mem->index); } + + address = base + (mem->scale * index) + mem->disp; + size = operand->size; + + if (operand->access == CS_AC_READ) { + + asan_loadN(address, size); + + } else if (operand->access == CS_AC_WRITE) { + + asan_storeN(address, size); + + } + +} + +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(iterator); + + cs_x86 x86 = instr->detail->x86; + cs_x86_op * operand; + x86_op_mem *mem; + cs_x86_op * ctx; + + if (!asan_initialized) return; + + if (instr->id == X86_INS_LEA) return; + + if (instr->id == X86_INS_NOP) return; + + for (uint8_t i = 0; i < x86.op_count; i++) { + + operand = &x86.operands[i]; + + if (operand->type != X86_OP_MEM) { continue; } + + mem = &operand->mem; + if (mem->segment != X86_REG_INVALID) { continue; } + + ctx = g_malloc0(sizeof(cs_x86_op)); + memcpy(ctx, operand, sizeof(cs_x86_op)); + gum_stalker_iterator_put_callout(iterator, asan_callout, ctx, g_free); + + } + +} + +void asan_arch_init(void) { + + asan_loadN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_loadN"); + asan_storeN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_storeN"); + if (asan_loadN == NULL || asan_storeN == NULL) { + + FATAL("Frida ASAN failed to find '__asan_loadN' or '__asan_storeN'"); + + } + +} + +#endif + diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c new file mode 100644 index 00000000..8490b490 --- /dev/null +++ b/frida_mode/src/asan/asan_x86.c @@ -0,0 +1,93 @@ +#include +#include "frida-gum.h" + +#include "debug.h" + +#include "asan.h" +#include "ctx.h" +#include "util.h" + +#if defined(__i386__) + +typedef void (*asan_loadN_t)(gsize address, uint8_t size); +typedef void (*asan_storeN_t)(gsize address, uint8_t size); + +asan_loadN_t asan_loadN = NULL; +asan_storeN_t asan_storeN = NULL; + +static void asan_callout(GumCpuContext *ctx, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + cs_x86_op * operand = (cs_x86_op *)user_data; + x86_op_mem *mem = &operand->mem; + gsize base = 0; + gsize index = 0; + gsize address; + uint8_t size; + + if (mem->base != X86_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != X86_REG_INVALID) { index = ctx_read_reg(ctx, mem->index); } + + address = base + (mem->scale * index) + mem->disp; + size = operand->size; + + if (operand->access == CS_AC_READ) { + + asan_loadN(address, size); + + } else if (operand->access == CS_AC_WRITE) { + + asan_storeN(address, size); + + } + +} + +void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { + + UNUSED_PARAMETER(iterator); + + cs_x86 x86 = instr->detail->x86; + cs_x86_op * operand; + x86_op_mem *mem; + cs_x86_op * ctx; + + if (!asan_initialized) return; + + if (instr->id == X86_INS_LEA) return; + + if (instr->id == X86_INS_NOP) return; + + for (uint8_t i = 0; i < x86.op_count; i++) { + + operand = &x86.operands[i]; + + if (operand->type != X86_OP_MEM) { continue; } + + mem = &operand->mem; + if (mem->segment != X86_REG_INVALID) { continue; } + + ctx = g_malloc0(sizeof(cs_x86_op)); + memcpy(ctx, operand, sizeof(cs_x86_op)); + gum_stalker_iterator_put_callout(iterator, asan_callout, ctx, g_free); + + } + +} + +void asan_arch_init(void) { + + asan_loadN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_loadN"); + asan_storeN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_storeN"); + if (asan_loadN == NULL || asan_storeN == NULL) { + + FATAL("Frida ASAN failed to find '__asan_loadN' or '__asan_storeN'"); + + } + +} + +#endif + diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 3fab1951..7b11c350 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -53,7 +53,7 @@ static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, } -gboolean cmplog_is_readable(void *addr, size_t size) { +gboolean cmplog_is_readable(guint64 addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); @@ -65,9 +65,9 @@ gboolean cmplog_is_readable(void *addr, size_t size) { * is lower than this. This should avoid some overhead when functions are * called where one of the parameters is a size, or a some other small value. */ - if (GPOINTER_TO_SIZE(addr) < DEFAULT_MMAP_MIN_ADDR) { return false; } + if (addr < DEFAULT_MMAP_MIN_ADDR) { return false; } - GumAddress inner_base = GUM_ADDRESS(addr); + GumAddress inner_base = addr; GumAddress inner_limit = inner_base + size; for (guint i = 0; i < cmplog_ranges->len; i++) { diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 9bf09ad5..9f56c32a 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -3,46 +3,12 @@ #include "debug.h" #include "cmplog.h" +#include "ctx.h" #include "frida_cmplog.h" #include "util.h" #if defined(__x86_64__) - #define X86_REG_8L(LABEL, REG) \ - case LABEL: { \ - \ - return REG & GUM_INT8_MASK; \ - \ - } - - #define X86_REG_8H(LABEL, REG) \ - case LABEL: { \ - \ - return (REG & GUM_INT16_MASK) >> 8; \ - \ - } - - #define X86_REG_16(LABEL, REG) \ - case LABEL: { \ - \ - return (REG & GUM_INT16_MASK); \ - \ - } - - #define X86_REG_32(LABEL, REG) \ - case LABEL: { \ - \ - return (REG & GUM_INT32_MASK); \ - \ - } - - #define X86_REG_64(LABEL, REG) \ - case LABEL: { \ - \ - return (REG); \ - \ - } - typedef struct { x86_op_type type; @@ -65,123 +31,81 @@ typedef struct { } cmplog_pair_ctx_t; -static guint64 cmplog_read_reg(GumX64CpuContext *ctx, x86_reg reg) { +static gboolean cmplog_read_mem(GumCpuContext *ctx, uint8_t size, + x86_op_mem *mem, gsize *val) { - switch (reg) { + gsize base = 0; + gsize index = 0; + gsize address; - X86_REG_8L(X86_REG_AL, ctx->rax) - X86_REG_8L(X86_REG_BL, ctx->rbx) - X86_REG_8L(X86_REG_CL, ctx->rcx) - X86_REG_8L(X86_REG_DL, ctx->rdx) - X86_REG_8L(X86_REG_BPL, ctx->rbp) - X86_REG_8L(X86_REG_SIL, ctx->rsi) - X86_REG_8L(X86_REG_DIL, ctx->rdi) + if (mem->base != X86_REG_INVALID) base = ctx_read_reg(ctx, mem->base); - X86_REG_8H(X86_REG_AH, ctx->rax) - X86_REG_8H(X86_REG_BH, ctx->rbx) - X86_REG_8H(X86_REG_CH, ctx->rcx) - X86_REG_8H(X86_REG_DH, ctx->rdx) + if (mem->index != X86_REG_INVALID) index = ctx_read_reg(ctx, mem->index); - X86_REG_16(X86_REG_AX, ctx->rax) - X86_REG_16(X86_REG_BX, ctx->rbx) - X86_REG_16(X86_REG_CX, ctx->rcx) - X86_REG_16(X86_REG_DX, ctx->rdx) - X86_REG_16(X86_REG_DI, ctx->rdi) - X86_REG_16(X86_REG_SI, ctx->rsi) - X86_REG_16(X86_REG_BP, ctx->rbp) + address = base + (index * mem->scale) + mem->disp; - X86_REG_32(X86_REG_EAX, ctx->rax) - X86_REG_32(X86_REG_ECX, ctx->rcx) - X86_REG_32(X86_REG_EDX, ctx->rdx) - X86_REG_32(X86_REG_EBX, ctx->rbx) - X86_REG_32(X86_REG_ESP, ctx->rsp) - X86_REG_32(X86_REG_EBP, ctx->rbp) - X86_REG_32(X86_REG_ESI, ctx->rsi) - X86_REG_32(X86_REG_EDI, ctx->rdi) - X86_REG_32(X86_REG_R8D, ctx->r8) - X86_REG_32(X86_REG_R9D, ctx->r9) - X86_REG_32(X86_REG_R10D, ctx->r10) - X86_REG_32(X86_REG_R11D, ctx->r11) - X86_REG_32(X86_REG_R12D, ctx->r12) - X86_REG_32(X86_REG_R13D, ctx->r13) - X86_REG_32(X86_REG_R14D, ctx->r14) - X86_REG_32(X86_REG_R15D, ctx->r15) - X86_REG_32(X86_REG_EIP, ctx->rip) + if (!cmplog_is_readable(address, size)) { return FALSE; } - X86_REG_64(X86_REG_RAX, ctx->rax) - X86_REG_64(X86_REG_RCX, ctx->rcx) - X86_REG_64(X86_REG_RDX, ctx->rdx) - X86_REG_64(X86_REG_RBX, ctx->rbx) - X86_REG_64(X86_REG_RSP, ctx->rsp) - X86_REG_64(X86_REG_RBP, ctx->rbp) - X86_REG_64(X86_REG_RSI, ctx->rsi) - X86_REG_64(X86_REG_RDI, ctx->rdi) - X86_REG_64(X86_REG_R8, ctx->r8) - X86_REG_64(X86_REG_R9, ctx->r9) - X86_REG_64(X86_REG_R10, ctx->r10) - X86_REG_64(X86_REG_R11, ctx->r11) - X86_REG_64(X86_REG_R12, ctx->r12) - X86_REG_64(X86_REG_R13, ctx->r13) - X86_REG_64(X86_REG_R14, ctx->r14) - X86_REG_64(X86_REG_R15, ctx->r15) - X86_REG_64(X86_REG_RIP, ctx->rip) + switch (size) { + case 1: + *val = *((guint8 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 2: + *val = *((guint16 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 4: + *val = *((guint32 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 8: + *val = *((guint64 *)GSIZE_TO_POINTER(address)); + return TRUE; default: - FATAL("Failed to read register: %d", reg); - return 0; + FATAL("Invalid operand size: %d\n", size); } -} - -static guint64 cmplog_read_mem(GumX64CpuContext *ctx, x86_op_mem *mem) { - - guint64 base = 0; - guint64 index = 0; - guint64 address; - - if (mem->base != X86_REG_INVALID) base = cmplog_read_reg(ctx, mem->base); - - if (mem->index != X86_REG_INVALID) index = cmplog_read_reg(ctx, mem->index); - - address = base + (index * mem->scale) + mem->disp; - return address; + return FALSE; } -static guint64 cmplog_get_operand_value(GumCpuContext *context, - cmplog_ctx_t * ctx) { +static gboolean cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t *ctx, gsize *val) { switch (ctx->type) { case X86_OP_REG: - return cmplog_read_reg(context, ctx->reg); + *val = ctx_read_reg(context, ctx->reg); + return TRUE; case X86_OP_IMM: - return ctx->imm; + *val = ctx->imm; + return TRUE; case X86_OP_MEM: - return cmplog_read_mem(context, &ctx->mem); + return cmplog_read_mem(context, ctx->size, &ctx->mem, val); default: FATAL("Invalid operand type: %d\n", ctx->type); } + return FALSE; + } static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { UNUSED_PARAMETER(user_data); - guint64 address = cmplog_read_reg(context, X86_REG_RIP); - guint64 rdi = cmplog_read_reg(context, X86_REG_RDI); - guint64 rsi = cmplog_read_reg(context, X86_REG_RSI); + gsize address = ctx_read_reg(context, X86_REG_RIP); + gsize rdi = ctx_read_reg(context, X86_REG_RDI); + gsize rsi = ctx_read_reg(context, X86_REG_RSI); if (((G_MAXULONG - rdi) < 32) || ((G_MAXULONG - rsi) < 32)) return; + if (!cmplog_is_readable(rdi, 32) || !cmplog_is_readable(rsi, 32)) return; + void *ptr1 = GSIZE_TO_POINTER(rdi); void *ptr2 = GSIZE_TO_POINTER(rsi); - if (!cmplog_is_readable(ptr1, 32) || !cmplog_is_readable(ptr2, 32)) return; - uintptr_t k = address; k = (k >> 4) ^ (k << 8); @@ -245,10 +169,10 @@ static void cmplog_instrument_call(const cs_insn * instr, } -static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, - guint64 operand2, uint8_t size) { +static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, + gsize operand2, uint8_t size) { - guint64 address = cmplog_read_reg(context, X86_REG_RIP); + gsize address = ctx_read_reg(context, X86_REG_RIP); register uintptr_t k = (uintptr_t)address; @@ -271,11 +195,13 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, guint64 operand1, static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + gsize operand1; + gsize operand2; if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); - guint64 operand1 = cmplog_get_operand_value(context, &ctx->operand1); - guint64 operand2 = cmplog_get_operand_value(context, &ctx->operand2); + if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } + if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } cmplog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index 2401180c..a27df0af 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -1,17 +1,275 @@ #include "frida-gum.h" #include "debug.h" +#include "cmplog.h" +#include "ctx.h" #include "frida_cmplog.h" #include "util.h" #if defined(__i386__) + +typedef struct { + + x86_op_type type; + uint8_t size; + + union { + + x86_op_mem mem; + x86_reg reg; + int64_t imm; + + }; + +} cmplog_ctx_t; + +typedef struct { + + cmplog_ctx_t operand1; + cmplog_ctx_t operand2; + +} cmplog_pair_ctx_t; + +static gboolean cmplog_read_mem(GumCpuContext *ctx, uint8_t size, + x86_op_mem *mem, gsize *val) { + + gsize base = 0; + gsize index = 0; + gsize address; + + if (mem->base != X86_REG_INVALID) base = ctx_read_reg(ctx, mem->base); + + if (mem->index != X86_REG_INVALID) index = ctx_read_reg(ctx, mem->index); + + address = base + (index * mem->scale) + mem->disp; + + if (!cmplog_is_readable(address, size)) { return FALSE; } + + switch (size) { + + case 1: + *val = *((guint8 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 2: + *val = *((guint16 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 4: + *val = *((guint32 *)GSIZE_TO_POINTER(address)); + return TRUE; + default: + FATAL("Invalid operand size: %d\n", size); + + } + + return FALSE; + +} + +static gboolean cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t *ctx, gsize *val) { + + switch (ctx->type) { + + case X86_OP_REG: + *val = ctx_read_reg(context, ctx->reg); + return TRUE; + case X86_OP_IMM: + *val = ctx->imm; + return TRUE; + case X86_OP_MEM: + return cmplog_read_mem(context, ctx->size, &ctx->mem, val); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + + return FALSE; + +} + +static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + gsize address = ctx_read_reg(context, X86_REG_EIP); + gsize *esp = (gsize *)ctx_read_reg(context, X86_REG_ESP); + + if (!cmplog_is_readable(GPOINTER_TO_SIZE(esp), 12)) return; + + /* + * This callout is place immediately before the call instruction, and hence + * the return address is not yet pushed on the top of the stack. + */ + gsize arg1 = esp[0]; + gsize arg2 = esp[1]; + + if (((G_MAXULONG - arg1) < 32) || ((G_MAXULONG - arg2) < 32)) return; + + if (!cmplog_is_readable(arg1, 32) || !cmplog_is_readable(arg2, 32)) return; + + void *ptr1 = GSIZE_TO_POINTER(arg1); + void *ptr2 = GSIZE_TO_POINTER(arg2); + + uintptr_t k = address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = 31; + + hits &= CMP_MAP_RTN_H - 1; + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, + 32); + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, + 32); + +} + +static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, + cs_x86_op * operand) { + + ctx->type = operand->type; + ctx->size = operand->size; + switch (operand->type) { + + case X86_OP_REG: + gum_memcpy(&ctx->reg, &operand->reg, sizeof(x86_reg)); + break; + case X86_OP_IMM: + gum_memcpy(&ctx->imm, &operand->imm, sizeof(int64_t)); + break; + case X86_OP_MEM: + gum_memcpy(&ctx->mem, &operand->mem, sizeof(x86_op_mem)); + break; + default: + FATAL("Invalid operand type: %d\n", operand->type); + + } + +} + +static void cmplog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand; + + if (instr->id != X86_INS_CALL) return; + + if (x86.op_count != 1) return; + + operand = &x86.operands[0]; + + if (operand->type == X86_OP_INVALID) return; + if (operand->type == X86_OP_MEM && operand->mem.segment != X86_REG_INVALID) + return; + + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, NULL, NULL); + +} + +static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, + gsize operand2, uint8_t size) { + + gsize address = ctx_read_reg(context, X86_REG_EIP); + + register uintptr_t k = (uintptr_t)address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_INS; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = (size - 1); + + hits &= CMP_MAP_H - 1; + __afl_cmp_map->log[k][hits].v0 = operand1; + __afl_cmp_map->log[k][hits].v1 = operand2; + +} + +static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { + + cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + gsize operand1; + gsize operand2; + + if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); + + if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } + if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } + + cmplog_handle_cmp_sub(context, operand1, operand2, ctx->operand1.size); + +} + +static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_x86_op * operand1, + cs_x86_op *operand2) { + + cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); + if (ctx == NULL) return; + + cmplog_instrument_put_operand(&ctx->operand1, operand1); + cmplog_instrument_put_operand(&ctx->operand2, operand2); + + gum_stalker_iterator_put_callout(iterator, cmplog_cmp_sub_callout, ctx, + g_free); + +} + +static void cmplog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_x86 x86 = instr->detail->x86; + cs_x86_op *operand1; + cs_x86_op *operand2; + + switch (instr->id) { + + case X86_INS_CMP: + case X86_INS_SUB: + break; + default: + return; + + } + + if (x86.op_count != 2) return; + + operand1 = &x86.operands[0]; + operand2 = &x86.operands[1]; + + if (operand1->type == X86_OP_INVALID) return; + if (operand2->type == X86_OP_INVALID) return; + + if ((operand1->type == X86_OP_MEM) && + (operand1->mem.segment != X86_REG_INVALID)) + return; + + if ((operand2->type == X86_OP_MEM) && + (operand2->mem.segment != X86_REG_INVALID)) + return; + + cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); + +} + void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); - UNUSED_PARAMETER(iterator); - if (__afl_cmp_map == NULL) { return; } - FATAL("CMPLOG mode not supported on this architecture"); + if (__afl_cmp_map == NULL) return; + + cmplog_instrument_call(instr, iterator); + cmplog_instrument_cmp_sub(instr, iterator); } diff --git a/frida_mode/src/ctx/ctx_x64.c b/frida_mode/src/ctx/ctx_x64.c new file mode 100644 index 00000000..c5900533 --- /dev/null +++ b/frida_mode/src/ctx/ctx_x64.c @@ -0,0 +1,114 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__x86_64__) + + #define X86_REG_8L(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define X86_REG_8H(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK) >> 8; \ + \ + } + + #define X86_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define X86_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + + #define X86_REG_64(LABEL, REG) \ + case LABEL: { \ + \ + return (REG); \ + \ + } + +gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { + + switch (reg) { + + X86_REG_8L(X86_REG_AL, ctx->rax) + X86_REG_8L(X86_REG_BL, ctx->rbx) + X86_REG_8L(X86_REG_CL, ctx->rcx) + X86_REG_8L(X86_REG_DL, ctx->rdx) + X86_REG_8L(X86_REG_BPL, ctx->rbp) + X86_REG_8L(X86_REG_SIL, ctx->rsi) + X86_REG_8L(X86_REG_DIL, ctx->rdi) + + X86_REG_8H(X86_REG_AH, ctx->rax) + X86_REG_8H(X86_REG_BH, ctx->rbx) + X86_REG_8H(X86_REG_CH, ctx->rcx) + X86_REG_8H(X86_REG_DH, ctx->rdx) + + X86_REG_16(X86_REG_AX, ctx->rax) + X86_REG_16(X86_REG_BX, ctx->rbx) + X86_REG_16(X86_REG_CX, ctx->rcx) + X86_REG_16(X86_REG_DX, ctx->rdx) + X86_REG_16(X86_REG_DI, ctx->rdi) + X86_REG_16(X86_REG_SI, ctx->rsi) + X86_REG_16(X86_REG_BP, ctx->rbp) + + X86_REG_32(X86_REG_EAX, ctx->rax) + X86_REG_32(X86_REG_ECX, ctx->rcx) + X86_REG_32(X86_REG_EDX, ctx->rdx) + X86_REG_32(X86_REG_EBX, ctx->rbx) + X86_REG_32(X86_REG_ESP, ctx->rsp) + X86_REG_32(X86_REG_EBP, ctx->rbp) + X86_REG_32(X86_REG_ESI, ctx->rsi) + X86_REG_32(X86_REG_EDI, ctx->rdi) + X86_REG_32(X86_REG_R8D, ctx->r8) + X86_REG_32(X86_REG_R9D, ctx->r9) + X86_REG_32(X86_REG_R10D, ctx->r10) + X86_REG_32(X86_REG_R11D, ctx->r11) + X86_REG_32(X86_REG_R12D, ctx->r12) + X86_REG_32(X86_REG_R13D, ctx->r13) + X86_REG_32(X86_REG_R14D, ctx->r14) + X86_REG_32(X86_REG_R15D, ctx->r15) + X86_REG_32(X86_REG_EIP, ctx->rip) + + X86_REG_64(X86_REG_RAX, ctx->rax) + X86_REG_64(X86_REG_RCX, ctx->rcx) + X86_REG_64(X86_REG_RDX, ctx->rdx) + X86_REG_64(X86_REG_RBX, ctx->rbx) + X86_REG_64(X86_REG_RSP, ctx->rsp) + X86_REG_64(X86_REG_RBP, ctx->rbp) + X86_REG_64(X86_REG_RSI, ctx->rsi) + X86_REG_64(X86_REG_RDI, ctx->rdi) + X86_REG_64(X86_REG_R8, ctx->r8) + X86_REG_64(X86_REG_R9, ctx->r9) + X86_REG_64(X86_REG_R10, ctx->r10) + X86_REG_64(X86_REG_R11, ctx->r11) + X86_REG_64(X86_REG_R12, ctx->r12) + X86_REG_64(X86_REG_R13, ctx->r13) + X86_REG_64(X86_REG_R14, ctx->r14) + X86_REG_64(X86_REG_R15, ctx->r15) + X86_REG_64(X86_REG_RIP, ctx->rip) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +#endif + diff --git a/frida_mode/src/ctx/ctx_x86.c b/frida_mode/src/ctx/ctx_x86.c new file mode 100644 index 00000000..45308272 --- /dev/null +++ b/frida_mode/src/ctx/ctx_x86.c @@ -0,0 +1,81 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__i386__) + + #define X86_REG_8L(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define X86_REG_8H(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK) >> 8; \ + \ + } + + #define X86_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define X86_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + +gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { + + switch (reg) { + + X86_REG_8L(X86_REG_AL, ctx->eax) + X86_REG_8L(X86_REG_BL, ctx->ebx) + X86_REG_8L(X86_REG_CL, ctx->ecx) + X86_REG_8L(X86_REG_DL, ctx->edx) + X86_REG_8L(X86_REG_BPL, ctx->ebp) + X86_REG_8L(X86_REG_SIL, ctx->esi) + X86_REG_8L(X86_REG_DIL, ctx->edi) + + X86_REG_8H(X86_REG_AH, ctx->eax) + X86_REG_8H(X86_REG_BH, ctx->ebx) + X86_REG_8H(X86_REG_CH, ctx->ecx) + X86_REG_8H(X86_REG_DH, ctx->edx) + + X86_REG_16(X86_REG_AX, ctx->eax) + X86_REG_16(X86_REG_BX, ctx->ebx) + X86_REG_16(X86_REG_CX, ctx->ecx) + X86_REG_16(X86_REG_DX, ctx->edx) + X86_REG_16(X86_REG_DI, ctx->edi) + X86_REG_16(X86_REG_SI, ctx->esi) + X86_REG_16(X86_REG_BP, ctx->ebp) + + X86_REG_32(X86_REG_EAX, ctx->eax) + X86_REG_32(X86_REG_ECX, ctx->ecx) + X86_REG_32(X86_REG_EDX, ctx->edx) + X86_REG_32(X86_REG_EBX, ctx->ebx) + X86_REG_32(X86_REG_ESP, ctx->esp) + X86_REG_32(X86_REG_EBP, ctx->ebp) + X86_REG_32(X86_REG_ESI, ctx->esi) + X86_REG_32(X86_REG_EDI, ctx->edi) + X86_REG_32(X86_REG_EIP, ctx->eip) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 971f80c0..67eadc3f 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -5,6 +5,7 @@ #include "config.h" #include "debug.h" +#include "asan.h" #include "entry.h" #include "frida_cmplog.h" #include "instrument.h" @@ -33,7 +34,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, */ static char buffer[200]; int len; - guint64 current_pc = (guint64)user_data; + GumAddress current_pc = GUM_ADDRESS(user_data); uint8_t * cursor; uint64_t value; if (unlikely(tracing)) { @@ -85,8 +86,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (begin) { - prefetch_write((void *)instr->address); - if (!range_is_excluded((void *)instr->address)) { + prefetch_write(GSIZE_TO_POINTER(instr->address)); + if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { if (optimize) { @@ -94,8 +95,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, } else { - gum_stalker_iterator_put_callout(iterator, on_basic_block, - (gpointer)instr->address, NULL); + gum_stalker_iterator_put_callout( + iterator, on_basic_block, GSIZE_TO_POINTER(instr->address), NULL); } @@ -105,8 +106,9 @@ static void instr_basic_block(GumStalkerIterator *iterator, } - if (!range_is_excluded((void *)instr->address)) { + if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { + asan_instrument(instr, iterator); cmplog_instrument(instr, iterator); } @@ -142,6 +144,7 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + asan_init(); cmplog_init(); } diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index c2d720a7..1a3c40bb 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -3,6 +3,7 @@ #include "debug.h" #include "instrument.h" +#include "util.h" #if defined(__arm__) @@ -15,6 +16,8 @@ gboolean instrument_is_coverage_optimize_supported(void) { void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(output); FATAL("Optimized coverage not supported on this architecture"); } diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 5b8cbbba..585bb5b8 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -3,19 +3,81 @@ #include "debug.h" #include "instrument.h" +#include "util.h" #if defined(__i386__) +static GumAddress current_log_impl = GUM_ADDRESS(0); + +static void instrument_coverage_function(GumX86Writer *cw) { + + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_ECX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, + GUM_ADDRESS(&previous_pc)); + gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_EDX, GUM_REG_ECX); + gum_x86_writer_put_xor_reg_reg(cw, GUM_REG_EDX, GUM_REG_EDI); + + gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EDX, GUM_ADDRESS(__afl_area_ptr)); + + /* add byte ptr [edx], 1 */ + uint8_t add_byte_ptr_edx_1[] = {0x80, 0x02, 0x01}; + gum_x86_writer_put_bytes(cw, add_byte_ptr_edx_1, sizeof(add_byte_ptr_edx_1)); + + /* adc byte ptr [edx], 0 */ + uint8_t adc_byte_ptr_edx_0[] = {0x80, 0x12, 0x00}; + gum_x86_writer_put_bytes(cw, adc_byte_ptr_edx_0, sizeof(adc_byte_ptr_edx_0)); + + gum_x86_writer_put_shr_reg_u8(cw, GUM_REG_EDI, 1); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_ECX, GUM_REG_EDI); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_EDX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_ECX); + gum_x86_writer_put_popfx(cw); + gum_x86_writer_put_ret(cw); + +} + gboolean instrument_is_coverage_optimize_supported(void) { - return false; + return true; } void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { - FATAL("Optimized coverage not supported on this architecture"); + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(output); + + guint64 current_pc = instr->address; + guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + area_offset &= MAP_SIZE - 1; + GumX86Writer *cw = output->writer.x86; + + if (current_log_impl == 0 || + !gum_x86_writer_can_branch_directly_between(cw->pc, current_log_impl) || + !gum_x86_writer_can_branch_directly_between(cw->pc + 128, + current_log_impl)) { + + gconstpointer after_log_impl = cw->code + 1; + + gum_x86_writer_put_jmp_near_label(cw, after_log_impl); + + current_log_impl = cw->pc; + instrument_coverage_function(cw); + + gum_x86_writer_put_label(cw, after_log_impl); + + } + + // gum_x86_writer_put_breakpoint(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDI, area_offset); + gum_x86_writer_put_call_address(cw, current_log_impl); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EDI); } diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index c5045533..13a7d1e7 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -90,7 +90,8 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { if (!found_preferred_base) { FATAL("Failed to find preferred load address"); } - OKF("Image preferred load address 0x%016lx", preferred_base); + OKF("Image preferred load address 0x%016" G_GSIZE_MODIFIER "x", + preferred_base); shdr = (Elf_Shdr *)((char *)hdr + hdr->e_shoff); shstrtab = &shdr[hdr->e_shstrndx]; @@ -107,15 +108,16 @@ static void lib_read_text_section(lib_details_t *lib_details, Elf_Ehdr *hdr) { if (curr->sh_name == 0) continue; section_name = &shstr[curr->sh_name]; - OKF("Section: %2lu - base: 0x%016lX size: 0x%016lX %s", i, curr->sh_addr, - curr->sh_size, section_name); + OKF("Section: %2" G_GSIZE_MODIFIER "u - base: 0x%016" G_GSIZE_MODIFIER + "X size: 0x%016" G_GSIZE_MODIFIER "X %s", + i, curr->sh_addr, curr->sh_size, section_name); if (memcmp(section_name, text_name, sizeof(text_name)) == 0 && text_base == 0) { text_base = lib_details->base_address + curr->sh_addr - preferred_base; text_limit = text_base + curr->sh_size; - OKF("> text_addr: 0x%016lX", text_base); - OKF("> text_limit: 0x%016lX", text_limit); + OKF("> text_addr: 0x%016" G_GINT64_MODIFIER "X", text_base); + OKF("> text_limit: 0x%016" G_GINT64_MODIFIER "X", text_limit); } @@ -153,7 +155,8 @@ void lib_init(void) { lib_details_t lib_details; gum_process_enumerate_modules(lib_find_exe, &lib_details); - OKF("Executable: 0x%016lx - %s", lib_details.base_address, lib_details.path); + OKF("Executable: 0x%016" G_GINT64_MODIFIER "x - %s", lib_details.base_address, + lib_details.path); lib_get_text_section(&lib_details); } diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index e031dbed..21073cbe 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -75,16 +75,22 @@ static void on_main_os(int argc, char **argv, char **envp) { #endif -static int *on_main(int argc, char **argv, char **envp) { +static void embedded_init() { - void *fork_addr; + static gboolean initialized = false; + if (!initialized) { - on_main_os(argc, argv, envp); + gum_init_embedded(); + initialized = true; - unintercept_self(); + } +} + +void afl_frida_start() { + + embedded_init(); stalker_init(); - lib_init(); entry_init(); instrument_init(); @@ -92,12 +98,23 @@ static int *on_main(int argc, char **argv, char **envp) { prefetch_init(); ranges_init(); - fork_addr = GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); + void *fork_addr = + GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); intercept(fork_addr, on_fork, NULL); stalker_start(); entry_run(); +} + +static int *on_main(int argc, char **argv, char **envp) { + + on_main_os(argc, argv, envp); + + unintercept_self(); + + afl_frida_start(); + return main_fn(argc, argv, envp); } @@ -149,13 +166,7 @@ static void intercept_main(void) { __attribute__((constructor)) static void init(void) { - gum_init_embedded(); - if (!gum_stalker_is_supported()) { - - gum_deinit_embedded(); - FATAL("Failed to initialize embedded"); - - } + embedded_init(); intercept_main(); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 9d39c4e9..bd7171b9 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -1,9 +1,9 @@ #include "frida-gum.h" -#include "debug.h" +#include "config.h" +#include "instrument.h" #include "persistent.h" -#include "util.h" #if defined(__i386__) @@ -38,16 +38,239 @@ struct x86_regs { typedef struct x86_regs arch_api_regs; +static arch_api_regs saved_regs = {0}; +static void * saved_return = NULL; + gboolean persistent_is_supported(void) { - return false; + return true; + +} + +static void instrument_persitent_save_regs(GumX86Writer * cw, + struct x86_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + + /* Should be pushing FPU here, but meh */ + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 1), + GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 2), + GUM_REG_ECX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 3), + GUM_REG_EDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 4), + GUM_REG_EDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 5), + GUM_REG_ESI); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 6), + GUM_REG_EBP); + + /* Store RIP */ + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX, + GUM_ADDRESS(persistent_start)); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 7), + GUM_REG_EBX); + + /* Store adjusted RSP */ + gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP); + + /* RED_ZONE + Saved flags, RAX */ + gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2)); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 8), + GUM_REG_EBX); + + /* Save the flags */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 9), + GUM_REG_EBX); + + /* Save the RAX */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 0), + GUM_REG_EBX); + + /* Pop the saved values */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8); + +} + +static void instrument_persitent_restore_regs(GumX86Writer * cw, + struct x86_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX, + (0x4 * 2)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX, + (0x4 * 3)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX, + (0x4 * 4)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX, + (0x4 * 5)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, + (0x4 * 6)); + + /* Don't restore RIP or RSP */ + + /* Restore RBX, RAX & Flags */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + (0x4 * 1)); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + (0x4 * 0)); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, + (0x4 * 9)); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_popfx(cw); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + +} + +static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x8); + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, 0, GUM_REG_EBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + +} + +static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { + + GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); + + /* Place holder for ret */ + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EAX, GUM_REG_EAX, 0); + + gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_ESP, 0x4, GUM_REG_EAX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_ret(cw); + +} + +static int instrument_afl_persistent_loop_func(void) { + + int ret = __afl_persistent_loop(persistent_count); + previous_pc = 0; + return ret; + +} + +static void instrument_afl_persistent_loop(GumX86Writer *cw) { + + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); + gum_x86_writer_put_test_reg_reg(cw, GUM_REG_EAX, GUM_REG_EAX); + +} + +static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { + + if (hook == NULL) return; + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, + GUM_ADDRESS(&__afl_fuzz_len)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_ECX, 0); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDX, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EDX, 0); + + /* Base address is 64-bits (hence two zero arguments) */ + gum_x86_writer_put_call_address_with_arguments( + cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 5, GUM_ARG_ADDRESS, + GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, + GUM_ADDRESS(0), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, + GUM_REG_ECX); } void persistent_prologue(GumStalkerOutput *output) { - UNUSED_PARAMETER(output); - FATAL("Persistent mode not supported on this architecture"); + /* + * SAVE REGS + * SAVE RET + * POP RET + * loop: + * CALL instrument_afl_persistent_loop + * TEST EAX, EAX + * JZ end: + * call hook (optionally) + * RESTORE REGS + * call original + * jmp loop: + * + * end: + * JMP SAVED RET + * + * original: + * INSTRUMENTED PERSISTENT FUNC + */ + + GumX86Writer *cw = output->writer.x86; + + gconstpointer loop = cw->code + 1; + + /* Stack must be 16-byte aligned per ABI */ + instrument_persitent_save_regs(cw, &saved_regs); + + /* Stash and pop the return value */ + instrument_save_ret(cw, &saved_return); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4)); + + /* loop: */ + gum_x86_writer_put_label(cw, loop); + + /* call instrument_prologue_func */ + instrument_afl_persistent_loop(cw); + + /* jz done */ + gconstpointer done = cw->code + 1; + gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, done, GUM_UNLIKELY); + + /* Optionally call the persistent hook */ + persistent_prologue_hook(cw, &saved_regs); + + instrument_persitent_restore_regs(cw, &saved_regs); + gconstpointer original = cw->code + 1; + /* call original */ + gum_x86_writer_put_call_near_label(cw, original); + /* jmp loop */ + gum_x86_writer_put_jmp_near_label(cw, loop); + + /* done: */ + gum_x86_writer_put_label(cw, done); + + instrument_jump_ret(cw, &saved_return); + + /* original: */ + gum_x86_writer_put_label(cw, original); + + gum_x86_writer_flush(cw); } diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 81973e9c..63f3c529 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -7,6 +7,8 @@ static GumStalker *stalker = NULL; void stalker_init(void) { + if (!gum_stalker_is_supported()) { FATAL("Failed to initialize embedded"); } + stalker = gum_stalker_new(); if (stalker == NULL) { FATAL("Failed to initialize stalker"); } diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile index c203fc5e..40de6a09 100644 --- a/frida_mode/test/cmplog/GNUmakefile +++ b/frida_mode/test/cmplog/GNUmakefile @@ -2,8 +2,8 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../)/ BUILD_DIR:=$(PWD)build/ -TEST_CMPLOG_DIR:=$(ROOT)qemu_mode/libcompcov/ -TEST_CMPLOG_OBJ=$(TEST_CMPLOG_DIR)compcovtest +TEST_CMPLOG_SRC=$(PWD)cmplog.c +TEST_CMPLOG_OBJ=$(BUILD_DIR)compcovtest TEST_BIN:=$(PWD)../../build/test @@ -13,20 +13,14 @@ CMP_LOG_INPUT:=$(TEST_DATA_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000aaaaaaaaa000) -endif +.PHONY: all 32 clean qemu frida format -ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_INST_RANGES=$(shell $(PWD)get_section_addrs.py -f $(TEST_CMPLOG_OBJ) -s .text -b 0x0000555555554000) -endif - -.PHONY: all clean qemu frida - -all: +all: $(TEST_CMPLOG_OBJ) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -34,33 +28,42 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) mkdir -p $@ $(CMP_LOG_INPUT): | $(TEST_DATA_DIR) - truncate -s 64 $@ + echo -n "zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz" > $@ -$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_DIR)compcovtest.cc - make -C $(TEST_CMPLOG_DIR) compcovtest +$(TEST_CMPLOG_OBJ): $(TEST_CMPLOG_SRC) | $(BUILD_DIR) + $(CXX) -std=c++11 -g $(CFLAGS) $(LDFLAGS) $< -o $@ qemu: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) $(ROOT)afl-fuzz \ - -D \ -Q \ -i $(TEST_DATA_DIR) \ -o $(QEMU_OUT) \ -c 0 \ -l 3AT \ + -Z \ -- \ $(TEST_CMPLOG_OBJ) @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) - XAFL_FRIDA_INST_RANGES=$(AFL_FRIDA_INST_RANGES) \ $(ROOT)afl-fuzz \ - -D \ -O \ -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ -c 0 \ -l 3AT \ + -Z \ -- \ $(TEST_CMPLOG_OBJ) @@ +debug: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --ex 'r $(CMP_LOG_INPUT)' \ + --args $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + clean: - rm -rf $(BUILD_DIR) \ No newline at end of file + rm -rf $(BUILD_DIR) + +format: + cd $(ROOT) && echo $(TEST_CMPLOG_SRC) | xargs -L1 ./.custom-format.py -i diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile index f322d1f5..606b43a5 100644 --- a/frida_mode/test/cmplog/Makefile +++ b/frida_mode/test/cmplog/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,10 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida + +format: + @gmake format + +debug: + @gmake debug diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c new file mode 100644 index 00000000..99010645 --- /dev/null +++ b/frida_mode/test/cmplog/cmplog.c @@ -0,0 +1,100 @@ +///////////////////////////////////////////////////////////////////////// +// +// Author: Mateusz Jurczyk (mjurczyk@google.com) +// +// Copyright 2019-2020 Google LLC +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// https://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// solution: echo -ne 'The quick brown fox jumps over the lazy +// dog\xbe\xba\xfe\xca\xbe\xba\xfe\xca\xde\xc0\xad\xde\xef\xbe' | ./compcovtest + +#include +#include +#include +#include + +int main(int argc, char **argv) { + + char buffer[44] = {/* zero padding */}; + + FILE *file = stdin; + + if (argc > 1) { + + if ((file = fopen(argv[1], "r")) == NULL) { + + perror(argv[1]); + exit(-1); + + } + + } + + fread(buffer, 1, sizeof(buffer) - 1, file); + + if (memcmp(&buffer[0], "The quick brown fox ", 20) != 0 || + strncmp(&buffer[20], "jumps over ", 11) != 0 || + strcmp(&buffer[31], "the lazy dog") != 0) { + + if (argc > 1) { fclose(file); } + return 1; + + } + +#if defined(__x86_64__) + uint64_t x = 0; + fread(&x, sizeof(x), 1, file); + if (x != 0xCAFEBABECAFEBABE) { + + if (argc > 1) { fclose(file); } + return 2; + + } + +#endif + + uint32_t y = 0; + fread(&y, sizeof(y), 1, file); + + if (y != 0xDEADC0DE) { + + if (argc > 1) { fclose(file); } + return 3; + + } + + uint16_t z = 0; + fread(&z, sizeof(z), 1, file); + + switch (z) { + + case 0xBEEF: + break; + + default: + if (argc > 1) { fclose(file); } + return 4; + + } + + printf("Puzzle solved, congrats!\n"); + abort(); + + if (argc > 1) { fclose(file); } + + return 0; + +} + diff --git a/frida_mode/test/entry_point/GNUmakefile b/frida_mode/test/entry_point/GNUmakefile index 891827eb..c99bcecb 100644 --- a/frida_mode/test/entry_point/GNUmakefile +++ b/frida_mode/test/entry_point/GNUmakefile @@ -12,6 +12,18 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) @@ -21,11 +33,18 @@ ifeq "$(ARCH)" "x86_64" AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) endif +ifeq "$(ARCH)" "x86" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) +endif + .PHONY: all clean qemu frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -36,7 +55,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) @@ -58,4 +77,4 @@ frida_entry: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ \ No newline at end of file + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/entry_point/Makefile b/frida_mode/test/entry_point/Makefile index 3b41b94e..75c57e66 100644 --- a/frida_mode/test/entry_point/Makefile +++ b/frida_mode/test/entry_point/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,4 @@ frida: @gmake frida frida_entry: - @gmake frida \ No newline at end of file + @gmake frida diff --git a/frida_mode/test/entry_point/testinstr.c b/frida_mode/test/entry_point/testinstr.c index a6c655f9..bd605c52 100644 --- a/frida_mode/test/entry_point/testinstr.c +++ b/frida_mode/test/entry_point/testinstr.c @@ -106,7 +106,9 @@ int run(char *file) { } void slow() { + usleep(100000); + } int main(int argc, char **argv) { diff --git a/frida_mode/test/exe/GNUmakefile b/frida_mode/test/exe/GNUmakefile index c543cca8..86e5a461 100644 --- a/frida_mode/test/exe/GNUmakefile +++ b/frida_mode/test/exe/GNUmakefile @@ -10,11 +10,14 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -.PHONY: all clean qemu frida +.PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -25,7 +28,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< -no-pie + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -no-pie clean: rm -rf $(BUILD_DIR) @@ -47,4 +50,4 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ \ No newline at end of file + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/exe/Makefile b/frida_mode/test/exe/Makefile index f322d1f5..4bef1ccb 100644 --- a/frida_mode/test/exe/Makefile +++ b/frida_mode/test/exe/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,4 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida diff --git a/frida_mode/test/fasan/GNUmakefile b/frida_mode/test/fasan/GNUmakefile new file mode 100644 index 00000000..08b271de --- /dev/null +++ b/frida_mode/test/fasan/GNUmakefile @@ -0,0 +1,159 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)in +FRIDA_OUT:=$(BUILD_DIR)frida-out + +TEST_SRC:=$(PWD)/test.c +TEST_BIN:=$(BUILD_DIR)test + +CFLAGS+=-fPIC \ + -D_GNU_SOURCE \ + -g \ + -fno-omit-frame-pointer \ + -Wno-stringop-overflow \ + +LDFLAGS+=-ldl \ + +ifdef DEBUG +CFLAGS+=-Werror \ + -Wall \ + -Wextra \ + -Wpointer-arith +else +CFLAGS+=-Wno-pointer-arith +endif + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ifeq "$(ARCH)" "x86" +LIBASAN_FILE:=libclang_rt.asan-i386.so +endif + +ifeq "$(ARCH)" "x86_64" +LIBASAN_FILE:=libclang_rt.asan-x86_64.so +endif + +ifeq "$(ARCH)" "aarch64" +LIBASAN_FILE:=libclang_rt.asan-aarch64.so +endif + +# LIBASAN:=/usr/lib/llvm-10/lib/clang/10.0.0/lib/linux/libclang_rt.asan-x86_64.so +# LIBASAN:=/usr/lib/x86_64-linux-gnu/libasan.so.6.0.0 + +LLVM_CONFIG ?= llvm-config +ifeq "$(shell test -e '$(shell which $(LLVM_CONFIG))' && echo 1)" "1" + $(info Found llvm-config: '$(shell which $(LLVM_CONFIG))') +else + $(warning Cannot find llvm-config) +endif + +LLVM_BINDIR = $(shell $(LLVM_CONFIG) --bindir 2>/dev/null)/ +$(info LLVM_BINDIR: $(LLVM_BINDIR)) + +CLANG ?= $(LLVM_BINDIR)clang +ifeq "$(shell test -e '$(CLANG)' && echo 1)" "1" + $(info Found clang: '$(CLANG)') +else + $(warning Cannot find clang) +endif + +CLANGVER = $(shell $(CLANG) --version | sed -E -ne '/^.*version\ (1?[0-9]\.[0-9]\.[0-9]).*/s//\1/p') +$(info Clang version $(CLANGVER)) + +LLVM_LIBDIR = $(shell $(LLVM_CONFIG) --libdir 2>/dev/null) +$(info LLVM_LIBDIR: $(LLVM_LIBDIR)) + +LIBASAN:=$(LLVM_LIBDIR)/clang/$(CLANGVER)/lib/linux/$(LIBASAN_FILE) + +ifeq "$(shell test -e '$(LIBASAN)' && echo 1)" "1" + $(info Found Address Sanitizer DSO: '$(LIBASAN)') +else + $(error Error cannot find Address Sanitizer DSO) +endif + + +.PHONY: all 32 clean format frida-noasan frida debug run + +############################## ALL ############################################# + +all: $(TEST_BIN) + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(TEST_BIN): $(TEST_SRC) GNUmakefile | $(BUILD_DIR) + $(CC) \ + $(CFLAGS) \ + $(LDFLAGS) \ + -o $@ \ + $< + +$(BUILD_DIR): + mkdir -p $(BUILD_DIR) + +############################# TESTS ############################################ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo -n "TUODATM" > $@ + +frida-noasan: $(TEST_BIN) $(TEST_DATA_FILE) + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) + + +frida: $(TEST_BIN) $(TEST_DATA_FILE) + AFL_PRELOAD=$(LIBASAN) \ + AFL_USE_FASAN=1 \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) + +debug: $(TEST_BIN) $(TEST_DATA_FILE) + gdb \ + --ex 'set environment LD_PRELOAD=$(LIBASAN):$(ROOT)afl-frida-trace.so' \ + --ex 'set environment ASAN_OPTIONS=detect_leaks=false,halt_on_error=0' \ + --ex 'set environment AFL_USE_FASAN=1' \ + --ex 'set disassembly-flavor intel' \ + --ex 'r < $(TEST_DATA_FILE)' \ + --args $(TEST_BIN) \ + +run: $(TEST_BIN) $(TEST_DATA_FILE) + LD_PRELOAD=$(LIBASAN):$(ROOT)afl-frida-trace.so \ + ASAN_OPTIONS=detect_leaks=false \ + AFL_USE_FASAN=1 \ + $(TEST_BIN) < $(TEST_DATA_FILE) + +############################# CLEAN ############################################ +clean: + rm -rf $(BUILD_DIR) + +############################# FORMAT ########################################### +format: + cd $(ROOT) && echo $(TEST_SRC) | xargs -L1 ./.custom-format.py -i + +############################# RUN ############################################# diff --git a/frida_mode/test/fasan/Makefile b/frida_mode/test/fasan/Makefile new file mode 100644 index 00000000..3b4c71db --- /dev/null +++ b/frida_mode/test/fasan/Makefile @@ -0,0 +1,22 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida-noasan: + @gmake frida-noasan + +frida: + @gmake frida + +debug: + @gmake debug + +run: + @gmake run diff --git a/frida_mode/test/fasan/test.c b/frida_mode/test/fasan/test.c new file mode 100644 index 00000000..b9a119e6 --- /dev/null +++ b/frida_mode/test/fasan/test.c @@ -0,0 +1,90 @@ +#include +#include +#include +#include +#include +#include + +#define UNUSED_PARAMETER(x) (void)(x) + +#define LOG(x) \ + do { \ + \ + char buf[] = x; \ + write(STDOUT_FILENO, buf, sizeof(buf)); \ + \ + } while (false); + +void test(char data) { + + char *buf = malloc(10); + + if (buf == NULL) return; + + switch (data) { + + /* Underflow */ + case 'U': + LOG("Underflow\n"); + buf[-1] = '\0'; + free(buf); + break; + /* Overflow */ + case 'O': + LOG("Overflow\n"); + buf[10] = '\0'; + free(buf); + break; + /* Double free */ + case 'D': + LOG("Double free\n"); + free(buf); + free(buf); + break; + /* Use after free */ + case 'A': + LOG("Use after free\n"); + free(buf); + buf[0] = '\0'; + break; + /* Test Limits (OK) */ + case 'T': + LOG("Test-Limits - No Error\n"); + buf[0] = 'A'; + buf[9] = 'I'; + free(buf); + break; + case 'M': + LOG("Memset too many\n"); + memset(buf, '\0', 11); + free(buf); + break; + default: + LOG("Nop - No Error\n"); + break; + + } + +} + +int main(int argc, char **argv) { + + UNUSED_PARAMETER(argc); + UNUSED_PARAMETER(argv); + + char input = '\0'; + + if (read(STDIN_FILENO, &input, 1) < 0) { + + LOG("Failed to read stdin\n"); + return 1; + + } + + test(input); + + LOG("DONE\n"); + return 0; + +} + diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index 515728c4..e05bade2 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -35,6 +35,9 @@ FRIDA_OUT:=$(BUILD_DIR)frida-out all: $(TEST_BIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -46,7 +49,7 @@ $(HARNESS_FILE): | $(HARNESS_BUILD_DIR) wget -O $@ $(HARNESS_URL) $(HARNESS_OBJ): $(HARNESS_FILE) - $(CC) -o $@ -c $< + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ -c $< ######### PNGTEST ######## @@ -57,7 +60,7 @@ $(PNGTEST_FILE): | $(PNGTEST_BUILD_DIR) wget -O $@ $(PNGTEST_URL) $(PNGTEST_OBJ): $(PNGTEST_FILE) | $(LIBPNG_DIR) - $(CXX) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< + $(CXX) $(CFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBPNG_DIR) -o $@ -c $< ######### LIBPNG ######## @@ -80,6 +83,8 @@ $(LIBPNG_LIB): $(LIBPNG_MAKEFILE) $(TEST_BIN): $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) $(CXX) \ + $(CFLAGS) \ + $(LDFLAGS) \ -o $@ \ $(HARNESS_OBJ) $(PNGTEST_OBJ) $(LIBPNG_LIB) \ -lz \ diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile index f322d1f5..4bef1ccb 100644 --- a/frida_mode/test/png/Makefile +++ b/frida_mode/test/png/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,4 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile index 531f9bce..ca6f0ff2 100644 --- a/frida_mode/test/png/persistent/GNUmakefile +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -8,6 +8,18 @@ TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) ARCH=$(shell uname -m) @@ -19,11 +31,18 @@ ifeq "$(ARCH)" "x86_64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000555555554000) endif -.PHONY: all clean qemu qemu_entry frida frida_entry +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x56555000) +endif + +.PHONY: all 32 clean qemu qemu_entry frida frida_entry all: make -C $(ROOT)frida_mode/test/png/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -76,4 +95,4 @@ frida_entry: | $(BUILD_DIR) $(TEST_BIN) @@ clean: - rm -rf $(BUILD_DIR) \ No newline at end of file + rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile index 5fde63c2..cde0cf30 100644 --- a/frida_mode/test/png/persistent/Makefile +++ b/frida_mode/test/png/persistent/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -15,4 +19,4 @@ frida: @gmake frida frida_entry: - @gmake frida_entry \ No newline at end of file + @gmake frida_entry diff --git a/frida_mode/test/png/persistent/get_symbol_addr.py b/frida_mode/test/png/persistent/get_symbol_addr.py index 6458c212..1c46e010 100755 --- a/frida_mode/test/png/persistent/get_symbol_addr.py +++ b/frida_mode/test/png/persistent/get_symbol_addr.py @@ -33,4 +33,4 @@ def main(): if __name__ == "__main__": ret = main() - exit(ret) \ No newline at end of file + exit(ret) diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index 4f55fe98..82f08fa4 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -2,8 +2,16 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_DIR=$(ROOT)utils/aflpp_driver/ -AFLPP_DRIVER_HOOK_OBJ=$(AFLPP_DRIVER_HOOK_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +CFLAGS+=-O3 \ + -funroll-loops \ + -g \ + -fPIC \ + -funroll-loops \ + +LDFLAGS+=-shared \ TEST_BIN:=$(PWD)../../build/test TEST_DATA_DIR:=../../build/libpng/libpng-1.2.56/contrib/pngsuite/ @@ -12,9 +20,20 @@ AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) +ifndef ARCH ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + ifeq "$(ARCH)" "aarch64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) endif @@ -23,6 +42,18 @@ ifeq "$(ARCH)" "x86_64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) endif +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all 32 clean format qemu qemu_entry frida frida_entry debug + +all: $(AFLPP_DRIVER_HOOK_OBJ) + make -C $(ROOT)frida_mode/test/png/persistent/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + .PHONY: all clean qemu qemu_entry frida frida_entry all: @@ -37,8 +68,8 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) $(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) truncate -s 1M $@ -$(AFLPP_DRIVER_HOOK_OBJ): | $(AFLPP_DRIVER_HOOK_DIR) - make -C $(AFLPP_DRIVER_HOOK_DIR) +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ @@ -93,6 +124,18 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) +debug: + echo $(AFL_FRIDA_PERSISTENT_ADDR) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + clean: rm -rf $(BUILD_DIR) +format: + cd $(ROOT) && echo $(AFLPP_DRIVER_HOOK_SRC) | xargs -L1 ./.custom-format.py -i + diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile index 5fde63c2..983d009e 100644 --- a/frida_mode/test/png/persistent/hook/Makefile +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -2,9 +2,16 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean +format: + @gmake format + qemu: @gmake qemu @@ -15,4 +22,7 @@ frida: @gmake frida frida_entry: - @gmake frida_entry \ No newline at end of file + @gmake frida_entry + +debug: + @gmake debug diff --git a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile index 4addbad8..a35073ab 100644 --- a/frida_mode/test/testinstr/GNUmakefile +++ b/frida_mode/test/testinstr/GNUmakefile @@ -10,11 +10,14 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -.PHONY: all clean qemu frida +.PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + $(BUILD_DIR): mkdir -p $@ @@ -25,7 +28,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) @@ -47,4 +50,10 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ \ No newline at end of file + $(TESTINSTBIN) @@ + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) diff --git a/frida_mode/test/testinstr/Makefile b/frida_mode/test/testinstr/Makefile index f322d1f5..f843af19 100644 --- a/frida_mode/test/testinstr/Makefile +++ b/frida_mode/test/testinstr/Makefile @@ -2,6 +2,10 @@ all: @echo trying to use GNU make... @gmake all || echo please install GNUmake +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + clean: @gmake clean @@ -9,4 +13,7 @@ qemu: @gmake qemu frida: - @gmake frida \ No newline at end of file + @gmake frida + +debug: + @gmake debug diff --git a/include/envs.h b/include/envs.h index 9175005e..f1314bad 100644 --- a/include/envs.h +++ b/include/envs.h @@ -191,7 +191,9 @@ static char *afl_environment_variables[] = { "AFL_WINE_PATH", "AFL_NO_SNAPSHOT", "AFL_EXPAND_HAVOC_NOW", + "AFL_USE_FASAN", "AFL_USE_QASAN", + "AFL_PRINT_FILENAMES", NULL }; diff --git a/include/forkserver.h b/include/forkserver.h index 48db94c7..2baa6f0a 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -79,6 +79,8 @@ typedef struct afl_forkserver { bool frida_mode; /* if running in frida mode or not */ + bool frida_asan; /* if running with asan in frida mode */ + bool use_stdin; /* use stdin for sending data */ bool no_unlink; /* do not unlink cur_input */ diff --git a/qemu_mode/libqasan/hooks.c b/qemu_mode/libqasan/hooks.c index 0e6c3e08..c542521c 100644 --- a/qemu_mode/libqasan/hooks.c +++ b/qemu_mode/libqasan/hooks.c @@ -25,9 +25,9 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #include "libqasan.h" #include "map_macro.h" +#include +#include -ssize_t (*__lq_libc_write)(int, const void *, size_t); -ssize_t (*__lq_libc_read)(int, void *, size_t); char *(*__lq_libc_fgets)(char *, int, FILE *); int (*__lq_libc_atoi)(const char *); long (*__lq_libc_atol)(const char *); @@ -37,8 +37,6 @@ void __libqasan_init_hooks(void) { __libqasan_init_malloc(); - __lq_libc_write = ASSERT_DLSYM(write); - __lq_libc_read = ASSERT_DLSYM(read); __lq_libc_fgets = ASSERT_DLSYM(fgets); __lq_libc_atoi = ASSERT_DLSYM(atoi); __lq_libc_atol = ASSERT_DLSYM(atol); @@ -52,7 +50,7 @@ ssize_t write(int fd, const void *buf, size_t count) { QASAN_DEBUG("%14p: write(%d, %p, %zu)\n", rtv, fd, buf, count); QASAN_LOAD(buf, count); - ssize_t r = __lq_libc_write(fd, buf, count); + ssize_t r = syscall(SYS_write, fd, buf, count); QASAN_DEBUG("\t\t = %zd\n", r); return r; @@ -65,7 +63,7 @@ ssize_t read(int fd, void *buf, size_t count) { QASAN_DEBUG("%14p: read(%d, %p, %zu)\n", rtv, fd, buf, count); QASAN_STORE(buf, count); - ssize_t r = __lq_libc_read(fd, buf, count); + ssize_t r = syscall(SYS_read, fd, buf, count); QASAN_DEBUG("\t\t = %zd\n", r); return r; diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index 9fc4ef7a..2ac0c861 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -61,9 +61,17 @@ void __libqasan_print_maps(void) { } -/*__attribute__((constructor))*/ void __libqasan_init() { +int __libqasan_is_initialized = 0; + +__attribute__((constructor)) void __libqasan_init() { + + if (__libqasan_is_initialized) return; + __libqasan_is_initialized = 1; __libqasan_init_hooks(); + + if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) + __libqasan_hotpatch(); #ifdef DEBUG __qasan_debug = getenv("QASAN_DEBUG") != NULL; @@ -86,7 +94,6 @@ int __libc_start_main(int (*main)(int, char **, char **), int argc, char **argv, typeof(&__libc_start_main) orig = dlsym(RTLD_NEXT, "__libc_start_main"); __libqasan_init(); - if (getenv("AFL_INST_LIBS")) __libqasan_hotpatch(); return orig(main, argc, argv, init, fini, rtld_fini, stack_end); diff --git a/src/afl-cc.c b/src/afl-cc.c index 09009334..ff7b5219 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1574,7 +1574,12 @@ int main(int argc, char **argv, char **envp) { else if (have_gcc_plugin) compiler_mode = GCC_PLUGIN; else if (have_gcc) +#ifdef __APPLE__ + // on OSX clang masquerades as GCC + compiler_mode = CLANG; +#else compiler_mode = GCC; +#endif else if (have_lto) compiler_mode = LTO; else @@ -1596,7 +1601,12 @@ int main(int argc, char **argv, char **envp) { } - if (compiler_mode == CLANG) { instrument_mode = INSTRUMENT_CLANG; } + if (compiler_mode == CLANG) { + + instrument_mode = INSTRUMENT_CLANG; + setenv(CLANG_ENV_VAR, "1", 1); // used by afl-as + + } if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) { diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index a07e78b4..3d472b36 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -451,8 +451,12 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, /* Dumping cores is slow and can lead to anomalies if SIGKILL is delivered before the dump is complete. */ - // r.rlim_max = r.rlim_cur = 0; - // setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ + if (!fsrv->debug) { + + r.rlim_max = r.rlim_cur = 0; + setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ + + } /* Isolate the process and configure standard descriptors. If out_file is specified, stdin is /dev/null; otherwise, out_fd is cloned instead. */ diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index cb586111..c43bcc2b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -1044,18 +1044,16 @@ void perform_dry_run(afl_state_t *afl) { /* Remove from fuzzing queue but keep for splicing */ - struct queue_entry *p = afl->queue; + if (!q->was_fuzzed) { - if (!p->was_fuzzed) { - - p->was_fuzzed = 1; + q->was_fuzzed = 1; --afl->pending_not_fuzzed; --afl->active_paths; } - p->disabled = 1; - p->perf_score = 0; + q->disabled = 1; + q->perf_score = 0; u32 i = 0; while (unlikely(i < afl->queued_paths && afl->queue_buf[i] && @@ -1294,9 +1292,13 @@ void pivot_inputs(afl_state_t *afl) { if (src_str && sscanf(src_str + 1, "%06u", &src_id) == 1) { - struct queue_entry *s = afl->queue_buf[src_id]; + if (src_id < afl->queued_paths) { - if (s) { q->depth = s->depth + 1; } + struct queue_entry *s = afl->queue_buf[src_id]; + + if (s) { q->depth = s->depth + 1; } + + } if (afl->max_depth < q->depth) { afl->max_depth = q->depth; } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4eeb93de..4a3e7f33 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -562,7 +562,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { + get_cur_time() - afl->last_path_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { @@ -2013,7 +2013,7 @@ havoc_stage: } - if (unlikely(get_cur_time() - afl->last_path_time > 5000 && + if (unlikely(get_cur_time() - afl->last_path_time > 5000 /* 5 seconds */ && afl->ready_for_splicing_count > 1)) { /* add expensive havoc cases here if there is no findings in the last 5s */ @@ -3060,7 +3060,7 @@ static u8 mopt_common_fuzzing(afl_state_t *afl, MOpt_globals_t MOpt_globals) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || !(afl->fsrv.total_execs % afl->queued_paths) || - get_cur_time() - afl->last_path_time > 300000) { + get_cur_time() - afl->last_path_time > 300000) { // 300 seconds if (input_to_state_stage(afl, in_buf, out_buf, len)) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 313263f9..4884b942 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -368,7 +368,8 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, afl->plot_prev_uh == afl->unique_hangs && afl->plot_prev_md == afl->max_depth && afl->plot_prev_ed == afl->fsrv.total_execs) || - !afl->queue_cycle || get_cur_time() - afl->start_time <= 60))) { + !afl->queue_cycle || + get_cur_time() - afl->start_time <= 60000))) { return; @@ -393,7 +394,7 @@ void maybe_update_plot_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, fprintf(afl->fsrv.plot_file, "%llu, %llu, %u, %u, %u, %u, %0.02f%%, %llu, %llu, %u, %0.02f, %llu, " "%u\n", - (afl->prev_run_time + get_cur_time() - afl->start_time), + ((afl->prev_run_time + get_cur_time() - afl->start_time) / 1000), afl->queue_cycle - 1, afl->current_entry, afl->queued_paths, afl->pending_not_fuzzed, afl->pending_favored, bitmap_cvg, afl->unique_crashes, afl->unique_hangs, afl->max_depth, eps, diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 8de3ed6b..5f939115 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -328,11 +328,55 @@ static int stricmp(char const *a, char const *b) { } +static void fasan_check_afl_preload(char *afl_preload) { + + char first_preload[PATH_MAX + 1] = {0}; + char * separator = strchr(afl_preload, ':'); + size_t first_preload_len = PATH_MAX; + char * basename; + char clang_runtime_prefix[] = "libclang_rt.asan-"; + + if (separator != NULL && (separator - afl_preload) < PATH_MAX) { + + first_preload_len = separator - afl_preload; + + } + + strncpy(first_preload, afl_preload, first_preload_len); + + basename = strrchr(first_preload, '/'); + if (basename == NULL) { + + basename = first_preload; + + } else { + + basename = basename + 1; + + } + + if (strncmp(basename, clang_runtime_prefix, + sizeof(clang_runtime_prefix) - 1) != 0) { + + FATAL("Address Sanitizer DSO must be the first DSO in AFL_PRELOAD"); + + } + + if (access(first_preload, R_OK) != 0) { + + FATAL("Address Sanitizer DSO not found"); + + } + + OKF("Found ASAN DSO: %s", first_preload); + +} + /* Main entry point */ int main(int argc, char **argv_orig, char **envp) { - s32 opt, i, auto_sync = 0 /*, user_set_cache = 0*/; + s32 opt, auto_sync = 0 /*, user_set_cache = 0*/; u64 prev_queued = 0; u32 sync_interval_cnt = 0, seek_to = 0, show_help = 0, map_size = get_map_size(); @@ -785,6 +829,7 @@ int main(int argc, char **argv_orig, char **envp) { } afl->fsrv.frida_mode = 1; + if (get_afl_env("AFL_USE_FASAN")) { afl->fsrv.frida_asan = 1; } break; @@ -1369,19 +1414,27 @@ int main(int argc, char **argv_orig, char **envp) { OKF("Injecting %s ...", frida_binary); if (afl_preload) { + if (afl->fsrv.frida_asan) { + + OKF("Using Frida Address Sanitizer Mode"); + + fasan_check_afl_preload(afl_preload); + + setenv("ASAN_OPTIONS", "detect_leaks=false", 1); + + } + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); frida_afl_preload = alloc_printf("%s:%s", afl_preload, frida_binary); - } else { + ck_free(frida_binary); - frida_afl_preload = alloc_printf("%s", frida_binary); + setenv("LD_PRELOAD", frida_afl_preload, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); } - ck_free(frida_binary); - - setenv("LD_PRELOAD", frida_afl_preload, 1); - setenv("DYLD_INSERT_LIBRARIES", frida_afl_preload, 1); - } else { setenv("LD_PRELOAD", getenv("AFL_PRELOAD"), 1); @@ -1391,11 +1444,22 @@ int main(int argc, char **argv_orig, char **envp) { } else if (afl->fsrv.frida_mode) { - u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); - OKF("Injecting %s ...", frida_binary); - setenv("LD_PRELOAD", frida_binary, 1); - setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); - ck_free(frida_binary); + if (afl->fsrv.frida_asan) { + + OKF("Using Frida Address Sanitizer Mode"); + FATAL( + "Address Sanitizer DSO must be loaded using AFL_PRELOAD in Frida " + "Address Sanitizer Mode"); + + } else { + + u8 *frida_binary = find_afl_binary(argv[0], "afl-frida-trace.so"); + OKF("Injecting %s ...", frida_binary); + setenv("LD_PRELOAD", frida_binary, 1); + setenv("DYLD_INSERT_LIBRARIES", frida_binary, 1); + ck_free(frida_binary); + + } } @@ -1770,7 +1834,7 @@ int main(int argc, char **argv_orig, char **envp) { if (extras_dir_cnt) { - for (i = 0; i < extras_dir_cnt; i++) { + for (u8 i = 0; i < extras_dir_cnt; i++) { load_extras(afl, extras_dir[i]); @@ -1922,6 +1986,13 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(seek_to)) { + if (unlikely(seek_to >= afl->queued_paths)) { + + // This should never happen. + FATAL("BUG: seek_to location out of bounds!\n"); + + } + afl->current_entry = seek_to; afl->queue_cur = afl->queue_buf[seek_to]; seek_to = 0; @@ -1940,8 +2011,10 @@ int main(int argc, char **argv_orig, char **envp) { /* If we had a full queue cycle with no new finds, try recombination strategies next. */ - if (unlikely(afl->queued_paths == prev_queued && - (get_cur_time() - afl->start_time) >= 3600)) { + if (unlikely(afl->queued_paths == prev_queued + /* FIXME TODO BUG: && (get_cur_time() - afl->start_time) >= + 3600 */ + )) { if (afl->use_splicing) { @@ -2059,7 +2132,7 @@ int main(int argc, char **argv_orig, char **envp) { } // we must recalculate the scores of all queue entries - for (i = 0; i < (s32)afl->queued_paths; i++) { + for (u32 i = 0; i < afl->queued_paths; i++) { if (likely(!afl->queue_buf[i]->disabled)) { diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 946b19cd..9b4d21a5 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -76,17 +76,18 @@ static u32 in_len; /* Input data length */ static u32 map_size = MAP_SIZE; -static u8 quiet_mode, /* Hide non-essential messages? */ +static bool quiet_mode, /* Hide non-essential messages? */ edges_only, /* Ignore hit counts? */ raw_instr_output, /* Do not apply AFL filters */ cmin_mode, /* Generate output in afl-cmin mode? */ binary_mode, /* Write output as a binary map */ keep_cores, /* Allow coredumps? */ - remove_shm = 1, /* remove shmem? */ + remove_shm = true, /* remove shmem? */ collect_coverage, /* collect coverage */ have_coverage, /* have coverage? */ no_classify, /* do not classify counts */ - debug; /* debug mode */ + debug, /* debug mode */ + print_filenames; /* print the current filename */ static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_crashed; /* Child crashed? */ @@ -320,11 +321,11 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, if (fsrv->trace_bits[0] == 1) { fsrv->trace_bits[0] = 0; - have_coverage = 1; + have_coverage = true; } else { - have_coverage = 0; + have_coverage = false; } @@ -335,11 +336,11 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(fsrv->child_status)) { - child_crashed = 1; + child_crashed = true; } else { - child_crashed = 0; + child_crashed = false; } @@ -375,6 +376,13 @@ static void showmap_run_target_forkserver(afl_forkserver_t *fsrv, u8 *mem, static u32 read_file(u8 *in_file) { + if (print_filenames) { + + SAYF("Processing %s\n", in_file); + fflush(stdout); + + } + struct stat st; s32 fd = open(in_file, O_RDONLY); @@ -386,7 +394,18 @@ static u32 read_file(u8 *in_file) { } - in_len = st.st_size; + if (st.st_size > MAX_FILE) { + + WARNF("Input file '%s' is too large, only reading %u bytes.", in_file, + MAX_FILE); + in_len = MAX_FILE; + + } else { + + in_len = st.st_size; + + } + in_data = ck_alloc_nozero(in_len); ck_read(fd, in_data, in_len, in_file); @@ -504,11 +523,11 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { if (fsrv->trace_bits[0] == 1) { fsrv->trace_bits[0] = 0; - have_coverage = 1; + have_coverage = true; } else { - have_coverage = 0; + have_coverage = false; } @@ -518,7 +537,7 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { if (!fsrv->last_run_timed_out && !stop_soon && WIFSIGNALED(status)) { - child_crashed = 1; + child_crashed = true; } @@ -548,7 +567,7 @@ static void showmap_run_target(afl_forkserver_t *fsrv, char **argv) { static void handle_stop_sig(int sig) { (void)sig; - stop_soon = 1; + stop_soon = true; afl_fsrv_killall(); } @@ -731,6 +750,8 @@ static void usage(u8 *argv0) { "AFL_MAP_SIZE: the shared memory size for that target. must be >= the " "size the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" + "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " + "printed to stdout\n" "AFL_QUIET: do not print extra informational output\n", argv0, MEM_LIMIT, doc_path); @@ -744,14 +765,17 @@ int main(int argc, char **argv_orig, char **envp) { // TODO: u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ - s32 opt, i; - u8 mem_limit_given = 0, timeout_given = 0, unicorn_mode = 0, use_wine = 0; + s32 opt, i; + bool mem_limit_given = false, timeout_given = false, unicorn_mode = false, + use_wine = false; char **use_argv; char **argv = argv_cpy_dup(argc, argv_orig); afl_forkserver_t fsrv_var = {0}; - if (getenv("AFL_DEBUG")) { debug = 1; } + if (getenv("AFL_DEBUG")) { debug = true; } + if (get_afl_env("AFL_PRINT_FILENAMES")) { print_filenames = true; } + fsrv = &fsrv_var; afl_fsrv_init(fsrv); map_size = get_map_size(); @@ -759,19 +783,19 @@ int main(int argc, char **argv_orig, char **envp) { doc_path = access(DOC_PATH, F_OK) ? "docs" : DOC_PATH; - if (getenv("AFL_QUIET") != NULL) { be_quiet = 1; } + if (getenv("AFL_QUIET") != NULL) { be_quiet = true; } while ((opt = getopt(argc, argv, "+i:o:f:m:t:A:eqCZOQUWbcrsh")) > 0) { switch (opt) { case 's': - no_classify = 1; + no_classify = true; break; case 'C': - collect_coverage = 1; - quiet_mode = 1; + collect_coverage = true; + quiet_mode = true; break; case 'i': @@ -790,7 +814,7 @@ int main(int argc, char **argv_orig, char **envp) { u8 suffix = 'M'; if (mem_limit_given) { FATAL("Multiple -m options not supported"); } - mem_limit_given = 1; + mem_limit_given = true; if (!optarg) { FATAL("Wrong usage of -m"); } @@ -851,7 +875,7 @@ int main(int argc, char **argv_orig, char **envp) { case 't': if (timeout_given) { FATAL("Multiple -t options not supported"); } - timeout_given = 1; + timeout_given = true; if (!optarg) { FATAL("Wrong usage of -t"); } @@ -873,12 +897,12 @@ int main(int argc, char **argv_orig, char **envp) { if (edges_only) { FATAL("Multiple -e options not supported"); } if (raw_instr_output) { FATAL("-e and -r are mutually exclusive"); } - edges_only = 1; + edges_only = true; break; case 'q': - quiet_mode = 1; + quiet_mode = true; break; case 'Z': @@ -886,8 +910,8 @@ int main(int argc, char **argv_orig, char **envp) { /* This is an undocumented option to write data in the syntax expected by afl-cmin. Nobody else should have any use for this. */ - cmin_mode = 1; - quiet_mode = 1; + cmin_mode = true; + quiet_mode = true; break; case 'A': @@ -899,7 +923,7 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->frida_mode) { FATAL("Multiple -O options not supported"); } - fsrv->frida_mode = 1; + fsrv->frida_mode = true; break; @@ -907,21 +931,21 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->qemu_mode) { FATAL("Multiple -Q options not supported"); } - fsrv->qemu_mode = 1; + fsrv->qemu_mode = true; break; case 'U': if (unicorn_mode) { FATAL("Multiple -U options not supported"); } - unicorn_mode = 1; + unicorn_mode = true; break; case 'W': /* Wine+QEMU mode */ if (use_wine) { FATAL("Multiple -W options not supported"); } - fsrv->qemu_mode = 1; - use_wine = 1; + fsrv->qemu_mode = true; + use_wine = true; break; @@ -930,20 +954,20 @@ int main(int argc, char **argv_orig, char **envp) { /* Secret undocumented mode. Writes output in raw binary format similar to that dumped by afl-fuzz in cmplog_mode = 0; u8 *map = afl_shm_init(shm_fuzz, MAX_FILE + sizeof(u32), 1); - shm_fuzz->shmemfuzz_mode = 1; + shm_fuzz->shmemfuzz_mode = true; if (!map) { FATAL("BUG: Zero return from afl_shm_init."); } #ifdef USEMMAP setenv(SHM_FUZZ_ENV_VAR, shm_fuzz->g_shm_file_path, 1); @@ -1062,7 +1086,7 @@ int main(int argc, char **argv_orig, char **envp) { setenv(SHM_FUZZ_ENV_VAR, shm_str, 1); ck_free(shm_str); #endif - fsrv->support_shmem_fuzz = 1; + fsrv->support_shmem_fuzz = true; fsrv->shmem_fuzz_len = (u32 *)map; fsrv->shmem_fuzz = map + sizeof(u32); @@ -1114,7 +1138,7 @@ int main(int argc, char **argv_orig, char **envp) { struct stat statbuf; #endif - if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = 1; + if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = true; fsrv->dev_null_fd = open("/dev/null", O_RDWR); if (fsrv->dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } @@ -1153,8 +1177,8 @@ int main(int argc, char **argv_orig, char **envp) { if ((coverage_map = (u8 *)malloc(map_size)) == NULL) FATAL("coult not grab memory"); - edges_only = 0; - raw_instr_output = 1; + edges_only = false; + raw_instr_output = true; } From a1458ea6715e8801bf28fec0ac66f06b96eb1e66 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 20 May 2021 18:16:58 +0100 Subject: [PATCH 229/441] Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 1 - frida_mode/src/persistent/persistent_x64.c | 46 +++------------------- frida_mode/src/persistent/persistent_x86.c | 40 ++++--------------- 3 files changed, 13 insertions(+), 74 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index bc77a451..a0387cac 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -93,7 +93,6 @@ AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o ############################## ALL ############################################# all: $(FRIDA_TRACE) - make -C $(ROOT) 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 49f1988c..aa772b7f 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -40,7 +40,6 @@ struct x86_64_regs { typedef struct x86_64_regs arch_api_regs; static arch_api_regs saved_regs = {0}; -static void * saved_return = NULL; gboolean persistent_is_supported(void) { @@ -183,43 +182,11 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, } -static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { +static void instrument_exit(GumX86Writer *cw) { - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, - GUM_RED_ZONE_SIZE + 0x10); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX); - - gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); - - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - (GUM_RED_ZONE_SIZE)); - -} - -static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { - - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - -(GUM_RED_ZONE_SIZE)); - - /* Place holder for ret */ - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0); - - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0); + gum_x86_writer_put_call_reg(cw, GUM_REG_RAX); } @@ -302,8 +269,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); - /* Stash and pop the return value */ - instrument_save_ret(cw, &saved_return); + /* pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8)); /* loop: */ @@ -329,7 +295,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* done: */ gum_x86_writer_put_label(cw, done); - instrument_jump_ret(cw, &saved_return); + instrument_exit(cw); /* original: */ gum_x86_writer_put_label(cw, original); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index bd7171b9..20a3dc42 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -39,7 +39,6 @@ struct x86_regs { typedef struct x86_regs arch_api_regs; static arch_api_regs saved_regs = {0}; -static void * saved_return = NULL; gboolean persistent_is_supported(void) { @@ -138,36 +137,12 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, } -static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { +static void instrument_exit(GumX86Writer *cw) { - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x8); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, 0, GUM_REG_EBX); - - gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); - -} - -static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { - - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - - /* Place holder for ret */ - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EAX, GUM_REG_EAX, 0); - - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_ESP, 0x4, GUM_REG_EAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_ret(cw); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); + gum_x86_writer_put_call_reg(cw, GUM_REG_EAX); } @@ -238,8 +213,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); - /* Stash and pop the return value */ - instrument_save_ret(cw, &saved_return); + /* Pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4)); /* loop: */ @@ -265,7 +239,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* done: */ gum_x86_writer_put_label(cw, done); - instrument_jump_ret(cw, &saved_return); + instrument_exit(cw); /* original: */ gum_x86_writer_put_label(cw, original); From 5997a4fc09163c1baa186f5a9d00c4c8668a72b1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 21 May 2021 10:26:27 +0200 Subject: [PATCH 230/441] fix llvm-dict2file --- GNUmakefile | 10 +++++----- docs/Changelog.md | 1 + instrumentation/afl-llvm-dict2file.so.cc | 5 ++++- qemu_mode/libqasan/libqasan.c | 5 ++--- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 9d98aa00..270746b4 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -503,21 +503,21 @@ code-format: ./.custom-format.py -i instrumentation/*.h ./.custom-format.py -i instrumentation/*.cc ./.custom-format.py -i instrumentation/*.c + ./.custom-format.py -i *.h + ./.custom-format.py -i *.c @#./.custom-format.py -i custom_mutators/*/*.c* # destroys libfuzzer :-( @#./.custom-format.py -i custom_mutators/*/*.h # destroys honggfuzz :-( ./.custom-format.py -i utils/*/*.c* ./.custom-format.py -i utils/*/*.h ./.custom-format.py -i test/*.c + ./.custom-format.py -i frida_mode/src/*.c + ./.custom-format.py -i frida_mode/include/*.h + -./.custom-format.py -i frida_mode/src/*/*.c ./.custom-format.py -i qemu_mode/libcompcov/*.c ./.custom-format.py -i qemu_mode/libcompcov/*.cc ./.custom-format.py -i qemu_mode/libcompcov/*.h ./.custom-format.py -i qemu_mode/libqasan/*.c ./.custom-format.py -i qemu_mode/libqasan/*.h - ./.custom-format.py -i frida_mode/src/*.c - ./.custom-format.py -i frida_mode/include/*.h - -./.custom-format.py -i frida_mode/src/*/*.c - ./.custom-format.py -i *.h - ./.custom-format.py -i *.c .PHONY: test_build diff --git a/docs/Changelog.md b/docs/Changelog.md index 1114a834..282b34cf 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -41,6 +41,7 @@ sending a mail to . - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode + - Fixed a crash in llvm dict2file when a strncmp length was -1 - utils/aflpp_driver: - aflpp_qemu_driver_hook fixed to work with qemu_mode - aflpp_driver now compiled with -fPIC diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index c954054b..e2b44b21 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -426,7 +426,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { ConstantInt *ilen = dyn_cast(op2); if (ilen) { - uint64_t literalLength = Str2.size(); + uint64_t literalLength = Str2.length(); uint64_t optLength = ilen->getZExtValue(); if (literalLength + 1 == optLength) { @@ -434,6 +434,8 @@ bool AFLdict2filePass::runOnModule(Module &M) { } + if (optLength > Str2.length()) { optLength = Str2.length(); } + } valueMap[Str1P] = new std::string(Str2); @@ -532,6 +534,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { uint64_t literalLength = optLen; optLen = ilen->getZExtValue(); + if (optLen > thestring.length()) { optLen = thestring.length(); } if (optLen < 2) { continue; } if (literalLength + 1 == optLen) { // add null byte thestring.append("\0", 1); diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index 2ac0c861..a64db10f 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -69,9 +69,8 @@ __attribute__((constructor)) void __libqasan_init() { __libqasan_is_initialized = 1; __libqasan_init_hooks(); - - if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) - __libqasan_hotpatch(); + + if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); #ifdef DEBUG __qasan_debug = getenv("QASAN_DEBUG") != NULL; From 3844e7949283aa70aac14acf4a33c39b31254c8e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 21 May 2021 11:01:31 +0200 Subject: [PATCH 231/441] push to stable (#931) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza --- GNUmakefile | 10 ++--- docs/Changelog.md | 1 + frida_mode/GNUmakefile | 4 +- frida_mode/src/persistent/persistent_x64.c | 46 +++------------------- frida_mode/src/persistent/persistent_x86.c | 40 ++++--------------- instrumentation/afl-llvm-dict2file.so.cc | 5 ++- qemu_mode/libqasan/libqasan.c | 2 + 7 files changed, 28 insertions(+), 80 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 9d98aa00..270746b4 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -503,21 +503,21 @@ code-format: ./.custom-format.py -i instrumentation/*.h ./.custom-format.py -i instrumentation/*.cc ./.custom-format.py -i instrumentation/*.c + ./.custom-format.py -i *.h + ./.custom-format.py -i *.c @#./.custom-format.py -i custom_mutators/*/*.c* # destroys libfuzzer :-( @#./.custom-format.py -i custom_mutators/*/*.h # destroys honggfuzz :-( ./.custom-format.py -i utils/*/*.c* ./.custom-format.py -i utils/*/*.h ./.custom-format.py -i test/*.c + ./.custom-format.py -i frida_mode/src/*.c + ./.custom-format.py -i frida_mode/include/*.h + -./.custom-format.py -i frida_mode/src/*/*.c ./.custom-format.py -i qemu_mode/libcompcov/*.c ./.custom-format.py -i qemu_mode/libcompcov/*.cc ./.custom-format.py -i qemu_mode/libcompcov/*.h ./.custom-format.py -i qemu_mode/libqasan/*.c ./.custom-format.py -i qemu_mode/libqasan/*.h - ./.custom-format.py -i frida_mode/src/*.c - ./.custom-format.py -i frida_mode/include/*.h - -./.custom-format.py -i frida_mode/src/*/*.c - ./.custom-format.py -i *.h - ./.custom-format.py -i *.c .PHONY: test_build diff --git a/docs/Changelog.md b/docs/Changelog.md index 1114a834..282b34cf 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -41,6 +41,7 @@ sending a mail to . - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode + - Fixed a crash in llvm dict2file when a strncmp length was -1 - utils/aflpp_driver: - aflpp_qemu_driver_hook fixed to work with qemu_mode - aflpp_driver now compiled with -fPIC diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index bc77a451..20fbb544 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -93,7 +93,9 @@ AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o ############################## ALL ############################################# all: $(FRIDA_TRACE) - make -C $(ROOT) + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 49f1988c..aa772b7f 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -40,7 +40,6 @@ struct x86_64_regs { typedef struct x86_64_regs arch_api_regs; static arch_api_regs saved_regs = {0}; -static void * saved_return = NULL; gboolean persistent_is_supported(void) { @@ -183,43 +182,11 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, } -static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { +static void instrument_exit(GumX86Writer *cw) { - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, - GUM_RED_ZONE_SIZE + 0x10); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, 0, GUM_REG_RBX); - - gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); - - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - (GUM_RED_ZONE_SIZE)); - -} - -static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { - - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - -(GUM_RED_ZONE_SIZE)); - - /* Place holder for ret */ - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RAX, GUM_REG_RAX, 0); - - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RSP, 0x8, GUM_REG_RAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); - gum_x86_writer_put_ret_imm(cw, GUM_RED_ZONE_SIZE); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_RDI, 0); + gum_x86_writer_put_call_reg(cw, GUM_REG_RAX); } @@ -302,8 +269,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); - /* Stash and pop the return value */ - instrument_save_ret(cw, &saved_return); + /* pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8)); /* loop: */ @@ -329,7 +295,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* done: */ gum_x86_writer_put_label(cw, done); - instrument_jump_ret(cw, &saved_return); + instrument_exit(cw); /* original: */ gum_x86_writer_put_label(cw, original); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index bd7171b9..20a3dc42 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -39,7 +39,6 @@ struct x86_regs { typedef struct x86_regs arch_api_regs; static arch_api_regs saved_regs = {0}; -static void * saved_return = NULL; gboolean persistent_is_supported(void) { @@ -138,36 +137,12 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, } -static void instrument_save_ret(GumX86Writer *cw, void **saved_return_ptr) { +static void instrument_exit(GumX86Writer *cw) { - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x8); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, 0, GUM_REG_EBX); - - gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); - -} - -static void instrument_jump_ret(GumX86Writer *cw, void **saved_return_ptr) { - - GumAddress saved_return_address = GUM_ADDRESS(saved_return_ptr); - - /* Place holder for ret */ - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); - - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, saved_return_address); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EAX, GUM_REG_EAX, 0); - - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_ESP, 0x4, GUM_REG_EAX); - gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); - gum_x86_writer_put_ret(cw); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(_exit)); + gum_x86_writer_put_mov_reg_u32(cw, GUM_REG_EDI, 0); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); + gum_x86_writer_put_call_reg(cw, GUM_REG_EAX); } @@ -238,8 +213,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); - /* Stash and pop the return value */ - instrument_save_ret(cw, &saved_return); + /* Pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4)); /* loop: */ @@ -265,7 +239,7 @@ void persistent_prologue(GumStalkerOutput *output) { /* done: */ gum_x86_writer_put_label(cw, done); - instrument_jump_ret(cw, &saved_return); + instrument_exit(cw); /* original: */ gum_x86_writer_put_label(cw, original); diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index c954054b..e2b44b21 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -426,7 +426,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { ConstantInt *ilen = dyn_cast(op2); if (ilen) { - uint64_t literalLength = Str2.size(); + uint64_t literalLength = Str2.length(); uint64_t optLength = ilen->getZExtValue(); if (literalLength + 1 == optLength) { @@ -434,6 +434,8 @@ bool AFLdict2filePass::runOnModule(Module &M) { } + if (optLength > Str2.length()) { optLength = Str2.length(); } + } valueMap[Str1P] = new std::string(Str2); @@ -532,6 +534,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { uint64_t literalLength = optLen; optLen = ilen->getZExtValue(); + if (optLen > thestring.length()) { optLen = thestring.length(); } if (optLen < 2) { continue; } if (literalLength + 1 == optLen) { // add null byte thestring.append("\0", 1); diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index 2ac0c861..d4742e3e 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -73,6 +73,8 @@ __attribute__((constructor)) void __libqasan_init() { if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); + if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); + #ifdef DEBUG __qasan_debug = getenv("QASAN_DEBUG") != NULL; #endif From c7908688b5cefecf63aae484bb33e3c3d87b9da8 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Fri, 21 May 2021 11:03:29 +0200 Subject: [PATCH 232/441] push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza From bceae827549beaa7721a847976d277f644ab93c6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 21 May 2021 12:24:58 +0200 Subject: [PATCH 233/441] improve error msg --- src/afl-fuzz-init.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index c43bcc2b..b277802b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2728,11 +2728,15 @@ void check_binary(afl_state_t *afl, u8 *fname) { " When source code is not available, you may be able to leverage " "QEMU\n" " mode support. Consult the README.md for tips on how to enable " - "this.\n" + "this.\n\n" + + " If your target is an instrumented binary (e.g. with zafl, " + "retrowrite,\n" + " etc.) then set 'AFL_SKIP_BIN_CHECK=1'\n\n" " (It is also possible to use afl-fuzz as a traditional, " - "non-instrumented fuzzer.\n" - " For that, you can use the -n option - but expect much worse " + "non-instrumented\n" + " fuzzer. For that use the -n option - but expect much worse " "results.)\n", doc_path); From a3392baaaa0faf51eb217d9859a6a517987fafc7 Mon Sep 17 00:00:00 2001 From: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Date: Fri, 21 May 2021 21:58:08 +0200 Subject: [PATCH 234/441] Added documentation for wine LoadLibrary workaround (#933) --- qemu_mode/README.wine.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 qemu_mode/README.wine.md diff --git a/qemu_mode/README.wine.md b/qemu_mode/README.wine.md new file mode 100644 index 00000000..567901cd --- /dev/null +++ b/qemu_mode/README.wine.md @@ -0,0 +1,21 @@ +# How to troubleshoot AFL++'s wine mode + +## 1) Debugging +To turn on wine debugging use the `WINEDEBUG` environment variable, +e.g. `WINEDEBUG=+timestamp,+tid,+loaddll`. + +## 2) LoadLibraryA workaround +The forked process fails to load libraries loaded via `LoadLibrary` +if the load happens after the entry point (error code: 87). To resolve +this issue, one needs to load any external libraries before the fork happens. + +An early DLL load can be achieved by adding the DLL name into the `Import Directory` +in the PE file. Such an entry can be added manually in any PE editor. + +Alternativly, one can generate a `.lib` file from the DLL exports and link +them together with the harness to create an entry in the `Import Directory`. +Use `dumpbin /exports .dll` to extract the exports and paste the +exported function names into a `.def` file. Use `lib /def: /OUT:` +to generate a `.lib` and add the library to the linker options. Once the usage of +an export is detected (`__declspec(dllimport)`), the +linker adds the early DLL load. \ No newline at end of file From 5a14ceb504514ba32e419c6399a5550abec68102 Mon Sep 17 00:00:00 2001 From: Tommy Chiang Date: Sat, 22 May 2021 04:21:20 +0800 Subject: [PATCH 235/441] Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5d5510d2..a6ad6b4f 100644 --- a/README.md +++ b/README.md @@ -436,7 +436,7 @@ described in [instrumentation/README.lto.md](instrumentation/README.lto.md). ##### cmake For `cmake` build systems this is usually done by: -`mkdir build; cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ ..` +`mkdir build; cd build; cmake -DCMAKE_C_COMPILER=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ ..` Note that if you are using the (better) afl-clang-lto compiler you also have to set AR to llvm-ar[-VERSION] and RANLIB to llvm-ranlib[-VERSION] - as is From 1edb89be0f7956f964d2d7c9c7a5813250108220 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 21 May 2021 22:40:36 +0200 Subject: [PATCH 236/441] showmap passes queue items in alphabetical order --- src/afl-showmap.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9b4d21a5..9bf84956 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -52,6 +52,7 @@ #include #include +#include #include #include #ifndef USEMMAP @@ -1129,8 +1130,9 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir) { - DIR * dir_in, *dir_out = NULL; - struct dirent *dir_ent; + DIR * dir_in, *dir_out = NULL; + struct dirent **file_list; + // int done = 0; u8 infile[PATH_MAX], outfile[PATH_MAX]; u8 wait_for_gdb = 0; @@ -1155,12 +1157,6 @@ int main(int argc, char **argv_orig, char **envp) { ck_free(dn); if (!be_quiet) ACTF("Reading from directory '%s'...", in_dir); - if (!(dir_in = opendir(in_dir))) { - - PFATAL("cannot open directory %s", in_dir); - - } - if (!collect_coverage) { if (!(dir_out = opendir(out_file))) { @@ -1246,7 +1242,16 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); - while ((dir_ent = readdir(dir_in))) { + int file_count = scandir(in_dir, &file_list, NULL, alphasort); + if (file_count < 0) { + + PFATAL("Failed to read from input dir at %s\n", in_dir); + + } + + for (int i = 0; i < file_count; i++) { + + struct dirent *dir_ent = file_list[i]; if (dir_ent->d_name[0] == '.') { @@ -1293,9 +1298,11 @@ int main(int argc, char **argv_orig, char **envp) { } + free(file_list); + file_list = NULL; + if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); } - closedir(dir_in); if (dir_out) { closedir(dir_out); } if (collect_coverage) { From f66a4de18a013eeb1aed27a9e38e8209ce168c1c Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 21 May 2021 22:42:43 +0200 Subject: [PATCH 237/441] added tmp files to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index c8d29e50..8c420b5e 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ gmon.out afl-frida-trace.so utils/afl_network_proxy/afl-network-client utils/afl_network_proxy/afl-network-server +*.o.tmp From d14a758f69407fe5c39cdcccc093efd5d15ed43c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 21 May 2021 23:16:37 +0200 Subject: [PATCH 238/441] lenient dict parsing, no map size enum for binary fuzzing --- src/afl-fuzz-extras.c | 14 ++++++++++++++ src/afl-fuzz.c | 11 +++++++---- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 6091db15..584241d4 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -130,6 +130,20 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, } + /* Skip [number] */ + + if (*lptr == '[') { + + do { + + ++lptr; + + } while (*lptr >= '0' && *lptr <= '9'); + + if (*lptr == ']') { ++lptr; } + + } + /* Skip whitespace and = signs. */ while (isspace(*lptr) || *lptr == '=') { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5f939115..37659831 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1717,10 +1717,11 @@ int main(int argc, char **argv_orig, char **envp) { afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->non_instrumented_mode); if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->unicorn_mode) { + !afl->unicorn_mode && !afl->fsrv.frida_mode && + !((map_size == MAP_SIZE || map_size == 65536) && + afl->afl_env.afl_skip_bin_check)) { - if (map_size <= DEFAULT_SHMEM_SIZE && !afl->non_instrumented_mode && - !afl->fsrv.qemu_mode && !afl->unicorn_mode) { + if (map_size <= DEFAULT_SHMEM_SIZE) { afl->fsrv.map_size = DEFAULT_SHMEM_SIZE; // dummy temporary value char vbuf[16]; @@ -1778,7 +1779,9 @@ int main(int argc, char **argv_orig, char **envp) { if ((map_size <= DEFAULT_SHMEM_SIZE || afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->fsrv.frida_mode && !afl->unicorn_mode) { + !afl->fsrv.frida_mode && !afl->unicorn_mode && + !((map_size == MAP_SIZE || map_size == 65536) && + afl->afl_env.afl_skip_bin_check)) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; From bd1ceb42c4e445babe38a129abf913d447fce9ea Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Sat, 22 May 2021 11:43:09 +0200 Subject: [PATCH 239/441] added info about showmap queue directions --- docs/Changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 282b34cf..dfd5c393 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -54,6 +54,7 @@ sending a mail to . - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename + - afl-showmap/cmin will now process queue items in alphabetical order ### Version ++3.12c (release) - afl-fuzz: From 9e6e7e8fe8e3e185c9ad4bde030fe760ee1528b0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 22 May 2021 12:08:19 +0200 Subject: [PATCH 240/441] update binary-only doc --- docs/binaryonly_fuzzing.md | 40 ++++++++++++++++++-------------------- 1 file changed, 19 insertions(+), 21 deletions(-) diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index 787d970d..2f5dd614 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -42,6 +42,23 @@ As it is included in afl++ this needs no URL. +## AFL FRIDA + + In frida_mode you can fuzz binary-only targets easily like with QEMU, + with the advantage that frida_mode also works on MacOS (both intel and M1). + + If you want to fuzz a binary-only library then you can fuzz it with + frida-gum via utils/afl_frida/, you will have to write a harness to + call the target function in the library, use afl-frida.c as a template. + + Both come with afl++ so this needs no URL. + + You can also perform remote fuzzing with frida, e.g. if you want to fuzz + on iPhone or Android devices, for this you can use + [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) + as an intermediate that uses afl++ for fuzzing. + + ## WINE+QEMU Wine mode can run Win32 PE binaries with the QEMU instrumentation. @@ -62,13 +79,6 @@ As it is included in afl++ this needs no URL. -## AFL FRIDA - - If you want to fuzz a binary-only shared library then you can fuzz it with - frida-gum via utils/afl_frida/, you will have to write a harness to - call the target function in the library, use afl-frida.c as a template. - - ## AFL UNTRACER If you want to fuzz a binary-only shared library then you can fuzz it with @@ -157,19 +167,6 @@ If anyone finds any coresight implementation for afl please ping me: vh@thc.org -## FRIDA - - Frida is a dynamic instrumentation engine like Pintool, Dyninst and Dynamorio. - What is special is that it is written Python, and scripted with Javascript. - It is mostly used to reverse binaries on mobile phones however can be used - everywhere. - - There is a WIP fuzzer available at [https://github.com/andreafioraldi/frida-fuzzer](https://github.com/andreafioraldi/frida-fuzzer) - - There is also an early implementation in an AFL++ test branch: - [https://github.com/AFLplusplus/AFLplusplus/tree/frida](https://github.com/AFLplusplus/AFLplusplus/tree/frida) - - ## PIN & DYNAMORIO Pintool and Dynamorio are dynamic instrumentation engines, and they can be @@ -205,7 +202,8 @@ * QSYM: [https://github.com/sslab-gatech/qsym](https://github.com/sslab-gatech/qsym) * Manticore: [https://github.com/trailofbits/manticore](https://github.com/trailofbits/manticore) * S2E: [https://github.com/S2E](https://github.com/S2E) - * Tinyinst [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) (Mac/Windows only) + * Tinyinst: [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) (Mac/Windows only) + * Jackalope: [https://github.com/googleprojectzero/Jackalope](https://github.com/googleprojectzero/Jackalope) * ... please send me any missing that are good From 58e39ecd8f601191a98d067d5567559de931c32c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 22 May 2021 12:15:09 +0200 Subject: [PATCH 241/441] turn off map size detection if skip_bin_check is set --- docs/env_variables.md | 1 + src/afl-common.c | 4 ++++ src/afl-fuzz.c | 8 +++----- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index c3efa0c0..def1e297 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -355,6 +355,7 @@ checks or alter some of the more exotic semantics of the tool: and shell scripts; and `AFL_DUMB_FORKSRV` in conjunction with the `-n` setting to instruct afl-fuzz to still follow the fork server protocol without expecting any instrumentation data in return. + Note that this also turns off auto map size detection. - When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the fuzzer to import test cases from other instances before doing anything diff --git a/src/afl-common.c b/src/afl-common.c index 0fb1462e..8826de70 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -1110,6 +1110,10 @@ u32 get_map_size(void) { if (map_size % 64) { map_size = (((map_size >> 6) + 1) << 6); } + } else if (getenv("AFL_SKIP_BIN_CHECK")) { + + map_size = MAP_SIZE; + } return map_size; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 37659831..76c4ca37 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -238,7 +238,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" - "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" + "AFL_SKIP_BIN_CHECK: skip afl compatability checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" @@ -1718,8 +1718,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode && !afl->unicorn_mode && !afl->fsrv.frida_mode && - !((map_size == MAP_SIZE || map_size == 65536) && - afl->afl_env.afl_skip_bin_check)) { + !afl->afl_env.afl_skip_bin_check) { if (map_size <= DEFAULT_SHMEM_SIZE) { @@ -1780,8 +1779,7 @@ int main(int argc, char **argv_orig, char **envp) { afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && !afl->fsrv.frida_mode && !afl->unicorn_mode && - !((map_size == MAP_SIZE || map_size == 65536) && - afl->afl_env.afl_skip_bin_check)) { + !afl->afl_env.afl_skip_bin_check) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; From 5864430d935fac57350726d0133b8926bc62d169 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Sat, 22 May 2021 15:49:47 +0200 Subject: [PATCH 242/441] Typo --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 76c4ca37..35fb2d04 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -238,7 +238,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" - "AFL_SKIP_BIN_CHECK: skip afl compatability checks, also disables auto map size\n" + "AFL_SKIP_BIN_CHECK: skip afl compatibility checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" From 12c8d339b1204232873e16f8f4898924e5739025 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 22 May 2021 16:09:23 +0200 Subject: [PATCH 243/441] update docs --- README.md | 1 + TODO.md | 2 +- custom_mutators/README.md | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index a6ad6b4f..0b89845c 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,7 @@ Here are some good writeups to show how to effectively use AFL++: If you are interested in fuzzing structured data (where you define what the structure is), these links have you covered: * Superion for afl++: [https://github.com/adrian-rt/superion-mutator](https://github.com/adrian-rt/superion-mutator) + * libprotobuf for afl++: [https://github.com/P1umer/AFLplusplus-protobuf-mutator](https://github.com/P1umer/AFLplusplus-protobuf-mutator) * libprotobuf raw: [https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator](https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator) * libprotobuf for old afl++ API: [https://github.com/thebabush/afl-libprotobuf-mutator](https://github.com/thebabush/afl-libprotobuf-mutator) diff --git a/TODO.md b/TODO.md index 5a5e7c4e..398f3d11 100644 --- a/TODO.md +++ b/TODO.md @@ -4,7 +4,7 @@ - align map to 64 bytes but keep real IDs - Update afl->pending_not_fuzzed for MOpt - - CPU affinity for many cores? There seems to be an issue > 96 cores + - put fuzz target in top line of UI - afl-plot to support multiple plot_data - afl_custom_fuzz_splice_optin() - afl_custom_splice() diff --git a/custom_mutators/README.md b/custom_mutators/README.md index 5e1d0fe6..13172cdc 100644 --- a/custom_mutators/README.md +++ b/custom_mutators/README.md @@ -54,3 +54,6 @@ https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4 has a transform function you need to fill for your protobuf format, however needs to be ported to the updated afl++ custom mutator API (not much work): https://github.com/thebabush/afl-libprotobuf-mutator + +same as above but is for current afl++: +https://github.com/P1umer/AFLplusplus-protobuf-mutator From 197c8845ee66ae2a0369281018772bec6ea332d1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 22 May 2021 17:02:24 +0200 Subject: [PATCH 244/441] update afl-system-config --- afl-system-config | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/afl-system-config b/afl-system-config index e08871ac..e149e4cd 100755 --- a/afl-system-config +++ b/afl-system-config @@ -7,7 +7,7 @@ test "$1" = "-h" -o "$1" = "-hh" && { echo afl-system-config has no command line options echo echo afl-system reconfigures the system to a high performance fuzzing state - echo WARNING: this reduces the security of the system + echo "WARNING: this reduces the security of the system!" echo exit 1 } @@ -15,11 +15,14 @@ test "$1" = "-h" -o "$1" = "-hh" && { DONE= PLATFORM=`uname -s` echo This reconfigures the system to have a better fuzzing performance. +echo "WARNING: this reduces the security of the system!" +echo if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then echo "Warning: you need to be root to run this!" # we do not exit as other mechanisms exist that allows to do this than # being root. let the errors speak for themselves. fi +sleep 1 if [ "$PLATFORM" = "Linux" ] ; then { sysctl -w kernel.core_uses_pid=0 @@ -38,12 +41,17 @@ if [ "$PLATFORM" = "Linux" ] ; then test -e /sys/devices/system/cpu/intel_pstate/no_turbo && echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo test -e /sys/devices/system/cpu/cpufreq/boost && echo 1 > /sys/devices/system/cpu/cpufreq/boost test -e /sys/devices/system/cpu/intel_pstate/max_perf_pct && echo 100 > /sys/devices/system/cpu/intel_pstate/max_perf_pct + test -n "$(which auditctl)" && auditctl -a never,task >/dev/null 2>&1 } > /dev/null echo Settings applied. + echo dmesg | egrep -q 'nospectre_v2|spectre_v2=off' || { echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"' + echo } + echo If you run fuzzing instances in docker, run them with \"--security-opt seccomp=unconfined\" for more speed + echo DONE=1 fi if [ "$PLATFORM" = "FreeBSD" ] ; then @@ -52,6 +60,7 @@ if [ "$PLATFORM" = "FreeBSD" ] ; then sysctl kern.elf64.aslr.enable=0 } > /dev/null echo Settings applied. + echo cat < /dev/null echo Settings applied. + echo DONE=1 fi if [ "$PLATFORM" = "Darwin" ] ; then sysctl kern.sysv.shmmax=8388608 sysctl kern.sysv.shmseg=48 sysctl kern.sysv.shmall=98304 + echo Settings applied. + echo if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then - echo We unload the default crash reporter here + echo + echo Unloading the default crash reporter SL=/System/Library; PL=com.apple.ReportCrash - launchctl unload -w ${SL}/LaunchAgents/${PL}.plist - sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist - echo Settings applied. + launchctl unload -w ${SL}/LaunchAgents/${PL}.plist >/dev/null 2>&1 + sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist >/dev/null 2>&1 + echo fi + echo It is recommended to disable System Integration Protection for increased performance. + echo DONE=1 fi if [ "$PLATFORM" = "Haiku" ] ; then @@ -108,7 +123,7 @@ if [ "$PLATFORM" = "Haiku" ] ; then [ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \ echo We change the debug_server default_action from user to silently kill; \ [ ! -r ${SETTINGS} ] && echo "default_action kill" >${SETTINGS} || { mv ${SETTINGS} s.tmp; sed -e "s/default_action\s\s*user/default_action kill/" s.tmp > ${SETTINGS}; rm s.tmp; }; \ - echo Settings applied.; \ + echo Settings applied.; echo; \ } DONE=1 fi From bc286035e94e43e1e7db1b2a8099210f0e71b88b Mon Sep 17 00:00:00 2001 From: buherator Date: Sun, 23 May 2021 18:26:15 +0200 Subject: [PATCH 245/441] Set kill signal before using it in afl-showmap (#935) --- src/afl-showmap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9bf84956..d7af668c 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -1104,6 +1104,9 @@ int main(int argc, char **argv_orig, char **envp) { : 0); be_quiet = save_be_quiet; + fsrv->kill_signal = + parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + if (new_map_size) { // only reinitialize when it makes sense @@ -1211,9 +1214,6 @@ int main(int argc, char **argv_orig, char **envp) { } - fsrv->kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); - if (getenv("AFL_CRASH_EXITCODE")) { long exitcode = strtol(getenv("AFL_CRASH_EXITCODE"), NULL, 10); From bb45398d0bbad0b86e311fa6effc286206ecc611 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 23 May 2021 18:47:39 +0200 Subject: [PATCH 246/441] fix afl-cc help output --- src/afl-cc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index ff7b5219..ebe11525 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1640,7 +1640,7 @@ int main(int argc, char **argv, char **envp) { " yes\n" " [LLVM] llvm: %s%s\n" " PCGUARD %s yes yes module yes yes " - "extern\n" + "yes\n" " CLASSIC %s no yes module yes yes " "yes\n" " - NORMAL\n" From 07c8024ef11686c58c623d621f236c5312689d1b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 24 May 2021 14:05:34 +0200 Subject: [PATCH 247/441] add libafl to binary-only doc --- README.md | 28 ++++++++++++++++++++++------ docs/binaryonly_fuzzing.md | 20 +++++++++++++++----- 2 files changed, 37 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 0b89845c..501f0591 100644 --- a/README.md +++ b/README.md @@ -791,16 +791,19 @@ How this can look like can e.g. be seen at afl++'s setup in Google's [oss-fuzz]( When source code is *NOT* available, afl++ offers various support for fast, on-the-fly instrumentation of black-box binaries. -If you do not have to use Unicorn the following setup is recommended: +If you do not have to use Unicorn the following setup is recommended to use +qemu_mode: * run 1 afl-fuzz -Q instance with CMPLOG (`-c 0` + `AFL_COMPCOV_LEVEL=2`) * run 1 afl-fuzz -Q instance with QASAN (`AFL_USE_QASAN=1`) * run 1 afl-fuzz -Q instance with LAF (``AFL_PRELOAD=libcmpcov.so` + `AFL_COMPCOV_LEVEL=2`) +Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the +LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, zipr, fibre, etc. +use a binary rewriter like afl-dyninst, retrowrite, zaflr, fibre, etc. -For Qemu mode, check out the persistent mode and snapshot features, they give -a huge speed improvement! +For Qemu and Frida mode, check out the persistent mode and snapshot features, +they give a huge speed improvement! ### QEMU @@ -812,8 +815,7 @@ feature by doing: cd qemu_mode ./build_qemu_support.sh ``` -For additional instructions and caveats, see [qemu_mode/README.md](qemu_mode/README.md) - -check out the snapshot feature! :-) +For additional instructions and caveats, see [qemu_mode/README.md](qemu_mode/README.md). If possible you should use the persistent mode, see [qemu_mode/README.persistent.md](qemu_mode/README.persistent.md). The mode is approximately 2-5x slower than compile-time instrumentation, and is less conducive to parallelization. @@ -824,6 +826,20 @@ the speed compared to qemu_mode (but slower than persistent mode). Note that several other binary rewriters exist, all with their advantages and caveats. +### Frida + +Frida mode is sometimes faster and sometimes slower than Qemu mode. +It is also newer, lacks COMPCOV, but supports MacOS. + +```shell +cd frida_mode +make +``` +For additional instructions and caveats, see [frida_mode/README.md](frida_mode/README.md). +If possible you should use the persistent mode, see [qemu_frida/README.persistent.md](qemu_frida/README.persistent.md). +The mode is approximately 2-5x slower than compile-time instrumentation, and is +less conducive to parallelization. + ### Unicorn For non-Linux binaries you can use afl++'s unicorn mode which can emulate diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index 2f5dd614..bab64a30 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -41,15 +41,20 @@ As it is included in afl++ this needs no URL. + If you like to code a customized fuzzer without much work, we highly + recommend to check out our sister project libafl which will support QEMU + very too: + [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL) + ## AFL FRIDA - In frida_mode you can fuzz binary-only targets easily like with QEMU, - with the advantage that frida_mode also works on MacOS (both intel and M1). + In frida_mode you can fuzz binary-only targets easily like with QEMU, + with the advantage that frida_mode also works on MacOS (both intel and M1). - If you want to fuzz a binary-only library then you can fuzz it with - frida-gum via utils/afl_frida/, you will have to write a harness to - call the target function in the library, use afl-frida.c as a template. + If you want to fuzz a binary-only library then you can fuzz it with + frida-gum via utils/afl_frida/, you will have to write a harness to + call the target function in the library, use afl-frida.c as a template. Both come with afl++ so this needs no URL. @@ -58,6 +63,11 @@ [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) as an intermediate that uses afl++ for fuzzing. + If you like to code a customized fuzzer without much work, we highly + recommend to check out our sister project libafl which supports Frida too: + [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL) + Working examples already exist :-) + ## WINE+QEMU From 95f47ac3a4d23b28a573a0614893d7aac5f5d4b4 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 24 May 2021 14:06:46 +0200 Subject: [PATCH 248/441] Final push to stable (#936) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator --- .gitignore | 1 + README.md | 31 +++++++++++++++++------ TODO.md | 2 +- afl-system-config | 33 ++++++++++++++++++------- custom_mutators/README.md | 3 +++ docs/Changelog.md | 1 + docs/binaryonly_fuzzing.md | 50 ++++++++++++++++++++++---------------- docs/env_variables.md | 1 + qemu_mode/README.wine.md | 21 ++++++++++++++++ src/afl-cc.c | 2 +- src/afl-common.c | 4 +++ src/afl-fuzz-extras.c | 14 +++++++++++ src/afl-fuzz-init.c | 10 +++++--- src/afl-fuzz.c | 11 +++++---- src/afl-showmap.c | 33 +++++++++++++++---------- 15 files changed, 157 insertions(+), 60 deletions(-) create mode 100644 qemu_mode/README.wine.md diff --git a/.gitignore b/.gitignore index c8d29e50..8c420b5e 100644 --- a/.gitignore +++ b/.gitignore @@ -85,3 +85,4 @@ gmon.out afl-frida-trace.so utils/afl_network_proxy/afl-network-client utils/afl_network_proxy/afl-network-server +*.o.tmp diff --git a/README.md b/README.md index 5d5510d2..501f0591 100644 --- a/README.md +++ b/README.md @@ -255,6 +255,7 @@ Here are some good writeups to show how to effectively use AFL++: If you are interested in fuzzing structured data (where you define what the structure is), these links have you covered: * Superion for afl++: [https://github.com/adrian-rt/superion-mutator](https://github.com/adrian-rt/superion-mutator) + * libprotobuf for afl++: [https://github.com/P1umer/AFLplusplus-protobuf-mutator](https://github.com/P1umer/AFLplusplus-protobuf-mutator) * libprotobuf raw: [https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator](https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4_libprotobuf_aflpp_custom_mutator) * libprotobuf for old afl++ API: [https://github.com/thebabush/afl-libprotobuf-mutator](https://github.com/thebabush/afl-libprotobuf-mutator) @@ -436,7 +437,7 @@ described in [instrumentation/README.lto.md](instrumentation/README.lto.md). ##### cmake For `cmake` build systems this is usually done by: -`mkdir build; cmake -DCMAKE_C_COMPILERC=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ ..` +`mkdir build; cd build; cmake -DCMAKE_C_COMPILER=afl-cc -DCMAKE_CXX_COMPILER=afl-c++ ..` Note that if you are using the (better) afl-clang-lto compiler you also have to set AR to llvm-ar[-VERSION] and RANLIB to llvm-ranlib[-VERSION] - as is @@ -790,16 +791,19 @@ How this can look like can e.g. be seen at afl++'s setup in Google's [oss-fuzz]( When source code is *NOT* available, afl++ offers various support for fast, on-the-fly instrumentation of black-box binaries. -If you do not have to use Unicorn the following setup is recommended: +If you do not have to use Unicorn the following setup is recommended to use +qemu_mode: * run 1 afl-fuzz -Q instance with CMPLOG (`-c 0` + `AFL_COMPCOV_LEVEL=2`) * run 1 afl-fuzz -Q instance with QASAN (`AFL_USE_QASAN=1`) * run 1 afl-fuzz -Q instance with LAF (``AFL_PRELOAD=libcmpcov.so` + `AFL_COMPCOV_LEVEL=2`) +Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the +LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, zipr, fibre, etc. +use a binary rewriter like afl-dyninst, retrowrite, zaflr, fibre, etc. -For Qemu mode, check out the persistent mode and snapshot features, they give -a huge speed improvement! +For Qemu and Frida mode, check out the persistent mode and snapshot features, +they give a huge speed improvement! ### QEMU @@ -811,8 +815,7 @@ feature by doing: cd qemu_mode ./build_qemu_support.sh ``` -For additional instructions and caveats, see [qemu_mode/README.md](qemu_mode/README.md) - -check out the snapshot feature! :-) +For additional instructions and caveats, see [qemu_mode/README.md](qemu_mode/README.md). If possible you should use the persistent mode, see [qemu_mode/README.persistent.md](qemu_mode/README.persistent.md). The mode is approximately 2-5x slower than compile-time instrumentation, and is less conducive to parallelization. @@ -823,6 +826,20 @@ the speed compared to qemu_mode (but slower than persistent mode). Note that several other binary rewriters exist, all with their advantages and caveats. +### Frida + +Frida mode is sometimes faster and sometimes slower than Qemu mode. +It is also newer, lacks COMPCOV, but supports MacOS. + +```shell +cd frida_mode +make +``` +For additional instructions and caveats, see [frida_mode/README.md](frida_mode/README.md). +If possible you should use the persistent mode, see [qemu_frida/README.persistent.md](qemu_frida/README.persistent.md). +The mode is approximately 2-5x slower than compile-time instrumentation, and is +less conducive to parallelization. + ### Unicorn For non-Linux binaries you can use afl++'s unicorn mode which can emulate diff --git a/TODO.md b/TODO.md index 5a5e7c4e..398f3d11 100644 --- a/TODO.md +++ b/TODO.md @@ -4,7 +4,7 @@ - align map to 64 bytes but keep real IDs - Update afl->pending_not_fuzzed for MOpt - - CPU affinity for many cores? There seems to be an issue > 96 cores + - put fuzz target in top line of UI - afl-plot to support multiple plot_data - afl_custom_fuzz_splice_optin() - afl_custom_splice() diff --git a/afl-system-config b/afl-system-config index e08871ac..e149e4cd 100755 --- a/afl-system-config +++ b/afl-system-config @@ -7,7 +7,7 @@ test "$1" = "-h" -o "$1" = "-hh" && { echo afl-system-config has no command line options echo echo afl-system reconfigures the system to a high performance fuzzing state - echo WARNING: this reduces the security of the system + echo "WARNING: this reduces the security of the system!" echo exit 1 } @@ -15,11 +15,14 @@ test "$1" = "-h" -o "$1" = "-hh" && { DONE= PLATFORM=`uname -s` echo This reconfigures the system to have a better fuzzing performance. +echo "WARNING: this reduces the security of the system!" +echo if [ '!' "$EUID" = 0 ] && [ '!' `id -u` = 0 ] ; then echo "Warning: you need to be root to run this!" # we do not exit as other mechanisms exist that allows to do this than # being root. let the errors speak for themselves. fi +sleep 1 if [ "$PLATFORM" = "Linux" ] ; then { sysctl -w kernel.core_uses_pid=0 @@ -38,12 +41,17 @@ if [ "$PLATFORM" = "Linux" ] ; then test -e /sys/devices/system/cpu/intel_pstate/no_turbo && echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo test -e /sys/devices/system/cpu/cpufreq/boost && echo 1 > /sys/devices/system/cpu/cpufreq/boost test -e /sys/devices/system/cpu/intel_pstate/max_perf_pct && echo 100 > /sys/devices/system/cpu/intel_pstate/max_perf_pct + test -n "$(which auditctl)" && auditctl -a never,task >/dev/null 2>&1 } > /dev/null echo Settings applied. + echo dmesg | egrep -q 'nospectre_v2|spectre_v2=off' || { echo It is recommended to boot the kernel with lots of security off - if you are running a machine that is in a secured network - so set this: echo ' /etc/default/grub:GRUB_CMDLINE_LINUX_DEFAULT="ibpb=off ibrs=off kpti=0 l1tf=off mds=off mitigations=off no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off spectre_v2=off stf_barrier=off srbds=off noexec=off noexec32=off tsx=on tsx_async_abort=off arm64.nopauth audit=0 hardened_usercopy=off ssbd=force-off"' + echo } + echo If you run fuzzing instances in docker, run them with \"--security-opt seccomp=unconfined\" for more speed + echo DONE=1 fi if [ "$PLATFORM" = "FreeBSD" ] ; then @@ -52,6 +60,7 @@ if [ "$PLATFORM" = "FreeBSD" ] ; then sysctl kern.elf64.aslr.enable=0 } > /dev/null echo Settings applied. + echo cat < /dev/null echo Settings applied. + echo DONE=1 fi if [ "$PLATFORM" = "Darwin" ] ; then sysctl kern.sysv.shmmax=8388608 sysctl kern.sysv.shmseg=48 sysctl kern.sysv.shmall=98304 + echo Settings applied. + echo if [ $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') ] ; then - echo We unload the default crash reporter here + echo + echo Unloading the default crash reporter SL=/System/Library; PL=com.apple.ReportCrash - launchctl unload -w ${SL}/LaunchAgents/${PL}.plist - sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist - echo Settings applied. + launchctl unload -w ${SL}/LaunchAgents/${PL}.plist >/dev/null 2>&1 + sudo launchctl unload -w ${SL}/LaunchDaemons/${PL}.Root.plist >/dev/null 2>&1 + echo fi + echo It is recommended to disable System Integration Protection for increased performance. + echo DONE=1 fi if [ "$PLATFORM" = "Haiku" ] ; then @@ -108,7 +123,7 @@ if [ "$PLATFORM" = "Haiku" ] ; then [ -r ${SETTINGS} ] && grep -qE "default_action\s+kill" ${SETTINGS} && { echo "Nothing to do"; } || { \ echo We change the debug_server default_action from user to silently kill; \ [ ! -r ${SETTINGS} ] && echo "default_action kill" >${SETTINGS} || { mv ${SETTINGS} s.tmp; sed -e "s/default_action\s\s*user/default_action kill/" s.tmp > ${SETTINGS}; rm s.tmp; }; \ - echo Settings applied.; \ + echo Settings applied.; echo; \ } DONE=1 fi diff --git a/custom_mutators/README.md b/custom_mutators/README.md index 5e1d0fe6..13172cdc 100644 --- a/custom_mutators/README.md +++ b/custom_mutators/README.md @@ -54,3 +54,6 @@ https://github.com/bruce30262/libprotobuf-mutator_fuzzing_learning/tree/master/4 has a transform function you need to fill for your protobuf format, however needs to be ported to the updated afl++ custom mutator API (not much work): https://github.com/thebabush/afl-libprotobuf-mutator + +same as above but is for current afl++: +https://github.com/P1umer/AFLplusplus-protobuf-mutator diff --git a/docs/Changelog.md b/docs/Changelog.md index 282b34cf..dfd5c393 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -54,6 +54,7 @@ sending a mail to . - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename + - afl-showmap/cmin will now process queue items in alphabetical order ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index 787d970d..bab64a30 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -41,6 +41,33 @@ As it is included in afl++ this needs no URL. + If you like to code a customized fuzzer without much work, we highly + recommend to check out our sister project libafl which will support QEMU + very too: + [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL) + + +## AFL FRIDA + + In frida_mode you can fuzz binary-only targets easily like with QEMU, + with the advantage that frida_mode also works on MacOS (both intel and M1). + + If you want to fuzz a binary-only library then you can fuzz it with + frida-gum via utils/afl_frida/, you will have to write a harness to + call the target function in the library, use afl-frida.c as a template. + + Both come with afl++ so this needs no URL. + + You can also perform remote fuzzing with frida, e.g. if you want to fuzz + on iPhone or Android devices, for this you can use + [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) + as an intermediate that uses afl++ for fuzzing. + + If you like to code a customized fuzzer without much work, we highly + recommend to check out our sister project libafl which supports Frida too: + [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL) + Working examples already exist :-) + ## WINE+QEMU @@ -62,13 +89,6 @@ As it is included in afl++ this needs no URL. -## AFL FRIDA - - If you want to fuzz a binary-only shared library then you can fuzz it with - frida-gum via utils/afl_frida/, you will have to write a harness to - call the target function in the library, use afl-frida.c as a template. - - ## AFL UNTRACER If you want to fuzz a binary-only shared library then you can fuzz it with @@ -157,19 +177,6 @@ If anyone finds any coresight implementation for afl please ping me: vh@thc.org -## FRIDA - - Frida is a dynamic instrumentation engine like Pintool, Dyninst and Dynamorio. - What is special is that it is written Python, and scripted with Javascript. - It is mostly used to reverse binaries on mobile phones however can be used - everywhere. - - There is a WIP fuzzer available at [https://github.com/andreafioraldi/frida-fuzzer](https://github.com/andreafioraldi/frida-fuzzer) - - There is also an early implementation in an AFL++ test branch: - [https://github.com/AFLplusplus/AFLplusplus/tree/frida](https://github.com/AFLplusplus/AFLplusplus/tree/frida) - - ## PIN & DYNAMORIO Pintool and Dynamorio are dynamic instrumentation engines, and they can be @@ -205,7 +212,8 @@ * QSYM: [https://github.com/sslab-gatech/qsym](https://github.com/sslab-gatech/qsym) * Manticore: [https://github.com/trailofbits/manticore](https://github.com/trailofbits/manticore) * S2E: [https://github.com/S2E](https://github.com/S2E) - * Tinyinst [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) (Mac/Windows only) + * Tinyinst: [https://github.com/googleprojectzero/TinyInst](https://github.com/googleprojectzero/TinyInst) (Mac/Windows only) + * Jackalope: [https://github.com/googleprojectzero/Jackalope](https://github.com/googleprojectzero/Jackalope) * ... please send me any missing that are good diff --git a/docs/env_variables.md b/docs/env_variables.md index c3efa0c0..def1e297 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -355,6 +355,7 @@ checks or alter some of the more exotic semantics of the tool: and shell scripts; and `AFL_DUMB_FORKSRV` in conjunction with the `-n` setting to instruct afl-fuzz to still follow the fork server protocol without expecting any instrumentation data in return. + Note that this also turns off auto map size detection. - When running in the `-M` or `-S` mode, setting `AFL_IMPORT_FIRST` causes the fuzzer to import test cases from other instances before doing anything diff --git a/qemu_mode/README.wine.md b/qemu_mode/README.wine.md new file mode 100644 index 00000000..567901cd --- /dev/null +++ b/qemu_mode/README.wine.md @@ -0,0 +1,21 @@ +# How to troubleshoot AFL++'s wine mode + +## 1) Debugging +To turn on wine debugging use the `WINEDEBUG` environment variable, +e.g. `WINEDEBUG=+timestamp,+tid,+loaddll`. + +## 2) LoadLibraryA workaround +The forked process fails to load libraries loaded via `LoadLibrary` +if the load happens after the entry point (error code: 87). To resolve +this issue, one needs to load any external libraries before the fork happens. + +An early DLL load can be achieved by adding the DLL name into the `Import Directory` +in the PE file. Such an entry can be added manually in any PE editor. + +Alternativly, one can generate a `.lib` file from the DLL exports and link +them together with the harness to create an entry in the `Import Directory`. +Use `dumpbin /exports .dll` to extract the exports and paste the +exported function names into a `.def` file. Use `lib /def: /OUT:` +to generate a `.lib` and add the library to the linker options. Once the usage of +an export is detected (`__declspec(dllimport)`), the +linker adds the early DLL load. \ No newline at end of file diff --git a/src/afl-cc.c b/src/afl-cc.c index ff7b5219..ebe11525 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1640,7 +1640,7 @@ int main(int argc, char **argv, char **envp) { " yes\n" " [LLVM] llvm: %s%s\n" " PCGUARD %s yes yes module yes yes " - "extern\n" + "yes\n" " CLASSIC %s no yes module yes yes " "yes\n" " - NORMAL\n" diff --git a/src/afl-common.c b/src/afl-common.c index 0fb1462e..8826de70 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -1110,6 +1110,10 @@ u32 get_map_size(void) { if (map_size % 64) { map_size = (((map_size >> 6) + 1) << 6); } + } else if (getenv("AFL_SKIP_BIN_CHECK")) { + + map_size = MAP_SIZE; + } return map_size; diff --git a/src/afl-fuzz-extras.c b/src/afl-fuzz-extras.c index 6091db15..584241d4 100644 --- a/src/afl-fuzz-extras.c +++ b/src/afl-fuzz-extras.c @@ -130,6 +130,20 @@ void load_extras_file(afl_state_t *afl, u8 *fname, u32 *min_len, u32 *max_len, } + /* Skip [number] */ + + if (*lptr == '[') { + + do { + + ++lptr; + + } while (*lptr >= '0' && *lptr <= '9'); + + if (*lptr == ']') { ++lptr; } + + } + /* Skip whitespace and = signs. */ while (isspace(*lptr) || *lptr == '=') { diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index c43bcc2b..b277802b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -2728,11 +2728,15 @@ void check_binary(afl_state_t *afl, u8 *fname) { " When source code is not available, you may be able to leverage " "QEMU\n" " mode support. Consult the README.md for tips on how to enable " - "this.\n" + "this.\n\n" + + " If your target is an instrumented binary (e.g. with zafl, " + "retrowrite,\n" + " etc.) then set 'AFL_SKIP_BIN_CHECK=1'\n\n" " (It is also possible to use afl-fuzz as a traditional, " - "non-instrumented fuzzer.\n" - " For that, you can use the -n option - but expect much worse " + "non-instrumented\n" + " fuzzer. For that use the -n option - but expect much worse " "results.)\n", doc_path); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5f939115..35fb2d04 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -238,7 +238,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TARGET_ENV: pass extra environment variables to target\n" "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" - "AFL_SKIP_BIN_CHECK: skip the check, if the target is an executable\n" + "AFL_SKIP_BIN_CHECK: skip afl compatibility checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" @@ -1717,10 +1717,10 @@ int main(int argc, char **argv_orig, char **envp) { afl_shm_init(&afl->shm, afl->fsrv.map_size, afl->non_instrumented_mode); if (!afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->unicorn_mode) { + !afl->unicorn_mode && !afl->fsrv.frida_mode && + !afl->afl_env.afl_skip_bin_check) { - if (map_size <= DEFAULT_SHMEM_SIZE && !afl->non_instrumented_mode && - !afl->fsrv.qemu_mode && !afl->unicorn_mode) { + if (map_size <= DEFAULT_SHMEM_SIZE) { afl->fsrv.map_size = DEFAULT_SHMEM_SIZE; // dummy temporary value char vbuf[16]; @@ -1778,7 +1778,8 @@ int main(int argc, char **argv_orig, char **envp) { if ((map_size <= DEFAULT_SHMEM_SIZE || afl->cmplog_fsrv.map_size < map_size) && !afl->non_instrumented_mode && !afl->fsrv.qemu_mode && - !afl->fsrv.frida_mode && !afl->unicorn_mode) { + !afl->fsrv.frida_mode && !afl->unicorn_mode && + !afl->afl_env.afl_skip_bin_check) { afl->cmplog_fsrv.map_size = MAX(map_size, (u32)DEFAULT_SHMEM_SIZE); char vbuf[16]; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 9b4d21a5..d7af668c 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -52,6 +52,7 @@ #include #include +#include #include #include #ifndef USEMMAP @@ -1103,6 +1104,9 @@ int main(int argc, char **argv_orig, char **envp) { : 0); be_quiet = save_be_quiet; + fsrv->kill_signal = + parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + if (new_map_size) { // only reinitialize when it makes sense @@ -1129,8 +1133,9 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir) { - DIR * dir_in, *dir_out = NULL; - struct dirent *dir_ent; + DIR * dir_in, *dir_out = NULL; + struct dirent **file_list; + // int done = 0; u8 infile[PATH_MAX], outfile[PATH_MAX]; u8 wait_for_gdb = 0; @@ -1155,12 +1160,6 @@ int main(int argc, char **argv_orig, char **envp) { ck_free(dn); if (!be_quiet) ACTF("Reading from directory '%s'...", in_dir); - if (!(dir_in = opendir(in_dir))) { - - PFATAL("cannot open directory %s", in_dir); - - } - if (!collect_coverage) { if (!(dir_out = opendir(out_file))) { @@ -1215,9 +1214,6 @@ int main(int argc, char **argv_orig, char **envp) { } - fsrv->kill_signal = - parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); - if (getenv("AFL_CRASH_EXITCODE")) { long exitcode = strtol(getenv("AFL_CRASH_EXITCODE"), NULL, 10); @@ -1246,7 +1242,16 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); - while ((dir_ent = readdir(dir_in))) { + int file_count = scandir(in_dir, &file_list, NULL, alphasort); + if (file_count < 0) { + + PFATAL("Failed to read from input dir at %s\n", in_dir); + + } + + for (int i = 0; i < file_count; i++) { + + struct dirent *dir_ent = file_list[i]; if (dir_ent->d_name[0] == '.') { @@ -1293,9 +1298,11 @@ int main(int argc, char **argv_orig, char **envp) { } + free(file_list); + file_list = NULL; + if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); } - closedir(dir_in); if (dir_out) { closedir(dir_out); } if (collect_coverage) { From 909e43fd5538ef8cf1b478816974e3ab030490e9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 25 May 2021 07:45:44 +0200 Subject: [PATCH 249/441] update docs --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 501f0591..cedf706c 100644 --- a/README.md +++ b/README.md @@ -800,10 +800,10 @@ Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, zaflr, fibre, etc. +use a binary rewriter like afl-dyninst, retrowrite, zaflr, etc. -For Qemu and Frida mode, check out the persistent mode and snapshot features, -they give a huge speed improvement! +For Qemu and Frida mode, check out the persistent mode, it gives a huge speed +improvement if it is possible to use. ### QEMU @@ -822,7 +822,7 @@ less conducive to parallelization. If [afl-dyninst](https://github.com/vanhauser-thc/afl-dyninst) works for your binary, then you can use afl-fuzz normally and it will have twice -the speed compared to qemu_mode (but slower than persistent mode). +the speed compared to qemu_mode (but slower than qemu persistent mode). Note that several other binary rewriters exist, all with their advantages and caveats. From 109383f43830010c36b704c682ee537e6474d25a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 25 May 2021 09:08:31 +0200 Subject: [PATCH 250/441] less executions on variable paths --- docs/Changelog.md | 2 ++ include/config.h | 4 ++-- src/afl-fuzz-run.c | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index dfd5c393..33d37067 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -35,6 +35,8 @@ sending a mail to . afl++ ignores these and uses them for splicing instead. - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after no new paths have been found for n seconds + - when AFL_FAST_CAL is set a variable path will no be calibrated 8 times + instead of 40 - afl-cc: - We do not support llvm versions prior 6.0 anymore - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD diff --git a/include/config.h b/include/config.h index aa24ea6c..80cdb684 100644 --- a/include/config.h +++ b/include/config.h @@ -154,7 +154,7 @@ cases that show variable behavior): */ #define CAL_CYCLES 8U -#define CAL_CYCLES_LONG 40U +#define CAL_CYCLES_LONG 20U /* Number of subsequent timeouts before abandoning an input file: */ @@ -163,7 +163,7 @@ /* Maximum number of unique hangs or crashes to record: */ #define KEEP_UNIQUE_HANG 500U -#define KEEP_UNIQUE_CRASH 5000U +#define KEEP_UNIQUE_CRASH 10000U /* Baseline number of random tweaks during a single 'havoc' stage: */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 6e5210b8..5a481639 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -410,7 +410,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } var_detected = 1; - afl->stage_max = CAL_CYCLES_LONG; + afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG; } else { From 8e75adfee5574d6d0dd7fd73e9c0899f3162c964 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 25 May 2021 09:22:50 +0200 Subject: [PATCH 251/441] AFL_SKIP_CRASHES is obsolete since 3.0 --- docs/env_variables.md | 5 ----- include/afl-fuzz.h | 2 +- src/afl-fuzz-init.c | 30 +++--------------------------- src/afl-fuzz-state.c | 3 +-- src/afl-fuzz.c | 2 +- 5 files changed, 6 insertions(+), 36 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index def1e297..442b0dd0 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -315,11 +315,6 @@ checks or alter some of the more exotic semantics of the tool: - Setting `AFL_NO_AUTODICT` will not load an LTO generated auto dictionary that is compiled into the target. - - `AFL_SKIP_CRASHES` causes AFL++ to tolerate crashing files in the input - queue. This can help with rare situations where a program crashes only - intermittently, but it's not really recommended under normal operating - conditions. - - Setting `AFL_HANG_TMOUT` allows you to specify a different timeout for deciding if a particular test case is a "hang". The default is 1 second or the value of the `-t` parameter, whichever is larger. Dialing the value diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 72f956b9..e9a72fc2 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -388,7 +388,7 @@ typedef struct afl_env_vars { afl_exit_on_seed_issues; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, - *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, + *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_testcache_entries, *afl_kill_signal, *afl_target_env, diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index b277802b..f2d1fb9b 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -823,7 +823,6 @@ void perform_dry_run(afl_state_t *afl) { struct queue_entry *q; u32 cal_failures = 0, idx; - u8 * skip_crashes = afl->afl_env.afl_skip_crashes; u8 * use_mem; for (idx = 0; idx < afl->queued_paths; idx++) { @@ -923,27 +922,6 @@ void perform_dry_run(afl_state_t *afl) { if (afl->crash_mode) { break; } - if (skip_crashes) { - - if (afl->fsrv.uses_crash_exitcode) { - - WARNF( - "Test case results in a crash or AFL_CRASH_EXITCODE %d " - "(skipping)", - (int)(s8)afl->fsrv.crash_exitcode); - - } else { - - WARNF("Test case results in a crash (skipping)"); - - } - - q->cal_failed = CAL_CHANCES; - ++cal_failures; - break; - - } - if (afl->fsrv.mem_limit) { u8 val_buf[STRINGIFY_VAL_SIZE_MAX]; @@ -1117,14 +1095,12 @@ void perform_dry_run(afl_state_t *afl) { if (cal_failures == afl->queued_paths) { - FATAL("All test cases time out%s, giving up!", - skip_crashes ? " or crash" : ""); + FATAL("All test cases time out or crash, giving up!"); } - WARNF("Skipped %u test cases (%0.02f%%) due to timeouts%s.", cal_failures, - ((double)cal_failures) * 100 / afl->queued_paths, - skip_crashes ? " or crashes" : ""); + WARNF("Skipped %u test cases (%0.02f%%) due to timeouts or crashes.", + cal_failures, ((double)cal_failures) * 100 / afl->queued_paths); if (cal_failures * 5 > afl->queued_paths) { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index c886cb28..046d17d6 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -206,8 +206,7 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl_environment_variable_len)) { - afl->afl_env.afl_skip_crashes = - (u8 *)get_afl_env(afl_environment_variables[i]); + // we should mark this obsolete in a few versions } else if (!strncmp(env, "AFL_HANG_TMOUT", diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 35fb2d04..3b6ac5e2 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -240,7 +240,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" "AFL_SKIP_BIN_CHECK: skip afl compatibility checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" - "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" + //"AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" "AFL_STATSD_HOST: change default statsd host (default 127.0.0.1)\n" "AFL_STATSD_PORT: change default statsd port (default: 8125)\n" From 87b16c4460d34eb775660991732ca0ef0c2f8e78 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 25 May 2021 10:45:24 +0200 Subject: [PATCH 252/441] add AFL_TRY_AFFINITY --- Dockerfile | 1 + README.md | 4 ++-- docs/Changelog.md | 10 ++++++---- docs/env_variables.md | 3 +++ include/afl-fuzz.h | 2 +- include/envs.h | 1 + src/afl-fuzz-init.c | 34 ++++++++++++++++++++++++---------- src/afl-fuzz-state.c | 7 +++++++ src/afl-fuzz.c | 1 + 9 files changed, 46 insertions(+), 17 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f89b9aa..9662ca7c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,6 +50,7 @@ RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 0 ENV LLVM_CONFIG=llvm-config-12 ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_TRY_AFFINITY=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov /afl-cov diff --git a/README.md b/README.md index cedf706c..69e2d14a 100644 --- a/README.md +++ b/README.md @@ -679,8 +679,8 @@ If you see that an important area or a feature has not been covered so far then try to find an input that is able to reach that and start a new secondary in that fuzzing campaign with that seed as input, let it run for a few minutes, then terminate it. The main node will pick it up and make it available to the -other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` if you have no -free core. +other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` or +`export AFL_TRY_AFFINITY=1` if you have no free core. Note that you in nearly all cases can never reach full coverage. A lot of functionality is usually behind options that were not activated or fuzz e.g. diff --git a/docs/Changelog.md b/docs/Changelog.md index 33d37067..bbe55e3e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -33,10 +33,12 @@ sending a mail to . - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. - - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after - no new paths have been found for n seconds - - when AFL_FAST_CAL is set a variable path will no be calibrated 8 times - instead of 40 + - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing + after no new paths have been found for n seconds + - when AFL_FAST_CAL is set a variable path will no be calibrated + 8 times instead of 40 + - added AFL_TRY_AFFINITY to try to bind to CPUs but don't error if + it fails - afl-cc: - We do not support llvm versions prior 6.0 anymore - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD diff --git a/docs/env_variables.md b/docs/env_variables.md index 442b0dd0..a3267523 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -312,6 +312,9 @@ checks or alter some of the more exotic semantics of the tool: on Linux systems. This slows things down, but lets you run more instances of afl-fuzz than would be prudent (if you really want to). + - Setting `AFL_TRY_AFFINITY` tries to attempts to bind to a specific CPU core + on Linux systems, but will not terminate if it fails. + - Setting `AFL_NO_AUTODICT` will not load an LTO generated auto dictionary that is compiled into the target. diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index e9a72fc2..4aba3bdf 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -385,7 +385,7 @@ typedef struct afl_env_vars { afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one, afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new, - afl_exit_on_seed_issues; + afl_exit_on_seed_issues, afl_try_affinity; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, diff --git a/include/envs.h b/include/envs.h index f1314bad..e7162c0f 100644 --- a/include/envs.h +++ b/include/envs.h @@ -120,6 +120,7 @@ static char *afl_environment_variables[] = { "AFL_LLVM_INSTRUMENT_FILE", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", + "AFL_TRY_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index f2d1fb9b..88b5bc02 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -113,7 +113,7 @@ void bind_to_free_cpu(afl_state_t *afl) { u8 lockfile[PATH_MAX] = ""; s32 i; - if (afl->afl_env.afl_no_affinity) { + if (afl->afl_env.afl_no_affinity && !afl->afl_env.afl_try_affinity) { if (afl->cpu_to_bind != -1) { @@ -130,10 +130,21 @@ void bind_to_free_cpu(afl_state_t *afl) { if (!bind_cpu(afl, afl->cpu_to_bind)) { - FATAL( - "Could not bind to requested CPU %d! Make sure you passed a valid " - "-b.", - afl->cpu_to_bind); + if (afl->afl_env.afl_try_affinity) { + + WARNF( + "Could not bind to requested CPU %d! Make sure you passed a valid " + "-b.", + afl->cpu_to_bind); + + } else { + + FATAL( + "Could not bind to requested CPU %d! Make sure you passed a valid " + "-b.", + afl->cpu_to_bind); + + } } @@ -420,11 +431,14 @@ void bind_to_free_cpu(afl_state_t *afl) { "Uh-oh, looks like all %d CPU cores on your system are allocated to\n" " other instances of afl-fuzz (or similar CPU-locked tasks). " "Starting\n" - " another fuzzer on this machine is probably a bad plan, but if " - "you are\n" - " absolutely sure, you can set AFL_NO_AFFINITY and try again.\n", - afl->cpu_core_count); - FATAL("No more free CPU cores"); + " another fuzzer on this machine is probably a bad plan.\n" + "%s", + afl->cpu_core_count, + afl->afl_env.afl_try_affinity ? "" + : " If you are sure, you can set " + "AFL_NO_AFFINITY and try again.\n"); + + if (!afl->afl_env.afl_try_affinity) { FATAL("No more free CPU cores"); } } diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 046d17d6..0658070e 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -202,6 +202,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_no_affinity = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_TRY_AFFINITY", + + afl_environment_variable_len)) { + + afl->afl_env.afl_try_affinity = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_SKIP_CRASHES", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 3b6ac5e2..bb970e5f 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -220,6 +220,7 @@ static void usage(u8 *argv0, int more_help) { " then they are randomly selected instead all of them being\n" " used. Defaults to 200.\n" "AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n" + "AFL_TRY_AFFINITY: try to bind to an unused core, but don't fail if unsuccessful\n" "AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n" "AFL_NO_AUTODICT: do not load an offered auto dictionary compiled into a target\n" "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n" From 654bc7bf32a81576596b0ca83c9b90e90598a815 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 25 May 2021 21:29:09 +0200 Subject: [PATCH 253/441] Typo --- docs/binaryonly_fuzzing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index bab64a30..11e1dbeb 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -43,7 +43,7 @@ If you like to code a customized fuzzer without much work, we highly recommend to check out our sister project libafl which will support QEMU - very too: + too: [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL) From ad3dba047f5186b3b0941d33f0cd37e9ac218069 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 25 May 2021 21:52:11 +0200 Subject: [PATCH 254/441] Typo --- docs/Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index bbe55e3e..f8831ff1 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -35,7 +35,7 @@ sending a mail to . afl++ ignores these and uses them for splicing instead. - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after no new paths have been found for n seconds - - when AFL_FAST_CAL is set a variable path will no be calibrated + - when AFL_FAST_CAL is set a variable path will now be calibrated 8 times instead of 40 - added AFL_TRY_AFFINITY to try to bind to CPUs but don't error if it fails From 314c0357a7619087d00b06a4567b97f4a30bfbf9 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 25 May 2021 21:59:24 +0200 Subject: [PATCH 255/441] Typo/wording --- docs/env_variables.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/env_variables.md b/docs/env_variables.md index a3267523..7bbc0fdd 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -312,8 +312,8 @@ checks or alter some of the more exotic semantics of the tool: on Linux systems. This slows things down, but lets you run more instances of afl-fuzz than would be prudent (if you really want to). - - Setting `AFL_TRY_AFFINITY` tries to attempts to bind to a specific CPU core - on Linux systems, but will not terminate if it fails. + - Setting `AFL_TRY_AFFINITY` tries to attempt binding to a specific CPU core + on Linux systems, but will not terminate if that fails. - Setting `AFL_NO_AUTODICT` will not load an LTO generated auto dictionary that is compiled into the target. From 3b93729213de46a3008709bd8170d5593394d8cb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 25 May 2021 22:04:25 +0200 Subject: [PATCH 256/441] tweaks --- docs/Changelog.md | 4 ++-- docs/custom_mutators.md | 3 +++ src/afl-fuzz-python.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index f8831ff1..175c6c43 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -35,8 +35,8 @@ sending a mail to . afl++ ignores these and uses them for splicing instead. - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after no new paths have been found for n seconds - - when AFL_FAST_CAL is set a variable path will now be calibrated - 8 times instead of 40 + - when AFL_FAST_CAL is set a variable path will no be calibrated + 8 times instead of originally 40. Long calibration is now 20. - added AFL_TRY_AFFINITY to try to bind to CPUs but don't error if it fails - afl-cc: diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 9d5381e8..3e3ae01d 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -92,6 +92,9 @@ def queue_new_entry(filename_new_queue, filename_orig_queue): def introspection(): return string + +def deinit(): # optional for Python + pass ``` ### Custom Mutation diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 8760194c..3aa97635 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -212,7 +212,7 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { PyObject_GetAttrString(py_module, "introspection"); py_functions[PY_FUNC_DEINIT] = PyObject_GetAttrString(py_module, "deinit"); if (!py_functions[PY_FUNC_DEINIT]) - FATAL("deinit function not found in python module"); + WARNF("deinit function not found in python module"); for (py_idx = 0; py_idx < PY_FUNC_COUNT; ++py_idx) { From a5e551ab917cef708363483070eb62c55897cf3b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 25 May 2021 23:49:14 +0200 Subject: [PATCH 257/441] typos --- docs/Changelog.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 175c6c43..594637fb 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -35,7 +35,7 @@ sending a mail to . afl++ ignores these and uses them for splicing instead. - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after no new paths have been found for n seconds - - when AFL_FAST_CAL is set a variable path will no be calibrated + - when AFL_FAST_CAL is set a variable path will now be calibrated 8 times instead of originally 40. Long calibration is now 20. - added AFL_TRY_AFFINITY to try to bind to CPUs but don't error if it fails @@ -57,7 +57,8 @@ sending a mail to . MacOS shared memory - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup - - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename + - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the + current filename - afl-showmap/cmin will now process queue items in alphabetical order ### Version ++3.12c (release) From 6bd3c26cfb3a4e2cd01710025144ce9f1119fc2e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 26 May 2021 16:01:11 +0200 Subject: [PATCH 258/441] fix afl-whatsup help output --- afl-whatsup | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/afl-whatsup b/afl-whatsup index be259829..9c2564c6 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -21,11 +21,11 @@ echo "$0 status check tool for afl-fuzz by Michal Zalewski" echo test "$1" = "-h" -o "$1" = "-hh" && { - echo "$0 [-s] [-d] output_directory" + echo "Usage: $0 [-s] [-d] afl_output_directory" echo echo Options: - echo -s - skip details and output summary results only - echo -d - include dead fuzzer stats + echo " -s - skip details and output summary results only" + echo " -d - include dead fuzzer stats" echo exit 1 } @@ -51,10 +51,11 @@ DIR="$1" if [ "$DIR" = "" ]; then - echo "Usage: $0 [-s] [-d] afl_sync_dir" 1>&2 + echo "Usage: $0 [-s] [-d] afl_output_directory" 1>&2 echo 1>&2 - echo "The -s option causes the tool to skip all the per-fuzzer trivia and show" 1>&2 - echo "just the summary results. See docs/parallel_fuzzing.md for additional tips." 1>&2 + echo Options: 1>&2 + echo " -s - skip details and output summary results only" 1>&2 + echo " -d - include dead fuzzer stats" 1>&2 echo 1>&2 exit 1 From 2210472784ca070a1d3b52fbc52da12a612f0d26 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 26 May 2021 16:05:00 +0200 Subject: [PATCH 259/441] fix afl-plot output --- afl-plot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-plot b/afl-plot index 26c8d1b7..60a351ab 100755 --- a/afl-plot +++ b/afl-plot @@ -127,7 +127,7 @@ set key outside set autoscale xfixmin set autoscale xfixmax -set xlabel "all times in UTC" font "small" +#set xlabel "all times in UTC" font "small" plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ '' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ From 64d9b7dd21aec84658f6ab89eee0455e98bdbc98 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 26 May 2021 22:42:14 +0200 Subject: [PATCH 260/441] fix for MacOS --- src/afl-fuzz.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bb970e5f..4cd38d78 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -35,6 +35,10 @@ #include #endif +#ifdef __APPLE__ + #include +#endif + #ifdef PROFILING extern u64 time_spent_working; #endif From 2af9a634d6585709a01edde5ee6aa08b7b3fa9f4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 26 May 2021 22:51:37 +0200 Subject: [PATCH 261/441] fix cmpcov doc for qemu --- qemu_mode/README.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 38cb5ba6..d28479d9 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -110,22 +110,23 @@ takes priority over any included ranges or AFL_INST_LIBS. CompareCoverage is a sub-instrumentation with effects similar to laf-intel. -The environment variable that enables QEMU CompareCoverage is AFL_COMPCOV_LEVEL. -There is also ./libcompcov/ which implements CompareCoverage for *cmp functions -(splitting memcmp, strncmp, etc. to make these conditions easier solvable by -afl-fuzz). +You have to set `AFL_PRELOAD=/path/to/libcompcov.so` together with +setting the AFL_COMPCOV_LEVEL you want to enable it. AFL_COMPCOV_LEVEL=1 is to instrument comparisons with only immediate -values / read-only memory. AFL_COMPCOV_LEVEL=2 instruments all -comparison instructions and memory comparison functions when libcompcov -is preloaded. -AFL_COMPCOV_LEVEL=3 has the same effects of AFL_COMPCOV_LEVEL=2 but enables also -the instrumentation of the floating-point comparisons on x86 and x86_64 (experimental). +values / read-only memory. + +AFL_COMPCOV_LEVEL=2 instruments all comparison instructions and memory +comparison functions when libcompcov is preloaded. + +AFL_COMPCOV_LEVEL=3 has the same effects of AFL_COMPCOV_LEVEL=2 but enables +also the instrumentation of the floating-point comparisons on x86 and x86_64 +(experimental). Integer comparison instructions are currently instrumented only on the x86, x86_64, arm and aarch64 targets. -Highly recommended. +Recommended, but not as good as CMPLOG mode (see below). ## 8) CMPLOG mode From 0aeb871ac95b35d741628069a487e843369c1ab0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 26 May 2021 22:55:21 +0200 Subject: [PATCH 262/441] fix tmpfile removal --- src/afl-fuzz.c | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 4cd38d78..a3a623d9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2301,26 +2301,9 @@ stop_fuzzing: afl_fsrv_deinit(&afl->fsrv); /* remove tmpfile */ - if (afl->tmp_dir != NULL && !afl->in_place_resume) { + if (afl->tmp_dir != NULL && !afl->in_place_resume && afl->fsrv.out_file) { - char tmpfile[PATH_MAX]; - - if (afl->file_extension) { - - snprintf(tmpfile, PATH_MAX, "%s/.cur_input.%s", afl->tmp_dir, - afl->file_extension); - - } else { - - snprintf(tmpfile, PATH_MAX, "%s/.cur_input", afl->tmp_dir); - - } - - if (unlink(tmpfile) != 0) { - - FATAL("Could not unlink current input file: %s.", tmpfile); - - } + (void)unlink(afl->fsrv.out_file); } From 9e0370aa997ec8d0729ea695e74f9529baedd3a0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 26 May 2021 23:15:29 +0200 Subject: [PATCH 263/441] update dockerfile --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9662ca7c..18fb6367 100644 --- a/Dockerfile +++ b/Dockerfile @@ -62,8 +62,10 @@ WORKDIR /AFLplusplus RUN export CC=gcc-10 && export CXX=g++-10 && make clean && \ make distrib && make install && make clean -RUN echo 'alias joe="jupp --wordwrap"' >> ~/.bashrc -RUN echo 'export PS1="[afl++]$PS1"' >> ~/.bashrc +RUN sh -c 'echo set encoding=utf-8 > /root/.vimrc' +RUN echo '. /etc/bash_completion' >> ~/.bashrc +RUN echo 'alias joe="joe --wordwrap --joe_state -nobackup"' >> ~/.bashrc +RUN echo "export PS1='"'[afl++ \h] \w$(__git_ps1) \$ '"'" >> ~/.bashrc ENV IS_DOCKER="1" # Disabled until we have the container ready From 14178141dcdc1a81ea4f4461790ec87f60606985 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 27 May 2021 09:49:34 +0100 Subject: [PATCH 264/441] Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name --- frida_mode/include/instrument.h | 3 + frida_mode/include/util.h | 2 +- frida_mode/src/instrument/instrument.c | 45 +- frida_mode/src/instrument/instrument_debug.c | 128 ++ frida_mode/src/main.c | 3 +- frida_mode/src/ranges.c | 67 +- frida_mode/test/libpcap/GNUmakefile | 188 +++ frida_mode/test/libpcap/Makefile | 1143 +++++++++++++++++ .../test/libpcap/aflpp_qemu_driver_hook.c | 97 ++ frida_mode/test/libpcap/get_symbol_addr.py | 36 + frida_mode/test/re2/GNUmakefile | 170 +++ frida_mode/test/re2/Makefile | 22 + frida_mode/test/re2/aflpp_qemu_driver_hook.c | 97 ++ frida_mode/test/re2/get_symbol_addr.py | 36 + 14 files changed, 2014 insertions(+), 23 deletions(-) create mode 100644 frida_mode/src/instrument/instrument_debug.c create mode 100644 frida_mode/test/libpcap/GNUmakefile create mode 100644 frida_mode/test/libpcap/Makefile create mode 100644 frida_mode/test/libpcap/aflpp_qemu_driver_hook.c create mode 100755 frida_mode/test/libpcap/get_symbol_addr.py create mode 100644 frida_mode/test/re2/GNUmakefile create mode 100644 frida_mode/test/re2/Makefile create mode 100644 frida_mode/test/re2/aflpp_qemu_driver_hook.c create mode 100755 frida_mode/test/re2/get_symbol_addr.py diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 03fd33e5..75ee6396 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -19,5 +19,8 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); +void instrument_debug_start(uint64_t address, GumStalkerOutput *output); +void instrument_debug_instruction(uint64_t address, uint16_t size); +void instrument_debug_end(GumStalkerOutput *output); #endif diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h index afd0b9c1..7b443b5e 100644 --- a/frida_mode/include/util.h +++ b/frida_mode/include/util.h @@ -4,7 +4,7 @@ #include "frida-gum.h" #define UNUSED_PARAMETER(x) (void)(x) -#define IGNORED_RERURN(x) (void)!(x) +#define IGNORED_RETURN(x) (void)!(x) guint64 util_read_address(char *key); diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 67eadc3f..f21849a6 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -47,7 +47,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", current_pc, previous_pc); - IGNORED_RERURN(write(STDOUT_FILENO, buffer, len + 1)); + IGNORED_RETURN(write(STDOUT_FILENO, buffer, len + 1)); } @@ -79,17 +79,48 @@ static void instr_basic_block(GumStalkerIterator *iterator, const cs_insn *instr; gboolean begin = TRUE; + gboolean excluded; + while (gum_stalker_iterator_next(iterator, &instr)) { if (instr->address == entry_start) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } - if (begin) { + /* + * Until we reach AFL_ENTRYPOINT (assumed to be main if not specified) or + * AFL_FRIDA_PERSISTENT_ADDR (if specified), we don't mark our ranges + * excluded as we wish to remain inside stalker at all times so that we can + * instrument our entry point and persistent loop (if present). This allows + * the user to exclude ranges which would be traversed between main and the + * AFL_ENTRYPOINT, but which they don't want included in their coverage + * information when fuzzing. + * + * Since we have no means to discard the instrumented copies of blocks + * (setting the trust threshold simply causes a new copy to be made on each + * execution), we instead ensure that we honour the additional + * instrumentation requested (e.g. coverage, asan and complog) when a block + * is compiled no matter where we are during initialization. We will end up + * re-using these blocks if the code under test calls a block which is also + * used during initialization. + * + * Coverage data generated during initialization isn't a problem since the + * map is zeroed each time the target is forked or each time the persistent + * loop is run. + * + * Lastly, we don't enable pre-fetching back to the parent until we reach + * our AFL_ENTRYPOINT, since it is not until then that we start the + * fork-server and thus start executing in the child. + */ + excluded = range_is_excluded(GSIZE_TO_POINTER(instr->address)); + if (unlikely(begin)) { + + instrument_debug_start(instr->address, output); prefetch_write(GSIZE_TO_POINTER(instr->address)); - if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { - if (optimize) { + if (likely(!excluded)) { + + if (likely(optimize)) { instrument_coverage_optimize(instr, output); @@ -106,7 +137,9 @@ static void instr_basic_block(GumStalkerIterator *iterator, } - if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { + instrument_debug_instruction(instr->address, instr->size); + + if (likely(!excluded)) { asan_instrument(instr, iterator); cmplog_instrument(instr, iterator); @@ -117,6 +150,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, } + instrument_debug_end(output); + } void instrument_init(void) { diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c new file mode 100644 index 00000000..3a554ad0 --- /dev/null +++ b/frida_mode/src/instrument/instrument_debug.c @@ -0,0 +1,128 @@ +#include +#include +#include + +#include "frida-gum.h" + +#include "util.h" + +#ifdef FRIDA_DEBUG + +static gpointer instrument_gen_start = NULL; + +static void instrument_debug(char *format, ...) { + + va_list ap; + char buffer[4096] = {0}; + + va_start(ap, format); + + vsnprintf(buffer, sizeof(buffer) - 1, format, ap); + va_end(ap); + + IGNORED_RETURN(write(STDOUT_FILENO, buffer, sizeof(buffer))); + +} + +static void instrument_disasm(guint8 *code, guint size) { + + csh capstone; + cs_err err; + cs_insn *insn; + size_t count, i; + + err = cs_open(GUM_DEFAULT_CS_ARCH, + GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN, &capstone); + g_assert(err == CS_ERR_OK); + + count = cs_disasm(capstone, code, size, GPOINTER_TO_SIZE(code), 0, &insn); + g_assert(insn != NULL); + + for (i = 0; i != count; i++) { + + instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t%s %s\n", insn[i].address, + insn[i].mnemonic, insn[i].op_str); + + } + + cs_free(insn, count); + + cs_close(&capstone); + +} + +static gpointer instrument_cur(GumStalkerOutput *output) { + + #if defined(__i386__) || defined(__x86_64__) + return gum_x86_writer_cur(output->writer.x86); + #elif defined(__aarch64__) + return gum_arm64_writer_cur(output->writer.arm64); + #elif defined(__arm__) + return gum_arm_writer_cur(output->writer.arm); + #else + #error "Unsupported architecture" + #endif + +} + +void instrument_debug_start(uint64_t address, GumStalkerOutput *output) { + + GumDebugSymbolDetails details; + + instrument_gen_start = instrument_cur(output); + + if (gum_symbol_details_from_address(GSIZE_TO_POINTER(address), &details)) { + + instrument_debug("\n\n***\n\nCreating block for 0x%" G_GINT64_MODIFIER + "x (%s!%s):\n", + address, details.module_name, details.symbol_name); + + } else { + + instrument_debug( + "\n\n***\n\nCreating block for 0x%" G_GINT64_MODIFIER "x:\n", address); + + } + +} + +void instrument_debug_instruction(uint64_t address, uint16_t size) { + + uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address); + instrument_disasm(start, size); + +} + +void instrument_debug_end(GumStalkerOutput *output) { + + gpointer instrument_gen_end = instrument_cur(output); + uint16_t size = GPOINTER_TO_SIZE(instrument_gen_end) - + GPOINTER_TO_SIZE(instrument_gen_start); + + instrument_debug("\nGenerated block %p\n", instrument_gen_start); + instrument_disasm(instrument_gen_start, size); + +} + +#else +void instrument_debug_start(void *address) { + + UNUSED_PARAMETER(address); + +} + +void instrument_debug_instruction(uint64_t address, uint16_t size) { + + UNUSED_PARAMETER(address); + UNUSED_PARAMETER(size); + +} + +void instrument_debug_end(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + +} + +#endif + diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 21073cbe..e8015905 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -1,3 +1,4 @@ +#include #include #include @@ -58,10 +59,10 @@ static void on_main_os(int argc, char **argv, char **envp) { static void on_main_os(int argc, char **argv, char **envp) { UNUSED_PARAMETER(argc); - /* Personality doesn't affect the current process, it only takes effect on * evec */ int persona = personality(ADDR_NO_RANDOMIZE); + if (persona == -1) { WARNF("Failed to set ADDR_NO_RANDOMIZE: %d", errno); } if ((persona & ADDR_NO_RANDOMIZE) == 0) { execvpe(argv[0], argv, envp); } GumInterceptor *interceptor = gum_interceptor_obtain(); diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index e3f09f9e..aa140708 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -480,15 +480,40 @@ static GArray *merge_ranges(GArray *a) { } +static gboolean exclude_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + gchar * name; + gboolean found; + GumStalker *stalker; + if (details->file == NULL) { return TRUE; } + name = g_path_get_basename(details->file->path); + + found = (g_strcmp0(name, "afl-frida-trace.so") == 0); + g_free(name); + if (!found) { return TRUE; } + + stalker = stalker_get(); + gum_stalker_exclude(stalker, details->range); + + return FALSE; + +} + +static void ranges_exclude_self(void) { + + gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, exclude_ranges_callback, NULL); + +} + void ranges_init(void) { - GumMemoryRange ri; - GArray * step1; - GArray * step2; - GArray * step3; - GArray * step4; - GumMemoryRange *r; - GumStalker * stalker; + GumMemoryRange ri; + GArray * step1; + GArray * step2; + GArray * step3; + GArray * step4; if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { @@ -535,20 +560,14 @@ void ranges_init(void) { ranges = merge_ranges(step4); print_ranges("final", ranges); - stalker = stalker_get(); - - for (guint i = 0; i < ranges->len; i++) { - - r = &g_array_index(ranges, GumMemoryRange, i); - gum_stalker_exclude(stalker, r); - - } - g_array_free(step4, TRUE); g_array_free(step3, TRUE); g_array_free(step2, TRUE); g_array_free(step1, TRUE); + /* *NEVER* stalk the stalker, only bad things will ever come of this! */ + ranges_exclude_self(); + } gboolean range_is_excluded(gpointer address) { @@ -572,3 +591,19 @@ gboolean range_is_excluded(gpointer address) { } +void ranges_exclude() { + + GumMemoryRange *r; + GumStalker * stalker = stalker_get(); + + OKF("Excluding ranges"); + + for (guint i = 0; i < ranges->len; i++) { + + r = &g_array_index(ranges, GumMemoryRange, i); + gum_stalker_exclude(stalker, r); + + } + +} + diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile new file mode 100644 index 00000000..e30f2049 --- /dev/null +++ b/frida_mode/test/libpcap/GNUmakefile @@ -0,0 +1,188 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +LIBPCAP_BUILD_DIR:=$(BUILD_DIR)libpcap/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PCAPTEST_BUILD_DIR:=$(BUILD_DIR)libpcaptest/ +TCPDUMP_BUILD_DIR:=$(BUILD_DIR)tcpdump/ + +LIBPCAP_PATCH_URL:=https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpcap_fuzz_both/patch.diff +LIBPCAP_PATCH_FILE:=$(LIBPCAP_BUILD_DIR)patch.diff +LIBPCAP_URL:=https://github.com/the-tcpdump-group/libpcap.git +LIBPCAP_DIR:=$(LIBPCAP_BUILD_DIR)libpcap/ +LIBPCAP_CMAKEFILE:=$(LIBPCAP_DIR)CMakeLists.txt +LIBPCAP_MAKEFILE:=$(LIBPCAP_DIR)Makefile +LIBPCAP_LIB:=$(LIBPCAP_DIR)libpcap.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +PCAPTEST_SRC_DIR:=$(LIBPCAP_DIR)testprogs/fuzz/ +PCAPTEST_FILE:=$(PCAPTEST_SRC_DIR)fuzz_both.c +PCAPTEST_OBJ:=$(PCAPTEST_BUILD_DIR)fuzz_both.o + +TCPDUMP_URL:=https://github.com/the-tcpdump-group/tcpdump.git +TCPDUMP_TESTS_DIR:=$(TCPDUMP_BUILD_DIR)tests/ + +CFLAGS += -fpermissive + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +AFLPP_DRIVER_DUMMY_INPUT:=$(TCPDUMP_TESTS_DIR)in + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean qemu frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### PCAPTEST ######## + +$(PCAPTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PCAPTEST_FILE): | $(LIBPCAP_CMAKEFILE) + +$(PCAPTEST_OBJ): $(PCAPTEST_FILE) | $(PCAPTEST_BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -I $(LIBPCAP_DIR) -o $@ -c $< + +######### LIBPCAP ######## + +$(LIBPCAP_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPCAP_PATCH_FILE): | $(LIBPCAP_BUILD_DIR) + wget -O $@ $(LIBPCAP_PATCH_URL) + +$(LIBPCAP_CMAKEFILE): $(LIBPCAP_PATCH_FILE) | $(LIBPCAP_BUILD_DIR) + git clone --depth 1 $(LIBPCAP_URL) $(LIBPCAP_DIR) + git apply $(LIBPCAP_PATCH_FILE) + +$(LIBPCAP_MAKEFILE): $(LIBPCAP_CMAKEFILE) + cd $(LIBPCAP_DIR) && cmake . + +$(LIBPCAP_LIB): $(LIBPCAP_MAKEFILE) $(LIBPCAP_PATCH_FILE) + make -C $(LIBPCAP_DIR) + +######## TCPDUMP ###### + +$(TCPDUMP_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TCPDUMP_TESTS_DIR): | $(TCPDUMP_BUILD_DIR) + git clone --depth=1 $(TCPDUMP_URL) $(TCPDUMP_BUILD_DIR) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PCAPTEST_OBJ) $(LIBPCAP_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(PCAPTEST_OBJ) $(LIBPCAP_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## HOOK ######## + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ + +########## DUMMY ####### + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) + truncate -s 1M $@ + +###### TEST DATA ####### + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TCPDUMP_TESTS_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TCPDUMP_TESTS_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) diff --git a/frida_mode/test/libpcap/Makefile b/frida_mode/test/libpcap/Makefile new file mode 100644 index 00000000..31cacb67 --- /dev/null +++ b/frida_mode/test/libpcap/Makefile @@ -0,0 +1,1143 @@ +# CMAKE generated file: DO NOT EDIT! +# Generated by "Unix Makefiles" Generator, CMake Version 3.16 + +# Default target executed when no arguments are given to make. +default_target: all + +.PHONY : default_target + +# Allow only one "make -f Makefile2" at a time, but pass parallelism. +.NOTPARALLEL: + + +#============================================================================= +# Special targets provided by cmake. + +# Disable implicit rules so canonical targets will work. +.SUFFIXES: + + +# Remove some rules from gmake that .SUFFIXES does not remove. +SUFFIXES = + +.SUFFIXES: .hpux_make_needs_suffix_list + + +# Suppress display of executed commands. +$(VERBOSE).SILENT: + + +# A target that is always out of date. +cmake_force: + +.PHONY : cmake_force + +#============================================================================= +# Set environment variables for the build. + +# The shell in which to execute make rules. +SHELL = /bin/sh + +# The CMake executable. +CMAKE_COMMAND = /usr/bin/cmake + +# The command to remove a file. +RM = /usr/bin/cmake -E remove -f + +# Escaping for special characters. +EQUALS = = + +# The top-level source directory on which CMake was run. +CMAKE_SOURCE_DIR = /home/jon/git/AFLplusplus/frida_mode/test/libpcap/build/libpcap/libpcap + +# The top-level build directory on which CMake was run. +CMAKE_BINARY_DIR = /home/jon/git/AFLplusplus/frida_mode/test/libpcap + +#============================================================================= +# Targets provided globally by CMake. + +# Special rule for the target install/strip +install/strip: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." + /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake +.PHONY : install/strip + +# Special rule for the target install/strip +install/strip/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." + /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake +.PHONY : install/strip/fast + +# Special rule for the target install/local +install/local: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." + /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake +.PHONY : install/local + +# Special rule for the target install/local +install/local/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." + /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake +.PHONY : install/local/fast + +# Special rule for the target install +install: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." + /usr/bin/cmake -P cmake_install.cmake +.PHONY : install + +# Special rule for the target install +install/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." + /usr/bin/cmake -P cmake_install.cmake +.PHONY : install/fast + +# Special rule for the target list_install_components +list_install_components: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Available install components are: \"Unspecified\"" +.PHONY : list_install_components + +# Special rule for the target list_install_components +list_install_components/fast: list_install_components + +.PHONY : list_install_components/fast + +# Special rule for the target rebuild_cache +rebuild_cache: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running CMake to regenerate build system..." + /usr/bin/cmake -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) +.PHONY : rebuild_cache + +# Special rule for the target rebuild_cache +rebuild_cache/fast: rebuild_cache + +.PHONY : rebuild_cache/fast + +# Special rule for the target edit_cache +edit_cache: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "No interactive CMake dialog available..." + /usr/bin/cmake -E echo No\ interactive\ CMake\ dialog\ available. +.PHONY : edit_cache + +# Special rule for the target edit_cache +edit_cache/fast: edit_cache + +.PHONY : edit_cache/fast + +# The main all target +all: cmake_check_build_system + $(CMAKE_COMMAND) -E cmake_progress_start /home/jon/git/AFLplusplus/frida_mode/test/libpcap/CMakeFiles /home/jon/git/AFLplusplus/frida_mode/test/libpcap/CMakeFiles/progress.marks + $(MAKE) -f CMakeFiles/Makefile2 all + $(CMAKE_COMMAND) -E cmake_progress_start /home/jon/git/AFLplusplus/frida_mode/test/libpcap/CMakeFiles 0 +.PHONY : all + +# The main clean target +clean: + $(MAKE) -f CMakeFiles/Makefile2 clean +.PHONY : clean + +# The main clean target +clean/fast: clean + +.PHONY : clean/fast + +# Prepare targets for installation. +preinstall: all + $(MAKE) -f CMakeFiles/Makefile2 preinstall +.PHONY : preinstall + +# Prepare targets for installation. +preinstall/fast: + $(MAKE) -f CMakeFiles/Makefile2 preinstall +.PHONY : preinstall/fast + +# clear depends +depend: + $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 1 +.PHONY : depend + +#============================================================================= +# Target rules for targets named pcap + +# Build rule for target. +pcap: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 pcap +.PHONY : pcap + +# fast build rule for target. +pcap/fast: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/build +.PHONY : pcap/fast + +#============================================================================= +# Target rules for targets named uninstall + +# Build rule for target. +uninstall: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 uninstall +.PHONY : uninstall + +# fast build rule for target. +uninstall/fast: + $(MAKE) -f CMakeFiles/uninstall.dir/build.make CMakeFiles/uninstall.dir/build +.PHONY : uninstall/fast + +#============================================================================= +# Target rules for targets named pcap_static + +# Build rule for target. +pcap_static: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 pcap_static +.PHONY : pcap_static + +# fast build rule for target. +pcap_static/fast: + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/build +.PHONY : pcap_static/fast + +#============================================================================= +# Target rules for targets named SerializeTarget + +# Build rule for target. +SerializeTarget: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 SerializeTarget +.PHONY : SerializeTarget + +# fast build rule for target. +SerializeTarget/fast: + $(MAKE) -f CMakeFiles/SerializeTarget.dir/build.make CMakeFiles/SerializeTarget.dir/build +.PHONY : SerializeTarget/fast + +#============================================================================= +# Target rules for targets named testprogs + +# Build rule for target. +testprogs: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 testprogs +.PHONY : testprogs + +# fast build rule for target. +testprogs/fast: + $(MAKE) -f testprogs/CMakeFiles/testprogs.dir/build.make testprogs/CMakeFiles/testprogs.dir/build +.PHONY : testprogs/fast + +#============================================================================= +# Target rules for targets named capturetest + +# Build rule for target. +capturetest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 capturetest +.PHONY : capturetest + +# fast build rule for target. +capturetest/fast: + $(MAKE) -f testprogs/CMakeFiles/capturetest.dir/build.make testprogs/CMakeFiles/capturetest.dir/build +.PHONY : capturetest/fast + +#============================================================================= +# Target rules for targets named findalldevstest + +# Build rule for target. +findalldevstest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 findalldevstest +.PHONY : findalldevstest + +# fast build rule for target. +findalldevstest/fast: + $(MAKE) -f testprogs/CMakeFiles/findalldevstest.dir/build.make testprogs/CMakeFiles/findalldevstest.dir/build +.PHONY : findalldevstest/fast + +#============================================================================= +# Target rules for targets named filtertest + +# Build rule for target. +filtertest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 filtertest +.PHONY : filtertest + +# fast build rule for target. +filtertest/fast: + $(MAKE) -f testprogs/CMakeFiles/filtertest.dir/build.make testprogs/CMakeFiles/filtertest.dir/build +.PHONY : filtertest/fast + +#============================================================================= +# Target rules for targets named findalldevstest-perf + +# Build rule for target. +findalldevstest-perf: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 findalldevstest-perf +.PHONY : findalldevstest-perf + +# fast build rule for target. +findalldevstest-perf/fast: + $(MAKE) -f testprogs/CMakeFiles/findalldevstest-perf.dir/build.make testprogs/CMakeFiles/findalldevstest-perf.dir/build +.PHONY : findalldevstest-perf/fast + +#============================================================================= +# Target rules for targets named can_set_rfmon_test + +# Build rule for target. +can_set_rfmon_test: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 can_set_rfmon_test +.PHONY : can_set_rfmon_test + +# fast build rule for target. +can_set_rfmon_test/fast: + $(MAKE) -f testprogs/CMakeFiles/can_set_rfmon_test.dir/build.make testprogs/CMakeFiles/can_set_rfmon_test.dir/build +.PHONY : can_set_rfmon_test/fast + +#============================================================================= +# Target rules for targets named opentest + +# Build rule for target. +opentest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 opentest +.PHONY : opentest + +# fast build rule for target. +opentest/fast: + $(MAKE) -f testprogs/CMakeFiles/opentest.dir/build.make testprogs/CMakeFiles/opentest.dir/build +.PHONY : opentest/fast + +#============================================================================= +# Target rules for targets named reactivatetest + +# Build rule for target. +reactivatetest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 reactivatetest +.PHONY : reactivatetest + +# fast build rule for target. +reactivatetest/fast: + $(MAKE) -f testprogs/CMakeFiles/reactivatetest.dir/build.make testprogs/CMakeFiles/reactivatetest.dir/build +.PHONY : reactivatetest/fast + +#============================================================================= +# Target rules for targets named writecaptest + +# Build rule for target. +writecaptest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 writecaptest +.PHONY : writecaptest + +# fast build rule for target. +writecaptest/fast: + $(MAKE) -f testprogs/CMakeFiles/writecaptest.dir/build.make testprogs/CMakeFiles/writecaptest.dir/build +.PHONY : writecaptest/fast + +#============================================================================= +# Target rules for targets named selpolltest + +# Build rule for target. +selpolltest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 selpolltest +.PHONY : selpolltest + +# fast build rule for target. +selpolltest/fast: + $(MAKE) -f testprogs/CMakeFiles/selpolltest.dir/build.make testprogs/CMakeFiles/selpolltest.dir/build +.PHONY : selpolltest/fast + +#============================================================================= +# Target rules for targets named threadsignaltest + +# Build rule for target. +threadsignaltest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 threadsignaltest +.PHONY : threadsignaltest + +# fast build rule for target. +threadsignaltest/fast: + $(MAKE) -f testprogs/CMakeFiles/threadsignaltest.dir/build.make testprogs/CMakeFiles/threadsignaltest.dir/build +.PHONY : threadsignaltest/fast + +#============================================================================= +# Target rules for targets named valgrindtest + +# Build rule for target. +valgrindtest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 valgrindtest +.PHONY : valgrindtest + +# fast build rule for target. +valgrindtest/fast: + $(MAKE) -f testprogs/CMakeFiles/valgrindtest.dir/build.make testprogs/CMakeFiles/valgrindtest.dir/build +.PHONY : valgrindtest/fast + +#============================================================================= +# Target rules for targets named fuzz_both + +# Build rule for target. +fuzz_both: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 fuzz_both +.PHONY : fuzz_both + +# fast build rule for target. +fuzz_both/fast: + $(MAKE) -f testprogs/fuzz/CMakeFiles/fuzz_both.dir/build.make testprogs/fuzz/CMakeFiles/fuzz_both.dir/build +.PHONY : fuzz_both/fast + +#============================================================================= +# Target rules for targets named fuzz_filter + +# Build rule for target. +fuzz_filter: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 fuzz_filter +.PHONY : fuzz_filter + +# fast build rule for target. +fuzz_filter/fast: + $(MAKE) -f testprogs/fuzz/CMakeFiles/fuzz_filter.dir/build.make testprogs/fuzz/CMakeFiles/fuzz_filter.dir/build +.PHONY : fuzz_filter/fast + +#============================================================================= +# Target rules for targets named fuzz_pcap + +# Build rule for target. +fuzz_pcap: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 fuzz_pcap +.PHONY : fuzz_pcap + +# fast build rule for target. +fuzz_pcap/fast: + $(MAKE) -f testprogs/fuzz/CMakeFiles/fuzz_pcap.dir/build.make testprogs/fuzz/CMakeFiles/fuzz_pcap.dir/build +.PHONY : fuzz_pcap/fast + +bpf_dump.o: bpf_dump.c.o + +.PHONY : bpf_dump.o + +# target to build an object file +bpf_dump.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_dump.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_dump.c.o +.PHONY : bpf_dump.c.o + +bpf_dump.i: bpf_dump.c.i + +.PHONY : bpf_dump.i + +# target to preprocess a source file +bpf_dump.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_dump.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_dump.c.i +.PHONY : bpf_dump.c.i + +bpf_dump.s: bpf_dump.c.s + +.PHONY : bpf_dump.s + +# target to generate assembly for a file +bpf_dump.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_dump.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_dump.c.s +.PHONY : bpf_dump.c.s + +bpf_filter.o: bpf_filter.c.o + +.PHONY : bpf_filter.o + +# target to build an object file +bpf_filter.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_filter.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_filter.c.o +.PHONY : bpf_filter.c.o + +bpf_filter.i: bpf_filter.c.i + +.PHONY : bpf_filter.i + +# target to preprocess a source file +bpf_filter.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_filter.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_filter.c.i +.PHONY : bpf_filter.c.i + +bpf_filter.s: bpf_filter.c.s + +.PHONY : bpf_filter.s + +# target to generate assembly for a file +bpf_filter.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_filter.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_filter.c.s +.PHONY : bpf_filter.c.s + +bpf_image.o: bpf_image.c.o + +.PHONY : bpf_image.o + +# target to build an object file +bpf_image.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_image.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_image.c.o +.PHONY : bpf_image.c.o + +bpf_image.i: bpf_image.c.i + +.PHONY : bpf_image.i + +# target to preprocess a source file +bpf_image.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_image.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_image.c.i +.PHONY : bpf_image.c.i + +bpf_image.s: bpf_image.c.s + +.PHONY : bpf_image.s + +# target to generate assembly for a file +bpf_image.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_image.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_image.c.s +.PHONY : bpf_image.c.s + +etherent.o: etherent.c.o + +.PHONY : etherent.o + +# target to build an object file +etherent.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/etherent.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/etherent.c.o +.PHONY : etherent.c.o + +etherent.i: etherent.c.i + +.PHONY : etherent.i + +# target to preprocess a source file +etherent.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/etherent.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/etherent.c.i +.PHONY : etherent.c.i + +etherent.s: etherent.c.s + +.PHONY : etherent.s + +# target to generate assembly for a file +etherent.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/etherent.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/etherent.c.s +.PHONY : etherent.c.s + +fad-getad.o: fad-getad.c.o + +.PHONY : fad-getad.o + +# target to build an object file +fad-getad.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fad-getad.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fad-getad.c.o +.PHONY : fad-getad.c.o + +fad-getad.i: fad-getad.c.i + +.PHONY : fad-getad.i + +# target to preprocess a source file +fad-getad.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fad-getad.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fad-getad.c.i +.PHONY : fad-getad.c.i + +fad-getad.s: fad-getad.c.s + +.PHONY : fad-getad.s + +# target to generate assembly for a file +fad-getad.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fad-getad.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fad-getad.c.s +.PHONY : fad-getad.c.s + +fmtutils.o: fmtutils.c.o + +.PHONY : fmtutils.o + +# target to build an object file +fmtutils.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fmtutils.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fmtutils.c.o +.PHONY : fmtutils.c.o + +fmtutils.i: fmtutils.c.i + +.PHONY : fmtutils.i + +# target to preprocess a source file +fmtutils.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fmtutils.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fmtutils.c.i +.PHONY : fmtutils.c.i + +fmtutils.s: fmtutils.c.s + +.PHONY : fmtutils.s + +# target to generate assembly for a file +fmtutils.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fmtutils.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fmtutils.c.s +.PHONY : fmtutils.c.s + +gencode.o: gencode.c.o + +.PHONY : gencode.o + +# target to build an object file +gencode.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/gencode.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/gencode.c.o +.PHONY : gencode.c.o + +gencode.i: gencode.c.i + +.PHONY : gencode.i + +# target to preprocess a source file +gencode.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/gencode.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/gencode.c.i +.PHONY : gencode.c.i + +gencode.s: gencode.c.s + +.PHONY : gencode.s + +# target to generate assembly for a file +gencode.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/gencode.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/gencode.c.s +.PHONY : gencode.c.s + +grammar.o: grammar.c.o + +.PHONY : grammar.o + +# target to build an object file +grammar.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/grammar.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/grammar.c.o +.PHONY : grammar.c.o + +grammar.i: grammar.c.i + +.PHONY : grammar.i + +# target to preprocess a source file +grammar.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/grammar.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/grammar.c.i +.PHONY : grammar.c.i + +grammar.s: grammar.c.s + +.PHONY : grammar.s + +# target to generate assembly for a file +grammar.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/grammar.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/grammar.c.s +.PHONY : grammar.c.s + +missing/strlcat.o: missing/strlcat.c.o + +.PHONY : missing/strlcat.o + +# target to build an object file +missing/strlcat.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcat.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcat.c.o +.PHONY : missing/strlcat.c.o + +missing/strlcat.i: missing/strlcat.c.i + +.PHONY : missing/strlcat.i + +# target to preprocess a source file +missing/strlcat.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcat.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcat.c.i +.PHONY : missing/strlcat.c.i + +missing/strlcat.s: missing/strlcat.c.s + +.PHONY : missing/strlcat.s + +# target to generate assembly for a file +missing/strlcat.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcat.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcat.c.s +.PHONY : missing/strlcat.c.s + +missing/strlcpy.o: missing/strlcpy.c.o + +.PHONY : missing/strlcpy.o + +# target to build an object file +missing/strlcpy.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcpy.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcpy.c.o +.PHONY : missing/strlcpy.c.o + +missing/strlcpy.i: missing/strlcpy.c.i + +.PHONY : missing/strlcpy.i + +# target to preprocess a source file +missing/strlcpy.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcpy.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcpy.c.i +.PHONY : missing/strlcpy.c.i + +missing/strlcpy.s: missing/strlcpy.c.s + +.PHONY : missing/strlcpy.s + +# target to generate assembly for a file +missing/strlcpy.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcpy.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcpy.c.s +.PHONY : missing/strlcpy.c.s + +nametoaddr.o: nametoaddr.c.o + +.PHONY : nametoaddr.o + +# target to build an object file +nametoaddr.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/nametoaddr.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/nametoaddr.c.o +.PHONY : nametoaddr.c.o + +nametoaddr.i: nametoaddr.c.i + +.PHONY : nametoaddr.i + +# target to preprocess a source file +nametoaddr.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/nametoaddr.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/nametoaddr.c.i +.PHONY : nametoaddr.c.i + +nametoaddr.s: nametoaddr.c.s + +.PHONY : nametoaddr.s + +# target to generate assembly for a file +nametoaddr.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/nametoaddr.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/nametoaddr.c.s +.PHONY : nametoaddr.c.s + +optimize.o: optimize.c.o + +.PHONY : optimize.o + +# target to build an object file +optimize.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/optimize.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/optimize.c.o +.PHONY : optimize.c.o + +optimize.i: optimize.c.i + +.PHONY : optimize.i + +# target to preprocess a source file +optimize.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/optimize.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/optimize.c.i +.PHONY : optimize.c.i + +optimize.s: optimize.c.s + +.PHONY : optimize.s + +# target to generate assembly for a file +optimize.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/optimize.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/optimize.c.s +.PHONY : optimize.c.s + +pcap-common.o: pcap-common.c.o + +.PHONY : pcap-common.o + +# target to build an object file +pcap-common.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-common.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-common.c.o +.PHONY : pcap-common.c.o + +pcap-common.i: pcap-common.c.i + +.PHONY : pcap-common.i + +# target to preprocess a source file +pcap-common.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-common.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-common.c.i +.PHONY : pcap-common.c.i + +pcap-common.s: pcap-common.c.s + +.PHONY : pcap-common.s + +# target to generate assembly for a file +pcap-common.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-common.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-common.c.s +.PHONY : pcap-common.c.s + +pcap-linux.o: pcap-linux.c.o + +.PHONY : pcap-linux.o + +# target to build an object file +pcap-linux.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-linux.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-linux.c.o +.PHONY : pcap-linux.c.o + +pcap-linux.i: pcap-linux.c.i + +.PHONY : pcap-linux.i + +# target to preprocess a source file +pcap-linux.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-linux.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-linux.c.i +.PHONY : pcap-linux.c.i + +pcap-linux.s: pcap-linux.c.s + +.PHONY : pcap-linux.s + +# target to generate assembly for a file +pcap-linux.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-linux.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-linux.c.s +.PHONY : pcap-linux.c.s + +pcap-netfilter-linux.o: pcap-netfilter-linux.c.o + +.PHONY : pcap-netfilter-linux.o + +# target to build an object file +pcap-netfilter-linux.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-netfilter-linux.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-netfilter-linux.c.o +.PHONY : pcap-netfilter-linux.c.o + +pcap-netfilter-linux.i: pcap-netfilter-linux.c.i + +.PHONY : pcap-netfilter-linux.i + +# target to preprocess a source file +pcap-netfilter-linux.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-netfilter-linux.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-netfilter-linux.c.i +.PHONY : pcap-netfilter-linux.c.i + +pcap-netfilter-linux.s: pcap-netfilter-linux.c.s + +.PHONY : pcap-netfilter-linux.s + +# target to generate assembly for a file +pcap-netfilter-linux.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-netfilter-linux.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-netfilter-linux.c.s +.PHONY : pcap-netfilter-linux.c.s + +pcap-usb-linux.o: pcap-usb-linux.c.o + +.PHONY : pcap-usb-linux.o + +# target to build an object file +pcap-usb-linux.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-usb-linux.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-usb-linux.c.o +.PHONY : pcap-usb-linux.c.o + +pcap-usb-linux.i: pcap-usb-linux.c.i + +.PHONY : pcap-usb-linux.i + +# target to preprocess a source file +pcap-usb-linux.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-usb-linux.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-usb-linux.c.i +.PHONY : pcap-usb-linux.c.i + +pcap-usb-linux.s: pcap-usb-linux.c.s + +.PHONY : pcap-usb-linux.s + +# target to generate assembly for a file +pcap-usb-linux.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-usb-linux.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-usb-linux.c.s +.PHONY : pcap-usb-linux.c.s + +pcap.o: pcap.c.o + +.PHONY : pcap.o + +# target to build an object file +pcap.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap.c.o +.PHONY : pcap.c.o + +pcap.i: pcap.c.i + +.PHONY : pcap.i + +# target to preprocess a source file +pcap.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap.c.i +.PHONY : pcap.c.i + +pcap.s: pcap.c.s + +.PHONY : pcap.s + +# target to generate assembly for a file +pcap.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap.c.s +.PHONY : pcap.c.s + +savefile.o: savefile.c.o + +.PHONY : savefile.o + +# target to build an object file +savefile.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/savefile.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/savefile.c.o +.PHONY : savefile.c.o + +savefile.i: savefile.c.i + +.PHONY : savefile.i + +# target to preprocess a source file +savefile.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/savefile.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/savefile.c.i +.PHONY : savefile.c.i + +savefile.s: savefile.c.s + +.PHONY : savefile.s + +# target to generate assembly for a file +savefile.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/savefile.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/savefile.c.s +.PHONY : savefile.c.s + +scanner.o: scanner.c.o + +.PHONY : scanner.o + +# target to build an object file +scanner.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/scanner.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/scanner.c.o +.PHONY : scanner.c.o + +scanner.i: scanner.c.i + +.PHONY : scanner.i + +# target to preprocess a source file +scanner.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/scanner.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/scanner.c.i +.PHONY : scanner.c.i + +scanner.s: scanner.c.s + +.PHONY : scanner.s + +# target to generate assembly for a file +scanner.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/scanner.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/scanner.c.s +.PHONY : scanner.c.s + +sf-pcap.o: sf-pcap.c.o + +.PHONY : sf-pcap.o + +# target to build an object file +sf-pcap.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcap.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcap.c.o +.PHONY : sf-pcap.c.o + +sf-pcap.i: sf-pcap.c.i + +.PHONY : sf-pcap.i + +# target to preprocess a source file +sf-pcap.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcap.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcap.c.i +.PHONY : sf-pcap.c.i + +sf-pcap.s: sf-pcap.c.s + +.PHONY : sf-pcap.s + +# target to generate assembly for a file +sf-pcap.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcap.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcap.c.s +.PHONY : sf-pcap.c.s + +sf-pcapng.o: sf-pcapng.c.o + +.PHONY : sf-pcapng.o + +# target to build an object file +sf-pcapng.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcapng.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcapng.c.o +.PHONY : sf-pcapng.c.o + +sf-pcapng.i: sf-pcapng.c.i + +.PHONY : sf-pcapng.i + +# target to preprocess a source file +sf-pcapng.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcapng.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcapng.c.i +.PHONY : sf-pcapng.c.i + +sf-pcapng.s: sf-pcapng.c.s + +.PHONY : sf-pcapng.s + +# target to generate assembly for a file +sf-pcapng.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcapng.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcapng.c.s +.PHONY : sf-pcapng.c.s + +# Help Target +help: + @echo "The following are some of the valid targets for this Makefile:" + @echo "... all (the default if no target is provided)" + @echo "... clean" + @echo "... depend" + @echo "... install/strip" + @echo "... install/local" + @echo "... install" + @echo "... list_install_components" + @echo "... rebuild_cache" + @echo "... edit_cache" + @echo "... pcap" + @echo "... uninstall" + @echo "... pcap_static" + @echo "... SerializeTarget" + @echo "... testprogs" + @echo "... capturetest" + @echo "... findalldevstest" + @echo "... filtertest" + @echo "... findalldevstest-perf" + @echo "... can_set_rfmon_test" + @echo "... opentest" + @echo "... reactivatetest" + @echo "... writecaptest" + @echo "... selpolltest" + @echo "... threadsignaltest" + @echo "... valgrindtest" + @echo "... fuzz_both" + @echo "... fuzz_filter" + @echo "... fuzz_pcap" + @echo "... bpf_dump.o" + @echo "... bpf_dump.i" + @echo "... bpf_dump.s" + @echo "... bpf_filter.o" + @echo "... bpf_filter.i" + @echo "... bpf_filter.s" + @echo "... bpf_image.o" + @echo "... bpf_image.i" + @echo "... bpf_image.s" + @echo "... etherent.o" + @echo "... etherent.i" + @echo "... etherent.s" + @echo "... fad-getad.o" + @echo "... fad-getad.i" + @echo "... fad-getad.s" + @echo "... fmtutils.o" + @echo "... fmtutils.i" + @echo "... fmtutils.s" + @echo "... gencode.o" + @echo "... gencode.i" + @echo "... gencode.s" + @echo "... grammar.o" + @echo "... grammar.i" + @echo "... grammar.s" + @echo "... missing/strlcat.o" + @echo "... missing/strlcat.i" + @echo "... missing/strlcat.s" + @echo "... missing/strlcpy.o" + @echo "... missing/strlcpy.i" + @echo "... missing/strlcpy.s" + @echo "... nametoaddr.o" + @echo "... nametoaddr.i" + @echo "... nametoaddr.s" + @echo "... optimize.o" + @echo "... optimize.i" + @echo "... optimize.s" + @echo "... pcap-common.o" + @echo "... pcap-common.i" + @echo "... pcap-common.s" + @echo "... pcap-linux.o" + @echo "... pcap-linux.i" + @echo "... pcap-linux.s" + @echo "... pcap-netfilter-linux.o" + @echo "... pcap-netfilter-linux.i" + @echo "... pcap-netfilter-linux.s" + @echo "... pcap-usb-linux.o" + @echo "... pcap-usb-linux.i" + @echo "... pcap-usb-linux.s" + @echo "... pcap.o" + @echo "... pcap.i" + @echo "... pcap.s" + @echo "... savefile.o" + @echo "... savefile.i" + @echo "... savefile.s" + @echo "... scanner.o" + @echo "... scanner.i" + @echo "... scanner.s" + @echo "... sf-pcap.o" + @echo "... sf-pcap.i" + @echo "... sf-pcap.s" + @echo "... sf-pcapng.o" + @echo "... sf-pcapng.i" + @echo "... sf-pcapng.s" +.PHONY : help + + + +#============================================================================= +# Special targets to cleanup operation of make. + +# Special rule to run CMake to check the build system integrity. +# No rule that depends on this can have commands that come from listfiles +# because they might be regenerated. +cmake_check_build_system: + $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 0 +.PHONY : cmake_check_build_system + diff --git a/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c b/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/libpcap/get_symbol_addr.py b/frida_mode/test/libpcap/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/libpcap/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile new file mode 100644 index 00000000..9f0b31d3 --- /dev/null +++ b/frida_mode/test/re2/GNUmakefile @@ -0,0 +1,170 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +LIBRE2_BUILD_DIR:=$(BUILD_DIR)libre2/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +RE2TEST_BUILD_DIR:=$(BUILD_DIR)re2test/ + +LIBRE2_URL:=https://github.com/google/re2.git +LIBRE2_DIR:=$(LIBRE2_BUILD_DIR)libre2/ +LIBRE2_MAKEFILE:=$(LIBRE2_DIR)Makefile +LIBRE2_LIB:=$(LIBRE2_DIR)obj/libre2.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +RE2TEST_FILE:=$(RE2TEST_BUILD_DIR)target.cc +RE2TEST_OBJ:=$(RE2TEST_BUILD_DIR)target.o +RE2TEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/re2-2014-12-09/target.cc" + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +AFLPP_DRIVER_DUMMY_INPUT:=$(TEST_DATA_DIR)in + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean qemu frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### RE2TEST ######## + +$(RE2TEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(RE2TEST_FILE): | $(RE2TEST_BUILD_DIR) + wget -O $@ $(RE2TEST_URL) + +$(RE2TEST_OBJ): $(RE2TEST_FILE) | $(LIBRE2_MAKEFILE) + $(CXX) $(CXXFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBRE2_DIR) -o $@ -c $< + +######### LIBRE2 ######## + +$(LIBRE2_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBRE2_MAKEFILE): $(LIBRE2_BUILD_DIR) + git clone https://github.com/google/re2.git $(LIBRE2_DIR) + cd $(LIBRE2_DIR) && git checkout 499ef7eff7455ce9c9fae86111d4a77b6ac335de + +$(LIBRE2_LIB): $(LIBRE2_MAKEFILE) + make -C $(LIBRE2_DIR) -j $(shell nproc) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(RE2TEST_OBJ) $(LIBRE2_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(RE2TEST_OBJ) $(LIBRE2_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## HOOK ######## + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ + +########## DUMMY ####### + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(TEST_DATA_DIR) + truncate -s 1M $@ + +###### TEST DATA ####### + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.re2 diff --git a/frida_mode/test/re2/Makefile b/frida_mode/test/re2/Makefile new file mode 100644 index 00000000..00b2b287 --- /dev/null +++ b/frida_mode/test/re2/Makefile @@ -0,0 +1,22 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida + +debug: + @gmake debug + +hook: + @gmake hook diff --git a/frida_mode/test/re2/aflpp_qemu_driver_hook.c b/frida_mode/test/re2/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/re2/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/re2/get_symbol_addr.py b/frida_mode/test/re2/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/re2/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) From f677be5e86a096edbba74cb8c739e8b10850a379 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 27 May 2021 21:33:44 +0100 Subject: [PATCH 265/441] Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 7 +- frida_mode/include/persistent.h | 4 + frida_mode/src/instrument/instrument.c | 1 + frida_mode/src/persistent/persistent.c | 34 ++++- frida_mode/src/persistent/persistent_arm32.c | 7 + frida_mode/src/persistent/persistent_arm64.c | 7 + frida_mode/src/persistent/persistent_x64.c | 19 ++- frida_mode/src/persistent/persistent_x86.c | 15 +++ frida_mode/src/util.c | 13 +- frida_mode/test/persistent_ret/GNUmakefile | 105 +++++++++++++++ frida_mode/test/persistent_ret/Makefile | 22 ++++ .../test/persistent_ret/get_symbol_addr.py | 36 ++++++ frida_mode/test/persistent_ret/testinstr.c | 120 ++++++++++++++++++ include/envs.h | 3 + 14 files changed, 382 insertions(+), 11 deletions(-) create mode 100644 frida_mode/test/persistent_ret/GNUmakefile create mode 100644 frida_mode/test/persistent_ret/Makefile create mode 100755 frida_mode/test/persistent_ret/get_symbol_addr.py create mode 100644 frida_mode/test/persistent_ret/testinstr.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 20fbb544..f9c0f1f7 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -36,6 +36,10 @@ else CFLAGS+=-Wno-pointer-arith endif +ifdef FRIDA_DEBUG +CFLAGS += -DFRIDA_DEBUG +endif + FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded @@ -94,9 +98,6 @@ AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o all: $(FRIDA_TRACE) -32: - CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all - 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index e58c5301..25b44ab0 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -18,6 +18,9 @@ extern unsigned char *__afl_fuzz_ptr; extern guint64 persistent_start; extern guint64 persistent_count; +extern guint64 persistent_ret; +extern guint64 persistent_ret_offset; +extern gboolean persistent_debug; extern afl_persistent_hook_fn hook; void persistent_init(void); @@ -26,6 +29,7 @@ void persistent_init(void); gboolean persistent_is_supported(void); void persistent_prologue(GumStalkerOutput *output); +void persistent_epilogue(GumStalkerOutput *output); #endif diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index f21849a6..c4f18797 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -85,6 +85,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (instr->address == entry_start) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } + if (instr->address == persistent_ret) { persistent_epilogue(output); } /* * Until we reach AFL_ENTRYPOINT (assumed to be main if not specified) or diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 918ff153..2ec5b9cc 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -12,6 +12,9 @@ int __afl_sharedmem_fuzzing = 0; afl_persistent_hook_fn hook = NULL; guint64 persistent_start = 0; guint64 persistent_count = 0; +guint64 persistent_ret = 0; +guint64 persistent_ret_offset = 0; +gboolean persistent_debug = FALSE; void persistent_init(void) { @@ -19,12 +22,36 @@ void persistent_init(void) { persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); + persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET"); + persistent_ret_offset = + util_read_address("AFL_FRIDA_PERSISTENT_RETADDR_OFFSET"); + + if (getenv("AFL_FRIDA_PERSISTENT_DEBUG") != NULL) { persistent_debug = TRUE; } + + if (persistent_count != 0 && persistent_start == 0) { - if (persistent_count != 0 && persistent_start == 0) FATAL( "AFL_FRIDA_PERSISTENT_ADDR must be specified if " "AFL_FRIDA_PERSISTENT_CNT is"); + } + + if (persistent_ret != 0 && persistent_start == 0) { + + FATAL( + "AFL_FRIDA_PERSISTENT_ADDR must be specified if " + "AFL_FRIDA_PERSISTENT_RET is"); + + } + + if (persistent_ret_offset != 0 && persistent_ret == 0) { + + FATAL( + "AFL_FRIDA_PERSISTENT_RET must be specified if " + "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET is"); + + } + if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; if (persistent_count != 0 && persistent_count < 100) @@ -39,6 +66,11 @@ void persistent_init(void) { persistent_start == 0 ? ' ' : 'X', persistent_count); OKF("Instrumentation - hook [%s]", hook_name); + OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", + persistent_ret == 0 ? ' ' : 'X', persistent_ret); + OKF("Instrumentation - persistent ret offset [%c] (%" G_GINT64_MODIFIER "d)", + persistent_ret_offset == 0 ? ' ' : 'X', persistent_ret_offset); + if (hook_name != NULL) { void *hook_obj = dlopen(hook_name, RTLD_NOW); diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index bc021ff3..6a3c06fa 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -68,5 +68,12 @@ void persistent_prologue(GumStalkerOutput *output) { } +void persistent_epilogue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index c198da69..1215d8da 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -111,5 +111,12 @@ void persistent_prologue(GumStalkerOutput *output) { } +void persistent_epilogue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index aa772b7f..4c495d47 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -1,9 +1,11 @@ #include "frida-gum.h" #include "config.h" +#include "debug.h" #include "instrument.h" #include "persistent.h" +#include "util.h" #if defined(__x86_64__) @@ -264,7 +266,6 @@ void persistent_prologue(GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; gconstpointer loop = cw->code + 1; - // gum_x86_writer_put_breakpoint(cw); /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); @@ -288,7 +289,9 @@ void persistent_prologue(GumStalkerOutput *output) { instrument_persitent_restore_regs(cw, &saved_regs); gconstpointer original = cw->code + 1; /* call original */ + gum_x86_writer_put_call_near_label(cw, original); + /* jmp loop */ gum_x86_writer_put_jmp_near_label(cw, loop); @@ -300,9 +303,23 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + gum_x86_writer_flush(cw); } +void persistent_epilogue(GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + persistent_ret_offset); + gum_x86_writer_put_ret(cw); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 20a3dc42..b30dfadf 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -244,9 +244,24 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + gum_x86_writer_flush(cw); } +void persistent_epilogue(GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, + persistent_ret_offset); + + gum_x86_writer_put_ret(cw); + +} + #endif diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c index 86b94970..09e8a58b 100644 --- a/frida_mode/src/util.c +++ b/frida_mode/src/util.c @@ -10,7 +10,7 @@ guint64 util_read_address(char *key) { if (!g_str_has_prefix(value_str, "0x")) { - FATAL("Invalid address should have 0x prefix: %s\n", value_str); + FATAL("Invalid address should have 0x prefix: %s=%s\n", key, value_str); } @@ -20,8 +20,8 @@ guint64 util_read_address(char *key) { if (!g_ascii_isxdigit(*c)) { - FATAL("Invalid address not formed of hex digits: %s ('%c')\n", value_str, - *c); + FATAL("Invalid address not formed of hex digits: %s=%s ('%c')\n", key, + value_str, *c); } @@ -30,7 +30,7 @@ guint64 util_read_address(char *key) { guint64 value = g_ascii_strtoull(value_str2, NULL, 16); if (value == 0) { - FATAL("Invalid address failed hex conversion: %s\n", value_str2); + FATAL("Invalid address failed hex conversion: %s=%s\n", key, value_str2); } @@ -48,7 +48,8 @@ guint64 util_read_num(char *key) { if (!g_ascii_isdigit(*c)) { - FATAL("Invalid address not formed of decimal digits: %s\n", value_str); + FATAL("Invalid address not formed of decimal digits: %s=%s\n", key, + value_str); } @@ -57,7 +58,7 @@ guint64 util_read_num(char *key) { guint64 value = g_ascii_strtoull(value_str, NULL, 10); if (value == 0) { - FATAL("Invalid address failed numeric conversion: %s\n", value_str); + FATAL("Invalid address failed numeric conversion: %s=%s\n", key, value_str); } diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile new file mode 100644 index 00000000..df48d065 --- /dev/null +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -0,0 +1,105 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x56555000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x56555000) +endif + +AFL_FRIDA_PERSISTENT_RETADDR_OFFSET:=0x50 + +.PHONY: all 32 clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ + AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +debug: $(TESTINSTR_DATA_FILE) + gdb \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ + --ex 'set environment AFL_DEBUG_CHILD=1' \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + +run: $(TESTINSTR_DATA_FILE) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ + AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ + AFL_DEBUG_CHILD=1 \ + LD_PRELOAD=$(ROOT)afl-frida-trace.so \ + $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) diff --git a/frida_mode/test/persistent_ret/Makefile b/frida_mode/test/persistent_ret/Makefile new file mode 100644 index 00000000..e3deddbd --- /dev/null +++ b/frida_mode/test/persistent_ret/Makefile @@ -0,0 +1,22 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +frida_ret: + @gmake frida_ret + +debug: + @gmake debug + +run: + @gmake run diff --git a/frida_mode/test/persistent_ret/get_symbol_addr.py b/frida_mode/test/persistent_ret/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/persistent_ret/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c new file mode 100644 index 00000000..6cb88a50 --- /dev/null +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -0,0 +1,120 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +void slow() { + + usleep(100000); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + slow(); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/include/envs.h b/include/envs.h index e7162c0f..73cd82a8 100644 --- a/include/envs.h +++ b/include/envs.h @@ -62,7 +62,10 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_TRACE", "AFL_FRIDA_PERSISTENT_ADDR", "AFL_FRIDA_PERSISTENT_CNT", + "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", + "AFL_FRIDA_PERSISTENT_RET", + "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_GDB", "AFL_GCC_ALLOWLIST", From e5083fbf254cb7f0bffffaeda5c70beff965627c Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 28 May 2021 12:25:18 +0100 Subject: [PATCH 266/441] Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name --- frida_mode/include/ranges.h | 2 + frida_mode/src/ranges.c | 2 + frida_mode/test/deferred/GNUmakefile | 71 +++++++++++++++ frida_mode/test/deferred/Makefile | 13 +++ frida_mode/test/deferred/testinstr.c | 125 +++++++++++++++++++++++++++ 5 files changed, 213 insertions(+) create mode 100644 frida_mode/test/deferred/GNUmakefile create mode 100644 frida_mode/test/deferred/Makefile create mode 100644 frida_mode/test/deferred/testinstr.c diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index f652eb8a..c623f473 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -7,5 +7,7 @@ void ranges_init(void); gboolean range_is_excluded(gpointer address); +void ranges_exclude(); + #endif diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index aa140708..ef25b371 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -568,6 +568,8 @@ void ranges_init(void) { /* *NEVER* stalk the stalker, only bad things will ever come of this! */ ranges_exclude_self(); + ranges_exclude(); + } gboolean range_is_excluded(gpointer address) { diff --git a/frida_mode/test/deferred/GNUmakefile b/frida_mode/test/deferred/GNUmakefile new file mode 100644 index 00000000..c268ef66 --- /dev/null +++ b/frida_mode/test/deferred/GNUmakefile @@ -0,0 +1,71 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) +endif + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_ENTRYPOINT=$(AFL_ENTRYPOINT) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/deferred/Makefile b/frida_mode/test/deferred/Makefile new file mode 100644 index 00000000..07b139e9 --- /dev/null +++ b/frida_mode/test/deferred/Makefile @@ -0,0 +1,13 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida diff --git a/frida_mode/test/deferred/testinstr.c b/frida_mode/test/deferred/testinstr.c new file mode 100644 index 00000000..8b3688d7 --- /dev/null +++ b/frida_mode/test/deferred/testinstr.c @@ -0,0 +1,125 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + + usleep(100000); + +} + +TESTINSTR_SECTION int do_run(char * file) { + return run(file); +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return do_run(argv[1]); + +} + From 8e86f7ad803e571bcd275d2aca597997ab0e4d2c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 28 May 2021 13:35:05 +0200 Subject: [PATCH 267/441] add --afl-noopt to afl-cc --- docs/Changelog.md | 1 + src/afl-cc.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 594637fb..298a3998 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -46,6 +46,7 @@ sending a mail to . - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode - Fixed a crash in llvm dict2file when a strncmp length was -1 + - added --afl-noopt support - utils/aflpp_driver: - aflpp_qemu_driver_hook fixed to work with qemu_mode - aflpp_driver now compiled with -fPIC diff --git a/src/afl-cc.c b/src/afl-cc.c index ebe11525..8af8e7b0 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1224,6 +1224,14 @@ int main(int argc, char **argv, char **envp) { if (strncmp(argv[i], "--afl", 5) == 0) { + if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { + + passthrough = 1; + argv[i] = "-g"; // we have to overwrite it, -g is always good + continue; + + } + if (compiler_mode) WARNF( "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " @@ -1821,6 +1829,12 @@ int main(int argc, char **argv, char **envp) { "If anything fails - be sure to read README.lto.md!\n"); #endif + SAYF( + "\nYou can supply --afl-noopt to not instrument, like AFL_NOOPT. " + "(this is helpful\n" + "in some build systems if you do not want to instrument " + "everything.\n"); + } SAYF( From de7370c0e966498ed95ab8a68ce57f6a1d10c21b Mon Sep 17 00:00:00 2001 From: Dag Heyman Kajevic Date: Fri, 28 May 2021 22:17:43 +0200 Subject: [PATCH 268/441] docs: fix link to README in QuickStartGuide (#946) --- docs/QuickStartGuide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md index 10be409a..d1966170 100644 --- a/docs/QuickStartGuide.md +++ b/docs/QuickStartGuide.md @@ -1,6 +1,6 @@ # AFL quick start guide -You should read [README.md](README.md) - it's pretty short. If you really can't, here's +You should read [README.md](../README.md) - it's pretty short. If you really can't, here's how to hit the ground running: 1) Compile AFL with 'make'. If build fails, see [INSTALL.md](INSTALL.md) for tips. From 6883605d1314503ad6ef8aadcadc90222da5c576 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 28 May 2021 23:43:14 +0100 Subject: [PATCH 269/441] Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name --- frida_mode/GNUmakefile | 4 - frida_mode/README.md | 146 +- frida_mode/include/instrument.h | 1 + frida_mode/include/output.h | 9 + frida_mode/include/stats.h | 28 + frida_mode/src/instrument/instrument.c | 5 + frida_mode/src/instrument/instrument_debug.c | 92 +- frida_mode/src/main.c | 4 + frida_mode/src/output.c | 45 + frida_mode/src/stats/stats.c | 208 ++ frida_mode/src/stats/stats_arm.c | 36 + frida_mode/src/stats/stats_arm64.c | 36 + frida_mode/src/stats/stats_x64.c | 307 ++ frida_mode/src/stats/stats_x86.c | 36 + frida_mode/test/output/GNUmakefile | 47 + frida_mode/test/output/Makefile | 13 + frida_mode/test/output/frida_stderr.txt | 2824 ++++++++++++++++++ frida_mode/test/output/frida_stdout.txt | 349 +++ frida_mode/test/output/testinstr.c | 112 + include/envs.h | 7 +- 20 files changed, 4242 insertions(+), 67 deletions(-) create mode 100644 frida_mode/include/output.h create mode 100644 frida_mode/include/stats.h create mode 100644 frida_mode/src/output.c create mode 100644 frida_mode/src/stats/stats.c create mode 100644 frida_mode/src/stats/stats_arm.c create mode 100644 frida_mode/src/stats/stats_arm64.c create mode 100644 frida_mode/src/stats/stats_x64.c create mode 100644 frida_mode/src/stats/stats_x86.c create mode 100644 frida_mode/test/output/GNUmakefile create mode 100644 frida_mode/test/output/Makefile create mode 100644 frida_mode/test/output/frida_stderr.txt create mode 100644 frida_mode/test/output/frida_stdout.txt create mode 100644 frida_mode/test/output/testinstr.