From 31b4cb7bb0794b08ab148ea8494607bb2012e215 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Thu, 1 Feb 2024 19:48:17 -0600 Subject: [PATCH 01/14] feat: implement code_signature_data parsing for mach-o --- yara-x/src/modules/macho/parser.rs | 48 +++++++++++++++++++ ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 3 ++ yara-x/src/modules/protos/macho.proto | 21 +++++--- 3 files changed, 65 insertions(+), 7 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 3db9bd373..2756e539d 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -40,6 +40,7 @@ const LC_ID_DYLINKER: u32 = 0x0000000f; const LC_LOAD_WEAK_DYLIB: u32 = 0x18 | LC_REQ_DYLD; const LC_SEGMENT_64: u32 = 0x00000019; const LC_RPATH: u32 = 0x1c | LC_REQ_DYLD; +const LC_CODE_SIGNATURE: u32 = 0x0000001d; const LC_REEXPORT_DYLIB: u32 = 0x1f | LC_REQ_DYLD; const LC_DYLD_ENVIRONMENT: u32 = 0x00000027; const LC_MAIN: u32 = 0x28 | LC_REQ_DYLD; @@ -242,6 +243,7 @@ impl<'a> MachO<'a> { entry_point_offset: None, entry_point_rva: None, stack_size: None, + code_signature_data: None, }; for _ in 0..macho.header.ncmds as usize { @@ -286,6 +288,7 @@ pub struct MachOFile<'a> { dynamic_linker: Option<&'a [u8]>, source_version: Option, rpaths: Vec<&'a [u8]>, + code_signature_data: Option, } impl<'a> MachOFile<'a> { @@ -421,6 +424,10 @@ impl<'a> MachOFile<'a> { let (_, dysymtab) = self.dysymtab_command()(command_data)?; self.dysymtab = Some(dysymtab); } + LC_CODE_SIGNATURE => { + let (_, lid) = self.linkeditdata_command()(command_data)?; + self.code_signature_data = Some(lid); + } _ => {} } @@ -608,6 +615,25 @@ impl<'a> MachOFile<'a> { ) } + /// Parser that parses a LC_CODESIGNATURE command + fn linkeditdata_command(&self,) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], LinkedItData> + '_ { + map( + tuple(( + u32(self.endianness), // dataoff + u32(self.endianness), // datasize + )), + |( + dataoff, + datasize, + )| { + LinkedItData { + dataoff, + datasize, + } + }, + ) + } + /// Parser that parses a LC_ID_DYLINKER, LC_LOAD_DYLINKER or /// LC_DYLD_ENVIRONMENT command. fn dylinker_command( @@ -864,6 +890,11 @@ struct Dylib<'a> { compatibility_version: u32, } +struct LinkedItData { + dataoff: u32, + datasize: u32, +} + struct Dysymtab { ilocalsym: u32, nlocalsym: u32, @@ -944,6 +975,10 @@ impl From> for protos::macho::Macho { result.dysymtab = MessageField::some(dysymtab.into()); } + if let Some (cs_data) = &m.code_signature_data { + result.code_signature_data = MessageField::some(cs_data.into()); + } + result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(m.rpaths.iter().map(|rpath| rpath.to_vec())); @@ -980,6 +1015,10 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.dysymtab = MessageField::some(dysymtab.into()); } + if let Some (cs_data) = &macho.code_signature_data { + result.code_signature_data = MessageField::some(cs_data.into()); + } + result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); @@ -1077,3 +1116,12 @@ impl From<&Dysymtab> for protos::macho::Dysymtab { result } } + +impl From<&LinkedItData> for protos::macho::LinkedItData { + fn from(lid: &LinkedItData) -> Self { + let mut result = protos::macho::LinkedItData::new(); + result.set_dataoff(lid.dataoff); + result.set_datasize(lid.datasize); + result + } +} diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index d9d65975c..0622889c2 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -25,6 +25,9 @@ dysymtab: nextrel: 148 locreloff: 0 nlocrel: 0 +code_signature_data: + dataoff: 43472 + datasize: 18800 segments: - segname: "__TEXT" vmaddr: 0x0 diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index 8dfd00475..bdae58d14 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -10,6 +10,11 @@ option (yara.module_options) = { rust_module: "macho" }; +message LinkedItData { + optional uint32 dataoff = 1; + optional uint32 datasize = 2; +} + message Dylib { optional bytes name = 1; optional uint32 timestamp = 2 [(yaml.field).fmt = "t"]; @@ -93,6 +98,7 @@ message File { repeated Dylib dylibs = 15; repeated bytes rpaths = 16; optional Dysymtab dysymtab = 17; + optional LinkedItData code_signature_data = 18; } message Macho { @@ -111,17 +117,18 @@ message Macho { optional uint64 stack_size = 12; optional string source_version = 13; optional Dysymtab dysymtab = 14; - repeated Segment segments = 15; - repeated Dylib dylibs = 16; - repeated bytes rpaths = 17; + optional LinkedItData code_signature_data = 15; + repeated Segment segments = 16; + repeated Dylib dylibs = 17; + repeated bytes rpaths = 18; // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 18 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 19; - repeated FatArch fat_arch = 20; + optional uint32 fat_magic = 19 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 20; + repeated FatArch fat_arch = 21; // Nested Mach-O files - repeated File file = 21; + repeated File file = 22; } enum HEADER { From 9aa3abe32078aeebf543f4eea60f51e84919e416 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Sat, 3 Feb 2024 09:03:30 -0600 Subject: [PATCH 02/14] feat: implement entitlement parsing for Mach-O from code_signature_data --- Cargo.lock | 7 + yara-x/Cargo.toml | 1 + yara-x/src/modules/macho/parser.rs | 168 +++++- .../modules/macho/tests/testdata/chess.in.zip | Bin 0 -> 237191 bytes .../modules/macho/tests/testdata/chess.out | 498 ++++++++++++++++++ yara-x/src/modules/protos/macho.proto | 14 +- 6 files changed, 668 insertions(+), 20 deletions(-) create mode 100644 yara-x/src/modules/macho/tests/testdata/chess.in.zip create mode 100644 yara-x/src/modules/macho/tests/testdata/chess.out diff --git a/Cargo.lock b/Cargo.lock index 4ca5c3209..a77c457be 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2775,6 +2775,12 @@ dependencies = [ "bytemuck", ] +[[package]] +name = "roxmltree" +version = "0.19.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3cd14fd5e3b777a7422cca79358c57a8f6e3a703d9ac187448d0daf220c2407f" + [[package]] name = "rustc-demangle" version = "0.1.23" @@ -4333,6 +4339,7 @@ dependencies = [ "protobuf-parse", "regex-automata 0.3.8", "regex-syntax 0.7.5 (git+https://github.com/plusvic/regex.git?rev=423493d)", + "roxmltree", "rustc-hash", "serde", "serde_json", diff --git a/yara-x/Cargo.toml b/yara-x/Cargo.toml index 45d4e381c..2ffd9f9fe 100644 --- a/yara-x/Cargo.toml +++ b/yara-x/Cargo.toml @@ -176,6 +176,7 @@ yara-x-parser = { workspace = true } yara-x-proto = { workspace = true } lingua = { version = "1.6.0", optional = true, default-features = false, features = ["english", "german", "french", "spanish"] } +roxmltree = "0.19.0" [build-dependencies] protobuf = { workspace = true } diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 2756e539d..5c438a9f0 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -26,6 +26,15 @@ const FAT_CIGAM: u32 = 0xbebafeca; const FAT_MAGIC_64: u32 = 0xcafebabf; const FAT_CIGAM_64: u32 = 0xbfbafeca; +/// Mach-O code signature constants +const _CS_MAGIC_REQUIREMENT: u32 = 0xfade0c00; +const _CS_MAGIC_REQUIREMENTS: u32 = 0xfade0c01; +const _CS_MAGIC_CODEDIRECTORY: u32 = 0xfade0c02; +const _CS_MAGIC_EMBEDDED_SIGNATURE: u32 = 0xfade0cc0; +const _CS_MAGIC_DETACHED_SIGNATURE: u32 = 0xfade0cc1; +const _CS_MAGIC_BLOBWRAPPER: u32 = 0xfade0b01; +const CS_MAGIC_EMBEDDED_ENTITLEMENTS: u32 = 0xfade7171; + /// Mach-O dynamic linker constant const LC_REQ_DYLD: u32 = 0x80000000; @@ -244,6 +253,7 @@ impl<'a> MachO<'a> { entry_point_rva: None, stack_size: None, code_signature_data: None, + entitlements: Vec::new(), }; for _ in 0..macho.header.ncmds as usize { @@ -271,6 +281,22 @@ impl<'a> MachO<'a> { macho.entry_point_offset = macho.rva_to_offset(entry_point_rva); } + if let Some(ref code_signature_data) = macho.code_signature_data { + let offset = code_signature_data.dataoff as usize; + let size = code_signature_data.datasize as usize; + let super_data = &data[offset..offset + size]; + match macho.cs_superblob()(&super_data) { + Err(_err) => { + #[cfg(feature = "logging")] + error!("Error parsing Mach-O file: {:?}", _err); + // fail silently if it fails, data was not formatted + // correctly but parsing should still proceed for + // everything else + } + _ => {} + } + } + Ok(macho) } } @@ -289,6 +315,7 @@ pub struct MachOFile<'a> { source_version: Option, rpaths: Vec<&'a [u8]>, code_signature_data: Option, + entitlements: Vec, } impl<'a> MachOFile<'a> { @@ -616,24 +643,114 @@ impl<'a> MachOFile<'a> { } /// Parser that parses a LC_CODESIGNATURE command - fn linkeditdata_command(&self,) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], LinkedItData> + '_ { + fn linkeditdata_command( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], LinkedItData> + '_ { map( tuple(( u32(self.endianness), // dataoff u32(self.endianness), // datasize )), - |( - dataoff, - datasize, - )| { - LinkedItData { - dataoff, - datasize, - } - }, + |(dataoff, datasize)| LinkedItData { dataoff, datasize }, ) } + fn cs_blob( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], CSBlob> + '_ { + move |input: &'a [u8]| { + let (_, (magic, length)) = tuple(( + u32(Endianness::Big), // magic + u32(Endianness::Big), // length, + ))(input)?; + + Ok((&[], CSBlob { magic, length })) + } + } + + fn cs_index( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], CSBlobIndex> + '_ { + move |input: &'a [u8]| { + let (input, (blobtype, offset)) = tuple(( + u32(Endianness::Big), // blobtype + u32(Endianness::Big), // offset, + ))(input)?; + + Ok((input, CSBlobIndex { blobtype, offset, blob: None })) + } + } + + fn cs_superblob( + &mut self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], CSSuperBlob> + '_ { + move |data: &'a [u8]| { + let (remainder, (_magic, _length, count)) = tuple(( + u32(Endianness::Big), // magic + u32(Endianness::Big), // offset, + u32(Endianness::Big), // count, + ))(data)?; + + let mut super_blob = + CSSuperBlob { _magic, _length, count, index: Vec::new() }; + + let mut input: &[u8] = remainder; + let mut cs_index: CSBlobIndex; + + for _ in 0..super_blob.count { + (input, cs_index) = self.cs_index()(input)?; + let offset: usize = cs_index.offset as usize; + let (_, blob) = self.cs_blob()(&data[offset..])?; + + cs_index.blob = Some(blob); + super_blob.index.push(cs_index); + } + + let super_data = data; + + for blob_index in &super_blob.index { + let _blob_type = blob_index.blobtype as usize; + if let Some(blob) = &blob_index.blob { + let offset = blob_index.offset as usize; + let length = blob.length as usize; + let size_of_blob = std::mem::size_of::(); + match blob.magic { + CS_MAGIC_EMBEDDED_ENTITLEMENTS => { + let xml_data = &super_data + [offset + size_of_blob..offset + length]; + let xml_string = std::str::from_utf8(xml_data) + .unwrap_or_default(); + + let opt = roxmltree::ParsingOptions { + allow_dtd: true, + ..roxmltree::ParsingOptions::default() + }; + + if let Ok(parsed_xml) = + roxmltree::Document::parse_with_options( + xml_string, opt, + ) + { + for node in parsed_xml + .descendants() + .filter(|n| n.has_tag_name("key")) + { + if let Some(entitlement) = node.text() { + self.entitlements + .push(entitlement.to_string()); + } + } + } + } + _ => {} + } + } + } + + Ok((&[], super_blob)) + } + } + /// Parser that parses a LC_ID_DYLINKER, LC_LOAD_DYLINKER or /// LC_DYLD_ENVIRONMENT command. fn dylinker_command( @@ -890,6 +1007,24 @@ struct Dylib<'a> { compatibility_version: u32, } +struct CSBlob { + magic: u32, + length: u32, +} + +struct CSBlobIndex { + blobtype: u32, + offset: u32, + blob: Option, +} + +struct CSSuperBlob { + _magic: u32, + _length: u32, + count: u32, + index: Vec, +} + struct LinkedItData { dataoff: u32, datasize: u32, @@ -975,13 +1110,17 @@ impl From> for protos::macho::Macho { result.dysymtab = MessageField::some(dysymtab.into()); } - if let Some (cs_data) = &m.code_signature_data { - result.code_signature_data = MessageField::some(cs_data.into()); + if let Some(cs_data) = &m.code_signature_data { + result.code_signature_data = + MessageField::some(cs_data.into()); } result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); - result.rpaths.extend(m.rpaths.iter().map(|rpath| rpath.to_vec())); + result + .rpaths + .extend(m.rpaths.iter().map(|rpath: &&[u8]| rpath.to_vec())); + result.entitlements.extend(m.entitlements.clone()); result .set_number_of_segments(m.segments.len().try_into().unwrap()); @@ -1015,13 +1154,14 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.dysymtab = MessageField::some(dysymtab.into()); } - if let Some (cs_data) = &macho.code_signature_data { + if let Some(cs_data) = &macho.code_signature_data { result.code_signature_data = MessageField::some(cs_data.into()); } result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); + result.entitlements.extend(macho.entitlements.clone()); result .set_number_of_segments(result.segments.len().try_into().unwrap()); diff --git a/yara-x/src/modules/macho/tests/testdata/chess.in.zip b/yara-x/src/modules/macho/tests/testdata/chess.in.zip new file mode 100644 index 0000000000000000000000000000000000000000..4c882410b782437a02c8c86ca578ab8461302e56 GIT binary patch literal 237191 zcmbrmcT|(x*Dk6Xm8}SDmEK}UKtMz~Bq{8{>}g{c-MhzH{y$WF%p|bFQ^!S@U`3f~$67J7l(P z+xGXigwoS)?+taPrt`$M^*q@t`bK4&x1UdVxQ>5_^Yz`^#H?1n`27155iPN8`;JAi zZQK6yl8PYyp8cA>B8XASK`!*|;tMk#WPbgbsoNC!@LmP|=xMq0e;>Lu14xB;g4BVS za)6Db#6#v|%3V;A7X;C2Zy^f8%||W(dkXV*^})J;J&@V&-rrT^+a9Ge4Ffg+v&p4G zrZ7w(<~JWfs;6)=AnGyq@2+8mH^uz~$ZNEkX@c1wAn)J{%p=3}=6X`b91$Jqy)&5G z#nAWBLY@~37IsZXP1u1`rP8qsfh|0NbsRge6XeA2V%W!ZOC$7)%LGW;sbE1b{D5m* zwOH^FkoUo$0}oN}c$_@-bfa1DTtPzi8>`n^9&u_Qu4or+%aW`~kd+Hw^~w@dSvY-o zRpRU}K7suF>4@~iS?(esX+1BKu>|2RpfXMEj;SG3{$wS@;#Mum`+3K?gc5Qst2bjD z68#8a{A$p&U+6vgnHt^*;Om_i=VD%vZ`Vd0pX)zA=^ws>)=vhOb9~4bkkSWwx~SoK z5g(f*{Wk4pd$HVO$VOre{m$N{A&k+{b8*Fj(LkwTvXWg363rh=A;PRk|@RgiJ*h;%M z%>xtl9P;{x;{+EqJMfoZ0Tv*lU-9d(h@va3@vOGOjmWCV9MQKUXmNzo$Zp?iEl^z^ zVUX%o^sT(ww-#t)ChFBKBsI&f-?ky&0qHK?fX;KVvF43Mhe}D~!Rj&pQHQzB`}SbQ zG{0ue5j=M`E@7~40~)#hGq!pS1gSv!IRzia4giEJw-k)bHrQD1!nn}@xiofz=B?V; z$tbH?AwWja5~lv$Y!n)@0Sd}PP~RR6z;UCO$cOrO*Xw2cXWt3Gn*S7`3A}}L1j6j) zV1OB##|RC7XGzC4UEvo1Q!W6y7~f|`xuOfeZ=yeZkQGE^1d`%50@r*FuQY}i84*xK zo7Bt%CfScBM0eDis6JHc9&qUU;ycFq*^C$>Be>+#HWXF;W!*G8Iy`UVYj zAPNZoRnCLud6R!vK2>|TFh7rayH*X`*oWW`8fg_(Z_o~DKkW&+*PCwOwRkj!(~RUz zp%A=JSX8q(tyo@=7k6=K!ruzQZk9B8U4fu>lfJ$hONkyJa|>R%+%)I0%DkkuBKfOH z|9J*cx|p+knUSq5P^t+eYp&ci#%`3E{fwh2({6AAx?YX@=`VzG8hwT#jMM^$f0~yV zBs4uD6FNXHFPe!r2b7H3LFYLIu-uNXbI2LlBAEB&RMry|AIhTT2;)*c>gLXEpb5C@ z3hB6SV`g|C&1|7%eDr^BtR5f)ho&?3`E%v z($XYXPA|!LsGN%B-kVlFG*emxz#Qstr@q=6LPzOZa4Dxk{1-(!%3eTA5E{YrBXrEW zqF<=j{SQi-2*`Bh(XEY%AtYP-n$!^?Cf$RK^1mLkQTCf`Yl#F(VKu(C8|-}!0iH$R z=i_KQ|88U-dav@ETM|r0vmz_F73rD-vIL>6ej6>^Q~EdPy(jgb3qOV20JjHwv>#r$ z`tWsKu4qq`8-*#|2BW`Yg|r+eviG$4xqC69SuGzO-8y-a^rbx*%c@HDtUQ*@RTgQz z>9MX$kxzZGun!OriavU-iy{^h@v_EtJV?2M?k#EDY3bs=%z&sMq!FD^HVlOH1Fb&; zE%tt_0q=c8EI2$XfdQ+PQnQWaOiOQ=(G_@&ag$)9=NmMe_A zR&V!1&8!bM9^!*BJymf^t@f{YBom%bBylHPEAlivkNFo{AIOzwmtzr_&~&lPGh4nr z3obxZZijGIn#MrruB*_welYr<&(b>~a6y<-yTL{IEsp zyWZKyd=K35qw9Wq7W%bQpPEfHX_vs`o7p{wtdWjU7m&49cq{{(bEOKc6w-b=^d{#) zmVK;|#KV{rGqRCh`OOO?B)PHKzpvnqTz2Ay=eB2kcKc83dwBWm97Zm_}@Jm;!&)Q_2JGt*&Si zLbJm{cwHRJUqafCbz@1v=_Cc4>(BYRh|d1aht1r7*367O;oa2>nz}*)6EUpCs&Xba zm9=3J9{~?yR$QQbiC6aNQel!_^B8)Sq4#!N6EIT^vVG$!VE>)e!}ONShzl@vhsQV+ z_d-%b6Y0ZCzB<$ul-_YHTiUxPe94`p7kAf2>3vH1O4CQ}FJG~M$#42vv8(_=ID!Kq z<{OX*pu$2Y23?vXCyG+y{1A@ z1r&84tEK`lLzI1Xh)93p{i0_(hWYH8ki9&Lb#y-ohVtvnX!;2*pMh2=cy91wVDpkQ z@QHUn96I$UL2$Upp+TmuRLFqfW2T$Xvu8_%6#$H8qU0x1#y0gMR~bi;I^p0=p96L~ zg5B?K=%PL-_V)=0NY0MwU9`;vy7}vI!SWR~-$)&d@0(qfCrZAH_7c3}aU}xGmfJn& z(Kt08(sHxkbNZ)K&X1wP<)L34X$PQ=-^0_&poEc(te@FOpKcrbO@ z)1|=F{gEaRwMM3daQYApdHnRMbe~k*wQ4b6+mbC?q%H52@Fh!KaE#`_wVOa~WYs{H zbp4To&_Q7_wpj4r4CogYnu=F~Oa8kt{}UlntsD7}X{5yeNa_Ddpu`09={plwiYuQ% zL7o3UTEl-8_n4LCWv0m@lFw;_ko7h|Iw0VLzxu!2n$t4kGp~I4|IPOOSJnSZ1M~|I zlZuY_|L@H3-^%er{svrHXPEz|w*9X{AG753R`>FL#QhI^;=exkUl%1`BeHOOj45^o z2?1pOzefFUeNVmyTM55DwY%&8-+ItTWTrHi|1V^i|Gxq8m{sz9zbxl7>;Ecv43H$u z>o6vLqYBX70RCX}(85fpLY5Ps;q8=O+b9&MdO(jmt!G?6|Ij_GchVf6@KyPF_k%|I zGz%LH?RUa>`2Qj0{XW>S7W)C4S9nP~-y{6d_FNjxaEs(J)1Wpd?cBSqifHe@RQLIt z25kAkAxIkStI+-V^O}yEuiE8bov9$dd2qnt0|!bacsdNu5BjW`8`OUT=rzx20m4M- zD02VA8tLj=2jTh#s75(f*}aAFmb}@Vm+w2443vF59(FZ@%h`I)zY3B8%-p*>Rvbbc z{nPqS-z(xkSuODdVUPaN+W|pKhexliVXMpP)>W8O+0i;}z%|2$?8Lf!iXW=EMC1z| zD@aKVKZakF48Xg#MWGRyQ(F(hEnN7zn|k<9?hD+7SvuE)3j_erBI$At^vlng!0r*n zGCS@U-k5LI!PQ*xyak!2w&8uYkyrMw?zqUm%$^20mGl+4_TdZm8TrZXf_`792jiA9 zwx!vH{T3cY9yfWtomPX*$gnave_lUBXrlHiuhz!+Y|2dAdfqfS`7JJ~?OE%nP3xo4 z3_X{=n?3gyAJh1S(rNtVGdJ6N46o_x?}%_rok7~ZQFpc{Lbu}(Pn?cOAMUCOvGw?q za!W(joetE#u2^OmG^}cB7}afEg2gMJ`3ZD+2r^&aKl)|I1Z3oJZjMqLKq4{^=k@G_ znHVDaF^6b-E}485k`S@SYkOU~+GYH)=)ne?l`fTjvao?#@W=9qsZCK5(Jv;wYO#X$ z-ir1%TjqkUN`&pkolaM#5yral%8ei0hIl1=z%`4Sd93o$qYKTsk|qx<&TOe1v5b=i za$IAyy+4^wxXMg<^_VO>oL^Rud@-rj(dV_T>{Bcz67_-+5{qUzyNAg7rdV&cu`2ye zFWYSt#m>!Vndi#yp+EZejkUarIHxdbggJ4(Me)Nx!h-=I_Tw2c(Ooku`|TU%d1>wL zt$?wsjuTjQO!I}axahM-u@6uNFTw|Atw_dfBc)WR%}n#t<*2j;ek+OWH#PJcjHB>V z)pB3e;bb^i>x9cGxev8IEj*Rg-LU~n^)Ok;b>5w7RKYh~|F8)vhT?sau4DFfPIy33 z;Ixy$AXVoVH^@p6*^*FOSLKPlx3{O6?nF>>$ZtwKYSwn8n}n@y8&VZ4r@IwDiO{D1 zpdP3hxypJ-MCTn*X^88s{iptNktCio9=_z-7Yp_R?#TdJg5go}`n)Urv5%72{)4Lp)S|y#A3!xK$;Gfvra%0|Ay=_zT3RkcA&3KgmD!I$ z59P7n%DgQ;(oYCo@h*g}><7-;hkbACUpf>$l_v5zC)Lt>&oc8beq`6_mVT9fov;Wa zf3Z91ASlQBfqQD@l-O_D;84N^voNqg3itb1clwnJ)y7`g z+V+u9rCF&`)p`y4bx6WlJLnB~$Nh7nPnUdN(Q7lhy2ZNiFAHEW89+iCgPHG$ zE2==Nk-g0Sf#@d#X;;{%iA;l$r}z^3wP!QCui>5ns_-*t~4@e1zxU?X)xdLK!iv5v!-HE*NLa@*qi8bditp@ zRSZMXF2yMhL_Gb>&)>submZ%fp2%j1FQl)adZN3%<9pz&d5X7sC!R%0m(?V#)evTHi>nVk@ANwS_r%Z5p4H z_^UetQ3Z<@?3k5}yTYV76Nw&3y zZuNosV9`h6$807?`eQ@_bOdTf(K~_3;-p_>6Hkevg!g9VaK|SP-JV0kfW@op7gVkb znK!s1Z*<76@!&PzQDol=A}JKOX_!#Lr1JJP1pLt>1qKvxt45 znx=yOT^mp{V$^wUZTsuzS~{cK+JHNAX3`Oyyl@rjJ}$cQSllGCAly^a@L0{bq`#{9 z_9!2b{=Vn@Iey=6oPt#4*hSv^QU9UIm*Zi(`r3DJq$?~InUVhE*8by_#C_wO(RIWJ zpQ-uFAAr@mNmsn~;L$^}J@##YOEhugP~XOqR#=}n2{|BWUpmABz+XJR7{7=rw&JrB zT=)eNyl2g-G4(K!*Wr^fHvty-Max|op!@F}1Yh_lhLPb_Dhrh64l)wX&3WJUA{l@H|AZ-_jOJUh_X*~d z9&xdRxL{P222Vp@yY_9P(R=R3;#)hhw>XVI_WtJ2>%TvL1_WpkE7WXoL=Z}eCdS?_ zA(S6>xRBNXC$%0SnfZ+fxo^0Qj*g5t>#M`pnwNo3FPi@j$a1{#!HLSYyeCc8-w!`W zMEKeSK-LeDH^%6j@86idwN=eb3YOznTzE^tYIx@s9<=E>Aw+ji?zt~^qY&}>m}Y!l z>aK#tBl`iuwOIy{vecZzPZ|BlpoNzEJ`j6J-P8stbwj9r$fb_Z?&mj-|_OHG{&OA02QcpfAMB})DfmJZp zEpT*P0S6l6vBxZ<%qwzZ%k#keKP6YB)Dp<>iC)E6lQw{^JsMtP?0ybh;mBwB4In%F zoFbo|#>iv#*`%2e^+ku7+m-oj(w$^WLsv6p+~;!E z7wSF6_z-OeyW=OIqy03n<{j>reBb*U6Mvb$Wj5Yp@AQjZxTVB_`UR_Mv$VTMorXR1 zM0I%w>5c}K0`At!kOcxutU2}Q=u$9h&Z`znEF?5pl@=|(V~ZC!SOx5TQGw; z`S8CvP~_O~>XU{@wc)&9DvvSE0m0olbWACxtk^Cdf~DN-!Fn6J#3ql0QF28pJzaxJKSMBJ4=^K zRT6Qa(-R(hrv<68x19FlA1PU^+*jkw1$E#99!VvA>I+uAVG28jDk;a4^fog07&m+_0PFIOQHPUPK*a*e3`{!#1 z9`BuA^Oj0%LHmBYZ39BOc3pU^bso|Q$|De~d?(0dC7nrUk^#{p6VN2wOpdF?uWj0! zQGt{&UbXyIqL5BAUO#p347(~BK=`6Lbzl0wa+ucC)NC<8!UD*&e2;p;3=maU4g*bl z-6_&0{o?oo4V*(s(Z#)#gU4;wu$v0n;Lz2JDc=lVD9FzsOY#X#ZPd3eA$9O@)vtI` zp+3WD!%mY88+qT<2Da_Qd%nmL)mj*IbUw&Ertnj`C;&-!dWzao%1#-&q1u+sbD=}H zi=5m;Np7;4Xq70^@u9V$h=ASmD976 zizwK*`D4T2z_XR`6i@Y>M~Y{2&;}pI24;@jR|U5jU!HZ|NlI+8!jo{F5K;BzT$ay7 zKdj+AT-az3)lj~%7T%3ZBZ*n!^gl8{sXHN3Z4}okStzXV3syG28RzfFPi%g%ji!%( z8>O}~$jas!8H^OQy=KWJX&-bs-wZFSwu=ZJkgNHv?A%;CV~12`!RzwIacn?4K)OZDBkQIm){y1tnHC)0!Dm)%YP``ccK31uzIB^Z;u`Ehf{akPnq36?)Bm>3AI^! zIimo+$METW$>(k?`;DknC#W;sC%s3ISOk71WVtlm#ozQ<$`TJI+qzh)4GT$()F-TA zpC`vUceuAPq640!-sh@Jzlb{3mCIr){{R?&yXM2(+kh~Y5MQ9~3*4*Ibq%}qvDv6x zJ2YLv$m00X3SijowtU$Q29o-4Ywwq`^|nTT+1xX8fn6$;n65~>>HA~QZRf7HbcH{4 zNUJZ575`T0BOrU(JnY8tqtFfy_xm33`LwG?vaeNW%X+T;cyHFq%Ln6AV@9=D{;i;* zt1Mzq@tHOMY{U>JdjWiOT_QUY>%EG)T7o}(@ly75Zhtf9PQEi))ccJxLxTxD(Br$h zMNQHLASB#5&o}W>n_yeOOSdWHW^rYO&$v~`0W0sp)-yrygd6{|;@m zQBHhCJbkbIVY3@5=*t-?MtD**7xDa4{!;6^+z~>Cxul7g%8w%XHG$YQ*W-JiS38_K>vgW&sWq)!5tN*!w{~#iW&sZPiqpEyLWqihBfX&R;nK ztqg3J?7b~ramk~MLw+C_i4S@U(=&<(@=X7k7!hPC&m@~X_2Z!!tp(djS={{rmk-=h^rCd=WAYPfZ6Dj-yy zeqp4gaA3u|YzE1@M0eon{U*9bs5o@Fo>TO6=pt9`B#y`j4x876tdLJNru`jnvL_=t zXgEoP8%>rNrGEJiTKS9j$k&nbwwq1%`Q8dgDT@uE;JcoMc`Ku_`Gc}sKRog&2v&bA@KM!eY82lRS~6a! z4+A|K_^w9jXiC&-a8~DXauKnuYla)8f`@U3Os-K6AncnH<+k>YcBGN{EBt$ix=eD- zTF&eg+l{mH*0`q7b+ds6)1{3>(UbV8sB8gk%^m!TybqG%^`mLft6YO` z=rttc<(3l`u)(k>gW&hWB}W&2%piSJmY6hC{VU};qQk!ik%ev&oZ##<_SDJomR@3^ zQ9(N?cSVV|sSS=+^GuQpxk~x-7hp$Sdp#7JZCB!hNrtLF?1)<>pigrZqiQ_bfWC&7 zl3m!^DSdC*WMHIW-O9Z!o^@FIJ@7U?Iz;c z9!EfR{e^9*FAy^ND`Zutm?rt>?ZL{ocsYHZd;Um+jgv%#RyV0o!wl5xNFb#B;HBDMX*Kstd;zTa$w?JE?oH7tq-; z=_S_W_2ECU^w_%)&bG(_O(9ygrar?uw??|-{2J9C2|sCu6OTEu>Q#sC@UDr53?|Rl z2XhHV#_*IYKF=rG4W$J3Uh}gX;2#d#U4ujrwh9`*qNDvjaP@^|U-SK@PExfyyQJ>` z`?p&gaHT1X=cJDOb>pQopYgi4s(ZFL_E7O?z7Ws}uda=8C`lq^PWX<2#q) zHVnMsY^0-N_7C`d%2W4wYt8pU@>IoX;d$Q_eTU=)#G{cBNvZJfH3YI#pXzwwt&5*v zbFrd|o69=mpOQd+6ZdcQN$$^xTWi>MnqbY}{LRi5 zpZmM~hRU&Ex`RpVCwfh9#(MZ(9p-v`_~{%u0kO{qV?Xb7sOZ-5x*u?dRG=T4@lZ?T za2TC;=I*IMJ8KUIsR>(VbmuPE-IefD6c=^RqA^c88D zO`@t2d$pag$)p~*on|F~lJ88^l#OrduQ#7u21W_#a+~)OolzM4SwSyIm@u5B06uT= zOnj<--XAIOjM6AJ2SZ;o3b9V*y{gKlGPN?I)D)rKP@^yyz1%pj!FBuwn8Ek6OMb+~ zov3bHx*Khsf;P$5Q@V+f1uz^5_6OS2nDw5R7fC|yY5^9{Q)DY0+H0As=&^E-8WV92 zwG*2RSnM+dxpgqdPAMXAPh!4tL>U5cdFClC+O4!hQ)skbdf3REpm1|H_8_+ZR;kG0 zqnBexORj4DzI7z74vP*#g~o{-0Ul`vc0c1qIr5bAVOLHQcm>u}zIL7Zy&&&s@O#r6 zU@nTu$^B!QZyG}xn3?ULQIKpuTaE|PBKjkV1V@aD_aZ~cx;kSRmMX$}MwszCljJK6 z)t+gn-WT1hu~T~-=Tl8dtN_A~==}O=$M_`V6c^7=0u zW5~yClcgeu(@89%Ut2U(;%f?{>fW*B7(2iUx()I?50B?!4V-Tdvg_2_>I_c&A$Leo zdy+FBh8}cM=Y>QlO6F>uk}Kwrmx9$2lFZa}UEXZLMCNyjQpeIvMyrvFy2}77yOEiL z#+i$#tBMsxn-mA*$YP&G>{Tgzhe|Sjt|7g|&yKzXiH6f-pO}L^(yg+?Pw)orgerq- zzr&P}Cp=Pw@7DYG-nBIU)wBdl!hMfu1AX0Edt zC5rTSP zc^0*Wr4M|bL&tHc!Tpi=cjiM-U40>y*?_g^#XWD-Ur%b3tSD-u8;5YN--bD!KlZ7q zZE@zQ%%x&y9z0bpgEvx+mQMAo5;8tSux4ov$kr(xaSt>HCdxfLmW^TCuFckyRDdN{ z(bN{(otZKsp5;y@h2m9xMRP_K?snNun94V0X z;2lcT=^j9{`GvZw9w}`ZCC}79Gq$Wu*m6m^1Y?E^zvA^Ir_{4u+I`X@KG4E)f=ohu z48B}%BT5LOb1KK=__>ZJbs3$BCbOt|TlR|&=?!`mLMNnd+HwyKk<2X91MJ%=Bx{ok zhl$+SgVM_Y{TZo|>E$rIR;PW^G^Spl@oH6Kp5OxfitQ{S*dydj&ed(lhEI~MXKg>s zZ(X$%RBI|ysXa9w4u8Z}U?~`x_o~+x_k<6S{ZXu_&VY5V9e2bh9C(BYzX4tXrAj=4 zG9+va?2qJigD)&TgwtTqIW!s{9((*sK@$r<@-IJ;b3MBG`NNw!<=7E@`+Qi;o+xXN zt>DdHG~sZ;_c=H7QXz}@%ffx{!hC{TZAVxhwwH8Af-{L<->0=p7)7;(V$daDZ9HW} zCfPLllck{TUiZ5RI3Sm|qO({S93~8#I;z+xZ2jnq0KU(zZ&~Ntnx_cLBD%8H#Jm%obD#IMP$ z{|i{YNPxU=Q#rX~AvvZ?6os21l-au?BAt3i*l!D#4T;&ascvJy^tYI4PlD9qj9=aF z_=Mf8ENb(+1%9O0x~7gO4ID`fSyR{UJ4y5sr9Q9hm6>Jo*04UUWyw*b`Bvq(HJ_;51;p!pLp=AjBbLiFzf}{ z898Ja7uKOue=h%{2*|_MNbcY64M8Wn=dWIC^)Tbq_X@9*G0>l#jkA_W#NTEh&$q3Y z1Gi`4kz)@d=hkHUyoqaEX}k&NVux_JrTL3cjR)s7#|`-o$G5zh)aaF)CEX$8eQiT_ zh^B2ohke!rt$b8XDY)qK{)kYOY$Nq)Z$MdN_!@{Mytt(l*Pf5hO93)R(IEVyCA;a6 z{uFYEjKNN*iP1+`t30tp$PjEKmKDZ>0Ay9n?2oFB=`OXlB2RIm?=~f*spY|KM2+uSYBvoE2fNxBinJ||ilU~7&ec$gqC`QmKN^LlS>W#%SZF+G` z$}2LNL;*uwyVzyWJ2(L?GJW@q(jHHlTzVF|#MaL23kQl~q0t#@miGJ0=(?e4G+Jmn z3a@vrOwBinKfc+zDS3L)agXHV$W~BKhr%2c(REfTk|WLX-uo^4+UHKAh;65Xwc8t+ zp{RKNSApbkaHvzyCmdHoa00`{;;ZUTu>Gf)R_L zkZ+0b(!<}HDeo8FeRx|I-Xe?yz!`Ew9q+aoEe?+_F4xp53`KXHqp#XM^+F0V?f0C6 zh+!5d^An>ci>zR`z*jvw8*U&wR$@1%4<>K)Jkv6pLPpWP@|@b7Kr(=`(anI~BC8e` zl^8c##cL@Kj~f1E<#`ugV96*Y`sClXxi~ZQ1k`C)a7_A6*^8iE94H7p_i$n}e9Emy zkb`2erR&~Cs%|2w`u@7r&7Lf`fg{bclfHtNa*?~cd?&7>M|Hibm{UimR zse&Y8V)a^k+a%k@5l_;jTV--*kYzdA?M-dX>~JwL3SX2B8fMQ5>qM@FzaQ5MdOyCk z2>#8_y=caQIVfvi`n8TYV@>`f2zEl_@+j0|&^%<*6<_X&a+tK37IA5$IMIogxhfG5 zZ;G9Ox_;Va(eW56&r;rpNA=AbLZMJst>KfHI+ygJ*=f z>^R*RNxikM2&rtEtyagj02U=uh7ITMS(X-lN?-<$*baX3ro=2}j{*V($?#T5Ldrwg zi)Q!3&s;NazU>oli;qnxy6g^PqmAAi>yz*t+hji!A*HX>&fSBT_j#HKHfb~|=3j;e zCxtC6*7rrz)i9m^ygk!_J5@)!3b4BgExGCrYGDV3ULzAq>;QOeCizSR;ztw5`2O$M zBlJs=KLNU1r@3EkV}15o(&}i&%UUE7eu5LEk%She4{It3zC_Y2=jy)*AA+KY29biE zTC0EA&d*PeHKaopCw}X>2+CNB0>>RQ0g0Ap)Po|%sEiFXy8aLhBkjE}A@bs}vng8) z0&fr8DkXfE5funH35Ub~gvRYE%VyI0cm&=LHN>N|T5T^Q2Uj`N6}db zzJji(5VPkIoU*m|Xg+?oPu@n@FLz8M^q@ZjysyVfjm4K3&w!P-A3-e{U3+*A>EWycl##|*BSFu)8%tT2w>cYmo2>&@@8 z>6_J{TMc@MXz9=v1lZupQ4K#wq%Uku2lM2MZ!*v{M5-pFzTGU9*T{`PcFlK% z9uNpJOF`OFsKm7sZGcYPa0uM0@VnG6brHLmU6#kCma{SD zD-5ubugVeioIR7J(~khpkN>a+jJdwtuoyfvZGN4$97ffZCqxWE;NUs#Wx+>>%p_rX znD){+Vkj##f%dNS~)Qr%;+BXYD>9s$EXYe;v1`nb(h3y zAtRh@crJgLu|#;?;e#LOEcRSx3}4$79PN_tX!msKrxO%vR~=@lCgPafA-fw@!NvWb z@_v9f&}s|bpX!WPxCR@ptJMx3wJD=RPmERFsTz@A}pkxf8Xz7AgFzCm$oqjl>SW z%(ue1oxB`Ih8*LKFPC*c?Q1n0xiUO3B;w@Oq&AVj1|>D24%<+0rBQ^5KN0X?2=Ay` zV7CA-l={L6znF;-eZ8<`KT(}794se0A?M?oRhtm$xSL6IFQfyMm!GCT=Y4t6f%FXW zMAh>BE)XqlIdnaiNushnLy=wP>#vW|ZegXdU%+->^wxhNMgsGks#b=L`%XgPE_18CVdI_ym1WU(}uWs)xm}wTfMMM7( zy!aj^5lo$BU%iLgvNZVi{)hp~(uyeMO5)F|7q#gc1Dc8h>)2HM8Y{KKZq$2V~hZGy#9W!`5u_yZVe|RwrD|#@UJL127-zV+rN&aE+ zR%a5K$Yv(g<$cIIeUBJh=8t?L`J5=o4<0^$@1|%z)omMFks}9iOgZ9FsR;rNhE*Z` zZ1}<y7XH`Lww}sJrn&3fve&nBPtu2(IKQq?J68EbBs~%pe2zh*c}%2NY`m zis>V?3+?HSY7WD6z4BSgIGqYCg!kuz_=jzJG=ywhuNDhPNLG#y<{{8F$4-T(9O}~j zxqu1H)69r4H`Z)vo8h&Ys90m zo5!l~(~56uqIMkKm$9Bko>5f3&KH4D5MOCMWx|bqgGs(TVM9BL6(?8;e~7xaOjVba zBMZtR@@9Q6_)0Zo1pipM;T2tRiy1CX_?@oO{5!Exm98jE$aO}hUQlxgm9o%BRxg-x z{H}!|^DO7&H}Ne`>2yQbYywY0bdk}&PGMlC!|yB}GzSyehYrIQ|J+Rt#`tza%1!7K zudesiIQ|4KrQk>J*mtWGBBHGY%XAcMY?HfaN%n0Ov{7`>Q#P2$W$t(Egmv)n0!wt^N?TO8gdC6! zk9rl^i$eSK{qRL-zJSi*D87`IAk?%?jO1h6;8&+k{hTiH4cqs0C#?kF)vR4FbNKC) z=DoInV+%%}o(zhJ)tO`Wq8J_v&vn(bukku7Ms>H|iCeOh)Dp#OK4TLi!2w=9Y`68R z5vmiUr6z(&l!|wo!>7uEle$LkJsCBRIq8s5zI}s@PSCRsnRyKkqJGdV!fYk>;=c4X znOGlW{_r1#NN}NI?33iC8WF-K&3K9s#*K@mT(i5?8S%O+vv1B}7I2L3FK_-G+qXja z4B8Ana}pI%th!kw0^@Lm<#Ft1;P#9#(%S}<&N_NK-@N>br+X01QokZ|U(%W{>4E2} zZjsfmm_pg^NHTxx5;2a-mYhhA32ol$XhIPb>bDddx`eUJj6CTJd2&YX#Vf{g?vN20 zj6q0z^ESd!L|s?&`dew?=-!o_QHWVPK?K$FA6)KCFfsIGd^Pzeorc(BF#F@i3L`65 zOueo7ng42gYD_2%CY?ez8cZfJ~G z!=@cDC7_A$6!^d&eV?a1F~bY|Krsow=?ZxD4BmUU^5_{gPS8cn0?5Yb?wVW8Gw7o% z=Dl`M)OFx{J%`a2uo2{j%mxn&Z-PlyJ41{NMxPNJ>|*$ zwr#-E@3n5;6BL4_dl~e1gKgajVZ)%3#dsA`^o!78sPgLz=S8|Uy^b&qL z|J`&dlrp)j6#3m#?!4-FXe4EL**rZcDg%g&5Bhtm7zImj3yYgZ3*WK7T+9}AL1y2- zkEAwi14d{8rE^6SzH+9 z`JB)fbNbL=Ryc|xpZD6>5~pXP)>_xZGsjjA-9treoUVp3w%QO+CDWpMando-I9)C{ za4L=nj{AIrA-gfm?(s;mQHrhMy|{jEF`ck!MB+IS>$e=yEoQegEJEZ{Ci-GWHMRS6 ze-IcjlZD0@G+Sei8e_C7eNEDLXl6Biw?NgkzMUI*v4E48L3ywmb%xWJ@%1LFIqh!9 zT!A+8w_FWp2|8pn_~G}5v=Ag54XO80^eSIDNk4qe=cwRLte_sEeS@G0IY#6_1_)td3zPgfnq^N9| z|NT^{hd>E+$Yj?;A~#l2$<|^GQzFm&l!`X8t-IC4J5hE&cn!{9`4Q#0Xm`HED*YYX zjvo|Q#b}{88CP$_wc_?}M$En5w8&7+J%Vl15~9B`?~MJd`;ip(j_sR`Z~;#XV#6n` z`2`G$IBSfNi@qcfk+Ng|M2}>Q591#o_CzaSM}bWP+C!%=I7#jY(GgbbQ=@>^D-b^Y zf;H1IOfLz_f*+J-wYX%}K_b|=&()NcIOOP3%I=~_s)=>c@BE#BS7~pJ#>;cbMz`kJ zO^{N;LeqH$PciUpGy``j;)mcth0Y0`zw1nYtX0pdz+hp7jzQ?{Pa+mSho{g$3nx2= zp1hCjj>eE4t>X(FrM_are}rJLg6o(*i@Rg9z8wND+v3mP8%`u0i>s@RewXFT-BA!K zwJBKs`5wh{%J5Y=9y>t(;qkJW5)WRyx>uvPrq&GuraIlMo+-pOUpywh*jsIpXaf3z z#U%+tQ1Rq7(XEY>-SzR{6$>iQG|5y495)FZ4{a{EC=wBMxgfA%0t^F=A|ai=l%HIX9K+p{dQ`rtfd?pKNcJfM#rGq#tSos zq0bwTx4k<)cjR`qSTZY@SxI1&G4^Z>FGDduNoK#txtrr9&d9*s2b=_ljpj7N`rrH9 zG7l>h;9=#Rl+AzpdZV;lGJj{(Uz{3I6+LbOF^)6x_vNpo(3K`?e>V4W##t;CSN~al zZ;`N~HMB2c_zDIb_(4>lv5v)pYSpjUW7HNVcxRHw)6q#8RdnTqp%>()IMm#gr}5js zpt|$W*)o7?Px3Iw9g3RL6y?*3jTLy-_dw~{9p3<+-Y)-|=szZ{ODDu{71jlwRlN4> z;rIb|hkpiOjbTo*_l7MUSeY9;y;oz>a?i{BQ{1!JB50`n@`EH^G1lHAS8?b+9R@mq zQS_oAQcGwQwAfWD1^%~5=Z+l)MwrQ}yoZmZ#R*w9g3Y{)AXlFEAF<_%sPUlB4{Tq4 zME2(=2w`fX+i?S{krxX*Y1?&36dVV}23VT&p90l7W<>1yr<0M4csF{qj9uxc(>qcKFesYhR?c*0dP4;o-G|5-jP&> z_Ekf`j|ao_5Y3(xWZzW0&$IgU1`)OQST3};(FJe~pTfUb@XalPw*i;RP-SiID6i@o z`t}t@BA03yH#_`Fyj>-Wiw%P=_J{f6*&q69#D!=Q8*D_cUq4G`J{B~gSUcA=J?__z ztax0XP_L8p%&ud9s7n+LYlmlza!zh~y3e{tOY(S!;(hzymKxBj%c+bXW7S9BBX>!| zh4)bM!8L9;G*YtBQv&Z3D62v?Kb? zhD!t=DdU|lUF?{*=&asI1|s}xyl2t34rh#r>{l}GjbX1}GrNq5gKfcxM~Lv}xXGde z0KwzOD4Oy2f%aXp05uu48BUP@v0|@Q6ZcxVrY)|htayayG1%u5jY7=bn3CapHvft0 zI;Q3DqOqC`x{dNYu%i9{aCGJIO#gqpB9c(a5waqwTt&_~5|Iiagjgk4j=AUBR;k?N zh~&yqh`AZYCigwL=AQe$nT^f%`+R@@dEj9mpZELydOzRK*Yo*&XT-A4p^tEJTXL3l z-CfG>gpUH-G*ZbwIZ*mfCE#O?PU{%aYEh1HYO)9aFyq^IhGS`YY3AFEvq53zv|^$= z+HlJCnFIg9(;ZxsNJT$=`UQr$jbDNetDCHbX4}hc_5v_&QWy28k990)+F~Ajc#$4C z_KkHzE8Q>g`N0tvqG@E|BYuMGTP0m91LV^i^UZ5nYxF;CQv_jGuXs~`GaEsq9~=~B z78$1N{!jApRl81u$1q(myRsVns^Yz-!L_2H(ya2^X zF(2ZN&RreULxdc=W^UXZUAuC5ev_iIiCn9CD<~g!LYK|Yw$-Iy5GeiQnPLCEkeDkDJHvNp4HkBI`mdzJQ*5)q(Ph8YM}BVXgkh4)p< zRIl)7?C3^??xdIRHJ4jWBMHd}csmNIgL+K#rR5ApW$Y~prDi9h0JKsSgJsD@Da_uw zoa?%E%y+mCmM!bWCyWL%9(HE8v{gD20{g=0Hf?V3_;FHtpmz)7x23wT-IKETA?x zD34Na4nK0R8B@a6AG0B@3V2;ZC0Fci3_(Yl6Kk+)s~YQ$RvMQ3E}vBn3wJ_-ZOhuW zEp^m$fCsL)@(ZrnKE};&Q4Hvp=jOB=%CcQb?4?LZF-~+>PYKV2$83fX?kHuV%(nPe zh!L{P)$u8;xa==nPMCyrF2hXJYAL>>RVCK=Y7lq8uls$|IwLF9nlgo;TLC3eKe)<} zr#Bpq<)AtdWaXoV^5CT&&{;YL4kCRA%6FJcK2Zk+=Hh#^SU9E`Gb`x2t`hUo@Wh8I zAJcw8}8*|DIfcQG;r|G6%6@t<~##J1t zXG@)QMYv8LxD+?i?iQSKl4rwq^J)Nj5Q$$y)EL#On5rZzb=~NehOK?6UA|@q@;6WN z6Y0L_y}65HUnmtb3x~7SQG0VmD&SeKXubSA^9z7N-}h1}S#VZWZt1oVDSj9PQdoUW zQv~L}){jx{a#)nv&GMxfNSwIq&7Y_34P!nn0lm#dCTdKsyYP8{LnaVxEBH6YSSjF> zBxHSgV1%!r#(cyl?j`6!dcpS4>=I>WssnHy))aWxO@6oj=m62}W*hUME7YGWkAbYY zf!^_c-cv)$9TptiQ)Xe_NI~vUs%GTczN;!2VYd!T3#b&Hle*s(vE0C;lEaZl(v>e+ zrQELqig~dOD86^g2M+D~!$<+dh+S=trH^g}mwQMaP>Dr>1lm$U@0OaX2pcd=~^D4UnQ$YdH zZgp(68~^9wu}9a$rs`Wo^c~LEo_`O4NrPbp4HO#97t19~psD2>||6=oYF1%D# zpIyt|Lg~BQ*i__*KHQtk-vQfH*Tc^UMRZqgb7pJAKtUtjI>{WgTBo^<1s6ft3K@4H z_DWn}+H~!cJO1-*tp5>xNdQ?@*(6TjZDDYZtskHTqc6Ns_=_UJ+?Eudrz|-X?YRvS zM}gC^z2O~R{#k*H$@J#HkH=j$%e_+GDS|ozj`d&H4`wtM zlW%G4tZ98z;yOd;#%&g91`hv&q)L6^V@OcLdlG#G)v7avY-j=CG625ItsaOD7tDT^WM1EOT8;uO8PzD27I+P6s|VbS9rb7ty-2d;w|=TM`# zIq}aToJ@5uw`J%q$iRDuH5b|3I{9S*m9Gp2Op&G{stP2zT;@if{=B52K-hL zLThHIlviZKHxPr$ZfQ3A3OZjsI&LS%ouC5p0;f{Z#KZ~Fa-^F`sjgn=#_L4CSV z`PJX^5Ig+YfMNUu>_3>C@#S;v7)VHTJOAXzyv57Vt+c7wMg6m&_Xm4)TU%eY#4b6! z?59|yB(@V+c}L~#>>M*FoC$oqv~-j!fp5{nZ%+}lrO5nZ(LvMagBd=ii-=|aVjnHP zuXq9p>?D_PGx%!WQ;aorZ!{%LBi>9nx+Pp=+z=n5n$Ev5OK(JOgYQIrW!lDpXu?he z-+2+1L54o2;;DcX%R*AA0x-|pZgV(|S~*@e38fzMP4>D#x2V^_yB!Z+;)yxoUqS7P zdk2ao);QE2JdNKcdwd+SnKrA0#1z2`>-;t5R3)0*eXwiyhzP`TN`9&q0DMqTa;3tW zbI=EU0Fjq0HibCZz4MDumB*Q z5WLMi-%hy@84V&Iv22ztXsoymK>Xezvz-nsv~kWofjId5x(V?SLs6fhDTKZf>lclWG|#=D5g%yWHqM21 zX6;pZ@PhGuh$)fNOv{zNn}RYrt5O~I~|a5i-lZbArz|k*N`SY zmkwxhmod#R2=EWO(fWXLz76P@M|?p2>~*?-Og#Q1W;iMJ^9rqK3F@hW#;SQnx)WgS zP}8RBHY07x*_#>gzY6?-xGk-h8xh12f0;mgP z@pB5BM8Nhiew3=jo2TKgicwQuq?{h$kg`+gjnSA(%f=n9rabH)j;Xx!!}_Cib=xz} zKw2TS<8_5!+P8M&dH84NRFI+ConVE*QONRjlkCACX>Lv1gI?}Ua%_W)7Gaqf-s}Rw zKfKDx06Qw69Ev0FLm6?1H60TzZTC*>$r6xh~Lw?{1t3d3SnkDVV<40 zmg0cOQB`rDa*mr=g5{wHAG~_6UtN2j?G$e z$UVzCNlWj1u(EooH3{_glptLM_H@Ev^YV7v5U#YvLo&fyTvzQ-y&&ssOHxsI^{Nh7 zEbMA9umf}spqR0xL-WJvoJgV10M_vrRnFerHwWfbsb-XY8y2Mc>LX-|*1o!C z&gbA%xdFx3v(9fNNIStnbSB7@1!4U*f+(hX)Tt2RYXW3B^@xlMB_1%1p%Y|QlbWf& z&W|2Bw3`KVt7&D@=_XZwaLXyuCu7U%kE;CRQ8^U{D<3VxfkI$#*4DzYG?sd0cOb{% zBg+Q2Ln_~GIv+9zHJ0<6L#OxG#gn72B~5m4vc0>sHaY)p!%eG8j1)I3u2G1^KHk^r z9m&ExPH6o;Ag-`_Vk|SH7v?NZOAK{*kl?@{T=Zd!hje$&axXhYnFUenp&FaZ`)=ZB zczo|b(i4B@nf7h5!CVeN7p=Gkw!WTW{l+sDvEpdIn?mHplP?G29gbw0Q9v;@UU;KN z?YyQ@h~Wp!LeK4I&Z~AI%d40`fTwA$2R#8*wi>uw^JzG)%3!SA#wjz3Un9^=D+uUY zb!UM#Il#cH z6YXZjeu_KW39CqMctY|hMC0}2=>7s%*_dBGn@oU5S?GK4N7MDa{C$SJINOzvnj2m* z|7C1gFJ;ENzVFp2-tyl}2>W0{D=uO;U1LeLb@OgD*f-5O1uS6mQXOkv{GWR<(|=f*Qc{GMBKCN5@-D1v$z##A@< z`(htMVDKC8I1dFoR?kwn}0>*yrqRB0qFgV&z-Jl(>`8gg@>sw8~DC1IYvn8(B& zT$Z@w(82~D`U1abag|G~f0*8-{#QnGL$IMS`lFB4a9YB?ioq}Civ%w&0Gw`+-xCR2 z235|bKaUTO?+oa+=kZ(s%paHVd(mA~sogx0RYoG<-JU8lAA;Up%AQ3kb8Qm1Z+*li zPqFs?$bK9}XM_z?z2Wg)W$ptr0~9j&A7Y^df(Tm>*^_nvxm+RZcJZ`u;zhq{M}wh zLQlj3b5eG3cT#z3VyUleOi5Q6khW;*-iNL*5&iqD`lp&$`O<#GtqKjA#|Tkb7$34r zC|@VdVq)|2?g|)AfdZHA9Kejt{Sn3*cbak8?}1|K{8u=iiibyy|}U5Syi~h4GfM5uhP8<5xPst5=rUBl<3sQGW``li zHjb<(wxQ72Ypa$zEsP@BJ2TehVjmvS!XJ&%O1G58Rip{=$JOS5a0OhK2-w6HLuMs4 zP64ubi7kT<7tTlhde3{9vVFQ1D#Ld9-=gQk9+8c;*n%%!p%mge>6EKZgG~k(Q6RcB z9Wr4I+yA9BW7>K4QuchEF(-a`d~zs@Twlyd|E7&*SbyPKSMhZ|iWnRpWvv zxFvO029UaqgNj|qfA0W`j_N{xk?%!sV4YJocup&hG{;PpN*S$A58q$2kJS>8qCt8R zDi6mEeikrqJN!Gk+vwY>*Q`Ey{CDNr#JuJ)@uGZ&+bB=*Q7qT)&zJhN#QD%!0cu?YkX4j19tNLZ}FWUZJZ(g zGKJS0bRP~fy>f#3m&+-pQ^>B4dS^P%;dZV}eP#8!N z)w0Aht(pZWGVB>}`Q0TyzFjOZkV)h>2}|5Iwq5PuP|lr@qeqJ{wWZLBxSlY4ht+{T z30+{>D3A9V(ts$xJrV<^PRj3PK2`RIQmH7`g`bBh3u!eAzc(KQ2eB)7AOWk38CB8u zJDg8~k)!SnWxAUZdW1_TybdwcZ#YB=cF?#hKHnBb>*hdO;s$t>ousZ6Q@-|L6wNu7WRD-3$o4 z^Ur^3&k-xdpuD`4)n$Bfpjx+ch<}B7k3zQHF*ENwo#v*mgmT8Cb4?xl|?6 zuTjk?H;`|%0}1`I8I`98)53sFbRnf^ljwc4S#u_{c^R-k13@_XDRg709r;zkq5U(P zo25U~j>gqO;wd_Z*Ud|=7B}#`(lSzb9u)3(QcS{Ir`K#IYSr~}p4KI%UZP4!lIP9T zfFTtN;=L)M+wMHTtc2zAfF9rY^X$qmatRVq>vEmS>@Np=AC6iXb3UzhJK!30MK-Ka zlT%r?Sd@i=`xto1QXD;e5B`KPVby84>UD*lJd2Dfq#hFn{7bJK)VzuG^!HfGPK~Av z0+qGb8YEmHoq7DX;1ZsP?w$zZ@xBdS1EOI@sfB9WoNTNZtOB3LE_?PV+UCt`IB)es z)tau2z(`-PUsP|r*&NrbT>CBm#yTU8HH2sEcXPl2;bg=xmp4Un-@CovF4mh^>UR6l z&oyk)M0M8d>&wrsrayVRp1Brqb-W?C&`yQ^2j~N6#WUHN#gwj2u&LJ;KXQVlz0eiw zCpT+q5&6HISd%y`?Dt)FWi1fxv1GZRIY}?pNdKLrQ?UserYzSyCWlE>K0vD?|7p&%)^k|TtvpU@LD0=GULLKXWYo|U6 zq26l+P4kB*M%UV=m05lJEk4q(YxJxgz;b2AX+o?!*LJtB$?7DiKYc@c+U5V$S+sPw z5cAj^<2y@J0=!Q))x)}R>Lnw8grp4DmTSfw@7f~5$tVh|Z5gz=iO%P#PI9Q07Cnpn>#F?4p!3$T z(vs4CiKdfJCtrX>eG8TJ%wQH@8+1*MBy<;2izJYC*x;)^u0{rJA&GgFr+#2LAB>q+kgy{ka8vQcpKEOH3Z zr(t$ZOQoguPvkGINYq;j&UQ+uB6onivSx;ivn^a|3n=bUwD^f@s0GICz~&c|x|Yqb zT>*K|XL4>V>y0CsVhww0(p4Hz`)RCXr;*MvRaDpyuUuxh9tIh26hSUtI%7)%B#q4h zSC*Q&rhlRqd^H{}sSUqpUupxXH*H7n!zVvz|A%orIbHrHTW#Mmplp{N6?}e$L3q#m zQF3E;E$W_W4CRT{jwtqIAa!Dh$Gr6oFRABFN#6uqmom`W@&sb7I9Mv0LYkG>JGXs` zF3Ed6{y-l4iZ-z}nlRA~Orph_p@jQ(kYH%Y<@< zj>pT``CZvF4u-k!HI0M=#$~sHd>Qv5`qmoJ10Tr2KvNxSEjxt*jiGgnmECx?$tKc+ z9b7Hf*RJvP`0Sz+QXgwcQD64H)Mg(QQ0L^HIrL26N>?@J?kE=S{6+gB8)hK|_IG{* zY>4?2tTW5@no$!+aU$*CxqqP-wt&Nxqi$)$#s>9oDf;U%^X`i|4%#S=%=_-&t0&JG z<_ElEWbnn}v?s(CHoRAXwX z))IR=htm5T6e7|+MefDC4e*PM9#nAyKL97Iu$`How+yef-AKHG8>r0<%NXiM7WY!$)DRQKb(?Cu4x_HVvS3J_ViZtKl@}Y*Z5Te0NS}o-QGW)IU!hC5 z-owb$4wcTQ_!yFvj+>Ck$NsJxOFt)#HC)J-SFayh%xvJtSX+_uk}#bXR~+(^K5^(1 zdh(j$?JWA%Ezh7Gm%dgBj*VOZm=cmb5lu~d6QTp^_tuGjC@O~@O2j&ljrFbN6zqUj zkx?oMsjG2x?qrn=EA>(o_w^zz*H)0rR@%SPdWgj<2klgSEn23b&M1?&GCcLFL{{8g z#59s8WON~gua;nWFZ!Vt?e**fOyOf8Sn2bys!rS^zzK)ci&&bD24Y;2e|~;$X-v&M zp*NTY)@oKJFT1AV^mOj?AFt9sX=4MR3w@M%o8oWz%yXCCK02yy^$!!{8ic3~Ez8_} zr^WteyNn!HwIU%wC)Cct!M+T(To+@B-}Cn;0sZOy3qrivze9B=I~F&SMWHO23Rv)3 z^z7Y-n>OG3+l}*1R)j+s;r!y9jT+q@0505E7p&~d7HIzZc-`s;T|FHHs362FgXvcN z^~aQ)FAd>(+NZ&p>h4TSqVIMVe*Ab^Mm2^qhQ+H6!ldMF861j!~7-P zX(S`{W4ZwPbfS2)oJ$L17F9J)kvCab-I(DfG&-b$LL}0eCVS=JYOc!82YH7VfpDhP zk0ySl%(0HUXNA0hb5srFp7Gg?y!E2l^^_wnM>|cEYHE*^(@BSj^Xv1Q@xV135Q31S zJmO#p)s>>{CR`E9utdK6?Ml&a9w%L%$4f{W!Zxu_=q=Ye(@gC|GA|@O5l~5cv}(^4 z9e%w9_oCqhz(7oQf1FWSkgfRO+4Uy)YhdC%_d_AMrS~JLo-sS$hWM#H_qK6NhUfWm zNEHp@3qR>iun9s%vEul{B|0L^%Br9FFS~yw=6KHlkPfUvTM@aVZ z$Yt!zlzFuI=Ge9r8|uAkQRpLPp8|aY2rf_9V|q$*e?X{N@lRKbfymmUUDqUW)p2<1 z5$|wmH8h?W+l&>|y_oq{PM1fSS^WH8enVYL{m4oC&x;Fq)r#^hjJt+`F|F9=3G~4K z8WE5xd=~{=9`nXQY*Q+(oA=Kr}A~vGqUPc>9pZ*ufG{llJfsLRER`z*K4R{sL=AL z6(RgK4BYHdM#RY_Gzn^y`_rYXKd!mXELMln4{V6OZxKFE;CF7%#pJ-7{mo9%&EeUK zt=B__evogRmkj$6$2tTNbxgc9sUEUXB63Q&azrkN+v(F5CAx+yjH0`!nWJ7u>7X}i z?~lK;J-xz3TN>5f5?3LvxV-OYR7TzS1D9F>&X|Ot;?~N zvc=-jQCz-sUn`r}Se6NS19r3{iJbrb6rt+hca)D9y`@JFZVI?s{k#7G)24i~5$=b_ zhF6p`$YF!A&r|s%eili@#(YDd3qnP2sNGDkPT}KX1bL)7ki=zYYkiu8jA>B$(kCaf zZ?on-=}mf%kXq_%U^E^)HWJ)Mp!No}@Rt~Yk^Y6AJ)Sem6)*Z7n$6;XKUp)nS&n%j zTjE&CMj5s2AI^0681%?FqW|L}+l94sAl*~Crc8eCgNhW(l2U-zVo~s*qUN4u)tjpj z(=_CaZixBAz~2xX{E%olVHZkfUq~GwisM~YRRtz_GMd$Gl|P;jWFK2h*%z1wZ#8S=_5k;Q>n?Xhr!t06;v{LtCU4B_tG zXeL1?Z;*SGhu2k#9iISedNc4j@#vKLU7pz|*XQM~w=fVf3)ta!uc=HrXI7N+4SVtj z1G%!9t8&v#*NYd<+JWRPx->cJ;JZspl4fADwkf^6mapbXfLg?p$wW4zX6J}yntGA* zZGhpT%?W>HQ4G7f)OxLsO12!??N?4Znd*HF_x`2R7koygK$4p&j6EQBqX{UHMLtGuvQNmK?97BtYEwF>u07h$^EW0HSc~yTJ+n0xVs&<54Nt+ zyGo#;43)tCHQ4I_Zh_H6e{W-;T_S&!R&B6o&XO%&O_n?nloN~;pxZEYt<8~gWtJx`AwrBR3x~ecKI92INbs}Ic*Q+1R5{><2R2!E{rroW z-Y;PYF+I?YtBgkLgg-wsV=go5uj*|wy^_p^$|kk2?g&8;-P-8-n-;XnW1 zo8N=XLs!8Hd`_nq9>+WoPHz$CSO2y6nqO5a^h|1e=B2y}QOi8nAIl+yf^frC3)K+$ z+uhvco~E_9;TT;@-E{46QN{~f=K6)-BZFxfkA$_685hqd5A+L9HkRppP^%94I}w?u zvGPjyC6RMXYxDH|qHN75snm!ZrB$+Z>#lvaC$CwmSGV7PNXT5y4`=xye;-JZ?6We&n$+gTsyu!xns(@IgI~>+N`WvUAx%^K|KioHRc9XC9!#l>`Z4cA#-vZ*QpxiL_JgzQVHP~Gz9B&dzM#{opo61lo*VxVVw+9-7?O zj@D%Hf(dVB#%JMv_dO79m8yDio9UKfYKqeCtzbD+mf63ubsw&XcyM2ICNt|&yH#C) z?h)1K6qkb!u=u8@dlz3Sz2^xy5^)jnzfTwR^|5Z<4|H=r7D_G!)X3H@mm^FI2$H)x>Z?jH65T;J6_q`%9A!zzvV(e}3&jNU`!45!vg=8J$#B-G{x8=(yCZL_*+2^PcM>tU6FFV7@wvkxC&6fWN# zkWTj_+2-qU5h@I}s|2q?sr_qHKcpuK8iD|hv{}_S7ub2`$iuQ%N-J4yKJ%qR3h$&; zsd<>_o2a3M2d>>MbQqV`@lA`@zp#$p96koztBi2g#$(lDW%chV`N_2vMgViDw|B3U z7p?f`R{VVz7P3W)LGfEaFzf#)gH6v&Zo(?=>}p1Gip1ObI==#2QoWq**_IfRYkp4r zN}&6%naO#!-k1z^_NjuccJYk%546?eNy4gA^HDF}?E;Vh#h>KC=o`aK&7okb+|v6X z`>h9*aqx7Fapv*y@}x(x@eLNO9o*l~CENcN14lfsatSb89cvaQGvWlQSBb{T{oFUE_9ciZ+h7W|`a6n5VqkAu^#WPU+BtuO7LvubB7C#l99Rph6q;Nn61 zzjr1yH$xQax~>7aV+n7w^{uG{KbS8tw^bJ?130S^7hZWC6QANVnggS{6Id|n@z5}NJ zHOG3Xz~wCc8aF%zMH?k?|ho3XTW5u`vwA~&z3 z1w`F${-&b5mN8SY@gd}HP~U}EBg^lk1zIH*{C=YP#%$3MaFBq~PX~o#bCdXNB?b2R zM%)Z(_?zVJil+Kc~@lPAjeg2KU-i`*XOKjiUqkW1=m<@B;q9nG)DjEfU~TIW=+kdJg^#!(mVt*0 zW5?Apw1Zq5Rf`OR$Z_DjJ;GSz^ML}#3JuD)^*0VVg-sn-c>b$})K=SkgP_B`v9_HX z0OGk{)HQhqn!1#FS2jNMbdb(*9*W@{`S6{8EW`&AM7&)j)#=2J@0j-=^nc9N8-uR; zvX!hWqZGqRCxG|@3{Qi%joPETl8_x7^w-ffv5?y90khKg zrTZ@8M4{cFWzC-F=K}`S8ZvowpF3wsFHIPcR}^;Wk_qWB;ct^-5jF%!&rSkuLVY^! zRlDy8WN0DlFqwTHxnTkQ=@e)^b=5eJPG5Elj z9BP8qUIq;(diZ{g$;Wk;4!;{!PLz|6PMO6YCBk>)-g)e#Z?t;cNabqAA8E6+sTd2q z{vj|*;5|THnX6lngmxu8>@rNads!f`8p1(1tfLvgkenHkJZm@dcRsB?qa|<1)~DyXcn*>B(@rbrSOB9_Af08}dS4{x3`82J?Jy4O z>p#w$WK0m-z3@O^)N7N^(Oz&z3zUzr0MwEe+RLI(;}E{@r41V{G*B;gqI& z+p$G)j7o`)s=lLx@LW|Y=*j%e&GL(C4_yR#JhYLy6McawS&@R=eSQbM(fde?E4p{Q zUYAS6OsG!Z;ccy>7Mh+_d1IU4zGa~xhp;E}|8DLMQ9T7{Uo`g*e#8#GUdYvU&ka)O z*5H*?olTz^*!9u-%1QzW*JG+tarYO&1jTM!IlwUm{$|eRoh_e^3UzgeuO>95EN}qH zE?@sSm1f>}r*K$ckPd(C@BaV+1E$FZ)Ow=#XnZWy$ZzhtiUk9FSM&;Z3)WuPx*FMf&4r^ zEz3c$(u9gj=L`x|6|=GeqM< zZGkEDP}LmD9;#&^pr~dr4N__)kAR23ZRnV;_D|t{5Hs4A%ahxOpU7c%WkbDy2k0Dt zKOXk!9S;v@Rau(x8ig@@QyHtouRyd6X}EXbvE~J3tZgKFE5G}x18~mXB&(@coY!nk znJsWJ2R-iZZH&-U2KFE8hBI=!oh5HN1c7Rn{}~_7sAPmXdk^e+XYx-Mlxxw}A&<1R znV)3ZiUA=0*18{rMV+6xV1D^M0dWQv@kQCy(#hz(l8jG$`8 z?i7psFkIowQbj506!&u*yrQNdOwmen68W{0xRfXd#Ce|=DXITAM3TBl)4@JEU}9`z z|Fy-SnKzm0l5PJT*{=Wz8+MQLg>3N;-$UyrmaJTm?A!2BJnitXbtkbP8vXM?-~O1m zqf_&T3}^pqqWc>2I&kiAROZu0`&Knl?lbQA9p5U?z5YLp0_grsImFmad+D@YVhmpK zom%u#`XggQ7hT{=r+1-O3MC+`;okp9oV9ZwklQke1jSn;Z_b-vNW&$wrytj8n0c3< z*4s!N4`zO)THUV23HW%D3y^mLlL6fi(kP`icRlcV&F4Z)4QIufH=O~blFszk8z&9J zCiy&XKdahI(`|p0*7M~4liQAQ7f#_}NbGcZCTwEJ zKK)k?F90XdqN0+IymIYK-Qf%#cip?j#igl-u}v3$l|K;2d4K>B-!IHt)wox$Kx(IA z1F*)Y^*gJ9O;ec)J4)eEXTJAsq7W_X{K|fiar`lDLQ-uJ2=8J{vzLmh>NfWS)r`1O z>#fhFw>ykEnQmm3G>Q&#sWKbe)6U#x3HIPJVWB6Dj9zs@4X{HUax|JMKa-G4Y7YNh zf1pPGG64a4Bwr&`@^doag! zpJtClrFTqMJx>+8m9R>Iy2)@AY6FX>(-qXg<;L#p=+MHzq8_Q;+kDm&afK=IHo)w} z7fI;aTo9}VgUfrH#>+rT$I?T81>LVIM^l;ZyFv-|6Y9r+ot|UxQfm!Br_?HngEjO2 z>PkzF4K6os1A39Qy)|h1jLVw38BKcCAeBDXZ!wjvc{YEgg}sXg#WcR__D-&+M#8Hv?V9ozV|GDw6^|X| zwBp6(I>o=mLs#$Fcfa`R7UEydb0OomCrG}gG1(F*u^`ym-mZON*iwn)M7H=eKBtcy zxYp}O_JiEO)!`oQ-G;cV+Q!-u~YNf?wrItYnZ1Y@uZkls*ACPtXd%hepK4*=?w|l`1$4;fKQ=2bK1Z*%FZk}=qp?_IJ z<-Cc*@NgO3lbxw)1=?HMqn3X=3zwf+jBk7$^+ZNk7)3t~dDCqT{vbg%mJ-6mZxf5TXeD(3l&CR$N zraT3+l^Kw7OcHDZ5WDr?LayS8k5+*M4&|URb~4_uf&i-dHq58d9pT)HZ+?3g(0J`8 zI0NY~jDmw`NBP~>y~=6vwjSJz^3%@o?gH&{VSJ1Nx#y4nv5p%|ydB}spS4H>OxZwk zpEK3(cg9D(yx`bkDS8CstPVF1Yqc@oE_jukzagQD$#A@5Vx4rkEni9ZMF=w z>C-?q=hq1(e-_{Ka*PF1?sEZgS|7~JV5c!IbD2O^QX2N2+f2WUgn!cDcf!$hLQ^3m z3o)X+ccvnsQu8=2*f#S3w*PXE?}q);?61Zdyvlxu!erL(W5>GGqApL&!FQ&Uwb=ux zsK@q7O)QMd1$jrk|7mH|x;h{3WW2n?3EU=Fk2HMdy#n9bE$aSWGm9jU)&Alf&m%h) zzAMD}PD#lJ_P`|Jwk}pXxHal9to{kX!7TsD}cYt<*b?qNU;G1nR^>0litQVj~g9BQ<&mOMkn*O{7Zb97+?vZ zLA-!*VbPf}U4p*i9j!f1m%>jvoh<^Jm-$aGsA`Z>8HSg_94-RTx%`Zc(2@w>e+No^ z!&LRRRrBkfX@F(=XmL?Bw`~a&VY$<7(+mhAw*sf8bcdv6U;9d}J_brZy{Flr#;?F>ChkGb1ExFh74i?