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index f9c0f1f7..a0387cac 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -36,10 +36,6 @@ else CFLAGS+=-Wno-pointer-arith endif -ifdef FRIDA_DEBUG -CFLAGS += -DFRIDA_DEBUG -endif - FRIDA_BUILD_DIR:=$(BUILD_DIR)frida/ FRIDA_TRACE:=$(BUILD_DIR)afl-frida-trace.so FRIDA_TRACE_EMBEDDED:=$(BUILD_DIR)afl-frida-trace-embedded diff --git a/frida_mode/README.md b/frida_mode/README.md index ecce0bfd..0103a395 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -21,7 +21,7 @@ perhaps leverage some of its design and implementation. | Feature/Instrumentation | frida-mode | Notes | | -------------------------|:----------:|:--------------------------------------------:| | NeverZero | x | | - | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | + | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | | CMPLOG | x | (x86/x64 only) | | Selective Instrumentation| x | | @@ -43,16 +43,16 @@ system does not support cross compilation. ## Getting Started -To build everything run `make`. To build for x86 run `make 32`. Note that in +To build everything run `make`. To build for x86 run `make 32`. Note that in x86 bit mode, it is not necessary for afl-fuzz to be built for 32-bit. However, the shared library for frida_mode must be since it is injected into the target process. Various tests can be found in subfolders within the `test/` directory. To use these, first run `make` to build any dependencies. Then run `make qemu` or -`make frida` to run on either QEMU of FRIDA mode respectively. To run frida -tests in 32-bit mode, run `make ARCH=x86 frida`. When switching between -architectures it may be necessary to run `make clean` first for a given build +`make frida` to run on either QEMU of FRIDA mode respectively. To run frida +tests in 32-bit mode, run `make ARCH=x86 frida`. When switching between +architectures it may be necessary to run `make clean` first for a given build target to remove previously generated binaries for a different architecture. ## Usage @@ -74,6 +74,8 @@ following options are currently supported: * `AFL_FRIDA_PERSISTENT_ADDR` - See `AFL_QEMU_PERSISTENT_ADDR` * `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` * `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` +* `AFL_FRIDA_PERSISTENT_RET` - See `AFL_QEMU_PERSISTENT_RET` +* `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` - See `AFL_QEMU_PERSISTENT_RETADDR_OFFSET` To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. @@ -127,34 +129,144 @@ instances run CMPLOG mode and instrumentation of the binary is less frequent ## Advanced configuration options +* `AFL_FRIDA_INST_DEBUG_FILE` - File to write raw assembly of original blocks +and their instrumented counterparts during block compilation. +``` +*** + +Creating block for 0x7ffff7953313: + 0x7ffff7953313 mov qword ptr [rax], 0 + 0x7ffff795331a add rsp, 8 + 0x7ffff795331e ret + +Generated block 0x7ffff75e98e2 + 0x7ffff75e98e2 mov qword ptr [rax], 0 + 0x7ffff75e98e9 add rsp, 8 + 0x7ffff75e98ed lea rsp, [rsp - 0x80] + 0x7ffff75e98f5 push rcx + 0x7ffff75e98f6 movabs rcx, 0x7ffff795331e + 0x7ffff75e9900 jmp 0x7ffff75e9384 + + +*** +``` * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. -* `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. -Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks +`AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target +application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) +* `AFL_FRIDA_OUTPUT_STDERR` - Redirect the standard error of the target +application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) +* `AFL_FRIDA_PERSISTENT_DEBUG` - Insert a Breakpoint into the instrumented code +at `AFL_FRIDA_PERSISTENT_HOOK` and `AFL_FRIDA_PERSISTENT_RET` to allow the user +to determine the value of `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` using a +debugger. +``` + +gdb \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=XXXXXXXXXX' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_RET=XXXXXXXXXX' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ + --ex 'set environment AFL_DEBUG_CHILD=1' \ + --ex 'set environment LD_PRELOAD=afl-frida-trace.so' \ + --args [my arguments] + +``` +* `AFL_FRIDA_STATS_FILE` - Write statistics information about the code being +instrumented to the given file name. The statistics are written only for the +child process when new block is instrumented (when the +`AFL_FRIDA_STATS_INTERVAL` has expired). Note that simply because a new path is +found does not mean a new block needs to be compiled. It could simply be that +the existing blocks instrumented have been executed in a different order. +``` +stats +----- +Index: 2 +Pid: 1815944 +Time: 2021-05-28 15:26:41 +Blocks: 1985 +Instructions: 9192 +Avg Instructions / Block: 4 + +Call Immediates: 391 (4.25%) +Call Immediates Excluded: 65 (0.71%) +Call Register: 0 (0.00%) +Call Memory: 0 (0.00%) + +Jump Immediates: 202 (2.20%) +Jump Register: 10 (0.11%) +Jump Memory: 12 (0.13%) + +Conditional Jump Immediates: 1210 (13.16%) +Conditional Jump CX Immediate: 0 (0.00%) +Conditional Jump Register: 0 (0.00%) +Conditional Jump Memory: 0 (0.00%) + +Returns: 159 (0.00%) + +Rip Relative: 247 (0.00%) + +``` +* `AFL_FRIDA_STATS_INTERVAL` - The maximum frequency to output statistics +information. Stats will be written whenever they are updated if the given +interval has elapsed since last time they were written. +* `AFL_FRIDA_STATS_TRANSITIONS` - Also dump the internal stalker counters to +stderr when the regular stats are written. Note that these stats are reset in +the child each time a new fork occurs since they are not stored in shared +memory. Unfortunately, these stats are internal to stalker, so this is the best +we can do for now. +``` +stats +----- +Index: 2 +Pid: 1816794 +Time: 2021-05-28 15:26:41 + + +total_transitions: 786 + call_imms: 97 + call_regs: 0 + call_mems: 0 + post_call_invokes: 86 + excluded_call_imms: 29 + ret_slow_paths: 23 + + jmp_imms: 58 + jmp_mems: 7 + jmp_regs: 26 + + jmp_cond_imms: 460 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +``` ## FASAN - Frida Address Sanitizer Mode Frida mode also supports FASAN. The design of this is actually quite simple and very similar to that used when instrumenting applications compiled from source. ### Address Sanitizer Basics -When Address Sanitizer is used to instrument programs built from source, the +When Address Sanitizer is used to instrument programs built from source, the compiler first adds a dependency (`DT_NEEDED` entry) for the Address Sanitizer dynamic shared object (DSO). This shared object contains the main logic for Address Sanitizer, including setting and managing up the shadow memory. It also provides -replacement implementations for a number of functions in standard libraries. +replacement implementations for a number of functions in standard libraries. These replacements include things like `malloc` and `free` which allows for those allocations to be marked in the shadow memory, but also a number of other fuctions. -Consider `memcpy` for example, this is instrumented to validate the paramters -(test the source and destination buffers against the shadow memory. This is much -easier than instrumenting those standard libraries since, first it would require +Consider `memcpy` for example, this is instrumented to validate the paramters +(test the source and destination buffers against the shadow memory. This is much +easier than instrumenting those standard libraries since, first it would require you to re-compile them and secondly it would mean that the instrumentation would -be applied at a more expensive granular level. Lastly, load-widening (typically +be applied at a more expensive granular level. Lastly, load-widening (typically found in highy optimized code) can also make this instrumentation more difficult. Since the DSO is loaded before all of the standard libraries (in fact it insists @@ -165,9 +277,9 @@ modules which depend on it. FASAN takes a similar approach. It requires the user to add the Address Sanitizer DSO to the `AFL_PRELOAD` environment variable such that it is loaded into the target. -Again, it must be first in the list. This means that it is not necessary to -instrument the standard libraries to detect when an application has provided an -incorrect argument to `memcpy` for example. This avoids issues with load-widening +Again, it must be first in the list. This means that it is not necessary to +instrument the standard libraries to detect when an application has provided an +incorrect argument to `memcpy` for example. This avoids issues with load-widening and should also mean a huge improvement in performance. FASAN then adds instrumentation for any instrucutions which use memory operands and @@ -176,7 +288,7 @@ to validate memory accesses against the shadow memory. ## TODO -The next features to be added are Aarch64 and Aarch32 support as well as looking at +The next features to be added are Aarch64 and Aarch32 support as well as looking at potential performance improvements. The intention is to achieve feature parity with QEMU mode in due course. Contributions are welcome, but please get in touch to ensure that efforts are deconflicted. diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 75ee6396..ed92c25a 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -19,6 +19,7 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); +void instrument_debug_init(void); void instrument_debug_start(uint64_t address, GumStalkerOutput *output); void instrument_debug_instruction(uint64_t address, uint16_t size); void instrument_debug_end(GumStalkerOutput *output); diff --git a/frida_mode/include/output.h b/frida_mode/include/output.h new file mode 100644 index 00000000..53a9fdd3 --- /dev/null +++ b/frida_mode/include/output.h @@ -0,0 +1,9 @@ +#ifndef _OUTPUT_H +#define _OUTPUT_H + +#include "frida-gum.h" + +void output_init(void); + +#endif + diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h new file mode 100644 index 00000000..4271132a --- /dev/null +++ b/frida_mode/include/stats.h @@ -0,0 +1,28 @@ +#ifndef _STATS_H +#define _STATS_H + +#include "frida-gum.h" + +typedef struct { + + guint64 num_blocks; + guint64 num_instructions; + guint64 stats_last_time; + guint64 stats_idx; + guint64 transitions_idx; + +} stats_data_header_t; + +extern stats_data_header_t *stats_data; + +void stats_init(void); +void stats_collect(const cs_insn *instr, gboolean begin); +void stats_print(char *format, ...); + +gboolean stats_is_supported_arch(void); +size_t stats_data_size_arch(void); +void stats_collect_arch(const cs_insn *instr); +void stats_write_arch(void); + +#endif + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index c4f18797..cd1ac0be 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -13,6 +13,7 @@ #include "prefetch.h" #include "ranges.h" #include "stalker.h" +#include "stats.h" #include "util.h" static gboolean tracing = false; @@ -113,6 +114,9 @@ static void instr_basic_block(GumStalkerIterator *iterator, * fork-server and thus start executing in the child. */ excluded = range_is_excluded(GSIZE_TO_POINTER(instr->address)); + + stats_collect(instr, begin); + if (unlikely(begin)) { instrument_debug_start(instr->address, output); @@ -180,6 +184,7 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + instrument_debug_init(); asan_init(); cmplog_init(); diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index 3a554ad0..124843d8 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -1,26 +1,34 @@ +#include #include #include #include #include "frida-gum.h" +#include "debug.h" + #include "util.h" -#ifdef FRIDA_DEBUG - +static int debugging_fd = -1; static gpointer instrument_gen_start = NULL; static void instrument_debug(char *format, ...) { va_list ap; char buffer[4096] = {0}; + int ret; + int len; va_start(ap, format); - vsnprintf(buffer, sizeof(buffer) - 1, format, ap); + ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); va_end(ap); - IGNORED_RETURN(write(STDOUT_FILENO, buffer, sizeof(buffer))); + if (ret < 0) { return; } + + len = strnlen(buffer, sizeof(buffer)); + + IGNORED_RETURN(write(debugging_fd, buffer, len)); } @@ -53,41 +61,56 @@ static void instrument_disasm(guint8 *code, guint size) { static gpointer instrument_cur(GumStalkerOutput *output) { - #if defined(__i386__) || defined(__x86_64__) +#if defined(__i386__) || defined(__x86_64__) return gum_x86_writer_cur(output->writer.x86); - #elif defined(__aarch64__) +#elif defined(__aarch64__) return gum_arm64_writer_cur(output->writer.arm64); - #elif defined(__arm__) +#elif defined(__arm__) return gum_arm_writer_cur(output->writer.arm); - #else - #error "Unsupported architecture" - #endif +#else + #error "Unsupported architecture" +#endif + +} + +void instrument_debug_init(void) { + + char *filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); + OKF("Instrumentation debugging - enabled [%c]", filename == NULL ? ' ' : 'X'); + + if (filename == NULL) { return; } + + OKF("Instrumentation debugging - file [%s]", filename); + + if (filename == NULL) { return; } + + char *path = g_canonicalize_filename(filename, g_get_current_dir()); + + OKF("Instrumentation debugging - path [%s]", path); + + debugging_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + if (debugging_fd < 0) { FATAL("Failed to open stats file '%s'", path); } + + g_free(path); } void instrument_debug_start(uint64_t address, GumStalkerOutput *output) { - GumDebugSymbolDetails details; + if (likely(debugging_fd < 0)) { return; } instrument_gen_start = instrument_cur(output); - if (gum_symbol_details_from_address(GSIZE_TO_POINTER(address), &details)) { - - instrument_debug("\n\n***\n\nCreating block for 0x%" G_GINT64_MODIFIER - "x (%s!%s):\n", - address, details.module_name, details.symbol_name); - - } else { - - instrument_debug( - "\n\n***\n\nCreating block for 0x%" G_GINT64_MODIFIER "x:\n", address); - - } + instrument_debug("\n\n***\n\nCreating block for 0x%" G_GINT64_MODIFIER "x:\n", + address); } void instrument_debug_instruction(uint64_t address, uint16_t size) { + if (likely(debugging_fd < 0)) { return; } uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address); instrument_disasm(start, size); @@ -95,6 +118,7 @@ void instrument_debug_instruction(uint64_t address, uint16_t size) { void instrument_debug_end(GumStalkerOutput *output) { + if (likely(debugging_fd < 0)) { return; } gpointer instrument_gen_end = instrument_cur(output); uint16_t size = GPOINTER_TO_SIZE(instrument_gen_end) - GPOINTER_TO_SIZE(instrument_gen_start); @@ -104,25 +128,3 @@ void instrument_debug_end(GumStalkerOutput *output) { } -#else -void instrument_debug_start(void *address) { - - UNUSED_PARAMETER(address); - -} - -void instrument_debug_instruction(uint64_t address, uint16_t size) { - - UNUSED_PARAMETER(address); - UNUSED_PARAMETER(size); - -} - -void instrument_debug_end(GumStalkerOutput *output) { - - UNUSED_PARAMETER(output); - -} - -#endif - diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index e8015905..1ab9993f 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -19,10 +19,12 @@ #include "instrument.h" #include "interceptor.h" #include "lib.h" +#include "output.h" #include "persistent.h" #include "prefetch.h" #include "ranges.h" #include "stalker.h" +#include "stats.h" #include "util.h" #ifdef __APPLE__ @@ -95,9 +97,11 @@ void afl_frida_start() { lib_init(); entry_init(); instrument_init(); + output_init(); persistent_init(); prefetch_init(); ranges_init(); + stats_init(); void *fork_addr = GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); diff --git a/frida_mode/src/output.c b/frida_mode/src/output.c new file mode 100644 index 00000000..8a222b25 --- /dev/null +++ b/frida_mode/src/output.c @@ -0,0 +1,45 @@ +#include +#include +#include + +#include "frida-gum.h" + +#include "debug.h" + +#include "output.h" + +static int output_fd = -1; + +static void output_redirect(int fd, char *variable) { + + char *filename = getenv(variable); + char *path = NULL; + + if (filename == NULL) { return; } + + path = g_canonicalize_filename(filename, g_get_current_dir()); + + OKF("Redirect %d -> '%s'", fd, path); + + output_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + g_free(path); + + if (output_fd < 0) { FATAL("Failed to open fd(%d) error %d", fd, errno); } + + if (dup2(output_fd, fd) < 0) { + + FATAL("Failed to set fd(%d) error %d", fd, errno); + + } + +} + +void output_init(void) { + + output_redirect(STDOUT_FILENO, "AFL_FRIDA_OUTPUT_STDOUT"); + output_redirect(STDERR_FILENO, "AFL_FRIDA_OUTPUT_STDERR"); + +} + diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c new file mode 100644 index 00000000..890a8d6b --- /dev/null +++ b/frida_mode/src/stats/stats.c @@ -0,0 +1,208 @@ +#include +#include +#include +#include +#include +#include + +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" +#include "util.h" + +#include "stats.h" + +#define MICRO_TO_SEC 1000000 + +stats_data_header_t *stats_data = NULL; + +static int stats_parent_pid = -1; +static int stats_fd = -1; +static gboolean stats_transitions = FALSE; +static guint64 stats_interval = 0; + +void stats_init(void) { + + stats_parent_pid = getpid(); + char *filename = getenv("AFL_FRIDA_STATS_FILE"); + stats_interval = util_read_num("AFL_FRIDA_STATS_INTERVAL"); + if (getenv("AFL_FRIDA_STATS_TRANSITIONS") != NULL) { + + stats_transitions = TRUE; + + } + + OKF("Stats - file [%s]", filename); + OKF("Stats - interval [%" G_GINT64_MODIFIER "u]", stats_interval); + + if (stats_interval != 0 && filename == NULL) { + + FATAL( + "AFL_FRIDA_STATS_FILE must be specified if " + "AFL_FRIDA_STATS_INTERVAL is"); + + } + + if (stats_interval == 0) { stats_interval = 10; } + + if (filename == NULL) { return; } + + if (!stats_is_supported_arch()) { + + FATAL("Stats is not supported on this architecture"); + + } + + char *path = NULL; + + if (filename == NULL) { return; } + + if (stats_transitions) { gum_stalker_set_counters_enabled(TRUE); } + + path = g_canonicalize_filename(filename, g_get_current_dir()); + + OKF("Stats - path [%s]", path); + + stats_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + if (stats_fd < 0) { FATAL("Failed to open stats file '%s'", path); } + + g_free(path); + + size_t data_size = stats_data_size_arch(); + + int shm_id = shmget(IPC_PRIVATE, data_size, IPC_CREAT | IPC_EXCL | 0600); + if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); } + + stats_data = shmat(shm_id, NULL, 0); + g_assert(stats_data != MAP_FAILED); + + /* + * Configure the shared memory region to be removed once the process dies. + */ + if (shmctl(shm_id, IPC_RMID, NULL) < 0) { + + FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); + + } + + /* Clear it, not sure it's necessary, just seems like good practice */ + memset(stats_data, '\0', data_size); + +} + +void stats_vprint(int fd, char *format, va_list ap) { + + char buffer[4096] = {0}; + int ret; + int len; + + if(vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } + + len = strnlen(buffer, sizeof(buffer)); + IGNORED_RETURN(write(fd, buffer, len)); + +} + +void stats_print_fd(int fd, char *format, ...) { + + va_list ap; + va_start(ap, format); + stats_vprint(fd, format, ap); + va_end(ap); + +} + +void stats_print(char *format, ...) { + + va_list ap; + va_start(ap, format); + stats_vprint(stats_fd, format, ap); + va_end(ap); + +} + +void stats_write(void) { + + if (stats_parent_pid == getpid()) { return; } + + GDateTime *date_time = g_date_time_new_now_local(); + char *date_time_string = g_date_time_format(date_time, "%Y-%m-%e %H:%M:%S"); + + stats_print("stats\n"); + stats_print("-----\n"); + + stats_print("Index: %" G_GINT64_MODIFIER "u\n", + stats_data->stats_idx++); + stats_print("Pid: %d\n", getpid()); + stats_print("Time: %s\n", date_time_string); + stats_print("Blocks: %" G_GINT64_MODIFIER "u\n", + stats_data->num_blocks); + stats_print("Instructions: %" G_GINT64_MODIFIER "u\n", + stats_data->num_instructions); + stats_print("Avg Instructions / Block: %" G_GINT64_MODIFIER "u\n", + stats_data->num_instructions / stats_data->num_blocks); + + stats_print("\n"); + + g_free(date_time_string); + g_date_time_unref(date_time); + + stats_write_arch(); + + if (stats_transitions) { + + GDateTime *date_time = g_date_time_new_now_local(); + char *date_time_string = g_date_time_format(date_time, "%Y-%m-%e %H:%M:%S"); + + stats_print_fd(STDERR_FILENO, "stats\n"); + stats_print_fd(STDERR_FILENO, "-----\n"); + stats_print_fd(STDERR_FILENO, "Index: %" G_GINT64_MODIFIER "u\n", + stats_data->transitions_idx++); + stats_print_fd(STDERR_FILENO, "Pid: %d\n", getpid()); + stats_print_fd(STDERR_FILENO, "Time: %s\n", date_time_string); + + g_free(date_time_string); + g_date_time_unref(date_time); + gum_stalker_dump_counters(); + + } + +} + +static void stats_maybe_write(void) { + + guint64 current_time; + + if (stats_interval == 0) { return; } + + current_time = g_get_monotonic_time(); + + if ((current_time - stats_data->stats_last_time) > + (stats_interval * MICRO_TO_SEC)) { + + stats_write(); + stats_data->stats_last_time = current_time; + + } + +} + +void stats_collect(const cs_insn *instr, gboolean begin) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(begin); + + if (stats_fd < 0) { return; } + + if (begin) { stats_data->num_blocks++; } + stats_data->num_instructions++; + + stats_collect_arch(instr); + + stats_maybe_write(); + +} + diff --git a/frida_mode/src/stats/stats_arm.c b/frida_mode/src/stats/stats_arm.c new file mode 100644 index 00000000..7eea7f91 --- /dev/null +++ b/frida_mode/src/stats/stats_arm.c @@ -0,0 +1,36 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "stats.h" +#include "util.h" + +#if defined(__arm__) + +gboolean stats_is_supported_arch(void) { + + return FALSE; + +} + +size_t stats_data_size_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_write_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_collect_arch(const cs_insn *instr) { + + UNUSED_PARAMETER(instr); + FATAL("Stats not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/stats/stats_arm64.c b/frida_mode/src/stats/stats_arm64.c new file mode 100644 index 00000000..592af87a --- /dev/null +++ b/frida_mode/src/stats/stats_arm64.c @@ -0,0 +1,36 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "stats.h" +#include "util.h" + +#if defined(__aarch64__) + +gboolean stats_is_supported_arch(void) { + + return FALSE; + +} + +size_t stats_data_size_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_write_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_collect_arch(const cs_insn *instr) { + + UNUSED_PARAMETER(instr); + FATAL("Stats not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/stats/stats_x64.c b/frida_mode/src/stats/stats_x64.c new file mode 100644 index 00000000..c3e8742a --- /dev/null +++ b/frida_mode/src/stats/stats_x64.c @@ -0,0 +1,307 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ranges.h" +#include "stats.h" +#include "util.h" + +#if defined(__x86_64__) + +typedef struct { + + stats_data_header_t header; + + guint64 num_call_imm; + guint64 num_call_imm_excluded; + guint64 num_call_reg; + guint64 num_call_mem; + + guint64 num_jmp_imm; + guint64 num_jmp_reg; + guint64 num_jmp_mem; + + guint64 num_jmp_cond_imm; + guint64 num_jmp_cond_reg; + guint64 num_jmp_cond_mem; + + guint64 num_jmp_cond_jcxz; + + guint64 num_ret; + + guint64 num_rip_relative; + +} stats_data_arch_t; + +gboolean stats_is_supported_arch(void) { + + return TRUE; + +} + +size_t stats_data_size_arch(void) { + + return sizeof(stats_data_arch_t); + +} + +void stats_write_arch(void) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + guint64 num_instructions = stats_data_arch->header.num_instructions; + + stats_print( + "Call Immediates: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_imm, + ((float)(stats_data_arch->num_call_imm * 100) / num_instructions)); + stats_print("Call Immediates Excluded: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_imm_excluded, + ((float)(stats_data_arch->num_call_imm_excluded * 100) / + num_instructions)); + stats_print( + "Call Register: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_reg, + ((float)(stats_data_arch->num_call_reg * 100) / num_instructions)); + stats_print( + "Call Memory: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_mem, + ((float)(stats_data_arch->num_call_mem * 100) / num_instructions)); + + stats_print("\n"); + + stats_print("Jump Immediates: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_imm, + ((float)(stats_data_arch->num_jmp_imm * 100) / num_instructions)); + stats_print("Jump Register: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_reg, + ((float)(stats_data_arch->num_jmp_reg * 100) / num_instructions)); + stats_print("Jump Memory: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_mem, + ((float)(stats_data_arch->num_jmp_mem * 100) / num_instructions)); + + stats_print("\n"); + + stats_print( + "Conditional Jump Immediates: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_imm, + ((float)(stats_data_arch->num_jmp_cond_imm * 100) / num_instructions)); + stats_print( + "Conditional Jump CX Immediate: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_jcxz, + ((float)(stats_data_arch->num_jmp_cond_jcxz * 100) / num_instructions)); + stats_print( + "Conditional Jump Register: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_reg, + ((float)(stats_data_arch->num_jmp_cond_reg * 100) / num_instructions)); + stats_print( + "Conditional Jump Memory: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_mem, + ((float)(stats_data_arch->num_jmp_cond_mem * 100) / num_instructions)); + + stats_print("\n"); + + stats_print("Returns: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_ret, + (stats_data_arch->num_ret * 100 / num_instructions)); + + stats_print("\n"); + + stats_print("Rip Relative: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_rip_relative, + (stats_data_arch->num_rip_relative * 100 / num_instructions)); + + stats_print("\n"); + stats_print("\n"); + +} + +static x86_op_type stats_get_operand_type(const cs_insn *instr) { + + cs_x86 * x86 = &instr->detail->x86; + cs_x86_op *operand; + + if (x86->op_count != 1) { + + FATAL("Unexpected operand count (%d): %s %s\n", x86->op_count, + instr->mnemonic, instr->op_str); + + } + + operand = &x86->operands[0]; + + return operand->type; + +} + +static void stats_collect_call_imm_excluded_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + cs_x86 * x86 = &instr->detail->x86; + cs_x86_op * operand = &x86->operands[0]; + + if (range_is_excluded((gpointer)operand->imm)) { + + stats_data_arch->num_call_imm_excluded++; + + } + +} + +static void stats_collect_call_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + x86_op_type type = stats_get_operand_type(instr); + switch (type) { + + case X86_OP_IMM: + stats_data_arch->num_call_imm++; + stats_collect_call_imm_excluded_arch(instr); + break; + case X86_OP_REG: + stats_data_arch->num_call_reg++; + break; + case X86_OP_MEM: + stats_data_arch->num_call_mem++; + break; + default: + FATAL("Invalid operand type: %s %s\n", instr->mnemonic, instr->op_str); + + } + +} + +static void stats_collect_jump_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + x86_op_type type = stats_get_operand_type(instr); + switch (type) { + + case X86_OP_IMM: + stats_data_arch->num_jmp_imm++; + break; + case X86_OP_REG: + stats_data_arch->num_jmp_reg++; + break; + case X86_OP_MEM: + stats_data_arch->num_jmp_mem++; + break; + default: + FATAL("Invalid operand type: %s %s\n", instr->mnemonic, instr->op_str); + + } + +} + +static void stats_collect_jump_cond_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + x86_op_type type = stats_get_operand_type(instr); + switch (type) { + + case X86_OP_IMM: + stats_data_arch->num_jmp_cond_imm++; + break; + case X86_OP_REG: + stats_data_arch->num_jmp_cond_reg++; + break; + case X86_OP_MEM: + stats_data_arch->num_jmp_cond_mem++; + break; + default: + FATAL("Invalid operand type: %s %s\n", instr->mnemonic, instr->op_str); + + } + +} + +static void stats_collect_rip_relative_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + cs_x86 * x86 = &instr->detail->x86; + guint mod; + guint rm; + + if (x86->encoding.modrm_offset == 0) { return; } + + mod = (x86->modrm & 0xc0) >> 6; + if (mod != 0) { return; } + + rm = (x86->modrm & 0x07) >> 0; + if (rm != 5) { return; } + + stats_data_arch->num_rip_relative++; + +} + +void stats_collect_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + switch (instr->id) { + + case X86_INS_CALL: + stats_collect_call_arch(instr); + break; + case X86_INS_JMP: + stats_collect_jump_arch(instr); + break; + case X86_INS_JA: + case X86_INS_JAE: + case X86_INS_JB: + case X86_INS_JBE: + case X86_INS_JE: + case X86_INS_JG: + case X86_INS_JGE: + case X86_INS_JL: + case X86_INS_JLE: + case X86_INS_JNE: + case X86_INS_JNO: + case X86_INS_JNP: + case X86_INS_JNS: + case X86_INS_JO: + case X86_INS_JP: + case X86_INS_JS: + stats_collect_jump_cond_arch(instr); + break; + case X86_INS_JECXZ: + case X86_INS_JRCXZ: + stats_data_arch->num_jmp_cond_jcxz++; + break; + case X86_INS_RET: + stats_data_arch->num_ret++; + break; + default: + stats_collect_rip_relative_arch(instr); + break; + + } + +} + +#endif + diff --git a/frida_mode/src/stats/stats_x86.c b/frida_mode/src/stats/stats_x86.c new file mode 100644 index 00000000..1906e809 --- /dev/null +++ b/frida_mode/src/stats/stats_x86.c @@ -0,0 +1,36 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "stats.h" +#include "util.h" + +#if defined(__i386__) + +gboolean stats_is_supported_arch(void) { + + return FALSE; + +} + +size_t stats_data_size_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_write_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_collect_arch(const cs_insn *instr) { + + UNUSED_PARAMETER(instr); + FATAL("Stats not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/test/output/GNUmakefile b/frida_mode/test/output/GNUmakefile new file mode 100644 index 00000000..eaa1c4dc --- /dev/null +++ b/frida_mode/test/output/GNUmakefile @@ -0,0 +1,47 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all 32 clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_OUTPUT_STDOUT=frida_stdout.txt \ + AFL_FRIDA_OUTPUT_STDERR=frida_stderr.txt \ + AFL_FRIDA_STATS_FILE=frida_stats.txt \ + AFL_FRIDA_STATS_INTERVAL=1 \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/output/Makefile b/frida_mode/test/output/Makefile new file mode 100644 index 00000000..07b139e9 --- /dev/null +++ b/frida_mode/test/output/Makefile @@ -0,0 +1,13 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida diff --git a/frida_mode/test/output/frida_stderr.txt b/frida_mode/test/output/frida_stderr.txt new file mode 100644 index 00000000..103216cf --- /dev/null +++ b/frida_mode/test/output/frida_stderr.txt @@ -0,0 +1,2824 @@ + + +total_transitions: 9 + call_imms: 1 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 1 + jmp_mems: 2 + jmp_regs: 0 + + jmp_cond_imms: 2 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 19 + call_imms: 4 + call_regs: 0 + call_mems: 0 + post_call_invokes: 2 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 1 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 6 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 29 + call_imms: 6 + call_regs: 1 + call_mems: 0 + post_call_invokes: 3 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 2 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 11 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 39 + call_imms: 6 + call_regs: 2 + call_mems: 0 + post_call_invokes: 5 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 2 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 18 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 49 + call_imms: 7 + call_regs: 2 + call_mems: 1 + post_call_invokes: 6 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 2 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 25 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 59 + call_imms: 8 + call_regs: 2 + call_mems: 3 + post_call_invokes: 6 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 3 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 31 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 69 + call_imms: 9 + call_regs: 2 + call_mems: 3 + post_call_invokes: 7 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 3 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 38 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 79 + call_imms: 10 + call_regs: 2 + call_mems: 3 + post_call_invokes: 7 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 4 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 46 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 89 + call_imms: 10 + call_regs: 2 + call_mems: 3 + post_call_invokes: 7 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 4 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 56 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 99 + call_imms: 11 + call_regs: 2 + call_mems: 3 + post_call_invokes: 9 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 4 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 63 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 109 + call_imms: 12 + call_regs: 2 + call_mems: 3 + post_call_invokes: 12 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 5 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 68 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 119 + call_imms: 12 + call_regs: 2 + call_mems: 4 + post_call_invokes: 14 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 74 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 129 + call_imms: 14 + call_regs: 2 + call_mems: 4 + post_call_invokes: 16 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 80 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 139 + call_imms: 14 + call_regs: 2 + call_mems: 5 + post_call_invokes: 17 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 87 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 149 + call_imms: 14 + call_regs: 2 + call_mems: 6 + post_call_invokes: 17 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 96 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 159 + call_imms: 15 + call_regs: 2 + call_mems: 6 + post_call_invokes: 18 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 8 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 102 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 170 + call_imms: 15 + call_regs: 2 + call_mems: 6 + post_call_invokes: 18 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 10 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 111 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 180 + call_imms: 15 + call_regs: 2 + call_mems: 6 + post_call_invokes: 20 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 11 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 118 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 190 + call_imms: 16 + call_regs: 2 + call_mems: 6 + post_call_invokes: 20 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 11 + jmp_mems: 6 + jmp_regs: 1 + + jmp_cond_imms: 125 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 201 + call_imms: 16 + call_regs: 2 + call_mems: 7 + post_call_invokes: 21 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 13 + jmp_mems: 6 + jmp_regs: 1 + + jmp_cond_imms: 132 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 211 + call_imms: 17 + call_regs: 2 + call_mems: 7 + post_call_invokes: 22 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 14 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 138 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 223 + call_imms: 18 + call_regs: 2 + call_mems: 8 + post_call_invokes: 24 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 15 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 145 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 233 + call_imms: 18 + call_regs: 2 + call_mems: 8 + post_call_invokes: 25 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 16 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 153 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 244 + call_imms: 19 + call_regs: 2 + call_mems: 9 + post_call_invokes: 26 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 16 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 161 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input + + +total_transitions: 254 + call_imms: 20 + call_regs: 2 + call_mems: 9 + post_call_invokes: 27 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 18 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 167 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 264 + call_imms: 20 + call_regs: 2 + call_mems: 9 + post_call_invokes: 29 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 20 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 173 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 275 + call_imms: 21 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 22 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 179 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 285 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 23 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 186 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 295 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 23 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 196 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 305 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 24 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 205 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 315 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 31 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 26 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 212 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 326 + call_imms: 22 + call_regs: 3 + call_mems: 10 + post_call_invokes: 32 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 27 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 220 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 337 + call_imms: 23 + call_regs: 4 + call_mems: 10 + post_call_invokes: 36 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 27 + jmp_mems: 9 + jmp_regs: 1 + + jmp_cond_imms: 224 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 348 + call_imms: 24 + call_regs: 4 + call_mems: 10 + post_call_invokes: 38 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 27 + jmp_mems: 10 + jmp_regs: 1 + + jmp_cond_imms: 231 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 362 + call_imms: 26 + call_regs: 4 + call_mems: 10 + post_call_invokes: 39 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 28 + jmp_mems: 11 + jmp_regs: 1 + + jmp_cond_imms: 240 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 375 + call_imms: 27 + call_regs: 4 + call_mems: 10 + post_call_invokes: 40 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 28 + jmp_mems: 12 + jmp_regs: 1 + + jmp_cond_imms: 250 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 387 + call_imms: 28 + call_regs: 4 + call_mems: 10 + post_call_invokes: 41 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 28 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 258 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 397 + call_imms: 29 + call_regs: 4 + call_mems: 10 + post_call_invokes: 42 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 30 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 264 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 407 + call_imms: 29 + call_regs: 4 + call_mems: 10 + post_call_invokes: 42 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 31 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 273 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 418 + call_imms: 29 + call_regs: 4 + call_mems: 11 + post_call_invokes: 43 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 32 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 281 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) + + +total_transitions: 430 + call_imms: 32 + call_regs: 4 + call_mems: 11 + post_call_invokes: 45 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 33 + jmp_mems: 13 + jmp_regs: 3 + + jmp_cond_imms: 286 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 441 + call_imms: 32 + call_regs: 4 + call_mems: 12 + post_call_invokes: 46 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 33 + jmp_mems: 13 + jmp_regs: 3 + + jmp_cond_imms: 295 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) + + +total_transitions: 453 + call_imms: 33 + call_regs: 4 + call_mems: 12 + post_call_invokes: 49 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 34 + jmp_mems: 13 + jmp_regs: 3 + + jmp_cond_imms: 302 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 465 + call_imms: 35 + call_regs: 4 + call_mems: 12 + post_call_invokes: 50 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 35 + jmp_mems: 15 + jmp_regs: 3 + + jmp_cond_imms: 308 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 475 + call_imms: 38 + call_regs: 4 + call_mems: 12 + post_call_invokes: 51 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 35 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 310 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 485 + call_imms: 38 + call_regs: 5 + call_mems: 12 + post_call_invokes: 52 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 36 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 317 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 495 + call_imms: 38 + call_regs: 5 + call_mems: 13 + post_call_invokes: 52 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 38 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 324 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 506 + call_imms: 38 + call_regs: 5 + call_mems: 13 + post_call_invokes: 53 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 39 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 333 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 516 + call_imms: 40 + call_regs: 5 + call_mems: 13 + post_call_invokes: 53 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 40 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 340 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 526 + call_imms: 40 + call_regs: 5 + call_mems: 13 + post_call_invokes: 54 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 40 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 349 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 540 + call_imms: 42 + call_regs: 5 + call_mems: 13 + post_call_invokes: 55 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 42 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 358 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 552 + call_imms: 43 + call_regs: 5 + call_mems: 13 + post_call_invokes: 57 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 43 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 366 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 563 + call_imms: 43 + call_regs: 5 + call_mems: 14 + post_call_invokes: 58 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 43 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 375 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 573 + call_imms: 43 + call_regs: 5 + call_mems: 15 + post_call_invokes: 59 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 44 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 382 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 583 + call_imms: 44 + call_regs: 5 + call_mems: 15 + post_call_invokes: 59 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 45 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 389 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 593 + call_imms: 45 + call_regs: 5 + call_mems: 15 + post_call_invokes: 60 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 396 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 603 + call_imms: 46 + call_regs: 6 + call_mems: 15 + post_call_invokes: 64 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 400 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 615 + call_imms: 46 + call_regs: 7 + call_mems: 17 + post_call_invokes: 64 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 407 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 626 + call_imms: 48 + call_regs: 8 + call_mems: 18 + post_call_invokes: 66 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 18 + jmp_regs: 3 + + jmp_cond_imms: 411 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 637 + call_imms: 50 + call_regs: 9 + call_mems: 19 + post_call_invokes: 68 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 47 + jmp_mems: 19 + jmp_regs: 3 + + jmp_cond_imms: 414 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 648 + call_imms: 52 + call_regs: 9 + call_mems: 20 + post_call_invokes: 70 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 47 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 419 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 660 + call_imms: 52 + call_regs: 10 + call_mems: 20 + post_call_invokes: 72 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 49 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 426 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 672 + call_imms: 52 + call_regs: 10 + call_mems: 20 + post_call_invokes: 72 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 51 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 436 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 683 + call_imms: 53 + call_regs: 11 + call_mems: 21 + post_call_invokes: 73 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 52 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 442 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 697 + call_imms: 53 + call_regs: 11 + call_mems: 22 + post_call_invokes: 74 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 53 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 453 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 709 + call_imms: 53 + call_regs: 13 + call_mems: 22 + post_call_invokes: 77 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 53 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 460 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 720 + call_imms: 53 + call_regs: 13 + call_mems: 22 + post_call_invokes: 77 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 55 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 469 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 730 + call_imms: 54 + call_regs: 13 + call_mems: 24 + post_call_invokes: 77 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 56 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 475 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 740 + call_imms: 54 + call_regs: 13 + call_mems: 24 + post_call_invokes: 80 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 57 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 481 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 753 + call_imms: 54 + call_regs: 14 + call_mems: 24 + post_call_invokes: 81 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 58 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 491 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) diff --git a/frida_mode/test/output/frida_stdout.txt b/frida_mode/test/output/frida_stdout.txt new file mode 100644 index 00000000..8832681d --- /dev/null +++ b/frida_mode/test/output/frida_stdout.txt @@ -0,0 +1,349 @@ +OG Range - 0x00007FFFF7FFE000 - 0x00007FFFF7FFF000 +[+] CMPLOG Range - 0x00007FFFF7FFD000 - 0x00007FFFF7FFE000 +[+] CMPLOG Range - 0x00007FFFF7FFC000 - 0x00007FFFF7FFD000 +[+] CMPLOG Range - 0x00007FFFF7FF3000 - 0x00007FFFF7FFB000 +[+] CMPLOG Range - 0x00007FFFF7FD0000 - 0x00007FFFF7FF3000 +[+] CMPLOG Range - 0x00007FFFF7FCF000 - 0x00007FFFF7FD0000 +[+] CMPLOG Range - 0x00007FFFF7FCE000 - 0x00007FFFF7FCF000 +[+] CMPLOG Range - 0x00007FFFF7FCB000 - 0x00007FFFF7FCE000 +[+] CMPLOG Range - 0x00007FFFF7DC4000 - 0x00007FFFF7FCB000 +[+] CMPLOG Range - 0x00007FFFF7DBC000 - 0x00007FFFF7DC4000 +[+] CMPLOG Range - 0x00007FFFF7DB0000 - 0x00007FFFF7DBC000 +[+] CMPLOG Range - 0x00007FFFF7A94000 - 0x00007FFFF7DB0000 +[+] CMPLOG Range - 0x00007FFFF7942000 - 0x00007FFFF7A94000 +[+] CMPLOG Range - 0x00007FFFF78BF000 - 0x00007FFFF7942000 +[+] CMPLOG Range - 0x00007FFFF78AF000 - 0x00007FFFF78BF000 +[+] CMPLOG Range - 0x00007FFFF78AA000 - 0x00007FFFF78AB000 +[+] CMPLOG Range - 0x00007FFFF78A9000 - 0x00007FFFF78AA000 +[+] CMPLOG Range - 0x00007FFFF78A2000 - 0x00007FFFF78A6000 +[+] CMPLOG Range - 0x00007FFFF789F000 - 0x00007FFFF78A2000 +[+] CMPLOG Range - 0x00007FFFF789C000 - 0x00007FFFF789F000 +[+] CMPLOG Range - 0x00007FFFF7851000 - 0x00007FFFF789B000 +[+] CMPLOG Range - 0x00007FFFF76DB000 - 0x00007FFFF7851000 +[+] CMPLOG Range - 0x00007FFFF76DA000 - 0x00007FFFF76DB000 +[+] CMPLOG Range - 0x00007FFFF76D9000 - 0x00007FFFF76DA000 +[+] CMPLOG Range - 0x00007FFFF76B4000 - 0x00007FFFF76D9000 +[+] CMPLOG Range - 0x00007FFFF76B0000 - 0x00007FFFF76B4000 +[+] CMPLOG Range - 0x00007FFFF76AF000 - 0x00007FFFF76B0000 +[+] CMPLOG Range - 0x00007FFFF76AE000 - 0x00007FFFF76AF000 +[+] CMPLOG Range - 0x00007FFFF76A9000 - 0x00007FFFF76AE000 +[+] CMPLOG Range - 0x00007FFFF7698000 - 0x00007FFFF76A9000 +[+] CMPLOG Range - 0x00007FFFF7691000 - 0x00007FFFF7698000 +[+] CMPLOG Range - 0x00007FFFF768F000 - 0x00007FFFF7691000 +[+] CMPLOG Range - 0x00007FFFF768E000 - 0x00007FFFF768F000 +[+] CMPLOG Range - 0x00007FFFF768D000 - 0x00007FFFF768E000 +[+] CMPLOG Range - 0x00007FFFF7689000 - 0x00007FFFF768C000 +[+] CMPLOG Range - 0x00007FFFF7679000 - 0x00007FFFF7689000 +[+] CMPLOG Range - 0x00007FFFF7675000 - 0x00007FFFF7679000 +[+] CMPLOG Range - 0x00007FFFF7674000 - 0x00007FFFF7675000 +[+] CMPLOG Range - 0x00007FFFF7673000 - 0x00007FFFF7674000 +[+] CMPLOG Range - 0x00007FFFF7672000 - 0x00007FFFF7673000 +[+] CMPLOG Range - 0x00007FFFF7670000 - 0x00007FFFF7672000 +[+] CMPLOG Range - 0x00007FFFF766F000 - 0x00007FFFF7670000 +[+] CMPLOG Range - 0x00007FFFF766D000 - 0x00007FFFF766F000 +[+] Redirect 1 -> '/home/jon/git/AFLplusplus/frida_mode/test/output/frida_stdout.txt' +[+] Redirect 2 -> '/home/jon/git/AFLplusplus/frida_mode/test/output/frida_stderr.txt' +[+] Instrumentation - persistent mode [ ] (0x0000000000000000) +[+] Instrumentation - persistent count [ ] (0) +[+] Instrumentation - hook [(null)] +[+] Instrumentation - persistent ret [ ] (0x0000000000000000) +[+] Instrumentation - persistent ret offset [ ] (0) +[+] Instrumentation - prefetch [X] +[+] Range: Modules Length: 54 +[+] Range: Modules Idx: 0 - 0x0000555555554000-0x0000555555555000 +[+] Range: Modules Idx: 1 - 0x0000555555555000-0x0000555555556000 +[+] Range: Modules Idx: 2 - 0x0000555555556000-0x0000555555557000 +[+] Range: Modules Idx: 3 - 0x0000555555557000-0x0000555555558000 +[+] Range: Modules Idx: 4 - 0x0000555555558000-0x0000555555559000 +[+] Range: Modules Idx: 5 - 0x0000555555559000-0x000055555557a000 +[+] Range: Modules Idx: 6 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: Modules Idx: 7 - 0x00007ffff766d000-0x00007ffff766f000 +[+] Range: Modules Idx: 8 - 0x00007ffff766f000-0x00007ffff7670000 +[+] Range: Modules Idx: 9 - 0x00007ffff7670000-0x00007ffff7672000 +[+] Range: Modules Idx: 10 - 0x00007ffff7672000-0x00007ffff7673000 +[+] Range: Modules Idx: 11 - 0x00007ffff7673000-0x00007ffff7674000 +[+] Range: Modules Idx: 12 - 0x00007ffff7674000-0x00007ffff7675000 +[+] Range: Modules Idx: 13 - 0x00007ffff7675000-0x00007ffff7679000 +[+] Range: Modules Idx: 14 - 0x00007ffff7679000-0x00007ffff7689000 +[+] Range: Modules Idx: 15 - 0x00007ffff7689000-0x00007ffff768c000 +[+] Range: Modules Idx: 16 - 0x00007ffff768c000-0x00007ffff768d000 +[+] Range: Modules Idx: 17 - 0x00007ffff768d000-0x00007ffff768e000 +[+] Range: Modules Idx: 18 - 0x00007ffff768e000-0x00007ffff768f000 +[+] Range: Modules Idx: 19 - 0x00007ffff768f000-0x00007ffff7691000 +[+] Range: Modules Idx: 20 - 0x00007ffff7691000-0x00007ffff7698000 +[+] Range: Modules Idx: 21 - 0x00007ffff7698000-0x00007ffff76a9000 +[+] Range: Modules Idx: 22 - 0x00007ffff76a9000-0x00007ffff76ae000 +[+] Range: Modules Idx: 23 - 0x00007ffff76ae000-0x00007ffff76af000 +[+] Range: Modules Idx: 24 - 0x00007ffff76af000-0x00007ffff76b0000 +[+] Range: Modules Idx: 25 - 0x00007ffff76b0000-0x00007ffff76b4000 +[+] Range: Modules Idx: 26 - 0x00007ffff76b4000-0x00007ffff76d9000 +[+] Range: Modules Idx: 27 - 0x00007ffff76d9000-0x00007ffff76da000 +[+] Range: Modules Idx: 28 - 0x00007ffff76da000-0x00007ffff76db000 +[+] Range: Modules Idx: 29 - 0x00007ffff76db000-0x00007ffff7851000 +[+] Range: Modules Idx: 30 - 0x00007ffff7851000-0x00007ffff789b000 +[+] Range: Modules Idx: 31 - 0x00007ffff789b000-0x00007ffff789c000 +[+] Range: Modules Idx: 32 - 0x00007ffff789c000-0x00007ffff789f000 +[+] Range: Modules Idx: 33 - 0x00007ffff789f000-0x00007ffff78a2000 +[+] Range: Modules Idx: 34 - 0x00007ffff78a2000-0x00007ffff78a6000 +[+] Range: Modules Idx: 35 - 0x00007ffff78a9000-0x00007ffff78aa000 +[+] Range: Modules Idx: 36 - 0x00007ffff78aa000-0x00007ffff78ab000 +[+] Range: Modules Idx: 37 - 0x00007ffff78af000-0x00007ffff78bf000 +[+] Range: Modules Idx: 38 - 0x00007ffff78bf000-0x00007ffff7942000 +[+] Range: Modules Idx: 39 - 0x00007ffff7942000-0x00007ffff7a94000 +[+] Range: Modules Idx: 40 - 0x00007ffff7a94000-0x00007ffff7db0000 +[+] Range: Modules Idx: 41 - 0x00007ffff7db0000-0x00007ffff7dbc000 +[+] Range: Modules Idx: 42 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: Modules Idx: 43 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: Modules Idx: 44 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: Modules Idx: 45 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: Modules Idx: 46 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: Modules Idx: 47 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: Modules Idx: 48 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: Modules Idx: 49 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: Modules Idx: 50 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: Modules Idx: 51 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: Modules Idx: 52 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: Modules Idx: 53 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: AFL_INST_LIBS Length: 1 +[+] Range: AFL_INST_LIBS Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step1 Length: 1 +[+] Range: step1 Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step2 Length: 1 +[+] Range: step2 Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step3 Length: 1 +[+] Range: step3 Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step4 Length: 55 +[+] Range: step4 Idx: 0 - 0x0000555555554000-0x0000555555555000 +[+] Range: step4 Idx: 1 - 0x0000555555555000-0x0000555555555160 +[+] Range: step4 Idx: 2 - 0x0000555555555335-0x0000555555556000 +[+] Range: step4 Idx: 3 - 0x0000555555556000-0x0000555555557000 +[+] Range: step4 Idx: 4 - 0x0000555555557000-0x0000555555558000 +[+] Range: step4 Idx: 5 - 0x0000555555558000-0x0000555555559000 +[+] Range: step4 Idx: 6 - 0x0000555555559000-0x000055555557a000 +[+] Range: step4 Idx: 7 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: step4 Idx: 8 - 0x00007ffff766d000-0x00007ffff766f000 +[+] Range: step4 Idx: 9 - 0x00007ffff766f000-0x00007ffff7670000 +[+] Range: step4 Idx: 10 - 0x00007ffff7670000-0x00007ffff7672000 +[+] Range: step4 Idx: 11 - 0x00007ffff7672000-0x00007ffff7673000 +[+] Range: step4 Idx: 12 - 0x00007ffff7673000-0x00007ffff7674000 +[+] Range: step4 Idx: 13 - 0x00007ffff7674000-0x00007ffff7675000 +[+] Range: step4 Idx: 14 - 0x00007ffff7675000-0x00007ffff7679000 +[+] Range: step4 Idx: 15 - 0x00007ffff7679000-0x00007ffff7689000 +[+] Range: step4 Idx: 16 - 0x00007ffff7689000-0x00007ffff768c000 +[+] Range: step4 Idx: 17 - 0x00007ffff768c000-0x00007ffff768d000 +[+] Range: step4 Idx: 18 - 0x00007ffff768d000-0x00007ffff768e000 +[+] Range: step4 Idx: 19 - 0x00007ffff768e000-0x00007ffff768f000 +[+] Range: step4 Idx: 20 - 0x00007ffff768f000-0x00007ffff7691000 +[+] Range: step4 Idx: 21 - 0x00007ffff7691000-0x00007ffff7698000 +[+] Range: step4 Idx: 22 - 0x00007ffff7698000-0x00007ffff76a9000 +[+] Range: step4 Idx: 23 - 0x00007ffff76a9000-0x00007ffff76ae000 +[+] Range: step4 Idx: 24 - 0x00007ffff76ae000-0x00007ffff76af000 +[+] Range: step4 Idx: 25 - 0x00007ffff76af000-0x00007ffff76b0000 +[+] Range: step4 Idx: 26 - 0x00007ffff76b0000-0x00007ffff76b4000 +[+] Range: step4 Idx: 27 - 0x00007ffff76b4000-0x00007ffff76d9000 +[+] Range: step4 Idx: 28 - 0x00007ffff76d9000-0x00007ffff76da000 +[+] Range: step4 Idx: 29 - 0x00007ffff76da000-0x00007ffff76db000 +[+] Range: step4 Idx: 30 - 0x00007ffff76db000-0x00007ffff7851000 +[+] Range: step4 Idx: 31 - 0x00007ffff7851000-0x00007ffff789b000 +[+] Range: step4 Idx: 32 - 0x00007ffff789b000-0x00007ffff789c000 +[+] Range: step4 Idx: 33 - 0x00007ffff789c000-0x00007ffff789f000 +[+] Range: step4 Idx: 34 - 0x00007ffff789f000-0x00007ffff78a2000 +[+] Range: step4 Idx: 35 - 0x00007ffff78a2000-0x00007ffff78a6000 +[+] Range: step4 Idx: 36 - 0x00007ffff78a9000-0x00007ffff78aa000 +[+] Range: step4 Idx: 37 - 0x00007ffff78aa000-0x00007ffff78ab000 +[+] Range: step4 Idx: 38 - 0x00007ffff78af000-0x00007ffff78bf000 +[+] Range: step4 Idx: 39 - 0x00007ffff78bf000-0x00007ffff7942000 +[+] Range: step4 Idx: 40 - 0x00007ffff7942000-0x00007ffff7a94000 +[+] Range: step4 Idx: 41 - 0x00007ffff7a94000-0x00007ffff7db0000 +[+] Range: step4 Idx: 42 - 0x00007ffff7db0000-0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[1;92m[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! diff --git a/frida_mode/test/output/testinstr.c b/frida_mode/test/output/testinstr.c new file mode 100644 index 00000000..5e26fc46 --- /dev/null +++ b/frida_mode/test/output/testinstr.c @@ -0,0 +1,112 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/include/envs.h b/include/envs.h index 73cd82a8..08b3284a 100644 --- a/include/envs.h +++ b/include/envs.h @@ -55,17 +55,22 @@ static char *afl_environment_variables[] = { "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS", "AFL_FRIDA_EXCLUDE_RANGES", + "AFL_FRIDA_INST_DEBUG_FILE", "AFL_FRIDA_INST_NO_OPTIMIZE", "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", - "AFL_FRIDA_INST_STRICT", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_OUTPUT_STDOUT", + "AFL_FRIDA_OUTPUT_STDERR", "AFL_FRIDA_PERSISTENT_ADDR", "AFL_FRIDA_PERSISTENT_CNT", "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", "AFL_FRIDA_PERSISTENT_RET", "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET", + "AFL_FRIDA_STATS_FILE", + "AFL_FRIDA_STATS_INTERVAL", + "AFL_FRIDA_STATS_TRANSITIONS", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_GDB", "AFL_GCC_ALLOWLIST", From d2e85cce5048f36aef27a26d907670dda61837e4 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 30 May 2021 00:36:56 +0200 Subject: [PATCH 270/441] afl-cmin help fix, aflpp_driver - + @@ support --- afl-cmin | 8 ++-- frida_mode/src/instrument/instrument_debug.c | 1 - utils/aflpp_driver/README.md | 6 +++ utils/aflpp_driver/aflpp_driver.c | 46 +++++++++++++++----- 4 files changed, 45 insertions(+), 16 deletions(-) diff --git a/afl-cmin b/afl-cmin index adcbb221..9fa63ec6 100755 --- a/afl-cmin +++ b/afl-cmin @@ -119,13 +119,13 @@ function usage() { "Environment variables used:\n" \ "AFL_ALLOW_TMP: allow unsafe use of input/output directories under {/var}/tmp\n" \ "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n" \ -"AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" \ +"AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the forkserver to come up\n" \ "AFL_KEEP_TRACES: leave the temporary /.traces directory\n" \ -"AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" -"AFL_PATH: path for the afl-showmap binary if not found anywhere else\n" \ +"AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)\n" \ +"AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH\n" \ "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \ "printed to stdout\n" \ -"AFL_SKIP_BIN_CHECK: skip check for target binary\n" +"AFL_SKIP_BIN_CHECK: skip afl instrumentation checks for target binary\n" exit 1 } diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index 124843d8..be72ef89 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -20,7 +20,6 @@ static void instrument_debug(char *format, ...) { int len; va_start(ap, format); - ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); va_end(ap); diff --git a/utils/aflpp_driver/README.md b/utils/aflpp_driver/README.md index 01bd10c0..f03c2fe3 100644 --- a/utils/aflpp_driver/README.md +++ b/utils/aflpp_driver/README.md @@ -13,6 +13,12 @@ If this is the clang compile command to build for libfuzzer: then just switch `clang++` with `afl-clang-fast++` and our compiler will magically insert libAFLDriver.a :) +To use shared-memory testcases, you need nothing to do. +To use stdin testcases give `-` as the only command line parameter. +To use file input testcases give `@@` as the only command line parameter. + +IMPORTANT: if you use `afl-cmin` or `afl-cmin.bash` then either pass `-` +or `@@` as command line parameters. ## aflpp_qemu_driver diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index ad781e64..c094c425 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -174,11 +174,17 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) { static int ExecuteFilesOnyByOne(int argc, char **argv) { unsigned char *buf = (unsigned char *)malloc(MAX_FILE); + for (int i = 1; i < argc; i++) { - int fd = open(argv[i], O_RDONLY); - if (fd == -1) continue; + int fd = 0; + + if (strcmp(argv[i], "-") != 0) { fd = open(argv[i], O_RDONLY); } + + if (fd == -1) { continue; } + ssize_t length = read(fd, buf, MAX_FILE); + if (length > 0) { printf("Reading %zu bytes from %s\n", length, argv[i]); @@ -187,7 +193,7 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) { } - close(fd); + if (fd > 0) { close(fd); } } @@ -199,15 +205,19 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) { int main(int argc, char **argv) { printf( - "======================= INFO =========================\n" + "============================== INFO ================================\n" "This binary is built for afl++.\n" + "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " + "option\n" "To run the target function on individual input(s) execute this:\n" " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" "To fuzz with afl-fuzz execute this:\n" " afl-fuzz [afl-flags] -- %s [-N]\n" "afl-fuzz will run N iterations before re-spawning the process (default: " "INT_MAX)\n" - "======================================================\n", + "For stdin input processing, pass '-' as single command line option.\n" + "For file input processing, pass '@@' as single command line option.\n" + "===================================================================\n", argv[0], argv[0]); if (getenv("AFL_GDB")) { @@ -237,22 +247,35 @@ int main(int argc, char **argv) { memcpy(dummy_input, (void *)AFL_PERSISTENT, sizeof(AFL_PERSISTENT)); memcpy(dummy_input + 32, (void *)AFL_DEFER_FORKSVR, sizeof(AFL_DEFER_FORKSVR)); + int N = INT_MAX; - if (argc == 2 && argv[1][0] == '-') - N = atoi(argv[1] + 1); - else if (argc == 2 && (N = atoi(argv[1])) > 0) - printf("WARNING: using the deprecated call style `%s %d`\n", argv[0], N); - else if (argc > 1) { + + if (argc == 2 && !strcmp(argv[1], "-")) { __afl_sharedmem_fuzzing = 0; __afl_manual_init(); return ExecuteFilesOnyByOne(argc, argv); + } else if (argc == 2 && argv[1][0] == '-') { + + N = atoi(argv[1] + 1); + + } else if (argc == 2 && (N = atoi(argv[1])) > 0) { + + printf("WARNING: using the deprecated call style `%s %d`\n", argv[0], N); + + } else if (argc > 1) { + + __afl_sharedmem_fuzzing = 0; + + if (argc == 2) { __afl_manual_init(); } + + return ExecuteFilesOnyByOne(argc, argv); + } assert(N > 0); - // if (!getenv("AFL_DRIVER_DONT_DEFER")) __afl_manual_init(); // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization @@ -271,6 +294,7 @@ int main(int argc, char **argv) { fprintf(stderr, "%02x", __afl_fuzz_ptr[i]); fprintf(stderr, "\n"); #endif + if (*__afl_fuzz_len) { num_runs++; From c78762e690ff936c2e5394aff87deeb7b6b67a6c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 30 May 2021 02:04:37 +0200 Subject: [PATCH 271/441] fix for afl-showmap --- src/afl-showmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index d7af668c..96b72dd9 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -235,6 +235,9 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { if (cmin_mode && (fsrv->last_run_timed_out || (!caa && child_crashed != cco))) { + // create empty file to prevent error messages in afl-cmin + fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + close(fd); return ret; } From 67293b298d2f6146022ac7adebdf17aebf27bea7 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 30 May 2021 02:06:05 +0200 Subject: [PATCH 272/441] final push to stable (really?) (#939) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic --- Dockerfile | 7 +- README.md | 12 +- afl-cmin | 8 +- afl-plot | 2 +- afl-whatsup | 13 +- docs/Changelog.md | 12 +- docs/QuickStartGuide.md | 2 +- docs/binaryonly_fuzzing.md | 2 +- docs/custom_mutators.md | 3 + docs/env_variables.md | 8 +- frida_mode/GNUmakefile | 3 - frida_mode/README.md | 146 +- frida_mode/include/instrument.h | 4 + frida_mode/include/output.h | 9 + frida_mode/include/persistent.h | 4 + frida_mode/include/ranges.h | 2 + frida_mode/include/stats.h | 28 + frida_mode/include/util.h | 2 +- frida_mode/src/instrument/instrument.c | 51 +- frida_mode/src/instrument/instrument_debug.c | 129 + frida_mode/src/main.c | 7 +- frida_mode/src/output.c | 45 + frida_mode/src/persistent/persistent.c | 34 +- frida_mode/src/persistent/persistent_arm32.c | 7 + frida_mode/src/persistent/persistent_arm64.c | 7 + frida_mode/src/persistent/persistent_x64.c | 19 +- frida_mode/src/persistent/persistent_x86.c | 15 + frida_mode/src/ranges.c | 69 +- frida_mode/src/stats/stats.c | 208 ++ frida_mode/src/stats/stats_arm.c | 36 + frida_mode/src/stats/stats_arm64.c | 36 + frida_mode/src/stats/stats_x64.c | 307 ++ frida_mode/src/stats/stats_x86.c | 36 + frida_mode/src/util.c | 13 +- frida_mode/test/deferred/GNUmakefile | 71 + frida_mode/test/deferred/Makefile | 13 + frida_mode/test/deferred/testinstr.c | 125 + frida_mode/test/libpcap/GNUmakefile | 188 ++ frida_mode/test/libpcap/Makefile | 1143 +++++++ .../test/libpcap/aflpp_qemu_driver_hook.c | 97 + frida_mode/test/libpcap/get_symbol_addr.py | 36 + frida_mode/test/output/GNUmakefile | 47 + frida_mode/test/output/Makefile | 13 + frida_mode/test/output/frida_stderr.txt | 2824 +++++++++++++++++ frida_mode/test/output/frida_stdout.txt | 349 ++ frida_mode/test/output/testinstr.c | 112 + frida_mode/test/persistent_ret/GNUmakefile | 105 + frida_mode/test/persistent_ret/Makefile | 22 + .../test/persistent_ret/get_symbol_addr.py | 36 + frida_mode/test/persistent_ret/testinstr.c | 120 + frida_mode/test/re2/GNUmakefile | 170 + frida_mode/test/re2/Makefile | 22 + frida_mode/test/re2/aflpp_qemu_driver_hook.c | 97 + frida_mode/test/re2/get_symbol_addr.py | 36 + include/afl-fuzz.h | 4 +- include/config.h | 4 +- include/envs.h | 11 +- qemu_mode/README.md | 21 +- src/afl-cc.c | 14 + src/afl-fuzz-init.c | 64 +- src/afl-fuzz-python.c | 2 +- src/afl-fuzz-run.c | 2 +- src/afl-fuzz-state.c | 10 +- src/afl-fuzz.c | 28 +- src/afl-showmap.c | 3 + utils/aflpp_driver/README.md | 6 + utils/aflpp_driver/aflpp_driver.c | 46 +- 67 files changed, 6960 insertions(+), 167 deletions(-) create mode 100644 frida_mode/include/output.h create mode 100644 frida_mode/include/stats.h create mode 100644 frida_mode/src/instrument/instrument_debug.c create mode 100644 frida_mode/src/output.c create mode 100644 frida_mode/src/stats/stats.c create mode 100644 frida_mode/src/stats/stats_arm.c create mode 100644 frida_mode/src/stats/stats_arm64.c create mode 100644 frida_mode/src/stats/stats_x64.c create mode 100644 frida_mode/src/stats/stats_x86.c create mode 100644 frida_mode/test/deferred/GNUmakefile create mode 100644 frida_mode/test/deferred/Makefile create mode 100644 frida_mode/test/deferred/testinstr.c create mode 100644 frida_mode/test/libpcap/GNUmakefile create mode 100644 frida_mode/test/libpcap/Makefile create mode 100644 frida_mode/test/libpcap/aflpp_qemu_driver_hook.c create mode 100755 frida_mode/test/libpcap/get_symbol_addr.py create mode 100644 frida_mode/test/output/GNUmakefile create mode 100644 frida_mode/test/output/Makefile create mode 100644 frida_mode/test/output/frida_stderr.txt create mode 100644 frida_mode/test/output/frida_stdout.txt create mode 100644 frida_mode/test/output/testinstr.c create mode 100644 frida_mode/test/persistent_ret/GNUmakefile create mode 100644 frida_mode/test/persistent_ret/Makefile create mode 100755 frida_mode/test/persistent_ret/get_symbol_addr.py create mode 100644 frida_mode/test/persistent_ret/testinstr.c create mode 100644 frida_mode/test/re2/GNUmakefile create mode 100644 frida_mode/test/re2/Makefile create mode 100644 frida_mode/test/re2/aflpp_qemu_driver_hook.c create mode 100755 frida_mode/test/re2/get_symbol_addr.py diff --git a/Dockerfile b/Dockerfile index 8f89b9aa..18fb6367 100644 --- a/Dockerfile +++ b/Dockerfile @@ -50,6 +50,7 @@ RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 0 ENV LLVM_CONFIG=llvm-config-12 ENV AFL_SKIP_CPUFREQ=1 +ENV AFL_TRY_AFFINITY=1 ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov /afl-cov @@ -61,8 +62,10 @@ WORKDIR /AFLplusplus RUN export CC=gcc-10 && export CXX=g++-10 && make clean && \ make distrib && make install && make clean -RUN echo 'alias joe="jupp --wordwrap"' >> ~/.bashrc -RUN echo 'export PS1="[afl++]$PS1"' >> ~/.bashrc +RUN sh -c 'echo set encoding=utf-8 > /root/.vimrc' +RUN echo '. /etc/bash_completion' >> ~/.bashrc +RUN echo 'alias joe="joe --wordwrap --joe_state -nobackup"' >> ~/.bashrc +RUN echo "export PS1='"'[afl++ \h] \w$(__git_ps1) \$ '"'" >> ~/.bashrc ENV IS_DOCKER="1" # Disabled until we have the container ready diff --git a/README.md b/README.md index 501f0591..69e2d14a 100644 --- a/README.md +++ b/README.md @@ -679,8 +679,8 @@ If you see that an important area or a feature has not been covered so far then try to find an input that is able to reach that and start a new secondary in that fuzzing campaign with that seed as input, let it run for a few minutes, then terminate it. The main node will pick it up and make it available to the -other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` if you have no -free core. +other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` or +`export AFL_TRY_AFFINITY=1` if you have no free core. Note that you in nearly all cases can never reach full coverage. A lot of functionality is usually behind options that were not activated or fuzz e.g. @@ -800,10 +800,10 @@ Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, zaflr, fibre, etc. +use a binary rewriter like afl-dyninst, retrowrite, zaflr, etc. -For Qemu and Frida mode, check out the persistent mode and snapshot features, -they give a huge speed improvement! +For Qemu and Frida mode, check out the persistent mode, it gives a huge speed +improvement if it is possible to use. ### QEMU @@ -822,7 +822,7 @@ less conducive to parallelization. If [afl-dyninst](https://github.com/vanhauser-thc/afl-dyninst) works for your binary, then you can use afl-fuzz normally and it will have twice -the speed compared to qemu_mode (but slower than persistent mode). +the speed compared to qemu_mode (but slower than qemu persistent mode). Note that several other binary rewriters exist, all with their advantages and caveats. diff --git a/afl-cmin b/afl-cmin index adcbb221..9fa63ec6 100755 --- a/afl-cmin +++ b/afl-cmin @@ -119,13 +119,13 @@ function usage() { "Environment variables used:\n" \ "AFL_ALLOW_TMP: allow unsafe use of input/output directories under {/var}/tmp\n" \ "AFL_CRASH_EXITCODE: optional child exit code to be interpreted as crash\n" \ -"AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the target to come up, initially\n" \ +"AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the forkserver to come up\n" \ "AFL_KEEP_TRACES: leave the temporary /.traces directory\n" \ -"AFL_KILL_SIGNAL: Signal ID delivered to child processes on timeout, etc. (default: SIGKILL)\n" -"AFL_PATH: path for the afl-showmap binary if not found anywhere else\n" \ +"AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)\n" \ +"AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH\n" \ "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \ "printed to stdout\n" \ -"AFL_SKIP_BIN_CHECK: skip check for target binary\n" +"AFL_SKIP_BIN_CHECK: skip afl instrumentation checks for target binary\n" exit 1 } diff --git a/afl-plot b/afl-plot index 26c8d1b7..60a351ab 100755 --- a/afl-plot +++ b/afl-plot @@ -127,7 +127,7 @@ set key outside set autoscale xfixmin set autoscale xfixmax -set xlabel "all times in UTC" font "small" +#set xlabel "all times in UTC" font "small" plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ '' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ diff --git a/afl-whatsup b/afl-whatsup index be259829..9c2564c6 100755 --- a/afl-whatsup +++ b/afl-whatsup @@ -21,11 +21,11 @@ echo "$0 status check tool for afl-fuzz by Michal Zalewski" echo test "$1" = "-h" -o "$1" = "-hh" && { - echo "$0 [-s] [-d] output_directory" + echo "Usage: $0 [-s] [-d] afl_output_directory" echo echo Options: - echo -s - skip details and output summary results only - echo -d - include dead fuzzer stats + echo " -s - skip details and output summary results only" + echo " -d - include dead fuzzer stats" echo exit 1 } @@ -51,10 +51,11 @@ DIR="$1" if [ "$DIR" = "" ]; then - echo "Usage: $0 [-s] [-d] afl_sync_dir" 1>&2 + echo "Usage: $0 [-s] [-d] afl_output_directory" 1>&2 echo 1>&2 - echo "The -s option causes the tool to skip all the per-fuzzer trivia and show" 1>&2 - echo "just the summary results. See docs/parallel_fuzzing.md for additional tips." 1>&2 + echo Options: 1>&2 + echo " -s - skip details and output summary results only" 1>&2 + echo " -d - include dead fuzzer stats" 1>&2 echo 1>&2 exit 1 diff --git a/docs/Changelog.md b/docs/Changelog.md index dfd5c393..298a3998 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -33,8 +33,12 @@ sending a mail to . - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default afl++ ignores these and uses them for splicing instead. - - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing after - no new paths have been found for n seconds + - added AFL_EXIT_ON_TIME env that will make afl-fuzz exit fuzzing + after no new paths have been found for n seconds + - when AFL_FAST_CAL is set a variable path will now be calibrated + 8 times instead of originally 40. Long calibration is now 20. + - added AFL_TRY_AFFINITY to try to bind to CPUs but don't error if + it fails - afl-cc: - We do not support llvm versions prior 6.0 anymore - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD @@ -42,6 +46,7 @@ sending a mail to . - Removed InsTrim instrumentation as it is not as good as PCGUARD - Removed automatic linking with -lc++ for LTO mode - Fixed a crash in llvm dict2file when a strncmp length was -1 + - added --afl-noopt support - utils/aflpp_driver: - aflpp_qemu_driver_hook fixed to work with qemu_mode - aflpp_driver now compiled with -fPIC @@ -53,7 +58,8 @@ sending a mail to . MacOS shared memory - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup - - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename + - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the + current filename - afl-showmap/cmin will now process queue items in alphabetical order ### Version ++3.12c (release) diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md index 10be409a..d1966170 100644 --- a/docs/QuickStartGuide.md +++ b/docs/QuickStartGuide.md @@ -1,6 +1,6 @@ # AFL quick start guide -You should read [README.md](README.md) - it's pretty short. If you really can't, here's +You should read [README.md](../README.md) - it's pretty short. If you really can't, here's how to hit the ground running: 1) Compile AFL with 'make'. If build fails, see [INSTALL.md](INSTALL.md) for tips. diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index bab64a30..11e1dbeb 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -43,7 +43,7 @@ If you like to code a customized fuzzer without much work, we highly recommend to check out our sister project libafl which will support QEMU - very too: + too: [https://github.com/AFLplusplus/LibAFL](https://github.com/AFLplusplus/LibAFL) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 9d5381e8..3e3ae01d 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -92,6 +92,9 @@ def queue_new_entry(filename_new_queue, filename_orig_queue): def introspection(): return string + +def deinit(): # optional for Python + pass ``` ### Custom Mutation diff --git a/docs/env_variables.md b/docs/env_variables.md index def1e297..7bbc0fdd 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -312,14 +312,12 @@ checks or alter some of the more exotic semantics of the tool: on Linux systems. This slows things down, but lets you run more instances of afl-fuzz than would be prudent (if you really want to). + - Setting `AFL_TRY_AFFINITY` tries to attempt binding to a specific CPU core + on Linux systems, but will not terminate if that fails. + - Setting `AFL_NO_AUTODICT` will not load an LTO generated auto dictionary that is compiled into the target. - - `AFL_SKIP_CRASHES` causes AFL++ to tolerate crashing files in the input - queue. This can help with rare situations where a program crashes only - intermittently, but it's not really recommended under normal operating - conditions. - - Setting `AFL_HANG_TMOUT` allows you to specify a different timeout for deciding if a particular test case is a "hang". The default is 1 second or the value of the `-t` parameter, whichever is larger. Dialing the value diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 20fbb544..a0387cac 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -94,9 +94,6 @@ AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o all: $(FRIDA_TRACE) -32: - CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all - 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all diff --git a/frida_mode/README.md b/frida_mode/README.md index ecce0bfd..0103a395 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -21,7 +21,7 @@ perhaps leverage some of its design and implementation. | Feature/Instrumentation | frida-mode | Notes | | -------------------------|:----------:|:--------------------------------------------:| | NeverZero | x | | - | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | + | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | | CMPLOG | x | (x86/x64 only) | | Selective Instrumentation| x | | @@ -43,16 +43,16 @@ system does not support cross compilation. ## Getting Started -To build everything run `make`. To build for x86 run `make 32`. Note that in +To build everything run `make`. To build for x86 run `make 32`. Note that in x86 bit mode, it is not necessary for afl-fuzz to be built for 32-bit. However, the shared library for frida_mode must be since it is injected into the target process. Various tests can be found in subfolders within the `test/` directory. To use these, first run `make` to build any dependencies. Then run `make qemu` or -`make frida` to run on either QEMU of FRIDA mode respectively. To run frida -tests in 32-bit mode, run `make ARCH=x86 frida`. When switching between -architectures it may be necessary to run `make clean` first for a given build +`make frida` to run on either QEMU of FRIDA mode respectively. To run frida +tests in 32-bit mode, run `make ARCH=x86 frida`. When switching between +architectures it may be necessary to run `make clean` first for a given build target to remove previously generated binaries for a different architecture. ## Usage @@ -74,6 +74,8 @@ following options are currently supported: * `AFL_FRIDA_PERSISTENT_ADDR` - See `AFL_QEMU_PERSISTENT_ADDR` * `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` * `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` +* `AFL_FRIDA_PERSISTENT_RET` - See `AFL_QEMU_PERSISTENT_RET` +* `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` - See `AFL_QEMU_PERSISTENT_RETADDR_OFFSET` To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. @@ -127,34 +129,144 @@ instances run CMPLOG mode and instrumentation of the binary is less frequent ## Advanced configuration options +* `AFL_FRIDA_INST_DEBUG_FILE` - File to write raw assembly of original blocks +and their instrumented counterparts during block compilation. +``` +*** + +Creating block for 0x7ffff7953313: + 0x7ffff7953313 mov qword ptr [rax], 0 + 0x7ffff795331a add rsp, 8 + 0x7ffff795331e ret + +Generated block 0x7ffff75e98e2 + 0x7ffff75e98e2 mov qword ptr [rax], 0 + 0x7ffff75e98e9 add rsp, 8 + 0x7ffff75e98ed lea rsp, [rsp - 0x80] + 0x7ffff75e98f5 push rcx + 0x7ffff75e98f6 movabs rcx, 0x7ffff795331e + 0x7ffff75e9900 jmp 0x7ffff75e9384 + + +*** +``` * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. -* `AFL_FRIDA_INST_TRACE` - Generate some logging when running instrumented code. -Requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks +`AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target +application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) +* `AFL_FRIDA_OUTPUT_STDERR` - Redirect the standard error of the target +application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) +* `AFL_FRIDA_PERSISTENT_DEBUG` - Insert a Breakpoint into the instrumented code +at `AFL_FRIDA_PERSISTENT_HOOK` and `AFL_FRIDA_PERSISTENT_RET` to allow the user +to determine the value of `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` using a +debugger. +``` + +gdb \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=XXXXXXXXXX' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_RET=XXXXXXXXXX' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ + --ex 'set environment AFL_DEBUG_CHILD=1' \ + --ex 'set environment LD_PRELOAD=afl-frida-trace.so' \ + --args [my arguments] + +``` +* `AFL_FRIDA_STATS_FILE` - Write statistics information about the code being +instrumented to the given file name. The statistics are written only for the +child process when new block is instrumented (when the +`AFL_FRIDA_STATS_INTERVAL` has expired). Note that simply because a new path is +found does not mean a new block needs to be compiled. It could simply be that +the existing blocks instrumented have been executed in a different order. +``` +stats +----- +Index: 2 +Pid: 1815944 +Time: 2021-05-28 15:26:41 +Blocks: 1985 +Instructions: 9192 +Avg Instructions / Block: 4 + +Call Immediates: 391 (4.25%) +Call Immediates Excluded: 65 (0.71%) +Call Register: 0 (0.00%) +Call Memory: 0 (0.00%) + +Jump Immediates: 202 (2.20%) +Jump Register: 10 (0.11%) +Jump Memory: 12 (0.13%) + +Conditional Jump Immediates: 1210 (13.16%) +Conditional Jump CX Immediate: 0 (0.00%) +Conditional Jump Register: 0 (0.00%) +Conditional Jump Memory: 0 (0.00%) + +Returns: 159 (0.00%) + +Rip Relative: 247 (0.00%) + +``` +* `AFL_FRIDA_STATS_INTERVAL` - The maximum frequency to output statistics +information. Stats will be written whenever they are updated if the given +interval has elapsed since last time they were written. +* `AFL_FRIDA_STATS_TRANSITIONS` - Also dump the internal stalker counters to +stderr when the regular stats are written. Note that these stats are reset in +the child each time a new fork occurs since they are not stored in shared +memory. Unfortunately, these stats are internal to stalker, so this is the best +we can do for now. +``` +stats +----- +Index: 2 +Pid: 1816794 +Time: 2021-05-28 15:26:41 + + +total_transitions: 786 + call_imms: 97 + call_regs: 0 + call_mems: 0 + post_call_invokes: 86 + excluded_call_imms: 29 + ret_slow_paths: 23 + + jmp_imms: 58 + jmp_mems: 7 + jmp_regs: 26 + + jmp_cond_imms: 460 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +``` ## FASAN - Frida Address Sanitizer Mode Frida mode also supports FASAN. The design of this is actually quite simple and very similar to that used when instrumenting applications compiled from source. ### Address Sanitizer Basics -When Address Sanitizer is used to instrument programs built from source, the +When Address Sanitizer is used to instrument programs built from source, the compiler first adds a dependency (`DT_NEEDED` entry) for the Address Sanitizer dynamic shared object (DSO). This shared object contains the main logic for Address Sanitizer, including setting and managing up the shadow memory. It also provides -replacement implementations for a number of functions in standard libraries. +replacement implementations for a number of functions in standard libraries. These replacements include things like `malloc` and `free` which allows for those allocations to be marked in the shadow memory, but also a number of other fuctions. -Consider `memcpy` for example, this is instrumented to validate the paramters -(test the source and destination buffers against the shadow memory. This is much -easier than instrumenting those standard libraries since, first it would require +Consider `memcpy` for example, this is instrumented to validate the paramters +(test the source and destination buffers against the shadow memory. This is much +easier than instrumenting those standard libraries since, first it would require you to re-compile them and secondly it would mean that the instrumentation would -be applied at a more expensive granular level. Lastly, load-widening (typically +be applied at a more expensive granular level. Lastly, load-widening (typically found in highy optimized code) can also make this instrumentation more difficult. Since the DSO is loaded before all of the standard libraries (in fact it insists @@ -165,9 +277,9 @@ modules which depend on it. FASAN takes a similar approach. It requires the user to add the Address Sanitizer DSO to the `AFL_PRELOAD` environment variable such that it is loaded into the target. -Again, it must be first in the list. This means that it is not necessary to -instrument the standard libraries to detect when an application has provided an -incorrect argument to `memcpy` for example. This avoids issues with load-widening +Again, it must be first in the list. This means that it is not necessary to +instrument the standard libraries to detect when an application has provided an +incorrect argument to `memcpy` for example. This avoids issues with load-widening and should also mean a huge improvement in performance. FASAN then adds instrumentation for any instrucutions which use memory operands and @@ -176,7 +288,7 @@ to validate memory accesses against the shadow memory. ## TODO -The next features to be added are Aarch64 and Aarch32 support as well as looking at +The next features to be added are Aarch64 and Aarch32 support as well as looking at potential performance improvements. The intention is to achieve feature parity with QEMU mode in due course. Contributions are welcome, but please get in touch to ensure that efforts are deconflicted. diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 03fd33e5..ed92c25a 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -19,5 +19,9 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); +void instrument_debug_init(void); +void instrument_debug_start(uint64_t address, GumStalkerOutput *output); +void instrument_debug_instruction(uint64_t address, uint16_t size); +void instrument_debug_end(GumStalkerOutput *output); #endif diff --git a/frida_mode/include/output.h b/frida_mode/include/output.h new file mode 100644 index 00000000..53a9fdd3 --- /dev/null +++ b/frida_mode/include/output.h @@ -0,0 +1,9 @@ +#ifndef _OUTPUT_H +#define _OUTPUT_H + +#include "frida-gum.h" + +void output_init(void); + +#endif + diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index e58c5301..25b44ab0 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -18,6 +18,9 @@ extern unsigned char *__afl_fuzz_ptr; extern guint64 persistent_start; extern guint64 persistent_count; +extern guint64 persistent_ret; +extern guint64 persistent_ret_offset; +extern gboolean persistent_debug; extern afl_persistent_hook_fn hook; void persistent_init(void); @@ -26,6 +29,7 @@ void persistent_init(void); gboolean persistent_is_supported(void); void persistent_prologue(GumStalkerOutput *output); +void persistent_epilogue(GumStalkerOutput *output); #endif diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index f652eb8a..c623f473 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -7,5 +7,7 @@ void ranges_init(void); gboolean range_is_excluded(gpointer address); +void ranges_exclude(); + #endif diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h new file mode 100644 index 00000000..4271132a --- /dev/null +++ b/frida_mode/include/stats.h @@ -0,0 +1,28 @@ +#ifndef _STATS_H +#define _STATS_H + +#include "frida-gum.h" + +typedef struct { + + guint64 num_blocks; + guint64 num_instructions; + guint64 stats_last_time; + guint64 stats_idx; + guint64 transitions_idx; + +} stats_data_header_t; + +extern stats_data_header_t *stats_data; + +void stats_init(void); +void stats_collect(const cs_insn *instr, gboolean begin); +void stats_print(char *format, ...); + +gboolean stats_is_supported_arch(void); +size_t stats_data_size_arch(void); +void stats_collect_arch(const cs_insn *instr); +void stats_write_arch(void); + +#endif + diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h index afd0b9c1..7b443b5e 100644 --- a/frida_mode/include/util.h +++ b/frida_mode/include/util.h @@ -4,7 +4,7 @@ #include "frida-gum.h" #define UNUSED_PARAMETER(x) (void)(x) -#define IGNORED_RERURN(x) (void)!(x) +#define IGNORED_RETURN(x) (void)!(x) guint64 util_read_address(char *key); diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 67eadc3f..cd1ac0be 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -13,6 +13,7 @@ #include "prefetch.h" #include "ranges.h" #include "stalker.h" +#include "stats.h" #include "util.h" static gboolean tracing = false; @@ -47,7 +48,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", current_pc, previous_pc); - IGNORED_RERURN(write(STDOUT_FILENO, buffer, len + 1)); + IGNORED_RETURN(write(STDOUT_FILENO, buffer, len + 1)); } @@ -79,17 +80,52 @@ static void instr_basic_block(GumStalkerIterator *iterator, const cs_insn *instr; gboolean begin = TRUE; + gboolean excluded; + while (gum_stalker_iterator_next(iterator, &instr)) { if (instr->address == entry_start) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } + if (instr->address == persistent_ret) { persistent_epilogue(output); } - if (begin) { + /* + * Until we reach AFL_ENTRYPOINT (assumed to be main if not specified) or + * AFL_FRIDA_PERSISTENT_ADDR (if specified), we don't mark our ranges + * excluded as we wish to remain inside stalker at all times so that we can + * instrument our entry point and persistent loop (if present). This allows + * the user to exclude ranges which would be traversed between main and the + * AFL_ENTRYPOINT, but which they don't want included in their coverage + * information when fuzzing. + * + * Since we have no means to discard the instrumented copies of blocks + * (setting the trust threshold simply causes a new copy to be made on each + * execution), we instead ensure that we honour the additional + * instrumentation requested (e.g. coverage, asan and complog) when a block + * is compiled no matter where we are during initialization. We will end up + * re-using these blocks if the code under test calls a block which is also + * used during initialization. + * + * Coverage data generated during initialization isn't a problem since the + * map is zeroed each time the target is forked or each time the persistent + * loop is run. + * + * Lastly, we don't enable pre-fetching back to the parent until we reach + * our AFL_ENTRYPOINT, since it is not until then that we start the + * fork-server and thus start executing in the child. + */ + excluded = range_is_excluded(GSIZE_TO_POINTER(instr->address)); + + stats_collect(instr, begin); + + if (unlikely(begin)) { + + instrument_debug_start(instr->address, output); prefetch_write(GSIZE_TO_POINTER(instr->address)); - if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { - if (optimize) { + if (likely(!excluded)) { + + if (likely(optimize)) { instrument_coverage_optimize(instr, output); @@ -106,7 +142,9 @@ static void instr_basic_block(GumStalkerIterator *iterator, } - if (!range_is_excluded(GSIZE_TO_POINTER(instr->address))) { + instrument_debug_instruction(instr->address, instr->size); + + if (likely(!excluded)) { asan_instrument(instr, iterator); cmplog_instrument(instr, iterator); @@ -117,6 +155,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, } + instrument_debug_end(output); + } void instrument_init(void) { @@ -144,6 +184,7 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + instrument_debug_init(); asan_init(); cmplog_init(); diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c new file mode 100644 index 00000000..be72ef89 --- /dev/null +++ b/frida_mode/src/instrument/instrument_debug.c @@ -0,0 +1,129 @@ +#include +#include +#include +#include + +#include "frida-gum.h" + +#include "debug.h" + +#include "util.h" + +static int debugging_fd = -1; +static gpointer instrument_gen_start = NULL; + +static void instrument_debug(char *format, ...) { + + va_list ap; + char buffer[4096] = {0}; + int ret; + int len; + + va_start(ap, format); + ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); + va_end(ap); + + if (ret < 0) { return; } + + len = strnlen(buffer, sizeof(buffer)); + + IGNORED_RETURN(write(debugging_fd, buffer, len)); + +} + +static void instrument_disasm(guint8 *code, guint size) { + + csh capstone; + cs_err err; + cs_insn *insn; + size_t count, i; + + err = cs_open(GUM_DEFAULT_CS_ARCH, + GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN, &capstone); + g_assert(err == CS_ERR_OK); + + count = cs_disasm(capstone, code, size, GPOINTER_TO_SIZE(code), 0, &insn); + g_assert(insn != NULL); + + for (i = 0; i != count; i++) { + + instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t%s %s\n", insn[i].address, + insn[i].mnemonic, insn[i].op_str); + + } + + cs_free(insn, count); + + cs_close(&capstone); + +} + +static gpointer instrument_cur(GumStalkerOutput *output) { + +#if defined(__i386__) || defined(__x86_64__) + return gum_x86_writer_cur(output->writer.x86); +#elif defined(__aarch64__) + return gum_arm64_writer_cur(output->writer.arm64); +#elif defined(__arm__) + return gum_arm_writer_cur(output->writer.arm); +#else + #error "Unsupported architecture" +#endif + +} + +void instrument_debug_init(void) { + + char *filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); + OKF("Instrumentation debugging - enabled [%c]", filename == NULL ? ' ' : 'X'); + + if (filename == NULL) { return; } + + OKF("Instrumentation debugging - file [%s]", filename); + + if (filename == NULL) { return; } + + char *path = g_canonicalize_filename(filename, g_get_current_dir()); + + OKF("Instrumentation debugging - path [%s]", path); + + debugging_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + if (debugging_fd < 0) { FATAL("Failed to open stats file '%s'", path); } + + g_free(path); + +} + +void instrument_debug_start(uint64_t address, GumStalkerOutput *output) { + + if (likely(debugging_fd < 0)) { return; } + + instrument_gen_start = instrument_cur(output); + + instrument_debug("\n\n***\n\nCreating block for 0x%" G_GINT64_MODIFIER "x:\n", + address); + +} + +void instrument_debug_instruction(uint64_t address, uint16_t size) { + + if (likely(debugging_fd < 0)) { return; } + uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address); + instrument_disasm(start, size); + +} + +void instrument_debug_end(GumStalkerOutput *output) { + + if (likely(debugging_fd < 0)) { return; } + gpointer instrument_gen_end = instrument_cur(output); + uint16_t size = GPOINTER_TO_SIZE(instrument_gen_end) - + GPOINTER_TO_SIZE(instrument_gen_start); + + instrument_debug("\nGenerated block %p\n", instrument_gen_start); + instrument_disasm(instrument_gen_start, size); + +} + diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 21073cbe..1ab9993f 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -1,3 +1,4 @@ +#include #include #include @@ -18,10 +19,12 @@ #include "instrument.h" #include "interceptor.h" #include "lib.h" +#include "output.h" #include "persistent.h" #include "prefetch.h" #include "ranges.h" #include "stalker.h" +#include "stats.h" #include "util.h" #ifdef __APPLE__ @@ -58,10 +61,10 @@ static void on_main_os(int argc, char **argv, char **envp) { static void on_main_os(int argc, char **argv, char **envp) { UNUSED_PARAMETER(argc); - /* Personality doesn't affect the current process, it only takes effect on * evec */ int persona = personality(ADDR_NO_RANDOMIZE); + if (persona == -1) { WARNF("Failed to set ADDR_NO_RANDOMIZE: %d", errno); } if ((persona & ADDR_NO_RANDOMIZE) == 0) { execvpe(argv[0], argv, envp); } GumInterceptor *interceptor = gum_interceptor_obtain(); @@ -94,9 +97,11 @@ void afl_frida_start() { lib_init(); entry_init(); instrument_init(); + output_init(); persistent_init(); prefetch_init(); ranges_init(); + stats_init(); void *fork_addr = GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); diff --git a/frida_mode/src/output.c b/frida_mode/src/output.c new file mode 100644 index 00000000..8a222b25 --- /dev/null +++ b/frida_mode/src/output.c @@ -0,0 +1,45 @@ +#include +#include +#include + +#include "frida-gum.h" + +#include "debug.h" + +#include "output.h" + +static int output_fd = -1; + +static void output_redirect(int fd, char *variable) { + + char *filename = getenv(variable); + char *path = NULL; + + if (filename == NULL) { return; } + + path = g_canonicalize_filename(filename, g_get_current_dir()); + + OKF("Redirect %d -> '%s'", fd, path); + + output_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + g_free(path); + + if (output_fd < 0) { FATAL("Failed to open fd(%d) error %d", fd, errno); } + + if (dup2(output_fd, fd) < 0) { + + FATAL("Failed to set fd(%d) error %d", fd, errno); + + } + +} + +void output_init(void) { + + output_redirect(STDOUT_FILENO, "AFL_FRIDA_OUTPUT_STDOUT"); + output_redirect(STDERR_FILENO, "AFL_FRIDA_OUTPUT_STDERR"); + +} + diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 918ff153..2ec5b9cc 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -12,6 +12,9 @@ int __afl_sharedmem_fuzzing = 0; afl_persistent_hook_fn hook = NULL; guint64 persistent_start = 0; guint64 persistent_count = 0; +guint64 persistent_ret = 0; +guint64 persistent_ret_offset = 0; +gboolean persistent_debug = FALSE; void persistent_init(void) { @@ -19,12 +22,36 @@ void persistent_init(void) { persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); + persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET"); + persistent_ret_offset = + util_read_address("AFL_FRIDA_PERSISTENT_RETADDR_OFFSET"); + + if (getenv("AFL_FRIDA_PERSISTENT_DEBUG") != NULL) { persistent_debug = TRUE; } + + if (persistent_count != 0 && persistent_start == 0) { - if (persistent_count != 0 && persistent_start == 0) FATAL( "AFL_FRIDA_PERSISTENT_ADDR must be specified if " "AFL_FRIDA_PERSISTENT_CNT is"); + } + + if (persistent_ret != 0 && persistent_start == 0) { + + FATAL( + "AFL_FRIDA_PERSISTENT_ADDR must be specified if " + "AFL_FRIDA_PERSISTENT_RET is"); + + } + + if (persistent_ret_offset != 0 && persistent_ret == 0) { + + FATAL( + "AFL_FRIDA_PERSISTENT_RET must be specified if " + "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET is"); + + } + if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; if (persistent_count != 0 && persistent_count < 100) @@ -39,6 +66,11 @@ void persistent_init(void) { persistent_start == 0 ? ' ' : 'X', persistent_count); OKF("Instrumentation - hook [%s]", hook_name); + OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", + persistent_ret == 0 ? ' ' : 'X', persistent_ret); + OKF("Instrumentation - persistent ret offset [%c] (%" G_GINT64_MODIFIER "d)", + persistent_ret_offset == 0 ? ' ' : 'X', persistent_ret_offset); + if (hook_name != NULL) { void *hook_obj = dlopen(hook_name, RTLD_NOW); diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index bc021ff3..6a3c06fa 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -68,5 +68,12 @@ void persistent_prologue(GumStalkerOutput *output) { } +void persistent_epilogue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index c198da69..1215d8da 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -111,5 +111,12 @@ void persistent_prologue(GumStalkerOutput *output) { } +void persistent_epilogue(GumStalkerOutput *output) { + + UNUSED_PARAMETER(output); + FATAL("Persistent mode not supported on this architecture"); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index aa772b7f..4c495d47 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -1,9 +1,11 @@ #include "frida-gum.h" #include "config.h" +#include "debug.h" #include "instrument.h" #include "persistent.h" +#include "util.h" #if defined(__x86_64__) @@ -264,7 +266,6 @@ void persistent_prologue(GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; gconstpointer loop = cw->code + 1; - // gum_x86_writer_put_breakpoint(cw); /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); @@ -288,7 +289,9 @@ void persistent_prologue(GumStalkerOutput *output) { instrument_persitent_restore_regs(cw, &saved_regs); gconstpointer original = cw->code + 1; /* call original */ + gum_x86_writer_put_call_near_label(cw, original); + /* jmp loop */ gum_x86_writer_put_jmp_near_label(cw, loop); @@ -300,9 +303,23 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + gum_x86_writer_flush(cw); } +void persistent_epilogue(GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + persistent_ret_offset); + gum_x86_writer_put_ret(cw); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 20a3dc42..b30dfadf 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -244,9 +244,24 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + gum_x86_writer_flush(cw); } +void persistent_epilogue(GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, + persistent_ret_offset); + + gum_x86_writer_put_ret(cw); + +} + #endif diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index e3f09f9e..ef25b371 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -480,15 +480,40 @@ static GArray *merge_ranges(GArray *a) { } +static gboolean exclude_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + gchar * name; + gboolean found; + GumStalker *stalker; + if (details->file == NULL) { return TRUE; } + name = g_path_get_basename(details->file->path); + + found = (g_strcmp0(name, "afl-frida-trace.so") == 0); + g_free(name); + if (!found) { return TRUE; } + + stalker = stalker_get(); + gum_stalker_exclude(stalker, details->range); + + return FALSE; + +} + +static void ranges_exclude_self(void) { + + gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, exclude_ranges_callback, NULL); + +} + void ranges_init(void) { - GumMemoryRange ri; - GArray * step1; - GArray * step2; - GArray * step3; - GArray * step4; - GumMemoryRange *r; - GumStalker * stalker; + GumMemoryRange ri; + GArray * step1; + GArray * step2; + GArray * step3; + GArray * step4; if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { @@ -535,20 +560,16 @@ void ranges_init(void) { ranges = merge_ranges(step4); print_ranges("final", ranges); - stalker = stalker_get(); - - for (guint i = 0; i < ranges->len; i++) { - - r = &g_array_index(ranges, GumMemoryRange, i); - gum_stalker_exclude(stalker, r); - - } - g_array_free(step4, TRUE); g_array_free(step3, TRUE); g_array_free(step2, TRUE); g_array_free(step1, TRUE); + /* *NEVER* stalk the stalker, only bad things will ever come of this! */ + ranges_exclude_self(); + + ranges_exclude(); + } gboolean range_is_excluded(gpointer address) { @@ -572,3 +593,19 @@ gboolean range_is_excluded(gpointer address) { } +void ranges_exclude() { + + GumMemoryRange *r; + GumStalker * stalker = stalker_get(); + + OKF("Excluding ranges"); + + for (guint i = 0; i < ranges->len; i++) { + + r = &g_array_index(ranges, GumMemoryRange, i); + gum_stalker_exclude(stalker, r); + + } + +} + diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c new file mode 100644 index 00000000..890a8d6b --- /dev/null +++ b/frida_mode/src/stats/stats.c @@ -0,0 +1,208 @@ +#include +#include +#include +#include +#include +#include + +#include "frida-gum.h" + +#include "config.h" +#include "debug.h" +#include "util.h" + +#include "stats.h" + +#define MICRO_TO_SEC 1000000 + +stats_data_header_t *stats_data = NULL; + +static int stats_parent_pid = -1; +static int stats_fd = -1; +static gboolean stats_transitions = FALSE; +static guint64 stats_interval = 0; + +void stats_init(void) { + + stats_parent_pid = getpid(); + char *filename = getenv("AFL_FRIDA_STATS_FILE"); + stats_interval = util_read_num("AFL_FRIDA_STATS_INTERVAL"); + if (getenv("AFL_FRIDA_STATS_TRANSITIONS") != NULL) { + + stats_transitions = TRUE; + + } + + OKF("Stats - file [%s]", filename); + OKF("Stats - interval [%" G_GINT64_MODIFIER "u]", stats_interval); + + if (stats_interval != 0 && filename == NULL) { + + FATAL( + "AFL_FRIDA_STATS_FILE must be specified if " + "AFL_FRIDA_STATS_INTERVAL is"); + + } + + if (stats_interval == 0) { stats_interval = 10; } + + if (filename == NULL) { return; } + + if (!stats_is_supported_arch()) { + + FATAL("Stats is not supported on this architecture"); + + } + + char *path = NULL; + + if (filename == NULL) { return; } + + if (stats_transitions) { gum_stalker_set_counters_enabled(TRUE); } + + path = g_canonicalize_filename(filename, g_get_current_dir()); + + OKF("Stats - path [%s]", path); + + stats_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + + if (stats_fd < 0) { FATAL("Failed to open stats file '%s'", path); } + + g_free(path); + + size_t data_size = stats_data_size_arch(); + + int shm_id = shmget(IPC_PRIVATE, data_size, IPC_CREAT | IPC_EXCL | 0600); + if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); } + + stats_data = shmat(shm_id, NULL, 0); + g_assert(stats_data != MAP_FAILED); + + /* + * Configure the shared memory region to be removed once the process dies. + */ + if (shmctl(shm_id, IPC_RMID, NULL) < 0) { + + FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); + + } + + /* Clear it, not sure it's necessary, just seems like good practice */ + memset(stats_data, '\0', data_size); + +} + +void stats_vprint(int fd, char *format, va_list ap) { + + char buffer[4096] = {0}; + int ret; + int len; + + if(vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } + + len = strnlen(buffer, sizeof(buffer)); + IGNORED_RETURN(write(fd, buffer, len)); + +} + +void stats_print_fd(int fd, char *format, ...) { + + va_list ap; + va_start(ap, format); + stats_vprint(fd, format, ap); + va_end(ap); + +} + +void stats_print(char *format, ...) { + + va_list ap; + va_start(ap, format); + stats_vprint(stats_fd, format, ap); + va_end(ap); + +} + +void stats_write(void) { + + if (stats_parent_pid == getpid()) { return; } + + GDateTime *date_time = g_date_time_new_now_local(); + char *date_time_string = g_date_time_format(date_time, "%Y-%m-%e %H:%M:%S"); + + stats_print("stats\n"); + stats_print("-----\n"); + + stats_print("Index: %" G_GINT64_MODIFIER "u\n", + stats_data->stats_idx++); + stats_print("Pid: %d\n", getpid()); + stats_print("Time: %s\n", date_time_string); + stats_print("Blocks: %" G_GINT64_MODIFIER "u\n", + stats_data->num_blocks); + stats_print("Instructions: %" G_GINT64_MODIFIER "u\n", + stats_data->num_instructions); + stats_print("Avg Instructions / Block: %" G_GINT64_MODIFIER "u\n", + stats_data->num_instructions / stats_data->num_blocks); + + stats_print("\n"); + + g_free(date_time_string); + g_date_time_unref(date_time); + + stats_write_arch(); + + if (stats_transitions) { + + GDateTime *date_time = g_date_time_new_now_local(); + char *date_time_string = g_date_time_format(date_time, "%Y-%m-%e %H:%M:%S"); + + stats_print_fd(STDERR_FILENO, "stats\n"); + stats_print_fd(STDERR_FILENO, "-----\n"); + stats_print_fd(STDERR_FILENO, "Index: %" G_GINT64_MODIFIER "u\n", + stats_data->transitions_idx++); + stats_print_fd(STDERR_FILENO, "Pid: %d\n", getpid()); + stats_print_fd(STDERR_FILENO, "Time: %s\n", date_time_string); + + g_free(date_time_string); + g_date_time_unref(date_time); + gum_stalker_dump_counters(); + + } + +} + +static void stats_maybe_write(void) { + + guint64 current_time; + + if (stats_interval == 0) { return; } + + current_time = g_get_monotonic_time(); + + if ((current_time - stats_data->stats_last_time) > + (stats_interval * MICRO_TO_SEC)) { + + stats_write(); + stats_data->stats_last_time = current_time; + + } + +} + +void stats_collect(const cs_insn *instr, gboolean begin) { + + UNUSED_PARAMETER(instr); + UNUSED_PARAMETER(begin); + + if (stats_fd < 0) { return; } + + if (begin) { stats_data->num_blocks++; } + stats_data->num_instructions++; + + stats_collect_arch(instr); + + stats_maybe_write(); + +} + diff --git a/frida_mode/src/stats/stats_arm.c b/frida_mode/src/stats/stats_arm.c new file mode 100644 index 00000000..7eea7f91 --- /dev/null +++ b/frida_mode/src/stats/stats_arm.c @@ -0,0 +1,36 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "stats.h" +#include "util.h" + +#if defined(__arm__) + +gboolean stats_is_supported_arch(void) { + + return FALSE; + +} + +size_t stats_data_size_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_write_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_collect_arch(const cs_insn *instr) { + + UNUSED_PARAMETER(instr); + FATAL("Stats not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/stats/stats_arm64.c b/frida_mode/src/stats/stats_arm64.c new file mode 100644 index 00000000..592af87a --- /dev/null +++ b/frida_mode/src/stats/stats_arm64.c @@ -0,0 +1,36 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "stats.h" +#include "util.h" + +#if defined(__aarch64__) + +gboolean stats_is_supported_arch(void) { + + return FALSE; + +} + +size_t stats_data_size_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_write_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_collect_arch(const cs_insn *instr) { + + UNUSED_PARAMETER(instr); + FATAL("Stats not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/stats/stats_x64.c b/frida_mode/src/stats/stats_x64.c new file mode 100644 index 00000000..c3e8742a --- /dev/null +++ b/frida_mode/src/stats/stats_x64.c @@ -0,0 +1,307 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ranges.h" +#include "stats.h" +#include "util.h" + +#if defined(__x86_64__) + +typedef struct { + + stats_data_header_t header; + + guint64 num_call_imm; + guint64 num_call_imm_excluded; + guint64 num_call_reg; + guint64 num_call_mem; + + guint64 num_jmp_imm; + guint64 num_jmp_reg; + guint64 num_jmp_mem; + + guint64 num_jmp_cond_imm; + guint64 num_jmp_cond_reg; + guint64 num_jmp_cond_mem; + + guint64 num_jmp_cond_jcxz; + + guint64 num_ret; + + guint64 num_rip_relative; + +} stats_data_arch_t; + +gboolean stats_is_supported_arch(void) { + + return TRUE; + +} + +size_t stats_data_size_arch(void) { + + return sizeof(stats_data_arch_t); + +} + +void stats_write_arch(void) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + guint64 num_instructions = stats_data_arch->header.num_instructions; + + stats_print( + "Call Immediates: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_imm, + ((float)(stats_data_arch->num_call_imm * 100) / num_instructions)); + stats_print("Call Immediates Excluded: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_imm_excluded, + ((float)(stats_data_arch->num_call_imm_excluded * 100) / + num_instructions)); + stats_print( + "Call Register: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_reg, + ((float)(stats_data_arch->num_call_reg * 100) / num_instructions)); + stats_print( + "Call Memory: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_call_mem, + ((float)(stats_data_arch->num_call_mem * 100) / num_instructions)); + + stats_print("\n"); + + stats_print("Jump Immediates: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_imm, + ((float)(stats_data_arch->num_jmp_imm * 100) / num_instructions)); + stats_print("Jump Register: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_reg, + ((float)(stats_data_arch->num_jmp_reg * 100) / num_instructions)); + stats_print("Jump Memory: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_mem, + ((float)(stats_data_arch->num_jmp_mem * 100) / num_instructions)); + + stats_print("\n"); + + stats_print( + "Conditional Jump Immediates: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_imm, + ((float)(stats_data_arch->num_jmp_cond_imm * 100) / num_instructions)); + stats_print( + "Conditional Jump CX Immediate: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_jcxz, + ((float)(stats_data_arch->num_jmp_cond_jcxz * 100) / num_instructions)); + stats_print( + "Conditional Jump Register: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_reg, + ((float)(stats_data_arch->num_jmp_cond_reg * 100) / num_instructions)); + stats_print( + "Conditional Jump Memory: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_jmp_cond_mem, + ((float)(stats_data_arch->num_jmp_cond_mem * 100) / num_instructions)); + + stats_print("\n"); + + stats_print("Returns: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_ret, + (stats_data_arch->num_ret * 100 / num_instructions)); + + stats_print("\n"); + + stats_print("Rip Relative: %" G_GINT64_MODIFIER + "u " + "(%3.2f%%)\n", + stats_data_arch->num_rip_relative, + (stats_data_arch->num_rip_relative * 100 / num_instructions)); + + stats_print("\n"); + stats_print("\n"); + +} + +static x86_op_type stats_get_operand_type(const cs_insn *instr) { + + cs_x86 * x86 = &instr->detail->x86; + cs_x86_op *operand; + + if (x86->op_count != 1) { + + FATAL("Unexpected operand count (%d): %s %s\n", x86->op_count, + instr->mnemonic, instr->op_str); + + } + + operand = &x86->operands[0]; + + return operand->type; + +} + +static void stats_collect_call_imm_excluded_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + cs_x86 * x86 = &instr->detail->x86; + cs_x86_op * operand = &x86->operands[0]; + + if (range_is_excluded((gpointer)operand->imm)) { + + stats_data_arch->num_call_imm_excluded++; + + } + +} + +static void stats_collect_call_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + x86_op_type type = stats_get_operand_type(instr); + switch (type) { + + case X86_OP_IMM: + stats_data_arch->num_call_imm++; + stats_collect_call_imm_excluded_arch(instr); + break; + case X86_OP_REG: + stats_data_arch->num_call_reg++; + break; + case X86_OP_MEM: + stats_data_arch->num_call_mem++; + break; + default: + FATAL("Invalid operand type: %s %s\n", instr->mnemonic, instr->op_str); + + } + +} + +static void stats_collect_jump_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + x86_op_type type = stats_get_operand_type(instr); + switch (type) { + + case X86_OP_IMM: + stats_data_arch->num_jmp_imm++; + break; + case X86_OP_REG: + stats_data_arch->num_jmp_reg++; + break; + case X86_OP_MEM: + stats_data_arch->num_jmp_mem++; + break; + default: + FATAL("Invalid operand type: %s %s\n", instr->mnemonic, instr->op_str); + + } + +} + +static void stats_collect_jump_cond_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + x86_op_type type = stats_get_operand_type(instr); + switch (type) { + + case X86_OP_IMM: + stats_data_arch->num_jmp_cond_imm++; + break; + case X86_OP_REG: + stats_data_arch->num_jmp_cond_reg++; + break; + case X86_OP_MEM: + stats_data_arch->num_jmp_cond_mem++; + break; + default: + FATAL("Invalid operand type: %s %s\n", instr->mnemonic, instr->op_str); + + } + +} + +static void stats_collect_rip_relative_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + cs_x86 * x86 = &instr->detail->x86; + guint mod; + guint rm; + + if (x86->encoding.modrm_offset == 0) { return; } + + mod = (x86->modrm & 0xc0) >> 6; + if (mod != 0) { return; } + + rm = (x86->modrm & 0x07) >> 0; + if (rm != 5) { return; } + + stats_data_arch->num_rip_relative++; + +} + +void stats_collect_arch(const cs_insn *instr) { + + stats_data_arch_t *stats_data_arch = (stats_data_arch_t *)stats_data; + switch (instr->id) { + + case X86_INS_CALL: + stats_collect_call_arch(instr); + break; + case X86_INS_JMP: + stats_collect_jump_arch(instr); + break; + case X86_INS_JA: + case X86_INS_JAE: + case X86_INS_JB: + case X86_INS_JBE: + case X86_INS_JE: + case X86_INS_JG: + case X86_INS_JGE: + case X86_INS_JL: + case X86_INS_JLE: + case X86_INS_JNE: + case X86_INS_JNO: + case X86_INS_JNP: + case X86_INS_JNS: + case X86_INS_JO: + case X86_INS_JP: + case X86_INS_JS: + stats_collect_jump_cond_arch(instr); + break; + case X86_INS_JECXZ: + case X86_INS_JRCXZ: + stats_data_arch->num_jmp_cond_jcxz++; + break; + case X86_INS_RET: + stats_data_arch->num_ret++; + break; + default: + stats_collect_rip_relative_arch(instr); + break; + + } + +} + +#endif + diff --git a/frida_mode/src/stats/stats_x86.c b/frida_mode/src/stats/stats_x86.c new file mode 100644 index 00000000..1906e809 --- /dev/null +++ b/frida_mode/src/stats/stats_x86.c @@ -0,0 +1,36 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "stats.h" +#include "util.h" + +#if defined(__i386__) + +gboolean stats_is_supported_arch(void) { + + return FALSE; + +} + +size_t stats_data_size_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_write_arch(void) { + + FATAL("Stats not supported on this architecture"); + +} + +void stats_collect_arch(const cs_insn *instr) { + + UNUSED_PARAMETER(instr); + FATAL("Stats not supported on this architecture"); + +} + +#endif + diff --git a/frida_mode/src/util.c b/frida_mode/src/util.c index 86b94970..09e8a58b 100644 --- a/frida_mode/src/util.c +++ b/frida_mode/src/util.c @@ -10,7 +10,7 @@ guint64 util_read_address(char *key) { if (!g_str_has_prefix(value_str, "0x")) { - FATAL("Invalid address should have 0x prefix: %s\n", value_str); + FATAL("Invalid address should have 0x prefix: %s=%s\n", key, value_str); } @@ -20,8 +20,8 @@ guint64 util_read_address(char *key) { if (!g_ascii_isxdigit(*c)) { - FATAL("Invalid address not formed of hex digits: %s ('%c')\n", value_str, - *c); + FATAL("Invalid address not formed of hex digits: %s=%s ('%c')\n", key, + value_str, *c); } @@ -30,7 +30,7 @@ guint64 util_read_address(char *key) { guint64 value = g_ascii_strtoull(value_str2, NULL, 16); if (value == 0) { - FATAL("Invalid address failed hex conversion: %s\n", value_str2); + FATAL("Invalid address failed hex conversion: %s=%s\n", key, value_str2); } @@ -48,7 +48,8 @@ guint64 util_read_num(char *key) { if (!g_ascii_isdigit(*c)) { - FATAL("Invalid address not formed of decimal digits: %s\n", value_str); + FATAL("Invalid address not formed of decimal digits: %s=%s\n", key, + value_str); } @@ -57,7 +58,7 @@ guint64 util_read_num(char *key) { guint64 value = g_ascii_strtoull(value_str, NULL, 10); if (value == 0) { - FATAL("Invalid address failed numeric conversion: %s\n", value_str); + FATAL("Invalid address failed numeric conversion: %s=%s\n", key, value_str); } diff --git a/frida_mode/test/deferred/GNUmakefile b/frida_mode/test/deferred/GNUmakefile new file mode 100644 index 00000000..c268ef66 --- /dev/null +++ b/frida_mode/test/deferred/GNUmakefile @@ -0,0 +1,71 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) +endif + +.PHONY: all clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_ENTRYPOINT=$(AFL_ENTRYPOINT) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/deferred/Makefile b/frida_mode/test/deferred/Makefile new file mode 100644 index 00000000..07b139e9 --- /dev/null +++ b/frida_mode/test/deferred/Makefile @@ -0,0 +1,13 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida diff --git a/frida_mode/test/deferred/testinstr.c b/frida_mode/test/deferred/testinstr.c new file mode 100644 index 00000000..8b3688d7 --- /dev/null +++ b/frida_mode/test/deferred/testinstr.c @@ -0,0 +1,125 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + + usleep(100000); + +} + +TESTINSTR_SECTION int do_run(char * file) { + return run(file); +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return do_run(argv[1]); + +} + diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile new file mode 100644 index 00000000..e30f2049 --- /dev/null +++ b/frida_mode/test/libpcap/GNUmakefile @@ -0,0 +1,188 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +LIBPCAP_BUILD_DIR:=$(BUILD_DIR)libpcap/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PCAPTEST_BUILD_DIR:=$(BUILD_DIR)libpcaptest/ +TCPDUMP_BUILD_DIR:=$(BUILD_DIR)tcpdump/ + +LIBPCAP_PATCH_URL:=https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libpcap_fuzz_both/patch.diff +LIBPCAP_PATCH_FILE:=$(LIBPCAP_BUILD_DIR)patch.diff +LIBPCAP_URL:=https://github.com/the-tcpdump-group/libpcap.git +LIBPCAP_DIR:=$(LIBPCAP_BUILD_DIR)libpcap/ +LIBPCAP_CMAKEFILE:=$(LIBPCAP_DIR)CMakeLists.txt +LIBPCAP_MAKEFILE:=$(LIBPCAP_DIR)Makefile +LIBPCAP_LIB:=$(LIBPCAP_DIR)libpcap.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +PCAPTEST_SRC_DIR:=$(LIBPCAP_DIR)testprogs/fuzz/ +PCAPTEST_FILE:=$(PCAPTEST_SRC_DIR)fuzz_both.c +PCAPTEST_OBJ:=$(PCAPTEST_BUILD_DIR)fuzz_both.o + +TCPDUMP_URL:=https://github.com/the-tcpdump-group/tcpdump.git +TCPDUMP_TESTS_DIR:=$(TCPDUMP_BUILD_DIR)tests/ + +CFLAGS += -fpermissive + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +AFLPP_DRIVER_DUMMY_INPUT:=$(TCPDUMP_TESTS_DIR)in + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean qemu frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### PCAPTEST ######## + +$(PCAPTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PCAPTEST_FILE): | $(LIBPCAP_CMAKEFILE) + +$(PCAPTEST_OBJ): $(PCAPTEST_FILE) | $(PCAPTEST_BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -I $(LIBPCAP_DIR) -o $@ -c $< + +######### LIBPCAP ######## + +$(LIBPCAP_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPCAP_PATCH_FILE): | $(LIBPCAP_BUILD_DIR) + wget -O $@ $(LIBPCAP_PATCH_URL) + +$(LIBPCAP_CMAKEFILE): $(LIBPCAP_PATCH_FILE) | $(LIBPCAP_BUILD_DIR) + git clone --depth 1 $(LIBPCAP_URL) $(LIBPCAP_DIR) + git apply $(LIBPCAP_PATCH_FILE) + +$(LIBPCAP_MAKEFILE): $(LIBPCAP_CMAKEFILE) + cd $(LIBPCAP_DIR) && cmake . + +$(LIBPCAP_LIB): $(LIBPCAP_MAKEFILE) $(LIBPCAP_PATCH_FILE) + make -C $(LIBPCAP_DIR) + +######## TCPDUMP ###### + +$(TCPDUMP_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TCPDUMP_TESTS_DIR): | $(TCPDUMP_BUILD_DIR) + git clone --depth=1 $(TCPDUMP_URL) $(TCPDUMP_BUILD_DIR) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PCAPTEST_OBJ) $(LIBPCAP_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(PCAPTEST_OBJ) $(LIBPCAP_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## HOOK ######## + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ + +########## DUMMY ####### + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) + truncate -s 1M $@ + +###### TEST DATA ####### + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TCPDUMP_TESTS_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TCPDUMP_TESTS_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) diff --git a/frida_mode/test/libpcap/Makefile b/frida_mode/test/libpcap/Makefile new file mode 100644 index 00000000..31cacb67 --- /dev/null +++ b/frida_mode/test/libpcap/Makefile @@ -0,0 +1,1143 @@ +# CMAKE generated file: DO NOT EDIT! +# Generated by "Unix Makefiles" Generator, CMake Version 3.16 + +# Default target executed when no arguments are given to make. +default_target: all + +.PHONY : default_target + +# Allow only one "make -f Makefile2" at a time, but pass parallelism. +.NOTPARALLEL: + + +#============================================================================= +# Special targets provided by cmake. + +# Disable implicit rules so canonical targets will work. +.SUFFIXES: + + +# Remove some rules from gmake that .SUFFIXES does not remove. +SUFFIXES = + +.SUFFIXES: .hpux_make_needs_suffix_list + + +# Suppress display of executed commands. +$(VERBOSE).SILENT: + + +# A target that is always out of date. +cmake_force: + +.PHONY : cmake_force + +#============================================================================= +# Set environment variables for the build. + +# The shell in which to execute make rules. +SHELL = /bin/sh + +# The CMake executable. +CMAKE_COMMAND = /usr/bin/cmake + +# The command to remove a file. +RM = /usr/bin/cmake -E remove -f + +# Escaping for special characters. +EQUALS = = + +# The top-level source directory on which CMake was run. +CMAKE_SOURCE_DIR = /home/jon/git/AFLplusplus/frida_mode/test/libpcap/build/libpcap/libpcap + +# The top-level build directory on which CMake was run. +CMAKE_BINARY_DIR = /home/jon/git/AFLplusplus/frida_mode/test/libpcap + +#============================================================================= +# Targets provided globally by CMake. + +# Special rule for the target install/strip +install/strip: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." + /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake +.PHONY : install/strip + +# Special rule for the target install/strip +install/strip/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing the project stripped..." + /usr/bin/cmake -DCMAKE_INSTALL_DO_STRIP=1 -P cmake_install.cmake +.PHONY : install/strip/fast + +# Special rule for the target install/local +install/local: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." + /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake +.PHONY : install/local + +# Special rule for the target install/local +install/local/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Installing only the local directory..." + /usr/bin/cmake -DCMAKE_INSTALL_LOCAL_ONLY=1 -P cmake_install.cmake +.PHONY : install/local/fast + +# Special rule for the target install +install: preinstall + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." + /usr/bin/cmake -P cmake_install.cmake +.PHONY : install + +# Special rule for the target install +install/fast: preinstall/fast + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Install the project..." + /usr/bin/cmake -P cmake_install.cmake +.PHONY : install/fast + +# Special rule for the target list_install_components +list_install_components: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Available install components are: \"Unspecified\"" +.PHONY : list_install_components + +# Special rule for the target list_install_components +list_install_components/fast: list_install_components + +.PHONY : list_install_components/fast + +# Special rule for the target rebuild_cache +rebuild_cache: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "Running CMake to regenerate build system..." + /usr/bin/cmake -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) +.PHONY : rebuild_cache + +# Special rule for the target rebuild_cache +rebuild_cache/fast: rebuild_cache + +.PHONY : rebuild_cache/fast + +# Special rule for the target edit_cache +edit_cache: + @$(CMAKE_COMMAND) -E cmake_echo_color --switch=$(COLOR) --cyan "No interactive CMake dialog available..." + /usr/bin/cmake -E echo No\ interactive\ CMake\ dialog\ available. +.PHONY : edit_cache + +# Special rule for the target edit_cache +edit_cache/fast: edit_cache + +.PHONY : edit_cache/fast + +# The main all target +all: cmake_check_build_system + $(CMAKE_COMMAND) -E cmake_progress_start /home/jon/git/AFLplusplus/frida_mode/test/libpcap/CMakeFiles /home/jon/git/AFLplusplus/frida_mode/test/libpcap/CMakeFiles/progress.marks + $(MAKE) -f CMakeFiles/Makefile2 all + $(CMAKE_COMMAND) -E cmake_progress_start /home/jon/git/AFLplusplus/frida_mode/test/libpcap/CMakeFiles 0 +.PHONY : all + +# The main clean target +clean: + $(MAKE) -f CMakeFiles/Makefile2 clean +.PHONY : clean + +# The main clean target +clean/fast: clean + +.PHONY : clean/fast + +# Prepare targets for installation. +preinstall: all + $(MAKE) -f CMakeFiles/Makefile2 preinstall +.PHONY : preinstall + +# Prepare targets for installation. +preinstall/fast: + $(MAKE) -f CMakeFiles/Makefile2 preinstall +.PHONY : preinstall/fast + +# clear depends +depend: + $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 1 +.PHONY : depend + +#============================================================================= +# Target rules for targets named pcap + +# Build rule for target. +pcap: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 pcap +.PHONY : pcap + +# fast build rule for target. +pcap/fast: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/build +.PHONY : pcap/fast + +#============================================================================= +# Target rules for targets named uninstall + +# Build rule for target. +uninstall: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 uninstall +.PHONY : uninstall + +# fast build rule for target. +uninstall/fast: + $(MAKE) -f CMakeFiles/uninstall.dir/build.make CMakeFiles/uninstall.dir/build +.PHONY : uninstall/fast + +#============================================================================= +# Target rules for targets named pcap_static + +# Build rule for target. +pcap_static: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 pcap_static +.PHONY : pcap_static + +# fast build rule for target. +pcap_static/fast: + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/build +.PHONY : pcap_static/fast + +#============================================================================= +# Target rules for targets named SerializeTarget + +# Build rule for target. +SerializeTarget: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 SerializeTarget +.PHONY : SerializeTarget + +# fast build rule for target. +SerializeTarget/fast: + $(MAKE) -f CMakeFiles/SerializeTarget.dir/build.make CMakeFiles/SerializeTarget.dir/build +.PHONY : SerializeTarget/fast + +#============================================================================= +# Target rules for targets named testprogs + +# Build rule for target. +testprogs: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 testprogs +.PHONY : testprogs + +# fast build rule for target. +testprogs/fast: + $(MAKE) -f testprogs/CMakeFiles/testprogs.dir/build.make testprogs/CMakeFiles/testprogs.dir/build +.PHONY : testprogs/fast + +#============================================================================= +# Target rules for targets named capturetest + +# Build rule for target. +capturetest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 capturetest +.PHONY : capturetest + +# fast build rule for target. +capturetest/fast: + $(MAKE) -f testprogs/CMakeFiles/capturetest.dir/build.make testprogs/CMakeFiles/capturetest.dir/build +.PHONY : capturetest/fast + +#============================================================================= +# Target rules for targets named findalldevstest + +# Build rule for target. +findalldevstest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 findalldevstest +.PHONY : findalldevstest + +# fast build rule for target. +findalldevstest/fast: + $(MAKE) -f testprogs/CMakeFiles/findalldevstest.dir/build.make testprogs/CMakeFiles/findalldevstest.dir/build +.PHONY : findalldevstest/fast + +#============================================================================= +# Target rules for targets named filtertest + +# Build rule for target. +filtertest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 filtertest +.PHONY : filtertest + +# fast build rule for target. +filtertest/fast: + $(MAKE) -f testprogs/CMakeFiles/filtertest.dir/build.make testprogs/CMakeFiles/filtertest.dir/build +.PHONY : filtertest/fast + +#============================================================================= +# Target rules for targets named findalldevstest-perf + +# Build rule for target. +findalldevstest-perf: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 findalldevstest-perf +.PHONY : findalldevstest-perf + +# fast build rule for target. +findalldevstest-perf/fast: + $(MAKE) -f testprogs/CMakeFiles/findalldevstest-perf.dir/build.make testprogs/CMakeFiles/findalldevstest-perf.dir/build +.PHONY : findalldevstest-perf/fast + +#============================================================================= +# Target rules for targets named can_set_rfmon_test + +# Build rule for target. +can_set_rfmon_test: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 can_set_rfmon_test +.PHONY : can_set_rfmon_test + +# fast build rule for target. +can_set_rfmon_test/fast: + $(MAKE) -f testprogs/CMakeFiles/can_set_rfmon_test.dir/build.make testprogs/CMakeFiles/can_set_rfmon_test.dir/build +.PHONY : can_set_rfmon_test/fast + +#============================================================================= +# Target rules for targets named opentest + +# Build rule for target. +opentest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 opentest +.PHONY : opentest + +# fast build rule for target. +opentest/fast: + $(MAKE) -f testprogs/CMakeFiles/opentest.dir/build.make testprogs/CMakeFiles/opentest.dir/build +.PHONY : opentest/fast + +#============================================================================= +# Target rules for targets named reactivatetest + +# Build rule for target. +reactivatetest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 reactivatetest +.PHONY : reactivatetest + +# fast build rule for target. +reactivatetest/fast: + $(MAKE) -f testprogs/CMakeFiles/reactivatetest.dir/build.make testprogs/CMakeFiles/reactivatetest.dir/build +.PHONY : reactivatetest/fast + +#============================================================================= +# Target rules for targets named writecaptest + +# Build rule for target. +writecaptest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 writecaptest +.PHONY : writecaptest + +# fast build rule for target. +writecaptest/fast: + $(MAKE) -f testprogs/CMakeFiles/writecaptest.dir/build.make testprogs/CMakeFiles/writecaptest.dir/build +.PHONY : writecaptest/fast + +#============================================================================= +# Target rules for targets named selpolltest + +# Build rule for target. +selpolltest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 selpolltest +.PHONY : selpolltest + +# fast build rule for target. +selpolltest/fast: + $(MAKE) -f testprogs/CMakeFiles/selpolltest.dir/build.make testprogs/CMakeFiles/selpolltest.dir/build +.PHONY : selpolltest/fast + +#============================================================================= +# Target rules for targets named threadsignaltest + +# Build rule for target. +threadsignaltest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 threadsignaltest +.PHONY : threadsignaltest + +# fast build rule for target. +threadsignaltest/fast: + $(MAKE) -f testprogs/CMakeFiles/threadsignaltest.dir/build.make testprogs/CMakeFiles/threadsignaltest.dir/build +.PHONY : threadsignaltest/fast + +#============================================================================= +# Target rules for targets named valgrindtest + +# Build rule for target. +valgrindtest: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 valgrindtest +.PHONY : valgrindtest + +# fast build rule for target. +valgrindtest/fast: + $(MAKE) -f testprogs/CMakeFiles/valgrindtest.dir/build.make testprogs/CMakeFiles/valgrindtest.dir/build +.PHONY : valgrindtest/fast + +#============================================================================= +# Target rules for targets named fuzz_both + +# Build rule for target. +fuzz_both: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 fuzz_both +.PHONY : fuzz_both + +# fast build rule for target. +fuzz_both/fast: + $(MAKE) -f testprogs/fuzz/CMakeFiles/fuzz_both.dir/build.make testprogs/fuzz/CMakeFiles/fuzz_both.dir/build +.PHONY : fuzz_both/fast + +#============================================================================= +# Target rules for targets named fuzz_filter + +# Build rule for target. +fuzz_filter: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 fuzz_filter +.PHONY : fuzz_filter + +# fast build rule for target. +fuzz_filter/fast: + $(MAKE) -f testprogs/fuzz/CMakeFiles/fuzz_filter.dir/build.make testprogs/fuzz/CMakeFiles/fuzz_filter.dir/build +.PHONY : fuzz_filter/fast + +#============================================================================= +# Target rules for targets named fuzz_pcap + +# Build rule for target. +fuzz_pcap: cmake_check_build_system + $(MAKE) -f CMakeFiles/Makefile2 fuzz_pcap +.PHONY : fuzz_pcap + +# fast build rule for target. +fuzz_pcap/fast: + $(MAKE) -f testprogs/fuzz/CMakeFiles/fuzz_pcap.dir/build.make testprogs/fuzz/CMakeFiles/fuzz_pcap.dir/build +.PHONY : fuzz_pcap/fast + +bpf_dump.o: bpf_dump.c.o + +.PHONY : bpf_dump.o + +# target to build an object file +bpf_dump.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_dump.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_dump.c.o +.PHONY : bpf_dump.c.o + +bpf_dump.i: bpf_dump.c.i + +.PHONY : bpf_dump.i + +# target to preprocess a source file +bpf_dump.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_dump.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_dump.c.i +.PHONY : bpf_dump.c.i + +bpf_dump.s: bpf_dump.c.s + +.PHONY : bpf_dump.s + +# target to generate assembly for a file +bpf_dump.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_dump.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_dump.c.s +.PHONY : bpf_dump.c.s + +bpf_filter.o: bpf_filter.c.o + +.PHONY : bpf_filter.o + +# target to build an object file +bpf_filter.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_filter.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_filter.c.o +.PHONY : bpf_filter.c.o + +bpf_filter.i: bpf_filter.c.i + +.PHONY : bpf_filter.i + +# target to preprocess a source file +bpf_filter.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_filter.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_filter.c.i +.PHONY : bpf_filter.c.i + +bpf_filter.s: bpf_filter.c.s + +.PHONY : bpf_filter.s + +# target to generate assembly for a file +bpf_filter.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_filter.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_filter.c.s +.PHONY : bpf_filter.c.s + +bpf_image.o: bpf_image.c.o + +.PHONY : bpf_image.o + +# target to build an object file +bpf_image.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_image.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_image.c.o +.PHONY : bpf_image.c.o + +bpf_image.i: bpf_image.c.i + +.PHONY : bpf_image.i + +# target to preprocess a source file +bpf_image.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_image.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_image.c.i +.PHONY : bpf_image.c.i + +bpf_image.s: bpf_image.c.s + +.PHONY : bpf_image.s + +# target to generate assembly for a file +bpf_image.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/bpf_image.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/bpf_image.c.s +.PHONY : bpf_image.c.s + +etherent.o: etherent.c.o + +.PHONY : etherent.o + +# target to build an object file +etherent.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/etherent.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/etherent.c.o +.PHONY : etherent.c.o + +etherent.i: etherent.c.i + +.PHONY : etherent.i + +# target to preprocess a source file +etherent.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/etherent.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/etherent.c.i +.PHONY : etherent.c.i + +etherent.s: etherent.c.s + +.PHONY : etherent.s + +# target to generate assembly for a file +etherent.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/etherent.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/etherent.c.s +.PHONY : etherent.c.s + +fad-getad.o: fad-getad.c.o + +.PHONY : fad-getad.o + +# target to build an object file +fad-getad.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fad-getad.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fad-getad.c.o +.PHONY : fad-getad.c.o + +fad-getad.i: fad-getad.c.i + +.PHONY : fad-getad.i + +# target to preprocess a source file +fad-getad.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fad-getad.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fad-getad.c.i +.PHONY : fad-getad.c.i + +fad-getad.s: fad-getad.c.s + +.PHONY : fad-getad.s + +# target to generate assembly for a file +fad-getad.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fad-getad.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fad-getad.c.s +.PHONY : fad-getad.c.s + +fmtutils.o: fmtutils.c.o + +.PHONY : fmtutils.o + +# target to build an object file +fmtutils.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fmtutils.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fmtutils.c.o +.PHONY : fmtutils.c.o + +fmtutils.i: fmtutils.c.i + +.PHONY : fmtutils.i + +# target to preprocess a source file +fmtutils.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fmtutils.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fmtutils.c.i +.PHONY : fmtutils.c.i + +fmtutils.s: fmtutils.c.s + +.PHONY : fmtutils.s + +# target to generate assembly for a file +fmtutils.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/fmtutils.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/fmtutils.c.s +.PHONY : fmtutils.c.s + +gencode.o: gencode.c.o + +.PHONY : gencode.o + +# target to build an object file +gencode.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/gencode.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/gencode.c.o +.PHONY : gencode.c.o + +gencode.i: gencode.c.i + +.PHONY : gencode.i + +# target to preprocess a source file +gencode.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/gencode.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/gencode.c.i +.PHONY : gencode.c.i + +gencode.s: gencode.c.s + +.PHONY : gencode.s + +# target to generate assembly for a file +gencode.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/gencode.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/gencode.c.s +.PHONY : gencode.c.s + +grammar.o: grammar.c.o + +.PHONY : grammar.o + +# target to build an object file +grammar.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/grammar.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/grammar.c.o +.PHONY : grammar.c.o + +grammar.i: grammar.c.i + +.PHONY : grammar.i + +# target to preprocess a source file +grammar.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/grammar.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/grammar.c.i +.PHONY : grammar.c.i + +grammar.s: grammar.c.s + +.PHONY : grammar.s + +# target to generate assembly for a file +grammar.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/grammar.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/grammar.c.s +.PHONY : grammar.c.s + +missing/strlcat.o: missing/strlcat.c.o + +.PHONY : missing/strlcat.o + +# target to build an object file +missing/strlcat.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcat.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcat.c.o +.PHONY : missing/strlcat.c.o + +missing/strlcat.i: missing/strlcat.c.i + +.PHONY : missing/strlcat.i + +# target to preprocess a source file +missing/strlcat.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcat.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcat.c.i +.PHONY : missing/strlcat.c.i + +missing/strlcat.s: missing/strlcat.c.s + +.PHONY : missing/strlcat.s + +# target to generate assembly for a file +missing/strlcat.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcat.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcat.c.s +.PHONY : missing/strlcat.c.s + +missing/strlcpy.o: missing/strlcpy.c.o + +.PHONY : missing/strlcpy.o + +# target to build an object file +missing/strlcpy.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcpy.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcpy.c.o +.PHONY : missing/strlcpy.c.o + +missing/strlcpy.i: missing/strlcpy.c.i + +.PHONY : missing/strlcpy.i + +# target to preprocess a source file +missing/strlcpy.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcpy.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcpy.c.i +.PHONY : missing/strlcpy.c.i + +missing/strlcpy.s: missing/strlcpy.c.s + +.PHONY : missing/strlcpy.s + +# target to generate assembly for a file +missing/strlcpy.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/missing/strlcpy.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/missing/strlcpy.c.s +.PHONY : missing/strlcpy.c.s + +nametoaddr.o: nametoaddr.c.o + +.PHONY : nametoaddr.o + +# target to build an object file +nametoaddr.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/nametoaddr.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/nametoaddr.c.o +.PHONY : nametoaddr.c.o + +nametoaddr.i: nametoaddr.c.i + +.PHONY : nametoaddr.i + +# target to preprocess a source file +nametoaddr.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/nametoaddr.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/nametoaddr.c.i +.PHONY : nametoaddr.c.i + +nametoaddr.s: nametoaddr.c.s + +.PHONY : nametoaddr.s + +# target to generate assembly for a file +nametoaddr.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/nametoaddr.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/nametoaddr.c.s +.PHONY : nametoaddr.c.s + +optimize.o: optimize.c.o + +.PHONY : optimize.o + +# target to build an object file +optimize.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/optimize.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/optimize.c.o +.PHONY : optimize.c.o + +optimize.i: optimize.c.i + +.PHONY : optimize.i + +# target to preprocess a source file +optimize.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/optimize.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/optimize.c.i +.PHONY : optimize.c.i + +optimize.s: optimize.c.s + +.PHONY : optimize.s + +# target to generate assembly for a file +optimize.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/optimize.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/optimize.c.s +.PHONY : optimize.c.s + +pcap-common.o: pcap-common.c.o + +.PHONY : pcap-common.o + +# target to build an object file +pcap-common.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-common.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-common.c.o +.PHONY : pcap-common.c.o + +pcap-common.i: pcap-common.c.i + +.PHONY : pcap-common.i + +# target to preprocess a source file +pcap-common.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-common.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-common.c.i +.PHONY : pcap-common.c.i + +pcap-common.s: pcap-common.c.s + +.PHONY : pcap-common.s + +# target to generate assembly for a file +pcap-common.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-common.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-common.c.s +.PHONY : pcap-common.c.s + +pcap-linux.o: pcap-linux.c.o + +.PHONY : pcap-linux.o + +# target to build an object file +pcap-linux.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-linux.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-linux.c.o +.PHONY : pcap-linux.c.o + +pcap-linux.i: pcap-linux.c.i + +.PHONY : pcap-linux.i + +# target to preprocess a source file +pcap-linux.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-linux.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-linux.c.i +.PHONY : pcap-linux.c.i + +pcap-linux.s: pcap-linux.c.s + +.PHONY : pcap-linux.s + +# target to generate assembly for a file +pcap-linux.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-linux.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-linux.c.s +.PHONY : pcap-linux.c.s + +pcap-netfilter-linux.o: pcap-netfilter-linux.c.o + +.PHONY : pcap-netfilter-linux.o + +# target to build an object file +pcap-netfilter-linux.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-netfilter-linux.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-netfilter-linux.c.o +.PHONY : pcap-netfilter-linux.c.o + +pcap-netfilter-linux.i: pcap-netfilter-linux.c.i + +.PHONY : pcap-netfilter-linux.i + +# target to preprocess a source file +pcap-netfilter-linux.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-netfilter-linux.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-netfilter-linux.c.i +.PHONY : pcap-netfilter-linux.c.i + +pcap-netfilter-linux.s: pcap-netfilter-linux.c.s + +.PHONY : pcap-netfilter-linux.s + +# target to generate assembly for a file +pcap-netfilter-linux.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-netfilter-linux.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-netfilter-linux.c.s +.PHONY : pcap-netfilter-linux.c.s + +pcap-usb-linux.o: pcap-usb-linux.c.o + +.PHONY : pcap-usb-linux.o + +# target to build an object file +pcap-usb-linux.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-usb-linux.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-usb-linux.c.o +.PHONY : pcap-usb-linux.c.o + +pcap-usb-linux.i: pcap-usb-linux.c.i + +.PHONY : pcap-usb-linux.i + +# target to preprocess a source file +pcap-usb-linux.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-usb-linux.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-usb-linux.c.i +.PHONY : pcap-usb-linux.c.i + +pcap-usb-linux.s: pcap-usb-linux.c.s + +.PHONY : pcap-usb-linux.s + +# target to generate assembly for a file +pcap-usb-linux.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap-usb-linux.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap-usb-linux.c.s +.PHONY : pcap-usb-linux.c.s + +pcap.o: pcap.c.o + +.PHONY : pcap.o + +# target to build an object file +pcap.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap.c.o +.PHONY : pcap.c.o + +pcap.i: pcap.c.i + +.PHONY : pcap.i + +# target to preprocess a source file +pcap.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap.c.i +.PHONY : pcap.c.i + +pcap.s: pcap.c.s + +.PHONY : pcap.s + +# target to generate assembly for a file +pcap.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/pcap.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/pcap.c.s +.PHONY : pcap.c.s + +savefile.o: savefile.c.o + +.PHONY : savefile.o + +# target to build an object file +savefile.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/savefile.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/savefile.c.o +.PHONY : savefile.c.o + +savefile.i: savefile.c.i + +.PHONY : savefile.i + +# target to preprocess a source file +savefile.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/savefile.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/savefile.c.i +.PHONY : savefile.c.i + +savefile.s: savefile.c.s + +.PHONY : savefile.s + +# target to generate assembly for a file +savefile.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/savefile.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/savefile.c.s +.PHONY : savefile.c.s + +scanner.o: scanner.c.o + +.PHONY : scanner.o + +# target to build an object file +scanner.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/scanner.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/scanner.c.o +.PHONY : scanner.c.o + +scanner.i: scanner.c.i + +.PHONY : scanner.i + +# target to preprocess a source file +scanner.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/scanner.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/scanner.c.i +.PHONY : scanner.c.i + +scanner.s: scanner.c.s + +.PHONY : scanner.s + +# target to generate assembly for a file +scanner.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/scanner.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/scanner.c.s +.PHONY : scanner.c.s + +sf-pcap.o: sf-pcap.c.o + +.PHONY : sf-pcap.o + +# target to build an object file +sf-pcap.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcap.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcap.c.o +.PHONY : sf-pcap.c.o + +sf-pcap.i: sf-pcap.c.i + +.PHONY : sf-pcap.i + +# target to preprocess a source file +sf-pcap.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcap.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcap.c.i +.PHONY : sf-pcap.c.i + +sf-pcap.s: sf-pcap.c.s + +.PHONY : sf-pcap.s + +# target to generate assembly for a file +sf-pcap.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcap.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcap.c.s +.PHONY : sf-pcap.c.s + +sf-pcapng.o: sf-pcapng.c.o + +.PHONY : sf-pcapng.o + +# target to build an object file +sf-pcapng.c.o: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcapng.c.o + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcapng.c.o +.PHONY : sf-pcapng.c.o + +sf-pcapng.i: sf-pcapng.c.i + +.PHONY : sf-pcapng.i + +# target to preprocess a source file +sf-pcapng.c.i: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcapng.c.i + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcapng.c.i +.PHONY : sf-pcapng.c.i + +sf-pcapng.s: sf-pcapng.c.s + +.PHONY : sf-pcapng.s + +# target to generate assembly for a file +sf-pcapng.c.s: + $(MAKE) -f CMakeFiles/pcap.dir/build.make CMakeFiles/pcap.dir/sf-pcapng.c.s + $(MAKE) -f CMakeFiles/pcap_static.dir/build.make CMakeFiles/pcap_static.dir/sf-pcapng.c.s +.PHONY : sf-pcapng.c.s + +# Help Target +help: + @echo "The following are some of the valid targets for this Makefile:" + @echo "... all (the default if no target is provided)" + @echo "... clean" + @echo "... depend" + @echo "... install/strip" + @echo "... install/local" + @echo "... install" + @echo "... list_install_components" + @echo "... rebuild_cache" + @echo "... edit_cache" + @echo "... pcap" + @echo "... uninstall" + @echo "... pcap_static" + @echo "... SerializeTarget" + @echo "... testprogs" + @echo "... capturetest" + @echo "... findalldevstest" + @echo "... filtertest" + @echo "... findalldevstest-perf" + @echo "... can_set_rfmon_test" + @echo "... opentest" + @echo "... reactivatetest" + @echo "... writecaptest" + @echo "... selpolltest" + @echo "... threadsignaltest" + @echo "... valgrindtest" + @echo "... fuzz_both" + @echo "... fuzz_filter" + @echo "... fuzz_pcap" + @echo "... bpf_dump.o" + @echo "... bpf_dump.i" + @echo "... bpf_dump.s" + @echo "... bpf_filter.o" + @echo "... bpf_filter.i" + @echo "... bpf_filter.s" + @echo "... bpf_image.o" + @echo "... bpf_image.i" + @echo "... bpf_image.s" + @echo "... etherent.o" + @echo "... etherent.i" + @echo "... etherent.s" + @echo "... fad-getad.o" + @echo "... fad-getad.i" + @echo "... fad-getad.s" + @echo "... fmtutils.o" + @echo "... fmtutils.i" + @echo "... fmtutils.s" + @echo "... gencode.o" + @echo "... gencode.i" + @echo "... gencode.s" + @echo "... grammar.o" + @echo "... grammar.i" + @echo "... grammar.s" + @echo "... missing/strlcat.o" + @echo "... missing/strlcat.i" + @echo "... missing/strlcat.s" + @echo "... missing/strlcpy.o" + @echo "... missing/strlcpy.i" + @echo "... missing/strlcpy.s" + @echo "... nametoaddr.o" + @echo "... nametoaddr.i" + @echo "... nametoaddr.s" + @echo "... optimize.o" + @echo "... optimize.i" + @echo "... optimize.s" + @echo "... pcap-common.o" + @echo "... pcap-common.i" + @echo "... pcap-common.s" + @echo "... pcap-linux.o" + @echo "... pcap-linux.i" + @echo "... pcap-linux.s" + @echo "... pcap-netfilter-linux.o" + @echo "... pcap-netfilter-linux.i" + @echo "... pcap-netfilter-linux.s" + @echo "... pcap-usb-linux.o" + @echo "... pcap-usb-linux.i" + @echo "... pcap-usb-linux.s" + @echo "... pcap.o" + @echo "... pcap.i" + @echo "... pcap.s" + @echo "... savefile.o" + @echo "... savefile.i" + @echo "... savefile.s" + @echo "... scanner.o" + @echo "... scanner.i" + @echo "... scanner.s" + @echo "... sf-pcap.o" + @echo "... sf-pcap.i" + @echo "... sf-pcap.s" + @echo "... sf-pcapng.o" + @echo "... sf-pcapng.i" + @echo "... sf-pcapng.s" +.PHONY : help + + + +#============================================================================= +# Special targets to cleanup operation of make. + +# Special rule to run CMake to check the build system integrity. +# No rule that depends on this can have commands that come from listfiles +# because they might be regenerated. +cmake_check_build_system: + $(CMAKE_COMMAND) -S$(CMAKE_SOURCE_DIR) -B$(CMAKE_BINARY_DIR) --check-build-system CMakeFiles/Makefile.cmake 0 +.PHONY : cmake_check_build_system + diff --git a/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c b/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/libpcap/get_symbol_addr.py b/frida_mode/test/libpcap/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/libpcap/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/output/GNUmakefile b/frida_mode/test/output/GNUmakefile new file mode 100644 index 00000000..eaa1c4dc --- /dev/null +++ b/frida_mode/test/output/GNUmakefile @@ -0,0 +1,47 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all 32 clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_OUTPUT_STDOUT=frida_stdout.txt \ + AFL_FRIDA_OUTPUT_STDERR=frida_stderr.txt \ + AFL_FRIDA_STATS_FILE=frida_stats.txt \ + AFL_FRIDA_STATS_INTERVAL=1 \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/output/Makefile b/frida_mode/test/output/Makefile new file mode 100644 index 00000000..07b139e9 --- /dev/null +++ b/frida_mode/test/output/Makefile @@ -0,0 +1,13 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida diff --git a/frida_mode/test/output/frida_stderr.txt b/frida_mode/test/output/frida_stderr.txt new file mode 100644 index 00000000..103216cf --- /dev/null +++ b/frida_mode/test/output/frida_stderr.txt @@ -0,0 +1,2824 @@ + + +total_transitions: 9 + call_imms: 1 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 1 + jmp_mems: 2 + jmp_regs: 0 + + jmp_cond_imms: 2 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 19 + call_imms: 4 + call_regs: 0 + call_mems: 0 + post_call_invokes: 2 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 1 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 6 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 29 + call_imms: 6 + call_regs: 1 + call_mems: 0 + post_call_invokes: 3 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 2 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 11 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 39 + call_imms: 6 + call_regs: 2 + call_mems: 0 + post_call_invokes: 5 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 2 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 18 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 49 + call_imms: 7 + call_regs: 2 + call_mems: 1 + post_call_invokes: 6 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 2 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 25 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 59 + call_imms: 8 + call_regs: 2 + call_mems: 3 + post_call_invokes: 6 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 3 + jmp_mems: 3 + jmp_regs: 0 + + jmp_cond_imms: 31 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 69 + call_imms: 9 + call_regs: 2 + call_mems: 3 + post_call_invokes: 7 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 3 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 38 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 79 + call_imms: 10 + call_regs: 2 + call_mems: 3 + post_call_invokes: 7 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 4 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 46 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 89 + call_imms: 10 + call_regs: 2 + call_mems: 3 + post_call_invokes: 7 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 4 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 56 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 99 + call_imms: 11 + call_regs: 2 + call_mems: 3 + post_call_invokes: 9 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 4 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 63 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 109 + call_imms: 12 + call_regs: 2 + call_mems: 3 + post_call_invokes: 12 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 5 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 68 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 119 + call_imms: 12 + call_regs: 2 + call_mems: 4 + post_call_invokes: 14 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 74 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 129 + call_imms: 14 + call_regs: 2 + call_mems: 4 + post_call_invokes: 16 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 4 + jmp_regs: 0 + + jmp_cond_imms: 80 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 139 + call_imms: 14 + call_regs: 2 + call_mems: 5 + post_call_invokes: 17 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 87 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 149 + call_imms: 14 + call_regs: 2 + call_mems: 6 + post_call_invokes: 17 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 6 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 96 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 159 + call_imms: 15 + call_regs: 2 + call_mems: 6 + post_call_invokes: 18 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 8 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 102 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 170 + call_imms: 15 + call_regs: 2 + call_mems: 6 + post_call_invokes: 18 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 10 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 111 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 180 + call_imms: 15 + call_regs: 2 + call_mems: 6 + post_call_invokes: 20 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 11 + jmp_mems: 5 + jmp_regs: 0 + + jmp_cond_imms: 118 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 190 + call_imms: 16 + call_regs: 2 + call_mems: 6 + post_call_invokes: 20 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 11 + jmp_mems: 6 + jmp_regs: 1 + + jmp_cond_imms: 125 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 201 + call_imms: 16 + call_regs: 2 + call_mems: 7 + post_call_invokes: 21 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 13 + jmp_mems: 6 + jmp_regs: 1 + + jmp_cond_imms: 132 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 211 + call_imms: 17 + call_regs: 2 + call_mems: 7 + post_call_invokes: 22 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 14 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 138 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 223 + call_imms: 18 + call_regs: 2 + call_mems: 8 + post_call_invokes: 24 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 15 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 145 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 233 + call_imms: 18 + call_regs: 2 + call_mems: 8 + post_call_invokes: 25 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 16 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 153 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 244 + call_imms: 19 + call_regs: 2 + call_mems: 9 + post_call_invokes: 26 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 16 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 161 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input + + +total_transitions: 254 + call_imms: 20 + call_regs: 2 + call_mems: 9 + post_call_invokes: 27 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 18 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 167 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 264 + call_imms: 20 + call_regs: 2 + call_mems: 9 + post_call_invokes: 29 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 20 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 173 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 275 + call_imms: 21 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 22 + jmp_mems: 7 + jmp_regs: 1 + + jmp_cond_imms: 179 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 285 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 23 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 186 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 295 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 23 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 196 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 305 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 30 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 24 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 205 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 315 + call_imms: 22 + call_regs: 2 + call_mems: 10 + post_call_invokes: 31 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 26 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 212 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 326 + call_imms: 22 + call_regs: 3 + call_mems: 10 + post_call_invokes: 32 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 27 + jmp_mems: 8 + jmp_regs: 1 + + jmp_cond_imms: 220 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 337 + call_imms: 23 + call_regs: 4 + call_mems: 10 + post_call_invokes: 36 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 27 + jmp_mems: 9 + jmp_regs: 1 + + jmp_cond_imms: 224 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 348 + call_imms: 24 + call_regs: 4 + call_mems: 10 + post_call_invokes: 38 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 27 + jmp_mems: 10 + jmp_regs: 1 + + jmp_cond_imms: 231 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 362 + call_imms: 26 + call_regs: 4 + call_mems: 10 + post_call_invokes: 39 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 28 + jmp_mems: 11 + jmp_regs: 1 + + jmp_cond_imms: 240 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 375 + call_imms: 27 + call_regs: 4 + call_mems: 10 + post_call_invokes: 40 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 28 + jmp_mems: 12 + jmp_regs: 1 + + jmp_cond_imms: 250 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 387 + call_imms: 28 + call_regs: 4 + call_mems: 10 + post_call_invokes: 41 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 28 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 258 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 397 + call_imms: 29 + call_regs: 4 + call_mems: 10 + post_call_invokes: 42 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 30 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 264 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 407 + call_imms: 29 + call_regs: 4 + call_mems: 10 + post_call_invokes: 42 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 31 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 273 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 418 + call_imms: 29 + call_regs: 4 + call_mems: 11 + post_call_invokes: 43 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 32 + jmp_mems: 12 + jmp_regs: 3 + + jmp_cond_imms: 281 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) + + +total_transitions: 430 + call_imms: 32 + call_regs: 4 + call_mems: 11 + post_call_invokes: 45 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 33 + jmp_mems: 13 + jmp_regs: 3 + + jmp_cond_imms: 286 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 441 + call_imms: 32 + call_regs: 4 + call_mems: 12 + post_call_invokes: 46 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 33 + jmp_mems: 13 + jmp_regs: 3 + + jmp_cond_imms: 295 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) + + +total_transitions: 453 + call_imms: 33 + call_regs: 4 + call_mems: 12 + post_call_invokes: 49 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 34 + jmp_mems: 13 + jmp_regs: 3 + + jmp_cond_imms: 302 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 465 + call_imms: 35 + call_regs: 4 + call_mems: 12 + post_call_invokes: 50 + excluded_call_imms: 2 + ret_slow_paths: 1 + + jmp_imms: 35 + jmp_mems: 15 + jmp_regs: 3 + + jmp_cond_imms: 308 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 475 + call_imms: 38 + call_regs: 4 + call_mems: 12 + post_call_invokes: 51 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 35 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 310 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 485 + call_imms: 38 + call_regs: 5 + call_mems: 12 + post_call_invokes: 52 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 36 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 317 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 495 + call_imms: 38 + call_regs: 5 + call_mems: 13 + post_call_invokes: 52 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 38 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 324 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 506 + call_imms: 38 + call_regs: 5 + call_mems: 13 + post_call_invokes: 53 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 39 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 333 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 516 + call_imms: 40 + call_regs: 5 + call_mems: 13 + post_call_invokes: 53 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 40 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 340 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 526 + call_imms: 40 + call_regs: 5 + call_mems: 13 + post_call_invokes: 54 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 40 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 349 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 540 + call_imms: 42 + call_regs: 5 + call_mems: 13 + post_call_invokes: 55 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 42 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 358 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 552 + call_imms: 43 + call_regs: 5 + call_mems: 13 + post_call_invokes: 57 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 43 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 366 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 563 + call_imms: 43 + call_regs: 5 + call_mems: 14 + post_call_invokes: 58 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 43 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 375 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 573 + call_imms: 43 + call_regs: 5 + call_mems: 15 + post_call_invokes: 59 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 44 + jmp_mems: 16 + jmp_regs: 3 + + jmp_cond_imms: 382 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 583 + call_imms: 44 + call_regs: 5 + call_mems: 15 + post_call_invokes: 59 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 45 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 389 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 593 + call_imms: 45 + call_regs: 5 + call_mems: 15 + post_call_invokes: 60 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 396 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 603 + call_imms: 46 + call_regs: 6 + call_mems: 15 + post_call_invokes: 64 + excluded_call_imms: 3 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 400 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 615 + call_imms: 46 + call_regs: 7 + call_mems: 17 + post_call_invokes: 64 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 17 + jmp_regs: 3 + + jmp_cond_imms: 407 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 626 + call_imms: 48 + call_regs: 8 + call_mems: 18 + post_call_invokes: 66 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 46 + jmp_mems: 18 + jmp_regs: 3 + + jmp_cond_imms: 411 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 637 + call_imms: 50 + call_regs: 9 + call_mems: 19 + post_call_invokes: 68 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 47 + jmp_mems: 19 + jmp_regs: 3 + + jmp_cond_imms: 414 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 648 + call_imms: 52 + call_regs: 9 + call_mems: 20 + post_call_invokes: 70 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 47 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 419 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 660 + call_imms: 52 + call_regs: 10 + call_mems: 20 + post_call_invokes: 72 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 49 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 426 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 672 + call_imms: 52 + call_regs: 10 + call_mems: 20 + post_call_invokes: 72 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 51 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 436 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 683 + call_imms: 53 + call_regs: 11 + call_mems: 21 + post_call_invokes: 73 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 52 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 442 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 697 + call_imms: 53 + call_regs: 11 + call_mems: 22 + post_call_invokes: 74 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 53 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 453 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 709 + call_imms: 53 + call_regs: 13 + call_mems: 22 + post_call_invokes: 77 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 53 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 460 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 720 + call_imms: 53 + call_regs: 13 + call_mems: 22 + post_call_invokes: 77 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 55 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 469 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 730 + call_imms: 54 + call_regs: 13 + call_mems: 24 + post_call_invokes: 77 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 56 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 475 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 740 + call_imms: 54 + call_regs: 13 + call_mems: 24 + post_call_invokes: 80 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 57 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 481 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 753 + call_imms: 54 + call_regs: 14 + call_mems: 24 + post_call_invokes: 81 + excluded_call_imms: 5 + ret_slow_paths: 3 + + jmp_imms: 58 + jmp_mems: 20 + jmp_regs: 3 + + jmp_cond_imms: 491 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 + + +total_transitions: 3 + call_imms: 0 + call_regs: 0 + call_mems: 0 + post_call_invokes: 0 + excluded_call_imms: 0 + ret_slow_paths: 0 + + jmp_imms: 1 + jmp_mems: 1 + jmp_regs: 0 + + jmp_cond_imms: 1 + jmp_cond_mems: 0 + jmp_cond_regs: 0 + jmp_cond_jcxzs: 0 + + jmp_continuations: 0 +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input +Running: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) +Done: /home/jon/git/AFLplusplus/frida_mode/test/output/build/frida-out/default/.cur_input: (3 bytes) diff --git a/frida_mode/test/output/frida_stdout.txt b/frida_mode/test/output/frida_stdout.txt new file mode 100644 index 00000000..8832681d --- /dev/null +++ b/frida_mode/test/output/frida_stdout.txt @@ -0,0 +1,349 @@ +OG Range - 0x00007FFFF7FFE000 - 0x00007FFFF7FFF000 +[+] CMPLOG Range - 0x00007FFFF7FFD000 - 0x00007FFFF7FFE000 +[+] CMPLOG Range - 0x00007FFFF7FFC000 - 0x00007FFFF7FFD000 +[+] CMPLOG Range - 0x00007FFFF7FF3000 - 0x00007FFFF7FFB000 +[+] CMPLOG Range - 0x00007FFFF7FD0000 - 0x00007FFFF7FF3000 +[+] CMPLOG Range - 0x00007FFFF7FCF000 - 0x00007FFFF7FD0000 +[+] CMPLOG Range - 0x00007FFFF7FCE000 - 0x00007FFFF7FCF000 +[+] CMPLOG Range - 0x00007FFFF7FCB000 - 0x00007FFFF7FCE000 +[+] CMPLOG Range - 0x00007FFFF7DC4000 - 0x00007FFFF7FCB000 +[+] CMPLOG Range - 0x00007FFFF7DBC000 - 0x00007FFFF7DC4000 +[+] CMPLOG Range - 0x00007FFFF7DB0000 - 0x00007FFFF7DBC000 +[+] CMPLOG Range - 0x00007FFFF7A94000 - 0x00007FFFF7DB0000 +[+] CMPLOG Range - 0x00007FFFF7942000 - 0x00007FFFF7A94000 +[+] CMPLOG Range - 0x00007FFFF78BF000 - 0x00007FFFF7942000 +[+] CMPLOG Range - 0x00007FFFF78AF000 - 0x00007FFFF78BF000 +[+] CMPLOG Range - 0x00007FFFF78AA000 - 0x00007FFFF78AB000 +[+] CMPLOG Range - 0x00007FFFF78A9000 - 0x00007FFFF78AA000 +[+] CMPLOG Range - 0x00007FFFF78A2000 - 0x00007FFFF78A6000 +[+] CMPLOG Range - 0x00007FFFF789F000 - 0x00007FFFF78A2000 +[+] CMPLOG Range - 0x00007FFFF789C000 - 0x00007FFFF789F000 +[+] CMPLOG Range - 0x00007FFFF7851000 - 0x00007FFFF789B000 +[+] CMPLOG Range - 0x00007FFFF76DB000 - 0x00007FFFF7851000 +[+] CMPLOG Range - 0x00007FFFF76DA000 - 0x00007FFFF76DB000 +[+] CMPLOG Range - 0x00007FFFF76D9000 - 0x00007FFFF76DA000 +[+] CMPLOG Range - 0x00007FFFF76B4000 - 0x00007FFFF76D9000 +[+] CMPLOG Range - 0x00007FFFF76B0000 - 0x00007FFFF76B4000 +[+] CMPLOG Range - 0x00007FFFF76AF000 - 0x00007FFFF76B0000 +[+] CMPLOG Range - 0x00007FFFF76AE000 - 0x00007FFFF76AF000 +[+] CMPLOG Range - 0x00007FFFF76A9000 - 0x00007FFFF76AE000 +[+] CMPLOG Range - 0x00007FFFF7698000 - 0x00007FFFF76A9000 +[+] CMPLOG Range - 0x00007FFFF7691000 - 0x00007FFFF7698000 +[+] CMPLOG Range - 0x00007FFFF768F000 - 0x00007FFFF7691000 +[+] CMPLOG Range - 0x00007FFFF768E000 - 0x00007FFFF768F000 +[+] CMPLOG Range - 0x00007FFFF768D000 - 0x00007FFFF768E000 +[+] CMPLOG Range - 0x00007FFFF7689000 - 0x00007FFFF768C000 +[+] CMPLOG Range - 0x00007FFFF7679000 - 0x00007FFFF7689000 +[+] CMPLOG Range - 0x00007FFFF7675000 - 0x00007FFFF7679000 +[+] CMPLOG Range - 0x00007FFFF7674000 - 0x00007FFFF7675000 +[+] CMPLOG Range - 0x00007FFFF7673000 - 0x00007FFFF7674000 +[+] CMPLOG Range - 0x00007FFFF7672000 - 0x00007FFFF7673000 +[+] CMPLOG Range - 0x00007FFFF7670000 - 0x00007FFFF7672000 +[+] CMPLOG Range - 0x00007FFFF766F000 - 0x00007FFFF7670000 +[+] CMPLOG Range - 0x00007FFFF766D000 - 0x00007FFFF766F000 +[+] Redirect 1 -> '/home/jon/git/AFLplusplus/frida_mode/test/output/frida_stdout.txt' +[+] Redirect 2 -> '/home/jon/git/AFLplusplus/frida_mode/test/output/frida_stderr.txt' +[+] Instrumentation - persistent mode [ ] (0x0000000000000000) +[+] Instrumentation - persistent count [ ] (0) +[+] Instrumentation - hook [(null)] +[+] Instrumentation - persistent ret [ ] (0x0000000000000000) +[+] Instrumentation - persistent ret offset [ ] (0) +[+] Instrumentation - prefetch [X] +[+] Range: Modules Length: 54 +[+] Range: Modules Idx: 0 - 0x0000555555554000-0x0000555555555000 +[+] Range: Modules Idx: 1 - 0x0000555555555000-0x0000555555556000 +[+] Range: Modules Idx: 2 - 0x0000555555556000-0x0000555555557000 +[+] Range: Modules Idx: 3 - 0x0000555555557000-0x0000555555558000 +[+] Range: Modules Idx: 4 - 0x0000555555558000-0x0000555555559000 +[+] Range: Modules Idx: 5 - 0x0000555555559000-0x000055555557a000 +[+] Range: Modules Idx: 6 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: Modules Idx: 7 - 0x00007ffff766d000-0x00007ffff766f000 +[+] Range: Modules Idx: 8 - 0x00007ffff766f000-0x00007ffff7670000 +[+] Range: Modules Idx: 9 - 0x00007ffff7670000-0x00007ffff7672000 +[+] Range: Modules Idx: 10 - 0x00007ffff7672000-0x00007ffff7673000 +[+] Range: Modules Idx: 11 - 0x00007ffff7673000-0x00007ffff7674000 +[+] Range: Modules Idx: 12 - 0x00007ffff7674000-0x00007ffff7675000 +[+] Range: Modules Idx: 13 - 0x00007ffff7675000-0x00007ffff7679000 +[+] Range: Modules Idx: 14 - 0x00007ffff7679000-0x00007ffff7689000 +[+] Range: Modules Idx: 15 - 0x00007ffff7689000-0x00007ffff768c000 +[+] Range: Modules Idx: 16 - 0x00007ffff768c000-0x00007ffff768d000 +[+] Range: Modules Idx: 17 - 0x00007ffff768d000-0x00007ffff768e000 +[+] Range: Modules Idx: 18 - 0x00007ffff768e000-0x00007ffff768f000 +[+] Range: Modules Idx: 19 - 0x00007ffff768f000-0x00007ffff7691000 +[+] Range: Modules Idx: 20 - 0x00007ffff7691000-0x00007ffff7698000 +[+] Range: Modules Idx: 21 - 0x00007ffff7698000-0x00007ffff76a9000 +[+] Range: Modules Idx: 22 - 0x00007ffff76a9000-0x00007ffff76ae000 +[+] Range: Modules Idx: 23 - 0x00007ffff76ae000-0x00007ffff76af000 +[+] Range: Modules Idx: 24 - 0x00007ffff76af000-0x00007ffff76b0000 +[+] Range: Modules Idx: 25 - 0x00007ffff76b0000-0x00007ffff76b4000 +[+] Range: Modules Idx: 26 - 0x00007ffff76b4000-0x00007ffff76d9000 +[+] Range: Modules Idx: 27 - 0x00007ffff76d9000-0x00007ffff76da000 +[+] Range: Modules Idx: 28 - 0x00007ffff76da000-0x00007ffff76db000 +[+] Range: Modules Idx: 29 - 0x00007ffff76db000-0x00007ffff7851000 +[+] Range: Modules Idx: 30 - 0x00007ffff7851000-0x00007ffff789b000 +[+] Range: Modules Idx: 31 - 0x00007ffff789b000-0x00007ffff789c000 +[+] Range: Modules Idx: 32 - 0x00007ffff789c000-0x00007ffff789f000 +[+] Range: Modules Idx: 33 - 0x00007ffff789f000-0x00007ffff78a2000 +[+] Range: Modules Idx: 34 - 0x00007ffff78a2000-0x00007ffff78a6000 +[+] Range: Modules Idx: 35 - 0x00007ffff78a9000-0x00007ffff78aa000 +[+] Range: Modules Idx: 36 - 0x00007ffff78aa000-0x00007ffff78ab000 +[+] Range: Modules Idx: 37 - 0x00007ffff78af000-0x00007ffff78bf000 +[+] Range: Modules Idx: 38 - 0x00007ffff78bf000-0x00007ffff7942000 +[+] Range: Modules Idx: 39 - 0x00007ffff7942000-0x00007ffff7a94000 +[+] Range: Modules Idx: 40 - 0x00007ffff7a94000-0x00007ffff7db0000 +[+] Range: Modules Idx: 41 - 0x00007ffff7db0000-0x00007ffff7dbc000 +[+] Range: Modules Idx: 42 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: Modules Idx: 43 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: Modules Idx: 44 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: Modules Idx: 45 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: Modules Idx: 46 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: Modules Idx: 47 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: Modules Idx: 48 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: Modules Idx: 49 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: Modules Idx: 50 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: Modules Idx: 51 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: Modules Idx: 52 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: Modules Idx: 53 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: AFL_INST_LIBS Length: 1 +[+] Range: AFL_INST_LIBS Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step1 Length: 1 +[+] Range: step1 Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step2 Length: 1 +[+] Range: step2 Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step3 Length: 1 +[+] Range: step3 Idx: 0 - 0x0000555555555160-0x0000555555555335 +[+] Range: step4 Length: 55 +[+] Range: step4 Idx: 0 - 0x0000555555554000-0x0000555555555000 +[+] Range: step4 Idx: 1 - 0x0000555555555000-0x0000555555555160 +[+] Range: step4 Idx: 2 - 0x0000555555555335-0x0000555555556000 +[+] Range: step4 Idx: 3 - 0x0000555555556000-0x0000555555557000 +[+] Range: step4 Idx: 4 - 0x0000555555557000-0x0000555555558000 +[+] Range: step4 Idx: 5 - 0x0000555555558000-0x0000555555559000 +[+] Range: step4 Idx: 6 - 0x0000555555559000-0x000055555557a000 +[+] Range: step4 Idx: 7 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: step4 Idx: 8 - 0x00007ffff766d000-0x00007ffff766f000 +[+] Range: step4 Idx: 9 - 0x00007ffff766f000-0x00007ffff7670000 +[+] Range: step4 Idx: 10 - 0x00007ffff7670000-0x00007ffff7672000 +[+] Range: step4 Idx: 11 - 0x00007ffff7672000-0x00007ffff7673000 +[+] Range: step4 Idx: 12 - 0x00007ffff7673000-0x00007ffff7674000 +[+] Range: step4 Idx: 13 - 0x00007ffff7674000-0x00007ffff7675000 +[+] Range: step4 Idx: 14 - 0x00007ffff7675000-0x00007ffff7679000 +[+] Range: step4 Idx: 15 - 0x00007ffff7679000-0x00007ffff7689000 +[+] Range: step4 Idx: 16 - 0x00007ffff7689000-0x00007ffff768c000 +[+] Range: step4 Idx: 17 - 0x00007ffff768c000-0x00007ffff768d000 +[+] Range: step4 Idx: 18 - 0x00007ffff768d000-0x00007ffff768e000 +[+] Range: step4 Idx: 19 - 0x00007ffff768e000-0x00007ffff768f000 +[+] Range: step4 Idx: 20 - 0x00007ffff768f000-0x00007ffff7691000 +[+] Range: step4 Idx: 21 - 0x00007ffff7691000-0x00007ffff7698000 +[+] Range: step4 Idx: 22 - 0x00007ffff7698000-0x00007ffff76a9000 +[+] Range: step4 Idx: 23 - 0x00007ffff76a9000-0x00007ffff76ae000 +[+] Range: step4 Idx: 24 - 0x00007ffff76ae000-0x00007ffff76af000 +[+] Range: step4 Idx: 25 - 0x00007ffff76af000-0x00007ffff76b0000 +[+] Range: step4 Idx: 26 - 0x00007ffff76b0000-0x00007ffff76b4000 +[+] Range: step4 Idx: 27 - 0x00007ffff76b4000-0x00007ffff76d9000 +[+] Range: step4 Idx: 28 - 0x00007ffff76d9000-0x00007ffff76da000 +[+] Range: step4 Idx: 29 - 0x00007ffff76da000-0x00007ffff76db000 +[+] Range: step4 Idx: 30 - 0x00007ffff76db000-0x00007ffff7851000 +[+] Range: step4 Idx: 31 - 0x00007ffff7851000-0x00007ffff789b000 +[+] Range: step4 Idx: 32 - 0x00007ffff789b000-0x00007ffff789c000 +[+] Range: step4 Idx: 33 - 0x00007ffff789c000-0x00007ffff789f000 +[+] Range: step4 Idx: 34 - 0x00007ffff789f000-0x00007ffff78a2000 +[+] Range: step4 Idx: 35 - 0x00007ffff78a2000-0x00007ffff78a6000 +[+] Range: step4 Idx: 36 - 0x00007ffff78a9000-0x00007ffff78aa000 +[+] Range: step4 Idx: 37 - 0x00007ffff78aa000-0x00007ffff78ab000 +[+] Range: step4 Idx: 38 - 0x00007ffff78af000-0x00007ffff78bf000 +[+] Range: step4 Idx: 39 - 0x00007ffff78bf000-0x00007ffff7942000 +[+] Range: step4 Idx: 40 - 0x00007ffff7942000-0x00007ffff7a94000 +[+] Range: step4 Idx: 41 - 0x00007ffff7a94000-0x00007ffff7db0000 +[+] Range: step4 Idx: 42 - 0x00007ffff7db0000-0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! +0x00007ffff7dbc000 +[+] Range: step4 Idx: 43 - 0x00007ffff7dbc000-0x00007ffff7dc4000 +[+] Range: step4 Idx: 44 - 0x00007ffff7dc4000-0x00007ffff7fcb000 +[+] Range: step4 Idx: 45 - 0x00007ffff7fcb000-0x00007ffff7fce000 +[+] Range: step4 Idx: 46 - 0x00007ffff7fce000-0x00007ffff7fcf000 +[+] Range: step4 Idx: 47 - 0x00007ffff7fcf000-0x00007ffff7fd0000 +[+] Range: step4 Idx: 48 - 0x00007ffff7fd0000-0x00007ffff7ff3000 +[+] Range: step4 Idx: 49 - 0x00007ffff7ff3000-0x00007ffff7ffb000 +[+] Range: step4 Idx: 50 - 0x00007ffff7ffc000-0x00007ffff7ffd000 +[+] Range: step4 Idx: 51 - 0x00007ffff7ffd000-0x00007ffff7ffe000 +[+] Range: step4 Idx: 52 - 0x00007ffff7ffe000-0x00007ffff7fff000 +[+] Range: step4 Idx: 53 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: step4 Idx: 54 - 0xffffffffff600000-0xffffffffff601000 +[+] Range: final Length: 9 +[+] Range: final Idx: 0 - 0x0000555555554000-0x0000555555555160 +[+] Range: final Idx: 1 - 0x0000555555555335-0x000055555557a000 +[+] Range: final Idx: 2 - 0x00007ffff7615000-0x00007ffff7625000 +[+] Range: final Idx: 3 - 0x00007ffff766d000-0x00007ffff78a6000 +[+] Range: final Idx: 4 - 0x00007ffff78a9000-0x00007ffff78ab000 +[+] Range: final Idx: 5 - 0x00007ffff78af000-0x00007ffff7ffb000 +[+] Range: final Idx: 6 - 0x00007ffff7ffc000-0x00007ffff7fff000 +[+] Range: final Idx: 7 - 0x00007ffffffdd000-0x00007ffffffff000 +[+] Range: final Idx: 8 - 0xffffffffff600000-0xffffffffff601000 +Looks like a zero to me! diff --git a/frida_mode/test/output/testinstr.c b/frida_mode/test/output/testinstr.c new file mode 100644 index 00000000..5e26fc46 --- /dev/null +++ b/frida_mode/test/output/testinstr.c @@ -0,0 +1,112 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile new file mode 100644 index 00000000..df48d065 --- /dev/null +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -0,0 +1,105 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x56555000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x56555000) +endif + +AFL_FRIDA_PERSISTENT_RETADDR_OFFSET:=0x50 + +.PHONY: all 32 clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ + AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +debug: $(TESTINSTR_DATA_FILE) + gdb \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ + --ex 'set environment AFL_DEBUG_CHILD=1' \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + +run: $(TESTINSTR_DATA_FILE) + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ + AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ + AFL_DEBUG_CHILD=1 \ + LD_PRELOAD=$(ROOT)afl-frida-trace.so \ + $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) diff --git a/frida_mode/test/persistent_ret/Makefile b/frida_mode/test/persistent_ret/Makefile new file mode 100644 index 00000000..e3deddbd --- /dev/null +++ b/frida_mode/test/persistent_ret/Makefile @@ -0,0 +1,22 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +frida_ret: + @gmake frida_ret + +debug: + @gmake debug + +run: + @gmake run diff --git a/frida_mode/test/persistent_ret/get_symbol_addr.py b/frida_mode/test/persistent_ret/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/persistent_ret/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c new file mode 100644 index 00000000..6cb88a50 --- /dev/null +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -0,0 +1,120 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +void slow() { + + usleep(100000); + +} + +TESTINSTR_SECTION int main(int argc, char **argv) { + + char * file; + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + do { + + file = argv[1]; + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + slow(); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile new file mode 100644 index 00000000..9f0b31d3 --- /dev/null +++ b/frida_mode/test/re2/GNUmakefile @@ -0,0 +1,170 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +LIBRE2_BUILD_DIR:=$(BUILD_DIR)libre2/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +RE2TEST_BUILD_DIR:=$(BUILD_DIR)re2test/ + +LIBRE2_URL:=https://github.com/google/re2.git +LIBRE2_DIR:=$(LIBRE2_BUILD_DIR)libre2/ +LIBRE2_MAKEFILE:=$(LIBRE2_DIR)Makefile +LIBRE2_LIB:=$(LIBRE2_DIR)obj/libre2.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/llvm/llvm-project/main/compiler-rt/lib/fuzzer/standalone/StandaloneFuzzTargetMain.c" + +RE2TEST_FILE:=$(RE2TEST_BUILD_DIR)target.cc +RE2TEST_OBJ:=$(RE2TEST_BUILD_DIR)target.o +RE2TEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/re2-2014-12-09/target.cc" + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +AFLPP_DRIVER_DUMMY_INPUT:=$(TEST_DATA_DIR)in + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean qemu frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### RE2TEST ######## + +$(RE2TEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(RE2TEST_FILE): | $(RE2TEST_BUILD_DIR) + wget -O $@ $(RE2TEST_URL) + +$(RE2TEST_OBJ): $(RE2TEST_FILE) | $(LIBRE2_MAKEFILE) + $(CXX) $(CXXFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBRE2_DIR) -o $@ -c $< + +######### LIBRE2 ######## + +$(LIBRE2_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBRE2_MAKEFILE): $(LIBRE2_BUILD_DIR) + git clone https://github.com/google/re2.git $(LIBRE2_DIR) + cd $(LIBRE2_DIR) && git checkout 499ef7eff7455ce9c9fae86111d4a77b6ac335de + +$(LIBRE2_LIB): $(LIBRE2_MAKEFILE) + make -C $(LIBRE2_DIR) -j $(shell nproc) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(RE2TEST_OBJ) $(LIBRE2_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(RE2TEST_OBJ) $(LIBRE2_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## HOOK ######## + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ + +########## DUMMY ####### + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(TEST_DATA_DIR) + truncate -s 1M $@ + +###### TEST DATA ####### + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(TEST_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.re2 diff --git a/frida_mode/test/re2/Makefile b/frida_mode/test/re2/Makefile new file mode 100644 index 00000000..00b2b287 --- /dev/null +++ b/frida_mode/test/re2/Makefile @@ -0,0 +1,22 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida + +debug: + @gmake debug + +hook: + @gmake hook diff --git a/frida_mode/test/re2/aflpp_qemu_driver_hook.c b/frida_mode/test/re2/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/re2/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/re2/get_symbol_addr.py b/frida_mode/test/re2/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/re2/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 72f956b9..4aba3bdf 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -385,10 +385,10 @@ typedef struct afl_env_vars { afl_force_ui, afl_i_dont_care_about_missing_crashes, afl_bench_just_one, afl_bench_until_crash, afl_debug_child, afl_autoresume, afl_cal_fast, afl_cycle_schedules, afl_expand_havoc, afl_statsd, afl_cmplog_only_new, - afl_exit_on_seed_issues; + afl_exit_on_seed_issues, afl_try_affinity; u8 *afl_tmpdir, *afl_custom_mutator_library, *afl_python_module, *afl_path, - *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_skip_crashes, *afl_preload, + *afl_hang_tmout, *afl_forksrv_init_tmout, *afl_preload, *afl_max_det_extras, *afl_statsd_host, *afl_statsd_port, *afl_crash_exitcode, *afl_statsd_tags_flavor, *afl_testcache_size, *afl_testcache_entries, *afl_kill_signal, *afl_target_env, diff --git a/include/config.h b/include/config.h index aa24ea6c..80cdb684 100644 --- a/include/config.h +++ b/include/config.h @@ -154,7 +154,7 @@ cases that show variable behavior): */ #define CAL_CYCLES 8U -#define CAL_CYCLES_LONG 40U +#define CAL_CYCLES_LONG 20U /* Number of subsequent timeouts before abandoning an input file: */ @@ -163,7 +163,7 @@ /* Maximum number of unique hangs or crashes to record: */ #define KEEP_UNIQUE_HANG 500U -#define KEEP_UNIQUE_CRASH 5000U +#define KEEP_UNIQUE_CRASH 10000U /* Baseline number of random tweaks during a single 'havoc' stage: */ diff --git a/include/envs.h b/include/envs.h index f1314bad..08b3284a 100644 --- a/include/envs.h +++ b/include/envs.h @@ -55,14 +55,22 @@ static char *afl_environment_variables[] = { "AFL_FORCE_UI", "AFL_FRIDA_DEBUG_MAPS", "AFL_FRIDA_EXCLUDE_RANGES", + "AFL_FRIDA_INST_DEBUG_FILE", "AFL_FRIDA_INST_NO_OPTIMIZE", "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", - "AFL_FRIDA_INST_STRICT", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_OUTPUT_STDOUT", + "AFL_FRIDA_OUTPUT_STDERR", "AFL_FRIDA_PERSISTENT_ADDR", "AFL_FRIDA_PERSISTENT_CNT", + "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", + "AFL_FRIDA_PERSISTENT_RET", + "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET", + "AFL_FRIDA_STATS_FILE", + "AFL_FRIDA_STATS_INTERVAL", + "AFL_FRIDA_STATS_TRANSITIONS", "AFL_FUZZER_ARGS", // oss-fuzz "AFL_GDB", "AFL_GCC_ALLOWLIST", @@ -120,6 +128,7 @@ static char *afl_environment_variables[] = { "AFL_LLVM_INSTRUMENT_FILE", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", + "AFL_TRY_AFFINITY", "AFL_LLVM_LTO_STARTID", "AFL_LLVM_LTO_DONTWRITEID", "AFL_NO_ARITH", diff --git a/qemu_mode/README.md b/qemu_mode/README.md index 38cb5ba6..d28479d9 100644 --- a/qemu_mode/README.md +++ b/qemu_mode/README.md @@ -110,22 +110,23 @@ takes priority over any included ranges or AFL_INST_LIBS. CompareCoverage is a sub-instrumentation with effects similar to laf-intel. -The environment variable that enables QEMU CompareCoverage is AFL_COMPCOV_LEVEL. -There is also ./libcompcov/ which implements CompareCoverage for *cmp functions -(splitting memcmp, strncmp, etc. to make these conditions easier solvable by -afl-fuzz). +You have to set `AFL_PRELOAD=/path/to/libcompcov.so` together with +setting the AFL_COMPCOV_LEVEL you want to enable it. AFL_COMPCOV_LEVEL=1 is to instrument comparisons with only immediate -values / read-only memory. AFL_COMPCOV_LEVEL=2 instruments all -comparison instructions and memory comparison functions when libcompcov -is preloaded. -AFL_COMPCOV_LEVEL=3 has the same effects of AFL_COMPCOV_LEVEL=2 but enables also -the instrumentation of the floating-point comparisons on x86 and x86_64 (experimental). +values / read-only memory. + +AFL_COMPCOV_LEVEL=2 instruments all comparison instructions and memory +comparison functions when libcompcov is preloaded. + +AFL_COMPCOV_LEVEL=3 has the same effects of AFL_COMPCOV_LEVEL=2 but enables +also the instrumentation of the floating-point comparisons on x86 and x86_64 +(experimental). Integer comparison instructions are currently instrumented only on the x86, x86_64, arm and aarch64 targets. -Highly recommended. +Recommended, but not as good as CMPLOG mode (see below). ## 8) CMPLOG mode diff --git a/src/afl-cc.c b/src/afl-cc.c index ebe11525..8af8e7b0 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1224,6 +1224,14 @@ int main(int argc, char **argv, char **envp) { if (strncmp(argv[i], "--afl", 5) == 0) { + if (!strcmp(argv[i], "--afl_noopt") || !strcmp(argv[i], "--afl-noopt")) { + + passthrough = 1; + argv[i] = "-g"; // we have to overwrite it, -g is always good + continue; + + } + if (compiler_mode) WARNF( "--afl-... compiler mode supersedes the AFL_CC_COMPILER and " @@ -1821,6 +1829,12 @@ int main(int argc, char **argv, char **envp) { "If anything fails - be sure to read README.lto.md!\n"); #endif + SAYF( + "\nYou can supply --afl-noopt to not instrument, like AFL_NOOPT. " + "(this is helpful\n" + "in some build systems if you do not want to instrument " + "everything.\n"); + } SAYF( diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index b277802b..88b5bc02 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -113,7 +113,7 @@ void bind_to_free_cpu(afl_state_t *afl) { u8 lockfile[PATH_MAX] = ""; s32 i; - if (afl->afl_env.afl_no_affinity) { + if (afl->afl_env.afl_no_affinity && !afl->afl_env.afl_try_affinity) { if (afl->cpu_to_bind != -1) { @@ -130,10 +130,21 @@ void bind_to_free_cpu(afl_state_t *afl) { if (!bind_cpu(afl, afl->cpu_to_bind)) { - FATAL( - "Could not bind to requested CPU %d! Make sure you passed a valid " - "-b.", - afl->cpu_to_bind); + if (afl->afl_env.afl_try_affinity) { + + WARNF( + "Could not bind to requested CPU %d! Make sure you passed a valid " + "-b.", + afl->cpu_to_bind); + + } else { + + FATAL( + "Could not bind to requested CPU %d! Make sure you passed a valid " + "-b.", + afl->cpu_to_bind); + + } } @@ -420,11 +431,14 @@ void bind_to_free_cpu(afl_state_t *afl) { "Uh-oh, looks like all %d CPU cores on your system are allocated to\n" " other instances of afl-fuzz (or similar CPU-locked tasks). " "Starting\n" - " another fuzzer on this machine is probably a bad plan, but if " - "you are\n" - " absolutely sure, you can set AFL_NO_AFFINITY and try again.\n", - afl->cpu_core_count); - FATAL("No more free CPU cores"); + " another fuzzer on this machine is probably a bad plan.\n" + "%s", + afl->cpu_core_count, + afl->afl_env.afl_try_affinity ? "" + : " If you are sure, you can set " + "AFL_NO_AFFINITY and try again.\n"); + + if (!afl->afl_env.afl_try_affinity) { FATAL("No more free CPU cores"); } } @@ -823,7 +837,6 @@ void perform_dry_run(afl_state_t *afl) { struct queue_entry *q; u32 cal_failures = 0, idx; - u8 * skip_crashes = afl->afl_env.afl_skip_crashes; u8 * use_mem; for (idx = 0; idx < afl->queued_paths; idx++) { @@ -923,27 +936,6 @@ void perform_dry_run(afl_state_t *afl) { if (afl->crash_mode) { break; } - if (skip_crashes) { - - if (afl->fsrv.uses_crash_exitcode) { - - WARNF( - "Test case results in a crash or AFL_CRASH_EXITCODE %d " - "(skipping)", - (int)(s8)afl->fsrv.crash_exitcode); - - } else { - - WARNF("Test case results in a crash (skipping)"); - - } - - q->cal_failed = CAL_CHANCES; - ++cal_failures; - break; - - } - if (afl->fsrv.mem_limit) { u8 val_buf[STRINGIFY_VAL_SIZE_MAX]; @@ -1117,14 +1109,12 @@ void perform_dry_run(afl_state_t *afl) { if (cal_failures == afl->queued_paths) { - FATAL("All test cases time out%s, giving up!", - skip_crashes ? " or crash" : ""); + FATAL("All test cases time out or crash, giving up!"); } - WARNF("Skipped %u test cases (%0.02f%%) due to timeouts%s.", cal_failures, - ((double)cal_failures) * 100 / afl->queued_paths, - skip_crashes ? " or crashes" : ""); + WARNF("Skipped %u test cases (%0.02f%%) due to timeouts or crashes.", + cal_failures, ((double)cal_failures) * 100 / afl->queued_paths); if (cal_failures * 5 > afl->queued_paths) { diff --git a/src/afl-fuzz-python.c b/src/afl-fuzz-python.c index 8760194c..3aa97635 100644 --- a/src/afl-fuzz-python.c +++ b/src/afl-fuzz-python.c @@ -212,7 +212,7 @@ static py_mutator_t *init_py_module(afl_state_t *afl, u8 *module_name) { PyObject_GetAttrString(py_module, "introspection"); py_functions[PY_FUNC_DEINIT] = PyObject_GetAttrString(py_module, "deinit"); if (!py_functions[PY_FUNC_DEINIT]) - FATAL("deinit function not found in python module"); + WARNF("deinit function not found in python module"); for (py_idx = 0; py_idx < PY_FUNC_COUNT; ++py_idx) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 6e5210b8..5a481639 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -410,7 +410,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } var_detected = 1; - afl->stage_max = CAL_CYCLES_LONG; + afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG; } else { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index c886cb28..0658070e 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -202,12 +202,18 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_no_affinity = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_TRY_AFFINITY", + + afl_environment_variable_len)) { + + afl->afl_env.afl_try_affinity = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_SKIP_CRASHES", afl_environment_variable_len)) { - afl->afl_env.afl_skip_crashes = - (u8 *)get_afl_env(afl_environment_variables[i]); + // we should mark this obsolete in a few versions } else if (!strncmp(env, "AFL_HANG_TMOUT", diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 35fb2d04..a3a623d9 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -35,6 +35,10 @@ #include #endif +#ifdef __APPLE__ + #include +#endif + #ifdef PROFILING extern u64 time_spent_working; #endif @@ -220,6 +224,7 @@ static void usage(u8 *argv0, int more_help) { " then they are randomly selected instead all of them being\n" " used. Defaults to 200.\n" "AFL_NO_AFFINITY: do not check for an unused cpu core to use for fuzzing\n" + "AFL_TRY_AFFINITY: try to bind to an unused core, but don't fail if unsuccessful\n" "AFL_NO_ARITH: skip arithmetic mutations in deterministic stage\n" "AFL_NO_AUTODICT: do not load an offered auto dictionary compiled into a target\n" "AFL_NO_CPU_RED: avoid red color for showing very high cpu usage\n" @@ -240,7 +245,7 @@ static void usage(u8 *argv0, int more_help) { "AFL_SHUFFLE_QUEUE: reorder the input queue randomly on startup\n" "AFL_SKIP_BIN_CHECK: skip afl compatibility checks, also disables auto map size\n" "AFL_SKIP_CPUFREQ: do not warn about variable cpu clocking\n" - "AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" + //"AFL_SKIP_CRASHES: during initial dry run do not terminate for crashing inputs\n" "AFL_STATSD: enables StatsD metrics collection\n" "AFL_STATSD_HOST: change default statsd host (default 127.0.0.1)\n" "AFL_STATSD_PORT: change default statsd port (default: 8125)\n" @@ -2296,26 +2301,9 @@ stop_fuzzing: afl_fsrv_deinit(&afl->fsrv); /* remove tmpfile */ - if (afl->tmp_dir != NULL && !afl->in_place_resume) { + if (afl->tmp_dir != NULL && !afl->in_place_resume && afl->fsrv.out_file) { - char tmpfile[PATH_MAX]; - - if (afl->file_extension) { - - snprintf(tmpfile, PATH_MAX, "%s/.cur_input.%s", afl->tmp_dir, - afl->file_extension); - - } else { - - snprintf(tmpfile, PATH_MAX, "%s/.cur_input", afl->tmp_dir); - - } - - if (unlink(tmpfile) != 0) { - - FATAL("Could not unlink current input file: %s.", tmpfile); - - } + (void)unlink(afl->fsrv.out_file); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index d7af668c..96b72dd9 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -235,6 +235,9 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { if (cmin_mode && (fsrv->last_run_timed_out || (!caa && child_crashed != cco))) { + // create empty file to prevent error messages in afl-cmin + fd = open(outfile, O_WRONLY | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + close(fd); return ret; } diff --git a/utils/aflpp_driver/README.md b/utils/aflpp_driver/README.md index 01bd10c0..f03c2fe3 100644 --- a/utils/aflpp_driver/README.md +++ b/utils/aflpp_driver/README.md @@ -13,6 +13,12 @@ If this is the clang compile command to build for libfuzzer: then just switch `clang++` with `afl-clang-fast++` and our compiler will magically insert libAFLDriver.a :) +To use shared-memory testcases, you need nothing to do. +To use stdin testcases give `-` as the only command line parameter. +To use file input testcases give `@@` as the only command line parameter. + +IMPORTANT: if you use `afl-cmin` or `afl-cmin.bash` then either pass `-` +or `@@` as command line parameters. ## aflpp_qemu_driver diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index ad781e64..c094c425 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -174,11 +174,17 @@ size_t LLVMFuzzerMutate(uint8_t *Data, size_t Size, size_t MaxSize) { static int ExecuteFilesOnyByOne(int argc, char **argv) { unsigned char *buf = (unsigned char *)malloc(MAX_FILE); + for (int i = 1; i < argc; i++) { - int fd = open(argv[i], O_RDONLY); - if (fd == -1) continue; + int fd = 0; + + if (strcmp(argv[i], "-") != 0) { fd = open(argv[i], O_RDONLY); } + + if (fd == -1) { continue; } + ssize_t length = read(fd, buf, MAX_FILE); + if (length > 0) { printf("Reading %zu bytes from %s\n", length, argv[i]); @@ -187,7 +193,7 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) { } - close(fd); + if (fd > 0) { close(fd); } } @@ -199,15 +205,19 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) { int main(int argc, char **argv) { printf( - "======================= INFO =========================\n" + "============================== INFO ================================\n" "This binary is built for afl++.\n" + "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " + "option\n" "To run the target function on individual input(s) execute this:\n" " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" "To fuzz with afl-fuzz execute this:\n" " afl-fuzz [afl-flags] -- %s [-N]\n" "afl-fuzz will run N iterations before re-spawning the process (default: " "INT_MAX)\n" - "======================================================\n", + "For stdin input processing, pass '-' as single command line option.\n" + "For file input processing, pass '@@' as single command line option.\n" + "===================================================================\n", argv[0], argv[0]); if (getenv("AFL_GDB")) { @@ -237,22 +247,35 @@ int main(int argc, char **argv) { memcpy(dummy_input, (void *)AFL_PERSISTENT, sizeof(AFL_PERSISTENT)); memcpy(dummy_input + 32, (void *)AFL_DEFER_FORKSVR, sizeof(AFL_DEFER_FORKSVR)); + int N = INT_MAX; - if (argc == 2 && argv[1][0] == '-') - N = atoi(argv[1] + 1); - else if (argc == 2 && (N = atoi(argv[1])) > 0) - printf("WARNING: using the deprecated call style `%s %d`\n", argv[0], N); - else if (argc > 1) { + + if (argc == 2 && !strcmp(argv[1], "-")) { __afl_sharedmem_fuzzing = 0; __afl_manual_init(); return ExecuteFilesOnyByOne(argc, argv); + } else if (argc == 2 && argv[1][0] == '-') { + + N = atoi(argv[1] + 1); + + } else if (argc == 2 && (N = atoi(argv[1])) > 0) { + + printf("WARNING: using the deprecated call style `%s %d`\n", argv[0], N); + + } else if (argc > 1) { + + __afl_sharedmem_fuzzing = 0; + + if (argc == 2) { __afl_manual_init(); } + + return ExecuteFilesOnyByOne(argc, argv); + } assert(N > 0); - // if (!getenv("AFL_DRIVER_DONT_DEFER")) __afl_manual_init(); // Call LLVMFuzzerTestOneInput here so that coverage caused by initialization @@ -271,6 +294,7 @@ int main(int argc, char **argv) { fprintf(stderr, "%02x", __afl_fuzz_ptr[i]); fprintf(stderr, "\n"); #endif + if (*__afl_fuzz_len) { num_runs++; From c9539aa6b7fb4b9d2dae6c65446c525375388c2f Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 30 May 2021 11:45:11 +0200 Subject: [PATCH 273/441] support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. --- include/envs.h | 1 + instrumentation/afl-llvm-pass.so.cc | 249 +++++++++++++++------------- test/test-llvm.sh | 30 ++++ 3 files changed, 168 insertions(+), 112 deletions(-) diff --git a/include/envs.h b/include/envs.h index ebe98257..e6f6d7c9 100644 --- a/include/envs.h +++ b/include/envs.h @@ -114,6 +114,7 @@ static char *afl_environment_variables[] = { "AFL_NGRAM_SIZE", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_INSTRUMENT_FILE", + "AFL_LLVM_THREADSAFE_INST", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", "AFL_LLVM_LTO_STARTID", diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 53e076ff..3b1119fc 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -86,6 +86,7 @@ class AFLCoverage : public ModulePass { uint32_t map_size = MAP_SIZE; uint32_t function_minimum_size = 1; char * ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; + char * use_threadsafe_counters = nullptr; }; @@ -182,6 +183,19 @@ bool AFLCoverage::runOnModule(Module &M) { char *neverZero_counters_str = getenv("AFL_LLVM_NOT_ZERO"); #endif skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); + + if ((isatty(2) && !getenv("AFL_QUIET")) || !!getenv("AFL_DEBUG")) { + + if (use_threadsafe_counters) { + SAYF(cCYA "afl-llvm-pass" VERSION cRST " using threadsafe instrumentation\n"); + } + else + { + SAYF(cCYA "afl-llvm-pass" VERSION cRST " using non-threadsafe instrumentation\n"); + } + + } unsigned PrevLocSize = 0; unsigned PrevCallerSize = 0; @@ -628,57 +642,63 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ -#if 1 /* Atomic */ -#if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm is - // then fixed -#else - if (!skip_nozero) { -#endif + if (use_threadsafe_counters) {/* Atomic */ + + #if LLVM_VERSION_MAJOR < 9 + if (neverZero_counters_str != + NULL) { // with llvm 9 we make this the default as the bug in llvm is then fixed + #else + if (!skip_nozero) { + + #endif // register MapPtrIdx in a todo list todo.push_back(MapPtrIdx); - } else { - IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); + } + else + { + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); + } } + else + { -#else - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - Value *Incr = IRB.CreateAdd(Counter, One); + Value *Incr = IRB.CreateAdd(Counter, One); -#if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm is - // then fixed -#else - if (!skip_nozero) { + #if LLVM_VERSION_MAJOR < 9 + if (neverZero_counters_str != + NULL) { // with llvm 9 we make this the default as the bug in llvm is + // then fixed + #else + if (!skip_nozero) { -#endif - /* hexcoder: Realize a counter that skips zero during overflow. - * Once this counter reaches its maximum value, it next increments to 1 - * - * Instead of - * Counter + 1 -> Counter - * we inject now this - * Counter + 1 -> {Counter, OverflowFlag} - * Counter + OverflowFlag -> Counter - */ + #endif + /* hexcoder: Realize a counter that skips zero during overflow. + * Once this counter reaches its maximum value, it next increments to 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter + */ - ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); + ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Ty); + Incr = IRB.CreateAdd(Incr, carry); - } + } - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + IRB.CreateStore(Incr, MapPtrIdx) + ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); -#endif /* non atomic case */ + } /* non atomic case */ /* Update prev_loc history vector (by placing cur_loc at the head of the vector and shuffle the other elements back by one) */ @@ -735,99 +755,104 @@ bool AFLCoverage::runOnModule(Module &M) { } -#if 1 /*Atomic NeverZero */ - // handle the todo list - for (auto val : todo) { + if (use_threadsafe_counters) { /*Atomic NeverZero */ + // handle the list of registered blocks to instrument + for (auto val : todo) { + /* hexcoder: Realize a thread-safe counter that skips zero during overflow. Once this counter reaches its maximum value, it next increments to 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter + */ - /* hexcoder: Realize a thread-safe counter that skips zero during overflow. - * Once this counter reaches its maximum value, it next increments to 1 - * - * Instead of - * Counter + 1 -> Counter - * we inject now this - * Counter + 1 -> {Counter, OverflowFlag} - * Counter + OverflowFlag -> Counter - */ + /* equivalent c code looks like this + * Thanks to + https://preshing.com/20150402/you-can-do-any-kind-of-atomic-read-modify-write-operation/ - /* equivalent c code looks like this - * Thanks to https://preshing.com/20150402/you-can-do-any-kind-of-atomic-read-modify-write-operation/ + int old = atomic_load_explicit(&Counter, memory_order_relaxed); + int new; + do { + if (old == 255) { + new = 1; + } else { + new = old + 1; + } + } while (!atomic_compare_exchange_weak_explicit(&Counter, &old, new, + memory_order_relaxed, memory_order_relaxed)); - int old = atomic_load_explicit(&Counter, memory_order_relaxed); - int new; - do { - if (old == 255) { - new = 1; - } else { - new = old + 1; - } - } while (!atomic_compare_exchange_weak_explicit(&Counter, &old, new, memory_order_relaxed, memory_order_relaxed)); + */ - */ + Value * MapPtrIdx = val; + Instruction * MapPtrIdxInst = cast(val); + BasicBlock::iterator it0(&(*MapPtrIdxInst)); + ++it0; + IRBuilder<> IRB(&(*it0)); - Value * MapPtrIdx = val; - Instruction * MapPtrIdxInst = cast(val); - BasicBlock::iterator it0(&(*MapPtrIdxInst)); - ++it0; - IRBuilder<> IRB(&(*it0)); + // load the old counter value atomically + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setAlignment(llvm::Align()); + Counter->setAtomic(llvm::AtomicOrdering::Monotonic); + Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - // load the old counter value atomically - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setAlignment(llvm::Align()); - Counter->setAtomic(llvm::AtomicOrdering::Monotonic); - Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + BasicBlock *BB = IRB.GetInsertBlock(); + // insert a basic block with the corpus of a do while loop + // the calculation may need to repeat, if atomic compare_exchange is not successful - BasicBlock *BB = IRB.GetInsertBlock(); - // insert a basic block with the corpus of a do while loop - // the calculation may need to repeat, if atomic compare_exchange is not successful + BasicBlock::iterator it(*Counter); + it++; // split after load counter + BasicBlock *end_bb = BB->splitBasicBlock(it); + end_bb->setName("injected"); - BasicBlock::iterator it(*Counter); it++; // split after load counter - BasicBlock * end_bb = BB->splitBasicBlock(it); - end_bb->setName("injected"); + // insert the block before the second half of the split + BasicBlock *do_while_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - // insert the block before the second half of the split - BasicBlock * do_while_bb = BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + // set terminator of BB from target end_bb to target do_while_bb + auto term = BB->getTerminator(); + BranchInst::Create(do_while_bb, BB); + term->eraseFromParent(); - // set terminator of BB from target end_bb to target do_while_bb - auto term = BB->getTerminator(); - BranchInst::Create(do_while_bb, BB); - term->eraseFromParent(); + // continue to fill instructions into the do_while loop + IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); - // continue to fill instructions into the do_while loop - IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); + PHINode *PN = IRB.CreatePHI(Int8Ty, 2); - PHINode * PN = IRB.CreatePHI(Int8Ty, 2); + // compare with maximum value 0xff + auto *Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); - // compare with maximum value 0xff - auto * Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); + // increment the counter + Value *Incr = IRB.CreateAdd(Counter, One); - // increment the counter - Value *Incr = IRB.CreateAdd(Counter, One); + // select the counter value or 1 + auto *Select = IRB.CreateSelect(Cmp, One, Incr); - // select the counter value or 1 - auto * Select = IRB.CreateSelect(Cmp, One, Incr); + // try to save back the new counter value + auto *CmpXchg = IRB.CreateAtomicCmpXchg( + MapPtrIdx, PN, Select, llvm::AtomicOrdering::Monotonic, + llvm::AtomicOrdering::Monotonic); + CmpXchg->setAlignment(llvm::Align()); + CmpXchg->setWeak(true); + CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - // try to save back the new counter value - auto * CmpXchg = IRB.CreateAtomicCmpXchg(MapPtrIdx, PN, Select, - llvm::AtomicOrdering::Monotonic, llvm::AtomicOrdering::Monotonic); - CmpXchg->setAlignment(llvm::Align()); - CmpXchg->setWeak(true); - CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + // get the result of trying to update the Counter + Value *Success = + IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); + // get the (possibly updated) value of Counter + Value *OldVal = + IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); - // get the result of trying to update the Counter - Value * Success = IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); - // get the (possibly updated) value of Counter - Value * OldVal = IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); + // initially we use Counter + PN->addIncoming(Counter, BB); + // on retry, we use the updated value + PN->addIncoming(OldVal, do_while_bb); - // initially we use Counter - PN->addIncoming(Counter, BB); - // on retry, we use the updated value - PN->addIncoming(OldVal, do_while_bb); + // if the cmpXchg was not successful, retry + IRB.CreateCondBr(Success, end_bb, do_while_bb); + } - // if the cmpXchg was not successful, retry - IRB.CreateCondBr(Success, end_bb, do_while_bb); - - } -#endif + } } diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 06d0a0f8..1152cc4e 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -43,6 +43,36 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { $ECHO "$RED[!] llvm_mode failed" CODE=1 } + AFL_LLVM_INSTRUMENT=CLASSIC AFL_LLVM_THREADSAFE_INST=1 ../afl-clang-fast -o test-instr.ts ../test-instr.c > /dev/null 2>&1 + test -e test-instr.ts && { + $ECHO "$GREEN[+] llvm_mode threadsafe compilation succeeded" + echo 0 | AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.ts.0 -r -- ./test-instr.ts > /dev/null 2>&1 + AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.ts.1 -r -- ./test-instr.ts < /dev/null > /dev/null 2>&1 + test -e test-instr.ts.0 -a -e test-instr.ts.1 && { + diff test-instr.ts.0 test-instr.ts.1 > /dev/null 2>&1 && { + $ECHO "$RED[!] llvm_mode threadsafe instrumentation should be different on different input but is not" + CODE=1 + } || { + $ECHO "$GREEN[+] llvm_mode threadsafe instrumentation present and working correctly" + TUPLES=`echo 0|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.ts 2>&1 | grep Captur | awk '{print$3}'` + test "$TUPLES" -gt 2 -a "$TUPLES" -lt 8 && { + $ECHO "$GREEN[+] llvm_mode run reported $TUPLES threadsafe instrumented locations which is fine" + } || { + $ECHO "$RED[!] llvm_mode threadsafe instrumentation produces weird numbers: $TUPLES" + CODE=1 + } + test "$TUPLES" -lt 3 && SKIP=1 + true + } + } || { + $ECHO "$RED[!] llvm_mode threadsafe instrumentation failed" + CODE=1 + } + rm -f test-instr.ts.0 test-instr.ts.1 + } || { + $ECHO "$RED[!] llvm_mode (threadsafe) failed" + CODE=1 + } ../afl-clang-fast -DTEST_SHARED_OBJECT=1 -z defs -fPIC -shared -o test-instr.so ../test-instr.c > /dev/null 2>&1 test -e test-instr.so && { $ECHO "$GREEN[+] llvm_mode shared object with -z defs compilation succeeded" From eb74a7a8004e8281cda62525bbc1f3bbe7f5d9da Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 30 May 2021 12:43:30 +0200 Subject: [PATCH 274/441] add documentation for AFL_LLVM_THREADSAFE_INST --- docs/Changelog.md | 1 + docs/env_variables.md | 5 +++++ instrumentation/README.llvm.md | 4 ++++ instrumentation/README.neverzero.md | 5 +++++ src/afl-cc.c | 1 + 5 files changed, 16 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 9c9a3976..d8e96bf3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -35,6 +35,7 @@ sending a mail to . - Removed automatic linking with -lc++ for LTO mode - utils/aflpp_driver/aflpp_qemu_driver_hook fixed to work with qemu mode - add -d (add dead fuzzer stats) to afl-whatsup + - add thread safe counters for LLVM CLASSIC (set AFL_LLVM_THREADSAFE_INST) ### Version ++3.12c (release) - afl-fuzz: diff --git a/docs/env_variables.md b/docs/env_variables.md index 0100ffac..d9a774aa 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -231,6 +231,11 @@ Then there are a few specific features that are only available in instrumentatio See [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information. +### Thread safe instrumentation counters (in mode LLVM CLASSIC) + - Setting `AFL_LLVM_THREADSAFE_INST` will inject code that implements thread safe counters. + The overhead is a bit higher compared to the older non-thread safe case. + `AFL_LLVM_NOT_ZERO` and `AFL_LLVM_SKIP_NEVERZERO` are supported (see below). + ### NOT_ZERO - Setting `AFL_LLVM_NOT_ZERO=1` during compilation will use counters diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index adce6c1d..a9d51829 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -144,6 +144,10 @@ is not optimal and was only fixed in llvm 9. You can set this with AFL_LLVM_NOT_ZERO=1 See [README.neverzero.md](README.neverzero.md) +Support for thread safe counters has been added for mode LLVM CLASSIC. +Activate it with `AFL_LLVM_THREADSAFE_INST=1`. The tradeoff is better precision in +multi threaded apps for a slightly higher instrumentation overhead. + ## 4) Snapshot feature To speed up fuzzing you can use a linux loadable kernel module which enables diff --git a/instrumentation/README.neverzero.md b/instrumentation/README.neverzero.md index 49104e00..06334eab 100644 --- a/instrumentation/README.neverzero.md +++ b/instrumentation/README.neverzero.md @@ -33,3 +33,8 @@ AFL_LLVM_SKIP_NEVERZERO=1 ``` If the target does not have extensive loops or functions that are called a lot then this can give a small performance boost. + +Please note that the default counter implementations are not thread safe! + +Support for thread safe counters in mode LLVM CLASSIC can be activated with setting +`AFL_LLVM_THREADSAFE_INST=1`. \ No newline at end of file diff --git a/src/afl-cc.c b/src/afl-cc.c index 1f89bac5..132f5f83 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1757,6 +1757,7 @@ int main(int argc, char **argv, char **envp) { SAYF( "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment " "variables:\n" + " AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters\n" COUNTER_BEHAVIOUR From b246de789105750558f3d6f884ba61e54cb98441 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 30 May 2021 15:25:10 +0200 Subject: [PATCH 275/441] add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes --- instrumentation/README.neverzero.md | 9 ++-- instrumentation/SanitizerCoverageLTO.so.cc | 46 +++++++++++-------- .../SanitizerCoveragePCGUARD.so.cc | 35 ++++++++------ .../afl-llvm-lto-instrumentation.so.cc | 36 ++++++++------- instrumentation/afl-llvm-pass.so.cc | 15 ++++-- 5 files changed, 83 insertions(+), 58 deletions(-) diff --git a/instrumentation/README.neverzero.md b/instrumentation/README.neverzero.md index 06334eab..9bcae324 100644 --- a/instrumentation/README.neverzero.md +++ b/instrumentation/README.neverzero.md @@ -16,11 +16,12 @@ at a very little cost (one instruction per edge). (The alternative of saturated counters has been tested also and proved to be inferior in terms of path discovery.) -This is implemented in afl-gcc and afl-gcc-fast, however for llvm_mode this is optional if -the llvm version is below 9 - as there is a perfomance bug that is only fixed -in version 9 and onwards. +This is implemented in afl-gcc and afl-gcc-fast, however for llvm_mode this is +optional if multithread safe counters are selected or the llvm version is below +9 - as there are severe performance costs in these cases. -If you want to enable this for llvm versions below 9 then set +If you want to enable this for llvm versions below 9 or thread safe counters +then set ``` export AFL_LLVM_NOT_ZERO=1 diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index cd6b1939..f5af32d2 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -237,7 +237,8 @@ class ModuleSanitizerCoverage { uint32_t inst = 0; uint32_t afl_global_id = 0; uint64_t map_addr = 0; - char * skip_nozero = NULL; + const char * skip_nozero = NULL; + const char * use_threadsafe_counters = nullptr; std::vector BlockList; DenseMap valueMap; std::vector dictionary; @@ -438,6 +439,7 @@ bool ModuleSanitizerCoverage::instrumentModule( be_quiet = 1; skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); if ((ptr = getenv("AFL_LLVM_LTO_STARTID")) != NULL) if ((afl_global_id = atoi(ptr)) < 0) @@ -1209,7 +1211,7 @@ void ModuleSanitizerCoverage::instrumentFunction( return; // Should not instrument sanitizer init functions. if (F.getName().startswith("__sanitizer_")) return; // Don't instrument __sanitizer_* callbacks. - // Don't touch available_externally functions, their actual body is elewhere. + // Don't touch available_externally functions, their actual body is elsewhere. if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage) return; // Don't instrument MSVC CRT configuration helpers. They may run before normal // initialization. @@ -1496,27 +1498,33 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } /* Update bitmap */ -#if 1 /* Atomic */ - IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, - llvm::AtomicOrdering::Monotonic); + if (use_threadsafe_counters) { /* Atomic */ -#else - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); - - Value *Incr = IRB.CreateAdd(Counter, One); - - if (skip_nozero == NULL) { - - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Tyi); - Incr = IRB.CreateAdd(Incr, carry); + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); } + else + { - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); -#endif + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setMetadata(Mo->getMDKindID("nosanitize"), + MDNode::get(*Ct, None)); + + Value *Incr = IRB.CreateAdd(Counter, One); + + if (skip_nozero == NULL) { + + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Tyi); + Incr = IRB.CreateAdd(Incr, carry); + + } + + IRB.CreateStore(Incr, MapPtrIdx) + ->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); + + } // done :) inst++; diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index dd2e1459..e1e922be 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -96,7 +96,8 @@ static const char *const SanCovPCsSectionName = "sancov_pcs"; static const char *const SanCovLowestStackName = "__sancov_lowest_stack"; -static char *skip_nozero; +static const char *skip_nozero; +static const char *use_threadsafe_counters; namespace { @@ -396,6 +397,7 @@ bool ModuleSanitizerCoverage::instrumentModule( be_quiet = 1; skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); initInstrumentList(); scanForDangerousFunctions(&M); @@ -1081,27 +1083,32 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, Value * MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); -#if 1 /* Atomic */ - IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, - llvm::AtomicOrdering::Monotonic); + if (use_threadsafe_counters) { -#else - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); - /* Update bitmap */ + } + else + { - Value *Incr = IRB.CreateAdd(Counter, One); + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + /* Update bitmap */ - if (skip_nozero == NULL) { + Value *Incr = IRB.CreateAdd(Counter, One); - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); + if (skip_nozero == NULL) { + + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Ty); + Incr = IRB.CreateAdd(Incr, carry); + + } + + IRB.CreateStore(Incr, MapPtrIdx); } - IRB.CreateStore(Incr, MapPtrIdx); -#endif // done :) // IRB.CreateCall(SanCovTracePCGuard, Offset)->setCannotMerge(); diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index 5ed13ff0..10cfa579 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -93,7 +93,8 @@ class AFLLTOPass : public ModulePass { uint32_t function_minimum_size = 1; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; unsigned long long int map_addr = 0x10000; - char * skip_nozero = NULL; + const char *skip_nozero = NULL; + const char *use_threadsafe_counters = nullptr; }; @@ -131,6 +132,8 @@ bool AFLLTOPass::runOnModule(Module &M) { be_quiet = 1; + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); + if ((ptr = getenv("AFL_LLVM_DOCUMENT_IDS")) != NULL) { if ((documentFile = fopen(ptr, "a")) == NULL) @@ -839,29 +842,28 @@ bool AFLLTOPass::runOnModule(Module &M) { /* Update bitmap */ -#if 1 /* Atomic */ - IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, - llvm::AtomicOrdering::Monotonic); + if (use_threadsafe_counters) { + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); + } else { + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setMetadata(M.getMDKindID("nosanitize"), + MDNode::get(C, None)); -#else - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); + Value *Incr = IRB.CreateAdd(Counter, One); - Value *Incr = IRB.CreateAdd(Counter, One); + if (skip_nozero == NULL) { - if (skip_nozero == NULL) { + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Ty); + Incr = IRB.CreateAdd(Incr, carry); - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); + } + IRB.CreateStore(Incr, MapPtrIdx) + ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); } - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); -#endif - // done :) inst_blocks++; diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 3b1119fc..fe9e2e40 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -85,8 +85,8 @@ class AFLCoverage : public ModulePass { uint32_t ctx_k = 0; uint32_t map_size = MAP_SIZE; uint32_t function_minimum_size = 1; - char * ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; - char * use_threadsafe_counters = nullptr; + const char * ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; + const char * use_threadsafe_counters = nullptr; }; @@ -188,11 +188,18 @@ bool AFLCoverage::runOnModule(Module &M) { if ((isatty(2) && !getenv("AFL_QUIET")) || !!getenv("AFL_DEBUG")) { if (use_threadsafe_counters) { - SAYF(cCYA "afl-llvm-pass" VERSION cRST " using threadsafe instrumentation\n"); + if (!getenv("AFL_LLVM_NOT_ZERO")) { + skip_nozero = "1"; + SAYF(cCYA "afl-llvm-pass" VERSION cRST " using thread safe counters\n"); + } + else { + SAYF(cCYA "afl-llvm-pass" VERSION cRST + " using thread safe not-zero-counters\n"); + } } else { - SAYF(cCYA "afl-llvm-pass" VERSION cRST " using non-threadsafe instrumentation\n"); + SAYF(cCYA "afl-llvm-pass" VERSION cRST " using non-thread safe instrumentation\n"); } } From 1a2da67ed0505c9ac0aa1048ba3d607f3c1aa639 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sun, 30 May 2021 21:21:37 +0200 Subject: [PATCH 276/441] add missing include for _exit() --- frida_mode/src/persistent/persistent_x64.c | 1 + 1 file changed, 1 insertion(+) diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 4c495d47..4cb960fc 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -1,3 +1,4 @@ +#include #include "frida-gum.h" #include "config.h" From 76653544056ce2334b6523252e91a8f8a6ac9dcb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 10:13:16 +0200 Subject: [PATCH 277/441] threadsafe doc fixes, code format --- README.md | 3 +- docs/Changelog.md | 3 +- docs/env_variables.md | 9 +- frida_mode/src/instrument/instrument_debug.c | 2 +- frida_mode/src/stats/stats.c | 4 +- instrumentation/README.llvm.md | 7 +- instrumentation/SanitizerCoverageLTO.so.cc | 7 +- .../SanitizerCoveragePCGUARD.so.cc | 6 +- .../afl-llvm-lto-instrumentation.so.cc | 11 +- instrumentation/afl-llvm-pass.so.cc | 116 +++++++++++------- qemu_mode/libqasan/libqasan.c | 5 +- src/afl-cc.c | 3 +- src/afl-fuzz-one.c | 1 + src/afl-fuzz.c | 7 +- 14 files changed, 106 insertions(+), 78 deletions(-) diff --git a/README.md b/README.md index 69e2d14a..c04dba98 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,7 @@ behaviours and defaults: | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| + | Threadsafe counters | | x(3) | | | | | | NeverZero | x86[_64]| x(1) | x | x | x | x | | Persistent Mode | | x | x | x86[_64] | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | @@ -104,7 +105,7 @@ behaviours and defaults: 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin - 3. (currently unassigned) + 3. with `AFL_LLVM_THREADSAFE_INST`, disables NeverZero 4. with pcguard mode and LTO mode for LLVM 11 and newer 5. upcoming, development in the branch 6. not compatible with LTO instrumentation and needs at least LLVM v4.1 diff --git a/docs/Changelog.md b/docs/Changelog.md index d8ffe498..29ea918b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -41,6 +41,8 @@ sending a mail to . it fails - afl-cc: - We do not support llvm versions prior 6.0 anymore + - added thread safe counters to all modes (`AFL_LLVM_THREADSAFE_INST`), + note that this disables never zero counters. - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD @@ -58,7 +60,6 @@ sending a mail to . MacOS shared memory - updated the grammar custom mutator to the newest version - add -d (add dead fuzzer stats) to afl-whatsup - - add thread safe counters for LLVM CLASSIC (set AFL_LLVM_THREADSAFE_INST) - added AFL_PRINT_FILENAMES to afl-showmap/cmin to print the current filename - afl-showmap/cmin will now process queue items in alphabetical order diff --git a/docs/env_variables.md b/docs/env_variables.md index b4b866ab..38a67bc7 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -231,10 +231,11 @@ Then there are a few specific features that are only available in instrumentatio See [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information. -### Thread safe instrumentation counters (in mode LLVM CLASSIC) - - Setting `AFL_LLVM_THREADSAFE_INST` will inject code that implements thread safe counters. - The overhead is a bit higher compared to the older non-thread safe case. - `AFL_LLVM_NOT_ZERO` and `AFL_LLVM_SKIP_NEVERZERO` are supported (see below). +### Thread safe instrumentation counters (in all modes) + + - Setting `AFL_LLVM_THREADSAFE_INST` will inject code that implements thread + safe counters. The overhead is a little bit higher compared to the older + non-thread safe case. Note that this disables neverzero (see below). ### NOT_ZERO diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index be72ef89..f8c1df77 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -17,7 +17,7 @@ static void instrument_debug(char *format, ...) { va_list ap; char buffer[4096] = {0}; int ret; - int len; + int len; va_start(ap, format); ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 890a8d6b..662fb6d5 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -96,10 +96,10 @@ void stats_init(void) { void stats_vprint(int fd, char *format, va_list ap) { char buffer[4096] = {0}; - int ret; + int ret; int len; - if(vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } + if (vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } len = strnlen(buffer, sizeof(buffer)); IGNORED_RETURN(write(fd, buffer, len)); diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 02722588..8ce5afb9 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -144,9 +144,10 @@ is not optimal and was only fixed in llvm 9. You can set this with AFL_LLVM_NOT_ZERO=1 See [README.neverzero.md](README.neverzero.md) -Support for thread safe counters has been added for mode LLVM CLASSIC. -Activate it with `AFL_LLVM_THREADSAFE_INST=1`. The tradeoff is better precision in -multi threaded apps for a slightly higher instrumentation overhead. +Support for thread safe counters has been added for all modes. +Activate it with `AFL_LLVM_THREADSAFE_INST=1`. The tradeoff is better precision +in multi threaded apps for a slightly higher instrumentation overhead. +This also disables the nozero counter default for performance reasons. ## 4) Snapshot feature diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 58969e18..20f1856e 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1497,14 +1497,12 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } /* Update bitmap */ - if (use_threadsafe_counters) { /* Atomic */ + if (use_threadsafe_counters) { /* Atomic */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); - } - else - { + } else { LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setMetadata(Mo->getMDKindID("nosanitize"), @@ -1524,6 +1522,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, ->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); } + // done :) inst++; diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index dbddad0a..4a8c9e28 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -1069,16 +1069,14 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, /* Load counter for CurLoc */ - Value * MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); + Value *MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); if (use_threadsafe_counters) { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); - } - else - { + } else { LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); /* Update bitmap */ diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index b5fdb3d6..fe43fbe5 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -93,8 +93,8 @@ class AFLLTOPass : public ModulePass { uint32_t function_minimum_size = 1; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; unsigned long long int map_addr = 0x10000; - const char *skip_nozero = NULL; - const char *use_threadsafe_counters = nullptr; + const char * skip_nozero = NULL; + const char * use_threadsafe_counters = nullptr; }; @@ -843,9 +843,12 @@ bool AFLLTOPass::runOnModule(Module &M) { /* Update bitmap */ if (use_threadsafe_counters) { + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); + } else { + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); @@ -861,7 +864,9 @@ bool AFLLTOPass::runOnModule(Module &M) { } IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + ->setMetadata(M.getMDKindID("nosanitize"), + MDNode::get(C, None)); + } // done :) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index fe9e2e40..62f8b2ed 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -81,12 +81,12 @@ class AFLCoverage : public ModulePass { bool runOnModule(Module &M) override; protected: - uint32_t ngram_size = 0; - uint32_t ctx_k = 0; - uint32_t map_size = MAP_SIZE; - uint32_t function_minimum_size = 1; - const char * ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; - const char * use_threadsafe_counters = nullptr; + uint32_t ngram_size = 0; + uint32_t ctx_k = 0; + uint32_t map_size = MAP_SIZE; + uint32_t function_minimum_size = 1; + const char *ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; + const char *use_threadsafe_counters = nullptr; }; @@ -188,18 +188,30 @@ bool AFLCoverage::runOnModule(Module &M) { if ((isatty(2) && !getenv("AFL_QUIET")) || !!getenv("AFL_DEBUG")) { if (use_threadsafe_counters) { - if (!getenv("AFL_LLVM_NOT_ZERO")) { - skip_nozero = "1"; - SAYF(cCYA "afl-llvm-pass" VERSION cRST " using thread safe counters\n"); - } - else { - SAYF(cCYA "afl-llvm-pass" VERSION cRST - " using thread safe not-zero-counters\n"); - } - } - else - { - SAYF(cCYA "afl-llvm-pass" VERSION cRST " using non-thread safe instrumentation\n"); + + // disabled unless there is support for other modules as well + // (increases documentation complexity) + /* if (!getenv("AFL_LLVM_NOT_ZERO")) { */ + + skip_nozero = "1"; + SAYF(cCYA "afl-llvm-pass" VERSION cRST " using thread safe counters\n"); + + /* + + } else { + + SAYF(cCYA "afl-llvm-pass" VERSION cRST + " using thread safe not-zero-counters\n"); + + } + + */ + + } else { + + SAYF(cCYA "afl-llvm-pass" VERSION cRST + " using non-thread safe instrumentation\n"); + } } @@ -649,44 +661,44 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ + if (use_threadsafe_counters) { /* Atomic */ - if (use_threadsafe_counters) {/* Atomic */ - - #if LLVM_VERSION_MAJOR < 9 +#if LLVM_VERSION_MAJOR < 9 if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm is then fixed - #else + NULL) { // with llvm 9 we make this the default as the bug in llvm + // is then fixed +#else if (!skip_nozero) { - #endif +#endif // register MapPtrIdx in a todo list todo.push_back(MapPtrIdx); - } - else - { + } else { + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, llvm::AtomicOrdering::Monotonic); + } - } - else - { + + } else { LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); Value *Incr = IRB.CreateAdd(Counter, One); - #if LLVM_VERSION_MAJOR < 9 +#if LLVM_VERSION_MAJOR < 9 if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm is - // then fixed - #else + NULL) { // with llvm 9 we make this the default as the bug in llvm + // is then fixed +#else if (!skip_nozero) { - #endif +#endif /* hexcoder: Realize a counter that skips zero during overflow. - * Once this counter reaches its maximum value, it next increments to 1 + * Once this counter reaches its maximum value, it next increments to + * 1 * * Instead of * Counter + 1 -> Counter @@ -705,7 +717,7 @@ bool AFLCoverage::runOnModule(Module &M) { IRB.CreateStore(Incr, MapPtrIdx) ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - } /* non atomic case */ + } /* non atomic case */ /* Update prev_loc history vector (by placing cur_loc at the head of the vector and shuffle the other elements back by one) */ @@ -762,16 +774,19 @@ bool AFLCoverage::runOnModule(Module &M) { } - if (use_threadsafe_counters) { /*Atomic NeverZero */ + if (use_threadsafe_counters) { /*Atomic NeverZero */ // handle the list of registered blocks to instrument for (auto val : todo) { - /* hexcoder: Realize a thread-safe counter that skips zero during overflow. Once this counter reaches its maximum value, it next increments to 1 - * - * Instead of - * Counter + 1 -> Counter - * we inject now this - * Counter + 1 -> {Counter, OverflowFlag} - * Counter + OverflowFlag -> Counter + + /* hexcoder: Realize a thread-safe counter that skips zero during + * overflow. Once this counter reaches its maximum value, it next + * increments to 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter */ /* equivalent c code looks like this @@ -781,12 +796,19 @@ bool AFLCoverage::runOnModule(Module &M) { int old = atomic_load_explicit(&Counter, memory_order_relaxed); int new; do { + if (old == 255) { + new = 1; + } else { + new = old + 1; + } + } while (!atomic_compare_exchange_weak_explicit(&Counter, &old, new, + memory_order_relaxed, memory_order_relaxed)); */ @@ -805,7 +827,8 @@ bool AFLCoverage::runOnModule(Module &M) { BasicBlock *BB = IRB.GetInsertBlock(); // insert a basic block with the corpus of a do while loop - // the calculation may need to repeat, if atomic compare_exchange is not successful + // the calculation may need to repeat, if atomic compare_exchange is not + // successful BasicBlock::iterator it(*Counter); it++; // split after load counter @@ -857,6 +880,7 @@ bool AFLCoverage::runOnModule(Module &M) { // if the cmpXchg was not successful, retry IRB.CreateCondBr(Success, end_bb, do_while_bb); + } } diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index d4742e3e..6ea24f08 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -69,9 +69,8 @@ __attribute__((constructor)) void __libqasan_init() { __libqasan_is_initialized = 1; __libqasan_init_hooks(); - - if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) - __libqasan_hotpatch(); + + if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); diff --git a/src/afl-cc.c b/src/afl-cc.c index 6be6e165..486f7468 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1777,7 +1777,8 @@ int main(int argc, char **argv, char **envp) { SAYF( "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment " "variables:\n" - " AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters\n" + " AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters, " + "disables neverzero\n" COUNTER_BEHAVIOUR diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4a3e7f33..c3ce2edd 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -561,6 +561,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || + afl->queue_cur->favored || !(afl->fsrv.total_execs % afl->queued_paths) || get_cur_time() - afl->last_path_time > 300000) { // 300 seconds diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a3a623d9..5bdb4c8d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2066,13 +2066,10 @@ int main(int argc, char **argv_orig, char **envp) { break; case 4: afl->expand_havoc = 5; - if (afl->cmplog_lvl && afl->cmplog_lvl < 3) afl->cmplog_lvl = 3; + // if (afl->cmplog_lvl && afl->cmplog_lvl < 3) afl->cmplog_lvl = + // 3; break; case 5: - // if not in sync mode, enable deterministic mode? - // if (!afl->sync_id) afl->skip_deterministic = 0; - afl->expand_havoc = 6; - case 6: // nothing else currently break; From 5b5dff4584f0efa2c02db7d75ebab7e31c253789 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 1 Jun 2021 10:36:18 +0200 Subject: [PATCH 278/441] Wording: "never zero" -> NeverZero --- docs/Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 29ea918b..e7344761 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -42,7 +42,7 @@ sending a mail to . - afl-cc: - We do not support llvm versions prior 6.0 anymore - added thread safe counters to all modes (`AFL_LLVM_THREADSAFE_INST`), - note that this disables never zero counters. + note that this disables NeverZero counters. - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD From 17e904eedf025e870c79cd0dcc037282e1cce1d7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 10:40:25 +0200 Subject: [PATCH 279/441] fix afl_custom_post_process with multiple custom mutators --- docs/Changelog.md | 9 +++++---- src/afl-fuzz-run.c | 34 ++++++++++++++-------------------- 2 files changed, 19 insertions(+), 24 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index e7344761..09e46fb6 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -22,13 +22,14 @@ sending a mail to . to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h - fixed a bug when trimming for stdin targets - - default cmplog level (-l) is now 2, better efficiency. - - cmplog level 3 (-l 3) now performs redqueen on everything. - use with care. - - better fuzzing strategy yields for enabled options + - cmplog -l: default cmplog level is now 2, better efficiency. + level 3 now performs redqueen on everything. use with care. + - better fuzzing strategy yield display for enabled options - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing from fuzzers + - fixed a crash when more than one custom mutator was used together + with afl_custom_post_process - on a crashing seed potentially the wrong input was disabled - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5a481639..7df4c625 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -107,27 +107,21 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len) { new_size = el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); - } + if (unlikely(!new_buf && new_size <= 0)) { - new_mem = new_buf; + FATAL("Custom_post_process failed (ret: %lu)", + (long unsigned)new_size); + + } + + new_mem = new_buf; + + } }); - if (unlikely(!new_buf && (new_size <= 0))) { - - FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size); - - } else if (likely(new_buf)) { - - /* everything as planned. use the new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); - - } else { - - /* custom mutators do not has a custom_post_process function */ - afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); - - } + /* everything as planned. use the potentially new data. */ + afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); } else { @@ -188,16 +182,16 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, new_size = el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); - if (unlikely(!new_buf || (new_size <= 0))) { + if (unlikely(!new_buf || new_size <= 0)) { FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size); } - } + new_mem = new_buf; - new_mem = new_buf; + } }); From 5f6ff95e6a203ef6392f7c100a981671edc5fe41 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 10:53:02 +0200 Subject: [PATCH 280/441] fix docs --- custom_mutators/examples/post_library_gif.so.c | 5 +++-- docs/custom_mutators.md | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/custom_mutators/examples/post_library_gif.so.c b/custom_mutators/examples/post_library_gif.so.c index ac10f409..aec05720 100644 --- a/custom_mutators/examples/post_library_gif.so.c +++ b/custom_mutators/examples/post_library_gif.so.c @@ -45,6 +45,7 @@ 1) If you don't want to modify the test case, simply set `*out_buf = in_buf` and return the original `len`. + NOTE: the following is currently NOT true, we abort in this case! 2) If you want to skip this test case altogether and have AFL generate a new one, return 0 or set `*out_buf = NULL`. Use this sparingly - it's faster than running the target program @@ -53,14 +54,14 @@ 3) If you want to modify the test case, allocate an appropriately-sized buffer, move the data into that buffer, make the necessary changes, and then return the new pointer as out_buf. Return an appropriate len - afterwards. + afterwards. Note that the buffer will *not* be freed for you. To avoid memory leaks, you need to free it or reuse it on subsequent calls (as shown below). *** Feel free to reuse the original 'in_buf' BUFFER and return it. *** - Aight. The example below shows a simple postprocessor that tries to make + Alright. The example below shows a simple postprocessor that tries to make sure that all input files start with "GIF89a". PS. If you don't like C, you can try out the unix-based wrapper from diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 3e3ae01d..129d6676 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -123,6 +123,7 @@ def deinit(): # optional for Python Note that this function is optional - but it makes sense to use it. You would only skip this if `post_process` is used to fix checksums etc. so if you are using it e.g. as a post processing library. + Note that a length > 0 *must* be returned! - `describe` (optional): From 8017f88614d057cee5cf11fd48244d012be77c5e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 11:00:56 +0200 Subject: [PATCH 281/441] debug ck_write --- include/debug.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/include/debug.h b/include/debug.h index fc1f39cb..f8df5711 100644 --- a/include/debug.h +++ b/include/debug.h @@ -362,7 +362,12 @@ static inline const char *colorfilter(const char *x) { \ s32 _len = (s32)(len); \ s32 _res = write(_fd, (buf), _len); \ - if (_res != _len) RPFATAL(_res, "Short write to %s, fd %d", fn, _fd); \ + if (_res != _len) { \ + \ + RPFATAL(_res, "Short write to %s, fd %d (%d of %d bytes)", fn, _fd, \ + _res, _len); \ + \ + } \ \ } while (0) From 7e54c8d7f6ad7e07c5c442d2e92eed3da7c4add0 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 1 Jun 2021 11:06:42 +0200 Subject: [PATCH 282/441] fixed potential diff by 0 --- src/afl-fuzz-redqueen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index cf1e5ea5..22fd0621 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -438,7 +438,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, if (taint) { if (afl->colorize_success && afl->cmplog_lvl < 3 && - (len / positions == 1 && positions > CMPLOG_POSITIONS_MAX && + (positions > CMPLOG_POSITIONS_MAX && len / positions == 1 && afl->active_paths / afl->colorize_success > CMPLOG_CORPUS_PERCENT)) { #ifdef _DEBUG From 07c3e47e6beae3e99637f501095bffb95be9f5da Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 11:19:49 +0200 Subject: [PATCH 283/441] fixes --- src/afl-common.c | 12 ++++++++++-- src/afl-fuzz-run.c | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/afl-common.c b/src/afl-common.c index 8826de70..c61ce3d8 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -479,9 +479,17 @@ void print_suggested_envs(char *mispelled_env) { size_t end = start + strcspn(afl_env + start, "_") + 1; memcpy(reduced, afl_env, start); - if (end < afl_env_len) + if (end < afl_env_len) { + memcpy(reduced + start, afl_env + end, afl_env_len - end); - reduced[afl_env_len - end + start] = 0; + + } + + if (afl_env_len + start >= end) { + + reduced[afl_env_len - end + start] = 0; + + } int distance = string_distance_levenshtein(reduced, env_name); if (distance < ENV_SIMILARITY_TRESHOLD && seen[j] == 0) { diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 7df4c625..2c3e8a1b 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -121,7 +121,7 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len) { }); /* everything as planned. use the potentially new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); + afl_fsrv_write_to_testcase(&afl->fsrv, new_mem, new_size); } else { From b9799bbe1d10461d69f919f950d4a53a578176fa Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 11:28:31 +0200 Subject: [PATCH 284/441] fix classic threadsafe counters --- instrumentation/afl-llvm-pass.so.cc | 38 +++++++++++++++++------------ 1 file changed, 23 insertions(+), 15 deletions(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 62f8b2ed..a8f1baff 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -662,24 +662,29 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ if (use_threadsafe_counters) { /* Atomic */ + /* + #if LLVM_VERSION_MAJOR < 9 + if (neverZero_counters_str != + NULL) { // with llvm 9 we make this the default as the bug + in llvm + // is then fixed + #else + if (!skip_nozero) { + + #endif + // register MapPtrIdx in a todo list + todo.push_back(MapPtrIdx); + + } else { -#if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm - // is then fixed -#else - if (!skip_nozero) { + */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); + /* -#endif - // register MapPtrIdx in a todo list - todo.push_back(MapPtrIdx); + } - } else { - - IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, - llvm::AtomicOrdering::Monotonic); - - } + */ } else { @@ -774,6 +779,7 @@ bool AFLCoverage::runOnModule(Module &M) { } +#if 0 if (use_threadsafe_counters) { /*Atomic NeverZero */ // handle the list of registered blocks to instrument for (auto val : todo) { @@ -885,6 +891,8 @@ bool AFLCoverage::runOnModule(Module &M) { } +#endif + } /* From d20d03114179e7c1dbd142972cafbf4499978cfc Mon Sep 17 00:00:00 2001 From: hexcoder Date: Tue, 1 Jun 2021 12:14:53 +0200 Subject: [PATCH 285/441] Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters Co-authored-by: van Hauser Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic --- README.md | 3 +- .../examples/post_library_gif.so.c | 5 +- docs/Changelog.md | 11 +- docs/custom_mutators.md | 1 + docs/env_variables.md | 6 + frida_mode/src/instrument/instrument_debug.c | 2 +- frida_mode/src/persistent/persistent_x64.c | 1 + frida_mode/src/stats/stats.c | 4 +- include/debug.h | 7 +- include/envs.h | 1 + instrumentation/README.llvm.md | 5 + instrumentation/README.neverzero.md | 14 +- instrumentation/SanitizerCoverageLTO.so.cc | 35 ++- .../SanitizerCoveragePCGUARD.so.cc | 33 ++- .../afl-llvm-lto-instrumentation.so.cc | 37 ++- instrumentation/afl-llvm-pass.so.cc | 234 +++++++++++++++--- qemu_mode/libqasan/libqasan.c | 5 +- src/afl-cc.c | 2 + src/afl-common.c | 12 +- src/afl-fuzz-one.c | 1 + src/afl-fuzz-redqueen.c | 2 +- src/afl-fuzz-run.c | 34 ++- src/afl-fuzz.c | 7 +- test/test-llvm.sh | 30 +++ 24 files changed, 383 insertions(+), 109 deletions(-) diff --git a/README.md b/README.md index 69e2d14a..c04dba98 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,7 @@ behaviours and defaults: | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| + | Threadsafe counters | | x(3) | | | | | | NeverZero | x86[_64]| x(1) | x | x | x | x | | Persistent Mode | | x | x | x86[_64] | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | @@ -104,7 +105,7 @@ behaviours and defaults: 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin - 3. (currently unassigned) + 3. with `AFL_LLVM_THREADSAFE_INST`, disables NeverZero 4. with pcguard mode and LTO mode for LLVM 11 and newer 5. upcoming, development in the branch 6. not compatible with LTO instrumentation and needs at least LLVM v4.1 diff --git a/custom_mutators/examples/post_library_gif.so.c b/custom_mutators/examples/post_library_gif.so.c index ac10f409..aec05720 100644 --- a/custom_mutators/examples/post_library_gif.so.c +++ b/custom_mutators/examples/post_library_gif.so.c @@ -45,6 +45,7 @@ 1) If you don't want to modify the test case, simply set `*out_buf = in_buf` and return the original `len`. + NOTE: the following is currently NOT true, we abort in this case! 2) If you want to skip this test case altogether and have AFL generate a new one, return 0 or set `*out_buf = NULL`. Use this sparingly - it's faster than running the target program @@ -53,14 +54,14 @@ 3) If you want to modify the test case, allocate an appropriately-sized buffer, move the data into that buffer, make the necessary changes, and then return the new pointer as out_buf. Return an appropriate len - afterwards. + afterwards. Note that the buffer will *not* be freed for you. To avoid memory leaks, you need to free it or reuse it on subsequent calls (as shown below). *** Feel free to reuse the original 'in_buf' BUFFER and return it. *** - Aight. The example below shows a simple postprocessor that tries to make + Alright. The example below shows a simple postprocessor that tries to make sure that all input files start with "GIF89a". PS. If you don't like C, you can try out the unix-based wrapper from diff --git a/docs/Changelog.md b/docs/Changelog.md index 298a3998..09e46fb6 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -22,13 +22,14 @@ sending a mail to . to allow replay of non-reproducable crashes, see AFL_PERSISTENT_RECORD in config.h and docs/envs.h - fixed a bug when trimming for stdin targets - - default cmplog level (-l) is now 2, better efficiency. - - cmplog level 3 (-l 3) now performs redqueen on everything. - use with care. - - better fuzzing strategy yields for enabled options + - cmplog -l: default cmplog level is now 2, better efficiency. + level 3 now performs redqueen on everything. use with care. + - better fuzzing strategy yield display for enabled options - ensure one fuzzer sync per cycle - fix afl_custom_queue_new_entry original file name when syncing from fuzzers + - fixed a crash when more than one custom mutator was used together + with afl_custom_post_process - on a crashing seed potentially the wrong input was disabled - added AFL_EXIT_ON_SEED_ISSUES env that will exit if a seed in -i dir crashes the target or results in a timeout. By default @@ -41,6 +42,8 @@ sending a mail to . it fails - afl-cc: - We do not support llvm versions prior 6.0 anymore + - added thread safe counters to all modes (`AFL_LLVM_THREADSAFE_INST`), + note that this disables NeverZero counters. - Fix for -pie compiled binaries with default afl-clang-fast PCGUARD - Leak Sanitizer (AFL_USE_LSAN) added by Joshua Rogers, thanks! - Removed InsTrim instrumentation as it is not as good as PCGUARD diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 3e3ae01d..129d6676 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -123,6 +123,7 @@ def deinit(): # optional for Python Note that this function is optional - but it makes sense to use it. You would only skip this if `post_process` is used to fix checksums etc. so if you are using it e.g. as a post processing library. + Note that a length > 0 *must* be returned! - `describe` (optional): diff --git a/docs/env_variables.md b/docs/env_variables.md index 7bbc0fdd..38a67bc7 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -231,6 +231,12 @@ Then there are a few specific features that are only available in instrumentatio See [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md) for more information. +### Thread safe instrumentation counters (in all modes) + + - Setting `AFL_LLVM_THREADSAFE_INST` will inject code that implements thread + safe counters. The overhead is a little bit higher compared to the older + non-thread safe case. Note that this disables neverzero (see below). + ### NOT_ZERO - Setting `AFL_LLVM_NOT_ZERO=1` during compilation will use counters diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index be72ef89..f8c1df77 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -17,7 +17,7 @@ static void instrument_debug(char *format, ...) { va_list ap; char buffer[4096] = {0}; int ret; - int len; + int len; va_start(ap, format); ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 4c495d47..4cb960fc 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -1,3 +1,4 @@ +#include #include "frida-gum.h" #include "config.h" diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 890a8d6b..662fb6d5 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -96,10 +96,10 @@ void stats_init(void) { void stats_vprint(int fd, char *format, va_list ap) { char buffer[4096] = {0}; - int ret; + int ret; int len; - if(vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } + if (vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } len = strnlen(buffer, sizeof(buffer)); IGNORED_RETURN(write(fd, buffer, len)); diff --git a/include/debug.h b/include/debug.h index fc1f39cb..f8df5711 100644 --- a/include/debug.h +++ b/include/debug.h @@ -362,7 +362,12 @@ static inline const char *colorfilter(const char *x) { \ s32 _len = (s32)(len); \ s32 _res = write(_fd, (buf), _len); \ - if (_res != _len) RPFATAL(_res, "Short write to %s, fd %d", fn, _fd); \ + if (_res != _len) { \ + \ + RPFATAL(_res, "Short write to %s, fd %d (%d of %d bytes)", fn, _fd, \ + _res, _len); \ + \ + } \ \ } while (0) diff --git a/include/envs.h b/include/envs.h index 08b3284a..15116fc1 100644 --- a/include/envs.h +++ b/include/envs.h @@ -126,6 +126,7 @@ static char *afl_environment_variables[] = { "AFL_NGRAM_SIZE", "AFL_LLVM_NOT_ZERO", "AFL_LLVM_INSTRUMENT_FILE", + "AFL_LLVM_THREADSAFE_INST", "AFL_LLVM_SKIP_NEVERZERO", "AFL_NO_AFFINITY", "AFL_TRY_AFFINITY", diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index cfe537d5..8ce5afb9 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -144,6 +144,11 @@ is not optimal and was only fixed in llvm 9. You can set this with AFL_LLVM_NOT_ZERO=1 See [README.neverzero.md](README.neverzero.md) +Support for thread safe counters has been added for all modes. +Activate it with `AFL_LLVM_THREADSAFE_INST=1`. The tradeoff is better precision +in multi threaded apps for a slightly higher instrumentation overhead. +This also disables the nozero counter default for performance reasons. + ## 4) Snapshot feature To speed up fuzzing you can use a linux loadable kernel module which enables diff --git a/instrumentation/README.neverzero.md b/instrumentation/README.neverzero.md index 49104e00..9bcae324 100644 --- a/instrumentation/README.neverzero.md +++ b/instrumentation/README.neverzero.md @@ -16,11 +16,12 @@ at a very little cost (one instruction per edge). (The alternative of saturated counters has been tested also and proved to be inferior in terms of path discovery.) -This is implemented in afl-gcc and afl-gcc-fast, however for llvm_mode this is optional if -the llvm version is below 9 - as there is a perfomance bug that is only fixed -in version 9 and onwards. +This is implemented in afl-gcc and afl-gcc-fast, however for llvm_mode this is +optional if multithread safe counters are selected or the llvm version is below +9 - as there are severe performance costs in these cases. -If you want to enable this for llvm versions below 9 then set +If you want to enable this for llvm versions below 9 or thread safe counters +then set ``` export AFL_LLVM_NOT_ZERO=1 @@ -33,3 +34,8 @@ AFL_LLVM_SKIP_NEVERZERO=1 ``` If the target does not have extensive loops or functions that are called a lot then this can give a small performance boost. + +Please note that the default counter implementations are not thread safe! + +Support for thread safe counters in mode LLVM CLASSIC can be activated with setting +`AFL_LLVM_THREADSAFE_INST=1`. \ No newline at end of file diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 2f4337eb..20f1856e 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -236,7 +236,8 @@ class ModuleSanitizerCoverage { uint32_t inst = 0; uint32_t afl_global_id = 0; uint64_t map_addr = 0; - char * skip_nozero = NULL; + const char * skip_nozero = NULL; + const char * use_threadsafe_counters = nullptr; std::vector BlockList; DenseMap valueMap; std::vector dictionary; @@ -437,6 +438,7 @@ bool ModuleSanitizerCoverage::instrumentModule( be_quiet = 1; skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); if ((ptr = getenv("AFL_LLVM_LTO_STARTID")) != NULL) if ((afl_global_id = atoi(ptr)) < 0) @@ -1208,7 +1210,7 @@ void ModuleSanitizerCoverage::instrumentFunction( return; // Should not instrument sanitizer init functions. if (F.getName().startswith("__sanitizer_")) return; // Don't instrument __sanitizer_* callbacks. - // Don't touch available_externally functions, their actual body is elewhere. + // Don't touch available_externally functions, their actual body is elsewhere. if (F.getLinkage() == GlobalValue::AvailableExternallyLinkage) return; // Don't instrument MSVC CRT configuration helpers. They may run before normal // initialization. @@ -1495,23 +1497,32 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, } /* Update bitmap */ + if (use_threadsafe_counters) { /* Atomic */ - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); - Value *Incr = IRB.CreateAdd(Counter, One); + } else { - if (skip_nozero == NULL) { + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setMetadata(Mo->getMDKindID("nosanitize"), + MDNode::get(*Ct, None)); - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Tyi); - Incr = IRB.CreateAdd(Incr, carry); + Value *Incr = IRB.CreateAdd(Counter, One); + + if (skip_nozero == NULL) { + + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Tyi); + Incr = IRB.CreateAdd(Incr, carry); + + } + + IRB.CreateStore(Incr, MapPtrIdx) + ->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); } - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(Mo->getMDKindID("nosanitize"), MDNode::get(*Ct, None)); - // done :) inst++; diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 8878d3b1..4a8c9e28 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -86,7 +86,8 @@ const char SanCovPCsSectionName[] = "sancov_pcs"; const char SanCovLowestStackName[] = "__sancov_lowest_stack"; -static char *skip_nozero; +static const char *skip_nozero; +static const char *use_threadsafe_counters; namespace { @@ -386,6 +387,7 @@ bool ModuleSanitizerCoverage::instrumentModule( be_quiet = 1; skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); initInstrumentList(); scanForDangerousFunctions(&M); @@ -1067,23 +1069,32 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, /* Load counter for CurLoc */ - Value * MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Value *MapPtrIdx = IRB.CreateGEP(MapPtr, CurLoc); - /* Update bitmap */ + if (use_threadsafe_counters) { - Value *Incr = IRB.CreateAdd(Counter, One); + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); - if (skip_nozero == NULL) { + } else { - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + /* Update bitmap */ + + Value *Incr = IRB.CreateAdd(Counter, One); + + if (skip_nozero == NULL) { + + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Ty); + Incr = IRB.CreateAdd(Incr, carry); + + } + + IRB.CreateStore(Incr, MapPtrIdx); } - IRB.CreateStore(Incr, MapPtrIdx); - // done :) // IRB.CreateCall(SanCovTracePCGuard, Offset)->setCannotMerge(); diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index 68bd2fa5..fe43fbe5 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -93,7 +93,8 @@ class AFLLTOPass : public ModulePass { uint32_t function_minimum_size = 1; uint32_t inst_blocks = 0, inst_funcs = 0, total_instr = 0; unsigned long long int map_addr = 0x10000; - char * skip_nozero = NULL; + const char * skip_nozero = NULL; + const char * use_threadsafe_counters = nullptr; }; @@ -131,6 +132,8 @@ bool AFLLTOPass::runOnModule(Module &M) { be_quiet = 1; + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); + if ((ptr = getenv("AFL_LLVM_DOCUMENT_IDS")) != NULL) { if ((documentFile = fopen(ptr, "a")) == NULL) @@ -839,23 +842,33 @@ bool AFLLTOPass::runOnModule(Module &M) { /* Update bitmap */ - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(M.getMDKindID("nosanitize"), - MDNode::get(C, None)); + if (use_threadsafe_counters) { - Value *Incr = IRB.CreateAdd(Counter, One); + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); - if (skip_nozero == NULL) { + } else { - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setMetadata(M.getMDKindID("nosanitize"), + MDNode::get(C, None)); + + Value *Incr = IRB.CreateAdd(Counter, One); + + if (skip_nozero == NULL) { + + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Ty); + Incr = IRB.CreateAdd(Incr, carry); + + } + + IRB.CreateStore(Incr, MapPtrIdx) + ->setMetadata(M.getMDKindID("nosanitize"), + MDNode::get(C, None)); } - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); - // done :) inst_blocks++; diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 0f773aba..a8f1baff 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -81,11 +81,12 @@ class AFLCoverage : public ModulePass { bool runOnModule(Module &M) override; protected: - uint32_t ngram_size = 0; - uint32_t ctx_k = 0; - uint32_t map_size = MAP_SIZE; - uint32_t function_minimum_size = 1; - char * ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; + uint32_t ngram_size = 0; + uint32_t ctx_k = 0; + uint32_t map_size = MAP_SIZE; + uint32_t function_minimum_size = 1; + const char *ctx_str = NULL, *caller_str = NULL, *skip_nozero = NULL; + const char *use_threadsafe_counters = nullptr; }; @@ -182,6 +183,38 @@ bool AFLCoverage::runOnModule(Module &M) { char *neverZero_counters_str = getenv("AFL_LLVM_NOT_ZERO"); #endif skip_nozero = getenv("AFL_LLVM_SKIP_NEVERZERO"); + use_threadsafe_counters = getenv("AFL_LLVM_THREADSAFE_INST"); + + if ((isatty(2) && !getenv("AFL_QUIET")) || !!getenv("AFL_DEBUG")) { + + if (use_threadsafe_counters) { + + // disabled unless there is support for other modules as well + // (increases documentation complexity) + /* if (!getenv("AFL_LLVM_NOT_ZERO")) { */ + + skip_nozero = "1"; + SAYF(cCYA "afl-llvm-pass" VERSION cRST " using thread safe counters\n"); + + /* + + } else { + + SAYF(cCYA "afl-llvm-pass" VERSION cRST + " using thread safe not-zero-counters\n"); + + } + + */ + + } else { + + SAYF(cCYA "afl-llvm-pass" VERSION cRST + " using non-thread safe instrumentation\n"); + + } + + } unsigned PrevLocSize = 0; unsigned PrevCallerSize = 0; @@ -388,7 +421,6 @@ bool AFLCoverage::runOnModule(Module &M) { #endif // other constants we need - ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); ConstantInt *One = ConstantInt::get(Int8Ty, 1); Value * PrevCtx = NULL; // CTX sensitive coverage @@ -410,6 +442,7 @@ bool AFLCoverage::runOnModule(Module &M) { if (F.size() < function_minimum_size) continue; + std::list todo; for (auto &BB : F) { BasicBlock::iterator IP = BB.getFirstInsertionPt(); @@ -628,37 +661,68 @@ bool AFLCoverage::runOnModule(Module &M) { /* Update bitmap */ - LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); - Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + if (use_threadsafe_counters) { /* Atomic */ + /* + #if LLVM_VERSION_MAJOR < 9 + if (neverZero_counters_str != + NULL) { // with llvm 9 we make this the default as the bug + in llvm + // is then fixed + #else + if (!skip_nozero) { + + #endif + // register MapPtrIdx in a todo list + todo.push_back(MapPtrIdx); + + } else { - Value *Incr = IRB.CreateAdd(Counter, One); + */ + IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, + llvm::AtomicOrdering::Monotonic); + /* + + } + + */ + + } else { + + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + Value *Incr = IRB.CreateAdd(Counter, One); #if LLVM_VERSION_MAJOR < 9 - if (neverZero_counters_str != - NULL) { // with llvm 9 we make this the default as the bug in llvm is - // then fixed + if (neverZero_counters_str != + NULL) { // with llvm 9 we make this the default as the bug in llvm + // is then fixed #else - if (!skip_nozero) { + if (!skip_nozero) { #endif - /* hexcoder: Realize a counter that skips zero during overflow. - * Once this counter reaches its maximum value, it next increments to 1 - * - * Instead of - * Counter + 1 -> Counter - * we inject now this - * Counter + 1 -> {Counter, OverflowFlag} - * Counter + OverflowFlag -> Counter - */ + /* hexcoder: Realize a counter that skips zero during overflow. + * Once this counter reaches its maximum value, it next increments to + * 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter + */ - auto cf = IRB.CreateICmpEQ(Incr, Zero); - auto carry = IRB.CreateZExt(cf, Int8Ty); - Incr = IRB.CreateAdd(Incr, carry); + ConstantInt *Zero = ConstantInt::get(Int8Ty, 0); + auto cf = IRB.CreateICmpEQ(Incr, Zero); + auto carry = IRB.CreateZExt(cf, Int8Ty); + Incr = IRB.CreateAdd(Incr, carry); - } + } - IRB.CreateStore(Incr, MapPtrIdx) - ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + IRB.CreateStore(Incr, MapPtrIdx) + ->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + } /* non atomic case */ /* Update prev_loc history vector (by placing cur_loc at the head of the vector and shuffle the other elements back by one) */ @@ -715,6 +779,120 @@ bool AFLCoverage::runOnModule(Module &M) { } +#if 0 + if (use_threadsafe_counters) { /*Atomic NeverZero */ + // handle the list of registered blocks to instrument + for (auto val : todo) { + + /* hexcoder: Realize a thread-safe counter that skips zero during + * overflow. Once this counter reaches its maximum value, it next + * increments to 1 + * + * Instead of + * Counter + 1 -> Counter + * we inject now this + * Counter + 1 -> {Counter, OverflowFlag} + * Counter + OverflowFlag -> Counter + */ + + /* equivalent c code looks like this + * Thanks to + https://preshing.com/20150402/you-can-do-any-kind-of-atomic-read-modify-write-operation/ + + int old = atomic_load_explicit(&Counter, memory_order_relaxed); + int new; + do { + + if (old == 255) { + + new = 1; + + } else { + + new = old + 1; + + } + + } while (!atomic_compare_exchange_weak_explicit(&Counter, &old, new, + + memory_order_relaxed, memory_order_relaxed)); + + */ + + Value * MapPtrIdx = val; + Instruction * MapPtrIdxInst = cast(val); + BasicBlock::iterator it0(&(*MapPtrIdxInst)); + ++it0; + IRBuilder<> IRB(&(*it0)); + + // load the old counter value atomically + LoadInst *Counter = IRB.CreateLoad(MapPtrIdx); + Counter->setAlignment(llvm::Align()); + Counter->setAtomic(llvm::AtomicOrdering::Monotonic); + Counter->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + BasicBlock *BB = IRB.GetInsertBlock(); + // insert a basic block with the corpus of a do while loop + // the calculation may need to repeat, if atomic compare_exchange is not + // successful + + BasicBlock::iterator it(*Counter); + it++; // split after load counter + BasicBlock *end_bb = BB->splitBasicBlock(it); + end_bb->setName("injected"); + + // insert the block before the second half of the split + BasicBlock *do_while_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + + // set terminator of BB from target end_bb to target do_while_bb + auto term = BB->getTerminator(); + BranchInst::Create(do_while_bb, BB); + term->eraseFromParent(); + + // continue to fill instructions into the do_while loop + IRB.SetInsertPoint(do_while_bb, do_while_bb->getFirstInsertionPt()); + + PHINode *PN = IRB.CreatePHI(Int8Ty, 2); + + // compare with maximum value 0xff + auto *Cmp = IRB.CreateICmpEQ(Counter, ConstantInt::get(Int8Ty, -1)); + + // increment the counter + Value *Incr = IRB.CreateAdd(Counter, One); + + // select the counter value or 1 + auto *Select = IRB.CreateSelect(Cmp, One, Incr); + + // try to save back the new counter value + auto *CmpXchg = IRB.CreateAtomicCmpXchg( + MapPtrIdx, PN, Select, llvm::AtomicOrdering::Monotonic, + llvm::AtomicOrdering::Monotonic); + CmpXchg->setAlignment(llvm::Align()); + CmpXchg->setWeak(true); + CmpXchg->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + + // get the result of trying to update the Counter + Value *Success = + IRB.CreateExtractValue(CmpXchg, ArrayRef({1})); + // get the (possibly updated) value of Counter + Value *OldVal = + IRB.CreateExtractValue(CmpXchg, ArrayRef({0})); + + // initially we use Counter + PN->addIncoming(Counter, BB); + // on retry, we use the updated value + PN->addIncoming(OldVal, do_while_bb); + + // if the cmpXchg was not successful, retry + IRB.CreateCondBr(Success, end_bb, do_while_bb); + + } + + } + +#endif + } /* diff --git a/qemu_mode/libqasan/libqasan.c b/qemu_mode/libqasan/libqasan.c index d4742e3e..6ea24f08 100644 --- a/qemu_mode/libqasan/libqasan.c +++ b/qemu_mode/libqasan/libqasan.c @@ -69,9 +69,8 @@ __attribute__((constructor)) void __libqasan_init() { __libqasan_is_initialized = 1; __libqasan_init_hooks(); - - if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) - __libqasan_hotpatch(); + + if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); if (getenv("AFL_INST_LIBS") || getenv("QASAN_HOTPACH")) __libqasan_hotpatch(); diff --git a/src/afl-cc.c b/src/afl-cc.c index 8af8e7b0..486f7468 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -1777,6 +1777,8 @@ int main(int argc, char **argv, char **envp) { SAYF( "\nLLVM/LTO/afl-clang-fast/afl-clang-lto specific environment " "variables:\n" + " AFL_LLVM_THREADSAFE_INST: instrument with thread safe counters, " + "disables neverzero\n" COUNTER_BEHAVIOUR diff --git a/src/afl-common.c b/src/afl-common.c index 8826de70..c61ce3d8 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -479,9 +479,17 @@ void print_suggested_envs(char *mispelled_env) { size_t end = start + strcspn(afl_env + start, "_") + 1; memcpy(reduced, afl_env, start); - if (end < afl_env_len) + if (end < afl_env_len) { + memcpy(reduced + start, afl_env + end, afl_env_len - end); - reduced[afl_env_len - end + start] = 0; + + } + + if (afl_env_len + start >= end) { + + reduced[afl_env_len - end + start] = 0; + + } int distance = string_distance_levenshtein(reduced, env_name); if (distance < ENV_SIMILARITY_TRESHOLD && seen[j] == 0) { diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 4a3e7f33..c3ce2edd 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -561,6 +561,7 @@ u8 fuzz_one_original(afl_state_t *afl) { if (afl->cmplog_lvl == 3 || (afl->cmplog_lvl == 2 && afl->queue_cur->tc_ref) || + afl->queue_cur->favored || !(afl->fsrv.total_execs % afl->queued_paths) || get_cur_time() - afl->last_path_time > 300000) { // 300 seconds diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index cf1e5ea5..22fd0621 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -438,7 +438,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, if (taint) { if (afl->colorize_success && afl->cmplog_lvl < 3 && - (len / positions == 1 && positions > CMPLOG_POSITIONS_MAX && + (positions > CMPLOG_POSITIONS_MAX && len / positions == 1 && afl->active_paths / afl->colorize_success > CMPLOG_CORPUS_PERCENT)) { #ifdef _DEBUG diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 5a481639..2c3e8a1b 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -107,27 +107,21 @@ write_to_testcase(afl_state_t *afl, void *mem, u32 len) { new_size = el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); - } + if (unlikely(!new_buf && new_size <= 0)) { - new_mem = new_buf; + FATAL("Custom_post_process failed (ret: %lu)", + (long unsigned)new_size); + + } + + new_mem = new_buf; + + } }); - if (unlikely(!new_buf && (new_size <= 0))) { - - FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size); - - } else if (likely(new_buf)) { - - /* everything as planned. use the new data. */ - afl_fsrv_write_to_testcase(&afl->fsrv, new_buf, new_size); - - } else { - - /* custom mutators do not has a custom_post_process function */ - afl_fsrv_write_to_testcase(&afl->fsrv, mem, len); - - } + /* everything as planned. use the potentially new data. */ + afl_fsrv_write_to_testcase(&afl->fsrv, new_mem, new_size); } else { @@ -188,16 +182,16 @@ static void write_with_gap(afl_state_t *afl, u8 *mem, u32 len, u32 skip_at, new_size = el->afl_custom_post_process(el->data, new_mem, new_size, &new_buf); - if (unlikely(!new_buf || (new_size <= 0))) { + if (unlikely(!new_buf || new_size <= 0)) { FATAL("Custom_post_process failed (ret: %lu)", (long unsigned)new_size); } - } + new_mem = new_buf; - new_mem = new_buf; + } }); diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index a3a623d9..5bdb4c8d 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2066,13 +2066,10 @@ int main(int argc, char **argv_orig, char **envp) { break; case 4: afl->expand_havoc = 5; - if (afl->cmplog_lvl && afl->cmplog_lvl < 3) afl->cmplog_lvl = 3; + // if (afl->cmplog_lvl && afl->cmplog_lvl < 3) afl->cmplog_lvl = + // 3; break; case 5: - // if not in sync mode, enable deterministic mode? - // if (!afl->sync_id) afl->skip_deterministic = 0; - afl->expand_havoc = 6; - case 6: // nothing else currently break; diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 06d0a0f8..1152cc4e 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -43,6 +43,36 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { $ECHO "$RED[!] llvm_mode failed" CODE=1 } + AFL_LLVM_INSTRUMENT=CLASSIC AFL_LLVM_THREADSAFE_INST=1 ../afl-clang-fast -o test-instr.ts ../test-instr.c > /dev/null 2>&1 + test -e test-instr.ts && { + $ECHO "$GREEN[+] llvm_mode threadsafe compilation succeeded" + echo 0 | AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.ts.0 -r -- ./test-instr.ts > /dev/null 2>&1 + AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o test-instr.ts.1 -r -- ./test-instr.ts < /dev/null > /dev/null 2>&1 + test -e test-instr.ts.0 -a -e test-instr.ts.1 && { + diff test-instr.ts.0 test-instr.ts.1 > /dev/null 2>&1 && { + $ECHO "$RED[!] llvm_mode threadsafe instrumentation should be different on different input but is not" + CODE=1 + } || { + $ECHO "$GREEN[+] llvm_mode threadsafe instrumentation present and working correctly" + TUPLES=`echo 0|AFL_QUIET=1 ../afl-showmap -m ${MEM_LIMIT} -o /dev/null -- ./test-instr.ts 2>&1 | grep Captur | awk '{print$3}'` + test "$TUPLES" -gt 2 -a "$TUPLES" -lt 8 && { + $ECHO "$GREEN[+] llvm_mode run reported $TUPLES threadsafe instrumented locations which is fine" + } || { + $ECHO "$RED[!] llvm_mode threadsafe instrumentation produces weird numbers: $TUPLES" + CODE=1 + } + test "$TUPLES" -lt 3 && SKIP=1 + true + } + } || { + $ECHO "$RED[!] llvm_mode threadsafe instrumentation failed" + CODE=1 + } + rm -f test-instr.ts.0 test-instr.ts.1 + } || { + $ECHO "$RED[!] llvm_mode (threadsafe) failed" + CODE=1 + } ../afl-clang-fast -DTEST_SHARED_OBJECT=1 -z defs -fPIC -shared -o test-instr.so ../test-instr.c > /dev/null 2>&1 test -e test-instr.so && { $ECHO "$GREEN[+] llvm_mode shared object with -z defs compilation succeeded" From f9ca2cf98938ae382d0affc47dbbc78d7291708b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 12:15:14 +0200 Subject: [PATCH 286/441] v3.13c release --- README.md | 4 ++-- docs/Changelog.md | 2 +- include/config.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c04dba98..ba612edb 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ Logo - Release Version: [3.12c](https://github.com/AFLplusplus/AFLplusplus/releases) + Release Version: [3.13c](https://github.com/AFLplusplus/AFLplusplus/releases) - Github Version: 3.13a + Github Version: 3.14a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 09e46fb6..1887c099 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,7 +8,7 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . -### Version ++3.13a (development) +### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, it currently supports persistent mode and cmplog. diff --git a/include/config.h b/include/config.h index 80cdb684..a1fdd789 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++3.13a" +#define VERSION "++3.13c" /****************************************************** * * From 02294d368a29a0e748ab00c240d56c2c225b0941 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 1 Jun 2021 12:15:54 +0200 Subject: [PATCH 287/441] v3.13c release (#950) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic --- README.md | 4 ++-- docs/Changelog.md | 2 +- include/config.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index c04dba98..ba612edb 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ Logo - Release Version: [3.12c](https://github.com/AFLplusplus/AFLplusplus/releases) + Release Version: [3.13c](https://github.com/AFLplusplus/AFLplusplus/releases) - Github Version: 3.13a + Github Version: 3.14a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) diff --git a/docs/Changelog.md b/docs/Changelog.md index 09e46fb6..1887c099 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,7 +8,7 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . -### Version ++3.13a (development) +### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, it currently supports persistent mode and cmplog. diff --git a/include/config.h b/include/config.h index 80cdb684..a1fdd789 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++3.13a" +#define VERSION "++3.13c" /****************************************************** * * From 9cf45db7f93f8c3d96e77ea7a5c5785bf768794e Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 1 Jun 2021 12:19:28 +0200 Subject: [PATCH 288/441] back push (#952) * Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters Co-authored-by: van Hauser Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic * v3.13c release (#950) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder- From bdc7aa1a94b04de1e670f42eaa329bc18826cb9d Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 12:39:13 +0200 Subject: [PATCH 289/441] v3.14a init --- docs/Changelog.md | 4 ++++ include/config.h | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 1887c099..419d5a99 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,6 +8,10 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . +### Version ++3.14a (release) + - ... your pull request? + + ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, diff --git a/include/config.h b/include/config.h index a1fdd789..9d732e53 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++3.13c" +#define VERSION "++3.14a" /****************************************************** * * From 753d5d74ffc0a75ee437be0e87ca0b93c2e61b1b Mon Sep 17 00:00:00 2001 From: terrynini Date: Tue, 1 Jun 2021 18:39:39 +0800 Subject: [PATCH 290/441] remove redundant unsetenv (#947) --- src/afl-fuzz-run.c | 1 - src/afl-fuzz.c | 3 --- 2 files changed, 4 deletions(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 2c3e8a1b..493735ff 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -333,7 +333,6 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, if (afl->fsrv.support_shmem_fuzz && !afl->fsrv.use_shmem_fuzz) { - unsetenv(SHM_FUZZ_ENV_VAR); afl_shm_deinit(afl->shm_fuzz); ck_free(afl->shm_fuzz); afl->shm_fuzz = NULL; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5bdb4c8d..196547f4 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2283,13 +2283,10 @@ stop_fuzzing: destroy_queue(afl); destroy_extras(afl); destroy_custom_mutators(afl); - unsetenv(SHM_ENV_VAR); - unsetenv(CMPLOG_SHM_ENV_VAR); afl_shm_deinit(&afl->shm); if (afl->shm_fuzz) { - unsetenv(SHM_FUZZ_ENV_VAR); afl_shm_deinit(afl->shm_fuzz); ck_free(afl->shm_fuzz); From 409636079118cb3e2c864bf2729ebb07bc0437ee Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 12:48:10 +0200 Subject: [PATCH 291/441] update MacOS Install information --- docs/INSTALL.md | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 80d452f7..fc57f546 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -65,22 +65,17 @@ The QEMU mode is currently supported only on Linux. I think it's just a QEMU problem, I couldn't get a vanilla copy of user-mode emulation support working correctly on BSD at all. -## 3. MacOS X on x86 +## 3. MacOS X on x86 and arm64 (M1) MacOS X should work, but there are some gotchas due to the idiosyncrasies of the platform. On top of this, I have limited release testing capabilities and depend mostly on user feedback. -To build AFL, install Xcode and follow the general instructions for Linux. +To build AFL, install llvm (and perhaps gcc) from brew and follow the general +instructions for Linux. If possible avoid Xcode at all cost. -The Xcode 'gcc' tool is just a wrapper for clang, so be sure to use afl-clang -to compile any instrumented binaries; afl-gcc will fail unless you have GCC -installed from another source (in which case, please specify `AFL_CC` and -`AFL_CXX` to point to the "real" GCC binaries). - -Only 64-bit compilation will work on the platform; porting the 32-bit -instrumentation would require a fair amount of work due to the way OS X -handles relocations, and today, virtually all MacOS X boxes are 64-bit. +afl-gcc will fail unless you have GCC installed, but that is using outdated +instrumentation anyway. You don't want that. The crash reporting daemon that comes by default with MacOS X will cause problems with fuzzing. You need to turn it off by following the instructions @@ -98,10 +93,7 @@ and definitely don't look POSIX-compliant. This means two things: User emulation mode of QEMU does not appear to be supported on MacOS X, so black-box instrumentation mode (`-Q`) will not work. - -The llvm instrumentation requires a fully-operational installation of clang. The one that -comes with Xcode is missing some of the essential headers and helper tools. -See README.llvm.md for advice on how to build the compiler from scratch. +However Frida mode (`-O`) should work on x86 and arm64 MacOS boxes. MacOS X supports SYSV shared memory used by AFL's instrumentation, but the default settings aren't usable with AFL++. The default settings on 10.14 seem From 64368d4ba79ec4a2223d0bfe218c1f48a522af83 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 1 Jun 2021 18:19:15 +0200 Subject: [PATCH 292/441] add missing clean action for frida_mode --- GNUmakefile | 1 + 1 file changed, 1 insertion(+) diff --git a/GNUmakefile b/GNUmakefile index 270746b4..a45f6d5c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -572,6 +572,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libqasan clean + $(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true From e3a0ede91c9319ac6991c3f739b24e6af08749d9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 18:35:42 +0200 Subject: [PATCH 293/441] ensure memory is there before free --- src/afl-fuzz-redqueen.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 22fd0621..b41ffa88 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2663,7 +2663,12 @@ exit_its: afl->queue_cur->colorized = CMPLOG_LVL_MAX; - ck_free(afl->queue_cur->cmplog_colorinput); + if (afl->queue_cur->cmplog_colorinput) { + + ck_free(afl->queue_cur->cmplog_colorinput); + + } + while (taint) { t = taint->next; From 97225f1f6f55366a8e2702652dd2e3e1f65b72d5 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 1 Jun 2021 18:36:28 +0200 Subject: [PATCH 294/441] adapt to incompatible LLVM 13 API --- instrumentation/SanitizerCoverageLTO.so.cc | 3 +++ instrumentation/SanitizerCoveragePCGUARD.so.cc | 3 +++ instrumentation/afl-llvm-lto-instrumentation.so.cc | 3 +++ instrumentation/afl-llvm-pass.so.cc | 3 +++ 4 files changed, 12 insertions(+) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 20f1856e..74ef03df 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1500,6 +1500,9 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (use_threadsafe_counters) { /* Atomic */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm_MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); } else { diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 4a8c9e28..d79dd65a 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -1074,6 +1074,9 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (use_threadsafe_counters) { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm_MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); } else { diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index fe43fbe5..91f0e7e6 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -845,6 +845,9 @@ bool AFLLTOPass::runOnModule(Module &M) { if (use_threadsafe_counters) { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm_MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); } else { diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index a8f1baff..a2de5cb3 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -679,6 +679,9 @@ bool AFLCoverage::runOnModule(Module &M) { */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm_MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); /* From 96c802fce83fc2fa178207214573f8c9f1995fba Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 1 Jun 2021 18:41:38 +0200 Subject: [PATCH 295/441] fix stupid typos --- instrumentation/SanitizerCoverageLTO.so.cc | 2 +- instrumentation/SanitizerCoveragePCGUARD.so.cc | 2 +- instrumentation/afl-llvm-lto-instrumentation.so.cc | 2 +- instrumentation/afl-llvm-pass.so.cc | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 74ef03df..372af003 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1501,7 +1501,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 - llvm_MaybeAlign(1), + llvm::MaybeAlign(1), #endif llvm::AtomicOrdering::Monotonic); diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index d79dd65a..48ad2d02 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -1075,7 +1075,7 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 - llvm_MaybeAlign(1), + llvm::MaybeAlign(1), #endif llvm::AtomicOrdering::Monotonic); diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index 91f0e7e6..bb9b9279 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -846,7 +846,7 @@ bool AFLLTOPass::runOnModule(Module &M) { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 - llvm_MaybeAlign(1), + llvm::MaybeAlign(1), #endif llvm::AtomicOrdering::Monotonic); diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index a2de5cb3..6fe34ccd 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -680,7 +680,7 @@ bool AFLCoverage::runOnModule(Module &M) { */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 - llvm_MaybeAlign(1), + llvm::MaybeAlign(1), #endif llvm::AtomicOrdering::Monotonic); /* From bee3902062a7020218533476e006d9d438d75406 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 18:44:52 +0200 Subject: [PATCH 296/441] add fix info --- docs/Changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 419d5a99..a49c0672 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,7 +9,7 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.14a (release) - - ... your pull request? + - Fix for llvm 13 ### Version ++3.13c (release) From a321d4102b6c3bec3471c4351692d1ad2a410e70 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 1 Jun 2021 18:55:25 +0200 Subject: [PATCH 297/441] push to stable (#953) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release * back push (#952) * Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters Co-authored-by: van Hauser Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic * v3.13c release (#950) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder- * v3.14a init * remove redundant unsetenv (#947) * update MacOS Install information * add missing clean action for frida_mode * ensure memory is there before free * adapt to incompatible LLVM 13 API * fix stupid typos * add fix info Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: terrynini --- GNUmakefile | 1 + docs/Changelog.md | 4 ++++ docs/INSTALL.md | 20 ++++++------------- include/config.h | 2 +- instrumentation/SanitizerCoverageLTO.so.cc | 3 +++ .../SanitizerCoveragePCGUARD.so.cc | 3 +++ .../afl-llvm-lto-instrumentation.so.cc | 3 +++ instrumentation/afl-llvm-pass.so.cc | 3 +++ src/afl-fuzz-redqueen.c | 7 ++++++- src/afl-fuzz-run.c | 1 - src/afl-fuzz.c | 3 --- 11 files changed, 30 insertions(+), 20 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 270746b4..a45f6d5c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -572,6 +572,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libqasan clean + $(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true diff --git a/docs/Changelog.md b/docs/Changelog.md index 1887c099..a49c0672 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,6 +8,10 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . +### Version ++3.14a (release) + - Fix for llvm 13 + + ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, diff --git a/docs/INSTALL.md b/docs/INSTALL.md index 80d452f7..fc57f546 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -65,22 +65,17 @@ The QEMU mode is currently supported only on Linux. I think it's just a QEMU problem, I couldn't get a vanilla copy of user-mode emulation support working correctly on BSD at all. -## 3. MacOS X on x86 +## 3. MacOS X on x86 and arm64 (M1) MacOS X should work, but there are some gotchas due to the idiosyncrasies of the platform. On top of this, I have limited release testing capabilities and depend mostly on user feedback. -To build AFL, install Xcode and follow the general instructions for Linux. +To build AFL, install llvm (and perhaps gcc) from brew and follow the general +instructions for Linux. If possible avoid Xcode at all cost. -The Xcode 'gcc' tool is just a wrapper for clang, so be sure to use afl-clang -to compile any instrumented binaries; afl-gcc will fail unless you have GCC -installed from another source (in which case, please specify `AFL_CC` and -`AFL_CXX` to point to the "real" GCC binaries). - -Only 64-bit compilation will work on the platform; porting the 32-bit -instrumentation would require a fair amount of work due to the way OS X -handles relocations, and today, virtually all MacOS X boxes are 64-bit. +afl-gcc will fail unless you have GCC installed, but that is using outdated +instrumentation anyway. You don't want that. The crash reporting daemon that comes by default with MacOS X will cause problems with fuzzing. You need to turn it off by following the instructions @@ -98,10 +93,7 @@ and definitely don't look POSIX-compliant. This means two things: User emulation mode of QEMU does not appear to be supported on MacOS X, so black-box instrumentation mode (`-Q`) will not work. - -The llvm instrumentation requires a fully-operational installation of clang. The one that -comes with Xcode is missing some of the essential headers and helper tools. -See README.llvm.md for advice on how to build the compiler from scratch. +However Frida mode (`-O`) should work on x86 and arm64 MacOS boxes. MacOS X supports SYSV shared memory used by AFL's instrumentation, but the default settings aren't usable with AFL++. The default settings on 10.14 seem diff --git a/include/config.h b/include/config.h index a1fdd789..9d732e53 100644 --- a/include/config.h +++ b/include/config.h @@ -26,7 +26,7 @@ /* Version string: */ // c = release, a = volatile github dev, e = experimental branch -#define VERSION "++3.13c" +#define VERSION "++3.14a" /****************************************************** * * diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 20f1856e..372af003 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -1500,6 +1500,9 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (use_threadsafe_counters) { /* Atomic */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm::MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); } else { diff --git a/instrumentation/SanitizerCoveragePCGUARD.so.cc b/instrumentation/SanitizerCoveragePCGUARD.so.cc index 4a8c9e28..48ad2d02 100644 --- a/instrumentation/SanitizerCoveragePCGUARD.so.cc +++ b/instrumentation/SanitizerCoveragePCGUARD.so.cc @@ -1074,6 +1074,9 @@ void ModuleSanitizerCoverage::InjectCoverageAtBlock(Function &F, BasicBlock &BB, if (use_threadsafe_counters) { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm::MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); } else { diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index fe43fbe5..bb9b9279 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -845,6 +845,9 @@ bool AFLLTOPass::runOnModule(Module &M) { if (use_threadsafe_counters) { IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm::MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); } else { diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index a8f1baff..6fe34ccd 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -679,6 +679,9 @@ bool AFLCoverage::runOnModule(Module &M) { */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, +#if LLVM_VERSION_MAJOR >= 13 + llvm::MaybeAlign(1), +#endif llvm::AtomicOrdering::Monotonic); /* diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index 22fd0621..b41ffa88 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -2663,7 +2663,12 @@ exit_its: afl->queue_cur->colorized = CMPLOG_LVL_MAX; - ck_free(afl->queue_cur->cmplog_colorinput); + if (afl->queue_cur->cmplog_colorinput) { + + ck_free(afl->queue_cur->cmplog_colorinput); + + } + while (taint) { t = taint->next; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 2c3e8a1b..493735ff 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -333,7 +333,6 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, if (afl->fsrv.support_shmem_fuzz && !afl->fsrv.use_shmem_fuzz) { - unsetenv(SHM_FUZZ_ENV_VAR); afl_shm_deinit(afl->shm_fuzz); ck_free(afl->shm_fuzz); afl->shm_fuzz = NULL; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5bdb4c8d..196547f4 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2283,13 +2283,10 @@ stop_fuzzing: destroy_queue(afl); destroy_extras(afl); destroy_custom_mutators(afl); - unsetenv(SHM_ENV_VAR); - unsetenv(CMPLOG_SHM_ENV_VAR); afl_shm_deinit(&afl->shm); if (afl->shm_fuzz) { - unsetenv(SHM_FUZZ_ENV_VAR); afl_shm_deinit(afl->shm_fuzz); ck_free(afl->shm_fuzz); From d5a24acb2157de1de6b7ffb1f6e73bacb02b0348 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 1 Jun 2021 19:07:27 +0200 Subject: [PATCH 298/441] build afl-compiler-rt even with broken llvm --- GNUmakefile.gcc_plugin | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index b0f90f1b..bce97b2f 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -100,7 +100,7 @@ ifeq "$(SYS)" "SunOS" endif -PROGS = ./afl-gcc-pass.so +PROGS = ./afl-gcc-pass.so ./afl-compiler-rt.o ./afl-compiler-rt-32.o ./afl-compiler-rt-64.o .PHONY: all all: test_shm test_deps $(PROGS) test_build all_done @@ -130,6 +130,17 @@ test_deps: afl-common.o: ./src/afl-common.c $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ $(LDFLAGS) +./afl-compiler-rt.o: instrumentation/afl-compiler-rt.o.c + $(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -fPIC -c $< -o $@ + +./afl-compiler-rt-32.o: instrumentation/afl-compiler-rt.o.c + @printf "[*] Building 32-bit variant of the runtime (-m32)... " + @$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -m32 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; ln -sf afl-compiler-rt-32.o afl-llvm-rt-32.o; else echo "failed (that's fine)"; fi + +./afl-compiler-rt-64.o: instrumentation/afl-compiler-rt.o.c + @printf "[*] Building 64-bit variant of the runtime (-m64)... " + @$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -m64 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; ln -sf afl-compiler-rt-64.o afl-llvm-rt-64.o; else echo "failed (that's fine)"; fi + ./afl-gcc-pass.so: instrumentation/afl-gcc-pass.so.cc | test_deps $(CXX) $(CXXEFLAGS) $(PLUGIN_FLAGS) -shared $< -o $@ ln -sf afl-cc afl-gcc-fast From a38aafc5d0cb9ccf75f99613f52fd0938f5f86c0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 2 Jun 2021 10:50:04 +0200 Subject: [PATCH 299/441] fix -F with slash option --- docs/Changelog.md | 3 +++ src/afl-fuzz-init.c | 17 +++++++++++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index a49c0672..a4c6ac10 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,9 @@ sending a mail to . ### Version ++3.14a (release) - Fix for llvm 13 + - afl-fuzz: + - fix -F when a '/' was part of the parameter + - ensure afl-compiler-rt is built for gcc_module ### Version ++3.13c (release) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 88b5bc02..872e3a32 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -480,13 +480,22 @@ void read_foreign_testcases(afl_state_t *afl, int first) { for (iter = 0; iter < afl->foreign_sync_cnt; iter++) { - if (afl->foreign_syncs[iter].dir != NULL && - afl->foreign_syncs[iter].dir[0] != 0) { + if (afl->foreign_syncs[iter].dir && afl->foreign_syncs[iter].dir[0]) { if (first) ACTF("Scanning '%s'...", afl->foreign_syncs[iter].dir); time_t mtime_max = 0; - u8 * name = strrchr(afl->foreign_syncs[iter].dir, '/'); - if (!name) { name = afl->foreign_syncs[iter].dir; } + + u8 *name = strrchr(afl->foreign_syncs[iter].dir, '/'); + if (!name) { + + name = afl->foreign_syncs[iter].dir; + + } else { + + ++name; + + } + if (!strcmp(name, "queue") || !strcmp(name, "out") || !strcmp(name, "default")) { From beb97cdc89c9b47f797b309139478da6eca48190 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 3 Jun 2021 15:12:14 +0200 Subject: [PATCH 300/441] dynamic_list and afl-compiler-rt rework --- dynamic_list.txt | 68 ++++++++++++++++------------- instrumentation/afl-compiler-rt.o.c | 17 ++++---- 2 files changed, 47 insertions(+), 38 deletions(-) diff --git a/dynamic_list.txt b/dynamic_list.txt index d1905d43..7293ae77 100644 --- a/dynamic_list.txt +++ b/dynamic_list.txt @@ -1,48 +1,56 @@ { + "__afl_already_initialized_first"; + "__afl_already_initialized_forkserver"; + "__afl_already_initialized_second"; + "__afl_already_initialized_shm"; "__afl_area_ptr"; - "__afl_manual_init"; - "__afl_persistent_loop"; + "__afl_auto_early"; + "__afl_auto_first"; "__afl_auto_init"; - "__afl_area_initial"; - "__afl_prev_loc"; - "__afl_prev_caller"; - "__afl_prev_ctx"; - "__afl_final_loc"; - "__afl_map_addr"; + "__afl_auto_second"; + "__afl_coverage_discard"; + "__afl_coverage_interesting"; + "__afl_coverage_off"; + "__afl_coverage_on"; + "__afl_coverage_skip"; "__afl_dictionary"; "__afl_dictionary_len"; + "__afl_final_loc"; + "__afl_fuzz_len"; + "__afl_fuzz_ptr"; + "__afl_manual_init"; + "__afl_map_addr"; + "__afl_persistent_loop"; + "__afl_prev_caller"; + "__afl_prev_ctx"; + "__afl_prev_loc"; "__afl_selective_coverage"; "__afl_selective_coverage_start_off"; "__afl_selective_coverage_temp"; - "__afl_coverage_discard"; - "__afl_coverage_skip"; - "__afl_coverage_on"; - "__afl_coverage_off"; - "__afl_coverage_interesting"; - "__afl_fuzz_len"; - "__afl_fuzz_ptr"; "__afl_sharedmem_fuzzing"; - "__sanitizer_cov_trace_pc_guard"; - "__sanitizer_cov_trace_pc_guard_init"; + "__afl_trace"; "__cmplog_ins_hook1"; + "__cmplog_ins_hook16"; "__cmplog_ins_hook2"; "__cmplog_ins_hook4"; + "__cmplog_ins_hook8"; "__cmplog_ins_hookN"; - "__cmplog_ins_hook16"; - "__sanitizer_cov_trace_cmp1"; - "__sanitizer_cov_trace_const_cmp1"; - "__sanitizer_cov_trace_cmp2"; - "__sanitizer_cov_trace_const_cmp2"; - "__sanitizer_cov_trace_cmp4"; - "__sanitizer_cov_trace_const_cmp4"; - "__sanitizer_cov_trace_cmp8"; - "__sanitizer_cov_trace_const_cmp8"; - "__sanitizer_cov_trace_cmp16"; - "__sanitizer_cov_trace_const_cmp16"; - "__sanitizer_cov_trace_switch"; - "__cmplog_rtn_hook"; "__cmplog_rtn_gcc_stdstring_cstring"; "__cmplog_rtn_gcc_stdstring_stdstring"; + "__cmplog_rtn_hook"; "__cmplog_rtn_llvm_stdstring_cstring"; "__cmplog_rtn_llvm_stdstring_stdstring"; + "__sanitizer_cov_trace_cmp1"; + "__sanitizer_cov_trace_cmp16"; + "__sanitizer_cov_trace_cmp2"; + "__sanitizer_cov_trace_cmp4"; + "__sanitizer_cov_trace_cmp8"; + "__sanitizer_cov_trace_const_cmp1"; + "__sanitizer_cov_trace_const_cmp16"; + "__sanitizer_cov_trace_const_cmp2"; + "__sanitizer_cov_trace_const_cmp4"; + "__sanitizer_cov_trace_const_cmp8"; + "__sanitizer_cov_trace_pc_guard"; + "__sanitizer_cov_trace_pc_guard_init"; + "__sanitizer_cov_trace_switch"; }; diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 2089ce78..5dacf961 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -83,13 +83,14 @@ extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); #endif // HAIKU -u8 __afl_area_initial[MAP_INITIAL_SIZE]; -u8 * __afl_area_ptr_dummy = __afl_area_initial; +static u8 __afl_area_initial[MAP_INITIAL_SIZE]; +static u8 * __afl_area_ptr_dummy = __afl_area_initial; +static u8 * __afl_area_ptr_backup = __afl_area_initial; + u8 * __afl_area_ptr = __afl_area_initial; -u8 * __afl_area_ptr_backup = __afl_area_initial; u8 * __afl_dictionary; u8 * __afl_fuzz_ptr; -u32 __afl_fuzz_len_dummy; +static u32 __afl_fuzz_len_dummy; u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy; u32 __afl_final_loc; @@ -100,7 +101,7 @@ u64 __afl_map_addr; // for the __AFL_COVERAGE_ON/__AFL_COVERAGE_OFF features to work: int __afl_selective_coverage __attribute__((weak)); int __afl_selective_coverage_start_off __attribute__((weak)); -int __afl_selective_coverage_temp = 1; +static int __afl_selective_coverage_temp = 1; #if defined(__ANDROID__) || defined(__HAIKU__) PREV_LOC_T __afl_prev_loc[NGRAM_SIZE_MAX]; @@ -147,7 +148,7 @@ static int __afl_dummy_fd[2] = {2, 2}; /* ensure we kill the child on termination */ -void at_exit(int signal) { +static void at_exit(int signal) { if (child_pid > 0) { kill(child_pid, SIGKILL); } @@ -179,7 +180,7 @@ void __afl_trace(const u32 x) { /* Error reporting to forkserver controller */ -void send_forkserver_error(int error) { +static void send_forkserver_error(int error) { u32 status; if (!error || error > 0xffff) return; @@ -1668,7 +1669,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) { } -void __sanitizer_cov_trace_cost_cmp4(uint32_t arg1, uint32_t arg2) { +void __sanitizer_cov_trace_const_cmp4(uint32_t arg1, uint32_t arg2) { __cmplog_ins_hook4(arg1, arg2, 0); From 0fbe5fb436b2ee939959230da7b0b660d81b41d7 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 3 Jun 2021 16:26:53 +0200 Subject: [PATCH 301/441] detect partial linking in afl-cc --- src/afl-cc.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 486f7468..db31461d 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -315,7 +315,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, shared_linking = 0, preprocessor_only = 0, have_unroll = 0, have_o = 0, have_pic = 0, - have_c = 0; + have_c = 0, partial_linking = 0; cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); @@ -767,6 +767,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strcmp(cur, "-x")) x_set = 1; if (!strcmp(cur, "-E")) preprocessor_only = 1; if (!strcmp(cur, "-shared")) shared_linking = 1; + if (!strcmp(cur, "-r")) partial_linking = 1; if (!strcmp(cur, "-c")) have_c = 1; if (!strncmp(cur, "-O", 2)) have_o = 1; @@ -996,7 +997,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { switch (bit_mode) { case 0: - if (!shared_linking) + if (!shared_linking && !partial_linking) cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt.o", obj_path); if (lto_mode) @@ -1005,7 +1006,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { break; case 32: - if (!shared_linking) { + if (!shared_linking && !partial_linking) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt-32.o", obj_path); @@ -1026,7 +1027,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { break; case 64: - if (!shared_linking) { + if (!shared_linking && !partial_linking) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt-64.o", obj_path); @@ -1049,7 +1050,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } #if !defined(__APPLE__) && !defined(__sun) - if (!shared_linking) + if (!shared_linking && !partial_linking) cc_params[cc_par_cnt++] = alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); #endif From 55da5e3e022fe5556668224bc8546225dd59dfc6 Mon Sep 17 00:00:00 2001 From: Andrea Fioraldi Date: Thu, 3 Jun 2021 16:44:15 +0200 Subject: [PATCH 302/441] partial linking with -Wl --- src/afl-cc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index db31461d..980e5d86 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -767,7 +767,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strcmp(cur, "-x")) x_set = 1; if (!strcmp(cur, "-E")) preprocessor_only = 1; if (!strcmp(cur, "-shared")) shared_linking = 1; - if (!strcmp(cur, "-r")) partial_linking = 1; + if (!strcmp(cur, "-Wl,-r")) partial_linking = 1; + if (!strcmp(cur, "-Wl,-i")) partial_linking = 1; if (!strcmp(cur, "-c")) have_c = 1; if (!strncmp(cur, "-O", 2)) have_o = 1; From c5d899e0f5e5331f78a9a3b09ce8c2370f389964 Mon Sep 17 00:00:00 2001 From: jdhiser Date: Thu, 3 Jun 2021 16:50:24 -0400 Subject: [PATCH 303/441] Add proper name and URL for Zafl (#959) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index ba612edb..7ee56786 100644 --- a/README.md +++ b/README.md @@ -801,7 +801,7 @@ Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, zaflr, etc. +use a binary rewriter like afl-dyninst, retrowrite, [Zafl](https://git.zephyr-software.com/opensrc/zafl), etc. For Qemu and Frida mode, check out the persistent mode, it gives a huge speed improvement if it is possible to use. From 70a2077107aac3a226e16731abc8028bcfa61466 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 4 Jun 2021 01:03:54 +0200 Subject: [PATCH 304/441] move link --- README.md | 2 +- docs/binaryonly_fuzzing.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7ee56786..383d71c4 100644 --- a/README.md +++ b/README.md @@ -801,7 +801,7 @@ Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, [Zafl](https://git.zephyr-software.com/opensrc/zafl), etc. +use a binary rewriter like afl-dyninst, retrowrite, zafl, etc. For Qemu and Frida mode, check out the persistent mode, it gives a huge speed improvement if it is possible to use. diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index 11e1dbeb..3b32f5ed 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -122,7 +122,7 @@ [https://github.com/vanhauser-thc/afl-dyninst](https://github.com/vanhauser-thc/afl-dyninst) -## RETROWRITE +## RETROWRITE, ZAFL, ... other binary rewriter If you have an x86/x86_64 binary that still has its symbols, is compiled with position independant code (PIC/PIE) and does not use most of the C++ @@ -131,6 +131,7 @@ It is at about 80-85% performance. + [https://git.zephyr-software.com/opensrc/zafl](https://git.zephyr-software.com/opensrc/zafl) [https://github.com/HexHive/retrowrite](https://github.com/HexHive/retrowrite) From 0897377b13c42ccdf94963e24738e3deabe85ffa Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 4 Jun 2021 09:21:30 +0200 Subject: [PATCH 305/441] add known frontends for supported compiler infrastructures --- docs/ideas.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/ideas.md b/docs/ideas.md index e25d3ba6..98231ad3 100644 --- a/docs/ideas.md +++ b/docs/ideas.md @@ -34,6 +34,12 @@ Mentor: any Other programming languages also use llvm hence they could (easily?) supported for fuzzing, e.g. mono, swift, go, kotlin native, fortran, ... +GCC also supports: Objective-C, Fortran, Ada, Go, and D +(according to [Gcc homepage](https://gcc.gnu.org/)) + +LLVM also supports: LLGo (Go), kaleidoscope (Haskell), flang (Fortran), emscripten (JavaScript, WASM), ilwasm (CIL (C#)) +(according to [LLVM frontends](https://gist.github.com/axic/62d66fb9d8bccca6cc48fa9841db9241)) + Mentor: vanhauser-thc ## Machine Learning From f3b1c5c382b95f93a20f507b492c396a6284518c Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 4 Jun 2021 09:24:30 +0200 Subject: [PATCH 306/441] add Rust --- docs/ideas.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/ideas.md b/docs/ideas.md index 98231ad3..0ee69851 100644 --- a/docs/ideas.md +++ b/docs/ideas.md @@ -37,7 +37,7 @@ for fuzzing, e.g. mono, swift, go, kotlin native, fortran, ... GCC also supports: Objective-C, Fortran, Ada, Go, and D (according to [Gcc homepage](https://gcc.gnu.org/)) -LLVM also supports: LLGo (Go), kaleidoscope (Haskell), flang (Fortran), emscripten (JavaScript, WASM), ilwasm (CIL (C#)) +LLVM is also used by: Rust, LLGo (Go), kaleidoscope (Haskell), flang (Fortran), emscripten (JavaScript, WASM), ilwasm (CIL (C#)) (according to [LLVM frontends](https://gist.github.com/axic/62d66fb9d8bccca6cc48fa9841db9241)) Mentor: vanhauser-thc From 36671ce79987859b1f0dfec88cb06c6eb7f5d12b Mon Sep 17 00:00:00 2001 From: yuan Date: Fri, 4 Jun 2021 15:49:34 +0800 Subject: [PATCH 307/441] fix ui fuzzing stage index (#960) --- src/afl-fuzz-stats.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 4884b942..a9c44cc0 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -1017,9 +1017,10 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_custom_mutator_library)) { strcat(tmp, " "); - strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON])); + strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR])); strcat(tmp, "/"); - strcat(tmp, u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); + strcat(tmp, + u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR])); strcat(tmp, ","); } else { From 43eca8203a278183120d93fbf0cd3df2b7fd2392 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 4 Jun 2021 21:41:12 +0200 Subject: [PATCH 308/441] fix overflowing UI fields 'now processing' --- src/afl-fuzz-stats.c | 46 ++++++++++++++++++++++---------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index a9c44cc0..89d2c37d 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -766,9 +766,9 @@ void show_stats(afl_state_t *afl) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA - " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + SAYF(bVR bH bSTOP cCYA + " cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA + " map coverage" bSTG bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -778,13 +778,13 @@ void show_stats(afl_state_t *afl) { afl->queue_cur->favored ? "." : "*", afl->queue_cur->fuzz_level, ((double)afl->current_entry * 100) / afl->queued_paths); - SAYF(bV bSTOP " now processing : " cRST "%-16s " bSTG bV bSTOP, tmp); + SAYF(bV bSTOP " now processing : " cRST "%-18s " bSTG bV bSTOP, tmp); sprintf(tmp, "%0.02f%% / %0.02f%%", ((double)afl->queue_cur->bitmap_size) * 100 / afl->fsrv.map_size, t_byte_ratio); - SAYF(" map density : %s%-21s" bSTG bV "\n", + SAYF(" map density : %s%-19s" bSTG bV "\n", t_byte_ratio > 70 ? cLRD : ((t_bytes < 200 && !afl->non_instrumented_mode) ? cPIN : cRST), @@ -793,23 +793,23 @@ void show_stats(afl_state_t *afl) { sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_paths), ((double)afl->cur_skipped_paths * 100) / afl->queued_paths); - SAYF(bV bSTOP " paths timed out : " cRST "%-16s " bSTG bV, tmp); + SAYF(bV bSTOP " paths timed out : " cRST "%-18s " bSTG bV, tmp); sprintf(tmp, "%0.02f bits/tuple", t_bytes ? (((double)t_bits) / t_bytes) : 0); - SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); + SAYF(bSTOP " count coverage : " cRST "%-19s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA - " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + SAYF(bVR bH bSTOP cCYA + " stage progress " bSTG bH10 bH5 bH2 bH2 bH2 bX bH bSTOP cCYA + " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_paths); /* Yeah... it's still going on... halp? */ - SAYF(bV bSTOP " now trying : " cRST "%-20s " bSTG bV bSTOP - " favored paths : " cRST "%-22s" bSTG bV "\n", + SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP + " favored paths : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); if (!afl->stage_max) { @@ -824,12 +824,12 @@ void show_stats(afl_state_t *afl) { } - SAYF(bV bSTOP " stage execs : " cRST "%-21s" bSTG bV bSTOP, tmp); + SAYF(bV bSTOP " stage execs : " cRST "%-23s" bSTG bV bSTOP, tmp); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_with_cov), ((double)afl->queued_with_cov) * 100 / afl->queued_paths); - SAYF(" new edges on : " cRST "%-22s" bSTG bV "\n", tmp); + SAYF(" new edges on : " cRST "%-20s" bSTG bV "\n", tmp); sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_crashes), u_stringify_int(IB(1), afl->unique_crashes), @@ -837,14 +837,14 @@ void show_stats(afl_state_t *afl) { if (afl->crash_mode) { - SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP - " new crashes : %s%-22s" bSTG bV "\n", + SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP + " new crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { - SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP - " total crashes : %s%-22s" bSTG bV "\n", + SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP + " total crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } @@ -856,12 +856,12 @@ void show_stats(afl_state_t *afl) { sprintf(tmp, "%s/sec (%s)", u_stringify_float(IB(0), afl->stats_avg_exec), afl->stats_avg_exec < 20 ? "zzzz..." : "slow!"); - SAYF(bV bSTOP " exec speed : " cLRD "%-20s ", tmp); + SAYF(bV bSTOP " exec speed : " cLRD "%-22s ", tmp); } else { sprintf(tmp, "%s/sec", u_stringify_float(IB(0), afl->stats_avg_exec)); - SAYF(bV bSTOP " exec speed : " cRST "%-20s ", tmp); + SAYF(bV bSTOP " exec speed : " cRST "%-22s ", tmp); } @@ -869,12 +869,12 @@ void show_stats(afl_state_t *afl) { u_stringify_int(IB(1), afl->unique_tmouts), (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); - SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-22s" bSTG bV "\n", tmp); + SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-20s" bSTG bV "\n", tmp); /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP - " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA + SAYF(bVR bH cCYA bSTOP + " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2 bH bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); if (unlikely(afl->custom_only)) { From 0d50ee494751e8dd83e24fd138e396fe940a15c7 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 5 Jun 2021 11:51:03 +0200 Subject: [PATCH 309/441] restored timeout handling (with SIGALRM for now) --- src/afl-analyze.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/afl-analyze.c b/src/afl-analyze.c index aabdbf1a..5d5c4b8c 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -225,6 +225,20 @@ static s32 write_to_file(u8 *path, u8 *mem, u32 len) { } + +/* Handle timeout signal. */ + +static void handle_timeout(int sig) { + + (void)sig; + + child_timed_out = 1; + + if (child_pid > 0) kill(child_pid, SIGKILL); + +} + + /* Execute target application. Returns exec checksum, or 0 if program times out. */ @@ -904,6 +918,11 @@ static void setup_signal_handlers(void) { sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); + /* Exec timeout notifications. */ + + sa.sa_handler = handle_timeout; + sigaction(SIGALRM, &sa, NULL); + } /* Display usage hints. */ From fd07853550efe5b2927cd49e008393c69a69934c Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 5 Jun 2021 16:49:20 +0200 Subject: [PATCH 310/441] give hint for setting path to llvm-config tool, make clean on Frida may fail --- GNUmakefile | 2 +- GNUmakefile.llvm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index a45f6d5c..6df7ea1d 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -572,7 +572,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libqasan clean - $(MAKE) -C frida_mode clean + -$(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 2d50badc..64ba73f4 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -57,7 +57,7 @@ LLVM_APPLE_XCODE = $(shell clang -v 2>&1 | grep -q Apple && echo 1 || echo 0) LLVM_LTO = 0 ifeq "$(LLVMVER)" "" - $(warning [!] llvm_mode needs llvm-config, which was not found) + $(warning [!] llvm_mode needs llvm-config, which was not found. Set LLVM_CONFIG to its path and retry.) endif ifeq "$(LLVM_UNSUPPORTED)" "1" From 2988dd206c8bfdde67b59f334fe0332c31113a1e Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 5 Jun 2021 16:55:24 +0200 Subject: [PATCH 311/441] setting AFL_CC for test-llvm.sh on FreeBSD is not necessary anymore --- test/test-llvm.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 1152cc4e..7cdc83cb 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -4,14 +4,6 @@ $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { - # on FreeBSD need to set AFL_CC - test `uname -s` = 'FreeBSD' && { - if type clang >/dev/null; then - export AFL_CC=`command -v clang` - else - export AFL_CC=`$LLVM_CONFIG --bindir`/clang - fi - } ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { From 1474e2db23c57e3bdcc930457af876b69510d2ad Mon Sep 17 00:00:00 2001 From: hexcoder Date: Sat, 5 Jun 2021 17:00:47 +0200 Subject: [PATCH 312/441] On non-Linux systems make clean may fail for frida_mode --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index a45f6d5c..6df7ea1d 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -572,7 +572,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libqasan clean - $(MAKE) -C frida_mode clean + -$(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true From ddd9154e7867a4aff62099f3a4c50b173e51cae0 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Sat, 5 Jun 2021 17:02:35 +0200 Subject: [PATCH 313/441] give hint how to set env var for path to llvm-config tool --- GNUmakefile.llvm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 2d50badc..64ba73f4 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -57,7 +57,7 @@ LLVM_APPLE_XCODE = $(shell clang -v 2>&1 | grep -q Apple && echo 1 || echo 0) LLVM_LTO = 0 ifeq "$(LLVMVER)" "" - $(warning [!] llvm_mode needs llvm-config, which was not found) + $(warning [!] llvm_mode needs llvm-config, which was not found. Set LLVM_CONFIG to its path and retry.) endif ifeq "$(LLVM_UNSUPPORTED)" "1" From 280814c3a29e42df618fe6291d101f02154995bf Mon Sep 17 00:00:00 2001 From: hexcoder Date: Sat, 5 Jun 2021 17:04:10 +0200 Subject: [PATCH 314/441] setting AFL_CC for test-llvm.sh on FreeBSD is not necessary anymore --- test/test-llvm.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 1152cc4e..7cdc83cb 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -4,14 +4,6 @@ $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { - # on FreeBSD need to set AFL_CC - test `uname -s` = 'FreeBSD' && { - if type clang >/dev/null; then - export AFL_CC=`command -v clang` - else - export AFL_CC=`$LLVM_CONFIG --bindir`/clang - fi - } ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { From 8f04269e179bd38390acef57ca3ea3e33a2f9a5e Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 5 Jun 2021 17:07:42 +0200 Subject: [PATCH 315/441] Revert "setting AFL_CC for test-llvm.sh on FreeBSD is not necessary anymore" This reverts commit 2988dd206c8bfdde67b59f334fe0332c31113a1e. --- test/test-llvm.sh | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 7cdc83cb..1152cc4e 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -4,6 +4,14 @@ $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { + # on FreeBSD need to set AFL_CC + test `uname -s` = 'FreeBSD' && { + if type clang >/dev/null; then + export AFL_CC=`command -v clang` + else + export AFL_CC=`$LLVM_CONFIG --bindir`/clang + fi + } ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { From 436f997d2658aee79d5eadafdb6af8a283941b9b Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Sat, 5 Jun 2021 17:08:08 +0200 Subject: [PATCH 316/441] Revert "give hint for setting path to llvm-config tool, make clean on Frida may fail" This reverts commit fd07853550efe5b2927cd49e008393c69a69934c. --- GNUmakefile | 2 +- GNUmakefile.llvm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 6df7ea1d..a45f6d5c 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -572,7 +572,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libqasan clean - -$(MAKE) -C frida_mode clean + $(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 64ba73f4..2d50badc 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -57,7 +57,7 @@ LLVM_APPLE_XCODE = $(shell clang -v 2>&1 | grep -q Apple && echo 1 || echo 0) LLVM_LTO = 0 ifeq "$(LLVMVER)" "" - $(warning [!] llvm_mode needs llvm-config, which was not found. Set LLVM_CONFIG to its path and retry.) + $(warning [!] llvm_mode needs llvm-config, which was not found) endif ifeq "$(LLVM_UNSUPPORTED)" "1" From a5ff9f1bebfc974a774bba896e51e18288f66c68 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 7 Jun 2021 09:02:33 +0200 Subject: [PATCH 317/441] remove -D from -M --- docs/Changelog.md | 1 + src/afl-fuzz.c | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index a4c6ac10..b70ba022 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -12,6 +12,7 @@ sending a mail to . - Fix for llvm 13 - afl-fuzz: - fix -F when a '/' was part of the parameter + - removed implied -D determinstic from -M main - ensure afl-compiler-rt is built for gcc_module diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 196547f4..dc594b30 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -575,7 +575,6 @@ int main(int argc, char **argv_orig, char **envp) { } afl->sync_id = ck_strdup(optarg); - afl->skip_deterministic = 0; // force deterministic fuzzing afl->old_seed_selection = 1; // force old queue walking seed selection afl->disable_trim = 1; // disable trimming From 92fcef4520fe65fc641fd2e8d86a7c17845031c0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 7 Jun 2021 09:26:53 +0200 Subject: [PATCH 318/441] write target errors to out_dir/error.txt --- instrumentation/afl-compiler-rt.o.c | 134 +++++++++++++++++++++++----- src/afl-analyze.c | 2 - src/afl-fuzz-stats.c | 7 +- src/afl-fuzz.c | 2 + 4 files changed, 116 insertions(+), 29 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 5dacf961..a4760153 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -83,15 +83,15 @@ extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); #endif // HAIKU -static u8 __afl_area_initial[MAP_INITIAL_SIZE]; -static u8 * __afl_area_ptr_dummy = __afl_area_initial; -static u8 * __afl_area_ptr_backup = __afl_area_initial; +static u8 __afl_area_initial[MAP_INITIAL_SIZE]; +static u8 *__afl_area_ptr_dummy = __afl_area_initial; +static u8 *__afl_area_ptr_backup = __afl_area_initial; -u8 * __afl_area_ptr = __afl_area_initial; -u8 * __afl_dictionary; -u8 * __afl_fuzz_ptr; -static u32 __afl_fuzz_len_dummy; -u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy; +u8 * __afl_area_ptr = __afl_area_initial; +u8 * __afl_dictionary; +u8 * __afl_fuzz_ptr; +static u32 __afl_fuzz_len_dummy; +u32 * __afl_fuzz_len = &__afl_fuzz_len_dummy; u32 __afl_final_loc; u32 __afl_map_size = MAP_SIZE; @@ -99,8 +99,8 @@ u32 __afl_dictionary_len; u64 __afl_map_addr; // for the __AFL_COVERAGE_ON/__AFL_COVERAGE_OFF features to work: -int __afl_selective_coverage __attribute__((weak)); -int __afl_selective_coverage_start_off __attribute__((weak)); +int __afl_selective_coverage __attribute__((weak)); +int __afl_selective_coverage_start_off __attribute__((weak)); static int __afl_selective_coverage_temp = 1; #if defined(__ANDROID__) || defined(__HAIKU__) @@ -630,6 +630,30 @@ static void __afl_unmap_shm(void) { } +void write_error(char *text) { + + u8 * o = getenv("__AFL_OUT_DIR"); + char *e = strerror(errno); + + if (o) { + + char buf[4096]; + snprintf(buf, sizeof(buf), "%s/error.txt", o); + FILE *f = fopen(buf, "a"); + + if (f) { + + fprintf(f, "Error(%s): %s\n", text, e); + fclose(f); + + } + + } + + fprintf(stderr, "Error(%s): %s\n", text, e); + +} + #ifdef __linux__ static void __afl_start_snapshots(void) { @@ -656,7 +680,12 @@ static void __afl_start_snapshots(void) { if (__afl_sharedmem_fuzzing || (__afl_dictionary_len && __afl_dictionary)) { - if (read(FORKSRV_FD, &was_killed, 4) != 4) { _exit(1); } + if (read(FORKSRV_FD, &was_killed, 4) != 4) { + + write_error("read to afl-fuzz"); + _exit(1); + + } if (__afl_debug) { @@ -725,7 +754,12 @@ static void __afl_start_snapshots(void) { } else { /* Wait for parent by reading from the pipe. Abort if read fails. */ - if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (read(FORKSRV_FD, &was_killed, 4) != 4) { + + write_error("reading from afl-fuzz"); + _exit(1); + + } } @@ -762,7 +796,12 @@ static void __afl_start_snapshots(void) { if (child_stopped && was_killed) { child_stopped = 0; - if (waitpid(child_pid, &status, 0) < 0) _exit(1); + if (waitpid(child_pid, &status, 0) < 0) { + + write_error("child_stopped && was_killed"); + _exit(1); // TODO why exit? + + } } @@ -771,7 +810,12 @@ static void __afl_start_snapshots(void) { /* Once woken up, create a clone of our process. */ child_pid = fork(); - if (child_pid < 0) _exit(1); + if (child_pid < 0) { + + write_error("fork"); + _exit(1); + + } /* In child process: close fds, resume execution. */ @@ -811,9 +855,19 @@ static void __afl_start_snapshots(void) { /* In parent process: write PID to pipe, then wait for child. */ - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) { - if (waitpid(child_pid, &status, WUNTRACED) < 0) _exit(1); + write_error("write to afl-fuzz"); + _exit(1); + + } + + if (waitpid(child_pid, &status, WUNTRACED) < 0) { + + write_error("waitpid"); + _exit(1); + + } /* In persistent mode, the child stops itself with SIGSTOP to indicate a successful run. In this case, we want to wake it up without forking @@ -823,7 +877,12 @@ static void __afl_start_snapshots(void) { /* Relay wait status to pipe, then loop back. */ - if (write(FORKSRV_FD + 1, &status, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &status, 4) != 4) { + + write_error("writing to afl-fuzz"); + _exit(1); + + } } @@ -956,7 +1015,12 @@ static void __afl_start_forkserver(void) { } else { - if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (read(FORKSRV_FD, &was_killed, 4) != 4) { + + write_error("read from afl-fuzz"); + _exit(1); + + } } @@ -993,7 +1057,12 @@ static void __afl_start_forkserver(void) { if (child_stopped && was_killed) { child_stopped = 0; - if (waitpid(child_pid, &status, 0) < 0) _exit(1); + if (waitpid(child_pid, &status, 0) < 0) { + + write_error("child_stopped && was_killed"); + _exit(1); + + } } @@ -1002,7 +1071,12 @@ static void __afl_start_forkserver(void) { /* Once woken up, create a clone of our process. */ child_pid = fork(); - if (child_pid < 0) _exit(1); + if (child_pid < 0) { + + write_error("fork"); + _exit(1); + + } /* In child process: close fds, resume execution. */ @@ -1031,11 +1105,20 @@ static void __afl_start_forkserver(void) { /* In parent process: write PID to pipe, then wait for child. */ - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) { - if (waitpid(child_pid, &status, is_persistent ? WUNTRACED : 0) < 0) + write_error("write to afl-fuzz"); _exit(1); + } + + if (waitpid(child_pid, &status, is_persistent ? WUNTRACED : 0) < 0) { + + write_error("waitpid"); + _exit(1); + + } + /* In persistent mode, the child stops itself with SIGSTOP to indicate a successful run. In this case, we want to wake it up without forking again. */ @@ -1044,7 +1127,12 @@ static void __afl_start_forkserver(void) { /* Relay wait status to pipe, then loop back. */ - if (write(FORKSRV_FD + 1, &status, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &status, 4) != 4) { + + write_error("writing to afl-fuzz"); + _exit(1); + + } } diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 5d5c4b8c..d43278b9 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -225,7 +225,6 @@ static s32 write_to_file(u8 *path, u8 *mem, u32 len) { } - /* Handle timeout signal. */ static void handle_timeout(int sig) { @@ -238,7 +237,6 @@ static void handle_timeout(int sig) { } - /* Execute target application. Returns exec checksum, or 0 if program times out. */ diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 89d2c37d..9648d795 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -768,7 +768,7 @@ void show_stats(afl_state_t *afl) { SAYF(bVR bH bSTOP cCYA " cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA - " map coverage" bSTG bHT bH20 bH2 bVL "\n"); + " map coverage" bSTG bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -873,9 +873,8 @@ void show_stats(afl_state_t *afl) { /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP - " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2 bH bHB bH bSTOP cCYA - " path geometry " bSTG bH5 bH2 bVL "\n"); + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2 + bH bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); if (unlikely(afl->custom_only)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index dc594b30..9a3780fb 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1205,6 +1205,8 @@ int main(int argc, char **argv_orig, char **envp) { } + setenv("__AFL_OUT_DIR", afl->out_dir, 1); + if (get_afl_env("AFL_DISABLE_TRIM")) { afl->disable_trim = 1; } if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) { From 4bf08566caccc950e9281474153ee1e3b1984179 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 7 Jun 2021 11:22:07 +0200 Subject: [PATCH 319/441] add changelog entry --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index b70ba022..3e79103a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -13,6 +13,8 @@ sending a mail to . - afl-fuzz: - fix -F when a '/' was part of the parameter - removed implied -D determinstic from -M main + - if the target becomes unavailable check out out/default/error.txt for + an indicator why - ensure afl-compiler-rt is built for gcc_module From c69edc2b3cc6c9d58c1d10385555817d6d1c43b0 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 7 Jun 2021 11:23:58 +0200 Subject: [PATCH 320/441] add changelog --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 3e79103a..a2c523b0 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,6 +15,8 @@ sending a mail to . - removed implied -D determinstic from -M main - if the target becomes unavailable check out out/default/error.txt for an indicator why + - afl-cc + - support partial linking - ensure afl-compiler-rt is built for gcc_module From 76c0940cee04a4fc68f7bb6c3487bc3263494034 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 7 Jun 2021 12:54:16 +0200 Subject: [PATCH 321/441] format --- instrumentation/afl-llvm-pass.so.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 6fe34ccd..94b77f7d 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -676,7 +676,7 @@ bool AFLCoverage::runOnModule(Module &M) { todo.push_back(MapPtrIdx); } else { - + */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 From 2449866f21fd66f04d0da51394b6604b406095c3 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Mon, 7 Jun 2021 13:47:27 +0200 Subject: [PATCH 322/441] more info for error logging --- instrumentation/afl-compiler-rt.o.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index a4760153..50117012 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -630,7 +630,9 @@ static void __afl_unmap_shm(void) { } -void write_error(char *text) { +#define write_error(text) write_error_with_location(text, __FILE__, __LINE__) + +void write_error_with_location(char *text, char* filename, int linenumber) { u8 * o = getenv("__AFL_OUT_DIR"); char *e = strerror(errno); @@ -643,14 +645,14 @@ void write_error(char *text) { if (f) { - fprintf(f, "Error(%s): %s\n", text, e); + fprintf(f, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); fclose(f); } } - fprintf(stderr, "Error(%s): %s\n", text, e); + fprintf(stderr, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); } @@ -2079,3 +2081,4 @@ void __afl_coverage_interesting(u8 val, u32 id) { } +#undef write_error From 63ee9df54f3c9db8ecbb0fb6186ea912200d9126 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Mon, 7 Jun 2021 20:49:23 +0200 Subject: [PATCH 323/441] Forkserver for afl-analyze (#963) * afl-analyze forkserver * added missing vars to forkserver * synchronized a bit more with afl-tmin * more debugging, runs now, but need to suppress target output * fix dev/null setting * afl-analyze info: Co-authored-by: hexcoder- --- GNUmakefile | 4 +- docs/Changelog.md | 3 +- src/afl-analyze.c | 235 ++++++++++++++++------------------------------ 3 files changed, 84 insertions(+), 158 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 6df7ea1d..bd206af0 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -436,8 +436,8 @@ afl-showmap: src/afl-showmap.c src/afl-common.o src/afl-sharedmem.o src/afl-fork afl-tmin: src/afl-tmin.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(LDFLAGS) -afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o $(COMM_HDR) | test_x86 - $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o -o $@ $(LDFLAGS) +afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o $(COMM_HDR) | test_x86 + $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o -o $@ $(LDFLAGS) afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) diff --git a/docs/Changelog.md b/docs/Changelog.md index a2c523b0..a8ed4d72 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -18,8 +18,7 @@ sending a mail to . - afl-cc - support partial linking - ensure afl-compiler-rt is built for gcc_module - - + - afl-analyze now uses the forkserver for increased performance ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, diff --git a/src/afl-analyze.c b/src/afl-analyze.c index d43278b9..606254d9 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -55,12 +55,7 @@ #include #include -static s32 child_pid; /* PID of the tested program */ - -static u8 *trace_bits; /* SHM with instrumentation bitmap */ - -static u8 *in_file, /* Analyzer input test case */ - *prog_in; /* Targeted program input file */ +static u8 *in_file; /* Analyzer input test case */ static u8 *in_data; /* Input data for analysis */ @@ -73,20 +68,19 @@ static u64 orig_cksum; /* Original checksum */ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ -static s32 dev_null_fd = -1; /* FD to /dev/null */ - static bool edges_only, /* Ignore hit counts? */ use_hex_offsets, /* Show hex offsets? */ use_stdin = true; /* Use stdin for program input? */ -static volatile u8 stop_soon, /* Ctrl-C pressed? */ - child_timed_out; /* Child timed out? */ +static volatile u8 stop_soon; /* Ctrl-C pressed? */ static u8 *target_path; static u8 frida_mode; static u8 qemu_mode; static u32 map_size = MAP_SIZE; +static afl_forkserver_t fsrv = {0}; /* The forkserver */ + /* Constants used for describing byte behavior. */ #define RESP_NONE 0x00 /* Changing byte is a no-op. */ @@ -156,7 +150,7 @@ static void classify_counts(u8 *mem) { static inline u8 anything_set(void) { - u32 *ptr = (u32 *)trace_bits; + u32 *ptr = (u32 *)fsrv.trace_bits; u32 i = (map_size >> 2); while (i--) { @@ -173,7 +167,7 @@ static inline u8 anything_set(void) { static void at_exit_handler(void) { - unlink(prog_in); /* Ignore errors */ + unlink(fsrv.out_file); /* Ignore errors */ } @@ -205,128 +199,29 @@ static void read_initial_file(void) { } -/* Write output file. */ - -static s32 write_to_file(u8 *path, u8 *mem, u32 len) { - - s32 ret; - - unlink(path); /* Ignore errors */ - - ret = open(path, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); - - if (ret < 0) { PFATAL("Unable to create '%s'", path); } - - ck_write(ret, mem, len, path); - - lseek(ret, 0, SEEK_SET); - - return ret; - -} - -/* Handle timeout signal. */ - -static void handle_timeout(int sig) { - - (void)sig; - - child_timed_out = 1; - - if (child_pid > 0) kill(child_pid, SIGKILL); - -} - /* Execute target application. Returns exec checksum, or 0 if program times out. */ -static u32 analyze_run_target(char **argv, u8 *mem, u32 len, u8 first_run) { +static u32 analyze_run_target(u8 *mem, u32 len, u8 first_run) { - static struct itimerval it; - int status = 0; + afl_fsrv_write_to_testcase(&fsrv, mem, len); + fsrv_run_result_t ret = afl_fsrv_run_target(&fsrv, exec_tmout, &stop_soon); - s32 prog_in_fd; - u64 cksum; + if (ret == FSRV_RUN_ERROR) { - memset(trace_bits, 0, map_size); - MEM_BARRIER(); + FATAL("Error in forkserver"); - prog_in_fd = write_to_file(prog_in, mem, len); + } else if (ret == FSRV_RUN_NOINST) { - child_pid = fork(); + FATAL("Target not instrumented"); - if (child_pid < 0) { PFATAL("fork() failed"); } + } else if (ret == FSRV_RUN_NOBITS) { - if (!child_pid) { - - struct rlimit r; - - if (dup2(use_stdin ? prog_in_fd : dev_null_fd, 0) < 0 || - dup2(dev_null_fd, 1) < 0 || dup2(dev_null_fd, 2) < 0) { - - *(u32 *)trace_bits = EXEC_FAIL_SIG; - PFATAL("dup2() failed"); - - } - - close(dev_null_fd); - close(prog_in_fd); - - if (mem_limit) { - - r.rlim_max = r.rlim_cur = ((rlim_t)mem_limit) << 20; - -#ifdef RLIMIT_AS - - setrlimit(RLIMIT_AS, &r); /* Ignore errors */ - -#else - - setrlimit(RLIMIT_DATA, &r); /* Ignore errors */ - -#endif /* ^RLIMIT_AS */ - - } - - r.rlim_max = r.rlim_cur = 0; - setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ - - execv(target_path, argv); - - *(u32 *)trace_bits = EXEC_FAIL_SIG; - exit(0); + FATAL("Failed to run target"); } - close(prog_in_fd); - - /* Configure timeout, wait for child, cancel timeout. */ - - child_timed_out = 0; - it.it_value.tv_sec = (exec_tmout / 1000); - it.it_value.tv_usec = (exec_tmout % 1000) * 1000; - - setitimer(ITIMER_REAL, &it, NULL); - - if (waitpid(child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); } - - child_pid = 0; - it.it_value.tv_sec = 0; - it.it_value.tv_usec = 0; - - setitimer(ITIMER_REAL, &it, NULL); - - MEM_BARRIER(); - - /* Clean up bitmap, analyze exit condition, etc. */ - - if (*(u32 *)trace_bits == EXEC_FAIL_SIG) { - - FATAL("Unable to execute '%s'", argv[0]); - - } - - classify_counts(trace_bits); + classify_counts(fsrv.trace_bits); total_execs++; if (stop_soon) { @@ -338,21 +233,19 @@ static u32 analyze_run_target(char **argv, u8 *mem, u32 len, u8 first_run) { /* Always discard inputs that time out. */ - if (child_timed_out) { + if (fsrv.last_run_timed_out) { exec_hangs++; return 0; } - cksum = hash64(trace_bits, map_size, HASH_CONST); + u64 cksum = hash64(fsrv.trace_bits, fsrv.map_size, HASH_CONST); - /* We don't actually care if the target is crashing or not, - except that when it does, the checksum should be different. */ + if (ret == FSRV_RUN_CRASH) { - if (WIFSIGNALED(status) || - (WIFEXITED(status) && WEXITSTATUS(status) == MSAN_ERROR) || - (WIFEXITED(status) && WEXITSTATUS(status))) { + /* We don't actually care if the target is crashing or not, + except that when it does, the checksum should be different. */ cksum ^= 0xffffffff; @@ -616,7 +509,7 @@ static void dump_hex(u32 len, u8 *b_data) { /* Actually analyze! */ -static void analyze(char **argv) { +static void analyze() { u32 i; u32 boring_len = 0, prev_xff = 0, prev_x01 = 0, prev_s10 = 0, prev_a10 = 0; @@ -642,16 +535,16 @@ static void analyze(char **argv) { code. */ in_data[i] ^= 0xff; - xor_ff = analyze_run_target(argv, in_data, in_len, 0); + xor_ff = analyze_run_target(in_data, in_len, 0); in_data[i] ^= 0xfe; - xor_01 = analyze_run_target(argv, in_data, in_len, 0); + xor_01 = analyze_run_target(in_data, in_len, 0); in_data[i] = (in_data[i] ^ 0x01) - 0x10; - sub_10 = analyze_run_target(argv, in_data, in_len, 0); + sub_10 = analyze_run_target(in_data, in_len, 0); in_data[i] += 0x20; - add_10 = analyze_run_target(argv, in_data, in_len, 0); + add_10 = analyze_run_target(in_data, in_len, 0); in_data[i] -= 0x10; /* Classify current behavior. */ @@ -724,7 +617,7 @@ static void handle_stop_sig(int sig) { (void)sig; stop_soon = 1; - if (child_pid > 0) { kill(child_pid, SIGKILL); } + afl_fsrv_killall(); } @@ -736,10 +629,10 @@ static void set_up_environment(char **argv) { char *afl_preload; char *frida_afl_preload = NULL; - dev_null_fd = open("/dev/null", O_RDWR); - if (dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } + fsrv.dev_null_fd = open("/dev/null", O_RDWR); + if (fsrv.dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } - if (!prog_in) { + if (!fsrv.out_file) { u8 *use_dir = "."; @@ -750,10 +643,15 @@ static void set_up_environment(char **argv) { } - prog_in = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); + fsrv.out_file = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); } + unlink(fsrv.out_file); + fsrv.out_fd = open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + + if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); } + /* Set sane defaults... */ x = get_afl_env("ASAN_OPTIONS"); @@ -916,11 +814,6 @@ static void setup_signal_handlers(void) { sigaction(SIGINT, &sa, NULL); sigaction(SIGTERM, &sa, NULL); - /* Exec timeout notifications. */ - - sa.sa_handler = handle_timeout; - sigaction(SIGALRM, &sa, NULL); - } /* Display usage hints. */ @@ -982,6 +875,8 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n"); + afl_fsrv_init(&fsrv); + while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) { switch (opt) { @@ -994,9 +889,9 @@ int main(int argc, char **argv_orig, char **envp) { case 'f': - if (prog_in) { FATAL("Multiple -f options not supported"); } - use_stdin = 0; - prog_in = optarg; + if (fsrv.out_file) { FATAL("Multiple -f options not supported"); } + fsrv.use_stdin = 0; + fsrv.out_file = ck_strdup(optarg); break; case 'e': @@ -1017,6 +912,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!strcmp(optarg, "none")) { mem_limit = 0; + fsrv.mem_limit = 0; break; } @@ -1055,6 +951,8 @@ int main(int argc, char **argv_orig, char **envp) { } + fsrv.mem_limit = mem_limit; + } break; @@ -1074,6 +972,8 @@ int main(int argc, char **argv_orig, char **envp) { } + fsrv.exec_tmout = exec_tmout; + break; case 'O': /* FRIDA mode */ @@ -1081,6 +981,7 @@ int main(int argc, char **argv_orig, char **envp) { if (frida_mode) { FATAL("Multiple -O options not supported"); } frida_mode = 1; + fsrv.frida_mode = frida_mode; break; @@ -1090,6 +991,8 @@ int main(int argc, char **argv_orig, char **envp) { if (!mem_limit_given) { mem_limit = MEM_LIMIT_QEMU; } qemu_mode = 1; + fsrv.mem_limit = mem_limit; + fsrv.qemu_mode = qemu_mode; break; case 'U': @@ -1098,6 +1001,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!mem_limit_given) { mem_limit = MEM_LIMIT_UNICORN; } unicorn_mode = 1; + fsrv.mem_limit = mem_limit; break; case 'W': /* Wine+QEMU mode */ @@ -1107,6 +1011,8 @@ int main(int argc, char **argv_orig, char **envp) { use_wine = 1; if (!mem_limit_given) { mem_limit = 0; } + fsrv.qemu_mode = qemu_mode; + fsrv.mem_limit = mem_limit; break; @@ -1125,6 +1031,7 @@ int main(int argc, char **argv_orig, char **envp) { if (optind == argc || !in_file) { usage(argv[0]); } map_size = get_map_size(); + fsrv.map_size = map_size; use_hex_offsets = !!get_afl_env("AFL_ANALYZE_HEX"); @@ -1134,14 +1041,15 @@ int main(int argc, char **argv_orig, char **envp) { /* initialize cmplog_mode */ shm.cmplog_mode = 0; - trace_bits = afl_shm_init(&shm, map_size, 0); + atexit(at_exit_handler); setup_signal_handlers(); set_up_environment(argv); - target_path = find_binary(argv[optind]); - detect_file_args(argv + optind, prog_in, &use_stdin); + fsrv.target_path = find_binary(argv[optind]); + fsrv.trace_bits = afl_shm_init(&shm, map_size, 0); + detect_file_args(argv + optind, fsrv.out_file, &use_stdin); if (qemu_mode) { @@ -1165,14 +1073,31 @@ int main(int argc, char **argv_orig, char **envp) { SAYF("\n"); + if (getenv("AFL_FORKSRV_INIT_TMOUT")) { + + s32 forksrv_init_tmout = atoi(getenv("AFL_FORKSRV_INIT_TMOUT")); + if (forksrv_init_tmout < 1) { + + FATAL("Bad value specified for AFL_FORKSRV_INIT_TMOUT"); + + } + + fsrv.init_tmout = (u32)forksrv_init_tmout; + + } + + fsrv.kill_signal = + parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + read_initial_file(); ACTF("Performing dry run (mem limit = %llu MB, timeout = %u ms%s)...", mem_limit, exec_tmout, edges_only ? ", edges only" : ""); - analyze_run_target(use_argv, in_data, in_len, 1); + afl_fsrv_start(&fsrv, use_argv, &stop_soon, false); + analyze_run_target(in_data, in_len, 1); - if (child_timed_out) { + if (fsrv.last_run_timed_out) { FATAL("Target binary times out (adjusting -t may help)."); @@ -1184,13 +1109,15 @@ int main(int argc, char **argv_orig, char **envp) { } - analyze(use_argv); + analyze(); OKF("We're done here. Have a nice day!\n"); - if (target_path) { ck_free(target_path); } - afl_shm_deinit(&shm); + afl_fsrv_deinit(&fsrv); + if (fsrv.target_path) { ck_free(fsrv.target_path); } + if (in_data) { ck_free(in_data); } + exit(0); From d64dd7a952de20b693ed1a44063d409a15bbff76 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 7 Jun 2021 22:37:06 +0200 Subject: [PATCH 324/441] proper newlines --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index a8ed4d72..103f5920 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,6 +19,8 @@ sending a mail to . - support partial linking - ensure afl-compiler-rt is built for gcc_module - afl-analyze now uses the forkserver for increased performance + + ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 - frida_mode - new mode that uses frida to fuzz binary-only targets, From cd95dfe1e70d5fe3d33a5fed26565a407688568a Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 8 Jun 2021 08:51:19 +0200 Subject: [PATCH 325/441] reenable LLVM 3.8 ( Ubuntu 16.04 ) --- GNUmakefile.llvm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 64ba73f4..95140cb0 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -45,7 +45,7 @@ endif LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' ) LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) -LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^[0-5]\.' && echo 1 || echo 0 ) +LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[3-9]' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_10_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[1-9]|^10\.[1-9]|^10\.0.[1-9]' && echo 1 || echo 0 ) @@ -61,7 +61,7 @@ ifeq "$(LLVMVER)" "" endif ifeq "$(LLVM_UNSUPPORTED)" "1" - $(error llvm_mode only supports llvm from version 6.0 onwards) + $(error llvm_mode only supports llvm from version 3.8 onwards) endif ifeq "$(LLVM_TOO_NEW)" "1" From c7b9171c103fc80da75d2b9648b62aa87cbe76fd Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 8 Jun 2021 08:55:12 +0100 Subject: [PATCH 326/441] FRIDA AARCH64 support (#965) Co-authored-by: Your Name --- frida_mode/README.md | 8 +- frida_mode/include/ctx.h | 11 +- frida_mode/include/instrument.h | 10 +- .../src/asan/{asan_arm.c => asan_arm32.c} | 0 frida_mode/src/asan/asan_arm64.c | 76 +++- .../cmplog/{cmplog_arm.c => cmplog_arm32.c} | 0 frida_mode/src/cmplog/cmplog_arm64.c | 295 ++++++++++++++- frida_mode/src/ctx/ctx_arm32.c | 16 + frida_mode/src/ctx/ctx_arm64.c | 303 +++++++++++++++ frida_mode/src/instrument/instrument.c | 5 +- frida_mode/src/instrument/instrument_arm32.c | 12 + frida_mode/src/instrument/instrument_arm64.c | 12 + frida_mode/src/instrument/instrument_debug.c | 58 +-- frida_mode/src/instrument/instrument_x64.c | 12 + frida_mode/src/instrument/instrument_x86.c | 12 + frida_mode/src/persistent/persistent_arm64.c | 354 +++++++++++++++++- frida_mode/src/persistent/persistent_x64.c | 2 - frida_mode/src/persistent/persistent_x86.c | 2 - frida_mode/src/stats/stats.c | 1 - .../src/stats/{stats_arm.c => stats_arm32.c} | 0 frida_mode/test/cmplog/GNUmakefile | 11 +- frida_mode/test/cmplog/Makefile | 4 + frida_mode/test/cmplog/cmplog.c | 2 +- frida_mode/test/fasan/GNUmakefile | 4 +- frida_mode/test/persistent_ret/GNUmakefile | 4 +- frida_mode/test/png/persistent/GNUmakefile | 14 +- frida_mode/test/png/persistent/Makefile | 3 + .../test/png/persistent/hook/GNUmakefile | 4 +- .../persistent/hook/aflpp_qemu_driver_hook.c | 96 +++++ 29 files changed, 1265 insertions(+), 66 deletions(-) rename frida_mode/src/asan/{asan_arm.c => asan_arm32.c} (100%) rename frida_mode/src/cmplog/{cmplog_arm.c => cmplog_arm32.c} (100%) create mode 100644 frida_mode/src/ctx/ctx_arm32.c create mode 100644 frida_mode/src/ctx/ctx_arm64.c rename frida_mode/src/stats/{stats_arm.c => stats_arm32.c} (100%) diff --git a/frida_mode/README.md b/frida_mode/README.md index 0103a395..d7dd72a0 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -21,16 +21,16 @@ perhaps leverage some of its design and implementation. | Feature/Instrumentation | frida-mode | Notes | | -------------------------|:----------:|:--------------------------------------------:| | NeverZero | x | | - | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | + | Persistent Mode | x | (x86/x64/aarch64 only) | | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | - | CMPLOG | x | (x86/x64 only) | + | CMPLOG | x | (x86/x64/aarch64 only) | | Selective Instrumentation| x | | | Non-Colliding Coverage | - | (Not possible in binary-only instrumentation | | Ngram prev_loc Coverage | - | | | Context Coverage | - | | | Auto Dictionary | - | | | Snapshot LKM Support | - | | - | In-Memory Test Cases | x | (x86/x64 only) | + | In-Memory Test Cases | x | (x86/x64/aarch64 only) | ## Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 @@ -288,7 +288,7 @@ to validate memory accesses against the shadow memory. ## TODO -The next features to be added are Aarch64 and Aarch32 support as well as looking at +The next features to be added are Aarch32 support as well as looking at potential performance improvements. The intention is to achieve feature parity with QEMU mode in due course. Contributions are welcome, but please get in touch to ensure that efforts are deconflicted. diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h index cbcc892a..67274aee 100644 --- a/frida_mode/include/ctx.h +++ b/frida_mode/include/ctx.h @@ -3,8 +3,15 @@ #include "frida-gum.h" -#if defined(__x86_64__) || defined(__i386__) -gsize ctx_read_reg(GumCpuContext *ctx, x86_reg reg); +#if defined(__x86_64__) +gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg); +#elif defined(__i386__) +gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg); +#elif defined(__aarch64__) +gsize ctx_read_reg(GumArm64CpuContext *ctx, arm64_reg reg); +size_t ctx_get_size(const cs_insn *instr, cs_arm64_op *operand); +#elif defined(__arm__) +gsize ctx_read_reg(GumArmCpuContext *ctx, arm_reg reg); #endif #endif diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index ed92c25a..577481d1 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -19,9 +19,11 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); -void instrument_debug_init(void); -void instrument_debug_start(uint64_t address, GumStalkerOutput *output); -void instrument_debug_instruction(uint64_t address, uint16_t size); -void instrument_debug_end(GumStalkerOutput *output); +void instrument_debug_init(void); +void instrument_debug_start(uint64_t address, GumStalkerOutput *output); +void instrument_debug_instruction(uint64_t address, uint16_t size); +void instrument_debug_end(GumStalkerOutput *output); +void instrument_flush(GumStalkerOutput *output); +gpointer instrument_cur(GumStalkerOutput *output); #endif diff --git a/frida_mode/src/asan/asan_arm.c b/frida_mode/src/asan/asan_arm32.c similarity index 100% rename from frida_mode/src/asan/asan_arm.c rename to frida_mode/src/asan/asan_arm32.c diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index 6262ee18..66138e42 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -1,18 +1,80 @@ +#include #include "frida-gum.h" #include "debug.h" #include "asan.h" +#include "ctx.h" #include "util.h" #if defined(__aarch64__) + +typedef struct { + + size_t size; + cs_arm64_op operand; + +} asan_ctx_t; + +typedef void (*asan_loadN_t)(gsize address, uint8_t size); +typedef void (*asan_storeN_t)(gsize address, uint8_t size); + +asan_loadN_t asan_loadN = NULL; +asan_storeN_t asan_storeN = NULL; + +static void asan_callout(GumCpuContext *ctx, gpointer user_data) { + + asan_ctx_t * asan_ctx = (asan_ctx_t *)user_data; + cs_arm64_op * operand = &asan_ctx->operand; + arm64_op_mem *mem = &operand->mem; + gsize base = 0; + gsize index = 0; + gsize address; + + if (mem->base != ARM64_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != ARM64_REG_INVALID) { + + index = ctx_read_reg(ctx, mem->index); + + } + + address = base + index + mem->disp; + + if ((operand->access & CS_AC_READ) == CS_AC_READ) { + + asan_loadN(address, asan_ctx->size); + + } + + if ((operand->access & CS_AC_WRITE) == CS_AC_WRITE) { + + asan_storeN(address, asan_ctx->size); + + } + +} + void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); UNUSED_PARAMETER(iterator); - if (asan_initialized) { - FATAL("ASAN mode not supported on this architecture"); + cs_arm64 arm64 = instr->detail->arm64; + cs_arm64_op *operand; + asan_ctx_t * ctx; + + if (!asan_initialized) return; + + for (uint8_t i = 0; i < arm64.op_count; i++) { + + operand = &arm64.operands[i]; + + if (operand->type != ARM64_OP_MEM) { continue; } + + ctx = g_malloc0(sizeof(asan_ctx_t)); + ctx->size = ctx_get_size(instr, &arm64.operands[0]); + memcpy(&ctx->operand, operand, sizeof(cs_arm64_op)); + gum_stalker_iterator_put_callout(iterator, asan_callout, ctx, g_free); } @@ -20,7 +82,13 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { void asan_arch_init(void) { - FATAL("ASAN mode not supported on this architecture"); + asan_loadN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_loadN"); + asan_storeN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_storeN"); + if (asan_loadN == NULL || asan_storeN == NULL) { + + FATAL("Frida ASAN failed to find '__asan_loadN' or '__asan_storeN'"); + + } } diff --git a/frida_mode/src/cmplog/cmplog_arm.c b/frida_mode/src/cmplog/cmplog_arm32.c similarity index 100% rename from frida_mode/src/cmplog/cmplog_arm.c rename to frida_mode/src/cmplog/cmplog_arm32.c diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 187d0162..04631ff8 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -1,17 +1,304 @@ #include "frida-gum.h" #include "debug.h" +#include "cmplog.h" +#include "ctx.h" #include "frida_cmplog.h" #include "util.h" #if defined(__aarch64__) + +typedef struct { + + arm64_op_type type; + uint8_t size; + + union { + + arm64_op_mem mem; + arm64_reg reg; + int64_t imm; + + }; + +} cmplog_ctx_t; + +typedef struct { + + cmplog_ctx_t operand1; + cmplog_ctx_t operand2; + size_t size; + +} cmplog_pair_ctx_t; + +static gboolean cmplog_read_mem(GumCpuContext *ctx, uint8_t size, + arm64_op_mem *mem, gsize *val) { + + gsize base = 0; + gsize index = 0; + gsize address; + + if (mem->base != ARM64_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != ARM64_REG_INVALID) { + + index = ctx_read_reg(ctx, mem->index); + + } + + address = base + index + mem->disp; + + if (!cmplog_is_readable(address, size)) { return FALSE; } + + switch (size) { + + case 1: + *val = *((guint8 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 2: + *val = *((guint16 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 4: + *val = *((guint32 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 8: + *val = *((guint64 *)GSIZE_TO_POINTER(address)); + return TRUE; + default: + FATAL("Invalid operand size: %d\n", size); + + } + + return FALSE; + +} + +static gboolean cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t *ctx, gsize *val) { + + switch (ctx->type) { + + case ARM64_OP_REG: + *val = ctx_read_reg(context, ctx->reg); + return TRUE; + case ARM64_OP_IMM: + *val = ctx->imm; + return TRUE; + case ARM64_OP_MEM: + return cmplog_read_mem(context, ctx->size, &ctx->mem, val); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + + return FALSE; + +} + +static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + gsize address = context->pc; + gsize x0 = ctx_read_reg(context, ARM64_REG_X0); + gsize x1 = ctx_read_reg(context, ARM64_REG_X1); + + if (((G_MAXULONG - x0) < 32) || ((G_MAXULONG - x1) < 32)) return; + + if (!cmplog_is_readable(x0, 32) || !cmplog_is_readable(x1, 32)) return; + + void *ptr1 = GSIZE_TO_POINTER(x0); + void *ptr2 = GSIZE_TO_POINTER(x1); + + uintptr_t k = address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = 31; + + hits &= CMP_MAP_RTN_H - 1; + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, + 32); + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, + 32); + +} + +static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, + cs_arm64_op * operand) { + + ctx->type = operand->type; + switch (operand->type) { + + case ARM64_OP_REG: + gum_memcpy(&ctx->reg, &operand->reg, sizeof(arm64_reg)); + break; + case ARM64_OP_IMM: + gum_memcpy(&ctx->imm, &operand->imm, sizeof(int64_t)); + break; + case ARM64_OP_MEM: + gum_memcpy(&ctx->mem, &operand->mem, sizeof(arm64_op_mem)); + break; + default: + FATAL("Invalid operand type: %d\n", operand->type); + + } + +} + +static void cmplog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_arm64 arm64 = instr->detail->arm64; + cs_arm64_op *operand; + + switch (instr->id) { + + case ARM64_INS_BL: + case ARM64_INS_BLR: + case ARM64_INS_BLRAA: + case ARM64_INS_BLRAAZ: + case ARM64_INS_BLRAB: + case ARM64_INS_BLRABZ: + break; + default: + return; + + } + + if (arm64.op_count != 1) return; + + operand = &arm64.operands[0]; + + if (operand->type == ARM64_OP_INVALID) return; + + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, NULL, NULL); + +} + +static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, + gsize operand2, uint8_t size) { + + gsize address = context->pc; + + register uintptr_t k = (uintptr_t)address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_INS; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = (size - 1); + + hits &= CMP_MAP_H - 1; + __afl_cmp_map->log[k][hits].v0 = operand1; + __afl_cmp_map->log[k][hits].v1 = operand2; + +} + +static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { + + cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + gsize operand1; + gsize operand2; + + if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } + if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } + + cmplog_handle_cmp_sub(context, operand1, operand2, ctx->size); + +} + +static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_arm64_op * operand1, + cs_arm64_op * operand2, + size_t size) { + + cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); + if (ctx == NULL) return; + + cmplog_instrument_put_operand(&ctx->operand1, operand1); + cmplog_instrument_put_operand(&ctx->operand2, operand2); + ctx->size = size; + + gum_stalker_iterator_put_callout(iterator, cmplog_cmp_sub_callout, ctx, + g_free); + +} + +static void cmplog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_arm64 arm64 = instr->detail->arm64; + cs_arm64_op *operand1; + cs_arm64_op *operand2; + size_t size; + + switch (instr->id) { + + case ARM64_INS_ADCS: + case ARM64_INS_ADDS: + case ARM64_INS_ANDS: + case ARM64_INS_BICS: + case ARM64_INS_CMN: + case ARM64_INS_CMP: + case ARM64_INS_CMPEQ: + case ARM64_INS_CMPGE: + case ARM64_INS_CMPGT: + case ARM64_INS_CMPHI: + case ARM64_INS_CMPHS: + case ARM64_INS_CMPLE: + case ARM64_INS_CMPLO: + case ARM64_INS_CMPLS: + case ARM64_INS_CMPLT: + case ARM64_INS_CMPNE: + case ARM64_INS_EORS: + case ARM64_INS_NANDS: + case ARM64_INS_NEGS: + case ARM64_INS_NGCS: + case ARM64_INS_NORS: + case ARM64_INS_NOTS: + case ARM64_INS_ORNS: + case ARM64_INS_ORRS: + case ARM64_INS_SBCS: + case ARM64_INS_SUBS: + break; + + default: + return; + + } + + if (arm64.op_count != 2) return; + + operand1 = &arm64.operands[0]; + operand2 = &arm64.operands[1]; + + if (operand1->type == ARM64_OP_INVALID) return; + if (operand2->type == ARM64_OP_INVALID) return; + + size = ctx_get_size(instr, &arm64.operands[0]); + + cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2, size); + +} + void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); - UNUSED_PARAMETER(iterator); - if (__afl_cmp_map == NULL) { return; } - FATAL("CMPLOG mode not supported on this architecture"); + if (__afl_cmp_map == NULL) return; + + cmplog_instrument_call(instr, iterator); + cmplog_instrument_cmp_sub(instr, iterator); } diff --git a/frida_mode/src/ctx/ctx_arm32.c b/frida_mode/src/ctx/ctx_arm32.c new file mode 100644 index 00000000..a5c6f6d4 --- /dev/null +++ b/frida_mode/src/ctx/ctx_arm32.c @@ -0,0 +1,16 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__arm__) + +gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { + + FATAL("ctx_read_reg unimplemented for this architecture"); + +} + +#endif + diff --git a/frida_mode/src/ctx/ctx_arm64.c b/frida_mode/src/ctx/ctx_arm64.c new file mode 100644 index 00000000..d09896af --- /dev/null +++ b/frida_mode/src/ctx/ctx_arm64.c @@ -0,0 +1,303 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__aarch64__) + + #define ARM64_REG_8(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define ARM64_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define ARM64_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + + #define ARM64_REG_64(LABEL, REG) \ + case LABEL: { \ + \ + return (REG); \ + \ + } + +gsize ctx_read_reg(GumArm64CpuContext *ctx, arm64_reg reg) { + + switch (reg) { + + case ARM64_REG_WZR: + case ARM64_REG_XZR: + return 0; + + ARM64_REG_8(ARM64_REG_B0, ctx->x[0]) + ARM64_REG_8(ARM64_REG_B1, ctx->x[1]) + ARM64_REG_8(ARM64_REG_B2, ctx->x[2]) + ARM64_REG_8(ARM64_REG_B3, ctx->x[3]) + ARM64_REG_8(ARM64_REG_B4, ctx->x[4]) + ARM64_REG_8(ARM64_REG_B5, ctx->x[5]) + ARM64_REG_8(ARM64_REG_B6, ctx->x[6]) + ARM64_REG_8(ARM64_REG_B7, ctx->x[7]) + ARM64_REG_8(ARM64_REG_B8, ctx->x[8]) + ARM64_REG_8(ARM64_REG_B9, ctx->x[9]) + ARM64_REG_8(ARM64_REG_B10, ctx->x[10]) + ARM64_REG_8(ARM64_REG_B11, ctx->x[11]) + ARM64_REG_8(ARM64_REG_B12, ctx->x[12]) + ARM64_REG_8(ARM64_REG_B13, ctx->x[13]) + ARM64_REG_8(ARM64_REG_B14, ctx->x[14]) + ARM64_REG_8(ARM64_REG_B15, ctx->x[15]) + ARM64_REG_8(ARM64_REG_B16, ctx->x[16]) + ARM64_REG_8(ARM64_REG_B17, ctx->x[17]) + ARM64_REG_8(ARM64_REG_B18, ctx->x[18]) + ARM64_REG_8(ARM64_REG_B19, ctx->x[19]) + ARM64_REG_8(ARM64_REG_B20, ctx->x[20]) + ARM64_REG_8(ARM64_REG_B21, ctx->x[21]) + ARM64_REG_8(ARM64_REG_B22, ctx->x[22]) + ARM64_REG_8(ARM64_REG_B23, ctx->x[23]) + ARM64_REG_8(ARM64_REG_B24, ctx->x[24]) + ARM64_REG_8(ARM64_REG_B25, ctx->x[25]) + ARM64_REG_8(ARM64_REG_B26, ctx->x[26]) + ARM64_REG_8(ARM64_REG_B27, ctx->x[27]) + ARM64_REG_8(ARM64_REG_B28, ctx->x[28]) + ARM64_REG_8(ARM64_REG_B29, ctx->fp) + ARM64_REG_8(ARM64_REG_B30, ctx->lr) + ARM64_REG_8(ARM64_REG_B31, ctx->sp) + + ARM64_REG_16(ARM64_REG_H0, ctx->x[0]) + ARM64_REG_16(ARM64_REG_H1, ctx->x[1]) + ARM64_REG_16(ARM64_REG_H2, ctx->x[2]) + ARM64_REG_16(ARM64_REG_H3, ctx->x[3]) + ARM64_REG_16(ARM64_REG_H4, ctx->x[4]) + ARM64_REG_16(ARM64_REG_H5, ctx->x[5]) + ARM64_REG_16(ARM64_REG_H6, ctx->x[6]) + ARM64_REG_16(ARM64_REG_H7, ctx->x[7]) + ARM64_REG_16(ARM64_REG_H8, ctx->x[8]) + ARM64_REG_16(ARM64_REG_H9, ctx->x[9]) + ARM64_REG_16(ARM64_REG_H10, ctx->x[10]) + ARM64_REG_16(ARM64_REG_H11, ctx->x[11]) + ARM64_REG_16(ARM64_REG_H12, ctx->x[12]) + ARM64_REG_16(ARM64_REG_H13, ctx->x[13]) + ARM64_REG_16(ARM64_REG_H14, ctx->x[14]) + ARM64_REG_16(ARM64_REG_H15, ctx->x[15]) + ARM64_REG_16(ARM64_REG_H16, ctx->x[16]) + ARM64_REG_16(ARM64_REG_H17, ctx->x[17]) + ARM64_REG_16(ARM64_REG_H18, ctx->x[18]) + ARM64_REG_16(ARM64_REG_H19, ctx->x[19]) + ARM64_REG_16(ARM64_REG_H20, ctx->x[20]) + ARM64_REG_16(ARM64_REG_H21, ctx->x[21]) + ARM64_REG_16(ARM64_REG_H22, ctx->x[22]) + ARM64_REG_16(ARM64_REG_H23, ctx->x[23]) + ARM64_REG_16(ARM64_REG_H24, ctx->x[24]) + ARM64_REG_16(ARM64_REG_H25, ctx->x[25]) + ARM64_REG_16(ARM64_REG_H26, ctx->x[26]) + ARM64_REG_16(ARM64_REG_H27, ctx->x[27]) + ARM64_REG_16(ARM64_REG_H28, ctx->x[28]) + ARM64_REG_16(ARM64_REG_H29, ctx->fp) + ARM64_REG_16(ARM64_REG_H30, ctx->lr) + ARM64_REG_16(ARM64_REG_H31, ctx->sp) + + ARM64_REG_32(ARM64_REG_W0, ctx->x[0]) + ARM64_REG_32(ARM64_REG_W1, ctx->x[1]) + ARM64_REG_32(ARM64_REG_W2, ctx->x[2]) + ARM64_REG_32(ARM64_REG_W3, ctx->x[3]) + ARM64_REG_32(ARM64_REG_W4, ctx->x[4]) + ARM64_REG_32(ARM64_REG_W5, ctx->x[5]) + ARM64_REG_32(ARM64_REG_W6, ctx->x[6]) + ARM64_REG_32(ARM64_REG_W7, ctx->x[7]) + ARM64_REG_32(ARM64_REG_W8, ctx->x[8]) + ARM64_REG_32(ARM64_REG_W9, ctx->x[9]) + ARM64_REG_32(ARM64_REG_W10, ctx->x[10]) + ARM64_REG_32(ARM64_REG_W11, ctx->x[11]) + ARM64_REG_32(ARM64_REG_W12, ctx->x[12]) + ARM64_REG_32(ARM64_REG_W13, ctx->x[13]) + ARM64_REG_32(ARM64_REG_W14, ctx->x[14]) + ARM64_REG_32(ARM64_REG_W15, ctx->x[15]) + ARM64_REG_32(ARM64_REG_W16, ctx->x[16]) + ARM64_REG_32(ARM64_REG_W17, ctx->x[17]) + ARM64_REG_32(ARM64_REG_W18, ctx->x[18]) + ARM64_REG_32(ARM64_REG_W19, ctx->x[19]) + ARM64_REG_32(ARM64_REG_W20, ctx->x[20]) + ARM64_REG_32(ARM64_REG_W21, ctx->x[21]) + ARM64_REG_32(ARM64_REG_W22, ctx->x[22]) + ARM64_REG_32(ARM64_REG_W23, ctx->x[23]) + ARM64_REG_32(ARM64_REG_W24, ctx->x[24]) + ARM64_REG_32(ARM64_REG_W25, ctx->x[25]) + ARM64_REG_32(ARM64_REG_W26, ctx->x[26]) + ARM64_REG_32(ARM64_REG_W27, ctx->x[27]) + ARM64_REG_32(ARM64_REG_W28, ctx->x[28]) + ARM64_REG_32(ARM64_REG_W29, ctx->fp) + ARM64_REG_32(ARM64_REG_W30, ctx->lr) + + ARM64_REG_64(ARM64_REG_X0, ctx->x[0]) + ARM64_REG_64(ARM64_REG_X1, ctx->x[1]) + ARM64_REG_64(ARM64_REG_X2, ctx->x[2]) + ARM64_REG_64(ARM64_REG_X3, ctx->x[3]) + ARM64_REG_64(ARM64_REG_X4, ctx->x[4]) + ARM64_REG_64(ARM64_REG_X5, ctx->x[5]) + ARM64_REG_64(ARM64_REG_X6, ctx->x[6]) + ARM64_REG_64(ARM64_REG_X7, ctx->x[7]) + ARM64_REG_64(ARM64_REG_X8, ctx->x[8]) + ARM64_REG_64(ARM64_REG_X9, ctx->x[9]) + ARM64_REG_64(ARM64_REG_X10, ctx->x[10]) + ARM64_REG_64(ARM64_REG_X11, ctx->x[11]) + ARM64_REG_64(ARM64_REG_X12, ctx->x[12]) + ARM64_REG_64(ARM64_REG_X13, ctx->x[13]) + ARM64_REG_64(ARM64_REG_X14, ctx->x[14]) + ARM64_REG_64(ARM64_REG_X15, ctx->x[15]) + ARM64_REG_64(ARM64_REG_X16, ctx->x[16]) + ARM64_REG_64(ARM64_REG_X17, ctx->x[17]) + ARM64_REG_64(ARM64_REG_X18, ctx->x[18]) + ARM64_REG_64(ARM64_REG_X19, ctx->x[19]) + ARM64_REG_64(ARM64_REG_X20, ctx->x[20]) + ARM64_REG_64(ARM64_REG_X21, ctx->x[21]) + ARM64_REG_64(ARM64_REG_X22, ctx->x[22]) + ARM64_REG_64(ARM64_REG_X23, ctx->x[23]) + ARM64_REG_64(ARM64_REG_X24, ctx->x[24]) + ARM64_REG_64(ARM64_REG_X25, ctx->x[25]) + ARM64_REG_64(ARM64_REG_X26, ctx->x[26]) + ARM64_REG_64(ARM64_REG_X27, ctx->x[27]) + ARM64_REG_64(ARM64_REG_X28, ctx->x[28]) + ARM64_REG_64(ARM64_REG_FP, ctx->fp) + ARM64_REG_64(ARM64_REG_LR, ctx->lr) + ARM64_REG_64(ARM64_REG_SP, ctx->sp) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +size_t ctx_get_size(const cs_insn *instr, cs_arm64_op *operand) { + + uint8_t num_registers; + uint8_t count_byte; + char vas_digit; + size_t mnemonic_len; + + switch (instr->id) { + + case ARM64_INS_STP: + case ARM64_INS_STXP: + case ARM64_INS_STNP: + case ARM64_INS_STLXP: + case ARM64_INS_LDP: + case ARM64_INS_LDXP: + case ARM64_INS_LDNP: + num_registers = 2; + break; + default: + num_registers = 1; + break; + + } + + mnemonic_len = strlen(instr->mnemonic); + if (mnemonic_len == 0) { FATAL("No mnemonic found"); }; + + char last = instr->mnemonic[mnemonic_len - 1]; + switch (last) { + + case 'b': + return 1; + case 'h': + return 2; + case 'w': + return 4 * num_registers; + + } + + if (operand->vas == ARM64_VAS_INVALID) { + + if (operand->type == ARM64_OP_REG) { + + switch (operand->reg) { + + case ARM64_REG_WZR: + case ARM64_REG_WSP: + case ARM64_REG_W0 ... ARM64_REG_W30: + case ARM64_REG_S0 ... ARM64_REG_S31: + return 4 * num_registers; + case ARM64_REG_D0 ... ARM64_REG_D31: + return 8 * num_registers; + case ARM64_REG_Q0 ... ARM64_REG_Q31: + return 16; + default: + return 8 * num_registers; + ; + + } + + } + + return 8 * num_registers; + + } + + if (g_str_has_prefix(instr->mnemonic, "st") || + g_str_has_prefix(instr->mnemonic, "ld")) { + + if (mnemonic_len < 3) { + + FATAL("VAS Mnemonic too short: %s\n", instr->mnemonic); + + } + + vas_digit = instr->mnemonic[2]; + if (vas_digit < '0' || vas_digit > '9') { + + FATAL("VAS Mnemonic digit out of range: %s\n", instr->mnemonic); + + } + + count_byte = vas_digit - '0'; + + } else { + + count_byte = 1; + + } + + switch (operand->vas) { + + case ARM64_VAS_1B: + return 1 * count_byte; + case ARM64_VAS_1H: + return 2 * count_byte; + case ARM64_VAS_4B: + case ARM64_VAS_1S: + case ARM64_VAS_1D: + case ARM64_VAS_2H: + return 4 * count_byte; + case ARM64_VAS_8B: + case ARM64_VAS_4H: + case ARM64_VAS_2S: + case ARM64_VAS_2D: + case ARM64_VAS_1Q: + return 8 * count_byte; + case ARM64_VAS_8H: + case ARM64_VAS_4S: + case ARM64_VAS_16B: + return 16 * count_byte; + default: + FATAL("Unexpected VAS type: %s %d", instr->mnemonic, operand->vas); + + } + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index cd1ac0be..f261e79a 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -84,6 +84,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, while (gum_stalker_iterator_next(iterator, &instr)) { + if (unlikely(begin)) { instrument_debug_start(instr->address, output); } + if (instr->address == entry_start) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } if (instr->address == persistent_ret) { persistent_epilogue(output); } @@ -119,8 +121,6 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (unlikely(begin)) { - instrument_debug_start(instr->address, output); - prefetch_write(GSIZE_TO_POINTER(instr->address)); if (likely(!excluded)) { @@ -155,6 +155,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, } + instrument_flush(output); instrument_debug_end(output); } diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 1a3c40bb..450a69a3 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -22,5 +22,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_arm_writer_flush(output->writer.arm); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_arm_writer_cur(output->writer.arm); + +} + #endif diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index fa3afb48..49ee86a2 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -93,5 +93,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_arm64_writer_flush(output->writer.arm64); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_arm64_writer_cur(output->writer.arm64); + +} + #endif diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index f8c1df77..0ce26a1c 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -7,6 +7,7 @@ #include "debug.h" +#include "instrument.h" #include "util.h" static int debugging_fd = -1; @@ -31,24 +32,44 @@ static void instrument_debug(char *format, ...) { } -static void instrument_disasm(guint8 *code, guint size) { +static void instrument_disasm(guint8 *start, guint8 *end) { csh capstone; cs_err err; + uint16_t size; cs_insn *insn; - size_t count, i; + size_t count = 0; + size_t i; + uint16_t len; err = cs_open(GUM_DEFAULT_CS_ARCH, GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN, &capstone); g_assert(err == CS_ERR_OK); - count = cs_disasm(capstone, code, size, GPOINTER_TO_SIZE(code), 0, &insn); - g_assert(insn != NULL); + size = GPOINTER_TO_SIZE(end) - GPOINTER_TO_SIZE(start); - for (i = 0; i != count; i++) { + for (guint8 *curr = start; curr < end; curr += len, size -= len, len = 0) { - instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t%s %s\n", insn[i].address, - insn[i].mnemonic, insn[i].op_str); + count = cs_disasm(capstone, curr, size, GPOINTER_TO_SIZE(curr), 0, &insn); + if (insn == NULL) { + + instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t* 0x%016" G_GSIZE_MODIFIER + "x\n", + curr, *(size_t *)curr); + + len += sizeof(size_t); + continue; + + } + + for (i = 0; i != count; i++) { + + instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t%s %s\n", insn[i].address, + insn[i].mnemonic, insn[i].op_str); + + len += insn[i].size; + + } } @@ -58,20 +79,6 @@ static void instrument_disasm(guint8 *code, guint size) { } -static gpointer instrument_cur(GumStalkerOutput *output) { - -#if defined(__i386__) || defined(__x86_64__) - return gum_x86_writer_cur(output->writer.x86); -#elif defined(__aarch64__) - return gum_arm64_writer_cur(output->writer.arm64); -#elif defined(__arm__) - return gum_arm_writer_cur(output->writer.arm); -#else - #error "Unsupported architecture" -#endif - -} - void instrument_debug_init(void) { char *filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); @@ -111,7 +118,7 @@ void instrument_debug_instruction(uint64_t address, uint16_t size) { if (likely(debugging_fd < 0)) { return; } uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address); - instrument_disasm(start, size); + instrument_disasm(start, start + size); } @@ -119,11 +126,10 @@ void instrument_debug_end(GumStalkerOutput *output) { if (likely(debugging_fd < 0)) { return; } gpointer instrument_gen_end = instrument_cur(output); - uint16_t size = GPOINTER_TO_SIZE(instrument_gen_end) - - GPOINTER_TO_SIZE(instrument_gen_start); - instrument_debug("\nGenerated block %p\n", instrument_gen_start); - instrument_disasm(instrument_gen_start, size); + instrument_debug("\nGenerated block %p-%p\n", instrument_gen_start, + instrument_gen_end); + instrument_disasm(instrument_gen_start, instrument_gen_end); } diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index 901f3bd0..7000e65d 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -89,5 +89,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_x86_writer_flush(output->writer.x86); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_x86_writer_cur(output->writer.x86); + +} + #endif diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 585bb5b8..04a19e08 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -81,5 +81,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_x86_writer_flush(output->writer.x86); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_x86_writer_cur(output->writer.x86); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 1215d8da..b23693fe 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -1,9 +1,11 @@ +#include #include "frida-gum.h" #include "config.h" #include "debug.h" #include "instrument.h" +#include "persistent.h" #include "util.h" #if defined(__aarch64__) @@ -98,23 +100,365 @@ struct arm64_regs { typedef struct arm64_regs arch_api_regs; +static arch_api_regs saved_regs = {0}; +static gpointer saved_lr = NULL; + gboolean persistent_is_supported(void) { - return false; + return true; + +} + +static void instrument_persitent_save_regs(GumArm64Writer * cw, + struct arm64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + const guint32 mrs_x1_nzcv = 0xd53b4201; + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_SP, -(16), + GUM_INDEX_PRE_ADJUST); + + gum_arm64_writer_put_instruction(cw, mrs_x1_nzcv); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(regs_address)); + + /* Skip x0 & x1 we'll do that later */ + + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_X0, (16 * 1), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, + ARM64_REG_X0, (16 * 2), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, + ARM64_REG_X0, (16 * 3), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, + ARM64_REG_X0, (16 * 4), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, + ARM64_REG_X0, (16 * 5), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, + ARM64_REG_X0, (16 * 6), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, + ARM64_REG_X0, (16 * 7), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, + ARM64_REG_X0, (16 * 8), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, + ARM64_REG_X0, (16 * 9), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, + ARM64_REG_X0, (16 * 10), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, + ARM64_REG_X0, (16 * 11), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, + ARM64_REG_X0, (16 * 12), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, + ARM64_REG_X0, (16 * 13), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, + ARM64_REG_X0, (16 * 14), + GUM_INDEX_SIGNED_OFFSET); + + /* LR & Adjusted SP */ + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_X2, ARM64_REG_SP, + (GUM_RED_ZONE_SIZE + 32)); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X2, + ARM64_REG_X0, (16 * 15), + GUM_INDEX_SIGNED_OFFSET); + + /* PC & CPSR */ + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, + GUM_ADDRESS(persistent_start)); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, + ARM64_REG_X0, (16 * 16), + GUM_INDEX_SIGNED_OFFSET); + + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, + ARM64_REG_X0, (16 * 17), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, + ARM64_REG_X0, (16 * 18), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, + ARM64_REG_X0, (16 * 19), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, + ARM64_REG_X0, (16 * 20), + GUM_INDEX_SIGNED_OFFSET); + + /* x0 & x1 */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_SP, 16, + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_X0, (16 * 0), + GUM_INDEX_SIGNED_OFFSET); + + /* Pop the saved values */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_SP, 16, GUM_INDEX_POST_ADJUST); + + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); + +} + +static void instrument_persitent_restore_regs(GumArm64Writer * cw, + struct arm64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + const guint32 msr_nzcv_x1 = 0xd51b4201; + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(regs_address)); + + /* Skip x0 - x3 we'll do that last */ + + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, + ARM64_REG_X0, (16 * 2), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, + ARM64_REG_X0, (16 * 3), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, + ARM64_REG_X0, (16 * 4), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, + ARM64_REG_X0, (16 * 5), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, + ARM64_REG_X0, (16 * 6), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, + ARM64_REG_X0, (16 * 7), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, + ARM64_REG_X0, (16 * 8), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, + ARM64_REG_X0, (16 * 9), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, + ARM64_REG_X0, (16 * 10), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, + ARM64_REG_X0, (16 * 11), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, + ARM64_REG_X0, (16 * 12), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, + ARM64_REG_X0, (16 * 13), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, + ARM64_REG_X0, (16 * 14), + GUM_INDEX_SIGNED_OFFSET); + + /* Don't restore RIP or RSP, use x1-x3 as clobber */ + + /* LR & Adjusted SP (clobber x1) */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X1, + ARM64_REG_X0, (16 * 15), + GUM_INDEX_SIGNED_OFFSET); + + /* PC (x2) & CPSR (x1) */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, + ARM64_REG_X0, (16 * 16), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_instruction(cw, msr_nzcv_x1); + + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, + ARM64_REG_X0, (16 * 17), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, + ARM64_REG_X0, (16 * 18), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, + ARM64_REG_X0, (16 * 19), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, + ARM64_REG_X0, (16 * 20), + GUM_INDEX_SIGNED_OFFSET); + + /* x2 & x3 */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_X0, (16 * 1), + GUM_INDEX_SIGNED_OFFSET); + /* x0 & x1 */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X0, ARM64_REG_X1, + ARM64_REG_X0, (16 * 0), + GUM_INDEX_SIGNED_OFFSET); + +} + +static void instrument_exit(GumArm64Writer *cw) { + + gum_arm64_writer_put_mov_reg_reg(cw, ARM64_REG_X0, ARM64_REG_XZR); + gum_arm64_writer_put_call_address_with_arguments( + cw, GUM_ADDRESS(_exit), 1, GUM_ARG_REGISTER, ARM64_REG_X0); + +} + +static int instrument_afl_persistent_loop_func(void) { + + int ret = __afl_persistent_loop(persistent_count); + previous_pc = 0; + return ret; + +} + +static void instrument_afl_persistent_loop(GumArm64Writer *cw) { + + gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + gum_arm64_writer_put_call_address_with_arguments( + cw, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + +} + +static void persistent_prologue_hook(GumArm64Writer * cw, + struct arm64_regs *regs) { + + if (hook == NULL) return; + + gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X3, + GUM_ADDRESS(&__afl_fuzz_len)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); + + gum_arm64_writer_put_and_reg_reg_imm(cw, ARM64_REG_X3, ARM64_REG_X3, + G_MAXULONG); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); + + gum_arm64_writer_put_call_address_with_arguments( + cw, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), + GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, ARM64_REG_X2, + GUM_ARG_REGISTER, ARM64_REG_X3); + + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + +} + +static void instrument_persitent_save_lr(GumArm64Writer *cw) { + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(&saved_lr)); + + gum_arm64_writer_put_str_reg_reg_offset(cw, ARM64_REG_LR, ARM64_REG_X0, 0); + + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); } void persistent_prologue(GumStalkerOutput *output) { - UNUSED_PARAMETER(output); - FATAL("Persistent mode not supported on this architecture"); + /* + * SAVE REGS + * SAVE RET + * POP RET + * loop: + * CALL instrument_afl_persistent_loop + * TEST EAX, EAX + * JZ end: + * call hook (optionally) + * RESTORE REGS + * call original + * jmp loop: + * + * end: + * JMP SAVED RET + * + * original: + * INSTRUMENTED PERSISTENT FUNC + */ + + GumArm64Writer *cw = output->writer.arm64; + + gconstpointer loop = cw->code + 1; + + /* Stack must be 16-byte aligned per ABI */ + instrument_persitent_save_regs(cw, &saved_regs); + + /* loop: */ + gum_arm64_writer_put_label(cw, loop); + + /* call instrument_prologue_func */ + instrument_afl_persistent_loop(cw); + + /* jz done */ + gconstpointer done = cw->code + 1; + gum_arm64_writer_put_cmp_reg_reg(cw, ARM64_REG_X0, ARM64_REG_XZR); + gum_arm64_writer_put_b_cond_label(cw, ARM64_CC_EQ, done); + + /* Optionally call the persistent hook */ + persistent_prologue_hook(cw, &saved_regs); + + instrument_persitent_restore_regs(cw, &saved_regs); + gconstpointer original = cw->code + 1; + /* call original */ + + gum_arm64_writer_put_bl_label(cw, original); + + /* jmp loop */ + gum_arm64_writer_put_b_label(cw, loop); + + /* done: */ + gum_arm64_writer_put_label(cw, done); + + instrument_exit(cw); + + /* original: */ + gum_arm64_writer_put_label(cw, original); + + instrument_persitent_save_lr(cw); + + if (persistent_debug) { gum_arm64_writer_put_brk_imm(cw, 0); } } void persistent_epilogue(GumStalkerOutput *output) { - UNUSED_PARAMETER(output); - FATAL("Persistent mode not supported on this architecture"); + GumArm64Writer *cw = output->writer.arm64; + + if (persistent_debug) { gum_arm64_writer_put_brk_imm(cw, 0); } + + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + persistent_ret_offset); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(&saved_lr)); + + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X0, ARM64_REG_X0, 0); + + gum_arm64_writer_put_br_reg(cw, ARM64_REG_X0); } diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 4cb960fc..858ad38e 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -306,8 +306,6 @@ void persistent_prologue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_flush(cw); - } void persistent_epilogue(GumStalkerOutput *output) { diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index b30dfadf..0675edf4 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -246,8 +246,6 @@ void persistent_prologue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_flush(cw); - } void persistent_epilogue(GumStalkerOutput *output) { diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 662fb6d5..0d7b9fb0 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -96,7 +96,6 @@ void stats_init(void) { void stats_vprint(int fd, char *format, va_list ap) { char buffer[4096] = {0}; - int ret; int len; if (vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } diff --git a/frida_mode/src/stats/stats_arm.c b/frida_mode/src/stats/stats_arm32.c similarity index 100% rename from frida_mode/src/stats/stats_arm.c rename to frida_mode/src/stats/stats_arm32.c diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile index 40de6a09..4c71bb33 100644 --- a/frida_mode/test/cmplog/GNUmakefile +++ b/frida_mode/test/cmplog/GNUmakefile @@ -13,7 +13,7 @@ CMP_LOG_INPUT:=$(TEST_DATA_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -.PHONY: all 32 clean qemu frida format +.PHONY: all 32 clean qemu frida frida-nocmplog format all: $(TEST_CMPLOG_OBJ) make -C $(ROOT)frida_mode/ @@ -55,6 +55,15 @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) -- \ $(TEST_CMPLOG_OBJ) @@ +frida-nocmplog: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + $(ROOT)afl-fuzz \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -Z \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + debug: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile index 606b43a5..7ca9a9a5 100644 --- a/frida_mode/test/cmplog/Makefile +++ b/frida_mode/test/cmplog/Makefile @@ -15,6 +15,10 @@ qemu: frida: @gmake frida + +frida-nocmplog: + @gmake frida-nocmplog + format: @gmake format diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c index 99010645..ce5cf20e 100644 --- a/frida_mode/test/cmplog/cmplog.c +++ b/frida_mode/test/cmplog/cmplog.c @@ -53,7 +53,7 @@ int main(int argc, char **argv) { } -#if defined(__x86_64__) +#if defined(__x86_64__) || defined(__aarch64__) uint64_t x = 0; fread(&x, sizeof(x), 1, file); if (x != 0xCAFEBABECAFEBABE) { diff --git a/frida_mode/test/fasan/GNUmakefile b/frida_mode/test/fasan/GNUmakefile index 08b271de..c971c724 100644 --- a/frida_mode/test/fasan/GNUmakefile +++ b/frida_mode/test/fasan/GNUmakefile @@ -46,7 +46,7 @@ ifeq "$(ARCH)" "x86_64" LIBASAN_FILE:=libclang_rt.asan-x86_64.so endif -ifeq "$(ARCH)" "aarch64" +ifeq "$(ARCH)" "arm64" LIBASAN_FILE:=libclang_rt.asan-aarch64.so endif @@ -110,7 +110,7 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) mkdir -p $@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR) - echo -n "TUODATM" > $@ + echo -n "XUODATM" > $@ frida-noasan: $(TEST_BIN) $(TEST_DATA_FILE) $(ROOT)afl-fuzz \ diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index df48d065..4c9d8a19 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -85,7 +85,7 @@ frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ -debug: $(TESTINSTR_DATA_FILE) +debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET)' \ @@ -96,7 +96,7 @@ debug: $(TESTINSTR_DATA_FILE) --ex 'set disassembly-flavor intel' \ --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -run: $(TESTINSTR_DATA_FILE) +run: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile index ca6f0ff2..5af64822 100644 --- a/frida_mode/test/png/persistent/GNUmakefile +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -5,6 +5,7 @@ BUILD_DIR:=$(PWD)build/ TEST_BIN:=$(PWD)../build/test TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ +AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out @@ -22,8 +23,7 @@ endif AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" +ifeq "$(ARCH)" "arm64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000aaaaaaaaa000) endif @@ -46,6 +46,9 @@ all: $(BUILD_DIR): mkdir -p $@ +$(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) + truncate -s 1M $@ + qemu: | $(BUILD_DIR) AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_GPR=1 \ @@ -94,5 +97,12 @@ frida_entry: | $(BUILD_DIR) -- \ $(TEST_BIN) @@ +debug: $(AFLPP_DRIVER_DUMMY_INPUT) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile index cde0cf30..c2bd55f9 100644 --- a/frida_mode/test/png/persistent/Makefile +++ b/frida_mode/test/png/persistent/Makefile @@ -20,3 +20,6 @@ frida: frida_entry: @gmake frida_entry + +debug: + @gmake debug diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index 82f08fa4..b17f3775 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -34,7 +34,7 @@ endif AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) -ifeq "$(ARCH)" "aarch64" +ifeq "$(ARCH)" "arm64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) endif @@ -124,7 +124,7 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -debug: +debug: $(AFLPP_DRIVER_DUMMY_INPUT) echo $(AFL_FRIDA_PERSISTENT_ADDR) gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ diff --git a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c index 059d438d..1542c0bf 100644 --- a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c +++ b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c @@ -82,6 +82,102 @@ void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, *arg2 = (void *)input_buf_len; } +#elif defined(__aarch64__) + +struct arm64_regs { + + uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; + + union { + + uint64_t x11; + uint32_t fp_32; + + }; + + union { + + uint64_t x12; + uint32_t ip_32; + + }; + + union { + + uint64_t x13; + uint32_t sp_32; + + }; + + union { + + uint64_t x14; + uint32_t lr_32; + + }; + + union { + + uint64_t x15; + uint32_t pc_32; + + }; + + union { + + uint64_t x16; + uint64_t ip0; + + }; + + union { + + uint64_t x17; + uint64_t ip1; + + }; + + uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; + + union { + + uint64_t x29; + uint64_t fp; + + }; + + union { + + uint64_t x30; + uint64_t lr; + + }; + + union { + + uint64_t x31; + uint64_t sp; + + }; + + // the zero register is not saved here ofc + + uint64_t pc; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16 * 16]; + uint8_t vfp_pregs[17][32]; + uint32_t vfp_xregs[16]; + +}; + +void afl_persistent_hook(struct arm64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->x0, input_buf, input_buf_len); + regs->x1 = input_buf_len; +} #else #pragma error "Unsupported architecture" From fff8c5e0a855eb26408a555758ebe29044b047cd Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 8 Jun 2021 09:56:11 +0200 Subject: [PATCH 327/441] adapt docs to minimum LLVM version --- README.md | 4 ++-- docs/Changelog.md | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 383d71c4..bc547b3c 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ behaviours and defaults: ## Important features of afl++ - afl++ supports llvm from 6.0 up to version 12, very fast binary fuzzing with QEMU 5.1 + afl++ supports llvm from 3.8 up to version 12, very fast binary fuzzing with QEMU 5.1 with laf-intel and redqueen, frida mode, unicorn mode, gcc plugin, full *BSD, Mac OS, Solaris and Android support and much, much, much more. @@ -296,7 +296,7 @@ anything below 9 is not recommended. | v +---------------------------------+ -| clang/clang++ 6.0+ is available | --> use LLVM mode (afl-clang-fast/afl-clang-fast++) +| clang/clang++ 3.8+ is available | --> use LLVM mode (afl-clang-fast/afl-clang-fast++) +---------------------------------+ see [instrumentation/README.llvm.md](instrumentation/README.llvm.md) | | if not, or if the target fails with LLVM afl-clang-fast/++ diff --git a/docs/Changelog.md b/docs/Changelog.md index 103f5920..6c851460 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -17,6 +17,9 @@ sending a mail to . an indicator why - afl-cc - support partial linking + - We do support llvm versions from 3.8 again + - afl_analyze + - fix timeout handling and support forkserver - ensure afl-compiler-rt is built for gcc_module - afl-analyze now uses the forkserver for increased performance From c88f650bf8a74fccafc2827489633e5c92a0bf5e Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 8 Jun 2021 10:05:04 +0200 Subject: [PATCH 328/441] adapt to minimum llvm version --- instrumentation/README.llvm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 8ce5afb9..2d428e6d 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -6,7 +6,7 @@ ## 1) Introduction -! llvm_mode works with llvm versions 6.0 up to 12 ! +! llvm_mode works with llvm versions 3.8 up to 12 ! The code in this directory allows you to instrument programs for AFL using true compiler-level instrumentation, instead of the more crude From 48c878a76ddec2c133fd5708b185b2ac27740084 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Tue, 8 Jun 2021 10:10:42 +0200 Subject: [PATCH 329/441] push to stable (#962) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release * back push (#952) * Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters Co-authored-by: van Hauser Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic * v3.13c release (#950) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder- * v3.14a init * remove redundant unsetenv (#947) * update MacOS Install information * add missing clean action for frida_mode * ensure memory is there before free * adapt to incompatible LLVM 13 API * fix stupid typos * add fix info * build afl-compiler-rt even with broken llvm * fix -F with slash option * dynamic_list and afl-compiler-rt rework * detect partial linking in afl-cc * partial linking with -Wl * Add proper name and URL for Zafl (#959) * move link * add known frontends for supported compiler infrastructures * add Rust * fix ui fuzzing stage index (#960) * fix overflowing UI fields 'now processing' * restored timeout handling (with SIGALRM for now) * On non-Linux systems make clean may fail for frida_mode * give hint how to set env var for path to llvm-config tool * setting AFL_CC for test-llvm.sh on FreeBSD is not necessary anymore * remove -D from -M * write target errors to out_dir/error.txt * add changelog entry * add changelog * format * more info for error logging * Forkserver for afl-analyze (#963) * afl-analyze forkserver * added missing vars to forkserver * synchronized a bit more with afl-tmin * more debugging, runs now, but need to suppress target output * fix dev/null setting * afl-analyze info: Co-authored-by: hexcoder- * proper newlines * reenable LLVM 3.8 ( Ubuntu 16.04 ) * FRIDA AARCH64 support (#965) Co-authored-by: Your Name * adapt docs to minimum LLVM version * adapt to minimum llvm version Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: terrynini Co-authored-by: jdhiser Co-authored-by: yuan --- GNUmakefile | 6 +- GNUmakefile.gcc_plugin | 13 +- GNUmakefile.llvm | 6 +- README.md | 6 +- docs/Changelog.md | 12 + docs/binaryonly_fuzzing.md | 3 +- docs/ideas.md | 6 + dynamic_list.txt | 68 ++-- frida_mode/README.md | 8 +- frida_mode/include/ctx.h | 11 +- frida_mode/include/instrument.h | 10 +- .../src/asan/{asan_arm.c => asan_arm32.c} | 0 frida_mode/src/asan/asan_arm64.c | 76 +++- .../cmplog/{cmplog_arm.c => cmplog_arm32.c} | 0 frida_mode/src/cmplog/cmplog_arm64.c | 295 ++++++++++++++- frida_mode/src/ctx/ctx_arm32.c | 16 + frida_mode/src/ctx/ctx_arm64.c | 303 +++++++++++++++ frida_mode/src/instrument/instrument.c | 5 +- frida_mode/src/instrument/instrument_arm32.c | 12 + frida_mode/src/instrument/instrument_arm64.c | 12 + frida_mode/src/instrument/instrument_debug.c | 58 +-- frida_mode/src/instrument/instrument_x64.c | 12 + frida_mode/src/instrument/instrument_x86.c | 12 + frida_mode/src/persistent/persistent_arm64.c | 354 +++++++++++++++++- frida_mode/src/persistent/persistent_x64.c | 2 - frida_mode/src/persistent/persistent_x86.c | 2 - frida_mode/src/stats/stats.c | 1 - .../src/stats/{stats_arm.c => stats_arm32.c} | 0 frida_mode/test/cmplog/GNUmakefile | 11 +- frida_mode/test/cmplog/Makefile | 4 + frida_mode/test/cmplog/cmplog.c | 2 +- frida_mode/test/fasan/GNUmakefile | 4 +- frida_mode/test/persistent_ret/GNUmakefile | 4 +- frida_mode/test/png/persistent/GNUmakefile | 14 +- frida_mode/test/png/persistent/Makefile | 3 + .../test/png/persistent/hook/GNUmakefile | 4 +- .../persistent/hook/aflpp_qemu_driver_hook.c | 96 +++++ instrumentation/README.llvm.md | 2 +- instrumentation/afl-compiler-rt.o.c | 146 ++++++-- instrumentation/afl-llvm-pass.so.cc | 2 +- src/afl-analyze.c | 218 ++++------- src/afl-cc.c | 12 +- src/afl-fuzz-init.c | 17 +- src/afl-fuzz-stats.c | 52 +-- src/afl-fuzz.c | 3 +- test/test-llvm.sh | 8 - 46 files changed, 1594 insertions(+), 317 deletions(-) rename frida_mode/src/asan/{asan_arm.c => asan_arm32.c} (100%) rename frida_mode/src/cmplog/{cmplog_arm.c => cmplog_arm32.c} (100%) create mode 100644 frida_mode/src/ctx/ctx_arm32.c create mode 100644 frida_mode/src/ctx/ctx_arm64.c rename frida_mode/src/stats/{stats_arm.c => stats_arm32.c} (100%) diff --git a/GNUmakefile b/GNUmakefile index a45f6d5c..bd206af0 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -436,8 +436,8 @@ afl-showmap: src/afl-showmap.c src/afl-common.o src/afl-sharedmem.o src/afl-fork afl-tmin: src/afl-tmin.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o $(COMM_HDR) | test_x86 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-forkserver.o src/afl-performance.o -o $@ $(LDFLAGS) -afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o $(COMM_HDR) | test_x86 - $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o -o $@ $(LDFLAGS) +afl-analyze: src/afl-analyze.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o $(COMM_HDR) | test_x86 + $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o src/afl-sharedmem.o src/afl-performance.o src/afl-forkserver.o -o $@ $(LDFLAGS) afl-gotcpu: src/afl-gotcpu.c src/afl-common.o $(COMM_HDR) | test_x86 $(CC) $(CFLAGS) $(COMPILE_STATIC) $(CFLAGS_FLTO) src/$@.c src/afl-common.o -o $@ $(LDFLAGS) @@ -572,7 +572,7 @@ clean: $(MAKE) -C qemu_mode/unsigaction clean $(MAKE) -C qemu_mode/libcompcov clean $(MAKE) -C qemu_mode/libqasan clean - $(MAKE) -C frida_mode clean + -$(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true diff --git a/GNUmakefile.gcc_plugin b/GNUmakefile.gcc_plugin index b0f90f1b..bce97b2f 100644 --- a/GNUmakefile.gcc_plugin +++ b/GNUmakefile.gcc_plugin @@ -100,7 +100,7 @@ ifeq "$(SYS)" "SunOS" endif -PROGS = ./afl-gcc-pass.so +PROGS = ./afl-gcc-pass.so ./afl-compiler-rt.o ./afl-compiler-rt-32.o ./afl-compiler-rt-64.o .PHONY: all all: test_shm test_deps $(PROGS) test_build all_done @@ -130,6 +130,17 @@ test_deps: afl-common.o: ./src/afl-common.c $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -o $@ $(LDFLAGS) +./afl-compiler-rt.o: instrumentation/afl-compiler-rt.o.c + $(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -fPIC -c $< -o $@ + +./afl-compiler-rt-32.o: instrumentation/afl-compiler-rt.o.c + @printf "[*] Building 32-bit variant of the runtime (-m32)... " + @$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -m32 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; ln -sf afl-compiler-rt-32.o afl-llvm-rt-32.o; else echo "failed (that's fine)"; fi + +./afl-compiler-rt-64.o: instrumentation/afl-compiler-rt.o.c + @printf "[*] Building 64-bit variant of the runtime (-m64)... " + @$(CC) $(CFLAGS_SAFE) $(CPPFLAGS) -O3 -Wno-unused-result -m64 -fPIC -c $< -o $@ 2>/dev/null; if [ "$$?" = "0" ]; then echo "success!"; ln -sf afl-compiler-rt-64.o afl-llvm-rt-64.o; else echo "failed (that's fine)"; fi + ./afl-gcc-pass.so: instrumentation/afl-gcc-pass.so.cc | test_deps $(CXX) $(CXXEFLAGS) $(PLUGIN_FLAGS) -shared $< -o $@ ln -sf afl-cc afl-gcc-fast diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 2d50badc..95140cb0 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -45,7 +45,7 @@ endif LLVMVER = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/git//' | sed 's/svn//' ) LLVM_MAJOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/\..*//' ) LLVM_MINOR = $(shell $(LLVM_CONFIG) --version 2>/dev/null | sed 's/.*\.//' | sed 's/git//' | sed 's/svn//' | sed 's/ .*//' ) -LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^[0-5]\.' && echo 1 || echo 0 ) +LLVM_UNSUPPORTED = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^[0-2]\.|^3.[0-7]\.' && echo 1 || echo 0 ) LLVM_TOO_NEW = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[3-9]' && echo 1 || echo 0 ) LLVM_NEW_API = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[0-9]' && echo 1 || echo 0 ) LLVM_10_OK = $(shell $(LLVM_CONFIG) --version 2>/dev/null | egrep -q '^1[1-9]|^10\.[1-9]|^10\.0.[1-9]' && echo 1 || echo 0 ) @@ -57,11 +57,11 @@ LLVM_APPLE_XCODE = $(shell clang -v 2>&1 | grep -q Apple && echo 1 || echo 0) LLVM_LTO = 0 ifeq "$(LLVMVER)" "" - $(warning [!] llvm_mode needs llvm-config, which was not found) + $(warning [!] llvm_mode needs llvm-config, which was not found. Set LLVM_CONFIG to its path and retry.) endif ifeq "$(LLVM_UNSUPPORTED)" "1" - $(error llvm_mode only supports llvm from version 6.0 onwards) + $(error llvm_mode only supports llvm from version 3.8 onwards) endif ifeq "$(LLVM_TOO_NEW)" "1" diff --git a/README.md b/README.md index ba612edb..bc547b3c 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ behaviours and defaults: ## Important features of afl++ - afl++ supports llvm from 6.0 up to version 12, very fast binary fuzzing with QEMU 5.1 + afl++ supports llvm from 3.8 up to version 12, very fast binary fuzzing with QEMU 5.1 with laf-intel and redqueen, frida mode, unicorn mode, gcc plugin, full *BSD, Mac OS, Solaris and Android support and much, much, much more. @@ -296,7 +296,7 @@ anything below 9 is not recommended. | v +---------------------------------+ -| clang/clang++ 6.0+ is available | --> use LLVM mode (afl-clang-fast/afl-clang-fast++) +| clang/clang++ 3.8+ is available | --> use LLVM mode (afl-clang-fast/afl-clang-fast++) +---------------------------------+ see [instrumentation/README.llvm.md](instrumentation/README.llvm.md) | | if not, or if the target fails with LLVM afl-clang-fast/++ @@ -801,7 +801,7 @@ Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. Then run as many instances as you have cores left with either -Q mode or - better - -use a binary rewriter like afl-dyninst, retrowrite, zaflr, etc. +use a binary rewriter like afl-dyninst, retrowrite, zafl, etc. For Qemu and Frida mode, check out the persistent mode, it gives a huge speed improvement if it is possible to use. diff --git a/docs/Changelog.md b/docs/Changelog.md index a49c0672..6c851460 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -10,6 +10,18 @@ sending a mail to . ### Version ++3.14a (release) - Fix for llvm 13 + - afl-fuzz: + - fix -F when a '/' was part of the parameter + - removed implied -D determinstic from -M main + - if the target becomes unavailable check out out/default/error.txt for + an indicator why + - afl-cc + - support partial linking + - We do support llvm versions from 3.8 again + - afl_analyze + - fix timeout handling and support forkserver + - ensure afl-compiler-rt is built for gcc_module + - afl-analyze now uses the forkserver for increased performance ### Version ++3.13c (release) diff --git a/docs/binaryonly_fuzzing.md b/docs/binaryonly_fuzzing.md index 11e1dbeb..3b32f5ed 100644 --- a/docs/binaryonly_fuzzing.md +++ b/docs/binaryonly_fuzzing.md @@ -122,7 +122,7 @@ [https://github.com/vanhauser-thc/afl-dyninst](https://github.com/vanhauser-thc/afl-dyninst) -## RETROWRITE +## RETROWRITE, ZAFL, ... other binary rewriter If you have an x86/x86_64 binary that still has its symbols, is compiled with position independant code (PIC/PIE) and does not use most of the C++ @@ -131,6 +131,7 @@ It is at about 80-85% performance. + [https://git.zephyr-software.com/opensrc/zafl](https://git.zephyr-software.com/opensrc/zafl) [https://github.com/HexHive/retrowrite](https://github.com/HexHive/retrowrite) diff --git a/docs/ideas.md b/docs/ideas.md index e25d3ba6..0ee69851 100644 --- a/docs/ideas.md +++ b/docs/ideas.md @@ -34,6 +34,12 @@ Mentor: any Other programming languages also use llvm hence they could (easily?) supported for fuzzing, e.g. mono, swift, go, kotlin native, fortran, ... +GCC also supports: Objective-C, Fortran, Ada, Go, and D +(according to [Gcc homepage](https://gcc.gnu.org/)) + +LLVM is also used by: Rust, LLGo (Go), kaleidoscope (Haskell), flang (Fortran), emscripten (JavaScript, WASM), ilwasm (CIL (C#)) +(according to [LLVM frontends](https://gist.github.com/axic/62d66fb9d8bccca6cc48fa9841db9241)) + Mentor: vanhauser-thc ## Machine Learning diff --git a/dynamic_list.txt b/dynamic_list.txt index d1905d43..7293ae77 100644 --- a/dynamic_list.txt +++ b/dynamic_list.txt @@ -1,48 +1,56 @@ { + "__afl_already_initialized_first"; + "__afl_already_initialized_forkserver"; + "__afl_already_initialized_second"; + "__afl_already_initialized_shm"; "__afl_area_ptr"; - "__afl_manual_init"; - "__afl_persistent_loop"; + "__afl_auto_early"; + "__afl_auto_first"; "__afl_auto_init"; - "__afl_area_initial"; - "__afl_prev_loc"; - "__afl_prev_caller"; - "__afl_prev_ctx"; - "__afl_final_loc"; - "__afl_map_addr"; + "__afl_auto_second"; + "__afl_coverage_discard"; + "__afl_coverage_interesting"; + "__afl_coverage_off"; + "__afl_coverage_on"; + "__afl_coverage_skip"; "__afl_dictionary"; "__afl_dictionary_len"; + "__afl_final_loc"; + "__afl_fuzz_len"; + "__afl_fuzz_ptr"; + "__afl_manual_init"; + "__afl_map_addr"; + "__afl_persistent_loop"; + "__afl_prev_caller"; + "__afl_prev_ctx"; + "__afl_prev_loc"; "__afl_selective_coverage"; "__afl_selective_coverage_start_off"; "__afl_selective_coverage_temp"; - "__afl_coverage_discard"; - "__afl_coverage_skip"; - "__afl_coverage_on"; - "__afl_coverage_off"; - "__afl_coverage_interesting"; - "__afl_fuzz_len"; - "__afl_fuzz_ptr"; "__afl_sharedmem_fuzzing"; - "__sanitizer_cov_trace_pc_guard"; - "__sanitizer_cov_trace_pc_guard_init"; + "__afl_trace"; "__cmplog_ins_hook1"; + "__cmplog_ins_hook16"; "__cmplog_ins_hook2"; "__cmplog_ins_hook4"; + "__cmplog_ins_hook8"; "__cmplog_ins_hookN"; - "__cmplog_ins_hook16"; - "__sanitizer_cov_trace_cmp1"; - "__sanitizer_cov_trace_const_cmp1"; - "__sanitizer_cov_trace_cmp2"; - "__sanitizer_cov_trace_const_cmp2"; - "__sanitizer_cov_trace_cmp4"; - "__sanitizer_cov_trace_const_cmp4"; - "__sanitizer_cov_trace_cmp8"; - "__sanitizer_cov_trace_const_cmp8"; - "__sanitizer_cov_trace_cmp16"; - "__sanitizer_cov_trace_const_cmp16"; - "__sanitizer_cov_trace_switch"; - "__cmplog_rtn_hook"; "__cmplog_rtn_gcc_stdstring_cstring"; "__cmplog_rtn_gcc_stdstring_stdstring"; + "__cmplog_rtn_hook"; "__cmplog_rtn_llvm_stdstring_cstring"; "__cmplog_rtn_llvm_stdstring_stdstring"; + "__sanitizer_cov_trace_cmp1"; + "__sanitizer_cov_trace_cmp16"; + "__sanitizer_cov_trace_cmp2"; + "__sanitizer_cov_trace_cmp4"; + "__sanitizer_cov_trace_cmp8"; + "__sanitizer_cov_trace_const_cmp1"; + "__sanitizer_cov_trace_const_cmp16"; + "__sanitizer_cov_trace_const_cmp2"; + "__sanitizer_cov_trace_const_cmp4"; + "__sanitizer_cov_trace_const_cmp8"; + "__sanitizer_cov_trace_pc_guard"; + "__sanitizer_cov_trace_pc_guard_init"; + "__sanitizer_cov_trace_switch"; }; diff --git a/frida_mode/README.md b/frida_mode/README.md index 0103a395..d7dd72a0 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -21,16 +21,16 @@ perhaps leverage some of its design and implementation. | Feature/Instrumentation | frida-mode | Notes | | -------------------------|:----------:|:--------------------------------------------:| | NeverZero | x | | - | Persistent Mode | x | (x86/x64 only)(Only on function boundaries) | + | Persistent Mode | x | (x86/x64/aarch64 only) | | LAF-Intel / CompCov | - | (CMPLOG is better 90% of the time) | - | CMPLOG | x | (x86/x64 only) | + | CMPLOG | x | (x86/x64/aarch64 only) | | Selective Instrumentation| x | | | Non-Colliding Coverage | - | (Not possible in binary-only instrumentation | | Ngram prev_loc Coverage | - | | | Context Coverage | - | | | Auto Dictionary | - | | | Snapshot LKM Support | - | | - | In-Memory Test Cases | x | (x86/x64 only) | + | In-Memory Test Cases | x | (x86/x64/aarch64 only) | ## Compatibility Currently FRIDA mode supports Linux and macOS targets on both x86/x64 @@ -288,7 +288,7 @@ to validate memory accesses against the shadow memory. ## TODO -The next features to be added are Aarch64 and Aarch32 support as well as looking at +The next features to be added are Aarch32 support as well as looking at potential performance improvements. The intention is to achieve feature parity with QEMU mode in due course. Contributions are welcome, but please get in touch to ensure that efforts are deconflicted. diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h index cbcc892a..67274aee 100644 --- a/frida_mode/include/ctx.h +++ b/frida_mode/include/ctx.h @@ -3,8 +3,15 @@ #include "frida-gum.h" -#if defined(__x86_64__) || defined(__i386__) -gsize ctx_read_reg(GumCpuContext *ctx, x86_reg reg); +#if defined(__x86_64__) +gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg); +#elif defined(__i386__) +gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg); +#elif defined(__aarch64__) +gsize ctx_read_reg(GumArm64CpuContext *ctx, arm64_reg reg); +size_t ctx_get_size(const cs_insn *instr, cs_arm64_op *operand); +#elif defined(__arm__) +gsize ctx_read_reg(GumArmCpuContext *ctx, arm_reg reg); #endif #endif diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index ed92c25a..577481d1 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -19,9 +19,11 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); -void instrument_debug_init(void); -void instrument_debug_start(uint64_t address, GumStalkerOutput *output); -void instrument_debug_instruction(uint64_t address, uint16_t size); -void instrument_debug_end(GumStalkerOutput *output); +void instrument_debug_init(void); +void instrument_debug_start(uint64_t address, GumStalkerOutput *output); +void instrument_debug_instruction(uint64_t address, uint16_t size); +void instrument_debug_end(GumStalkerOutput *output); +void instrument_flush(GumStalkerOutput *output); +gpointer instrument_cur(GumStalkerOutput *output); #endif diff --git a/frida_mode/src/asan/asan_arm.c b/frida_mode/src/asan/asan_arm32.c similarity index 100% rename from frida_mode/src/asan/asan_arm.c rename to frida_mode/src/asan/asan_arm32.c diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index 6262ee18..66138e42 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -1,18 +1,80 @@ +#include #include "frida-gum.h" #include "debug.h" #include "asan.h" +#include "ctx.h" #include "util.h" #if defined(__aarch64__) + +typedef struct { + + size_t size; + cs_arm64_op operand; + +} asan_ctx_t; + +typedef void (*asan_loadN_t)(gsize address, uint8_t size); +typedef void (*asan_storeN_t)(gsize address, uint8_t size); + +asan_loadN_t asan_loadN = NULL; +asan_storeN_t asan_storeN = NULL; + +static void asan_callout(GumCpuContext *ctx, gpointer user_data) { + + asan_ctx_t * asan_ctx = (asan_ctx_t *)user_data; + cs_arm64_op * operand = &asan_ctx->operand; + arm64_op_mem *mem = &operand->mem; + gsize base = 0; + gsize index = 0; + gsize address; + + if (mem->base != ARM64_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != ARM64_REG_INVALID) { + + index = ctx_read_reg(ctx, mem->index); + + } + + address = base + index + mem->disp; + + if ((operand->access & CS_AC_READ) == CS_AC_READ) { + + asan_loadN(address, asan_ctx->size); + + } + + if ((operand->access & CS_AC_WRITE) == CS_AC_WRITE) { + + asan_storeN(address, asan_ctx->size); + + } + +} + void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); UNUSED_PARAMETER(iterator); - if (asan_initialized) { - FATAL("ASAN mode not supported on this architecture"); + cs_arm64 arm64 = instr->detail->arm64; + cs_arm64_op *operand; + asan_ctx_t * ctx; + + if (!asan_initialized) return; + + for (uint8_t i = 0; i < arm64.op_count; i++) { + + operand = &arm64.operands[i]; + + if (operand->type != ARM64_OP_MEM) { continue; } + + ctx = g_malloc0(sizeof(asan_ctx_t)); + ctx->size = ctx_get_size(instr, &arm64.operands[0]); + memcpy(&ctx->operand, operand, sizeof(cs_arm64_op)); + gum_stalker_iterator_put_callout(iterator, asan_callout, ctx, g_free); } @@ -20,7 +82,13 @@ void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { void asan_arch_init(void) { - FATAL("ASAN mode not supported on this architecture"); + asan_loadN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_loadN"); + asan_storeN = (asan_loadN_t)dlsym(RTLD_DEFAULT, "__asan_storeN"); + if (asan_loadN == NULL || asan_storeN == NULL) { + + FATAL("Frida ASAN failed to find '__asan_loadN' or '__asan_storeN'"); + + } } diff --git a/frida_mode/src/cmplog/cmplog_arm.c b/frida_mode/src/cmplog/cmplog_arm32.c similarity index 100% rename from frida_mode/src/cmplog/cmplog_arm.c rename to frida_mode/src/cmplog/cmplog_arm32.c diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 187d0162..04631ff8 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -1,17 +1,304 @@ #include "frida-gum.h" #include "debug.h" +#include "cmplog.h" +#include "ctx.h" #include "frida_cmplog.h" #include "util.h" #if defined(__aarch64__) + +typedef struct { + + arm64_op_type type; + uint8_t size; + + union { + + arm64_op_mem mem; + arm64_reg reg; + int64_t imm; + + }; + +} cmplog_ctx_t; + +typedef struct { + + cmplog_ctx_t operand1; + cmplog_ctx_t operand2; + size_t size; + +} cmplog_pair_ctx_t; + +static gboolean cmplog_read_mem(GumCpuContext *ctx, uint8_t size, + arm64_op_mem *mem, gsize *val) { + + gsize base = 0; + gsize index = 0; + gsize address; + + if (mem->base != ARM64_REG_INVALID) { base = ctx_read_reg(ctx, mem->base); } + + if (mem->index != ARM64_REG_INVALID) { + + index = ctx_read_reg(ctx, mem->index); + + } + + address = base + index + mem->disp; + + if (!cmplog_is_readable(address, size)) { return FALSE; } + + switch (size) { + + case 1: + *val = *((guint8 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 2: + *val = *((guint16 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 4: + *val = *((guint32 *)GSIZE_TO_POINTER(address)); + return TRUE; + case 8: + *val = *((guint64 *)GSIZE_TO_POINTER(address)); + return TRUE; + default: + FATAL("Invalid operand size: %d\n", size); + + } + + return FALSE; + +} + +static gboolean cmplog_get_operand_value(GumCpuContext *context, + cmplog_ctx_t *ctx, gsize *val) { + + switch (ctx->type) { + + case ARM64_OP_REG: + *val = ctx_read_reg(context, ctx->reg); + return TRUE; + case ARM64_OP_IMM: + *val = ctx->imm; + return TRUE; + case ARM64_OP_MEM: + return cmplog_read_mem(context, ctx->size, &ctx->mem, val); + default: + FATAL("Invalid operand type: %d\n", ctx->type); + + } + + return FALSE; + +} + +static void cmplog_call_callout(GumCpuContext *context, gpointer user_data) { + + UNUSED_PARAMETER(user_data); + + gsize address = context->pc; + gsize x0 = ctx_read_reg(context, ARM64_REG_X0); + gsize x1 = ctx_read_reg(context, ARM64_REG_X1); + + if (((G_MAXULONG - x0) < 32) || ((G_MAXULONG - x1) < 32)) return; + + if (!cmplog_is_readable(x0, 32) || !cmplog_is_readable(x1, 32)) return; + + void *ptr1 = GSIZE_TO_POINTER(x0); + void *ptr2 = GSIZE_TO_POINTER(x1); + + uintptr_t k = address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_RTN; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = 31; + + hits &= CMP_MAP_RTN_H - 1; + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v0, ptr1, + 32); + gum_memcpy(((struct cmpfn_operands *)__afl_cmp_map->log[k])[hits].v1, ptr2, + 32); + +} + +static void cmplog_instrument_put_operand(cmplog_ctx_t *ctx, + cs_arm64_op * operand) { + + ctx->type = operand->type; + switch (operand->type) { + + case ARM64_OP_REG: + gum_memcpy(&ctx->reg, &operand->reg, sizeof(arm64_reg)); + break; + case ARM64_OP_IMM: + gum_memcpy(&ctx->imm, &operand->imm, sizeof(int64_t)); + break; + case ARM64_OP_MEM: + gum_memcpy(&ctx->mem, &operand->mem, sizeof(arm64_op_mem)); + break; + default: + FATAL("Invalid operand type: %d\n", operand->type); + + } + +} + +static void cmplog_instrument_call(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_arm64 arm64 = instr->detail->arm64; + cs_arm64_op *operand; + + switch (instr->id) { + + case ARM64_INS_BL: + case ARM64_INS_BLR: + case ARM64_INS_BLRAA: + case ARM64_INS_BLRAAZ: + case ARM64_INS_BLRAB: + case ARM64_INS_BLRABZ: + break; + default: + return; + + } + + if (arm64.op_count != 1) return; + + operand = &arm64.operands[0]; + + if (operand->type == ARM64_OP_INVALID) return; + + gum_stalker_iterator_put_callout(iterator, cmplog_call_callout, NULL, NULL); + +} + +static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, + gsize operand2, uint8_t size) { + + gsize address = context->pc; + + register uintptr_t k = (uintptr_t)address; + + k = (k >> 4) ^ (k << 8); + k &= CMP_MAP_W - 1; + + __afl_cmp_map->headers[k].type = CMP_TYPE_INS; + + u32 hits = __afl_cmp_map->headers[k].hits; + __afl_cmp_map->headers[k].hits = hits + 1; + + __afl_cmp_map->headers[k].shape = (size - 1); + + hits &= CMP_MAP_H - 1; + __afl_cmp_map->log[k][hits].v0 = operand1; + __afl_cmp_map->log[k][hits].v1 = operand2; + +} + +static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { + + cmplog_pair_ctx_t *ctx = (cmplog_pair_ctx_t *)user_data; + gsize operand1; + gsize operand2; + + if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } + if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } + + cmplog_handle_cmp_sub(context, operand1, operand2, ctx->size); + +} + +static void cmplog_instrument_cmp_sub_put_callout(GumStalkerIterator *iterator, + cs_arm64_op * operand1, + cs_arm64_op * operand2, + size_t size) { + + cmplog_pair_ctx_t *ctx = g_malloc(sizeof(cmplog_pair_ctx_t)); + if (ctx == NULL) return; + + cmplog_instrument_put_operand(&ctx->operand1, operand1); + cmplog_instrument_put_operand(&ctx->operand2, operand2); + ctx->size = size; + + gum_stalker_iterator_put_callout(iterator, cmplog_cmp_sub_callout, ctx, + g_free); + +} + +static void cmplog_instrument_cmp_sub(const cs_insn * instr, + GumStalkerIterator *iterator) { + + cs_arm64 arm64 = instr->detail->arm64; + cs_arm64_op *operand1; + cs_arm64_op *operand2; + size_t size; + + switch (instr->id) { + + case ARM64_INS_ADCS: + case ARM64_INS_ADDS: + case ARM64_INS_ANDS: + case ARM64_INS_BICS: + case ARM64_INS_CMN: + case ARM64_INS_CMP: + case ARM64_INS_CMPEQ: + case ARM64_INS_CMPGE: + case ARM64_INS_CMPGT: + case ARM64_INS_CMPHI: + case ARM64_INS_CMPHS: + case ARM64_INS_CMPLE: + case ARM64_INS_CMPLO: + case ARM64_INS_CMPLS: + case ARM64_INS_CMPLT: + case ARM64_INS_CMPNE: + case ARM64_INS_EORS: + case ARM64_INS_NANDS: + case ARM64_INS_NEGS: + case ARM64_INS_NGCS: + case ARM64_INS_NORS: + case ARM64_INS_NOTS: + case ARM64_INS_ORNS: + case ARM64_INS_ORRS: + case ARM64_INS_SBCS: + case ARM64_INS_SUBS: + break; + + default: + return; + + } + + if (arm64.op_count != 2) return; + + operand1 = &arm64.operands[0]; + operand2 = &arm64.operands[1]; + + if (operand1->type == ARM64_OP_INVALID) return; + if (operand2->type == ARM64_OP_INVALID) return; + + size = ctx_get_size(instr, &arm64.operands[0]); + + cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2, size); + +} + void cmplog_instrument(const cs_insn *instr, GumStalkerIterator *iterator) { - UNUSED_PARAMETER(instr); - UNUSED_PARAMETER(iterator); - if (__afl_cmp_map == NULL) { return; } - FATAL("CMPLOG mode not supported on this architecture"); + if (__afl_cmp_map == NULL) return; + + cmplog_instrument_call(instr, iterator); + cmplog_instrument_cmp_sub(instr, iterator); } diff --git a/frida_mode/src/ctx/ctx_arm32.c b/frida_mode/src/ctx/ctx_arm32.c new file mode 100644 index 00000000..a5c6f6d4 --- /dev/null +++ b/frida_mode/src/ctx/ctx_arm32.c @@ -0,0 +1,16 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__arm__) + +gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { + + FATAL("ctx_read_reg unimplemented for this architecture"); + +} + +#endif + diff --git a/frida_mode/src/ctx/ctx_arm64.c b/frida_mode/src/ctx/ctx_arm64.c new file mode 100644 index 00000000..d09896af --- /dev/null +++ b/frida_mode/src/ctx/ctx_arm64.c @@ -0,0 +1,303 @@ +#include "frida-gum.h" + +#include "debug.h" + +#include "ctx.h" + +#if defined(__aarch64__) + + #define ARM64_REG_8(LABEL, REG) \ + case LABEL: { \ + \ + return REG & GUM_INT8_MASK; \ + \ + } + + #define ARM64_REG_16(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT16_MASK); \ + \ + } + + #define ARM64_REG_32(LABEL, REG) \ + case LABEL: { \ + \ + return (REG & GUM_INT32_MASK); \ + \ + } + + #define ARM64_REG_64(LABEL, REG) \ + case LABEL: { \ + \ + return (REG); \ + \ + } + +gsize ctx_read_reg(GumArm64CpuContext *ctx, arm64_reg reg) { + + switch (reg) { + + case ARM64_REG_WZR: + case ARM64_REG_XZR: + return 0; + + ARM64_REG_8(ARM64_REG_B0, ctx->x[0]) + ARM64_REG_8(ARM64_REG_B1, ctx->x[1]) + ARM64_REG_8(ARM64_REG_B2, ctx->x[2]) + ARM64_REG_8(ARM64_REG_B3, ctx->x[3]) + ARM64_REG_8(ARM64_REG_B4, ctx->x[4]) + ARM64_REG_8(ARM64_REG_B5, ctx->x[5]) + ARM64_REG_8(ARM64_REG_B6, ctx->x[6]) + ARM64_REG_8(ARM64_REG_B7, ctx->x[7]) + ARM64_REG_8(ARM64_REG_B8, ctx->x[8]) + ARM64_REG_8(ARM64_REG_B9, ctx->x[9]) + ARM64_REG_8(ARM64_REG_B10, ctx->x[10]) + ARM64_REG_8(ARM64_REG_B11, ctx->x[11]) + ARM64_REG_8(ARM64_REG_B12, ctx->x[12]) + ARM64_REG_8(ARM64_REG_B13, ctx->x[13]) + ARM64_REG_8(ARM64_REG_B14, ctx->x[14]) + ARM64_REG_8(ARM64_REG_B15, ctx->x[15]) + ARM64_REG_8(ARM64_REG_B16, ctx->x[16]) + ARM64_REG_8(ARM64_REG_B17, ctx->x[17]) + ARM64_REG_8(ARM64_REG_B18, ctx->x[18]) + ARM64_REG_8(ARM64_REG_B19, ctx->x[19]) + ARM64_REG_8(ARM64_REG_B20, ctx->x[20]) + ARM64_REG_8(ARM64_REG_B21, ctx->x[21]) + ARM64_REG_8(ARM64_REG_B22, ctx->x[22]) + ARM64_REG_8(ARM64_REG_B23, ctx->x[23]) + ARM64_REG_8(ARM64_REG_B24, ctx->x[24]) + ARM64_REG_8(ARM64_REG_B25, ctx->x[25]) + ARM64_REG_8(ARM64_REG_B26, ctx->x[26]) + ARM64_REG_8(ARM64_REG_B27, ctx->x[27]) + ARM64_REG_8(ARM64_REG_B28, ctx->x[28]) + ARM64_REG_8(ARM64_REG_B29, ctx->fp) + ARM64_REG_8(ARM64_REG_B30, ctx->lr) + ARM64_REG_8(ARM64_REG_B31, ctx->sp) + + ARM64_REG_16(ARM64_REG_H0, ctx->x[0]) + ARM64_REG_16(ARM64_REG_H1, ctx->x[1]) + ARM64_REG_16(ARM64_REG_H2, ctx->x[2]) + ARM64_REG_16(ARM64_REG_H3, ctx->x[3]) + ARM64_REG_16(ARM64_REG_H4, ctx->x[4]) + ARM64_REG_16(ARM64_REG_H5, ctx->x[5]) + ARM64_REG_16(ARM64_REG_H6, ctx->x[6]) + ARM64_REG_16(ARM64_REG_H7, ctx->x[7]) + ARM64_REG_16(ARM64_REG_H8, ctx->x[8]) + ARM64_REG_16(ARM64_REG_H9, ctx->x[9]) + ARM64_REG_16(ARM64_REG_H10, ctx->x[10]) + ARM64_REG_16(ARM64_REG_H11, ctx->x[11]) + ARM64_REG_16(ARM64_REG_H12, ctx->x[12]) + ARM64_REG_16(ARM64_REG_H13, ctx->x[13]) + ARM64_REG_16(ARM64_REG_H14, ctx->x[14]) + ARM64_REG_16(ARM64_REG_H15, ctx->x[15]) + ARM64_REG_16(ARM64_REG_H16, ctx->x[16]) + ARM64_REG_16(ARM64_REG_H17, ctx->x[17]) + ARM64_REG_16(ARM64_REG_H18, ctx->x[18]) + ARM64_REG_16(ARM64_REG_H19, ctx->x[19]) + ARM64_REG_16(ARM64_REG_H20, ctx->x[20]) + ARM64_REG_16(ARM64_REG_H21, ctx->x[21]) + ARM64_REG_16(ARM64_REG_H22, ctx->x[22]) + ARM64_REG_16(ARM64_REG_H23, ctx->x[23]) + ARM64_REG_16(ARM64_REG_H24, ctx->x[24]) + ARM64_REG_16(ARM64_REG_H25, ctx->x[25]) + ARM64_REG_16(ARM64_REG_H26, ctx->x[26]) + ARM64_REG_16(ARM64_REG_H27, ctx->x[27]) + ARM64_REG_16(ARM64_REG_H28, ctx->x[28]) + ARM64_REG_16(ARM64_REG_H29, ctx->fp) + ARM64_REG_16(ARM64_REG_H30, ctx->lr) + ARM64_REG_16(ARM64_REG_H31, ctx->sp) + + ARM64_REG_32(ARM64_REG_W0, ctx->x[0]) + ARM64_REG_32(ARM64_REG_W1, ctx->x[1]) + ARM64_REG_32(ARM64_REG_W2, ctx->x[2]) + ARM64_REG_32(ARM64_REG_W3, ctx->x[3]) + ARM64_REG_32(ARM64_REG_W4, ctx->x[4]) + ARM64_REG_32(ARM64_REG_W5, ctx->x[5]) + ARM64_REG_32(ARM64_REG_W6, ctx->x[6]) + ARM64_REG_32(ARM64_REG_W7, ctx->x[7]) + ARM64_REG_32(ARM64_REG_W8, ctx->x[8]) + ARM64_REG_32(ARM64_REG_W9, ctx->x[9]) + ARM64_REG_32(ARM64_REG_W10, ctx->x[10]) + ARM64_REG_32(ARM64_REG_W11, ctx->x[11]) + ARM64_REG_32(ARM64_REG_W12, ctx->x[12]) + ARM64_REG_32(ARM64_REG_W13, ctx->x[13]) + ARM64_REG_32(ARM64_REG_W14, ctx->x[14]) + ARM64_REG_32(ARM64_REG_W15, ctx->x[15]) + ARM64_REG_32(ARM64_REG_W16, ctx->x[16]) + ARM64_REG_32(ARM64_REG_W17, ctx->x[17]) + ARM64_REG_32(ARM64_REG_W18, ctx->x[18]) + ARM64_REG_32(ARM64_REG_W19, ctx->x[19]) + ARM64_REG_32(ARM64_REG_W20, ctx->x[20]) + ARM64_REG_32(ARM64_REG_W21, ctx->x[21]) + ARM64_REG_32(ARM64_REG_W22, ctx->x[22]) + ARM64_REG_32(ARM64_REG_W23, ctx->x[23]) + ARM64_REG_32(ARM64_REG_W24, ctx->x[24]) + ARM64_REG_32(ARM64_REG_W25, ctx->x[25]) + ARM64_REG_32(ARM64_REG_W26, ctx->x[26]) + ARM64_REG_32(ARM64_REG_W27, ctx->x[27]) + ARM64_REG_32(ARM64_REG_W28, ctx->x[28]) + ARM64_REG_32(ARM64_REG_W29, ctx->fp) + ARM64_REG_32(ARM64_REG_W30, ctx->lr) + + ARM64_REG_64(ARM64_REG_X0, ctx->x[0]) + ARM64_REG_64(ARM64_REG_X1, ctx->x[1]) + ARM64_REG_64(ARM64_REG_X2, ctx->x[2]) + ARM64_REG_64(ARM64_REG_X3, ctx->x[3]) + ARM64_REG_64(ARM64_REG_X4, ctx->x[4]) + ARM64_REG_64(ARM64_REG_X5, ctx->x[5]) + ARM64_REG_64(ARM64_REG_X6, ctx->x[6]) + ARM64_REG_64(ARM64_REG_X7, ctx->x[7]) + ARM64_REG_64(ARM64_REG_X8, ctx->x[8]) + ARM64_REG_64(ARM64_REG_X9, ctx->x[9]) + ARM64_REG_64(ARM64_REG_X10, ctx->x[10]) + ARM64_REG_64(ARM64_REG_X11, ctx->x[11]) + ARM64_REG_64(ARM64_REG_X12, ctx->x[12]) + ARM64_REG_64(ARM64_REG_X13, ctx->x[13]) + ARM64_REG_64(ARM64_REG_X14, ctx->x[14]) + ARM64_REG_64(ARM64_REG_X15, ctx->x[15]) + ARM64_REG_64(ARM64_REG_X16, ctx->x[16]) + ARM64_REG_64(ARM64_REG_X17, ctx->x[17]) + ARM64_REG_64(ARM64_REG_X18, ctx->x[18]) + ARM64_REG_64(ARM64_REG_X19, ctx->x[19]) + ARM64_REG_64(ARM64_REG_X20, ctx->x[20]) + ARM64_REG_64(ARM64_REG_X21, ctx->x[21]) + ARM64_REG_64(ARM64_REG_X22, ctx->x[22]) + ARM64_REG_64(ARM64_REG_X23, ctx->x[23]) + ARM64_REG_64(ARM64_REG_X24, ctx->x[24]) + ARM64_REG_64(ARM64_REG_X25, ctx->x[25]) + ARM64_REG_64(ARM64_REG_X26, ctx->x[26]) + ARM64_REG_64(ARM64_REG_X27, ctx->x[27]) + ARM64_REG_64(ARM64_REG_X28, ctx->x[28]) + ARM64_REG_64(ARM64_REG_FP, ctx->fp) + ARM64_REG_64(ARM64_REG_LR, ctx->lr) + ARM64_REG_64(ARM64_REG_SP, ctx->sp) + + default: + FATAL("Failed to read register: %d", reg); + return 0; + + } + +} + +size_t ctx_get_size(const cs_insn *instr, cs_arm64_op *operand) { + + uint8_t num_registers; + uint8_t count_byte; + char vas_digit; + size_t mnemonic_len; + + switch (instr->id) { + + case ARM64_INS_STP: + case ARM64_INS_STXP: + case ARM64_INS_STNP: + case ARM64_INS_STLXP: + case ARM64_INS_LDP: + case ARM64_INS_LDXP: + case ARM64_INS_LDNP: + num_registers = 2; + break; + default: + num_registers = 1; + break; + + } + + mnemonic_len = strlen(instr->mnemonic); + if (mnemonic_len == 0) { FATAL("No mnemonic found"); }; + + char last = instr->mnemonic[mnemonic_len - 1]; + switch (last) { + + case 'b': + return 1; + case 'h': + return 2; + case 'w': + return 4 * num_registers; + + } + + if (operand->vas == ARM64_VAS_INVALID) { + + if (operand->type == ARM64_OP_REG) { + + switch (operand->reg) { + + case ARM64_REG_WZR: + case ARM64_REG_WSP: + case ARM64_REG_W0 ... ARM64_REG_W30: + case ARM64_REG_S0 ... ARM64_REG_S31: + return 4 * num_registers; + case ARM64_REG_D0 ... ARM64_REG_D31: + return 8 * num_registers; + case ARM64_REG_Q0 ... ARM64_REG_Q31: + return 16; + default: + return 8 * num_registers; + ; + + } + + } + + return 8 * num_registers; + + } + + if (g_str_has_prefix(instr->mnemonic, "st") || + g_str_has_prefix(instr->mnemonic, "ld")) { + + if (mnemonic_len < 3) { + + FATAL("VAS Mnemonic too short: %s\n", instr->mnemonic); + + } + + vas_digit = instr->mnemonic[2]; + if (vas_digit < '0' || vas_digit > '9') { + + FATAL("VAS Mnemonic digit out of range: %s\n", instr->mnemonic); + + } + + count_byte = vas_digit - '0'; + + } else { + + count_byte = 1; + + } + + switch (operand->vas) { + + case ARM64_VAS_1B: + return 1 * count_byte; + case ARM64_VAS_1H: + return 2 * count_byte; + case ARM64_VAS_4B: + case ARM64_VAS_1S: + case ARM64_VAS_1D: + case ARM64_VAS_2H: + return 4 * count_byte; + case ARM64_VAS_8B: + case ARM64_VAS_4H: + case ARM64_VAS_2S: + case ARM64_VAS_2D: + case ARM64_VAS_1Q: + return 8 * count_byte; + case ARM64_VAS_8H: + case ARM64_VAS_4S: + case ARM64_VAS_16B: + return 16 * count_byte; + default: + FATAL("Unexpected VAS type: %s %d", instr->mnemonic, operand->vas); + + } + +} + +#endif + diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index cd1ac0be..f261e79a 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -84,6 +84,8 @@ static void instr_basic_block(GumStalkerIterator *iterator, while (gum_stalker_iterator_next(iterator, &instr)) { + if (unlikely(begin)) { instrument_debug_start(instr->address, output); } + if (instr->address == entry_start) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } if (instr->address == persistent_ret) { persistent_epilogue(output); } @@ -119,8 +121,6 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (unlikely(begin)) { - instrument_debug_start(instr->address, output); - prefetch_write(GSIZE_TO_POINTER(instr->address)); if (likely(!excluded)) { @@ -155,6 +155,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, } + instrument_flush(output); instrument_debug_end(output); } diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 1a3c40bb..450a69a3 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -22,5 +22,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_arm_writer_flush(output->writer.arm); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_arm_writer_cur(output->writer.arm); + +} + #endif diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index fa3afb48..49ee86a2 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -93,5 +93,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_arm64_writer_flush(output->writer.arm64); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_arm64_writer_cur(output->writer.arm64); + +} + #endif diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index f8c1df77..0ce26a1c 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -7,6 +7,7 @@ #include "debug.h" +#include "instrument.h" #include "util.h" static int debugging_fd = -1; @@ -31,24 +32,44 @@ static void instrument_debug(char *format, ...) { } -static void instrument_disasm(guint8 *code, guint size) { +static void instrument_disasm(guint8 *start, guint8 *end) { csh capstone; cs_err err; + uint16_t size; cs_insn *insn; - size_t count, i; + size_t count = 0; + size_t i; + uint16_t len; err = cs_open(GUM_DEFAULT_CS_ARCH, GUM_DEFAULT_CS_MODE | GUM_DEFAULT_CS_ENDIAN, &capstone); g_assert(err == CS_ERR_OK); - count = cs_disasm(capstone, code, size, GPOINTER_TO_SIZE(code), 0, &insn); - g_assert(insn != NULL); + size = GPOINTER_TO_SIZE(end) - GPOINTER_TO_SIZE(start); - for (i = 0; i != count; i++) { + for (guint8 *curr = start; curr < end; curr += len, size -= len, len = 0) { - instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t%s %s\n", insn[i].address, - insn[i].mnemonic, insn[i].op_str); + count = cs_disasm(capstone, curr, size, GPOINTER_TO_SIZE(curr), 0, &insn); + if (insn == NULL) { + + instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t* 0x%016" G_GSIZE_MODIFIER + "x\n", + curr, *(size_t *)curr); + + len += sizeof(size_t); + continue; + + } + + for (i = 0; i != count; i++) { + + instrument_debug("\t0x%" G_GINT64_MODIFIER "x\t%s %s\n", insn[i].address, + insn[i].mnemonic, insn[i].op_str); + + len += insn[i].size; + + } } @@ -58,20 +79,6 @@ static void instrument_disasm(guint8 *code, guint size) { } -static gpointer instrument_cur(GumStalkerOutput *output) { - -#if defined(__i386__) || defined(__x86_64__) - return gum_x86_writer_cur(output->writer.x86); -#elif defined(__aarch64__) - return gum_arm64_writer_cur(output->writer.arm64); -#elif defined(__arm__) - return gum_arm_writer_cur(output->writer.arm); -#else - #error "Unsupported architecture" -#endif - -} - void instrument_debug_init(void) { char *filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); @@ -111,7 +118,7 @@ void instrument_debug_instruction(uint64_t address, uint16_t size) { if (likely(debugging_fd < 0)) { return; } uint8_t *start = (uint8_t *)GSIZE_TO_POINTER(address); - instrument_disasm(start, size); + instrument_disasm(start, start + size); } @@ -119,11 +126,10 @@ void instrument_debug_end(GumStalkerOutput *output) { if (likely(debugging_fd < 0)) { return; } gpointer instrument_gen_end = instrument_cur(output); - uint16_t size = GPOINTER_TO_SIZE(instrument_gen_end) - - GPOINTER_TO_SIZE(instrument_gen_start); - instrument_debug("\nGenerated block %p\n", instrument_gen_start); - instrument_disasm(instrument_gen_start, size); + instrument_debug("\nGenerated block %p-%p\n", instrument_gen_start, + instrument_gen_end); + instrument_disasm(instrument_gen_start, instrument_gen_end); } diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index 901f3bd0..7000e65d 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -89,5 +89,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_x86_writer_flush(output->writer.x86); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_x86_writer_cur(output->writer.x86); + +} + #endif diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 585bb5b8..04a19e08 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -81,5 +81,17 @@ void instrument_coverage_optimize(const cs_insn * instr, } +void instrument_flush(GumStalkerOutput *output) { + + gum_x86_writer_flush(output->writer.x86); + +} + +gpointer instrument_cur(GumStalkerOutput *output) { + + return gum_x86_writer_cur(output->writer.x86); + +} + #endif diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 1215d8da..b23693fe 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -1,9 +1,11 @@ +#include #include "frida-gum.h" #include "config.h" #include "debug.h" #include "instrument.h" +#include "persistent.h" #include "util.h" #if defined(__aarch64__) @@ -98,23 +100,365 @@ struct arm64_regs { typedef struct arm64_regs arch_api_regs; +static arch_api_regs saved_regs = {0}; +static gpointer saved_lr = NULL; + gboolean persistent_is_supported(void) { - return false; + return true; + +} + +static void instrument_persitent_save_regs(GumArm64Writer * cw, + struct arm64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + const guint32 mrs_x1_nzcv = 0xd53b4201; + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_SP, -(16), + GUM_INDEX_PRE_ADJUST); + + gum_arm64_writer_put_instruction(cw, mrs_x1_nzcv); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(regs_address)); + + /* Skip x0 & x1 we'll do that later */ + + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_X0, (16 * 1), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, + ARM64_REG_X0, (16 * 2), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, + ARM64_REG_X0, (16 * 3), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, + ARM64_REG_X0, (16 * 4), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, + ARM64_REG_X0, (16 * 5), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, + ARM64_REG_X0, (16 * 6), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, + ARM64_REG_X0, (16 * 7), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, + ARM64_REG_X0, (16 * 8), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, + ARM64_REG_X0, (16 * 9), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, + ARM64_REG_X0, (16 * 10), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, + ARM64_REG_X0, (16 * 11), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, + ARM64_REG_X0, (16 * 12), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, + ARM64_REG_X0, (16 * 13), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, + ARM64_REG_X0, (16 * 14), + GUM_INDEX_SIGNED_OFFSET); + + /* LR & Adjusted SP */ + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_X2, ARM64_REG_SP, + (GUM_RED_ZONE_SIZE + 32)); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X2, + ARM64_REG_X0, (16 * 15), + GUM_INDEX_SIGNED_OFFSET); + + /* PC & CPSR */ + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, + GUM_ADDRESS(persistent_start)); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, + ARM64_REG_X0, (16 * 16), + GUM_INDEX_SIGNED_OFFSET); + + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, + ARM64_REG_X0, (16 * 17), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, + ARM64_REG_X0, (16 * 18), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, + ARM64_REG_X0, (16 * 19), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, + ARM64_REG_X0, (16 * 20), + GUM_INDEX_SIGNED_OFFSET); + + /* x0 & x1 */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_SP, 16, + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_X0, (16 * 0), + GUM_INDEX_SIGNED_OFFSET); + + /* Pop the saved values */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_SP, 16, GUM_INDEX_POST_ADJUST); + + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); + +} + +static void instrument_persitent_restore_regs(GumArm64Writer * cw, + struct arm64_regs *regs) { + + GumAddress regs_address = GUM_ADDRESS(regs); + const guint32 msr_nzcv_x1 = 0xd51b4201; + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(regs_address)); + + /* Skip x0 - x3 we'll do that last */ + + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, + ARM64_REG_X0, (16 * 2), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, + ARM64_REG_X0, (16 * 3), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, + ARM64_REG_X0, (16 * 4), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, + ARM64_REG_X0, (16 * 5), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, + ARM64_REG_X0, (16 * 6), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, + ARM64_REG_X0, (16 * 7), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, + ARM64_REG_X0, (16 * 8), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, + ARM64_REG_X0, (16 * 9), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, + ARM64_REG_X0, (16 * 10), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, + ARM64_REG_X0, (16 * 11), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, + ARM64_REG_X0, (16 * 12), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, + ARM64_REG_X0, (16 * 13), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, + ARM64_REG_X0, (16 * 14), + GUM_INDEX_SIGNED_OFFSET); + + /* Don't restore RIP or RSP, use x1-x3 as clobber */ + + /* LR & Adjusted SP (clobber x1) */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X1, + ARM64_REG_X0, (16 * 15), + GUM_INDEX_SIGNED_OFFSET); + + /* PC (x2) & CPSR (x1) */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, + ARM64_REG_X0, (16 * 16), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_instruction(cw, msr_nzcv_x1); + + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, + ARM64_REG_X0, (16 * 17), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, + ARM64_REG_X0, (16 * 18), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, + ARM64_REG_X0, (16 * 19), + GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, + ARM64_REG_X0, (16 * 20), + GUM_INDEX_SIGNED_OFFSET); + + /* x2 & x3 */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, + ARM64_REG_X0, (16 * 1), + GUM_INDEX_SIGNED_OFFSET); + /* x0 & x1 */ + gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X0, ARM64_REG_X1, + ARM64_REG_X0, (16 * 0), + GUM_INDEX_SIGNED_OFFSET); + +} + +static void instrument_exit(GumArm64Writer *cw) { + + gum_arm64_writer_put_mov_reg_reg(cw, ARM64_REG_X0, ARM64_REG_XZR); + gum_arm64_writer_put_call_address_with_arguments( + cw, GUM_ADDRESS(_exit), 1, GUM_ARG_REGISTER, ARM64_REG_X0); + +} + +static int instrument_afl_persistent_loop_func(void) { + + int ret = __afl_persistent_loop(persistent_count); + previous_pc = 0; + return ret; + +} + +static void instrument_afl_persistent_loop(GumArm64Writer *cw) { + + gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + gum_arm64_writer_put_call_address_with_arguments( + cw, GUM_ADDRESS(instrument_afl_persistent_loop_func), 0); + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + +} + +static void persistent_prologue_hook(GumArm64Writer * cw, + struct arm64_regs *regs) { + + if (hook == NULL) return; + + gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X3, + GUM_ADDRESS(&__afl_fuzz_len)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); + + gum_arm64_writer_put_and_reg_reg_imm(cw, ARM64_REG_X3, ARM64_REG_X3, + G_MAXULONG); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); + + gum_arm64_writer_put_call_address_with_arguments( + cw, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), + GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, ARM64_REG_X2, + GUM_ARG_REGISTER, ARM64_REG_X3); + + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + GUM_RED_ZONE_SIZE); + +} + +static void instrument_persitent_save_lr(GumArm64Writer *cw) { + + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, -(16 + GUM_RED_ZONE_SIZE), + GUM_INDEX_PRE_ADJUST); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(&saved_lr)); + + gum_arm64_writer_put_str_reg_reg_offset(cw, ARM64_REG_LR, ARM64_REG_X0, 0); + + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_SP, 16 + GUM_RED_ZONE_SIZE, + GUM_INDEX_POST_ADJUST); } void persistent_prologue(GumStalkerOutput *output) { - UNUSED_PARAMETER(output); - FATAL("Persistent mode not supported on this architecture"); + /* + * SAVE REGS + * SAVE RET + * POP RET + * loop: + * CALL instrument_afl_persistent_loop + * TEST EAX, EAX + * JZ end: + * call hook (optionally) + * RESTORE REGS + * call original + * jmp loop: + * + * end: + * JMP SAVED RET + * + * original: + * INSTRUMENTED PERSISTENT FUNC + */ + + GumArm64Writer *cw = output->writer.arm64; + + gconstpointer loop = cw->code + 1; + + /* Stack must be 16-byte aligned per ABI */ + instrument_persitent_save_regs(cw, &saved_regs); + + /* loop: */ + gum_arm64_writer_put_label(cw, loop); + + /* call instrument_prologue_func */ + instrument_afl_persistent_loop(cw); + + /* jz done */ + gconstpointer done = cw->code + 1; + gum_arm64_writer_put_cmp_reg_reg(cw, ARM64_REG_X0, ARM64_REG_XZR); + gum_arm64_writer_put_b_cond_label(cw, ARM64_CC_EQ, done); + + /* Optionally call the persistent hook */ + persistent_prologue_hook(cw, &saved_regs); + + instrument_persitent_restore_regs(cw, &saved_regs); + gconstpointer original = cw->code + 1; + /* call original */ + + gum_arm64_writer_put_bl_label(cw, original); + + /* jmp loop */ + gum_arm64_writer_put_b_label(cw, loop); + + /* done: */ + gum_arm64_writer_put_label(cw, done); + + instrument_exit(cw); + + /* original: */ + gum_arm64_writer_put_label(cw, original); + + instrument_persitent_save_lr(cw); + + if (persistent_debug) { gum_arm64_writer_put_brk_imm(cw, 0); } } void persistent_epilogue(GumStalkerOutput *output) { - UNUSED_PARAMETER(output); - FATAL("Persistent mode not supported on this architecture"); + GumArm64Writer *cw = output->writer.arm64; + + if (persistent_debug) { gum_arm64_writer_put_brk_imm(cw, 0); } + + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, + persistent_ret_offset); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, + GUM_ADDRESS(&saved_lr)); + + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X0, ARM64_REG_X0, 0); + + gum_arm64_writer_put_br_reg(cw, ARM64_REG_X0); } diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 4cb960fc..858ad38e 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -306,8 +306,6 @@ void persistent_prologue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_flush(cw); - } void persistent_epilogue(GumStalkerOutput *output) { diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index b30dfadf..0675edf4 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -246,8 +246,6 @@ void persistent_prologue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_flush(cw); - } void persistent_epilogue(GumStalkerOutput *output) { diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 662fb6d5..0d7b9fb0 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -96,7 +96,6 @@ void stats_init(void) { void stats_vprint(int fd, char *format, va_list ap) { char buffer[4096] = {0}; - int ret; int len; if (vsnprintf(buffer, sizeof(buffer) - 1, format, ap) < 0) { return; } diff --git a/frida_mode/src/stats/stats_arm.c b/frida_mode/src/stats/stats_arm32.c similarity index 100% rename from frida_mode/src/stats/stats_arm.c rename to frida_mode/src/stats/stats_arm32.c diff --git a/frida_mode/test/cmplog/GNUmakefile b/frida_mode/test/cmplog/GNUmakefile index 40de6a09..4c71bb33 100644 --- a/frida_mode/test/cmplog/GNUmakefile +++ b/frida_mode/test/cmplog/GNUmakefile @@ -13,7 +13,7 @@ CMP_LOG_INPUT:=$(TEST_DATA_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -.PHONY: all 32 clean qemu frida format +.PHONY: all 32 clean qemu frida frida-nocmplog format all: $(TEST_CMPLOG_OBJ) make -C $(ROOT)frida_mode/ @@ -55,6 +55,15 @@ frida: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) -- \ $(TEST_CMPLOG_OBJ) @@ +frida-nocmplog: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) + $(ROOT)afl-fuzz \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -Z \ + -- \ + $(TEST_CMPLOG_OBJ) @@ + debug: $(TEST_CMPLOG_OBJ) $(CMP_LOG_INPUT) gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ diff --git a/frida_mode/test/cmplog/Makefile b/frida_mode/test/cmplog/Makefile index 606b43a5..7ca9a9a5 100644 --- a/frida_mode/test/cmplog/Makefile +++ b/frida_mode/test/cmplog/Makefile @@ -15,6 +15,10 @@ qemu: frida: @gmake frida + +frida-nocmplog: + @gmake frida-nocmplog + format: @gmake format diff --git a/frida_mode/test/cmplog/cmplog.c b/frida_mode/test/cmplog/cmplog.c index 99010645..ce5cf20e 100644 --- a/frida_mode/test/cmplog/cmplog.c +++ b/frida_mode/test/cmplog/cmplog.c @@ -53,7 +53,7 @@ int main(int argc, char **argv) { } -#if defined(__x86_64__) +#if defined(__x86_64__) || defined(__aarch64__) uint64_t x = 0; fread(&x, sizeof(x), 1, file); if (x != 0xCAFEBABECAFEBABE) { diff --git a/frida_mode/test/fasan/GNUmakefile b/frida_mode/test/fasan/GNUmakefile index 08b271de..c971c724 100644 --- a/frida_mode/test/fasan/GNUmakefile +++ b/frida_mode/test/fasan/GNUmakefile @@ -46,7 +46,7 @@ ifeq "$(ARCH)" "x86_64" LIBASAN_FILE:=libclang_rt.asan-x86_64.so endif -ifeq "$(ARCH)" "aarch64" +ifeq "$(ARCH)" "arm64" LIBASAN_FILE:=libclang_rt.asan-aarch64.so endif @@ -110,7 +110,7 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) mkdir -p $@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR) - echo -n "TUODATM" > $@ + echo -n "XUODATM" > $@ frida-noasan: $(TEST_BIN) $(TEST_DATA_FILE) $(ROOT)afl-fuzz \ diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index df48d065..4c9d8a19 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -85,7 +85,7 @@ frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ -debug: $(TESTINSTR_DATA_FILE) +debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET)' \ @@ -96,7 +96,7 @@ debug: $(TESTINSTR_DATA_FILE) --ex 'set disassembly-flavor intel' \ --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -run: $(TESTINSTR_DATA_FILE) +run: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile index ca6f0ff2..5af64822 100644 --- a/frida_mode/test/png/persistent/GNUmakefile +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -5,6 +5,7 @@ BUILD_DIR:=$(PWD)build/ TEST_BIN:=$(PWD)../build/test TEST_DATA_DIR:=../build/libpng/libpng-1.2.56/contrib/pngsuite/ +AFLPP_DRIVER_DUMMY_INPUT:=$(BUILD_DIR)in QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out @@ -22,8 +23,7 @@ endif AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) -ARCH=$(shell uname -m) -ifeq "$(ARCH)" "aarch64" +ifeq "$(ARCH)" "arm64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000aaaaaaaaa000) endif @@ -46,6 +46,9 @@ all: $(BUILD_DIR): mkdir -p $@ +$(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) + truncate -s 1M $@ + qemu: | $(BUILD_DIR) AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_GPR=1 \ @@ -94,5 +97,12 @@ frida_entry: | $(BUILD_DIR) -- \ $(TEST_BIN) @@ +debug: $(AFLPP_DRIVER_DUMMY_INPUT) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/png/persistent/Makefile b/frida_mode/test/png/persistent/Makefile index cde0cf30..c2bd55f9 100644 --- a/frida_mode/test/png/persistent/Makefile +++ b/frida_mode/test/png/persistent/Makefile @@ -20,3 +20,6 @@ frida: frida_entry: @gmake frida_entry + +debug: + @gmake debug diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index 82f08fa4..b17f3775 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -34,7 +34,7 @@ endif AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) -ifeq "$(ARCH)" "aarch64" +ifeq "$(ARCH)" "arm64" AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) endif @@ -124,7 +124,7 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -debug: +debug: $(AFLPP_DRIVER_DUMMY_INPUT) echo $(AFL_FRIDA_PERSISTENT_ADDR) gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ diff --git a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c index 059d438d..1542c0bf 100644 --- a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c +++ b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c @@ -82,6 +82,102 @@ void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, *arg2 = (void *)input_buf_len; } +#elif defined(__aarch64__) + +struct arm64_regs { + + uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; + + union { + + uint64_t x11; + uint32_t fp_32; + + }; + + union { + + uint64_t x12; + uint32_t ip_32; + + }; + + union { + + uint64_t x13; + uint32_t sp_32; + + }; + + union { + + uint64_t x14; + uint32_t lr_32; + + }; + + union { + + uint64_t x15; + uint32_t pc_32; + + }; + + union { + + uint64_t x16; + uint64_t ip0; + + }; + + union { + + uint64_t x17; + uint64_t ip1; + + }; + + uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; + + union { + + uint64_t x29; + uint64_t fp; + + }; + + union { + + uint64_t x30; + uint64_t lr; + + }; + + union { + + uint64_t x31; + uint64_t sp; + + }; + + // the zero register is not saved here ofc + + uint64_t pc; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16 * 16]; + uint8_t vfp_pregs[17][32]; + uint32_t vfp_xregs[16]; + +}; + +void afl_persistent_hook(struct arm64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->x0, input_buf, input_buf_len); + regs->x1 = input_buf_len; +} #else #pragma error "Unsupported architecture" diff --git a/instrumentation/README.llvm.md b/instrumentation/README.llvm.md index 8ce5afb9..2d428e6d 100644 --- a/instrumentation/README.llvm.md +++ b/instrumentation/README.llvm.md @@ -6,7 +6,7 @@ ## 1) Introduction -! llvm_mode works with llvm versions 6.0 up to 12 ! +! llvm_mode works with llvm versions 3.8 up to 12 ! The code in this directory allows you to instrument programs for AFL using true compiler-level instrumentation, instead of the more crude diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 2089ce78..50117012 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -83,14 +83,15 @@ extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); #endif // HAIKU -u8 __afl_area_initial[MAP_INITIAL_SIZE]; -u8 * __afl_area_ptr_dummy = __afl_area_initial; -u8 * __afl_area_ptr = __afl_area_initial; -u8 * __afl_area_ptr_backup = __afl_area_initial; -u8 * __afl_dictionary; -u8 * __afl_fuzz_ptr; -u32 __afl_fuzz_len_dummy; -u32 *__afl_fuzz_len = &__afl_fuzz_len_dummy; +static u8 __afl_area_initial[MAP_INITIAL_SIZE]; +static u8 *__afl_area_ptr_dummy = __afl_area_initial; +static u8 *__afl_area_ptr_backup = __afl_area_initial; + +u8 * __afl_area_ptr = __afl_area_initial; +u8 * __afl_dictionary; +u8 * __afl_fuzz_ptr; +static u32 __afl_fuzz_len_dummy; +u32 * __afl_fuzz_len = &__afl_fuzz_len_dummy; u32 __afl_final_loc; u32 __afl_map_size = MAP_SIZE; @@ -98,9 +99,9 @@ u32 __afl_dictionary_len; u64 __afl_map_addr; // for the __AFL_COVERAGE_ON/__AFL_COVERAGE_OFF features to work: -int __afl_selective_coverage __attribute__((weak)); -int __afl_selective_coverage_start_off __attribute__((weak)); -int __afl_selective_coverage_temp = 1; +int __afl_selective_coverage __attribute__((weak)); +int __afl_selective_coverage_start_off __attribute__((weak)); +static int __afl_selective_coverage_temp = 1; #if defined(__ANDROID__) || defined(__HAIKU__) PREV_LOC_T __afl_prev_loc[NGRAM_SIZE_MAX]; @@ -147,7 +148,7 @@ static int __afl_dummy_fd[2] = {2, 2}; /* ensure we kill the child on termination */ -void at_exit(int signal) { +static void at_exit(int signal) { if (child_pid > 0) { kill(child_pid, SIGKILL); } @@ -179,7 +180,7 @@ void __afl_trace(const u32 x) { /* Error reporting to forkserver controller */ -void send_forkserver_error(int error) { +static void send_forkserver_error(int error) { u32 status; if (!error || error > 0xffff) return; @@ -629,6 +630,32 @@ static void __afl_unmap_shm(void) { } +#define write_error(text) write_error_with_location(text, __FILE__, __LINE__) + +void write_error_with_location(char *text, char* filename, int linenumber) { + + u8 * o = getenv("__AFL_OUT_DIR"); + char *e = strerror(errno); + + if (o) { + + char buf[4096]; + snprintf(buf, sizeof(buf), "%s/error.txt", o); + FILE *f = fopen(buf, "a"); + + if (f) { + + fprintf(f, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); + fclose(f); + + } + + } + + fprintf(stderr, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); + +} + #ifdef __linux__ static void __afl_start_snapshots(void) { @@ -655,7 +682,12 @@ static void __afl_start_snapshots(void) { if (__afl_sharedmem_fuzzing || (__afl_dictionary_len && __afl_dictionary)) { - if (read(FORKSRV_FD, &was_killed, 4) != 4) { _exit(1); } + if (read(FORKSRV_FD, &was_killed, 4) != 4) { + + write_error("read to afl-fuzz"); + _exit(1); + + } if (__afl_debug) { @@ -724,7 +756,12 @@ static void __afl_start_snapshots(void) { } else { /* Wait for parent by reading from the pipe. Abort if read fails. */ - if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (read(FORKSRV_FD, &was_killed, 4) != 4) { + + write_error("reading from afl-fuzz"); + _exit(1); + + } } @@ -761,7 +798,12 @@ static void __afl_start_snapshots(void) { if (child_stopped && was_killed) { child_stopped = 0; - if (waitpid(child_pid, &status, 0) < 0) _exit(1); + if (waitpid(child_pid, &status, 0) < 0) { + + write_error("child_stopped && was_killed"); + _exit(1); // TODO why exit? + + } } @@ -770,7 +812,12 @@ static void __afl_start_snapshots(void) { /* Once woken up, create a clone of our process. */ child_pid = fork(); - if (child_pid < 0) _exit(1); + if (child_pid < 0) { + + write_error("fork"); + _exit(1); + + } /* In child process: close fds, resume execution. */ @@ -810,9 +857,19 @@ static void __afl_start_snapshots(void) { /* In parent process: write PID to pipe, then wait for child. */ - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) { - if (waitpid(child_pid, &status, WUNTRACED) < 0) _exit(1); + write_error("write to afl-fuzz"); + _exit(1); + + } + + if (waitpid(child_pid, &status, WUNTRACED) < 0) { + + write_error("waitpid"); + _exit(1); + + } /* In persistent mode, the child stops itself with SIGSTOP to indicate a successful run. In this case, we want to wake it up without forking @@ -822,7 +879,12 @@ static void __afl_start_snapshots(void) { /* Relay wait status to pipe, then loop back. */ - if (write(FORKSRV_FD + 1, &status, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &status, 4) != 4) { + + write_error("writing to afl-fuzz"); + _exit(1); + + } } @@ -955,7 +1017,12 @@ static void __afl_start_forkserver(void) { } else { - if (read(FORKSRV_FD, &was_killed, 4) != 4) _exit(1); + if (read(FORKSRV_FD, &was_killed, 4) != 4) { + + write_error("read from afl-fuzz"); + _exit(1); + + } } @@ -992,7 +1059,12 @@ static void __afl_start_forkserver(void) { if (child_stopped && was_killed) { child_stopped = 0; - if (waitpid(child_pid, &status, 0) < 0) _exit(1); + if (waitpid(child_pid, &status, 0) < 0) { + + write_error("child_stopped && was_killed"); + _exit(1); + + } } @@ -1001,7 +1073,12 @@ static void __afl_start_forkserver(void) { /* Once woken up, create a clone of our process. */ child_pid = fork(); - if (child_pid < 0) _exit(1); + if (child_pid < 0) { + + write_error("fork"); + _exit(1); + + } /* In child process: close fds, resume execution. */ @@ -1030,11 +1107,20 @@ static void __afl_start_forkserver(void) { /* In parent process: write PID to pipe, then wait for child. */ - if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &child_pid, 4) != 4) { - if (waitpid(child_pid, &status, is_persistent ? WUNTRACED : 0) < 0) + write_error("write to afl-fuzz"); _exit(1); + } + + if (waitpid(child_pid, &status, is_persistent ? WUNTRACED : 0) < 0) { + + write_error("waitpid"); + _exit(1); + + } + /* In persistent mode, the child stops itself with SIGSTOP to indicate a successful run. In this case, we want to wake it up without forking again. */ @@ -1043,7 +1129,12 @@ static void __afl_start_forkserver(void) { /* Relay wait status to pipe, then loop back. */ - if (write(FORKSRV_FD + 1, &status, 4) != 4) _exit(1); + if (write(FORKSRV_FD + 1, &status, 4) != 4) { + + write_error("writing to afl-fuzz"); + _exit(1); + + } } @@ -1668,7 +1759,7 @@ void __sanitizer_cov_trace_cmp4(uint32_t arg1, uint32_t arg2) { } -void __sanitizer_cov_trace_cost_cmp4(uint32_t arg1, uint32_t arg2) { +void __sanitizer_cov_trace_const_cmp4(uint32_t arg1, uint32_t arg2) { __cmplog_ins_hook4(arg1, arg2, 0); @@ -1990,3 +2081,4 @@ void __afl_coverage_interesting(u8 val, u32 id) { } +#undef write_error diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 6fe34ccd..94b77f7d 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -676,7 +676,7 @@ bool AFLCoverage::runOnModule(Module &M) { todo.push_back(MapPtrIdx); } else { - + */ IRB.CreateAtomicRMW(llvm::AtomicRMWInst::BinOp::Add, MapPtrIdx, One, #if LLVM_VERSION_MAJOR >= 13 diff --git a/src/afl-analyze.c b/src/afl-analyze.c index aabdbf1a..606254d9 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -55,12 +55,7 @@ #include #include -static s32 child_pid; /* PID of the tested program */ - -static u8 *trace_bits; /* SHM with instrumentation bitmap */ - -static u8 *in_file, /* Analyzer input test case */ - *prog_in; /* Targeted program input file */ +static u8 *in_file; /* Analyzer input test case */ static u8 *in_data; /* Input data for analysis */ @@ -73,20 +68,19 @@ static u64 orig_cksum; /* Original checksum */ static u64 mem_limit = MEM_LIMIT; /* Memory limit (MB) */ -static s32 dev_null_fd = -1; /* FD to /dev/null */ - static bool edges_only, /* Ignore hit counts? */ use_hex_offsets, /* Show hex offsets? */ use_stdin = true; /* Use stdin for program input? */ -static volatile u8 stop_soon, /* Ctrl-C pressed? */ - child_timed_out; /* Child timed out? */ +static volatile u8 stop_soon; /* Ctrl-C pressed? */ static u8 *target_path; static u8 frida_mode; static u8 qemu_mode; static u32 map_size = MAP_SIZE; +static afl_forkserver_t fsrv = {0}; /* The forkserver */ + /* Constants used for describing byte behavior. */ #define RESP_NONE 0x00 /* Changing byte is a no-op. */ @@ -156,7 +150,7 @@ static void classify_counts(u8 *mem) { static inline u8 anything_set(void) { - u32 *ptr = (u32 *)trace_bits; + u32 *ptr = (u32 *)fsrv.trace_bits; u32 i = (map_size >> 2); while (i--) { @@ -173,7 +167,7 @@ static inline u8 anything_set(void) { static void at_exit_handler(void) { - unlink(prog_in); /* Ignore errors */ + unlink(fsrv.out_file); /* Ignore errors */ } @@ -205,116 +199,29 @@ static void read_initial_file(void) { } -/* Write output file. */ - -static s32 write_to_file(u8 *path, u8 *mem, u32 len) { - - s32 ret; - - unlink(path); /* Ignore errors */ - - ret = open(path, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); - - if (ret < 0) { PFATAL("Unable to create '%s'", path); } - - ck_write(ret, mem, len, path); - - lseek(ret, 0, SEEK_SET); - - return ret; - -} - /* Execute target application. Returns exec checksum, or 0 if program times out. */ -static u32 analyze_run_target(char **argv, u8 *mem, u32 len, u8 first_run) { +static u32 analyze_run_target(u8 *mem, u32 len, u8 first_run) { - static struct itimerval it; - int status = 0; + afl_fsrv_write_to_testcase(&fsrv, mem, len); + fsrv_run_result_t ret = afl_fsrv_run_target(&fsrv, exec_tmout, &stop_soon); - s32 prog_in_fd; - u64 cksum; + if (ret == FSRV_RUN_ERROR) { - memset(trace_bits, 0, map_size); - MEM_BARRIER(); + FATAL("Error in forkserver"); - prog_in_fd = write_to_file(prog_in, mem, len); + } else if (ret == FSRV_RUN_NOINST) { - child_pid = fork(); + FATAL("Target not instrumented"); - if (child_pid < 0) { PFATAL("fork() failed"); } + } else if (ret == FSRV_RUN_NOBITS) { - if (!child_pid) { - - struct rlimit r; - - if (dup2(use_stdin ? prog_in_fd : dev_null_fd, 0) < 0 || - dup2(dev_null_fd, 1) < 0 || dup2(dev_null_fd, 2) < 0) { - - *(u32 *)trace_bits = EXEC_FAIL_SIG; - PFATAL("dup2() failed"); - - } - - close(dev_null_fd); - close(prog_in_fd); - - if (mem_limit) { - - r.rlim_max = r.rlim_cur = ((rlim_t)mem_limit) << 20; - -#ifdef RLIMIT_AS - - setrlimit(RLIMIT_AS, &r); /* Ignore errors */ - -#else - - setrlimit(RLIMIT_DATA, &r); /* Ignore errors */ - -#endif /* ^RLIMIT_AS */ - - } - - r.rlim_max = r.rlim_cur = 0; - setrlimit(RLIMIT_CORE, &r); /* Ignore errors */ - - execv(target_path, argv); - - *(u32 *)trace_bits = EXEC_FAIL_SIG; - exit(0); + FATAL("Failed to run target"); } - close(prog_in_fd); - - /* Configure timeout, wait for child, cancel timeout. */ - - child_timed_out = 0; - it.it_value.tv_sec = (exec_tmout / 1000); - it.it_value.tv_usec = (exec_tmout % 1000) * 1000; - - setitimer(ITIMER_REAL, &it, NULL); - - if (waitpid(child_pid, &status, 0) <= 0) { FATAL("waitpid() failed"); } - - child_pid = 0; - it.it_value.tv_sec = 0; - it.it_value.tv_usec = 0; - - setitimer(ITIMER_REAL, &it, NULL); - - MEM_BARRIER(); - - /* Clean up bitmap, analyze exit condition, etc. */ - - if (*(u32 *)trace_bits == EXEC_FAIL_SIG) { - - FATAL("Unable to execute '%s'", argv[0]); - - } - - classify_counts(trace_bits); + classify_counts(fsrv.trace_bits); total_execs++; if (stop_soon) { @@ -326,21 +233,19 @@ static u32 analyze_run_target(char **argv, u8 *mem, u32 len, u8 first_run) { /* Always discard inputs that time out. */ - if (child_timed_out) { + if (fsrv.last_run_timed_out) { exec_hangs++; return 0; } - cksum = hash64(trace_bits, map_size, HASH_CONST); + u64 cksum = hash64(fsrv.trace_bits, fsrv.map_size, HASH_CONST); - /* We don't actually care if the target is crashing or not, - except that when it does, the checksum should be different. */ + if (ret == FSRV_RUN_CRASH) { - if (WIFSIGNALED(status) || - (WIFEXITED(status) && WEXITSTATUS(status) == MSAN_ERROR) || - (WIFEXITED(status) && WEXITSTATUS(status))) { + /* We don't actually care if the target is crashing or not, + except that when it does, the checksum should be different. */ cksum ^= 0xffffffff; @@ -604,7 +509,7 @@ static void dump_hex(u32 len, u8 *b_data) { /* Actually analyze! */ -static void analyze(char **argv) { +static void analyze() { u32 i; u32 boring_len = 0, prev_xff = 0, prev_x01 = 0, prev_s10 = 0, prev_a10 = 0; @@ -630,16 +535,16 @@ static void analyze(char **argv) { code. */ in_data[i] ^= 0xff; - xor_ff = analyze_run_target(argv, in_data, in_len, 0); + xor_ff = analyze_run_target(in_data, in_len, 0); in_data[i] ^= 0xfe; - xor_01 = analyze_run_target(argv, in_data, in_len, 0); + xor_01 = analyze_run_target(in_data, in_len, 0); in_data[i] = (in_data[i] ^ 0x01) - 0x10; - sub_10 = analyze_run_target(argv, in_data, in_len, 0); + sub_10 = analyze_run_target(in_data, in_len, 0); in_data[i] += 0x20; - add_10 = analyze_run_target(argv, in_data, in_len, 0); + add_10 = analyze_run_target(in_data, in_len, 0); in_data[i] -= 0x10; /* Classify current behavior. */ @@ -712,7 +617,7 @@ static void handle_stop_sig(int sig) { (void)sig; stop_soon = 1; - if (child_pid > 0) { kill(child_pid, SIGKILL); } + afl_fsrv_killall(); } @@ -724,10 +629,10 @@ static void set_up_environment(char **argv) { char *afl_preload; char *frida_afl_preload = NULL; - dev_null_fd = open("/dev/null", O_RDWR); - if (dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } + fsrv.dev_null_fd = open("/dev/null", O_RDWR); + if (fsrv.dev_null_fd < 0) { PFATAL("Unable to open /dev/null"); } - if (!prog_in) { + if (!fsrv.out_file) { u8 *use_dir = "."; @@ -738,10 +643,15 @@ static void set_up_environment(char **argv) { } - prog_in = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); + fsrv.out_file = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); } + unlink(fsrv.out_file); + fsrv.out_fd = open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + + if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); } + /* Set sane defaults... */ x = get_afl_env("ASAN_OPTIONS"); @@ -965,6 +875,8 @@ int main(int argc, char **argv_orig, char **envp) { SAYF(cCYA "afl-analyze" VERSION cRST " by Michal Zalewski\n"); + afl_fsrv_init(&fsrv); + while ((opt = getopt(argc, argv, "+i:f:m:t:eOQUWh")) > 0) { switch (opt) { @@ -977,9 +889,9 @@ int main(int argc, char **argv_orig, char **envp) { case 'f': - if (prog_in) { FATAL("Multiple -f options not supported"); } - use_stdin = 0; - prog_in = optarg; + if (fsrv.out_file) { FATAL("Multiple -f options not supported"); } + fsrv.use_stdin = 0; + fsrv.out_file = ck_strdup(optarg); break; case 'e': @@ -1000,6 +912,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!strcmp(optarg, "none")) { mem_limit = 0; + fsrv.mem_limit = 0; break; } @@ -1038,6 +951,8 @@ int main(int argc, char **argv_orig, char **envp) { } + fsrv.mem_limit = mem_limit; + } break; @@ -1057,6 +972,8 @@ int main(int argc, char **argv_orig, char **envp) { } + fsrv.exec_tmout = exec_tmout; + break; case 'O': /* FRIDA mode */ @@ -1064,6 +981,7 @@ int main(int argc, char **argv_orig, char **envp) { if (frida_mode) { FATAL("Multiple -O options not supported"); } frida_mode = 1; + fsrv.frida_mode = frida_mode; break; @@ -1073,6 +991,8 @@ int main(int argc, char **argv_orig, char **envp) { if (!mem_limit_given) { mem_limit = MEM_LIMIT_QEMU; } qemu_mode = 1; + fsrv.mem_limit = mem_limit; + fsrv.qemu_mode = qemu_mode; break; case 'U': @@ -1081,6 +1001,7 @@ int main(int argc, char **argv_orig, char **envp) { if (!mem_limit_given) { mem_limit = MEM_LIMIT_UNICORN; } unicorn_mode = 1; + fsrv.mem_limit = mem_limit; break; case 'W': /* Wine+QEMU mode */ @@ -1090,6 +1011,8 @@ int main(int argc, char **argv_orig, char **envp) { use_wine = 1; if (!mem_limit_given) { mem_limit = 0; } + fsrv.qemu_mode = qemu_mode; + fsrv.mem_limit = mem_limit; break; @@ -1108,6 +1031,7 @@ int main(int argc, char **argv_orig, char **envp) { if (optind == argc || !in_file) { usage(argv[0]); } map_size = get_map_size(); + fsrv.map_size = map_size; use_hex_offsets = !!get_afl_env("AFL_ANALYZE_HEX"); @@ -1117,14 +1041,15 @@ int main(int argc, char **argv_orig, char **envp) { /* initialize cmplog_mode */ shm.cmplog_mode = 0; - trace_bits = afl_shm_init(&shm, map_size, 0); + atexit(at_exit_handler); setup_signal_handlers(); set_up_environment(argv); - target_path = find_binary(argv[optind]); - detect_file_args(argv + optind, prog_in, &use_stdin); + fsrv.target_path = find_binary(argv[optind]); + fsrv.trace_bits = afl_shm_init(&shm, map_size, 0); + detect_file_args(argv + optind, fsrv.out_file, &use_stdin); if (qemu_mode) { @@ -1148,14 +1073,31 @@ int main(int argc, char **argv_orig, char **envp) { SAYF("\n"); + if (getenv("AFL_FORKSRV_INIT_TMOUT")) { + + s32 forksrv_init_tmout = atoi(getenv("AFL_FORKSRV_INIT_TMOUT")); + if (forksrv_init_tmout < 1) { + + FATAL("Bad value specified for AFL_FORKSRV_INIT_TMOUT"); + + } + + fsrv.init_tmout = (u32)forksrv_init_tmout; + + } + + fsrv.kill_signal = + parse_afl_kill_signal_env(getenv("AFL_KILL_SIGNAL"), SIGKILL); + read_initial_file(); ACTF("Performing dry run (mem limit = %llu MB, timeout = %u ms%s)...", mem_limit, exec_tmout, edges_only ? ", edges only" : ""); - analyze_run_target(use_argv, in_data, in_len, 1); + afl_fsrv_start(&fsrv, use_argv, &stop_soon, false); + analyze_run_target(in_data, in_len, 1); - if (child_timed_out) { + if (fsrv.last_run_timed_out) { FATAL("Target binary times out (adjusting -t may help)."); @@ -1167,13 +1109,15 @@ int main(int argc, char **argv_orig, char **envp) { } - analyze(use_argv); + analyze(); OKF("We're done here. Have a nice day!