`m(mFz9u~Fgc8#z67?6 zKU*sLcA_B$XsgYSWjt}4!OT4eTU|!xRU^I1;q=O#hM}w~dlovGc{0srt-{`c^YGpA zyCXa0p7w<04LxkHPVx@j_TVrGONyr(oJN#Ikbi*R3mEBU(41IvBO@-nI1AZqPW4&N05vs62`Iuu;Ov}&5&vyU_-l0KP=8y zE3jg|a<3&hRqjc;s&#&Z8@XdM${ zbvMYukH7el>)i&Q<4?R6thY0E>uB&#X(xH87QG9jbG}?)u9-4~WxLU)#I!9a!C0Zk zeibrqooF7-LKbgq+(HR{w%Gxv>-$v-it75z?;3d(1ZZB&yn zqKs*Espp4-Vd23*R|i$WM}jxyDse$xnL+_u(2<*dH?=@I$7xV6e%r|?kdvL`u)@_L zFn+5x>OQ9vB3))9I?!xh)wuf9M)l_vkicC!>HWc{#f)t8FUNwUOYfAt4t~lDp|9m) z7*)~XD*<5wW&#&gTVEyz2>v!D)I=)rMVk_>;udd<~%?>+B})LgUcsej8k33vW!8cVnMQJAt%A}T$W*fzx zBt@OVH8;5fk&OT(x&NrY+-)HbAS^_6>c`p&tg~kw#kl;OA=c;%n3rNcAAH8 zs!K4>t%2Giv>T@UYQC{=zHCw6W-?gD9Va` z5{ch6&JdF40{%B&M%|f2*TNCo<`$o?*k{O|KBCFyqJL?=$NY&i_9sYVfP`jt1soG` zMXB|)&&xj#rTTzZH_GRiY9pN)%XsWmMO_udG9UhEmtP}Q6~4ThD-r5NDf$Yj*N`Bk z2_kWea+3->;4a@GdiuNJ`NcR@1k(Ihuulr`*}cTkMa)=ivzTABXW@R4Pgc*+mG+O5%)4b_m&VMY8uioJ+&V3L)7edv6X` z_C9-a_Bxz(j+?)4f55HJeLw5{exBF!4fgi;-}^RI*A)pRjgJ}6G3dt8ol(+0=W_j$ zfODg^@v*1Q(mL>d9yB6PNi#(SH_zoNHd}yZUu`eGRhgnXQz{;KO^il!SgMmU`CKtn z?0M@t8QZV%1<-J0WbK$HizWm>@B_OkT|7-$42v&g&0uFqsXO$Dz!TBHt*m*6c0&>C zKz#XuG@xU;-Z~L0VAFcpCW&YL4nD$F0`z0m(QTp|ZaJWa06x>hsm$XIwrs?B5}KI_ z0`^h#nKrcXZzCJ=ju@q?CxfRMTSwZ#&fL#gdBT#qAr}ye@%5O`1>+ys7=@PUnwr)P zaydK+EvA*p#(O0qp564SasOp}R$ewfp_?CPk|5Kb zfi*@>4C6d4gCw*bPU{ZiB{s99yzS@@y7iU8O;={0%1%4z99)|dp(M=ekr2{t>5b~# z>375{${4yirAsf0=@&W~lW0)&Wylp$)`rGyT_9gxh%7^9C2Jdb^#z}Io8LlOCzOZD zXqie5uMn;LBxrQ)gfYoSy1wFc72qU3^0UL%PjyMLihheTHYvI`RP{KQ!y(;`m-r>oaEI!=6|9dBuo-zi50 zIqPP{M)Aqlq ziG)NlI$HqGF7~sX3dI}zMG7Z!2WGi111Ed4rt2PDr9z@6 z4HycIdgm&>oj$5`<@5MLIJ9(R^xAQJFgBb-+fLalX%aAwvM9zZ-dlsN5Ld3XQ=q;i z(NCUH?u7_QEJ{MyN> zk0me^i`p{!wHBElW#*CG*R7pF|IQcgL=N!JbsnfSgcemjgbR zx?*gx0S-j{$nHgi_t!?vv5|WSe{y2L7|*JA{<2I{p90`fow`!wVIW+zdMX=;yCG8- zL7-NRZ0c`#bc+*=SItP=uFP@WSoEes(9Ifjn_yr%i+iNi6vhfEV|IefjP)XkbQeGb za*JP9KvU#;AMcrGIPagk2sdTWz9Dwff{fVgPMf#_Ot4xKEdQ97Z%H()H)K0mcPKmD zS>^93TO0>9z=Tpm6)n2^AD-%^WIfyONRu&sPGpsCp5XC|mThKlpEdMz(sP`0{Azcz)Z)BiY(=~z=XzaH z$`6U$hSo#)Tl=N0|0F4RAB(EhfG+7BE3o?hm=EDaj9qtAn&-GhGoWm#=Tk#OG#{V5 z`(E?OAURU-vfw%=hE2X8_&x!IsZ#X5nd5DCA21E~Zpqf5T0o zA3R>yl>hk*?x3_5*Zbd$e?0%(Q9LG;qqbK)`r)KrFAxy6D{d3{Dl+2Y#?Ktp!Qa6) zLWYh05+5Av9htkXKWnZ*9J{S5>;rj>b6~(tZ?;u*GBD9iTXN*5Fx(%|sCvT`$P;`ILSb>T9ojrP@wOe&;`o4vH(D855z{CmS)QW77z<}le`r?!khmn!7F`AH;7QQZNgubV>wv|4t@?rm5%U*+jj7RaDV1@cjcJp#2>-4 z&m)0yBuLP^jNdzrVS&{%^j%4*)2VUv-MUt3Swk6lPcc67+w!cdtyZ~Uj-+XsRIq%U zQ?6y7IjL3=r(( zd(AIub=&G~o&bu&`U;$!h+#}pzMC$G<{zF~&7n(^>c{m-^REBY_Jq$qAue5|t_}5= zq7Tcs2RW`jXby)X3!nyZdXVD^Z82UGKCm@bAxR6FPFFk$O* z!1*;6H%2RJX?$dK&-ZE#lTu^qBc%Jw@9(n$-GfqjYM!VKbFbGvuYoe3rLiZ;K9WUV zO6AMI6_u0I8FlMZ@A{;{q9x%;Y_6lXx6!63>H&&jza-1Z-l*^oT5pR(1W$1?PicPJ z?q43ujR0eG*Msno^7Ry7KMbt>>|Kc`n=e_CqTHc8puDPZ^u!VNcD1U;wanpVbo%h zkQjtdLf5%lcOU9Vlm1i@Ke4Yw%#-tLny$Y>y7clrj-rI$&`qbwB#X^8GR-FYq{&CQ zoA0_p8UOpH53<|iIOqdbWL6$X0NmXiPTvv=qCESp$@ZW*^fv3cPKg0g)p43BU0Jc5 zq_9p59QV#s)Y|)%%7zKBB(7zz3v5nwxdR?@)WqVt_-+VDXmor)YUV#bNUxjw80zVak@v-k1=eqtI`T^78@mnBVF~*Sg|P zlbN}_2!TMrSIN;~Lz=Zs(6&Frr0 zqVVW@1sQasT;M}#E=F*IUG6w{%I3B{t%a`MdRO`tGX|_N9AX5j9cP#yylAEqlFT&$6YJB3Aj8}hVLSyqzmp5v!c*B16ivIkaR8`Bm-M^m zgYpG0|CQ*fl&Z$(PU}V?|IMS>gVuv51sqI~8PD@LRY}$EJKSSn|22<=7cSJNvN~^- z&oaw1JMU8zmJ_~AN*Fv?k07PYA2+!}(&Y-Mbk7A9)`8q@ zeO&;vuQ2nYSb*@&S{-yU#RbEN-jX*=go{rkivK=?%|DGXE3W50(SBfe*C#*qLsYuw zgV(RBCyU?L5Vt?5q_@wR9x(i2MLk7WK)sGN!q+8nEj) z|1J3u>-&pFra=j<2!XL|A2s|YE-sEfEk2W~%SA^opm^&o+tU{WchoeZyTDBmuCnrg zNuwX%<(|Dvr}JAz$A)VFfG{#()R1YKwqw@i^YQ9h_cP9| zvYHRSax90PiH-s5^K&Cjtm!sMyk)c-8~}ELt{fx=Rg;l4YAVl}yjS6R0MqujUmR=L zMpRiWAecL{yPUIbn8-HTp2UK0dN%7(l5RIjPFXwBtG1Pw$q7Ol>t zx^xA3vZ1+bcI|4}n|_FcO!|-V4aCIG$wi$T^U^nbH?*ZP(LfV1F)?C-V(CE@#?r*q zCJ!8txTF<+rK|NpW#tlObUC^k4#^)~f>)KqamfV87faj3I$l1^(%Od~C)v2~@E|~) zXTbFd8ol8}73cR{!ec`yK?Xd(1bC453sGSoJYQ?cfhko=*JMpTepk^sW#PV+e^Xi* z5{0M!!?6G~+FtHfS}BN;-~qL&9uFe<5&h?1Uo$k{hjDxGVQv-kWvlnKD$mUpoc`aEH$wb?NrEvT>r z8V&`R4jADronID}W1lw18h}nba2ctZz0{)UB#(J79W5V8l#$uYK2X$6;I?OzCDvQ) zl*e#L5+^-k145n^6Y9%rg;DbdS@G;jb4LU$DL*q0B4s%h^xIJ6w9oTH8E@T-FOPTH z=hf}g8gd_WrVcSD-7~p2J_8S?@IUNjd)0R8n-?ai@^Ancla1&)K-uBJ9mmuxK1A)Z z1appuUlzD-Rt%|m`j0HRmCjad-RB^^VajuV-ZS`k6423O25ovdC{MCLo@a=U&}#B-WRw*+dE5e`92I?cnOXRLKpi`1&>WtcAOWzwET$W_#I!d}gEN zx0-(h>Mj<$18N}i^sBY!Ex zo$O{EWQz}o!y}TdSdg}@YDGXKQy1B}^Il@>!e#!duvbYtr_%@xMNiA`!?+f+3rj{W zFtMQ58GY}%A_pY+&Ofu9RYT%V*DfX8e+#weawp75!3-SIdxerV7vvY*<3SI-1z2@u z56Fo-_qZ;mA8}1&1a|YrvTU-xYYv!Hv6*zaRoazIU#3lpaQBLAv9eGl;(!`)tD2SH zGljRWQlVAH=38uNN?-Gzs7;!{oB)$+$@O6Yi|C z!_70|j+p^U<_&J?CKpS&*{Jwd+ozc2TmUd%!1xy>DrbQg7jZ-i z2zsF2U|;=aigK-l06byD6=4+9Yg5!s+7D^lz|#Y>M;U@=RfGDuRLOyl9pC6k`GD=e z8y(Ax0kI9v zBZk45hLEwzKynIDzg*jL&zsm++w{%jVoXAO7lU@k!sLTQrX&~&24pk~l)cpEc>*3( zPWo5K{S*=00OxV?Zgh5(Mcs4ZF^rvbGm)yj;0fNlvim9crQhG z?r6~B_o{L4PRe6h+O%pdhtIptQmxd-2NIr_gi=^6sqB&V#Wp?(e&US#vsw{m3Bd0) zJ}+^mIr>B_0fsk@<7bQnT=BzeU+Zi3dazB%e1@=9Ik@*WU{^FR^IhbdXOE5JH$|)c zB@2_26yg_(@zo33oazC!!acuR#yWH-k5i?xdy7&^zcBq?0pUaeBb$+SQR?=BQQX)( zpzYB*==kS@1sGO$Irsn-LHQ&!Zc$olSGy(JG|IgvQjgq9h_8m2q?)Bed`k+mqJ5-; z9;1_EAx{ zp#6gj;71uJeUxbeqJ|5V6rf1QGM#Qfv4fFn5xe2dzfSMIxtS?;5G9FL!;;F3Fi<&! z#V3rmWL>~%qy$jh^Y6Y^pnq&-$_C+czk^sMTNfrDW{#%wNXI_XnRL1+usO6!mhpoM z?ACMC-$#y#y%YB;&mOfvKH>ZOm#yEuos^;9BU+UhH*jH%=YcaeoPTE1GnH5|5 z{cCp+GHSw>-w&I{UaM{2BJ$X&z;I!s11@kTy}*Lsej;ZgH77I)az{R|Q2)S9ReS@v zYD8nJTbE_><)K<3jfI&Z$LVLZaCKd)e5m^~VZzMp!Oc8} zVL;Z-D$#E`I>e+Vy~m^$3zg_JdCM0dCs^iqQWq(An^)xQ542glYxke@sU{gd8y#bGB%)?BCz*`Sl{* zW@(6^PrFd%UzgssNGja;gX){!dM@LXg=`9pUt0+%+JRT)ekp$oc*fqXeKKW~26A2R z9ogS{%RBtMZHhCt{9@kx`gH0lWnZ~Q5y7G+FjH2wZ(4hMpUEe z3af1Hk;gJ&HWtvgx8pz5xK5pl*aMoy0;A@7o+pnZos;xn7W<{oDEpj?QoV0}6EArI zcg_BV@aj019j%c+ya${uPw&o?%z`G*zyIQ5-RQb4)0sg!{z7;B`Ek(!xnwb*ySfrl z_iYm(y{_**BP|=?PF=sw?(1f<+}E@#-ne>VcXkZ5tg!We+(R<|N}7P{cHq^fTNO8R z7PWs%i}-N^bwwr_sJZ9C{xmrNH;#2}WKBM$!@|}<|asWU_tz!a+LRYdEH6Y z^PJSpJt^$+B47$}ynY`y+58LXX$jbzlQvuEarBcanw7yutF~`Yk4s~v+TGc&kV*@{ zq?4=HAN_DBxmaedZsN&~83DGm0IV;vT1b{B&TNk5M;n9tvum%uYYu=*U?0;JMZdG~ zzcctYaxY3qOBx*B<72@TLZEq2Bh76;?XKHUdaO&@4-3a;|-p-6hYsfqxi)g78rdH$+6n@layc8z>8nU zAz`gNBHIPdLoN1>sqs`-@uxwMQMdVY>ymC?e{`PayBwT`Rm~$n*-55<_$nR~6k>7@ za{zubOab7ew&r4DzczjU^(-(`+%5XK`v6wY6}^086`GDeprhcBVX3a`ek+{JS0*kB z#6bHM&M)KDrN7#){-g6rJp5>=iMg?4g4@ipMHVA|iHaFz>we!~y>8hjj{}Z?uzCRT zI5oRZsso+x?`0?MT_<8Pe72W2g-0e*0=Dysf5edgOgE@K{EQ1B7~BQa1qt-B6&3-j zmPmK5eL)2DOTS$sW{%U&JEiet6$8S(QXe}p`EyTKxP0ahkiL@VH5kDtAHJd=y z)kqVVGY;jgjMsB1g#1$MdAzm60s6c90m@H4Za7bGIsted!im zgiVTkZg!5m^q&Z&vP>O*5Oob`G&0 z*C{hDGqX{!GZKfas?GuI48?US>|<4@jM2#*h#OTFJWO4n!EAU8OW8PJju^VuAuU+{%T3d zKTNlPp#|mjZ-=>8ry9k)%$vql|8&(279;fRpB3h+gsTJ^huPc+ISnD)R}ShXxqf1L z>@iyWxNHvTV$)U_Fhupn90+mbT$Y#h(z3R>d_B;aNnwQa0B~m07dl4X)5?IpU*GqH zJUO+f@cxz8<$VPJg40bsb-kgRKbikGW8RtD324hdJM0P|6up08)!wGZ<7G|2bqV|( zv;QK(F0@0HR?~yHpA>Im1y&tfPjAiHhZ=qOMT^ zVAyw^(OFlY^AY|w-hlPg9~ju9$20A$Ybm`WDmxq_aupSS95Yit?VoI{Fhesk?Pp@s z8pLV<`>dJlt#A5zuUD9$HUN- zkEmD{yomnP$Q@%`3!NUlbP7u{R> z^sSx5s>q%iMO{x+cWxsiw1)3{(A>5IlM;$Z94%d`LyCiLH%x)DEv%P@_|eG|+N3hI zmEQ~w^2{}qy7`DhZ6T0>W|7Z`OLVNBrem(6)^YXOG30$VUsBzDGHbFAZ35ft5$yIl zLjZ96XO67z`irkpIP@03pVl4wJS! ziH|Zs)>50)u7pzV)RtX;l~4T)EG$;ESZU)@sL2o4C^102G$>8|R=*tTYvE zAQ&i$D1_SN=05&=J8k!)0%a@_8Vl!k!A`=$V#j! zec+$yPHqHMoGDONXrnb$FV|g^7<+hfsW*3~u`ZplYl?~g?G~W2EDxj-QJR(Ipn^roT2pW<~( z5@!DQKJ@u0%q^VVU$xJryQ`LUF#XQC@Y+&ze&DyNzIoeA0Ol(>!QppDR)@w5oFe~< zNPv1D9a$_l4=~Irk2C#gjrK0g`k;DsD_RvTqC@4(#XQ^<{U4+r5MsjxO~`$jaIHVo z9uF=DsZ}T8rx(?9;v>k>=)MGk_BchM8)AXu;!o&LE;6(g+5fX*Nsoo;c^Hxt2E@A; z^5|c)uK-F$g!cT~beuO0oo(@THkuv_FL2dBN}p78JehJfBfwsRvH*M{_O zrN5^O23&kkzOsttr+5eW3QFnzeD>o#|8!g!L1qHwh0!=@A6w;R9=kr2rnz=L*8sO| zq_El+WM@6$5R2XH#*oH_>0(_{e+5^DjiV+-Ur;Pc?!BMlU(mpeM?HTY^e$YBSYmfM zk1TqGwzyEc3=kqPSB9{PV0lD+OtPQ{L&F(kC|OfmBZq-yg01oRgMPHnvXULbJqGei zA<9+vSwDfggx8RA;Gwqs^|5eWA$<>30`@dMNpsdVhd4yL=PEbZc-3;WEh4>@8ew^I zHi7rTNa{b@ll6Nh8Xb3&vS4%4OS{v4OXUw;Yi?xV2iToxkd66q*&~M8caz|9i}Ft;teusv zkR@ODhZaDRilfKjQ>I&yrt#AmWg4-oM)^9D$4{ZK7u-Ws_HM`&KUiX>Q&$ibcjgao z-u*9RoiZ+v1d!KWP)NGSHH__Q!+0+=yLTErfYZK}6-S~Sb+IvVxUrr z2G)m04r&oo+yu7ZMa*nPBEg;F-utdHP<5X!rsld#%U&5)#wPDP?^;#3{;eGPh4rpfBp(@F zWwbT4zz~^}QHB|A$~U}bBY+Q}@&BAN)YmOH3delwpp-9`^%+p z^&8Qr&BW@_E6%{~%N4k2z7e}E-@<=rfb zBp!@2^Pg1&uKMi4B|(n*#u7sTH97dqKNKJ?;@d>gMymifSQM+*Ev5XS0b!nz=rw z6|9rwZ02f9U%ejLKJSBPhpMlaVJ2vF8gjUvbW;&AQpRy=>Gm#)d_FDkhmzXr%9NvxwCwL~g~SDcBfUIft3_xE;VJ z3tDYR_$+@vsAX=|T)4L7v59CPPv~Y<#!YAeK>^+DZRc-3UxvpxAg3KOX0mNw^9=;rCtIow?= zs(r&1RR0Ll5Zi6$RiZ(E@J&4)Aq>=h`({j=C;7KhbvCmDS(r3iMX;X`vM&L z`_Je3TT|eXi8ncJJ+)IJW;bGk4m>PJLJe~>ZWgBW z@7Gr)DK1znmxZ%?tD;*9e)pI%&UKPln;vcjDo0GT7!_0sfc0!2=02$$jK!I#drLG{ zKMQ(SLPaZRO!GQIR`JA;&g0*viOB^ED`huB?^h9|i-f|sUQ{2o{u6GmW zM|ejE0Y4gw1JA>b(#I`Je8So?3M+S$|A$JV z@i*9uL0HCcLiT~psBU1wOy54Nyb@y3CHmQkG0|$E!$$fpHCjwLi&mKQSL(FFzPmZ_|eoO4Z~1_ z3erZYv_|rRLpJv!m4lfA;g=H@oR%J|5`F2^HJ{W)Go_3C`Dq1K31@3CV6$+&OC2eI zB#9h=cp%b{!WZ`rKLAcxK|+m_C*=d2-R&OR)n_;2b!c~cU#75KXr}(vGzGrG4d`m3 z<}{^)o&ma8^v2+<$a<_s^2gc-*U8j5=BZlUYEgIl>X*qMVRnR>j>L?fJrU;(`Y3q5 z4XfZmr3$+6pEvM=)Y4Ak8kVMFN4Bwy#qlY}sqg&p+-L(Ki4xar+GmW;h=K#*@X z>1i0}6RiMVV_}9K|8Bx=&Bu~j<9`zT;G5H;!*JW+nK6H2Q5N~LDqHSTWI=T1p@U^l zzkd_(_f*R`30?JgYAYS|j`-}afNKV5;;Fl6rRFRnV0t7~sqZFKj(QsZ=9xu42?h+; z?)$EFyQGuB3GLm#(>u#)3)JP8<0fjK7u#6|lL5H<00BOxXNPE$(bVI^5q$~8Z;zO6N-(`SJ%WnHX<+yq0B)+Jm;c~5iU;CMuP>e%cSTOqPn|Rv?=Y|v+ zJ~==2GR*nx)0V6W)lfnxa2NclSjc*P7-XN~M`OX+vYkIlRt!_R^7}2iT&6gOQ23>Z zy9Nr}VLzo!S;WiUkt$2kO_Owll4hzj{rm40b#|n}!oUd9)qow2oQnEspSf}6kLAF6 zw>iLAKWg?d5v87WA(UM!Y-whLEOk6dGb~BI!?LqBHV7hwxPJQ zKj?Kb7p~Vr{DmJb@1nV$t$i}SXe*WdXf=J}j@As^2T=DNg}M!mMPr~H=_T9&WOS3P0JwZh+eIqrg|U$k0tvlGEb#x2vh@BN(pw87`RFp%?kH_JW5QYqQGvaN zye$Dmgb7tzL{a3xmf%r*{`gU=ica`bT8i&LEpeRio4t7T+4(neT-C3d=p|31lVz{9 z`qn+G$?&9gAMWptucaSRqMM)UZp^3VB+ooN0R1vRGPI(9JRrKI(=2Jyez?~5+zS)p z-2Obw#VRtGvPT=p!R+s|$IR8jAXUD}s8kHCSutl?O|IR2D_G2ZAC@A!qV1gzc!)mj zr@9Pf`Q1?Teb^*+1qdp|WKYewlTVKv#hM1 zzt`s2Hi9DC-am`bjs*opKk+#~NGRsIvnHT1NG?S!m)Y(=4UQ>d!MXbMdwSCz-eEx| zh>S(tr}<}Xf3PBbZjStK{iKSQ+mLxcDm`ftX_3!C$bL>#{ufV_ZSz8K-b%v8CVODC z&IhGSDzLtTpaUATIyg}yoi3N6Eyb(0_kkZ%)onhcQ=Iuou2jJdbOmEt2xuy~USxSu z-r1*xeLohUw=v&@qvRg^8m~|!G<#I-1_Mo2l1!%wTKFyRafj2pPLHi}Ii;*fRQ8XV z?{KXy7o8mjL%b@WwMBu9r~OjLBglN4l^mz6Kdd)Js@l>RsOGy{&=YChaG8YX)y;-& z46y=O0)g&A>E+nEMAT^)f)6r$yjq)3;VG7WbA_K73**Caqd6WKKi3bwNrMODwOCAvjha$)F)LCQ^$_$%To z!nlB2JzRtmO=3BA6N|5858Y_~p_t9$=?#2rz9rl;8GD`-@%fg&nlOdFXO)=QtlJIh*$29a0=2x>HidjNfW-)_zL}n z{1V2(9S-J_l=~6}_Y8hJviiCVcN>Em1!==FqAcuizC%bq4KOY%{=)gOG81zz7SFa| z^BpA#3G=jk(b9f}*&=tn8l!BMSRjXU%^{2B7(#ms=f2%-R=6amK`c)<+r$?7x4>EP z{C_AzEGI%rLt<*omT&zX-;&0)9*~>Y`|Q7t@?9JsdZDOu35XPxxDKecvE$je=D|Bt z@z8dXDCNj&X~C~<&Pcm-1{6K9gK-lBt}J*^L?|E9tkI(gx$Ko=L|+#7!@wjuuuH>o zDr6_G^m$;5Fxglrdig3g!Kmto*G(bElCK36bIV3PP2Q@ITd5smnIQLRu*%NP{?6g% zFhADUENdY=CkT5Ydh&yQbxMZRwE7>*Z`Bn+JSh1TbMAyGluQN!Z z?xH$Fx!6WLqda=d0pZ=d_{q#~>M4+IeKHbrEv*o<^iqlu+iKeKxjFD`@u|I)rztJTnXTt&JyiU2IS6Gj*JA@qzRzmyRnJ3vYj0v8%s{6~? z{2kGsE6;xU!HhHnk2^+}7!#n(QqO`IlsvOijmr8Gt&VxG|5iZrV@-8-#F*-{JLuPq zVV62etR5kUY4)oD==fDH%$0)=zm6trFZ$#aK_W$*i>s5)^_@8#?ZHERUolQ#8!;Ie$z>!y-z$uD;G22t%E->%P4xA`|^}g{R|) zH|FJCJrC>eo96`>|4SuqX;>KZJE6qgTUwK;kqTF!q_FX+=}|L+A?dU89{Gkh zbOknMsD_n)X41#DIt@C1$$gnzU#`9IatSBnNJa1(4=(}WA_e$G@9(EbEf)Bm&$SBe zHScjcit$14_6Ytf6xO_nktcry^3A~eb0;r)BE8$1iBgXXv~R=uRou|wk?B$Kl#b)X z$TL$6waYo%#HzHgGys!siUsZo!n zW|jEdspyP7QLpUnl8w)KrHh&&Q7kA4Zr6p0JBng=`jn>{ZQa6Yv!U%hws}WUbG2!Y zZl2Y0mHc0%MO0MnD7<^!Eol;RM7$2L09&PArDxr^sO8FbsE7}nYB(8#b`-gK?nv=! zs3qHzH`pUEkyEB@H7VHw#kcIF&Q%;`vuhQG_GDcESi*bP%LsP9h!{n!^Tiq!*9H9+ zgj2+Q$+E1_{?D2?wSaks^C$mI(zUJg6NuMx$PR1%q6-j3V7Co$KKLQB`Y!2(j(7B@ zQ?}#1x6Hmq+jScYSxc>*a+>`qda@a0?i^tUCIuWo*)Kg!IAB{m{3Ul?>Dn0z$&ndW z&X&mKy#)*nWxQ=lKE^oc56*B2hP`OCaSb+MQMCQEg~<0`u?YQ)6{j|P1E?*jVzU+bAZz&gCb`O z-u~D7-$^KjG;)qODA?q1x*QGT+R$aMok~)EshO2hD&B!ECN$Oa2+@>g_(w7+lzz!L z{RzQ&K5;oFpL>3Ipuv`KUF%|rnTnobWBD=!_eFZog!kl(L>d(S4&!CJCB}R(5$-SUSxIH*__l6aFj!N%O=%RYN6{!agyGT! z-44y06wqm%Xc@t@WkO3nC|X6)FSH?+y~4vcr!J|>zNImZua5c*6>8ZOZI(Z^D>OIP zp+RFktge5c;tHCAIbhGAlYE2mvcK16P0q>Z5f$Sc=WTi zj$1RF1LEE6J)iU6QAX%$9*#%G{hm0lM7oTXFI2Zrk9V8CFPNUaX?KZ60FB534jRMq9f>@`>yNwSpoam?YgkT897mnN%Ji!ByBjw z+j)9Xq(p>w@$ag-+@S1Y-$jR%)Tr9i@JaR|Kean_TZ=03;A_1j&@}=gC0z7RHw=KK-fh(i{EmZ}Yd#{8c%)Ya}IO|Ez^q#D~1RF}w>4?OSf%~FMOI0)5!?weEp#;DEI zy&Ifw%UeogM0M3wx(Fi{&Pv_Cb#h8w`c}_<69WB?kad|>Tn{>lKYx*6$RUZ_q9@VJ z-}(5!Al3wYwN0bg>DoCL4gp>1^j6_TbO-=->nHtv$sfhmFn1om!9>Q@AM7qQB94YV z&|=pj6Rrng$+V3OZ#MnYt)HS=bW4p}{mCJ7Bk(%w1PokEWnv;yaLW-WTFI}e+t=LM zx$r{GzT$q#h>7$|V-Z;UF4An~xm8om)M^W+HM7pj%Mstzq-e9-2$S)Pf=@*i^ymO`%kEyMeLp)qG>x(xMPa%59pPdbx|0kf`S&Wm$Zd`0?+lD#1CV9LfkzzPz&Hb(TOE-9E*60Ry z^sgaS?j?|(5b_B1lqa2fT(y}KB=cI2?f-O{cY+=+A?YHu4743Lu8?RhDkn`QH7v_sY$M>4nbVY)XN160X(!AmfZp1ICVt1$Oe&J)9x_o$B) zlE252PNvJ~U~5+9I4qs>1Qsw1h-%Y08#vOT$*r+xM^n^h)8NAm!Ux=64dii$9W^m} zG=bgG7t~D_RW;b$^SPlL#f<3y2w<4a#LP-SljHvggZKPt88Tcm8l}ePnFN_X36p18hKEyy4Ab6SLrA(RQ?Y6V}0LpCkJFwMy0SR zbiTk{u{-QoX{CQUUi$NK1a>iC@dN#C`9}r1A(s@$D*ZxAqMXpi@nS6u#_#cgu^H9TEKEjMXf!GGSxpXut$?%!R zbCYpB^Q^kcGjsDo12Q`$p|!4!{3{%#vHJKpm_;u#c_;KP!at}os(7H%_%nW`w`p*2 zSi-VPTBD+Upz;A9s_+8EQNX4)>!F?7-!`t02{`AO^=yeX*sE^sO!?vlmu>$gCw{l7%j#s)fj`e&^jW-up~^^h8r@5=w$Gyir_q z;)|ekt4>fYIoj0&zOvBHKFalPdKHD2W(p%Z{bU-aqgDWAhm3Br{0&h4lsa zHaEVROz4r|#vy&h%3JbNdjdSKBA0gSOw+-U&GkJj(wM=~#5X%YJ?%6?IusAB zmNu0#Nj7AdD+)Z1s#B|IzM{QTYqmAHOXM8*ATs33i7NCr7H;_YKZGkJX22N}Hz-ao= zzwV|TEiig@$4)}c9>{GO)CB@|owNp%RGMgpT7PYlz8(mVR%UivZxA1bElVTu{5$AO zD(_;SzPZe#LCe_RR~zG{5rOl1PET-8g64VL@SxQN zzMO&0zAX-MzQGuhximEmvVdVR*Y`W<1I9@KKwbtuSt& za+p}p$>y2JcDGnYBvWX;w}}y;;B<6YpEh{DP4Im80xdw_gBWhQ&%KHGDp+k{=u&3& z4{v9A)Qd&7Y$o$1&Jg95P7|ix2Q_}3rSA4$<-Fo1_h$_@&cafo);4wm?1%kE(c8y8 z+_lY$^!w&cz=Z=mSUJ!HU4Ks3Bt*uUM;j=gv+rHEX8y}X4flH!;hnFtcbtuh6(QuE zvwowV2z+cR#;b$fTJCf?5)Y+9>pu3oltwC=JeTbf9aR+HECN?sxEt?kE*RH7?4Pc?ig7 z41|ri(Wjw@J`wOoo3$N z^}|#t4abz;mW|6e*T>_O39c?K)&DuV>bR)Br!4}aARsNRpwb{9oq~iSAl)S;@TG+% zcLfBbrA10Wx;vMpyQN|2uBDdRdhhT3Z~wWUyLZl+Idf*7=b2+4pJeT9YD3X6Kxb04 zdGhNYX8v`Z6q2!rzp()svKreNVqD|*)VI_q&69Uo?{v@tHTYVCPy`!G`ECWu zJ3{>mL;OF`63xS}%x_OVi<3{I=F%e>U8v-<{G$f44KT;1#ILl=>75L{juGa3n_7`L zq%k2A6B9+FXy?^}ZpDC~0dQ|3DnIt88k~vu=h1-bysiIL-S7jgUKvQWWxTpB*L3?9 zRj~X_dC?F@cddBYZe%!U&~Qi4uMXI{e$G|XS51AR-9*N@FaYkc=gsy{yL8V94fEe3 z8pALi;D!cd?|1mVd|8`1i+!Dhe|i{*qfo{~oE5rO^z!U~)NhEoBWKfkUoyA!L1Uf< zn!Xi#wiQU(#G>t5oU+6#uxtRoX4P}y-H*+lyC?nC-W28+ov!*O*0@Y5*?&|*Fs!Z$ zRvWrq{K9gFv$-Xj3qV4}CDjElP8x`9Vg!rtbI$uOEU_d0I9QH!dK2D z38gIwhzpSi(SjFt9ax;Eq$z~@WFHO$n_aa4WUFK^p_$a*=N6jtqZ>ORk%@B$6(lV?rdY&Bc zbnefr2;%TPq@*PMk$ak~VjE#njJg}UWl){(#Hg2yj`rwTQK=$X}7@4?cD%_?AjrjVw6~O^zW+nfEf0uqqzpRG`Zg-*fYC! zbswK9KmmZy^MQEqPL>V(Jk>TZ^$jk9Cif)m5aObd9a&8c$Gl>Q`-mi$le>8Y0B}qC zj(Zj&1n#Eki{${AaEX4z+>{13b3BsMdbM#LXuBQztA)HNjaxn7k9>Ep;urwI$&rHb zg)4@XvWFb_l!#w8%sem2H+hT+Jf?I#v6qNQnL_^R5ah%eH46NF5SDOpiTe=45}#>L zz;wALZQ5{aj-c;WYl`(G* zz7sg)h`(IG59Qe?qg{2j?P)M_-{b$;ey(>zdElX6ad&MHVQ<=|GXdgX1DWT^%uY(4 zK{p-)0jT8n$RzP(UaUS+&kcY1i|pa9oB-u?Fh-K6fIFQ4#rYdCRfTlO;*6p7nNxZUS!p^jbS7Krs!bQvk`sR&J9UVpi5_JrU%|BVyKN7y&O<64BaHspPa)TPG z!7{|hLa4c6e@T;?264CXQLy`qe{}@^$?8ToD{v{G+w@w>lRA)H*|Hx|vo@DrZR#2h zSJZQQIxj7c{k^(7c-ugq@=Fr@ff0b#zaN6$O)AtnzBE(AMw|IwHPsFk$qAg|9$FxC zCP;^Vwa4!P^WqRoY&aXIBO#hy=T00;#Z%TApB{|p#8&cQ0k(FqLA)u8OfDeKEI7A( z2&i4_&-Ma#^zBa(T_ihkE7xr9qx>S3^9fDFvB^QszR5<2w1%j$Y?j*a!d$FbS{ed0 z(&v_>A7(#Z;s%?QjMMWU7sTyP@lqpu-6|7tjiD4&l%mmaY<@$}plhi$&RB`MieSV% zS&GQn7RQn-di5D(VDSL-dH+9@TFpOVA3-Ih*3>&^lhJ9YGH)$ukxMw)1K zCDSF)T28)~Ub<#Z7=sz_m5yp~e_S$hOe^Et8~$4_G*18!OcUuftq|Ann+twX3^%$A z1y>9K!^0|ahn`kfcy6>5qi52{OZJ(?l&7y<6Krf~9%Y0p#YP$=v@w>co$F5=N+$AHW1%OMHM!@56C(*?8UX9t^?k(&&vd!0jdpO zFjfm~mK~EPjea z{wPu5uaLH#z%tA1P7$=$k_M-d9<5ayaoL2=S#LdDac=nE@#)w2LWj-eJTOQ$c-#D# z2D8wdi-yKS*7MGxzs3Vzf44$MU#xUgZkqJy;JI>?q)HafM3JqeA3UVXWc=Ng)=<;V zEXMCnbMW;sUzn(%C+395HeP2a~IY-R3tRpi(#ZE>xV|t_wU%urkjjl`*= zevN_7dw ziFJ5Ym)YI`@=W9|rCbDKN`4+^l^MzBPp6ogI+?P2?2yNo*ZGdwY|fN*iF{2{Pg>C& zRwPJn;HFJ?o#yhP!e4y7RVZVXFYCW*=DJl12hsNbVg~Lc?APSlCQ|OYd3FyI2`MFr zTRO#h!JiHrmVdX#CNi(>`iZWA2u@4A=w47tRn?z=N0a(v@UR9$jXY9n#KELfpHHIr z9|R26;=%rTxhXF4jISh_cqBYi%ObsDPQ*rjr!QC5;M@IpmMBf{5)Uek?q>c|kz`S= zH2rq_qt6uyTJe6!M{k>E%6coq$bB1=9s%)1(mbf`xUpU(KbNAC$w3_)Y{rNclKMiisPi-q1yMueD5wEeYzQ*m%HCHR%amG5>$R2{cYBPP z7lq%!=0_aiiace}7d%t1(|fuV={vAqsO7ONPf^Bu8!5CF`57!l@ba^gLRMQFvF8J^ zRP@nNK~d=EhDO$k-d&oUy$vdRK;E`)R7upO zTRD7J9m$ggfO$45np!{3)V?sBQFNJYPkXU?LE!Q;fv~x=BJOU!E(X5A-Kij}+BnW##m7m%aM�UTiwn%>%_mOsLlmF~Z6uvVw*6IM$ zm3Foucf-x%H8kH^hHFTbL^a;EX}-oL@c)?ojYlG;5<|2!gyp-A)9>^0kdCPlFvRxy zQ$JthyIio8``&5s852==SH;HMe-F!ip)K_R(;+P2#YEb8eh*iwEk^9d$rH|O({N|I zB^s`NMX)w*Gdf9iEf4=i%HAsL2_IMm36T%1kN*lX?&Hc?AwpO7YobohLkhbpXSo*} z+~Y<+=ny$m!J%eKJ8*z$y?^0t;qeLmvP}TMjncB91D=^H?eoaS6E(;U=ZN3D-j_L) zf!a(zik_{NI;f-N`I37gY%sThKLGayfTQ$0zs`baUp7VEoB`^aDrJ9o{YrX>)*wFK zv*bR##FmQn(UT9e?gJ$-@mkfd9mOzX@zW$10(2=iSeDhtSl^4kvm2&pIHd-h`3qWa`dI@1*X z@g&5~2B>30FXKO=Pe5I0HkaL5v3}JwVR~c1m4PP5_m-ckAI3Oj&pXWnx`QGlTMGr` z?yT2=VlwXJz`0#D`z<4VJA;h*Xy>W-3?aDxkvb8HxU1kIgJwC25#@uEcGjEOFMeToMVK@WZBtPm!;Sxx}t4Zpc#jGE9irp^$;8BKc zfg8wm*N+u0s*B$u^qw1NM@(bokE|Hx1lp!Qz}|12pq6Ig=;T|eV@_rdYJ>o|`Co;3 zk6eas^zidgL$4ww|Hf@V+)J*|)c@F51lyy49BwsJXwFdlnjvM$zwqNrtii2`#;B~l zC=NQFr4@b&_=+4wejD_(yPx->&mZv2)oO)wC8f$2H~(d^&qL`QJs4D4?*CM}pg;JZ z)JEQ&+qL?W&+p}Jo0JHGc;()jPXR4~t>Z?Ecq22#Ek)T5oWccjvrwyaz@z1O$v3kb z9oX_p;v8*!-Q3EWEO@R*nrFdXHDNuQ79fY-BtG9n}V@{R=$#Xt9c77%XRO3G@^nay-RlNqfTmj>MM5or49E z#N4x)3*^3FP8CsSn+v(^bKcb!GpsH7kkh^gzo`&=!3vN_bQfU7GXBFIpMUD`4~8WJ zbmUu4xnU9%eJ+6@vDe!nOikRZ-MFFlfBf)|bpe3udi}n_u7-=TB-G8CW;hp~W|=-hI6v_BJC#vx+Vh z;hg12Yer$?k=T;UG`86@fS%}g)4DvM_-_vS%v%1x9Uy8^kily`MXUOLDDQ*LIM|(qx*|(XwIB-rNULau)WX{+FzhskP$JI*4WlyloOv zBTM{d&#wK4$CmSu6T){0QCIl$ZZ3t#H|VNBeidk=hSq~%ogDbFI_oIzN7j;~{lJ9D z!FW0Am3~!o_IVz+kHE&;E@e=zna%Vag4@ep#jgR^IfK5i>;h8-o;}@o)h?D!c$?l9aR=o0Q4pBdwNHqRb_Alsz0G%^JvD3Ah7Y+E%YGkn z^$j<-YW4wUKVONWwBP%VniVURRX1Z z>+I~w?DSP{#jG>C#6?oC9r=HEdFtLkk$~b4(m|K+a}qQ;V4H=k!lc2gsw8f|h$J!B zuNwdJH{er7Va={ywpf|F5s5EIs~2uo?xI62h-Hcm)rP>zpG-xfQHfgkeptXa=2!7fX~0x2T+f36n^^P%zRvA z_FGPTrn5fypNhq&S2!b68KfT@-R+P_7^7AbBNzJ{R{21MuC8*ee<7j(b1X4VZ)Ko; z!v5dGuNG+@Qv!uItJ_cpiKhD4SUBGHJF{QA!BnoyPR!@8d@Bh5XJjv$jOi97h(2G} z-~Yd)wT_Vg=Hp)Us9t%w$}-Ld!Zep*KSg(J9n3{R6vzBIjVs~qZIRj3qVKKT%M^DV zCq2fuEDTA2`mU5Lb&RE9CPMANS}KvL`)|5bhX93(`d=xQtZ!QGhGH>KG#Q4$k; z&6-{RZk+pI7p0z0yIS4xVia$tuKrSzJ(Z~rkO=voMx&)&h=Rc(`Yoxl zw&E86xWGto<~V6aBZ2Payn=1-B4K4%Mlul^R$<~5G=pyM=9GBpN;ZQ} z!dg@-rPTjK>H^62v|8YwH=R|Ougn}}AH5gv_m?lQ>n<2HSjm61V#4jXf?+600!|s4 zH(o2(a+5S2diS<28&$|WNRcmCWWv}sH=6a=oO1Z-xh`pVu&J`Eor}D>iC(A9`s4qL z)!eyKbmfK~zgja{!e;6$P0gO9@ALJ98Y2Up5l(?cmR{}bD3;B;Sob3^rlJ29V( zSwc9X+y5I*FIyS@!Q%dQY;r&qqerc@SaTc8i;^Pud9S%Bp@U{j5fpBa-0(0q9SdHP z|DI=isMnqRKH(3e#|CSH^;fmrMJZIqyf7XFzpz^;2X`{L!lJV6YQ@|!zNZ2p={+{D ztp?t#8_KvtJjM=+Sf$cr4h>;GLw_Z=WTle}$TwAMyd6V$p;2+n&NOnjJJrdO#{Yp{ z-7+7SNgk5Nc}(CKvFk^at0@Uo`7_z-=77Fe8RAnNbjPPR z+=flr#(KHMc6@V!+(`CVW<(P_HQn|tH6K~Tm#K~L|&U|-;G%>7FR_3%Iox z0Fx+~-$|pt{3zW16gO6hxLd$xiLCU`-@hZ&b7H|BFy0zzDq>u2jOW@*`*kpU6ikl* zQ=J|SLSH_WX^#1cV84v$@*j0g#F%6ce&rS{tI=KlSKHZefSW;os}G%Fz8va(i?N!% z!pI(m3olD-KJLJ^kF}Ua^%Q)$(qqNHqQ8MavXM&~VpW?!{DfqGm4WAEPf;~XjjLlh zWe|<8^}rb*iI6rE`LXl33x0d_j`Xw6V+8O^`fQ0>?l$fMjFO?!bQ6YLT(lv)S6*Va zc6=^sIJVnd=W62WUdj7*xL)4FNsamAal1<(JjlM};p2Glq2MEvNsJH;r0*!O?J=qDM3?3qF zjzdsr=X&3_vV5Fo?93WHQ+o2k(D{<*p?UFKSVO;fKRj2W(%wg%noEo2Ym_Q4P?!UAIUU8d#PrJeTXvs~R;KT0G zRsPus1(Vyar5=W4eo=CD_R?+jRUwSg8HQUZ@$?ndfn#)AP>#g8>qf|%UVIzWD913^2$^Dns z@HGUQ)wNZX{eifTTQl^S(US3J(5pdD2HjWMD{rYJ5mw0$zmv? zYDw|zfp0f@n$h;MifexbGf%H@FE}#@{!RLv)Mu?)7=5uqKTldz*}%opgowVdwqH)V zP#5Bn?l)QSXfK}jT83Nt`~Q(DwE!Q52R&asWOMD2ifUlcT)C0j>s~7KcK2ZUc~k4i zz!d|XSW?9-OOHg2i1Ff59OtKY3jb`EAbCB5}HlwU-$6HrK}{*R+73U z)p+kdkhO%x4aBXpma|$8%(2=e>t&Elq+Grb1!B5C# zV`;=A{}}z9nla5V1uRApMUqKDNpE2zW%%%skWAUlXQxBuB}^z;8H>=TE6O?NjiB_C zQiSw#3D7T#xPV-6MJ4jkW;aO0J5KS$r#r9O`|1)J@lNKsK+x@q^ts@NwCm;?a%#6P zpUZicSp2@r>d&`psaT5VjN+49v2*VG6Fg@VaMSswV9+||MPQa}sQhe?s%~`2b#*Bc z`ZmK=Sh^~alM%TsK&{c+e3}v`O(C($$<$x}6XQQq`tcoE?J`=XsyhaShpc<&DiER7 z+P2|&?w*{!Dtayv(SIA->D$y7NwlKg+GZi~XE&_c9bqU_#yXI})ofMj5=jK!{iR8p z1Z4zuWyMKPs-Jb3IY@P&8n<+dzCZv?>%os(IOeoA)KxPfWNmy>VhQR*j$>dmZM9d6umE$~Pj~?A`jS?}g*|ny$;_)2uCTBo1AE4ZAe%@)^^9#257kR@OC{SD9g( z@%9D`gE{V5T5Uo`&=W<*CP@~98Pncf4qD~ z9Ogs+M1Di}b-7W^P$&)I*+32`_!Sa=K{uv)wt8o} zK?hP*l-$Qaw>9YtZ{2PFBwbZ*J4eNCov;q|`$8hCXEZoIL((}*deiJYZYn0j=U$P% zwsdLVZ!WXMmK9JpRC3%we7rE${*HJ(eU+NLjLAl_aDcnl;L$}wpx|PO+=kX@%we?Q zi_IjZPfVirVY`pcJZyCliYz7K#+PmG@TYM+b*AQqM*lo~i8xuFE{<{hOITKl+>2UU zBv{;k`}gDL&t^v2;I~{F2}y~iB-~paE)-X)$oEmutEjyfDhaQBBDM~sgla4@b1P!L zf4?}?=#%HSr)*_gb&D!0L=M1Lni@d@TJE}&E+1kD7U)zSQS!Yfsf^o%~@L}Yt6ix&B9^{+IA=KIhgsWYJ9E6ct@}AFCWV}WYN-_h0lfqD5h(Z zHxT3J`B>Dlh1S*LXaiN8oy;Q;RhC^^7GIU~ZBnz>$)Zb)Fn3(TLpQu$g@xI_vB+9= zqX0L)X>gQJDYih*n&CGG{k4*fti4>UH~Er;cXEr5BIy9Iik=0*#{EOC?W)Gp(BOc{ zn;_P9;tysS@{{*EO6!5xWL^gwL*2F2dqj~+r~~_5B7Hmj@ofE{WeH{3u-80veZy6U ztm(`vMr-&d!VK(o2Xp12K&Wy}AiW$nA(8zDyh35|rqYC@X$ts>^l~yY3vP4e8$TNw zHgLFVuWu-@2=aU^eahN6>$OIDsmICE)Z!vW+#iSy^mo@}IVIw#4uqqw4q7PkhdLXY zI+}3E9pYh6ACisQrOCdM;u}UW1B&m&uJ`-TR(@XFim90ihEgt42d8%X+v8XqF=&mLH%hzy;|;!)bN-Z;w%dW`)j#aet8rkbb9QQMAoL4)J3F*WP9<| zf*w1DJz9j>R5aav+8q0jMA|JiBj_TD$5Wa?uMCQUwSl!!?|K=W2U2DpD zo{2u@Mt8)3^QZ!(F_dR*Rx3tNTE@t){%!=7k}FoyK2}ack|)VTV=32yI$zjkn>mhh4?|3|(nA4=!c<_Tf-_RX-0< z&Nx#*$8;XLq2V7RP#*cz=p!}QZ!KFbj$w?vPVUH8Gqpal5ZWi%G58XyBf9u%yWZ|& z*J(%0_Ftq$_&3?io5({h?1M$uHGEpLHZ}g}JD+jHOFX=~8S9B%A`uO3`gX@+r%}%h zH~amL%hn6a$HC+WEy{K@9)>{l7dwBnqRnb@Md%xG!+Y5L-@?YA3+rvf<=b&nSRa^l z9LvbZ!?Mu&t?@q~C?|3nv_(<5mb>}>BYK|0hdi%YUB_jXK{lKS4lP*g`WW0%X*FNXx@^Oc#fy9az7L zt=N8jmG85bc{D-CuJikV59htLyt@*Q@mE6cz0AybrKP~K&Sbxtcz3Ku;7wVdvZjS6 zmh&QIodorQ|8YR9#4fPft{0{|p*cF9hHLf(09JIZ^CGWZ^SX1QPp}A$v0P+gN{2#M z%TLyT;8hi31 z0?T|XV}vZOgAZhsjNGJlpZGpZmmK{tDl7|6PLvt(*FbeL|M6Kfbv=LfbxEv)yT$t^ zYUZlf9QGi-w%1^sU1#XpnOwtXjZ17Th@9{l!J6%i5NHEVrR=9w`ANVYpXEk(m86*^ z86o?~x~s{eiPkyb?Z{KFRLi$0&@2pDdS=tEc4u&Pk*9{hw6z4Y=Ml496P|Xwg{GP% zyehZ*q?7X9M=1d`x>t~WuR$+y;RBo3rsoTNTTpqrq@?S#8Z~*_4f$8l2l&*VmU1~0 zoa3U#8a}x1@gMF#r(dJIc)4unSUN$l|D|t{CZ#!?J8vnua?}^$BN#R5*IV7#NKw83 zK_-CJwNstc}Gvw7hvwo--&Jn&!RV<>S9lB6KN37Kot!!rj07& zXN%tJt$$xV9`m?SQ}KG!9C*TtkcR>3lBT{hKAq1lx;ojEqf% zfXB3Qp5^8gU-9|PH7DLR_Z#b;o=qEMV?|c=Qyth@o-Y4s{KxbvvlSY2Xa-hbR;FpP z$C=LkAhu~6yx;G?j~*&Rf>VtSy8{L^|8b&#l^L7$uB@%+NPFH#@0i)zGkJtBI zy}ecNO0N)8;HB};zd>AaqLk+bT{eEcHF$1$v@qlOcuglz$m7p{DK3oyVC&PJwb+|? zA2`F29&?^CH00=E#K-ivvv!4GV6RJY;BwB|gv*}gF>KIv`A*EdoUTkDelqx+UEbct z8kWZby^$|loDA=aU5)|HwZ^r-QTp{i2{ijTzJ{Xm_qcb1kOWO#XY{w8ltjt*ea!Fg zeMz5JOl`g;i+VuTocUJ-Sxd+2CWDB`M_gs!ip%uhll@_PTyC6Ob>$6L_E_x*Z5P=T z-ZxfB-?e+^20DA87yI_Q(lWJFNNhN;3|YE0UJ(%C+H;k*5mZkWj@CfGs%rXRUP65S zxL!;1+kZ#ag`vd~!rl{~;=Ua53(4{rO#Jft>_JVwe6=lBJw9p)IfECp;Rh1`bYJ0QQsD=B1?C2SOb~Os5$wup0`;prf233>iHzbBm7I?Y1}f9Ll&OPgl<+3K_#vaL z#|o!-5ToakkexZFwm2H{=*ruM9mGQ>QIGsj-+9gAXe#b*Ipz${Iw1AcV3OVE0vK$K z$(xfH6mW;zZY!jAOk2=zkrg#xfU)~wY%}w;X`A>}Cst=zG>;pT?Dprn?*0g}o@NC< zHk%r)GhfMKdNRvpjM?MX?Lmun6Ni9ngo(F4wzVU)4$mFtyeG z;TE&_bO^2=h#i^bu#MOVvQ+`K=JU21KKW)%C%l6%eVWAHm#cd|qN&mIM!Ij8LyKSk zzC-rM<>kXjB5XYsNUo21uTo$7v=RKct2^XM(8HTvHt#qf3x<;xH}6HDXTmUSuB6`y zXAu?>?$ez#@D3P#G9% zYKu?U;}&@vH;{4q680r>^QlF$f#Lxnqxx((IRLKTnP) zF%1R4OXQixX zQt6~|X4$-7NNx`o1L1v$i8@>Tj3z&uH61qqET~{3G&$;AIoI{ahcX=j3@PI{kudLK z72)%mPyCMub-i+-jmOcuU-_N9$MZ1*q!m0zQ6=^0stwS-g^h5`^^pkQ9}YQx3{2O- z({}Zqb{5m%j(NGxgpW&4vY9N|=P#t>sIKBWbZ^(pm!;E@8x7WH(`@kUsI0B2HPN{2 zwMWqtLJEY@mFE)X1;~SDwQ$GV!0k1B_mxYcAkprBoM177QP+&Pk>4_8H>){{tdE>X z7oNRu?z-0tB|}%fYvYfWx8I!PZYER3YqpuxKW>!b)$?H9&5@h5%hDyfP#Q%I;i$2 zxyKke9iHP{FJ-1Ca>JJM%GFT6@Wx{0Wty<$UsbN;BGWo#L8|H~{w<_U`15zMFRjE* z8qJnLot>?I@u2!p2QSO9`xoK-%7*DuJNyT7`Gt=F*q`5$6xa6U)!)Hio#Y!`YdRvV z%bEY0sC&iDy1I-8h|bkQ9F) z?%OM6`uP*DUWWdBPrr=O1szi^JQ_RtZCLQyy|4?w za>pp?{Ss{*Uv#bVvBhWJKq;YJgFpV=9VqkUVoRXa8 zINaYpPBbbEE;pM}1`Dm9SI3rouL_jLZ1BP72+i4u(1-&$nZ9OK#qsY)_}E4V(t*Ja zrxER4LX&UK_A+WYD)|ZDX z6Y@9YV_Wrgsl9Vky&sXW7yXbctu3pj&j6VBHQ1?Q?LkB9Iy-sgm+B+Hur7+tc@GoJ zVhG6Sgs4sgtvF}y8GCWU5AL(~U7^O2v{#}GOITR~6eu?boew`Vp`Ntk&U%*9_&gqW zgBe}XJ_WGQJF-()WY@5~1CZGfel7%_^>$bX+|4xhreKj~LoX zR^&j4#akzOXS>E?*NrcB{iRpCsFgf)%-ThIqkP+ieEMd?eCtkJLkncR7gOUr!o8jb zF!*PBqIP|7hxChk08rLMWc9jtR8YD}U|CJbQAuT{#0E*}_EFU&8odDC81I1iW7Av0 zHXt$(4zc=Rw0Cdb4=StFBaa)aj15Rkc=JQ~3nXNZz1Cs@#`Y+Zx)6+E?f-|8$EE|Z z#dYrQl)hY*FVBan=rijp?LKKhc~!TpEnk;ngB04Gd(FK)W_70s;|QL?n2QiM(*=2c zRbha=tq5!_U%|H z=3Li3yPcB>x_f`pflXe#=NN~K@Hm|z*1tDv{1>+_FAF7i3jB{e$@8pbZa9Qt>VKQB z2q!#43)yr2i`mNYwx^#*N8J~aLsd`V!YFTh0%R4@Cw_~rw zTxHnKpP_{MHXZmr$kxxH#_je>VrPn8oMQznsVo`iXM+oG|M}Z>^&rSF6CVpoMG&i` zCO0#9wv5}*AL;bm5@si@z>9=gY2Gg(l#7?mdnD7;FTyT*BsFiKJ z4bArbpKo5#EDd7PexAHz7Pcen9_|3@? z9zutYp2uzi_@in2+3UF39^J4hEF!Oz*j`EzEOfmfv%)F7R0-++M_elpGeeGbNyw_> zWJ1e*oOdtQ67ryrh_~C_qW!MoGcFzXxURZ>$GiV;Uci@{c#2m&O?pq9+e=NWB?23Q z3y1JnB_x%)d0(RyuNEAeTC)e6nju;>ECv-{bCZ&O9e{gHtTtN~zjL z*HGT34SB@Kee-T0`jfTlyZZ#+g%fs3c(;{#u7M}~jPFojEl!u^Bcr#EMc3z-d|81R z1VVi5sdWAVPs!B&wgV`fx`7arZB(X6`wJnXCfqaBCAWPYTjRUH%02pcxx9=t#$8gY z%dT3z%d#^}jSClxnSqkJQlX+*zg;Ug_rVqxX@NK=0|yp|mavdD$JF-JTpKcbM8cD~*h$(( zf7&Y9&^!Gc#&m%PRf-$aYW{nK^CZkt;H=s943#YY3V z;B#pvh(mBu&(&qV!CxqD;BQpQiF;4Mou^LSR`YX4PM_~B^yvV^lMt=7uu*0_cVYVZ z4(SqaUsQ%%qh)>d`XNWw1_t09`mHJ?peMkY*QB0>oMqNZM}01z{_q_(Uyc*)v^O3a z@K|#O!}jN-!~q&7jO~eFs-2M8omhmFv|TnqgV~Xo(I4LZL3j!c)%>+xA^LF3xC8P^ zKd$am6z>|B)d$)I&s0VfT|md&5`!N!C;gKs>^DSu<<;N1yRZhW!l`CUlN(55pJ<^a zywzs;Q<_SFprFCn|9D?fMPu4{tX_#cnW?``Q0$(um{KV`dOMH8Jns_2cL^7kzGM`j zoDE2Ft&%58R-U9iJ$b_RALs-Jz$WHK$0xA*gO7;s^7m?=V^f(_PmST1=moOCj+e)P zMBPaaO+B^YAm>L-#Wf!TT$)><|JEY+7e~wS=W{#qO1Vd@zB%fs!8>rEb1B+MsLi-_9BV7B>q1OtW&Tc1RQMPi)X`j-;8ubcdxzxo zznX2O>9`V&37krKpu(_08(MohECdTd%bHe{(oLX0IPdqMR~At>JS;&|*;61nhoN7} z(cczn%%;NafQY#*2grqeUI!k5CvLTT%GI&xfe;Qb8{ zY^VgGNB@B|mj9Z6+S8;t@*PZ4SPE$^6KRmE#}xZ^Yn{toeGG&?ho~YhR%(V5dHo1* z$prOP)!rEZwGQb{UBi^S9hM?>XeHi@%eD1TQ#-445vA=j1dx(^fr@I=N0ZqDlm;O7w zkYJ_C3IH1vCwBA3REo6mucpB{+_1Qd<;WFm{I)9(LxaLET z{?zd_&)JXYHJ@bM+Z%$v31mV;O82?%YdE(0#J^uAAIYBcT);uz$L)M3NUqgtGZQ(B zC7jXKRd9LfNZ+cRrQs8a2`0aJUoCx6r}pFlDp&P6JvkH1A4ta#6z_+#P+gyv$+rP$ z7V0ytZgrn|vDdA^D(f^bLL1d=AbU-845Sg@lVmeTEFUW5>?HiIyHUByCTJ3rKO{P? zFvioqn9Z*CXU$Z)XxHOxsl^YcKx8Q(I0h)(=t|m-O{BicVno)4BY!-|QrzB#T1;G| zQ%{~JNpboq47$e^z8NdWGTxFN`>sLQSHbP8<{Hv!k0)!lEJjKM942vOZ-?{vZdl6_ z4m%`-3_e`{9whQ={(79VG>M$rd-k=2ZkIYBWZo7sZO>f#DA25TlnDEr8>L9f&ZV15rw6IMYPF9KyWtE@bf>AcBpeN7)@;eH?U%8M=Z} z2DP38a!VYCZ~s#fru~b4-ALX7U44b+-SX5W^M;FNP9jk6Oh#7&^a=jD?%JDKhBq+4 zd}c288`o8q23&_{X+fYDi6nKePcnxZwlt4tOKQ*V)2NS-ltA*FeY2k)!$mUWL2Rz$ zwX2dY3L8&pcb@FPMU%9p0EDA%M!yiLV@xbKc7C?>;|!CYBBasNHF5B&K~kFK z#)7Rfba%Ma+l?d@=R@>a)*Md-^MGgfo#mlXQ(*l;+Sd6s@yVX>%a%XAW5U*pcZG+z zKKOAEPRZ01vb!*Qv1+C_)?w?HIxl((k~(R571n;%t0OCZ2SH5hQXO1dNs3+cyFL}Z zl&u`|S>L315^oUsTfO9d^*HJ%kx_H3dj$5=gw{WYk-)cl`)M4~O$g}}SS9iS?mp(+ zd`7TgvtopO)nE4CTMr^uewhtIiY+_loY7BRb#Lpzb$#f{j*GqJf1jl)k+uE~ z*0RtW|63bYCpe|9Qc_kDh`#0j@yP#J+_c49P&Oo}*fn!!-NJcf64`+pVnVJSX-Af- zmO*h`ZO@3apd^=^l{Xe3qy=kNH@9ycW_)F~zkP8^KQgo0!t9v?kFVj>)zm{Ty5ih! zlIy_6$?85}YKaMs09-I$yx5%UIVf#TStvK*UED9Rd$};?#lpn_L`Tn(X4JeBee<>U zyH5st${7aGpF2GLm|%a^g;hcr2Uu~uAqp2QrNIp$y{);9VIm%@wm=k?H;3EfrhhR& z{4SR2vdX^L)Do7?P$IUroF-xUnX@3yv`T2{(a{t`T3LjM3Z6J-U0>E}qJ>lCYKUUN36jCdE zEmK0J_?vnFpx2VLjhR&G*|A+Uu@7BA%&Og8$Y~}YNb|3z!ZweOR6rGaGlbVzYeV#w z&o+n0ACPgkzLTBGnDbaPwHpiBu?QG2m8pr!$S(sXE)Fd>oh(n6dtr180BrjWBz12f#WF=~Eq! z6iEB3CzZH8er6k-g7!SW}Y* z{$V}N6ag)LeoA-?KM()Pq}SZH?$vD+xseEyFrQ6K*48%xPka7D&3 z0$70q23WniFsskLC}b|}n)YABZw{~xkIVf~;mGB6FH8m-u)o)Em9CGFyeZ7&aus>Ve3~W~W4*4{yc%Ma_?t z9y0=x+$Yp;jeTxOUl*=e{@AR@{rK}D%P9oBFfVYHNc43yhPK0&LMj67-!mQX9ruyF zznP4*xxj;QV#|)K&H(Ky9+1(HwdfPls?Kw;X8P_N@uoQFgTPN4rhR9{$ z;+zud-mjUrmm`?d(y1KsI$}}tebPuX&qHa46l;k_M~e?Ag)^9>Cdcmn8*{VFbRAOZ zf$1;(rn~zY()yBOr~2>K>W|VM^ z4$OtzHGjj&Sk(Ww`ID?n;K7(i_BV@ENgk)Dn&*ArAd|EJ%cSw%8XYZfE(H-qLK-BdA|RsDozgu*8a5E6 zLt46&?(WeIL%IhHX&5zX^*+D%Pd=Xw#-95=_qoqG*Y~36Y>RhJ+mES8!uVu`2Ws9` z^gR{9GS((O5!P{}{CP1=%d`*JBJ$MB`;pP9(K}px+Hit$uH%7i+!cBNmU|(!_8<{+pD@Vs)W;5`4PV+^Bgq=jx0))u#ur7C6{5_gBO z^*vyuBnbgL&*fT7u^GSfWI5?^jI=gzes!i%I^-Xj(49e)>xZWjRd%W0DGxNff9Hi8 zYfqM>W`gcDCq7D2h}NWeE~H2m%>+bv*~-;O*4EXBQIdQ5v^c3Af?eN~tmn*(=(}tq z5us3E9M*(1>G~M&RVvK=@V89~9zkm2Xs6^oEMMstFR6<^>i~J7 z!Ax@agMS+@Jq=zwF&pX7!LT@bv>b3Op^8t*;p0=YCJ^OjV zQnaUwsxZ|J9sT>1xFV;k)1p4fJi;1W<|&5E>sFQ?>|b5~hm%=Dw!BYQ>U`i|bcE($vZTP8+fjZhX>AoEMC+RW%YwdWw zgK(xnW?(H-infbipC`vFZDo1C$VFK^^cM$L+yJ-#|1|Fl6r}GF?By3F| zD7pvhcR?l7FVjP%Y~Q)|S?<`kSYbcWd}@vIUQ={zjS-lFGx1U?w{Y11u)^|C?WL~y zgRQ8i;{sEk$Hcl*PO~vO9doOA+KS~rLfMA>16LjMnz2)s8vwPXumnnabejzev+8}J z(XWvRbrGlyfWK}E;^};&I<2y;Pp4j4ANBF0YrKs35v<*m;32B#ek+kP)l(@lZ%Q8# zfH)4yq4Z;73DV76J)YHy8UOF*Fi`i~Rl$!oZLE~9I{nGQO+X^>_1Dxv6OD-T@l1~e z>L)U^z8JLMyYDB@>CMlTOYch|CHXC@ z@+&CG|4f@qx7>c0yDr({IGW2GDN26{zkOj4e#Ns_ zJC=jk?XyiFkc9E4f6M*yZ=#*v$8*lw{hA$eB$@fVrCN}_Pv;VjU)SY|X4|5~!qidp zkya```HIMedu6f`EAN}0cwf0|)|o%?53we@WHpJYx^9M*|5f;!Sn5(2p}`aBd(1_{@+w)n%$GIo6~E6htA{pZZ)c%`#&f!a14chmJ9t4Nb@PPhbR)Ek z?WPym(}M3)KZmDgnNI|s<{v!R&7mIQJOE_w<-f!hzm)WKp91wCvde~)UALNR@HlItB#&87&yupY(0`gC;iOK@vbT|14ib^c(}49Td$CZv z@#&mvX=LtzxK;U&Aq2?FVV`2cdW8W*60K~mu`DZc_?thhH(A9X=G}%-@~BTx#M2ky zm{P(57p?18e;{`BHK5mOK15un5KHc-p8n)|_TpkGnj)QC#b7nmee&s@Zf3-__GgT^Q*u6_6D ze$c7B_D7si)T>B9UZe7*+|j>bpZi7~6#EJ1IaLRX{;+rY! zE_cr3tP!9>TZ}Mg9TDm}=o5T~FP*`-)#jCL7$FUpda~U2iWmF+Dl8^tB8!#5)LRXz zhd(hB(yt3YHh#e|ln~){_K1hjmJm$sqZ9oWN$P6op3HuLnqoRS|NEPwzo?>16N@kY zk!IfXNDcrxB5vefw53X>5a_9<1F3`#`aTR~wsp(@Go)f6t$hr$byh@dwA%K3FvU)J zvTcGlI}_cicL7z+Sx^u`$C{wf9%t2gMkC~FJzfzw1(MSsvEzH(1pUXojLJRh#f3_fL2~zt-?e>|A z3{T~RaEyLB_>{-IK7-WzOrukCN29GFnPOvpSxcDY(OEvubO6OQmU;d?b7YeyWu`)= zd{Man24v4y26VxBAH0vQjGT5~47NXcJQ;BD-9Dk^34v>}qsZ0T9*wC3GNT;V^gazpXo1!h;G%U3l{BP+_&wu2iMBr_m2m6^bZcRRbLgY z2eUa+PGky+e&-Y<{Nl3dUt%w!@>g&T7$<7{*(G+4>i3@jOIn{AH8~v-APDX~KhkI& zbcmfBR8K*chct7Jxi0&l6mf9+YNmVkG5I5nAQBH)e`MoS6#6m z#(5mBCY4)~BI+ImKQN7pQnSPUvnQ2HCJ!gD3j5$!I#=5$odyuI&tzZ+N%~;gxy>7Z z(-;+m)$%S8`Cr980Hy?H$Di({&*QY`D*9sfP;OS7NIZbVl&~(4`GNI_hpy_99a_TL zDhc{I9|Xk*zK~HJoA*L%+a%s7d#z+^Ay09hjYPKwCC(aLiJtGiC-eH6^HX$7xw`q% zu^L*pOe9t4q#rS<`lbwAPT~{+IIC8b`|H18Eb12B!dSspv(9?PI?Q$|yhp|1Pmf^v zh@Rv=;cB5(jXQv*nqPdOduAp#kXDo@D32f>NUu|C+y<+^pY`)xBCUAd$O85^D~sv4 zDDu*VS{lInvU*}HT4H&dh*V5yU+Dl+Dfi(|S$YDA#>ed-=E|HmZ_?ihn?9X_m1*5x zUk(j)w<$pj)PAnFwxau*Nzr2yuc@+q{-#rDeR`!a_n4tY@7ErhEu5vIH>PfgX#KJJ zp?^I%t|GMFR+4@}R>0ms|zM5M{uohQHIBi+0YEWIS!OFL8&?EL+ zyC!F8bGqCQtGwFB$WHzOB~i;4qi$~UnB)xFsYLQXtlB|S@LBwJ^0HjDkQBTMFuc2X zCGMk=!B)fF@Ntb{NX$W_=J+h~V0P)am7J6S7M*b_iR~WIM+a6ObeWWCo`tJ9tj1#xMW892EHn zZvtuS@;HOIVE|O`j3HdqjckjGN1lk5!^^TKq>GB6$E2?ybD5~#*z%2%-HV^=;nXWf z^dwc>i1;AvV$sSGDM2swa^GK%K~IDNBf!Gj8^a-^Y#(pZx8;Lb8ct`Y9 zC>RoT18=fnUgwxOinr{?r&GH!J8#kwm=C^Jg&UOGp4eQVLig!`vOc$_p0|?2C;K54l2ySYGDvWQP3V0mLvSoi8 zNcwOsK~SUdXDUp_TUISd?+xZJX~B$XalE$%&e~#U@hkU~NIagtTL2G7+w!pv@1M`# znAHrG!{bv0hpwY=Br^TX_V!>6d=jPk{n6VVH!h)rB?+US=eJlCU7B8N1ILdfg7dIj zPjSS{A+!{FA6}9_YXs_t-jbr>I6*KV-IE)^G|~0d2wx#lasf_&;)0dKPQo z#$%A|zZ8UH44G_+WS4yOpXNOh>Q9ck5`_H6>wrLpg&<|%KB-4Dk4v_~e`j#!O1~)w zSP~Vb@60~`oRZEmkI^#ynuysqzKG7O8$BPh#g0RzqiSh z{c{{9SVh5rkrMakkB+PgVedry#b2GbD^+bFoa| zWkI-CHb;{@PHrVG5R6B{o^tsYzKK$HRio59^Uq6aZqSc=nEVS`9>Op*ZP#+oO1Kch zA2y`nG)F_=?x)o^ChtwGf`T?A*xx0H#1x-IJO{jleGd^PSy-&uZYCMksS)ChQJ<)5 zlz=SNVE7w@WthO=F(01;q@v1+-wpSeuX3iCd?NTZL7>t&LR;cVaP-9{gaJ!Uiw)IQ z+?1`@Q=^jkBBubnPh5HoPq+7HxVH-g=O&ViuHS_YjFWO)nWI8MWd~!&b~tnV$TcpK ztp+)AwaBGUxd36lgO}z0uNB~lFO(Z0`LzQ_Pee@R-pT@k+rJO!><}g{e5O9Y10`K~bMSO6 zSr@6lMdH*2yxfo4LseD*F)B(Jpv;t{)&|i{zj*HExu?fr8e7K=te0fZ!;3+I$&3}s z-;b0Y+xYU;*LwYcW<*DvzQ8ot8-E!&Q@;8S0Eg0s_~0KkaMtbdf^^MW==;M?o%m*cpOAG#k|J=V*%k-92rFn6rN%eX9;LULZZ`&Itk8pygC zA0+hgN~NA}6?~tDYJ+f~eMk(sVbN|?6c{^2zg{Z)xsgO2S8MlanW`{I=QWFHm@Cfg z;gRGI=u}kAZ2E82x#xk0-hr^+U@ll?E*bwo5G5 z&=$705gtX|k!{@E#J;4LCSM?avv&2V;n!?KyY^)We*-GQRk4Kzg8(qhF*MjIB&$z3 z7;FgOj1f*(W8MMjhs}K~w3iORWA~mw79M>vW{0Qe4?zkD4KTMXp&=u`_zl`Bld`Pd z3Xd(H^Rya)KdjEnCa$hm)fr6BH-3}c!DuD+Ehcs+RH^o>nYIRO#x%j2y>y?9D`eh? zq{qTEI3zSFb^BbIP(V^rF~!Fomr|IOs1tY$WW?HL!3#-Cv%7RVG)=DWgt5U+bvPo74fPBG!G<20lMUE`Xh zWv0CR2wiCKU>9HuGL1hlGl+nnyEw7Izac#kZZ9Zts>(C;-Oj zo@p2D=Ga`0o#|w_*0_(7(6A>$dk!{zL|v-;E8MQQF{cc?&J#c|+8vE)QTEg2KFp0U z&&Fx*%L+pBswNaoY|rg4g-adR8Gdi_TdVIjxwUHj`+T?cia!<-I3eKp%ia_$mw_i; zO*HauK-JrVoNatn^iIsVS`#b|lI|}6bpw$0?NmxsL_OcD$o*+cO#HxAi``jBp_C zj6K`fHOl@Q9^aJH5OOAZ(WBVoBi{(sp*s=kl^{I6)Dy@+y1ZMTP`} zBrNu-A2{^UZq)ar}A zhpSEg2}m}OOE&+zi5bDIyKzvVf(u(zpiXCPcifmH&&YJKUewFoM}NKKCHpZrCkIHW z9+T66i7!Eg1k`P`{LJv=_`Gd8QSN8+i6d4GR~9e#5{CHdJf=!m$7!p@&5A!(d<>AV z%oI*MuUmgVWEFifd_l^s*{BDTn*ZEWdPi2l4ZVg8kZ$ROxh0yP*cD^%#wGP_p9a-a zzq4DAv!pnerTgfiNrCIDAJbm{r?l_tcAgeC3;-)AgRDmux+{D+kfDNM{kw2XR_3j? zErTzx=9ph#&oLIk`9O%ZzwruvIH7m;CF-*?AEtwDyYQzt4cj*CwdtAD(o|u*d9?Z; zD*QdziU*Xpaq6BG+<)LFbxf~74}565$Se8QN_Knb&@Xrp_R7+!h5z^EbU-SRk}e1s zFqmW)A*ouTU4g5q3IN8|>wFJre&xM~FcNPyKq{Qsdoz%w^MFjHb{dE2FP@iKlpq<+ zA{?;44o+6(b;+W{YYH@{gaoq`aAzx@l8n%No*S@^Wj>Z5F)yd@ddU5wUqRCkMxpU;H;X~6j&&W&c?haaHUzg?U`G%DW zs(_|{7#k6j>7f+4Nc@OD1ZEZ&E`{wlWm%x@7e5f%4iyosaF%>{`+fMr8|*`6JrOpu`(+nz`LVz&p$$^( zSIc7%ls7rF7GPy#0xHZ9_n;Vuh7h#TP5Vf`D<^tT|JSNA5wVPenrJVn$HWgdJy)UD ztj814Bm0sqo}3Fpc)At$9>g`H#qJ?5w4M3>h+Ecqd>%WAq*#j_Ub?#7lKot}R9a8y zjG;*CTYVw>%YEcQvLy+03MiI8rw@|-Wdt*UOFUNBNC)Q8GiL9!yA3k|;8N?uQw_)a zZxkFa7x}Zb#)v|xrFm|aCVuO!t573us{O0|50#VXxsT!OD^CydF*X(62Re>3uRCYY z#M4Dvi~q1I%45A0j}yGVZHyXc{uJztu6{+^vJOSDf)WMvF(b?hZmw*Rpu|Q6eZ-+< z|5~QbuetN#)2iLWBi};+A-S)2s$~wa-Wjc%r^!Btu=aGt2`nmF*B~U2$)DR9)ege=toAALumw zKO1(Z*n@NVZ<0qGRhPk-+p`FO)?wY>%iEf8nI`KgvX67yYFMr}xh@ODJ>Yr;LoV|F zOUX$Gj&)Gl*z3~pa;ICKeR*^Qb&U_yIjcmD_DV<*mmt> zyvG{c0D8Smv&y^#w1;t~WoB)h{UcQuZSQ2IC2qAkH|OZA{gniR+O_+QBuL6kyg2AI z1Tr5rpuvfZKaHw&dg9IluB+s~@fsS~B7YaBPp0L>5KBu+1$-158`fu~c8dN~{cT~o zL3&F(8~;=OBbUNJtHF+zgwwUnz3vsFOXaT(AN~pLZwM)T%lc9gBE67HKWKHUk2B`u zRhJ+GVP1QR%J=u~ys=p6)lT>rBdlyYeL8K=WL$wKW?tf)EbEX>mEeWk`MYZ&L>3m5 zyQ0jlxPcV|y6yGi3z-Z}lUZlR4t$4Kj#1XNGglDYd|+F-!o1C}KrwuxzJeS@R~WAj z(zx8T?lsY)zeyHRzuibDbtKjG;7g08RNsdqa3OaqY7W+wHB^;<3~}~4qmjQN$D)1; zrI{u5?}U`Pw#IZ4_P*9#gIfGV=roG@KcruefxGdvMk?_}iU-26kNvxMVKj?WIGy4( zT?35xBHb7f&N?-A$I76+sDw`~yfBXs38v+hH!x6$J!=nBPk-Q8vlIG>tW3G>M!X~c zBI3chz!7Y^T~`Qypq;KS>3ZK2!0NYjDMcpiN#U%6iq`d0cz9|#|GQ)c<5DSz-zkYU z(Y7g>*J|O`&P4KVKMq(pHmjd+xM|(~UrTxFvZ%x8j502Ylcl5boy*FqS$Gah-*W`q zM|Y0r9qAiskC-{w#a~2)&fAph%JM)tW4a$zXJWtk|b>{Xt)PDWz?MNPw*>@C;`RS9`aK3R?)5G z#s{Ghz=rR|K`pR{GI841rEZW!=*hxJJMBozF(~v$DL11;e#Rw2JzwTvOit+EqqY)F z|Anf)<7&ZB-?IRbNswnw?kA=%QuE-HQz;&`VOYF{*YdTv>jmmQ)}OpPY^rndFMBPl zxwE1*h(OPGvH&n-P+t$yh3gQZdg{gx=O5}l`yl?*bcq`q@B1AeA!#5wsJuy>noX4N z*Q{|pFlU09h$^{Co3l|JT`1w6r#Iq1 zGW@ESGb+4^9|Yp^-XWO|PnOgjiDlr2>a>rG(lHMeKK8k_yI4QR>zud0OY&9GcfD26 z1(`rU0M;qH&Pvs-X~~x)i3JSa{&RF!^c=?xB32ypdVeol^Z5Kf;&h1QsLy-G6N&Ha zG{ULkqIbnFP+t(|4zvM(TIT9`9m^UHY6W#N$kPzl%i1UU#+*4|z)P6^!UJ?MxcSwe z?h*}r67S3)jWh5f7Q01Pu>mg85;Wy#LMnnd8uC>ssska`S+%0@`5)ju#}^zyr}%9)vfiaEc6c1BP`8 zZWIQ!^EZ<0bbta$$3GJlX<5tN=|>@kD=de{R^pkxD*%6QL8V0la6 zik8vFjw%GT_OhaTE7@6mYFU4KS+*&5F4q>k+PrYtN%t&GSg(hQABObRJJt5$NDm5! zpMRn4Fjff$rOibcyi9aj_6+?2d=|%oC{2sdj7i}IdRNr;*_fv~yNyn#*GrOxn*|uA zApgZgN9=&;0xe+=-QK>QK7Flkd#yY`NTX3$xZa~K;9Io;>fm5XftEg zmwJ|PM&1*@BkX1E(MvF9-{ZPEI~74Q{!1^yKXQkFy{=orp^f&5yKkRG*X!Qao99KB zLDEO2ST2J05pdDb>=LHE_w1lTzFpr>j;tyW(j%B};7c)T?<6_5p~7kI^tx)lJYeb_ zaS;xw;DFz|gqpl~rE|P+R5#TGw4n{&j%oeQ)Hj8dy|``)H~MZ07$97*5_L4QEe%(P zuNDJGxWRc7*;;DJud6?2i}d@5_VSR7k-2@P^p9$n<6T~$^_e^G zkKHH($rk`NybHe$wVbw4y{*01iD@rive=_N8a(ynq+VRWrR#e)KP&q&VjuUF)QbX zFs8)UUz>6u02$SfG3GLz&G(8R{@R0Y^%ymQb~@HTwa3E0yHV}A#s@M$?usb=;)%)u;;HKK=lw(HV!A6KAqRwiZ*7ZL-q ztGcX>gHbPo9s67S&23B%)zC>@jFSDkVpojlLLY&Gvc3E-8L@mHxa6MaM%Tk9v>Wjb zwexTR;y&ko+LsEaQ(-;RTJe%Et2~&<6wo1PUR_Hds=gMmEM#E^OH8`+)jI)zZY(ug`{ z^_3*-k2>IP9Ou*QFlv!s2A6$TuSMuCfwyZbXDv`4CUL{F&d(8Td-|^r0|*xhMrJi2 zGe%&@sY+F50|h4dDChCz-r8@0lQ~zX6OfWBkhC3Y|IOz-Jp~n6ttn4jm!ztp%Eu+( z@ll&ceRAwTQqx=gh#51(-DTW2h;U!g2R}~favH7>XCZG#BD z82j2O-$TFgnf-iRdB_7Q}5Gvu#6eeg{~%6V7xv0`he$Anz#mDNGP0esteV|HuucEE<-Qp!@_UrIcy>#rz>qqiGQFfP`` zI2ekk0;|w#5xu5}qbqy(;p)+q363R)??mADy^=C}#w$g2xXR4ErIWw0u%7BW31I7b ze!FPW=-JD5<$7doi!0TEj`agEy|1eRvAh?^g}7ZCOub)4twO0J;P&kGn0PO{lz)6i zSS{mZGO5Wk0qSr2=A3=7@YUeCCkccZOD&kI@A3AB+S-j+Q5lXUonOMCgO=Y{Y7t(I zJ+#CgPj3-QLQA`WYY|zZ4ZLa)&eR8V#1BdS;gmHL)nzD0{{0eWuSemynhDob+qJ;s z49~9ArZ)&A(vjB8tY+#ROi{}HVa)sO)=mjls$>3LFM*8xj>5AO8%CGKCngJONjC_X z*dJp{TXN_`+1w0A_#gR(i$x;Ktag!6m#-Zk6}t(k3csG|&DSe^e!f@w?%^R)#^EZy z{sAQqqq)i780_f376ZQ+*eVbU!ORW%tj7U+uSh(JUBBf5;N%E$gtdwH%BANliOktx z=-U_Qy^mr8(;OB-qHe9)pzI}O!+iy1U6KWPz0MK`(NQG+K(+3Rj|zxbjjALF)XLA@g`Zb zo(rvW!UI3TItUA=1wXybf_|0f(cPT^+-br!=us`2G8&)Vi`rizZti~sN@Vx9H=;99 z%r#;b`BV1PHW66!=%X8~zD>a&r*+wO^ZHHkCb7R~=puQdwItT>S9$`qPQ=n?npT`X zuO@u4Q}8uZVtTTfQ2OfmOZ{3cd3xQuu$}J@ zzgpl(?_M-HZaCghxfe)a6|IbWcw%^|96t2PnMR?PAk+XpBDwTRxcZpoUka?|metP@ z3aWbj@|T?74P50)`403}Do59uH+!M?r7#Fa+ z1~u;XGd$PzZhrEHh5Hsks)?dGpqqJJ2$n!CbsF+Lds+azZNi@Je>{483o2GTHvkpz z!(rDWPP6gCrSE2!H+_G2K0Ps!nx#YwEYuMOvmXr7vkwyX%$tQIs3H4eLp9=fop7_v z0ay0x=yWFt^YLEle3;}9EK0js*mgj;BD$QF>E@!6$ZN|B8-qr=n9(3D?%8G=$(lbW zZ5(i+^><`3EUWw)WWzF*Yj=13fhoDDJ&7mO*v37#_jMnym~lZzDT-Pj!+lh#I5beC z_$p)(mD-Di&yBYacS~~RozR;s)42vpp})nb^?-_Yo0jj`eDRBpPr^*S$02T|>;*6> z!CRfMe8)P(IgQ{j!ys(Znqc#6GP35YvLyc)nY-@^K|LhsVMgk|yXBTc?OslMSJS(< zz74zsKpl=!18-OY0c_h&OP}v^fy8*GrrW^o+O$k>SL%5c;uz*n#|YH`J*^%4SVlug zQv1fq%R~UjexTr__MWi=y(9I%bmV~sZRc4V_wSM#o9L#FYvW+dp3K$Oe|D>~pQXu= zv%ilVhZ1w~>Xr{~hCF++A-w*XWRdRBmy%MN+fXy@Dxr>__xyM8Txr7dIqw$LET~M16cNL;L7yNHTCg@e*Fe{g|Y&P@iBEQs_ZHwZA$xX&wS>e3+i8l z!b_9v@Q|%ztNNMwYK|I})dgTXGoM;oE&t*cot4jsXWYMLIpkf1?s+TWG|HsZTjn`` z1?RK<+JpSIB3v{tJ(tS87)*7zsnf&|2x8^1F z%Uc9Yj@AWd*u7A@X>m6p^IMPyGUrWSy)KHiJeMC}c<1r{wgW4D5!OGqXaWg1xsrOY zv}7>yGy|cJ4r4F{GB1xd#MMl(I4R`U9lVJwqJnK?K)J-JG>aBU%T>ynmr~4Cv18-K z#BVK5;I(#P6S)URpryZ;hMr|H0Y2>v&dQ(XWy;0iD_9v+@jqr7$X4lYw z#}nlQ?9S7tn`wuUV=O zhI2aj9d`#dvyWY#+8`BgG~B&6k?6=d_F*axhQDyD%>ei&7TX7BJ&9-~Km`Vev}fGs ze;gFp7KS^aFJRj0aRH=HeREE1nf#X7-9s!_zbnjEp|f*`pDLznSi^;GS_x#Hfogwi z*@}R-OqD%<>MU*s-kd9)7qg)$ql6rWl|^igu=|{}e7Z6F8OA37N!v$M`f0$FJdYgS z8>*t3CeNw9*;TRheONg;3bZG5rpZ|FGapa?Gv9nk%-q%zLoVuL=J8a+lElWECC-OP zJLH*lEWZ6CAw|>FuXbg2vJvzrlKuR)<4z>bo-T3bQMjbu_X@TNay!@l$V-D}8OLf@ z1Mo?r8uDhMqZZWbDUE5%2R66&<>uFSfs2p?X}c%2$ocC`*cH=Ud7m{o2QF>%Bd;%qlbMYIQDJ?$p$)Tw?n-k(OnFvcvEvJUsKBzA z>FXb%n&O&4kEL|P6i+jYUNGY?lCGLOeM)|>yw^tgfQXjAAsJFvKubDjrDy}5<<`*_ zS2}XR2+?%* z`P0Nxdknp>x0w5gS4t5eS@_4lDihj4U|WKDELfk(I~}*UjBP``RwzvIyAK|IvfPUbeKaXEV89S(`=HN&j$y39x&-G2EA>Wofsf4J%t z4vf?ts7`ZKv+AnNLIWJx6o><1j%rgxNMGJ467tZwW$t=lco$du`u z0+!hEb4YCO#rHvPQt>PYk6JCPUQ|%StGZVX83U44f=jIx6lr9e*-?z6mt=iYnx3CU z^|=yq#RF!LHr@3FDme?E8&X+iuYV1?I`l}Kp)^kkCt_o}QsR07Q(oodT>tgL70R%J zJbWEBu6H-Nw{0!cb2uQaA&mn1yBmx%);li%oy?gqSO3Mz>*%+o9Tfz#Tgz8v%V$5F z0OO0p(@rLCI`8Qod