\n"); - if (target_path) { ck_free(target_path); } - afl_shm_deinit(&shm); + afl_fsrv_deinit(&fsrv); + if (fsrv.target_path) { ck_free(fsrv.target_path); } + if (in_data) { ck_free(in_data); } + exit(0); diff --git a/src/afl-cc.c b/src/afl-cc.c index 486f7468..980e5d86 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -315,7 +315,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { u8 fortify_set = 0, asan_set = 0, x_set = 0, bit_mode = 0, shared_linking = 0, preprocessor_only = 0, have_unroll = 0, have_o = 0, have_pic = 0, - have_c = 0; + have_c = 0, partial_linking = 0; cc_params = ck_alloc((argc + 128) * sizeof(u8 *)); @@ -767,6 +767,8 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strcmp(cur, "-x")) x_set = 1; if (!strcmp(cur, "-E")) preprocessor_only = 1; if (!strcmp(cur, "-shared")) shared_linking = 1; + if (!strcmp(cur, "-Wl,-r")) partial_linking = 1; + if (!strcmp(cur, "-Wl,-i")) partial_linking = 1; if (!strcmp(cur, "-c")) have_c = 1; if (!strncmp(cur, "-O", 2)) have_o = 1; @@ -996,7 +998,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { switch (bit_mode) { case 0: - if (!shared_linking) + if (!shared_linking && !partial_linking) cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt.o", obj_path); if (lto_mode) @@ -1005,7 +1007,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { break; case 32: - if (!shared_linking) { + if (!shared_linking && !partial_linking) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt-32.o", obj_path); @@ -1026,7 +1028,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { break; case 64: - if (!shared_linking) { + if (!shared_linking && !partial_linking) { cc_params[cc_par_cnt++] = alloc_printf("%s/afl-compiler-rt-64.o", obj_path); @@ -1049,7 +1051,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { } #if !defined(__APPLE__) && !defined(__sun) - if (!shared_linking) + if (!shared_linking && !partial_linking) cc_params[cc_par_cnt++] = alloc_printf("-Wl,--dynamic-list=%s/dynamic_list.txt", obj_path); #endif diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 88b5bc02..872e3a32 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -480,13 +480,22 @@ void read_foreign_testcases(afl_state_t *afl, int first) { for (iter = 0; iter < afl->foreign_sync_cnt; iter++) { - if (afl->foreign_syncs[iter].dir != NULL && - afl->foreign_syncs[iter].dir[0] != 0) { + if (afl->foreign_syncs[iter].dir && afl->foreign_syncs[iter].dir[0]) { if (first) ACTF("Scanning '%s'...", afl->foreign_syncs[iter].dir); time_t mtime_max = 0; - u8 * name = strrchr(afl->foreign_syncs[iter].dir, '/'); - if (!name) { name = afl->foreign_syncs[iter].dir; } + + u8 *name = strrchr(afl->foreign_syncs[iter].dir, '/'); + if (!name) { + + name = afl->foreign_syncs[iter].dir; + + } else { + + ++name; + + } + if (!strcmp(name, "queue") || !strcmp(name, "out") || !strcmp(name, "default")) { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 4884b942..9648d795 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -766,9 +766,9 @@ void show_stats(afl_state_t *afl) { " uniq hangs : " cRST "%-6s" bSTG bV "\n", time_tmp, tmp); - SAYF(bVR bH bSTOP cCYA - " cycle progress " bSTG bH10 bH5 bH2 bH2 bHB bH bSTOP cCYA - " map coverage " bSTG bH bHT bH20 bH2 bVL "\n"); + SAYF(bVR bH bSTOP cCYA + " cycle progress " bSTG bH10 bH5 bH2 bH2 bH2 bHB bH bSTOP cCYA + " map coverage" bSTG bHT bH20 bH2 bVL "\n"); /* This gets funny because we want to print several variable-length variables together, but then cram them into a fixed-width field - so we need to @@ -778,13 +778,13 @@ void show_stats(afl_state_t *afl) { afl->queue_cur->favored ? "." : "*", afl->queue_cur->fuzz_level, ((double)afl->current_entry * 100) / afl->queued_paths); - SAYF(bV bSTOP " now processing : " cRST "%-16s " bSTG bV bSTOP, tmp); + SAYF(bV bSTOP " now processing : " cRST "%-18s " bSTG bV bSTOP, tmp); sprintf(tmp, "%0.02f%% / %0.02f%%", ((double)afl->queue_cur->bitmap_size) * 100 / afl->fsrv.map_size, t_byte_ratio); - SAYF(" map density : %s%-21s" bSTG bV "\n", + SAYF(" map density : %s%-19s" bSTG bV "\n", t_byte_ratio > 70 ? cLRD : ((t_bytes < 200 && !afl->non_instrumented_mode) ? cPIN : cRST), @@ -793,23 +793,23 @@ void show_stats(afl_state_t *afl) { sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->cur_skipped_paths), ((double)afl->cur_skipped_paths * 100) / afl->queued_paths); - SAYF(bV bSTOP " paths timed out : " cRST "%-16s " bSTG bV, tmp); + SAYF(bV bSTOP " paths timed out : " cRST "%-18s " bSTG bV, tmp); sprintf(tmp, "%0.02f bits/tuple", t_bytes ? (((double)t_bits) / t_bytes) : 0); - SAYF(bSTOP " count coverage : " cRST "%-21s" bSTG bV "\n", tmp); + SAYF(bSTOP " count coverage : " cRST "%-19s" bSTG bV "\n", tmp); - SAYF(bVR bH bSTOP cCYA - " stage progress " bSTG bH10 bH5 bH2 bH2 bX bH bSTOP cCYA - " findings in depth " bSTG bH10 bH5 bH2 bH2 bVL "\n"); + SAYF(bVR bH bSTOP cCYA + " stage progress " bSTG bH10 bH5 bH2 bH2 bH2 bX bH bSTOP cCYA + " findings in depth " bSTG bH10 bH5 bH2 bVL "\n"); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_favored), ((double)afl->queued_favored) * 100 / afl->queued_paths); /* Yeah... it's still going on... halp? */ - SAYF(bV bSTOP " now trying : " cRST "%-20s " bSTG bV bSTOP - " favored paths : " cRST "%-22s" bSTG bV "\n", + SAYF(bV bSTOP " now trying : " cRST "%-22s " bSTG bV bSTOP + " favored paths : " cRST "%-20s" bSTG bV "\n", afl->stage_name, tmp); if (!afl->stage_max) { @@ -824,12 +824,12 @@ void show_stats(afl_state_t *afl) { } - SAYF(bV bSTOP " stage execs : " cRST "%-21s" bSTG bV bSTOP, tmp); + SAYF(bV bSTOP " stage execs : " cRST "%-23s" bSTG bV bSTOP, tmp); sprintf(tmp, "%s (%0.02f%%)", u_stringify_int(IB(0), afl->queued_with_cov), ((double)afl->queued_with_cov) * 100 / afl->queued_paths); - SAYF(" new edges on : " cRST "%-22s" bSTG bV "\n", tmp); + SAYF(" new edges on : " cRST "%-20s" bSTG bV "\n", tmp); sprintf(tmp, "%s (%s%s unique)", u_stringify_int(IB(0), afl->total_crashes), u_stringify_int(IB(1), afl->unique_crashes), @@ -837,14 +837,14 @@ void show_stats(afl_state_t *afl) { if (afl->crash_mode) { - SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP - " new crashes : %s%-22s" bSTG bV "\n", + SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP + " new crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } else { - SAYF(bV bSTOP " total execs : " cRST "%-20s " bSTG bV bSTOP - " total crashes : %s%-22s" bSTG bV "\n", + SAYF(bV bSTOP " total execs : " cRST "%-22s " bSTG bV bSTOP + " total crashes : %s%-20s" bSTG bV "\n", u_stringify_int(IB(0), afl->fsrv.total_execs), crash_color, tmp); } @@ -856,12 +856,12 @@ void show_stats(afl_state_t *afl) { sprintf(tmp, "%s/sec (%s)", u_stringify_float(IB(0), afl->stats_avg_exec), afl->stats_avg_exec < 20 ? "zzzz..." : "slow!"); - SAYF(bV bSTOP " exec speed : " cLRD "%-20s ", tmp); + SAYF(bV bSTOP " exec speed : " cLRD "%-22s ", tmp); } else { sprintf(tmp, "%s/sec", u_stringify_float(IB(0), afl->stats_avg_exec)); - SAYF(bV bSTOP " exec speed : " cRST "%-20s ", tmp); + SAYF(bV bSTOP " exec speed : " cRST "%-22s ", tmp); } @@ -869,13 +869,12 @@ void show_stats(afl_state_t *afl) { u_stringify_int(IB(1), afl->unique_tmouts), (afl->unique_hangs >= KEEP_UNIQUE_HANG) ? "+" : ""); - SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-22s" bSTG bV "\n", tmp); + SAYF(bSTG bV bSTOP " total tmouts : " cRST "%-20s" bSTG bV "\n", tmp); /* Aaaalmost there... hold on! */ - SAYF(bVR bH cCYA bSTOP - " fuzzing strategy yields " bSTG bH10 bHT bH10 bH5 bHB bH bSTOP cCYA - " path geometry " bSTG bH5 bH2 bVL "\n"); + SAYF(bVR bH cCYA bSTOP " fuzzing strategy yields " bSTG bH10 bH2 bHT bH10 bH2 + bH bHB bH bSTOP cCYA " path geometry " bSTG bH5 bH2 bVL "\n"); if (unlikely(afl->custom_only)) { @@ -1017,9 +1016,10 @@ void show_stats(afl_state_t *afl) { if (unlikely(afl->afl_env.afl_custom_mutator_library)) { strcat(tmp, " "); - strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_PYTHON])); + strcat(tmp, u_stringify_int(IB(2), afl->stage_finds[STAGE_CUSTOM_MUTATOR])); strcat(tmp, "/"); - strcat(tmp, u_stringify_int(IB(3), afl->stage_cycles[STAGE_PYTHON])); + strcat(tmp, + u_stringify_int(IB(3), afl->stage_cycles[STAGE_CUSTOM_MUTATOR])); strcat(tmp, ","); } else { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 196547f4..9a3780fb 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -575,7 +575,6 @@ int main(int argc, char **argv_orig, char **envp) { } afl->sync_id = ck_strdup(optarg); - afl->skip_deterministic = 0; // force deterministic fuzzing afl->old_seed_selection = 1; // force old queue walking seed selection afl->disable_trim = 1; // disable trimming @@ -1206,6 +1205,8 @@ int main(int argc, char **argv_orig, char **envp) { } + setenv("__AFL_OUT_DIR", afl->out_dir, 1); + if (get_afl_env("AFL_DISABLE_TRIM")) { afl->disable_trim = 1; } if (getenv("AFL_NO_UI") && getenv("AFL_FORCE_UI")) { diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 1152cc4e..7cdc83cb 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -4,14 +4,6 @@ $ECHO "$BLUE[*] Testing: llvm_mode, afl-showmap, afl-fuzz, afl-cmin and afl-tmin" test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { - # on FreeBSD need to set AFL_CC - test `uname -s` = 'FreeBSD' && { - if type clang >/dev/null; then - export AFL_CC=`command -v clang` - else - export AFL_CC=`$LLVM_CONFIG --bindir`/clang - fi - } ../afl-clang-fast -o test-instr.plain ../test-instr.c > /dev/null 2>&1 AFL_HARDEN=1 ../afl-clang-fast -o test-compcov.harden test-compcov.c > /dev/null 2>&1 test -e test-instr.plain && { From d57f0e3a1ceece9e69f091bb8511002e254f165b Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Tue, 8 Jun 2021 21:41:01 +0200 Subject: [PATCH 330/441] remove warning regarding core_pattern (was wrong/unnecessary anyway) --- test/test-basic.sh | 10 ---------- test/test-gcc-plugin.sh | 4 ---- test/test-llvm.sh | 4 ---- 3 files changed, 18 deletions(-) diff --git a/test/test-basic.sh b/test/test-basic.sh index b4bb9df2..c39faa74 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -56,11 +56,6 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc CODE=1 } # now we want to be sure that afl-fuzz is working - # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" @@ -176,11 +171,6 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc CODE=1 } # now we want to be sure that afl-fuzz is working - # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" diff --git a/test/test-gcc-plugin.sh b/test/test-gcc-plugin.sh index 4c36b6c9..50d83e40 100755 --- a/test/test-gcc-plugin.sh +++ b/test/test-gcc-plugin.sh @@ -52,10 +52,6 @@ test -e ../afl-gcc-fast -a -e ../afl-compiler-rt.o && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 7cdc83cb..f902ffc5 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -122,10 +122,6 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" From 3b9f4441e58f542213bc42d885bfe5b7a90366dd Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 9 Jun 2021 08:13:22 +0200 Subject: [PATCH 331/441] avoid code duplication, symlink header file --- .../radamsa/custom_mutator_helpers.h | 343 +----------------- 1 file changed, 1 insertion(+), 342 deletions(-) mode change 100644 => 120000 custom_mutators/radamsa/custom_mutator_helpers.h diff --git a/custom_mutators/radamsa/custom_mutator_helpers.h b/custom_mutators/radamsa/custom_mutator_helpers.h deleted file mode 100644 index e23c0b6a..00000000 --- a/custom_mutators/radamsa/custom_mutator_helpers.h +++ /dev/null @@ -1,342 +0,0 @@ -#ifndef CUSTOM_MUTATOR_HELPERS -#define CUSTOM_MUTATOR_HELPERS - -#include "config.h" -#include "types.h" -#include - -#define INITIAL_GROWTH_SIZE (64) - -#define RAND_BELOW(limit) (rand() % (limit)) - -/* Use in a struct: creates a name_buf and a name_size variable. */ -#define BUF_VAR(type, name) \ - type * name##_buf; \ - size_t name##_size; -/* this filles in `&structptr->something_buf, &structptr->something_size`. */ -#define BUF_PARAMS(struct, name) \ - (void **)&struct->name##_buf, &struct->name##_size - -typedef struct { - -} afl_t; - -static void surgical_havoc_mutate(u8 *out_buf, s32 begin, s32 end) { - - static s8 interesting_8[] = {INTERESTING_8}; - static s16 interesting_16[] = {INTERESTING_8, INTERESTING_16}; - static s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32}; - - switch (RAND_BELOW(12)) { - - case 0: { - - /* Flip a single bit somewhere. Spooky! */ - - s32 bit_idx = ((RAND_BELOW(end - begin) + begin) << 3) + RAND_BELOW(8); - - out_buf[bit_idx >> 3] ^= 128 >> (bit_idx & 7); - - break; - - } - - case 1: { - - /* Set byte to interesting value. */ - - u8 val = interesting_8[RAND_BELOW(sizeof(interesting_8))]; - out_buf[(RAND_BELOW(end - begin) + begin)] = val; - - break; - - } - - case 2: { - - /* Set word to interesting value, randomly choosing endian. */ - - if (end - begin < 2) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 1) break; - - switch (RAND_BELOW(2)) { - - case 0: - *(u16 *)(out_buf + byte_idx) = - interesting_16[RAND_BELOW(sizeof(interesting_16) >> 1)]; - break; - case 1: - *(u16 *)(out_buf + byte_idx) = - SWAP16(interesting_16[RAND_BELOW(sizeof(interesting_16) >> 1)]); - break; - - } - - break; - - } - - case 3: { - - /* Set dword to interesting value, randomly choosing endian. */ - - if (end - begin < 4) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 3) break; - - switch (RAND_BELOW(2)) { - - case 0: - *(u32 *)(out_buf + byte_idx) = - interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]; - break; - case 1: - *(u32 *)(out_buf + byte_idx) = - SWAP32(interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]); - break; - - } - - break; - - } - - case 4: { - - /* Set qword to interesting value, randomly choosing endian. */ - - if (end - begin < 8) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 7) break; - - switch (RAND_BELOW(2)) { - - case 0: - *(u64 *)(out_buf + byte_idx) = - (s64)interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]; - break; - case 1: - *(u64 *)(out_buf + byte_idx) = SWAP64( - (s64)interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]); - break; - - } - - break; - - } - - case 5: { - - /* Randomly subtract from byte. */ - - out_buf[(RAND_BELOW(end - begin) + begin)] -= 1 + RAND_BELOW(ARITH_MAX); - - break; - - } - - case 6: { - - /* Randomly add to byte. */ - - out_buf[(RAND_BELOW(end - begin) + begin)] += 1 + RAND_BELOW(ARITH_MAX); - - break; - - } - - case 7: { - - /* Randomly subtract from word, random endian. */ - - if (end - begin < 2) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 1) break; - - if (RAND_BELOW(2)) { - - *(u16 *)(out_buf + byte_idx) -= 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u16 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u16 *)(out_buf + byte_idx) = - SWAP16(SWAP16(*(u16 *)(out_buf + byte_idx)) - num); - - } - - break; - - } - - case 8: { - - /* Randomly add to word, random endian. */ - - if (end - begin < 2) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 1) break; - - if (RAND_BELOW(2)) { - - *(u16 *)(out_buf + byte_idx) += 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u16 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u16 *)(out_buf + byte_idx) = - SWAP16(SWAP16(*(u16 *)(out_buf + byte_idx)) + num); - - } - - break; - - } - - case 9: { - - /* Randomly subtract from dword, random endian. */ - - if (end - begin < 4) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 3) break; - - if (RAND_BELOW(2)) { - - *(u32 *)(out_buf + byte_idx) -= 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u32 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u32 *)(out_buf + byte_idx) = - SWAP32(SWAP32(*(u32 *)(out_buf + byte_idx)) - num); - - } - - break; - - } - - case 10: { - - /* Randomly add to dword, random endian. */ - - if (end - begin < 4) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 3) break; - - if (RAND_BELOW(2)) { - - *(u32 *)(out_buf + byte_idx) += 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u32 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u32 *)(out_buf + byte_idx) = - SWAP32(SWAP32(*(u32 *)(out_buf + byte_idx)) + num); - - } - - break; - - } - - case 11: { - - /* Just set a random byte to a random value. Because, - why not. We use XOR with 1-255 to eliminate the - possibility of a no-op. */ - - out_buf[(RAND_BELOW(end - begin) + begin)] ^= 1 + RAND_BELOW(255); - - break; - - } - - } - -} - -/* This function calculates the next power of 2 greater or equal its argument. - @return The rounded up power of 2 (if no overflow) or 0 on overflow. -*/ -static inline size_t next_pow2(size_t in) { - - if (in == 0 || in > (size_t)-1) - return 0; /* avoid undefined behaviour under-/overflow */ - size_t out = in - 1; - out |= out >> 1; - out |= out >> 2; - out |= out >> 4; - out |= out >> 8; - out |= out >> 16; - return out + 1; - -} - -/* This function makes sure *size is > size_needed after call. - It will realloc *buf otherwise. - *size will grow exponentially as per: - https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponentially/ - Will return NULL and free *buf if size_needed is <1 or realloc failed. - @return For convenience, this function returns *buf. - */ -static inline void *maybe_grow(void **buf, size_t *size, size_t size_needed) { - - /* No need to realloc */ - if (likely(size_needed && *size >= size_needed)) return *buf; - - /* No initial size was set */ - if (size_needed < INITIAL_GROWTH_SIZE) size_needed = INITIAL_GROWTH_SIZE; - - /* grow exponentially */ - size_t next_size = next_pow2(size_needed); - - /* handle overflow */ - if (!next_size) { next_size = size_needed; } - - /* alloc */ - *buf = realloc(*buf, next_size); - *size = *buf ? next_size : 0; - - return *buf; - -} - -/* Swaps buf1 ptr and buf2 ptr, as well as their sizes */ -static inline void afl_swap_bufs(void **buf1, size_t *size1, void **buf2, - size_t *size2) { - - void * scratch_buf = *buf1; - size_t scratch_size = *size1; - *buf1 = *buf2; - *size1 = *size2; - *buf2 = scratch_buf; - *size2 = scratch_size; - -} - -#undef INITIAL_GROWTH_SIZE - -#endif - diff --git a/custom_mutators/radamsa/custom_mutator_helpers.h b/custom_mutators/radamsa/custom_mutator_helpers.h new file mode 120000 index 00000000..f7532ef9 --- /dev/null +++ b/custom_mutators/radamsa/custom_mutator_helpers.h @@ -0,0 +1 @@ +../examples/custom_mutator_helpers.h \ No newline at end of file From b9d2a87f035b84a0757f34d201836dd6b54b9bb3 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Wed, 9 Jun 2021 16:21:00 +0200 Subject: [PATCH 332/441] clippy fixes --- unicorn_mode/samples/speedtest/rust/src/main.rs | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/unicorn_mode/samples/speedtest/rust/src/main.rs b/unicorn_mode/samples/speedtest/rust/src/main.rs index 1e35ff0b..9ea1b873 100644 --- a/unicorn_mode/samples/speedtest/rust/src/main.rs +++ b/unicorn_mode/samples/speedtest/rust/src/main.rs @@ -48,7 +48,7 @@ fn parse_locs(loc_name: &str) -> Result, io::Error> { let contents = &read_file(&format!("../target.offsets.{}", loc_name))?; //println!("Read: {:?}", contents); Ok(str_from_u8_unchecked(&contents) - .split("\n") + .split('\n') .map(|x| { //println!("Trying to convert {}", &x[2..]); let result = u64::from_str_radix(&x[2..], 16); @@ -90,7 +90,8 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { let mut unicorn = Unicorn::new(Arch::X86, Mode::MODE_64, 0)?; let mut uc: UnicornHandle<'_, _> = unicorn.borrow(); - let binary = read_file(BINARY).expect(&format!("Could not read modem image: {}", BINARY)); + let binary = + read_file(BINARY).unwrap_or_else(|_| panic!("Could not read modem image: {}", BINARY)); let _aligned_binary_size = align(binary.len() as u64); // Apply constraints to the mutated input if binary.len() as u64 > CODE_SIZE_MAX { @@ -151,7 +152,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { already_allocated_malloc.set(true); }; - let already_allocated_free = already_allocated.clone(); + let already_allocated_free = already_allocated; // No real free, just set the "used"-flag to false. let hook_free = move |mut uc: UnicornHandle<'_, _>, addr, size| { if already_allocated_free.get() { @@ -190,7 +191,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { } for addr in parse_locs("magicfn").unwrap() { - uc.add_code_hook(addr, addr, Box::new(hook_magicfn.clone()))?; + uc.add_code_hook(addr, addr, Box::new(hook_magicfn))?; } let place_input_callback = @@ -225,7 +226,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { match ret { Ok(_) => {} - Err(e) => panic!(format!("found non-ok unicorn exit: {:?}", e)), + Err(e) => panic!("found non-ok unicorn exit: {:?}", e), } Ok(()) From e0aa411647e1a525a3a0488d929ec71611388d54 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 9 Jun 2021 20:26:37 +0200 Subject: [PATCH 333/441] add test cases for splitting integer comparisons --- instrumentation/split-compares-pass.so.cc | 1105 +++++++++------------ test/test-int_cases.c | 424 ++++++++ test/test-uint_cases.c | 217 ++++ utils/crash_triage/triage_crashes.sh | 4 + 4 files changed, 1141 insertions(+), 609 deletions(-) create mode 100644 test/test-int_cases.c create mode 100644 test/test-uint_cases.c diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index b02a89fb..3dbf7878 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -47,50 +47,99 @@ using namespace llvm; #include "afl-llvm-common.h" +// uncomment this toggle function verification at each step. horribly slow, but +// helps to pinpoint a potential problem in the splitting code. +//#define VERIFY_TOO_MUCH 1 + namespace { class SplitComparesTransform : public ModulePass { - public: static char ID; SplitComparesTransform() : ModulePass(ID), enableFPSplit(0) { - initInstrumentList(); - } bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { - #else const char *getPassName() const override { #endif - return "simplifies and splits ICMP instructions"; - + return "AFL_SplitComparesTransform"; } private: int enableFPSplit; - size_t splitIntCompares(Module &M, unsigned bitw); + unsigned target_bitwidth = 8; + + size_t count = 0; + size_t splitFPCompares(Module &M); - bool simplifyCompares(Module &M); bool simplifyFPCompares(Module &M); - bool simplifyIntSignedness(Module &M); size_t nextPowerOfTwo(size_t in); + /// simplify the comparison and then split the comparison until the + /// target_bitwidth is reached. + bool simplifyAndSplit(CmpInst *I, Module &M); + /// simplify a non-strict comparison (e.g., less than or equals) + bool simplifyOrEqualsCompare(CmpInst *IcmpInst, Module &M, + std::vector &worklist); + /// simplify a signed comparison (signed less or greater than) + bool simplifySignedCompare(CmpInst *IcmpInst, Module &M, + std::vector &worklist); + /// splits an icmp into nested icmps recursivly until target_bitwidth is + /// reached + bool splitCompare(CmpInst *I, Module &M); + + /// print an error to llvm's errs stream, but only if not ordered to be quiet + void reportError(const StringRef msg, Instruction *I, Module &M) { + if (!be_quiet) { + errs() << "[AFL++ SplitComparesTransform] ERROR: " << msg << "\n"; + if (debug) { + if (I) { + errs() << "Instruction = " << *I << "\n"; + if (auto BB = I->getParent()) { + if (auto F = BB->getParent()) { + if (F->hasName()) { + errs() << "|-> in function " << F->getName() << " "; + } + } + } + } + auto n = M.getName(); + if (n.size() > 0) { errs() << "in module " << n << "\n"; } + } + } + } + + bool isSupportedBitWidth(unsigned bitw) { + // IDK whether the icmp code works on other bitwidths. I guess not? So we + // try to avoid dealing with other weird icmp's that llvm might use (looking + // at you `icmp i0`). + switch (bitw) { + case 8: + case 16: + case 32: + case 64: + case 128: + case 256: + return true; + default: + return false; + } + } }; } // namespace char SplitComparesTransform::ID = 0; -/* This function splits FCMP instructions with xGE or xLE predicates into two - * FCMP instructions with predicate xGT or xLT and EQ */ +/// This function splits FCMP instructions with xGE or xLE predicates into two +/// FCMP instructions with predicate xGT or xLT and EQ bool SplitComparesTransform::simplifyFPCompares(Module &M) { - LLVMContext & C = M.getContext(); std::vector fcomps; IntegerType * Int1Ty = IntegerType::getInt1Ty(C); @@ -98,23 +147,18 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* iterate over all functions, bbs and instruction and add * all integer comparisons with >= and <= predicates to the icomps vector */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { - for (auto &IN : BB) { - CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { - if (enableFPSplit && (selectcmpInst->getPredicate() == CmpInst::FCMP_OGE || selectcmpInst->getPredicate() == CmpInst::FCMP_UGE || selectcmpInst->getPredicate() == CmpInst::FCMP_OLE || selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) { - auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -127,22 +171,16 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); - } - } - } - } - } if (!fcomps.size()) { return false; } /* transform for floating point */ for (auto &FcmpInst : fcomps) { - BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -155,7 +193,6 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { CmpInst::Predicate new_pred; switch (pred) { - case CmpInst::FCMP_UGE: new_pred = CmpInst::FCMP_UGT; break; @@ -170,7 +207,6 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { break; default: // keep the compiler happy continue; - } /* split before the fcmp instruction */ @@ -214,305 +250,428 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* replace the old FcmpInst with our new and shiny PHI inst */ BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); - } return true; - } -/* This function splits ICMP instructions with xGE or xLE predicates into two - * ICMP instructions with predicate xGT or xLT and EQ */ -bool SplitComparesTransform::simplifyCompares(Module &M) { +/// This function splits ICMP instructions with xGE or xLE predicates into two +/// ICMP instructions with predicate xGT or xLT and EQ +bool SplitComparesTransform::simplifyOrEqualsCompare( + CmpInst *IcmpInst, Module &M, std::vector &worklist) { + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - LLVMContext & C = M.getContext(); - std::vector icomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); + /* find out what the new predicate is going to be */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { return false; } + + BasicBlock *bb = IcmpInst->getParent(); - /* iterate over all functions, bbs and instruction and add - * all integer comparisons with >= and <= predicates to the icomps vector */ - for (auto &F : M) { + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); - if (!isInInstrumentList(&F)) continue; - - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_UGE || - selectcmpInst->getPredicate() == CmpInst::ICMP_SGE || - selectcmpInst->getPredicate() == CmpInst::ICMP_ULE || - selectcmpInst->getPredicate() == CmpInst::ICMP_SLE) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - /* this is probably not needed but we do it anyway */ - if (!intTyOp0 || !intTyOp1) { continue; } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return false; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - /* find out what the new predicate is going to be */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; - - switch (pred) { - - case CmpInst::ICMP_UGE: - new_pred = CmpInst::ICMP_UGT; - break; - case CmpInst::ICMP_SGE: - new_pred = CmpInst::ICMP_SGT; - break; - case CmpInst::ICMP_ULE: - new_pred = CmpInst::ICMP_ULT; - break; - case CmpInst::ICMP_SLE: - new_pred = CmpInst::ICMP_SLT; - break; - default: // keep the compiler happy - continue; - - } - - /* split before the icmp instruction */ - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* the old bb now contains a unconditional jump to the new one (end_bb) - * we need to delete it later */ - - /* create the ICMP instruction with new_pred and add it to the old basic - * block bb it is now at the position where the old IcmpInst was */ - Instruction *icmp_np; - icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_np); - - /* create a new basic block which holds the new EQ icmp */ - Instruction *icmp_eq; - /* insert middle_bb before end_bb */ - BasicBlock *middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); - middle_bb->getInstList().push_back(icmp_eq); - /* add an unconditional branch to the end of middle_bb with destination - * end_bb */ - BranchInst::Create(end_bb, middle_bb); - - /* replace the uncond branch with a conditional one, which depends on the - * new_pred icmp. True goes to end, false to the middle (injected) bb */ - auto term = bb->getTerminator(); - BranchInst::Create(end_bb, middle_bb, icmp_np, bb); - term->eraseFromParent(); - - /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI - * inst to wire up the loose ends */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - /* the first result depends on the outcome of icmp_eq */ - PN->addIncoming(icmp_eq, middle_bb); - /* if the source was the original bb we know that the icmp_np yielded true - * hence we can hardcode this value */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - /* replace the old IcmpInst with our new and shiny PHI inst */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } - - return true; - -} - -/* this function transforms signed compares to equivalent unsigned compares */ -bool SplitComparesTransform::simplifyIntSignedness(Module &M) { - - LLVMContext & C = M.getContext(); - std::vector icomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); - - /* iterate over all functions, bbs and instructions and add - * all signed compares to icomps vector */ - for (auto &F : M) { - - if (!isInInstrumentList(&F)) continue; - - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_SGT || - selectcmpInst->getPredicate() == CmpInst::ICMP_SLT) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - /* see above */ - if (!intTyOp0 || !intTyOp1) { continue; } - - /* i think this is not possible but to lazy to look it up */ - if (intTyOp0->getBitWidth() != intTyOp1->getBitWidth()) { - - continue; - - } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return false; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - if (!intTyOp0) { continue; } - unsigned bitw = intTyOp0->getBitWidth(); - IntegerType *IntType = IntegerType::get(C, bitw); - - /* get the new predicate */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; - - if (pred == CmpInst::ICMP_SGT) { + CmpInst::Predicate pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + switch (pred) { + case CmpInst::ICMP_UGE: new_pred = CmpInst::ICMP_UGT; - - } else { - + break; + case CmpInst::ICMP_SGE: + new_pred = CmpInst::ICMP_SGT; + break; + case CmpInst::ICMP_ULE: new_pred = CmpInst::ICMP_ULT; + break; + case CmpInst::ICMP_SLE: + new_pred = CmpInst::ICMP_SLT; + break; + default: // keep the compiler happy + return false; + } - } + /* split before the icmp instruction */ + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + /* the old bb now contains a unconditional jump to the new one (end_bb) + * we need to delete it later */ - /* create a 1 bit compare for the sign bit. to do this shift and trunc - * the original operands so only the first bit remains.*/ - Instruction *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; + /* create the ICMP instruction with new_pred and add it to the old basic + * block bb it is now at the position where the old IcmpInst was */ + CmpInst *icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), icmp_np); - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(IntType, bitw - 1)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - t_op0 = new TruncInst(s_op0, Int1Ty); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op0); + /* create a new basic block which holds the new EQ icmp */ + CmpInst *icmp_eq; + /* insert middle_bb before end_bb */ + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); + middle_bb->getInstList().push_back(icmp_eq); + /* add an unconditional branch to the end of middle_bb with destination + * end_bb */ + BranchInst::Create(end_bb, middle_bb); - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(IntType, bitw - 1)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - t_op1 = new TruncInst(s_op1, Int1Ty); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op1); + /* replace the uncond branch with a conditional one, which depends on the + * new_pred icmp. True goes to end, false to the middle (injected) bb */ + auto term = bb->getTerminator(); + BranchInst::Create(end_bb, middle_bb, icmp_np, bb); + term->eraseFromParent(); - /* compare of the sign bits */ - icmp_sign_bit = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, t_op0, t_op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_sign_bit); + /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI + * inst to wire up the loose ends */ + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + /* the first result depends on the outcome of icmp_eq */ + PN->addIncoming(icmp_eq, middle_bb); + /* if the source was the original bb we know that the icmp_np yielded true + * hence we can hardcode this value */ + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + /* replace the old IcmpInst with our new and shiny PHI inst */ + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - /* create a new basic block which is executed if the signedness bit is - * different */ - Instruction *icmp_inv_sig_cmp; - BasicBlock * sign_bb = - BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_SGT) { + worklist.push_back(icmp_np); + worklist.push_back(icmp_eq); - /* if we check for > and the op0 positive and op1 negative then the final - * result is true. if op0 negative and op1 pos, the cmp must result - * in false - */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); + return true; +} +/// Simplify a signed comparison operator by splitting it into a unsigned and +/// bit comparison. add all resulting comparisons to +/// the worklist passed as a reference. +bool SplitComparesTransform::simplifySignedCompare( + CmpInst *IcmpInst, Module &M, std::vector &worklist) { + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + + BasicBlock *bb = IcmpInst->getParent(); + + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); + + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { return false; } + unsigned bitw = intTyOp0->getBitWidth(); + IntegerType *IntType = IntegerType::get(C, bitw); + + /* get the new predicate */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { return false; } + auto pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + + if (pred == CmpInst::ICMP_SGT) { + new_pred = CmpInst::ICMP_UGT; + + } else { + new_pred = CmpInst::ICMP_ULT; + } + + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* create a 1 bit compare for the sign bit. to do this shift and trunc + * the original operands so only the first bit remains.*/ + Value *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; + + IRBuilder<> IRB(bb->getTerminator()); + s_op0 = IRB.CreateLShr(op0, ConstantInt::get(IntType, bitw - 1)); + t_op0 = IRB.CreateTruncOrBitCast(s_op0, Int1Ty); + s_op1 = IRB.CreateLShr(op1, ConstantInt::get(IntType, bitw - 1)); + t_op1 = IRB.CreateTruncOrBitCast(s_op1, Int1Ty); + /* compare of the sign bits */ + icmp_sign_bit = IRB.CreateCmp(CmpInst::ICMP_EQ, t_op0, t_op1); + + /* create a new basic block which is executed if the signedness bit is + * different */ + CmpInst * icmp_inv_sig_cmp; + BasicBlock *sign_bb = + BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_SGT) { + /* if we check for > and the op0 positive and op1 negative then the final + * result is true. if op0 negative and op1 pos, the cmp must result + * in false + */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); + + } else { + /* just the inverse of the above statement */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); + } + + sign_bb->getInstList().push_back(icmp_inv_sig_cmp); + BranchInst::Create(end_bb, sign_bb); + + /* create a new bb which is executed if signedness is equal */ + CmpInst * icmp_usign_cmp; + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + /* we can do a normal unsigned compare now */ + icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + + middle_bb->getInstList().push_back(icmp_usign_cmp); + BranchInst::Create(end_bb, middle_bb); + + auto term = bb->getTerminator(); + /* if the sign is eq do a normal unsigned cmp, else we have to check the + * signedness bit */ + BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); + term->eraseFromParent(); + + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + + PN->addIncoming(icmp_usign_cmp, middle_bb); + PN->addIncoming(icmp_inv_sig_cmp, sign_bb); + + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + + // save for later + worklist.push_back(icmp_usign_cmp); + + // signed comparisons are not supported by the splitting code, so we must not + // add it to the worklist. + // worklist.push_back(icmp_inv_sig_cmp); + + return true; +} + +bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M) { + auto pred = cmp_inst->getPredicate(); + switch (pred) { + case CmpInst::ICMP_EQ: + case CmpInst::ICMP_NE: + case CmpInst::ICMP_UGT: + case CmpInst::ICMP_ULT: + break; + default: + // unsupported predicate! + return false; + } + + auto op0 = cmp_inst->getOperand(0); + auto op1 = cmp_inst->getOperand(1); + + // get bitwidth by checking the bitwidth of the first operator + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { + // not an integer type + return false; + } + + unsigned bitw = intTyOp0->getBitWidth(); + if (bitw == target_bitwidth) { + // already the target bitwidth so we have to do nothing here. + return true; + } + + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + BasicBlock *bb = cmp_inst->getParent(); + IntegerType *OldIntType = IntegerType::get(C, bitw); + IntegerType *NewIntType = IntegerType::get(C, bitw / 2); + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst)); + CmpInst *icmp_high, *icmp_low; + + /* create the comparison of the top halves of the original operands */ + Instruction *s_op0, *op0_high, *s_op1, *op1_high; + + s_op0 = BinaryOperator::Create(Instruction::LShr, op0, + ConstantInt::get(OldIntType, bitw / 2)); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); + op0_high = new TruncInst(s_op0, NewIntType); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), op0_high); + + s_op1 = BinaryOperator::Create(Instruction::LShr, op1, + ConstantInt::get(OldIntType, bitw / 2)); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); + op1_high = new TruncInst(s_op1, NewIntType); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), op1_high); + + icmp_high = CmpInst::Create(Instruction::ICmp, pred, op0_high, op1_high); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), + icmp_high); + + PHINode *PN = nullptr; + + /* now we have to destinguish between == != and > < */ + if (pred == CmpInst::ICMP_EQ || pred == CmpInst::ICMP_NE) { + /* transformation for == and != icmps */ + + /* create a compare for the lower half of the original operands */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); + + Value *op0_low, *op1_low; + + IRBuilder<> Builder(cmp_low_bb); + + op0_low = Builder.CreateTrunc(op0, NewIntType); + op1_low = Builder.CreateTrunc(op1, NewIntType); + + icmp_low = dyn_cast(Builder.CreateICmp(pred, op0_low, op1_low)); + // icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); + // cmp_low_bb->getInstList().push_back(icmp_low); + + BranchInst::Create(end_bb, cmp_low_bb); + + /* dependent on the cmp of the high parts go to the end or go on with + * the comparison */ + auto term = bb->getTerminator(); + BranchInst *br = nullptr; + if (pred == CmpInst::ICMP_EQ) { + br = BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); } else { - - /* just the inverse of the above statement */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); - + /* CmpInst::ICMP_NE */ + br = BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); } - - sign_bb->getInstList().push_back(icmp_inv_sig_cmp); - BranchInst::Create(end_bb, sign_bb); - - /* create a new bb which is executed if signedness is equal */ - Instruction *icmp_usign_cmp; - BasicBlock * middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - /* we can do a normal unsigned compare now */ - icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - middle_bb->getInstList().push_back(icmp_usign_cmp); - BranchInst::Create(end_bb, middle_bb); - - auto term = bb->getTerminator(); - /* if the sign is eq do a normal unsigned cmp, else we have to check the - * signedness bit */ - BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); term->eraseFromParent(); - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + /* create the PHI and connect the edges accordingly */ + PN = PHINode::Create(Int1Ty, 2, ""); + PN->addIncoming(icmp_low, cmp_low_bb); + Value *val = nullptr; + if (pred == CmpInst::ICMP_EQ) { + val = ConstantInt::get(Int1Ty, 0); + } else { + /* CmpInst::ICMP_NE */ + val = ConstantInt::get(Int1Ty, 1); + } + PN->addIncoming(val, icmp_high->getParent()); - PN->addIncoming(icmp_usign_cmp, middle_bb); - PN->addIncoming(icmp_inv_sig_cmp, sign_bb); + } else { + /* CmpInst::ICMP_UGT and CmpInst::ICMP_ULT */ + /* transformations for < and > */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + /* create a basic block which checks for the inverse predicate. + * if this is true we can go to the end if not we have to go to the + * bb which checks the lower half of the operands */ + Instruction *icmp_inv_cmp, *op0_low, *op1_low; + BasicBlock * inv_cmp_bb = + BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_UGT) { + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, + op0_high, op1_high); + } else { + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, + op0_high, op1_high); + } + + inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); + + auto term = bb->getTerminator(); + term->eraseFromParent(); + BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); + + /* create a bb which handles the cmp of the lower halves */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); + op0_low = new TruncInst(op0, NewIntType); + cmp_low_bb->getInstList().push_back(op0_low); + op1_low = new TruncInst(op1, NewIntType); + cmp_low_bb->getInstList().push_back(op1_low); + + icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); + cmp_low_bb->getInstList().push_back(icmp_low); + BranchInst::Create(end_bb, cmp_low_bb); + + BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); + + PN = PHINode::Create(Int1Ty, 3); + PN->addIncoming(icmp_low, cmp_low_bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); + } + + BasicBlock::iterator ii(cmp_inst); + ReplaceInstWithInst(cmp_inst->getParent()->getInstList(), ii, PN); + + // We split the comparison into low and high. If this isn't our target + // bitwidth we recursivly split the low and high parts again until we have + // target bitwidth. + if ((bitw / 2) > target_bitwidth) { + if (!splitCompare(icmp_high, M)) { + reportError("Failed to split high comparison", icmp_high, M); + return false; + } + if (!splitCompare(icmp_low, M)) { + reportError("Failed to split low comparison", icmp_low, M); + return false; + } } return true; +} +bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { + std::vector worklist; + + auto op0 = I->getOperand(0); + auto op1 = I->getOperand(1); + if (!op0 || !op1) { return false; } + auto op0Ty = dyn_cast(op0->getType()); + if (!op0Ty || !isa(op1->getType())) { return true; } + + unsigned bitw = op0Ty->getBitWidth(); + +#ifdef VERIFY_TOO_MUCH + auto F = I->getParent()->getParent(); +#endif + + // we run the comparison simplification on all compares regardless of their + // bitwidth. + if (I->getPredicate() == CmpInst::ICMP_UGE || + I->getPredicate() == CmpInst::ICMP_SGE || + I->getPredicate() == CmpInst::ICMP_ULE || + I->getPredicate() == CmpInst::ICMP_SLE) { + if (!simplifyOrEqualsCompare(I, M, worklist)) { + reportError( + "Failed to simplify inequality or equals comparison " + "(UGE,SGE,ULE,SLE)", + I, M); + } + } else if (I->getPredicate() == CmpInst::ICMP_SGT || + I->getPredicate() == CmpInst::ICMP_SLT) { + if (!simplifySignedCompare(I, M, worklist)) { + reportError("Failed to simplify signed comparison (SGT,SLT)", I, M); + } + } + +#ifdef VERIFY_TOO_MUCH + if (verifyFunction(*F, &errs())) { + reportError("simpliyfing compare lead to broken function", nullptr, M); + } +#endif + + // the simplification methods replace the original CmpInst and push the + // resulting new CmpInst into the worklist. If the worklist is empty then + // we only have to split the original CmpInst. + if (worklist.size() == 0) { worklist.push_back(I); } + + for (auto cmp : worklist) { + // we split the simplified compares into comparisons with smaller bitwidths + // if they are larger than our target_bitwidth. + if (bitw > target_bitwidth) { + if (!splitCompare(cmp, M)) { + reportError("Failed to split comparison", cmp, M); + } + +#ifdef VERIFY_TOO_MUCH + if (verifyFunction(*F, &errs())) { + reportError("splitting compare lead to broken function", nullptr, M); + } +#endif + } + } + + count++; + return true; } size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { - --in; in |= in >> 1; in |= in >> 2; @@ -520,12 +679,10 @@ size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { // in |= in >> 8; // in |= in >> 16; return in + 1; - } /* splits fcmps into two nested fcmps with sign compare and the rest */ size_t SplitComparesTransform::splitFPCompares(Module &M) { - size_t count = 0; LLVMContext &C = M.getContext(); @@ -537,13 +694,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* define unions with floating point and (sign, exponent, mantissa) triples */ if (dl.isLittleEndian()) { - } else if (dl.isBigEndian()) { - } else { - return count; - } #endif @@ -553,17 +706,13 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* get all EQ, NE, GT, and LT fcmps. if the other two * functions were executed only these four predicates should exist */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { - for (auto &IN : BB) { - CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { - if (selectcmpInst->getPredicate() == CmpInst::FCMP_OEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_UEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_ONE || @@ -572,7 +721,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { selectcmpInst->getPredicate() == CmpInst::FCMP_OGT || selectcmpInst->getPredicate() == CmpInst::FCMP_ULT || selectcmpInst->getPredicate() == CmpInst::FCMP_OLT) { - auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -584,15 +732,10 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); - } - } - } - } - } if (!fcomps.size()) { return count; } @@ -600,7 +743,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { IntegerType *Int1Ty = IntegerType::getInt1Ty(C); for (auto &FcmpInst : fcomps) { - BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -725,7 +867,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), t_e1); if (sizeInBits - precision < exTySizeBytes * 8) { - m_e0 = BinaryOperator::Create( Instruction::And, t_e0, ConstantInt::get(t_e0->getType(), mask_exponent)); @@ -738,10 +879,8 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), m_e1); } else { - m_e0 = t_e0; m_e1 = t_e1; - } /* compare the exponents of the operands */ @@ -749,7 +888,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction *icmp_exponent_result; BasicBlock * signequal2_bb = signequal_bb; switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_exponent_result = @@ -819,7 +957,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; - } signequal2_bb->getInstList().insert( @@ -827,11 +964,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { icmp_exponent_result); { - term = signequal2_bb->getTerminator(); switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* if the exponents are satifying the compare do a fraction cmp in @@ -854,11 +989,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; - } term->eraseFromParent(); - } /* isolate the mantissa aka fraction */ @@ -866,7 +999,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { bool needTrunc = IntFractionTy->getPrimitiveSizeInBits() < op_size; if (precision - 1 < frTySizeBytes * 8) { - Instruction *m_f0, *m_f1; m_f0 = BinaryOperator::Create( Instruction::And, b_op0, @@ -880,7 +1012,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), m_f1); if (needTrunc) { - t_f0 = new TruncInst(m_f0, IntFractionTy); t_f1 = new TruncInst(m_f1, IntFractionTy); middle_bb->getInstList().insert( @@ -889,16 +1020,12 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { - t_f0 = m_f0; t_f1 = m_f1; - } } else { - if (needTrunc) { - t_f0 = new TruncInst(b_op0, IntFractionTy); t_f1 = new TruncInst(b_op1, IntFractionTy); middle_bb->getInstList().insert( @@ -907,12 +1034,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { - t_f0 = b_op0; t_f1 = b_op1; - } - } /* compare the fractions of the operands */ @@ -920,7 +1044,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock * middle2_bb = middle_bb; PHINode * PN2 = nullptr; switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_fraction_result = @@ -943,7 +1066,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { case CmpInst::FCMP_UGT: case CmpInst::FCMP_OLT: case CmpInst::FCMP_ULT: { - Instruction *icmp_fraction_result2; middle2_bb = middle_bb->splitBasicBlock( @@ -956,7 +1078,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (FcmpInst->getPredicate() == CmpInst::FCMP_OGT || FcmpInst->getPredicate() == CmpInst::FCMP_UGT) { - negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); @@ -965,14 +1086,12 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); } else { - negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); positive_bb->getInstList().push_back( icmp_fraction_result2 = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); - } BranchInst::Create(middle2_bb, negative_bb); @@ -992,13 +1111,11 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { default: continue; - } PHINode *PN = PHINode::Create(Int1Ty, 3, ""); switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* unequal signs cannot be equal values */ @@ -1037,328 +1154,94 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; - } BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); ++count; - } return count; - -} - -/* splits icmps of size bitw into two nested icmps with bitw/2 size each */ -size_t SplitComparesTransform::splitIntCompares(Module &M, unsigned bitw) { - - size_t count = 0; - - LLVMContext &C = M.getContext(); - - IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - IntegerType *OldIntType = IntegerType::get(C, bitw); - IntegerType *NewIntType = IntegerType::get(C, bitw / 2); - - std::vector icomps; - - if (bitw % 2) { return 0; } - - /* not supported yet */ - if (bitw > 64) { return 0; } - - /* get all EQ, NE, UGT, and ULT icmps of width bitw. if the - * functions simplifyCompares() and simplifyIntSignedness() - * were executed only these four predicates should exist */ - for (auto &F : M) { - - if (!isInInstrumentList(&F)) continue; - - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_EQ || - selectcmpInst->getPredicate() == CmpInst::ICMP_NE || - selectcmpInst->getPredicate() == CmpInst::ICMP_UGT || - selectcmpInst->getPredicate() == CmpInst::ICMP_ULT) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - if (!intTyOp0 || !intTyOp1) { continue; } - - /* check if the bitwidths are the one we are looking for */ - if (intTyOp0->getBitWidth() != bitw || - intTyOp1->getBitWidth() != bitw) { - - continue; - - } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return 0; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* create the comparison of the top halves of the original operands */ - Instruction *s_op0, *op0_high, *s_op1, *op1_high, *icmp_high; - - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - op0_high = new TruncInst(s_op0, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - op0_high); - - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - op1_high = new TruncInst(s_op1, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - op1_high); - - icmp_high = CmpInst::Create(Instruction::ICmp, pred, op0_high, op1_high); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_high); - - /* now we have to destinguish between == != and > < */ - if (pred == CmpInst::ICMP_EQ || pred == CmpInst::ICMP_NE) { - - /* transformation for == and != icmps */ - - /* create a compare for the lower half of the original operands */ - Instruction *op0_low, *op1_low, *icmp_low; - BasicBlock * cmp_low_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); - - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); - - /* dependent on the cmp of the high parts go to the end or go on with - * the comparison */ - auto term = bb->getTerminator(); - if (pred == CmpInst::ICMP_EQ) { - - BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); - - } else { - - /* CmpInst::ICMP_NE */ - BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); - - } - - term->eraseFromParent(); - - /* create the PHI and connect the edges accordingly */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - PN->addIncoming(icmp_low, cmp_low_bb); - if (pred == CmpInst::ICMP_EQ) { - - PN->addIncoming(ConstantInt::get(Int1Ty, 0), bb); - - } else { - - /* CmpInst::ICMP_NE */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - - } - - /* replace the old icmp with the new PHI */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } else { - - /* CmpInst::ICMP_UGT and CmpInst::ICMP_ULT */ - /* transformations for < and > */ - - /* create a basic block which checks for the inverse predicate. - * if this is true we can go to the end if not we have to go to the - * bb which checks the lower half of the operands */ - Instruction *icmp_inv_cmp, *op0_low, *op1_low, *icmp_low; - BasicBlock * inv_cmp_bb = - BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_UGT) { - - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, - op0_high, op1_high); - - } else { - - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, - op0_high, op1_high); - - } - - inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); - - auto term = bb->getTerminator(); - term->eraseFromParent(); - BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); - - /* create a bb which handles the cmp of the lower halves */ - BasicBlock *cmp_low_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); - - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); - - BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); - - PHINode *PN = PHINode::Create(Int1Ty, 3); - PN->addIncoming(icmp_low, cmp_low_bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); - - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } - - ++count; - - } - - return count; - } bool SplitComparesTransform::runOnModule(Module &M) { - - int bitw = 64; - size_t count = 0; - char *bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); - if (bitw_env) { bitw = atoi(bitw_env); } + if (bitw_env) { target_bitwidth = atoi(bitw_env); } enableFPSplit = getenv("AFL_LLVM_LAF_SPLIT_FLOATS") != NULL; if ((isatty(2) && getenv("AFL_QUIET") == NULL) || getenv("AFL_DEBUG") != NULL) { + errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " + "heiko@hexco.de (splitting icmp to " + << target_bitwidth << " bit)\n"; - printf( - "Split-compare-pass by laf.intel@gmail.com, extended by " - "heiko@hexco.de\n"); + if (getenv("AFL_DEBUG") != NULL && !debug) { debug = 1; } } else { - be_quiet = 1; - } if (enableFPSplit) { - count = splitFPCompares(M); /* if (!be_quiet) { - errs() << "Split-floatingpoint-compare-pass: " << count << " FP comparisons split\n"; - } - */ simplifyFPCompares(M); - } - simplifyCompares(M); - - simplifyIntSignedness(M); - - switch (bitw) { - - case 64: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - bitw >>= 1; -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) - [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ -#endif - case 32: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - bitw >>= 1; -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) - [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ -#endif - case 16: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - // bitw >>= 1; - break; - - default: - // if (!be_quiet) errs() << "NOT Running split-compare-pass \n"; - return false; - break; + std::vector worklist; + /* iterate over all functions, bbs and instruction search for all integer + * compare instructions. Save them into the worklist for later. */ + for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; + for (auto &BB : F) { + for (auto &IN : BB) { + if (auto CI = dyn_cast(&IN)) { + auto op0 = CI->getOperand(0); + auto op1 = CI->getOperand(1); + if (!op0 || !op1) { return false; } + auto iTy1 = dyn_cast(op0->getType()); + if (iTy1 && isa(op1->getType())) { + unsigned bitw = iTy1->getBitWidth(); + if (isSupportedBitWidth(bitw)) { worklist.push_back(CI); } + } + } + } + } } - verifyModule(M); + // now that we have a list of all integer comparisons we can start replacing + // them with the splitted alternatives. + for (auto CI : worklist) { + simplifyAndSplit(CI, M); + } + + bool brokenDebug = false; + if (verifyModule(M, &errs(), &brokenDebug)) { + reportError( + "Module Verifier failed! Consider reporting a bug with the AFL++ " + "project.", + nullptr, M); + } + + if (brokenDebug) { + reportError("Module Verifier reported broken Debug Infos - Stripping!", + nullptr, M); + StripDebugInfo(M); + } return true; - } static void registerSplitComparesPass(const PassManagerBuilder &, legacy::PassManagerBase &PM) { - PM.add(new SplitComparesTransform()); - } static RegisterStandardPasses RegisterSplitComparesPass( @@ -1373,3 +1256,7 @@ static RegisterStandardPasses RegisterSplitComparesTransPassLTO( registerSplitComparesPass); #endif +static RegisterPass X("splitcompares", + "AFL++ split compares", + true /* Only looks at CFG */, + true /* Analysis Pass */); diff --git a/test/test-int_cases.c b/test/test-int_cases.c new file mode 100644 index 00000000..c76206c5 --- /dev/null +++ b/test/test-int_cases.c @@ -0,0 +1,424 @@ +/* test cases for integer comparison transformations + * compile with -DINT_TYPE="signed char" + * or -DINT_TYPE="short" + * or -DINT_TYPE="int" + * or -DINT_TYPE="long" + * or -DINT_TYPE="long long" + */ + +#include + +int main() { + + volatile INT_TYPE a, b; + /* different values */ + a = -21; + b = -2; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 1; + b = 8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ + volatile short a, b; + a = 2; + b = 256+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 256; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ + volatile int a, b; + a = 2; + b = 65536+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 65536; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ + volatile long a, b; + a = 2; + b = 4294967296+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 4294967296; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + a = -1; + b = 1; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = 0; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -2; + b = 8; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 8; + b = 1; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -256; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -65536; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -4294967296; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + } + } + } + + a = 1; + b = -1; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 0; + b = -1; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 8; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 1; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 256; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 65536; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 4294967296; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + /* equal values */ + a = 0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 1; + b = 1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 5; + b = 5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -1; + b = -1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -5; + b = -5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = 1 + 256; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 256; + b = -2 - 256; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = 1 + 65536; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 65536; + b = -2 - 65536; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = 1 + 4294967296; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 4294967296; + b = -2 - 4294967296; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + } + } + } +} + diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c new file mode 100644 index 00000000..8496cffe --- /dev/null +++ b/test/test-uint_cases.c @@ -0,0 +1,217 @@ +/* + * compile with -DUINT_TYPE="unsigned char" + * or -DUINT_TYPE="unsigned short" + * or -DUINT_TYPE="unsigned int" + * or -DUINT_TYPE="unsigned long" + * or -DUINT_TYPE="unsigned long long" + */ + +#include + +int main() { + + volatile UINT_TYPE a, b; + + a = 1; + b = 8; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+2; + b = 256+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 256+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+2; + b = 65536+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 65536+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + } + + if ((UINT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+2; + b = 4294967296+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 4294967296+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + } + } + + a = 8; + b = 1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+2; + b = 256+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 256+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+2; + b = 65536+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 65536+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+2; + b = 4294967296+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 4294967296+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + + a = 0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 1; + b = 1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((UINT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+5; + b = 256+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((UINT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+5; + b = 65536+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((UINT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+5; + b = 4294967296+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + } + } + + } + +} + diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh index 4d75430e..9ca1d5fc 100755 --- a/utils/crash_triage/triage_crashes.sh +++ b/utils/crash_triage/triage_crashes.sh @@ -65,7 +65,11 @@ if [ ! -f "$BIN" -o ! -x "$BIN" ]; then fi if [ ! -d "$DIR/queue" ]; then +<<<<<<< Updated upstream echo "[-] Error: directory '$DIR' not found or not created by afl-fuzz." 1>&2 +======= + echo "[-] Error: directory '$DIR/queue' not found or not created by afl-fuzz." 1>&2 +>>>>>>> Stashed changes exit 1 fi From a4cb2414d5a26699f999667752d3461da20d3f82 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 9 Jun 2021 21:29:41 +0200 Subject: [PATCH 334/441] Revert "add test cases for splitting integer comparisons" This reverts commit e0aa411647e1a525a3a0488d929ec71611388d54. --- instrumentation/split-compares-pass.so.cc | 1087 ++++++++++++--------- test/test-int_cases.c | 424 -------- test/test-uint_cases.c | 217 ---- utils/crash_triage/triage_crashes.sh | 4 - 4 files changed, 600 insertions(+), 1132 deletions(-) delete mode 100644 test/test-int_cases.c delete mode 100644 test/test-uint_cases.c diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 3dbf7878..b02a89fb 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -47,99 +47,50 @@ using namespace llvm; #include "afl-llvm-common.h" -// uncomment this toggle function verification at each step. horribly slow, but -// helps to pinpoint a potential problem in the splitting code. -//#define VERIFY_TOO_MUCH 1 - namespace { class SplitComparesTransform : public ModulePass { + public: static char ID; SplitComparesTransform() : ModulePass(ID), enableFPSplit(0) { + initInstrumentList(); + } bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { + #else const char *getPassName() const override { #endif - return "AFL_SplitComparesTransform"; + return "simplifies and splits ICMP instructions"; + } private: int enableFPSplit; - unsigned target_bitwidth = 8; - - size_t count = 0; - + size_t splitIntCompares(Module &M, unsigned bitw); size_t splitFPCompares(Module &M); + bool simplifyCompares(Module &M); bool simplifyFPCompares(Module &M); + bool simplifyIntSignedness(Module &M); size_t nextPowerOfTwo(size_t in); - /// simplify the comparison and then split the comparison until the - /// target_bitwidth is reached. - bool simplifyAndSplit(CmpInst *I, Module &M); - /// simplify a non-strict comparison (e.g., less than or equals) - bool simplifyOrEqualsCompare(CmpInst *IcmpInst, Module &M, - std::vector &worklist); - /// simplify a signed comparison (signed less or greater than) - bool simplifySignedCompare(CmpInst *IcmpInst, Module &M, - std::vector &worklist); - /// splits an icmp into nested icmps recursivly until target_bitwidth is - /// reached - bool splitCompare(CmpInst *I, Module &M); - - /// print an error to llvm's errs stream, but only if not ordered to be quiet - void reportError(const StringRef msg, Instruction *I, Module &M) { - if (!be_quiet) { - errs() << "[AFL++ SplitComparesTransform] ERROR: " << msg << "\n"; - if (debug) { - if (I) { - errs() << "Instruction = " << *I << "\n"; - if (auto BB = I->getParent()) { - if (auto F = BB->getParent()) { - if (F->hasName()) { - errs() << "|-> in function " << F->getName() << " "; - } - } - } - } - auto n = M.getName(); - if (n.size() > 0) { errs() << "in module " << n << "\n"; } - } - } - } - - bool isSupportedBitWidth(unsigned bitw) { - // IDK whether the icmp code works on other bitwidths. I guess not? So we - // try to avoid dealing with other weird icmp's that llvm might use (looking - // at you `icmp i0`). - switch (bitw) { - case 8: - case 16: - case 32: - case 64: - case 128: - case 256: - return true; - default: - return false; - } - } }; } // namespace char SplitComparesTransform::ID = 0; -/// This function splits FCMP instructions with xGE or xLE predicates into two -/// FCMP instructions with predicate xGT or xLT and EQ +/* This function splits FCMP instructions with xGE or xLE predicates into two + * FCMP instructions with predicate xGT or xLT and EQ */ bool SplitComparesTransform::simplifyFPCompares(Module &M) { + LLVMContext & C = M.getContext(); std::vector fcomps; IntegerType * Int1Ty = IntegerType::getInt1Ty(C); @@ -147,18 +98,23 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* iterate over all functions, bbs and instruction and add * all integer comparisons with >= and <= predicates to the icomps vector */ for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { + for (auto &IN : BB) { + CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { + if (enableFPSplit && (selectcmpInst->getPredicate() == CmpInst::FCMP_OGE || selectcmpInst->getPredicate() == CmpInst::FCMP_UGE || selectcmpInst->getPredicate() == CmpInst::FCMP_OLE || selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) { + auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -171,16 +127,22 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); + } + } + } + } + } if (!fcomps.size()) { return false; } /* transform for floating point */ for (auto &FcmpInst : fcomps) { + BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -193,6 +155,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { CmpInst::Predicate new_pred; switch (pred) { + case CmpInst::FCMP_UGE: new_pred = CmpInst::FCMP_UGT; break; @@ -207,6 +170,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { break; default: // keep the compiler happy continue; + } /* split before the fcmp instruction */ @@ -250,428 +214,305 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* replace the old FcmpInst with our new and shiny PHI inst */ BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); + } return true; + } -/// This function splits ICMP instructions with xGE or xLE predicates into two -/// ICMP instructions with predicate xGT or xLT and EQ -bool SplitComparesTransform::simplifyOrEqualsCompare( - CmpInst *IcmpInst, Module &M, std::vector &worklist) { - LLVMContext &C = M.getContext(); - IntegerType *Int1Ty = IntegerType::getInt1Ty(C); +/* This function splits ICMP instructions with xGE or xLE predicates into two + * ICMP instructions with predicate xGT or xLT and EQ */ +bool SplitComparesTransform::simplifyCompares(Module &M) { - /* find out what the new predicate is going to be */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { return false; } - - BasicBlock *bb = IcmpInst->getParent(); + LLVMContext & C = M.getContext(); + std::vector icomps; + IntegerType * Int1Ty = IntegerType::getInt1Ty(C); - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); + /* iterate over all functions, bbs and instruction and add + * all integer comparisons with >= and <= predicates to the icomps vector */ + for (auto &F : M) { - CmpInst::Predicate pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; + if (!isInInstrumentList(&F)) continue; - switch (pred) { - case CmpInst::ICMP_UGE: - new_pred = CmpInst::ICMP_UGT; - break; - case CmpInst::ICMP_SGE: - new_pred = CmpInst::ICMP_SGT; - break; - case CmpInst::ICMP_ULE: - new_pred = CmpInst::ICMP_ULT; - break; - case CmpInst::ICMP_SLE: - new_pred = CmpInst::ICMP_SLT; - break; - default: // keep the compiler happy - return false; - } + for (auto &BB : F) { - /* split before the icmp instruction */ - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + for (auto &IN : BB) { - /* the old bb now contains a unconditional jump to the new one (end_bb) - * we need to delete it later */ + CmpInst *selectcmpInst = nullptr; - /* create the ICMP instruction with new_pred and add it to the old basic - * block bb it is now at the position where the old IcmpInst was */ - CmpInst *icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), icmp_np); + if ((selectcmpInst = dyn_cast(&IN))) { - /* create a new basic block which holds the new EQ icmp */ - CmpInst *icmp_eq; - /* insert middle_bb before end_bb */ - BasicBlock *middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); - middle_bb->getInstList().push_back(icmp_eq); - /* add an unconditional branch to the end of middle_bb with destination - * end_bb */ - BranchInst::Create(end_bb, middle_bb); + if (selectcmpInst->getPredicate() == CmpInst::ICMP_UGE || + selectcmpInst->getPredicate() == CmpInst::ICMP_SGE || + selectcmpInst->getPredicate() == CmpInst::ICMP_ULE || + selectcmpInst->getPredicate() == CmpInst::ICMP_SLE) { - /* replace the uncond branch with a conditional one, which depends on the - * new_pred icmp. True goes to end, false to the middle (injected) bb */ - auto term = bb->getTerminator(); - BranchInst::Create(end_bb, middle_bb, icmp_np, bb); - term->eraseFromParent(); + auto op0 = selectcmpInst->getOperand(0); + auto op1 = selectcmpInst->getOperand(1); - /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI - * inst to wire up the loose ends */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - /* the first result depends on the outcome of icmp_eq */ - PN->addIncoming(icmp_eq, middle_bb); - /* if the source was the original bb we know that the icmp_np yielded true - * hence we can hardcode this value */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - /* replace the old IcmpInst with our new and shiny PHI inst */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + IntegerType *intTyOp1 = dyn_cast(op1->getType()); - worklist.push_back(icmp_np); - worklist.push_back(icmp_eq); + /* this is probably not needed but we do it anyway */ + if (!intTyOp0 || !intTyOp1) { continue; } - return true; -} + icomps.push_back(selectcmpInst); -/// Simplify a signed comparison operator by splitting it into a unsigned and -/// bit comparison. add all resulting comparisons to -/// the worklist passed as a reference. -bool SplitComparesTransform::simplifySignedCompare( - CmpInst *IcmpInst, Module &M, std::vector &worklist) { - LLVMContext &C = M.getContext(); - IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + } - BasicBlock *bb = IcmpInst->getParent(); + } - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); + } - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - if (!intTyOp0) { return false; } - unsigned bitw = intTyOp0->getBitWidth(); - IntegerType *IntType = IntegerType::get(C, bitw); - - /* get the new predicate */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { return false; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; - - if (pred == CmpInst::ICMP_SGT) { - new_pred = CmpInst::ICMP_UGT; - - } else { - new_pred = CmpInst::ICMP_ULT; - } - - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* create a 1 bit compare for the sign bit. to do this shift and trunc - * the original operands so only the first bit remains.*/ - Value *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; - - IRBuilder<> IRB(bb->getTerminator()); - s_op0 = IRB.CreateLShr(op0, ConstantInt::get(IntType, bitw - 1)); - t_op0 = IRB.CreateTruncOrBitCast(s_op0, Int1Ty); - s_op1 = IRB.CreateLShr(op1, ConstantInt::get(IntType, bitw - 1)); - t_op1 = IRB.CreateTruncOrBitCast(s_op1, Int1Ty); - /* compare of the sign bits */ - icmp_sign_bit = IRB.CreateCmp(CmpInst::ICMP_EQ, t_op0, t_op1); - - /* create a new basic block which is executed if the signedness bit is - * different */ - CmpInst * icmp_inv_sig_cmp; - BasicBlock *sign_bb = - BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_SGT) { - /* if we check for > and the op0 positive and op1 negative then the final - * result is true. if op0 negative and op1 pos, the cmp must result - * in false - */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); - - } else { - /* just the inverse of the above statement */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); - } - - sign_bb->getInstList().push_back(icmp_inv_sig_cmp); - BranchInst::Create(end_bb, sign_bb); - - /* create a new bb which is executed if signedness is equal */ - CmpInst * icmp_usign_cmp; - BasicBlock *middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - /* we can do a normal unsigned compare now */ - icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - - middle_bb->getInstList().push_back(icmp_usign_cmp); - BranchInst::Create(end_bb, middle_bb); - - auto term = bb->getTerminator(); - /* if the sign is eq do a normal unsigned cmp, else we have to check the - * signedness bit */ - BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); - term->eraseFromParent(); - - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - - PN->addIncoming(icmp_usign_cmp, middle_bb); - PN->addIncoming(icmp_inv_sig_cmp, sign_bb); - - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - // save for later - worklist.push_back(icmp_usign_cmp); - - // signed comparisons are not supported by the splitting code, so we must not - // add it to the worklist. - // worklist.push_back(icmp_inv_sig_cmp); - - return true; -} - -bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M) { - auto pred = cmp_inst->getPredicate(); - switch (pred) { - case CmpInst::ICMP_EQ: - case CmpInst::ICMP_NE: - case CmpInst::ICMP_UGT: - case CmpInst::ICMP_ULT: - break; - default: - // unsupported predicate! - return false; - } - - auto op0 = cmp_inst->getOperand(0); - auto op1 = cmp_inst->getOperand(1); - - // get bitwidth by checking the bitwidth of the first operator - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - if (!intTyOp0) { - // not an integer type - return false; - } - - unsigned bitw = intTyOp0->getBitWidth(); - if (bitw == target_bitwidth) { - // already the target bitwidth so we have to do nothing here. - return true; - } - - LLVMContext &C = M.getContext(); - IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - BasicBlock *bb = cmp_inst->getParent(); - IntegerType *OldIntType = IntegerType::get(C, bitw); - IntegerType *NewIntType = IntegerType::get(C, bitw / 2); - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst)); - CmpInst *icmp_high, *icmp_low; - - /* create the comparison of the top halves of the original operands */ - Instruction *s_op0, *op0_high, *s_op1, *op1_high; - - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - op0_high = new TruncInst(s_op0, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), op0_high); - - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - op1_high = new TruncInst(s_op1, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), op1_high); - - icmp_high = CmpInst::Create(Instruction::ICmp, pred, op0_high, op1_high); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_high); - - PHINode *PN = nullptr; - - /* now we have to destinguish between == != and > < */ - if (pred == CmpInst::ICMP_EQ || pred == CmpInst::ICMP_NE) { - /* transformation for == and != icmps */ - - /* create a compare for the lower half of the original operands */ - BasicBlock *cmp_low_bb = - BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); - - Value *op0_low, *op1_low; - - IRBuilder<> Builder(cmp_low_bb); - - op0_low = Builder.CreateTrunc(op0, NewIntType); - op1_low = Builder.CreateTrunc(op1, NewIntType); - - icmp_low = dyn_cast(Builder.CreateICmp(pred, op0_low, op1_low)); - // icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - // cmp_low_bb->getInstList().push_back(icmp_low); - - BranchInst::Create(end_bb, cmp_low_bb); - - /* dependent on the cmp of the high parts go to the end or go on with - * the comparison */ - auto term = bb->getTerminator(); - BranchInst *br = nullptr; - if (pred == CmpInst::ICMP_EQ) { - br = BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); - } else { - /* CmpInst::ICMP_NE */ - br = BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); } + + } + + if (!icomps.size()) { return false; } + + for (auto &IcmpInst : icomps) { + + BasicBlock *bb = IcmpInst->getParent(); + + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); + + /* find out what the new predicate is going to be */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { continue; } + auto pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + + switch (pred) { + + case CmpInst::ICMP_UGE: + new_pred = CmpInst::ICMP_UGT; + break; + case CmpInst::ICMP_SGE: + new_pred = CmpInst::ICMP_SGT; + break; + case CmpInst::ICMP_ULE: + new_pred = CmpInst::ICMP_ULT; + break; + case CmpInst::ICMP_SLE: + new_pred = CmpInst::ICMP_SLT; + break; + default: // keep the compiler happy + continue; + + } + + /* split before the icmp instruction */ + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* the old bb now contains a unconditional jump to the new one (end_bb) + * we need to delete it later */ + + /* create the ICMP instruction with new_pred and add it to the old basic + * block bb it is now at the position where the old IcmpInst was */ + Instruction *icmp_np; + icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), + icmp_np); + + /* create a new basic block which holds the new EQ icmp */ + Instruction *icmp_eq; + /* insert middle_bb before end_bb */ + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); + middle_bb->getInstList().push_back(icmp_eq); + /* add an unconditional branch to the end of middle_bb with destination + * end_bb */ + BranchInst::Create(end_bb, middle_bb); + + /* replace the uncond branch with a conditional one, which depends on the + * new_pred icmp. True goes to end, false to the middle (injected) bb */ + auto term = bb->getTerminator(); + BranchInst::Create(end_bb, middle_bb, icmp_np, bb); term->eraseFromParent(); - /* create the PHI and connect the edges accordingly */ - PN = PHINode::Create(Int1Ty, 2, ""); - PN->addIncoming(icmp_low, cmp_low_bb); - Value *val = nullptr; - if (pred == CmpInst::ICMP_EQ) { - val = ConstantInt::get(Int1Ty, 0); - } else { - /* CmpInst::ICMP_NE */ - val = ConstantInt::get(Int1Ty, 1); - } - PN->addIncoming(val, icmp_high->getParent()); + /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI + * inst to wire up the loose ends */ + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + /* the first result depends on the outcome of icmp_eq */ + PN->addIncoming(icmp_eq, middle_bb); + /* if the source was the original bb we know that the icmp_np yielded true + * hence we can hardcode this value */ + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + /* replace the old IcmpInst with our new and shiny PHI inst */ + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - } else { - /* CmpInst::ICMP_UGT and CmpInst::ICMP_ULT */ - /* transformations for < and > */ + } - /* create a basic block which checks for the inverse predicate. - * if this is true we can go to the end if not we have to go to the - * bb which checks the lower half of the operands */ - Instruction *icmp_inv_cmp, *op0_low, *op1_low; - BasicBlock * inv_cmp_bb = - BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_UGT) { - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, - op0_high, op1_high); + return true; + +} + +/* this function transforms signed compares to equivalent unsigned compares */ +bool SplitComparesTransform::simplifyIntSignedness(Module &M) { + + LLVMContext & C = M.getContext(); + std::vector icomps; + IntegerType * Int1Ty = IntegerType::getInt1Ty(C); + + /* iterate over all functions, bbs and instructions and add + * all signed compares to icomps vector */ + for (auto &F : M) { + + if (!isInInstrumentList(&F)) continue; + + for (auto &BB : F) { + + for (auto &IN : BB) { + + CmpInst *selectcmpInst = nullptr; + + if ((selectcmpInst = dyn_cast(&IN))) { + + if (selectcmpInst->getPredicate() == CmpInst::ICMP_SGT || + selectcmpInst->getPredicate() == CmpInst::ICMP_SLT) { + + auto op0 = selectcmpInst->getOperand(0); + auto op1 = selectcmpInst->getOperand(1); + + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + IntegerType *intTyOp1 = dyn_cast(op1->getType()); + + /* see above */ + if (!intTyOp0 || !intTyOp1) { continue; } + + /* i think this is not possible but to lazy to look it up */ + if (intTyOp0->getBitWidth() != intTyOp1->getBitWidth()) { + + continue; + + } + + icomps.push_back(selectcmpInst); + + } + + } + + } - } else { - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, - op0_high, op1_high); } - inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); + } + + if (!icomps.size()) { return false; } + + for (auto &IcmpInst : icomps) { + + BasicBlock *bb = IcmpInst->getParent(); + + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); + + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { continue; } + unsigned bitw = intTyOp0->getBitWidth(); + IntegerType *IntType = IntegerType::get(C, bitw); + + /* get the new predicate */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { continue; } + auto pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + + if (pred == CmpInst::ICMP_SGT) { + + new_pred = CmpInst::ICMP_UGT; + + } else { + + new_pred = CmpInst::ICMP_ULT; + + } + + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* create a 1 bit compare for the sign bit. to do this shift and trunc + * the original operands so only the first bit remains.*/ + Instruction *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; + + s_op0 = BinaryOperator::Create(Instruction::LShr, op0, + ConstantInt::get(IntType, bitw - 1)); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); + t_op0 = new TruncInst(s_op0, Int1Ty); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op0); + + s_op1 = BinaryOperator::Create(Instruction::LShr, op1, + ConstantInt::get(IntType, bitw - 1)); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); + t_op1 = new TruncInst(s_op1, Int1Ty); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op1); + + /* compare of the sign bits */ + icmp_sign_bit = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, t_op0, t_op1); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), + icmp_sign_bit); + + /* create a new basic block which is executed if the signedness bit is + * different */ + Instruction *icmp_inv_sig_cmp; + BasicBlock * sign_bb = + BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_SGT) { + + /* if we check for > and the op0 positive and op1 negative then the final + * result is true. if op0 negative and op1 pos, the cmp must result + * in false + */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); + + } else { + + /* just the inverse of the above statement */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); + + } + + sign_bb->getInstList().push_back(icmp_inv_sig_cmp); + BranchInst::Create(end_bb, sign_bb); + + /* create a new bb which is executed if signedness is equal */ + Instruction *icmp_usign_cmp; + BasicBlock * middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + /* we can do a normal unsigned compare now */ + icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + middle_bb->getInstList().push_back(icmp_usign_cmp); + BranchInst::Create(end_bb, middle_bb); auto term = bb->getTerminator(); + /* if the sign is eq do a normal unsigned cmp, else we have to check the + * signedness bit */ + BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); term->eraseFromParent(); - BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); - /* create a bb which handles the cmp of the lower halves */ - BasicBlock *cmp_low_bb = - BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); + PN->addIncoming(icmp_usign_cmp, middle_bb); + PN->addIncoming(icmp_inv_sig_cmp, sign_bb); - BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - PN = PHINode::Create(Int1Ty, 3); - PN->addIncoming(icmp_low, cmp_low_bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); - } - - BasicBlock::iterator ii(cmp_inst); - ReplaceInstWithInst(cmp_inst->getParent()->getInstList(), ii, PN); - - // We split the comparison into low and high. If this isn't our target - // bitwidth we recursivly split the low and high parts again until we have - // target bitwidth. - if ((bitw / 2) > target_bitwidth) { - if (!splitCompare(icmp_high, M)) { - reportError("Failed to split high comparison", icmp_high, M); - return false; - } - if (!splitCompare(icmp_low, M)) { - reportError("Failed to split low comparison", icmp_low, M); - return false; - } } return true; -} -bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { - std::vector worklist; - - auto op0 = I->getOperand(0); - auto op1 = I->getOperand(1); - if (!op0 || !op1) { return false; } - auto op0Ty = dyn_cast(op0->getType()); - if (!op0Ty || !isa(op1->getType())) { return true; } - - unsigned bitw = op0Ty->getBitWidth(); - -#ifdef VERIFY_TOO_MUCH - auto F = I->getParent()->getParent(); -#endif - - // we run the comparison simplification on all compares regardless of their - // bitwidth. - if (I->getPredicate() == CmpInst::ICMP_UGE || - I->getPredicate() == CmpInst::ICMP_SGE || - I->getPredicate() == CmpInst::ICMP_ULE || - I->getPredicate() == CmpInst::ICMP_SLE) { - if (!simplifyOrEqualsCompare(I, M, worklist)) { - reportError( - "Failed to simplify inequality or equals comparison " - "(UGE,SGE,ULE,SLE)", - I, M); - } - } else if (I->getPredicate() == CmpInst::ICMP_SGT || - I->getPredicate() == CmpInst::ICMP_SLT) { - if (!simplifySignedCompare(I, M, worklist)) { - reportError("Failed to simplify signed comparison (SGT,SLT)", I, M); - } - } - -#ifdef VERIFY_TOO_MUCH - if (verifyFunction(*F, &errs())) { - reportError("simpliyfing compare lead to broken function", nullptr, M); - } -#endif - - // the simplification methods replace the original CmpInst and push the - // resulting new CmpInst into the worklist. If the worklist is empty then - // we only have to split the original CmpInst. - if (worklist.size() == 0) { worklist.push_back(I); } - - for (auto cmp : worklist) { - // we split the simplified compares into comparisons with smaller bitwidths - // if they are larger than our target_bitwidth. - if (bitw > target_bitwidth) { - if (!splitCompare(cmp, M)) { - reportError("Failed to split comparison", cmp, M); - } - -#ifdef VERIFY_TOO_MUCH - if (verifyFunction(*F, &errs())) { - reportError("splitting compare lead to broken function", nullptr, M); - } -#endif - } - } - - count++; - return true; } size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { + --in; in |= in >> 1; in |= in >> 2; @@ -679,10 +520,12 @@ size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { // in |= in >> 8; // in |= in >> 16; return in + 1; + } /* splits fcmps into two nested fcmps with sign compare and the rest */ size_t SplitComparesTransform::splitFPCompares(Module &M) { + size_t count = 0; LLVMContext &C = M.getContext(); @@ -694,9 +537,13 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* define unions with floating point and (sign, exponent, mantissa) triples */ if (dl.isLittleEndian()) { + } else if (dl.isBigEndian()) { + } else { + return count; + } #endif @@ -706,13 +553,17 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* get all EQ, NE, GT, and LT fcmps. if the other two * functions were executed only these four predicates should exist */ for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { + for (auto &IN : BB) { + CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { + if (selectcmpInst->getPredicate() == CmpInst::FCMP_OEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_UEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_ONE || @@ -721,6 +572,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { selectcmpInst->getPredicate() == CmpInst::FCMP_OGT || selectcmpInst->getPredicate() == CmpInst::FCMP_ULT || selectcmpInst->getPredicate() == CmpInst::FCMP_OLT) { + auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -732,10 +584,15 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); + } + } + } + } + } if (!fcomps.size()) { return count; } @@ -743,6 +600,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { IntegerType *Int1Ty = IntegerType::getInt1Ty(C); for (auto &FcmpInst : fcomps) { + BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -867,6 +725,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), t_e1); if (sizeInBits - precision < exTySizeBytes * 8) { + m_e0 = BinaryOperator::Create( Instruction::And, t_e0, ConstantInt::get(t_e0->getType(), mask_exponent)); @@ -879,8 +738,10 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), m_e1); } else { + m_e0 = t_e0; m_e1 = t_e1; + } /* compare the exponents of the operands */ @@ -888,6 +749,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction *icmp_exponent_result; BasicBlock * signequal2_bb = signequal_bb; switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_exponent_result = @@ -957,6 +819,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; + } signequal2_bb->getInstList().insert( @@ -964,9 +827,11 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { icmp_exponent_result); { + term = signequal2_bb->getTerminator(); switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* if the exponents are satifying the compare do a fraction cmp in @@ -989,9 +854,11 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; + } term->eraseFromParent(); + } /* isolate the mantissa aka fraction */ @@ -999,6 +866,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { bool needTrunc = IntFractionTy->getPrimitiveSizeInBits() < op_size; if (precision - 1 < frTySizeBytes * 8) { + Instruction *m_f0, *m_f1; m_f0 = BinaryOperator::Create( Instruction::And, b_op0, @@ -1012,6 +880,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), m_f1); if (needTrunc) { + t_f0 = new TruncInst(m_f0, IntFractionTy); t_f1 = new TruncInst(m_f1, IntFractionTy); middle_bb->getInstList().insert( @@ -1020,12 +889,16 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { + t_f0 = m_f0; t_f1 = m_f1; + } } else { + if (needTrunc) { + t_f0 = new TruncInst(b_op0, IntFractionTy); t_f1 = new TruncInst(b_op1, IntFractionTy); middle_bb->getInstList().insert( @@ -1034,9 +907,12 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { + t_f0 = b_op0; t_f1 = b_op1; + } + } /* compare the fractions of the operands */ @@ -1044,6 +920,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock * middle2_bb = middle_bb; PHINode * PN2 = nullptr; switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_fraction_result = @@ -1066,6 +943,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { case CmpInst::FCMP_UGT: case CmpInst::FCMP_OLT: case CmpInst::FCMP_ULT: { + Instruction *icmp_fraction_result2; middle2_bb = middle_bb->splitBasicBlock( @@ -1078,6 +956,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (FcmpInst->getPredicate() == CmpInst::FCMP_OGT || FcmpInst->getPredicate() == CmpInst::FCMP_UGT) { + negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); @@ -1086,12 +965,14 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); } else { + negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); positive_bb->getInstList().push_back( icmp_fraction_result2 = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); + } BranchInst::Create(middle2_bb, negative_bb); @@ -1111,11 +992,13 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { default: continue; + } PHINode *PN = PHINode::Create(Int1Ty, 3, ""); switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* unequal signs cannot be equal values */ @@ -1154,94 +1037,328 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; + } BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); ++count; + } return count; + +} + +/* splits icmps of size bitw into two nested icmps with bitw/2 size each */ +size_t SplitComparesTransform::splitIntCompares(Module &M, unsigned bitw) { + + size_t count = 0; + + LLVMContext &C = M.getContext(); + + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + IntegerType *OldIntType = IntegerType::get(C, bitw); + IntegerType *NewIntType = IntegerType::get(C, bitw / 2); + + std::vector icomps; + + if (bitw % 2) { return 0; } + + /* not supported yet */ + if (bitw > 64) { return 0; } + + /* get all EQ, NE, UGT, and ULT icmps of width bitw. if the + * functions simplifyCompares() and simplifyIntSignedness() + * were executed only these four predicates should exist */ + for (auto &F : M) { + + if (!isInInstrumentList(&F)) continue; + + for (auto &BB : F) { + + for (auto &IN : BB) { + + CmpInst *selectcmpInst = nullptr; + + if ((selectcmpInst = dyn_cast(&IN))) { + + if (selectcmpInst->getPredicate() == CmpInst::ICMP_EQ || + selectcmpInst->getPredicate() == CmpInst::ICMP_NE || + selectcmpInst->getPredicate() == CmpInst::ICMP_UGT || + selectcmpInst->getPredicate() == CmpInst::ICMP_ULT) { + + auto op0 = selectcmpInst->getOperand(0); + auto op1 = selectcmpInst->getOperand(1); + + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + IntegerType *intTyOp1 = dyn_cast(op1->getType()); + + if (!intTyOp0 || !intTyOp1) { continue; } + + /* check if the bitwidths are the one we are looking for */ + if (intTyOp0->getBitWidth() != bitw || + intTyOp1->getBitWidth() != bitw) { + + continue; + + } + + icomps.push_back(selectcmpInst); + + } + + } + + } + + } + + } + + if (!icomps.size()) { return 0; } + + for (auto &IcmpInst : icomps) { + + BasicBlock *bb = IcmpInst->getParent(); + + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); + + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { continue; } + auto pred = cmp_inst->getPredicate(); + + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* create the comparison of the top halves of the original operands */ + Instruction *s_op0, *op0_high, *s_op1, *op1_high, *icmp_high; + + s_op0 = BinaryOperator::Create(Instruction::LShr, op0, + ConstantInt::get(OldIntType, bitw / 2)); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); + op0_high = new TruncInst(s_op0, NewIntType); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), + op0_high); + + s_op1 = BinaryOperator::Create(Instruction::LShr, op1, + ConstantInt::get(OldIntType, bitw / 2)); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); + op1_high = new TruncInst(s_op1, NewIntType); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), + op1_high); + + icmp_high = CmpInst::Create(Instruction::ICmp, pred, op0_high, op1_high); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), + icmp_high); + + /* now we have to destinguish between == != and > < */ + if (pred == CmpInst::ICMP_EQ || pred == CmpInst::ICMP_NE) { + + /* transformation for == and != icmps */ + + /* create a compare for the lower half of the original operands */ + Instruction *op0_low, *op1_low, *icmp_low; + BasicBlock * cmp_low_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + + op0_low = new TruncInst(op0, NewIntType); + cmp_low_bb->getInstList().push_back(op0_low); + + op1_low = new TruncInst(op1, NewIntType); + cmp_low_bb->getInstList().push_back(op1_low); + + icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); + cmp_low_bb->getInstList().push_back(icmp_low); + BranchInst::Create(end_bb, cmp_low_bb); + + /* dependent on the cmp of the high parts go to the end or go on with + * the comparison */ + auto term = bb->getTerminator(); + if (pred == CmpInst::ICMP_EQ) { + + BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); + + } else { + + /* CmpInst::ICMP_NE */ + BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); + + } + + term->eraseFromParent(); + + /* create the PHI and connect the edges accordingly */ + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + PN->addIncoming(icmp_low, cmp_low_bb); + if (pred == CmpInst::ICMP_EQ) { + + PN->addIncoming(ConstantInt::get(Int1Ty, 0), bb); + + } else { + + /* CmpInst::ICMP_NE */ + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + + } + + /* replace the old icmp with the new PHI */ + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + + } else { + + /* CmpInst::ICMP_UGT and CmpInst::ICMP_ULT */ + /* transformations for < and > */ + + /* create a basic block which checks for the inverse predicate. + * if this is true we can go to the end if not we have to go to the + * bb which checks the lower half of the operands */ + Instruction *icmp_inv_cmp, *op0_low, *op1_low, *icmp_low; + BasicBlock * inv_cmp_bb = + BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_UGT) { + + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, + op0_high, op1_high); + + } else { + + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, + op0_high, op1_high); + + } + + inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); + + auto term = bb->getTerminator(); + term->eraseFromParent(); + BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); + + /* create a bb which handles the cmp of the lower halves */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + op0_low = new TruncInst(op0, NewIntType); + cmp_low_bb->getInstList().push_back(op0_low); + op1_low = new TruncInst(op1, NewIntType); + cmp_low_bb->getInstList().push_back(op1_low); + + icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); + cmp_low_bb->getInstList().push_back(icmp_low); + BranchInst::Create(end_bb, cmp_low_bb); + + BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); + + PHINode *PN = PHINode::Create(Int1Ty, 3); + PN->addIncoming(icmp_low, cmp_low_bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); + + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + + } + + ++count; + + } + + return count; + } bool SplitComparesTransform::runOnModule(Module &M) { + + int bitw = 64; + size_t count = 0; + char *bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); - if (bitw_env) { target_bitwidth = atoi(bitw_env); } + if (bitw_env) { bitw = atoi(bitw_env); } enableFPSplit = getenv("AFL_LLVM_LAF_SPLIT_FLOATS") != NULL; if ((isatty(2) && getenv("AFL_QUIET") == NULL) || getenv("AFL_DEBUG") != NULL) { - errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " - "heiko@hexco.de (splitting icmp to " - << target_bitwidth << " bit)\n"; - if (getenv("AFL_DEBUG") != NULL && !debug) { debug = 1; } + printf( + "Split-compare-pass by laf.intel@gmail.com, extended by " + "heiko@hexco.de\n"); } else { + be_quiet = 1; + } if (enableFPSplit) { + count = splitFPCompares(M); /* if (!be_quiet) { + errs() << "Split-floatingpoint-compare-pass: " << count << " FP comparisons split\n"; + } + */ simplifyFPCompares(M); + } - std::vector worklist; - /* iterate over all functions, bbs and instruction search for all integer - * compare instructions. Save them into the worklist for later. */ - for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; + simplifyCompares(M); + + simplifyIntSignedness(M); + + switch (bitw) { + + case 64: + count += splitIntCompares(M, bitw); + if (debug) + errs() << "Split-integer-compare-pass " << bitw << "bit: " << count + << " split\n"; + bitw >>= 1; +#if LLVM_VERSION_MAJOR > 3 || \ + (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) + [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ +#endif + case 32: + count += splitIntCompares(M, bitw); + if (debug) + errs() << "Split-integer-compare-pass " << bitw << "bit: " << count + << " split\n"; + bitw >>= 1; +#if LLVM_VERSION_MAJOR > 3 || \ + (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) + [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ +#endif + case 16: + count += splitIntCompares(M, bitw); + if (debug) + errs() << "Split-integer-compare-pass " << bitw << "bit: " << count + << " split\n"; + // bitw >>= 1; + break; + + default: + // if (!be_quiet) errs() << "NOT Running split-compare-pass \n"; + return false; + break; - for (auto &BB : F) { - for (auto &IN : BB) { - if (auto CI = dyn_cast(&IN)) { - auto op0 = CI->getOperand(0); - auto op1 = CI->getOperand(1); - if (!op0 || !op1) { return false; } - auto iTy1 = dyn_cast(op0->getType()); - if (iTy1 && isa(op1->getType())) { - unsigned bitw = iTy1->getBitWidth(); - if (isSupportedBitWidth(bitw)) { worklist.push_back(CI); } - } - } - } - } } - // now that we have a list of all integer comparisons we can start replacing - // them with the splitted alternatives. - for (auto CI : worklist) { - simplifyAndSplit(CI, M); - } - - bool brokenDebug = false; - if (verifyModule(M, &errs(), &brokenDebug)) { - reportError( - "Module Verifier failed! Consider reporting a bug with the AFL++ " - "project.", - nullptr, M); - } - - if (brokenDebug) { - reportError("Module Verifier reported broken Debug Infos - Stripping!", - nullptr, M); - StripDebugInfo(M); - } + verifyModule(M); return true; + } static void registerSplitComparesPass(const PassManagerBuilder &, legacy::PassManagerBase &PM) { + PM.add(new SplitComparesTransform()); + } static RegisterStandardPasses RegisterSplitComparesPass( @@ -1256,7 +1373,3 @@ static RegisterStandardPasses RegisterSplitComparesTransPassLTO( registerSplitComparesPass); #endif -static RegisterPass X("splitcompares", - "AFL++ split compares", - true /* Only looks at CFG */, - true /* Analysis Pass */); diff --git a/test/test-int_cases.c b/test/test-int_cases.c deleted file mode 100644 index c76206c5..00000000 --- a/test/test-int_cases.c +++ /dev/null @@ -1,424 +0,0 @@ -/* test cases for integer comparison transformations - * compile with -DINT_TYPE="signed char" - * or -DINT_TYPE="short" - * or -DINT_TYPE="int" - * or -DINT_TYPE="long" - * or -DINT_TYPE="long long" - */ - -#include - -int main() { - - volatile INT_TYPE a, b; - /* different values */ - a = -21; - b = -2; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = 1; - b = 8; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ - volatile short a, b; - a = 2; - b = 256+1; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1 - 256; - b = -8; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ - volatile int a, b; - a = 2; - b = 65536+1; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1 - 65536; - b = -8; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ - volatile long a, b; - a = 2; - b = 4294967296+1; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1 - 4294967296; - b = -8; /* signs equal */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - } - } - } - - a = -1; - b = 1; /* signs differ */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = 0; /* signs differ */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = -2; - b = 8; /* signs differ */ - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -2; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 8; - b = 1; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 255) { - volatile short a, b; - a = 1 + 256; - b = 3; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -256; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 65535) { - volatile int a, b; - a = 1 + 65536; - b = 3; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -65536; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 4294967295) { - volatile long a, b; - a = 1 + 4294967296; - b = 3; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -4294967296; /* signs equal */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - } - } - } - - a = 1; - b = -1; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 0; - b = -1; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 8; - b = -2; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 1; - b = -2; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 255) { - volatile short a, b; - a = 1 + 256; - b = -2; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -2 - 256; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 65535) { - volatile int a, b; - a = 1 + 65536; - b = -2; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -2 - 65536; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 4294967295) { - volatile long a, b; - a = 1 + 4294967296; - b = -2; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = -1; - b = -2 - 4294967296; /* signs differ */ - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - } - } - } - - /* equal values */ - a = 0; - b = 0; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = -0; - b = 0; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = 1; - b = 1; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = 5; - b = 5; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = -1; - b = -1; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = -5; - b = -5; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 255) { - volatile short a, b; - a = 1 + 256; - b = 1 + 256; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = -2 - 256; - b = -2 - 256; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 65535) { - volatile int a, b; - a = 1 + 65536; - b = 1 + 65536; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = -2 - 65536; - b = -2 - 65536; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - if ((unsigned)(INT_TYPE)(~0) > 4294967295) { - volatile long a, b; - a = 1 + 4294967296; - b = 1 + 4294967296; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = -2 - 4294967296; - b = -2 - 4294967296; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - } - } - } -} - diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c deleted file mode 100644 index 8496cffe..00000000 --- a/test/test-uint_cases.c +++ /dev/null @@ -1,217 +0,0 @@ -/* - * compile with -DUINT_TYPE="unsigned char" - * or -DUINT_TYPE="unsigned short" - * or -DUINT_TYPE="unsigned int" - * or -DUINT_TYPE="unsigned long" - * or -DUINT_TYPE="unsigned long long" - */ - -#include - -int main() { - - volatile UINT_TYPE a, b; - - a = 1; - b = 8; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - if ((UINT_TYPE)(~0) > 255) { - volatile unsigned short a, b; - a = 256+2; - b = 256+21; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = 21; - b = 256+1; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - if ((UINT_TYPE)(~0) > 65535) { - volatile unsigned int a, b; - a = 65536+2; - b = 65536+21; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = 21; - b = 65536+1; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - } - - if ((UINT_TYPE)(~0) > 4294967295) { - volatile unsigned long a, b; - a = 4294967296+2; - b = 4294967296+21; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - - a = 21; - b = 4294967296+1; - assert((a < b)); - assert((a <= b)); - assert(!(a > b)); - assert(!(a >= b)); - assert((a != b)); - assert(!(a == b)); - } - } - - a = 8; - b = 1; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((UINT_TYPE)(~0) > 255) { - volatile unsigned short a, b; - a = 256+2; - b = 256+1; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 256+2; - b = 6; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((UINT_TYPE)(~0) > 65535) { - volatile unsigned int a, b; - a = 65536+2; - b = 65536+1; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 65536+2; - b = 6; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - if ((UINT_TYPE)(~0) > 4294967295) { - volatile unsigned long a, b; - a = 4294967296+2; - b = 4294967296+1; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - a = 4294967296+2; - b = 6; - assert((a > b)); - assert((a >= b)); - assert(!(a < b)); - assert(!(a <= b)); - assert((a != b)); - assert(!(a == b)); - - } - } - } - - - a = 0; - b = 0; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - a = 1; - b = 1; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - if ((UINT_TYPE)(~0) > 255) { - volatile unsigned short a, b; - a = 256+5; - b = 256+5; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - if ((UINT_TYPE)(~0) > 65535) { - volatile unsigned int a, b; - a = 65536+5; - b = 65536+5; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - - if ((UINT_TYPE)(~0) > 4294967295) { - volatile unsigned long a, b; - a = 4294967296+5; - b = 4294967296+5; - assert(!(a < b)); - assert((a <= b)); - assert(!(a > b)); - assert((a >= b)); - assert(!(a != b)); - assert((a == b)); - } - } - - } - -} - diff --git a/utils/crash_triage/triage_crashes.sh b/utils/crash_triage/triage_crashes.sh index 9ca1d5fc..4d75430e 100755 --- a/utils/crash_triage/triage_crashes.sh +++ b/utils/crash_triage/triage_crashes.sh @@ -65,11 +65,7 @@ if [ ! -f "$BIN" -o ! -x "$BIN" ]; then fi if [ ! -d "$DIR/queue" ]; then -<<<<<<< Updated upstream echo "[-] Error: directory '$DIR' not found or not created by afl-fuzz." 1>&2 -======= - echo "[-] Error: directory '$DIR/queue' not found or not created by afl-fuzz." 1>&2 ->>>>>>> Stashed changes exit 1 fi From 706c2ac8e036ff79865c31cd818fad0388599a0e Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 9 Jun 2021 21:35:16 +0200 Subject: [PATCH 335/441] add test cases for splitting integer comparisons --- test/test-int_cases.c | 424 +++++++++++++++++++++++++++++++++++++++++ test/test-uint_cases.c | 217 +++++++++++++++++++++ 2 files changed, 641 insertions(+) create mode 100644 test/test-int_cases.c create mode 100644 test/test-uint_cases.c diff --git a/test/test-int_cases.c b/test/test-int_cases.c new file mode 100644 index 00000000..c76206c5 --- /dev/null +++ b/test/test-int_cases.c @@ -0,0 +1,424 @@ +/* test cases for integer comparison transformations + * compile with -DINT_TYPE="signed char" + * or -DINT_TYPE="short" + * or -DINT_TYPE="int" + * or -DINT_TYPE="long" + * or -DINT_TYPE="long long" + */ + +#include + +int main() { + + volatile INT_TYPE a, b; + /* different values */ + a = -21; + b = -2; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 1; + b = 8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ + volatile short a, b; + a = 2; + b = 256+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 256; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ + volatile int a, b; + a = 2; + b = 65536+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 65536; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ + volatile long a, b; + a = 2; + b = 4294967296+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 4294967296; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + a = -1; + b = 1; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = 0; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -2; + b = 8; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 8; + b = 1; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -256; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -65536; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -4294967296; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + } + } + } + + a = 1; + b = -1; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 0; + b = -1; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 8; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 1; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 256; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 65536; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 4294967296; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + /* equal values */ + a = 0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 1; + b = 1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 5; + b = 5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -1; + b = -1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -5; + b = -5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = 1 + 256; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 256; + b = -2 - 256; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = 1 + 65536; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 65536; + b = -2 - 65536; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = 1 + 4294967296; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 4294967296; + b = -2 - 4294967296; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + } + } + } +} + diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c new file mode 100644 index 00000000..8496cffe --- /dev/null +++ b/test/test-uint_cases.c @@ -0,0 +1,217 @@ +/* + * compile with -DUINT_TYPE="unsigned char" + * or -DUINT_TYPE="unsigned short" + * or -DUINT_TYPE="unsigned int" + * or -DUINT_TYPE="unsigned long" + * or -DUINT_TYPE="unsigned long long" + */ + +#include + +int main() { + + volatile UINT_TYPE a, b; + + a = 1; + b = 8; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+2; + b = 256+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 256+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+2; + b = 65536+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 65536+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + } + + if ((UINT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+2; + b = 4294967296+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 4294967296+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + } + } + + a = 8; + b = 1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+2; + b = 256+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 256+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+2; + b = 65536+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 65536+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((UINT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+2; + b = 4294967296+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 4294967296+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + + a = 0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 1; + b = 1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((UINT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+5; + b = 256+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((UINT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+5; + b = 65536+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((UINT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+5; + b = 4294967296+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + } + } + + } + +} + From b8092c62274d4b746290b44736cba0f7f4cc5400 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 10 Jun 2021 09:07:21 +0100 Subject: [PATCH 336/441] FRIDA - Remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET (#970) Co-authored-by: Your Name --- frida_mode/README.md | 4 +- frida_mode/src/persistent/persistent.c | 13 ----- frida_mode/src/persistent/persistent_arm64.c | 12 ++--- frida_mode/src/persistent/persistent_x64.c | 53 ++++++++++++++++---- frida_mode/src/persistent/persistent_x86.c | 40 +++++++++++---- frida_mode/test/persistent_ret/GNUmakefile | 5 -- include/envs.h | 1 - 7 files changed, 81 insertions(+), 47 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index d7dd72a0..9b316cb9 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -75,7 +75,6 @@ following options are currently supported: * `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` * `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` * `AFL_FRIDA_PERSISTENT_RET` - See `AFL_QEMU_PERSISTENT_RET` -* `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` - See `AFL_QEMU_PERSISTENT_RETADDR_OFFSET` To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. @@ -164,8 +163,7 @@ application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) * `AFL_FRIDA_PERSISTENT_DEBUG` - Insert a Breakpoint into the instrumented code at `AFL_FRIDA_PERSISTENT_HOOK` and `AFL_FRIDA_PERSISTENT_RET` to allow the user -to determine the value of `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` using a -debugger. +to detect issues in the persistent loop using a debugger. ``` diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 2ec5b9cc..243d501d 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -13,7 +13,6 @@ afl_persistent_hook_fn hook = NULL; guint64 persistent_start = 0; guint64 persistent_count = 0; guint64 persistent_ret = 0; -guint64 persistent_ret_offset = 0; gboolean persistent_debug = FALSE; void persistent_init(void) { @@ -23,8 +22,6 @@ void persistent_init(void) { persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET"); - persistent_ret_offset = - util_read_address("AFL_FRIDA_PERSISTENT_RETADDR_OFFSET"); if (getenv("AFL_FRIDA_PERSISTENT_DEBUG") != NULL) { persistent_debug = TRUE; } @@ -44,14 +41,6 @@ void persistent_init(void) { } - if (persistent_ret_offset != 0 && persistent_ret == 0) { - - FATAL( - "AFL_FRIDA_PERSISTENT_RET must be specified if " - "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET is"); - - } - if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; if (persistent_count != 0 && persistent_count < 100) @@ -68,8 +57,6 @@ void persistent_init(void) { OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_ret == 0 ? ' ' : 'X', persistent_ret); - OKF("Instrumentation - persistent ret offset [%c] (%" G_GINT64_MODIFIER "d)", - persistent_ret_offset == 0 ? ' ' : 'X', persistent_ret_offset); if (hook_name != NULL) { diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index b23693fe..d7c6c76b 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -268,13 +268,15 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, ARM64_REG_X0, (16 * 14), GUM_INDEX_SIGNED_OFFSET); - /* Don't restore RIP or RSP, use x1-x3 as clobber */ - - /* LR & Adjusted SP (clobber x1) */ + /* LR & Adjusted SP (use x1 as clobber) */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X1, ARM64_REG_X0, (16 * 15), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_mov_reg_reg(cw, ARM64_REG_SP, ARM64_REG_X1); + + /* Don't restore RIP use x1-x3 as clobber */ + /* PC (x2) & CPSR (x1) */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, ARM64_REG_X0, (16 * 16), @@ -404,7 +406,6 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; - /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ @@ -450,9 +451,6 @@ void persistent_epilogue(GumStalkerOutput *output) { if (persistent_debug) { gum_arm64_writer_put_brk_imm(cw, 0); } - gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, - persistent_ret_offset); - gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, GUM_ADDRESS(&saved_lr)); diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 858ad38e..653acefe 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -43,6 +43,7 @@ struct x86_64_regs { typedef struct x86_64_regs arch_api_regs; static arch_api_regs saved_regs = {0}; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -104,7 +105,7 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, /* RED_ZONE + Saved flags, RAX, alignment */ gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, - GUM_RED_ZONE_SIZE + (0x8 * 3)); + GUM_RED_ZONE_SIZE + (0x8 * 2)); gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 16), GUM_REG_RBX); @@ -159,7 +160,9 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, (0x8 * 14)); - /* Don't restore RIP or RSP */ + /* Don't restore RIP */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX, + (0x8 * 16)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, @@ -242,6 +245,31 @@ static void persistent_prologue_hook(GumX86Writer * cw, } +static void instrument_persitent_save_ret(GumX86Writer *cw) { + + /* Stack usage by this function */ + gssize offset = GUM_RED_ZONE_SIZE + (3 * 8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, + offset); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_RAX, GUM_REG_RBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_popfx(cw); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + void persistent_prologue(GumStalkerOutput *output) { /* @@ -268,11 +296,10 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; - /* Stack must be 16-byte aligned per ABI */ - instrument_persitent_save_regs(cw, &saved_regs); + /* Pop the return value */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8); - /* pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8)); + instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ gum_x86_writer_put_label(cw, loop); @@ -304,6 +331,8 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + instrument_persitent_save_ret(cw); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } } @@ -314,9 +343,15 @@ void persistent_epilogue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - persistent_ret_offset); - gum_x86_writer_put_ret(cw); + /* The stack should be aligned when we re-enter our loop */ + gconstpointer zero = cw->code + 1; + gum_x86_writer_put_test_reg_u32(cw, GUM_REG_RSP, 0xF); + gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, zero, GUM_NO_HINT); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -8); + gum_x86_writer_put_label(cw, zero); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_RAX); } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 0675edf4..7add6e99 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -39,6 +39,7 @@ struct x86_regs { typedef struct x86_regs arch_api_regs; static arch_api_regs saved_regs = {0}; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -117,7 +118,9 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, (0x4 * 6)); - /* Don't restore RIP or RSP */ + /* Don't restore RIP */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX, + (0x4 * 8)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, @@ -184,6 +187,26 @@ static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { } +static void instrument_persitent_save_ret(GumX86Writer *cw) { + + /* Stack usage by this function */ + gssize offset = (3 * 4); + + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, + offset); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_EAX, GUM_REG_EBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_popfx(cw); + +} + void persistent_prologue(GumStalkerOutput *output) { /* @@ -210,11 +233,10 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; - /* Stack must be 16-byte aligned per ABI */ - instrument_persitent_save_regs(cw, &saved_regs); - /* Pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4)); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4); + + instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ gum_x86_writer_put_label(cw, loop); @@ -244,6 +266,8 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + instrument_persitent_save_ret(cw); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } } @@ -254,10 +278,8 @@ void persistent_epilogue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, - persistent_ret_offset); - - gum_x86_writer_put_ret(cw); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_EAX); } diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 4c9d8a19..2de51d86 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -38,8 +38,6 @@ ifeq "$(ARCH)" "x86" AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x56555000) endif -AFL_FRIDA_PERSISTENT_RETADDR_OFFSET:=0x50 - .PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) @@ -76,7 +74,6 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ - AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ $(ROOT)afl-fuzz \ -D \ -O \ @@ -89,7 +86,6 @@ debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET)' \ - --ex 'set environment AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ --ex 'set environment AFL_DEBUG_CHILD=1' \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ @@ -99,7 +95,6 @@ debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) run: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ - AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ AFL_DEBUG_CHILD=1 \ LD_PRELOAD=$(ROOT)afl-frida-trace.so \ $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) diff --git a/include/envs.h b/include/envs.h index 15116fc1..ea912a25 100644 --- a/include/envs.h +++ b/include/envs.h @@ -67,7 +67,6 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", "AFL_FRIDA_PERSISTENT_RET", - "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET", "AFL_FRIDA_STATS_FILE", "AFL_FRIDA_STATS_INTERVAL", "AFL_FRIDA_STATS_TRANSITIONS", From a7340a1ac6c6165c8eb390a503758104c0d85bcb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 10 Jun 2021 10:25:37 +0200 Subject: [PATCH 337/441] fix AFL_CAL_FAST --- docs/Changelog.md | 1 + docs/env_variables.md | 4 +--- include/afl-fuzz.h | 4 +--- src/afl-analyze.c | 9 +++++---- src/afl-fuzz-run.c | 5 +++-- src/afl-fuzz-state.c | 9 +++++++-- src/afl-fuzz.c | 9 --------- 7 files changed, 18 insertions(+), 23 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 6c851460..29ef69f9 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -15,6 +15,7 @@ sending a mail to . - removed implied -D determinstic from -M main - if the target becomes unavailable check out out/default/error.txt for an indicator why + - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL - afl-cc - support partial linking - We do support llvm versions from 3.8 again diff --git a/docs/env_variables.md b/docs/env_variables.md index 38a67bc7..e058f377 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -108,9 +108,6 @@ make fairly broad use of environmental variables instead: - Setting `AFL_QUIET` will prevent afl-cc and afl-as banners from being displayed during compilation, in case you find them distracting. - - Setting `AFL_CAL_FAST` will speed up the initial calibration, if the - application is very slow. - ## 2) Settings for LLVM and LTO: afl-clang-fast / afl-clang-fast++ / afl-clang-lto / afl-clang-lto++ The native instrumentation helpers (instrumentation and gcc_plugin) accept a subset @@ -386,6 +383,7 @@ checks or alter some of the more exotic semantics of the tool: - `AFL_FAST_CAL` keeps the calibration stage about 2.5x faster (albeit less precise), which can help when starting a session against a slow target. + `AFL_CAL_FAST` works too. - The CPU widget shown at the bottom of the screen is fairly simplistic and may complain of high load prematurely, especially on systems with low core diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 4aba3bdf..2920f905 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -478,9 +478,7 @@ typedef struct afl_state { u32 hang_tmout; /* Timeout used for hang det (ms) */ - u8 cal_cycles, /* Calibration cycles defaults */ - cal_cycles_long, /* Calibration cycles defaults */ - havoc_stack_pow2, /* HAVOC_STACK_POW2 */ + u8 havoc_stack_pow2, /* HAVOC_STACK_POW2 */ no_unlink, /* do not unlink cur_input */ debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 606254d9..dbf2920f 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -167,7 +167,7 @@ static inline u8 anything_set(void) { static void at_exit_handler(void) { - unlink(fsrv.out_file); /* Ignore errors */ + unlink(fsrv.out_file); /* Ignore errors */ } @@ -643,12 +643,14 @@ static void set_up_environment(char **argv) { } - fsrv.out_file = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); + fsrv.out_file = + alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); } unlink(fsrv.out_file); - fsrv.out_fd = open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + fsrv.out_fd = + open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); } @@ -1118,7 +1120,6 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv.target_path) { ck_free(fsrv.target_path); } if (in_data) { ck_free(in_data); } - exit(0); } diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 493735ff..758bad25 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -314,7 +314,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, ++q->cal_failed; afl->stage_name = "calibration"; - afl->stage_max = afl->fast_cal ? 3 : CAL_CYCLES; + afl->stage_max = afl->afl_env.afl_cal_fast ? 3 : CAL_CYCLES; /* Make sure the forkserver is up before we do anything, and let's not count its spin-up time toward binary calibration. */ @@ -403,7 +403,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } var_detected = 1; - afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG; + afl->stage_max = + afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; } else { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 0658070e..b832c11e 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -96,8 +96,6 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->splicing_with = -1; /* Splicing with which test case? */ afl->cpu_to_bind = -1; afl->havoc_stack_pow2 = HAVOC_STACK_POW2; - afl->cal_cycles = CAL_CYCLES; - afl->cal_cycles_long = CAL_CYCLES_LONG; afl->hang_tmout = EXEC_TIMEOUT; afl->exit_on_time = 0; afl->stats_update_freq = 1; @@ -341,6 +339,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_cal_fast = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_FAST_CAL", + + afl_environment_variable_len)) { + + afl->afl_env.afl_cal_fast = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_STATSD", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9a3780fb..e9a67ac5 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1276,7 +1276,6 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_NO_CPU_RED")) { afl->no_cpu_meter_red = 1; } if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; } if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; } - if (get_afl_env("AFL_FAST_CAL")) { afl->fast_cal = 1; } if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; } if (afl->afl_env.afl_autoresume) { @@ -1489,14 +1488,6 @@ int main(int argc, char **argv_orig, char **envp) { check_if_tty(afl); if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; } - if (afl->afl_env.afl_cal_fast) { - - /* Use less calibration cycles, for slow applications */ - afl->cal_cycles = 3; - afl->cal_cycles_long = 5; - - } - if (afl->afl_env.afl_custom_mutator_only) { /* This ensures we don't proceed to havoc/splice */ From 63504f7b7e9f17145b63ba7d5a9e837e17ccb3a6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 11 Jun 2021 10:44:06 +0200 Subject: [PATCH 338/441] fix cmplog screen update crash --- docs/Changelog.md | 3 +- src/afl-common.c | 2 + src/afl-fuzz-redqueen.c | 91 ++++++++++++++++++++++++++--------------- 3 files changed, 63 insertions(+), 33 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 29ef69f9..97903c2a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,9 +9,9 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.14a (release) - - Fix for llvm 13 - afl-fuzz: - fix -F when a '/' was part of the parameter + - fixed a crash for cmplog for very slow inputs - removed implied -D determinstic from -M main - if the target becomes unavailable check out out/default/error.txt for an indicator why @@ -21,6 +21,7 @@ sending a mail to . - We do support llvm versions from 3.8 again - afl_analyze - fix timeout handling and support forkserver + - Fix for llvm 13 - ensure afl-compiler-rt is built for gcc_module - afl-analyze now uses the forkserver for increased performance diff --git a/src/afl-common.c b/src/afl-common.c index c61ce3d8..9ca2b3e8 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -751,6 +751,8 @@ void read_bitmap(u8 *fname, u8 *map, size_t len) { } +/* Get unix time in milliseconds */ + u64 get_cur_time(void) { struct timeval tv; diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index b41ffa88..268f726c 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -252,7 +252,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u64 start_time = get_cur_time(); #endif - u32 screen_update = 1000000 / afl->queue_cur->exec_us; + u32 screen_update; u64 orig_hit_cnt, new_hit_cnt, exec_cksum; orig_hit_cnt = afl->queued_paths + afl->unique_crashes; @@ -261,6 +261,24 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, afl->stage_max = (len << 1); afl->stage_cur = 0; + if (likely(afl->queue_cur->exec_us)) { + + if (likely((100000 / 2) >= afl->queue_cur->exec_us)) { + + screen_update = 100000 / afl->queue_cur->exec_us; + + } else { + + screen_update = 1; + + } + + } else { + + screen_update = 100000; + + } + // in colorization we do not classify counts, hence we have to calculate // the original checksum. if (unlikely(get_exec_checksum(afl, buf, len, &exec_cksum))) { @@ -905,17 +923,16 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // test for arithmetic, eg. "if ((user_val - 0x1111) == 0x1234) ..." s64 diff = pattern - b_val; s64 o_diff = o_pattern - o_b_val; - /* - fprintf(stderr, "DIFF1 idx=%03u shape=%02u %llx-%llx=%lx\n", idx, - h->shape + 1, o_pattern, o_b_val, o_diff); - fprintf(stderr, "DIFF1 %016llx %llx-%llx=%lx\n", repl, pattern, - b_val, diff);*/ + /* fprintf(stderr, "DIFF1 idx=%03u shape=%02u %llx-%llx=%lx\n", idx, + h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, "DIFF1 %016llx %llx-%llx=%lx\n", repl, pattern, + b_val, diff); */ if (diff == o_diff && diff) { // this could be an arithmetic transformation u64 new_repl = (u64)((s64)repl - diff); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -935,15 +952,17 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, diff = pattern ^ b_val; s64 o_diff = o_pattern ^ o_b_val; - /* fprintf(stderr, "DIFF2 idx=%03u shape=%02u %llx-%llx=%lx\n", - idx, h->shape + 1, o_pattern, o_b_val, o_diff); fprintf(stderr, - "DIFF2 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff);*/ + /* fprintf(stderr, "DIFF2 idx=%03u shape=%02u %llx-%llx=%lx\n", + idx, h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, + "DIFF2 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff); + */ if (diff == o_diff && diff) { // this could be a XOR transformation u64 new_repl = (u64)((s64)repl ^ diff); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -982,15 +1001,17 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - /* fprintf(stderr, "DIFF3 idx=%03u shape=%02u %llx-%llx=%lx\n", - idx, h->shape + 1, o_pattern, o_b_val, o_diff); fprintf(stderr, - "DIFF3 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff);*/ + /* fprintf(stderr, "DIFF3 idx=%03u shape=%02u %llx-%llx=%lx\n", + idx, h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, + "DIFF3 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff); + */ if (o_diff && diff) { // this could be a lower to upper u64 new_repl = (repl & (0x5f5f5f5f5f5f5f5f & mask)); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -1029,15 +1050,17 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - /* fprintf(stderr, "DIFF4 idx=%03u shape=%02u %llx-%llx=%lx\n", - idx, h->shape + 1, o_pattern, o_b_val, o_diff); fprintf(stderr, - "DIFF4 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff);*/ + /* fprintf(stderr, "DIFF4 idx=%03u shape=%02u %llx-%llx=%lx\n", + idx, h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, + "DIFF4 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff); + */ if (o_diff && diff) { // this could be a lower to upper u64 new_repl = (repl | (0x2020202020202020 & mask)); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -1383,7 +1406,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - //#endif /* CMPLOG_SOLVE_ARITHMETIC + //#endif /* + // CMPLOG_SOLVE_ARITHMETIC return 0; @@ -2152,7 +2176,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 *pattern, u8 *repl, memcpy(buf + idx, tmp, i + 1); if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT tohex %u result %u\n", tohex, *status); + // fprintf(stderr, "RTN ATTEMPT tohex %u result %u\n", tohex, + // *status); } @@ -2235,7 +2260,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 *pattern, u8 *repl, for (j = 0; j <= i; j++) buf[idx + j] = repl[j] - arith_val[j]; if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT arith %u result %u\n", arith, *status); + // fprintf(stderr, "RTN ATTEMPT arith %u result %u\n", arith, + // *status); } @@ -2328,16 +2354,17 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, /* struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; - fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id, - h->shape, h->attribute); for (j = 0; j < 8; j++) fprintf(stderr, "%02x", - o->v0[j]); fprintf(stderr, " v1="); for (j = 0; j < 8; j++) fprintf(stderr, - "%02x", o->v1[j]); fprintf(stderr, "\nRTN O hits=%u id=%u shape=%u attr=%u - o0=", hh->hits, hh->id, hh->shape, hh->attribute); for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", orig_o->v0[j]); - fprintf(stderr, " o1="); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", orig_o->v1[j]); - fprintf(stderr, "\n"); + fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, + h->id, h->shape, h->attribute); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", o->v0[j]); + fprintf(stderr, " v1="); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", o->v1[j]); + fprintf(stderr, "\nRTN O hits=%u id=%u shape=%u attr=%u o0=", + hh->hits, hh->id, hh->shape, hh->attribute); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", orig_o->v0[j]); + fprintf(stderr, " o1="); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", orig_o->v1[j]); + fprintf(stderr, "\n"); */ t = taint; From 8dd30947cb6431b1805e68aa3aeba4ae7aefa4d4 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 11 Jun 2021 09:50:34 +0100 Subject: [PATCH 339/441] Frida complog fix (#971) * Fix complog issue with changing address space * Added support for printing command line and environment during startup * Review fixes Co-authored-by: Your Name --- frida_mode/src/cmplog/cmplog.c | 84 ++++++++++++++++++++++++++++++++++ frida_mode/src/main.c | 84 +++++++++++++++++++++++++++++++++- 2 files changed, 166 insertions(+), 2 deletions(-) diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 7b11c350..3df7d13d 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -1,3 +1,8 @@ +#include +#include +#include +#include + #include "frida-gum.h" #include "debug.h" @@ -5,10 +10,13 @@ #include "util.h" #define DEFAULT_MMAP_MIN_ADDR (32UL << 10) +#define FD_TMP_MAX_SIZE 65536 extern struct cmp_map *__afl_cmp_map; static GArray *cmplog_ranges = NULL; +static int fd_tmp = -1; +static ssize_t fd_tmp_size = 0; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { @@ -27,6 +35,40 @@ static gint cmplog_sort(gconstpointer a, gconstpointer b) { } +static int cmplog_create_temp(void) { + + const char *tmpdir = g_get_tmp_dir(); + OKF("CMPLOG Temporary directory: %s", tmpdir); + gchar *fname = g_strdup_printf("%s/frida-cmplog-XXXXXX", tmpdir); + OKF("CMPLOG Temporary file template: %s", fname); + int fd = mkstemp(fname); + OKF("CMPLOG Temporary file: %s", fname); + + if (fd < 0) { + + FATAL("Failed to create temp file: %s, errno: %d", fname, errno); + + } + + if (unlink(fname) < 0) { + + FATAL("Failed to unlink temp file: %s (%d), errno: %d", fname, fd, errno); + + } + + if (ftruncate(fd, 0) < 0) { + + FATAL("Failed to ftruncate temp file: %s (%d), errno: %d", fname, fd, + errno); + + } + + g_free(fname); + + return fd; + +} + void cmplog_init(void) { if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } @@ -44,6 +86,13 @@ void cmplog_init(void) { } + /* + * We can't use /dev/null or /dev/zero for this since it appears that they + * don't validate the input buffer. Persumably as an optimization because they + * don't actually write any data. The file will be deleted on close. + */ + fd_tmp = cmplog_create_temp(); + } static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, @@ -67,6 +116,9 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { */ if (addr < DEFAULT_MMAP_MIN_ADDR) { return false; } + /* Check our addres/length don't wrap around */ + if (SIZE_MAX - addr < size) { return false; } + GumAddress inner_base = addr; GumAddress inner_limit = inner_base + size; @@ -81,6 +133,38 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { } + /* + * Our address map can change (e.g. stack growth), use write as a fallback to + * validate our address. + */ + ssize_t written = syscall(__NR_write, fd_tmp, (void *)addr, size); + + /* + * If the write succeeds, then the buffer must be valid otherwise it would + * return EFAULT + */ + if (written > 0) { + + fd_tmp_size += written; + if (fd_tmp_size > FD_TMP_MAX_SIZE) { + + /* + * Truncate the file, we don't want our temp file to continue growing! + */ + if (ftruncate(fd_tmp, 0) < 0) { + + FATAL("Failed to truncate fd_tmp (%d), errno: %d", fd_tmp, errno); + + } + + fd_tmp_size = 0; + + } + + if ((size_t)written == size) { return true; } + + } + return false; } diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 1ab9993f..7ff23755 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -1,4 +1,5 @@ #include +#include #include #include @@ -27,6 +28,8 @@ #include "stats.h" #include "util.h" +#define PROC_MAX 65536 + #ifdef __APPLE__ extern mach_port_t mach_task_self(); extern GumAddress gum_darwin_find_entrypoint(mach_port_t task); @@ -78,7 +81,7 @@ static void on_main_os(int argc, char **argv, char **envp) { #endif -static void embedded_init() { +static void embedded_init(void) { static gboolean initialized = false; if (!initialized) { @@ -90,7 +93,84 @@ static void embedded_init() { } -void afl_frida_start() { +static void afl_print_cmdline(void) { + + char * buffer = g_malloc0(PROC_MAX); + gchar *fname = g_strdup_printf("/proc/%d/cmdline", getppid()); + int fd = open(fname, O_RDONLY); + + if (fd < 0) { + + FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + + } + + ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); + if (bytes_read < 0) { + + FATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); + + } + + int idx = 0; + + for (ssize_t i = 0; i < bytes_read; i++) { + + if (i == 0 || buffer[i - 1] == '\0') { + + OKF("AFL - COMMANDLINE: argv[%d] = %s", idx++, &buffer[i]); + + } + + } + + close(fd); + g_free(fname); + g_free(buffer); + +} + +static void afl_print_env(void) { + + char * buffer = g_malloc0(PROC_MAX); + gchar *fname = g_strdup_printf("/proc/%d/environ", getppid()); + int fd = open(fname, O_RDONLY); + + if (fd < 0) { + + FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + + } + + ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); + if (bytes_read < 0) { + + FATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); + + } + + int idx = 0; + + for (ssize_t i = 0; i < bytes_read; i++) { + + if (i == 0 || buffer[i - 1] == '\0') { + + OKF("AFL - ENVIRONMENT %3d: %s", idx++, &buffer[i]); + + } + + } + + close(fd); + g_free(fname); + g_free(buffer); + +} + +void afl_frida_start(void) { + + afl_print_cmdline(); + afl_print_env(); embedded_init(); stalker_init(); From b9f260452e69834c4eeb3be136474463d8fa6b70 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 11 Jun 2021 09:51:47 +0100 Subject: [PATCH 340/441] Improve tracing support to include real addresses and edge ids and also support logging edges only once (#972) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 1 + frida_mode/README.md | 6 +- frida_mode/src/instrument/instrument.c | 111 +++++++++++++++----- frida_mode/test/unstable/GNUmakefile | 90 ++++++++++++++++ frida_mode/test/unstable/Makefile | 19 ++++ frida_mode/test/unstable/get_symbol_addr.py | 36 +++++++ frida_mode/test/unstable/unstable.c | 67 ++++++++++++ include/envs.h | 1 + 8 files changed, 302 insertions(+), 29 deletions(-) create mode 100644 frida_mode/test/unstable/GNUmakefile create mode 100644 frida_mode/test/unstable/Makefile create mode 100755 frida_mode/test/unstable/get_symbol_addr.py create mode 100644 frida_mode/test/unstable/unstable.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index a0387cac..329d9f7f 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -20,6 +20,7 @@ RT_CFLAGS:=-Wno-unused-parameter \ -Wno-unused-function \ -Wno-unused-result \ -Wno-int-to-pointer-cast \ + -Wno-pointer-sign \ LDFLAGS+=-shared \ -lpthread \ diff --git a/frida_mode/README.md b/frida_mode/README.md index 9b316cb9..296e6405 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -155,8 +155,10 @@ instrumentation (the default where available). Required to use * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. -* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks -`AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks, +requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_INST_TRACE_UNIQUE` - As per `AFL_FRIDA_INST_TRACE`, but each edge +is logged only once, requires `AFL_FRIDA_INST_NO_OPTIMIZE`. * `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) * `AFL_FRIDA_OUTPUT_STDERR` - Redirect the standard error of the target diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index f261e79a..ba82b89f 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -1,4 +1,6 @@ #include +#include +#include #include "frida-gum.h" @@ -18,44 +20,50 @@ static gboolean tracing = false; static gboolean optimize = false; +static gboolean unique = false; static GumStalkerTransformer *transformer = NULL; __thread uint64_t previous_pc = 0; +static GumAddress previous_rip = 0; +static u8 * edges_notified = NULL; + +static void trace_debug(char *format, ...) { + + va_list ap; + char buffer[4096] = {0}; + int ret; + int len; + + va_start(ap, format); + ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); + va_end(ap); + + if (ret < 0) { return; } + + len = strnlen(buffer, sizeof(buffer)); + + IGNORED_RETURN(write(STDOUT_FILENO, buffer, len)); + +} + __attribute__((hot)) static void on_basic_block(GumCpuContext *context, gpointer user_data) { UNUSED_PARAMETER(context); - /* - * This function is performance critical as it is called to instrument every - * basic block. By moving our print buffer to a global, we avoid it affecting - * the critical path with additional stack adjustments if tracing is not - * enabled. If tracing is enabled, then we're printing a load of diagnostic - * information so this overhead is unlikely to be noticeable. - */ - static char buffer[200]; - int len; - GumAddress current_pc = GUM_ADDRESS(user_data); - uint8_t * cursor; - uint64_t value; - if (unlikely(tracing)) { - /* Avoid any functions which may cause an allocation since the target app - * may already be running inside malloc and it isn't designed to be - * re-entrant on a single thread */ - len = snprintf(buffer, sizeof(buffer), - "current_pc: 0x%016" G_GINT64_MODIFIER - "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", - current_pc, previous_pc); + GumAddress current_rip = GUM_ADDRESS(user_data); + GumAddress current_pc; + GumAddress edge; + uint8_t * cursor; + uint64_t value; - IGNORED_RETURN(write(STDOUT_FILENO, buffer, len + 1)); - - } - - current_pc = (current_pc >> 4) ^ (current_pc << 8); + current_pc = (current_rip >> 4) ^ (current_rip << 8); current_pc &= MAP_SIZE - 1; - cursor = &__afl_area_ptr[current_pc ^ previous_pc]; + edge = current_pc ^ previous_pc; + + cursor = &__afl_area_ptr[edge]; value = *cursor; if (value == 0xff) { @@ -71,6 +79,23 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, *cursor = value; previous_pc = current_pc >> 1; + if (unlikely(tracing)) { + + if (!unique || edges_notified[edge] == 0) { + + trace_debug("TRACE: edge: %10" G_GINT64_MODIFIER + "d, current_rip: 0x%016" G_GINT64_MODIFIER + "x, previous_rip: 0x%016" G_GINT64_MODIFIER "x\n", + edge, current_rip, previous_rip); + + } + + if (unique) { edges_notified[edge] = 1; } + + previous_rip = current_rip; + + } + } static void instr_basic_block(GumStalkerIterator *iterator, @@ -164,18 +189,28 @@ void instrument_init(void) { optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); if (!instrument_is_coverage_optimize_supported()) optimize = false; OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); + OKF("Instrumentation - unique [%c]", unique ? 'X' : ' '); if (tracing && optimize) { - FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); + FATAL("AFL_FRIDA_INST_TRACE requires AFL_FRIDA_INST_NO_OPTIMIZE"); } + if (unique && optimize) { + + FATAL("AFL_FRIDA_INST_TRACE_UNIQUE requires AFL_FRIDA_INST_NO_OPTIMIZE"); + + } + + if (unique) { tracing = TRUE; } + if (__afl_map_size != 0x10000) { FATAL("Bad map size: 0x%08x", __afl_map_size); @@ -185,6 +220,28 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + if (unique) { + + int shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600); + if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); } + + edges_notified = shmat(shm_id, NULL, 0); + g_assert(edges_notified != MAP_FAILED); + + /* + * Configure the shared memory region to be removed once the process dies. + */ + if (shmctl(shm_id, IPC_RMID, NULL) < 0) { + + FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); + + } + + /* Clear it, not sure it's necessary, just seems like good practice */ + memset(edges_notified, '\0', MAP_SIZE); + + } + instrument_debug_init(); asan_init(); cmplog_init(); diff --git a/frida_mode/test/unstable/GNUmakefile b/frida_mode/test/unstable/GNUmakefile new file mode 100644 index 00000000..fed417a3 --- /dev/null +++ b/frida_mode/test/unstable/GNUmakefile @@ -0,0 +1,90 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +UNSTABLE_DATA_DIR:=$(BUILD_DIR)in/ +UNSTABLE_DATA_FILE:=$(UNSTABLE_DATA_DIR)in + +UNSTABLE_BIN:=$(BUILD_DIR)unstable +UNSTABLE_SRC:=$(PWD)unstable.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x56555000) +endif + +.PHONY: all 32 clean qemu frida + +all: $(UNSTABLE_BIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(UNSTABLE_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(UNSTABLE_DATA_FILE): | $(UNSTABLE_DATA_DIR) + echo -n "000" > $@ + +$(UNSTABLE_BIN): $(UNSTABLE_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(UNSTABLE_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(UNSTABLE_BIN) @@ + +frida: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) + AFL_DEBUG=1 \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_FRIDA_INST_TRACE_UNIQUE=1 \ + AFL_FRIDA_INST_NO_OPTIMIZE=1 \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(UNSTABLE_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(UNSTABLE_BIN) @@ + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) diff --git a/frida_mode/test/unstable/Makefile b/frida_mode/test/unstable/Makefile new file mode 100644 index 00000000..f843af19 --- /dev/null +++ b/frida_mode/test/unstable/Makefile @@ -0,0 +1,19 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida + +debug: + @gmake debug diff --git a/frida_mode/test/unstable/get_symbol_addr.py b/frida_mode/test/unstable/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/unstable/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/unstable/unstable.c b/frida_mode/test/unstable/unstable.c new file mode 100644 index 00000000..67d56b73 --- /dev/null +++ b/frida_mode/test/unstable/unstable.c @@ -0,0 +1,67 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + + if (size < 1) return; + + int r = rand(); + if ((r % 2) == 0) { + printf ("Hooray all even\n"); + } else { + printf ("Hmm that's odd\n"); + } + + // we support three input cases + if (data[0] == '0') + printf("Looks like a zero to me!\n"); + else if (data[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +void run_test(char * file) { + fprintf(stderr, "Running: %s\n", file); + FILE *f = fopen(file, "r"); + assert(f); + fseek(f, 0, SEEK_END); + size_t len = ftell(f); + fseek(f, 0, SEEK_SET); + unsigned char *buf = (unsigned char*)malloc(len); + size_t n_read = fread(buf, 1, len, f); + fclose(f); + assert(n_read == len); + LLVMFuzzerTestOneInput(buf, len); + free(buf); + fprintf(stderr, "Done: %s: (%zd bytes)\n", file, n_read); +} + +int main(int argc, char **argv) { + srand(1); + fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1); + for (int i = 1; i < argc; i++) { + run_test(argv[i]); + } +} diff --git a/include/envs.h b/include/envs.h index ea912a25..54bb6597 100644 --- a/include/envs.h +++ b/include/envs.h @@ -60,6 +60,7 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_INST_UNSTABLE", "AFL_FRIDA_OUTPUT_STDOUT", "AFL_FRIDA_OUTPUT_STDERR", "AFL_FRIDA_PERSISTENT_ADDR", From 0978c08f4b476dbb90c50ae5d7e6104d3325ef2e Mon Sep 17 00:00:00 2001 From: Michael Rodler Date: Fri, 11 Jun 2021 11:02:29 +0200 Subject: [PATCH 341/441] split-comparison llvm pass refactor for smaller compilation times (and a small bug fix) (#964) * Refactored split compare pass to be more efficient in LTO usage and allow splitting to other minimum bitwidths. Efficiency: avoid looping over the whole llvm module N times, when once is also enough. Bitwidth: Previously, due to fallthrough in switch-case, all comparisons were split to 8-bit, which might not be desirable e.g., 16 or 32 bit might be enough. So now all comparison are split until they are smaller or equal to the target bitwidth, which is controlled through the `AFL_LLVM_LAF_SPLIT_COMPARES_BITW` environment variable. * fixed miscompilation due to incorrectly trying to split a signed comparison operator * minor formatting updates and use IRBuilder when inserting multiple instructions * added @hexcoder-'s test-int_cases.c to make test * Avoid recursion; switch to smallvector in splitAndSimplify; use switch case for icmp type; * Fixed issue when splitting < where the inverse comparison was not further split * some cleanup --- instrumentation/split-compares-pass.so.cc | 1105 +++++++++------------ test/test-llvm.sh | 23 + test/test-uint_cases.c | 30 +- 3 files changed, 535 insertions(+), 623 deletions(-) diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index b02a89fb..6eb9050c 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -47,50 +47,101 @@ using namespace llvm; #include "afl-llvm-common.h" +// uncomment this toggle function verification at each step. horribly slow, but +// helps to pinpoint a potential problem in the splitting code. +//#define VERIFY_TOO_MUCH 1 + namespace { class SplitComparesTransform : public ModulePass { - public: static char ID; SplitComparesTransform() : ModulePass(ID), enableFPSplit(0) { - initInstrumentList(); - } bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { - #else const char *getPassName() const override { #endif - return "simplifies and splits ICMP instructions"; - + return "AFL_SplitComparesTransform"; } private: int enableFPSplit; - size_t splitIntCompares(Module &M, unsigned bitw); + unsigned target_bitwidth = 8; + + size_t count = 0; + size_t splitFPCompares(Module &M); - bool simplifyCompares(Module &M); bool simplifyFPCompares(Module &M); - bool simplifyIntSignedness(Module &M); size_t nextPowerOfTwo(size_t in); + using CmpWorklist = SmallVector; + + /// simplify the comparison and then split the comparison until the + /// target_bitwidth is reached. + bool simplifyAndSplit(CmpInst *I, Module &M); + /// simplify a non-strict comparison (e.g., less than or equals) + bool simplifyOrEqualsCompare(CmpInst *IcmpInst, Module &M, + CmpWorklist &worklist); + /// simplify a signed comparison (signed less or greater than) + bool simplifySignedCompare(CmpInst *IcmpInst, Module &M, + CmpWorklist &worklist); + /// splits an icmp into nested icmps recursivly until target_bitwidth is + /// reached + bool splitCompare(CmpInst *I, Module &M, CmpWorklist &worklist); + + /// print an error to llvm's errs stream, but only if not ordered to be quiet + void reportError(const StringRef msg, Instruction *I, Module &M) { + if (!be_quiet) { + errs() << "[AFL++ SplitComparesTransform] ERROR: " << msg << "\n"; + if (debug) { + if (I) { + errs() << "Instruction = " << *I << "\n"; + if (auto BB = I->getParent()) { + if (auto F = BB->getParent()) { + if (F->hasName()) { + errs() << "|-> in function " << F->getName() << " "; + } + } + } + } + auto n = M.getName(); + if (n.size() > 0) { errs() << "in module " << n << "\n"; } + } + } + } + + bool isSupportedBitWidth(unsigned bitw) { + // IDK whether the icmp code works on other bitwidths. I guess not? So we + // try to avoid dealing with other weird icmp's that llvm might use (looking + // at you `icmp i0`). + switch (bitw) { + case 8: + case 16: + case 32: + case 64: + case 128: + case 256: + return true; + default: + return false; + } + } }; } // namespace char SplitComparesTransform::ID = 0; -/* This function splits FCMP instructions with xGE or xLE predicates into two - * FCMP instructions with predicate xGT or xLT and EQ */ +/// This function splits FCMP instructions with xGE or xLE predicates into two +/// FCMP instructions with predicate xGT or xLT and EQ bool SplitComparesTransform::simplifyFPCompares(Module &M) { - LLVMContext & C = M.getContext(); std::vector fcomps; IntegerType * Int1Ty = IntegerType::getInt1Ty(C); @@ -98,23 +149,18 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* iterate over all functions, bbs and instruction and add * all integer comparisons with >= and <= predicates to the icomps vector */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { - for (auto &IN : BB) { - CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { - if (enableFPSplit && (selectcmpInst->getPredicate() == CmpInst::FCMP_OGE || selectcmpInst->getPredicate() == CmpInst::FCMP_UGE || selectcmpInst->getPredicate() == CmpInst::FCMP_OLE || selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) { - auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -127,22 +173,16 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); - } - } - } - } - } if (!fcomps.size()) { return false; } /* transform for floating point */ for (auto &FcmpInst : fcomps) { - BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -155,7 +195,6 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { CmpInst::Predicate new_pred; switch (pred) { - case CmpInst::FCMP_UGE: new_pred = CmpInst::FCMP_UGT; break; @@ -170,7 +209,6 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { break; default: // keep the compiler happy continue; - } /* split before the fcmp instruction */ @@ -214,305 +252,425 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* replace the old FcmpInst with our new and shiny PHI inst */ BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); - } return true; - } -/* This function splits ICMP instructions with xGE or xLE predicates into two - * ICMP instructions with predicate xGT or xLT and EQ */ -bool SplitComparesTransform::simplifyCompares(Module &M) { +/// This function splits ICMP instructions with xGE or xLE predicates into two +/// ICMP instructions with predicate xGT or xLT and EQ +bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, + Module & M, + CmpWorklist &worklist) { + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - LLVMContext & C = M.getContext(); - std::vector icomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); + /* find out what the new predicate is going to be */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { return false; } - /* iterate over all functions, bbs and instruction and add - * all integer comparisons with >= and <= predicates to the icomps vector */ - for (auto &F : M) { + BasicBlock *bb = IcmpInst->getParent(); - if (!isInInstrumentList(&F)) continue; + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_UGE || - selectcmpInst->getPredicate() == CmpInst::ICMP_SGE || - selectcmpInst->getPredicate() == CmpInst::ICMP_ULE || - selectcmpInst->getPredicate() == CmpInst::ICMP_SLE) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - /* this is probably not needed but we do it anyway */ - if (!intTyOp0 || !intTyOp1) { continue; } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return false; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - /* find out what the new predicate is going to be */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; - - switch (pred) { - - case CmpInst::ICMP_UGE: - new_pred = CmpInst::ICMP_UGT; - break; - case CmpInst::ICMP_SGE: - new_pred = CmpInst::ICMP_SGT; - break; - case CmpInst::ICMP_ULE: - new_pred = CmpInst::ICMP_ULT; - break; - case CmpInst::ICMP_SLE: - new_pred = CmpInst::ICMP_SLT; - break; - default: // keep the compiler happy - continue; - - } - - /* split before the icmp instruction */ - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* the old bb now contains a unconditional jump to the new one (end_bb) - * we need to delete it later */ - - /* create the ICMP instruction with new_pred and add it to the old basic - * block bb it is now at the position where the old IcmpInst was */ - Instruction *icmp_np; - icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_np); - - /* create a new basic block which holds the new EQ icmp */ - Instruction *icmp_eq; - /* insert middle_bb before end_bb */ - BasicBlock *middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); - middle_bb->getInstList().push_back(icmp_eq); - /* add an unconditional branch to the end of middle_bb with destination - * end_bb */ - BranchInst::Create(end_bb, middle_bb); - - /* replace the uncond branch with a conditional one, which depends on the - * new_pred icmp. True goes to end, false to the middle (injected) bb */ - auto term = bb->getTerminator(); - BranchInst::Create(end_bb, middle_bb, icmp_np, bb); - term->eraseFromParent(); - - /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI - * inst to wire up the loose ends */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - /* the first result depends on the outcome of icmp_eq */ - PN->addIncoming(icmp_eq, middle_bb); - /* if the source was the original bb we know that the icmp_np yielded true - * hence we can hardcode this value */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - /* replace the old IcmpInst with our new and shiny PHI inst */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } - - return true; - -} - -/* this function transforms signed compares to equivalent unsigned compares */ -bool SplitComparesTransform::simplifyIntSignedness(Module &M) { - - LLVMContext & C = M.getContext(); - std::vector icomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); - - /* iterate over all functions, bbs and instructions and add - * all signed compares to icomps vector */ - for (auto &F : M) { - - if (!isInInstrumentList(&F)) continue; - - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_SGT || - selectcmpInst->getPredicate() == CmpInst::ICMP_SLT) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - /* see above */ - if (!intTyOp0 || !intTyOp1) { continue; } - - /* i think this is not possible but to lazy to look it up */ - if (intTyOp0->getBitWidth() != intTyOp1->getBitWidth()) { - - continue; - - } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return false; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - if (!intTyOp0) { continue; } - unsigned bitw = intTyOp0->getBitWidth(); - IntegerType *IntType = IntegerType::get(C, bitw); - - /* get the new predicate */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; - - if (pred == CmpInst::ICMP_SGT) { + CmpInst::Predicate pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + switch (pred) { + case CmpInst::ICMP_UGE: new_pred = CmpInst::ICMP_UGT; - - } else { - + break; + case CmpInst::ICMP_SGE: + new_pred = CmpInst::ICMP_SGT; + break; + case CmpInst::ICMP_ULE: new_pred = CmpInst::ICMP_ULT; + break; + case CmpInst::ICMP_SLE: + new_pred = CmpInst::ICMP_SLT; + break; + default: // keep the compiler happy + return false; + } + /* split before the icmp instruction */ + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* the old bb now contains a unconditional jump to the new one (end_bb) + * we need to delete it later */ + + /* create the ICMP instruction with new_pred and add it to the old basic + * block bb it is now at the position where the old IcmpInst was */ + CmpInst *icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), icmp_np); + + /* create a new basic block which holds the new EQ icmp */ + CmpInst *icmp_eq; + /* insert middle_bb before end_bb */ + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); + middle_bb->getInstList().push_back(icmp_eq); + /* add an unconditional branch to the end of middle_bb with destination + * end_bb */ + BranchInst::Create(end_bb, middle_bb); + + /* replace the uncond branch with a conditional one, which depends on the + * new_pred icmp. True goes to end, false to the middle (injected) bb */ + auto term = bb->getTerminator(); + BranchInst::Create(end_bb, middle_bb, icmp_np, bb); + term->eraseFromParent(); + + /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI + * inst to wire up the loose ends */ + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + /* the first result depends on the outcome of icmp_eq */ + PN->addIncoming(icmp_eq, middle_bb); + /* if the source was the original bb we know that the icmp_np yielded true + * hence we can hardcode this value */ + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + /* replace the old IcmpInst with our new and shiny PHI inst */ + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + + worklist.push_back(icmp_np); + worklist.push_back(icmp_eq); + + return true; +} + +/// Simplify a signed comparison operator by splitting it into a unsigned and +/// bit comparison. add all resulting comparisons to +/// the worklist passed as a reference. +bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, + CmpWorklist &worklist) { + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + + BasicBlock *bb = IcmpInst->getParent(); + + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); + + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { return false; } + unsigned bitw = intTyOp0->getBitWidth(); + IntegerType *IntType = IntegerType::get(C, bitw); + + /* get the new predicate */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { return false; } + auto pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + + if (pred == CmpInst::ICMP_SGT) { + new_pred = CmpInst::ICMP_UGT; + + } else { + new_pred = CmpInst::ICMP_ULT; + } + + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* create a 1 bit compare for the sign bit. to do this shift and trunc + * the original operands so only the first bit remains.*/ + Value *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; + + IRBuilder<> IRB(bb->getTerminator()); + s_op0 = IRB.CreateLShr(op0, ConstantInt::get(IntType, bitw - 1)); + t_op0 = IRB.CreateTruncOrBitCast(s_op0, Int1Ty); + s_op1 = IRB.CreateLShr(op1, ConstantInt::get(IntType, bitw - 1)); + t_op1 = IRB.CreateTruncOrBitCast(s_op1, Int1Ty); + /* compare of the sign bits */ + icmp_sign_bit = IRB.CreateCmp(CmpInst::ICMP_EQ, t_op0, t_op1); + + /* create a new basic block which is executed if the signedness bit is + * different */ + CmpInst * icmp_inv_sig_cmp; + BasicBlock *sign_bb = + BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_SGT) { + /* if we check for > and the op0 positive and op1 negative then the final + * result is true. if op0 negative and op1 pos, the cmp must result + * in false + */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); + + } else { + /* just the inverse of the above statement */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); + } + + sign_bb->getInstList().push_back(icmp_inv_sig_cmp); + BranchInst::Create(end_bb, sign_bb); + + /* create a new bb which is executed if signedness is equal */ + CmpInst * icmp_usign_cmp; + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + /* we can do a normal unsigned compare now */ + icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + + middle_bb->getInstList().push_back(icmp_usign_cmp); + BranchInst::Create(end_bb, middle_bb); + + auto term = bb->getTerminator(); + /* if the sign is eq do a normal unsigned cmp, else we have to check the + * signedness bit */ + BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); + term->eraseFromParent(); + + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + + PN->addIncoming(icmp_usign_cmp, middle_bb); + PN->addIncoming(icmp_inv_sig_cmp, sign_bb); + + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + + // save for later + worklist.push_back(icmp_usign_cmp); + + // signed comparisons are not supported by the splitting code, so we must not + // add it to the worklist. + // worklist.push_back(icmp_inv_sig_cmp); + + return true; +} + +bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, + CmpWorklist &worklist) { + auto pred = cmp_inst->getPredicate(); + switch (pred) { + case CmpInst::ICMP_EQ: + case CmpInst::ICMP_NE: + case CmpInst::ICMP_UGT: + case CmpInst::ICMP_ULT: + break; + default: + // unsupported predicate! + return false; + } + + auto op0 = cmp_inst->getOperand(0); + auto op1 = cmp_inst->getOperand(1); + + // get bitwidth by checking the bitwidth of the first operator + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { + // not an integer type + return false; + } + + unsigned bitw = intTyOp0->getBitWidth(); + if (bitw == target_bitwidth) { + // already the target bitwidth so we have to do nothing here. + return true; + } + + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + BasicBlock * bb = cmp_inst->getParent(); + IntegerType *OldIntType = IntegerType::get(C, bitw); + IntegerType *NewIntType = IntegerType::get(C, bitw / 2); + BasicBlock * end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst)); + CmpInst * icmp_high, *icmp_low; + + /* create the comparison of the top halves of the original operands */ + Value *s_op0, *op0_high, *s_op1, *op1_high; + + IRBuilder<> IRB(bb->getTerminator()); + + s_op0 = IRB.CreateBinOp(Instruction::LShr, op0, + ConstantInt::get(OldIntType, bitw / 2)); + op0_high = IRB.CreateTruncOrBitCast(s_op0, NewIntType); + + s_op1 = IRB.CreateBinOp(Instruction::LShr, op1, + ConstantInt::get(OldIntType, bitw / 2)); + op1_high = IRB.CreateTruncOrBitCast(s_op1, NewIntType); + icmp_high = cast(IRB.CreateICmp(pred, op0_high, op1_high)); + + PHINode *PN = nullptr; + + /* now we have to destinguish between == != and > < */ + switch (pred) { + case CmpInst::ICMP_EQ: + case CmpInst::ICMP_NE: { + /* transformation for == and != icmps */ + + /* create a compare for the lower half of the original operands */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); + + Value *op0_low, *op1_low; + IRBuilder<> Builder(cmp_low_bb); + + op0_low = Builder.CreateTrunc(op0, NewIntType); + op1_low = Builder.CreateTrunc(op1, NewIntType); + icmp_low = cast(Builder.CreateICmp(pred, op0_low, op1_low)); + + BranchInst::Create(end_bb, cmp_low_bb); + + /* dependent on the cmp of the high parts go to the end or go on with + * the comparison */ + auto term = bb->getTerminator(); + BranchInst *br = nullptr; + if (pred == CmpInst::ICMP_EQ) { + br = BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); + } else { + /* CmpInst::ICMP_NE */ + br = BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); + } + term->eraseFromParent(); + + /* create the PHI and connect the edges accordingly */ + PN = PHINode::Create(Int1Ty, 2, ""); + PN->addIncoming(icmp_low, cmp_low_bb); + Value *val = nullptr; + if (pred == CmpInst::ICMP_EQ) { + val = ConstantInt::get(Int1Ty, 0); + } else { + /* CmpInst::ICMP_NE */ + val = ConstantInt::get(Int1Ty, 1); + } + PN->addIncoming(val, icmp_high->getParent()); + break; } + case CmpInst::ICMP_UGT: + case CmpInst::ICMP_ULT: { + /* transformations for < and > */ - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + /* create a basic block which checks for the inverse predicate. + * if this is true we can go to the end if not we have to go to the + * bb which checks the lower half of the operands */ + Instruction *op0_low, *op1_low; + CmpInst *icmp_inv_cmp = nullptr; + BasicBlock * inv_cmp_bb = + BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_UGT) { + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, + op0_high, op1_high); - /* create a 1 bit compare for the sign bit. to do this shift and trunc - * the original operands so only the first bit remains.*/ - Instruction *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; + } else { + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, + op0_high, op1_high); + } - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(IntType, bitw - 1)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - t_op0 = new TruncInst(s_op0, Int1Ty); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op0); + inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); + worklist.push_back(icmp_inv_cmp); - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(IntType, bitw - 1)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - t_op1 = new TruncInst(s_op1, Int1Ty); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op1); + auto term = bb->getTerminator(); + term->eraseFromParent(); + BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); - /* compare of the sign bits */ - icmp_sign_bit = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, t_op0, t_op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_sign_bit); + /* create a bb which handles the cmp of the lower halves */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); + op0_low = new TruncInst(op0, NewIntType); + cmp_low_bb->getInstList().push_back(op0_low); + op1_low = new TruncInst(op1, NewIntType); + cmp_low_bb->getInstList().push_back(op1_low); - /* create a new basic block which is executed if the signedness bit is - * different */ - Instruction *icmp_inv_sig_cmp; - BasicBlock * sign_bb = - BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_SGT) { + icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); + cmp_low_bb->getInstList().push_back(icmp_low); + BranchInst::Create(end_bb, cmp_low_bb); - /* if we check for > and the op0 positive and op1 negative then the final - * result is true. if op0 negative and op1 pos, the cmp must result - * in false - */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); - - } else { - - /* just the inverse of the above statement */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); + BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); + PN = PHINode::Create(Int1Ty, 3); + PN->addIncoming(icmp_low, cmp_low_bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); + break; } + default: + return false; + } - sign_bb->getInstList().push_back(icmp_inv_sig_cmp); - BranchInst::Create(end_bb, sign_bb); - - /* create a new bb which is executed if signedness is equal */ - Instruction *icmp_usign_cmp; - BasicBlock * middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - /* we can do a normal unsigned compare now */ - icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - middle_bb->getInstList().push_back(icmp_usign_cmp); - BranchInst::Create(end_bb, middle_bb); - - auto term = bb->getTerminator(); - /* if the sign is eq do a normal unsigned cmp, else we have to check the - * signedness bit */ - BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); - term->eraseFromParent(); - - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - - PN->addIncoming(icmp_usign_cmp, middle_bb); - PN->addIncoming(icmp_inv_sig_cmp, sign_bb); - - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + BasicBlock::iterator ii(cmp_inst); + ReplaceInstWithInst(cmp_inst->getParent()->getInstList(), ii, PN); + // We split the comparison into low and high. If this isn't our target + // bitwidth we recursivly split the low and high parts again until we have + // target bitwidth. + if ((bitw / 2) > target_bitwidth) { + worklist.push_back(icmp_high); + worklist.push_back(icmp_low); } return true; +} +bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { + CmpWorklist worklist; + + auto op0 = I->getOperand(0); + auto op1 = I->getOperand(1); + if (!op0 || !op1) { return false; } + auto op0Ty = dyn_cast(op0->getType()); + if (!op0Ty || !isa(op1->getType())) { return true; } + + unsigned bitw = op0Ty->getBitWidth(); + +#ifdef VERIFY_TOO_MUCH + auto F = I->getParent()->getParent(); +#endif + + // we run the comparison simplification on all compares regardless of their + // bitwidth. + if (I->getPredicate() == CmpInst::ICMP_UGE || + I->getPredicate() == CmpInst::ICMP_SGE || + I->getPredicate() == CmpInst::ICMP_ULE || + I->getPredicate() == CmpInst::ICMP_SLE) { + if (!simplifyOrEqualsCompare(I, M, worklist)) { + reportError( + "Failed to simplify inequality or equals comparison " + "(UGE,SGE,ULE,SLE)", + I, M); + } + } else if (I->getPredicate() == CmpInst::ICMP_SGT || + I->getPredicate() == CmpInst::ICMP_SLT) { + if (!simplifySignedCompare(I, M, worklist)) { + reportError("Failed to simplify signed comparison (SGT,SLT)", I, M); + } + } + +#ifdef VERIFY_TOO_MUCH + if (verifyFunction(*F, &errs())) { + reportError("simpliyfing compare lead to broken function", nullptr, M); + } +#endif + + // the simplification methods replace the original CmpInst and push the + // resulting new CmpInst into the worklist. If the worklist is empty then + // we only have to split the original CmpInst. + if (worklist.size() == 0) { worklist.push_back(I); } + + while (!worklist.empty()) { + CmpInst *cmp = worklist.pop_back_val(); + // we split the simplified compares into comparisons with smaller bitwidths + // if they are larger than our target_bitwidth. + if (bitw > target_bitwidth) { + if (!splitCompare(cmp, M, worklist)) { + reportError("Failed to split comparison", cmp, M); + } + +#ifdef VERIFY_TOO_MUCH + if (verifyFunction(*F, &errs())) { + reportError("splitting compare lead to broken function", nullptr, M); + } +#endif + } + } + + count++; + return true; } size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { - --in; in |= in >> 1; in |= in >> 2; @@ -520,12 +678,10 @@ size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { // in |= in >> 8; // in |= in >> 16; return in + 1; - } /* splits fcmps into two nested fcmps with sign compare and the rest */ size_t SplitComparesTransform::splitFPCompares(Module &M) { - size_t count = 0; LLVMContext &C = M.getContext(); @@ -537,13 +693,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* define unions with floating point and (sign, exponent, mantissa) triples */ if (dl.isLittleEndian()) { - } else if (dl.isBigEndian()) { - } else { - return count; - } #endif @@ -553,17 +705,13 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* get all EQ, NE, GT, and LT fcmps. if the other two * functions were executed only these four predicates should exist */ for (auto &F : M) { - if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { - for (auto &IN : BB) { - CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { - if (selectcmpInst->getPredicate() == CmpInst::FCMP_OEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_UEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_ONE || @@ -572,7 +720,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { selectcmpInst->getPredicate() == CmpInst::FCMP_OGT || selectcmpInst->getPredicate() == CmpInst::FCMP_ULT || selectcmpInst->getPredicate() == CmpInst::FCMP_OLT) { - auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -584,15 +731,10 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); - } - } - } - } - } if (!fcomps.size()) { return count; } @@ -600,7 +742,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { IntegerType *Int1Ty = IntegerType::getInt1Ty(C); for (auto &FcmpInst : fcomps) { - BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -725,7 +866,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), t_e1); if (sizeInBits - precision < exTySizeBytes * 8) { - m_e0 = BinaryOperator::Create( Instruction::And, t_e0, ConstantInt::get(t_e0->getType(), mask_exponent)); @@ -738,10 +878,8 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), m_e1); } else { - m_e0 = t_e0; m_e1 = t_e1; - } /* compare the exponents of the operands */ @@ -749,7 +887,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction *icmp_exponent_result; BasicBlock * signequal2_bb = signequal_bb; switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_exponent_result = @@ -819,7 +956,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; - } signequal2_bb->getInstList().insert( @@ -827,11 +963,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { icmp_exponent_result); { - term = signequal2_bb->getTerminator(); switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* if the exponents are satifying the compare do a fraction cmp in @@ -854,11 +988,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; - } term->eraseFromParent(); - } /* isolate the mantissa aka fraction */ @@ -866,7 +998,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { bool needTrunc = IntFractionTy->getPrimitiveSizeInBits() < op_size; if (precision - 1 < frTySizeBytes * 8) { - Instruction *m_f0, *m_f1; m_f0 = BinaryOperator::Create( Instruction::And, b_op0, @@ -880,7 +1011,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), m_f1); if (needTrunc) { - t_f0 = new TruncInst(m_f0, IntFractionTy); t_f1 = new TruncInst(m_f1, IntFractionTy); middle_bb->getInstList().insert( @@ -889,16 +1019,12 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { - t_f0 = m_f0; t_f1 = m_f1; - } } else { - if (needTrunc) { - t_f0 = new TruncInst(b_op0, IntFractionTy); t_f1 = new TruncInst(b_op1, IntFractionTy); middle_bb->getInstList().insert( @@ -907,12 +1033,9 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { - t_f0 = b_op0; t_f1 = b_op1; - } - } /* compare the fractions of the operands */ @@ -920,7 +1043,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock * middle2_bb = middle_bb; PHINode * PN2 = nullptr; switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_fraction_result = @@ -943,7 +1065,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { case CmpInst::FCMP_UGT: case CmpInst::FCMP_OLT: case CmpInst::FCMP_ULT: { - Instruction *icmp_fraction_result2; middle2_bb = middle_bb->splitBasicBlock( @@ -956,7 +1077,6 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (FcmpInst->getPredicate() == CmpInst::FCMP_OGT || FcmpInst->getPredicate() == CmpInst::FCMP_UGT) { - negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); @@ -965,14 +1085,12 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); } else { - negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); positive_bb->getInstList().push_back( icmp_fraction_result2 = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); - } BranchInst::Create(middle2_bb, negative_bb); @@ -992,13 +1110,11 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { default: continue; - } PHINode *PN = PHINode::Create(Int1Ty, 3, ""); switch (FcmpInst->getPredicate()) { - case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* unequal signs cannot be equal values */ @@ -1037,262 +1153,36 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; - } BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); ++count; - } return count; - -} - -/* splits icmps of size bitw into two nested icmps with bitw/2 size each */ -size_t SplitComparesTransform::splitIntCompares(Module &M, unsigned bitw) { - - size_t count = 0; - - LLVMContext &C = M.getContext(); - - IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - IntegerType *OldIntType = IntegerType::get(C, bitw); - IntegerType *NewIntType = IntegerType::get(C, bitw / 2); - - std::vector icomps; - - if (bitw % 2) { return 0; } - - /* not supported yet */ - if (bitw > 64) { return 0; } - - /* get all EQ, NE, UGT, and ULT icmps of width bitw. if the - * functions simplifyCompares() and simplifyIntSignedness() - * were executed only these four predicates should exist */ - for (auto &F : M) { - - if (!isInInstrumentList(&F)) continue; - - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_EQ || - selectcmpInst->getPredicate() == CmpInst::ICMP_NE || - selectcmpInst->getPredicate() == CmpInst::ICMP_UGT || - selectcmpInst->getPredicate() == CmpInst::ICMP_ULT) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - if (!intTyOp0 || !intTyOp1) { continue; } - - /* check if the bitwidths are the one we are looking for */ - if (intTyOp0->getBitWidth() != bitw || - intTyOp1->getBitWidth() != bitw) { - - continue; - - } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return 0; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* create the comparison of the top halves of the original operands */ - Instruction *s_op0, *op0_high, *s_op1, *op1_high, *icmp_high; - - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - op0_high = new TruncInst(s_op0, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - op0_high); - - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - op1_high = new TruncInst(s_op1, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - op1_high); - - icmp_high = CmpInst::Create(Instruction::ICmp, pred, op0_high, op1_high); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_high); - - /* now we have to destinguish between == != and > < */ - if (pred == CmpInst::ICMP_EQ || pred == CmpInst::ICMP_NE) { - - /* transformation for == and != icmps */ - - /* create a compare for the lower half of the original operands */ - Instruction *op0_low, *op1_low, *icmp_low; - BasicBlock * cmp_low_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); - - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); - - /* dependent on the cmp of the high parts go to the end or go on with - * the comparison */ - auto term = bb->getTerminator(); - if (pred == CmpInst::ICMP_EQ) { - - BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); - - } else { - - /* CmpInst::ICMP_NE */ - BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); - - } - - term->eraseFromParent(); - - /* create the PHI and connect the edges accordingly */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - PN->addIncoming(icmp_low, cmp_low_bb); - if (pred == CmpInst::ICMP_EQ) { - - PN->addIncoming(ConstantInt::get(Int1Ty, 0), bb); - - } else { - - /* CmpInst::ICMP_NE */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - - } - - /* replace the old icmp with the new PHI */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } else { - - /* CmpInst::ICMP_UGT and CmpInst::ICMP_ULT */ - /* transformations for < and > */ - - /* create a basic block which checks for the inverse predicate. - * if this is true we can go to the end if not we have to go to the - * bb which checks the lower half of the operands */ - Instruction *icmp_inv_cmp, *op0_low, *op1_low, *icmp_low; - BasicBlock * inv_cmp_bb = - BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_UGT) { - - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, - op0_high, op1_high); - - } else { - - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, - op0_high, op1_high); - - } - - inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); - - auto term = bb->getTerminator(); - term->eraseFromParent(); - BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); - - /* create a bb which handles the cmp of the lower halves */ - BasicBlock *cmp_low_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); - - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); - - BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); - - PHINode *PN = PHINode::Create(Int1Ty, 3); - PN->addIncoming(icmp_low, cmp_low_bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); - - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } - - ++count; - - } - - return count; - } bool SplitComparesTransform::runOnModule(Module &M) { - - int bitw = 64; - size_t count = 0; - char *bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); - if (bitw_env) { bitw = atoi(bitw_env); } + if (bitw_env) { target_bitwidth = atoi(bitw_env); } enableFPSplit = getenv("AFL_LLVM_LAF_SPLIT_FLOATS") != NULL; if ((isatty(2) && getenv("AFL_QUIET") == NULL) || getenv("AFL_DEBUG") != NULL) { + errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " + "heiko@hexco.de (splitting icmp to " + << target_bitwidth << " bit)\n"; - printf( - "Split-compare-pass by laf.intel@gmail.com, extended by " - "heiko@hexco.de\n"); + if (getenv("AFL_DEBUG") != NULL && !debug) { debug = 1; } } else { - be_quiet = 1; - } if (enableFPSplit) { - count = splitFPCompares(M); /* @@ -1305,60 +1195,55 @@ bool SplitComparesTransform::runOnModule(Module &M) { */ simplifyFPCompares(M); - } - simplifyCompares(M); - - simplifyIntSignedness(M); - - switch (bitw) { - - case 64: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - bitw >>= 1; -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) - [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ -#endif - case 32: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - bitw >>= 1; -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) - [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ -#endif - case 16: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - // bitw >>= 1; - break; - - default: - // if (!be_quiet) errs() << "NOT Running split-compare-pass \n"; - return false; - break; + std::vector worklist; + /* iterate over all functions, bbs and instruction search for all integer + * compare instructions. Save them into the worklist for later. */ + for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; + for (auto &BB : F) { + for (auto &IN : BB) { + if (auto CI = dyn_cast(&IN)) { + auto op0 = CI->getOperand(0); + auto op1 = CI->getOperand(1); + if (!op0 || !op1) { return false; } + auto iTy1 = dyn_cast(op0->getType()); + if (iTy1 && isa(op1->getType())) { + unsigned bitw = iTy1->getBitWidth(); + if (isSupportedBitWidth(bitw)) { worklist.push_back(CI); } + } + } + } + } } - verifyModule(M); + // now that we have a list of all integer comparisons we can start replacing + // them with the splitted alternatives. + for (auto CI : worklist) { + simplifyAndSplit(CI, M); + } + + bool brokenDebug = false; + if (verifyModule(M, &errs(), &brokenDebug)) { + reportError( + "Module Verifier failed! Consider reporting a bug with the AFL++ " + "project.", + nullptr, M); + } + + if (brokenDebug) { + reportError("Module Verifier reported broken Debug Infos - Stripping!", + nullptr, M); + StripDebugInfo(M); + } return true; - } static void registerSplitComparesPass(const PassManagerBuilder &, legacy::PassManagerBase &PM) { - PM.add(new SplitComparesTransform()); - } static RegisterStandardPasses RegisterSplitComparesPass( @@ -1373,3 +1258,7 @@ static RegisterStandardPasses RegisterSplitComparesTransPassLTO( registerSplitComparesPass); #endif +static RegisterPass X("splitcompares", + "AFL++ split compares", + true /* Only looks at CFG */, + true /* Analysis Pass */); diff --git a/test/test-llvm.sh b/test/test-llvm.sh index f902ffc5..8090e176 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -186,6 +186,29 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } rm -f test-instr.plain + $ECHO "$GREY[*] llvm_mode laf-intel/compcov testing splitting integer types (this might take some time)" + for testcase in ./test-int_cases.c ./test-uint_cases.c; do + for I in char short int long "long long"; do + for BITS in 8 16 32 64; do + bin="$testcase-split-$I-$BITS.compcov" + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; + if ! test -e "$bin"; then + cat test.out + $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting failed! ($testcase with type $I split to $BITS)!"; + CODE=1 + break + fi + if ! "$bin"; then + $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting resulted in miscompilation (type $I split to $BITS)!"; + CODE=1 + break + fi + rm -f "$bin" test.out || true + done + done + done + rm -f test-int-split*.compcov test.out + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1 test -e test-compcov.compcov && test_compcov_binary_functionality ./test-compcov.compcov && { grep --binary-files=text -Eq " [ 123][0-9][0-9] location| [3-9][0-9] location" test.out && { diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c index 8496cffe..a277e28a 100644 --- a/test/test-uint_cases.c +++ b/test/test-uint_cases.c @@ -1,16 +1,16 @@ /* - * compile with -DUINT_TYPE="unsigned char" - * or -DUINT_TYPE="unsigned short" - * or -DUINT_TYPE="unsigned int" - * or -DUINT_TYPE="unsigned long" - * or -DUINT_TYPE="unsigned long long" + * compile with -DINT_TYPE="char" + * or -DINT_TYPE="short" + * or -DINT_TYPE="int" + * or -DINT_TYPE="long" + * or -DINT_TYPE="long long" */ #include int main() { - volatile UINT_TYPE a, b; + volatile unsigned INT_TYPE a, b; a = 1; b = 8; @@ -21,7 +21,7 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((UINT_TYPE)(~0) > 255) { + if ((INT_TYPE)(~0) > 255) { volatile unsigned short a, b; a = 256+2; b = 256+21; @@ -41,7 +41,7 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((UINT_TYPE)(~0) > 65535) { + if ((INT_TYPE)(~0) > 65535) { volatile unsigned int a, b; a = 65536+2; b = 65536+21; @@ -62,7 +62,7 @@ int main() { assert(!(a == b)); } - if ((UINT_TYPE)(~0) > 4294967295) { + if ((INT_TYPE)(~0) > 4294967295) { volatile unsigned long a, b; a = 4294967296+2; b = 4294967296+21; @@ -93,7 +93,7 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((UINT_TYPE)(~0) > 255) { + if ((INT_TYPE)(~0) > 255) { volatile unsigned short a, b; a = 256+2; b = 256+1; @@ -113,7 +113,7 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((UINT_TYPE)(~0) > 65535) { + if ((INT_TYPE)(~0) > 65535) { volatile unsigned int a, b; a = 65536+2; b = 65536+1; @@ -133,7 +133,7 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((UINT_TYPE)(~0) > 4294967295) { + if ((INT_TYPE)(~0) > 4294967295) { volatile unsigned long a, b; a = 4294967296+2; b = 4294967296+1; @@ -176,7 +176,7 @@ int main() { assert(!(a != b)); assert((a == b)); - if ((UINT_TYPE)(~0) > 255) { + if ((INT_TYPE)(~0) > 255) { volatile unsigned short a, b; a = 256+5; b = 256+5; @@ -187,7 +187,7 @@ int main() { assert(!(a != b)); assert((a == b)); - if ((UINT_TYPE)(~0) > 65535) { + if ((INT_TYPE)(~0) > 65535) { volatile unsigned int a, b; a = 65536+5; b = 65536+5; @@ -198,7 +198,7 @@ int main() { assert(!(a != b)); assert((a == b)); - if ((UINT_TYPE)(~0) > 4294967295) { + if ((INT_TYPE)(~0) > 4294967295) { volatile unsigned long a, b; a = 4294967296+5; b = 4294967296+5; From 581593ccab9516fbe372355fdb06180a5357e813 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 11 Jun 2021 11:05:57 +0200 Subject: [PATCH 342/441] code format --- docs/Changelog.md | 4 +- docs/FAQ.md | 21 +++ instrumentation/split-compares-pass.so.cc | 184 +++++++++++++++++++++- 3 files changed, 206 insertions(+), 3 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 97903c2a..0e2ce27d 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -17,11 +17,13 @@ sending a mail to . an indicator why - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL - afl-cc + - Update to COMPCOV/laf-intel that speeds up the instrumentation process + a lot - thanks to Michael Rodler/f0rki for the PR! + - Fix for llvm 13 - support partial linking - We do support llvm versions from 3.8 again - afl_analyze - fix timeout handling and support forkserver - - Fix for llvm 13 - ensure afl-compiler-rt is built for gcc_module - afl-analyze now uses the forkserver for increased performance diff --git a/docs/FAQ.md b/docs/FAQ.md index 714d50eb..ab0abe6c 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -3,6 +3,7 @@ ## Contents * [What is the difference between afl and afl++?](#what-is-the-difference-between-afl-and-afl) + * [I got a weird compile error from clang](#i-got-a-weird-compile-error-from-clang) * [How to improve the fuzzing speed?](#how-to-improve-the-fuzzing-speed) * [How do I fuzz a network service?](#how-do-i-fuzz-a-network-service) * [How do I fuzz a GUI program?](#how-do-i-fuzz-a-gui-program) @@ -35,6 +36,26 @@ flexible and feature rich guided fuzzer available as open source. And in independent fuzzing benchmarks it is one of the best fuzzers available, e.g. [Fuzzbench Report](https://www.fuzzbench.com/reports/2020-08-03/index.html) +## I got a weird compile error from clang + +If you see this kind of error when trying to instrument a target with afl-cc/ +afl-clang-fast/afl-clang-lto: +``` +/prg/tmp/llvm-project/build/bin/clang-13: symbol lookup error: /usr/local/bin/../lib/afl//cmplog-instructions-pass.so: undefined symbol: _ZNK4llvm8TypeSizecvmEv +clang-13: error: unable to execute command: No such file or directory +clang-13: error: clang frontend command failed due to signal (use -v to see invocation) +clang version 13.0.0 (https://github.com/llvm/llvm-project 1d7cf550721c51030144f3cd295c5789d51c4aad) +Target: x86_64-unknown-linux-gnu +Thread model: posix +InstalledDir: /prg/tmp/llvm-project/build/bin +clang-13: note: diagnostic msg: +******************** +``` +Then this means that your OS updated the clang installation from an upgrade +package and because of that the afl++ llvm plugins do not match anymore. + +Solution: `git pull ; make clean install` of afl++ + ## How to improve the fuzzing speed? 1. Use [llvm_mode](docs/llvm_mode/README.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended) diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 6eb9050c..10f86a66 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -54,20 +54,25 @@ using namespace llvm; namespace { class SplitComparesTransform : public ModulePass { + public: static char ID; SplitComparesTransform() : ModulePass(ID), enableFPSplit(0) { + initInstrumentList(); + } bool runOnModule(Module &M) override; #if LLVM_VERSION_MAJOR >= 4 StringRef getPassName() const override { + #else const char *getPassName() const override { #endif return "AFL_SplitComparesTransform"; + } private: @@ -98,30 +103,47 @@ class SplitComparesTransform : public ModulePass { /// print an error to llvm's errs stream, but only if not ordered to be quiet void reportError(const StringRef msg, Instruction *I, Module &M) { + if (!be_quiet) { + errs() << "[AFL++ SplitComparesTransform] ERROR: " << msg << "\n"; if (debug) { + if (I) { + errs() << "Instruction = " << *I << "\n"; if (auto BB = I->getParent()) { + if (auto F = BB->getParent()) { + if (F->hasName()) { + errs() << "|-> in function " << F->getName() << " "; + } + } + } + } + auto n = M.getName(); if (n.size() > 0) { errs() << "in module " << n << "\n"; } + } + } + } bool isSupportedBitWidth(unsigned bitw) { + // IDK whether the icmp code works on other bitwidths. I guess not? So we // try to avoid dealing with other weird icmp's that llvm might use (looking // at you `icmp i0`). switch (bitw) { + case 8: case 16: case 32: @@ -131,8 +153,11 @@ class SplitComparesTransform : public ModulePass { return true; default: return false; + } + } + }; } // namespace @@ -142,6 +167,7 @@ char SplitComparesTransform::ID = 0; /// This function splits FCMP instructions with xGE or xLE predicates into two /// FCMP instructions with predicate xGT or xLT and EQ bool SplitComparesTransform::simplifyFPCompares(Module &M) { + LLVMContext & C = M.getContext(); std::vector fcomps; IntegerType * Int1Ty = IntegerType::getInt1Ty(C); @@ -149,18 +175,23 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* iterate over all functions, bbs and instruction and add * all integer comparisons with >= and <= predicates to the icomps vector */ for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { + for (auto &IN : BB) { + CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { + if (enableFPSplit && (selectcmpInst->getPredicate() == CmpInst::FCMP_OGE || selectcmpInst->getPredicate() == CmpInst::FCMP_UGE || selectcmpInst->getPredicate() == CmpInst::FCMP_OLE || selectcmpInst->getPredicate() == CmpInst::FCMP_ULE)) { + auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -173,16 +204,22 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); + } + } + } + } + } if (!fcomps.size()) { return false; } /* transform for floating point */ for (auto &FcmpInst : fcomps) { + BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -195,6 +232,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { CmpInst::Predicate new_pred; switch (pred) { + case CmpInst::FCMP_UGE: new_pred = CmpInst::FCMP_UGT; break; @@ -209,6 +247,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { break; default: // keep the compiler happy continue; + } /* split before the fcmp instruction */ @@ -252,9 +291,11 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { /* replace the old FcmpInst with our new and shiny PHI inst */ BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); + } return true; + } /// This function splits ICMP instructions with xGE or xLE predicates into two @@ -262,6 +303,7 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, Module & M, CmpWorklist &worklist) { + LLVMContext &C = M.getContext(); IntegerType *Int1Ty = IntegerType::getInt1Ty(C); @@ -278,6 +320,7 @@ bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, CmpInst::Predicate new_pred; switch (pred) { + case CmpInst::ICMP_UGE: new_pred = CmpInst::ICMP_UGT; break; @@ -292,6 +335,7 @@ bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, break; default: // keep the compiler happy return false; + } /* split before the icmp instruction */ @@ -338,6 +382,7 @@ bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, worklist.push_back(icmp_eq); return true; + } /// Simplify a signed comparison operator by splitting it into a unsigned and @@ -345,6 +390,7 @@ bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, /// the worklist passed as a reference. bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, CmpWorklist &worklist) { + LLVMContext &C = M.getContext(); IntegerType *Int1Ty = IntegerType::getInt1Ty(C); @@ -365,10 +411,13 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, CmpInst::Predicate new_pred; if (pred == CmpInst::ICMP_SGT) { + new_pred = CmpInst::ICMP_UGT; } else { + new_pred = CmpInst::ICMP_ULT; + } BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); @@ -391,6 +440,7 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, BasicBlock *sign_bb = BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); if (pred == CmpInst::ICMP_SGT) { + /* if we check for > and the op0 positive and op1 negative then the final * result is true. if op0 negative and op1 pos, the cmp must result * in false @@ -399,9 +449,11 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); } else { + /* just the inverse of the above statement */ icmp_inv_sig_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); + } sign_bb->getInstList().push_back(icmp_inv_sig_cmp); @@ -439,12 +491,15 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, // worklist.push_back(icmp_inv_sig_cmp); return true; + } bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, CmpWorklist &worklist) { + auto pred = cmp_inst->getPredicate(); switch (pred) { + case CmpInst::ICMP_EQ: case CmpInst::ICMP_NE: case CmpInst::ICMP_UGT: @@ -453,6 +508,7 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, default: // unsupported predicate! return false; + } auto op0 = cmp_inst->getOperand(0); @@ -461,14 +517,18 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, // get bitwidth by checking the bitwidth of the first operator IntegerType *intTyOp0 = dyn_cast(op0->getType()); if (!intTyOp0) { + // not an integer type return false; + } unsigned bitw = intTyOp0->getBitWidth(); if (bitw == target_bitwidth) { + // already the target bitwidth so we have to do nothing here. return true; + } LLVMContext &C = M.getContext(); @@ -497,15 +557,17 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, /* now we have to destinguish between == != and > < */ switch (pred) { + case CmpInst::ICMP_EQ: case CmpInst::ICMP_NE: { + /* transformation for == and != icmps */ /* create a compare for the lower half of the original operands */ BasicBlock *cmp_low_bb = BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); - Value *op0_low, *op1_low; + Value * op0_low, *op1_low; IRBuilder<> Builder(cmp_low_bb); op0_low = Builder.CreateTrunc(op0, NewIntType); @@ -519,11 +581,16 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, auto term = bb->getTerminator(); BranchInst *br = nullptr; if (pred == CmpInst::ICMP_EQ) { + br = BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); + } else { + /* CmpInst::ICMP_NE */ br = BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); + } + term->eraseFromParent(); /* create the PHI and connect the edges accordingly */ @@ -531,32 +598,43 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, PN->addIncoming(icmp_low, cmp_low_bb); Value *val = nullptr; if (pred == CmpInst::ICMP_EQ) { + val = ConstantInt::get(Int1Ty, 0); + } else { + /* CmpInst::ICMP_NE */ val = ConstantInt::get(Int1Ty, 1); + } + PN->addIncoming(val, icmp_high->getParent()); break; + } + case CmpInst::ICMP_UGT: case CmpInst::ICMP_ULT: { + /* transformations for < and > */ /* create a basic block which checks for the inverse predicate. * if this is true we can go to the end if not we have to go to the * bb which checks the lower half of the operands */ Instruction *op0_low, *op1_low; - CmpInst *icmp_inv_cmp = nullptr; + CmpInst * icmp_inv_cmp = nullptr; BasicBlock * inv_cmp_bb = BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); if (pred == CmpInst::ICMP_UGT) { + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, op0_high, op1_high); } else { + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, op0_high, op1_high); + } inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); @@ -585,9 +663,12 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); break; + } + default: return false; + } BasicBlock::iterator ii(cmp_inst); @@ -597,14 +678,18 @@ bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, // bitwidth we recursivly split the low and high parts again until we have // target bitwidth. if ((bitw / 2) > target_bitwidth) { + worklist.push_back(icmp_high); worklist.push_back(icmp_low); + } return true; + } bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { + CmpWorklist worklist; auto op0 = I->getOperand(0); @@ -625,23 +710,35 @@ bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { I->getPredicate() == CmpInst::ICMP_SGE || I->getPredicate() == CmpInst::ICMP_ULE || I->getPredicate() == CmpInst::ICMP_SLE) { + if (!simplifyOrEqualsCompare(I, M, worklist)) { + reportError( "Failed to simplify inequality or equals comparison " "(UGE,SGE,ULE,SLE)", I, M); + } + } else if (I->getPredicate() == CmpInst::ICMP_SGT || + I->getPredicate() == CmpInst::ICMP_SLT) { + if (!simplifySignedCompare(I, M, worklist)) { + reportError("Failed to simplify signed comparison (SGT,SLT)", I, M); + } + } #ifdef VERIFY_TOO_MUCH if (verifyFunction(*F, &errs())) { + reportError("simpliyfing compare lead to broken function", nullptr, M); + } + #endif // the simplification methods replace the original CmpInst and push the @@ -650,27 +747,38 @@ bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { if (worklist.size() == 0) { worklist.push_back(I); } while (!worklist.empty()) { + CmpInst *cmp = worklist.pop_back_val(); // we split the simplified compares into comparisons with smaller bitwidths // if they are larger than our target_bitwidth. if (bitw > target_bitwidth) { + if (!splitCompare(cmp, M, worklist)) { + reportError("Failed to split comparison", cmp, M); + } #ifdef VERIFY_TOO_MUCH if (verifyFunction(*F, &errs())) { + reportError("splitting compare lead to broken function", nullptr, M); + } + #endif + } + } count++; return true; + } size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { + --in; in |= in >> 1; in |= in >> 2; @@ -678,10 +786,12 @@ size_t SplitComparesTransform::nextPowerOfTwo(size_t in) { // in |= in >> 8; // in |= in >> 16; return in + 1; + } /* splits fcmps into two nested fcmps with sign compare and the rest */ size_t SplitComparesTransform::splitFPCompares(Module &M) { + size_t count = 0; LLVMContext &C = M.getContext(); @@ -693,9 +803,13 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* define unions with floating point and (sign, exponent, mantissa) triples */ if (dl.isLittleEndian()) { + } else if (dl.isBigEndian()) { + } else { + return count; + } #endif @@ -705,13 +819,17 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { /* get all EQ, NE, GT, and LT fcmps. if the other two * functions were executed only these four predicates should exist */ for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { + for (auto &IN : BB) { + CmpInst *selectcmpInst = nullptr; if ((selectcmpInst = dyn_cast(&IN))) { + if (selectcmpInst->getPredicate() == CmpInst::FCMP_OEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_UEQ || selectcmpInst->getPredicate() == CmpInst::FCMP_ONE || @@ -720,6 +838,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { selectcmpInst->getPredicate() == CmpInst::FCMP_OGT || selectcmpInst->getPredicate() == CmpInst::FCMP_ULT || selectcmpInst->getPredicate() == CmpInst::FCMP_OLT) { + auto op0 = selectcmpInst->getOperand(0); auto op1 = selectcmpInst->getOperand(1); @@ -731,10 +850,15 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (TyOp0->isArrayTy() || TyOp0->isVectorTy()) { continue; } fcomps.push_back(selectcmpInst); + } + } + } + } + } if (!fcomps.size()) { return count; } @@ -742,6 +866,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { IntegerType *Int1Ty = IntegerType::getInt1Ty(C); for (auto &FcmpInst : fcomps) { + BasicBlock *bb = FcmpInst->getParent(); auto op0 = FcmpInst->getOperand(0); @@ -866,6 +991,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), t_e1); if (sizeInBits - precision < exTySizeBytes * 8) { + m_e0 = BinaryOperator::Create( Instruction::And, t_e0, ConstantInt::get(t_e0->getType(), mask_exponent)); @@ -878,8 +1004,10 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(signequal_bb->getTerminator()), m_e1); } else { + m_e0 = t_e0; m_e1 = t_e1; + } /* compare the exponents of the operands */ @@ -887,6 +1015,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction *icmp_exponent_result; BasicBlock * signequal2_bb = signequal_bb; switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_exponent_result = @@ -956,6 +1085,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; + } signequal2_bb->getInstList().insert( @@ -963,9 +1093,11 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { icmp_exponent_result); { + term = signequal2_bb->getTerminator(); switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* if the exponents are satifying the compare do a fraction cmp in @@ -988,9 +1120,11 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; + } term->eraseFromParent(); + } /* isolate the mantissa aka fraction */ @@ -998,6 +1132,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { bool needTrunc = IntFractionTy->getPrimitiveSizeInBits() < op_size; if (precision - 1 < frTySizeBytes * 8) { + Instruction *m_f0, *m_f1; m_f0 = BinaryOperator::Create( Instruction::And, b_op0, @@ -1011,6 +1146,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), m_f1); if (needTrunc) { + t_f0 = new TruncInst(m_f0, IntFractionTy); t_f1 = new TruncInst(m_f1, IntFractionTy); middle_bb->getInstList().insert( @@ -1019,12 +1155,16 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { + t_f0 = m_f0; t_f1 = m_f1; + } } else { + if (needTrunc) { + t_f0 = new TruncInst(b_op0, IntFractionTy); t_f1 = new TruncInst(b_op1, IntFractionTy); middle_bb->getInstList().insert( @@ -1033,9 +1173,12 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock::iterator(middle_bb->getTerminator()), t_f1); } else { + t_f0 = b_op0; t_f1 = b_op1; + } + } /* compare the fractions of the operands */ @@ -1043,6 +1186,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { BasicBlock * middle2_bb = middle_bb; PHINode * PN2 = nullptr; switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: icmp_fraction_result = @@ -1065,6 +1209,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { case CmpInst::FCMP_UGT: case CmpInst::FCMP_OLT: case CmpInst::FCMP_ULT: { + Instruction *icmp_fraction_result2; middle2_bb = middle_bb->splitBasicBlock( @@ -1077,6 +1222,7 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { if (FcmpInst->getPredicate() == CmpInst::FCMP_OGT || FcmpInst->getPredicate() == CmpInst::FCMP_UGT) { + negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); @@ -1085,12 +1231,14 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); } else { + negative_bb->getInstList().push_back( icmp_fraction_result = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_UGT, t_f0, t_f1)); positive_bb->getInstList().push_back( icmp_fraction_result2 = CmpInst::Create( Instruction::ICmp, CmpInst::ICMP_ULT, t_f0, t_f1)); + } BranchInst::Create(middle2_bb, negative_bb); @@ -1110,11 +1258,13 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { default: continue; + } PHINode *PN = PHINode::Create(Int1Ty, 3, ""); switch (FcmpInst->getPredicate()) { + case CmpInst::FCMP_UEQ: case CmpInst::FCMP_OEQ: /* unequal signs cannot be equal values */ @@ -1153,17 +1303,21 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { break; default: continue; + } BasicBlock::iterator ii(FcmpInst); ReplaceInstWithInst(FcmpInst->getParent()->getInstList(), ii, PN); ++count; + } return count; + } bool SplitComparesTransform::runOnModule(Module &M) { + char *bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); if (bitw_env) { target_bitwidth = atoi(bitw_env); } @@ -1172,6 +1326,7 @@ bool SplitComparesTransform::runOnModule(Module &M) { if ((isatty(2) && getenv("AFL_QUIET") == NULL) || getenv("AFL_DEBUG") != NULL) { + errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " "heiko@hexco.de (splitting icmp to " << target_bitwidth << " bit)\n"; @@ -1179,10 +1334,13 @@ bool SplitComparesTransform::runOnModule(Module &M) { if (getenv("AFL_DEBUG") != NULL && !debug) { debug = 1; } } else { + be_quiet = 1; + } if (enableFPSplit) { + count = splitFPCompares(M); /* @@ -1195,55 +1353,76 @@ bool SplitComparesTransform::runOnModule(Module &M) { */ simplifyFPCompares(M); + } std::vector worklist; /* iterate over all functions, bbs and instruction search for all integer * compare instructions. Save them into the worklist for later. */ for (auto &F : M) { + if (!isInInstrumentList(&F)) continue; for (auto &BB : F) { + for (auto &IN : BB) { + if (auto CI = dyn_cast(&IN)) { + auto op0 = CI->getOperand(0); auto op1 = CI->getOperand(1); if (!op0 || !op1) { return false; } auto iTy1 = dyn_cast(op0->getType()); if (iTy1 && isa(op1->getType())) { + unsigned bitw = iTy1->getBitWidth(); if (isSupportedBitWidth(bitw)) { worklist.push_back(CI); } + } + } + } + } + } // now that we have a list of all integer comparisons we can start replacing // them with the splitted alternatives. for (auto CI : worklist) { + simplifyAndSplit(CI, M); + } bool brokenDebug = false; if (verifyModule(M, &errs(), &brokenDebug)) { + reportError( "Module Verifier failed! Consider reporting a bug with the AFL++ " "project.", nullptr, M); + } if (brokenDebug) { + reportError("Module Verifier reported broken Debug Infos - Stripping!", nullptr, M); StripDebugInfo(M); + } + return true; + } static void registerSplitComparesPass(const PassManagerBuilder &, legacy::PassManagerBase &PM) { + PM.add(new SplitComparesTransform()); + } static RegisterStandardPasses RegisterSplitComparesPass( @@ -1262,3 +1441,4 @@ static RegisterPass X("splitcompares", "AFL++ split compares", true /* Only looks at CFG */, true /* Analysis Pass */); + From d2e256e73a2146b125c316e66a96f0215414411b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 11 Jun 2021 14:39:35 +0200 Subject: [PATCH 343/441] fix to instrument global c++ namespace functions --- docs/Changelog.md | 3 ++- instrumentation/afl-llvm-common.cc | 5 ++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 0e2ce27d..d3863c74 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -19,9 +19,10 @@ sending a mail to . - afl-cc - Update to COMPCOV/laf-intel that speeds up the instrumentation process a lot - thanks to Michael Rodler/f0rki for the PR! + - Fix to instrument global functions in c++ - Fix for llvm 13 - support partial linking - - We do support llvm versions from 3.8 again + - We do support llvm versions from 3.8 to 5.0 again - afl_analyze - fix timeout handling and support forkserver - ensure afl-compiler-rt is built for gcc_module diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index af32e2f9..3239ea91 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -96,9 +96,8 @@ bool isIgnoreFunction(const llvm::Function *F) { static constexpr const char *ignoreSubstringList[] = { - "__asan", "__msan", "__ubsan", "__lsan", - "__san", "__sanitize", "__cxx", "_GLOBAL__", - "DebugCounter", "DwarfDebug", "DebugLoc" + "__asan", "__msan", "__ubsan", "__lsan", "__san", "__sanitize", + "__cxx", "DebugCounter", "DwarfDebug", "DebugLoc" }; From dfff952f5371b184b021fda3a81fbd3fd6b205ac Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 11 Jun 2021 15:07:04 +0200 Subject: [PATCH 344/441] update changelog --- docs/Changelog.md | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index d3863c74..8738ffa3 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -13,20 +13,23 @@ sending a mail to . - fix -F when a '/' was part of the parameter - fixed a crash for cmplog for very slow inputs - removed implied -D determinstic from -M main - - if the target becomes unavailable check out out/default/error.txt for - an indicator why + - if the target becomes unavailable check out out/default/error.txt + for an indicator why - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL - - afl-cc - - Update to COMPCOV/laf-intel that speeds up the instrumentation process - a lot - thanks to Michael Rodler/f0rki for the PR! - - Fix to instrument global functions in c++ + - afl-cc: + - Update to COMPCOV/laf-intel that speeds up the instrumentation + process a lot - thanks to Michael Rodler/f0rki for the PR! + - Fix to instrument global namespace functions in c++ - Fix for llvm 13 - support partial linking - We do support llvm versions from 3.8 to 5.0 again - - afl_analyze - - fix timeout handling and support forkserver + - frida_mode: + - fix for cmplog + - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET + - afl_analyze: + - fix timeout handling + - add forkserver support for better performance - ensure afl-compiler-rt is built for gcc_module - - afl-analyze now uses the forkserver for increased performance ### Version ++3.13c (release) From 8c1b0aba5f196e3ae58399b660442e77613c5558 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 11 Jun 2021 15:32:52 +0200 Subject: [PATCH 345/441] document frida changes --- README.md | 28 ++++++++++++++-------------- docs/Changelog.md | 2 ++ 2 files changed, 16 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index bc547b3c..f66eb288 100644 --- a/README.md +++ b/README.md @@ -88,20 +88,20 @@ behaviours and defaults: with laf-intel and redqueen, frida mode, unicorn mode, gcc plugin, full *BSD, Mac OS, Solaris and Android support and much, much, much more. - | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | - | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| - | Threadsafe counters | | x(3) | | | | | - | NeverZero | x86[_64]| x(1) | x | x | x | x | - | Persistent Mode | | x | x | x86[_64] | x86[_64]/arm[64] | x | - | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | x86[_64] | x86[_64]/arm[64] | | - | Selective Instrumentation| | x | x | x | x | | - | Non-Colliding Coverage | | x(4) | | | (x)(5) | | - | Ngram prev_loc Coverage | | x(6) | | | | | - | Context Coverage | | x(6) | | | | | - | Auto Dictionary | | x(7) | | | | | - | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | - | Shared Memory Testcases | | x | x | x | x | x | + | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | + | -------------------------|:-------:|:---------:|:----------:|:----------------:|:----------------:|:----------------:| + | Threadsafe counters | | x(3) | | | | | + | NeverZero | x86[_64]| x(1) | x | x | x | x | + | Persistent Mode | | x | x | x86[_64]/arm[64] | x86[_64]/arm[64] | x | + | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm[64] | + | CmpLog | | x | | x86[_64]/arm[64] | x86[_64]/arm[64] | | + | Selective Instrumentation| | x | x | x | x | | + | Non-Colliding Coverage | | x(4) | | | (x)(5) | | + | Ngram prev_loc Coverage | | x(6) | | | | | + | Context Coverage | | x(6) | | | | | + | Auto Dictionary | | x(7) | | | | | + | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | + | Shared Memory Testcases | | x | x | x | x | x | 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin diff --git a/docs/Changelog.md b/docs/Changelog.md index eebcaed4..9f70535a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -26,6 +26,8 @@ sending a mail to . - frida_mode: - fix for cmplog - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET + - feature parity of aarch64 with intel now (persistent, cmplog, + in-memory testcases, asan) - afl_analyze: - fix timeout handling - add forkserver support for better performance From 2516324d3edb8d7936de7f4279405885cb87351a Mon Sep 17 00:00:00 2001 From: Artis <32833063+Artis24106@users.noreply.github.com> Date: Fri, 11 Jun 2021 21:41:16 +0800 Subject: [PATCH 346/441] Fix typo in README.md (#974) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f66eb288..a9150fb7 100644 --- a/README.md +++ b/README.md @@ -796,7 +796,7 @@ If you do not have to use Unicorn the following setup is recommended to use qemu_mode: * run 1 afl-fuzz -Q instance with CMPLOG (`-c 0` + `AFL_COMPCOV_LEVEL=2`) * run 1 afl-fuzz -Q instance with QASAN (`AFL_USE_QASAN=1`) - * run 1 afl-fuzz -Q instance with LAF (``AFL_PRELOAD=libcmpcov.so` + `AFL_COMPCOV_LEVEL=2`) + * run 1 afl-fuzz -Q instance with LAF (`AFL_PRELOAD=libcmpcov.so` + `AFL_COMPCOV_LEVEL=2`) Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. From 35c23be9738882cefce854530fcb954c290e8f17 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 11 Jun 2021 21:34:56 +0200 Subject: [PATCH 347/441] adapt for LLVM 3.8.0 --- instrumentation/split-compares-pass.so.cc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 10f86a66..68f6c329 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -432,7 +432,7 @@ bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, s_op1 = IRB.CreateLShr(op1, ConstantInt::get(IntType, bitw - 1)); t_op1 = IRB.CreateTruncOrBitCast(s_op1, Int1Ty); /* compare of the sign bits */ - icmp_sign_bit = IRB.CreateCmp(CmpInst::ICMP_EQ, t_op0, t_op1); + icmp_sign_bit = IRB.CreateICmp(CmpInst::ICMP_EQ, t_op0, t_op1); /* create a new basic block which is executed if the signedness bit is * different */ @@ -1397,7 +1397,11 @@ bool SplitComparesTransform::runOnModule(Module &M) { } bool brokenDebug = false; - if (verifyModule(M, &errs(), &brokenDebug)) { + if (verifyModule( M, &errs() +#if LLVM_VERSION_MAJOR > 3 || (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) + ,&brokenDebug // 9th May 2016 +#endif + )) { reportError( "Module Verifier failed! Consider reporting a bug with the AFL++ " From ade8cdca55951958024c86766453430f904381c5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sat, 12 Jun 2021 10:08:24 +0200 Subject: [PATCH 348/441] fix README --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index a9150fb7..91f28118 100644 --- a/README.md +++ b/README.md @@ -92,16 +92,16 @@ behaviours and defaults: | -------------------------|:-------:|:---------:|:----------:|:----------------:|:----------------:|:----------------:| | Threadsafe counters | | x(3) | | | | | | NeverZero | x86[_64]| x(1) | x | x | x | x | - | Persistent Mode | | x | x | x86[_64]/arm[64] | x86[_64]/arm[64] | x | + | Persistent Mode | | x | x | x86[_64]/arm64 | x86[_64]/arm[64] | x | | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm[64] | - | CmpLog | | x | | x86[_64]/arm[64] | x86[_64]/arm[64] | | + | CmpLog | | x | | x86[_64]/arm64 | x86[_64]/arm[64] | | | Selective Instrumentation| | x | x | x | x | | | Non-Colliding Coverage | | x(4) | | | (x)(5) | | | Ngram prev_loc Coverage | | x(6) | | | | | | Context Coverage | | x(6) | | | | | | Auto Dictionary | | x(7) | | | | | | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | - | Shared Memory Testcases | | x | x | x | x | x | + | Shared Memory Testcases | | x | x | x86[_64]/arm64 | x | x | 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin From 74fcb365e99ce86e405e52b586baa9d0f825f70c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 14 Jun 2021 12:36:41 +0200 Subject: [PATCH 349/441] little inline --- src/afl-fuzz-one.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index c3ce2edd..11adebf4 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -73,7 +73,7 @@ static int select_algorithm(afl_state_t *afl, u32 max_algorithm) { /* Helper to choose random block len for block operations in fuzz_one(). Doesn't return zero, provided that max_len is > 0. */ -static u32 choose_block_len(afl_state_t *afl, u32 limit) { +static inline u32 choose_block_len(afl_state_t *afl, u32 limit) { u32 min_value, max_value; u32 rlim = MIN(afl->queue_cycle, (u32)3); From ef5fd33120ca2b5a0a8a3e282224e67ac93f44a2 Mon Sep 17 00:00:00 2001 From: Dustin Spicuzza Date: Mon, 14 Jun 2021 15:21:01 -0400 Subject: [PATCH 350/441] Add debug output to alert user to calibration progress/issues (#969) --- src/afl-fuzz-run.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 758bad25..fb0b5ead 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -355,6 +355,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { + if (unlikely(afl->debug)) { DEBUGF("calibration stage %d/%d\n", afl->stage_cur+1, afl->stage_max); } + u64 cksum; write_to_testcase(afl, use_mem, q->len); @@ -402,6 +404,15 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } + if (unlikely(!var_detected)) { + // note: from_queue seems to only be set during initialization + if (afl->afl_env.afl_no_ui || from_queue) { + WARNF("instability detected during calibration\n"); + } else if (afl->debug) { + DEBUGF("instability detected during calibration\n"); + } + } + var_detected = 1; afl->stage_max = afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; From 0c3feba3f6b3a517b21f9e96fa5e0758e959dec1 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 14 Jun 2021 22:58:08 +0200 Subject: [PATCH 351/441] aflppdriver help output --- utils/aflpp_driver/aflpp_driver.c | 32 ++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index c094c425..ff42f3b9 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -204,21 +204,23 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) { int main(int argc, char **argv) { - printf( - "============================== INFO ================================\n" - "This binary is built for afl++.\n" - "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " - "option\n" - "To run the target function on individual input(s) execute this:\n" - " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" - "To fuzz with afl-fuzz execute this:\n" - " afl-fuzz [afl-flags] -- %s [-N]\n" - "afl-fuzz will run N iterations before re-spawning the process (default: " - "INT_MAX)\n" - "For stdin input processing, pass '-' as single command line option.\n" - "For file input processing, pass '@@' as single command line option.\n" - "===================================================================\n", - argv[0], argv[0]); + if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) + printf( + "============================== INFO ================================\n" + "This binary is built for afl++.\n" + "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " + "option\n" + "To run the target function on individual input(s) execute this:\n" + " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" + "To fuzz with afl-fuzz execute this:\n" + " afl-fuzz [afl-flags] -- %s [-N]\n" + "afl-fuzz will run N iterations before re-spawning the process " + "(default: " + "INT_MAX)\n" + "For stdin input processing, pass '-' as single command line option.\n" + "For file input processing, pass '@@' as single command line option.\n" + "===================================================================\n", + argv[0], argv[0]); if (getenv("AFL_GDB")) { From f3362007edb30cf411b7bee7c013c4e71dc69e39 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 14 Jun 2021 22:59:48 +0200 Subject: [PATCH 352/441] code format --- src/afl-fuzz-run.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index fb0b5ead..49856a9f 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -355,7 +355,11 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { - if (unlikely(afl->debug)) { DEBUGF("calibration stage %d/%d\n", afl->stage_cur+1, afl->stage_max); } + if (unlikely(afl->debug)) { + + DEBUGF("calibration stage %d/%d\n", afl->stage_cur + 1, afl->stage_max); + + } u64 cksum; @@ -405,12 +409,18 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } if (unlikely(!var_detected)) { + // note: from_queue seems to only be set during initialization if (afl->afl_env.afl_no_ui || from_queue) { + WARNF("instability detected during calibration\n"); + } else if (afl->debug) { + DEBUGF("instability detected during calibration\n"); + } + } var_detected = 1; From 7bcd4e290111ca81d6d58d1b70696e9e9aaa5ac1 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 14 Jun 2021 23:48:47 +0200 Subject: [PATCH 353/441] push to stable (#973) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release * back push (#952) * Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters Co-authored-by: van Hauser Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic * v3.13c release (#950) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder- * v3.14a init * remove redundant unsetenv (#947) * update MacOS Install information * add missing clean action for frida_mode * ensure memory is there before free * adapt to incompatible LLVM 13 API * fix stupid typos * add fix info * build afl-compiler-rt even with broken llvm * fix -F with slash option * dynamic_list and afl-compiler-rt rework * detect partial linking in afl-cc * partial linking with -Wl * Add proper name and URL for Zafl (#959) * move link * add known frontends for supported compiler infrastructures * add Rust * fix ui fuzzing stage index (#960) * fix overflowing UI fields 'now processing' * restored timeout handling (with SIGALRM for now) * On non-Linux systems make clean may fail for frida_mode * give hint how to set env var for path to llvm-config tool * setting AFL_CC for test-llvm.sh on FreeBSD is not necessary anymore * remove -D from -M * write target errors to out_dir/error.txt * add changelog entry * add changelog * format * more info for error logging * Forkserver for afl-analyze (#963) * afl-analyze forkserver * added missing vars to forkserver * synchronized a bit more with afl-tmin * more debugging, runs now, but need to suppress target output * fix dev/null setting * afl-analyze info: Co-authored-by: hexcoder- * proper newlines * reenable LLVM 3.8 ( Ubuntu 16.04 ) * FRIDA AARCH64 support (#965) Co-authored-by: Your Name * adapt docs to minimum LLVM version * adapt to minimum llvm version * remove warning regarding core_pattern (was wrong/unnecessary anyway) * avoid code duplication, symlink header file * clippy fixes * add test cases for splitting integer comparisons * Revert "add test cases for splitting integer comparisons" This reverts commit e0aa411647e1a525a3a0488d929ec71611388d54. * add test cases for splitting integer comparisons * FRIDA - Remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET (#970) Co-authored-by: Your Name * fix AFL_CAL_FAST * fix cmplog screen update crash * Frida complog fix (#971) * Fix complog issue with changing address space * Added support for printing command line and environment during startup * Review fixes Co-authored-by: Your Name * Improve tracing support to include real addresses and edge ids and also support logging edges only once (#972) Co-authored-by: Your Name * split-comparison llvm pass refactor for smaller compilation times (and a small bug fix) (#964) * Refactored split compare pass to be more efficient in LTO usage and allow splitting to other minimum bitwidths. Efficiency: avoid looping over the whole llvm module N times, when once is also enough. Bitwidth: Previously, due to fallthrough in switch-case, all comparisons were split to 8-bit, which might not be desirable e.g., 16 or 32 bit might be enough. So now all comparison are split until they are smaller or equal to the target bitwidth, which is controlled through the `AFL_LLVM_LAF_SPLIT_COMPARES_BITW` environment variable. * fixed miscompilation due to incorrectly trying to split a signed comparison operator * minor formatting updates and use IRBuilder when inserting multiple instructions * added @hexcoder-'s test-int_cases.c to make test * Avoid recursion; switch to smallvector in splitAndSimplify; use switch case for icmp type; * Fixed issue when splitting < where the inverse comparison was not further split * some cleanup * code format * fix to instrument global c++ namespace functions * update changelog * document frida changes * Fix typo in README.md (#974) * adapt for LLVM 3.8.0 * fix README * little inline * Add debug output to alert user to calibration progress/issues (#969) * aflppdriver help output * code format Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: terrynini Co-authored-by: jdhiser Co-authored-by: yuan Co-authored-by: Michael Rodler Co-authored-by: Artis <32833063+Artis24106@users.noreply.github.com> --- README.md | 30 +- .../radamsa/custom_mutator_helpers.h | 343 +----- docs/Changelog.md | 27 +- docs/FAQ.md | 21 + docs/env_variables.md | 4 +- frida_mode/GNUmakefile | 1 + frida_mode/README.md | 10 +- frida_mode/src/cmplog/cmplog.c | 84 ++ frida_mode/src/instrument/instrument.c | 111 +- frida_mode/src/main.c | 84 +- frida_mode/src/persistent/persistent.c | 13 - frida_mode/src/persistent/persistent_arm64.c | 12 +- frida_mode/src/persistent/persistent_x64.c | 53 +- frida_mode/src/persistent/persistent_x86.c | 40 +- frida_mode/test/persistent_ret/GNUmakefile | 5 - frida_mode/test/unstable/GNUmakefile | 90 ++ frida_mode/test/unstable/Makefile | 19 + frida_mode/test/unstable/get_symbol_addr.py | 36 + frida_mode/test/unstable/unstable.c | 67 ++ include/afl-fuzz.h | 4 +- include/envs.h | 2 +- instrumentation/afl-llvm-common.cc | 5 +- instrumentation/split-compares-pass.so.cc | 1065 +++++++++-------- src/afl-analyze.c | 9 +- src/afl-common.c | 2 + src/afl-fuzz-one.c | 2 +- src/afl-fuzz-redqueen.c | 91 +- src/afl-fuzz-run.c | 26 +- src/afl-fuzz-state.c | 9 +- src/afl-fuzz.c | 9 - test/test-basic.sh | 10 - test/test-gcc-plugin.sh | 4 - test/test-int_cases.c | 424 +++++++ test/test-llvm.sh | 27 +- test/test-uint_cases.c | 217 ++++ .../samples/speedtest/rust/src/main.rs | 11 +- utils/aflpp_driver/aflpp_driver.c | 32 +- 37 files changed, 1962 insertions(+), 1037 deletions(-) mode change 100644 => 120000 custom_mutators/radamsa/custom_mutator_helpers.h create mode 100644 frida_mode/test/unstable/GNUmakefile create mode 100644 frida_mode/test/unstable/Makefile create mode 100755 frida_mode/test/unstable/get_symbol_addr.py create mode 100644 frida_mode/test/unstable/unstable.c create mode 100644 test/test-int_cases.c create mode 100644 test/test-uint_cases.c diff --git a/README.md b/README.md index bc547b3c..91f28118 100644 --- a/README.md +++ b/README.md @@ -88,20 +88,20 @@ behaviours and defaults: with laf-intel and redqueen, frida mode, unicorn mode, gcc plugin, full *BSD, Mac OS, Solaris and Android support and much, much, much more. - | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | - | -------------------------|:-------:|:---------:|:----------:|:----------:|:----------------:|:------------:| - | Threadsafe counters | | x(3) | | | | | - | NeverZero | x86[_64]| x(1) | x | x | x | x | - | Persistent Mode | | x | x | x86[_64] | x86[_64]/arm[64] | x | - | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm | - | CmpLog | | x | | x86[_64] | x86[_64]/arm[64] | | - | Selective Instrumentation| | x | x | x | x | | - | Non-Colliding Coverage | | x(4) | | | (x)(5) | | - | Ngram prev_loc Coverage | | x(6) | | | | | - | Context Coverage | | x(6) | | | | | - | Auto Dictionary | | x(7) | | | | | - | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | - | Shared Memory Testcases | | x | x | x | x | x | + | Feature/Instrumentation | afl-gcc | llvm | gcc_plugin | frida_mode | qemu_mode |unicorn_mode | + | -------------------------|:-------:|:---------:|:----------:|:----------------:|:----------------:|:----------------:| + | Threadsafe counters | | x(3) | | | | | + | NeverZero | x86[_64]| x(1) | x | x | x | x | + | Persistent Mode | | x | x | x86[_64]/arm64 | x86[_64]/arm[64] | x | + | LAF-Intel / CompCov | | x | | | x86[_64]/arm[64] | x86[_64]/arm[64] | + | CmpLog | | x | | x86[_64]/arm64 | x86[_64]/arm[64] | | + | Selective Instrumentation| | x | x | x | x | | + | Non-Colliding Coverage | | x(4) | | | (x)(5) | | + | Ngram prev_loc Coverage | | x(6) | | | | | + | Context Coverage | | x(6) | | | | | + | Auto Dictionary | | x(7) | | | | | + | Snapshot LKM Support | | (x)(8) | (x)(8) | | (x)(5) | | + | Shared Memory Testcases | | x | x | x86[_64]/arm64 | x | x | 1. default for LLVM >= 9.0, env var for older version due an efficiency bug in previous llvm versions 2. GCC creates non-performant code, hence it is disabled in gcc_plugin @@ -796,7 +796,7 @@ If you do not have to use Unicorn the following setup is recommended to use qemu_mode: * run 1 afl-fuzz -Q instance with CMPLOG (`-c 0` + `AFL_COMPCOV_LEVEL=2`) * run 1 afl-fuzz -Q instance with QASAN (`AFL_USE_QASAN=1`) - * run 1 afl-fuzz -Q instance with LAF (``AFL_PRELOAD=libcmpcov.so` + `AFL_COMPCOV_LEVEL=2`) + * run 1 afl-fuzz -Q instance with LAF (`AFL_PRELOAD=libcmpcov.so` + `AFL_COMPCOV_LEVEL=2`) Alternatively you can use frida_mode, just switch `-Q` with `-O` and remove the LAF instance. diff --git a/custom_mutators/radamsa/custom_mutator_helpers.h b/custom_mutators/radamsa/custom_mutator_helpers.h deleted file mode 100644 index e23c0b6a..00000000 --- a/custom_mutators/radamsa/custom_mutator_helpers.h +++ /dev/null @@ -1,342 +0,0 @@ -#ifndef CUSTOM_MUTATOR_HELPERS -#define CUSTOM_MUTATOR_HELPERS - -#include "config.h" -#include "types.h" -#include - -#define INITIAL_GROWTH_SIZE (64) - -#define RAND_BELOW(limit) (rand() % (limit)) - -/* Use in a struct: creates a name_buf and a name_size variable. */ -#define BUF_VAR(type, name) \ - type * name##_buf; \ - size_t name##_size; -/* this filles in `&structptr->something_buf, &structptr->something_size`. */ -#define BUF_PARAMS(struct, name) \ - (void **)&struct->name##_buf, &struct->name##_size - -typedef struct { - -} afl_t; - -static void surgical_havoc_mutate(u8 *out_buf, s32 begin, s32 end) { - - static s8 interesting_8[] = {INTERESTING_8}; - static s16 interesting_16[] = {INTERESTING_8, INTERESTING_16}; - static s32 interesting_32[] = {INTERESTING_8, INTERESTING_16, INTERESTING_32}; - - switch (RAND_BELOW(12)) { - - case 0: { - - /* Flip a single bit somewhere. Spooky! */ - - s32 bit_idx = ((RAND_BELOW(end - begin) + begin) << 3) + RAND_BELOW(8); - - out_buf[bit_idx >> 3] ^= 128 >> (bit_idx & 7); - - break; - - } - - case 1: { - - /* Set byte to interesting value. */ - - u8 val = interesting_8[RAND_BELOW(sizeof(interesting_8))]; - out_buf[(RAND_BELOW(end - begin) + begin)] = val; - - break; - - } - - case 2: { - - /* Set word to interesting value, randomly choosing endian. */ - - if (end - begin < 2) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 1) break; - - switch (RAND_BELOW(2)) { - - case 0: - *(u16 *)(out_buf + byte_idx) = - interesting_16[RAND_BELOW(sizeof(interesting_16) >> 1)]; - break; - case 1: - *(u16 *)(out_buf + byte_idx) = - SWAP16(interesting_16[RAND_BELOW(sizeof(interesting_16) >> 1)]); - break; - - } - - break; - - } - - case 3: { - - /* Set dword to interesting value, randomly choosing endian. */ - - if (end - begin < 4) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 3) break; - - switch (RAND_BELOW(2)) { - - case 0: - *(u32 *)(out_buf + byte_idx) = - interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]; - break; - case 1: - *(u32 *)(out_buf + byte_idx) = - SWAP32(interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]); - break; - - } - - break; - - } - - case 4: { - - /* Set qword to interesting value, randomly choosing endian. */ - - if (end - begin < 8) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 7) break; - - switch (RAND_BELOW(2)) { - - case 0: - *(u64 *)(out_buf + byte_idx) = - (s64)interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]; - break; - case 1: - *(u64 *)(out_buf + byte_idx) = SWAP64( - (s64)interesting_32[RAND_BELOW(sizeof(interesting_32) >> 2)]); - break; - - } - - break; - - } - - case 5: { - - /* Randomly subtract from byte. */ - - out_buf[(RAND_BELOW(end - begin) + begin)] -= 1 + RAND_BELOW(ARITH_MAX); - - break; - - } - - case 6: { - - /* Randomly add to byte. */ - - out_buf[(RAND_BELOW(end - begin) + begin)] += 1 + RAND_BELOW(ARITH_MAX); - - break; - - } - - case 7: { - - /* Randomly subtract from word, random endian. */ - - if (end - begin < 2) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 1) break; - - if (RAND_BELOW(2)) { - - *(u16 *)(out_buf + byte_idx) -= 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u16 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u16 *)(out_buf + byte_idx) = - SWAP16(SWAP16(*(u16 *)(out_buf + byte_idx)) - num); - - } - - break; - - } - - case 8: { - - /* Randomly add to word, random endian. */ - - if (end - begin < 2) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 1) break; - - if (RAND_BELOW(2)) { - - *(u16 *)(out_buf + byte_idx) += 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u16 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u16 *)(out_buf + byte_idx) = - SWAP16(SWAP16(*(u16 *)(out_buf + byte_idx)) + num); - - } - - break; - - } - - case 9: { - - /* Randomly subtract from dword, random endian. */ - - if (end - begin < 4) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 3) break; - - if (RAND_BELOW(2)) { - - *(u32 *)(out_buf + byte_idx) -= 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u32 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u32 *)(out_buf + byte_idx) = - SWAP32(SWAP32(*(u32 *)(out_buf + byte_idx)) - num); - - } - - break; - - } - - case 10: { - - /* Randomly add to dword, random endian. */ - - if (end - begin < 4) break; - - s32 byte_idx = (RAND_BELOW(end - begin) + begin); - - if (byte_idx >= end - 3) break; - - if (RAND_BELOW(2)) { - - *(u32 *)(out_buf + byte_idx) += 1 + RAND_BELOW(ARITH_MAX); - - } else { - - u32 num = 1 + RAND_BELOW(ARITH_MAX); - - *(u32 *)(out_buf + byte_idx) = - SWAP32(SWAP32(*(u32 *)(out_buf + byte_idx)) + num); - - } - - break; - - } - - case 11: { - - /* Just set a random byte to a random value. Because, - why not. We use XOR with 1-255 to eliminate the - possibility of a no-op. */ - - out_buf[(RAND_BELOW(end - begin) + begin)] ^= 1 + RAND_BELOW(255); - - break; - - } - - } - -} - -/* This function calculates the next power of 2 greater or equal its argument. - @return The rounded up power of 2 (if no overflow) or 0 on overflow. -*/ -static inline size_t next_pow2(size_t in) { - - if (in == 0 || in > (size_t)-1) - return 0; /* avoid undefined behaviour under-/overflow */ - size_t out = in - 1; - out |= out >> 1; - out |= out >> 2; - out |= out >> 4; - out |= out >> 8; - out |= out >> 16; - return out + 1; - -} - -/* This function makes sure *size is > size_needed after call. - It will realloc *buf otherwise. - *size will grow exponentially as per: - https://blog.mozilla.org/nnethercote/2014/11/04/please-grow-your-buffers-exponentially/ - Will return NULL and free *buf if size_needed is <1 or realloc failed. - @return For convenience, this function returns *buf. - */ -static inline void *maybe_grow(void **buf, size_t *size, size_t size_needed) { - - /* No need to realloc */ - if (likely(size_needed && *size >= size_needed)) return *buf; - - /* No initial size was set */ - if (size_needed < INITIAL_GROWTH_SIZE) size_needed = INITIAL_GROWTH_SIZE; - - /* grow exponentially */ - size_t next_size = next_pow2(size_needed); - - /* handle overflow */ - if (!next_size) { next_size = size_needed; } - - /* alloc */ - *buf = realloc(*buf, next_size); - *size = *buf ? next_size : 0; - - return *buf; - -} - -/* Swaps buf1 ptr and buf2 ptr, as well as their sizes */ -static inline void afl_swap_bufs(void **buf1, size_t *size1, void **buf2, - size_t *size2) { - - void * scratch_buf = *buf1; - size_t scratch_size = *size1; - *buf1 = *buf2; - *size1 = *size2; - *buf2 = scratch_buf; - *size2 = scratch_size; - -} - -#undef INITIAL_GROWTH_SIZE - -#endif - diff --git a/custom_mutators/radamsa/custom_mutator_helpers.h b/custom_mutators/radamsa/custom_mutator_helpers.h new file mode 120000 index 00000000..f7532ef9 --- /dev/null +++ b/custom_mutators/radamsa/custom_mutator_helpers.h @@ -0,0 +1 @@ +../examples/custom_mutator_helpers.h \ No newline at end of file diff --git a/docs/Changelog.md b/docs/Changelog.md index 6c851460..9f70535a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -9,20 +9,29 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . ### Version ++3.14a (release) - - Fix for llvm 13 - afl-fuzz: - fix -F when a '/' was part of the parameter + - fixed a crash for cmplog for very slow inputs - removed implied -D determinstic from -M main - - if the target becomes unavailable check out out/default/error.txt for - an indicator why - - afl-cc + - if the target becomes unavailable check out out/default/error.txt + for an indicator why + - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL + - afl-cc: + - Update to COMPCOV/laf-intel that speeds up the instrumentation + process a lot - thanks to Michael Rodler/f0rki for the PR! + - Fix to instrument global namespace functions in c++ + - Fix for llvm 13 - support partial linking - - We do support llvm versions from 3.8 again - - afl_analyze - - fix timeout handling and support forkserver + - We do support llvm versions from 3.8 to 5.0 again + - frida_mode: + - fix for cmplog + - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET + - feature parity of aarch64 with intel now (persistent, cmplog, + in-memory testcases, asan) + - afl_analyze: + - fix timeout handling + - add forkserver support for better performance - ensure afl-compiler-rt is built for gcc_module - - afl-analyze now uses the forkserver for increased performance - ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 diff --git a/docs/FAQ.md b/docs/FAQ.md index 714d50eb..ab0abe6c 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -3,6 +3,7 @@ ## Contents * [What is the difference between afl and afl++?](#what-is-the-difference-between-afl-and-afl) + * [I got a weird compile error from clang](#i-got-a-weird-compile-error-from-clang) * [How to improve the fuzzing speed?](#how-to-improve-the-fuzzing-speed) * [How do I fuzz a network service?](#how-do-i-fuzz-a-network-service) * [How do I fuzz a GUI program?](#how-do-i-fuzz-a-gui-program) @@ -35,6 +36,26 @@ flexible and feature rich guided fuzzer available as open source. And in independent fuzzing benchmarks it is one of the best fuzzers available, e.g. [Fuzzbench Report](https://www.fuzzbench.com/reports/2020-08-03/index.html) +## I got a weird compile error from clang + +If you see this kind of error when trying to instrument a target with afl-cc/ +afl-clang-fast/afl-clang-lto: +``` +/prg/tmp/llvm-project/build/bin/clang-13: symbol lookup error: /usr/local/bin/../lib/afl//cmplog-instructions-pass.so: undefined symbol: _ZNK4llvm8TypeSizecvmEv +clang-13: error: unable to execute command: No such file or directory +clang-13: error: clang frontend command failed due to signal (use -v to see invocation) +clang version 13.0.0 (https://github.com/llvm/llvm-project 1d7cf550721c51030144f3cd295c5789d51c4aad) +Target: x86_64-unknown-linux-gnu +Thread model: posix +InstalledDir: /prg/tmp/llvm-project/build/bin +clang-13: note: diagnostic msg: +******************** +``` +Then this means that your OS updated the clang installation from an upgrade +package and because of that the afl++ llvm plugins do not match anymore. + +Solution: `git pull ; make clean install` of afl++ + ## How to improve the fuzzing speed? 1. Use [llvm_mode](docs/llvm_mode/README.md): afl-clang-lto (llvm >= 11) or afl-clang-fast (llvm >= 9 recommended) diff --git a/docs/env_variables.md b/docs/env_variables.md index 38a67bc7..e058f377 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -108,9 +108,6 @@ make fairly broad use of environmental variables instead: - Setting `AFL_QUIET` will prevent afl-cc and afl-as banners from being displayed during compilation, in case you find them distracting. - - Setting `AFL_CAL_FAST` will speed up the initial calibration, if the - application is very slow. - ## 2) Settings for LLVM and LTO: afl-clang-fast / afl-clang-fast++ / afl-clang-lto / afl-clang-lto++ The native instrumentation helpers (instrumentation and gcc_plugin) accept a subset @@ -386,6 +383,7 @@ checks or alter some of the more exotic semantics of the tool: - `AFL_FAST_CAL` keeps the calibration stage about 2.5x faster (albeit less precise), which can help when starting a session against a slow target. + `AFL_CAL_FAST` works too. - The CPU widget shown at the bottom of the screen is fairly simplistic and may complain of high load prematurely, especially on systems with low core diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index a0387cac..329d9f7f 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -20,6 +20,7 @@ RT_CFLAGS:=-Wno-unused-parameter \ -Wno-unused-function \ -Wno-unused-result \ -Wno-int-to-pointer-cast \ + -Wno-pointer-sign \ LDFLAGS+=-shared \ -lpthread \ diff --git a/frida_mode/README.md b/frida_mode/README.md index d7dd72a0..296e6405 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -75,7 +75,6 @@ following options are currently supported: * `AFL_FRIDA_PERSISTENT_CNT` - See `AFL_QEMU_PERSISTENT_CNT` * `AFL_FRIDA_PERSISTENT_HOOK` - See `AFL_QEMU_PERSISTENT_HOOK` * `AFL_FRIDA_PERSISTENT_RET` - See `AFL_QEMU_PERSISTENT_RET` -* `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` - See `AFL_QEMU_PERSISTENT_RETADDR_OFFSET` To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. @@ -156,16 +155,17 @@ instrumentation (the default where available). Required to use * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. -* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks -`AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks, +requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +* `AFL_FRIDA_INST_TRACE_UNIQUE` - As per `AFL_FRIDA_INST_TRACE`, but each edge +is logged only once, requires `AFL_FRIDA_INST_NO_OPTIMIZE`. * `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) * `AFL_FRIDA_OUTPUT_STDERR` - Redirect the standard error of the target application to the named file (supersedes the setting of `AFL_DEBUG_CHILD`) * `AFL_FRIDA_PERSISTENT_DEBUG` - Insert a Breakpoint into the instrumented code at `AFL_FRIDA_PERSISTENT_HOOK` and `AFL_FRIDA_PERSISTENT_RET` to allow the user -to determine the value of `AFL_FRIDA_PERSISTENT_RETADDR_OFFSET` using a -debugger. +to detect issues in the persistent loop using a debugger. ``` diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 7b11c350..3df7d13d 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -1,3 +1,8 @@ +#include +#include +#include +#include + #include "frida-gum.h" #include "debug.h" @@ -5,10 +10,13 @@ #include "util.h" #define DEFAULT_MMAP_MIN_ADDR (32UL << 10) +#define FD_TMP_MAX_SIZE 65536 extern struct cmp_map *__afl_cmp_map; static GArray *cmplog_ranges = NULL; +static int fd_tmp = -1; +static ssize_t fd_tmp_size = 0; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { @@ -27,6 +35,40 @@ static gint cmplog_sort(gconstpointer a, gconstpointer b) { } +static int cmplog_create_temp(void) { + + const char *tmpdir = g_get_tmp_dir(); + OKF("CMPLOG Temporary directory: %s", tmpdir); + gchar *fname = g_strdup_printf("%s/frida-cmplog-XXXXXX", tmpdir); + OKF("CMPLOG Temporary file template: %s", fname); + int fd = mkstemp(fname); + OKF("CMPLOG Temporary file: %s", fname); + + if (fd < 0) { + + FATAL("Failed to create temp file: %s, errno: %d", fname, errno); + + } + + if (unlink(fname) < 0) { + + FATAL("Failed to unlink temp file: %s (%d), errno: %d", fname, fd, errno); + + } + + if (ftruncate(fd, 0) < 0) { + + FATAL("Failed to ftruncate temp file: %s (%d), errno: %d", fname, fd, + errno); + + } + + g_free(fname); + + return fd; + +} + void cmplog_init(void) { if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } @@ -44,6 +86,13 @@ void cmplog_init(void) { } + /* + * We can't use /dev/null or /dev/zero for this since it appears that they + * don't validate the input buffer. Persumably as an optimization because they + * don't actually write any data. The file will be deleted on close. + */ + fd_tmp = cmplog_create_temp(); + } static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, @@ -67,6 +116,9 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { */ if (addr < DEFAULT_MMAP_MIN_ADDR) { return false; } + /* Check our addres/length don't wrap around */ + if (SIZE_MAX - addr < size) { return false; } + GumAddress inner_base = addr; GumAddress inner_limit = inner_base + size; @@ -81,6 +133,38 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { } + /* + * Our address map can change (e.g. stack growth), use write as a fallback to + * validate our address. + */ + ssize_t written = syscall(__NR_write, fd_tmp, (void *)addr, size); + + /* + * If the write succeeds, then the buffer must be valid otherwise it would + * return EFAULT + */ + if (written > 0) { + + fd_tmp_size += written; + if (fd_tmp_size > FD_TMP_MAX_SIZE) { + + /* + * Truncate the file, we don't want our temp file to continue growing! + */ + if (ftruncate(fd_tmp, 0) < 0) { + + FATAL("Failed to truncate fd_tmp (%d), errno: %d", fd_tmp, errno); + + } + + fd_tmp_size = 0; + + } + + if ((size_t)written == size) { return true; } + + } + return false; } diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index f261e79a..ba82b89f 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -1,4 +1,6 @@ #include +#include +#include #include "frida-gum.h" @@ -18,44 +20,50 @@ static gboolean tracing = false; static gboolean optimize = false; +static gboolean unique = false; static GumStalkerTransformer *transformer = NULL; __thread uint64_t previous_pc = 0; +static GumAddress previous_rip = 0; +static u8 * edges_notified = NULL; + +static void trace_debug(char *format, ...) { + + va_list ap; + char buffer[4096] = {0}; + int ret; + int len; + + va_start(ap, format); + ret = vsnprintf(buffer, sizeof(buffer) - 1, format, ap); + va_end(ap); + + if (ret < 0) { return; } + + len = strnlen(buffer, sizeof(buffer)); + + IGNORED_RETURN(write(STDOUT_FILENO, buffer, len)); + +} + __attribute__((hot)) static void on_basic_block(GumCpuContext *context, gpointer user_data) { UNUSED_PARAMETER(context); - /* - * This function is performance critical as it is called to instrument every - * basic block. By moving our print buffer to a global, we avoid it affecting - * the critical path with additional stack adjustments if tracing is not - * enabled. If tracing is enabled, then we're printing a load of diagnostic - * information so this overhead is unlikely to be noticeable. - */ - static char buffer[200]; - int len; - GumAddress current_pc = GUM_ADDRESS(user_data); - uint8_t * cursor; - uint64_t value; - if (unlikely(tracing)) { - /* Avoid any functions which may cause an allocation since the target app - * may already be running inside malloc and it isn't designed to be - * re-entrant on a single thread */ - len = snprintf(buffer, sizeof(buffer), - "current_pc: 0x%016" G_GINT64_MODIFIER - "x, previous_pc: 0x%016" G_GINT64_MODIFIER "x\n", - current_pc, previous_pc); + GumAddress current_rip = GUM_ADDRESS(user_data); + GumAddress current_pc; + GumAddress edge; + uint8_t * cursor; + uint64_t value; - IGNORED_RETURN(write(STDOUT_FILENO, buffer, len + 1)); - - } - - current_pc = (current_pc >> 4) ^ (current_pc << 8); + current_pc = (current_rip >> 4) ^ (current_rip << 8); current_pc &= MAP_SIZE - 1; - cursor = &__afl_area_ptr[current_pc ^ previous_pc]; + edge = current_pc ^ previous_pc; + + cursor = &__afl_area_ptr[edge]; value = *cursor; if (value == 0xff) { @@ -71,6 +79,23 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, *cursor = value; previous_pc = current_pc >> 1; + if (unlikely(tracing)) { + + if (!unique || edges_notified[edge] == 0) { + + trace_debug("TRACE: edge: %10" G_GINT64_MODIFIER + "d, current_rip: 0x%016" G_GINT64_MODIFIER + "x, previous_rip: 0x%016" G_GINT64_MODIFIER "x\n", + edge, current_rip, previous_rip); + + } + + if (unique) { edges_notified[edge] = 1; } + + previous_rip = current_rip; + + } + } static void instr_basic_block(GumStalkerIterator *iterator, @@ -164,18 +189,28 @@ void instrument_init(void) { optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); if (!instrument_is_coverage_optimize_supported()) optimize = false; OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); + OKF("Instrumentation - unique [%c]", unique ? 'X' : ' '); if (tracing && optimize) { - FATAL("AFL_FRIDA_INST_OPTIMIZE and AFL_FRIDA_INST_TRACE are incompatible"); + FATAL("AFL_FRIDA_INST_TRACE requires AFL_FRIDA_INST_NO_OPTIMIZE"); } + if (unique && optimize) { + + FATAL("AFL_FRIDA_INST_TRACE_UNIQUE requires AFL_FRIDA_INST_NO_OPTIMIZE"); + + } + + if (unique) { tracing = TRUE; } + if (__afl_map_size != 0x10000) { FATAL("Bad map size: 0x%08x", __afl_map_size); @@ -185,6 +220,28 @@ void instrument_init(void) { transformer = gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + if (unique) { + + int shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600); + if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); } + + edges_notified = shmat(shm_id, NULL, 0); + g_assert(edges_notified != MAP_FAILED); + + /* + * Configure the shared memory region to be removed once the process dies. + */ + if (shmctl(shm_id, IPC_RMID, NULL) < 0) { + + FATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); + + } + + /* Clear it, not sure it's necessary, just seems like good practice */ + memset(edges_notified, '\0', MAP_SIZE); + + } + instrument_debug_init(); asan_init(); cmplog_init(); diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 1ab9993f..7ff23755 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -1,4 +1,5 @@ #include +#include #include #include @@ -27,6 +28,8 @@ #include "stats.h" #include "util.h" +#define PROC_MAX 65536 + #ifdef __APPLE__ extern mach_port_t mach_task_self(); extern GumAddress gum_darwin_find_entrypoint(mach_port_t task); @@ -78,7 +81,7 @@ static void on_main_os(int argc, char **argv, char **envp) { #endif -static void embedded_init() { +static void embedded_init(void) { static gboolean initialized = false; if (!initialized) { @@ -90,7 +93,84 @@ static void embedded_init() { } -void afl_frida_start() { +static void afl_print_cmdline(void) { + + char * buffer = g_malloc0(PROC_MAX); + gchar *fname = g_strdup_printf("/proc/%d/cmdline", getppid()); + int fd = open(fname, O_RDONLY); + + if (fd < 0) { + + FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + + } + + ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); + if (bytes_read < 0) { + + FATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); + + } + + int idx = 0; + + for (ssize_t i = 0; i < bytes_read; i++) { + + if (i == 0 || buffer[i - 1] == '\0') { + + OKF("AFL - COMMANDLINE: argv[%d] = %s", idx++, &buffer[i]); + + } + + } + + close(fd); + g_free(fname); + g_free(buffer); + +} + +static void afl_print_env(void) { + + char * buffer = g_malloc0(PROC_MAX); + gchar *fname = g_strdup_printf("/proc/%d/environ", getppid()); + int fd = open(fname, O_RDONLY); + + if (fd < 0) { + + FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + + } + + ssize_t bytes_read = read(fd, buffer, PROC_MAX - 1); + if (bytes_read < 0) { + + FATAL("Failed to read /proc/self/cmdline, errno: (%d)", errno); + + } + + int idx = 0; + + for (ssize_t i = 0; i < bytes_read; i++) { + + if (i == 0 || buffer[i - 1] == '\0') { + + OKF("AFL - ENVIRONMENT %3d: %s", idx++, &buffer[i]); + + } + + } + + close(fd); + g_free(fname); + g_free(buffer); + +} + +void afl_frida_start(void) { + + afl_print_cmdline(); + afl_print_env(); embedded_init(); stalker_init(); diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 2ec5b9cc..243d501d 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -13,7 +13,6 @@ afl_persistent_hook_fn hook = NULL; guint64 persistent_start = 0; guint64 persistent_count = 0; guint64 persistent_ret = 0; -guint64 persistent_ret_offset = 0; gboolean persistent_debug = FALSE; void persistent_init(void) { @@ -23,8 +22,6 @@ void persistent_init(void) { persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET"); - persistent_ret_offset = - util_read_address("AFL_FRIDA_PERSISTENT_RETADDR_OFFSET"); if (getenv("AFL_FRIDA_PERSISTENT_DEBUG") != NULL) { persistent_debug = TRUE; } @@ -44,14 +41,6 @@ void persistent_init(void) { } - if (persistent_ret_offset != 0 && persistent_ret == 0) { - - FATAL( - "AFL_FRIDA_PERSISTENT_RET must be specified if " - "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET is"); - - } - if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; if (persistent_count != 0 && persistent_count < 100) @@ -68,8 +57,6 @@ void persistent_init(void) { OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_ret == 0 ? ' ' : 'X', persistent_ret); - OKF("Instrumentation - persistent ret offset [%c] (%" G_GINT64_MODIFIER "d)", - persistent_ret_offset == 0 ? ' ' : 'X', persistent_ret_offset); if (hook_name != NULL) { diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index b23693fe..d7c6c76b 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -268,13 +268,15 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, ARM64_REG_X0, (16 * 14), GUM_INDEX_SIGNED_OFFSET); - /* Don't restore RIP or RSP, use x1-x3 as clobber */ - - /* LR & Adjusted SP (clobber x1) */ + /* LR & Adjusted SP (use x1 as clobber) */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X1, ARM64_REG_X0, (16 * 15), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_mov_reg_reg(cw, ARM64_REG_SP, ARM64_REG_X1); + + /* Don't restore RIP use x1-x3 as clobber */ + /* PC (x2) & CPSR (x1) */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, ARM64_REG_X0, (16 * 16), @@ -404,7 +406,6 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; - /* Stack must be 16-byte aligned per ABI */ instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ @@ -450,9 +451,6 @@ void persistent_epilogue(GumStalkerOutput *output) { if (persistent_debug) { gum_arm64_writer_put_brk_imm(cw, 0); } - gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, - persistent_ret_offset); - gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X0, GUM_ADDRESS(&saved_lr)); diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 858ad38e..653acefe 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -43,6 +43,7 @@ struct x86_64_regs { typedef struct x86_64_regs arch_api_regs; static arch_api_regs saved_regs = {0}; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -104,7 +105,7 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, /* RED_ZONE + Saved flags, RAX, alignment */ gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, - GUM_RED_ZONE_SIZE + (0x8 * 3)); + GUM_RED_ZONE_SIZE + (0x8 * 2)); gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 16), GUM_REG_RBX); @@ -159,7 +160,9 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, (0x8 * 14)); - /* Don't restore RIP or RSP */ + /* Don't restore RIP */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX, + (0x8 * 16)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, @@ -242,6 +245,31 @@ static void persistent_prologue_hook(GumX86Writer * cw, } +static void instrument_persitent_save_ret(GumX86Writer *cw) { + + /* Stack usage by this function */ + gssize offset = GUM_RED_ZONE_SIZE + (3 * 8); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + -(GUM_RED_ZONE_SIZE)); + + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, + offset); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_RAX, GUM_REG_RBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_RBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_RAX); + gum_x86_writer_put_popfx(cw); + + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, + (GUM_RED_ZONE_SIZE)); + +} + void persistent_prologue(GumStalkerOutput *output) { /* @@ -268,11 +296,10 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; - /* Stack must be 16-byte aligned per ABI */ - instrument_persitent_save_regs(cw, &saved_regs); + /* Pop the return value */ + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8); - /* pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (8)); + instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ gum_x86_writer_put_label(cw, loop); @@ -304,6 +331,8 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + instrument_persitent_save_ret(cw); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } } @@ -314,9 +343,15 @@ void persistent_epilogue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, - persistent_ret_offset); - gum_x86_writer_put_ret(cw); + /* The stack should be aligned when we re-enter our loop */ + gconstpointer zero = cw->code + 1; + gum_x86_writer_put_test_reg_u32(cw, GUM_REG_RSP, 0xF); + gum_x86_writer_put_jcc_near_label(cw, X86_INS_JE, zero, GUM_NO_HINT); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -8); + gum_x86_writer_put_label(cw, zero); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_RAX); } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 0675edf4..7add6e99 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -39,6 +39,7 @@ struct x86_regs { typedef struct x86_regs arch_api_regs; static arch_api_regs saved_regs = {0}; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -117,7 +118,9 @@ static void instrument_persitent_restore_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, (0x4 * 6)); - /* Don't restore RIP or RSP */ + /* Don't restore RIP */ + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX, + (0x4 * 8)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, @@ -184,6 +187,26 @@ static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { } +static void instrument_persitent_save_ret(GumX86Writer *cw) { + + /* Stack usage by this function */ + gssize offset = (3 * 4); + + gum_x86_writer_put_pushfx(cw); + gum_x86_writer_put_push_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, + offset); + gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_EAX, GUM_REG_EBX); + + gum_x86_writer_put_pop_reg(cw, GUM_REG_EBX); + gum_x86_writer_put_pop_reg(cw, GUM_REG_EAX); + gum_x86_writer_put_popfx(cw); + +} + void persistent_prologue(GumStalkerOutput *output) { /* @@ -210,11 +233,10 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; - /* Stack must be 16-byte aligned per ABI */ - instrument_persitent_save_regs(cw, &saved_regs); - /* Pop the return value */ - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, (4)); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4); + + instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ gum_x86_writer_put_label(cw, loop); @@ -244,6 +266,8 @@ void persistent_prologue(GumStalkerOutput *output) { /* original: */ gum_x86_writer_put_label(cw, original); + instrument_persitent_save_ret(cw); + if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } } @@ -254,10 +278,8 @@ void persistent_epilogue(GumStalkerOutput *output) { if (persistent_debug) { gum_x86_writer_put_breakpoint(cw); } - gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, - persistent_ret_offset); - - gum_x86_writer_put_ret(cw); + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, GUM_ADDRESS(&saved_ret)); + gum_x86_writer_put_jmp_reg_ptr(cw, GUM_REG_EAX); } diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 4c9d8a19..2de51d86 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -38,8 +38,6 @@ ifeq "$(ARCH)" "x86" AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x56555000) endif -AFL_FRIDA_PERSISTENT_RETADDR_OFFSET:=0x50 - .PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) @@ -76,7 +74,6 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ - AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ $(ROOT)afl-fuzz \ -D \ -O \ @@ -89,7 +86,6 @@ debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET)' \ - --ex 'set environment AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ --ex 'set environment AFL_DEBUG_CHILD=1' \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ @@ -99,7 +95,6 @@ debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) run: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ - AFL_FRIDA_PERSISTENT_RETADDR_OFFSET=$(AFL_FRIDA_PERSISTENT_RETADDR_OFFSET) \ AFL_DEBUG_CHILD=1 \ LD_PRELOAD=$(ROOT)afl-frida-trace.so \ $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) diff --git a/frida_mode/test/unstable/GNUmakefile b/frida_mode/test/unstable/GNUmakefile new file mode 100644 index 00000000..fed417a3 --- /dev/null +++ b/frida_mode/test/unstable/GNUmakefile @@ -0,0 +1,90 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +UNSTABLE_DATA_DIR:=$(BUILD_DIR)in/ +UNSTABLE_DATA_FILE:=$(UNSTABLE_DATA_DIR)in + +UNSTABLE_BIN:=$(BUILD_DIR)unstable +UNSTABLE_SRC:=$(PWD)unstable.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x56555000) +endif + +.PHONY: all 32 clean qemu frida + +all: $(UNSTABLE_BIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(UNSTABLE_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(UNSTABLE_DATA_FILE): | $(UNSTABLE_DATA_DIR) + echo -n "000" > $@ + +$(UNSTABLE_BIN): $(UNSTABLE_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + + +qemu: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -Q \ + -i $(UNSTABLE_DATA_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(UNSTABLE_BIN) @@ + +frida: $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) + AFL_DEBUG=1 \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_FRIDA_INST_TRACE_UNIQUE=1 \ + AFL_FRIDA_INST_NO_OPTIMIZE=1 \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(UNSTABLE_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(UNSTABLE_BIN) @@ + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(UNSTABLE_BIN) $(UNSTABLE_DATA_FILE) diff --git a/frida_mode/test/unstable/Makefile b/frida_mode/test/unstable/Makefile new file mode 100644 index 00000000..f843af19 --- /dev/null +++ b/frida_mode/test/unstable/Makefile @@ -0,0 +1,19 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +qemu: + @gmake qemu + +frida: + @gmake frida + +debug: + @gmake debug diff --git a/frida_mode/test/unstable/get_symbol_addr.py b/frida_mode/test/unstable/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/unstable/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/unstable/unstable.c b/frida_mode/test/unstable/unstable.c new file mode 100644 index 00000000..67d56b73 --- /dev/null +++ b/frida_mode/test/unstable/unstable.c @@ -0,0 +1,67 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { + + if (size < 1) return; + + int r = rand(); + if ((r % 2) == 0) { + printf ("Hooray all even\n"); + } else { + printf ("Hmm that's odd\n"); + } + + // we support three input cases + if (data[0] == '0') + printf("Looks like a zero to me!\n"); + else if (data[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +void run_test(char * file) { + fprintf(stderr, "Running: %s\n", file); + FILE *f = fopen(file, "r"); + assert(f); + fseek(f, 0, SEEK_END); + size_t len = ftell(f); + fseek(f, 0, SEEK_SET); + unsigned char *buf = (unsigned char*)malloc(len); + size_t n_read = fread(buf, 1, len, f); + fclose(f); + assert(n_read == len); + LLVMFuzzerTestOneInput(buf, len); + free(buf); + fprintf(stderr, "Done: %s: (%zd bytes)\n", file, n_read); +} + +int main(int argc, char **argv) { + srand(1); + fprintf(stderr, "StandaloneFuzzTargetMain: running %d inputs\n", argc - 1); + for (int i = 1; i < argc; i++) { + run_test(argv[i]); + } +} diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 4aba3bdf..2920f905 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -478,9 +478,7 @@ typedef struct afl_state { u32 hang_tmout; /* Timeout used for hang det (ms) */ - u8 cal_cycles, /* Calibration cycles defaults */ - cal_cycles_long, /* Calibration cycles defaults */ - havoc_stack_pow2, /* HAVOC_STACK_POW2 */ + u8 havoc_stack_pow2, /* HAVOC_STACK_POW2 */ no_unlink, /* do not unlink cur_input */ debug, /* Debug mode */ custom_only, /* Custom mutator only mode */ diff --git a/include/envs.h b/include/envs.h index 15116fc1..54bb6597 100644 --- a/include/envs.h +++ b/include/envs.h @@ -60,6 +60,7 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_TRACE", + "AFL_FRIDA_INST_UNSTABLE", "AFL_FRIDA_OUTPUT_STDOUT", "AFL_FRIDA_OUTPUT_STDERR", "AFL_FRIDA_PERSISTENT_ADDR", @@ -67,7 +68,6 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_PERSISTENT_DEBUG", "AFL_FRIDA_PERSISTENT_HOOK", "AFL_FRIDA_PERSISTENT_RET", - "AFL_FRIDA_PERSISTENT_RETADDR_OFFSET", "AFL_FRIDA_STATS_FILE", "AFL_FRIDA_STATS_INTERVAL", "AFL_FRIDA_STATS_TRANSITIONS", diff --git a/instrumentation/afl-llvm-common.cc b/instrumentation/afl-llvm-common.cc index af32e2f9..3239ea91 100644 --- a/instrumentation/afl-llvm-common.cc +++ b/instrumentation/afl-llvm-common.cc @@ -96,9 +96,8 @@ bool isIgnoreFunction(const llvm::Function *F) { static constexpr const char *ignoreSubstringList[] = { - "__asan", "__msan", "__ubsan", "__lsan", - "__san", "__sanitize", "__cxx", "_GLOBAL__", - "DebugCounter", "DwarfDebug", "DebugLoc" + "__asan", "__msan", "__ubsan", "__lsan", "__san", "__sanitize", + "__cxx", "DebugCounter", "DwarfDebug", "DebugLoc" }; diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index b02a89fb..68f6c329 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -47,6 +47,10 @@ using namespace llvm; #include "afl-llvm-common.h" +// uncomment this toggle function verification at each step. horribly slow, but +// helps to pinpoint a potential problem in the splitting code. +//#define VERIFY_TOO_MUCH 1 + namespace { class SplitComparesTransform : public ModulePass { @@ -67,28 +71,101 @@ class SplitComparesTransform : public ModulePass { const char *getPassName() const override { #endif - return "simplifies and splits ICMP instructions"; + return "AFL_SplitComparesTransform"; } private: int enableFPSplit; - size_t splitIntCompares(Module &M, unsigned bitw); + unsigned target_bitwidth = 8; + + size_t count = 0; + size_t splitFPCompares(Module &M); - bool simplifyCompares(Module &M); bool simplifyFPCompares(Module &M); - bool simplifyIntSignedness(Module &M); size_t nextPowerOfTwo(size_t in); + using CmpWorklist = SmallVector; + + /// simplify the comparison and then split the comparison until the + /// target_bitwidth is reached. + bool simplifyAndSplit(CmpInst *I, Module &M); + /// simplify a non-strict comparison (e.g., less than or equals) + bool simplifyOrEqualsCompare(CmpInst *IcmpInst, Module &M, + CmpWorklist &worklist); + /// simplify a signed comparison (signed less or greater than) + bool simplifySignedCompare(CmpInst *IcmpInst, Module &M, + CmpWorklist &worklist); + /// splits an icmp into nested icmps recursivly until target_bitwidth is + /// reached + bool splitCompare(CmpInst *I, Module &M, CmpWorklist &worklist); + + /// print an error to llvm's errs stream, but only if not ordered to be quiet + void reportError(const StringRef msg, Instruction *I, Module &M) { + + if (!be_quiet) { + + errs() << "[AFL++ SplitComparesTransform] ERROR: " << msg << "\n"; + if (debug) { + + if (I) { + + errs() << "Instruction = " << *I << "\n"; + if (auto BB = I->getParent()) { + + if (auto F = BB->getParent()) { + + if (F->hasName()) { + + errs() << "|-> in function " << F->getName() << " "; + + } + + } + + } + + } + + auto n = M.getName(); + if (n.size() > 0) { errs() << "in module " << n << "\n"; } + + } + + } + + } + + bool isSupportedBitWidth(unsigned bitw) { + + // IDK whether the icmp code works on other bitwidths. I guess not? So we + // try to avoid dealing with other weird icmp's that llvm might use (looking + // at you `icmp i0`). + switch (bitw) { + + case 8: + case 16: + case 32: + case 64: + case 128: + case 256: + return true; + default: + return false; + + } + + } + }; } // namespace char SplitComparesTransform::ID = 0; -/* This function splits FCMP instructions with xGE or xLE predicates into two - * FCMP instructions with predicate xGT or xLT and EQ */ +/// This function splits FCMP instructions with xGE or xLE predicates into two +/// FCMP instructions with predicate xGT or xLT and EQ bool SplitComparesTransform::simplifyFPCompares(Module &M) { LLVMContext & C = M.getContext(); @@ -221,129 +298,389 @@ bool SplitComparesTransform::simplifyFPCompares(Module &M) { } -/* This function splits ICMP instructions with xGE or xLE predicates into two - * ICMP instructions with predicate xGT or xLT and EQ */ -bool SplitComparesTransform::simplifyCompares(Module &M) { +/// This function splits ICMP instructions with xGE or xLE predicates into two +/// ICMP instructions with predicate xGT or xLT and EQ +bool SplitComparesTransform::simplifyOrEqualsCompare(CmpInst * IcmpInst, + Module & M, + CmpWorklist &worklist) { - LLVMContext & C = M.getContext(); - std::vector icomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - /* iterate over all functions, bbs and instruction and add - * all integer comparisons with >= and <= predicates to the icomps vector */ - for (auto &F : M) { + /* find out what the new predicate is going to be */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { return false; } - if (!isInInstrumentList(&F)) continue; + BasicBlock *bb = IcmpInst->getParent(); - for (auto &BB : F) { + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); - for (auto &IN : BB) { + CmpInst::Predicate pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; - CmpInst *selectcmpInst = nullptr; + switch (pred) { - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_UGE || - selectcmpInst->getPredicate() == CmpInst::ICMP_SGE || - selectcmpInst->getPredicate() == CmpInst::ICMP_ULE || - selectcmpInst->getPredicate() == CmpInst::ICMP_SLE) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - /* this is probably not needed but we do it anyway */ - if (!intTyOp0 || !intTyOp1) { continue; } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } + case CmpInst::ICMP_UGE: + new_pred = CmpInst::ICMP_UGT; + break; + case CmpInst::ICMP_SGE: + new_pred = CmpInst::ICMP_SGT; + break; + case CmpInst::ICMP_ULE: + new_pred = CmpInst::ICMP_ULT; + break; + case CmpInst::ICMP_SLE: + new_pred = CmpInst::ICMP_SLT; + break; + default: // keep the compiler happy + return false; } - if (!icomps.size()) { return false; } + /* split before the icmp instruction */ + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - for (auto &IcmpInst : icomps) { + /* the old bb now contains a unconditional jump to the new one (end_bb) + * we need to delete it later */ - BasicBlock *bb = IcmpInst->getParent(); + /* create the ICMP instruction with new_pred and add it to the old basic + * block bb it is now at the position where the old IcmpInst was */ + CmpInst *icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), icmp_np); - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); + /* create a new basic block which holds the new EQ icmp */ + CmpInst *icmp_eq; + /* insert middle_bb before end_bb */ + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); + middle_bb->getInstList().push_back(icmp_eq); + /* add an unconditional branch to the end of middle_bb with destination + * end_bb */ + BranchInst::Create(end_bb, middle_bb); - /* find out what the new predicate is going to be */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; + /* replace the uncond branch with a conditional one, which depends on the + * new_pred icmp. True goes to end, false to the middle (injected) bb */ + auto term = bb->getTerminator(); + BranchInst::Create(end_bb, middle_bb, icmp_np, bb); + term->eraseFromParent(); - switch (pred) { + /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI + * inst to wire up the loose ends */ + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + /* the first result depends on the outcome of icmp_eq */ + PN->addIncoming(icmp_eq, middle_bb); + /* if the source was the original bb we know that the icmp_np yielded true + * hence we can hardcode this value */ + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + /* replace the old IcmpInst with our new and shiny PHI inst */ + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - case CmpInst::ICMP_UGE: - new_pred = CmpInst::ICMP_UGT; - break; - case CmpInst::ICMP_SGE: - new_pred = CmpInst::ICMP_SGT; - break; - case CmpInst::ICMP_ULE: - new_pred = CmpInst::ICMP_ULT; - break; - case CmpInst::ICMP_SLE: - new_pred = CmpInst::ICMP_SLT; - break; - default: // keep the compiler happy - continue; + worklist.push_back(icmp_np); + worklist.push_back(icmp_eq); + + return true; + +} + +/// Simplify a signed comparison operator by splitting it into a unsigned and +/// bit comparison. add all resulting comparisons to +/// the worklist passed as a reference. +bool SplitComparesTransform::simplifySignedCompare(CmpInst *IcmpInst, Module &M, + CmpWorklist &worklist) { + + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + + BasicBlock *bb = IcmpInst->getParent(); + + auto op0 = IcmpInst->getOperand(0); + auto op1 = IcmpInst->getOperand(1); + + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { return false; } + unsigned bitw = intTyOp0->getBitWidth(); + IntegerType *IntType = IntegerType::get(C, bitw); + + /* get the new predicate */ + auto cmp_inst = dyn_cast(IcmpInst); + if (!cmp_inst) { return false; } + auto pred = cmp_inst->getPredicate(); + CmpInst::Predicate new_pred; + + if (pred == CmpInst::ICMP_SGT) { + + new_pred = CmpInst::ICMP_UGT; + + } else { + + new_pred = CmpInst::ICMP_ULT; + + } + + BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + + /* create a 1 bit compare for the sign bit. to do this shift and trunc + * the original operands so only the first bit remains.*/ + Value *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; + + IRBuilder<> IRB(bb->getTerminator()); + s_op0 = IRB.CreateLShr(op0, ConstantInt::get(IntType, bitw - 1)); + t_op0 = IRB.CreateTruncOrBitCast(s_op0, Int1Ty); + s_op1 = IRB.CreateLShr(op1, ConstantInt::get(IntType, bitw - 1)); + t_op1 = IRB.CreateTruncOrBitCast(s_op1, Int1Ty); + /* compare of the sign bits */ + icmp_sign_bit = IRB.CreateICmp(CmpInst::ICMP_EQ, t_op0, t_op1); + + /* create a new basic block which is executed if the signedness bit is + * different */ + CmpInst * icmp_inv_sig_cmp; + BasicBlock *sign_bb = + BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_SGT) { + + /* if we check for > and the op0 positive and op1 negative then the final + * result is true. if op0 negative and op1 pos, the cmp must result + * in false + */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); + + } else { + + /* just the inverse of the above statement */ + icmp_inv_sig_cmp = + CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); + + } + + sign_bb->getInstList().push_back(icmp_inv_sig_cmp); + BranchInst::Create(end_bb, sign_bb); + + /* create a new bb which is executed if signedness is equal */ + CmpInst * icmp_usign_cmp; + BasicBlock *middle_bb = + BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); + /* we can do a normal unsigned compare now */ + icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); + + middle_bb->getInstList().push_back(icmp_usign_cmp); + BranchInst::Create(end_bb, middle_bb); + + auto term = bb->getTerminator(); + /* if the sign is eq do a normal unsigned cmp, else we have to check the + * signedness bit */ + BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); + term->eraseFromParent(); + + PHINode *PN = PHINode::Create(Int1Ty, 2, ""); + + PN->addIncoming(icmp_usign_cmp, middle_bb); + PN->addIncoming(icmp_inv_sig_cmp, sign_bb); + + BasicBlock::iterator ii(IcmpInst); + ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + + // save for later + worklist.push_back(icmp_usign_cmp); + + // signed comparisons are not supported by the splitting code, so we must not + // add it to the worklist. + // worklist.push_back(icmp_inv_sig_cmp); + + return true; + +} + +bool SplitComparesTransform::splitCompare(CmpInst *cmp_inst, Module &M, + CmpWorklist &worklist) { + + auto pred = cmp_inst->getPredicate(); + switch (pred) { + + case CmpInst::ICMP_EQ: + case CmpInst::ICMP_NE: + case CmpInst::ICMP_UGT: + case CmpInst::ICMP_ULT: + break; + default: + // unsupported predicate! + return false; + + } + + auto op0 = cmp_inst->getOperand(0); + auto op1 = cmp_inst->getOperand(1); + + // get bitwidth by checking the bitwidth of the first operator + IntegerType *intTyOp0 = dyn_cast(op0->getType()); + if (!intTyOp0) { + + // not an integer type + return false; + + } + + unsigned bitw = intTyOp0->getBitWidth(); + if (bitw == target_bitwidth) { + + // already the target bitwidth so we have to do nothing here. + return true; + + } + + LLVMContext &C = M.getContext(); + IntegerType *Int1Ty = IntegerType::getInt1Ty(C); + BasicBlock * bb = cmp_inst->getParent(); + IntegerType *OldIntType = IntegerType::get(C, bitw); + IntegerType *NewIntType = IntegerType::get(C, bitw / 2); + BasicBlock * end_bb = bb->splitBasicBlock(BasicBlock::iterator(cmp_inst)); + CmpInst * icmp_high, *icmp_low; + + /* create the comparison of the top halves of the original operands */ + Value *s_op0, *op0_high, *s_op1, *op1_high; + + IRBuilder<> IRB(bb->getTerminator()); + + s_op0 = IRB.CreateBinOp(Instruction::LShr, op0, + ConstantInt::get(OldIntType, bitw / 2)); + op0_high = IRB.CreateTruncOrBitCast(s_op0, NewIntType); + + s_op1 = IRB.CreateBinOp(Instruction::LShr, op1, + ConstantInt::get(OldIntType, bitw / 2)); + op1_high = IRB.CreateTruncOrBitCast(s_op1, NewIntType); + icmp_high = cast(IRB.CreateICmp(pred, op0_high, op1_high)); + + PHINode *PN = nullptr; + + /* now we have to destinguish between == != and > < */ + switch (pred) { + + case CmpInst::ICMP_EQ: + case CmpInst::ICMP_NE: { + + /* transformation for == and != icmps */ + + /* create a compare for the lower half of the original operands */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); + + Value * op0_low, *op1_low; + IRBuilder<> Builder(cmp_low_bb); + + op0_low = Builder.CreateTrunc(op0, NewIntType); + op1_low = Builder.CreateTrunc(op1, NewIntType); + icmp_low = cast(Builder.CreateICmp(pred, op0_low, op1_low)); + + BranchInst::Create(end_bb, cmp_low_bb); + + /* dependent on the cmp of the high parts go to the end or go on with + * the comparison */ + auto term = bb->getTerminator(); + BranchInst *br = nullptr; + if (pred == CmpInst::ICMP_EQ) { + + br = BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); + + } else { + + /* CmpInst::ICMP_NE */ + br = BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); + + } + + term->eraseFromParent(); + + /* create the PHI and connect the edges accordingly */ + PN = PHINode::Create(Int1Ty, 2, ""); + PN->addIncoming(icmp_low, cmp_low_bb); + Value *val = nullptr; + if (pred == CmpInst::ICMP_EQ) { + + val = ConstantInt::get(Int1Ty, 0); + + } else { + + /* CmpInst::ICMP_NE */ + val = ConstantInt::get(Int1Ty, 1); + + } + + PN->addIncoming(val, icmp_high->getParent()); + break; } - /* split before the icmp instruction */ - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); + case CmpInst::ICMP_UGT: + case CmpInst::ICMP_ULT: { - /* the old bb now contains a unconditional jump to the new one (end_bb) - * we need to delete it later */ + /* transformations for < and > */ - /* create the ICMP instruction with new_pred and add it to the old basic - * block bb it is now at the position where the old IcmpInst was */ - Instruction *icmp_np; - icmp_np = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_np); + /* create a basic block which checks for the inverse predicate. + * if this is true we can go to the end if not we have to go to the + * bb which checks the lower half of the operands */ + Instruction *op0_low, *op1_low; + CmpInst * icmp_inv_cmp = nullptr; + BasicBlock * inv_cmp_bb = + BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); + if (pred == CmpInst::ICMP_UGT) { - /* create a new basic block which holds the new EQ icmp */ - Instruction *icmp_eq; - /* insert middle_bb before end_bb */ - BasicBlock *middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - icmp_eq = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, op0, op1); - middle_bb->getInstList().push_back(icmp_eq); - /* add an unconditional branch to the end of middle_bb with destination - * end_bb */ - BranchInst::Create(end_bb, middle_bb); + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, + op0_high, op1_high); - /* replace the uncond branch with a conditional one, which depends on the - * new_pred icmp. True goes to end, false to the middle (injected) bb */ - auto term = bb->getTerminator(); - BranchInst::Create(end_bb, middle_bb, icmp_np, bb); - term->eraseFromParent(); + } else { - /* replace the old IcmpInst (which is the first inst in end_bb) with a PHI - * inst to wire up the loose ends */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - /* the first result depends on the outcome of icmp_eq */ - PN->addIncoming(icmp_eq, middle_bb); - /* if the source was the original bb we know that the icmp_np yielded true - * hence we can hardcode this value */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - /* replace the old IcmpInst with our new and shiny PHI inst */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); + icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, + op0_high, op1_high); + + } + + inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); + worklist.push_back(icmp_inv_cmp); + + auto term = bb->getTerminator(); + term->eraseFromParent(); + BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); + + /* create a bb which handles the cmp of the lower halves */ + BasicBlock *cmp_low_bb = + BasicBlock::Create(C, "" /*"injected"*/, end_bb->getParent(), end_bb); + op0_low = new TruncInst(op0, NewIntType); + cmp_low_bb->getInstList().push_back(op0_low); + op1_low = new TruncInst(op1, NewIntType); + cmp_low_bb->getInstList().push_back(op1_low); + + icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); + cmp_low_bb->getInstList().push_back(icmp_low); + BranchInst::Create(end_bb, cmp_low_bb); + + BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); + + PN = PHINode::Create(Int1Ty, 3); + PN->addIncoming(icmp_low, cmp_low_bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); + PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); + break; + + } + + default: + return false; + + } + + BasicBlock::iterator ii(cmp_inst); + ReplaceInstWithInst(cmp_inst->getParent()->getInstList(), ii, PN); + + // We split the comparison into low and high. If this isn't our target + // bitwidth we recursivly split the low and high parts again until we have + // target bitwidth. + if ((bitw / 2) > target_bitwidth) { + + worklist.push_back(icmp_high); + worklist.push_back(icmp_low); } @@ -351,162 +688,91 @@ bool SplitComparesTransform::simplifyCompares(Module &M) { } -/* this function transforms signed compares to equivalent unsigned compares */ -bool SplitComparesTransform::simplifyIntSignedness(Module &M) { +bool SplitComparesTransform::simplifyAndSplit(CmpInst *I, Module &M) { - LLVMContext & C = M.getContext(); - std::vector icomps; - IntegerType * Int1Ty = IntegerType::getInt1Ty(C); + CmpWorklist worklist; - /* iterate over all functions, bbs and instructions and add - * all signed compares to icomps vector */ - for (auto &F : M) { + auto op0 = I->getOperand(0); + auto op1 = I->getOperand(1); + if (!op0 || !op1) { return false; } + auto op0Ty = dyn_cast(op0->getType()); + if (!op0Ty || !isa(op1->getType())) { return true; } - if (!isInInstrumentList(&F)) continue; + unsigned bitw = op0Ty->getBitWidth(); - for (auto &BB : F) { +#ifdef VERIFY_TOO_MUCH + auto F = I->getParent()->getParent(); +#endif - for (auto &IN : BB) { + // we run the comparison simplification on all compares regardless of their + // bitwidth. + if (I->getPredicate() == CmpInst::ICMP_UGE || + I->getPredicate() == CmpInst::ICMP_SGE || + I->getPredicate() == CmpInst::ICMP_ULE || + I->getPredicate() == CmpInst::ICMP_SLE) { - CmpInst *selectcmpInst = nullptr; + if (!simplifyOrEqualsCompare(I, M, worklist)) { - if ((selectcmpInst = dyn_cast(&IN))) { + reportError( + "Failed to simplify inequality or equals comparison " + "(UGE,SGE,ULE,SLE)", + I, M); - if (selectcmpInst->getPredicate() == CmpInst::ICMP_SGT || - selectcmpInst->getPredicate() == CmpInst::ICMP_SLT) { + } - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); + } else if (I->getPredicate() == CmpInst::ICMP_SGT || - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); + I->getPredicate() == CmpInst::ICMP_SLT) { - /* see above */ - if (!intTyOp0 || !intTyOp1) { continue; } + if (!simplifySignedCompare(I, M, worklist)) { - /* i think this is not possible but to lazy to look it up */ - if (intTyOp0->getBitWidth() != intTyOp1->getBitWidth()) { + reportError("Failed to simplify signed comparison (SGT,SLT)", I, M); - continue; + } - } + } - icomps.push_back(selectcmpInst); +#ifdef VERIFY_TOO_MUCH + if (verifyFunction(*F, &errs())) { - } + reportError("simpliyfing compare lead to broken function", nullptr, M); - } + } + +#endif + + // the simplification methods replace the original CmpInst and push the + // resulting new CmpInst into the worklist. If the worklist is empty then + // we only have to split the original CmpInst. + if (worklist.size() == 0) { worklist.push_back(I); } + + while (!worklist.empty()) { + + CmpInst *cmp = worklist.pop_back_val(); + // we split the simplified compares into comparisons with smaller bitwidths + // if they are larger than our target_bitwidth. + if (bitw > target_bitwidth) { + + if (!splitCompare(cmp, M, worklist)) { + + reportError("Failed to split comparison", cmp, M); } +#ifdef VERIFY_TOO_MUCH + if (verifyFunction(*F, &errs())) { + + reportError("splitting compare lead to broken function", nullptr, M); + + } + +#endif + } } - if (!icomps.size()) { return false; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - if (!intTyOp0) { continue; } - unsigned bitw = intTyOp0->getBitWidth(); - IntegerType *IntType = IntegerType::get(C, bitw); - - /* get the new predicate */ - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - CmpInst::Predicate new_pred; - - if (pred == CmpInst::ICMP_SGT) { - - new_pred = CmpInst::ICMP_UGT; - - } else { - - new_pred = CmpInst::ICMP_ULT; - - } - - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* create a 1 bit compare for the sign bit. to do this shift and trunc - * the original operands so only the first bit remains.*/ - Instruction *s_op0, *t_op0, *s_op1, *t_op1, *icmp_sign_bit; - - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(IntType, bitw - 1)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - t_op0 = new TruncInst(s_op0, Int1Ty); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op0); - - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(IntType, bitw - 1)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - t_op1 = new TruncInst(s_op1, Int1Ty); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), t_op1); - - /* compare of the sign bits */ - icmp_sign_bit = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_EQ, t_op0, t_op1); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_sign_bit); - - /* create a new basic block which is executed if the signedness bit is - * different */ - Instruction *icmp_inv_sig_cmp; - BasicBlock * sign_bb = - BasicBlock::Create(C, "sign", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_SGT) { - - /* if we check for > and the op0 positive and op1 negative then the final - * result is true. if op0 negative and op1 pos, the cmp must result - * in false - */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, t_op0, t_op1); - - } else { - - /* just the inverse of the above statement */ - icmp_inv_sig_cmp = - CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, t_op0, t_op1); - - } - - sign_bb->getInstList().push_back(icmp_inv_sig_cmp); - BranchInst::Create(end_bb, sign_bb); - - /* create a new bb which is executed if signedness is equal */ - Instruction *icmp_usign_cmp; - BasicBlock * middle_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - /* we can do a normal unsigned compare now */ - icmp_usign_cmp = CmpInst::Create(Instruction::ICmp, new_pred, op0, op1); - middle_bb->getInstList().push_back(icmp_usign_cmp); - BranchInst::Create(end_bb, middle_bb); - - auto term = bb->getTerminator(); - /* if the sign is eq do a normal unsigned cmp, else we have to check the - * signedness bit */ - BranchInst::Create(middle_bb, sign_bb, icmp_sign_bit, bb); - term->eraseFromParent(); - - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - - PN->addIncoming(icmp_usign_cmp, middle_bb); - PN->addIncoming(icmp_inv_sig_cmp, sign_bb); - - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } - + count++; return true; } @@ -1050,240 +1316,22 @@ size_t SplitComparesTransform::splitFPCompares(Module &M) { } -/* splits icmps of size bitw into two nested icmps with bitw/2 size each */ -size_t SplitComparesTransform::splitIntCompares(Module &M, unsigned bitw) { - - size_t count = 0; - - LLVMContext &C = M.getContext(); - - IntegerType *Int1Ty = IntegerType::getInt1Ty(C); - IntegerType *OldIntType = IntegerType::get(C, bitw); - IntegerType *NewIntType = IntegerType::get(C, bitw / 2); - - std::vector icomps; - - if (bitw % 2) { return 0; } - - /* not supported yet */ - if (bitw > 64) { return 0; } - - /* get all EQ, NE, UGT, and ULT icmps of width bitw. if the - * functions simplifyCompares() and simplifyIntSignedness() - * were executed only these four predicates should exist */ - for (auto &F : M) { - - if (!isInInstrumentList(&F)) continue; - - for (auto &BB : F) { - - for (auto &IN : BB) { - - CmpInst *selectcmpInst = nullptr; - - if ((selectcmpInst = dyn_cast(&IN))) { - - if (selectcmpInst->getPredicate() == CmpInst::ICMP_EQ || - selectcmpInst->getPredicate() == CmpInst::ICMP_NE || - selectcmpInst->getPredicate() == CmpInst::ICMP_UGT || - selectcmpInst->getPredicate() == CmpInst::ICMP_ULT) { - - auto op0 = selectcmpInst->getOperand(0); - auto op1 = selectcmpInst->getOperand(1); - - IntegerType *intTyOp0 = dyn_cast(op0->getType()); - IntegerType *intTyOp1 = dyn_cast(op1->getType()); - - if (!intTyOp0 || !intTyOp1) { continue; } - - /* check if the bitwidths are the one we are looking for */ - if (intTyOp0->getBitWidth() != bitw || - intTyOp1->getBitWidth() != bitw) { - - continue; - - } - - icomps.push_back(selectcmpInst); - - } - - } - - } - - } - - } - - if (!icomps.size()) { return 0; } - - for (auto &IcmpInst : icomps) { - - BasicBlock *bb = IcmpInst->getParent(); - - auto op0 = IcmpInst->getOperand(0); - auto op1 = IcmpInst->getOperand(1); - - auto cmp_inst = dyn_cast(IcmpInst); - if (!cmp_inst) { continue; } - auto pred = cmp_inst->getPredicate(); - - BasicBlock *end_bb = bb->splitBasicBlock(BasicBlock::iterator(IcmpInst)); - - /* create the comparison of the top halves of the original operands */ - Instruction *s_op0, *op0_high, *s_op1, *op1_high, *icmp_high; - - s_op0 = BinaryOperator::Create(Instruction::LShr, op0, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op0); - op0_high = new TruncInst(s_op0, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - op0_high); - - s_op1 = BinaryOperator::Create(Instruction::LShr, op1, - ConstantInt::get(OldIntType, bitw / 2)); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), s_op1); - op1_high = new TruncInst(s_op1, NewIntType); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - op1_high); - - icmp_high = CmpInst::Create(Instruction::ICmp, pred, op0_high, op1_high); - bb->getInstList().insert(BasicBlock::iterator(bb->getTerminator()), - icmp_high); - - /* now we have to destinguish between == != and > < */ - if (pred == CmpInst::ICMP_EQ || pred == CmpInst::ICMP_NE) { - - /* transformation for == and != icmps */ - - /* create a compare for the lower half of the original operands */ - Instruction *op0_low, *op1_low, *icmp_low; - BasicBlock * cmp_low_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); - - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); - - /* dependent on the cmp of the high parts go to the end or go on with - * the comparison */ - auto term = bb->getTerminator(); - if (pred == CmpInst::ICMP_EQ) { - - BranchInst::Create(cmp_low_bb, end_bb, icmp_high, bb); - - } else { - - /* CmpInst::ICMP_NE */ - BranchInst::Create(end_bb, cmp_low_bb, icmp_high, bb); - - } - - term->eraseFromParent(); - - /* create the PHI and connect the edges accordingly */ - PHINode *PN = PHINode::Create(Int1Ty, 2, ""); - PN->addIncoming(icmp_low, cmp_low_bb); - if (pred == CmpInst::ICMP_EQ) { - - PN->addIncoming(ConstantInt::get(Int1Ty, 0), bb); - - } else { - - /* CmpInst::ICMP_NE */ - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - - } - - /* replace the old icmp with the new PHI */ - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } else { - - /* CmpInst::ICMP_UGT and CmpInst::ICMP_ULT */ - /* transformations for < and > */ - - /* create a basic block which checks for the inverse predicate. - * if this is true we can go to the end if not we have to go to the - * bb which checks the lower half of the operands */ - Instruction *icmp_inv_cmp, *op0_low, *op1_low, *icmp_low; - BasicBlock * inv_cmp_bb = - BasicBlock::Create(C, "inv_cmp", end_bb->getParent(), end_bb); - if (pred == CmpInst::ICMP_UGT) { - - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_ULT, - op0_high, op1_high); - - } else { - - icmp_inv_cmp = CmpInst::Create(Instruction::ICmp, CmpInst::ICMP_UGT, - op0_high, op1_high); - - } - - inv_cmp_bb->getInstList().push_back(icmp_inv_cmp); - - auto term = bb->getTerminator(); - term->eraseFromParent(); - BranchInst::Create(end_bb, inv_cmp_bb, icmp_high, bb); - - /* create a bb which handles the cmp of the lower halves */ - BasicBlock *cmp_low_bb = - BasicBlock::Create(C, "injected", end_bb->getParent(), end_bb); - op0_low = new TruncInst(op0, NewIntType); - cmp_low_bb->getInstList().push_back(op0_low); - op1_low = new TruncInst(op1, NewIntType); - cmp_low_bb->getInstList().push_back(op1_low); - - icmp_low = CmpInst::Create(Instruction::ICmp, pred, op0_low, op1_low); - cmp_low_bb->getInstList().push_back(icmp_low); - BranchInst::Create(end_bb, cmp_low_bb); - - BranchInst::Create(end_bb, cmp_low_bb, icmp_inv_cmp, inv_cmp_bb); - - PHINode *PN = PHINode::Create(Int1Ty, 3); - PN->addIncoming(icmp_low, cmp_low_bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 1), bb); - PN->addIncoming(ConstantInt::get(Int1Ty, 0), inv_cmp_bb); - - BasicBlock::iterator ii(IcmpInst); - ReplaceInstWithInst(IcmpInst->getParent()->getInstList(), ii, PN); - - } - - ++count; - - } - - return count; - -} - bool SplitComparesTransform::runOnModule(Module &M) { - int bitw = 64; - size_t count = 0; - char *bitw_env = getenv("AFL_LLVM_LAF_SPLIT_COMPARES_BITW"); if (!bitw_env) bitw_env = getenv("LAF_SPLIT_COMPARES_BITW"); - if (bitw_env) { bitw = atoi(bitw_env); } + if (bitw_env) { target_bitwidth = atoi(bitw_env); } enableFPSplit = getenv("AFL_LLVM_LAF_SPLIT_FLOATS") != NULL; if ((isatty(2) && getenv("AFL_QUIET") == NULL) || getenv("AFL_DEBUG") != NULL) { - printf( - "Split-compare-pass by laf.intel@gmail.com, extended by " - "heiko@hexco.de\n"); + errs() << "Split-compare-pass by laf.intel@gmail.com, extended by " + "heiko@hexco.de (splitting icmp to " + << target_bitwidth << " bit)\n"; + + if (getenv("AFL_DEBUG") != NULL && !debug) { debug = 1; } } else { @@ -1308,48 +1356,68 @@ bool SplitComparesTransform::runOnModule(Module &M) { } - simplifyCompares(M); + std::vector worklist; + /* iterate over all functions, bbs and instruction search for all integer + * compare instructions. Save them into the worklist for later. */ + for (auto &F : M) { - simplifyIntSignedness(M); + if (!isInInstrumentList(&F)) continue; - switch (bitw) { + for (auto &BB : F) { - case 64: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - bitw >>= 1; -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) - [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ -#endif - case 32: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - bitw >>= 1; -#if LLVM_VERSION_MAJOR > 3 || \ - (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 7) - [[clang::fallthrough]]; /*FALLTHRU*/ /* FALLTHROUGH */ -#endif - case 16: - count += splitIntCompares(M, bitw); - if (debug) - errs() << "Split-integer-compare-pass " << bitw << "bit: " << count - << " split\n"; - // bitw >>= 1; - break; + for (auto &IN : BB) { - default: - // if (!be_quiet) errs() << "NOT Running split-compare-pass \n"; - return false; - break; + if (auto CI = dyn_cast(&IN)) { + + auto op0 = CI->getOperand(0); + auto op1 = CI->getOperand(1); + if (!op0 || !op1) { return false; } + auto iTy1 = dyn_cast(op0->getType()); + if (iTy1 && isa(op1->getType())) { + + unsigned bitw = iTy1->getBitWidth(); + if (isSupportedBitWidth(bitw)) { worklist.push_back(CI); } + + } + + } + + } + + } + + } + + // now that we have a list of all integer comparisons we can start replacing + // them with the splitted alternatives. + for (auto CI : worklist) { + + simplifyAndSplit(CI, M); + + } + + bool brokenDebug = false; + if (verifyModule( M, &errs() +#if LLVM_VERSION_MAJOR > 3 || (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) + ,&brokenDebug // 9th May 2016 +#endif + )) { + + reportError( + "Module Verifier failed! Consider reporting a bug with the AFL++ " + "project.", + nullptr, M); + + } + + if (brokenDebug) { + + reportError("Module Verifier reported broken Debug Infos - Stripping!", + nullptr, M); + StripDebugInfo(M); } - verifyModule(M); return true; } @@ -1373,3 +1441,8 @@ static RegisterStandardPasses RegisterSplitComparesTransPassLTO( registerSplitComparesPass); #endif +static RegisterPass X("splitcompares", + "AFL++ split compares", + true /* Only looks at CFG */, + true /* Analysis Pass */); + diff --git a/src/afl-analyze.c b/src/afl-analyze.c index 606254d9..dbf2920f 100644 --- a/src/afl-analyze.c +++ b/src/afl-analyze.c @@ -167,7 +167,7 @@ static inline u8 anything_set(void) { static void at_exit_handler(void) { - unlink(fsrv.out_file); /* Ignore errors */ + unlink(fsrv.out_file); /* Ignore errors */ } @@ -643,12 +643,14 @@ static void set_up_environment(char **argv) { } - fsrv.out_file = alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); + fsrv.out_file = + alloc_printf("%s/.afl-analyze-temp-%u", use_dir, (u32)getpid()); } unlink(fsrv.out_file); - fsrv.out_fd = open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); + fsrv.out_fd = + open(fsrv.out_file, O_RDWR | O_CREAT | O_EXCL, DEFAULT_PERMISSION); if (fsrv.out_fd < 0) { PFATAL("Unable to create '%s'", fsrv.out_file); } @@ -1118,7 +1120,6 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv.target_path) { ck_free(fsrv.target_path); } if (in_data) { ck_free(in_data); } - exit(0); } diff --git a/src/afl-common.c b/src/afl-common.c index c61ce3d8..9ca2b3e8 100644 --- a/src/afl-common.c +++ b/src/afl-common.c @@ -751,6 +751,8 @@ void read_bitmap(u8 *fname, u8 *map, size_t len) { } +/* Get unix time in milliseconds */ + u64 get_cur_time(void) { struct timeval tv; diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index c3ce2edd..11adebf4 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -73,7 +73,7 @@ static int select_algorithm(afl_state_t *afl, u32 max_algorithm) { /* Helper to choose random block len for block operations in fuzz_one(). Doesn't return zero, provided that max_len is > 0. */ -static u32 choose_block_len(afl_state_t *afl, u32 limit) { +static inline u32 choose_block_len(afl_state_t *afl, u32 limit) { u32 min_value, max_value; u32 rlim = MIN(afl->queue_cycle, (u32)3); diff --git a/src/afl-fuzz-redqueen.c b/src/afl-fuzz-redqueen.c index b41ffa88..268f726c 100644 --- a/src/afl-fuzz-redqueen.c +++ b/src/afl-fuzz-redqueen.c @@ -252,7 +252,7 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, u64 start_time = get_cur_time(); #endif - u32 screen_update = 1000000 / afl->queue_cur->exec_us; + u32 screen_update; u64 orig_hit_cnt, new_hit_cnt, exec_cksum; orig_hit_cnt = afl->queued_paths + afl->unique_crashes; @@ -261,6 +261,24 @@ static u8 colorization(afl_state_t *afl, u8 *buf, u32 len, afl->stage_max = (len << 1); afl->stage_cur = 0; + if (likely(afl->queue_cur->exec_us)) { + + if (likely((100000 / 2) >= afl->queue_cur->exec_us)) { + + screen_update = 100000 / afl->queue_cur->exec_us; + + } else { + + screen_update = 1; + + } + + } else { + + screen_update = 100000; + + } + // in colorization we do not classify counts, hence we have to calculate // the original checksum. if (unlikely(get_exec_checksum(afl, buf, len, &exec_cksum))) { @@ -905,17 +923,16 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, // test for arithmetic, eg. "if ((user_val - 0x1111) == 0x1234) ..." s64 diff = pattern - b_val; s64 o_diff = o_pattern - o_b_val; - /* - fprintf(stderr, "DIFF1 idx=%03u shape=%02u %llx-%llx=%lx\n", idx, - h->shape + 1, o_pattern, o_b_val, o_diff); - fprintf(stderr, "DIFF1 %016llx %llx-%llx=%lx\n", repl, pattern, - b_val, diff);*/ + /* fprintf(stderr, "DIFF1 idx=%03u shape=%02u %llx-%llx=%lx\n", idx, + h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, "DIFF1 %016llx %llx-%llx=%lx\n", repl, pattern, + b_val, diff); */ if (diff == o_diff && diff) { // this could be an arithmetic transformation u64 new_repl = (u64)((s64)repl - diff); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -935,15 +952,17 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, diff = pattern ^ b_val; s64 o_diff = o_pattern ^ o_b_val; - /* fprintf(stderr, "DIFF2 idx=%03u shape=%02u %llx-%llx=%lx\n", - idx, h->shape + 1, o_pattern, o_b_val, o_diff); fprintf(stderr, - "DIFF2 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff);*/ + /* fprintf(stderr, "DIFF2 idx=%03u shape=%02u %llx-%llx=%lx\n", + idx, h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, + "DIFF2 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff); + */ if (diff == o_diff && diff) { // this could be a XOR transformation u64 new_repl = (u64)((s64)repl ^ diff); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -982,15 +1001,17 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - /* fprintf(stderr, "DIFF3 idx=%03u shape=%02u %llx-%llx=%lx\n", - idx, h->shape + 1, o_pattern, o_b_val, o_diff); fprintf(stderr, - "DIFF3 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff);*/ + /* fprintf(stderr, "DIFF3 idx=%03u shape=%02u %llx-%llx=%lx\n", + idx, h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, + "DIFF3 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff); + */ if (o_diff && diff) { // this could be a lower to upper u64 new_repl = (repl & (0x5f5f5f5f5f5f5f5f & mask)); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -1029,15 +1050,17 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - /* fprintf(stderr, "DIFF4 idx=%03u shape=%02u %llx-%llx=%lx\n", - idx, h->shape + 1, o_pattern, o_b_val, o_diff); fprintf(stderr, - "DIFF4 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff);*/ + /* fprintf(stderr, "DIFF4 idx=%03u shape=%02u %llx-%llx=%lx\n", + idx, h->shape + 1, o_pattern, o_b_val, o_diff); + fprintf(stderr, + "DIFF4 %016llx %llx-%llx=%lx\n", repl, pattern, b_val, diff); + */ if (o_diff && diff) { // this could be a lower to upper u64 new_repl = (repl | (0x2020202020202020 & mask)); - // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); + // fprintf(stderr, "SAME DIFF %llx->%llx\n", repl, new_repl); if (unlikely(cmp_extend_encoding( afl, h, pattern, new_repl, o_pattern, repl, IS_TRANSFORM, idx, @@ -1383,7 +1406,8 @@ static u8 cmp_extend_encoding(afl_state_t *afl, struct cmp_header *h, } - //#endif /* CMPLOG_SOLVE_ARITHMETIC + //#endif /* + // CMPLOG_SOLVE_ARITHMETIC return 0; @@ -2152,7 +2176,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 *pattern, u8 *repl, memcpy(buf + idx, tmp, i + 1); if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT tohex %u result %u\n", tohex, *status); + // fprintf(stderr, "RTN ATTEMPT tohex %u result %u\n", tohex, + // *status); } @@ -2235,7 +2260,8 @@ static u8 rtn_extend_encoding(afl_state_t *afl, u8 *pattern, u8 *repl, for (j = 0; j <= i; j++) buf[idx + j] = repl[j] - arith_val[j]; if (unlikely(its_fuzz(afl, buf, len, status))) { return 1; } - // fprintf(stderr, "RTN ATTEMPT arith %u result %u\n", arith, *status); + // fprintf(stderr, "RTN ATTEMPT arith %u result %u\n", arith, + // *status); } @@ -2328,16 +2354,17 @@ static u8 rtn_fuzz(afl_state_t *afl, u32 key, u8 *orig_buf, u8 *buf, u8 *cbuf, /* struct cmp_header *hh = &afl->orig_cmp_map->headers[key]; - fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, h->id, - h->shape, h->attribute); for (j = 0; j < 8; j++) fprintf(stderr, "%02x", - o->v0[j]); fprintf(stderr, " v1="); for (j = 0; j < 8; j++) fprintf(stderr, - "%02x", o->v1[j]); fprintf(stderr, "\nRTN O hits=%u id=%u shape=%u attr=%u - o0=", hh->hits, hh->id, hh->shape, hh->attribute); for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", orig_o->v0[j]); - fprintf(stderr, " o1="); - for (j = 0; j < 8; j++) - fprintf(stderr, "%02x", orig_o->v1[j]); - fprintf(stderr, "\n"); + fprintf(stderr, "RTN N hits=%u id=%u shape=%u attr=%u v0=", h->hits, + h->id, h->shape, h->attribute); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", o->v0[j]); + fprintf(stderr, " v1="); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", o->v1[j]); + fprintf(stderr, "\nRTN O hits=%u id=%u shape=%u attr=%u o0=", + hh->hits, hh->id, hh->shape, hh->attribute); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", orig_o->v0[j]); + fprintf(stderr, " o1="); + for (j = 0; j < 8; j++) fprintf(stderr, "%02x", orig_o->v1[j]); + fprintf(stderr, "\n"); */ t = taint; diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 493735ff..49856a9f 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -314,7 +314,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, ++q->cal_failed; afl->stage_name = "calibration"; - afl->stage_max = afl->fast_cal ? 3 : CAL_CYCLES; + afl->stage_max = afl->afl_env.afl_cal_fast ? 3 : CAL_CYCLES; /* Make sure the forkserver is up before we do anything, and let's not count its spin-up time toward binary calibration. */ @@ -355,6 +355,12 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, for (afl->stage_cur = 0; afl->stage_cur < afl->stage_max; ++afl->stage_cur) { + if (unlikely(afl->debug)) { + + DEBUGF("calibration stage %d/%d\n", afl->stage_cur + 1, afl->stage_max); + + } + u64 cksum; write_to_testcase(afl, use_mem, q->len); @@ -402,8 +408,24 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } + if (unlikely(!var_detected)) { + + // note: from_queue seems to only be set during initialization + if (afl->afl_env.afl_no_ui || from_queue) { + + WARNF("instability detected during calibration\n"); + + } else if (afl->debug) { + + DEBUGF("instability detected during calibration\n"); + + } + + } + var_detected = 1; - afl->stage_max = afl->fast_cal ? CAL_CYCLES : CAL_CYCLES_LONG; + afl->stage_max = + afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; } else { diff --git a/src/afl-fuzz-state.c b/src/afl-fuzz-state.c index 0658070e..b832c11e 100644 --- a/src/afl-fuzz-state.c +++ b/src/afl-fuzz-state.c @@ -96,8 +96,6 @@ void afl_state_init(afl_state_t *afl, uint32_t map_size) { afl->splicing_with = -1; /* Splicing with which test case? */ afl->cpu_to_bind = -1; afl->havoc_stack_pow2 = HAVOC_STACK_POW2; - afl->cal_cycles = CAL_CYCLES; - afl->cal_cycles_long = CAL_CYCLES_LONG; afl->hang_tmout = EXEC_TIMEOUT; afl->exit_on_time = 0; afl->stats_update_freq = 1; @@ -341,6 +339,13 @@ void read_afl_environment(afl_state_t *afl, char **envp) { afl->afl_env.afl_cal_fast = get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_FAST_CAL", + + afl_environment_variable_len)) { + + afl->afl_env.afl_cal_fast = + get_afl_env(afl_environment_variables[i]) ? 1 : 0; + } else if (!strncmp(env, "AFL_STATSD", afl_environment_variable_len)) { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 9a3780fb..e9a67ac5 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1276,7 +1276,6 @@ int main(int argc, char **argv_orig, char **envp) { if (get_afl_env("AFL_NO_CPU_RED")) { afl->no_cpu_meter_red = 1; } if (get_afl_env("AFL_NO_ARITH")) { afl->no_arith = 1; } if (get_afl_env("AFL_SHUFFLE_QUEUE")) { afl->shuffle_queue = 1; } - if (get_afl_env("AFL_FAST_CAL")) { afl->fast_cal = 1; } if (get_afl_env("AFL_EXPAND_HAVOC_NOW")) { afl->expand_havoc = 1; } if (afl->afl_env.afl_autoresume) { @@ -1489,14 +1488,6 @@ int main(int argc, char **argv_orig, char **envp) { check_if_tty(afl); if (afl->afl_env.afl_force_ui) { afl->not_on_tty = 0; } - if (afl->afl_env.afl_cal_fast) { - - /* Use less calibration cycles, for slow applications */ - afl->cal_cycles = 3; - afl->cal_cycles_long = 5; - - } - if (afl->afl_env.afl_custom_mutator_only) { /* This ensures we don't proceed to havoc/splice */ diff --git a/test/test-basic.sh b/test/test-basic.sh index b4bb9df2..c39faa74 100755 --- a/test/test-basic.sh +++ b/test/test-basic.sh @@ -56,11 +56,6 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc CODE=1 } # now we want to be sure that afl-fuzz is working - # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" @@ -176,11 +171,6 @@ test "$SYS" = "i686" -o "$SYS" = "x86_64" -o "$SYS" = "amd64" -o "$SYS" = "i86pc CODE=1 } # now we want to be sure that afl-fuzz is working - # make sure core_pattern is set to core on linux - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" diff --git a/test/test-gcc-plugin.sh b/test/test-gcc-plugin.sh index 4c36b6c9..50d83e40 100755 --- a/test/test-gcc-plugin.sh +++ b/test/test-gcc-plugin.sh @@ -52,10 +52,6 @@ test -e ../afl-gcc-fast -a -e ../afl-compiler-rt.o && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" diff --git a/test/test-int_cases.c b/test/test-int_cases.c new file mode 100644 index 00000000..c76206c5 --- /dev/null +++ b/test/test-int_cases.c @@ -0,0 +1,424 @@ +/* test cases for integer comparison transformations + * compile with -DINT_TYPE="signed char" + * or -DINT_TYPE="short" + * or -DINT_TYPE="int" + * or -DINT_TYPE="long" + * or -DINT_TYPE="long long" + */ + +#include + +int main() { + + volatile INT_TYPE a, b; + /* different values */ + a = -21; + b = -2; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 1; + b = 8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ + volatile short a, b; + a = 2; + b = 256+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 256; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ + volatile int a, b; + a = 2; + b = 65536+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 65536; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ + volatile long a, b; + a = 2; + b = 4294967296+1; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1 - 4294967296; + b = -8; /* signs equal */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + a = -1; + b = 1; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = 0; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -2; + b = 8; /* signs differ */ + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 8; + b = 1; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -256; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -65536; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = 3; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -4294967296; /* signs equal */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + } + } + } + + a = 1; + b = -1; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 0; + b = -1; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 8; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 1; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 256; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 65536; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = -2; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = -1; + b = -2 - 4294967296; /* signs differ */ + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + /* equal values */ + a = 0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 1; + b = 1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 5; + b = 5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -1; + b = -1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -5; + b = -5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; + a = 1 + 256; + b = 1 + 256; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 256; + b = -2 - 256; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; + a = 1 + 65536; + b = 1 + 65536; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 65536; + b = -2 - 65536; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; + a = 1 + 4294967296; + b = 1 + 4294967296; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = -2 - 4294967296; + b = -2 - 4294967296; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + } + } + } +} + diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 7cdc83cb..8090e176 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -122,10 +122,6 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { CODE=1 } # now we want to be sure that afl-fuzz is working - (test "$(uname -s)" = "Linux" && test "$(sysctl kernel.core_pattern)" != "kernel.core_pattern = core" && { - $ECHO "$YELLOW[-] we should not run afl-fuzz with enabled core dumps. Run 'sudo sh afl-system-config'.$RESET" - true - }) || # make sure crash reporter is disabled on Mac OS X (test "$(uname -s)" = "Darwin" && test $(launchctl list 2>/dev/null | grep -q '\.ReportCrash$') && { $ECHO "$RED[!] we cannot run afl-fuzz with enabled crash reporter. Run 'sudo sh afl-system-config'.$RESET" @@ -190,6 +186,29 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { } rm -f test-instr.plain + $ECHO "$GREY[*] llvm_mode laf-intel/compcov testing splitting integer types (this might take some time)" + for testcase in ./test-int_cases.c ./test-uint_cases.c; do + for I in char short int long "long long"; do + for BITS in 8 16 32 64; do + bin="$testcase-split-$I-$BITS.compcov" + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; + if ! test -e "$bin"; then + cat test.out + $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting failed! ($testcase with type $I split to $BITS)!"; + CODE=1 + break + fi + if ! "$bin"; then + $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting resulted in miscompilation (type $I split to $BITS)!"; + CODE=1 + break + fi + rm -f "$bin" test.out || true + done + done + done + rm -f test-int-split*.compcov test.out + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_SWITCHES=1 AFL_LLVM_LAF_TRANSFORM_COMPARES=1 AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -o test-compcov.compcov test-compcov.c > test.out 2>&1 test -e test-compcov.compcov && test_compcov_binary_functionality ./test-compcov.compcov && { grep --binary-files=text -Eq " [ 123][0-9][0-9] location| [3-9][0-9] location" test.out && { diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c new file mode 100644 index 00000000..a277e28a --- /dev/null +++ b/test/test-uint_cases.c @@ -0,0 +1,217 @@ +/* + * compile with -DINT_TYPE="char" + * or -DINT_TYPE="short" + * or -DINT_TYPE="int" + * or -DINT_TYPE="long" + * or -DINT_TYPE="long long" + */ + +#include + +int main() { + + volatile unsigned INT_TYPE a, b; + + a = 1; + b = 8; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+2; + b = 256+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 256+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+2; + b = 65536+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 65536+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + } + + if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+2; + b = 4294967296+21; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + + a = 21; + b = 4294967296+1; + assert((a < b)); + assert((a <= b)); + assert(!(a > b)); + assert(!(a >= b)); + assert((a != b)); + assert(!(a == b)); + } + } + + a = 8; + b = 1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+2; + b = 256+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 256+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+2; + b = 65536+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 65536+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+2; + b = 4294967296+1; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + a = 4294967296+2; + b = 6; + assert((a > b)); + assert((a >= b)); + assert(!(a < b)); + assert(!(a <= b)); + assert((a != b)); + assert(!(a == b)); + + } + } + } + + + a = 0; + b = 0; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + a = 1; + b = 1; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; + a = 256+5; + b = 256+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; + a = 65536+5; + b = 65536+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + + if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; + a = 4294967296+5; + b = 4294967296+5; + assert(!(a < b)); + assert((a <= b)); + assert(!(a > b)); + assert((a >= b)); + assert(!(a != b)); + assert((a == b)); + } + } + + } + +} + diff --git a/unicorn_mode/samples/speedtest/rust/src/main.rs b/unicorn_mode/samples/speedtest/rust/src/main.rs index 1e35ff0b..9ea1b873 100644 --- a/unicorn_mode/samples/speedtest/rust/src/main.rs +++ b/unicorn_mode/samples/speedtest/rust/src/main.rs @@ -48,7 +48,7 @@ fn parse_locs(loc_name: &str) -> Result, io::Error> { let contents = &read_file(&format!("../target.offsets.{}", loc_name))?; //println!("Read: {:?}", contents); Ok(str_from_u8_unchecked(&contents) - .split("\n") + .split('\n') .map(|x| { //println!("Trying to convert {}", &x[2..]); let result = u64::from_str_radix(&x[2..], 16); @@ -90,7 +90,8 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { let mut unicorn = Unicorn::new(Arch::X86, Mode::MODE_64, 0)?; let mut uc: UnicornHandle<'_, _> = unicorn.borrow(); - let binary = read_file(BINARY).expect(&format!("Could not read modem image: {}", BINARY)); + let binary = + read_file(BINARY).unwrap_or_else(|_| panic!("Could not read modem image: {}", BINARY)); let _aligned_binary_size = align(binary.len() as u64); // Apply constraints to the mutated input if binary.len() as u64 > CODE_SIZE_MAX { @@ -151,7 +152,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { already_allocated_malloc.set(true); }; - let already_allocated_free = already_allocated.clone(); + let already_allocated_free = already_allocated; // No real free, just set the "used"-flag to false. let hook_free = move |mut uc: UnicornHandle<'_, _>, addr, size| { if already_allocated_free.get() { @@ -190,7 +191,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { } for addr in parse_locs("magicfn").unwrap() { - uc.add_code_hook(addr, addr, Box::new(hook_magicfn.clone()))?; + uc.add_code_hook(addr, addr, Box::new(hook_magicfn))?; } let place_input_callback = @@ -225,7 +226,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { match ret { Ok(_) => {} - Err(e) => panic!(format!("found non-ok unicorn exit: {:?}", e)), + Err(e) => panic!("found non-ok unicorn exit: {:?}", e), } Ok(()) diff --git a/utils/aflpp_driver/aflpp_driver.c b/utils/aflpp_driver/aflpp_driver.c index c094c425..ff42f3b9 100644 --- a/utils/aflpp_driver/aflpp_driver.c +++ b/utils/aflpp_driver/aflpp_driver.c @@ -204,21 +204,23 @@ static int ExecuteFilesOnyByOne(int argc, char **argv) { int main(int argc, char **argv) { - printf( - "============================== INFO ================================\n" - "This binary is built for afl++.\n" - "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " - "option\n" - "To run the target function on individual input(s) execute this:\n" - " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" - "To fuzz with afl-fuzz execute this:\n" - " afl-fuzz [afl-flags] -- %s [-N]\n" - "afl-fuzz will run N iterations before re-spawning the process (default: " - "INT_MAX)\n" - "For stdin input processing, pass '-' as single command line option.\n" - "For file input processing, pass '@@' as single command line option.\n" - "===================================================================\n", - argv[0], argv[0]); + if (argc < 2 || strncmp(argv[1], "-h", 2) == 0) + printf( + "============================== INFO ================================\n" + "This binary is built for afl++.\n" + "To use with afl-cmin or afl-cmin.bash pass '-' as single command line " + "option\n" + "To run the target function on individual input(s) execute this:\n" + " %s INPUT_FILE1 [INPUT_FILE2 ... ]\n" + "To fuzz with afl-fuzz execute this:\n" + " afl-fuzz [afl-flags] -- %s [-N]\n" + "afl-fuzz will run N iterations before re-spawning the process " + "(default: " + "INT_MAX)\n" + "For stdin input processing, pass '-' as single command line option.\n" + "For file input processing, pass '@@' as single command line option.\n" + "===================================================================\n", + argv[0], argv[0]); if (getenv("AFL_GDB")) { From a6c0b5f7667475336a26197d99ea24f18ffcdbd7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Jun 2021 11:46:26 +0200 Subject: [PATCH 354/441] afl-cmin/afl-cmin.bash/afl-showmap -i descend into subdirectories --- docs/Changelog.md | 2 + src/afl-showmap.c | 159 +++++++++++++++++++++++++++------------------- 2 files changed, 96 insertions(+), 65 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 9f70535a..530dd941 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,6 +31,8 @@ sending a mail to . - afl_analyze: - fix timeout handling - add forkserver support for better performance + - afl-cmin, afl-cmin.bash and afl-showmap -i do now descend into + subdirectories (like afl-fuzz does) - ensure afl-compiler-rt is built for gcc_module ### Version ++3.13c (release) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 96b72dd9..03050d91 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -67,6 +67,8 @@ static char *stdin_file; /* stdin file */ static u8 *in_dir = NULL, /* input folder */ *out_file = NULL, *at_file = NULL; /* Substitution string for @@ */ +static u8 outfile[PATH_MAX]; + static u8 *in_data, /* Input data */ *coverage_map; /* Coverage map */ @@ -88,7 +90,8 @@ static bool quiet_mode, /* Hide non-essential messages? */ have_coverage, /* have coverage? */ no_classify, /* do not classify counts */ debug, /* debug mode */ - print_filenames; /* print the current filename */ + print_filenames, /* print the current filename */ + wait_for_gdb; static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_crashed; /* Child crashed? */ @@ -692,6 +695,93 @@ static void setup_signal_handlers(void) { } +u32 execute_testcases(u8 *dir) { + + struct dirent **nl; + s32 nl_cnt, subdirs = 1; + u32 i, done = 0; + u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX]; + + if (!be_quiet) { ACTF("Scanning '%s'...", dir); } + + /* We use scandir() + alphasort() rather than readdir() because otherwise, + the ordering of test cases would vary somewhat randomly and would be + difficult to control. */ + + nl_cnt = scandir(dir, &nl, NULL, alphasort); + + if (nl_cnt < 0) { return 0; } + + for (i = 0; i < (u32)nl_cnt; ++i) { + + struct stat st; + + u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name); + + if (lstat(fn2, &st) || access(fn2, R_OK)) { + + PFATAL("Unable to access '%s'", fn2); + + } + + /* obviously we want to skip "descending" into . and .. directories, + however it is a good idea to skip also directories that start with + a dot */ + if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') { + + free(nl[i]); /* not tracked */ + done += execute_testcases(fn2); + ck_free(fn2); + continue; + + } + + free(nl[i]); + + if (!S_ISREG(st.st_mode) || !st.st_size) { + + ck_free(fn2); + continue; + + } + + if (st.st_size > MAX_FILE && !be_quiet) { + + WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2, + stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), + stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); + + } + + // DO + if (read_file(fn2)) { + + if (wait_for_gdb) { + + fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); + fprintf(stderr, "exec: kill -CONT %d\n", getpid()); + kill(0, SIGSTOP); + + } + + showmap_run_target_forkserver(fsrv, in_data, in_len); + ck_free(in_data); + ++done; + + if (collect_coverage) + analyze_results(fsrv); + else + tcnt = write_results_to_file(fsrv, outfile); + + } + + } + + free(nl); /* not tracked */ + return done; + +} + /* Show banner. */ static void show_banner(void) { @@ -1136,15 +1226,7 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir) { - DIR * dir_in, *dir_out = NULL; - struct dirent **file_list; - - // int done = 0; - u8 infile[PATH_MAX], outfile[PATH_MAX]; - u8 wait_for_gdb = 0; -#if !defined(DT_REG) - struct stat statbuf; -#endif + DIR *dir_in, *dir_out = NULL; if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = true; @@ -1245,65 +1327,12 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); - int file_count = scandir(in_dir, &file_list, NULL, alphasort); - if (file_count < 0) { + if (execute_testcases(in_dir) == 0) { - PFATAL("Failed to read from input dir at %s\n", in_dir); + FATAL("could not read input testcases from %s", in_dir); } - for (int i = 0; i < file_count; i++) { - - struct dirent *dir_ent = file_list[i]; - - if (dir_ent->d_name[0] == '.') { - - continue; // skip anything that starts with '.' - - } - -#if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */ - if (dir_ent->d_type != DT_REG) { - - continue; // only regular files - - } - -#endif - - snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); - -#if !defined(DT_REG) /* use stat() */ - if (-1 == stat(infile, &statbuf) || !S_ISREG(statbuf.st_mode)) continue; -#endif - - if (!collect_coverage) - snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name); - - if (read_file(infile)) { - - if (wait_for_gdb) { - - fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); - fprintf(stderr, "exec: kill -CONT %d\n", getpid()); - kill(0, SIGSTOP); - - } - - showmap_run_target_forkserver(fsrv, in_data, in_len); - ck_free(in_data); - if (collect_coverage) - analyze_results(fsrv); - else - tcnt = write_results_to_file(fsrv, outfile); - - } - - } - - free(file_list); - file_list = NULL; - if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); } if (dir_out) { closedir(dir_out); } From c46f8c1f70918056e95c801b1a81f11c79304b05 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Jun 2021 13:03:42 +0200 Subject: [PATCH 355/441] make afl-cmin actually work with subdirectories --- afl-cmin | 42 ++++++++++++++----------- docs/Changelog.md | 4 +-- instrumentation/afl-compiler-rt.o.c | 2 +- src/afl-showmap.c | 48 ++++++++++++++++------------- 4 files changed, 54 insertions(+), 42 deletions(-) diff --git a/afl-cmin b/afl-cmin index 9fa63ec6..e71873d3 100755 --- a/afl-cmin +++ b/afl-cmin @@ -296,13 +296,13 @@ BEGIN { exit 1 } - if (0 == system( "test -d "in_dir"/default" )) { - in_dir = in_dir "/default" - } - - if (0 == system( "test -d "in_dir"/queue" )) { - in_dir = in_dir "/queue" - } + #if (0 == system( "test -d "in_dir"/default" )) { + # in_dir = in_dir "/default" + #} + # + #if (0 == system( "test -d "in_dir"/queue" )) { + # in_dir = in_dir "/queue" + #} system("rm -rf "trace_dir" 2>/dev/null"); system("rm "out_dir"/id[:_]* 2>/dev/null") @@ -355,30 +355,35 @@ BEGIN { } else { stat_format = "-f '%z %N'" # *BSD, MacOS } - cmdline = "(cd "in_dir" && find . \\( ! -name . -a -type d -prune \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)" + cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)" #cmdline = "ls "in_dir" | (cd "in_dir" && xargs stat "stat_format" 2>/dev/null) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && stat "stat_format" *) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && ls | xargs stat "stat_format" ) | sort -k1n -k2r" while (cmdline | getline) { sub(/^[0-9]+ (\.\/)?/,"",$0) - infilesSmallToBig[i++] = $0 + infilesSmallToBigFull[i] = $0 + sub(/.*\//, "", $0) + infilesSmallToBig[i] = $0 + infilesSmallToBigMap[infilesSmallToBig[i]] = infilesSmallToBigFull[i] + infilesSmallToBigFullMap[infilesSmallToBigFull[i]] = infilesSmallToBig[i] + i++ } in_count = i - first_file = infilesSmallToBig[0] + first_file = infilesSmallToBigFull[0] - # Make sure that we're not dealing with a directory. + #if (0 == system("test -d ""\""in_dir"/"first_file"\"")) { + # print "[-] Error: The input directory is empty or contains subdirectories - please fix." > "/dev/stderr" + # exit 1 + #} - if (0 == system("test -d ""\""in_dir"/"first_file"\"")) { - print "[-] Error: The input directory is empty or contains subdirectories - please fix." > "/dev/stderr" - exit 1 - } - - if (0 == system("ln \""in_dir"/"first_file"\" "trace_dir"/.link_test")) { + system(">\""in_dir"/.afl-cmin.test\"") + if (0 == system("ln \""in_dir"/.afl-cmin.test\" "trace_dir"/.link_test")) { cp_tool = "ln" } else { cp_tool = "cp" } + system("rm -f \""in_dir"/.afl-cmin.test\"") if (!ENVIRON["AFL_SKIP_BIN_CHECK"]) { # Make sure that we can actually get anything out of afl-showmap before we @@ -511,7 +516,8 @@ BEGIN { # copy file unless already done if (! (fn in file_already_copied)) { - system(cp_tool" \""in_dir"/"fn"\" \""out_dir"/"fn"\"") + realfile = infilesSmallToBigMap[fn] + system(cp_tool" \""in_dir"/"realfile"\" \""out_dir"/"fn"\"") file_already_copied[fn] = "" ++out_count #printf "tuple nr %d (%d cnt=%d) -> %s\n",tcnt,key,key_count[key],fn > trace_dir"/.log" diff --git a/docs/Changelog.md b/docs/Changelog.md index 530dd941..9fd2a1a9 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -31,8 +31,8 @@ sending a mail to . - afl_analyze: - fix timeout handling - add forkserver support for better performance - - afl-cmin, afl-cmin.bash and afl-showmap -i do now descend into - subdirectories (like afl-fuzz does) + - afl-cmin and afl-showmap -i do now descend into subdirectories + (like afl-fuzz does) - note that afl-cmin.bash does not! - ensure afl-compiler-rt is built for gcc_module ### Version ++3.13c (release) diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 50117012..404b761f 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -1019,7 +1019,7 @@ static void __afl_start_forkserver(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) { - write_error("read from afl-fuzz"); + //write_error("read from afl-fuzz"); _exit(1); } diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 03050d91..646396ad 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -233,7 +233,11 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { u8 cco = !!getenv("AFL_CMIN_CRASHES_ONLY"), caa = !!getenv("AFL_CMIN_ALLOW_ANY"); - if (!outfile) { FATAL("Output filename not set (Bug in AFL++?)"); } + if (!outfile || !*outfile) { + + FATAL("Output filename not set (Bug in AFL++?)"); + + } if (cmin_mode && (fsrv->last_run_timed_out || (!caa && child_crashed != cco))) { @@ -753,7 +757,9 @@ u32 execute_testcases(u8 *dir) { } - // DO + if (!collect_coverage) + snprintf(outfile, sizeof(outfile), "%s/%s", out_file, nl[i]->d_name); + if (read_file(fn2)) { if (wait_for_gdb) { @@ -800,31 +806,31 @@ static void usage(u8 *argv0) { "\n%s [ options ] -- /path/to/target_app [ ... ]\n\n" "Required parameters:\n" - " -o file - file to write the trace data to\n\n" + " -o file - file to write the trace data to\n\n" "Execution control settings:\n" - " -t msec - timeout for each run (none)\n" - " -m megs - memory limit for child process (%u MB)\n" - " -O - use binary-only instrumentation (FRIDA mode)\n" - " -Q - use binary-only instrumentation (QEMU mode)\n" - " -U - use Unicorn-based instrumentation (Unicorn mode)\n" - " -W - use qemu-based instrumentation with Wine (Wine mode)\n" - " (Not necessary, here for consistency with other afl-* " + " -t msec - timeout for each run (none)\n" + " -m megs - memory limit for child process (%u MB)\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" + " -Q - use binary-only instrumentation (QEMU mode)\n" + " -U - use Unicorn-based instrumentation (Unicorn mode)\n" + " -W - use qemu-based instrumentation with Wine (Wine mode)\n" + " (Not necessary, here for consistency with other afl-* " "tools)\n\n" "Other settings:\n" - " -i dir - process all files in this directory, must be combined " + " -i dir - process all files below this directory, must be combined " "with -o.\n" - " With -C, -o is a file, without -C it must be a " + " With -C, -o is a file, without -C it must be a " "directory\n" - " and each bitmap will be written there individually.\n" - " -C - collect coverage, writes all edges to -o and gives a " + " and each bitmap will be written there individually.\n" + " -C - collect coverage, writes all edges to -o and gives a " "summary\n" - " Must be combined with -i.\n" - " -q - sink program's output and don't show messages\n" - " -e - show edge coverage only, ignore hit counts\n" - " -r - show real tuple values instead of AFL filter values\n" - " -s - do not classify the map\n" - " -c - allow core dumps\n\n" + " Must be combined with -i.\n" + " -q - sink program's output and don't show messages\n" + " -e - show edge coverage only, ignore hit counts\n" + " -r - show real tuple values instead of AFL filter values\n" + " -s - do not classify the map\n" + " -c - allow core dumps\n\n" "This tool displays raw tuple data captured by AFL instrumentation.\n" "For additional help, consult %s/README.md.\n\n" @@ -1259,7 +1265,7 @@ int main(int argc, char **argv_orig, char **envp) { } else { - if ((coverage_map = (u8 *)malloc(map_size)) == NULL) + if ((coverage_map = (u8 *)malloc(map_size + 64)) == NULL) FATAL("coult not grab memory"); edges_only = false; raw_instr_output = true; From 35153e9b495e3f61c032a3d911e4906fed0b50d6 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 16 Jun 2021 15:33:03 +0200 Subject: [PATCH 356/441] correct map size for small targets --- TODO.md | 2 -- include/forkserver.h | 1 + instrumentation/afl-compiler-rt.o.c | 6 ------ src/afl-forkserver.c | 10 ++++++---- src/afl-fuzz-run.c | 3 +-- src/afl-fuzz-stats.c | 17 +++++++++-------- 6 files changed, 17 insertions(+), 22 deletions(-) diff --git a/TODO.md b/TODO.md index 398f3d11..1c616b4a 100644 --- a/TODO.md +++ b/TODO.md @@ -2,13 +2,11 @@ ## Roadmap 3.00+ - - align map to 64 bytes but keep real IDs - Update afl->pending_not_fuzzed for MOpt - put fuzz target in top line of UI - afl-plot to support multiple plot_data - afl_custom_fuzz_splice_optin() - afl_custom_splice() - - intel-pt tracer - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - parallel builds for source-only targets diff --git a/include/forkserver.h b/include/forkserver.h index 2baa6f0a..c6f7de00 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -54,6 +54,7 @@ typedef struct afl_forkserver { u32 exec_tmout; /* Configurable exec timeout (ms) */ u32 init_tmout; /* Configurable init timeout (ms) */ u32 map_size; /* map size used by the target */ + u32 real_map_size; /* real map size, unaligned */ u32 snapshot; /* is snapshot feature used */ u64 mem_limit; /* Memory cap for child (MB) */ diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 404b761f..92deff6a 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -271,12 +271,6 @@ static void __afl_map_shm(void) { if (__afl_final_loc) { - if (__afl_final_loc % 64) { - - __afl_final_loc = (((__afl_final_loc + 63) >> 6) << 6); - - } - __afl_map_size = __afl_final_loc; if (__afl_final_loc > MAP_SIZE) { diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 3d472b36..8fb8a75a 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -90,6 +90,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { /* exec related stuff */ fsrv->child_pid = -1; fsrv->map_size = get_map_size(); + fsrv->real_map_size = fsrv->map_size; fsrv->use_fauxsrv = false; fsrv->last_run_timed_out = false; fsrv->debug = false; @@ -110,6 +111,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->init_tmout = from->init_tmout; fsrv_to->mem_limit = from->mem_limit; fsrv_to->map_size = from->map_size; + fsrv_to->real_map_size = from->real_map_size; fsrv_to->support_shmem_fuzz = from->support_shmem_fuzz; fsrv_to->out_file = from->out_file; fsrv_to->dev_urandom_fd = from->dev_urandom_fd; @@ -691,15 +693,15 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!fsrv->map_size) { fsrv->map_size = MAP_SIZE; } - if (unlikely(tmp_map_size % 64)) { + fsrv->real_map_size = tmp_map_size; + + if (tmp_map_size % 64) { - // should not happen - WARNF("Target reported non-aligned map size of %u", tmp_map_size); tmp_map_size = (((tmp_map_size + 63) >> 6) << 6); } - if (!be_quiet) { ACTF("Target map size: %u", tmp_map_size); } + if (!be_quiet) { ACTF("Target map size: %u", fsrv->real_map_size); } if (tmp_map_size > fsrv->map_size) { FATAL( diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 49856a9f..3de67955 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -424,8 +424,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } var_detected = 1; - afl->stage_max = - afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; + afl->stage_max = afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; } else { diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 9648d795..e0930234 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -264,6 +264,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, "peak_rss_mb : %lu\n" "cpu_affinity : %d\n" "edges_found : %u\n" + "total_edges : %u\n" "var_byte_count : %u\n" "havoc_expansion : %u\n" "testcache_size : %llu\n" @@ -303,10 +304,10 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, #else -1, #endif - t_bytes, afl->var_byte_count, afl->expand_havoc, - afl->q_testcase_cache_size, afl->q_testcase_cache_count, - afl->q_testcase_evictions, afl->use_banner, - afl->unicorn_mode ? "unicorn" : "", + t_bytes, afl->fsrv.real_map_size, afl->var_byte_count, + afl->expand_havoc, afl->q_testcase_cache_size, + afl->q_testcase_cache_count, afl->q_testcase_evictions, + afl->use_banner, afl->unicorn_mode ? "unicorn" : "", afl->fsrv.qemu_mode ? "qemu " : "", afl->non_instrumented_mode ? " non_instrumented " : "", afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "", @@ -326,7 +327,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, u32 i = 0; fprintf(f, "virgin_bytes :"); - for (i = 0; i < afl->fsrv.map_size; i++) { + for (i = 0; i < afl->fsrv.real_map_size; i++) { if (afl->virgin_bits[i] != 0xff) { @@ -338,7 +339,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, fprintf(f, "\n"); fprintf(f, "var_bytes :"); - for (i = 0; i < afl->fsrv.map_size; i++) { + for (i = 0; i < afl->fsrv.real_map_size; i++) { if (afl->var_bytes[i]) { fprintf(f, " %u", i); } @@ -520,7 +521,7 @@ void show_stats(afl_state_t *afl) { /* Do some bitmap stats. */ t_bytes = count_non_255_bytes(afl, afl->virgin_bits); - t_byte_ratio = ((double)t_bytes * 100) / afl->fsrv.map_size; + t_byte_ratio = ((double)t_bytes * 100) / afl->fsrv.real_map_size; if (likely(t_bytes) && unlikely(afl->var_byte_count)) { @@ -781,7 +782,7 @@ void show_stats(afl_state_t *afl) { SAYF(bV bSTOP " now processing : " cRST "%-18s " bSTG bV bSTOP, tmp); sprintf(tmp, "%0.02f%% / %0.02f%%", - ((double)afl->queue_cur->bitmap_size) * 100 / afl->fsrv.map_size, + ((double)afl->queue_cur->bitmap_size) * 100 / afl->fsrv.real_map_size, t_byte_ratio); SAYF(" map density : %s%-19s" bSTG bV "\n", From 58747f9f4fe960cf97d40dd6d6db0f2f7f13b505 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 16 Jun 2021 20:53:57 +0100 Subject: [PATCH 357/441] Perf regression4 (#979) * Added test for libjpeg * Added proj4 test * Added missing members to x86/64 context * Changes to use memfd and hashtable cache * Removed redundant check Co-authored-by: Your Name --- frida_mode/src/cmplog/cmplog.c | 143 +++++++-------- frida_mode/src/ctx/ctx_x64.c | 22 ++- frida_mode/src/ctx/ctx_x86.c | 6 +- frida_mode/test/jpeg/GNUmakefile | 172 ++++++++++++++++++ frida_mode/test/jpeg/Makefile | 19 ++ frida_mode/test/jpeg/aflpp_qemu_driver_hook.c | 97 ++++++++++ frida_mode/test/jpeg/get_symbol_addr.py | 36 ++++ frida_mode/test/proj4/GNUmakefile | 172 ++++++++++++++++++ frida_mode/test/proj4/Makefile | 19 ++ .../test/proj4/aflpp_qemu_driver_hook.c | 97 ++++++++++ frida_mode/test/proj4/get_symbol_addr.py | 36 ++++ 11 files changed, 742 insertions(+), 77 deletions(-) create mode 100644 frida_mode/test/jpeg/GNUmakefile create mode 100644 frida_mode/test/jpeg/Makefile create mode 100644 frida_mode/test/jpeg/aflpp_qemu_driver_hook.c create mode 100755 frida_mode/test/jpeg/get_symbol_addr.py create mode 100644 frida_mode/test/proj4/GNUmakefile create mode 100644 frida_mode/test/proj4/Makefile create mode 100644 frida_mode/test/proj4/aflpp_qemu_driver_hook.c create mode 100755 frida_mode/test/proj4/get_symbol_addr.py diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 3df7d13d..a6c95ab0 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -10,18 +10,20 @@ #include "util.h" #define DEFAULT_MMAP_MIN_ADDR (32UL << 10) -#define FD_TMP_MAX_SIZE 65536 +#define MAX_MEMFD_SIZE (64UL << 10) extern struct cmp_map *__afl_cmp_map; - static GArray *cmplog_ranges = NULL; -static int fd_tmp = -1; -static ssize_t fd_tmp_size = 0; +static GHashTable * hash = NULL; + +static int memfd = -1; +static size_t memfd_size = 0; +static u8 scratch[MAX_MEMFD_SIZE] = {0}; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { - UNUSED_PARAMETER(user_data); + GArray * cmplog_ranges = (GArray *)user_data; GumMemoryRange range = *details->range; g_array_append_val(cmplog_ranges, range); return TRUE; @@ -35,37 +37,22 @@ static gint cmplog_sort(gconstpointer a, gconstpointer b) { } -static int cmplog_create_temp(void) { +static void cmplog_get_ranges(void) { - const char *tmpdir = g_get_tmp_dir(); - OKF("CMPLOG Temporary directory: %s", tmpdir); - gchar *fname = g_strdup_printf("%s/frida-cmplog-XXXXXX", tmpdir); - OKF("CMPLOG Temporary file template: %s", fname); - int fd = mkstemp(fname); - OKF("CMPLOG Temporary file: %s", fname); + OKF("CMPLOG - Collecting ranges"); - if (fd < 0) { + cmplog_ranges = + g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); + gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, cmplog_ranges); + g_array_sort(cmplog_ranges, cmplog_sort); - FATAL("Failed to create temp file: %s, errno: %d", fname, errno); + for (guint i = 0; i < cmplog_ranges->len; i++) { + + GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); } - if (unlink(fname) < 0) { - - FATAL("Failed to unlink temp file: %s (%d), errno: %d", fname, fd, errno); - - } - - if (ftruncate(fd, 0) < 0) { - - FATAL("Failed to ftruncate temp file: %s (%d), errno: %d", fname, fd, - errno); - - } - - g_free(fname); - - return fd; + g_array_free(cmplog_ranges, TRUE); } @@ -73,25 +60,28 @@ void cmplog_init(void) { if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } - cmplog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); - gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, NULL); - g_array_sort(cmplog_ranges, cmplog_sort); + cmplog_get_ranges(); for (guint i = 0; i < cmplog_ranges->len; i++) { GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); - OKF("CMPLOG Range - 0x%016" G_GINT64_MODIFIER "X - 0x%016" G_GINT64_MODIFIER - "X", - range->base_address, range->base_address + range->size); + OKF("CMPLOG Range - %3u: 0x%016" G_GINT64_MODIFIER + "X - 0x%016" G_GINT64_MODIFIER "X", + i, range->base_address, range->base_address + range->size); } - /* - * We can't use /dev/null or /dev/zero for this since it appears that they - * don't validate the input buffer. Persumably as an optimization because they - * don't actually write any data. The file will be deleted on close. - */ - fd_tmp = cmplog_create_temp(); + memfd = syscall(__NR_memfd_create, "cmplog_memfd", 0); + if (memfd < 0) { + + FATAL("Failed to create_memfd, errno: %d", errno); + + } + + hash = g_hash_table_new (g_direct_hash, g_direct_equal); + if (hash == NULL) { + FATAL("Failed to g_hash_table_new, errno: %d", errno); + } } @@ -102,6 +92,42 @@ static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, } +gboolean cmplog_test_addr(guint64 addr, size_t size) { + + if (g_hash_table_contains(hash, (gpointer)addr)) { return true; } + + if (memfd_size > MAX_MEMFD_SIZE) { + if (lseek(memfd, 0, SEEK_SET) < 0) { + FATAL("CMPLOG - Failed lseek, errno: %d", errno); + } + } + + /* + * Our address map can change (e.g. stack growth), use write as a fallback to + * validate our address. + */ + ssize_t written = syscall(__NR_write, memfd, (void *)addr, size); + if (written < 0 && errno != EFAULT && errno != 0) { + FATAL("CMPLOG - Failed __NR_write, errno: %d", errno); + } + /* + * If the write succeeds, then the buffer must be valid otherwise it would + * return EFAULT + */ + if (written > 0) { memfd_size += written; } + + if ((size_t)written == size) { + if (!g_hash_table_add (hash, (gpointer)addr)) { + FATAL("Failed - g_hash_table_add"); + } + return true; + } + + + + return false; +} + gboolean cmplog_is_readable(guint64 addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); @@ -125,6 +151,7 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { for (guint i = 0; i < cmplog_ranges->len; i++) { GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); + GumAddress outer_base = range->base_address; GumAddress outer_limit = outer_base + range->size; @@ -133,37 +160,7 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { } - /* - * Our address map can change (e.g. stack growth), use write as a fallback to - * validate our address. - */ - ssize_t written = syscall(__NR_write, fd_tmp, (void *)addr, size); - - /* - * If the write succeeds, then the buffer must be valid otherwise it would - * return EFAULT - */ - if (written > 0) { - - fd_tmp_size += written; - if (fd_tmp_size > FD_TMP_MAX_SIZE) { - - /* - * Truncate the file, we don't want our temp file to continue growing! - */ - if (ftruncate(fd_tmp, 0) < 0) { - - FATAL("Failed to truncate fd_tmp (%d), errno: %d", fd_tmp, errno); - - } - - fd_tmp_size = 0; - - } - - if ((size_t)written == size) { return true; } - - } + if (cmplog_test_addr(addr, size)) { return true; } return false; diff --git a/frida_mode/src/ctx/ctx_x64.c b/frida_mode/src/ctx/ctx_x64.c index c5900533..1772a252 100644 --- a/frida_mode/src/ctx/ctx_x64.c +++ b/frida_mode/src/ctx/ctx_x64.c @@ -49,9 +49,18 @@ gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { X86_REG_8L(X86_REG_BL, ctx->rbx) X86_REG_8L(X86_REG_CL, ctx->rcx) X86_REG_8L(X86_REG_DL, ctx->rdx) + X86_REG_8L(X86_REG_SPL, ctx->rsp) X86_REG_8L(X86_REG_BPL, ctx->rbp) X86_REG_8L(X86_REG_SIL, ctx->rsi) X86_REG_8L(X86_REG_DIL, ctx->rdi) + X86_REG_8L(X86_REG_R8B, ctx->r8) + X86_REG_8L(X86_REG_R9B, ctx->r9) + X86_REG_8L(X86_REG_R10B, ctx->r10) + X86_REG_8L(X86_REG_R11B, ctx->r11) + X86_REG_8L(X86_REG_R12B, ctx->r12) + X86_REG_8L(X86_REG_R13B, ctx->r13) + X86_REG_8L(X86_REG_R14B, ctx->r14) + X86_REG_8L(X86_REG_R15B, ctx->r15) X86_REG_8H(X86_REG_AH, ctx->rax) X86_REG_8H(X86_REG_BH, ctx->rbx) @@ -62,14 +71,23 @@ gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { X86_REG_16(X86_REG_BX, ctx->rbx) X86_REG_16(X86_REG_CX, ctx->rcx) X86_REG_16(X86_REG_DX, ctx->rdx) + X86_REG_16(X86_REG_SP, ctx->rsp) + X86_REG_16(X86_REG_BP, ctx->rbp) X86_REG_16(X86_REG_DI, ctx->rdi) X86_REG_16(X86_REG_SI, ctx->rsi) - X86_REG_16(X86_REG_BP, ctx->rbp) + X86_REG_16(X86_REG_R8W, ctx->r8) + X86_REG_16(X86_REG_R9W, ctx->r9) + X86_REG_16(X86_REG_R10W, ctx->r10) + X86_REG_16(X86_REG_R11W, ctx->r11) + X86_REG_16(X86_REG_R12W, ctx->r12) + X86_REG_16(X86_REG_R13W, ctx->r13) + X86_REG_16(X86_REG_R14W, ctx->r14) + X86_REG_16(X86_REG_R15W, ctx->r15) X86_REG_32(X86_REG_EAX, ctx->rax) + X86_REG_32(X86_REG_EBX, ctx->rbx) X86_REG_32(X86_REG_ECX, ctx->rcx) X86_REG_32(X86_REG_EDX, ctx->rdx) - X86_REG_32(X86_REG_EBX, ctx->rbx) X86_REG_32(X86_REG_ESP, ctx->rsp) X86_REG_32(X86_REG_EBP, ctx->rbp) X86_REG_32(X86_REG_ESI, ctx->rsi) diff --git a/frida_mode/src/ctx/ctx_x86.c b/frida_mode/src/ctx/ctx_x86.c index 45308272..9b50cb52 100644 --- a/frida_mode/src/ctx/ctx_x86.c +++ b/frida_mode/src/ctx/ctx_x86.c @@ -42,6 +42,7 @@ gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { X86_REG_8L(X86_REG_BL, ctx->ebx) X86_REG_8L(X86_REG_CL, ctx->ecx) X86_REG_8L(X86_REG_DL, ctx->edx) + X86_REG_8L(X86_REG_SPL, ctx->esp) X86_REG_8L(X86_REG_BPL, ctx->ebp) X86_REG_8L(X86_REG_SIL, ctx->esi) X86_REG_8L(X86_REG_DIL, ctx->edi) @@ -55,14 +56,15 @@ gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { X86_REG_16(X86_REG_BX, ctx->ebx) X86_REG_16(X86_REG_CX, ctx->ecx) X86_REG_16(X86_REG_DX, ctx->edx) + X86_REG_16(X86_REG_SP, ctx->esp) + X86_REG_16(X86_REG_BP, ctx->ebp) X86_REG_16(X86_REG_DI, ctx->edi) X86_REG_16(X86_REG_SI, ctx->esi) - X86_REG_16(X86_REG_BP, ctx->ebp) X86_REG_32(X86_REG_EAX, ctx->eax) + X86_REG_32(X86_REG_EBX, ctx->ebx) X86_REG_32(X86_REG_ECX, ctx->ecx) X86_REG_32(X86_REG_EDX, ctx->edx) - X86_REG_32(X86_REG_EBX, ctx->ebx) X86_REG_32(X86_REG_ESP, ctx->esp) X86_REG_32(X86_REG_EBP, ctx->ebp) X86_REG_32(X86_REG_ESI, ctx->esi) diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile new file mode 100644 index 00000000..689fce3d --- /dev/null +++ b/frida_mode/test/jpeg/GNUmakefile @@ -0,0 +1,172 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +LIBJPEG_BUILD_DIR:=$(BUILD_DIR)libjpeg/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +JPEGTEST_BUILD_DIR:=$(BUILD_DIR)jpegtest/ + +LIBJPEG_URL:=https://github.com/libjpeg-turbo/libjpeg-turbo.git +LIBJPEG_DIR:=$(LIBJPEG_BUILD_DIR)libjpeg/ +LIBJPEG_CONFIGURE:=$(LIBJPEG_DIR)configure.ac +LIBJPEG_MAKEFILE:=$(LIBJPEG_DIR)Makefile +LIBJPEG_LIB:=$(LIBJPEG_DIR).libs/libturbojpeg.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/stable/utils/aflpp_driver/aflpp_qemu_driver.c" + +JPEGTEST_FILE:=$(JPEGTEST_BUILD_DIR)target.cc +JPEGTEST_OBJ:=$(JPEGTEST_BUILD_DIR)target.o +JPEGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libjpeg-turbo-07-2017/libjpeg_turbo_fuzzer.cc" + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)default_seed + +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### JPEGTEST ######## + +$(JPEGTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(JPEGTEST_FILE): | $(JPEGTEST_BUILD_DIR) + wget -O $@ $(JPEGTEST_URL) + +$(JPEGTEST_OBJ): $(JPEGTEST_FILE) | $(LIBJPEG_MAKEFILE) + $(CXX) $(CXXFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBJPEG_DIR) -o $@ -c $< + +######### LIBJPEG ######## + +$(LIBJPEG_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBJPEG_CONFIGURE): $(LIBJPEG_BUILD_DIR) + git clone $(LIBJPEG_URL) $(LIBJPEG_DIR) + cd $(LIBJPEG_DIR) && git checkout b0971e47d76fdb81270e93bbf11ff5558073350d + +$(LIBJPEG_MAKEFILE): $(LIBJPEG_CONFIGURE) + cd $(LIBJPEG_DIR) && autoreconf -fiv + cd $(LIBJPEG_DIR) && ./configure + +$(LIBJPEG_LIB): $(LIBJPEG_MAKEFILE) + make -C $(LIBJPEG_DIR) -j $(shell nproc) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(JPEGTEST_OBJ) $(LIBJPEG_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(JPEGTEST_OBJ) $(LIBJPEG_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## HOOK ######## + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ + +########## DUMMY ####### + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo "hi" > $(TEST_DATA_FILE) + +###### TEST DATA ####### + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) + AFL_DEBUG_CHILD=1 \ + AFL_DISABLE_TRIM=1 \ + AFL_FRIDA_PERSISTENT_CNT=1000000 \ + AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 \ + AFL_NO_AFFINITY=1 \ + X__AFL_NO_UI=1 \ + AFL_PATH=/out \ + AFL_SHUFFLE_QUEUE=1 \ + AFL_SKIP_CPUFREQ=1 \ + AFL_SKIP_CRASHES=1 \ + AFL_TESTCACHE_SIZE=2 \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -m none \ + -t 1000+ \ + -d \ + -O \ + -c 0\ + -V 30 \ + -- \ + $(TEST_BIN) 2147483647 + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.jpeg diff --git a/frida_mode/test/jpeg/Makefile b/frida_mode/test/jpeg/Makefile new file mode 100644 index 00000000..863438cf --- /dev/null +++ b/frida_mode/test/jpeg/Makefile @@ -0,0 +1,19 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +debug: + @gmake debug + +hook: + @gmake hook diff --git a/frida_mode/test/jpeg/aflpp_qemu_driver_hook.c b/frida_mode/test/jpeg/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/jpeg/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/jpeg/get_symbol_addr.py b/frida_mode/test/jpeg/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/jpeg/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile new file mode 100644 index 00000000..09112cd5 --- /dev/null +++ b/frida_mode/test/proj4/GNUmakefile @@ -0,0 +1,172 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so + +LIBPROJ4_BUILD_DIR:=$(BUILD_DIR)libproj4/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PROJ4TEST_BUILD_DIR:=$(BUILD_DIR)proj4test/ + +LIBPROJ4_URL:=https://github.com/OSGeo/PROJ +LIBPROJ4_DIR:=$(LIBPROJ4_BUILD_DIR)libproj4/ +LIBPROJ4_CONFIGURE:=$(LIBPROJ4_DIR)configure.ac +LIBPROJ4_MAKEFILE:=$(LIBPROJ4_DIR)Makefile +LIBPROJ4_LIB:=$(LIBPROJ4_DIR)src/.libs/libproj.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/stable/utils/aflpp_driver/aflpp_qemu_driver.c" + +PROJ4TEST_FILE:=$(PROJ4TEST_BUILD_DIR)target.cc +PROJ4TEST_OBJ:=$(PROJ4TEST_BUILD_DIR)target.o +PROJ4TEST_URL:="https://raw.githubusercontent.com/OSGeo/PROJ/d00501750b210a73f9fb107ac97a683d4e3d8e7a/test/fuzzers/standard_fuzzer.cpp" + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)default_seed + +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### PROJ4TEST ######## + +$(PROJ4TEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PROJ4TEST_FILE): | $(PROJ4TEST_BUILD_DIR) + wget -O $@ $(PROJ4TEST_URL) + +$(PROJ4TEST_OBJ): $(PROJ4TEST_FILE) | $(LIBPROJ4_MAKEFILE) + $(CXX) $(CXXFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBPROJ4_DIR)src/ -o $@ -c $< + +######### LIBPROJ4 ######## + +$(LIBPROJ4_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPROJ4_CONFIGURE): $(LIBPROJ4_BUILD_DIR) + git clone $(LIBPROJ4_URL) $(LIBPROJ4_DIR) + cd $(LIBPROJ4_DIR) && git checkout d00501750b210a73f9fb107ac97a683d4e3d8e7a + +$(LIBPROJ4_MAKEFILE): $(LIBPROJ4_CONFIGURE) + cd $(LIBPROJ4_DIR) && ./autogen.sh + cd $(LIBPROJ4_DIR) && ./configure + +$(LIBPROJ4_LIB): $(LIBPROJ4_MAKEFILE) + make -C $(LIBPROJ4_DIR) -j $(shell nproc) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PROJ4TEST_OBJ) $(LIBPROJ4_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(PROJ4TEST_OBJ) $(LIBPROJ4_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## HOOK ######## + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ + +########## DUMMY ####### + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo "hi" > $(TEST_DATA_FILE) + +###### TEST DATA ####### + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) + AFL_DEBUG_CHILD=1 \ + AFL_DISABLE_TRIM=1 \ + AFL_FRIDA_PERSISTENT_CNT=1000000 \ + AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 \ + AFL_NO_AFFINITY=1 \ + X__AFL_NO_UI=1 \ + AFL_PATH=/out \ + AFL_SHUFFLE_QUEUE=1 \ + AFL_SKIP_CPUFREQ=1 \ + AFL_SKIP_CRASHES=1 \ + AFL_TESTCACHE_SIZE=2 \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -m none \ + -t 1000+ \ + -d \ + -O \ + -c 0\ + -V 30 \ + -- \ + $(TEST_BIN) 2147483647 + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.proj4 diff --git a/frida_mode/test/proj4/Makefile b/frida_mode/test/proj4/Makefile new file mode 100644 index 00000000..863438cf --- /dev/null +++ b/frida_mode/test/proj4/Makefile @@ -0,0 +1,19 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +debug: + @gmake debug + +hook: + @gmake hook diff --git a/frida_mode/test/proj4/aflpp_qemu_driver_hook.c b/frida_mode/test/proj4/aflpp_qemu_driver_hook.c new file mode 100644 index 00000000..059d438d --- /dev/null +++ b/frida_mode/test/proj4/aflpp_qemu_driver_hook.c @@ -0,0 +1,97 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/test/proj4/get_symbol_addr.py b/frida_mode/test/proj4/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/proj4/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) From 98dc0d26496cb5bcf1af22a3dd852f59637b39cc Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 21 Jun 2021 10:07:14 +0200 Subject: [PATCH 358/441] improve documentation --- README.md | 55 +++++++++++++++++++++++++++------------- docs/parallel_fuzzing.md | 8 ++++-- 2 files changed, 43 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 91f28118..c0a22e54 100644 --- a/README.md +++ b/README.md @@ -25,12 +25,17 @@ For comparisons use the fuzzbench `aflplusplus` setup, or use `afl-clang-fast` with `AFL_LLVM_CMPLOG=1`. -## Major changes in afl++ 3.00 onwards: +## Major behaviour changes in afl++ 3.00 onwards: With afl++ 3.13-3.20 we introduce frida_mode (-O) to have an alternative for binary-only fuzzing. It is slower than Qemu mode but works on MacOS, Android, iOS etc. +With afl++ 3.14 we introduced the following changes from previous behaviours: + * afl-fuzz: deterministic fuzzing it not a default for -M main anymore + * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash + however does not) + With afl++ 3.10 we introduced the following changes from previous behaviours: * The '+' feature of the '-t' option now means to auto-calculate the timeout with the value given being the maximum timeout. The original meaning of @@ -38,7 +43,6 @@ With afl++ 3.10 we introduced the following changes from previous behaviours: With afl++ 3.00 we introduced changes that break some previous afl and afl++ behaviours and defaults: - * There are no llvm_mode and gcc_plugin subdirectories anymore and there is only one compiler: afl-cc. All previous compilers now symlink to this one. All instrumentation source code is now in the `instrumentation/` folder. @@ -572,8 +576,15 @@ to use afl-clang-lto as the compiler. You also have the option to generate a dictionary yourself, see [utils/libtokencap/README.md](utils/libtokencap/README.md). afl-fuzz has a variety of options that help to workaround target quirks like -specific locations for the input file (`-f`), not performing deterministic -fuzzing (`-d`) and many more. Check out `afl-fuzz -h`. +specific locations for the input file (`-f`), performing deterministic +fuzzing (`-D`) and many more. Check out `afl-fuzz -h`. + +We highly recommend that you set a memory limit for running the target with `-m` +which defines the maximum memory in MB. This prevents a potential +out-of-memory problem for your system plus helps you detect missing `malloc()` +failure handling in the target. +Play around with various -m values until you find one that safely works for all +your input seeds (if you have good ones and then double or quadrouple that. By default afl-fuzz never stops fuzzing. To terminate afl++ simply press Control-C or send a signal SIGINT. You can limit the number of executions or approximate runtime @@ -614,23 +625,28 @@ For every secondary fuzzer there should be a variation, e.g.: * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV (see above). Important note: If you run more than one laf-intel/COMPCOV fuzzer and you want them to share their intermediate results, the main - fuzzer (`-M`) must be one of the them! + fuzzer (`-M`) must be one of the them! (Although this is not really + recommended.) All other secondaries should be used like this: - * A third to a half with the MOpt mutator enabled: `-L 0` - * run with a different power schedule, available are: - `fast (default), explore, coe, lin, quad, exploit, mmopt, rare, seek` - which you can set with e.g. `-p seek` + * A quarter to a third with the MOpt mutator enabled: `-L 0` + * run with a different power schedule, recommended are: + `fast (default), explore, coe, lin, quad, exploit and rare` + which you can set with e.g. `-p explore` + * a few instances should use the old queue cycling with `-Z` Also it is recommended to set `export AFL_IMPORT_FIRST=1` to load testcases from other fuzzers in the campaign first. +If you have a large corpus, a corpus from a previous run or are fuzzing in +a CI, then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`. + You can also use different fuzzers. If you are using afl spinoffs or afl conforming fuzzers, then just use the same -o directory and give it a unique `-S` name. Examples are: * [Eclipser](https://github.com/SoftSec-KAIST/Eclipser/) - * [Untracer](https://github.com/FoRTE-Research/UnTracer-AFL) + * [symcc](https://github.com/eurecom-s/symcc/) * [AFLsmart](https://github.com/aflsmart/aflsmart) * [FairFuzz](https://github.com/carolemieux/afl-rb) * [Neuzz](https://github.com/Dongdongshe/neuzz) @@ -638,9 +654,11 @@ Examples are: A long list can be found at [https://github.com/Microsvuln/Awesome-AFL](https://github.com/Microsvuln/Awesome-AFL) -However you can also sync afl++ with honggfuzz, libfuzzer with -entropic, etc. +However you can also sync afl++ with honggfuzz, libfuzzer with `-entropic=1`, etc. Just show the main fuzzer (-M) with the `-F` option where the queue/work directory of a different fuzzer is, e.g. `-F /src/target/honggfuzz`. +Using honggfuzz (with `-n 1` or `-n 2`) and libfuzzer in parallel is highly +recommended! #### c) The status of the fuzz campaign @@ -767,25 +785,26 @@ campaigns as these are much shorter runnings. corpus needs to be loaded. * `AFL_CMPLOG_ONLY_NEW` - only perform cmplog on new found paths, not the initial corpus as this very likely has been done for them already. - * Keep the generated corpus, use afl-cmin and reuse it everytime! + * Keep the generated corpus, use afl-cmin and reuse it every time! 2. Additionally randomize the afl++ compilation options, e.g. * 40% for `AFL_LLVM_CMPLOG` * 10% for `AFL_LLVM_LAF_ALL` 3. Also randomize the afl-fuzz runtime options, e.g. - * 60% for `AFL_DISABLE_TRIM` + * 65% for `AFL_DISABLE_TRIM` * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE` - * 50% use MOpt (`-L 0`) + * 40% use MOpt (`-L 0`) * 40% for `AFL_EXPAND_HAVOC_NOW` - * 30% for old queue processing (`-Z`) + * 20% for old queue processing (`-Z`) * for CMPLOG targets, 60% for `-l 2`, 40% for `-l 3` 4. Do *not* run any `-M` modes, just running `-S` modes is better for CI fuzzing. - `-M` enables deterministic fuzzing, old queue handling etc. which is good for - a fuzzing campaign but not good for short CI runs. + `-M` enables old queue handling etc. which is good for a fuzzing campaign but + not good for short CI runs. -How this can look like can e.g. be seen at afl++'s setup in Google's [oss-fuzz](https://github.com/google/oss-fuzz/blob/4bb61df7905c6005000f5766e966e6fe30ab4559/infra/base-images/base-builder/compile_afl#L69). +How this can look like can e.g. be seen at afl++'s setup in Google's [oss-fuzz](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/compile_afl) +and [clusterfuzz](https://github.com/google/clusterfuzz/blob/master/src/python/bot/fuzzers/afl/launcher.py). ## Fuzzing binary-only targets diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md index 8f2afe1b..23872899 100644 --- a/docs/parallel_fuzzing.md +++ b/docs/parallel_fuzzing.md @@ -1,7 +1,11 @@ # Tips for parallel fuzzing - This document talks about synchronizing afl-fuzz jobs on a single machine - or across a fleet of systems. See README.md for the general instruction manual. +This document talks about synchronizing afl-fuzz jobs on a single machine +or across a fleet of systems. See README.md for the general instruction manual. + +Note that this document is rather outdated. please refer to the main document +section on multiple core usage [../README.md#Using multiple cores](../README.md#b-using-multiple-coresthreads) +for up to date strategies! ## 1) Introduction From ba9323f14cb4ba7c99c4081f19c12b93e112dd65 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 21 Jun 2021 11:53:46 +0200 Subject: [PATCH 359/441] typo --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e9a67ac5..c148086c 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -125,7 +125,7 @@ static void usage(u8 *argv0, int more_help) { "entering the\n" " pacemaker mode (minutes of no new paths). 0 = " "immediately,\n" - " -1 = immediately and together with normal mutation).\n" + " -1 = immediately and together with normal mutation.\n" " See docs/README.MOpt.md\n" " -c program - enable CmpLog by specifying a binary compiled for " "it.\n" From cbac22d82b90d631bafc4572aa79faa0c568beeb Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 22 Jun 2021 17:24:06 +0200 Subject: [PATCH 360/441] reverse read the queue n resumes --- docs/Changelog.md | 1 + src/afl-fuzz-init.c | 7 +++++-- src/afl-fuzz-run.c | 3 ++- src/afl-fuzz.c | 7 ++++++- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 9fd2a1a9..afa5491b 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -16,6 +16,7 @@ sending a mail to . - if the target becomes unavailable check out out/default/error.txt for an indicator why - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL + - reverse read the queue on resumes (more effective) - afl-cc: - Update to COMPCOV/laf-intel that speeds up the instrumentation process a lot - thanks to Michael Rodler/f0rki for the PR! diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 872e3a32..cc5974d8 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -710,7 +710,10 @@ void read_testcases(afl_state_t *afl, u8 *directory) { } - for (i = 0; i < (u32)nl_cnt; ++i) { + i = nl_cnt; + do { + + --i; struct stat st; @@ -801,7 +804,7 @@ void read_testcases(afl_state_t *afl, u8 *directory) { */ - } + } while (i > 0); free(nl); /* not tracked */ diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 3de67955..49856a9f 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -424,7 +424,8 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, } var_detected = 1; - afl->stage_max = afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; + afl->stage_max = + afl->afl_env.afl_cal_fast ? CAL_CYCLES : CAL_CYCLES_LONG; } else { diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index c148086c..5f25f728 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -1911,7 +1911,12 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(afl->old_seed_selection)) seek_to = find_start_position(afl); afl->start_time = get_cur_time(); - if (afl->in_place_resume || afl->afl_env.afl_autoresume) load_stats_file(afl); + if (afl->in_place_resume || afl->afl_env.afl_autoresume) { + + load_stats_file(afl); + + } + write_stats_file(afl, 0, 0, 0, 0); maybe_update_plot_file(afl, 0, 0, 0); save_auto(afl); From 56851fa4999a27e91736d11319757c3dcc83112a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 22 Jun 2021 17:34:06 +0200 Subject: [PATCH 361/441] frida fix --- frida_mode/GNUmakefile | 3 +-- frida_mode/src/cmplog/cmplog.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 329d9f7f..c736006a 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -25,8 +25,7 @@ RT_CFLAGS:=-Wno-unused-parameter \ LDFLAGS+=-shared \ -lpthread \ -lresolv \ - -ldl \ - -z noexecstack \ + -ldl ifdef DEBUG CFLAGS+=-Werror \ diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index a6c95ab0..c65b98d0 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -106,7 +106,7 @@ gboolean cmplog_test_addr(guint64 addr, size_t size) { * Our address map can change (e.g. stack growth), use write as a fallback to * validate our address. */ - ssize_t written = syscall(__NR_write, memfd, (void *)addr, size); + ssize_t written = syscall(SYS_write, memfd, (void *)addr, size); if (written < 0 && errno != EFAULT && errno != 0) { FATAL("CMPLOG - Failed __NR_write, errno: %d", errno); } From ff4d45eed25d9ab80441f813916034bb38cff01e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 22 Jun 2021 22:05:28 +0200 Subject: [PATCH 362/441] cmplog fix for qemu and frida --- docs/Changelog.md | 4 +++- instrumentation/afl-compiler-rt.o.c | 17 +++++++++-------- src/afl-forkserver.c | 3 +-- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index afa5491b..4dd68cd2 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -25,10 +25,12 @@ sending a mail to . - support partial linking - We do support llvm versions from 3.8 to 5.0 again - frida_mode: - - fix for cmplog + - several fixes for cmplog - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET - feature parity of aarch64 with intel now (persistent, cmplog, in-memory testcases, asan) + - qemu_mode: + - performance fix when cmplog was used - afl_analyze: - fix timeout handling - add forkserver support for better performance diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 92deff6a..d4529e2c 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -617,6 +617,7 @@ static void __afl_unmap_shm(void) { #endif __afl_cmp_map = NULL; + __afl_cmp_map_backup = NULL; } @@ -1684,7 +1685,7 @@ void __cmplog_ins_hookN(uint128_t arg1, uint128_t arg2, uint8_t attr, void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (k >> 4) ^ (k << 8); @@ -1788,7 +1789,7 @@ void __sanitizer_cov_trace_const_cmp16(uint128_t arg1, uint128_t arg2) { void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; for (uint64_t i = 0; i < cases[0]; i++) { @@ -1885,7 +1886,7 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) { fprintf(stderr, "\n"); */ - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; // fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2); int l1, l2; if ((l1 = area_is_valid(ptr1, 32)) <= 0 || @@ -1969,7 +1970,7 @@ static u8 *get_llvm_stdstring(u8 *string) { void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0) return; @@ -1979,7 +1980,7 @@ void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) { void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0) return; @@ -1990,7 +1991,7 @@ void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0) return; @@ -2000,7 +2001,7 @@ void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) { void __cmplog_rtn_llvm_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0) return; @@ -2034,7 +2035,7 @@ void __afl_coverage_on() { if (likely(__afl_selective_coverage && __afl_selective_coverage_temp)) { __afl_area_ptr = __afl_area_ptr_backup; - __afl_cmp_map = __afl_cmp_map_backup; + if (__afl_cmp_map_backup) { __afl_cmp_map = __afl_cmp_map_backup; } } diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 8fb8a75a..5e8fb9b5 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -418,8 +418,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, struct rlimit r; - if (!fsrv->cmplog_binary && fsrv->qemu_mode == false && - fsrv->frida_mode == false) { + if (!fsrv->cmplog_binary) { unsetenv(CMPLOG_SHM_ENV_VAR); // we do not want that in non-cmplog fsrv From 600058aeabd59fcf9c3f3ce03dd8dd8fb2a3a55d Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 22 Jun 2021 21:12:32 +0100 Subject: [PATCH 363/441] Misc (#986) * Changes to fix accidental ranges deletion and add support for SCAS/CMPS * Fix syscall issues on OSX * Changes to more closely match QEMU mode * Changes to use double hashing on cmplog * Changes to use msync * Review changes Co-authored-by: Your Name --- frida_mode/GNUmakefile | 1 + frida_mode/src/cmplog/cmplog.c | 91 +++++++++++++++--------------- frida_mode/src/cmplog/cmplog_x64.c | 22 ++++---- frida_mode/src/main.c | 6 +- 4 files changed, 64 insertions(+), 56 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index c736006a..2f637412 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -59,6 +59,7 @@ else ifdef DEBUG RT_CFLAGS:=$(RT_CFLAGS) -Wno-prio-ctor-dtor endif +LDFLAGS+=-z noexecstack endif ifeq "$(shell uname)" "Linux" diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index c65b98d0..8814f7f3 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -1,7 +1,9 @@ #include #include #include -#include +#include +#include +#include #include "frida-gum.h" @@ -13,12 +15,13 @@ #define MAX_MEMFD_SIZE (64UL << 10) extern struct cmp_map *__afl_cmp_map; -static GArray *cmplog_ranges = NULL; -static GHashTable * hash = NULL; +static GArray * cmplog_ranges = NULL; +static GHashTable * hash_yes = NULL; +static GHashTable * hash_no = NULL; -static int memfd = -1; -static size_t memfd_size = 0; -static u8 scratch[MAX_MEMFD_SIZE] = {0}; +static long page_size = 0; +static long page_offset_mask = 0; +static long page_mask = 0; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { @@ -41,19 +44,10 @@ static void cmplog_get_ranges(void) { OKF("CMPLOG - Collecting ranges"); - cmplog_ranges = - g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); + cmplog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, cmplog_ranges); g_array_sort(cmplog_ranges, cmplog_sort); - for (guint i = 0; i < cmplog_ranges->len; i++) { - - GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); - - } - - g_array_free(cmplog_ranges, TRUE); - } void cmplog_init(void) { @@ -71,16 +65,22 @@ void cmplog_init(void) { } - memfd = syscall(__NR_memfd_create, "cmplog_memfd", 0); - if (memfd < 0) { + page_size = sysconf(_SC_PAGE_SIZE); + page_offset_mask = page_size - 1; + page_mask = ~(page_offset_mask); - FATAL("Failed to create_memfd, errno: %d", errno); + hash_yes = g_hash_table_new(g_direct_hash, g_direct_equal); + if (hash_yes == NULL) { + + FATAL("Failed to g_hash_table_new, errno: %d", errno); } - hash = g_hash_table_new (g_direct_hash, g_direct_equal); - if (hash == NULL) { + hash_no = g_hash_table_new(g_direct_hash, g_direct_equal); + if (hash_no == NULL) { + FATAL("Failed to g_hash_table_new, errno: %d", errno); + } } @@ -94,38 +94,41 @@ static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, gboolean cmplog_test_addr(guint64 addr, size_t size) { - if (g_hash_table_contains(hash, (gpointer)addr)) { return true; } + if (g_hash_table_contains(hash_yes, (gpointer)addr)) { return true; } + if (g_hash_table_contains(hash_no, (gpointer)addr)) { return false; } - if (memfd_size > MAX_MEMFD_SIZE) { - if (lseek(memfd, 0, SEEK_SET) < 0) { - FATAL("CMPLOG - Failed lseek, errno: %d", errno); - } - } + void * page_addr = (void *)(addr & page_mask); + size_t page_offset = addr & page_offset_mask; + + /* If it spans a page, then bail */ + if (page_size - page_offset < size) { return false; } /* - * Our address map can change (e.g. stack growth), use write as a fallback to + * Our address map can change (e.g. stack growth), use msync as a fallback to * validate our address. */ - ssize_t written = syscall(SYS_write, memfd, (void *)addr, size); - if (written < 0 && errno != EFAULT && errno != 0) { - FATAL("CMPLOG - Failed __NR_write, errno: %d", errno); - } - /* - * If the write succeeds, then the buffer must be valid otherwise it would - * return EFAULT - */ - if (written > 0) { memfd_size += written; } + if (msync(page_addr, page_offset + size, MS_ASYNC) < 0) { + + if (!g_hash_table_add(hash_no, (gpointer)addr)) { - if ((size_t)written == size) { - if (!g_hash_table_add (hash, (gpointer)addr)) { FATAL("Failed - g_hash_table_add"); + } + + return false; + + } else { + + if (!g_hash_table_add(hash_yes, (gpointer)addr)) { + + FATAL("Failed - g_hash_table_add"); + + } + return true; + } - - - return false; } gboolean cmplog_is_readable(guint64 addr, size_t size) { @@ -152,8 +155,8 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); - GumAddress outer_base = range->base_address; - GumAddress outer_limit = outer_base + range->size; + GumAddress outer_base = range->base_address; + GumAddress outer_limit = outer_base + range->size; if (cmplog_contains(inner_base, inner_limit, outer_base, outer_limit)) return true; diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 9f56c32a..ba16445d 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -177,7 +177,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, register uintptr_t k = (uintptr_t)address; k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; + k &= CMP_MAP_W - 7; __afl_cmp_map->headers[k].type = CMP_TYPE_INS; @@ -198,8 +198,6 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { gsize operand1; gsize operand2; - if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); - if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } @@ -233,6 +231,15 @@ static void cmplog_instrument_cmp_sub(const cs_insn * instr, case X86_INS_CMP: case X86_INS_SUB: + case X86_INS_SCASB: + case X86_INS_SCASD: + case X86_INS_SCASQ: + case X86_INS_SCASW: + case X86_INS_CMPSB: + case X86_INS_CMPSD: + case X86_INS_CMPSQ: + case X86_INS_CMPSS: + case X86_INS_CMPSW: break; default: return; @@ -247,13 +254,8 @@ static void cmplog_instrument_cmp_sub(const cs_insn * instr, if (operand1->type == X86_OP_INVALID) return; if (operand2->type == X86_OP_INVALID) return; - if ((operand1->type == X86_OP_MEM) && - (operand1->mem.segment != X86_REG_INVALID)) - return; - - if ((operand2->type == X86_OP_MEM) && - (operand2->mem.segment != X86_REG_INVALID)) - return; + /* Both operands are the same size */ + if (operand1->size == 1) { return; } cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 7ff23755..b17d9f49 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -101,7 +101,8 @@ static void afl_print_cmdline(void) { if (fd < 0) { - FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + WARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); + return; } @@ -138,7 +139,8 @@ static void afl_print_env(void) { if (fd < 0) { - FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + WARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); + return; } From c6b77d2d05b07040c6599d8c9a142f0ad96ced62 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 23 Jun 2021 10:53:00 +0200 Subject: [PATCH 364/441] force disable llvm instrumentation for frida --- src/afl-fuzz-cmplog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index c2e9c80f..c684c4b0 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -33,7 +33,7 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) { setenv("___AFL_EINS_ZWEI_POLIZEI___", "1", 1); - if (fsrv->qemu_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } + if (fsrv->qemu_mode || fsrv->frida_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } if (!fsrv->qemu_mode && !fsrv->frida_mode && argv[0] != fsrv->cmplog_binary) { From d64cde8370dc6299b9280feaa575a4266163788f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 23 Jun 2021 13:15:32 +0200 Subject: [PATCH 365/441] non-unix compat --- src/afl-fuzz-init.c | 118 +++++++++++++++++++++++--------------------- 1 file changed, 61 insertions(+), 57 deletions(-) diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index cc5974d8..5e4f1585 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -710,101 +710,105 @@ void read_testcases(afl_state_t *afl, u8 *directory) { } - i = nl_cnt; - do { + if (nl_cnt) { - --i; + i = nl_cnt; + do { - struct stat st; + --i; - u8 dfn[PATH_MAX]; - snprintf(dfn, PATH_MAX, "%s/.state/deterministic_done/%s", afl->in_dir, - nl[i]->d_name); - u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name); + struct stat st; + u8 dfn[PATH_MAX]; + snprintf(dfn, PATH_MAX, "%s/.state/deterministic_done/%s", afl->in_dir, + nl[i]->d_name); + u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name); - u8 passed_det = 0; + u8 passed_det = 0; - if (lstat(fn2, &st) || access(fn2, R_OK)) { + if (lstat(fn2, &st) || access(fn2, R_OK)) { - PFATAL("Unable to access '%s'", fn2); + PFATAL("Unable to access '%s'", fn2); - } + } - /* obviously we want to skip "descending" into . and .. directories, - however it is a good idea to skip also directories that start with - a dot */ - if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') { + /* obviously we want to skip "descending" into . and .. directories, + however it is a good idea to skip also directories that start with + a dot */ + if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') { - free(nl[i]); /* not tracked */ - read_testcases(afl, fn2); - ck_free(fn2); - continue; + free(nl[i]); /* not tracked */ + read_testcases(afl, fn2); + ck_free(fn2); + continue; - } + } - free(nl[i]); + free(nl[i]); - if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) { + if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) { - ck_free(fn2); - continue; + ck_free(fn2); + continue; - } + } - if (st.st_size > MAX_FILE) { + if (st.st_size > MAX_FILE) { - WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2, - stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), - stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); + WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", + fn2, + stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), + stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); - } + } - /* Check for metadata that indicates that deterministic fuzzing - is complete for this entry. We don't want to repeat deterministic - fuzzing when resuming aborted scans, because it would be pointless - and probably very time-consuming. */ + /* Check for metadata that indicates that deterministic fuzzing + is complete for this entry. We don't want to repeat deterministic + fuzzing when resuming aborted scans, because it would be pointless + and probably very time-consuming. */ - if (!access(dfn, F_OK)) { passed_det = 1; } + if (!access(dfn, F_OK)) { passed_det = 1; } - add_to_queue(afl, fn2, st.st_size >= MAX_FILE ? MAX_FILE : st.st_size, - passed_det); + add_to_queue(afl, fn2, st.st_size >= MAX_FILE ? MAX_FILE : st.st_size, + passed_det); - if (unlikely(afl->shm.cmplog_mode)) { + if (unlikely(afl->shm.cmplog_mode)) { - if (afl->cmplog_lvl == 1) { + if (afl->cmplog_lvl == 1) { - if (!afl->cmplog_max_filesize || - afl->cmplog_max_filesize < st.st_size) { + if (!afl->cmplog_max_filesize || + afl->cmplog_max_filesize < st.st_size) { - afl->cmplog_max_filesize = st.st_size; + afl->cmplog_max_filesize = st.st_size; - } + } - } else if (afl->cmplog_lvl == 2) { + } else if (afl->cmplog_lvl == 2) { - if (!afl->cmplog_max_filesize || - afl->cmplog_max_filesize > st.st_size) { + if (!afl->cmplog_max_filesize || + afl->cmplog_max_filesize > st.st_size) { - afl->cmplog_max_filesize = st.st_size; + afl->cmplog_max_filesize = st.st_size; + + } } } - } + /* + if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) { - /* - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) { + u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, + HASH_CONST); afl->queue_top->n_fuzz_entry = cksum % N_FUZZ_SIZE; + afl->n_fuzz[afl->queue_top->n_fuzz_entry] = 1; - u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, - HASH_CONST); afl->queue_top->n_fuzz_entry = cksum % N_FUZZ_SIZE; - afl->n_fuzz[afl->queue_top->n_fuzz_entry] = 1; + } - } + */ - */ + } while (i > 0); - } while (i > 0); + } free(nl); /* not tracked */ From ae50a5067769e2ee4af997c8527de84cf3fdae19 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Wed, 23 Jun 2021 23:35:32 +0200 Subject: [PATCH 366/441] fix afl-showmap --- src/afl-showmap.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 646396ad..936d3bc4 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -740,10 +740,9 @@ u32 execute_testcases(u8 *dir) { } - free(nl[i]); - if (!S_ISREG(st.st_mode) || !st.st_size) { + free(nl[i]); ck_free(fn2); continue; @@ -760,6 +759,8 @@ u32 execute_testcases(u8 *dir) { if (!collect_coverage) snprintf(outfile, sizeof(outfile), "%s/%s", out_file, nl[i]->d_name); + free(nl[i]); + if (read_file(fn2)) { if (wait_for_gdb) { From ec781af2c74c17ba3b6ce874a4fc26573872deb8 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 24 Jun 2021 09:55:28 +0200 Subject: [PATCH 367/441] frida fix --- src/afl-fuzz-cmplog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-cmplog.c b/src/afl-fuzz-cmplog.c index c684c4b0..c2e9c80f 100644 --- a/src/afl-fuzz-cmplog.c +++ b/src/afl-fuzz-cmplog.c @@ -33,7 +33,7 @@ void cmplog_exec_child(afl_forkserver_t *fsrv, char **argv) { setenv("___AFL_EINS_ZWEI_POLIZEI___", "1", 1); - if (fsrv->qemu_mode || fsrv->frida_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } + if (fsrv->qemu_mode) { setenv("AFL_DISABLE_LLVM_INSTRUMENTATION", "1", 0); } if (!fsrv->qemu_mode && !fsrv->frida_mode && argv[0] != fsrv->cmplog_binary) { From 1fcb52957e59c89d6ad39ead753eefb4cf6683df Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 24 Jun 2021 09:59:00 +0200 Subject: [PATCH 368/441] fix frida --- frida_mode/src/cmplog/cmplog.c | 7 -- instrumentation/afl-compiler-rt.o.c | 11 ++- instrumentation/split-compares-pass.so.cc | 10 ++- test/test-int_cases.c | 95 ++++++++++++++--------- test/test-uint_cases.c | 75 +++++++++++------- 5 files changed, 115 insertions(+), 83 deletions(-) diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 0e3fbe53..8814f7f3 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -83,13 +83,6 @@ void cmplog_init(void) { } - /* - * We can't use /dev/null or /dev/zero for this since it appears that they - * don't validate the input buffer. Persumably as an optimization because they - * don't actually write any data. The file will be deleted on close. - */ - fd_tmp = cmplog_create_temp(); - } static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index d4529e2c..3f518b55 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -627,7 +627,7 @@ static void __afl_unmap_shm(void) { #define write_error(text) write_error_with_location(text, __FILE__, __LINE__) -void write_error_with_location(char *text, char* filename, int linenumber) { +void write_error_with_location(char *text, char *filename, int linenumber) { u8 * o = getenv("__AFL_OUT_DIR"); char *e = strerror(errno); @@ -640,14 +640,16 @@ void write_error_with_location(char *text, char* filename, int linenumber) { if (f) { - fprintf(f, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); + fprintf(f, "File %s, line %d: Error(%s): %s\n", filename, linenumber, + text, e); fclose(f); } } - fprintf(stderr, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); + fprintf(stderr, "File %s, line %d: Error(%s): %s\n", filename, linenumber, + text, e); } @@ -1014,7 +1016,7 @@ static void __afl_start_forkserver(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) { - //write_error("read from afl-fuzz"); + // write_error("read from afl-fuzz"); _exit(1); } @@ -2077,3 +2079,4 @@ void __afl_coverage_interesting(u8 val, u32 id) { } #undef write_error + diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 68f6c329..13f45b69 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -1397,11 +1397,13 @@ bool SplitComparesTransform::runOnModule(Module &M) { } bool brokenDebug = false; - if (verifyModule( M, &errs() -#if LLVM_VERSION_MAJOR > 3 || (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) - ,&brokenDebug // 9th May 2016 + if (verifyModule(M, &errs() +#if LLVM_VERSION_MAJOR > 3 || \ + (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) + , + &brokenDebug // 9th May 2016 #endif - )) { + )) { reportError( "Module Verifier failed! Consider reporting a bug with the AFL++ " diff --git a/test/test-int_cases.c b/test/test-int_cases.c index c76206c5..93848d21 100644 --- a/test/test-int_cases.c +++ b/test/test-int_cases.c @@ -13,7 +13,7 @@ int main() { volatile INT_TYPE a, b; /* different values */ a = -21; - b = -2; /* signs equal */ + b = -2; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -22,7 +22,7 @@ int main() { assert(!(a == b)); a = 1; - b = 8; /* signs equal */ + b = 8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -30,10 +30,10 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ + if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ volatile short a, b; a = 2; - b = 256+1; /* signs equal */ + b = 256 + 1; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -42,7 +42,7 @@ int main() { assert(!(a == b)); a = -1 - 256; - b = -8; /* signs equal */ + b = -8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -50,10 +50,10 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ + if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ volatile int a, b; a = 2; - b = 65536+1; /* signs equal */ + b = 65536 + 1; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -62,7 +62,7 @@ int main() { assert(!(a == b)); a = -1 - 65536; - b = -8; /* signs equal */ + b = -8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -70,10 +70,10 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ volatile long a, b; a = 2; - b = 4294967296+1; /* signs equal */ + b = 4294967296 + 1; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -82,7 +82,7 @@ int main() { assert(!(a == b)); a = -1 - 4294967296; - b = -8; /* signs equal */ + b = -8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -91,11 +91,13 @@ int main() { assert(!(a == b)); } + } + } a = -1; - b = 1; /* signs differ */ + b = 1; /* signs differ */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -104,7 +106,7 @@ int main() { assert(!(a == b)); a = -1; - b = 0; /* signs differ */ + b = 0; /* signs differ */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -113,7 +115,7 @@ int main() { assert(!(a == b)); a = -2; - b = 8; /* signs differ */ + b = 8; /* signs differ */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -122,7 +124,7 @@ int main() { assert(!(a == b)); a = -1; - b = -2; /* signs equal */ + b = -2; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -131,7 +133,7 @@ int main() { assert(!(a == b)); a = 8; - b = 1; /* signs equal */ + b = 1; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -140,9 +142,10 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; a = 1 + 256; - b = 3; /* signs equal */ + b = 3; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -151,7 +154,7 @@ int main() { assert(!(a == b)); a = -1; - b = -256; /* signs equal */ + b = -256; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -160,9 +163,10 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; a = 1 + 65536; - b = 3; /* signs equal */ + b = 3; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -171,7 +175,7 @@ int main() { assert(!(a == b)); a = -1; - b = -65536; /* signs equal */ + b = -65536; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -180,30 +184,34 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; a = 1 + 4294967296; - b = 3; /* signs equal */ + b = 3; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - + a = -1; - b = -4294967296; /* signs equal */ + b = -4294967296; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); + } + } + } a = 1; - b = -1; /* signs differ */ + b = -1; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -212,7 +220,7 @@ int main() { assert(!(a == b)); a = 0; - b = -1; /* signs differ */ + b = -1; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -221,7 +229,7 @@ int main() { assert(!(a == b)); a = 8; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -230,7 +238,7 @@ int main() { assert(!(a == b)); a = 1; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -239,9 +247,10 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; a = 1 + 256; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -250,7 +259,7 @@ int main() { assert(!(a == b)); a = -1; - b = -2 - 256; /* signs differ */ + b = -2 - 256; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -259,18 +268,19 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; a = 1 + 65536; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - + a = -1; - b = -2 - 65536; /* signs differ */ + b = -2 - 65536; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -279,18 +289,19 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; a = 1 + 4294967296; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - + a = -1; - b = -2 - 4294967296; /* signs differ */ + b = -2 - 4294967296; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -299,7 +310,9 @@ int main() { assert(!(a == b)); } + } + } /* equal values */ @@ -358,6 +371,7 @@ int main() { assert((a == b)); if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; a = 1 + 256; b = 1 + 256; @@ -378,6 +392,7 @@ int main() { assert((a == b)); if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; a = 1 + 65536; b = 1 + 65536; @@ -387,7 +402,7 @@ int main() { assert((a >= b)); assert(!(a != b)); assert((a == b)); - + a = -2 - 65536; b = -2 - 65536; assert(!(a < b)); @@ -398,6 +413,7 @@ int main() { assert((a == b)); if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; a = 1 + 4294967296; b = 1 + 4294967296; @@ -407,7 +423,7 @@ int main() { assert((a >= b)); assert(!(a != b)); assert((a == b)); - + a = -2 - 4294967296; b = -2 - 4294967296; assert(!(a < b)); @@ -416,9 +432,12 @@ int main() { assert((a >= b)); assert(!(a != b)); assert((a == b)); - + } + } + } + } diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c index a277e28a..bb57f408 100644 --- a/test/test-uint_cases.c +++ b/test/test-uint_cases.c @@ -22,9 +22,10 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; - a = 256+2; - b = 256+21; + a = 256 + 2; + b = 256 + 21; assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -33,7 +34,7 @@ int main() { assert(!(a == b)); a = 21; - b = 256+1; + b = 256 + 1; assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -42,46 +43,51 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; - a = 65536+2; - b = 65536+21; + a = 65536 + 2; + b = 65536 + 21; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); - + a = 21; - b = 65536+1; + b = 65536 + 1; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); + } if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; - a = 4294967296+2; - b = 4294967296+21; + a = 4294967296 + 2; + b = 4294967296 + 21; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); - + a = 21; - b = 4294967296+1; + b = 4294967296 + 1; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); + } + } a = 8; @@ -94,9 +100,10 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; - a = 256+2; - b = 256+1; + a = 256 + 2; + b = 256 + 1; assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -104,7 +111,7 @@ int main() { assert((a != b)); assert(!(a == b)); - a = 256+2; + a = 256 + 2; b = 6; assert((a > b)); assert((a >= b)); @@ -114,17 +121,18 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; - a = 65536+2; - b = 65536+1; + a = 65536 + 2; + b = 65536 + 1; assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - - a = 65536+2; + + a = 65536 + 2; b = 6; assert((a > b)); assert((a >= b)); @@ -134,17 +142,18 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; - a = 4294967296+2; - b = 4294967296+1; + a = 4294967296 + 2; + b = 4294967296 + 1; assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - - a = 4294967296+2; + + a = 4294967296 + 2; b = 6; assert((a > b)); assert((a >= b)); @@ -154,9 +163,10 @@ int main() { assert(!(a == b)); } - } - } + } + + } a = 0; b = 0; @@ -177,9 +187,10 @@ int main() { assert((a == b)); if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; - a = 256+5; - b = 256+5; + a = 256 + 5; + b = 256 + 5; assert(!(a < b)); assert((a <= b)); assert(!(a > b)); @@ -188,9 +199,10 @@ int main() { assert((a == b)); if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; - a = 65536+5; - b = 65536+5; + a = 65536 + 5; + b = 65536 + 5; assert(!(a < b)); assert((a <= b)); assert(!(a > b)); @@ -199,16 +211,19 @@ int main() { assert((a == b)); if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; - a = 4294967296+5; - b = 4294967296+5; + a = 4294967296 + 5; + b = 4294967296 + 5; assert(!(a < b)); assert((a <= b)); assert(!(a > b)); assert((a >= b)); assert(!(a != b)); assert((a == b)); + } + } } From 906bede108a46903e1fed33ee56e112de81a0681 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 24 Jun 2021 11:11:17 +0200 Subject: [PATCH 369/441] rust bindings update --- unicorn_mode/samples/speedtest/get_offsets.py | 2 +- unicorn_mode/samples/speedtest/rust/Makefile | 2 +- unicorn_mode/unicornafl | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/unicorn_mode/samples/speedtest/get_offsets.py b/unicorn_mode/samples/speedtest/get_offsets.py index c9dc76df..72fb6293 100755 --- a/unicorn_mode/samples/speedtest/get_offsets.py +++ b/unicorn_mode/samples/speedtest/get_offsets.py @@ -59,7 +59,7 @@ for line in objdump_output.split("\n"): last_line = line if main_loc is None: - raise ( + raise Exception( "Could not find main in ./target! Make sure objdump is installed and the target is compiled." ) diff --git a/unicorn_mode/samples/speedtest/rust/Makefile b/unicorn_mode/samples/speedtest/rust/Makefile index 46934c93..8b91268e 100644 --- a/unicorn_mode/samples/speedtest/rust/Makefile +++ b/unicorn_mode/samples/speedtest/rust/Makefile @@ -16,7 +16,7 @@ clean: cargo build ../target: - $(MAKE) -c .. + $(MAKE) -C .. fuzz: all afl-fuzz rm -rf ./output diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 019b8715..760806a2 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad +Subproject commit 760806a2c5035f70f2e0ecf3a50ace1e7e5b9833 From 4057134d3c6ed202d426ebdcc9aa4edf3e122bda Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 24 Jun 2021 11:12:59 +0200 Subject: [PATCH 370/441] rust bindings update --- unicorn_mode/UNICORNAFL_VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index ffcf3b4c..8bed2927 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -019b871539fe9ed3f41d882385a8b02c243d49ad +760806a2c5035f70f2e0ecf3a50ace1e7e5b9833 From f348a35ec6cece54796599865c683505a475fe88 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 24 Jun 2021 18:46:08 +0100 Subject: [PATCH 371/441] Added JS support (#992) * Added JS support * Added some documentation Co-authored-by: Your Name --- frida_mode/GNUmakefile | 40 ++- frida_mode/README.md | 4 + frida_mode/Scripting.md | 240 ++++++++++++++++++ frida_mode/include/asan.h | 3 +- frida_mode/include/ctx.h | 2 +- frida_mode/include/entry.h | 8 +- frida_mode/include/frida_cmplog.h | 1 + frida_mode/include/instrument.h | 16 +- frida_mode/include/intercept.h | 11 + frida_mode/include/interceptor.h | 11 - frida_mode/include/js.h | 18 ++ frida_mode/include/lib.h | 4 +- frida_mode/include/output.h | 6 +- frida_mode/include/persistent.h | 7 +- frida_mode/include/prefetch.h | 5 +- frida_mode/include/ranges.h | 9 +- frida_mode/include/stalker.h | 3 +- frida_mode/include/stats.h | 7 +- frida_mode/include/util.h | 2 +- frida_mode/src/asan/asan.c | 21 +- frida_mode/src/asan/asan_arm32.c | 2 +- frida_mode/src/asan/asan_arm64.c | 2 +- frida_mode/src/asan/asan_x64.c | 2 +- frida_mode/src/asan/asan_x86.c | 2 +- frida_mode/src/cmplog/cmplog.c | 16 +- frida_mode/src/cmplog/cmplog_arm32.c | 2 +- frida_mode/src/cmplog/cmplog_arm64.c | 2 +- frida_mode/src/cmplog/cmplog_x64.c | 2 +- frida_mode/src/cmplog/cmplog_x86.c | 2 +- frida_mode/src/ctx/ctx_arm32.c | 2 +- frida_mode/src/ctx/ctx_arm64.c | 2 +- frida_mode/src/ctx/ctx_x64.c | 2 +- frida_mode/src/ctx/ctx_x86.c | 2 +- frida_mode/src/entry.c | 19 +- frida_mode/src/instrument/instrument.c | 66 +++-- frida_mode/src/instrument/instrument_arm32.c | 2 +- frida_mode/src/instrument/instrument_arm64.c | 4 +- frida_mode/src/instrument/instrument_debug.c | 23 +- frida_mode/src/instrument/instrument_x64.c | 4 +- frida_mode/src/instrument/instrument_x86.c | 4 +- frida_mode/src/{interceptor.c => intercept.c} | 12 +- frida_mode/src/js/api.js | 201 +++++++++++++++ frida_mode/src/js/js.c | 113 +++++++++ frida_mode/src/js/js_api.c | 142 +++++++++++ frida_mode/src/lib/lib.c | 6 +- frida_mode/src/lib/lib_apple.c | 6 +- frida_mode/src/main.c | 53 ++-- frida_mode/src/output.c | 28 +- frida_mode/src/persistent/persistent.c | 57 +++-- frida_mode/src/persistent/persistent_arm32.c | 2 +- frida_mode/src/persistent/persistent_arm64.c | 8 +- frida_mode/src/persistent/persistent_x64.c | 8 +- frida_mode/src/persistent/persistent_x86.c | 8 +- frida_mode/src/prefetch.c | 37 ++- frida_mode/src/ranges.c | 122 ++++----- frida_mode/src/stalker.c | 31 ++- frida_mode/src/stats/stats.c | 33 ++- frida_mode/src/stats/stats_arm32.c | 2 +- frida_mode/src/stats/stats_arm64.c | 2 +- frida_mode/src/stats/stats_x64.c | 2 +- frida_mode/src/stats/stats_x86.c | 2 +- frida_mode/test/deferred/GNUmakefile | 2 +- frida_mode/test/js/GNUmakefile | 44 ++++ frida_mode/test/js/Makefile | 16 ++ frida_mode/test/js/test.js | 20 ++ frida_mode/test/js/testinstr.c | 121 +++++++++ frida_mode/test/persistent_ret/GNUmakefile | 10 + frida_mode/test/persistent_ret/test.js | 38 +++ include/envs.h | 3 +- 69 files changed, 1432 insertions(+), 277 deletions(-) create mode 100644 frida_mode/Scripting.md create mode 100644 frida_mode/include/intercept.h delete mode 100644 frida_mode/include/interceptor.h create mode 100644 frida_mode/include/js.h rename frida_mode/src/{interceptor.c => intercept.c} (74%) create mode 100644 frida_mode/src/js/api.js create mode 100644 frida_mode/src/js/js.c create mode 100644 frida_mode/src/js/js_api.c create mode 100644 frida_mode/test/js/GNUmakefile create mode 100644 frida_mode/test/js/Makefile create mode 100644 frida_mode/test/js/test.js create mode 100644 frida_mode/test/js/testinstr.c create mode 100644 frida_mode/test/persistent_ret/test.js diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 2f637412..fdacff62 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -6,6 +6,11 @@ INCLUDES:=$(wildcard $(INC_DIR)*.h) BUILD_DIR:=$(PWD)build/ OBJ_DIR:=$(BUILD_DIR)obj/ +JS_DIR:=$(SRC_DIR)js/ +JS_NAME:=api.js +JS:=$(JS_DIR)$(JS_NAME) +JS_SRC:=$(BUILD_DIR)api.c +JS_OBJ:=$(BUILD_DIR)api.o SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) CFLAGS+=-fPIC \ @@ -71,25 +76,25 @@ ifndef OS endif GUM_DEVKIT_VERSION=14.2.18 -GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz +GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) -GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a -GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h +GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gumjs.a +GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gumjs.h FRIDA_DIR:=$(PWD)build/frida-source/ FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile -FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gum-1.0.a +FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gumjs-1.0.a FRIDA_GUM_DEVKIT_DIR:=$(FRIDA_DIR)build/gum-devkit/ -FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gum.h -FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar +FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gumjs.h +FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -.PHONY: all 32 clean format $(FRIDA_GUM) +.PHONY: all 32 clean format $(FRIDA_GUM) quickjs ############################## ALL ############################################# @@ -113,7 +118,7 @@ $(FRIDA_GUM): $(FRIDA_MAKEFILE) cd $(FRIDA_DIR) && make gum-linux-$(ARCH) $(FRIDA_GUM_DEVKIT_HEADER): $(FRIDA_GUM) - $(FRIDA_DIR)releng/devkit.py frida-gum linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ + $(FRIDA_DIR)releng/devkit.py frida-gumjs linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ $(FRIDA_GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_HEADER) cd $(FRIDA_GUM_DEVKIT_DIR) && tar cvf $(FRIDA_GUM_DEVKIT_TARBALL) . @@ -150,6 +155,20 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) -o $@ \ -c $< +############################### JS ############################################# + +$(JS_SRC): $(JS) | $(BUILD_DIR) + cd $(JS_DIR) && xxd -i $(JS_NAME) $@ + +$(JS_OBJ): $(JS_SRC) + $(CC) \ + $(CFLAGS) \ + -I $(ROOT)include \ + -I $(FRIDA_BUILD_DIR) \ + -I $(INC_DIR) \ + -c $< \ + -o $@ + ############################# SOURCE ########################################### define BUILD_SOURCE @@ -167,9 +186,10 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $( ######################## AFL-FRIDA-TRACE ####################################### -$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) - $(CC) \ +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) + $(CXX) \ $(OBJS) \ + $(JS_OBJ) \ $(GUM_DEVIT_LIBRARY) \ $(AFL_COMPILER_RT_OBJ) \ $(LDFLAGS) \ diff --git a/frida_mode/README.md b/frida_mode/README.md index 296e6405..6bed52b7 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -78,6 +78,10 @@ following options are currently supported: To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. +## Scripting + +One of the more powerful features of FRIDA mode is it's support for configuration by JavaScript, rather than using environment variables. For details of how this works see [here](Scripting.md). + ## Performance Additionally, the intention is to be able to make a direct performance diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md new file mode 100644 index 00000000..8b961e18 --- /dev/null +++ b/frida_mode/Scripting.md @@ -0,0 +1,240 @@ +# Scripting +FRIDA now supports the ability to configure itself using JavaScript. This allows +the user to make use of the convenience of FRIDA's scripting engine (along with +it's support for debug symbols and exports) to configure all of the things which +were traditionally configured using environment variables. + +By default FRIDA mode will look for the file `afl.js` in the current working +directory of the target. Alternatively, a script file can be configured using +the environment variable `AFL_FRIDA_JS_SCRIPT`. + +This script can make use of all of the standard [frida api functions](https://frida.re/docs/javascript-api/), but FRIDA mode adds some additional functions to allow +you to interact with FRIDA mode itself. These can all be accessed via the global +`Afl` parameter. e.g. `Afl.print("HELLO WORLD");`, + +If you encounter a problem with your script, then you should set the environment +variable `AFL_DEBUG_CHILD=1` to view any diagnostic information. + + +# Example +Most of the time, users will likely be wanting to call the functions which configure an address (e.g. for the entry point, or the persistent address). + +The example below uses the API [`DebugSymbol.fromName()`](https://frida.re/docs/javascript-api/#debugsymbol). Another use API is [`Module.getExportByName()`](https://frida.re/docs/javascript-api/#module). + +```js +/* Use Afl.print instead of console.log */ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +/* Print some useful diagnostics stuff */ +Afl.print(`PID: ${Process.id}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +/* + * Configure entry-point, persistence etc. This will be what most + * people want to do. + */ +const persistent_addr = DebugSymbol.fromName('main'); +Afl.print(`persistent_addr: ${persistent_addr.address}`); + +if (persistent_addr.address.equals(ptr(0))) { + Afl.error('Cannot find symbol main'); +} + +const persistent_ret = DebugSymbol.fromName('slow'); +Afl.print(`persistent_ret: ${persistent_ret.address}`); + +if (persistent_ret.address.equals(ptr(0))) { + Afl.error('Cannot find symbol slow'); +} + +Afl.setPersistentAddress(persistent_addr.address); +Afl.setPersistentReturn(persistent_ret.address); +Afl.setPersistentCount(1000000); + +/* Control instrumentation, you may want to do this too */ +Afl.setInstrumentLibraries(); +const mod = Process.findModuleByName("libc-2.31.so") +Afl.addExcludedRange(mod.base, mod.size); + +/* Some useful options to configure logging */ +Afl.setStdOut("/tmp/stdout.txt"); +Afl.setStdErr("/tmp/stderr.txt"); + +/* Show the address layout. Sometimes helpful */ +Afl.setDebugMaps(); + +/* + * If you are using these options, then things aren't going + * very well for you. + */ +Afl.setInstrumentDebugFile("/tmp/instr.log"); +Afl.setPrefetchDisable(); +Afl.setInstrumentNoOptimize(); +Afl.setInstrumentEnableTracing(); +Afl.setInstrumentTracingUnique(); +Afl.setStatsFile("/tmp/stats.txt"); +Afl.setStatsInterval(1); +Afl.setStatsTransitions(); + +/* *ALWAYS* call this when you have finished all your configuration */ +Afl.done(); +Afl.print("done"); +``` + +# Stripped Binaries + +Lastly, if the binary you attempting to fuzz has no symbol information, and no +exports, then the following approach can be used. + +```js +const module = Process.getModuleByName('target.exe'); +/* Hardcoded offset within the target image */ +const address = module.base.add(0xdeadface); +Afl.setPersistentAddress(address); +``` + +# API +```js +/* + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ +Afl.print(msg); + +/* + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ +Afl.done(); + +/* + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ +Afl.error(); + +/* + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ +Afl.setEntryPoint(address); + +/* + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ +Afl.setPersistentAddress(address); + +/* + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ +Afl.setPersistentReturn(address); + +/* + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ +Afl.setPersistentCount(count); + +/* + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ +Afl.setPersistentDebug(); + +/* + * See `AFL_FRIDA_DEBUG_MAPS`. + */ +Afl.setDebugMaps(); + +/* + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ +Afl.addIncludedRange(address, size); + +/* + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ +Afl.addExcludedRange(address, size); + +/* + * See `AFL_INST_LIBS`. + */ +Afl.setInstrumentLibraries(); + +/* + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ +Afl.setInstrumentDebugFile(file); + +/* + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ +Afl.setPrefetchDisable(); + +/* + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ +Afl.setInstrumentNoOptimize(); + +/* + * See `AFL_FRIDA_INST_TRACE`. + */ +Afl.setInstrumentEnableTracing(); + +/* + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ +Afl.setInstrumentTracingUnique() + +/* + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ +Afl.setStdOut(file); + +/* + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ +Afl.setStdErr(file); + +/* + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ +Afl.setStatsFile(file); + +/* + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ +Afl.setStatsInterval(interval); + +/* + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ +Afl.setStatsTransitions() +``` diff --git a/frida_mode/include/asan.h b/frida_mode/include/asan.h index 7a8726e0..67d33591 100644 --- a/frida_mode/include/asan.h +++ b/frida_mode/include/asan.h @@ -1,10 +1,11 @@ #ifndef _ASAN_H #define _ASAN_H -#include "frida-gum.h" +#include "frida-gumjs.h" extern gboolean asan_initialized; +void asan_config(void); void asan_init(void); void asan_arch_init(void); void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator); diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h index 67274aee..c669478e 100644 --- a/frida_mode/include/ctx.h +++ b/frida_mode/include/ctx.h @@ -1,7 +1,7 @@ #ifndef _CTX_H #define _CTX_H -#include "frida-gum.h" +#include "frida-gumjs.h" #if defined(__x86_64__) gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg); diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h index 967831af..801c2bbe 100644 --- a/frida_mode/include/entry.h +++ b/frida_mode/include/entry.h @@ -1,13 +1,15 @@ #ifndef _ENTRY_H #define _ENTRY_H -#include "frida-gum.h" +#include "frida-gumjs.h" -extern guint64 entry_start; +extern guint64 entry_point; + +void entry_config(void); void entry_init(void); -void entry_run(void); +void entry_start(void); void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output); diff --git a/frida_mode/include/frida_cmplog.h b/frida_mode/include/frida_cmplog.h index b620a472..a665e970 100644 --- a/frida_mode/include/frida_cmplog.h +++ b/frida_mode/include/frida_cmplog.h @@ -3,6 +3,7 @@ extern struct cmp_map *__afl_cmp_map; +void cmplog_config(void); void cmplog_init(void); /* Functions to be implemented by the different architectures */ diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 577481d1..9c8d3a5d 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -1,13 +1,20 @@ #ifndef _INSTRUMENT_H #define _INSTRUMENT_H -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" -extern __thread uint64_t previous_pc; -extern uint8_t * __afl_area_ptr; -extern uint32_t __afl_map_size; +extern char * instrument_debug_filename; +extern gboolean instrument_tracing; +extern gboolean instrument_optimize; +extern gboolean instrument_unique; +extern __thread uint64_t instrument_previous_pc; + +extern uint8_t *__afl_area_ptr; +extern uint32_t __afl_map_size; + +void instrument_config(void); void instrument_init(void); @@ -19,6 +26,7 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); +void instrument_debug_config(void); void instrument_debug_init(void); void instrument_debug_start(uint64_t address, GumStalkerOutput *output); void instrument_debug_instruction(uint64_t address, uint16_t size); diff --git a/frida_mode/include/intercept.h b/frida_mode/include/intercept.h new file mode 100644 index 00000000..8fe93b10 --- /dev/null +++ b/frida_mode/include/intercept.h @@ -0,0 +1,11 @@ +#ifndef _INTERCEPTOR_H +#define _INTERCEPTOR_H + +#include "frida-gumjs.h" + +void intercept_hook(void *address, gpointer replacement, gpointer user_data); +void intercept_unhook(void *address); +void intercept_unhook_self(void); + +#endif + diff --git a/frida_mode/include/interceptor.h b/frida_mode/include/interceptor.h deleted file mode 100644 index 0ff754a4..00000000 --- a/frida_mode/include/interceptor.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _INTERCEPTOR_H -#define _INTERCEPTOR_H - -#include "frida-gum.h" - -void intercept(void *address, gpointer replacement, gpointer user_data); -void unintercept(void *address); -void unintercept_self(void); - -#endif - diff --git a/frida_mode/include/js.h b/frida_mode/include/js.h new file mode 100644 index 00000000..77237d55 --- /dev/null +++ b/frida_mode/include/js.h @@ -0,0 +1,18 @@ +#ifndef _JS_H +#define _JS_H + +#include "frida-gumjs.h" + +extern unsigned char api_js[]; +extern unsigned int api_js_len; + +extern gboolean js_done; + +/* Frida Mode */ + +void js_config(void); + +void js_start(void); + +#endif + diff --git a/frida_mode/include/lib.h b/frida_mode/include/lib.h index 237aecb0..a9d56e4e 100644 --- a/frida_mode/include/lib.h +++ b/frida_mode/include/lib.h @@ -1,7 +1,9 @@ #ifndef _LIB_H #define _LIB_H -#include "frida-gum.h" +#include "frida-gumjs.h" + +void lib_config(void); void lib_init(void); diff --git a/frida_mode/include/output.h b/frida_mode/include/output.h index 53a9fdd3..743b2fe6 100644 --- a/frida_mode/include/output.h +++ b/frida_mode/include/output.h @@ -1,8 +1,12 @@ #ifndef _OUTPUT_H #define _OUTPUT_H -#include "frida-gum.h" +#include "frida-gumjs.h" +extern char *output_stdout; +extern char *output_stderr; + +void output_config(void); void output_init(void); #endif diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index 25b44ab0..8f00196c 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -2,7 +2,7 @@ #ifndef _PERSISTENT_H #define _PERSISTENT_H -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" typedef struct arch_api_regs api_regs; @@ -19,9 +19,10 @@ extern unsigned char *__afl_fuzz_ptr; extern guint64 persistent_start; extern guint64 persistent_count; extern guint64 persistent_ret; -extern guint64 persistent_ret_offset; extern gboolean persistent_debug; -extern afl_persistent_hook_fn hook; +extern afl_persistent_hook_fn persistent_hook; + +void persistent_config(void); void persistent_init(void); diff --git a/frida_mode/include/prefetch.h b/frida_mode/include/prefetch.h index 8f0cee68..835d5e8a 100644 --- a/frida_mode/include/prefetch.h +++ b/frida_mode/include/prefetch.h @@ -1,8 +1,11 @@ #ifndef _PREFETCH_H #define _PREFETCH_H -#include "frida-gum.h" +#include "frida-gumjs.h" +extern gboolean prefetch_enable; + +void prefetch_config(void); void prefetch_init(void); void prefetch_write(void *addr); void prefetch_read(void); diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index c623f473..a667fb76 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -1,13 +1,20 @@ #ifndef _RANGES_H #define _RANGES_H -#include "frida-gum.h" +#include "frida-gumjs.h" +extern gboolean ranges_debug_maps; +extern gboolean ranges_inst_libs; + +void ranges_config(void); void ranges_init(void); gboolean range_is_excluded(gpointer address); void ranges_exclude(); +void ranges_add_include(GumMemoryRange *range); +void ranges_add_exclude(GumMemoryRange *range); + #endif diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h index 186ead11..2136fe52 100644 --- a/frida_mode/include/stalker.h +++ b/frida_mode/include/stalker.h @@ -1,8 +1,9 @@ #ifndef _STALKER_H #define _STALKER_H -#include "frida-gum.h" +#include "frida-gumjs.h" +void stalker_config(void); void stalker_init(void); GumStalker *stalker_get(void); void stalker_start(void); diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h index 4271132a..1cfd6b8f 100644 --- a/frida_mode/include/stats.h +++ b/frida_mode/include/stats.h @@ -1,7 +1,7 @@ #ifndef _STATS_H #define _STATS_H -#include "frida-gum.h" +#include "frida-gumjs.h" typedef struct { @@ -15,6 +15,11 @@ typedef struct { extern stats_data_header_t *stats_data; +extern char * stats_filename; +extern guint64 stats_interval; +extern gboolean stats_transitions; + +void stats_config(void); void stats_init(void); void stats_collect(const cs_insn *instr, gboolean begin); void stats_print(char *format, ...); diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h index 7b443b5e..525e9d40 100644 --- a/frida_mode/include/util.h +++ b/frida_mode/include/util.h @@ -1,7 +1,7 @@ #ifndef _UTIL_H #define _UTIL_H -#include "frida-gum.h" +#include "frida-gumjs.h" #define UNUSED_PARAMETER(x) (void)(x) #define IGNORED_RETURN(x) (void)!(x) diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index f78f690c..b2e763ca 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -1,18 +1,18 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "asan.h" -gboolean asan_initialized = FALSE; +static gboolean asan_enabled = FALSE; +gboolean asan_initialized = FALSE; -void asan_init(void) { +void asan_config(void) { if (getenv("AFL_USE_FASAN") != NULL) { OKF("Frida ASAN mode enabled"); - asan_arch_init(); - asan_initialized = TRUE; + asan_enabled = TRUE; } else { @@ -22,3 +22,14 @@ void asan_init(void) { } +void asan_init(void) { + + if (asan_enabled) { + + asan_arch_init(); + asan_initialized = TRUE; + + } + +} + diff --git a/frida_mode/src/asan/asan_arm32.c b/frida_mode/src/asan/asan_arm32.c index 79475ced..f5fa4713 100644 --- a/frida_mode/src/asan/asan_arm32.c +++ b/frida_mode/src/asan/asan_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index 66138e42..65524e03 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c index a2eabe3c..5c12669f 100644 --- a/frida_mode/src/asan/asan_x64.c +++ b/frida_mode/src/asan/asan_x64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c index 8490b490..6d2f9e2b 100644 --- a/frida_mode/src/asan/asan_x86.c +++ b/frida_mode/src/asan/asan_x86.