LkO>Dkk&dqV z9d-TQi`f5BPGxjBZ%C`(9^plqpRAiPn*G}k!dnY>H0Z~9INNW zOjnrr&o6VNYfL;3ux|~}1gjy7dP*~n;I9!|C7b*~3;j|u(0ZmpR_m;|M($llG zA7KEv5LKhBFOzi>W!{siW}kj_fu>jxA+7&dTS|H6hNBj~JaYb9@LGfW-*U#CC2K$_ zt}w+o=AY=LP{)xta(H*dxU~pWdy_BV>rpi5AZc<;7caBhkp1I4gCA~i^g$>*0})Jr zUdJf?2FE|@_VnAn{L&9kJhq;Lit4NxJa=_Axf|C7%*`5J@;h27L_vy9R0`~epgqsV8VHr+{C(>Lxq`bg%+kjWQiMxk<3_r~r4BrFft7o4MYhntuRBhQR2V<1Ri$ zugZr39gyt-8E?PVJUFwX?Gd4U?`A;flpN~eRmUaq7oW%IQ*{^L#P|;1CYqL8vjW1= z^vCA5qd0#Q{OpwnYeUSPx>=6bc>A^+H7>XQ0P}dd>%`$Esz9D|@M%s}2)tC=!xKH0w{Cg(z>pE50alkl5W8RLz zqBCEq8!0{xs61O(5F3{*pNkj${nK(+aLqgjx5-}meR&|}@mO!gkeiD`ut|gVj6K+$ zYB}9L=bET&Q3qE#NVgXVl@L2YVOh5L(gW1_D9mp>!Ns^N%&nG4043Hf2}!X_Zfa7( zd_%7zGRjTmRiA(t$Dhl84c6^dW&hYQ`fSXcs-Lj7?D0{ZSZgaC+fRR&+y8LJtM$0R;nCk3ZVKP31za+xd@aNf^J=rn#eW)U!O z#&KkOF%>q^J`(&eu`BayA%gY02csZt(coXjvEyP`eMgq1C-W^e=Q+&J*J`1n&{D^Ppfa6JZgnH%*j1 z#y&i-PiWGUVzl)&>e;`riC6kX9qDX$o>5cC0qioVI@<3!+Sa)*J#hg&peJy;B43NY zJ1WmK0%yDx_E(Qe5f3oThbp#wF89BLMM;2x5XxrP#=g)#1I?OdxpMpo6Q_tmB;LH} zs_#JUhtj)RDbmtsKRGb;x`w8?DlgfSjP#{5cvCOLL1m0_FGqx}s`v;4^g$r>%k45( z88!iYknE~PPDJE1Ydm4Lk|(+BV8p2gk^*{CI-LkZoA>nRp*g6}nfLb_V+jQm!>h@! zQ3K*K1BAUPR*R~R_pOA>Tcs|qu~AEWkX5`I_4jQeczw7@MS}&yjEmclS6_yGYXs>f zl(Ma(g68L#V9gY(pAPUd*UWD)F?mpSVYyp7cNH-AqZXOlM)NV+x0Z25mwOv1a=?1o z;`h7W2>+F*(F^91CZD2k#+%d6~ z^XRz62K>o#Efr%CWyl+|Mc?#@DW80x_Gf&EibQhl|_7`jR+L#hi|I*j(1(D~5JPtaql=8TKSN zcKfy0q}XT9+hQ6Dd+)GJ-d6*89B+p^HlxUc+tNO>1pR~UU}XK^Gep=T#gFD8A`Q^T z>s8!q=C3FS7;17{bYY9zyBPsPzOO~Rda9y7Pe^r`hT(}27F?~?7;r6I| zCLCwAe;%3yQ>swV-)w^4UwNDHI*1f=rZ$;`^4t*Orr&yVEMPu3nX+}Ce-h%n4zpv?51D$@{-Ybv;J}Eo<`w(CUw*&de2u-7;Dx$Dy?5_Fzh40* z+=+Shv0v3}yTE7jLRmp)R-`f)#vH^k~Wvh9}w0^pU`HLdP~1 zrnb4PJvn!45Xlb8lL|+$a^>``d^{_5fWTW@6WwD}jy9q?W$v%E$giGRb9qgW@%&cX zyEU%3c)$`h^nt6sJf_lQ2*E+oa@pm&P;`>RE?pJl91KLq7d8YEx5=#7n1&873Z{#5taI827_nzA8|y(Qbnc$SWK%?5fpa z#M(pH-QUtRQ3;DVX?JU}rDp9T++cZupAqF>2nY?&seh34HroL=D^#FfB>J4gnudQ& z!}%Ar<9ooKTAevCZmlsnc0kAEZE0XV8*5%JcF@C>qgwL=#qyXiMPIBcv?j|VW|FOV zbz>~nh;Pne7wAqn1_%87^*v`QA(h;J^1lqPL!&8c+u+6F_Z{2URD@Us{Le-VSL#=@ z{)6y3y3=y_%dIzP(#%kep+t8nEf<>Vh)#=Xfdg$!GfbkgiL z5J9}dbXKvq+^|&zB^9c$AZ>!QpOLnC z7YBG!awmGIX$S(BMYMYB(L$1U+@*}*vH!b-cy26g%S}LtH>Wkv)pXd43^OW`HsbIN z#hS;ag``2F-KGR0WA+!Tg6QDcdHyaOgtwXQD1A-kk$4CtfJKD3ZM7$eKS6k`f~AMW z%}F~5PEhn6f7ZE8B+H4oF@N-ktmoU^CIbsP9256t9@FQ*d*_Mr#@6y*mRH+k=&XX% zFWky2#~3)CP+rl8tV5gf8S56(hN!&>-Osdo03&MgX^>TtR-0IT-E|slD?pI?KlQ`) zZ9=aJbV61ei-Oj*&1vJTYc=uL@v=q$0HWm&uEcSzp@=X$i8$%cngZHS7!ya8`Zh?U zcydhDs^La;E#D&Qcp|I#(!~B$$6(j+Kk$KM-sh4_1i{YU9*d=Ryl=0-NDO#Z;eUfZ z9K#6HNm~q;Kt~zZ2H;s(-6kP1$?Y$C3HoWUgm zbPNCi5*LbW#Mz5zb&P-mNDR&7*%VANnFO|(?&<0`-H22?U79cqw zLc#VXr>gmNMJygR%GhpP{mUZejFIzA0R8aMFu649SzHA~^J~E&psw8MwmTg9^QbTJ zVQ{J_>t8@^-k_~O=UQUqJXXb~FHg)v4LG28)rvYBw<_$5fHF>QUYhvVJlS^_K0`aT zQa2tD0soMvf$TD@+`H+3~4!Gnl$7-7bIAY8M95{2B4^~zQ(<95s6Uj z>5X^GKVOVXM%(ow9`$cNn_^$Em`iF*dX7H9GJ2aloQh!;7LnoVz6JUO7_*^dTO+jP zahW&|^Wgt{c*V?jvzC^G;DxO6EtL#}>oJBsCy8rb(+}-2_E^=B)2hwCpY2+&U+QLs z-hVwKe|GMkM|b($_*Hb|f0z@TxUzqlljVB~&6<0FIg)P?GMQP?0iuxo5w;x35VXHBRR4F=!7(D;xmB*6sT#N%n)~C1ZdWNz z86^+-*_2$O@vUWUaSyCe%afv_wOV7b_4{l+PS#`bQ|gv5CQ$wI(L#z_mT37R+CHnd zoN|xwM0txp5(d!hM%|oSEu1@d6sacFxS@447)N$%P_P5xmIw9`el`~}#2b~moNL)q zyz!&fyCfq3p?|`+xJw31pr3@`x!{fLp#);KH+E08(dEyrq$7UhnMC~u^cepiN7o$> z_5a7e63R@nSCWiE$R1Y-l|p1?9Le6qnRiC^&dSctJbUNty~*b6%^6uYf1iH;`RDUE zcc1roy`HbW}YvFUn)wz8gOQh%E6JIkB3F}GTDdsXevq8`JxDM@H1WH)2P_1DN zPs9YcyB-WUxU$)FuoVPW3R6XUo*S7Y-pt75NlELYEm&W~o2LX8IQ%hy~WQ!Bu}k%son+BVSzHzUZXFhtwLq zfxCYf9Ie&h8L#40d7|Xp)~>9Sc2I|n0IiV~H`0%!td2shoQb294v4OR6VTB}t+(VC zXhW3~ko6$1ICd0cu``kbfvvh8vmd$Tc!=D?6q?v}Y>8u@^idqNu1a~T4yE}!le*pU zMbr8m$eb~$AomUcWiQ?3y33^IC3(2|D!a*sfFdjr1KBJ6M1jpNosNyi4k;R(k9{#` z(YBHQ%szhkwy7FslMv+mI%w%##&g%0Aj7s41>Q@U!|UF?`XLlE_Gz)|z|Jn5lz`%F z%Cq+9W4_s6ca&N*T-39Jt+}@2_(Hfif1;;8{2zYoPIpOIT`FubSm9bx@!s>>^8ui} zBhG2%;I165fhfbGNkGJ%A_50tNZ_6;{^-59v4Z;R_1rR3K zTfXYgUr&Ew{Hk8hoHQ0Y9#Tuw+t}E3WL03aC%tVUz0q~VgrDB4v{?jO;hpqK!86Gs zl+w?S7=~LtvrY#b*Ri(`dRjbNOV-H48xS!_i|e!XrGdWi$nNEmZ#F6j>pr%9m6oWc zm<)M@Gsh1Qr#i?BpUd!O{s{~(NV}~0pUA;YEPMs3Ke9527XqYUyLj8d?;Ax->{TDv$@nCX~za%o0(BK$4N2ke-^@hd{OwG`c!xGsEyTdp<(wA z<9|c1ZxDnrWlwHY`7TN_0{c?-!HWgVkv@ubWi6hVK#bz}(se7k3w}ve5z(K5yVxD( zqwCf3XMO{;0)HI&YEybjPclCwqbzKRF!p-$hiqn?_3wiaGI0dSF*4c-Lz)@;3ZrxF zV^*%A60d9GUC@&i7MEEk*Z<&gZ9rq4eCzURsu3NkcAGP&?3%M{bjAHu`^Ml_RAQe& zGC&~kop7*Vi|Ee!cDZ+Sia2UkwJX6QI8PDfk~$GojfS_ckoG%gk`Dgn%c*}x)Y=H; z7kGuOPdq1{hn8Oq4!{dV4{-Ev9?gNNQ45(70GFJ-N$qOF?JHuHvMBaCf4{U)_++7g zP&$_mJ(OAw0&-eiqZ`&W>rq?sAq~c-w%E@{-P}V~7tEfF0(ePmCoCyHlIn6~540}< zej6CoSTndrbdY?i+pxGKWvTxmaNVdP+ko!NtDai>qd4z%bY+B1V6xj&0RQT(~;D zwONiGNEfwqcglE*Xy#x;nOAjva<_Gnq`3Gvmk24Z?1`Z{t$!+EG_BqL2OL|}Mz}~C zyX`ZZwur#<@IUCKz!Cl4JTFPA*H8xp`n6?_UApJ=q0JkfbuT&m0km0myAbIZFR*{T zkqONI^xpSXcmmmTo)AxWCj>!6f@5}u#=ZcL?ANWI%y|iBYq-ho?`#0G|PXk>gRo<60 z9ewoVM3oTU;X(w4A+xdex~1&Lmbbfocw#JUgC8elsxr-mD(C>IC64UX=1C)8hIT+i zy{_|dpoEDXZRPJX<6tW2X5JOjiQ1mgLq*by-oDX@EpPyt!auhr(re~PNQkGvL+CgU z?e!CMg0zZZ_ zHo<)%@7e&%@V#1w)*-0vzyV~6Mnm?N&l}Z^-8jow-t^}U??JZm+k!V8Ik(c9KCoS7 z(3I!V`>UpLu@FYsktd_#AkYcmk)^R+?4XzZDE!=#}sWdNzs8aLy&_SodxY*@^RD~oLMK}N-d{nk4Ub5=Pp3l%nHGF z+j5kIl(*GM_s5ZVp#d9`a=k1|3J}hSthWS>x`GzHm?C{#eBG>J!0%6BmhlubXD2EPnBh+S$LGY-9p_@*kx4Al>KEV ze!~lY$f#(n^44M5S~@b7$PvMGSo#e++;G*MP;;@#7zmTke>xMu61=12+PxnqDwVB? z{tGIF@}0>OWu<;UL?S*Xc{2h@O%tZ}gf-WLyQFf`{37^*4@FBaGH*Hgc;(&Qf6fbN z1b8@C?*4!;F-Ka1(?jI8BpWNX+#;>q5q#J7fQ6CHtJi1?$|oN`d1ssdi+T{~fiOa_ zHc<^Q093T<_#lQ*){_o?Ci_j7#l9VUS2dN-bQzs|7=v~~{lXrex+0QLU~`MghOcjv z5GleJr#2)))M&PI4B}I*?32FU!0kgebYPteLp8;|p;kE{NEn?#c^kl#5v0cm&=1Ho zf-xGf)-3_Ko*niO&$#`&WT5tIzFpHpyLnj*-rKLR_FfxFthrRL{=5nCEo{IW1lUOY*g}F^bHJ`ZDQ_GweV(F;*Kw{{%lO7*@&JFy*kS2) zROFhmqVCJ(6Ya^k+H#*dg_6*G)m4|AH|_OD>WufoQK~;nAhjh5^4Y;@S*;7X7&`ck zt@ShCiZ{<@{YL*EiO-I{Y(P#mBv6bSFd=U*mz%P6d5`IE?UC!P0=}QUXdYbLav-*3#C;DWZw)nXT_JDG*IqO+k zdut(eT#S|M9^$q_YVM90B;~yhdYB52OqjG=sD0)n=9P&xBWCcIu?MQQa!j*HL)Q#NGmr|ACV<{YJ$^m@S_>WuwJslywBpV_hkMC~w#FawGfpR2AfQGXA>{q4zicDUZ_# zDReu=`%K1`c$$}rWzNyZhDSlW!o;fNRPyEi@{xZlW7@Mxi?Y9k#+i^dcftK*=VDq` zb;j!w{!z0}2S_ecfWME|HMpL$>E}!kfG`lZJOC!0G?LUb zRrN#opFy_Un(3Sg&yEqk8@*Kw5eE#0RP)m_a!jxZe6hxfUDr_e`m_ywKNfabY;546mvg=VimqqJS?wSpSK75rZ@-MG?nq59~yQKHT z@QXnrVw$YB(zm_O7;;}lPaqhXO=gu`ES`Ga^){A;_y4dZZfg-eF!LYM9XJyy0*&%! z|1Kb&a~k{O7(g(>L_j-xM))ow;OQIN_hMe#OSHo1*SvT}wx)3{fi8;u$9ayCw@V^& zmbCRi-Cb|a z-*Bv?U&HedP;}q3-(%z(Q3csHK~Vv6gCD~{27h;DFR2vJ_c-){P)x$`#ra_+zB!4* zx7(2k@yh}+4D~VC&RNDQ4=(|?U$$<#*^~f<))wDCmY!RkTJfR6urS`x`LCD-&`(+~ zP(@3>y3xP$_TO=lbvRO)du{+3ab#wJA3FGlwW^aI9(^i9CQ6%ddb2ZmjdXqo!JtRO zE^AaZp8E-i=*vL!Np*@aCd%J@h_d|ppjWa#=aQ|ExTg>8$PzUBraDbPBAr-FoTXAV0s~<;VvmL9x<+SLc=Rc>_r&j z{ypko9ht8DnFnAD@+dezzVw`u@ffTRxCJs3qe2tcmIzXo%8n@cph-3#Y}?tyvU;|d zrC)O!4K?8H8w`NTRztiyY~5nDOBdvx+%`1>SP_p##}bZ$8x9|P54qATKP(WRxyJxc z&u}lJZ|!??OjxrI?>}`rF}SaCR*(e@(yMBWXenF#r?Pl!_3eY>E)yL#Mi&+&PV6~j zqcn{v!EfXM^RIKc=QG|N&zl~nmU1ezv;92$1v^o>si<%8@8u42Hj&P~xM?4q(h1ls z!M8fHL`RSGdaXqS(dEEk|1&=m@44CT{QKn}A+AZV!4Tbh{*@Yli&bdAu8`*J)2PX= zE3Et`yqhL(>`v>O>XGK4j;oecSU!m>BmpeW!>`4Jc3X?s<*7db*)?tF?jom*P}GIM>=QSuD^rH6qN%~_mFwk9{5C9_7155f881Uv3pjO$r4OP*5e;iHg#@#9&G+wm>}ezwGmCRs_(@2&OD zST#d~e#qWEIoX0T*k@2k2OC&_N0N>-xEic6>X+DUE)E6qUMvVM*ZI}0peDzu{zhv& zo0Ry-KrySvdyLT3n%rfMM*S{Tnv_2cQ8RmKtQH(&3d^Fr>Kd`1Laab`W+B5G0rmTG zKWIGnD9P4!?~R_d#|dGqwm<#CKgDG};vH`-k;S#Dt_aE32NBwXMs0{gcAKmWT1QUk ztj(iP@7dscG)oidzOC}~hqqSOu+;brBPm&d-#L?xk7emR8eMboCE8j&%MNGQ=iILV z`J#>rubpcv+UsG_wonhb&%3SITCIm9?E7tC`lAOsE`_d(mO@_bZ8ED)p7R1?nW1Pw z;ESvZf}X|K4qb%qXHbu&3P#E|P+fn^x#I=SEgJyu{B~FIA60?dq?$_3_YBwMLkwur z;Wq`?w`ZIQYwzSNFRG?G94J`SD`I4`t7B>H+h^B26csDK9C?!E)0~Dkyhu z{|k!s#bNJMJ@=yL!JhvS9O-=;7%#S-wo*o_w%s#rf%YN0b;}B2De_(YYCuVSp^X}_ z<&Gr+=JkLtnXU3yr^vqwaEjc zFp-q~1R$6?$?*R_p)IB+q>4sd4meWh;2pXbN%VQFWBWf1?KcASZy1SBe4GtgFU zoW%YwcY}vL(0ihp~(P&EZaR>@~#xV|BVR>}0|8-D4gE4=ERx2|}; z-*o)C&ZLZ+rSSgj@gpdI?-e4HF_Wtt7oEAR-g)VDmmur)ws*j5q>vb+gu5Qi+?w>| z1l`6+KDp`#_0mcMT|ui?)BLs+b)7cmaGPH2U)mUQ(nj-#2m#F`>dgO;PEajJS5B9)_ouG7*$X45+L)`Do*54s zB7!P%My^rt%HP6`>LeS$u6Lq7ZC6@#in0bscCY}Y_Zrp?p+{dFv!``Dm?3+OQLv$~ zd1yIBmj@(iIA(qGUr9}OllIoBA^{Bnm#=r$CGz;iV!Q~0M9z>-MBD31=k3c`egCn$rKBV>s18gT?S5S<gm)KW zX4rDxQ?}4odYnD3TBalMd$EfKY)WC6g14g#tEtZX6k$VK=ohUyZK zR#I7V^T3l)Ebnp_Wj6@)khoXJ_sTTyl$G$I`KwabH}Uq}qk9`7#*QPj2kd~{g?8OE zB`BjMsStQn1ge>=5|J`E(5!KSup#p>+uymwwgpc+pt?!begTW?f(l_Nd6&#r0DlP? zX8lbQu7S)Y-SM2oACmfs*eN46UglvM$QP1|I+2mZ1E%M)k?4*_F-LuLmt`G z(5KKB5H^5djer&3!J9$lf-$PL59%bq2k2kzxc-JeAqbLo`8MW+9osG z2%5_WCaHv0*Et3uBs&L=aa8%11nE_x`Y9p6bzO2aSPDL-bB(F#7H;);Ewv&FEE&y9 zvclNwYb6zV|LGj#4C;7GUJ;0n{?+O5GyW+K1wco*mo2J~D*w6Cv`A8nRXzJjGlKd{ zkmybK+ig#d_r(C_^iO|UJ?9yJByfluGKyvN5;)#_3fkJz%>+U2n5u%)0t}lHq65?1 z&@R`RY`er<_)D|&9PZ0%8xBeI?PngcV`+tss09x3k45S>KO?=~sG=n0H2Z6WbyTr+ zy$`ERd`X+*Bf$?@@zl{gE7EDT%RNkQ{f;nwhQ~sA)l@0IBP~TeyGlmXwKAi0r!(D$ zYcl&wj>~6@@j#+DkJ=>hk9|Vdr;g zlJ7P=&^aiG{~aTi7t-2cz}{y_BfO;a+i=g$m1Bh|$wrg_(kECJ(%q*lv@^V#bFk5C{#@{+=?xK}+bR z^d1S^qXAho>=&5@7d zv~r_4@9R!>$q*arBs;DY>4@}k9l7gvyb!W~hG~xU-N;CgO;(a>ZW;F2#zI+rSD5^e zDd5l0S1YiSzr)hiSKXJF;E~o8DEA5sjLgdMMfeKaxMj|CfxcLRdFkt^xE``J9kQQi z4O23g@cf-vb-XA+3!i(`hD@ha?gYU1 ze3~gXii}O%k_&GdSw@~?8Mz&o^O5?R@?U8)i~Su<1}gLccumkKhccz`lQG>7cj}He zXAC##)~&~8D9&Oqvo;EA-sRsOz4!e*8*h&0Y~3E%>fK_z?kyp77puyRIIX3erGd7d zxQsNw+&;FU(#^Z!s;1A*$nPdTxT1?mAF8IrMlZhDzP28;7NRU^5Lgv z>l}-EHPz&&F*C+Z{8Cv{pQa^9w`lrPvOYxbgg0-OKgUG?r&cz!{AH?rnxWA=0~V2( zo^-6=ySko8f7g&_T5s5DdQxtN{B=(EVt&br?-KczZbkvf&Z-2wbRqkt+<^VcZG|)r z$D*3N>Dtn^k)DV~1;lqBa8i&bLvOfYFa9ivC_tzddG7SwCH=~XF~@rR)r+ZBIp;}* zGp*d&WFfd!pU63n^x%WCBuuG76&J3k>wH&7fA+r8dtdqt#`%BGP{QFjJ(J*k64)#2 zKV}9tZwtVCXb#u6{MUCkx<9a_RdKD5f=>0K>Z zL?wZEXJTl@T6%~!H!3K#Z})YT*l>hC$U>%5FCqd7myl^{H98NP5eY0!09;|)`t&c| zO@95LYkO|OVU1nVn5G+D;Fz#yBXx!#1q|T7qj; z_x+QR=go`x_eLBYhp!f>uxN%-x3bOjeJCWqKK*apvJS$@yG~ejQVp>UWjc>hl$^|C zDSl=A@B#PiYH*@OB)|wsAkbgh+CxR#_xFH0e7)C;BG~83lj5yv5oJj$WGJwBKqm$F zT*BlVn-?4RWFq9hYgl)^s2A>+hV?b$b{k=9kkzJjc&}5YH&Y>q?3(da<3=LfcY`A9 zSHFt_18hG6A4Gq|823P&8Rkt1WB4=}Vvt8Qg6B4#3_b&x3!pu?|tz1j_gu{8yt-45;Isy15a{vL#u`p8ptM>h6oW!^GxEhjpSS zEHqrOg0OsbD!pY=Eb2Oz@WeR-dZFGz`!htd)}#tE%z^QO_|Mx3ej$h&u!JHdLt6E| z2)brjV;_t(hWFZbp&w#dZs}%6Kdk|;3It)bQDJMg{xknI)-LXAp(V~bawPOyWBTfr zM=Dp+(6dvQ`%OhlZnndzM@R^eXn}NTPeZMp?vtC_USDz4yv!Fg^aV?A+4c1hL z;dQra#!IFgH@`+Q+XWC3VeR1WR0M;#lES(BQ)73}%ttAkS^H%Us#OD@K0vxmofMR_ zxIjOEY^_-3ti74cP*oHSb&-GWyvgx==~}u}<-87NgQH>j0qwO1=o6)>JJ zGx>#WsU$s|78yjQ@g3}GlIvhjpn#Bf8|60C30pT>bEN2fJ1;M8H}fYW(Dh=1a}784 zV5Ij|#8#Jx6~1ycF30(?Dthc#M*NEHPkyuin+A?cYkiYb?FWgHW#9l=30X_;Li!Lr za|8u*b$&8e4u>`%-2k5;*Vef#MMQ>%l!kXX}pN#e-89=k)PDXV9XDaUDz{PCs0hrqPNK z^#YWr5BmT?6mT&b-BU67>lc;Dex-Fu64ALF#k^V7@YTJCaNN#-UE2$wxoJxJJKxVJ zav{n{M8Dn(F^gC}-iJBo@FmNQ0F=0Hep7FQIe)Uwd|d~@jSF)cf+KSzYLepEis$zA z_qIA4#5t?1(g`=;V;#;xqlXpduD4ozFPuj#uS<#Y)<#)JUtj1Tc;I5^{jmYp=b@Yn zea4jhd+^4~Yx^FAt4Of><*=rOyK3o!^h!uecg(gxgqxbO;*#qFVgR#4T!w^LUnb4v zL!PhHCpweG5{W8&7Hbv}`%TleSj~z3Q&{=py}P(K-IZ$98jK{L8Fen#n)2qx%*zwY z=8O}hm1CE1l_hRg&+i`8ng2%agX&UyZ3D&4;RBgc6T#*sAJRAI3hknTpw&Lk0RSQxRtk9O<$(O7(I1i= zxH;N+0n%ji&_54c*I!gL-5RA~%>=Z7`dlH{oV$yrf1Sho-(>;t zS7P>K-UR2WmPy!jDLUb>{;mEmh~&RHf^{|1r}rhK+}DbCDPQ1{T1L@~`?o)pGOcE< z%C$ky!~*U%H$A<6-aPz($fJfGO9Kui^nM5_X9TF!wTBK_!I#lj9<^`oL)@o9(G07F zMn^oo^7l-l`FQCQ|42^qaN(gD4;CaFBQToV-CLAsRPUSDu9qm>LM(9xWId*dBm~8i z!#I#Ldix@Au}A*|5iwlhWI*1^GR^2iPfn}ByuIn%Op?0w>eui@V)pkropZ3T`&&L$ zA=j5tr9wNXiY2@KL!pn4)D+VTs-h_r&g`&=D#yjxXbZag$v?ReJb;b$uj=F|g)^t? z_EoxBooiSWqla|dNh-#A-9sGq3+7ic7?wWmyx<6%^N2#+M1ED!Qf?g16W+UN-c6uh z8h=KRntq8SjfCi69s4<(SIz$R8I1xo{1L|2n=UEsEqcVX&V_7%h+uSY$*8e&4rof@ zUiB0u_3PMFtaxPAw*141ADH_43R&wNu#3dBJ8G|$$e7KqkUWy6F|KZ$Z#E<`FR3JU zm@&G+9igUXg4Aogh*nEzCj+hR2rwx|&xWTa)oNtk@6`SPFz_799Jq z#}ObDgPDE~d)Mz`2RyAxLd5dqH9#%Y^-ip&NuKp=Ixs$C*szN!!>!_l>9c`ULD*Dp|W(!-PFIDWs~yI4<=J8{0^p@Q$G;Yj(f3=5bhU4f1G<*C9r zrus?79bmH2rtJhFeY|o!nIPNj7_j;pFhTjh;L{rt@i=dPbuLabf|^5CBAl1Q*ZxND z@sNm*D`sqf49fm7e2)$@^hfWrX`KBoh+<#JBkI)`!L27;&`MzulM{t^k64zN4|Eyo zd{60bHxFwmu{7fob}zz?k`B-Dms*czfJSu11ykaiT^@HIwuD)z`D1h^aACb0`Uh(8 z?0cD!edz;x(v6GFSD3Q>nj?Iw>ACw-0SZ92<|DE&az08-Me2{HM$wWBw=3=f%M2Ah zt~eh$HgiU9XQbAqeyX}fo&24xb3v^!e!f9+R8DTn1>t!i0HhyIUIndwRlDqVD7E!( ze#!-9>loG9z>>n=JjyDm$X3r9#;sOoAHBgN0kg?p$?2isTbAct;@kB!KTlh@!lryI z7jm@DyknXNErw8yTbu-K>(~qIZTu8tAzC(GpxI%!Wx-s$iE2CT4}Pz z=|vd)3Wj!h2z_cy{{&528=cUr?>DTP;wW8|-2-VMoHDTo-0MXPsX1g-;3x!DtD8aG zhHK{j&~GuUI(Z5vbHnNpU_3+r!y=SEE^>&(HgIo$_kcD9|f4tP4m_Z&u;FW~2H5C5LmQQi@L z#j#YMcwZr1>Sa#5#<_KQF2%8^f#hhL+V-ZOw zW1n+C8yRPv&_A%c=1Ll){k?9o=zE@}z}oV?!2l;dUw{5_^ibe5|EzY_ajQ^%)~o;? z=rIp$nPSO=qjxEujfrvK7d|q_AAl!Z60MNeUp7k<fw@_#sy@8jKnasS>R}36Yf=Mz2rYR7+L;-0gC=N50aGUTfp( z6W5TTyEfpWPgMV$d>@-_rywO9Zkoe)UNTp8d8kwmclUc_Us$_QRYLxf2h?zJ$9KV% zG_RyTqjf?Fho@Jkpr^|p!e4rs7@o2cWNnux;9(g_a|{;-KKsh+C1~xB)MvW@MNm|z zI*W-+dZec;kR_4%3VeOzRONGeK_I`DjjB}I-a&Md<00ZHCY6=)|4Ob8&P#;^ zF=h98`E2iNT|Lr8HD%oIHonM`j9#5jN=$1uIr#+Y3bgDd^!V< zpo%vQLVpdE55JZ1gUjZ^bGTm~0ZwMir6OGNDRTXPhuG})>k&Cms+&kWZUW^7VUS^U zNiz;ssh_C7o=!`6UMK$fU;K@*!A%|KA9Xs`k-Y%3tfl0U-pHo{b<_sFtPipCb}vYB zM7(*3(3_t44vSh0Y2Dn4zMM0oGysYnTq8|=)scLR>jz$fem`pRXVb4%u4?-^C`z%F z0`lJmbEx*d1ePzW`F)AA%Tf(=kSM~iQt|wKMQoTMXW8LFa8wzxf0=#C#|(CZ-Hpu9k3%{ zozS7eey>-6U$nE2cQBk_RAYVcEIx^Mgm1K971j-9;H};bCez3kNMyarbqORKAd|TE zLe19+!|(x3&Ofv}Fsp5=eZ&(*$ojp22q79Q{2K;eMad5^_a8rDo&3BDZd7k6s&LaY zC_#!!>BN)?9zGQsnJdlO#Jv3wkwLFBb&-u|sCKkpG;2k(v~7zDjX^R87nmPup?MvrV3@ja zS1?EQH%Q$k9#<8f^$gNF%)E#2{g}N_s67jx==!a21q+&SS)>cs-DEkI8KXBtS*}VZRCS2IU5HTp zA{0A_qkNWuuo@#5_NgodpB;4Bf)eX#C6+77D0Jn@-|^=^<+yJ0Yx`3B7tgxfRh`)E z8S#6l*G;AyT!8X;!L2mx7j(G+i!a(>>suihNvk4URD5zHH7DI|z8?;{3ZLhQmaWA9ELAcX<}Cgzwc=hKDO^9kb^o7K zJXH(APTYAt^1Q)dHQk>N8dlbtd$;2?9ruj=8ccnhGd#-df$1n|Btxm+vj^V36dV`A z!&VdZ?KFX#;GRM&NPP_a)w^doWe3O>;nYm!dpxh6p4@K`exC4P?nq{Xp7QqbqGCwzgA987J~z6wy4AY3I9nEVU{* z##ui6Hw4UVlN7chO&ZG_8Rt%AV75{xHudrhTh|D4U7kKzhz!l!sr|>8jc@vd-+W={ zd(b!63jAmY=&p0R*_nGqIj*)=ds|fY)JMfoV1^1CU#&1cqW5bm=C@zlFyrM$Gt|zP z)VQlbH?OoNldGZ2&pM^dxG;D0mXxpXwlOXVg7CTFOaK~&;C0vpB=ZvpTw3V`sAF2I zX+15eT5S4&=9cqW`5dTweWNGbedxNV4P;2Y5*;;{Y?M{lb;dYP@jbV)tm$Fw{&dUO zg$x$|)wPf#oosp(J@T&GNA-Jlh#_Jz6@&n(;<3SR6~2>r9a*X3E>)EI&M^y0UCct= zgjVjIrFjoh^t+s`$bF-7O4*+lAXf=8nt9(>)8Wm4nm26g*v+6=Q2FzjFtCj>9(UG$ ztV{Q9a^`SozNBUcONIzxik)F?AW!K7u#dJ>GTh}<`#HT6RC_vu(IM1M?iC!(hohDn z(~-n>afFTe7nTC~ zn4shswn@%y&Hd09Ngh2h&1z380#~(++rTdT_H(iHzxXJ!vE#9C=m zG~vkW4CecICVmUlN@um5;AEmMNK1lpn}nl`;tKgRB_K|hDq~si+3EtYZoI>9oMsP` zfIi+|=m!@PzgKsB!b0q)TklpHC;=`%u0cG_dD9hE?e3WhLT&Hy(%9C2qT^q<5B>7 zGz1|K#ocUTi8uy@CO=59{YdO#`Mj+czFG>kxkC)IILh#Nxai>FFf z749LO-`0ejm0*iHbk~9(P1I8;3t^0F4*DFu-_1N-!p=r}1}?=oQH(K&2#psf9w3=( zzn7q2zsqP+{+fF@o+_^h9#lrK_~hxb0mwdmi3Xjp6b#<;D6Z5u1E9OUDT>V#j3{1YlFY2RP1Iqdb1T=2-awy!L?XCsIR4wDtZNV6Q?21{tX_+Ux>) zIQy1baT}r3X@%unoZ})*8)#ANZJ$heNMS;Pv?XE>2H^7}_QMm}(%zTeWR(wJTQ0s3 zWEJkTS16|%J*6ZfL>yRJFYu_j_Kog6q7j$)mn~ct8bU!H zoOo&&kk5tpTNTJFB4$jl70WZ+9e8r}KLQQ-oRp=&anAFxcY||0pQKM{8kbfMTB3)l zQ>uIUNV$2#B}j)^ zi->dC+|zcA(7&EQHCPQ!#K|YbTMr;r%oFwo0*QMd7?1t+=LVxE&<#4db;H5P3S@;n z9i(t^@W`-L4W>v?tip25ZwRvImc6cfh&--1Y|Dy5?FLxRXAKnf$pXcqpinOR^1R3= zOM8EiSl(pc(hH?*#U~kKa@&wo!lU|a|EL(|$c0blWGx-KRcOa7dPql&rf9>zV`L;; z_Is_^12$jfd%R!oMc3Q)kO5UmC*RQ|=s5F%Fl%F`t|)}qS-jq?*Ym^nKK-dpu^elFqr0h>=r)xs1V{Cr)cx||KD>8L z?$b|#b)-|{JD1C=^n*oDl&Cy; z;w+0<6~mxET#Jxp-o8FdQd*Tf)6q-6Rj^aCH2 z4Y~WU<>i^-(R22p`Q~eT7MRu+$%bQ;643@Xpu%qd>fh8xQAw^xuLHGo+LAT-#Y$Bk+16>X|+V56ZpE zi9}m~_7hoaI7Qg?!k~J^sjF??e~VnY&~3-o#>|7S#&(0~CE+a+;<@5X+OqO(;4rgB z2upwtcvpR0rc_T?ke=Hde=$zF%LP6tnp2r_x$Dt9hQ7{4Wval*EQt72UGrC~=GE}D zl_yVwUEXg|@9i^Ru&$S=)c@QwNAlPSHQzXwqM?IXNb~&0i7bG%e`Nq}O4~EV0qbFV zrJQI}(d*Hh{o6;UM+mPPQYcRIIC7dpUgT0YB3K-mtN1lW!IeZHv}OO2pNaHzCxy~= znHb|{t>N*-VE5h6<=zI*l9Lf&F9m1ce&ZHOF?vxbWjwX_(f*^lcD>XEz+_%Eths$9 zD7vFg-y~|Cp<-*ML8iu+)`<69QznhwX zNd7~!ljL^-eW7@PRqkhef!JeVD-AVy8kWY@Y5?}_$M-DV02aU9zLyZ=p~8{T2Ni>> z(Qihy+|n^3-`hKGMSoypY!RH4O=CdtE)$PL0{db;iXpTjo2$R_ z9D$^@5D(r9B{`uGR$k~3al5(ZqfN8bL|=kDz0&QjHN~7~%(cZsi{gi)$Wv{^#Qh8B zG5N?L=ouU;CXWb3kT^XwG!H}chj}k{1hE7;ysNzd81KyuI6FB~@J^K*4%InK5}KcC z^MMycEINRBTy@Rtts}EVTw#rKBth4wTamL`&N_l=xq*Tr+(is-o?IpPx!Xa2Q|lW| z0Hl;!7t1fXzdnbeJ2_igtG)uVxt2N<*ie=qZychJvsu}yZYoV0+omz=KORB9mU5&= z!#7kWvRt3K?xynkwb}#Ye3HW0c!o$)+3CR%(mko1``bPQw{lz&r!%AGof@Mn7|LzR zoSDRzzKuZ6IxDVxay@mMZ5P-km)`YKkQDF zaCS}SI_sr5uRU0!x&|0koPdBW-fLlhO1g1cGy3`qc|>nmqb1`pLWc;=hMcl2mU=zo zuu?6EMJU+xtrpfY>#w745KsXhZA;4L{+Na#L|f-BoJTQ_=$nmGf+o;+{DkIHaXRJp zMJd{oYvxWZ$azhe>v6?-XVrsYc8}0~htSW`ndr zBg;nk>>1tRFSZrSccOJej7Aj&$uGD(K+fNsbuOG6D zAFVF{@nB_*AL~k9EdQq#0#w0eU{|>Ff$$>B9^P1TpHXPJP!`OFdY-fP&)JfKz9xMw zP^P`RwgT;FWO=uWTUJ_Z)Nrq~0=z*}S=x15IeVSSwO~83ZrT1?ao1~jF??HQ7t~w^ zeU6lUt$7P7(3yH$D@(C`=zQ^; z24@LfD+(~9nWX`AfLf2jU=Lg}&p+Bexo3Ow4xhp67#QQ-$9Jwhb_Bf;kwoI}=A5zE zTLX>&rTt>8g%SC2x%@-iQD#y-Oh@LFdj@x=*~V-1JNJPR%aQc~vT*U-_T66s(Ac2F zJ6Zmr?r@8e%q;rQ0VcY2Mw&Io0Pdxwn57a=^uN55w5_IKvr|dd>Ki~W2pG#ge&1+< z!4@enOTkW@qMfTO0VUPrh(YGMFi0yOfMYLgLYS)TPXCLV%gzFh7Q)b@{brVQnFii; z<+A2d6$$-J%(c(MyToZTJH=MHS(r51)Ow)?$0@lnk4r5D%K-;@)2LSqjj-IbL&lqp zW2>%|eIPaGpKuk*H>V-T&l>c@1*o!iw23}FaWPjBtgdQ@s>ba^U%#VsFirRCbF98f z+dBp6R8XXKRw7pk^oY%+*u;6q{C$>FVL#Y!05O+ro?OHP;RImkAh9~0ffyj6aRtAB zx!RVe2F>tUwM();hEKZYUYA$Tmn{CIz3?F-pzi9j+3_m;pfV)KXcLIfTZN)5GTNuB zaD$b|5QyJd%%-W0(4oTIYP5m*-j~|gc_#HtmP3i_Vb&SIEjVqZ>wC6PgRtf18L{3f zFmu4ALT`3%H1infGg|mEIFB+i_6YhIID}nDc^_UHJU1BRY!d2{iqKGxf&0}cm7&)B zK+V5TDCA0IiZVUQ)+V;oaRYdzyeTQSCNHrWWob7KsKFW&+7Towl2!gR;h_$h3me4= zLJArG9zU$)UL|-Q0;{^i3uV26At2?F$V4ASC4+k@Hbe^Kin=zNruEqc`b6rA&hOs3 z8fiInl0C$_Li?^K8X#W@FJ0+lMvlJ*MQ}_u$%mO~5Kuxb(2e1<0s3VK-v!pQ*~yiI z0spJ^hL!&3b;0M#?dLk3ueekuV+{wtpn?v;_Xw(KY_xu6X>KdIq5||?ixhxO;)f(@ zvnb2$$Tzn=FfZ{)s)Nnrm)f6wNjaolDcj(zx%zWR;fh|Jl*bNYF!cok z1n2dc9crLNetI?rtsm&`5#OiG9$6|^EE$7Gh_AwBMo+>Lqt@qg7b2?-BSa%3a1+q_|j%_U(+;&IMu%E z*7r-(W3g)Rzih+rBd#ZTME&rS_p^*ZI!i8oR~l>QVr6t6C5ly6>cr$urzW^FJ^qnV zcKiI$25g;q7l>J^aaIgxqu-SV)efPnHi*{y(XG z{Q@_6rf$~FS5{R9kU}>JDne2Xc4TK8X=y`pgKQ$_KLQk>Vn}C+BoGT=n z2KrQRvK^X?H5-R#y0O~@-wAnwQF!Jw*KMZW)tW4bPiQySaG#2Cga4{r2uaFoTxZ>0 zovqVt{%YqCeWP);f?|-Gkka#l-v4+6g4!;J8LWGZp4cNj>`iLU6q#!SK?7=S{L3Hy z7N=~~-xH)v;0dI4Vg0UF)r3Skx%`i#s}5`GefwWUL`hLPMM_#kx>N*|6p${Z8v$YT zkVZ;Cx&`U(9^D}lgAt>9j2a9!w)gzrKjB;#ob$weKhJ%Cg0wp~%;C&#i*zc(h#S!S zz&o&PHP-mB*6ex3eocOGpwtz%8kuc=KvdvUQ(@L$EoRG|KJ z?Igb)OHw}p{Fku~&KRU;CEd6O;5IY8vST>r$kl!<;~0IDSxpKq{Y`@oYdc?y;GsN& zTBrrQCsAk;|Mz9GdS?p4`=_J4U|0_JKRt0r&yDs`@kdd7FXh~0MZrnJ_U(Rh&YCAj z)IerXYxDhFCwEwMH`nMH7EpP07sV-Rk(R za&9nS9`mI|FV}pnnd}yHQkx=nW@_i7b<9K~FZfGq)V0&{75Yc4XYyDNI&=QB68M1c zq4E3aveIXoWS)H5mWSu4%lsMb2w*+DFF=6axh%Z5yo)V2W& z+7|2s>!Rxn^5D0h2a^;L@uT1`#FuTOPA#RA_Z_J=oVx*V{T0eAtM24zOweNK3q+to zW!!+u_yc9&?8C>`7+jUe66n6e#V;%D9EI%Dso+Hq%zcf=Krn^|(7|{YOUrG;j-}IL z0Uap{(;U5@i1tj$0YX46=TP#jgFQhw4B}=&63YrXGW`;otBvUR^NSzG0B$^95~&zA z9+{Xnvr`ShL;1f+4|Sin^a#ZT&UJh|OksjMv?In=_iTS$?L53)N94}EAFNCDY6`=% zB@;erV;n+`EQlNwq|O}JvRSsN#(5mkSBy;md2t++gdQ>8Fjy6h4fR)fa8l>MuztC3 z{x&@2x;gBU&^i9pIfGzG_+yuDyT@NZfKw~i5Tu?kwnEz_#E1r`N$4W@9`kXakYGr+3IKra#E(-@e@yBW5 zKyoZ?RvNkE)isa6jxwdnvGmvf*Z?d1kylmGiwofT`=x^tWiU2^WwSJy31FmX=n`)z zQui{tU9hcbKrseVkO+3bK|dice2}*ZNtK@b8IE)AQ|Rm?z>f9@o3G9I?myn-{17{v$O?pEDbdHD=+ z6ND{P`h!pUy45B^7-vtWS< zJ*^nKbnP5e=l5e%bGeQ^-3*?clk(~wFVk%e+5PUw_XOX*C3}RDWiQb(1c9(F-EX;~0Ci*pjZ!h?9cgtdkx*=t^lT!7JR zZCLFYBMjJVIsfG3_2%W&mxW^f*|e(iWs#U}1v153-{an_w=`vd_HGF|SoE5+udVRX z6DlsAYQg}H580BWH^(2Z&vY<{PyPH~u|S@7nln<4gAXu4xZbc0+KiS!N(It3p;a$l zMdEZ|&+jL1?sMH4y~Ih(GP(QL#~8GZZqb@C)RreAA~sq|@~Ffac5Jskg@B zFa^&YihaQkmbQ^XvE%bGcl65P0t*8*n(@3-GwkM{9TSGigvCEcl`QO)%FliWqigyz zSRe48Sv4mru908I!g!)1{>LEIWPSin_;Gs9C^F=T zrQqw@K4;u_)B&uH?=LDhJh*jufB`vYa1%M$#n6h4!cl>bgnS+G7 z1e9_9rSLjuy&gn6TV$yMVBhv={^`@^t@8wYYCqaCf6?+vQJ?-tN_^mCz!m3XMU`&_a zm)A$NCz5TFcH_HN`4{K77{9)y!?fAn=8wQ5nj>*)WHe`hUDL`teI9K=OSVit=mhwz zmnh915Aa<|R2{(%vxIH9T_)>^AiK`(8Q9^q8z3AVtEd&58*7B>mFB zU#QKP5+~s@eana8c;@tHm`?SS?M_Ht^Z%okksXPzHM0K*>;P|wY|<{?T}gR~`e5!H zfMp^Ku%JML%qlZ2%_7kMMav5fhO%ygy{}f{L0JJI+?_$~Yyq~DbX*$GsA4$p;M?&I z&K)0iuTPe&@NK!ynA0D7>3%?i!t^fA$+<%^>^$!VdELINl*2Sg0F(z8T%= zs%nI%G@?e$kY}z%0e2(xsqxZ>HF6aVhx_b@P5Xg1=z;^UDc2{JJSzl?hnU-NEz#p_ z+eyGq{f=_=g8tr7YECn;YuoACVeGSX#Liqw7B@VIxq1z+ZW&INM3*ygqloBsK*RO7 zHAh~x%9gyf68NZ70w6y2ur66}mra24;Sp)FU519c9^1*^z7MGVi0PC%(+9P>ZH>T$ zu#kFDY|OND5KZK$>`B*Jse#)Z zwlp1s*4@4e%%j5^$vvG-mnK|wFam*%Iy-Y_!`(xejV+As1W^D z1-!vjYx8_u+D+0SpqQ13_JbI?j{5x<7b@j%rOP1zf#Ym3p=U8@xV*sI#=Df<<*RK8 zpq)mIkW~SeR+9yYT!)@|!%ymXBIYMj`lvN|0x_hJ49mBI10uX{`E|1Saj_^Fb5St< ziX!vF-{{}Br%u6g^A{$8B;S@wJA3ELiT}{gYctDs@pI&`0k^)?#tWtM&#|&-%wW6i zVc0p9Br!0F`F}Q$Jm=a0G>{&-9e|t}$$nEsl)qy1gsLMSc#N;BovqqnAi&pb9ACb& zVsi`*F7Ldd26MS6tvap?ziRkO|Cy!R{U!3bWeROYWaKMBThs!j z6luo>+}b+?!;2TI|NDzO?_`H{4S`>GID!p6p1gs+#x8DTqb)`_bA1SL&`vLvbD?pU z=iIw*5Y6&@5^o{!g_P?|681>H*TJX}W>bIz6du$n`Xp}d>E6qZMjOY)^zm9(pW-KSbWE%mVe zbFqJxb|G?niT0q>Z4cte$u>tn#ReCfq(@`KtgKOlUGg=A&w3a!g!sju!cBhf6ujn< zeNE1n?H3n;4BjVzM(Lrwd}^k%4};u4h6M2G;*7V{$V_*_{GY@F_-2X0rsW=mUvBwR zzOxB55!Mh0lfUxYtp_G`qxBU!3xS>NCw@J9g&KaUqRw8iDBCbXUJhpK%5^j6_g?XT zaOVXq1B=irkdCE@lT7jw(yC$|ig1x{`4qQZ_!bJ-BL1uo=(ze3%H<(Y^LP#jt6Yi1 zhvyu8+@e>xKo1ZH-3V9;PN*w0?$wO^-`!*C9OYBwJq56x1x%OOPdMhSQwr#E04-C3 zbkkz09H%Ndc4Qul%nyHyx>hN9=iqFBwC?wrs9)ia^05@T=Te@dSqrNH_}o7(;g)#6 zeedyX!9Ovp1C!#g0nruHXKd94iFp0a-bEophltz^BJXE>XmI^apVBRe_QF-$^3@0& zXaWGh!CWLA^W|%~?vVi6_SC`#64(K5+ciSSy0pHQ2%N(N!1wnXI*Vwhn65gx59R=3 z@}(LpKIT_x97oUhkXs|1KSLtK9Q4Gopt!Bp{6zk%zLxyWg<8JSJ79c&H>#Nyj&)^T zJ^G&jaB}JqjQi|&_MOf9&q6`3-(o9|(PF8`0XfaK1RgJ}9qMkS`SZ2nqo1D#5|=7- z&VwBjU1O-V;&V2*N0d!8n>YjApH^(M3(qeiM`W-4QHQt#S|CM0aC6m9D}r=N9KKZE zZXB6d+jzaN<{R57NikWq*ZsdCPt zz?ljA{GN7W>;5^TQ;R680Yla6HtYFrKeKeEd&0Cn*&n0(s@|_W1n@F1G);8oq!?Ug z+5vNL+GD`;(Tnegcc;{)D&NDrs)x|=gXX8baQ5=uD!T+h)B9Bf2awxrReinqGb<$= zs+f~F(faAlkzA=Q8@@XGLyw;`W2@(4tnm`vPkhhx-G7ryFiF)#nhIjXX!}I8r;fmU zVCEyutAVD;$)XR5k-sGlL$`LksXOMK>4g?&Y-(!E8}Vmeun1XVk+tDRB!Pf~_A6^c z)wmb=0go&R7R^o}C9m~o%q{ax>94__CZ(l3bYt$aL%jh@`4AMf4y+@f(sBShAfkzN zjYWDIt8SK>h>zxs;~fn~ke&rHt?YOWm<+UXmQBZ~$N?tmH4E`RP1N`D+1hQpbli8Y zf(*X(d3+6Cn%Fv`DHEC7b2fN+%r=0pI~dHReg>)n44vVyflWCh;ti>vPg~o*fDAV? zY>cB%%6glMAlGJZ&f4HFpKTKj;ESZU;-GX3?<*Fj5$;3>&C7|QUl#0x&AA-lrP2Vr zNa^e2epk8NM20Z#C8OKuL%Qd8YjbC3tPtftuXu1EX0uq41(nLi!=d4HH(-0ZBTLC7 zCN(W$6QsAKK7$RKV8UzSxlBxPV&@^(ss?a3%{`Ql<9}c;pyA2+XAA+Fk82SeximmP zVv;}5cPdq~ryWyewt>YPADvZifRX$ybmvTB>kXD)GD5YNirhQGUeX>p*pNvzvE?=_ zr8^d#h0LwJM&;KG+N)EgM>Sm)618mi(AHVYzSBq~xd!8B39M|Oy#dnM`x<{vv7gI- z!Vo;+GUM^PK$)J=d5b64W?zy>^p~IIk}VG9b1$}9!25|a@h*Fyh;c>Q?2mHhAr13$ zda3HBlA6bVm+~IoumLf@S^qwUR?=*znoC0nemG{#+4N;}Znp$n+ve#_8eTDdnIUHP z*0Q!8!9pDJxVW7X)E$LxZkThK0UH_i6Ik7ja>;kTIr%TDddOd%Z>YRb>N<>OZuOGr zx4kvwEo8GW^+P;!PF@%${3g@fEI+PSWlO90Iv(=KgEruGNwoLk$PKpzIr_Q4d_%|W zn`WUTy!}LjpINv(yLKh|fuKCb?J;H!J%K;je0tUEc?T?padXgC+U%^VE=pPzeHP;2w~(L(T5aJHzDs+WwEoLIuP@x1Qrn?3-{0#^;L~O=E?4sSxT8m? zO~+mD%(FE7sPt=d+yIudh5alqYq0=O?0|;dWNP}GoRza;nygoARUWyr#>0o=#%}J! zdz)Ijlpk`*M$}*Nqj{U=u(p9WHrJK>n(~DkU1k${4`?;|31B({U5k3^KBXUs*TE6WNm7-v#k_L<Vl$%G@m#%ie6X7GkK$f#2c{GtE4xc|3iDHpiok*5Z9%hmt=3+YKz4;%~x&mo1e-0 zFR&AIjGI?NJY$ql(O&0lVBVRmQy0xe$mw}rHluR_KHue#VEgKq_s8?v=jkdeZ#&kE zH@@S410wr7bhA+>5&Z;ezISk-Pn;(nN_%_?+TR0Bg7CWSDKK14M$)#EkX`wO-yA4~ zc&xI7Uf(4y^@g#`K;?MEPS3QolQ7+X+dC{!7mSpJo(9goSo|&`G$wrPL*$E?E_6=~ z32t@Olka|B>!yHb@{@dqL0pQIM?U%TBnfsW>VXaVY|H}HzNux~e)&rrj*R*?h)wd< zYu^JL3`6wl%Z>jik?Yx)L#bZk{zq@q(hT zn7gWqfH9=)1F18iW?mZ+)tK+H@N zEiWE-VMQ0o7lnG}CNw$uhm>G?YZ@WRJJm#c)A`EPy;{B@vP!CgzmR!5@LIUug|(u= zK0Aw%Sl1s}ZRkTgslF+WN_wIDCmGIA`G;Cgya8bc_sJz|wFMWjs2JMgZ&58RJu6SI zk{gFyQwr?;`VRC9u@9l^77z!#Kr@G=m~UF$*NWzkkFFjD#rB*s;oS>waB{om1u z0P{OXZkuOA2W=O`YOaQUw``K)s^;9Sh^&d(N;?vK?Uwq1-lv|Xm<)dBsv5pjl&*Za zx>t^=`We^W9qa4^+seoCS}XNR21(bqgH4fO#|*`SqarBUq+i=#e_)+*sm6VRAJ;;f z-Z?!ruay2HRm$16qGK1@8VE9y!l`oDPGyjDBWd2JeG!E%rqhObL^sRDo;S4$#$L+o zA6W7vG5`1f_4W}~F-v2Z(qyq5dt8}Q1*^24!;jQj&)1!Cb!<4ajOx@~eNJt4Xklfz z=3FJ;k`Y$%dS>&7V4uADCw4M+vzsAU-l;;~ z>PoL{{fg!8PN`FWwfww}yZ$^60i87y|y%nJk|;aUmo>AokGE_xy&9$yJxIir@qi z&iusJo&=0OC1azKUI1W zg7pVA>NfAxgEstd5hK3(mFC{DDmF_MpnU)H3NpE&(w+!Yz+;Dv$1xB}IVZ-;em4{7 z@U`Fgm@2Hdkz4Uh7Aa%@HYQ6x$w4j#{OC7->KX{d)tk3YjzwMz)u_u+llnS-&A`oL z?+;qj^SefMJO8yU(1Z&L>4q;Eb@3oRscBgmJ1zK!Pkp@gsBRr17C!R)l`7Ylvr^P> zE4?_+liipZD6m2<@J4u?gWW$uG8!oVatBIn2bUMZ+jK4gie;nPy{z;P4q=wRmudY| zS>^+_UV;9UX0Iryw%)r2bAR9%c)4;Pm$Lh%9*`&%I(Mh+YykPZEs1wdT2W9ZUr2ok z7;hq_{%6DBhk41?mGW0axN)QrV;zG39m<36QYqMkAS!i^5}y|V z0WR%oD^Y0ksLX>+JKv{A6ef*o^a*J5vA-V612V7j)R>>3Tmbh6v96cVdYiw=u`aUS zWePjXAHl<0!;S9`kXLP-fDMO$Pc{@`b(`YbZj)D`t>ILpneN&j~^k;*XjRgcj8>EJ69CW7;;4-ZUTwUlH( zq}#6F0P@&5bM#Qu8&+H54iaj-W5e0c%R!&f97h|J_=>Rgdqz=jPVry+h6y-vJL`7E zmlaD`4hQyME%Mv5HM2e3F}WY13OIP*Y6?h&%rx*P|0C%k$Fn|=HG49vSbu9O`X_6s zyeQcLGsUDxH82cjX^_;tZ@CtGxo$4~n&C~S=gpf@bSgV^p@BnJH}9}f?03OI)DCO+ zIs0tBSF&~#S9*R2mjDr2e13IP<<RU|MeXDSSVPzQX>P}lKz2@ z?dsYd@pK`{a?zSGZTWj?MrgO{T~@slt?#!n=$VHdW5LQodVZ_Fw{^%l5IA3U{}lOc zx!E#(N4Sh$_Qhb$e#$$H;nKC1`A4JozxfNILL9?y!d%O!J9C3_1`eiZJ(t9B$sCQn z1)_2@Ad{AO;OIQQH(i=4i+;BvpZ|Q_yz+$XKr~gk=qFqceZOnxcM}$3EIj`Jq^E@4 zv9+%IyZ820VRnbnDa3hFaVZU--cMwBhvKhL5W7|P zXc4eqAQm8~{H1*tVKvJ-+VzrqL;Jg5;`pqQbZJ0DmK2bnPS^!4GQArtn|>0aQHf*& zo_^MEqHVYy8EYL|UUjc0lVYtL4w(v`q6W}PNE>^R*MpqHk*(0&t1Z0A``gVvg>p0F-xo@+JpbDKw~cbo|w)Z4A66=j(}cn!7<-C z0*AJr(t3<|;80ROcZL;BfQ3GCgg=VYQw~i8=F-cGt{##GU<9FO$eOS7e zVmd--?^xHu#k?7~v=6a+t32PyiZNwGvHrMTkuV#DWZ2%Sw61KB9OO1aGW-7?r*I8? zj{lBNp4m@*QDbLRSC1r_A|z&bxoc(m_wCK>INTwjGDe6W(4CZjjABkdU^&UsUOr#_vcW}3%t-t(w1}^Z52YXV9M*zC1zIuK+b9KK7IZ&+K0|) zYRId&kp)Hd{jqZbxO4h_5}^%VYr=2Ie0mRM}_?`2n}Tkue6tcI`ssR!`6CnM%8sn>La?mVD~@Zp7OuE?f&# z;!***^GQDmlc8rsC)ouUq1D|0W)REN!1Q7B#d#oMeZ{a(s>ozJu=L=&0Sc7SVs8)r zJ#VPoH5IHXEKZm4YQ}xv7a&44k4?Il*$L-b!@vn7joFUna~GZ|_WA%zKhp^fH7qg% z3{B9KVb8o7bsxjD37!}Nj$=BsEeK-euY~<_0EnZFwZqxeNxwgF=zpCf%d$30yB5y@ z-}fo-C$>+*oGLQPR+4m#ri{2?q1D|#WxjXwSt^d5MfJc|< zu12ny-9Oqtcz@v%HDQltdZoO#J5u&zE!3BU61F+e9b~UqKLj_lbd7>N z34a9*aUgdQF-=lFr?IR_GXF)7@?uTP0{%^XeFh$(mTkbYh}`h?pxIgYcq z3os)p=naT{t}1n&RD@xhEH;S*6AVEdj~=WP3AaXHi93hT-qMbqx{h$pBL5q4(`)=o zwk^j|fnHZ(|84$_2v#6CpIf{wt^-P}A3bfrM9BcPcH@Pqv6Hn8Yt*>`R&nW45$ns; zqzR#9p6Ms*2>YMlWF~g~hB#(;829RSg?0l@7pvpX>N>e;zgGUg2EE_elGODakFx15 zD=6r|kiL!fh3586A9#HiZFaCn+(pfE2Ubhvh@`Qmd_J~C@iC9x!VPvKdd+PRQzl?({Q;d>Bmdo)5^8eAZ@#b zUr!lw6ew<^0^fVy<$^pLe5hH{IYn0O_%5zp`=@-F^Wb_L(!hOi!t(c#;oa>Nr8^Hd zF`X18=PA`#PTnE=!j9D@TIcF8T(bygK_lHkXb&;!*zyH7WHmctM~+UGgYqZrvP`5e)&y#%5Y^y^o1O1p=t%%5%!bds-F~-Xzvl2k>%Cf^Dc+(I|RT z{wyX)N(=JmIS%ykAW3TG?l|j4M)W!uunE`c#RH6N^Vz9`UpF7JFKp*DAT$W`U1~E| z!!NMbgJH<#kNLCPJdII?IV`Px=Y3^w9d2|S!yTeO7Pv`@am#{9i_QN@YvRQ{6RQFK z#>WHJ*@rB;`4IX)fjZo^a=+?gwTV1ghUUt%KK}2{-0n2ls_}^tA*I8;kvKYW6IM9u zdQd38rgR(a*FKp$hnW2!10};C&FQ5-FYVks!z05x4b*>}FqaBtyjhgEKTz#=V9Dp+ z-_?50`4kWmrM_K$xSk}T&^!leDasJ`nGJTBZO*JJMw{=xxc`*?e(E^AEWb&_W|FF$ z$XDv)fg1e3%P5Ib)t9~veENL;PiX^N^E0+QGB-Y3unIX4f0XZ1zRh2IA+?v282Im- z=GKfr^R-an5I@~Z>U)Z#wr178#Loak;AjSh$=Xeg=uv1Q`nmhE7{x7_p5&jRd7ZLu zEslh5od!^GHr&0VJL6f2e(x&pmG>(zJGLE@(J!dXJoOJ<)&7pxby>o-|ET&achMIp zc#*SE4FhLS1)u%ZsS($M&d+Us@i1AK_h2qunaz}28a6tRQ(k)wbe^=nTQ4dOgc5e; zyi~m{tcCY_)?g0{G*4}Kj^7nh1kju+BwvGv7QUG?a5hk1sKcWwJB=mo2j6}Zy_a7O zueyAA^V-P)D6lhS-dO7>PMi~CU4z5CQ|y<@no^EZ{n##~F}&eTd4>s@dR#xmVRcVc zHW?6;ElXXZJ{^=pJ6qsrCODnU8_fM(1_n{tw zhlF`BT&B*mH5Gzzk7@GiW-NXG_pnvGD2X%GqFJG#fOnU~*9p+bhP~p-`phBk$WH#u zQt6Te8)wBW@*ywsMakn%7|aE{azu;H)=e9=g0SmV?J*E7JOqZI(nd(QI)mWeChw0L zc6F&WR<)rC(2SE~bD=;9r+2*o0OARPV2tez4hjIe z|ID6(Nj9hpvj5J_fkq?dVb|r?FMykvJYu&aqRN5-)TDcT$IvD80Ryv`&zsXPmg4#6 zdeB4LWDlWn1!i&%_qvsaQ-;6*W4JV5JCEBnNp19;ZW3r!`tW|0{TIkp9X}pszNmA2 zs&Zq>scaxQh;uodV;BFtTLx4Sptv%@i6%a~PGmI;-za@kQnwhC`cEiCR*pG@)X3Zr zeEtNg3^xlU)qxh{-%{TDDO7Mw&%t{lH-J~^Vl@@=QM&zl7L&*EBkKo2YbMZze;IEI zgIi25JVKSfH@Fqrm<5K2&$5Tg{`$MZLJK)NzEA$e)pD~2q=vY}1}XTvp{(DyxjfQXb@ zn-DUEE^UQrU0+A3Qda70JLqOJq zrknEl6y`C5-aO=vM_7K6zM?xlXKfs$B8qm?t?K&;uFp&eXr4=Rm<87hoE+jza#}&s z;nwlncXP^JWCN2fDKBN&v@C+u^Y3arG8a*ZtB50HL$c$VyPUf0Gbg_VnOFNRu>SQJ zYI!P?sU7$PUklWQ6n$c$Ws(zbi{zC0PXOI{fgZ~2tg-K(l4d!3dxb-htq*r+E8_J{ z)xuBRD$*CSCC}S(sRPD_nV|dvrnKL^O5Ft2^*T(4EE2c^0!Q3+j`vt%i7a?nf2#I$tMLw^R7`p^=Lq{8Vrti*E)Lo<#~HJ z1{;0s%E%>Lm%|Rs98xce^kUU388jZjNq*CO8{i2cz%yPVGAxO(;{;+vK2OcS173j-+@bx`<5vV%Xk=}&n)lkho;U5*E~ti*;8gKe7D zx?}ZkgPYNOzo_W06^*BPG9ZPG_W-D0U6ZVm$OsU_z zgPk}xr?S8E<297`+JM8}N-fSRTb5K>hkd_!I)ZIHdGpgy0@O*=sa#5h{fyP|-F)KV ze%5TTZs%*PUJOqaB^niayFxDuaSab>Q{<~_vX*jX6OzppKDQ@P+9{MPob>P!L2i)A z2gFAS)*^)W#51se|ETM|5#;;BKC%|q`BASI?N=Qjb%|I2E!o0isWdLDJ2L9HXS0Lw z0Z&KguUFqyJw75l#|tjiX%;KA&aK-2l2Qo1jXABNJarxWg`9hs!6+ljh9^g4XXb^2 zl{IC>VsC0AjL$ZIT{fFKMc)Vn3;T7XgL?Ao0`I98<$O0h9w)3X-5teL?Ke~s&61Yd z&$9Y<>8~~ldDB`r@t)x~I=8i&Uq6*&!jH&`VQ-MwuuMhfz5&t0)6B#KE^zg|4Jjb3 z3Afcu@zp+R-J?ngZt~m+c>|5_K3+M0V zZ2+)9NTmeBrg)$B*v+ii^DDT504o5@5Zy{=0jE*}%}2KqP94x)oc;~(>)_tr-M4Zo zQ+%YP?h`S&xzM~H*@UzYCH_NDJf9bJ3-e|8?YQWCal$zlgSCY?`c+w8MDAApz^kva zn@8;x`NWvjzOB6DIU_R%o{^%qRI;QA^P9e zI&kqYhNXE$%U1y-k#iFKl{%j3?BPWPh+9H|n z1j0rhpe`{b>Ps^VLDXKyGb-#oC*=MjWN#q!)Ai4>EYA6D?|3U|VZ^xbBN-1>PD9uv zcl&+2-|nOg;L}kFjfZoKB_p8A9LUXtAGDTbi{iP$!NiPEN@YITGRY&w3s2w-`>yWO z$iEl6AKE>c=#au_BvOJVNB2ewP?Q*6XW9tsq){0lBe?G0j8nv!zfX&TrEtJ}-fwrS z=>w@`5#Nzz-^Tg5vR^Pl{0y)rMY0Iiddpa-?7+XX12c*6eG6?6MUJfw^`a&gNR*N= z-%wb$?xn`q*z{W?EEiH?7*Z@j%}C4EE3oFo(v9q|V<>K^W7z&L(&X5pd@S;605sBrSFOGCW}C2d$J#i8k%y5nhg zC3`*j0k7Cvo~AGB-;VD*`$n;RiF{Uy9T8y^orIp6K|N|4nDxZT?Z! zm_I}6H?LQMw;cdsob%b|$qo{=Cn6WwgpvWkid5jf&|6wyF18;3;xa+(7#zwQ19P%J zyD8Dnz!|K8!8Kaie!3k)?l>9YeQH9bE#n+_{h{{ktz>7UN7j}O4Sa@=0z~uuwQ8uf|3?FJ`=t$Li}K`6>-wwtcOhOAheD1 z0z}=bbbSOXxh!U~_uk)hrwg4x(pNbDIM$v0dXOvbkoAe{&TqBre0CD~-=_2r^&2R% zq8U=1cl=sX0r_3zT%{9NpUmoi71o5ft1xRnrNi*oriFC4FLAGrvN9plxICaDP4d^< zzO5*WI`+P>*I!@Y4dW!*t4E4$nHW7qfsmY$GZ;C*66WN7@7sMq?bEakH(Hv0h+&ph+gQoF1xxl)bE-Ay&{4qa6=_Is2XDr`;*PflzVNcpadoM)w ztURO3Q0yOh)`GkUWGXJuxxT)X(ixn{EL*AM8pWz)eSQ3n1RqI!46BN>-fQ=8JZDXf1;zg(*#^Ptr z1>Dqb^|?O!(4gVOfNN#OPQLi9#mmakhmOJHqWlBS$jka&(fK3kw1WO?s)n!xVT^d2JdLo1q3m6Q%2Eh z6flf<&5!6bxK($*oI6n9ZGM#=?4g4n_>rwrt|&WzU^4sjwZ?pu;#ngi`}}gb5V7&d zOnwSQ3xS-IS0NUjtPXdxK*w zw=>=ZqBAJFUT;5DWoiC={gZ?5h4Uw#iov#q>U>HvtyoTl64Y-(QGb3@Ef=ob8T4{azr)U0^$N+864hzz^f zd#XN5e_9l6`T90x$XNVBVDWky^emeVx8VEr>X7FmF2EQ=PSgx;NcOui4+XyvKs*2%SfBRYL&5XS9wKi7e7PtW{ry@j>^UDG z2EU}KSOMd+5cOf|&^(3w4bzci5kKo(y479~I)T`T2&xSDgo<8^O--)kxYA9WDc_59u@ga)N}NqWT0mVBJ$341 z&JAW~Zv4`4lx$sjgaFMvZ(IJ2ydTErzE`XtJD%+DR3sQjx}lDAZk!nfwcTJy&$w0? z4{SS!czouHZhHdq(eSRewi$Jv?CHA4MnR|*wZOFV8^6ktiuR}$f+~e9tKfD=!s)v7 z13GUpV9ab^sb67n9iPX$g;$INs}!OhF($_i%m}dLMLXWdg#25bwD|gr8If2S@=wcc znItyXJP4yiqN4mqs_RQU6Tty%Gff#^Xn<~}iF-l0ei| z9ZKo)CcY!KA z8@~T{{6PreNQzyo1oGLl&9c$#n)4BpMH-ax4lgn8O?%zH6V8>uVF*+MCtCSUrS4z% zjw5B$q_hss)V@?IvBgFYPgc%yT%8=AeF*Fb3TM^_n}>W8qS6?%5|`bgWHH~apq>_4 zbamy|_vU;i-Q2QUa3u9*)?p7y6hBa}p|~>1!p$o~4uDv_Vw1OT#5%3te;Xbvv7~;p>6pmyI_5GC2!01M{2_TpMp%d zTSM*MyGf2Oo(uKYuDaC+`jPz-mC%&_o8L^fN#N3lCpHK5F$jA4eCnB%=_J~E3~){_ zhtu-?j_Vc7x}}xcNv`FlWQNbB#Q-!U_Ymfw0)-fR7{f92b4UtiDx=J`!FW<4aRjlK zZ*QRHSj*4VK)WCxVEZ~v*;6Of1xs_JeS&uZwqIwJQqHX;dk)D$y7VP_LadiHJLV-F zDrjLpby-T$h_yH%)RcUmEgEdV-NRnw|F?v|9T3v?(KM|uDpyTdwW7Be{XFWA;?TQv z4oqtFR0!`ed-yHictE$+Ju<0frW{;EN1sd2)u7@!Ig2DbXbbgx5DyS(!TJ ztIXCP;9SUr4T7}zq<@sFm%LmUklp8>I8}(e8&QliLax}{#h+#eflmsv&ujWynA+nQ zB$;6&vv*^-&;Pj{QLi!GMJu-zXt3y#|uGMNadXx5v zz8aT)>yr!*U{7aHe)-NuTXp?j$3603X_zow*ulDVIo>L}9vnf0w-?aA)5Te^f-kZY>WPn?$FE?H|KzjV%H z<*F8h300Rngc?tjy}3j-;RMLy79mrl^O2kB#eQEKkTK*Hc_R; zZWgQESlRIV58`c4BSy2^_1}8D@*CT93=A*A`y_n{!kg}>$R~QnfF^>q*l-(wuzqo6 zYPmqp zQn!g?n|w9G@YN<@!h{IsM2at$eC!?4le;?(`=tRJr^ZJIV#86%9HH#0d7rC6m(p7i zE9&CH0l(D=T?-yCA*Utf%2g`4MDseg5<;qvS0}*v?0=1A3FBTn9*&}eWLp5!N5ik3 zev^vrn-%xTkQ29B5Jk(NNiCkc(#ODK(5yU*<>BT&yWJJz(AUFTF6xiPqTOo3H@=c+ zb);qbaRmcJKez#a*k75o9JbO9i@3A);o4=cdIzUh!@Z0Dm&Fm^JIOpLkp;Weg3guI z*AoF`6#Xg7Lw$iZu7WB90Zoy2T7e4}6hqj|XLJV{6mnf2Z6RIJc=iL)uxsZbbEYOO zbzDzs64BSN3h>a)-+SEXZd2 znUxR1Qi{a-9Y9t0G-7n_TYYJ9_tqCb#-lp8O2&`?bp! zy9Hp5{{kX-QrGgkN=8JutKG`&!nqGiI)ai&AD1@vt`1OW9n%?JZneZ@SD5(Bd;^S; z>7`+{gsxJ8{LCYBHMuYL;*%xri3T?vhF;3EuiOo{U(0&*h#G9>IU8f&XlSZx5)s_R(#8MNO?hG(qW+|&KIYry&;;$4O2 z`ac+!!0HOoQNfikPVWI2)7FtTJs>0{)Mq>kMS`>*8${ zttxF5wW*?ZQG2zv+SJ~=M$FnHRYmQ+SJmD-w%B`b38IA9dk1-+|NG4cdBk(iJ@?#m zeuIg}`VKhixxUP=6Q*TwJ2+p2UxmBtRO58NGF#a3oa=)0j#0c_W&CxX!V01dx;l5P z`@N~yE+qOLQ|-NzG{dWegeEC0yws4&4QQ-F*YIhFt5 zp9X<=#}saMe_%WLx^R^B8p#I-u1oyb`trVy1V+tAiwI}!{)VJ1@~?$tBuU19Fv|dV z7JP2L(&GAQn{sL5Jjdj-N7gF$A__1q$Kwhu=m$zv!gC9_0C_$oGWusB*yMg!biF{7 z>n;IITy{~&rZA%PI9lS~xcV!lcGiJ%>2^9&bf)ELSJka>N6%dk{#q;9y~h|-GNNdw zU&t7^k7zCg^=P@D2@OgY@VK_xf{#!Z#p-uuB4<1qbi9Heo5NOdlNaY{ws>d6wQ6IQ zRyP}B|8{mh=Zw;G2#5{3{$9Zg7Pmi zM#b3nCF*{bte{C?OerZ}z6jOb72fhsy~QN{b4>Wd;vYUnwq%#w(JjYSd=6XL!!^*p z;Fk%bRMX7DlMr}dp~s0Rm1J;6WcXTu^s`;Nvn|XkC&ux?8pZQ1@TSFSV`IB0%?8)r zH`W-T{rgUWfCjc_dp0MdVt`=AQ~9BPVGunPlZH#KS_yqj?LIaADwPvI^61e9s3oWoH)jaO7H$3V;-;Ss8D_Pu!!K649o9$qYR>j1?8lutbFJBl_ zN`j&(^{L#;oy;Vke}GHI~@A78Zr>>G|lp)od11p zz_Z@p@Gi~XvAv-#%mZvBo<)bm66=5OX>M;F{pQ=qj)Z=1ZL}s!5vWh}$>;tm=g}co zzgg|-bW+Cv|9U3`K4JBEMnu*Yqo@tEL!a}2`p)~DcaNT<(U}|hruz+}h!cIR(ex3U zmhrGh>mcy08QRup<9a{S&JnaPSyJ5#WU~?cr7{rrOAD|x(5fvAVhozuQPeg z833^&OnQ*H{kk+m-yJC@CeUC~y2=RGG$--PDwL!B_RQy(7A{eA?8vD643V;c!*Ul_ zk@$L$V&$W&{Zv+lXQHsTG%$Ua_QEnfrHF@MRgtPw^Y2z}&2zQZb&U(0C&hCIAWb}% zxKZ+X-MBpl0m%W})@ierXLBoiUyD(@+}^ZVZTd`-qJ?PIPgR!s6NjR+3WuQ1`C8CN({(V>WT?q^X+GETFIOoMne%Qb4$_Z7cB zr{d_G^qxEvN2WI@cJsp5xJ}8@vou@yZ3jMv+VSl)**k1~P)Q9IaSIefHMoWiDa>xBN#K%F_#x-4Q2KFP?cg)WgmYZBg zD{QEwUhTd#jUNfPDwIC%i1X;#kZ<>Dv))*m$-0PhOv`c^yOWK&q%QnB>ZD+NcRJE7 zc9j)BG4JheFM2cwY#PMLsD6R-UIUtk@p@Cc;IsZrE_jIFF%{?9j0B10KgcgxVB>8z zE%+nc$hSdOWMeEuv9^{SiEz-!I2d(ilDyRSO+$~mLM01ws8_cE%{Jh(1ulM?{+|DR zG_+*or1knh#bJis7UT=DNe_H_ z_6tb720nHzGYoUU+;22}*A~6D*`^<8{30K4yxwF7eyXFTags|P6^srmG%Q$bBn`6$ z5B~RZ?j=X-nRHLS6M!wHbQ;@jqmMWRLv$MytjIX0l%qp(%VO!rpz1uXqLvk$8;Fo! z@g||H!L((Q~KH!c9L+Ew99#ruIHSogOH zuHoBb5%9tUL)1S0z-VjFQx#^dkjLrC@>;r?g%l{htHZ=w8Y8?R;V@i2_+;lDSYu+) z%|tZ9BQjd#x`1OvcLcZf%hCq7?&&v%*2h0qx#!DJl0?^BoLJB)q;bT6FtS<4ELt`g znHdNXI3&1wwyk3LV<5}J zxhNrBauJ&gyK;SoRpSHEt5>Q4fn;~E4W%3D(|l*=uIzWcz! zQES#y67_kyYGFwDrm?SogtN|bc`~riw@81tzM!z@WDI3BI{g;)$y-(A=na|bKn;OI ziPF!jHipz&R-JrvTEa`gzm!}`3jJ6O9?v6g4mjjYBOaJSg~tl$rY7~1TNXIKsULT^ zW+l9deyJeOc033Km`zgdl8@kxr>Ia$;B5rVTo(j5?tOhWxRI#7# zzjYg6m!088Ve!GNZr5kGQ(eBUBppmsU(u;xV1Nw^I9dVPma}_k?8JNoFx=!n&uY zvBivJ6w{5_*z8W*+hT@zu>H7;-&2P+cwcX7<&3XA#kqV|gKvyG$MF8eQFUh6Xn|sS zCwSaEhsUV;WsmIXCTE>x2@ZIVXv3YkP>uRdx{mn`bz^0Fc|vZ81F5~>WjQKv3-WN# zs;F@5Y~-N?mF#gxVWlV@yn0NsrYVUr-5jC%sBOF@bN5Wxz2}TG43{yJtLD=hOgr%X zmca|68sMK$gp@Ohe;!XjyAPw7bkewXIM5sKo>q5gT&hKXLl0Dp-Qny5zcyH5X+9^B zPh31TU*FVxy7HL1(eC3)z)BVqS#>tBSHPuvx{PX^p9I!!lKrAk0EXda*>AzXaMft< z)Gq*DFED;(#eT^lK?$SQfOg*anQwdsfg{JOt_WNXu9ILjKjVkZpG3&qU=7LPVEh3>QQyVE8At@*=jaHH|)qX5TCHKJ1 zcjv$NNM@GtfoU(H?^x>43H^mk?Z_h(Dzk3yRUytnkhjJW|&J1{t^(p5z1wZ>fVZVwPl#}fZoST|#00Nl4 zj}c~?hVXg+x%*sVx+nLZ-*uPefq^V^`nbqi;Nl@jp((L;-9d1ZO|A5OYsKXf1LLX$ zkogHLg_q+YdDeqTW$JkF9g<&uJi_t^vjRISj{XsszwS)i!Q>d|&XHnWddz)U{E4JZ z-IVjhm_EmFoRrbu6~7xxJ*HKG=h9ov20?8mVyia!Qo`rvXJ&z)vgS4-TJ_hC-LP!< zK8~MjihS6ASX1h8Y0g!!U8ElO2Bh>UUa@Z?w8Ckm$sO)v?=S>jSH$v3@mo}XmDv1y zEnuI*agnsolW7lj5`dee_p|n_UJ!QlnsBMQa^M$5)F7C)sG`g5y*a)L)mZc~BcvSM zKs@Z$;+c6WkdC^W)fzkC%KAg4cIm>pyS+3|)RBHPQaapYm3UH(5ut+!mURbtONC6d zrjKpZvR~*NcT_BY1Vh@`R91m}Hnr3X zUbvv7?+CSSsiLN8lLqIk1)#X(jD|10=*wBDudZ#c)4jxq*hUiRsg=J(s1 z^gvX9L4^jE@jq z-fuRHqFu`zy~{XVDA+c<%MUNA+nMGYTIcw0&HZ+>cUvyb^Er!`F#R`=R6;)nVCvgv zP^{aRnsf@<0tpZk{RB3)Z+4zTjqRI{z2tvdQ&x*5Uh(L9SeQ-hSXX@zjHOANlfTu? zzjd++HXT~yMJQ+Hy_!0FM}`f<8Q7J#qjO5;2ft!JEb)8@a$v!Tv7DX3xUDXk1I#Bp z{|0PGh&mFo=I4;V#QO15#dqajs`cxBquno5h05o@?~CqdNeFxl*l9Kpsj1lB0gxVX zTAtb^((XCN4AoBf3>iM*lIUIJNf*~F?(_4agz+6V@rhbtZI0lKAyFC8MNevaa?$F< zfw~e&%czG>@fyl6iomBadxpx=cUXB9bx#ylpw)Jq(ymVdgNMLfZl_VKVFM}^2v!zV z=p$Sh-4cLuvw*Gj3a?s;5qTCq>R%mBZAA@U1f2bO@W)lgG9BVX+53MI^|=M7sQd85 zHUo5YD}av+iFE->&&qn^>>Xu(V)oPhbs7n|_Gz7iA<$3N5H0ndGAe&D?4(LQU`&s| z8ZTH2IEEBEe6)`j21Sj4etcSLN;ZgAvq{N#e(dzbJA$8cVU6EC45m43vUW> z+$XU<3^gBCoa$7cyffWQ1QmJ*C&jmmw7xRK(w)3`<6`^9`SumA3K;U^EeD|Sa45j3 z0xgE05Nmvjk}t$l6ZoxZ(7eQ)WMwVtxD*~`Z9UFRO)t?(d;G>e$|2QbI~?mvC_`?D ztk@8fApw|sbF%~NgOjmjhpT&^Gsk&CF7%Q5tJC@3K|}<6{hz8rZ<8A}7LUO<_VRjt z^+#*68Iqz%q-1Y1)$#j7>z9=qK=V_iSaGhR1(o+3+g+;g3bC#R9s2mw{Xwyx1j-HY zPAJFa*FUV?cuB6~feOZeD8v$&adUShDZ5($Pk3YDCaW-UG+`vsaqQUWaRykLh}Jq1 zK(km4v>4_pI+arSVUKtCv&|1P^y%x8YL40}|i8b`==i zlQ~x^;@o0@TUt2VCyVbW%TB(zErFk;e+ih=&*%DN5urtImcH}p$JhUbW~p#4t;a^6 ztb~Ym+s+iTN%&2dyWaNxelEATmY^=`zV*-{6Nzv?(J(u=?Y^>o6ddof)HL@?P=j+x zkIi+x-Ni4_AFTZ^V|%}g8Vdv0{!GMo-Fv1!=>hYkgSU)|_E8wEv$I&!Y0ZLm`#t}i zZqc)3nST-+G9N0@&nMZagKPg>*@t9}tEf9gw0#i#9Je8Wba8=qsAO5DIz{<7QMo2} zY5?8gj)LG<7iS{bRdC^MjBOCUAa>S0Q~4{3097e!;Rdq1zVnome+@hmA~N4R4hFe& zMEnvTtS_iY`nc1aYkv|>pR9bQPSm+6C=#B=7r!no%1-+=8dpLyw(y2x1J_M+Y~X8n zpYGXr%3jN+?FmSXY^1Ael3Nr@j6r{1NZ5JrP?+$+x|USLPYtH2gXr_p(Lrl9)=n~P z-!(&!(hnXFJShCWqvh`gq(f`(wg)VH!|SzT8s;Mk;T ztIt(gl*FeZ*D8Qj=C{rz6%*3#Y$7ep)c0lWU*2b(YG@86e>E8VpSU}~quSi&zW#pr zF?vM&KZX{S9iQjHNTo-V_C^SqP3gMsrUux+o?>sGAWnB3=W`i#$b+rH{MFnkN>2r& z`Q20ecp;N$7t;dc&e#K@G1!&974$k;ya;d;+^B0IJSNq1_2&{h5<>rT+VU`k%F^ie zyC5TuUU%mk&OF1~gRW-EBoZn!U$R~5-1Tet{x&(g5fpQdR?EWY!AN5hhB{}utNDg6 zJbZ!|Eb$?gv^U%ob3h~zc(VYDz6|^x>oqUai>O|FV={WKcl~&`vz?s7) zmcJY$spSzzwptRqQNsa^pDaC{f8?6eB5>vCo^PF? zmYBOfWylxAN2*)oz@^0@xC=26gw{E z(oYasevIfIOY{ACMF(U-_D0vs%5?vl5LM2vtdkoG9w^O-Tj-n*OQfXFvwKPJIHIK-o;Uq@G!2g4>L1tq2}+~%sDQ#Nc+(6!uuq) zY}=$01totQ5Z_R-UbOBwHCp<1VxpE^rEDS6e%92-?de7B;^x0DqpVYdMaVpll=Mth zFG?B7V3@EGL#TrbTFlCeu%BOk9BrVAm;&T-c++8%@!u!ue&x~&_mH?Cs*Z&LRKLx< zvZ%D}e01w0?x@7wKeyU1Lr>qI@I|k!E`7Y;_l`0w!E|wC*c{)uw~y_LZr=h)@jP|ET;^P%gh=496+6ievtN&!@EDib!WHml z!lOJF1ysm0AU}&~Q=cMl&G6!0QGq0l z3r9t>Cm;J8sTvJ<9R9$#b&ZPDwDoU?QmMqa12AdqU<&D$=3$~;2f-E!PKWRbvCek7 z)$(P&n>+WzeF8igV$$lHSWr2&!TMU6oueIPX1ViYar%4G@36dtufG%L^!klzwTY|` z*l0fRwD7mXQ=k@P#$UMudg)y8MSnK@HeKDiCsAXxFZZZ$)Me|ULkEsY>SC1=FI!Py zZRhM1+h?EnFr`+$CUc{Dg?f*A(`W{8e>T3Fh1Ljs6YuBkc_h-Dfu=)lZTUZsy1RapusTtYkV3QO4P8>kI@R@ihJyW+6L|$2!?N+AW0t#}Cnxv9 zKP8C@mJJY5m_!y28N$rVpW}4?1Aynvw}-PvoelLTI|;m$I`+5#a7v~6r{L>u`G_e?RzfnBO6GPL+%A5dV0=*KaBTa}@!P5bwUA|KbP}oz>J) z9yD#1D^rjeGXPe+k+}PICH{VfK2HSAaG%`X3L#vpe8QTq%rsa{<+f6bik@n{7_fBI zo5p@}C4uPNF7!J((}mVkuHpb2i{0wW^9P<6$0J=30LE<1Yqcdg188!hi7W-RiGN?q ztY~;#cuQ3Y<%xw28cV|y*T64B+W2C_FPwT}7n_NDj(|LHfF)|aQsPRS@giGFq*6Fk zyhUqxRh#J!gX9M;twpGs=8(isoAn(8O5nZ4b(A%FZ-VZ%wmrJw0^wE{o>)jY_ddTp zb5|GzjxjLDvRQO2|E2f(J1L%c;ppCP5m}H?cp01>n{tvQSSiWw{(#2R{1Aqc_h3-7TmN z#+;Ss*|TRdIl3#uedM!K>7RZ({G7?*!O)UZmWJ2Z^e4JTRJPp}7@87Z4Lj`b<8s#%5>9=qmisx;w1aW~wox%J(nO)}ER=}>;&{Ovw*S0D6 z?ZU+%S|W3==E`es=hh2)_2U~8Kw9>1TTy}jFqL>=cgV5hC>p#|X6T~Y9A8hX!ft33 z1CzZ@=Xf!_iMMYZF)uQ86jLRX|8=L!2!M{)3xDzE58L)Lj^KCeT|>OnYC?qm{3ys> zMyf=U)24#!IbO|V%IqVat%u%PyVH6BR?Duwn2z^Y7IjwaT|+^)hEBa}2L!Ln92BW|B){j<(4U&i`#Z!)^#TOZGNK9~4%jMNn2gnsU7=A|Xpp`jKi~ zo| z=u0CR8HoB^#bK3uTkf!@AhfD_;ks(lxai8b8x3g2xD1m}R^`LjSnv9a>{3HAr&J%= zO*b=FY7h4x6nZ|uggyKu#szE)?UnD7T@bI2zlELfJeD~rbZJJfDWAjAFn>o!Mt$9= zBg?UV^>}>mdZScr&l06H&;AJ7(MyAB6aGpUue{AU>lI% zb^MU0d5~dzte!_GyBDy5RiNm!gwA-G{2mz(>I6Th@Lj@!zV)!5bDoB{TzU_r^%llB zXtGpOv`z54=4N$po3a{IL1zG(B+l{ufy{kKzCm}?dwOhJJ=cOD#`Hhzr^z$Wle|#; z;g+E5AAlR|@|If6rTV*Kk`Ma5eVebCWH zF{<9S3yOkEpAnIr;+F5!jX&oOvoL#=I>GJ~wEW?cVynRCiDjWNs{t= z^yck;#k_dRb>`?^(OR=4youTx9+1HFm|8Nn2p7;fPtlcw@(hLMi;_q5iFFuJUkH712F1?P@6i(|Im&(?zZKHR4@>BF9Y9dC!h>YU zGF|pj%hJ#-)Z9<%;GXR1w&L|6e`HXV$-53NItCV*`h&w*`x*T|9+d+abgjmC>;q^m z%ZJl&s~2R&24;a6GdIKg=VRYOd~tJphjg7dUOQPd^d_F(Hw$(KEjU&|=*h)Ivc7>j zOSRqdNUeP7=Vdn;`xr_xh9EZAi5mTQ2zimXs?hSN3u7twO&c+ysoq-S97I8R#;VP} z%=8;t{Ya_>p$W%vjPULL^esDB`bGcC17mS7O54~H%4ZcU61YlmScCWZE|>p{^9!1Thx20*QOP0@+`&&-^SZ; zT8Xop&aSVW-j$O4HuSqsG8O>1zxCM; zIgD5b4ZrY|#4*-h9Y-Q|r4+B5S^7WS=4lD6*sBDVuGG<$3r9jEppzcETCx_+v$yN& z{MaDg`>U=iy+fZ}KZ>tojrvD%0EjfY`tgl0x-mx91OV}yN5F;pEPb5WM$$P&tp+lL z`rIO(@wK`I?H+hU5bD}W>z^Q=VuSU^6lY-#o|@xsDI3Pq>!T-Cu8Pm*J5OYJo6P#3 z;70Lr9JO=ig~UR~Tj&H0mv81i<~~5D#t}Tqp}BMuJxy>W=9|(qeTy|+cCqK`8TMo0 z2YxLe_34~JL~n;W&|{La16;{UTWTDZ@6mw+3HbEq2}}V>di;HkdL!9LE@t#EN-^`O zqjd7$G3Ge0jwap9(E$s!Zt1&p;z!28^0CiN_0NqzoXSj}7g8T)?z(qI*E)=d3+jp` zbMI|-D9}}S0h}Exai0pF7%3s3n{a|*8B*-y&GnCESKy91pbXqp!S+`A&{ng3`YUD-!i&c$09-RqM=rUR2#vdBMW#F z-mleag|jb=za*^Ezu(j{cECE&s!RvS=(}EARxNYLo>k2IdfPOKK zxIM^J!`Ddw=w5%9*<`s=Ee)@7=*8^;) zAV>_2YV>^ci_hrJb|*`?U%AR-S0n>)LwYpC$7%y*rztWzyd0IcKjRYj#+5fE9 zZ!vl+|BNt)M~SDqSp4q)oc*;@EC0|0Xb^I(3rYD85MG<+uDt3t_hSHIT>T6aQeM>g zZDI_kMOv`7brh4rMKO7!4qIN!Z=d_@04qNr7y+1*O(wAq8qbie{T6rFrMD4mxpWTc zE-$Bd`BL%ne08J-@oVPkY0uFO_WACdz#5{fs#5$iIAt1GKiB&XKWfK;VlFY10RI5A z(!lDU&?&N%KHCBS6rJiymEBxs3350&vfOKX<)9(j3TIFD4F)#gm!5tH&gsW1GV*#V z@fkdOv+erd-Nq7L5}j6Jrj3-mWRIb>(Z!idQ+N5^e3ewyt6>ScH_Ww54fA4_0z>E_ zpy^`ITY412po4Tf0+4WgMy_Km^~TG#@0cL8xSIea@T=ah3NM+2pP4B48ic)TJf)DA z&WNn$NRL1V@in+`Y*1kta3#IUm+#;BwUh@8&_*%} zu5jq9IXnpdG)1ODj&muXa&LY*)!*)3Lb!p&cgpL5c679?(c;2KNM`{naQZFTt1g*j zAfF@iP6XyqdT2hiEO|cz2rFZL8&oR%dn1O#mEKfrQhVkEvXi-w`_dfSxD9LnwJ7U? zJIsWfO~N!ZQWv);cp5UE6IY)b7#N4s=}V4}lAwHEn&CRva_n8YgzpB+ zu{kX z|E)*T@4^BoH95xVi`KVmN`Z7BVA8GfV&6HR)P{O=X8VkPrMHZl)H;qQShRytFF#(` z;UQ)BI^zKp4I5Q6m8AO9(o?uBon6zco`XU#`@{DUZh3ovjghpOX|Q;)>p)7iKbgm{ z@@>?T7& zD|Zz%o_6?vE8Wul)|RTGpH2J>W^o^| z{~=8TAF~?e7lv(LGdXa#_EMvox*JSa|H`;UqKvT0cy|Cpk>pUi%jP)PQ?crf- z6+=?CG1pi}V;PG&l#BR~f>iKgKJXkNRuavzOw+^j_{jPjQ>i{-vIBEHi(-x%V(VTck?!R1Lez?AHnj2@bN&W23NaLevFqk*>3j*^UL12hzF?W*Wi}O z@2P)vwI`psU2;r}*_?Bx9W@YUYagVN-c}J~VOZ-#drMnHqTklaz<~NfB+|?;VvcE1 z5Oy`*WUYynH2yR8(`Rzt8r@YqA#o0z}EUEaA;ObUU@AH^B!J$JiIo0 z$ZT}Cx67ovI;nM9c;9E_q2FLIcLoKhMrpOocG=Ne2t~u_YcOZ~ykEZ;P;42u&%gM) zpXvq)p)eNz43$3GKX@719-8#K$taKK)VOtRgn>~+Ua_%9jXq?^JMB(;Z`Lc46>%rP z)Zt3EJmd(PG#?hlb0F+MmW5&3?u*!MnQVKPfIG2>p;g4|l(eC#nJ)S{ z(+5gBF&&tDHSM07*2%-~IrkKEeVmQ4r6%q&jJ})e#+su9+B@~X`2MM41(te{n!VOC zq#mwObtOO1x-4zTaps)4FSWz`k!yMG6_U$-*5H1yH2!=ZKGjep(X`V)%^^G;y$G9| z2OQL7{ZV()&r{v?V$EN3bR6Dxuhjgt>iJZO*L>Z>)uC6hzzc&74M3+4Xv1Ish@N-O zq}mq_x}y5xg>HjRhJt4J(Ux~*AqISEIPX-C718c-Q}Smf!YynPty7;-Ipf8BV(Du^y_owlzXj^u=WG{Y3ARvSVu;&WW&quZO>Q|tW8F zBGk*ieW-yz`ki}E-jIRO1WEpM)6IFTRqS+5RZ2l5w?FC#H9 zZ^xkD+wHdSe>U4*Cw2ow6_-WZ$i>!{+fpsQWDc{?!{R>jd2OKD!JS`+MG$e4@h>xP zbmY-2o$~MY>rsAX7|$#zuIK52^k5+A|7H)*KAM%zx6DI5&+>9%`!+Yf9D4}ce7wcl zoE&Om=B5*&{hw0-Yt%}z(1E|IzaUnt!nW!_uK=rb8nV&{&UPah^>6>OW+l6fk-069 z0Uc=1|5jIfcXSW~{bjBiz)cyi*nwBzf9NpR+!dvlDetF6~}p=#NwFivXWuWu;Zv99-iI$G&}f+{&6enjj19ub`9 zcy`cXV*j6(#owE_hAeY6mMWh*?0Ytq)DLN%?aH|<*Z3LfFq$D$>aJEy*Kx_+=bgmF z$x|;;z{Y0{Fb8s1#Vno<`j_9smC#WcIE!z^7h4=JO7Fv=ryp4F5C%M>Q1i6QDeaPX zGl%fxg|A;L0{@LSXA0?+8%bbb@f{e4XM5JRlAYu|{s$Y=BFG|uhu$`3_b)Z>%eUFo zbBjRnXQ?4|NwD3DJU`vD+#jyhz?|W4$ucS=@tP#_&;l9*HYGGjAzm+(dE2)Oafarw zymhEJZSCK22E_Ud?HQojgpF6gLwCg-QmVaMYG(sQZ2>vT_Bew!QK`-G_tqkZk#{u@ zZ1g7!Q0K&c6>rU8e3u<6j~di2EQL}7=ZG=8WUSc^txa6^rQ%6b9P;TC?lXr;BF|AB z#Od>eR+}PAOBNVV3!}3E#CpHkTG4WKNmYE;cn)##^ok4++u=Az>HFMQ24}qbymBCZD{N>MlXm8xbAtQXD}g zaFyb&6tZy&O!b*DdK*TzvnWAV&nzWu=Py6gaug5`-?ZfPTSaLfThobwZo6rU$e!d# zIt)F2CmCurq`I>*CSzenc-mpd4meSyKl;2HVgoLwkx{!2m&tkKS7V%yAjP}g$hW?0 zP@>9coSg=Jtu^wZ_1w|*+T1T6piJCpvhbZTx}{cU_x|CCzmSd)K_KTY&8 z*$KS^>%-#-T-}0F#OPnOxmsE=liE@WM5!-}E5&%@tI%Vaw8rDeo+A~od^tXQ;17u1 zq2|E1Iy)Fc9DZFjE#VS`&VMEG!>F{aU-#HE4*kW-e>9IfrtB4Kv@&HxnLvd z{DOHYPATMYt}k`gg>GMtN7&}FoXa36^=F!|E_|Iss6w}1c-MX{;s&%*?=o^(51K&4 zZ4(Je{k4RD zTrGZ7OGW6KHQ>2Miy}i<)8>s;>TeNVWQ{~7*oP#50n<`OxDUZPb)6Hbz0!Kkd6v#C&a1^}0;r6J`znVLQ)0gw)fgm}H8=$}a~3A>hR`!>A-9^M z6$Q|=+T7Py9Ws`luW|!VVvKHOj11TJ%{k~QHpdHcNmv7`9L(gbUu+DtYg>P7#y`CT z0UmCkS-1U-`%9?Z=zpf2vvMAjCo$d9C8GaOf593Bz$Gbe#5?_5)ugh}CjwxvEP5o! zjlaP%#+7(IcU@4(WG6ayK>VZ9>%W?J9IRYf;x526z}y6^MpISc$VaWZ3!t({kLd7E z^gnkfMGg6^H;-khDU5ko=r4d#{Bu8Ixiw7f6f)Up!RJ~-u}o6#qUeDjc#Sbq9DPn( zsowC5^d5*MHXX9&Yf|n^?DuwEal+=;JU^*c!3SqB^Tz~qVgKz1Mcc`r6go; z*X0)|`G+xRuCUR?_a>K83lS@?%C=+I-t;mu52cBH(#5(4i?hbh-q8xZxyocGz*NJt z69i-c=3ekEH16)-sz}vv(C=1#fwstiE1pmR8$53$XaWgf?w$m31Fo}`*OB$xRjhW5 z57_G_339KD=b*MCns3QJ+-$tbl{NYYBs@TD#^H2}2OWfY#N#}|Ws<8BxYaIQEA2^A)k;+1D4 zd(ya}^leOe(4;Oy=Jm{Y1yQ(iw8(Ek&83IVU6o+<^r6iKb4_WjlV-;ziyU!xVB(v? zmEUG3!^(f~{6?vWrX^#m=>T;zFq&<_zz5mC506f4R3k|dlmTKZE}N;x{lMX%NuG`| z`3&*X3ubbd(St#CwBiyEefOn0y7ToycN@K6PGcajfKJ1o*V=ZLbF*GrB7hbj!pKV+^VRDukVAK|UH zJcSk`W4L4@k+P!Iw9dC3?!bxLcG4|$M6a2XHI4%q2r#zDRF-*Jm?J&^fmu;LdFmQ{ zVv-_bN!#Guuiuw${ig~vXpOaR56?vFx9cLuDerXC0s8r&nWqL_CR zYc_R6;vetz1aa1(O6l(A{*e?kG0T>{ga^k}nEP_2Yy(^*_(~yt#bG=7#`)kJg~?IE zGH(=J$1&j~@RAULz~kDFLHrmBfkp)se2uXsz-@sUb3uF+H!uhgH_`f-8QZI;2Zd;9 zcX9W>A8+=_95oN~nO=BpHBjC2hg*$!5SSbBuNS=^-q(Vn$%*$LFHbq#>}d2p{{p97 z9o$&CQ9_)tu6|2qv}LM~nKr5+!u-*rwfz;)-ZeSt&U6UGf^w?A2DQMyKXT>ooAf40 z?)jb4U#E!r1dYyEeQIyd?nBpsyvAzn(fb;IqQ4wNwKD_{9p@lVM702}<;G538z;e}64UpF4}KbniadFjThff1@&qQZue3|PZh3D!8lu<3H>kh0 zcX#-=Iv0S#M&pG{@s&%$K8c-<9zntLwhp^8`oIkdqx-ByO%J&ggPHd&t!2ND*+~b8o(F@x3iht_`y$)gJ(YA!Ac)nUkYslXS^Y>XDQwFbmjys-T^F}f z|2uK`1Z(`>nPXNN;>0J436|^c8|SZJ3uka$DN{b4bo@zm&BBMo>{DNZde{#(zQJ@~ z$uihj0~$9gVgh}mO`Txi7EHSA6GeIvQl96wx#gvRT4k!6-XV4~Sb{$dX#A3r?Ce+p zaOT0STuSk?BHyZJAI{@wsuk}H5Xny9Ge$YWRmPO=NYy1(*l3hCn`tmphU4e&4G_E0 zZ30nZ^Hf(mz^xW-l)+qiYV>&d8F18;W|v+CG=@To`POkkdrJ*IYibBJd394g_ywM} z%E9++YuWt9p!SJjH=C^`;Y^;wnDy)2+fssiy42mMAg_E&%HKpQzcFs{4eBR{8Et%q zEUyZ~AX&c4bDE0Xj(Jbri~tA)`y{G4$u)H?(sL82@Y>CrZX)GcP`y{-9NTrnB`;pq z7#D7i%bk%LX+g0QGtzxEQHi}nw5UDcl;n%^S+d&6>CVabcMfz1!r?IK>0|0_nU(d& z`9B*sfz)d~e)cjS59h4bIqS>XjqPpvxJLW3!AZwS(b;FwRkOQ>fD37ALoGlf;J&cc z|Dm{U((BQhcw>_DAz7 zkS{m~2jf32R&`g(jIyxOjc)@2;=QY{{P(Jn_9Fx9HN>klFt#w6ADfWX`9CL0*WHg` z%!n&MYdQk*8MqtTgfjL2!Pjs<`PyHvy>p(qQXj>-&*1$JM4JCSf4&^~l)_(*nS4Td z`wCY_WXk4T(?`te>8DTniQw{AsnX5(D!3=)PNQrX@4JZBM?Zg}$^rF~>{jCI9*6|G z@?_C?h1{`eNlnr@eXPx}gW0cN)+=SM^$#&V1VcA#skm3l^*54nofOLFEY163lYz4KJHSiBPMy&J zl|0s~M=QHH^9?2a`hDgHU~IT%(jHn4tcGjpI*2F5`!fN(Ok4Ow`#IBj=u|VWttBO- zj2reAjA-|}P#S7zGr50dEB~_rFD?2;ZaLX^vhVTj;WhV^!J0B2=x!?YHZz`Y7Ko+;5j0M=%r`<}T7K z1AtaA!!GB!fmE&geq%K-^Eyq^D;*ewSqKacc=Lb$d`i3GW9GL4gr$1CTs8MkD>Tox=Oy`R-e!$&xr6=>UeW0PTR$OE7aesAc`@_Mz8yaB|J2f6I0 zaepU4%90%nA_67)S56;sR*jJiN)jkQZoV#(9G~I_B!E7SL}~OUE25uU!r*Ht8nr2+ z!(->sf$*B;{_i+1pB;9x!|rW@vKe(>TD$7sN;kpV;wZqSb^3KLf19w_?KG0+`Zo+! zp|r|*(c%n2G_avQ+ByH@iS>6JZP9p7^eZa+2n}6a@nln6z}r3qIj}F{$jB@Hvk(vO z8_Uf3h<0nem$lFBUf=fH1SX1vOx<)!EgX(Aq$FB}RFHNDb+by%+DXi<%-B3K#d|qR*`h1&yva zVS@1=Whg#mcu#$^j-CAhUb(!5UT8(362c9%IhwIOouE3ms;fIue5?oWz%Toeq~Xx2 zdrBB&nOyj_0RJ%bzD3_Wgzw_neM?nCzk_o~#pARymXBV}KJn{!2Zlr&|LGMs?3yio zThshLPY>npR|Q3@2!~cqYa0d|_i%2C_c?_9{DnUrNp!$Wn{+Yd^Mv{OV?&UYQA@M9 zWZkwVtJ~Ak&%h)Dxiq&#QlW3GX{VJ=dSne)t^K?zZNXagk-%uBI-~I+W`z7(HLloo ze{ty`fh)1|{eVtSAU|`P<6CriB+mCuiNcV6W|C&&;Y#~yXIH8O%>CzvIoyK>hd6ic z&2BOcGNm1b-qvTru(FiG0Wx`BqRqLpv8&1`(z^YXrI3%?5&qUN|7q9FG%`%44SLk? zPp%K{jo;Kode*=6;||Om;aSn2e);Ty#7(Ll(t;0@M@pmA^;GaNN6N~zc|VKRgl|h4 zND(ibvj>2UmGEIwe>nd`WIR@5V-I9(j?|B~;dgn3*yOtaUkz5cahQoF-E~4eBs02tqMlaMYm-)-7C(xO2D9Wxo9(5l+cz@*i}Hz;Ny32Wyz4AXls2;p?kcb!yL2B z&QzMK_p!QFQXvXINvT{Q{Ulws64{jSRwCgngiG_r!BjtTX_p!JiBRQwOT$C zL5#OXnS#dS#2;W-TQIIH!BA|mrUmG?T(`@spuU4F`{ zLfD-%&*92SfRU0HRTS4B)=(6fvD-l?7Wi#) zfc3qx@8cL$EUG|suP@WQJVIvRu&sAVQtos6 zko1K4RLo^lEeIE#HSB9PuTs^6 z$RRL2TJu&nUXauU7n3V)@D##F^X-G{sd9MaI>Gv4{9VZ{JgXA0G59K+Qr9aNZG=_s zK9xEP{QzR+1C??ex%uOIl~mZZh@hXM6JNmZO{o4y)mO$f`Mz(X)E9}FfV3!}A|lUnqZVY_$reO>2qoX2r} zfsxb)&)G2*dg&zm-!|LXBrmo>=%UE=v1$BQN}2X2lX0VJ(XSjQ$$l;Pz)~MThQ;*U zKO4=pVAM_=$KL$pTOdnH4~qeB9M7h!$>O5Z)1 zl2D7Ta2=bXQFbTJPiyQkj!fPhs#%@xUQADs|0{8-2iyGKK6GR{kqmA4_m%e?ZCPt4 zF<4N{lYP)A`>rF?V(s{0RN&n?yxfSzysrw0XX^<cCZA#I% zv~2zxWsmD)JqLg5y!?O9Q+5H|cHUqMrAOJ{aZ(4-D_4xNFG_~WMqj`?Rh(jFqi?;k zdCo=ser0QRPw#ubX$E`YdHv;UQr z9htt^=u-A2LlvXn%8*;cxc=1#!qN7S7-Az^D7HPyj3zsUAq6q zqf0VW^gH!4cSA?shP=#WdKtIdq z6LE6U3z?nnH(@O|(K7!!S}Js&U}QAN7E82P8x916B3=UopcbhxiDsW%K)AV-x>Z`~nn3 z|L;NW?o9vt@=vyIs}SgkCR8?%6PPghuAz0c?;io5k?X{b9kcX;a<#dU3NazR3u6C! zuAoZhUdH*-|LOpU{oMV(${78BpZEs#_+J~^dc<_0?BD`17cOdCt4+fH)mIxTOWn2i zzj8cKOR78J{Fi?%{G~0(DP(8o2ZmV7-Hq6=p;(#j1T{Ki^SV?6IFe2_i>5-5X_JAX zTM!_kby^XG997pl5ynUeNj@y6-cKZ$?hw#$IVI)XU0^QU#ZyCJToA5|=;%fc=ccI> zXstb78KJ8O>uy^>;k@AHw((+aPJFb_KZn5WI zQ|HZTrON$1a0*%XQXtqDWo+t<;p%Xa2pj}%uAOv+p?DR2R4?^@MA_L()k+Fhpo~}n zP&{kGjFH-ZaxpSquH`5&X8UGW{Vi;cu~0}-Z51w68S#6{o_@_IZiK*bNKj~X<*r`% ztMt_84AQhs@X12kJ7c7$gis}@o%N*$)7f&z66Ypqao>ksYH<~_+4T-8SXsIO>x7rJ zI8xk^z@))5udg)yj@)pI7>Lj?A+c(7_)vp zLv+H5LR_^!bor~MaYJF&drq}d&FA)8mfa;4UV8~n*hv?Zq{m^BqNqckg-u{Fp0u!& z_7rEzr{qAs8Ua~5nS6_~ASs21sEds|SK+qou<&8!2I>P^|D=yACmL{!{u?=0c$q$j z1tujQRW>_JgyOs~EN4;Ym%q9)4&dw0=ImEz;y`F1&+3d0sRMECIkA_eJ4OP-dmR3+ z(QV&De;X4kAiU=@gUa}!)zHSPcj+*biCBU%;s;#MNS$o`eOejO0EACx?g9aJM43Ge zOY<<$eYplub+jIe7)P5;`=fjQ)6driHzN|@nF z(C@X+%?&O2Vtn+iykYNbS$vwr;I>P(C>LR}?jb$-UL%W1Su z8sZuVH*XNT4Zi^7&H3WIyhsGa)y|n=;G%#Bmha(r*u-jQ({F?r!U@|YCbJU;SiXC? zen*utWCjVkyB>`L!PT#ZU;hoQO*P5^K@W7%&Njpq;<`4_z}XSIeWr{kiG_f@ZWl0} z!Q6TUh;zsFv+^u}snb0nN%KOb=fo(lTqPiYS7k$0vg|GUyVIN!WutrcwhGtgij^Tn z!}DvZ%dF&x%^Pk+Xz?7i_!lU?(Plt-&BQyNMOnKiEp^kyS&pCIfJAfA#$;dSKoN#?&Kl& z3EmUfBZ*}-2F4@APUeve20_kl-PZ?xKs#tHYlARz$zLiqd6oom-ML>44Ey{wmcAjZ z(~kHvcm`{-`9(q&@VJVweXBv{wTriSe`I`^0~Yhq6+#ra7&+bS&4WEcWWg;fF&Pf8 z(t(Ys;bi&smw(ToK8 zw^A3V&UYB>s9udz^qCnHc>-*;*#*d*@CA_Tx?4RAn6Bxv!d?nPJ|oyu((qb}tjyl= zd=4^exH%T$x*-|Z)e8k`GvgRwKpI%Bqrp3qBWce$kth<-g*(5g<2q9h*Tu&t*3=~~ zI*e!o{}G*Su0c0f0Yrxe818(Abwb1OaK*0}c~gYu-$cdScM-nuZ!si35?`|d_M(9R z?!U|=Fb*Y2ibiFg-*or;`|mNxUrM7#G9;HJ_8jE+oc$=)bIoy^-lO!d9?+sXsh`OG zYK0x(m@=@l?&Z~%J+Vs1%lAgQ7b~sF7hhLX7A+*eYiTBcG$|FkP{9>PL5O6Yh_z3d zefAUZrWC04w)c3&{iXiuBf7JpP*(L!DCYRL=8T5Cej*Ec?N)W!rdxV>>G5T>0s;^F zB3fhRb|zR>Sw;g`@^Bhg#mXV2?-@t6?ZEc69+p=X0O6=O8bz@;LfPM5{x*kyk4C?& zD1(RBZNd_7_E0t(47ZH;dUJYioSSn_AB^t0;HGT8_TOZ?{!X~+H_8Xh&5;`=q%3Md zKVU76egG~T34G9U?J{fFgA;Hnnqr8 zs?=*K^|172`f$H=Zt!C2KnJA7mUrrykKoLvjl>UMdc*g!IBPc9njoF~a?6ejtZ z!!Pl-oZlCHVSejP;8WNiV_vC*RNQtc*}*txt=5K+WbOju?3lZ@ zuA;Buk2}Q0@g=HV|5@#@74su|DBlkO&2F^)0ZcCN5PJa2X1pW5d;(2_Kli}gal`un zNdCIp#rI&}Fz2q4I>8bqkp}^D9Ld`*B}C&%t6b0*)}9-zRRQbrcVgbIO}n^#NGR6j zr^c8pN4Z+bh79rk^P;aiPO6^s^|f5_w!;7Nfa7^~F~v!9W_8l?@(VgUNz%|?TWeri z(U>PYAh47Gb#xB(p0&G(t|NhWkoJJGX<@YT8cdTvAQ&ri2L!nboPr7H(`!oB7xgz9 z|04qAj?UC>v0Tu*YYxH_=d8WK$`$U<~Zq#$j;VZ08v>a!-?6h1f72v>Oa?>d?DIOG%2c7EkaOu0K65 z0-R{@5@%MYgY&5+nJfY!%a=~R9c?9DtoYkQ8{!DJ+BV*hd2WYvmv*|RDfyz9)AVUo zgUiy)YjT+usxm8R=fs zKjGz-{%LsEt5-7OF2IEe2^-RaZ*|n&S5aKE8xMhvUv03B21NH9PX>wuTXTV_0XZcmzUNt-$|Fj}AgZ<=VHvOBdj2xyn^#HSQpV1H>YDYu0MN%W3&Rgz!QRGR zxfvAsT&6bBA_aWs0P26u8wPA%4SB{JFSGR{N@^^zjoH!Mzv2P=z0bnF-xH6sFg3^e z%<=znX@7{A3CoQNa-!{vme^l^NUbK2n>{eL@OT|@N(BT0ff&rLf!VE zJs{q&&o(0D54QNLxoSF64uJS+RY&GkAa{6rkO@>?6f44Zj!-#g!b zd*uGMb^ue6COa^ukwF(XFft5!pL5E3DJ>x(ZH&`*a4VH=Yy&AH6FFNn-5MMYL#;Aq z%uB%nxy~$Lk?wyq&FL2jZs@p78IYWZmDGIwMZh!_{IM+bXu|AX`rE`>MxnI=d>9Qx zd(t;`?)~*Pr;q7Ww|ohzx+Ohb5|;ny3vC4l!}4CD`1f_c->ji`zrI49wBM-b2Znlw zZbEtGrb>~j5eT{g@JK5fuJCf)!D)?~#b+q+QAB-yIX6O`*bKGRFi+34j7O!IeViL6 z@0MKA$?!?aa8=DN1ZLoW4Te|Ab5gc*hXHyX06%DeesXaBQpWY2%NhN$j;&t37TuJs zNoMd{)gf-o=(_-s&3W2I*kAf*LM(}_{DsXMdTfgxKxIgsVijO|fvD4QnG9D4*ZQKa)NJj%F45;9RgZ+Qeu(yx+n6%WS?f;&GbM&c%iof=|j|fl2RQZ#Kx% z&GWX`<)EF1lFe4G#p7O!7tH{sFpE)rvKcI8fsdTYWfvwNsMxlf?y3el4pak{lT(AO zKNTQ)iF1j2cbSLyu)thFCaI%MRz4dnVN2hmyM=taK~0D{&mRm^Uq73Rc+GG9Q*>?A zc`7PCw_M>)5bUN$r2y*lZ^KATB8ERO9ohFKE*C$a(7NRH9sH$Pb3kuULZ_3t-oPOO z53tS!lbvn9U^XL;R=h>in}2vdA{G3kD}sJcF;j}ykNv&lT8CYhs2L}M%qm{};1JN@ zmGzKqdXD(PRypw&@D@zEj9hXAIX$(tIwJf|01Ok2FBj?UM&3xt?t~f1`TB$w@dCG< zJn+iTqzR!cuTdqMox5bVpqKen`Ns7-=l$(IADeXj9;nP3il!>OK!g8WRCA5Xa0alZ z2eNbcCRG(2cHxN_aQcf8lpiT1P4m(nq zcnocrGFq{Qu;JXf%RsWcCf?^B*C{0y5T{f>eGjirPfzS~q(cX02tBp-kBV!Y$31?X zN946{O5mF(Wl>c9{*z8xydx6&e^-`XAU7BY6%PC*?k(Oa(pvHt%SC_&7XQ42HRiC& zKOc7)eP;DDn25AGRuGczcRfrpf9*f^=OQDpxP%KA8Z;Krj%u!vz?_`eA{)a;KxgMY zL_O=2Npkz3l)<^7`PL-+$Gz`V+giF^mI=Xcs+#VfI0mhZc%cDrH9HO!ip10DFW39a z)hUgOuwx(ndp|sc_rNpJJ#c<8ei^D4?0@-X5Imm0jr#1*g_cZ$(#-URaVNx_->^6f^4gXGgaH zMSliMbBmQJ8}h}Qn)emCdchMo z^k;A^+l|Y8Tq0J<=V&7-c`GBeXRU3nK`MO5IOfTj+oZ(@npekh`=QUw3xFuCNm%Ck z#oT-Ib%cK+r$iZBEt~93jv*$pY%A8qBqeC*wXHkhMD*O6XQHX5A1QDNEfmmNU0h zc|U7NI-F3r71I4@jq_gK8+l{%8~6sjU4xA3-oMc(x~8{3_5Sm(U4*?CRTGa-DzFP& z<|*Nh{TENxF!wwiHc}~6dAW})Q%SCU{~7)B=wzM43sAo&U#Tf0g1F_wzpAAmp6p1oW(pz4Lg)po_C zghg@C&$wc6uB6=eVWAb^!wE*tTs~iYC~8xZoXB~r*S$I+2tC8{Wy8eA{w+-XBKdJuM$HrNAnkDO{$8DV|U zyi(m>3;aQ9M8C4g2=o|`4@gwKcvQVBIpvzzYi60nVwlzMYsO5tTqq>2?CW zpB7k}7o3}(Ju= zKpVUlt(k|D&{oovnzf&3fU)T+2&j#MSYy(2Y@1$|G&`HjZ z;LDshLMSUrXD%TM2D?4IVgPDEk7VJ73CPd?^kh7^t!^2iz0LFr*?{?CvgdWG`$Qqw z5Cr@Ayg@V4v(sa#itJ&LgKR?YU&jb_3twS7$Ig+%#fW zsP{l^_Da9gKev^XY&>@;-ex50`c3o|`G1#VUSMWWRE1txSP- zI`CInpT@#40}yIXjvKb}4x70+Y5R31y?tb_P3JVXkE=4Z%Bv4~*0mCOM~wj6bR56| zsVEA^XfgYY7hdNosHR|Y9gtMd=jix>?RxT*1Ns!m#Y;SHo#4LJ+3deMD|eoCo~`RQ zwRY)PwQPdQoMe_{0aJ9%QFE8JqFn%75^3f;AZ4>4^Nov4tZS+2S zdDDj3cp>zo@iDEY=j)?LBJ!7tCM3h^*Fo(x)_LjSfsTt~<&&=D1JTlD-;Wx19;-{& zv&%hNdO`fuJ#>w)^z%`c5#GIlw7#P7Vkv~T=Bj>g}3Opqb^Z;P{hsqIo>N)v{8e2 z8Bs_1hUo#kOAnpC&z9fRl%5;QZYKdR?3VcR zCpmb)fB;xq#5CwbpZr4e%B~v5`}xDhDg%xDm$dimRs8>@*L@%lD!Jgf*HRscW zLbkC3s}OsR1;|h03nozbOd)5=vw2vp8a#f-t!u-md|I=q<6PDIu7bAbR~md|9h=`6 zd9xwP^n)@3u>uxrvfmi6n_u{e1Yk-gWzBXz`n?QRKY$eenVueQF7URXCm>m~gp26n zie_tZ0_}!*?|jqf1Prj{CtMnRYg_^^p!dzOk>ph<|D#WxxlgvT4@C8>i9S!E zJwizg;S{MOW4Dsru5i}Q8epQNmz{}P(Gp)BeWDD`#29U;zSrIC8ooy1`=j>AHPt=6 zK_gXM7JyMPFYIyiNN%GiijFpKh#l*0t#W8CP`T(bmj0^eqU@{Wb)goy3YkoN68WMCjtFC_GJS}3^f?Wft|8D!q&d|>7&AT{wY)J7~V)*)V`h9BQxJ7z>OiJXwFp=Y8LBn{j41sA>eP~b3+Vcq6H^m4{5h;eWK4W(p@(GG(n9)hPgXZk*(fV7Boe7DJNiU{_SSX1(Bla|_Tj<(0 z@@nkT7q5Bdiu%?9&TAWp*aY#)AFM9 zmncsz{XED#7m>IXNFEqBuKjfW!M1$*xIzJNcS9>(+e8Is)=s=~cXHZ5My#f|2kwPE zqhJ~|3T1|0VIB?wTsfszakq}4oo!O8Su`7(aaVwB0>hFT5VV$`-n>7FH{pEtR`r%s zi0d2r0vGr_ijjI{Gv@vYaK`4RxcTwYeb1TfIqn}>7lj=&a^|m#DZ11_ z?9stDsLC^bMfk-$bzcgfu`&N{ea!#U`nU6)q1OGt&%FA#ms8i)*ZZEGa+9=W!2hOC+uq(dL z?#0w{ZKX0bEyf=T?2cgro{@8vY`~Y@IBrlf#BGzqIa~XBVxMtqI=`{!-$N4IoTIj`b7&5^(qm194WxXds_l7 zvRD&Z{qP+yZN_t(sDtjhu$?TflI+MMu3_{erNiBS_^m+iuNNSc&a0IjV&%JGA+fjl zE0wC2I$JYb>kJv08`JnzR)oxAQC>`ya3#Xi5;0@Wig#J0YbB>9Rd_CchCQSK@BS6$ zPgd)ya+g(X^;DI}?~jBz9hZM7b)^sKsmdq@y3h zb43n=N!w?G5&X6;@#n+~WCBM=?)%1&zu`c3)etuK#t&1L7zEQzF~vY$vkTs^c^Kte znp!uNF&7AMNh$bPneMVf?GM;uw15UjZP-jN}X)I3X>gBjrMUjWQ23UL7M@+{{qGg znQ30TuZ&S~Ppe7gqg2d>!q#QGGi(LoLLcCTVP{X_pBG`Zs2?fusEP1}*v*A1s|L%h zs(0G`9q0FBR)=@nR=@a#h7*yu4}22R!+0LUT+)_eNx1q+d|uB-qQJF;Uf02ppCZCt zZ}z(kGGe%&zC>O`-2fcpYcu!%a7U>9yAR6YoP644tb`YL0b``vtM>L?ZY+J1>I!~U zr;NG9LbHLKJJZNP6^NIm*7@j+TKG6~s8|$W`(j$0S$%)i z0D@4^6Z`e`w+t|-RiHSG(LiZU3B`>K8Pc9r?!ri**7;jDT+G^#O52{33lN|vBq*ZE z&BlCD2sQ_H7Q{W(3MvKCV4HoRY*p6Bd0Kl=9P#1#=KVbo5~r=8n|UCJv3aC&Ok1={ z34gnMdK*yA>%c;K5fgy*$`!q`X{?V)`G>9uxqNP}Gg$nRKry#y8>?6>{qG&%^_0Ae zFZPY6JX~RU`h;_z=EO;S@z@u4q}|_|RTFi0#C6}tS+>Km|=Wk=11n0Wrbd5!Tx29mS32{|>P5G9fJ3Z1euR?`aY`*}4=zlT`Qd~-^^p{~o6l$F1h z&;Zh=2-}zPsYF_|ue&r@4Ea!u&GAf3@q$0&UgT_IpKP^bx^2sMWb579DNhrKOKGjp z3TUWwhue$!wv;t320@j)5X!888~}lq%7|ZmLlgIEE&vjpr{duW2~puZG+E7bufeuv ze@#d~T)&HnWOKyEOv!4lLuzXvS6O?K5n^!&{DC<9yOCgq8 z&kuRwTX}GIpO5(;;kU~2tod_4FtpQet)k)#gn&EGAP2uFWNAi`pho7_bCHKX%?J-N9_U9Q>Y71v)4J zw(0C=L4h&6qKHKwFIPd8p+x^TD*Cao1Rg%z9RLOxP0!bS^_TUJindZyv|u;E=rk6w zbnKcuRSKHA0`xKF1GVW^NPDx+ZpH|%m+A5F_J4m^qLQ7IJecBOqr&oX3$7`Lb4BIu z*!#Gt!j6zNO}C2qSGyQ(WroZrzcOkuIT&`MW$mXMZ_O)&aF*W^ySuIhh7gfYUQJ1W z^az1d3|Gk-7jC=RqR2d&!a)qI zFcbq)bkpfs@Zg;j?s`lR6>zI!7CiM#R;@D_D!OU1op*|b^AsBJpIodQ0G9M8%-qjh zec#sei(#om<+2LT{6p`^zUei;1(gW}Q}Jxsb{YJ&d=FSSN&71$A5hQTf7uuQRD|t> znJB|=#xSwxNE0U{x~p~z9(36Bo%Y!TzvkR2&LALt*=#}6B8;=H#IQ@(MaS>O7@LX@Hnq@!Sz3+g@p@#gE0rH>-%n|`4`;kXcjtBo?NPD z($Ark4cM)dar^pVz%^kg%PAvehefd=H%b^d38e-2!kxuBgXQ@cPOZ7yOi)!UPo$pj ziXBis2KtRqxz;j(LeRhOnGlIXI#N2SzcMr(BvdE6FtfU*Xz| z-9ZA^-Yqm+%636F!$h_XA`M@KoM#xP-6Qw*y-UrpV(*4E5IL;t*S~mK<@IFz;i;CF zTPY&VM2!96F1ne;9;}ry6J(B-MX$B20*M=R*-H_*v0_s7yKl_rg?PVVx`?(rZ{TBj zp#DZmifmVSx6slyEKs-Y==yf?y&vQu^G)e2MupFQq1WH47^F8xJP!4C{IL>ADxfTJ z8FW1{>%e)aes&h5m!Q*9vb zdV~t0zs^bMXM)db*j8Z);dWQnoi71$h_8Xr-B{&{5PAkK(GBBA$@4Ot9ut)hemm-rvjWLoXQ9&_UwQzgeMQ%J*TO<*p-yf1Ik+BOJ_TKR5X6T@?20w5of%4t7iP~ ztBk9MDlLKIWq(lkZba7A4Fu+_(aZp@GxRVF00G`3s7fqzXuV3Ytxds1MuoiWbVL&N zys5sq8@Z(7w%m>QOaJZaA$(<;MctgKbOf;uc3>pF`o{mgg>6Jqu=k$;^3pZ)Po|G< zdqTd}MtU{)hrW@^I$RzRAMa-LtN%ruQi8%a)802WAM;pBIN#^? zpAKYs3K^MU`PZ&(8Pwa+AGad7I`kq!H-kyQE~6dAg;1(ad@C*UCS1Syu5)mwW_`?r zW=x1rbU#sG!59A{ZJv3L7pS6}4I&h!IheSa#Cftq&b2;G_uf%_bUR>~Z7#0leSm)j z!@Iqa-6-4#%!ph0o8D{yMDP|zJ0>4!h0^ng?L@&2Ulg~@@R+pSS{U{DLPVzSf0lgz z-_iYujh~-2E>Zy<=?mAra`!% z{tpNS^3WH|SXC`qUVVWmWR{sus=g8XDo%aQ6_+T_-L8{jI=7=AL62COWd>vuO%#^e zP*KL=7c}XY){Jc(jOtfByn30tya0YaC@^Q${z{XovT&xkg%)R6X--}CqXXGkV$B90 z>Ba7L3vu1@BB!)!jT(`7XYIqbu_Pqs%xd%r;nQ1PW%&23$W!ZsF3yz4y{An-SvR)d z5Q$3ePuzs_#|>ZgQ%VlbuLg8}I$h_i=N%nBgb!F1l9@Wc{LcHJ3nScIQheB@)GUWc z6*zuNPd9fL$Qf&kaUooqRf8MEXf>(rBS9jgL1BrZT7Vj`UI^!FTgL}ns};8TA~2inLDxjgEAi+tLkl4y3NB(ppQ=7&p};f}lFHP1dq zt{mNs=r*qa71Fn=Gg|L$&Bdvfu(0( z@qVH5|1v%W08nq(09$y1-8nb=C?p zP7LRfEdX`_Ue5(_!;gH;G^bddd-^*z_b&_!0VIRuD!&p3mJ6raiL-0;lTl~Bipz}I z1-92ibf%3ggC|<=gvtE+DEs9p@!Yn9*g-X_+(SfGuibHn<#y1^p}$>PS|f21E|hT1 zJ@e;2gDD_m_xpImxfnD788f%NR8^_+&k$i&3O=0w_|I15E2)4Vyxahi^{}4)aO$o7L(z%Y^0@QB>(4b3IN9OAM z!B=il`-=;c5zf3SNsQA=jX<_LV_n*N3>7*V$ucMcg4zKl?yq+cH!SW zzJtcD4FZu*?v?E=%WsDY0DHH8V<)!#Pwwt@tig;Bb5P zFKOOSkHTEXys|c}Gv(dLEZf+4nX>0Cuh8+S;BB!k|F2YPYcbXttkHd^s$+BqMcXoHMT z&o-05vKrQfX=MO-lFAc=k)nCuJsKdCyd^1LVb8N!_*!Ii|06jigkl(YbH%#jW0Beq z_*#~;&pgYzo-em|Ns7kym5oU;@;AM2vpkc8>sV12zUk<5w#U`S_U9&O%Ww%?H|$OGJ^+Z|~XgJJUnsW^|b{v2_Q!7o@l%&}8eTl5Ms4hI45uAIwZyc?Wn z@%M@Iv^CU3w_k*$Ch!c~3#0C?Bw*1gVfqtZFYOEO>7|{)=(+FydR%7FwhHkA98PX$ zQv&R!`VZ?wk%2cRphEXqSdOJ|bGvnR8M` z)J}r3$j`-q*^TVL-@NqS38xrq+~kuj^7=tQfab=}+nZ-$6nNq(-VD@seH-nVzE-m1E)2}F@X&)$gBNzx^AN6t0qsLfQ*M#p zr%!O&Hu&&dq2zw+iTu2Q#6EI(F*P7N^-Q7{*-Z(&c4O?&)0p~+%iV@TV%?r)8g0PvVa%rTKziI6+#689{ zY^EBtFy_ooc{d^t{#>jGRdYVLtBn_H=U9>4Qvkt-l0v!;_|`t3UpP`{da;G4@poOC zd7~l`IDOK?2h-J<-g>q-!OJ7JT-(2y6pUL}b&IHE7!3vdAV?Dyg4pckTeMm4BVidX z`zDTRet)wy{OJKrr+Au%{3i1z(BDVFf&g`*{t`!Ya*FF@_>iQZ{rkm9YqOz)Jrtje ziy(ROPSwK;%15l50cR1gb!c`u8(p*<;NTN`zJGLiL(`u=Fp7vY%uUGlTs-1AHIV@B zZ37b57k0>bz@PZQ~1SX2azmSO;)Qk z`%=(WI9=FZpGM>igduOQ&Sr(c$0nu+G0S4Fc|wSK{?^+rA5*n+kGXGy6#a~dIBHRq zQuq@bZh~?1`dU*LFU97I%%0{v?0szF;?aZqAK)wP(WF-LUP_Fdxw_g##&1Bt-A?k| z++ui$&8yAQQ|pK~bS&yM5h3BPOFT2^{l^ARBZG_HM8-+eu$R2{a^1Tu)}?vS&8*yW z_h~NYN$Y{ev0vJp-4M^a6;Bk!IX<>qTl$P@#cp1{653)@%cEa=6fA*Mg&FLeX(}N6 zqaFxK;FggpN!5I+VF6~2#&b7SmK#t_h)Nw!QU0u9@?KOwZET)&J$H9ui%tJ;OTMPg zQbnbq7U$(pq0+pF5&M+|3koY1VQ19kf#}fj*~f1!iLPd#UOj_){fI3#B#t z(3mdt@f-j+**|2!RR8^SSppaY0-KpBSUDQx1<^tC{;?hmQf}i|(1yMtW7o(f6`wr6 zZ8M&=^_((da$~m4g0+W}6@VL(s71h0eV60?YS9>c&$ZLA&xFrV#A%etTW}{ZlKAHY zgug(pop$O(Bfv^yY|hI(eoL7+eY!8;+1M3V;%58vn__V0rvdF9d$?Pn7N4}&UiIjr zs6#cOoOWQpm8@XCZGV$tg7F}sTECnpg^8bf4E<$|Yh$~UBzQxzEIPOFr$%x>rp!F7 zN*OzG)vXG76VNJV*FS7n7&KH7+qbw0v@tu)zC66{pysv}tICnGf>WA3B^gYz8Q=r; zBV~35J~#sY9-FOZQ!)1-g7Zp;9j9lIuWfh z5ie%%%)U*;&?wUP=KHTS1+c_ZtZPSOv1WQ0Yxc#xqR2CYYBd_AYJ;@$kh;|Ugh0M~ zj~P|d6@J^bR0x&$K}$M-KthOn2L!lU$I!q!q%-hT+s4f%6m7-G*h^@qYC388T)XEF zKS32@Y5sVaF`&g6cR=dYsBe4$13f~F`=E>;Mk3WiHj>)et>>)E6?JZ(FJcvj&llKD zkOEQ9Bf1{0_fi*TFdi6Fc3ZbKr+%}9BZq!J#ZG>T_X?fTD7ARlqSFbMKUpHNI@6>- zm|i|+f*vTKcX0s3rJ)`ne>c=hgkKprJFiqq90d>*RpwEiX)E-UMbOdR2Q^@}Rh)V8 z+I!0oc3!={qSiE+ljmIMOZPN-*iehtj2)D+%Dh<8Mqoe1`iD6quZ){Ls8*7d z`Hqbrmv2ch-DwUl>@H?ovpYAp4jh;&x%vVjWn9;k(xW5oB$2LTw&PF}LIp5Reg$#G zenaEAFu$Oz0v{q%gXS!|Re@uc@4-Zj5%sVdVQ{wWkwHO@P~i;A@_&6mqNoR`M#w<{ zR9vRX-MHpUL-#iIFm%J9T43 z{lU04<%^kz;nlAZ&=7|!25hADehLO#=Kt}`7RKo5VBbdBZDZVx;O2a5j$x~5jt}1ab z7|w+w1kk^80S;OX@11{YJUZb?QhD@l#a4nxZh!Sv`@vIC7TV3pJ%I+Nc*B z+<%AmS*92|=kCY%Y<75=O-*E!mfEK@gz-qZ#cbbM9^*c>K4(_;0eLYxaB8d5bV@XC zsAoTZ7z6oEe3S*GJ*=9Z^m3`j!g0>>9oM{gibVd164s`JntLVyr!_d@{9d+{RV8J& z&(Rs*t#Y&ssm%e@qbX-l|3Z7r#fIS{a&~c_xD=q5t+0m-{T!4zCr01p{e~EnUYRY* zecLKrRWEV3{iW56;e^GzXfCuk`E-2rP;sddFv|!y@5~#-@qFuXdOGw^Gm$WCzB}{6 zg?mb-iwI&h1zn#nv3{fHLr*bBFcoSDikZp8$HFwoSf1~)_Y0o2UoS3Wk)Mts0w@fx z4wwmhSx#mG4*F#uU~X*NY2cK*_NdxAnYTP<>V&*hpGdk-dIjnBdWL(Dms93GkbU&h z)WZ30x*HIuraFlgg#N(HPd>9i|6_!?$Xc5BvB+2YTdc|6}X0>caS z{5%{vH|V>PzVhAeMG&ii3;5>P>a5)bBs5k|;TL7avB9R(E41$*p>3aj(&>%;v@7aGFP}iZE z5F6sE5VNEC@7J77Yuqw!Tju9oe_tOy|3%Wjd{ixpT%d zN`tg}NRtW?t#~c3CizoVUjXUr5HzRD-|a#6t1wvX?>eeb|9rN)Y>6xBV!i}%_JTM{hGBIBFG0P~KHVor~voymWhk@jX(4lKWEDXAq}?mpcc{hqj^c zmLrNH5Vot_;z7|VF9xybfll0|rdG%Aqm-!tSMomcoxEU&2i4@-I+!;HHy@Gb_af|s zW0`m0U8952nnotB`P;QwBzIaRLs?t0=3+{2w(l7L()Di;A7LN}qzN7Bz3eJF;y35fxi$ND1@5k2?_v!Y8oTFy{Q%ozh zn|SawR=>9hy9-^8SDP$HA2`YIMjw4F)oGNw`6IMG)mcqYcMIdXgskxXgE0oKu;rzVnh?`>H#7m*d2nD*A=Njxw$!-p1 zE{-b`w$Bg)!*Fm0qDR#K#9kT+cD}qwWXktF3OYV3Lc24HlF=dj)XGrnlFLPQLXRuV z-ve#QG-~^jA&x>&v|rVa-rTmn5_aL_tLJ;MFoP1vw_s8V8HIf3Ulu@07@cD^%K$bJ_bI!&Y#u6M%YNkKu6v6+nF9h(|w0ONhsnv{M zK)0fJ@xyx>vWD?#q}(ma-+H5|+gaDSd2RY~u|wH6fbi^_W_I}|jL13TAmaQfQtd1A z^*#A;(44{*b&^+Izi8R~P?tw_#IinLpdU@t5jC2Uz+`l>;Q0eS6@WPGl5Z&)5*cRhq^rj`t7P{Z z4$>eRPw5PrxIA`C#mNsJVMUqpv%{Jr2QY5G7M8tN} zc7sWu2wCW&(NPBVqV5I9&t0s^i`t{A@Jzc0nGfP(A!aDZcptGMfpfX)HuDZX=?&VqF%n`_rK+w1 ztOAnj`{I_6Vk6c!-Bb2e&W zs3GUDL=Jp6;F&8rY|4abeOoEq%dJ0lYriqyv>_?!_neBzLEpl)U%&+xi(kq)Y44Wf z`Y#~9I$gduK;Osr$P-+1MWA7%X6$~IbB=j@G~&w1E)_yz>S%ZCYfc!2WvlkPWxiLi zn}g%^TQuETx_#>=Xd+8B?$lMg`74Xtg)dInaD?gO>K9I5(pKW|*uOcdZ5b#Si*{!g z3%U`WIY`5V$;9?A6_Qd5@-y$QS2i3RK9bhv4|bLCvPfq!mniGatIolTiqFM zZ1KKsS0=n3YFGhf8d2%jgS^>{`L9^-7&s$my-NxNFkT z7D%I4V08<8^b>YGh7lF~&0uc|BlK6#OP?Tz$=H5!2~A)~XhgOTEv5L%M_m2A4bjJ! z@B$@2-_efTxM$Z32c<2fuDhFAH?*d619|KZndf9g9=;0s0{R>l5>*=??VfdJkYYH= zX8qTCwzZQqZ_FaWET+^2ISZ`)KURRjQrsy*NcJx;j3(|EU;`;6OGHQ$&jHPX9LmHK z?uRG3;?P|agMu8G?fzd;Tt~B@tK(n+1Sg}Gu%;C2{GWfZAm;R`cPd?R`40z7(;<5` z$U>I|>kJHIpp2)h<}JXU0?z!QO7t;LbKF9*?1sscD#z2s#I4I2pUWQDJb#39Go1F6 zJMVu^(DI!Yse3ar0aD88=hTI90HRuITNeI?={9N!k}# zi98obaXWO6z*>~HoJCv}sE@SK!TfN|rt;9Mz*j(N;1%Q5jmTvA2K&V`%MhNnA78>n zFHoZ~ji{Hnomg)6u6c?ihT5&asH3Rq^e1=CJPq+{q8^oBY3 zUDh86_qLtvZxyULZhUJG4K8}h>BC;quSc@%ZMlbC+)o=% zdG>|~2TyF{|FANo{a&!3lzbvRwx$ZO;QUzl{KJp(Ax>}}h*0WD%T%<4o$P<{4`kEy zU}|B`3dVE&?p+b(3p*kSC{Ig_?o=Q^NN)v28ftuu~A`=gx5GZ@70} z>7s0~cdH8K45LRs{RPhwS?;`jLV4TmxFv5fzshodl_Sp$GPf=<6f`QjCbx;pH7iyS zf!=w`CNG2g6peKHct~0M7ZAup_f`9lG@t{Q)T}=H+o;#A;NO4d8$Qn~g8_$?+z^p| zy7Q{IJh6*&DuG=`H7brFH|(Z|g{D!>9(9~nf^nG$87D4u%hc#?zKhD7Abf0eLL%gJ z>AjyE<$v{+tcY|YEr*^Qgo~;eTP7UBVO(#xiAPGa^@RNMMg`8f|1t@!MWiTbRO-Z> z`|kM~$Wr@QIpIorDzOjD1(s`fxL7R2c)CI|h5-=~SryHnFn2VuDFJh{%gh#YXO>TJ z8Wr`i-*4rRzFBeIyRL`;v+$LOmEkBD2HyrUXg#~jjnVy293t$+T-GJot&7>rPc;6@ zBDLZ$L)^Wr_x6)g+*zG)M|QYh9_J@-6dSkr64xbJ9ab|}_KO}+VuC8nVGf5~HE|vB z2Z!8&o09f`ue2d;A=(md-=lvhoip7Jo8{J6@K!g6MsxPXzrL%8f2g-NSk)s-D)Yxb ziP^Ua*PEED?rHOq_?j$aokfTgZeC)OU$t%7VnLx_HWokXIDiJsvUYE!NC2DgNU9vOzuu6ykn< zTRvA}pi!k}l2Pw_v^w*~w%Edr-}>HH_e!fBy=aYI-!k8uGw}|>j;4ogXm13x0`Zy6 z7x`2xPDP)(HzeU1#r?uoYRqzPpcwQCl7uaWN&ZI#ORmXln7;>go&o4`e(hjr3J7g$RwximDUCr{mpq$O9O=J0Q-r}Dj3eWpl zp?eg|!dS@%a&cch$kq&b2BnIwbQVLi6=@a2$V*jAbIxWhn2bR++zer4j zKD*@e9P{N|xTLL;>+!}l*UMMZBM@RQAsGgH42+(SS5GMMT7nOwIbo9NI0sWr%K?}i z%+X90>(iHPx*oAboWd7hI4~RmH+jk9?{7yu%o?)!Hf*G(`r18E6e@HbA*Y4b{riso z3skZ-t?WKWQr*JA5jYmzt0hbvjP0KkMwYE9A83)SgtnsTF6hyV8V?*^ioXMlpDOs@ zSd=FPeyPF7dve3OPj8prhTd&^YI7V+JIyDOOS=wTMeGTs9!o^s#wPw15~%(O9YZys zc-G^Oz2vgN_^G>YbS?Uwn_ar&$-pwOYj|Dm7P8;xlvY{^#Q*+mPf&=CAdUGnnZ6qk zMS1_TD<>;EGqU1csE1LclW{d4CGD6Wb)AZ;Cl{=s)9~5$RC?l){D*F@?BK=aka^e2 zf@#YaR}ZbP8!w1vR+_4R=&I@N-dAZ<=-*h}cKNe$>&R|YAUNnIo^`^VV4Y!0nD)!^ zgcb(jmhtwA$o*28pD{XHl$w6m+jUv2@)^|mX56-buf$JBiD;&z#?sppvY5MLUwI#h ziA^Ezr!uRIUpfeZDHq_-Q4-AZsIQY4=uvmfcbB}+?>E9f{t0PxSx|s%VOzisdBkFg z#SxA+xEKkdFH?>(1lq9u*@r-mf1D3-W(5TC;G39I`wa1h97r=mW!LL=N+JVcexM z5eB8j$dTxKAA2i#vkt!j-NpU2d^Fc1WMBA|>96GSXYs2T>QkYQq@z-yVpRa|AI9W-<3A~ zlW{l`UfG`>|2`nU$>7xML`@7yd)oaQ==*{=JKF&ROvs_hH}kL3Gs>HxQV`mH5!}P;{(>kVJea_WHG|AcN=;JNJQ32vo>C*6O$FK!M-E#KgVqN>G;J0p#eDh z{DK=OTY|V3HGHC4Ho@-)ack?9AX+M*q7n}cZFxRYm}tLqj|bKM0tu46bD}P_P!g;` z@7(+PgxxOq+~Y_rPWfVmt;&PuIEFN#P%G`;CQdS~?%|z>$yV)ouK=!xN{F(`{^=ey z&%Bj>bV3j?_m)RHpR5OK2gRWv(S?IK9*+58y{Ips3f^ao^ZpwxR^lL9vdzW+(c^u+ zmj|Lg1H$fJBn~aHUm`$*j7w?on@1QDg4Uutqxqd4A?%6Byf+vK*@met5g-yjJ+8T zJ8VQj*RtRkxU>ksL-?}<1rFt%5j*$Ds>~+_l~Xkg*LP9f_!f`TWc$9N8Q7u!+$-@}t&GkMZR@sKZHi$%Hfv7RvLD`>`G8@UbFhbrHJqsSu-NybQ zYNDiIv0d^Npl2P0Y^O&{YvzpUG3n+VenU?js?YoF1`fNou^Q}`B{z?NuL#LUr>Gi_ zhmw!A>WQA%#Hnwq&kYO6#PJe!rfZ|2IO3x-Fylmj^?xZm3^8akySHXVAEaD^GrS_H zQ@sWiftDaM8m&E+Lj8_1+QfZO47;E5Y4r914gNJ58R;D_-hw%w3HcIFDWIMg(o8_g zpdK?W+C2Dqx;CNb`!LM*ir`=8zbmg-J?i`4)L<$5=AQGT*Dh*WkNJH8Mi#kWf@}8k zk9|eb?TryP&-L^MfgsSiEz8F)XOFSJbK%^v=$lIwrEM_mJb`YrHW8ye{;=iCd+sXB zS|F3@r$QFPah`8qZ+;kZGao0QD#m&ccD3t|3qOO(@5wEZ^EkBBM*^$)amS>5Zo+X( zfQ>yvcHrC3E_=3x?R1_#n3fzqlj!By>h{^1yXqIF9P2T zmh}rjRP~fnN$as*T9xW_D`gRpwq&-6vqq+c@+8b+_X4V87l6@bi^OJK(ej#hoQCqZ zGCx{ErpG*pbLYmSjxE0)*LV#y?f$Ix)%5;UU2kB{{ME0ILmKV!&OPdq@JtXw(vU)1iP@l-`=00Oia7>g z|3vYO6x$M#4Wexe{K4_V-U{UKW$gxe4K}G_ zv%x)txTa^8BsO>J#@gAX8eSdtVvP7!P8L}EP_S@v(vF=w$bmgiXy;#A2+|Z9zmN0F zuVo_5uXndbvLZI){c1LcT^@ldej2P$ljKtp{=VWRJj+mfLIL(zGYY(1q9jM^x~sWY z{0w7pFyVmk)^V^sCsDNlnP)lzf>Xx}Fdg0A5YI%0ZB=dr44=>W17d-pAC+sD+K@6l z2F0>+Q@&fKE5uf^<0JXL%b`%bP8o$=mPu8aK4y?}S2h?u=)d$PHK-E887$ZdSB~zd zTVwSFm@QU+BfP6P5NwdV+l;wz`sSjerj4hN zB!?;#WA>zx?*>4Lin9zMVPXwK15>AtS>Epwcw;v<+2IE;7RY5r98) z)f5zGAle_DI52h`rw`3?JRNM3t|jqReiusd;&_3wW3@J;$@@sb%JM?gHnm+Od+yde z5x#hL-sC;=DV*3k!M-7b0bp)H%ekHmG-rT9C4_2s4jGd;81jW@{v{^rI z9-O1He;MZU;tc~?q&*l{bibIirCo)nu|hEW zBo?2h;O+)q>N^p3iTlr~nS*Om>@l!hiJ}$W=aSPtd5ao!7JPI~&RHCqJIE@VF>1kO zb!;S`(D(RpCp>GnKK<$DZ}z~rbiwVyg2+v`#wDXw>C?Q>$cnHE7Hs91oQv|wo$xb# zCzvSw&8LRn#8+mHsRr)>#+#<)vl7I={>PrZ-r75o@>wJ*@dlsDYFW<8SMrl#H~una zlW;boi!+F#sr)?dY{xsU#Bc~@Aga_?c5iA!&g@y7Y?XhP1UAaD3XP1K-U3|`g<5q&*WQH4?rK1jNw2}vNxb~7ChZFz# zAQbD+_Bd;hPEnwK-+BHbwC_}7wF~a-9{0xu+wSVHc~|9Afb_p884vi0orHY- z375)A>Y}F$@!NQhp93jnJN|1Or}F+oohcxny@Mw%_=RUFC@%)ga!$a>JARo$;ne( z42(JGlCbd{)j>bY$`U{9_89B1r&B?RIHmduH@%ow+<%~nT z<3CqcyBnfOp0jZ^HXThujd9?B=!qg zAt?Ip!;S7ZiU%U*&vW|VfJ?`+yZupCsc9Fx`qLG(6_#3QeDFTCTPc9&HCHfcB!JZa zGdL#l!&2j;;6#{5c_|({LC$>fm*!^mTXmdAl9$RUuXZ;*zpQ!6{EJUwLT#C`TI-Cm zBmRA3f^W`sfw+TJ+rCp#mYpeQ_3|$qbnwa}2a)z8$5?UenEx=7L%;ljw$PMWv;dN?(fmT0V^oDZI!@@J|VMzp^tfcu#pu z)vs{r?AggD$nKh(QwmKSH^ggDfsJ^{h|@mZzHT@^CfR1EV%43!0?*;>7X#YF#&1BT#JT$xYof($L#>g2y>< zx#NZm#$`RFo!t(`!6tttf-P~McHHA!bXCQSUCL$bT)y7(jLr99mR{&-2NmXPuG=i% zb6IwCc2eJx>9I=PCCh384>x2Z;Zp2sXGM*E7yickAblrbA4s;wdRkdF1hJaY&IC_Q zU&NxrxOH$2?rrKix#*#=sV~`H%KxWgT~%C;J4o+IGyhcG$1BCvB(S<3cLCs8xrZ$C zs3TKr^BgB)x`~SJ7E{C(4W=*VrV2{JENK<8mUWk+jmD!2RsGV*t9uwU|LRQ;8I)dv zFi{&1dSCM?Ky&;r`|IRo<8_cs&EMt7^PmGvCu`-YjK*&rdj*%60}ZMeqw{wzHD=RZ zyt_5#)S%}S3}_41fId5hr%Q)IUSCx2JWANgffQw&K7qMF^n?sEr9c&zn|}>27#ytn z*|rI9OOySQ@LQHPiSRnL1cq%rsBECxnX4sU@l7K#aOBDO))n`WoNrNl|zWfgNyQ7|@-BI6phn`a6zdCB(65JStI8%sSCNMKXqI!^2E zluX)*1sS~>zxH9!;~Cb-D;YukmDiMS$t&%^fii9OxfD=pu@AO5v8A{OgIwzbabxyz zSl$;hC8iv!r!=6Rw0gaL#oHtq^~EO)$fMMp%oCr2>>F7t!j!#wPedC|JXQty z?RusVF?5ee6iAU7D&-qTbw`Z{y_VJ}?xo;(qe0s}O1Pyr^){29*0p8vRqKyPmg5M! zhd+AJL~p0F!h`ZBWve{7cL#dz7Wbkz)Y2?ZJlaVM6NRYL$p)AGSUOA)e_lh`?zzSN zCfRfwRlOw=yi{kKg_)%Hyw(K0_pG2kEsb&;aQQmBMD%iW zy*}Emn=2sux|Dm`6#}NTCtD>vh8eC)B0i770HPzqALjQUBg+{}C4JCcY>Wf`I``4u z%@yqU+zC5SetF50L%)PlhA{TJ6=cHCay5|MbpFj-^jzphQnLG!l+E#4Cw6h^=0MGH z4EGYa+$bpSxJo3Hr`mmV1^xwe9iWphSN~}g(k(DJh#jKFN6I{E_49KL$t zzX{}>mGwM@IhML1y!GKOx)NDN+CYr0Bk>Q_`RLbuZ;c5uXOJBNbD+lcSuU%UMq(PZ zJsY8PT2)$<+gHoi?KvQ$n&?!9e3EjG<%MrwuOJ^NzDlbrm5P1M zFA}|v(fiQzI`C_sRd4fth<0C=xaRGY5mEfwA`Vky3qDe!hr!VA5iR=nLHm#Nfy&9o z>P&l#clEP$_?Y?wYoEvENL=9DZ)e|qi+Z<@NMbpJ`PAdGKWyBhO08SyeZ;c7%<#&h zq6AeI&2odLM3DK2n5(>I=4o0D8zSB+?U&f~p!2|`fAa*I8{u9r0sP3$CWE|lZ7{mV4QmzcmEwAwxb_DC6^D2`{KO< zn^1IyVeeKIhryV{W)x~I+@W0v3MSa4U~{$DI(#G!!7XJjX+Iqu3Tc*P6@#Rb%6x;4#ebvcp9=)B{!@M)+4knWJ%%@Cr6^* z!DGHsd6a37fe!(Xsw(r;)2TBBa>#KrfZjRJ8{DyLss2{Fz>JXG+&DN){XQY>iV-C^ z#zMF^BOF7^!T#CF7l}jp4QF*w&PZo>*@g6U_gFf1e1YOYruGrfWO>%mLh}vgB1rn< zaXRo{<5>zrj)#p}zEKIKhuvNs&{#oS!8tO!=~k5!^(3K~HSG?H?Tw0K0D{{~Z5>S6 zVJqJMnot8LH$9mG^ASx@l-;@;sK_zduRI!mGIUWOFI8VcWOuJqPB?Qwz`8}QrzhPL zk6aTu6{tU6yU4kV-$w%M$lr3}Z^;yOobh`!@?q=&_MsB${ztty$sArkR!!UKB9Gpt zRMcFzK6w(q-tTXP8@WpX1h3=^Zi*$Li{YKmtKBpI)b?1~Oe#0{^*z4l*x@P~F`%v?ENjY~3AxtcP6L^CBLbKt$qRGFTU$dlLoO^u} zSy?FvBPCFnbu+64UYslb0D-~fxGvOV*N);Xd+w*MTPw0ERL|CK!CBih41iUT6k433 zj>j}PO`<&yoT9X4&ME#2QcWk=_zCSOzF0vs&T^@W0S&yT7L5~z`OIYzGT6D3gWy^2 z*Q}QZzn?GdgZ7%Npj}eOi5i!NtJ}8EjZFxce(&Hp>a{~g5t|Mg>0qKgKr)9liJV~n|VZq{>F71#qDo_riy zDa4;t^93EaWw9-K!TFz6N5l?$gS?07jM5Ku=8X_dILS9Q>MVGj*s;s9Hn#azOw}r- zdd@_O{GD$EbP`IQ?PngJxvQ(f3CX1UB^hWO*}y$ITJ!5H5($x7`%vYM4rmf!5J{NZ zl+41;#|j+yJY@aE6qsy{F3)__*-^yFU{K5i2gVvK8=`@PKIqd(^Oz3i?W2CZb}5hibmxWi2iUYm{C zKAeE!Wmyn%t@(L$);Jf+LkRBm`-NtJ)7C!10Sr{sK)YJ0va9E}q5l3?&g}1Cv40il z#-O4#_#cn@bnbS_etQbG2gsm+_jfOf5?_^ulE#ieBym8+4V5!JuO~rFF1X>!A@}H1 zS=A+G8b@OS{+-^OZXKErksADRDjR=)+aWao8UAk*?p3>i zjBrZkk&c5EnPy!FyEDDJH*G=aa`Xgvww|RC-+wqU{Du6L=k2hzlB22rwViwtHbfu^1FCZ3iQp7ylW@jiCcov63&f){P@C^_)*UPIE)MHv>TYMv$FQX}gkPvHbh+lxhX|tNGUn|> zx5~dBKU5&?V|ZjkvUvF8Y;WX#)v*fMe~WdDvBQ<;i?XHSJg%BB4hiVL>X=gszq$4I z?-h$_lr~LP^hHPa2_qA17X(mE=n0K|@NpuT390z~_ixVc^SPE=*mr91q|=J>)=Ta3 zd^R_cxp4vy=g(p5N^jqiB6hy&KC;{aWc_|7Qu3K!&|S;(QH#S%hyB+aKR88Rb9mVs z1y5aa?$fHK#gZ=PaI7SDjjH67eU7EsHtYz~?323je6!-)Frfn8hSo2%Y26 zuL8}XXCP#d7X9D$JG=##{zG}4(E|1aRODWmyWSFxH#Pa!XTk@>5F2L8TmPm59kRQ5 z!oe(UKkDz#q!T&fIgRQYxLwjWIEdmi<%U*!7~zaX%XiHW+f0Tjd+z&qg9ST200EO~ zv2~l%C;$8>1zt3l@-o{ncAv%O15VBL2=68g_88)ZB;*i-h&ZyxqFT41*k!%4H)r(hzycQa!RC z(V<*b7|6D#DY4Yx{paeb$Fsrwu(gTi#p(~dXUAJSP2wrh!$T)x?v5Ub_P0jGr%`@uo6J=EMng}rJM;J1zbRrwhTR82fxfWy zq7gFyZkL&CUqj**YIMmZwjJHX4F@GQf|Pa%Aoudp7`Tmx>7V<7j0Z6cPaYr{IOx}y zmCF07(Kd)3RT5>$%2xbzD$w5;JJ~?kN%YAd|AGq;&VCssPKb#drFZ8>aAd>vw{Rvt zH}K=#ES&u|vkir@5LPQgUXtPPchvzscz2z#9}KIKj+-wY#4r!~(|5`mLnS_%u02(Q^A*yys}aMkbTBECC+n{z3meYt)v4 z>_;aacd~>`J&%po3oDe5c)MmGE+03{2)WYoa;*d?4!O!5Kod_K!#4d6OHs|I7BzMM zm53_V63Vt;Xp2*BR1fWzv=gtLm7l=WHt)Nqp0#-w&--y0iO>%<#!;H{ytU%HbI19p z^xrEyf4tQ{34flbVtLq)g<9ujI{A%Yp>a&WtNpeY=r2h*VN{Y$R4ge%l?2cXO6yEh zRW74f>62`_A^-B~99f#Y^dfrG@6C0T{c#yG1(QCeJ)Cs9bX94YQqVmUethX5^los4 z_>IfOngMem=*{1rDMDrI{$6%6@IjzSe^nwT=~gyz+<=QEBX19Rb}fWl5X+DunG!>q zbF>Sq5XG5E@P#0E z9}C(MnQq#|(2sA~)oQqZqdOjcUd99m6u5>h)ho=tdwkwEbn0XmGOtCp+8%3 z>UbR`#S(=Zyx2K-y$)LkpTWT!9{LT5vxKY>qQbzyFR@xBH;M+0-ua0eh+ch=F(&7K z!>owHN%DVRr3UI|8!Y8DC%tx!Y)q}_1Ttnn-lUqO>Y_t=XCJ8k9_%>D&H9SV)+O4$ zP(3Gb2(s2as)27Jfh|~)?;GQS=ZzTd^?&J~(GSl*{-^G+-mb!alYaO$K)_0D70k6p z8x*)d>TbFP{+x(eerWhv(RQs0+^U$L6k6gr;FDQ(ld1&e%6rRVYtWNWE*z{!SA}9E zLe0b9jQ4i%0~rgXdJ}`1kR;HQp%>oJ$eYBv%j0E^*)KtFq3B?d42uFyE0{#|Ylr6P zM)t5D!;d;GN)-es`<;){c-#jI>!TbY81TB z;bB~#U#ZIsux=m{d7#^U>eSQ5iTI=5BmG3Jvk3_Evt`=rP2C9s{k)YXyvx}EL8~cK zXlPa9o#E=WyPG(@6#5*3RK>D7A>EA!0<)7rp>i*GUYh`4O` z7njtNHN?)s5`370746`Rq%yo%9}vB|Wz0S2;mDX8aXjVeL``Th=gJDsRo4til{#4I zCbzPaJ$>uW*YDgx^E=`_d>-Qyr_F12psxGpkeT8PB2uTilGHM1K&@YU_l@YX;C_yf z_}%Sf$E40Jgsizl4c`XNRP{UbMo@Bxjsxy|R}bz%@eE#ECn@yI+u5ed=cWDMj6?0` zO8r>yQ5&i_=?n;OMqVq!cCs(ShV-~s*zCKD;V!RH?>ylsVOhduzP`9TOrLfw6k1=2 zYHRiWbJ5&PTWQ}R$vCNe56PQcDj0b@th6;)V}M3Y%7EZCUR+%$zxCb!;jPZV>5`u{ zYUp`)g7!r+CF;biZRY0?)q|hwhQWc5Fq21iMDn)4f;%DNNXby>VyhzHBr8&dLhfuY zDo8o5)Z+I?dGz&@W^`tr#p|+c20aXV7b9yQI`Y_AiU}+$_f(P$xXczc489Y3yH!@Y z2c6o1beeA_WQj)3TP;YZah`SRS|~5R2EOC>zE3f~INm2L!yy`usa}UES6HJpW|;Zx zTG#db2r->e+@?l?tegBO@qSok!s3f^FXH_ej(K`o(l7Id4$+H(ez#e?)tLT~)!VS_ zu#V@qneZo#D`A(4pI}RXartpak3VGi=Q*Mj7@^ba0Kwsoz-g3f@D0X7FUE}Mdb6dk z0}=Bbnu`NxN4X7=Mkc%izco-IM%2NdB=n z#D85BO`$gVk@es`ruKBUZ0~{(0RdZSDp!j1KQ{g&mZt*qV<~?RT6s zSJRFL-VZQrR{%1YnD#eK#*8 zI`@`^U@W~-6v(ieEcO!p5kSX1m7H5FPB6yR2l%xR4iiXa-_&i0C7ymJF}Deju^UeMVLoT=Dnp?wUrSqt#6=iQ-BTq>$9eJztCKa0ZEtl6S(DYnuJ&t#~n zI_C7SN7hOmn>hg2$S9?Ij|7a(Zx2HUYy|sw~1|zYyr6;tK?^CU^o)4LoAK1Xz&u2_t zQj{sE_4dStcFLqup7nsy4KU1%dH)?uCj==1F5kCqwE!tdI?eL^_h?`+-RkDo4Rztw z;_rDbiKrmYa=8k@HtcPrG=2TDJiUCq*cv76I(o*z2n>v>N_K3N3oN#_ICFmx0qFwU z{!i7xl!Xp-Cw2W7PZ4&}??@Ai!9dH_Q=T{#D~5Ah-~Ul~uTi?8!ptz!{j=~hWZTS^ z(fy%i6P!<^WnXutDNmPqbsF{Qa06i|Fw&_M2lj1@ru}(;=W-&hlB(zWaXhiqOo&0u zTxx24lA!X!kFKcr08q|3elkBaY4AhnuCW(jxEd{X!k|>Q$xZ)7lxf3zN;T4FTS&4v z#v*Slh_}yFct%M5vP(7c2#1ofmnmF_aR6Utb1E~ju_xJgO2f9+scZG6TC9F zkHdoVC(b1@tOu{69WrN&w-X?0PozZ(resJIxN%-%()mn*H;L@Co$$+Zq6Kd8lW0z} z^S(Jw$$?M{oxm_>o^UBMZauR}<9A)tx%&%uAhw89cZQT0c*E@Q=<~9B?l6QYt%^ z+Gxtj`<$I6RWvSo!dF;~E}Yfr2c$j_-6AY&<70aSO0s)YttmboySUt?tTOtu?)?lRFtx(USll&>qEJ4n zXN4}pd$vWS=D$Dc~n0a2G;i z;_zCi7KOheuzxoPO?^@cvkQANB%<;PklCz<;0ndB5F&(t<+hAX4hXSF`Pwwdm^l(hbgxd9UlzRhs3LIhTUP~Q~ZJXFHzx3 zIPthG99kXTn;n~F)st2|qrdg%GGj^_BQmT9wto=qQcA>k)P+DiS^4)=?!;wnyd1^p zgu7+PCK*z{E&~kzd9W#7R=3c)zh6fUB&(ZAb3V!<=}hxt#yxyH@m79U=~u-x8B~)^Q2%onjbP&0I*|ky~|Mprx48-di0q%>83;rfGv@mmr_uS2Exqk z+dZoa#j{EH9uxbU%PuRBM$A|Ve2!ObKjgbpTc@WJPF;^s~~N+5DTh z#o?R@M=8)?Q@y%6<@|jqiYx`8p+xoijc6Dk`Cy_l>?puyITa-oIkx~?n3(b_p*P2{ zWkCDOaUfgZ{LSrMJo-hFU(1Zr{tngK7_E{)d0g{y2D$h+L4y?is2EqlE0~XyRmt$k z-C`e42=dTM!&*Yry75nRrs$Zg`=YUA>4Xa_4n&jrgJ+z@ zJ$}EjuGj72bc1UTW^hrin|N7flLUL0=$fUX2o4pmg=~Az0@IMvlSUWTMbuc*z=k61 zHvfM^wV%oyaOzZmjg=&>>MTtR2OUXz&6f2o6Dj6@KpqI<;|*g}FZkLX+refx*Sk&FtrtqrK2=YG;8j#dF?JUZa}HgOp5XI6;>E4K3YQ9o zknm>mGac*0*9ndZ!CoDj9EuQDGZe2%?8&~{e>QG$*EFhgh?9Z%n6(!a(Vg|GJ?*|y zhu;KKF;R^T^R29i&fqE2lr8ZgOK?ktNqSnpl;D65A{>w&F`7pH_x5kE+T z8g%H*Y1FY9DyVbuYt|4BIs`jC5UFS#>gJg8jhbrQ$Yf11(Vy2CSpNx*aXkW-C#YA1QLV^*T5~U`Y#fyslOV(JiU3Y44-HTBF$AQ*oO{;gUAN)LU z=vh|(oDHC~cE0Y3_6dujVgdWI-6ION&s80`0_Pmi}c65qQ*i_!J4gCi*u}L!;W|1@e zOhJNVa_}WDU!Q~05m#ew-X!}4jNBS$95>~hii@7;d8djByObLYP$*OLj+==ls4(@r zX7-n-lDj?x#9+JXnwKo{+mw|D?q`z~e}C=Nt&>*XA+P-*N3?G1n)FeCZ) zZ((mVi{Bg>2;H1<&rRe@lEd{ z9!RzPz4c-wP>3;2j4!88g&G8`AM8_js`CzrIHoowDh(_520_&Ry>9qou&J?_BCdv&q7JLhLhshdl&IhWl5 zU#q%md&Z8+12D>6N`~p!GYgf97U37#<>*^?Rbj_@{i#TBXLdjx3on=L- zakc%6{defGuhJCDNk8W~tFPaf*^Fbcpw12R`;pTzx?y_PD4MOiQXi>&*8*8hT9;n= z<3sv=PJi1NakPf}p-vh!*%Yp3ckJDw!jFQ%1{+}=M_z=u?(uG`_o`3bZI;zm+WKBD zUt0hM+FQofW~r1qg(^G=dJ&DVT)9Kz=JC_qwkzL?)D^z>s@#tI139$4>$$$cTcfw$ z87CE`uNoQsn2Fk-a>v`-wy1>Ouqp+CAc4cRkrpn4m>peSwD2(_@}4s&|7iaAnC0_m+_$5pzvJzAfT!Y(N=3~gwu5}mDkly`8VSA*dZIdr6`2kkha=PK$+ zPu2OM&{ZVRzm(a^mwZdA?|A28d_69S9c1U}6+7`wey_*k>yuTDTR%>qM*CkSC!l#T z#ZH7_0%7ci_`R;ArDh1CXOcy7_`ztHABwe_{&r{tVeP5-qx{cPZR{rp&cMb*4alU>wNq2(dPh{D5{(BxJ4O&JBlpFnWLAG(_IXb065#)|#ReIzZ(cM<~>^3rBYJ-}hqH{KJba=7kssDLf zG(LIhS^}$qk+876)xIBk(#RJvKH~LcasyV;pLhNf{`vmjyI*Y07-zq7fN#VmkmAQ) zO-7!Y7k>T=OWrh!xFifJdA^I5!0=PmHA=6}3jG%IF0xKAD01UHiu`r6_)>gKr*}~5 zqsdU6Lrb=)r1*#a2iMGKSfjLA{~#UQ@2>M|UU(l$(B<1#n;nzHX3wF%S9rZvUnNns z*m{cc>>yfSWe+_M&8faxs;6ZRN40K{zJBsk;wtwAC)aM6$gSZ zMt94F7njwh)i858#3*NOh;CJOpK{il&^I~!19C*d!~MaNk3Pan|&`V zDDllNzWvG_LSmagwhxS8=MiB|nmZ#>uQ%Yd6G@YM90LEW9i&bqIQPrX-3@GQ07$I*32 zXuKBNOou;fv0x-h)WO;%c-0dQ9wBx<_#EtBV0fr+LGd@zv^O1|1;xuFoU*R5?a#H~HB);WmrMCtg{>=5*3SJOl@P zhck*dVVT0PM)&T-kt^^x(Tqt6tp5!{pD_Z8~Ob|Eob>s9css zz6o7CLW^j>hC?QiDm)1Fvu{4gi`7&-x0E64qMr-!1{ta+K;gURx%c?Wmfq8KBR`_K zo}r?j_^?#=n+^O~;|Udun_B&Qg7~_RvG1zaU8!u|MWk&st+XY1iT<>` zzxuo-2fst`LV@)|9&+@$%3(_B133c)CGU`Cw-sDeDnBUE3xp0$?vx<=KI|WDt6CZ` zhowTAXgf5zVY ztgq}Dg%OL27>ROW84|E%yT%FBhm{#;QM&xuv@4!R4*K`#=`UogaZP*so$(=gMekXn z*`3URJXDq?cJB~|D#vK3;>6_2g_;g9LP5dJ$xqJ%6VehyDIZqO4YqD#d|VS#r$N{3 z(5_J%(O5#)w()1n+g6AWr_v%~Gp;AhL*7lvF?Ntt+e{xTtyR4#I{2VD>N?bGtw4un zHUbJYn(|e`hJ^CyML$i8c4aMM1ic<8g_<1v*r)PuaR>E@w5=ZwC7uL)a#4E@UvoqA z-se}1NK_J9xb>D%Id~TD_j_oPi z%9DKk+pw7@wXkU>7t0OFL<}^|S8tNE4Vou=pmjpX79jBF4g0YaECFNDuDh+g$k)I8 zu~4~9^XX+w|B%1ElLzoH@fxT>HNkW2Ko zW*P%mr8W`p99yy|k1VQMV|_Jrae`d-X1raUN1rV=#)B}E zGi>ml;}XOoI$v1PbU|O7omDeo@#D=?i9L9vb8`Rk4@+BtFVb7gua7f^a8|mdWB%!# z(IP_uiP&mUp&?4t3smjC=_VLFo7oIwN*A#tb|rK0wp3?=#~L)5x_%m4n{pSIG7!C( zHwHVTjwWVST@xpU@k#z9c9V#`Zti%C<;dh{gm^1MDrOimE~2YqYqD_Yg&-*z0Vme- zzhIx?oro7%Zf{8=ilVlg;s{EHkU)9$hD1y?Bw7|TYg64Sp z_H@)ts~D3V*QRo4@m-H6ygF_H-$$2g8;fkUYCNT798$8VtH;$@r^O{={ELA!FcXQT zc=)HRIkhLhs|dlyoo<rQ#_s5CTXnpQX5y_6*Ga|gHwk=T ziw~TbTz&0g+v!Wh%D$Z%MBbt>$bqgLiC_76hv^G^lCyjbxirgrC2xA5w%(%*Is&4- z#@JQ<0(YR3%mTEQ`5ytazJ1Pe^xQC(1v0mu+lcUAsyH;HW*MtOu zP=IcFEM*FmM-=N`%^Rb4VlD~OMQ}>SM`n*hV#>p(dHSX4E~=auT@b!N;&jGBu(mJhZq2&S{jKV<1v+ zBe$1(@|y*8{C(UZR{5hk&e}3%gO5Z2G0V2=|QR0ZCLzY^@ z?jJ$lJ8-EN)>zLFcmNXX&P#?M_YuGe5P0T_6&Utt*=VJ)!-5$3*D`;=k-K9o4AJZl zSratlSr|Giw%`n2bF{nKRBJeEauR`nS!1dJ^Uu7-7##M>k z@KfMZ>s#7 zxW<+H#Jk~lABwUi=O|B5gJ1?003o%t;Z)^M7?f;LJ%#`=&;hO1%Pp=C69V@N$DLq8Q$CVrb{T>@~Ncp2oPv_|V zyffGjKw!7PtToUb(Jh^SFI(TaXt0OeeG^v8^Tz(lu7MI?LbYXU`XNo(gPamt=#Slne)RtCb&%!5|rE7b&%c*`x)4eX^wA8hbKH z)G))3sXqbe)a#RCD1};q3tjI6R?3c$G`b1*AugYN0RxVsbvRVCRq@}WtU?*2CHM$# zwcxm9%mn~2a{;MACu{ll<;dPMoF}nab~WN?$0@|fe$U>PAAHa9Q9|roVF~w3opr99 zUzP48zdB+3b8K;3IzMM5GoFD*Mpx+xhWDrmX2EEJIo8npsYk$9^#IW&g2Eg03|2&(252^OJ(K|FiS@xeqOO?@D9cRR>(LfR!$!U~FFoD{=XMDg11FcVJtgoEodUQFb?#~sg3YA=l05^lDmeYbvU15 zoo6jypvAf9JpPy5wQMx1z2_HuZ+{`_PtVx#mKVwA-10~nO3oBB>@SVLTcF{NdbiuT z1~V5e*S}B!ab@{JIV=XT%=uk7FI}LF^ zYA8|CVY5=DMj-fNG}M2|;j0`#5Oi4`jnkG<)%p%6L)?#m@xvC07t^M2s2qwbpv2_+hCnsq9hwf50s(#4X;`x zaln@TV3}s-H6n={$TVl!u;>yhJpaNAQ<;}Ge5f4_`5ff{<^SiA9vQ0lBg9CCMmzOt zNb@?f!}X?-u{4#9yH@)_cFybMREDz+nPgK3*@>C+1yp3J;W8MxWxj?X_zurqKJT^= z#)9d`<&BEBEkk?I9hVMW0i&);ogl|kwp_sG%Rb*VKR+LjIJLAIjP=;?9lo2Upl`TX zXHt3wYffIZyiJoxb(Jf_cT_m>Qf7ZW;?ra-``vn#ntOn>2h|8xyD$5MALNqgQ2x1# z|8C6~wie0{DTK-xQ2aVQ+cMjFeX}at_aDBCCh7R1=> zRNkxgDuw2%Q9~vc#FUlP^2~jfb32H8)u(9n5O|_j@|0c5osnn-zON(-hD@YN{#qAy)|In#5m4 z85JyvS3NKUt&8YKQY(faa+&2_vx-LRk-3||ylVN^tg29Y z;1#al9R>Qk#gJDuHrsTatCcP1Cdh8)xQp=$^si1#GAA&H`r^hm-Kb6QUPe$Boa&}d zaT>lezJH5KjRmoI$J2uMU*u9plEmL8A&dfyj4k5k%jv(5MbGWCJhW&TdVMzmN}9rP zZLUOJ9oN32(3bB|GwfWx$30#F`c*9|r;!t(W0+m|MGgT_&C!sVkKD{LpaDi(c_D+7r*tpIv%3_M+RV9FXR=jV18a5&`=GvzCMhBf+* zbb&R*-#owdBPam|nTekhHZQlg0^^@HT;F*kLk4p`sh+bCyfcoklf!C~+LdB7xwA3FcbJ z51_yaAryEt zFhLq1MKV#UiTrB4RO_3X6^xgHV<7f|SQV>NNg{-LYyGNNQo1N{pNMS$U>4ItJ%9b{ zgMUDCA85Lgse-g)vfvh1z6y}1n5RQ>a9^bMBL$)cfd$H@xXX^k_k;OT3iz zHA4a<=ZRzh87Iu0O68aT)k*@la;3CrIqC#B%D z$nFJ-08B1uFRXBpcVqAofZ)?}Ya~ct9mcigmd;l-9x@Cqw!keFEsOVwXp%Xxs2?wr z(>*Mgco8~(WV*&nt;~VXoDK%^S#5$|21XfdRAZ7`An;Z)82<{;DMe6&qj0bXKHzp9 z@W1h>vh`930G0|9MUoLDu&kZZpXS8W*K;x3~m*S;2f)1^a(h41-Mrr>dIS-MNj>||wgxRBu_gjqn+)zcxIz?9r@@PdoL1Qo;%`!89ooMX0tHN1x3BaU3i0>0s-z`?( z&_;m89z);D4M!&}-~c+}x4;WY(a{*dft<^9%YL5&Tf&>6NmC|xzU(l z^jjHe@IXI;WzuO*=HzAU{E=Hbf1~INK&0A!B_0)z8!cG4z5KNjQmlKFyQR1cw6+s} zy{6|_4GRx`T;@Qf(w#N)8&_{|>8xcSAXwuf}h;|Un1+kLGF0U^zgds6aRsmpT0uW7m_<(va z?2s2oU#D>J;Ol`u!I(D&{T%PQV}uqbyWO2-P5KHE8^{l{F4rWoomYeRF{l=IH0Qyq zSHOYOVNC8Q`xn(ErZ59hS-B5*avJTmo@;c}FlLXm5TNQ^!#SVqQMWcWKmkbmHEBpW z8e?hb0Z4*ufhEGJTAhEI!3p^kgaGK`%%B}(T7#`jZq1$yAVDySTz}2i0LJXqU^cR8+PZB*xC{T%C_JDPd zw|K42@}yWAq)7lJ$%sJ7aY)fCXWuf$V9Ti4C~58FEPUR-OsiXQ11MrK<4FcUxqVV_ z!TI?tPWa*};o}$St>lFvi6WUg71wkUkgHPI94Ty(j!0ad%nhq6WU5tx`vvf%_m77` z!ycaFKfsZ6B>;K^(}wFImk}{(2?F#{NRGrF^z&D!lO|*pi?adulePi#)DpCIR`Dqu zEPI;`$OqEH!3^1TDa#H*ue1lu!@ElVhzyi~(vvH2u>8ONT~K~=!2NU_>}y8pDL2_c zkM}EUZDCT+nJ%kPJEa6yqGZl>;y!H|Iqx$j@Uf$@2|f8MlYlC>Mlu|Z*705{4+Ois z8U7Vf&&6aV=@VsNz03FlO5D!|{fD%;L274(JDc7XfgNi*y5kW@{R?f|!a4;uW`o}m zg1H`>Um5#@2OiIY#jt|}G4=AxCoX9z4K^0|AEoWQrblJ`vJn2y z)HXHTzf3_b<(B6sR12;X2uRo}+rr)WPVPd?J`F%19%#6ZU^9`?_vHM*tNpi%q^b7lk~4oDqxFHDYmWigBPGsKiI7=^R`v#@9)6QX;>* zjk75ormG~#6drxJSgpdvG0k8$-ya^9j_%>v z1x|_2)3BPAQo?7{6!J$OV}RYI+yzIm!^QNJfl2aQ7}SanMu$QRb{!TmnG zhzAvvaZ;t%3%1tj&{|(R9u;fRzV!A-$K+%Db*xzbZcn~hl3siI3{IN$+A22fqfL<8 zSLu>U*fENd%~S&h9=HjV()$GQ7H0m|M99Ya@p|FHbcg=^$}t$9@<;!R1odSS0!YVl zu&_*M21x$j!f@XdO|9=%4+LeKr7r)2?#n6*5JQ)V?Z2b#4m>w+Qn(AG#wJP1{%?Tr z|Myq_+c0+hFZOg28!G`X)EnP70nW$&EKvBrOxV!R|Hbfq@Bh_0S_{^xG5%M}*camB zU4C!`EB5)HuVCYU0Y*l-@y_>6zOs#`?E7y!^Q5_KQD#xZYUwMzO>W)dsa-}wxf-ds27&xy;Y$PpBH4fN{R%cPa0vOW~q7x$bowE|(Gg+lzW zZB(UiSg=z?vE66N3UAO>?kVH(=rO(i6UA%)q;W4+BB3B0Kc!r52Ek_4ic6>i1p1m0 zy_woF9c}x&!22kuo>F}aw5BHt)UwHxDpPOk=ojfn)P9={l|6YNFL>jOFdTm zi7r@SD<_1jJEAC#AXO0*S=9mwI>`Cw9mc>(Zc4<}8*GWqE&_SIWX2Dji{(g+rz znm5?3?1D9=5?ikcJ{1Rpg2}&FwZXmqBYGBq_W80SifV6Wt$F7C3CHt<_4{924SrTw zq{pRY5Z%G>zs7Wc3oigwc2-S$Gmr*lpz3ReBmuBAE~X)tt<=o~i)c5QC&x*{+*)X( z8vlqsdw9&F(Ui%a8naSk7`%Ba*6|oLM72iLDxbb|S-qNM=a0Lmz<&7fxXDB@B(IhZ z`XU&g8SXO+JBdFTzLSZS71YH3l}m&^)Sxd;!)H?r&6MX!>Xl7Uomt=N5|>%_t0h8R zJueLz$~BR}glnUZ6MvL#dHmzp?3&Cp{5JS6TpAL|%^68r+MUeS zr>ZT#lp{llpA55Jv072>M71XXQ147_r1pTWV#kPRwu#PEMb#!5{>CFo(Y;I;5PH_y z3~mx_!E(VLeSO0a&V|IWygpQWbBpm4ke(L+2NLa~QY|MzhH#7RJp~tm5j+~-j#u=% zD6MZMK%!-sXO&fxn1)mXI&6L#K18BSb+Z5wGZK4s*1{>N8W33oK1K7CtqMTZFqamF zNuG}Yck67diCOeE@EgP|+EyPo0-QSa_1R-%PvILxh;Z5ZM^+4DJx~_WsthSrlV)>7`h` zIa0geMcKUJbLuZp?x7YpC2BbajH?F4t*X?U*)m7}>HdJQz{u&rPm-YG)=28jOxdE` zGj)nvU(5c>uE|dWTF#iB`ww;Z!ZU?3#0w7bXI{H95e@*x0XHKy{ zEThBUQTz%XnM|u@e!1^+l++-e2e_YeUY%7I=X<1CGfOEGn_m9>*ss9vQGQuUT_8lo zDz{VTob8O0X@|sB<6Se9a5sHH@6!9Q(Q;+Sge!q2+xTY*7{?`<{OtxUt)SS*)~c6I zsc@P-zCQA`M-W!X-leC_XZ*Pu&}DZejqd;bfOhEc5t5GtXpQ&K1F<-g2}DiN}M zU@inCIl}Hr#~q9NnAM%Bp5;}43fnk-Gi5(;NZ_6c)t%UC!dSA21WAgGs-bjN*#HWh zY8u-l`!lY6JpUB9R`5KS8xg#8OuR;7dLTU&>ll3koWULO3{z-e31y$bY6*4zxo~R= z!&aMYG)F2zWxNgZekzN>>CL|&Zkh}pJ;4D9?NgEFm&{@_;NUW8j;>rV23A#`PMK<| znNS5~n9w(c2PizSZQ_Tgsoqe@0+F0x@nO@ZbJ?Ba!6x@BQ$YkB+x67lcFs6qlN91c z^dAjK_f1|&75=dIERK%^qV#Y!dm-qicw~e*HZDmAI2}x!AJ=`?HiB&gI6eDVO~U54 zWvH{k4~9g0`bq9hG3yIZJhcx>Ox?@V5l?FFGA8tv>Wt2daGiy=PUc2{@Zfw>3^^YL-8&eA%`Fv;;M1kilLhKN z22<=wo!1x;pPSm8hN1+2ZwZ68H5ZcU&Bb@6R+;pfD^HVwX5kr_Fz=m>7#6SVYX-hF z7KNfDzN0|pbrDw&q+Z1mME44Q-r<5vz8qROv32D@XVcLiHN6M5{1FRrpXm=aY#9Z*Ogtd|JxxOHHS~2@Wo&j zG)m)c_S9{uM`#IFPp#nTu@J>MQvRZG9L8}JRKBbzMR)w+-|s|}pCf%Reh0~|#Z&f? z?16dV2$JX03d*7s7qA={%B~EMS=jLHfOlsTl<+>aOp?&>JvgW++3gRx-^dEgaKt5! z7E_v{>S?6sD4%n>cO?KL>oY#H^kVt$A>@M~bhKM*WbZR+;JKL)ZJx`x6)+~E6N-#E z@{1oLj+$k%IwLCs-w$l(kjzI2G_;T2UDN5?QdSo94ZN)SgcYceZFp&r=2cGlWCNgt zphBEkLAl)nt3>S02XYrme%jB9Ss)QJQOxgAlS%guWB$MQfe#5TZVV4$nVa;~-hZsd zM5K+6hONx+Unyz0>OIv{5jQfMJgMNU!5jRN?6Y7r4f~x=q4)aS$lHG0bj=YHVSB|6 zmhv1)IK8m%hfVIEa!hGXdMd&?=NOgcjxEDHQiDC9hX6SpWd?QgTwk4fu7C61=3h%+ zU%q_IQCTcM6uX zEgg7BH^|tC8>dmAX5cw*r0Fjg4&guyh~d?F5vOFGSYOp7xKy`ngLTZf($1j7BA-~R z{MgRV7am8LM%bVOiY!