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 8814f7f3..a2609c8e 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -5,7 +5,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -50,6 +50,10 @@ static void cmplog_get_ranges(void) { } +void cmplog_config(void) { + +} + void cmplog_init(void) { if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } @@ -94,10 +98,10 @@ static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, gboolean cmplog_test_addr(guint64 addr, size_t size) { - if (g_hash_table_contains(hash_yes, (gpointer)addr)) { return true; } - if (g_hash_table_contains(hash_no, (gpointer)addr)) { return false; } + if (g_hash_table_contains(hash_yes, GSIZE_TO_POINTER(addr))) { return true; } + if (g_hash_table_contains(hash_no, GSIZE_TO_POINTER(addr))) { return false; } - void * page_addr = (void *)(addr & page_mask); + void * page_addr = GSIZE_TO_POINTER(addr & page_mask); size_t page_offset = addr & page_offset_mask; /* If it spans a page, then bail */ @@ -109,7 +113,7 @@ gboolean cmplog_test_addr(guint64 addr, size_t size) { */ if (msync(page_addr, page_offset + size, MS_ASYNC) < 0) { - if (!g_hash_table_add(hash_no, (gpointer)addr)) { + if (!g_hash_table_add(hash_no, GSIZE_TO_POINTER(addr))) { FATAL("Failed - g_hash_table_add"); @@ -119,7 +123,7 @@ gboolean cmplog_test_addr(guint64 addr, size_t size) { } else { - if (!g_hash_table_add(hash_yes, (gpointer)addr)) { + if (!g_hash_table_add(hash_yes, GSIZE_TO_POINTER(addr))) { FATAL("Failed - g_hash_table_add"); diff --git a/frida_mode/src/cmplog/cmplog_arm32.c b/frida_mode/src/cmplog/cmplog_arm32.c index 5af28f3f..ac703408 100644 --- a/frida_mode/src/cmplog/cmplog_arm32.c +++ b/frida_mode/src/cmplog/cmplog_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 04631ff8..dd97f38d 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "cmplog.h" diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index ba16445d..0d18767a 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "cmplog.h" diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index a27df0af..dd666c34 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "cmplog.h" diff --git a/frida_mode/src/ctx/ctx_arm32.c b/frida_mode/src/ctx/ctx_arm32.c index a5c6f6d4..a354c117 100644 --- a/frida_mode/src/ctx/ctx_arm32.c +++ b/frida_mode/src/ctx/ctx_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/ctx/ctx_arm64.c b/frida_mode/src/ctx/ctx_arm64.c index d09896af..a735401b 100644 --- a/frida_mode/src/ctx/ctx_arm64.c +++ b/frida_mode/src/ctx/ctx_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/ctx/ctx_x64.c b/frida_mode/src/ctx/ctx_x64.c index 1772a252..da5cb13a 100644 --- a/frida_mode/src/ctx/ctx_x64.c +++ b/frida_mode/src/ctx/ctx_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/ctx/ctx_x86.c b/frida_mode/src/ctx/ctx_x86.c index 9b50cb52..1a587702 100644 --- a/frida_mode/src/ctx/ctx_x86.c +++ b/frida_mode/src/ctx/ctx_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index e71386a0..186d5098 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -9,27 +9,32 @@ extern void __afl_manual_init(); -guint64 entry_start = 0; +guint64 entry_point = 0; static void entry_launch(void) { __afl_manual_init(); /* Child here */ - previous_pc = 0; + instrument_previous_pc = 0; + +} + +void entry_config(void) { + + entry_point = util_read_address("AFL_ENTRYPOINT"); } void entry_init(void) { - entry_start = util_read_address("AFL_ENTRYPOINT"); - OKF("entry_point: 0x%016" G_GINT64_MODIFIER "X", entry_start); + OKF("entry_point: 0x%016" G_GINT64_MODIFIER "X", entry_point); } -void entry_run(void) { +void entry_start(void) { - if (entry_start == 0) { entry_launch(); } + if (entry_point == 0) { entry_launch(); } } diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index ba82b89f..d6ae505d 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -2,7 +2,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -18,12 +18,13 @@ #include "stats.h" #include "util.h" -static gboolean tracing = false; -static gboolean optimize = false; -static gboolean unique = false; +gboolean instrument_tracing = false; +gboolean instrument_optimize = false; +gboolean instrument_unique = false; + static GumStalkerTransformer *transformer = NULL; -__thread uint64_t previous_pc = 0; +__thread uint64_t instrument_previous_pc = 0; static GumAddress previous_rip = 0; static u8 * edges_notified = NULL; @@ -61,7 +62,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, current_pc = (current_rip >> 4) ^ (current_rip << 8); current_pc &= MAP_SIZE - 1; - edge = current_pc ^ previous_pc; + edge = current_pc ^ instrument_previous_pc; cursor = &__afl_area_ptr[edge]; value = *cursor; @@ -77,11 +78,11 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } *cursor = value; - previous_pc = current_pc >> 1; + instrument_previous_pc = current_pc >> 1; - if (unlikely(tracing)) { + if (unlikely(instrument_tracing)) { - if (!unique || edges_notified[edge] == 0) { + if (!instrument_unique || edges_notified[edge] == 0) { trace_debug("TRACE: edge: %10" G_GINT64_MODIFIER "d, current_rip: 0x%016" G_GINT64_MODIFIER @@ -90,7 +91,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } - if (unique) { edges_notified[edge] = 1; } + if (instrument_unique) { edges_notified[edge] = 1; } previous_rip = current_rip; @@ -98,8 +99,9 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } -static void instr_basic_block(GumStalkerIterator *iterator, - GumStalkerOutput *output, gpointer user_data) { +static void instrument_basic_block(GumStalkerIterator *iterator, + GumStalkerOutput * output, + gpointer user_data) { UNUSED_PARAMETER(user_data); @@ -111,7 +113,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (unlikely(begin)) { instrument_debug_start(instr->address, output); } - if (instr->address == entry_start) { entry_prologue(iterator, output); } + if (instr->address == entry_point) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } if (instr->address == persistent_ret) { persistent_epilogue(output); } @@ -150,7 +152,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (likely(!excluded)) { - if (likely(optimize)) { + if (likely(instrument_optimize)) { instrument_coverage_optimize(instr, output); @@ -185,31 +187,39 @@ static void instr_basic_block(GumStalkerIterator *iterator, } +void instrument_config(void) { + + instrument_optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); + instrument_tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + instrument_unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); + + instrument_debug_config(); + asan_config(); + cmplog_config(); + +} + void instrument_init(void) { - optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); - tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); - unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); + if (!instrument_is_coverage_optimize_supported()) instrument_optimize = false; - if (!instrument_is_coverage_optimize_supported()) optimize = false; + OKF("Instrumentation - optimize [%c]", instrument_optimize ? 'X' : ' '); + OKF("Instrumentation - tracing [%c]", instrument_tracing ? 'X' : ' '); + OKF("Instrumentation - unique [%c]", instrument_unique ? 'X' : ' '); - OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); - OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); - OKF("Instrumentation - unique [%c]", unique ? 'X' : ' '); - - if (tracing && optimize) { + if (instrument_tracing && instrument_optimize) { FATAL("AFL_FRIDA_INST_TRACE requires AFL_FRIDA_INST_NO_OPTIMIZE"); } - if (unique && optimize) { + if (instrument_unique && instrument_optimize) { FATAL("AFL_FRIDA_INST_TRACE_UNIQUE requires AFL_FRIDA_INST_NO_OPTIMIZE"); } - if (unique) { tracing = TRUE; } + if (instrument_unique) { instrument_tracing = TRUE; } if (__afl_map_size != 0x10000) { @@ -217,10 +227,10 @@ void instrument_init(void) { } - transformer = - gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + transformer = gum_stalker_transformer_make_from_callback( + instrument_basic_block, NULL, NULL); - if (unique) { + if (instrument_unique) { int shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600); if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); } diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 450a69a3..0e15940a 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 49ee86a2..17f97c97 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -72,7 +72,7 @@ void instrument_coverage_optimize(const cs_insn * instr, gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; - uint64_t *afl_prev_loc_ptr = &previous_pc; + uint64_t *afl_prev_loc_ptr = &instrument_previous_pc; gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, sizeof(afl_area_ptr_ptr)); gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index 0ce26a1c..b8cca634 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -3,7 +3,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -13,6 +13,8 @@ static int debugging_fd = -1; static gpointer instrument_gen_start = NULL; +char *instrument_debug_filename = NULL; + static void instrument_debug(char *format, ...) { va_list ap; @@ -79,18 +81,25 @@ static void instrument_disasm(guint8 *start, guint8 *end) { } +void instrument_debug_config(void) { + + instrument_debug_filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); + +} + void instrument_debug_init(void) { - char *filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); - OKF("Instrumentation debugging - enabled [%c]", filename == NULL ? ' ' : 'X'); + OKF("Instrumentation debugging - enabled [%c]", + instrument_debug_filename == NULL ? ' ' : 'X'); - if (filename == NULL) { return; } + if (instrument_debug_filename == NULL) { return; } - OKF("Instrumentation debugging - file [%s]", filename); + OKF("Instrumentation debugging - file [%s]", instrument_debug_filename); - if (filename == NULL) { return; } + if (instrument_debug_filename == NULL) { return; } - char *path = g_canonicalize_filename(filename, g_get_current_dir()); + char *path = + g_canonicalize_filename(instrument_debug_filename, g_get_current_dir()); OKF("Instrumentation debugging - path [%s]", path); diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index 7000e65d..a38b5b14 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" @@ -68,7 +68,7 @@ void instrument_coverage_optimize(const cs_insn * instr, current_log_impl = cw->pc; gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); - uint64_t *afl_prev_loc_ptr = &previous_pc; + uint64_t *afl_prev_loc_ptr = &instrument_previous_pc; gum_x86_writer_put_bytes(cw, (const guint8 *)&__afl_area_ptr, sizeof(__afl_area_ptr)); gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 04a19e08..3c3dc272 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -16,7 +16,7 @@ static void instrument_coverage_function(GumX86Writer *cw) { gum_x86_writer_put_push_reg(cw, GUM_REG_EDX); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, - GUM_ADDRESS(&previous_pc)); + GUM_ADDRESS(&instrument_previous_pc)); gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_EDX, GUM_REG_ECX); gum_x86_writer_put_xor_reg_reg(cw, GUM_REG_EDX, GUM_REG_EDI); diff --git a/frida_mode/src/interceptor.c b/frida_mode/src/intercept.c similarity index 74% rename from frida_mode/src/interceptor.c rename to frida_mode/src/intercept.c index d2802752..ed8d27bd 100644 --- a/frida_mode/src/interceptor.c +++ b/frida_mode/src/intercept.c @@ -1,10 +1,10 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" -#include "interceptor.h" +#include "intercept.h" -void intercept(void *address, gpointer replacement, gpointer user_data) { +void intercept_hook(void *address, gpointer replacement, gpointer user_data) { GumInterceptor *interceptor = gum_interceptor_obtain(); gum_interceptor_begin_transaction(interceptor); @@ -15,7 +15,7 @@ void intercept(void *address, gpointer replacement, gpointer user_data) { } -void unintercept(void *address) { +void intercept_unhook(void *address) { GumInterceptor *interceptor = gum_interceptor_obtain(); @@ -26,10 +26,10 @@ void unintercept(void *address) { } -void unintercept_self(void) { +void intercept_unhook_self(void) { GumInvocationContext *ctx = gum_interceptor_get_current_invocation(); - unintercept(ctx->function); + intercept_unhook(ctx->function); } diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js new file mode 100644 index 00000000..983f1efa --- /dev/null +++ b/frida_mode/src/js/api.js @@ -0,0 +1,201 @@ +const write = new NativeFunction( + Module.getExportByName(null, 'write'), + 'int', + ['int', 'pointer', 'int'] +); + +const afl_frida_trace = Process.findModuleByName('afl-frida-trace.so'); + +function get_api(name, ret, args) { + const addr = afl_frida_trace.findExportByName(name); + return new NativeFunction(addr, ret, args); +} + +const js_api_done = get_api( + 'js_api_done', + 'void', + []); + +const js_api_error = get_api( + 'js_api_error', + 'void', + ['pointer']); + +const js_api_set_entrypoint = get_api( + 'js_api_set_entrypoint', + 'void', + ['pointer']); + +const js_api_set_persistent_address = get_api( + 'js_api_set_persistent_address', + 'void', + ['pointer']); + +const js_api_set_persistent_return = get_api( + 'js_api_set_persistent_return', + 'void', + ['pointer']); + +const js_api_set_persistent_count = get_api( + 'js_api_set_persistent_count', + 'void', + ['uint64']); + +const js_api_set_persistent_debug = get_api( + 'js_api_set_persistent_debug', + 'void', + []); + +const js_api_set_debug_maps = get_api( + 'js_api_set_debug_maps', + 'void', + []); + +const js_api_add_include_range = get_api( + 'js_api_add_include_range', + 'void', + ['pointer', 'size_t']); + +const js_api_add_exclude_range = get_api( + 'js_api_add_exclude_range', + 'void', + ['pointer', 'size_t']); + +const js_api_set_instrument_libraries = get_api( + 'js_api_set_instrument_libraries', + 'void', + []); + +const js_api_set_instrument_debug_file = get_api( + 'js_api_set_instrument_debug_file', + 'void', + ['pointer']); + +const js_api_set_prefetch_disable = get_api( + 'js_api_set_prefetch_disable', + 'void', + []); + +const js_api_set_instrument_no_optimize = get_api( + 'js_api_set_instrument_no_optimize', + 'void', + []); + +const js_api_set_instrument_trace = get_api( + 'js_api_set_instrument_trace', + 'void', + []); + +const js_api_set_instrument_trace_unique = get_api( + 'js_api_set_instrument_trace_unique', + 'void', + []); + +const js_api_set_stdout = get_api( + 'js_api_set_stdout', + 'void', + ['pointer']); + +const js_api_set_stderr = get_api( + 'js_api_set_stderr', + 'void', + ['pointer']); + +const js_api_set_stats_file = get_api( + 'js_api_set_stats_file', + 'void', + ['pointer']); + +const js_api_set_stats_interval = get_api( + 'js_api_set_stats_interval', + 'void', + ['uint64']); + +const js_api_set_stats_transitions = get_api( + 'js_api_set_stats_transitions', + 'void', + []); + +const afl = { + print: function (msg) { + const STDOUT_FILENO = 2; + const log = `${msg}\n`; + const buf = Memory.allocUtf8String(log); + write(STDOUT_FILENO, buf, log.length); + }, + done: function() { + js_api_done(); + }, + error: function(msg) { + const buf = Memory.allocUtf8String(msg); + js_api_error(buf); + }, + setEntryPoint: function(addr) { + js_api_set_entrypoint(addr); + }, + setPersistentAddress: function(addr) { + js_api_set_persistent_address(addr); + }, + setPersistentReturn: function(addr) { + js_api_set_persistent_return(addr); + }, + setPersistentCount: function(addr) { + js_api_set_persistent_count(addr); + }, + setPersistentDebug: function() { + js_api_set_persistent_debug(); + }, + setDebugMaps: function() { + js_api_set_debug_maps(); + }, + addIncludedRange: function(address, size) { + js_api_add_include_range(address, size); + }, + addExcludedRange: function(address, size) { + js_api_add_exclude_range(address, size); + }, + setInstrumentLibraries: function() { + js_api_set_instrument_libraries(); + }, + setInstrumentDebugFile: function(file) { + const buf = Memory.allocUtf8String(file); + js_api_set_instrument_debug_file(buf) + }, + setPrefetchDisable: function() { + js_api_set_prefetch_disable(); + }, + setInstrumentNoOptimize: function() { + js_api_set_instrument_no_optimize(); + }, + setInstrumentEnableTracing: function() { + js_api_set_instrument_trace(); + }, + setInstrumentTracingUnique: function() { + js_api_set_instrument_trace_unique(); + }, + setStdOut: function(file) { + const buf = Memory.allocUtf8String(file); + js_api_set_stdout(buf) + }, + setStdErr: function(file) { + const buf = Memory.allocUtf8String(file); + js_api_set_stderr(buf) + }, + setStatsFile: function(file) { + const buf = Memory.allocUtf8String(file); + js_api_set_stats_file(buf) + }, + setStatsInterval: function(interval) { + js_api_set_stats_interval(interval); + }, + setStatsTransitions: function() { + js_api_set_stats_transitions(); + } + +}; + +Object.defineProperty(global, 'Afl', {value: afl, writeable: false}); + +//////////////////////////////////////////////////////////////////////////////// +// END OF API // +//////////////////////////////////////////////////////////////////////////////// diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c new file mode 100644 index 00000000..79e716ad --- /dev/null +++ b/frida_mode/src/js/js.c @@ -0,0 +1,113 @@ +#include "frida-gumjs.h" + +#include "debug.h" + +#include "js.h" +#include "util.h" + +static char *js_script = NULL; +gboolean js_done = FALSE; + +static gchar * filename = "afl.js"; +static gchar * contents; +static GumScriptBackend *backend; +static GCancellable * cancellable = NULL; +static GError * error = NULL; +static GumScript * script; + +static void js_msg(GumScript *script, const gchar *message, GBytes *data, + gpointer user_data) { + + UNUSED_PARAMETER(script); + UNUSED_PARAMETER(data); + UNUSED_PARAMETER(user_data); + OKF("%s", message); + +} + +void js_config(void) { + + js_script = getenv("AFL_FRIDA_JS_SCRIPT"); + +} + +static gchar *js_get_script() { + + gsize length; + if (js_script != NULL) { filename = js_script; } + + filename = g_canonicalize_filename(filename, g_get_current_dir()); + + if (!g_file_get_contents(filename, &contents, &length, NULL)) { + + if (js_script == NULL) { + + return NULL; + + } else { + + FATAL("Could not load script file: %s", filename); + + } + + } else { + + OKF("Loaded AFL script: %s, %" G_GSIZE_MODIFIER "d bytes", filename, + length); + + gchar *source = g_malloc0(api_js_len + length + 1); + memcpy(source, api_js, api_js_len); + memcpy(&source[api_js_len], contents, length); + + return source; + + } + +} + +static void js_print_script(gchar *source) { + + gchar **split = g_strsplit(source, "\n", 0); + + for (size_t i = 0; split[i] != NULL; i++) { + + OKF("%3" G_GSIZE_MODIFIER "d. %s", i + 1, split[i]); + + } + + g_strfreev(split); + +} + +void js_start(void) { + + GMainContext *context; + + gchar *source = js_get_script(); + if (source == NULL) { return; } + js_print_script(source); + + backend = gum_script_backend_obtain_qjs(); + + script = gum_script_backend_create_sync(backend, "example", source, + cancellable, &error); + + if (error != NULL) { + + g_printerr("%s\n", error->message); + FATAL("Error processing script"); + + } + + gum_script_set_message_handler(script, js_msg, NULL, NULL); + + gum_script_load_sync(script, cancellable); + + context = g_main_context_get_thread_default(); + while (g_main_context_pending(context)) + g_main_context_iteration(context, FALSE); + + if (!js_done) { FATAL("Script didn't call Afl.done()"); } + +} + diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c new file mode 100644 index 00000000..018c0b9a --- /dev/null +++ b/frida_mode/src/js/js_api.c @@ -0,0 +1,142 @@ +#include "debug.h" + +#include "entry.h" +#include "instrument.h" +#include "js.h" +#include "output.h" +#include "persistent.h" +#include "prefetch.h" +#include "ranges.h" +#include "stats.h" +#include "util.h" + +void js_api_done() { + + js_done = TRUE; + +} + +void js_api_error(char *msg) { + + FATAL("%s", msg); + +} + +void js_api_set_entrypoint(void *address) { + + entry_point = GPOINTER_TO_SIZE(address); + +} + +void js_api_set_persistent_address(void *address) { + + persistent_start = GPOINTER_TO_SIZE(address); + +} + +void js_api_set_persistent_return(void *address) { + + persistent_ret = GPOINTER_TO_SIZE(address); + +} + +void js_api_set_persistent_count(uint64_t count) { + + persistent_count = count; + +} + +void js_api_set_persistent_debug() { + + persistent_debug = TRUE; + +} + +void js_api_set_debug_maps() { + + ranges_debug_maps = TRUE; + +} + +void js_api_add_include_range(void *address, gsize size) { + + GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size}; + ranges_add_include(&range); + +} + +void js_api_add_exclude_range(void *address, gsize size) { + + GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size}; + ranges_add_exclude(&range); + +} + +void js_api_set_instrument_libraries() { + + ranges_inst_libs = TRUE; + +} + +void js_api_set_instrument_debug_file(char *path) { + + instrument_debug_filename = g_strdup(path); + +} + +void js_api_set_prefetch_disable(void) { + + prefetch_enable = FALSE; + +} + +void js_api_set_instrument_no_optimize(void) { + + instrument_optimize = FALSE; + +} + +void js_api_set_instrument_trace(void) { + + instrument_tracing = TRUE; + +} + +void js_api_set_instrument_trace_unique(void) { + + instrument_unique = TRUE; + +} + +void js_api_set_stdout(char *file) { + + output_stdout = g_strdup(file); + +} + +void js_api_set_stderr(char *file) { + + output_stderr = g_strdup(file); + +} + +void js_api_set_stats_file(char *file) { + + stats_filename = g_strdup(file); + +} + +void js_api_set_stats_interval(uint64_t interval) { + + stats_interval = interval; + +} + +void js_api_set_stats_transitions() { + + stats_transitions = TRUE; + +} + +// "AFL_FRIDA_PERSISTENT_HOOK", + diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index 13a7d1e7..59a3fcf9 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -6,7 +6,7 @@ #include #include - #include "frida-gum.h" + #include "frida-gumjs.h" #include "debug.h" @@ -151,6 +151,10 @@ static void lib_get_text_section(lib_details_t *details) { } +void lib_config(void) { + +} + void lib_init(void) { lib_details_t lib_details; diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c index 8f863861..2aa48a13 100644 --- a/frida_mode/src/lib/lib_apple.c +++ b/frida_mode/src/lib/lib_apple.c @@ -1,5 +1,5 @@ #ifdef __APPLE__ - #include "frida-gum.h" + #include "frida-gumjs.h" #include "debug.h" @@ -56,6 +56,10 @@ gboolean lib_get_text_section(const GumDarwinSectionDetails *details, } +void lib_config(void) { + +} + void lib_init(void) { GumDarwinModule *module = NULL; diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index b17d9f49..85b0bbf3 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -11,14 +11,15 @@ #include #endif -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" #include "entry.h" #include "instrument.h" -#include "interceptor.h" +#include "intercept.h" +#include "js.h" #include "lib.h" #include "output.h" #include "persistent.h" @@ -44,13 +45,6 @@ typedef int *(*main_fn_t)(int argc, char **argv, char **envp); static main_fn_t main_fn = NULL; -static int on_fork(void) { - - prefetch_read(); - return fork(); - -} - #ifdef __APPLE__ static void on_main_os(int argc, char **argv, char **envp) { @@ -174,23 +168,36 @@ void afl_frida_start(void) { afl_print_cmdline(); afl_print_env(); + /* Configure */ + entry_config(); + instrument_config(); + js_config(); + lib_config(); + output_config(); + persistent_config(); + prefetch_config(); + ranges_config(); + stalker_config(); + stats_config(); + + js_start(); + + /* Initialize */ + output_init(); + embedded_init(); - stalker_init(); - lib_init(); entry_init(); instrument_init(); - output_init(); + lib_init(); persistent_init(); prefetch_init(); + stalker_init(); ranges_init(); stats_init(); - void *fork_addr = - GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); - intercept(fork_addr, on_fork, NULL); - + /* Start */ stalker_start(); - entry_run(); + entry_start(); } @@ -198,7 +205,7 @@ static int *on_main(int argc, char **argv, char **envp) { on_main_os(argc, argv, envp); - unintercept_self(); + intercept_unhook_self(); afl_frida_start(); @@ -212,7 +219,7 @@ extern int *main(int argc, char **argv, char **envp); static void intercept_main(void) { main_fn = main; - intercept(main, on_main, NULL); + intercept_hook(main, on_main, NULL); } @@ -225,7 +232,7 @@ static void intercept_main(void) { OKF("Entry Point: 0x%016" G_GINT64_MODIFIER "x", entry); void *main = GSIZE_TO_POINTER(entry); main_fn = main; - intercept(main, on_main, NULL); + intercept_hook(main, on_main, NULL); } @@ -236,8 +243,8 @@ static int on_libc_start_main(int *(main)(int, char **, char **), int argc, void(*stack_end)) { main_fn = main; - unintercept_self(); - intercept(main, on_main, NULL); + intercept_unhook_self(); + intercept_hook(main, on_main, NULL); return __libc_start_main(main, argc, ubp_av, init, fini, rtld_fini, stack_end); @@ -245,7 +252,7 @@ static int on_libc_start_main(int *(main)(int, char **, char **), int argc, static void intercept_main(void) { - intercept(__libc_start_main, on_libc_start_main, NULL); + intercept_hook(__libc_start_main, on_libc_start_main, NULL); } diff --git a/frida_mode/src/output.c b/frida_mode/src/output.c index 8a222b25..e2b744e7 100644 --- a/frida_mode/src/output.c +++ b/frida_mode/src/output.c @@ -2,17 +2,17 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "output.h" -static int output_fd = -1; +char *output_stdout = NULL; +char *output_stderr = NULL; -static void output_redirect(int fd, char *variable) { +static void output_redirect(int fd, char *filename) { - char *filename = getenv(variable); char *path = NULL; if (filename == NULL) { return; } @@ -21,8 +21,8 @@ static void output_redirect(int fd, char *variable) { OKF("Redirect %d -> '%s'", fd, path); - output_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, - S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + int output_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); g_free(path); @@ -34,12 +34,24 @@ static void output_redirect(int fd, char *variable) { } + close(output_fd); + +} + +void output_config(void) { + + output_stdout = getenv("AFL_FRIDA_OUTPUT_STDOUT"); + output_stderr = getenv("AFL_FRIDA_OUTPUT_STDERR"); + } void output_init(void) { - output_redirect(STDOUT_FILENO, "AFL_FRIDA_OUTPUT_STDOUT"); - output_redirect(STDERR_FILENO, "AFL_FRIDA_OUTPUT_STDERR"); + OKF("Output - StdOut: %s", output_stdout); + OKF("Output - StdErr: %s", output_stderr); + + output_redirect(STDOUT_FILENO, output_stdout); + output_redirect(STDERR_FILENO, output_stderr); } diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 243d501d..e3e0b0ca 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -1,6 +1,6 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -8,17 +8,18 @@ #include "persistent.h" #include "util.h" -int __afl_sharedmem_fuzzing = 0; -afl_persistent_hook_fn hook = NULL; +int __afl_sharedmem_fuzzing = 0; +static char *hook_name = NULL; + +afl_persistent_hook_fn persistent_hook = NULL; guint64 persistent_start = 0; guint64 persistent_count = 0; guint64 persistent_ret = 0; gboolean persistent_debug = FALSE; -void persistent_init(void) { - - char *hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK"); +void persistent_config(void) { + hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK"); persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET"); @@ -33,6 +34,11 @@ void persistent_init(void) { } + if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; + + if (persistent_start != 0 && !persistent_is_supported()) + FATAL("Persistent mode not supported on this architecture"); + if (persistent_ret != 0 && persistent_start == 0) { FATAL( @@ -41,13 +47,9 @@ void persistent_init(void) { } - if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; +} - if (persistent_count != 0 && persistent_count < 100) - WARNF("Persistent count out of recommended range (<100)"); - - if (persistent_start != 0 && !persistent_is_supported()) - FATAL("Persistent mode not supported on this architecture"); +void persistent_init(void) { OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_start == 0 ? ' ' : 'X', persistent_start); @@ -58,27 +60,26 @@ void persistent_init(void) { OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_ret == 0 ? ' ' : 'X', persistent_ret); - if (hook_name != NULL) { + if (hook_name == NULL) { return; } - void *hook_obj = dlopen(hook_name, RTLD_NOW); - if (hook_obj == NULL) - FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name); + void *hook_obj = dlopen(hook_name, RTLD_NOW); + if (hook_obj == NULL) + FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name); - int (*afl_persistent_hook_init_ptr)(void) = - dlsym(hook_obj, "afl_persistent_hook_init"); - if (afl_persistent_hook_init_ptr == NULL) - FATAL("Failed to find afl_persistent_hook_init in %s", hook_name); + int (*afl_persistent_hook_init_ptr)(void) = + dlsym(hook_obj, "afl_persistent_hook_init"); + if (afl_persistent_hook_init_ptr == NULL) + FATAL("Failed to find afl_persistent_hook_init in %s", hook_name); - if (afl_persistent_hook_init_ptr() == 0) - FATAL("afl_persistent_hook_init returned a failure"); + if (afl_persistent_hook_init_ptr() == 0) + FATAL("afl_persistent_hook_init returned a failure"); - hook = (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook"); - if (hook == NULL) - FATAL("Failed to find afl_persistent_hook in %s", hook_name); + persistent_hook = + (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook"); + if (persistent_hook == NULL) + FATAL("Failed to find afl_persistent_hook in %s", hook_name); - __afl_sharedmem_fuzzing = 1; - - } + __afl_sharedmem_fuzzing = 1; } diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index 6a3c06fa..f12f1af8 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index d7c6c76b..e618fbac 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -318,7 +318,7 @@ static void instrument_exit(GumArm64Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - previous_pc = 0; + instrument_previous_pc = 0; return ret; } @@ -337,7 +337,7 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) { static void persistent_prologue_hook(GumArm64Writer * cw, struct arm64_regs *regs) { - if (hook == NULL) return; + if (persistent_hook == NULL) return; gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, GUM_RED_ZONE_SIZE); @@ -354,7 +354,7 @@ static void persistent_prologue_hook(GumArm64Writer * cw, gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); gum_arm64_writer_put_call_address_with_arguments( - cw, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), + cw, GUM_ADDRESS(persistent_hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, ARM64_REG_X2, GUM_ARG_REGISTER, ARM64_REG_X3); diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 653acefe..a91abc1c 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -199,7 +199,7 @@ static void instrument_exit(GumX86Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - previous_pc = 0; + instrument_previous_pc = 0; return ret; } @@ -220,7 +220,7 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { static void persistent_prologue_hook(GumX86Writer * cw, struct x86_64_regs *regs) { - if (hook == NULL) return; + if (persistent_hook == NULL) return; gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -(GUM_RED_ZONE_SIZE)); @@ -236,7 +236,7 @@ static void persistent_prologue_hook(GumX86Writer * cw, gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); gum_x86_writer_put_call_address_with_arguments( - cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, + cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, GUM_REG_RDX, GUM_ARG_REGISTER, GUM_REG_RCX); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 7add6e99..1d01d8e4 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" @@ -152,7 +152,7 @@ static void instrument_exit(GumX86Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - previous_pc = 0; + instrument_previous_pc = 0; return ret; } @@ -167,7 +167,7 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { - if (hook == NULL) return; + if (persistent_hook == NULL) return; gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, GUM_ADDRESS(&__afl_fuzz_len)); @@ -180,7 +180,7 @@ static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { /* Base address is 64-bits (hence two zero arguments) */ gum_x86_writer_put_call_address_with_arguments( - cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 5, GUM_ARG_ADDRESS, + cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 5, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, GUM_REG_ECX); diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 65c09fba..50d10c9e 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -2,10 +2,11 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" +#include "intercept.h" #include "prefetch.h" #include "stalker.h" @@ -20,9 +21,10 @@ typedef struct { } prefetch_data_t; -static prefetch_data_t *prefetch_data = NULL; +gboolean prefetch_enable = TRUE; -static int prefetch_shm_id = -1; +static prefetch_data_t *prefetch_data = NULL; +static int prefetch_shm_id = -1; /* * We do this from the transformer since we need one anyway for coverage, this @@ -72,14 +74,33 @@ void prefetch_read(void) { } +void prefetch_config(void) { + + prefetch_enable = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); + +} + +static int prefetch_on_fork(void) { + + prefetch_read(); + return fork(); + +} + +static void prefetch_hook_fork(void) { + + void *fork_addr = + GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); + intercept_hook(fork_addr, prefetch_on_fork, NULL); + +} + void prefetch_init(void) { g_assert_cmpint(sizeof(prefetch_data_t), ==, PREFETCH_SIZE); - gboolean prefetch = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); + OKF("Instrumentation - prefetch [%c]", prefetch_enable ? 'X' : ' '); - OKF("Instrumentation - prefetch [%c]", prefetch ? 'X' : ' '); - - if (!prefetch) { return; } + if (!prefetch_enable) { return; } /* * Make our shared memory, we can attach before we fork, just like AFL does * with the coverage bitmap region and fork will take care of ensuring both @@ -108,5 +129,7 @@ void prefetch_init(void) { /* Clear it, not sure it's necessary, just seems like good practice */ memset(prefetch_data, '\0', sizeof(prefetch_data_t)); + prefetch_hook_fork(); + } diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index ef25b371..534f202b 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -17,11 +17,14 @@ typedef struct { } convert_name_ctx_t; -GArray *module_ranges = NULL; -GArray *libs_ranges = NULL; -GArray *include_ranges = NULL; -GArray *exclude_ranges = NULL; -GArray *ranges = NULL; +gboolean ranges_debug_maps = FALSE; +gboolean ranges_inst_libs = FALSE; + +static GArray *module_ranges = NULL; +static GArray *libs_ranges = NULL; +static GArray *include_ranges = NULL; +static GArray *exclude_ranges = NULL; +static GArray *ranges = NULL; static void convert_address_token(gchar *token, GumMemoryRange *range) { @@ -225,6 +228,43 @@ static GArray *collect_module_ranges(void) { } +static void check_for_overlaps(GArray *array) { + + for (guint i = 1; i < array->len; i++) { + + GumMemoryRange *prev = &g_array_index(array, GumMemoryRange, i - 1); + GumMemoryRange *curr = &g_array_index(array, GumMemoryRange, i); + GumAddress prev_limit = prev->base_address + prev->size; + GumAddress curr_limit = curr->base_address + curr->size; + if (prev_limit > curr->base_address) { + + FATAL("OVerlapping ranges 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x", + prev->base_address, prev_limit, curr->base_address, curr_limit); + + } + + } + +} + +void ranges_add_include(GumMemoryRange *range) { + + g_array_append_val(include_ranges, *range); + g_array_sort(include_ranges, range_sort); + check_for_overlaps(include_ranges); + +} + +void ranges_add_exclude(GumMemoryRange *range) { + + g_array_append_val(exclude_ranges, *range); + g_array_sort(exclude_ranges, range_sort); + check_for_overlaps(exclude_ranges); + +} + static GArray *collect_ranges(char *env_key) { char * env_val; @@ -253,23 +293,7 @@ static GArray *collect_ranges(char *env_key) { g_array_sort(result, range_sort); - /* Check for overlaps */ - for (i = 1; i < token_count; i++) { - - GumMemoryRange *prev = &g_array_index(result, GumMemoryRange, i - 1); - GumMemoryRange *curr = &g_array_index(result, GumMemoryRange, i); - GumAddress prev_limit = prev->base_address + prev->size; - GumAddress curr_limit = curr->base_address + curr->size; - if (prev_limit > curr->base_address) { - - FATAL("OVerlapping ranges 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x", - prev->base_address, prev_limit, curr->base_address, curr_limit); - - } - - } + check_for_overlaps(result); print_ranges(env_key, result); @@ -285,16 +309,16 @@ static GArray *collect_libs_ranges(void) { GumMemoryRange range; result = g_array_new(false, false, sizeof(GumMemoryRange)); - if (getenv("AFL_INST_LIBS") == NULL) { - - range.base_address = lib_get_text_base(); - range.size = lib_get_text_limit() - lib_get_text_base(); - - } else { + if (ranges_inst_libs) { range.base_address = 0; range.size = G_MAXULONG; + } else { + + range.base_address = lib_get_text_base(); + range.size = lib_get_text_limit() - lib_get_text_base(); + } g_array_append_val(result, range); @@ -480,30 +504,13 @@ static GArray *merge_ranges(GArray *a) { } -static gboolean exclude_ranges_callback(const GumRangeDetails *details, - gpointer user_data) { +void ranges_config(void) { - UNUSED_PARAMETER(user_data); - gchar * name; - gboolean found; - GumStalker *stalker; - if (details->file == NULL) { return TRUE; } - name = g_path_get_basename(details->file->path); + if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { ranges_debug_maps = TRUE; } + if (getenv("AFL_INST_LIBS") != NULL) { ranges_inst_libs = TRUE; } - found = (g_strcmp0(name, "afl-frida-trace.so") == 0); - g_free(name); - if (!found) { return TRUE; } - - stalker = stalker_get(); - gum_stalker_exclude(stalker, details->range); - - return FALSE; - -} - -static void ranges_exclude_self(void) { - - gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, exclude_ranges_callback, NULL); + include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); + exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); } @@ -515,16 +522,20 @@ void ranges_init(void) { GArray * step3; GArray * step4; - if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { + if (ranges_debug_maps) { gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, NULL); } + OKF("Ranges - Instrument libraries [%c]", ranges_inst_libs ? 'X' : ' '); + + print_ranges("AFL_FRIDA_INST_RANGES", include_ranges); + print_ranges("AFL_FRIDA_EXCLUDE_RANGES", exclude_ranges); + module_ranges = collect_module_ranges(); libs_ranges = collect_libs_ranges(); - include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); /* If include ranges is empty, then assume everything is included */ if (include_ranges->len == 0) { @@ -535,8 +546,6 @@ void ranges_init(void) { } - exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); - /* Intersect with .text section of main executable unless AFL_INST_LIBS */ step1 = intersect_ranges(module_ranges, libs_ranges); print_ranges("step1", step1); @@ -565,9 +574,6 @@ void ranges_init(void) { g_array_free(step2, TRUE); g_array_free(step1, TRUE); - /* *NEVER* stalk the stalker, only bad things will ever come of this! */ - ranges_exclude_self(); - ranges_exclude(); } diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 63f3c529..98483cde 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -2,18 +2,47 @@ #include "instrument.h" #include "stalker.h" +#include "util.h" static GumStalker *stalker = NULL; -void stalker_init(void) { +void stalker_config(void) { if (!gum_stalker_is_supported()) { FATAL("Failed to initialize embedded"); } +} + +static gboolean stalker_exclude_self(const GumRangeDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + gchar * name; + gboolean found; + GumStalker *stalker; + if (details->file == NULL) { return TRUE; } + name = g_path_get_basename(details->file->path); + + found = (g_strcmp0(name, "afl-frida-trace.so") == 0); + g_free(name); + if (!found) { return TRUE; } + + stalker = stalker_get(); + gum_stalker_exclude(stalker, details->range); + + return FALSE; + +} + +void stalker_init(void) { + stalker = gum_stalker_new(); if (stalker == NULL) { FATAL("Failed to initialize stalker"); } gum_stalker_set_trust_threshold(stalker, 0); + /* *NEVER* stalk the stalker, only bad things will ever come of this! */ + gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, stalker_exclude_self, NULL); + } GumStalker *stalker_get(void) { diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 0d7b9fb0..0dd8be70 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -5,7 +5,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -17,15 +17,16 @@ stats_data_header_t *stats_data = NULL; -static int stats_parent_pid = -1; -static int stats_fd = -1; -static gboolean stats_transitions = FALSE; -static guint64 stats_interval = 0; +static int stats_parent_pid = -1; +static int stats_fd = -1; -void stats_init(void) { +char * stats_filename = NULL; +guint64 stats_interval = 0; +gboolean stats_transitions = FALSE; - stats_parent_pid = getpid(); - char *filename = getenv("AFL_FRIDA_STATS_FILE"); +void stats_config(void) { + + stats_filename = getenv("AFL_FRIDA_STATS_FILE"); stats_interval = util_read_num("AFL_FRIDA_STATS_INTERVAL"); if (getenv("AFL_FRIDA_STATS_TRANSITIONS") != NULL) { @@ -33,10 +34,16 @@ void stats_init(void) { } - OKF("Stats - file [%s]", filename); +} + +void stats_init(void) { + + stats_parent_pid = getpid(); + + OKF("Stats - file [%s]", stats_filename); OKF("Stats - interval [%" G_GINT64_MODIFIER "u]", stats_interval); - if (stats_interval != 0 && filename == NULL) { + if (stats_interval != 0 && stats_filename == NULL) { FATAL( "AFL_FRIDA_STATS_FILE must be specified if " @@ -46,7 +53,7 @@ void stats_init(void) { if (stats_interval == 0) { stats_interval = 10; } - if (filename == NULL) { return; } + if (stats_filename == NULL) { return; } if (!stats_is_supported_arch()) { @@ -56,11 +63,11 @@ void stats_init(void) { char *path = NULL; - if (filename == NULL) { return; } + if (stats_filename == NULL) { return; } if (stats_transitions) { gum_stalker_set_counters_enabled(TRUE); } - path = g_canonicalize_filename(filename, g_get_current_dir()); + path = g_canonicalize_filename(stats_filename, g_get_current_dir()); OKF("Stats - path [%s]", path); diff --git a/frida_mode/src/stats/stats_arm32.c b/frida_mode/src/stats/stats_arm32.c index 7eea7f91..71953af3 100644 --- a/frida_mode/src/stats/stats_arm32.c +++ b/frida_mode/src/stats/stats_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/stats/stats_arm64.c b/frida_mode/src/stats/stats_arm64.c index 592af87a..d9d374a4 100644 --- a/frida_mode/src/stats/stats_arm64.c +++ b/frida_mode/src/stats/stats_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/stats/stats_x64.c b/frida_mode/src/stats/stats_x64.c index c3e8742a..7c3a90d7 100644 --- a/frida_mode/src/stats/stats_x64.c +++ b/frida_mode/src/stats/stats_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/stats/stats_x86.c b/frida_mode/src/stats/stats_x86.c index 1906e809..d9c4f652 100644 --- a/frida_mode/src/stats/stats_x86.c +++ b/frida_mode/src/stats/stats_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/test/deferred/GNUmakefile b/frida_mode/test/deferred/GNUmakefile index c268ef66..ae580e3f 100644 --- a/frida_mode/test/deferred/GNUmakefile +++ b/frida_mode/test/deferred/GNUmakefile @@ -37,7 +37,7 @@ ifeq "$(ARCH)" "x86" AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) endif -.PHONY: all clean qemu frida +.PHONY: all clean frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ diff --git a/frida_mode/test/js/GNUmakefile b/frida_mode/test/js/GNUmakefile new file mode 100644 index 00000000..8ea71656 --- /dev/null +++ b/frida_mode/test/js/GNUmakefile @@ -0,0 +1,44 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ +TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)testinstr +TESTINSTSRC:=$(PWD)testinstr.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all 32 clean qemu frida + +all: $(TESTINSTBIN) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=test.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ diff --git a/frida_mode/test/js/Makefile b/frida_mode/test/js/Makefile new file mode 100644 index 00000000..7a237f99 --- /dev/null +++ b/frida_mode/test/js/Makefile @@ -0,0 +1,16 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +debug: + @gmake debug diff --git a/frida_mode/test/js/test.js b/frida_mode/test/js/test.js new file mode 100644 index 00000000..f10ef2d1 --- /dev/null +++ b/frida_mode/test/js/test.js @@ -0,0 +1,20 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const entry_point = DebugSymbol.fromName('run'); +Afl.print(`entry_point: ${entry_point.address}`); + +Afl.setEntryPoint(entry_point.address); + +// Afl.error('HARD NOPE'); + +Afl.done(); +Afl.print("done"); diff --git a/frida_mode/test/js/testinstr.c b/frida_mode/test/js/testinstr.c new file mode 100644 index 00000000..bd605c52 --- /dev/null +++ b/frida_mode/test/js/testinstr.c @@ -0,0 +1,121 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +#ifdef __APPLE__ + #define TESTINSTR_SECTION +#else + #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) +#endif + +void testinstr(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + testinstr(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + + usleep(100000); + +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return run(argv[1]); + +} + diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 2de51d86..81fdd069 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -82,6 +82,16 @@ frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ +frida_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=test.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ diff --git a/frida_mode/test/persistent_ret/test.js b/frida_mode/test/persistent_ret/test.js new file mode 100644 index 00000000..43c6ad7c --- /dev/null +++ b/frida_mode/test/persistent_ret/test.js @@ -0,0 +1,38 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const persistent_addr = DebugSymbol.fromName('main'); +Afl.print(`persistent_addr: ${persistent_addr.address}`); + +const persistent_ret = DebugSymbol.fromName('slow'); +Afl.print(`persistent_ret: ${persistent_ret.address}`); + +Afl.setPersistentAddress(persistent_addr.address); +Afl.setPersistentReturn(persistent_ret.address); +Afl.setPersistentCount(1000000); + +Afl.setDebugMaps(); + +const mod = Process.findModuleByName("libc-2.31.so") +Afl.addExcludedRange(mod.base, mod.size); +Afl.setInstrumentLibraries(); +Afl.setInstrumentDebugFile("/tmp/instr.log"); +Afl.setPrefetchDisable(); +Afl.setInstrumentNoOptimize(); +Afl.setInstrumentEnableTracing(); +Afl.setInstrumentTracingUnique(); +Afl.setStdOut("/tmp/stdout.txt"); +Afl.setStdErr("/tmp/stderr.txt"); +Afl.setStatsFile("/tmp/stats.txt"); +Afl.setStatsInterval(1); +Afl.setStatsTransitions(); +Afl.done(); +Afl.print("done"); diff --git a/include/envs.h b/include/envs.h index 54bb6597..f89e8e62 100644 --- a/include/envs.h +++ b/include/envs.h @@ -60,7 +60,8 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_TRACE", - "AFL_FRIDA_INST_UNSTABLE", + "AFL_FRIDA_INST_TRACE_UNIQUE", + "AFL_FRIDA_JS_SCRIPT", "AFL_FRIDA_OUTPUT_STDOUT", "AFL_FRIDA_OUTPUT_STDERR", "AFL_FRIDA_PERSISTENT_ADDR", From 61e1c74d528fb69cdb15b348be45653379f4ff96 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 24 Jun 2021 22:30:04 +0200 Subject: [PATCH 372/441] unicorn rust bindings improvements --- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/unicornafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index 8bed2927..bd50965e 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -760806a2c5035f70f2e0ecf3a50ace1e7e5b9833 +475921a8c8674242d41b07a9dbcca9b9005b7051 diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 760806a2..475921a8 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 760806a2c5035f70f2e0ecf3a50ace1e7e5b9833 +Subproject commit 475921a8c8674242d41b07a9dbcca9b9005b7051 From 28e6b96276066a69482fdb17b38a71ba98abd700 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 25 Jun 2021 08:53:31 +0200 Subject: [PATCH 373/441] typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c0a22e54..bc5b333c 100644 --- a/README.md +++ b/README.md @@ -113,7 +113,7 @@ behaviours and defaults: 4. with pcguard mode and LTO mode for LLVM 11 and newer 5. upcoming, development in the branch 6. not compatible with LTO instrumentation and needs at least LLVM v4.1 - 7. automatic in LTO mode with LLVM 11 and newer, an extra pass for all LLVM version that writes to a file to use with afl-fuzz' `-x` + 7. automatic in LTO mode with LLVM 11 and newer, an extra pass for all LLVM versions that write to a file to use with afl-fuzz' `-x` 8. the snapshot LKM is currently unmaintained due to too many kernel changes coming too fast :-( Among others, the following features and patches have been integrated: From 89ddd9998c0e955e0277ba077c7186b77615f0e8 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Fri, 25 Jun 2021 14:55:18 +0200 Subject: [PATCH 374/441] updated uc rust bindings --- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/samples/speedtest/rust/src/main.rs | 8 ++++---- unicorn_mode/unicornafl | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index bd50965e..5db24eec 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -475921a8c8674242d41b07a9dbcca9b9005b7051 +0d82727f2b477de82fa355edef9bc158bd25d374 diff --git a/unicorn_mode/samples/speedtest/rust/src/main.rs b/unicorn_mode/samples/speedtest/rust/src/main.rs index 9ea1b873..105ba4b4 100644 --- a/unicorn_mode/samples/speedtest/rust/src/main.rs +++ b/unicorn_mode/samples/speedtest/rust/src/main.rs @@ -195,7 +195,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { } let place_input_callback = - |mut uc: UnicornHandle<'_, _>, afl_input: &mut [u8], _persistent_round| { + |uc: &mut UnicornHandle<'_, _>, afl_input: &mut [u8], _persistent_round| { // apply constraints to the mutated input if afl_input.len() > INPUT_MAX as usize { //println!("Skipping testcase with leng {}", afl_input.len()); @@ -209,7 +209,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { // return true if the last run should be counted as crash let crash_validation_callback = - |_uc: UnicornHandle<'_, _>, result, _input: &[u8], _persistent_round| { + |_uc: &mut UnicornHandle<'_, _>, result, _input: &[u8], _persistent_round| { result != uc_error::OK }; @@ -217,9 +217,9 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { let ret = uc.afl_fuzz( input_file, - Box::new(place_input_callback), + place_input_callback, &end_addrs, - Box::new(crash_validation_callback), + crash_validation_callback, false, 1000, ); diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 475921a8..0d82727f 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 475921a8c8674242d41b07a9dbcca9b9005b7051 +Subproject commit 0d82727f2b477de82fa355edef9bc158bd25d374 From c88b98d1c91b37c1941483980161bd46cb03c4d5 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 25 Jun 2021 22:32:49 +0200 Subject: [PATCH 375/441] test laf splitting: set default for char type explicitly to signed --- test/test-llvm.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 8090e176..aa40c5ed 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -191,7 +191,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { for I in char short int long "long long"; do for BITS in 8 16 32 64; do bin="$testcase-split-$I-$BITS.compcov" - AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -fsigned-char -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; if ! test -e "$bin"; then cat test.out $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting failed! ($testcase with type $I split to $BITS)!"; From 6a3877dcd35d31eb79bebbc30ffe70ac0342743e Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 25 Jun 2021 22:14:27 +0100 Subject: [PATCH 376/441] Improved FRIDA mode scripting support (#994) Co-authored-by: Your Name --- frida_mode/.gitignore | 2 + frida_mode/GNUmakefile | 17 +- frida_mode/Makefile | 3 + frida_mode/Scripting.md | 840 +++++++++++++++--- frida_mode/hook/hook.c | 50 ++ frida_mode/include/js.h | 10 +- frida_mode/src/entry.c | 1 + frida_mode/src/instrument/instrument.c | 11 +- frida_mode/src/js/api.js | 436 +++++---- frida_mode/src/js/js.c | 13 +- frida_mode/src/js/js_api.c | 12 +- frida_mode/src/persistent/persistent.c | 28 +- frida_mode/src/persistent/persistent_arm64.c | 405 ++++----- frida_mode/src/persistent/persistent_x64.c | 178 ++-- frida_mode/src/persistent/persistent_x86.c | 111 +-- frida_mode/test/jpeg/GNUmakefile | 10 +- frida_mode/test/jpeg/Makefile | 3 - frida_mode/test/jpeg/aflpp_qemu_driver_hook.c | 97 -- frida_mode/test/js/GNUmakefile | 56 +- frida_mode/test/js/Makefile | 13 +- frida_mode/test/js/{test.js => entry.js} | 0 frida_mode/test/js/patch.js | 34 + frida_mode/test/js/replace.js | 43 + frida_mode/test/js/stalker.js | 109 +++ frida_mode/test/js/{testinstr.c => test.c} | 10 +- frida_mode/test/js/test2.c | 177 ++++ frida_mode/test/libpcap/GNUmakefile | 10 +- .../test/libpcap/aflpp_qemu_driver_hook.c | 97 -- frida_mode/test/persistent_ret/GNUmakefile | 11 +- frida_mode/test/persistent_ret/test.js | 54 +- frida_mode/test/persistent_ret/testinstr.c | 11 +- .../test/png/persistent/hook/GNUmakefile | 30 +- frida_mode/test/png/persistent/hook/Makefile | 3 + .../persistent/hook/aflpp_qemu_driver_hook.c | 193 ---- .../test/png/persistent/hook/cmodule.js | 39 + frida_mode/test/png/persistent/hook/load.js | 27 + frida_mode/test/proj4/GNUmakefile | 10 +- frida_mode/test/proj4/Makefile | 2 - .../test/proj4/aflpp_qemu_driver_hook.c | 97 -- frida_mode/test/re2/GNUmakefile | 10 +- frida_mode/test/re2/Makefile | 2 - frida_mode/test/re2/aflpp_qemu_driver_hook.c | 97 -- frida_mode/ts/lib/afl.ts | 373 ++++++++ frida_mode/ts/package-lock.json | 12 + frida_mode/ts/package.json | 32 + frida_mode/ts/tsconfig.json | 14 + frida_mode/ts/tslint.json | 256 ++++++ 47 files changed, 2626 insertions(+), 1423 deletions(-) create mode 100644 frida_mode/hook/hook.c delete mode 100644 frida_mode/test/jpeg/aflpp_qemu_driver_hook.c rename frida_mode/test/js/{test.js => entry.js} (100%) create mode 100644 frida_mode/test/js/patch.js create mode 100644 frida_mode/test/js/replace.js create mode 100644 frida_mode/test/js/stalker.js rename frida_mode/test/js/{testinstr.c => test.c} (91%) create mode 100644 frida_mode/test/js/test2.c delete mode 100644 frida_mode/test/libpcap/aflpp_qemu_driver_hook.c delete mode 100644 frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c create mode 100644 frida_mode/test/png/persistent/hook/cmodule.js create mode 100644 frida_mode/test/png/persistent/hook/load.js delete mode 100644 frida_mode/test/proj4/aflpp_qemu_driver_hook.c delete mode 100644 frida_mode/test/re2/aflpp_qemu_driver_hook.c create mode 100644 frida_mode/ts/lib/afl.ts create mode 100644 frida_mode/ts/package-lock.json create mode 100644 frida_mode/ts/package.json create mode 100644 frida_mode/ts/tsconfig.json create mode 100644 frida_mode/ts/tslint.json diff --git a/frida_mode/.gitignore b/frida_mode/.gitignore index 956b9911..32cca51f 100644 --- a/frida_mode/.gitignore +++ b/frida_mode/.gitignore @@ -3,3 +3,5 @@ frida_test.dat qemu_test.dat frida_out/** qemu_out/** +ts/dist/ +ts/node_modules/ diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index fdacff62..f5a96501 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -94,11 +94,15 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -.PHONY: all 32 clean format $(FRIDA_GUM) quickjs +HOOK_DIR:=$(PWD)hook/ +AFLPP_DRIVER_HOOK_SRC=$(HOOK_DIR)hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)hook.so + +.PHONY: all 32 clean format hook $(FRIDA_GUM) ############################## ALL ############################################# -all: $(FRIDA_TRACE) +all: $(FRIDA_TRACE) $(AFLPP_DRIVER_HOOK_OBJ) 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all @@ -197,13 +201,20 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL cp -v $(FRIDA_TRACE) $(ROOT) +############################# HOOK ############################################# + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@ + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + ############################# CLEAN ############################################ clean: rm -rf $(BUILD_DIR) ############################# FORMAT ########################################### format: - cd $(ROOT) && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i + cd $(ROOT) && echo $(SOURCES) $(AFLPP_DRIVER_HOOK_SRC) | xargs -L1 ./.custom-format.py -i cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i ############################# RUN ############################################# diff --git a/frida_mode/Makefile b/frida_mode/Makefile index 6cd1a64e..1922c7e6 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -11,3 +11,6 @@ clean: format: @gmake format + +hook: + @gmake hook diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index 8b961e18..4c6fe6b2 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -99,142 +99,752 @@ const address = module.base.add(0xdeadface); Afl.setPersistentAddress(address); ``` +# Persisent Hook +A persistent hook can be implemented using a conventional shared object, sample +source code for a hook suitable for the prototype of `LLVMFuzzerTestOneInput` +can be found [here](hook/hook.c). This can be configured using code similar to +the following. + +```js +const path = Afl.module.path; +const dir = path.substring(0, path.lastIndexOf("/")); +const mod = Module.load(`${dir}/frida_mode/build/hook.so`); +const hook = mod.getExportByName('afl_persistent_hook'); +Afl.setPersistentHook(hook); +``` + +Alternatively, the hook can be provided by using FRIDAs built in support for `CModule`, powered by TinyCC. + +```js +const cm = new CModule(` + + #include + #include + + void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + + } + `, + { + memcpy: Module.getExportByName(null, 'memcpy') + }); +Afl.setPersistentHook(cm.afl_persistent_hook); +``` + +# Advanced Persistence +Consider the following target code... +```c + +#include +#include +#include +#include +#include + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + LLVMFuzzerTestOneInput(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + + usleep(100000); + +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return run(argv[1]); + +} +``` + +FRIDA mode supports the replacement of any function, with an implementation +generated by CModule. This allows for a bespoke harness to be written as +follows: + +``` +const slow = DebugSymbol.fromName('slow').address; +Afl.print(`slow: ${slow}`); + +const LLVMFuzzerTestOneInput = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`LLVMFuzzerTestOneInput: ${LLVMFuzzerTestOneInput}`); + +const cm = new CModule(` + + extern unsigned char * __afl_fuzz_ptr; + extern unsigned int * __afl_fuzz_len; + extern void LLVMFuzzerTestOneInput(char *buf, int len); + + void slow(void) { + + LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len); + } + `, + { + LLVMFuzzerTestOneInput: LLVMFuzzerTestOneInput, + __afl_fuzz_ptr: Afl.getAflFuzzPtr(), + __afl_fuzz_len: Afl.getAflFuzzLen() + }); + +Afl.setEntryPoint(cm.slow); +Afl.setPersistentAddress(cm.slow); +Afl.setInMemoryFuzzing(); +Interceptor.replace(slow, cm.slow); +Afl.print("done"); +Afl.done(); +``` + +Here, we replace the function `slow` with our own code. This code is then +selected as the entry point as well as the persistent loop address. + +**WARNING** There are two key limitations in replacing a function in this way: +- The function which is to be replaced must not be `main` this is because this +is the point at which FRIDA mode is initialized and at the point the the JS has +been run, the start of the `main` function has already been instrumented and +cached. +- The replacement function must not call itself. e.g. in this example we +couldn't replace `LLVMFuzzerTestOneInput` and call itself. + +# Patching +Consider the [following](test/js/test2.c) test code... + +```c +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include + +const uint32_t crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + + ... + + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +uint32_t +crc32(const void *buf, size_t size) +{ + const uint8_t *p = buf; + uint32_t crc; + crc = ~0U; + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + return crc ^ ~0U; +} + +/* + * Don't you hate those contrived examples which CRC their data. We can use + * FRIDA to patch this function out and always return success. Otherwise, we + * could change it to actually correct the checksum. + */ +int crc32_check (char * buf, int len) { + if (len < sizeof(uint32_t)) { return 0; } + uint32_t expected = *(uint32_t *)&buf[len - sizeof(uint32_t)]; + uint32_t calculated = crc32(buf, len - sizeof(uint32_t)); + return expected == calculated; +} + +/* + * So you've found a really boring bug in an earlier campaign which results in + * a NULL dereference or something like that. That bug can get in the way, + * causing the persistent loop to exit whenever it is triggered, and can also + * cloud your output unnecessarily. Again, we can use FRIDA to patch it out. + */ +void some_boring_bug(char c) { + switch (c) { + case 'A'...'Z': + case 'a'...'z': + __builtin_trap(); + break; + } +} + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (!crc32_check(buf, len)) return; + + some_boring_bug(buf[0]); + + if (buf[0] == '0') { + printf("Looks like a zero to me!\n"); + } + else if (buf[0] == '1') { + printf("Pretty sure that is a one!\n"); + } + else if (buf[0] == '2') { + if (buf[1] == '3') { + if (buf[2] == '4') { + printf("Oh we, weren't expecting that!"); + __builtin_trap(); + } + } + } + else + printf("Neither one or zero? How quaint!\n"); + +} + +int main(int argc, char **argv) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + printf("Running: %s\n", argv[1]); + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { return 1; } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { return 1; } + + if (lseek(fd, 0, SEEK_SET) != 0) { return 1; } + + buf = malloc(len); + if (buf == NULL) { return 1; } + + n_read = read(fd, buf, len); + if (n_read != len) { return 1; } + + printf("Running: %s: (%zd bytes)\n", argv[1], n_read); + + LLVMFuzzerTestOneInput(buf, len); + printf("Done: %s: (%zd bytes)\n", argv[1], n_read); + + return 0; +} +``` + +There are a couple of obstacles with our target application. Unlike when fuzzing +source code, though, we can't simply edit it and recompile it. The following +script shows how we can use the normal functionality of FRIDA to modify any +troublesome behaviour. + +```js +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +const main = DebugSymbol.fromName('main').address; +Afl.print(`main: ${main}`); +Afl.setEntryPoint(main); +Afl.setPersistentAddress(main); +Afl.setPersistentCount(10000000); + +const crc32_check = DebugSymbol.fromName('crc32_check').address; +const crc32_replacement = new NativeCallback( + (buf, len) => { + Afl.print(`len: ${len}`); + if (len < 4) { + return 0; + } + + return 1; + }, + 'int', + ['pointer', 'int']); +Interceptor.replace(crc32_check, crc32_replacement); + +const some_boring_bug = DebugSymbol.fromName('some_boring_bug').address +const boring_replacement = new NativeCallback( + (c) => { }, + 'void', + ['char']); +Interceptor.replace(some_boring_bug, boring_replacement); + +Afl.done(); +Afl.print("done"); +``` + +# Advanced Patching +Consider the following code fragment... +```c +extern void some_boring_bug2(char c); + +__asm__ ( + ".text \n" + "some_boring_bug2: \n" + ".global some_boring_bug2 \n" + ".type some_boring_bug2, @function \n" + "mov %edi, %eax \n" + "cmp $0xb4, %al \n" + "jne ok \n" + "ud2 \n" + "ok: \n" + "ret \n"); + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + ... + + some_boring_bug2(buf[0]); + + ... + +} +``` + +Rather than using FRIDAs `Interceptor.replace` or `Interceptor.attach` APIs, it +is possible to apply much more fine grained modification to the target +application by means of using the Stalker APIs. + +The following code locates the function of interest and patches out the UD2 +instruction signifying a crash. + +```js +/* Modify the instructions */ +const some_boring_bug2 = DebugSymbol.fromName('some_boring_bug2').address +const pid = Memory.alloc(4); +pid.writeInt(Process.id); + +const cm = new CModule(` + #include + #include + + typedef int pid_t; + + #define STDERR_FILENO 2 + #define BORING2_LEN 10 + + extern int dprintf(int fd, const char *format, ...); + extern void some_boring_bug2(char c); + extern pid_t getpid(void); + extern pid_t pid; + + gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output) + { + pid_t my_pid = getpid(); + GumX86Writer *cw = output->writer.x86; + + if (GUM_ADDRESS(insn->address) < GUM_ADDRESS(some_boring_bug2)) { + + return TRUE; + + } + + if (GUM_ADDRESS(insn->address) >= + GUM_ADDRESS(some_boring_bug2) + BORING2_LEN) { + + return TRUE; + + } + + if (my_pid == pid) { + + if (begin) { + + dprintf(STDERR_FILENO, "\n> 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } else { + + dprintf(STDERR_FILENO, " 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } + + } + + if (insn->id == X86_INS_UD2) { + + gum_x86_writer_put_nop(cw); + return FALSE; + + } else { + + return TRUE; + + } + } + `, + { + dprintf: Module.getExportByName(null, 'dprintf'), + getpid: Module.getExportByName(null, 'getpid'), + some_boring_bug2: some_boring_bug2, + pid: pid + }); +Afl.setStalkerCallback(cm.js_stalker_callback) +Afl.setStdErr("/tmp/stderr.txt"); +``` + +Note that you will more likely want to find the +patch address by using: + +```js +const module = Process.getModuleByName('target.exe'); +/* Hardcoded offset within the target image */ +const address = module.base.add(0xdeadface); +``` +OR +``` +const address = DebugSymbol.fromName("my_function").address.add(0xdeadface); +``` +OR +``` +const address = Module.getExportByName(null, "my_function").add(0xdeadface); +``` + +The function `js_stalker_callback` should return `TRUE` if the original +instruction should be emitted in the instrumented code, or `FALSE` otherwise. +In the example above, we can see it is replaced with a `NOP`. + +Lastly, note that the same callback will be called when compiling instrumented +code both in the child of the forkserver (as it is executed) and also in the +parent of the forserver (when prefetching is enabled) so that it can be +inherited by the next forked child. It is **VERY** important that the same +instructions be generated in both the parent and the child, or if prefetching is +disabled that the same instructions are generated every time the block is +compiled. Failure to do so will likely lead to bugs which are incredibly +difficult to diagnose. The code above only prints the instructions when running +in the parent process (the one provided by `Process.id` when the JS script is +executed). + # API ```js -/* - * Print a message to the STDOUT. This should be preferred to - * FRIDA's `console.log` since FRIDA will queue it's log messages. - * If `console.log` is used in a callback in particular, then there - * may no longer be a thread running to service this queue. - */ -Afl.print(msg); +class Afl { -/* - * This must always be called at the end of your script. This lets - * FRIDA mode know that your configuration is finished and that - * execution has reached the end of your script. Failure to call - * this will result in a fatal error. - */ -Afl.done(); + /** + * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode + * implementation). + */ + public static module: Module = Process.getModuleByName("afl-frida-trace.so"); -/* - * This function can be called within your script to cause FRIDA - * mode to trigger a fatal error. This is useful if for example you - * discover a problem you weren't expecting and want everything to - * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view - * this error message. - */ -Afl.error(); + /** + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ + public static addExcludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddExcludeRange(addressess, size); + } -/* - * This has the same effect as setting `AFL_ENTRYPOINT`, but has the - * convenience of allowing you to use FRIDAs APIs to determine the - * address you would like to configure, rather than having to grep - * the output of `readelf` or something similarly ugly. This - * function should be called with a `NativePointer` as its - * argument. - */ -Afl.setEntryPoint(address); + /** + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ + public static addIncludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddIncludeRange(addressess, size); + } -/* - * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a - * `NativePointer` should be provided as it's argument. - */ -Afl.setPersistentAddress(address); + /** + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ + public static done(): void { + Afl.jsApiDone(); + } -/* - * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a - * `NativePointer` should be provided as it's argument. - */ -Afl.setPersistentReturn(address); + /** + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ + public static error(msg: string): void { + const buf = Memory.allocUtf8String(msg); + Afl.jsApiError(buf); + } -/* - * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a - * `number` should be provided as it's argument. - */ -Afl.setPersistentCount(count); + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the length of + * fuzzing data when using in-memory test case fuzzing. + */ + public static getAflFuzzLen(): NativePointer { -/* - * See `AFL_FRIDA_PERSISTENT_DEBUG`. - */ -Afl.setPersistentDebug(); + return Afl.jsApiGetSymbol("__afl_fuzz_len"); + } -/* - * See `AFL_FRIDA_DEBUG_MAPS`. - */ -Afl.setDebugMaps(); + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the fuzzing + * data when using in-memory test case fuzzing. + */ + public static getAflFuzzPtr(): NativePointer { -/* - * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, - * it takes as arguments a `NativePointer` and a `number`. It can be - * called multiple times to include several ranges. - */ -Afl.addIncludedRange(address, size); + return Afl.jsApiGetSymbol("__afl_fuzz_ptr"); + } -/* - * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, - * it takes as arguments a `NativePointer` and a `number`. It can be - * called multiple times to exclude several ranges. - */ -Afl.addExcludedRange(address, size); + /** + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ + public static print(msg: string): void { + const STDOUT_FILENO = 2; + const log = `${msg}\n`; + const buf = Memory.allocUtf8String(log); + Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); + } -/* - * See `AFL_INST_LIBS`. - */ -Afl.setInstrumentLibraries(); + /** + * See `AFL_FRIDA_DEBUG_MAPS`. + */ + public static setDebugMaps(): void { + Afl.jsApiSetDebugMaps(); + } -/* - * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as - * an argument. - */ -Afl.setInstrumentDebugFile(file); + /** + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ + public static setEntryPoint(address: NativePointer): void { + Afl.jsApiSetEntryPoint(address); + } -/* - * See `AFL_FRIDA_INST_NO_PREFETCH`. - */ -Afl.setPrefetchDisable(); + /** + * Function used to enable in-memory test cases for fuzzing. + */ + public static setInMemoryFuzzing(): void { + Afl.jsApiAflSharedMemFuzzing.writeInt(1); + } -/* - * See `AFL_FRIDA_INST_NO_OPTIMIZE` - */ -Afl.setInstrumentNoOptimize(); + /** + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ + public static setInstrumentDebugFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetInstrumentDebugFile(buf); + } -/* - * See `AFL_FRIDA_INST_TRACE`. - */ -Afl.setInstrumentEnableTracing(); + /** + * See `AFL_FRIDA_INST_TRACE`. + */ + public static setInstrumentEnableTracing(): void { + Afl.jsApiSetInstrumentTrace(); + } -/* - * See `AFL_FRIDA_INST_TRACE_UNIQUE`. - */ -Afl.setInstrumentTracingUnique() + /** + * See `AFL_INST_LIBS`. + */ + public static setInstrumentLibraries(): void { + Afl.jsApiSetInstrumentLibraries(); + } -/* - * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as - * an argument. - */ -Afl.setStdOut(file); + /** + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ + public static setInstrumentNoOptimize(): void { + Afl.jsApiSetInstrumentNoOptimize(); + } -/* - * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as - * an argument. - */ -Afl.setStdErr(file); + /** + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ + public static setInstrumentTracingUnique(): void { + Afl.jsApiSetInstrumentTraceUnique(); + } -/* - * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as - * an argument. - */ -Afl.setStatsFile(file); + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentAddress(address: NativePointer): void { + Afl.jsApiSetPersistentAddress(address); + } -/* - * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an - * argument - */ -Afl.setStatsInterval(interval); + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ + public static setPersistentCount(count: number): void { + Afl.jsApiSetPersistentCount(count); + } + + /** + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ + public static setPersistentDebug(): void { + Afl.jsApiSetPersistentDebug(); + } + + /** + * See `AFL_FRIDA_PERSISTENT_ADDR`. This function takes a NativePointer as an + * argument. See above for examples of use. + */ + public static setPersistentHook(address: NativePointer): void { + Afl.jsApiSetPersistentHook(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentReturn(address: NativePointer): void { + Afl.jsApiSetPersistentReturn(address); + } + + /** + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ + public static setPrefetchDisable(): void { + Afl.jsApiSetPrefetchDisable(); + } + + /* + * Set a function to be called for each instruction which is instrumented + * by AFL FRIDA mode. + */ + public static setStalkerCallback(callback: NativePointer): void { + Afl.jsApiSetStalkerCallback(callback); + } + + /** + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ + public static setStatsFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStatsFile(buf); + } + + /** + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ + public static setStatsInterval(interval: number): void { + Afl.jsApiSetStatsInterval(interval); + } + + /** + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ + public static setStatsTransitions(): void { + Afl.jsApiSetStatsTransitions(); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ + public static setStdErr(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdErr(buf); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ + public static setStdOut(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdOut(buf); + } + +} -/* - * See `AFL_FRIDA_STATS_TRANSITIONS` - */ -Afl.setStatsTransitions() ``` diff --git a/frida_mode/hook/hook.c b/frida_mode/hook/hook.c new file mode 100644 index 00000000..7d08101f --- /dev/null +++ b/frida_mode/hook/hook.c @@ -0,0 +1,50 @@ +#include +#include + +#include "frida-gumjs.h" + +#if defined(__x86_64__) + +void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[0]; + void **arg2 = &esp[1]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#elif defined(__aarch64__) + +void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->x[0], input_buf, input_buf_len); + regs->x[1] = input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/include/js.h b/frida_mode/include/js.h index 77237d55..a5ecb712 100644 --- a/frida_mode/include/js.h +++ b/frida_mode/include/js.h @@ -3,10 +3,15 @@ #include "frida-gumjs.h" +typedef gboolean (*js_api_stalker_callback_t)(const cs_insn *insn, + gboolean begin, gboolean excluded, + GumStalkerOutput *output); + extern unsigned char api_js[]; extern unsigned int api_js_len; -extern gboolean js_done; +extern gboolean js_done; +extern js_api_stalker_callback_t js_user_callback; /* Frida Mode */ @@ -14,5 +19,8 @@ void js_config(void); void js_start(void); +gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output); + #endif diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index 186d5098..e95b923b 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -13,6 +13,7 @@ guint64 entry_point = 0; static void entry_launch(void) { + OKF("Entry point reached"); __afl_manual_init(); /* Child here */ diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index d6ae505d..2a217d96 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -11,6 +11,7 @@ #include "entry.h" #include "frida_cmplog.h" #include "instrument.h" +#include "js.h" #include "persistent.h" #include "prefetch.h" #include "ranges.h" @@ -165,8 +166,6 @@ static void instrument_basic_block(GumStalkerIterator *iterator, } - begin = FALSE; - } instrument_debug_instruction(instr->address, instr->size); @@ -178,7 +177,13 @@ static void instrument_basic_block(GumStalkerIterator *iterator, } - gum_stalker_iterator_keep(iterator); + if (js_stalker_callback(instr, begin, excluded, output)) { + + gum_stalker_iterator_keep(iterator); + + } + + begin = FALSE; } diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index 983f1efa..4cb04704 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -1,201 +1,243 @@ -const write = new NativeFunction( - Module.getExportByName(null, 'write'), - 'int', - ['int', 'pointer', 'int'] -); - -const afl_frida_trace = Process.findModuleByName('afl-frida-trace.so'); - -function get_api(name, ret, args) { - const addr = afl_frida_trace.findExportByName(name); - return new NativeFunction(addr, ret, args); -} - -const js_api_done = get_api( - 'js_api_done', - 'void', - []); - -const js_api_error = get_api( - 'js_api_error', - 'void', - ['pointer']); - -const js_api_set_entrypoint = get_api( - 'js_api_set_entrypoint', - 'void', - ['pointer']); - -const js_api_set_persistent_address = get_api( - 'js_api_set_persistent_address', - 'void', - ['pointer']); - -const js_api_set_persistent_return = get_api( - 'js_api_set_persistent_return', - 'void', - ['pointer']); - -const js_api_set_persistent_count = get_api( - 'js_api_set_persistent_count', - 'void', - ['uint64']); - -const js_api_set_persistent_debug = get_api( - 'js_api_set_persistent_debug', - 'void', - []); - -const js_api_set_debug_maps = get_api( - 'js_api_set_debug_maps', - 'void', - []); - -const js_api_add_include_range = get_api( - 'js_api_add_include_range', - 'void', - ['pointer', 'size_t']); - -const js_api_add_exclude_range = get_api( - 'js_api_add_exclude_range', - 'void', - ['pointer', 'size_t']); - -const js_api_set_instrument_libraries = get_api( - 'js_api_set_instrument_libraries', - 'void', - []); - -const js_api_set_instrument_debug_file = get_api( - 'js_api_set_instrument_debug_file', - 'void', - ['pointer']); - -const js_api_set_prefetch_disable = get_api( - 'js_api_set_prefetch_disable', - 'void', - []); - -const js_api_set_instrument_no_optimize = get_api( - 'js_api_set_instrument_no_optimize', - 'void', - []); - -const js_api_set_instrument_trace = get_api( - 'js_api_set_instrument_trace', - 'void', - []); - -const js_api_set_instrument_trace_unique = get_api( - 'js_api_set_instrument_trace_unique', - 'void', - []); - -const js_api_set_stdout = get_api( - 'js_api_set_stdout', - 'void', - ['pointer']); - -const js_api_set_stderr = get_api( - 'js_api_set_stderr', - 'void', - ['pointer']); - -const js_api_set_stats_file = get_api( - 'js_api_set_stats_file', - 'void', - ['pointer']); - -const js_api_set_stats_interval = get_api( - 'js_api_set_stats_interval', - 'void', - ['uint64']); - -const js_api_set_stats_transitions = get_api( - 'js_api_set_stats_transitions', - 'void', - []); - -const afl = { - print: function (msg) { +"use strict"; +class Afl { + /** + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ + static addExcludedRange(addressess, size) { + Afl.jsApiAddExcludeRange(addressess, size); + } + /** + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ + static addIncludedRange(addressess, size) { + Afl.jsApiAddIncludeRange(addressess, size); + } + /** + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ + static done() { + Afl.jsApiDone(); + } + /** + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ + static error(msg) { + const buf = Memory.allocUtf8String(msg); + Afl.jsApiError(buf); + } + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the length of + * fuzzing data when using in-memory test case fuzzing. + */ + static getAflFuzzLen() { + return Afl.jsApiGetSymbol("__afl_fuzz_len"); + } + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the fuzzing + * data when using in-memory test case fuzzing. + */ + static getAflFuzzPtr() { + return Afl.jsApiGetSymbol("__afl_fuzz_ptr"); + } + /** + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ + static print(msg) { const STDOUT_FILENO = 2; const log = `${msg}\n`; const buf = Memory.allocUtf8String(log); - write(STDOUT_FILENO, buf, log.length); - }, - done: function() { - js_api_done(); - }, - error: function(msg) { - const buf = Memory.allocUtf8String(msg); - js_api_error(buf); - }, - setEntryPoint: function(addr) { - js_api_set_entrypoint(addr); - }, - setPersistentAddress: function(addr) { - js_api_set_persistent_address(addr); - }, - setPersistentReturn: function(addr) { - js_api_set_persistent_return(addr); - }, - setPersistentCount: function(addr) { - js_api_set_persistent_count(addr); - }, - setPersistentDebug: function() { - js_api_set_persistent_debug(); - }, - setDebugMaps: function() { - js_api_set_debug_maps(); - }, - addIncludedRange: function(address, size) { - js_api_add_include_range(address, size); - }, - addExcludedRange: function(address, size) { - js_api_add_exclude_range(address, size); - }, - setInstrumentLibraries: function() { - js_api_set_instrument_libraries(); - }, - setInstrumentDebugFile: function(file) { - const buf = Memory.allocUtf8String(file); - js_api_set_instrument_debug_file(buf) - }, - setPrefetchDisable: function() { - js_api_set_prefetch_disable(); - }, - setInstrumentNoOptimize: function() { - js_api_set_instrument_no_optimize(); - }, - setInstrumentEnableTracing: function() { - js_api_set_instrument_trace(); - }, - setInstrumentTracingUnique: function() { - js_api_set_instrument_trace_unique(); - }, - setStdOut: function(file) { - const buf = Memory.allocUtf8String(file); - js_api_set_stdout(buf) - }, - setStdErr: function(file) { - const buf = Memory.allocUtf8String(file); - js_api_set_stderr(buf) - }, - setStatsFile: function(file) { - const buf = Memory.allocUtf8String(file); - js_api_set_stats_file(buf) - }, - setStatsInterval: function(interval) { - js_api_set_stats_interval(interval); - }, - setStatsTransitions: function() { - js_api_set_stats_transitions(); + Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); } - -}; - -Object.defineProperty(global, 'Afl', {value: afl, writeable: false}); - -//////////////////////////////////////////////////////////////////////////////// -// END OF API // -//////////////////////////////////////////////////////////////////////////////// + /** + * See `AFL_FRIDA_DEBUG_MAPS`. + */ + static setDebugMaps() { + Afl.jsApiSetDebugMaps(); + } + /** + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ + static setEntryPoint(address) { + Afl.jsApiSetEntryPoint(address); + } + /** + * Function used to enable in-memory test cases for fuzzing. + */ + static setInMemoryFuzzing() { + Afl.jsApiAflSharedMemFuzzing.writeInt(1); + } + /** + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ + static setInstrumentDebugFile(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetInstrumentDebugFile(buf); + } + /** + * See `AFL_FRIDA_INST_TRACE`. + */ + static setInstrumentEnableTracing() { + Afl.jsApiSetInstrumentTrace(); + } + /** + * See `AFL_INST_LIBS`. + */ + static setInstrumentLibraries() { + Afl.jsApiSetInstrumentLibraries(); + } + /** + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ + static setInstrumentNoOptimize() { + Afl.jsApiSetInstrumentNoOptimize(); + } + /** + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ + static setInstrumentTracingUnique() { + Afl.jsApiSetInstrumentTraceUnique(); + } + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ + static setPersistentAddress(address) { + Afl.jsApiSetPersistentAddress(address); + } + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ + static setPersistentCount(count) { + Afl.jsApiSetPersistentCount(count); + } + /** + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ + static setPersistentDebug() { + Afl.jsApiSetPersistentDebug(); + } + /** + * See `AFL_FRIDA_PERSISTENT_ADDR`. This function takes a NativePointer as an + * argument. See above for examples of use. + */ + static setPersistentHook(address) { + Afl.jsApiSetPersistentHook(address); + } + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ + static setPersistentReturn(address) { + Afl.jsApiSetPersistentReturn(address); + } + /** + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ + static setPrefetchDisable() { + Afl.jsApiSetPrefetchDisable(); + } + /* + * Set a function to be called for each instruction which is instrumented + * by AFL FRIDA mode. + */ + static setStalkerCallback(callback) { + Afl.jsApiSetStalkerCallback(callback); + } + /** + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ + static setStatsFile(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStatsFile(buf); + } + /** + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ + static setStatsInterval(interval) { + Afl.jsApiSetStatsInterval(interval); + } + /** + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ + static setStatsTransitions() { + Afl.jsApiSetStatsTransitions(); + } + /** + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ + static setStdErr(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdErr(buf); + } + /** + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ + static setStdOut(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdOut(buf); + } + static jsApiGetFunction(name, retType, argTypes) { + const addr = Afl.module.getExportByName(name); + return new NativeFunction(addr, retType, argTypes); + } + static jsApiGetSymbol(name) { + return Afl.module.getExportByName(name); + } +} +/** + * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode + * implementation). + */ +Afl.module = Process.getModuleByName("afl-frida-trace.so"); +Afl.jsApiAddExcludeRange = Afl.jsApiGetFunction("js_api_add_exclude_range", "void", ["pointer", "size_t"]); +Afl.jsApiAddIncludeRange = Afl.jsApiGetFunction("js_api_add_include_range", "void", ["pointer", "size_t"]); +Afl.jsApiAflSharedMemFuzzing = Afl.jsApiGetSymbol("__afl_sharedmem_fuzzing"); +Afl.jsApiDone = Afl.jsApiGetFunction("js_api_done", "void", []); +Afl.jsApiError = Afl.jsApiGetFunction("js_api_error", "void", ["pointer"]); +Afl.jsApiSetDebugMaps = Afl.jsApiGetFunction("js_api_set_debug_maps", "void", []); +Afl.jsApiSetEntryPoint = Afl.jsApiGetFunction("js_api_set_entrypoint", "void", ["pointer"]); +Afl.jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction("js_api_set_instrument_debug_file", "void", ["pointer"]); +Afl.jsApiSetInstrumentLibraries = Afl.jsApiGetFunction("js_api_set_instrument_libraries", "void", []); +Afl.jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction("js_api_set_instrument_no_optimize", "void", []); +Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []); +Afl.jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction("js_api_set_instrument_trace_unique", "void", []); +Afl.jsApiSetPersistentAddress = Afl.jsApiGetFunction("js_api_set_persistent_address", "void", ["pointer"]); +Afl.jsApiSetPersistentCount = Afl.jsApiGetFunction("js_api_set_persistent_count", "void", ["uint64"]); +Afl.jsApiSetPersistentDebug = Afl.jsApiGetFunction("js_api_set_persistent_debug", "void", []); +Afl.jsApiSetPersistentHook = Afl.jsApiGetFunction("js_api_set_persistent_hook", "void", ["pointer"]); +Afl.jsApiSetPersistentReturn = Afl.jsApiGetFunction("js_api_set_persistent_return", "void", ["pointer"]); +Afl.jsApiSetPrefetchDisable = Afl.jsApiGetFunction("js_api_set_prefetch_disable", "void", []); +Afl.jsApiSetStalkerCallback = Afl.jsApiGetFunction("js_api_set_stalker_callback", "void", ["pointer"]); +Afl.jsApiSetStatsFile = Afl.jsApiGetFunction("js_api_set_stats_file", "void", ["pointer"]); +Afl.jsApiSetStatsInterval = Afl.jsApiGetFunction("js_api_set_stats_interval", "void", ["uint64"]); +Afl.jsApiSetStatsTransitions = Afl.jsApiGetFunction("js_api_set_stats_transitions", "void", []); +Afl.jsApiSetStdErr = Afl.jsApiGetFunction("js_api_set_stderr", "void", ["pointer"]); +Afl.jsApiSetStdOut = Afl.jsApiGetFunction("js_api_set_stdout", "void", ["pointer"]); +Afl.jsApiWrite = new NativeFunction( +/* tslint:disable-next-line:no-null-keyword */ +Module.getExportByName(null, "write"), "int", ["int", "pointer", "int"]); diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index 79e716ad..ed378d2c 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -5,8 +5,9 @@ #include "js.h" #include "util.h" -static char *js_script = NULL; -gboolean js_done = FALSE; +static char * js_script = NULL; +gboolean js_done = FALSE; +js_api_stalker_callback_t js_user_callback = NULL; static gchar * filename = "afl.js"; static gchar * contents; @@ -111,3 +112,11 @@ void js_start(void) { } +gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output) { + + if (js_user_callback == NULL) { return TRUE; } + return js_user_callback(insn, begin, excluded, output); + +} + diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index 018c0b9a..91dccab2 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -138,5 +138,15 @@ void js_api_set_stats_transitions() { } -// "AFL_FRIDA_PERSISTENT_HOOK", +void js_api_set_persistent_hook(void *address) { + + persistent_hook = address; + +} + +void js_api_set_stalker_callback(const js_api_stalker_callback_t callback) { + + js_user_callback = callback; + +} diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index e3e0b0ca..bcc59ea7 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -47,19 +47,6 @@ void persistent_config(void) { } -} - -void persistent_init(void) { - - OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)", - persistent_start == 0 ? ' ' : 'X', persistent_start); - OKF("Instrumentation - persistent count [%c] (%" G_GINT64_MODIFIER "d)", - persistent_start == 0 ? ' ' : 'X', persistent_count); - OKF("Instrumentation - hook [%s]", hook_name); - - OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", - persistent_ret == 0 ? ' ' : 'X', persistent_ret); - if (hook_name == NULL) { return; } void *hook_obj = dlopen(hook_name, RTLD_NOW); @@ -79,7 +66,20 @@ void persistent_init(void) { if (persistent_hook == NULL) FATAL("Failed to find afl_persistent_hook in %s", hook_name); - __afl_sharedmem_fuzzing = 1; +} + +void persistent_init(void) { + + OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)", + persistent_start == 0 ? ' ' : 'X', persistent_start); + OKF("Instrumentation - persistent count [%c] (%" G_GINT64_MODIFIER "d)", + persistent_start == 0 ? ' ' : 'X', persistent_count); + OKF("Instrumentation - hook [%s]", hook_name); + + OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", + persistent_ret == 0 ? ' ' : 'X', persistent_ret); + + if (persistent_hook != NULL) { __afl_sharedmem_fuzzing = 1; } } diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index e618fbac..003f058a 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -9,99 +9,15 @@ #include "util.h" #if defined(__aarch64__) +typedef struct { -struct arm64_regs { + GumCpuContext ctx; + uint64_t rflags; - uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; +} persistent_ctx_t; - union { - - uint64_t x11; - uint32_t fp_32; - - }; - - union { - - uint64_t x12; - uint32_t ip_32; - - }; - - union { - - uint64_t x13; - uint32_t sp_32; - - }; - - union { - - uint64_t x14; - uint32_t lr_32; - - }; - - union { - - uint64_t x15; - uint32_t pc_32; - - }; - - union { - - uint64_t x16; - uint64_t ip0; - - }; - - union { - - uint64_t x17; - uint64_t ip1; - - }; - - uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; - - union { - - uint64_t x29; - uint64_t fp; - - }; - - union { - - uint64_t x30; - uint64_t lr; - - }; - - union { - - uint64_t x31; - uint64_t sp; - - }; - - // the zero register is not saved here ofc - - uint64_t pc; - - uint32_t cpsr; - - uint8_t vfp_zregs[32][16 * 16]; - uint8_t vfp_pregs[17][32]; - uint32_t vfp_xregs[16]; - -}; - -typedef struct arm64_regs arch_api_regs; - -static arch_api_regs saved_regs = {0}; -static gpointer saved_lr = NULL; +static persistent_ctx_t saved_regs = {0}; +static gpointer saved_lr = NULL; gboolean persistent_is_supported(void) { @@ -109,8 +25,8 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumArm64Writer * cw, - struct arm64_regs *regs) { +static void instrument_persitent_save_regs(GumArm64Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); const guint32 mrs_x1_nzcv = 0xd53b4201; @@ -129,83 +45,87 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, /* Skip x0 & x1 we'll do that later */ - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, - ARM64_REG_X0, (16 * 1), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, - ARM64_REG_X0, (16 * 2), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, - ARM64_REG_X0, (16 * 3), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, - ARM64_REG_X0, (16 * 4), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, - ARM64_REG_X0, (16 * 5), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, - ARM64_REG_X0, (16 * 6), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, - ARM64_REG_X0, (16 * 7), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, - ARM64_REG_X0, (16 * 8), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, - ARM64_REG_X0, (16 * 9), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, - ARM64_REG_X0, (16 * 10), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, - ARM64_REG_X0, (16 * 11), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, - ARM64_REG_X0, (16 * 12), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, - ARM64_REG_X0, (16 * 13), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, - ARM64_REG_X0, (16 * 14), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, + offsetof(GumCpuContext, x[2]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X4, ARM64_REG_X5, ARM64_REG_X0, + offsetof(GumCpuContext, x[4]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X6, ARM64_REG_X7, ARM64_REG_X0, + offsetof(GumCpuContext, x[6]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X8, ARM64_REG_X9, ARM64_REG_X0, + offsetof(GumCpuContext, x[8]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X10, ARM64_REG_X11, ARM64_REG_X0, + offsetof(GumCpuContext, x[10]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X12, ARM64_REG_X13, ARM64_REG_X0, + offsetof(GumCpuContext, x[12]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X14, ARM64_REG_X15, ARM64_REG_X0, + offsetof(GumCpuContext, x[14]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X16, ARM64_REG_X17, ARM64_REG_X0, + offsetof(GumCpuContext, x[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X18, ARM64_REG_X19, ARM64_REG_X0, + offsetof(GumCpuContext, x[18]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X20, ARM64_REG_X21, ARM64_REG_X0, + offsetof(GumCpuContext, x[20]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X22, ARM64_REG_X23, ARM64_REG_X0, + offsetof(GumCpuContext, x[22]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X24, ARM64_REG_X25, ARM64_REG_X0, + offsetof(GumCpuContext, x[24]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X26, ARM64_REG_X27, ARM64_REG_X0, + offsetof(GumCpuContext, x[26]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X28, ARM64_REG_X29, ARM64_REG_X0, + offsetof(GumCpuContext, x[28]), GUM_INDEX_SIGNED_OFFSET); - /* LR & Adjusted SP */ - gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_X2, ARM64_REG_SP, - (GUM_RED_ZONE_SIZE + 32)); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X2, - ARM64_REG_X0, (16 * 15), - GUM_INDEX_SIGNED_OFFSET); + /* LR (x30) */ + gum_arm64_writer_put_str_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X0, + offsetof(GumCpuContext, x[30])); - /* PC & CPSR */ + /* PC & Adjusted SP (31) */ gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, GUM_ADDRESS(persistent_start)); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, - ARM64_REG_X0, (16 * 16), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_X3, ARM64_REG_SP, + (GUM_RED_ZONE_SIZE + 32)); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, offsetof(GumCpuContext, pc), + GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, - ARM64_REG_X0, (16 * 17), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, - ARM64_REG_X0, (16 * 18), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, - ARM64_REG_X0, (16 * 19), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, - ARM64_REG_X0, (16 * 20), - GUM_INDEX_SIGNED_OFFSET); + /* CPSR */ + gum_arm64_writer_put_str_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X0, + offsetof(persistent_ctx_t, rflags)); + + /* Q */ + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, + offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, + offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, + offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, + offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); /* x0 & x1 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_SP, 16, GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, - ARM64_REG_X0, (16 * 0), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, + offsetof(GumCpuContext, x[0]), GUM_INDEX_SIGNED_OFFSET); /* Pop the saved values */ gum_arm64_writer_put_ldp_reg_reg_reg_offset( @@ -217,8 +137,8 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, } -static void instrument_persitent_restore_regs(GumArm64Writer * cw, - struct arm64_regs *regs) { +static void instrument_persitent_restore_regs(GumArm64Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); const guint32 msr_nzcv_x1 = 0xd51b4201; @@ -228,82 +148,81 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, /* Skip x0 - x3 we'll do that last */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, - ARM64_REG_X0, (16 * 2), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, - ARM64_REG_X0, (16 * 3), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, - ARM64_REG_X0, (16 * 4), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, - ARM64_REG_X0, (16 * 5), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, - ARM64_REG_X0, (16 * 6), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, - ARM64_REG_X0, (16 * 7), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, - ARM64_REG_X0, (16 * 8), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, - ARM64_REG_X0, (16 * 9), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, - ARM64_REG_X0, (16 * 10), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, - ARM64_REG_X0, (16 * 11), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, - ARM64_REG_X0, (16 * 12), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, - ARM64_REG_X0, (16 * 13), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, - ARM64_REG_X0, (16 * 14), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X4, ARM64_REG_X5, ARM64_REG_X0, + offsetof(GumCpuContext, x[4]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X6, ARM64_REG_X7, ARM64_REG_X0, + offsetof(GumCpuContext, x[6]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X8, ARM64_REG_X9, ARM64_REG_X0, + offsetof(GumCpuContext, x[8]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X10, ARM64_REG_X11, ARM64_REG_X0, + offsetof(GumCpuContext, x[10]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X12, ARM64_REG_X13, ARM64_REG_X0, + offsetof(GumCpuContext, x[12]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X14, ARM64_REG_X15, ARM64_REG_X0, + offsetof(GumCpuContext, x[14]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X16, ARM64_REG_X17, ARM64_REG_X0, + offsetof(GumCpuContext, x[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X18, ARM64_REG_X19, ARM64_REG_X0, + offsetof(GumCpuContext, x[18]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X20, ARM64_REG_X21, ARM64_REG_X0, + offsetof(GumCpuContext, x[20]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X22, ARM64_REG_X23, ARM64_REG_X0, + offsetof(GumCpuContext, x[22]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X24, ARM64_REG_X25, ARM64_REG_X0, + offsetof(GumCpuContext, x[24]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X26, ARM64_REG_X27, ARM64_REG_X0, + offsetof(GumCpuContext, x[26]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X28, ARM64_REG_X29, ARM64_REG_X0, + offsetof(GumCpuContext, x[28]), GUM_INDEX_SIGNED_OFFSET); - /* LR & Adjusted SP (use x1 as clobber) */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X1, - ARM64_REG_X0, (16 * 15), - GUM_INDEX_SIGNED_OFFSET); + /* LR (x30) */ + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X0, + offsetof(GumCpuContext, x[30])); + /* Adjusted SP (31) (use x1 as clobber)*/ + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X0, + offsetof(GumCpuContext, sp)); gum_arm64_writer_put_mov_reg_reg(cw, ARM64_REG_SP, ARM64_REG_X1); - /* Don't restore RIP use x1-x3 as clobber */ - - /* PC (x2) & CPSR (x1) */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, - ARM64_REG_X0, (16 * 16), - GUM_INDEX_SIGNED_OFFSET); + /* CPSR */ + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X0, + offsetof(persistent_ctx_t, rflags)); gum_arm64_writer_put_instruction(cw, msr_nzcv_x1); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, - ARM64_REG_X0, (16 * 17), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, - ARM64_REG_X0, (16 * 18), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, - ARM64_REG_X0, (16 * 19), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, - ARM64_REG_X0, (16 * 20), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, + offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, + offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, + offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, + offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); /* x2 & x3 */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, - ARM64_REG_X0, (16 * 1), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, + offsetof(GumCpuContext, x[2]), GUM_INDEX_SIGNED_OFFSET); /* x0 & x1 */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X0, ARM64_REG_X1, - ARM64_REG_X0, (16 * 0), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_X0, + offsetof(GumCpuContext, x[0]), GUM_INDEX_SIGNED_OFFSET); } @@ -334,29 +253,29 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) { } -static void persistent_prologue_hook(GumArm64Writer * cw, - struct arm64_regs *regs) { +static void persistent_prologue_hook(GumArm64Writer * cw, + persistent_ctx_t *regs) { if (persistent_hook == NULL) return; gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, GUM_RED_ZONE_SIZE); - gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X3, - GUM_ADDRESS(&__afl_fuzz_len)); - gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); - gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); - - gum_arm64_writer_put_and_reg_reg_imm(cw, ARM64_REG_X3, ARM64_REG_X3, - G_MAXULONG); - gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, - GUM_ADDRESS(&__afl_fuzz_ptr)); + GUM_ADDRESS(&__afl_fuzz_len)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); + gum_arm64_writer_put_and_reg_reg_imm(cw, ARM64_REG_X2, ARM64_REG_X2, + G_MAXULONG); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X1, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X1, 0); + gum_arm64_writer_put_call_address_with_arguments( - cw, GUM_ADDRESS(persistent_hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), - GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, ARM64_REG_X2, - GUM_ARG_REGISTER, ARM64_REG_X3); + cw, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, ARM64_REG_X1, GUM_ARG_REGISTER, + ARM64_REG_X2); gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, GUM_RED_ZONE_SIZE); @@ -406,6 +325,8 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; + OKF("Persistent loop reached"); + instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index a91abc1c..b2186db1 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -10,40 +10,15 @@ #if defined(__x86_64__) -struct x86_64_regs { +typedef struct { - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; + GumCpuContext ctx; + uint64_t rflags; - union { +} persistent_ctx_t; - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -typedef struct x86_64_regs arch_api_regs; - -static arch_api_regs saved_regs = {0}; -static gpointer saved_ret = NULL; +static persistent_ctx_t saved_regs = {0}; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -51,8 +26,8 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, - struct x86_64_regs *regs) { +static void instrument_persitent_save_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, @@ -64,41 +39,41 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 1), - GUM_REG_RBX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 2), - GUM_REG_RCX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 3), - GUM_REG_RDX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 4), - GUM_REG_RDI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 5), - GUM_REG_RSI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 6), - GUM_REG_RBP); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 7), - GUM_REG_R8); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 8), - GUM_REG_R9); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 9), - GUM_REG_R10); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 10), - GUM_REG_R11); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 11), - GUM_REG_R12); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 12), - GUM_REG_R13); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 13), - GUM_REG_R14); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 14), - GUM_REG_R15); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rbx), GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rcx), GUM_REG_RCX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rdx), GUM_REG_RDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rdi), GUM_REG_RDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rsi), GUM_REG_RSI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rbp), GUM_REG_RBP); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r8), GUM_REG_R8); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r9), GUM_REG_R9); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r10), GUM_REG_R10); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r11), GUM_REG_R11); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r12), GUM_REG_R12); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r13), GUM_REG_R13); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r14), GUM_REG_R14); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r15), GUM_REG_R15); /* Store RIP */ gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX, GUM_ADDRESS(persistent_start)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 15), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rip), GUM_REG_RBX); /* Store adjusted RSP */ gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP); @@ -106,18 +81,18 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, /* RED_ZONE + Saved flags, RAX, alignment */ gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, GUM_RED_ZONE_SIZE + (0x8 * 2)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 16), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rsp), GUM_REG_RBX); /* Save the flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 17), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(persistent_ctx_t, rflags), GUM_REG_RBX); /* Save the RAX */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 0), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rax), GUM_REG_RBX); /* Pop the saved values */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10); @@ -127,56 +102,56 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, } -static void instrument_persitent_restore_regs(GumX86Writer * cw, - struct x86_64_regs *regs) { +static void instrument_persitent_restore_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX, - (0x8 * 2)); + offsetof(GumCpuContext, rcx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX, - (0x8 * 3)); + offsetof(GumCpuContext, rdx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX, - (0x8 * 4)); + offsetof(GumCpuContext, rdi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX, - (0x8 * 5)); + offsetof(GumCpuContext, rsi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX, - (0x8 * 6)); + offsetof(GumCpuContext, rbp)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX, - (0x8 * 7)); + offsetof(GumCpuContext, r8)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX, - (0x8 * 8)); + offsetof(GumCpuContext, r9)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX, - (0x8 * 9)); + offsetof(GumCpuContext, r10)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX, - (0x8 * 10)); + offsetof(GumCpuContext, r11)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX, - (0x8 * 11)); + offsetof(GumCpuContext, r12)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX, - (0x8 * 12)); + offsetof(GumCpuContext, r13)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX, - (0x8 * 13)); + offsetof(GumCpuContext, r14)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, - (0x8 * 14)); + offsetof(GumCpuContext, r15)); /* Don't restore RIP */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX, - (0x8 * 16)); + offsetof(GumCpuContext, rsp)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, - (0x8 * 1)); + offsetof(GumCpuContext, rbx)); gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, - (0x8 * 0)); + offsetof(GumCpuContext, rax)); gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, - (0x8 * 17)); + offsetof(persistent_ctx_t, rflags)); gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); gum_x86_writer_put_popfx(cw); @@ -217,28 +192,27 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { } -static void persistent_prologue_hook(GumX86Writer * cw, - struct x86_64_regs *regs) { +static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RCX, - GUM_ADDRESS(&__afl_fuzz_len)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); - gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RCX, GUM_REG_RDI); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX, - GUM_ADDRESS(&__afl_fuzz_ptr)); + GUM_ADDRESS(&__afl_fuzz_len)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); + gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); + gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RDX, GUM_REG_RDI); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RSI, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RSI, 0); gum_x86_writer_put_call_address_with_arguments( - cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 4, GUM_ARG_ADDRESS, - GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, - GUM_REG_RDX, GUM_ARG_REGISTER, GUM_REG_RCX); + cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_RSI, GUM_ARG_REGISTER, + GUM_REG_RDX); gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (GUM_RED_ZONE_SIZE)); @@ -296,6 +270,8 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; + OKF("Persistent loop reached"); + /* Pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 1d01d8e4..f50bccb0 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -1,45 +1,23 @@ #include "frida-gumjs.h" #include "config.h" +#include "debug.h" #include "instrument.h" #include "persistent.h" #if defined(__i386__) -struct x86_regs { +typedef struct { - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + GumCpuContext ctx; + uint32_t eflags; - union { +} persistent_ctx_t; - uint32_t eip; - uint32_t pc; +static persistent_ctx_t saved_regs = {0}; - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -typedef struct x86_regs arch_api_regs; - -static arch_api_regs saved_regs = {0}; -static gpointer saved_ret = NULL; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -47,8 +25,8 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, - struct x86_regs *regs) { +static void instrument_persitent_save_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -58,80 +36,80 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 1), - GUM_REG_EBX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 2), - GUM_REG_ECX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 3), - GUM_REG_EDX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 4), - GUM_REG_EDI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 5), - GUM_REG_ESI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 6), - GUM_REG_EBP); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, ebx), GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, ecx), GUM_REG_ECX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, edx), GUM_REG_EDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, edi), GUM_REG_EDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, esi), GUM_REG_ESI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, ebp), GUM_REG_EBP); /* Store RIP */ gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX, GUM_ADDRESS(persistent_start)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 7), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, eip), GUM_REG_EBX); /* Store adjusted RSP */ gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP); /* RED_ZONE + Saved flags, RAX */ gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 8), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, esp), GUM_REG_EBX); /* Save the flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 9), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(persistent_ctx_t, eflags), GUM_REG_EBX); /* Save the RAX */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 0), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, eax), GUM_REG_EBX); /* Pop the saved values */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8); } -static void instrument_persitent_restore_regs(GumX86Writer * cw, - struct x86_regs *regs) { +static void instrument_persitent_restore_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX, - (0x4 * 2)); + offsetof(GumCpuContext, ecx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX, - (0x4 * 3)); + offsetof(GumCpuContext, edx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX, - (0x4 * 4)); + offsetof(GumCpuContext, edi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX, - (0x4 * 5)); + offsetof(GumCpuContext, esi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, - (0x4 * 6)); + offsetof(GumCpuContext, ebp)); /* Don't restore RIP */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX, - (0x4 * 8)); + offsetof(GumCpuContext, esp)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, - (0x4 * 1)); + offsetof(GumCpuContext, ebx)); gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, - (0x4 * 0)); + offsetof(GumCpuContext, eax)); gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, - (0x4 * 9)); + offsetof(persistent_ctx_t, eflags)); gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); gum_x86_writer_put_popfx(cw); @@ -165,7 +143,7 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { } -static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { +static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { if (persistent_hook == NULL) return; @@ -180,9 +158,8 @@ static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { /* Base address is 64-bits (hence two zero arguments) */ gum_x86_writer_put_call_address_with_arguments( - cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 5, GUM_ARG_ADDRESS, - GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, - GUM_ADDRESS(0), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, + cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, GUM_REG_ECX); } @@ -233,6 +210,8 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; + OKF("Persistent loop reached"); + /* Pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4); diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile index 689fce3d..e3a8f321 100644 --- a/frida_mode/test/jpeg/GNUmakefile +++ b/frida_mode/test/jpeg/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so LIBJPEG_BUILD_DIR:=$(BUILD_DIR)libjpeg/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -118,11 +117,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(JPEGTEST_OBJ) $(LIBJPEG_LIB) $(LDFLAGS) \ $(TEST_BIN_LDFLAGS) \ -########## HOOK ######## - -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ - ########## DUMMY ####### $(TEST_DATA_DIR): | $(BUILD_DIR) @@ -133,8 +127,6 @@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR) ###### TEST DATA ####### -hook: $(AFLPP_DRIVER_HOOK_OBJ) - clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/jpeg/Makefile b/frida_mode/test/jpeg/Makefile index 863438cf..7a237f99 100644 --- a/frida_mode/test/jpeg/Makefile +++ b/frida_mode/test/jpeg/Makefile @@ -14,6 +14,3 @@ frida: debug: @gmake debug - -hook: - @gmake hook diff --git a/frida_mode/test/jpeg/aflpp_qemu_driver_hook.c b/frida_mode/test/jpeg/aflpp_qemu_driver_hook.c deleted file mode 100644 index 059d438d..00000000 --- a/frida_mode/test/jpeg/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/test/js/GNUmakefile b/frida_mode/test/js/GNUmakefile index 8ea71656..af40c1c4 100644 --- a/frida_mode/test/js/GNUmakefile +++ b/frida_mode/test/js/GNUmakefile @@ -1,18 +1,21 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -TESTINSTR_DATA_DIR:=$(BUILD_DIR)in/ -TESTINSTR_DATA_FILE:=$(TESTINSTR_DATA_DIR)in +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)in -TESTINSTBIN:=$(BUILD_DIR)testinstr -TESTINSTSRC:=$(PWD)testinstr.c +TESTINSTBIN:=$(BUILD_DIR)test +TESTINSTSRC:=$(PWD)test.c + +TESTINSTBIN2:=$(BUILD_DIR)test2 +TESTINSTSRC2:=$(PWD)test2.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out .PHONY: all 32 clean qemu frida -all: $(TESTINSTBIN) +all: $(TESTINSTBIN) $(TESTINSTBIN2) make -C $(ROOT)frida_mode/ 32: @@ -21,24 +24,57 @@ all: $(TESTINSTBIN) $(BUILD_DIR): mkdir -p $@ -$(TESTINSTR_DATA_DIR): | $(BUILD_DIR) +$(TEST_DATA_DIR): | $(BUILD_DIR) mkdir -p $@ -$(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< +$(TESTINSTBIN2): $(TESTINSTSRC2) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + clean: rm -rf $(BUILD_DIR) -frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) - AFL_FRIDA_JS_SCRIPT=test.js \ +frida_js_entry: $(TESTINSTBIN) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=entry.js \ $(ROOT)afl-fuzz \ -D \ -O \ - -i $(TESTINSTR_DATA_DIR) \ + -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ $(TESTINSTBIN) @@ + +frida_js_replace: $(TESTINSTBIN) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=replace.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_js_patch: $(TESTINSTBIN2) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=patch.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN2) @@ + +frida_js_stalker: $(TESTINSTBIN2) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=stalker.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN2) @@ diff --git a/frida_mode/test/js/Makefile b/frida_mode/test/js/Makefile index 7a237f99..8a2b6fb0 100644 --- a/frida_mode/test/js/Makefile +++ b/frida_mode/test/js/Makefile @@ -9,8 +9,17 @@ all: clean: @gmake clean -frida: - @gmake frida +frida_js_entry: + @gmake frida_js_entry + +frida_js_replace: + @gmake frida_js_replace + +frida_js_patch: + @gmake frida_js_patch + +frida_js_stalker: + @gmake frida_js_stalker debug: @gmake debug diff --git a/frida_mode/test/js/test.js b/frida_mode/test/js/entry.js similarity index 100% rename from frida_mode/test/js/test.js rename to frida_mode/test/js/entry.js diff --git a/frida_mode/test/js/patch.js b/frida_mode/test/js/patch.js new file mode 100644 index 00000000..485a434f --- /dev/null +++ b/frida_mode/test/js/patch.js @@ -0,0 +1,34 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +const main = DebugSymbol.fromName('main').address; +Afl.print(`main: ${main}`); +Afl.setEntryPoint(main); +Afl.setPersistentAddress(main); +Afl.setPersistentCount(10000000); + +const crc32_check = DebugSymbol.fromName('crc32_check').address; +const crc32_replacement = new NativeCallback( + (buf, len) => { + Afl.print(`len: ${len}`); + if (len < 4) { + return 0; + } + + return 1; + }, + 'int', + ['pointer', 'int']); +Interceptor.replace(crc32_check, crc32_replacement); + +const some_boring_bug = DebugSymbol.fromName('some_boring_bug').address +const boring_replacement = new NativeCallback( + (c) => { }, + 'void', + ['char']); +Interceptor.replace(some_boring_bug, boring_replacement); + +Afl.done(); +Afl.print("done"); diff --git a/frida_mode/test/js/replace.js b/frida_mode/test/js/replace.js new file mode 100644 index 00000000..4e1e7eb7 --- /dev/null +++ b/frida_mode/test/js/replace.js @@ -0,0 +1,43 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const slow = DebugSymbol.fromName('slow').address; +Afl.print(`slow: ${slow}`); + +const LLVMFuzzerTestOneInput = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`LLVMFuzzerTestOneInput: ${LLVMFuzzerTestOneInput}`); + +const cm = new CModule(` + + extern unsigned char * __afl_fuzz_ptr; + extern unsigned int * __afl_fuzz_len; + extern void LLVMFuzzerTestOneInput(char *buf, int len); + + void slow(void) { + + LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len); + } + `, + { + LLVMFuzzerTestOneInput: LLVMFuzzerTestOneInput, + __afl_fuzz_ptr: Afl.getAflFuzzPtr(), + __afl_fuzz_len: Afl.getAflFuzzLen() + }); + +Afl.setEntryPoint(cm.slow); +Afl.setPersistentAddress(cm.slow); +Afl.setInMemoryFuzzing(); +Interceptor.replace(slow, cm.slow); +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/js/stalker.js b/frida_mode/test/js/stalker.js new file mode 100644 index 00000000..33f024f5 --- /dev/null +++ b/frida_mode/test/js/stalker.js @@ -0,0 +1,109 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +const main = DebugSymbol.fromName('main').address; +Afl.print(`main: ${main}`); +Afl.setEntryPoint(main); +Afl.setPersistentAddress(main); +Afl.setPersistentCount(10000000); + +/* Replace CRC-32 check */ +const crc32_check = DebugSymbol.fromName('crc32_check').address; +const crc32_replacement = new NativeCallback( + (buf, len) => { + if (len < 4) { + return 0; + } + + return 1; + }, + 'int', + ['pointer', 'int']); +Interceptor.replace(crc32_check, crc32_replacement); + +/* Patch out the first boring bug */ +const some_boring_bug = DebugSymbol.fromName('some_boring_bug').address +const boring_replacement = new NativeCallback( + (c) => { }, + 'void', + ['char']); +Interceptor.replace(some_boring_bug, boring_replacement); + +/* Modify the instructions */ +const some_boring_bug2 = DebugSymbol.fromName('some_boring_bug2').address +const pid = Memory.alloc(4); +pid.writeInt(Process.id); + +const cm = new CModule(` + #include + #include + + typedef int pid_t; + + #define STDERR_FILENO 2 + #define BORING2_LEN 10 + + extern int dprintf(int fd, const char *format, ...); + extern void some_boring_bug2(char c); + extern pid_t getpid(void); + extern pid_t pid; + + gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output) + { + pid_t my_pid = getpid(); + GumX86Writer *cw = output->writer.x86; + + if (GUM_ADDRESS(insn->address) < GUM_ADDRESS(some_boring_bug2)) { + + return TRUE; + + } + + if (GUM_ADDRESS(insn->address) >= + GUM_ADDRESS(some_boring_bug2) + BORING2_LEN) { + + return TRUE; + + } + + if (my_pid == pid) { + + if (begin) { + + dprintf(STDERR_FILENO, "\n> 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } else { + + dprintf(STDERR_FILENO, " 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } + + } + + if (insn->id == X86_INS_UD2) { + + gum_x86_writer_put_nop(cw); + return FALSE; + + } else { + + return TRUE; + + } + } + `, + { + dprintf: Module.getExportByName(null, 'dprintf'), + getpid: Module.getExportByName(null, 'getpid'), + some_boring_bug2: some_boring_bug2, + pid: pid + }); +Afl.setStalkerCallback(cm.js_stalker_callback) +Afl.setStdErr("/tmp/stderr.txt"); +Afl.done(); +Afl.print("done"); diff --git a/frida_mode/test/js/testinstr.c b/frida_mode/test/js/test.c similarity index 91% rename from frida_mode/test/js/testinstr.c rename to frida_mode/test/js/test.c index bd605c52..bbda5ccf 100644 --- a/frida_mode/test/js/testinstr.c +++ b/frida_mode/test/js/test.c @@ -16,13 +16,7 @@ #include #include -#ifdef __APPLE__ - #define TESTINSTR_SECTION -#else - #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) -#endif - -void testinstr(char *buf, int len) { +void LLVMFuzzerTestOneInput(char *buf, int len) { if (len < 1) return; buf[len] = 0; @@ -90,7 +84,7 @@ int run(char *file) { dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); - testinstr(buf, len); + LLVMFuzzerTestOneInput(buf, len); dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); result = 0; diff --git a/frida_mode/test/js/test2.c b/frida_mode/test/js/test2.c new file mode 100644 index 00000000..d16f35fc --- /dev/null +++ b/frida_mode/test/js/test2.c @@ -0,0 +1,177 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define IGNORED_RETURN(x) (void)!(x) + +const uint32_t crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +uint32_t +crc32(const void *buf, size_t size) +{ + const uint8_t *p = buf; + uint32_t crc; + crc = ~0U; + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + return crc ^ ~0U; +} + +/* + * Don't you hate those contrived examples which CRC their data. We can use + * FRIDA to patch this function out and always return success. Otherwise, we + * could change it to actually correct the checksum. + */ +int crc32_check (char * buf, int len) { + if (len < sizeof(uint32_t)) { return 0; } + uint32_t expected = *(uint32_t *)&buf[len - sizeof(uint32_t)]; + uint32_t calculated = crc32(buf, len - sizeof(uint32_t)); + return expected == calculated; +} + +/* + * So you've found a really boring bug in an earlier campaign which results in + * a NULL dereference or something like that. That bug can get in the way, + * causing the persistent loop to exit whenever it is triggered, and can also + * cloud your output unnecessarily. Again, we can use FRIDA to patch it out. + */ +void some_boring_bug(char c) { + switch (c) { + case 'A'...'Z': + case 'a'...'z': + __builtin_trap(); + break; + } +} + +extern void some_boring_bug2(char c); + +__asm__ ( + ".text \n" + "some_boring_bug2: \n" + ".global some_boring_bug2 \n" + ".type some_boring_bug2, @function \n" + "mov %edi, %eax \n" + "cmp $0xb4, %al \n" + "jne ok \n" + "ud2 \n" + "ok: \n" + "ret \n"); + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (!crc32_check(buf, len)) return; + + some_boring_bug(buf[0]); + some_boring_bug2(buf[0]); + + if (buf[0] == '0') { + printf("Looks like a zero to me!\n"); + } + else if (buf[0] == '1') { + printf("Pretty sure that is a one!\n"); + } + else if (buf[0] == '2') { + printf("Oh we, weren't expecting that!"); + __builtin_trap(); + } + else + printf("Neither one or zero? How quaint!\n"); + +} + +int main(int argc, char **argv) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + printf("Running: %s\n", argv[1]); + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { return 1; } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { return 1; } + + if (lseek(fd, 0, SEEK_SET) != 0) { return 1; } + + buf = malloc(len); + if (buf == NULL) { return 1; } + + n_read = read(fd, buf, len); + if (n_read != len) { return 1; } + + printf("Running: %s: (%zd bytes)\n", argv[1], n_read); + + LLVMFuzzerTestOneInput(buf, len); + printf("Done: %s: (%zd bytes)\n", argv[1], n_read); + + return 0; +} + diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile index e30f2049..8a10be07 100644 --- a/frida_mode/test/libpcap/GNUmakefile +++ b/frida_mode/test/libpcap/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so LIBPCAP_BUILD_DIR:=$(BUILD_DIR)libpcap/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -137,11 +136,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(PCAPTEST_OBJ) $(LIBPCAP_LIB) $(LDFLAGS) \ $(TEST_BIN_LDFLAGS) \ -########## HOOK ######## - -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ - ########## DUMMY ####### $(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) @@ -149,8 +143,6 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) ###### TEST DATA ####### -hook: $(AFLPP_DRIVER_HOOK_OBJ) - clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c b/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c deleted file mode 100644 index 059d438d..00000000 --- a/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 81fdd069..f11269e3 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -90,7 +90,7 @@ frida_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -i $(TESTINSTR_DATA_DIR) \ -o $(FRIDA_OUT) \ -- \ - $(TESTINSTBIN) @@ + $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ @@ -102,6 +102,15 @@ debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) --ex 'set disassembly-flavor intel' \ --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) +debug_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + gdb \ + --ex 'set environment AFL_FRIDA_JS_SCRIPT=test.js' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ + --ex 'set environment AFL_DEBUG_CHILD=1' \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + run: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ diff --git a/frida_mode/test/persistent_ret/test.js b/frida_mode/test/persistent_ret/test.js index 43c6ad7c..8adb45b2 100644 --- a/frida_mode/test/persistent_ret/test.js +++ b/frida_mode/test/persistent_ret/test.js @@ -5,34 +5,44 @@ Afl.print(''); Afl.print(`PID: ${Process.id}`); +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + new ModuleMap().values().forEach(m => { Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); }); -const persistent_addr = DebugSymbol.fromName('main'); -Afl.print(`persistent_addr: ${persistent_addr.address}`); +if (name === 'testinstr') { + const persistent_addr = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; + Afl.print(`persistent_addr: ${persistent_addr}`); + Afl.setEntryPoint(persistent_addr); + Afl.setPersistentAddress(persistent_addr); + Afl.setInstrumentDebugFile("/dev/stdout"); + Afl.setPersistentDebug(); + Afl.setInstrumentNoOptimize(); + Afl.setInstrumentEnableTracing(); -const persistent_ret = DebugSymbol.fromName('slow'); -Afl.print(`persistent_ret: ${persistent_ret.address}`); + const LLVMFuzzerTestOneInput = new NativeFunction( + persistent_addr, + 'void', + ['pointer', 'uint64'], + {traps: "all"}); -Afl.setPersistentAddress(persistent_addr.address); -Afl.setPersistentReturn(persistent_ret.address); -Afl.setPersistentCount(1000000); + const persistentHook = new NativeCallback( + (data, size) => { + const input = Afl.aflFuzzPtr.readPointer(); + const len = Afl.aflFuzzLen.readPointer().readU32(); + const hd = hexdump(input, {length: len, header: false, ansi: true}); + Afl.print(`input: ${hd}`); + LLVMFuzzerTestOneInput(input, len); + }, + 'void', + ['pointer', 'uint64']); -Afl.setDebugMaps(); + Afl.aflSharedMemFuzzing.writeInt(1); + Interceptor.replace(persistent_addr, persistentHook); + Interceptor.flush(); +} -const mod = Process.findModuleByName("libc-2.31.so") -Afl.addExcludedRange(mod.base, mod.size); -Afl.setInstrumentLibraries(); -Afl.setInstrumentDebugFile("/tmp/instr.log"); -Afl.setPrefetchDisable(); -Afl.setInstrumentNoOptimize(); -Afl.setInstrumentEnableTracing(); -Afl.setInstrumentTracingUnique(); -Afl.setStdOut("/tmp/stdout.txt"); -Afl.setStdErr("/tmp/stderr.txt"); -Afl.setStatsFile("/tmp/stats.txt"); -Afl.setStatsInterval(1); -Afl.setStatsTransitions(); -Afl.done(); Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c index 6cb88a50..42e3519a 100644 --- a/frida_mode/test/persistent_ret/testinstr.c +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -17,13 +17,14 @@ #include #ifdef __APPLE__ - #define TESTINSTR_SECTION + #define MAIN_SECTION #else - #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) + #define MAIN_SECTION __attribute__((section(".main"))) #endif -void testinstr(char *buf, int len) { +void LLVMFuzzerTestOneInput(char *buf, int len) { + printf (">>> LLVMFuzzerTestOneInput >>>\n"); if (len < 1) return; buf[len] = 0; @@ -43,7 +44,7 @@ void slow() { } -TESTINSTR_SECTION int main(int argc, char **argv) { +MAIN_SECTION int main(int argc, char **argv) { char * file; int fd = -1; @@ -101,7 +102,7 @@ TESTINSTR_SECTION int main(int argc, char **argv) { dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); - testinstr(buf, len); + LLVMFuzzerTestOneInput(buf, len); dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); slow(); diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index b17f3775..0ff9fe86 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so CFLAGS+=-O3 \ -funroll-loops \ @@ -48,7 +47,7 @@ endif .PHONY: all 32 clean format qemu qemu_entry frida frida_entry debug -all: $(AFLPP_DRIVER_HOOK_OBJ) +all: make -C $(ROOT)frida_mode/test/png/persistent/ 32: @@ -68,9 +67,6 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) $(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) truncate -s 1M $@ -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ - qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ @@ -124,6 +120,28 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) +frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_JS_SCRIPT=load.js \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_JS_SCRIPT=cmodule.js \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + debug: $(AFLPP_DRIVER_DUMMY_INPUT) echo $(AFL_FRIDA_PERSISTENT_ADDR) gdb \ diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile index 983d009e..dca51d85 100644 --- a/frida_mode/test/png/persistent/hook/Makefile +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -24,5 +24,8 @@ frida: frida_entry: @gmake frida_entry +frida_js: + @gmake frida_js + debug: @gmake debug diff --git a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c deleted file mode 100644 index 1542c0bf..00000000 --- a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,193 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} -#elif defined(__aarch64__) - -struct arm64_regs { - - uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; - - union { - - uint64_t x11; - uint32_t fp_32; - - }; - - union { - - uint64_t x12; - uint32_t ip_32; - - }; - - union { - - uint64_t x13; - uint32_t sp_32; - - }; - - union { - - uint64_t x14; - uint32_t lr_32; - - }; - - union { - - uint64_t x15; - uint32_t pc_32; - - }; - - union { - - uint64_t x16; - uint64_t ip0; - - }; - - union { - - uint64_t x17; - uint64_t ip1; - - }; - - uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; - - union { - - uint64_t x29; - uint64_t fp; - - }; - - union { - - uint64_t x30; - uint64_t lr; - - }; - - union { - - uint64_t x31; - uint64_t sp; - - }; - - // the zero register is not saved here ofc - - uint64_t pc; - - uint32_t cpsr; - - uint8_t vfp_zregs[32][16 * 16]; - uint8_t vfp_pregs[17][32]; - uint32_t vfp_xregs[16]; - -}; - -void afl_persistent_hook(struct arm64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->x0, input_buf, input_buf_len); - regs->x1 = input_buf_len; -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/test/png/persistent/hook/cmodule.js b/frida_mode/test/png/persistent/hook/cmodule.js new file mode 100644 index 00000000..ab8bdc66 --- /dev/null +++ b/frida_mode/test/png/persistent/hook/cmodule.js @@ -0,0 +1,39 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const persistent_addr = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`persistent_addr: ${persistent_addr}`); +Afl.setEntryPoint(persistent_addr); +Afl.setPersistentAddress(persistent_addr); + +const cm = new CModule(` + + #include + #include + + void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + + } + `, + { + memcpy: Module.getExportByName(null, 'memcpy') + }); +Afl.setPersistentHook(cm.afl_persistent_hook); + +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/png/persistent/hook/load.js b/frida_mode/test/png/persistent/hook/load.js new file mode 100644 index 00000000..ce4374ae --- /dev/null +++ b/frida_mode/test/png/persistent/hook/load.js @@ -0,0 +1,27 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const persistent_addr = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`persistent_addr: ${persistent_addr}`); +Afl.setEntryPoint(persistent_addr); +Afl.setPersistentAddress(persistent_addr); + +const path = Afl.module.path; +const dir = path.substring(0, path.lastIndexOf("/")); +const mod = Module.load(`${dir}/frida_mode/build/hook.so`); +const hook = mod.getExportByName('afl_persistent_hook'); +Afl.setPersistentHook(hook); + +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile index 09112cd5..e324a5d0 100644 --- a/frida_mode/test/proj4/GNUmakefile +++ b/frida_mode/test/proj4/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so LIBPROJ4_BUILD_DIR:=$(BUILD_DIR)libproj4/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -118,11 +117,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(PROJ4TEST_OBJ) $(LIBPROJ4_LIB) $(LDFLAGS) \ $(TEST_BIN_LDFLAGS) \ -########## HOOK ######## - -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ - ########## DUMMY ####### $(TEST_DATA_DIR): | $(BUILD_DIR) @@ -133,8 +127,6 @@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR) ###### TEST DATA ####### -hook: $(AFLPP_DRIVER_HOOK_OBJ) - clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/proj4/Makefile b/frida_mode/test/proj4/Makefile index 863438cf..f83e2992 100644 --- a/frida_mode/test/proj4/Makefile +++ b/frida_mode/test/proj4/Makefile @@ -15,5 +15,3 @@ frida: debug: @gmake debug -hook: - @gmake hook diff --git a/frida_mode/test/proj4/aflpp_qemu_driver_hook.c b/frida_mode/test/proj4/aflpp_qemu_driver_hook.c deleted file mode 100644 index 059d438d..00000000 --- a/frida_mode/test/proj4/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile index 9f0b31d3..e1c5347d 100644 --- a/frida_mode/test/re2/GNUmakefile +++ b/frida_mode/test/re2/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so LIBRE2_BUILD_DIR:=$(BUILD_DIR)libre2/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -116,11 +115,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(RE2TEST_OBJ) $(LIBRE2_LIB) $(LDFLAGS) \ $(TEST_BIN_LDFLAGS) \ -########## HOOK ######## - -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ - ########## DUMMY ####### $(TEST_DATA_DIR): | $(BUILD_DIR) @@ -131,8 +125,6 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TEST_DATA_DIR) ###### TEST DATA ####### -hook: $(AFLPP_DRIVER_HOOK_OBJ) - clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/re2/Makefile b/frida_mode/test/re2/Makefile index 00b2b287..360cdc44 100644 --- a/frida_mode/test/re2/Makefile +++ b/frida_mode/test/re2/Makefile @@ -18,5 +18,3 @@ frida: debug: @gmake debug -hook: - @gmake hook diff --git a/frida_mode/test/re2/aflpp_qemu_driver_hook.c b/frida_mode/test/re2/aflpp_qemu_driver_hook.c deleted file mode 100644 index 059d438d..00000000 --- a/frida_mode/test/re2/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/ts/lib/afl.ts b/frida_mode/ts/lib/afl.ts new file mode 100644 index 00000000..6da7fabc --- /dev/null +++ b/frida_mode/ts/lib/afl.ts @@ -0,0 +1,373 @@ +class Afl { + + /** + * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode + * implementation). + */ + public static module: Module = Process.getModuleByName("afl-frida-trace.so"); + + /** + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ + public static addExcludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddExcludeRange(addressess, size); + } + + /** + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ + public static addIncludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddIncludeRange(addressess, size); + } + + /** + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ + public static done(): void { + Afl.jsApiDone(); + } + + /** + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ + public static error(msg: string): void { + const buf = Memory.allocUtf8String(msg); + Afl.jsApiError(buf); + } + + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the length of + * fuzzing data when using in-memory test case fuzzing. + */ + public static getAflFuzzLen(): NativePointer { + + return Afl.jsApiGetSymbol("__afl_fuzz_len"); + } + + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the fuzzing + * data when using in-memory test case fuzzing. + */ + public static getAflFuzzPtr(): NativePointer { + + return Afl.jsApiGetSymbol("__afl_fuzz_ptr"); + } + + /** + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ + public static print(msg: string): void { + const STDOUT_FILENO = 2; + const log = `${msg}\n`; + const buf = Memory.allocUtf8String(log); + Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); + } + + /** + * See `AFL_FRIDA_DEBUG_MAPS`. + */ + public static setDebugMaps(): void { + Afl.jsApiSetDebugMaps(); + } + + /** + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ + public static setEntryPoint(address: NativePointer): void { + Afl.jsApiSetEntryPoint(address); + } + + /** + * Function used to enable in-memory test cases for fuzzing. + */ + public static setInMemoryFuzzing(): void { + Afl.jsApiAflSharedMemFuzzing.writeInt(1); + } + + /** + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ + public static setInstrumentDebugFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetInstrumentDebugFile(buf); + } + + /** + * See `AFL_FRIDA_INST_TRACE`. + */ + public static setInstrumentEnableTracing(): void { + Afl.jsApiSetInstrumentTrace(); + } + + /** + * See `AFL_INST_LIBS`. + */ + public static setInstrumentLibraries(): void { + Afl.jsApiSetInstrumentLibraries(); + } + + /** + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ + public static setInstrumentNoOptimize(): void { + Afl.jsApiSetInstrumentNoOptimize(); + } + + /** + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ + public static setInstrumentTracingUnique(): void { + Afl.jsApiSetInstrumentTraceUnique(); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentAddress(address: NativePointer): void { + Afl.jsApiSetPersistentAddress(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ + public static setPersistentCount(count: number): void { + Afl.jsApiSetPersistentCount(count); + } + + /** + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ + public static setPersistentDebug(): void { + Afl.jsApiSetPersistentDebug(); + } + + /** + * See `AFL_FRIDA_PERSISTENT_ADDR`. This function takes a NativePointer as an + * argument. See above for examples of use. + */ + public static setPersistentHook(address: NativePointer): void { + Afl.jsApiSetPersistentHook(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentReturn(address: NativePointer): void { + Afl.jsApiSetPersistentReturn(address); + } + + /** + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ + public static setPrefetchDisable(): void { + Afl.jsApiSetPrefetchDisable(); + } + + /* + * Set a function to be called for each instruction which is instrumented + * by AFL FRIDA mode. + */ + public static setStalkerCallback(callback: NativePointer): void { + Afl.jsApiSetStalkerCallback(callback); + } + + /** + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ + public static setStatsFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStatsFile(buf); + } + + /** + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ + public static setStatsInterval(interval: number): void { + Afl.jsApiSetStatsInterval(interval); + } + + /** + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ + public static setStatsTransitions(): void { + Afl.jsApiSetStatsTransitions(); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ + public static setStdErr(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdErr(buf); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ + public static setStdOut(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdOut(buf); + } + + private static readonly jsApiAddExcludeRange = Afl.jsApiGetFunction( + "js_api_add_exclude_range", + "void", + ["pointer", "size_t"]); + + private static readonly jsApiAddIncludeRange = Afl.jsApiGetFunction( + "js_api_add_include_range", + "void", + ["pointer", "size_t"]); + + private static readonly jsApiAflSharedMemFuzzing = Afl.jsApiGetSymbol("__afl_sharedmem_fuzzing"); + + private static readonly jsApiDone = Afl.jsApiGetFunction( + "js_api_done", + "void", + []); + + private static readonly jsApiError = Afl.jsApiGetFunction( + "js_api_error", + "void", + ["pointer"]); + + private static readonly jsApiSetDebugMaps = Afl.jsApiGetFunction( + "js_api_set_debug_maps", + "void", + []); + + private static readonly jsApiSetEntryPoint = Afl.jsApiGetFunction( + "js_api_set_entrypoint", + "void", + ["pointer"]); + + private static readonly jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction( + "js_api_set_instrument_debug_file", + "void", + ["pointer"]); + + private static readonly jsApiSetInstrumentLibraries = Afl.jsApiGetFunction( + "js_api_set_instrument_libraries", + "void", + []); + + private static readonly jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction( + "js_api_set_instrument_no_optimize", + "void", + []); + + private static readonly jsApiSetInstrumentTrace = Afl.jsApiGetFunction( + "js_api_set_instrument_trace", + "void", + []); + + private static readonly jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction( + "js_api_set_instrument_trace_unique", + "void", + []); + + private static readonly jsApiSetPersistentAddress = Afl.jsApiGetFunction( + "js_api_set_persistent_address", + "void", + ["pointer"]); + + private static readonly jsApiSetPersistentCount = Afl.jsApiGetFunction( + "js_api_set_persistent_count", + "void", + ["uint64"]); + + private static readonly jsApiSetPersistentDebug = Afl.jsApiGetFunction( + "js_api_set_persistent_debug", + "void", + []); + + private static readonly jsApiSetPersistentHook = Afl.jsApiGetFunction( + "js_api_set_persistent_hook", + "void", + ["pointer"]); + + private static readonly jsApiSetPersistentReturn = Afl.jsApiGetFunction( + "js_api_set_persistent_return", + "void", + ["pointer"]); + + private static readonly jsApiSetPrefetchDisable = Afl.jsApiGetFunction( + "js_api_set_prefetch_disable", + "void", + []); + + private static readonly jsApiSetStalkerCallback = Afl.jsApiGetFunction( + "js_api_set_stalker_callback", + "void", + ["pointer"]); + + private static readonly jsApiSetStatsFile = Afl.jsApiGetFunction( + "js_api_set_stats_file", + "void", + ["pointer"]); + + private static readonly jsApiSetStatsInterval = Afl.jsApiGetFunction( + "js_api_set_stats_interval", + "void", + ["uint64"]); + + private static readonly jsApiSetStatsTransitions = Afl.jsApiGetFunction( + "js_api_set_stats_transitions", + "void", + []); + + private static readonly jsApiSetStdErr = Afl.jsApiGetFunction( + "js_api_set_stderr", + "void", + ["pointer"]); + + private static readonly jsApiSetStdOut = Afl.jsApiGetFunction( + "js_api_set_stdout", + "void", + ["pointer"]); + + private static readonly jsApiWrite = new NativeFunction( + /* tslint:disable-next-line:no-null-keyword */ + Module.getExportByName(null, "write"), + "int", + ["int", "pointer", "int"]); + + private static jsApiGetFunction(name: string, retType: NativeType, argTypes: NativeType[]): NativeFunction { + const addr: NativePointer = Afl.module.getExportByName(name); + + return new NativeFunction(addr, retType, argTypes); + } + + private static jsApiGetSymbol(name: string): NativePointer { + + return Afl.module.getExportByName(name); + } + +} diff --git a/frida_mode/ts/package-lock.json b/frida_mode/ts/package-lock.json new file mode 100644 index 00000000..e766c2c2 --- /dev/null +++ b/frida_mode/ts/package-lock.json @@ -0,0 +1,12 @@ +{ + "requires": true, + "lockfileVersion": 1, + "dependencies": { + "tsc": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/tsc/-/tsc-2.0.3.tgz", + "integrity": "sha512-SN+9zBUtrpUcOpaUO7GjkEHgWtf22c7FKbKCA4e858eEM7Qz86rRDpgOU2lBIDf0fLCsEg65ms899UMUIB2+Ow==", + "dev": true + } + } +} diff --git a/frida_mode/ts/package.json b/frida_mode/ts/package.json new file mode 100644 index 00000000..47b693ed --- /dev/null +++ b/frida_mode/ts/package.json @@ -0,0 +1,32 @@ +{ + "name": "@worksbutnottested/aflplusplus-frida", + "version": "1.0.0", + "description": "AFLplusplus Frida Mode", + "main": "./dist/frida.js", + "types": "./dist/frida.d.ts", + "files": [ + "/dist/" + ], + "repository": { + "type": "git", + "url": "git@github.com:worksbutnottested/AFLplusplus.git" + }, + "publishConfig": { + "cache": "~/.npm", + "registry": "https://npm.pkg.github.com/@worksbutnottested" + }, + "scripts": { + "prepare": "npm run build", + "build": "tsc", + "lint": "tslint -p tslint.json" + }, + "devDependencies": { + "@types/node": "^14.14.2", + "typescript": "^4.0.3", + "typescript-tslint-plugin": "^0.5.5", + "tslint": "^6.1.3" + }, + "dependencies": { + "@types/frida-gum": "^16.2.0" + } + } diff --git a/frida_mode/ts/tsconfig.json b/frida_mode/ts/tsconfig.json new file mode 100644 index 00000000..624e4496 --- /dev/null +++ b/frida_mode/ts/tsconfig.json @@ -0,0 +1,14 @@ +{ + "compilerOptions": { + "target": "es2020", + "lib": ["es2020"], + "strict": true, + "module": "commonjs", + "esModuleInterop": true, + "declaration": true, + "outDir": "./dist" + }, + "include": [ + "lib/**/*" + ] + } diff --git a/frida_mode/ts/tslint.json b/frida_mode/ts/tslint.json new file mode 100644 index 00000000..0e7a77ed --- /dev/null +++ b/frida_mode/ts/tslint.json @@ -0,0 +1,256 @@ +{ + "rules": { + "adjacent-overload-signatures": true, + "ban-types": { + "options": [ + ["Object", "Avoid using the `Object` type. Did you mean `object`?"], + [ + "Function", + "Avoid using the `Function` type. Prefer a specific function type, like `() => void`." + ], + ["Boolean", "Avoid using the `Boolean` type. Did you mean `boolean`?"], + ["Number", "Avoid using the `Number` type. Did you mean `number`?"], + ["String", "Avoid using the `String` type. Did you mean `string`?"], + ["Symbol", "Avoid using the `Symbol` type. Did you mean `symbol`?"] + ] + }, + "ban-ts-ignore": true, + "member-access": { + "options": ["check-accessor", "check-constructor", "check-parameter-property"] + }, + "member-ordering": { + "options": { + "order": "statics-first", + "alphabetize": true + } + }, + "no-any": true, + "no-empty-interface": true, + "no-for-in": true, + "no-import-side-effect": true, + "no-inferrable-types": { "options": ["ignore-params"] }, + "no-internal-module": true, + "no-magic-numbers": true, + "no-namespace": true, + "no-non-null-assertion": true, + "no-reference": true, + "no-restricted-globals": true, + "no-this-assignment": true, + "no-var-requires": true, + "only-arrow-functions": true, + "prefer-for-of": true, + "prefer-readonly": true, + "promise-function-async": true, + "typedef": { + "options": [ + "call-signature", + "parameter", + "property-declaration" + ] + }, + "typedef-whitespace": { + "options": [ + { + "call-signature": "nospace", + "index-signature": "nospace", + "parameter": "nospace", + "property-declaration": "nospace", + "variable-declaration": "nospace" + }, + { + "call-signature": "onespace", + "index-signature": "onespace", + "parameter": "onespace", + "property-declaration": "onespace", + "variable-declaration": "onespace" + } + ] + }, + "unified-signatures": true, + "await-promise": true, + "ban-comma-operator": true, + "curly": true, + "forin": true, + "function-constructor": true, + "label-position": true, + "no-arg": true, + "no-async-without-await": true, + "no-bitwise": true, + "no-conditional-assignment": true, + "no-console": true, + "no-construct": true, + "no-debugger": true, + "no-duplicate-super": true, + "no-duplicate-switch-case": true, + "no-duplicate-variable": { "options": ["check-parameters"] }, + "no-dynamic-delete": true, + "no-empty": true, + "no-eval": true, + "no-floating-promises": true, + "no-for-in-array": true, + "no-implicit-dependencies": true, + "no-inferred-empty-object-type": true, + "no-invalid-template-strings": true, + "no-misused-new": true, + "no-null-keyword": true, + "no-null-undefined-union": true, + "no-object-literal-type-assertion": true, + "no-promise-as-boolean": true, + "no-return-await": true, + "no-shadowed-variable": true, + "no-string-literal": true, + "no-string-throw": true, + "no-sparse-arrays": true, + "no-submodule-imports": true, + "no-tautology-expression": true, + "no-unbound-method": true, + "no-unnecessary-class": { "options": ["allow-empty-class", "allow-static-only"] }, + "no-unsafe-any": false, + "no-unsafe-finally": true, + "no-unused-expression": true, + "no-var-keyword": true, + "no-void-expression": true, + "prefer-conditional-expression": true, + "radix": true, + "restrict-plus-operands": true, + "static-this": true, + "strict-boolean-expressions": true, + "strict-string-expressions": true, + "strict-comparisons": true, + "strict-type-predicates": true, + "switch-default": true, + "triple-equals": true, + "unnecessary-constructor": true, + "use-default-type-parameter": true, + "use-isnan": true, + "cyclomatic-complexity": true, + "eofline": true, + "indent": { "options": ["spaces"] }, + "invalid-void": true, + "linebreak-style": { "options": "LF" }, + "max-classes-per-file": { "options": 1 }, + "max-file-line-count": { "options": 1000 }, + "max-line-length": { + "options": { "limit": 120 } + }, + "no-default-export": true, + "no-default-import": true, + "no-duplicate-imports": true, + "no-irregular-whitespace": true, + "no-mergeable-namespace": true, + "no-parameter-reassignment": true, + "no-require-imports": true, + "no-trailing-whitespace": true, + "object-literal-sort-keys": true, + "prefer-const": true, + "trailing-comma": { + "options": { + "esSpecCompliant": true, + "multiline": "always", + "singleline": "never" + } + }, + "align": { + "options": ["parameters", "arguments", "statements", "elements", "members"] + }, + "array-type": { "options": "array-simple" }, + "arrow-parens": true, + "arrow-return-shorthand": { "options": "multiline" }, + "binary-expression-operand-order": true, + "callable-types": true, + "class-name": true, + "comment-format": { "options": ["check-space", "check-uppercase"] }, + "comment-type": { "options": ["singleline", "multiline", "doc", "directive"] }, + "completed-docs": [ + true, + { + "enums": true, + "methods": {"locations": "all", "privacies": ["public", "protected"]}, + "properties": {"locations": "all", "privacies": ["public", "protected"]} + } + ], + "deprecation": true, + "encoding": true, + "file-name-casing": { "options": "camel-case" }, + "import-spacing": true, + "increment-decrement": true, + "interface-name": true, + "interface-over-type-literal": true, + "jsdoc-format": { "options": "check-multiline-start" }, + "match-default-export-name": true, + "new-parens": true, + "newline-before-return": true, + "newline-per-chained-call": true, + "no-angle-bracket-type-assertion": true, + "no-boolean-literal-compare": true, + "no-consecutive-blank-lines": true, + "no-parameter-properties": true, + "no-redundant-jsdoc": true, + "no-reference-import": true, + "no-unnecessary-callback-wrapper": true, + "no-unnecessary-initializer": true, + "no-unnecessary-qualifier": true, + "no-unnecessary-type-assertion": true, + "number-literal-format": true, + "object-literal-key-quotes": { "options": "consistent-as-needed" }, + "object-literal-shorthand": true, + "one-line": { + "options": [ + "check-catch", + "check-else", + "check-finally", + "check-open-brace", + "check-whitespace" + ] + }, + "one-variable-per-declaration": true, + "ordered-imports": { + "options": { + "grouped-imports": true, + "import-sources-order": "case-insensitive", + "named-imports-order": "case-insensitive", + "module-source-path": "full" + } + }, + "prefer-function-over-method": true, + "prefer-method-signature": true, + "prefer-object-spread": true, + "prefer-switch": true, + "prefer-template": true, + "prefer-while": true, + "quotemark": { + "options": ["double", "avoid-escape", "avoid-template"] + }, + "return-undefined": true, + "semicolon": { "options": ["always"] }, + "space-before-function-paren": { + "options": { + "anonymous": "never", + "asyncArrow": "always", + "constructor": "never", + "method": "never", + "named": "never" + } + }, + "space-within-parens": { "options": 0 }, + "switch-final-break": true, + "type-literal-delimiter": true, + "unnecessary-bind": true, + "unnecessary-else": true, + "variable-name": { "options": ["ban-keywords", "check-format", "require-const-for-all-caps"] }, + "whitespace": { + "options": [ + "check-branch", + "check-decl", + "check-operator", + "check-module", + "check-separator", + "check-type", + "check-typecast", + "check-preblock", + "check-type-operator", + "check-rest-spread" + ] + } + } +} From 7038e56da3952c89a51596180578153918ce6eee Mon Sep 17 00:00:00 2001 From: van Hauser Date: Sun, 27 Jun 2021 10:22:18 +0200 Subject: [PATCH 377/441] Select (#995) * favor unfuzzed * fix * reinit table after a new fuzz --- include/afl-fuzz.h | 3 ++- src/afl-fuzz-one.c | 1 + src/afl-fuzz-queue.c | 5 ++++- src/afl-fuzz.c | 3 ++- 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 2920f905..2e2c78ef 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -519,7 +519,8 @@ typedef struct afl_state { shmem_testcase_mode, /* If sharedmem testcases are used */ expand_havoc, /* perform expensive havoc after no find */ cycle_schedules, /* cycle power schedules? */ - old_seed_selection; /* use vanilla afl seed selection */ + old_seed_selection, /* use vanilla afl seed selection */ + reinit_table; /* reinit the queue weight table */ u8 *virgin_bits, /* Regions yet untouched by fuzzing */ *virgin_tmout, /* Bits we haven't seen in tmouts */ diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 11adebf4..f03249e9 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2862,6 +2862,7 @@ abandon_entry: --afl->pending_not_fuzzed; afl->queue_cur->was_fuzzed = 1; + afl->reinit_table = 1; if (afl->queue_cur->favored) { --afl->pending_favored; } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 811e805c..d2689c94 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -58,7 +58,8 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (1 + (q->tc_ref / avg_top_size)); - if (unlikely(q->favored)) weight *= 5; + if (unlikely(q->favored)) { weight *= 5; } + if (unlikely(!q->was_fuzzed)) { weight *= 2; } return weight; @@ -198,6 +199,8 @@ void create_alias_table(afl_state_t *afl) { while (nS) afl->alias_probability[S[--nS]] = 1; + afl->reinit_table = 0; + /* #ifdef INTROSPECTION u8 fn[PATH_MAX]; diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 5f25f728..bd9b6691 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -2154,7 +2154,8 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(!afl->old_seed_selection)) { - if (unlikely(prev_queued_paths < afl->queued_paths)) { + if (unlikely(prev_queued_paths < afl->queued_paths || + afl->reinit_table)) { // we have new queue entries since the last run, recreate alias table prev_queued_paths = afl->queued_paths; From cda62bab0837f1cbec2a1245de32b04a09e61af5 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 28 Jun 2021 09:14:00 +0200 Subject: [PATCH 378/441] push to stable (#987) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release * back push (#952) * Dev (#949) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters Co-authored-by: van Hauser Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic * v3.13c release (#950) * use atomic read-modify-write increment for LLVM CLASSIC * Change other LLVM modes to atomic increments * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * work in progress: not working correctly yet * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * still not working * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * first working NeverZero implementation * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * add some comments * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file * push to stable (#931) (#932) * sync (#886) * Create FUNDING.yml * Update FUNDING.yml * moved custom_mutator examples * unicorn speedtest makefile cleanup * fixed example location * fix qdbi * update util readme * Frida persistent (#880) * Added x64 support for persistent mode (function call only), in-memory teest cases and complog * Review changes, fix NeverZero and code to parse the .text section of the main executable. Excluded ranges TBC * Various minor fixes and finished support for AFL_INST_LIBS * Review changes Co-authored-by: Your Name * nits * fix frida mode * Integer overflow/underflow fixes in libdislocator (#889) * libdislocator: fixing integer overflow in 'max_mem' variable and setting 'max_mem' type to 'size_t' * libdislocator: fixing potential integer underflow in 'total_mem' variable due to its different values in different threads * Bumped warnings up to the max and fixed remaining issues (#890) Co-authored-by: Your Name * nits * frida mode - support non-pie * nits * nit * update grammar mutator * Fixes for aarch64, OSX and other minor issues (#891) Co-authored-by: Your Name * nits * nits * fix PCGUARD, build aflpp_driver with fPIC * Added representative fuzzbench test and test for libxml (#893) * Added representative fuzzbench test and test for libxml * Added support for building FRIDA from source with FRIDA_SOURCE=1 Co-authored-by: Your Name * nits * update changelog * typos * fixed potential double free in custom trim (#881) * error handling, freeing mem * frida: complog -> cmplog * fix statsd writing * let aflpp_qemu_driver_hook.so build fail gracefully * fix stdin trimming * Support for AFL_ENTRYPOINT (#898) Co-authored-by: Your Name * remove the input file .cur_input at the end of the fuzzing, if AFL_TMPDIR is used * reverse push (#901) * Create FUNDING.yml * Update FUNDING.yml * disable QEMU static pie Co-authored-by: Andrea Fioraldi * clarify that no modifications are required. * add new test for frida_mode (please review) * typos * fix persistent mode (64-bit) * set ARCH for linux intel 32-bit for frida-gum-devkit * prepare for 32-bit support (later) * not on qemu 3 anymore * unicorn mips fixes * instrumentation further move to C++11 (#900) * unicorn fixes * more unicorn fixes * Fix memory errors when trim causes testcase growth (#881) (#903) * Revert "fixed potential double free in custom trim (#881)" This reverts commit e9d2f72382cab75832721d859c3e731da071435d. * Revert "fix custom trim for increasing data" This reverts commit 86a8ef168dda766d2f25f15c15c4d3ecf21d0667. * Fix memory errors when trim causes testcase growth Modify trim_case_custom to avoid writing into in_buf because some custom mutators can cause the testcase to grow rather than shrink. Instead of modifying in_buf directly, we write the update out to the disk when trimming is complete, and then the caller is responsible for refreshing the in-memory buffer from the file. This is still a bit sketchy because it does need to modify q->len in order to notify the upper layers that something changed, and it could end up telling upper layer code that the q->len is *bigger* than the buffer (q->testcase_buf) that contains it, which is asking for trouble down the line somewhere... * Fix an unlikely situation Put back some `unlikely()` calls that were in the e9d2f72382cab75832721d859c3e731da071435d commit that was reverted. * typo * Exit on time (#904) * Variable AFL_EXIT_ON_TIME description has been added. Variables AFL_EXIT_ON_TIME and afl_exit_on_time has been added. afl->exit_on_time variable initialization has been added. The asignment of a value to the afl->afl_env.afl_exit_on_time variable from environment variables has been added. Code to exit on timeout if new path not found has been added. * Type of afl_exit_on_time variable has been changed. Variable exit_on_time has been added to the afl_state_t structure. * Command `export AFL_EXIT_WHEN_DONE=1` has been added. * Millisecond to second conversion has been added. Call get_cur_time() has been added. * Revert to using the saved current time value. * Useless check has been removed. * fix new path to custom-mutators * ensure crashes/README.txt exists * fix * Changes to bump FRIDA version and to clone FRIDA repo in to build directory rather than use a submodule as the FRIDA build scripts don't like it (#906) Co-authored-by: Your Name * Fix numeric overflow in cmplog implementation (#907) Co-authored-by: Your Name * testcase fixes for unicorn * remove merge conflict artifacts * fix afl-plot * Changes to remove binaries from frida_mode (#913) Co-authored-by: Your Name * Frida cmplog fail fast (#914) * Changes to remove binaries from frida_mode * Changes to make cmplog fail fast Co-authored-by: Your Name * afl-plot: relative time * arch linux and mac os support for afl-system-config * typo * code-format * update documentation * github workflow for qemu * OSX-specific improvements (#912) * Fix afl-cc to work correctly by default on OSX using xcode - CLANG_ENV_VAR must be set for afl-as to work - Use clang mode by default if no specific compiler selected * Add OSX-specific documentation for configuring shared memory * Fixes to memory operands for complog (#916) Co-authored-by: Your Name * fix a few cur_time uses * added bounds check to pivot_inputs (fixes #921) * additional safety checks for restarts * restrict afl-showmap in_file size * fix seed crash disable * add warning for afl-showmap partial read * no core dumps * AFL_PRINT_FILENAMES added * more documentation for AFL_EXIT_ON_TIME * Flushing for AFL_PRINT_FILENAMES * FASAN Support (#918) * FASAN Support * Fix handling of Address Sanitizer DSO * Changes to identification of Address Sanitizer DSO Co-authored-by: Your Name * Support for x86 (#920) Co-authored-by: Your Name * Update frida_mode readme (#925) * libqasan: use syscalls for read and write * update readme * Minor integration tweaks (#926) Co-authored-by: Your Name * merge * fix afl-fuzz.c frida preload * cleaned up AFL_PRINT_FILENAMES env * Changes to have persistent mode exit at the end of the loop (#928) Co-authored-by: Your Name * fix llvm-dict2file Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: hexcoder- Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza * improve error msg * Added documentation for wine LoadLibrary workaround (#933) * Fix cmake target compilation command example (#934) - Fix typo DCMAKE_C_COMPILERC -> DCMAKE_C_COMPILER. - Add `cd build` after `mkdir build`. * showmap passes queue items in alphabetical order * added tmp files to gitignore * lenient dict parsing, no map size enum for binary fuzzing * added info about showmap queue directions * update binary-only doc * turn off map size detection if skip_bin_check is set * Typo * update docs * update afl-system-config * Set kill signal before using it in afl-showmap (#935) * fix afl-cc help output * add libafl to binary-only doc * update docs * less executions on variable paths * AFL_SKIP_CRASHES is obsolete since 3.0 * add AFL_TRY_AFFINITY * Typo * Typo * Typo/wording * tweaks * typos * fix afl-whatsup help output * fix afl-plot output * fix for MacOS * fix cmpcov doc for qemu * fix tmpfile removal * update dockerfile * Frida (#940) * Added re2 test * Added libpcap test * Fix validation of setting of ADDR_NO_RANDOMIZE * Added support for printing original and instrumented code Co-authored-by: Your Name * Support for AFL_FRIDA_PERSISTENT_RET (#941) Co-authored-by: Your Name * Changes to add missing exclusion of ranges (#943) Co-authored-by: Your Name * add --afl-noopt to afl-cc * docs: fix link to README in QuickStartGuide (#946) * Support writing Stalker stats (#945) * Support writing Stalker stats * Fixed string handling in print functions Co-authored-by: Your Name * afl-cmin help fix, aflpp_driver - + @@ support * fix for afl-showmap * support new env var AFL_LLVM_THREADSAFE_INST to enable atomic counters. add new test case for that. * add documentation for AFL_LLVM_THREADSAFE_INST * add support for AFL_LLVM_THREADSAFE_INST to other LLVM passes * add missing include for _exit() * threadsafe doc fixes, code format * Wording: "never zero" -> NeverZero * fix afl_custom_post_process with multiple custom mutators * fix docs * debug ck_write * fixed potential diff by 0 * fixes * fix classic threadsafe counters * v3.13c release Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: hexcoder- * v3.14a init * remove redundant unsetenv (#947) * update MacOS Install information * add missing clean action for frida_mode * ensure memory is there before free * adapt to incompatible LLVM 13 API * fix stupid typos * add fix info * build afl-compiler-rt even with broken llvm * fix -F with slash option * dynamic_list and afl-compiler-rt rework * detect partial linking in afl-cc * partial linking with -Wl * Add proper name and URL for Zafl (#959) * move link * add known frontends for supported compiler infrastructures * add Rust * fix ui fuzzing stage index (#960) * fix overflowing UI fields 'now processing' * restored timeout handling (with SIGALRM for now) * On non-Linux systems make clean may fail for frida_mode * give hint how to set env var for path to llvm-config tool * setting AFL_CC for test-llvm.sh on FreeBSD is not necessary anymore * remove -D from -M * write target errors to out_dir/error.txt * add changelog entry * add changelog * format * more info for error logging * Forkserver for afl-analyze (#963) * afl-analyze forkserver * added missing vars to forkserver * synchronized a bit more with afl-tmin * more debugging, runs now, but need to suppress target output * fix dev/null setting * afl-analyze info: Co-authored-by: hexcoder- * proper newlines * reenable LLVM 3.8 ( Ubuntu 16.04 ) * FRIDA AARCH64 support (#965) Co-authored-by: Your Name * adapt docs to minimum LLVM version * adapt to minimum llvm version * remove warning regarding core_pattern (was wrong/unnecessary anyway) * avoid code duplication, symlink header file * clippy fixes * add test cases for splitting integer comparisons * Revert "add test cases for splitting integer comparisons" This reverts commit e0aa411647e1a525a3a0488d929ec71611388d54. * add test cases for splitting integer comparisons * FRIDA - Remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET (#970) Co-authored-by: Your Name * fix AFL_CAL_FAST * fix cmplog screen update crash * Frida complog fix (#971) * Fix complog issue with changing address space * Added support for printing command line and environment during startup * Review fixes Co-authored-by: Your Name * Improve tracing support to include real addresses and edge ids and also support logging edges only once (#972) Co-authored-by: Your Name * split-comparison llvm pass refactor for smaller compilation times (and a small bug fix) (#964) * Refactored split compare pass to be more efficient in LTO usage and allow splitting to other minimum bitwidths. Efficiency: avoid looping over the whole llvm module N times, when once is also enough. Bitwidth: Previously, due to fallthrough in switch-case, all comparisons were split to 8-bit, which might not be desirable e.g., 16 or 32 bit might be enough. So now all comparison are split until they are smaller or equal to the target bitwidth, which is controlled through the `AFL_LLVM_LAF_SPLIT_COMPARES_BITW` environment variable. * fixed miscompilation due to incorrectly trying to split a signed comparison operator * minor formatting updates and use IRBuilder when inserting multiple instructions * added @hexcoder-'s test-int_cases.c to make test * Avoid recursion; switch to smallvector in splitAndSimplify; use switch case for icmp type; * Fixed issue when splitting < where the inverse comparison was not further split * some cleanup * code format * fix to instrument global c++ namespace functions * update changelog * document frida changes * Fix typo in README.md (#974) * adapt for LLVM 3.8.0 * fix README * little inline * Add debug output to alert user to calibration progress/issues (#969) * aflppdriver help output * code format * afl-cmin/afl-cmin.bash/afl-showmap -i descend into subdirectories * make afl-cmin actually work with subdirectories * correct map size for small targets * Perf regression4 (#979) * Added test for libjpeg * Added proj4 test * Added missing members to x86/64 context * Changes to use memfd and hashtable cache * Removed redundant check Co-authored-by: Your Name * improve documentation * typo * reverse read the queue n resumes * frida fix * cmplog fix for qemu and frida * Misc (#986) * Changes to fix accidental ranges deletion and add support for SCAS/CMPS * Fix syscall issues on OSX * Changes to more closely match QEMU mode * Changes to use double hashing on cmplog * Changes to use msync * Review changes Co-authored-by: Your Name * force disable llvm instrumentation for frida * non-unix compat * fix afl-showmap * frida fix * fix frida * rust bindings update * rust bindings update * Added JS support (#992) * Added JS support * Added some documentation Co-authored-by: Your Name * unicorn rust bindings improvements * typo * updated uc rust bindings * test laf splitting: set default for char type explicitly to signed * Improved FRIDA mode scripting support (#994) Co-authored-by: Your Name * Select (#995) * favor unfuzzed * fix * reinit table after a new fuzz Co-authored-by: hexcoder- Co-authored-by: Dominik Maier Co-authored-by: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Co-authored-by: Your Name Co-authored-by: Dmitry Zheregelya Co-authored-by: hexcoder Co-authored-by: Andrea Fioraldi Co-authored-by: David CARLIER Co-authored-by: realmadsci <71108352+realmadsci@users.noreply.github.com> Co-authored-by: Roman M. Iudichev Co-authored-by: Dustin Spicuzza Co-authored-by: 0x4d5a-ctf <51098072+0x4d5a-ctf@users.noreply.github.com> Co-authored-by: Tommy Chiang Co-authored-by: buherator Co-authored-by: Dag Heyman Kajevic Co-authored-by: terrynini Co-authored-by: jdhiser Co-authored-by: yuan Co-authored-by: Michael Rodler Co-authored-by: Artis <32833063+Artis24106@users.noreply.github.com> --- README.md | 57 +- TODO.md | 2 - afl-cmin | 42 +- docs/Changelog.md | 7 +- docs/parallel_fuzzing.md | 8 +- frida_mode/.gitignore | 2 + frida_mode/GNUmakefile | 59 +- frida_mode/Makefile | 3 + frida_mode/README.md | 4 + frida_mode/Scripting.md | 850 ++++++++++++++++++ frida_mode/hook/hook.c | 50 ++ frida_mode/include/asan.h | 3 +- frida_mode/include/ctx.h | 2 +- frida_mode/include/entry.h | 8 +- frida_mode/include/frida_cmplog.h | 1 + frida_mode/include/instrument.h | 16 +- frida_mode/include/intercept.h | 11 + frida_mode/include/interceptor.h | 11 - frida_mode/include/js.h | 26 + frida_mode/include/lib.h | 4 +- frida_mode/include/output.h | 6 +- frida_mode/include/persistent.h | 7 +- frida_mode/include/prefetch.h | 5 +- frida_mode/include/ranges.h | 9 +- frida_mode/include/stalker.h | 3 +- frida_mode/include/stats.h | 7 +- frida_mode/include/util.h | 2 +- frida_mode/src/asan/asan.c | 21 +- frida_mode/src/asan/asan_arm32.c | 2 +- frida_mode/src/asan/asan_arm64.c | 2 +- frida_mode/src/asan/asan_x64.c | 2 +- frida_mode/src/asan/asan_x86.c | 2 +- frida_mode/src/cmplog/cmplog.c | 162 ++-- frida_mode/src/cmplog/cmplog_arm32.c | 2 +- frida_mode/src/cmplog/cmplog_arm64.c | 2 +- frida_mode/src/cmplog/cmplog_x64.c | 24 +- frida_mode/src/cmplog/cmplog_x86.c | 2 +- frida_mode/src/ctx/ctx_arm32.c | 2 +- frida_mode/src/ctx/ctx_arm64.c | 2 +- frida_mode/src/ctx/ctx_x64.c | 24 +- frida_mode/src/ctx/ctx_x86.c | 8 +- frida_mode/src/entry.c | 20 +- frida_mode/src/instrument/instrument.c | 77 +- frida_mode/src/instrument/instrument_arm32.c | 2 +- frida_mode/src/instrument/instrument_arm64.c | 4 +- frida_mode/src/instrument/instrument_debug.c | 23 +- frida_mode/src/instrument/instrument_x64.c | 4 +- frida_mode/src/instrument/instrument_x86.c | 4 +- frida_mode/src/{interceptor.c => intercept.c} | 12 +- frida_mode/src/js/api.js | 243 +++++ frida_mode/src/js/js.c | 122 +++ frida_mode/src/js/js_api.c | 152 ++++ frida_mode/src/lib/lib.c | 6 +- frida_mode/src/lib/lib_apple.c | 6 +- frida_mode/src/main.c | 59 +- frida_mode/src/output.c | 28 +- frida_mode/src/persistent/persistent.c | 65 +- frida_mode/src/persistent/persistent_arm32.c | 2 +- frida_mode/src/persistent/persistent_arm64.c | 411 ++++----- frida_mode/src/persistent/persistent_x64.c | 184 ++-- frida_mode/src/persistent/persistent_x86.c | 117 +-- frida_mode/src/prefetch.c | 37 +- frida_mode/src/ranges.c | 122 +-- frida_mode/src/stalker.c | 31 +- frida_mode/src/stats/stats.c | 33 +- frida_mode/src/stats/stats_arm32.c | 2 +- frida_mode/src/stats/stats_arm64.c | 2 +- frida_mode/src/stats/stats_x64.c | 2 +- frida_mode/src/stats/stats_x86.c | 2 +- frida_mode/test/deferred/GNUmakefile | 2 +- frida_mode/test/jpeg/GNUmakefile | 164 ++++ frida_mode/test/jpeg/Makefile | 16 + frida_mode/test/jpeg/get_symbol_addr.py | 36 + frida_mode/test/js/GNUmakefile | 80 ++ frida_mode/test/js/Makefile | 25 + frida_mode/test/js/entry.js | 20 + frida_mode/test/js/patch.js | 34 + frida_mode/test/js/replace.js | 43 + frida_mode/test/js/stalker.js | 109 +++ frida_mode/test/js/test.c | 115 +++ frida_mode/test/js/test2.c | 177 ++++ frida_mode/test/libpcap/GNUmakefile | 10 +- .../test/libpcap/aflpp_qemu_driver_hook.c | 97 -- frida_mode/test/persistent_ret/GNUmakefile | 19 + frida_mode/test/persistent_ret/test.js | 48 + frida_mode/test/persistent_ret/testinstr.c | 11 +- .../test/png/persistent/hook/GNUmakefile | 30 +- frida_mode/test/png/persistent/hook/Makefile | 3 + .../persistent/hook/aflpp_qemu_driver_hook.c | 193 ---- .../test/png/persistent/hook/cmodule.js | 39 + frida_mode/test/png/persistent/hook/load.js | 27 + frida_mode/test/proj4/GNUmakefile | 164 ++++ frida_mode/test/proj4/Makefile | 17 + frida_mode/test/proj4/get_symbol_addr.py | 36 + frida_mode/test/re2/GNUmakefile | 10 +- frida_mode/test/re2/Makefile | 2 - frida_mode/test/re2/aflpp_qemu_driver_hook.c | 97 -- frida_mode/ts/lib/afl.ts | 373 ++++++++ frida_mode/ts/package-lock.json | 12 + frida_mode/ts/package.json | 32 + frida_mode/ts/tsconfig.json | 14 + frida_mode/ts/tslint.json | 256 ++++++ include/afl-fuzz.h | 3 +- include/envs.h | 3 +- include/forkserver.h | 1 + instrumentation/afl-compiler-rt.o.c | 34 +- instrumentation/split-compares-pass.so.cc | 10 +- src/afl-forkserver.c | 13 +- src/afl-fuzz-init.c | 115 +-- src/afl-fuzz-one.c | 1 + src/afl-fuzz-queue.c | 5 +- src/afl-fuzz-stats.c | 17 +- src/afl-fuzz.c | 12 +- src/afl-showmap.c | 206 +++-- test/test-int_cases.c | 95 +- test/test-llvm.sh | 2 +- test/test-uint_cases.c | 75 +- unicorn_mode/UNICORNAFL_VERSION | 2 +- unicorn_mode/samples/speedtest/get_offsets.py | 2 +- unicorn_mode/samples/speedtest/rust/Makefile | 2 +- .../samples/speedtest/rust/src/main.rs | 8 +- unicorn_mode/unicornafl | 2 +- 122 files changed, 4653 insertions(+), 1500 deletions(-) create mode 100644 frida_mode/Scripting.md create mode 100644 frida_mode/hook/hook.c create mode 100644 frida_mode/include/intercept.h delete mode 100644 frida_mode/include/interceptor.h create mode 100644 frida_mode/include/js.h rename frida_mode/src/{interceptor.c => intercept.c} (74%) create mode 100644 frida_mode/src/js/api.js create mode 100644 frida_mode/src/js/js.c create mode 100644 frida_mode/src/js/js_api.c create mode 100644 frida_mode/test/jpeg/GNUmakefile create mode 100644 frida_mode/test/jpeg/Makefile create mode 100755 frida_mode/test/jpeg/get_symbol_addr.py create mode 100644 frida_mode/test/js/GNUmakefile create mode 100644 frida_mode/test/js/Makefile create mode 100644 frida_mode/test/js/entry.js create mode 100644 frida_mode/test/js/patch.js create mode 100644 frida_mode/test/js/replace.js create mode 100644 frida_mode/test/js/stalker.js create mode 100644 frida_mode/test/js/test.c create mode 100644 frida_mode/test/js/test2.c delete mode 100644 frida_mode/test/libpcap/aflpp_qemu_driver_hook.c create mode 100644 frida_mode/test/persistent_ret/test.js delete mode 100644 frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c create mode 100644 frida_mode/test/png/persistent/hook/cmodule.js create mode 100644 frida_mode/test/png/persistent/hook/load.js create mode 100644 frida_mode/test/proj4/GNUmakefile create mode 100644 frida_mode/test/proj4/Makefile create mode 100755 frida_mode/test/proj4/get_symbol_addr.py delete mode 100644 frida_mode/test/re2/aflpp_qemu_driver_hook.c create mode 100644 frida_mode/ts/lib/afl.ts create mode 100644 frida_mode/ts/package-lock.json create mode 100644 frida_mode/ts/package.json create mode 100644 frida_mode/ts/tsconfig.json create mode 100644 frida_mode/ts/tslint.json diff --git a/README.md b/README.md index 91f28118..bc5b333c 100644 --- a/README.md +++ b/README.md @@ -25,12 +25,17 @@ For comparisons use the fuzzbench `aflplusplus` setup, or use `afl-clang-fast` with `AFL_LLVM_CMPLOG=1`. -## Major changes in afl++ 3.00 onwards: +## Major behaviour changes in afl++ 3.00 onwards: With afl++ 3.13-3.20 we introduce frida_mode (-O) to have an alternative for binary-only fuzzing. It is slower than Qemu mode but works on MacOS, Android, iOS etc. +With afl++ 3.14 we introduced the following changes from previous behaviours: + * afl-fuzz: deterministic fuzzing it not a default for -M main anymore + * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash + however does not) + With afl++ 3.10 we introduced the following changes from previous behaviours: * The '+' feature of the '-t' option now means to auto-calculate the timeout with the value given being the maximum timeout. The original meaning of @@ -38,7 +43,6 @@ With afl++ 3.10 we introduced the following changes from previous behaviours: With afl++ 3.00 we introduced changes that break some previous afl and afl++ behaviours and defaults: - * There are no llvm_mode and gcc_plugin subdirectories anymore and there is only one compiler: afl-cc. All previous compilers now symlink to this one. All instrumentation source code is now in the `instrumentation/` folder. @@ -109,7 +113,7 @@ behaviours and defaults: 4. with pcguard mode and LTO mode for LLVM 11 and newer 5. upcoming, development in the branch 6. not compatible with LTO instrumentation and needs at least LLVM v4.1 - 7. automatic in LTO mode with LLVM 11 and newer, an extra pass for all LLVM version that writes to a file to use with afl-fuzz' `-x` + 7. automatic in LTO mode with LLVM 11 and newer, an extra pass for all LLVM versions that write to a file to use with afl-fuzz' `-x` 8. the snapshot LKM is currently unmaintained due to too many kernel changes coming too fast :-( Among others, the following features and patches have been integrated: @@ -572,8 +576,15 @@ to use afl-clang-lto as the compiler. You also have the option to generate a dictionary yourself, see [utils/libtokencap/README.md](utils/libtokencap/README.md). afl-fuzz has a variety of options that help to workaround target quirks like -specific locations for the input file (`-f`), not performing deterministic -fuzzing (`-d`) and many more. Check out `afl-fuzz -h`. +specific locations for the input file (`-f`), performing deterministic +fuzzing (`-D`) and many more. Check out `afl-fuzz -h`. + +We highly recommend that you set a memory limit for running the target with `-m` +which defines the maximum memory in MB. This prevents a potential +out-of-memory problem for your system plus helps you detect missing `malloc()` +failure handling in the target. +Play around with various -m values until you find one that safely works for all +your input seeds (if you have good ones and then double or quadrouple that. By default afl-fuzz never stops fuzzing. To terminate afl++ simply press Control-C or send a signal SIGINT. You can limit the number of executions or approximate runtime @@ -614,23 +625,28 @@ For every secondary fuzzer there should be a variation, e.g.: * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV (see above). Important note: If you run more than one laf-intel/COMPCOV fuzzer and you want them to share their intermediate results, the main - fuzzer (`-M`) must be one of the them! + fuzzer (`-M`) must be one of the them! (Although this is not really + recommended.) All other secondaries should be used like this: - * A third to a half with the MOpt mutator enabled: `-L 0` - * run with a different power schedule, available are: - `fast (default), explore, coe, lin, quad, exploit, mmopt, rare, seek` - which you can set with e.g. `-p seek` + * A quarter to a third with the MOpt mutator enabled: `-L 0` + * run with a different power schedule, recommended are: + `fast (default), explore, coe, lin, quad, exploit and rare` + which you can set with e.g. `-p explore` + * a few instances should use the old queue cycling with `-Z` Also it is recommended to set `export AFL_IMPORT_FIRST=1` to load testcases from other fuzzers in the campaign first. +If you have a large corpus, a corpus from a previous run or are fuzzing in +a CI, then also set `export AFL_CMPLOG_ONLY_NEW=1` and `export AFL_FAST_CAL=1`. + You can also use different fuzzers. If you are using afl spinoffs or afl conforming fuzzers, then just use the same -o directory and give it a unique `-S` name. Examples are: * [Eclipser](https://github.com/SoftSec-KAIST/Eclipser/) - * [Untracer](https://github.com/FoRTE-Research/UnTracer-AFL) + * [symcc](https://github.com/eurecom-s/symcc/) * [AFLsmart](https://github.com/aflsmart/aflsmart) * [FairFuzz](https://github.com/carolemieux/afl-rb) * [Neuzz](https://github.com/Dongdongshe/neuzz) @@ -638,9 +654,11 @@ Examples are: A long list can be found at [https://github.com/Microsvuln/Awesome-AFL](https://github.com/Microsvuln/Awesome-AFL) -However you can also sync afl++ with honggfuzz, libfuzzer with -entropic, etc. +However you can also sync afl++ with honggfuzz, libfuzzer with `-entropic=1`, etc. Just show the main fuzzer (-M) with the `-F` option where the queue/work directory of a different fuzzer is, e.g. `-F /src/target/honggfuzz`. +Using honggfuzz (with `-n 1` or `-n 2`) and libfuzzer in parallel is highly +recommended! #### c) The status of the fuzz campaign @@ -767,25 +785,26 @@ campaigns as these are much shorter runnings. corpus needs to be loaded. * `AFL_CMPLOG_ONLY_NEW` - only perform cmplog on new found paths, not the initial corpus as this very likely has been done for them already. - * Keep the generated corpus, use afl-cmin and reuse it everytime! + * Keep the generated corpus, use afl-cmin and reuse it every time! 2. Additionally randomize the afl++ compilation options, e.g. * 40% for `AFL_LLVM_CMPLOG` * 10% for `AFL_LLVM_LAF_ALL` 3. Also randomize the afl-fuzz runtime options, e.g. - * 60% for `AFL_DISABLE_TRIM` + * 65% for `AFL_DISABLE_TRIM` * 50% use a dictionary generated by `AFL_LLVM_DICT2FILE` - * 50% use MOpt (`-L 0`) + * 40% use MOpt (`-L 0`) * 40% for `AFL_EXPAND_HAVOC_NOW` - * 30% for old queue processing (`-Z`) + * 20% for old queue processing (`-Z`) * for CMPLOG targets, 60% for `-l 2`, 40% for `-l 3` 4. Do *not* run any `-M` modes, just running `-S` modes is better for CI fuzzing. - `-M` enables deterministic fuzzing, old queue handling etc. which is good for - a fuzzing campaign but not good for short CI runs. + `-M` enables old queue handling etc. which is good for a fuzzing campaign but + not good for short CI runs. -How this can look like can e.g. be seen at afl++'s setup in Google's [oss-fuzz](https://github.com/google/oss-fuzz/blob/4bb61df7905c6005000f5766e966e6fe30ab4559/infra/base-images/base-builder/compile_afl#L69). +How this can look like can e.g. be seen at afl++'s setup in Google's [oss-fuzz](https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-builder/compile_afl) +and [clusterfuzz](https://github.com/google/clusterfuzz/blob/master/src/python/bot/fuzzers/afl/launcher.py). ## Fuzzing binary-only targets diff --git a/TODO.md b/TODO.md index 398f3d11..1c616b4a 100644 --- a/TODO.md +++ b/TODO.md @@ -2,13 +2,11 @@ ## Roadmap 3.00+ - - align map to 64 bytes but keep real IDs - Update afl->pending_not_fuzzed for MOpt - put fuzz target in top line of UI - afl-plot to support multiple plot_data - afl_custom_fuzz_splice_optin() - afl_custom_splice() - - intel-pt tracer - better autodetection of shifting runtime timeout values - cmplog: use colorization input for havoc? - parallel builds for source-only targets diff --git a/afl-cmin b/afl-cmin index 9fa63ec6..e71873d3 100755 --- a/afl-cmin +++ b/afl-cmin @@ -296,13 +296,13 @@ BEGIN { exit 1 } - if (0 == system( "test -d "in_dir"/default" )) { - in_dir = in_dir "/default" - } - - if (0 == system( "test -d "in_dir"/queue" )) { - in_dir = in_dir "/queue" - } + #if (0 == system( "test -d "in_dir"/default" )) { + # in_dir = in_dir "/default" + #} + # + #if (0 == system( "test -d "in_dir"/queue" )) { + # in_dir = in_dir "/queue" + #} system("rm -rf "trace_dir" 2>/dev/null"); system("rm "out_dir"/id[:_]* 2>/dev/null") @@ -355,30 +355,35 @@ BEGIN { } else { stat_format = "-f '%z %N'" # *BSD, MacOS } - cmdline = "(cd "in_dir" && find . \\( ! -name . -a -type d -prune \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)" + cmdline = "(cd "in_dir" && find . \\( ! -name \".*\" -a -type d \\) -o -type f -exec stat "stat_format" \\{\\} + | sort -k1n -k2r)" #cmdline = "ls "in_dir" | (cd "in_dir" && xargs stat "stat_format" 2>/dev/null) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && stat "stat_format" *) | sort -k1n -k2r" #cmdline = "(cd "in_dir" && ls | xargs stat "stat_format" ) | sort -k1n -k2r" while (cmdline | getline) { sub(/^[0-9]+ (\.\/)?/,"",$0) - infilesSmallToBig[i++] = $0 + infilesSmallToBigFull[i] = $0 + sub(/.*\//, "", $0) + infilesSmallToBig[i] = $0 + infilesSmallToBigMap[infilesSmallToBig[i]] = infilesSmallToBigFull[i] + infilesSmallToBigFullMap[infilesSmallToBigFull[i]] = infilesSmallToBig[i] + i++ } in_count = i - first_file = infilesSmallToBig[0] + first_file = infilesSmallToBigFull[0] - # Make sure that we're not dealing with a directory. + #if (0 == system("test -d ""\""in_dir"/"first_file"\"")) { + # print "[-] Error: The input directory is empty or contains subdirectories - please fix." > "/dev/stderr" + # exit 1 + #} - if (0 == system("test -d ""\""in_dir"/"first_file"\"")) { - print "[-] Error: The input directory is empty or contains subdirectories - please fix." > "/dev/stderr" - exit 1 - } - - if (0 == system("ln \""in_dir"/"first_file"\" "trace_dir"/.link_test")) { + system(">\""in_dir"/.afl-cmin.test\"") + if (0 == system("ln \""in_dir"/.afl-cmin.test\" "trace_dir"/.link_test")) { cp_tool = "ln" } else { cp_tool = "cp" } + system("rm -f \""in_dir"/.afl-cmin.test\"") if (!ENVIRON["AFL_SKIP_BIN_CHECK"]) { # Make sure that we can actually get anything out of afl-showmap before we @@ -511,7 +516,8 @@ BEGIN { # copy file unless already done if (! (fn in file_already_copied)) { - system(cp_tool" \""in_dir"/"fn"\" \""out_dir"/"fn"\"") + realfile = infilesSmallToBigMap[fn] + system(cp_tool" \""in_dir"/"realfile"\" \""out_dir"/"fn"\"") file_already_copied[fn] = "" ++out_count #printf "tuple nr %d (%d cnt=%d) -> %s\n",tcnt,key,key_count[key],fn > trace_dir"/.log" diff --git a/docs/Changelog.md b/docs/Changelog.md index 9f70535a..475240c2 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -16,6 +16,7 @@ sending a mail to . - if the target becomes unavailable check out out/default/error.txt for an indicator why - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL + - reverse read the queue on resumes (more effective) - afl-cc: - Update to COMPCOV/laf-intel that speeds up the instrumentation process a lot - thanks to Michael Rodler/f0rki for the PR! @@ -24,10 +25,14 @@ sending a mail to . - support partial linking - We do support llvm versions from 3.8 to 5.0 again - frida_mode: - - fix for cmplog + - several fixes for cmplog - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET - feature parity of aarch64 with intel now (persistent, cmplog, in-memory testcases, asan) + - qemu_mode: + - performance fix when cmplog was used + - afl-cmin and afl-showmap -i do now descend into subdirectories + (like afl-fuzz does) - note that afl-cmin.bash does not! - afl_analyze: - fix timeout handling - add forkserver support for better performance diff --git a/docs/parallel_fuzzing.md b/docs/parallel_fuzzing.md index 8f2afe1b..23872899 100644 --- a/docs/parallel_fuzzing.md +++ b/docs/parallel_fuzzing.md @@ -1,7 +1,11 @@ # Tips for parallel fuzzing - This document talks about synchronizing afl-fuzz jobs on a single machine - or across a fleet of systems. See README.md for the general instruction manual. +This document talks about synchronizing afl-fuzz jobs on a single machine +or across a fleet of systems. See README.md for the general instruction manual. + +Note that this document is rather outdated. please refer to the main document +section on multiple core usage [../README.md#Using multiple cores](../README.md#b-using-multiple-coresthreads) +for up to date strategies! ## 1) Introduction diff --git a/frida_mode/.gitignore b/frida_mode/.gitignore index 956b9911..32cca51f 100644 --- a/frida_mode/.gitignore +++ b/frida_mode/.gitignore @@ -3,3 +3,5 @@ frida_test.dat qemu_test.dat frida_out/** qemu_out/** +ts/dist/ +ts/node_modules/ diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 329d9f7f..f5a96501 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -6,6 +6,11 @@ INCLUDES:=$(wildcard $(INC_DIR)*.h) BUILD_DIR:=$(PWD)build/ OBJ_DIR:=$(BUILD_DIR)obj/ +JS_DIR:=$(SRC_DIR)js/ +JS_NAME:=api.js +JS:=$(JS_DIR)$(JS_NAME) +JS_SRC:=$(BUILD_DIR)api.c +JS_OBJ:=$(BUILD_DIR)api.o SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) CFLAGS+=-fPIC \ @@ -25,8 +30,7 @@ RT_CFLAGS:=-Wno-unused-parameter \ LDFLAGS+=-shared \ -lpthread \ -lresolv \ - -ldl \ - -z noexecstack \ + -ldl ifdef DEBUG CFLAGS+=-Werror \ @@ -60,6 +64,7 @@ else ifdef DEBUG RT_CFLAGS:=$(RT_CFLAGS) -Wno-prio-ctor-dtor endif +LDFLAGS+=-z noexecstack endif ifeq "$(shell uname)" "Linux" @@ -71,29 +76,33 @@ ifndef OS endif GUM_DEVKIT_VERSION=14.2.18 -GUM_DEVKIT_FILENAME=frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz +GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" GUM_DEVKIT_TARBALL:=$(FRIDA_BUILD_DIR)$(GUM_DEVKIT_FILENAME) -GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gum.a -GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gum.h +GUM_DEVIT_LIBRARY=$(FRIDA_BUILD_DIR)libfrida-gumjs.a +GUM_DEVIT_HEADER=$(FRIDA_BUILD_DIR)frida-gumjs.h FRIDA_DIR:=$(PWD)build/frida-source/ FRIDA_MAKEFILE:=$(FRIDA_DIR)Makefile -FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gum-1.0.a +FRIDA_GUM:=$(FRIDA_DIR)build/frida-linux-x86_64/lib/libfrida-gumjs-1.0.a FRIDA_GUM_DEVKIT_DIR:=$(FRIDA_DIR)build/gum-devkit/ -FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gum.h -FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/frida-gum-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar +FRIDA_GUM_DEVKIT_HEADER:=$(FRIDA_GUM_DEVKIT_DIR)frida-gumjs.h +FRIDA_GUM_DEVKIT_TARBALL:=$(FRIDA_DIR)build/frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -.PHONY: all 32 clean format $(FRIDA_GUM) +HOOK_DIR:=$(PWD)hook/ +AFLPP_DRIVER_HOOK_SRC=$(HOOK_DIR)hook.c +AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)hook.so + +.PHONY: all 32 clean format hook $(FRIDA_GUM) ############################## ALL ############################################# -all: $(FRIDA_TRACE) +all: $(FRIDA_TRACE) $(AFLPP_DRIVER_HOOK_OBJ) 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all @@ -113,7 +122,7 @@ $(FRIDA_GUM): $(FRIDA_MAKEFILE) cd $(FRIDA_DIR) && make gum-linux-$(ARCH) $(FRIDA_GUM_DEVKIT_HEADER): $(FRIDA_GUM) - $(FRIDA_DIR)releng/devkit.py frida-gum linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ + $(FRIDA_DIR)releng/devkit.py frida-gumjs linux-$(ARCH) $(FRIDA_DIR)build/gum-devkit/ $(FRIDA_GUM_DEVKIT_TARBALL): $(FRIDA_GUM_DEVKIT_HEADER) cd $(FRIDA_GUM_DEVKIT_DIR) && tar cvf $(FRIDA_GUM_DEVKIT_TARBALL) . @@ -150,6 +159,20 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) -o $@ \ -c $< +############################### JS ############################################# + +$(JS_SRC): $(JS) | $(BUILD_DIR) + cd $(JS_DIR) && xxd -i $(JS_NAME) $@ + +$(JS_OBJ): $(JS_SRC) + $(CC) \ + $(CFLAGS) \ + -I $(ROOT)include \ + -I $(FRIDA_BUILD_DIR) \ + -I $(INC_DIR) \ + -c $< \ + -o $@ + ############################# SOURCE ########################################### define BUILD_SOURCE @@ -167,9 +190,10 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $( ######################## AFL-FRIDA-TRACE ####################################### -$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) - $(CC) \ +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) + $(CXX) \ $(OBJS) \ + $(JS_OBJ) \ $(GUM_DEVIT_LIBRARY) \ $(AFL_COMPILER_RT_OBJ) \ $(LDFLAGS) \ @@ -177,13 +201,20 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(AFL_COMPILER_ cp -v $(FRIDA_TRACE) $(ROOT) +############################# HOOK ############################################# + +$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@ + +hook: $(AFLPP_DRIVER_HOOK_OBJ) + ############################# CLEAN ############################################ clean: rm -rf $(BUILD_DIR) ############################# FORMAT ########################################### format: - cd $(ROOT) && echo $(SOURCES) | xargs -L1 ./.custom-format.py -i + cd $(ROOT) && echo $(SOURCES) $(AFLPP_DRIVER_HOOK_SRC) | xargs -L1 ./.custom-format.py -i cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i ############################# RUN ############################################# diff --git a/frida_mode/Makefile b/frida_mode/Makefile index 6cd1a64e..1922c7e6 100644 --- a/frida_mode/Makefile +++ b/frida_mode/Makefile @@ -11,3 +11,6 @@ clean: format: @gmake format + +hook: + @gmake hook diff --git a/frida_mode/README.md b/frida_mode/README.md index 296e6405..6bed52b7 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -78,6 +78,10 @@ following options are currently supported: To enable the powerful CMPLOG mechanism, set `-c 0` for `afl-fuzz`. +## Scripting + +One of the more powerful features of FRIDA mode is it's support for configuration by JavaScript, rather than using environment variables. For details of how this works see [here](Scripting.md). + ## Performance Additionally, the intention is to be able to make a direct performance diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md new file mode 100644 index 00000000..4c6fe6b2 --- /dev/null +++ b/frida_mode/Scripting.md @@ -0,0 +1,850 @@ +# Scripting +FRIDA now supports the ability to configure itself using JavaScript. This allows +the user to make use of the convenience of FRIDA's scripting engine (along with +it's support for debug symbols and exports) to configure all of the things which +were traditionally configured using environment variables. + +By default FRIDA mode will look for the file `afl.js` in the current working +directory of the target. Alternatively, a script file can be configured using +the environment variable `AFL_FRIDA_JS_SCRIPT`. + +This script can make use of all of the standard [frida api functions](https://frida.re/docs/javascript-api/), but FRIDA mode adds some additional functions to allow +you to interact with FRIDA mode itself. These can all be accessed via the global +`Afl` parameter. e.g. `Afl.print("HELLO WORLD");`, + +If you encounter a problem with your script, then you should set the environment +variable `AFL_DEBUG_CHILD=1` to view any diagnostic information. + + +# Example +Most of the time, users will likely be wanting to call the functions which configure an address (e.g. for the entry point, or the persistent address). + +The example below uses the API [`DebugSymbol.fromName()`](https://frida.re/docs/javascript-api/#debugsymbol). Another use API is [`Module.getExportByName()`](https://frida.re/docs/javascript-api/#module). + +```js +/* Use Afl.print instead of console.log */ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +/* Print some useful diagnostics stuff */ +Afl.print(`PID: ${Process.id}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +/* + * Configure entry-point, persistence etc. This will be what most + * people want to do. + */ +const persistent_addr = DebugSymbol.fromName('main'); +Afl.print(`persistent_addr: ${persistent_addr.address}`); + +if (persistent_addr.address.equals(ptr(0))) { + Afl.error('Cannot find symbol main'); +} + +const persistent_ret = DebugSymbol.fromName('slow'); +Afl.print(`persistent_ret: ${persistent_ret.address}`); + +if (persistent_ret.address.equals(ptr(0))) { + Afl.error('Cannot find symbol slow'); +} + +Afl.setPersistentAddress(persistent_addr.address); +Afl.setPersistentReturn(persistent_ret.address); +Afl.setPersistentCount(1000000); + +/* Control instrumentation, you may want to do this too */ +Afl.setInstrumentLibraries(); +const mod = Process.findModuleByName("libc-2.31.so") +Afl.addExcludedRange(mod.base, mod.size); + +/* Some useful options to configure logging */ +Afl.setStdOut("/tmp/stdout.txt"); +Afl.setStdErr("/tmp/stderr.txt"); + +/* Show the address layout. Sometimes helpful */ +Afl.setDebugMaps(); + +/* + * If you are using these options, then things aren't going + * very well for you. + */ +Afl.setInstrumentDebugFile("/tmp/instr.log"); +Afl.setPrefetchDisable(); +Afl.setInstrumentNoOptimize(); +Afl.setInstrumentEnableTracing(); +Afl.setInstrumentTracingUnique(); +Afl.setStatsFile("/tmp/stats.txt"); +Afl.setStatsInterval(1); +Afl.setStatsTransitions(); + +/* *ALWAYS* call this when you have finished all your configuration */ +Afl.done(); +Afl.print("done"); +``` + +# Stripped Binaries + +Lastly, if the binary you attempting to fuzz has no symbol information, and no +exports, then the following approach can be used. + +```js +const module = Process.getModuleByName('target.exe'); +/* Hardcoded offset within the target image */ +const address = module.base.add(0xdeadface); +Afl.setPersistentAddress(address); +``` + +# Persisent Hook +A persistent hook can be implemented using a conventional shared object, sample +source code for a hook suitable for the prototype of `LLVMFuzzerTestOneInput` +can be found [here](hook/hook.c). This can be configured using code similar to +the following. + +```js +const path = Afl.module.path; +const dir = path.substring(0, path.lastIndexOf("/")); +const mod = Module.load(`${dir}/frida_mode/build/hook.so`); +const hook = mod.getExportByName('afl_persistent_hook'); +Afl.setPersistentHook(hook); +``` + +Alternatively, the hook can be provided by using FRIDAs built in support for `CModule`, powered by TinyCC. + +```js +const cm = new CModule(` + + #include + #include + + void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + + } + `, + { + memcpy: Module.getExportByName(null, 'memcpy') + }); +Afl.setPersistentHook(cm.afl_persistent_hook); +``` + +# Advanced Persistence +Consider the following target code... +```c + +#include +#include +#include +#include +#include + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + LLVMFuzzerTestOneInput(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + + usleep(100000); + +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return run(argv[1]); + +} +``` + +FRIDA mode supports the replacement of any function, with an implementation +generated by CModule. This allows for a bespoke harness to be written as +follows: + +``` +const slow = DebugSymbol.fromName('slow').address; +Afl.print(`slow: ${slow}`); + +const LLVMFuzzerTestOneInput = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`LLVMFuzzerTestOneInput: ${LLVMFuzzerTestOneInput}`); + +const cm = new CModule(` + + extern unsigned char * __afl_fuzz_ptr; + extern unsigned int * __afl_fuzz_len; + extern void LLVMFuzzerTestOneInput(char *buf, int len); + + void slow(void) { + + LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len); + } + `, + { + LLVMFuzzerTestOneInput: LLVMFuzzerTestOneInput, + __afl_fuzz_ptr: Afl.getAflFuzzPtr(), + __afl_fuzz_len: Afl.getAflFuzzLen() + }); + +Afl.setEntryPoint(cm.slow); +Afl.setPersistentAddress(cm.slow); +Afl.setInMemoryFuzzing(); +Interceptor.replace(slow, cm.slow); +Afl.print("done"); +Afl.done(); +``` + +Here, we replace the function `slow` with our own code. This code is then +selected as the entry point as well as the persistent loop address. + +**WARNING** There are two key limitations in replacing a function in this way: +- The function which is to be replaced must not be `main` this is because this +is the point at which FRIDA mode is initialized and at the point the the JS has +been run, the start of the `main` function has already been instrumented and +cached. +- The replacement function must not call itself. e.g. in this example we +couldn't replace `LLVMFuzzerTestOneInput` and call itself. + +# Patching +Consider the [following](test/js/test2.c) test code... + +```c +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include + +const uint32_t crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + + ... + + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +uint32_t +crc32(const void *buf, size_t size) +{ + const uint8_t *p = buf; + uint32_t crc; + crc = ~0U; + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + return crc ^ ~0U; +} + +/* + * Don't you hate those contrived examples which CRC their data. We can use + * FRIDA to patch this function out and always return success. Otherwise, we + * could change it to actually correct the checksum. + */ +int crc32_check (char * buf, int len) { + if (len < sizeof(uint32_t)) { return 0; } + uint32_t expected = *(uint32_t *)&buf[len - sizeof(uint32_t)]; + uint32_t calculated = crc32(buf, len - sizeof(uint32_t)); + return expected == calculated; +} + +/* + * So you've found a really boring bug in an earlier campaign which results in + * a NULL dereference or something like that. That bug can get in the way, + * causing the persistent loop to exit whenever it is triggered, and can also + * cloud your output unnecessarily. Again, we can use FRIDA to patch it out. + */ +void some_boring_bug(char c) { + switch (c) { + case 'A'...'Z': + case 'a'...'z': + __builtin_trap(); + break; + } +} + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (!crc32_check(buf, len)) return; + + some_boring_bug(buf[0]); + + if (buf[0] == '0') { + printf("Looks like a zero to me!\n"); + } + else if (buf[0] == '1') { + printf("Pretty sure that is a one!\n"); + } + else if (buf[0] == '2') { + if (buf[1] == '3') { + if (buf[2] == '4') { + printf("Oh we, weren't expecting that!"); + __builtin_trap(); + } + } + } + else + printf("Neither one or zero? How quaint!\n"); + +} + +int main(int argc, char **argv) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + printf("Running: %s\n", argv[1]); + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { return 1; } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { return 1; } + + if (lseek(fd, 0, SEEK_SET) != 0) { return 1; } + + buf = malloc(len); + if (buf == NULL) { return 1; } + + n_read = read(fd, buf, len); + if (n_read != len) { return 1; } + + printf("Running: %s: (%zd bytes)\n", argv[1], n_read); + + LLVMFuzzerTestOneInput(buf, len); + printf("Done: %s: (%zd bytes)\n", argv[1], n_read); + + return 0; +} +``` + +There are a couple of obstacles with our target application. Unlike when fuzzing +source code, though, we can't simply edit it and recompile it. The following +script shows how we can use the normal functionality of FRIDA to modify any +troublesome behaviour. + +```js +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +const main = DebugSymbol.fromName('main').address; +Afl.print(`main: ${main}`); +Afl.setEntryPoint(main); +Afl.setPersistentAddress(main); +Afl.setPersistentCount(10000000); + +const crc32_check = DebugSymbol.fromName('crc32_check').address; +const crc32_replacement = new NativeCallback( + (buf, len) => { + Afl.print(`len: ${len}`); + if (len < 4) { + return 0; + } + + return 1; + }, + 'int', + ['pointer', 'int']); +Interceptor.replace(crc32_check, crc32_replacement); + +const some_boring_bug = DebugSymbol.fromName('some_boring_bug').address +const boring_replacement = new NativeCallback( + (c) => { }, + 'void', + ['char']); +Interceptor.replace(some_boring_bug, boring_replacement); + +Afl.done(); +Afl.print("done"); +``` + +# Advanced Patching +Consider the following code fragment... +```c +extern void some_boring_bug2(char c); + +__asm__ ( + ".text \n" + "some_boring_bug2: \n" + ".global some_boring_bug2 \n" + ".type some_boring_bug2, @function \n" + "mov %edi, %eax \n" + "cmp $0xb4, %al \n" + "jne ok \n" + "ud2 \n" + "ok: \n" + "ret \n"); + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + ... + + some_boring_bug2(buf[0]); + + ... + +} +``` + +Rather than using FRIDAs `Interceptor.replace` or `Interceptor.attach` APIs, it +is possible to apply much more fine grained modification to the target +application by means of using the Stalker APIs. + +The following code locates the function of interest and patches out the UD2 +instruction signifying a crash. + +```js +/* Modify the instructions */ +const some_boring_bug2 = DebugSymbol.fromName('some_boring_bug2').address +const pid = Memory.alloc(4); +pid.writeInt(Process.id); + +const cm = new CModule(` + #include + #include + + typedef int pid_t; + + #define STDERR_FILENO 2 + #define BORING2_LEN 10 + + extern int dprintf(int fd, const char *format, ...); + extern void some_boring_bug2(char c); + extern pid_t getpid(void); + extern pid_t pid; + + gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output) + { + pid_t my_pid = getpid(); + GumX86Writer *cw = output->writer.x86; + + if (GUM_ADDRESS(insn->address) < GUM_ADDRESS(some_boring_bug2)) { + + return TRUE; + + } + + if (GUM_ADDRESS(insn->address) >= + GUM_ADDRESS(some_boring_bug2) + BORING2_LEN) { + + return TRUE; + + } + + if (my_pid == pid) { + + if (begin) { + + dprintf(STDERR_FILENO, "\n> 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } else { + + dprintf(STDERR_FILENO, " 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } + + } + + if (insn->id == X86_INS_UD2) { + + gum_x86_writer_put_nop(cw); + return FALSE; + + } else { + + return TRUE; + + } + } + `, + { + dprintf: Module.getExportByName(null, 'dprintf'), + getpid: Module.getExportByName(null, 'getpid'), + some_boring_bug2: some_boring_bug2, + pid: pid + }); +Afl.setStalkerCallback(cm.js_stalker_callback) +Afl.setStdErr("/tmp/stderr.txt"); +``` + +Note that you will more likely want to find the +patch address by using: + +```js +const module = Process.getModuleByName('target.exe'); +/* Hardcoded offset within the target image */ +const address = module.base.add(0xdeadface); +``` +OR +``` +const address = DebugSymbol.fromName("my_function").address.add(0xdeadface); +``` +OR +``` +const address = Module.getExportByName(null, "my_function").add(0xdeadface); +``` + +The function `js_stalker_callback` should return `TRUE` if the original +instruction should be emitted in the instrumented code, or `FALSE` otherwise. +In the example above, we can see it is replaced with a `NOP`. + +Lastly, note that the same callback will be called when compiling instrumented +code both in the child of the forkserver (as it is executed) and also in the +parent of the forserver (when prefetching is enabled) so that it can be +inherited by the next forked child. It is **VERY** important that the same +instructions be generated in both the parent and the child, or if prefetching is +disabled that the same instructions are generated every time the block is +compiled. Failure to do so will likely lead to bugs which are incredibly +difficult to diagnose. The code above only prints the instructions when running +in the parent process (the one provided by `Process.id` when the JS script is +executed). + +# API +```js +class Afl { + + /** + * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode + * implementation). + */ + public static module: Module = Process.getModuleByName("afl-frida-trace.so"); + + /** + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ + public static addExcludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddExcludeRange(addressess, size); + } + + /** + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ + public static addIncludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddIncludeRange(addressess, size); + } + + /** + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ + public static done(): void { + Afl.jsApiDone(); + } + + /** + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ + public static error(msg: string): void { + const buf = Memory.allocUtf8String(msg); + Afl.jsApiError(buf); + } + + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the length of + * fuzzing data when using in-memory test case fuzzing. + */ + public static getAflFuzzLen(): NativePointer { + + return Afl.jsApiGetSymbol("__afl_fuzz_len"); + } + + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the fuzzing + * data when using in-memory test case fuzzing. + */ + public static getAflFuzzPtr(): NativePointer { + + return Afl.jsApiGetSymbol("__afl_fuzz_ptr"); + } + + /** + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ + public static print(msg: string): void { + const STDOUT_FILENO = 2; + const log = `${msg}\n`; + const buf = Memory.allocUtf8String(log); + Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); + } + + /** + * See `AFL_FRIDA_DEBUG_MAPS`. + */ + public static setDebugMaps(): void { + Afl.jsApiSetDebugMaps(); + } + + /** + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ + public static setEntryPoint(address: NativePointer): void { + Afl.jsApiSetEntryPoint(address); + } + + /** + * Function used to enable in-memory test cases for fuzzing. + */ + public static setInMemoryFuzzing(): void { + Afl.jsApiAflSharedMemFuzzing.writeInt(1); + } + + /** + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ + public static setInstrumentDebugFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetInstrumentDebugFile(buf); + } + + /** + * See `AFL_FRIDA_INST_TRACE`. + */ + public static setInstrumentEnableTracing(): void { + Afl.jsApiSetInstrumentTrace(); + } + + /** + * See `AFL_INST_LIBS`. + */ + public static setInstrumentLibraries(): void { + Afl.jsApiSetInstrumentLibraries(); + } + + /** + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ + public static setInstrumentNoOptimize(): void { + Afl.jsApiSetInstrumentNoOptimize(); + } + + /** + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ + public static setInstrumentTracingUnique(): void { + Afl.jsApiSetInstrumentTraceUnique(); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentAddress(address: NativePointer): void { + Afl.jsApiSetPersistentAddress(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ + public static setPersistentCount(count: number): void { + Afl.jsApiSetPersistentCount(count); + } + + /** + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ + public static setPersistentDebug(): void { + Afl.jsApiSetPersistentDebug(); + } + + /** + * See `AFL_FRIDA_PERSISTENT_ADDR`. This function takes a NativePointer as an + * argument. See above for examples of use. + */ + public static setPersistentHook(address: NativePointer): void { + Afl.jsApiSetPersistentHook(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentReturn(address: NativePointer): void { + Afl.jsApiSetPersistentReturn(address); + } + + /** + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ + public static setPrefetchDisable(): void { + Afl.jsApiSetPrefetchDisable(); + } + + /* + * Set a function to be called for each instruction which is instrumented + * by AFL FRIDA mode. + */ + public static setStalkerCallback(callback: NativePointer): void { + Afl.jsApiSetStalkerCallback(callback); + } + + /** + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ + public static setStatsFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStatsFile(buf); + } + + /** + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ + public static setStatsInterval(interval: number): void { + Afl.jsApiSetStatsInterval(interval); + } + + /** + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ + public static setStatsTransitions(): void { + Afl.jsApiSetStatsTransitions(); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ + public static setStdErr(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdErr(buf); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ + public static setStdOut(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdOut(buf); + } + +} + +``` diff --git a/frida_mode/hook/hook.c b/frida_mode/hook/hook.c new file mode 100644 index 00000000..7d08101f --- /dev/null +++ b/frida_mode/hook/hook.c @@ -0,0 +1,50 @@ +#include +#include + +#include "frida-gumjs.h" + +#if defined(__x86_64__) + +void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[0]; + void **arg2 = &esp[1]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} + +#elif defined(__aarch64__) + +void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->x[0], input_buf, input_buf_len); + regs->x[1] = input_buf_len; + +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} + diff --git a/frida_mode/include/asan.h b/frida_mode/include/asan.h index 7a8726e0..67d33591 100644 --- a/frida_mode/include/asan.h +++ b/frida_mode/include/asan.h @@ -1,10 +1,11 @@ #ifndef _ASAN_H #define _ASAN_H -#include "frida-gum.h" +#include "frida-gumjs.h" extern gboolean asan_initialized; +void asan_config(void); void asan_init(void); void asan_arch_init(void); void asan_instrument(const cs_insn *instr, GumStalkerIterator *iterator); diff --git a/frida_mode/include/ctx.h b/frida_mode/include/ctx.h index 67274aee..c669478e 100644 --- a/frida_mode/include/ctx.h +++ b/frida_mode/include/ctx.h @@ -1,7 +1,7 @@ #ifndef _CTX_H #define _CTX_H -#include "frida-gum.h" +#include "frida-gumjs.h" #if defined(__x86_64__) gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg); diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h index 967831af..801c2bbe 100644 --- a/frida_mode/include/entry.h +++ b/frida_mode/include/entry.h @@ -1,13 +1,15 @@ #ifndef _ENTRY_H #define _ENTRY_H -#include "frida-gum.h" +#include "frida-gumjs.h" -extern guint64 entry_start; +extern guint64 entry_point; + +void entry_config(void); void entry_init(void); -void entry_run(void); +void entry_start(void); void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output); diff --git a/frida_mode/include/frida_cmplog.h b/frida_mode/include/frida_cmplog.h index b620a472..a665e970 100644 --- a/frida_mode/include/frida_cmplog.h +++ b/frida_mode/include/frida_cmplog.h @@ -3,6 +3,7 @@ extern struct cmp_map *__afl_cmp_map; +void cmplog_config(void); void cmplog_init(void); /* Functions to be implemented by the different architectures */ diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 577481d1..9c8d3a5d 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -1,13 +1,20 @@ #ifndef _INSTRUMENT_H #define _INSTRUMENT_H -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" -extern __thread uint64_t previous_pc; -extern uint8_t * __afl_area_ptr; -extern uint32_t __afl_map_size; +extern char * instrument_debug_filename; +extern gboolean instrument_tracing; +extern gboolean instrument_optimize; +extern gboolean instrument_unique; +extern __thread uint64_t instrument_previous_pc; + +extern uint8_t *__afl_area_ptr; +extern uint32_t __afl_map_size; + +void instrument_config(void); void instrument_init(void); @@ -19,6 +26,7 @@ gboolean instrument_is_coverage_optimize_supported(void); void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output); +void instrument_debug_config(void); void instrument_debug_init(void); void instrument_debug_start(uint64_t address, GumStalkerOutput *output); void instrument_debug_instruction(uint64_t address, uint16_t size); diff --git a/frida_mode/include/intercept.h b/frida_mode/include/intercept.h new file mode 100644 index 00000000..8fe93b10 --- /dev/null +++ b/frida_mode/include/intercept.h @@ -0,0 +1,11 @@ +#ifndef _INTERCEPTOR_H +#define _INTERCEPTOR_H + +#include "frida-gumjs.h" + +void intercept_hook(void *address, gpointer replacement, gpointer user_data); +void intercept_unhook(void *address); +void intercept_unhook_self(void); + +#endif + diff --git a/frida_mode/include/interceptor.h b/frida_mode/include/interceptor.h deleted file mode 100644 index 0ff754a4..00000000 --- a/frida_mode/include/interceptor.h +++ /dev/null @@ -1,11 +0,0 @@ -#ifndef _INTERCEPTOR_H -#define _INTERCEPTOR_H - -#include "frida-gum.h" - -void intercept(void *address, gpointer replacement, gpointer user_data); -void unintercept(void *address); -void unintercept_self(void); - -#endif - diff --git a/frida_mode/include/js.h b/frida_mode/include/js.h new file mode 100644 index 00000000..a5ecb712 --- /dev/null +++ b/frida_mode/include/js.h @@ -0,0 +1,26 @@ +#ifndef _JS_H +#define _JS_H + +#include "frida-gumjs.h" + +typedef gboolean (*js_api_stalker_callback_t)(const cs_insn *insn, + gboolean begin, gboolean excluded, + GumStalkerOutput *output); + +extern unsigned char api_js[]; +extern unsigned int api_js_len; + +extern gboolean js_done; +extern js_api_stalker_callback_t js_user_callback; + +/* Frida Mode */ + +void js_config(void); + +void js_start(void); + +gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output); + +#endif + diff --git a/frida_mode/include/lib.h b/frida_mode/include/lib.h index 237aecb0..a9d56e4e 100644 --- a/frida_mode/include/lib.h +++ b/frida_mode/include/lib.h @@ -1,7 +1,9 @@ #ifndef _LIB_H #define _LIB_H -#include "frida-gum.h" +#include "frida-gumjs.h" + +void lib_config(void); void lib_init(void); diff --git a/frida_mode/include/output.h b/frida_mode/include/output.h index 53a9fdd3..743b2fe6 100644 --- a/frida_mode/include/output.h +++ b/frida_mode/include/output.h @@ -1,8 +1,12 @@ #ifndef _OUTPUT_H #define _OUTPUT_H -#include "frida-gum.h" +#include "frida-gumjs.h" +extern char *output_stdout; +extern char *output_stderr; + +void output_config(void); void output_init(void); #endif diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index 25b44ab0..8f00196c 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -2,7 +2,7 @@ #ifndef _PERSISTENT_H #define _PERSISTENT_H -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" typedef struct arch_api_regs api_regs; @@ -19,9 +19,10 @@ extern unsigned char *__afl_fuzz_ptr; extern guint64 persistent_start; extern guint64 persistent_count; extern guint64 persistent_ret; -extern guint64 persistent_ret_offset; extern gboolean persistent_debug; -extern afl_persistent_hook_fn hook; +extern afl_persistent_hook_fn persistent_hook; + +void persistent_config(void); void persistent_init(void); diff --git a/frida_mode/include/prefetch.h b/frida_mode/include/prefetch.h index 8f0cee68..835d5e8a 100644 --- a/frida_mode/include/prefetch.h +++ b/frida_mode/include/prefetch.h @@ -1,8 +1,11 @@ #ifndef _PREFETCH_H #define _PREFETCH_H -#include "frida-gum.h" +#include "frida-gumjs.h" +extern gboolean prefetch_enable; + +void prefetch_config(void); void prefetch_init(void); void prefetch_write(void *addr); void prefetch_read(void); diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index c623f473..a667fb76 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -1,13 +1,20 @@ #ifndef _RANGES_H #define _RANGES_H -#include "frida-gum.h" +#include "frida-gumjs.h" +extern gboolean ranges_debug_maps; +extern gboolean ranges_inst_libs; + +void ranges_config(void); void ranges_init(void); gboolean range_is_excluded(gpointer address); void ranges_exclude(); +void ranges_add_include(GumMemoryRange *range); +void ranges_add_exclude(GumMemoryRange *range); + #endif diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h index 186ead11..2136fe52 100644 --- a/frida_mode/include/stalker.h +++ b/frida_mode/include/stalker.h @@ -1,8 +1,9 @@ #ifndef _STALKER_H #define _STALKER_H -#include "frida-gum.h" +#include "frida-gumjs.h" +void stalker_config(void); void stalker_init(void); GumStalker *stalker_get(void); void stalker_start(void); diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h index 4271132a..1cfd6b8f 100644 --- a/frida_mode/include/stats.h +++ b/frida_mode/include/stats.h @@ -1,7 +1,7 @@ #ifndef _STATS_H #define _STATS_H -#include "frida-gum.h" +#include "frida-gumjs.h" typedef struct { @@ -15,6 +15,11 @@ typedef struct { extern stats_data_header_t *stats_data; +extern char * stats_filename; +extern guint64 stats_interval; +extern gboolean stats_transitions; + +void stats_config(void); void stats_init(void); void stats_collect(const cs_insn *instr, gboolean begin); void stats_print(char *format, ...); diff --git a/frida_mode/include/util.h b/frida_mode/include/util.h index 7b443b5e..525e9d40 100644 --- a/frida_mode/include/util.h +++ b/frida_mode/include/util.h @@ -1,7 +1,7 @@ #ifndef _UTIL_H #define _UTIL_H -#include "frida-gum.h" +#include "frida-gumjs.h" #define UNUSED_PARAMETER(x) (void)(x) #define IGNORED_RETURN(x) (void)!(x) diff --git a/frida_mode/src/asan/asan.c b/frida_mode/src/asan/asan.c index f78f690c..b2e763ca 100644 --- a/frida_mode/src/asan/asan.c +++ b/frida_mode/src/asan/asan.c @@ -1,18 +1,18 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "asan.h" -gboolean asan_initialized = FALSE; +static gboolean asan_enabled = FALSE; +gboolean asan_initialized = FALSE; -void asan_init(void) { +void asan_config(void) { if (getenv("AFL_USE_FASAN") != NULL) { OKF("Frida ASAN mode enabled"); - asan_arch_init(); - asan_initialized = TRUE; + asan_enabled = TRUE; } else { @@ -22,3 +22,14 @@ void asan_init(void) { } +void asan_init(void) { + + if (asan_enabled) { + + asan_arch_init(); + asan_initialized = TRUE; + + } + +} + diff --git a/frida_mode/src/asan/asan_arm32.c b/frida_mode/src/asan/asan_arm32.c index 79475ced..f5fa4713 100644 --- a/frida_mode/src/asan/asan_arm32.c +++ b/frida_mode/src/asan/asan_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/asan/asan_arm64.c b/frida_mode/src/asan/asan_arm64.c index 66138e42..65524e03 100644 --- a/frida_mode/src/asan/asan_arm64.c +++ b/frida_mode/src/asan/asan_arm64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/asan/asan_x64.c b/frida_mode/src/asan/asan_x64.c index a2eabe3c..5c12669f 100644 --- a/frida_mode/src/asan/asan_x64.c +++ b/frida_mode/src/asan/asan_x64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/asan/asan_x86.c b/frida_mode/src/asan/asan_x86.c index 8490b490..6d2f9e2b 100644 --- a/frida_mode/src/asan/asan_x86.c +++ b/frida_mode/src/asan/asan_x86.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/cmplog/cmplog.c b/frida_mode/src/cmplog/cmplog.c index 3df7d13d..a2609c8e 100644 --- a/frida_mode/src/cmplog/cmplog.c +++ b/frida_mode/src/cmplog/cmplog.c @@ -1,27 +1,32 @@ #include #include #include -#include +#include +#include +#include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "util.h" #define DEFAULT_MMAP_MIN_ADDR (32UL << 10) -#define FD_TMP_MAX_SIZE 65536 +#define MAX_MEMFD_SIZE (64UL << 10) extern struct cmp_map *__afl_cmp_map; +static GArray * cmplog_ranges = NULL; +static GHashTable * hash_yes = NULL; +static GHashTable * hash_no = NULL; -static GArray *cmplog_ranges = NULL; -static int fd_tmp = -1; -static ssize_t fd_tmp_size = 0; +static long page_size = 0; +static long page_offset_mask = 0; +static long page_mask = 0; static gboolean cmplog_range(const GumRangeDetails *details, gpointer user_data) { - UNUSED_PARAMETER(user_data); + GArray * cmplog_ranges = (GArray *)user_data; GumMemoryRange range = *details->range; g_array_append_val(cmplog_ranges, range); return TRUE; @@ -35,37 +40,17 @@ static gint cmplog_sort(gconstpointer a, gconstpointer b) { } -static int cmplog_create_temp(void) { +static void cmplog_get_ranges(void) { - const char *tmpdir = g_get_tmp_dir(); - OKF("CMPLOG Temporary directory: %s", tmpdir); - gchar *fname = g_strdup_printf("%s/frida-cmplog-XXXXXX", tmpdir); - OKF("CMPLOG Temporary file template: %s", fname); - int fd = mkstemp(fname); - OKF("CMPLOG Temporary file: %s", fname); + OKF("CMPLOG - Collecting ranges"); - if (fd < 0) { + cmplog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); + gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, cmplog_ranges); + g_array_sort(cmplog_ranges, cmplog_sort); - FATAL("Failed to create temp file: %s, errno: %d", fname, errno); +} - } - - if (unlink(fname) < 0) { - - FATAL("Failed to unlink temp file: %s (%d), errno: %d", fname, fd, errno); - - } - - if (ftruncate(fd, 0) < 0) { - - FATAL("Failed to ftruncate temp file: %s (%d), errno: %d", fname, fd, - errno); - - } - - g_free(fname); - - return fd; +void cmplog_config(void) { } @@ -73,25 +58,34 @@ void cmplog_init(void) { if (__afl_cmp_map != NULL) { OKF("CMPLOG mode enabled"); } - cmplog_ranges = g_array_sized_new(false, false, sizeof(GumMemoryRange), 100); - gum_process_enumerate_ranges(GUM_PAGE_READ, cmplog_range, NULL); - g_array_sort(cmplog_ranges, cmplog_sort); + cmplog_get_ranges(); for (guint i = 0; i < cmplog_ranges->len; i++) { GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); - OKF("CMPLOG Range - 0x%016" G_GINT64_MODIFIER "X - 0x%016" G_GINT64_MODIFIER - "X", - range->base_address, range->base_address + range->size); + OKF("CMPLOG Range - %3u: 0x%016" G_GINT64_MODIFIER + "X - 0x%016" G_GINT64_MODIFIER "X", + i, range->base_address, range->base_address + range->size); } - /* - * We can't use /dev/null or /dev/zero for this since it appears that they - * don't validate the input buffer. Persumably as an optimization because they - * don't actually write any data. The file will be deleted on close. - */ - fd_tmp = cmplog_create_temp(); + page_size = sysconf(_SC_PAGE_SIZE); + page_offset_mask = page_size - 1; + page_mask = ~(page_offset_mask); + + hash_yes = g_hash_table_new(g_direct_hash, g_direct_equal); + if (hash_yes == NULL) { + + FATAL("Failed to g_hash_table_new, errno: %d", errno); + + } + + hash_no = g_hash_table_new(g_direct_hash, g_direct_equal); + if (hash_no == NULL) { + + FATAL("Failed to g_hash_table_new, errno: %d", errno); + + } } @@ -102,6 +96,45 @@ static gboolean cmplog_contains(GumAddress inner_base, GumAddress inner_limit, } +gboolean cmplog_test_addr(guint64 addr, size_t size) { + + if (g_hash_table_contains(hash_yes, GSIZE_TO_POINTER(addr))) { return true; } + if (g_hash_table_contains(hash_no, GSIZE_TO_POINTER(addr))) { return false; } + + void * page_addr = GSIZE_TO_POINTER(addr & page_mask); + size_t page_offset = addr & page_offset_mask; + + /* If it spans a page, then bail */ + if (page_size - page_offset < size) { return false; } + + /* + * Our address map can change (e.g. stack growth), use msync as a fallback to + * validate our address. + */ + if (msync(page_addr, page_offset + size, MS_ASYNC) < 0) { + + if (!g_hash_table_add(hash_no, GSIZE_TO_POINTER(addr))) { + + FATAL("Failed - g_hash_table_add"); + + } + + return false; + + } else { + + if (!g_hash_table_add(hash_yes, GSIZE_TO_POINTER(addr))) { + + FATAL("Failed - g_hash_table_add"); + + } + + return true; + + } + +} + gboolean cmplog_is_readable(guint64 addr, size_t size) { if (cmplog_ranges == NULL) FATAL("CMPLOG not initialized"); @@ -125,45 +158,16 @@ gboolean cmplog_is_readable(guint64 addr, size_t size) { for (guint i = 0; i < cmplog_ranges->len; i++) { GumMemoryRange *range = &g_array_index(cmplog_ranges, GumMemoryRange, i); - GumAddress outer_base = range->base_address; - GumAddress outer_limit = outer_base + range->size; + + GumAddress outer_base = range->base_address; + GumAddress outer_limit = outer_base + range->size; if (cmplog_contains(inner_base, inner_limit, outer_base, outer_limit)) return true; } - /* - * Our address map can change (e.g. stack growth), use write as a fallback to - * validate our address. - */ - ssize_t written = syscall(__NR_write, fd_tmp, (void *)addr, size); - - /* - * If the write succeeds, then the buffer must be valid otherwise it would - * return EFAULT - */ - if (written > 0) { - - fd_tmp_size += written; - if (fd_tmp_size > FD_TMP_MAX_SIZE) { - - /* - * Truncate the file, we don't want our temp file to continue growing! - */ - if (ftruncate(fd_tmp, 0) < 0) { - - FATAL("Failed to truncate fd_tmp (%d), errno: %d", fd_tmp, errno); - - } - - fd_tmp_size = 0; - - } - - if ((size_t)written == size) { return true; } - - } + if (cmplog_test_addr(addr, size)) { return true; } return false; diff --git a/frida_mode/src/cmplog/cmplog_arm32.c b/frida_mode/src/cmplog/cmplog_arm32.c index 5af28f3f..ac703408 100644 --- a/frida_mode/src/cmplog/cmplog_arm32.c +++ b/frida_mode/src/cmplog/cmplog_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/cmplog/cmplog_arm64.c b/frida_mode/src/cmplog/cmplog_arm64.c index 04631ff8..dd97f38d 100644 --- a/frida_mode/src/cmplog/cmplog_arm64.c +++ b/frida_mode/src/cmplog/cmplog_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "cmplog.h" diff --git a/frida_mode/src/cmplog/cmplog_x64.c b/frida_mode/src/cmplog/cmplog_x64.c index 9f56c32a..0d18767a 100644 --- a/frida_mode/src/cmplog/cmplog_x64.c +++ b/frida_mode/src/cmplog/cmplog_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "cmplog.h" @@ -177,7 +177,7 @@ static void cmplog_handle_cmp_sub(GumCpuContext *context, gsize operand1, register uintptr_t k = (uintptr_t)address; k = (k >> 4) ^ (k << 8); - k &= CMP_MAP_W - 1; + k &= CMP_MAP_W - 7; __afl_cmp_map->headers[k].type = CMP_TYPE_INS; @@ -198,8 +198,6 @@ static void cmplog_cmp_sub_callout(GumCpuContext *context, gpointer user_data) { gsize operand1; gsize operand2; - if (ctx->operand1.size != ctx->operand2.size) FATAL("Operand size mismatch"); - if (!cmplog_get_operand_value(context, &ctx->operand1, &operand1)) { return; } if (!cmplog_get_operand_value(context, &ctx->operand2, &operand2)) { return; } @@ -233,6 +231,15 @@ static void cmplog_instrument_cmp_sub(const cs_insn * instr, case X86_INS_CMP: case X86_INS_SUB: + case X86_INS_SCASB: + case X86_INS_SCASD: + case X86_INS_SCASQ: + case X86_INS_SCASW: + case X86_INS_CMPSB: + case X86_INS_CMPSD: + case X86_INS_CMPSQ: + case X86_INS_CMPSS: + case X86_INS_CMPSW: break; default: return; @@ -247,13 +254,8 @@ static void cmplog_instrument_cmp_sub(const cs_insn * instr, if (operand1->type == X86_OP_INVALID) return; if (operand2->type == X86_OP_INVALID) return; - if ((operand1->type == X86_OP_MEM) && - (operand1->mem.segment != X86_REG_INVALID)) - return; - - if ((operand2->type == X86_OP_MEM) && - (operand2->mem.segment != X86_REG_INVALID)) - return; + /* Both operands are the same size */ + if (operand1->size == 1) { return; } cmplog_instrument_cmp_sub_put_callout(iterator, operand1, operand2); diff --git a/frida_mode/src/cmplog/cmplog_x86.c b/frida_mode/src/cmplog/cmplog_x86.c index a27df0af..dd666c34 100644 --- a/frida_mode/src/cmplog/cmplog_x86.c +++ b/frida_mode/src/cmplog/cmplog_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "cmplog.h" diff --git a/frida_mode/src/ctx/ctx_arm32.c b/frida_mode/src/ctx/ctx_arm32.c index a5c6f6d4..a354c117 100644 --- a/frida_mode/src/ctx/ctx_arm32.c +++ b/frida_mode/src/ctx/ctx_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/ctx/ctx_arm64.c b/frida_mode/src/ctx/ctx_arm64.c index d09896af..a735401b 100644 --- a/frida_mode/src/ctx/ctx_arm64.c +++ b/frida_mode/src/ctx/ctx_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/ctx/ctx_x64.c b/frida_mode/src/ctx/ctx_x64.c index c5900533..da5cb13a 100644 --- a/frida_mode/src/ctx/ctx_x64.c +++ b/frida_mode/src/ctx/ctx_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -49,9 +49,18 @@ gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { X86_REG_8L(X86_REG_BL, ctx->rbx) X86_REG_8L(X86_REG_CL, ctx->rcx) X86_REG_8L(X86_REG_DL, ctx->rdx) + X86_REG_8L(X86_REG_SPL, ctx->rsp) X86_REG_8L(X86_REG_BPL, ctx->rbp) X86_REG_8L(X86_REG_SIL, ctx->rsi) X86_REG_8L(X86_REG_DIL, ctx->rdi) + X86_REG_8L(X86_REG_R8B, ctx->r8) + X86_REG_8L(X86_REG_R9B, ctx->r9) + X86_REG_8L(X86_REG_R10B, ctx->r10) + X86_REG_8L(X86_REG_R11B, ctx->r11) + X86_REG_8L(X86_REG_R12B, ctx->r12) + X86_REG_8L(X86_REG_R13B, ctx->r13) + X86_REG_8L(X86_REG_R14B, ctx->r14) + X86_REG_8L(X86_REG_R15B, ctx->r15) X86_REG_8H(X86_REG_AH, ctx->rax) X86_REG_8H(X86_REG_BH, ctx->rbx) @@ -62,14 +71,23 @@ gsize ctx_read_reg(GumX64CpuContext *ctx, x86_reg reg) { X86_REG_16(X86_REG_BX, ctx->rbx) X86_REG_16(X86_REG_CX, ctx->rcx) X86_REG_16(X86_REG_DX, ctx->rdx) + X86_REG_16(X86_REG_SP, ctx->rsp) + X86_REG_16(X86_REG_BP, ctx->rbp) X86_REG_16(X86_REG_DI, ctx->rdi) X86_REG_16(X86_REG_SI, ctx->rsi) - X86_REG_16(X86_REG_BP, ctx->rbp) + X86_REG_16(X86_REG_R8W, ctx->r8) + X86_REG_16(X86_REG_R9W, ctx->r9) + X86_REG_16(X86_REG_R10W, ctx->r10) + X86_REG_16(X86_REG_R11W, ctx->r11) + X86_REG_16(X86_REG_R12W, ctx->r12) + X86_REG_16(X86_REG_R13W, ctx->r13) + X86_REG_16(X86_REG_R14W, ctx->r14) + X86_REG_16(X86_REG_R15W, ctx->r15) X86_REG_32(X86_REG_EAX, ctx->rax) + X86_REG_32(X86_REG_EBX, ctx->rbx) X86_REG_32(X86_REG_ECX, ctx->rcx) X86_REG_32(X86_REG_EDX, ctx->rdx) - X86_REG_32(X86_REG_EBX, ctx->rbx) X86_REG_32(X86_REG_ESP, ctx->rsp) X86_REG_32(X86_REG_EBP, ctx->rbp) X86_REG_32(X86_REG_ESI, ctx->rsi) diff --git a/frida_mode/src/ctx/ctx_x86.c b/frida_mode/src/ctx/ctx_x86.c index 45308272..1a587702 100644 --- a/frida_mode/src/ctx/ctx_x86.c +++ b/frida_mode/src/ctx/ctx_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -42,6 +42,7 @@ gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { X86_REG_8L(X86_REG_BL, ctx->ebx) X86_REG_8L(X86_REG_CL, ctx->ecx) X86_REG_8L(X86_REG_DL, ctx->edx) + X86_REG_8L(X86_REG_SPL, ctx->esp) X86_REG_8L(X86_REG_BPL, ctx->ebp) X86_REG_8L(X86_REG_SIL, ctx->esi) X86_REG_8L(X86_REG_DIL, ctx->edi) @@ -55,14 +56,15 @@ gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { X86_REG_16(X86_REG_BX, ctx->ebx) X86_REG_16(X86_REG_CX, ctx->ecx) X86_REG_16(X86_REG_DX, ctx->edx) + X86_REG_16(X86_REG_SP, ctx->esp) + X86_REG_16(X86_REG_BP, ctx->ebp) X86_REG_16(X86_REG_DI, ctx->edi) X86_REG_16(X86_REG_SI, ctx->esi) - X86_REG_16(X86_REG_BP, ctx->ebp) X86_REG_32(X86_REG_EAX, ctx->eax) + X86_REG_32(X86_REG_EBX, ctx->ebx) X86_REG_32(X86_REG_ECX, ctx->ecx) X86_REG_32(X86_REG_EDX, ctx->edx) - X86_REG_32(X86_REG_EBX, ctx->ebx) X86_REG_32(X86_REG_ESP, ctx->esp) X86_REG_32(X86_REG_EBP, ctx->ebp) X86_REG_32(X86_REG_ESI, ctx->esi) diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index e71386a0..e95b923b 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -9,27 +9,33 @@ extern void __afl_manual_init(); -guint64 entry_start = 0; +guint64 entry_point = 0; static void entry_launch(void) { + OKF("Entry point reached"); __afl_manual_init(); /* Child here */ - previous_pc = 0; + instrument_previous_pc = 0; + +} + +void entry_config(void) { + + entry_point = util_read_address("AFL_ENTRYPOINT"); } void entry_init(void) { - entry_start = util_read_address("AFL_ENTRYPOINT"); - OKF("entry_point: 0x%016" G_GINT64_MODIFIER "X", entry_start); + OKF("entry_point: 0x%016" G_GINT64_MODIFIER "X", entry_point); } -void entry_run(void) { +void entry_start(void) { - if (entry_start == 0) { entry_launch(); } + if (entry_point == 0) { entry_launch(); } } diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index ba82b89f..2a217d96 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -2,7 +2,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -11,6 +11,7 @@ #include "entry.h" #include "frida_cmplog.h" #include "instrument.h" +#include "js.h" #include "persistent.h" #include "prefetch.h" #include "ranges.h" @@ -18,12 +19,13 @@ #include "stats.h" #include "util.h" -static gboolean tracing = false; -static gboolean optimize = false; -static gboolean unique = false; +gboolean instrument_tracing = false; +gboolean instrument_optimize = false; +gboolean instrument_unique = false; + static GumStalkerTransformer *transformer = NULL; -__thread uint64_t previous_pc = 0; +__thread uint64_t instrument_previous_pc = 0; static GumAddress previous_rip = 0; static u8 * edges_notified = NULL; @@ -61,7 +63,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, current_pc = (current_rip >> 4) ^ (current_rip << 8); current_pc &= MAP_SIZE - 1; - edge = current_pc ^ previous_pc; + edge = current_pc ^ instrument_previous_pc; cursor = &__afl_area_ptr[edge]; value = *cursor; @@ -77,11 +79,11 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } *cursor = value; - previous_pc = current_pc >> 1; + instrument_previous_pc = current_pc >> 1; - if (unlikely(tracing)) { + if (unlikely(instrument_tracing)) { - if (!unique || edges_notified[edge] == 0) { + if (!instrument_unique || edges_notified[edge] == 0) { trace_debug("TRACE: edge: %10" G_GINT64_MODIFIER "d, current_rip: 0x%016" G_GINT64_MODIFIER @@ -90,7 +92,7 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } - if (unique) { edges_notified[edge] = 1; } + if (instrument_unique) { edges_notified[edge] = 1; } previous_rip = current_rip; @@ -98,8 +100,9 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } -static void instr_basic_block(GumStalkerIterator *iterator, - GumStalkerOutput *output, gpointer user_data) { +static void instrument_basic_block(GumStalkerIterator *iterator, + GumStalkerOutput * output, + gpointer user_data) { UNUSED_PARAMETER(user_data); @@ -111,7 +114,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (unlikely(begin)) { instrument_debug_start(instr->address, output); } - if (instr->address == entry_start) { entry_prologue(iterator, output); } + if (instr->address == entry_point) { entry_prologue(iterator, output); } if (instr->address == persistent_start) { persistent_prologue(output); } if (instr->address == persistent_ret) { persistent_epilogue(output); } @@ -150,7 +153,7 @@ static void instr_basic_block(GumStalkerIterator *iterator, if (likely(!excluded)) { - if (likely(optimize)) { + if (likely(instrument_optimize)) { instrument_coverage_optimize(instr, output); @@ -163,8 +166,6 @@ static void instr_basic_block(GumStalkerIterator *iterator, } - begin = FALSE; - } instrument_debug_instruction(instr->address, instr->size); @@ -176,7 +177,13 @@ static void instr_basic_block(GumStalkerIterator *iterator, } - gum_stalker_iterator_keep(iterator); + if (js_stalker_callback(instr, begin, excluded, output)) { + + gum_stalker_iterator_keep(iterator); + + } + + begin = FALSE; } @@ -185,31 +192,39 @@ static void instr_basic_block(GumStalkerIterator *iterator, } +void instrument_config(void) { + + instrument_optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); + instrument_tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); + instrument_unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); + + instrument_debug_config(); + asan_config(); + cmplog_config(); + +} + void instrument_init(void) { - optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); - tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); - unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); + if (!instrument_is_coverage_optimize_supported()) instrument_optimize = false; - if (!instrument_is_coverage_optimize_supported()) optimize = false; + OKF("Instrumentation - optimize [%c]", instrument_optimize ? 'X' : ' '); + OKF("Instrumentation - tracing [%c]", instrument_tracing ? 'X' : ' '); + OKF("Instrumentation - unique [%c]", instrument_unique ? 'X' : ' '); - OKF("Instrumentation - optimize [%c]", optimize ? 'X' : ' '); - OKF("Instrumentation - tracing [%c]", tracing ? 'X' : ' '); - OKF("Instrumentation - unique [%c]", unique ? 'X' : ' '); - - if (tracing && optimize) { + if (instrument_tracing && instrument_optimize) { FATAL("AFL_FRIDA_INST_TRACE requires AFL_FRIDA_INST_NO_OPTIMIZE"); } - if (unique && optimize) { + if (instrument_unique && instrument_optimize) { FATAL("AFL_FRIDA_INST_TRACE_UNIQUE requires AFL_FRIDA_INST_NO_OPTIMIZE"); } - if (unique) { tracing = TRUE; } + if (instrument_unique) { instrument_tracing = TRUE; } if (__afl_map_size != 0x10000) { @@ -217,10 +232,10 @@ void instrument_init(void) { } - transformer = - gum_stalker_transformer_make_from_callback(instr_basic_block, NULL, NULL); + transformer = gum_stalker_transformer_make_from_callback( + instrument_basic_block, NULL, NULL); - if (unique) { + if (instrument_unique) { int shm_id = shmget(IPC_PRIVATE, MAP_SIZE, IPC_CREAT | IPC_EXCL | 0600); if (shm_id < 0) { FATAL("shm_id < 0 - errno: %d\n", errno); } diff --git a/frida_mode/src/instrument/instrument_arm32.c b/frida_mode/src/instrument/instrument_arm32.c index 450a69a3..0e15940a 100644 --- a/frida_mode/src/instrument/instrument_arm32.c +++ b/frida_mode/src/instrument/instrument_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 49ee86a2..17f97c97 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -72,7 +72,7 @@ void instrument_coverage_optimize(const cs_insn * instr, gum_arm64_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); uint8_t **afl_area_ptr_ptr = &__afl_area_ptr; - uint64_t *afl_prev_loc_ptr = &previous_pc; + uint64_t *afl_prev_loc_ptr = &instrument_previous_pc; gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_area_ptr_ptr, sizeof(afl_area_ptr_ptr)); gum_arm64_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, diff --git a/frida_mode/src/instrument/instrument_debug.c b/frida_mode/src/instrument/instrument_debug.c index 0ce26a1c..b8cca634 100644 --- a/frida_mode/src/instrument/instrument_debug.c +++ b/frida_mode/src/instrument/instrument_debug.c @@ -3,7 +3,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -13,6 +13,8 @@ static int debugging_fd = -1; static gpointer instrument_gen_start = NULL; +char *instrument_debug_filename = NULL; + static void instrument_debug(char *format, ...) { va_list ap; @@ -79,18 +81,25 @@ static void instrument_disasm(guint8 *start, guint8 *end) { } +void instrument_debug_config(void) { + + instrument_debug_filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); + +} + void instrument_debug_init(void) { - char *filename = getenv("AFL_FRIDA_INST_DEBUG_FILE"); - OKF("Instrumentation debugging - enabled [%c]", filename == NULL ? ' ' : 'X'); + OKF("Instrumentation debugging - enabled [%c]", + instrument_debug_filename == NULL ? ' ' : 'X'); - if (filename == NULL) { return; } + if (instrument_debug_filename == NULL) { return; } - OKF("Instrumentation debugging - file [%s]", filename); + OKF("Instrumentation debugging - file [%s]", instrument_debug_filename); - if (filename == NULL) { return; } + if (instrument_debug_filename == NULL) { return; } - char *path = g_canonicalize_filename(filename, g_get_current_dir()); + char *path = + g_canonicalize_filename(instrument_debug_filename, g_get_current_dir()); OKF("Instrumentation debugging - path [%s]", path); diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index 7000e65d..a38b5b14 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" @@ -68,7 +68,7 @@ void instrument_coverage_optimize(const cs_insn * instr, current_log_impl = cw->pc; gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); - uint64_t *afl_prev_loc_ptr = &previous_pc; + uint64_t *afl_prev_loc_ptr = &instrument_previous_pc; gum_x86_writer_put_bytes(cw, (const guint8 *)&__afl_area_ptr, sizeof(__afl_area_ptr)); gum_x86_writer_put_bytes(cw, (const guint8 *)&afl_prev_loc_ptr, diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 04a19e08..3c3dc272 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -16,7 +16,7 @@ static void instrument_coverage_function(GumX86Writer *cw) { gum_x86_writer_put_push_reg(cw, GUM_REG_EDX); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, - GUM_ADDRESS(&previous_pc)); + GUM_ADDRESS(&instrument_previous_pc)); gum_x86_writer_put_mov_reg_reg_ptr(cw, GUM_REG_EDX, GUM_REG_ECX); gum_x86_writer_put_xor_reg_reg(cw, GUM_REG_EDX, GUM_REG_EDI); diff --git a/frida_mode/src/interceptor.c b/frida_mode/src/intercept.c similarity index 74% rename from frida_mode/src/interceptor.c rename to frida_mode/src/intercept.c index d2802752..ed8d27bd 100644 --- a/frida_mode/src/interceptor.c +++ b/frida_mode/src/intercept.c @@ -1,10 +1,10 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" -#include "interceptor.h" +#include "intercept.h" -void intercept(void *address, gpointer replacement, gpointer user_data) { +void intercept_hook(void *address, gpointer replacement, gpointer user_data) { GumInterceptor *interceptor = gum_interceptor_obtain(); gum_interceptor_begin_transaction(interceptor); @@ -15,7 +15,7 @@ void intercept(void *address, gpointer replacement, gpointer user_data) { } -void unintercept(void *address) { +void intercept_unhook(void *address) { GumInterceptor *interceptor = gum_interceptor_obtain(); @@ -26,10 +26,10 @@ void unintercept(void *address) { } -void unintercept_self(void) { +void intercept_unhook_self(void) { GumInvocationContext *ctx = gum_interceptor_get_current_invocation(); - unintercept(ctx->function); + intercept_unhook(ctx->function); } diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js new file mode 100644 index 00000000..4cb04704 --- /dev/null +++ b/frida_mode/src/js/api.js @@ -0,0 +1,243 @@ +"use strict"; +class Afl { + /** + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ + static addExcludedRange(addressess, size) { + Afl.jsApiAddExcludeRange(addressess, size); + } + /** + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ + static addIncludedRange(addressess, size) { + Afl.jsApiAddIncludeRange(addressess, size); + } + /** + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ + static done() { + Afl.jsApiDone(); + } + /** + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ + static error(msg) { + const buf = Memory.allocUtf8String(msg); + Afl.jsApiError(buf); + } + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the length of + * fuzzing data when using in-memory test case fuzzing. + */ + static getAflFuzzLen() { + return Afl.jsApiGetSymbol("__afl_fuzz_len"); + } + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the fuzzing + * data when using in-memory test case fuzzing. + */ + static getAflFuzzPtr() { + return Afl.jsApiGetSymbol("__afl_fuzz_ptr"); + } + /** + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ + static print(msg) { + const STDOUT_FILENO = 2; + const log = `${msg}\n`; + const buf = Memory.allocUtf8String(log); + Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); + } + /** + * See `AFL_FRIDA_DEBUG_MAPS`. + */ + static setDebugMaps() { + Afl.jsApiSetDebugMaps(); + } + /** + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ + static setEntryPoint(address) { + Afl.jsApiSetEntryPoint(address); + } + /** + * Function used to enable in-memory test cases for fuzzing. + */ + static setInMemoryFuzzing() { + Afl.jsApiAflSharedMemFuzzing.writeInt(1); + } + /** + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ + static setInstrumentDebugFile(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetInstrumentDebugFile(buf); + } + /** + * See `AFL_FRIDA_INST_TRACE`. + */ + static setInstrumentEnableTracing() { + Afl.jsApiSetInstrumentTrace(); + } + /** + * See `AFL_INST_LIBS`. + */ + static setInstrumentLibraries() { + Afl.jsApiSetInstrumentLibraries(); + } + /** + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ + static setInstrumentNoOptimize() { + Afl.jsApiSetInstrumentNoOptimize(); + } + /** + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ + static setInstrumentTracingUnique() { + Afl.jsApiSetInstrumentTraceUnique(); + } + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ + static setPersistentAddress(address) { + Afl.jsApiSetPersistentAddress(address); + } + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ + static setPersistentCount(count) { + Afl.jsApiSetPersistentCount(count); + } + /** + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ + static setPersistentDebug() { + Afl.jsApiSetPersistentDebug(); + } + /** + * See `AFL_FRIDA_PERSISTENT_ADDR`. This function takes a NativePointer as an + * argument. See above for examples of use. + */ + static setPersistentHook(address) { + Afl.jsApiSetPersistentHook(address); + } + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ + static setPersistentReturn(address) { + Afl.jsApiSetPersistentReturn(address); + } + /** + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ + static setPrefetchDisable() { + Afl.jsApiSetPrefetchDisable(); + } + /* + * Set a function to be called for each instruction which is instrumented + * by AFL FRIDA mode. + */ + static setStalkerCallback(callback) { + Afl.jsApiSetStalkerCallback(callback); + } + /** + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ + static setStatsFile(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStatsFile(buf); + } + /** + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ + static setStatsInterval(interval) { + Afl.jsApiSetStatsInterval(interval); + } + /** + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ + static setStatsTransitions() { + Afl.jsApiSetStatsTransitions(); + } + /** + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ + static setStdErr(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdErr(buf); + } + /** + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ + static setStdOut(file) { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdOut(buf); + } + static jsApiGetFunction(name, retType, argTypes) { + const addr = Afl.module.getExportByName(name); + return new NativeFunction(addr, retType, argTypes); + } + static jsApiGetSymbol(name) { + return Afl.module.getExportByName(name); + } +} +/** + * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode + * implementation). + */ +Afl.module = Process.getModuleByName("afl-frida-trace.so"); +Afl.jsApiAddExcludeRange = Afl.jsApiGetFunction("js_api_add_exclude_range", "void", ["pointer", "size_t"]); +Afl.jsApiAddIncludeRange = Afl.jsApiGetFunction("js_api_add_include_range", "void", ["pointer", "size_t"]); +Afl.jsApiAflSharedMemFuzzing = Afl.jsApiGetSymbol("__afl_sharedmem_fuzzing"); +Afl.jsApiDone = Afl.jsApiGetFunction("js_api_done", "void", []); +Afl.jsApiError = Afl.jsApiGetFunction("js_api_error", "void", ["pointer"]); +Afl.jsApiSetDebugMaps = Afl.jsApiGetFunction("js_api_set_debug_maps", "void", []); +Afl.jsApiSetEntryPoint = Afl.jsApiGetFunction("js_api_set_entrypoint", "void", ["pointer"]); +Afl.jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction("js_api_set_instrument_debug_file", "void", ["pointer"]); +Afl.jsApiSetInstrumentLibraries = Afl.jsApiGetFunction("js_api_set_instrument_libraries", "void", []); +Afl.jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction("js_api_set_instrument_no_optimize", "void", []); +Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []); +Afl.jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction("js_api_set_instrument_trace_unique", "void", []); +Afl.jsApiSetPersistentAddress = Afl.jsApiGetFunction("js_api_set_persistent_address", "void", ["pointer"]); +Afl.jsApiSetPersistentCount = Afl.jsApiGetFunction("js_api_set_persistent_count", "void", ["uint64"]); +Afl.jsApiSetPersistentDebug = Afl.jsApiGetFunction("js_api_set_persistent_debug", "void", []); +Afl.jsApiSetPersistentHook = Afl.jsApiGetFunction("js_api_set_persistent_hook", "void", ["pointer"]); +Afl.jsApiSetPersistentReturn = Afl.jsApiGetFunction("js_api_set_persistent_return", "void", ["pointer"]); +Afl.jsApiSetPrefetchDisable = Afl.jsApiGetFunction("js_api_set_prefetch_disable", "void", []); +Afl.jsApiSetStalkerCallback = Afl.jsApiGetFunction("js_api_set_stalker_callback", "void", ["pointer"]); +Afl.jsApiSetStatsFile = Afl.jsApiGetFunction("js_api_set_stats_file", "void", ["pointer"]); +Afl.jsApiSetStatsInterval = Afl.jsApiGetFunction("js_api_set_stats_interval", "void", ["uint64"]); +Afl.jsApiSetStatsTransitions = Afl.jsApiGetFunction("js_api_set_stats_transitions", "void", []); +Afl.jsApiSetStdErr = Afl.jsApiGetFunction("js_api_set_stderr", "void", ["pointer"]); +Afl.jsApiSetStdOut = Afl.jsApiGetFunction("js_api_set_stdout", "void", ["pointer"]); +Afl.jsApiWrite = new NativeFunction( +/* tslint:disable-next-line:no-null-keyword */ +Module.getExportByName(null, "write"), "int", ["int", "pointer", "int"]); diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c new file mode 100644 index 00000000..ed378d2c --- /dev/null +++ b/frida_mode/src/js/js.c @@ -0,0 +1,122 @@ +#include "frida-gumjs.h" + +#include "debug.h" + +#include "js.h" +#include "util.h" + +static char * js_script = NULL; +gboolean js_done = FALSE; +js_api_stalker_callback_t js_user_callback = NULL; + +static gchar * filename = "afl.js"; +static gchar * contents; +static GumScriptBackend *backend; +static GCancellable * cancellable = NULL; +static GError * error = NULL; +static GumScript * script; + +static void js_msg(GumScript *script, const gchar *message, GBytes *data, + gpointer user_data) { + + UNUSED_PARAMETER(script); + UNUSED_PARAMETER(data); + UNUSED_PARAMETER(user_data); + OKF("%s", message); + +} + +void js_config(void) { + + js_script = getenv("AFL_FRIDA_JS_SCRIPT"); + +} + +static gchar *js_get_script() { + + gsize length; + if (js_script != NULL) { filename = js_script; } + + filename = g_canonicalize_filename(filename, g_get_current_dir()); + + if (!g_file_get_contents(filename, &contents, &length, NULL)) { + + if (js_script == NULL) { + + return NULL; + + } else { + + FATAL("Could not load script file: %s", filename); + + } + + } else { + + OKF("Loaded AFL script: %s, %" G_GSIZE_MODIFIER "d bytes", filename, + length); + + gchar *source = g_malloc0(api_js_len + length + 1); + memcpy(source, api_js, api_js_len); + memcpy(&source[api_js_len], contents, length); + + return source; + + } + +} + +static void js_print_script(gchar *source) { + + gchar **split = g_strsplit(source, "\n", 0); + + for (size_t i = 0; split[i] != NULL; i++) { + + OKF("%3" G_GSIZE_MODIFIER "d. %s", i + 1, split[i]); + + } + + g_strfreev(split); + +} + +void js_start(void) { + + GMainContext *context; + + gchar *source = js_get_script(); + if (source == NULL) { return; } + js_print_script(source); + + backend = gum_script_backend_obtain_qjs(); + + script = gum_script_backend_create_sync(backend, "example", source, + cancellable, &error); + + if (error != NULL) { + + g_printerr("%s\n", error->message); + FATAL("Error processing script"); + + } + + gum_script_set_message_handler(script, js_msg, NULL, NULL); + + gum_script_load_sync(script, cancellable); + + context = g_main_context_get_thread_default(); + while (g_main_context_pending(context)) + g_main_context_iteration(context, FALSE); + + if (!js_done) { FATAL("Script didn't call Afl.done()"); } + +} + +gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output) { + + if (js_user_callback == NULL) { return TRUE; } + return js_user_callback(insn, begin, excluded, output); + +} + diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c new file mode 100644 index 00000000..91dccab2 --- /dev/null +++ b/frida_mode/src/js/js_api.c @@ -0,0 +1,152 @@ +#include "debug.h" + +#include "entry.h" +#include "instrument.h" +#include "js.h" +#include "output.h" +#include "persistent.h" +#include "prefetch.h" +#include "ranges.h" +#include "stats.h" +#include "util.h" + +void js_api_done() { + + js_done = TRUE; + +} + +void js_api_error(char *msg) { + + FATAL("%s", msg); + +} + +void js_api_set_entrypoint(void *address) { + + entry_point = GPOINTER_TO_SIZE(address); + +} + +void js_api_set_persistent_address(void *address) { + + persistent_start = GPOINTER_TO_SIZE(address); + +} + +void js_api_set_persistent_return(void *address) { + + persistent_ret = GPOINTER_TO_SIZE(address); + +} + +void js_api_set_persistent_count(uint64_t count) { + + persistent_count = count; + +} + +void js_api_set_persistent_debug() { + + persistent_debug = TRUE; + +} + +void js_api_set_debug_maps() { + + ranges_debug_maps = TRUE; + +} + +void js_api_add_include_range(void *address, gsize size) { + + GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size}; + ranges_add_include(&range); + +} + +void js_api_add_exclude_range(void *address, gsize size) { + + GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size}; + ranges_add_exclude(&range); + +} + +void js_api_set_instrument_libraries() { + + ranges_inst_libs = TRUE; + +} + +void js_api_set_instrument_debug_file(char *path) { + + instrument_debug_filename = g_strdup(path); + +} + +void js_api_set_prefetch_disable(void) { + + prefetch_enable = FALSE; + +} + +void js_api_set_instrument_no_optimize(void) { + + instrument_optimize = FALSE; + +} + +void js_api_set_instrument_trace(void) { + + instrument_tracing = TRUE; + +} + +void js_api_set_instrument_trace_unique(void) { + + instrument_unique = TRUE; + +} + +void js_api_set_stdout(char *file) { + + output_stdout = g_strdup(file); + +} + +void js_api_set_stderr(char *file) { + + output_stderr = g_strdup(file); + +} + +void js_api_set_stats_file(char *file) { + + stats_filename = g_strdup(file); + +} + +void js_api_set_stats_interval(uint64_t interval) { + + stats_interval = interval; + +} + +void js_api_set_stats_transitions() { + + stats_transitions = TRUE; + +} + +void js_api_set_persistent_hook(void *address) { + + persistent_hook = address; + +} + +void js_api_set_stalker_callback(const js_api_stalker_callback_t callback) { + + js_user_callback = callback; + +} + diff --git a/frida_mode/src/lib/lib.c b/frida_mode/src/lib/lib.c index 13a7d1e7..59a3fcf9 100644 --- a/frida_mode/src/lib/lib.c +++ b/frida_mode/src/lib/lib.c @@ -6,7 +6,7 @@ #include #include - #include "frida-gum.h" + #include "frida-gumjs.h" #include "debug.h" @@ -151,6 +151,10 @@ static void lib_get_text_section(lib_details_t *details) { } +void lib_config(void) { + +} + void lib_init(void) { lib_details_t lib_details; diff --git a/frida_mode/src/lib/lib_apple.c b/frida_mode/src/lib/lib_apple.c index 8f863861..2aa48a13 100644 --- a/frida_mode/src/lib/lib_apple.c +++ b/frida_mode/src/lib/lib_apple.c @@ -1,5 +1,5 @@ #ifdef __APPLE__ - #include "frida-gum.h" + #include "frida-gumjs.h" #include "debug.h" @@ -56,6 +56,10 @@ gboolean lib_get_text_section(const GumDarwinSectionDetails *details, } +void lib_config(void) { + +} + void lib_init(void) { GumDarwinModule *module = NULL; diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 7ff23755..85b0bbf3 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -11,14 +11,15 @@ #include #endif -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" #include "entry.h" #include "instrument.h" -#include "interceptor.h" +#include "intercept.h" +#include "js.h" #include "lib.h" #include "output.h" #include "persistent.h" @@ -44,13 +45,6 @@ typedef int *(*main_fn_t)(int argc, char **argv, char **envp); static main_fn_t main_fn = NULL; -static int on_fork(void) { - - prefetch_read(); - return fork(); - -} - #ifdef __APPLE__ static void on_main_os(int argc, char **argv, char **envp) { @@ -101,7 +95,8 @@ static void afl_print_cmdline(void) { if (fd < 0) { - FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + WARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); + return; } @@ -138,7 +133,8 @@ static void afl_print_env(void) { if (fd < 0) { - FATAL("Failed to open /proc/self/cmdline, errno: (%d)", errno); + WARNF("Failed to open /proc/self/cmdline, errno: (%d)", errno); + return; } @@ -172,23 +168,36 @@ void afl_frida_start(void) { afl_print_cmdline(); afl_print_env(); + /* Configure */ + entry_config(); + instrument_config(); + js_config(); + lib_config(); + output_config(); + persistent_config(); + prefetch_config(); + ranges_config(); + stalker_config(); + stats_config(); + + js_start(); + + /* Initialize */ + output_init(); + embedded_init(); - stalker_init(); - lib_init(); entry_init(); instrument_init(); - output_init(); + lib_init(); persistent_init(); prefetch_init(); + stalker_init(); ranges_init(); stats_init(); - void *fork_addr = - GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); - intercept(fork_addr, on_fork, NULL); - + /* Start */ stalker_start(); - entry_run(); + entry_start(); } @@ -196,7 +205,7 @@ static int *on_main(int argc, char **argv, char **envp) { on_main_os(argc, argv, envp); - unintercept_self(); + intercept_unhook_self(); afl_frida_start(); @@ -210,7 +219,7 @@ extern int *main(int argc, char **argv, char **envp); static void intercept_main(void) { main_fn = main; - intercept(main, on_main, NULL); + intercept_hook(main, on_main, NULL); } @@ -223,7 +232,7 @@ static void intercept_main(void) { OKF("Entry Point: 0x%016" G_GINT64_MODIFIER "x", entry); void *main = GSIZE_TO_POINTER(entry); main_fn = main; - intercept(main, on_main, NULL); + intercept_hook(main, on_main, NULL); } @@ -234,8 +243,8 @@ static int on_libc_start_main(int *(main)(int, char **, char **), int argc, void(*stack_end)) { main_fn = main; - unintercept_self(); - intercept(main, on_main, NULL); + intercept_unhook_self(); + intercept_hook(main, on_main, NULL); return __libc_start_main(main, argc, ubp_av, init, fini, rtld_fini, stack_end); @@ -243,7 +252,7 @@ static int on_libc_start_main(int *(main)(int, char **, char **), int argc, static void intercept_main(void) { - intercept(__libc_start_main, on_libc_start_main, NULL); + intercept_hook(__libc_start_main, on_libc_start_main, NULL); } diff --git a/frida_mode/src/output.c b/frida_mode/src/output.c index 8a222b25..e2b744e7 100644 --- a/frida_mode/src/output.c +++ b/frida_mode/src/output.c @@ -2,17 +2,17 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" #include "output.h" -static int output_fd = -1; +char *output_stdout = NULL; +char *output_stderr = NULL; -static void output_redirect(int fd, char *variable) { +static void output_redirect(int fd, char *filename) { - char *filename = getenv(variable); char *path = NULL; if (filename == NULL) { return; } @@ -21,8 +21,8 @@ static void output_redirect(int fd, char *variable) { OKF("Redirect %d -> '%s'", fd, path); - output_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, - S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); + int output_fd = open(path, O_RDWR | O_CREAT | O_TRUNC, + S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP); g_free(path); @@ -34,12 +34,24 @@ static void output_redirect(int fd, char *variable) { } + close(output_fd); + +} + +void output_config(void) { + + output_stdout = getenv("AFL_FRIDA_OUTPUT_STDOUT"); + output_stderr = getenv("AFL_FRIDA_OUTPUT_STDERR"); + } void output_init(void) { - output_redirect(STDOUT_FILENO, "AFL_FRIDA_OUTPUT_STDOUT"); - output_redirect(STDERR_FILENO, "AFL_FRIDA_OUTPUT_STDERR"); + OKF("Output - StdOut: %s", output_stdout); + OKF("Output - StdErr: %s", output_stderr); + + output_redirect(STDOUT_FILENO, output_stdout); + output_redirect(STDERR_FILENO, output_stderr); } diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index 243d501d..bcc59ea7 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -1,6 +1,6 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -8,17 +8,18 @@ #include "persistent.h" #include "util.h" -int __afl_sharedmem_fuzzing = 0; -afl_persistent_hook_fn hook = NULL; +int __afl_sharedmem_fuzzing = 0; +static char *hook_name = NULL; + +afl_persistent_hook_fn persistent_hook = NULL; guint64 persistent_start = 0; guint64 persistent_count = 0; guint64 persistent_ret = 0; gboolean persistent_debug = FALSE; -void persistent_init(void) { - - char *hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK"); +void persistent_config(void) { + hook_name = getenv("AFL_FRIDA_PERSISTENT_HOOK"); persistent_start = util_read_address("AFL_FRIDA_PERSISTENT_ADDR"); persistent_count = util_read_num("AFL_FRIDA_PERSISTENT_CNT"); persistent_ret = util_read_address("AFL_FRIDA_PERSISTENT_RET"); @@ -33,6 +34,11 @@ void persistent_init(void) { } + if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; + + if (persistent_start != 0 && !persistent_is_supported()) + FATAL("Persistent mode not supported on this architecture"); + if (persistent_ret != 0 && persistent_start == 0) { FATAL( @@ -41,13 +47,28 @@ void persistent_init(void) { } - if (persistent_start != 0 && persistent_count == 0) persistent_count = 1000; + if (hook_name == NULL) { return; } - if (persistent_count != 0 && persistent_count < 100) - WARNF("Persistent count out of recommended range (<100)"); + void *hook_obj = dlopen(hook_name, RTLD_NOW); + if (hook_obj == NULL) + FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name); - if (persistent_start != 0 && !persistent_is_supported()) - FATAL("Persistent mode not supported on this architecture"); + int (*afl_persistent_hook_init_ptr)(void) = + dlsym(hook_obj, "afl_persistent_hook_init"); + if (afl_persistent_hook_init_ptr == NULL) + FATAL("Failed to find afl_persistent_hook_init in %s", hook_name); + + if (afl_persistent_hook_init_ptr() == 0) + FATAL("afl_persistent_hook_init returned a failure"); + + persistent_hook = + (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook"); + if (persistent_hook == NULL) + FATAL("Failed to find afl_persistent_hook in %s", hook_name); + +} + +void persistent_init(void) { OKF("Instrumentation - persistent mode [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_start == 0 ? ' ' : 'X', persistent_start); @@ -58,27 +79,7 @@ void persistent_init(void) { OKF("Instrumentation - persistent ret [%c] (0x%016" G_GINT64_MODIFIER "X)", persistent_ret == 0 ? ' ' : 'X', persistent_ret); - if (hook_name != NULL) { - - void *hook_obj = dlopen(hook_name, RTLD_NOW); - if (hook_obj == NULL) - FATAL("Failed to load AFL_FRIDA_PERSISTENT_HOOK (%s)", hook_name); - - int (*afl_persistent_hook_init_ptr)(void) = - dlsym(hook_obj, "afl_persistent_hook_init"); - if (afl_persistent_hook_init_ptr == NULL) - FATAL("Failed to find afl_persistent_hook_init in %s", hook_name); - - if (afl_persistent_hook_init_ptr() == 0) - FATAL("afl_persistent_hook_init returned a failure"); - - hook = (afl_persistent_hook_fn)dlsym(hook_obj, "afl_persistent_hook"); - if (hook == NULL) - FATAL("Failed to find afl_persistent_hook in %s", hook_name); - - __afl_sharedmem_fuzzing = 1; - - } + if (persistent_hook != NULL) { __afl_sharedmem_fuzzing = 1; } } diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index 6a3c06fa..f12f1af8 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index d7c6c76b..003f058a 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -9,99 +9,15 @@ #include "util.h" #if defined(__aarch64__) +typedef struct { -struct arm64_regs { + GumCpuContext ctx; + uint64_t rflags; - uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; +} persistent_ctx_t; - union { - - uint64_t x11; - uint32_t fp_32; - - }; - - union { - - uint64_t x12; - uint32_t ip_32; - - }; - - union { - - uint64_t x13; - uint32_t sp_32; - - }; - - union { - - uint64_t x14; - uint32_t lr_32; - - }; - - union { - - uint64_t x15; - uint32_t pc_32; - - }; - - union { - - uint64_t x16; - uint64_t ip0; - - }; - - union { - - uint64_t x17; - uint64_t ip1; - - }; - - uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; - - union { - - uint64_t x29; - uint64_t fp; - - }; - - union { - - uint64_t x30; - uint64_t lr; - - }; - - union { - - uint64_t x31; - uint64_t sp; - - }; - - // the zero register is not saved here ofc - - uint64_t pc; - - uint32_t cpsr; - - uint8_t vfp_zregs[32][16 * 16]; - uint8_t vfp_pregs[17][32]; - uint32_t vfp_xregs[16]; - -}; - -typedef struct arm64_regs arch_api_regs; - -static arch_api_regs saved_regs = {0}; -static gpointer saved_lr = NULL; +static persistent_ctx_t saved_regs = {0}; +static gpointer saved_lr = NULL; gboolean persistent_is_supported(void) { @@ -109,8 +25,8 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumArm64Writer * cw, - struct arm64_regs *regs) { +static void instrument_persitent_save_regs(GumArm64Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); const guint32 mrs_x1_nzcv = 0xd53b4201; @@ -129,83 +45,87 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, /* Skip x0 & x1 we'll do that later */ - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, - ARM64_REG_X0, (16 * 1), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, - ARM64_REG_X0, (16 * 2), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, - ARM64_REG_X0, (16 * 3), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, - ARM64_REG_X0, (16 * 4), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, - ARM64_REG_X0, (16 * 5), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, - ARM64_REG_X0, (16 * 6), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, - ARM64_REG_X0, (16 * 7), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, - ARM64_REG_X0, (16 * 8), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, - ARM64_REG_X0, (16 * 9), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, - ARM64_REG_X0, (16 * 10), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, - ARM64_REG_X0, (16 * 11), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, - ARM64_REG_X0, (16 * 12), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, - ARM64_REG_X0, (16 * 13), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, - ARM64_REG_X0, (16 * 14), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, + offsetof(GumCpuContext, x[2]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X4, ARM64_REG_X5, ARM64_REG_X0, + offsetof(GumCpuContext, x[4]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X6, ARM64_REG_X7, ARM64_REG_X0, + offsetof(GumCpuContext, x[6]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X8, ARM64_REG_X9, ARM64_REG_X0, + offsetof(GumCpuContext, x[8]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X10, ARM64_REG_X11, ARM64_REG_X0, + offsetof(GumCpuContext, x[10]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X12, ARM64_REG_X13, ARM64_REG_X0, + offsetof(GumCpuContext, x[12]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X14, ARM64_REG_X15, ARM64_REG_X0, + offsetof(GumCpuContext, x[14]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X16, ARM64_REG_X17, ARM64_REG_X0, + offsetof(GumCpuContext, x[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X18, ARM64_REG_X19, ARM64_REG_X0, + offsetof(GumCpuContext, x[18]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X20, ARM64_REG_X21, ARM64_REG_X0, + offsetof(GumCpuContext, x[20]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X22, ARM64_REG_X23, ARM64_REG_X0, + offsetof(GumCpuContext, x[22]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X24, ARM64_REG_X25, ARM64_REG_X0, + offsetof(GumCpuContext, x[24]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X26, ARM64_REG_X27, ARM64_REG_X0, + offsetof(GumCpuContext, x[26]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X28, ARM64_REG_X29, ARM64_REG_X0, + offsetof(GumCpuContext, x[28]), GUM_INDEX_SIGNED_OFFSET); - /* LR & Adjusted SP */ - gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_X2, ARM64_REG_SP, - (GUM_RED_ZONE_SIZE + 32)); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X2, - ARM64_REG_X0, (16 * 15), - GUM_INDEX_SIGNED_OFFSET); + /* LR (x30) */ + gum_arm64_writer_put_str_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X0, + offsetof(GumCpuContext, x[30])); - /* PC & CPSR */ + /* PC & Adjusted SP (31) */ gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, GUM_ADDRESS(persistent_start)); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, - ARM64_REG_X0, (16 * 16), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_X3, ARM64_REG_SP, + (GUM_RED_ZONE_SIZE + 32)); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, offsetof(GumCpuContext, pc), + GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, - ARM64_REG_X0, (16 * 17), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, - ARM64_REG_X0, (16 * 18), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, - ARM64_REG_X0, (16 * 19), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, - ARM64_REG_X0, (16 * 20), - GUM_INDEX_SIGNED_OFFSET); + /* CPSR */ + gum_arm64_writer_put_str_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X0, + offsetof(persistent_ctx_t, rflags)); + + /* Q */ + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, + offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, + offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, + offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, + offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); /* x0 & x1 */ gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_SP, 16, GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_stp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, - ARM64_REG_X0, (16 * 0), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_stp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, + offsetof(GumCpuContext, x[0]), GUM_INDEX_SIGNED_OFFSET); /* Pop the saved values */ gum_arm64_writer_put_ldp_reg_reg_reg_offset( @@ -217,8 +137,8 @@ static void instrument_persitent_save_regs(GumArm64Writer * cw, } -static void instrument_persitent_restore_regs(GumArm64Writer * cw, - struct arm64_regs *regs) { +static void instrument_persitent_restore_regs(GumArm64Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); const guint32 msr_nzcv_x1 = 0xd51b4201; @@ -228,82 +148,81 @@ static void instrument_persitent_restore_regs(GumArm64Writer * cw, /* Skip x0 - x3 we'll do that last */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X4, ARM64_REG_X5, - ARM64_REG_X0, (16 * 2), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X6, ARM64_REG_X7, - ARM64_REG_X0, (16 * 3), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X8, ARM64_REG_X9, - ARM64_REG_X0, (16 * 4), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X10, ARM64_REG_X11, - ARM64_REG_X0, (16 * 5), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X12, ARM64_REG_X13, - ARM64_REG_X0, (16 * 6), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X14, ARM64_REG_X15, - ARM64_REG_X0, (16 * 7), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X16, ARM64_REG_X17, - ARM64_REG_X0, (16 * 8), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X18, ARM64_REG_X19, - ARM64_REG_X0, (16 * 9), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X20, ARM64_REG_X21, - ARM64_REG_X0, (16 * 10), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X22, ARM64_REG_X23, - ARM64_REG_X0, (16 * 11), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X24, ARM64_REG_X25, - ARM64_REG_X0, (16 * 12), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X26, ARM64_REG_X27, - ARM64_REG_X0, (16 * 13), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X28, ARM64_REG_X29, - ARM64_REG_X0, (16 * 14), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X4, ARM64_REG_X5, ARM64_REG_X0, + offsetof(GumCpuContext, x[4]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X6, ARM64_REG_X7, ARM64_REG_X0, + offsetof(GumCpuContext, x[6]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X8, ARM64_REG_X9, ARM64_REG_X0, + offsetof(GumCpuContext, x[8]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X10, ARM64_REG_X11, ARM64_REG_X0, + offsetof(GumCpuContext, x[10]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X12, ARM64_REG_X13, ARM64_REG_X0, + offsetof(GumCpuContext, x[12]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X14, ARM64_REG_X15, ARM64_REG_X0, + offsetof(GumCpuContext, x[14]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X16, ARM64_REG_X17, ARM64_REG_X0, + offsetof(GumCpuContext, x[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X18, ARM64_REG_X19, ARM64_REG_X0, + offsetof(GumCpuContext, x[18]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X20, ARM64_REG_X21, ARM64_REG_X0, + offsetof(GumCpuContext, x[20]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X22, ARM64_REG_X23, ARM64_REG_X0, + offsetof(GumCpuContext, x[22]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X24, ARM64_REG_X25, ARM64_REG_X0, + offsetof(GumCpuContext, x[24]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X26, ARM64_REG_X27, ARM64_REG_X0, + offsetof(GumCpuContext, x[26]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X28, ARM64_REG_X29, ARM64_REG_X0, + offsetof(GumCpuContext, x[28]), GUM_INDEX_SIGNED_OFFSET); - /* LR & Adjusted SP (use x1 as clobber) */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X1, - ARM64_REG_X0, (16 * 15), - GUM_INDEX_SIGNED_OFFSET); + /* LR (x30) */ + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X30, ARM64_REG_X0, + offsetof(GumCpuContext, x[30])); + /* Adjusted SP (31) (use x1 as clobber)*/ + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X0, + offsetof(GumCpuContext, sp)); gum_arm64_writer_put_mov_reg_reg(cw, ARM64_REG_SP, ARM64_REG_X1); - /* Don't restore RIP use x1-x3 as clobber */ - - /* PC (x2) & CPSR (x1) */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X1, - ARM64_REG_X0, (16 * 16), - GUM_INDEX_SIGNED_OFFSET); + /* CPSR */ + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X0, + offsetof(persistent_ctx_t, rflags)); gum_arm64_writer_put_instruction(cw, msr_nzcv_x1); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q0, ARM64_REG_Q1, - ARM64_REG_X0, (16 * 17), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q2, ARM64_REG_Q3, - ARM64_REG_X0, (16 * 18), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q4, ARM64_REG_Q5, - ARM64_REG_X0, (16 * 19), - GUM_INDEX_SIGNED_OFFSET); - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_Q6, ARM64_REG_Q7, - ARM64_REG_X0, (16 * 20), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q0, ARM64_REG_Q1, ARM64_REG_X0, + offsetof(GumCpuContext, q[0]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q2, ARM64_REG_Q3, ARM64_REG_X0, + offsetof(GumCpuContext, q[16]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q4, ARM64_REG_Q5, ARM64_REG_X0, + offsetof(GumCpuContext, q[32]), GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_Q6, ARM64_REG_Q7, ARM64_REG_X0, + offsetof(GumCpuContext, q[48]), GUM_INDEX_SIGNED_OFFSET); /* x2 & x3 */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X3, - ARM64_REG_X0, (16 * 1), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X2, ARM64_REG_X3, ARM64_REG_X0, + offsetof(GumCpuContext, x[2]), GUM_INDEX_SIGNED_OFFSET); /* x0 & x1 */ - gum_arm64_writer_put_ldp_reg_reg_reg_offset(cw, ARM64_REG_X0, ARM64_REG_X1, - ARM64_REG_X0, (16 * 0), - GUM_INDEX_SIGNED_OFFSET); + gum_arm64_writer_put_ldp_reg_reg_reg_offset( + cw, ARM64_REG_X0, ARM64_REG_X1, ARM64_REG_X0, + offsetof(GumCpuContext, x[0]), GUM_INDEX_SIGNED_OFFSET); } @@ -318,7 +237,7 @@ static void instrument_exit(GumArm64Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - previous_pc = 0; + instrument_previous_pc = 0; return ret; } @@ -334,29 +253,29 @@ static void instrument_afl_persistent_loop(GumArm64Writer *cw) { } -static void persistent_prologue_hook(GumArm64Writer * cw, - struct arm64_regs *regs) { +static void persistent_prologue_hook(GumArm64Writer * cw, + persistent_ctx_t *regs) { - if (hook == NULL) return; + if (persistent_hook == NULL) return; gum_arm64_writer_put_sub_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, GUM_RED_ZONE_SIZE); - gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X3, - GUM_ADDRESS(&__afl_fuzz_len)); - gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); - gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X3, ARM64_REG_X3, 0); - - gum_arm64_writer_put_and_reg_reg_imm(cw, ARM64_REG_X3, ARM64_REG_X3, - G_MAXULONG); - gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X2, - GUM_ADDRESS(&__afl_fuzz_ptr)); + GUM_ADDRESS(&__afl_fuzz_len)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X2, ARM64_REG_X2, 0); + gum_arm64_writer_put_and_reg_reg_imm(cw, ARM64_REG_X2, ARM64_REG_X2, + G_MAXULONG); + + gum_arm64_writer_put_ldr_reg_address(cw, ARM64_REG_X1, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_arm64_writer_put_ldr_reg_reg_offset(cw, ARM64_REG_X1, ARM64_REG_X1, 0); + gum_arm64_writer_put_call_address_with_arguments( - cw, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, GUM_ADDRESS(regs), - GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, ARM64_REG_X2, - GUM_ARG_REGISTER, ARM64_REG_X3); + cw, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, ARM64_REG_X1, GUM_ARG_REGISTER, + ARM64_REG_X2); gum_arm64_writer_put_add_reg_reg_imm(cw, ARM64_REG_SP, ARM64_REG_SP, GUM_RED_ZONE_SIZE); @@ -406,6 +325,8 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; + OKF("Persistent loop reached"); + instrument_persitent_save_regs(cw, &saved_regs); /* loop: */ diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index 653acefe..b2186db1 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -1,5 +1,5 @@ #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -10,40 +10,15 @@ #if defined(__x86_64__) -struct x86_64_regs { +typedef struct { - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; + GumCpuContext ctx; + uint64_t rflags; - union { +} persistent_ctx_t; - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -typedef struct x86_64_regs arch_api_regs; - -static arch_api_regs saved_regs = {0}; -static gpointer saved_ret = NULL; +static persistent_ctx_t saved_regs = {0}; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -51,8 +26,8 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, - struct x86_64_regs *regs) { +static void instrument_persitent_save_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, @@ -64,41 +39,41 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 1), - GUM_REG_RBX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 2), - GUM_REG_RCX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 3), - GUM_REG_RDX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 4), - GUM_REG_RDI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 5), - GUM_REG_RSI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 6), - GUM_REG_RBP); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 7), - GUM_REG_R8); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 8), - GUM_REG_R9); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 9), - GUM_REG_R10); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 10), - GUM_REG_R11); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 11), - GUM_REG_R12); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 12), - GUM_REG_R13); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 13), - GUM_REG_R14); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 14), - GUM_REG_R15); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rbx), GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rcx), GUM_REG_RCX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rdx), GUM_REG_RDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rdi), GUM_REG_RDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rsi), GUM_REG_RSI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rbp), GUM_REG_RBP); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r8), GUM_REG_R8); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r9), GUM_REG_R9); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r10), GUM_REG_R10); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r11), GUM_REG_R11); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r12), GUM_REG_R12); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r13), GUM_REG_R13); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r14), GUM_REG_R14); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, r15), GUM_REG_R15); /* Store RIP */ gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RBX, GUM_ADDRESS(persistent_start)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 15), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rip), GUM_REG_RBX); /* Store adjusted RSP */ gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_RBX, GUM_REG_RSP); @@ -106,18 +81,18 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, /* RED_ZONE + Saved flags, RAX, alignment */ gum_x86_writer_put_add_reg_imm(cw, GUM_REG_RBX, GUM_RED_ZONE_SIZE + (0x8 * 2)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 16), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rsp), GUM_REG_RBX); /* Save the flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x8); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 17), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(persistent_ctx_t, rflags), GUM_REG_RBX); /* Save the RAX */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RSP, 0x0); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_RAX, (0x8 * 0), - GUM_REG_RBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_RAX, offsetof(GumCpuContext, rax), GUM_REG_RBX); /* Pop the saved values */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 0x10); @@ -127,56 +102,56 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, } -static void instrument_persitent_restore_regs(GumX86Writer * cw, - struct x86_64_regs *regs) { +static void instrument_persitent_restore_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RAX, regs_address); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RAX, - (0x8 * 2)); + offsetof(GumCpuContext, rcx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RAX, - (0x8 * 3)); + offsetof(GumCpuContext, rdx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDI, GUM_REG_RAX, - (0x8 * 4)); + offsetof(GumCpuContext, rdi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RAX, - (0x8 * 5)); + offsetof(GumCpuContext, rsi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBP, GUM_REG_RAX, - (0x8 * 6)); + offsetof(GumCpuContext, rbp)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R8, GUM_REG_RAX, - (0x8 * 7)); + offsetof(GumCpuContext, r8)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R9, GUM_REG_RAX, - (0x8 * 8)); + offsetof(GumCpuContext, r9)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R10, GUM_REG_RAX, - (0x8 * 9)); + offsetof(GumCpuContext, r10)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R11, GUM_REG_RAX, - (0x8 * 10)); + offsetof(GumCpuContext, r11)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R12, GUM_REG_RAX, - (0x8 * 11)); + offsetof(GumCpuContext, r12)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R13, GUM_REG_RAX, - (0x8 * 12)); + offsetof(GumCpuContext, r13)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R14, GUM_REG_RAX, - (0x8 * 13)); + offsetof(GumCpuContext, r14)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_R15, GUM_REG_RAX, - (0x8 * 14)); + offsetof(GumCpuContext, r15)); /* Don't restore RIP */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSP, GUM_REG_RAX, - (0x8 * 16)); + offsetof(GumCpuContext, rsp)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -(GUM_RED_ZONE_SIZE)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, - (0x8 * 1)); + offsetof(GumCpuContext, rbx)); gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, - (0x8 * 0)); + offsetof(GumCpuContext, rax)); gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RBX, GUM_REG_RAX, - (0x8 * 17)); + offsetof(persistent_ctx_t, rflags)); gum_x86_writer_put_push_reg(cw, GUM_REG_RBX); gum_x86_writer_put_popfx(cw); @@ -199,7 +174,7 @@ static void instrument_exit(GumX86Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - previous_pc = 0; + instrument_previous_pc = 0; return ret; } @@ -217,28 +192,27 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { } -static void persistent_prologue_hook(GumX86Writer * cw, - struct x86_64_regs *regs) { +static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { - if (hook == NULL) return; + if (persistent_hook == NULL) return; gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -(GUM_RED_ZONE_SIZE)); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RCX, - GUM_ADDRESS(&__afl_fuzz_len)); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); - gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RCX, GUM_REG_RCX, 0); - gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); - gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RCX, GUM_REG_RDI); - gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RDX, - GUM_ADDRESS(&__afl_fuzz_ptr)); + GUM_ADDRESS(&__afl_fuzz_len)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RDX, GUM_REG_RDX, 0); + gum_x86_writer_put_mov_reg_u64(cw, GUM_REG_RDI, 0xffffffff); + gum_x86_writer_put_and_reg_reg(cw, GUM_REG_RDX, GUM_REG_RDI); + + gum_x86_writer_put_mov_reg_address(cw, GUM_REG_RSI, + GUM_ADDRESS(&__afl_fuzz_ptr)); + gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_RSI, GUM_REG_RSI, 0); gum_x86_writer_put_call_address_with_arguments( - cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 4, GUM_ARG_ADDRESS, - GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_REGISTER, - GUM_REG_RDX, GUM_ARG_REGISTER, GUM_REG_RCX); + cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_RSI, GUM_ARG_REGISTER, + GUM_REG_RDX); gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, (GUM_RED_ZONE_SIZE)); @@ -296,6 +270,8 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; + OKF("Persistent loop reached"); + /* Pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, 8); diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index 7add6e99..f50bccb0 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -1,45 +1,23 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" +#include "debug.h" #include "instrument.h" #include "persistent.h" #if defined(__i386__) -struct x86_regs { +typedef struct { - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + GumCpuContext ctx; + uint32_t eflags; - union { +} persistent_ctx_t; - uint32_t eip; - uint32_t pc; +static persistent_ctx_t saved_regs = {0}; - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -typedef struct x86_regs arch_api_regs; - -static arch_api_regs saved_regs = {0}; -static gpointer saved_ret = NULL; +static gpointer saved_ret = NULL; gboolean persistent_is_supported(void) { @@ -47,8 +25,8 @@ gboolean persistent_is_supported(void) { } -static void instrument_persitent_save_regs(GumX86Writer * cw, - struct x86_regs *regs) { +static void instrument_persitent_save_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); @@ -58,80 +36,80 @@ static void instrument_persitent_save_regs(GumX86Writer * cw, gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 1), - GUM_REG_EBX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 2), - GUM_REG_ECX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 3), - GUM_REG_EDX); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 4), - GUM_REG_EDI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 5), - GUM_REG_ESI); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 6), - GUM_REG_EBP); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, ebx), GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, ecx), GUM_REG_ECX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, edx), GUM_REG_EDX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, edi), GUM_REG_EDI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, esi), GUM_REG_ESI); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, ebp), GUM_REG_EBP); /* Store RIP */ gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EBX, GUM_ADDRESS(persistent_start)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 7), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, eip), GUM_REG_EBX); /* Store adjusted RSP */ gum_x86_writer_put_mov_reg_reg(cw, GUM_REG_EBX, GUM_REG_ESP); /* RED_ZONE + Saved flags, RAX */ gum_x86_writer_put_add_reg_imm(cw, GUM_REG_EBX, (0x4 * 2)); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 8), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, esp), GUM_REG_EBX); /* Save the flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x4); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 9), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(persistent_ctx_t, eflags), GUM_REG_EBX); /* Save the RAX */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_ESP, 0x0); - gum_x86_writer_put_mov_reg_offset_ptr_reg(cw, GUM_REG_EAX, (0x4 * 0), - GUM_REG_EBX); + gum_x86_writer_put_mov_reg_offset_ptr_reg( + cw, GUM_REG_EAX, offsetof(GumCpuContext, eax), GUM_REG_EBX); /* Pop the saved values */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 0x8); } -static void instrument_persitent_restore_regs(GumX86Writer * cw, - struct x86_regs *regs) { +static void instrument_persitent_restore_regs(GumX86Writer * cw, + persistent_ctx_t *regs) { GumAddress regs_address = GUM_ADDRESS(regs); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EAX, regs_address); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ECX, GUM_REG_EAX, - (0x4 * 2)); + offsetof(GumCpuContext, ecx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDX, GUM_REG_EAX, - (0x4 * 3)); + offsetof(GumCpuContext, edx)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EDI, GUM_REG_EAX, - (0x4 * 4)); + offsetof(GumCpuContext, edi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESI, GUM_REG_EAX, - (0x4 * 5)); + offsetof(GumCpuContext, esi)); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBP, GUM_REG_EAX, - (0x4 * 6)); + offsetof(GumCpuContext, ebp)); /* Don't restore RIP */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_ESP, GUM_REG_EAX, - (0x4 * 8)); + offsetof(GumCpuContext, esp)); /* Restore RBX, RAX & Flags */ gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, - (0x4 * 1)); + offsetof(GumCpuContext, ebx)); gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, - (0x4 * 0)); + offsetof(GumCpuContext, eax)); gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); gum_x86_writer_put_mov_reg_reg_offset_ptr(cw, GUM_REG_EBX, GUM_REG_EAX, - (0x4 * 9)); + offsetof(persistent_ctx_t, eflags)); gum_x86_writer_put_push_reg(cw, GUM_REG_EBX); gum_x86_writer_put_popfx(cw); @@ -152,7 +130,7 @@ static void instrument_exit(GumX86Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - previous_pc = 0; + instrument_previous_pc = 0; return ret; } @@ -165,9 +143,9 @@ static void instrument_afl_persistent_loop(GumX86Writer *cw) { } -static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { +static void persistent_prologue_hook(GumX86Writer *cw, persistent_ctx_t *regs) { - if (hook == NULL) return; + if (persistent_hook == NULL) return; gum_x86_writer_put_mov_reg_address(cw, GUM_REG_ECX, GUM_ADDRESS(&__afl_fuzz_len)); @@ -180,9 +158,8 @@ static void persistent_prologue_hook(GumX86Writer *cw, struct x86_regs *regs) { /* Base address is 64-bits (hence two zero arguments) */ gum_x86_writer_put_call_address_with_arguments( - cw, GUM_CALL_CAPI, GUM_ADDRESS(hook), 5, GUM_ARG_ADDRESS, - GUM_ADDRESS(regs), GUM_ARG_ADDRESS, GUM_ADDRESS(0), GUM_ARG_ADDRESS, - GUM_ADDRESS(0), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, + cw, GUM_CALL_CAPI, GUM_ADDRESS(persistent_hook), 3, GUM_ARG_ADDRESS, + GUM_ADDRESS(®s->ctx), GUM_ARG_REGISTER, GUM_REG_EDX, GUM_ARG_REGISTER, GUM_REG_ECX); } @@ -233,6 +210,8 @@ void persistent_prologue(GumStalkerOutput *output) { gconstpointer loop = cw->code + 1; + OKF("Persistent loop reached"); + /* Pop the return value */ gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_ESP, GUM_REG_ESP, 4); diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c index 65c09fba..50d10c9e 100644 --- a/frida_mode/src/prefetch.c +++ b/frida_mode/src/prefetch.c @@ -2,10 +2,11 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" +#include "intercept.h" #include "prefetch.h" #include "stalker.h" @@ -20,9 +21,10 @@ typedef struct { } prefetch_data_t; -static prefetch_data_t *prefetch_data = NULL; +gboolean prefetch_enable = TRUE; -static int prefetch_shm_id = -1; +static prefetch_data_t *prefetch_data = NULL; +static int prefetch_shm_id = -1; /* * We do this from the transformer since we need one anyway for coverage, this @@ -72,14 +74,33 @@ void prefetch_read(void) { } +void prefetch_config(void) { + + prefetch_enable = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); + +} + +static int prefetch_on_fork(void) { + + prefetch_read(); + return fork(); + +} + +static void prefetch_hook_fork(void) { + + void *fork_addr = + GSIZE_TO_POINTER(gum_module_find_export_by_name(NULL, "fork")); + intercept_hook(fork_addr, prefetch_on_fork, NULL); + +} + void prefetch_init(void) { g_assert_cmpint(sizeof(prefetch_data_t), ==, PREFETCH_SIZE); - gboolean prefetch = (getenv("AFL_FRIDA_INST_NO_PREFETCH") == NULL); + OKF("Instrumentation - prefetch [%c]", prefetch_enable ? 'X' : ' '); - OKF("Instrumentation - prefetch [%c]", prefetch ? 'X' : ' '); - - if (!prefetch) { return; } + if (!prefetch_enable) { return; } /* * Make our shared memory, we can attach before we fork, just like AFL does * with the coverage bitmap region and fork will take care of ensuring both @@ -108,5 +129,7 @@ void prefetch_init(void) { /* Clear it, not sure it's necessary, just seems like good practice */ memset(prefetch_data, '\0', sizeof(prefetch_data_t)); + prefetch_hook_fork(); + } diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index ef25b371..534f202b 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" @@ -17,11 +17,14 @@ typedef struct { } convert_name_ctx_t; -GArray *module_ranges = NULL; -GArray *libs_ranges = NULL; -GArray *include_ranges = NULL; -GArray *exclude_ranges = NULL; -GArray *ranges = NULL; +gboolean ranges_debug_maps = FALSE; +gboolean ranges_inst_libs = FALSE; + +static GArray *module_ranges = NULL; +static GArray *libs_ranges = NULL; +static GArray *include_ranges = NULL; +static GArray *exclude_ranges = NULL; +static GArray *ranges = NULL; static void convert_address_token(gchar *token, GumMemoryRange *range) { @@ -225,6 +228,43 @@ static GArray *collect_module_ranges(void) { } +static void check_for_overlaps(GArray *array) { + + for (guint i = 1; i < array->len; i++) { + + GumMemoryRange *prev = &g_array_index(array, GumMemoryRange, i - 1); + GumMemoryRange *curr = &g_array_index(array, GumMemoryRange, i); + GumAddress prev_limit = prev->base_address + prev->size; + GumAddress curr_limit = curr->base_address + curr->size; + if (prev_limit > curr->base_address) { + + FATAL("OVerlapping ranges 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x 0x%016" G_GINT64_MODIFIER + "x-0x%016" G_GINT64_MODIFIER "x", + prev->base_address, prev_limit, curr->base_address, curr_limit); + + } + + } + +} + +void ranges_add_include(GumMemoryRange *range) { + + g_array_append_val(include_ranges, *range); + g_array_sort(include_ranges, range_sort); + check_for_overlaps(include_ranges); + +} + +void ranges_add_exclude(GumMemoryRange *range) { + + g_array_append_val(exclude_ranges, *range); + g_array_sort(exclude_ranges, range_sort); + check_for_overlaps(exclude_ranges); + +} + static GArray *collect_ranges(char *env_key) { char * env_val; @@ -253,23 +293,7 @@ static GArray *collect_ranges(char *env_key) { g_array_sort(result, range_sort); - /* Check for overlaps */ - for (i = 1; i < token_count; i++) { - - GumMemoryRange *prev = &g_array_index(result, GumMemoryRange, i - 1); - GumMemoryRange *curr = &g_array_index(result, GumMemoryRange, i); - GumAddress prev_limit = prev->base_address + prev->size; - GumAddress curr_limit = curr->base_address + curr->size; - if (prev_limit > curr->base_address) { - - FATAL("OVerlapping ranges 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x 0x%016" G_GINT64_MODIFIER - "x-0x%016" G_GINT64_MODIFIER "x", - prev->base_address, prev_limit, curr->base_address, curr_limit); - - } - - } + check_for_overlaps(result); print_ranges(env_key, result); @@ -285,16 +309,16 @@ static GArray *collect_libs_ranges(void) { GumMemoryRange range; result = g_array_new(false, false, sizeof(GumMemoryRange)); - if (getenv("AFL_INST_LIBS") == NULL) { - - range.base_address = lib_get_text_base(); - range.size = lib_get_text_limit() - lib_get_text_base(); - - } else { + if (ranges_inst_libs) { range.base_address = 0; range.size = G_MAXULONG; + } else { + + range.base_address = lib_get_text_base(); + range.size = lib_get_text_limit() - lib_get_text_base(); + } g_array_append_val(result, range); @@ -480,30 +504,13 @@ static GArray *merge_ranges(GArray *a) { } -static gboolean exclude_ranges_callback(const GumRangeDetails *details, - gpointer user_data) { +void ranges_config(void) { - UNUSED_PARAMETER(user_data); - gchar * name; - gboolean found; - GumStalker *stalker; - if (details->file == NULL) { return TRUE; } - name = g_path_get_basename(details->file->path); + if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { ranges_debug_maps = TRUE; } + if (getenv("AFL_INST_LIBS") != NULL) { ranges_inst_libs = TRUE; } - found = (g_strcmp0(name, "afl-frida-trace.so") == 0); - g_free(name); - if (!found) { return TRUE; } - - stalker = stalker_get(); - gum_stalker_exclude(stalker, details->range); - - return FALSE; - -} - -static void ranges_exclude_self(void) { - - gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, exclude_ranges_callback, NULL); + include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); + exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); } @@ -515,16 +522,20 @@ void ranges_init(void) { GArray * step3; GArray * step4; - if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { + if (ranges_debug_maps) { gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, NULL); } + OKF("Ranges - Instrument libraries [%c]", ranges_inst_libs ? 'X' : ' '); + + print_ranges("AFL_FRIDA_INST_RANGES", include_ranges); + print_ranges("AFL_FRIDA_EXCLUDE_RANGES", exclude_ranges); + module_ranges = collect_module_ranges(); libs_ranges = collect_libs_ranges(); - include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); /* If include ranges is empty, then assume everything is included */ if (include_ranges->len == 0) { @@ -535,8 +546,6 @@ void ranges_init(void) { } - exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); - /* Intersect with .text section of main executable unless AFL_INST_LIBS */ step1 = intersect_ranges(module_ranges, libs_ranges); print_ranges("step1", step1); @@ -565,9 +574,6 @@ void ranges_init(void) { g_array_free(step2, TRUE); g_array_free(step1, TRUE); - /* *NEVER* stalk the stalker, only bad things will ever come of this! */ - ranges_exclude_self(); - ranges_exclude(); } diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 63f3c529..98483cde 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -2,18 +2,47 @@ #include "instrument.h" #include "stalker.h" +#include "util.h" static GumStalker *stalker = NULL; -void stalker_init(void) { +void stalker_config(void) { if (!gum_stalker_is_supported()) { FATAL("Failed to initialize embedded"); } +} + +static gboolean stalker_exclude_self(const GumRangeDetails *details, + gpointer user_data) { + + UNUSED_PARAMETER(user_data); + gchar * name; + gboolean found; + GumStalker *stalker; + if (details->file == NULL) { return TRUE; } + name = g_path_get_basename(details->file->path); + + found = (g_strcmp0(name, "afl-frida-trace.so") == 0); + g_free(name); + if (!found) { return TRUE; } + + stalker = stalker_get(); + gum_stalker_exclude(stalker, details->range); + + return FALSE; + +} + +void stalker_init(void) { + stalker = gum_stalker_new(); if (stalker == NULL) { FATAL("Failed to initialize stalker"); } gum_stalker_set_trust_threshold(stalker, 0); + /* *NEVER* stalk the stalker, only bad things will ever come of this! */ + gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, stalker_exclude_self, NULL); + } GumStalker *stalker_get(void) { diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 0d7b9fb0..0dd8be70 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -5,7 +5,7 @@ #include #include -#include "frida-gum.h" +#include "frida-gumjs.h" #include "config.h" #include "debug.h" @@ -17,15 +17,16 @@ stats_data_header_t *stats_data = NULL; -static int stats_parent_pid = -1; -static int stats_fd = -1; -static gboolean stats_transitions = FALSE; -static guint64 stats_interval = 0; +static int stats_parent_pid = -1; +static int stats_fd = -1; -void stats_init(void) { +char * stats_filename = NULL; +guint64 stats_interval = 0; +gboolean stats_transitions = FALSE; - stats_parent_pid = getpid(); - char *filename = getenv("AFL_FRIDA_STATS_FILE"); +void stats_config(void) { + + stats_filename = getenv("AFL_FRIDA_STATS_FILE"); stats_interval = util_read_num("AFL_FRIDA_STATS_INTERVAL"); if (getenv("AFL_FRIDA_STATS_TRANSITIONS") != NULL) { @@ -33,10 +34,16 @@ void stats_init(void) { } - OKF("Stats - file [%s]", filename); +} + +void stats_init(void) { + + stats_parent_pid = getpid(); + + OKF("Stats - file [%s]", stats_filename); OKF("Stats - interval [%" G_GINT64_MODIFIER "u]", stats_interval); - if (stats_interval != 0 && filename == NULL) { + if (stats_interval != 0 && stats_filename == NULL) { FATAL( "AFL_FRIDA_STATS_FILE must be specified if " @@ -46,7 +53,7 @@ void stats_init(void) { if (stats_interval == 0) { stats_interval = 10; } - if (filename == NULL) { return; } + if (stats_filename == NULL) { return; } if (!stats_is_supported_arch()) { @@ -56,11 +63,11 @@ void stats_init(void) { char *path = NULL; - if (filename == NULL) { return; } + if (stats_filename == NULL) { return; } if (stats_transitions) { gum_stalker_set_counters_enabled(TRUE); } - path = g_canonicalize_filename(filename, g_get_current_dir()); + path = g_canonicalize_filename(stats_filename, g_get_current_dir()); OKF("Stats - path [%s]", path); diff --git a/frida_mode/src/stats/stats_arm32.c b/frida_mode/src/stats/stats_arm32.c index 7eea7f91..71953af3 100644 --- a/frida_mode/src/stats/stats_arm32.c +++ b/frida_mode/src/stats/stats_arm32.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/stats/stats_arm64.c b/frida_mode/src/stats/stats_arm64.c index 592af87a..d9d374a4 100644 --- a/frida_mode/src/stats/stats_arm64.c +++ b/frida_mode/src/stats/stats_arm64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/stats/stats_x64.c b/frida_mode/src/stats/stats_x64.c index c3e8742a..7c3a90d7 100644 --- a/frida_mode/src/stats/stats_x64.c +++ b/frida_mode/src/stats/stats_x64.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/src/stats/stats_x86.c b/frida_mode/src/stats/stats_x86.c index 1906e809..d9c4f652 100644 --- a/frida_mode/src/stats/stats_x86.c +++ b/frida_mode/src/stats/stats_x86.c @@ -1,4 +1,4 @@ -#include "frida-gum.h" +#include "frida-gumjs.h" #include "debug.h" diff --git a/frida_mode/test/deferred/GNUmakefile b/frida_mode/test/deferred/GNUmakefile index c268ef66..ae580e3f 100644 --- a/frida_mode/test/deferred/GNUmakefile +++ b/frida_mode/test/deferred/GNUmakefile @@ -37,7 +37,7 @@ ifeq "$(ARCH)" "x86" AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) endif -.PHONY: all clean qemu frida +.PHONY: all clean frida all: $(TESTINSTBIN) make -C $(ROOT)frida_mode/ diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile new file mode 100644 index 00000000..e3a8f321 --- /dev/null +++ b/frida_mode/test/jpeg/GNUmakefile @@ -0,0 +1,164 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so + +LIBJPEG_BUILD_DIR:=$(BUILD_DIR)libjpeg/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +JPEGTEST_BUILD_DIR:=$(BUILD_DIR)jpegtest/ + +LIBJPEG_URL:=https://github.com/libjpeg-turbo/libjpeg-turbo.git +LIBJPEG_DIR:=$(LIBJPEG_BUILD_DIR)libjpeg/ +LIBJPEG_CONFIGURE:=$(LIBJPEG_DIR)configure.ac +LIBJPEG_MAKEFILE:=$(LIBJPEG_DIR)Makefile +LIBJPEG_LIB:=$(LIBJPEG_DIR).libs/libturbojpeg.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/stable/utils/aflpp_driver/aflpp_qemu_driver.c" + +JPEGTEST_FILE:=$(JPEGTEST_BUILD_DIR)target.cc +JPEGTEST_OBJ:=$(JPEGTEST_BUILD_DIR)target.o +JPEGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmarks/libjpeg-turbo-07-2017/libjpeg_turbo_fuzzer.cc" + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)default_seed + +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### JPEGTEST ######## + +$(JPEGTEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(JPEGTEST_FILE): | $(JPEGTEST_BUILD_DIR) + wget -O $@ $(JPEGTEST_URL) + +$(JPEGTEST_OBJ): $(JPEGTEST_FILE) | $(LIBJPEG_MAKEFILE) + $(CXX) $(CXXFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBJPEG_DIR) -o $@ -c $< + +######### LIBJPEG ######## + +$(LIBJPEG_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBJPEG_CONFIGURE): $(LIBJPEG_BUILD_DIR) + git clone $(LIBJPEG_URL) $(LIBJPEG_DIR) + cd $(LIBJPEG_DIR) && git checkout b0971e47d76fdb81270e93bbf11ff5558073350d + +$(LIBJPEG_MAKEFILE): $(LIBJPEG_CONFIGURE) + cd $(LIBJPEG_DIR) && autoreconf -fiv + cd $(LIBJPEG_DIR) && ./configure + +$(LIBJPEG_LIB): $(LIBJPEG_MAKEFILE) + make -C $(LIBJPEG_DIR) -j $(shell nproc) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(JPEGTEST_OBJ) $(LIBJPEG_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(JPEGTEST_OBJ) $(LIBJPEG_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## DUMMY ####### + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo "hi" > $(TEST_DATA_FILE) + +###### TEST DATA ####### + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) + AFL_DEBUG_CHILD=1 \ + AFL_DISABLE_TRIM=1 \ + AFL_FRIDA_PERSISTENT_CNT=1000000 \ + AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 \ + AFL_NO_AFFINITY=1 \ + X__AFL_NO_UI=1 \ + AFL_PATH=/out \ + AFL_SHUFFLE_QUEUE=1 \ + AFL_SKIP_CPUFREQ=1 \ + AFL_SKIP_CRASHES=1 \ + AFL_TESTCACHE_SIZE=2 \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -m none \ + -t 1000+ \ + -d \ + -O \ + -c 0\ + -V 30 \ + -- \ + $(TEST_BIN) 2147483647 + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.jpeg diff --git a/frida_mode/test/jpeg/Makefile b/frida_mode/test/jpeg/Makefile new file mode 100644 index 00000000..7a237f99 --- /dev/null +++ b/frida_mode/test/jpeg/Makefile @@ -0,0 +1,16 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +debug: + @gmake debug diff --git a/frida_mode/test/jpeg/get_symbol_addr.py b/frida_mode/test/jpeg/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/jpeg/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/js/GNUmakefile b/frida_mode/test/js/GNUmakefile new file mode 100644 index 00000000..af40c1c4 --- /dev/null +++ b/frida_mode/test/js/GNUmakefile @@ -0,0 +1,80 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)in + +TESTINSTBIN:=$(BUILD_DIR)test +TESTINSTSRC:=$(PWD)test.c + +TESTINSTBIN2:=$(BUILD_DIR)test2 +TESTINSTSRC2:=$(PWD)test2.c + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +.PHONY: all 32 clean qemu frida + +all: $(TESTINSTBIN) $(TESTINSTBIN2) + make -C $(ROOT)frida_mode/ + +32: + CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo -n "000" > $@ + +$(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +$(TESTINSTBIN2): $(TESTINSTSRC2) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + +clean: + rm -rf $(BUILD_DIR) + +frida_js_entry: $(TESTINSTBIN) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=entry.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_js_replace: $(TESTINSTBIN) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=replace.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) @@ + +frida_js_patch: $(TESTINSTBIN2) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=patch.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN2) @@ + +frida_js_stalker: $(TESTINSTBIN2) $(TEST_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=stalker.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN2) @@ diff --git a/frida_mode/test/js/Makefile b/frida_mode/test/js/Makefile new file mode 100644 index 00000000..8a2b6fb0 --- /dev/null +++ b/frida_mode/test/js/Makefile @@ -0,0 +1,25 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida_js_entry: + @gmake frida_js_entry + +frida_js_replace: + @gmake frida_js_replace + +frida_js_patch: + @gmake frida_js_patch + +frida_js_stalker: + @gmake frida_js_stalker + +debug: + @gmake debug diff --git a/frida_mode/test/js/entry.js b/frida_mode/test/js/entry.js new file mode 100644 index 00000000..f10ef2d1 --- /dev/null +++ b/frida_mode/test/js/entry.js @@ -0,0 +1,20 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const entry_point = DebugSymbol.fromName('run'); +Afl.print(`entry_point: ${entry_point.address}`); + +Afl.setEntryPoint(entry_point.address); + +// Afl.error('HARD NOPE'); + +Afl.done(); +Afl.print("done"); diff --git a/frida_mode/test/js/patch.js b/frida_mode/test/js/patch.js new file mode 100644 index 00000000..485a434f --- /dev/null +++ b/frida_mode/test/js/patch.js @@ -0,0 +1,34 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +const main = DebugSymbol.fromName('main').address; +Afl.print(`main: ${main}`); +Afl.setEntryPoint(main); +Afl.setPersistentAddress(main); +Afl.setPersistentCount(10000000); + +const crc32_check = DebugSymbol.fromName('crc32_check').address; +const crc32_replacement = new NativeCallback( + (buf, len) => { + Afl.print(`len: ${len}`); + if (len < 4) { + return 0; + } + + return 1; + }, + 'int', + ['pointer', 'int']); +Interceptor.replace(crc32_check, crc32_replacement); + +const some_boring_bug = DebugSymbol.fromName('some_boring_bug').address +const boring_replacement = new NativeCallback( + (c) => { }, + 'void', + ['char']); +Interceptor.replace(some_boring_bug, boring_replacement); + +Afl.done(); +Afl.print("done"); diff --git a/frida_mode/test/js/replace.js b/frida_mode/test/js/replace.js new file mode 100644 index 00000000..4e1e7eb7 --- /dev/null +++ b/frida_mode/test/js/replace.js @@ -0,0 +1,43 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const slow = DebugSymbol.fromName('slow').address; +Afl.print(`slow: ${slow}`); + +const LLVMFuzzerTestOneInput = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`LLVMFuzzerTestOneInput: ${LLVMFuzzerTestOneInput}`); + +const cm = new CModule(` + + extern unsigned char * __afl_fuzz_ptr; + extern unsigned int * __afl_fuzz_len; + extern void LLVMFuzzerTestOneInput(char *buf, int len); + + void slow(void) { + + LLVMFuzzerTestOneInput(__afl_fuzz_ptr, *__afl_fuzz_len); + } + `, + { + LLVMFuzzerTestOneInput: LLVMFuzzerTestOneInput, + __afl_fuzz_ptr: Afl.getAflFuzzPtr(), + __afl_fuzz_len: Afl.getAflFuzzLen() + }); + +Afl.setEntryPoint(cm.slow); +Afl.setPersistentAddress(cm.slow); +Afl.setInMemoryFuzzing(); +Interceptor.replace(slow, cm.slow); +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/js/stalker.js b/frida_mode/test/js/stalker.js new file mode 100644 index 00000000..33f024f5 --- /dev/null +++ b/frida_mode/test/js/stalker.js @@ -0,0 +1,109 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +const main = DebugSymbol.fromName('main').address; +Afl.print(`main: ${main}`); +Afl.setEntryPoint(main); +Afl.setPersistentAddress(main); +Afl.setPersistentCount(10000000); + +/* Replace CRC-32 check */ +const crc32_check = DebugSymbol.fromName('crc32_check').address; +const crc32_replacement = new NativeCallback( + (buf, len) => { + if (len < 4) { + return 0; + } + + return 1; + }, + 'int', + ['pointer', 'int']); +Interceptor.replace(crc32_check, crc32_replacement); + +/* Patch out the first boring bug */ +const some_boring_bug = DebugSymbol.fromName('some_boring_bug').address +const boring_replacement = new NativeCallback( + (c) => { }, + 'void', + ['char']); +Interceptor.replace(some_boring_bug, boring_replacement); + +/* Modify the instructions */ +const some_boring_bug2 = DebugSymbol.fromName('some_boring_bug2').address +const pid = Memory.alloc(4); +pid.writeInt(Process.id); + +const cm = new CModule(` + #include + #include + + typedef int pid_t; + + #define STDERR_FILENO 2 + #define BORING2_LEN 10 + + extern int dprintf(int fd, const char *format, ...); + extern void some_boring_bug2(char c); + extern pid_t getpid(void); + extern pid_t pid; + + gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, + gboolean excluded, GumStalkerOutput *output) + { + pid_t my_pid = getpid(); + GumX86Writer *cw = output->writer.x86; + + if (GUM_ADDRESS(insn->address) < GUM_ADDRESS(some_boring_bug2)) { + + return TRUE; + + } + + if (GUM_ADDRESS(insn->address) >= + GUM_ADDRESS(some_boring_bug2) + BORING2_LEN) { + + return TRUE; + + } + + if (my_pid == pid) { + + if (begin) { + + dprintf(STDERR_FILENO, "\n> 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } else { + + dprintf(STDERR_FILENO, " 0x%016lX: %s %s\n", insn->address, + insn->mnemonic, insn->op_str); + + } + + } + + if (insn->id == X86_INS_UD2) { + + gum_x86_writer_put_nop(cw); + return FALSE; + + } else { + + return TRUE; + + } + } + `, + { + dprintf: Module.getExportByName(null, 'dprintf'), + getpid: Module.getExportByName(null, 'getpid'), + some_boring_bug2: some_boring_bug2, + pid: pid + }); +Afl.setStalkerCallback(cm.js_stalker_callback) +Afl.setStdErr("/tmp/stderr.txt"); +Afl.done(); +Afl.print("done"); diff --git a/frida_mode/test/js/test.c b/frida_mode/test/js/test.c new file mode 100644 index 00000000..bbda5ccf --- /dev/null +++ b/frida_mode/test/js/test.c @@ -0,0 +1,115 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (len < 1) return; + buf[len] = 0; + + // we support three input cases + if (buf[0] == '0') + printf("Looks like a zero to me!\n"); + else if (buf[0] == '1') + printf("Pretty sure that is a one!\n"); + else + printf("Neither one or zero? How quaint!\n"); + +} + +int run(char *file) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + do { + + dprintf(STDERR_FILENO, "Running: %s\n", file); + + fd = open(file, O_RDONLY); + if (fd < 0) { + + perror("open"); + break; + + } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { + + perror("lseek (SEEK_END)"); + break; + + } + + if (lseek(fd, 0, SEEK_SET) != 0) { + + perror("lseek (SEEK_SET)"); + break; + + } + + buf = malloc(len); + if (buf == NULL) { + + perror("malloc"); + break; + + } + + n_read = read(fd, buf, len); + if (n_read != len) { + + perror("read"); + break; + + } + + dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); + + LLVMFuzzerTestOneInput(buf, len); + dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); + + result = 0; + + } while (false); + + if (buf != NULL) { free(buf); } + + if (fd != -1) { close(fd); } + + return result; + +} + +void slow() { + + usleep(100000); + +} + +int main(int argc, char **argv) { + + if (argc != 2) { return 1; } + slow(); + return run(argv[1]); + +} + diff --git a/frida_mode/test/js/test2.c b/frida_mode/test/js/test2.c new file mode 100644 index 00000000..d16f35fc --- /dev/null +++ b/frida_mode/test/js/test2.c @@ -0,0 +1,177 @@ +/* + american fuzzy lop++ - a trivial program to test the build + -------------------------------------------------------- + Originally written by Michal Zalewski + Copyright 2014 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + http://www.apache.org/licenses/LICENSE-2.0 + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#define IGNORED_RETURN(x) (void)!(x) + +const uint32_t crc32_tab[] = { + 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba, 0x076dc419, 0x706af48f, + 0xe963a535, 0x9e6495a3, 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988, + 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91, 0x1db71064, 0x6ab020f2, + 0xf3b97148, 0x84be41de, 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7, + 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec, 0x14015c4f, 0x63066cd9, + 0xfa0f3d63, 0x8d080df5, 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172, + 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b, 0x35b5a8fa, 0x42b2986c, + 0xdbbbc9d6, 0xacbcf940, 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59, + 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116, 0x21b4f4b5, 0x56b3c423, + 0xcfba9599, 0xb8bda50f, 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924, + 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d, 0x76dc4190, 0x01db7106, + 0x98d220bc, 0xefd5102a, 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433, + 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818, 0x7f6a0dbb, 0x086d3d2d, + 0x91646c97, 0xe6635c01, 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e, + 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457, 0x65b0d9c6, 0x12b7e950, + 0x8bbeb8ea, 0xfcb9887c, 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65, + 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2, 0x4adfa541, 0x3dd895d7, + 0xa4d1c46d, 0xd3d6f4fb, 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0, + 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9, 0x5005713c, 0x270241aa, + 0xbe0b1010, 0xc90c2086, 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f, + 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4, 0x59b33d17, 0x2eb40d81, + 0xb7bd5c3b, 0xc0ba6cad, 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a, + 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683, 0xe3630b12, 0x94643b84, + 0x0d6d6a3e, 0x7a6a5aa8, 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1, + 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe, 0xf762575d, 0x806567cb, + 0x196c3671, 0x6e6b06e7, 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc, + 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5, 0xd6d6a3e8, 0xa1d1937e, + 0x38d8c2c4, 0x4fdff252, 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b, + 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60, 0xdf60efc3, 0xa867df55, + 0x316e8eef, 0x4669be79, 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236, + 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f, 0xc5ba3bbe, 0xb2bd0b28, + 0x2bb45a92, 0x5cb36a04, 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d, + 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a, 0x9c0906a9, 0xeb0e363f, + 0x72076785, 0x05005713, 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38, + 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21, 0x86d3d2d4, 0xf1d4e242, + 0x68ddb3f8, 0x1fda836e, 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777, + 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c, 0x8f659eff, 0xf862ae69, + 0x616bffd3, 0x166ccf45, 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2, + 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db, 0xaed16a4a, 0xd9d65adc, + 0x40df0b66, 0x37d83bf0, 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9, + 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6, 0xbad03605, 0xcdd70693, + 0x54de5729, 0x23d967bf, 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94, + 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d +}; + +uint32_t +crc32(const void *buf, size_t size) +{ + const uint8_t *p = buf; + uint32_t crc; + crc = ~0U; + while (size--) + crc = crc32_tab[(crc ^ *p++) & 0xFF] ^ (crc >> 8); + return crc ^ ~0U; +} + +/* + * Don't you hate those contrived examples which CRC their data. We can use + * FRIDA to patch this function out and always return success. Otherwise, we + * could change it to actually correct the checksum. + */ +int crc32_check (char * buf, int len) { + if (len < sizeof(uint32_t)) { return 0; } + uint32_t expected = *(uint32_t *)&buf[len - sizeof(uint32_t)]; + uint32_t calculated = crc32(buf, len - sizeof(uint32_t)); + return expected == calculated; +} + +/* + * So you've found a really boring bug in an earlier campaign which results in + * a NULL dereference or something like that. That bug can get in the way, + * causing the persistent loop to exit whenever it is triggered, and can also + * cloud your output unnecessarily. Again, we can use FRIDA to patch it out. + */ +void some_boring_bug(char c) { + switch (c) { + case 'A'...'Z': + case 'a'...'z': + __builtin_trap(); + break; + } +} + +extern void some_boring_bug2(char c); + +__asm__ ( + ".text \n" + "some_boring_bug2: \n" + ".global some_boring_bug2 \n" + ".type some_boring_bug2, @function \n" + "mov %edi, %eax \n" + "cmp $0xb4, %al \n" + "jne ok \n" + "ud2 \n" + "ok: \n" + "ret \n"); + +void LLVMFuzzerTestOneInput(char *buf, int len) { + + if (!crc32_check(buf, len)) return; + + some_boring_bug(buf[0]); + some_boring_bug2(buf[0]); + + if (buf[0] == '0') { + printf("Looks like a zero to me!\n"); + } + else if (buf[0] == '1') { + printf("Pretty sure that is a one!\n"); + } + else if (buf[0] == '2') { + printf("Oh we, weren't expecting that!"); + __builtin_trap(); + } + else + printf("Neither one or zero? How quaint!\n"); + +} + +int main(int argc, char **argv) { + + int fd = -1; + off_t len; + char * buf = NULL; + size_t n_read; + int result = -1; + + if (argc != 2) { return 1; } + + printf("Running: %s\n", argv[1]); + + fd = open(argv[1], O_RDONLY); + if (fd < 0) { return 1; } + + len = lseek(fd, 0, SEEK_END); + if (len < 0) { return 1; } + + if (lseek(fd, 0, SEEK_SET) != 0) { return 1; } + + buf = malloc(len); + if (buf == NULL) { return 1; } + + n_read = read(fd, buf, len); + if (n_read != len) { return 1; } + + printf("Running: %s: (%zd bytes)\n", argv[1], n_read); + + LLVMFuzzerTestOneInput(buf, len); + printf("Done: %s: (%zd bytes)\n", argv[1], n_read); + + return 0; +} + diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile index e30f2049..8a10be07 100644 --- a/frida_mode/test/libpcap/GNUmakefile +++ b/frida_mode/test/libpcap/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so LIBPCAP_BUILD_DIR:=$(BUILD_DIR)libpcap/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -137,11 +136,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(PCAPTEST_OBJ) $(LIBPCAP_LIB) $(LDFLAGS) \ $(TEST_BIN_LDFLAGS) \ -########## HOOK ######## - -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ - ########## DUMMY ####### $(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) @@ -149,8 +143,6 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) ###### TEST DATA ####### -hook: $(AFLPP_DRIVER_HOOK_OBJ) - clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c b/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c deleted file mode 100644 index 059d438d..00000000 --- a/frida_mode/test/libpcap/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index 2de51d86..f11269e3 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -82,6 +82,16 @@ frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ +frida_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_FRIDA_JS_SCRIPT=test.js \ + $(ROOT)afl-fuzz \ + -D \ + -O \ + -i $(TESTINSTR_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) gdb \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ @@ -92,6 +102,15 @@ debug: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) --ex 'set disassembly-flavor intel' \ --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) +debug_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + gdb \ + --ex 'set environment AFL_FRIDA_JS_SCRIPT=test.js' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_DEBUG=1' \ + --ex 'set environment AFL_DEBUG_CHILD=1' \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + run: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_FRIDA_PERSISTENT_RET=$(AFL_FRIDA_PERSISTENT_RET) \ diff --git a/frida_mode/test/persistent_ret/test.js b/frida_mode/test/persistent_ret/test.js new file mode 100644 index 00000000..8adb45b2 --- /dev/null +++ b/frida_mode/test/persistent_ret/test.js @@ -0,0 +1,48 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +if (name === 'testinstr') { + const persistent_addr = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; + Afl.print(`persistent_addr: ${persistent_addr}`); + Afl.setEntryPoint(persistent_addr); + Afl.setPersistentAddress(persistent_addr); + Afl.setInstrumentDebugFile("/dev/stdout"); + Afl.setPersistentDebug(); + Afl.setInstrumentNoOptimize(); + Afl.setInstrumentEnableTracing(); + + const LLVMFuzzerTestOneInput = new NativeFunction( + persistent_addr, + 'void', + ['pointer', 'uint64'], + {traps: "all"}); + + const persistentHook = new NativeCallback( + (data, size) => { + const input = Afl.aflFuzzPtr.readPointer(); + const len = Afl.aflFuzzLen.readPointer().readU32(); + const hd = hexdump(input, {length: len, header: false, ansi: true}); + Afl.print(`input: ${hd}`); + LLVMFuzzerTestOneInput(input, len); + }, + 'void', + ['pointer', 'uint64']); + + Afl.aflSharedMemFuzzing.writeInt(1); + Interceptor.replace(persistent_addr, persistentHook); + Interceptor.flush(); +} + +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/persistent_ret/testinstr.c b/frida_mode/test/persistent_ret/testinstr.c index 6cb88a50..42e3519a 100644 --- a/frida_mode/test/persistent_ret/testinstr.c +++ b/frida_mode/test/persistent_ret/testinstr.c @@ -17,13 +17,14 @@ #include #ifdef __APPLE__ - #define TESTINSTR_SECTION + #define MAIN_SECTION #else - #define TESTINSTR_SECTION __attribute__((section(".testinstr"))) + #define MAIN_SECTION __attribute__((section(".main"))) #endif -void testinstr(char *buf, int len) { +void LLVMFuzzerTestOneInput(char *buf, int len) { + printf (">>> LLVMFuzzerTestOneInput >>>\n"); if (len < 1) return; buf[len] = 0; @@ -43,7 +44,7 @@ void slow() { } -TESTINSTR_SECTION int main(int argc, char **argv) { +MAIN_SECTION int main(int argc, char **argv) { char * file; int fd = -1; @@ -101,7 +102,7 @@ TESTINSTR_SECTION int main(int argc, char **argv) { dprintf(STDERR_FILENO, "Running: %s: (%zd bytes)\n", file, n_read); - testinstr(buf, len); + LLVMFuzzerTestOneInput(buf, len); dprintf(STDERR_FILENO, "Done: %s: (%zd bytes)\n", file, n_read); slow(); diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index b17f3775..0ff9fe86 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so CFLAGS+=-O3 \ -funroll-loops \ @@ -48,7 +47,7 @@ endif .PHONY: all 32 clean format qemu qemu_entry frida frida_entry debug -all: $(AFLPP_DRIVER_HOOK_OBJ) +all: make -C $(ROOT)frida_mode/test/png/persistent/ 32: @@ -68,9 +67,6 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) $(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) truncate -s 1M $@ -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ - qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ @@ -124,6 +120,28 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) +frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_JS_SCRIPT=load.js \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_JS_SCRIPT=cmodule.js \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + debug: $(AFLPP_DRIVER_DUMMY_INPUT) echo $(AFL_FRIDA_PERSISTENT_ADDR) gdb \ diff --git a/frida_mode/test/png/persistent/hook/Makefile b/frida_mode/test/png/persistent/hook/Makefile index 983d009e..dca51d85 100644 --- a/frida_mode/test/png/persistent/hook/Makefile +++ b/frida_mode/test/png/persistent/hook/Makefile @@ -24,5 +24,8 @@ frida: frida_entry: @gmake frida_entry +frida_js: + @gmake frida_js + debug: @gmake debug diff --git a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c b/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c deleted file mode 100644 index 1542c0bf..00000000 --- a/frida_mode/test/png/persistent/hook/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,193 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} -#elif defined(__aarch64__) - -struct arm64_regs { - - uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; - - union { - - uint64_t x11; - uint32_t fp_32; - - }; - - union { - - uint64_t x12; - uint32_t ip_32; - - }; - - union { - - uint64_t x13; - uint32_t sp_32; - - }; - - union { - - uint64_t x14; - uint32_t lr_32; - - }; - - union { - - uint64_t x15; - uint32_t pc_32; - - }; - - union { - - uint64_t x16; - uint64_t ip0; - - }; - - union { - - uint64_t x17; - uint64_t ip1; - - }; - - uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; - - union { - - uint64_t x29; - uint64_t fp; - - }; - - union { - - uint64_t x30; - uint64_t lr; - - }; - - union { - - uint64_t x31; - uint64_t sp; - - }; - - // the zero register is not saved here ofc - - uint64_t pc; - - uint32_t cpsr; - - uint8_t vfp_zregs[32][16 * 16]; - uint8_t vfp_pregs[17][32]; - uint32_t vfp_xregs[16]; - -}; - -void afl_persistent_hook(struct arm64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->x0, input_buf, input_buf_len); - regs->x1 = input_buf_len; -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/test/png/persistent/hook/cmodule.js b/frida_mode/test/png/persistent/hook/cmodule.js new file mode 100644 index 00000000..ab8bdc66 --- /dev/null +++ b/frida_mode/test/png/persistent/hook/cmodule.js @@ -0,0 +1,39 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const persistent_addr = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`persistent_addr: ${persistent_addr}`); +Afl.setEntryPoint(persistent_addr); +Afl.setPersistentAddress(persistent_addr); + +const cm = new CModule(` + + #include + #include + + void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, + uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + + } + `, + { + memcpy: Module.getExportByName(null, 'memcpy') + }); +Afl.setPersistentHook(cm.afl_persistent_hook); + +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/png/persistent/hook/load.js b/frida_mode/test/png/persistent/hook/load.js new file mode 100644 index 00000000..ce4374ae --- /dev/null +++ b/frida_mode/test/png/persistent/hook/load.js @@ -0,0 +1,27 @@ +Afl.print('******************'); +Afl.print('* AFL FRIDA MODE *'); +Afl.print('******************'); +Afl.print(''); + +Afl.print(`PID: ${Process.id}`); + +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); + +new ModuleMap().values().forEach(m => { + Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); +}); + +const persistent_addr = DebugSymbol.fromName('LLVMFuzzerTestOneInput').address; +Afl.print(`persistent_addr: ${persistent_addr}`); +Afl.setEntryPoint(persistent_addr); +Afl.setPersistentAddress(persistent_addr); + +const path = Afl.module.path; +const dir = path.substring(0, path.lastIndexOf("/")); +const mod = Module.load(`${dir}/frida_mode/build/hook.so`); +const hook = mod.getExportByName('afl_persistent_hook'); +Afl.setPersistentHook(hook); + +Afl.print("done"); +Afl.done(); diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile new file mode 100644 index 00000000..e324a5d0 --- /dev/null +++ b/frida_mode/test/proj4/GNUmakefile @@ -0,0 +1,164 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so + +LIBPROJ4_BUILD_DIR:=$(BUILD_DIR)libproj4/ +HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ +PROJ4TEST_BUILD_DIR:=$(BUILD_DIR)proj4test/ + +LIBPROJ4_URL:=https://github.com/OSGeo/PROJ +LIBPROJ4_DIR:=$(LIBPROJ4_BUILD_DIR)libproj4/ +LIBPROJ4_CONFIGURE:=$(LIBPROJ4_DIR)configure.ac +LIBPROJ4_MAKEFILE:=$(LIBPROJ4_DIR)Makefile +LIBPROJ4_LIB:=$(LIBPROJ4_DIR)src/.libs/libproj.a + +HARNESS_FILE:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.c +HARNESS_OBJ:=$(HARNESS_BUILD_DIR)StandaloneFuzzTargetMain.o +HARNESS_URL:="https://raw.githubusercontent.com/AFLplusplus/AFLplusplus/stable/utils/aflpp_driver/aflpp_qemu_driver.c" + +PROJ4TEST_FILE:=$(PROJ4TEST_BUILD_DIR)target.cc +PROJ4TEST_OBJ:=$(PROJ4TEST_BUILD_DIR)target.o +PROJ4TEST_URL:="https://raw.githubusercontent.com/OSGeo/PROJ/d00501750b210a73f9fb107ac97a683d4e3d8e7a/test/fuzzers/standard_fuzzer.cpp" + +LDFLAGS += -lpthread + +TEST_BIN:=$(BUILD_DIR)test +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +endif + +TEST_DATA_DIR:=$(BUILD_DIR)in/ +TEST_DATA_FILE:=$(TEST_DATA_DIR)default_seed + +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) +endif + +.PHONY: all clean frida hook + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +######### HARNESS ######## +$(HARNESS_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(HARNESS_FILE): | $(HARNESS_BUILD_DIR) + wget -O $@ $(HARNESS_URL) + +$(HARNESS_OBJ): $(HARNESS_FILE) + $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + +######### PROJ4TEST ######## + +$(PROJ4TEST_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(PROJ4TEST_FILE): | $(PROJ4TEST_BUILD_DIR) + wget -O $@ $(PROJ4TEST_URL) + +$(PROJ4TEST_OBJ): $(PROJ4TEST_FILE) | $(LIBPROJ4_MAKEFILE) + $(CXX) $(CXXFLAGS) $(LDFLAGS) -std=c++11 -I $(LIBPROJ4_DIR)src/ -o $@ -c $< + +######### LIBPROJ4 ######## + +$(LIBPROJ4_BUILD_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(LIBPROJ4_CONFIGURE): $(LIBPROJ4_BUILD_DIR) + git clone $(LIBPROJ4_URL) $(LIBPROJ4_DIR) + cd $(LIBPROJ4_DIR) && git checkout d00501750b210a73f9fb107ac97a683d4e3d8e7a + +$(LIBPROJ4_MAKEFILE): $(LIBPROJ4_CONFIGURE) + cd $(LIBPROJ4_DIR) && ./autogen.sh + cd $(LIBPROJ4_DIR) && ./configure + +$(LIBPROJ4_LIB): $(LIBPROJ4_MAKEFILE) + make -C $(LIBPROJ4_DIR) -j $(shell nproc) + +######### TEST ######## + +$(TEST_BIN): $(HARNESS_OBJ) $(PROJ4TEST_OBJ) $(LIBPROJ4_LIB) + $(CXX) \ + $(CFLAGS) \ + -o $@ \ + $(HARNESS_OBJ) $(PROJ4TEST_OBJ) $(LIBPROJ4_LIB) \ + -lz \ + $(LDFLAGS) \ + $(TEST_BIN_LDFLAGS) \ + +########## DUMMY ####### + +$(TEST_DATA_DIR): | $(BUILD_DIR) + mkdir -p $@ + +$(TEST_DATA_FILE): | $(TEST_DATA_DIR) + echo "hi" > $(TEST_DATA_FILE) + +###### TEST DATA ####### + +clean: + rm -rf $(BUILD_DIR) + +frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) + AFL_DEBUG_CHILD=1 \ + AFL_DISABLE_TRIM=1 \ + AFL_FRIDA_PERSISTENT_CNT=1000000 \ + AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 \ + AFL_NO_AFFINITY=1 \ + X__AFL_NO_UI=1 \ + AFL_PATH=/out \ + AFL_SHUFFLE_QUEUE=1 \ + AFL_SKIP_CPUFREQ=1 \ + AFL_SKIP_CRASHES=1 \ + AFL_TESTCACHE_SIZE=2 \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -i $(TEST_DATA_DIR) \ + -o $(FRIDA_OUT) \ + -m none \ + -t 1000+ \ + -d \ + -O \ + -c 0\ + -V 30 \ + -- \ + $(TEST_BIN) 2147483647 + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.proj4 diff --git a/frida_mode/test/proj4/Makefile b/frida_mode/test/proj4/Makefile new file mode 100644 index 00000000..f83e2992 --- /dev/null +++ b/frida_mode/test/proj4/Makefile @@ -0,0 +1,17 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +debug: + @gmake debug + diff --git a/frida_mode/test/proj4/get_symbol_addr.py b/frida_mode/test/proj4/get_symbol_addr.py new file mode 100755 index 00000000..1c46e010 --- /dev/null +++ b/frida_mode/test/proj4/get_symbol_addr.py @@ -0,0 +1,36 @@ +#!/usr/bin/python3 +import argparse +from elftools.elf.elffile import ELFFile + +def process_file(file, symbol, base): + with open(file, 'rb') as f: + elf = ELFFile(f) + symtab = elf.get_section_by_name('.symtab') + mains = symtab.get_symbol_by_name(symbol) + if len(mains) != 1: + print ("Failed to find main") + return 1 + + main_addr = mains[0]['st_value'] + main = base + main_addr + print ("0x%016x" % main) + return 0 + +def hex_value(x): + return int(x, 16) + +def main(): + parser = argparse.ArgumentParser(description='Process some integers.') + parser.add_argument('-f', '--file', dest='file', type=str, + help='elf file name', required=True) + parser.add_argument('-s', '--symbol', dest='symbol', type=str, + help='symbol name', required=True) + parser.add_argument('-b', '--base', dest='base', type=hex_value, + help='elf base address', required=True) + + args = parser.parse_args() + return process_file (args.file, args.symbol, args.base) + +if __name__ == "__main__": + ret = main() + exit(ret) diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile index 9f0b31d3..e1c5347d 100644 --- a/frida_mode/test/re2/GNUmakefile +++ b/frida_mode/test/re2/GNUmakefile @@ -2,8 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_SRC=$(PWD)aflpp_qemu_driver_hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)aflpp_qemu_driver_hook.so +AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so LIBRE2_BUILD_DIR:=$(BUILD_DIR)libre2/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -116,11 +115,6 @@ $(TEST_BIN): $(HARNESS_OBJ) $(RE2TEST_OBJ) $(LIBRE2_LIB) $(LDFLAGS) \ $(TEST_BIN_LDFLAGS) \ -########## HOOK ######## - -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) - $(CC) -shared $(CFLAGS) $(LDFLAGS) $< -o $@ - ########## DUMMY ####### $(TEST_DATA_DIR): | $(BUILD_DIR) @@ -131,8 +125,6 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TEST_DATA_DIR) ###### TEST DATA ####### -hook: $(AFLPP_DRIVER_HOOK_OBJ) - clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/re2/Makefile b/frida_mode/test/re2/Makefile index 00b2b287..360cdc44 100644 --- a/frida_mode/test/re2/Makefile +++ b/frida_mode/test/re2/Makefile @@ -18,5 +18,3 @@ frida: debug: @gmake debug -hook: - @gmake hook diff --git a/frida_mode/test/re2/aflpp_qemu_driver_hook.c b/frida_mode/test/re2/aflpp_qemu_driver_hook.c deleted file mode 100644 index 059d438d..00000000 --- a/frida_mode/test/re2/aflpp_qemu_driver_hook.c +++ /dev/null @@ -1,97 +0,0 @@ -#include -#include - -#if defined(__x86_64__) - -struct x86_64_regs { - - uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, - r15; - - union { - - uint64_t rip; - uint64_t pc; - - }; - - union { - - uint64_t rsp; - uint64_t sp; - - }; - - union { - - uint64_t rflags; - uint64_t flags; - - }; - - uint8_t zmm_regs[32][64]; - -}; - -void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - memcpy((void *)regs->rdi, input_buf, input_buf_len); - regs->rsi = input_buf_len; - -} - -#elif defined(__i386__) - -struct x86_regs { - - uint32_t eax, ebx, ecx, edx, edi, esi, ebp; - - union { - - uint32_t eip; - uint32_t pc; - - }; - - union { - - uint32_t esp; - uint32_t sp; - - }; - - union { - - uint32_t eflags; - uint32_t flags; - - }; - - uint8_t xmm_regs[8][16]; - -}; - -void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, - uint8_t *input_buf, uint32_t input_buf_len) { - - void **esp = (void **)regs->esp; - void * arg1 = esp[1]; - void **arg2 = &esp[2]; - memcpy(arg1, input_buf, input_buf_len); - *arg2 = (void *)input_buf_len; - -} - -#else - #pragma error "Unsupported architecture" -#endif - -int afl_persistent_hook_init(void) { - - // 1 for shared memory input (faster), 0 for normal input (you have to use - // read(), input_buf will be NULL) - return 1; - -} - diff --git a/frida_mode/ts/lib/afl.ts b/frida_mode/ts/lib/afl.ts new file mode 100644 index 00000000..6da7fabc --- /dev/null +++ b/frida_mode/ts/lib/afl.ts @@ -0,0 +1,373 @@ +class Afl { + + /** + * Field containing the `Module` object for `afl-frida-trace.so` (the FRIDA mode + * implementation). + */ + public static module: Module = Process.getModuleByName("afl-frida-trace.so"); + + /** + * This is equivalent to setting a value in `AFL_FRIDA_EXCLUDE_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to exclude several ranges. + */ + public static addExcludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddExcludeRange(addressess, size); + } + + /** + * This is equivalent to setting a value in `AFL_FRIDA_INST_RANGES`, + * it takes as arguments a `NativePointer` and a `number`. It can be + * called multiple times to include several ranges. + */ + public static addIncludedRange(addressess: NativePointer, size: number): void { + Afl.jsApiAddIncludeRange(addressess, size); + } + + /** + * This must always be called at the end of your script. This lets + * FRIDA mode know that your configuration is finished and that + * execution has reached the end of your script. Failure to call + * this will result in a fatal error. + */ + public static done(): void { + Afl.jsApiDone(); + } + + /** + * This function can be called within your script to cause FRIDA + * mode to trigger a fatal error. This is useful if for example you + * discover a problem you weren't expecting and want everything to + * stop. The user will need to enable `AFL_DEBUG_CHILD=1` to view + * this error message. + */ + public static error(msg: string): void { + const buf = Memory.allocUtf8String(msg); + Afl.jsApiError(buf); + } + + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the length of + * fuzzing data when using in-memory test case fuzzing. + */ + public static getAflFuzzLen(): NativePointer { + + return Afl.jsApiGetSymbol("__afl_fuzz_len"); + } + + /** + * Function used to provide access to `__afl_fuzz_ptr`, which contains the fuzzing + * data when using in-memory test case fuzzing. + */ + public static getAflFuzzPtr(): NativePointer { + + return Afl.jsApiGetSymbol("__afl_fuzz_ptr"); + } + + /** + * Print a message to the STDOUT. This should be preferred to + * FRIDA's `console.log` since FRIDA will queue it's log messages. + * If `console.log` is used in a callback in particular, then there + * may no longer be a thread running to service this queue. + */ + public static print(msg: string): void { + const STDOUT_FILENO = 2; + const log = `${msg}\n`; + const buf = Memory.allocUtf8String(log); + Afl.jsApiWrite(STDOUT_FILENO, buf, log.length); + } + + /** + * See `AFL_FRIDA_DEBUG_MAPS`. + */ + public static setDebugMaps(): void { + Afl.jsApiSetDebugMaps(); + } + + /** + * This has the same effect as setting `AFL_ENTRYPOINT`, but has the + * convenience of allowing you to use FRIDAs APIs to determine the + * address you would like to configure, rather than having to grep + * the output of `readelf` or something similarly ugly. This + * function should be called with a `NativePointer` as its + * argument. + */ + public static setEntryPoint(address: NativePointer): void { + Afl.jsApiSetEntryPoint(address); + } + + /** + * Function used to enable in-memory test cases for fuzzing. + */ + public static setInMemoryFuzzing(): void { + Afl.jsApiAflSharedMemFuzzing.writeInt(1); + } + + /** + * See `AFL_FRIDA_INST_DEBUG_FILE`. This function takes a single `string` as + * an argument. + */ + public static setInstrumentDebugFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetInstrumentDebugFile(buf); + } + + /** + * See `AFL_FRIDA_INST_TRACE`. + */ + public static setInstrumentEnableTracing(): void { + Afl.jsApiSetInstrumentTrace(); + } + + /** + * See `AFL_INST_LIBS`. + */ + public static setInstrumentLibraries(): void { + Afl.jsApiSetInstrumentLibraries(); + } + + /** + * See `AFL_FRIDA_INST_NO_OPTIMIZE` + */ + public static setInstrumentNoOptimize(): void { + Afl.jsApiSetInstrumentNoOptimize(); + } + + /** + * See `AFL_FRIDA_INST_TRACE_UNIQUE`. + */ + public static setInstrumentTracingUnique(): void { + Afl.jsApiSetInstrumentTraceUnique(); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_ADDR`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentAddress(address: NativePointer): void { + Afl.jsApiSetPersistentAddress(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_CNT`, a + * `number` should be provided as it's argument. + */ + public static setPersistentCount(count: number): void { + Afl.jsApiSetPersistentCount(count); + } + + /** + * See `AFL_FRIDA_PERSISTENT_DEBUG`. + */ + public static setPersistentDebug(): void { + Afl.jsApiSetPersistentDebug(); + } + + /** + * See `AFL_FRIDA_PERSISTENT_ADDR`. This function takes a NativePointer as an + * argument. See above for examples of use. + */ + public static setPersistentHook(address: NativePointer): void { + Afl.jsApiSetPersistentHook(address); + } + + /** + * This is equivalent to setting `AFL_FRIDA_PERSISTENT_RET`, again a + * `NativePointer` should be provided as it's argument. + */ + public static setPersistentReturn(address: NativePointer): void { + Afl.jsApiSetPersistentReturn(address); + } + + /** + * See `AFL_FRIDA_INST_NO_PREFETCH`. + */ + public static setPrefetchDisable(): void { + Afl.jsApiSetPrefetchDisable(); + } + + /* + * Set a function to be called for each instruction which is instrumented + * by AFL FRIDA mode. + */ + public static setStalkerCallback(callback: NativePointer): void { + Afl.jsApiSetStalkerCallback(callback); + } + + /** + * See `AFL_FRIDA_STATS_FILE`. This function takes a single `string` as + * an argument. + */ + public static setStatsFile(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStatsFile(buf); + } + + /** + * See `AFL_FRIDA_STATS_INTERVAL`. This function takes a `number` as an + * argument + */ + public static setStatsInterval(interval: number): void { + Afl.jsApiSetStatsInterval(interval); + } + + /** + * See `AFL_FRIDA_STATS_TRANSITIONS` + */ + public static setStatsTransitions(): void { + Afl.jsApiSetStatsTransitions(); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDERR`. This function takes a single `string` as + * an argument. + */ + public static setStdErr(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdErr(buf); + } + + /** + * See `AFL_FRIDA_OUTPUT_STDOUT`. This function takes a single `string` as + * an argument. + */ + public static setStdOut(file: string): void { + const buf = Memory.allocUtf8String(file); + Afl.jsApiSetStdOut(buf); + } + + private static readonly jsApiAddExcludeRange = Afl.jsApiGetFunction( + "js_api_add_exclude_range", + "void", + ["pointer", "size_t"]); + + private static readonly jsApiAddIncludeRange = Afl.jsApiGetFunction( + "js_api_add_include_range", + "void", + ["pointer", "size_t"]); + + private static readonly jsApiAflSharedMemFuzzing = Afl.jsApiGetSymbol("__afl_sharedmem_fuzzing"); + + private static readonly jsApiDone = Afl.jsApiGetFunction( + "js_api_done", + "void", + []); + + private static readonly jsApiError = Afl.jsApiGetFunction( + "js_api_error", + "void", + ["pointer"]); + + private static readonly jsApiSetDebugMaps = Afl.jsApiGetFunction( + "js_api_set_debug_maps", + "void", + []); + + private static readonly jsApiSetEntryPoint = Afl.jsApiGetFunction( + "js_api_set_entrypoint", + "void", + ["pointer"]); + + private static readonly jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction( + "js_api_set_instrument_debug_file", + "void", + ["pointer"]); + + private static readonly jsApiSetInstrumentLibraries = Afl.jsApiGetFunction( + "js_api_set_instrument_libraries", + "void", + []); + + private static readonly jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction( + "js_api_set_instrument_no_optimize", + "void", + []); + + private static readonly jsApiSetInstrumentTrace = Afl.jsApiGetFunction( + "js_api_set_instrument_trace", + "void", + []); + + private static readonly jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction( + "js_api_set_instrument_trace_unique", + "void", + []); + + private static readonly jsApiSetPersistentAddress = Afl.jsApiGetFunction( + "js_api_set_persistent_address", + "void", + ["pointer"]); + + private static readonly jsApiSetPersistentCount = Afl.jsApiGetFunction( + "js_api_set_persistent_count", + "void", + ["uint64"]); + + private static readonly jsApiSetPersistentDebug = Afl.jsApiGetFunction( + "js_api_set_persistent_debug", + "void", + []); + + private static readonly jsApiSetPersistentHook = Afl.jsApiGetFunction( + "js_api_set_persistent_hook", + "void", + ["pointer"]); + + private static readonly jsApiSetPersistentReturn = Afl.jsApiGetFunction( + "js_api_set_persistent_return", + "void", + ["pointer"]); + + private static readonly jsApiSetPrefetchDisable = Afl.jsApiGetFunction( + "js_api_set_prefetch_disable", + "void", + []); + + private static readonly jsApiSetStalkerCallback = Afl.jsApiGetFunction( + "js_api_set_stalker_callback", + "void", + ["pointer"]); + + private static readonly jsApiSetStatsFile = Afl.jsApiGetFunction( + "js_api_set_stats_file", + "void", + ["pointer"]); + + private static readonly jsApiSetStatsInterval = Afl.jsApiGetFunction( + "js_api_set_stats_interval", + "void", + ["uint64"]); + + private static readonly jsApiSetStatsTransitions = Afl.jsApiGetFunction( + "js_api_set_stats_transitions", + "void", + []); + + private static readonly jsApiSetStdErr = Afl.jsApiGetFunction( + "js_api_set_stderr", + "void", + ["pointer"]); + + private static readonly jsApiSetStdOut = Afl.jsApiGetFunction( + "js_api_set_stdout", + "void", + ["pointer"]); + + private static readonly jsApiWrite = new NativeFunction( + /* tslint:disable-next-line:no-null-keyword */ + Module.getExportByName(null, "write"), + "int", + ["int", "pointer", "int"]); + + private static jsApiGetFunction(name: string, retType: NativeType, argTypes: NativeType[]): NativeFunction { + const addr: NativePointer = Afl.module.getExportByName(name); + + return new NativeFunction(addr, retType, argTypes); + } + + private static jsApiGetSymbol(name: string): NativePointer { + + return Afl.module.getExportByName(name); + } + +} diff --git a/frida_mode/ts/package-lock.json b/frida_mode/ts/package-lock.json new file mode 100644 index 00000000..e766c2c2 --- /dev/null +++ b/frida_mode/ts/package-lock.json @@ -0,0 +1,12 @@ +{ + "requires": true, + "lockfileVersion": 1, + "dependencies": { + "tsc": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/tsc/-/tsc-2.0.3.tgz", + "integrity": "sha512-SN+9zBUtrpUcOpaUO7GjkEHgWtf22c7FKbKCA4e858eEM7Qz86rRDpgOU2lBIDf0fLCsEg65ms899UMUIB2+Ow==", + "dev": true + } + } +} diff --git a/frida_mode/ts/package.json b/frida_mode/ts/package.json new file mode 100644 index 00000000..47b693ed --- /dev/null +++ b/frida_mode/ts/package.json @@ -0,0 +1,32 @@ +{ + "name": "@worksbutnottested/aflplusplus-frida", + "version": "1.0.0", + "description": "AFLplusplus Frida Mode", + "main": "./dist/frida.js", + "types": "./dist/frida.d.ts", + "files": [ + "/dist/" + ], + "repository": { + "type": "git", + "url": "git@github.com:worksbutnottested/AFLplusplus.git" + }, + "publishConfig": { + "cache": "~/.npm", + "registry": "https://npm.pkg.github.com/@worksbutnottested" + }, + "scripts": { + "prepare": "npm run build", + "build": "tsc", + "lint": "tslint -p tslint.json" + }, + "devDependencies": { + "@types/node": "^14.14.2", + "typescript": "^4.0.3", + "typescript-tslint-plugin": "^0.5.5", + "tslint": "^6.1.3" + }, + "dependencies": { + "@types/frida-gum": "^16.2.0" + } + } diff --git a/frida_mode/ts/tsconfig.json b/frida_mode/ts/tsconfig.json new file mode 100644 index 00000000..624e4496 --- /dev/null +++ b/frida_mode/ts/tsconfig.json @@ -0,0 +1,14 @@ +{ + "compilerOptions": { + "target": "es2020", + "lib": ["es2020"], + "strict": true, + "module": "commonjs", + "esModuleInterop": true, + "declaration": true, + "outDir": "./dist" + }, + "include": [ + "lib/**/*" + ] + } diff --git a/frida_mode/ts/tslint.json b/frida_mode/ts/tslint.json new file mode 100644 index 00000000..0e7a77ed --- /dev/null +++ b/frida_mode/ts/tslint.json @@ -0,0 +1,256 @@ +{ + "rules": { + "adjacent-overload-signatures": true, + "ban-types": { + "options": [ + ["Object", "Avoid using the `Object` type. Did you mean `object`?"], + [ + "Function", + "Avoid using the `Function` type. Prefer a specific function type, like `() => void`." + ], + ["Boolean", "Avoid using the `Boolean` type. Did you mean `boolean`?"], + ["Number", "Avoid using the `Number` type. Did you mean `number`?"], + ["String", "Avoid using the `String` type. Did you mean `string`?"], + ["Symbol", "Avoid using the `Symbol` type. Did you mean `symbol`?"] + ] + }, + "ban-ts-ignore": true, + "member-access": { + "options": ["check-accessor", "check-constructor", "check-parameter-property"] + }, + "member-ordering": { + "options": { + "order": "statics-first", + "alphabetize": true + } + }, + "no-any": true, + "no-empty-interface": true, + "no-for-in": true, + "no-import-side-effect": true, + "no-inferrable-types": { "options": ["ignore-params"] }, + "no-internal-module": true, + "no-magic-numbers": true, + "no-namespace": true, + "no-non-null-assertion": true, + "no-reference": true, + "no-restricted-globals": true, + "no-this-assignment": true, + "no-var-requires": true, + "only-arrow-functions": true, + "prefer-for-of": true, + "prefer-readonly": true, + "promise-function-async": true, + "typedef": { + "options": [ + "call-signature", + "parameter", + "property-declaration" + ] + }, + "typedef-whitespace": { + "options": [ + { + "call-signature": "nospace", + "index-signature": "nospace", + "parameter": "nospace", + "property-declaration": "nospace", + "variable-declaration": "nospace" + }, + { + "call-signature": "onespace", + "index-signature": "onespace", + "parameter": "onespace", + "property-declaration": "onespace", + "variable-declaration": "onespace" + } + ] + }, + "unified-signatures": true, + "await-promise": true, + "ban-comma-operator": true, + "curly": true, + "forin": true, + "function-constructor": true, + "label-position": true, + "no-arg": true, + "no-async-without-await": true, + "no-bitwise": true, + "no-conditional-assignment": true, + "no-console": true, + "no-construct": true, + "no-debugger": true, + "no-duplicate-super": true, + "no-duplicate-switch-case": true, + "no-duplicate-variable": { "options": ["check-parameters"] }, + "no-dynamic-delete": true, + "no-empty": true, + "no-eval": true, + "no-floating-promises": true, + "no-for-in-array": true, + "no-implicit-dependencies": true, + "no-inferred-empty-object-type": true, + "no-invalid-template-strings": true, + "no-misused-new": true, + "no-null-keyword": true, + "no-null-undefined-union": true, + "no-object-literal-type-assertion": true, + "no-promise-as-boolean": true, + "no-return-await": true, + "no-shadowed-variable": true, + "no-string-literal": true, + "no-string-throw": true, + "no-sparse-arrays": true, + "no-submodule-imports": true, + "no-tautology-expression": true, + "no-unbound-method": true, + "no-unnecessary-class": { "options": ["allow-empty-class", "allow-static-only"] }, + "no-unsafe-any": false, + "no-unsafe-finally": true, + "no-unused-expression": true, + "no-var-keyword": true, + "no-void-expression": true, + "prefer-conditional-expression": true, + "radix": true, + "restrict-plus-operands": true, + "static-this": true, + "strict-boolean-expressions": true, + "strict-string-expressions": true, + "strict-comparisons": true, + "strict-type-predicates": true, + "switch-default": true, + "triple-equals": true, + "unnecessary-constructor": true, + "use-default-type-parameter": true, + "use-isnan": true, + "cyclomatic-complexity": true, + "eofline": true, + "indent": { "options": ["spaces"] }, + "invalid-void": true, + "linebreak-style": { "options": "LF" }, + "max-classes-per-file": { "options": 1 }, + "max-file-line-count": { "options": 1000 }, + "max-line-length": { + "options": { "limit": 120 } + }, + "no-default-export": true, + "no-default-import": true, + "no-duplicate-imports": true, + "no-irregular-whitespace": true, + "no-mergeable-namespace": true, + "no-parameter-reassignment": true, + "no-require-imports": true, + "no-trailing-whitespace": true, + "object-literal-sort-keys": true, + "prefer-const": true, + "trailing-comma": { + "options": { + "esSpecCompliant": true, + "multiline": "always", + "singleline": "never" + } + }, + "align": { + "options": ["parameters", "arguments", "statements", "elements", "members"] + }, + "array-type": { "options": "array-simple" }, + "arrow-parens": true, + "arrow-return-shorthand": { "options": "multiline" }, + "binary-expression-operand-order": true, + "callable-types": true, + "class-name": true, + "comment-format": { "options": ["check-space", "check-uppercase"] }, + "comment-type": { "options": ["singleline", "multiline", "doc", "directive"] }, + "completed-docs": [ + true, + { + "enums": true, + "methods": {"locations": "all", "privacies": ["public", "protected"]}, + "properties": {"locations": "all", "privacies": ["public", "protected"]} + } + ], + "deprecation": true, + "encoding": true, + "file-name-casing": { "options": "camel-case" }, + "import-spacing": true, + "increment-decrement": true, + "interface-name": true, + "interface-over-type-literal": true, + "jsdoc-format": { "options": "check-multiline-start" }, + "match-default-export-name": true, + "new-parens": true, + "newline-before-return": true, + "newline-per-chained-call": true, + "no-angle-bracket-type-assertion": true, + "no-boolean-literal-compare": true, + "no-consecutive-blank-lines": true, + "no-parameter-properties": true, + "no-redundant-jsdoc": true, + "no-reference-import": true, + "no-unnecessary-callback-wrapper": true, + "no-unnecessary-initializer": true, + "no-unnecessary-qualifier": true, + "no-unnecessary-type-assertion": true, + "number-literal-format": true, + "object-literal-key-quotes": { "options": "consistent-as-needed" }, + "object-literal-shorthand": true, + "one-line": { + "options": [ + "check-catch", + "check-else", + "check-finally", + "check-open-brace", + "check-whitespace" + ] + }, + "one-variable-per-declaration": true, + "ordered-imports": { + "options": { + "grouped-imports": true, + "import-sources-order": "case-insensitive", + "named-imports-order": "case-insensitive", + "module-source-path": "full" + } + }, + "prefer-function-over-method": true, + "prefer-method-signature": true, + "prefer-object-spread": true, + "prefer-switch": true, + "prefer-template": true, + "prefer-while": true, + "quotemark": { + "options": ["double", "avoid-escape", "avoid-template"] + }, + "return-undefined": true, + "semicolon": { "options": ["always"] }, + "space-before-function-paren": { + "options": { + "anonymous": "never", + "asyncArrow": "always", + "constructor": "never", + "method": "never", + "named": "never" + } + }, + "space-within-parens": { "options": 0 }, + "switch-final-break": true, + "type-literal-delimiter": true, + "unnecessary-bind": true, + "unnecessary-else": true, + "variable-name": { "options": ["ban-keywords", "check-format", "require-const-for-all-caps"] }, + "whitespace": { + "options": [ + "check-branch", + "check-decl", + "check-operator", + "check-module", + "check-separator", + "check-type", + "check-typecast", + "check-preblock", + "check-type-operator", + "check-rest-spread" + ] + } + } +} diff --git a/include/afl-fuzz.h b/include/afl-fuzz.h index 2920f905..2e2c78ef 100644 --- a/include/afl-fuzz.h +++ b/include/afl-fuzz.h @@ -519,7 +519,8 @@ typedef struct afl_state { shmem_testcase_mode, /* If sharedmem testcases are used */ expand_havoc, /* perform expensive havoc after no find */ cycle_schedules, /* cycle power schedules? */ - old_seed_selection; /* use vanilla afl seed selection */ + old_seed_selection, /* use vanilla afl seed selection */ + reinit_table; /* reinit the queue weight table */ u8 *virgin_bits, /* Regions yet untouched by fuzzing */ *virgin_tmout, /* Bits we haven't seen in tmouts */ diff --git a/include/envs.h b/include/envs.h index 54bb6597..f89e8e62 100644 --- a/include/envs.h +++ b/include/envs.h @@ -60,7 +60,8 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", "AFL_FRIDA_INST_TRACE", - "AFL_FRIDA_INST_UNSTABLE", + "AFL_FRIDA_INST_TRACE_UNIQUE", + "AFL_FRIDA_JS_SCRIPT", "AFL_FRIDA_OUTPUT_STDOUT", "AFL_FRIDA_OUTPUT_STDERR", "AFL_FRIDA_PERSISTENT_ADDR", diff --git a/include/forkserver.h b/include/forkserver.h index 2baa6f0a..c6f7de00 100644 --- a/include/forkserver.h +++ b/include/forkserver.h @@ -54,6 +54,7 @@ typedef struct afl_forkserver { u32 exec_tmout; /* Configurable exec timeout (ms) */ u32 init_tmout; /* Configurable init timeout (ms) */ u32 map_size; /* map size used by the target */ + u32 real_map_size; /* real map size, unaligned */ u32 snapshot; /* is snapshot feature used */ u64 mem_limit; /* Memory cap for child (MB) */ diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 50117012..3f518b55 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -271,12 +271,6 @@ static void __afl_map_shm(void) { if (__afl_final_loc) { - if (__afl_final_loc % 64) { - - __afl_final_loc = (((__afl_final_loc + 63) >> 6) << 6); - - } - __afl_map_size = __afl_final_loc; if (__afl_final_loc > MAP_SIZE) { @@ -623,6 +617,7 @@ static void __afl_unmap_shm(void) { #endif __afl_cmp_map = NULL; + __afl_cmp_map_backup = NULL; } @@ -632,7 +627,7 @@ static void __afl_unmap_shm(void) { #define write_error(text) write_error_with_location(text, __FILE__, __LINE__) -void write_error_with_location(char *text, char* filename, int linenumber) { +void write_error_with_location(char *text, char *filename, int linenumber) { u8 * o = getenv("__AFL_OUT_DIR"); char *e = strerror(errno); @@ -645,14 +640,16 @@ void write_error_with_location(char *text, char* filename, int linenumber) { if (f) { - fprintf(f, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); + fprintf(f, "File %s, line %d: Error(%s): %s\n", filename, linenumber, + text, e); fclose(f); } } - fprintf(stderr, "File %s, line %d: Error(%s): %s\n", filename, linenumber, text, e); + fprintf(stderr, "File %s, line %d: Error(%s): %s\n", filename, linenumber, + text, e); } @@ -1019,7 +1016,7 @@ static void __afl_start_forkserver(void) { if (read(FORKSRV_FD, &was_killed, 4) != 4) { - write_error("read from afl-fuzz"); + // write_error("read from afl-fuzz"); _exit(1); } @@ -1690,7 +1687,7 @@ void __cmplog_ins_hookN(uint128_t arg1, uint128_t arg2, uint8_t attr, void __cmplog_ins_hook16(uint128_t arg1, uint128_t arg2, uint8_t attr) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; uintptr_t k = (uintptr_t)__builtin_return_address(0); k = (k >> 4) ^ (k << 8); @@ -1794,7 +1791,7 @@ void __sanitizer_cov_trace_const_cmp16(uint128_t arg1, uint128_t arg2) { void __sanitizer_cov_trace_switch(uint64_t val, uint64_t *cases) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; for (uint64_t i = 0; i < cases[0]; i++) { @@ -1891,7 +1888,7 @@ void __cmplog_rtn_hook(u8 *ptr1, u8 *ptr2) { fprintf(stderr, "\n"); */ - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; // fprintf(stderr, "RTN1 %p %p\n", ptr1, ptr2); int l1, l2; if ((l1 = area_is_valid(ptr1, 32)) <= 0 || @@ -1975,7 +1972,7 @@ static u8 *get_llvm_stdstring(u8 *string) { void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0) return; @@ -1985,7 +1982,7 @@ void __cmplog_rtn_gcc_stdstring_cstring(u8 *stdstring, u8 *cstring) { void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0) return; @@ -1996,7 +1993,7 @@ void __cmplog_rtn_gcc_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring, 32) <= 0 || area_is_valid(cstring, 32) <= 0) return; @@ -2006,7 +2003,7 @@ void __cmplog_rtn_llvm_stdstring_cstring(u8 *stdstring, u8 *cstring) { void __cmplog_rtn_llvm_stdstring_stdstring(u8 *stdstring1, u8 *stdstring2) { - if (unlikely(!__afl_cmp_map)) return; + if (likely(!__afl_cmp_map)) return; if (area_is_valid(stdstring1, 32) <= 0 || area_is_valid(stdstring2, 32) <= 0) return; @@ -2040,7 +2037,7 @@ void __afl_coverage_on() { if (likely(__afl_selective_coverage && __afl_selective_coverage_temp)) { __afl_area_ptr = __afl_area_ptr_backup; - __afl_cmp_map = __afl_cmp_map_backup; + if (__afl_cmp_map_backup) { __afl_cmp_map = __afl_cmp_map_backup; } } @@ -2082,3 +2079,4 @@ void __afl_coverage_interesting(u8 val, u32 id) { } #undef write_error + diff --git a/instrumentation/split-compares-pass.so.cc b/instrumentation/split-compares-pass.so.cc index 68f6c329..13f45b69 100644 --- a/instrumentation/split-compares-pass.so.cc +++ b/instrumentation/split-compares-pass.so.cc @@ -1397,11 +1397,13 @@ bool SplitComparesTransform::runOnModule(Module &M) { } bool brokenDebug = false; - if (verifyModule( M, &errs() -#if LLVM_VERSION_MAJOR > 3 || (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) - ,&brokenDebug // 9th May 2016 + if (verifyModule(M, &errs() +#if LLVM_VERSION_MAJOR > 3 || \ + (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR >= 9) + , + &brokenDebug // 9th May 2016 #endif - )) { + )) { reportError( "Module Verifier failed! Consider reporting a bug with the AFL++ " diff --git a/src/afl-forkserver.c b/src/afl-forkserver.c index 3d472b36..5e8fb9b5 100644 --- a/src/afl-forkserver.c +++ b/src/afl-forkserver.c @@ -90,6 +90,7 @@ void afl_fsrv_init(afl_forkserver_t *fsrv) { /* exec related stuff */ fsrv->child_pid = -1; fsrv->map_size = get_map_size(); + fsrv->real_map_size = fsrv->map_size; fsrv->use_fauxsrv = false; fsrv->last_run_timed_out = false; fsrv->debug = false; @@ -110,6 +111,7 @@ void afl_fsrv_init_dup(afl_forkserver_t *fsrv_to, afl_forkserver_t *from) { fsrv_to->init_tmout = from->init_tmout; fsrv_to->mem_limit = from->mem_limit; fsrv_to->map_size = from->map_size; + fsrv_to->real_map_size = from->real_map_size; fsrv_to->support_shmem_fuzz = from->support_shmem_fuzz; fsrv_to->out_file = from->out_file; fsrv_to->dev_urandom_fd = from->dev_urandom_fd; @@ -416,8 +418,7 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, struct rlimit r; - if (!fsrv->cmplog_binary && fsrv->qemu_mode == false && - fsrv->frida_mode == false) { + if (!fsrv->cmplog_binary) { unsetenv(CMPLOG_SHM_ENV_VAR); // we do not want that in non-cmplog fsrv @@ -691,15 +692,15 @@ void afl_fsrv_start(afl_forkserver_t *fsrv, char **argv, if (!fsrv->map_size) { fsrv->map_size = MAP_SIZE; } - if (unlikely(tmp_map_size % 64)) { + fsrv->real_map_size = tmp_map_size; + + if (tmp_map_size % 64) { - // should not happen - WARNF("Target reported non-aligned map size of %u", tmp_map_size); tmp_map_size = (((tmp_map_size + 63) >> 6) << 6); } - if (!be_quiet) { ACTF("Target map size: %u", tmp_map_size); } + if (!be_quiet) { ACTF("Target map size: %u", fsrv->real_map_size); } if (tmp_map_size > fsrv->map_size) { FATAL( diff --git a/src/afl-fuzz-init.c b/src/afl-fuzz-init.c index 872e3a32..5e4f1585 100644 --- a/src/afl-fuzz-init.c +++ b/src/afl-fuzz-init.c @@ -710,96 +710,103 @@ void read_testcases(afl_state_t *afl, u8 *directory) { } - for (i = 0; i < (u32)nl_cnt; ++i) { + if (nl_cnt) { - struct stat st; + i = nl_cnt; + do { - u8 dfn[PATH_MAX]; - snprintf(dfn, PATH_MAX, "%s/.state/deterministic_done/%s", afl->in_dir, - nl[i]->d_name); - u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name); + --i; - u8 passed_det = 0; + struct stat st; + u8 dfn[PATH_MAX]; + snprintf(dfn, PATH_MAX, "%s/.state/deterministic_done/%s", afl->in_dir, + nl[i]->d_name); + u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name); - if (lstat(fn2, &st) || access(fn2, R_OK)) { + u8 passed_det = 0; - PFATAL("Unable to access '%s'", fn2); + if (lstat(fn2, &st) || access(fn2, R_OK)) { - } + PFATAL("Unable to access '%s'", fn2); - /* obviously we want to skip "descending" into . and .. directories, - however it is a good idea to skip also directories that start with - a dot */ - if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') { + } - free(nl[i]); /* not tracked */ - read_testcases(afl, fn2); - ck_free(fn2); - continue; + /* obviously we want to skip "descending" into . and .. directories, + however it is a good idea to skip also directories that start with + a dot */ + if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') { - } + free(nl[i]); /* not tracked */ + read_testcases(afl, fn2); + ck_free(fn2); + continue; - free(nl[i]); + } - if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) { + free(nl[i]); - ck_free(fn2); - continue; + if (!S_ISREG(st.st_mode) || !st.st_size || strstr(fn2, "/README.txt")) { - } + ck_free(fn2); + continue; - if (st.st_size > MAX_FILE) { + } - WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2, - stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), - stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); + if (st.st_size > MAX_FILE) { - } + WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", + fn2, + stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), + stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); - /* Check for metadata that indicates that deterministic fuzzing - is complete for this entry. We don't want to repeat deterministic - fuzzing when resuming aborted scans, because it would be pointless - and probably very time-consuming. */ + } - if (!access(dfn, F_OK)) { passed_det = 1; } + /* Check for metadata that indicates that deterministic fuzzing + is complete for this entry. We don't want to repeat deterministic + fuzzing when resuming aborted scans, because it would be pointless + and probably very time-consuming. */ - add_to_queue(afl, fn2, st.st_size >= MAX_FILE ? MAX_FILE : st.st_size, - passed_det); + if (!access(dfn, F_OK)) { passed_det = 1; } - if (unlikely(afl->shm.cmplog_mode)) { + add_to_queue(afl, fn2, st.st_size >= MAX_FILE ? MAX_FILE : st.st_size, + passed_det); - if (afl->cmplog_lvl == 1) { + if (unlikely(afl->shm.cmplog_mode)) { - if (!afl->cmplog_max_filesize || - afl->cmplog_max_filesize < st.st_size) { + if (afl->cmplog_lvl == 1) { - afl->cmplog_max_filesize = st.st_size; + if (!afl->cmplog_max_filesize || + afl->cmplog_max_filesize < st.st_size) { - } + afl->cmplog_max_filesize = st.st_size; - } else if (afl->cmplog_lvl == 2) { + } - if (!afl->cmplog_max_filesize || - afl->cmplog_max_filesize > st.st_size) { + } else if (afl->cmplog_lvl == 2) { - afl->cmplog_max_filesize = st.st_size; + if (!afl->cmplog_max_filesize || + afl->cmplog_max_filesize > st.st_size) { + + afl->cmplog_max_filesize = st.st_size; + + } } } - } + /* + if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) { - /* - if (unlikely(afl->schedule >= FAST && afl->schedule <= RARE)) { + u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, + HASH_CONST); afl->queue_top->n_fuzz_entry = cksum % N_FUZZ_SIZE; + afl->n_fuzz[afl->queue_top->n_fuzz_entry] = 1; - u64 cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, - HASH_CONST); afl->queue_top->n_fuzz_entry = cksum % N_FUZZ_SIZE; - afl->n_fuzz[afl->queue_top->n_fuzz_entry] = 1; + } - } + */ - */ + } while (i > 0); } diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 11adebf4..f03249e9 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2862,6 +2862,7 @@ abandon_entry: --afl->pending_not_fuzzed; afl->queue_cur->was_fuzzed = 1; + afl->reinit_table = 1; if (afl->queue_cur->favored) { --afl->pending_favored; } } diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index 811e805c..d2689c94 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -58,7 +58,8 @@ double compute_weight(afl_state_t *afl, struct queue_entry *q, if (likely(afl->schedule < RARE)) { weight *= (avg_exec_us / q->exec_us); } weight *= (log(q->bitmap_size) / avg_bitmap_size); weight *= (1 + (q->tc_ref / avg_top_size)); - if (unlikely(q->favored)) weight *= 5; + if (unlikely(q->favored)) { weight *= 5; } + if (unlikely(!q->was_fuzzed)) { weight *= 2; } return weight; @@ -198,6 +199,8 @@ void create_alias_table(afl_state_t *afl) { while (nS) afl->alias_probability[S[--nS]] = 1; + afl->reinit_table = 0; + /* #ifdef INTROSPECTION u8 fn[PATH_MAX]; diff --git a/src/afl-fuzz-stats.c b/src/afl-fuzz-stats.c index 9648d795..e0930234 100644 --- a/src/afl-fuzz-stats.c +++ b/src/afl-fuzz-stats.c @@ -264,6 +264,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, "peak_rss_mb : %lu\n" "cpu_affinity : %d\n" "edges_found : %u\n" + "total_edges : %u\n" "var_byte_count : %u\n" "havoc_expansion : %u\n" "testcache_size : %llu\n" @@ -303,10 +304,10 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, #else -1, #endif - t_bytes, afl->var_byte_count, afl->expand_havoc, - afl->q_testcase_cache_size, afl->q_testcase_cache_count, - afl->q_testcase_evictions, afl->use_banner, - afl->unicorn_mode ? "unicorn" : "", + t_bytes, afl->fsrv.real_map_size, afl->var_byte_count, + afl->expand_havoc, afl->q_testcase_cache_size, + afl->q_testcase_cache_count, afl->q_testcase_evictions, + afl->use_banner, afl->unicorn_mode ? "unicorn" : "", afl->fsrv.qemu_mode ? "qemu " : "", afl->non_instrumented_mode ? " non_instrumented " : "", afl->no_forkserver ? "no_fsrv " : "", afl->crash_mode ? "crash " : "", @@ -326,7 +327,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, u32 i = 0; fprintf(f, "virgin_bytes :"); - for (i = 0; i < afl->fsrv.map_size; i++) { + for (i = 0; i < afl->fsrv.real_map_size; i++) { if (afl->virgin_bits[i] != 0xff) { @@ -338,7 +339,7 @@ void write_stats_file(afl_state_t *afl, u32 t_bytes, double bitmap_cvg, fprintf(f, "\n"); fprintf(f, "var_bytes :"); - for (i = 0; i < afl->fsrv.map_size; i++) { + for (i = 0; i < afl->fsrv.real_map_size; i++) { if (afl->var_bytes[i]) { fprintf(f, " %u", i); } @@ -520,7 +521,7 @@ void show_stats(afl_state_t *afl) { /* Do some bitmap stats. */ t_bytes = count_non_255_bytes(afl, afl->virgin_bits); - t_byte_ratio = ((double)t_bytes * 100) / afl->fsrv.map_size; + t_byte_ratio = ((double)t_bytes * 100) / afl->fsrv.real_map_size; if (likely(t_bytes) && unlikely(afl->var_byte_count)) { @@ -781,7 +782,7 @@ void show_stats(afl_state_t *afl) { SAYF(bV bSTOP " now processing : " cRST "%-18s " bSTG bV bSTOP, tmp); sprintf(tmp, "%0.02f%% / %0.02f%%", - ((double)afl->queue_cur->bitmap_size) * 100 / afl->fsrv.map_size, + ((double)afl->queue_cur->bitmap_size) * 100 / afl->fsrv.real_map_size, t_byte_ratio); SAYF(" map density : %s%-19s" bSTG bV "\n", diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index e9a67ac5..bd9b6691 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -125,7 +125,7 @@ static void usage(u8 *argv0, int more_help) { "entering the\n" " pacemaker mode (minutes of no new paths). 0 = " "immediately,\n" - " -1 = immediately and together with normal mutation).\n" + " -1 = immediately and together with normal mutation.\n" " See docs/README.MOpt.md\n" " -c program - enable CmpLog by specifying a binary compiled for " "it.\n" @@ -1911,7 +1911,12 @@ int main(int argc, char **argv_orig, char **envp) { if (unlikely(afl->old_seed_selection)) seek_to = find_start_position(afl); afl->start_time = get_cur_time(); - if (afl->in_place_resume || afl->afl_env.afl_autoresume) load_stats_file(afl); + if (afl->in_place_resume || afl->afl_env.afl_autoresume) { + + load_stats_file(afl); + + } + write_stats_file(afl, 0, 0, 0, 0); maybe_update_plot_file(afl, 0, 0, 0); save_auto(afl); @@ -2149,7 +2154,8 @@ int main(int argc, char **argv_orig, char **envp) { if (likely(!afl->old_seed_selection)) { - if (unlikely(prev_queued_paths < afl->queued_paths)) { + if (unlikely(prev_queued_paths < afl->queued_paths || + afl->reinit_table)) { // we have new queue entries since the last run, recreate alias table prev_queued_paths = afl->queued_paths; diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 96b72dd9..936d3bc4 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -67,6 +67,8 @@ static char *stdin_file; /* stdin file */ static u8 *in_dir = NULL, /* input folder */ *out_file = NULL, *at_file = NULL; /* Substitution string for @@ */ +static u8 outfile[PATH_MAX]; + static u8 *in_data, /* Input data */ *coverage_map; /* Coverage map */ @@ -88,7 +90,8 @@ static bool quiet_mode, /* Hide non-essential messages? */ have_coverage, /* have coverage? */ no_classify, /* do not classify counts */ debug, /* debug mode */ - print_filenames; /* print the current filename */ + print_filenames, /* print the current filename */ + wait_for_gdb; static volatile u8 stop_soon, /* Ctrl-C pressed? */ child_crashed; /* Child crashed? */ @@ -230,7 +233,11 @@ static u32 write_results_to_file(afl_forkserver_t *fsrv, u8 *outfile) { u8 cco = !!getenv("AFL_CMIN_CRASHES_ONLY"), caa = !!getenv("AFL_CMIN_ALLOW_ANY"); - if (!outfile) { FATAL("Output filename not set (Bug in AFL++?)"); } + if (!outfile || !*outfile) { + + FATAL("Output filename not set (Bug in AFL++?)"); + + } if (cmin_mode && (fsrv->last_run_timed_out || (!caa && child_crashed != cco))) { @@ -692,6 +699,96 @@ static void setup_signal_handlers(void) { } +u32 execute_testcases(u8 *dir) { + + struct dirent **nl; + s32 nl_cnt, subdirs = 1; + u32 i, done = 0; + u8 val_buf[2][STRINGIFY_VAL_SIZE_MAX]; + + if (!be_quiet) { ACTF("Scanning '%s'...", dir); } + + /* We use scandir() + alphasort() rather than readdir() because otherwise, + the ordering of test cases would vary somewhat randomly and would be + difficult to control. */ + + nl_cnt = scandir(dir, &nl, NULL, alphasort); + + if (nl_cnt < 0) { return 0; } + + for (i = 0; i < (u32)nl_cnt; ++i) { + + struct stat st; + + u8 *fn2 = alloc_printf("%s/%s", dir, nl[i]->d_name); + + if (lstat(fn2, &st) || access(fn2, R_OK)) { + + PFATAL("Unable to access '%s'", fn2); + + } + + /* obviously we want to skip "descending" into . and .. directories, + however it is a good idea to skip also directories that start with + a dot */ + if (subdirs && S_ISDIR(st.st_mode) && nl[i]->d_name[0] != '.') { + + free(nl[i]); /* not tracked */ + done += execute_testcases(fn2); + ck_free(fn2); + continue; + + } + + if (!S_ISREG(st.st_mode) || !st.st_size) { + + free(nl[i]); + ck_free(fn2); + continue; + + } + + if (st.st_size > MAX_FILE && !be_quiet) { + + WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2, + stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), + stringify_mem_size(val_buf[1], sizeof(val_buf[1]), MAX_FILE)); + + } + + if (!collect_coverage) + snprintf(outfile, sizeof(outfile), "%s/%s", out_file, nl[i]->d_name); + + free(nl[i]); + + if (read_file(fn2)) { + + if (wait_for_gdb) { + + fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); + fprintf(stderr, "exec: kill -CONT %d\n", getpid()); + kill(0, SIGSTOP); + + } + + showmap_run_target_forkserver(fsrv, in_data, in_len); + ck_free(in_data); + ++done; + + if (collect_coverage) + analyze_results(fsrv); + else + tcnt = write_results_to_file(fsrv, outfile); + + } + + } + + free(nl); /* not tracked */ + return done; + +} + /* Show banner. */ static void show_banner(void) { @@ -710,31 +807,31 @@ static void usage(u8 *argv0) { "\n%s [ options ] -- /path/to/target_app [ ... ]\n\n" "Required parameters:\n" - " -o file - file to write the trace data to\n\n" + " -o file - file to write the trace data to\n\n" "Execution control settings:\n" - " -t msec - timeout for each run (none)\n" - " -m megs - memory limit for child process (%u MB)\n" - " -O - use binary-only instrumentation (FRIDA mode)\n" - " -Q - use binary-only instrumentation (QEMU mode)\n" - " -U - use Unicorn-based instrumentation (Unicorn mode)\n" - " -W - use qemu-based instrumentation with Wine (Wine mode)\n" - " (Not necessary, here for consistency with other afl-* " + " -t msec - timeout for each run (none)\n" + " -m megs - memory limit for child process (%u MB)\n" + " -O - use binary-only instrumentation (FRIDA mode)\n" + " -Q - use binary-only instrumentation (QEMU mode)\n" + " -U - use Unicorn-based instrumentation (Unicorn mode)\n" + " -W - use qemu-based instrumentation with Wine (Wine mode)\n" + " (Not necessary, here for consistency with other afl-* " "tools)\n\n" "Other settings:\n" - " -i dir - process all files in this directory, must be combined " + " -i dir - process all files below this directory, must be combined " "with -o.\n" - " With -C, -o is a file, without -C it must be a " + " With -C, -o is a file, without -C it must be a " "directory\n" - " and each bitmap will be written there individually.\n" - " -C - collect coverage, writes all edges to -o and gives a " + " and each bitmap will be written there individually.\n" + " -C - collect coverage, writes all edges to -o and gives a " "summary\n" - " Must be combined with -i.\n" - " -q - sink program's output and don't show messages\n" - " -e - show edge coverage only, ignore hit counts\n" - " -r - show real tuple values instead of AFL filter values\n" - " -s - do not classify the map\n" - " -c - allow core dumps\n\n" + " Must be combined with -i.\n" + " -q - sink program's output and don't show messages\n" + " -e - show edge coverage only, ignore hit counts\n" + " -r - show real tuple values instead of AFL filter values\n" + " -s - do not classify the map\n" + " -c - allow core dumps\n\n" "This tool displays raw tuple data captured by AFL instrumentation.\n" "For additional help, consult %s/README.md.\n\n" @@ -1136,15 +1233,7 @@ int main(int argc, char **argv_orig, char **envp) { if (in_dir) { - DIR * dir_in, *dir_out = NULL; - struct dirent **file_list; - - // int done = 0; - u8 infile[PATH_MAX], outfile[PATH_MAX]; - u8 wait_for_gdb = 0; -#if !defined(DT_REG) - struct stat statbuf; -#endif + DIR *dir_in, *dir_out = NULL; if (getenv("AFL_DEBUG_GDB")) wait_for_gdb = true; @@ -1177,7 +1266,7 @@ int main(int argc, char **argv_orig, char **envp) { } else { - if ((coverage_map = (u8 *)malloc(map_size)) == NULL) + if ((coverage_map = (u8 *)malloc(map_size + 64)) == NULL) FATAL("coult not grab memory"); edges_only = false; raw_instr_output = true; @@ -1245,65 +1334,12 @@ int main(int argc, char **argv_orig, char **envp) { if (fsrv->support_shmem_fuzz && !fsrv->use_shmem_fuzz) shm_fuzz = deinit_shmem(fsrv, shm_fuzz); - int file_count = scandir(in_dir, &file_list, NULL, alphasort); - if (file_count < 0) { + if (execute_testcases(in_dir) == 0) { - PFATAL("Failed to read from input dir at %s\n", in_dir); + FATAL("could not read input testcases from %s", in_dir); } - for (int i = 0; i < file_count; i++) { - - struct dirent *dir_ent = file_list[i]; - - if (dir_ent->d_name[0] == '.') { - - continue; // skip anything that starts with '.' - - } - -#if defined(DT_REG) /* Posix and Solaris do not know d_type and DT_REG */ - if (dir_ent->d_type != DT_REG) { - - continue; // only regular files - - } - -#endif - - snprintf(infile, sizeof(infile), "%s/%s", in_dir, dir_ent->d_name); - -#if !defined(DT_REG) /* use stat() */ - if (-1 == stat(infile, &statbuf) || !S_ISREG(statbuf.st_mode)) continue; -#endif - - if (!collect_coverage) - snprintf(outfile, sizeof(outfile), "%s/%s", out_file, dir_ent->d_name); - - if (read_file(infile)) { - - if (wait_for_gdb) { - - fprintf(stderr, "exec: gdb -p %d\n", fsrv->child_pid); - fprintf(stderr, "exec: kill -CONT %d\n", getpid()); - kill(0, SIGSTOP); - - } - - showmap_run_target_forkserver(fsrv, in_data, in_len); - ck_free(in_data); - if (collect_coverage) - analyze_results(fsrv); - else - tcnt = write_results_to_file(fsrv, outfile); - - } - - } - - free(file_list); - file_list = NULL; - if (!quiet_mode) { OKF("Processed %llu input files.", fsrv->total_execs); } if (dir_out) { closedir(dir_out); } diff --git a/test/test-int_cases.c b/test/test-int_cases.c index c76206c5..93848d21 100644 --- a/test/test-int_cases.c +++ b/test/test-int_cases.c @@ -13,7 +13,7 @@ int main() { volatile INT_TYPE a, b; /* different values */ a = -21; - b = -2; /* signs equal */ + b = -2; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -22,7 +22,7 @@ int main() { assert(!(a == b)); a = 1; - b = 8; /* signs equal */ + b = 8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -30,10 +30,10 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ + if ((unsigned)(INT_TYPE)(~0) > 255) { /* short or bigger */ volatile short a, b; a = 2; - b = 256+1; /* signs equal */ + b = 256 + 1; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -42,7 +42,7 @@ int main() { assert(!(a == b)); a = -1 - 256; - b = -8; /* signs equal */ + b = -8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -50,10 +50,10 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ + if ((unsigned)(INT_TYPE)(~0) > 65535) { /* int or bigger */ volatile int a, b; a = 2; - b = 65536+1; /* signs equal */ + b = 65536 + 1; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -62,7 +62,7 @@ int main() { assert(!(a == b)); a = -1 - 65536; - b = -8; /* signs equal */ + b = -8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -70,10 +70,10 @@ int main() { assert((a != b)); assert(!(a == b)); - if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ + if ((unsigned)(INT_TYPE)(~0) > 4294967295) { /* long or bigger */ volatile long a, b; a = 2; - b = 4294967296+1; /* signs equal */ + b = 4294967296 + 1; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -82,7 +82,7 @@ int main() { assert(!(a == b)); a = -1 - 4294967296; - b = -8; /* signs equal */ + b = -8; /* signs equal */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -91,11 +91,13 @@ int main() { assert(!(a == b)); } + } + } a = -1; - b = 1; /* signs differ */ + b = 1; /* signs differ */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -104,7 +106,7 @@ int main() { assert(!(a == b)); a = -1; - b = 0; /* signs differ */ + b = 0; /* signs differ */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -113,7 +115,7 @@ int main() { assert(!(a == b)); a = -2; - b = 8; /* signs differ */ + b = 8; /* signs differ */ assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -122,7 +124,7 @@ int main() { assert(!(a == b)); a = -1; - b = -2; /* signs equal */ + b = -2; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -131,7 +133,7 @@ int main() { assert(!(a == b)); a = 8; - b = 1; /* signs equal */ + b = 1; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -140,9 +142,10 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; a = 1 + 256; - b = 3; /* signs equal */ + b = 3; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -151,7 +154,7 @@ int main() { assert(!(a == b)); a = -1; - b = -256; /* signs equal */ + b = -256; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -160,9 +163,10 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; a = 1 + 65536; - b = 3; /* signs equal */ + b = 3; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -171,7 +175,7 @@ int main() { assert(!(a == b)); a = -1; - b = -65536; /* signs equal */ + b = -65536; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -180,30 +184,34 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; a = 1 + 4294967296; - b = 3; /* signs equal */ + b = 3; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - + a = -1; - b = -4294967296; /* signs equal */ + b = -4294967296; /* signs equal */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); + } + } + } a = 1; - b = -1; /* signs differ */ + b = -1; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -212,7 +220,7 @@ int main() { assert(!(a == b)); a = 0; - b = -1; /* signs differ */ + b = -1; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -221,7 +229,7 @@ int main() { assert(!(a == b)); a = 8; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -230,7 +238,7 @@ int main() { assert(!(a == b)); a = 1; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -239,9 +247,10 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; a = 1 + 256; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -250,7 +259,7 @@ int main() { assert(!(a == b)); a = -1; - b = -2 - 256; /* signs differ */ + b = -2 - 256; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -259,18 +268,19 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; a = 1 + 65536; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - + a = -1; - b = -2 - 65536; /* signs differ */ + b = -2 - 65536; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -279,18 +289,19 @@ int main() { assert(!(a == b)); if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; a = 1 + 4294967296; - b = -2; /* signs differ */ + b = -2; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - + a = -1; - b = -2 - 4294967296; /* signs differ */ + b = -2 - 4294967296; /* signs differ */ assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -299,7 +310,9 @@ int main() { assert(!(a == b)); } + } + } /* equal values */ @@ -358,6 +371,7 @@ int main() { assert((a == b)); if ((unsigned)(INT_TYPE)(~0) > 255) { + volatile short a, b; a = 1 + 256; b = 1 + 256; @@ -378,6 +392,7 @@ int main() { assert((a == b)); if ((unsigned)(INT_TYPE)(~0) > 65535) { + volatile int a, b; a = 1 + 65536; b = 1 + 65536; @@ -387,7 +402,7 @@ int main() { assert((a >= b)); assert(!(a != b)); assert((a == b)); - + a = -2 - 65536; b = -2 - 65536; assert(!(a < b)); @@ -398,6 +413,7 @@ int main() { assert((a == b)); if ((unsigned)(INT_TYPE)(~0) > 4294967295) { + volatile long a, b; a = 1 + 4294967296; b = 1 + 4294967296; @@ -407,7 +423,7 @@ int main() { assert((a >= b)); assert(!(a != b)); assert((a == b)); - + a = -2 - 4294967296; b = -2 - 4294967296; assert(!(a < b)); @@ -416,9 +432,12 @@ int main() { assert((a >= b)); assert(!(a != b)); assert((a == b)); - + } + } + } + } diff --git a/test/test-llvm.sh b/test/test-llvm.sh index 8090e176..aa40c5ed 100755 --- a/test/test-llvm.sh +++ b/test/test-llvm.sh @@ -191,7 +191,7 @@ test -e ../afl-clang-fast -a -e ../split-switches-pass.so && { for I in char short int long "long long"; do for BITS in 8 16 32 64; do bin="$testcase-split-$I-$BITS.compcov" - AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; + AFL_LLVM_INSTRUMENT=AFL AFL_DEBUG=1 AFL_LLVM_LAF_SPLIT_COMPARES_BITW=$BITS AFL_LLVM_LAF_SPLIT_COMPARES=1 ../afl-clang-fast -fsigned-char -DINT_TYPE="$I" -o "$bin" "$testcase" > test.out 2>&1; if ! test -e "$bin"; then cat test.out $ECHO "$RED[!] llvm_mode laf-intel/compcov integer splitting failed! ($testcase with type $I split to $BITS)!"; diff --git a/test/test-uint_cases.c b/test/test-uint_cases.c index a277e28a..bb57f408 100644 --- a/test/test-uint_cases.c +++ b/test/test-uint_cases.c @@ -22,9 +22,10 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; - a = 256+2; - b = 256+21; + a = 256 + 2; + b = 256 + 21; assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -33,7 +34,7 @@ int main() { assert(!(a == b)); a = 21; - b = 256+1; + b = 256 + 1; assert((a < b)); assert((a <= b)); assert(!(a > b)); @@ -42,46 +43,51 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; - a = 65536+2; - b = 65536+21; + a = 65536 + 2; + b = 65536 + 21; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); - + a = 21; - b = 65536+1; + b = 65536 + 1; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); + } if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; - a = 4294967296+2; - b = 4294967296+21; + a = 4294967296 + 2; + b = 4294967296 + 21; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); - + a = 21; - b = 4294967296+1; + b = 4294967296 + 1; assert((a < b)); assert((a <= b)); assert(!(a > b)); assert(!(a >= b)); assert((a != b)); assert(!(a == b)); + } + } a = 8; @@ -94,9 +100,10 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; - a = 256+2; - b = 256+1; + a = 256 + 2; + b = 256 + 1; assert((a > b)); assert((a >= b)); assert(!(a < b)); @@ -104,7 +111,7 @@ int main() { assert((a != b)); assert(!(a == b)); - a = 256+2; + a = 256 + 2; b = 6; assert((a > b)); assert((a >= b)); @@ -114,17 +121,18 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; - a = 65536+2; - b = 65536+1; + a = 65536 + 2; + b = 65536 + 1; assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - - a = 65536+2; + + a = 65536 + 2; b = 6; assert((a > b)); assert((a >= b)); @@ -134,17 +142,18 @@ int main() { assert(!(a == b)); if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; - a = 4294967296+2; - b = 4294967296+1; + a = 4294967296 + 2; + b = 4294967296 + 1; assert((a > b)); assert((a >= b)); assert(!(a < b)); assert(!(a <= b)); assert((a != b)); assert(!(a == b)); - - a = 4294967296+2; + + a = 4294967296 + 2; b = 6; assert((a > b)); assert((a >= b)); @@ -154,9 +163,10 @@ int main() { assert(!(a == b)); } - } - } + } + + } a = 0; b = 0; @@ -177,9 +187,10 @@ int main() { assert((a == b)); if ((INT_TYPE)(~0) > 255) { + volatile unsigned short a, b; - a = 256+5; - b = 256+5; + a = 256 + 5; + b = 256 + 5; assert(!(a < b)); assert((a <= b)); assert(!(a > b)); @@ -188,9 +199,10 @@ int main() { assert((a == b)); if ((INT_TYPE)(~0) > 65535) { + volatile unsigned int a, b; - a = 65536+5; - b = 65536+5; + a = 65536 + 5; + b = 65536 + 5; assert(!(a < b)); assert((a <= b)); assert(!(a > b)); @@ -199,16 +211,19 @@ int main() { assert((a == b)); if ((INT_TYPE)(~0) > 4294967295) { + volatile unsigned long a, b; - a = 4294967296+5; - b = 4294967296+5; + a = 4294967296 + 5; + b = 4294967296 + 5; assert(!(a < b)); assert((a <= b)); assert(!(a > b)); assert((a >= b)); assert(!(a != b)); assert((a == b)); + } + } } diff --git a/unicorn_mode/UNICORNAFL_VERSION b/unicorn_mode/UNICORNAFL_VERSION index ffcf3b4c..5db24eec 100644 --- a/unicorn_mode/UNICORNAFL_VERSION +++ b/unicorn_mode/UNICORNAFL_VERSION @@ -1 +1 @@ -019b871539fe9ed3f41d882385a8b02c243d49ad +0d82727f2b477de82fa355edef9bc158bd25d374 diff --git a/unicorn_mode/samples/speedtest/get_offsets.py b/unicorn_mode/samples/speedtest/get_offsets.py index c9dc76df..72fb6293 100755 --- a/unicorn_mode/samples/speedtest/get_offsets.py +++ b/unicorn_mode/samples/speedtest/get_offsets.py @@ -59,7 +59,7 @@ for line in objdump_output.split("\n"): last_line = line if main_loc is None: - raise ( + raise Exception( "Could not find main in ./target! Make sure objdump is installed and the target is compiled." ) diff --git a/unicorn_mode/samples/speedtest/rust/Makefile b/unicorn_mode/samples/speedtest/rust/Makefile index 46934c93..8b91268e 100644 --- a/unicorn_mode/samples/speedtest/rust/Makefile +++ b/unicorn_mode/samples/speedtest/rust/Makefile @@ -16,7 +16,7 @@ clean: cargo build ../target: - $(MAKE) -c .. + $(MAKE) -C .. fuzz: all afl-fuzz rm -rf ./output diff --git a/unicorn_mode/samples/speedtest/rust/src/main.rs b/unicorn_mode/samples/speedtest/rust/src/main.rs index 9ea1b873..105ba4b4 100644 --- a/unicorn_mode/samples/speedtest/rust/src/main.rs +++ b/unicorn_mode/samples/speedtest/rust/src/main.rs @@ -195,7 +195,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { } let place_input_callback = - |mut uc: UnicornHandle<'_, _>, afl_input: &mut [u8], _persistent_round| { + |uc: &mut UnicornHandle<'_, _>, afl_input: &mut [u8], _persistent_round| { // apply constraints to the mutated input if afl_input.len() > INPUT_MAX as usize { //println!("Skipping testcase with leng {}", afl_input.len()); @@ -209,7 +209,7 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { // return true if the last run should be counted as crash let crash_validation_callback = - |_uc: UnicornHandle<'_, _>, result, _input: &[u8], _persistent_round| { + |_uc: &mut UnicornHandle<'_, _>, result, _input: &[u8], _persistent_round| { result != uc_error::OK }; @@ -217,9 +217,9 @@ fn fuzz(input_file: &str) -> Result<(), uc_error> { let ret = uc.afl_fuzz( input_file, - Box::new(place_input_callback), + place_input_callback, &end_addrs, - Box::new(crash_validation_callback), + crash_validation_callback, false, 1000, ); diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 019b8715..0d82727f 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad +Subproject commit 0d82727f2b477de82fa355edef9bc158bd25d374 From 046a9520f3799f01d5df557f0a577171638e0c64 Mon Sep 17 00:00:00 2001 From: van Hauser Date: Mon, 28 Jun 2021 09:14:41 +0200 Subject: [PATCH 379/441] Inline cmplog (#996) * inline cmplog check * better switch support * add cmplog-switches-pass.cc --- GNUmakefile.llvm | 5 +- instrumentation/cmplog-instructions-pass.cc | 184 ++------- instrumentation/cmplog-routines-pass.cc | 67 +++- instrumentation/cmplog-switches-pass.cc | 414 ++++++++++++++++++++ src/afl-cc.c | 41 +- 5 files changed, 528 insertions(+), 183 deletions(-) create mode 100644 instrumentation/cmplog-switches-pass.cc diff --git a/GNUmakefile.llvm b/GNUmakefile.llvm index 95140cb0..83eb91a9 100644 --- a/GNUmakefile.llvm +++ b/GNUmakefile.llvm @@ -306,7 +306,7 @@ ifeq "$(TEST_MMAP)" "1" endif PROGS_ALWAYS = ./afl-cc ./afl-compiler-rt.o ./afl-compiler-rt-32.o ./afl-compiler-rt-64.o -PROGS = $(PROGS_ALWAYS) ./afl-llvm-pass.so ./SanitizerCoveragePCGUARD.so ./split-compares-pass.so ./split-switches-pass.so ./cmplog-routines-pass.so ./cmplog-instructions-pass.so ./afl-llvm-dict2file.so ./compare-transform-pass.so ./afl-ld-lto ./afl-llvm-lto-instrumentlist.so ./afl-llvm-lto-instrumentation.so ./SanitizerCoverageLTO.so +PROGS = $(PROGS_ALWAYS) ./afl-llvm-pass.so ./SanitizerCoveragePCGUARD.so ./split-compares-pass.so ./split-switches-pass.so ./cmplog-routines-pass.so ./cmplog-instructions-pass.so ./cmplog-switches-pass.so ./afl-llvm-dict2file.so ./compare-transform-pass.so ./afl-ld-lto ./afl-llvm-lto-instrumentlist.so ./afl-llvm-lto-instrumentation.so ./SanitizerCoverageLTO.so # If prerequisites are not given, warn, do not build anything, and exit with code 0 ifeq "$(LLVMVER)" "" @@ -433,6 +433,9 @@ endif ./cmplog-instructions-pass.so: instrumentation/cmplog-instructions-pass.cc instrumentation/afl-llvm-common.o | test_deps $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o +./cmplog-switches-pass.so: instrumentation/cmplog-switches-pass.cc instrumentation/afl-llvm-common.o | test_deps + $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o + afl-llvm-dict2file.so: instrumentation/afl-llvm-dict2file.so.cc instrumentation/afl-llvm-common.o | test_deps $(CXX) $(CLANG_CPPFL) -shared $< -o $@ $(CLANG_LFL) instrumentation/afl-llvm-common.o diff --git a/instrumentation/cmplog-instructions-pass.cc b/instrumentation/cmplog-instructions-pass.cc index ad334d3b..0562c5b2 100644 --- a/instrumentation/cmplog-instructions-pass.cc +++ b/instrumentation/cmplog-instructions-pass.cc @@ -104,7 +104,6 @@ Iterator Unique(Iterator first, Iterator last) { bool CmpLogInstructions::hookInstrs(Module &M) { std::vector icomps; - std::vector switches; LLVMContext & C = M.getContext(); Type * VoidTy = Type::getVoidTy(C); @@ -222,6 +221,18 @@ bool CmpLogInstructions::hookInstrs(Module &M) { FunctionCallee cmplogHookInsN = cN; #endif + GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); + + if (!AFLCmplogPtr) { + + AFLCmplogPtr = new GlobalVariable(M, PointerType::get(Int8Ty, 0), false, + GlobalValue::ExternalWeakLinkage, 0, + "__afl_cmp_map"); + + } + + Constant *Null = Constant::getNullValue(PointerType::get(Int8Ty, 0)); + /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { @@ -238,164 +249,6 @@ bool CmpLogInstructions::hookInstrs(Module &M) { } - SwitchInst *switchInst = nullptr; - if ((switchInst = dyn_cast(BB.getTerminator()))) { - - if (switchInst->getNumCases() > 1) { switches.push_back(switchInst); } - - } - - } - - } - - } - - // unique the collected switches - switches.erase(Unique(switches.begin(), switches.end()), switches.end()); - - // Instrument switch values for cmplog - if (switches.size()) { - - if (!be_quiet) - errs() << "Hooking " << switches.size() << " switch instructions\n"; - - for (auto &SI : switches) { - - Value * Val = SI->getCondition(); - unsigned int max_size = Val->getType()->getIntegerBitWidth(), cast_size; - unsigned char do_cast = 0; - - if (!SI->getNumCases() || max_size < 16) { - - // if (!be_quiet) errs() << "skip trivial switch..\n"; - continue; - - } - - if (max_size % 8) { - - max_size = (((max_size / 8) + 1) * 8); - do_cast = 1; - - } - - IRBuilder<> IRB(SI->getParent()); - IRB.SetInsertPoint(SI); - - if (max_size > 128) { - - if (!be_quiet) { - - fprintf(stderr, - "Cannot handle this switch bit size: %u (truncating)\n", - max_size); - - } - - max_size = 128; - do_cast = 1; - - } - - // do we need to cast? - switch (max_size) { - - case 8: - case 16: - case 32: - case 64: - case 128: - cast_size = max_size; - break; - default: - cast_size = 128; - do_cast = 1; - - } - - Value *CompareTo = Val; - - if (do_cast) { - - CompareTo = - IRB.CreateIntCast(CompareTo, IntegerType::get(C, cast_size), false); - - } - - for (SwitchInst::CaseIt i = SI->case_begin(), e = SI->case_end(); i != e; - ++i) { - -#if LLVM_VERSION_MAJOR < 5 - ConstantInt *cint = i.getCaseValue(); -#else - ConstantInt *cint = i->getCaseValue(); -#endif - - if (cint) { - - std::vector args; - args.push_back(CompareTo); - - Value *new_param = cint; - - if (do_cast) { - - new_param = - IRB.CreateIntCast(cint, IntegerType::get(C, cast_size), false); - - } - - if (new_param) { - - args.push_back(new_param); - ConstantInt *attribute = ConstantInt::get(Int8Ty, 1); - args.push_back(attribute); - if (cast_size != max_size) { - - ConstantInt *bitsize = - ConstantInt::get(Int8Ty, (max_size / 8) - 1); - args.push_back(bitsize); - - } - - switch (cast_size) { - - case 8: - IRB.CreateCall(cmplogHookIns1, args); - break; - case 16: - IRB.CreateCall(cmplogHookIns2, args); - break; - case 32: - IRB.CreateCall(cmplogHookIns4, args); - break; - case 64: - IRB.CreateCall(cmplogHookIns8, args); - break; - case 128: -#ifdef WORD_SIZE_64 - if (max_size == 128) { - - IRB.CreateCall(cmplogHookIns16, args); - - } else { - - IRB.CreateCall(cmplogHookInsN, args); - - } - -#endif - break; - default: - break; - - } - - } - - } - } } @@ -409,8 +262,15 @@ bool CmpLogInstructions::hookInstrs(Module &M) { for (auto &selectcmpInst : icomps) { - IRBuilder<> IRB(selectcmpInst->getParent()); - IRB.SetInsertPoint(selectcmpInst); + IRBuilder<> IRB2(selectcmpInst->getParent()); + IRB2.SetInsertPoint(selectcmpInst); + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = + SplitBlockAndInsertIfThen(is_not_null, selectcmpInst, false); + + IRBuilder<> IRB(ThenTerm); Value *op0 = selectcmpInst->getOperand(0); Value *op1 = selectcmpInst->getOperand(1); @@ -601,7 +461,7 @@ bool CmpLogInstructions::hookInstrs(Module &M) { } - if (switches.size() || icomps.size()) + if (icomps.size()) return true; else return false; diff --git a/instrumentation/cmplog-routines-pass.cc b/instrumentation/cmplog-routines-pass.cc index a5992c9a..1e2610f2 100644 --- a/instrumentation/cmplog-routines-pass.cc +++ b/instrumentation/cmplog-routines-pass.cc @@ -184,6 +184,18 @@ bool CmpLogRoutines::hookRtns(Module &M) { FunctionCallee cmplogGccStdC = c4; #endif + GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); + + if (!AFLCmplogPtr) { + + AFLCmplogPtr = new GlobalVariable(M, PointerType::get(Int8Ty, 0), false, + GlobalValue::ExternalWeakLinkage, 0, + "__afl_cmp_map"); + + } + + Constant *Null = Constant::getNullValue(PointerType::get(Int8Ty, 0)); + /* iterate over all functions, bbs and instruction and add suitable calls */ for (auto &F : M) { @@ -289,8 +301,15 @@ bool CmpLogRoutines::hookRtns(Module &M) { Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); - IRBuilder<> IRB(callInst->getParent()); - IRB.SetInsertPoint(callInst); + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); @@ -308,8 +327,15 @@ bool CmpLogRoutines::hookRtns(Module &M) { Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); - IRBuilder<> IRB(callInst->getParent()); - IRB.SetInsertPoint(callInst); + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); @@ -327,8 +353,15 @@ bool CmpLogRoutines::hookRtns(Module &M) { Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); - IRBuilder<> IRB(callInst->getParent()); - IRB.SetInsertPoint(callInst); + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); @@ -346,8 +379,15 @@ bool CmpLogRoutines::hookRtns(Module &M) { Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); - IRBuilder<> IRB(callInst->getParent()); - IRB.SetInsertPoint(callInst); + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); @@ -365,8 +405,15 @@ bool CmpLogRoutines::hookRtns(Module &M) { Value *v1P = callInst->getArgOperand(0), *v2P = callInst->getArgOperand(1); - IRBuilder<> IRB(callInst->getParent()); - IRB.SetInsertPoint(callInst); + IRBuilder<> IRB2(callInst->getParent()); + IRB2.SetInsertPoint(callInst); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, callInst, false); + + IRBuilder<> IRB(ThenTerm); std::vector args; Value * v1Pcasted = IRB.CreatePointerCast(v1P, i8PtrTy); diff --git a/instrumentation/cmplog-switches-pass.cc b/instrumentation/cmplog-switches-pass.cc new file mode 100644 index 00000000..c42d44fe --- /dev/null +++ b/instrumentation/cmplog-switches-pass.cc @@ -0,0 +1,414 @@ +/* + american fuzzy lop++ - LLVM CmpLog instrumentation + -------------------------------------------------- + + Written by Andrea Fioraldi + + Copyright 2015, 2016 Google Inc. All rights reserved. + Copyright 2019-2020 AFLplusplus Project. All rights reserved. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at: + + http://www.apache.org/licenses/LICENSE-2.0 + +*/ + +#include +#include +#include + +#include +#include +#include +#include +#include + +#include "llvm/Config/llvm-config.h" +#include "llvm/ADT/Statistic.h" +#include "llvm/IR/IRBuilder.h" +#include "llvm/IR/LegacyPassManager.h" +#include "llvm/IR/Module.h" +#include "llvm/Support/Debug.h" +#include "llvm/Support/raw_ostream.h" +#include "llvm/Transforms/IPO/PassManagerBuilder.h" +#include "llvm/Transforms/Utils/BasicBlockUtils.h" +#include "llvm/Pass.h" +#include "llvm/Analysis/ValueTracking.h" + +#if LLVM_VERSION_MAJOR > 3 || \ + (LLVM_VERSION_MAJOR == 3 && LLVM_VERSION_MINOR > 4) + #include "llvm/IR/Verifier.h" + #include "llvm/IR/DebugInfo.h" +#else + #include "llvm/Analysis/Verifier.h" + #include "llvm/DebugInfo.h" + #define nullptr 0 +#endif + +#include +#include "afl-llvm-common.h" + +using namespace llvm; + +namespace { + +class CmpLogInstructions : public ModulePass { + + public: + static char ID; + CmpLogInstructions() : ModulePass(ID) { + + initInstrumentList(); + + } + + bool runOnModule(Module &M) override; + +#if LLVM_VERSION_MAJOR < 4 + const char *getPassName() const override { + +#else + StringRef getPassName() const override { + +#endif + return "cmplog instructions"; + + } + + private: + bool hookInstrs(Module &M); + +}; + +} // namespace + +char CmpLogInstructions::ID = 0; + +template +Iterator Unique(Iterator first, Iterator last) { + + while (first != last) { + + Iterator next(first); + last = std::remove(++next, last, *first); + first = next; + + } + + return last; + +} + +bool CmpLogInstructions::hookInstrs(Module &M) { + + std::vector switches; + LLVMContext & C = M.getContext(); + + Type * VoidTy = Type::getVoidTy(C); + IntegerType *Int8Ty = IntegerType::getInt8Ty(C); + IntegerType *Int16Ty = IntegerType::getInt16Ty(C); + IntegerType *Int32Ty = IntegerType::getInt32Ty(C); + IntegerType *Int64Ty = IntegerType::getInt64Ty(C); + +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c1 = M.getOrInsertFunction("__cmplog_ins_hook1", VoidTy, Int8Ty, Int8Ty, + Int8Ty +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookIns1 = cast(c1); +#else + FunctionCallee cmplogHookIns1 = c1; +#endif + +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c2 = M.getOrInsertFunction("__cmplog_ins_hook2", VoidTy, Int16Ty, Int16Ty, + Int8Ty +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookIns2 = cast(c2); +#else + FunctionCallee cmplogHookIns2 = c2; +#endif + +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c4 = M.getOrInsertFunction("__cmplog_ins_hook4", VoidTy, Int32Ty, Int32Ty, + Int8Ty +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookIns4 = cast(c4); +#else + FunctionCallee cmplogHookIns4 = c4; +#endif + +#if LLVM_VERSION_MAJOR < 9 + Constant * +#else + FunctionCallee +#endif + c8 = M.getOrInsertFunction("__cmplog_ins_hook8", VoidTy, Int64Ty, Int64Ty, + Int8Ty +#if LLVM_VERSION_MAJOR < 5 + , + NULL +#endif + ); +#if LLVM_VERSION_MAJOR < 9 + Function *cmplogHookIns8 = cast(c8); +#else + FunctionCallee cmplogHookIns8 = c8; +#endif + + GlobalVariable *AFLCmplogPtr = M.getNamedGlobal("__afl_cmp_map"); + + if (!AFLCmplogPtr) { + + AFLCmplogPtr = new GlobalVariable(M, PointerType::get(Int8Ty, 0), false, + GlobalValue::ExternalWeakLinkage, 0, + "__afl_cmp_map"); + + } + + Constant *Null = Constant::getNullValue(PointerType::get(Int8Ty, 0)); + + /* iterate over all functions, bbs and instruction and add suitable calls */ + for (auto &F : M) { + + if (!isInInstrumentList(&F)) continue; + + for (auto &BB : F) { + + SwitchInst *switchInst = nullptr; + if ((switchInst = dyn_cast(BB.getTerminator()))) { + + if (switchInst->getNumCases() > 1) { switches.push_back(switchInst); } + + } + + } + + } + + // unique the collected switches + switches.erase(Unique(switches.begin(), switches.end()), switches.end()); + + // Instrument switch values for cmplog + if (switches.size()) { + + if (!be_quiet) + errs() << "Hooking " << switches.size() << " switch instructions\n"; + + for (auto &SI : switches) { + + Value * Val = SI->getCondition(); + unsigned int max_size = Val->getType()->getIntegerBitWidth(), cast_size; + unsigned char do_cast = 0; + + if (!SI->getNumCases() || max_size < 16) { + + // if (!be_quiet) errs() << "skip trivial switch..\n"; + continue; + + } + + if (max_size % 8) { + + max_size = (((max_size / 8) + 1) * 8); + do_cast = 1; + + } + + IRBuilder<> IRB2(SI->getParent()); + IRB2.SetInsertPoint(SI); + + LoadInst *CmpPtr = IRB2.CreateLoad(AFLCmplogPtr); + CmpPtr->setMetadata(M.getMDKindID("nosanitize"), MDNode::get(C, None)); + auto is_not_null = IRB2.CreateICmpNE(CmpPtr, Null); + auto ThenTerm = SplitBlockAndInsertIfThen(is_not_null, SI, false); + + IRBuilder<> IRB(ThenTerm); + + if (max_size > 128) { + + if (!be_quiet) { + + fprintf(stderr, + "Cannot handle this switch bit size: %u (truncating)\n", + max_size); + + } + + max_size = 128; + do_cast = 1; + + } + + // do we need to cast? + switch (max_size) { + + case 8: + case 16: + case 32: + case 64: + case 128: + cast_size = max_size; + break; + default: + cast_size = 128; + do_cast = 1; + + } + + Value *CompareTo = Val; + + if (do_cast) { + + CompareTo = + IRB.CreateIntCast(CompareTo, IntegerType::get(C, cast_size), false); + + } + + for (SwitchInst::CaseIt i = SI->case_begin(), e = SI->case_end(); i != e; + ++i) { + +#if LLVM_VERSION_MAJOR < 5 + ConstantInt *cint = i.getCaseValue(); +#else + ConstantInt *cint = i->getCaseValue(); +#endif + + if (cint) { + + std::vector args; + args.push_back(CompareTo); + + Value *new_param = cint; + + if (do_cast) { + + new_param = + IRB.CreateIntCast(cint, IntegerType::get(C, cast_size), false); + + } + + if (new_param) { + + args.push_back(new_param); + ConstantInt *attribute = ConstantInt::get(Int8Ty, 1); + args.push_back(attribute); + if (cast_size != max_size) { + + ConstantInt *bitsize = + ConstantInt::get(Int8Ty, (max_size / 8) - 1); + args.push_back(bitsize); + + } + + switch (cast_size) { + + case 8: + IRB.CreateCall(cmplogHookIns1, args); + break; + case 16: + IRB.CreateCall(cmplogHookIns2, args); + break; + case 32: + IRB.CreateCall(cmplogHookIns4, args); + break; + case 64: + IRB.CreateCall(cmplogHookIns8, args); + break; + case 128: +#ifdef WORD_SIZE_64 + if (max_size == 128) { + + IRB.CreateCall(cmplogHookIns16, args); + + } else { + + IRB.CreateCall(cmplogHookInsN, args); + + } + +#endif + break; + default: + break; + + } + + } + + } + + } + + } + + } + + if (switches.size()) + return true; + else + return false; + +} + +bool CmpLogInstructions::runOnModule(Module &M) { + + if (getenv("AFL_QUIET") == NULL) + printf("Running cmplog-switches-pass by andreafioraldi@gmail.com\n"); + else + be_quiet = 1; + hookInstrs(M); + verifyModule(M); + + return true; + +} + +static void registerCmpLogInstructionsPass(const PassManagerBuilder &, + legacy::PassManagerBase &PM) { + + auto p = new CmpLogInstructions(); + PM.add(p); + +} + +static RegisterStandardPasses RegisterCmpLogInstructionsPass( + PassManagerBuilder::EP_OptimizerLast, registerCmpLogInstructionsPass); + +static RegisterStandardPasses RegisterCmpLogInstructionsPass0( + PassManagerBuilder::EP_EnabledOnOptLevel0, registerCmpLogInstructionsPass); + +#if LLVM_VERSION_MAJOR >= 11 +static RegisterStandardPasses RegisterCmpLogInstructionsPassLTO( + PassManagerBuilder::EP_FullLinkTimeOptimizationLast, + registerCmpLogInstructionsPass); +#endif + diff --git a/src/afl-cc.c b/src/afl-cc.c index 980e5d86..1e761c3d 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -514,14 +514,14 @@ static void edit_params(u32 argc, char **argv, char **envp) { unsetenv("AFL_LD"); unsetenv("AFL_LD_CALLER"); + if (cmplog_mode) { if (lto_mode && !have_c) { cc_params[cc_par_cnt++] = alloc_printf( - "-Wl,-mllvm=-load=%s/cmplog-routines-pass.so", obj_path); - cc_params[cc_par_cnt++] = alloc_printf( - "-Wl,-mllvm=-load=%s/cmplog-instructions-pass.so", obj_path); + "-Wl,-mllvm=-load=%s/cmplog-switches-pass.so", obj_path); + cc_params[cc_par_cnt++] = alloc_printf( "-Wl,-mllvm=-load=%s/split-switches-pass.so", obj_path); @@ -531,13 +531,7 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = "-load"; cc_params[cc_par_cnt++] = "-Xclang"; cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-routines-pass.so", obj_path); - - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = "-load"; - cc_params[cc_par_cnt++] = "-Xclang"; - cc_params[cc_par_cnt++] = - alloc_printf("%s/cmplog-instructions-pass.so", obj_path); + alloc_printf("%s/cmplog-switches-pass.so", obj_path); // reuse split switches from laf cc_params[cc_par_cnt++] = "-Xclang"; @@ -643,6 +637,33 @@ static void edit_params(u32 argc, char **argv, char **envp) { } + if (cmplog_mode) { + + if (lto_mode && !have_c) { + + cc_params[cc_par_cnt++] = alloc_printf( + "-Wl,-mllvm=-load=%s/cmplog-instructions-pass.so", obj_path); + cc_params[cc_par_cnt++] = alloc_printf( + "-Wl,-mllvm=-load=%s/cmplog-routines-pass.so", obj_path); + + } else { + + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = "-load"; + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = + alloc_printf("%s/cmplog-instructions-pass.so", obj_path); + + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = "-load"; + cc_params[cc_par_cnt++] = "-Xclang"; + cc_params[cc_par_cnt++] = + alloc_printf("%s/cmplog-routines-pass.so", obj_path); + + } + + } + // cc_params[cc_par_cnt++] = "-Qunused-arguments"; // in case LLVM is installed not via a package manager or "make install" From 000b16af16bb5cb4e1ea9e4c24c693add6ae4da3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 29 Jun 2021 10:30:37 +0200 Subject: [PATCH 380/441] fix linefeed --- src/afl-fuzz-run.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-run.c b/src/afl-fuzz-run.c index 49856a9f..e876beea 100644 --- a/src/afl-fuzz-run.c +++ b/src/afl-fuzz-run.c @@ -413,7 +413,7 @@ u8 calibrate_case(afl_state_t *afl, struct queue_entry *q, u8 *use_mem, // note: from_queue seems to only be set during initialization if (afl->afl_env.afl_no_ui || from_queue) { - WARNF("instability detected during calibration\n"); + WARNF("instability detected during calibration"); } else if (afl->debug) { From 7da632065f079b887d07b17a63ba1787e4240e69 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 30 Jun 2021 09:35:44 +0100 Subject: [PATCH 381/441] Minor fixes to typescript bindings (#999) Co-authored-by: Your Name --- frida_mode/ts/lib/afl.ts | 2 ++ frida_mode/ts/package.json | 60 +++++++++++++++++++------------------- 2 files changed, 32 insertions(+), 30 deletions(-) diff --git a/frida_mode/ts/lib/afl.ts b/frida_mode/ts/lib/afl.ts index 6da7fabc..93368dac 100644 --- a/frida_mode/ts/lib/afl.ts +++ b/frida_mode/ts/lib/afl.ts @@ -371,3 +371,5 @@ class Afl { } } + +export { Afl }; diff --git a/frida_mode/ts/package.json b/frida_mode/ts/package.json index 47b693ed..191eb597 100644 --- a/frida_mode/ts/package.json +++ b/frida_mode/ts/package.json @@ -1,32 +1,32 @@ { - "name": "@worksbutnottested/aflplusplus-frida", - "version": "1.0.0", - "description": "AFLplusplus Frida Mode", - "main": "./dist/frida.js", - "types": "./dist/frida.d.ts", - "files": [ - "/dist/" - ], - "repository": { - "type": "git", - "url": "git@github.com:worksbutnottested/AFLplusplus.git" - }, - "publishConfig": { - "cache": "~/.npm", - "registry": "https://npm.pkg.github.com/@worksbutnottested" - }, - "scripts": { - "prepare": "npm run build", - "build": "tsc", - "lint": "tslint -p tslint.json" - }, - "devDependencies": { - "@types/node": "^14.14.2", - "typescript": "^4.0.3", - "typescript-tslint-plugin": "^0.5.5", - "tslint": "^6.1.3" - }, - "dependencies": { - "@types/frida-gum": "^16.2.0" - } + "name": "@worksbutnottested/aflplusplus-frida", + "version": "1.0.1", + "description": "AFLplusplus Frida Mode", + "main": "./dist/afl.js", + "types": "./dist/afl.d.ts", + "files": [ + "/dist/" + ], + "repository": { + "type": "git", + "url": "git@github.com:worksbutnottested/AFLplusplus.git" + }, + "publishConfig": { + "cache": "~/.npm", + "registry": "https://npm.pkg.github.com/@worksbutnottested" + }, + "scripts": { + "prepare": "npm run build", + "build": "tsc", + "lint": "tslint -p tslint.json" + }, + "devDependencies": { + "@types/node": "^14.14.2", + "typescript": "^4.0.3", + "typescript-tslint-plugin": "^0.5.5", + "tslint": "^6.1.3" + }, + "dependencies": { + "@types/frida-gum": "^16.2.0" } +} From 5d5624b930d95cc576624d22f68d5682c968ad97 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 30 Jun 2021 09:36:32 +0100 Subject: [PATCH 382/441] Many Linux Support (#1000) Co-authored-by: Your Name --- frida_mode/many-linux/Dockerfile | 24 ++++++++++++++++++++++++ frida_mode/many-linux/GNUmakefile | 20 ++++++++++++++++++++ frida_mode/many-linux/Makefile | 9 +++++++++ frida_mode/many-linux/README.md | 8 ++++++++ frida_mode/many-linux/realpath | 2 ++ 5 files changed, 63 insertions(+) create mode 100644 frida_mode/many-linux/Dockerfile create mode 100644 frida_mode/many-linux/GNUmakefile create mode 100644 frida_mode/many-linux/Makefile create mode 100644 frida_mode/many-linux/README.md create mode 100644 frida_mode/many-linux/realpath diff --git a/frida_mode/many-linux/Dockerfile b/frida_mode/many-linux/Dockerfile new file mode 100644 index 00000000..08c24eae --- /dev/null +++ b/frida_mode/many-linux/Dockerfile @@ -0,0 +1,24 @@ +FROM fridadotre/manylinux-x86_64 + +COPY realpath /bin/realpath +RUN chmod +x /bin/realpath + +RUN yum -y install xz +RUN yum -y install vim-common + +WORKDIR / +RUN git clone https://github.com/AFLplusplus/AFLplusplus.git + +WORKDIR /AFLplusplus +RUN mkdir -p /AFLplusplus/frida_mode/build/frida/ +RUN curl -L -o /AFLplusplus/frida_mode/build/frida/frida-gumjs-devkit-14.2.18-linux-x86_64.tar.xz "https://github.com/frida/frida/releases/download/14.2.18/frida-gumjs-devkit-14.2.18-linux-x86_64.tar.xz" + +WORKDIR /AFLplusplus +RUN git checkout dev +WORKDIR /AFLplusplus/frida_mode +ENV CFLAGS="\ + -DADDR_NO_RANDOMIZE=0x0040000 \ + -D_POSIX_C_SOURCE=200809L \ + -Wno-implicit-function-declaration \ + " +RUN make diff --git a/frida_mode/many-linux/GNUmakefile b/frida_mode/many-linux/GNUmakefile new file mode 100644 index 00000000..2ac44dc2 --- /dev/null +++ b/frida_mode/many-linux/GNUmakefile @@ -0,0 +1,20 @@ +PWD:=$(shell pwd)/ +BUILD_DIR:=$(PWD)build/ + +.PHONY: all clean shell + +all: | $(BUILD_DIR) + docker build --tag many-afl-frida . + docker run --rm \ + -v $(PWD)build/:/export \ + many-afl-frida \ + cp /AFLplusplus/afl-frida-trace.so /export + +$(BUILD_DIR): + mkdir -p $@ + +clean: + rm -rf $(BUILD_DIR) + +shell: + docker run -ti --rm many-afl-frida /bin/bash diff --git a/frida_mode/many-linux/Makefile b/frida_mode/many-linux/Makefile new file mode 100644 index 00000000..f3c3cd55 --- /dev/null +++ b/frida_mode/many-linux/Makefile @@ -0,0 +1,9 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +clean: + @gmake clean + +shell: + @gmake shell diff --git a/frida_mode/many-linux/README.md b/frida_mode/many-linux/README.md new file mode 100644 index 00000000..2c7b6823 --- /dev/null +++ b/frida_mode/many-linux/README.md @@ -0,0 +1,8 @@ +# many-linux + +This folder contains a Docker image to allow the building of +`afl-frida-trace.so` using the `many-linux` docker image. This docker image is +based on CentOS Linux 5. By building `afl-frida-trace.so` for such an old +version of Linux, given the strong backward compatibility of Linux, this should +work on the majority of Linux environments. This may be useful for targetting +Linux distributions other than your development environment. \ No newline at end of file diff --git a/frida_mode/many-linux/realpath b/frida_mode/many-linux/realpath new file mode 100644 index 00000000..1fdc49a7 --- /dev/null +++ b/frida_mode/many-linux/realpath @@ -0,0 +1,2 @@ +#!/bin/sh +readlink -f -- "$@" From a6cf9bb336cc3e166469d6eed206a2b6fa9c994a Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 1 Jul 2021 08:20:32 +0200 Subject: [PATCH 383/441] update honggfuzz custom mutator --- custom_mutators/honggfuzz/honggfuzz.h | 5 +++-- docs/Changelog.md | 2 -- unicorn_mode/unicornafl | 2 +- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/custom_mutators/honggfuzz/honggfuzz.h b/custom_mutators/honggfuzz/honggfuzz.h index c80cdd87..51c7b567 100644 --- a/custom_mutators/honggfuzz/honggfuzz.h +++ b/custom_mutators/honggfuzz/honggfuzz.h @@ -246,9 +246,9 @@ typedef struct { } timing; struct { struct { - uint8_t val[256]; + uint8_t val[512]; size_t len; - } dictionary[1024]; + } dictionary[8192]; size_t dictionaryCnt; const char* dictionaryFile; size_t mutationsMax; @@ -263,6 +263,7 @@ typedef struct { struct { bool useVerifier; bool exitUponCrash; + uint8_t exitCodeUponCrash; const char* reportFile; size_t dynFileIterExpire; bool only_printable; diff --git a/docs/Changelog.md b/docs/Changelog.md index 475240c2..461acb2c 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -29,8 +29,6 @@ sending a mail to . - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET - feature parity of aarch64 with intel now (persistent, cmplog, in-memory testcases, asan) - - qemu_mode: - - performance fix when cmplog was used - afl-cmin and afl-showmap -i do now descend into subdirectories (like afl-fuzz does) - note that afl-cmin.bash does not! - afl_analyze: diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 0d82727f..019b8715 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 0d82727f2b477de82fa355edef9bc158bd25d374 +Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad From a8529de59247a8bf1e9c1591c0db306ccbcf1d49 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Fri, 2 Jul 2021 08:44:53 +0100 Subject: [PATCH 384/441] Changes to strip unused symbols from afl-frida-trace.so and hance remove v7 and its dependency on C++ (#1001) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 11 ++++-- frida_mode/frida.map | 33 +++++++++++++++++ frida_mode/hook/hook.c | 14 ++++---- frida_mode/many-linux/Dockerfile | 2 +- frida_mode/many-linux/GNUmakefile | 1 + frida_mode/src/js/js_api.c | 59 ++++++++++++++++++------------- frida_mode/src/main.c | 2 +- 7 files changed, 86 insertions(+), 36 deletions(-) create mode 100644 frida_mode/frida.map diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index f5a96501..d8206d94 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -19,13 +19,14 @@ CFLAGS+=-fPIC \ -g \ -O3 \ -funroll-loops \ + -ffunction-sections \ RT_CFLAGS:=-Wno-unused-parameter \ -Wno-sign-compare \ -Wno-unused-function \ -Wno-unused-result \ -Wno-int-to-pointer-cast \ - -Wno-pointer-sign \ + -Wno-pointer-sign LDFLAGS+=-shared \ -lpthread \ @@ -64,7 +65,10 @@ else ifdef DEBUG RT_CFLAGS:=$(RT_CFLAGS) -Wno-prio-ctor-dtor endif -LDFLAGS+=-z noexecstack +LDFLAGS+= -z noexecstack \ + -Wl,--gc-sections \ + -Wl,--exclude-libs,ALL +LDSCRIPT:=-Wl,--version-script=$(PWD)frida.map endif ifeq "$(shell uname)" "Linux" @@ -164,7 +168,7 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) $(JS_SRC): $(JS) | $(BUILD_DIR) cd $(JS_DIR) && xxd -i $(JS_NAME) $@ -$(JS_OBJ): $(JS_SRC) +$(JS_OBJ): $(JS_SRC) GNUmakefile $(CC) \ $(CFLAGS) \ -I $(ROOT)include \ @@ -197,6 +201,7 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL $(GUM_DEVIT_LIBRARY) \ $(AFL_COMPILER_RT_OBJ) \ $(LDFLAGS) \ + $(LDSCRIPT) \ -o $@ \ cp -v $(FRIDA_TRACE) $(ROOT) diff --git a/frida_mode/frida.map b/frida_mode/frida.map new file mode 100644 index 00000000..cc072dd7 --- /dev/null +++ b/frida_mode/frida.map @@ -0,0 +1,33 @@ +{ + global: + __afl_fuzz_len; + __afl_fuzz_ptr; + __afl_sharedmem_fuzzing; + afl_frida_start; + js_api_add_exclude_range; + js_api_add_include_range; + js_api_done; + js_api_error; + js_api_set_debug_maps; + js_api_set_entrypoint; + js_api_set_instrument_debug_file; + js_api_set_instrument_libraries; + js_api_set_instrument_no_optimize; + js_api_set_instrument_trace; + js_api_set_instrument_trace_unique; + js_api_set_persistent_address; + js_api_set_persistent_count; + js_api_set_persistent_debug; + js_api_set_persistent_hook; + js_api_set_persistent_return; + js_api_set_prefetch_disable; + js_api_set_stalker_callback; + js_api_set_stats_file; + js_api_set_stats_interval; + js_api_set_stats_transitions; + js_api_set_stderr; + js_api_set_stdout; + + local: + *; +}; diff --git a/frida_mode/hook/hook.c b/frida_mode/hook/hook.c index 7d08101f..97f28db7 100644 --- a/frida_mode/hook/hook.c +++ b/frida_mode/hook/hook.c @@ -5,8 +5,8 @@ #if defined(__x86_64__) -void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, - uint32_t input_buf_len) { +__attribute__((visibility("default"))) void afl_persistent_hook( + GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { memcpy((void *)regs->rdi, input_buf, input_buf_len); regs->rsi = input_buf_len; @@ -15,8 +15,8 @@ void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, #elif defined(__i386__) -void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, - uint32_t input_buf_len) { +__attribute__((visibility("default"))) void afl_persistent_hook( + GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { void **esp = (void **)regs->esp; void * arg1 = esp[0]; @@ -28,8 +28,8 @@ void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, #elif defined(__aarch64__) -void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, - uint32_t input_buf_len) { +__attribute__((visibility("default"))) void afl_persistent_hook( + GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { memcpy((void *)regs->x[0], input_buf, input_buf_len); regs->x[1] = input_buf_len; @@ -40,7 +40,7 @@ void afl_persistent_hook(GumCpuContext *regs, uint8_t *input_buf, #pragma error "Unsupported architecture" #endif -int afl_persistent_hook_init(void) { +__attribute__((visibility("default"))) int afl_persistent_hook_init(void) { // 1 for shared memory input (faster), 0 for normal input (you have to use // read(), input_buf will be NULL) diff --git a/frida_mode/many-linux/Dockerfile b/frida_mode/many-linux/Dockerfile index 08c24eae..1d39c356 100644 --- a/frida_mode/many-linux/Dockerfile +++ b/frida_mode/many-linux/Dockerfile @@ -18,7 +18,7 @@ RUN git checkout dev WORKDIR /AFLplusplus/frida_mode ENV CFLAGS="\ -DADDR_NO_RANDOMIZE=0x0040000 \ - -D_POSIX_C_SOURCE=200809L \ -Wno-implicit-function-declaration \ " +ENV CXX=$CC RUN make diff --git a/frida_mode/many-linux/GNUmakefile b/frida_mode/many-linux/GNUmakefile index 2ac44dc2..2860f20c 100644 --- a/frida_mode/many-linux/GNUmakefile +++ b/frida_mode/many-linux/GNUmakefile @@ -15,6 +15,7 @@ $(BUILD_DIR): clean: rm -rf $(BUILD_DIR) + docker images --filter 'dangling=true' -q --no-trunc | xargs -L1 docker rmi --force shell: docker run -ti --rm many-afl-frida /bin/bash diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index 91dccab2..58bf9ba3 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -9,142 +9,153 @@ #include "ranges.h" #include "stats.h" #include "util.h" - -void js_api_done() { +__attribute__((visibility("default"))) void js_api_done() { js_done = TRUE; } -void js_api_error(char *msg) { +__attribute__((visibility("default"))) void js_api_error(char *msg) { FATAL("%s", msg); } -void js_api_set_entrypoint(void *address) { +__attribute__((visibility("default"))) void js_api_set_entrypoint( + void *address) { entry_point = GPOINTER_TO_SIZE(address); } -void js_api_set_persistent_address(void *address) { +__attribute__((visibility("default"))) void js_api_set_persistent_address( + void *address) { persistent_start = GPOINTER_TO_SIZE(address); } -void js_api_set_persistent_return(void *address) { +__attribute__((visibility("default"))) void js_api_set_persistent_return( + void *address) { persistent_ret = GPOINTER_TO_SIZE(address); } -void js_api_set_persistent_count(uint64_t count) { +__attribute__((visibility("default"))) void js_api_set_persistent_count( + uint64_t count) { persistent_count = count; } -void js_api_set_persistent_debug() { +__attribute__((visibility("default"))) void js_api_set_persistent_debug() { persistent_debug = TRUE; } -void js_api_set_debug_maps() { +__attribute__((visibility("default"))) void js_api_set_debug_maps() { ranges_debug_maps = TRUE; } -void js_api_add_include_range(void *address, gsize size) { +__attribute__((visibility("default"))) void js_api_add_include_range( + void *address, gsize size) { GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size}; ranges_add_include(&range); } -void js_api_add_exclude_range(void *address, gsize size) { +__attribute__((visibility("default"))) void js_api_add_exclude_range( + void *address, gsize size) { GumMemoryRange range = {.base_address = GUM_ADDRESS(address), .size = size}; ranges_add_exclude(&range); } -void js_api_set_instrument_libraries() { +__attribute__((visibility("default"))) void js_api_set_instrument_libraries() { ranges_inst_libs = TRUE; } -void js_api_set_instrument_debug_file(char *path) { +__attribute__((visibility("default"))) void js_api_set_instrument_debug_file( + char *path) { instrument_debug_filename = g_strdup(path); } -void js_api_set_prefetch_disable(void) { +__attribute__((visibility("default"))) void js_api_set_prefetch_disable(void) { prefetch_enable = FALSE; } -void js_api_set_instrument_no_optimize(void) { +__attribute__((visibility("default"))) void js_api_set_instrument_no_optimize( + void) { instrument_optimize = FALSE; } -void js_api_set_instrument_trace(void) { +__attribute__((visibility("default"))) void js_api_set_instrument_trace(void) { instrument_tracing = TRUE; } -void js_api_set_instrument_trace_unique(void) { +__attribute__((visibility("default"))) void js_api_set_instrument_trace_unique( + void) { instrument_unique = TRUE; } -void js_api_set_stdout(char *file) { +__attribute__((visibility("default"))) void js_api_set_stdout(char *file) { output_stdout = g_strdup(file); } -void js_api_set_stderr(char *file) { +__attribute__((visibility("default"))) void js_api_set_stderr(char *file) { output_stderr = g_strdup(file); } -void js_api_set_stats_file(char *file) { +__attribute__((visibility("default"))) void js_api_set_stats_file(char *file) { stats_filename = g_strdup(file); } -void js_api_set_stats_interval(uint64_t interval) { +__attribute__((visibility("default"))) void js_api_set_stats_interval( + uint64_t interval) { stats_interval = interval; } -void js_api_set_stats_transitions() { +__attribute__((visibility("default"))) void js_api_set_stats_transitions() { stats_transitions = TRUE; } -void js_api_set_persistent_hook(void *address) { +__attribute__((visibility("default"))) void js_api_set_persistent_hook( + void *address) { persistent_hook = address; } -void js_api_set_stalker_callback(const js_api_stalker_callback_t callback) { +__attribute__((visibility("default"))) void js_api_set_stalker_callback( + const js_api_stalker_callback_t callback) { js_user_callback = callback; diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c index 85b0bbf3..91687046 100644 --- a/frida_mode/src/main.c +++ b/frida_mode/src/main.c @@ -163,7 +163,7 @@ static void afl_print_env(void) { } -void afl_frida_start(void) { +__attribute__((visibility("default"))) void afl_frida_start(void) { afl_print_cmdline(); afl_print_env(); From cca11b08b147f88329bac5f933e1c9295bfb3b9c Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 2 Jul 2021 10:41:50 +0200 Subject: [PATCH 385/441] fix xaxis text --- afl-plot | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/afl-plot b/afl-plot index 60a351ab..662c0907 100755 --- a/afl-plot +++ b/afl-plot @@ -127,7 +127,7 @@ set key outside set autoscale xfixmin set autoscale xfixmax -#set xlabel "all times in UTC" font "small" +set xlabel "relative time in seconds" font "small" plot '$inputdir/plot_data' using 1:4 with filledcurve x1 title 'total paths' linecolor rgb '#000000' fillstyle transparent solid 0.2 noborder, \\ '' using 1:3 with filledcurve x1 title 'current path' linecolor rgb '#f0f0f0' fillstyle transparent solid 0.5 noborder, \\ From 7283205fe35c683edff1a44e2d1cca445d7681c5 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 2 Jul 2021 13:43:40 +0200 Subject: [PATCH 386/441] make clean on qemu_mode should not fail --- GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index bd206af0..53cc0537 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -574,7 +574,7 @@ clean: $(MAKE) -C qemu_mode/libqasan clean -$(MAKE) -C frida_mode clean ifeq "$(IN_REPO)" "1" - test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true + -test -e qemu_mode/qemuafl/Makefile && $(MAKE) -C qemu_mode/qemuafl clean || true test -e unicorn_mode/unicornafl/Makefile && $(MAKE) -C unicorn_mode/unicornafl clean || true else rm -rf qemu_mode/qemuafl From 886e2ba7702b2354243daaae81e2fd325d01f5d4 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 5 Jul 2021 10:28:26 +0100 Subject: [PATCH 387/441] Remove dependency on xxd (#1002) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 12 +++-- frida_mode/util/bin2c.c | 117 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+), 3 deletions(-) create mode 100644 frida_mode/util/bin2c.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index d8206d94..6c17f369 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -102,6 +102,9 @@ HOOK_DIR:=$(PWD)hook/ AFLPP_DRIVER_HOOK_SRC=$(HOOK_DIR)hook.c AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)hook.so +BIN2C:=$(BUILD_DIR)bin2c +BIN2C_SRC:=$(PWD)util/bin2c.c + .PHONY: all 32 clean format hook $(FRIDA_GUM) ############################## ALL ############################################# @@ -165,8 +168,11 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) ############################### JS ############################################# -$(JS_SRC): $(JS) | $(BUILD_DIR) - cd $(JS_DIR) && xxd -i $(JS_NAME) $@ +$(BIN2C): $(BIN2C_SRC) + $(CC) -o $@ $< + +$(JS_SRC): $(JS) $(BIN2C)| $(BUILD_DIR) + cd $(JS_DIR) && $(BIN2C) api_js $(JS) $@ $(JS_OBJ): $(JS_SRC) GNUmakefile $(CC) \ @@ -219,7 +225,7 @@ clean: ############################# FORMAT ########################################### format: - cd $(ROOT) && echo $(SOURCES) $(AFLPP_DRIVER_HOOK_SRC) | xargs -L1 ./.custom-format.py -i + cd $(ROOT) && echo $(SOURCES) $(AFLPP_DRIVER_HOOK_SRC) $(BIN2C_SRC) | xargs -L1 ./.custom-format.py -i cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i ############################# RUN ############################################# diff --git a/frida_mode/util/bin2c.c b/frida_mode/util/bin2c.c new file mode 100644 index 00000000..899d0101 --- /dev/null +++ b/frida_mode/util/bin2c.c @@ -0,0 +1,117 @@ +#include +#include +#include +#include + +void fatal(char *msg) { + + perror(msg); + exit(1); + +} + +void bin2c_write(char *name, char *output, unsigned char *buff, size_t size) { + + int fd = open(output, O_CREAT | O_WRONLY | O_TRUNC, 00660); + if (fd < 0) { fatal("open"); } + + /* Write the array definition */ + dprintf(fd, "unsigned char %s[] = {\n", name); + + /* 12 bytes per row, just like xxd means we fit an 80 character width */ + for (size_t i = 0; i < size; i += 12) { + + for (size_t j = 0; j < 12; j++) { + + size_t idx = i + j; + + /* If we get to the end of the input, then break */ + if (idx >= size) { break; } + + /* If we are writing the first column, then we need a leading indent */ + if (j == 0) { dprintf(fd, " "); } + + /* Write the hexadecimal byte value */ + dprintf(fd, "0x%02x", buff[idx]); + + /* If we have just written the last byte, then stop */ + if (idx == size - 1) { break; } + + /* + * If we have written the last byte in a row, then follow with a comma + * and a newline + */ + if (j == 11) { + + dprintf(fd, ",\n"); + + /* + * Otherwise, follow with a command and a space + */ + + } else { + + dprintf(fd, ", "); + + } + + } + + } + + /* Write the closing brace for the array */ + dprintf(fd, "\n};\n"); + + /* Write a parameter describing the length of the array */ + dprintf(fd, "unsigned int %s_len = %lu;\n", name, size); + + if (close(fd) < 0) { fatal("close"); } + +} + +void bin2c(char *name, char *input, char *output) { + + int fd = open(input, O_RDONLY); + if (fd < 0) { fatal("open(input)"); } + + size_t size = lseek(fd, 0, SEEK_END); + if (size < 0) { fatal("lseek(SEEK_END)"); } + + if (lseek(fd, 0, SEEK_SET) < 0) { fatal("lseek(SEEK_SET)"); } + + unsigned char *buff = malloc(size); + if (buff == NULL) { fatal("malloc(size)"); } + + if (read(fd, buff, size) != size) { fatal("read(size)"); } + + bin2c_write(name, output, buff, size); + + free(buff); + if (close(fd) < 0) { fatal("close(fd_in)"); } + +} + +int main(int argc, char **argv) { + + if (argc < 4) { + + dprintf(STDERR_FILENO, "%s \n", argv[0]); + return 1; + + } + + char *name = argv[1]; + char *input = argv[2]; + char *output = argv[3]; + + dprintf(STDOUT_FILENO, "bin2c:\n"); + dprintf(STDOUT_FILENO, "\tname: %s\n", name); + dprintf(STDOUT_FILENO, "\tinput: %s\n", input); + dprintf(STDOUT_FILENO, "\toutput: %s\n", output); + + bin2c(name, input, output); + + return 0; + +} + From dcf450ecba2f3ad8ed00c02a00b84da97e14df77 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 5 Jul 2021 10:28:39 +0100 Subject: [PATCH 388/441] Changes to automatically disable optimization when AFL_FRIDA_INST_TRACE is set (#1003) Co-authored-by: Your Name --- frida_mode/README.md | 2 +- frida_mode/src/instrument/instrument.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 6bed52b7..c85cf3af 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -160,7 +160,7 @@ instrumentation (the default where available). Required to use report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. * `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks, -requires `AFL_FRIDA_INST_NO_OPTIMIZE`. +implies `AFL_FRIDA_INST_NO_OPTIMIZE`. * `AFL_FRIDA_INST_TRACE_UNIQUE` - As per `AFL_FRIDA_INST_TRACE`, but each edge is logged only once, requires `AFL_FRIDA_INST_NO_OPTIMIZE`. * `AFL_FRIDA_OUTPUT_STDOUT` - Redirect the standard output of the target diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 2a217d96..c646843c 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -214,13 +214,15 @@ void instrument_init(void) { if (instrument_tracing && instrument_optimize) { - FATAL("AFL_FRIDA_INST_TRACE requires AFL_FRIDA_INST_NO_OPTIMIZE"); + WARNF("AFL_FRIDA_INST_TRACE implies AFL_FRIDA_INST_NO_OPTIMIZE"); + instrument_optimize = FALSE; } if (instrument_unique && instrument_optimize) { - FATAL("AFL_FRIDA_INST_TRACE_UNIQUE requires AFL_FRIDA_INST_NO_OPTIMIZE"); + WARNF("AFL_FRIDA_INST_TRACE_UNIQUE implies AFL_FRIDA_INST_NO_OPTIMIZE"); + instrument_optimize = FALSE; } From f7fb4495c4aa6a1e2eca17779f9a60a31b6dbdf1 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 5 Jul 2021 10:28:55 +0100 Subject: [PATCH 389/441] Fixes to handling DSOs by name (#1004) Co-authored-by: Your Name --- frida_mode/src/ranges.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index 534f202b..05e18156 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -145,11 +145,13 @@ static void convert_name_token(gchar *token, GumMemoryRange *range) { static void convert_token(gchar *token, GumMemoryRange *range) { - if (g_strrstr(token, "-")) { + if (g_str_has_prefix(token, "0x")) { convert_address_token(token, range); - } else { + } + + else { convert_name_token(token, range); @@ -509,6 +511,13 @@ void ranges_config(void) { if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { ranges_debug_maps = TRUE; } if (getenv("AFL_INST_LIBS") != NULL) { ranges_inst_libs = TRUE; } + if (ranges_debug_maps) { + + gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, + NULL); + + } + include_ranges = collect_ranges("AFL_FRIDA_INST_RANGES"); exclude_ranges = collect_ranges("AFL_FRIDA_EXCLUDE_RANGES"); @@ -522,13 +531,6 @@ void ranges_init(void) { GArray * step3; GArray * step4; - if (ranges_debug_maps) { - - gum_process_enumerate_ranges(GUM_PAGE_NO_ACCESS, print_ranges_callback, - NULL); - - } - OKF("Ranges - Instrument libraries [%c]", ranges_inst_libs ? 'X' : ' '); print_ranges("AFL_FRIDA_INST_RANGES", include_ranges); From 6ec295db4e8188df410cf7dcccd1b3de5fbc2048 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 5 Jul 2021 16:14:54 +0200 Subject: [PATCH 390/441] more partial linking --- src/afl-cc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/afl-cc.c b/src/afl-cc.c index 1e761c3d..d35b177d 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -789,7 +789,9 @@ static void edit_params(u32 argc, char **argv, char **envp) { if (!strcmp(cur, "-E")) preprocessor_only = 1; if (!strcmp(cur, "-shared")) shared_linking = 1; if (!strcmp(cur, "-Wl,-r")) partial_linking = 1; - if (!strcmp(cur, "-Wl,-i")) partial_linking = 1; + if (!strcmp(cur, "-Wl,--relocatable")) partial_linking = 1; + if (!strcmp(cur, "-r")) partial_linking = 1; + if (!strcmp(cur, "--relocatable")) partial_linking = 1; if (!strcmp(cur, "-c")) have_c = 1; if (!strncmp(cur, "-O", 2)) have_o = 1; From bf9a15541888ac8836a70b4d01c2c9e7bd940051 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:09:31 +0100 Subject: [PATCH 391/441] Support for excluding JIT code (#1006) Co-authored-by: Your Name --- frida_mode/README.md | 3 ++ frida_mode/frida.map | 1 + frida_mode/include/ranges.h | 1 + frida_mode/src/js/api.js | 7 ++++ frida_mode/src/js/js_api.c | 6 ++++ frida_mode/src/ranges.c | 72 +++++++++++++++++++++++++++++++------ frida_mode/ts/lib/afl.ts | 12 +++++++ include/envs.h | 1 + 8 files changed, 92 insertions(+), 11 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index c85cf3af..024fc140 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -153,6 +153,9 @@ Generated block 0x7ffff75e98e2 *** ``` +* `AFL_FRIDA_INST_JIT` - Enable the instrumentation of Just-In-Time compiled +code. Code is considered to be JIT if the executable segment is not backed by a +file. * `AFL_FRIDA_INST_NO_OPTIMIZE` - Don't use optimized inline assembly coverage instrumentation (the default where available). Required to use `AFL_FRIDA_INST_TRACE`. diff --git a/frida_mode/frida.map b/frida_mode/frida.map index cc072dd7..8fc0b174 100644 --- a/frida_mode/frida.map +++ b/frida_mode/frida.map @@ -11,6 +11,7 @@ js_api_set_debug_maps; js_api_set_entrypoint; js_api_set_instrument_debug_file; + js_api_set_instrument_jit; js_api_set_instrument_libraries; js_api_set_instrument_no_optimize; js_api_set_instrument_trace; diff --git a/frida_mode/include/ranges.h b/frida_mode/include/ranges.h index a667fb76..2eb9b355 100644 --- a/frida_mode/include/ranges.h +++ b/frida_mode/include/ranges.h @@ -5,6 +5,7 @@ extern gboolean ranges_debug_maps; extern gboolean ranges_inst_libs; +extern gboolean ranges_inst_jit; void ranges_config(void); void ranges_init(void); diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index 4cb04704..1d843024 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -99,6 +99,12 @@ class Afl { static setInstrumentEnableTracing() { Afl.jsApiSetInstrumentTrace(); } + /** + * See `AFL_FRIDA_INST_JIT`. + */ + static setInstrumentJit() { + Afl.jsApiSetInstrumentJit(); + } /** * See `AFL_INST_LIBS`. */ @@ -222,6 +228,7 @@ Afl.jsApiError = Afl.jsApiGetFunction("js_api_error", "void", ["pointer"]); Afl.jsApiSetDebugMaps = Afl.jsApiGetFunction("js_api_set_debug_maps", "void", []); Afl.jsApiSetEntryPoint = Afl.jsApiGetFunction("js_api_set_entrypoint", "void", ["pointer"]); Afl.jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction("js_api_set_instrument_debug_file", "void", ["pointer"]); +Afl.jsApiSetInstrumentJit = Afl.jsApiGetFunction("js_api_set_instrument_jit", "void", []); Afl.jsApiSetInstrumentLibraries = Afl.jsApiGetFunction("js_api_set_instrument_libraries", "void", []); Afl.jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction("js_api_set_instrument_no_optimize", "void", []); Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []); diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index 58bf9ba3..36471387 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -77,6 +77,12 @@ __attribute__((visibility("default"))) void js_api_add_exclude_range( } +__attribute__((visibility("default"))) void js_api_set_instrument_jit() { + + ranges_inst_jit = TRUE; + +} + __attribute__((visibility("default"))) void js_api_set_instrument_libraries() { ranges_inst_libs = TRUE; diff --git a/frida_mode/src/ranges.c b/frida_mode/src/ranges.c index 05e18156..5e78fa60 100644 --- a/frida_mode/src/ranges.c +++ b/frida_mode/src/ranges.c @@ -19,9 +19,11 @@ typedef struct { gboolean ranges_debug_maps = FALSE; gboolean ranges_inst_libs = FALSE; +gboolean ranges_inst_jit = FALSE; static GArray *module_ranges = NULL; static GArray *libs_ranges = NULL; +static GArray *jit_ranges = NULL; static GArray *include_ranges = NULL; static GArray *exclude_ranges = NULL; static GArray *ranges = NULL; @@ -174,19 +176,27 @@ static gboolean print_ranges_callback(const GumRangeDetails *details, gpointer user_data) { UNUSED_PARAMETER(user_data); + if (details->file == NULL) { - OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER "X", + OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER + "X %c%c%c", details->range->base_address, - details->range->base_address + details->range->size); + details->range->base_address + details->range->size, + details->protection & GUM_PAGE_READ ? 'R' : '-', + details->protection & GUM_PAGE_WRITE ? 'W' : '-', + details->protection & GUM_PAGE_EXECUTE ? 