+?4j3HfTU6Oj1HGc1>)`?U#_$p|^tc}ZLTs?7xAr*~VL)z^ z#Wtr=5W1kJ5c9Hn#u`Xx-uhm^&0LBDJ5P+y}jce`bIiWL(WB zk-`vm^g5#vJEjFRGhF2R`tzI9+AcZd)_m%}7UrEMlmjP6SkL1a@tP#JitHD#jLGAI zL&4#xty~UAi?V~&c1aXzq2Vkng}A`Z@7Z|f-nrMqo~~*%R=Q!}WvOqA=(L2;xb7Yz2`MB4 z_4iKsPsUY&WvJw!pB;Z;jO6yC#oo10&y;=mg5K@dXXZ=Cw>Sw8uw3AUQmxSG-v;c{ zuD{qK13An%2p0<~Mc1%v3R=%B(eS)JPv9b8z&`xovD%VWmeOqBUgBF(->>UtCxK2c zF_5D)frKsDHZ498k!hTe(m&v38!GjldrupUTaK(-^it{rMbJIq0rnY@%@;JM%ls3M zp@r);l-sX~S;2?RJg(7+Sl#Z9vDh+j7LKck*t&G#&ikqyn!rHLC?9MryPxKRTsYao zfb))xuHrMgo9CQU)0EzdaQF{E4Ba9n5a$C=xc!iNN<)e;g>PDyP=6?Nq{Ov%|D$kF z5~|GeEPnF)ff&^z)vaey)mf>wqJ?-$G7-Y}eC) zJLY$TNA#X(LPNhI_)kJ_7x;IqB8>(lX29OJ-e&mG{m$3A^}u1uqGzsuuw7p+unLSA zT+ulc1&-{{>4p2O#IVT6*u2VEj?0!O(CgwsQy*+L<&-D}&I>*KY}(##aQNm1M5#ye z>109ibyf6_I06Y2EhFUzy%fsDaPov*)6g)||o7bjXy>s7xHBYrq7u1H3Uj3OSu z4Xj+=vm8p4VXWwx_=qawSR3pr#8`Wl0ZbpI_ z-XQ%_Hp;hp>=foBINC1wd@C{Ut4}DUBg6ZG$yf0?`3cXJ`R7ROnFDjxC%3>)=?@1) zL0^T@-hW^oni;$)-k3|9h)vLq+Z*JVu)|tmmX}fa#;_3~9y;?rBmkHtl-Y+js?g=6 znKPe5_FL;IqVkrAYNdrSJCO;Yr{W?i-?DF3$Z>t;_dHobi1FJg;d`eU=s=u)Jnf$^I+2%)?H} zpl4L00BotJeq5Y#*5j2-H9~g*uUu^QYj6k_P-!Sy61^fmQ)HE}YhC8sEsy@hM!|Ct z0M)OzB`~Nz-Ba#Gebwc|bG={4D~>))T?-gvHSf2-u)G_XoAW)eTCdAgZY7q@84Q{{ zi|}i;{^h2Ji^dGa=7VE36fhXo>r(~o+9G9=N*L5H_ijfV^5E$Kv$)J-PD={H|;`DnT`gd8qS~#kqwfh@kHpM z9+1Wk$tp3Aehz2flZxw+sz3#Z1A56)OPFztjIdvk#mBTZqs)lhb?-hdn6}AyZwh;= zADO090=h0PeJc)4uCNU*sg5-B5N@V4rqN?L8(z0&6s4JJC=swP#Pa&T)ZhZlpS%C}RT>pSP9uxf(FgxnxDvacO?AAFFRPEP1HpzGDdT&-XMcQlw z7!DT&mFi;^`0(>u1B+*^;zs!e!JkB+k`gB9MyOy*qeSM;>GxGr=`f{iCW+55@cU=V zwpmfsr{W&+q~`5HQbZ}Y<(*@@WwD6h0dd{RZvJ}e2hBf#c~L8gPR&37jI!)|T*(}pu~+~KSfg-vv88^<8-Vh9 zhoeUbi)FjzD3q9Q{zmFCrs`XKtW|srx7vYYdo960nk1Y-wrz&9r5ET=*&}>#T_jqlD93)oQN!TA;JY}nlI8i=`Vwj~Z4dQB zHQ6Yj?3$SIp|sr6|0P&Yf!Wn@f%OutLicEKQ!$*oGj<+THR8t!%VL1AhPd&0XVOay zu=~%WEfx#M;-y2O)#8vB=#M>O;J~QWlK-621GNJ@EH(W+sb~*&k4)vU&C+3&eQyC) z2elR-b>&Q4dXAU)n)x|s#k#U0WTX4WqX9w6N7RBwuP)&-W!b!Dx)40tX*QoyuW zC^wU`*4&~>mU;V147AfPb=yOLQz%{b;k{1auH>k* zRB0P}HgFHo{|@CB8gfm78p7TgLqEEM`YT4MFam!=kk|)BwFB2tf1Qx>8*KdwjcHgo zAo@p=Z#;V7YT^)>Ybk%k;5~@kEjH+ZL=xb3qZ{Hdt_O2{f^y2g!NMIAjCy@4Jfnie zUy44+yQO<@0HhO{N!}6j+4K!eL|Mxtwxj$w^`4Y9(EB524&&Zw15CzkDd)o}q3*y~ zu!fdH@NYQHB0TBep_ds8-{J_O@>(}KY{|6n=+JIiBGsq&=V}TAUJja{VIpjOsE6X& z033nz2<`>Qb}6Jc^f%3qb|(sTpxbIR*LU!&Olr@jAT_pHuaaufn)t^P)9zGIPzP=) zC9xc|hoc#j4UsD(rWV=1!_rHj&SQ6L4-S(AA+50x@)ttk=ubDyo`Z8fu$j1#9U$Xd zaeTz0zK7O#s+k=V@jfq{5obHNLxNmtSJTb}T2WuuAT@o^y}?!AO7)v=Wz45AyyzAX zJ?C`o@V69ZNhL;t;mHG2_8($TKgi>F`BMG3kz_J^e%S0?v`eV{RFDrhoky-|9w%c; zVk*p>DLa7sq_9*~bGP9P`_Kz@p9f*bkn%Nyag;+Zj83{Yf;fX;^uVp7y&wi+D@P+c z%Z;Y|gQK$6pE5se`#ctu9(BQHbaSI0C^jc8T`aJ&4@l+#@3S-f>=L)^tc4&KEdHv1 z@1v0koC+f6eR=N^4r`=HJT$+4(B%RRp&)Uk3!_@{iXSQ}7VK5DABGAm^O`h6usi5~3fhpis4( zrBtugJ@naJpBnS+Z$n}lO))%})bjq3|^(pTk0mLC|rVp{PlB3mmdC^o1| ztxy_V`!ynroy$}LxszyuUy2PGsAuwlo_I9HIo)*sEYTc7htTw+DXSR2_~4fPta!M; zp4xs*r>#E7q`GI;LwH8-w$uvvZOpFIJaAW%msE+lr?0-&IcS2D3~sliU9d7{X^bhK z1OslRZXdBd<`~~@V5L)TS@a#K`G7paM0`KWOEL8Ry;3oswbX`uQUfe8Bg}r}wu4-s zOn(I*2OM#45orUkLVh?Ez7P`WujA->O(j86Ov>FX=c#wf?ry+hTZS-5!J;Jv*m}pS zzpWr&?>)%4S;18Lx?Uw~wKk(US#h>hIR6wY6GyeQ zfyZ^3#9pX^xd4CClWI#v+&2XzLL9Zf*iOaTPaGA&+V2K*bZ#8G`{r(Opbn5u08fwg z_bE`hpC}7kDaPE3K8}CuJeqCjZ=~XV8Vk`kWc~)|6qJI%yAZj0O$3SO{K?6&r#L`# zi8b?sCm>t-K`HE=t~0R6B^rcSc;nCmq_{TOG|%USH(-3(R$2owUO3`sCOZNZx&*P4 zUu|mM7Bj4M0!3x815GIfhPN3ZXsfnB)xgtOEh_Q8+-+%KB9fRlc5qnFMBlJf=kRVa z1P)fL~Ibsyi5 z=J6~8P0#tDb3s~&o!l?|5u{wB^iOW$dnSOEtEne;o60t(RG!T~1lSwZ+sO*vcyQq7 zFhA1Xvqu9&wP!QPnW5WD$6&wda3A=I9LC5@->*X&<-1ESlin+O)+G`luEafHpJ>auBppC$VNvyayQy>+~#6zAVAq4ZptJxa54Bxq8)bQBIpHW0*wc67OkHs5ef$!!Bp3Yg2RP)nCjJ~P3p0b-c zu%l#CVQ@QelWHKVmG3^4^;Xb3m#u7?Vy@DFNWUJ)E=Pv`nb z1~$+BsjE7H)p_^B`)=1wXKYgPhvzlr%9OXr{lm!0&Itz`i0-tG8y^j6cZW^9rk0<( zc`)2HTO^Y$a-;TUCJinGIm76T(ul&M=AT>j9}Lp!ty*4$$lbP?oSoRL{)}yGgaUMe zDWIzj5TGlhT7a+Uee$QPf#3o3*D)T_K;v^&|99bCShsQ=4w6}36}jCp>Z%y7mj;3S zp$F2gG}6$CsO#qzyt4Q6Q-GVlX|9|90eIte5G=22_dy3bpUn@#SNcgxRlYYAz7?y{ zp}yG<0GZUxs+5+z8v{gLjl7WT80NLfYnJ)?8%%ER2REOx^JbqTcf3Oa`7vPT;*Zn_ z`Dta`PEl4Ig@`Sz&w9;^J^X}~nxg8aM#me#ks1dNo$7Ajg`^DL=bzqso$m?9 ztOT++ja)qo7Wn7hX?g(TW$gYDeFe9lDQ3T9_T$2+Vz<;4%Jix6(eI0R8#g5-zLL} zHls~4wgETRyeHP=Jw7&Xtcf%67B}lftXv4{hy8ZVKNiyC*)N^&Kl&+QTgP{p|55Hh zqHOxcnicXKaq$wd0ZgANj|o}cQ^WL6L`E2 z>j*Rg|D%_vCEEYFjBfH8bs{P<%C zNcaK9`Lx@oH1^|sm8LA^2DaOG=7ifvn4mYK)p_ZUSZ=M2H%^wO+cw!|e8gq@r0nm1 zmcgO9e9WB|CRF^LSoVfQZ|cy0NnMo9TQIjb4a}Q-s=qRrLiHW<+!Z8{fT_h!pIZK+ zWfJ16NLpYsY7k9cRfJ%eJTzglahl1$9c-(w1Puu_lP|IzyWo>PdauXpFP2#q(1#x= zEVwmG_Ea39$XE0^4voSR`;~;IZY|_ow@)%+pp)7+Jb4PG$_G)LIQPv#rdn|V|KjA- zwWNfh*((28J569Sju@QmuF#;ZobAV%j1ngvftpLT3}<|h(r&325<@&qFFl^%DT{T^ zPIY5NTmUqpw!p&xmWct}qpFsq<(*~pM8q)3i^-8$zXQX?W4VK;Tg2q_)QsVugl$YG z3eTl!=Pt0<;h}z~6os@UWXL4G?z~RYKxLEFe%CQjMKJOz=Gi7bW1ioxyvxsS_&)WB zELALa3K;s#U@cQ^!`$5j-zu!6#JJZLbq?LNR)iy|p-`=57i|CeI|r9>FIos*hgZIk zEcFr_5o&CYz=Uve`9FB#uP*Xiev$uRnKr;+kUX#eb0;?dcy)of!r{KKYKvOSusc7W zHw-f8U78n-y=2K7lL(Wr0R^+ryobnV^MdP(#D_||BU6pnH~(Zvc#K5#Ht?;Zr{nQF zov+}oHB)6GCK~^ohhHykso<36Nv09hs_y)jjQ2Wcgp(@i%0l$f1aMnm(n6+EEX_gw z7nTZ{Onr3`vUL>i`${>J|2noSRc!xbe=4wh)b~8oscvLd>|we1ChnF>G3VEa6?_FH zF3{Ad9PhONz$Hwj(QCQ8d6BCniy@H>w{nwTx9&RvQWBZP_B4SFwX!GYhp@I2tvMch z+(zR-4o|koI>GwzcHndcP4ZW0x(@at_4AENAKbwa5aV;0Cc4|%EW3_ZB$pgOf2@dX91q>L1~^rp7E@yulZ)P@OA;eJ8yp0+_!BdkSz#h zf}p{(9FVcs;b_&2r2KHO$93&9LPnEPTGix;UmlRoZ1SCm2J$kaM=2h2f4A=zhsTwd zN!40;MYv-!qFh;lt}*y?kKDs@+JW3xVL;kd@I5EcTl}=;$?Vy;^NL~{{JB8K@b2vMv7GGspwOrzD62D`J-Jy; zrdZ5YIA5i`13IEu;nFII{~mU(P;X%uai}-zjG#;bUg2_1e7co<_Ix!6Qn`Ea8RJ?r z*4YQ8Tq3&^rG%B16D#9=!^#ql2Dgf6{XX~HG`!ofzh;PzjWqxf1_??7-ba8~HrZc? z)cA5OY+?pvNY@hvWL8~3+<5R6Rx`TJKqEM|<(43z=;@AA@?9|hLa{}4-_VYj3Jr>0 zOvWAOTqCY%N6X|zko_b(l+mJ*&X6`{3cpT)Wp$%>|1wfwIbbeeR`>JXtVn z7%8C?zg{DGg~UwfzO~=^Q`-qeKenE+-X{kfsu)r@D@#ch%{Tac$Xk1sqB(p)FLN+a zZ;$W*^?U7 ze^GGcfbQt=@+fr0=eO;B)5ppK@0@2Z{XJQp47A(Kq8<@ImUm_WJhVhcsUjryuW%N`rBmITPLl!T6$t|jqpAfrDw}mob*n`d+ z+Hx;zmvqhK>MO^%pAi~bOiDi$e+9m}v_9m$z$!qK3}f`!!2Ot-J3hSFeUX~9fK|}P z^+XG9!FYnXtb$UIg*zNrIDxg#AO84SEikY7ayjw*k;+^}u_T(;=-Myssp4Jn1Sxdd zriQ$wS`ncKS)^y$jC1HPd?b+bTUYvrNaIIoAbc%xkeh8=;PZk&UDiyH&9@iu{5GfP zyoxuZqBJMj&8fGv%_-{d3T@y8|3qybb!!8SXkgG~(dO6>I~s#|$=W5MQX3;f4lr@4 zm30r6iWW!zmN6Q?Puv({Asy;M zkD$iQOz@i}^;r9bH6x~}$-Syt3}9tgpzy9v0#^{Q|A~R60;|QsP#VxT`iu_=%>q)q zF3RjRgc>_U?znCTfcejZxGIy`#Ov$F?q)8`y9az<(vkRZI+@C^wR8Vwaq281fzcLOdB z5yc7IL%=9hS~0ov|8Vx6QB9@q-ms1{`gcSa8;CSJ7K(~ALzx*1qX>*LN)u4&H3CAw z5Tb*EihzQEbP)v|x`6};NmQEDhzNm%5a~h)k&=WYBzdpQc|V->u4g^#yyuH%q3rB^ z@4H;(S59Dme^y-h7j~hOy&L6vT^?0xMws^tnqQ+lq}Prfz4g{fnfThMLxjFbwv}F| zCA@}RvpO%L^3KBLZ`C%ZWr6PMQV)RwNUPk3NM^v&PrmU$;xE1Od_;CL$9rTr@P zhwNzelg>@ZYe&a+^AelyRd&HaqON@Ke8QXf7R+WCl2(7lVhI1PuM^hCke!M4;W@>$ zIXPpqZN;Vi`f%2|mU7u+ZRwD2hL@BTnAeAEx7_lXUP%ZcP}`?||J0yll)U_1``O_$ zAACQyW(?6*Ek^VZr58bV5A%h-k?%CPxnCAEJFrAOM1Zur-r1rMxA?{2%xa*sLU ziL#J2IMcX?yX|bYtlFleYlLT;zi-V-{9@(Qv`vYsedmbH4c@4qu=>44$Cb$@iKW)iSg^4PkMCg6@qxVfVt3l6?>|&7{ zaPs;sZK(M6ESN6NM+%O<1U^O;%N|Fk<6lgSY)NpXgdV$LIr!y>?5gl)A;#zr>O&!} zp{)0-&94cRM~$O`eNOOV-|1SYb@=4X;)d9!P}tOoUtBcuD15di6VCSRc!hrQ1uE=( z8C?UJ6P2RQ6Hm543v!)Fan~aoun^I&k@+Y|n}Xxzs7>gM;3pte(N z3Tm+y!TZ-mJyf1js zs!skV$19p)pX@splQEc*t|S{g`0t?aSJX@ZkXl+$6`d7v6!YFZ6CNOs`Yn$meS)al3Huv}xE9HnX`&=Gt%56g!%G3Ir3I1HXw>k1+Vukp>w1`ZrmMVXEq z=5Vbt=4r-n_#Mlvu)C_e+?_y3z#`MEsNj(DCAtwu055}E3{F}o< zr80EHW?)=$(50;g3j0CWHiX%-ZrQANi{_< zLjQ2f$>)s)UYWFB72jr<7ML_NsL?OTftB8z@vL|KGV2>{XU@jQ98gL0c&o`iUETLb ztgh{FFg{ve^)YriB(7{0ZaBNu*3@-M^*xLmW!YAq8PgPp^ZY<3QJ?}`lxxt+8$J_) zorRa6PtIL_A&t$T4QfpOy&po5?;A%umb(^six(?mVkH`7RNiZsmb!bplH3p9;NO{Y zKM(QR(R(rGvD~;mtVo&>`W~U)%wo&^_!j6nRxq&HQx(kDlt z7n2)}%eZ5d#=~l(sUDmcq93LRD~?LfULqX@o(yz709{M)jP2eZ)3 zEqhh{XShcMClV{fQ#_ZZi#Ds4CI7r>41eP1DLKG6LoTu{gwf!c_Vnh-l=q(8C_TSu zrtI0;y&!x%&3uY|H%gnMb>&)|0y-hzSGB|dYukjr$!V|LkA7g_gdc1YDRD&|2G@!o0CSDApY9+@Q~wNO$?(AR zX-s0ZN3lWMzK*L6`WU){x;e|`I5&d3rq!(DlB80p{U@7OlI#HP_x5U^Eo^SnbXnK< zVTTc{Aq8L|4r086x!KGbDg9n^Ug~s!q^b*i%?7##W(`WGEQSXlr4ls+UO}aXrN}vM z)B}Cu=*duIq9@2|)JRL)eI<@^?>6bf1ot;X}5Xy_4U|v z^XKAi>{GTN;ZBeE9#GJJXO%1gr*^(nYlF{#ZPj10!1jrnIZT03$s25u5Kexh)9aCr zBfp7mFX~4pCU=eE5uk%1oOac&qur0iTnQBZnY_)L84FY1>Ji#eXsAW)v~1|uDO1R; zn@y+QphrBWSY#~tgbdp#rijV%1-A6PNU3SRjpL6R$F7Xzq5MiYMBm~M#2n0#0F8z9 zP;*rA!D0~iVXyCN|Nc(pHO87R=(IY(YTX(HT}jH3AKqdN1jxDIiVB?WXN_g0SZWYA z!tTw@bv$jcAYvyO3EP9CZhjQVir5`3Dwr~j6#7o0Z8I!P;B=18_$|r{dK9xYEKY3d zwNwSyJJiRRzln)n(9KgTUVfOlzZ?W^1OvMHcmigV916V2H3mZvlhVM45*3CCIgi(> zQEU@Y7=HMN8i3OTxF*Y>K1y3_A4cHUtfHafz~IkyUYYJ?Br4QVu?I25Wkjl^I#tikt4Pg2o5Rs)WgN_CX}50Zftj}2AZYmz z$ozA+0?(IXG5=hs?M?rF={%I!E%$s_?31_ZsOCTGttGpvD z`noXcT*3h45hChd8dUT0SVG$uy37_FR!c9Og=jwlZa zw03kg4b`p)+&WJw*D!ORYt4)>n12Y(fNlJ%`h%=i)lGr!39^loY;@5h&yOO6ppdu7 z@0r%{yI|>`83=9Un$TEzEJf=KW}Yy!c&G7&Ms$DiK%Y&CNDiB$HNJQ=e7cQlp8! z%X&%s_w^N5uPrHDSg$y$%`}@{$#q+}E{Sw6`+oQEV$CS4(wmBHUVN{gWN1aOO} zr!#_$WtepIp`yaOta+{eOWClP6rn!VW77~CRU+Bizq#cnK&GM=>t#1$)CDW2Om2%@t?xQ#!8dhj|~@P%lPvu-~BaVDv; zE!8Uw2kt_*Rp4MN@Q=SJ`GN`MC!UB(kGt_`{y6%N(*UoMJ+VWlE4->`e6tl|C`B##f;@^ZJ4X?Z2N-bKNgY!4e z7!R=6$)e;Q;r&?pE;;5~I?{VC?z7M-H96#q;*e~T)qG7A{W-l`KU#F@`9wZeVXx@N zO^wWCMq{E)|K10%(}oZyHS1ejM_q8T#KqGJhEqP91Un#mqrPv4e8#^&S*`6)d+fqi z4qNCXx-flWo|3CZ=t zL0-FR>^8wBVtUd?3Ex`GXsWv*6NXOMa@zpi<_h4RT?YU&lvj>Xp&2h}d$_b)0yw%$ zw^W9xz?X~1zqfx0x0j*58=d3d=M}>5jwwxL3FQSot+AusMdZ0dQP$oSUE%lVo|*7M zY@RpQxC93;nPh(|E1$IRMMwqnon=EbUw~Vo99HsM8 z6WJ4MAC1fdVS*}H_k)85qbPW?AY^L>A@%JWOq*2Cg4-73A#o=tasn>Rz0jS&s^km6 z>IbV_+K{I&Xl;QjIB@s;qhA@*Lt0EjvNAw{!^)Fc4`45S@lIAM51Wg5mb1~(GzluW z{DLk=0Ycef;qsvSbhn?|rUE7hq0w}5U=P~az`mxRYRD%a!aIe(>UO3Q;zPSVESE$Z(e zN@u+OM0{PbK_ZD)`zv4hnBnO)#e}LgLa-3rzmX6ZB#RZFfH5j@R|zwUD3-#O`Wf>Vkkf?n$dJi6ubgtNEH52T*CvWa_xNC7ihJ3-a>S$s3=AccM(=CSt{=fo= z_cmfT$CMt^Rvvi~XF?e>_p@&u6{^H=Zil^d^uqFjUt{qNj9e$og;Yxqsd3UJkcDcI zrFl%TV{a%y&<5ZlTV=wBnpmireEjoH#!;%F0ET@izdY%-{8WR_g>GjbHsp!PaKmkU zlE)bnsP87?CVCV3PUQx03+9Tx0UX={?3tWalk|lmI^-n6PUeWPb&aI1A#q&L(G3ef0=PCX zQE7H>12wVw&GsdXV`om*WX}gD)lD1Cl+x|YI1Ai2s7BFg?rdXlzWLrYGsVHg>AE@` z^~SgX|i9%2#D;$t^}FypV^yrjq9ow9znK`2FXe=)13GUHAOwpH0qhM^tahNH(!|EaslRz_S!PW*y0dE!Sk~Q;P5K3X!w>j? z#2f&!_M!vx`aohq@a?h#x1f6JP^e#nxvo(pj4_;ff{`g6!1veQkp?y4=pHfAF@kyl*+nGT&#K{!#EO;!vh3;dtCe$O-`;Sr_FM+swtKIRhNX6 zFKuQ1632z~S>$H~aowrvOKg>t0{BUF1-munWPPLjglPyp46@G>KSA4ZTT7G4s9)Qn z>v8X9aU{==KZi)7hGqrv6*r3`V@d;v?xywd?du}kJSD8bg|ilamt>!$SG_9^r}}S% z{v>a}&1>gnlily=h>lk3`u0Hxq^9C6v@R{@=>M`xvvHD6n={|BcMab?kW_}tFx%4W zeTz``Zc2R?mjIPns*ABMjb=OxznJSjtUXB47;^laS4l}X0=fDfRzXBOS~$=^_P05~rcl$mPx^s@j~>LMyU zQuT)ZLfgXGCwI;5f_4S9$u_#`q0p z*w;Z+Cm34#lekgs3#&Dd5Qp|AN zEtii5PLp`>WFR0q?{q>4h>my3pNL9;?;VaX3(fY&mF`bII=A=+2pU>M)VzoP(+2B1 z{e+5^XfTkOBS{Ryi@kpT=V<=E__G3@GRfrvR=+djn-?5Rt_XI3nZKY!;~^haP2Jqv zapH{BY`tt(dE{D1HFff1!lG2W@10&jrUtxYF|rp%FSU+E^RR#hQ&>Tw9WB_ZxgW(BjGKQ7tA6AE!On_DhYm)-CK`6TWVl?y;N@pGjD~P!-R8QsJzf^MvCV|zgMI0Da890P$bFZuR|B1PBOlDW-d%w9HcWp zuhqP`N8;Ww^}uv*&;wW6pbxqyeI{RM_f!E$&J(U{%db&ALL|C$pE_BjruFh!nd;s( zVBoVWRuritRI>KS-)D4F(|QUewmS@EXlULopg^{?QiJbwz12sjMv^ijzf$tNYg|&q z+efmE+0Crp*iO6KFm3eSG-Z4ll{s=K}f7_OU;^P>+x^-@jc3HnH~;vSx(4wKXx-^^*m!)FLt*3FQ_a_wkCm?Cu&Mf zE1NVKGYws)$Gx*CG!U(YJ0LlYB@w!kE7Rfcu(RzNCeq}R$H zuwFpIl|Q!ldaTRnu+7P~xcaKImQd~SM(E~8p2+-zkv>-!v-eDZJoI`aJK#|DOrkPM zBg`rMF*AN~!tw@SnAK3)6=9d}+hjrdTF6vFc>1;!wtNFD$IRTl95m)CfAZC9Fnq~F z{~_PDu7h2d2{tCYmgq~%GX(5{hC##fEB#uUubV%g(k8bf<}r4fMw23&t2R)vVFQ^r zl)Ld`pH?pE$BcthhKjZxE1XDh>^U3F_#s~}`8CK;!rPJ39g2BlY4h0=V`J!v=g=JF zn>t12uQ3^hfUiorM^R2TARbRw>i$f2w?{!7twuB+`wuk7)Zwl&x(D?s7S{60{ZFU+ zrHb%l`J%>H94k#MW0dl{L~J%!ma6X*E`7{&s4M4}?x3%Oe=p;YRZ>H-Bk-^$r2N(Y z)F>8NA3HWxo(eUyW%v(ThI0$^6#{UF0D<6)_fzW!AggS-@?m;74{#ImbyaY_mzn$` zZ?z0DzR;!5Ir3WLtu!fWyja`#pNItA9uC&sJ!%l@C>#>MITxvjjDkRMD9~$ zb=rcD_}@}MDTTv5c5}w~z$v|rUM-#87zFS1L98+pw{Q*0Z2RNm7Yqe`0K<2iyt6%!;zI)NYHl zQdG`R9iJRb9&ZMO*n~l?&%G&#Zx@}`iAxuhpjr8T8sGY77;vr7I!Sib)OLqqYa#BM zFJ~}f)+0R}1p-=mrM{pXS~$_G4-5zQeCVQ8`?$TS?dXUC?8-Gv#%}@s&}2;*8}t0+ z%)Icya+R)3{UqRCT8Rn|Z7#`Z3z-O7@{7cuEPQIio(j(>pXk{o=@Ut zxW`_1os%|x8SuHsF^P=nSa?W#4A@yDD?B2|qsHi5-Ev{IEQrp*kzlRxJXsSV%3CEC z&t}5kMklqk@1$^bI9Tf-ldU&_$z$$lk&M|K4TZ?omW4sP!xTAHMq;|};1AXKQ-H(e zlls=VTV0L>=Ok(YPNbF~Xa89tOac$HPjy4u+ihWnQTqG?c5-=d#Rt*xY7AIrSIl~21`9&~VF zP)V$VaSqYPup!tcEUs$AJWl6eVgf(xt=!564s}%YuUq|SG%L( z+@V7Ujqa0uulm(u{O24m>c@*(jaUHzQsc@3e z0c=t{=^A&5)3KVTH)m5o_h+#L zez8*pb_l-f+Ll`YE(i(Z)G>TiQ+0!;S3YcAO*h*t&*nI-14B))S{fHj_lswrM;s6; zv8Tfy$VEi7fMg2wx#64TQVmO*rrMx?zbrArj&Xuc*Y1?*K@WY#qaMSRm%MW|SW&Kl zdFk>Lr7YYu%sn7gK0UtjzrM1qL6^z(`hfo56mo~6m{gJPp+W{acfIqfWL&`j8D@OB z#!5q*L}f!kcR7Eo5U(JH4S%qWJ@tE@eFNzAOMT)6SX zjF_^ojEDO32(pF_>kQ`3;)Yg_m>QpI3>1!rZR?la>ggNhG(zj?&;d~ijNXCQ$Nu>ustU8`wo4ERW{610RJ$D=KvI=1uOX_CtP+v-hHlenva@7tQiH>LYTU&C%j*ksom^hoL3 z3sBgI6wIv~XE3cETRdGtwby)m z#5zacv63`eI-SH4exco%clkwkK`D`k!uRoh3XlIz*7A^Er8Hj*ZxAUYZ)H-J8pRjN|6!>N;YyhlxVeA| z^MFTsPsCHY`BpY(XB6it7FKkqw?KL=#udF>S}mT+RUpr)2;6l*s41E^h}x(6C&d$; zajjSj{Bs|rCs!E0s{7@n)XA>V;xNd>xVx)-rv3dzeJ41cFTVciEagXNJy=BINv?tk zBCzV%zu$5l)hvSHikQ~G`{;goQ)}0^4 zVxp(R6y#vNfa7(6*zT`IF)ql^nC|=J`+*ie-!A|2*k%ItCF&%=n*uua8FL4`>AApF zJV;X@5>#8~uh;`f^YFVrw0t(ad(QNF!Q3RJ4F>?`wO(VxJf)0ee4d{Lo8;d4mcild zwdk^(A2#oI!fe#iPQ9-FV=<0Ms7LJ~BY)djS;rbuqbV+3`+8Gjjzn#9PgUj>E`0GC zefMpKl48V066t8nSUIqH*PKBi333kz8R85Y8Csn{S75hF)tlPfwk%e|(r1!hCA>1d zdQeDF%1;jivn+_ouUd78u0+;str$d4U9G5NVFBJ_HcNU*ePy^FS_}QdY$a5Yu6(^- z!wXt^%&q0)iZz<69thw8G^tH}AnNTr4UPegR>7kr{i$F`0=q@Z1#lnRV5#Zx-B5C& zB3QWg40Nu}SNRf-?-LsLxP>XfX@|_ojh3QbLj}5f&edDHBD4aQme%3C^oqbka&9du zNG@G<+cK;gC_JOzj|^ooYq-;S`{ZY!O7MiMy8{{{m&GeI->)Wav-6U$jylh_U9Fgi zh0OdqwvmC<@82zr!`V!3Cn&g76x!^1$!PrD8LSJq z5pkgioj`-Bi~;rqZXD0p3UQNPFPD7oAI|=p#Wl8#8aLk&|l7jHGrXbiqG;_yr40d`D z;Pa=4CvH;q$nM178ZWe+t*wl5p4kgHMj|bo?+oByq`zHuqlU*pIm2=Q`ia*nYBZty zIp^k&MC(Rfz_zv#>R2OAdtrBC%wl_8t+lRxI+3mIoTJou!V7+=X{T|8d3xeB$x zfq_%fV+0%jBlOhuLi_KTk==0-MTC5 zP~4l;wLPJdpt&52f$-u~uwS6^hbsr!m!luBss#J3Is7;S&RFHgh-Q{X$6f z66(mU6n7sksG{MPM^|n)&YQX-Uh7B36f}R0JP(pt{c%(7jv9fC&BMN+#%Qjd?^}Ta zjVFcxl)?rBCb#y-Ew4i(Z%|G$;-CJ$MG=wlD7JCwV%)n$R*r&ca}>oJju`}=KYX0p zjn&ruo|;76Jj**IUlGxS#o>m`dziI)Lnbd{?M zVr`@nNS&M881+Vhd)M^q-$LuxWKLMi`QIoHgX!048Akt12%T_=s?KQULm*?^q@%+; zDh%~1pJq<#5R|^S;kt*_4Yw&8qs$nO}yHgDSYfb*}czK;-9ehNP&t}Z39;@C5ISG-3I?s1r zG@Ga3NEs)XbF05@2k2alpuX1)h_VtD{_p^Z>RH1uq#~nhBPwYiU4W_IuYfhKc3GmzdU_$!5rw) zx_HdDA-5ZHR%;<~imH;11ccbzL3G;(M{Ejt69CJ`h)R5Cerd6Uhwdxm?2iZm<*u4o ztT8dEF$5|&tTouYIoD>D4qRcg+P(K~O7h|zgW0We%`FFe)>$*h-%pbHeg_~<_%ZI4 zsb`PE8?_JMMm79ZL4GH4;R>HtemD$Y(@|Ec=ukTFW=fPznmYRNQB>6_-aGS*`9Ai$ z#VHP{-!;sR@$(9jz(AA!owRKBre*rtVvx%I>d!o%1mF#j(B%f~tz}(6R7%H3`R^D3 zgFup=Y8-YcB&B1|fQT&U4-zLM)wWXx(Z#7}`M)i@6S!0kk1C0ISnrC<#W{M6c}HfBz?ct#1m+=zJ6qu(Mtu0N*ULv zGM8CHS}wdGbZfCC$B_L)Ic$PPp|v~ET{#1A^Ftg`bC2yU$XaR5WlE+(Kd9%LpOFpE zq2!H7b0xI?O?-L6WWp2qn!OKUf_!eKTGZmKh738-MD3Ay-=y@u(SIu~$B_tiJ`)aW zfMNAToqh4)E~pA=xL@^uq`MdJscX>{VbuvB%SbauBON7%zEw}T)Q%k}>k?G9{ONJ2 zXRD3_i?X$~<5y^m3vQY&7UHVkLU5^ROMYq1M?K?ao74@E_(9dQSdh9y8q?9q^|!yo zKbUeKKreb$OrUK`wI+r+l{6wG>)~VmYfOYuEnfioG8q$wTF~>4FQr%^xw*K2bxFHG zFd>jxVd50!UKPm0(5$*74sx93@rQA4Ho8=8O<-9IjiM{fyq2R}| zCsSJbMpop3fO26eZ0xW^$**|;2wk9LlTh^m6XmyM&Gj7;V;8h81J3%a4MC)x0-bie3av<`d54#04fPx)|Km5yVO}{E6k89D$a0>2$vh-xNVBzwczp-mS z`e}|%GQ0cAg?~~(ifxu;L=O=9Kz4`Y^p@9DU!gjKUW64IR3~c!K~^wU+!gYc=IjI8 z6-3?*DWiRkuq|E)vV8=R{b?_nXvy_MV%lJ2A#FjqBNhsBc!;ruM#A(*Jz+N{~-c7UT9pAg1{)R=^UhI0Wyu-Tp1{VN(`lw*VF zfPe}oTnt25y~B)kXd8tgc*!H4CZzK@YoJC<5XANMW97Gt^fz$HfcUS;4qiZaF3A`{ zPNaiI4%B^#tez~TU*AgA?I_x(j;>k#Ko5z1lwQ&Ay-EsH^!HrkSCh4$_D{b|d_Tn7 z>--fpUPmDyz|Dgw!mOr+iC>N{-};R?_x()HhLPt&^H_4k ztA!tP6qq@N#2S~xsO@=QRE*Yc;NJp29&A{RHHsDoK6X5stNY!EkQ3(s6>-Lec08xM zxByNW8m-ASmg@CHnNRE6G(0*Qy7+wGm2TQ)@F%3GhZ261b9Jom*?oOF#ZHg)uPDTi_Q!Fqv=PN!?j#aO*CK%i7m~m%eyQ4 zL*x)fG%}0Bdk&jrNVUKlRTc?wj(g>bIm9BUqoR-;Qm<=Rau>|)gtDlCxW2M`Pn4zH zYh2;22Xb=@1cwwB?r|x)fRfvn);qGx(JJBOx0}K*Efw~u+-`IG2%Vys!=NLB{2Wfe z`&RVH^J~^{H?rJS&O0cdGbZ%ZY>-ztx@s~jH2&3)39eyR5gR8DTf(!RsE_RJGj}zS z>zA;z);hQte1m4$WFVJUo^(KfD1&t?&8rwZn_b@_rH8P6*FlGmT&ieYlP(7>w~j9P zht?eGQ-r-_uC6}anX*%gikNE9h4g%w zg%81J$!j*j5z*qZr?K7=mM_<^XQA&Fi28)Qt;UU&)I!Iixkn^nwwD1b0wSEbl>_~A z?y!$55wN`+4=-jt@2lt@nsA)4UDbpDM$-Y@jU*C~iY3UTWSOs`iT{k{frt}81#}=J zUox6GkSCk;`h}Gx$$n@Y@JEH=(?zSg)zNpY%-pkP7JKTKoN!q3CQfo$)$$)S>gdRe zxiC2fTCj{~M4>Ev3DTeipMTecT}EsTP~lTp-h*k_Ja#ylWSS#-uCp|n_FK8(Ut3R3~g*AG4vqG@f7AL<^xDRZ;tgR zd-T7eLoR*7q%NSJz=8_+5Gg*U`en0Fw_G;$>`E0-nPaQ>u$qS!JsukR8-2wVBGH0b zJ&2BxcXLyIv4iwn{O8ZK`O*!wKPg*O3RYGQm~UvZG;wy%ILGPWZLngmwJruZA%9Dg z>zT?tYjsw0%}M>-CaFhjM0j*v+~3FFdvpdRrL!NqSc}DaNPT+e02L?w<;oyL?N&4u zX{B@C>9;U5IWymr6`&+XZ)2zUZlXk4NKvpLkxBjR?gP&Kb~S>AgJke7`OqVZngu#? zEK!B2^}=^VR-d$Zulrj@AT)4K-ok7$E^iHnI^v{)74huaaySUVcM=fHV_IX0hGVti zn9$OcmB}oz1kQI9ib~zk6c+SOro6I!QOBdV%tK0JCh)VK4cqX*@^G*x_yq{>_vj@> zDC>432ZxaL{7KbLc)LVe+Eu7bsPItEXexW~1^HKL=fP7qAk*(Nx8Syj9zS5$enXZipQCw~X2 z*TRogo|%Kqea5#CENApcyi&@X=Z*R%^^fqwSurc|QaK_B^G5nIKR$AJ6!OA+lwvE0 z2Tx+lqGO4Zw@zGOVDYfWgsX>B;=JV_lgx1@c7Xq7#|J64rsd~wBw-O_+H9$k;WBjqB>T7ZUXIq5NI z(J$k1M<)^2+u@Ga(SDJ-Lbwdauqf(dhcyw7#=^^Q3e!MA4avUwDtybPvEaX6-kQlw zeK17{x}l_Hs)=;jdvbckk)=q2_UoKC`$W0D_;;+NmdDX`E_JVEMd$b(R*jT45GVdn zs#!B;jHVK-t;ts+L_La4#qg4)3lm2FD!bod2@4Q~zL~OcfqK~rz$>k|9i}avBk*RE z@}6Woh=A6()u*p5jNRm`BR3g>dy~Sdao~|0Hv+V&7q#5zFyM!Y4sf2?wE#LU{2DQ=z(25AK?BPDEM=LuNIQO8~qA+3h}4#dDjiq z@g)Ig1Eq2*zGb@rlrt2ojD-iTQ}A#0%g`hj8)=4E|J!_5m2u4@V#_4`>6(Ku^jdQ# z2d^KLAq+`vM-S?i{v$&_1awjJF6S1cBw*Ohw8}A6c4^KqyDXI-8zbHb)7fgF}rD=lV>92->bM7cle;!OFL-IJHN6Z1*vRN*20 z3-JZiFjH0wUrG-Zpvr6^IGg9_nAT{<%3h^b?$^A)$tR4m~Aw-Z~A$_}j357-X6noWfke zRYwluYTB{C=q?%CMyM~NJj8&e3}^`9ity=61Zzvrr8}4gfSDv43)ul_vgg3@)7g<9 z5W;OS|2f-^w$0KR;b@&YGIXjpZo#nskoYh?%NF)E*}VX2F95B7Lk7SXvQngqb^95) z`W)o81Mz4q;n1qP3!#pI!-YY1vR%P982`+I0pfse9eE5BQz*CY)r$O~e`E-MNcP*Y z=P`frf91yHH6Hg(Vme|MT;rTLE}vQZx+hC_=V?`L%QcmiPLsm0qz zM*G?e;7h?V$xIEQsxkbB@HMF&91V}g1bBPkwib%L>PM|i7fFX=w&;Fm_mHz?2T(N* zgYNK6$Q`t~q2E438!xjOpolVtPKsaI*aWk4o0Q&1+U*y zMqRd19;AztryMLVg>_u;!Zs6LQrf(o)SCHT68Cu8yjIzw$cr&*B~M_p#a&&z?9fRo z`5Qco6Yn@ahP>JA5P@~vNgJ7)EHcD8W8Lo;oSX{@zRH^?F8T_ z3}i1q+Ca@(PUP7Wc1vm4tp+(w+|po0lSfKL18;to9X^lTBqN?dU*0s|Zn)>0vw)Q^ zT=<}UAKzC&?nZ*q3B28(DO<`c1_JVw>O5>bQ36}6F4!TYDQp?WRn=ZV+03rCJ<=Zf z44q0GK809hdJBU2s8hu6%;Bmzb5P%M>0Z^aJ?$jW169QiIuYB?CWzP}|EUUXBp{doWGI68>`?oK6 zZ|Uie6)+o5f1l?ZNkDoVOTIGhBNJtnAnMPSpb?dBjA6ME+-8bYucC#qraQ$lxdwc? zgsZ!jP9!}TWH99ZGC<2hbk3pvUhW6R(DJbubVdf68li;z&`N0RLz>8ztq?a@%WekY z0YM>LN6S8Z<8(}X3~Trj%+0b*qrZU3_O>9K75oGIOUkao>N$LJ{qRv4gr9SwKM_xt z1lxnuj>X4sG1Sa|b#USj0XTv3f(?c1x*$0e;kRGWOXVHnm$!&#-=|4SzD9N+Y%I{+I82a-qwzFn?y3wR|T(Ct@=Sw!!MM^n9!|EH}CZU3(*jVo%K) zK{W@`JWEgCy(jxwq^ROc(LEVY`w6k4MAzBTu~ys?&3qQWG6Ik;<5Q5ei8ZcQM?j}? z(sgZKSFO?|DS*DFE0FOQs=>JU@wF!k@PN%Knr9qVI$xBv$umwRaVyh*JmMw zr)~Kmi8Y6UDsD}R!I<;EG|eY0@5^nuTtJq`WkU8pFiAP<(z`7K$tC=iZuvj3+xS2D zyQJWYqV7#IOTc0b1$xjj)Bom`^55NC{x3cy)^zX#5){pyUg3`I`QMt6WQ{l@4~}BB zwEhqG_&*wld$N6NgTX<|=zlv7pqwJg6NBUO|M~*&PM+twtxJbBA^jiR^8aU`GpfP# zXs&|=uug3cxk1%`v(EXy4E}%j={f6iNtW?!m;}~M|22*N|31qG=g^Hn<9HF#j_4(l ztz{pM@U8{Y%aHL&yiup74XAmgFF|CijC;0P*DqX)CBUxS`@^|Z%jd_jgZ{0UPVGiJ zP@QHFjwUx4jh_#+*x}Xw3;w83hCvir9!WC)kC#Gb*!G=`k9~U$V_apIYhba7SsP@x z@+Qzw^R2!2#;>X;B(SB|z9MDUDATN1+}qetqA{6ZM7Us;wU&E-ioTK@aCY5y3Jp5H zsCn1JzQ#SlD!QVBHACsI{?p}<^#!Nxhr&Bq8Z|Dsm)Oh@3co1Mv2>WGhkczYp6T78 z>l7KWcj+?1LB@x*bXCIo-SY0slYU?0O2Z%JDng|~Ysb-Zapk|eT|cP=u(KZg3ynj* zvA(T8JImXI6kod@izNafEC0;po#{Nl@0Cu!J?!_Rrd)=RrFrO6F|zw4+#Kk1ubX`T z?*+YOEncijscTkUrw&CCm)+~7 zRg@Hzc&7VqNJMY!FT#LgUwv`5DDsnUAgN&}IcAkC;LM&#rOM$bg(*s)e|&G!SSMvM z<%aIlg4BZQl&>leqE6hFk(`ohj*BwmO>fI;()V;Rt&yTgPxqV5L@ptJOSo}QoVNd9 zTe*t+1@|3anBv`k3>RD<_SBsJ*77rbr}F>{tE(vUgNmfMBQJLpaE|`+&j}GK|DGvu zu5hHWMo~AJyXj+}{VhiNAaAI#tVxjVIT&Wb9+tkgU%shGg~3R&C5 z)09jcJOalf_?aHOz2(2M^FIwx|MdRcF5`SGc%YTE7-rwyBdt``|G4^QK-l_pS|W*sbn& zQiK%dy^~FD*Z!%*_~#YD`3~l(erK@ga7Z}ThVQ@MTa{atRJJIl-CDy$z_~YJSA4pNOXXz7tzpt z@Z7>Lh2bz_ksAj_m^rOAtydiYkJ48ji;dFvUpL@>c*-ooUdjqH`^>HGHG81Hs8r=N zI&HyXjb#1~lfQz4(4LcP=oKH8xWx-T=ufdsvyg~A$;d z+3>O2=LySVV;!p{VrU%Xdl8CGC-usHwG0#}Ur>OGoQvf+YsbEmDDD`8Tf`DAJ(LT~ zQp}(3Gbxm98>PV-llhhHNq(siaS1FVki*Yb_H*|}6=yfl9LJYq&1^1y#HA`!3Fqz! z?F`abfC@MmkR^*#P)m&JtZvd&FPyQH9uA0cUWC>C^(ltcm8= zdz;C5r}lpO8-+)gasaT=iB4d0-6(0Ye}%87RZ_Jx(YI!vD_OloPg7DRCpI0gnpWi}#i%evHiD<<5B zT1+MUoIvzU!d|r-Z}NAT z5n6sL=FOf@<{8*Mi4^VpRn`_VNrZ?Lt?@GToy?oDvE6gBXSYY*2t}$y(@`41vT9uA zmX)YM^1`@VX3@clYn2$Ees}6(n=I5f2^vbS9Vs?_#Ke{&#i+k@E_bAus<7UCxO`Xu zy@Ootmy)uJd$V7AB&~g#42dsMeHafzpw(<&ybKVlVtw=7sZFNB z`ZuV!kz2+&tYd=NDpFwKQ+qi9C-Gw5s$~|nB6(2BR(hYkVXkcQn5csMxD1#Oe77xT zPgWv&GmHZqHQve68G#=}m!uo!F|gq3JB-@Nwv*`-j?>&5<}e#*q8!#UeJy6Hu$|=; zSAk8RDlKJI+Px{GTBGli%;fR8A8@d@Imso z#hmJW=x>YTm^+Du zyR3d}+wU5ZKJI!bblXtIO*r8^mmSwP|217`XbtnMIeQ2j4IARO*eCUE=TALVusVI^ zwH$kqAK04Lax2SkopbzyD~;`0ig(o{4?WU6evqnMN$rb89py0|`$(TnrRkvjk#eI2 zAwj5lwBjGLoA%P~{!5RH2fx?|S;QX+#*FLVyg6@7SJFYSlmhOOnvpK)a6gzw|ndQg9RI8SFwi4 zOCh;$jkLASZoh*`PkvT|KR&!z@k<4aGFseB(pqSLjIl}_lcZyB^ydp(KT+w{=vhWs zr)8wOs4~0C37=L%2gR1-RN+iZu1~SL*vZ!bSyk;8c_d~GscRE@U_;sd+#d&~Bwca# zM^D_|Hmn(`_Unr1{pr~WPM7GpBllar$2SiZJ(uTK)RcXsxD7PqFCLLQH@SVjBX)eE zl=N~8H8eY)lV4V(Zn@cvvUCT%tn_0q>?o1-*kSpjkpNEA^=|8bnj+xRLG%A<;KP-KD zAXMM`|GPz-kjfsCkc1@rR#DP~BKy8%XR`065|S-sXB43@_I)ryWF1Rm8;o_VV;csu z-QVr={rzR!d+s^UIrlv0oO{medA(vMV|uvUe(P3kfbQ;faA>9Ymw6E&n$d*<9vNk6 zuPTa=OoD?#r* ztg;QHMIReAPfj?CgRwo$t4X!XC_nvcApAAKf1@#K9~_2IIGubUvn>M!%{dsP$#+~N zet=OlwzwxS<$BoOXLT~pZe3GO~} zJCUlS^_Z07q^ww?x?FULd{*W`y@@-?0!E?Y<8kjee#wDcJ0L)mwkKPXa&g7XQhlSk zbKVmYfhS?tvn|9|GN-t)~zt_*!Bmu@#ag@waCM=;# zw0w2rWmK%`3sqwtw0cz}{XUfGNYK7}q4P>CBlx7S^5gp>oO{v1P0kc);$ANM!Sf`~32DkK6Ie1m{wLqUyFieK=)gv)L94#ii(O^Zq zv;oj79Fg|vs7hzJq_FjUz5N+Sz|!?y>?xf&SYpn&WY_yNpM&3~iFUSSM>pwd8JFz_ zNZ8fc0;S-`sGk3A?cdZ2`!dLXlh-?3WCx|Tumz`NHXgXe_P>a2>6wGc50$GbZSmiJ zLn%!(m+=L2C7P`qOZEfSKYxIbf~J?)ct)dnr=r2otL`{u?;*xPS>qKMP5zl{T#MNt zqubVC<1|m{Or(V#M736-G&J6?fqxGSvUL>x)oD78)J8Y{)(UxYY~BVa{(b}%u_`bb z-9|KiXE>-|JU($Oi30|pUkK~mzS=5ah(iuac@Myg)jZ72O*bGeZyNsotWL_T%H~o^ z+1%=63k&eCLd}ST@yK(izQ(=kH~{y0m}H!Bafk5x-tDIA4`chzQ=wxZLIweQPqz>Y zTmweNUHPV^;)C&!2Hw3r+vGy=_LJh1M$i15PVasGcb3BNa_d;~a>9nZqb?w~t57I< zD&-k^Kab!cdjX*=6nrJB?__&$?qjT+DP@6sP9bg|E~wdifzK_5U&GjwIonI~o{icczuhEbV`j-WG@vkW252LMnqP7r3YZn8LKESi9!|u2r|(P5-GyBW z3rsnzu3|gz_@mYd-QQp4lnALI1%aPZg@yMk@llGAyrh5I>xtQ;>ku(7+(yBu_AD+JS?;DcSy9;`~E z74+K8j-K>+5-BH91|=k=F)d3EwW~E_j8A7I5~m?=z-4a0WAp|wWF3k>0{!z!(OMR! z)qYK_>QWZ0{k>{{_D~_?VqVj?B5+yxcQR^QQ)0|k6%1w$Y4IyfvT>78?Z`)zIW{^3 z#-{>P!9W4yQPUo}#B7J?*`(vGwfzBd8djw*X~z-XrKUg-^k|g@+oo z7GuC___vvVLoFM0yVOr@@6D-1d0Ui?DF5;I*+vhXHS;CBuda{1V*%`qIwQVy-qn z1v$f-tdM;75;6xU_D61RkCP;K7c}{_ivDpGKQ{czAWU5NP*iz%!6 zM_y0*twx4vSp>WjxSa9Z_r!dMDq193@xXHoCsH+iLo_8fwgx5I#f+N~VVBAw7JX-< zZ#odYp4-EseRaS$2mFGDeJ-xTv;&z|HK-(TM+HQ3fN=f!_y*YOX?i^lH5-brHH$X0 zok2eZY_1jRCM?AsiSxrxCYA6ClY6m_2h>QBK3zTqFzC7Q9n`#HZ2w!#m)C4oX|UCr z!jBkrRnPU!XpkvI{aku}vVXSypVmCX!m~Hdbo#qrO=bw+Z;ktEv(QSFzO0s^`C@$l zEnJ0`Q?YNxnMXKfIc+ZQ!yab8 zD^-RHdaW)}x!$C?5hL+DNE@P2ZCmDl`33nJqPx()iyYAawE!g zUM^EKNIm8XpFZPIDTRB(^5-WRRUxShMxX31%|<03S&_EAa?g{nQ1OwobLc6?-8Y_9 zQ@_aO=8-j-dzGsEt1_WM7UrtOROISS^&0B-?$zh`qE zJ=u~QEw7M9^MHJU%GQ=;CF4J(Icr%iFd<_xfYt>?y2oIH%ElPS%M(2BNBTMHsH#X+r1pc` zCIQnSj2*l|!WUN>!}jZWG+zgP7C^?em+5D{rnL}7mztjpsF!SRhY;0EuR3464SrEb z;{U992od8CC0q8u=~SoR%h{bEyRK0#RdX4&&s&=+`WgtWK(b#k$`?s&KB_$I~Hj(#|}9F$}!O~QDayIIj@KB01RZ}Q=%3rhyx z&e2-u>7gB#QcLWT$S@$3%y7)pXp4}(1Y`|AUGXt9p~c?bG31B#!M6P@DISg(3uOa< zBcG5f2l4*zANmnz1&}Z*#KLJd5U7PhM0iTM{)-z*KGg+SL4G^cJz!fN39{Hnd zcQF``H05}C{$Xszy!!b&T><8#v|z(Q6?3}{NY7*#HC|-x<^~Y9w$wNM^xvs6I4VN%1aMco!@ z%E}KE_M#6pjRq#**!x0}_g0kiS2XUe@}Ri+3B+u?$LU#rKHRYjjr!@0(K)Y8$yxD^ z3tR1aIpcIjO*Pz;-kUhSnOu3vY@PCuEp@LLYryR|skqisi< z7gP+oPEqU$o)@U9ZH+@>uY`L+wL5|?nMSOuHq7ak2*1t}-sK%Yo>(4B&ty^<&+|)f zRW%M#&Nmdm^Bmp!^M=P4pW*gUv9{wmaxKhY@wskgwEko_lXCZW=c{O@#ZW%vsDJ*t`~A3uMuJX@=~iYR&)mC2r7g(u zPd3!ADG{cP6EOK(f?x8N;#8lJARpzN+c907Dfl!LTFQU=H2DhcIBrIc;<0vq4DRyw ztd8B+4*HSb=Jw0wGOGmzC+$@=?~{(*F;UTz3-w^bU_?$~R5ioZ@l7a>6 zKl~%qXl?T9cD`!K@qo_hksG;w6qOB3!EhSfCIokhg-Uz8nUl_)<#}DF`UGEqEJ~hf z;{4lnL5nQmwb10P>}$knmJl9oZ>lP~mc`V5r?>LJPje;Y$y~pDp)-P(b7ryDGo>XB z;emD4Y3MdHB*RyXb$}`_ld%SQt?BepcP;QE|t8fpa z^+%fazPe>J8j+Rz8Q~!b(tpV1=?E_JrFTQ$o{fxhnT5)s3Or9J-);CWLe9e10UyiS z1iuDKL2T2HLQDUKRTHJ1$0_Dcxkoh@&=YQ^80odLK$fSITe9~?iOKe$ic$^-Ty0mS z!q8^4iVt0s+2>w+K<(|^J)`_4x@gx*VfN!$K9Br~Rx46at>xbez6$qmt~Vt=MHnEf zz{bdw;)b@Ga-%qeyd=Lz(7nc}6BWmO-W}9me*f{w=OdvCpC!?8wH4`Ept)TE%`37J zQ#qapGE=}@FbNth*PE@0_P!5>as+J2j$IQP6a1kxGsADmi`GgZbHZe2#_1jzA}{{R zeGy->xY@C=G_ydA)(`CudE@Me@mD6SGu|}LMddgulnUDqL@$T|?>J8rh`UphKXA

X;e zAR-<312^azfA0$pr%4&n$%{EW`r0gD!;;f6Td}|WSmC*bRoJDw)IW0EK722S6b)X@ z20ajJ=gZi8N_FfAYCA>qEe+NlSd+T-t=Y8j?$gv*4MF zj;i=H_STq>N_!qZ_t5SaN=lG1SrLHNJN<1P!ZCb?Uz(DE`l?aB5iSoW%GdTK;@;K# zDT@1M7WsF{tZF7WNl|Oq&urmMSz~PLg2&uDo*nGUKE6?YJM)WBZKrDCIcx2A`@=sa zE8xR9W=_)g$o)J{hxbLG#{+uE0;BB3ucQciyt@uOlFFB$UFt^3UPtV!YgVN|GCk7%j&*AVcipq*Wd`~xpLiWiElFLo$ov`Qz$nUR=D1bu z`ox3&{ER^Gu>fl7uC608GVo8-!wA)Qm2qFNxvRVEv!^Erp<`v2+PO)7W=%^_2?Xh+ zT<59WfuI_$WsXOC8!JOanszP+CrnvCCU>WPxz-o?EkP@IP`uVi^{M>6>(kyDhaq$8 zP=Vm*{E#jkn@k>T2JCbuwp1 zv41$5lfLoYIbX$Vi`5H2*FM}eNX`Zaj_Uf518>7g+40`~xf)S^(;Rp2g-ItXKd_Hc z?mKoQPf2h{ZYFsY8e!Ayxsb7>WESv_U0F)*RPlgHM5wXg6W4KjUpUBq!zUkIabT92 zm)woLqmOg9;N!61ekj@$t1mKRqw;epc*%WS)S9vJdB@eH@T}eQ*i0UjQI?IG`N-ez z&NE;7;^Md-r)rzKbeBQ|cI`I5k65}UiN{d|E}DgH3&rJ52iveX@8|Y`6npFeW-#7q8BBjuFSUhAItPIUyq1Y zZBOdf9lRPoDMbBw>JOFI{NT)VsyHt2gSbh_e}CMP5!@rj1TTpA0wX1>{hJClqIvsH zMx8R5tdfxPok)F$~kOoQZRPcm!B02PF zSbt(OoAI36T4Ln)GTmu(#*~!y$53VsV&ugAC;Hy@@;6nJ!LTJsdJw=-C?my1Y`j0o zZb8U8kUNz`u8W(D*Wu)uNh}RMqZsKXE;4m?;hp|jA)b366#1@MpNxgS*~o`<*K?(x z1VpxqbfvAI6CzR&rA(8>c$jnNe4EioJ1kv&EUj|#7}l6V)X03@TL)1*ul(lT&%pT1 zUH+aYD|~2@D8Lg%Y9=$$p(7tFgd+Yd+H@*^VG41H@YqVylY-3*DSwbKD^LGo+p|3; ztackI;hoTEx1`Vq4xjFPDr>dGVOH(_YTdfbp28@Hfg)BMWtNSlhCHhdFbFh?@2ay!pMZH%i2Q8j}tAPs{)9SN<412v+$gPR}Qe zFs!_iD79h~V|NX?R9K7k{OC8XoJ$iV3-qWMr@8&qgA4}VJOl&XSuW;eB)_}BeI>Zb z6w3y*$e6v#Voj)b74r4?f0rd;_9<|Et$jdQI^{C*LPbZLYL7FI;P(m zVeP&Qm{o!9_O_2*k}=8qF}Zb+@J%Gt*x{l&4G%ZJ8>iLsmS)2Km_#A!Us| zd@D6(Qy{EXF~QqITzsQa&U;OH@O4d1>G{9^o*4f+JG4mT9dQK0?~pYJ4UK>to4;|`&ZoaDb2u^3ej>5A$_Ly z1EwQ5bHtjC7_v2WU+y3xRBoLNUds30enP2WN2_mT5b4c4p`D<#%zQ-+H-{@IeW_W} z@ESx6PZ*mX?1E{RK66i5{4?TO^|W)rhU?E{Bh8XPZxHDlj~_t3gpKFXw=!!rN@Uu= zOhPMaj8G~2{$4eEDly%1-J>Iy`DfjPXco+nlI#gElYtfqW4>55Q}F@rH};Vrx);<0&1&ixHfFvFX;Z8+b#Q@}?-R=m@L=!?FLA;qec|ca-So zyP$ehxr5l+c8Dq0QaDs7!uT5D))bif*F{7HubCFif7}5vRr(!;bdQP;&dXZ3q-c&} z?HJz#+pcX#39-=L0^*EWWNSWgk-)-pz7a%*LA1A;xHy{46}+MoS0Ln2G6^APUDHz+ zoB8)6w&fd!JY+e710{YkabOxgoydpxuJWQLrY(q;ste#952>0NP$gk)d&qbSl#|kf ziyE7b;XJ^!h5zm7VB<%sK?_BQIwhtN+PmqLfngV>9WeD4_Fdi5Ei$T=_sBzY7|2QI zX`FRWY<^5ZnwV~B|FwzR8fAb$VztpNE;DO))}WbGCdB^y zowe=xqrn9bgYIAu5UP*u~*mMcW#y+a6jI-5kt|2>SWv*SfV zCqjUJ!`XNlgPLFcq3l@Zm#(}kYV>gTvj?8TFnMvr=8}nC@88|X)D;+;%6sbgfer-K z^gIVIpbnX~4v_dy?oZ;3^J~f@{Sn+xxf)*A-;ssiQJ%FSjefzpA41iL&c}R7|Ip*} za@$=^E#s%1)dHF5gK2j3dn8iwnfiG!f*)+IFgGNT&k7q&9Vqp?5et zH%jn6(t>rA;v4sEuDeUYWKE|Y?$MLgkfVdyrykwHqjmbyT&)DI5*?!oKtdwWA7mjA zs?Iqf+RQba78o%S+#tJwark|6R3PPs`?+)($ zDh13PT^2NZRh+ybSU4#Z|;~@P!(4fB4#$iJ}#*U5zCqaBhj41#Y5x3 zNBlR%33(*(E@&O^*xGgXVY(@oVHqX@1WXf zTz*ZL0}~VE)R99VlPOsD(GidJ7|<143UY+hwP1^zQ$~armays&%~~kP(P-Lgl*L9n zE4JNBjEEWatY#_;{kaheh6VJDxOl9A?RqB_xabO}$f2{j~(mC^6Jam}uk(wG1H^f1J*3?XE zvXS#>zT2{p**rkW)b#g>P_WnDA$$)Lqp+kJN~u@I=~9Q!DA~2s-U(1SM#G>ZjzVU95|9 zqXQQxPVBHbn^QNR&i{cuq?2=okwm1p z=!?ple!v7bpjWI+vQdk!5p7Mx%zH zbX%4;W*6(>jDgy*0@joOdmXvh$JB64&PzJkxF1jq1hZNo?>abx3YuClIc#@+7Zw!Z zYw-?!h?EAq)|)-qe_adI`r~Y{y_F-DHqrWZ>p3{q&hF+I?&4pW!+69I_|%`@QSNrm zjR2FGY;H|*0m#vKyUeO4HPy8p`~fnu>X+HxmN7*cPdy=+nXAQv?~ngWPhd#buaT-q z$8^wnLrk$8HOcx~FuOOQ4^^`0yD%nk&j6d-AVJH_nHIBQfL0{=3FPS6U|hHN3^L16 zy_L%iAtSYaw|@M6gpedXzS9NWn)&F?T)7I!f)|BoDmglr^Vw`YZ)CRfhD+VH;sr-+gE0N=d7mg>?nkUZuwv+(CHh4tP$=coooDX-fED0T zgp`<@u>#omR70XC_*bE|w*!n*5uLqX!`K}HUf@qn^?j`lN+tEDrXF1V4U_Y)iu-O*T7ptW~PWmYB*3^ zV>&Lj05j`O3rOD^dG2~VxTg=MlQ1wD|0?M-iBbCm{(4vj9V*RjWVk?HbwA)x10y>{adYo`lKf> zA{O4>pw|UUZ*i6q5j($-_ef+LrfWLQU9%T98piEy1Ijk6tvMaa%wZj53@iCu!tQJLx1ao zagMJ|SKR3tjPjxH@+8}cjwSg{M6}h{Wya4T@8Tq{?}|>{SzzF7ZENEgIy||%l{Wxu zZENDVba-;o@;}pKuYmoNy_VM}80Ufpl8q=1spEPJ3=dk`3W{8D)M}0g`zK+RZG)q= zP<8@!;zp>I-*_#wwfSu#$Lj7Grw=}z!Dm_xKc8dOLkJ)#L(M9rX;ziv)2Q|mkd-d4DjECa+V*C z)h}VV*_v+s-*u*>`YYmtqe;yVz3P&xTc+ZPmzwHR%n|m^LJ%>NFWcc4YLZG)?)>|| z57b!|Ml87qK}zaeg_1)ge&~rDE7n?!hs~x~Xn-hxzsEPz9R1%lw|Ccl_M4~31;N4~ zhmt#A#st0XtV-0sjH{L6g%yvNK?C4x{e&T68tQO* zNQ%Bb1neD3@I&o8dJ|yB!MglteAWnfKHz^G5NAAKwby||hBQAa4IxPWtIoa3ks7Oi zRefx`T>igou^-tc{&$PLa_Nm*Wb@!ybCyzXIZn19!k&K*PnfssC)8y>1vr{ogH}(vbcCZ%*LS|4P~n zxiyhQ`Dd7NU)EJOQTjaifaP_=ET97yOb+N=cLj?Dt8`hc{Qq)KHeQ4O&uZSzb$SQO zzlz+hYyx)vm&NG!v%V_-XV0PBfEf9IEwpUK()5M)zlLEgIYz5eTQ<-s$s=A)QBDVQ z^a0&Kw3f4{|Ho9=j7tx!oIf`WlY4&MkY*rlx!%c9_mBw8x^%e~%q2|ioW&t_#OcLn zp({EM)BF(3AtldzOX3l}uieV!SNDLDGgO1a&_$#(9p}h&gch07e-6ERW21+zuR^vg zz`7VlIvq5_#{JXKZ(3f|6V0>_gLw~=X|4wsaVTQ7U$AYiGhKSj6DXYt3!Sa;o$m$t z4=s^%;vVOV0h*x!%`&ZJr_of++7e1_VOMf5UWXM(Pz+*dSdqF%ARi7 zGEGVWizvS^ids+cj;-EJtIdb~6|46i{Yu6K3++PDb;?ZOLr~wJ>XjGVASH(`wR@v@ z;R6)Rz_44y-SP+B2qfad6hAWNpWbNv(jRb(za|-`n&tk2(#JhJZeGPj4U%olCxi1a z_tC~=qWcSaYtVf4h2{epoO^Lx6RHP=d!Qy$zQTzzdXE|>RJDjkng(YEK1uP*zCsor*+Iwktcj$Yts-|*j~we@}Q3sSn(#r_C88PE6`bB z?ss~j^w#Ec$QaI7KnYQqRwv@e&ix9YSb4*D!Iz2(-KHTYSRzP=aiemRLJ+ zWe^uuTw)gM?GPX(nuS*b-{@#*CI~xQ1Rt%iE|Y)>ii{eZ z+75fttvj%_np*W7j~(qjs25AJ@BeBh+jIMRu5N#sl*awO7M8wmmwjA=tc;d+8RDQ- z+^i4l%a56lEx&ozE846}kHXjLNZrY*L8tle>eTIbX~k*kAdY%X(YB+T%&;NC?uvid zR87jI(?WRXb4?LtmedScZJU-$z%M~v3&&5T*E7t=5xzON?C!%A3-Ca4+J{1042(9o zA$1#{V9Gc7)ofp}Bh@gx@kUI&NbY8oI;|%`gkz)jD#C)JF4@s2uC9-<6_z{`$fVp( zJ`CN$b*e~VfCaN$w*eM}%lMY~3Ot=Jnij+d|AyfZQE)!^%nCAS*w_AERBLgg$M>YS zD(}v+Bav4EvUd-WlP%P*WGm(0F1`a-?&BEu)p5F5Awf|H4%F;tN3Eb{GO771@4FSim_)`J9)+52%mM!9}lD-E8wrwLu~jq4lUu&{W$Z<^ge2$FE8 zb0axcvIzq{?yWHuEM$F73}3exDIa^p>@U}&OVuw@@AH5wN)QB-xP=CLV3~}W1Q=fgWXpQ07CihU0%zfd~;QZ zOMe+uwNq=8F6ZCygnR6WQsPKR-d`S+qgQq168>v(Gjjmy085+$NO-I0!LJ*V%Wc$=jO}=lpKJNE`y+Ff@293= zW}Y^qX>?lYj&sn?S3Q;zA2dkI`A3VCJ`ueCt0;#bNyP;oqqrG4avoO{Xi+gM9*7xj zrqOjYupGF68j#a#>>=i~hx*SSOrFgRreaX+Gb_I<8%X^0AY{%&8f~D|gR<>-vU1T% z)fj^>9Zq}o7jBL;xR8(e?mf?kLu~}$k%;ovY4DJ8ODp{u5fvi1#q)Dh7-e|1OJh6N zak{F#zTt&w;$PTy6JR}U0uX>_C!igBRK&Wo@94+tLfF7iQ`@qv+qC123_Yb3)rM#9 z%Umi^W`D3?L$JKOeiqb9Wm-cZX`@w*C-8W0Wy>97cg^19?T`YO+ z;p!Dx)o~I!>`2g@K!Cq~Xc_S-qextXGYuKK3j?^=Mgz<)e?w(hK3eoXpc3NNs*FzHOwclM zJ$N3IyeK!eYQmk3u(9WHQ8So|n3c3y^)ZPIDL-!iH4(4U5QzgNDDL=J;vy%ylB4%NU(B|iJ~neVNajPzu-XcsNHZ! zlB@FXD0!z@IS2mCTZg@tk@S0}0LOhLbIzcg>bm*sAu!>T>0J5aEcoh_l3PgG-eDhQ zdiLARf9)r-sFI{;)#(WIHO56r-3O>|HgctSyT5V4 zB>@S6g+)OTj)w26aK`b&KeE1mYC2$`*X?drZJJ)4tiS`U@ZDwapVjDo`Z{-`M9vgN z1d_hgu|k)ugwFOXdB>reMzf%ff#Z%oB4Z1WkkQ|f;x5Qnhlcx<-z7>2aYLf;lXZSF zO<_BCVAwX2^C#>DdgtH?sppP2pX~79oqX9x4g~>d7apQ7DH6s!d8)rTpT__Yvt^*` zz@?Am3^t#|Jjb$v>z!Bh-nBLHlP|Cl@S4!&A7q>@>!gRGLSVV0*bsku@Mg8Gw|;~$ z)%}CY$%^~L7LE{whW2(GQDI`e%w zg67o$zOlLiSS%*@>V*FoG@2ysq&Va!;>ZlI3yfVqFq`282QiHCLy}hc>K%z zkMGY5_ExC@)uO{BXS*umBCS!+A?sk|%CYU&8O?-ZAhhyjV|a9dXEyoiy?lB0wT1G5 zZ$BQ%(L)I?l7~*gMp9fbOoC}}4bGz2h{iLU=nBaTTk*_Ma$!6ir{`F^tH~778C+L< z94Z-<{zMUZ4E--p-1ueM4=%G=N)g9<+kI!eroW(y_EChCN+W2#pR;}b8muIKcr>zE z@X*CSeG|Vz`+2B}RMpCD0~59UZfYMjEiQ6!e?cqnH>H6A2r4pk3*Dz~x^fOvxZk+R zsTLx1U#wwpMJ%ktIHT|x>Br%UZWSqf@-iL>rFAJQQnh7dNjM(tSCWz2SyaLwz0I(Q zJZ(EpZNSX!cVaT@?{yqxs2Y31VX9%7yzd-s4I}J%^yoM!bQJ@&l}2nY8hwU=41f}HR!sO~HbFn02>7!lZ%NuIsb<(NJ-Mrr(_C^EZ5O?$ z`#hK10EjX0fRVq<^gcpcw1Ud(tg z+5m+*Afu;Cl~9sPA;pf&E6mQQg@@FX$7H7cgJpS6azxVFJG6r4l$YBarC-RgN7YO!+*FC$=r)!D@%>U)~>$pG|9S_Uk$ldpDA>@ z^r-M-3^29bM_<lPM84PqzVz)`MmS#A1~GHnvgi4a=KScCP^mF3!DkM&`H2%N$1mkA#W z0hMZJs>i248^KF*=5}C%KWmHgzqrmQWEwn~_!R(q6;xMHC-+z7UD`H<=vH*2Wwve0 z3$(7ap-j>Gwv=VQO(TbGB@HKL8c0*cGJot8E?ogVBRD~dsr#dD-o2W(^@~qNfmRb7 z%l9oO9+C&lom9+bzCJoivAJf}CF2n}TD!_!zEKo|#t`dQEFM<}2u;sQS(q08AX^12 z0eRrZYe;#jLYs2EE$e_8+9B?>8(O)TKJN2UYHN+xn>Ovk239*44YHO?e{l5=-AhyY zvb<%%UYQhK`#66cCRCj09mAPq%&H*wmy*n(d#A|$KCL{&lv+WIr=rYV>BWk;M)x@gWM67~)ce#12DnaKGAqYw0Kf>;^c6_Xt=j_g;%k}n5ZumQ0 zIgH=jF7%8Bmnrb~maJJ%6wxc*IYsot_{OVm%RkaBP#KSP9)IS7vBE?@(ctwWYPY<`&q>+wzSaF0Ae~ttN@I5{jdd5>Aac&G3~U zGnj^=QwI+%n05=8l=y&!`#SFB^>*gqE6iJ{54HFza%lJ*C{g0)UXJgJyoLKj<2a6%$AsNpJ#W~tH5oEMl`O$O0W8)IIDWWWD>A&|o;jX*4GRWV4c*kDz34-#Q z;i!!>rh*H`vUliwd_dcIzCUyUQg9*5xf1Lif;U8|z<5)LOHVY0>KOGZ!Cvc+QN*Sr zh~u8IJl4-$p4mJmWO(G579aHj*!^GS&1b>G3(C#mPd2&7`r_{fHB(O?OJ~@L&h7!K z)p3@S>;@w@pq<`lFhFFKFc(=wtr*S}dzTQO?#^V16b)wfgKR41PVo~zy9U+ynYm=Y ztc(9sa*fF~+uZAqc;qQQN?7k>^R4m{x|}M0aym$l(A=&bYNHY2aMP04y>~zNJvQ|n`YhSnhtsJ+6Aw+xTal6CR5%m2BJN{2TA^m?EyjwhK_ONbecCh@Jbk8&W>_|Cqq{E(yyw59OcfPN}jnlrrQt+v8uHUs^ z`=P^n3OQz3g1wCk=O~Mx*=$n-%kC;o_w}dB2O2UM*1$itT-oLpRqoc@UCzhvo5WH0pbInk<_&wWZkuiANIN^Ri>&_`tV@V zu~^O3otNwWZQ_Lbx)}>?;?dU2_XFuaC129YCzzT8zU-xocU|#YzE~m2B-|W+W;#uu zwp}-+5#=v##Q5HD;+6^f4!<4a9xRgWQJY?zyHz0LT?e+Vt@I<7*v1dT#D);CXugjZ zf>fqH265tS<`bBC1U&gyxywk!^!Y>`1>saNOYGa|&%rOgItRp_OSt8g3q}qHyi+;T zAiiRbb<-|ndYb#1_@72bD!S|5;jh?!;za$4rcP~%PihYuFgj}uH}}EyElz7^bnukt z?>npSeB2C}!v{aTIWaisi!USNr0%vK+*wQK7Gnxvy(_U%IVcTjwyD!NK-qONG5ysC z^3xO^lq)Ry4GO%kij(@j4m&%6!qgok_GNI7eQ7Mb)mHb>-}SErIA?i8eN13{evbPE zF}g=mbWy0PO=FT}OEjJCA0GGnJ}-|v&)nSEHE5{}gX^-q(qbTlvCi53QTktrVLOGs zr;LBGy^|t&SKvRvK95%3xflE{FcO22{>4P}jW=yFw7y%42Y$y6?Q3%7wm3^`whKmh9fr^w=>Z1Dc|m_s@h{z<=q=1t;z+0 zajdsp9W^0VhWyoalQ$hlKWK~Il~|a)#@gk6N`HbS6IOM#)YwdC)&0TUGhT<()wM4% zED61#uY=?sl5S9BrBLjtOq|g4znI}nM2fUm>;aYYj7-rfZ-tyw5?t@^UV7brxh-4B zImuRB-1UN(zg7rS*4W&L?T_2(tvOuOaNcTvu#1>pf5Q}XEePH{e92_&UCLGVlXG#N zZ`WaRzIOE%#&O?Lt`vIq-WHrElKxD4zoJ3A^N=?SnXCgfqF()+d;el>^W(hca#&9d z)$!}o7ZEY5moHW1v93(T*R->fdaAiFfNf!qsP{lEufkXK+01+2InQxh2>Qkk>$TbJ zumwxeE5FX7x@Cv7b3X+Xg&MRb-cHf8#h;@N9OSNUGsBeVW3NEsSzj-Ahwu6M*^ z-Ysj5c}^O;o#W~+)2&9m;jSPF-b#s9?G|9mIy=S_%jh62!&wM0d1IqaKMzb0osTk( zLhB8&-4!<87=W8hsobe_cE5Xz2mcuHCW-xISn0fUgtp#!Zo|d;x(K`OK5GX=$lIHX z0#yy-0zt|XV?OQHAF31DK&N%Xoic}?DzSjpw#Ph| z;azC)cnwi<71V&x{I6$2e%f62NZNPS8vgvM`#rDmjh=eC0Zr2U$A^fAIyO;XMEl=_ z554+kp(161kbU%bMz7T5Y%_hhbMajdPZcu$@y3^q8<+sju{|I!{5JXJ<-UPWI)5C0 zb6=TLJUq40JRpDp#@>FzRR-j~wsnA>EvyXSthnoiZ5ma*(}#*TkmMDK^v&hu=+CT* z-h1rVZD)P>f&a7g(+^5P(TUH|%iGXM61hz6U z^B(wKpNfC>7SxC2sOIYxhQXlEr+hyYV!u?4K>zwBdsi zIigI`B-e3@#aFP5*+gl*Jobq+O~F4P(VO>k=_KAfFJ_WRX{+hA`m*E2uKr< zE<~h+CcRgsN|O#ELg>Ay7+QpY(mO%|BqaHk`<~~1&pBtG{ayEudw<-A2PT?0u&m?Omc?PG=TRS zJH_69{I>dK1o2|x_pa_2sa+ck8#%n<-{w;m?`X9nCu*9AFIp&8H?BD4I4F`AtZZ&o+kLA&h1a;RHFH^t#xC&%22h=eE8%jk zuj@-;cF+D!(k*-s7Z=Wao{>Z1!o29~8S*vAj}oj^SOIM&q2jQ`DM;!drAV2Jyt`Rrtv=qJRfZ;*BA8XT64Xx;Wt-F+&~Yp@ zESmC&$g$vU+r+~^9jXp%Y~t&gwbP@QX4s^{y~)&jVR)vnp_**()IB8L^}G;z)^=6tNJ{VE3;c*cUYJi zXH1z^vsj?T^M@cL#lekJQ|)%f!ZThEWLdgU%(_u(bb=);A0ADK6mq}LR2?jITQN4v z^aD4~+-DiD3XMC?+8Z#j;RcNYllE>mcHiz{73vG}-fmAvJ9t{6qAb<*QS=|D-?J_XuerD;c`=>RZwWFZ>gsH?<>xiW!u%NKC+@~(Eq3#A*LfJ=tFPEE z?)1K9pNd!r=E*+ff1gHoT?~`i=U#K@MfFtrtX~==uy~{8ed^wfK$mAW;L=6dl7`*P z;JZ{$@UT|md)G5UhbA_#b84dD4);`((PQl27Y%%`l(Kc&R)Z6TRzCuh>`*5Z5S3#_`7AzoCAYEr?NiNDE8M9~ zb9K3lpsbjd#$;|lVJW1Y=9UlL>ogUkz1A_pz=M}!^Uh5)etx+6u8@wD{-H^3`2rEu z`PD?aBgnZ1uQofZ706C!m%0m@Sp1}#B4B9**gT}41ry5`7)yjSv~M1{-Vd{~4qYT7 z$cPkn_7>ws-#;)uF4a6S0R^sJbAt5ox%78Y!tPEA);pvTSu55iIZh*(sLn6&`3LP2 z1O(TmsFNWG=nLE0m{Il8iy4~QRBT_uE|&~kVqYnTpic`5D6P+oWUB7%aoDvD)PN~K zjX&Q&4B;0=UY#rJ-iQ-a3BN6s_f)25KKVG~0ySF%HQUj-}#!3X%gq#qmWUIOfoy>3~sJ=3qp{l)1tn9cD=?g&TFRrP!8^wr>mf) zyH~AHp*3qAoCnQwxIg6p)>14s!#8g#I9sgBOl7{BJJK6G#svp^HQs5j);RI3mtQv_ ziVB*1H%hEjcKDR@upFCq0KtU*WUUAB&ZcKiCS~RgW!ld=POD}E9xGAkMJG+^!m2a~q#)J}mbN3;tjO)gi5oxsJ<6nHGGjYtv1t z4%Wx(E(Bc;tmrh-9<_{JZexRbM^?dhg7%~tCZ6aCB8ct^GToav-wpmG z+Qhy?1-sIqMt>4bhquC7w@Mx}l$!cLI$i6_PBP)Dh8SYgUFP~G%M5~Xeaf_ZW2(%k zfGO$JTunKu^O>%XuOhh5yKVIAqf}9Op64mr=SKx!p7FFsQ+$! zvhAA_oYKAfUeBC%1SjOA+p~YB4~Re7zqY#cWh?-FVTuJo433+C+uBa6ZOKfUyGm@w zX65!H-dUF(Zb``++Q4VtXA*o)9sO+9o=R^zbt8L+o=bcY_0H0`@j{PhfO8)#B)|yP!-ZIgGLlr*Ra@Leh{DUR=k1 z9h80xJLB%k(QK%HI;DMiF?cyqC;SMO7kyneM!)KzA?8XU=qMw4&>l{PYEgt6RNq6j z!+r%#gf4%wtTXMjxo^TGJKZH$N>pIS-8q7)q?k+hTowyx~DP zu?@@V9+}o>tks$Ibbvbnf*{Pp4ZO$hG<+W2L0h)00WuZMr}lHF2{J_x3Bx40tl38N z?8b^m0Leoi&y;LI-ztEm&s4S{%yj}UmRNj(x_cfzeWcp<@RQq@cNM@}?9^GE*>0F` znKmo<^sofIV72hspN5wc)nZ?~Jx#GiuonoDXnK|lt)8{#rCVq(-GCymHun2aez+Dp z>CZ$K=;`|m6%id6y9xL(EiQUA6?%UzoU~Ao1u>ZLlkk1+1YQ{Q?Q;lE$3HcP?3Q;uaIc5B%hddSNBC`f> zG#_$E{+Ht~(8Zh2%}qi>HBR5bioENP9_gX+bqG(s0d1zCw?)y)_MwgrNR+W2ecW_{ z+*9+>8&HRk&GF<|BNu1d%biv9zWyYnmZHsmkGuqOfwtxpajQkI0*eZ;(LVdqH#V<`agFi$TghDX?VPxEYXxAT zoRC%Tky9)E`K6ol%is`A18LbOl9fBkF5(@>C>7nj(oq|6?Q49LQ;c{`k@)nRnL|ds zb$wJEc9St~YmP3}7DWLA-1B2n_b{Dy?sgXW1$saPNR^5`N{Ap&WGQw_DGNXs& zXTL97j)T43>`FUQk)9V#*Oqf3LPki(Im|fh-MQ+OHS8nnbL!&ZGm2Y9SgZBVE!_M& z&`P=6UC%pSrhOJr(l?R3UPfS*l!$AwjrMtt_vhpn%#obD5tm?}K~sTlwcYfJI$r`Q z8@25VA7dJ&ZNDc?G79X?9y!vSr#K)gfb#o^9fXCtQExzfxw z246R?@T~^UdFBcZ6U{DEic!pq+mtrYPpl;5@Hr}vG|s^_%89SgWP#33Yn^Az7@t%# zJ`!=|EU+2gvRZWCLf*CJuvQ^$x2hxLAotfC$PD{$G2*ljb{kTR-X06I#+cBC}lKU;sZJsF-OaK-!8V4iM( z4q3#YC-j6|o><$eXQ0&~J!s~5qaYI;e``OT){Lrkc^9|czg{{W@%$tbdORGPi*3fT z<`Zt<2i;Dz?8t&~!wRj2`0AilTBylR@6WlfL}uDss)kb!)cC_S_3}C%&Q{3?`jlvHdfVOa#qa}}=TIcfN z{%--c#37n|v6$R^ygBK(T4gM-KZM_z`*OWysN%~6eq~N~rTNzqR&R1iL6vD4nKJE+ zArFum|MKKQx923V`Wd^J%v2ZYdV?B_GEJSsooC6b%hgc6kB0Ag6}LgUuBjednDj}p z$YQF+%U<~a5K(Ce`QFE8hpJiQsXfYU;$FbMv7b2%0tm&GKTIw@jG}5)so_?F#?#Lo z=U9ERST2_le3Nr1vm-mSz_PXv*jqZjc1LR@e$wD5#-c9Po9vUlUg+s!9e-^bu{~h& zL5SrC;C_c358n+$rc6bIMtci&zciN3O3XDgtA9kK8b14C$v$myLw@94?DmX(g{>mX z)LjJNHRJNZXDl~%Jn z%gqs6WHLylTo_G?F+z;+||5f5q z;Mh&y{#MkSJR5#rK5+?^CUe!q$!6~KBQnQ=Da*tpwloPiZtPW^1?CdfLK(7MXCJyg z5jRXc_aHc+BGt*Z)t0)f*(12=V` zB~=+eadV!+#l{z1Po^PV*VZ7`d}J{Cy0M9@ z@nU<#2K1;x$o6?#;c|Grq8-+J;^(eo-ZIbUPXY!GUa9rL_f$?&aMYSR-jPcNs>8X? zfOEFLg&)LVlyvsV{j=Q-x>3sYkyf{*eyJPMl#_DQyx=`dn8E?i2{z5rP<)dAbqmmu z`(?aCA)_52Gq6z2v}#7EfHkw)-nf@WvE0_<{=3F2CUkEX0&6+fa^nJq&ZYID!D#q) zheKSOfL$V$5d}-na{-owXO~(j?owA^y$=`Z_&jMPeBR4=ELnJ#!Dj4-BUS^3F;IzZ zqb{J2{?^N!o-pUMi{soY@4r+V;dgHhhZ!f(TiJseXn=EkZE2M6YJgp{MC_+7ayf%ttvgQL+nzm=yqKLAvH>?@v<=fGg_}&Q?wA5NgSnPSiMz7W-0IQFB zQ4qa_&UlTaE4zSveahUJH!{Nc75aR@TkutM!;WWB{*%j}svY0*m!!*w^gj@PU%apV zW5Y@+#mXUWI&jAW833&Jp<~QS&wUOQ%jm3g4xQtX7+fXq@oG!gDtGe?y7FZx+&7ic z`Ns+jL3=!HNSOZ7gkzmyV)(X8XzX|OUH%z*;+xUAALtB%-4CuIti&5!jAKU$fp#CmnAV)ZhA)zU zm%lReBnK+PPV!99a0|D)gHq8|kJ|EDG_jFqVYCJnVk^~Sj)|`aczCU~$D}_oAe$!G$-=Y0#(3~m`+=^S5#S!u@KrTM*YXth@TInv z%-_DX_cP?ArEUXi98T{Do@Y;ssUMOSP>8RJPb#LL`yK;q1%42?(c$@d-v*{(_lf5C z=uGJBB2Mu_|J?&(be8}Zcy6;}c<9x*zyfnXHCRQ}0Rn^#nJK>J;m8VM-mjz>_%u^x zv~Mn8q>BmN_bq_j*~xT^Bwel}k3G2tcI7TG5aqN*dqnB3MW zDrfm&2W(-{*RmCi`0w1=Oxu+jvd_EB>dp|6Y+H$G?oI7Pdui%iy7fb%!EfxPZW<`D z8>98;@d22mKdm>O`$&>>@sJ5VgEdCOhwvw}rSN|FRV5fAd$5FsCyx?$sng$W$tQBN&aA)44Sx(of#frt2Fl&m zHRW^6yX>~=U@q8H9npoE#p}qTr%X`rUNsJ61rE+4FlcE)U}2r%eg=%WMi24fGp@ct z5#p}SXLR+d%Snc(HNN>HR9+r2K&hKFO2vE-6raOgs-`P{1gQfSyON%>CdOhg9-Kq- z0ObxduoTW!7AS?CU^30Bp=!E;jUUryei8{>vbiPX;}Yi6`H9Kq=Vi7egK=E4id*eY z0MnonC%CsQ9h*+!P<7p}0*`?QHllN^yIj8k>*M@HgQ(o`swN)}FW1LIGihr_V{g4F ziiO@mvPHw!z9r1dx|BW`g2aVm;muy}gkgyIx{qJY0ba!&7OWiDZQ_@bc1sAmK~|-a zZVpIy;dJEKY8ull;RyDy!%9@EnjToJqBT3t$+x@Nm44S++Tq_fq7YlKfW!9^YZpNL-e7P-E6(=qO`XR-amPw^m z+9Mxbt=hH@Dn)ZP z_h3cASExR|iO2wBZZyw4Ot&C89x4-#%f`}XkXP}Kh0+FDn=Y6HYE``nf7%#WLVOK- zwD;wSGU@4i6-UHn#^7F?V5JXslZ!#6mE>pZjD3gr@{0WR_By^?HMG4!p{;6+UJ9d+=-npu%#@W~LP^^5GGDI_&MDy9n%GP{9 zn8+~CCUk9@S^2-rIY$#BGU2dOBflAo@U)ds6Z>#`r&st^gy)J8Xd{IzbI5rj&S8S6 zv=nz*dToQ*8LW%0j2k?fXfUqy0G|Th7-fV5o4Ogyr7Or#tqrvLy;X60clW)EWYtqZ z-+T?fZU(X-U!%?1%L^3u~=056_#E(E*75sxkEyB zjy2*srqanKXdXV0iLJkmz4y5W>8?#o00JuaK|OEpV6HB(#u#wuAp=Lt0mJtB`M}v{ zTUl7mT}TY6=(_Z*odU4%O+(W4(#S1tB`p@Zc@Fb%>nWhyw&y?|h*m{)RPX3lj!Bi0 z)gd69vb5RFH5D_%l>m?$eD>OQJ?A@sUs1^NLSD(D&%Xi%l(!rGn<3m4%};#yZmLOT zVGkn0=A+-wT4M*TWCXX2dfdDW&~UiB#&i`$9|8EvAeAmRwXMg#05otBVRO-rTjY&! zX z=$4^;{YVKhHPBX#LB-n6SGFKIx^&@wPnLg=ox^n2{fBku_vHV4uHE=)N7sRKwmRkm9MqG{1T^%Cn2Uco}dD=DT`cWkY=`o+i&}V>X5D zo=p}#;-Z!B25eP$t1uxhZ z^Q-J-qE3=h)mM`AhdznJ9+mv7qDk>$+f!MFqQPbXxc54K6W{ss{l8wy4si5ba0PbI zP%yi|P_GLU^>5NsKZ2(tz9pi8#S)BLxVXJ4FT&D?BxI??WqeKhkOtTJQ#mrt zoRRx=71c3QwB6VC#oiXCs`j;!3*mA#Qe@>~*tpI9QJ`m^%&ssb>kjwQ5FiUkhEO zE+OLMm18fNp17|qdr7eZ=P}cquN5OOY<|D~Pf0aIac)nX=7Ey=>E+2@D;ta7NTe!P z5p-1SzkA!Sdb$I$a0@Mm>;KZ4e{S2KegYb-%hz%f9@{9M>huI0 zb3~!{Wau^*ckclOv_Pf>kSPyj`u@t)1Tu5Mw9sD#t`X=@TM*e7n1#PJ*k2)e^NJsi zwJKxaJ-?GUgK4?AORmo(|K@$aDvCf;?