'X' : '-'); } else { OKF("MAP - 0x%016" G_GINT64_MODIFIER "x - 0x%016" G_GINT64_MODIFIER - "X %s(0x%016" G_GINT64_MODIFIER "x)", + "X %c%c%c %s(0x%016" G_GINT64_MODIFIER "x)", details->range->base_address, details->range->base_address + details->range->size, - details->file->path, details->file->offset); + details->protection & GUM_PAGE_READ ? 'R' : '-', + details->protection & GUM_PAGE_WRITE ? 'W' : '-', + details->protection & GUM_PAGE_EXECUTE ? 'X' : '-', details->file->path, + details->file->offset); } @@ -331,6 +341,39 @@ static GArray *collect_libs_ranges(void) { } +static gboolean collect_jit_ranges_callback(const GumRangeDetails *details, + gpointer user_data) { + + GArray *ranges = (GArray *)user_data; + + /* If the executable code isn't backed by a file, it's probably JIT */ + if (details->file == NULL) { + + GumMemoryRange range = *details->range; + g_array_append_val(ranges, range); + + } + + return TRUE; + +} + +static GArray *collect_jit_ranges(void) { + + GArray *result; + result = g_array_new(false, false, sizeof(GumMemoryRange)); + if (!ranges_inst_jit) { + + gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, collect_jit_ranges_callback, + result); + + } + + print_ranges("JIT", result); + return result; + +} + static gboolean intersect_range(GumMemoryRange *rr, GumMemoryRange *ra, GumMemoryRange *rb) { @@ -510,6 +553,7 @@ void ranges_config(void) { if (getenv("AFL_FRIDA_DEBUG_MAPS") != NULL) { ranges_debug_maps = TRUE; } if (getenv("AFL_INST_LIBS") != NULL) { ranges_inst_libs = TRUE; } + if (getenv("AFL_FRIDA_INST_JIT") != NULL) { ranges_inst_jit = TRUE; } if (ranges_debug_maps) { @@ -530,7 +574,9 @@ void ranges_init(void) { GArray * step2; GArray * step3; GArray * step4; + GArray * step5; + OKF("Ranges - Instrument jit [%c]", ranges_inst_jit ? 'X' : ' '); OKF("Ranges - Instrument libraries [%c]", ranges_inst_libs ? 'X' : ' '); print_ranges("AFL_FRIDA_INST_RANGES", include_ranges); @@ -538,6 +584,7 @@ void ranges_init(void) { module_ranges = collect_module_ranges(); libs_ranges = collect_libs_ranges(); + jit_ranges = collect_jit_ranges(); /* If include ranges is empty, then assume everything is included */ if (include_ranges->len == 0) { @@ -560,17 +607,20 @@ void ranges_init(void) { step3 = subtract_ranges(step2, exclude_ranges); print_ranges("step3", step3); - /* - * After step3, we have the total ranges to be instrumented, we now subtract - * that from the original ranges of the modules to configure stalker. - */ - - step4 = subtract_ranges(module_ranges, step3); + step4 = subtract_ranges(step3, jit_ranges); print_ranges("step4", step4); - ranges = merge_ranges(step4); + /* + * After step4, we have the total ranges to be instrumented, we now subtract + * that from the original ranges of the modules to configure stalker. + */ + step5 = subtract_ranges(module_ranges, step4); + print_ranges("step5", step5); + + ranges = merge_ranges(step5); print_ranges("final", ranges); + g_array_free(step5, TRUE); g_array_free(step4, TRUE); g_array_free(step3, TRUE); g_array_free(step2, TRUE); diff --git a/frida_mode/ts/lib/afl.ts b/frida_mode/ts/lib/afl.ts index 93368dac..67e21beb 100644 --- a/frida_mode/ts/lib/afl.ts +++ b/frida_mode/ts/lib/afl.ts @@ -119,6 +119,13 @@ class Afl { Afl.jsApiSetInstrumentTrace(); } + /** + * See `AFL_FRIDA_INST_JIT`. + */ + public static setInstrumentJit(): void { + Afl.jsApiSetInstrumentJit(); + } + /** * See `AFL_INST_LIBS`. */ @@ -273,6 +280,11 @@ class Afl { "void", ["pointer"]); + private static readonly jsApiSetInstrumentJit = Afl.jsApiGetFunction( + "js_api_set_instrument_jit", + "void", + []); + private static readonly jsApiSetInstrumentLibraries = Afl.jsApiGetFunction( "js_api_set_instrument_libraries", "void", diff --git a/include/envs.h b/include/envs.h index f89e8e62..4bab54ce 100644 --- a/include/envs.h +++ b/include/envs.h @@ -56,6 +56,7 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_DEBUG_MAPS", "AFL_FRIDA_EXCLUDE_RANGES", "AFL_FRIDA_INST_DEBUG_FILE", + "AFL_FRIDA_INST_JIT", "AFL_FRIDA_INST_NO_OPTIMIZE", "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", From 2a433f90c456b19cf9aa39384540f618c6eeb1a8 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 6 Jul 2021 08:09:43 +0100 Subject: [PATCH 392/441] Improved OSX support (#1005) Co-authored-by: Your Name --- frida_mode/Scripting.md | 13 +++++++ frida_mode/src/js/js_api.c | 24 +++++++++++++ frida_mode/test/deferred/GNUmakefile | 14 +++++--- frida_mode/test/deferred/testinstr.c | 1 - frida_mode/test/entry_point/GNUmakefile | 14 +++++--- frida_mode/test/jpeg/GNUmakefile | 12 ++++--- frida_mode/test/jpeg/get_symbol_addr.py | 36 ------------------- frida_mode/test/js/GNUmakefile | 6 ++++ frida_mode/test/js/entry.js | 3 +- frida_mode/test/libpcap/GNUmakefile | 12 ++++--- frida_mode/test/libpcap/get_symbol_addr.py | 36 ------------------- frida_mode/test/persistent_ret/GNUmakefile | 25 +++++++++---- .../test/persistent_ret/get_symbol_addr.py | 36 ------------------- frida_mode/test/png/GNUmakefile | 2 +- frida_mode/test/png/persistent/GNUmakefile | 10 +++--- .../test/png/persistent/get_symbol_addr.py | 36 ------------------- .../test/png/persistent/hook/GNUmakefile | 17 ++++++--- frida_mode/test/proj4/GNUmakefile | 10 +++--- frida_mode/test/proj4/get_symbol_addr.py | 36 ------------------- frida_mode/test/re2/GNUmakefile | 10 +++--- frida_mode/test/re2/get_symbol_addr.py | 36 ------------------- frida_mode/test/unstable/GNUmakefile | 10 +++--- frida_mode/test/unstable/get_symbol_addr.py | 36 ------------------- frida_mode/util/get_symbol_addr.sh | 32 +++++++++++++++++ 24 files changed, 165 insertions(+), 302 deletions(-) delete mode 100755 frida_mode/test/jpeg/get_symbol_addr.py delete mode 100755 frida_mode/test/libpcap/get_symbol_addr.py delete mode 100755 frida_mode/test/persistent_ret/get_symbol_addr.py delete mode 100755 frida_mode/test/png/persistent/get_symbol_addr.py delete mode 100755 frida_mode/test/proj4/get_symbol_addr.py delete mode 100755 frida_mode/test/re2/get_symbol_addr.py delete mode 100755 frida_mode/test/unstable/get_symbol_addr.py create mode 100755 frida_mode/util/get_symbol_addr.sh diff --git a/frida_mode/Scripting.md b/frida_mode/Scripting.md index 4c6fe6b2..5467db99 100644 --- a/frida_mode/Scripting.md +++ b/frida_mode/Scripting.md @@ -605,6 +605,19 @@ difficult to diagnose. The code above only prints the instructions when running in the parent process (the one provided by `Process.id` when the JS script is executed). +# OSX +Note that the JavaScript debug symbol api for OSX makes use of the +`CoreSymbolication` APIs and as such the `CoreFoundation` module must be loaded +into the target to make use of it. This can be done by setting: + +``` +AFL_PRELOAD=/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation +``` + +It should be noted that `CoreSymbolication` API may take a while to initialize +and build its caches. For this reason, it may be nescessary to also increase the +value of the `-t` flag passed to `afl-fuzz`. + # API ```js class Afl { diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index 36471387..fd8128c5 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -24,6 +24,12 @@ __attribute__((visibility("default"))) void js_api_error(char *msg) { __attribute__((visibility("default"))) void js_api_set_entrypoint( void *address) { + if (address == NULL) { + + js_api_error("js_api_set_entrypoint called with NULL"); + + } + entry_point = GPOINTER_TO_SIZE(address); } @@ -31,6 +37,12 @@ __attribute__((visibility("default"))) void js_api_set_entrypoint( __attribute__((visibility("default"))) void js_api_set_persistent_address( void *address) { + if (address == NULL) { + + js_api_error("js_api_set_persistent_address called with NULL"); + + } + persistent_start = GPOINTER_TO_SIZE(address); } @@ -38,6 +50,12 @@ __attribute__((visibility("default"))) void js_api_set_persistent_address( __attribute__((visibility("default"))) void js_api_set_persistent_return( void *address) { + if (address == NULL) { + + js_api_error("js_api_set_persistent_return called with NULL"); + + } + persistent_ret = GPOINTER_TO_SIZE(address); } @@ -156,6 +174,12 @@ __attribute__((visibility("default"))) void js_api_set_stats_transitions() { __attribute__((visibility("default"))) void js_api_set_persistent_hook( void *address) { + if (address == NULL) { + + js_api_error("js_api_set_persistent_hook called with NULL"); + + } + persistent_hook = address; } diff --git a/frida_mode/test/deferred/GNUmakefile b/frida_mode/test/deferred/GNUmakefile index ae580e3f..f7520051 100644 --- a/frida_mode/test/deferred/GNUmakefile +++ b/frida_mode/test/deferred/GNUmakefile @@ -10,7 +10,7 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh ifndef ARCH @@ -24,17 +24,21 @@ ifeq "$(ARCH)" "i686" endif endif +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-Wl,-no_pie +endif + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" - AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) run 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) run 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) run 0x56555000) endif .PHONY: all clean frida @@ -55,7 +59,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) $(TEST_BIN_LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/deferred/testinstr.c b/frida_mode/test/deferred/testinstr.c index 8b3688d7..c7a05ac5 100644 --- a/frida_mode/test/deferred/testinstr.c +++ b/frida_mode/test/deferred/testinstr.c @@ -51,7 +51,6 @@ int run(char *file) { fd = open(file, O_RDONLY); if (fd < 0) { - perror("open"); break; diff --git a/frida_mode/test/entry_point/GNUmakefile b/frida_mode/test/entry_point/GNUmakefile index c99bcecb..5453c1ad 100644 --- a/frida_mode/test/entry_point/GNUmakefile +++ b/frida_mode/test/entry_point/GNUmakefile @@ -10,7 +10,7 @@ TESTINSTSRC:=$(PWD)testinstr.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out -GET_SYMBOL_ADDR:=$(ROOT)frida_mode/test/png/persistent/get_symbol_addr.py +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh ifndef ARCH @@ -24,17 +24,21 @@ ifeq "$(ARCH)" "i686" endif endif +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-Wl,-no_pie +endif + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" - AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000aaaaaaaaa000) + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) run 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x0000555555554000) + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) run 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) -f $(TESTINSTBIN) -s run -b 0x56555000) + AFL_ENTRYPOINT=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) run 0x56555000) endif .PHONY: all clean qemu frida @@ -55,7 +59,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) $(TEST_BIN_LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile index e3a8f321..68469782 100644 --- a/frida_mode/test/jpeg/GNUmakefile +++ b/frida_mode/test/jpeg/GNUmakefile @@ -26,7 +26,7 @@ LDFLAGS += -lpthread TEST_BIN:=$(BUILD_DIR)test ifeq "$(shell uname)" "Darwin" -TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup -Wl,-no_pie endif TEST_DATA_DIR:=$(BUILD_DIR)in/ @@ -46,16 +46,18 @@ ifeq "$(ARCH)" "i686" endif endif +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x56555000) endif .PHONY: all clean frida hook @@ -77,7 +79,7 @@ $(HARNESS_FILE): | $(HARNESS_BUILD_DIR) wget -O $@ $(HARNESS_URL) $(HARNESS_OBJ): $(HARNESS_FILE) - $(CC) $(CXXFLAGS) $(LDFLAGS) -o $@ -c $< + $(CC) $(CXXFLAGS) $(LDFLAGS) $(TEST_BIN_LDFLAGS) -o $@ -c $< ######### JPEGTEST ######## diff --git a/frida_mode/test/jpeg/get_symbol_addr.py b/frida_mode/test/jpeg/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/jpeg/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/test/js/GNUmakefile b/frida_mode/test/js/GNUmakefile index af40c1c4..766862a5 100644 --- a/frida_mode/test/js/GNUmakefile +++ b/frida_mode/test/js/GNUmakefile @@ -13,6 +13,10 @@ TESTINSTSRC2:=$(PWD)test2.c QEMU_OUT:=$(BUILD_DIR)qemu-out FRIDA_OUT:=$(BUILD_DIR)frida-out +ifeq "$(shell uname)" "Darwin" +AFL_PRELOAD=/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation +endif + .PHONY: all 32 clean qemu frida all: $(TESTINSTBIN) $(TESTINSTBIN2) @@ -40,12 +44,14 @@ clean: rm -rf $(BUILD_DIR) frida_js_entry: $(TESTINSTBIN) $(TEST_DATA_FILE) + AFL_PRELOAD=$(AFL_PRELOAD) \ AFL_FRIDA_JS_SCRIPT=entry.js \ $(ROOT)afl-fuzz \ -D \ -O \ -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ + -t 10000+ \ -- \ $(TESTINSTBIN) @@ diff --git a/frida_mode/test/js/entry.js b/frida_mode/test/js/entry.js index f10ef2d1..0b233ddb 100644 --- a/frida_mode/test/js/entry.js +++ b/frida_mode/test/js/entry.js @@ -9,8 +9,9 @@ new ModuleMap().values().forEach(m => { Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); }); +Afl.print('Searching...\n'); const entry_point = DebugSymbol.fromName('run'); -Afl.print(`entry_point: ${entry_point.address}`); +Afl.print(`entry_point: ${entry_point}`); Afl.setEntryPoint(entry_point.address); diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile index 8a10be07..4d0bc4f1 100644 --- a/frida_mode/test/libpcap/GNUmakefile +++ b/frida_mode/test/libpcap/GNUmakefile @@ -34,7 +34,7 @@ LDFLAGS += -lpthread TEST_BIN:=$(BUILD_DIR)test ifeq "$(shell uname)" "Darwin" -TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup -Wl,-no_pie endif AFLPP_DRIVER_DUMMY_INPUT:=$(TCPDUMP_TESTS_DIR)in @@ -54,18 +54,20 @@ ifeq "$(ARCH)" "i686" endif endif -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x4000000000) ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x56555000) endif .PHONY: all clean qemu frida hook diff --git a/frida_mode/test/libpcap/get_symbol_addr.py b/frida_mode/test/libpcap/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/libpcap/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/test/persistent_ret/GNUmakefile b/frida_mode/test/persistent_ret/GNUmakefile index f11269e3..adcacf5a 100644 --- a/frida_mode/test/persistent_ret/GNUmakefile +++ b/frida_mode/test/persistent_ret/GNUmakefile @@ -22,20 +22,30 @@ ifeq "$(ARCH)" "i686" endif endif +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +ifeq "$(shell uname)" "Darwin" +TEST_BIN_LDFLAGS:=-Wl,-no_pie +endif + ARCH=$(shell uname -m) ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x0000aaaaaaaaa000) - AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) main 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) slow 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x0000555555554000) - AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) main 0x0000555555554000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) slow 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s main -b 0x56555000) - AFL_FRIDA_PERSISTENT_RET=$(shell $(PWD)get_symbol_addr.py -f $(TESTINSTBIN) -s slow -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) main 0x56555000) + AFL_FRIDA_PERSISTENT_RET=$(shell $(GET_SYMBOL_ADDR) $(TESTINSTBIN) slow 0x56555000) +endif + +ifeq "$(shell uname)" "Darwin" +AFL_PRELOAD=/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation endif .PHONY: all 32 clean qemu frida @@ -56,7 +66,7 @@ $(TESTINSTR_DATA_FILE): | $(TESTINSTR_DATA_DIR) echo -n "000" > $@ $(TESTINSTBIN): $(TESTINSTSRC) | $(BUILD_DIR) - $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< + $(CC) $(CFLAGS) $(LDFLAGS) $(TEST_BIN_LDFLAGS) -o $@ $< clean: rm -rf $(BUILD_DIR) @@ -83,6 +93,7 @@ frida_ret: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) $(TESTINSTBIN) @@ frida_js: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + AFL_PRELOAD=$(AFL_PRELOAD) \ AFL_FRIDA_JS_SCRIPT=test.js \ $(ROOT)afl-fuzz \ -D \ diff --git a/frida_mode/test/persistent_ret/get_symbol_addr.py b/frida_mode/test/persistent_ret/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/persistent_ret/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index e05bade2..fdb2c318 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -22,7 +22,7 @@ PNGTEST_URL:="https://raw.githubusercontent.com/google/fuzzbench/master/benchmar TEST_BIN:=$(BUILD_DIR)test ifeq "$(shell uname)" "Darwin" -TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup -Wl,-no_pie endif TEST_DATA_DIR:=$(LIBPNG_DIR)contrib/pngsuite/ diff --git a/frida_mode/test/png/persistent/GNUmakefile b/frida_mode/test/png/persistent/GNUmakefile index 5af64822..c1ad86e5 100644 --- a/frida_mode/test/png/persistent/GNUmakefile +++ b/frida_mode/test/png/persistent/GNUmakefile @@ -21,18 +21,20 @@ ifeq "$(ARCH)" "i686" endif endif -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x4000000000) +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) main 0x4000000000) ifeq "$(ARCH)" "arm64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) main 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) main 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s main -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) main 0x56555000) endif .PHONY: all 32 clean qemu qemu_entry frida frida_entry diff --git a/frida_mode/test/png/persistent/get_symbol_addr.py b/frida_mode/test/png/persistent/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/png/persistent/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index 0ff9fe86..8a1a9a60 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -31,18 +31,24 @@ ifeq "$(ARCH)" "i686" endif endif -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x4000000000) ifeq "$(ARCH)" "arm64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)../get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x56555000) +endif + +ifeq "$(shell uname)" "Darwin" +AFL_PRELOAD=/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation endif .PHONY: all 32 clean format qemu qemu_entry frida frida_entry debug @@ -121,6 +127,7 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_PRELOAD=$(AFL_PRELOAD) \ AFL_FRIDA_JS_SCRIPT=load.js \ $(ROOT)afl-fuzz \ -D \ @@ -128,10 +135,12 @@ frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DI -O \ -i $(TEST_DATA_DIR) \ -o $(FRIDA_OUT) \ + -t 10000+ \ -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_PRELOAD=$(AFL_PRELOAD) \ AFL_FRIDA_JS_SCRIPT=cmodule.js \ $(ROOT)afl-fuzz \ -D \ diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile index e324a5d0..6ce03fd3 100644 --- a/frida_mode/test/proj4/GNUmakefile +++ b/frida_mode/test/proj4/GNUmakefile @@ -26,7 +26,7 @@ LDFLAGS += -lpthread TEST_BIN:=$(BUILD_DIR)test ifeq "$(shell uname)" "Darwin" -TEST_BIN_LDFLAGS:=-undefined dynamic_lookup +TEST_BIN_LDFLAGS:=-undefined dynamic_lookup -Wl,-no_pie endif TEST_DATA_DIR:=$(BUILD_DIR)in/ @@ -46,16 +46,18 @@ ifeq "$(ARCH)" "i686" endif endif +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x56555000) endif .PHONY: all clean frida hook diff --git a/frida_mode/test/proj4/get_symbol_addr.py b/frida_mode/test/proj4/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/proj4/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile index e1c5347d..ab986190 100644 --- a/frida_mode/test/re2/GNUmakefile +++ b/frida_mode/test/re2/GNUmakefile @@ -46,18 +46,20 @@ ifeq "$(ARCH)" "i686" endif endif -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x4000000000) +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x4000000000) ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(TEST_BIN) -s LLVMFuzzerTestOneInput -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x56555000) endif .PHONY: all clean qemu frida hook diff --git a/frida_mode/test/re2/get_symbol_addr.py b/frida_mode/test/re2/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/re2/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/test/unstable/GNUmakefile b/frida_mode/test/unstable/GNUmakefile index fed417a3..938d7c17 100644 --- a/frida_mode/test/unstable/GNUmakefile +++ b/frida_mode/test/unstable/GNUmakefile @@ -22,18 +22,20 @@ ifeq "$(ARCH)" "i686" endif endif -AFL_QEMU_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x4000000000) +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(UNSTABLE_BIN) run_test 0x4000000000) ifeq "$(ARCH)" "aarch64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x0000aaaaaaaaa000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(UNSTABLE_BIN) run_test 0x0000aaaaaaaaa000) endif ifeq "$(ARCH)" "x86_64" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x0000555555554000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(UNSTABLE_BIN) run_test 0x0000555555554000) endif ifeq "$(ARCH)" "x86" - AFL_FRIDA_PERSISTENT_ADDR=$(shell $(PWD)get_symbol_addr.py -f $(UNSTABLE_BIN) -s run_test -b 0x56555000) + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(UNSTABLE_BIN) run_test 0x56555000) endif .PHONY: all 32 clean qemu frida diff --git a/frida_mode/test/unstable/get_symbol_addr.py b/frida_mode/test/unstable/get_symbol_addr.py deleted file mode 100755 index 1c46e010..00000000 --- a/frida_mode/test/unstable/get_symbol_addr.py +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/python3 -import argparse -from elftools.elf.elffile import ELFFile - -def process_file(file, symbol, base): - with open(file, 'rb') as f: - elf = ELFFile(f) - symtab = elf.get_section_by_name('.symtab') - mains = symtab.get_symbol_by_name(symbol) - if len(mains) != 1: - print ("Failed to find main") - return 1 - - main_addr = mains[0]['st_value'] - main = base + main_addr - print ("0x%016x" % main) - return 0 - -def hex_value(x): - return int(x, 16) - -def main(): - parser = argparse.ArgumentParser(description='Process some integers.') - parser.add_argument('-f', '--file', dest='file', type=str, - help='elf file name', required=True) - parser.add_argument('-s', '--symbol', dest='symbol', type=str, - help='symbol name', required=True) - parser.add_argument('-b', '--base', dest='base', type=hex_value, - help='elf base address', required=True) - - args = parser.parse_args() - return process_file (args.file, args.symbol, args.base) - -if __name__ == "__main__": - ret = main() - exit(ret) diff --git a/frida_mode/util/get_symbol_addr.sh b/frida_mode/util/get_symbol_addr.sh new file mode 100755 index 00000000..7f9b7d22 --- /dev/null +++ b/frida_mode/util/get_symbol_addr.sh @@ -0,0 +1,32 @@ +#!/bin/bash +# Copyright 2020 Google LLC +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# set -x +target="$1" +symbol="$2" +base="$3" + +test -z "$target" -o -z "$symbol" -o '!' -e "$target" && exit 0 + +test $(uname -s) = "Darwin" && symbol=_"$symbol" + +file "$target" | grep -q executable && { + nm "$target" | grep -i "T $symbol" | awk '{print"0x"$1}' + exit 0 +} + +hex_base=$(echo "$3" | awk '{sub("^0x","");print $0}') +nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F | \ + xargs echo "ibase=16;obase=10;$hex_base + " | bc | tr A-F a-f | awk '{print "0x"$0}' +exit 0 From 4a02118fdae1ed0bd2cb74a775e7bc0d82d91a81 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 6 Jul 2021 18:30:50 +0100 Subject: [PATCH 393/441] Deferred exclusion support (#1008) * Deferred exclusion support * Changes to support different hook libraries for QEMU and FRIDA * Changes to collect more stats Co-authored-by: Your Name --- frida_mode/GNUmakefile | 25 ++++++++++++------- frida_mode/include/entry.h | 3 ++- frida_mode/include/persistent.h | 3 +++ frida_mode/include/stalker.h | 1 + frida_mode/src/entry.c | 15 ++++++++++- frida_mode/src/instrument/instrument.c | 8 +++++- frida_mode/src/persistent/persistent.c | 20 +++++++++++++++ frida_mode/src/persistent/persistent_arm32.c | 4 +-- frida_mode/src/persistent/persistent_arm64.c | 4 +-- frida_mode/src/persistent/persistent_x64.c | 4 +-- frida_mode/src/persistent/persistent_x86.c | 4 +-- frida_mode/src/stalker.c | 8 +++++- frida_mode/src/stats/stats_x64.c | 18 +++++++++++++ frida_mode/test/jpeg/GNUmakefile | 6 ++--- frida_mode/test/libpcap/GNUmakefile | 11 ++++---- frida_mode/test/png/GNUmakefile | 6 +++++ frida_mode/test/png/Makefile | 3 +++ .../test/png/persistent/hook/GNUmakefile | 25 ++++++++++--------- frida_mode/test/png/persistent/hook/load.js | 2 +- frida_mode/test/proj4/GNUmakefile | 6 ++--- frida_mode/test/re2/GNUmakefile | 11 ++++---- frida_mode/test/testinstr/GNUmakefile | 7 ++++++ 22 files changed, 144 insertions(+), 50 deletions(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 6c17f369..4d8f8507 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -98,9 +98,12 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -HOOK_DIR:=$(PWD)hook/ -AFLPP_DRIVER_HOOK_SRC=$(HOOK_DIR)hook.c -AFLPP_DRIVER_HOOK_OBJ=$(BUILD_DIR)hook.so +FRIDA_HOOK_DIR:=$(PWD)hook/ +AFLPP_FRIDA_DRIVER_HOOK_SRC=$(FRIDA_HOOK_DIR)hook.c +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(BUILD_DIR)frida_hook.so + +QEMU_HOOK_DIR:=$(ROOT)utils/aflpp_driver/ +AFLPP_QEMU_DRIVER_HOOK_OBJ:=$(BUILD_DIR)qemu_hook.so BIN2C:=$(BUILD_DIR)bin2c BIN2C_SRC:=$(PWD)util/bin2c.c @@ -109,7 +112,7 @@ BIN2C_SRC:=$(PWD)util/bin2c.c ############################## ALL ############################################# -all: $(FRIDA_TRACE) $(AFLPP_DRIVER_HOOK_OBJ) +all: $(FRIDA_TRACE) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) 32: CFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all @@ -150,10 +153,10 @@ $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) wget -O $@ $(GUM_DEVKIT_URL) endif -$(GUM_DEVIT_LIBRARY): | $(GUM_DEVKIT_TARBALL) +$(GUM_DEVIT_LIBRARY): $(GUM_DEVKIT_TARBALL) tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) -$(GUM_DEVIT_HEADER): | $(GUM_DEVKIT_TARBALL) +$(GUM_DEVIT_HEADER): $(GUM_DEVKIT_TARBALL) tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) ############################## AFL ############################################# @@ -214,10 +217,14 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL ############################# HOOK ############################################# -$(AFLPP_DRIVER_HOOK_OBJ): $(AFLPP_DRIVER_HOOK_SRC) | $(BUILD_DIR) +$(AFLPP_FRIDA_DRIVER_HOOK_OBJ): $(AFLPP_FRIDA_DRIVER_HOOK_SRC) | $(BUILD_DIR) $(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@ -hook: $(AFLPP_DRIVER_HOOK_OBJ) +$(AFLPP_QEMU_DRIVER_HOOK_OBJ): | $(QEMU_HOOK_DIR) + make -C $(QEMU_HOOK_DIR) aflpp_qemu_driver_hook.so + cp $(QEMU_HOOK_DIR)aflpp_qemu_driver_hook.so $@ + +hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) ############################# CLEAN ############################################ clean: @@ -225,7 +232,7 @@ clean: ############################# FORMAT ########################################### format: - cd $(ROOT) && echo $(SOURCES) $(AFLPP_DRIVER_HOOK_SRC) $(BIN2C_SRC) | xargs -L1 ./.custom-format.py -i + cd $(ROOT) && echo $(SOURCES) $(AFLPP_FRIDA_DRIVER_HOOK_SRC) $(BIN2C_SRC) | xargs -L1 ./.custom-format.py -i cd $(ROOT) && echo $(INCLUDES) | xargs -L1 ./.custom-format.py -i ############################# RUN ############################################# diff --git a/frida_mode/include/entry.h b/frida_mode/include/entry.h index 801c2bbe..cbc5c8c7 100644 --- a/frida_mode/include/entry.h +++ b/frida_mode/include/entry.h @@ -3,7 +3,8 @@ #include "frida-gumjs.h" -extern guint64 entry_point; +extern guint64 entry_point; +extern gboolean entry_reached; void entry_config(void); diff --git a/frida_mode/include/persistent.h b/frida_mode/include/persistent.h index 8f00196c..c79f0143 100644 --- a/frida_mode/include/persistent.h +++ b/frida_mode/include/persistent.h @@ -30,7 +30,10 @@ void persistent_init(void); gboolean persistent_is_supported(void); void persistent_prologue(GumStalkerOutput *output); +void persistent_prologue_arch(GumStalkerOutput *output); + void persistent_epilogue(GumStalkerOutput *output); +void persistent_epilogue_arch(GumStalkerOutput *output); #endif diff --git a/frida_mode/include/stalker.h b/frida_mode/include/stalker.h index 2136fe52..b5e05d5a 100644 --- a/frida_mode/include/stalker.h +++ b/frida_mode/include/stalker.h @@ -7,6 +7,7 @@ void stalker_config(void); void stalker_init(void); GumStalker *stalker_get(void); void stalker_start(void); +void stalker_trust(void); #endif diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index e95b923b..1d3b3e43 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -4,12 +4,15 @@ #include "entry.h" #include "instrument.h" +#include "persistent.h" +#include "ranges.h" #include "stalker.h" #include "util.h" extern void __afl_manual_init(); -guint64 entry_point = 0; +guint64 entry_point = 0; +gboolean entry_reached = FALSE; static void entry_launch(void) { @@ -50,6 +53,16 @@ static void entry_callout(GumCpuContext *cpu_context, gpointer user_data) { void entry_prologue(GumStalkerIterator *iterator, GumStalkerOutput *output) { UNUSED_PARAMETER(output); + OKF("AFL_ENTRYPOINT reached"); + + if (persistent_start == 0) { + + entry_reached = TRUE; + ranges_exclude(); + stalker_trust(); + + } + gum_stalker_iterator_put_callout(iterator, entry_callout, NULL, NULL); } diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index c646843c..2d857716 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -149,7 +149,13 @@ static void instrument_basic_block(GumStalkerIterator *iterator, if (unlikely(begin)) { - prefetch_write(GSIZE_TO_POINTER(instr->address)); + instrument_debug_start(instr->address, output); + + if (likely(entry_reached)) { + + prefetch_write(GSIZE_TO_POINTER(instr->address)); + + } if (likely(!excluded)) { diff --git a/frida_mode/src/persistent/persistent.c b/frida_mode/src/persistent/persistent.c index bcc59ea7..639a694e 100644 --- a/frida_mode/src/persistent/persistent.c +++ b/frida_mode/src/persistent/persistent.c @@ -5,7 +5,10 @@ #include "config.h" #include "debug.h" +#include "entry.h" #include "persistent.h" +#include "ranges.h" +#include "stalker.h" #include "util.h" int __afl_sharedmem_fuzzing = 0; @@ -83,3 +86,20 @@ void persistent_init(void) { } +void persistent_prologue(GumStalkerOutput *output) { + + OKF("AFL_FRIDA_PERSISTENT_ADDR reached"); + entry_reached = TRUE; + ranges_exclude(); + stalker_trust(); + persistent_prologue_arch(output); + +} + +void persistent_epilogue(GumStalkerOutput *output) { + + OKF("AFL_FRIDA_PERSISTENT_RET reached"); + persistent_epilogue_arch(output); + +} + diff --git a/frida_mode/src/persistent/persistent_arm32.c b/frida_mode/src/persistent/persistent_arm32.c index f12f1af8..769f1505 100644 --- a/frida_mode/src/persistent/persistent_arm32.c +++ b/frida_mode/src/persistent/persistent_arm32.c @@ -61,14 +61,14 @@ gboolean persistent_is_supported(void) { } -void persistent_prologue(GumStalkerOutput *output) { +void persistent_prologue_arch(GumStalkerOutput *output) { UNUSED_PARAMETER(output); FATAL("Persistent mode not supported on this architecture"); } -void persistent_epilogue(GumStalkerOutput *output) { +void persistent_epilogue_arch(GumStalkerOutput *output) { UNUSED_PARAMETER(output); FATAL("Persistent mode not supported on this architecture"); diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 003f058a..4ab7b283 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -299,7 +299,7 @@ static void instrument_persitent_save_lr(GumArm64Writer *cw) { } -void persistent_prologue(GumStalkerOutput *output) { +void persistent_prologue_arch(GumStalkerOutput *output) { /* * SAVE REGS @@ -366,7 +366,7 @@ void persistent_prologue(GumStalkerOutput *output) { } -void persistent_epilogue(GumStalkerOutput *output) { +void persistent_epilogue_arch(GumStalkerOutput *output) { GumArm64Writer *cw = output->writer.arm64; diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index b2186db1..ce3017e4 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -244,7 +244,7 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) { } -void persistent_prologue(GumStalkerOutput *output) { +void persistent_prologue_arch(GumStalkerOutput *output) { /* * SAVE REGS @@ -313,7 +313,7 @@ void persistent_prologue(GumStalkerOutput *output) { } -void persistent_epilogue(GumStalkerOutput *output) { +void persistent_epilogue_arch(GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index f50bccb0..cc1f1a4f 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -184,7 +184,7 @@ static void instrument_persitent_save_ret(GumX86Writer *cw) { } -void persistent_prologue(GumStalkerOutput *output) { +void persistent_prologue_arch(GumStalkerOutput *output) { /* * SAVE REGS @@ -251,7 +251,7 @@ void persistent_prologue(GumStalkerOutput *output) { } -void persistent_epilogue(GumStalkerOutput *output) { +void persistent_epilogue_arch(GumStalkerOutput *output) { GumX86Writer *cw = output->writer.x86; diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 98483cde..5df0386f 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -38,7 +38,7 @@ void stalker_init(void) { stalker = gum_stalker_new(); if (stalker == NULL) { FATAL("Failed to initialize stalker"); } - gum_stalker_set_trust_threshold(stalker, 0); + gum_stalker_set_trust_threshold(stalker, -1); /* *NEVER* stalk the stalker, only bad things will ever come of this! */ gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, stalker_exclude_self, NULL); @@ -59,3 +59,9 @@ void stalker_start(void) { } +void stalker_trust(void) { + + gum_stalker_set_trust_threshold(stalker, 0); + +} + diff --git a/frida_mode/src/stats/stats_x64.c b/frida_mode/src/stats/stats_x64.c index 7c3a90d7..11464a2a 100644 --- a/frida_mode/src/stats/stats_x64.c +++ b/frida_mode/src/stats/stats_x64.c @@ -31,6 +31,9 @@ typedef struct { guint64 num_rip_relative; + guint64 num_rip_relative_type[X86_INS_ENDING]; + char name_rip_relative_type[X86_INS_ENDING][CS_MNEMONIC_SIZE]; + } stats_data_arch_t; gboolean stats_is_supported_arch(void) { @@ -136,6 +139,18 @@ void stats_write_arch(void) { stats_data_arch->num_rip_relative, (stats_data_arch->num_rip_relative * 100 / num_instructions)); + for (size_t i = 0; i < X86_INS_ENDING; i++) { + + if (stats_data_arch->num_rip_relative_type[i] != 0) { + + stats_print(" %10d %s\n", + stats_data_arch->num_rip_relative_type[i], + stats_data_arch->name_rip_relative_type[i]); + + } + + } + stats_print("\n"); stats_print("\n"); @@ -256,6 +271,9 @@ static void stats_collect_rip_relative_arch(const cs_insn *instr) { if (rm != 5) { return; } stats_data_arch->num_rip_relative++; + stats_data_arch->num_rip_relative_type[instr->id]++; + memcpy(stats_data_arch->name_rip_relative_type[instr->id], instr->mnemonic, + CS_MNEMONIC_SIZE); } diff --git a/frida_mode/test/jpeg/GNUmakefile b/frida_mode/test/jpeg/GNUmakefile index 68469782..1c124743 100644 --- a/frida_mode/test/jpeg/GNUmakefile +++ b/frida_mode/test/jpeg/GNUmakefile @@ -2,7 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so LIBJPEG_BUILD_DIR:=$(BUILD_DIR)libjpeg/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -132,7 +132,7 @@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR) clean: rm -rf $(BUILD_DIR) -frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) +frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) AFL_DEBUG_CHILD=1 \ AFL_DISABLE_TRIM=1 \ AFL_FRIDA_PERSISTENT_CNT=1000000 \ @@ -144,7 +144,7 @@ frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) AFL_SKIP_CPUFREQ=1 \ AFL_SKIP_CRASHES=1 \ AFL_TESTCACHE_SIZE=2 \ - AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ diff --git a/frida_mode/test/libpcap/GNUmakefile b/frida_mode/test/libpcap/GNUmakefile index 4d0bc4f1..f1ad06e4 100644 --- a/frida_mode/test/libpcap/GNUmakefile +++ b/frida_mode/test/libpcap/GNUmakefile @@ -2,7 +2,8 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so +AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so LIBPCAP_BUILD_DIR:=$(BUILD_DIR)libpcap/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -148,8 +149,8 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TCPDUMP_TESTS_DIR) clean: rm -rf $(BUILD_DIR) -qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) - AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +qemu: $(TEST_BIN) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \ AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_GPR=1 \ @@ -162,8 +163,8 @@ qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDU -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) - AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(TCPDUMP_TESTS_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ diff --git a/frida_mode/test/png/GNUmakefile b/frida_mode/test/png/GNUmakefile index fdb2c318..a1a7f1a5 100644 --- a/frida_mode/test/png/GNUmakefile +++ b/frida_mode/test/png/GNUmakefile @@ -112,3 +112,9 @@ frida: $(TEST_BIN) -o $(FRIDA_OUT) \ -- \ $(TEST_BIN) @@ + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TEST_BIN) $(TEST_DATA_DIR)basn0g01.png diff --git a/frida_mode/test/png/Makefile b/frida_mode/test/png/Makefile index 4bef1ccb..f843af19 100644 --- a/frida_mode/test/png/Makefile +++ b/frida_mode/test/png/Makefile @@ -14,3 +14,6 @@ qemu: frida: @gmake frida + +debug: + @gmake debug diff --git a/frida_mode/test/png/persistent/hook/GNUmakefile b/frida_mode/test/png/persistent/hook/GNUmakefile index 8a1a9a60..ddf63a96 100644 --- a/frida_mode/test/png/persistent/hook/GNUmakefile +++ b/frida_mode/test/png/persistent/hook/GNUmakefile @@ -2,7 +2,8 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so +AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so CFLAGS+=-O3 \ -funroll-loops \ @@ -73,8 +74,8 @@ $(TEST_DATA_DIR): | $(BUILD_DIR) $(AFLPP_DRIVER_DUMMY_INPUT): | $(BUILD_DIR) truncate -s 1M $@ -qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) - AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \ AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_GPR=1 \ $(ROOT)/afl-fuzz \ @@ -86,8 +87,8 @@ qemu: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) - AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \ AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_GPR=1 \ @@ -100,8 +101,8 @@ qemu_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) - AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ -D \ @@ -113,8 +114,8 @@ frida: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) - AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ @@ -126,7 +127,7 @@ frida_entry: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) +frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR) AFL_PRELOAD=$(AFL_PRELOAD) \ AFL_FRIDA_JS_SCRIPT=load.js \ $(ROOT)afl-fuzz \ @@ -139,7 +140,7 @@ frida_js_load: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DI -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_DRIVER_HOOK_OBJ) | $(BUILD_DIR) +frida_js_cmodule: $(AFLPP_DRIVER_DUMMY_INPUT) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) | $(BUILD_DIR) AFL_PRELOAD=$(AFL_PRELOAD) \ AFL_FRIDA_JS_SCRIPT=cmodule.js \ $(ROOT)afl-fuzz \ @@ -155,7 +156,7 @@ debug: $(AFLPP_DRIVER_DUMMY_INPUT) echo $(AFL_FRIDA_PERSISTENT_ADDR) gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ - --ex 'set environment AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ)' \ + --ex 'set environment AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ)' \ --ex 'set environment AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR)' \ --ex 'set disassembly-flavor intel' \ --args $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) diff --git a/frida_mode/test/png/persistent/hook/load.js b/frida_mode/test/png/persistent/hook/load.js index ce4374ae..ea4d28c3 100644 --- a/frida_mode/test/png/persistent/hook/load.js +++ b/frida_mode/test/png/persistent/hook/load.js @@ -19,7 +19,7 @@ Afl.setPersistentAddress(persistent_addr); const path = Afl.module.path; const dir = path.substring(0, path.lastIndexOf("/")); -const mod = Module.load(`${dir}/frida_mode/build/hook.so`); +const mod = Module.load(`${dir}/frida_mode/build/frida_hook.so`); const hook = mod.getExportByName('afl_persistent_hook'); Afl.setPersistentHook(hook); diff --git a/frida_mode/test/proj4/GNUmakefile b/frida_mode/test/proj4/GNUmakefile index 6ce03fd3..8555ebad 100644 --- a/frida_mode/test/proj4/GNUmakefile +++ b/frida_mode/test/proj4/GNUmakefile @@ -2,7 +2,7 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so LIBPROJ4_BUILD_DIR:=$(BUILD_DIR)libproj4/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -132,7 +132,7 @@ $(TEST_DATA_FILE): | $(TEST_DATA_DIR) clean: rm -rf $(BUILD_DIR) -frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) +frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) AFL_DEBUG_CHILD=1 \ AFL_DISABLE_TRIM=1 \ AFL_FRIDA_PERSISTENT_CNT=1000000 \ @@ -144,7 +144,7 @@ frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(TEST_DATA_FILE) AFL_SKIP_CPUFREQ=1 \ AFL_SKIP_CRASHES=1 \ AFL_TESTCACHE_SIZE=2 \ - AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ diff --git a/frida_mode/test/re2/GNUmakefile b/frida_mode/test/re2/GNUmakefile index ab986190..ce95df3b 100644 --- a/frida_mode/test/re2/GNUmakefile +++ b/frida_mode/test/re2/GNUmakefile @@ -2,7 +2,8 @@ PWD:=$(shell pwd)/ ROOT:=$(shell realpath $(PWD)../../..)/ BUILD_DIR:=$(PWD)build/ -AFLPP_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/hook.so +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so +AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so LIBRE2_BUILD_DIR:=$(BUILD_DIR)libre2/ HARNESS_BUILD_DIR:=$(BUILD_DIR)harness/ @@ -130,8 +131,8 @@ $(AFLPP_DRIVER_DUMMY_INPUT): | $(TEST_DATA_DIR) clean: rm -rf $(BUILD_DIR) -qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) - AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +qemu: $(TEST_BIN) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \ AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ AFL_QEMU_PERSISTENT_GPR=1 \ @@ -144,8 +145,8 @@ qemu: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) -- \ $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) -frida: $(TEST_BIN) $(AFLPP_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) - AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_DRIVER_HOOK_OBJ) \ +frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ $(ROOT)afl-fuzz \ diff --git a/frida_mode/test/testinstr/GNUmakefile b/frida_mode/test/testinstr/GNUmakefile index a35073ab..3701ddc8 100644 --- a/frida_mode/test/testinstr/GNUmakefile +++ b/frida_mode/test/testinstr/GNUmakefile @@ -52,6 +52,13 @@ frida: $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) -- \ $(TESTINSTBIN) @@ +debug: + echo $(AFL_FRIDA_PERSISTENT_ADDR) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TESTINSTR_DATA_FILE) + debug: gdb \ --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ From 0662c5580bd46ff37f8f76413ea114712c372d16 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Tue, 6 Jul 2021 19:38:20 +0200 Subject: [PATCH 394/441] hook update --- frida_mode/hook/hook.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/frida_mode/hook/hook.c b/frida_mode/hook/hook.c index 97f28db7..b51231cc 100644 --- a/frida_mode/hook/hook.c +++ b/frida_mode/hook/hook.c @@ -1,3 +1,12 @@ +/* + * + * Modify this file to set the right registers with the fuzz input and length. + * It is a good idea to check input_buf_len to be not larger than the + * destination buffer! + * + */ + + #include #include @@ -8,6 +17,8 @@ __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! + memcpy((void *)regs->rdi, input_buf, input_buf_len); regs->rsi = input_buf_len; @@ -18,6 +29,8 @@ __attribute__((visibility("default"))) void afl_persistent_hook( __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! + void **esp = (void **)regs->esp; void * arg1 = esp[0]; void **arg2 = &esp[1]; @@ -31,6 +44,8 @@ __attribute__((visibility("default"))) void afl_persistent_hook( __attribute__((visibility("default"))) void afl_persistent_hook( GumCpuContext *regs, uint8_t *input_buf, uint32_t input_buf_len) { + // do a length check matching the target! + memcpy((void *)regs->x[0], input_buf, input_buf_len); regs->x[1] = input_buf_len; From 43db577dbbdf6973c274f6cffcd27435262df751 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 6 Jul 2021 18:51:52 +0100 Subject: [PATCH 395/441] Changes to make JS run in foreground thread (#1009) Co-authored-by: Your Name --- frida_mode/src/js/js.c | 56 +++++++++++++++++++++++++--------- frida_mode/test/js/GNUmakefile | 14 ++++++++- frida_mode/test/js/entry.js | 15 ++++++--- 3 files changed, 65 insertions(+), 20 deletions(-) diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index ed378d2c..cf98ff3e 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -9,12 +9,15 @@ static char * js_script = NULL; gboolean js_done = FALSE; js_api_stalker_callback_t js_user_callback = NULL; -static gchar * filename = "afl.js"; -static gchar * contents; -static GumScriptBackend *backend; -static GCancellable * cancellable = NULL; -static GError * error = NULL; -static GumScript * script; +static gchar * filename = "afl.js"; +static gchar * contents; +static GumScriptBackend * backend; +static GCancellable * cancellable = NULL; +static GError * error = NULL; +static GumScript * script; +static GumScriptScheduler *scheduler; +static GMainContext * context; +static GMainLoop * main_loop; static void js_msg(GumScript *script, const gchar *message, GBytes *data, gpointer user_data) { @@ -80,18 +83,44 @@ static void js_print_script(gchar *source) { } -void js_start(void) { +static void create_cb(GObject *source_object, GAsyncResult *result, + gpointer user_data) { - GMainContext *context; + UNUSED_PARAMETER(source_object); + UNUSED_PARAMETER(user_data); + script = gum_script_backend_create_finish(backend, result, &error); + +} + +static void load_cb(GObject *source_object, GAsyncResult *result, + gpointer user_data) { + + UNUSED_PARAMETER(source_object); + UNUSED_PARAMETER(user_data); + gum_script_load_finish(script, result); + +} + +void js_start(void) { gchar *source = js_get_script(); if (source == NULL) { return; } js_print_script(source); + scheduler = gum_script_backend_get_scheduler(); + gum_script_scheduler_disable_background_thread(scheduler); + backend = gum_script_backend_obtain_qjs(); - script = gum_script_backend_create_sync(backend, "example", source, - cancellable, &error); + context = gum_script_scheduler_get_js_context(scheduler); + main_loop = g_main_loop_new(context, true); + g_main_context_push_thread_default(context); + + gum_script_backend_create(backend, "example", source, cancellable, create_cb, + &error); + + while (g_main_context_pending(context)) + g_main_context_iteration(context, FALSE); if (error != NULL) { @@ -100,14 +129,13 @@ void js_start(void) { } - gum_script_set_message_handler(script, js_msg, NULL, NULL); + gum_script_load(script, cancellable, load_cb, NULL); - gum_script_load_sync(script, cancellable); - - context = g_main_context_get_thread_default(); while (g_main_context_pending(context)) g_main_context_iteration(context, FALSE); + gum_script_set_message_handler(script, js_msg, NULL, NULL); + if (!js_done) { FATAL("Script didn't call Afl.done()"); } } diff --git a/frida_mode/test/js/GNUmakefile b/frida_mode/test/js/GNUmakefile index 766862a5..ee8d4ebc 100644 --- a/frida_mode/test/js/GNUmakefile +++ b/frida_mode/test/js/GNUmakefile @@ -17,7 +17,7 @@ ifeq "$(shell uname)" "Darwin" AFL_PRELOAD=/System/Library/Frameworks/CoreFoundation.framework/CoreFoundation endif -.PHONY: all 32 clean qemu frida +.PHONY: all 32 clean qemu frida debug all: $(TESTINSTBIN) $(TESTINSTBIN2) make -C $(ROOT)frida_mode/ @@ -84,3 +84,15 @@ frida_js_stalker: $(TESTINSTBIN2) $(TEST_DATA_FILE) -o $(FRIDA_OUT) \ -- \ $(TESTINSTBIN2) @@ + +debug: $(TEST_DATA_FILE) + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_FRIDA_JS_SCRIPT=entry.js' \ + --ex 'set disassembly-flavor intel' \ + --args $(TESTINSTBIN) $(TEST_DATA_FILE) + +strace: $(TEST_DATA_FILE) + LD_PRELOAD=$(ROOT)afl-frida-trace.so \ + AFL_FRIDA_JS_SCRIPT=entry.js \ + strace $(TESTINSTBIN) $(TEST_DATA_FILE) diff --git a/frida_mode/test/js/entry.js b/frida_mode/test/js/entry.js index 0b233ddb..2bdd7d13 100644 --- a/frida_mode/test/js/entry.js +++ b/frida_mode/test/js/entry.js @@ -9,13 +9,18 @@ new ModuleMap().values().forEach(m => { Afl.print(`${m.base}-${m.base.add(m.size)} ${m.name}`); }); -Afl.print('Searching...\n'); -const entry_point = DebugSymbol.fromName('run'); -Afl.print(`entry_point: ${entry_point}`); +const name = Process.enumerateModules()[0].name; +Afl.print(`Name: ${name}`); -Afl.setEntryPoint(entry_point.address); +if (name === 'test') { -// Afl.error('HARD NOPE'); + Afl.print('Searching...\n'); + const entry_point = DebugSymbol.fromName('run'); + Afl.print(`entry_point: ${entry_point}`); + + Afl.setEntryPoint(entry_point.address); + +} Afl.done(); Afl.print("done"); From 405382cbddea8b99543c3fddcaa5738b1ed3ade3 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Tue, 6 Jul 2021 20:15:30 +0100 Subject: [PATCH 396/441] Frida build fixes (#1010) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 17 +- frida_mode/hook/{hook.c => frida_hook.c} | 4 +- frida_mode/hook/qemu_hook.c | 192 +++++++++++++++++++++++ 3 files changed, 202 insertions(+), 11 deletions(-) rename frida_mode/hook/{hook.c => frida_hook.c} (99%) create mode 100644 frida_mode/hook/qemu_hook.c diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 4d8f8507..b11ba310 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -98,11 +98,11 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o -FRIDA_HOOK_DIR:=$(PWD)hook/ -AFLPP_FRIDA_DRIVER_HOOK_SRC=$(FRIDA_HOOK_DIR)hook.c +HOOK_DIR:=$(PWD)hook/ +AFLPP_FRIDA_DRIVER_HOOK_SRC=$(HOOK_DIR)frida_hook.c AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(BUILD_DIR)frida_hook.so -QEMU_HOOK_DIR:=$(ROOT)utils/aflpp_driver/ +AFLPP_QEMU_DRIVER_HOOK_SRC:=$(HOOK_DIR)qemu_hook.c AFLPP_QEMU_DRIVER_HOOK_OBJ:=$(BUILD_DIR)qemu_hook.so BIN2C:=$(BUILD_DIR)bin2c @@ -154,10 +154,10 @@ $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) endif $(GUM_DEVIT_LIBRARY): $(GUM_DEVKIT_TARBALL) - tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + tar Jxvfm $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) $(GUM_DEVIT_HEADER): $(GUM_DEVKIT_TARBALL) - tar Jxvf $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) + tar Jxvfm $(GUM_DEVKIT_TARBALL) -C $(FRIDA_BUILD_DIR) ############################## AFL ############################################# $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) @@ -217,12 +217,11 @@ $(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL ############################# HOOK ############################################# -$(AFLPP_FRIDA_DRIVER_HOOK_OBJ): $(AFLPP_FRIDA_DRIVER_HOOK_SRC) | $(BUILD_DIR) +$(AFLPP_FRIDA_DRIVER_HOOK_OBJ): $(AFLPP_FRIDA_DRIVER_HOOK_SRC) $(GUM_DEVIT_HEADER) | $(BUILD_DIR) $(CC) $(CFLAGS) $(LDFLAGS) -I $(FRIDA_BUILD_DIR) $< -o $@ -$(AFLPP_QEMU_DRIVER_HOOK_OBJ): | $(QEMU_HOOK_DIR) - make -C $(QEMU_HOOK_DIR) aflpp_qemu_driver_hook.so - cp $(QEMU_HOOK_DIR)aflpp_qemu_driver_hook.so $@ +$(AFLPP_QEMU_DRIVER_HOOK_OBJ): $(AFLPP_QEMU_DRIVER_HOOK_SRC) | $(BUILD_DIR) + $(CC) $(CFLAGS) $(LDFLAGS) $< -o $@ hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) diff --git a/frida_mode/hook/hook.c b/frida_mode/hook/frida_hook.c similarity index 99% rename from frida_mode/hook/hook.c rename to frida_mode/hook/frida_hook.c index b51231cc..96446d6f 100644 --- a/frida_mode/hook/hook.c +++ b/frida_mode/hook/frida_hook.c @@ -1,10 +1,10 @@ /* * * Modify this file to set the right registers with the fuzz input and length. - * It is a good idea to check input_buf_len to be not larger than the + * It is a good idea to check input_buf_len to be not larger than the * destination buffer! * - */ + */ #include diff --git a/frida_mode/hook/qemu_hook.c b/frida_mode/hook/qemu_hook.c new file mode 100644 index 00000000..5b4f65b1 --- /dev/null +++ b/frida_mode/hook/qemu_hook.c @@ -0,0 +1,192 @@ +#include +#include + +#if defined(__x86_64__) + +struct x86_64_regs { + + uint64_t rax, rbx, rcx, rdx, rdi, rsi, rbp, r8, r9, r10, r11, r12, r13, r14, + r15; + + union { + + uint64_t rip; + uint64_t pc; + + }; + + union { + + uint64_t rsp; + uint64_t sp; + + }; + + union { + + uint64_t rflags; + uint64_t flags; + + }; + + uint8_t zmm_regs[32][64]; + +}; + +void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->rdi, input_buf, input_buf_len); + regs->rsi = input_buf_len; + +} + +#elif defined(__i386__) + +struct x86_regs { + + uint32_t eax, ebx, ecx, edx, edi, esi, ebp; + + union { + + uint32_t eip; + uint32_t pc; + + }; + + union { + + uint32_t esp; + uint32_t sp; + + }; + + union { + + uint32_t eflags; + uint32_t flags; + + }; + + uint8_t xmm_regs[8][16]; + +}; + +void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + void **esp = (void **)regs->esp; + void * arg1 = esp[1]; + void **arg2 = &esp[2]; + memcpy(arg1, input_buf, input_buf_len); + *arg2 = (void *)input_buf_len; + +} +#elif defined(__aarch64__) + +struct arm64_regs { + + uint64_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10; + + union { + + uint64_t x11; + uint32_t fp_32; + + }; + + union { + + uint64_t x12; + uint32_t ip_32; + + }; + + union { + + uint64_t x13; + uint32_t sp_32; + + }; + + union { + + uint64_t x14; + uint32_t lr_32; + + }; + + union { + + uint64_t x15; + uint32_t pc_32; + + }; + + union { + + uint64_t x16; + uint64_t ip0; + + }; + + union { + + uint64_t x17; + uint64_t ip1; + + }; + + uint64_t x18, x19, x20, x21, x22, x23, x24, x25, x26, x27, x28; + + union { + + uint64_t x29; + uint64_t fp; + + }; + + union { + + uint64_t x30; + uint64_t lr; + + }; + + union { + + uint64_t x31; + uint64_t sp; + + }; + + // the zero register is not saved here ofc + + uint64_t pc; + + uint32_t cpsr; + + uint8_t vfp_zregs[32][16 * 16]; + uint8_t vfp_pregs[17][32]; + uint32_t vfp_xregs[16]; + +}; + +void afl_persistent_hook(struct arm64_regs *regs, uint64_t guest_base, + uint8_t *input_buf, uint32_t input_buf_len) { + + memcpy((void *)regs->x0, input_buf, input_buf_len); + regs->x1 = input_buf_len; +} + +#else + #pragma error "Unsupported architecture" +#endif + +int afl_persistent_hook_init(void) { + + // 1 for shared memory input (faster), 0 for normal input (you have to use + // read(), input_buf will be NULL) + return 1; + +} From f1bcd378a2e55ee1559dde0d46e2bc32882c5b39 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 7 Jul 2021 12:19:05 +0200 Subject: [PATCH 397/441] fix failures for some sized string instrumentations --- docs/Changelog.md | 1 + instrumentation/SanitizerCoverageLTO.so.cc | 12 ++++++++++++ instrumentation/afl-llvm-dict2file.so.cc | 13 ++++++++++++- .../afl-llvm-lto-instrumentation.so.cc | 7 +++++++ instrumentation/compare-transform-pass.so.cc | 19 +++++-------------- 5 files changed, 37 insertions(+), 15 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 461acb2c..c3e4b34e 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -20,6 +20,7 @@ sending a mail to . - afl-cc: - Update to COMPCOV/laf-intel that speeds up the instrumentation process a lot - thanks to Michael Rodler/f0rki for the PR! + - Fix for failures for some sized string instrumentations - Fix to instrument global namespace functions in c++ - Fix for llvm 13 - support partial linking diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 372af003..28eb0b9f 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -759,6 +759,12 @@ bool ModuleSanitizerCoverage::instrumentModule( uint64_t literalLength = Str2.size(); uint64_t optLength = ilen->getZExtValue(); + if (optLength > literalLength + 1) { + + optLength = Str2.length() + 1; + + } + if (literalLength + 1 == optLength) { Str2.append("\0", 1); // add null byte @@ -862,6 +868,12 @@ bool ModuleSanitizerCoverage::instrumentModule( uint64_t literalLength = optLen; optLen = ilen->getZExtValue(); + if (optLen > thestring.length() + 1) { + + optLen = thestring.length() + 1; + + } + if (optLen < 2) { continue; } if (literalLength + 1 == optLen) { // add null byte thestring.append("\0", 1); diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index e2b44b21..5350f62b 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -428,6 +428,12 @@ bool AFLdict2filePass::runOnModule(Module &M) { uint64_t literalLength = Str2.length(); uint64_t optLength = ilen->getZExtValue(); + if (optLength > literalLength + 1) { + + optLength = Str2.length() + 1; + + } + if (literalLength + 1 == optLength) { Str2.append("\0", 1); // add null byte @@ -534,7 +540,12 @@ bool AFLdict2filePass::runOnModule(Module &M) { uint64_t literalLength = optLen; optLen = ilen->getZExtValue(); - if (optLen > thestring.length()) { optLen = thestring.length(); } + if (optLen > thestring.length() + 1) { + + optLen = thestring.length() + 1; + + } + if (optLen < 2) { continue; } if (literalLength + 1 == optLen) { // add null byte thestring.append("\0", 1); diff --git a/instrumentation/afl-llvm-lto-instrumentation.so.cc b/instrumentation/afl-llvm-lto-instrumentation.so.cc index bb9b9279..263d947d 100644 --- a/instrumentation/afl-llvm-lto-instrumentation.so.cc +++ b/instrumentation/afl-llvm-lto-instrumentation.so.cc @@ -546,6 +546,12 @@ bool AFLLTOPass::runOnModule(Module &M) { uint64_t literalLength = Str2.size(); uint64_t optLength = ilen->getZExtValue(); + if (optLength > literalLength + 1) { + + optLength = Str2.length() + 1; + + } + if (literalLength + 1 == optLength) { Str2.append("\0", 1); // add null byte @@ -649,6 +655,7 @@ bool AFLLTOPass::runOnModule(Module &M) { uint64_t literalLength = optLen; optLen = ilen->getZExtValue(); + if (optLen > literalLength + 1) { optLen = literalLength + 1; } if (optLen < 2) { continue; } if (literalLength + 1 == optLen) { // add null byte thestring.append("\0", 1); diff --git a/instrumentation/compare-transform-pass.so.cc b/instrumentation/compare-transform-pass.so.cc index 3ecba4e6..f5dd4a53 100644 --- a/instrumentation/compare-transform-pass.so.cc +++ b/instrumentation/compare-transform-pass.so.cc @@ -313,27 +313,18 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, ConstantInt *ilen = dyn_cast(op2); if (ilen) { - uint64_t len = ilen->getZExtValue(); // if len is zero this is a pointless call but allow real // implementation to worry about that - if (len < 2) continue; + if (ilen->getZExtValue() < 2) { continue; } - if (isMemcmp) { - - // if size of compare is larger than constant string this is - // likely a bug but allow real implementation to worry about - // that - uint64_t literalLength = HasStr1 ? Str1.size() : Str2.size(); - if (literalLength + 1 < ilen->getZExtValue()) continue; - - } - - } else if (isMemcmp) + } else if (isMemcmp) { // this *may* supply a len greater than the constant string at // runtime so similarly we don't want to have to handle that continue; + } + } calls.push_back(callInst); @@ -421,7 +412,7 @@ bool CompareTransform::transformCmps(Module &M, const bool processStrcmp, } if (TmpConstStr.length() < 2 || - (TmpConstStr.length() == 2 && !TmpConstStr[1])) { + (TmpConstStr.length() == 2 && TmpConstStr[1] == 0)) { continue; From 458eb0813a6f7d63eed97f18696bca8274533123 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 7 Jul 2021 13:20:52 +0200 Subject: [PATCH 398/441] enable github sponsor --- .github/FUNDING.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 102722a4..97e23585 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,6 +1,7 @@ # These are supported funding model platforms -github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +# Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +github: AFLplusplus patreon: # Replace with a single Patreon username open_collective: AFLplusplusEU ko_fi: # Replace with a single Ko-fi username From 8dbe87bdf6c848088cd51923e445b92b9f839956 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 7 Jul 2021 16:22:57 +0200 Subject: [PATCH 399/441] print warning for libfuzzer qemu driver --- utils/aflpp_driver/aflpp_qemu_driver.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/utils/aflpp_driver/aflpp_qemu_driver.c b/utils/aflpp_driver/aflpp_qemu_driver.c index 79de5af6..efa80bca 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver.c +++ b/utils/aflpp_driver/aflpp_qemu_driver.c @@ -27,6 +27,9 @@ int main(int argc, char **argv) { } else { + fprintf(stderr + "Using shared-memory testcases. To read via stdin, set " + "AFL_QEMU_DRIVER_NO_HOOK=1.\n"); uint8_t dummy_input[1024000] = {0}; LLVMFuzzerTestOneInput(dummy_input, 1); From 70312789fddef0e72433489de01fb42c2a9a8419 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 7 Jul 2021 18:23:35 +0100 Subject: [PATCH 400/441] Updated the version of FRIDA to 15.0.0 (#1013) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index b11ba310..582cf8d6 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -79,7 +79,7 @@ ifndef OS $(error "Operating system unsupported") endif -GUM_DEVKIT_VERSION=14.2.18 +GUM_DEVKIT_VERSION=15.0.0 GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" From 49df0af628c556a1d462644a04a2df560c9aab82 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 7 Jul 2021 18:23:45 +0100 Subject: [PATCH 401/441] Changes to align the constants used by the coverage function assembly code (#1012) Co-authored-by: Your Name --- frida_mode/src/instrument/instrument_x64.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index a38b5b14..a2b54369 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -10,18 +10,16 @@ static GumAddress current_log_impl = GUM_ADDRESS(0); static const guint8 afl_log_code[] = { - // 0xcc, - 0x9c, /* pushfq */ 0x51, /* push rcx */ 0x52, /* push rdx */ - 0x48, 0x8b, 0x0d, 0x28, + 0x48, 0x8b, 0x0d, 0x26, 0x00, 0x00, 0x00, /* mov rcx, sym.&previous_pc */ 0x48, 0x8b, 0x11, /* mov rdx, qword [rcx] */ 0x48, 0x31, 0xfa, /* xor rdx, rdi */ - 0x48, 0x03, 0x15, 0x13, + 0x48, 0x03, 0x15, 0x11, 0x00, 0x00, 0x00, /* add rdx, sym._afl_area_ptr_ptr */ 0x80, 0x02, 0x01, /* add byte ptr [rdx], 1 */ @@ -34,7 +32,8 @@ static const guint8 afl_log_code[] = { 0x9d, /* popfq */ 0xc3, /* ret */ - 0x90, 0x90, 0x90 /* nop pad */ + + 0x90 /* Read-only data goes here: */ /* uint8_t* __afl_area_ptr */ @@ -48,11 +47,14 @@ gboolean instrument_is_coverage_optimize_supported(void) { } +static guint8 align_pad[] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90}; + void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { guint64 current_pc = instr->address; guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); + guint64 misalign = 0; area_offset &= MAP_SIZE - 1; GumX86Writer *cw = output->writer.x86; @@ -65,6 +67,13 @@ void instrument_coverage_optimize(const cs_insn * instr, gum_x86_writer_put_jmp_near_label(cw, after_log_impl); + misalign = (cw->pc & 0x7); + if (misalign != 0) { + + gum_x86_writer_put_bytes(cw, align_pad, 8 - misalign); + + } + current_log_impl = cw->pc; gum_x86_writer_put_bytes(cw, afl_log_code, sizeof(afl_log_code)); From 161d763334a27c6b031d8c5b9a7b49280cb05796 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 7 Jul 2021 21:11:03 +0100 Subject: [PATCH 402/441] Changes to print stats more periodically rather than relying on a new block being instrumented (#1011) Co-authored-by: Your Name --- frida_mode/hook/frida_hook.c | 1 - frida_mode/include/stats.h | 1 + frida_mode/src/entry.c | 2 ++ frida_mode/src/stats/stats.c | 6 +++--- 4 files changed, 6 insertions(+), 4 deletions(-) diff --git a/frida_mode/hook/frida_hook.c b/frida_mode/hook/frida_hook.c index 96446d6f..3bfdb207 100644 --- a/frida_mode/hook/frida_hook.c +++ b/frida_mode/hook/frida_hook.c @@ -6,7 +6,6 @@ * */ - #include #include diff --git a/frida_mode/include/stats.h b/frida_mode/include/stats.h index 1cfd6b8f..cd2350ea 100644 --- a/frida_mode/include/stats.h +++ b/frida_mode/include/stats.h @@ -28,6 +28,7 @@ gboolean stats_is_supported_arch(void); size_t stats_data_size_arch(void); void stats_collect_arch(const cs_insn *instr); void stats_write_arch(void); +void stats_on_fork(void); #endif diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index 1d3b3e43..f70e21fc 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -7,6 +7,7 @@ #include "persistent.h" #include "ranges.h" #include "stalker.h" +#include "stats.h" #include "util.h" extern void __afl_manual_init(); @@ -21,6 +22,7 @@ static void entry_launch(void) { /* Child here */ instrument_previous_pc = 0; + stats_on_fork(); } diff --git a/frida_mode/src/stats/stats.c b/frida_mode/src/stats/stats.c index 0dd8be70..91a58741 100644 --- a/frida_mode/src/stats/stats.c +++ b/frida_mode/src/stats/stats.c @@ -178,10 +178,12 @@ void stats_write(void) { } -static void stats_maybe_write(void) { +void stats_on_fork(void) { guint64 current_time; + if (stats_filename == NULL) { return; } + if (stats_interval == 0) { return; } current_time = g_get_monotonic_time(); @@ -208,7 +210,5 @@ void stats_collect(const cs_insn *instr, gboolean begin) { stats_collect_arch(instr); - stats_maybe_write(); - } From f4b975d6ad6f7e55c5c4e290ab85e18957cad0c3 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 7 Jul 2021 22:22:06 +0200 Subject: [PATCH 403/441] update doc --- utils/aflpp_driver/README.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/utils/aflpp_driver/README.md b/utils/aflpp_driver/README.md index f03c2fe3..4ca59776 100644 --- a/utils/aflpp_driver/README.md +++ b/utils/aflpp_driver/README.md @@ -22,6 +22,8 @@ or `@@` as command line parameters. ## aflpp_qemu_driver +Note that you can use the driver too for frida_mode (`-O`). + aflpp_qemu_driver is used for libfuzzer `LLVMFuzzerTestOneInput()` targets that are to be fuzzed in qemu_mode. So we compile them with clang/clang++, without -fsantize=fuzzer or afl-clang-fast, and link in libAFLQemuDriver.a: @@ -34,3 +36,8 @@ Then just do (where the name of the binary is `fuzz`): AFL_QEMU_PERSISTENT_ADDR=0x$(nm fuzz | grep "T LLVMFuzzerTestOneInput" | awk '{print $1}') AFL_QEMU_PERSISTENT_HOOK=/path/to/aflpp_qemu_driver_hook.so afl-fuzz -Q ... -- ./fuzz` ``` + +if you use afl-cmin or `afl-showmap -C` with the aflpp_qemu_driver you need to +set the set same AFL_QEMU_... (or AFL_FRIDA_...) environment variables. +If you want to use afl-showmap (without -C) or afl-cmin.bash then you may not +set these environment variables and rather set `AFL_QEMU_DRIVER_NO_HOOK=1`. From 6d878a375d91003fb57d7f82a79acfbaa226abb5 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Jul 2021 12:29:05 +0200 Subject: [PATCH 404/441] fix qemu driver --- utils/aflpp_driver/aflpp_qemu_driver.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/utils/aflpp_driver/aflpp_qemu_driver.c b/utils/aflpp_driver/aflpp_qemu_driver.c index efa80bca..99a4c9a8 100644 --- a/utils/aflpp_driver/aflpp_qemu_driver.c +++ b/utils/aflpp_driver/aflpp_qemu_driver.c @@ -1,3 +1,4 @@ +#include #include #include #include @@ -27,7 +28,7 @@ int main(int argc, char **argv) { } else { - fprintf(stderr + fprintf(stderr, "Using shared-memory testcases. To read via stdin, set " "AFL_QEMU_DRIVER_NO_HOOK=1.\n"); uint8_t dummy_input[1024000] = {0}; From ac565bfe51bb16f43680a5fd1b1c29e2d7e13854 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Jul 2021 17:35:05 +0200 Subject: [PATCH 405/441] remove unneeded cmdline option --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index bd9b6691..60595322 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -158,7 +158,7 @@ static void usage(u8 *argv0, int more_help) { " -F path - sync to a foreign fuzzer queue directory (requires " "-M, can\n" " be specified up to %u times)\n" - " -d - skip deterministic fuzzing in -M mode\n" + // " -d - skip deterministic fuzzing in -M mode\n" " -T text - text banner to show on the screen\n" " -I command - execute this command/script when a new crash is " "found\n" From a09ab9953419cc06ae88e100c934198ed6ee1802 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 8 Jul 2021 19:59:44 +0200 Subject: [PATCH 406/441] help output nits --- src/afl-fuzz.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz.c b/src/afl-fuzz.c index 60595322..0c7b6e42 100644 --- a/src/afl-fuzz.c +++ b/src/afl-fuzz.c @@ -143,7 +143,7 @@ static void usage(u8 *argv0, int more_help) { " -x dict_file - fuzzer dictionary (see README.md, specify up to 4 " "times)\n\n" - "Testing settings:\n" + "Test settings:\n" " -s seed - use a fixed seed for the RNG\n" " -V seconds - fuzz for a specified time then terminate\n" " -E execs - fuzz for an approx. no. of total executions then " From 4ef12d7215b980399f81cee9cb9a7873cf1d3d78 Mon Sep 17 00:00:00 2001 From: yuan Date: Sat, 10 Jul 2021 14:57:32 +0800 Subject: [PATCH 407/441] remove redundant check (#1014) --- src/afl-fuzz-queue.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/src/afl-fuzz-queue.c b/src/afl-fuzz-queue.c index d2689c94..b759532c 100644 --- a/src/afl-fuzz-queue.c +++ b/src/afl-fuzz-queue.c @@ -1135,12 +1135,10 @@ inline u8 *queue_testcase_get(afl_state_t *afl, struct queue_entry *q) { do_once = 1; // release unneeded memory - u8 *ptr = ck_realloc( + afl->q_testcase_cache = ck_realloc( afl->q_testcase_cache, (afl->q_testcase_max_cache_entries + 1) * sizeof(size_t)); - if (ptr) { afl->q_testcase_cache = (struct queue_entry **)ptr; } - } /* Cache full. We neet to evict one or more to map one. From 37fff16a36c49f47c1a10fcf7c03aa1361a1ae2b Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Sun, 11 Jul 2021 17:26:31 +0200 Subject: [PATCH 408/441] update custom trim --- docs/custom_mutators.md | 4 +--- src/afl-fuzz-mutators.c | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/docs/custom_mutators.md b/docs/custom_mutators.md index 129d6676..2c0ca3c5 100644 --- a/docs/custom_mutators.md +++ b/docs/custom_mutators.md @@ -204,9 +204,7 @@ trimmed input. Here's a quick API description: arguments because we already have the initial buffer from `init_trim` and we can memorize the current state in the data variables. This can also save reparsing steps for each iteration. It should return the trimmed input - buffer, where the returned data must not exceed the initial input data in - length. Returning anything that is larger than the original data (passed to - `init_trim`) will result in a fatal abort of AFL++. + buffer. - `post_trim` (optional) diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index e27d6fae..6a77dfbc 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -339,7 +339,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, } - while (afl->stage_cur < afl->stage_max) { + while (afl->stage_cur <= afl->stage_max) { u8 *retbuf = NULL; From fc3d7e821c94a87483906c4cf1c84f1eff01e036 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Mon, 12 Jul 2021 11:55:00 +0100 Subject: [PATCH 409/441] Added sqlite test (#1015) Co-authored-by: Your Name --- frida_mode/test/sqlite/GNUmakefile | 166 +++++++++++++++++++++++++++++ frida_mode/test/sqlite/Makefile | 17 +++ 2 files changed, 183 insertions(+) create mode 100644 frida_mode/test/sqlite/GNUmakefile create mode 100644 frida_mode/test/sqlite/Makefile diff --git a/frida_mode/test/sqlite/GNUmakefile b/frida_mode/test/sqlite/GNUmakefile new file mode 100644 index 00000000..80e0a939 --- /dev/null +++ b/frida_mode/test/sqlite/GNUmakefile @@ -0,0 +1,166 @@ +PWD:=$(shell pwd)/ +ROOT:=$(shell realpath $(PWD)../../..)/ +BUILD_DIR:=$(PWD)build/ + +SQLITE_BUILD_DIR:=$(BUILD_DIR)sqlite/ +SQLITE_BUILD_SRC_DIR:=$(SQLITE_BUILD_DIR)src/ + +AFLPP_DRIVER:=$(ROOT)utils/aflpp_driver/libAFLQemuDriver.a + +AFLPP_DRIVER:=$(ROOT)utils/aflpp_driver/libAFLQemuDriver.a +AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/frida_hook.so +AFLPP_QEMU_DRIVER_HOOK_OBJ=$(ROOT)frida_mode/build/qemu_hook.so + + +CFLAGS += -fpermissive + +LDFLAGS += -lpthread + +TEST_BIN:=$(SQLITE_BUILD_DIR)ossfuzz +SQLITE_TEST_DIR:=$(BUILD_DIR)in/ +AFLPP_DRIVER_DUMMY_INPUT:=$(SQLITE_TEST_DIR)in + +SQLITE_CFLAGS:= -DSQLITE_MAX_LENGTH=128000000 \ + -DSQLITE_MAX_SQL_LENGTH=128000000 \ + -DSQLITE_MAX_MEMORY=25000000 \ + -DSQLITE_PRINTF_PRECISION_LIMIT=1048576 \ + -DSQLITE_DEBUG=1 \ + -DSQLITE_MAX_PAGE_COUNT=16384 + +QEMU_OUT:=$(BUILD_DIR)qemu-out +FRIDA_OUT:=$(BUILD_DIR)frida-out + +ifndef ARCH + +ARCH=$(shell uname -m) +ifeq "$(ARCH)" "aarch64" + ARCH:=arm64 +endif + +ifeq "$(ARCH)" "i686" + ARCH:=x86 +endif +endif + +GET_SYMBOL_ADDR:=$(ROOT)frida_mode/util/get_symbol_addr.sh + +AFL_QEMU_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x4000000000) + +ifeq "$(ARCH)" "aarch64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000aaaaaaaaa000) +endif + +ifeq "$(ARCH)" "x86_64" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x0000555555554000) +endif + +ifeq "$(ARCH)" "x86" + AFL_FRIDA_PERSISTENT_ADDR=$(shell $(GET_SYMBOL_ADDR) $(TEST_BIN) LLVMFuzzerTestOneInput 0x56555000) +endif + +.PHONY: all clean qemu frida hook sqlite + +all: $(TEST_BIN) + make -C $(ROOT)frida_mode/ + +32: + CXXFLAGS="-m32" LDFLAGS="-m32" ARCH="x86" make all + +$(BUILD_DIR): + mkdir -p $@ + +########## SQLITE ####### + +$(AFLPP_DRIVER): + make -C $(ROOT) + +$(SQLITE_BUILD_DIR): | $(BUILD_DIR) + mkdir $@ + +$(SQLITE_BUILD_DIR)sqlite3.tar.gz: | $(SQLITE_BUILD_DIR) + curl 'https://sqlite.org/src/tarball/sqlite.tar.gz?r=c78cbf2e86850cc6' -o $@ + +$(SQLITE_BUILD_SRC_DIR): $(SQLITE_BUILD_DIR)sqlite3.tar.gz + mkdir -p $@ + tar xzvf $< --strip-components 1 -C $@ + +$(SQLITE_TEST_DIR): | $(SQLITE_BUILD_SRC_DIR) + mkdir -p $@ + find $(SQLITE_BUILD_SRC_DIR) -name "*.test" | xargs -L1 -I%% cp -v %% $@ + +$(SQLITE_BUILD_SRC_DIR)Makefile: | $(SQLITE_BUILD_SRC_DIR) + cd $(SQLITE_BUILD_SRC_DIR) && \ + CFLAGS="$(SQLITE_CFLAGS)" \ + ASAN_OPTIONS=detect_leaks=0 \ + ./configure + +$(SQLITE_BUILD_SRC_DIR).libs/libsqlite3.so: $(SQLITE_BUILD_SRC_DIR)Makefile + CFLAGS="$(SQLITE_CFLAGS)" \ + ASAN_OPTIONS=detect_leaks=0 \ + make -C $(SQLITE_BUILD_SRC_DIR) -j $(shell nproc) + +$(SQLITE_BUILD_SRC_DIR)sqlite3.o: $(SQLITE_BUILD_SRC_DIR).libs/libsqlite3.so + CFLAGS="$(SQLITE_CFLAGS)" \ + ASAN_OPTIONS=detect_leaks=0 \ + make -C $(SQLITE_BUILD_SRC_DIR) -j $(shell nproc) sqlite3.c + +$(SQLITE_BUILD_DIR)ossfuzz.o: $(SQLITE_BUILD_SRC_DIR)sqlite3.o + $(CC) -I $(SQLITE_BUILD_SRC_DIR) -c $(SQLITE_BUILD_SRC_DIR)test/ossfuzz.c -o $@ + +$(TEST_BIN): $(SQLITE_BUILD_DIR)ossfuzz.o + $(CXX) -o $(TEST_BIN) \ + $(SQLITE_BUILD_DIR)ossfuzz.o \ + $(SQLITE_BUILD_SRC_DIR)sqlite3.o \ + $(AFLPP_DRIVER) \ + -l pthread \ + -l dl + +sqlite: $(SQLITE_TEST_DIR) $(TEST_BIN) + +########## DUMMY ####### + +$(AFLPP_DRIVER_DUMMY_INPUT): | $(SQLITE_TEST_DIR) + truncate -s 1M $@ + +###### TEST DATA ####### + +clean: + rm -rf $(BUILD_DIR) + +qemu: $(TEST_BIN) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(SQLITE_TEST_DIR) + AFL_QEMU_PERSISTENT_CNT=1000000 \ + AFL_QEMU_PERSISTENT_HOOK=$(AFLPP_QEMU_DRIVER_HOOK_OBJ) \ + AFL_ENTRYPOINT=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_ADDR=$(AFL_QEMU_PERSISTENT_ADDR) \ + AFL_QEMU_PERSISTENT_GPR=1 \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -Q \ + -i $(SQLITE_TEST_DIR) \ + -o $(QEMU_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +frida: $(TEST_BIN) $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_DRIVER_DUMMY_INPUT) | $(SQLITE_TEST_DIR) + AFL_FRIDA_PERSISTENT_CNT=1000000 \ + AFL_FRIDA_PERSISTENT_HOOK=$(AFLPP_FRIDA_DRIVER_HOOK_OBJ) \ + AFL_FRIDA_PERSISTENT_ADDR=$(AFL_FRIDA_PERSISTENT_ADDR) \ + AFL_ENTRYPOINT=$(AFL_FRIDA_PERSISTENT_ADDR) \ + $(ROOT)afl-fuzz \ + -D \ + -V 30 \ + -O \ + -i $(SQLITE_TEST_DIR) \ + -o $(FRIDA_OUT) \ + -- \ + $(TEST_BIN) $(AFLPP_DRIVER_DUMMY_INPUT) + +debug: + gdb \ + --ex 'set environment LD_PRELOAD=$(ROOT)afl-frida-trace.so' \ + --ex 'set environment AFL_QEMU_DRIVER_NO_HOOK=1' \ + --ex 'set disassembly-flavor intel' \ + --ex 'b main' \ + --ex 'r < $(SQLITE_TEST_DIR)0034ecacd5427aafc6b97413da2053b36de5059f' \ + $(TEST_BIN) diff --git a/frida_mode/test/sqlite/Makefile b/frida_mode/test/sqlite/Makefile new file mode 100644 index 00000000..f83e2992 --- /dev/null +++ b/frida_mode/test/sqlite/Makefile @@ -0,0 +1,17 @@ +all: + @echo trying to use GNU make... + @gmake all || echo please install GNUmake + +32: + @echo trying to use GNU make... + @gmake 32 || echo please install GNUmake + +clean: + @gmake clean + +frida: + @gmake frida + +debug: + @gmake debug + From d16d8dbb8511ad227fdeb33eb5a10914d9ad7bd9 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 12 Jul 2021 15:56:25 +0200 Subject: [PATCH 410/441] update faq --- docs/FAQ.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docs/FAQ.md b/docs/FAQ.md index ab0abe6c..0f447044 100644 --- a/docs/FAQ.md +++ b/docs/FAQ.md @@ -188,13 +188,7 @@ Four steps are required to do this and it also requires quite some knowledge of coding and/or disassembly and is effectively possible only with afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation. - 1. First step: Identify which edge ID numbers are unstable - - run the target with `export AFL_DEBUG=1` for a few minutes then terminate. - The out/fuzzer_stats file will then show the edge IDs that were identified - as unstable. - - 2. Second step: Find the responsible function(s). + 1. First step: Instrument to be able to find the responsible function(s). a) For LTO instrumented binaries this can be documented during compile time, just set `export AFL_LLVM_DOCUMENT_IDS=/path/to/a/file`. @@ -217,6 +211,14 @@ afl-clang-fast PCGUARD and afl-clang-lto LTO instrumentation. recompile with the two mentioned above. This is just for identifying the functions that have unstable edges. + 2. Second step: Identify which edge ID numbers are unstable + + run the target with `export AFL_DEBUG=1` for a few minutes then terminate. + The out/fuzzer_stats file will then show the edge IDs that were identified + as unstable in the `var_bytes` entry. You can match these numbers + directly to the data you created in the first step. + Now you know which functions are responsible for the instability + 3. Third step: create a text file with the filenames/functions Identify which source code files contain the functions that you need to From ec4ad161fc73a457fed1afb7368482df14cdc9a2 Mon Sep 17 00:00:00 2001 From: jhertz Date: Tue, 13 Jul 2021 04:56:55 -0400 Subject: [PATCH 411/441] Support AFL_NO_FORKSRV env-var in afl-tmin, afl-showmap, and afl-cmin (#1017) * Support AFL_NO_FORKSRV env-var * format * showmap support * showmap support * help messages now show envar support * formatting * formatting Co-authored-by: Jesse Hertz --- src/afl-showmap.c | 8 +++++++- src/afl-tmin.c | 11 +++++++++-- 2 files changed, 16 insertions(+), 3 deletions(-) diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 936d3bc4..480de143 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -853,7 +853,8 @@ static void usage(u8 *argv0) { "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " "printed to stdout\n" - "AFL_QUIET: do not print extra informational output\n", + "AFL_QUIET: do not print extra informational output\n" + "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n", argv0, MEM_LIMIT, doc_path); exit(1); @@ -1097,6 +1098,11 @@ int main(int argc, char **argv_orig, char **envp) { check_environment_vars(envp); + if (getenv("AFL_NO_FORKSRV")) { /* if set, use the fauxserver */ + fsrv->use_fauxsrv = true; + + } + if (getenv("AFL_DEBUG")) { DEBUGF(""); diff --git a/src/afl-tmin.c b/src/afl-tmin.c index 6656712a..2d80abe4 100644 --- a/src/afl-tmin.c +++ b/src/afl-tmin.c @@ -877,12 +877,13 @@ static void usage(u8 *argv0) { " the target was compiled for\n" "AFL_PRELOAD: LD_PRELOAD / DYLD_INSERT_LIBRARIES settings for target\n" "AFL_TMIN_EXACT: require execution paths to match for crashing inputs\n" + "AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" "ASAN_OPTIONS: custom settings for ASAN\n" " (must contain abort_on_error=1 and symbolize=0)\n" "MSAN_OPTIONS: custom settings for MSAN\n" " (must contain exitcode="STRINGIFY(MSAN_ERROR)" and symbolize=0)\n" - "TMPDIR: directory to use for temporary input files\n" - , argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); + "TMPDIR: directory to use for temporary input files\n", + argv0, EXEC_TIMEOUT, MEM_LIMIT, doc_path); exit(1); @@ -1104,6 +1105,12 @@ int main(int argc, char **argv_orig, char **envp) { if (optind == argc || !in_file || !output_file) { usage(argv[0]); } check_environment_vars(envp); + + if (getenv("AFL_NO_FORKSRV")) { /* if set, use the fauxserver */ + fsrv->use_fauxsrv = true; + + } + setenv("AFL_NO_AUTODICT", "1", 1); /* initialize cmplog_mode */ From b6a9e54c60e98e5c27404253295ce06648bcbd18 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Tue, 13 Jul 2021 11:03:30 +0200 Subject: [PATCH 412/441] Added more AFL_NO_FORKSRV docu, changelog --- afl-cmin | 1 + afl-cmin.bash | 1 + docs/Changelog.md | 2 ++ 3 files changed, 4 insertions(+) diff --git a/afl-cmin b/afl-cmin index e71873d3..e6f8c175 100755 --- a/afl-cmin +++ b/afl-cmin @@ -122,6 +122,7 @@ function usage() { "AFL_FORKSRV_INIT_TMOUT: time the fuzzer waits for the forkserver to come up\n" \ "AFL_KEEP_TRACES: leave the temporary /.traces directory\n" \ "AFL_KILL_SIGNAL: Signal delivered to child processes on timeout (default: SIGKILL)\n" \ +"AFL_NO_FORKSRV: run target via execve instead of using the forkserver\n" \ "AFL_PATH: path for the afl-showmap binary if not found anywhere in PATH\n" \ "AFL_PRINT_FILENAMES: If set, the filename currently processed will be " \ "printed to stdout\n" \ diff --git a/afl-cmin.bash b/afl-cmin.bash index f4bd269d..c77dfbc1 100755 --- a/afl-cmin.bash +++ b/afl-cmin.bash @@ -135,6 +135,7 @@ For additional tips, please consult README.md. Environment variables used: AFL_KEEP_TRACES: leave the temporary \.traces directory +AFL_NO_FORKSRV: run target via execve instead of using the forkserver AFL_PATH: last resort location to find the afl-showmap binary AFL_SKIP_BIN_CHECK: skip check for target binary _EOF_ diff --git a/docs/Changelog.md b/docs/Changelog.md index c3e4b34e..aebd3fa9 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -36,6 +36,8 @@ sending a mail to . - fix timeout handling - add forkserver support for better performance - ensure afl-compiler-rt is built for gcc_module + - added `AFL_NO_FORKSRV` env variable support to + afl-cmin, afl-tmin, and afl-showmap, by @jhertz ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 From 7cec158b0eb9b09160e58b289093cf615e2ca429 Mon Sep 17 00:00:00 2001 From: yuan Date: Wed, 14 Jul 2021 13:53:20 +0800 Subject: [PATCH 413/441] fix havoc comments (#1020) --- src/afl-fuzz-one.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index f03249e9..76e64f2a 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2102,7 +2102,7 @@ havoc_stage: case 8 ... 9: { - /* Set word to interesting value, randomly choosing endian. */ + /* Set word to interesting value, little endian. */ if (temp_len < 2) { break; } @@ -2119,7 +2119,7 @@ havoc_stage: case 10 ... 11: { - /* Set word to interesting value, randomly choosing endian. */ + /* Set word to interesting value, big endian. */ if (temp_len < 2) { break; } @@ -2136,7 +2136,7 @@ havoc_stage: case 12 ... 13: { - /* Set dword to interesting value, randomly choosing endian. */ + /* Set dword to interesting value, little endian. */ if (temp_len < 4) { break; } @@ -2153,7 +2153,7 @@ havoc_stage: case 14 ... 15: { - /* Set dword to interesting value, randomly choosing endian. */ + /* Set dword to interesting value, big endian. */ if (temp_len < 4) { break; } From 94999782f1a3742e3e755a66f5d76e84573ae6ef Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Wed, 14 Jul 2021 08:48:37 +0100 Subject: [PATCH 414/441] Improved block and edge numbering to reduce collisions (#1021) Co-authored-by: Your Name --- frida_mode/GNUmakefile | 30 +++- frida_mode/MapDensity.md | 147 +++++++++++++++++++ frida_mode/README.md | 4 + frida_mode/hook/qemu_hook.c | 3 + frida_mode/include/instrument.h | 16 +- frida_mode/many-linux/Dockerfile | 2 +- frida_mode/src/entry.c | 2 +- frida_mode/src/instrument/instrument.c | 62 ++++++-- frida_mode/src/instrument/instrument_arm64.c | 16 +- frida_mode/src/instrument/instrument_x64.c | 19 ++- frida_mode/src/instrument/instrument_x86.c | 22 +-- frida_mode/src/persistent/persistent_arm64.c | 2 +- frida_mode/src/persistent/persistent_x64.c | 2 +- frida_mode/src/persistent/persistent_x86.c | 2 +- frida_mode/util/get_symbol_addr.sh | 2 +- 15 files changed, 277 insertions(+), 54 deletions(-) create mode 100644 frida_mode/MapDensity.md diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 582cf8d6..44dfafe3 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -21,7 +21,7 @@ CFLAGS+=-fPIC \ -funroll-loops \ -ffunction-sections \ -RT_CFLAGS:=-Wno-unused-parameter \ +AFL_CFLAGS:=-Wno-unused-parameter \ -Wno-sign-compare \ -Wno-unused-function \ -Wno-unused-result \ @@ -60,10 +60,10 @@ endif ifeq "$(shell uname)" "Darwin" OS:=macos - RT_CFLAGS:=$(RT_CFLAGS) -Wno-deprecated-declarations + AFL_CFLAGS:=$(AFL_CFLAGS) -Wno-deprecated-declarations else ifdef DEBUG - RT_CFLAGS:=$(RT_CFLAGS) -Wno-prio-ctor-dtor + AFL_CFLAGS:=$(AFL_CFLAGS) -Wno-prio-ctor-dtor endif LDFLAGS+= -z noexecstack \ -Wl,--gc-sections \ @@ -79,7 +79,12 @@ ifndef OS $(error "Operating system unsupported") endif +ifeq "$(ARCH)" "arm64" +# 15.0.0 Not released for aarch64 yet +GUM_DEVKIT_VERSION=14.2.18 +else GUM_DEVKIT_VERSION=15.0.0 +endif GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" @@ -98,6 +103,9 @@ FRIDA_GUM_DEVKIT_COMPRESSED_TARBALL:=$(FRIDA_DIR)build/$(GUM_DEVKIT_FILENAME) AFL_COMPILER_RT_SRC:=$(ROOT)instrumentation/afl-compiler-rt.o.c AFL_COMPILER_RT_OBJ:=$(OBJ_DIR)afl-compiler-rt.o +AFL_PERFORMANCE_SRC:=$(ROOT)src/afl-performance.c +AFL_PERFORMANCE_OBJ:=$(OBJ_DIR)afl-performance.o + HOOK_DIR:=$(PWD)hook/ AFLPP_FRIDA_DRIVER_HOOK_SRC=$(HOOK_DIR)frida_hook.c AFLPP_FRIDA_DRIVER_HOOK_OBJ=$(BUILD_DIR)frida_hook.so @@ -163,7 +171,16 @@ $(GUM_DEVIT_HEADER): $(GUM_DEVKIT_TARBALL) $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) $(CC) \ $(CFLAGS) \ - $(RT_CFLAGS) \ + $(AFL_CFLAGS) \ + -I $(ROOT) \ + -I $(ROOT)include \ + -o $@ \ + -c $< + +$(AFL_PERFORMANCE_OBJ): $(AFL_PERFORMANCE_SRC) + $(CC) \ + $(CFLAGS) \ + $(AFL_CFLAGS) \ -I $(ROOT) \ -I $(ROOT)include \ -o $@ \ @@ -172,7 +189,7 @@ $(AFL_COMPILER_RT_OBJ): $(AFL_COMPILER_RT_SRC) ############################### JS ############################################# $(BIN2C): $(BIN2C_SRC) - $(CC) -o $@ $< + $(CC) -D_GNU_SOURCE -o $@ $< $(JS_SRC): $(JS) $(BIN2C)| $(BUILD_DIR) cd $(JS_DIR) && $(BIN2C) api_js $(JS) $@ @@ -203,12 +220,13 @@ $(foreach src,$(SOURCES),$(eval $(call BUILD_SOURCE,$(src),$(OBJ_DIR)$(notdir $( ######################## AFL-FRIDA-TRACE ####################################### -$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL_COMPILER_RT_OBJ) GNUmakefile | $(BUILD_DIR) +$(FRIDA_TRACE): $(GUM_DEVIT_LIBRARY) $(GUM_DEVIT_HEADER) $(OBJS) $(JS_OBJ) $(AFL_COMPILER_RT_OBJ) $(AFL_PERFORMANCE_OBJ) GNUmakefile | $(BUILD_DIR) $(CXX) \ $(OBJS) \ $(JS_OBJ) \ $(GUM_DEVIT_LIBRARY) \ $(AFL_COMPILER_RT_OBJ) \ + $(AFL_PERFORMANCE_OBJ) \ $(LDFLAGS) \ $(LDSCRIPT) \ -o $@ \ diff --git a/frida_mode/MapDensity.md b/frida_mode/MapDensity.md new file mode 100644 index 00000000..f4ae3ace --- /dev/null +++ b/frida_mode/MapDensity.md @@ -0,0 +1,147 @@ +# Map Density + +# How Coverage Works +The coverage in AFL++ works by assigning each basic block of code a unique ID +and during execution when transitioning between blocks (e.g. by calls or jumps) +assigning each of these edges an ID based upon the source and destination block +ID. + +For each individual execution of the target, a single dimensional byte array +indexed by the edge ID is used to count how many times each edge is traversed. + +A single dimensional cumulative byte array is also constructed where each byte +again represents an individual edge ID, but this time, the value of the byte +represents a range of how many times that edge has been traversed. + +```1, 2, 3, 4-7, 8-15, 16-31, 32-127, 128+``` + +The theory is that a new path isn't particularly interesting if an edge has been +traversed `23` instead of `24` times for example, but is interesting if an edge +has been traversed for the very first time, or the number of times fits within a different bucket. + +After each run, the count of times each edge is hit is compared to the values in +the cumulative map and if it is different, then the input is kept as a new seed +and the cumulative map is updated. + +This mechanism is described in greater detail in the seminal +[paper](https://lcamtuf.coredump.cx/afl/technical_details.txt) on AFL by +[lcamtuf](https://github.com/lcamtuf). + +# Collisions +In black-box fuzzing, we must assume that control may flow from any block to any +other block, since we don't know any better. Thus for a target with `n` basic +blocks of code, there are `n * n` potential edges. As we can see, even with a +small number of edges, a very large map will be required so that we have space +to fit them all. Even if our target only had `1024` blocks, this would require a +map containing `1048576` entries (or 1Mb in size). + +Whilst this may not seem like a lot of memory, it causes problems for two reasons. Firstly, the processing step after each execution must now process much more +data, and secondly a map this size is unlikely to fit within the L2 cache of the processor. Since this is a very hot code path, we are likely to pay a very heavy +performance cost. + +Therefore, we must accept that not all edges can have a unique and that +therefore there will be collisions. This means that if the fuzzer finds a new +path by uncovering an edge which was not previously found, but that the same +edge ID is used by another edge, then it may go completely unnoticed. This is +obviously undesirable, but equally if our map is too large, then we will not be +able to process as many potential inputs in the same time and hence not uncover +edges for that reason. Thus a careful trade-off of map size must be made. + +# Block & Edge Numbering +Since the original AFL, blocks and edges have always been numbered in the same +way as we can see from the following C snippet from the whitepaper. + +```c + cur_location = (block_address >> 4) ^ (block_address << 8); + shared_mem[cur_location ^ prev_location]++; + prev_location = cur_location >> 1; + +``` + +Each block ID is generated by performing a shift and XOR on its address. Then +the edge ID is calculated as `E = B ^ (B' >> 1)`. Here, we can make two +observations. In fact, the edge ID is also masked to ensure it is less than the +size of the map being used. + +## Block IDs +Firstly, the block ID doesn't have very good entropy. If we consider the address +of the block, then whilst each block has a unique ID, it isn't necessarily very +evenly distributed. + +We start with a large address, and need to discard a large number of the bits to +generate a block ID which is within range. But how do we choose the unique bits +of the address verus those which are the same for every block? The high bits of +the address may simply be all `0s` or all `1s` to make the address cannonical, +the middle portion of the address may be the same for all blocks (since if they +are all within the same binary, then they will all be adjacent in memory), and +on some systems, even the low bits may have poor entropy as some use fixed +length aligned instructions. Then we need to consider that a portion of each +binary may contain the `.data` or `.bss` sections and so may not contain any +blocks of code at all. + +## Edge IDs +Secondly, we can observe that when we generate an edge ID from the source and +destination block IDs, we perform a right shift on the source block ID. Whilst +there are good reasons as set out in the whitepaper why such a transform is +applied, in so doing, we dispose of `1` bit of precious entropy in our source +block ID. + +All together, this means that some edge IDs may be more popular than others. +This means that some portions of the map may be very densly populated with large +numbers of edges, whilst others may be very sparsely populated, or not populated +at all. + +# Improvements +One of the main reaons why this algorithm selected, is performance. All of the +operations are very quick to perform and given we may be carrying this out for +every block of code we execute, performance is critical. + +However, the design of the binary instrumentation modes of AFL++ has moved on. +Both QEMU and FRIDA modes use a two stage process when executing a target +application. Each block is first compiled or instrumented, and then it is +executed. The compiled blocks can be re-used each time the target executes them. + +Since a blocks ID is based on its address, and this is known at compile time, we +only need to generate this ID once per block and so this ID generation no longer +needs to be as performant. We can therefore use a hash algorithm to generate +this ID and therefore ensure that the block IDs are more evenly distributed. + +Edge IDs however, can only be determined at run-time. Since we don't know which +blocks a given input will traverse until we run it. However, given our block IDs +are now evenly distributed, generating an evenly distributed edge ID becomes +simple. Here, the only change we make is to use a rotate operation rather than +a shift operation so we don't lose a bit of entropy from the source ID. + +So our new algorithm becomes: +```c + cur_location = hash(block_address) + shared_mem[cur_location ^ prev_location]++; + prev_location = rotate(cur_location, 1); +``` + +Lastly, in the original design, the `cur_location` was always set to `0`, at the +beginning of a run, we instead set the value of `cur_location` to `hash(0)`. + +# Parallel Fuzzing +Another sub-optimal aspect of the original design is that no matter how many +instances of the fuzzer you ran in parallel, each instance numbered each block +and so each edge with the same ID. Each instance would therefore find the same +subset of edges collide with each other. In the event of a collision, all +instances will hit the same road block. + +However, if we instead use a different seed for our hashing function for each +instance, then each will ascribe each block a different ID and hence each edge +will be given a different edge ID. This means that whilst one instance of the +fuzzer may find a given pair of edges collide, it is very unlikely that another +instance will find the same pair also collide. + +Due to the collaborative nature of parallel fuzzing, this means that whilst one +instance may struggle to find a particular new path because the new edge +collides, another instance will likely not encounter the same collision and thus +be able to differentiate this new path and share it with the other instances. + +If only a single new edge is found, and the new path is shared with an instance +for which that edge collides, that instance may disregard it as irrelevant. In +practice, however, the discovery of a single new edge, likely leads to several +more edges beneath it also being found and therefore the likelihood of all of +these being collisions is very slim. diff --git a/frida_mode/README.md b/frida_mode/README.md index 024fc140..6cbb4c4c 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -293,6 +293,10 @@ FASAN then adds instrumentation for any instrucutions which use memory operands then calls into the `__asan_loadN` and `__asan_storeN` functions provided by the DSO to validate memory accesses against the shadow memory. +# Collisions +FRIDA mode has also introduced some improvements to reduce collisions in the map. +See [here](MapDensity.md) for details. + ## TODO The next features to be added are Aarch32 support as well as looking at diff --git a/frida_mode/hook/qemu_hook.c b/frida_mode/hook/qemu_hook.c index 5b4f65b1..56e787e3 100644 --- a/frida_mode/hook/qemu_hook.c +++ b/frida_mode/hook/qemu_hook.c @@ -36,6 +36,7 @@ struct x86_64_regs { void afl_persistent_hook(struct x86_64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { + (void)guest_base; /* unused */ memcpy((void *)regs->rdi, input_buf, input_buf_len); regs->rsi = input_buf_len; @@ -75,6 +76,7 @@ struct x86_regs { void afl_persistent_hook(struct x86_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { + (void)guest_base; /* unused */ void **esp = (void **)regs->esp; void * arg1 = esp[1]; void **arg2 = &esp[2]; @@ -175,6 +177,7 @@ struct arm64_regs { void afl_persistent_hook(struct arm64_regs *regs, uint64_t guest_base, uint8_t *input_buf, uint32_t input_buf_len) { + (void)guest_base; /* unused */ memcpy((void *)regs->x0, input_buf, input_buf_len); regs->x1 = input_buf_len; } diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 9c8d3a5d..695b46af 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -5,11 +5,12 @@ #include "config.h" -extern char * instrument_debug_filename; -extern gboolean instrument_tracing; -extern gboolean instrument_optimize; -extern gboolean instrument_unique; -extern __thread uint64_t instrument_previous_pc; +extern char * instrument_debug_filename; +extern gboolean instrument_tracing; +extern gboolean instrument_optimize; +extern gboolean instrument_unique; +extern __thread guint64 instrument_previous_pc; +extern guint64 instrument_hash_zero; extern uint8_t *__afl_area_ptr; extern uint32_t __afl_map_size; @@ -33,5 +34,10 @@ void instrument_debug_instruction(uint64_t address, uint16_t size); void instrument_debug_end(GumStalkerOutput *output); void instrument_flush(GumStalkerOutput *output); gpointer instrument_cur(GumStalkerOutput *output); + +void instrument_on_fork(); + +guint64 instrument_get_offset_hash(GumAddress current_rip); + #endif diff --git a/frida_mode/many-linux/Dockerfile b/frida_mode/many-linux/Dockerfile index 1d39c356..2cd56bc8 100644 --- a/frida_mode/many-linux/Dockerfile +++ b/frida_mode/many-linux/Dockerfile @@ -11,7 +11,7 @@ RUN git clone https://github.com/AFLplusplus/AFLplusplus.git WORKDIR /AFLplusplus RUN mkdir -p /AFLplusplus/frida_mode/build/frida/ -RUN curl -L -o /AFLplusplus/frida_mode/build/frida/frida-gumjs-devkit-14.2.18-linux-x86_64.tar.xz "https://github.com/frida/frida/releases/download/14.2.18/frida-gumjs-devkit-14.2.18-linux-x86_64.tar.xz" +RUN curl -L -o /AFLplusplus/frida_mode/build/frida/frida-gumjs-devkit-15.0.0-linux-x86_64.tar.xz "https://github.com/frida/frida/releases/download/15.0.0/frida-gumjs-devkit-15.0.0-linux-x86_64.tar.xz" WORKDIR /AFLplusplus RUN git checkout dev diff --git a/frida_mode/src/entry.c b/frida_mode/src/entry.c index f70e21fc..a0ffd028 100644 --- a/frida_mode/src/entry.c +++ b/frida_mode/src/entry.c @@ -21,7 +21,7 @@ static void entry_launch(void) { __afl_manual_init(); /* Child here */ - instrument_previous_pc = 0; + instrument_on_fork(); stats_on_fork(); } diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 2d857716..81d14013 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -6,6 +6,7 @@ #include "config.h" #include "debug.h" +#include "hash.h" #include "asan.h" #include "entry.h" @@ -22,10 +23,12 @@ gboolean instrument_tracing = false; gboolean instrument_optimize = false; gboolean instrument_unique = false; +guint64 instrument_hash_zero = 0; +guint64 instrument_hash_seed = 0; static GumStalkerTransformer *transformer = NULL; -__thread uint64_t instrument_previous_pc = 0; +__thread guint64 instrument_previous_pc = 0; static GumAddress previous_rip = 0; static u8 * edges_notified = NULL; @@ -49,21 +52,18 @@ static void trace_debug(char *format, ...) { } -__attribute__((hot)) static void on_basic_block(GumCpuContext *context, - gpointer user_data) { +guint64 instrument_get_offset_hash(GumAddress current_rip) { - UNUSED_PARAMETER(context); + guint64 area_offset = hash64((unsigned char *)¤t_rip, + sizeof(GumAddress), instrument_hash_seed); + return area_offset &= MAP_SIZE - 1; - GumAddress current_rip = GUM_ADDRESS(user_data); - GumAddress current_pc; - GumAddress edge; - uint8_t * cursor; - uint64_t value; +} - current_pc = (current_rip >> 4) ^ (current_rip << 8); - current_pc &= MAP_SIZE - 1; +__attribute__((hot)) static void instrument_increment_map(GumAddress edge) { - edge = current_pc ^ instrument_previous_pc; + uint8_t *cursor; + uint64_t value; cursor = &__afl_area_ptr[edge]; value = *cursor; @@ -79,7 +79,21 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } *cursor = value; - instrument_previous_pc = current_pc >> 1; + +} + +__attribute__((hot)) static void on_basic_block(GumCpuContext *context, + gpointer user_data) { + + UNUSED_PARAMETER(context); + + GumAddress current_rip = GUM_ADDRESS(user_data); + guint64 current_pc = instrument_get_offset_hash(current_rip); + guint64 edge; + + edge = current_pc ^ instrument_previous_pc; + + instrument_increment_map(edge); if (unlikely(instrument_tracing)) { @@ -98,6 +112,9 @@ __attribute__((hot)) static void on_basic_block(GumCpuContext *context, } + instrument_previous_pc = + ((current_pc & (MAP_SIZE - 1) >> 1)) | ((current_pc & 0x1) << 15); + } static void instrument_basic_block(GumStalkerIterator *iterator, @@ -265,6 +282,19 @@ void instrument_init(void) { } + /* + * By using a different seed value for the hash, we can make different + * instances have edge collisions in different places when carrying out + * parallel fuzzing. The seed itself, doesn't have to be random, it just + * needs to be different for each instance. + */ + instrument_hash_seed = + g_get_monotonic_time() ^ (((guint64)getpid()) << 32) ^ gettid(); + + OKF("Instrumentation - seed [0x%016" G_GINT64_MODIFIER "x]", + instrument_hash_seed); + instrument_hash_zero = instrument_get_offset_hash(0); + instrument_debug_init(); asan_init(); cmplog_init(); @@ -278,3 +308,9 @@ GumStalkerTransformer *instrument_get_transformer(void) { } +void instrument_on_fork() { + + instrument_previous_pc = instrument_hash_zero; + +} + diff --git a/frida_mode/src/instrument/instrument_arm64.c b/frida_mode/src/instrument/instrument_arm64.c index 17f97c97..cf37e048 100644 --- a/frida_mode/src/instrument/instrument_arm64.c +++ b/frida_mode/src/instrument/instrument_arm64.c @@ -12,15 +12,15 @@ static GumAddress current_log_impl = GUM_ADDRESS(0); static const guint8 afl_log_code[] = { // __afl_area_ptr[current_pc ^ previous_pc]++; - // previous_pc = current_pc >> 1; + // previous_pc = current_pc ROR 1; 0xE1, 0x0B, 0xBF, 0xA9, // stp x1, x2, [sp, -0x10]! 0xE3, 0x13, 0xBF, 0xA9, // stp x3, x4, [sp, -0x10]! // x0 = current_pc - 0xe1, 0x01, 0x00, 0x58, // ldr x1, #0x3c, =&__afl_area_ptr + 0x21, 0x02, 0x00, 0x58, // ldr x1, #0x44, =&__afl_area_ptr 0x21, 0x00, 0x40, 0xf9, // ldr x1, [x1] (=__afl_area_ptr) - 0xe2, 0x01, 0x00, 0x58, // ldr x2, #0x3c, =&previous_pc + 0x22, 0x02, 0x00, 0x58, // ldr x2, #0x44, =&previous_pc 0x42, 0x00, 0x40, 0xf9, // ldr x2, [x2] (=previous_pc) // __afl_area_ptr[current_pc ^ previous_pc]++; @@ -30,8 +30,11 @@ static const guint8 afl_log_code[] = { 0x63, 0x00, 0x1f, 0x9a, // adc x3, x3, xzr 0x23, 0x68, 0x22, 0xf8, // str x3, [x1, x2] - // previous_pc = current_pc >> 1; - 0xe0, 0x07, 0x40, 0x8b, // add x0, xzr, x0, LSR #1 + // previous_pc = current_pc ROR 1; + 0xe4, 0x07, 0x40, 0x8b, // add x4, xzr, x0, LSR #1 + 0xe0, 0xff, 0x00, 0x8b, // add x0, xzr, x0, LSL #63 + 0x80, 0xc0, 0x40, 0x8b, // add x0, x4, x0, LSR #48 + 0xe2, 0x00, 0x00, 0x58, // ldr x2, #0x1c, =&previous_pc 0x40, 0x00, 0x00, 0xf9, // str x0, [x2] @@ -54,8 +57,7 @@ void instrument_coverage_optimize(const cs_insn * instr, GumStalkerOutput *output) { guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - area_offset &= MAP_SIZE - 1; + guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); GumArm64Writer *cw = output->writer.arm64; if (current_log_impl == 0 || diff --git a/frida_mode/src/instrument/instrument_x64.c b/frida_mode/src/instrument/instrument_x64.c index a2b54369..fec8afbb 100644 --- a/frida_mode/src/instrument/instrument_x64.c +++ b/frida_mode/src/instrument/instrument_x64.c @@ -24,7 +24,7 @@ static const guint8 afl_log_code[] = { 0x80, 0x02, 0x01, /* add byte ptr [rdx], 1 */ 0x80, 0x12, 0x00, /* adc byte ptr [rdx], 0 */ - 0x48, 0xd1, 0xef, /* shr rdi, 1 */ + 0x66, 0xd1, 0xcf, /* ror di, 1 */ 0x48, 0x89, 0x39, /* mov qword [rcx], rdi */ 0x5a, /* pop rdx */ @@ -49,13 +49,9 @@ gboolean instrument_is_coverage_optimize_supported(void) { static guint8 align_pad[] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90}; -void instrument_coverage_optimize(const cs_insn * instr, - GumStalkerOutput *output) { +static void instrument_coverate_write_function(GumStalkerOutput *output) { - guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - guint64 misalign = 0; - area_offset &= MAP_SIZE - 1; + guint64 misalign = 0; GumX86Writer *cw = output->writer.x86; if (current_log_impl == 0 || @@ -87,6 +83,15 @@ void instrument_coverage_optimize(const cs_insn * instr, } +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); + instrument_coverate_write_function(output); + gum_x86_writer_put_lea_reg_reg_offset(cw, GUM_REG_RSP, GUM_REG_RSP, -GUM_RED_ZONE_SIZE); gum_x86_writer_put_push_reg(cw, GUM_REG_RDI); diff --git a/frida_mode/src/instrument/instrument_x86.c b/frida_mode/src/instrument/instrument_x86.c index 3c3dc272..7bf48f96 100644 --- a/frida_mode/src/instrument/instrument_x86.c +++ b/frida_mode/src/instrument/instrument_x86.c @@ -30,7 +30,8 @@ static void instrument_coverage_function(GumX86Writer *cw) { uint8_t adc_byte_ptr_edx_0[] = {0x80, 0x12, 0x00}; gum_x86_writer_put_bytes(cw, adc_byte_ptr_edx_0, sizeof(adc_byte_ptr_edx_0)); - gum_x86_writer_put_shr_reg_u8(cw, GUM_REG_EDI, 1); + uint8_t ror_di_1[] = {0x66, 0xd1, 0xcf}; + gum_x86_writer_put_bytes(cw, ror_di_1, sizeof(ror_di_1)); gum_x86_writer_put_mov_reg_ptr_reg(cw, GUM_REG_ECX, GUM_REG_EDI); gum_x86_writer_put_pop_reg(cw, GUM_REG_EDX); @@ -46,15 +47,8 @@ gboolean instrument_is_coverage_optimize_supported(void) { } -void instrument_coverage_optimize(const cs_insn * instr, - GumStalkerOutput *output) { +static void instrument_coverate_write_function(GumStalkerOutput *output) { - UNUSED_PARAMETER(instr); - UNUSED_PARAMETER(output); - - guint64 current_pc = instr->address; - guint64 area_offset = (current_pc >> 4) ^ (current_pc << 8); - area_offset &= MAP_SIZE - 1; GumX86Writer *cw = output->writer.x86; if (current_log_impl == 0 || @@ -73,7 +67,15 @@ void instrument_coverage_optimize(const cs_insn * instr, } - // gum_x86_writer_put_breakpoint(cw); +} + +void instrument_coverage_optimize(const cs_insn * instr, + GumStalkerOutput *output) { + + GumX86Writer *cw = output->writer.x86; + guint64 area_offset = instrument_get_offset_hash(GUM_ADDRESS(instr->address)); + instrument_coverate_write_function(output); + gum_x86_writer_put_push_reg(cw, GUM_REG_EDI); gum_x86_writer_put_mov_reg_address(cw, GUM_REG_EDI, area_offset); gum_x86_writer_put_call_address(cw, current_log_impl); diff --git a/frida_mode/src/persistent/persistent_arm64.c b/frida_mode/src/persistent/persistent_arm64.c index 4ab7b283..3cd61cd5 100644 --- a/frida_mode/src/persistent/persistent_arm64.c +++ b/frida_mode/src/persistent/persistent_arm64.c @@ -237,7 +237,7 @@ static void instrument_exit(GumArm64Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - instrument_previous_pc = 0; + instrument_previous_pc = instrument_hash_zero; return ret; } diff --git a/frida_mode/src/persistent/persistent_x64.c b/frida_mode/src/persistent/persistent_x64.c index ce3017e4..c0bd9a09 100644 --- a/frida_mode/src/persistent/persistent_x64.c +++ b/frida_mode/src/persistent/persistent_x64.c @@ -174,7 +174,7 @@ static void instrument_exit(GumX86Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - instrument_previous_pc = 0; + instrument_previous_pc = instrument_hash_zero; return ret; } diff --git a/frida_mode/src/persistent/persistent_x86.c b/frida_mode/src/persistent/persistent_x86.c index cc1f1a4f..b911676a 100644 --- a/frida_mode/src/persistent/persistent_x86.c +++ b/frida_mode/src/persistent/persistent_x86.c @@ -130,7 +130,7 @@ static void instrument_exit(GumX86Writer *cw) { static int instrument_afl_persistent_loop_func(void) { int ret = __afl_persistent_loop(persistent_count); - instrument_previous_pc = 0; + instrument_previous_pc = instrument_hash_zero; return ret; } diff --git a/frida_mode/util/get_symbol_addr.sh b/frida_mode/util/get_symbol_addr.sh index 7f9b7d22..f5d8df91 100755 --- a/frida_mode/util/get_symbol_addr.sh +++ b/frida_mode/util/get_symbol_addr.sh @@ -26,7 +26,7 @@ file "$target" | grep -q executable && { exit 0 } -hex_base=$(echo "$3" | awk '{sub("^0x","");print $0}') +hex_base=$(echo "$3" | awk '{sub("^0x","");print $0}' | tr a-f A-F ) nm "$target" | grep -i "T $symbol" | awk '{print$1}' | tr a-f A-F | \ xargs echo "ibase=16;obase=10;$hex_base + " | bc | tr A-F a-f | awk '{print "0x"$0}' exit 0 From 3a3ef7b6b4efcd8ed12bef80cca51f82e65a985f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jul 2021 12:16:52 +0200 Subject: [PATCH 415/441] update documentation --- README.md | 55 +++++++++- docs/Changelog.md | 1 + docs/QuickStartGuide.md | 9 +- docs/README.MOpt.md | 54 ---------- docs/historical_notes.md | 143 ------------------------- docs/notes_for_asan.md | 157 ---------------------------- docs/perf_tips.md | 47 +++------ docs/power_schedules.md | 32 ------ docs/technical_details.md | 4 + instrumentation/afl-compiler-rt.o.c | 5 +- 10 files changed, 79 insertions(+), 428 deletions(-) delete mode 100644 docs/README.MOpt.md delete mode 100644 docs/historical_notes.md delete mode 100644 docs/notes_for_asan.md delete mode 100644 docs/power_schedules.md diff --git a/README.md b/README.md index bc5b333c..50f514ab 100644 --- a/README.md +++ b/README.md @@ -387,7 +387,56 @@ afl++ performs "never zero" counting in its bitmap. You can read more about this here: * [instrumentation/README.neverzero.md](instrumentation/README.neverzero.md) -#### c) Modify the target +#### c) Sanitizers + +It is possible to use sanitizers when instrumenting targets for fuzzing, +which allows you to find bugs that would not necessarily result in a crash. + +Note that sanitizers have a huge impact on CPU (= less executions per second) +and RAM usage. Also you should only run one afl-fuz instance per sanitizer type. +This is enough because a user-after-free bug will be picked up, e.g. by +ASAN (address sanitizer) anyway when syncing to other fuzzing instances, +so not all fuzzing instances need to be instrumented with ASAN. + +The wolloing sanitizers have built-in support in afl++: + * ASAN = Address SANitizer, finds memory corruption vulnerabilities like + use-after-free, NULL pointer dereference, buffer overruns, etc. + Enabled with `export AFL_USE_ASAN=1` before compiling. + * MSAN = Memory SANitizer, finds read access to uninitialized memory, eg. + a local variable that is defined and read before it is even set. + Enabled with `export AFL_USE_MSAN=1` before compiling. + * UBSAN = Undefined Behaviour SANitizer, finds instances where - by the + C and C++ standards - undefined behaviour happens, e.g. adding two + signed integers together where the result is larger than a signed integer + can hold. + Enabled with `export AFL_USE_UBSAN=1` before compiling. + * CFISAN = Control Flow Integrity SANitizer, finds instances where the + control flow is found to be illegal. Originally this was rather to + prevent return oriented programming exploit chains from functioning, + in fuzzing this is mostly reduced to detecting type confusion + vulnerabilities - which is however one of the most important and dangerous + C++ memory corruption classes! + Enabled with `export AFL_USE_CFISAN=1` before compiling. + * LSAN = Leak SANitizer, finds memory leaks in a program. This is not really + a security issue, but for developers this can be very valuable. + Note that unlike the other sanitizers above this needs + `__AFL_LEAK_CHECK();` added to all areas of the target source code where you + find a leak check necessary! + Enabled with `export AFL_USE_LSAN=1` before compiling. + +It is possible to further modify the behaviour of the sanitizers at run-time +by setting `ASAN_OPTIONS=...`, `LSAN_OPTIONS` etc. - the availabel parameter +can be looked up in the sanitizer documentation of llvm/clang. +afl-fuzz however requires some specific parameters important for fuzzing to be +set if you want to set your own, and will bail and report what it is missing. + +Note that some sanitizers cannot be used together, e.g. ASAN and MSAN, and +others often cannot work together because of target weirdness, e.g. ASAN and +CFISAN. You might need to experiment which sanitizers you can combine in a +target (which means more instances can be run without a sanitized target, +which is more effective). + +#### d) Modify the target If the target has features that make fuzzing more difficult, e.g. checksums, HMAC, etc. then modify the source code so that this is @@ -405,7 +454,7 @@ these checks within this specific defines: All afl++ compilers will set this preprocessor definition automatically. -#### d) Instrument the target +#### e) Instrument the target In this step the target source code is compiled so that it can be fuzzed. @@ -462,7 +511,7 @@ non-standard way to set this, otherwise set up the build normally and edit the generated build environment afterwards manually to point it to the right compiler (and/or ranlib and ar). -#### d) Better instrumentation +#### f) Better instrumentation If you just fuzz a target program as-is you are wasting a great opportunity for much more fuzzing speed. diff --git a/docs/Changelog.md b/docs/Changelog.md index aebd3fa9..705daa40 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -38,6 +38,7 @@ sending a mail to . - ensure afl-compiler-rt is built for gcc_module - added `AFL_NO_FORKSRV` env variable support to afl-cmin, afl-tmin, and afl-showmap, by @jhertz + - removed outdated documents, improved existing documentation ### Version ++3.13c (release) - Note: plot_data switched to relative time from unix time in 3.10 diff --git a/docs/QuickStartGuide.md b/docs/QuickStartGuide.md index d1966170..2d056ecf 100644 --- a/docs/QuickStartGuide.md +++ b/docs/QuickStartGuide.md @@ -18,14 +18,12 @@ how to hit the ground running: custom SIGSEGV or SIGABRT handlers and background processes. For tips on detecting non-crashing flaws, see section 11 in [README.md](README.md) . -3) Compile the program / library to be fuzzed using afl-gcc. A common way to +3) Compile the program / library to be fuzzed using afl-cc. A common way to do this would be: - CC=/path/to/afl-gcc CXX=/path/to/afl-g++ ./configure --disable-shared + CC=/path/to/afl-cc CXX=/path/to/afl-c++ ./configure --disable-shared make clean all - If program build fails, ping . - 4) Get a small but valid input file that makes sense to the program. When fuzzing verbose syntax (SQL, HTTP, etc), create a dictionary as described in dictionaries/README.md, too. @@ -41,9 +39,6 @@ how to hit the ground running: 6) Investigate anything shown in red in the fuzzer UI by promptly consulting [status_screen.md](status_screen.md). -7) compile and use llvm_mode (afl-clang-fast/afl-clang-fast++) as it is way - faster and has a few cool features - 8) There is a basic docker build with 'docker build -t aflplusplus .' That's it. Sit back, relax, and - time permitting - try to skim through the diff --git a/docs/README.MOpt.md b/docs/README.MOpt.md deleted file mode 100644 index 3de6d670..00000000 --- a/docs/README.MOpt.md +++ /dev/null @@ -1,54 +0,0 @@ -# MOpt(imized) AFL by - -### 1. Description -MOpt-AFL is a AFL-based fuzzer that utilizes a customized Particle Swarm -Optimization (PSO) algorithm to find the optimal selection probability -distribution of operators with respect to fuzzing effectiveness. -More details can be found in the technical report. - -### 2. Cite Information -Chenyang Lyu, Shouling Ji, Chao Zhang, Yuwei Li, Wei-Han Lee, Yu Song and -Raheem Beyah, MOPT: Optimized Mutation Scheduling for Fuzzers, -USENIX Security 2019. - -### 3. Seed Sets -We open source all the seed sets used in the paper -"MOPT: Optimized Mutation Scheduling for Fuzzers". - -### 4. Experiment Results -The experiment results can be found in -https://drive.google.com/drive/folders/184GOzkZGls1H2NuLuUfSp9gfqp1E2-lL?usp=sharing. -We only open source the crash files since the space is limited. - -### 5. Technical Report -MOpt_TechReport.pdf is the technical report of the paper -"MOPT: Optimized Mutation Scheduling for Fuzzers", which contains more deatails. - -### 6. Parameter Introduction -Most important, you must add the parameter `-L` (e.g., `-L 0`) to launch the -MOpt scheme. - -Option '-L' controls the time to move on to the pacemaker fuzzing mode. -'-L t': when MOpt-AFL finishes the mutation of one input, if it has not -discovered any new unique crash or path for more than t minutes, MOpt-AFL will -enter the pacemaker fuzzing mode. - -Setting 0 will enter the pacemaker fuzzing mode at first, which is -recommended in a short time-scale evaluation. - -Setting -1 will enable both pacemaker mode and normal aflmutation fuzzing in -parallel. - -Other important parameters can be found in afl-fuzz.c, for instance, - -'swarm_num': the number of the PSO swarms used in the fuzzing process. -'period_pilot': how many times MOpt-AFL will execute the target program - in the pilot fuzzing module, then it will enter the core fuzzing module. -'period_core': how many times MOpt-AFL will execute the target program in the - core fuzzing module, then it will enter the PSO updating module. -'limit_time_bound': control how many interesting test cases need to be found - before MOpt-AFL quits the pacemaker fuzzing mode and reuses the deterministic stage. - 0 < 'limit_time_bound' < 1, MOpt-AFL-tmp. - 'limit_time_bound' >= 1, MOpt-AFL-ever. - -Have fun with MOpt in AFL! diff --git a/docs/historical_notes.md b/docs/historical_notes.md deleted file mode 100644 index b5d3d157..00000000 --- a/docs/historical_notes.md +++ /dev/null @@ -1,143 +0,0 @@ -# Historical notes - - This doc talks about the rationale of some of the high-level design decisions - for American Fuzzy Lop. It's adopted from a discussion with Rob Graham. - See README.md for the general instruction manual, and technical_details.md for - additional implementation-level insights. - -## 1) Influences - -In short, `afl-fuzz` is inspired chiefly by the work done by Tavis Ormandy back -in 2007. Tavis did some very persuasive experiments using `gcov` block coverage -to select optimal test cases out of a large corpus of data, and then using -them as a starting point for traditional fuzzing workflows. - -(By "persuasive", I mean: netting a significant number of interesting -vulnerabilities.) - -In parallel to this, both Tavis and I were interested in evolutionary fuzzing. -Tavis had his experiments, and I was working on a tool called bunny-the-fuzzer, -released somewhere in 2007. - -Bunny used a generational algorithm not much different from `afl-fuzz`, but -also tried to reason about the relationship between various input bits and -the internal state of the program, with hopes of deriving some additional value -from that. The reasoning / correlation part was probably in part inspired by -other projects done around the same time by Will Drewry and Chris Evans. - -The state correlation approach sounded very sexy on paper, but ultimately, made -the fuzzer complicated, brittle, and cumbersome to use; every other target -program would require a tweak or two. Because Bunny didn't fare a whole lot -better than less sophisticated brute-force tools, I eventually decided to write -it off. You can still find its original documentation at: - - https://code.google.com/p/bunny-the-fuzzer/wiki/BunnyDoc - -There has been a fair amount of independent work, too. Most notably, a few -weeks earlier that year, Jared DeMott had a Defcon presentation about a -coverage-driven fuzzer that relied on coverage as a fitness function. - -Jared's approach was by no means identical to what afl-fuzz does, but it was in -the same ballpark. His fuzzer tried to explicitly solve for the maximum coverage -with a single input file; in comparison, afl simply selects for cases that do -something new (which yields better results - see [technical_details.md](technical_details.md)). - -A few years later, Gabriel Campana released fuzzgrind, a tool that relied purely -on Valgrind and a constraint solver to maximize coverage without any brute-force -bits; and Microsoft Research folks talked extensively about their still -non-public, solver-based SAGE framework. - -In the past six years or so, I've also seen a fair number of academic papers -that dealt with smart fuzzing (focusing chiefly on symbolic execution) and a -couple papers that discussed proof-of-concept applications of genetic -algorithms with the same goals in mind. I'm unconvinced how practical most of -these experiments were; I suspect that many of them suffer from the -bunny-the-fuzzer's curse of being cool on paper and in carefully designed -experiments, but failing the ultimate test of being able to find new, -worthwhile security bugs in otherwise well-fuzzed, real-world software. - -In some ways, the baseline that the "cool" solutions have to compete against is -a lot more impressive than it may seem, making it difficult for competitors to -stand out. For a singular example, check out the work by Gynvael and Mateusz -Jurczyk, applying "dumb" fuzzing to ffmpeg, a prominent and security-critical -component of modern browsers and media players: - - http://googleonlinesecurity.blogspot.com/2014/01/ffmpeg-and-thousand-fixes.html - -Effortlessly getting comparable results with state-of-the-art symbolic execution -in equally complex software still seems fairly unlikely, and hasn't been -demonstrated in practice so far. - -But I digress; ultimately, attribution is hard, and glorying the fundamental -concepts behind AFL is probably a waste of time. The devil is very much in the -often-overlooked details, which brings us to... - -## 2. Design goals for afl-fuzz - -In short, I believe that the current implementation of afl-fuzz takes care of -several itches that seemed impossible to scratch with other tools: - -1) Speed. It's genuinely hard to compete with brute force when your "smart" - approach is resource-intensive. If your instrumentation makes it 10x more - likely to find a bug, but runs 100x slower, your users are getting a bad - deal. - - To avoid starting with a handicap, `afl-fuzz` is meant to let you fuzz most of - the intended targets at roughly their native speed - so even if it doesn't - add value, you do not lose much. - - On top of this, the tool leverages instrumentation to actually reduce the - amount of work in a couple of ways: for example, by carefully trimming the - corpus or skipping non-functional but non-trimmable regions in the input - files. - -2) Rock-solid reliability. It's hard to compete with brute force if your - approach is brittle and fails unexpectedly. Automated testing is attractive - because it's simple to use and scalable; anything that goes against these - principles is an unwelcome trade-off and means that your tool will be used - less often and with less consistent results. - - Most of the approaches based on symbolic execution, taint tracking, or - complex syntax-aware instrumentation are currently fairly unreliable with - real-world targets. Perhaps more importantly, their failure modes can render - them strictly worse than "dumb" tools, and such degradation can be difficult - for less experienced users to notice and correct. - - In contrast, `afl-fuzz` is designed to be rock solid, chiefly by keeping it - simple. In fact, at its core, it's designed to be just a very good - traditional fuzzer with a wide range of interesting, well-researched - strategies to go by. The fancy parts just help it focus the effort in - places where it matters the most. - -3) Simplicity. The author of a testing framework is probably the only person - who truly understands the impact of all the settings offered by the tool - - and who can dial them in just right. Yet, even the most rudimentary fuzzer - frameworks often come with countless knobs and fuzzing ratios that need to - be guessed by the operator ahead of the time. This can do more harm than - good. - - AFL is designed to avoid this as much as possible. The three knobs you - can play with are the output file, the memory limit, and the ability to - override the default, auto-calibrated timeout. The rest is just supposed to - work. When it doesn't, user-friendly error messages outline the probable - causes and workarounds, and get you back on track right away. - -4) Chainability. Most general-purpose fuzzers can't be easily employed - against resource-hungry or interaction-heavy tools, necessitating the - creation of custom in-process fuzzers or the investment of massive CPU - power (most of which is wasted on tasks not directly related to the code - we actually want to test). - - AFL tries to scratch this itch by allowing users to use more lightweight - targets (e.g., standalone image parsing libraries) to create small - corpora of interesting test cases that can be fed into a manual testing - process or a UI harness later on. - -As mentioned in [technical_details.md](technical_details.md), AFL does all this not by systematically -applying a single overarching CS concept, but by experimenting with a variety -of small, complementary methods that were shown to reliably yields results -better than chance. The use of instrumentation is a part of that toolkit, but is -far from being the most important one. - -Ultimately, what matters is that `afl-fuzz` is designed to find cool bugs - and -has a pretty robust track record of doing just that. diff --git a/docs/notes_for_asan.md b/docs/notes_for_asan.md deleted file mode 100644 index f55aeaf2..00000000 --- a/docs/notes_for_asan.md +++ /dev/null @@ -1,157 +0,0 @@ -# Notes for using ASAN with afl-fuzz - - This file discusses some of the caveats for fuzzing under ASAN, and suggests - a handful of alternatives. See README.md for the general instruction manual. - -## 1) Short version - -ASAN on 64-bit systems requests a lot of memory in a way that can't be easily -distinguished from a misbehaving program bent on crashing your system. - -Because of this, fuzzing with ASAN is recommended only in four scenarios: - - - On 32-bit systems, where we can always enforce a reasonable memory limit - (-m 800 or so is a good starting point), - - - On 64-bit systems only if you can do one of the following: - - - Compile the binary in 32-bit mode (gcc -m32), - - - Precisely gauge memory needs using http://jwilk.net/software/recidivm . - - - Limit the memory available to process using cgroups on Linux (see - utils/asan_cgroups). - -To compile with ASAN, set AFL_USE_ASAN=1 before calling 'make clean all'. The -afl-gcc / afl-clang wrappers will pick that up and add the appropriate flags. -Note that ASAN is incompatible with -static, so be mindful of that. - -(You can also use AFL_USE_MSAN=1 to enable MSAN instead.) - -When compiling with AFL_USE_LSAN, the leak sanitizer will normally run -when the program exits. In order to utilize this check at different times, -such as at the end of a loop, you may use the macro __AFL_LEAK_CHECK();. -This macro will report a crash in afl-fuzz if any memory is left leaking -at this stage. You can also use LSAN_OPTIONS and a supressions file -for more fine-tuned checking, however make sure you keep exitcode=23. - -NOTE: if you run several secondary instances, only one should run the target -compiled with ASAN (and UBSAN, CFISAN), the others should run the target with -no sanitizers compiled in. - -There is also the option of generating a corpus using a non-ASAN binary, and -then feeding it to an ASAN-instrumented one to check for bugs. This is faster, -and can give you somewhat comparable results. You can also try using -libdislocator (see [utils/libdislocator/README.dislocator.md](../utils/libdislocator/README.dislocator.md) in the parent directory) as a -lightweight and hassle-free (but less thorough) alternative. - -## 2) Long version - -ASAN allocates a huge region of virtual address space for bookkeeping purposes. -Most of this is never actually accessed, so the OS never has to allocate any -real pages of memory for the process, and the VM grabbed by ASAN is essentially -"free" - but the mapping counts against the standard OS-enforced limit -(RLIMIT_AS, aka ulimit -v). - -On our end, afl-fuzz tries to protect you from processes that go off-rails -and start consuming all the available memory in a vain attempt to parse a -malformed input file. This happens surprisingly often, so enforcing such a limit -is important for almost any fuzzer: the alternative is for the kernel OOM -handler to step in and start killing random processes to free up resources. -Needless to say, that's not a very nice prospect to live with. - -Unfortunately, un*x systems offer no portable way to limit the amount of -pages actually given to a process in a way that distinguishes between that -and the harmless "land grab" done by ASAN. In principle, there are three standard -ways to limit the size of the heap: - - - The RLIMIT_AS mechanism (ulimit -v) caps the size of the virtual space - - but as noted, this pays no attention to the number of pages actually - in use by the process, and doesn't help us here. - - - The RLIMIT_DATA mechanism (ulimit -d) seems like a good fit, but it applies - only to the traditional sbrk() / brk() methods of requesting heap space; - modern allocators, including the one in glibc, routinely rely on mmap() - instead, and circumvent this limit completely. - - - Finally, the RLIMIT_RSS limit (ulimit -m) sounds like what we need, but - doesn't work on Linux - mostly because nobody felt like implementing it. - -There are also cgroups, but they are Linux-specific, not universally available -even on Linux systems, and they require root permissions to set up; I'm a bit -hesitant to make afl-fuzz require root permissions just for that. That said, -if you are on Linux and want to use cgroups, check out the contributed script -that ships in utils/asan_cgroups/. - -In settings where cgroups aren't available, we have no nice, portable way to -avoid counting the ASAN allocation toward the limit. On 32-bit systems, or for -binaries compiled in 32-bit mode (-m32), this is not a big deal: ASAN needs -around 600-800 MB or so, depending on the compiler - so all you need to do is -to specify -m that is a bit higher than that. - -On 64-bit systems, the situation is more murky, because the ASAN allocation -is completely outlandish - around 17.5 TB in older versions, and closer to -20 TB with newest ones. The actual amount of memory on your system is -(probably!) just a tiny fraction of that - so unless you dial the limit -with surgical precision, you will get no protection from OOM bugs. - -On my system, the amount of memory grabbed by ASAN with a slightly older -version of gcc is around 17,825,850 MB; for newest clang, it's 20,971,600. -But there is no guarantee that these numbers are stable, and if you get them -wrong by "just" a couple gigs or so, you will be at risk. - -To get the precise number, you can use the recidivm tool developed by Jakub -Wilk (http://jwilk.net/software/recidivm). In absence of this, ASAN is *not* -recommended when fuzzing 64-bit binaries, unless you are confident that they -are robust and enforce reasonable memory limits (in which case, you can -specify '-m none' when calling afl-fuzz). - -Using recidivm or running with no limits aside, there are two other decent -alternatives: build a corpus of test cases using a non-ASAN binary, and then -examine them with ASAN, Valgrind, or other heavy-duty tools in a more -controlled setting; or compile the target program with -m32 (32-bit mode) -if your system supports that. - -## 3) Interactions with the QEMU mode - -ASAN, MSAN, and other sanitizers appear to be incompatible with QEMU user -emulation, so please do not try to use them with the -Q option; QEMU doesn't -seem to appreciate the shadow VM trick used by these tools, and will likely -just allocate all your physical memory, then crash. - -You can, however, use QASan to run binaries that are not instrumented with ASan -under QEMU with the AFL++ instrumentation. - -https://github.com/andreafioraldi/qasan - -## 4) ASAN and OOM crashes - -By default, ASAN treats memory allocation failures as fatal errors, immediately -causing the program to crash. Since this is a departure from normal POSIX -semantics (and creates the appearance of security issues in otherwise -properly-behaving programs), we try to disable this by specifying -allocator_may_return_null=1 in ASAN_OPTIONS. - -Unfortunately, it's been reported that this setting still causes ASAN to -trigger phantom crashes in situations where the standard allocator would -simply return NULL. If this is interfering with your fuzzing jobs, you may -want to cc: yourself on this bug: - - https://bugs.llvm.org/show_bug.cgi?id=22026 - -## 5) What about UBSAN? - -New versions of UndefinedBehaviorSanitizer offers the --fsanitize=undefined-trap-on-error compiler flag that tells UBSan to insert an -istruction that will cause SIGILL (ud2 on x86) when an undefined behaviour -is detected. This is the option that you want to use when combining AFL++ -and UBSan. - -AFL_USE_UBSAN=1 env var will add this compiler flag to afl-clang-fast, -afl-gcc-fast and afl-gcc for you. - -Old versions of UBSAN don't offer a consistent way -to abort() on fault conditions or to terminate with a distinctive exit code -but there are some versions of the library can be binary-patched to address this -issue. You can also preload a shared library that substitute all the UBSan -routines used to report errors with abort(). diff --git a/docs/perf_tips.md b/docs/perf_tips.md index c5968206..7c14cbbc 100644 --- a/docs/perf_tips.md +++ b/docs/perf_tips.md @@ -48,13 +48,9 @@ be then manually fed to a more resource-hungry program later on. Also note that reading the fuzzing input via stdin is faster than reading from a file. -## 3. Use LLVM instrumentation +## 3. Use LLVM persistent instrumentation -When fuzzing slow targets, you can gain 20-100% performance improvement by -using the LLVM-based instrumentation mode described in [the instrumentation README](../instrumentation/README.llvm.md). -Note that this mode requires the use of clang and will not work with GCC. - -The LLVM mode also offers a "persistent", in-process fuzzing mode that can +The LLVM mode offers a "persistent", in-process fuzzing mode that can work well for certain types of self-contained libraries, and for fast targets, can offer performance gains up to 5-10x; and a "deferred fork server" mode that can offer huge benefits for programs with high startup overhead. Both @@ -138,8 +134,7 @@ misses, or similar factors, but they are less likely to be a concern.) ## 7. Keep memory use and timeouts in check -If you have increased the `-m` or `-t` limits more than truly necessary, consider -dialing them back down. +Consider setting low values for -m and -t. For programs that are nominally very fast, but get sluggish for some inputs, you can also try setting `-t` values that are more punishing than what `afl-fuzz` @@ -164,6 +159,20 @@ There are several OS-level factors that may affect fuzzing speed: - Network filesystems, either used for fuzzer input / output, or accessed by the fuzzed binary to read configuration files (pay special attention to the home directory - many programs search it for dot-files). + - Disable all the spectre, meltdown etc. security countermeasures in the + kernel if your machine is properly separated: + +``` +ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off +no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable +nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off +spectre_v2=off stf_barrier=off +``` + In most Linux distributions you can put this into a `/etc/default/grub` + variable. + +The following list of changes are made when executing `afl-system-config`: + - On-demand CPU scaling. The Linux `ondemand` governor performs its analysis on a particular schedule and is known to underestimate the needs of short-lived processes spawned by `afl-fuzz` (or any other fuzzer). On Linux, @@ -196,26 +205,4 @@ There are several OS-level factors that may affect fuzzing speed: Setting a different scheduling policy for the fuzzer process - say `SCHED_RR` - can usually speed things up, too, but needs to be done with care. - - Use the `afl-system-config` script to set all proc/sys settings above in one go. - - Disable all the spectre, meltdown etc. security countermeasures in the - kernel if your machine is properly separated: -``` -ibpb=off ibrs=off kpti=off l1tf=off mds=off mitigations=off -no_stf_barrier noibpb noibrs nopcid nopti nospec_store_bypass_disable -nospectre_v1 nospectre_v2 pcid=off pti=off spec_store_bypass_disable=off -spectre_v2=off stf_barrier=off -``` - In most Linux distributions you can put this into a `/etc/default/grub` - variable. - -## 9. If all other options fail, use `-d` - -For programs that are genuinely slow, in cases where you really can't escape -using huge input files, or when you simply want to get quick and dirty results -early on, you can always resort to the `-d` mode. - -The mode causes `afl-fuzz` to skip all the deterministic fuzzing steps, which -makes output a lot less neat and can ultimately make the testing a bit less -in-depth, but it will give you an experience more familiar from other fuzzing -tools. diff --git a/docs/power_schedules.md b/docs/power_schedules.md deleted file mode 100644 index 493f9609..00000000 --- a/docs/power_schedules.md +++ /dev/null @@ -1,32 +0,0 @@ -# afl++'s power schedules based on AFLfast - - -Power schedules implemented by Marcel Böhme \. -AFLFast is an extension of AFL which is written and maintained by -Michal Zalewski \. - -AFLfast has helped in the success of Team Codejitsu at the finals of the DARPA Cyber Grand Challenge where their bot Galactica took **2nd place** in terms of #POVs proven (see red bar at https://www.cybergrandchallenge.com/event#results). AFLFast exposed several previously unreported CVEs that could not be exposed by AFL in 24 hours and otherwise exposed vulnerabilities significantly faster than AFL while generating orders of magnitude more unique crashes. - -Essentially, we observed that most generated inputs exercise the same few "high-frequency" paths and developed strategies to gravitate towards low-frequency paths, to stress significantly more program behavior in the same amount of time. We devised several **search strategies** that decide in which order the seeds should be fuzzed and **power schedules** that smartly regulate the number of inputs generated from a seed (i.e., the time spent fuzzing a seed). We call the number of inputs generated from a seed, the seed's **energy**. - -We find that AFL's exploitation-based constant schedule assigns **too much energy to seeds exercising high-frequency paths** (e.g., paths that reject invalid inputs) and not enough energy to seeds exercising low-frequency paths (e.g., paths that stress interesting behaviors). Technically, we modified the computation of a seed's performance score (`calculate_score`), which seed is marked as favourite (`update_bitmap_score`), and which seed is chosen next from the circular queue (`main`). We implemented the following schedules (in the order of their effectiveness, best first): - -| AFL flag | Power Schedule | -| ------------- | -------------------------- | -| `-p explore` | ![EXPLORE](http://latex.codecogs.com/gif.latex?p%28i%29%3D%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D) | -| `-p fast` (default)| ![FAST](http://latex.codecogs.com/gif.latex?p(i)=\\min\\left(\\frac{\\alpha(i)}{\\beta}\\cdot\\frac{2^{s(i)}}{f(i)},M\\right)) | -| `-p coe` | ![COE](http://latex.codecogs.com/gif.latex?p%28i%29%3D%5Cbegin%7Bcases%7D%200%20%26%20%5Ctext%7B%20if%20%7D%20f%28i%29%20%3E%20%5Cmu%5C%5C%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%202%5E%7Bs%28i%29%7D%2C%20M%5Cright%29%20%26%20%5Ctext%7B%20otherwise.%7D%20%5Cend%7Bcases%7D) | -| `-p quad` | ![QUAD](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%5Cfrac%7Bs%28i%29%5E2%7D%7Bf%28i%29%7D%2CM%5Cright%29) | -| `-p lin` | ![LIN](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Cmin%5Cleft%28%5Cfrac%7B%5Calpha%28i%29%7D%7B%5Cbeta%7D%5Ccdot%5Cfrac%7Bs%28i%29%7D%7Bf%28i%29%7D%2CM%5Cright%29) | -| `-p exploit` (AFL) | ![LIN](http://latex.codecogs.com/gif.latex?p%28i%29%20%3D%20%5Calpha%28i%29) | -| `-p mmopt` | Experimental: `explore` with no weighting to runtime and increased weighting on the last 5 queue entries | -| `-p rare` | Experimental: `rare` puts focus on queue entries that hit rare edges | -| `-p seek` | Experimental: `seek` is EXPLORE but ignoring the runtime of the queue input and less focus on the size | -where *α(i)* is the performance score that AFL uses to compute for the seed input *i*, *β(i)>1* is a constant, *s(i)* is the number of times that seed *i* has been chosen from the queue, *f(i)* is the number of generated inputs that exercise the same path as seed *i*, and *μ* is the average number of generated inputs exercising a path. - -More details can be found in the paper that was accepted at the [23rd ACM Conference on Computer and Communications Security (CCS'16)](https://www.sigsac.org/ccs/CCS2016/accepted-papers/). - -PS: In parallel mode (several instances with shared queue), we suggest to run the main node using the exploit schedule (-p exploit) and the secondary nodes with a combination of cut-off-exponential (-p coe), exponential (-p fast; default), and explore (-p explore) schedules. In single mode, the default settings will do. **EDIT:** In parallel mode, AFLFast seems to perform poorly because the path probability estimates are incorrect for the imported seeds. Pull requests to fix this issue by syncing the estimates across instances are appreciated :) - -Copyright 2013, 2014, 2015, 2016 Google Inc. All rights reserved. -Released under terms and conditions of Apache License, Version 2.0. diff --git a/docs/technical_details.md b/docs/technical_details.md index a0453c91..6a4660a2 100644 --- a/docs/technical_details.md +++ b/docs/technical_details.md @@ -1,5 +1,9 @@ # Technical "whitepaper" for afl-fuzz + +NOTE: this document is rather outdated! + + This document provides a quick overview of the guts of American Fuzzy Lop. See README.md for the general instruction manual; and for a discussion of motivations and design goals behind AFL, see historical_notes.md. diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index 3f518b55..b01ea987 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -299,8 +299,9 @@ static void __afl_map_shm(void) { if (!getenv("AFL_QUIET")) fprintf(stderr, - "Warning: AFL++ tools will need to set AFL_MAP_SIZE to %u " - "to be able to run this instrumented program!\n", + "Warning: AFL++ tools might need to set AFL_MAP_SIZE to %u " + "to be able to run this instrumented program if this " + "crashes!\n", __afl_final_loc); } From 4fe572b80f76ff0b0e916b639d1e04d5af48b157 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jul 2021 12:24:29 +0200 Subject: [PATCH 416/441] always build aflpp driver --- GNUmakefile | 3 +-- docs/Changelog.md | 1 + utils/aflpp_driver/GNUmakefile | 14 +++++++------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/GNUmakefile b/GNUmakefile index 53cc0537..7a1ba88a 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -306,6 +306,7 @@ endif .PHONY: all all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_build all_done + -$(MAKE) -C utils/aflpp_driver .PHONY: llvm llvm: @@ -597,7 +598,6 @@ distrib: all -$(MAKE) -f GNUmakefile.gcc_plugin $(MAKE) -C utils/libdislocator $(MAKE) -C utils/libtokencap - -$(MAKE) -C utils/aflpp_driver $(MAKE) -C utils/afl_network_proxy $(MAKE) -C utils/socket_fuzzing $(MAKE) -C utils/argv_fuzzing @@ -622,7 +622,6 @@ source-only: all -$(MAKE) -f GNUmakefile.gcc_plugin $(MAKE) -C utils/libdislocator $(MAKE) -C utils/libtokencap - -$(MAKE) -C utils/aflpp_driver %.8: % @echo .TH $* 8 $(BUILD_DATE) "afl++" > $@ diff --git a/docs/Changelog.md b/docs/Changelog.md index 705daa40..29af44ab 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -36,6 +36,7 @@ sending a mail to . - fix timeout handling - add forkserver support for better performance - ensure afl-compiler-rt is built for gcc_module + - always build aflpp_driver for libfuzzer harnesses - added `AFL_NO_FORKSRV` env variable support to afl-cmin, afl-tmin, and afl-showmap, by @jhertz - removed outdated documents, improved existing documentation diff --git a/utils/aflpp_driver/GNUmakefile b/utils/aflpp_driver/GNUmakefile index ad99b893..c282a9f3 100644 --- a/utils/aflpp_driver/GNUmakefile +++ b/utils/aflpp_driver/GNUmakefile @@ -15,28 +15,28 @@ aflpp_driver.o: aflpp_driver.c -$(LLVM_BINDIR)clang -I. -I../../include $(CFLAGS) -c aflpp_driver.c libAFLDriver.a: aflpp_driver.o - ar ru libAFLDriver.a aflpp_driver.o - cp -vf libAFLDriver.a ../../ + @ar rc libAFLDriver.a aflpp_driver.o + @cp -vf libAFLDriver.a ../../ debug: $(LLVM_BINDIR)clang -Wno-deprecated -I../../include $(CFLAGS) -D_DEBUG=\"1\" -c -o afl-performance.o ../../src/afl-performance.c $(LLVM_BINDIR)clang -I../../include -D_DEBUG=\"1\" -g -funroll-loops -c aflpp_driver.c #$(LLVM_BINDIR)clang -S -emit-llvm -Wno-deprecated -I../../include $(CFLAGS) -D_DEBUG=\"1\" -c -o afl-performance.ll ../../src/afl-performance.c #$(LLVM_BINDIR)clang -S -emit-llvm -I../../include -D_DEBUG=\"1\" -g -funroll-loops -c aflpp_driver.c - ar ru libAFLDriver.a afl-performance.o aflpp_driver.o + ar rc libAFLDriver.a afl-performance.o aflpp_driver.o aflpp_qemu_driver.o: aflpp_qemu_driver.c -$(LLVM_BINDIR)clang $(CFLAGS) -O0 -funroll-loops -c aflpp_qemu_driver.c libAFLQemuDriver.a: aflpp_qemu_driver.o - -ar ru libAFLQemuDriver.a aflpp_qemu_driver.o - -cp -vf libAFLQemuDriver.a ../../ + @-ar rc libAFLQemuDriver.a aflpp_qemu_driver.o + @-cp -vf libAFLQemuDriver.a ../../ aflpp_qemu_driver_hook.so: aflpp_qemu_driver_hook.o - -test -e aflpp_qemu_driver_hook.o && $(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so || echo "Note: Optional aflpp_qemu_driver_hook.so not built." + @-test -e aflpp_qemu_driver_hook.o && $(LLVM_BINDIR)clang -shared aflpp_qemu_driver_hook.o -o aflpp_qemu_driver_hook.so || echo "Note: Optional aflpp_qemu_driver_hook.so not built." aflpp_qemu_driver_hook.o: aflpp_qemu_driver_hook.c - -test -e ../../qemu_mode/qemuafl/qemuafl/api.h && $(LLVM_BINDIR)clang $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c || echo "Note: Optional aflpp_qemu_driver_hook.o not built." + @-test -e ../../qemu_mode/qemuafl/qemuafl/api.h && $(LLVM_BINDIR)clang $(CFLAGS) -funroll-loops -c aflpp_qemu_driver_hook.c || echo "Note: Optional aflpp_qemu_driver_hook.o not built." test: debug #clang -S -emit-llvm -D_DEBUG=\"1\" -I../../include -Wl,--allow-multiple-definition -funroll-loops -o aflpp_driver_test.ll aflpp_driver_test.c From 9ec63d3f1776ae1442fe89d5e076b58b36997f76 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jul 2021 14:31:27 +0200 Subject: [PATCH 417/441] fix frida, fix dictionary generation to honor AFL_LLVM_{ALLOW/DENY}LIST --- docs/Changelog.md | 2 ++ frida_mode/src/instrument/instrument.c | 3 ++- instrumentation/SanitizerCoverageLTO.so.cc | 2 ++ instrumentation/afl-llvm-dict2file.so.cc | 1 + instrumentation/afl-llvm-pass.so.cc | 4 ++-- 5 files changed, 9 insertions(+), 3 deletions(-) diff --git a/docs/Changelog.md b/docs/Changelog.md index 29af44ab..8aca5608 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -24,10 +24,12 @@ sending a mail to . - Fix to instrument global namespace functions in c++ - Fix for llvm 13 - support partial linking + - do honor AFL_LLVM_{ALLOW/DENY}LIST for LTO autodictionary and DICT2FILE - We do support llvm versions from 3.8 to 5.0 again - frida_mode: - several fixes for cmplog - remove need for AFL_FRIDA_PERSISTENT_RETADDR_OFFSET + - less coverage collision - feature parity of aarch64 with intel now (persistent, cmplog, in-memory testcases, asan) - afl-cmin and afl-showmap -i do now descend into subdirectories diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index 81d14013..e1dabf92 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -1,6 +1,7 @@ #include #include #include +#include #include "frida-gumjs.h" @@ -289,7 +290,7 @@ void instrument_init(void) { * needs to be different for each instance. */ instrument_hash_seed = - g_get_monotonic_time() ^ (((guint64)getpid()) << 32) ^ gettid(); + g_get_monotonic_time() ^ (((guint64)getpid()) << 32) ^ syscall(SYS_gettid); OKF("Instrumentation - seed [0x%016" G_GINT64_MODIFIER "x]", instrument_hash_seed); diff --git a/instrumentation/SanitizerCoverageLTO.so.cc b/instrumentation/SanitizerCoverageLTO.so.cc index 28eb0b9f..91b81910 100644 --- a/instrumentation/SanitizerCoverageLTO.so.cc +++ b/instrumentation/SanitizerCoverageLTO.so.cc @@ -516,6 +516,8 @@ bool ModuleSanitizerCoverage::instrumentModule( for (auto &F : M) { + if (!isInInstrumentList(&F) || !F.size()) { continue; } + for (auto &BB : F) { for (auto &IN : BB) { diff --git a/instrumentation/afl-llvm-dict2file.so.cc b/instrumentation/afl-llvm-dict2file.so.cc index 5350f62b..9daa75a8 100644 --- a/instrumentation/afl-llvm-dict2file.so.cc +++ b/instrumentation/afl-llvm-dict2file.so.cc @@ -154,6 +154,7 @@ bool AFLdict2filePass::runOnModule(Module &M) { for (auto &F : M) { if (isIgnoreFunction(&F)) continue; + if (!isInInstrumentList(&F) || !F.size()) { continue; } /* Some implementation notes. * diff --git a/instrumentation/afl-llvm-pass.so.cc b/instrumentation/afl-llvm-pass.so.cc index 94b77f7d..ecf28f31 100644 --- a/instrumentation/afl-llvm-pass.so.cc +++ b/instrumentation/afl-llvm-pass.so.cc @@ -438,9 +438,9 @@ bool AFLCoverage::runOnModule(Module &M) { fprintf(stderr, "FUNCTION: %s (%zu)\n", F.getName().str().c_str(), F.size()); - if (!isInInstrumentList(&F)) continue; + if (!isInInstrumentList(&F)) { continue; } - if (F.size() < function_minimum_size) continue; + if (F.size() < function_minimum_size) { continue; } std::list todo; for (auto &BB : F) { From bb627c7e58cf0b726b078108281e4c8922aa353f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jul 2021 15:20:24 +0200 Subject: [PATCH 418/441] add to readme how to fuzz on multiple servers --- README.md | 59 +++++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 51 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 50f514ab..a0660a15 100644 --- a/README.md +++ b/README.md @@ -660,7 +660,7 @@ of the testcases. Depending on the average testcase size (and those found during fuzzing) and their number, a value between 50-500MB is recommended. You can set the cache size (in MB) by setting the environment variable `AFL_TESTCACHE_SIZE`. -There should be one main fuzzer (`-M main` option) and as many secondary +There should be one main fuzzer (`-M main-$HOSTNAME` option) and as many secondary fuzzers (eg `-S variant1`) as you have cores that you use. Every -M/-S entry needs a unique name (that can be whatever), however the same -o output directory location has to be used for all instances. @@ -668,7 +668,7 @@ Every -M/-S entry needs a unique name (that can be whatever), however the same For every secondary fuzzer there should be a variation, e.g.: * one should fuzz the target that was compiled differently: with sanitizers activated (`export AFL_USE_ASAN=1 ; export AFL_USE_UBSAN=1 ; - export AFL_USE_CFISAN=1 ; export AFL_USE_LSAN=1`) + export AFL_USE_CFISAN=1`) * one or two should fuzz the target with CMPLOG/redqueen (see above), at least one cmplog instance should follow transformations (`-l AT`) * one to three fuzzers should fuzz a target compiled with laf-intel/COMPCOV @@ -694,8 +694,9 @@ You can also use different fuzzers. If you are using afl spinoffs or afl conforming fuzzers, then just use the same -o directory and give it a unique `-S` name. Examples are: - * [Eclipser](https://github.com/SoftSec-KAIST/Eclipser/) + * [Fuzzolic](https://github.com/season-lab/fuzzolic) * [symcc](https://github.com/eurecom-s/symcc/) + * [Eclipser](https://github.com/SoftSec-KAIST/Eclipser/) * [AFLsmart](https://github.com/aflsmart/aflsmart) * [FairFuzz](https://github.com/carolemieux/afl-rb) * [Neuzz](https://github.com/Dongdongshe/neuzz) @@ -709,7 +710,46 @@ directory of a different fuzzer is, e.g. `-F /src/target/honggfuzz`. Using honggfuzz (with `-n 1` or `-n 2`) and libfuzzer in parallel is highly recommended! -#### c) The status of the fuzz campaign +#### c) Using multiple machines for fuzzing + +Maybe you have more than one machine you want to fuzz the same target on. +Simply start the `afl-fuzz` (and perhaps libfuzzer, honggfuzz, ...) +orchestra as you like, just ensure that your have one and only one `-M` +instance per server, and that its name is unique, hence the recommendation +for `-M main-$HOSTNAME`. + +Now there are three strategies on how you can sync between the servers: + * never: sounds weird, but this makes every server an island and has the + chance the each follow different paths into the target. You can make + this even more interesting by even giving different seeds to each server. + * regularly (~4h): this ensures that all fuzzing campaigns on the servers + "see" the same thing. It is like fuzzing on a huge server. + * in intervals of 1/10th of the overall expected runtime of the fuzzing you + sync. This tries a bit to combine both. have some individuality of the + paths each campaign on a server explores, on the other hand if one + gets stuck where another found progress this is handed over making it + unstuck. + +The syncing process itself is very simple. +As the `-M main-$HOSTNAME` instance syncs to all `-S` secondaries as well +as to other fuzzers, you have to copy only this directory to the other +machines. + +Lets say all servers have the `-o out` directory in /target/foo/out, and +you created a file `servers.txt` which contains the hostnames of all +participating servers, plus you have an ssh key deployed to all of them, +then run: +```bash +for FROM in `cat servers.txt`; do + for TO in `cat servers.txt`; do + rsync -rlpogtz --rsh=ssh $FROM:/target/foo/out/main-$FROM $TO:target/foo/out/ + done +done +``` +You can run this manually, per cron job - as you need it. +There is a more complex and configurable script in `utils/distributed_fuzzing`. + +#### d) The status of the fuzz campaign afl++ comes with the `afl-whatsup` script to show the status of the fuzzing campaign. @@ -718,9 +758,12 @@ Just supply the directory that afl-fuzz is given with the -o option and you will see a detailed status of every fuzzer in that campaign plus a summary. -To have only the summary use the `-s` switch e.g.: `afl-whatsup -s output/` +To have only the summary use the `-s` switch e.g.: `afl-whatsup -s out/` -#### d) Checking the coverage of the fuzzing +If you have multiple servers then use the command after a sync, or you have +to execute this script per server. + +#### e) Checking the coverage of the fuzzing The `paths found` value is a bad indicator how good the coverage is. @@ -755,7 +798,7 @@ functionality is usually behind options that were not activated or fuzz e.g. if you fuzz a library to convert image formats and your target is the png to tiff API then you will not touch any of the other library APIs and features. -#### e) How long to fuzz a target? +#### f) How long to fuzz a target? This is a difficult question. Basically if no new path is found for a long time (e.g. for a day or a week) @@ -767,7 +810,7 @@ Keep the queue/ directory (for future fuzzings of the same or similar targets) and use them to seed other good fuzzers like libfuzzer with the -entropic switch or honggfuzz. -#### f) Improve the speed! +#### g) Improve the speed! * Use [persistent mode](instrumentation/README.persistent_mode.md) (x2-x20 speed increase) * If you do not use shmem persistent mode, use `AFL_TMPDIR` to point the input file on a tempfs location, see [docs/env_variables.md](docs/env_variables.md) From d346d07b63754a6d62b1a5723a7b16be7a52fbd9 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Wed, 14 Jul 2021 17:39:17 +0200 Subject: [PATCH 419/441] typos/wording --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a0660a15..7f9ce9cf 100644 --- a/README.md +++ b/README.md @@ -393,12 +393,12 @@ It is possible to use sanitizers when instrumenting targets for fuzzing, which allows you to find bugs that would not necessarily result in a crash. Note that sanitizers have a huge impact on CPU (= less executions per second) -and RAM usage. Also you should only run one afl-fuz instance per sanitizer type. -This is enough because a user-after-free bug will be picked up, e.g. by +and RAM usage. Also you should only run one afl-fuzz instance per sanitizer type. +This is enough because a use-after-free bug will be picked up, e.g. by ASAN (address sanitizer) anyway when syncing to other fuzzing instances, so not all fuzzing instances need to be instrumented with ASAN. -The wolloing sanitizers have built-in support in afl++: +The following sanitizers have built-in support in afl++: * ASAN = Address SANitizer, finds memory corruption vulnerabilities like use-after-free, NULL pointer dereference, buffer overruns, etc. Enabled with `export AFL_USE_ASAN=1` before compiling. @@ -425,10 +425,10 @@ The wolloing sanitizers have built-in support in afl++: Enabled with `export AFL_USE_LSAN=1` before compiling. It is possible to further modify the behaviour of the sanitizers at run-time -by setting `ASAN_OPTIONS=...`, `LSAN_OPTIONS` etc. - the availabel parameter +by setting `ASAN_OPTIONS=...`, `LSAN_OPTIONS` etc. - the available parameters can be looked up in the sanitizer documentation of llvm/clang. afl-fuzz however requires some specific parameters important for fuzzing to be -set if you want to set your own, and will bail and report what it is missing. +set. If you want to set your own, it might bail and report what it is missing. Note that some sanitizers cannot be used together, e.g. ASAN and MSAN, and others often cannot work together because of target weirdness, e.g. ASAN and From 6e818ed078ef0c799043613c9f2872afbf754d15 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jul 2021 17:49:59 +0200 Subject: [PATCH 420/441] rephrasing --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7f9ce9cf..f32dfb8c 100644 --- a/README.md +++ b/README.md @@ -469,8 +469,8 @@ Then build the target. (Usually with `make`) 1. sometimes configure and build systems are fickle and do not like stderr output (and think this means a test failure) - which is something - afl++ likes to do to show statistics. It is recommended to disable them via - `export AFL_QUIET=1`. + afl++ likes to do to show statistics. It is recommended to disable afl++ + instrumentation reporting via `export AFL_QUIET=1`. 2. sometimes configure and build systems error on warnings - these should be disabled (e.g. `--disable-werror` for some configure scripts). From 6df597213a4406e290602f14a852f3fae64f818e Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Wed, 14 Jul 2021 18:20:38 +0200 Subject: [PATCH 421/441] fix for -fsanitize=fuzzer on MacOS --- src/afl-cc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/afl-cc.c b/src/afl-cc.c index d35b177d..9899f973 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -767,6 +767,11 @@ static void edit_params(u32 argc, char **argv, char **envp) { cc_params[cc_par_cnt++] = afllib; +#ifdef __APPLE__ + cc_params[cc_par_cnt++] = "-undefined"; + cc_params[cc_par_cnt++] = "dynamic_lookup"; +#endif + } continue; From 4560ecc6479ca5246cca7557a40f08a4cbc1f7b7 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Jul 2021 09:32:53 +0200 Subject: [PATCH 422/441] LLVMFuzzerTestOneInput + screen doc update --- README.md | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/README.md b/README.md index f32dfb8c..f0c40874 100644 --- a/README.md +++ b/README.md @@ -526,6 +526,24 @@ it. See [instrumentation/README.persistent_mode.md](instrumentation/README.persi Basically if you do not fuzz a target in persistent mode then you are just doing it for a hobby and not professionally :-) +#### g) libfuzzer fuzzer harnesses with LLVMFuzzerTestOneInput() + +libfuzzer `LLVMFuzzerTestOneInput()` harnesses are the defacto standard +for fuzzing, and they can be used with afl++ (and honggfuzz) as well! +Compiling them is as simple as: +``` +afl-clang-fast++ -fsanitize=fuzzer -o harness harness.cpp targetlib.a +``` +You can even use advanced libfuzzer features like `FuzzedDataProvider`, +`LLVMFuzzerMutate()` etc. and they will work! + +The generated binary is fuzzed with afl-fuzz like any other fuzz target. + +Bonus: the target is already optimized for fuzzing due persistent mode and +shared-memory testcases and hence gives you the fastest speed possible. + +For more information see [utils/aflpp_driver/README.md](utils/aflpp_driver/README.md) + ### 2. Preparing the fuzzing campaign As you fuzz the target with mutated input, having as diverse inputs for the @@ -607,6 +625,16 @@ step [2a. Collect inputs](#a-collect-inputs): `afl-fuzz -i input -o output -- bin/target -d @@` Note that the directory specified with -o will be created if it does not exist. +It can be valuable to run afl-fuzz in a screen or tmux shell so you can log off, +or afl-fuzz is not aborted if you are running it in a remote ssh session where +the connection fails in between. +Only do that though once you have verified that your fuzzing setup works! +Simply run it like `screen -dmS afl-main -- afl-fuzz -M main-$HOSTNAME -i ...` +and it will start away in a screen session. To enter this session simply type +`screen -r afl-main`. You see - it makes sense to name the screen session +same as the afl-fuzz -M/-S naming :-) +For more information on screen or tmux please check their documentation. + If you need to stop and re-start the fuzzing, use the same command line options (or even change them by selecting a different power schedule or another mutation mode!) and switch the input directory with a dash (`-`): From b7cd6db08f1498f9bb10423309f554293e567aa9 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 15 Jul 2021 09:43:31 +0200 Subject: [PATCH 423/441] Delete template_test_harness.py Please refer to /samples for documented example harnesses in python, rust, and c. See #1022 --- .../helper_scripts/template_test_harness.py | 104 ------------------ 1 file changed, 104 deletions(-) delete mode 100644 unicorn_mode/helper_scripts/template_test_harness.py diff --git a/unicorn_mode/helper_scripts/template_test_harness.py b/unicorn_mode/helper_scripts/template_test_harness.py deleted file mode 100644 index 93c526cc..00000000 --- a/unicorn_mode/helper_scripts/template_test_harness.py +++ /dev/null @@ -1,104 +0,0 @@ -""" - template_test_harness.py - - Template which loads the context of a process into a Unicorn Engine, - instance, loads a custom (mutated) inputs, and executes the - desired code. Designed to be used in conjunction with one of the - Unicorn Context Dumper scripts. - - Author: - Nathan Voss -""" - -import argparse - -from unicorn import * -from unicorn.x86_const import * # TODO: Set correct architecture here as necessary - -import unicorn_loader - -# Simple stand-in heap to prevent OS/kernel issues -unicorn_heap = None - -# Start and end address of emulation -START_ADDRESS = # TODO: Set start address here -END_ADDRESS = # TODO: Set end address here - -""" - Implement target-specific hooks in here. - Stub out, skip past, and re-implement necessary functionality as appropriate -""" -def unicorn_hook_instruction(uc, address, size, user_data): - - # TODO: Setup hooks and handle anything you need to here - # - For example, hook malloc/free/etc. and handle it internally - pass - -#------------------------ -#---- Main test function - -def main(): - - parser = argparse.ArgumentParser() - parser.add_argument('context_dir', type=str, help="Directory containing process context") - parser.add_argument('input_file', type=str, help="Path to the file containing the mutated input content") - parser.add_argument('-d', '--debug', default=False, action="store_true", help="Dump trace info") - args = parser.parse_args() - - print("Loading context from {}".format(args.context_dir)) - uc = unicorn_loader.AflUnicornEngine(args.context_dir, enable_trace=args.debug, debug_print=False) - - # Instantiate the hook function to avoid emulation errors - global unicorn_heap - unicorn_heap = unicorn_loader.UnicornSimpleHeap(uc, debug_print=True) - uc.hook_add(UC_HOOK_CODE, unicorn_hook_instruction) - - # Execute 1 instruction just to startup the forkserver - # NOTE: This instruction will be executed again later, so be sure that - # there are no negative consequences to the overall execution state. - # If there are, change the later call to emu_start to no re-execute - # the first instruction. - print("Starting the forkserver by executing 1 instruction") - try: - uc.emu_start(START_ADDRESS, 0, 0, count=1) - except UcError as e: - print("ERROR: Failed to execute a single instruction (error: {})!".format(e)) - return - - # Allocate a buffer and load a mutated input and put it into the right spot - if args.input_file: - print("Loading input content from {}".format(args.input_file)) - input_file = open(args.input_file, 'rb') - input_content = input_file.read() - input_file.close() - - # TODO: Apply constraints to mutated input here - raise exceptions.NotImplementedError('No constraints on the mutated inputs have been set!') - - # Allocate a new buffer and put the input into it - buf_addr = unicorn_heap.malloc(len(input_content)) - uc.mem_write(buf_addr, input_content) - print("Allocated mutated input buffer @ 0x{0:016x}".format(buf_addr)) - - # TODO: Set the input into the state so it will be handled - raise exceptions.NotImplementedError('The mutated input was not loaded into the Unicorn state!') - - # Run the test - print("Executing from 0x{0:016x} to 0x{1:016x}".format(START_ADDRESS, END_ADDRESS)) - try: - result = uc.emu_start(START_ADDRESS, END_ADDRESS, timeout=0, count=0) - except UcError as e: - # If something went wrong during emulation a signal is raised to force this - # script to crash in a way that AFL can detect ('uc.force_crash()' should be - # called for any condition that you want AFL to treat as a crash). - print("Execution failed with error: {}".format(e)) - uc.dump_regs() - uc.force_crash(e) - - print("Final register state:") - uc.dump_regs() - - print("Done.") - -if __name__ == "__main__": - main() From 3dd39fec906758cc545f526d5003e0f28278b316 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 15 Jul 2021 09:46:16 +0100 Subject: [PATCH 424/441] Fix printing of JS errors (#1024) Co-authored-by: Your Name --- frida_mode/src/js/js.c | 45 ++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 24 deletions(-) diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index cf98ff3e..86ae6d29 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -83,21 +83,33 @@ static void js_print_script(gchar *source) { } -static void create_cb(GObject *source_object, GAsyncResult *result, - gpointer user_data) { - - UNUSED_PARAMETER(source_object); - UNUSED_PARAMETER(user_data); - script = gum_script_backend_create_finish(backend, result, &error); - -} - static void load_cb(GObject *source_object, GAsyncResult *result, gpointer user_data) { UNUSED_PARAMETER(source_object); UNUSED_PARAMETER(user_data); gum_script_load_finish(script, result); + if (error != NULL) + { + FATAL("Failed to load script - %s", error->message); + } + +} + +static void create_cb(GObject *source_object, GAsyncResult *result, + gpointer user_data) { + + UNUSED_PARAMETER(source_object); + UNUSED_PARAMETER(user_data); + script = gum_script_backend_create_finish(backend, result, &error); + if (error != NULL) + { + FATAL("Failed to create script: %s", error->message); + } + + gum_script_set_message_handler(script, js_msg, NULL, NULL); + + gum_script_load(script, cancellable, load_cb, NULL); } @@ -122,20 +134,6 @@ void js_start(void) { while (g_main_context_pending(context)) g_main_context_iteration(context, FALSE); - if (error != NULL) { - - g_printerr("%s\n", error->message); - FATAL("Error processing script"); - - } - - gum_script_load(script, cancellable, load_cb, NULL); - - while (g_main_context_pending(context)) - g_main_context_iteration(context, FALSE); - - gum_script_set_message_handler(script, js_msg, NULL, NULL); - if (!js_done) { FATAL("Script didn't call Afl.done()"); } } @@ -147,4 +145,3 @@ gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, return js_user_callback(insn, begin, excluded, output); } - From cd683ed2530d70c958c78395e7ee67b34c6821df Mon Sep 17 00:00:00 2001 From: Michael Rodler Date: Thu, 15 Jul 2021 11:03:20 +0200 Subject: [PATCH 425/441] fixed potential UAF with custom mutator havoc on realloc --- src/afl-fuzz-one.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afl-fuzz-one.c b/src/afl-fuzz-one.c index 76e64f2a..7274f679 100644 --- a/src/afl-fuzz-one.c +++ b/src/afl-fuzz-one.c @@ -2057,7 +2057,7 @@ havoc_stage: temp_len = new_len; if (out_buf != custom_havoc_buf) { - afl_realloc(AFL_BUF_PARAM(out), temp_len); + out_buf = afl_realloc(AFL_BUF_PARAM(out), temp_len); if (unlikely(!afl->out_buf)) { PFATAL("alloc"); } memcpy(out_buf, custom_havoc_buf, temp_len); From 2d8050c3976eb0f7fbc3d6b83d824a1b33b0b581 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 15 Jul 2021 11:52:04 +0200 Subject: [PATCH 426/441] deleted duplicate line after merge --- frida_mode/src/stalker.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/frida_mode/src/stalker.c b/frida_mode/src/stalker.c index 5520b73a..5df0386f 100644 --- a/frida_mode/src/stalker.c +++ b/frida_mode/src/stalker.c @@ -43,9 +43,6 @@ void stalker_init(void) { /* *NEVER* stalk the stalker, only bad things will ever come of this! */ gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, stalker_exclude_self, NULL); - /* *NEVER* stalk the stalker, only bad things will ever come of this! */ - gum_process_enumerate_ranges(GUM_PAGE_EXECUTE, stalker_exclude_self, NULL); - } GumStalker *stalker_get(void) { From ed2d4743696ac2c5e3d9a167a091930ac8c2e4ad Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 15 Jul 2021 12:35:45 +0200 Subject: [PATCH 427/441] replaced unicorn with unicornafl --- unicorn_mode/helper_scripts/unicorn_loader.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/unicorn_mode/helper_scripts/unicorn_loader.py b/unicorn_mode/helper_scripts/unicorn_loader.py index 1914a83d..58c968fb 100644 --- a/unicorn_mode/helper_scripts/unicorn_loader.py +++ b/unicorn_mode/helper_scripts/unicorn_loader.py @@ -20,11 +20,11 @@ import time import zlib # Unicorn imports -from unicorn import * -from unicorn.arm_const import * -from unicorn.arm64_const import * -from unicorn.x86_const import * -from unicorn.mips_const import * +from unicornafl import * +from unicornafl.arm_const import * +from unicornafl.arm64_const import * +from unicornafl.x86_const import * +from unicornafl.mips_const import * # If Capstone libraries are availible (only check once) try: From 7fb2d90c49b7836582420d5738cbaeaa5213f338 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 15 Jul 2021 12:37:09 +0200 Subject: [PATCH 428/441] replaced \t with spaces --- custom_mutators/grammar_mutator/grammar_mutator | 2 +- qemu_mode/qemuafl | 2 +- unicorn_mode/helper_scripts/unicorn_loader.py | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index b79d51a8..b3c4fcfa 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit b79d51a8daccbd7a693f9b6765c81ead14f28e26 +Subproject commit b3c4fcfa6ae28918bc410f7747135eafd4fb7263 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index d73b0336..21ff3438 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 +Subproject commit 21ff34383764a8c6f66509b3b8d5282468c721e1 diff --git a/unicorn_mode/helper_scripts/unicorn_loader.py b/unicorn_mode/helper_scripts/unicorn_loader.py index 58c968fb..4f82d0a3 100644 --- a/unicorn_mode/helper_scripts/unicorn_loader.py +++ b/unicorn_mode/helper_scripts/unicorn_loader.py @@ -194,10 +194,10 @@ class AflUnicornEngine(Uc): self.__load_registers(regs, reg_map, debug_print) # If we have extra FLOATING POINT regs, load them in! if 'regs_extended' in context: - if context['regs_extended']: - regs_extended = context['regs_extended'] - reg_map = self.__get_registers_extended(self._arch_str) - self.__load_registers(regs_extended, reg_map, debug_print) + if context['regs_extended']: + regs_extended = context['regs_extended'] + reg_map = self.__get_registers_extended(self._arch_str) + self.__load_registers(regs_extended, reg_map, debug_print) # For ARM, sometimes the stack pointer is erased ??? (I think I fixed this (issue with ordering of dumper.py, I'll keep the write anyways) if self.__get_arch_and_mode(self.get_arch_str())[0] == UC_ARCH_ARM: From c279750689a0e49e722d24a352dd0af28a60e986 Mon Sep 17 00:00:00 2001 From: Dominik Maier Date: Thu, 15 Jul 2021 12:38:15 +0200 Subject: [PATCH 429/441] formatting --- unicorn_mode/helper_scripts/unicorn_loader.py | 640 +++++++++++------- 1 file changed, 382 insertions(+), 258 deletions(-) diff --git a/unicorn_mode/helper_scripts/unicorn_loader.py b/unicorn_mode/helper_scripts/unicorn_loader.py index 4f82d0a3..c48a7572 100644 --- a/unicorn_mode/helper_scripts/unicorn_loader.py +++ b/unicorn_mode/helper_scripts/unicorn_loader.py @@ -29,6 +29,7 @@ from unicornafl.mips_const import * # If Capstone libraries are availible (only check once) try: from capstone import * + CAPSTONE_EXISTS = 1 except: CAPSTONE_EXISTS = 0 @@ -44,29 +45,38 @@ MAX_ALLOWABLE_SEG_SIZE = 1024 * 1024 * 1024 # Alignment functions to align all memory segments to Unicorn page boundaries (4KB pages only) ALIGN_PAGE_DOWN = lambda x: x & ~(UNICORN_PAGE_SIZE - 1) -ALIGN_PAGE_UP = lambda x: (x + UNICORN_PAGE_SIZE - 1) & ~(UNICORN_PAGE_SIZE-1) +ALIGN_PAGE_UP = lambda x: (x + UNICORN_PAGE_SIZE - 1) & ~(UNICORN_PAGE_SIZE - 1) + +# --------------------------------------- +# ---- Unicorn-based heap implementation -#--------------------------------------- -#---- Unicorn-based heap implementation class UnicornSimpleHeap(object): - """ Use this class to provide a simple heap implementation. This should - be used if malloc/free calls break things during emulation. This heap also - implements basic guard-page capabilities which enable immediate notice of - heap overflow and underflows. + """Use this class to provide a simple heap implementation. This should + be used if malloc/free calls break things during emulation. This heap also + implements basic guard-page capabilities which enable immediate notice of + heap overflow and underflows. """ # Helper data-container used to track chunks class HeapChunk(object): def __init__(self, actual_addr, total_size, data_size): - self.total_size = total_size # Total size of the chunk (including padding and guard page) - self.actual_addr = actual_addr # Actual start address of the chunk - self.data_size = data_size # Size requested by the caller of actual malloc call - self.data_addr = actual_addr + UNICORN_PAGE_SIZE # Address where data actually starts + self.total_size = ( + total_size # Total size of the chunk (including padding and guard page) + ) + self.actual_addr = actual_addr # Actual start address of the chunk + self.data_size = ( + data_size # Size requested by the caller of actual malloc call + ) + self.data_addr = ( + actual_addr + UNICORN_PAGE_SIZE + ) # Address where data actually starts # Returns true if the specified buffer is completely within the chunk, else false def is_buffer_in_chunk(self, addr, size): - if addr >= self.data_addr and ((addr + size) <= (self.data_addr + self.data_size)): + if addr >= self.data_addr and ( + (addr + size) <= (self.data_addr + self.data_size) + ): return True else: return False @@ -75,9 +85,9 @@ class UnicornSimpleHeap(object): HEAP_MIN_ADDR = 0x00002000 HEAP_MAX_ADDR = 0xFFFFFFFF - _uc = None # Unicorn engine instance to interact with - _chunks = [] # List of all known chunks - _debug_print = False # True to print debug information + _uc = None # Unicorn engine instance to interact with + _chunks = [] # List of all known chunks + _debug_print = False # True to print debug information def __init__(self, uc, debug_print=False): self._uc = uc @@ -98,7 +108,11 @@ class UnicornSimpleHeap(object): self._uc.mem_map(addr, total_chunk_size, UC_PROT_READ | UC_PROT_WRITE) chunk = self.HeapChunk(addr, total_chunk_size, size) if self._debug_print: - print("Allocating 0x{0:x}-byte chunk @ 0x{1:016x}".format(chunk.data_size, chunk.data_addr)) + print( + "Allocating 0x{0:x}-byte chunk @ 0x{1:016x}".format( + chunk.data_size, chunk.data_addr + ) + ) break except UcError as e: continue @@ -110,19 +124,26 @@ class UnicornSimpleHeap(object): def calloc(self, size, count): # Simple wrapper around malloc with calloc() args - return self.malloc(size*count) + return self.malloc(size * count) def realloc(self, ptr, new_size): # Wrapper around malloc(new_size) / memcpy(new, old, old_size) / free(old) if self._debug_print: - print("Reallocating chunk @ 0x{0:016x} to be 0x{1:x} bytes".format(ptr, new_size)) + print( + "Reallocating chunk @ 0x{0:016x} to be 0x{1:x} bytes".format( + ptr, new_size + ) + ) old_chunk = None for chunk in self._chunks: if chunk.data_addr == ptr: old_chunk = chunk new_chunk_addr = self.malloc(new_size) if old_chunk != None: - self._uc.mem_write(new_chunk_addr, str(self._uc.mem_read(old_chunk.data_addr, old_chunk.data_size))) + self._uc.mem_write( + new_chunk_addr, + str(self._uc.mem_read(old_chunk.data_addr, old_chunk.data_size)), + ) self.free(old_chunk.data_addr) return new_chunk_addr @@ -130,7 +151,11 @@ class UnicornSimpleHeap(object): for chunk in self._chunks: if chunk.is_buffer_in_chunk(addr, 1): if self._debug_print: - print("Freeing 0x{0:x}-byte chunk @ 0x{0:016x}".format(chunk.req_size, chunk.data_addr)) + print( + "Freeing 0x{0:x}-byte chunk @ 0x{0:016x}".format( + chunk.req_size, chunk.data_addr + ) + ) self._uc.mem_unmap(chunk.actual_addr, chunk.total_size) self._chunks.remove(chunk) return True @@ -139,19 +164,27 @@ class UnicornSimpleHeap(object): # Implements basic guard-page functionality def __check_mem_access(self, uc, access, address, size, value, user_data): for chunk in self._chunks: - if address >= chunk.actual_addr and ((address + size) <= (chunk.actual_addr + chunk.total_size)): + if address >= chunk.actual_addr and ( + (address + size) <= (chunk.actual_addr + chunk.total_size) + ): if chunk.is_buffer_in_chunk(address, size) == False: if self._debug_print: - print("Heap over/underflow attempting to {0} 0x{1:x} bytes @ {2:016x}".format( \ - "write" if access == UC_MEM_WRITE else "read", size, address)) + print( + "Heap over/underflow attempting to {0} 0x{1:x} bytes @ {2:016x}".format( + "write" if access == UC_MEM_WRITE else "read", + size, + address, + ) + ) # Force a memory-based crash uc.force_crash(UcError(UC_ERR_READ_PROT)) -#--------------------------- -#---- Loading function + +# --------------------------- +# ---- Loading function + class AflUnicornEngine(Uc): - def __init__(self, context_directory, enable_trace=False, debug_print=False): """ Initializes an AflUnicornEngine instance, which extends standard the UnicornEngine @@ -166,51 +199,56 @@ class AflUnicornEngine(Uc): # Make sure the index file exists and load it index_file_path = os.path.join(context_directory, INDEX_FILE_NAME) if not os.path.isfile(index_file_path): - raise Exception("Index file not found. Expected it to be at {}".format(index_file_path)) + raise Exception( + "Index file not found. Expected it to be at {}".format(index_file_path) + ) # Load the process context from the index file if debug_print: print("Loading process context index from {}".format(index_file_path)) - index_file = open(index_file_path, 'r') + index_file = open(index_file_path, "r") context = json.load(index_file) index_file.close() # Check the context to make sure we have the basic essential components - if 'arch' not in context: + if "arch" not in context: raise Exception("Couldn't find architecture information in index file") - if 'regs' not in context: + if "regs" not in context: raise Exception("Couldn't find register information in index file") - if 'segments' not in context: + if "segments" not in context: raise Exception("Couldn't find segment/memory information in index file") # Set the UnicornEngine instance's architecture and mode - self._arch_str = context['arch']['arch'] + self._arch_str = context["arch"]["arch"] arch, mode = self.__get_arch_and_mode(self._arch_str) Uc.__init__(self, arch, mode) # Load the registers - regs = context['regs'] + regs = context["regs"] reg_map = self.__get_register_map(self._arch_str) self.__load_registers(regs, reg_map, debug_print) # If we have extra FLOATING POINT regs, load them in! - if 'regs_extended' in context: - if context['regs_extended']: - regs_extended = context['regs_extended'] + if "regs_extended" in context: + if context["regs_extended"]: + regs_extended = context["regs_extended"] reg_map = self.__get_registers_extended(self._arch_str) self.__load_registers(regs_extended, reg_map, debug_print) # For ARM, sometimes the stack pointer is erased ??? (I think I fixed this (issue with ordering of dumper.py, I'll keep the write anyways) if self.__get_arch_and_mode(self.get_arch_str())[0] == UC_ARCH_ARM: - self.reg_write(UC_ARM_REG_SP, regs['sp']) + self.reg_write(UC_ARM_REG_SP, regs["sp"]) # Setup the memory map and load memory content - self.__map_segments(context['segments'], context_directory, debug_print) + self.__map_segments(context["segments"], context_directory, debug_print) if enable_trace: self.hook_add(UC_HOOK_BLOCK, self.__trace_block) self.hook_add(UC_HOOK_CODE, self.__trace_instruction) self.hook_add(UC_HOOK_MEM_WRITE | UC_HOOK_MEM_READ, self.__trace_mem_access) - self.hook_add(UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_READ_INVALID, self.__trace_mem_invalid_access) + self.hook_add( + UC_HOOK_MEM_WRITE_UNMAPPED | UC_HOOK_MEM_READ_INVALID, + self.__trace_mem_invalid_access, + ) if debug_print: print("Done loading context.") @@ -225,13 +263,19 @@ class AflUnicornEngine(Uc): return self._arch_str def force_crash(self, uc_error): - """ This function should be called to indicate to AFL that a crash occurred during emulation. - You can pass the exception received from Uc.emu_start + """This function should be called to indicate to AFL that a crash occurred during emulation. + You can pass the exception received from Uc.emu_start """ mem_errors = [ - UC_ERR_READ_UNMAPPED, UC_ERR_READ_PROT, UC_ERR_READ_UNALIGNED, - UC_ERR_WRITE_UNMAPPED, UC_ERR_WRITE_PROT, UC_ERR_WRITE_UNALIGNED, - UC_ERR_FETCH_UNMAPPED, UC_ERR_FETCH_PROT, UC_ERR_FETCH_UNALIGNED, + UC_ERR_READ_UNMAPPED, + UC_ERR_READ_PROT, + UC_ERR_READ_UNALIGNED, + UC_ERR_WRITE_UNMAPPED, + UC_ERR_WRITE_PROT, + UC_ERR_WRITE_UNALIGNED, + UC_ERR_FETCH_UNMAPPED, + UC_ERR_FETCH_PROT, + UC_ERR_FETCH_UNALIGNED, ] if uc_error.errno in mem_errors: # Memory error - throw SIGSEGV @@ -245,13 +289,18 @@ class AflUnicornEngine(Uc): def dump_regs(self): """ Dumps the contents of all the registers to STDOUT """ - for reg in sorted(self.__get_register_map(self._arch_str).items(), key=lambda reg: reg[0]): + for reg in sorted( + self.__get_register_map(self._arch_str).items(), key=lambda reg: reg[0] + ): print(">>> {0:>4}: 0x{1:016x}".format(reg[0], self.reg_read(reg[1]))) def dump_regs_extended(self): """ Dumps the contents of all the registers to STDOUT """ try: - for reg in sorted(self.__get_registers_extended(self._arch_str).items(), key=lambda reg: reg[0]): + for reg in sorted( + self.__get_registers_extended(self._arch_str).items(), + key=lambda reg: reg[0], + ): print(">>> {0:>4}: 0x{1:016x}".format(reg[0], self.reg_read(reg[1]))) except Exception as e: print("ERROR: Are extended registers loaded?") @@ -290,8 +339,8 @@ class AflUnicornEngine(Uc): struct.unpack(' {1:016x}".format(mem_start, mem_start_aligned)) + print( + " start: {0:016x} -> {1:016x}".format(mem_start, mem_start_aligned) + ) print(" end: {0:016x} -> {1:016x}".format(mem_end, mem_end_aligned)) - print("Mapping segment from {0:016x} - {1:016x} with perm={2}: {3}".format(mem_start_aligned, mem_end_aligned, perms, name)) - if(mem_start_aligned < mem_end_aligned): + print( + "Mapping segment from {0:016x} - {1:016x} with perm={2}: {3}".format( + mem_start_aligned, mem_end_aligned, perms, name + ) + ) + if mem_start_aligned < mem_end_aligned: self.mem_map(mem_start_aligned, mem_end_aligned - mem_start_aligned, perms) - def __map_segments(self, segment_list, context_directory, debug_print=False): for segment in segment_list: # Get the segment information from the index - name = segment['name'] - seg_start = segment['start'] - seg_end = segment['end'] - perms = \ - (UC_PROT_READ if segment['permissions']['r'] == True else 0) | \ - (UC_PROT_WRITE if segment['permissions']['w'] == True else 0) | \ - (UC_PROT_EXEC if segment['permissions']['x'] == True else 0) + name = segment["name"] + seg_start = segment["start"] + seg_end = segment["end"] + perms = ( + (UC_PROT_READ if segment["permissions"]["r"] == True else 0) + | (UC_PROT_WRITE if segment["permissions"]["w"] == True else 0) + | (UC_PROT_EXEC if segment["permissions"]["x"] == True else 0) + ) if debug_print: print("Handling segment {}".format(name)) @@ -376,48 +439,86 @@ class AflUnicornEngine(Uc): # Map memory into the address space if it is of an acceptable size. if (seg_end - seg_start) > MAX_ALLOWABLE_SEG_SIZE: if debug_print: - print("Skipping segment (LARGER THAN {0}) from {1:016x} - {2:016x} with perm={3}: {4}".format(MAX_ALLOWABLE_SEG_SIZE, seg_start, seg_end, perms, name)) + print( + "Skipping segment (LARGER THAN {0}) from {1:016x} - {2:016x} with perm={3}: {4}".format( + MAX_ALLOWABLE_SEG_SIZE, seg_start, seg_end, perms, name + ) + ) continue - elif not found: # Make sure it's not already mapped - if overlap_start: # Partial overlap (start) + elif not found: # Make sure it's not already mapped + if overlap_start: # Partial overlap (start) self.__map_segment(name, tmp, seg_end - tmp, perms, debug_print) - elif overlap_end: # Patrial overlap (end) - self.__map_segment(name, seg_start, tmp - seg_start, perms, debug_print) - else: # Not found - self.__map_segment(name, seg_start, seg_end - seg_start, perms, debug_print) + elif overlap_end: # Patrial overlap (end) + self.__map_segment( + name, seg_start, tmp - seg_start, perms, debug_print + ) + else: # Not found + self.__map_segment( + name, seg_start, seg_end - seg_start, perms, debug_print + ) else: if debug_print: print("Segment {} already mapped. Moving on.".format(name)) # Load the content (if available) - if 'content_file' in segment and len(segment['content_file']) > 0: - content_file_path = os.path.join(context_directory, segment['content_file']) + if "content_file" in segment and len(segment["content_file"]) > 0: + content_file_path = os.path.join( + context_directory, segment["content_file"] + ) if not os.path.isfile(content_file_path): - raise Exception("Unable to find segment content file. Expected it to be at {}".format(content_file_path)) - #if debug_print: + raise Exception( + "Unable to find segment content file. Expected it to be at {}".format( + content_file_path + ) + ) + # if debug_print: # print("Loading content for segment {} from {}".format(name, segment['content_file'])) - content_file = open(content_file_path, 'rb') + content_file = open(content_file_path, "rb") compressed_content = content_file.read() content_file.close() self.mem_write(seg_start, zlib.decompress(compressed_content)) else: if debug_print: - print("No content found for segment {0} @ {1:016x}".format(name, seg_start)) - self.mem_write(seg_start, b'\x00' * (seg_end - seg_start)) + print( + "No content found for segment {0} @ {1:016x}".format( + name, seg_start + ) + ) + self.mem_write(seg_start, b"\x00" * (seg_end - seg_start)) def __get_arch_and_mode(self, arch_str): arch_map = { - "x64" : [ UC_X86_REG_RIP, UC_ARCH_X86, UC_MODE_64 ], - "x86" : [ UC_X86_REG_EIP, UC_ARCH_X86, UC_MODE_32 ], - "arm64be" : [ UC_ARM64_REG_PC, UC_ARCH_ARM64, UC_MODE_ARM | UC_MODE_BIG_ENDIAN ], - "arm64le" : [ UC_ARM64_REG_PC, UC_ARCH_ARM64, UC_MODE_ARM | UC_MODE_LITTLE_ENDIAN ], - "armbe" : [ UC_ARM_REG_PC, UC_ARCH_ARM, UC_MODE_ARM | UC_MODE_BIG_ENDIAN ], - "armle" : [ UC_ARM_REG_PC, UC_ARCH_ARM, UC_MODE_ARM | UC_MODE_LITTLE_ENDIAN ], - "armbethumb": [ UC_ARM_REG_PC, UC_ARCH_ARM, UC_MODE_THUMB | UC_MODE_BIG_ENDIAN ], - "armlethumb": [ UC_ARM_REG_PC, UC_ARCH_ARM, UC_MODE_THUMB | UC_MODE_LITTLE_ENDIAN ], - "mips" : [ UC_MIPS_REG_PC, UC_ARCH_MIPS, UC_MODE_MIPS32 | UC_MODE_BIG_ENDIAN ], - "mipsel" : [ UC_MIPS_REG_PC, UC_ARCH_MIPS, UC_MODE_MIPS32 | UC_MODE_LITTLE_ENDIAN ], + "x64": [UC_X86_REG_RIP, UC_ARCH_X86, UC_MODE_64], + "x86": [UC_X86_REG_EIP, UC_ARCH_X86, UC_MODE_32], + "arm64be": [ + UC_ARM64_REG_PC, + UC_ARCH_ARM64, + UC_MODE_ARM | UC_MODE_BIG_ENDIAN, + ], + "arm64le": [ + UC_ARM64_REG_PC, + UC_ARCH_ARM64, + UC_MODE_ARM | UC_MODE_LITTLE_ENDIAN, + ], + "armbe": [UC_ARM_REG_PC, UC_ARCH_ARM, UC_MODE_ARM | UC_MODE_BIG_ENDIAN], + "armle": [UC_ARM_REG_PC, UC_ARCH_ARM, UC_MODE_ARM | UC_MODE_LITTLE_ENDIAN], + "armbethumb": [ + UC_ARM_REG_PC, + UC_ARCH_ARM, + UC_MODE_THUMB | UC_MODE_BIG_ENDIAN, + ], + "armlethumb": [ + UC_ARM_REG_PC, + UC_ARCH_ARM, + UC_MODE_THUMB | UC_MODE_LITTLE_ENDIAN, + ], + "mips": [UC_MIPS_REG_PC, UC_ARCH_MIPS, UC_MODE_MIPS32 | UC_MODE_BIG_ENDIAN], + "mipsel": [ + UC_MIPS_REG_PC, + UC_ARCH_MIPS, + UC_MODE_MIPS32 | UC_MODE_LITTLE_ENDIAN, + ], } return (arch_map[arch_str][1], arch_map[arch_str][2]) @@ -430,140 +531,140 @@ class AflUnicornEngine(Uc): arch = "mips" registers = { - "x64" : { - "rax": UC_X86_REG_RAX, - "rbx": UC_X86_REG_RBX, - "rcx": UC_X86_REG_RCX, - "rdx": UC_X86_REG_RDX, - "rsi": UC_X86_REG_RSI, - "rdi": UC_X86_REG_RDI, - "rbp": UC_X86_REG_RBP, - "rsp": UC_X86_REG_RSP, - "r8": UC_X86_REG_R8, - "r9": UC_X86_REG_R9, - "r10": UC_X86_REG_R10, - "r11": UC_X86_REG_R11, - "r12": UC_X86_REG_R12, - "r13": UC_X86_REG_R13, - "r14": UC_X86_REG_R14, - "r15": UC_X86_REG_R15, - "rip": UC_X86_REG_RIP, - "efl": UC_X86_REG_EFLAGS, - "cs": UC_X86_REG_CS, - "ds": UC_X86_REG_DS, - "es": UC_X86_REG_ES, - "fs": UC_X86_REG_FS, - "gs": UC_X86_REG_GS, - "ss": UC_X86_REG_SS, + "x64": { + "rax": UC_X86_REG_RAX, + "rbx": UC_X86_REG_RBX, + "rcx": UC_X86_REG_RCX, + "rdx": UC_X86_REG_RDX, + "rsi": UC_X86_REG_RSI, + "rdi": UC_X86_REG_RDI, + "rbp": UC_X86_REG_RBP, + "rsp": UC_X86_REG_RSP, + "r8": UC_X86_REG_R8, + "r9": UC_X86_REG_R9, + "r10": UC_X86_REG_R10, + "r11": UC_X86_REG_R11, + "r12": UC_X86_REG_R12, + "r13": UC_X86_REG_R13, + "r14": UC_X86_REG_R14, + "r15": UC_X86_REG_R15, + "rip": UC_X86_REG_RIP, + "efl": UC_X86_REG_EFLAGS, + "cs": UC_X86_REG_CS, + "ds": UC_X86_REG_DS, + "es": UC_X86_REG_ES, + "fs": UC_X86_REG_FS, + "gs": UC_X86_REG_GS, + "ss": UC_X86_REG_SS, }, - "x86" : { - "eax": UC_X86_REG_EAX, - "ebx": UC_X86_REG_EBX, - "ecx": UC_X86_REG_ECX, - "edx": UC_X86_REG_EDX, - "esi": UC_X86_REG_ESI, - "edi": UC_X86_REG_EDI, - "ebp": UC_X86_REG_EBP, - "eip": UC_X86_REG_EIP, - "esp": UC_X86_REG_ESP, - "efl": UC_X86_REG_EFLAGS, + "x86": { + "eax": UC_X86_REG_EAX, + "ebx": UC_X86_REG_EBX, + "ecx": UC_X86_REG_ECX, + "edx": UC_X86_REG_EDX, + "esi": UC_X86_REG_ESI, + "edi": UC_X86_REG_EDI, + "ebp": UC_X86_REG_EBP, + "eip": UC_X86_REG_EIP, + "esp": UC_X86_REG_ESP, + "efl": UC_X86_REG_EFLAGS, # Segment registers removed... # They caused segfaults (from unicorn?) when they were here }, - "arm" : { - "r0": UC_ARM_REG_R0, - "r1": UC_ARM_REG_R1, - "r2": UC_ARM_REG_R2, - "r3": UC_ARM_REG_R3, - "r4": UC_ARM_REG_R4, - "r5": UC_ARM_REG_R5, - "r6": UC_ARM_REG_R6, - "r7": UC_ARM_REG_R7, - "r8": UC_ARM_REG_R8, - "r9": UC_ARM_REG_R9, - "r10": UC_ARM_REG_R10, - "r11": UC_ARM_REG_R11, - "r12": UC_ARM_REG_R12, - "pc": UC_ARM_REG_PC, - "sp": UC_ARM_REG_SP, - "lr": UC_ARM_REG_LR, - "cpsr": UC_ARM_REG_CPSR - }, - "arm64" : { - "x0": UC_ARM64_REG_X0, - "x1": UC_ARM64_REG_X1, - "x2": UC_ARM64_REG_X2, - "x3": UC_ARM64_REG_X3, - "x4": UC_ARM64_REG_X4, - "x5": UC_ARM64_REG_X5, - "x6": UC_ARM64_REG_X6, - "x7": UC_ARM64_REG_X7, - "x8": UC_ARM64_REG_X8, - "x9": UC_ARM64_REG_X9, - "x10": UC_ARM64_REG_X10, - "x11": UC_ARM64_REG_X11, - "x12": UC_ARM64_REG_X12, - "x13": UC_ARM64_REG_X13, - "x14": UC_ARM64_REG_X14, - "x15": UC_ARM64_REG_X15, - "x16": UC_ARM64_REG_X16, - "x17": UC_ARM64_REG_X17, - "x18": UC_ARM64_REG_X18, - "x19": UC_ARM64_REG_X19, - "x20": UC_ARM64_REG_X20, - "x21": UC_ARM64_REG_X21, - "x22": UC_ARM64_REG_X22, - "x23": UC_ARM64_REG_X23, - "x24": UC_ARM64_REG_X24, - "x25": UC_ARM64_REG_X25, - "x26": UC_ARM64_REG_X26, - "x27": UC_ARM64_REG_X27, - "x28": UC_ARM64_REG_X28, - "pc": UC_ARM64_REG_PC, - "sp": UC_ARM64_REG_SP, - "fp": UC_ARM64_REG_FP, - "lr": UC_ARM64_REG_LR, - "nzcv": UC_ARM64_REG_NZCV, + "arm": { + "r0": UC_ARM_REG_R0, + "r1": UC_ARM_REG_R1, + "r2": UC_ARM_REG_R2, + "r3": UC_ARM_REG_R3, + "r4": UC_ARM_REG_R4, + "r5": UC_ARM_REG_R5, + "r6": UC_ARM_REG_R6, + "r7": UC_ARM_REG_R7, + "r8": UC_ARM_REG_R8, + "r9": UC_ARM_REG_R9, + "r10": UC_ARM_REG_R10, + "r11": UC_ARM_REG_R11, + "r12": UC_ARM_REG_R12, + "pc": UC_ARM_REG_PC, + "sp": UC_ARM_REG_SP, + "lr": UC_ARM_REG_LR, "cpsr": UC_ARM_REG_CPSR, }, - "mips" : { - "0" : UC_MIPS_REG_ZERO, - "at": UC_MIPS_REG_AT, - "v0": UC_MIPS_REG_V0, - "v1": UC_MIPS_REG_V1, - "a0": UC_MIPS_REG_A0, - "a1": UC_MIPS_REG_A1, - "a2": UC_MIPS_REG_A2, - "a3": UC_MIPS_REG_A3, - "t0": UC_MIPS_REG_T0, - "t1": UC_MIPS_REG_T1, - "t2": UC_MIPS_REG_T2, - "t3": UC_MIPS_REG_T3, - "t4": UC_MIPS_REG_T4, - "t5": UC_MIPS_REG_T5, - "t6": UC_MIPS_REG_T6, - "t7": UC_MIPS_REG_T7, - "t8": UC_MIPS_REG_T8, - "t9": UC_MIPS_REG_T9, - "s0": UC_MIPS_REG_S0, - "s1": UC_MIPS_REG_S1, - "s2": UC_MIPS_REG_S2, - "s3": UC_MIPS_REG_S3, - "s4": UC_MIPS_REG_S4, - "s5": UC_MIPS_REG_S5, - "s6": UC_MIPS_REG_S6, - "s7": UC_MIPS_REG_S7, - "s8": UC_MIPS_REG_S8, - "k0": UC_MIPS_REG_K0, - "k1": UC_MIPS_REG_K1, - "gp": UC_MIPS_REG_GP, - "pc": UC_MIPS_REG_PC, - "sp": UC_MIPS_REG_SP, - "fp": UC_MIPS_REG_FP, - "ra": UC_MIPS_REG_RA, - "hi": UC_MIPS_REG_HI, - "lo": UC_MIPS_REG_LO - } + "arm64": { + "x0": UC_ARM64_REG_X0, + "x1": UC_ARM64_REG_X1, + "x2": UC_ARM64_REG_X2, + "x3": UC_ARM64_REG_X3, + "x4": UC_ARM64_REG_X4, + "x5": UC_ARM64_REG_X5, + "x6": UC_ARM64_REG_X6, + "x7": UC_ARM64_REG_X7, + "x8": UC_ARM64_REG_X8, + "x9": UC_ARM64_REG_X9, + "x10": UC_ARM64_REG_X10, + "x11": UC_ARM64_REG_X11, + "x12": UC_ARM64_REG_X12, + "x13": UC_ARM64_REG_X13, + "x14": UC_ARM64_REG_X14, + "x15": UC_ARM64_REG_X15, + "x16": UC_ARM64_REG_X16, + "x17": UC_ARM64_REG_X17, + "x18": UC_ARM64_REG_X18, + "x19": UC_ARM64_REG_X19, + "x20": UC_ARM64_REG_X20, + "x21": UC_ARM64_REG_X21, + "x22": UC_ARM64_REG_X22, + "x23": UC_ARM64_REG_X23, + "x24": UC_ARM64_REG_X24, + "x25": UC_ARM64_REG_X25, + "x26": UC_ARM64_REG_X26, + "x27": UC_ARM64_REG_X27, + "x28": UC_ARM64_REG_X28, + "pc": UC_ARM64_REG_PC, + "sp": UC_ARM64_REG_SP, + "fp": UC_ARM64_REG_FP, + "lr": UC_ARM64_REG_LR, + "nzcv": UC_ARM64_REG_NZCV, + "cpsr": UC_ARM_REG_CPSR, + }, + "mips": { + "0": UC_MIPS_REG_ZERO, + "at": UC_MIPS_REG_AT, + "v0": UC_MIPS_REG_V0, + "v1": UC_MIPS_REG_V1, + "a0": UC_MIPS_REG_A0, + "a1": UC_MIPS_REG_A1, + "a2": UC_MIPS_REG_A2, + "a3": UC_MIPS_REG_A3, + "t0": UC_MIPS_REG_T0, + "t1": UC_MIPS_REG_T1, + "t2": UC_MIPS_REG_T2, + "t3": UC_MIPS_REG_T3, + "t4": UC_MIPS_REG_T4, + "t5": UC_MIPS_REG_T5, + "t6": UC_MIPS_REG_T6, + "t7": UC_MIPS_REG_T7, + "t8": UC_MIPS_REG_T8, + "t9": UC_MIPS_REG_T9, + "s0": UC_MIPS_REG_S0, + "s1": UC_MIPS_REG_S1, + "s2": UC_MIPS_REG_S2, + "s3": UC_MIPS_REG_S3, + "s4": UC_MIPS_REG_S4, + "s5": UC_MIPS_REG_S5, + "s6": UC_MIPS_REG_S6, + "s7": UC_MIPS_REG_S7, + "s8": UC_MIPS_REG_S8, + "k0": UC_MIPS_REG_K0, + "k1": UC_MIPS_REG_K1, + "gp": UC_MIPS_REG_GP, + "pc": UC_MIPS_REG_PC, + "sp": UC_MIPS_REG_SP, + "fp": UC_MIPS_REG_FP, + "ra": UC_MIPS_REG_RA, + "hi": UC_MIPS_REG_HI, + "lo": UC_MIPS_REG_LO, + }, } return registers[arch] @@ -577,51 +678,50 @@ class AflUnicornEngine(Uc): arch = "mips" registers = { - "arm": { - "d0": UC_ARM_REG_D0, - "d1": UC_ARM_REG_D1, - "d2": UC_ARM_REG_D2, - "d3": UC_ARM_REG_D3, - "d4": UC_ARM_REG_D4, - "d5": UC_ARM_REG_D5, - "d6": UC_ARM_REG_D6, - "d7": UC_ARM_REG_D7, - "d8": UC_ARM_REG_D8, - "d9": UC_ARM_REG_D9, - "d10": UC_ARM_REG_D10, - "d11": UC_ARM_REG_D11, - "d12": UC_ARM_REG_D12, - "d13": UC_ARM_REG_D13, - "d14": UC_ARM_REG_D14, - "d15": UC_ARM_REG_D15, - "d16": UC_ARM_REG_D16, - "d17": UC_ARM_REG_D17, - "d18": UC_ARM_REG_D18, - "d19": UC_ARM_REG_D19, - "d20": UC_ARM_REG_D20, - "d21": UC_ARM_REG_D21, - "d22": UC_ARM_REG_D22, - "d23": UC_ARM_REG_D23, - "d24": UC_ARM_REG_D24, - "d25": UC_ARM_REG_D25, - "d26": UC_ARM_REG_D26, - "d27": UC_ARM_REG_D27, - "d28": UC_ARM_REG_D28, - "d29": UC_ARM_REG_D29, - "d30": UC_ARM_REG_D30, - "d31": UC_ARM_REG_D31, - "fpscr": UC_ARM_REG_FPSCR + "arm": { + "d0": UC_ARM_REG_D0, + "d1": UC_ARM_REG_D1, + "d2": UC_ARM_REG_D2, + "d3": UC_ARM_REG_D3, + "d4": UC_ARM_REG_D4, + "d5": UC_ARM_REG_D5, + "d6": UC_ARM_REG_D6, + "d7": UC_ARM_REG_D7, + "d8": UC_ARM_REG_D8, + "d9": UC_ARM_REG_D9, + "d10": UC_ARM_REG_D10, + "d11": UC_ARM_REG_D11, + "d12": UC_ARM_REG_D12, + "d13": UC_ARM_REG_D13, + "d14": UC_ARM_REG_D14, + "d15": UC_ARM_REG_D15, + "d16": UC_ARM_REG_D16, + "d17": UC_ARM_REG_D17, + "d18": UC_ARM_REG_D18, + "d19": UC_ARM_REG_D19, + "d20": UC_ARM_REG_D20, + "d21": UC_ARM_REG_D21, + "d22": UC_ARM_REG_D22, + "d23": UC_ARM_REG_D23, + "d24": UC_ARM_REG_D24, + "d25": UC_ARM_REG_D25, + "d26": UC_ARM_REG_D26, + "d27": UC_ARM_REG_D27, + "d28": UC_ARM_REG_D28, + "d29": UC_ARM_REG_D29, + "d30": UC_ARM_REG_D30, + "d31": UC_ARM_REG_D31, + "fpscr": UC_ARM_REG_FPSCR, } } - return registers[arch]; - #--------------------------- + return registers[arch] + + # --------------------------- # Callbacks for tracing - # TODO: Extra mode for Capstone (i.e. Cs(cs_arch, cs_mode + cs_extra) not implemented - def __trace_instruction(self, uc, address, size, user_data): if CAPSTONE_EXISTS == 1: # If Capstone is installed then we'll dump disassembly, otherwise just dump the binary. @@ -651,11 +751,23 @@ class AflUnicornEngine(Uc): cs = Cs(cs_arch, cs_mode) mem = uc.mem_read(address, size) if bit_size == 4: - for (cs_address, cs_size, cs_mnemonic, cs_opstr) in cs.disasm_lite(bytes(mem), size): - print(" Instr: {:#08x}:\t{}\t{}".format(address, cs_mnemonic, cs_opstr)) + for (cs_address, cs_size, cs_mnemonic, cs_opstr) in cs.disasm_lite( + bytes(mem), size + ): + print( + " Instr: {:#08x}:\t{}\t{}".format( + address, cs_mnemonic, cs_opstr + ) + ) else: - for (cs_address, cs_size, cs_mnemonic, cs_opstr) in cs.disasm_lite(bytes(mem), size): - print(" Instr: {:#16x}:\t{}\t{}".format(address, cs_mnemonic, cs_opstr)) + for (cs_address, cs_size, cs_mnemonic, cs_opstr) in cs.disasm_lite( + bytes(mem), size + ): + print( + " Instr: {:#16x}:\t{}\t{}".format( + address, cs_mnemonic, cs_opstr + ) + ) else: print(" Instr: addr=0x{0:016x}, size=0x{1:016x}".format(address, size)) @@ -664,15 +776,27 @@ class AflUnicornEngine(Uc): def __trace_mem_access(self, uc, access, address, size, value, user_data): if access == UC_MEM_WRITE: - print(" >>> Write: addr=0x{0:016x} size={1} data=0x{2:016x}".format(address, size, value)) + print( + " >>> Write: addr=0x{0:016x} size={1} data=0x{2:016x}".format( + address, size, value + ) + ) else: print(" >>> Read: addr=0x{0:016x} size={1}".format(address, size)) def __trace_mem_invalid_access(self, uc, access, address, size, value, user_data): if access == UC_MEM_WRITE_UNMAPPED: - print(" >>> INVALID Write: addr=0x{0:016x} size={1} data=0x{2:016x}".format(address, size, value)) + print( + " >>> INVALID Write: addr=0x{0:016x} size={1} data=0x{2:016x}".format( + address, size, value + ) + ) else: - print(" >>> INVALID Read: addr=0x{0:016x} size={1}".format(address, size)) + print( + " >>> INVALID Read: addr=0x{0:016x} size={1}".format( + address, size + ) + ) def bit_size_arch(self): arch = self.get_arch() From 8a2b140f406acc44bfa48574eb0440cfc92b462f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Jul 2021 12:42:57 +0200 Subject: [PATCH 430/441] nits --- docs/perf_tips.md | 2 +- unicorn_mode/unicornafl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/perf_tips.md b/docs/perf_tips.md index 7c14cbbc..9c31e56b 100644 --- a/docs/perf_tips.md +++ b/docs/perf_tips.md @@ -134,7 +134,7 @@ misses, or similar factors, but they are less likely to be a concern.) ## 7. Keep memory use and timeouts in check -Consider setting low values for -m and -t. +Consider setting low values for `-m` and `-t`. For programs that are nominally very fast, but get sluggish for some inputs, you can also try setting `-t` values that are more punishing than what `afl-fuzz` diff --git a/unicorn_mode/unicornafl b/unicorn_mode/unicornafl index 0d82727f..019b8715 160000 --- a/unicorn_mode/unicornafl +++ b/unicorn_mode/unicornafl @@ -1 +1 @@ -Subproject commit 0d82727f2b477de82fa355edef9bc158bd25d374 +Subproject commit 019b871539fe9ed3f41d882385a8b02c243d49ad From 8d873357a3e62a70c61564b4250e1d14d634c218 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Jul 2021 15:53:22 +0200 Subject: [PATCH 431/441] fix "fix" --- custom_mutators/grammar_mutator/grammar_mutator | 2 +- qemu_mode/qemuafl | 2 +- src/afl-fuzz-mutators.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/custom_mutators/grammar_mutator/grammar_mutator b/custom_mutators/grammar_mutator/grammar_mutator index b3c4fcfa..b79d51a8 160000 --- a/custom_mutators/grammar_mutator/grammar_mutator +++ b/custom_mutators/grammar_mutator/grammar_mutator @@ -1 +1 @@ -Subproject commit b3c4fcfa6ae28918bc410f7747135eafd4fb7263 +Subproject commit b79d51a8daccbd7a693f9b6765c81ead14f28e26 diff --git a/qemu_mode/qemuafl b/qemu_mode/qemuafl index 21ff3438..d73b0336 160000 --- a/qemu_mode/qemuafl +++ b/qemu_mode/qemuafl @@ -1 +1 @@ -Subproject commit 21ff34383764a8c6f66509b3b8d5282468c721e1 +Subproject commit d73b0336b451fd034e5f469089fb7ee96c80adf2 diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index 6a77dfbc..e27d6fae 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -339,7 +339,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, } - while (afl->stage_cur <= afl->stage_max) { + while (afl->stage_cur < afl->stage_max) { u8 *retbuf = NULL; From b5422c1a5251e74deeecc1532d50c651620bb1ca Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Jul 2021 16:05:38 +0200 Subject: [PATCH 432/441] fix custom trimming --- src/afl-fuzz-mutators.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/afl-fuzz-mutators.c b/src/afl-fuzz-mutators.c index e27d6fae..79a47744 100644 --- a/src/afl-fuzz-mutators.c +++ b/src/afl-fuzz-mutators.c @@ -393,6 +393,7 @@ u8 trim_case_custom(afl_state_t *afl, struct queue_entry *q, u8 *in_buf, if (afl->stop_soon || fault == FSRV_RUN_ERROR) { goto abort_trimming; } + classify_counts(&afl->fsrv); cksum = hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); } From 6e704e8a10d0e0033b0f8f03ee2a5bdee06e2c65 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Jul 2021 16:20:55 +0200 Subject: [PATCH 433/441] fix aflfast --- src/afl-fuzz-bitmap.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/afl-fuzz-bitmap.c b/src/afl-fuzz-bitmap.c index 97f10e6f..0a9242a5 100644 --- a/src/afl-fuzz-bitmap.c +++ b/src/afl-fuzz-bitmap.c @@ -551,19 +551,18 @@ save_if_interesting(afl_state_t *afl, void *mem, u32 len, u8 fault) { } - if (cksum) - afl->queue_top->exec_cksum = cksum; - else - cksum = afl->queue_top->exec_cksum = - hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); - - if (afl->schedule >= FAST && afl->schedule <= RARE) { + /* AFLFast schedule? update the new queue entry */ + if (cksum) { afl->queue_top->n_fuzz_entry = cksum % N_FUZZ_SIZE; afl->n_fuzz[afl->queue_top->n_fuzz_entry] = 1; } + /* due to classify counts we have to recalculate the checksum */ + cksum = afl->queue_top->exec_cksum = + hash64(afl->fsrv.trace_bits, afl->fsrv.map_size, HASH_CONST); + /* Try to calibrate inline; this also calls update_bitmap_score() when successful. */ From 6f03749c734e535cf9488027c692a7ee2591b60f Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Thu, 15 Jul 2021 16:27:40 +0200 Subject: [PATCH 434/441] ammend changelog --- docs/Changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/Changelog.md b/docs/Changelog.md index 8aca5608..7131360a 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -12,11 +12,13 @@ sending a mail to . - afl-fuzz: - fix -F when a '/' was part of the parameter - fixed a crash for cmplog for very slow inputs + - fix for AFLfast schedule counting - removed implied -D determinstic from -M main - if the target becomes unavailable check out out/default/error.txt for an indicator why - AFL_CAL_FAST was a dead env, now does the same as AFL_FAST_CAL - reverse read the queue on resumes (more effective) + - fix custom mutator trimming - afl-cc: - Update to COMPCOV/laf-intel that speeds up the instrumentation process a lot - thanks to Michael Rodler/f0rki for the PR! From 9e8afcc6156fbcc7b0ed41cde1a5873989b65063 Mon Sep 17 00:00:00 2001 From: WorksButNotTested <62701594+WorksButNotTested@users.noreply.github.com> Date: Thu, 15 Jul 2021 19:32:44 +0100 Subject: [PATCH 435/441] Support for setting a fixed seed for the hash function (#1026) Co-authored-by: Your Name --- frida_mode/README.md | 3 ++ frida_mode/frida.map | 1 + frida_mode/include/instrument.h | 3 ++ frida_mode/src/instrument/instrument.c | 38 ++++++++++++++++++++------ frida_mode/src/js/api.js | 7 +++++ frida_mode/src/js/js.c | 11 ++------ frida_mode/src/js/js_api.c | 8 ++++++ frida_mode/ts/lib/afl.ts | 12 ++++++++ include/envs.h | 1 + 9 files changed, 67 insertions(+), 17 deletions(-) diff --git a/frida_mode/README.md b/frida_mode/README.md index 6cbb4c4c..3009e171 100644 --- a/frida_mode/README.md +++ b/frida_mode/README.md @@ -162,6 +162,9 @@ instrumentation (the default where available). Required to use * `AFL_FRIDA_INST_NO_PREFETCH` - Disable prefetching. By default the child will report instrumented blocks back to the parent so that it can also instrument them and they be inherited by the next child on fork. +* `AFL_FRIDA_INST_SEED` - Sets the initial seed for the hash function used to +generate block (and hence edge) IDs. Setting this to a constant value may be +useful for debugging purposes, e.g. investigating unstable edges. * `AFL_FRIDA_INST_TRACE` - Log to stdout the address of executed blocks, implies `AFL_FRIDA_INST_NO_OPTIMIZE`. * `AFL_FRIDA_INST_TRACE_UNIQUE` - As per `AFL_FRIDA_INST_TRACE`, but each edge diff --git a/frida_mode/frida.map b/frida_mode/frida.map index 8fc0b174..7223d50e 100644 --- a/frida_mode/frida.map +++ b/frida_mode/frida.map @@ -14,6 +14,7 @@ js_api_set_instrument_jit; js_api_set_instrument_libraries; js_api_set_instrument_no_optimize; + js_api_set_instrument_seed; js_api_set_instrument_trace; js_api_set_instrument_trace_unique; js_api_set_persistent_address; diff --git a/frida_mode/include/instrument.h b/frida_mode/include/instrument.h index 695b46af..29f14da9 100644 --- a/frida_mode/include/instrument.h +++ b/frida_mode/include/instrument.h @@ -12,6 +12,9 @@ extern gboolean instrument_unique; extern __thread guint64 instrument_previous_pc; extern guint64 instrument_hash_zero; +extern gboolean instrument_use_fixed_seed; +extern guint64 instrument_fixed_seed; + extern uint8_t *__afl_area_ptr; extern uint32_t __afl_map_size; diff --git a/frida_mode/src/instrument/instrument.c b/frida_mode/src/instrument/instrument.c index e1dabf92..67aafa5a 100644 --- a/frida_mode/src/instrument/instrument.c +++ b/frida_mode/src/instrument/instrument.c @@ -27,6 +27,9 @@ gboolean instrument_unique = false; guint64 instrument_hash_zero = 0; guint64 instrument_hash_seed = 0; +gboolean instrument_use_fixed_seed = FALSE; +guint64 instrument_fixed_seed = 0; + static GumStalkerTransformer *transformer = NULL; __thread guint64 instrument_previous_pc = 0; @@ -221,6 +224,8 @@ void instrument_config(void) { instrument_optimize = (getenv("AFL_FRIDA_INST_NO_OPTIMIZE") == NULL); instrument_tracing = (getenv("AFL_FRIDA_INST_TRACE") != NULL); instrument_unique = (getenv("AFL_FRIDA_INST_TRACE_UNIQUE") != NULL); + instrument_use_fixed_seed = (getenv("AFL_FRIDA_INST_SEED") != NULL); + instrument_fixed_seed = util_read_num("AFL_FRIDA_INST_SEED"); instrument_debug_config(); asan_config(); @@ -235,6 +240,8 @@ void instrument_init(void) { OKF("Instrumentation - optimize [%c]", instrument_optimize ? 'X' : ' '); OKF("Instrumentation - tracing [%c]", instrument_tracing ? 'X' : ' '); OKF("Instrumentation - unique [%c]", instrument_unique ? 'X' : ' '); + OKF("Instrumentation - fixed seed [%c] [0x%016" G_GINT64_MODIFIER "x]", + instrument_use_fixed_seed ? 'X' : ' ', instrument_fixed_seed); if (instrument_tracing && instrument_optimize) { @@ -270,7 +277,8 @@ void instrument_init(void) { g_assert(edges_notified != MAP_FAILED); /* - * Configure the shared memory region to be removed once the process dies. + * Configure the shared memory region to be removed once the process + * dies. */ if (shmctl(shm_id, IPC_RMID, NULL) < 0) { @@ -283,14 +291,26 @@ void instrument_init(void) { } - /* - * By using a different seed value for the hash, we can make different - * instances have edge collisions in different places when carrying out - * parallel fuzzing. The seed itself, doesn't have to be random, it just - * needs to be different for each instance. - */ - instrument_hash_seed = - g_get_monotonic_time() ^ (((guint64)getpid()) << 32) ^ syscall(SYS_gettid); + if (instrument_use_fixed_seed) { + + /* + * This configuration option may be useful for diagnostics or + * debugging. + */ + instrument_hash_seed = instrument_fixed_seed; + + } else { + + /* + * By using a different seed value for the hash, we can make different + * instances have edge collisions in different places when carrying out + * parallel fuzzing. The seed itself, doesn't have to be random, it + * just needs to be different for each instance. + */ + instrument_hash_seed = g_get_monotonic_time() ^ + (((guint64)getpid()) << 32) ^ syscall(SYS_gettid); + + } OKF("Instrumentation - seed [0x%016" G_GINT64_MODIFIER "x]", instrument_hash_seed); diff --git a/frida_mode/src/js/api.js b/frida_mode/src/js/api.js index 1d843024..b8f2d39a 100644 --- a/frida_mode/src/js/api.js +++ b/frida_mode/src/js/api.js @@ -117,6 +117,12 @@ class Afl { static setInstrumentNoOptimize() { Afl.jsApiSetInstrumentNoOptimize(); } + /* + * See `AFL_FRIDA_INST_SEED` + */ + static setInstrumentSeed(seed) { + Afl.jsApiSetInstrumentSeed(seed); + } /** * See `AFL_FRIDA_INST_TRACE_UNIQUE`. */ @@ -231,6 +237,7 @@ Afl.jsApiSetInstrumentDebugFile = Afl.jsApiGetFunction("js_api_set_instrument_de Afl.jsApiSetInstrumentJit = Afl.jsApiGetFunction("js_api_set_instrument_jit", "void", []); Afl.jsApiSetInstrumentLibraries = Afl.jsApiGetFunction("js_api_set_instrument_libraries", "void", []); Afl.jsApiSetInstrumentNoOptimize = Afl.jsApiGetFunction("js_api_set_instrument_no_optimize", "void", []); +Afl.jsApiSetInstrumentSeed = Afl.jsApiGetFunction("js_api_set_instrument_seed", "void", ["uint64"]); Afl.jsApiSetInstrumentTrace = Afl.jsApiGetFunction("js_api_set_instrument_trace", "void", []); Afl.jsApiSetInstrumentTraceUnique = Afl.jsApiGetFunction("js_api_set_instrument_trace_unique", "void", []); Afl.jsApiSetPersistentAddress = Afl.jsApiGetFunction("js_api_set_persistent_address", "void", ["pointer"]); diff --git a/frida_mode/src/js/js.c b/frida_mode/src/js/js.c index 86ae6d29..e3cd4933 100644 --- a/frida_mode/src/js/js.c +++ b/frida_mode/src/js/js.c @@ -89,10 +89,7 @@ static void load_cb(GObject *source_object, GAsyncResult *result, UNUSED_PARAMETER(source_object); UNUSED_PARAMETER(user_data); gum_script_load_finish(script, result); - if (error != NULL) - { - FATAL("Failed to load script - %s", error->message); - } + if (error != NULL) { FATAL("Failed to load script - %s", error->message); } } @@ -102,10 +99,7 @@ static void create_cb(GObject *source_object, GAsyncResult *result, UNUSED_PARAMETER(source_object); UNUSED_PARAMETER(user_data); script = gum_script_backend_create_finish(backend, result, &error); - if (error != NULL) - { - FATAL("Failed to create script: %s", error->message); - } + if (error != NULL) { FATAL("Failed to create script: %s", error->message); } gum_script_set_message_handler(script, js_msg, NULL, NULL); @@ -145,3 +139,4 @@ gboolean js_stalker_callback(const cs_insn *insn, gboolean begin, return js_user_callback(insn, begin, excluded, output); } + diff --git a/frida_mode/src/js/js_api.c b/frida_mode/src/js/js_api.c index fd8128c5..930a6dc0 100644 --- a/frida_mode/src/js/js_api.c +++ b/frida_mode/src/js/js_api.c @@ -127,6 +127,14 @@ __attribute__((visibility("default"))) void js_api_set_instrument_no_optimize( } +__attribute__((visibility("default"))) void js_api_set_instrument_seed( + guint64 seed) { + + instrument_use_fixed_seed = TRUE; + instrument_fixed_seed = seed; + +} + __attribute__((visibility("default"))) void js_api_set_instrument_trace(void) { instrument_tracing = TRUE; diff --git a/frida_mode/ts/lib/afl.ts b/frida_mode/ts/lib/afl.ts index 67e21beb..6326c099 100644 --- a/frida_mode/ts/lib/afl.ts +++ b/frida_mode/ts/lib/afl.ts @@ -140,6 +140,13 @@ class Afl { Afl.jsApiSetInstrumentNoOptimize(); } + /* + * See `AFL_FRIDA_INST_SEED` + */ + public static setInstrumentSeed(seed: NativePointer): void { + Afl.jsApiSetInstrumentSeed(seed); + } + /** * See `AFL_FRIDA_INST_TRACE_UNIQUE`. */ @@ -295,6 +302,11 @@ class Afl { "void", []); + private static readonly jsApiSetInstrumentSeed = Afl.jsApiGetFunction( + "js_api_set_instrument_seed", + "void", + ["uint64"]); + private static readonly jsApiSetInstrumentTrace = Afl.jsApiGetFunction( "js_api_set_instrument_trace", "void", diff --git a/include/envs.h b/include/envs.h index 4bab54ce..26cc250f 100644 --- a/include/envs.h +++ b/include/envs.h @@ -60,6 +60,7 @@ static char *afl_environment_variables[] = { "AFL_FRIDA_INST_NO_OPTIMIZE", "AFL_FRIDA_INST_NO_PREFETCH", "AFL_FRIDA_INST_RANGES", + "AFL_FRIDA_INST_SEED", "AFL_FRIDA_INST_TRACE", "AFL_FRIDA_INST_TRACE_UNIQUE", "AFL_FRIDA_JS_SCRIPT", From 2c19750d0885d5a540a5ce20cf4ec5263c9b288b Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 16 Jul 2021 00:04:01 +0200 Subject: [PATCH 436/441] wording/style --- README.md | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index f0c40874..38f711c4 100644 --- a/README.md +++ b/README.md @@ -54,8 +54,8 @@ behaviours and defaults: shared libraries, etc. Additionally QEMU 5.1 supports more CPU targets so this is really worth it. * When instrumenting targets, afl-cc will not supersede optimizations anymore - if any were given. This allows to fuzz targets as same as they are built - for debug or release. + if any were given. This allows to fuzz targets build regularly like those + for debug or release versions. * afl-fuzz: * if neither -M or -S is specified, `-S default` is assumed, so more fuzzers can easily be added later @@ -439,10 +439,10 @@ which is more effective). #### d) Modify the target If the target has features that make fuzzing more difficult, e.g. -checksums, HMAC, etc. then modify the source code so that this is -removed. -This can even be done for operational source code by eliminating -these checks within this specific defines: +checksums, HMAC, etc. then modify the source code so that checks for these +values are removed. +This can even be done safely for source code used in operational products +by eliminating these checks within these AFL specific blocks: ``` #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION @@ -539,7 +539,7 @@ You can even use advanced libfuzzer features like `FuzzedDataProvider`, The generated binary is fuzzed with afl-fuzz like any other fuzz target. -Bonus: the target is already optimized for fuzzing due persistent mode and +Bonus: the target is already optimized for fuzzing due to persistent mode and shared-memory testcases and hence gives you the fastest speed possible. For more information see [utils/aflpp_driver/README.md](utils/aflpp_driver/README.md) @@ -793,7 +793,7 @@ to execute this script per server. #### e) Checking the coverage of the fuzzing -The `paths found` value is a bad indicator how good the coverage is. +The `paths found` value is a bad indicator for checking how good the coverage is. A better indicator - if you use default llvm instrumentation with at least version 9 - is to use `afl-showmap` with the collect coverage option `-C` on @@ -821,10 +821,11 @@ then terminate it. The main node will pick it up and make it available to the other secondary nodes over time. Set `export AFL_NO_AFFINITY=1` or `export AFL_TRY_AFFINITY=1` if you have no free core. -Note that you in nearly all cases can never reach full coverage. A lot of -functionality is usually behind options that were not activated or fuzz e.g. -if you fuzz a library to convert image formats and your target is the png to -tiff API then you will not touch any of the other library APIs and features. +Note that in nearly all cases you can never reach full coverage. A lot of +functionality is usually dependent on exclusive options that would need individual +fuzzing campaigns each with one of these options set. E.g. if you fuzz a library to +convert image formats and your target is the png to tiff API then you will not +touch any of the other library APIs and features. #### f) How long to fuzz a target? From 212fe5b6f564f76bc9f3cf9744e6ff3795d4ca37 Mon Sep 17 00:00:00 2001 From: hexcoder Date: Fri, 16 Jul 2021 00:15:03 +0200 Subject: [PATCH 437/441] Mention afl-gcc-fast also for persistent mode fuzzing --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 38f711c4..4104807c 100644 --- a/README.md +++ b/README.md @@ -516,15 +516,15 @@ generated build environment afterwards manually to point it to the right compile If you just fuzz a target program as-is you are wasting a great opportunity for much more fuzzing speed. -This requires the usage of afl-clang-lto or afl-clang-fast. +This variant requires the usage of afl-clang-lto, afl-clang-fast or afl-gcc-fast. -This is the so-called `persistent mode`, which is much, much faster but +It is the so-called `persistent mode`, which is much, much faster but requires that you code a source file that is specifically calling the target functions that you want to fuzz, plus a few specific afl++ functions around it. See [instrumentation/README.persistent_mode.md](instrumentation/README.persistent_mode.md) for details. Basically if you do not fuzz a target in persistent mode then you are just -doing it for a hobby and not professionally :-) +doing it for a hobby and not professionally :-). #### g) libfuzzer fuzzer harnesses with LLVMFuzzerTestOneInput() From b13b8c7e55836292330ad661e9a0386f7e0d3a91 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Fri, 16 Jul 2021 09:39:40 +0200 Subject: [PATCH 438/441] make afl-showmap more silent --- README.md | 5 ++++- src/afl-showmap.c | 17 +++++++++++++---- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4104807c..37fd90e3 100644 --- a/README.md +++ b/README.md @@ -574,6 +574,8 @@ Note that the INPUTFILE argument that the target program would read from has to If the target reads from stdin instead, just omit the `@@` as this is the default. +This step is highly recommended! + #### c) Minimizing all corpus files The shorter the input files that still traverse the same path @@ -589,7 +591,8 @@ for i in *; do done ``` -This step can also be parallelized, e.g. with `parallel` +This step can also be parallelized, e.g. with `parallel`. +Note that this step is rather optional though. #### Done! diff --git a/src/afl-showmap.c b/src/afl-showmap.c index 480de143..5c899e69 100644 --- a/src/afl-showmap.c +++ b/src/afl-showmap.c @@ -401,14 +401,23 @@ static u32 read_file(u8 *in_file) { if (fstat(fd, &st) || !st.st_size) { - WARNF("Zero-sized input file '%s'.", in_file); + if (!be_quiet && !quiet_mode) { + + WARNF("Zero-sized input file '%s'.", in_file); + + } } if (st.st_size > MAX_FILE) { - WARNF("Input file '%s' is too large, only reading %u bytes.", in_file, - MAX_FILE); + if (!be_quiet && !quiet_mode) { + + WARNF("Input file '%s' is too large, only reading %u bytes.", in_file, + MAX_FILE); + + } + in_len = MAX_FILE; } else { @@ -748,7 +757,7 @@ u32 execute_testcases(u8 *dir) { } - if (st.st_size > MAX_FILE && !be_quiet) { + if (st.st_size > MAX_FILE && !be_quiet && !quiet_mode) { WARNF("Test case '%s' is too big (%s, limit is %s), partial reading", fn2, stringify_mem_size(val_buf[0], sizeof(val_buf[0]), st.st_size), From a705b1548f903a8cc3f85ec960b5d09a7d7a3ee7 Mon Sep 17 00:00:00 2001 From: hexcoder- Date: Fri, 16 Jul 2021 23:31:53 +0200 Subject: [PATCH 439/441] small changes for ARM 32-bit (compiles now, but does not work) --- frida_mode/GNUmakefile | 8 ++++++++ frida_mode/src/ctx/ctx_arm32.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 44dfafe3..fad183e1 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -53,6 +53,10 @@ ifeq "$(ARCH)" "aarch64" ARCH:=arm64 endif +ifeq "$(ARCH)" "armv7l" + ARCH:=armhf +endif + ifeq "$(ARCH)" "i686" ARCH:=x86 endif @@ -83,8 +87,12 @@ ifeq "$(ARCH)" "arm64" # 15.0.0 Not released for aarch64 yet GUM_DEVKIT_VERSION=14.2.18 else +ifeq "$(ARCH)" "armhf" +GUM_DEVKIT_VERSION=14.2.18 +else GUM_DEVKIT_VERSION=15.0.0 endif +endif GUM_DEVKIT_FILENAME=frida-gumjs-devkit-$(GUM_DEVKIT_VERSION)-$(OS)-$(ARCH).tar.xz GUM_DEVKIT_URL="https://github.com/frida/frida/releases/download/$(GUM_DEVKIT_VERSION)/$(GUM_DEVKIT_FILENAME)" diff --git a/frida_mode/src/ctx/ctx_arm32.c b/frida_mode/src/ctx/ctx_arm32.c index a354c117..9fc70fb4 100644 --- a/frida_mode/src/ctx/ctx_arm32.c +++ b/frida_mode/src/ctx/ctx_arm32.c @@ -6,7 +6,7 @@ #if defined(__arm__) -gsize ctx_read_reg(GumIA32CpuContext *ctx, x86_reg reg) { +gsize ctx_read_reg(GumArmCpuContext *ctx, arm_reg reg) { FATAL("ctx_read_reg unimplemented for this architecture"); From 18fd97fc5ffc5ad94e735cfbfa0d500463dcb585 Mon Sep 17 00:00:00 2001 From: vanhauser-thc Date: Mon, 19 Jul 2021 09:12:24 +0200 Subject: [PATCH 440/441] v3.14c release --- README.md | 9 +++++++-- docs/Changelog.md | 2 +- utils/qbdi_mode/README.md | 4 ++++ 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 37fd90e3..94a38ab1 100644 --- a/README.md +++ b/README.md @@ -2,9 +2,9 @@ AFL++ Logo - Release Version: [3.13c](https://github.com/AFLplusplus/AFLplusplus/releases) + Release Version: [3.14c](https://github.com/AFLplusplus/AFLplusplus/releases) - Github Version: 3.14a + Github Version: 3.15a Repository: [https://github.com/AFLplusplus/AFLplusplus](https://github.com/AFLplusplus/AFLplusplus) @@ -31,6 +31,11 @@ With afl++ 3.13-3.20 we introduce frida_mode (-O) to have an alternative for binary-only fuzzing. It is slower than Qemu mode but works on MacOS, Android, iOS etc. +With afl++ 3.15 we introduced the following changes from previous behaviours: + * Also -M main mode does not due deterministic fuzzing by default anymore + * afl-cmin and afl-showmap -Ci now descent into subdirectories like + afl-fuzz -i does (but note that afl-cmin.bash does not) + With afl++ 3.14 we introduced the following changes from previous behaviours: * afl-fuzz: deterministic fuzzing it not a default for -M main anymore * afl-cmin/afl-showmap -i now descends into subdirectories (afl-cmin.bash diff --git a/docs/Changelog.md b/docs/Changelog.md index 7131360a..fcfd2ce8 100644 --- a/docs/Changelog.md +++ b/docs/Changelog.md @@ -8,7 +8,7 @@ Want to stay in the loop on major new features? Join our mailing list by sending a mail to . -### Version ++3.14a (release) +### Version ++3.14c (release) - afl-fuzz: - fix -F when a '/' was part of the parameter - fixed a crash for cmplog for very slow inputs diff --git a/utils/qbdi_mode/README.md b/utils/qbdi_mode/README.md index 641a6e85..cf5d3359 100755 --- a/utils/qbdi_mode/README.md +++ b/utils/qbdi_mode/README.md @@ -1,5 +1,9 @@ # qbdi-based binary-only instrumentation for afl-fuzz +NOTE: this code is outdated and first would need to be adapted to the current +afl++ versions first. +Try afl_frida or fpicker [https://github.com/ttdennis/fpicker/](https://github.com/ttdennis/fpicker/) first, maybe they suite your need. + ## 1) Introduction The code in ./qbdi_mode allows you to build a standalone feature that From c55f7af65700e3d11c368072d39ba6670efa477b Mon Sep 17 00:00:00 2001 From: hexcoder Date: Mon, 19 Jul 2021 10:35:03 +0200 Subject: [PATCH 441/441] typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 94a38ab1..8fcc31ff 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ binary-only fuzzing. It is slower than Qemu mode but works on MacOS, Android, iOS etc. With afl++ 3.15 we introduced the following changes from previous behaviours: - * Also -M main mode does not due deterministic fuzzing by default anymore + * Also -M main mode does not do deterministic fuzzing by default anymore * afl-cmin and afl-showmap -Ci now descent into subdirectories like afl-fuzz -i does (but note that afl-cmin.bash does not)