{_y?1^WD^d;x`+s(D94QBhda`m*ir?>Bi| zU!ihr)ADa&p(4;(>Oa0WsBAP}1ZjWg;zYw!Ze0|rURR6?a z{|uQw{ZtLHz*i(8d?ypP1cE-d`4$6~L-40B9}%uYmxF z-Gu=VhXMs0K!FiZAf@wRGb1)@{*N#Do!QlYQ*9N%TS9-)%wJdj8@~UcUH|v1b)MFq zFawN(_P-dz3W5KD@~3K)uHKjYm%ILts3!tltPaGQ|J!WAia((HujefPpejT$ar9p> zh!uPISK$3?>9A7#2S)hcg6jUmi2lEq?71{zOBL|I38}u;nX}xaOe7>E6eOV)H^5oa zVhfA8q$DF@)Ibg!kWWH#2Ka3V`SqWzqrI1xn3J2~qjMyrYFlOY-hNahXUNt_Nl5 Date: Sat, 3 Feb 2024 09:21:08 -0600 Subject: [PATCH 03/14] clippy fixes --- yara-x/src/modules/macho/parser.rs | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 5c438a9f0..0840f174c 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -32,7 +32,7 @@ const _CS_MAGIC_REQUIREMENTS: u32 = 0xfade0c01; const _CS_MAGIC_CODEDIRECTORY: u32 = 0xfade0c02; const _CS_MAGIC_EMBEDDED_SIGNATURE: u32 = 0xfade0cc0; const _CS_MAGIC_DETACHED_SIGNATURE: u32 = 0xfade0cc1; -const _CS_MAGIC_BLOBWRAPPER: u32 = 0xfade0b01; +const CS_MAGIC_BLOBWRAPPER: u32 = 0xfade0b01; const CS_MAGIC_EMBEDDED_ENTITLEMENTS: u32 = 0xfade7171; /// Mach-O dynamic linker constant @@ -285,18 +285,14 @@ impl<'a> MachO<'a> { let offset = code_signature_data.dataoff as usize; let size = code_signature_data.datasize as usize; let super_data = &data[offset..offset + size]; - match macho.cs_superblob()(&super_data) { - Err(_err) => { - #[cfg(feature = "logging")] - error!("Error parsing Mach-O file: {:?}", _err); - // fail silently if it fails, data was not formatted - // correctly but parsing should still proceed for - // everything else - } - _ => {} - } + if let Err(_err) = macho.cs_superblob()(super_data) { + #[cfg(feature = "logging")] + error!("Error parsing Mach-O file: {:?}", _err); + // fail silently if it fails, data was not formatted + // correctly but parsing should still proceed for + // everything else + }; } - Ok(macho) } } @@ -742,6 +738,9 @@ impl<'a> MachOFile<'a> { } } } + CS_MAGIC_BLOBWRAPPER => { + // TODO: Parse certificates + } _ => {} } } From 5f17fdfe9b7f3d8e7bca5e44979d0472f5422e9f Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Sat, 3 Feb 2024 10:14:43 -0600 Subject: [PATCH 04/14] update tests for new tests --- ...c85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index 29dcbee41..ce8e3011c 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -335,4 +335,7 @@ file: extreloff: 33008 nextrel: 4 locreloff: 0 - nlocrel: 0 \ No newline at end of file + nlocrel: 0 + code_signature_data: + dataoff: 33120 + datasize: 408 \ No newline at end of file From 8964c45d1670eb5e6eee0c95bc9e1df2cf8310dd Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Sat, 3 Feb 2024 12:46:18 -0600 Subject: [PATCH 05/14] feat: implement signing certificate parsing for mach-o --- Cargo.lock | 644 ++++++++++++++++++ yara-x/Cargo.toml | 1 + yara-x/src/modules/macho/parser.rs | 56 +- ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 9 +- .../modules/macho/tests/testdata/chess.out | 9 +- yara-x/src/modules/protos/macho.proto | 15 +- 6 files changed, 727 insertions(+), 7 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index a77c457be..878b26843 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -244,6 +244,16 @@ version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" +[[package]] +name = "bcder" +version = "0.7.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c627747a6774aab38beb35990d88309481378558875a41da1a4b2e373c906ef0" +dependencies = [ + "bytes", + "smallvec", +] + [[package]] name = "bincode" version = "1.3.3" @@ -630,6 +640,12 @@ dependencies = [ "windows-sys 0.45.0", ] +[[package]] +name = "const-oid" +version = "0.9.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8" + [[package]] name = "const-random" version = "0.1.17" @@ -665,6 +681,16 @@ dependencies = [ "unicode-segmentation", ] +[[package]] +name = "core-foundation" +version = "0.9.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.6" @@ -974,6 +1000,23 @@ dependencies = [ "typenum", ] +[[package]] +name = "cryptographic-message-syntax" +version = "0.26.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "43c324ba1028cef7e3a71a00cbf585637bb0215dec2f6a2b566d094190a1309b" +dependencies = [ + "bcder", + "bytes", + "chrono", + "hex", + "pem", + "reqwest", + "ring", + "signature", + "x509-certificate", +] + [[package]] name = "csscolorparser" version = "0.6.2" @@ -1034,6 +1077,16 @@ version = "0.3.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5729f5117e208430e437df2f4843f5e5952997175992d1414f94c57d61e270b4" +[[package]] +name = "der" +version = "0.7.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fffa369a668c8af7dbf8b5e56c9f744fbd399949ed171606040001947de40b1c" +dependencies = [ + "const-oid", + "zeroize", +] + [[package]] name = "deranged" version = "0.3.10" @@ -1131,6 +1184,15 @@ version = "0.3.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a357d28ed41a50f9c765dbfe56cbc04a64e53e5fc58ba79fbc34c10ef3df831f" +[[package]] +name = "encoding_rs" +version = "0.8.33" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7268b386296a025e474d5140678f75d6de9493ae55a5d709eeb9dd08149945e1" +dependencies = [ + "cfg-if", +] + [[package]] name = "enum_dispatch" version = "0.3.12" @@ -1264,6 +1326,15 @@ version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "form_urlencoded" +version = "1.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e13624c2627564efccf4934284bdd98cbaa14e79b0b5a141218e507b3a823456" +dependencies = [ + "percent-encoding", +] + [[package]] name = "fraction" version = "0.14.0" @@ -1296,6 +1367,54 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e6d5a32815ae3f33302d95fdcb2ce17862f8c65363dcfd29360480ba1001fc9c" +[[package]] +name = "futures-channel" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eac8f7d7865dcb88bd4373ab671c8cf4508703796caa2b1985a9ca867b3fcb78" +dependencies = [ + "futures-core", +] + +[[package]] +name = "futures-core" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "dfc6580bb841c5a68e9ef15c77ccc837b40a7504914d52e47b8b0e9bbda25a1d" + +[[package]] +name = "futures-io" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a44623e20b9681a318efdd71c299b6b222ed6f231972bfe2f224ebad6311f0c1" + +[[package]] +name = "futures-sink" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9fb8e00e87438d937621c1c6269e53f536c14d3fbd6a042bb24879e57d474fb5" + +[[package]] +name = "futures-task" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "38d84fa142264698cdce1a9f9172cf383a0c82de1bddcf3092901442c4097004" + +[[package]] +name = "futures-util" +version = "0.3.30" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d6401deb83407ab3da39eba7e33987a73c3df0c82b4bb5813ee871c19c41d48" +dependencies = [ + "futures-core", + "futures-io", + "futures-task", + "memchr", + "pin-project-lite", + "pin-utils", + "slab", +] + [[package]] name = "fxhash" version = "0.2.1" @@ -1403,6 +1522,25 @@ dependencies = [ "yansi 1.0.0-rc.1", ] +[[package]] +name = "h2" +version = "0.3.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb2c4422095b67ee78da96fbb51a4cc413b3b25883c7717ff7ca1ab31022c9c9" +dependencies = [ + "bytes", + "fnv", + "futures-core", + "futures-sink", + "futures-util", + "http", + "indexmap 2.1.0", + "slab", + "tokio", + "tokio-util", + "tracing", +] + [[package]] name = "half" version = "1.8.2" @@ -1478,12 +1616,84 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "http" +version = "0.2.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8947b1a6fad4393052c7ba1f4cd97bed3e953a95c79c92ad9b051a04611d9fbb" +dependencies = [ + "bytes", + "fnv", + "itoa", +] + +[[package]] +name = "http-body" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7ceab25649e9960c0311ea418d17bee82c0dcec1bd053b5f9a66e265a693bed2" +dependencies = [ + "bytes", + "http", + "pin-project-lite", +] + +[[package]] +name = "httparse" +version = "1.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" + +[[package]] +name = "httpdate" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "df3b46402a9d5adb4c86a0cf463f42e19994e3ee891101b1841f30a545cb49a9" + [[package]] name = "humantime" version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4" +[[package]] +name = "hyper" +version = "0.14.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bf96e135eb83a2a8ddf766e426a841d8ddd7449d5f00d34ea02b41d2f19eef80" +dependencies = [ + "bytes", + "futures-channel", + "futures-core", + "futures-util", + "h2", + "http", + "http-body", + "httparse", + "httpdate", + "itoa", + "pin-project-lite", + "socket2", + "tokio", + "tower-service", + "tracing", + "want", +] + +[[package]] +name = "hyper-rustls" +version = "0.24.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec3efd23720e2049821a693cbc7e65ea87c72f1c58ff2f9522ff332b1491e590" +dependencies = [ + "futures-util", + "http", + "hyper", + "rustls", + "tokio", + "tokio-rustls", +] + [[package]] name = "iana-time-zone" version = "0.1.58" @@ -1519,6 +1729,16 @@ version = "1.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39" +[[package]] +name = "idna" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "634d9b1461af396cad843f47fdba5597a4f9e6ddd4bfb6ff5d85028c25cb12f6" +dependencies = [ + "unicode-bidi", + "unicode-normalization", +] + [[package]] name = "ignore" version = "0.4.21" @@ -1626,6 +1846,12 @@ version = "1.9.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa3eb1c7e05b0f9ddc99a1e9f186a434fa0bfd0087d6369acf5f2814731ab610" +[[package]] +name = "ipnet" +version = "2.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f518f335dce6725a761382244631d86cf0ccb2863413590b31338feb467f9c3" + [[package]] name = "is-terminal" version = "0.4.10" @@ -1949,6 +2175,12 @@ dependencies = [ "cpufeatures", ] +[[package]] +name = "mime" +version = "0.3.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6877bb514081ee2a7ff5ef9de3281f14a4dd4bceac4c09388074a6b5df8a139a" + [[package]] name = "minimal-lexical" version = "0.2.1" @@ -2127,6 +2359,16 @@ dependencies = [ "autocfg", ] +[[package]] +name = "num_cpus" +version = "1.16.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" +dependencies = [ + "hermit-abi", + "libc", +] + [[package]] name = "object" version = "0.32.2" @@ -2250,6 +2492,22 @@ version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "19b17cddbe7ec3f8bc800887bab5e717348c95ea2ca0b1bf0837fb964dc67099" +[[package]] +name = "pem" +version = "3.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310" +dependencies = [ + "base64 0.21.5", + "serde", +] + +[[package]] +name = "percent-encoding" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" + [[package]] name = "pest" version = "2.7.5" @@ -2365,6 +2623,18 @@ dependencies = [ "siphasher", ] +[[package]] +name = "pin-project-lite" +version = "0.2.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8afb450f006bf6385ca15ef45d71d2288452bc3683ce2e2cacc0d18e4be60b58" + +[[package]] +name = "pin-utils" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184" + [[package]] name = "pkg-config" version = "0.3.28" @@ -2766,6 +3036,47 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +[[package]] +name = "reqwest" +version = "0.11.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c6920094eb85afde5e4a138be3f2de8bbdf28000f0029e72c45025a56b042251" +dependencies = [ + "base64 0.21.5", + "bytes", + "encoding_rs", + "futures-core", + "futures-util", + "h2", + "http", + "http-body", + "hyper", + "hyper-rustls", + "ipnet", + "js-sys", + "log", + "mime", + "once_cell", + "percent-encoding", + "pin-project-lite", + "rustls", + "rustls-pemfile", + "serde", + "serde_json", + "serde_urlencoded", + "sync_wrapper", + "system-configuration", + "tokio", + "tokio-rustls", + "tower-service", + "url", + "wasm-bindgen", + "wasm-bindgen-futures", + "web-sys", + "webpki-roots", + "winreg", +] + [[package]] name = "rgb" version = "0.8.37" @@ -2775,6 +3086,20 @@ dependencies = [ "bytemuck", ] +[[package]] +name = "ring" +version = "0.17.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "688c63d65483050968b2a8937f7995f443e27041a0f7700aa59b0822aedebb74" +dependencies = [ + "cc", + "getrandom", + "libc", + "spin", + "untrusted", + "windows-sys 0.48.0", +] + [[package]] name = "roxmltree" version = "0.19.0" @@ -2806,6 +3131,37 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "rustls" +version = "0.21.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f9d5a6813c0759e4609cd494e8e725babae6a2ca7b62a5536a13daaec6fcb7ba" +dependencies = [ + "log", + "ring", + "rustls-webpki", + "sct", +] + +[[package]] +name = "rustls-pemfile" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" +dependencies = [ + "base64 0.21.5", +] + +[[package]] +name = "rustls-webpki" +version = "0.101.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8b6275d1ee7a1cd780b64aca7726599a1dbc893b1e64144529e55c3c2f745765" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "rustversion" version = "1.0.14" @@ -2833,6 +3189,16 @@ version = "1.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49" +[[package]] +name = "sct" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da046153aa2352493d6cb7da4b6e5c0c057d8a1d0a9aa8560baffdd945acd414" +dependencies = [ + "ring", + "untrusted", +] + [[package]] name = "semver" version = "0.11.0" @@ -2903,6 +3269,18 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_urlencoded" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd" +dependencies = [ + "form_urlencoded", + "itoa", + "ryu", + "serde", +] + [[package]] name = "sha1" version = "0.10.6" @@ -2984,6 +3362,15 @@ dependencies = [ "libc", ] +[[package]] +name = "signature" +version = "2.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de" +dependencies = [ + "rand_core", +] + [[package]] name = "similar" version = "2.3.0" @@ -3025,6 +3412,15 @@ dependencies = [ "walkdir", ] +[[package]] +name = "slab" +version = "0.4.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f92a496fb766b417c996b9c5e57daf2f7ad3b0bebe1ccfca4856390e3d3bb67" +dependencies = [ + "autocfg", +] + [[package]] name = "slice-group-by" version = "0.3.1" @@ -3040,6 +3436,32 @@ dependencies = [ "serde", ] +[[package]] +name = "socket2" +version = "0.5.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5fac59a5cb5dd637972e5fca70daf0523c9067fcdc4842f053dae04a18f8e9" +dependencies = [ + "libc", + "windows-sys 0.48.0", +] + +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + +[[package]] +name = "spki" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d" +dependencies = [ + "base64ct", + "der", +] + [[package]] name = "sptr" version = "0.3.2" @@ -3179,6 +3601,33 @@ dependencies = [ "unicode-ident", ] +[[package]] +name = "sync_wrapper" +version = "0.1.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2047c6ded9c721764247e62cd3b03c09ffc529b2ba5b10ec482ae507a4a70160" + +[[package]] +name = "system-configuration" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" +dependencies = [ + "bitflags 1.3.2", + "core-foundation", + "system-configuration-sys", +] + +[[package]] +name = "system-configuration-sys" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a75fb188eb626b924683e3b95e3a48e63551fcfb51949de2f06a9d91dbee93c9" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "tap" version = "1.0.1" @@ -3334,12 +3783,67 @@ dependencies = [ "serde_json", ] +[[package]] +name = "tinyvec" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50" +dependencies = [ + "tinyvec_macros", +] + +[[package]] +name = "tinyvec_macros" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" + [[package]] name = "tlsh-fixed" version = "0.1.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f762ca8308eda1e38512dc88a99f021e5214699ba133de157f588c8bfd0745c7" +[[package]] +name = "tokio" +version = "1.36.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61285f6515fa018fb2d1e46eb21223fff441ee8db5d0f1435e8ab4f5cdb80931" +dependencies = [ + "backtrace", + "bytes", + "libc", + "mio", + "num_cpus", + "pin-project-lite", + "socket2", + "windows-sys 0.48.0", +] + +[[package]] +name = "tokio-rustls" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c28327cf380ac148141087fbfb9de9d7bd4e84ab5d2c28fbc911d753de8a7081" +dependencies = [ + "rustls", + "tokio", +] + +[[package]] +name = "tokio-util" +version = "0.7.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5419f34732d9eb6ee4c3578b7989078579b7f039cbbb9ca2c4da015749371e15" +dependencies = [ + "bytes", + "futures-core", + "futures-sink", + "pin-project-lite", + "tokio", + "tracing", +] + [[package]] name = "toml" version = "0.5.11" @@ -3349,6 +3853,37 @@ dependencies = [ "serde", ] +[[package]] +name = "tower-service" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52" + +[[package]] +name = "tracing" +version = "0.1.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c3523ab5a71916ccf420eebdf5521fcef02141234bbc0b8a49f2fdc4544364ef" +dependencies = [ + "pin-project-lite", + "tracing-core", +] + +[[package]] +name = "tracing-core" +version = "0.1.32" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c06d3da6113f116aaee68e4d601191614c9053067f9ab7f6edbcb161237daa54" +dependencies = [ + "once_cell", +] + +[[package]] +name = "try-lock" +version = "0.2.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b" + [[package]] name = "typenum" version = "1.17.0" @@ -3370,12 +3905,27 @@ dependencies = [ "version_check", ] +[[package]] +name = "unicode-bidi" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "08f95100a766bf4f8f28f90d77e0a5461bbdb219042e7679bebe79004fed8d75" + [[package]] name = "unicode-ident" version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" +[[package]] +name = "unicode-normalization" +version = "0.1.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921" +dependencies = [ + "tinyvec", +] + [[package]] name = "unicode-segmentation" version = "1.10.1" @@ -3400,6 +3950,23 @@ version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e1766d682d402817b5ac4490b3c3002d91dfa0d22812f341609f97b08757359c" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + +[[package]] +name = "url" +version = "2.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "31e6302e3bb753d46e83516cae55ae196fc0c309407cf11ab35cc51a4c2a4633" +dependencies = [ + "form_urlencoded", + "idna", + "percent-encoding", +] + [[package]] name = "utf8parse" version = "0.2.1" @@ -3468,6 +4035,15 @@ dependencies = [ "syn 1.0.109", ] +[[package]] +name = "want" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e" +dependencies = [ + "try-lock", +] + [[package]] name = "wasi" version = "0.11.0+wasi-snapshot-preview1" @@ -3499,6 +4075,18 @@ dependencies = [ "wasm-bindgen-shared", ] +[[package]] +name = "wasm-bindgen-futures" +version = "0.4.39" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ac36a15a220124ac510204aec1c3e5db8a22ab06fd6706d881dc6149f8ed9a12" +dependencies = [ + "cfg-if", + "js-sys", + "wasm-bindgen", + "web-sys", +] + [[package]] name = "wasm-bindgen-macro" version = "0.2.89" @@ -3906,6 +4494,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "webpki-roots" +version = "0.25.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f20c57d8d7db6d3b86154206ae5d8fba62dd39573114de97c2cb0578251f8e1" + [[package]] name = "wezterm-bidi" version = "0.2.2" @@ -4226,6 +4820,16 @@ version = "0.52.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dff9641d1cd4be8d1a070daf9e3773c5f67e78b4d9d42263020c057706765c04" +[[package]] +name = "winreg" +version = "0.50.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "524e57b2c537c0f9b1e69f1965311ec12182b4122e45035b1508cd24d2adadb1" +dependencies = [ + "cfg-if", + "windows-sys 0.48.0", +] + [[package]] name = "wit-parser" version = "0.13.0" @@ -4252,6 +4856,25 @@ dependencies = [ "tap", ] +[[package]] +name = "x509-certificate" +version = "0.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "66534846dec7a11d7c50a74b7cdb208b9a581cad890b7866430d438455847c85" +dependencies = [ + "bcder", + "bytes", + "chrono", + "der", + "hex", + "pem", + "ring", + "signature", + "spki", + "thiserror", + "zeroize", +] + [[package]] name = "yaml-rust" version = "0.4.5" @@ -4315,6 +4938,7 @@ dependencies = [ "byteorder", "crc32fast", "criterion", + "cryptographic-message-syntax", "fmmap", "globwalk", "goldenfile", @@ -4489,6 +5113,26 @@ dependencies = [ "syn 2.0.43", ] +[[package]] +name = "zeroize" +version = "1.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "525b4ec142c6b68a2d10f01f7bbf6755599ca3f81ea53b8431b7dd348f5fdb2d" +dependencies = [ + "zeroize_derive", +] + +[[package]] +name = "zeroize_derive" +version = "1.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.43", +] + [[package]] name = "zip" version = "0.6.6" diff --git a/yara-x/Cargo.toml b/yara-x/Cargo.toml index 2ffd9f9fe..5b515c957 100644 --- a/yara-x/Cargo.toml +++ b/yara-x/Cargo.toml @@ -177,6 +177,7 @@ yara-x-proto = { workspace = true } lingua = { version = "1.6.0", optional = true, default-features = false, features = ["english", "german", "french", "spanish"] } roxmltree = "0.19.0" +cryptographic-message-syntax = "0.26.0" [build-dependencies] protobuf = { workspace = true } diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 0840f174c..4ba15def8 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -1,5 +1,6 @@ use crate::modules::protos; use bstr::{BStr, ByteSlice}; +use cryptographic_message_syntax::SignedData; #[cfg(feature = "logging")] use log::error; use nom::bytes::complete::take; @@ -254,6 +255,7 @@ impl<'a> MachO<'a> { stack_size: None, code_signature_data: None, entitlements: Vec::new(), + certificates: None, }; for _ in 0..macho.header.ncmds as usize { @@ -312,6 +314,7 @@ pub struct MachOFile<'a> { rpaths: Vec<&'a [u8]>, code_signature_data: Option, entitlements: Vec, + certificates: Option, } impl<'a> MachOFile<'a> { @@ -739,7 +742,36 @@ impl<'a> MachOFile<'a> { } } CS_MAGIC_BLOBWRAPPER => { - // TODO: Parse certificates + if let Ok(signage) = SignedData::parse_ber( + &super_data + [offset + size_of_blob..offset + length], + ) { + let signers = signage.signers(); + let certs = signage.certificates(); + let mut cert_info = Certificates { + common_names: Vec::new(), + signer_names: Vec::new(), + }; + + certs.for_each(|cert| { + let name = + cert.subject_common_name().unwrap(); + cert_info.common_names.push(name); + }); + + signers.for_each(|signer| { + let (name, _) = signer + .certificate_issuer_and_serial() + .unwrap(); + cert_info.signer_names.push( + name.user_friendly_str() + .unwrap() + .to_string(), + ); + }); + + self.certificates = Some(cert_info); + } } _ => {} } @@ -1006,6 +1038,11 @@ struct Dylib<'a> { compatibility_version: u32, } +struct Certificates { + common_names: Vec, + signer_names: Vec, +} + struct CSBlob { magic: u32, length: u32, @@ -1114,6 +1151,10 @@ impl From> for protos::macho::Macho { MessageField::some(cs_data.into()); } + if let Some(cert_data) = &m.certificates { + result.certificates = MessageField::some(cert_data.into()); + } + result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); result @@ -1157,6 +1198,10 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.code_signature_data = MessageField::some(cs_data.into()); } + if let Some(cert_data) = &macho.certificates { + result.certificates = MessageField::some(cert_data.into()); + } + result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); @@ -1264,3 +1309,12 @@ impl From<&LinkedItData> for protos::macho::LinkedItData { result } } + +impl From<&Certificates> for protos::macho::Certificates { + fn from(cert: &Certificates) -> Self { + let mut result = protos::macho::Certificates::new(); + result.common_names.extend(cert.common_names.clone()); + result.signer_names.extend(cert.signer_names.clone()); + result + } +} diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index 0622889c2..88ace2af4 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -266,4 +266,11 @@ dylibs: - name: "/usr/lib/libSystem.B.dylib" timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" - current_version: "1252.0.0" \ No newline at end of file + current_version: "1252.0.0" +certificates: + common_names: + - "Developer ID Certification Authority" + - "Apple Root CA" + - "Developer ID Application: EFI Inc (82PCFB3NFC)" + signer_names: + - "CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/chess.out b/yara-x/src/modules/macho/tests/testdata/chess.out index 569891849..c173cf8a4 100644 --- a/yara-x/src/modules/macho/tests/testdata/chess.out +++ b/yara-x/src/modules/macho/tests/testdata/chess.out @@ -495,4 +495,11 @@ entitlements: - "com.apple.security.app-sandbox" - "com.apple.security.device.microphone" - "com.apple.security.files.user-selected.read-write" - - "com.apple.security.network.client" \ No newline at end of file + - "com.apple.security.network.client" +certificates: + common_names: + - "Apple Code Signing Certification Authority" + - "Apple Root CA" + - "Software Signing" + signer_names: + - "CN=Apple Code Signing Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" \ No newline at end of file diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index ad82307ba..c5b90f75b 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -15,6 +15,11 @@ message LinkedItData { optional uint32 datasize = 2; } +message Certificates { + repeated string common_names = 1; + repeated string signer_names = 2; +} + message Dylib { optional bytes name = 1; optional uint32 timestamp = 2 [(yaml.field).fmt = "t"]; @@ -100,6 +105,7 @@ message File { repeated string entitlements = 17; optional Dysymtab dysymtab = 18; optional LinkedItData code_signature_data = 19; + optional Certificates certificates = 20; } message Macho { @@ -123,14 +129,15 @@ message Macho { repeated Dylib dylibs = 17; repeated bytes rpaths = 18; repeated string entitlements = 19; + optional Certificates certificates = 20; // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 20 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 21; - repeated FatArch fat_arch = 22; + optional uint32 fat_magic = 21 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 22; + repeated FatArch fat_arch = 23; // Nested Mach-O files - repeated File file = 23; + repeated File file = 24; } enum HEADER { From acb59aa70ca7deb18049dfce34b72265d94591c7 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Mon, 5 Feb 2024 20:45:04 -0600 Subject: [PATCH 06/14] feat: implement dyld_info load command parsing for mach-o --- yara-x/src/modules/macho/parser.rs | 92 +++++++++++++++++++ ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 11 +++ ...18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 11 +++ .../modules/macho/tests/testdata/chess.out | 11 +++ .../testdata/macho_x86_64_dylib_file.out | 13 ++- .../macho/tests/testdata/macho_x86_file.out | 11 +++ .../macho/tests/testdata/tiny_universal.out | 24 ++++- yara-x/src/modules/protos/macho.proto | 33 +++++-- 8 files changed, 195 insertions(+), 11 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 4ba15def8..d007b60d6 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -52,6 +52,8 @@ const LC_SEGMENT_64: u32 = 0x00000019; const LC_RPATH: u32 = 0x1c | LC_REQ_DYLD; const LC_CODE_SIGNATURE: u32 = 0x0000001d; const LC_REEXPORT_DYLIB: u32 = 0x1f | LC_REQ_DYLD; +const LC_DYLD_INFO: u32 = 0x00000022; +const LC_DYLD_INFO_ONLY: u32 = 0x22 | LC_REQ_DYLD; const LC_DYLD_ENVIRONMENT: u32 = 0x00000027; const LC_MAIN: u32 = 0x28 | LC_REQ_DYLD; const LC_SOURCE_VERSION: u32 = 0x0000002a; @@ -249,6 +251,7 @@ impl<'a> MachO<'a> { rpaths: Vec::new(), dysymtab: None, dynamic_linker: None, + dyld_info: None, source_version: None, entry_point_offset: None, entry_point_rva: None, @@ -309,6 +312,7 @@ pub struct MachOFile<'a> { segments: Vec>, dylibs: Vec>, dysymtab: Option, + dyld_info: Option, dynamic_linker: Option<&'a [u8]>, source_version: Option, rpaths: Vec<&'a [u8]>, @@ -454,6 +458,11 @@ impl<'a> MachOFile<'a> { let (_, lid) = self.linkeditdata_command()(command_data)?; self.code_signature_data = Some(lid); } + LC_DYLD_INFO | LC_DYLD_INFO_ONLY => { + let (_, dyld_info) = + self.dyld_info_command()(command_data)?; + self.dyld_info = Some(dyld_info); + } _ => {} } @@ -782,6 +791,51 @@ impl<'a> MachOFile<'a> { } } + /// Parser that parses LC_DYLD_INFO_ONLY and LC_DYLD_INFO commands + fn dyld_info_command( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], DyldInfo> + '_ { + map( + tuple(( + u32(self.endianness), // rebase_off + u32(self.endianness), // rebase_size + u32(self.endianness), // bind_off + u32(self.endianness), // bind_size + u32(self.endianness), // weak_bind_off + u32(self.endianness), // weak_bind_size + u32(self.endianness), // lazy_bind_off + u32(self.endianness), // lazy_bind_size + u32(self.endianness), // export_off + u32(self.endianness), // export_size + )), + |( + rebase_off, + rebase_size, + bind_off, + bind_size, + weak_bind_off, + weak_bind_size, + lazy_bind_off, + lazy_bind_size, + export_off, + export_size, + )| { + DyldInfo { + rebase_off, + rebase_size, + bind_off, + bind_size, + weak_bind_off, + weak_bind_size, + lazy_bind_off, + lazy_bind_size, + export_off, + export_size, + } + }, + ) + } + /// Parser that parses a LC_ID_DYLINKER, LC_LOAD_DYLINKER or /// LC_DYLD_ENVIRONMENT command. fn dylinker_command( @@ -1085,6 +1139,19 @@ struct Dysymtab { nlocrel: u32, } +struct DyldInfo { + rebase_off: u32, + rebase_size: u32, + bind_off: u32, + bind_size: u32, + weak_bind_off: u32, + weak_bind_size: u32, + lazy_bind_off: u32, + lazy_bind_size: u32, + export_off: u32, + export_size: u32, +} + /// Parser that reads a 32-bits or 64-bits fn uint( endianness: Endianness, @@ -1155,6 +1222,10 @@ impl From> for protos::macho::Macho { result.certificates = MessageField::some(cert_data.into()); } + if let Some(dyld_info) = &m.dyld_info { + result.dyld_info = MessageField::some(dyld_info.into()); + }; + result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); result @@ -1202,6 +1273,10 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.certificates = MessageField::some(cert_data.into()); } + if let Some(dyld_info) = &macho.dyld_info { + result.dyld_info = MessageField::some(dyld_info.into()); + }; + result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); @@ -1318,3 +1393,20 @@ impl From<&Certificates> for protos::macho::Certificates { result } } + +impl From<&DyldInfo> for protos::macho::DyldInfo { + fn from(dyld_info: &DyldInfo) -> Self { + let mut result = protos::macho::DyldInfo::new(); + result.set_rebase_off(dyld_info.rebase_off); + result.set_rebase_size(dyld_info.rebase_size); + result.set_bind_off(dyld_info.bind_off); + result.set_bind_size(dyld_info.bind_size); + result.set_weak_bind_off(dyld_info.weak_bind_off); + result.set_weak_bind_size(dyld_info.weak_bind_size); + result.set_lazy_bind_off(dyld_info.lazy_bind_off); + result.set_lazy_bind_size(dyld_info.lazy_bind_size); + result.set_export_off(dyld_info.export_off); + result.set_export_size(dyld_info.export_size); + result + } +} diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index 88ace2af4..0f5eef60a 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -267,6 +267,17 @@ dylibs: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1252.0.0" +dyld_info: + rebase_off: 28672 + rebase_size: 8 + bind_off: 28680 + bind_size: 624 + weak_bind_off: 29304 + weak_bind_size: 48 + lazy_bind_off: 29352 + lazy_bind_size: 2464 + export_off: 31816 + export_size: 2448 certificates: common_names: - "Developer ID Certification Authority" diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index ce8e3011c..2fab43961 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -210,6 +210,17 @@ file: nextrel: 8 locreloff: 0 nlocrel: 0 + dyld_info: + rebase_off: 32768 + rebase_size: 8 + bind_off: 32776 + bind_size: 24 + weak_bind_off: 0 + weak_bind_size: 0 + lazy_bind_off: 32800 + lazy_bind_size: 72 + export_off: 32872 + export_size: 112 - magic: 0xcffaedfe cputype: 0x100000c cpusubtype: 0x0 diff --git a/yara-x/src/modules/macho/tests/testdata/chess.out b/yara-x/src/modules/macho/tests/testdata/chess.out index c173cf8a4..ed0434665 100644 --- a/yara-x/src/modules/macho/tests/testdata/chess.out +++ b/yara-x/src/modules/macho/tests/testdata/chess.out @@ -489,6 +489,17 @@ dylibs: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1.0.0" +dyld_info: + rebase_off: 253952 + rebase_size: 1312 + bind_off: 255264 + bind_size: 4104 + weak_bind_off: 259368 + weak_bind_size: 48 + lazy_bind_off: 259416 + lazy_bind_size: 4040 + export_off: 263456 + export_size: 32 entitlements: - "com.apple.developer.game-center" - "com.apple.private.tcc.allow" diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out index d9e3c5f80..54263eb0f 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out @@ -89,4 +89,15 @@ dylibs: - name: "/usr/lib/libSystem.B.dylib" timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" - current_version: "1213.0.0" \ No newline at end of file + current_version: "1213.0.0" +dyld_info: + rebase_off: 0 + rebase_size: 0 + bind_off: 0 + bind_size: 0 + weak_bind_off: 0 + weak_bind_size: 0 + lazy_bind_off: 0 + lazy_bind_size: 0 + export_off: 4096 + export_size: 24 \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out index 62ae12055..088708b7d 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out @@ -148,5 +148,16 @@ dylibs: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1213.0.0" +dyld_info: + rebase_off: 8192 + rebase_size: 16 + bind_off: 8208 + bind_size: 24 + weak_bind_off: 0 + weak_bind_size: 0 + lazy_bind_off: 8232 + lazy_bind_size: 28 + export_off: 8260 + export_size: 44 rpaths: - "@loader_path/../Frameworks" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out index 09f2b9845..960d8a5d1 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out @@ -164,6 +164,17 @@ file: nextrel: 6 locreloff: 0 nlocrel: 0 + dyld_info: + rebase_off: 8192 + rebase_size: 16 + bind_off: 8208 + bind_size: 24 + weak_bind_off: 0 + weak_bind_size: 0 + lazy_bind_off: 8232 + lazy_bind_size: 28 + export_off: 8260 + export_size: 60 - magic: 0xcffaedfe cputype: 0x1000007 cpusubtype: 0x80000003 @@ -333,4 +344,15 @@ file: extreloff: 8448 nextrel: 6 locreloff: 0 - nlocrel: 0 \ No newline at end of file + nlocrel: 0 + dyld_info: + rebase_off: 8192 + rebase_size: 8 + bind_off: 8200 + bind_size: 24 + weak_bind_off: 0 + weak_bind_size: 0 + lazy_bind_off: 8224 + lazy_bind_size: 32 + export_off: 8256 + export_size: 64 \ No newline at end of file diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index c5b90f75b..106c271a5 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -27,6 +27,19 @@ message Dylib { optional string current_version = 4; } +message DyldInfo { + optional uint32 rebase_off = 1; + optional uint32 rebase_size = 2; + optional uint32 bind_off = 3; + optional uint32 bind_size = 4; + optional uint32 weak_bind_off = 5; + optional uint32 weak_bind_size = 6; + optional uint32 lazy_bind_off = 7; + optional uint32 lazy_bind_size = 8; + optional uint32 export_off = 9; + optional uint32 export_size = 10; +} + message Dysymtab { optional uint32 ilocalsym = 3; optional uint32 nlocalsym = 4; @@ -104,8 +117,9 @@ message File { repeated bytes rpaths = 16; repeated string entitlements = 17; optional Dysymtab dysymtab = 18; - optional LinkedItData code_signature_data = 19; - optional Certificates certificates = 20; + optional DyldInfo dyld_info = 19; + optional LinkedItData code_signature_data = 20; + optional Certificates certificates = 21; } message Macho { @@ -127,17 +141,18 @@ message Macho { optional LinkedItData code_signature_data = 15; repeated Segment segments = 16; repeated Dylib dylibs = 17; - repeated bytes rpaths = 18; - repeated string entitlements = 19; - optional Certificates certificates = 20; + optional DyldInfo dyld_info = 18; + repeated bytes rpaths = 19; + repeated string entitlements = 20; + optional Certificates certificates = 21; // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 21 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 22; - repeated FatArch fat_arch = 23; + optional uint32 fat_magic = 22 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 23; + repeated FatArch fat_arch = 24; // Nested Mach-O files - repeated File file = 24; + repeated File file = 25; } enum HEADER { From 4438990acb1d29337fcb5c36bdaee3a3eeb7dca1 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Mon, 5 Feb 2024 21:09:43 -0600 Subject: [PATCH 07/14] feat: implement lc_symtab parsing for mach-o --- yara-x/src/modules/macho/parser.rs | 53 +++++++++++++++++++ ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 5 ++ ...a6dafb2bb8114803e8b26c0652ce4afccb94e1.out | 5 ++ ...b53a00bae94f868ce65a3352177dd6a75797ff.out | 5 ++ ...79fa394e400276ef05b93daa78717daffcd803.out | 5 ++ ...1543c8beebeb768e712bd3b754b5cd3e151356.out | 5 ++ ...422cb8cd171119a7bf7a329ae18e5b34cdb85f.out | 5 ++ ...18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 10 ++++ .../modules/macho/tests/testdata/chess.out | 5 ++ ...d329a5bf085619bbde2c4146b0cc00ebad21c8.out | 5 ++ .../macho/tests/testdata/macho_ppc_file.out | 5 ++ .../testdata/macho_x86_64_dylib_file.out | 5 ++ .../macho/tests/testdata/macho_x86_file.out | 5 ++ .../tests/testdata/macho_x86_object_file.out | 5 ++ .../macho/tests/testdata/tiny_universal.out | 10 ++++ yara-x/src/modules/protos/macho.proto | 41 ++++++++------ 16 files changed, 158 insertions(+), 16 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index d007b60d6..155520b47 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -41,6 +41,7 @@ const LC_REQ_DYLD: u32 = 0x80000000; /// Mach-O load commands const LC_SEGMENT: u32 = 0x00000001; +const LC_SYMTAB: u32 = 0x00000002; const LC_UNIXTHREAD: u32 = 0x00000005; const LC_DYSYMTAB: u32 = 0x0000000b; const LC_LOAD_DYLIB: u32 = 0x0000000c; @@ -249,6 +250,7 @@ impl<'a> MachO<'a> { segments: Vec::new(), dylibs: Vec::new(), rpaths: Vec::new(), + symtab: None, dysymtab: None, dynamic_linker: None, dyld_info: None, @@ -311,6 +313,7 @@ pub struct MachOFile<'a> { header: MachOHeader, segments: Vec>, dylibs: Vec>, + symtab: Option, dysymtab: Option, dyld_info: Option, dynamic_linker: Option<&'a [u8]>, @@ -450,6 +453,10 @@ impl<'a> MachOFile<'a> { let (_, dylinker) = self.dylinker_command()(command_data)?; self.dynamic_linker = Some(dylinker); } + LC_SYMTAB => { + let (_, symtab) = self.symtab_command()(command_data)?; + self.symtab = Some(symtab); + } LC_DYSYMTAB => { let (_, dysymtab) = self.dysymtab_command()(command_data)?; self.dysymtab = Some(dysymtab); @@ -587,6 +594,26 @@ impl<'a> MachOFile<'a> { } } + /// Parser that parses a LC_DYSYMTAB command. + fn symtab_command( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], Symtab> + '_ { + map( + tuple(( + u32(self.endianness), // symoff + u32(self.endianness), // nsyms + u32(self.endianness), // stroff + u32(self.endianness), // strsize + )), + |(symoff, nsyms, stroff, strsize)| Symtab { + symoff, + nsyms, + stroff, + strsize, + }, + ) + } + /// Parser that parses a LC_DYSYMTAB command. fn dysymtab_command( &self, @@ -1120,6 +1147,13 @@ struct LinkedItData { datasize: u32, } +struct Symtab { + symoff: u32, + nsyms: u32, + stroff: u32, + strsize: u32, +} + struct Dysymtab { ilocalsym: u32, nlocalsym: u32, @@ -1209,6 +1243,10 @@ impl From> for protos::macho::Macho { result.source_version = m.source_version.to_owned(); result.dynamic_linker = m.dynamic_linker.map(|dl| dl.into()); + if let Some(symtab) = &m.symtab { + result.symtab = MessageField::some(symtab.into()); + } + if let Some(dysymtab) = &m.dysymtab { result.dysymtab = MessageField::some(dysymtab.into()); } @@ -1261,6 +1299,10 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.source_version = macho.source_version.to_owned(); result.dynamic_linker = macho.dynamic_linker.map(|dl| dl.into()); + if let Some(symtab) = &macho.symtab { + result.symtab = MessageField::some(symtab.into()); + } + if let Some(dysymtab) = &macho.dysymtab { result.dysymtab = MessageField::some(dysymtab.into()); } @@ -1353,6 +1395,17 @@ impl From<&Dylib<'_>> for protos::macho::Dylib { } } +impl From<&Symtab> for protos::macho::Symtab { + fn from(symtab: &Symtab) -> Self { + let mut result = protos::macho::Symtab::new(); + result.set_symoff(symtab.symoff); + result.set_nsyms(symtab.nsyms); + result.set_stroff(symtab.stroff); + result.set_strsize(symtab.strsize); + result + } +} + impl From<&Dysymtab> for protos::macho::Dysymtab { fn from(dysymtab: &Dysymtab) -> Self { let mut result = protos::macho::Dysymtab::new(); diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index 0f5eef60a..d2d4b6799 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -8,6 +8,11 @@ flags: 0x18085 reserved: 0 number_of_segments: 3 source_version: "0.0.0.0.0" +symtab: + symoff: 34352 + nsyms: 166 + stroff: 37600 + strsize: 5864 dysymtab: ilocalsym: 0 nlocalsym: 40 diff --git a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out index f8f0da3ad..fcfc8a3f7 100644 --- a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out +++ b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out @@ -8,6 +8,11 @@ flags: 0x1000085 number_of_segments: 4 dynamic_linker: "/usr/lib/dyld" entry_point: 2752 +symtab: + symoff: 12316 + nsyms: 54 + stroff: 13344 + strsize: 760 dysymtab: ilocalsym: 0 nlocalsym: 1 diff --git a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out index ef30a53e0..e97b91e49 100644 --- a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out +++ b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out @@ -8,6 +8,11 @@ flags: 0x85 number_of_segments: 5 dynamic_linker: "/usr/lib/dyld" entry_point: 3092 +symtab: + symoff: 20480 + nsyms: 254 + stroff: 23860 + strsize: 5268 dysymtab: ilocalsym: 0 nlocalsym: 177 diff --git a/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out b/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out index 071411ebb..3b00fbf3a 100644 --- a/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out +++ b/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out @@ -6,6 +6,11 @@ ncmds: 4 sizeofcmds: 652 flags: 0x2000 number_of_segments: 1 +symtab: + symoff: 3540 + nsyms: 25 + stroff: 3840 + strsize: 496 dysymtab: ilocalsym: 0 nlocalsym: 3 diff --git a/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out index 62b3adab4..b24a3a1a8 100644 --- a/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out +++ b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out @@ -7,6 +7,11 @@ sizeofcmds: 536 flags: 0x2001 number_of_segments: 4 entry_point: 3476 +symtab: + symoff: 16384 + nsyms: 4 + stroff: 16432 + strsize: 40 segments: - segname: "__PAGEZERO" vmaddr: 0x0 diff --git a/yara-x/src/modules/macho/tests/testdata/94b2f690c776c4d847845be21b422cb8cd171119a7bf7a329ae18e5b34cdb85f.out b/yara-x/src/modules/macho/tests/testdata/94b2f690c776c4d847845be21b422cb8cd171119a7bf7a329ae18e5b34cdb85f.out index 6d61f2b6e..715be75b2 100644 --- a/yara-x/src/modules/macho/tests/testdata/94b2f690c776c4d847845be21b422cb8cd171119a7bf7a329ae18e5b34cdb85f.out +++ b/yara-x/src/modules/macho/tests/testdata/94b2f690c776c4d847845be21b422cb8cd171119a7bf7a329ae18e5b34cdb85f.out @@ -7,6 +7,11 @@ sizeofcmds: 928 flags: 0x1 number_of_segments: 4 entry_point: 3952 +symtab: + symoff: 40960 + nsyms: 3295 + stroff: 80500 + strsize: 46263 segments: - segname: "__PAGEZERO" vmaddr: 0x0 diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index 2fab43961..012ca00a8 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -193,6 +193,11 @@ file: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1311.120.1" + symtab: + symoff: 32992 + nsyms: 6 + stroff: 33120 + strsize: 112 dysymtab: ilocalsym: 0 nlocalsym: 1 @@ -330,6 +335,11 @@ file: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1311.120.1" + symtab: + symoff: 32944 + nsyms: 4 + stroff: 33024 + strsize: 88 dysymtab: ilocalsym: 0 nlocalsym: 1 diff --git a/yara-x/src/modules/macho/tests/testdata/chess.out b/yara-x/src/modules/macho/tests/testdata/chess.out index ed0434665..d1ab3133d 100644 --- a/yara-x/src/modules/macho/tests/testdata/chess.out +++ b/yara-x/src/modules/macho/tests/testdata/chess.out @@ -11,6 +11,11 @@ dynamic_linker: "/usr/lib/dyld" entry_point: 7904 stack_size: 0 source_version: "369.0.0.0.0" +symtab: + symoff: 264536 + nsyms: 308 + stroff: 271144 + strsize: 6000 dysymtab: ilocalsym: 0 nlocalsym: 1 diff --git a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out index 7ecbc278d..17480ac1f 100644 --- a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out +++ b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out @@ -7,6 +7,11 @@ sizeofcmds: 11416 flags: 0x2918085 reserved: 0 number_of_segments: 5 +symtab: + symoff: 19727320 + nsyms: 18093 + stroff: 20062220 + strsize: 950608 dysymtab: ilocalsym: 0 nlocalsym: 22 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out b/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out index bf22f456c..5976983b4 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_ppc_file.out @@ -8,6 +8,11 @@ flags: 0x85 number_of_segments: 4 dynamic_linker: "/usr/lib/dyld" entry_point: 3768 +symtab: + symoff: 65536 + nsyms: 2367 + stroff: 95048 + strsize: 16520 dysymtab: ilocalsym: 0 nlocalsym: 2170 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out index 54263eb0f..77a2f15d6 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out @@ -8,6 +8,11 @@ flags: 0x100085 reserved: 1 number_of_segments: 2 source_version: "0.0.0.0.0" +symtab: + symoff: 4152 + nsyms: 2 + stroff: 4184 + strsize: 40 dysymtab: ilocalsym: 0 nlocalsym: 0 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out index 088708b7d..e2ab75fe6 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out @@ -10,6 +10,11 @@ dynamic_linker: "/usr/lib/dyld" entry_point: 3728 stack_size: 0 source_version: "0.0.0.0.0" +symtab: + symoff: 8328 + nsyms: 5 + stroff: 8412 + strsize: 60 dysymtab: ilocalsym: 0 nlocalsym: 0 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out index 2072f0851..bab1b562d 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out @@ -6,6 +6,11 @@ ncmds: 3 sizeofcmds: 228 flags: 0x2000 number_of_segments: 1 +symtab: + symoff: 328 + nsyms: 1 + stroff: 340 + strsize: 16 dysymtab: ilocalsym: 0 nlocalsym: 0 diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out index 960d8a5d1..be9782c8c 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out @@ -147,6 +147,11 @@ file: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1213.0.0" + symtab: + symoff: 8344 + nsyms: 6 + stroff: 8440 + strsize: 72 dysymtab: ilocalsym: 0 nlocalsym: 0 @@ -328,6 +333,11 @@ file: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "1213.0.0" + symtab: + symoff: 8352 + nsyms: 6 + stroff: 8472 + strsize: 72 dysymtab: ilocalsym: 0 nlocalsym: 0 diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index 106c271a5..96dd4af1d 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -40,6 +40,13 @@ message DyldInfo { optional uint32 export_size = 10; } +message Symtab { + optional uint32 symoff = 1; + optional uint32 nsyms = 2; + optional uint32 stroff = 3; + optional uint32 strsize = 4; +} + message Dysymtab { optional uint32 ilocalsym = 3; optional uint32 nlocalsym = 4; @@ -116,10 +123,11 @@ message File { repeated Dylib dylibs = 15; repeated bytes rpaths = 16; repeated string entitlements = 17; - optional Dysymtab dysymtab = 18; - optional DyldInfo dyld_info = 19; - optional LinkedItData code_signature_data = 20; - optional Certificates certificates = 21; + optional Symtab symtab = 18; + optional Dysymtab dysymtab = 19; + optional DyldInfo dyld_info = 20; + optional LinkedItData code_signature_data = 21; + optional Certificates certificates = 22; } message Macho { @@ -137,22 +145,23 @@ message Macho { optional uint64 entry_point = 11; optional uint64 stack_size = 12; optional string source_version = 13; - optional Dysymtab dysymtab = 14; - optional LinkedItData code_signature_data = 15; - repeated Segment segments = 16; - repeated Dylib dylibs = 17; - optional DyldInfo dyld_info = 18; - repeated bytes rpaths = 19; - repeated string entitlements = 20; - optional Certificates certificates = 21; + optional Symtab symtab = 14; + optional Dysymtab dysymtab = 15; + optional LinkedItData code_signature_data = 16; + repeated Segment segments = 17; + repeated Dylib dylibs = 18; + optional DyldInfo dyld_info = 19; + repeated bytes rpaths = 20; + repeated string entitlements = 21; + optional Certificates certificates = 22; // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 22 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 23; - repeated FatArch fat_arch = 24; + optional uint32 fat_magic = 23 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 24; + repeated FatArch fat_arch = 25; // Nested Mach-O files - repeated File file = 25; + repeated File file = 26; } enum HEADER { From 11cf5822d14a16f99a01776a2cf20642ecd08d2e Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Mon, 5 Feb 2024 21:44:52 -0600 Subject: [PATCH 08/14] feat: implement lc_symtab table entries parsing for mach-o --- yara-x/src/modules/macho/parser.rs | 31 +- ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 167 ++++++++++ ...a6dafb2bb8114803e8b26c0652ce4afccb94e1.out | 55 ++++ ...b53a00bae94f868ce65a3352177dd6a75797ff.out | 159 +++++++++ ...79fa394e400276ef05b93daa78717daffcd803.out | 26 ++ ...1543c8beebeb768e712bd3b754b5cd3e151356.out | 5 + ...18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 12 + .../modules/macho/tests/testdata/chess.out | 309 ++++++++++++++++++ .../tests/testdata/macho_x86_object_file.out | 2 + .../macho/tests/testdata/tiny_universal.out | 14 + yara-x/src/modules/protos/macho.proto | 1 + 11 files changed, 777 insertions(+), 4 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 155520b47..afa805f72 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -284,6 +284,24 @@ impl<'a> MachO<'a> { } } + if let Some(ref mut symtab) = macho.symtab { + let str_offset = symtab.stroff as usize; + let str_end = symtab.strsize as usize; + + // We don't want the dyld_shared_cache ones for now + if str_offset < data.len() { + let string_table: &[u8] = + &data[str_offset..str_offset + str_end]; + let strings: Vec<&'a [u8]> = string_table + .split(|&c| c == b'\0') + .map(|line| BStr::new(line).trim_end_with(|c| c == '\0')) + .filter(|s| !s.trim().is_empty()) + .collect(); + + symtab.entries.extend(strings); + } + } + if let Some(entry_point_rva) = macho.entry_point_rva { macho.entry_point_offset = macho.rva_to_offset(entry_point_rva); } @@ -313,7 +331,7 @@ pub struct MachOFile<'a> { header: MachOHeader, segments: Vec>, dylibs: Vec>, - symtab: Option, + symtab: Option>, dysymtab: Option, dyld_info: Option, dynamic_linker: Option<&'a [u8]>, @@ -610,6 +628,7 @@ impl<'a> MachOFile<'a> { nsyms, stroff, strsize, + entries: Vec::new(), }, ) } @@ -1147,11 +1166,12 @@ struct LinkedItData { datasize: u32, } -struct Symtab { +struct Symtab<'a> { symoff: u32, nsyms: u32, stroff: u32, strsize: u32, + entries: Vec<&'a [u8]>, } struct Dysymtab { @@ -1395,14 +1415,17 @@ impl From<&Dylib<'_>> for protos::macho::Dylib { } } -impl From<&Symtab> for protos::macho::Symtab { - fn from(symtab: &Symtab) -> Self { +impl From<&Symtab<'_>> for protos::macho::Symtab { + fn from(symtab: &Symtab<'_>) -> Self { let mut result = protos::macho::Symtab::new(); result.set_symoff(symtab.symoff); result.set_nsyms(symtab.nsyms); result.set_stroff(symtab.stroff); result.set_strsize(symtab.strsize); result + .entries + .extend(symtab.entries.iter().map(|entry| entry.to_vec())); + result } } diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index d2d4b6799..4ba9bb90d 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -13,6 +13,173 @@ symtab: nsyms: 166 stroff: 37600 strsize: 5864 + entries: + - "_APF_Plugin_DisconnectingDataSource" + - "_APF_Plugin_Initialize" + - "_APF_Plugin_Terminate" + - "_APF_Plugin_Unload" + - "__Z10InitializeP15CAPF_PluginInfoP14PLUGINMEMBLOCK" + - "__Z14ACCT_GetJobLogPK15CAPF_DataSourcePPP17HarmonyAttributesRl" + - "__Z16ACCT_ClearJobLogPK15CAPF_DataSource" + - "__Z16CreateControlBarP8stCBInfoP20HarmonySessionHandle" + - "__Z16out_HarmonyAttrsRNSt3__113basic_ostreamIcNS_11char_traitsIcEEEEiP17HarmonyAttributes" + - "__Z17ACCT_GetJobLogXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z18ACCT_GetFirstIndexPK15CAPF_DataSourceRl" + - "__Z18AllocateStringCopyRPcRK8wxString" + - "__Z19ACCT_ClearJobLogXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z19ACCT_FreeStringListPP17HarmonyAttributesi" + - "__Z19ACCT_GetEventsExXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z19CBB_GetResmanEventsP15CAPF_DataSourcePFvP20HarmonyResourceEventPvES3_P15HarmonyNBTicket" + - "__Z19CBB_SetEFControlBarP15CAPF_DataSourceP15CAPF_PluginInfoPv" + - "__Z19CB_ImportControlBarP15CAPF_DataSourceP15CAPF_PluginInfoPv" + - "__Z20ACCT_GetJobLogLengthPK15CAPF_DataSourceRl" + - "__Z20CBB_DeleteControlBarP15CAPF_DataSourceRK8wxString" + - "__Z21ACCT_GetFirstIndexXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z21ACCT_GetJobLogPortionPK15CAPF_DataSourceRlS2_PPP17HarmonyAttributesS2_" + - "__Z21APF_ds2HarmonyHandlesPK15CAPF_DataSourcePP29harmonyDataSourceSpecificDataPP19HarmonyServerHandle" + - "__Z21APF_harmonyGetSessionP29harmonyDataSourceSpecificData22APF_harmonySessionType" + - "__Z21CBB_GetControlBarDataP15CAPF_DataSourceP15CAPF_PluginInfoPv" + - "__Z22ACCT_FreeStringListXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z22CBB_FreeControlBarDataP15CAPF_DataSourceP15CAPF_PluginInfoPv" + - "__Z23ACCT_GetJobLogLengthXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z23APF_ChkTicketOrTimedOutP15CAPF_DataSourceR15HarmonyNBTicketR13HarmonyResult" + - "__Z23GetFeatureSessionHandlePK15CAPF_DataSource22APF_harmonySessionTypePP20HarmonySessionHandle" + - "__Z24ACCT_GetJobLogPortionXMLP15CAPF_PluginInfoP14PLUGINMEMBLOCKP9VERSIONEXPv" + - "__Z24CBB_GetControlbarSupportP15CAPF_DataSourceP15CAPF_PluginInfoPv" + - "__Z25APF_H_GetLocalizedStringsP29harmonyDataSourceSpecificDataPPciS2_i" + - "__Z26APF_H_GetLocalizedStringNBP15CAPF_DataSourceR8wxStringS2_iS2_" + - "__Z36APF_H_GetLocalizedStringNB_AlternateP15CAPF_DataSourceR8wxStringS2_iS2_" + - "__ZlsRNSt3__113basic_ostreamIcNS_11char_traitsIcEEEEP17HarmonyAttributes" + - "_ACCT_clearJobLog" + - "_ACCT_getEventsEx" + - "_ACCT_getFirstIndex" + - "_ACCT_getJobLog" + - "_ACCT_getJobLogLength" + - "_ACCT_getJobLogPortionEx" + - "_ACCT_openSession" + - "_ATTR_openSession" + - "_AUTH_openSession" + - "_FONT_openSession" + - "_FT_openSession" + - "_GA_openSession" + - "_GLOBOBJ_openSession" + - "_JOBM_openSession" + - "_LOCL_getStringWithContext" + - "_LOCL_getStringsWithContext" + - "_LP_openSession" + - "_MTX_openSession" + - "_NB_cancel_block_destroy" + - "_NB_checkTicket" + - "_NB_destroy" + - "_RESMAN_createResource" + - "_RESMAN_deleteResource" + - "_RESMAN_getEventsEx" + - "_RESMAN_getResourceTypes" + - "_RESMAN_getResourceWithSettingsInContainer" + - "_RESMAN_openSession" + - "__Unwind_Resume" + - "__Z10wxOnAssertPKciS0_S0_S0_" + - "__Z12wxMilliSleepm" + - "__Z19wxGet_wxConvUTF8Ptrv" + - "__Z20EFIAPF_ErrLogGen_MACPKclS0_S0_l" + - "__ZN11CAPF_ReqObj13GetInputParamERK8wxStringPPv" + - "__ZN11CAPF_ReqObj13GetInputParamERK8wxStringPl" + - "__ZN11CAPF_ReqObj13GetInputParamERK8wxStringRS0_" + - "__ZN11CAPF_ReqObj14SetOutputParamERK8wxStringPv" + - "__ZN11CAPF_ReqObj14SetOutputParamERK8wxStringl" + - "__ZN11CAPF_ReqObj20CAPF_ReqObj_CalleeExElPvP15CAPF_PluginInfo" + - "__ZN11CAPF_ReqObjD1Ev" + - "__ZN11wxStopWatch5StartEl" + - "__ZN12CAPF_Session9GetKeyIDAEPc" + - "__ZN8wxString10ConvertStrEPKcmRK8wxMBConv" + - "__ZN8wxString4TrimEb" + - "__ZN8wxString4nposE" + - "__ZN9wxPrivate18GetUntypedNullDataEv" + - "__ZNK11wxStopWatch11TimeInMicroEv" + - "__ZNK15CAPF_DataSource10getSessionEv" + - "__ZNK15CAPF_DataSource11getProtocolEv" + - "__ZNK15CAPF_DataSource14getDSWorkClassEi" + - "__ZNK8wxMBConv14DoConvertMB2WCEPKcm" + - "__ZNK8wxString6AsCharERK8wxMBConv" + - "__ZNK8wxString9CmpNoCaseERKS_" + - "__ZNKSt3__16locale9use_facetERNS0_2idE" + - "__ZNKSt3__18ios_base6getlocEv" + - "__ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6__initEPKwm" + - "__ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEE6assignEPKwm" + - "__ZNSt3__112basic_stringIwNS_11char_traitsIwEENS_9allocatorIwEEEaSERKS5_" + - "__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryC1ERS3_" + - "__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEE6sentryD1Ev" + - "__ZNSt3__113basic_ostreamIcNS_11char_traitsIcEEElsEi" + - "__ZNSt3__15ctypeIcE2idE" + - "__ZNSt3__16localeD1Ev" + - "__ZNSt3__18ios_base33__set_badbit_and_consider_rethrowEv" + - "__ZNSt3__18ios_base5clearEj" + - "__ZSt9terminatev" + - "__ZTV11CAPF_ReqObj" + - "__ZTV12wxMBConvUTF8" + - "__ZdlPv" + - "__Znwm" + - "___bzero" + - "___cxa_begin_catch" + - "___cxa_end_catch" + - "___gxx_personality_v0" + - "_calloc" + - "_free" + - "_freeHarmonyAttributes" + - "_freeStringList" + - "_global_lpAPFInfo" + - "_harmony_calloc" + - "_harmony_free" + - "_harmony_malloc" + - "_memset" + - "_strcpy" + - "_strlen" + - "_wcslen" + - "_wxConvUTF8Ptr" + - "_wxEmptyString" + - "_wxTheAssertHandler" + - "_wxTrapInAssert" + - "dyld_stub_binder" + - "___clang_call_terminate" + - "__ZNK8wxString9AsCharBufERK8wxMBConv" + - "__ZN22wxScopedCharTypeBufferIcE14CreateNonOwnedEPKcm" + - "__ZN8wxStringC2ERK22wxScopedCharTypeBufferIwE" + - "__ZN8wxString7ImplStrEPKwm" + - "__ZN8wxString17SubstrBufFromTypeIPKwEC2ERKS2_m" + - "__ZN22wxScopedCharTypeBufferIwED2Ev" + - "__ZN22wxScopedCharTypeBufferIwE6DecRefEv" + - "__ZN22wxScopedCharTypeBufferIcED2Ev" + - "__ZN22wxScopedCharTypeBufferIcE6DecRefEv" + - "__ZN8wxStringC2EPKcRK8wxMBConv" + - "__ZN8wxString7ImplStrEPKcRK8wxMBConv" + - "__ZNSt3__124__put_character_sequenceIcNS_11char_traitsIcEEEERNS_13basic_ostreamIT_T0_EES7_PKS4_m" + - "__ZNSt3__116__pad_and_outputIcNS_11char_traitsIcEEEENS_19ostreambuf_iteratorIT_T0_EES6_PKS4_S8_S8_RNS_8ios_baseES4_" + - "GCC_except_table1" + - "GCC_except_table2" + - "GCC_except_table3" + - "GCC_except_table5" + - "GCC_except_table6" + - "GCC_except_table7" + - "GCC_except_table8" + - "GCC_except_table11" + - "GCC_except_table12" + - "GCC_except_table15" + - "GCC_except_table17" + - "GCC_except_table0" + - "GCC_except_table1" + - "GCC_except_table2" + - "GCC_except_table3" + - "GCC_except_table4" + - "GCC_except_table5" + - "GCC_except_table6" + - "GCC_except_table7" + - "GCC_except_table5" + - "GCC_except_table6" + - "GCC_except_table10" + - "GCC_except_table11" + - "GCC_except_table14" + - "GCC_except_table15" + - "__ZL12openSessions" dysymtab: ilocalsym: 0 nlocalsym: 40 diff --git a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out index fcfc8a3f7..6a37081d3 100644 --- a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out +++ b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out @@ -13,6 +13,61 @@ symtab: nsyms: 54 stroff: 13344 strsize: 760 + entries: + - "_NXArgc" + - "_NXArgv" + - "___progname" + - "__mh_execute_header" + - "_environ" + - "start" + - "_CFBundleCopyExecutableURL" + - "_CFBundleGetIdentifier" + - "_CFBundleGetInfoDictionary" + - "_CFBundleGetMainBundle" + - "_CFDictionarySetValue" + - "_CFRelease" + - "_CFRetain" + - "_CFURLGetFileSystemRepresentation" + - "_GetCurrentProcess" + - "_NSAddImage" + - "_NSAddressOfSymbol" + - "_NSIsSymbolNameDefined" + - "_NSLinkEditError" + - "_NSLookupAndBindSymbol" + - "_NSLookupSymbolInImage" + - "___CFConstantStringClassReference" + - "___stderrp" + - "_close$UNIX2003" + - "_exit" + - "_fclose" + - "_fcntl$UNIX2003" + - "_fgets" + - "_fopen" + - "_fprintf" + - "_free" + - "_fstat" + - "_getenv" + - "_getrusage" + - "_gettimeofday" + - "_memset" + - "_mmap$UNIX2003" + - "_munmap$UNIX2003" + - "_open$UNIX2003" + - "_putenv$UNIX2003" + - "_realpath$DARWIN_EXTSN" + - "_snprintf" + - "_sprintf" + - "_strcasecmp" + - "_strchr" + - "_strcmp" + - "_strdup" + - "_strlen" + - "_strpbrk" + - "_strrchr" + - "_strtol" + - "_sysctl" + - "_vfprintf" + - "radr://5614542" dysymtab: ilocalsym: 0 nlocalsym: 1 diff --git a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out index e97b91e49..8fac1eb62 100644 --- a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out +++ b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out @@ -13,6 +13,165 @@ symtab: nsyms: 254 stroff: 23860 strsize: 5268 + entries: + - "__start" + - "dyld_stub_binding_helper" + - "__dyld_func_lookup" + - "_main" + - "-[KGCustomMainWindow initWithContentRect:styleMask:backing:defer:]" + - "-[KGCustomMainWindow canBecomeKeyWindow]" + - "-[KGCustomMainWindow mouseDragged:]" + - "-[KGCustomMainWindow mouseDown:]" + - "-[KGCustomMainWindowView awakeFromNib]" + - "-[KGCustomMainWindowView drawRect:]" + - "-[KGCustomFieldClass awakeFromNib]" + - "-[KGCustomFieldClass drawRect:]" + - "-[KGCustomFieldClass mouseDown:]" + - "-[KGCustomFieldClass mouseUp:]" + - "-[KGCustomFieldClass _remote_mouseDown]" + - "-[KGCustomFieldClass _remote_mouseUp]" + - "-[KGCustomLabel mouseDown:]" + - "-[KGCustomLabel mouseUp:]" + - "-[KGWindowsController awakeFromNib]" + - "-[KGWindowsController exit:]" + - "+[KGCustButton cellClass]" + - "-[KGCustButton initWithCoder:]" + - "-[KGCustButtonView mouseEntered:]" + - "-[KGCustButtonView drawWithFrame:inView:]" + - "-[KGSerialNumberGenerator init]" + - "-[KGSerialNumberGenerator awakeFromNib]" + - "-[KGSerialNumberGenerator createSerial:]" + - "-[KGSerialNumberGenerator generationComplete]" + - "-[KGSerialNumberGenerator copyToCB:]" + - "saveFP" + - "restFP" + - "_pointer_to__darwin_gcc3_preregister_frame_info" + - "_mouseIsHovering" + - "_generationComplete" + - ".objc_class_name_KGCustButton" + - ".objc_class_name_KGCustButtonView" + - ".objc_class_name_KGCustomFieldClass" + - ".objc_class_name_KGCustomLabel" + - ".objc_class_name_KGCustomMainWindow" + - ".objc_class_name_KGCustomMainWindowView" + - ".objc_class_name_KGSerialNumberGenerator" + - ".objc_class_name_KGWindowsController" + - "_NXArgc" + - "_NXArgv" + - "___darwin_gcc3_preregister_frame_info" + - "___progname" + - "__mh_execute_header" + - "_catch_exception_raise" + - "_catch_exception_raise_state" + - "_catch_exception_raise_state_identity" + - "_clock_alarm_reply" + - "_do_mach_notify_dead_name" + - "_do_mach_notify_no_senders" + - "_do_mach_notify_port_deleted" + - "_do_mach_notify_send_once" + - "_do_seqnos_mach_notify_dead_name" + - "_do_seqnos_mach_notify_no_senders" + - "_do_seqnos_mach_notify_port_deleted" + - "_do_seqnos_mach_notify_send_once" + - "_environ" + - "_receive_samples" + - "start" + - ".objc_class_name_NSArray" + - ".objc_class_name_NSAutoreleasePool" + - ".objc_class_name_NSBundle" + - ".objc_class_name_NSButton" + - ".objc_class_name_NSButtonCell" + - ".objc_class_name_NSColor" + - ".objc_class_name_NSImage" + - ".objc_class_name_NSKeyedUnarchiver" + - ".objc_class_name_NSMutableAttributedString" + - ".objc_class_name_NSMutableDictionary" + - ".objc_class_name_NSObject" + - ".objc_class_name_NSPasteboard" + - ".objc_class_name_NSScreen" + - ".objc_class_name_NSString" + - ".objc_class_name_NSTextField" + - ".objc_class_name_NSView" + - ".objc_class_name_NSWindow" + - "_AbsoluteToNanoseconds" + - "_BASSMOD_Free" + - "_BASSMOD_Init" + - "_BASSMOD_MusicLoad" + - "_BASSMOD_MusicPlay" + - "_BASSMOD_SetVolume" + - "_CGWindowLevelForKey" + - "_NSApp" + - "_NSAppKitVersionNumber" + - "_NSApplicationMain" + - "_NSForegroundColorAttributeName" + - "_NSLog" + - "_NSRectFill" + - "_NSStringPboardType" + - "_NSZeroPoint" + - "_UpTime" + - "___CFConstantStringClassReference" + - "___keymgr_dwarf2_register_sections" + - "___sF" + - "__cthread_init_routine" + - "_atexit" + - "_clock" + - "_errno" + - "_exit" + - "_floor" + - "_fwrite" + - "_mach_init_routine" + - "_objc_msgSendSuper" + - "_objc_msgSend_stret" + - "_random" + - "_srandom" + - "_strdup" + - "/__templates/InPaint/main.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/main.o" + - "_main" + - "/__templates/InPaint/gui source/KGCustomMainWindow.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGCustomMainWindow.o" + - "-[KGCustomMainWindow initWithContentRect:styleMask:backing:defer:]" + - "-[KGCustomMainWindow canBecomeKeyWindow]" + - "-[KGCustomMainWindow mouseDragged:]" + - "-[KGCustomMainWindow mouseDown:]" + - "/__templates/InPaint/gui source/KGCustomMainWindowView.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGCustomMainWindowView.o" + - "-[KGCustomMainWindowView awakeFromNib]" + - "-[KGCustomMainWindowView drawRect:]" + - "/__templates/InPaint/gui source/KGCustomFieldClass.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGCustomFieldClass.o" + - "-[KGCustomFieldClass awakeFromNib]" + - "-[KGCustomFieldClass drawRect:]" + - "-[KGCustomFieldClass mouseDown:]" + - "-[KGCustomFieldClass mouseUp:]" + - "-[KGCustomFieldClass _remote_mouseDown]" + - "-[KGCustomFieldClass _remote_mouseUp]" + - "/__templates/InPaint/gui source/KGCustomLabel.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGCustomLabel.o" + - "-[KGCustomLabel mouseDown:]" + - "-[KGCustomLabel mouseUp:]" + - "/__templates/InPaint/gui source/KGWindowsController.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGWindowsController.o" + - "-[KGWindowsController awakeFromNib]" + - "/Developer/SDKs/MacOSX10.4u.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSGeometry.h" + - "-[KGWindowsController exit:]" + - "/__templates/InPaint/gui source/KGCustButton.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGCustButton.o" + - "+[KGCustButton cellClass]" + - "-[KGCustButton initWithCoder:]" + - "/__templates/InPaint/gui source/KGCustButtonView.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGCustButtonView.o" + - "-[KGCustButtonView mouseEntered:]" + - "-[KGCustButtonView drawWithFrame:inView:]" + - "_mouseIsHovering" + - "/__templates/InPaint/KGSerialNumberGenerator.m" + - "/__templates/InPaint/build/CORE KG 1.build/Release/CORE Keygen.build/Objects-normal/ppc/KGSerialNumberGenerator.o" + - "-[KGSerialNumberGenerator init]" + - "-[KGSerialNumberGenerator awakeFromNib]" + - "-[KGSerialNumberGenerator createSerial:]" + - "-[KGSerialNumberGenerator generationComplete]" + - "-[KGSerialNumberGenerator copyToCB:]" + - "_generationComplete" dysymtab: ilocalsym: 0 nlocalsym: 177 diff --git a/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out b/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out index 3b00fbf3a..bd9251080 100644 --- a/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out +++ b/yara-x/src/modules/macho/tests/testdata/5fad2944f6d9e36f6dc21ad3ea79fa394e400276ef05b93daa78717daffcd803.out @@ -11,6 +11,32 @@ symtab: nsyms: 25 stroff: 3840 strsize: 496 + entries: + - "_png_set_bgr" + - "_png_set_swap" + - "_png_set_packing" + - "_png_set_packswap" + - "_png_set_shift" + - "_png_set_interlace_handling" + - "_png_set_filler" + - "_png_app_error" + - "_png_set_add_alpha" + - "_png_set_swap_alpha" + - "_png_set_invert_alpha" + - "_png_set_invert_mono" + - "_png_do_invert" + - "_png_do_swap" + - "_png_do_packswap" + - "_png_do_strip_channel" + - "_png_do_bgr" + - "_png_do_check_palette_indexes" + - "_png_set_user_transform_info" + - "_png_get_user_transform_ptr" + - "_png_get_current_row_number" + - "_png_get_current_pass_number" + - "_fourbppswaptable" + - "_onebppswaptable" + - "_twobppswaptable" dysymtab: ilocalsym: 0 nlocalsym: 3 diff --git a/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out index b24a3a1a8..862297dcb 100644 --- a/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out +++ b/yara-x/src/modules/macho/tests/testdata/8962a76d0aeaee3326cf840de11543c8beebeb768e712bd3b754b5cd3e151356.out @@ -12,6 +12,11 @@ symtab: nsyms: 4 stroff: 16432 strsize: 40 + entries: + - "__start" + - "_comment" + - "_shellcode" + - "_.str" segments: - segname: "__PAGEZERO" vmaddr: 0x0 diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index 012ca00a8..c006622c0 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -198,6 +198,13 @@ file: nsyms: 6 stroff: 33120 strsize: 112 + entries: + - "__mh_execute_header" + - "_CallComponentDispatch" + - "_OpenDefaultComponent" + - "_exit" + - "dyld_stub_binder" + - "radr://5614542" dysymtab: ilocalsym: 0 nlocalsym: 1 @@ -340,6 +347,11 @@ file: nsyms: 4 stroff: 33024 strsize: 88 + entries: + - "__mh_execute_header" + - "_CallComponentDispatch" + - "_OpenDefaultComponent" + - "radr://5614542" dysymtab: ilocalsym: 0 nlocalsym: 1 diff --git a/yara-x/src/modules/macho/tests/testdata/chess.out b/yara-x/src/modules/macho/tests/testdata/chess.out index d1ab3133d..0fd14016a 100644 --- a/yara-x/src/modules/macho/tests/testdata/chess.out +++ b/yara-x/src/modules/macho/tests/testdata/chess.out @@ -16,6 +16,315 @@ symtab: nsyms: 308 stroff: 271144 strsize: 6000 + entries: + - "__mh_execute_header" + - "_AEGetParamPtr" + - "_AEInstallEventHandler" + - "_CFRelease" + - "_CGBitmapContextCreate" + - "_CGColorSpaceCreateDeviceRGB" + - "_CGColorSpaceRelease" + - "_CGContextClearRect" + - "_CGContextDrawImage" + - "_CGContextGetTextPosition" + - "_CGContextRelease" + - "_CGContextSelectFont" + - "_CGContextSetAlpha" + - "_CGContextSetShouldSubpixelQuantizeFonts" + - "_CGContextSetTextDrawingMode" + - "_CGContextShowTextAtPoint" + - "_CGImageGetHeight" + - "_CGImageGetWidth" + - "_CGImageRelease" + - "_CGImageSourceCreateImageAtIndex" + - "_CGImageSourceCreateWithURL" + - "_CGLDescribeRenderer" + - "_CGLQueryRendererInfo" + - "_GetCurrentProcess" + - "_NSAccessibilityActionDescription" + - "_NSAccessibilityButtonRole" + - "_NSAccessibilityChildrenAttribute" + - "_NSAccessibilityContentsAttribute" + - "_NSAccessibilityDescriptionAttribute" + - "_NSAccessibilityEnabledAttribute" + - "_NSAccessibilityFocusedAttribute" + - "_NSAccessibilityGroupRole" + - "_NSAccessibilityParentAttribute" + - "_NSAccessibilityPositionAttribute" + - "_NSAccessibilityPressAction" + - "_NSAccessibilityRoleAttribute" + - "_NSAccessibilityRoleDescription" + - "_NSAccessibilityRoleDescriptionAttribute" + - "_NSAccessibilitySelectedChildrenAttribute" + - "_NSAccessibilitySelectedChildrenChangedNotification" + - "_NSAccessibilitySelectedRowsChangedNotification" + - "_NSAccessibilitySizeAttribute" + - "_NSAccessibilityStaticTextRole" + - "_NSAccessibilityTitleAttribute" + - "_NSAccessibilityTopLevelUIElementAttribute" + - "_NSAccessibilityValueAttribute" + - "_NSAccessibilityWindowAttribute" + - "_NSApp" + - "_NSApplicationMain" + - "_NSBeep" + - "_NSCocoaErrorDomain" + - "_NSDefaultRunLoopMode" + - "_NSEventTrackingRunLoopMode" + - "_NSFullUserName" + - "_NSLocalizedDescriptionKey" + - "_NSLog" + - "_NSRectFill" + - "_NSVoiceDemoText" + - "_NSVoiceLocaleIdentifier" + - "_NSVoiceName" + - "_NSWindowWillCloseNotification" + - "_OBJC_CLASS_$_GKAchievement" + - "_OBJC_CLASS_$_GKDialogController" + - "_OBJC_CLASS_$_GKGameCenterViewController" + - "_OBJC_CLASS_$_GKLocalPlayer" + - "_OBJC_CLASS_$_GKMatchRequest" + - "_OBJC_CLASS_$_GKPlayer" + - "_OBJC_CLASS_$_GKTurnBasedMatch" + - "_OBJC_CLASS_$_GKTurnBasedMatchmakerViewController" + - "_OBJC_CLASS_$_NSAlert" + - "_OBJC_CLASS_$_NSAnimationContext" + - "_OBJC_CLASS_$_NSApplication" + - "_OBJC_CLASS_$_NSArray" + - "_OBJC_CLASS_$_NSAutoreleasePool" + - "_OBJC_CLASS_$_NSBundle" + - "_OBJC_CLASS_$_NSColor" + - "_OBJC_CLASS_$_NSCursor" + - "_OBJC_CLASS_$_NSData" + - "_OBJC_CLASS_$_NSDate" + - "_OBJC_CLASS_$_NSDictionary" + - "_OBJC_CLASS_$_NSDocument" + - "_OBJC_CLASS_$_NSDocumentController" + - "_OBJC_CLASS_$_NSError" + - "_OBJC_CLASS_$_NSEvent" + - "_OBJC_CLASS_$_NSFileHandle" + - "_OBJC_CLASS_$_NSFileManager" + - "_OBJC_CLASS_$_NSFont" + - "_OBJC_CLASS_$_NSImageView" + - "_OBJC_CLASS_$_NSInvocation" + - "_OBJC_CLASS_$_NSLocale" + - "_OBJC_CLASS_$_NSMutableArray" + - "_OBJC_CLASS_$_NSMutableDictionary" + - "_OBJC_CLASS_$_NSMutableString" + - "_OBJC_CLASS_$_NSNotification" + - "_OBJC_CLASS_$_NSNotificationCenter" + - "_OBJC_CLASS_$_NSNotificationQueue" + - "_OBJC_CLASS_$_NSNull" + - "_OBJC_CLASS_$_NSNumber" + - "_OBJC_CLASS_$_NSNumberFormatter" + - "_OBJC_CLASS_$_NSObject" + - "_OBJC_CLASS_$_NSOpenGLPixelFormat" + - "_OBJC_CLASS_$_NSOpenGLView" + - "_OBJC_CLASS_$_NSOperationQueue" + - "_OBJC_CLASS_$_NSPipe" + - "_OBJC_CLASS_$_NSPort" + - "_OBJC_CLASS_$_NSPortMessage" + - "_OBJC_CLASS_$_NSPropertyListSerialization" + - "_OBJC_CLASS_$_NSRegularExpression" + - "_OBJC_CLASS_$_NSRunLoop" + - "_OBJC_CLASS_$_NSScreen" + - "_OBJC_CLASS_$_NSSet" + - "_OBJC_CLASS_$_NSSpeechSynthesizer" + - "_OBJC_CLASS_$_NSString" + - "_OBJC_CLASS_$_NSTableView" + - "_OBJC_CLASS_$_NSTask" + - "_OBJC_CLASS_$_NSTextFieldCell" + - "_OBJC_CLASS_$_NSThread" + - "_OBJC_CLASS_$_NSTrackingArea" + - "_OBJC_CLASS_$_NSURL" + - "_OBJC_CLASS_$_NSUserDefaults" + - "_OBJC_CLASS_$_NSUserDefaultsController" + - "_OBJC_CLASS_$_NSValue" + - "_OBJC_CLASS_$_NSWindow" + - "_OBJC_CLASS_$_NSWindowController" + - "_OBJC_CLASS_$_NSWorkspace" + - "_OBJC_METACLASS_$_NSDocument" + - "_OBJC_METACLASS_$_NSImageView" + - "_OBJC_METACLASS_$_NSObject" + - "_OBJC_METACLASS_$_NSOpenGLView" + - "_OBJC_METACLASS_$_NSTableView" + - "_OBJC_METACLASS_$_NSTextFieldCell" + - "_OBJC_METACLASS_$_NSWindow" + - "_OBJC_METACLASS_$_NSWindowController" + - "_SCNetworkReachabilityCreateWithAddress" + - "_SCNetworkReachabilityGetFlags" + - "_SRAddLanguageObject" + - "_SRAddText" + - "_SRCloseRecognitionSystem" + - "_SRCountItems" + - "_SREmptyLanguageObject" + - "_SRGetIndexedItem" + - "_SRGetProperty" + - "_SRNewLanguageModel" + - "_SRNewPath" + - "_SRNewRecognizer" + - "_SROpenRecognitionSystem" + - "_SRReleaseObject" + - "_SRSetLanguageModel" + - "_SRSetProperty" + - "_SRStartListening" + - "_SRStopListening" + - "__Block_copy" + - "__Block_object_assign" + - "__Block_object_dispose" + - "__Block_release" + - "__DefaultRuneLocale" + - "__NSConcreteGlobalBlock" + - "__NSConcreteStackBlock" + - "__Unwind_Resume" + - "__ZdlPv" + - "__Znwm" + - "___CFConstantStringClassReference" + - "___bzero" + - "___cxa_guard_abort" + - "___cxa_guard_acquire" + - "___cxa_guard_release" + - "___error" + - "___gxx_personality_v0" + - "___maskrune" + - "___sincosf_stret" + - "___stack_chk_fail" + - "___stack_chk_guard" + - "___stderrp" + - "___stdinp" + - "___stdoutp" + - "___tolower" + - "___toupper" + - "__dispatch_main_q" + - "__objc_empty_cache" + - "_abort" + - "_arc4random" + - "_atan2f" + - "_atoi" + - "_calloc" + - "_creat" + - "_dispatch_after" + - "_dispatch_apply" + - "_dispatch_async" + - "_dispatch_get_global_queue" + - "_dispatch_once" + - "_dispatch_queue_create" + - "_dispatch_time" + - "_exit" + - "_fclose" + - "_fileno" + - "_fmodf" + - "_fopen" + - "_fprintf" + - "_fputc" + - "_fputs" + - "_free" + - "_funopen" + - "_fwrite" + - "_getenv" + - "_getrlimit" + - "_gettimeofday" + - "_glBegin" + - "_glBindTexture" + - "_glBlendFunc" + - "_glCallList" + - "_glClear" + - "_glClearColor" + - "_glColor3fv" + - "_glColor4f" + - "_glColor4fv" + - "_glColorMask" + - "_glCullFace" + - "_glDeleteTextures" + - "_glDepthMask" + - "_glDisable" + - "_glEnable" + - "_glEnd" + - "_glEndList" + - "_glFlush" + - "_glGenTextures" + - "_glGetDoublev" + - "_glGetFloatv" + - "_glGetIntegerv" + - "_glGetString" + - "_glHint" + - "_glLightModeli" + - "_glLightf" + - "_glLightfv" + - "_glLighti" + - "_glLoadIdentity" + - "_glMaterialf" + - "_glMaterialfv" + - "_glMatrixMode" + - "_glNewList" + - "_glNormal3f" + - "_glPixelStorei" + - "_glPopAttrib" + - "_glPopMatrix" + - "_glPushAttrib" + - "_glPushMatrix" + - "_glReadPixels" + - "_glRotatef" + - "_glScalef" + - "_glShadeModel" + - "_glStencilFunc" + - "_glStencilOp" + - "_glTexCoord2f" + - "_glTexEnvi" + - "_glTexParameterf" + - "_glTexParameteri" + - "_glTranslatef" + - "_glVertex3d" + - "_glVertex3f" + - "_glVertex3fv" + - "_glViewport" + - "_gluBuild2DMipmaps" + - "_gluCylinder" + - "_gluDeleteQuadric" + - "_gluDisk" + - "_gluLookAt" + - "_gluNewQuadric" + - "_gluOrtho2D" + - "_gluPartialDisk" + - "_gluPerspective" + - "_gluProject" + - "_gluQuadricNormals" + - "_gluQuadricOrientation" + - "_gluQuadricTexture" + - "_gluUnProject" + - "_hypotf" + - "_isatty" + - "_ldexpf" + - "_lroundf" + - "_malloc" + - "_memchr" + - "_memcpy" + - "_memset" + - "_objc_alloc" + - "_objc_autorelease" + - "_objc_enumerationMutation" + - "_objc_msgSend" + - "_objc_msgSendSuper2" + - "_objc_msgSend_stret" + - "_objc_release" + - "_objc_retain" + - "_objc_setProperty_nonatomic" + - "_pow" + - "_putenv" + - "_random" + - "_read" + - "_realloc" + - "_setrlimit" + - "_snprintf" + - "_srandom" + - "_strchr" + - "_strcspn" + - "_strlcpy" + - "_strlen" + - "_strspn" + - "_strstr" + - "_usleep" + - "dyld_stub_binder" + - "radr://5614542" dysymtab: ilocalsym: 0 nlocalsym: 1 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out index bab1b562d..6847a0c38 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_object_file.out @@ -11,6 +11,8 @@ symtab: nsyms: 1 stroff: 340 strsize: 16 + entries: + - "__Z9factoriali" dysymtab: ilocalsym: 0 nlocalsym: 0 diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out index be9782c8c..cdf86f59d 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out @@ -152,6 +152,13 @@ file: nsyms: 6 stroff: 8440 strsize: 72 + entries: + - "__mh_execute_header" + - "_factorial" + - "_main" + - "_printf" + - "_scanf" + - "dyld_stub_binder" dysymtab: ilocalsym: 0 nlocalsym: 0 @@ -338,6 +345,13 @@ file: nsyms: 6 stroff: 8472 strsize: 72 + entries: + - "__mh_execute_header" + - "_factorial" + - "_main" + - "_printf" + - "_scanf" + - "dyld_stub_binder" dysymtab: ilocalsym: 0 nlocalsym: 0 diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index 96dd4af1d..a304f7d96 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -45,6 +45,7 @@ message Symtab { optional uint32 nsyms = 2; optional uint32 stroff = 3; optional uint32 strsize = 4; + repeated bytes entries = 5; } message Dysymtab { From a64a72a3cdb6a6d0d02aa51f5de62f8e5c94219f Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Tue, 6 Feb 2024 19:55:10 -0700 Subject: [PATCH 09/14] feat: implement LC_UUID parsing for mach-o --- yara-x/src/modules/macho/parser.rs | 54 +++++++++++++++++++ ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 3 +- ...a6dafb2bb8114803e8b26c0652ce4afccb94e1.out | 3 +- ...b53a00bae94f868ce65a3352177dd6a75797ff.out | 3 +- ...18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 4 +- .../modules/macho/tests/testdata/chess.out | 3 +- ...d329a5bf085619bbde2c4146b0cc00ebad21c8.out | 3 +- .../testdata/macho_x86_64_dylib_file.out | 3 +- .../macho/tests/testdata/macho_x86_file.out | 3 +- .../macho/tests/testdata/tiny_universal.out | 4 +- yara-x/src/modules/protos/macho.proto | 10 ++-- 11 files changed, 80 insertions(+), 13 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index afa805f72..1d07c3b62 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -50,6 +50,7 @@ const LC_LOAD_DYLINKER: u32 = 0x0000000e; const LC_ID_DYLINKER: u32 = 0x0000000f; const LC_LOAD_WEAK_DYLIB: u32 = 0x18 | LC_REQ_DYLD; const LC_SEGMENT_64: u32 = 0x00000019; +const LC_UUID: u32 = 0x00000001b; const LC_RPATH: u32 = 0x1c | LC_REQ_DYLD; const LC_CODE_SIGNATURE: u32 = 0x0000001d; const LC_REEXPORT_DYLIB: u32 = 0x1f | LC_REQ_DYLD; @@ -261,6 +262,7 @@ impl<'a> MachO<'a> { code_signature_data: None, entitlements: Vec::new(), certificates: None, + uuid: None, }; for _ in 0..macho.header.ncmds as usize { @@ -337,6 +339,7 @@ pub struct MachOFile<'a> { dynamic_linker: Option<&'a [u8]>, source_version: Option, rpaths: Vec<&'a [u8]>, + uuid: Option<&'a [u8]>, code_signature_data: Option, entitlements: Vec, certificates: Option, @@ -488,6 +491,10 @@ impl<'a> MachOFile<'a> { self.dyld_info_command()(command_data)?; self.dyld_info = Some(dyld_info); } + LC_UUID => { + let (_, uuid) = self.uuid_command()(command_data)?; + self.uuid = Some(uuid); + } _ => {} } @@ -894,6 +901,17 @@ impl<'a> MachOFile<'a> { } } + /// Parser that parses a LC_UUID command. + fn uuid_command( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], &'a [u8]> + '_ { + move |input: &'a [u8]| { + let (_, uuid) = take(16usize)(input)?; + + Ok((&[], BStr::new(uuid).trim_end_with(|c| c == '\0'))) + } + } + /// Parser that parses a LC_SOURCE_VERSION command. fn source_version_command( &self, @@ -1284,6 +1302,24 @@ impl From> for protos::macho::Macho { result.dyld_info = MessageField::some(dyld_info.into()); }; + if let Some(uuid) = &m.uuid { + let mut uuid_str = String::new(); + + for (idx, c) in uuid.iter().enumerate() { + match idx { + 3 | 5 | 7 | 9 => { + uuid_str.push_str(format!("{:02X}", c).as_str()); + uuid_str.push('-'); + } + _ => { + uuid_str.push_str(format!("{:02X}", c).as_str()); + } + } + } + + result.uuid = Some(uuid_str.clone()); + } + result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); result @@ -1339,6 +1375,24 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.dyld_info = MessageField::some(dyld_info.into()); }; + if let Some(uuid) = &macho.uuid { + let mut uuid_str = String::new(); + + for (idx, c) in uuid.iter().enumerate() { + match idx { + 3 | 5 | 7 | 9 => { + uuid_str.push_str(format!("{:02X}", c).as_str()); + uuid_str.push('-'); + } + _ => { + uuid_str.push_str(format!("{:02X}", c).as_str()); + } + } + } + + result.uuid = Some(uuid_str.clone()); + } + result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index 4ba9bb90d..91028c885 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -456,4 +456,5 @@ certificates: - "Apple Root CA" - "Developer ID Application: EFI Inc (82PCFB3NFC)" signer_names: - - "CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" \ No newline at end of file + - "CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" +uuid: "B23FC3D5-BDF8-3056-930A-C93E0F547B78" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out index 6a37081d3..f37434371 100644 --- a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out +++ b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out @@ -314,4 +314,5 @@ dylibs: - name: "/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices" timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" - current_version: "38.0.0" \ No newline at end of file + current_version: "38.0.0" +uuid: "EF07AAD0-F2AB-34DF-940C-2965C1872F0C" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out index 8fac1eb62..1234f84c1 100644 --- a/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out +++ b/yara-x/src/modules/macho/tests/testdata/4d0725d5c506c7ec26be89ec12b53a00bae94f868ce65a3352177dd6a75797ff.out @@ -490,4 +490,5 @@ dylibs: - name: "/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit" timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "45.0.0" - current_version: "824.48.0" \ No newline at end of file + current_version: "824.48.0" +uuid: "E8EEF819-E139-DC6C-30B0-67A3792D3913" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index c006622c0..172c23b2c 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -233,6 +233,7 @@ file: lazy_bind_size: 72 export_off: 32872 export_size: 112 + uuid: "58E31296-DF6F-3EA8-BA92-40781CECDA18" - magic: 0xcffaedfe cputype: 0x100000c cpusubtype: 0x0 @@ -371,4 +372,5 @@ file: nlocrel: 0 code_signature_data: dataoff: 33120 - datasize: 408 \ No newline at end of file + datasize: 408 + uuid: "DDE8659B-7481-3A87-BF12-0DA778978AD8" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/chess.out b/yara-x/src/modules/macho/tests/testdata/chess.out index 0fd14016a..63351a991 100644 --- a/yara-x/src/modules/macho/tests/testdata/chess.out +++ b/yara-x/src/modules/macho/tests/testdata/chess.out @@ -827,4 +827,5 @@ certificates: - "Apple Root CA" - "Software Signing" signer_names: - - "CN=Apple Code Signing Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" \ No newline at end of file + - "CN=Apple Code Signing Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" +uuid: "18455A71-F835-3D0F-8F7C-215BF86BC7AF" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out index 17480ac1f..674b623bb 100644 --- a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out +++ b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out @@ -724,4 +724,5 @@ rpaths: - "/usr/lib/swift" - "@executable_path/Frameworks" - "@executable_path/Frameworks" - - "@loader_path/Frameworks" \ No newline at end of file + - "@loader_path/Frameworks" +uuid: "4C4C44DB-5555-3144-A11B-748AE9A63886" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out index 77a2f15d6..d88cdbe53 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out @@ -105,4 +105,5 @@ dyld_info: lazy_bind_off: 0 lazy_bind_size: 0 export_off: 4096 - export_size: 24 \ No newline at end of file + export_size: 24 +uuid: "8C904612-6253-3FA1-B8D2-D5829848A8FC" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out index e2ab75fe6..1b0a212ff 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out @@ -165,4 +165,5 @@ dyld_info: export_off: 8260 export_size: 44 rpaths: - - "@loader_path/../Frameworks" \ No newline at end of file + - "@loader_path/../Frameworks" +uuid: "5FB5950F-4025-3D4F-A8FB-9648C1740790" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out index cdf86f59d..c0c62c8d8 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out @@ -187,6 +187,7 @@ file: lazy_bind_size: 28 export_off: 8260 export_size: 60 + uuid: "0443555D-A992-3B9E-8BCE-5D9FC8BAC0E9" - magic: 0xcffaedfe cputype: 0x1000007 cpusubtype: 0x80000003 @@ -379,4 +380,5 @@ file: lazy_bind_off: 8224 lazy_bind_size: 32 export_off: 8256 - export_size: 64 \ No newline at end of file + export_size: 64 + uuid: "57199705-E3C0-352D-BBE8-3990B1A732B7" \ No newline at end of file diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index a304f7d96..39d569646 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -129,6 +129,7 @@ message File { optional DyldInfo dyld_info = 20; optional LinkedItData code_signature_data = 21; optional Certificates certificates = 22; + optional string uuid = 23; } message Macho { @@ -155,14 +156,15 @@ message Macho { repeated bytes rpaths = 20; repeated string entitlements = 21; optional Certificates certificates = 22; + optional string uuid = 23; // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 23 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 24; - repeated FatArch fat_arch = 25; + optional uint32 fat_magic = 24 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 25; + repeated FatArch fat_arch = 26; // Nested Mach-O files - repeated File file = 26; + repeated File file = 27; } enum HEADER { From 1273155008c68ac0bf97f051415f78358511412e Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Wed, 7 Feb 2024 18:20:45 -0700 Subject: [PATCH 10/14] feat: implement LC_BUILD_VERSION parsing for mach-o --- yara-x/src/modules/macho/parser.rs | 90 +++++++++++++++++++ ...18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 10 ++- .../modules/macho/tests/testdata/chess.out | 10 ++- ...d329a5bf085619bbde2c4146b0cc00ebad21c8.out | 10 ++- yara-x/src/modules/protos/macho.proto | 23 ++++- 5 files changed, 136 insertions(+), 7 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 1d07c3b62..02ed52217 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -59,6 +59,7 @@ const LC_DYLD_INFO_ONLY: u32 = 0x22 | LC_REQ_DYLD; const LC_DYLD_ENVIRONMENT: u32 = 0x00000027; const LC_MAIN: u32 = 0x28 | LC_REQ_DYLD; const LC_SOURCE_VERSION: u32 = 0x0000002a; +const LC_BUILD_VERSION: u32 = 0x00000032; /// Mach-O CPU types const CPU_TYPE_MC680X0: u32 = 0x00000006; @@ -263,6 +264,7 @@ impl<'a> MachO<'a> { entitlements: Vec::new(), certificates: None, uuid: None, + build_version: None, }; for _ in 0..macho.header.ncmds as usize { @@ -343,6 +345,7 @@ pub struct MachOFile<'a> { code_signature_data: Option, entitlements: Vec, certificates: Option, + build_version: Option, } impl<'a> MachOFile<'a> { @@ -495,6 +498,10 @@ impl<'a> MachOFile<'a> { let (_, uuid) = self.uuid_command()(command_data)?; self.uuid = Some(uuid); } + LC_BUILD_VERSION => { + let (_, bv) = self.build_version_command()(command_data)?; + self.build_version = Some(bv); + } _ => {} } @@ -930,6 +937,40 @@ impl<'a> MachOFile<'a> { } } + /// Parser that parses a LC_BUILD_VERSION command. + fn build_version_command( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], BuildVersionCommand> + '_ + { + move |input: &'a [u8]| { + let (mut remainder, (platform, minos, sdk, ntools)) = + tuple(( + u32(self.endianness), // platform, + u32(self.endianness), // minos, + u32(self.endianness), // sdk, + u32(self.endianness), // ntools, + ))(input)?; + + let mut tools = Vec::::new(); + + for _ in 0..ntools { + let (data, (tool, version)) = tuple(( + u32(self.endianness), // tool, + u32(self.endianness), // version, + ))(remainder)?; + + remainder = data; + + tools.push(BuildToolObject { tool, version }) + } + + Ok(( + &[], + BuildVersionCommand { platform, minos, sdk, ntools, tools }, + )) + } + } + fn x86_thread_state( &self, ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], u64> + '_ { @@ -1224,6 +1265,19 @@ struct DyldInfo { export_size: u32, } +struct BuildVersionCommand { + platform: u32, + minos: u32, + sdk: u32, + ntools: u32, + tools: Vec, +} + +struct BuildToolObject { + tool: u32, + version: u32, +} + /// Parser that reads a 32-bits or 64-bits fn uint( endianness: Endianness, @@ -1247,6 +1301,13 @@ fn convert_to_version_string(decimal_number: u32) -> String { format!("{}.{}.{}", major, minor, patch) } +/// Convert a decimal number representation to a build version string representation. +fn convert_to_build_tool_version(decimal_number: u32) -> String { + let a = decimal_number >> 16; + let b = (decimal_number >> 8) & 0xff; + format!("{}.{}", a, b) +} + /// Convert a decimal number representation to a source version string /// representation. fn convert_to_source_version_string(decimal_number: u64) -> String { @@ -1320,6 +1381,10 @@ impl From> for protos::macho::Macho { result.uuid = Some(uuid_str.clone()); } + if let Some(bv) = &m.build_version { + result.build_version = MessageField::some(bv.into()); + } + result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); result @@ -1393,6 +1458,10 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.uuid = Some(uuid_str.clone()); } + if let Some(bv) = &macho.build_version { + result.build_version = MessageField::some(bv.into()); + } + result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); @@ -1540,3 +1609,24 @@ impl From<&DyldInfo> for protos::macho::DyldInfo { result } } + +impl From<&BuildVersionCommand> for protos::macho::BuildVersion { + fn from(bv: &BuildVersionCommand) -> Self { + let mut result = protos::macho::BuildVersion::new(); + result.set_platform(bv.platform); + result.set_ntools(bv.ntools); + result.set_minos(convert_to_version_string(bv.minos)); + result.set_sdk(convert_to_version_string(bv.sdk)); + result.tools.extend(bv.tools.iter().map(|tool| tool.into())); + result + } +} + +impl From<&BuildToolObject> for protos::macho::BuildTool { + fn from(bt: &BuildToolObject) -> Self { + let mut result = protos::macho::BuildTool::new(); + result.set_tool(bt.tool); + result.set_version(convert_to_build_tool_version(bt.version)); + result + } +} diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index 172c23b2c..34690a0b4 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -373,4 +373,12 @@ file: code_signature_data: dataoff: 33120 datasize: 408 - uuid: "DDE8659B-7481-3A87-BF12-0DA778978AD8" \ No newline at end of file + uuid: "DDE8659B-7481-3A87-BF12-0DA778978AD8" + build_version: + platform: 1 + minos: "12.6.0" + sdk: "12.6.0" + ntools: 1 + tools: + - tool: 3 + version: "760.0" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/chess.out b/yara-x/src/modules/macho/tests/testdata/chess.out index 63351a991..58923b9c6 100644 --- a/yara-x/src/modules/macho/tests/testdata/chess.out +++ b/yara-x/src/modules/macho/tests/testdata/chess.out @@ -828,4 +828,12 @@ certificates: - "Software Signing" signer_names: - "CN=Apple Code Signing Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" -uuid: "18455A71-F835-3D0F-8F7C-215BF86BC7AF" \ No newline at end of file +uuid: "18455A71-F835-3D0F-8F7C-215BF86BC7AF" +build_version: + platform: 1 + minos: "10.15.0" + sdk: "10.15.6" + ntools: 1 + tools: + - tool: 3 + version: "556.4" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out index 674b623bb..156c0e6b9 100644 --- a/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out +++ b/yara-x/src/modules/macho/tests/testdata/edf47dd000b9fdf4519fb61c28d329a5bf085619bbde2c4146b0cc00ebad21c8.out @@ -725,4 +725,12 @@ rpaths: - "@executable_path/Frameworks" - "@executable_path/Frameworks" - "@loader_path/Frameworks" -uuid: "4C4C44DB-5555-3144-A11B-748AE9A63886" \ No newline at end of file +uuid: "4C4C44DB-5555-3144-A11B-748AE9A63886" +build_version: + platform: 2 + minos: "13.4.0" + sdk: "17.0.0" + ntools: 1 + tools: + - tool: 3 + version: "16.0" \ No newline at end of file diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index 39d569646..001633445 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -10,6 +10,19 @@ option (yara.module_options) = { rust_module: "macho" }; +message BuildVersion { + optional uint32 platform = 1; + optional string minos = 2; + optional string sdk = 3; + optional uint32 ntools = 4; + repeated BuildTool tools = 5; +} + +message BuildTool { + optional uint32 tool = 1; + optional string version = 2; +} + message LinkedItData { optional uint32 dataoff = 1; optional uint32 datasize = 2; @@ -130,6 +143,7 @@ message File { optional LinkedItData code_signature_data = 21; optional Certificates certificates = 22; optional string uuid = 23; + optional BuildVersion build_version = 24; } message Macho { @@ -157,14 +171,15 @@ message Macho { repeated string entitlements = 21; optional Certificates certificates = 22; optional string uuid = 23; + optional BuildVersion build_version = 24; // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 24 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 25; - repeated FatArch fat_arch = 26; + optional uint32 fat_magic = 25 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 26; + repeated FatArch fat_arch = 27; // Nested Mach-O files - repeated File file = 27; + repeated File file = 28; } enum HEADER { From 3ed6fac76a9c92651a2f96fa79504b07cc574519 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Thu, 8 Feb 2024 06:54:47 -0700 Subject: [PATCH 11/14] feat: implement LC_VERSION_MIN_* load command parsing for Mach-O --- yara-x/src/modules/macho/parser.rs | 52 +++++++++++++++++++ ...8bfaae4d21de61f776e2405324c498ef52b21b.out | 6 ++- ...a6dafb2bb8114803e8b26c0652ce4afccb94e1.out | 6 ++- ...18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 4 ++ .../testdata/macho_x86_64_dylib_file.out | 6 ++- .../macho/tests/testdata/macho_x86_file.out | 6 ++- .../macho/tests/testdata/tiny_universal.out | 10 +++- yara-x/src/modules/protos/macho.proto | 25 +++++++-- 8 files changed, 106 insertions(+), 9 deletions(-) diff --git a/yara-x/src/modules/macho/parser.rs b/yara-x/src/modules/macho/parser.rs index 02ed52217..12edeebb5 100644 --- a/yara-x/src/modules/macho/parser.rs +++ b/yara-x/src/modules/macho/parser.rs @@ -56,9 +56,13 @@ const LC_CODE_SIGNATURE: u32 = 0x0000001d; const LC_REEXPORT_DYLIB: u32 = 0x1f | LC_REQ_DYLD; const LC_DYLD_INFO: u32 = 0x00000022; const LC_DYLD_INFO_ONLY: u32 = 0x22 | LC_REQ_DYLD; +const LC_VERSION_MIN_MACOSX: u32 = 0x00000024; +const LC_VERSION_MIN_IPHONEOS: u32 = 0x00000025; const LC_DYLD_ENVIRONMENT: u32 = 0x00000027; const LC_MAIN: u32 = 0x28 | LC_REQ_DYLD; const LC_SOURCE_VERSION: u32 = 0x0000002a; +const LC_VERSION_MIN_TVOS: u32 = 0x0000002f; +const LC_VERSION_MIN_WATCHOS: u32 = 0x00000030; const LC_BUILD_VERSION: u32 = 0x00000032; /// Mach-O CPU types @@ -265,6 +269,7 @@ impl<'a> MachO<'a> { certificates: None, uuid: None, build_version: None, + min_version: None, }; for _ in 0..macho.header.ncmds as usize { @@ -346,6 +351,7 @@ pub struct MachOFile<'a> { entitlements: Vec, certificates: Option, build_version: Option, + min_version: Option, } impl<'a> MachOFile<'a> { @@ -502,6 +508,15 @@ impl<'a> MachOFile<'a> { let (_, bv) = self.build_version_command()(command_data)?; self.build_version = Some(bv); } + LC_VERSION_MIN_MACOSX + | LC_VERSION_MIN_IPHONEOS + | LC_VERSION_MIN_TVOS + | LC_VERSION_MIN_WATCHOS => { + let (_, mut mv) = + self.min_version_command()(command_data)?; + mv.device = command; + self.min_version = Some(mv); + } _ => {} } @@ -971,6 +986,19 @@ impl<'a> MachOFile<'a> { } } + fn min_version_command( + &self, + ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], MinVersion> + '_ { + move |input: &'a [u8]| { + let (input, (version, sdk)) = tuple(( + u32(self.endianness), // version + u32(self.endianness), // sdk, + ))(input)?; + + Ok((input, MinVersion { device: 0, version, sdk })) + } + } + fn x86_thread_state( &self, ) -> impl FnMut(&'a [u8]) -> IResult<&'a [u8], u64> + '_ { @@ -1278,6 +1306,12 @@ struct BuildToolObject { version: u32, } +struct MinVersion { + device: u32, + version: u32, + sdk: u32, +} + /// Parser that reads a 32-bits or 64-bits fn uint( endianness: Endianness, @@ -1385,6 +1419,10 @@ impl From> for protos::macho::Macho { result.build_version = MessageField::some(bv.into()); } + if let Some(mv) = &m.min_version { + result.min_version = MessageField::some(mv.into()); + } + result.segments.extend(m.segments.iter().map(|seg| seg.into())); result.dylibs.extend(m.dylibs.iter().map(|dylib| dylib.into())); result @@ -1462,6 +1500,10 @@ impl From<&MachOFile<'_>> for protos::macho::File { result.build_version = MessageField::some(bv.into()); } + if let Some(mv) = &macho.min_version { + result.min_version = MessageField::some(mv.into()); + } + result.segments.extend(macho.segments.iter().map(|seg| seg.into())); result.dylibs.extend(macho.dylibs.iter().map(|dylib| dylib.into())); result.rpaths.extend(macho.rpaths.iter().map(|rpath| rpath.to_vec())); @@ -1630,3 +1672,13 @@ impl From<&BuildToolObject> for protos::macho::BuildTool { result } } + +impl From<&MinVersion> for protos::macho::MinVersion { + fn from(mv: &MinVersion) -> Self { + let mut result = protos::macho::MinVersion::new(); + result.set_device(mv.device); + result.set_version(convert_to_version_string(mv.version)); + result.set_sdk(convert_to_version_string(mv.sdk)); + result + } +} diff --git a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index 91028c885..05b4f4f03 100644 --- a/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/yara-x/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -457,4 +457,8 @@ certificates: - "Developer ID Application: EFI Inc (82PCFB3NFC)" signer_names: - "CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" -uuid: "B23FC3D5-BDF8-3056-930A-C93E0F547B78" \ No newline at end of file +uuid: "B23FC3D5-BDF8-3056-930A-C93E0F547B78" +min_version: + device: 36 + version: "10.13.0" + sdk: "10.13.0" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out index f37434371..fcf83ba3e 100644 --- a/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out +++ b/yara-x/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out @@ -315,4 +315,8 @@ dylibs: timestamp: 2 # 1970-01-01 00:00:02 UTC compatibility_version: "1.0.0" current_version: "38.0.0" -uuid: "EF07AAD0-F2AB-34DF-940C-2965C1872F0C" \ No newline at end of file +uuid: "EF07AAD0-F2AB-34DF-940C-2965C1872F0C" +min_version: + device: 36 + version: "10.5.0" + sdk: "0.0.0" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index 34690a0b4..85a67adf0 100644 --- a/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/yara-x/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -234,6 +234,10 @@ file: export_off: 32872 export_size: 112 uuid: "58E31296-DF6F-3EA8-BA92-40781CECDA18" + min_version: + device: 36 + version: "10.6.0" + sdk: "12.6.0" - magic: 0xcffaedfe cputype: 0x100000c cpusubtype: 0x0 diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out index d88cdbe53..f3dfad607 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out @@ -106,4 +106,8 @@ dyld_info: lazy_bind_size: 0 export_off: 4096 export_size: 24 -uuid: "8C904612-6253-3FA1-B8D2-D5829848A8FC" \ No newline at end of file +uuid: "8C904612-6253-3FA1-B8D2-D5829848A8FC" +min_version: + device: 36 + version: "10.9.0" + sdk: "10.10.0" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out index 1b0a212ff..c7e6160b6 100644 --- a/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out +++ b/yara-x/src/modules/macho/tests/testdata/macho_x86_file.out @@ -166,4 +166,8 @@ dyld_info: export_size: 44 rpaths: - "@loader_path/../Frameworks" -uuid: "5FB5950F-4025-3D4F-A8FB-9648C1740790" \ No newline at end of file +uuid: "5FB5950F-4025-3D4F-A8FB-9648C1740790" +min_version: + device: 36 + version: "10.9.0" + sdk: "10.10.0" \ No newline at end of file diff --git a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out index c0c62c8d8..0a3f82f1e 100644 --- a/yara-x/src/modules/macho/tests/testdata/tiny_universal.out +++ b/yara-x/src/modules/macho/tests/testdata/tiny_universal.out @@ -188,6 +188,10 @@ file: export_off: 8260 export_size: 60 uuid: "0443555D-A992-3B9E-8BCE-5D9FC8BAC0E9" + min_version: + device: 36 + version: "10.9.0" + sdk: "10.10.0" - magic: 0xcffaedfe cputype: 0x1000007 cpusubtype: 0x80000003 @@ -381,4 +385,8 @@ file: lazy_bind_size: 32 export_off: 8256 export_size: 64 - uuid: "57199705-E3C0-352D-BBE8-3990B1A732B7" \ No newline at end of file + uuid: "57199705-E3C0-352D-BBE8-3990B1A732B7" + min_version: + device: 36 + version: "10.9.0" + sdk: "10.10.0" \ No newline at end of file diff --git a/yara-x/src/modules/protos/macho.proto b/yara-x/src/modules/protos/macho.proto index 001633445..151a55d5e 100644 --- a/yara-x/src/modules/protos/macho.proto +++ b/yara-x/src/modules/protos/macho.proto @@ -10,6 +10,12 @@ option (yara.module_options) = { rust_module: "macho" }; +message MinVersion { + optional uint32 device = 1; + optional string version = 2; + optional string sdk = 3; +} + message BuildVersion { optional uint32 platform = 1; optional string minos = 2; @@ -144,6 +150,7 @@ message File { optional Certificates certificates = 22; optional string uuid = 23; optional BuildVersion build_version = 24; + optional MinVersion min_version = 25; } message Macho { @@ -172,14 +179,16 @@ message Macho { optional Certificates certificates = 22; optional string uuid = 23; optional BuildVersion build_version = 24; + optional MinVersion min_version = 25; + // Add fields for Mach-O fat binary header - optional uint32 fat_magic = 25 [(yaml.field).fmt = "x"]; - optional uint32 nfat_arch = 26; - repeated FatArch fat_arch = 27; + optional uint32 fat_magic = 26 [(yaml.field).fmt = "x"]; + optional uint32 nfat_arch = 27; + repeated FatArch fat_arch = 28; // Nested Mach-O files - repeated File file = 28; + repeated File file = 29; } enum HEADER { @@ -411,3 +420,11 @@ enum SECTION_ATTRIBUTES { S_ATTR_EXT_RELOC = 0x00000200; S_ATTR_LOC_RELOC = 0x00000100; } + +enum DEVICE_TYPE { + option (yara.enum_options).inline = true; + MACOSX = 0x00000024; + IPHONEOS = 0x00000025; + TVOS = 0x0000002f; + WATCHOS = 0x00000030; +} \ No newline at end of file From fd91b16efe973d135b27606d3fd0bbbac3ab9d93 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Fri, 9 Feb 2024 20:40:55 -0700 Subject: [PATCH 12/14] feat: implement entitlement_present function for Mach-O --- lib/src/modules/macho/mod.rs | 36 +++++++++++++++++++++++++++++ lib/src/modules/macho/tests/mod.rs | 37 ++++++++++++++++++++++++++++++ lib/src/wasm/builder.rs | 22 +++++++++--------- 3 files changed, 84 insertions(+), 11 deletions(-) diff --git a/lib/src/modules/macho/mod.rs b/lib/src/modules/macho/mod.rs index 03a20a5c7..e56f844a9 100644 --- a/lib/src/modules/macho/mod.rs +++ b/lib/src/modules/macho/mod.rs @@ -182,6 +182,42 @@ fn ep_for_arch_subtype( None } +/// The function for checking if any dylib name present in the main Mach-O or embedded Mach-O files +/// contain a dylib with the desired name +/// +/// # Arguments +/// +/// * `ctx`: A mutable reference to the scanning context. +/// * `dylib_name`: The name of the dylib to check if present +/// +/// # Returns +/// +/// An `Option` containing if the name is found +#[module_export(name = "entitlement_present")] +fn entitlements_present( + ctx: &ScanContext, + entitlement: RuntimeString, +) -> Option { + let macho = ctx.module_output::()?; + let expected = entitlement.as_bstr(ctx); + + for entitlement in macho.entitlements.iter() { + if expected.eq_ignore_ascii_case(entitlement.as_bytes()) { + return Some(true); + } + } + + for file in macho.file.iter() { + for entitlement in file.entitlements.iter() { + if expected.eq_ignore_ascii_case(entitlement.as_bytes()) { + return Some(true); + } + } + } + + Some(false) +} + /// The function for checking if any dylib name present in the main Mach-O or /// embedded Mach-O files contain a dylib with the desired name /// diff --git a/lib/src/modules/macho/tests/mod.rs b/lib/src/modules/macho/tests/mod.rs index 28f028eeb..fc87383ce 100644 --- a/lib/src/modules/macho/tests/mod.rs +++ b/lib/src/modules/macho/tests/mod.rs @@ -15,6 +15,10 @@ fn test_macho_module() { "src/modules/macho/tests/testdata/macho_x86_file.in.zip", ); + let chess_macho_data = create_binary_from_zipped_ihex( + "src/modules/macho/tests/testdata/chess.in.zip", + ); + rule_true!( r#" import "macho" @@ -274,4 +278,37 @@ fn test_macho_module() { "#, &x86_macho_data ); + + rule_true!( + r#" + import "macho" + rule macho_test { + condition: + macho.entitlement_present("com.apple.security.network.client") + } + "#, + &chess_macho_data + ); + + rule_true!( + r#" + import "macho" + rule macho_test { + condition: + macho.entitlement_present("COM.ApplE.security.NetWoRK.client") + } + "#, + &chess_macho_data + ); + + rule_false!( + r#" + import "macho" + rule macho_test { + condition: + macho.entitlement_present("made-up-entitlement") + } + "#, + &chess_macho_data + ); } diff --git a/lib/src/wasm/builder.rs b/lib/src/wasm/builder.rs index e14f008b2..845fe5e08 100644 --- a/lib/src/wasm/builder.rs +++ b/lib/src/wasm/builder.rs @@ -470,38 +470,38 @@ mod tests { assert_eq!( text, r#"(module - (func (;163;) (type 1) (result i32) + (func (;164;) (type 1) (result i32) i32.const 0 global.set 2 i32.const 0 global.set 3 - call 164 call 165 + call 166 global.get 3 ) - (func (;164;) (type 0) - block ;; label = @1 - call 166 - end + (func (;165;) (type 0) block ;; label = @1 call 167 end - ) - (func (;165;) (type 0) block ;; label = @1 call 168 end ) (func (;166;) (type 0) - i32.const 4 + block ;; label = @1 + call 169 + end ) (func (;167;) (type 0) - i32.const 5 + i32.const 4 ) (func (;168;) (type 0) + i32.const 5 + ) + (func (;169;) (type 0) i32.const 6 ) - (export "main" (func 163)) + (export "main" (func 164)) )"# ); } From 506bcf5eb7f86775884b9c634f38349f43380337 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Wed, 14 Feb 2024 18:07:42 -0700 Subject: [PATCH 13/14] fix: mach-o deps and comments --- Cargo.lock | 15 +++++++++------ Cargo.toml | 2 ++ lib/Cargo.toml | 6 ++++-- lib/src/modules/macho/mod.rs | 36 ++++++------------------------------ 4 files changed, 21 insertions(+), 38 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 385f3a3ec..49539125b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1589,7 +1589,7 @@ dependencies = [ "futures-sink", "futures-util", "http", - "indexmap 2.1.0", + "indexmap 2.2.2", "slab", "tokio", "tokio-util", @@ -2439,7 +2439,7 @@ version = "1.16.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4161fcb6d602d4d2081af7c3a45852d875a03dd337a6bfdd6e06407b61342a43" dependencies = [ - "hermit-abi", + "hermit-abi 0.3.4", "libc", ] @@ -2587,7 +2587,7 @@ version = "3.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b8fcc794035347fb64beda2d3b462595dd2753e3f268d89c5aae77e8cf2c310" dependencies = [ - "base64 0.21.5", + "base64 0.21.7", "serde", ] @@ -2994,6 +2994,9 @@ name = "rand_core" version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] [[package]] name = "rayon" @@ -3110,7 +3113,7 @@ version = "0.11.24" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c6920094eb85afde5e4a138be3f2de8bbdf28000f0029e72c45025a56b042251" dependencies = [ - "base64 0.21.5", + "base64 0.21.7", "bytes", "encoding_rs", "futures-core", @@ -3217,7 +3220,7 @@ version = "1.0.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1c74cae0a4cf6ccbbf5f359f08efdf8ee7e1dc532573bf0db71968cb56b1448c" dependencies = [ - "base64 0.21.5", + "base64 0.21.7", ] [[package]] @@ -5201,7 +5204,7 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.43", + "syn 2.0.48", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index 1ca76aa3c..e5016ae02 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -42,6 +42,7 @@ bstr = "1.8.0" clap = "4.4.8" crc32fast = "1.3.2" criterion = "0.5.1" +cryptographic-message-syntax = "0.26.0" enable-ansi-support = "0.2.1" env_logger = "0.11.1" fmmap = "0.3.2" @@ -74,6 +75,7 @@ protobuf-json-mapping = "3.3.0" protobuf-parse = "3.3.0" regex-syntax = { git = "https://github.com/plusvic/regex.git", rev="423493d" } regex-automata = { git = "https://github.com/plusvic/regex.git", rev="423493d" } +roxmltree = "0.19.0" rustc-hash = "1.1.0" smallvec = "1.10.0" serde = "1.0" diff --git a/lib/Cargo.toml b/lib/Cargo.toml index cfc2177b4..67ab03678 100644 --- a/lib/Cargo.toml +++ b/lib/Cargo.toml @@ -93,6 +93,8 @@ lnk-module = [ # The `macho` module parses Mach-O files. macho-module = [ "dep:nom", + "dep:cryptographic-message-syntax", + "dep:roxmltree", ] # The `math` module. @@ -155,6 +157,7 @@ bitmask = { workspace = true } bitvec = { workspace = true } bstr = { workspace = true, features=["serde"] } crc32fast = { workspace = true, optional = true } +cryptographic-message-syntax = { workspace = true, optional = true } fmmap = { workspace = true } indexmap = { workspace = true, features=["serde"] } intaglio = { workspace = true } @@ -174,6 +177,7 @@ protobuf = { workspace = true } rustc-hash = { workspace = true } regex-syntax = { workspace = true } regex-automata = { workspace = true } +roxmltree = { workspace = true, optional = true } smallvec = { workspace = true, features=["serde"] } serde = { workspace = true, features=["rc"] } serde_json = { workspace = true } @@ -188,8 +192,6 @@ yara-x-parser = { workspace = true } yara-x-proto = { workspace = true } lingua = { version = "1.6.0", optional = true, default-features = false, features = ["english", "german", "french", "spanish"] } -roxmltree = "0.19.0" -cryptographic-message-syntax = "0.26.0" [build-dependencies] protobuf = { workspace = true } diff --git a/lib/src/modules/macho/mod.rs b/lib/src/modules/macho/mod.rs index e56f844a9..9e5ab0516 100644 --- a/lib/src/modules/macho/mod.rs +++ b/lib/src/modules/macho/mod.rs @@ -182,17 +182,9 @@ fn ep_for_arch_subtype( None } -/// The function for checking if any dylib name present in the main Mach-O or embedded Mach-O files -/// contain a dylib with the desired name +/// Returns true if the Mach-O parsed entitlements contain `entitlement` /// -/// # Arguments -/// -/// * `ctx`: A mutable reference to the scanning context. -/// * `dylib_name`: The name of the dylib to check if present -/// -/// # Returns -/// -/// An `Option` containing if the name is found +/// `entitlement` is case-insensitive. #[module_export(name = "entitlement_present")] fn entitlements_present( ctx: &ScanContext, @@ -218,17 +210,9 @@ fn entitlements_present( Some(false) } -/// The function for checking if any dylib name present in the main Mach-O or -/// embedded Mach-O files contain a dylib with the desired name -/// -/// # Arguments -/// -/// * `ctx`: A mutable reference to the scanning context. -/// * `dylib_name`: The name of the dylib to check if present -/// -/// # Returns +/// Returns true if the Mach-O parsed dylibs contain `dylib_name` /// -/// An `Option` containing if the name is found +/// `dylib_name` is case-insensitive. #[module_export(name = "dylib_present")] fn dylibs_present( ctx: &ScanContext, @@ -258,17 +242,9 @@ fn dylibs_present( Some(false) } -/// The function for checking if any rpath present in the main Mach-O or -/// embedded Mach-O files contain a rpath with the desired path -/// -/// # Arguments -/// -/// * `ctx`: A mutable reference to the scanning context. -/// * `rpath`: The name of the dylib to check if present -/// -/// # Returns +/// Returns true if the Mach-O parsed rpaths contain `rpath` /// -/// An `Option` containing if the path is found +/// `rpath` is case-insensitive. #[module_export(name = "rpath_present")] fn rpaths_present(ctx: &ScanContext, rpath: RuntimeString) -> Option { let macho = ctx.module_output::()?; From 81be3c1a0ea1c082cdf17f41ee6b5e4171bdd474 Mon Sep 17 00:00:00 2001 From: Jacob Latonis Date: Thu, 15 Feb 2024 08:44:24 -0700 Subject: [PATCH 14/14] fix: use device_type enum --- lib/src/modules/macho/parser.rs | 7 ++++++- ...5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out | 2 +- ...e14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out | 2 +- ...5143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out | 2 +- .../macho/tests/testdata/macho_x86_64_dylib_file.out | 2 +- lib/src/modules/macho/tests/testdata/macho_x86_file.out | 2 +- lib/src/modules/macho/tests/testdata/tiny_universal.out | 4 ++-- lib/src/modules/protos/macho.proto | 2 +- 8 files changed, 14 insertions(+), 9 deletions(-) diff --git a/lib/src/modules/macho/parser.rs b/lib/src/modules/macho/parser.rs index 12edeebb5..f222774b5 100644 --- a/lib/src/modules/macho/parser.rs +++ b/lib/src/modules/macho/parser.rs @@ -1676,7 +1676,12 @@ impl From<&BuildToolObject> for protos::macho::BuildTool { impl From<&MinVersion> for protos::macho::MinVersion { fn from(mv: &MinVersion) -> Self { let mut result = protos::macho::MinVersion::new(); - result.set_device(mv.device); + + result.set_device( + protobuf::EnumOrUnknown::::from_i32( + mv.device as i32, + ).unwrap(), + ); result.set_version(convert_to_version_string(mv.version)); result.set_sdk(convert_to_version_string(mv.sdk)); result diff --git a/lib/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out b/lib/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out index 05b4f4f03..87e46e880 100644 --- a/lib/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out +++ b/lib/src/modules/macho/tests/testdata/01ac68a14f0ff5faa72bb33e768bfaae4d21de61f776e2405324c498ef52b21b.out @@ -459,6 +459,6 @@ certificates: - "CN=Developer ID Certification Authority, OU=Apple Certification Authority, O=Apple Inc., C=US" uuid: "B23FC3D5-BDF8-3056-930A-C93E0F547B78" min_version: - device: 36 + device: MACOSX version: "10.13.0" sdk: "10.13.0" \ No newline at end of file diff --git a/lib/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out b/lib/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out index fcf83ba3e..c805545cd 100644 --- a/lib/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out +++ b/lib/src/modules/macho/tests/testdata/3d27411e4465ae14ab2d02e1f2a6dafb2bb8114803e8b26c0652ce4afccb94e1.out @@ -317,6 +317,6 @@ dylibs: current_version: "38.0.0" uuid: "EF07AAD0-F2AB-34DF-940C-2965C1872F0C" min_version: - device: 36 + device: MACOSX version: "10.5.0" sdk: "0.0.0" \ No newline at end of file diff --git a/lib/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out b/lib/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out index 85a67adf0..5409f6215 100644 --- a/lib/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out +++ b/lib/src/modules/macho/tests/testdata/a1da3d22c5ec85143faf5f69fb18d79cb0e7394c7b5065f74b7ce8c52ace75f1.out @@ -235,7 +235,7 @@ file: export_size: 112 uuid: "58E31296-DF6F-3EA8-BA92-40781CECDA18" min_version: - device: 36 + device: MACOSX version: "10.6.0" sdk: "12.6.0" - magic: 0xcffaedfe diff --git a/lib/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out b/lib/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out index f3dfad607..3ba616be1 100644 --- a/lib/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out +++ b/lib/src/modules/macho/tests/testdata/macho_x86_64_dylib_file.out @@ -108,6 +108,6 @@ dyld_info: export_size: 24 uuid: "8C904612-6253-3FA1-B8D2-D5829848A8FC" min_version: - device: 36 + device: MACOSX version: "10.9.0" sdk: "10.10.0" \ No newline at end of file diff --git a/lib/src/modules/macho/tests/testdata/macho_x86_file.out b/lib/src/modules/macho/tests/testdata/macho_x86_file.out index c7e6160b6..48aebe4d3 100644 --- a/lib/src/modules/macho/tests/testdata/macho_x86_file.out +++ b/lib/src/modules/macho/tests/testdata/macho_x86_file.out @@ -168,6 +168,6 @@ rpaths: - "@loader_path/../Frameworks" uuid: "5FB5950F-4025-3D4F-A8FB-9648C1740790" min_version: - device: 36 + device: MACOSX version: "10.9.0" sdk: "10.10.0" \ No newline at end of file diff --git a/lib/src/modules/macho/tests/testdata/tiny_universal.out b/lib/src/modules/macho/tests/testdata/tiny_universal.out index 0a3f82f1e..8c6dff5d1 100644 --- a/lib/src/modules/macho/tests/testdata/tiny_universal.out +++ b/lib/src/modules/macho/tests/testdata/tiny_universal.out @@ -189,7 +189,7 @@ file: export_size: 60 uuid: "0443555D-A992-3B9E-8BCE-5D9FC8BAC0E9" min_version: - device: 36 + device: MACOSX version: "10.9.0" sdk: "10.10.0" - magic: 0xcffaedfe @@ -387,6 +387,6 @@ file: export_size: 64 uuid: "57199705-E3C0-352D-BBE8-3990B1A732B7" min_version: - device: 36 + device: MACOSX version: "10.9.0" sdk: "10.10.0" \ No newline at end of file diff --git a/lib/src/modules/protos/macho.proto b/lib/src/modules/protos/macho.proto index 151a55d5e..362347a19 100644 --- a/lib/src/modules/protos/macho.proto +++ b/lib/src/modules/protos/macho.proto @@ -11,7 +11,7 @@ option (yara.module_options) = { }; message MinVersion { - optional uint32 device = 1; + optional DEVICE_TYPE device = 1; optional string version = 2; optional string sdk = 3; }